Commit a9718237 authored by Timo Teräs's avatar Timo Teräs Committed by Natanael Copa

main/linux-grsec: ugprade to 3.18.17

(cherry picked from commit 29c90c9c)
parent 4a8f1c3a
From 9c889e8df035c6eb7993963a7c80bfc75a61124d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Mon, 6 Jul 2015 09:54:36 +0300
Subject: [PATCH] ip_tunnel: fix ipv4 pmtu check to honor inner ip header df
Frag needed should be sent only if the inner header asked
to not fragment. Currently fragmentation is broken if the
tunnel has df set. The tunnel's df needs to be still checked
to update internally the pmtu cache.
This got broken in commit 23a3647bc4f93bac and this fixes
the pmtu check back to the way it was.
Fixes: 23a3647bc4f93bac ("ip_tunnels: Use skb-len to PMTU check.")
Cc: Pravin B Shelar <pshelar@nicira.com>
---
net/ipv4/ip_tunnel.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index 0bb8e14..6822572 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -587,7 +587,8 @@ int ip_tunnel_encap(struct sk_buff *skb, struct ip_tunnel *t,
EXPORT_SYMBOL(ip_tunnel_encap);
static int tnl_update_pmtu(struct net_device *dev, struct sk_buff *skb,
- struct rtable *rt, __be16 df)
+ struct rtable *rt, __be16 df,
+ const struct iphdr *inner_iph)
{
struct ip_tunnel *tunnel = netdev_priv(dev);
int pkt_size = skb->len - tunnel->hlen - dev->hard_header_len;
@@ -604,7 +605,8 @@ static int tnl_update_pmtu(struct net_device *dev, struct sk_buff *skb,
if (skb->protocol == htons(ETH_P_IP)) {
if (!skb_is_gso(skb) &&
- (df & htons(IP_DF)) && mtu < pkt_size) {
+ (inner_iph->frag_off & htons(IP_DF)) &&
+ mtu < pkt_size) {
memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_FRAG_NEEDED, htonl(mtu));
return -E2BIG;
@@ -738,7 +740,7 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
goto tx_error;
}
- if (tnl_update_pmtu(dev, skb, rt, tnl_params->frag_off)) {
+ if (tnl_update_pmtu(dev, skb, rt, tnl_params->frag_off, inner_iph)) {
ip_rt_put(rt);
goto tx_error;
}
--
2.4.5
......@@ -2,7 +2,7 @@
_mainflavor=grsec
pkgname=linux-$_mainflavor
pkgver=3.18.16
pkgver=3.18.17
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
......@@ -17,9 +17,10 @@ options="!strip"
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
http://dev.alpinelinux.org/~tteras/grsec/grsecurity-3.1-3.18.16-201506082249-alpine.patch
http://dev.alpinelinux.org/~tteras/grsec/grsecurity-3.1-3.18.17-201507050832-alpine.patch
fix-memory-map-for-PIE-applications.patch
0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
fix-spi-nor-namespace-clash.patch
imx6q-no-unclocked-sleep.patch
......@@ -200,35 +201,38 @@ dev() {
}
md5sums="9e854df51ca3fef8bfe566dbd7b89241 linux-3.18.tar.xz
96aeccef48037aee98911634664af68e patch-3.18.16.xz
dee848728d351ead91cdc59254175775 grsecurity-3.1-3.18.16-201506082249-alpine.patch
ff54e954e26589a2a8a237bfe793ac41 patch-3.18.17.xz
e4775dbac57c80905e2c2d99aedbfa1a grsecurity-3.1-3.18.17-201507050832-alpine.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
b7f15811ab0ae0a1225c03cc2cc24411 0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
b0337a2a9abed17c37eae5db332522d2 fix-spi-nor-namespace-clash.patch
1a307fc1d63231bf01d22493a4f14378 imx6q-no-unclocked-sleep.patch
797644a9dda4436978498045ef7095b1 config-grsec.x86
9476dc4a1d21009764680816fde71152 config-grsec.x86_64
6af88f5e681a237e3c58e8154a40fb47 config-grsec.armhf
9c3fdf1aba9dffc9a5ebc16a2ba37735 config-grsec.x86
2cc37d1ed1e2ebf0aa1a0ace67d6f519 config-grsec.x86_64
36892e7e94abde237925ab15e9c7752c config-grsec.armhf
18cb4521f9a8847637292f9f4c9e8256 config-virtgrsec.x86
80b45900be93b1183a6382adf710d961 config-virtgrsec.x86_64"
sha256sums="becc413cc9e6d7f5cc52a3ce66d65c3725bc1d1cc1001f4ce6c32b69eb188cbd linux-3.18.tar.xz
f60602c8de2ae7b1507c538b6af65d5b933727a06f56075898ff64fdcf650313 patch-3.18.16.xz
920b9f5dd1659656319e45c803f4b28c91d0bfa9a4a51300bdd5f85b3096d4c6 grsecurity-3.1-3.18.16-201506082249-alpine.patch
190b769580a766add68c3e3a8878a725b36fe6877991f3af0cb4a1d6b5eeccf8 patch-3.18.17.xz
98fc77df5d82ce127999923dadb203c9024f7539673b1c2efd46917939cb4864 grsecurity-3.1-3.18.17-201507050832-alpine.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
b4a5d6fc7b1dfe43cee18cf47db3f588a4b8a03e6d474af9a6f9ef487233ba70 0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
01279cfb93273d99670c56e2465957ecde3d03693beeb929a743f03afa0b7bdc fix-spi-nor-namespace-clash.patch
21179fbb22a5b74af0a609350ae1a170e232908572b201d02e791d2ce0a685d3 imx6q-no-unclocked-sleep.patch
096425842c0c84c063fff14108630f49d32f64e970027e0f2050ce76558c05db config-grsec.x86
18cc34f2d603baf82af7093daaf024d74047506154e53de27fb49ba65a2551d1 config-grsec.x86_64
c796c15a32c848cfd6b67c2f22273fb3e26872f9325a6564f316b17b947eeaaf config-grsec.armhf
5fc6db215c9566d937ed5162cea3a554352ba82a7b6754552e46d02ec39368d7 config-grsec.x86
c30182bf8c312141ef516154cbcf9ae6670dffeafa650126c2f375b5082087f3 config-grsec.x86_64
03ba6e2ed62e27e5fceb0bc405cccfe3de2e2d3be1486287500f38a1b2ecf786 config-grsec.armhf
47048993111506ab74db24c92d39b536cf5e684975844907d5cb6198c1dfd87f config-virtgrsec.x86
015ce51a03f1337673b47ef996b77c55cf50a28240e37c5ebf7e66f5886d3aef config-virtgrsec.x86_64"
sha512sums="2f0b72466e9bc538a675738aa416573d41bbbd7e3e2ffd5b5b127afde609ebc278cec5a3c37e73479607e957c13f1b4ed9782a3795e0dcc2cf8e550228594009 linux-3.18.tar.xz
868de9793e67e741dc69d61339f66c25d08d36a7d67b09d5644e855e05faf239c1e6e01299812a68edc52a39e132d7ec459929cb5d8a0936fe6aa580a72af80c patch-3.18.16.xz
9d423b6edb1a758d3832349c47b4ed70394dac0665e30f1f254e3fa200a9db02a93728faf68d7908f5dd825a94c3dd017b9296d6a4ee90d9f14691338c5163f7 grsecurity-3.1-3.18.16-201506082249-alpine.patch
03a78cc7b72150570fd0f24ad44f491dc57913e0675f31b7322af8ccbf41deea05a0b04c7058f9c85352cb03a976b3817d3544d8c690cc67e26ec08672c09afa patch-3.18.17.xz
0f0fec207e67fa96587159316fbc0be4b4559a9c437fdaeb8747d50ec59f34a6650c146f38138941489e364ea29e94aad72ff1f3d6ef92cccc0028b9514d12f6 grsecurity-3.1-3.18.17-201507050832-alpine.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
c5f7bda0a5bf88d7ce5de8c405ee5a018b652d70def2a5c6eea8e718b39efc0fed860bb61c70d950ba42cb11e0c264ee5ddd9a1505b7b60d19a56322ece894b6 0001-ip_tunnel-fix-ipv4-pmtu-check-to-honor-inner-ip-head.patch
4e3aeb70712f9838afea75fe9e6c1389414d833a89286ea55441d6a8d54ce74b0e39b565721e3153443af0a614bff57c767251b7e5b81faa5e0784eddfcd2164 fix-spi-nor-namespace-clash.patch
87d1ad59732f265a5b0db54490dc1762c14ea4b868e7eb1aedc3ce57b48046de7bbc08cf5cfcf6f1380fa84063b0edb16ba3d5e3c5670be9bbb229275c88b221 imx6q-no-unclocked-sleep.patch
ee88d6b3984a97f18d721d49ae76b302a80d4c0f8779d580199d35869358423e22895b1245725d345b6c99714844444ab9c433281f129347e4d5510336ca9cff config-grsec.x86
20ba11b7b2d874a354aa4c364cac6885863deddd4c166ad98e0d5dcb24d102b0e3875eef60a252e1bedb1526fd25e11721c78e6ca50baf5fc4a9ec58e1c3b1a2 config-grsec.x86_64
a54a297c3e0700242b1745d5377fa16585bec0b2d9e94b0bf3a4afee04a193413441e850e1233664d2692833245f7994ce5166fe99513d9a8247c9cdf9f87200 config-grsec.armhf
1c8861bd213f2ed5a5d4b6205ca3453958f110ad0245940c824a3ef3983a10a937adf7e401f087d7cc6e6d0054cbb187139ef426b6e00d7fa707aab20f1d2666 config-grsec.x86
4dc18ddfd90167d5c00717fb3b4a8d8429af3613bcb6ad53e7660dd9c936e89cffbe97bc3177e655508f1bde603c18d4d4159e2de8a9b104377b74eae6eeca72 config-grsec.x86_64
025cd3689f2c1a469d855deccbab34a56e6cbcaaf59648c04af7257779136a6b4bbb96584d70ff2e2713af33da56e2b8f7eb59490ccf30eaa4b62a15051a4806 config-grsec.armhf
c6bebe64953a444bc7d13f932e44d081665c253121189a3ccca9d7f6145b4460e32dc0f21f4700bf6607c5c0cb79de5c8576e4da0c815d60cff0d3b90879c1d9 config-virtgrsec.x86
47f93ae57dc923efe81132b00a8c0a5f4aa029a5f64e411110b1ef99dc018f9d7d8af1632ea7ea42693e847388484b149f666db7dd7f423b5b1ad3baed83d75f config-virtgrsec.x86_64"
#
# Automatically generated file; DO NOT EDIT.
# Linux/arm 3.18.12 Kernel Configuration
# Linux/arm 3.18.17 Kernel Configuration
#
CONFIG_ARM=y
CONFIG_ARM_HAS_SG_CHAIN=y
......@@ -4397,6 +4397,7 @@ CONFIG_HID_LCPOWER=m
# CONFIG_HID_LENOVO is not set
CONFIG_HID_LOGITECH=m
CONFIG_HID_LOGITECH_DJ=m
CONFIG_HID_LOGITECH_HIDPP=m
CONFIG_LOGITECH_FF=y
CONFIG_LOGIRUMBLEPAD2_FF=y
CONFIG_LOGIG940_FF=y
......
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86 3.18.11 Kernel Configuration
# Linux/x86 3.18.17 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
......@@ -4781,6 +4781,7 @@ CONFIG_HID_LCPOWER=m
CONFIG_HID_LENOVO=m
CONFIG_HID_LOGITECH=m
CONFIG_HID_LOGITECH_DJ=m
CONFIG_HID_LOGITECH_HIDPP=m
CONFIG_LOGITECH_FF=y
CONFIG_LOGIRUMBLEPAD2_FF=y
CONFIG_LOGIG940_FF=y
......
#
# Automatically generated file; DO NOT EDIT.
# Linux/x86 3.18.11 Kernel Configuration
# Linux/x86 3.18.17 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
......@@ -4620,6 +4620,7 @@ CONFIG_HID_LCPOWER=m
CONFIG_HID_LENOVO=m
CONFIG_HID_LOGITECH=m
CONFIG_HID_LOGITECH_DJ=m
CONFIG_HID_LOGITECH_HIDPP=m
CONFIG_LOGITECH_FF=y
CONFIG_LOGIRUMBLEPAD2_FF=y
CONFIG_LOGIG940_FF=y
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment