Upgrade rt kernel patch to CentOS7.6 3.10.0-957.12.2
New set of CVEs was reported against Intel CPUs: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091. For these CVEs there are RH and CentOS updates available. CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS): Store buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/ corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2018-12127: Microarchitectural Load Port Data Sampling (MLPDS): Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/ corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2018-12130: Microarchitectural Fill Buffer Data Sampling (MFBDS): Fill buffers on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/ corporate-information/SA00233-microcode-update-guidance_05132019.pdf CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory(MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/ corporate-information/SA00233-microcode-update-guidance_05132019.pdf These are from the http://cve.mitre.org website. These are the MDS security CVEs. The patch is modified as follows: 1.Delete the 929-931 line of the arch/x86/kernel/cpu/cacheinfo.c file, because starlingx's Porting-Cacheinfo-from-Kernel-4.10.17.patch removes the ici_cpuid4_info structure. 2.Except for the modification of the file in 1, the other patches only modify the line number. Closes-Bug: 1830487 Depends-On: https://review.opendev.org/663071 Change-Id: I16ac63df21eeb85b4fc3ab19d539986e77c8c0d3 Signed-off-by: zhiguo.zhang <zhiguox.zhang@intel.com>
This commit is contained in:
parent
6c7632be90
commit
d4aebcaf91
@ -309,7 +309,7 @@ index c05b910..dfbbe1f 100644
|
||||
$CopyKernel $KernelImage $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer
|
||||
chmod 755 $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer
|
||||
|
||||
@@ -910,6 +1032,12 @@ BuildKernel() {
|
||||
@@ -913,6 +1035,12 @@ BuildKernel() {
|
||||
cp signing_key.priv signing_key.priv.sign${Flavour:+.${Flavour}}
|
||||
cp signing_key.x509 signing_key.x509.sign${Flavour:+.${Flavour}}
|
||||
|
||||
@ -322,7 +322,7 @@ index c05b910..dfbbe1f 100644
|
||||
# remove files that will be auto generated by depmod at rpm -i time
|
||||
for i in alias alias.bin builtin.bin ccwmap dep dep.bin ieee1394map inputmap isapnpmap ofmap pcimap seriomap symbols symbols.bin usbmap softdep devname
|
||||
do
|
||||
@@ -925,6 +1053,15 @@ BuildKernel() {
|
||||
@@ -928,6 +1056,15 @@ BuildKernel() {
|
||||
|
||||
install -Dm644 %{SOURCE1000} $RPM_BUILD_ROOT%{_sysconfdir}/modprobe.d/dccp-blacklist.conf
|
||||
|
||||
@ -338,7 +338,7 @@ index c05b910..dfbbe1f 100644
|
||||
# prune junk from kernel-devel
|
||||
find $RPM_BUILD_ROOT/usr/src/kernels -name ".*.cmd" -exec rm -f {} \;
|
||||
}
|
||||
@@ -972,6 +1109,31 @@ BuildKernel %make_target %kernel_image vanilla
|
||||
@@ -975,6 +1112,31 @@ BuildKernel %make_target %kernel_image vanilla
|
||||
BuildKernel %make_target %kernel_image
|
||||
%endif
|
||||
|
||||
@ -370,7 +370,7 @@ index c05b910..dfbbe1f 100644
|
||||
%if %{builddoc}
|
||||
# Make the HTML and man pages.
|
||||
make -j1 htmldocs mandocs || %{doc_build_fail}
|
||||
@@ -1004,6 +1166,7 @@ popd
|
||||
@@ -1007,6 +1169,7 @@ popd
|
||||
# if it isn't.
|
||||
|
||||
%ifnarch noarch
|
||||
@ -378,7 +378,7 @@ index c05b910..dfbbe1f 100644
|
||||
%define __modsign_install_post \
|
||||
if [ "%{with_rt}" -ne "0" ]; then \
|
||||
Arch=`head -1 configs/kernel-%{version}-%{_target_cpu}-rt.config | cut -b 3-` \
|
||||
@@ -1022,6 +1185,24 @@ popd
|
||||
@@ -1025,6 +1188,24 @@ popd
|
||||
%{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.${AAA} || exit 1 \
|
||||
done \
|
||||
%{nil}
|
||||
@ -403,7 +403,7 @@ index c05b910..dfbbe1f 100644
|
||||
%endif
|
||||
|
||||
###
|
||||
@@ -1111,6 +1292,39 @@ mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/perf
|
||||
@@ -1114,6 +1295,39 @@ mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/perf
|
||||
%endif # buildperf
|
||||
%endif
|
||||
|
||||
@ -443,7 +443,7 @@ index c05b910..dfbbe1f 100644
|
||||
%if %{buildheaders}
|
||||
# Install kernel headers
|
||||
make ARCH=%{hdrarch} INSTALL_HDR_PATH=$RPM_BUILD_ROOT/usr headers_install
|
||||
@@ -1165,6 +1379,14 @@ rm -rf $RPM_BUILD_ROOT
|
||||
@@ -1168,6 +1382,14 @@ rm -rf $RPM_BUILD_ROOT
|
||||
### scripts
|
||||
###
|
||||
|
||||
@ -458,7 +458,7 @@ index c05b910..dfbbe1f 100644
|
||||
#
|
||||
# This macro defines a %%post script for a kernel*-devel package.
|
||||
# %%kernel_devel_post [<subpackage>]
|
||||
@@ -1328,6 +1550,43 @@ fi
|
||||
@@ -1331,6 +1553,43 @@ fi
|
||||
%endif
|
||||
%endif
|
||||
|
||||
@ -502,7 +502,7 @@ index c05b910..dfbbe1f 100644
|
||||
# This is %{image_install_path} on an arch where that includes ELF files,
|
||||
# or empty otherwise.
|
||||
%global elf_image_install_path %{?kernel_image_elf:%{image_install_path}}
|
||||
@@ -1344,6 +1603,7 @@ fi
|
||||
@@ -1347,6 +1606,7 @@ fi
|
||||
/%{image_install_path}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?2:.%{2}}\
|
||||
/%{image_install_path}/.vmlinuz-%{KVERREL}%{?2:.%{2}}.hmac\
|
||||
/boot/System.map-%{KVERREL}%{?2:.%{2}}\
|
||||
@ -510,7 +510,7 @@ index c05b910..dfbbe1f 100644
|
||||
/boot/config-%{KVERREL}%{?2:.%{2}}\
|
||||
%exclude /lib/modules/%{KVERREL}%{?2:.%{2}}/kernel/arch/x86/kvm\
|
||||
%exclude /lib/modules/%{KVERREL}%{?2:.%{2}}/kernel/drivers/gpu/drm/i915/gvt\
|
||||
@@ -1422,6 +1682,11 @@ fi
|
||||
@@ -1427,6 +1687,11 @@ fi
|
||||
%kernel_variant_files %{buildvanilla} vanilla
|
||||
%endif
|
||||
|
||||
@ -520,8 +520,8 @@ index c05b910..dfbbe1f 100644
|
||||
+%endif # do_sign
|
||||
+
|
||||
%changelog
|
||||
* Thu Nov 15 2018 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-957.1.3.rt56.913.el7]
|
||||
- [rt] Update source tree to match RHEL 7.6.z tree [1632386 1642619]
|
||||
* Fri Apr 26 2019 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [3.10.0-957.12.2.rt56.929.el7]
|
||||
- [rt] Update source tree to match RHEL 7.6.z tree [1689417 1642619]
|
||||
--
|
||||
2.7.4
|
||||
|
||||
|
@ -65,7 +65,7 @@ diff --git a/include/linux/sched.h b/include/linux/sched.h
|
||||
index 97ff026..0785453 100644
|
||||
--- a/include/linux/sched.h
|
||||
+++ b/include/linux/sched.h
|
||||
@@ -1682,6 +1682,12 @@ struct task_struct {
|
||||
@@ -1686,6 +1686,12 @@ struct task_struct {
|
||||
short il_next;
|
||||
short pref_node_fork;
|
||||
#endif
|
||||
|
@ -47,13 +47,13 @@ This helps in:
|
||||
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
|
||||
---
|
||||
Documentation/ABI/testing/sysfs-devices-system-cpu | 65 ++
|
||||
arch/x86/kernel/cpu/cacheinfo.c | 830 +++++++--------------
|
||||
arch/x86/kernel/cpu/cacheinfo.c | 833 +++++++--------------
|
||||
drivers/base/Makefile | 2 +-
|
||||
drivers/base/cacheinfo.c | 662 ++++++++++++++++
|
||||
drivers/base/cpu.c | 54 ++
|
||||
include/linux/cacheinfo.h | 104 +++
|
||||
include/linux/cpu.h | 3 +
|
||||
7 files changed, 1147 insertions(+), 573 deletions(-)
|
||||
7 files changed, 1147 insertions(+), 576 deletions(-)
|
||||
create mode 100644 drivers/base/cacheinfo.c
|
||||
create mode 100644 include/linux/cacheinfo.h
|
||||
|
||||
@ -461,7 +461,7 @@ index d529019..bf23bd2 100644
|
||||
+
|
||||
+ if (nb && nb->l3_cache.indices)
|
||||
+ init_amd_l3_attrs();
|
||||
+
|
||||
|
||||
+ return &cache_private_group;
|
||||
+}
|
||||
+
|
||||
@ -472,7 +472,7 @@ index d529019..bf23bd2 100644
|
||||
+ /* only for L3, and not in virtualized environments */
|
||||
+ if (index < 3)
|
||||
+ return;
|
||||
|
||||
+
|
||||
+ node = amd_get_nb_id(smp_processor_id());
|
||||
+ this_leaf->nb = node_to_amd_nb(node);
|
||||
+ if (this_leaf->nb && !this_leaf->nb->l3_cache.indices)
|
||||
@ -798,11 +798,11 @@ index d529019..bf23bd2 100644
|
||||
+static int __init_cache_level(unsigned int cpu)
|
||||
{
|
||||
- int i;
|
||||
-
|
||||
- for (i = 0; i < num_cache_leaves; i++)
|
||||
- cache_remove_shared_cpu_map(cpu, i);
|
||||
+ struct cpu_cacheinfo *this_cpu_ci = get_cpu_cacheinfo(cpu);
|
||||
|
||||
- for (i = 0; i < num_cache_leaves; i++)
|
||||
- cache_remove_shared_cpu_map(cpu, i);
|
||||
-
|
||||
- kfree(per_cpu(ici_cpuid4_info, cpu));
|
||||
- per_cpu(ici_cpuid4_info, cpu) = NULL;
|
||||
+ if (!num_cache_leaves)
|
||||
@ -815,17 +815,20 @@ index d529019..bf23bd2 100644
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -925,411 +985,37 @@ static void get_cache_id(int cpu, struct _cpuid4_info_regs *id4_regs)
|
||||
@@ -925,414 +985,37 @@ static void get_cache_id(int cpu, struct _cpuid4_info_regs *id4_regs)
|
||||
int get_cpu_cache_id(int cpu, int level)
|
||||
{
|
||||
int i;
|
||||
+ struct cpu_cacheinfo *this_cpu_ci = get_cpu_cacheinfo(cpu);
|
||||
|
||||
- for (i = 0; i < num_cache_leaves; i++) {
|
||||
- struct _cpuid4_info *this_leaf = CPUID4_INFO_IDX(cpu, i);
|
||||
- if (!per_cpu(ici_cpuid4_info, cpu))
|
||||
- return -1;
|
||||
+ for (i = 0; i < this_cpu_ci->num_leaves; i++) {
|
||||
+ struct cacheinfo *this_leaf = this_cpu_ci->info_list + i;
|
||||
|
||||
- for (i = 0; i < num_cache_leaves; i++) {
|
||||
- struct _cpuid4_info *this_leaf = CPUID4_INFO_IDX(cpu, i);
|
||||
-
|
||||
- if (this_leaf->base.eax.split.level == level)
|
||||
- return this_leaf->base.id;
|
||||
+ if (this_leaf->level == level)
|
||||
@ -836,13 +839,18 @@ index d529019..bf23bd2 100644
|
||||
}
|
||||
|
||||
-static void get_cpu_leaves(void *_retval)
|
||||
-{
|
||||
+static int __populate_cache_leaves(unsigned int cpu)
|
||||
{
|
||||
- int j, *retval = _retval, cpu = smp_processor_id();
|
||||
-
|
||||
- /* Do cpuid and store the results */
|
||||
- for (j = 0; j < num_cache_leaves; j++) {
|
||||
- struct _cpuid4_info *this_leaf = CPUID4_INFO_IDX(cpu, j);
|
||||
-
|
||||
+ unsigned int idx, ret;
|
||||
+ struct cpu_cacheinfo *this_cpu_ci = get_cpu_cacheinfo(cpu);
|
||||
+ struct cacheinfo *this_leaf = this_cpu_ci->info_list;
|
||||
+ struct _cpuid4_info_regs id4_regs = {};
|
||||
|
||||
- *retval = cpuid4_cache_lookup_regs(j, &this_leaf->base);
|
||||
- if (unlikely(*retval < 0)) {
|
||||
- int i;
|
||||
@ -853,13 +861,21 @@ index d529019..bf23bd2 100644
|
||||
- }
|
||||
- cache_shared_cpu_map_setup(cpu, j);
|
||||
- get_cache_id(cpu, &this_leaf->base);
|
||||
- }
|
||||
+ for (idx = 0; idx < this_cpu_ci->num_leaves; idx++) {
|
||||
+ ret = cpuid4_cache_lookup_regs(idx, &id4_regs);
|
||||
+ if (ret)
|
||||
+ return ret;
|
||||
+ get_cache_id(cpu, &id4_regs);
|
||||
+ ci_leaf_init(this_leaf++, &id4_regs);
|
||||
+ __cache_cpumap_setup(cpu, idx, &id4_regs);
|
||||
}
|
||||
-}
|
||||
-
|
||||
-static int detect_cache_attributes(unsigned int cpu)
|
||||
-{
|
||||
- int retval;
|
||||
-
|
||||
+ this_cpu_ci->cpu_map_populated = true;
|
||||
|
||||
- if (num_cache_leaves == 0)
|
||||
- return -ENOENT;
|
||||
-
|
||||
@ -1116,8 +1132,7 @@ index d529019..bf23bd2 100644
|
||||
-
|
||||
-/* Add/Remove cache interface for CPU device */
|
||||
-static int cache_add_dev(struct device *dev)
|
||||
+static int __populate_cache_leaves(unsigned int cpu)
|
||||
{
|
||||
-{
|
||||
- unsigned int cpu = dev->id;
|
||||
- unsigned long i, j;
|
||||
- struct _index_kobject *this_object;
|
||||
@ -1140,11 +1155,7 @@ index d529019..bf23bd2 100644
|
||||
- this_object = INDEX_KOBJECT_PTR(cpu, i);
|
||||
- this_object->cpu = cpu;
|
||||
- this_object->index = i;
|
||||
+ unsigned int idx, ret;
|
||||
+ struct cpu_cacheinfo *this_cpu_ci = get_cpu_cacheinfo(cpu);
|
||||
+ struct cacheinfo *this_leaf = this_cpu_ci->info_list;
|
||||
+ struct _cpuid4_info_regs id4_regs = {};
|
||||
|
||||
-
|
||||
- this_leaf = CPUID4_INFO_IDX(cpu, i);
|
||||
-
|
||||
- ktype_cache.default_attrs = default_attrs;
|
||||
@ -1164,17 +1175,9 @@ index d529019..bf23bd2 100644
|
||||
- return retval;
|
||||
- }
|
||||
- kobject_uevent(&(this_object->kobj), KOBJ_ADD);
|
||||
+ for (idx = 0; idx < this_cpu_ci->num_leaves; idx++) {
|
||||
+ ret = cpuid4_cache_lookup_regs(idx, &id4_regs);
|
||||
+ if (ret)
|
||||
+ return ret;
|
||||
+ get_cache_id(cpu, &id4_regs);
|
||||
+ ci_leaf_init(this_leaf++, &id4_regs);
|
||||
+ __cache_cpumap_setup(cpu, idx, &id4_regs);
|
||||
}
|
||||
- }
|
||||
- cpumask_set_cpu(cpu, to_cpumask(cache_dev_map));
|
||||
+ this_cpu_ci->cpu_map_populated = true;
|
||||
|
||||
-
|
||||
- kobject_uevent(per_cpu(ici_cache_kobject, cpu), KOBJ_ADD);
|
||||
return 0;
|
||||
}
|
||||
@ -2107,9 +2110,9 @@ diff --git a/include/linux/cpu.h b/include/linux/cpu.h
|
||||
index a5dd694..ceaa393 100644
|
||||
--- a/include/linux/cpu.h
|
||||
+++ b/include/linux/cpu.h
|
||||
@@ -49,6 +49,9 @@ extern ssize_t cpu_show_spec_store_bypass(struct device *dev,
|
||||
extern ssize_t cpu_show_l1tf(struct device *dev,
|
||||
struct device_attribute *attr, char *buf);
|
||||
@@ -51,6 +51,9 @@ extern ssize_t cpu_show_l1tf(struct device *dev,
|
||||
extern ssize_t cpu_show_mds(struct device *dev,
|
||||
struct device_attribute *attr, char *buf);
|
||||
|
||||
+extern struct device *cpu_device_create(struct device *parent, void *drvdata,
|
||||
+ const struct attribute_group **groups,
|
||||
|
@ -229,7 +229,7 @@ diff --git a/security/security.c b/security/security.c
|
||||
index f069482..646a0e3 100644
|
||||
--- a/security/security.c
|
||||
+++ b/security/security.c
|
||||
@@ -157,6 +157,110 @@ EXPORT_SYMBOL(unregister_lsm_notifier);
|
||||
@@ -161,6 +161,110 @@ EXPORT_SYMBOL(unregister_lsm_notifier);
|
||||
|
||||
/* Security operations */
|
||||
|
||||
@ -340,7 +340,7 @@ index f069482..646a0e3 100644
|
||||
int security_ptrace_access_check(struct task_struct *child, unsigned int mode)
|
||||
{
|
||||
#ifdef CONFIG_SECURITY_YAMA_STACKED
|
||||
@@ -716,8 +820,11 @@ EXPORT_SYMBOL(security_inode_listsecurity);
|
||||
@@ -720,8 +824,11 @@ EXPORT_SYMBOL(security_inode_listsecurity);
|
||||
|
||||
void security_inode_getsecid(struct inode *inode, u32 *secid)
|
||||
{
|
||||
@ -353,7 +353,7 @@ index f069482..646a0e3 100644
|
||||
|
||||
int security_inode_copy_up(struct dentry *src, struct cred **new)
|
||||
{
|
||||
@@ -1526,6 +1633,7 @@ int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
|
||||
@@ -1530,6 +1637,7 @@ int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule)
|
||||
{
|
||||
return security_ops->audit_rule_init(field, op, rulestr, lsmrule);
|
||||
}
|
||||
@ -361,7 +361,7 @@ index f069482..646a0e3 100644
|
||||
|
||||
int security_audit_rule_known(struct audit_krule *krule)
|
||||
{
|
||||
@@ -1542,6 +1650,7 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
|
||||
@@ -1546,6 +1654,7 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
|
||||
{
|
||||
return security_ops->audit_rule_match(secid, field, op, lsmrule, actx);
|
||||
}
|
||||
|
@ -107,7 +107,7 @@ diff --git a/kernel/cpu.c b/kernel/cpu.c
|
||||
index 6fe84e4..325a47a 100644
|
||||
--- a/kernel/cpu.c
|
||||
+++ b/kernel/cpu.c
|
||||
@@ -1308,6 +1308,19 @@ static DECLARE_BITMAP(cpu_active_bits, CONFIG_NR_CPUS) __read_mostly;
|
||||
@@ -1329,6 +1329,19 @@ static DECLARE_BITMAP(cpu_active_bits, CONFIG_NR_CPUS) __read_mostly;
|
||||
const struct cpumask *const cpu_active_mask = to_cpumask(cpu_active_bits);
|
||||
EXPORT_SYMBOL(cpu_active_mask);
|
||||
|
||||
|
@ -99,7 +99,7 @@ index 05b0971..d6f4723 100644
|
||||
} else if (!strncmp(str, "strict", 6)) {
|
||||
pr_info("Disable batched IOTLB flush\n");
|
||||
intel_iommu_strict = 1;
|
||||
@@ -2779,6 +2789,15 @@ static bool device_is_rmrr_locked(struct device *dev)
|
||||
@@ -2820,6 +2830,15 @@ static bool device_is_rmrr_locked(struct device *dev)
|
||||
|
||||
if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
|
||||
return false;
|
||||
|
@ -1 +1 @@
|
||||
mirror:Source/kernel-rt-3.10.0-957.1.3.rt56.913.el7.src.rpm
|
||||
mirror:Source/kernel-rt-3.10.0-957.12.2.rt56.929.el7.src.rpm
|
||||
|
Loading…
Reference in New Issue
Block a user