From b672e7faf23dd14da8d85fe14485bd08d0c007c3 Mon Sep 17 00:00:00 2001 From: Maximilian Luz Date: Thu, 4 Mar 2021 16:12:32 +0100 Subject: [PATCH] Update additional Debian patches for v5.11 --- ...rt-symbols-needed-by-Android-drivers.patch | 129 ++++++++++++ ...ilding-ashmem-and-binder-as-modules.patch} | 63 +++--- ...rt-symbols-needed-by-android-drivers.patch | 193 ------------------ 3 files changed, 162 insertions(+), 223 deletions(-) create mode 100644 pkg/debian/kernel/0001-Export-symbols-needed-by-Android-drivers.patch rename pkg/debian/kernel/{android-enable-building-ashmem-and-binder-as-modules.patch => 0002-android-Enable-building-ashmem-and-binder-as-modules.patch} (61%) delete mode 100644 pkg/debian/kernel/export-symbols-needed-by-android-drivers.patch diff --git a/pkg/debian/kernel/0001-Export-symbols-needed-by-Android-drivers.patch b/pkg/debian/kernel/0001-Export-symbols-needed-by-Android-drivers.patch new file mode 100644 index 000000000..51158e97e --- /dev/null +++ b/pkg/debian/kernel/0001-Export-symbols-needed-by-Android-drivers.patch @@ -0,0 +1,129 @@ +From 50229d157d311b63268eaccbfec669da0dbb516c Mon Sep 17 00:00:00 2001 +From: Ben Hutchings +Date: Mon, 7 Sep 2020 02:51:53 +0100 +Subject: [PATCH 1/2] Export symbols needed by Android drivers + +We want to enable use of the Android ashmem and binder drivers to +support Anbox, but they should not be built-in as that would waste +resources and increase security attack surface on systems that don't +need them. + +Export the currently un-exported symbols they depend on. +--- + fs/file.c | 1 + + kernel/fork.c | 1 + + kernel/sched/core.c | 1 + + kernel/task_work.c | 1 + + mm/memory.c | 1 + + mm/shmem.c | 1 + + security/security.c | 4 ++++ + 7 files changed, 10 insertions(+) + +diff --git a/fs/file.c b/fs/file.c +index dab120b71e44..ed2ec6ecc466 100644 +--- a/fs/file.c ++++ b/fs/file.c +@@ -761,6 +761,7 @@ int close_fd_get_file(unsigned int fd, struct file **res) + *res = NULL; + return -ENOENT; + } ++EXPORT_SYMBOL(__close_fd_get_file); + + void do_close_on_exec(struct files_struct *files) + { +diff --git a/kernel/fork.c b/kernel/fork.c +index d66cd1014211..ff215b3fdb15 100644 +--- a/kernel/fork.c ++++ b/kernel/fork.c +@@ -1120,6 +1120,7 @@ void mmput_async(struct mm_struct *mm) + schedule_work(&mm->async_put_work); + } + } ++EXPORT_SYMBOL_GPL(mmput_async); + #endif + + /** +diff --git a/kernel/sched/core.c b/kernel/sched/core.c +index ff74fca39ed2..943239122b29 100644 +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -5575,6 +5575,7 @@ int can_nice(const struct task_struct *p, const int nice) + return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || + capable(CAP_SYS_NICE)); + } ++EXPORT_SYMBOL_GPL(can_nice); + + #ifdef __ARCH_WANT_SYS_NICE + +diff --git a/kernel/task_work.c b/kernel/task_work.c +index 9cde961875c0..5c8dea45d4f8 100644 +--- a/kernel/task_work.c ++++ b/kernel/task_work.c +@@ -57,6 +57,7 @@ int task_work_add(struct task_struct *task, struct callback_head *work, + + return 0; + } ++EXPORT_SYMBOL(task_work_add); + + /** + * task_work_cancel - cancel a pending work added by task_work_add() +diff --git a/mm/memory.c b/mm/memory.c +index feff48e1465a..9e9b0fd92e38 100644 +--- a/mm/memory.c ++++ b/mm/memory.c +@@ -1542,6 +1542,7 @@ void zap_page_range(struct vm_area_struct *vma, unsigned long start, + mmu_notifier_invalidate_range_end(&range); + tlb_finish_mmu(&tlb, start, range.end); + } ++EXPORT_SYMBOL_GPL(zap_page_range); + + /** + * zap_page_range_single - remove user pages in a given range +diff --git a/mm/shmem.c b/mm/shmem.c +index 7c6b6d8f6c39..83151e1345e6 100644 +--- a/mm/shmem.c ++++ b/mm/shmem.c +@@ -4287,6 +4287,7 @@ int shmem_zero_setup(struct vm_area_struct *vma) + + return 0; + } ++EXPORT_SYMBOL_GPL(shmem_zero_setup); + + /** + * shmem_read_mapping_page_gfp - read into page cache, using specified page allocation flags. +diff --git a/security/security.c b/security/security.c +index 7b09cfbae94f..5eaec62c51f2 100644 +--- a/security/security.c ++++ b/security/security.c +@@ -727,24 +727,28 @@ int security_binder_set_context_mgr(struct task_struct *mgr) + { + return call_int_hook(binder_set_context_mgr, 0, mgr); + } ++EXPORT_SYMBOL_GPL(security_binder_set_context_mgr); + + int security_binder_transaction(struct task_struct *from, + struct task_struct *to) + { + return call_int_hook(binder_transaction, 0, from, to); + } ++EXPORT_SYMBOL_GPL(security_binder_transaction); + + int security_binder_transfer_binder(struct task_struct *from, + struct task_struct *to) + { + return call_int_hook(binder_transfer_binder, 0, from, to); + } ++EXPORT_SYMBOL_GPL(security_binder_transfer_binder); + + int security_binder_transfer_file(struct task_struct *from, + struct task_struct *to, struct file *file) + { + return call_int_hook(binder_transfer_file, 0, from, to, file); + } ++EXPORT_SYMBOL_GPL(security_binder_transfer_file); + + int security_ptrace_access_check(struct task_struct *child, unsigned int mode) + { +-- +2.30.1 + diff --git a/pkg/debian/kernel/android-enable-building-ashmem-and-binder-as-modules.patch b/pkg/debian/kernel/0002-android-Enable-building-ashmem-and-binder-as-modules.patch similarity index 61% rename from pkg/debian/kernel/android-enable-building-ashmem-and-binder-as-modules.patch rename to pkg/debian/kernel/0002-android-Enable-building-ashmem-and-binder-as-modules.patch index 2df107cfb..5a6a02d13 100644 --- a/pkg/debian/kernel/android-enable-building-ashmem-and-binder-as-modules.patch +++ b/pkg/debian/kernel/0002-android-Enable-building-ashmem-and-binder-as-modules.patch @@ -1,7 +1,7 @@ +From e2a9a34af4fd99de652638bfc0365aba284b95f8 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Fri, 22 Jun 2018 17:27:00 +0100 -Subject: android: Enable building ashmem and binder as modules -Bug-Debian: https://bugs.debian.org/901492 +Subject: [PATCH 2/2] android: Enable building ashmem and binder as modules We want to enable use of the Android ashmem and binder drivers to support Anbox, but they should not be built-in as that would waste @@ -21,10 +21,10 @@ need them. drivers/staging/android/ashmem.c | 3 +++ 6 files changed, 12 insertions(+), 7 deletions(-) -Index: debian-kernel/drivers/android/Kconfig -=================================================================== ---- debian-kernel.orig/drivers/android/Kconfig -+++ debian-kernel/drivers/android/Kconfig +diff --git a/drivers/android/Kconfig b/drivers/android/Kconfig +index 53b22e26266c..f3c50236e8d1 100644 +--- a/drivers/android/Kconfig ++++ b/drivers/android/Kconfig @@ -9,7 +9,7 @@ config ANDROID if ANDROID @@ -34,10 +34,10 @@ Index: debian-kernel/drivers/android/Kconfig depends on MMU default n help -Index: debian-kernel/drivers/android/Makefile -=================================================================== ---- debian-kernel.orig/drivers/android/Makefile -+++ debian-kernel/drivers/android/Makefile +diff --git a/drivers/android/Makefile b/drivers/android/Makefile +index c9d3d0c99c25..55411d9a9c2a 100644 +--- a/drivers/android/Makefile ++++ b/drivers/android/Makefile @@ -1,6 +1,7 @@ # SPDX-License-Identifier: GPL-2.0-only ccflags-y += -I$(src) # needed for trace events @@ -49,10 +49,10 @@ Index: debian-kernel/drivers/android/Makefile +binder_linux-y := binder.o binder_alloc.o +binder_linux-$(CONFIG_ANDROID_BINDERFS) += binderfs.o +binder_linux-$(CONFIG_ANDROID_BINDER_IPC_SELFTEST) += binder_alloc_selftest.o -Index: debian-kernel/drivers/android/binder_alloc.c -=================================================================== ---- debian-kernel.orig/drivers/android/binder_alloc.c -+++ debian-kernel/drivers/android/binder_alloc.c +diff --git a/drivers/android/binder_alloc.c b/drivers/android/binder_alloc.c +index 7caf74ad2405..9202a44bd55d 100644 +--- a/drivers/android/binder_alloc.c ++++ b/drivers/android/binder_alloc.c @@ -38,7 +38,7 @@ enum { }; static uint32_t binder_alloc_debug_mask = BINDER_DEBUG_USER_ERROR; @@ -62,10 +62,10 @@ Index: debian-kernel/drivers/android/binder_alloc.c uint, 0644); #define binder_alloc_debug(mask, x...) \ -Index: debian-kernel/drivers/staging/android/Kconfig -=================================================================== ---- debian-kernel.orig/drivers/staging/android/Kconfig -+++ debian-kernel/drivers/staging/android/Kconfig +diff --git a/drivers/staging/android/Kconfig b/drivers/staging/android/Kconfig +index 70498adb1575..5c35653ed36d 100644 +--- a/drivers/staging/android/Kconfig ++++ b/drivers/staging/android/Kconfig @@ -4,7 +4,7 @@ menu "Android" if ANDROID @@ -75,21 +75,21 @@ Index: debian-kernel/drivers/staging/android/Kconfig depends on SHMEM help The ashmem subsystem is a new shared memory allocator, similar to -Index: debian-kernel/drivers/staging/android/Makefile -=================================================================== ---- debian-kernel.orig/drivers/staging/android/Makefile -+++ debian-kernel/drivers/staging/android/Makefile -@@ -3,4 +3,5 @@ ccflags-y += -I$(src) # needed for tra - - obj-y += ion/ +diff --git a/drivers/staging/android/Makefile b/drivers/staging/android/Makefile +index e9a55a5e6529..60cb8eacc793 100644 +--- a/drivers/staging/android/Makefile ++++ b/drivers/staging/android/Makefile +@@ -1,4 +1,5 @@ + # SPDX-License-Identifier: GPL-2.0 + ccflags-y += -I$(src) # needed for trace events -obj-$(CONFIG_ASHMEM) += ashmem.o +obj-$(CONFIG_ASHMEM) += ashmem_linux.o +ashmem_linux-y += ashmem.o -Index: debian-kernel/drivers/staging/android/ashmem.c -=================================================================== ---- debian-kernel.orig/drivers/staging/android/ashmem.c -+++ debian-kernel/drivers/staging/android/ashmem.c +diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c +index 4789d36ddfd3..f86efd3da373 100644 +--- a/drivers/staging/android/ashmem.c ++++ b/drivers/staging/android/ashmem.c @@ -24,6 +24,7 @@ #include #include @@ -98,9 +98,12 @@ Index: debian-kernel/drivers/staging/android/ashmem.c #include "ashmem.h" #define ASHMEM_NAME_PREFIX "dev/ashmem/" -@@ -953,3 +954,5 @@ out: +@@ -965,3 +966,5 @@ static int __init ashmem_init(void) return ret; } device_initcall(ashmem_init); + +MODULE_LICENSE("GPL v2"); +-- +2.30.1 + diff --git a/pkg/debian/kernel/export-symbols-needed-by-android-drivers.patch b/pkg/debian/kernel/export-symbols-needed-by-android-drivers.patch deleted file mode 100644 index e297d08d0..000000000 --- a/pkg/debian/kernel/export-symbols-needed-by-android-drivers.patch +++ /dev/null @@ -1,193 +0,0 @@ -From: Ben Hutchings -Date: Tue, 26 Jun 2018 16:59:01 +0100 -Subject: Export symbols needed by Android drivers -Bug-Debian: https://bugs.debian.org/901492 - -We want to enable use of the Android ashmem and binder drivers to -support Anbox, but they should not be built-in as that would waste -resources and increase security attack surface on systems that don't -need them. - -Export the currently un-exported symbols they depend on. - ---- - fs/file.c | 5 +++++ - kernel/fork.c | 1 + - kernel/sched/core.c | 1 + - kernel/signal.c | 1 + - kernel/task_work.c | 1 + - mm/memory.c | 1 + - mm/shmem.c | 1 + - mm/vmalloc.c | 2 ++ - security/security.c | 4 ++++ - 9 files changed, 17 insertions(+) - -Index: debian-kernel/fs/file.c -=================================================================== ---- debian-kernel.orig/fs/file.c -+++ debian-kernel/fs/file.c -@@ -409,6 +409,7 @@ struct files_struct *get_files_struct(st - - return files; - } -+EXPORT_SYMBOL_GPL(get_files_struct); - - void put_files_struct(struct files_struct *files) - { -@@ -421,6 +422,7 @@ void put_files_struct(struct files_struc - kmem_cache_free(files_cachep, files); - } - } -+EXPORT_SYMBOL_GPL(put_files_struct); - - void reset_files_struct(struct files_struct *files) - { -@@ -534,6 +536,7 @@ out: - spin_unlock(&files->file_lock); - return error; - } -+EXPORT_SYMBOL_GPL(__alloc_fd); - - static int alloc_fd(unsigned start, unsigned flags) - { -@@ -612,6 +615,7 @@ void __fd_install(struct files_struct *f - rcu_assign_pointer(fdt->fd[fd], file); - rcu_read_unlock_sched(); - } -+EXPORT_SYMBOL_GPL(__fd_install); - - void fd_install(unsigned int fd, struct file *file) - { -@@ -676,6 +680,7 @@ out_unlock: - *res = NULL; - return -ENOENT; - } -+EXPORT_SYMBOL(__close_fd_get_file); - - void do_close_on_exec(struct files_struct *files) - { -Index: debian-kernel/kernel/fork.c -=================================================================== ---- debian-kernel.orig/kernel/fork.c -+++ debian-kernel/kernel/fork.c -@@ -1131,6 +1131,7 @@ void mmput_async(struct mm_struct *mm) - schedule_work(&mm->async_put_work); - } - } -+EXPORT_SYMBOL_GPL(mmput_async); - #endif - - /** -Index: debian-kernel/kernel/sched/core.c -=================================================================== ---- debian-kernel.orig/kernel/sched/core.c -+++ debian-kernel/kernel/sched/core.c -@@ -4667,6 +4667,7 @@ int can_nice(const struct task_struct *p - return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || - capable(CAP_SYS_NICE)); - } -+EXPORT_SYMBOL_GPL(can_nice); - - #ifdef __ARCH_WANT_SYS_NICE - -Index: debian-kernel/kernel/signal.c -=================================================================== ---- debian-kernel.orig/kernel/signal.c -+++ debian-kernel/kernel/signal.c -@@ -1396,6 +1396,7 @@ struct sighand_struct *__lock_task_sigha - - return sighand; - } -+EXPORT_SYMBOL_GPL(__lock_task_sighand); - - /* - * send signal info to all the members of a group -Index: debian-kernel/kernel/task_work.c -=================================================================== ---- debian-kernel.orig/kernel/task_work.c -+++ debian-kernel/kernel/task_work.c -@@ -52,6 +52,7 @@ task_work_add(struct task_struct *task, - - return 0; - } -+EXPORT_SYMBOL(task_work_add); - - /** - * task_work_cancel - cancel a pending work added by task_work_add() -Index: debian-kernel/mm/memory.c -=================================================================== ---- debian-kernel.orig/mm/memory.c -+++ debian-kernel/mm/memory.c -@@ -1367,6 +1367,7 @@ void zap_page_range(struct vm_area_struc - mmu_notifier_invalidate_range_end(&range); - tlb_finish_mmu(&tlb, start, range.end); - } -+EXPORT_SYMBOL_GPL(zap_page_range); - - /** - * zap_page_range_single - remove user pages in a given range -Index: debian-kernel/mm/shmem.c -=================================================================== ---- debian-kernel.orig/mm/shmem.c -+++ debian-kernel/mm/shmem.c -@@ -4158,6 +4158,7 @@ int shmem_zero_setup(struct vm_area_stru - - return 0; - } -+EXPORT_SYMBOL_GPL(shmem_zero_setup); - - /** - * shmem_read_mapping_page_gfp - read into page cache, using specified page allocation flags. -Index: debian-kernel/mm/vmalloc.c -=================================================================== ---- debian-kernel.orig/mm/vmalloc.c -+++ debian-kernel/mm/vmalloc.c -@@ -1278,6 +1278,7 @@ overflow: - kmem_cache_free(vmap_area_cachep, va); - return ERR_PTR(-EBUSY); - } -+EXPORT_SYMBOL_GPL(map_kernel_range_noflush); - - int register_vmap_purge_notifier(struct notifier_block *nb) - { -@@ -2147,6 +2148,7 @@ struct vm_struct *get_vm_area(unsigned l - NUMA_NO_NODE, GFP_KERNEL, - __builtin_return_address(0)); - } -+EXPORT_SYMBOL_GPL(get_vm_area); - - struct vm_struct *get_vm_area_caller(unsigned long size, unsigned long flags, - const void *caller) -Index: debian-kernel/security/security.c -=================================================================== ---- debian-kernel.orig/security/security.c -+++ debian-kernel/security/security.c -@@ -725,24 +725,28 @@ int security_binder_set_context_mgr(stru - { - return call_int_hook(binder_set_context_mgr, 0, mgr); - } -+EXPORT_SYMBOL_GPL(security_binder_set_context_mgr); - - int security_binder_transaction(struct task_struct *from, - struct task_struct *to) - { - return call_int_hook(binder_transaction, 0, from, to); - } -+EXPORT_SYMBOL_GPL(security_binder_transaction); - - int security_binder_transfer_binder(struct task_struct *from, - struct task_struct *to) - { - return call_int_hook(binder_transfer_binder, 0, from, to); - } -+EXPORT_SYMBOL_GPL(security_binder_transfer_binder); - - int security_binder_transfer_file(struct task_struct *from, - struct task_struct *to, struct file *file) - { - return call_int_hook(binder_transfer_file, 0, from, to, file); - } -+EXPORT_SYMBOL_GPL(security_binder_transfer_file); - - int security_ptrace_access_check(struct task_struct *child, unsigned int mode) - {