Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
aports
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
651
Issues
651
List
Boards
Labels
Service Desk
Milestones
Merge Requests
216
Merge Requests
216
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
alpine
aports
Commits
6d4799e0
Commit
6d4799e0
authored
Jun 24, 2010
by
Natanael Copa
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
main/linux-grsec: new xfrm patch
(cherry picked from commit
e7fb30d0
)
parent
8685520f
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
47 additions
and
1 deletion
+47
-1
main/linux-grsec/0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch
...eck-bundle-policy-existance-before-dereferencing-it.patch
+44
-0
main/linux-grsec/APKBUILD
main/linux-grsec/APKBUILD
+3
-1
No files found.
main/linux-grsec/0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch
0 → 100644
View file @
6d4799e0
From patchwork Thu Jun 24 05:45:19 2010
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: xfrm: check bundle policy existance before dereferencing it
Date: Wed, 23 Jun 2010 19:45:19 -0000
From: =?utf-8?b?VGltbyBUZXLDpHMgPHRpbW8udGVyYXNAaWtpLmZpPg==?=
X-Patchwork-Id: 56759
Message-Id: <1277358319-9868-1-git-send-email-timo.teras@iki.fi>
To: netdev@vger.kernel.org, "Justin P. Mattock" <justinmattock@gmail.com>,
Eric Dumazet <eric.dumazet@gmail.com>,
"John W.Linville" <linville@tuxdriver.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
davem@davemloft.net
Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Fix the bundle validation code to not assume having a valid policy.
When we have multiple transformations for a xfrm policy, the bundle
instance will be a chain of bundles with only the first one having
the policy reference. When policy_genid is bumped it will expire the
first bundle in the chain which is equivalent of expiring the whole
chain.
Reported-bisected-and-tested-by: Justin P. Mattock <justinmattock@gmail.com>
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
---
net/xfrm/xfrm_policy.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 4bf27d9..af1c173 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2300,7 +2300,8 @@
int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *first,
return 0;
if (xdst->xfrm_genid != dst->xfrm->genid)
return 0;
- if (xdst->policy_genid != atomic_read(&xdst->pols[0]->genid))
+ if (xdst->num_pols > 0 &&
+ xdst->policy_genid != atomic_read(&xdst->pols[0]->genid))
return 0;
if (strict && fl &&
main/linux-grsec/APKBUILD
View file @
6d4799e0
...
...
@@ -4,7 +4,7 @@ _flavor=grsec
pkgname
=
linux-
${
_flavor
}
pkgver
=
2.6.32.15
_kernver
=
2.6.32
pkgrel
=
7
pkgrel
=
8
pkgdesc
=
"Linux kernel with grsecurity"
url
=
http://grsecurity.net
depends
=
"mkinitfs linux-firmware"
...
...
@@ -31,6 +31,7 @@ source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
0017-flow-delayed-deletion-of-flow-cache-entries.patch
0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
0019-ipv4-check-rt_genid-in-dst_check.patch
0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch
xfrm-fix-policy-unreferencing-on-larval-drop.patch
r8169-fix-random-mdio_write-failures.patch
r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch
...
...
@@ -164,6 +165,7 @@ c09b82b89a49ba2a3836a0bc3a3312f4 0015-xfrm-cache-bundles-instead-of-policies-fo
3b83f0972ab715819d1119b120a987e7 0017-flow-delayed-deletion-of-flow-cache-entries.patch
45a676c7a1759fec60b724d557b4e295 0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
74e511f12854972db08d3fddc4df0f52 0019-ipv4-check-rt_genid-in-dst_check.patch
edfac5844f91721d49a00a09b6ef258b 0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch
c7e606c11c05ff03012b21c3fe0ece47 xfrm-fix-policy-unreferencing-on-larval-drop.patch
ce4a74190febe13713bab1b886dd5bee r8169-fix-random-mdio_write-failures.patch
b41ee19f13498fb25992fd60cd1126d4 r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment