diff options
-rw-r--r-- | main/linux-grsec/0003-route-Use-ipv4_mtu-instead-of-raw-rt_pmtu.patch | 40 | ||||
-rw-r--r-- | main/linux-grsec/APKBUILD | 6 |
2 files changed, 45 insertions, 1 deletions
diff --git a/main/linux-grsec/0003-route-Use-ipv4_mtu-instead-of-raw-rt_pmtu.patch b/main/linux-grsec/0003-route-Use-ipv4_mtu-instead-of-raw-rt_pmtu.patch new file mode 100644 index 0000000000..cdd2fb0ef1 --- /dev/null +++ b/main/linux-grsec/0003-route-Use-ipv4_mtu-instead-of-raw-rt_pmtu.patch @@ -0,0 +1,40 @@ +From cb6ccf09d6b94bec4def1ac5cf4678d12b216474 Mon Sep 17 00:00:00 2001 +From: Herbert Xu <herbert@gondor.apana.org.au> +Date: Tue, 28 Apr 2015 11:43:15 +0800 +Subject: [PATCH] route: Use ipv4_mtu instead of raw rt_pmtu + +The commit 3cdaa5be9e81a914e633a6be7b7d2ef75b528562 ("ipv4: Don't +increase PMTU with Datagram Too Big message") broke PMTU in cases +where the rt_pmtu value has expired but is smaller than the new +PMTU value. + +This obsolete rt_pmtu then prevents the new PMTU value from being +installed. + +Fixes: 3cdaa5be9e81 ("ipv4: Don't increase PMTU with Datagram Too Big message") +Reported-by: Gerd v. Egidy <gerd.von.egidy@intra2net.com> +Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/ipv4/route.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/net/ipv4/route.c b/net/ipv4/route.c +index a78540f..bff62fc 100644 +--- a/net/ipv4/route.c ++++ b/net/ipv4/route.c +@@ -962,10 +962,7 @@ static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu) + if (dst_metric_locked(dst, RTAX_MTU)) + return; + +- if (dst->dev->mtu < mtu) +- return; +- +- if (rt->rt_pmtu && rt->rt_pmtu < mtu) ++ if (ipv4_mtu(dst) < mtu) + return; + + if (mtu < ip_rt_min_pmtu) +-- +2.4.5 + diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 71edc627ed..43426489a7 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -7,7 +7,7 @@ case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=0 +pkgrel=1 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -22,6 +22,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz fix-memory-map-for-PIE-applications.patch 0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch 0002-ipv4-Don-t-increase-PMTU-with-Datagram-Too-Big-messa.patch + 0003-route-Use-ipv4_mtu-instead-of-raw-rt_pmtu.patch fix-spi-nor-namespace-clash.patch imx6q-no-unclocked-sleep.patch @@ -207,6 +208,7 @@ md5sums="9e854df51ca3fef8bfe566dbd7b89241 linux-3.18.tar.xz c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch b7f15811ab0ae0a1225c03cc2cc24411 0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch 5d708f155fff5fbbbeed2785423832e2 0002-ipv4-Don-t-increase-PMTU-with-Datagram-Too-Big-messa.patch +7aa2fef1b8b352bae5b924ded5d9cab7 0003-route-Use-ipv4_mtu-instead-of-raw-rt_pmtu.patch b0337a2a9abed17c37eae5db332522d2 fix-spi-nor-namespace-clash.patch 1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch 9c3fdf1aba9dffc9a5ebc16a2ba37735 config-grsec.x86 @@ -220,6 +222,7 @@ f416fc2bcdfa2eabed2680d55d102d78ca47e18f17fd206794ac285955f32452 grsecurity-3.1 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch b4a5d6fc7b1dfe43cee18cf47db3f588a4b8a03e6d474af9a6f9ef487233ba70 0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch e6cef82ab135a8ab23111a90b95d3d034eaed32d7c5829c0322aaac491b781b7 0002-ipv4-Don-t-increase-PMTU-with-Datagram-Too-Big-messa.patch +14b5fb04a3cc5118a74a100fff626c73e7f297c7a020af654f2942207fe39ec9 0003-route-Use-ipv4_mtu-instead-of-raw-rt_pmtu.patch 01279cfb93273d99670c56e2465957ecde3d03693beeb929a743f03afa0b7bdc fix-spi-nor-namespace-clash.patch 21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch 5fc6db215c9566d937ed5162cea3a554352ba82a7b6754552e46d02ec39368d7 config-grsec.x86 @@ -233,6 +236,7 @@ d5ee05c89c6416e70a92b0ae7f4ec5a4f1f7395e7e3ac1e5f7ee75f0a23aa2bc5cd8237cafa4defc 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch c5f7bda0a5bf88d7ce5de8c405ee5a018b652d70def2a5c6eea8e718b39efc0fed860bb61c70d950ba42cb11e0c264ee5ddd9a1505b7b60d19a56322ece894b6 0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch 0d533a7ae0fd7a524326312d5e10f505936941826766b778508c91698e1ba5b7125248cc6fbbb6adc27db0f6172a68c818fb12818e6d6a27cf4f85a961013bdb 0002-ipv4-Don-t-increase-PMTU-with-Datagram-Too-Big-messa.patch +af9059f3d62430e55c4105fcc28ebf4d176c0a642fc5594879eedbf5ab5bd605db32243bcbcfe5932487abe55f18ea9faee8b041dd14c3e1569331cb5db9a04f 0003-route-Use-ipv4_mtu-instead-of-raw-rt_pmtu.patch 4e3aeb70712f9838afea75fe9e6c1389414d833a89286ea55441d6a8d54ce74b0e39b565721e3153443af0a614bff57c767251b7e5b81faa5e0784eddfcd2164 fix-spi-nor-namespace-clash.patch 87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch 1c8861bd213f2ed5a5d4b6205ca3453958f110ad0245940c824a3ef3983a10a937adf7e401f087d7cc6e6d0054cbb187139ef426b6e00d7fa707aab20f1d2666 config-grsec.x86 |