1
0
mirror of https://aur.archlinux.org/linux-vfio.git synced 2024-12-25 17:54:10 +00:00

Update to 4.14.11-1

This commit is contained in:
Mark Weiman 2018-01-06 11:51:18 -05:00
parent af47e6b3cd
commit 3e2b5d9372
10 changed files with 123 additions and 67 deletions

View File

@ -1,5 +1,5 @@
pkgbase = linux-vfio
pkgver = 4.14.10
pkgver = 4.14.11
pkgrel = 1
url = http://www.kernel.org/
arch = x86_64
@ -13,8 +13,8 @@ pkgbase = linux-vfio
options = !strip
source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz
source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.sign
source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.10.xz
source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.10.sign
source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.11.xz
source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.11.sign
source = config
source = 60-linux.hook
source = 90-linux.hook
@ -22,29 +22,31 @@ pkgbase = linux-vfio
source = add-acs-overrides.patch
source = i915-vga-arbiter.patch
source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
source = 0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
source = 0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
source = 0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
source = 0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
source = 0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
source = 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
source = 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
source = 0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
source = 0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
source = 0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
source = 0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
sha256sums = f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7
sha256sums = SKIP
sha256sums = 16f560aa713b46c707f04a226f67dc31fdd280aae57dd19e0413d61df5336c74
sha256sums = f588b62d7ee1d2ebdc24afa0e256ff2f8812d5cab3bf572bf02e7c4525922bf9
sha256sums = SKIP
sha256sums = 4d12ed868b05720c3d263c8454622c67bdee6969400049d7adac7b00907ad195
sha256sums = 24b8cf6829dafcb2b5c76cffaae6438ad2d432f13d6551fa1c8f25e66b751ed4
sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21
sha256sums = 8f407ad5ff6eff106562ba001c36a281134ac9aa468a596aea660a4fe1fd60b5
sha256sums = 99d0102c8065793096b8ea2ccc01c41fa3dcb96855f9f6f2c583b2372208c6f9
sha256sums = c238969a3c3a44b41c868a883880d8c4dc475e457427e91c649e9f24170b2c7d
sha256sums = eaf70cd805cdb43cf6227d354a6d54f67645b6df99e06136a8055d7494d7439c
sha256sums = 37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85
sha256sums = c6e7db7dfd6a07e1fd0e20c3a5f0f315f9c2a366fe42214918b756f9a1c9bfa3
sha256sums = 1d69940c6bf1731fa1d1da29b32ec4f594fa360118fe7b128c9810285ebf13e2
sha256sums = ed3266ab03f836f57de0faf8a10ffd7566c909515c2649de99adaab2fac4aa32
sha256sums = 64a014f7e1b4588728b3ea9538beee67ec63fb792d890c7be9cc13ddc2121b00
sha256sums = 3d4c41086c077fbd515d04f5e59c0c258f700433c5da3365d960b696c2e56efb
sha256sums = 06bc1d8b1cd153c3146a4376d833f5769b980e5ef5eae99ddaaeb48bf514dae2
sha256sums = b90bef87574f30ec66c0f10d089bea56a9e974b6d052fee3071b1ff21360724b
sha256sums = f38531dee9fd8a59202ce96ac5b40446f1f035b89788ea9ecb2fb3909f703a25
sha256sums = 705d5fbfce00ccc20490bdfb5853d67d86ac00c845de6ecb13e414214b48daeb
sha256sums = 0a249248534a17f14fab7e14994811ae81fe324668a82ff41f3bcabeeae1460f
sha256sums = 8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711
sha256sums = 914a0a019545ad7d14ed8d5c58d417eb0a8ec12a756beec79a545aabda343b31
pkgname = linux-vfio
pkgdesc = The Linux-vfio kernel and modules

View File

@ -1,8 +1,9 @@
From 5ec2dd3a095442ec1a21d86042a4994f2ba24e63 Mon Sep 17 00:00:00 2001
Message-Id: <5ec2dd3a095442ec1a21d86042a4994f2ba24e63.1512651251.git.jan.steffens@gmail.com>
From fb89d912d5f7289d3a922c77b671e36e1c740f5e Mon Sep 17 00:00:00 2001
Message-Id: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
From: Serge Hallyn <serge.hallyn@canonical.com>
Date: Fri, 31 May 2013 19:12:12 +0100
Subject: [PATCH] add sysctl to disallow unprivileged CLONE_NEWUSER by default
Subject: [PATCH 1/7] add sysctl to disallow unprivileged CLONE_NEWUSER by
default
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
[bwh: Remove unneeded binary sysctl bits]
@ -14,7 +15,7 @@ Signed-off-by: Daniel Micay <danielmicay@gmail.com>
3 files changed, 30 insertions(+)
diff --git a/kernel/fork.c b/kernel/fork.c
index 07cc743698d3668e..4011d68a8ff9305c 100644
index 500ce64517d93e68..35f5860958b40e9b 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -102,6 +102,11 @@
@ -29,7 +30,7 @@ index 07cc743698d3668e..4011d68a8ff9305c 100644
/*
* Minimum number of threads to boot the kernel
@@ -1555,6 +1560,10 @@ static __latent_entropy struct task_struct *copy_process(
@@ -1554,6 +1559,10 @@ static __latent_entropy struct task_struct *copy_process(
if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS))
return ERR_PTR(-EINVAL);
@ -40,7 +41,7 @@ index 07cc743698d3668e..4011d68a8ff9305c 100644
/*
* Thread groups must share signals as well, and detached threads
* can only be started up within the thread group.
@@ -2348,6 +2357,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
@@ -2347,6 +2356,12 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
if (unshare_flags & CLONE_NEWNS)
unshare_flags |= CLONE_FS;
@ -54,7 +55,7 @@ index 07cc743698d3668e..4011d68a8ff9305c 100644
if (err)
goto bad_unshare_out;
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index b86520ed3fb60fbf..f7dab3760839f1a1 100644
index 56aca862c4f584f5..e8402ba393c1915d 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -105,6 +105,9 @@ extern int core_uses_pid;

View File

@ -1,8 +1,10 @@
From c3c1af44db713ac6624e729ea4832d0ce70685e0 Mon Sep 17 00:00:00 2001
Message-Id: <c3c1af44db713ac6624e729ea4832d0ce70685e0.1513282811.git.jan.steffens@gmail.com>
From 8c6956686606b9c3661e74a410c8cb2fc276c5ee Mon Sep 17 00:00:00 2001
Message-Id: <8c6956686606b9c3661e74a410c8cb2fc276c5ee.1514959852.git.jan.steffens@gmail.com>
In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
From: Benjamin Poirier <bpoirier@suse.com>
Date: Mon, 11 Dec 2017 16:26:40 +0900
Subject: [PATCH 1/2] e1000e: Fix e1000_check_for_copper_link_ich8lan return
Subject: [PATCH 2/7] e1000e: Fix e1000_check_for_copper_link_ich8lan return
value.
e1000e_check_for_copper_link() and e1000_check_for_copper_link_ich8lan()

View File

@ -1,10 +1,10 @@
From 80d3e994e0631d9135cadf20a0b5ad483d7e9bbb Mon Sep 17 00:00:00 2001
Message-Id: <80d3e994e0631d9135cadf20a0b5ad483d7e9bbb.1513282811.git.jan.steffens@gmail.com>
In-Reply-To: <c3c1af44db713ac6624e729ea4832d0ce70685e0.1513282811.git.jan.steffens@gmail.com>
References: <c3c1af44db713ac6624e729ea4832d0ce70685e0.1513282811.git.jan.steffens@gmail.com>
From b81e273fb227373a2951c7256ab11a87d5333a9d Mon Sep 17 00:00:00 2001
Message-Id: <b81e273fb227373a2951c7256ab11a87d5333a9d.1514959852.git.jan.steffens@gmail.com>
In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
From: Mohamed Ghannam <simo.ghannam@gmail.com>
Date: Tue, 5 Dec 2017 20:58:35 +0000
Subject: [PATCH 2/2] dccp: CVE-2017-8824: use-after-free in DCCP code
Subject: [PATCH 3/7] dccp: CVE-2017-8824: use-after-free in DCCP code
Whenever the sock object is in DCCP_CLOSED state,
dccp_disconnect() must free dccps_hc_tx_ccid and

View File

@ -1,8 +1,10 @@
From b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4 Mon Sep 17 00:00:00 2001
Message-Id: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com>
From d03c0ef520f40c6de691c37e0f168c87b3423015 Mon Sep 17 00:00:00 2001
Message-Id: <d03c0ef520f40c6de691c37e0f168c87b3423015.1514959852.git.jan.steffens@gmail.com>
In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Wed, 15 Nov 2017 06:40:57 +0100
Subject: [PATCH 1/3] Revert "xfrm: Fix stack-out-of-bounds read in
Subject: [PATCH 4/7] Revert "xfrm: Fix stack-out-of-bounds read in
xfrm_state_find."
This reverts commit c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e.
@ -16,10 +18,10 @@ Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
1 file changed, 18 insertions(+), 11 deletions(-)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 6eb228a70131069b..a2e531bf4f976308 100644
index 2a6093840e7e856e..6bc16bb61b5533ef 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1361,29 +1361,36 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl,
@@ -1362,29 +1362,36 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl,
struct net *net = xp_net(policy);
int nx;
int i, error;

View File

@ -1,10 +1,10 @@
From 1c3a5e72b70bcfaf342075a3fa5fcbdf99302a3f Mon Sep 17 00:00:00 2001
Message-Id: <1c3a5e72b70bcfaf342075a3fa5fcbdf99302a3f.1514245012.git.jan.steffens@gmail.com>
In-Reply-To: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com>
References: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com>
From 3721d64246982f91a5bf863fc17ac60ff722e0c4 Mon Sep 17 00:00:00 2001
Message-Id: <3721d64246982f91a5bf863fc17ac60ff722e0c4.1514959852.git.jan.steffens@gmail.com>
In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Fri, 22 Dec 2017 10:44:57 +0100
Subject: [PATCH 2/3] xfrm: Fix stack-out-of-bounds read on socket policy
Subject: [PATCH 5/7] xfrm: Fix stack-out-of-bounds read on socket policy
lookup.
When we do tunnel or beet mode, we pass saddr and daddr from the
@ -24,7 +24,7 @@ Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index a2e531bf4f976308..c79ed3bed5d4dc2f 100644
index 6bc16bb61b5533ef..50c5f46b5cca942e 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1169,9 +1169,15 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir,

View File

@ -1,10 +1,10 @@
From a3c64fe9d978f3ee8f21fac5b410c63fe7cce725 Mon Sep 17 00:00:00 2001
Message-Id: <a3c64fe9d978f3ee8f21fac5b410c63fe7cce725.1514245012.git.jan.steffens@gmail.com>
In-Reply-To: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com>
References: <b0bfa7c33cead5dd87267cfd4c29fda47dc1adc4.1514245012.git.jan.steffens@gmail.com>
From a79cb4d4e540c72a601ca0494e914565c16e2893 Mon Sep 17 00:00:00 2001
Message-Id: <a79cb4d4e540c72a601ca0494e914565c16e2893.1514959852.git.jan.steffens@gmail.com>
In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
From: Tejun Heo <tj@kernel.org>
Date: Wed, 20 Dec 2017 07:09:19 -0800
Subject: [PATCH 3/3] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC
Subject: [PATCH 6/7] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC
While teaching css_task_iter to handle skipping over tasks which
aren't group leaders, bc2fb7ed089f ("cgroup: add @flags to

View File

@ -0,0 +1,42 @@
From 51786b65797aed683ca72293a3cb86a2cab987c0 Mon Sep 17 00:00:00 2001
Message-Id: <51786b65797aed683ca72293a3cb86a2cab987c0.1514959852.git.jan.steffens@gmail.com>
In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Tue, 26 Dec 2017 23:43:54 -0600
Subject: [PATCH 7/7] x86/cpu, x86/pti: Do not enable PTI on AMD processors
AMD processors are not subject to the types of attacks that the kernel
page table isolation feature protects against. The AMD microarchitecture
does not allow memory references, including speculative references, that
access higher privileged data when running in a lesser privileged mode
when that access would result in a page fault.
Disable page table isolation by default on AMD processors by not setting
the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
is set.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Borislav Petkov <bp@suse.de>
---
arch/x86/kernel/cpu/common.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index f2a94dfb434e9a7c..b1be494ab4e8badf 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -899,8 +899,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
setup_force_cpu_cap(X86_FEATURE_ALWAYS);
- /* Assume for now that ALL x86 CPUs are insecure */
- setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
+ if (c->x86_vendor != X86_VENDOR_AMD)
+ setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
fpu__init_system(c);
--
2.15.1

View File

@ -3,7 +3,7 @@
pkgbase=linux-vfio
_srcname=linux-4.14
pkgver=4.14.10
pkgver=4.14.11
pkgrel=1
arch=('x86_64')
url="http://www.kernel.org/"
@ -26,27 +26,30 @@ source=("https://www.kernel.org/pub/linux/kernel/v4.x/${_srcname}.tar.xz"
'add-acs-overrides.patch'
'i915-vga-arbiter.patch'
0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch)
0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
)
sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7'
'SKIP'
'16f560aa713b46c707f04a226f67dc31fdd280aae57dd19e0413d61df5336c74'
'f588b62d7ee1d2ebdc24afa0e256ff2f8812d5cab3bf572bf02e7c4525922bf9'
'SKIP'
'4d12ed868b05720c3d263c8454622c67bdee6969400049d7adac7b00907ad195'
'24b8cf6829dafcb2b5c76cffaae6438ad2d432f13d6551fa1c8f25e66b751ed4'
'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
'8f407ad5ff6eff106562ba001c36a281134ac9aa468a596aea660a4fe1fd60b5'
'99d0102c8065793096b8ea2ccc01c41fa3dcb96855f9f6f2c583b2372208c6f9'
'c238969a3c3a44b41c868a883880d8c4dc475e457427e91c649e9f24170b2c7d'
'eaf70cd805cdb43cf6227d354a6d54f67645b6df99e06136a8055d7494d7439c'
'37b86ca3de148a34258e3176dbf41488d9dbd19e93adbd22a062b3c41332ce85'
'c6e7db7dfd6a07e1fd0e20c3a5f0f315f9c2a366fe42214918b756f9a1c9bfa3'
'1d69940c6bf1731fa1d1da29b32ec4f594fa360118fe7b128c9810285ebf13e2'
'ed3266ab03f836f57de0faf8a10ffd7566c909515c2649de99adaab2fac4aa32'
'64a014f7e1b4588728b3ea9538beee67ec63fb792d890c7be9cc13ddc2121b00'
'3d4c41086c077fbd515d04f5e59c0c258f700433c5da3365d960b696c2e56efb')
'06bc1d8b1cd153c3146a4376d833f5769b980e5ef5eae99ddaaeb48bf514dae2'
'b90bef87574f30ec66c0f10d089bea56a9e974b6d052fee3071b1ff21360724b'
'f38531dee9fd8a59202ce96ac5b40446f1f035b89788ea9ecb2fb3909f703a25'
'705d5fbfce00ccc20490bdfb5853d67d86ac00c845de6ecb13e414214b48daeb'
'0a249248534a17f14fab7e14994811ae81fe324668a82ff41f3bcabeeae1460f'
'8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711'
'914a0a019545ad7d14ed8d5c58d417eb0a8ec12a756beec79a545aabda343b31')
validpgpkeys=(
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
'647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
@ -70,17 +73,20 @@ prepare() {
patch -Np1 -i ../0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
# https://bugs.archlinux.org/task/56575
patch -Np1 -i ../0001-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
patch -Np1 -i ../0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
# https://nvd.nist.gov/vuln/detail/CVE-2017-8824
patch -Np1 -i ../0002-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
patch -Np1 -i ../0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
# https://bugs.archlinux.org/task/56605
patch -Np1 -i ../0001-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
patch -Np1 -i ../0002-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
patch -Np1 -i ../0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
patch -Np1 -i ../0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
# https://bugs.archlinux.org/task/56846
patch -Np1 -i ../0003-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
patch -Np1 -i ../0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
# For AMD processors, keep PTI off by default
patch -Np1 -i ../0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
# patches for vga arbiter fix in intel systems
patch -p1 -i "${srcdir}/i915-vga-arbiter.patch"

3
config
View File

@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86 4.14.9-1 Kernel Configuration
# Linux/x86 4.14.11-1 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@ -8130,6 +8130,7 @@ CONFIG_SECURITY=y
# CONFIG_SECURITY_WRITABLE_HOOKS is not set
CONFIG_SECURITYFS=y
# CONFIG_SECURITY_NETWORK is not set
CONFIG_PAGE_TABLE_ISOLATION=y
# CONFIG_SECURITY_INFINIBAND is not set
# CONFIG_SECURITY_PATH is not set
# CONFIG_INTEL_TXT is not set