diff options
author | Arkadiusz Miśkiewicz | 2016-01-31 20:53:53 (GMT) |
---|---|---|
committer | Arkadiusz Miśkiewicz | 2016-01-31 20:53:53 (GMT) |
commit | dd5340b296f3965f78488f938a723525ee7e012f (patch) | |
tree | 2f0e24fa237df79bdb2115dac2a826297b4d4311 | |
parent | 40ea58753757248fa125bebd9a691dc7c60d0b75 (diff) | |
download | kernel-dd5340b296f3965f78488f938a723525ee7e012f.zip kernel-dd5340b296f3965f78488f938a723525ee7e012f.tar.gz |
- up to 4.4.1; imq updated to linuximq.net versionauto/th/kernel-nopae-4.4.1-1auto/th/kernel-4.4.1-1
-rw-r--r-- | kernel-imq.patch | 82 | ||||
-rw-r--r-- | kernel-small_fixes.patch | 77 | ||||
-rw-r--r-- | kernel.spec | 4 |
3 files changed, 43 insertions, 120 deletions
diff --git a/kernel-imq.patch b/kernel-imq.patch index 240ddd0..773fd03 100644 --- a/kernel-imq.patch +++ b/kernel-imq.patch @@ -1,5 +1,5 @@ diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig -index d18eb60..739a98a 100644 +index f184fb5..0e08522 100644 --- a/drivers/net/Kconfig +++ b/drivers/net/Kconfig @@ -234,6 +234,125 @@ config RIONET_RX_SIZE @@ -142,7 +142,7 @@ index 900b0c5..e093402 100644 obj-$(CONFIG_MII) += mii.o diff --git a/drivers/net/imq.c b/drivers/net/imq.c new file mode 100644 -index 0000000..c60929b +index 0000000..f80258f --- /dev/null +++ b/drivers/net/imq.c @@ -0,0 +1,903 @@ @@ -538,7 +538,7 @@ index 0000000..c60929b + struct nf_queue_entry *entry = kmemdup(e, e->size, GFP_ATOMIC); + if (entry) { + nf_queue_entry_get_refs(entry); -+ return entry; ++ return entry; + } + return NULL; +} @@ -1069,10 +1069,10 @@ index 0000000..1babb09 +#endif /* _IMQ_H */ + diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index 2d15e38..ebbecce 100644 +index 3143c84..e213b31 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -3330,6 +3330,19 @@ static inline void netif_tx_unlock_bh(struct net_device *dev) +@@ -3341,6 +3341,19 @@ static inline void netif_tx_unlock_bh(struct net_device *dev) } \ } @@ -1140,7 +1140,7 @@ index 0000000..198ac01 +#endif /* _IP6T_IMQ_H */ + diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 2b0a30a..f8e727c 100644 +index 4355129..47914c0 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -38,6 +38,10 @@ @@ -1154,7 +1154,7 @@ index 2b0a30a..f8e727c 100644 /* A. Checksumming of received packets by device. * -@@ -557,6 +561,9 @@ struct sk_buff { +@@ -566,6 +570,9 @@ struct sk_buff { * first. This is owned by whoever has the skb queued ATM. */ char cb[48] __aligned(8); @@ -1164,7 +1164,7 @@ index 2b0a30a..f8e727c 100644 unsigned long _skb_refdst; void (*destructor)(struct sk_buff *skb); -@@ -566,6 +573,9 @@ struct sk_buff { +@@ -575,6 +582,9 @@ struct sk_buff { #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) struct nf_conntrack *nfct; #endif @@ -1174,7 +1174,7 @@ index 2b0a30a..f8e727c 100644 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) struct nf_bridge_info *nf_bridge; #endif -@@ -633,6 +643,9 @@ struct sk_buff { +@@ -642,6 +652,9 @@ struct sk_buff { __u8 inner_protocol_type:1; __u8 remcsum_offload:1; /* 3 or 5 bit hole */ @@ -1184,7 +1184,7 @@ index 2b0a30a..f8e727c 100644 #ifdef CONFIG_NET_SCHED __u16 tc_index; /* traffic control index */ -@@ -789,6 +802,12 @@ void kfree_skb_list(struct sk_buff *segs); +@@ -798,6 +811,12 @@ void kfree_skb_list(struct sk_buff *segs); void skb_tx_error(struct sk_buff *skb); void consume_skb(struct sk_buff *skb); void __kfree_skb(struct sk_buff *skb); @@ -1197,7 +1197,7 @@ index 2b0a30a..f8e727c 100644 extern struct kmem_cache *skbuff_head_cache; void kfree_skb_partial(struct sk_buff *skb, bool head_stolen); -@@ -3335,6 +3354,10 @@ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src, +@@ -3344,6 +3363,10 @@ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src, if (copy) dst->nfctinfo = src->nfctinfo; #endif @@ -1209,7 +1209,7 @@ index 2b0a30a..f8e727c 100644 dst->nf_bridge = src->nf_bridge; nf_bridge_get(src->nf_bridge); diff --git a/include/net/netfilter/nf_queue.h b/include/net/netfilter/nf_queue.h -index e863585..40904cb 100644 +index 9c5638a..b173aa7 100644 --- a/include/net/netfilter/nf_queue.h +++ b/include/net/netfilter/nf_queue.h @@ -31,6 +31,12 @@ struct nf_queue_handler { @@ -1223,7 +1223,7 @@ index e863585..40904cb 100644 +void nf_unregister_queue_imq_handler(void); +#endif - bool nf_queue_entry_get_refs(struct nf_queue_entry *entry); + void nf_queue_entry_get_refs(struct nf_queue_entry *entry); void nf_queue_entry_release_refs(struct nf_queue_entry *entry); diff --git a/include/net/pkt_sched.h b/include/net/pkt_sched.h index 401038d..4668849 100644 @@ -1239,10 +1239,10 @@ index 401038d..4668849 100644 { if (qdisc_run_begin(q)) diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h -index 444faa8..e652d8d 100644 +index b2a8e63..d9feaa3 100644 --- a/include/net/sch_generic.h +++ b/include/net/sch_generic.h -@@ -502,6 +502,12 @@ static inline int qdisc_enqueue(struct sk_buff *skb, struct Qdisc *sch) +@@ -506,6 +506,12 @@ static inline int qdisc_enqueue(struct sk_buff *skb, struct Qdisc *sch) return sch->enqueue(skb, sch); } @@ -1270,10 +1270,10 @@ index d93f949..23fb6d1 100644 /* we overload the higher bits for encoding auxiliary data such as the queue * number or errno values. Not nice, but better than additional function diff --git a/net/core/dev.c b/net/core/dev.c -index 6bb6470..13cda63 100644 +index ae00b89..1cdcd02 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -136,6 +136,9 @@ +@@ -137,6 +137,9 @@ #include <linux/errqueue.h> #include <linux/hrtimer.h> #include <linux/netfilter_ingress.h> @@ -1283,7 +1283,7 @@ index 6bb6470..13cda63 100644 #include "net-sysfs.h" -@@ -2675,7 +2678,12 @@ static int xmit_one(struct sk_buff *skb, struct net_device *dev, +@@ -2705,7 +2708,12 @@ static int xmit_one(struct sk_buff *skb, struct net_device *dev, unsigned int len; int rc; @@ -1296,7 +1296,7 @@ index 6bb6470..13cda63 100644 dev_queue_xmit_nit(skb, dev); len = skb->len; -@@ -2713,6 +2721,7 @@ out: +@@ -2743,6 +2751,7 @@ out: *ret = rc; return skb; } @@ -1304,7 +1304,7 @@ index 6bb6470..13cda63 100644 static struct sk_buff *validate_xmit_vlan(struct sk_buff *skb, netdev_features_t features) -@@ -2801,6 +2810,7 @@ struct sk_buff *validate_xmit_skb_list(struct sk_buff *skb, struct net_device *d +@@ -2831,6 +2840,7 @@ struct sk_buff *validate_xmit_skb_list(struct sk_buff *skb, struct net_device *d } return head; } @@ -1313,7 +1313,7 @@ index 6bb6470..13cda63 100644 static void qdisc_pkt_len_init(struct sk_buff *skb) { diff --git a/net/core/skbuff.c b/net/core/skbuff.c -index dad4dd3..9c71959 100644 +index b2df375..bc3c51e 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -79,6 +79,87 @@ @@ -1444,7 +1444,7 @@ index dad4dd3..9c71959 100644 /* Note : this field could be in headers_start/headers_end section * It is not yet because we do not want to have a 16 bit hole -@@ -3324,6 +3431,13 @@ void __init skb_init(void) +@@ -3325,6 +3432,13 @@ void __init skb_init(void) 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); @@ -1459,10 +1459,10 @@ index dad4dd3..9c71959 100644 /** diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c -index 92b1aa3..e5a5dd5 100644 +index e6a7bd15..c81496e 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c -@@ -64,9 +64,6 @@ static int ip6_finish_output2(struct sock *sk, struct sk_buff *skb) +@@ -65,9 +65,6 @@ static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff * struct in6_addr *nexthop; int ret; @@ -1472,7 +1472,7 @@ index 92b1aa3..e5a5dd5 100644 if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) { struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); -@@ -143,6 +140,13 @@ int ip6_output(struct sock *sk, struct sk_buff *skb) +@@ -142,6 +139,13 @@ int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb) return 0; } @@ -1487,10 +1487,10 @@ index 92b1aa3..e5a5dd5 100644 net, sk, skb, NULL, dev, ip6_finish_output, diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig -index 3e1b4ab..8721e48 100644 +index 4692782..dce47db 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig -@@ -784,6 +784,18 @@ config NETFILTER_XT_TARGET_LOG +@@ -785,6 +785,18 @@ config NETFILTER_XT_TARGET_LOG To compile it as a module, choose M here. If unsure, say N. @@ -1510,10 +1510,10 @@ index 3e1b4ab..8721e48 100644 tristate '"MARK" target support' depends on NETFILTER_ADVANCED diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile -index 70d026d..5469b14 100644 +index 7638c36..614ad8a 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile -@@ -110,6 +110,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += xt_CT.o +@@ -108,6 +108,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += xt_CT.o obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o @@ -1522,10 +1522,10 @@ index 70d026d..5469b14 100644 obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o diff --git a/net/netfilter/core.c b/net/netfilter/core.c -index 8e47f81..fa4ddd3 100644 +index f39276d..9877a27 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c -@@ -309,9 +309,11 @@ next_hook: +@@ -311,9 +311,11 @@ next_hook: ret = NF_DROP_GETERR(verdict); if (ret == 0) ret = -EPERM; @@ -1537,8 +1537,8 @@ index 8e47f81..fa4ddd3 100644 + verdict >> NF_VERDICT_QBITS, + verdict & NF_VERDICT_MASK); if (err < 0) { - if (err == -ECANCELED) - goto next_hook; + if (err == -ESRCH && + (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) diff --git a/net/netfilter/nf_internals.h b/net/netfilter/nf_internals.h index 0655225..25d4141 100644 --- a/net/netfilter/nf_internals.h @@ -1553,7 +1553,7 @@ index 0655225..25d4141 100644 int __init netfilter_queue_init(void); diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c -index 96777f9..c42d671 100644 +index 5baa8e2..9740e8c 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c @@ -28,6 +28,23 @@ @@ -1580,7 +1580,7 @@ index 96777f9..c42d671 100644 /* return EBUSY when somebody else is registered, return EEXIST if the * same handler is registered, return 0 in case of success. */ void nf_register_queue_handler(const struct nf_queue_handler *qh) -@@ -123,7 +140,8 @@ void nf_queue_nf_hook_drop(struct net *net, struct nf_hook_ops *ops) +@@ -116,7 +133,8 @@ void nf_queue_nf_hook_drop(struct net *net, struct nf_hook_ops *ops) int nf_queue(struct sk_buff *skb, struct nf_hook_ops *elem, struct nf_hook_state *state, @@ -1590,7 +1590,7 @@ index 96777f9..c42d671 100644 { int status = -ENOENT; struct nf_queue_entry *entry = NULL; -@@ -133,7 +151,17 @@ int nf_queue(struct sk_buff *skb, +@@ -124,7 +142,17 @@ int nf_queue(struct sk_buff *skb, const struct nf_queue_handler *qh; /* QUEUE == DROP if no one is waiting, to be safe. */ @@ -1608,8 +1608,8 @@ index 96777f9..c42d671 100644 + if (!qh) { status = -ESRCH; - goto err_unlock; -@@ -219,8 +247,10 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) + goto err; +@@ -199,8 +227,10 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) local_bh_enable(); break; case NF_QUEUE: @@ -1619,8 +1619,8 @@ index 96777f9..c42d671 100644 + verdict >> NF_VERDICT_QBITS, + verdict & NF_VERDICT_MASK); if (err < 0) { - if (err == -ECANCELED) - goto next_hook; + if (err == -ESRCH && + (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) diff --git a/net/netfilter/xt_IMQ.c b/net/netfilter/xt_IMQ.c new file mode 100644 index 0000000..86d7b84 @@ -1700,7 +1700,7 @@ index 0000000..86d7b84 +MODULE_ALIAS("ip6t_IMQ"); + diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c -index cb5d4ad..0d818be 100644 +index e82a1ad..b55331d 100644 --- a/net/sched/sch_generic.c +++ b/net/sched/sch_generic.c @@ -108,6 +108,14 @@ static struct sk_buff *dequeue_skb(struct Qdisc *q, bool *validate, diff --git a/kernel-small_fixes.patch b/kernel-small_fixes.patch index f0c5c85..92cfb5e 100644 --- a/kernel-small_fixes.patch +++ b/kernel-small_fixes.patch @@ -398,80 +398,3 @@ index aa67339..4f18fd9 100644 if (tout && tout <= 20) -- 2.5.0 - - -From 7ca88764d45c209791e8813131c1457c2e9e51e7 Mon Sep 17 00:00:00 2001 -From: Yevgeny Pats <yevgeny@perception-point.io> -Date: Mon, 11 Jan 2016 12:05:28 +0000 -Subject: KEYS: Fix keyring ref leak in join_session_keyring() - -If a thread is asked to join as a session keyring the keyring that's already -set as its session, we leak a keyring reference. - -This can be tested with the following program: - - #include <stddef.h> - #include <stdio.h> - #include <sys/types.h> - #include <keyutils.h> - - int main(int argc, const char *argv[]) - { - int i = 0; - key_serial_t serial; - - serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, - "leaked-keyring"); - if (serial < 0) { - perror("keyctl"); - return -1; - } - - if (keyctl(KEYCTL_SETPERM, serial, - KEY_POS_ALL | KEY_USR_ALL) < 0) { - perror("keyctl"); - return -1; - } - - for (i = 0; i < 100; i++) { - serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING, - "leaked-keyring"); - if (serial < 0) { - perror("keyctl"); - return -1; - } - } - - return 0; - } - -If, after the program has run, there something like the following line in -/proc/keys: - -3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty - -with a usage count of 100 * the number of times the program has been run, -then the kernel is malfunctioning. If leaked-keyring has zero usages or -has been garbage collected, then the problem is fixed. - -Reported-by: Yevgeny Pats <yevgeny@perception-point.io> -Signed-off-by: David Howells <dhowells@redhat.com> ---- - security/keys/process_keys.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c -index a3f85d2..e6d50172 100644 ---- a/security/keys/process_keys.c -+++ b/security/keys/process_keys.c -@@ -794,6 +794,7 @@ long join_session_keyring(const char *name) - ret = PTR_ERR(keyring); - goto error2; - } else if (keyring == new->session_keyring) { -+ key_put(keyring); - ret = 0; - goto error2; - } --- -2.7.0.rc3 - diff --git a/kernel.spec b/kernel.spec index a0669cd..e1fd5db 100644 --- a/kernel.spec +++ b/kernel.spec @@ -71,7 +71,7 @@ %define rel 1 %define basever 4.4 -%define postver .0 +%define postver .1 # define this to '-%{basever}' for longterm branch %define versuffix %{nil} @@ -120,7 +120,7 @@ Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{basever}.tar.xz # Source0-md5: 9a78fa2eb6c68ca5a40ed5af08142599 %if "%{postver}" != ".0" Patch0: http://www.kernel.org/pub/linux/kernel/v4.x/patch-%{version}.xz -# Patch0-md5: d3235b3640ae6ac1ab579171943fda4b +# Patch0-md5: d9e951895c8c249f0bf52d85f3e63bce %endif Source1: kernel.sysconfig |