diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2013-02-24 06:54:47 -0500 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2013-02-24 06:54:47 -0500 |
commit | 6760f54871a351ed33e572e01c123f1df45c3ff4 (patch) | |
tree | 744df5ddd533197798313618c0be300b42b2c2a4 /2.6.32 | |
parent | grsecurity-2.9.1-2.6.32.60-201302181144: fix check_heap_stack_gap (diff) | |
download | hardened-patchset-6760f54871a351ed33e572e01c123f1df45c3ff4.tar.gz hardened-patchset-6760f54871a351ed33e572e01c123f1df45c3ff4.tar.bz2 hardened-patchset-6760f54871a351ed33e572e01c123f1df45c3ff4.zip |
Grsec/PaX: 2.9.1-{2.6.32.60,3.2.39,3.8.0}-2013022220130222
Diffstat (limited to '2.6.32')
-rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302222044.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302181144.patch) | 235 |
1 files changed, 186 insertions, 49 deletions
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302181144.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302222044.patch index 88490c1..f5ba675 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302181144.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302222044.patch @@ -265,7 +265,7 @@ index 334258c..1e8f4ff 100644 M: Liam Girdwood <lrg@slimlogic.co.uk> M: Mark Brown <broonie@opensource.wolfsonmicro.com> diff --git a/Makefile b/Makefile -index b0e245e..e5894da 100644 +index b0e245e..1c8b6ed 100644 --- a/Makefile +++ b/Makefile @@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -300,12 +300,16 @@ index b0e245e..e5894da 100644 include/linux/version.h headers_% \ kernelrelease kernelversion -@@ -526,6 +527,60 @@ else +@@ -526,6 +527,64 @@ else KBUILD_CFLAGS += -O2 endif +ifndef DISABLE_PAX_PLUGINS ++ifeq ($(call cc-ifversion, -ge, 0408, y), y) ++PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)") ++else +PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(HOSTCXX)" "$(CC)") ++endif +ifneq ($(PLUGINCC),) +ifndef DISABLE_PAX_CONSTIFY_PLUGIN +ifndef CONFIG_UML @@ -361,7 +365,7 @@ index b0e245e..e5894da 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -647,7 +702,7 @@ export mod_strip_cmd +@@ -647,7 +706,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -370,7 +374,7 @@ index b0e245e..e5894da 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -868,6 +923,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -868,6 +927,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -379,7 +383,7 @@ index b0e245e..e5894da 100644 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -877,7 +934,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -877,7 +938,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -388,7 +392,7 @@ index b0e245e..e5894da 100644 $(Q)$(MAKE) $(build)=$@ # Build the kernel release string -@@ -986,6 +1043,7 @@ prepare0: archprepare FORCE +@@ -986,6 +1047,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. missing-syscalls # All the preparing.. @@ -396,7 +400,7 @@ index b0e245e..e5894da 100644 prepare: prepare0 # The asm symlink changes when $(ARCH) changes. -@@ -1127,6 +1185,8 @@ all: modules +@@ -1127,6 +1189,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -405,7 +409,7 @@ index b0e245e..e5894da 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1136,7 +1196,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) +@@ -1136,7 +1200,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) # Target to prepare building external modules PHONY += modules_prepare @@ -414,7 +418,7 @@ index b0e245e..e5894da 100644 # Target to install modules PHONY += modules_install -@@ -1199,9 +1259,9 @@ CLEAN_FILES += vmlinux System.map \ +@@ -1199,9 +1263,9 @@ CLEAN_FILES += vmlinux System.map \ MRPROPER_DIRS += include/config include2 usr/include include/generated MRPROPER_FILES += .config .config.old include/asm .version .old_version \ include/linux/autoconf.h include/linux/version.h \ @@ -426,7 +430,7 @@ index b0e245e..e5894da 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1245,7 +1305,7 @@ distclean: mrproper +@@ -1245,7 +1309,7 @@ distclean: mrproper @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ @@ -435,7 +439,7 @@ index b0e245e..e5894da 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1292,6 +1352,7 @@ help: +@@ -1292,6 +1356,7 @@ help: @echo ' modules_prepare - Set up for building external modules' @echo ' tags/TAGS - Generate tags file for editors' @echo ' cscope - Generate cscope index' @@ -443,7 +447,7 @@ index b0e245e..e5894da 100644 @echo ' kernelrelease - Output the release version string' @echo ' kernelversion - Output the version stored in Makefile' @echo ' headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH'; \ -@@ -1393,6 +1454,8 @@ PHONY += $(module-dirs) modules +@@ -1393,6 +1458,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -452,7 +456,7 @@ index b0e245e..e5894da 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1448,7 +1511,7 @@ endif # KBUILD_EXTMOD +@@ -1448,7 +1515,7 @@ endif # KBUILD_EXTMOD quiet_cmd_tags = GEN $@ cmd_tags = $(CONFIG_SHELL) $(srctree)/scripts/tags.sh $@ @@ -461,7 +465,7 @@ index b0e245e..e5894da 100644 $(call cmd,tags) # Scripts to check various things for consistency -@@ -1513,17 +1576,21 @@ else +@@ -1513,17 +1580,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -487,7 +491,7 @@ index b0e245e..e5894da 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1533,11 +1600,15 @@ endif +@@ -1533,11 +1604,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -13326,7 +13330,7 @@ index 33927d2..ccde329 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index af6fd36..60da657 100644 +index af6fd36..a7c3e4d 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -39,6 +39,7 @@ extern struct list_head pgd_list; @@ -13389,7 +13393,7 @@ index af6fd36..60da657 100644 static inline int pte_dirty(pte_t pte) { return pte_flags(pte) & _PAGE_DIRTY; -@@ -130,6 +170,11 @@ static inline unsigned long pmd_pfn(pmd_t pmd) +@@ -130,12 +170,16 @@ static inline unsigned long pmd_pfn(pmd_t pmd) return (pmd_val(pmd) & PTE_PFN_MASK) >> PAGE_SHIFT; } @@ -13401,7 +13405,14 @@ index af6fd36..60da657 100644 #define pte_page(pte) pfn_to_page(pte_pfn(pte)) static inline int pmd_large(pmd_t pte) -@@ -167,9 +212,29 @@ static inline pte_t pte_wrprotect(pte_t pte) + { +- return (pmd_flags(pte) & (_PAGE_PSE | _PAGE_PRESENT)) == +- (_PAGE_PSE | _PAGE_PRESENT); ++ return pmd_flags(pte) & _PAGE_PSE; + } + + static inline pte_t pte_set_flags(pte_t pte, pteval_t set) +@@ -167,9 +211,29 @@ static inline pte_t pte_wrprotect(pte_t pte) return pte_clear_flags(pte, _PAGE_RW); } @@ -13432,7 +13443,7 @@ index af6fd36..60da657 100644 } static inline pte_t pte_mkdirty(pte_t pte) -@@ -302,6 +367,15 @@ pte_t *populate_extra_pte(unsigned long vaddr); +@@ -302,6 +366,15 @@ pte_t *populate_extra_pte(unsigned long vaddr); #endif #ifndef __ASSEMBLY__ @@ -13448,7 +13459,22 @@ index af6fd36..60da657 100644 #include <linux/mm_types.h> static inline int pte_none(pte_t pte) -@@ -472,7 +546,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) +@@ -327,7 +400,13 @@ static inline int pte_hidden(pte_t pte) + + static inline int pmd_present(pmd_t pmd) + { +- return pmd_flags(pmd) & _PAGE_PRESENT; ++ /* ++ * Checking for _PAGE_PSE is needed too because ++ * split_huge_page will temporarily clear the present bit (but ++ * the _PAGE_PSE flag will remain set at all times while the ++ * _PAGE_PRESENT bit is clear). ++ */ ++ return pmd_flags(pmd) & (_PAGE_PRESENT | _PAGE_PROTNONE | _PAGE_PSE); + } + + static inline int pmd_none(pmd_t pmd) +@@ -472,7 +551,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) static inline int pgd_bad(pgd_t pgd) { @@ -13457,7 +13483,7 @@ index af6fd36..60da657 100644 } static inline int pgd_none(pgd_t pgd) -@@ -495,7 +569,12 @@ static inline int pgd_none(pgd_t pgd) +@@ -495,7 +574,12 @@ static inline int pgd_none(pgd_t pgd) * pgd_offset() returns a (pgd_t *) * pgd_index() is used get the offset into the pgd page's array of pgd_t's; */ @@ -13471,7 +13497,7 @@ index af6fd36..60da657 100644 /* * a shortcut which implies the use of the kernel's pgd, instead * of a process's -@@ -506,6 +585,20 @@ static inline int pgd_none(pgd_t pgd) +@@ -506,6 +590,20 @@ static inline int pgd_none(pgd_t pgd) #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) @@ -13492,7 +13518,7 @@ index af6fd36..60da657 100644 #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -611,11 +704,23 @@ static inline void ptep_set_wrprotect(struct mm_struct *mm, +@@ -611,11 +709,23 @@ static inline void ptep_set_wrprotect(struct mm_struct *mm, * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -13898,6 +13924,25 @@ index fa04dea..5f823fc 100644 #define KSTK_EIP(task) (task_pt_regs(task)->ip) /* Get/set a process' ability to use the timestamp counter instruction */ +diff --git a/arch/x86/include/asm/proto.h b/arch/x86/include/asm/proto.h +index 621f56d..f1094fd 100644 +--- a/arch/x86/include/asm/proto.h ++++ b/arch/x86/include/asm/proto.h +@@ -22,14 +22,4 @@ extern int reboot_force; + + long do_arch_prctl(struct task_struct *task, int code, unsigned long addr); + +-/* +- * This looks more complex than it should be. But we need to +- * get the type for the ~ right in round_down (it needs to be +- * as wide as the result!), and we want to evaluate the macro +- * arguments just once each. +- */ +-#define __round_mask(x,y) ((__typeof__(x))((y)-1)) +-#define round_up(x,y) ((((x)-1) | __round_mask(x,y))+1) +-#define round_down(x,y) ((x) & ~__round_mask(x,y)) +- + #endif /* _ASM_X86_PROTO_H */ diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h index 0f0d908..f2e3da2 100644 --- a/arch/x86/include/asm/ptrace.h @@ -98186,10 +98231,27 @@ index 7922742..27306a2 100644 /* This macro allows us to keep printk typechecking */ static void __check_printsym_format(const char *fmt, ...) diff --git a/include/linux/kernel.h b/include/linux/kernel.h -index 3526cd4..99206e2 100644 +index 3526cd4..6835d45 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h -@@ -163,6 +163,11 @@ extern int _cond_resched(void); +@@ -45,6 +45,16 @@ extern const char linux_proc_banner[]; + + #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr)) + ++/* ++ * This looks more complex than it should be. But we need to ++ * get the type for the ~ right in round_down (it needs to be ++ * as wide as the result!), and we want to evaluate the macro ++ * arguments just once each. ++ */ ++#define __round_mask(x, y) ((__typeof__(x))((y)-1)) ++#define round_up(x, y) ((((x)-1) | __round_mask(x, y))+1) ++#define round_down(x, y) ((x) & ~__round_mask(x, y)) ++ + #define FIELD_SIZEOF(t, f) (sizeof(((t*)0)->f)) + #define DIV_ROUND_UP(n,d) (((n) + (d) - 1) / (d)) + #define roundup(x, y) ((((x) + ((y) - 1)) / (y)) * (y)) +@@ -163,6 +173,11 @@ extern int _cond_resched(void); (__x < 0) ? -__x : __x; \ }) @@ -99897,7 +99959,7 @@ index 4e647bb..23b3911 100644 int size); extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, diff --git a/include/linux/slab.h b/include/linux/slab.h -index 2da8372..740c52f 100644 +index 2da8372..aa58826 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -11,12 +11,20 @@ @@ -99947,26 +100009,15 @@ index 2da8372..740c52f 100644 /* * Allocator specific definitions. These are mainly used to establish optimized -@@ -217,8 +230,18 @@ size_t ksize(const void *); +@@ -217,6 +230,7 @@ size_t ksize(const void *); * for general use, and so are not documented here. For a full list of * potential flags, always refer to linux/gfp.h. */ + -+extern void kcalloc_error(void) -+#if defined(CONFIG_GCOV_KERNEL) && defined(CONFIG_PAX_SIZE_OVERFLOW) -+__compiletime_warning("kcalloc called with swapped arguments?"); -+#else -+__compiletime_error("kcalloc called with swapped arguments?"); -+#endif -+ static inline void *kcalloc(size_t n, size_t size, gfp_t flags) { -+ if (__builtin_constant_p(n) && !__builtin_constant_p(size)) -+ kcalloc_error(); if (size != 0 && n > ULONG_MAX / size) - return NULL; - return __kmalloc(n * size, flags | __GFP_ZERO); -@@ -263,7 +286,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, +@@ -263,7 +277,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, * request comes from. */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) @@ -99975,7 +100026,7 @@ index 2da8372..740c52f 100644 #define kmalloc_track_caller(size, flags) \ __kmalloc_track_caller(size, flags, _RET_IP_) #else -@@ -281,7 +304,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); +@@ -281,7 +295,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); * allocation request comes from. */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) @@ -111700,7 +111751,7 @@ index 406e8d4..53970d3 100644 * - not supported under NOMMU conditions */ diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 3ecab7e..594a471 100644 +index 3ecab7e..be580fc 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -289,7 +289,7 @@ out: @@ -111768,15 +111819,60 @@ index 3ecab7e..594a471 100644 for_each_populated_zone(zone) { show_node(zone); printk("%s per-cpu:\n", zone->name); -@@ -3736,7 +3755,7 @@ static void __init setup_usemap(struct pglist_data *pgdat, +@@ -3715,10 +3734,11 @@ static void __meminit calculate_node_totalpages(struct pglist_data *pgdat, + * round what is now in bits to nearest long in bits, then return it in + * bytes. + */ +-static unsigned long __init usemap_size(unsigned long zonesize) ++static unsigned long __init usemap_size(unsigned long zone_start_pfn, unsigned long zonesize) + { + unsigned long usemapsize; + ++ zonesize += zone_start_pfn & (pageblock_nr_pages-1); + usemapsize = roundup(zonesize, pageblock_nr_pages); + usemapsize = usemapsize >> pageblock_order; + usemapsize *= NR_PAGEBLOCK_BITS; +@@ -3728,16 +3748,18 @@ static unsigned long __init usemap_size(unsigned long zonesize) + } + + static void __init setup_usemap(struct pglist_data *pgdat, +- struct zone *zone, unsigned long zonesize) ++ struct zone *zone, ++ unsigned long zone_start_pfn, ++ unsigned long zonesize) + { +- unsigned long usemapsize = usemap_size(zonesize); ++ unsigned long usemapsize = usemap_size(zone_start_pfn, zonesize); + zone->pageblock_flags = NULL; + if (usemapsize) zone->pageblock_flags = alloc_bootmem_node(pgdat, usemapsize); } #else -static void inline setup_usemap(struct pglist_data *pgdat, -+static inline void setup_usemap(struct pglist_data *pgdat, - struct zone *zone, unsigned long zonesize) {} +- struct zone *zone, unsigned long zonesize) {} ++static inline void setup_usemap(struct pglist_data *pgdat, struct zone *zone, ++ unsigned long zone_start_pfn, unsigned long zonesize) {} #endif /* CONFIG_SPARSEMEM */ + #ifdef CONFIG_HUGETLB_PAGE_SIZE_VARIABLE +@@ -3869,7 +3891,7 @@ static void __paginginit free_area_init_core(struct pglist_data *pgdat, + continue; + + set_pageblock_order(pageblock_default_order()); +- setup_usemap(pgdat, zone, size); ++ setup_usemap(pgdat, zone, zone_start_pfn, size); + ret = init_currently_empty_zone(zone, zone_start_pfn, + size, MEMMAP_EARLY); + BUG_ON(ret); +@@ -4945,7 +4967,7 @@ static inline int pfn_to_bitidx(struct zone *zone, unsigned long pfn) + pfn &= (PAGES_PER_SECTION-1); + return (pfn >> pageblock_order) * NR_PAGEBLOCK_BITS; + #else +- pfn = pfn - zone->zone_start_pfn; ++ pfn = pfn - round_down(zone->zone_start_pfn, pageblock_nr_pages); + return (pfn >> pageblock_order) * NR_PAGEBLOCK_BITS; + #endif /* CONFIG_SPARSEMEM */ + } diff --git a/mm/percpu.c b/mm/percpu.c index c90614a..5f7b7b8 100644 --- a/mm/percpu.c @@ -113913,6 +114009,47 @@ index 30e74ee..bfc6ee0 100644 kfree_skb(skb); return NET_RX_DROP; } +diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c +index 4e80f33..a815e4e 100644 +--- a/net/ipv4/arp.c ++++ b/net/ipv4/arp.c +@@ -909,23 +909,25 @@ static void parp_redo(struct sk_buff *skb) + static int arp_rcv(struct sk_buff *skb, struct net_device *dev, + struct packet_type *pt, struct net_device *orig_dev) + { +- struct arphdr *arp; ++ const struct arphdr *arp; + +- /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ +- if (!pskb_may_pull(skb, arp_hdr_len(dev))) +- goto freeskb; +- +- arp = arp_hdr(skb); +- if (arp->ar_hln != dev->addr_len || +- dev->flags & IFF_NOARP || ++ if (dev->flags & IFF_NOARP || + skb->pkt_type == PACKET_OTHERHOST || +- skb->pkt_type == PACKET_LOOPBACK || +- arp->ar_pln != 4) ++ skb->pkt_type == PACKET_LOOPBACK) + goto freeskb; + +- if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) ++ skb = skb_share_check(skb, GFP_ATOMIC); ++ if (!skb) + goto out_of_mem; + ++ /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ ++ if (!pskb_may_pull(skb, arp_hdr_len(dev))) ++ goto freeskb; ++ ++ arp = arp_hdr(skb); ++ if (arp->ar_hln != dev->addr_len || arp->ar_pln != 4) ++ goto freeskb; ++ + memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); + + return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, skb, dev, NULL, arp_process); diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c index dba56d2..acee5d6 100644 --- a/net/ipv4/inet_diag.c @@ -114420,7 +114557,7 @@ index 1eba160b..c35d91f 100644 } } diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index db755c4..07d671b 100644 +index db755c4..4cf3b9d 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -82,6 +82,9 @@ int sysctl_tcp_dsack __read_mostly = 1; @@ -114569,7 +114706,7 @@ index db755c4..07d671b 100644 if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb)) goto csum_error; -+ if (!th->ack) ++ if (!th->ack && !th->rst) + goto discard; + /* @@ -114635,7 +114772,7 @@ index db755c4..07d671b 100644 - res = tcp_validate_incoming(sk, skb, th, 0); - if (res <= 0) - return -res; -+ if (!th->ack) ++ if (!th->ack && !th->rst) + goto discard; + + if (!tcp_validate_incoming(sk, skb, th, 0)) @@ -118026,12 +118163,12 @@ index 6bf21f8..c0546b3 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..008ac1a +index 0000000..5e0222d --- /dev/null +++ b/scripts/gcc-plugin.sh @@ -0,0 +1,17 @@ +#!/bin/bash -+plugincc=`$1 -x c -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF ++plugincc=`$1 -E -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF +#include "gcc-plugin.h" +#include "tree.h" +#include "tm.h" |