* Add Alpine Linux patch set for 4.1.20 (3.3.3)

linux-grsec/build_bbb.sh

@@ -4,7 +4,23 @@ SCRIPTDIR=$(dirname $(readlink -f $0))
 . ${SCRIPTDIR}/settings.sh
 
 echo "Starting Build..."
-
+patches="fix-spi-nor-namespace-clash.patch
+    imx6q-no-unclocked-sleep.patch
+    keys-fixes.patch
+    ovl-fix-getcwd-failure-after-unsuccessful-rmdir.patch
+    ovl-fix-permission-checking-for-setattr.patch
+    staging-dgnc-fix-info-leak-in-ioctl.patch
+    via-velocity-length-check.patch
+    xsa155-linux-xsa155-0001-xen-Add-RING_COPY_REQUEST.patch
+    xsa155-linux-xsa155-0002-xen-netback-don-t-use-last-request-to-determine-mini.patch
+    xsa155-linux-xsa155-0003-xen-netback-use-RING_COPY_REQUEST-throughout.patch
+    xsa155-linux-xsa155-0004-xen-blkback-only-read-request-operation-from-shared-.patch
+    xsa155-linux-xsa155-0006-xen-scsiback-safely-copy-requests.patch
+    xsa155-linux43-0005-xen-blkback-read-from-indirect-descriptors-only-once.patch
+    xsa157-0001-xen-pciback-Return-error-on-XEN_PCI_OP_enable_msi-wh.patch
+    xsa157-0003-xen-pciback-Do-not-install-an-IRQ-handler-for-MSI-in.patch
+    xsa157-0004-xen-pciback-For-XEN_PCI_OP_disable_msi-x-only-disabl.patch
+    "
 if [ ! -d ${KERN_BUILD_DIR} ]; then
     mkdir -p ${KERN_BUILD_DIR}
 fi
@@ -32,15 +48,18 @@ if [ ! -d ${KERN_SOURCE_DIR} ]; then
         tar xJf ${KERN_BUILD_DIR}/${KERNEL_SOURCE_ARCHIVE}
         cd ${KERN_SOURCE_DIR}
         patch -p1 < ${KERN_BUILD_DIR}/${GRSEC_PATCH}
-	patch -p1 < ${SCRIPTDIR}/fix-spi-nor-namespace-clash.patch
+        echo "Patching alpine patches..."
+        for p in ${patches}; do
+            patch -p1 < ${SCRIPTDIR}/patches/${p}
+        done
         touch ${KERN_SOURCE_DIR}/patched
     fi
 fi
 
 echo "Building the kernel..."
 cd ${KERN_SOURCE_DIR}
 #make ARCH=arm CROSS_COMPILE=${CC} distclean DISABLE_PAX_PLUGINS=y LOCALVERSION=-grsec
-#cp -v ${BASE}/config-grsec.armhf ${KERN_SOURCE_DIR}/.config LOCALVERSION=-grsec
+cp -v ${BASE}/config-grsec.armhf ${KERN_SOURCE_DIR}/.config LOCALVERSION=-grsec
 #cp -v ${BASE}/config-grsec.bbb ${KERN_SOURCE_DIR}/.config
 #make ARCH=arm CROSS_COMPILE=${CC} omap2plus_defconfig DISABLE_PAX_PLUGINS=y LOCALVERSION=-grsec
 #make ARCH=arm CROSS_COMPILE=${CC} silentoldconfig DISABLE_PAX_PLUGINS=y

linux-grsec/patches/fix-spi-nor-namespace-clash.patch

@@ -0,0 +1,101 @@
+grsec patch includes <linux/fs.h> which defines READ and WRITE.
+Remove the macro hackery, and use the proper #define names for
+macro invocations so there's no surprises.
+
+--- linux-3.18/drivers/mtd/spi-nor/fsl-quadspi.c.orig
++++ linux-3.18/drivers/mtd/spi-nor/fsl-quadspi.c
+@@ -166,8 +166,8 @@
+
+ /* Macros for constructing the LUT register. */
+ #define LUT0(ins, pad, opr)						\
+-		(((opr) << OPRND0_SHIFT) | ((LUT_##pad) << PAD0_SHIFT) | \
+-		((LUT_##ins) << INSTR0_SHIFT))
++		(((opr) << OPRND0_SHIFT) | ((pad) << PAD0_SHIFT) | \
++		((ins) << INSTR0_SHIFT))
+
+ #define LUT1(ins, pad, opr)	(LUT0(ins, pad, opr) << OPRND1_SHIFT)
+
+@@ -304,14 +304,14 @@
+ 		dummy = 8;
+ 	}
+
+-	writel(LUT0(CMD, PAD1, cmd) | LUT1(ADDR, PAD1, addrlen),
++	writel(LUT0(LUT_CMD, LUT_PAD1, cmd) | LUT1(LUT_ADDR, LUT_PAD1, addrlen),
+ 			base + QUADSPI_LUT(lut_base));
+-	writel(LUT0(DUMMY, PAD1, dummy) | LUT1(READ, PAD4, rxfifo),
++	writel(LUT0(LUT_DUMMY, LUT_PAD1, dummy) | LUT1(LUT_READ, LUT_PAD4, rxfifo),
+ 			base + QUADSPI_LUT(lut_base + 1));
+
+ 	/* Write enable */
+ 	lut_base = SEQID_WREN * 4;
+-	writel(LUT0(CMD, PAD1, SPINOR_OP_WREN), base + QUADSPI_LUT(lut_base));
++	writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_WREN), base + QUADSPI_LUT(lut_base));
+
+ 	/* Page Program */
+ 	lut_base = SEQID_PP * 4;
+@@ -325,13 +325,13 @@
+ 		addrlen = ADDR32BIT;
+ 	}
+
+-	writel(LUT0(CMD, PAD1, cmd) | LUT1(ADDR, PAD1, addrlen),
++	writel(LUT0(LUT_CMD, LUT_PAD1, cmd) | LUT1(LUT_ADDR, LUT_PAD1, addrlen),
+ 			base + QUADSPI_LUT(lut_base));
+-	writel(LUT0(WRITE, PAD1, 0), base + QUADSPI_LUT(lut_base + 1));
++	writel(LUT0(LUT_WRITE, LUT_PAD1, 0), base + QUADSPI_LUT(lut_base + 1));
+
+ 	/* Read Status */
+ 	lut_base = SEQID_RDSR * 4;
+-	writel(LUT0(CMD, PAD1, SPINOR_OP_RDSR) | LUT1(READ, PAD1, 0x1),
++	writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_RDSR) | LUT1(LUT_READ, LUT_PAD1, 0x1),
+ 			base + QUADSPI_LUT(lut_base));
+
+ 	/* Erase a sector */
+@@ -346,40 +346,40 @@
+ 		addrlen = ADDR32BIT;
+ 	}
+
+-	writel(LUT0(CMD, PAD1, cmd) | LUT1(ADDR, PAD1, addrlen),
++	writel(LUT0(LUT_CMD, LUT_PAD1, cmd) | LUT1(LUT_ADDR, LUT_PAD1, addrlen),
+ 			base + QUADSPI_LUT(lut_base));
+
+ 	/* Erase the whole chip */
+ 	lut_base = SEQID_CHIP_ERASE * 4;
+-	writel(LUT0(CMD, PAD1, SPINOR_OP_CHIP_ERASE),
++	writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_CHIP_ERASE),
+ 			base + QUADSPI_LUT(lut_base));
+
+ 	/* READ ID */
+ 	lut_base = SEQID_RDID * 4;
+-	writel(LUT0(CMD, PAD1, SPINOR_OP_RDID) | LUT1(READ, PAD1, 0x8),
++	writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_RDID) | LUT1(LUT_READ, LUT_PAD1, 0x8),
+ 			base + QUADSPI_LUT(lut_base));
+
+ 	/* Write Register */
+ 	lut_base = SEQID_WRSR * 4;
+-	writel(LUT0(CMD, PAD1, SPINOR_OP_WRSR) | LUT1(WRITE, PAD1, 0x2),
++	writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_WRSR) | LUT1(LUT_WRITE, LUT_PAD1, 0x2),
+ 			base + QUADSPI_LUT(lut_base));
+
+ 	/* Read Configuration Register */
+ 	lut_base = SEQID_RDCR * 4;
+-	writel(LUT0(CMD, PAD1, SPINOR_OP_RDCR) | LUT1(READ, PAD1, 0x1),
++	writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_RDCR) | LUT1(LUT_READ, LUT_PAD1, 0x1),
+ 			base + QUADSPI_LUT(lut_base));
+
+ 	/* Write disable */
+ 	lut_base = SEQID_WRDI * 4;
+-	writel(LUT0(CMD, PAD1, SPINOR_OP_WRDI), base + QUADSPI_LUT(lut_base));
++	writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_WRDI), base + QUADSPI_LUT(lut_base));
+
+ 	/* Enter 4 Byte Mode (Micron) */
+ 	lut_base = SEQID_EN4B * 4;
+-	writel(LUT0(CMD, PAD1, SPINOR_OP_EN4B), base + QUADSPI_LUT(lut_base));
++	writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_EN4B), base + QUADSPI_LUT(lut_base));
+
+ 	/* Enter 4 Byte Mode (Spansion) */
+ 	lut_base = SEQID_BRWR * 4;
+-	writel(LUT0(CMD, PAD1, SPINOR_OP_BRWR), base + QUADSPI_LUT(lut_base));
++	writel(LUT0(LUT_CMD, LUT_PAD1, SPINOR_OP_BRWR), base + QUADSPI_LUT(lut_base));
+
+ 	fsl_qspi_lock_lut(q);
+ }

linux-grsec/patches/imx6q-no-unclocked-sleep.patch

@@ -0,0 +1,16 @@
+The FEC NIC IRQ line does not wake up from unclocked sleep. Disable
+unclocked sleep for now (bad for battery - good for performance).
+
+diff --git a/arch/arm/mach-imx/cpuidle-imx6q.c b/arch/arm/mach-imx/cpuidle-imx6q.c
+index 23ddfb6..c1ae29f 100644
+--- a/arch/arm/mach-imx/cpuidle-imx6q.c
++++ b/arch/arm/mach-imx/cpuidle-imx6q.c
+@@ -27,7 +27,7 @@ static int imx6q_enter_wait(struct cpuidle_device *dev,
+ 		 */
+ 		if (!spin_trylock(&master_lock))
+ 			goto idle;
+-		imx6q_set_lpm(WAIT_UNCLOCKED);
++		//imx6q_set_lpm(WAIT_UNCLOCKED);
+ 		cpu_do_idle();
+ 		imx6q_set_lpm(WAIT_CLOCKED);
+ 		spin_unlock(&master_lock);

linux-grsec/patches/keys-fixes.patch

@@ -0,0 +1,37 @@
+From 911b79cde95c7da0ec02f48105358a36636b7a71 Mon Sep 17 00:00:00 2001
+From: David Howells <[email protected]>
+Date: Mon, 19 Oct 2015 11:20:28 +0100
+Subject: KEYS: Don't permit request_key() to construct a new keyring
+
+If request_key() is used to find a keyring, only do the search part - don't
+do the construction part if the keyring was not found by the search.  We
+don't really want keyrings in the negative instantiated state since the
+rejected/negative instantiation error value in the payload is unioned with
+keyring metadata.
+
+Now the kernel gives an error:
+
+	request_key("keyring", "#selinux,bdekeyring", "keyring", KEY_SPEC_USER_SESSION_KEYRING) = -1 EPERM (Operation not permitted)
+
+Signed-off-by: David Howells <[email protected]>
+---
+ security/keys/request_key.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/security/keys/request_key.c b/security/keys/request_key.c
+index 486ef6f..0d62531 100644
+--- a/security/keys/request_key.c
++++ b/security/keys/request_key.c
+@@ -440,6 +440,9 @@ static struct key *construct_key_and_link(struct keyring_search_context *ctx,
+
+ 	kenter("");
+
++	if (ctx->index_key.type == &key_type_keyring)
++		return ERR_PTR(-EPERM);
++	
+ 	user = key_user_lookup(current_fsuid());
+ 	if (!user)
+ 		return ERR_PTR(-ENOMEM);
+-- 
+cgit v0.11.2
+

linux-grsec/patches/ovl-fix-getcwd-failure-after-unsuccessful-rmdir.patch

@@ -0,0 +1,33 @@
+From 8f54c162a20cf70ab9ef4b2ef44270fceea2e67b Mon Sep 17 00:00:00 2001
+From: Rui Wang <[email protected]>
+Date: Fri, 8 Jan 2016 22:44:14 +0800
+Subject: [PATCH] ovl: fix getcwd() failure after unsuccessful rmdir
+
+ovl_remove_upper() should do d_drop() only after it successfully
+removes the dir, otherwise a subsequent getcwd() system call will
+fail, breaking userspace programs.
+
+This is to fix: https://bugzilla.kernel.org/show_bug.cgi?id=110491
+
+Signed-off-by: Rui Wang <[email protected]>
+---
+ fs/overlayfs/dir.c |    3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/fs/overlayfs/dir.c b/fs/overlayfs/dir.c
+index 692ceda..36d6a5b 100644
+--- a/fs/overlayfs/dir.c
++++ b/fs/overlayfs/dir.c
+@@ -618,7 +618,8 @@ static int ovl_remove_upper(struct dentry *dentry, bool is_dir)
+ 	 * sole user of this dentry.  Too tricky...  Just unhash for
+ 	 * now.
+ 	 */
+-	d_drop(dentry);
++	if (!err)
++		d_drop(dentry);
+ 	mutex_unlock(&dir->i_mutex);
+
+ 	return err;
+-- 
+1.7.5.4
+

linux-grsec/patches/ovl-fix-permission-checking-for-setattr.patch

@@ -0,0 +1,46 @@
+From acff81ec2c79492b180fade3c2894425cd35a545 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <[email protected]>
+Date: Fri, 4 Dec 2015 19:18:48 +0100
+Subject: ovl: fix permission checking for setattr
+
+[Al Viro] The bug is in being too enthusiastic about optimizing ->setattr()
+away - instead of "copy verbatim with metadata" + "chmod/chown/utimes"
+(with the former being always safe and the latter failing in case of
+insufficient permissions) it tries to combine these two.  Note that copyup
+itself will have to do ->setattr() anyway; _that_ is where the elevated
+capabilities are right.  Having these two ->setattr() (one to set verbatim
+copy of metadata, another to do what overlayfs ->setattr() had been asked
+to do in the first place) combined is where it breaks.
+
+Signed-off-by: Miklos Szeredi <[email protected]>
+Cc: <[email protected]>
+Signed-off-by: Al Viro <[email protected]>
+---
+ fs/overlayfs/inode.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c
+index ec0c2a0..9612849 100644
+--- a/fs/overlayfs/inode.c
++++ b/fs/overlayfs/inode.c
+@@ -49,13 +49,13 @@ int ovl_setattr(struct dentry *dentry, struct iattr *attr)
+ 	if (err)
+ 		goto out;
+
+-	upperdentry = ovl_dentry_upper(dentry);
+-	if (upperdentry) {
++	err = ovl_copy_up(dentry);
++	if (!err) {
++		upperdentry = ovl_dentry_upper(dentry);
++
+ 		mutex_lock(&upperdentry->d_inode->i_mutex);
+ 		err = notify_change(upperdentry, attr, NULL);
+ 		mutex_unlock(&upperdentry->d_inode->i_mutex);
+-	} else {
+-		err = ovl_copy_up_last(dentry, attr, false);
+ 	}
+ 	ovl_drop_write(dentry);
+ out:
+-- 
+cgit v0.11.2
+

linux-grsec/patches/staging-dgnc-fix-info-leak-in-ioctl.patch

@@ -0,0 +1,33 @@
+From 4b6184336ebb5c8dc1eae7f7ab46ee608a748b05 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Salva=20Peir=C3=B3?= <[email protected]>
+Date: Wed, 14 Oct 2015 17:48:02 +0200
+Subject: staging/dgnc: fix info leak in ioctl
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The dgnc_mgmt_ioctl() code fails to initialize the 16 _reserved bytes of
+struct digi_dinfo after the ->dinfo_nboards member. Add an explicit
+memset(0) before filling the structure to avoid the info leak.
+
+Signed-off-by: Salva Peiró <[email protected]>
+Signed-off-by: Greg Kroah-Hartman <[email protected]>
+---
+ drivers/staging/dgnc/dgnc_mgmt.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/staging/dgnc/dgnc_mgmt.c b/drivers/staging/dgnc/dgnc_mgmt.c
+index 9ec3efe..518fbd5 100644
+--- a/drivers/staging/dgnc/dgnc_mgmt.c
++++ b/drivers/staging/dgnc/dgnc_mgmt.c
+@@ -110,6 +110,7 @@ long dgnc_mgmt_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
+
+ 		spin_lock_irqsave(&dgnc_global_lock, flags);
+
++		memset(&ddi, 0, sizeof(ddi));
+ 		ddi.dinfo_nboards = dgnc_NumBoards;
+ 		sprintf(ddi.dinfo_version, "%s", DG_PART);
+
+-- 
+cgit v0.11.2
+