diff options
| author | Petr Štetiar <ynezz@true.cz> | 2022-03-16 19:23:08 +0100 |
|---|---|---|
| committer | Petr Štetiar <ynezz@true.cz> | 2022-03-17 08:47:54 +0100 |
| commit | 565159db573a68d5dbc2a73231dd999b5d45781b (patch) | |
| tree | cdd97a176cefbf66e4f068d6e501161a8bbdf766 /target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch | |
| parent | c5c047f19bc5cd88c6fe1a0e271a8fe5df2d038a (diff) | |
| download | openwrt-565159db573a68d5dbc2a73231dd999b5d45781b.tar.gz openwrt-565159db573a68d5dbc2a73231dd999b5d45781b.tar.bz2 openwrt-565159db573a68d5dbc2a73231dd999b5d45781b.zip | |
kernel: bump 4.14 to 4.14.272
Added new config symbol `HARDEN_BRANCH_HISTORY` in order to harden
Spectre style attacks against branch history and fixed rejects in
following patches:
* generic/hack-4.14/220-gc_sections.patch
* generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch
Other patches refreshed automagically.
Run tested on ipq40xx/glinet-b1300 and mvebu/turris-omnia.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Diffstat (limited to 'target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch')
| -rw-r--r-- | target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch b/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch index 20820e40ca..9911416c39 100644 --- a/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch +++ b/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch @@ -48,7 +48,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> #include <net/protocol.h> #include <net/netfilter/nf_queue.h> #include <net/dst.h> -@@ -145,9 +147,9 @@ static int __nf_queue(struct sk_buff *sk +@@ -158,9 +160,9 @@ static int __nf_queue(struct sk_buff *sk { int status = -ENOENT; struct nf_queue_entry *entry = NULL; @@ -59,7 +59,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> /* QUEUE == DROP if no one is waiting, to be safe. */ qh = rcu_dereference(net->nf.queue_handler); -@@ -156,11 +158,19 @@ static int __nf_queue(struct sk_buff *sk +@@ -169,11 +171,19 @@ static int __nf_queue(struct sk_buff *sk goto err; } @@ -83,7 +83,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (!entry) { status = -ENOMEM; goto err; -@@ -175,7 +185,7 @@ static int __nf_queue(struct sk_buff *sk +@@ -188,7 +198,7 @@ static int __nf_queue(struct sk_buff *sk .skb = skb, .state = *state, .hook_index = index, @@ -91,4 +91,4 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> + .size = sizeof(*entry) + route_key_size, }; - nf_queue_entry_get_refs(entry); + if (!nf_queue_entry_get_refs(entry)) { |