aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-grsec
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2012-09-18 08:07:31 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2012-09-18 08:38:16 +0000
commit7abb181594cd6019976f523c7fd8243bd199d670 (patch)
treecbceba6ef1d95f8f21d10c12c50c9472f1163c8c /main/linux-grsec
parent9fc6905654a1d480197d44705aeaf3bd1b44c6eb (diff)
downloadaports-7abb181594cd6019976f523c7fd8243bd199d670.tar.bz2
aports-7abb181594cd6019976f523c7fd8243bd199d670.tar.xz
main/linux-grsec: fixed longstanding problem with the per-cpu pgd and kvm
Diffstat (limited to 'main/linux-grsec')
-rw-r--r--main/linux-grsec/APKBUILD6
-rw-r--r--main/linux-grsec/grsecurity-2.9.1-3.4.11-2.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.4.11-1.patch)34
2 files changed, 31 insertions, 9 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index e8eeecd97e..2c91259e42 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=3.4.11
_kernver=3.4
-pkgrel=0
+pkgrel=1
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-2.9.1-$pkgver-1.patch
+ grsecurity-2.9.1-$pkgver-2.patch
0004-arp-flush-arp-cache-on-device-change.patch
0001-Revert-ipv4-Don-t-use-the-cached-pmtu-informations-f.patch
@@ -142,7 +142,7 @@ dev() {
md5sums="967f72983655e2479f951195953e8480 linux-3.4.tar.xz
2149df47fc96fec05787bf0197fb7b16 patch-3.4.11.xz
-261e513021d40a01ebd18947fde0ab1d grsecurity-2.9.1-3.4.11-1.patch
+2a05125c1486b1db0fd59a90d11d8b7a grsecurity-2.9.1-3.4.11-2.patch
776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
cb6fcd6e966e73c87a839c4c0183f81f 0001-Revert-ipv4-Don-t-use-the-cached-pmtu-informations-f.patch
d2f7ba780ff7567c21381428264d7fdd intel_idle.patch
diff --git a/main/linux-grsec/grsecurity-2.9.1-3.4.11-1.patch b/main/linux-grsec/grsecurity-2.9.1-3.4.11-2.patch
index cb22897ebc..cdb78084f6 100644
--- a/main/linux-grsec/grsecurity-2.9.1-3.4.11-1.patch
+++ b/main/linux-grsec/grsecurity-2.9.1-3.4.11-2.patch
@@ -20636,7 +20636,7 @@ index e334389..6839087 100644
local_irq_disable();
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 4ff0ab9..2ff68d3 100644
+index 4ff0ab9..fbab291 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1303,7 +1303,11 @@ static void reload_tss(void)
@@ -20651,7 +20651,18 @@ index 4ff0ab9..2ff68d3 100644
load_TR_desc();
}
-@@ -2625,8 +2629,11 @@ static __init int hardware_setup(void)
+@@ -1502,6 +1506,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
+ vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */
+ vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */
+
++#ifdef CONFIG_PAX_PER_CPU_PGD
++ vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */
++#endif
++
+ rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp);
+ vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */
+ vmx->loaded_vmcs->cpu = cpu;
+@@ -2625,8 +2633,11 @@ static __init int hardware_setup(void)
if (!cpu_has_vmx_flexpriority())
flexpriority_enabled = 0;
@@ -20665,7 +20676,18 @@ index 4ff0ab9..2ff68d3 100644
if (enable_ept && !cpu_has_vmx_ept_2m_page())
kvm_disable_largepages();
-@@ -3642,7 +3649,7 @@ static void vmx_set_constant_host_state(void)
+@@ -3630,7 +3641,10 @@ static void vmx_set_constant_host_state(void)
+
+ vmcs_writel(HOST_CR0, read_cr0() | X86_CR0_TS); /* 22.2.3 */
+ vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */
++
++#ifndef CONFIG_PAX_PER_CPU_PGD
+ vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */
++#endif
+
+ vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */
+ vmcs_write16(HOST_DS_SELECTOR, __KERNEL_DS); /* 22.2.4 */
+@@ -3642,7 +3656,7 @@ static void vmx_set_constant_host_state(void)
vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl));
@@ -20674,7 +20696,7 @@ index 4ff0ab9..2ff68d3 100644
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
-@@ -6180,6 +6187,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6180,6 +6194,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
"jmp .Lkvm_vmx_return \n\t"
".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t"
".Lkvm_vmx_return: "
@@ -20687,7 +20709,7 @@ index 4ff0ab9..2ff68d3 100644
/* Save guest registers, load host registers, keep flags */
"mov %0, %c[wordsize](%%"R"sp) \n\t"
"pop %0 \n\t"
-@@ -6228,6 +6241,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6228,6 +6248,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
#endif
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
[wordsize]"i"(sizeof(ulong))
@@ -20699,7 +20721,7 @@ index 4ff0ab9..2ff68d3 100644
: "cc", "memory"
, R"ax", R"bx", R"di", R"si"
#ifdef CONFIG_X86_64
-@@ -6256,7 +6274,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -6256,7 +6281,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
}
}