From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 31 Mar 2015 20:13:41 +0000 (-0400)
Subject: grsecurity: Make grsec compile on aarch64
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fheads%2Fgrsecurity-3.1-3.19.x-aarch64;p=people%2Fms%2Flinux.git

grsecurity: Make grsec compile on aarch64

This patch allows to compile a kernel for aarch64 (the arm64
architecture). Almost all major features are still missing.
---

diff --git a/arch/arm64/include/asm/atomic.h b/arch/arm64/include/asm/atomic.h
index 7047051ded40..44e8675fb67b 100644
--- a/arch/arm64/include/asm/atomic.h
+++ b/arch/arm64/include/asm/atomic.h
@@ -252,5 +252,15 @@ static inline int atomic64_add_unless(atomic64_t *v, long a, long u)
 #define atomic64_dec_and_test(v)	(atomic64_dec_return((v)) == 0)
 #define atomic64_inc_not_zero(v)	atomic64_add_unless((v), 1LL, 0LL)
 
+#define atomic64_read_unchecked(v)		atomic64_read(v)
+#define atomic64_set_unchecked(v, i)		atomic64_set((v), (i))
+#define atomic64_add_unchecked(a, v)		atomic64_add((a), (v))
+#define atomic64_add_return_unchecked(a, v)	atomic64_add_return((a), (v))
+#define atomic64_sub_unchecked(a, v)		atomic64_sub((a), (v))
+#define atomic64_inc_unchecked(v)		atomic64_inc(v)
+#define atomic64_inc_return_unchecked(v)	atomic64_inc_return(v)
+#define atomic64_dec_unchecked(v)		atomic64_dec(v)
+#define atomic64_cmpxchg_unchecked(v, o, n)	atomic64_cmpxchg((v), (o), (n))
+
 #endif
 #endif
diff --git a/arch/arm64/include/asm/pgalloc.h b/arch/arm64/include/asm/pgalloc.h
index e20df38a8ff3..027ede3e95aa 100644
--- a/arch/arm64/include/asm/pgalloc.h
+++ b/arch/arm64/include/asm/pgalloc.h
@@ -46,6 +46,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
 	set_pud(pud, __pud(__pa(pmd) | PMD_TYPE_TABLE));
 }
 
+static inline void pud_populate_kernel(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
+{
+	pud_populate(mm, pud, pmd);
+}
+
 #endif	/* CONFIG_ARM64_PGTABLE_LEVELS > 2 */
 
 #if CONFIG_ARM64_PGTABLE_LEVELS > 3
diff --git a/arch/arm64/include/asm/thread_info.h b/arch/arm64/include/asm/thread_info.h
index 459bf8e53208..268bad4373b0 100644
--- a/arch/arm64/include/asm/thread_info.h
+++ b/arch/arm64/include/asm/thread_info.h
@@ -113,6 +113,10 @@ static inline struct thread_info *current_thread_info(void)
 #define TIF_SYSCALL_AUDIT	9
 #define TIF_SYSCALL_TRACEPOINT	10
 #define TIF_SECCOMP		11
+/* within 8 bits of TIF_SYSCALL_TRACE
+ *  to meet flexible second operand requirements
+ */
+#define TIF_GRSEC_SETXID	12
 #define TIF_MEMDIE		18	/* is terminating due to OOM killer */
 #define TIF_FREEZE		19
 #define TIF_RESTORE_SIGMASK	20
@@ -129,6 +133,7 @@ static inline struct thread_info *current_thread_info(void)
 #define _TIF_SYSCALL_AUDIT	(1 << TIF_SYSCALL_AUDIT)
 #define _TIF_SYSCALL_TRACEPOINT	(1 << TIF_SYSCALL_TRACEPOINT)
 #define _TIF_SECCOMP		(1 << TIF_SECCOMP)
+#define _TIF_GRSEC_SETXID	(1 << TIF_GRSEC_SETXID)
 #define _TIF_32BIT		(1 << TIF_32BIT)
 
 #define _TIF_WORK_MASK		(_TIF_NEED_RESCHED | _TIF_SIGPENDING | \
@@ -136,7 +141,7 @@ static inline struct thread_info *current_thread_info(void)
 
 #define _TIF_SYSCALL_WORK	(_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \
 				 _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | \
-				 _TIF_NOHZ)
+				 _TIF_GRSEC_SETXID | _TIF_NOHZ)
 
 #endif /* __KERNEL__ */
 #endif /* __ASM_THREAD_INFO_H */
diff --git a/arch/arm64/mm/dma-mapping.c b/arch/arm64/mm/dma-mapping.c
index d92094203913..468a42d3fc2c 100644
--- a/arch/arm64/mm/dma-mapping.c
+++ b/arch/arm64/mm/dma-mapping.c
@@ -131,7 +131,7 @@ static void __dma_free_coherent(struct device *dev, size_t size,
 					phys_to_page(paddr),
 					size >> PAGE_SHIFT);
 	if (!freed)
-		swiotlb_free_coherent(dev, size, vaddr, dma_handle);
+		swiotlb_free_coherent(dev, size, vaddr, dma_handle, attrs);
 }
 
 static void *__dma_alloc_noncoherent(struct device *dev, size_t size,
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
index 31f8fe471c1a..402ffd290fb0 100644
--- a/grsecurity/Kconfig
+++ b/grsecurity/Kconfig
@@ -7,7 +7,7 @@ depends on GRKERNSEC
 config GRKERNSEC_KMEM
 	bool "Deny reading/writing to /dev/kmem, /dev/mem, and /dev/port"
 	default y if GRKERNSEC_CONFIG_AUTO
-	select STRICT_DEVMEM if (X86 || ARM || TILE || S390)
+	select STRICT_DEVMEM if (X86 || ARM64 || ARM || TILE || S390)
 	help
 	  If you say Y here, /dev/kmem and /dev/mem won't be allowed to
 	  be written to or read from to modify or leak the contents of the running
@@ -259,7 +259,7 @@ config GRKERNSEC_RANDSTRUCT_PERFORMANCE
 config GRKERNSEC_KERN_LOCKOUT
 	bool "Active kernel exploit response"
 	default y if GRKERNSEC_CONFIG_AUTO
-	depends on X86 || ARM || PPC || SPARC
+	depends on X86 || ARM64 || ARM || PPC || SPARC
 	help
 	  If you say Y here, when a PaX alert is triggered due to suspicious
 	  activity in the kernel (from KERNEXEC/UDEREF/USERCOPY)
@@ -848,7 +848,7 @@ config GRKERNSEC_PTRACE_READEXEC
 config GRKERNSEC_SETXID
 	bool "Enforce consistent multithreaded privileges"
 	default y if GRKERNSEC_CONFIG_AUTO
-	depends on (X86 || SPARC64 || PPC || ARM || MIPS)
+	depends on (X86 || SPARC64 || PPC || ARM64 || ARM || MIPS)
 	help
 	  If you say Y here, a change from a root uid to a non-root uid
 	  in a multithreaded application will cause the resulting uids,