X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail.ovgu.de (mail.ovgu.de [141.44.1.66]) by lists.alpinelinux.org (Postfix) with ESMTP id 768B85C4DD2 for ; Sun, 7 Jan 2018 16:19:23 +0000 (GMT) Received: from mail.ovgu.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 742C44006B for ; Sun, 7 Jan 2018 17:19:21 +0100 (CET) Received: from notebook-marian.fritz.box (i577B0AA2.versanet.de [87.123.10.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.ovgu.de (Postfix) with ESMTPSA id E636B40064; Sun, 7 Jan 2018 17:19:20 +0100 (CET) From: Marian Buschsieweke To: alpine-aports@lists.alpinelinux.org Cc: Marian Buschsieweke Subject: [alpine-aports] [PATCH] main/linux: Update 4.9.73 --> 4.9.75 (Fix for Meltdown) Date: Sun, 7 Jan 2018 17:19:01 +0100 Message-Id: <20180107161901.2860-1-marian.buschsieweke@ovgu.de> X-Mailer: git-send-email 2.15.0 X-PMX-Version: 6.4.1.2730818, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2018.1.7.160915, AntiVirus-Engine: 5.46.0, AntiVirus-Data: 2018.1.5.5460001 X-PMX-Spam: Gauge=IIIIIIII, Probability=8%, Report=' HTML_00_01 0.05, HTML_00_10 0.05, LEGITIMATE_SIGNS 0, MULTIPLE_REAL_RCPTS 0, RDNS_POOLED 0, RDNS_SUSP 0, RDNS_SUSP_SPECIFIC 0, URI_WITH_PATH_ONLY 0, __ANY_URI 0, __CC_NAME 0, __CC_NAME_DIFF_FROM_ACC 0, __CC_REAL_NAMES 0, __CP_URI_IN_BODY 0, __FRAUD_MONEY_CURRENCY 0, __FRAUD_MONEY_CURRENCY_DOLLAR 0, __FROM_DOMAIN_IN_ANY_CC1 0, __FROM_DOMAIN_IN_RCPT 0, __HAS_CC_HDR 0, __HAS_FROM 0, __HAS_MSGID 0, __HAS_X_MAILER 0, __HTTPS_URI 0, __MIME_TEXT_ONLY 0, __MIME_TEXT_P 0, __MIME_TEXT_P1 0, __MULTIPLE_URI_TEXT 0, __NO_HTML_TAG_RAW 0, __RDNS_POOLED_3 0, __SANE_MSGID 0, __TO_MALFORMED_2 0, __TO_NO_NAME 0, __URI_IN_BODY 0, __URI_NOT_IMG 0, __URI_NO_MAILTO 0, __URI_NO_WWW 0, __URI_NS , __URI_WITH_PATH 0' X-Spam-Score: Gauge=IIIIIIII X-PMX-consideredAsSpam: no X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: This commit updates to kernel version 4.9.75 and enables CONFIG_PAGE_TABLE_ISOLATION for x86, x86_64 and aarch64. For all other architectures, CONFIG_PAGE_TABLE_ISOLATION is disabled. CONFIG_PAGE_TABLE_ISOLATION mitigates the Meltdown security flaw almost all Intel CPUs and some ARM CPUs are suspect to [1,2]. (This patch does not solve the Spectre security threat [2], which affects also non-Intel CPUs [3].) I believe this commit will cause some discussion, especially the following points seem worth discussing: a) CONFIG_PAGE_TABLE_ISOLATION has a performance impact on syscalls, which can slow down specific applications significantly. AMD users might benefit from a kernel without KPTI (unless Meltdown turns out to affect them as well) b) Is disabling this feature a reasonable choice for CPU architectures different from x86, x86_64 and aarch64? [1]: https://meltdownattack.com/#faq-systems-meltdown [2]: http://kroah.com/log/blog/2018/01/06/meltdown-status/ [3]: https://meltdownattack.com/#faq-systems-spectre --- main/linux-vanilla/APKBUILD | 18 +++++++++--------- main/linux-vanilla/config-vanilla.aarch64 | 1 + main/linux-vanilla/config-vanilla.armhf | 1 + main/linux-vanilla/config-vanilla.ppc | 1 + main/linux-vanilla/config-vanilla.ppc64le | 1 + main/linux-vanilla/config-vanilla.s390x | 1 + main/linux-vanilla/config-vanilla.x86 | 1 + main/linux-vanilla/config-vanilla.x86_64 | 1 + 8 files changed, 16 insertions(+), 9 deletions(-) diff --git a/main/linux-vanilla/APKBUILD b/main/linux-vanilla/APKBUILD index 1366f11ed0..bbe4dd83d9 100644 --- a/main/linux-vanilla/APKBUILD +++ b/main/linux-vanilla/APKBUILD @@ -2,7 +2,7 @@ _flavor=vanilla pkgname=linux-${_flavor} -pkgver=4.9.73 +pkgver=4.9.75 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=$pkgver;; @@ -174,11 +174,11 @@ dev() { sha512sums="bf67ff812cc3cb7e5059e82cc5db0d9a7c5637f7ed9a42e4730c715bf7047c81ed3a571225f92a33ef0b6d65f35595bc32d773356646df2627da55e9bc7f1f1a linux-4.9.tar.xz 5373728be2b507c3db5e042e1d768740df7965078868afdc46418b1adc4cae3d8f9f1aedb59975a0f2acf8754340499354fcf97c503397a5d9886ccc9689b782 0001-HID-apple-fix-Fn-key-Magic-Keyboard-on-bluetooth.patch -d552c5ab3b128cb1b4185aaa3ed27cd92070c2ba5f414747730c1915da432d1f930f81543737b902771967b02da8b41374d8b39518e5443aeaadeaa28153ae36 config-vanilla.aarch64 -8db3d9029dffc972d881ffdccbb6afcc02cdb5ccf6a571634e1c1b72552617903ee3e1c87b8971ef1c7143c0ddfcb8e1f21b45c68afeef88d5ff36bb768c8c96 config-vanilla.armhf -6e1d79ebd2113e02881aec39eb4d243761d78be9c736b0ce5ddf1721e65d411a17c866c9f5f9a253e46017d6e7c0b93b7220233780e46e18e29de705f2e543f7 config-vanilla.x86 -0a283ad25b8e0242e9904c8737d2fef9919faf8f4aa9bb3ffc65a9e144ba5d2e37dddf17b68cd9d717d73993b340634361b9a1354bb01207f2f668c73addc751 config-vanilla.x86_64 -ee565e219530bcfaf5cade2622432cfb83743bdbbfc388781901461f19ca553b7fdee3c81ce6b34225ef78a209eb60088630284fcbb0430947aad77a5d8a0865 config-vanilla.ppc -faf5216f916946025041c5b8ffacce2586c88c7d796c17fb9762a8a58986dce7e923a7eb7a413cbd830afef022b18c40b25f4dcd4c9c81253c9aa3e98001b2b0 config-vanilla.ppc64le -26969c1ed93cb88a8b12330a2984954d6c20ef973ef619cf92c0543ab075f4e3342c7d6275ccecd475c5b6129ccfdd6054b41f504bd82e14eb9cefbd74aa1b90 config-vanilla.s390x -ae0149e43bcbdd496ce304ae6db84dd6d2f7315a84ef6b7d9b2f292f8b7ac8fe9f2a8406655402e832f0ad85828dfe635ac6207333530a95265c281faa6a973d patch-4.9.73.xz" +cdefa950e81b3e4f810210243393841849adc08050e28f2abdc9ac34ec1421aa54b52e08272f990b3f8b10d1e6b9a307f4732d1d55ec838c5271937449fe9cfc config-vanilla.aarch64 +b74f8be311d63db0740439345b0ef10fa8a7faf147b3702a29276d872ebdbe21cc17947201fe12caf26ecb67f40425599357a58e52a5f4cc6a8d652c7cf02a27 config-vanilla.armhf +c73b3d4cae161d6795b0f9b2bf3cc31530177bb33f69ca6e61b0033dd390206f59781875960199057bfcfcef56993b591da3be69beed9d9e628ec56e00bd89fb config-vanilla.x86 +7724c1777f8072d08ec061aa6ad664399de5405c55d8c0f927a818c431b1f11bd57132267a6220ed89e6d8083208f3d5011e2150346de994f7f141de16e7106c config-vanilla.x86_64 +6ab7c375581d0d4b98aa4c8f52060fc2f3f6ffb2de39cb10504e6d82696ba6d3231ac7c0874a9614878b7b4e262e59610edd822f5be74ca148beabc737574565 config-vanilla.ppc +fdc815e1de1a8d25b45d3c40caeacb768d2930d3bef8a8914d164cf072712bf77a09ba36636838d6055357bcb09ff033f0e06d9c467600eddccb886afa5a8096 config-vanilla.ppc64le +4439818ef7e947614026159e76af56b311a00327f614a69fca96e9c143b3473190a161d7431576987278b95f288cf1a438c2b215b43f503fca2a40e544a54c0f config-vanilla.s390x +4dbf9b7c6da142b63506542c0f1c5f0f3d4bb22c5291d4d99bcfc3945691ab5f969ce16b1d1a30553ba002feb3de66a9c39c1cf9c51a6c315e8820bc8853d221 patch-4.9.75.xz" diff --git a/main/linux-vanilla/config-vanilla.aarch64 b/main/linux-vanilla/config-vanilla.aarch64 index cef31f02d9..32345b96cb 100644 --- a/main/linux-vanilla/config-vanilla.aarch64 +++ b/main/linux-vanilla/config-vanilla.aarch64 @@ -6752,6 +6752,7 @@ CONFIG_ENCRYPTED_KEYS=m CONFIG_KEY_DH_OPERATIONS=y # CONFIG_SECURITY_DMESG_RESTRICT is not set CONFIG_SECURITY=y +CONFIG_PAGE_TABLE_ISOLATION=y CONFIG_SECURITYFS=y # CONFIG_SECURITY_NETWORK is not set # CONFIG_SECURITY_PATH is not set diff --git a/main/linux-vanilla/config-vanilla.armhf b/main/linux-vanilla/config-vanilla.armhf index 3f84285fda..08ad78f912 100644 --- a/main/linux-vanilla/config-vanilla.armhf +++ b/main/linux-vanilla/config-vanilla.armhf @@ -5568,6 +5568,7 @@ CONFIG_ENCRYPTED_KEYS=m CONFIG_KEY_DH_OPERATIONS=y # CONFIG_SECURITY_DMESG_RESTRICT is not set CONFIG_SECURITY=y +CONFIG_PAGE_TABLE_ISOLATION=n CONFIG_SECURITYFS=y # CONFIG_SECURITY_NETWORK is not set # CONFIG_SECURITY_PATH is not set diff --git a/main/linux-vanilla/config-vanilla.ppc b/main/linux-vanilla/config-vanilla.ppc index 172a8c1665..43560bd0a8 100644 --- a/main/linux-vanilla/config-vanilla.ppc +++ b/main/linux-vanilla/config-vanilla.ppc @@ -3231,6 +3231,7 @@ CONFIG_KEYS=y # CONFIG_ENCRYPTED_KEYS is not set # CONFIG_SECURITY_DMESG_RESTRICT is not set CONFIG_SECURITY=y +CONFIG_PAGE_TABLE_ISOLATION=n CONFIG_SECURITYFS=y # CONFIG_SECURITY_NETWORK is not set # CONFIG_SECURITY_PATH is not set diff --git a/main/linux-vanilla/config-vanilla.ppc64le b/main/linux-vanilla/config-vanilla.ppc64le index 80f93a3f7e..42b6a9b861 100644 --- a/main/linux-vanilla/config-vanilla.ppc64le +++ b/main/linux-vanilla/config-vanilla.ppc64le @@ -3554,6 +3554,7 @@ CONFIG_ENCRYPTED_KEYS=m CONFIG_KEY_DH_OPERATIONS=y # CONFIG_SECURITY_DMESG_RESTRICT is not set CONFIG_SECURITY=y +CONFIG_PAGE_TABLE_ISOLATION=n CONFIG_SECURITYFS=y # CONFIG_SECURITY_NETWORK is not set # CONFIG_SECURITY_PATH is not set diff --git a/main/linux-vanilla/config-vanilla.s390x b/main/linux-vanilla/config-vanilla.s390x index b10273bb67..dce2540320 100644 --- a/main/linux-vanilla/config-vanilla.s390x +++ b/main/linux-vanilla/config-vanilla.s390x @@ -2725,6 +2725,7 @@ CONFIG_ENCRYPTED_KEYS=y CONFIG_KEY_DH_OPERATIONS=y # CONFIG_SECURITY_DMESG_RESTRICT is not set CONFIG_SECURITY=y +CONFIG_PAGE_TABLE_ISOLATION=n CONFIG_SECURITYFS=y CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK_XFRM=y diff --git a/main/linux-vanilla/config-vanilla.x86 b/main/linux-vanilla/config-vanilla.x86 index 268987e0cb..39d03c67b9 100644 --- a/main/linux-vanilla/config-vanilla.x86 +++ b/main/linux-vanilla/config-vanilla.x86 @@ -6654,6 +6654,7 @@ CONFIG_ENCRYPTED_KEYS=m CONFIG_KEY_DH_OPERATIONS=y # CONFIG_SECURITY_DMESG_RESTRICT is not set CONFIG_SECURITY=y +CONFIG_PAGE_TABLE_ISOLATION=y CONFIG_SECURITYFS=y # CONFIG_SECURITY_NETWORK is not set # CONFIG_SECURITY_PATH is not set diff --git a/main/linux-vanilla/config-vanilla.x86_64 b/main/linux-vanilla/config-vanilla.x86_64 index 5154e33298..ff573f97f6 100644 --- a/main/linux-vanilla/config-vanilla.x86_64 +++ b/main/linux-vanilla/config-vanilla.x86_64 @@ -6701,6 +6701,7 @@ CONFIG_ENCRYPTED_KEYS=m CONFIG_KEY_DH_OPERATIONS=y # CONFIG_SECURITY_DMESG_RESTRICT is not set CONFIG_SECURITY=y +CONFIG_PAGE_TABLE_ISOLATION=y CONFIG_SECURITYFS=y # CONFIG_SECURITY_NETWORK is not set # CONFIG_SECURITY_PATH is not set -- 2.15.0 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---