From c6586adc4c786eab63a137655ac9453bea8f2952 Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Thu, 6 May 2010 13:41:44 +0000
Subject: main/linux-grsec: fix kernel oops when restarting racoon

---
 main/linux-grsec/APKBUILD                                  |  4 +++-
 .../xfrm-fix-policy-unreferencing-on-larval-drop.patch     | 14 ++++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 main/linux-grsec/xfrm-fix-policy-unreferencing-on-larval-drop.patch

diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index f5983aa38..a529ae86f 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
 pkgname=linux-${_flavor}
 pkgver=2.6.32.12
 _kernver=2.6.32
-pkgrel=2
+pkgrel=4
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs linux-firmware"
@@ -31,6 +31,7 @@ source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
 	0016-xfrm-remove-policy-garbage-collection.patch
 	0017-flow-delayed-deletion-of-flow-cache-entries.patch
 	0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
+	xfrm-fix-policy-unreferencing-on-larval-drop.patch
 	kernelconfig.x86
 	"
 subpackages="$pkgname-dev linux-firmware:firmware"
@@ -154,4 +155,5 @@ c09b82b89a49ba2a3836a0bc3a3312f4  0015-xfrm-cache-bundles-instead-of-policies-fo
 41618efb65ab9ddacfb59a1cde9b4edd  0016-xfrm-remove-policy-garbage-collection.patch
 3b83f0972ab715819d1119b120a987e7  0017-flow-delayed-deletion-of-flow-cache-entries.patch
 45a676c7a1759fec60b724d557b4e295  0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
+c7e606c11c05ff03012b21c3fe0ece47  xfrm-fix-policy-unreferencing-on-larval-drop.patch
 7f442049b29ab749180e54ff8f20f1d0  kernelconfig.x86"
diff --git a/main/linux-grsec/xfrm-fix-policy-unreferencing-on-larval-drop.patch b/main/linux-grsec/xfrm-fix-policy-unreferencing-on-larval-drop.patch
new file mode 100644
index 000000000..25dc0dcdc
--- /dev/null
+++ b/main/linux-grsec/xfrm-fix-policy-unreferencing-on-larval-drop.patch
@@ -0,0 +1,14 @@
+diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
+index 31f4ba4..f4ea3a0 100644
+--- a/net/xfrm/xfrm_policy.c
++++ b/net/xfrm/xfrm_policy.c
+@@ -1805,7 +1805,7 @@ restart:
+ 			/* EREMOTE tells the caller to generate
+ 			 * a one-shot blackhole route. */
+ 			dst_release(dst);
+-			xfrm_pols_put(pols, num_pols);
++			xfrm_pols_put(pols, drop_pols);
+ 			XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTNOSTATES);
+ 			return -EREMOTE;
+ 		}
+
-- 
cgit v1.2.3