[linux] 04/04: Revert unimportant networking changes which cause ABI changes
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Sun May 1 23:14:24 UTC 2016
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch wheezy-security
in repository linux.
commit 05187b002d1be7741de963f9a8c1a434fe11d49c
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Sun May 1 18:03:44 2016 +0200
Revert unimportant networking changes which cause ABI changes
---
debian/changelog | 6 +-
...-add-link-layer-header-validation-functio.patch | 40 +++++++
...t-net-validate-variable-length-ll-headers.patch | 55 ++++++++++
...add-sysctl-option-accept_ra_min_hop_limit.patch | 117 +++++++++++++++++++++
debian/patches/series | 3 +
5 files changed, 218 insertions(+), 3 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 87d7404..0e7e118 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -135,14 +135,11 @@ linux (3.2.80-1) UNRELEASED; urgency=medium
- phonet: properly unshare skbs in phonet_rcv()
- net: dp83640: Fix tx timestamp overflow handling.
- ipv6/udp: use sticky pktinfo egress ifindex on connect()
- - net/ipv6: add sysctl option accept_ra_min_hop_limit
- ipv4: fix memory leaks in ip_cmsg_send() callers
- pppoe: fix reference counting in PPPoE proxy
- sctp: Fix port hash table size computation
- bio: return EINTR if copying to user space got interrupted
- sctp: lack the check for ports in sctp_v6_cmp_addr
- - net: validate variable length ll headers
- - ax25: add link layer header validation function
- macvtap: always pass ethernet header in linear
- farsync: fix off-by-one bug in fst_add_one
- xfrm: Fix crash observed during device unregistration and decryption
@@ -165,6 +162,9 @@ linux (3.2.80-1) UNRELEASED; urgency=medium
- kernel: softirq: unlock with irqs on
- rcu/torture: Comment out rcu_bh ops on PREEMPT_RT_FULL
- kernel: sched: Fix preempt_disable_ip recodring for preempt_disable()
+ * Revert "net: validate variable length ll headers", "ax25: add link layer
+ header validation function" and "net/ipv6: add sysctl option
+ accept_ra_min_hop_limit" to avoid ABI changes
-- Ben Hutchings <ben at decadent.org.uk> Fri, 01 Apr 2016 02:11:16 +0100
diff --git a/debian/patches/bugfix/all/revert-ax25-add-link-layer-header-validation-functio.patch b/debian/patches/bugfix/all/revert-ax25-add-link-layer-header-validation-functio.patch
new file mode 100644
index 0000000..672d497
--- /dev/null
+++ b/debian/patches/bugfix/all/revert-ax25-add-link-layer-header-validation-functio.patch
@@ -0,0 +1,40 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sun, 1 May 2016 17:59:44 +0200
+Subject: Revert "ax25: add link layer header validation function"
+
+This reverts commit 0954b59d9f4b2dcc59f28d1f64c3a21062a64372, which was
+commit ea47781c26510e5d97f80f9aceafe9065bd5e3aa upstream. It is
+pointless unless af_packet calls the new function.
+---
+ net/ax25/ax25_ip.c | 15 ---------------
+ 1 file changed, 15 deletions(-)
+
+diff --git a/net/ax25/ax25_ip.c b/net/ax25/ax25_ip.c
+index a0c9956b5b23..cf0c47a26530 100644
+--- a/net/ax25/ax25_ip.c
++++ b/net/ax25/ax25_ip.c
+@@ -232,24 +232,9 @@ int ax25_rebuild_header(struct sk_buff *skb)
+
+ #endif
+
+-static bool ax25_validate_header(const char *header, unsigned int len)
+-{
+- ax25_digi digi;
+-
+- if (!len)
+- return false;
+-
+- if (header[0])
+- return true;
+-
+- return ax25_addr_parse(header + 1, len - 1, NULL, NULL, &digi, NULL,
+- NULL);
+-}
+-
+ const struct header_ops ax25_header_ops = {
+ .create = ax25_hard_header,
+ .rebuild = ax25_rebuild_header,
+- .validate = ax25_validate_header,
+ };
+
+ EXPORT_SYMBOL(ax25_hard_header);
diff --git a/debian/patches/bugfix/all/revert-net-validate-variable-length-ll-headers.patch b/debian/patches/bugfix/all/revert-net-validate-variable-length-ll-headers.patch
new file mode 100644
index 0000000..728a2b9
--- /dev/null
+++ b/debian/patches/bugfix/all/revert-net-validate-variable-length-ll-headers.patch
@@ -0,0 +1,55 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sun, 1 May 2016 18:00:43 +0200
+Subject: Revert "net: validate variable length ll headers"
+
+This reverts commit b5518429e70cd783b8ca52335456172c1a0589f6, which was
+commit 2793a23aacbd754dbbb5cb75093deb7e4103bace upstream. It is
+pointless unless af_packet calls the new function.
+---
+ include/linux/netdevice.h | 21 +--------------------
+ 1 file changed, 1 insertion(+), 20 deletions(-)
+
+--- a/include/linux/netdevice.h
++++ b/include/linux/netdevice.h
+@@ -296,7 +296,6 @@ struct header_ops {
+ void (*cache_update)(struct hh_cache *hh,
+ const struct net_device *dev,
+ const unsigned char *haddr);
+- bool (*validate)(const char *ll_header, unsigned int len);
+ };
+
+ /* These flag bits are private to the generic network queueing
+@@ -1146,7 +1145,7 @@ struct net_device {
+
+ unsigned int mtu; /* interface MTU value */
+ unsigned short type; /* interface hardware type */
+- unsigned short hard_header_len; /* maximum hardware hdr length */
++ unsigned short hard_header_len; /* hardware hdr length */
+
+ /* extra head- and tailroom the hardware may need, but not in all cases
+ * can this be guaranteed, especially tailroom. Some cases also use
+@@ -1757,24 +1756,6 @@ static inline int dev_rebuild_header(str
+ return dev->header_ops->rebuild(skb);
+ }
+
+-/* ll_header must have at least hard_header_len allocated */
+-static inline bool dev_validate_header(const struct net_device *dev,
+- char *ll_header, int len)
+-{
+- if (likely(len >= dev->hard_header_len))
+- return true;
+-
+- if (capable(CAP_SYS_RAWIO)) {
+- memset(ll_header + len, 0, dev->hard_header_len - len);
+- return true;
+- }
+-
+- if (dev->header_ops && dev->header_ops->validate)
+- return dev->header_ops->validate(ll_header, len);
+-
+- return false;
+-}
+-
+ typedef int gifconf_func_t(struct net_device * dev, char __user * bufptr, int len);
+ extern int register_gifconf(unsigned int family, gifconf_func_t * gifconf);
+ static inline int unregister_gifconf(unsigned int family)
diff --git a/debian/patches/debian/revert-net-ipv6-add-sysctl-option-accept_ra_min_hop_limit.patch b/debian/patches/debian/revert-net-ipv6-add-sysctl-option-accept_ra_min_hop_limit.patch
new file mode 100644
index 0000000..8e1e599
--- /dev/null
+++ b/debian/patches/debian/revert-net-ipv6-add-sysctl-option-accept_ra_min_hop_limit.patch
@@ -0,0 +1,117 @@
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sun, 01 May 2016 23:15:07 +0200
+Subject: Revert "net/ipv6: add sysctl option accept_ra_min_hop_limit"
+Forwarded: not-needed
+
+This reverts commit 619d48665f45c3a9ccadd8cf171cb8ce230900ec which was
+commit 8013d1d7eafb0589ca766db6b74026f76b7f5cb4 upstream. It added a
+new member to struct ipv6_devconf, which is embedded in struct
+inet6_dev, which changes the symbol versions of many functions. I
+don't think anything outside ipv6 should be touching either structure,
+but I'm hesitant to just hide the new member from genksyms.
+
+---
+--- a/Documentation/networking/ip-sysctl.txt
++++ b/Documentation/networking/ip-sysctl.txt
+@@ -1070,14 +1070,6 @@ accept_ra_defrtr - BOOLEAN
+ Functional default: enabled if accept_ra is enabled.
+ disabled if accept_ra is disabled.
+
+-accept_ra_min_hop_limit - INTEGER
+- Minimum hop limit Information in Router Advertisement.
+-
+- Hop limit Information in Router Advertisement less than this
+- variable shall be ignored.
+-
+- Default: 1
+-
+ accept_ra_pinfo - BOOLEAN
+ Learn Prefix Information in Router Advertisement.
+
+--- a/include/linux/ipv6.h
++++ b/include/linux/ipv6.h
+@@ -153,7 +153,6 @@ struct ipv6_devconf {
+ #endif
+ __s32 max_addresses;
+ __s32 accept_ra_defrtr;
+- __s32 accept_ra_min_hop_limit;
+ __s32 accept_ra_pinfo;
+ #ifdef CONFIG_IPV6_ROUTER_PREF
+ __s32 accept_ra_rtr_pref;
+@@ -214,8 +213,6 @@ enum {
+ DEVCONF_DISABLE_IPV6,
+ DEVCONF_ACCEPT_DAD,
+ DEVCONF_FORCE_TLLAO,
+- DEVCONF_USE_OIF_ADDRS_ONLY = 37,
+- DEVCONF_ACCEPT_RA_MIN_HOP_LIMIT,
+ DEVCONF_MAX
+ };
+
+--- a/net/ipv6/addrconf.c
++++ b/net/ipv6/addrconf.c
+@@ -185,7 +185,6 @@ static struct ipv6_devconf ipv6_devconf
+ #endif
+ .max_addresses = IPV6_MAX_ADDRESSES,
+ .accept_ra_defrtr = 1,
+- .accept_ra_min_hop_limit= 1,
+ .accept_ra_pinfo = 1,
+ #ifdef CONFIG_IPV6_ROUTER_PREF
+ .accept_ra_rtr_pref = 1,
+@@ -220,7 +219,6 @@ static struct ipv6_devconf ipv6_devconf_
+ #endif
+ .max_addresses = IPV6_MAX_ADDRESSES,
+ .accept_ra_defrtr = 1,
+- .accept_ra_min_hop_limit= 1,
+ .accept_ra_pinfo = 1,
+ #ifdef CONFIG_IPV6_ROUTER_PREF
+ .accept_ra_rtr_pref = 1,
+@@ -3945,7 +3943,6 @@ static inline void ipv6_store_devconf(st
+ #endif
+ array[DEVCONF_MAX_ADDRESSES] = cnf->max_addresses;
+ array[DEVCONF_ACCEPT_RA_DEFRTR] = cnf->accept_ra_defrtr;
+- array[DEVCONF_ACCEPT_RA_MIN_HOP_LIMIT] = cnf->accept_ra_min_hop_limit;
+ array[DEVCONF_ACCEPT_RA_PINFO] = cnf->accept_ra_pinfo;
+ #ifdef CONFIG_IPV6_ROUTER_PREF
+ array[DEVCONF_ACCEPT_RA_RTR_PREF] = cnf->accept_ra_rtr_pref;
+@@ -4547,13 +4544,6 @@ static struct addrconf_sysctl_table
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec,
+- },
+- {
+- .procname = "accept_ra_min_hop_limit",
+- .data = &ipv6_devconf.accept_ra_min_hop_limit,
+- .maxlen = sizeof(int),
+- .mode = 0644,
+- .proc_handler = proc_dointvec,
+ },
+ {
+ .procname = "accept_ra_pinfo",
+--- a/net/ipv6/ndisc.c
++++ b/net/ipv6/ndisc.c
+@@ -1278,16 +1278,18 @@ static void ndisc_router_discovery(struc
+ if (rt)
+ rt->rt6i_expires = jiffies + (HZ * lifetime);
+
+- if (in6_dev->cnf.accept_ra_min_hop_limit < 256 &&
+- ra_msg->icmph.icmp6_hop_limit) {
+- if (in6_dev->cnf.accept_ra_min_hop_limit <= ra_msg->icmph.icmp6_hop_limit) {
++ if (ra_msg->icmph.icmp6_hop_limit) {
++ /* Only set hop_limit on the interface if it is higher than
++ * the current hop_limit.
++ */
++ if (in6_dev->cnf.hop_limit < ra_msg->icmph.icmp6_hop_limit) {
+ in6_dev->cnf.hop_limit = ra_msg->icmph.icmp6_hop_limit;
+- if (rt)
+- dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
+- ra_msg->icmph.icmp6_hop_limit);
+ } else {
+- ND_PRINTK2(KERN_WARNING "RA: Got route advertisement with lower hop_limit than minimum\n");
++ ND_PRINTK2(KERN_WARNING "RA: Got route advertisement with lower hop_limit than current\n");
+ }
++ if (rt)
++ dst_metric_set(&rt->dst, RTAX_HOPLIMIT,
++ ra_msg->icmph.icmp6_hop_limit);
+ }
+
+ skip_defrtr:
diff --git a/debian/patches/series b/debian/patches/series
index d413fa0..301eac8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1171,3 +1171,6 @@ debian/revert-libata-align-ata_device-s-id-on-a-cacheline.patch
debian/tracing-avoid-abi-change-in-3.2.79.patch
debian/fs-fix-abi-change-in-3.2.80.patch
debian/pci-fix-abi-change-in-3.2.80.patch
+bugfix/all/revert-ax25-add-link-layer-header-validation-functio.patch
+bugfix/all/revert-net-validate-variable-length-ll-headers.patch
+debian/revert-net-ipv6-add-sysctl-option-accept_ra_min_hop_limit.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list