main/linux-grsec: upgrade to grsecurity-2.2.0-2.6.32.22-201009221846

2 files changed, 86 insertions, 10 deletions

diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index dd833a628aa..ea0b8a72de5 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
 pkgname=linux-${_flavor}
 pkgver=2.6.32.22
 _kernver=2.6.32
-pkgrel=0
+pkgrel=1
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs linux-firmware"
@@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH:-x86}}
 install=
 source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
 	ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2
-	grsecurity-2.2.0-2.6.32.22-201009212029.patch
+	grsecurity-2.2.0-2.6.32.22-201009221846.patch
 	0001-grsec-revert-conflicting-flow-cache-changes.patch
 	0002-gre-fix-hard-header-destination-address-checking.patch
 	0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
@@ -151,7 +151,7 @@ firmware() {
 
 md5sums="260551284ac224c3a43c4adac7df4879  linux-2.6.32.tar.bz2
 da1431a1d659298c6bd11714416c840f  patch-2.6.32.22.bz2
-caa5e3eb3d335bdfe478c1e706e48305  grsecurity-2.2.0-2.6.32.22-201009212029.patch
+1e317ab1a66955c89e73200a1787b58d  grsecurity-2.2.0-2.6.32.22-201009221846.patch
 1d247140abec49b96250aec9aa59b324  0001-grsec-revert-conflicting-flow-cache-changes.patch
 437317f88ec13ace8d39c31983a41696  0002-gre-fix-hard-header-destination-address-checking.patch
 151b29a161178ed39d62a08f21f3484d  0003-ip_gre-include-route-header_len-in-max_headroom-calc.patch
diff --git a/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009212029.patch b/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009221846.patch
index 172bdc9fd45..41fb7c83f3c 100644
--- a/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009212029.patch
+++ b/main/linux-grsec/grsecurity-2.2.0-2.6.32.22-201009221846.patch
@@ -6263,7 +6263,7 @@ diff -urNp linux-2.6.32.22/arch/x86/include/asm/atomic_32.h linux-2.6.32.22/arch
  extern u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old_val, u64 new_val);
 diff -urNp linux-2.6.32.22/arch/x86/include/asm/atomic_64.h linux-2.6.32.22/arch/x86/include/asm/atomic_64.h
 --- linux-2.6.32.22/arch/x86/include/asm/atomic_64.h	2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.22/arch/x86/include/asm/atomic_64.h	2010-09-17 20:46:00.000000000 -0400
++++ linux-2.6.32.22/arch/x86/include/asm/atomic_64.h	2010-09-21 20:46:18.000000000 -0400
 @@ -24,6 +24,17 @@ static inline int atomic_read(const atom
  }
  
@@ -6550,7 +6550,7 @@ diff -urNp linux-2.6.32.22/arch/x86/include/asm/atomic_64.h linux-2.6.32.22/arch
  #define atomic_inc_return(v)  (atomic_add_return(1, v))
 +static inline int atomic_inc_return_unchecked(atomic_unchecked_t *v)
 +{
-+	return atomic_add_return(1, v);
++	return atomic_add_return_unchecked(1, v);
 +}
  #define atomic_dec_return(v)  (atomic_sub_return(1, v))
  
@@ -30074,6 +30074,65 @@ diff -urNp linux-2.6.32.22/drivers/video/vesafb.c linux-2.6.32.22/drivers/video/
  	if (info->screen_base)
  		iounmap(info->screen_base);
  	framebuffer_release(info);
+diff -urNp linux-2.6.32.22/drivers/xen/events.c linux-2.6.32.22/drivers/xen/events.c
+--- linux-2.6.32.22/drivers/xen/events.c	2010-09-20 17:26:42.000000000 -0400
++++ linux-2.6.32.22/drivers/xen/events.c	2010-09-21 21:18:38.000000000 -0400
+@@ -106,7 +106,6 @@ static inline unsigned long *cpu_evtchn_
+ #define VALID_EVTCHN(chn)	((chn) != 0)
+ 
+ static struct irq_chip xen_dynamic_chip;
+-static struct irq_chip xen_percpu_chip;
+ 
+ /* Constructor for packed IRQ information. */
+ static struct irq_info mk_unbound_info(void)
+@@ -363,7 +362,7 @@ int bind_evtchn_to_irq(unsigned int evtc
+ 		irq = find_unbound_irq();
+ 
+ 		set_irq_chip_and_handler_name(irq, &xen_dynamic_chip,
+-					      handle_edge_irq, "event");
++					      handle_level_irq, "event");
+ 
+ 		evtchn_to_irq[evtchn] = irq;
+ 		irq_info[irq] = mk_evtchn_info(evtchn);
+@@ -389,8 +388,8 @@ static int bind_ipi_to_irq(unsigned int 
+ 		if (irq < 0)
+ 			goto out;
+ 
+-		set_irq_chip_and_handler_name(irq, &xen_percpu_chip,
+-					      handle_percpu_irq, "ipi");
++		set_irq_chip_and_handler_name(irq, &xen_dynamic_chip,
++					      handle_level_irq, "ipi");
+ 
+ 		bind_ipi.vcpu = cpu;
+ 		if (HYPERVISOR_event_channel_op(EVTCHNOP_bind_ipi,
+@@ -430,8 +429,8 @@ static int bind_virq_to_irq(unsigned int
+ 
+ 		irq = find_unbound_irq();
+ 
+-		set_irq_chip_and_handler_name(irq, &xen_percpu_chip,
+-					      handle_percpu_irq, "virq");
++		set_irq_chip_and_handler_name(irq, &xen_dynamic_chip,
++					      handle_level_irq, "virq");
+ 
+ 		evtchn_to_irq[evtchn] = irq;
+ 		irq_info[irq] = mk_virq_info(evtchn, virq);
+@@ -930,16 +929,6 @@ static struct irq_chip xen_dynamic_chip 
+ 	.retrigger	= retrigger_dynirq,
+ };
+ 
+-static struct irq_chip en_percpu_chip __read_mostly = {
+-	.name		= "xen-percpu",
+-
+-	.disable	= disable_dynirq,
+-	.mask		= disable_dynirq,
+-	.unmask		= enable_dynirq,
+-
+-	.ack		= ack_dynirq,
+-};
+-
+ void __init xen_init_IRQ(void)
+ {
+ 	int i;
 diff -urNp linux-2.6.32.22/drivers/xen/sys-hypervisor.c linux-2.6.32.22/drivers/xen/sys-hypervisor.c
 --- linux-2.6.32.22/drivers/xen/sys-hypervisor.c	2010-08-13 16:24:37.000000000 -0400
 +++ linux-2.6.32.22/drivers/xen/sys-hypervisor.c	2010-09-04 15:54:52.000000000 -0400
@@ -34053,7 +34112,7 @@ diff -urNp linux-2.6.32.22/fs/proc/array.c linux-2.6.32.22/fs/proc/array.c
 +#endif
 diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c
 --- linux-2.6.32.22/fs/proc/base.c	2010-08-13 16:24:37.000000000 -0400
-+++ linux-2.6.32.22/fs/proc/base.c	2010-09-04 15:54:52.000000000 -0400
++++ linux-2.6.32.22/fs/proc/base.c	2010-09-22 18:44:37.000000000 -0400
 @@ -102,6 +102,22 @@ struct pid_entry {
  	union proc_op op;
  };
@@ -34124,6 +34183,15 @@ diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c
  		do {
  			nwords += 2;
  		} while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */
+@@ -306,7 +342,7 @@ static int proc_pid_auxv(struct task_str
+ }
+ 
+ 
+-#ifdef CONFIG_KALLSYMS
++#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
+ /*
+  * Provides a wchan file via kallsyms in a proper one-value-per-file format.
+  * Returns the resolved symbol.  If that fails, simply return the address.
 @@ -328,7 +364,7 @@ static int proc_pid_wchan(struct task_st
  }
  #endif /* CONFIG_KALLSYMS */
@@ -34304,8 +34372,12 @@ diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c
  	INF("syscall",    S_IRUSR, proc_pid_syscall),
  #endif
  	INF("cmdline",    S_IRUGO, proc_pid_cmdline),
-@@ -2547,7 +2641,7 @@ static const struct pid_entry tgid_base_
- #ifdef CONFIG_KALLSYMS
+@@ -2544,10 +2638,10 @@ static const struct pid_entry tgid_base_
+ #ifdef CONFIG_SECURITY
+ 	DIR("attr",       S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
+ #endif
+-#ifdef CONFIG_KALLSYMS
++#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
  	INF("wchan",      S_IRUGO, proc_pid_wchan),
  #endif
 -#ifdef CONFIG_STACKTRACE
@@ -34400,8 +34472,12 @@ diff -urNp linux-2.6.32.22/fs/proc/base.c linux-2.6.32.22/fs/proc/base.c
  	INF("syscall",   S_IRUSR, proc_pid_syscall),
  #endif
  	INF("cmdline",   S_IRUGO, proc_pid_cmdline),
-@@ -2880,7 +3012,7 @@ static const struct pid_entry tid_base_s
- #ifdef CONFIG_KALLSYMS
+@@ -2877,10 +3009,10 @@ static const struct pid_entry tid_base_s
+ #ifdef CONFIG_SECURITY
+ 	DIR("attr",      S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
+ #endif
+-#ifdef CONFIG_KALLSYMS
++#if defined(CONFIG_KALLSYMS) && !defined(CONFIG_GRKERNSEC_HIDESYM)
  	INF("wchan",     S_IRUGO, proc_pid_wchan),
  #endif
 -#ifdef CONFIG_STACKTRACE