diff options
Diffstat (limited to 'main')
-rw-r--r-- | main/linux-grsec/APKBUILD | 18 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.9.1-3.10.16-unofficial.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.10.15-unofficial.patch) | 197 | ||||
-rw-r--r-- | main/linux-grsec/ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch | 118 |
3 files changed, 97 insertions, 236 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index f3ad5cc1f4..c38020a873 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,7 +2,7 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.10.15 +pkgver=3.10.16 case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; @@ -26,7 +26,6 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch fix-memory-map-for-PIE-applications.patch - ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch kernelconfig.x86 kernelconfig.x86_64 @@ -151,8 +150,8 @@ dev() { } md5sums="4f25cd5bec5f8d5a7d935b3f2ccb8481 linux-3.10.tar.xz -70cc9bd12b04382c3783da96edda4562 patch-3.10.15.xz -84a82b973a08abc43cbf74a8935c59ae grsecurity-2.9.1-3.10.15-unofficial.patch +029a48f796bcf8c36fad09cfe689be5a patch-3.10.16.xz +b2c8994b3b2fa2a2da739f8c78d60fee grsecurity-2.9.1-3.10.16-unofficial.patch a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch @@ -160,12 +159,11 @@ aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-p 6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch -bbb9f3edd60fd5c53ac98f4eab83641c ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch 866e6c4daed45d563829804f8ad50ed9 kernelconfig.x86 272aaddd0a19a5052208bc25551995a3 kernelconfig.x86_64" sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz -bb0108609a95ddfe5030938e45ad123445af4e29510a0b1bd8cede89de8c013b patch-3.10.15.xz -02736977e0abd475ba3c463b381186d306fd2f6c264968c47c685f0fce08c820 grsecurity-2.9.1-3.10.15-unofficial.patch +115e02fe0a38eefdb1e4b1fa5e5878cb6b007db08e18901c2c4fb20a279790f4 patch-3.10.16.xz +89beaae3759cc53a3b061e48bbcdfaf53d7333959c6a22090aaf40eaf540e2e0 grsecurity-2.9.1-3.10.16-unofficial.patch 6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch @@ -173,12 +171,11 @@ dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch -4e2ac6cf0b5f6ef4c2f468aedb3f4b7a2737ef3abef4cf712492ba5daec4b30d ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch 7fd28634998ef1fddafed5f2516e902924245d2464b9e86476bfaa55ccfc3bc3 kernelconfig.x86 f2843ae4f9b3e3c27f3138ce4b740c2803bdab0c7a910c662d951843803b9554 kernelconfig.x86_64" sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz -41f612dc912df68a69bb44343748be5c7b3c1525654890a1d896f466ef6aa22d35343f59a2c4319cde1858a6407f9366817c762670dd711d9ff2890291fa60cc patch-3.10.15.xz -7838f4f43c1259d587979255a403b17be26d687aac91d43084417057267fd12643e99beccfbe21f22ed3d423080d9cdd7086598c8cc7e922ddae1024ce1f8005 grsecurity-2.9.1-3.10.15-unofficial.patch +34cf05008f8992b7cd4d4f34b13a6a55df75ce53328eef10119069f5b60e89fce18d786bdf47ed60083535917e8113a4b0da66530b9b783cfef271b433c0f58b patch-3.10.16.xz +474ea9a25e1356772b079db354108dd14755853f89003996af0482a1a21b83a6e592167a7e4e456afd33d4bddef5f2165f38c0e5b2ec5c0a2dec53a8ebd7c6e9 grsecurity-2.9.1-3.10.16-unofficial.patch 81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch 51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch 57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch @@ -186,6 +183,5 @@ d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d71 28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch 249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch -39fc019ac5ea5ada03c29846f22ddab0735e288bb3ad8d2109628e5d77d24bd09e6972eea6ee912768391399efe069e77c0e53b8a22329328bcc51f09f963f05 ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch 1721542ff111c8ec550323dae6f6174131db180668cbf14f01dc4c76ffbbb479715919a80c35d8c8ac22a6479dd3b42700be6ddc5ef2a8b6a62de811c7ae86df kernelconfig.x86 d49bf57bd0aae17d762d87d5bf983e48219d71ca44bc0c3120db94d357192c07146a8938cef9d435218e4bb748691ec426387545837be637d47e45cdc4482d71 kernelconfig.x86_64" diff --git a/main/linux-grsec/grsecurity-2.9.1-3.10.15-unofficial.patch b/main/linux-grsec/grsecurity-2.9.1-3.10.16-unofficial.patch index bd0f3808e8..e11ab9abf4 100644 --- a/main/linux-grsec/grsecurity-2.9.1-3.10.15-unofficial.patch +++ b/main/linux-grsec/grsecurity-2.9.1-3.10.16-unofficial.patch @@ -281,7 +281,7 @@ index 2fe6e76..889ee23 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 9a77179..052a254 100644 +index e9528d2..0c2aa58 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -8222,10 +8222,10 @@ index 887e99d..310bc11 100644 } else { err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]); diff --git a/arch/powerpc/kernel/sysfs.c b/arch/powerpc/kernel/sysfs.c -index e68a845..8b140e6 100644 +index a15fd1a..869d32c 100644 --- a/arch/powerpc/kernel/sysfs.c +++ b/arch/powerpc/kernel/sysfs.c -@@ -522,7 +522,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self, +@@ -536,7 +536,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -9604,7 +9604,7 @@ index d432fb2..6056af1 100644 extra-y := head_$(BITS).o diff --git a/arch/sparc/kernel/ds.c b/arch/sparc/kernel/ds.c -index 5ef48da..11d460f 100644 +index 252f876..2656fdd 100644 --- a/arch/sparc/kernel/ds.c +++ b/arch/sparc/kernel/ds.c @@ -783,6 +783,16 @@ void ldom_set_var(const char *var, const char *value) @@ -9984,7 +9984,7 @@ index 2daaaa6..4fb84dc 100644 mm->unmap_area = arch_unmap_area_topdown; } diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S -index 22a1098..6255eb9 100644 +index 73ec8a7..4611979 100644 --- a/arch/sparc/kernel/syscalls.S +++ b/arch/sparc/kernel/syscalls.S @@ -52,7 +52,7 @@ sys32_rt_sigreturn: @@ -9998,13 +9998,13 @@ index 22a1098..6255eb9 100644 call syscall_trace_leave @@ -184,7 +184,7 @@ linux_sparc_syscall32: - srl %i5, 0, %o5 ! IEU1 + srl %i3, 0, %o3 ! IEU0 srl %i2, 0, %o2 ! IEU0 Group - andcc %l0, (_TIF_SYSCALL_TRACE|_TIF_SECCOMP|_TIF_SYSCALL_AUDIT|_TIF_SYSCALL_TRACEPOINT), %g0 + andcc %l0, _TIF_WORK_SYSCALL, %g0 bne,pn %icc, linux_syscall_trace32 ! CTI mov %i0, %l5 ! IEU1 - call %l7 ! CTI Group brk forced + 5: call %l7 ! CTI Group brk forced @@ -207,7 +207,7 @@ linux_sparc_syscall: mov %i3, %o3 ! IEU1 @@ -10500,10 +10500,10 @@ index 85c233d..68500e0 100644 cmp %g1, %g7 bne,pn %xcc, BACKOFF_LABEL(2f, 1b) diff --git a/arch/sparc/lib/ksyms.c b/arch/sparc/lib/ksyms.c -index 0c4e35e..745d3e4 100644 +index 323335b..ed85ea2 100644 --- a/arch/sparc/lib/ksyms.c +++ b/arch/sparc/lib/ksyms.c -@@ -109,12 +109,18 @@ EXPORT_SYMBOL(__downgrade_write); +@@ -100,12 +100,18 @@ EXPORT_SYMBOL(__clear_user); /* Atomic counter implementation. */ EXPORT_SYMBOL(atomic_add); @@ -36418,19 +36418,10 @@ index e8d11b6..7b1b36f 100644 } EXPORT_SYMBOL_GPL(unregister_syscore_ops); diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c -index 62b6c2c..4a11354 100644 +index 90a4e6b..002d10f 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c -@@ -1189,6 +1189,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, - int err; - u32 cp; - -+ memset(&arg64, 0, sizeof(arg64)); -+ - err = 0; - err |= - copy_from_user(&arg64.LUN_info, &arg32->LUN_info, -@@ -3010,7 +3012,7 @@ static void start_io(ctlr_info_t *h) +@@ -3011,7 +3011,7 @@ static void start_io(ctlr_info_t *h) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, CommandList_struct, list); /* can't do anything if fifo is full */ @@ -36439,7 +36430,7 @@ index 62b6c2c..4a11354 100644 dev_warn(&h->pdev->dev, "fifo full\n"); break; } -@@ -3020,7 +3022,7 @@ static void start_io(ctlr_info_t *h) +@@ -3021,7 +3021,7 @@ static void start_io(ctlr_info_t *h) h->Qdepth--; /* Tell the controller execute command */ @@ -36448,7 +36439,7 @@ index 62b6c2c..4a11354 100644 /* Put job onto the completed Q */ addQ(&h->cmpQ, c); -@@ -3446,17 +3448,17 @@ startio: +@@ -3447,17 +3447,17 @@ startio: static inline unsigned long get_next_completion(ctlr_info_t *h) { @@ -36469,7 +36460,7 @@ index 62b6c2c..4a11354 100644 (h->interrupts_enabled == 0)); } -@@ -3489,7 +3491,7 @@ static inline u32 next_command(ctlr_info_t *h) +@@ -3490,7 +3490,7 @@ static inline u32 next_command(ctlr_info_t *h) u32 a; if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant))) @@ -36478,7 +36469,7 @@ index 62b6c2c..4a11354 100644 if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) { a = *(h->reply_pool_head); /* Next cmd in ring buffer */ -@@ -4046,7 +4048,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h) +@@ -4047,7 +4047,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h) trans_support & CFGTBL_Trans_use_short_tags); /* Change the access methods to the performant access methods */ @@ -36487,7 +36478,7 @@ index 62b6c2c..4a11354 100644 h->transMethod = CFGTBL_Trans_Performant; return; -@@ -4319,7 +4321,7 @@ static int cciss_pci_init(ctlr_info_t *h) +@@ -4320,7 +4320,7 @@ static int cciss_pci_init(ctlr_info_t *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -36496,7 +36487,7 @@ index 62b6c2c..4a11354 100644 if (cciss_board_disabled(h)) { dev_warn(&h->pdev->dev, "controller appears to be disabled\n"); -@@ -5051,7 +5053,7 @@ reinit_after_soft_reset: +@@ -5052,7 +5052,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -36505,7 +36496,7 @@ index 62b6c2c..4a11354 100644 rc = cciss_request_irq(h, do_cciss_msix_intr, do_cciss_intx); if (rc) goto clean2; -@@ -5101,7 +5103,7 @@ reinit_after_soft_reset: +@@ -5102,7 +5102,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -36514,7 +36505,7 @@ index 62b6c2c..4a11354 100644 spin_unlock_irqrestore(&h->lock, flags); free_irq(h->intr[h->intr_mode], h); rc = cciss_request_irq(h, cciss_msix_discard_completions, -@@ -5121,9 +5123,9 @@ reinit_after_soft_reset: +@@ -5122,9 +5122,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -36526,7 +36517,7 @@ index 62b6c2c..4a11354 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -5146,7 +5148,7 @@ reinit_after_soft_reset: +@@ -5147,7 +5147,7 @@ reinit_after_soft_reset: cciss_scsi_setup(h); /* Turn the interrupts on so we can service requests */ @@ -36535,7 +36526,7 @@ index 62b6c2c..4a11354 100644 /* Get the firmware version */ inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL); -@@ -5218,7 +5220,7 @@ static void cciss_shutdown(struct pci_dev *pdev) +@@ -5219,7 +5219,7 @@ static void cciss_shutdown(struct pci_dev *pdev) kfree(flush_buf); if (return_code != IO_OK) dev_warn(&h->pdev->dev, "Error flushing cache\n"); @@ -36558,7 +36549,7 @@ index 7fda30e..eb5dfe0 100644 /* queue and queue Info */ struct list_head reqQ; diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c -index 639d26b..fd6ad1f 100644 +index 2b94403..fd6ad1f 100644 --- a/drivers/block/cpqarray.c +++ b/drivers/block/cpqarray.c @@ -404,7 +404,7 @@ static int cpqarray_register_ctlr(int i, struct pci_dev *pdev) @@ -36633,15 +36624,7 @@ index 639d26b..fd6ad1f 100644 a1 = a; a &= ~3; if ((c = h->cmpQ) == NULL) { -@@ -1193,6 +1193,7 @@ out_passthru: - ida_pci_info_struct pciinfo; - - if (!arg) return -EINVAL; -+ memset(&pciinfo, 0, sizeof(pciinfo)); - pciinfo.bus = host->pci_dev->bus->number; - pciinfo.dev_fn = host->pci_dev->devfn; - pciinfo.board_id = host->board_id; -@@ -1447,11 +1448,11 @@ static int sendcmd( +@@ -1448,11 +1448,11 @@ static int sendcmd( /* * Disable interrupt */ @@ -36655,7 +36638,7 @@ index 639d26b..fd6ad1f 100644 if (temp != 0) { break; } -@@ -1464,7 +1465,7 @@ DBG( +@@ -1465,7 +1465,7 @@ DBG( /* * Send the cmd */ @@ -36664,7 +36647,7 @@ index 639d26b..fd6ad1f 100644 complete = pollcomplete(ctlr); pci_unmap_single(info_p->pci_dev, (dma_addr_t) c->req.sg[0].addr, -@@ -1547,9 +1548,9 @@ static int revalidate_allvol(ctlr_info_t *host) +@@ -1548,9 +1548,9 @@ static int revalidate_allvol(ctlr_info_t *host) * we check the new geometry. Then turn interrupts back on when * we're done. */ @@ -36676,7 +36659,7 @@ index 639d26b..fd6ad1f 100644 for(i=0; i<NWD; i++) { struct gendisk *disk = ida_gendisk[ctlr][i]; -@@ -1589,7 +1590,7 @@ static int pollcomplete(int ctlr) +@@ -1590,7 +1590,7 @@ static int pollcomplete(int ctlr) /* Wait (up to 2 seconds) for a command to complete */ for (i = 200000; i > 0; i--) { @@ -39929,10 +39912,10 @@ index 8c04943..4370ed9 100644 err = drm_debugfs_create_files(dc->debugfs_files, ARRAY_SIZE(debugfs_files), diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index ca959cf..f6c5f7d 100644 +index e04bf0ef..500861b 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -2340,7 +2340,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); +@@ -2358,7 +2358,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); int hid_add_device(struct hid_device *hdev) { @@ -39941,7 +39924,7 @@ index ca959cf..f6c5f7d 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2374,7 +2374,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2392,7 +2392,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -40017,7 +40000,7 @@ index 90124ff..3761764 100644 *off += size; diff --git a/drivers/hid/uhid.c b/drivers/hid/uhid.c -index fc307e0..2b255e8 100644 +index 145a4cb..2353a3e 100644 --- a/drivers/hid/uhid.c +++ b/drivers/hid/uhid.c @@ -47,7 +47,7 @@ struct uhid_device { @@ -43644,10 +43627,10 @@ index f9d5615..99dd95f 100644 struct sm_sysfs_attribute *vendor_attribute; diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c -index 666cf3a..60693be 100644 +index 8395b09..ff4d276 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c -@@ -4876,7 +4876,7 @@ static unsigned int bond_get_num_tx_queues(void) +@@ -4883,7 +4883,7 @@ static unsigned int bond_get_num_tx_queues(void) return tx_queues; } @@ -43656,7 +43639,7 @@ index 666cf3a..60693be 100644 .kind = "bond", .priv_size = sizeof(struct bonding), .setup = bond_setup, -@@ -5001,8 +5001,8 @@ static void __exit bonding_exit(void) +@@ -5008,8 +5008,8 @@ static void __exit bonding_exit(void) bond_destroy_debugfs(); @@ -43985,7 +43968,7 @@ index d3f8797..82a03d3 100644 vlan_req = (struct qlcnic_vlan_req *)&req->words[1]; vlan_req->vlan_id = cpu_to_le16(vlan_id); diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index 393f961..d343034 100644 +index 7199d2a..0cae710 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c @@ -753,22 +753,22 @@ struct rtl8169_private { @@ -44201,10 +44184,10 @@ index b305105..8ead6df 100644 }; diff --git a/drivers/net/tun.c b/drivers/net/tun.c -index 7b54f4f..1a453eb 100644 +index b18ead5..109dcbd 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c -@@ -1871,7 +1871,7 @@ unlock: +@@ -1876,7 +1876,7 @@ unlock: } static long __tun_chr_ioctl(struct file *file, unsigned int cmd, @@ -44213,7 +44196,7 @@ index 7b54f4f..1a453eb 100644 { struct tun_file *tfile = file->private_data; struct tun_struct *tun; -@@ -1883,6 +1883,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, +@@ -1888,6 +1888,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, int vnet_hdr_sz; int ret; @@ -52795,7 +52778,7 @@ index bce8769..7fc7544 100644 fd_offset + ex.a_text); if (error != N_DATADDR(ex)) { diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index f8a0b0e..6f036ed 100644 +index 3aac8e9..1fd8b35 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -34,6 +34,7 @@ @@ -53437,12 +53420,12 @@ index f8a0b0e..6f036ed 100644 + if (current->mm->pax_flags & MF_PAX_RANDMMAP) { + unsigned long start, size, flags; + vm_flags_t vm_flags; -+ + + start = ELF_PAGEALIGN(elf_brk); + size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4); + flags = MAP_FIXED | MAP_PRIVATE; + vm_flags = VM_DONTEXPAND | VM_DONTDUMP; - ++ + down_write(¤t->mm->mmap_sem); + start = get_unmapped_area(NULL, start, PAGE_ALIGN(size), 0, flags); + retval = -ENOMEM; @@ -53508,7 +53491,7 @@ index f8a0b0e..6f036ed 100644 set_fs(old_fs); fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata); } -@@ -2019,14 +2474,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -2025,14 +2480,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -53525,7 +53508,7 @@ index f8a0b0e..6f036ed 100644 return size; } -@@ -2119,7 +2574,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2125,7 +2580,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -53534,7 +53517,7 @@ index f8a0b0e..6f036ed 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -2133,10 +2588,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2139,10 +2594,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -53547,7 +53530,7 @@ index f8a0b0e..6f036ed 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -2150,7 +2607,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2156,7 +2613,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -53556,7 +53539,7 @@ index f8a0b0e..6f036ed 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2161,6 +2618,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2167,6 +2624,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -53564,7 +53547,7 @@ index f8a0b0e..6f036ed 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2185,7 +2643,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2191,7 +2649,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -53573,7 +53556,7 @@ index f8a0b0e..6f036ed 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2194,6 +2652,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2200,6 +2658,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -53581,7 +53564,7 @@ index f8a0b0e..6f036ed 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2211,6 +2670,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2217,6 +2676,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -53589,7 +53572,7 @@ index f8a0b0e..6f036ed 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2231,6 +2691,167 @@ out: +@@ -2237,6 +2697,167 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -78512,7 +78495,7 @@ index 53f464d..0bd0b49 100644 #endif /* _NET_INETPEER_H */ diff --git a/include/net/ip.h b/include/net/ip.h -index a68f838..74518ab 100644 +index edfa591..a643b82 100644 --- a/include/net/ip.h +++ b/include/net/ip.h @@ -202,7 +202,7 @@ extern struct local_ports { @@ -84657,7 +84640,7 @@ index 02fc5c9..e54c335 100644 mutex_unlock(&smpboot_threads_lock); put_online_cpus(); diff --git a/kernel/softirq.c b/kernel/softirq.c -index 3d6833f..da6d93d 100644 +index 787b3a0..07213e9 100644 --- a/kernel/softirq.c +++ b/kernel/softirq.c @@ -53,11 +53,11 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned; @@ -84683,7 +84666,7 @@ index 3d6833f..da6d93d 100644 trace_softirq_exit(vec_nr); if (unlikely(prev_count != preempt_count())) { printk(KERN_ERR "huh, entered softirq %u %s %p" -@@ -405,7 +405,7 @@ void __raise_softirq_irqoff(unsigned int nr) +@@ -414,7 +414,7 @@ void __raise_softirq_irqoff(unsigned int nr) or_softirq_pending(1UL << nr); } @@ -84692,7 +84675,7 @@ index 3d6833f..da6d93d 100644 { softirq_vec[nr].action = action; } -@@ -461,7 +461,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t) +@@ -470,7 +470,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t) EXPORT_SYMBOL(__tasklet_hi_schedule_first); @@ -84701,7 +84684,7 @@ index 3d6833f..da6d93d 100644 { struct tasklet_struct *list; -@@ -496,7 +496,7 @@ static void tasklet_action(struct softirq_action *a) +@@ -505,7 +505,7 @@ static void tasklet_action(struct softirq_action *a) } } @@ -84710,7 +84693,7 @@ index 3d6833f..da6d93d 100644 { struct tasklet_struct *list; -@@ -730,7 +730,7 @@ static int __cpuinit remote_softirq_cpu_notify(struct notifier_block *self, +@@ -739,7 +739,7 @@ static int __cpuinit remote_softirq_cpu_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -84719,7 +84702,7 @@ index 3d6833f..da6d93d 100644 .notifier_call = remote_softirq_cpu_notify, }; -@@ -847,11 +847,11 @@ static int __cpuinit cpu_callback(struct notifier_block *nfb, +@@ -856,11 +856,11 @@ static int __cpuinit cpu_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -88013,7 +87996,7 @@ index 4baf12e..5497066 100644 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); diff --git a/mm/migrate.c b/mm/migrate.c -index 6f0c244..6d1ae32 100644 +index 25ca7ca..abe1836 100644 --- a/mm/migrate.c +++ b/mm/migrate.c @@ -1399,8 +1399,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, @@ -92002,10 +91985,10 @@ index 0bb3b59..0e3052e 100644 /* inform the destination node that we are still missing a correct route diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c -index ace5e55..a65a1c0 100644 +index 7c88f5f..b65befb 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c -@@ -2211,16 +2211,16 @@ int hci_register_dev(struct hci_dev *hdev) +@@ -2222,16 +2222,16 @@ int hci_register_dev(struct hci_dev *hdev) list_add(&hdev->list, &hci_dev_list); write_unlock(&hci_dev_list_lock); @@ -92200,7 +92183,7 @@ index 3d110c4..4e1b2eb 100644 break; } diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c -index 2bd4b58..0dc30a1 100644 +index 0f45522..dab651f 100644 --- a/net/caif/cfctrl.c +++ b/net/caif/cfctrl.c @@ -10,6 +10,7 @@ @@ -92744,7 +92727,7 @@ index f9765203..9feaef8 100644 return error; } diff --git a/net/core/netpoll.c b/net/core/netpoll.c -index cec074b..a53a938 100644 +index b04f738..452b054 100644 --- a/net/core/netpoll.c +++ b/net/core/netpoll.c @@ -428,7 +428,7 @@ void netpoll_send_udp(struct netpoll *np, const char *msg, int len) @@ -93133,10 +93116,10 @@ index 55e1fd5..fd602b8 100644 *hc06_ptr = tmp; hc06_ptr += 4; diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c -index d01be2a..8976537 100644 +index c4adc31..ba1739f 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c -@@ -1703,13 +1703,9 @@ static int __init inet_init(void) +@@ -1701,13 +1701,9 @@ static int __init inet_init(void) BUILD_BUG_ON(sizeof(struct inet_skb_parm) > FIELD_SIZEOF(struct sk_buff, cb)); @@ -93151,7 +93134,7 @@ index d01be2a..8976537 100644 rc = proto_register(&udp_prot, 1); if (rc) -@@ -1818,8 +1814,6 @@ out_unregister_udp_proto: +@@ -1816,8 +1812,6 @@ out_unregister_udp_proto: proto_unregister(&udp_prot); out_unregister_tcp_proto: proto_unregister(&tcp_prot); @@ -93350,7 +93333,7 @@ index 6af375a..c493c74 100644 inet_twsk_deschedule(tw, death_row); while (twrefcnt) { diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c -index 000e3d2..5472da3 100644 +index 33d5537..da337a4 100644 --- a/net/ipv4/inetpeer.c +++ b/net/ipv4/inetpeer.c @@ -503,8 +503,8 @@ relookup: @@ -93669,7 +93652,7 @@ index 7d93d62..cbbf2a3 100644 static int ping_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c -index 61e60d6..d6996cd 100644 +index 6fb2337..9cd6b20 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c @@ -309,7 +309,7 @@ static int raw_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -94243,7 +94226,7 @@ index 9a459be..086b866 100644 return -ENOMEM; } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index d3057f9..80a31d8 100644 +index b78a3ee..8f5113c 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -621,7 +621,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb, @@ -94255,7 +94238,7 @@ index d3057f9..80a31d8 100644 net->dev_base_seq; hlist_for_each_entry_rcu(dev, head, index_hlist) { if (idx < s_idx) -@@ -2378,7 +2378,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) +@@ -2405,7 +2405,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) p.iph.ihl = 5; p.iph.protocol = IPPROTO_IPV6; p.iph.ttl = 64; @@ -94264,7 +94247,7 @@ index d3057f9..80a31d8 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); -@@ -4000,7 +4000,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, +@@ -4027,7 +4027,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb, s_ip_idx = ip_idx = cb->args[2]; rcu_read_lock(); @@ -94273,7 +94256,7 @@ index d3057f9..80a31d8 100644 for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) { idx = 0; head = &net->dev_index_head[h]; -@@ -4585,7 +4585,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) +@@ -4612,7 +4612,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) dst_free(&ifp->rt->dst); break; } @@ -94282,7 +94265,7 @@ index d3057f9..80a31d8 100644 } static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp) -@@ -4605,7 +4605,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write, +@@ -4632,7 +4632,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -94291,7 +94274,7 @@ index d3057f9..80a31d8 100644 int ret; /* -@@ -4687,7 +4687,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write, +@@ -4714,7 +4714,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -94327,7 +94310,7 @@ index 70e704d..a4293c8 100644 table = kmemdup(ipv6_icmp_table_template, sizeof(ipv6_icmp_table_template), diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c -index ecd6073..58162ae 100644 +index 1f9a1a5..413e487 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -74,7 +74,7 @@ struct ip6gre_net { @@ -94367,7 +94350,7 @@ index ecd6073..58162ae 100644 .maxtype = IFLA_GRE_MAX, .policy = ip6gre_policy, diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c -index 1e55866..b398dab 100644 +index 0516ebb..a5f065b 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -88,7 +88,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) @@ -94674,7 +94657,7 @@ index bacce6c..9d1741a 100644 table = kmemdup(ipv6_route_table_template, sizeof(ipv6_route_table_template), diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c -index 60df36d..f3ab7c8 100644 +index 0491264..c403222 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev); @@ -94686,7 +94669,7 @@ index 60df36d..f3ab7c8 100644 static int sit_net_id __read_mostly; struct sit_net { -@@ -1453,7 +1453,7 @@ static const struct nla_policy ipip6_policy[IFLA_IPTUN_MAX + 1] = { +@@ -1507,7 +1507,7 @@ static const struct nla_policy ipip6_policy[IFLA_IPTUN_MAX + 1] = { #endif }; @@ -95444,7 +95427,7 @@ index f6046d9..4f10cfd 100644 cp->old_state = cp->state; /* diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c -index b75ff64..0c51bbe 100644 +index c47444e..b0961c6 100644 --- a/net/netfilter/ipvs/ip_vs_xmit.c +++ b/net/netfilter/ipvs/ip_vs_xmit.c @@ -1102,7 +1102,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, @@ -96606,10 +96589,10 @@ index f226709..0e735a8 100644 ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c -index 391a245..296b3d7 100644 +index 422d8bd..2a65859 100644 --- a/net/sctp/ipv6.c +++ b/net/sctp/ipv6.c -@@ -981,7 +981,7 @@ static const struct inet6_protocol sctpv6_protocol = { +@@ -965,7 +965,7 @@ static const struct inet6_protocol sctpv6_protocol = { .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL, }; @@ -96618,7 +96601,7 @@ index 391a245..296b3d7 100644 .sa_family = AF_INET6, .sctp_xmit = sctp_v6_xmit, .setsockopt = ipv6_setsockopt, -@@ -1013,7 +1013,7 @@ static struct sctp_af sctp_af_inet6 = { +@@ -997,7 +997,7 @@ static struct sctp_af sctp_af_inet6 = { #endif }; @@ -96627,7 +96610,7 @@ index 391a245..296b3d7 100644 .event_msgname = sctp_inet6_event_msgname, .skb_msgname = sctp_inet6_skb_msgname, .af_supported = sctp_inet6_af_supported, -@@ -1038,7 +1038,7 @@ void sctp_v6_pf_init(void) +@@ -1022,7 +1022,7 @@ void sctp_v6_pf_init(void) void sctp_v6_pf_exit(void) { @@ -96707,10 +96690,10 @@ index 8aab894..f6b7e7d 100644 sctp_generate_t1_cookie_event, sctp_generate_t1_init_event, diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index 6abb1ca..1678f8b 100644 +index 79bc251..4530ee0 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c -@@ -2167,11 +2167,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, +@@ -2170,11 +2170,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, { struct sctp_association *asoc; struct sctp_ulpevent *event; @@ -96725,7 +96708,7 @@ index 6abb1ca..1678f8b 100644 /* * At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT, -@@ -4222,13 +4224,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, +@@ -4225,13 +4227,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len, static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, int __user *optlen) { @@ -96743,7 +96726,7 @@ index 6abb1ca..1678f8b 100644 return -EFAULT; return 0; } -@@ -4246,6 +4251,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, +@@ -4249,6 +4254,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval, */ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen) { @@ -96752,7 +96735,7 @@ index 6abb1ca..1678f8b 100644 /* Applicable to UDP-style socket only */ if (sctp_style(sk, TCP)) return -EOPNOTSUPP; -@@ -4254,7 +4261,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv +@@ -4257,7 +4264,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv len = sizeof(int); if (put_user(len, optlen)) return -EFAULT; @@ -96762,7 +96745,7 @@ index 6abb1ca..1678f8b 100644 return -EFAULT; return 0; } -@@ -4626,12 +4634,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, +@@ -4629,12 +4637,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len, */ static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen) { @@ -96779,7 +96762,7 @@ index 6abb1ca..1678f8b 100644 return -EFAULT; return 0; } -@@ -4672,6 +4683,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, +@@ -4675,6 +4686,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; if (space_left < addrlen) return -ENOMEM; @@ -97357,7 +97340,7 @@ index 62e4f9b..dd3f2d7 100644 /* See if we can opportunistically reap SQ WR to make room */ sq_cq_reap(xprt); diff --git a/net/sysctl_net.c b/net/sysctl_net.c -index 9bc6db0..47ac8c0 100644 +index e7000be..e3b0ba7 100644 --- a/net/sysctl_net.c +++ b/net/sysctl_net.c @@ -46,7 +46,7 @@ static int net_ctl_permissions(struct ctl_table_header *head, @@ -97366,7 +97349,7 @@ index 9bc6db0..47ac8c0 100644 /* Allow network administrator to have same access as root. */ - if (ns_capable(net->user_ns, CAP_NET_ADMIN) || + if (ns_capable_nolog(net->user_ns, CAP_NET_ADMIN) || - uid_eq(root_uid, current_uid())) { + uid_eq(root_uid, current_euid())) { int mode = (table->mode >> 6) & 7; return (mode << 6) | (mode << 3) | mode; diff --git a/net/tipc/link.c b/net/tipc/link.c diff --git a/main/linux-grsec/ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch b/main/linux-grsec/ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch deleted file mode 100644 index a98faca44e..0000000000 --- a/main/linux-grsec/ipv6-udp-packets-following-an-UFO-enqueued-packet-needs-al.patch +++ /dev/null @@ -1,118 +0,0 @@ -From 2811ebac2521ceac84f2bdae402455baa6a7fb47 Mon Sep 17 00:00:00 2001 -From: Hannes Frederic Sowa <hannes@stressinduktion.org> -Date: Sat, 21 Sep 2013 04:27:00 +0000 -Subject: ipv6: udp packets following an UFO enqueued packet need also be handled by UFO - -In the following scenario the socket is corked: -If the first UDP packet is larger then the mtu we try to append it to the -write queue via ip6_ufo_append_data. A following packet, which is smaller -than the mtu would be appended to the already queued up gso-skb via -plain ip6_append_data. This causes random memory corruptions. - -In ip6_ufo_append_data we also have to be careful to not queue up the -same skb multiple times. So setup the gso frame only when no first skb -is available. - -This also fixes a shortcoming where we add the current packet's length to -cork->length but return early because of a packet > mtu with dontfrag set -(instead of sutracting it again). - -Found with trinity. - -Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org> -Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> -Reported-by: Dmitry Vyukov <dvyukov@google.com> -Signed-off-by: David S. Miller <davem@davemloft.net> ---- -diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c -index 3a692d5..a54c45c 100644 ---- a/net/ipv6/ip6_output.c -+++ b/net/ipv6/ip6_output.c -@@ -1015,6 +1015,8 @@ static inline int ip6_ufo_append_data(struct sock *sk, - * udp datagram - */ - if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) { -+ struct frag_hdr fhdr; -+ - skb = sock_alloc_send_skb(sk, - hh_len + fragheaderlen + transhdrlen + 20, - (flags & MSG_DONTWAIT), &err); -@@ -1036,12 +1038,6 @@ static inline int ip6_ufo_append_data(struct sock *sk, - skb->protocol = htons(ETH_P_IPV6); - skb->ip_summed = CHECKSUM_PARTIAL; - skb->csum = 0; -- } -- -- err = skb_append_datato_frags(sk,skb, getfrag, from, -- (length - transhdrlen)); -- if (!err) { -- struct frag_hdr fhdr; - - /* Specify the length of each IPv6 datagram fragment. - * It has to be a multiple of 8. -@@ -1052,15 +1048,10 @@ static inline int ip6_ufo_append_data(struct sock *sk, - ipv6_select_ident(&fhdr, rt); - skb_shinfo(skb)->ip6_frag_id = fhdr.identification; - __skb_queue_tail(&sk->sk_write_queue, skb); -- -- return 0; - } -- /* There is not enough support do UPD LSO, -- * so follow normal path -- */ -- kfree_skb(skb); - -- return err; -+ return skb_append_datato_frags(sk, skb, getfrag, from, -+ (length - transhdrlen)); - } - - static inline struct ipv6_opt_hdr *ip6_opt_dup(struct ipv6_opt_hdr *src, -@@ -1227,27 +1218,27 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, - * --yoshfuji - */ - -- cork->length += length; -- if (length > mtu) { -- int proto = sk->sk_protocol; -- if (dontfrag && (proto == IPPROTO_UDP || proto == IPPROTO_RAW)){ -- ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen); -- return -EMSGSIZE; -- } -- -- if (proto == IPPROTO_UDP && -- (rt->dst.dev->features & NETIF_F_UFO)) { -+ if ((length > mtu) && dontfrag && (sk->sk_protocol == IPPROTO_UDP || -+ sk->sk_protocol == IPPROTO_RAW)) { -+ ipv6_local_rxpmtu(sk, fl6, mtu-exthdrlen); -+ return -EMSGSIZE; -+ } - -- err = ip6_ufo_append_data(sk, getfrag, from, length, -- hh_len, fragheaderlen, -- transhdrlen, mtu, flags, rt); -- if (err) -- goto error; -- return 0; -- } -+ skb = skb_peek_tail(&sk->sk_write_queue); -+ cork->length += length; -+ if (((length > mtu) || -+ (skb && skb_is_gso(skb))) && -+ (sk->sk_protocol == IPPROTO_UDP) && -+ (rt->dst.dev->features & NETIF_F_UFO)) { -+ err = ip6_ufo_append_data(sk, getfrag, from, length, -+ hh_len, fragheaderlen, -+ transhdrlen, mtu, flags, rt); -+ if (err) -+ goto error; -+ return 0; - } - -- if ((skb = skb_peek_tail(&sk->sk_write_queue)) == NULL) -+ if (!skb) - goto alloc_new_skb; - - while (length > 0) { --- -cgit v0.9.2 |