From 79a450ab3534176607ac4067f556b5e46dc4d86d Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Thu, 31 May 2012 15:22:58 +0000 Subject: main/linux-virt-grsec: add xen xsave patch disable ppp etc --- testing/linux-virt-grsec/APKBUILD | 6 ++- testing/linux-virt-grsec/kernelconfig.x86 | 79 +++++-------------------------- testing/linux-virt-grsec/xen-xsave.patch | 10 ++++ 3 files changed, 27 insertions(+), 68 deletions(-) create mode 100644 testing/linux-virt-grsec/xen-xsave.patch (limited to 'testing') diff --git a/testing/linux-virt-grsec/APKBUILD b/testing/linux-virt-grsec/APKBUILD index 5d0101d7c..bdefe7a3a 100644 --- a/testing/linux-virt-grsec/APKBUILD +++ b/testing/linux-virt-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-virt-${_flavor} pkgver=3.3.7 _kernver=3.3 -pkgrel=1 +pkgrel=2 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -16,6 +16,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz grsecurity-2.9-3.3.7-201205261259.patch pax-out-of-tree-workaround.patch + xen-xsave.patch kernelconfig.x86 " @@ -139,4 +140,5 @@ md5sums="7133f5a2086a7d7ef97abac610c094f5 linux-3.3.tar.xz 622a3b43238559aeb778279969631260 patch-3.3.7.xz 097be38de4ae03e4d9dbec3217b15afb grsecurity-2.9-3.3.7-201205261259.patch 1aa70cff67ae2cca7cf1b8be83573eae pax-out-of-tree-workaround.patch -e534688debf2c79223a3e8a4f5e33b9c kernelconfig.x86" +0d095dbf194d5609ad260ecd3f0ab15d xen-xsave.patch +223cc32262e5dbf3383b320ef3f5861b kernelconfig.x86" diff --git a/testing/linux-virt-grsec/kernelconfig.x86 b/testing/linux-virt-grsec/kernelconfig.x86 index 7e1aa3d60..a7b9facd4 100644 --- a/testing/linux-virt-grsec/kernelconfig.x86 +++ b/testing/linux-virt-grsec/kernelconfig.x86 @@ -429,7 +429,7 @@ CONFIG_BOUNCE=y CONFIG_VIRT_TO_BUS=y CONFIG_MMU_NOTIFIER=y CONFIG_KSM=y -CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 CONFIG_TRANSPARENT_HUGEPAGE=y CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y # CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set @@ -448,11 +448,11 @@ CONFIG_ARCH_RANDOM=y # CONFIG_EFI is not set # CONFIG_SECCOMP is not set # CONFIG_CC_STACKPROTECTOR is not set -# CONFIG_HZ_100 is not set +CONFIG_HZ_100=y # CONFIG_HZ_250 is not set -CONFIG_HZ_300=y +# CONFIG_HZ_300 is not set # CONFIG_HZ_1000 is not set -CONFIG_HZ=300 +CONFIG_HZ=100 CONFIG_SCHED_HRTICK=y # CONFIG_KEXEC is not set # CONFIG_CRASH_DUMP is not set @@ -1066,18 +1066,9 @@ CONFIG_NET_PKTGEN=m # CONFIG_CAN is not set # CONFIG_IRDA is not set # CONFIG_BT is not set -CONFIG_AF_RXRPC=m -# CONFIG_AF_RXRPC_DEBUG is not set -CONFIG_RXKAD=m +# CONFIG_AF_RXRPC is not set CONFIG_FIB_RULES=y -CONFIG_WIRELESS=y -# CONFIG_CFG80211 is not set -CONFIG_LIB80211=m -# CONFIG_LIB80211_DEBUG is not set - -# -# CFG80211 needs to be enabled for MAC80211 -# +# CONFIG_WIRELESS is not set # CONFIG_WIMAX is not set # CONFIG_RFKILL is not set CONFIG_NET_9P=m @@ -1506,36 +1497,7 @@ CONFIG_TUN=m CONFIG_VETH=m CONFIG_VIRTIO_NET=m # CONFIG_ARCNET is not set -CONFIG_ATM_DRIVERS=y -CONFIG_ATM_DUMMY=m -CONFIG_ATM_TCP=m -CONFIG_ATM_LANAI=m -CONFIG_ATM_ENI=m -# CONFIG_ATM_ENI_DEBUG is not set -# CONFIG_ATM_ENI_TUNE_BURST is not set -CONFIG_ATM_FIRESTREAM=m -CONFIG_ATM_ZATM=m -# CONFIG_ATM_ZATM_DEBUG is not set -CONFIG_ATM_NICSTAR=m -# CONFIG_ATM_NICSTAR_USE_SUNI is not set -# CONFIG_ATM_NICSTAR_USE_IDT77105 is not set -CONFIG_ATM_IDT77252=m -# CONFIG_ATM_IDT77252_DEBUG is not set -# CONFIG_ATM_IDT77252_RCV_ALL is not set -CONFIG_ATM_IDT77252_USE_SUNI=y -CONFIG_ATM_AMBASSADOR=m -# CONFIG_ATM_AMBASSADOR_DEBUG is not set -CONFIG_ATM_HORIZON=m -# CONFIG_ATM_HORIZON_DEBUG is not set -CONFIG_ATM_IA=m -# CONFIG_ATM_IA_DEBUG is not set -CONFIG_ATM_FORE200E=m -CONFIG_ATM_FORE200E_USE_TASKLET=y -CONFIG_ATM_FORE200E_TX_RETRY=16 -CONFIG_ATM_FORE200E_DEBUG=0 -CONFIG_ATM_HE=m -CONFIG_ATM_HE_USE_SUNI=y -CONFIG_ATM_SOLOS=m +# CONFIG_ATM_DRIVERS is not set # # CAIF transport drivers @@ -1630,24 +1592,9 @@ CONFIG_LSI_ET1011C_PHY=m CONFIG_MICREL_PHY=m CONFIG_MDIO_BITBANG=m CONFIG_MDIO_GPIO=m -CONFIG_PLIP=m -CONFIG_PPP=m -CONFIG_PPP_BSDCOMP=m -CONFIG_PPP_DEFLATE=m -CONFIG_PPP_FILTER=y -CONFIG_PPP_MPPE=m -CONFIG_PPP_MULTILINK=y -CONFIG_PPPOATM=m -CONFIG_PPPOE=m -CONFIG_PPTP=m -CONFIG_PPPOL2TP=m -CONFIG_PPP_ASYNC=m -CONFIG_PPP_SYNC_TTY=m -CONFIG_SLIP=m -CONFIG_SLHC=m -CONFIG_SLIP_COMPRESSED=y -CONFIG_SLIP_SMART=y -CONFIG_SLIP_MODE_SLIP6=y +# CONFIG_PLIP is not set +# CONFIG_PPP is not set +# CONFIG_SLIP is not set # CONFIG_TR is not set # @@ -1667,7 +1614,7 @@ CONFIG_SLIP_MODE_SLIP6=y # # CONFIG_WAN is not set CONFIG_XEN_NETDEV_FRONTEND=y -# CONFIG_XEN_NETDEV_BACKEND is not set +CONFIG_XEN_NETDEV_BACKEND=m CONFIG_VMXNET3=m CONFIG_HYPERV_NET=m # CONFIG_ISDN is not set @@ -2766,9 +2713,9 @@ CONFIG_HYPERV_UTILS=m # Xen driver support # CONFIG_XEN_BALLOON=y -# CONFIG_XEN_SELFBALLOONING is not set +CONFIG_XEN_SELFBALLOONING=y CONFIG_XEN_SCRUB_PAGES=y -CONFIG_XEN_DEV_EVTCHN=y +CONFIG_XEN_DEV_EVTCHN=m CONFIG_XEN_BACKEND=y CONFIG_XENFS=y CONFIG_XEN_COMPAT_XENFS=y diff --git a/testing/linux-virt-grsec/xen-xsave.patch b/testing/linux-virt-grsec/xen-xsave.patch new file mode 100644 index 000000000..e172d27b1 --- /dev/null +++ b/testing/linux-virt-grsec/xen-xsave.patch @@ -0,0 +1,10 @@ +--- ./arch/x86/xen/enlighten.c.orig ++++ ./arch/x86/xen/enlighten.c +@@ -805,6 +805,7 @@ + { + cr4 &= ~X86_CR4_PGE; + cr4 &= ~X86_CR4_PSE; ++ cr4 &= ~X86_CR4_OSXSAVE; + + native_write_cr4(cr4); + } -- cgit v1.2.3