Commit 735a11bf authored by Timo Teräs's avatar Timo Teräs
Browse files

main/linux-grsec: upgrade to 4.4.10

parent bcb414cd
......@@ -2,12 +2,12 @@
_mainflavor=grsec
pkgname=linux-$_mainflavor
pkgver=4.4.8
pkgver=4.4.10
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
pkgrel=2
pkgrel=0
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs"
......@@ -17,11 +17,10 @@ options="!strip"
install=
source="http://ftp.kernel.org/pub/linux/kernel/v4.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v4.x/patch-$pkgver.xz
https://raw.githubusercontent.com/slashbeast/grsecurity-scrape/master/test/grsecurity-3.1-4.4.8-201604252206.patch
http://dev.alpinelinux.org/~tteras/grsec/grsecurity-3.1-4.4.10-201604252206-alpine.patch
fix-spi-nor-namespace-clash.patch
imx6q-no-unclocked-sleep.patch
xsa174.patch
config-grsec.x86
config-grsec.x86_64
......@@ -212,33 +211,30 @@ virtgrsec_dev() {
}
md5sums="9a78fa2eb6c68ca5a40ed5af08142599 linux-4.4.tar.xz
c1d8f46e5b2ee7c925fc38f20a3726d3 patch-4.4.8.xz
c2a6b88b18bc5b54d0d7122a1c692060 grsecurity-3.1-4.4.8-201604252206.patch
1b9a296c0d0b778e8173299618f2d84f patch-4.4.10.xz
332d70ecd3eb373ce3c54888b6dbae3c grsecurity-3.1-4.4.10-201604252206-alpine.patch
c32f1d7517a095a2645fc1c7dec5db8f fix-spi-nor-namespace-clash.patch
b11c29ee88f7f537973191036d48bee7 imx6q-no-unclocked-sleep.patch
14a8a1826416f04ae98918145139cea6 xsa174.patch
af91f128ddf9407bb212cbaebca79354 config-grsec.x86
503656217c0cfb0c481b3804285f0166 config-grsec.x86_64
a453b5ddc5ce5b1ed487747ae785d615 config-grsec.armhf
ff753181afb1538d9d3d14fe65f834c8 config-virtgrsec.x86
807a5cc9253c26d96243cc3188f7ea8c config-virtgrsec.x86_64"
sha256sums="401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2 linux-4.4.tar.xz
11ec99ae0600bd831ff8d71b77e64592f4b6918b7857fd9ff0284ea4cf267b4e patch-4.4.8.xz
b631b75cf38e08409812e9869f3a8b5b5b5085ba32ab62fd4c03d803f652a57f grsecurity-3.1-4.4.8-201604252206.patch
df66bd2532cac85dfb85d6ca9b750689e02278442652a0b047304e3322947d17 patch-4.4.10.xz
dad9b44b8c9cc7de7127fb8757213e0694df89559da5d1ef40c90772124b4949 grsecurity-3.1-4.4.10-201604252206-alpine.patch
b8ce28c61663dbd92f7e1c862c042c88c4d0459ce15f6e6ea121e20705b66212 fix-spi-nor-namespace-clash.patch
7e8a954750139a421a76e414e19a3b57645c9ec70e6c14a6b7708a3fa0cfd5e4 imx6q-no-unclocked-sleep.patch
cbec70e183f76b4081ebba05c0a8105bd4952d164a2e5c40528c05bf8861ddef xsa174.patch
c247a003fb358f611d801277f89a13393d1620ad804553ada97433ef52a7706b config-grsec.x86
d2b771f67eecad71745956dc0dea40fc702f39e4caee195b11877307d5ab2622 config-grsec.x86_64
ac8407f225ff6cb6be9ccd69729262241e61455f816cdea3070e30ddf453f7db config-grsec.armhf
8b4a1927b831e94f65ec1b08f9e3bf3f64cea1e6e85e3b6b3dc1a8796e0f206d config-virtgrsec.x86
5d46d80c811d6d321569f3f4550769cd4f68b46b8fa5406e7b0f350e00eec1a6 config-virtgrsec.x86_64"
sha512sums="13c8459933a8b80608e226a1398e3d1848352ace84bcfb7e6a4a33cb230bbe1ab719d4b58e067283df91ce5311be6d2d595fc8c19e2ae6ecc652499415614b3e linux-4.4.tar.xz
d53d6950bc121107fecec91b4cd33473b0b18e7188bd387cd02f3ab4ece0f7dc6f1530ad9b7a44655afb7d823fb94ad8d8710902367c9b12911eb2247a12f2c7 patch-4.4.8.xz
49ec328ec1a5232af1f370101a64d9b7021bd2cb7744b3db181311d6aa4886ba1ef36457fbf22b97b21b0ad313fbea780c9441778e4d5bb9f8deae76dd6e499d grsecurity-3.1-4.4.8-201604252206.patch
05277847fb0cd1ae2c488031935979964706f76fd44b2f0790ecc4c8a785e6c3e43af45213f09f07e26ab74f43b5569f6bf87fd15ef9721cf3163abfa49dda7c patch-4.4.10.xz
53c24590a97f037d1f8a1e7219bb8c422c2efbc90252dd67b69f333f0f651e0321f04376f0119685650e8f8c372cc6185ea31085334bff4a2a9af769672c8ec4 grsecurity-3.1-4.4.10-201604252206-alpine.patch
410fe7dae27cb4998d17a441a5b2a19dd350636ead2de97d4ef5317501d9e82e2550bfca0f022c9be6296907c076c381e1e13060d1900ff26ee7d47f234fb104 fix-spi-nor-namespace-clash.patch
9980eb10f529bc5ce482ab0a0037febbc982b528c3e4d02fc4547e6dd45dc529a7b1711d0c89f942b1ae27842c3794b68a6b8959ef80f6fd00183d3a591cea07 imx6q-no-unclocked-sleep.patch
a86f88db750defec35d3afebdde565de2c6bc304f9a110c6091e0d38261a4bdc0ddbdd1df1913a894f57877acacfdb96d98635729f913a7ed344f627e40a9af3 xsa174.patch
d7cb2b8600bd95c25aba5fc21f27a89eb1257d003c6e98bc81989a6027536c15c4c4abbcdc16fadd84383d3e29c6814ddf0c4f8524b53b69eed8763cc2c14e92 config-grsec.x86
900d18cb27b99ca91cb48fa8fc27a74f1b700eb826ef26fcfa18a379e9b7521ddac65edc57757de766e76d1c576a4d6e80a6778afc3c34394b165ab9a707cba0 config-grsec.x86_64
97de0656bbf99b66431587fda8c914aa08950c1865de018ed7a1b5f99b98f91e2e935d2341dbab44af1ca8c2370953fbbeca58c00e201f97e1b15bbec41d52d6 config-grsec.armhf
......
x86/xen: suppress hugetlbfs in PV guests
Huge pages are not normally available to PV guests. Not suppressing
hugetlbfs use results in an endless loop of page faults when user mode
code tries to access a hugetlbfs mapped area (since the hypervisor
denies such PTEs to be created, but error indications can't be
propagated out of xen_set_pte_at(), just like for various of its
siblings), and - once killed in an oops like this:
kernel BUG at .../fs/hugetlbfs/inode.c:428!
invalid opcode: 0000 [#1] SMP
Modules linked in: ...
Supported: Yes
CPU: 2 PID: 6088 Comm: hugetlbfs Tainted: G W 4.4.0-2016-01-20-pv #2
Hardware name: ...
task: ffff8808059205c0 ti: ffff880803c84000 task.ti: ffff880803c84000
RIP: e030:[<ffffffff811c333b>] [<ffffffff811c333b>] remove_inode_hugepages+0x25b/0x320
RSP: e02b:ffff880803c879a8 EFLAGS: 00010202
RAX: 000000000077a4db RBX: ffffea001acff000 RCX: 0000000078417d38
RDX: 0000000000000000 RSI: 000000007e154fa7 RDI: ffff880805d70960
RBP: 0000000000000960 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: ffff880807486018 R14: 0000000000000000 R15: ffff880803c87af0
FS: 00007f85fa8b8700(0000) GS:ffff88080b640000(0000) knlGS:0000000000000000
CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f85fa000000 CR3: 0000000001a0a000 CR4: 0000000000040660
Stack:
ffff880000000fb0 ffff880803c87a18 ffff880803c87ae8 ffff8808059205c0
ffff880803c87af0 ffff880803c87ae8 ffff880807486018 0000000000000000
ffffffff81bf6e60 ffff880807486168 000003ffffffffff 0000000003c87758
Call Trace:
[<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40
[<ffffffff81167b3d>] evict+0xbd/0x1b0
[<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0
[<ffffffff81165b0e>] dput+0x1fe/0x220
[<ffffffff81150535>] __fput+0x155/0x200
[<ffffffff81079fc0>] task_work_run+0x60/0xa0
[<ffffffff81063510>] do_exit+0x160/0x400
[<ffffffff810637eb>] do_group_exit+0x3b/0xa0
[<ffffffff8106e8bd>] get_signal+0x1ed/0x470
[<ffffffff8100f854>] do_signal+0x14/0x110
[<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0
[<ffffffff814178a5>] retint_user+0x8/0x13
This is XSA-174.
Reported-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Cc: stable@vger.kernel.org
---
v2: Make Xen-inspecific, by using cpu_has_pse.
--- a/arch/x86/include/asm/hugetlb.h
+++ b/arch/x86/include/asm/hugetlb.h
@@ -4,6 +4,7 @@
#include <asm/page.h>
#include <asm-generic/hugetlb.h>
+#define hugepages_supported() cpu_has_pse
static inline int is_hugepage_only_range(struct mm_struct *mm,
unsigned long addr,
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment