diff options
3 files changed, 99 insertions, 1 deletions
diff --git a/main/linux-grsec/0001-ip_gre-dont-increase-dev-needed_headroom-on-a-live-d.patch b/main/linux-grsec/0001-ip_gre-dont-increase-dev-needed_headroom-on-a-live-d.patch new file mode 100644 index 000000000..d43160f1f --- /dev/null +++ b/main/linux-grsec/0001-ip_gre-dont-increase-dev-needed_headroom-on-a-live-d.patch @@ -0,0 +1,50 @@ +From 113ab386c7d6625cff284fb10952ff69a58c18a4 Mon Sep 17 00:00:00 2001 +From: Eric Dumazet <eric.dumazet@gmail.com> +Date: Fri, 14 Oct 2011 04:57:46 +0000 +Subject: [PATCH] ip_gre: dont increase dev->needed_headroom on a live device +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +It seems ip_gre is able to change dev->needed_headroom on the fly. + +Its is not legal unfortunately and triggers a BUG in raw_sendmsg() + +skb = sock_alloc_send_skb(sk, ... + LL_ALLOCATED_SPACE(rt->dst.dev) + +< another cpu change dev->needed_headromm (making it bigger) + +... +skb_reserve(skb, LL_RESERVED_SPACE(rt->dst.dev)); + +We end with LL_RESERVED_SPACE() being bigger than LL_ALLOCATED_SPACE() +-> we crash later because skb head is exhausted. + +Bug introduced in commit 243aad83 in 2.6.34 (ip_gre: include route +header_len in max_headroom calculation) + +Reported-by: Elmar Vonlanthen <evonlanthen@gmail.com> +Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> +CC: Timo Teräs <timo.teras@iki.fi> +CC: Herbert Xu <herbert@gondor.apana.org.au> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/ipv4/ip_gre.c | 2 -- + 1 files changed, 0 insertions(+), 2 deletions(-) + +diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c +index d7bb94c..d55110e 100644 +--- a/net/ipv4/ip_gre.c ++++ b/net/ipv4/ip_gre.c +@@ -835,8 +835,6 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev + if (skb_headroom(skb) < max_headroom || skb_shared(skb)|| + (skb_cloned(skb) && !skb_clone_writable(skb, 0))) { + struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom); +- if (max_headroom > dev->needed_headroom) +- dev->needed_headroom = max_headroom; + if (!new_skb) { + ip_rt_put(rt); + dev->stats.tx_dropped++; +-- +1.7.7 + diff --git a/main/linux-grsec/0001-ipv4-fix-ipsec-forward-performance-regression.patch b/main/linux-grsec/0001-ipv4-fix-ipsec-forward-performance-regression.patch new file mode 100644 index 000000000..678662c27 --- /dev/null +++ b/main/linux-grsec/0001-ipv4-fix-ipsec-forward-performance-regression.patch @@ -0,0 +1,44 @@ +From b73233960a59ee66e09d642f13d0592b13651e94 Mon Sep 17 00:00:00 2001 +From: "Yan, Zheng" <zheng.z.yan@intel.com> +Date: Sat, 22 Oct 2011 21:58:20 +0000 +Subject: [PATCH] ipv4: fix ipsec forward performance regression + +There is bug in commit 5e2b61f(ipv4: Remove flowi from struct rtable). +It makes xfrm4_fill_dst() modify wrong data structure. + +Signed-off-by: Zheng Yan <zheng.z.yan@intel.com> +Reported-by: Kim Phillips <kim.phillips@freescale.com> +Acked-by: Eric Dumazet <eric.dumazet@gmail.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/ipv4/xfrm4_policy.c | 14 +++++++------- + 1 files changed, 7 insertions(+), 7 deletions(-) + +diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c +index fc5368a..a0b4c5d 100644 +--- a/net/ipv4/xfrm4_policy.c ++++ b/net/ipv4/xfrm4_policy.c +@@ -79,13 +79,13 @@ static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev, + struct rtable *rt = (struct rtable *)xdst->route; + const struct flowi4 *fl4 = &fl->u.ip4; + +- rt->rt_key_dst = fl4->daddr; +- rt->rt_key_src = fl4->saddr; +- rt->rt_key_tos = fl4->flowi4_tos; +- rt->rt_route_iif = fl4->flowi4_iif; +- rt->rt_iif = fl4->flowi4_iif; +- rt->rt_oif = fl4->flowi4_oif; +- rt->rt_mark = fl4->flowi4_mark; ++ xdst->u.rt.rt_key_dst = fl4->daddr; ++ xdst->u.rt.rt_key_src = fl4->saddr; ++ xdst->u.rt.rt_key_tos = fl4->flowi4_tos; ++ xdst->u.rt.rt_route_iif = fl4->flowi4_iif; ++ xdst->u.rt.rt_iif = fl4->flowi4_iif; ++ xdst->u.rt.rt_oif = fl4->flowi4_oif; ++ xdst->u.rt.rt_mark = fl4->flowi4_mark; + + xdst->u.dst.dev = dev; + dev_hold(dev); +-- +1.7.7 + diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index a4919bdbb..d56b78993 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=3.0.8 _kernver=3.0 -pkgrel=0 +pkgrel=1 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -17,6 +17,8 @@ source="ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2 grsecurity-2.2.2-3.0.8-201110250925.patch grsec-timblogiw-noconst.patch + 0001-ip_gre-dont-increase-dev-needed_headroom-on-a-live-d.patch + 0001-ipv4-fix-ipsec-forward-performance-regression.patch 0004-arp-flush-arp-cache-on-device-change.patch kernelconfig.x86 @@ -141,6 +143,8 @@ md5sums="398e95866794def22b12dfbc15ce89c0 linux-3.0.tar.bz2 49618d8c7a71549c8870eb709c7d3f81 patch-3.0.8.bz2 5015a2afce7d3665bf74e0896529fb90 grsecurity-2.2.2-3.0.8-201110250925.patch c41cf0ee9794f393423c6b2093072260 grsec-timblogiw-noconst.patch +ebb99ef6ad8cd2d9fd8f49d5c5849057 0001-ip_gre-dont-increase-dev-needed_headroom-on-a-live-d.patch +b27bc150f7a3932de28fcb8803809cbc 0001-ipv4-fix-ipsec-forward-performance-regression.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch 0134b22fc2c95106803f4043cffed087 kernelconfig.x86 d97d1808eebdfb97734dccfbcaea35f2 kernelconfig.x86_64" |