[packages/kernel] - up to 4.4.1; imq updated to linuximq.net version
arekm
arekm at pld-linux.org
Sun Jan 31 21:54:02 CET 2016
commit dd5340b296f3965f78488f938a723525ee7e012f
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Sun Jan 31 21:53:53 2016 +0100
- up to 4.4.1; imq updated to linuximq.net version
kernel-imq.patch | 82 ++++++++++++++++++++++++------------------------
kernel-small_fixes.patch | 77 ---------------------------------------------
kernel.spec | 4 +--
3 files changed, 43 insertions(+), 120 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index a0669cd..e1fd5db 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -71,7 +71,7 @@
%define rel 1
%define basever 4.4
-%define postver .0
+%define postver .1
# define this to '-%{basever}' for longterm branch
%define versuffix %{nil}
@@ -120,7 +120,7 @@ Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{basever}.tar.xz
# Source0-md5: 9a78fa2eb6c68ca5a40ed5af08142599
%if "%{postver}" != ".0"
Patch0: http://www.kernel.org/pub/linux/kernel/v4.x/patch-%{version}.xz
-# Patch0-md5: d3235b3640ae6ac1ab579171943fda4b
+# Patch0-md5: d9e951895c8c249f0bf52d85f3e63bce
%endif
Source1: kernel.sysconfig
diff --git a/kernel-imq.patch b/kernel-imq.patch
index 240ddd0..773fd03 100644
--- a/kernel-imq.patch
+++ b/kernel-imq.patch
@@ -1,5 +1,5 @@
diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig
-index d18eb60..739a98a 100644
+index f184fb5..0e08522 100644
--- a/drivers/net/Kconfig
+++ b/drivers/net/Kconfig
@@ -234,6 +234,125 @@ config RIONET_RX_SIZE
@@ -142,7 +142,7 @@ index 900b0c5..e093402 100644
obj-$(CONFIG_MII) += mii.o
diff --git a/drivers/net/imq.c b/drivers/net/imq.c
new file mode 100644
-index 0000000..c60929b
+index 0000000..f80258f
--- /dev/null
+++ b/drivers/net/imq.c
@@ -0,0 +1,903 @@
@@ -538,7 +538,7 @@ index 0000000..c60929b
+ struct nf_queue_entry *entry = kmemdup(e, e->size, GFP_ATOMIC);
+ if (entry) {
+ nf_queue_entry_get_refs(entry);
-+ return entry;
++ return entry;
+ }
+ return NULL;
+}
@@ -1069,10 +1069,10 @@ index 0000000..1babb09
+#endif /* _IMQ_H */
+
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
-index 2d15e38..ebbecce 100644
+index 3143c84..e213b31 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
-@@ -3330,6 +3330,19 @@ static inline void netif_tx_unlock_bh(struct net_device *dev)
+@@ -3341,6 +3341,19 @@ static inline void netif_tx_unlock_bh(struct net_device *dev)
} \
}
@@ -1140,7 +1140,7 @@ index 0000000..198ac01
+#endif /* _IP6T_IMQ_H */
+
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index 2b0a30a..f8e727c 100644
+index 4355129..47914c0 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -38,6 +38,10 @@
@@ -1154,7 +1154,7 @@ index 2b0a30a..f8e727c 100644
/* A. Checksumming of received packets by device.
*
-@@ -557,6 +561,9 @@ struct sk_buff {
+@@ -566,6 +570,9 @@ struct sk_buff {
* first. This is owned by whoever has the skb queued ATM.
*/
char cb[48] __aligned(8);
@@ -1164,7 +1164,7 @@ index 2b0a30a..f8e727c 100644
unsigned long _skb_refdst;
void (*destructor)(struct sk_buff *skb);
-@@ -566,6 +573,9 @@ struct sk_buff {
+@@ -575,6 +582,9 @@ struct sk_buff {
#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
struct nf_conntrack *nfct;
#endif
@@ -1174,7 +1174,7 @@ index 2b0a30a..f8e727c 100644
#if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
struct nf_bridge_info *nf_bridge;
#endif
-@@ -633,6 +643,9 @@ struct sk_buff {
+@@ -642,6 +652,9 @@ struct sk_buff {
__u8 inner_protocol_type:1;
__u8 remcsum_offload:1;
/* 3 or 5 bit hole */
@@ -1184,7 +1184,7 @@ index 2b0a30a..f8e727c 100644
#ifdef CONFIG_NET_SCHED
__u16 tc_index; /* traffic control index */
-@@ -789,6 +802,12 @@ void kfree_skb_list(struct sk_buff *segs);
+@@ -798,6 +811,12 @@ void kfree_skb_list(struct sk_buff *segs);
void skb_tx_error(struct sk_buff *skb);
void consume_skb(struct sk_buff *skb);
void __kfree_skb(struct sk_buff *skb);
@@ -1197,7 +1197,7 @@ index 2b0a30a..f8e727c 100644
extern struct kmem_cache *skbuff_head_cache;
void kfree_skb_partial(struct sk_buff *skb, bool head_stolen);
-@@ -3335,6 +3354,10 @@ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src,
+@@ -3344,6 +3363,10 @@ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src,
if (copy)
dst->nfctinfo = src->nfctinfo;
#endif
@@ -1209,7 +1209,7 @@ index 2b0a30a..f8e727c 100644
dst->nf_bridge = src->nf_bridge;
nf_bridge_get(src->nf_bridge);
diff --git a/include/net/netfilter/nf_queue.h b/include/net/netfilter/nf_queue.h
-index e863585..40904cb 100644
+index 9c5638a..b173aa7 100644
--- a/include/net/netfilter/nf_queue.h
+++ b/include/net/netfilter/nf_queue.h
@@ -31,6 +31,12 @@ struct nf_queue_handler {
@@ -1223,7 +1223,7 @@ index e863585..40904cb 100644
+void nf_unregister_queue_imq_handler(void);
+#endif
- bool nf_queue_entry_get_refs(struct nf_queue_entry *entry);
+ void nf_queue_entry_get_refs(struct nf_queue_entry *entry);
void nf_queue_entry_release_refs(struct nf_queue_entry *entry);
diff --git a/include/net/pkt_sched.h b/include/net/pkt_sched.h
index 401038d..4668849 100644
@@ -1239,10 +1239,10 @@ index 401038d..4668849 100644
{
if (qdisc_run_begin(q))
diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h
-index 444faa8..e652d8d 100644
+index b2a8e63..d9feaa3 100644
--- a/include/net/sch_generic.h
+++ b/include/net/sch_generic.h
-@@ -502,6 +502,12 @@ static inline int qdisc_enqueue(struct sk_buff *skb, struct Qdisc *sch)
+@@ -506,6 +506,12 @@ static inline int qdisc_enqueue(struct sk_buff *skb, struct Qdisc *sch)
return sch->enqueue(skb, sch);
}
@@ -1270,10 +1270,10 @@ index d93f949..23fb6d1 100644
/* we overload the higher bits for encoding auxiliary data such as the queue
* number or errno values. Not nice, but better than additional function
diff --git a/net/core/dev.c b/net/core/dev.c
-index 6bb6470..13cda63 100644
+index ae00b89..1cdcd02 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
-@@ -136,6 +136,9 @@
+@@ -137,6 +137,9 @@
#include <linux/errqueue.h>
#include <linux/hrtimer.h>
#include <linux/netfilter_ingress.h>
@@ -1283,7 +1283,7 @@ index 6bb6470..13cda63 100644
#include "net-sysfs.h"
-@@ -2675,7 +2678,12 @@ static int xmit_one(struct sk_buff *skb, struct net_device *dev,
+@@ -2705,7 +2708,12 @@ static int xmit_one(struct sk_buff *skb, struct net_device *dev,
unsigned int len;
int rc;
@@ -1296,7 +1296,7 @@ index 6bb6470..13cda63 100644
dev_queue_xmit_nit(skb, dev);
len = skb->len;
-@@ -2713,6 +2721,7 @@ out:
+@@ -2743,6 +2751,7 @@ out:
*ret = rc;
return skb;
}
@@ -1304,7 +1304,7 @@ index 6bb6470..13cda63 100644
static struct sk_buff *validate_xmit_vlan(struct sk_buff *skb,
netdev_features_t features)
-@@ -2801,6 +2810,7 @@ struct sk_buff *validate_xmit_skb_list(struct sk_buff *skb, struct net_device *d
+@@ -2831,6 +2840,7 @@ struct sk_buff *validate_xmit_skb_list(struct sk_buff *skb, struct net_device *d
}
return head;
}
@@ -1313,7 +1313,7 @@ index 6bb6470..13cda63 100644
static void qdisc_pkt_len_init(struct sk_buff *skb)
{
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
-index dad4dd3..9c71959 100644
+index b2df375..bc3c51e 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -79,6 +79,87 @@
@@ -1444,7 +1444,7 @@ index dad4dd3..9c71959 100644
/* Note : this field could be in headers_start/headers_end section
* It is not yet because we do not want to have a 16 bit hole
-@@ -3324,6 +3431,13 @@ void __init skb_init(void)
+@@ -3325,6 +3432,13 @@ void __init skb_init(void)
0,
SLAB_HWCACHE_ALIGN|SLAB_PANIC,
NULL);
@@ -1459,10 +1459,10 @@ index dad4dd3..9c71959 100644
/**
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
-index 92b1aa3..e5a5dd5 100644
+index e6a7bd15..c81496e 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
-@@ -64,9 +64,6 @@ static int ip6_finish_output2(struct sock *sk, struct sk_buff *skb)
+@@ -65,9 +65,6 @@ static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff *
struct in6_addr *nexthop;
int ret;
@@ -1472,7 +1472,7 @@ index 92b1aa3..e5a5dd5 100644
if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) {
struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb));
-@@ -143,6 +140,13 @@ int ip6_output(struct sock *sk, struct sk_buff *skb)
+@@ -142,6 +139,13 @@ int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
return 0;
}
@@ -1487,10 +1487,10 @@ index 92b1aa3..e5a5dd5 100644
net, sk, skb, NULL, dev,
ip6_finish_output,
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
-index 3e1b4ab..8721e48 100644
+index 4692782..dce47db 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
-@@ -784,6 +784,18 @@ config NETFILTER_XT_TARGET_LOG
+@@ -785,6 +785,18 @@ config NETFILTER_XT_TARGET_LOG
To compile it as a module, choose M here. If unsure, say N.
@@ -1510,10 +1510,10 @@ index 3e1b4ab..8721e48 100644
tristate '"MARK" target support'
depends on NETFILTER_ADVANCED
diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
-index 70d026d..5469b14 100644
+index 7638c36..614ad8a 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
-@@ -110,6 +110,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += xt_CT.o
+@@ -108,6 +108,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += xt_CT.o
obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o
obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o
obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o
@@ -1522,10 +1522,10 @@ index 70d026d..5469b14 100644
obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o
obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
-index 8e47f81..fa4ddd3 100644
+index f39276d..9877a27 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
-@@ -309,9 +309,11 @@ next_hook:
+@@ -311,9 +311,11 @@ next_hook:
ret = NF_DROP_GETERR(verdict);
if (ret == 0)
ret = -EPERM;
@@ -1537,8 +1537,8 @@ index 8e47f81..fa4ddd3 100644
+ verdict >> NF_VERDICT_QBITS,
+ verdict & NF_VERDICT_MASK);
if (err < 0) {
- if (err == -ECANCELED)
- goto next_hook;
+ if (err == -ESRCH &&
+ (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS))
diff --git a/net/netfilter/nf_internals.h b/net/netfilter/nf_internals.h
index 0655225..25d4141 100644
--- a/net/netfilter/nf_internals.h
@@ -1553,7 +1553,7 @@ index 0655225..25d4141 100644
int __init netfilter_queue_init(void);
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
-index 96777f9..c42d671 100644
+index 5baa8e2..9740e8c 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -28,6 +28,23 @@
@@ -1580,7 +1580,7 @@ index 96777f9..c42d671 100644
/* return EBUSY when somebody else is registered, return EEXIST if the
* same handler is registered, return 0 in case of success. */
void nf_register_queue_handler(const struct nf_queue_handler *qh)
-@@ -123,7 +140,8 @@ void nf_queue_nf_hook_drop(struct net *net, struct nf_hook_ops *ops)
+@@ -116,7 +133,8 @@ void nf_queue_nf_hook_drop(struct net *net, struct nf_hook_ops *ops)
int nf_queue(struct sk_buff *skb,
struct nf_hook_ops *elem,
struct nf_hook_state *state,
@@ -1590,7 +1590,7 @@ index 96777f9..c42d671 100644
{
int status = -ENOENT;
struct nf_queue_entry *entry = NULL;
-@@ -133,7 +151,17 @@ int nf_queue(struct sk_buff *skb,
+@@ -124,7 +142,17 @@ int nf_queue(struct sk_buff *skb,
const struct nf_queue_handler *qh;
/* QUEUE == DROP if no one is waiting, to be safe. */
@@ -1608,8 +1608,8 @@ index 96777f9..c42d671 100644
+
if (!qh) {
status = -ESRCH;
- goto err_unlock;
-@@ -219,8 +247,10 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
+ goto err;
+@@ -199,8 +227,10 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
local_bh_enable();
break;
case NF_QUEUE:
@@ -1619,8 +1619,8 @@ index 96777f9..c42d671 100644
+ verdict >> NF_VERDICT_QBITS,
+ verdict & NF_VERDICT_MASK);
if (err < 0) {
- if (err == -ECANCELED)
- goto next_hook;
+ if (err == -ESRCH &&
+ (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS))
diff --git a/net/netfilter/xt_IMQ.c b/net/netfilter/xt_IMQ.c
new file mode 100644
index 0000000..86d7b84
@@ -1700,7 +1700,7 @@ index 0000000..86d7b84
+MODULE_ALIAS("ip6t_IMQ");
+
diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c
-index cb5d4ad..0d818be 100644
+index e82a1ad..b55331d 100644
--- a/net/sched/sch_generic.c
+++ b/net/sched/sch_generic.c
@@ -108,6 +108,14 @@ static struct sk_buff *dequeue_skb(struct Qdisc *q, bool *validate,
diff --git a/kernel-small_fixes.patch b/kernel-small_fixes.patch
index f0c5c85..92cfb5e 100644
--- a/kernel-small_fixes.patch
+++ b/kernel-small_fixes.patch
@@ -398,80 +398,3 @@ index aa67339..4f18fd9 100644
if (tout && tout <= 20)
--
2.5.0
-
-
-From 7ca88764d45c209791e8813131c1457c2e9e51e7 Mon Sep 17 00:00:00 2001
-From: Yevgeny Pats <yevgeny at perception-point.io>
-Date: Mon, 11 Jan 2016 12:05:28 +0000
-Subject: KEYS: Fix keyring ref leak in join_session_keyring()
-
-If a thread is asked to join as a session keyring the keyring that's already
-set as its session, we leak a keyring reference.
-
-This can be tested with the following program:
-
- #include <stddef.h>
- #include <stdio.h>
- #include <sys/types.h>
- #include <keyutils.h>
-
- int main(int argc, const char *argv[])
- {
- int i = 0;
- key_serial_t serial;
-
- serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
- "leaked-keyring");
- if (serial < 0) {
- perror("keyctl");
- return -1;
- }
-
- if (keyctl(KEYCTL_SETPERM, serial,
- KEY_POS_ALL | KEY_USR_ALL) < 0) {
- perror("keyctl");
- return -1;
- }
-
- for (i = 0; i < 100; i++) {
- serial = keyctl(KEYCTL_JOIN_SESSION_KEYRING,
- "leaked-keyring");
- if (serial < 0) {
- perror("keyctl");
- return -1;
- }
- }
-
- return 0;
- }
-
-If, after the program has run, there something like the following line in
-/proc/keys:
-
-3f3d898f I--Q--- 100 perm 3f3f0000 0 0 keyring leaked-keyring: empty
-
-with a usage count of 100 * the number of times the program has been run,
-then the kernel is malfunctioning. If leaked-keyring has zero usages or
-has been garbage collected, then the problem is fixed.
-
-Reported-by: Yevgeny Pats <yevgeny at perception-point.io>
-Signed-off-by: David Howells <dhowells at redhat.com>
----
- security/keys/process_keys.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
-index a3f85d2..e6d50172 100644
---- a/security/keys/process_keys.c
-+++ b/security/keys/process_keys.c
-@@ -794,6 +794,7 @@ long join_session_keyring(const char *name)
- ret = PTR_ERR(keyring);
- goto error2;
- } else if (keyring == new->session_keyring) {
-+ key_put(keyring);
- ret = 0;
- goto error2;
- }
---
-2.7.0.rc3
-
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/kernel.git/commitdiff/dd5340b296f3965f78488f938a723525ee7e012f
More information about the pld-cvs-commit
mailing list