summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.SRCINFO20
-rw-r--r--0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch57
-rw-r--r--PKGBUILD16
-rw-r--r--bcache_fix.patch129
-rw-r--r--config8
5 files changed, 79 insertions, 151 deletions
diff --git a/.SRCINFO b/.SRCINFO
index 7a88c1a..b1617fd 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
pkgbase = linux-rt-lts
- pkgver = 4.19.50_rt22
- pkgrel = 2
+ pkgver = 4.19.59_rt23
+ pkgrel = 1
url = https://git.archlinux.org/linux.git/log/?h=v
arch = x86_64
license = GPL2
@@ -11,12 +11,12 @@ pkgbase = linux-rt-lts
makedepends = libelf
makedepends = xmlto
options = !strip
- source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.19.50.tar.xz
- source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.19.50.tar.sign
- source = https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patch-4.19.50-rt22.patch.xz
- source = https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patch-4.19.50-rt22.patch.sign
+ source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.19.59.tar.xz
+ source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.19.59.tar.sign
+ source = https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patch-4.19.59-rt23.patch.xz
+ source = https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patch-4.19.59-rt23.patch.sign
source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
- source = bcache_fix.patch
+ source = 0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
source = config
source = 60-linux-rt-lts.hook
source = 90-linux-rt-lts.hook
@@ -27,12 +27,12 @@ pkgbase = linux-rt-lts
validpgpkeys = 64254695FFF0AA4466CC19E67B96E8162A8CF5D1
validpgpkeys = 5ED9A48FC54C0A22D1D0804CEBC26CDB5A56DE73
validpgpkeys = E644E2F1D45FA0B2EAA02F33109F098506FF0B14
- sha256sums = a9987423918abd20ee68d6e9b14b7225eaca8a586bf75fb56c49f6e1e47ce01e
+ sha256sums = b8b41825d439de0587031eb8c659c5eb4970a5be5bfda1868661016c52c8b35b
sha256sums = SKIP
- sha256sums = fc842d2e108cd4f21c168de3e3e75f41e43e519dd4dffbc3230bed67e9d24b89
+ sha256sums = 9aa1a5c8555fd7195a36a274ad2b9e843810f172eb314230f82623f4068760a5
sha256sums = SKIP
sha256sums = 75aa8dd708ca5a0137fbf7cddc9cafefe6aac6b8e0638c06c156d412d05af4bc
- sha256sums = fe00e6f26f167b2041f4e60588cc60ab8169f26efb4a7c47ee7d60320e4ca27d
+ sha256sums = 67aed9742e4281df6f0bd18dc936ae79319fee3763737f158c0e87a6948d100d
sha256sums = 203221ce5e835e55f87585340ca7e50b3a8eefbb58161570479a1cf88963e2b7
sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21
sha256sums = 75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919
diff --git a/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch b/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
new file mode 100644
index 0000000..7fa619f
--- /dev/null
+++ b/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
@@ -0,0 +1,57 @@
+From 1f89ffcbd1b6b6639eb49c521ac0d308a723cd3c Mon Sep 17 00:00:00 2001
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Thu, 7 Dec 2017 13:50:48 +0100
+Subject: [PATCH 2/2] ZEN: Add CONFIG for unprivileged_userns_clone
+
+This way our default behavior continues to match the vanilla kernel.
+---
+ init/Kconfig | 16 ++++++++++++++++
+ kernel/user_namespace.c | 4 ++++
+ 2 files changed, 20 insertions(+)
+
+diff --git a/init/Kconfig b/init/Kconfig
+index 4592bf7997c0..f3df02990aff 100644
+--- a/init/Kconfig
++++ b/init/Kconfig
+@@ -1004,6 +1004,22 @@ config USER_NS
+
+ If unsure, say N.
+
++config USER_NS_UNPRIVILEGED
++ bool "Allow unprivileged users to create namespaces"
++ default y
++ depends on USER_NS
++ help
++ When disabled, unprivileged users will not be able to create
++ new namespaces. Allowing users to create their own namespaces
++ has been part of several recent local privilege escalation
++ exploits, so if you need user namespaces but are
++ paranoid^Wsecurity-conscious you want to disable this.
++
++ This setting can be overridden at runtime via the
++ kernel.unprivileged_userns_clone sysctl.
++
++ If unsure, say Y.
++
+ config PID_NS
+ bool "PID Namespaces"
+ default y
+diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
+index 6b9dbc257e34..107b17f0d528 100644
+--- a/kernel/user_namespace.c
++++ b/kernel/user_namespace.c
+@@ -27,7 +27,11 @@
+ #include <linux/sort.h>
+
+ /* sysctl */
++#ifdef CONFIG_USER_NS_UNPRIVILEGED
++int unprivileged_userns_clone = 1;
++#else
+ int unprivileged_userns_clone;
++#endif
+
+ static struct kmem_cache *user_ns_cachep __read_mostly;
+ static DEFINE_MUTEX(userns_state_mutex);
+--
+2.22.0
+
diff --git a/PKGBUILD b/PKGBUILD
index 406f255..5461677 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -8,10 +8,10 @@
#pkgbase=linux # Build stock -ARCH kernel
pkgbase=linux-rt-lts # Build kernel with a different name
-_pkgver=4.19.50
-_rtpatchver=rt22
+_pkgver=4.19.59
+_rtpatchver=rt23
pkgver=${_pkgver}_${_rtpatchver}
-pkgrel=2
+pkgrel=1
arch=('x86_64')
url="https://git.archlinux.org/linux.git/log/?h=v$_srcver"
license=('GPL2')
@@ -24,7 +24,7 @@ source=(
"https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patch-${_pkgver}-${_rtpatchver}.patch.xz"
"https://www.kernel.org/pub/linux/kernel/projects/rt/4.19/older/patch-${_pkgver}-${_rtpatchver}.patch.sign"
0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
- bcache_fix.patch
+ 0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
config # the main kernel config file
60-${pkgbase}.hook # pacman hook for depmod
90-${pkgbase}.hook # pacman hook for initramfs regeneration
@@ -38,12 +38,12 @@ validpgpkeys=(
'5ED9A48FC54C0A22D1D0804CEBC26CDB5A56DE73' # Steven Rostedt
'E644E2F1D45FA0B2EAA02F33109F098506FF0B14' # Thomas Gleixner
)
-sha256sums=('a9987423918abd20ee68d6e9b14b7225eaca8a586bf75fb56c49f6e1e47ce01e'
+sha256sums=('b8b41825d439de0587031eb8c659c5eb4970a5be5bfda1868661016c52c8b35b'
'SKIP'
- 'fc842d2e108cd4f21c168de3e3e75f41e43e519dd4dffbc3230bed67e9d24b89'
+ '9aa1a5c8555fd7195a36a274ad2b9e843810f172eb314230f82623f4068760a5'
'SKIP'
'75aa8dd708ca5a0137fbf7cddc9cafefe6aac6b8e0638c06c156d412d05af4bc'
- 'fe00e6f26f167b2041f4e60588cc60ab8169f26efb4a7c47ee7d60320e4ca27d'
+ '67aed9742e4281df6f0bd18dc936ae79319fee3763737f158c0e87a6948d100d'
'203221ce5e835e55f87585340ca7e50b3a8eefbb58161570479a1cf88963e2b7'
'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
'75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
@@ -76,7 +76,7 @@ prepare() {
msg2 "Setting config..."
cp ../config .config
make olddefconfig
- #make menuconfig # CLI menu for configuration
+# make menuconfig # CLI menu for configuration
make -s kernelrelease > ../version
msg2 "Prepared %s version %s" "$pkgbase" "$(<../version)"
diff --git a/bcache_fix.patch b/bcache_fix.patch
deleted file mode 100644
index f5c94a5..0000000
--- a/bcache_fix.patch
+++ /dev/null
@@ -1,129 +0,0 @@
-From 9e50f5f4ef401c4a5cd286ee3218fcc625ef6f77 Mon Sep 17 00:00:00 2001
-From: Coly Li <colyli@suse.de>
-Date: Mon, 10 Jun 2019 06:13:34 +0800
-Subject: bcache: fix stack corruption by PRECEDING_KEY()
-
-Recently people report bcache code compiled with gcc9 is broken, one of
-the buggy behavior I observe is that two adjacent 4KB I/Os should merge
-into one but they don't. Finally it turns out to be a stack corruption
-caused by macro PRECEDING_KEY().
-
-See how PRECEDING_KEY() is defined in bset.h,
-437 #define PRECEDING_KEY(_k) \
-438 ({ \
-439 struct bkey *_ret = NULL; \
-440 \
-441 if (KEY_INODE(_k) || KEY_OFFSET(_k)) { \
-442 _ret = &KEY(KEY_INODE(_k), KEY_OFFSET(_k), 0); \
-443 \
-444 if (!_ret->low) \
-445 _ret->high--; \
-446 _ret->low--; \
-447 } \
-448 \
-449 _ret; \
-450 })
-
-At line 442, _ret points to address of a on-stack variable combined by
-KEY(), the life range of this on-stack variable is in line 442-446,
-once _ret is returned to bch_btree_insert_key(), the returned address
-points to an invalid stack address and this address is overwritten in
-the following called bch_btree_iter_init(). Then argument 'search' of
-bch_btree_iter_init() points to some address inside stackframe of
-bch_btree_iter_init(), exact address depends on how the compiler
-allocates stack space. Now the stack is corrupted.
-
-Fixes: 0eacac22034c ("bcache: PRECEDING_KEY()")
-Signed-off-by: Coly Li <colyli@suse.de>
-Reviewed-by: Rolf Fokkens <rolf@rolffokkens.nl>
-Reviewed-by: Pierre JUHEN <pierre.juhen@orange.fr>
-Tested-by: Shenghui Wang <shhuiw@foxmail.com>
-Tested-by: Pierre JUHEN <pierre.juhen@orange.fr>
-Cc: Kent Overstreet <kent.overstreet@gmail.com>
-Cc: Nix <nix@esperi.org.uk>
-Cc: stable@vger.kernel.org
-Signed-off-by: Jens Axboe <axboe@kernel.dk>
----
- drivers/md/bcache/bset.c | 16 +++++++++++++---
- drivers/md/bcache/bset.h | 34 ++++++++++++++++++++--------------
- 2 files changed, 33 insertions(+), 17 deletions(-)
-
-diff --git a/drivers/md/bcache/bset.c b/drivers/md/bcache/bset.c
-index 8f07fa6e1739..268f1b685084 100644
---- a/drivers/md/bcache/bset.c
-+++ b/drivers/md/bcache/bset.c
-@@ -887,12 +887,22 @@ unsigned int bch_btree_insert_key(struct btree_keys *b, struct bkey *k,
- struct bset *i = bset_tree_last(b)->data;
- struct bkey *m, *prev = NULL;
- struct btree_iter iter;
-+ struct bkey preceding_key_on_stack = ZERO_KEY;
-+ struct bkey *preceding_key_p = &preceding_key_on_stack;
-
- BUG_ON(b->ops->is_extents && !KEY_SIZE(k));
-
-- m = bch_btree_iter_init(b, &iter, b->ops->is_extents
-- ? PRECEDING_KEY(&START_KEY(k))
-- : PRECEDING_KEY(k));
-+ /*
-+ * If k has preceding key, preceding_key_p will be set to address
-+ * of k's preceding key; otherwise preceding_key_p will be set
-+ * to NULL inside preceding_key().
-+ */
-+ if (b->ops->is_extents)
-+ preceding_key(&START_KEY(k), &preceding_key_p);
-+ else
-+ preceding_key(k, &preceding_key_p);
-+
-+ m = bch_btree_iter_init(b, &iter, preceding_key_p);
-
- if (b->ops->insert_fixup(b, k, &iter, replace_key))
- return status;
-diff --git a/drivers/md/bcache/bset.h b/drivers/md/bcache/bset.h
-index bac76aabca6d..c71365e7c1fa 100644
---- a/drivers/md/bcache/bset.h
-+++ b/drivers/md/bcache/bset.h
-@@ -434,20 +434,26 @@ static inline bool bch_cut_back(const struct bkey *where, struct bkey *k)
- return __bch_cut_back(where, k);
- }
-
--#define PRECEDING_KEY(_k) \
--({ \
-- struct bkey *_ret = NULL; \
-- \
-- if (KEY_INODE(_k) || KEY_OFFSET(_k)) { \
-- _ret = &KEY(KEY_INODE(_k), KEY_OFFSET(_k), 0); \
-- \
-- if (!_ret->low) \
-- _ret->high--; \
-- _ret->low--; \
-- } \
-- \
-- _ret; \
--})
-+/*
-+ * Pointer '*preceding_key_p' points to a memory object to store preceding
-+ * key of k. If the preceding key does not exist, set '*preceding_key_p' to
-+ * NULL. So the caller of preceding_key() needs to take care of memory
-+ * which '*preceding_key_p' pointed to before calling preceding_key().
-+ * Currently the only caller of preceding_key() is bch_btree_insert_key(),
-+ * and it points to an on-stack variable, so the memory release is handled
-+ * by stackframe itself.
-+ */
-+static inline void preceding_key(struct bkey *k, struct bkey **preceding_key_p)
-+{
-+ if (KEY_INODE(k) || KEY_OFFSET(k)) {
-+ (**preceding_key_p) = KEY(KEY_INODE(k), KEY_OFFSET(k), 0);
-+ if (!(*preceding_key_p)->low)
-+ (*preceding_key_p)->high--;
-+ (*preceding_key_p)->low--;
-+ } else {
-+ (*preceding_key_p) = NULL;
-+ }
-+}
-
- static inline bool bch_ptr_invalid(struct btree_keys *b, const struct bkey *k)
- {
---
-cgit v1.2.1-1-g437b
-
-
diff --git a/config b/config
index 50be30f..a60a788 100644
--- a/config
+++ b/config
@@ -1,13 +1,13 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.19.50 Kernel Configuration
+# Linux/x86 4.19.59 Kernel Configuration
#
#
-# Compiler: gcc (GCC) 8.3.0
+# Compiler: gcc (GCC) 9.1.0
#
CONFIG_CC_IS_GCC=y
-CONFIG_GCC_VERSION=80300
+CONFIG_GCC_VERSION=90100
CONFIG_CLANG_VERSION=0
CONFIG_CC_HAS_ASM_GOTO=y
CONFIG_IRQ_WORK=y
@@ -3165,7 +3165,7 @@ CONFIG_LED_TRIGGER_PHY=y
CONFIG_SFP=m
CONFIG_AMD_PHY=m
CONFIG_AQUANTIA_PHY=m
-CONFIG_ASIX_PHY=m
+# CONFIG_AX88796B_PHY is not set
CONFIG_AT803X_PHY=m
CONFIG_BCM7XXX_PHY=m
CONFIG_BCM87XX_PHY=m