[packages/kernel/LINUX_4_9] - up to 4.9.176; workaround zombieload intel cpu vulnerability: https://www.kernel.org/doc/html/late
arekm
arekm at pld-linux.org
Wed May 15 06:44:55 CEST 2019
commit 325b8c0a234610c62f5ce296e800bed6e763a988
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Wed May 15 06:44:46 2019 +0200
- up to 4.9.176; workaround zombieload intel cpu vulnerability: https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html
kernel-vserver-2.3.patch | 9 +++++----
kernel.spec | 4 ++--
2 files changed, 7 insertions(+), 6 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index ac283801..427abd5b 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -73,7 +73,7 @@
%define rel 1
%define basever 4.9
-%define postver .174
+%define postver .176
# define this to '-%{basever}' for longterm branch
%define versuffix -%{basever}
@@ -125,7 +125,7 @@ Source0: https://www.kernel.org/pub/linux/kernel/v4.x/linux-%{basever}.tar.xz
# Source0-md5: 0a68ef3615c64bd5ee54a3320e46667d
%if "%{postver}" != ".0"
Patch0: https://www.kernel.org/pub/linux/kernel/v4.x/patch-%{version}.xz
-# Patch0-md5: 275268f5ec9a8b055e975ae881752491
+# Patch0-md5: b287fed45c4a5ff4f26eb87a0eba7c85
%endif
Source1: kernel.sysconfig
diff --git a/kernel-vserver-2.3.patch b/kernel-vserver-2.3.patch
index e2db62d5..b7986689 100644
--- a/kernel-vserver-2.3.patch
+++ b/kernel-vserver-2.3.patch
@@ -13568,14 +13568,15 @@ diff -NurpP --minimal linux-4.9.135/kernel/ptrace.c linux-4.9.135-vs2.3.9.8/kern
#include <linux/hw_breakpoint.h>
#include <linux/cn_proc.h>
#include <linux/compat.h>
-@@ -325,6 +326,11 @@ ok:
- !ptrace_has_cap(mm->user_ns, mode)))
- return -EPERM;
+@@ -331,6 +331,12 @@ ok:
+ if (mode & PTRACE_MODE_SCHED)
+ return 0;
++
+ if (!vx_check(task->xid, VS_ADMIN_P|VS_WATCH_P|VS_IDENT))
+ return -EPERM;
+ if (!vx_check(task->xid, VS_IDENT) &&
-+ !task_vx_flags(task, VXF_STATE_ADMIN, 0))
++ !task_vx_flags(task, VXF_STATE_ADMIN, 0))
+ return -EACCES;
return security_ptrace_access_check(task, mode);
}
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/kernel.git/commitdiff/325b8c0a234610c62f5ce296e800bed6e763a988
More information about the pld-cvs-commit
mailing list