diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2016-09-13 19:45:31 +0200 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2016-09-13 19:57:18 +0200 |
| commit | 4799a0b4154a75627fd05e9f7d118ebc9adc160e (patch) | |
| tree | 301678eaf39bb56c4fd9478c8cebf8fa23583d4c /main/linux-grsec | |
| parent | 60535e9b0127f06723b33b4f2b96ad47ff189e0d (diff) | |
| download | aports-4799a0b4154a75627fd05e9f7d118ebc9adc160e.tar.bz2 aports-4799a0b4154a75627fd05e9f7d118ebc9adc160e.tar.xz | |
main/linux-grsec: add fix for xen
ref #6071
upstream: https://forums.grsecurity.net/viewtopic.php?f=3&t=4441
Diffstat (limited to 'main/linux-grsec')
| -rw-r--r-- | main/linux-grsec/APKBUILD | 6 | ||||
| -rw-r--r-- | main/linux-grsec/fix-xen-ssp.patch | 36 |
2 files changed, 41 insertions, 1 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index d180e3f99f..77af6a445b 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -7,7 +7,7 @@ case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=0 +pkgrel=1 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs" @@ -21,6 +21,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v4.x/linux-$_kernver.tar.xz fix-spi-nor-namespace-clash.patch imx6q-no-unclocked-sleep.patch + fix-xen-ssp.patch gcc6.patch config-grsec.x86 @@ -218,6 +219,7 @@ md5sums="9a78fa2eb6c68ca5a40ed5af08142599 linux-4.4.tar.xz 64062fa71e77623c3164b47ee6fa92f2 grsecurity-3.1-4.4.20-201604252206-alpine.patch c32f1d7517a095a2645fc1c7dec5db8f fix-spi-nor-namespace-clash.patch b11c29ee88f7f537973191036d48bee7 imx6q-no-unclocked-sleep.patch +8f4b55a9172cf886675c8161c97da6e1 fix-xen-ssp.patch 90e0fca6cb7bca277394b0db7f605098 gcc6.patch 2da05cb44c4f954f05f58734f4e16760 config-grsec.x86 8d86b346ae0a68fea58f3eab2338641b config-grsec.x86_64 @@ -229,6 +231,7 @@ da9d7d3548070bc4a333786778f628eaa2a76e10f21a34567f591834a9e87d27 patch-4.4.20.x 0fe119716bc047ae2221e760bf3023c27ccfde2cfd040d405c462a315548154c grsecurity-3.1-4.4.20-201604252206-alpine.patch b8ce28c61663dbd92f7e1c862c042c88c4d0459ce15f6e6ea121e20705b66212 fix-spi-nor-namespace-clash.patch 7e8a954750139a421a76e414e19a3b57645c9ec70e6c14a6b7708a3fa0cfd5e4 imx6q-no-unclocked-sleep.patch +baf5e43ceb3c5958026da57b1da594d0d82cbd82d964c90c86c80efed6ee8744 fix-xen-ssp.patch 21640b417cb9a389bf7be6a11dc71a481ec76fcfcc758992a9be158ab6a643e8 gcc6.patch 4098706e52e79c99b56e74c5aea53ba157c561c794819c130656d92a7b452210 config-grsec.x86 7a332837c3d63bf90bbab1df759801834393894e13f8a0647976dcec9d87a376 config-grsec.x86_64 @@ -240,6 +243,7 @@ sha512sums="13c8459933a8b80608e226a1398e3d1848352ace84bcfb7e6a4a33cb230bbe1ab719 d5367618ea58a63fa1014522adb64574bdda5c959f829ba284015b0ff99cfd8c9500383cb900e959ef4b5967d0f7b35c4c4b94a944a4aa84fa342ecd1ccbd7a8 grsecurity-3.1-4.4.20-201604252206-alpine.patch 410fe7dae27cb4998d17a441a5b2a19dd350636ead2de97d4ef5317501d9e82e2550bfca0f022c9be6296907c076c381e1e13060d1900ff26ee7d47f234fb104 fix-spi-nor-namespace-clash.patch 9980eb10f529bc5ce482ab0a0037febbc982b528c3e4d02fc4547e6dd45dc529a7b1711d0c89f942b1ae27842c3794b68a6b8959ef80f6fd00183d3a591cea07 imx6q-no-unclocked-sleep.patch +d398cd45e06ab587ebf83b06417d368c54c3d260ad0f8bc8659367df25c8eef1a56ef24cc81291d79d8daf6bc34415a3af6036e9361b9ab15d911145a8fa9e8b fix-xen-ssp.patch edcebc229956a05621ec1c89039b56aa61b468c74b54420ff72bd08658b65d29d6af385a7d78d1ce4b39889b407106b99efe7309f8a82974a74eb9edb9e89b64 gcc6.patch 0ba45dc80b9070a18bd31155eb2e658efdf8106fb331978d0b32bea68c9a401990b681df834319c9fa8599a78583bd4c45c274aa3d251aabc740d06141c5beb6 config-grsec.x86 65c8a18d3107be8766060eb7d7c89f2b865b38dc7e93f4110bffd98ef009f9cc192b3c9ad6fecbe412208c8efa93a526e81d4362bd207e6a585f30cc22ee8603 config-grsec.x86_64 diff --git a/main/linux-grsec/fix-xen-ssp.patch b/main/linux-grsec/fix-xen-ssp.patch new file mode 100644 index 0000000000..ebe352ed19 --- /dev/null +++ b/main/linux-grsec/fix-xen-ssp.patch @@ -0,0 +1,36 @@ +diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c +index de1c6d4..25cf7f8 100644 +--- a/arch/x86/xen/enlighten.c ++++ b/arch/x86/xen/enlighten.c +@@ -1566,6 +1566,15 @@ asmlinkage __visible void __init xen_start_kernel(void) + */ + __userpte_alloc_gfp &= ~__GFP_HIGHMEM; + ++ /* Get mfn list */ ++ xen_build_dynamic_phys_to_machine(); ++ ++ /* ++ * Set up kernel GDT and segment registers, mainly so that ++ * -fstack-protector code can be executed. ++ */ ++ xen_setup_gdt(0); ++ + /* Work out if we support NX */ + #if defined(CONFIG_X86_64) || defined(CONFIG_X86_PAE) + if ((cpuid_eax(0x80000000) & 0xffff0000) == 0x80000000 && +@@ -1579,15 +1588,6 @@ asmlinkage __visible void __init xen_start_kernel(void) + } + #endif + +- /* Get mfn list */ +- xen_build_dynamic_phys_to_machine(); +- +- /* +- * Set up kernel GDT and segment registers, mainly so that +- * -fstack-protector code can be executed. +- */ +- xen_setup_gdt(0); +- + xen_init_irq_ops(); + xen_init_cpuid_mask(); + |