Add the missing page sanitization to 3.18 kernels
All along they only had slub sanization :( Signed-off-by: Tad <tad@spotco.us>
This commit is contained in:
Tad
parent
3da5613dfc
commit
899ea17d4e
|
|
@ -1,21 +1,24 @@
|
|||
All 3.4+ kernels have some form of page sanitization, however 3.0, 3.4 and 4.4 lacks slub sanitization
|
||||
|
||||
3.0 and 3.4
|
||||
NEEDS slub_debug=P
|
||||
|
||||
3.10
|
||||
0006-AndroidHardening-Kernel_Hardening/3.10/0007.patch:Subject: [PATCH] add page sanitization / verification
|
||||
0006-AndroidHardening-Kernel_Hardening/3.10/0008.patch:Subject: [PATCH] add slub sanitization
|
||||
0006-AndroidHardening-Kernel_Hardening/3.10/0009.patch:Subject: [PATCH] slub: add check for write-after-free
|
||||
TODO
|
||||
|
||||
3.18
|
||||
0006-AndroidHardening-Kernel_Hardening/3.18/0024.patch:Subject: [PATCH] add page sanitization / verification
|
||||
0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch:Subject: [PATCH] add slub sanitization
|
||||
0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch:Subject: [PATCH] slub: add check for write-after-free
|
||||
DOES NOT SUPPORT page_posion=1: zte/msm8996, google/dragon, motorola/msm8996, lge/msm8996, samsung/universal8890, xiaomi/msm8937, oneplus/msm8996
|
||||
|
||||
4.4
|
||||
0008-Graphene-Kernel_Hardening/4.4/0020.patch:Subject: [PATCH] add simpler page sanitization
|
||||
0008-Graphene-Kernel_Hardening/4.4/0021.patch:Subject: [PATCH] add support for verifying page sanitization
|
||||
0008-Graphene-Kernel_Hardening/4.4/0022.patch:Subject: [PATCH] slub: add basic full slab sanitization
|
||||
0008-Graphene-Kernel_Hardening/4.4/0023.patch:Subject: [PATCH] slub: add support for verifying slab sanitization
|
||||
NEEDS slub_debug=P and page_poison=1: yandex/sdm660, oneplus/msm8998, razer/msm8998, sony/sdm660, xiaomi/sdm660, essential/msm8998, fxtec/msm8998, zuk/msm8996
|
||||
NEEDS slub_debug=P: yandex/sdm660, oneplus/msm8998, razer/msm8998, sony/sdm660, xiaomi/sdm660, essential/msm8998, fxtec/msm8998, zuk/msm8996
|
||||
|
||||
4.9
|
||||
0008-Graphene-Kernel_Hardening/4.9/0035.patch:Subject: [PATCH] add simpler page sanitization
|
||||
|
|
@ -23,18 +26,16 @@ NEEDS slub_debug=P and page_poison=1: yandex/sdm660, oneplus/msm8998, razer/msm8
|
|||
0008-Graphene-Kernel_Hardening/4.9/0037.patch:Subject: [PATCH] slub: add basic full slab sanitization
|
||||
0008-Graphene-Kernel_Hardening/4.9/0038.patch:Subject: [PATCH] slub: add support for verifying slab sanitization
|
||||
|
||||
INIT_ON_ALLOC/INIT_ON_FREE
|
||||
4.14
|
||||
0008-Graphene-Kernel_Hardening/4.14/0063.patch:Subject: [PATCH] mm: add support for verifying page sanitization
|
||||
0008-Graphene-Kernel_Hardening/4.14/0064.patch:Subject: [PATCH] slub: Extend init_on_free to slab caches with constructors
|
||||
0008-Graphene-Kernel_Hardening/4.14/0065.patch:Subject: [PATCH] slub: Add support for verifying slab sanitization
|
||||
0008-Graphene-Kernel_Hardening/4.14/0066.patch:Subject: [PATCH] slub: Extend init_on_alloc to slab caches with constructors
|
||||
NEEDS slub_debug=P and page_poison=1: xiaomi/sm6150
|
||||
NEEDS slub_debug=P: xiaomi/sm6150
|
||||
|
||||
4.19
|
||||
0008-Graphene-Kernel_Hardening/4.19/0093.patch:Subject: [PATCH] mm: add support for verifying page sanitization
|
||||
0008-Graphene-Kernel_Hardening/4.19/0094.patch:Subject: [PATCH] slub: Extend init_on_free to slab caches with constructors
|
||||
0008-Graphene-Kernel_Hardening/4.19/0095.patch:Subject: [PATCH] slub: Add support for verifying slab sanitization
|
||||
0008-Graphene-Kernel_Hardening/4.19/0096.patch:Subject: [PATCH] slub: Extend init_on_alloc to slab caches with constructors
|
||||
NEEDS slub_debug=P and page_poison=1: oneplus/sm7250
|
||||
MISSING: oneplus/sm8150, google/redbull
|
||||
NEEDS slub_debug=P: oneplus/sm7250
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
Subproject commit eda155c1f9eab8bdd1dca500e60b6457f09aac8b
|
||||
Subproject commit c24dc1e845c5835a316edd43d109b426bde077f1
|
||||
|
|
@ -13,6 +13,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00
|
|||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0021.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0022.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0023.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0024-other3.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0027.patch
|
||||
|
|
@ -704,5 +705,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
||||
editKernelLocalversion "-dos.p704"
|
||||
editKernelLocalversion "-dos.p705"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0003-syzkaller-Misc/ANY/0011.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0021.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0022.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0023.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0024-other1.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch
|
||||
#git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0027.patch
|
||||
|
|
@ -667,5 +668,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
||||
editKernelLocalversion "-dos.p667"
|
||||
editKernelLocalversion "-dos.p668"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00
|
|||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0020.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0022.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0023.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0024-other2.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0027.patch
|
||||
|
|
@ -557,5 +558,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
||||
editKernelLocalversion "-dos.p557"
|
||||
editKernelLocalversion "-dos.p558"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00
|
|||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0021.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0022.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0023.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0024-other2.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0027.patch
|
||||
|
|
@ -647,5 +648,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26145/qcacld-2.0/0008.patch --directory=drivers/staging/qcacld-2.0
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
||||
editKernelLocalversion "-dos.p647"
|
||||
editKernelLocalversion "-dos.p648"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00
|
|||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0020.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0022.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0023.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0024-other2.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0027.patch
|
||||
|
|
@ -418,5 +419,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26145/qcacld-2.0/0008.patch --directory=drivers/staging/qcacld-2.0
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
||||
editKernelLocalversion "-dos.p418"
|
||||
editKernelLocalversion "-dos.p419"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00
|
|||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0020.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0022.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0023.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0024-other2.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0027.patch
|
||||
|
|
@ -565,5 +566,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
||||
editKernelLocalversion "-dos.p565"
|
||||
editKernelLocalversion "-dos.p566"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00
|
|||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0020.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0022.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0023.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0024-other2.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0027.patch
|
||||
|
|
@ -544,5 +545,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2019-14283/3.18/0004.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
||||
editKernelLocalversion "-dos.p544"
|
||||
editKernelLocalversion "-dos.p545"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@ git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/00
|
|||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0020.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0022.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0023.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0024-other2.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0025.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0026.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/0006-AndroidHardening-Kernel_Hardening/3.18/0027.patch
|
||||
|
|
@ -463,5 +464,5 @@ git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-0466/3.18/0003.patch
|
|||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-26145/qcacld-2.0/0008.patch --directory=drivers/staging/qcacld-2.0
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2020-29660/3.18/0007.patch
|
||||
git apply $DOS_PATCHES_LINUX_CVES/CVE-2021-37159/4.4/0006.patch
|
||||
editKernelLocalversion "-dos.p463"
|
||||
editKernelLocalversion "-dos.p464"
|
||||
cd "$DOS_BUILD_BASE"
|
||||
|
|
|
|||
Loading…
Reference in New Issue