main/linux-grsec: add missing 0019-ipv4-check-rt_genid-in-dst_check.patchv1.10.5

should have been there all the way (cherry picked from commit c98a2c458a939960a2f7164c3f4ee96f7b99f97b)
author: Natanael Copa <ncopa@alpinelinux.org> 2010-06-10 10:09:17 +0000
committer: Timo Teräs <timo.teras@iki.fi> 2010-06-10 13:27:59 +0300
commit: 7b7994550926f88bb4ffdde9fe7bf350ad4c6d62 (patch)
tree: de99799126d7095fd968e371944cf2d826734a03
parent: 1d5e59ca83531f0e52bd94fbc28ec1e791020ce1 (diff)
download: alpine_aports-1.10.5.tar.bz2
alpine_aports-1.10.5.tar.xz
alpine_aports-1.10.5.zip
2 files changed, 99 insertions, 1 deletions
diff --git a/main/linux-grsec/0019-ipv4-check-rt_genid-in-dst_check.patch b/main/linux-grsec/0019-ipv4-check-rt_genid-in-dst_check.patch
new file mode 100644
index 0000000000..e1e9a655e1
--- /dev/null
+++ b/main/linux-grsec/0019-ipv4-check-rt_genid-in-dst_check.patch
@@ -0,0 +1,96 @@
+From d11a4dc18bf41719c9f0d7ed494d295dd2973b92 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Thu, 18 Mar 2010 23:20:20 +0000
+Subject: [PATCH] ipv4: check rt_genid in dst_check
+Xfrm_dst keeps a reference to ipv4 rtable entries on each
+cached bundle. The only way to renew xfrm_dst when the underlying
+route has changed, is to implement dst_check for this. This is
+what ipv6 side does too.
+The problems started after 87c1e12b5eeb7b30b4b41291bef8e0b41fc3dde9
+("ipsec: Fix bogus bundle flowi") which fixed a bug causing xfrm_dst
+to not get reused, until that all lookups always generated new
+xfrm_dst with new route reference and path mtu worked. But after the
+fix, the old routes started to get reused even after they were expired
+causing pmtu to break (well it would occationally work if the rtable
+gc had run recently and marked the route obsolete causing dst_check to
+get called).
+Signed-off-by: Timo Teras <timo.teras@iki.fi>
+Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/ipv4/route.c |   14 ++++++++++----
+ 1 files changed, 10 insertions(+), 4 deletions(-)
+diff --git a/net/ipv4/route.c b/net/ipv4/route.c
+index a770df2..32d3961 100644
+--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
+@@ -1441,7 +1441,7 @@ void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
+                                        dev_hold(rt->u.dst.dev);
+                                if (rt->idev)
+                                        in_dev_hold(rt->idev);
+-                               rt->u.dst.obsolete      = 0;
+                               rt->u.dst.obsolete      = -1;
+                                rt->u.dst.lastuse       = jiffies;
+                                rt->u.dst.path          = &rt->u.dst;
+                                rt->u.dst.neighbour     = NULL;
+@@ -1506,7 +1506,7 @@ static struct dst_entry *ipv4_negative_advice(struct dst_entry *dst)
+        struct dst_entry *ret = dst;
+ 
+        if (rt) {
+-               if (dst->obsolete) {
+               if (dst->obsolete > 0) {
+                        ip_rt_put(rt);
+                        ret = NULL;
+                } else if ((rt->rt_flags & RTCF_REDIRECTED) ||
+@@ -1726,7 +1726,9 @@ static void ip_rt_update_pmtu(struct dst_entry *dst, u32 mtu)
+ 
+ static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
+ {
+-       return NULL;
+       if (rt_is_expired((struct rtable *)dst))
+               return NULL;
+       return dst;
+ }
+ 
+ static void ipv4_dst_destroy(struct dst_entry *dst)
+@@ -1888,7 +1890,8 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
+        if (!rth)
+                goto e_nobufs;
+ 
+-       rth->u.dst.output= ip_rt_bug;
+       rth->u.dst.output = ip_rt_bug;
+       rth->u.dst.obsolete = -1;
+ 
+        atomic_set(&rth->u.dst.__refcnt, 1);
+        rth->u.dst.flags= DST_HOST;
+@@ -2054,6 +2057,7 @@ static int __mkroute_input(struct sk_buff *skb,
+        rth->fl.oif     = 0;
+        rth->rt_spec_dst= spec_dst;
+ 
+       rth->u.dst.obsolete = -1;
+        rth->u.dst.input = ip_forward;
+        rth->u.dst.output = ip_output;
+        rth->rt_genid = rt_genid(dev_net(rth->u.dst.dev));
+@@ -2218,6 +2222,7 @@ local_input:
+                goto e_nobufs;
+ 
+        rth->u.dst.output= ip_rt_bug;
+       rth->u.dst.obsolete = -1;
+        rth->rt_genid = rt_genid(net);
+ 
+        atomic_set(&rth->u.dst.__refcnt, 1);
+@@ -2444,6 +2449,7 @@ static int __mkroute_output(struct rtable **result,
+        rth->rt_spec_dst= fl->fl4_src;
+ 
+        rth->u.dst.output=ip_output;
+       rth->u.dst.obsolete = -1;
+        rth->rt_genid = rt_genid(dev_net(dev_out));
+ 
+        RT_CACHE_STAT_INC(out_slow_tot);
+-- 
+1.7.1
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 67b03001e6..471b3efb8c 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
 pkgname=linux-${_flavor}
 pkgver=2.6.32.15
 _kernver=2.6.32
-pkgrel=5
+pkgrel=6
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs linux-firmware"
@@ -30,6 +30,7 @@ source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
        0016-xfrm-remove-policy-garbage-collection.patch
        0017-flow-delayed-deletion-of-flow-cache-entries.patch
        0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
+        0019-ipv4-check-rt_genid-in-dst_check.patch
        xfrm-fix-policy-unreferencing-on-larval-drop.patch
        r8169-fix-random-mdio_write-failures.patch
        r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch
@@ -162,6 +163,7 @@ c09b82b89a49ba2a3836a0bc3a3312f4  0015-xfrm-cache-bundles-instead-of-policies-fo
 41618efb65ab9ddacfb59a1cde9b4edd  0016-xfrm-remove-policy-garbage-collection.patch
 3b83f0972ab715819d1119b120a987e7  0017-flow-delayed-deletion-of-flow-cache-entries.patch
 45a676c7a1759fec60b724d557b4e295  0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
+74e511f12854972db08d3fddc4df0f52  0019-ipv4-check-rt_genid-in-dst_check.patch
 c7e606c11c05ff03012b21c3fe0ece47  xfrm-fix-policy-unreferencing-on-larval-drop.patch
 ce4a74190febe13713bab1b886dd5bee  r8169-fix-random-mdio_write-failures.patch
 b41ee19f13498fb25992fd60cd1126d4  r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch
author	Natanael Copa <ncopa@alpinelinux.org>	2010-06-10 10:09:17 +0000
committer	Timo Teräs <timo.teras@iki.fi>	2010-06-10 13:27:59 +0300
commit	7b7994550926f88bb4ffdde9fe7bf350ad4c6d62 (patch)
tree	de99799126d7095fd968e371944cf2d826734a03
parent	1d5e59ca83531f0e52bd94fbc28ec1e791020ce1 (diff)
download	alpine_aports-1.10.5.tar.bz2 alpine_aports-1.10.5.tar.xz alpine_aports-1.10.5.zip

diff --git a/main/linux-grsec/0019-ipv4-check-rt_genid-in-dst_check.patch b/main/linux-grsec/0019-ipv4-check-rt_genid-in-dst_check.patch new file mode 100644 index 0000000000..e1e9a655e1 --- /dev/null +++ b/main/linux-grsec/0019-ipv4-check-rt_genid-in-dst_check.patch
@@ -0,0 +1,96 @@
		1	From d11a4dc18bf41719c9f0d7ed494d295dd2973b92 Mon Sep 17 00:00:00 2001
		2	From: =?utf8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
		3	Date: Thu, 18 Mar 2010 23:20:20 +0000
		4	Subject: [PATCH] ipv4: check rt_genid in dst_check
		5
		6	Xfrm_dst keeps a reference to ipv4 rtable entries on each
		7	cached bundle. The only way to renew xfrm_dst when the underlying
		8	route has changed, is to implement dst_check for this. This is
		9	what ipv6 side does too.
		10
		11	The problems started after 87c1e12b5eeb7b30b4b41291bef8e0b41fc3dde9
		12	("ipsec: Fix bogus bundle flowi") which fixed a bug causing xfrm_dst
		13	to not get reused, until that all lookups always generated new
		14	xfrm_dst with new route reference and path mtu worked. But after the
		15	fix, the old routes started to get reused even after they were expired
		16	causing pmtu to break (well it would occationally work if the rtable
		17	gc had run recently and marked the route obsolete causing dst_check to
		18	get called).
		19
		20	Signed-off-by: Timo Teras <timo.teras@iki.fi>
		21	Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
		22	Signed-off-by: David S. Miller <davem@davemloft.net>
		23	---
		24	net/ipv4/route.c \| 14 ++++++++++----
		25	1 files changed, 10 insertions(+), 4 deletions(-)
		26
		27	diff --git a/net/ipv4/route.c b/net/ipv4/route.c
		28	index a770df2..32d3961 100644
		29	--- a/net/ipv4/route.c
		30	+++ b/net/ipv4/route.c
		31	@@ -1441,7 +1441,7 @@ void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
		32	dev_hold(rt->u.dst.dev);
		33	if (rt->idev)
		34	in_dev_hold(rt->idev);
		35	- rt->u.dst.obsolete = 0;
		36	+ rt->u.dst.obsolete = -1;
		37	rt->u.dst.lastuse = jiffies;
		38	rt->u.dst.path = &rt->u.dst;
		39	rt->u.dst.neighbour = NULL;
		40	@@ -1506,7 +1506,7 @@ static struct dst_entry ipv4_negative_advice(struct dst_entry dst)
		41	struct dst_entry *ret = dst;
		42
		43	if (rt) {
		44	- if (dst->obsolete) {
		45	+ if (dst->obsolete > 0) {
		46	ip_rt_put(rt);
		47	ret = NULL;
		48	} else if ((rt->rt_flags & RTCF_REDIRECTED) \|\|
		49	@@ -1726,7 +1726,9 @@ static void ip_rt_update_pmtu(struct dst_entry *dst, u32 mtu)
		50
		51	static struct dst_entry ipv4_dst_check(struct dst_entry dst, u32 cookie)
		52	{
		53	- return NULL;
		54	+ if (rt_is_expired((struct rtable *)dst))
		55	+ return NULL;
		56	+ return dst;
		57	}
		58
		59	static void ipv4_dst_destroy(struct dst_entry *dst)
		60	@@ -1888,7 +1890,8 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
		61	if (!rth)
		62	goto e_nobufs;
		63
		64	- rth->u.dst.output= ip_rt_bug;
		65	+ rth->u.dst.output = ip_rt_bug;
		66	+ rth->u.dst.obsolete = -1;
		67
		68	atomic_set(&rth->u.dst.__refcnt, 1);
		69	rth->u.dst.flags= DST_HOST;
		70	@@ -2054,6 +2057,7 @@ static int __mkroute_input(struct sk_buff *skb,
		71	rth->fl.oif = 0;
		72	rth->rt_spec_dst= spec_dst;
		73
		74	+ rth->u.dst.obsolete = -1;
		75	rth->u.dst.input = ip_forward;
		76	rth->u.dst.output = ip_output;
		77	rth->rt_genid = rt_genid(dev_net(rth->u.dst.dev));
		78	@@ -2218,6 +2222,7 @@ local_input:
		79	goto e_nobufs;
		80
		81	rth->u.dst.output= ip_rt_bug;
		82	+ rth->u.dst.obsolete = -1;
		83	rth->rt_genid = rt_genid(net);
		84
		85	atomic_set(&rth->u.dst.__refcnt, 1);
		86	@@ -2444,6 +2449,7 @@ static int __mkroute_output(struct rtable **result,
		87	rth->rt_spec_dst= fl->fl4_src;
		88
		89	rth->u.dst.output=ip_output;
		90	+ rth->u.dst.obsolete = -1;
		91	rth->rt_genid = rt_genid(dev_net(dev_out));
		92
		93	RT_CACHE_STAT_INC(out_slow_tot);
		94	--
		95	1.7.1
		96


diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 67b03001e6..471b3efb8c 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
4	pkgname=linux-${_flavor}	4	pkgname=linux-${_flavor}
5	pkgver=2.6.32.15	5	pkgver=2.6.32.15
6	_kernver=2.6.32	6	_kernver=2.6.32
7	pkgrel=5	7	pkgrel=6
8	pkgdesc="Linux kernel with grsecurity"	8	pkgdesc="Linux kernel with grsecurity"
9	url=http://grsecurity.net	9	url=http://grsecurity.net
10	depends="mkinitfs linux-firmware"	10	depends="mkinitfs linux-firmware"
@@ -30,6 +30,7 @@ source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
30	0016-xfrm-remove-policy-garbage-collection.patch	30	0016-xfrm-remove-policy-garbage-collection.patch
31	0017-flow-delayed-deletion-of-flow-cache-entries.patch	31	0017-flow-delayed-deletion-of-flow-cache-entries.patch
32	0018-xfrm-Fix-crashes-in-xfrm_lookup.patch	32	0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
		33	0019-ipv4-check-rt_genid-in-dst_check.patch
33	xfrm-fix-policy-unreferencing-on-larval-drop.patch	34	xfrm-fix-policy-unreferencing-on-larval-drop.patch
34	r8169-fix-random-mdio_write-failures.patch	35	r8169-fix-random-mdio_write-failures.patch
35	r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch	36	r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch
@@ -162,6 +163,7 @@ c09b82b89a49ba2a3836a0bc3a3312f4 0015-xfrm-cache-bundles-instead-of-policies-fo
162	41618efb65ab9ddacfb59a1cde9b4edd 0016-xfrm-remove-policy-garbage-collection.patch	163	41618efb65ab9ddacfb59a1cde9b4edd 0016-xfrm-remove-policy-garbage-collection.patch
163	3b83f0972ab715819d1119b120a987e7 0017-flow-delayed-deletion-of-flow-cache-entries.patch	164	3b83f0972ab715819d1119b120a987e7 0017-flow-delayed-deletion-of-flow-cache-entries.patch
164	45a676c7a1759fec60b724d557b4e295 0018-xfrm-Fix-crashes-in-xfrm_lookup.patch	165	45a676c7a1759fec60b724d557b4e295 0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
		166	74e511f12854972db08d3fddc4df0f52 0019-ipv4-check-rt_genid-in-dst_check.patch
165	c7e606c11c05ff03012b21c3fe0ece47 xfrm-fix-policy-unreferencing-on-larval-drop.patch	167	c7e606c11c05ff03012b21c3fe0ece47 xfrm-fix-policy-unreferencing-on-larval-drop.patch
166	ce4a74190febe13713bab1b886dd5bee r8169-fix-random-mdio_write-failures.patch	168	ce4a74190febe13713bab1b886dd5bee r8169-fix-random-mdio_write-failures.patch
167	b41ee19f13498fb25992fd60cd1126d4 r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch	169	b41ee19f13498fb25992fd60cd1126d4 r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch