Commit f08f8376 authored by Natanael Copa's avatar Natanael Copa

main/linux-grsec: upgrade to 4.9.9

disable CONFIG_WAN
parent e8fa2493
......@@ -2,7 +2,7 @@
_mainflavor=grsec
pkgname=linux-$_mainflavor
pkgver=4.4.47
pkgver=4.9.9
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
......@@ -12,17 +12,12 @@ pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs"
makedepends="perl sed installkernel bash gmp-dev bc linux-headers mpfr-dev
mpc1-dev"
mpc1-dev elfutils-dev"
options="!strip"
install=
source="https://kernel.org/pub/linux/kernel/v4.x/linux-$_kernver.tar.xz
https://kernel.org/pub/linux/kernel/v4.x/patch-$pkgver.xz
http://dev.alpinelinux.org/~ncopa/grsec/grsecurity-3.1-$pkgver-201604252206-alpine.patch
fix-spi-nor-namespace-clash.patch
imx6q-no-unclocked-sleep.patch
gcc6.patch
http://dev.alpinelinux.org/~ncopa/grsec/grsecurity-3.1-4.9.9-201702122044.patch
config-grsec.x86
config-grsec.x86_64
config-grsec.armhf
......@@ -174,23 +169,22 @@ _dev() {
make -j1 -C "$srcdir"/linux-$_kernver O="$dir" HOSTCC="${CC:-gcc}" \
silentoldconfig prepare modules_prepare scripts
# remove the stuff that poits to real sources. we want 3rd party
# remove the stuff that points to real sources. we want 3rd party
# modules to believe this is the soruces
rm "$dir"/Makefile "$dir"/source
# copy the needed stuff from real sources
#
# this is taken from ubuntu kernel build script
# http://kernel.ubuntu.com/git?p=ubuntu/ubuntu-jaunty.git;a=blob;f=debian/rules.d/3-binary-indep.mk;hb=HEAD
# http://kernel.ubuntu.com/git/ubuntu/ubuntu-zesty.git/tree/debian/rules.d/3-binary-indep.mk
cd "$srcdir"/linux-$_kernver
find . -path './include/*' -prune -o -path './scripts/*' -prune \
-o -type f \( -name 'Makefile*' -o -name 'Kconfig*' \
-o -name 'Kbuild*' -o -name '*.sh' -o -name '*.pl' \
-o -name '*.lds' \) | cpio -pdm "$dir"
cp -a drivers/media/dvb/dvb-core/*.h "$dir"/drivers/media/dvb/dvb-core
cp -a drivers/media/video/*.h "$dir"/drivers/media/video
cp -a drivers/media/dvb/frontends/*.h "$dir"/drivers/media/dvb/frontends
cp -a scripts include "$dir"
find . -path './include/*' -prune \
-o -path './scripts/*' -prune -o -type f \
\( -name 'Makefile*' -o -name 'Kconfig*' -o -name 'Kbuild*' -o \
-name '*.sh' -o -name '*.pl' -o -name '*.lds' \) \
-print | cpio -pdm "$dir" || return 1
cp -a scripts include "$dir" || return 1
find $(find arch -name include -type d -print) -type f \
| cpio -pdm "$dir"
......@@ -202,36 +196,11 @@ _dev() {
"$subpkgdir"/lib/modules/${_abi_release}/build
}
md5sums="9a78fa2eb6c68ca5a40ed5af08142599 linux-4.4.tar.xz
4140c092d355a837ccab1707c8ad0d33 patch-4.4.47.xz
35f420e24cf50afe01cd8919bffce06d grsecurity-3.1-4.4.47-201604252206-alpine.patch
c32f1d7517a095a2645fc1c7dec5db8f fix-spi-nor-namespace-clash.patch
b11c29ee88f7f537973191036d48bee7 imx6q-no-unclocked-sleep.patch
90e0fca6cb7bca277394b0db7f605098 gcc6.patch
0220ccde4e102bd54ad334a23347a432 config-grsec.x86
e1b185c3baea29a66dfa8f90967c1120 config-grsec.x86_64
35d10d9444978dc8009e9da5e33b0f43 config-grsec.armhf
9b89c4ec614023e20f8e905ec2bad212 config-virtgrsec.x86
87243f2790108ca568192169d3ca7408 config-virtgrsec.x86_64"
sha256sums="401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2 linux-4.4.tar.xz
21fd72caa322800b4668b4464d6ac4d8d66faa0056e08a5925d5911dab438c18 patch-4.4.47.xz
f1b361ea77ceb67f9281ec5f8b0dd0f369293744e1f07d1707a08c6cecf1459a grsecurity-3.1-4.4.47-201604252206-alpine.patch
b8ce28c61663dbd92f7e1c862c042c88c4d0459ce15f6e6ea121e20705b66212 fix-spi-nor-namespace-clash.patch
7e8a954750139a421a76e414e19a3b57645c9ec70e6c14a6b7708a3fa0cfd5e4 imx6q-no-unclocked-sleep.patch
21640b417cb9a389bf7be6a11dc71a481ec76fcfcc758992a9be158ab6a643e8 gcc6.patch
8ca6e71c3b0e0013a05dd95655de733f533055bdcdaade52667789c578b9bebc config-grsec.x86
588fb21febe695a7724ec00cb1576913cdb5ad12e12d00b3a0f73342c46cfe0c config-grsec.x86_64
d975df937d5a82b48bba790bd50bf7ed04782d92755a6eeacedc9e2796633e7a config-grsec.armhf
09e5db637018516a2216c9a45a47a471af69fdf94218e6ea016ec8261cd899d3 config-virtgrsec.x86
7b38853b6d83223242832413669d7818ef1218c6b9e565e11dcc8b08f64a26e3 config-virtgrsec.x86_64"
sha512sums="13c8459933a8b80608e226a1398e3d1848352ace84bcfb7e6a4a33cb230bbe1ab719d4b58e067283df91ce5311be6d2d595fc8c19e2ae6ecc652499415614b3e linux-4.4.tar.xz
f52936ab1dc91314a3cede35f9116332ce999b6442bdb575eda68dd2e57cd96517abc18b3bb05a2492e6cd13f849a09cece13463dfaa2d81ad390f8127b62813 patch-4.4.47.xz
ba8771ffaf3919238d1e1d2d553949a29f5a7b6b416ab5621d9f6eeb2fffcd8e71288f8122258452838d293e92a9669425ebbdc31815923d69547256a5e7659c grsecurity-3.1-4.4.47-201604252206-alpine.patch
410fe7dae27cb4998d17a441a5b2a19dd350636ead2de97d4ef5317501d9e82e2550bfca0f022c9be6296907c076c381e1e13060d1900ff26ee7d47f234fb104 fix-spi-nor-namespace-clash.patch
9980eb10f529bc5ce482ab0a0037febbc982b528c3e4d02fc4547e6dd45dc529a7b1711d0c89f942b1ae27842c3794b68a6b8959ef80f6fd00183d3a591cea07 imx6q-no-unclocked-sleep.patch
edcebc229956a05621ec1c89039b56aa61b468c74b54420ff72bd08658b65d29d6af385a7d78d1ce4b39889b407106b99efe7309f8a82974a74eb9edb9e89b64 gcc6.patch
2d41ef3629dc4c2b71d2bd9707ecf1883bd9a264168425d56b35bb49cfd7b0a73b154501cf54c9f9df1848f3c564e502f276985b38a1dab3a067d5485874fcc6 config-grsec.x86
c064ba25b0cb28d2f9c20da77899c6df6844b2538225011a063094c527a5ba59de5fbf619494dfb5c45fae91b637876493cc839095a9fc559d2f8cf9aa8003d3 config-grsec.x86_64
a19b8179cce90e5cfe0ee30c85c0e9fd67274290d7556a5f2cb530ba9ee5f6e941ff96f20cebbd0223f3febfe8b0e3f30c7c2696dd9184c1d3ca9dcb0eca6f4a config-grsec.armhf
8c92f68afcf483ce203c8117d9459c3db0363a69b2112a2f1b67474532250d1ec9350aab555e69794709a045f8bf121ded9441f0cffc018b5a38746f9b908eee config-virtgrsec.x86
eb8d9d51dcbb762c954b41fa5e4d34d0a2da2fe6bd36a009db4fbf9513d07846ecbc648108cc93c1b6029b94f8a3dc703ab1d5f601fe8a70a369a3685fcb6260 config-virtgrsec.x86_64"
sha512sums="bf67ff812cc3cb7e5059e82cc5db0d9a7c5637f7ed9a42e4730c715bf7047c81ed3a571225f92a33ef0b6d65f35595bc32d773356646df2627da55e9bc7f1f1a linux-4.9.tar.xz
a7a2d44b83b00b20f1424d12af0f42e1c576d3053feacd13491ef185661fb1c789b9265c500b62f5ede39f57b72f358820000fa6c852a5f035e566ee1dfcd5d9 patch-4.9.9.xz
ba7396e1f69e89335cecd47db52c8855c993c13c9b2b9e805a0742fa1bd3a9092ae0459adb06f07a5233ff208ad9b6ced0fa68cacfe1a99b498c43ad953d5388 grsecurity-3.1-4.9.9-201702122044.patch
de080dc463af81f60e142c4ed52f294f523759710ac6d5dc227e6dc26c4bd53c61d94480a9af3e377a658360c16cab86060afd68694545cbe501d8bb0915ef36 config-grsec.x86
de5ad64e86bda944c1e6e7ae0eb77463fb0165e89c8ec23d9af12fddb79c0b566e8f3079b7bed1de8b27cef9bf1539f479e7114070772c078cb4288c45df1ff6 config-grsec.x86_64
274116a39ef092524ad85cef2e88d0e7555dfd3c6e5c15c1ec22c28776c509a6040a5221b066e96c6d18807e518ae98f03c9c1059c73b60e8d45f2a9482bd77b config-grsec.armhf
1de874523eee031c2efadfb6f7ddb86bb303b9f61d1a022e4e922f6365c3a667c2a1fdb61570a95a05c6c45689796e355eae9579e567790b757ae2a09f6be8c4 config-virtgrsec.x86
0570f4ad5af0d6e3cbf50d9e3a7d6dab8d7cba85693037e70dbee73aa1e4fc66cb217e1ef8e4a0ceb4073ffb6ada8201775bafe8401dc6dff5c07ac3bbe0f8f0 config-virtgrsec.x86_64"
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
grsec patch includes <linux/fs.h> which defines READ and WRITE.
Remove the macro hackery, and use the proper #define names for
macro invocations so there's no surprises.
--- linux-4.4/drivers/mtd/spi-nor/fsl-quadspi.c.orig
+++ linux-4.4/drivers/mtd/spi-nor/fsl-quadspi.c
@@ -183,8 +183,8 @@
/* Macros for constructing the LUT register. */
#define LUT0(ins, pad, opr) \
- (((opr) << OPRND0_SHIFT) | ((LUT_##pad) << PAD0_SHIFT) | \
- ((LUT_##ins) << INSTR0_SHIFT))
+ (((opr) << OPRND0_SHIFT) | ((pad) << PAD0_SHIFT) | \
+ ((ins) << INSTR0_SHIFT))
#define LUT1(ins, pad, opr) (LUT0(ins, pad, opr) << OPRND1_SHIFT)
@@ -364,14 +364,14 @@
dummy = 8;
}
- writel(LUT0(CMD, PAD1, cmd) | LUT1(ADDR, PAD1, addrlen),
+ writel(LUT0(LUT_CMD, LUT_PAD1, cmd) | LUT1(LUT_ADDR, LUT_PAD1, addrlen),
base + QUADSPI_LUT(lut_base));
- writel(LUT0(DUMMY, PAD1, dummy) | LUT1(FSL_READ, PAD4, rxfifo),
+ writel(LUT0(LUT_DUMMY, LUT_PAD1, dummy) | LUT1(LUT_FSL_READ, LUT_PAD4, rxfifo),
base + QUADSPI_LUT(lut_base + 1));
/* Write enable */
lut_base = SEQID_WREN * 4;
- writel(LUT0(CMD, PAD1, SPINOR_OP_WREN), base + QUADSPI_LUT(lut_base));
+ writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_WREN), base + QUADSPI_LUT(lut_base));
/* Page Program */
lut_base = SEQID_PP * 4;
@@ -385,13 +385,13 @@
addrlen = ADDR32BIT;
}
- writel(LUT0(CMD, PAD1, cmd) | LUT1(ADDR, PAD1, addrlen),
+ writel(LUT0(LUT_CMD, LUT_PAD1, cmd) | LUT1(LUT_ADDR, LUT_PAD1, addrlen),
base + QUADSPI_LUT(lut_base));
- writel(LUT0(FSL_WRITE, PAD1, 0), base + QUADSPI_LUT(lut_base + 1));
+ writel(LUT0(LUT_FSL_WRITE, LUT_PAD1, 0), base + QUADSPI_LUT(lut_base + 1));
/* Read Status */
lut_base = SEQID_RDSR * 4;
- writel(LUT0(CMD, PAD1, SPINOR_OP_RDSR) | LUT1(FSL_READ, PAD1, 0x1),
+ writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_RDSR) | LUT1(LUT_FSL_READ, LUT_PAD1, 0x1),
base + QUADSPI_LUT(lut_base));
/* Erase a sector */
@@ -400,40 +400,40 @@
cmd = q->nor[0].erase_opcode;
addrlen = q->nor_size <= SZ_16M ? ADDR24BIT : ADDR32BIT;
- writel(LUT0(CMD, PAD1, cmd) | LUT1(ADDR, PAD1, addrlen),
+ writel(LUT0(LUT_CMD, LUT_PAD1, cmd) | LUT1(LUT_ADDR, LUT_PAD1, addrlen),
base + QUADSPI_LUT(lut_base));
/* Erase the whole chip */
lut_base = SEQID_CHIP_ERASE * 4;
- writel(LUT0(CMD, PAD1, SPINOR_OP_CHIP_ERASE),
+ writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_CHIP_ERASE),
base + QUADSPI_LUT(lut_base));
/* READ ID */
lut_base = SEQID_RDID * 4;
- writel(LUT0(CMD, PAD1, SPINOR_OP_RDID) | LUT1(FSL_READ, PAD1, 0x8),
+ writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_RDID) | LUT1(LUT_FSL_READ, LUT_PAD1, 0x8),
base + QUADSPI_LUT(lut_base));
/* Write Register */
lut_base = SEQID_WRSR * 4;
- writel(LUT0(CMD, PAD1, SPINOR_OP_WRSR) | LUT1(FSL_WRITE, PAD1, 0x2),
+ writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_WRSR) | LUT1(LUT_FSL_WRITE, LUT_PAD1, 0x2),
base + QUADSPI_LUT(lut_base));
/* Read Configuration Register */
lut_base = SEQID_RDCR * 4;
- writel(LUT0(CMD, PAD1, SPINOR_OP_RDCR) | LUT1(FSL_READ, PAD1, 0x1),
+ writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_RDCR) | LUT1(LUT_FSL_READ, LUT_PAD1, 0x1),
base + QUADSPI_LUT(lut_base));
/* Write disable */
lut_base = SEQID_WRDI * 4;
- writel(LUT0(CMD, PAD1, SPINOR_OP_WRDI), base + QUADSPI_LUT(lut_base));
+ writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_WRDI), base + QUADSPI_LUT(lut_base));
/* Enter 4 Byte Mode (Micron) */
lut_base = SEQID_EN4B * 4;
- writel(LUT0(CMD, PAD1, SPINOR_OP_EN4B), base + QUADSPI_LUT(lut_base));
+ writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_EN4B), base + QUADSPI_LUT(lut_base));
/* Enter 4 Byte Mode (Spansion) */
lut_base = SEQID_BRWR * 4;
- writel(LUT0(CMD, PAD1, SPINOR_OP_BRWR), base + QUADSPI_LUT(lut_base));
+ writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_BRWR), base + QUADSPI_LUT(lut_base));
fsl_qspi_lock_lut(q);
}
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
index 7ad630a..3c66319 100644
--- a/grsecurity/gracl.c
+++ b/grsecurity/gracl.c
@@ -196,7 +196,7 @@ static int prepend(char **buffer, int *buflen, const char *str, int namelen)
static int prepend_name(char **buffer, int *buflen, struct qstr *name)
{
- return prepend(buffer, buflen, name->name, name->len);
+ return prepend(buffer, buflen, (const char *)name->name, name->len);
}
static int prepend_path(const struct path *path, struct path *root,
@@ -560,7 +560,7 @@ struct name_entry *
__lookup_name_entry(const struct gr_policy_state *state, const char *name)
{
unsigned int len = strlen(name);
- unsigned int key = full_name_hash(name, len);
+ unsigned int key = full_name_hash((const unsigned char *)name, len);
unsigned int index = key % state->name_set.n_size;
struct name_entry *match;
@@ -582,7 +582,7 @@ static struct name_entry *
lookup_name_entry_create(const char *name)
{
unsigned int len = strlen(name);
- unsigned int key = full_name_hash(name, len);
+ unsigned int key = full_name_hash((const unsigned char *)name, len);
unsigned int index = key % running_polstate.name_set.n_size;
struct name_entry *match;
diff --git a/grsecurity/gracl_policy.c b/grsecurity/gracl_policy.c
index 0773423..bfcd64a 100644
--- a/grsecurity/gracl_policy.c
+++ b/grsecurity/gracl_policy.c
@@ -351,7 +351,7 @@ insert_name_entry(char *name, const u64 inode, const dev_t device, __u8 deleted)
struct name_entry **curr, *nentry;
struct inodev_entry *ientry;
unsigned int len = strlen(name);
- unsigned int key = full_name_hash(name, len);
+ unsigned int key = full_name_hash((const unsigned char *)name, len);
unsigned int index = key % polstate->name_set.n_size;
curr = &polstate->name_set.n_hash[index];
@@ -1376,7 +1376,7 @@ lookup_special_role_auth(__u16 mode, const char *rolename, unsigned char **salt,
FOR_EACH_ROLE_END(r)
for (i = 0; i < polstate->num_sprole_pws; i++) {
- if (!strcmp(rolename, polstate->acl_special_roles[i]->rolename)) {
+ if (!strcmp(rolename, (const char *)polstate->acl_special_roles[i]->rolename)) {
*salt = polstate->acl_special_roles[i]->salt;
*sum = polstate->acl_special_roles[i]->sum;
return 1;
@@ -1664,11 +1664,11 @@ write_grsec_handler(struct file *file, const char __user * buf, size_t count, lo
}
if (lookup_special_role_auth
- (gr_usermode->mode, gr_usermode->sp_role, &sprole_salt, &sprole_sum)
+ (gr_usermode->mode, (const char *)gr_usermode->sp_role, &sprole_salt, &sprole_sum)
&& ((!sprole_salt && !sprole_sum)
|| !(chkpw(gr_usermode, sprole_salt, sprole_sum)))) {
char *p = "";
- assign_special_role(gr_usermode->sp_role);
+ assign_special_role((const char *)gr_usermode->sp_role);
read_lock(&tasklist_lock);
if (current->real_parent)
p = current->real_parent->role->rolename;
diff --git a/grsecurity/grsum.c b/grsecurity/grsum.c
index 4fb2ce6..aef6b92 100644
--- a/grsecurity/grsum.c
+++ b/grsecurity/grsum.c
@@ -32,12 +32,12 @@ chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum)
sg_init_table(sg, 2);
sg_set_buf(&sg[0], salt, GR_SALT_LEN);
- sg_set_buf(&sg[1], entry->pw, strlen(entry->pw));
+ sg_set_buf(&sg[1], entry->pw, strlen((const char *)entry->pw));
desc.tfm = tfm;
desc.flags = 0;
- cryptres = crypto_hash_digest(&desc, sg, GR_SALT_LEN + strlen(entry->pw),
+ cryptres = crypto_hash_digest(&desc, sg, GR_SALT_LEN + strlen((const char *)entry->pw),
temp_sum);
memset(entry->pw, 0, GR_PW_LEN);
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 25820d8..0491a0f 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -2386,7 +2386,7 @@ extern void sched_clock_init(void);
static inline void populate_stack(void)
{
struct task_struct *curtask = current;
- int c;
+ int __always_unused c;
int *ptr = curtask->stack;
int *end = curtask->stack + THREAD_SIZE;
diff --git a/include/linux/sysfs.h b/include/linux/sysfs.h
index a34ab2d..70fffac 100644
--- a/include/linux/sysfs.h
+++ b/include/linux/sysfs.h
@@ -517,7 +517,7 @@ static inline void sysfs_notify_dirent(struct kernfs_node *kn)
static inline struct kernfs_node *sysfs_get_dirent(struct kernfs_node *parent,
const unsigned char *name)
{
- return kernfs_find_and_get(parent, name);
+ return kernfs_find_and_get(parent, (const char *)name);
}
static inline struct kernfs_node *sysfs_get(struct kernfs_node *kn)
The FEC NIC IRQ line does not wake up from unclocked sleep. Disable
unclocked sleep for now (bad for battery - good for performance).
diff --git a/arch/arm/mach-imx/cpuidle-imx6q.c b/arch/arm/mach-imx/cpuidle-imx6q.c
index 23ddfb6..c1ae29f 100644
--- a/arch/arm/mach-imx/cpuidle-imx6q.c
+++ b/arch/arm/mach-imx/cpuidle-imx6q.c
@@ -27,7 +27,7 @@ static int imx6q_enter_wait(struct cpuidle_device *dev,
*/
if (!spin_trylock(&master_lock))
goto idle;
- imx6_set_lpm(WAIT_UNCLOCKED);
+ //imx6_set_lpm(WAIT_UNCLOCKED);
cpu_do_idle();
imx6_set_lpm(WAIT_CLOCKED);
spin_unlock(&master_lock);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment