Not all kernels have (working) getrandom support

hammerhead 16.0 was reported not booting and shamu 18.1 was reported to take ~15+ minutes to boot hammerhead does not have getrandom so it failed immediately shamu does have getrandom BUT it blocks during init meaning it'll wait until the entropy pool slowly fills In tested I did not discovery this I tested on flox/mako/d852/klte/clark/sailfish/mata/cheeseburger/fajita All the newer ones have working getrandom All the older ones included a patch to make getrandom non blocking on init Signed-off-by: Tad <tad@spotco.us>
2022-03-17 12:57:51 -04:00 · 2022-03-17 12:57:51 -04:00 · 1603092c50
parent c9765fc883
commit 1603092c50
9 changed files with 16 additions and 16 deletions
--- a/Misc/CVE_Handling_Issues.txt
+++ b/Misc/CVE_Handling_Issues.txt
@ -1,6 +1,6 @@
 The patcher needs tweaks for the following:
-CVE-2019-19051
-CVE-2016-7117
-CVE-2013-2147
-CVE-2015-8746
-CVE-2021-Misc2/ANY/0043.patch
+- CVE-2019-19051
+- CVE-2016-7117
+- CVE-2013-2147 is meant for cciss_ioctl32_passthru but is detected in cciss_ioctl32_big_passthru
+- CVE-2015-8746 is meant for nfs_v4_2_minor_ops but is detected in nfs_v4_1_minor_ops
+- CVE-2021-Misc2/ANY/0043.patch is meant for WLANTL_RxCachedFrames but is detected in WLANTL_RxFrames
--- a/Patches/LineageOS-16.0/android_external_hardened_malloc/0002-Broken_Cameras.patch
+++ b/Patches/LineageOS-16.0/android_external_hardened_malloc/0002-Broken_Cameras.patch
@ -10,10 +10,10 @@ Change-Id: I23513ec0379bbb10829f989690334e9704fd20e2
 1 file changed, 2 insertions(+), 1 deletion(-)

 diff --git a/h_malloc.c b/h_malloc.c
-index de693c9..f680fa6 100644
+index dbedbd4..d0cf881 100644
 --- a/h_malloc.c
 +++ b/h_malloc.c
-@@ -1058,7 +1058,8 @@ COLD static void handle_bugs(void) {
+@@ -1069,7 +1069,8 @@ COLD static void handle_bugs(void) {
     }
 
     const char camera_provider[] = "/vendor/bin/hw/android.hardware.camera.provider@2.4-service_64";
--- a/Patches/LineageOS-16.0/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch
+++ b/Patches/LineageOS-16.0/android_frameworks_av/0001-HM-No_RLIMIT_AS.patch
@ -1,4 +1,4 @@
-From 14800a3e7070240a314cbd695f71984a888cc90f Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Daniel Micay <danielmicay@gmail.com>
 Date: Wed, 5 Dec 2018 09:29:25 -0500
 Subject: [PATCH] avoid setting RLIMIT_AS with hardened malloc
@ -13,7 +13,7 @@ Change-Id: Ibfb7164d764fcb9244055953bedc9a1c424cedcb
 1 file changed, 8 insertions(+)

 diff --git a/media/libmedia/MediaUtils.cpp b/media/libmedia/MediaUtils.cpp
-index bcdc3bdcf..de217c70b 100644
+index bcdc3bdcfe..de217c70bf 100644
 --- a/media/libmedia/MediaUtils.cpp
 +++ b/media/libmedia/MediaUtils.cpp
@@ -38,6 +38,14 @@ void limitProcessMemory(
--- a/Patches/LineageOS-18.1/android_bionic/0001-HM-Use_HM.patch
+++ b/Patches/LineageOS-18.1/android_bionic/0001-HM-Use_HM.patch
@ -14,7 +14,7 @@ Signed-off-by: anupritaisno1 <www.anuprita804@gmail.com>
 create mode 100644 libc/bionic/h_malloc_wrapper.cpp

 diff --git a/libc/Android.bp b/libc/Android.bp
-index 49108bf35..d7c066890 100644
+index ce714054a..1599d5ed9 100644
 --- a/libc/Android.bp
 +++ b/libc/Android.bp
@@ -50,6 +50,8 @@ libc_common_flags = [
--- a/Patches/LineageOS-18.1/android_bionic/0002-Graphene_Bionic_Hardening-1.patch
+++ b/Patches/LineageOS-18.1/android_bionic/0002-Graphene_Bionic_Hardening-1.patch
@ -22,10 +22,10 @@ optimization in the future.
 create mode 100644 libc/bionic/explicit_bzero.cpp

 diff --git a/libc/Android.bp b/libc/Android.bp
-index 78a7ef23c..4ee36c8df 100644
+index 1599d5ed9..d7c066890 100644
 --- a/libc/Android.bp
 +++ b/libc/Android.bp
-@@ -1055,6 +1055,7 @@ cc_library_static {
+@@ -1056,6 +1056,7 @@ cc_library_static {
         "bionic/error.cpp",
         "bionic/eventfd.cpp",
         "bionic/exec.cpp",
--- a/Scripts/LineageOS-16.0/Patch.sh
+++ b/Scripts/LineageOS-16.0/Patch.sh
@ -64,7 +64,7 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_bion
 if [ "$DOS_GRAPHENE_BIONIC" = true ]; then
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-1.patch"; #Add a real explicit_bzero implementation (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-2.patch"; #Replace brk and sbrk with stubs (GrapheneOS)
-applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS)
+#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS) #XXX: boot issues
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-4.patch"; #Fix undefined out-of-bounds accesses in sched.h (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-5.patch"; #Stop implicitly marking mappings as mergeable (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-6.patch"; #Replace VLA formatting buffer with dprintf (GrapheneOS)
--- a/Scripts/LineageOS-17.1/Patch.sh
+++ b/Scripts/LineageOS-17.1/Patch.sh
@ -69,7 +69,7 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_bion
 if [ "$DOS_GRAPHENE_BIONIC" = true ]; then
 applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-1.patch"; #Add a real explicit_bzero implementation (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-2.patch"; #Replace brk and sbrk with stubs (GrapheneOS)
-applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS)
+#applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS) #XXX: boot issues
 applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-4.patch"; #Fix undefined out-of-bounds accesses in sched.h (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-5.patch"; #Stop implicitly marking mappings as mergeable (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0003-Graphene_Bionic_Hardening-6.patch"; #Replace VLA formatting buffer with dprintf (GrapheneOS)
--- a/Scripts/LineageOS-18.1/Functions.sh
+++ b/Scripts/LineageOS-18.1/Functions.sh
@ -132,7 +132,7 @@ buildAll() {
 	buildDevice alioth avb;
 	#SD670
 	buildDevice bonito avb; #error: ln: cannot create symbolic link from '/data/vendor/rfs/mpss' to 'out/target/product/bonito/vendor/rfs/msm/mpss//readwrite':
-	buildDevice sargo avb;
+	#buildDevice sargo avb;
 }
 export -f buildAll;

--- a/Scripts/LineageOS-18.1/Patch.sh
+++ b/Scripts/LineageOS-18.1/Patch.sh
@ -64,7 +64,7 @@ if [ "$DOS_GRAPHENE_MALLOC" = true ]; then applyPatch "$DOS_PATCHES/android_bion
 if [ "$DOS_GRAPHENE_BIONIC" = true ]; then
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-1.patch"; #Add a real explicit_bzero implementation (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-2.patch"; #Replace brk and sbrk with stubs (GrapheneOS)
-applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS)
+#applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-3.patch"; #Use blocking getrandom and avoid urandom fallback (GrapheneOS) #XXX: boot issues
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-4.patch"; #Fix undefined out-of-bounds accesses in sched.h (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-5.patch"; #Stop implicitly marking mappings as mergeable (GrapheneOS)
 applyPatch "$DOS_PATCHES/android_bionic/0002-Graphene_Bionic_Hardening-6.patch"; #Replace VLA formatting with dprintf-like function (GrapheneOS)