Commit Graph

2223 Commits

Author SHA1 Message Date
John Ericson
f037625f87 Merge remote-tracking branch 'upstream/staging' into deps-reorg 2017-09-28 12:32:57 -04:00
Tim Steinbach
ab3ff4af9f
linux: 4.13.3 -> 4.13.4 2017-09-27 13:08:21 -04:00
Tim Steinbach
2ca84cfa29
linux: 4.9.51 -> 4.9.52 2017-09-27 13:03:27 -04:00
Tim Steinbach
964672dde5
linux: Remove 4.12 (EOL) 2017-09-27 13:03:06 -04:00
Tim Steinbach
b13a6d5720
linux: 4.14-rc1 -> 4.14-rc2 2017-09-25 09:24:23 -04:00
John Ericson
f8a18cd4cf misc pkgs: Manual fixup pkgconfig nativeBuildInputs after sed
Importantly, this included regenerating pkgs/servers/x11/xorg, to
clobber the old sed.
2017-09-21 15:49:54 -04:00
John Ericson
531e4b80c9 misc pkgs: Basic sed to get fix pkgconfig and autoreconfHook buildInputs
Only acts on one-line dependency lists.
2017-09-21 15:49:53 -04:00
Tim Steinbach
7d3d276a16
linux-copperhead: 4.13.2.a -> 4.13.3.a 2017-09-21 14:37:44 -04:00
Tim Steinbach
eab480ac3d
linux: 4.13.2 -> 4.13.3 2017-09-20 08:36:27 -04:00
Tim Steinbach
726765404b
linux: 4.12.13 -> 4.12.14 2017-09-20 08:36:13 -04:00
Tim Steinbach
7cfa6895e8
linux: 4.9.50 -> 4.9.51 2017-09-20 08:35:44 -04:00
Jan Malakhovski
8525b78d05
linuxPackages: properly propagate features and extraConfig
`kernel.override { features = ... }` didn't work before, now it works as
expected.
2017-09-17 16:33:47 +02:00
Tim Steinbach
c8f43edaf5
linux: 4.13-rc7 -> 4.14-rc1 2017-09-17 09:11:04 -04:00
Tim Steinbach
08229bba30
linux-copperhead: 4.13.1.b -> 4.13.2.a 2017-09-16 08:57:45 -04:00
Tuomas Tynkkynen
9a6aa33422 kernel: Disable DEBUG_INFO
Since we don't have a split debug info output yet, don't waste time
writing several gigabytes of debug info that's all going to be stripped
out at the end.

This change only affects Aarch64 (where some joker has enabled it in the
architecture defconfig) and is a no-op on the others.
2017-09-16 15:09:10 +03:00
Jan Malakhovski
62fa45eac5
linuxPackages: hardened-config: enable DEBUG_PI_LIST 2017-09-16 13:14:05 +02:00
Jan Malakhovski
c345761c13
linuxPackages: hardened-config: check kernelArch, not system 2017-09-16 13:14:04 +02:00
Jan Malakhovski
616a7fe237
linuxPackages: hardened-config: disable BUG_ON_DATA_CORRUPTION for older kernels
They don't support it.
2017-09-16 13:14:03 +02:00
Joachim Fasting
dd170cd5df
hardened-config: build with fortify source 2017-09-16 00:31:25 +02:00
Joachim Fasting
9a763f8f59
hardened-config: enable the randstruct plugin 2017-09-16 00:31:23 +02:00
Joachim Fasting
edd0d2f2e9
hardened-config: additional refcount checking 2017-09-16 00:31:17 +02:00
Tim Steinbach
43b3029a4a
linux: 4.9.49 -> 4.9.50 2017-09-14 08:40:13 -04:00
Tim Steinbach
537da6cb50
linux: 4.12.12 -> 4.12.13 2017-09-14 08:40:13 -04:00
Tim Steinbach
232fc6a806
linux: 4.13.1 -> 4.13.2 2017-09-14 08:40:13 -04:00
Tim Steinbach
87fa247867
linux-copperhead: 4.13.1.a -> 4.13.1.b 2017-09-13 08:20:58 -04:00
Tim Steinbach
114a2bcc80
linux-copperhead: 4.13.a -> 4.13.1.a 2017-09-10 19:21:31 -04:00
Tim Steinbach
80486ba971
linux: 4.13 -> 4.13.1 2017-09-10 12:13:15 -04:00
Tim Steinbach
9c723d4b2b
linux: 4.12.11 -> 4.12.12 2017-09-10 12:13:15 -04:00
Tim Steinbach
1ab2b06a36
linux: 4.9.48 -> 4.9.49 2017-09-10 12:13:15 -04:00
Tim Steinbach
dc8b228a89
linux: 4.9.47 -> 4.9.48 2017-09-07 10:31:02 -04:00
Tim Steinbach
a1912c9eb4
linux: 4.12.10 -> 4.12.11 2017-09-07 10:27:39 -04:00
Jörg Thalheim
44f93731d6 linux_chromiumos_3_18: remove kernel due lack of maintainer/breakage
There is no maintainer for this package, probably not many users.
It requires effort to fix all third-party modules for this old kernel
versions. It might contain unpatched security holes.

For Pixel chromebooks, we have the samus-kernel.
Apart from that https://github.com/GalliumOS/linux might be a good choice.
2017-09-05 14:42:23 +02:00
Tim Steinbach
967077537b
linux-copperhead: 4.12.10.a -> 4.13.a 2017-09-04 11:09:29 -04:00
Tim Steinbach
c1e2a0b6f4
linux: Add 4.13 2017-09-03 19:41:44 -04:00
Tim Steinbach
2c301b1b48
linux: 4.9.46 -> 4.9.47
(cherry picked from commit 27c8378c0c81aa17aef615615421aa5de3d8246b)
2017-09-02 11:17:47 -04:00
Joachim Fasting
697cbbc617
kernelPatches.grsecurity_testing: remove 2017-09-02 15:56:49 +02:00
davidak
4134db36d0 linux-testing-bcachefs: init at 4.11.2017.08.23 2017-08-31 05:39:17 -05:00
Tim Steinbach
4c91e32da6
linux-copperhead: 4.12.9.a -> 4.12.10.a 2017-08-30 13:17:51 -04:00
Tim Steinbach
fab79d08e9
linux: 4.9.45 -> 4.9.46 2017-08-30 07:59:42 -04:00
Tim Steinbach
a27c6c7374
linux: 4.12.9 -> 4.12.10 2017-08-30 07:59:42 -04:00
Tuomas Tynkkynen
ff3f6f38c4 linux_rpi: 1.20170515 -> 1.20170811 2017-08-29 02:37:52 +03:00
Tim Steinbach
163b3e853b
linux: 4.13-rc6 -> 4.13-rc7 2017-08-28 11:59:37 -04:00
Tim Steinbach
bebaf083cd
linux-copperhead: 4.12.8.a -> 4.12.9.a 2017-08-27 09:43:23 -04:00
Tim Steinbach
9b9d0cc06b
linux: 4.9.44 -> 4.9.45 2017-08-26 09:50:02 -04:00
Tim Steinbach
d23bed7cc6
linux: 4.12.8 -> 4.12.9 2017-08-26 09:47:57 -04:00
Tim Steinbach
cd85a704a5
linux: 4.13-rc4 -> 4.13-rc6 2017-08-22 03:23:30 -04:00
Frederik Rietdijk
6bbc3a0b24 Merge commit '3b29468313bc8604fe8f85c8d9316fd276d3985c' into HEAD 2017-08-21 04:44:40 +02:00
Vladimír Čunát
7c7c83e233
buildLinux: allow overriding stdenv on each call 2017-08-20 08:24:52 +02:00
Tim Steinbach
7209ed6d4b
linux-copperhead: 4.12.7.a -> 4.12.8.a 2017-08-18 15:47:03 -04:00
Tim Steinbach
9281b05c7f
linux: 4.12.7 -> 4.12.8 2017-08-18 15:33:53 -04:00
Tim Steinbach
a5f01aa745
linux: 4.9.43 -> 4.9.44 2017-08-18 15:30:37 -04:00
Tim Steinbach
b94210b066
linux-copperhead: 4.12.5.a -> 4.12.7.a 2017-08-14 12:51:30 -04:00
Frederik Rietdijk
13bbaee21d Merge pull request #27881 from mimadrid/fix/http-https
Update homepage attributes: http -> https
2017-08-13 21:53:20 +02:00
Tim Steinbach
5c29873e99
linux: 4.9.42 -> 4.9.43 2017-08-13 15:42:15 -04:00
Tim Steinbach
59e34685da
linux: 4.12.6 -> 4.12.7 2017-08-13 15:42:15 -04:00
Joachim Fasting
345e0e6794
hardened-config: enable read-only LSM hooks
Implies that SELinux can no longer be disabled at runtime (only at boot
time, via selinux=0).

See https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=dd0859dccbe291cf8179a96390f5c0e45cb9af1d
2017-08-11 23:27:58 +02:00
Robin Gloster
05b8cae9ec
linux: remove unused kernel patches 2017-08-11 19:13:09 +02:00
Robin Gloster
9f3f575ab3
linux_4_4: remove
Support ends in Feb 2018
2017-08-11 19:13:09 +02:00
Robin Gloster
0eb9c5bd42
linux_3_10: remove
Support ends in Oct 2017
2017-08-11 19:13:08 +02:00
Tim Steinbach
47d9b48e4d
linux: 4.12.5 -> 4.12.6 2017-08-11 12:14:53 -04:00
Tim Steinbach
f2d420e4c9
linux: 4.9.41 -> 4.9.42 2017-08-11 12:10:10 -04:00
Tim Steinbach
f46f98ad31
Revert 0cf0d7186a
Order common kernel config by functionality
See #27949
2017-08-07 17:34:10 -04:00
Tim Steinbach
fa10497834 Merge pull request #27684 from gnidorah/bfq
linux: BFQ Group Scheduling support
2017-08-07 11:58:45 -04:00
Tim Steinbach
06af1df857
linux: 4.13-rc3 -> 4.13-rc4 2017-08-07 11:40:01 -04:00
Tim Steinbach
ea2a10e143
linux: 4.4.79 -> 4.4.80 2017-08-07 11:35:42 -04:00
Tim Steinbach
4825e4818b
linux: 4.9.40 -> 4.9.41 2017-08-07 11:32:26 -04:00
gnidorah
dc21f1ad65 linux: BFQ Group Scheduling support 2017-08-07 10:12:21 +03:00
Tim Steinbach
1ec7242bc2
linux-copperhead: 4.12.4.a -> 4.12.5.a 2017-08-06 22:04:46 -04:00
Tim Steinbach
ff9479cd54
linux: 4.12.4 -> 4.12.5 2017-08-06 19:22:15 -04:00
Tim Steinbach
0cf0d7186a
linux-common-config: Refactor, clean up 2017-08-06 19:17:30 -04:00
Joachim Fasting
f963014829
linux-hardened-config: various fixups
Note
- the kernel config parser ignores "# foo is unset" comments so they
  have no effect; disabling kernel modules would break *everything* and so
  is ill-suited for a general-purpose kernel anyway --- the hardened nixos
  profile provides a more flexible solution
- removed some overlap with the common config (SECCOMP is *required* by systemd;
  YAMA is enabled by default).
- MODIFY_LDT_SYSCALL is guarded by EXPERT on vanilla so setting it to y breaks
  the build; fix by making it optional
- restored some original comments which I feel are clearer
2017-08-06 23:38:07 +02:00
Heitham Omar
5ac00265a8 linux-common-config: add CONFIG_HOTPLUG_PCI_ACPI 2017-08-06 20:41:28 +02:00
Tim Steinbach
ff10bafd00
linux: Expand hardened config
Based on latest recommendations at
http://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
2017-08-06 09:58:02 -04:00
Robin Gloster
2b4811887a
kernel: add IP_NF_TARGET_REDIRECT 2017-08-04 08:26:09 +02:00
mimadrid
09e0cc7cc7
Update homepage attributes: http -> https
Homepage link "http://.../" is a permanent redirect to "https://.../" and should be updated
https://repology.org/repository/nix_stable/problems
2017-08-03 11:56:15 +02:00
Tuomas Tynkkynen
3db9a2bdff linux_rpi: 1.20170427 -> 1.20170515 2017-07-31 19:47:23 +03:00
aszlig
979817d153
linux-testing: 4.13-rc2 -> 4.13-rc3
Tested via building the linux_testing attribute, but didn't test it at
runtime (yet).

Diffed unpacked tarball against my local git clone and the contents
match.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2017-07-31 09:39:42 +02:00
Tim Steinbach
a918521c1e
linux-copperhead: 4.12.3.a -> 4.12.4.a 2017-07-28 17:54:37 -04:00
Tim Steinbach
5a6b5b8daf
linux: 4.4.78 -> 4.4.79 2017-07-28 10:02:29 -04:00
Tim Steinbach
88c0f67ded
linux: 4.9.39 -> 4.9.40 2017-07-28 10:00:25 -04:00
Tim Steinbach
f43c445824
linux: 4.12.3 -> 4.12.4 2017-07-28 09:55:48 -04:00
Tim Steinbach
1dd6e7dcbc
linux: 4.13-rc1 -> 4.13-rc2 2017-07-24 09:50:32 -04:00
Jörg Thalheim
887570883e perf: remove binutils patch by wrapper
starting with linux 4.12 our patch no longer applied. In order to
avoid having to maintain patches for different linux kernels it is
easier to use a wrapper instead.
2017-07-23 15:18:02 +01:00
Tim Steinbach
869bb2e486
linux-copperhead: 4.12.2.a -> 4.12.3.a 2017-07-22 19:08:02 -04:00
Tim Steinbach
ba9275da88
linux: Remove 4.11
4.11.x has been EOL'd
2017-07-21 07:33:14 -04:00
Tim Steinbach
98ad0f4dab
linux: 4.12.2 -> 4.12.3 2017-07-21 07:28:24 -04:00
Tim Steinbach
232f497169
linux: 4.9.38 -> 4.9.39 2017-07-21 07:25:50 -04:00
Tim Steinbach
5181d7568f
linux: 4.4.77 -> 4.4.78 2017-07-21 07:23:12 -04:00
Al Zohali
0b3d29d4ac linux_samus_4_12: init at 4.12.2
Co-authored-by: Nikolay Amiantov <ab@fmap.me>

fixes #26038
2017-07-18 23:31:18 +01:00
Tim Steinbach
df929d6216
linux-copperhead: 4.12.1.a -> 4.12.2.a 2017-07-15 19:44:12 -04:00
Tim Steinbach
b103e9317a
linux-testing: 4.12-rc7 -> 4.13-rc1 2017-07-15 19:30:44 -04:00
Tim Steinbach
81b993369c
linux: 4.4.76 -> 4.4.77 2017-07-15 19:25:42 -04:00
Tim Steinbach
b04858db1b
linux: 4.9.37 -> 4.9.38
Remove temporary patches to perf as well
2017-07-15 19:22:07 -04:00
Tim Steinbach
ccec16579d
linux: 4.11.10 -> 4.11.11 2017-07-15 19:17:06 -04:00
Tim Steinbach
c5ef98bb34
linux: 4.12.1 -> 4.12.2 2017-07-15 19:14:44 -04:00
Tim Steinbach
954c66983d
perf: Apply patch for offline kernels
As per https://lkml.org/lkml/2017/7/13/314, perf is broken in 4.9.36 and 4.9.37
Patches in this commit are taken from
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=39f4f2c018bd831c325e11983f8893caf72fd9eb

This will allow perf to build again and should be included in a future 4.9.x release,
allowing the custom patching to be removed again
2017-07-14 20:07:16 -04:00
Tuomas Tynkkynen
42395a191b kernel-config: Disable Xen on non-x86
There's an upstream build failure on ARM (not directly related to Xen
but rather some other config options it enables). The xen package is
x86_64-only anyways.
2017-07-13 20:12:50 +03:00
Tim Steinbach
6fda535869
linux-copperhead: Fix modDirVersion 2017-07-13 09:00:44 -04:00
Tim Steinbach
45a2534459
linux-copperhead: 4.12.e -> 4.12.1.a 2017-07-13 08:40:08 -04:00
Tim Steinbach
6131b4d52d
linux: 4.12 -> 4.12.1 2017-07-13 08:36:50 -04:00
Tim Steinbach
24de0bad42
linux: 4.11.9 -> 4.11.10 2017-07-13 08:34:51 -04:00
Tim Steinbach
6da222918e
linux: 4.9.36 -> 4.9.37 2017-07-13 08:30:47 -04:00
Tim Steinbach
1434128a18
linux-copperhead: 4.12.d -> 4.12.e 2017-07-11 08:22:56 -04:00
Tim Steinbach
d38656b3c3
linux-copperhead: 4.12.c -> 4.12.d 2017-07-09 18:20:14 -04:00
Tim Steinbach
fca0b3602d
linux-copperhead: 4.12.b -> 4.12.c 2017-07-09 18:16:58 -04:00
Tim Steinbach
da8bd6df67 Merge pull request #27161 from NeQuissimus/kernel_config_cleanup
linux: Clean up kernel config warnings
2017-07-07 09:00:52 -04:00
gnidorah
ff348f4b6d linux: Enable more I/O schedulers 2017-07-07 11:43:48 +03:00
Tim Steinbach
968e0b2baf
linux-copperhead: 4.11.8.a -> 4.12.b 2017-07-06 11:42:27 -04:00
Tim Steinbach
3ec2a2f476
linux: Clean up kernel config warnings 2017-07-05 20:09:14 -04:00
Tim Steinbach
a04afd1594
linux: 4.4.75 -> 4.4.76 2017-07-05 12:54:56 -04:00
Tim Steinbach
05bd289ff8
linux: 4.9.35 -> 4.9.36 2017-07-05 12:52:05 -04:00
Tim Steinbach
00f0f7e9f6
linux: 4.11.8 -> 4.11.9 2017-07-05 12:49:56 -04:00
Tim Steinbach
cd1f998289
Revert "linux-copperhead: 4.11.8.a -> 4.12.a"
This reverts commit cb703f1314.
2017-07-04 20:56:02 -04:00
Tim Steinbach
cb703f1314
linux-copperhead: 4.11.8.a -> 4.12.a 2017-07-03 21:03:58 -04:00
Tim Steinbach
f130e0027e
linux: Add 4.12 2017-07-03 11:57:40 -04:00
Tim Steinbach
3130f3ed0a
linux-copperhead: 4.11.7.a -> 4.11.8.a
Fixes #26790 by properly including built modules
2017-06-29 23:16:52 -04:00
Tim Steinbach
37bc494949
linux: 4.11.7 -> 4.11.8 2017-06-29 08:29:04 -04:00
Tim Steinbach
d1aff8d2e5
linux: 4.9.34 -> 4.9.35
Also, remove XSA-216 patches, the fixes are now integrated upstream
2017-06-29 08:26:25 -04:00
Tim Steinbach
6b35f22e28
linux: 4.4.74 -> 4.4.75 2017-06-29 08:20:06 -04:00
Tim Steinbach
4cc729644e Merge pull request #26867 from michalpalka/xen-security-2017.06-new
xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224
2017-06-28 22:43:46 -04:00
John Ericson
e1faeb574a Merge pull request #26884 from obsidiansystems/purge-stdenv-cross
Purge stdenv cross
2017-06-28 21:39:16 -04:00
hsloan
16781a3892 kernel perf: Don't use stdenv.cross 2017-06-28 20:23:09 -04:00
hsloan
1e3b45cfdb kernel manual-config: Don't use stdenv.cross 2017-06-28 20:23:09 -04:00
hsloan
459d07d41c kernel generic: Don't use stdenv.cross 2017-06-28 20:22:59 -04:00
Tim Steinbach
d2e199ca3c
linux: 4.4.73 -> 4.4.74 2017-06-27 08:14:47 -04:00
Tim Steinbach
c90a4b8541
linux: 4.12-rc6 -> 4.12-rc7 2017-06-26 09:58:37 -04:00
Michał Pałka
80e0cda7ff xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224
XSA-216 Issue Description:

> The block interface response structure has some discontiguous fields.
> Certain backends populate the structure fields of an otherwise
> uninitialized instance of this structure on their stacks, leaking
> data through the (internal or trailing) padding field.

More: https://xenbits.xen.org/xsa/advisory-216.html

XSA-217 Issue Description:

> Domains controlling other domains are permitted to map pages owned by
> the domain being controlled.  If the controlling domain unmaps such a
> page without flushing the TLB, and if soon after the domain being
> controlled transfers this page to another PV domain (via
> GNTTABOP_transfer or, indirectly, XENMEM_exchange), and that third
> domain uses the page as a page table, the controlling domain will have
> write access to a live page table until the applicable TLB entry is
> flushed or evicted.  Note that the domain being controlled is
> necessarily HVM, while the controlling domain is PV.

More: https://xenbits.xen.org/xsa/advisory-217.html

XSA-218 Issue Description:

> We have discovered two bugs in the code unmapping grant references.
>
> * When a grant had been mapped twice by a backend domain, and then
> unmapped by two concurrent unmap calls, the frontend may be informed
> that the page had no further mappings when the first call completed rather
> than when the second call completed.
>
> * A race triggerable by an unprivileged guest could cause a grant
> maptrack entry for grants to be "freed" twice.  The ultimate effect of
> this would be for maptrack entries for a single domain to be re-used.

More: https://xenbits.xen.org/xsa/advisory-218.html

XSA-219 Issue Description:

> When using shadow paging, writes to guest pagetables must be trapped and
> emulated, so the shadows can be suitably adjusted as well.
>
> When emulating the write, Xen maps the guests pagetable(s) to make the final
> adjustment and leave the guest's view of its state consistent.
>
> However, when mapping the frame, Xen drops the page reference before
> performing the write.  This is a race window where the underlying frame can
> change ownership.
>
> One possible attack scenario is for the frame to change ownership and to be
> inserted into a PV guest's pagetables.  At that point, the emulated write will
> be an unaudited modification to the PV pagetables whose value is under guest
> control.

More: https://xenbits.xen.org/xsa/advisory-219.html

XSA-220 Issue Description:

> Memory Protection Extensions (MPX) and Protection Key (PKU) are features in
> newer processors, whose state is intended to be per-thread and context
> switched along with all other XSAVE state.
>
> Xen's vCPU context switch code would save and restore the state only
> if the guest had set the relevant XSTATE enable bits.  However,
> surprisingly, the use of these features is not dependent (PKU) or may
> not be dependent (MPX) on having the relevant XSTATE bits enabled.
>
> VMs which use MPX or PKU, and context switch the state manually rather
> than via XSAVE, will have the state leak between vCPUs (possibly,
> between vCPUs in different guests).  This in turn corrupts state in
> the destination vCPU, and hence may lead to weakened protections
>
> Experimentally, MPX appears not to make any interaction with BND*
> state if BNDCFGS.EN is set but XCR0.BND{CSR,REGS} are clear.  However,
> the SDM is not clear in this case; therefore MPX is included in this
> advisory as a precaution.

More: https://xenbits.xen.org/xsa/advisory-220.html

XSA-221 Issue Description:

> When polling event channels, in general arbitrary port numbers can be
> specified.  Specifically, there is no requirement that a polled event
> channel ports has ever been created.  When the code was generalised
> from an earlier implementation, introducing some intermediate
> pointers, a check should have been made that these intermediate
> pointers are non-NULL.  However, that check was omitted.

More: https://xenbits.xen.org/xsa/advisory-221.html

XSA-222 Issue Description:

> Certain actions require removing pages from a guest's P2M
> (Physical-to-Machine) mapping.  When large pages are in use to map
> guest pages in the 2nd-stage page tables, such a removal operation may
> incur a memory allocation (to replace a large mapping with individual
> smaller ones).  If this allocation fails, these errors are ignored by
> the callers, which would then continue and (for example) free the
> referenced page for reuse.  This leaves the guest with a mapping to a
> page it shouldn't have access to.
>
> The allocation involved comes from a separate pool of memory created
> when the domain is created; under normal operating conditions it never
> fails, but a malicious guest may be able to engineer situations where
> this pool is exhausted.

More: https://xenbits.xen.org/xsa/advisory-222.html

XSA-224 Issue Description:

> We have discovered a number of bugs in the code mapping and unmapping
> grant references.
>
> * If a grant is mapped with both the GNTMAP_device_map and
> GNTMAP_host_map flags, but unmapped only with host_map, the device_map
> portion remains but the page reference counts are lowered as though it
> had been removed. This bug can be leveraged cause a page's reference
> counts and type counts to fall to zero while retaining writeable
> mappings to the page.
>
> * Under some specific conditions, if a grant is mapped with both the
> GNTMAP_device_map and GNTMAP_host_map flags, the operation may not
> grab sufficient type counts.  When the grant is then unmapped, the
> type count will be erroneously reduced.  This bug can be leveraged
> cause a page's reference counts and type counts to fall to zero while
> retaining writeable mappings to the page.
>
> * When a grant reference is given to an MMIO region (as opposed to a
> normal guest page), if the grant is mapped with only the
> GNTMAP_device_map flag set, a mapping is created at host_addr anyway.
> This does *not* cause reference counts to change, but there will be no
> record of this mapping, so it will not be considered when reporting
> whether the grant is still in use.

More: https://xenbits.xen.org/xsa/advisory-224.html
2017-06-26 07:01:24 +00:00
Tim Steinbach
03aed4cfcf
linux-copperhead: 4.11.6.d -> 4.11.7.a 2017-06-24 14:50:41 -04:00
Tim Steinbach
b06cb59fc1
linux: 4.9.33 -> 4.9.34 2017-06-24 11:22:56 -04:00
Tim Steinbach
3a68f0bb78
linux: 4.11.6 -> 4.11.7 2017-06-24 11:20:32 -04:00
Tim Steinbach
4e08459f9b
linux-hardened-copperhead: 4.11.6c -> 4.11.6d 2017-06-22 21:12:20 -04:00
Franz Pletz
dd3f2e648a
linux_hardened_copperhead: init at 4.11.6.c 2017-06-21 23:49:00 +02:00
Jörg Thalheim
e89e96a755 linux_4_11: renable CONFIG_UPROBE_EVENTS
CONFIG_UPROBE_EVENT was renamed to CONFIG_UPROBE_EVENTS.
2017-06-21 17:16:46 +01:00
Tim Steinbach
2764961b87
linux: 4.12-rc5 -> 4.12-rc6 2017-06-19 21:21:15 -04:00
Franz Pletz
bbb9182cbc
linux: 4.9.32 -> 4.9.33 2017-06-17 18:45:29 +02:00
Franz Pletz
a470aa0924
linux: 4.4.72 -> 4.4.73 2017-06-17 18:45:29 +02:00
Franz Pletz
c973a4a887
linux: 4.11.5 -> 4.11.6 2017-06-17 18:45:29 +02:00
Tim Steinbach
b4576c5108
linux: 4.11.4 -> 4.11.5 2017-06-15 08:54:55 -04:00
Tim Steinbach
a7efc9f0cd
linux: 4.9.31 -> 4.9.32 2017-06-15 08:53:35 -04:00
Tim Steinbach
07edb44d15
linux: 4.4.71 -> 4.4.72 2017-06-15 08:52:26 -04:00
timor
d74f8351a5 kernel: enable audio jack reconfiguration
Change kernel config to allow for changing the functions of the audio
jacks at run-time as well as at boot time.
2017-06-13 08:50:34 +03:00
Eelco Dolstra
63e9d1c51e
perf: Fix perf annotate
This command requires objdump, so make sure it can find it.
2017-06-12 13:23:18 +02:00
Tim Steinbach
5fbab5dfb3
linux: 4.12-rc4 -> 4.12-rc5 2017-06-11 21:37:46 -04:00
Tuomas Tynkkynen
370ace4cf0 kernel: Don't build self-test modules 2017-06-11 19:33:24 +03:00
Tim Steinbach
c7abd6943e
linux: 4.9.30 -> 4.9.31 2017-06-07 08:09:37 -04:00
Tim Steinbach
01fc1a80b3
linux: 4.4.70 -> 4.4.71 2017-06-07 08:07:53 -04:00
Tim Steinbach
66faa421c9
linux: 4.11.3 -> 4.11.4 2017-06-07 08:05:45 -04:00
Tim Steinbach
7c476b98df
linux: 4.12-rc3 -> 4.12-rc4 2017-06-05 10:01:53 -04:00
Tim Steinbach
a78af5196c
linux: 4.12-rc2 -> 4.12-rc3 2017-05-29 09:32:52 -04:00
Tim Steinbach
690a83091b
linux: FS_ENCRYPTION only for >= 4.9 kernels 2017-05-25 18:25:08 -04:00