webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-05-11 09:48:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

kernel: update to 3.10.9.

Browse Source 
use intel config from IPFire 3.x branch.
arm cfg is not present yet and some patches are missing.
This commit is contained in:
Arne Fitzenreiter
2013-08-27 20:28:07 +02:00
parent 12f5ace887
commit bb5f0bf8f3
16 changed files with 118976 additions and 3514 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
src/patches/linux-3.7-disable-compat_vdso.patch Normal file
View File

@@ -0,0 +1,46 @@
No need to wrap vdso calls as gentoo does not use any version of
glibc <=2.3.3
---
From: Gordon Malm <gengor@gentoo.org>
From: Kerin Millar <kerframil@gmail.com>
From: Jory A. Pratt <anarchy@gentoo.org>
COMPAT_VDSO is inappropriate for any modern Hardened Gentoo system. It
conflicts with various parts of PaX, crashing the system if enabled
while PaX's NOEXEC or UDEREF features are active. Moreover, it prevents
a number of important PaX options from appearing in the configuration
menu, including all PaX NOEXEC implementations. Unfortunately, the
reason for the disappearance of these PaX configuration options is
often far from obvious to inexperienced users.
Therefore, we disable the COMPAT_VDSO menu entry entirely. However,
COMPAT_VDSO operation can still be enabled via bootparam and sysctl
interfaces. Consequently, we must also disable the ability to select
COMPAT_VDSO operation at boot or runtime. Here we patch the kernel so
that selecting COMPAT_VDSO operation at boot/runtime has no effect if
conflicting PaX options are enabled, leaving VDSO_ENABLED operation
intact.
Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138
diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig
--- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100
+++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100
@@ -1651,17 +1651,8 @@
config COMPAT_VDSO
def_bool n
- prompt "Compat VDSO support"
depends on X86_32 || IA32_EMULATION
depends on !PAX_PAGEEXEC && !PAX_SEGMEXEC && !PAX_KERNEXEC && !PAX_MEMORY_UDEREF
- ---help---
- Map the 32-bit VDSO to the predictable old-style address too.
-
- Say N here if you are running a sufficiently recent glibc
- version (2.3.3 or later), to remove the high-mapped
- VDSO mapping and to exclusively use the randomized VDSO.
-
- If unsure, say Y.
config CMDLINE_BOOL
bool "Built-in kernel command line"