github/linuxkit
1
0
Fork 0
mirror of https://github.com/linuxkit/linuxkit.git synced 2025-08-12 12:01:50 +00:00
Code Issues Projects Releases Wiki Activity
5,571 Commits 1 Branch 27 Tags 240 MiB
v0.2
Commit Graph

48 Commits

Author SHA1 Message Date
Rolf Neugebauer
5de66f4fd9 kernel: Update to 4.14.15/4.9.78/4.4.113 
While at it, also update to latest alpine base

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-24 11:56:34 +00:00
Rolf Neugebauer
bfceb1dfbb kernel: Update to 4.14.14/4.9.77/4.4.112 
The 4.4.14 has a number of important fixes/additions:
- New support for retpolines (enabled but requires newer gcc
  to take advantage of). This provides mitigation for Spectre
  style attacks.
- Various KPTI fixes including fixes for EFI booting
- More eBPF fixes around out-of-bounds and overflow of
  maps. These were used for variant 1 of CVE-2017-5753.
- Several KVM related to CVE-2017-5753, CVE-2017-5715,
  CVE-2017-17741.
- New sysfs interface listing vulnerabilities:
  /sys/devices/system/cpu/vulnerabilities

The 4.9.77 kernel also has seems to have most/all of the above
back-ported.

See https://lwn.net/SubscriberLink/744287/1fc3c18173f732e7/
for more details on the Spectre mitigation.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-17 14:31:54 +00:00
Rolf Neugebauer
9a101d1136 kernel: Update to 4.14.13/4.9.76/4.4.111 
This looks like there are a couple of minor fixes to the
recent KPTI changes but nothing major...

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-10 11:12:27 +00:00
Rolf Neugebauer
d86d43fe40 kernel: Update to 4.14.12/4.9.75/4.4.110 
4.9.75 and 4.4.10 now have KPTI backported as well

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-06 10:00:13 +00:00
Rolf Neugebauer
7abc1df0ad kernel: Update to 4.14.11/4.9.74/4.4.109 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2018-01-03 11:03:52 +00:00
Rolf Neugebauer
37291f5967 kernel: Update to 4.14.10/4.9.73 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-30 16:11:10 +00:00
Rolf Neugebauer
dfb1982c65 kernel: Update to 4.14.9/4.9.72/4.4.108 
This contains the fixes to the eBPF verifier which allowed
privilege escalation in 4.9 and 4.14 kernels.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-28 16:43:14 +00:00
Rolf Neugebauer
e140ab4acc kernel: Update to 4.14.8/4.9.71/4.4.107 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-28 14:48:20 +00:00
Rolf Neugebauer
467c1af0e2 kernel: Update to 4.14.7/4.9.70/4.4.106 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-18 16:59:21 +00:00
Rolf Neugebauer
1cf58d95b1 kernel: Update to 4.14.6/4.9.69 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-14 11:21:07 +00:00
Rolf Neugebauer
6a15459665 kernel: Update to 4.14.5/4.9.68/4.4.105 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-11 11:24:38 +00:00
Rolf Neugebauer
53127d7209 kernel: Update to 4.14.4/4.9.67/4.4.104 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-06 10:11:50 +00:00
Rolf Neugebauer
3ed38c59f4 kernel: Update to 4.14.3/4.9.66/4.4.103 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-12-01 15:28:09 +00:00
Rolf Neugebauer
43b2caf69e kernel: Update to 4.4.102/4.9.65/4.13.16/4.14.2 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-24 13:55:21 +00:00
Rolf Neugebauer
6ede240737 kernel: Update to 4.14.1/4.13.15/4.9.64/4.4.100 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-21 17:05:35 +00:00
Rolf Neugebauer
f5e970b7fb kernel: Update to 4.13.14/4.9.63/4.4.99 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-21 15:54:15 +00:00
Rolf Neugebauer
98025f4649 kernel: Update to 4.13.13/4.9.62/4.4.98 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-16 17:35:43 +00:00
Rolf Neugebauer
7a67aaf7db kernel: Update to 4.13.12/4.9.61/4.4.97 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-10 13:29:34 +00:00
Rolf Neugebauer
1ea69cbcf3 kernel: Update to 4.13.11/4.9.60/4.4.96 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-11-03 15:11:06 +00:00
Rolf Neugebauer
17e5b55d17 kernel: Update to 4.13.10/4.9.59/4.4.95 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-10-28 17:46:23 +01:00
Rolf Neugebauer
89af138f18 kernel: Update to 4.13.9/4.9.58/4.4.94 
Note: There were more conflicts in applying the
vmbus patches to 4.13. For now I've just skipped the
conflicting patches so the end-result may be that
Hyper-V sockets on 4.13 may break (if they were not
already broken by the update to 4.13.6).

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-10-22 19:49:15 +01:00
Rolf Neugebauer
12b8d9d6bd kernel: Update to 4.13.8/4.9.57/4.4.93 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-10-22 19:49:15 +01:00
Rolf Neugebauer
571dba104d kernel: Update to 4.13.6/4.9.56/4.4.92 
NOTE: Some of the 4.13.x VMBus patches did not apply cleanly and they
were dropped for now. This may break LCOW and other Windows support.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-10-20 20:22:03 +01:00
Rolf Neugebauer
5609cdeae7 kernel: Update to 4.9.55 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-10-20 20:22:03 +01:00
Rolf Neugebauer
38c37276a2 kernel: Update to 4.9.54/4.4.91 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-10-11 13:12:49 +01:00
Rolf Neugebauer
06b09fb6a8 kernel: Update kernel to 4.13.5/4.9.53/4.4.90 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-10-05 12:01:12 +01:00
Rolf Neugebauer
35fde3ec7d kernel: Update to 4.9.52/4.4.89 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-09-28 15:44:04 +01:00
Rolf Neugebauer
bd4723d1aa kernel: Update kernels to 4.12.14/4.9.51 
While at it might as well update the alpine base...

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-09-20 12:13:26 +01:00
Rolf Neugebauer
59782d502e kernel: Update to 4.12.13/4.9.50/4.4.88 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-09-14 17:19:43 +01:00
Rolf Neugebauer
7bc93a6c46 kernel: Update to 4,9.49/4.12.12 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-09-12 11:23:41 +01:00
Rolf Neugebauer
5427147e3b kernel: Update to 4.12.11/4.9.48/4.4.87 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-09-08 14:44:44 +01:00
Rolf Neugebauer
8be4a2b2c4 kernel: Update to 4.9.47/4.4.86 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-09-04 17:58:16 +01:00
Rolf Neugebauer
3fe863e8e6 kernel: Update kernels to 4.9.46/4.4.85 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-08-30 19:23:45 +01:00
Rolf Neugebauer
279d3f05bd kernel: Update to 4.4.84/4.9.45/4.12.9 
Note, on x86_64 for 4.12.9 a new kernel option,
HARDLOCKUP_CHECK_TIMESTAMP was added which defaults to enabled. It enables
a low pass filter to compensate for perf based hard lockup detection.

Added this option to the x86_64 4.12.x kernel confog file.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-08-30 19:23:45 +01:00
Rolf Neugebauer
5898bc9f0d kernel: Update to 4.9.44/4.4.83 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-08-18 18:08:32 +01:00
Rolf Neugebauer
1882939623 kernel: Update to 4.9.43/4.4.82 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-08-14 10:58:54 +01:00
Rolf Neugebauer
3889f198e5 kernel: Update to 4.9.42/4.4.81 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-08-14 10:45:56 +01:00
Rolf Neugebauer
4f5582edf2 kernel: Update to 4.9.41/4.4.80 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-08-08 17:46:21 +01:00
Rolf Neugebauer
57659aa5dd kernel: Update to 4.9.40/4.4.79 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-07-28 19:25:55 +01:00
Rolf Neugebauer
4e4594cb2e kernel: Update to 4.11.12/4.9.39/4.4.78 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-07-24 10:53:45 +01:00
Rolf Neugebauer
e1bc6e4c55 kernel: Update to 4.11.11/4.9.38/4.4.77 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-07-17 11:02:12 +01:00
Rolf Neugebauer
759e5a8a51 kernel: Update to 4.11.10/4.9.37 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-07-17 10:54:49 +01:00
Rolf Neugebauer
aa9b718d8a kernel: Update to 4.11.9/4.9.36/4.4.76 
Added a new patch to the 4.11 and 4.9 kernels based on a patch
submitted to stable: https://patchwork.kernel.org/patch/9829039/

This patch fixes a off-by-one error in the VMBus code.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-07-07 18:41:33 +01:00
Rolf Neugebauer
8cee2cd68b kernel: Update to 4.11.8/4.9.35/4.4.75 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-06-30 18:23:29 +01:00
Rolf Neugebauer
c12eafeeb2 kernel: Update to 4.11.7/4.9.34/4.4.74 
In particular this contains 1be7107fbe18eed3e319 ("mm: larger stack
guard gap, between vmas") which is a fix for CVE-2017-1000364.

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-06-27 10:39:23 +01:00
Rolf Neugebauer
4d8f8956b3 kernel: Update to 4.11.6/4.9.33/4.4.73 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-06-22 19:32:13 +01:00
Rolf Neugebauer
db2491cac3 kernel: Update to 4.11.5/4.9.32/4.4.72 
Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-06-15 13:14:54 -07:00
Rolf Neugebauer
06c857fb16 kernel: Fix perf compile on 4.11.x/4.9.x kernels 
This cherry-picks 120010cb1eea151d38a3e66f5ffc79a0c3110292 ("tools build:
Add test for sched_getcpu()") which replaces a #ifdef based test with
a proper test for the sched_getcpu() function. The macro based condition
does not work on Alpine as it is conditional on GLIBC.

For 4.9 the cherry-pick needed some manual adjustment and also required
commit ef2c3e76d98dfb69a46d870b47656e8e5bac6e2b ("perf jit: Avoid returning
garbage for a ret variable")

Signed-off-by: Rolf Neugebauer <rolf.neugebauer@docker.com>
 2017-06-15 10:39:32 -07:00