diff options
-rw-r--r-- | main/linux-grsec/APKBUILD | 6 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009221846.patch (renamed from main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009212029.patch) | 90 |
2 files changed, 86 insertions, 10 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index dd833a628a..ea0b8a72de 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=2.6.32.22 _kernver=2.6.32 -pkgrel=0 +pkgrel=1 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}} install= source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 - grsecurity-2.2.0-2.6.32.22-201009212029.patch + grsecurity-2.2.0-2.6.32.22-201009221846.patch 0001-grsec-revert-conflicting-flow-cache-changes.patch 0002-gre-fix-hard-header-destination-address-checking.patch 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch @@ -151,7 +151,7 @@ firmware() { md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2 da1431a1d659298c6bd11714416c840f patch-2.6.32.22.bz2 -caa5e3eb3d335bdfe478c1e706e48305 grsecurity-2.2.0-2.6.32.22-201009212029.patch +1e317ab1a66955c89e73200a1787b58d grsecurity-2.2.0-2.6.32.22-201009221846.patch 1d247140abec49b96250aec9aa59b324 0001-grsec-revert-conflicting-flow-cache-changes.patch 437317f88ec13ace8d39c31983a41696 0002-gre-fix-hard-header-destination-address-checking.patch 151b29a161178ed39d62a08f21f3484d 0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch diff --git a/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009212029.patch b/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009221846.patch index 172bdc9fd4..41fb7c83f3 100644 --- a/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009212029.patch +++ b/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009221846.patch @@ -6263,7 +6263,7 @@ diff -urNp linux-2.6.32.22/arch/x86/include/asm/atomic_32.h linux-2.6.32.22/arch extern u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old_val, u64 new_val); diff -urNp linux-2.6.32.22/arch/x86/include/asm/atomic_64.h linux-2.6.32.22/arch/x86/include/asm/atomic_64.h --- linux-2.6.32.22/arch/x86/include/asm/atomic_64.h 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.22/arch/x86/include/asm/atomic_64.h 2010-09-17 20:46:00.000000000 -0400 ++++ linux-2.6.32.22/arch/x86/include/asm/atomic_64.h 2010-09-21 20:46:18.000000000 -0400 @@ -24,6 +24,17 @@ static inline int atomic_read(const atom } @@ -6550,7 +6550,7 @@ diff -urNp linux-2.6.32.22/arch/x86/include/asm/atomic_64.h linux-2.6.32.22/arch #define atomic_inc_return(v) (atomic_add_return(1, v)) +static inline int atomic_inc_return_unchecked(atomic_unchecked_t *v) +{ -+ return atomic_add_return(1, v); ++ return atomic_add_return_unchecked(1, v); +} #define atomic_dec_return(v) (atomic_sub_return(1, v)) @@ -30074,6 +30074,65 @@ diff -urNp linux-2.6.32.22/drivers/video/vesafb.c linux-2.6.32.22/drivers/video/ if (info->screen_base) iounmap(info->screen_base); framebuffer_release(info); +diff -urNp linux-2.6.32.22/drivers/xen/events.c linux-2.6.32.22/drivers/xen/events.c +--- linux-2.6.32.22/drivers/xen/events.c 2010-09-20 17:26:42.000000000 -0400 ++++ linux-2.6.32.22/drivers/xen/events.c 2010-09-21 21:18:38.000000000 -0400 +@@ -106,7 +106,6 @@ static inline unsigned long *cpu_evtchn_ + #define VALID_EVTCHN(chn) ((chn) != 0) + + static struct irq_chip xen_dynamic_chip; +-static struct irq_chip xen_percpu_chip; + + /* Constructor for packed IRQ information. */ + static struct irq_info mk_unbound_info(void) +@@ -363,7 +362,7 @@ int bind_evtchn_to_irq(unsigned int evtc + irq = find_unbound_irq(); + + set_irq_chip_and_handler_name(irq, &xen_dynamic_chip, +- handle_edge_irq, "event"); ++ handle_level_irq, "event"); + + evtchn_to_irq[evtchn] = irq; + irq_info[irq] = mk_evtchn_info(evtchn); +@@ -389,8 +388,8 @@ static int bind_ipi_to_irq(unsigned int + if (irq < 0) + goto out; + +- set_irq_chip_and_handler_name(irq, &xen_percpu_chip, +- handle_percpu_irq, "ipi"); ++ set_irq_chip_and_handler_name(irq, &xen_dynamic_chip, ++ handle_level_irq, "ipi"); + + bind_ipi.vcpu = cpu; + if (HYPERVISOR_event_channel_op(EVTCHNOP_bind_ipi, +@@ -430,8 +429,8 @@ static int bind_virq_to_irq(unsigned int + + irq = find_unbound_irq(); + +- set_irq_chip_and_handler_name(irq, &xen_percpu_chip, +- handle_percpu_irq, "virq"); ++ set_irq_chip_and_handler_name(irq, &xen_dynamic_chip, ++ handle_level_irq, "virq"); + + evtchn_to_irq[evtchn] = irq; + irq_info[irq] = mk_virq_info(evtchn, virq); +@@ -930,16 +929,6 @@ static struct irq_chip xen_dynamic_chip + .retrigger = retrigger_dynirq, + }; + +-static struct irq_chip en_percpu_chip __read_mostly = { +- .name = "xen-percpu", +- +- .disable = disable_dynirq, +- .mask = disable_dynirq, +- .unmask = enable_dynirq, +- +- .ack = ack_dynirq, +-}; +- + void __init xen_init_IRQ(void) + { + int i; diff -urNp linux-2.6.32.22/drivers/xen/sys-hypervisor.c linux-2.6.32.22/drivers/xen/sys-hypervisor.c --- linux-2.6.32.22/drivers/xen/sys-hypervisor.c 2010-08-13 16:24:37.000000000 -0400 +++ linux-2.6.32.22/drivers/xen/sys-hypervisor.c 2010-09-04 15:54:52.000000000 -0400 @@ -34053,7 +34112,7 @@ diff -urNp linux-2.6.32.22/fs/proc/array.c linux-2.6.32.22/fs/proc/array.c +#endif diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c --- linux-2.6.32.22/fs/proc/base.c 2010-08-13 16:24:37.000000000 -0400 -+++ linux-2.6.32.22/fs/proc/base.c 2010-09-04 15:54:52.000000000 -0400 ++++ linux-2.6.32.22/fs/proc/base.c 2010-09-22 18:44:37.000000000 -0400 @@ -102,6 +102,22 @@ struct pid_entry { union proc_op op; }; @@ -34124,6 +34183,15 @@ diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c do { nwords += 2; } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */ +@@ -306,7 +342,7 @@ static int proc_pid_auxv(struct task_str + } + + +-#ifdef CONFIG_KALLSYMS ++#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM) + /* + * Provides a wchan file via kallsyms in a proper one-value-per-file format. + * Returns the resolved symbol. If that fails, simply return the address. @@ -328,7 +364,7 @@ static int proc_pid_wchan(struct task_st } #endif /* CONFIG_KALLSYMS */ @@ -34304,8 +34372,12 @@ diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c INF("syscall", S_IRUSR, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2547,7 +2641,7 @@ static const struct pid_entry tgid_base_ - #ifdef CONFIG_KALLSYMS +@@ -2544,10 +2638,10 @@ static const struct pid_entry tgid_base_ + #ifdef CONFIG_SECURITY + DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), + #endif +-#ifdef CONFIG_KALLSYMS ++#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM) INF("wchan", S_IRUGO, proc_pid_wchan), #endif -#ifdef CONFIG_STACKTRACE @@ -34400,8 +34472,12 @@ diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c INF("syscall", S_IRUSR, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2880,7 +3012,7 @@ static const struct pid_entry tid_base_s - #ifdef CONFIG_KALLSYMS +@@ -2877,10 +3009,10 @@ static const struct pid_entry tid_base_s + #ifdef CONFIG_SECURITY + DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), + #endif +-#ifdef CONFIG_KALLSYMS ++#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM) INF("wchan", S_IRUGO, proc_pid_wchan), #endif -#ifdef CONFIG_STACKTRACE |