diff options
| author | Petr Štetiar <ynezz@true.cz> | 2022-03-16 19:23:08 +0100 |
|---|---|---|
| committer | Petr Štetiar <ynezz@true.cz> | 2022-03-17 08:47:54 +0100 |
| commit | 565159db573a68d5dbc2a73231dd999b5d45781b (patch) | |
| tree | cdd97a176cefbf66e4f068d6e501161a8bbdf766 /target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch | |
| parent | c5c047f19bc5cd88c6fe1a0e271a8fe5df2d038a (diff) | |
| download | openwrt-565159db573a68d5dbc2a73231dd999b5d45781b.tar.gz openwrt-565159db573a68d5dbc2a73231dd999b5d45781b.tar.bz2 openwrt-565159db573a68d5dbc2a73231dd999b5d45781b.zip | |
kernel: bump 4.14 to 4.14.272
Added new config symbol `HARDEN_BRANCH_HISTORY` in order to harden
Spectre style attacks against branch history and fixed rejects in
following patches:
* generic/hack-4.14/220-gc_sections.patch
* generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch
Other patches refreshed automagically.
Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Diffstat (limited to 'target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch')
| -rw-r--r-- | target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch b/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch index 943b3eed30..c699c3aae3 100644 --- a/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch +++ b/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch @@ -176,7 +176,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> #include <linux/netfilter_bridge.h> #include <linux/seq_file.h> #include <linux/rcupdate.h> -@@ -108,6 +110,35 @@ void nf_queue_nf_hook_drop(struct net *n +@@ -121,6 +123,35 @@ void nf_queue_nf_hook_drop(struct net *n } EXPORT_SYMBOL_GPL(nf_queue_nf_hook_drop); @@ -212,12 +212,11 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, const struct nf_hook_entries *entries, unsigned int index, unsigned int queuenum) -@@ -148,7 +179,16 @@ static int __nf_queue(struct sk_buff *sk - }; +@@ -165,7 +196,15 @@ static int __nf_queue(struct sk_buff *sk + return -ENOTCONN; + } - nf_queue_entry_get_refs(entry); - afinfo->saveroute(skb, entry); -+ + switch (entry->state.pf) { + case AF_INET: + nf_ip_saveroute(skb, entry); |