Commit 441cf9f5 authored by Natanael Copa's avatar Natanael Copa

main/linux-grsec: upgrade to 3.2.1 and update config

- set utf8 as default charset for filesystem NLS and FAT
- enable xattr for squashfs
- enable latencytop
- disable IOMega ZIP drives
- disable PCMCIA SCSI drivers
- disable CAN subsystem
- disable CAIF sysbsystem
- disable Power Supply drivers
- disable Voltage and regulators
- disable Dallas 1-wire support
parent 04dd0f55
From 113ab386c7d6625cff284fb10952ff69a58c18a4 Mon Sep 17 00:00:00 2001
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Fri, 14 Oct 2011 04:57:46 +0000
Subject: [PATCH] ip_gre: dont increase dev->needed_headroom on a live device
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
It seems ip_gre is able to change dev->needed_headroom on the fly.
Its is not legal unfortunately and triggers a BUG in raw_sendmsg()
skb = sock_alloc_send_skb(sk, ... + LL_ALLOCATED_SPACE(rt->dst.dev)
< another cpu change dev->needed_headromm (making it bigger)
...
skb_reserve(skb, LL_RESERVED_SPACE(rt->dst.dev));
We end with LL_RESERVED_SPACE() being bigger than LL_ALLOCATED_SPACE()
-> we crash later because skb head is exhausted.
Bug introduced in commit 243aad83 in 2.6.34 (ip_gre: include route
header_len in max_headroom calculation)
Reported-by: Elmar Vonlanthen <evonlanthen@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
CC: Timo Teräs <timo.teras@iki.fi>
CC: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
net/ipv4/ip_gre.c | 2 --
1 files changed, 0 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index d7bb94c..d55110e 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -835,8 +835,6 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
if (skb_headroom(skb) < max_headroom || skb_shared(skb)||
(skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
- if (max_headroom > dev->needed_headroom)
- dev->needed_headroom = max_headroom;
if (!new_skb) {
ip_rt_put(rt);
dev->stats.tx_dropped++;
--
1.7.7
......@@ -2,8 +2,8 @@
_flavor=grsec
pkgname=linux-${_flavor}
pkgver=3.0.17
_kernver=3.0
pkgver=3.2.1
_kernver=3.2
pkgrel=0
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
......@@ -14,15 +14,12 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="ftp://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2
ftp://ftp.kernel.org/pub/linux/kernel/v3.0/patch-$pkgver.bz2
grsecurity-2.2.2-$pkgver-unofficial.patch
grsec-timblogiw-noconst.patch
grsecurity-2.2.2-3.2.1-201201221501.patch
0001-ip_gre-dont-increase-dev-needed_headroom-on-a-live-d.patch
0004-arp-flush-arp-cache-on-device-change.patch
x86-centaur-enable-cx8-for-via-eden-too.patch
linux-3.0.x-regression-with-ipv4-routes-having-mtu.patch
net-flow-remove-sleeping-and-deferral-mechanism-from-flow_cache_flush.patch
kernelconfig.x86
kernelconfig.x86_64
......@@ -142,14 +139,11 @@ dev() {
"$subpkgdir"/lib/modules/${_abi_release}/build
}
md5sums="398e95866794def22b12dfbc15ce89c0 linux-3.0.tar.bz2
8beef6d04bfa8b26446378682b332cfe patch-3.0.17.bz2
3c0fcf923a27a963ae86a3e694cb6bbd grsecurity-2.2.2-3.0.17-unofficial.patch
c41cf0ee9794f393423c6b2093072260 grsec-timblogiw-noconst.patch
ebb99ef6ad8cd2d9fd8f49d5c5849057 0001-ip_gre-dont-increase-dev-needed_headroom-on-a-live-d.patch
md5sums="7ceb61f87c097fc17509844b71268935 linux-3.2.tar.bz2
31fc34340f11118873463a1d59d47b7f patch-3.2.1.bz2
2248338d08df062a843a0b601064e781 grsecurity-2.2.2-3.2.1-201201221501.patch
776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
f3eda7112ef074a4121ec6de943c63ee x86-centaur-enable-cx8-for-via-eden-too.patch
62cc7d7b5ba7ef05b72ff91c0411c189 linux-3.0.x-regression-with-ipv4-routes-having-mtu.patch
b25335e8fcbf8c969230d55ac4e75cf8 net-flow-remove-sleeping-and-deferral-mechanism-from-flow_cache_flush.patch
587b1fb2f6a5c9ba714900b856f57f09 kernelconfig.x86
99836ffe918bbdef7da1a56a3d075c7a kernelconfig.x86_64"
c21699aa138e209cd889582c2ef80e61 kernelconfig.x86
af26ec54258f5cde5fa41c434abae34e kernelconfig.x86_64"
diff --git a/drivers/media/video/timblogiw.c b/drivers/media/video/timblogiw.c
index 45ccd26..8a0916d 100644
--- a/drivers/media/video/timblogiw.c
+++ b/drivers/media/video/timblogiw.c
@@ -767,7 +767,7 @@ static __devinitconst v4l2_ioctl_ops_no_const timblogiw_ioctl_ops = {
.vidioc_enum_framesizes = timblogiw_enum_framesizes,
};
-static __devinitconst struct v4l2_file_operations timblogiw_fops = {
+static __devinitconst v4l2_file_operations_no_const timblogiw_fops = {
.owner = THIS_MODULE,
.open = timblogiw_open,
.release = timblogiw_close,
This diff is collapsed.
This diff is collapsed.
Based on http://patchwork.ozlabs.org/patch/132353/
diff --git a/net/core/flow.c b/net/core/flow.c
index 8ae42de..e318c7e 100644
--- a/net/core/flow.c
+++ b/net/core/flow.c
@@ -358,6 +358,18 @@ void flow_cache_flush(void)
put_online_cpus();
}
+static void flow_cache_flush_task(struct work_struct *work)
+{
+ flow_cache_flush();
+}
+
+static DECLARE_WORK(flow_cache_flush_work, flow_cache_flush_task);
+
+void flow_cache_flush_deferred(void)
+{
+ schedule_work(&flow_cache_flush_work);
+}
+
static int __cpuinit flow_cache_cpu_prepare(struct flow_cache *fc, int cpu)
{
struct flow_cache_percpu *fcp = per_cpu_ptr(fc->percpu, cpu);
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 2118d64..9049a5c 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2276,8 +2276,6 @@ static void __xfrm_garbage_collect(struct net *net)
{
struct dst_entry *head, *next;
- flow_cache_flush();
-
spin_lock_bh(&xfrm_policy_sk_bundle_lock);
head = xfrm_policy_sk_bundles;
xfrm_policy_sk_bundles = NULL;
@@ -2290,6 +2288,18 @@ static void __xfrm_garbage_collect(struct net *net)
}
}
+static void xfrm_garbage_collect(struct net *net)
+{
+ flow_cache_flush();
+ __xfrm_garbage_collect(net);
+}
+
+static void xfrm_garbage_collect_deferred(struct net *net)
+{
+ flow_cache_flush_deferred();
+ __xfrm_garbage_collect(net);
+}
+
static void xfrm_init_pmtu(struct dst_entry *dst)
{
do {
@@ -2422,7 +2432,7 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
if (likely(dst_ops->neigh_lookup == NULL))
dst_ops->neigh_lookup = xfrm_neigh_lookup;
if (likely(afinfo->garbage_collect == NULL))
- afinfo->garbage_collect = __xfrm_garbage_collect;
+ afinfo->garbage_collect = xfrm_garbage_collect_deferred;
xfrm_policy_afinfo[afinfo->family] = afinfo;
}
write_unlock_bh(&xfrm_policy_afinfo_lock);
@@ -2516,7 +2526,7 @@ static int xfrm_dev_event(struct notifier_block *this, unsigned long event, void
switch (event) {
case NETDEV_DOWN:
- __xfrm_garbage_collect(dev_net(dev));
+ xfrm_garbage_collect(dev_net(dev));
}
return NOTIFY_DONE;
}
--- ./include/net/flow.h.orig
+++ ./include/net/flow.h
@@ -207,6 +207,7 @@
u8 dir, flow_resolve_t resolver, void *ctx);
extern void flow_cache_flush(void);
+extern void flow_cache_flush_deferred(void);
extern atomic_unchecked_t flow_cache_genid;
#endif
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment