mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2026-05-04 20:06:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

main/linux-grsec: fixed longstanding problem with the per-cpu pgd and kvm

Browse Source
This commit is contained in:
Natanael Copa 2012-09-18 08:07:31 +00:00
parent 9fc6905654
commit 7abb181594
2 changed files with 31 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
main/linux-grsec/APKBUILD
View File

@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=3.4.11
_kernver=3.4
pkgrel=0
pkgrel=1
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
grsecurity-2.9.1-$pkgver-1.patch
grsecurity-2.9.1-$pkgver-2.patch
0004-arp-flush-arp-cache-on-device-change.patch
0001-Revert-ipv4-Don-t-use-the-cached-pmtu-informations-f.patch
@ -142,7 +142,7 @@ dev() {
md5sums="967f72983655e2479f951195953e8480 linux-3.4.tar.xz
2149df47fc96fec05787bf0197fb7b16 patch-3.4.11.xz
261e513021d40a01ebd18947fde0ab1d grsecurity-2.9.1-3.4.11-1.patch
2a05125c1486b1db0fd59a90d11d8b7a grsecurity-2.9.1-3.4.11-2.patch
776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
cb6fcd6e966e73c87a839c4c0183f81f 0001-Revert-ipv4-Don-t-use-the-cached-pmtu-informations-f.patch
d2f7ba780ff7567c21381428264d7fdd intel_idle.patch

34
main/linux-grsec/grsecurity-2.9.1-3.4.11-1.patch → main/linux-grsec/grsecurity-2.9.1-3.4.11-2.patch
View File

@ -20636,7 +20636,7 @@ index e334389..6839087 100644
local_irq_disable();
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index 4ff0ab9..2ff68d3 100644
index 4ff0ab9..fbab291 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -1303,7 +1303,11 @@ static void reload_tss(void)
@ -20651,7 +20651,18 @@ index 4ff0ab9..2ff68d3 100644
load_TR_desc();
}
@@ -2625,8 +2629,11 @@ static __init int hardware_setup(void)
@@ -1502,6 +1506,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */
vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */
+#ifdef CONFIG_PAX_PER_CPU_PGD
+ vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */
+#endif
+
rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp);
vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */
vmx->loaded_vmcs->cpu = cpu;
@@ -2625,8 +2633,11 @@ static __init int hardware_setup(void)
if (!cpu_has_vmx_flexpriority())
flexpriority_enabled = 0;
@ -20665,7 +20676,18 @@ index 4ff0ab9..2ff68d3 100644
if (enable_ept && !cpu_has_vmx_ept_2m_page())
kvm_disable_largepages();
@@ -3642,7 +3649,7 @@ static void vmx_set_constant_host_state(void)
@@ -3630,7 +3641,10 @@ static void vmx_set_constant_host_state(void)
vmcs_writel(HOST_CR0, read_cr0() | X86_CR0_TS); /* 22.2.3 */
vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */
+
+#ifndef CONFIG_PAX_PER_CPU_PGD
vmcs_writel(HOST_CR3, read_cr3()); /* 22.2.3 FIXME: shadow tables */
+#endif
vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */
vmcs_write16(HOST_DS_SELECTOR, __KERNEL_DS); /* 22.2.4 */
@@ -3642,7 +3656,7 @@ static void vmx_set_constant_host_state(void)
vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl));
@ -20674,7 +20696,7 @@ index 4ff0ab9..2ff68d3 100644
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
@@ -6180,6 +6187,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
@@ -6180,6 +6194,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
"jmp .Lkvm_vmx_return \n\t"
".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t"
".Lkvm_vmx_return: "
@ -20687,7 +20709,7 @@ index 4ff0ab9..2ff68d3 100644
/* Save guest registers, load host registers, keep flags */
"mov %0, %c[wordsize](%%"R"sp) \n\t"
"pop %0 \n\t"
@@ -6228,6 +6241,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
@@ -6228,6 +6248,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
#endif
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
[wordsize]"i"(sizeof(ulong))
@ -20699,7 +20721,7 @@ index 4ff0ab9..2ff68d3 100644
: "cc", "memory"
, R"ax", R"bx", R"di", R"si"
#ifdef CONFIG_X86_64
@@ -6256,7 +6274,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
@@ -6256,7 +6281,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
}
}