Home Home > GIT Browse
summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-07-11Bump up the version number in spec fileSLE15_Update_1Nicolai Stange
Signed-off-by: Nicolai Stange <nstange@suse.de>
2019-07-10Merge branch 'bsc#1137597_15.0u1-3' into SLE15_Update_1Nicolai Stange
2019-07-10Fix regression bsc#1140747 ("applications tcp socket get stuck")Nicolai Stange
The fix for CVE-2019-11478 ("SACK Slowness / extensive resource usage") can cause TCP connection stalls for applications having setup very low SO_SNDBUF values. Fix this by applying stable-4.4.y commit 46c7b5d6f2a5 ("tcp: refine memory limit test in tcp_fragment()") to the live patch mitigating this CVE. Fixes: 3227b46fd52a ('Fix for CVE-2019-11477 and CVE-2019-11478 ("multiple remote denial of service issues (SACK Panic)")') References: bsc#1140747 bsc#1137597 CVE-2019-11478 Signed-off-by: Nicolai Stange <nstange@suse.de>
2019-07-09bsc#1137597: fill in upstream commit idsNicolai Stange
At the time the live patch for CVE-2019-11477 and CVE-2019-11478 ("multiple remote denial of service issues (SACK Panic)") was being prepared, the issue had been under embargo and no upstream commits published. Add their ids to the live patch's file header comment. References: bsc#1137597 CVE-2019-11477 CVE-2019-11478 Signed-off-by: Nicolai Stange <nstange@suse.de>
2019-06-30Merge branch 'bsc#1136446_15.0u0-10' into SLE15_Update_1Nicolai Stange
2019-06-18bsc#1136446: get rid of unwanted dependency on cfg80211.koNicolai Stange
The fix for bsc#1136446, CVE-2019-3846 ("Heap Overflow in mwifiex_update_bss_desc_with_ie function of Marvell Wifi Driver in Linux kernel") introduced a dependency on cfg80211.ko from the live patch module by mistake. It isn't a serious problem, but not really nice either. Fix it up. Fixes: f7c197c9011b ('Fix for CVE-2019-3846 ("Heap Overflow in mwifiex_update_bss_desc_with_ie function of Marvell Wifi Driver in Linux kernel")') References: bsc#1136446 Signed-off-by: Nicolai Stange <nstange@suse.de>
2019-06-18Bump up the version number in spec fileMiroslav Benes
Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2019-06-17Merge branch 'bsc#1137597_15.0u1-3' into SLE15_Update_1Nicolai Stange
2019-06-17Merge branch 'bsc#1136446_15.0u0-10' into SLE15_Update_1Nicolai Stange
2019-06-17Merge branch 'bsc#1133191_15.0u1-2' into SLE15_Update_1Nicolai Stange
2019-06-17Merge branch 'bsc#1135280_15.0u0-3' into SLE15_Update_1Nicolai Stange
2019-06-16Fix for CVE-2019-11477 and CVE-2019-11478 ("multiple remote denial of ↵Nicolai Stange
service issues (SACK Panic)") Live patch for CVE-2019-11477 and CVE-2019-11478. No upstream commits yet. KLP: CVE-2019-11477 CVE-2019-11478 References: bsc#1137597 CVE-2019-11477 CVE-2019-11478 Signed-off-by: Nicolai Stange <nstange@suse.de>
2019-06-16Fix for CVE-2019-3846 ("Heap Overflow in mwifiex_update_bss_desc_with_ie ↵Nicolai Stange
function of Marvell Wifi Driver in Linux kernel") Live patch for CVE-2019-3846 as well as the related heap overflow handled in bsc#1136935 which hasn't got a unique CVE number assigned yet. Upstream commits 13ec7f10b87f ("mwifiex: Fix possible buffer overflows at parsing bss descriptor") 685c9b7750bf ("mwifiex: Abort at too short BSS descriptor element") 69ae4f6aac15 ("mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()") KLP: CVE-2019-3846 References: bsc#1136446 bsc#1136935 CVE-2019-3846 Signed-off-by: Nicolai Stange <nstange@suse.de>
2019-06-16Fix for CVE-2019-11085 ("insufficient input validation in kernel mode driver ↵Nicolai Stange
in Intel i915 graphics leads to privilege escalation") Live patch for CVE-2019-11085. Upstream commit 51b00d8509dc ("drm/i915/gvt: Fix mmap range check"). KLP: CVE-2019-11085 References: bsc#1135280 CVE-2019-11085 Signed-off-by: Nicolai Stange <nstange@suse.de>
2019-06-16Fix for CVE-2019-11487 ("The Linux kernel [...] allows page->_refcount ↵Nicolai Stange
reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists") Live patch for CVE-2019-11487. Upstream commits f958d7b528 ("mm: make page ref count overflow check tighter and more explicit") 88b1a17dfc ("mm: add 'try_get_page()' helper function") 8fde12ca79 ("mm: prevent get_user_pages() from overflowing page refcount") 15fab63e1e ("fs: prevent page refcount overflow in pipe_buf_get") KLP: CVE-2019-11487 References: bsc#1133191 CVE-2019-11487 Signed-off-by: Nicolai Stange <nstange@suse.de>
2019-05-24Bump up the version number in spec fileMiroslav Benes
Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2019-04-09Merge branch 'bsc#1131390_15.0u0-1' into SLE15_Update_1Nicolai Stange
2019-04-09Fix for CVE-2018-14734 ("drivers/infiniband/core/ucma.c in the Linux kernel ↵Nicolai Stange
through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join") Live patch for CVE-2018-14734. Upstream commit cb2595c1393b ("infiniband: fix a possible use-after-free bug"). KLP: CVE-2018-14734 References: bsc#1131390 CVE-2018-14734 Signed-off-by: Nicolai Stange <nstange@suse.de>
2019-03-12Bump up the version number in spec fileMiroslav Benes
Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2019-03-11Merge branch 'bsc#1128378_15.0u0-8' into SLE15_Update_1Nicolai Stange
2019-03-08Fix for CVE-2019-9213 ("mm: enforce min addr even if capable() in ↵Nicolai Stange
expand_downwards()") Live patch for CVE-2019-9213. Upstream commit 0a1d52994d44 ("mm: enforce min addr even if capable() in expand_downwards()"). KLP: CVE-2019-9213 References: bsc#1128378 CVE-2019-9213 Signed-off-by: Nicolai Stange <nstange@suse.de>
2019-03-07Merge branch 'master-livepatch' into SLE15_Update_1Miroslav Benes
2019-03-07livepatch_main.c: Adaptation to a new livepatch APIMiroslav Benes
The atomic replace patch set among others removed the two-stage API. There is no (un)registration step needed now. SLES backport defines KLP_NOREG_API macro to easily distinguish whether the kernel provides the old or the new API. Use it and change the module init and exit functions accordingly. Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2019-03-07Merge branch 'bsc#1126284_15.0u0-8' into SLE15_Update_1Nicolai Stange
2019-03-07Merge branch 'bsc#1127757_15.0u0-1' into SLE15_Update_1Nicolai Stange
2019-03-06Fix for CVE-2019-8912 ("af_alg_release() in crypto/af_alg.c neglects to set ↵Nicolai Stange
a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr") Live patch for CVE-2019-8912. Upstream commit 9060cb719e61 ("net: crypto set sk to NULL when af_alg_release."). KLP: CVE-2019-8912 References: bsc#1126284 CVE-2019-8912 Signed-off-by: Nicolai Stange <nstange@suse.de>
2019-03-06Fix for CVE-2018-12232 ("NULL pointer dereference if close and fchownat ↵Nicolai Stange
system calls share a socket file descriptor") Live patch for CVE-2018-12232. Upstream commit 6d8c50dcb029 ("socket: close race condition between sock_close() and sockfs_setattr()"). KLP: CVE-2018-12232 References: bsc#1127757 CVE-2018-12232 Signed-off-by: Nicolai Stange <nstange@suse.de>
2019-03-06Merge branch 'bsc#1124734_15.0u0-2' into SLE15_Update_1Nicolai Stange
2019-03-06Fix for CVE-2019-7221 ("KVM: nVMX: use-after-free of the hrtimer for ↵Nicolai Stange
emulation of the preemption timer") Live patch for CVE-2019-7221. Upstream commit ecec76885bcf ("KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)"). KLP: CVE-2019-7221 References: bsc#1124734 CVE-2019-7221 Signed-off-by: Nicolai Stange <nstange@suse.de>
2019-03-06Merge branch 'bsc#1124729_15.0u0-8' into SLE15_Update_1Nicolai Stange
2019-02-13Fix for CVE-2019-6974 ("KVM: potential use-after-free via ↵Nicolai Stange
kvm_ioctl_create_device()") Live patch for CVE-2019-6974. Upstream commit cfa39381173d ("kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)"). KLP: CVE-2019-6974 References: bsc#1124729 CVE-2019-6974 Signed-off-by: Nicolai Stange <nstange@suse.de>
2019-02-13uname_patch: Use klp-convert macros and rely on klp-convert whereMiroslav Benes
possible Signed-off-by: Miroslav Benes <mbenes@suse.cz> Reviewed-by: Nicolai Stange <nstange@suse.de>
2019-02-13Define macros to switch easily between klp-convert and kallsymsMiroslav Benes
Kallsyms trick does not have to be used for resolving undefined symbols when klp-convert is available. It would be great though to share live patches sources between both modes of operation. Define macros to help with the task. Their definitions depend on whether USE_KLP_CONVERT macro is defined. tar-up.sh script is responsible to decide. Signed-off-by: Miroslav Benes <mbenes@suse.cz> Reviewed-by: Nicolai Stange <nstange@suse.de>
2019-02-13Use klp-convert where providedMiroslav Benes
klp-convert tool converts undefined symbols in a live patch kernel module to special relocation records which are resolved by the kernel. It allows to omit kallsyms tricks. Wire it to the spec file and let tar-up.sh script decide if it is to be used depending on a codestream. SLE15-SP1 is supported currently. Signed-off-by: Miroslav Benes <mbenes@suse.cz> Reviewed-by: Nicolai Stange <nstange@suse.de>
2019-01-29Bump up the version number in spec fileMiroslav Benes
Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2019-01-18Merge branch 'bsc#1119947_15' into SLE15_Update_1Miroslav Benes
2019-01-17Fix for CVE-2018-16884 ("nfs4: use-after-free in svc_process_common()")Nicolai Stange
Live patch for CVE-2018-16884. Upstream commits b8be5674fa9a ("sunrpc: use SVC_NET() in svcauth_gss_* functions") and d4b09acf924b ("sunrpc: use-after-free in svc_process_common()"). KLP: CVE-2018-16884 References: bsc#1119947 CVE-2018-16884 Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2018-12-11Merge branch 'master' into master-livepatchMiroslav Benes
2018-12-11uname_patch: don't hold uts_sem while accessing userspace memoryHEADmasterMiroslav Benes
Backport upstream patch 42a0cc347858 ("sys: don't hold uts_sem while accessing userspace memory"). Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2018-11-01Bump up the version number in spec fileMiroslav Benes
Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2018-11-01Merge branch 'bsc#1103098_15' into SLE15_Update_1Miroslav Benes
2018-10-31Fix for CVE-2018-5391 ("FragmentSmack (IP fragments)")Nicolai Stange
Live patch for CVE-2018-5391. Upstream commits 56e2c94f055d ("inet: frag: enforce memory limits earlier") 4672694bd4f1 ("ipv4: frags: handle possible skb truesize change") 0ed4229b08c1 ("ipv6: defrag: drop non-last frags smaller than min mtu") 7969e5c40dfd ("ip: discard IPv4 datagrams with overlapping segments") 385114dec8a4 ("net: modify skb_rbtree_purge to return the truesize of all purged skbs.") fa0f527358bd ("ip: use rb trees for IP frag queue.") 70837ffe3085 ("ipv4: frags: precedence bug in ip_expire()") KLP: CVE-2018-5391 References: bsc#1103098 CVE-2018-5391 Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2018-10-05Bump up the version number in spec fileMiroslav Benes
Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2018-10-05Merge branch 'bsc#1110233_15' into SLE15_Update_1Miroslav Benes
2018-10-05Merge branch 'bsc#1107832_15' into SLE15_Update_1Miroslav Benes
2018-10-04Fix for CVE-2018-17182 ("fix vmacache counter flushing")Nicolai Stange
Live patch for CVE-2018-17182. Upstream commit 7a9cdebdcc17 ("mm: get rid of vmacache_flush_all() entirely"). KLP: CVE-2018-17182 References: bsc#1110233 CVE-2018-17182 Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2018-09-25Fix for CVE-2018-14633 ("security flaw in iscsi target code")Nicolai Stange
Live patch for CVE-2018-14633. No upstream commit yet. KLP: CVE-2018-14633 References: bsc#1107832 CVE-2018-14633 Signed-off-by: Nicolai Stange <nstange@suse.de> Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2018-09-12Bump up the version number in spec fileMiroslav Benes
Signed-off-by: Miroslav Benes <mbenes@suse.cz>
2018-09-12Merge branch 'bsc#1106191_15' into SLE15_Update_1Miroslav Benes
2018-09-12Merge branch 'bsc#1105323_15' into SLE15_Update_1Miroslav Benes