aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/linux-grsec/APKBUILD6
-rw-r--r--main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009221846.patch (renamed from main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009212029.patch)90
2 files changed, 86 insertions, 10 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index dd833a628a..ea0b8a72de 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.32.22
_kernver=2.6.32
-pkgrel=0
+pkgrel=1
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}}
install=
source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
- grsecurity-2.2.0-2.6.32.22-201009212029.patch
+ grsecurity-2.2.0-2.6.32.22-201009221846.patch
0001-grsec-revert-conflicting-flow-cache-changes.patch
0002-gre-fix-hard-header-destination-address-checking.patch
0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
@@ -151,7 +151,7 @@ firmware() {
md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2
da1431a1d659298c6bd11714416c840f patch-2.6.32.22.bz2
-caa5e3eb3d335bdfe478c1e706e48305 grsecurity-2.2.0-2.6.32.22-201009212029.patch
+1e317ab1a66955c89e73200a1787b58d grsecurity-2.2.0-2.6.32.22-201009221846.patch
1d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch
437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch
151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
diff --git a/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009212029.patch b/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009221846.patch
index 172bdc9fd4..41fb7c83f3 100644
--- a/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009212029.patch
+++ b/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009221846.patch
@@ -6263,7 +6263,7 @@ diff -urNp linux-2.6.32.22/arch/x86/include/asm/atomic_32.h linux-2.6.32.22/arch
extern u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old_val, u64 new_val);
diff -urNp linux-2.6.32.22/arch/x86/include/asm/atomic_64.h linux-2.6.32.22/arch/x86/include/asm/atomic_64.h
--- linux-2.6.32.22/arch/x86/include/asm/atomic_64.h 2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.22/arch/x86/include/asm/atomic_64.h 2010-09-17 20:46:00.000000000 -0400
++++ linux-2.6.32.22/arch/x86/include/asm/atomic_64.h 2010-09-21 20:46:18.000000000 -0400
@@ -24,6 +24,17 @@ static inline int atomic_read(const atom
}
@@ -6550,7 +6550,7 @@ diff -urNp linux-2.6.32.22/arch/x86/include/asm/atomic_64.h linux-2.6.32.22/arch
#define atomic_inc_return(v) (atomic_add_return(1, v))
+static inline int atomic_inc_return_unchecked(atomic_unchecked_t *v)
+{
-+ return atomic_add_return(1, v);
++ return atomic_add_return_unchecked(1, v);
+}
#define atomic_dec_return(v) (atomic_sub_return(1, v))
@@ -30074,6 +30074,65 @@ diff -urNp linux-2.6.32.22/drivers/video/vesafb.c linux-2.6.32.22/drivers/video/
if (info->screen_base)
iounmap(info->screen_base);
framebuffer_release(info);
+diff -urNp linux-2.6.32.22/drivers/xen/events.c linux-2.6.32.22/drivers/xen/events.c
+--- linux-2.6.32.22/drivers/xen/events.c 2010-09-20 17:26:42.000000000 -0400
++++ linux-2.6.32.22/drivers/xen/events.c 2010-09-21 21:18:38.000000000 -0400
+@@ -106,7 +106,6 @@ static inline unsigned long *cpu_evtchn_
+ #define VALID_EVTCHN(chn) ((chn) != 0)
+
+ static struct irq_chip xen_dynamic_chip;
+-static struct irq_chip xen_percpu_chip;
+
+ /* Constructor for packed IRQ information. */
+ static struct irq_info mk_unbound_info(void)
+@@ -363,7 +362,7 @@ int bind_evtchn_to_irq(unsigned int evtc
+ irq = find_unbound_irq();
+
+ set_irq_chip_and_handler_name(irq, &xen_dynamic_chip,
+- handle_edge_irq, "event");
++ handle_level_irq, "event");
+
+ evtchn_to_irq[evtchn] = irq;
+ irq_info[irq] = mk_evtchn_info(evtchn);
+@@ -389,8 +388,8 @@ static int bind_ipi_to_irq(unsigned int
+ if (irq < 0)
+ goto out;
+
+- set_irq_chip_and_handler_name(irq, &xen_percpu_chip,
+- handle_percpu_irq, "ipi");
++ set_irq_chip_and_handler_name(irq, &xen_dynamic_chip,
++ handle_level_irq, "ipi");
+
+ bind_ipi.vcpu = cpu;
+ if (HYPERVISOR_event_channel_op(EVTCHNOP_bind_ipi,
+@@ -430,8 +429,8 @@ static int bind_virq_to_irq(unsigned int
+
+ irq = find_unbound_irq();
+
+- set_irq_chip_and_handler_name(irq, &xen_percpu_chip,
+- handle_percpu_irq, "virq");
++ set_irq_chip_and_handler_name(irq, &xen_dynamic_chip,
++ handle_level_irq, "virq");
+
+ evtchn_to_irq[evtchn] = irq;
+ irq_info[irq] = mk_virq_info(evtchn, virq);
+@@ -930,16 +929,6 @@ static struct irq_chip xen_dynamic_chip
+ .retrigger = retrigger_dynirq,
+ };
+
+-static struct irq_chip en_percpu_chip __read_mostly = {
+- .name = "xen-percpu",
+-
+- .disable = disable_dynirq,
+- .mask = disable_dynirq,
+- .unmask = enable_dynirq,
+-
+- .ack = ack_dynirq,
+-};
+-
+ void __init xen_init_IRQ(void)
+ {
+ int i;
diff -urNp linux-2.6.32.22/drivers/xen/sys-hypervisor.c linux-2.6.32.22/drivers/xen/sys-hypervisor.c
--- linux-2.6.32.22/drivers/xen/sys-hypervisor.c 2010-08-13 16:24:37.000000000 -0400
+++ linux-2.6.32.22/drivers/xen/sys-hypervisor.c 2010-09-04 15:54:52.000000000 -0400
@@ -34053,7 +34112,7 @@ diff -urNp linux-2.6.32.22/fs/proc/array.c linux-2.6.32.22/fs/proc/array.c
+#endif
diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c
--- linux-2.6.32.22/fs/proc/base.c 2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.22/fs/proc/base.c 2010-09-04 15:54:52.000000000 -0400
++++ linux-2.6.32.22/fs/proc/base.c 2010-09-22 18:44:37.000000000 -0400
@@ -102,6 +102,22 @@ struct pid_entry {
union proc_op op;
};
@@ -34124,6 +34183,15 @@ diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c
do {
nwords += 2;
} while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */
+@@ -306,7 +342,7 @@ static int proc_pid_auxv(struct task_str
+ }
+
+
+-#ifdef CONFIG_KALLSYMS
++#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
+ /*
+ * Provides a wchan file via kallsyms in a proper one-value-per-file format.
+ * Returns the resolved symbol. If that fails, simply return the address.
@@ -328,7 +364,7 @@ static int proc_pid_wchan(struct task_st
}
#endif /* CONFIG_KALLSYMS */
@@ -34304,8 +34372,12 @@ diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c
INF("syscall", S_IRUSR, proc_pid_syscall),
#endif
INF("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -2547,7 +2641,7 @@ static const struct pid_entry tgid_base_
- #ifdef CONFIG_KALLSYMS
+@@ -2544,10 +2638,10 @@ static const struct pid_entry tgid_base_
+ #ifdef CONFIG_SECURITY
+ DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
+ #endif
+-#ifdef CONFIG_KALLSYMS
++#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
INF("wchan", S_IRUGO, proc_pid_wchan),
#endif
-#ifdef CONFIG_STACKTRACE
@@ -34400,8 +34472,12 @@ diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c
INF("syscall", S_IRUSR, proc_pid_syscall),
#endif
INF("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -2880,7 +3012,7 @@ static const struct pid_entry tid_base_s
- #ifdef CONFIG_KALLSYMS
+@@ -2877,10 +3009,10 @@ static const struct pid_entry tid_base_s
+ #ifdef CONFIG_SECURITY
+ DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
+ #endif
+-#ifdef CONFIG_KALLSYMS
++#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
INF("wchan", S_IRUGO, proc_pid_wchan),
#endif
-#ifdef CONFIG_STACKTRACE