summaryrefslogtreecommitdiff
path: root/kernels/linux-libre-audit
diff options
context:
space:
mode:
Diffstat (limited to 'kernels/linux-libre-audit')
-rw-r--r--kernels/linux-libre-audit/0001-e1000e-Fix-tight-loop-implementation-of-systime-read.patch65
-rw-r--r--kernels/linux-libre-audit/0001-netfilter-conntrack-use-nf_ct_tmpl_free-in-CT-synpro.patch103
-rw-r--r--kernels/linux-libre-audit/PKGBUILD25
-rw-r--r--kernels/linux-libre-audit/config.i6868
-rw-r--r--kernels/linux-libre-audit/config.x86_648
5 files changed, 16 insertions, 193 deletions
diff --git a/kernels/linux-libre-audit/0001-e1000e-Fix-tight-loop-implementation-of-systime-read.patch b/kernels/linux-libre-audit/0001-e1000e-Fix-tight-loop-implementation-of-systime-read.patch
deleted file mode 100644
index 0bea7fe08..000000000
--- a/kernels/linux-libre-audit/0001-e1000e-Fix-tight-loop-implementation-of-systime-read.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 37b12910dd11d9ab969f2c310dc9160b7f3e3405 Mon Sep 17 00:00:00 2001
-From: Raanan Avargil <raanan.avargil@intel.com>
-Date: Sun, 19 Jul 2015 16:33:20 +0300
-Subject: [PATCH] e1000e: Fix tight loop implementation of systime read
- algorithm
-
-Change the algorithm. Read systimel twice and check for overflow.
-If there was no overflow, use the first value.
-If there was an overflow, read systimeh again and use the second
-systimel value.
-
-Signed-off-by: Raanan Avargil <raanan.avargil@intel.com>
-Tested-by: Aaron Brown <aaron.f.brown@intel.com>
-Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
----
- drivers/net/ethernet/intel/e1000e/netdev.c | 31 ++++++++++++++++++++----------
- 1 file changed, 21 insertions(+), 10 deletions(-)
-
-diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c
-index 24b7269..96a8166 100644
---- a/drivers/net/ethernet/intel/e1000e/netdev.c
-+++ b/drivers/net/ethernet/intel/e1000e/netdev.c
-@@ -4280,18 +4280,29 @@ static cycle_t e1000e_cyclecounter_read(const struct cyclecounter *cc)
- struct e1000_adapter *adapter = container_of(cc, struct e1000_adapter,
- cc);
- struct e1000_hw *hw = &adapter->hw;
-+ u32 systimel_1, systimel_2, systimeh;
- cycle_t systim, systim_next;
-- /* SYSTIMH latching upon SYSTIML read does not work well. To fix that
-- * we don't want to allow overflow of SYSTIML and a change to SYSTIMH
-- * to occur between reads, so if we read a vale close to overflow, we
-- * wait for overflow to occur and read both registers when its safe.
-+ /* SYSTIMH latching upon SYSTIML read does not work well.
-+ * This means that if SYSTIML overflows after we read it but before
-+ * we read SYSTIMH, the value of SYSTIMH has been incremented and we
-+ * will experience a huge non linear increment in the systime value
-+ * to fix that we test for overflow and if true, we re-read systime.
- */
-- u32 systim_overflow_latch_fix = 0x3FFFFFFF;
--
-- do {
-- systim = (cycle_t)er32(SYSTIML);
-- } while (systim > systim_overflow_latch_fix);
-- systim |= (cycle_t)er32(SYSTIMH) << 32;
-+ systimel_1 = er32(SYSTIML);
-+ systimeh = er32(SYSTIMH);
-+ systimel_2 = er32(SYSTIML);
-+ /* Check for overflow. If there was no overflow, use the values */
-+ if (systimel_1 < systimel_2) {
-+ systim = (cycle_t)systimel_1;
-+ systim |= (cycle_t)systimeh << 32;
-+ } else {
-+ /* There was an overflow, read again SYSTIMH, and use
-+ * systimel_2
-+ */
-+ systimeh = er32(SYSTIMH);
-+ systim = (cycle_t)systimel_2;
-+ systim |= (cycle_t)systimeh << 32;
-+ }
-
- if ((hw->mac.type == e1000_82574) || (hw->mac.type == e1000_82583)) {
- u64 incvalue, time_delta, rem, temp;
---
-2.5.1
-
diff --git a/kernels/linux-libre-audit/0001-netfilter-conntrack-use-nf_ct_tmpl_free-in-CT-synpro.patch b/kernels/linux-libre-audit/0001-netfilter-conntrack-use-nf_ct_tmpl_free-in-CT-synpro.patch
deleted file mode 100644
index 0918357e1..000000000
--- a/kernels/linux-libre-audit/0001-netfilter-conntrack-use-nf_ct_tmpl_free-in-CT-synpro.patch
+++ /dev/null
@@ -1,103 +0,0 @@
-From 9cf94eab8b309e8bcc78b41dd1561c75b537dd0b Mon Sep 17 00:00:00 2001
-From: Daniel Borkmann <daniel@iogearbox.net>
-Date: Mon, 31 Aug 2015 19:11:02 +0200
-Subject: [PATCH] netfilter: conntrack: use nf_ct_tmpl_free in CT/synproxy
- error paths
-
-Commit 0838aa7fcfcd ("netfilter: fix netns dependencies with conntrack
-templates") migrated templates to the new allocator api, but forgot to
-update error paths for them in CT and synproxy to use nf_ct_tmpl_free()
-instead of nf_conntrack_free().
-
-Due to that, memory is being freed into the wrong kmemcache, but also
-we drop the per net reference count of ct objects causing an imbalance.
-
-In Brad's case, this leads to a wrap-around of net->ct.count and thus
-lets __nf_conntrack_alloc() refuse to create a new ct object:
-
- [ 10.340913] xt_addrtype: ipv6 does not support BROADCAST matching
- [ 10.810168] nf_conntrack: table full, dropping packet
- [ 11.917416] r8169 0000:07:00.0 eth0: link up
- [ 11.917438] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
- [ 12.815902] nf_conntrack: table full, dropping packet
- [ 15.688561] nf_conntrack: table full, dropping packet
- [ 15.689365] nf_conntrack: table full, dropping packet
- [ 15.690169] nf_conntrack: table full, dropping packet
- [ 15.690967] nf_conntrack: table full, dropping packet
- [...]
-
-With slab debugging, it also reports the wrong kmemcache (kmalloc-512 vs.
-nf_conntrack_ffffffff81ce75c0) and reports poison overwrites, etc. Thus,
-to fix the problem, export and use nf_ct_tmpl_free() instead.
-
-Fixes: 0838aa7fcfcd ("netfilter: fix netns dependencies with conntrack templates")
-Reported-by: Brad Jackson <bjackson0971@gmail.com>
-Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
----
- include/net/netfilter/nf_conntrack.h | 1 +
- net/netfilter/nf_conntrack_core.c | 3 ++-
- net/netfilter/nf_synproxy_core.c | 2 +-
- net/netfilter/xt_CT.c | 2 +-
- 4 files changed, 5 insertions(+), 3 deletions(-)
-
-diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
-index 37cd391..4023c4c 100644
---- a/include/net/netfilter/nf_conntrack.h
-+++ b/include/net/netfilter/nf_conntrack.h
-@@ -292,6 +292,7 @@ extern unsigned int nf_conntrack_hash_rnd;
- void init_nf_conntrack_hash_rnd(void);
-
- struct nf_conn *nf_ct_tmpl_alloc(struct net *net, u16 zone, gfp_t flags);
-+void nf_ct_tmpl_free(struct nf_conn *tmpl);
-
- #define NF_CT_STAT_INC(net, count) __this_cpu_inc((net)->ct.stat->count)
- #define NF_CT_STAT_INC_ATOMIC(net, count) this_cpu_inc((net)->ct.stat->count)
-diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index 3c20d02..0625a42 100644
---- a/net/netfilter/nf_conntrack_core.c
-+++ b/net/netfilter/nf_conntrack_core.c
-@@ -320,12 +320,13 @@ out_free:
- }
- EXPORT_SYMBOL_GPL(nf_ct_tmpl_alloc);
-
--static void nf_ct_tmpl_free(struct nf_conn *tmpl)
-+void nf_ct_tmpl_free(struct nf_conn *tmpl)
- {
- nf_ct_ext_destroy(tmpl);
- nf_ct_ext_free(tmpl);
- kfree(tmpl);
- }
-+EXPORT_SYMBOL_GPL(nf_ct_tmpl_free);
-
- static void
- destroy_conntrack(struct nf_conntrack *nfct)
-diff --git a/net/netfilter/nf_synproxy_core.c b/net/netfilter/nf_synproxy_core.c
-index d7f1685..d6ee8f8 100644
---- a/net/netfilter/nf_synproxy_core.c
-+++ b/net/netfilter/nf_synproxy_core.c
-@@ -378,7 +378,7 @@ static int __net_init synproxy_net_init(struct net *net)
- err3:
- free_percpu(snet->stats);
- err2:
-- nf_conntrack_free(ct);
-+ nf_ct_tmpl_free(ct);
- err1:
- return err;
- }
-diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
-index 43ddeee..f3377ce 100644
---- a/net/netfilter/xt_CT.c
-+++ b/net/netfilter/xt_CT.c
-@@ -233,7 +233,7 @@ out:
- return 0;
-
- err3:
-- nf_conntrack_free(ct);
-+ nf_ct_tmpl_free(ct);
- err2:
- nf_ct_l3proto_module_put(par->family);
- err1:
---
-2.5.1
-
diff --git a/kernels/linux-libre-audit/PKGBUILD b/kernels/linux-libre-audit/PKGBUILD
index 0bd25d186..e09a01dd7 100644
--- a/kernels/linux-libre-audit/PKGBUILD
+++ b/kernels/linux-libre-audit/PKGBUILD
@@ -10,7 +10,7 @@
pkgbase=linux-libre-audit
_pkgbasever=4.2-gnu
-_pkgver=4.2.3-gnu
+_pkgver=4.2.4-gnu
_replacesarchkernel=('linux%') # '%' gets replaced with _kernelname
_replacesoldkernels=() # '%' gets replaced with _kernelname
@@ -19,7 +19,7 @@ _replacesoldmodules=() # '%' gets replaced with _kernelname
_srcname=linux-${_pkgbasever%-*}
_archpkgver=${_pkgver%-*}
pkgver=${_pkgver//-/_}
-pkgrel=1.1
+pkgrel=1
rcnrel=armv7-x2
arch=('i686' 'x86_64' 'armv7h')
url="http://linux-libre.fsfla.org/"
@@ -44,8 +44,6 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgbasever}/li
# standard config files for mkinitcpio ramdisk
'linux.preset'
'change-default-console-loglevel.patch'
- '0001-e1000e-Fix-tight-loop-implementation-of-systime-read.patch'
- '0001-netfilter-conntrack-use-nf_ct_tmpl_free-in-CT-synpro.patch'
'0001-drm-radeon-Make-the-driver-load-without-the-firmwares.patch'
# armv7h patches
"https://repo.parabola.nu/other/rcn-libre/patches/${_pkgver%-*}/rcn-libre-${_pkgver%-*}-${rcnrel}.patch"
@@ -60,7 +58,7 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgbasever}/li
'0008-USB-armory-support.patch')
sha256sums=('3a8fc9da5a38f15cc4ed0c5132d05b8245dfc1007c37e7e1994b2486535ecf49'
'SKIP'
- '9e452d470bd33ea9cdbab5a285bea8c5b4ac91087ffb154e65c32c360a9a53f1'
+ 'dc3df5f547a9ef51695dc6de7c40149e4d514777b4a3943557f01d8487bb2120'
'SKIP'
'bfd4a7f61febe63c880534dcb7c31c5b932dde6acf991810b41a939a93535494'
'SKIP'
@@ -68,15 +66,13 @@ sha256sums=('3a8fc9da5a38f15cc4ed0c5132d05b8245dfc1007c37e7e1994b2486535ecf49'
'SKIP'
'6de8a8319271809ffdb072b68d53d155eef12438e6d04ff06a5a4db82c34fa8a'
'SKIP'
- '86e9b3323fa37fb64322ec942fe6718ed872dda581a07b57857fb8ee30cf1ede'
- '4a76deff517b767ea30432454344fb6e506db57ff57b321db44872da158e3be3'
+ '0c93653e22b89ce77b581da985ea41cabcb16841852130fe823415c2d449d325'
+ '7bcbdc0600a123e0404044cb1422ad98e080801a9217ada34fbb6ad2901b054f'
'd70238b00be1a70204b5288c9c49898169eff1950c7017a4a7a108b942008342'
'f0d90e756f14533ee67afda280500511a62465b4f76adcc5effa95a40045179c'
'1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99'
- '0b1e41ba59ae45f5929963aa22fdc53bc8ffb4534e976cec046269d1a462197b'
- '6ed9e31ae5614c289c4884620e45698e764c03670ebc45bab9319d741238cbd3'
'38cf6bdf70dc070ff0b785937d99347bb91f8531ea2bcca50283c8923a184c6d'
- '4b9ad713f1520c1eedba88e1e504c9c9bf3b832b0a40fd6566d107895fbd6b67'
+ 'f5e547cb33a81a5ee711980a3378d14516e9159ec77d1101d53479cb291a2afd'
'SKIP'
'203b07cc241f2374d1e18583fc9940cc69da134f992bff65a8b376c717aa7ea7'
'28fb8c937c2a0dc824ea755efba26ac5a4555f9a97d79f4e31f24b23c5eae59c'
@@ -132,15 +128,6 @@ prepare() {
# add latest fixes from stable queue, if needed
# http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git
- # fix hard lockup in e1000e_cyclecounter_read() after 4 hours of uptime
- # https://lkml.org/lkml/2015/8/18/292
- patch -p1 -i "${srcdir}/0001-e1000e-Fix-tight-loop-implementation-of-systime-read.patch"
-
- # add not-yet-mainlined patch to fix network unavailability when iptables
- # rules are applied during startup - happened with Shorewall; journal had
- # many instances of this error: nf_conntrack: table full, dropping packet
- patch -p1 -i "${srcdir}/0001-netfilter-conntrack-use-nf_ct_tmpl_free-in-CT-synpro.patch"
-
# set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param)
# remove this when a Kconfig knob is made available by upstream
# (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227)
diff --git a/kernels/linux-libre-audit/config.i686 b/kernels/linux-libre-audit/config.i686
index 195264a0c..dfdaf8dab 100644
--- a/kernels/linux-libre-audit/config.i686
+++ b/kernels/linux-libre-audit/config.i686
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.2.0-gnu-2-audit Kernel Configuration
+# Linux/x86 4.2.3-gnu-1-audit Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -820,7 +820,7 @@ CONFIG_NET_IP_TUNNEL=m
CONFIG_NET_IPGRE=m
# CONFIG_NET_IPGRE_BROADCAST is not set
CONFIG_IP_MROUTE=y
-# CONFIG_IP_MROUTE_MULTIPLE_TABLES is not set
+CONFIG_IP_MROUTE_MULTIPLE_TABLES=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_SYN_COOKIES=y
@@ -882,7 +882,9 @@ CONFIG_IPV6_TUNNEL=m
CONFIG_IPV6_GRE=m
CONFIG_IPV6_MULTIPLE_TABLES=y
CONFIG_IPV6_SUBTREES=y
-# CONFIG_IPV6_MROUTE is not set
+CONFIG_IPV6_MROUTE=y
+CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y
+CONFIG_IPV6_PIMSM_V2=y
CONFIG_NETLABEL=y
CONFIG_NETWORK_SECMARK=y
CONFIG_NET_PTP_CLASSIFY=y
diff --git a/kernels/linux-libre-audit/config.x86_64 b/kernels/linux-libre-audit/config.x86_64
index 2b2862de5..4611bb4e4 100644
--- a/kernels/linux-libre-audit/config.x86_64
+++ b/kernels/linux-libre-audit/config.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.2.0-gnu-2-audit Kernel Configuration
+# Linux/x86 4.2.3-gnu-1-audit Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -815,7 +815,7 @@ CONFIG_NET_IP_TUNNEL=m
CONFIG_NET_IPGRE=m
# CONFIG_NET_IPGRE_BROADCAST is not set
CONFIG_IP_MROUTE=y
-# CONFIG_IP_MROUTE_MULTIPLE_TABLES is not set
+CONFIG_IP_MROUTE_MULTIPLE_TABLES=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_SYN_COOKIES=y
@@ -877,7 +877,9 @@ CONFIG_IPV6_TUNNEL=m
CONFIG_IPV6_GRE=m
CONFIG_IPV6_MULTIPLE_TABLES=y
CONFIG_IPV6_SUBTREES=y
-# CONFIG_IPV6_MROUTE is not set
+CONFIG_IPV6_MROUTE=y
+CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y
+CONFIG_IPV6_PIMSM_V2=y
CONFIG_NETLABEL=y
CONFIG_NETWORK_SECMARK=y
CONFIG_NET_PTP_CLASSIFY=y