diff options
Diffstat (limited to 'libre/linux-libre-grsec')
6 files changed, 30 insertions, 366 deletions
diff --git a/libre/linux-libre-grsec/0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch b/libre/linux-libre-grsec/0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch deleted file mode 100644 index 898ee1543..000000000 --- a/libre/linux-libre-grsec/0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch +++ /dev/null @@ -1,110 +0,0 @@ -From 720a9dbf61c88bd57d6f8198ed8ccb2bd4a6abd8 Mon Sep 17 00:00:00 2001 -From: Matt Fleming <matt@console-pimps.org> -Date: Wed, 9 Apr 2014 10:33:49 +0200 -Subject: [PATCH 07/10] x86/efi: Correct EFI boot stub use of code32_start -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -code32_start should point at the start of the protected mode code, and -*not* at the beginning of the bzImage. This is much easier to do in -assembly so document that callers of make_boot_params() need to fill out -code32_start. - -The fallout from this bug is that we would end up relocating the image -but copying the image at some offset, resulting in what appeared to be -memory corruption. - -Reported-by: Thomas Bächler <thomas@archlinux.org> -Signed-off-by: Matt Fleming <matt.fleming@intel.com> ---- - arch/x86/boot/compressed/eboot.c | 5 +++-- - arch/x86/boot/compressed/head_32.S | 14 ++++++++------ - arch/x86/boot/compressed/head_64.S | 9 +++------ - 3 files changed, 14 insertions(+), 14 deletions(-) - -diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index a7677ba..78cbb2d 100644 ---- a/arch/x86/boot/compressed/eboot.c -+++ b/arch/x86/boot/compressed/eboot.c -@@ -425,6 +425,9 @@ void setup_graphics(struct boot_params *boot_params) - * Because the x86 boot code expects to be passed a boot_params we - * need to create one ourselves (usually the bootloader would create - * one for us). -+ * -+ * The caller is responsible for filling out ->code32_start in the -+ * returned boot_params. - */ - struct boot_params *make_boot_params(void *handle, efi_system_table_t *_table) - { -@@ -483,8 +486,6 @@ struct boot_params *make_boot_params(void *handle, efi_system_table_t *_table) - hdr->vid_mode = 0xffff; - hdr->boot_flag = 0xAA55; - -- hdr->code32_start = (__u64)(unsigned long)image->image_base; -- - hdr->type_of_loader = 0x21; - - /* Convert unicode cmdline to ascii */ -diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S -index 9116aac..f45ab7a 100644 ---- a/arch/x86/boot/compressed/head_32.S -+++ b/arch/x86/boot/compressed/head_32.S -@@ -50,6 +50,13 @@ ENTRY(efi_pe_entry) - pushl %eax - pushl %esi - pushl %ecx -+ -+ call reloc -+reloc: -+ popl %ecx -+ subl reloc, %ecx -+ movl %ecx, BP_code32_start(%eax) -+ - sub $0x4, %esp - - ENTRY(efi_stub_entry) -@@ -63,12 +70,7 @@ ENTRY(efi_stub_entry) - hlt - jmp 1b - 2: -- call 3f --3: -- popl %eax -- subl $3b, %eax -- subl BP_pref_address(%esi), %eax -- add BP_code32_start(%esi), %eax -+ movl BP_code32_start(%esi), %eax - leal preferred_addr(%eax), %eax - jmp *%eax - -diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S -index c5c1ae0..b10fa66 100644 ---- a/arch/x86/boot/compressed/head_64.S -+++ b/arch/x86/boot/compressed/head_64.S -@@ -217,6 +217,8 @@ ENTRY(efi_pe_entry) - cmpq $0,%rax - je 1f - mov %rax, %rdx -+ leaq startup_32(%rip), %rax -+ movl %eax, BP_code32_start(%rdx) - popq %rsi - popq %rdi - -@@ -230,12 +232,7 @@ ENTRY(efi_stub_entry) - hlt - jmp 1b - 2: -- call 3f --3: -- popq %rax -- subq $3b, %rax -- subq BP_pref_address(%rsi), %rax -- add BP_code32_start(%esi), %eax -+ movl BP_code32_start(%esi), %eax - leaq preferred_addr(%rax), %rax - jmp *%rax - --- -1.9.2 - diff --git a/libre/linux-libre-grsec/0008-futex-avoid-race-between-requeue-and-wake.patch b/libre/linux-libre-grsec/0008-futex-avoid-race-between-requeue-and-wake.patch deleted file mode 100644 index 8685e1168..000000000 --- a/libre/linux-libre-grsec/0008-futex-avoid-race-between-requeue-and-wake.patch +++ /dev/null @@ -1,94 +0,0 @@ -From aafcd8f8692fb9e389608c1efad2e57c0bbb9362 Mon Sep 17 00:00:00 2001 -From: Linus Torvalds <torvalds@linux-foundation.org> -Date: Tue, 8 Apr 2014 15:30:07 -0700 -Subject: [PATCH 08/10] futex: avoid race between requeue and wake - -commit 69cd9eba38867a493a043bb13eb9b33cad5f1a9a upstream. - -Jan Stancek reported: - "pthread_cond_broadcast/4-1.c testcase from openposix testsuite (LTP) - occasionally fails, because some threads fail to wake up. - - Testcase creates 5 threads, which are all waiting on same condition. - Main thread then calls pthread_cond_broadcast() without holding mutex, - which calls: - - futex(uaddr1, FUTEX_CMP_REQUEUE_PRIVATE, 1, 2147483647, uaddr2, ..) - - This immediately wakes up single thread A, which unlocks mutex and - tries to wake up another thread: - - futex(uaddr2, FUTEX_WAKE_PRIVATE, 1) - - If thread A manages to call futex_wake() before any waiters are - requeued for uaddr2, no other thread is woken up" - -The ordering constraints for the hash bucket waiter counting are that -the waiter counts have to be incremented _before_ getting the spinlock -(because the spinlock acts as part of the memory barrier), but the -"requeue" operation didn't honor those rules, and nobody had even -thought about that case. - -This fairly simple patch just increments the waiter count for the target -hash bucket (hb2) when requeing a futex before taking the locks. It -then decrements them again after releasing the lock - the code that -actually moves the futex(es) between hash buckets will do the additional -required waiter count housekeeping. - -Reported-and-tested-by: Jan Stancek <jstancek@redhat.com> -Acked-by: Davidlohr Bueso <davidlohr@hp.com> -Cc: Peter Zijlstra <peterz@infradead.org> -Cc: Thomas Gleixner <tglx@linutronix.de> -Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - kernel/futex.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git a/kernel/futex.c b/kernel/futex.c -index 08ec814..16b1f2c 100644 ---- a/kernel/futex.c -+++ b/kernel/futex.c -@@ -1450,6 +1450,7 @@ retry: - hb2 = hash_futex(&key2); - - retry_private: -+ hb_waiters_inc(hb2); - double_lock_hb(hb1, hb2); - - if (likely(cmpval != NULL)) { -@@ -1459,6 +1460,7 @@ retry_private: - - if (unlikely(ret)) { - double_unlock_hb(hb1, hb2); -+ hb_waiters_dec(hb2); - - ret = get_user(curval, uaddr1); - if (ret) -@@ -1508,6 +1510,7 @@ retry_private: - break; - case -EFAULT: - double_unlock_hb(hb1, hb2); -+ hb_waiters_dec(hb2); - put_futex_key(&key2); - put_futex_key(&key1); - ret = fault_in_user_writeable(uaddr2); -@@ -1517,6 +1520,7 @@ retry_private: - case -EAGAIN: - /* The owner was exiting, try again. */ - double_unlock_hb(hb1, hb2); -+ hb_waiters_dec(hb2); - put_futex_key(&key2); - put_futex_key(&key1); - cond_resched(); -@@ -1592,6 +1596,7 @@ retry_private: - - out_unlock: - double_unlock_hb(hb1, hb2); -+ hb_waiters_dec(hb2); - - /* - * drop_futex_key_refs() must be called outside the spinlocks. During --- -1.9.2 - diff --git a/libre/linux-libre-grsec/0009-iwlwifi-mvm-rs-fix-search-cycle-rules.patch b/libre/linux-libre-grsec/0009-iwlwifi-mvm-rs-fix-search-cycle-rules.patch deleted file mode 100644 index 5acbf53dd..000000000 --- a/libre/linux-libre-grsec/0009-iwlwifi-mvm-rs-fix-search-cycle-rules.patch +++ /dev/null @@ -1,125 +0,0 @@ -From 06af061dd673d749d5516bea41e2becb034e00b8 Mon Sep 17 00:00:00 2001 -From: Eyal Shapira <eyal@wizery.com> -Date: Sun, 16 Mar 2014 05:23:21 +0200 -Subject: [PATCH 09/10] iwlwifi: mvm: rs: fix search cycle rules - -commit 8930b05090acd321b1fc7c642528c697cb105c42 upstream. - -We should explore all possible columns when searching to be -as resilient as possible to changing conditions. This fixes -for example a scenario where even after a sudden creation of -rssi difference between the 2 antennas we would keep doing MIMO -at a low rate instead of switching to SISO at a higher rate using -the better antenna which was the optimal configuration. - -Signed-off-by: Eyal Shapira <eyalx.shapira@intel.com> -Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - drivers/net/wireless/iwlwifi/mvm/rs.c | 36 +++++++++++++++++------------------ - 1 file changed, 18 insertions(+), 18 deletions(-) - -diff --git a/drivers/net/wireless/iwlwifi/mvm/rs.c b/drivers/net/wireless/iwlwifi/mvm/rs.c -index 6abf74e..5bc8715 100644 ---- a/drivers/net/wireless/iwlwifi/mvm/rs.c -+++ b/drivers/net/wireless/iwlwifi/mvm/rs.c -@@ -211,9 +211,9 @@ static const struct rs_tx_column rs_tx_columns[] = { - .next_columns = { - RS_COLUMN_LEGACY_ANT_B, - RS_COLUMN_SISO_ANT_A, -+ RS_COLUMN_SISO_ANT_B, - RS_COLUMN_MIMO2, -- RS_COLUMN_INVALID, -- RS_COLUMN_INVALID, -+ RS_COLUMN_MIMO2_SGI, - }, - }, - [RS_COLUMN_LEGACY_ANT_B] = { -@@ -221,10 +221,10 @@ static const struct rs_tx_column rs_tx_columns[] = { - .ant = ANT_B, - .next_columns = { - RS_COLUMN_LEGACY_ANT_A, -+ RS_COLUMN_SISO_ANT_A, - RS_COLUMN_SISO_ANT_B, - RS_COLUMN_MIMO2, -- RS_COLUMN_INVALID, -- RS_COLUMN_INVALID, -+ RS_COLUMN_MIMO2_SGI, - }, - }, - [RS_COLUMN_SISO_ANT_A] = { -@@ -234,8 +234,8 @@ static const struct rs_tx_column rs_tx_columns[] = { - RS_COLUMN_SISO_ANT_B, - RS_COLUMN_MIMO2, - RS_COLUMN_SISO_ANT_A_SGI, -- RS_COLUMN_INVALID, -- RS_COLUMN_INVALID, -+ RS_COLUMN_SISO_ANT_B_SGI, -+ RS_COLUMN_MIMO2_SGI, - }, - .checks = { - rs_siso_allow, -@@ -248,8 +248,8 @@ static const struct rs_tx_column rs_tx_columns[] = { - RS_COLUMN_SISO_ANT_A, - RS_COLUMN_MIMO2, - RS_COLUMN_SISO_ANT_B_SGI, -- RS_COLUMN_INVALID, -- RS_COLUMN_INVALID, -+ RS_COLUMN_SISO_ANT_A_SGI, -+ RS_COLUMN_MIMO2_SGI, - }, - .checks = { - rs_siso_allow, -@@ -263,8 +263,8 @@ static const struct rs_tx_column rs_tx_columns[] = { - RS_COLUMN_SISO_ANT_B_SGI, - RS_COLUMN_MIMO2_SGI, - RS_COLUMN_SISO_ANT_A, -- RS_COLUMN_INVALID, -- RS_COLUMN_INVALID, -+ RS_COLUMN_SISO_ANT_B, -+ RS_COLUMN_MIMO2, - }, - .checks = { - rs_siso_allow, -@@ -279,8 +279,8 @@ static const struct rs_tx_column rs_tx_columns[] = { - RS_COLUMN_SISO_ANT_A_SGI, - RS_COLUMN_MIMO2_SGI, - RS_COLUMN_SISO_ANT_B, -- RS_COLUMN_INVALID, -- RS_COLUMN_INVALID, -+ RS_COLUMN_SISO_ANT_A, -+ RS_COLUMN_MIMO2, - }, - .checks = { - rs_siso_allow, -@@ -292,10 +292,10 @@ static const struct rs_tx_column rs_tx_columns[] = { - .ant = ANT_AB, - .next_columns = { - RS_COLUMN_SISO_ANT_A, -+ RS_COLUMN_SISO_ANT_B, -+ RS_COLUMN_SISO_ANT_A_SGI, -+ RS_COLUMN_SISO_ANT_B_SGI, - RS_COLUMN_MIMO2_SGI, -- RS_COLUMN_INVALID, -- RS_COLUMN_INVALID, -- RS_COLUMN_INVALID, - }, - .checks = { - rs_mimo_allow, -@@ -307,10 +307,10 @@ static const struct rs_tx_column rs_tx_columns[] = { - .sgi = true, - .next_columns = { - RS_COLUMN_SISO_ANT_A_SGI, -+ RS_COLUMN_SISO_ANT_B_SGI, -+ RS_COLUMN_SISO_ANT_A, -+ RS_COLUMN_SISO_ANT_B, - RS_COLUMN_MIMO2, -- RS_COLUMN_INVALID, -- RS_COLUMN_INVALID, -- RS_COLUMN_INVALID, - }, - .checks = { - rs_mimo_allow, --- -1.9.2 - diff --git a/libre/linux-libre-grsec/PKGBUILD b/libre/linux-libre-grsec/PKGBUILD index 97aab4398..5d1d2da74 100644 --- a/libre/linux-libre-grsec/PKGBUILD +++ b/libre/linux-libre-grsec/PKGBUILD @@ -12,13 +12,13 @@ pkgbase=linux-libre-grsec # Build stock -LIBRE-GRSEC kernel #pkgbase=linux-libre-custom # Build kernel with a different name _basekernel=3.14 -_sublevel=2 +_sublevel=3 _grsecver=3.0 -_timestamp=201405051841 +_timestamp=201405071928 _pkgver=${_basekernel}.${_sublevel} pkgver=${_basekernel}.${_sublevel}.${_timestamp} pkgrel=1 -_lxopkgver=${_basekernel}.2 # nearly always the same as pkgver +_lxopkgver=${_basekernel}.3 # nearly always the same as pkgver arch=('i686' 'x86_64' 'mips64el') url="https://grsecurity.net/" license=('GPL2') @@ -42,7 +42,6 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn '0004-fs-Don-t-return-0-from-get_anon_bdev.patch' '0005-Revert-Bluetooth-Enable-autosuspend-for-Intel-Blueto.patch' '0006-genksyms-fix-typeof-handling.patch' - '0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch' '0010-iwlwifi-mvm-delay-enabling-smart-FIFO-until-after-be.patch' '0011-kernfs-fix-removed-error-check.patch' '0012-fix-saa7134.patch' @@ -50,35 +49,34 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_basekernel}-gn '0015-fix-xsdt-validation.patch' 'sysctl.conf' "http://www.linux-libre.fsfla.org/pub/linux-libre/lemote/gnewsense/pool/debuginfo/linux-patches-${_lxopkgver}-gnu_0loongsonlibre_mipsel.tar.xz") -md5sums=('c108ec52eeb2a9b9ddbb8d12496ff25f' - '77c34d5c5c2663d0daaf8ad3761fbaf3' - '886c74ae6a77a7c380f14226fc5f4058' - 'SKIP' - '1b830bf677c7df400ac30192fa37f97f' - '408dd180559f71dab1fcc80a19da1343' - '5f66bed97a5c37e48eb2f71b2d354b9a' - '2967cecc3af9f954ccc822fd63dca6ff' - '8267264d9a8966e57fdacd1fa1fc65c4' - '14bb375a8a1d86d2875f72fcbaa03f3e' - '98beb36f9b8cf16e58de2483ea9985e3' - '6839ddec74a5300beff1709a81b0e4f3' - '706549e8a05f33f7fc697f28c0ca71d2' - 'd23fc66be93ebce698bd7da844789de1' - 'b240cc8ebb4b5d74e94b4c72d033f726' - 'a89d593774ccb955eb8368d3bc87ce26' - '16a161979f846b049e90daea907c35dd' - '00727251b0d337a25d3ca392218afdf4' - '353b553d69da810ef954618aca60e1e2' - 'b3f98eba6322463ed6644784c56893be' - '4f547d79fa1b2bb855dc2996be2a515e' - '21d25aef69f9da33c6087b7ffd97783e' - '278417ab07b6f5fe8e3e0ed656f35f3e' - '7a052645280da78a98bfe8cf805ddab5' - '4a8ea53fef63e90c5244c2f2806ad4c8') +sha256sums=('477555c709b9407fe37dbd70d3331ff9dde1f9d874aba2741f138d07ae6f281b' + 'fcd8398a41a7e55e44123857342fd9041ae1bdacbcf8c5099a53293c96e6fba6' + 'ca5bd99e3ee12836e2442c096fa2af7fdf9f75f750a471a0c0e981b08abdd330' + 'SKIP' + '16ee96f4e9c5686f5fc72242932e872b26c5ad7c8b8c022ff2a3fe68f6c1a6f0' + 'ea3eec6e11c4feda78493c15c89defcfa482597d069b3c7c9b7bf60121d24ad7' + '9d2f34f1a8c514a7117b9b017a1f7312fb351f4d0b079eed102f89361534d486' + 'c5451d5e1eafc4f8d28b1a2958ec3102c124433a414a86450fc32058e004156b' + '55bf07738a3286168a7929ae16dbca29defd14e77b9d24c487ae4c3d12bb9eb9' + 'f913384dd6dbafca476fcf4ccd35f0f497dda5f3074866022facdb92647771f6' + 'faced4eb4c47c4eb1a9ee8a5bf8a7c4b49d6b4d78efbe426e410730e6267d182' + '6d72e14552df59e6310f16c176806c408355951724cd5b48a47bf01591b8be02' + '52dec83a8805a8642d74d764494acda863e0aa23e3d249e80d4b457e20a3fd29' + '65d58f63215ee3c5f9c4fc6bce36fc5311a6c7dbdbe1ad29de40647b47ff9c0d' + '1e1ae0f31f722e80da083ecada1f1be57f9ddad133941820c4483b0240e494c1' + '3fffb01cf97a5a7ab9601cb277d2468c0fb1e1cceba4225915f3ffae3a5694ec' + 'cf2e7a2d00787f754028e7459688c2755a406e632ce48b60952fa4ff7ed6f4b7' + 'c0af4622f75c89fef62183e18b7d49998228d4eaa906c6accaf4aa4ff0134f85' + '04f44bf5c181d6dc31905937c1bdccb0f5aecaad3a579e99b302502b9cbe0f7a' + '79359454c9d8446eb55add2b1cdbf8332bd67dafb01fefb5b1ca090225f64d18' + 'f2a5e22c1ba6e9b8a32a7bd4a5327ee95538aa10edcee3cd12578f8ff49bf6be' + '384dd13fd4248fd6809da8c6ae29ced55d4a5cacc33ac2ae7522093ec0fb26d4' + 'a37823f0cdf3f318ec3f486f6e4035a7a8f887522d3a563d4dfe155f143ba24f' + '43d975e9c9c68de131005a87c3c755fadef1eaed6c551bcafd08f2746f9d71fd') if [ "$CARCH" != "mips64el" ]; then # don't use the Loongson-specific patches on non-mips64el arches. unset source[${#source[@]}-1] - unset md5sums[${#md5sums[@]}-1] + unset sha256sums[${#sha256sums[@]}-1] fi _kernelname=${pkgbase#linux-libre} @@ -126,11 +124,6 @@ prepare() { # http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dc53324060f324e8af6867f57bf4891c13c6ef18 patch -p1 -i "${srcdir}/0006-genksyms-fix-typeof-handling.patch" - # Fix the use of code32_start in the EFI boot stub - # http://permalink.gmane.org/gmane.linux.kernel/1679881 - # https://git.kernel.org/cgit/linux/kernel/git/mfleming/efi.git/commit/?h=urgent&id=7e8213c1f3acc064aef37813a39f13cbfe7c3ce7 - patch -p1 -i "${srcdir}/0007-x86-efi-Correct-EFI-boot-stub-use-of-code32_start.patch" - # https://git.kernel.org/cgit/linux/kernel/git/iwlwifi/iwlwifi-fixes.git/commit/?id=12f853a89e29f50b17698e17e73c328a35f1498d # FS#39815 patch -p1 -i "${srcdir}/0010-iwlwifi-mvm-delay-enabling-smart-FIFO-until-after-be.patch" diff --git a/libre/linux-libre-grsec/config.i686 b/libre/linux-libre-grsec/config.i686 index cc0487d43..fc977efe5 100644 --- a/libre/linux-libre-grsec/config.i686 +++ b/libre/linux-libre-grsec/config.i686 @@ -1664,7 +1664,7 @@ CONFIG_BLK_DEV_DAC960=m # CONFIG_BLK_DEV_UMEM is not set # CONFIG_BLK_DEV_COW_COMMON is not set CONFIG_BLK_DEV_LOOP=m -CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +CONFIG_BLK_DEV_LOOP_MIN_COUNT=0 CONFIG_BLK_DEV_CRYPTOLOOP=m CONFIG_BLK_DEV_DRBD=m # CONFIG_DRBD_FAULT_INJECTION is not set diff --git a/libre/linux-libre-grsec/config.x86_64 b/libre/linux-libre-grsec/config.x86_64 index 4b3e0d5fd..d1e29cf01 100644 --- a/libre/linux-libre-grsec/config.x86_64 +++ b/libre/linux-libre-grsec/config.x86_64 @@ -1629,7 +1629,7 @@ CONFIG_BLK_DEV_DAC960=m # CONFIG_BLK_DEV_UMEM is not set # CONFIG_BLK_DEV_COW_COMMON is not set CONFIG_BLK_DEV_LOOP=m -CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +CONFIG_BLK_DEV_LOOP_MIN_COUNT=0 CONFIG_BLK_DEV_CRYPTOLOOP=m CONFIG_BLK_DEV_DRBD=m # CONFIG_DRBD_FAULT_INJECTION is not set |