main/linux-grsec: new xfrm patch

(cherry picked from commit e7fb30d0)

main/linux-grsec: new xfrm patch
(cherry picked from commit e7fb30d0)
6d4799e0 · Natanael Copa · 8685520f · 6d4799e0 · 6d4799e0
Commit 6d4799e0 authored Jun 24, 2010 by Natanael Copa
Showing with 47 additions and 1 deletion

main/linux-grsec/0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch ...eck-bundle-policy-existance-before-dereferencing-it.patch +44 -0

main/linux-grsec/APKBUILD main/linux-grsec/APKBUILD +3 -1

No files found.
--- a/main/linux-grsec/0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch
+++ b/main/linux-grsec/0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch
+From patchwork Thu Jun 24 05:45:19 2010
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 8bit
+Subject: xfrm: check bundle policy existance before dereferencing it
+Date: Wed, 23 Jun 2010 19:45:19 -0000
+From: =?utf-8?b?VGltbyBUZXLDpHMgPHRpbW8udGVyYXNAaWtpLmZpPg==?=
+X-Patchwork-Id: 56759
+Message-Id: <1277358319-9868-1-git-send-email-timo.teras@iki.fi>
+To: netdev@vger.kernel.org, "Justin P. Mattock" <justinmattock@gmail.com>,
+	Eric Dumazet <eric.dumazet@gmail.com>,
+	"John W.Linville" <linville@tuxdriver.com>,
+	Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
+	davem@davemloft.net
+Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+
+Fix the bundle validation code to not assume having a valid policy.
+When we have multiple transformations for a xfrm policy, the bundle
+instance will be a chain of bundles with only the first one having
+the policy reference. When policy_genid is bumped it will expire the
+first bundle in the chain which is equivalent of expiring the whole
+chain.
+
+Reported-bisected-and-tested-by: Justin P. Mattock <justinmattock@gmail.com>
+Signed-off-by: Timo Teräs <timo.teras@iki.fi>
+
+---
+net/xfrm/xfrm_policy.c |    3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
+index 4bf27d9..af1c173 100644
+--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
+@@ -2300,7 +2300,8 @@ int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first,
+ 			return 0;
+ 		if (xdst->xfrm_genid != dst->xfrm->genid)
+ 			return 0;
+-		if (xdst->policy_genid != atomic_read(&xdst->pols[0]->genid))
+		if (xdst->num_pols > 0 &&
+		    xdst->policy_genid != atomic_read(&xdst->pols[0]->genid))
+ 			return 0;
+ 
+ 		if (strict && fl &&
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
 pkgname=linux-${_flavor}
 pkgver=2.6.32.15
 _kernver=2.6.32
-pkgrel=7
+pkgrel=8
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs linux-firmware"
@@ -31,6 +31,7 @@ source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
 	0017-flow-delayed-deletion-of-flow-cache-entries.patch
 	0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
 	0019-ipv4-check-rt_genid-in-dst_check.patch
+	0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch
 	xfrm-fix-policy-unreferencing-on-larval-drop.patch
 	r8169-fix-random-mdio_write-failures.patch
 	r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch
@@ -164,6 +165,7 @@ c09b82b89a49ba2a3836a0bc3a3312f4  0015-xfrm-cache-bundles-instead-of-policies-fo
 3b83f0972ab715819d1119b120a987e7  0017-flow-delayed-deletion-of-flow-cache-entries.patch
 45a676c7a1759fec60b724d557b4e295  0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
 74e511f12854972db08d3fddc4df0f52  0019-ipv4-check-rt_genid-in-dst_check.patch
+edfac5844f91721d49a00a09b6ef258b  0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch
 c7e606c11c05ff03012b21c3fe0ece47  xfrm-fix-policy-unreferencing-on-larval-drop.patch
 ce4a74190febe13713bab1b886dd5bee  r8169-fix-random-mdio_write-failures.patch
 b41ee19f13498fb25992fd60cd1126d4  r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch