diff options
Diffstat (limited to 'kernels/linux-libre-audit')
5 files changed, 16 insertions, 193 deletions
diff --git a/kernels/linux-libre-audit/0001-e1000e-Fix-tight-loop-implementation-of-systime-read.patch b/kernels/linux-libre-audit/0001-e1000e-Fix-tight-loop-implementation-of-systime-read.patch deleted file mode 100644 index 0bea7fe08..000000000 --- a/kernels/linux-libre-audit/0001-e1000e-Fix-tight-loop-implementation-of-systime-read.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 37b12910dd11d9ab969f2c310dc9160b7f3e3405 Mon Sep 17 00:00:00 2001 -From: Raanan Avargil <raanan.avargil@intel.com> -Date: Sun, 19 Jul 2015 16:33:20 +0300 -Subject: [PATCH] e1000e: Fix tight loop implementation of systime read - algorithm - -Change the algorithm. Read systimel twice and check for overflow. -If there was no overflow, use the first value. -If there was an overflow, read systimeh again and use the second -systimel value. - -Signed-off-by: Raanan Avargil <raanan.avargil@intel.com> -Tested-by: Aaron Brown <aaron.f.brown@intel.com> -Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com> ---- - drivers/net/ethernet/intel/e1000e/netdev.c | 31 ++++++++++++++++++++---------- - 1 file changed, 21 insertions(+), 10 deletions(-) - -diff --git a/drivers/net/ethernet/intel/e1000e/netdev.c b/drivers/net/ethernet/intel/e1000e/netdev.c -index 24b7269..96a8166 100644 ---- a/drivers/net/ethernet/intel/e1000e/netdev.c -+++ b/drivers/net/ethernet/intel/e1000e/netdev.c -@@ -4280,18 +4280,29 @@ static cycle_t e1000e_cyclecounter_read(const struct cyclecounter *cc) - struct e1000_adapter *adapter = container_of(cc, struct e1000_adapter, - cc); - struct e1000_hw *hw = &adapter->hw; -+ u32 systimel_1, systimel_2, systimeh; - cycle_t systim, systim_next; -- /* SYSTIMH latching upon SYSTIML read does not work well. To fix that -- * we don't want to allow overflow of SYSTIML and a change to SYSTIMH -- * to occur between reads, so if we read a vale close to overflow, we -- * wait for overflow to occur and read both registers when its safe. -+ /* SYSTIMH latching upon SYSTIML read does not work well. -+ * This means that if SYSTIML overflows after we read it but before -+ * we read SYSTIMH, the value of SYSTIMH has been incremented and we -+ * will experience a huge non linear increment in the systime value -+ * to fix that we test for overflow and if true, we re-read systime. - */ -- u32 systim_overflow_latch_fix = 0x3FFFFFFF; -- -- do { -- systim = (cycle_t)er32(SYSTIML); -- } while (systim > systim_overflow_latch_fix); -- systim |= (cycle_t)er32(SYSTIMH) << 32; -+ systimel_1 = er32(SYSTIML); -+ systimeh = er32(SYSTIMH); -+ systimel_2 = er32(SYSTIML); -+ /* Check for overflow. If there was no overflow, use the values */ -+ if (systimel_1 < systimel_2) { -+ systim = (cycle_t)systimel_1; -+ systim |= (cycle_t)systimeh << 32; -+ } else { -+ /* There was an overflow, read again SYSTIMH, and use -+ * systimel_2 -+ */ -+ systimeh = er32(SYSTIMH); -+ systim = (cycle_t)systimel_2; -+ systim |= (cycle_t)systimeh << 32; -+ } - - if ((hw->mac.type == e1000_82574) || (hw->mac.type == e1000_82583)) { - u64 incvalue, time_delta, rem, temp; --- -2.5.1 - diff --git a/kernels/linux-libre-audit/0001-netfilter-conntrack-use-nf_ct_tmpl_free-in-CT-synpro.patch b/kernels/linux-libre-audit/0001-netfilter-conntrack-use-nf_ct_tmpl_free-in-CT-synpro.patch deleted file mode 100644 index 0918357e1..000000000 --- a/kernels/linux-libre-audit/0001-netfilter-conntrack-use-nf_ct_tmpl_free-in-CT-synpro.patch +++ /dev/null @@ -1,103 +0,0 @@ -From 9cf94eab8b309e8bcc78b41dd1561c75b537dd0b Mon Sep 17 00:00:00 2001 -From: Daniel Borkmann <daniel@iogearbox.net> -Date: Mon, 31 Aug 2015 19:11:02 +0200 -Subject: [PATCH] netfilter: conntrack: use nf_ct_tmpl_free in CT/synproxy - error paths - -Commit 0838aa7fcfcd ("netfilter: fix netns dependencies with conntrack -templates") migrated templates to the new allocator api, but forgot to -update error paths for them in CT and synproxy to use nf_ct_tmpl_free() -instead of nf_conntrack_free(). - -Due to that, memory is being freed into the wrong kmemcache, but also -we drop the per net reference count of ct objects causing an imbalance. - -In Brad's case, this leads to a wrap-around of net->ct.count and thus -lets __nf_conntrack_alloc() refuse to create a new ct object: - - [ 10.340913] xt_addrtype: ipv6 does not support BROADCAST matching - [ 10.810168] nf_conntrack: table full, dropping packet - [ 11.917416] r8169 0000:07:00.0 eth0: link up - [ 11.917438] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready - [ 12.815902] nf_conntrack: table full, dropping packet - [ 15.688561] nf_conntrack: table full, dropping packet - [ 15.689365] nf_conntrack: table full, dropping packet - [ 15.690169] nf_conntrack: table full, dropping packet - [ 15.690967] nf_conntrack: table full, dropping packet - [...] - -With slab debugging, it also reports the wrong kmemcache (kmalloc-512 vs. -nf_conntrack_ffffffff81ce75c0) and reports poison overwrites, etc. Thus, -to fix the problem, export and use nf_ct_tmpl_free() instead. - -Fixes: 0838aa7fcfcd ("netfilter: fix netns dependencies with conntrack templates") -Reported-by: Brad Jackson <bjackson0971@gmail.com> -Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> -Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> ---- - include/net/netfilter/nf_conntrack.h | 1 + - net/netfilter/nf_conntrack_core.c | 3 ++- - net/netfilter/nf_synproxy_core.c | 2 +- - net/netfilter/xt_CT.c | 2 +- - 4 files changed, 5 insertions(+), 3 deletions(-) - -diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h -index 37cd391..4023c4c 100644 ---- a/include/net/netfilter/nf_conntrack.h -+++ b/include/net/netfilter/nf_conntrack.h -@@ -292,6 +292,7 @@ extern unsigned int nf_conntrack_hash_rnd; - void init_nf_conntrack_hash_rnd(void); - - struct nf_conn *nf_ct_tmpl_alloc(struct net *net, u16 zone, gfp_t flags); -+void nf_ct_tmpl_free(struct nf_conn *tmpl); - - #define NF_CT_STAT_INC(net, count) __this_cpu_inc((net)->ct.stat->count) - #define NF_CT_STAT_INC_ATOMIC(net, count) this_cpu_inc((net)->ct.stat->count) -diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c -index 3c20d02..0625a42 100644 ---- a/net/netfilter/nf_conntrack_core.c -+++ b/net/netfilter/nf_conntrack_core.c -@@ -320,12 +320,13 @@ out_free: - } - EXPORT_SYMBOL_GPL(nf_ct_tmpl_alloc); - --static void nf_ct_tmpl_free(struct nf_conn *tmpl) -+void nf_ct_tmpl_free(struct nf_conn *tmpl) - { - nf_ct_ext_destroy(tmpl); - nf_ct_ext_free(tmpl); - kfree(tmpl); - } -+EXPORT_SYMBOL_GPL(nf_ct_tmpl_free); - - static void - destroy_conntrack(struct nf_conntrack *nfct) -diff --git a/net/netfilter/nf_synproxy_core.c b/net/netfilter/nf_synproxy_core.c -index d7f1685..d6ee8f8 100644 ---- a/net/netfilter/nf_synproxy_core.c -+++ b/net/netfilter/nf_synproxy_core.c -@@ -378,7 +378,7 @@ static int __net_init synproxy_net_init(struct net *net) - err3: - free_percpu(snet->stats); - err2: -- nf_conntrack_free(ct); -+ nf_ct_tmpl_free(ct); - err1: - return err; - } -diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c -index 43ddeee..f3377ce 100644 ---- a/net/netfilter/xt_CT.c -+++ b/net/netfilter/xt_CT.c -@@ -233,7 +233,7 @@ out: - return 0; - - err3: -- nf_conntrack_free(ct); -+ nf_ct_tmpl_free(ct); - err2: - nf_ct_l3proto_module_put(par->family); - err1: --- -2.5.1 - diff --git a/kernels/linux-libre-audit/PKGBUILD b/kernels/linux-libre-audit/PKGBUILD index 0bd25d186..e09a01dd7 100644 --- a/kernels/linux-libre-audit/PKGBUILD +++ b/kernels/linux-libre-audit/PKGBUILD @@ -10,7 +10,7 @@ pkgbase=linux-libre-audit _pkgbasever=4.2-gnu -_pkgver=4.2.3-gnu +_pkgver=4.2.4-gnu _replacesarchkernel=('linux%') # '%' gets replaced with _kernelname _replacesoldkernels=() # '%' gets replaced with _kernelname @@ -19,7 +19,7 @@ _replacesoldmodules=() # '%' gets replaced with _kernelname _srcname=linux-${_pkgbasever%-*} _archpkgver=${_pkgver%-*} pkgver=${_pkgver//-/_} -pkgrel=1.1 +pkgrel=1 rcnrel=armv7-x2 arch=('i686' 'x86_64' 'armv7h') url="http://linux-libre.fsfla.org/" @@ -44,8 +44,6 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgbasever}/li # standard config files for mkinitcpio ramdisk 'linux.preset' 'change-default-console-loglevel.patch' - '0001-e1000e-Fix-tight-loop-implementation-of-systime-read.patch' - '0001-netfilter-conntrack-use-nf_ct_tmpl_free-in-CT-synpro.patch' '0001-drm-radeon-Make-the-driver-load-without-the-firmwares.patch' # armv7h patches "https://repo.parabola.nu/other/rcn-libre/patches/${_pkgver%-*}/rcn-libre-${_pkgver%-*}-${rcnrel}.patch" @@ -60,7 +58,7 @@ source=("http://linux-libre.fsfla.org/pub/linux-libre/releases/${_pkgbasever}/li '0008-USB-armory-support.patch') sha256sums=('3a8fc9da5a38f15cc4ed0c5132d05b8245dfc1007c37e7e1994b2486535ecf49' 'SKIP' - '9e452d470bd33ea9cdbab5a285bea8c5b4ac91087ffb154e65c32c360a9a53f1' + 'dc3df5f547a9ef51695dc6de7c40149e4d514777b4a3943557f01d8487bb2120' 'SKIP' 'bfd4a7f61febe63c880534dcb7c31c5b932dde6acf991810b41a939a93535494' 'SKIP' @@ -68,15 +66,13 @@ sha256sums=('3a8fc9da5a38f15cc4ed0c5132d05b8245dfc1007c37e7e1994b2486535ecf49' 'SKIP' '6de8a8319271809ffdb072b68d53d155eef12438e6d04ff06a5a4db82c34fa8a' 'SKIP' - '86e9b3323fa37fb64322ec942fe6718ed872dda581a07b57857fb8ee30cf1ede' - '4a76deff517b767ea30432454344fb6e506db57ff57b321db44872da158e3be3' + '0c93653e22b89ce77b581da985ea41cabcb16841852130fe823415c2d449d325' + '7bcbdc0600a123e0404044cb1422ad98e080801a9217ada34fbb6ad2901b054f' 'd70238b00be1a70204b5288c9c49898169eff1950c7017a4a7a108b942008342' 'f0d90e756f14533ee67afda280500511a62465b4f76adcc5effa95a40045179c' '1256b241cd477b265a3c2d64bdc19ffe3c9bbcee82ea3994c590c2c76e767d99' - '0b1e41ba59ae45f5929963aa22fdc53bc8ffb4534e976cec046269d1a462197b' - '6ed9e31ae5614c289c4884620e45698e764c03670ebc45bab9319d741238cbd3' '38cf6bdf70dc070ff0b785937d99347bb91f8531ea2bcca50283c8923a184c6d' - '4b9ad713f1520c1eedba88e1e504c9c9bf3b832b0a40fd6566d107895fbd6b67' + 'f5e547cb33a81a5ee711980a3378d14516e9159ec77d1101d53479cb291a2afd' 'SKIP' '203b07cc241f2374d1e18583fc9940cc69da134f992bff65a8b376c717aa7ea7' '28fb8c937c2a0dc824ea755efba26ac5a4555f9a97d79f4e31f24b23c5eae59c' @@ -132,15 +128,6 @@ prepare() { # add latest fixes from stable queue, if needed # http://git.kernel.org/?p=linux/kernel/git/stable/stable-queue.git - # fix hard lockup in e1000e_cyclecounter_read() after 4 hours of uptime - # https://lkml.org/lkml/2015/8/18/292 - patch -p1 -i "${srcdir}/0001-e1000e-Fix-tight-loop-implementation-of-systime-read.patch" - - # add not-yet-mainlined patch to fix network unavailability when iptables - # rules are applied during startup - happened with Shorewall; journal had - # many instances of this error: nf_conntrack: table full, dropping packet - patch -p1 -i "${srcdir}/0001-netfilter-conntrack-use-nf_ct_tmpl_free-in-CT-synpro.patch" - # set DEFAULT_CONSOLE_LOGLEVEL to 4 (same value as the 'quiet' kernel param) # remove this when a Kconfig knob is made available by upstream # (relevant patch sent upstream: https://lkml.org/lkml/2011/7/26/227) diff --git a/kernels/linux-libre-audit/config.i686 b/kernels/linux-libre-audit/config.i686 index 195264a0c..dfdaf8dab 100644 --- a/kernels/linux-libre-audit/config.i686 +++ b/kernels/linux-libre-audit/config.i686 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.2.0-gnu-2-audit Kernel Configuration +# Linux/x86 4.2.3-gnu-1-audit Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -820,7 +820,7 @@ CONFIG_NET_IP_TUNNEL=m CONFIG_NET_IPGRE=m # CONFIG_NET_IPGRE_BROADCAST is not set CONFIG_IP_MROUTE=y -# CONFIG_IP_MROUTE_MULTIPLE_TABLES is not set +CONFIG_IP_MROUTE_MULTIPLE_TABLES=y CONFIG_IP_PIMSM_V1=y CONFIG_IP_PIMSM_V2=y CONFIG_SYN_COOKIES=y @@ -882,7 +882,9 @@ CONFIG_IPV6_TUNNEL=m CONFIG_IPV6_GRE=m CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_IPV6_SUBTREES=y -# CONFIG_IPV6_MROUTE is not set +CONFIG_IPV6_MROUTE=y +CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y +CONFIG_IPV6_PIMSM_V2=y CONFIG_NETLABEL=y CONFIG_NETWORK_SECMARK=y CONFIG_NET_PTP_CLASSIFY=y diff --git a/kernels/linux-libre-audit/config.x86_64 b/kernels/linux-libre-audit/config.x86_64 index 2b2862de5..4611bb4e4 100644 --- a/kernels/linux-libre-audit/config.x86_64 +++ b/kernels/linux-libre-audit/config.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 4.2.0-gnu-2-audit Kernel Configuration +# Linux/x86 4.2.3-gnu-1-audit Kernel Configuration # CONFIG_64BIT=y CONFIG_X86_64=y @@ -815,7 +815,7 @@ CONFIG_NET_IP_TUNNEL=m CONFIG_NET_IPGRE=m # CONFIG_NET_IPGRE_BROADCAST is not set CONFIG_IP_MROUTE=y -# CONFIG_IP_MROUTE_MULTIPLE_TABLES is not set +CONFIG_IP_MROUTE_MULTIPLE_TABLES=y CONFIG_IP_PIMSM_V1=y CONFIG_IP_PIMSM_V2=y CONFIG_SYN_COOKIES=y @@ -877,7 +877,9 @@ CONFIG_IPV6_TUNNEL=m CONFIG_IPV6_GRE=m CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_IPV6_SUBTREES=y -# CONFIG_IPV6_MROUTE is not set +CONFIG_IPV6_MROUTE=y +CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y +CONFIG_IPV6_PIMSM_V2=y CONFIG_NETLABEL=y CONFIG_NETWORK_SECMARK=y CONFIG_NET_PTP_CLASSIFY=y |