diff options
author | Paul Gortmaker <paul.gortmaker@windriver.com> | 2018-02-23 12:23:31 -0500 |
---|---|---|
committer | Paul Gortmaker <paul.gortmaker@windriver.com> | 2018-02-23 12:27:50 -0500 |
commit | 6d9970971f8fd5ff1aa4a7378e09aec11a98d75b (patch) | |
tree | 6b4f9cdd58e79716a34e0102c52fc559aa3d7ecf | |
parent | a26b7c40d42a51871392ca1d957d403a565e6259 (diff) | |
download | longterm-queue-4.8-6d9970971f8fd5ff1aa4a7378e09aec11a98d75b.tar.gz |
stable-queue: list of commits needed for CVE fixes.
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
-rw-r--r-- | queue/series | 157 |
1 files changed, 157 insertions, 0 deletions
diff --git a/queue/series b/queue/series index 7c0433e..6fde0b6 100644 --- a/queue/series +++ b/queue/series @@ -60,3 +60,160 @@ sched-core-x86-Make-struct-thread_info-arch-specific.patch # v4.10-rc1~64^2 x86-kbuild-enable-modversions-for-symbols-exported-f.patch + +#### Note: all patches above this line were extracted from mainline. +#### All patches below this line were copied from the stable-queue repo, +#### primairly because over 50% of them don't exist anywhere else. + +# Used in 4.9.74 +x86-vm86-32-switch-to-flush_tlb_mm_range-in-mark_screen_rdonly.patch +x86-mm-remove-flush_tlb-and-flush_tlb_current_task.patch +x86-mm-make-flush_tlb_mm_range-more-predictable.patch +x86-mm-reimplement-flush_tlb_page-using-flush_tlb_mm_range.patch +x86-mm-remove-the-up-asm-tlbflush.h-code-always-use-the-formerly-smp-code.patch +x86-mm-disable-pcid-on-32-bit-kernels.patch +x86-mm-add-the-nopcid-boot-option-to-turn-off-pcid.patch +x86-mm-enable-cr4.pcide-on-supported-systems.patch +x86-mm-64-fix-reboot-interaction-with-cr4.pcide.patch +kbuild-add-fno-stack-check-to-kernel-build-options.patch +x86-smpboot-remove-stale-tlb-flush-invocations.patch +mm-vmstat-make-nr_tlb_remote_flush_received-available-even-on-up.patch + +# Kaiser patches from 4.9.75 +x86-boot-add-early-cmdline-parsing-for-options-with-arguments.patch +kaiser-kernel-address-isolation.patch +kaiser-merged-update.patch +kaiser-do-not-set-_page_nx-on-pgd_none.patch +kaiser-stack-map-page_size-at-thread_size-page_size.patch +kaiser-fix-build-and-fixme-in-alloc_ldt_struct.patch +kaiser-kaiser-depends-on-smp.patch +kaiser-fix-regs-to-do_nmi-ifndef-config_kaiser.patch +kaiser-fix-perf-crashes.patch +kaiser-enomem-if-kaiser_pagetable_walk-null.patch +kaiser-tidied-up-asm-kaiser.h-somewhat.patch +kaiser-tidied-up-kaiser_add-remove_mapping-slightly.patch +kaiser-align-addition-to-x86-mm-makefile.patch +kaiser-cleanups-while-trying-for-gold-link.patch +kaiser-name-that-0x1000-kaiser_shadow_pgd_offset.patch +kaiser-delete-kaiser_real_switch-option.patch +kaiser-vmstat-show-nr_kaisertable-as-nr_overhead.patch +kaiser-enhanced-by-kernel-and-user-pcids.patch +kaiser-load_new_mm_cr3-let-switch_user_cr3-flush-user.patch +kaiser-pcid-0-for-kernel-and-128-for-user.patch +kaiser-x86_cr3_pcid_noflush-and-x86_cr3_pcid_user.patch +kaiser-paranoid_entry-pass-cr3-need-to-paranoid_exit.patch +kaiser-kaiser_remove_mapping-move-along-the-pgd.patch +kaiser-fix-unlikely-error-in-alloc_ldt_struct.patch +kaiser-add-nokaiser-boot-option-using-alternative.patch +x86-kaiser-rename-and-simplify-x86_feature_kaiser-handling.patch +x86-kaiser-check-boottime-cmdline-params.patch +kaiser-use-alternative-instead-of-x86_cr3_pcid_noflush.patch +kaiser-drop-is_atomic-arg-to-kaiser_pagetable_walk.patch +kaiser-asm-tlbflush.h-handle-nopge-at-lower-level.patch +kaiser-kaiser_flush_tlb_on_return_to_user-check-pcid.patch +x86-paravirt-dont-patch-flush_tlb_single.patch +x86-kaiser-reenable-paravirt.patch +kaiser-disabled-on-xen-pv.patch +x86-kaiser-move-feature-detection-up.patch +kpti-rename-to-page_table_isolation.patch +kpti-report-when-enabled.patch +kaiser-set-_page_nx-only-if-supported.patch + +# from 4.9.76 +x86-tlb-drop-the-_gpl-from-the-cpu_tlbstate-export.patch +map-the-vsyscall-page-with-_page_user.patch + +# from 4.9.77 +x86-documentation-add-pti-description.patch +x86-cpu-factor-out-application-of-forced-cpu-caps.patch +x86-cpufeatures-make-cpu-bugs-sticky.patch +x86-cpufeatures-add-x86_bug_cpu_insecure.patch +x86-pti-rename-bug_cpu_insecure-to-bug_cpu_meltdown.patch +x86-cpufeatures-add-x86_bug_spectre_v.patch +x86-cpu-merge-bugs.c-and-bugs_64.c.patch +sysfs-cpu-add-vulnerability-folder.patch +x86-cpu-implement-cpu-vulnerabilites-sysfs-functions.patch +x86-cpu-amd-make-lfence-a-serializing-instruction.patch +x86-cpu-amd-use-lfence_rdtsc-in-preference-to-mfence_rdtsc.patch +sysfs-cpu-fix-typos-in-vulnerability-documentation.patch +x86-alternatives-fix-optimize_nops-checking.patch +x86-alternatives-add-missing-n-at-end-of-alternative-inline-asm.patch +x86-mm-32-move-setup_clear_cpu_cap-x86_feature_pcid-earlier.patch +objtool-modules-discard-objtool-annotation-sections-for-modules.patch +objtool-detect-jumps-to-retpoline-thunks.patch +objtool-allow-alternatives-to-be-ignored.patch +x86-asm-use-register-variable-to-get-stack-pointer-value.patch +x86-retpoline-add-initial-retpoline-support.patch +x86-spectre-add-boot-time-option-to-select-spectre-v2-mitigation.patch +x86-retpoline-crypto-convert-crypto-assembler-indirect-jumps.patch +x86-retpoline-entry-convert-entry-assembler-indirect-jumps.patch +x86-retpoline-ftrace-convert-ftrace-assembler-indirect-jumps.patch +x86-retpoline-hyperv-convert-assembler-indirect-jumps.patch +x86-retpoline-xen-convert-xen-hypercall-indirect-jumps.patch +x86-retpoline-checksum32-convert-assembler-indirect-jumps.patch +x86-retpoline-irq32-convert-assembler-indirect-jumps.patch +x86-retpoline-fill-return-stack-buffer-on-vmexit.patch +selftests-x86-add-test_vsyscall.patch +x86-retpoline-remove-compile-time-warning.patch +objtool-fix-retpoline-support-for-pre-orc-objtool.patch +x86-pti-efi-broken-conversion-from-efi-to-kernel-page-table.patch + +# from 4.9.78 +x86-retpoline-fill-rsb-on-context-switch-for-affected-cpus.patch +x86-retpoline-add-lfence-to-the-retpoline-rsb-filling-rsb-macros.patch +x86-cpufeature-move-processor-tracing-out-of-scattered-features.patch +module-add-retpoline-tag-to-vermagic.patch +x86-cpu-x86-pti-do-not-enable-pti-on-amd-processors.patch +retpoline-introduce-start-end-markers-of-indirect-thunk.patch +kprobes-x86-blacklist-indirect-thunk-functions-for-kprobes.patch +kprobes-x86-disable-optimizing-on-the-function-jumps-to-indirect-thunk.patch +x86-pti-document-fix-wrong-index.patch +x86-retpoline-optimize-inline-assembler-for-vmexit_fill_rsb.patch + +# from 4.9.79 +vsyscall-fix-permissions-for-emulate-mode-with-kaiser-pti.patch + +# from 4.9.81 +kaiser-fix-intel_bts-perf-crashes.patch +x86-retpoline-remove-the-esp-rsp-thunk.patch +kvm-x86-make-indirect-calls-in-emulator-speculation-safe.patch +kvm-vmx-make-indirect-call-speculation-safe.patch +module-retpoline-warn-about-missing-retpoline-in-module.patch +x86-cpufeatures-add-cpuid_7_edx-cpuid-leaf.patch +x86-cpufeatures-add-intel-feature-bits-for-speculation-control.patch +x86-cpufeatures-add-amd-feature-bits-for-speculation-control.patch +x86-msr-add-definitions-for-new-speculation-control-msrs.patch +x86-pti-do-not-enable-pti-on-cpus-which-are-not-vulnerable-to-meltdown.patch +x86-cpufeature-blacklist-spec_ctrl-pred_cmd-on-early-spectre-v2-microcodes.patch +x86-speculation-add-basic-ibpb-indirect-branch-prediction-barrier-support.patch +x86-nospec-fix-header-guards-names.patch +x86-bugs-drop-one-mitigation-from-dmesg.patch +x86-cpu-bugs-make-retpoline-module-warning-conditional.patch +x86-cpufeatures-clean-up-spectre-v2-related-cpuid-flags.patch +x86-retpoline-simplify-vmexit_fill_rsb.patch +x86-spectre-check-config_retpoline-in-command-line-parser.patch +x86-entry-64-remove-the-syscall64-fast-path.patch +x86-entry-64-push-extra-regs-right-away.patch +x86-asm-move-status-from-thread_struct-to-thread_info.patch +documentation-document-array_index_nospec.patch +array_index_nospec-sanitize-speculative-array-de-references.patch +x86-implement-array_index_mask_nospec.patch +x86-introduce-barrier_nospec.patch +x86-introduce-__uaccess_begin_nospec-and-uaccess_try_nospec.patch +x86-usercopy-replace-open-coded-stac-clac-with-__uaccess_-begin-end.patch +x86-uaccess-use-__uaccess_begin_nospec-and-uaccess_try_nospec.patch +x86-get_user-use-pointer-masking-to-limit-speculation.patch +x86-syscall-sanitize-syscall-table-de-references-under-speculation.patch +vfs-fdtable-prevent-bounds-check-bypass-via-speculative-execution.patch +nl80211-sanitize-array-index-in-parse_txq_params.patch +x86-spectre-report-get_user-mitigation-for-spectre_v1.patch +x86-spectre-fix-spelling-mistake-vunerable-vulnerable.patch +x86-cpuid-fix-up-virtual-ibrs-ibpb-stibp-feature-bits-on-intel.patch +x86-paravirt-remove-noreplace-paravirt-cmdline-option.patch +x86-retpoline-avoid-retpolines-for-built-in-__init-functions.patch +x86-spectre-simplify-spectre_v2-command-line-parsing.patch +x86-pti-mark-constant-arrays-as-__initconst.patch +x86-speculation-fix-typo-ibrs_att-which-should-be-ibrs_all.patch + +# from 4.9.82 +kaiser-fix-compile-error-without-vsyscall.patch |