diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2012-09-18 08:07:31 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-09-18 08:38:16 +0000 |
commit | 7abb181594cd6019976f523c7fd8243bd199d670 (patch) | |
tree | cbceba6ef1d95f8f21d10c12c50c9472f1163c8c /main | |
parent | 9fc6905654a1d480197d44705aeaf3bd1b44c6eb (diff) | |
download | aports-7abb181594cd6019976f523c7fd8243bd199d670.tar.bz2 aports-7abb181594cd6019976f523c7fd8243bd199d670.tar.xz |
main/linux-grsec: fixed longstanding problem with the per-cpu pgd and kvm
Diffstat (limited to 'main')
-rw-r--r-- | main/linux-grsec/APKBUILD | 6 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.9.1-3.4.11-2.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.4.11-1.patch) | 34 |
2 files changed, 31 insertions, 9 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index e8eeecd97..2c91259e4 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=3.4.11 _kernver=3.4 -pkgrel=0 +pkgrel=1 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-2.9.1-$pkgver-1.patch + grsecurity-2.9.1-$pkgver-2.patch 0004-arp-flush-arp-cache-on-device-change.patch 0001-Revert-ipv4-Don-t-use-the-cached-pmtu-informations-f.patch @@ -142,7 +142,7 @@ dev() { md5sums="967f72983655e2479f951195953e8480 linux-3.4.tar.xz 2149df47fc96fec05787bf0197fb7b16 patch-3.4.11.xz -261e513021d40a01ebd18947fde0ab1d grsecurity-2.9.1-3.4.11-1.patch +2a05125c1486b1db0fd59a90d11d8b7a grsecurity-2.9.1-3.4.11-2.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch cb6fcd6e966e73c87a839c4c0183f81f 0001-Revert-ipv4-Don-t-use-the-cached-pmtu-informations-f.patch d2f7ba780ff7567c21381428264d7fdd intel_idle.patch diff --git a/main/linux-grsec/grsecurity-2.9.1-3.4.11-1.patch b/main/linux-grsec/grsecurity-2.9.1-3.4.11-2.patch index cb22897eb..cdb78084f 100644 --- a/main/linux-grsec/grsecurity-2.9.1-3.4.11-1.patch +++ b/main/linux-grsec/grsecurity-2.9.1-3.4.11-2.patch @@ -20636,7 +20636,7 @@ index e334389..6839087 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 4ff0ab9..2ff68d3 100644 +index 4ff0ab9..fbab291 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c @@ -1303,7 +1303,11 @@ static void reload_tss(void) @@ -20651,7 +20651,18 @@ index 4ff0ab9..2ff68d3 100644 load_TR_desc(); } -@@ -2625,8 +2629,11 @@ static __init int hardware_setup(void) +@@ -1502,6 +1506,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) + vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */ + vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */ + ++#ifdef CONFIG_PAX_PER_CPU_PGD ++ vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */ ++#endif ++ + rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp); + vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */ + vmx->loaded_vmcs->cpu = cpu; +@@ -2625,8 +2633,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -20665,7 +20676,18 @@ index 4ff0ab9..2ff68d3 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3642,7 +3649,7 @@ static void vmx_set_constant_host_state(void) +@@ -3630,7 +3641,10 @@ static void vmx_set_constant_host_state(void) + + vmcs_writel(HOST_CR0, read_cr0() | X86_CR0_TS); /* 22.2.3 */ + vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ ++ ++#ifndef CONFIG_PAX_PER_CPU_PGD + vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */ ++#endif + + vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */ + vmcs_write16(HOST_DS_SELECTOR, __KERNEL_DS); /* 22.2.4 */ +@@ -3642,7 +3656,7 @@ static void vmx_set_constant_host_state(void) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl)); @@ -20674,7 +20696,7 @@ index 4ff0ab9..2ff68d3 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -6180,6 +6187,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6180,6 +6194,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp .Lkvm_vmx_return \n\t" ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t" ".Lkvm_vmx_return: " @@ -20687,7 +20709,7 @@ index 4ff0ab9..2ff68d3 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%"R"sp) \n\t" "pop %0 \n\t" -@@ -6228,6 +6241,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6228,6 +6248,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -20699,7 +20721,7 @@ index 4ff0ab9..2ff68d3 100644 : "cc", "memory" , R"ax", R"bx", R"di", R"si" #ifdef CONFIG_X86_64 -@@ -6256,7 +6274,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6256,7 +6281,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) } } |