From 69f3684cf5337d34963b1ee6a5c8ac2072c6eaf6 Mon Sep 17 00:00:00 2001 From: Arne Fitzenreiter Date: Sun, 21 Aug 2016 22:40:12 +0200 Subject: [PATCH] kernel: fix grsecurity patch. Signed-off-by: Arne Fitzenreiter --- lfs/linux | 1 + ....14.77-gsrec_tcp_input_access_once_rw.patch | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+) create mode 100644 src/patches/linux-3.14.77-gsrec_tcp_input_access_once_rw.patch diff --git a/lfs/linux b/lfs/linux index 5c37a4b59c..e365be6afd 100644 --- a/lfs/linux +++ b/lfs/linux @@ -132,6 +132,7 @@ ifneq "$(KCFG)" "-headers" cd $(DIR_APP) && xz -c -d $(DIR_DL)/$(GRS_PATCHES) | patch -Np1 cd $(DIR_APP) && rm localversion-grsec cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.7-disable-compat_vdso.patch + cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.77-gsrec_tcp_input_access_once_rw.patch endif # DVB Patches diff --git a/src/patches/linux-3.14.77-gsrec_tcp_input_access_once_rw.patch b/src/patches/linux-3.14.77-gsrec_tcp_input_access_once_rw.patch new file mode 100644 index 0000000000..19d0448925 --- /dev/null +++ b/src/patches/linux-3.14.77-gsrec_tcp_input_access_once_rw.patch @@ -0,0 +1,18 @@ +diff -Naur linux-3.14.77.org/net/ipv4/tcp_input.c linux-3.14.77/net/ipv4/tcp_input.c +--- linux-3.14.77.org/net/ipv4/tcp_input.c 2016-08-21 19:58:45.000000000 +0200 ++++ linux-3.14.77/net/ipv4/tcp_input.c 2016-08-21 21:11:24.336757369 +0200 +@@ -3299,12 +3299,12 @@ + u32 half = (sysctl_tcp_challenge_ack_limit + 1) >> 1; + + challenge_timestamp = now; +- ACCESS_ONCE(challenge_count) = half + ++ ACCESS_ONCE_RW(challenge_count) = half + + prandom_u32_max(sysctl_tcp_challenge_ack_limit); + } + count = ACCESS_ONCE(challenge_count); + if (count > 0) { +- ACCESS_ONCE(challenge_count) = count - 1; ++ ACCESS_ONCE_RW(challenge_count) = count - 1; + NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPCHALLENGEACK); + tcp_send_ack(sk); + } -- 2.39.5