main/linux-grsec: security fixes (CVE-2016-3157, CVE-2016-3961). Fixes #5489

2 files changed, 67 insertions, 1 deletions

diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index bc189079c..ca0aea4de 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -7,7 +7,7 @@ case $pkgver in
 *.*.*)	_kernver=${pkgver%.*};;
 *.*)	_kernver=${pkgver};;
 esac
-pkgrel=1
+pkgrel=2
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs"
@@ -21,6 +21,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v4.x/linux-$_kernver.tar.xz
 
 	fix-spi-nor-namespace-clash.patch
 	imx6q-no-unclocked-sleep.patch
+	xsa174.patch
 
 	config-grsec.x86
 	config-grsec.x86_64
@@ -215,6 +216,7 @@ c1d8f46e5b2ee7c925fc38f20a3726d3  patch-4.4.8.xz
 c2a6b88b18bc5b54d0d7122a1c692060  grsecurity-3.1-4.4.8-201604252206.patch
 c32f1d7517a095a2645fc1c7dec5db8f  fix-spi-nor-namespace-clash.patch
 b11c29ee88f7f537973191036d48bee7  imx6q-no-unclocked-sleep.patch
+14a8a1826416f04ae98918145139cea6  xsa174.patch
 af91f128ddf9407bb212cbaebca79354  config-grsec.x86
 503656217c0cfb0c481b3804285f0166  config-grsec.x86_64
 a453b5ddc5ce5b1ed487747ae785d615  config-grsec.armhf
@@ -225,6 +227,7 @@ sha256sums="401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2  li
 b631b75cf38e08409812e9869f3a8b5b5b5085ba32ab62fd4c03d803f652a57f  grsecurity-3.1-4.4.8-201604252206.patch
 b8ce28c61663dbd92f7e1c862c042c88c4d0459ce15f6e6ea121e20705b66212  fix-spi-nor-namespace-clash.patch
 7e8a954750139a421a76e414e19a3b57645c9ec70e6c14a6b7708a3fa0cfd5e4  imx6q-no-unclocked-sleep.patch
+cbec70e183f76b4081ebba05c0a8105bd4952d164a2e5c40528c05bf8861ddef  xsa174.patch
 c247a003fb358f611d801277f89a13393d1620ad804553ada97433ef52a7706b  config-grsec.x86
 d2b771f67eecad71745956dc0dea40fc702f39e4caee195b11877307d5ab2622  config-grsec.x86_64
 ac8407f225ff6cb6be9ccd69729262241e61455f816cdea3070e30ddf453f7db  config-grsec.armhf
@@ -235,6 +238,7 @@ d53d6950bc121107fecec91b4cd33473b0b18e7188bd387cd02f3ab4ece0f7dc6f1530ad9b7a4465
 49ec328ec1a5232af1f370101a64d9b7021bd2cb7744b3db181311d6aa4886ba1ef36457fbf22b97b21b0ad313fbea780c9441778e4d5bb9f8deae76dd6e499d  grsecurity-3.1-4.4.8-201604252206.patch
 410fe7dae27cb4998d17a441a5b2a19dd350636ead2de97d4ef5317501d9e82e2550bfca0f022c9be6296907c076c381e1e13060d1900ff26ee7d47f234fb104  fix-spi-nor-namespace-clash.patch
 9980eb10f529bc5ce482ab0a0037febbc982b528c3e4d02fc4547e6dd45dc529a7b1711d0c89f942b1ae27842c3794b68a6b8959ef80f6fd00183d3a591cea07  imx6q-no-unclocked-sleep.patch
+a86f88db750defec35d3afebdde565de2c6bc304f9a110c6091e0d38261a4bdc0ddbdd1df1913a894f57877acacfdb96d98635729f913a7ed344f627e40a9af3  xsa174.patch
 d7cb2b8600bd95c25aba5fc21f27a89eb1257d003c6e98bc81989a6027536c15c4c4abbcdc16fadd84383d3e29c6814ddf0c4f8524b53b69eed8763cc2c14e92  config-grsec.x86
 900d18cb27b99ca91cb48fa8fc27a74f1b700eb826ef26fcfa18a379e9b7521ddac65edc57757de766e76d1c576a4d6e80a6778afc3c34394b165ab9a707cba0  config-grsec.x86_64
 97de0656bbf99b66431587fda8c914aa08950c1865de018ed7a1b5f99b98f91e2e935d2341dbab44af1ca8c2370953fbbeca58c00e201f97e1b15bbec41d52d6  config-grsec.armhf
diff --git a/main/linux-grsec/xsa174.patch b/main/linux-grsec/xsa174.patch
new file mode 100644
index 000000000..9c15d57c3
--- /dev/null
+++ b/main/linux-grsec/xsa174.patch
@@ -0,0 +1,62 @@
+x86/xen: suppress hugetlbfs in PV guests
+
+Huge pages are not normally available to PV guests. Not suppressing
+hugetlbfs use results in an endless loop of page faults when user mode
+code tries to access a hugetlbfs mapped area (since the hypervisor
+denies such PTEs to be created, but error indications can't be
+propagated out of xen_set_pte_at(), just like for various of its
+siblings), and - once killed in an oops like this:
+
+kernel BUG at .../fs/hugetlbfs/inode.c:428!
+invalid opcode: 0000 [#1] SMP 
+Modules linked in: ...
+Supported: Yes
+CPU: 2 PID: 6088 Comm: hugetlbfs Tainted: G        W         4.4.0-2016-01-20-pv #2
+Hardware name: ...
+task: ffff8808059205c0 ti: ffff880803c84000 task.ti: ffff880803c84000
+RIP: e030:[<ffffffff811c333b>]  [<ffffffff811c333b>] remove_inode_hugepages+0x25b/0x320
+RSP: e02b:ffff880803c879a8  EFLAGS: 00010202
+RAX: 000000000077a4db RBX: ffffea001acff000 RCX: 0000000078417d38
+RDX: 0000000000000000 RSI: 000000007e154fa7 RDI: ffff880805d70960
+RBP: 0000000000000960 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
+R13: ffff880807486018 R14: 0000000000000000 R15: ffff880803c87af0
+FS:  00007f85fa8b8700(0000) GS:ffff88080b640000(0000) knlGS:0000000000000000
+CS:  e033 DS: 0000 ES: 0000 CR0: 000000008005003b
+CR2: 00007f85fa000000 CR3: 0000000001a0a000 CR4: 0000000000040660
+Stack:
+ ffff880000000fb0 ffff880803c87a18 ffff880803c87ae8 ffff8808059205c0
+ ffff880803c87af0 ffff880803c87ae8 ffff880807486018 0000000000000000
+ ffffffff81bf6e60 ffff880807486168 000003ffffffffff 0000000003c87758
+Call Trace:
+ [<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40
+ [<ffffffff81167b3d>] evict+0xbd/0x1b0
+ [<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0
+ [<ffffffff81165b0e>] dput+0x1fe/0x220
+ [<ffffffff81150535>] __fput+0x155/0x200
+ [<ffffffff81079fc0>] task_work_run+0x60/0xa0
+ [<ffffffff81063510>] do_exit+0x160/0x400
+ [<ffffffff810637eb>] do_group_exit+0x3b/0xa0
+ [<ffffffff8106e8bd>] get_signal+0x1ed/0x470
+ [<ffffffff8100f854>] do_signal+0x14/0x110
+ [<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0
+ [<ffffffff814178a5>] retint_user+0x8/0x13
+
+This is XSA-174.
+
+Reported-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Cc: stable@vger.kernel.org
+---
+v2: Make Xen-inspecific, by using cpu_has_pse.
+
+--- a/arch/x86/include/asm/hugetlb.h
++++ b/arch/x86/include/asm/hugetlb.h
+@@ -4,6 +4,7 @@
+ #include <asm/page.h>
+ #include <asm-generic/hugetlb.h>
+ 
++#define hugepages_supported() cpu_has_pse
+ 
+ static inline int is_hugepage_only_range(struct mm_struct *mm,
+ 					 unsigned long addr,