main/linux-grsec: add a xfrm fix from upstream

author: Natanael Copa <ncopa@alpinelinux.org> 2010-07-16 14:02:37 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2010-07-16 14:02:37 +0000
commit: 7a7b35285b3e4d620cf2c9b894d4f120f9cd15a1 (patch)
tree: 041437a111a72be8e9019c043fdcf087190a6415
parent: d5d7b466437ac678d791937d8e4699bb4ff82fb8 (diff)
download: alpine_aports-7a7b35285b3e4d620cf2c9b894d4f120f9cd15a1.tar.bz2
alpine_aports-7a7b35285b3e4d620cf2c9b894d4f120f9cd15a1.tar.xz
alpine_aports-7a7b35285b3e4d620cf2c9b894d4f120f9cd15a1.zip
2 files changed, 69 insertions, 1 deletions
diff --git a/main/linux-grsec/0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch b/main/linux-grsec/0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch
new file mode 100644
index 0000000000..bc660dd5cc
--- /dev/null
+++ b/main/linux-grsec/0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch
@@ -0,0 +1,66 @@
+From d809ec895505e6f35fb1965f0946381ab4eaa474 Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
+Date: Mon, 12 Jul 2010 21:29:42 +0000
+Subject: [PATCH] xfrm: do not assume that template resolving always returns xfrms
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+xfrm_resolve_and_create_bundle() assumed that, if policies indicated
+presence of xfrms, bundle template resolution would always return
+some xfrms. This is not true for 'use' level policies which can
+result in no xfrm's being applied if there is no suitable xfrm states.
+This fixes a crash by this incorrect assumption.
+Reported-by: George Spelvin <linux@horizon.com>
+Bisected-by: George Spelvin <linux@horizon.com>
+Tested-by: George Spelvin <linux@horizon.com>
+Signed-off-by: Timo TerÃ¤s <timo.teras@iki.fi>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/xfrm/xfrm_policy.c |   15 +++++++++++++--
+ 1 files changed, 13 insertions(+), 2 deletions(-)
+diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
+index af1c173..a7ec5a8 100644
+--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
+@@ -1594,8 +1594,8 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols,
+ 
+        /* Try to instantiate a bundle */
+        err = xfrm_tmpl_resolve(pols, num_pols, fl, xfrm, family);
+-       if (err < 0) {
+-               if (err != -EAGAIN)
+       if (err <= 0) {
+               if (err != 0 && err != -EAGAIN)
+                        XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLERROR);
+                return ERR_PTR(err);
+        }
+@@ -1678,6 +1678,13 @@ xfrm_bundle_lookup(struct net *net, struct flowi *fl, u16 family, u8 dir,
+                        goto make_dummy_bundle;
+                dst_hold(&xdst->u.dst);
+                return oldflo;
+       } else if (new_xdst == NULL) {
+               num_xfrms = 0;
+               if (oldflo == NULL)
+                       goto make_dummy_bundle;
+               xdst->num_xfrms = 0;
+               dst_hold(&xdst->u.dst);
+               return oldflo;
+        }
+ 
+        /* Kill the previous bundle */
+@@ -1760,6 +1767,10 @@ restart:
+                                xfrm_pols_put(pols, num_pols);
+                                err = PTR_ERR(xdst);
+                                goto dropdst;
+                       } else if (xdst == NULL) {
+                               num_xfrms = 0;
+                               drop_pols = num_pols;
+                               goto no_transform;
+                        }
+ 
+                        spin_lock_bh(&xfrm_policy_sk_bundle_lock);
+-- 
+1.7.1.1
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index 110551aef9..93137a7cd9 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
 pkgname=linux-${_flavor}
 pkgver=2.6.32.16
 _kernver=2.6.32
-pkgrel=1
+pkgrel=2
 pkgdesc="Linux kernel with grsecurity"
 url=http://grsecurity.net
 depends="mkinitfs linux-firmware"
@@ -32,6 +32,7 @@ source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
        0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
        0019-ipv4-check-rt_genid-in-dst_check.patch
        0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch
+        0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch
        xfrm-fix-policy-unreferencing-on-larval-drop.patch
        r8169-fix-random-mdio_write-failures.patch
        r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch
@@ -166,6 +167,7 @@ c09b82b89a49ba2a3836a0bc3a3312f4  0015-xfrm-cache-bundles-instead-of-policies-fo
 45a676c7a1759fec60b724d557b4e295  0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
 74e511f12854972db08d3fddc4df0f52  0019-ipv4-check-rt_genid-in-dst_check.patch
 edfac5844f91721d49a00a09b6ef258b  0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch
+b39bccb5a1124f5a3f2f209edb21aba5  0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch
 c7e606c11c05ff03012b21c3fe0ece47  xfrm-fix-policy-unreferencing-on-larval-drop.patch
 ce4a74190febe13713bab1b886dd5bee  r8169-fix-random-mdio_write-failures.patch
 b41ee19f13498fb25992fd60cd1126d4  r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch
author	Natanael Copa <ncopa@alpinelinux.org>	2010-07-16 14:02:37 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2010-07-16 14:02:37 +0000
commit	7a7b35285b3e4d620cf2c9b894d4f120f9cd15a1 (patch)
tree	041437a111a72be8e9019c043fdcf087190a6415
parent	d5d7b466437ac678d791937d8e4699bb4ff82fb8 (diff)
download	alpine_aports-7a7b35285b3e4d620cf2c9b894d4f120f9cd15a1.tar.bz2 alpine_aports-7a7b35285b3e4d620cf2c9b894d4f120f9cd15a1.tar.xz alpine_aports-7a7b35285b3e4d620cf2c9b894d4f120f9cd15a1.zip

diff --git a/main/linux-grsec/0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch b/main/linux-grsec/0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch new file mode 100644 index 0000000000..bc660dd5cc --- /dev/null +++ b/main/linux-grsec/0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch
@@ -0,0 +1,66 @@
		1	From d809ec895505e6f35fb1965f0946381ab4eaa474 Mon Sep 17 00:00:00 2001
		2	From: =?utf8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
		3	Date: Mon, 12 Jul 2010 21:29:42 +0000
		4	Subject: [PATCH] xfrm: do not assume that template resolving always returns xfrms
		5	MIME-Version: 1.0
		6	Content-Type: text/plain; charset=utf8
		7	Content-Transfer-Encoding: 8bit
		8
		9	xfrm_resolve_and_create_bundle() assumed that, if policies indicated
		10	presence of xfrms, bundle template resolution would always return
		11	some xfrms. This is not true for 'use' level policies which can
		12	result in no xfrm's being applied if there is no suitable xfrm states.
		13	This fixes a crash by this incorrect assumption.
		14
		15	Reported-by: George Spelvin <linux@horizon.com>
		16	Bisected-by: George Spelvin <linux@horizon.com>
		17	Tested-by: George Spelvin <linux@horizon.com>
		18	Signed-off-by: Timo TerÃ¤s <timo.teras@iki.fi>
		19	Signed-off-by: David S. Miller <davem@davemloft.net>
		20	---
		21	net/xfrm/xfrm_policy.c \| 15 +++++++++++++--
		22	1 files changed, 13 insertions(+), 2 deletions(-)
		23
		24	diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
		25	index af1c173..a7ec5a8 100644
		26	--- a/net/xfrm/xfrm_policy.c
		27	+++ b/net/xfrm/xfrm_policy.c
		28	@@ -1594,8 +1594,8 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols,
		29
		30	/* Try to instantiate a bundle */
		31	err = xfrm_tmpl_resolve(pols, num_pols, fl, xfrm, family);
		32	- if (err < 0) {
		33	- if (err != -EAGAIN)
		34	+ if (err <= 0) {
		35	+ if (err != 0 && err != -EAGAIN)
		36	XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTPOLERROR);
		37	return ERR_PTR(err);
		38	}
		39	@@ -1678,6 +1678,13 @@ xfrm_bundle_lookup(struct net net, struct flowi fl, u16 family, u8 dir,
		40	goto make_dummy_bundle;
		41	dst_hold(&xdst->u.dst);
		42	return oldflo;
		43	+ } else if (new_xdst == NULL) {
		44	+ num_xfrms = 0;
		45	+ if (oldflo == NULL)
		46	+ goto make_dummy_bundle;
		47	+ xdst->num_xfrms = 0;
		48	+ dst_hold(&xdst->u.dst);
		49	+ return oldflo;
		50	}
		51
		52	/* Kill the previous bundle */
		53	@@ -1760,6 +1767,10 @@ restart:
		54	xfrm_pols_put(pols, num_pols);
		55	err = PTR_ERR(xdst);
		56	goto dropdst;
		57	+ } else if (xdst == NULL) {
		58	+ num_xfrms = 0;
		59	+ drop_pols = num_pols;
		60	+ goto no_transform;
		61	}
		62
		63	spin_lock_bh(&xfrm_policy_sk_bundle_lock);
		64	--
		65	1.7.1.1
		66


diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 110551aef9..93137a7cd9 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD
@@ -4,7 +4,7 @@ _flavor=grsec
4	pkgname=linux-${_flavor}	4	pkgname=linux-${_flavor}
5	pkgver=2.6.32.16	5	pkgver=2.6.32.16
6	_kernver=2.6.32	6	_kernver=2.6.32
7	pkgrel=1	7	pkgrel=2
8	pkgdesc="Linux kernel with grsecurity"	8	pkgdesc="Linux kernel with grsecurity"
9	url=http://grsecurity.net	9	url=http://grsecurity.net
10	depends="mkinitfs linux-firmware"	10	depends="mkinitfs linux-firmware"
@@ -32,6 +32,7 @@ source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2
32	0018-xfrm-Fix-crashes-in-xfrm_lookup.patch	32	0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
33	0019-ipv4-check-rt_genid-in-dst_check.patch	33	0019-ipv4-check-rt_genid-in-dst_check.patch
34	0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch	34	0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch
		35	0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch
35	xfrm-fix-policy-unreferencing-on-larval-drop.patch	36	xfrm-fix-policy-unreferencing-on-larval-drop.patch
36	r8169-fix-random-mdio_write-failures.patch	37	r8169-fix-random-mdio_write-failures.patch
37	r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch	38	r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch
@@ -166,6 +167,7 @@ c09b82b89a49ba2a3836a0bc3a3312f4 0015-xfrm-cache-bundles-instead-of-policies-fo
166	45a676c7a1759fec60b724d557b4e295 0018-xfrm-Fix-crashes-in-xfrm_lookup.patch	167	45a676c7a1759fec60b724d557b4e295 0018-xfrm-Fix-crashes-in-xfrm_lookup.patch
167	74e511f12854972db08d3fddc4df0f52 0019-ipv4-check-rt_genid-in-dst_check.patch	168	74e511f12854972db08d3fddc4df0f52 0019-ipv4-check-rt_genid-in-dst_check.patch
168	edfac5844f91721d49a00a09b6ef258b 0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch	169	edfac5844f91721d49a00a09b6ef258b 0020-xfrm-check-bundle-policy-existance-before-dereferencing-it.patch
		170	b39bccb5a1124f5a3f2f209edb21aba5 0021-xfrm-do-not-assume-that-template-resolving-always-returns-xfrms.patch
169	c7e606c11c05ff03012b21c3fe0ece47 xfrm-fix-policy-unreferencing-on-larval-drop.patch	171	c7e606c11c05ff03012b21c3fe0ece47 xfrm-fix-policy-unreferencing-on-larval-drop.patch
170	ce4a74190febe13713bab1b886dd5bee r8169-fix-random-mdio_write-failures.patch	172	ce4a74190febe13713bab1b886dd5bee r8169-fix-random-mdio_write-failures.patch
171	b41ee19f13498fb25992fd60cd1126d4 r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch	173	b41ee19f13498fb25992fd60cd1126d4 r8169-fix-mdio_read-and-update-mdio_write-according-to-hw-specs.patch