Commit 5318c56c authored by Natanael Copa's avatar Natanael Copa

main/linux-grsec: upgrade to 200908311711. fix for serial console

Fixes #115
parent 5d469231
......@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=2.6.30.5
_kernver=2.6.30
pkgrel=1
pkgrel=2
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs"
......@@ -13,7 +13,7 @@ _config=${config:-kernelconfig}
install="$pkgname.post-install $pkgname.post-upgrade"
source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
grsecurity-2.1.14-2.6.30.5-200908281917.patch
grsecurity-2.1.14-2.6.30.5-200908311711.patch
net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
$_config
"
......@@ -112,6 +112,6 @@ dev() {
md5sums="7a80058a6382e5108cdb5554d1609615 linux-2.6.30.tar.bz2
47841c7ff5c81a7b349a79f2fa8e9138 patch-2.6.30.5.bz2
dee5a6292fb12018eb3bd3d014f89407 grsecurity-2.1.14-2.6.30.5-200908281917.patch
105d22bfc672508d6ed94a4f823a3e24 grsecurity-2.1.14-2.6.30.5-200908311711.patch
ca05fd252783b82e01610e775cf56498 net-next-2.6.git-5ef12d98a19254ee5dc851bd83e214b43ec1f725.patch
ede34b2613f54cf1eae8f37a61d0e085 kernelconfig"
35d29ea012d4b009ce2bd37b7540903e kernelconfig"
......@@ -38765,7 +38765,7 @@ diff -urNp linux-2.6.30.5/kernel/lockdep_proc.c linux-2.6.30.5/kernel/lockdep_pr
.stop = ls_stop,
diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c
--- linux-2.6.30.5/kernel/module.c 2009-07-24 17:47:51.000000000 -0400
+++ linux-2.6.30.5/kernel/module.c 2009-08-04 17:52:34.401055170 -0400
+++ linux-2.6.30.5/kernel/module.c 2009-08-31 17:10:48.583705296 -0400
@@ -46,6 +46,11 @@
#include <linux/rculist.h>
#include <asm/uaccess.h>
......@@ -39045,26 +39045,26 @@ diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c
- mod->module_core = ptr;
+ memset(ptr, 0, mod->core_size_rw);
+ mod->module_core_rw = ptr;
+
+ ptr = module_alloc_update_bounds_rw(mod->init_size_rw);
+ if (!ptr && mod->init_size_rw) {
+ err = -ENOMEM;
+ goto free_core_rw;
+ }
+ memset(ptr, 0, mod->init_size_rw);
+ mod->module_init_rw = ptr;
- ptr = module_alloc_update_bounds(mod->init_size);
- if (!ptr && mod->init_size) {
+ ptr = module_alloc_update_bounds_rx(mod->core_size_rx);
+ if (!ptr) {
+ ptr = module_alloc_update_bounds_rw(mod->init_size_rw);
+ if (!ptr && mod->init_size_rw) {
err = -ENOMEM;
- goto free_core;
+ goto free_init_rw;
+ goto free_core_rw;
}
- memset(ptr, 0, mod->init_size);
- mod->module_init = ptr;
+ memset(ptr, 0, mod->init_size_rw);
+ mod->module_init_rw = ptr;
+ ptr = module_alloc_update_bounds_rx(mod->core_size_rx);
+ if (!ptr) {
+ err = -ENOMEM;
+ goto free_init_rw;
+ }
+
+#ifdef CONFIG_PAX_KERNEXEC
+ pax_open_kernel(cr0);
+#endif
......@@ -39121,7 +39121,10 @@ diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c
+ }
+
+ if (sechdrs[i].sh_type != SHT_NOBITS) {
+
- if (sechdrs[i].sh_type != SHT_NOBITS)
- memcpy(dest, (void *)sechdrs[i].sh_addr,
- sechdrs[i].sh_size);
+#ifdef CONFIG_PAX_KERNEXEC
+ if (!(sechdrs[i].sh_flags & SHF_WRITE) && (sechdrs[i].sh_flags & SHF_ALLOC)) {
+ pax_open_kernel(cr0);
......@@ -39129,10 +39132,7 @@ diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c
+ pax_close_kernel(cr0);
+ } else
+#endif
- if (sechdrs[i].sh_type != SHT_NOBITS)
- memcpy(dest, (void *)sechdrs[i].sh_addr,
- sechdrs[i].sh_size);
+
+ memcpy(dest, (void *)sechdrs[i].sh_addr, sechdrs[i].sh_size);
+ }
/* Update sh_addr to point to copy in image. */
......@@ -39287,7 +39287,23 @@ diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c
/* Taints info */
if (mod->taints)
@@ -2781,12 +2929,12 @@ struct module *__module_address(unsigned
@@ -2722,7 +2870,15 @@ static const struct file_operations proc
static int __init proc_modules_init(void)
{
+#ifndef CONFIG_GRKERNSEC_HIDESYM
+#ifdef CONFIG_GRKERNSEC_PROC_USER
+ proc_create("modules", S_IRUSR, NULL, &proc_modules_operations);
+#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
+ proc_create("modules", S_IRUSR | S_IRGRP, NULL, &proc_modules_operations);
+#else
proc_create("modules", 0, NULL, &proc_modules_operations);
+#endif
+#endif
return 0;
}
module_init(proc_modules_init);
@@ -2781,12 +2937,12 @@ struct module *__module_address(unsigned
{
struct module *mod;
......@@ -39303,7 +39319,7 @@ diff -urNp linux-2.6.30.5/kernel/module.c linux-2.6.30.5/kernel/module.c
return mod;
return NULL;
}
@@ -2820,11 +2968,20 @@ bool is_module_text_address(unsigned lon
@@ -2820,11 +2976,20 @@ bool is_module_text_address(unsigned lon
*/
struct module *__module_text_address(unsigned long addr)
{
#
# Automatically generated make config: don't edit
# Linux kernel version: 2.6.30.5
# Thu Aug 27 08:08:50 2009
# Wed Sep 2 06:25:44 2009
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
......@@ -2302,12 +2302,21 @@ CONFIG_NOZOMI=m
CONFIG_SERIAL_8250=y
CONFIG_SERIAL_8250_CONSOLE=y
CONFIG_FIX_EARLYCON_MEM=y
CONFIG_SERIAL_8250_PCI=m
CONFIG_SERIAL_8250_PNP=m
CONFIG_SERIAL_8250_PCI=y
CONFIG_SERIAL_8250_PNP=y
CONFIG_SERIAL_8250_CS=m
CONFIG_SERIAL_8250_NR_UARTS=16
CONFIG_SERIAL_8250_RUNTIME_UARTS=4
# CONFIG_SERIAL_8250_EXTENDED is not set
CONFIG_SERIAL_8250_EXTENDED=y
CONFIG_SERIAL_8250_MANY_PORTS=y
CONFIG_SERIAL_8250_FOURPORT=m
CONFIG_SERIAL_8250_ACCENT=m
CONFIG_SERIAL_8250_BOCA=m
CONFIG_SERIAL_8250_EXAR_ST16C554=m
CONFIG_SERIAL_8250_HUB6=m
CONFIG_SERIAL_8250_SHARE_IRQ=y
# CONFIG_SERIAL_8250_DETECT_IRQ is not set
CONFIG_SERIAL_8250_RSA=y
#
# Non-8250 serial port support
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment