cd $(DIR_APP) && xz -c -d $(DIR_DL)/$(GRS_PATCHES) | patch -Np1
cd $(DIR_APP) && rm localversion-grsec
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.7-disable-compat_vdso.patch
+ cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux-3.14.77-gsrec_tcp_input_access_once_rw.patch
endif
# DVB Patches
--- /dev/null
+diff -Naur linux-3.14.77.org/net/ipv4/tcp_input.c linux-3.14.77/net/ipv4/tcp_input.c
+--- linux-3.14.77.org/net/ipv4/tcp_input.c 2016-08-21 19:58:45.000000000 +0200
++++ linux-3.14.77/net/ipv4/tcp_input.c 2016-08-21 21:11:24.336757369 +0200
+@@ -3299,12 +3299,12 @@
+ u32 half = (sysctl_tcp_challenge_ack_limit + 1) >> 1;
+
+ challenge_timestamp = now;
+- ACCESS_ONCE(challenge_count) = half +
++ ACCESS_ONCE_RW(challenge_count) = half +
+ prandom_u32_max(sysctl_tcp_challenge_ack_limit);
+ }
+ count = ACCESS_ONCE(challenge_count);
+ if (count > 0) {
+- ACCESS_ONCE(challenge_count) = count - 1;
++ ACCESS_ONCE_RW(challenge_count) = count - 1;
+ NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPCHALLENGEACK);
+ tcp_send_ack(sk);
+ }