From 325b8c0a234610c62f5ce296e800bed6e763a988 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Arkadiusz=20Mi=C5=9Bkiewicz?= <arekm@maven.pl>
Date: Wed, 15 May 2019 06:44:46 +0200
Subject: [PATCH] - up to 4.9.176; workaround zombieload intel cpu
 vulnerability:
 https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html

---
 kernel-vserver-2.3.patch | 9 +++++----
 kernel.spec              | 4 ++--
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/kernel-vserver-2.3.patch b/kernel-vserver-2.3.patch
index e2db62d5..b7986689 100644
--- a/kernel-vserver-2.3.patch
+++ b/kernel-vserver-2.3.patch
@@ -13568,14 +13568,15 @@ diff -NurpP --minimal linux-4.9.135/kernel/ptrace.c linux-4.9.135-vs2.3.9.8/kern
  #include <linux/hw_breakpoint.h>
  #include <linux/cn_proc.h>
  #include <linux/compat.h>
-@@ -325,6 +326,11 @@ ok:
- 	     !ptrace_has_cap(mm->user_ns, mode)))
- 	    return -EPERM;
+@@ -331,6 +331,12 @@ ok:
  
+ 	if (mode & PTRACE_MODE_SCHED)
+ 		return 0;
++
 +	if (!vx_check(task->xid, VS_ADMIN_P|VS_WATCH_P|VS_IDENT))
 +		return -EPERM;
 +	if (!vx_check(task->xid, VS_IDENT) &&
-+		!task_vx_flags(task, VXF_STATE_ADMIN, 0))
++			!task_vx_flags(task, VXF_STATE_ADMIN, 0))
 +		return -EACCES;
  	return security_ptrace_access_check(task, mode);
  }
diff --git a/kernel.spec b/kernel.spec
index ac283801..427abd5b 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -73,7 +73,7 @@
 
 %define		rel		1
 %define		basever		4.9
-%define		postver		.174
+%define		postver		.176
 
 # define this to '-%{basever}' for longterm branch
 %define		versuffix	-%{basever}
@@ -125,7 +125,7 @@ Source0:	https://www.kernel.org/pub/linux/kernel/v4.x/linux-%{basever}.tar.xz
 # Source0-md5:	0a68ef3615c64bd5ee54a3320e46667d
 %if "%{postver}" != ".0"
 Patch0:		https://www.kernel.org/pub/linux/kernel/v4.x/patch-%{version}.xz
-# Patch0-md5:	275268f5ec9a8b055e975ae881752491
+# Patch0-md5:	b287fed45c4a5ff4f26eb87a0eba7c85
 %endif
 Source1:	kernel.sysconfig
 
-- 
2.44.0