diff options
author | Koen Vandeputte <koen.vandeputte@ncentric.com> | 2020-04-15 14:31:12 +0200 |
---|---|---|
committer | Koen Vandeputte <koen.vandeputte@ncentric.com> | 2020-04-16 13:23:11 +0200 |
commit | e31d158c4d03f51c728d8adc38fd73314171318e (patch) | |
tree | 00f22a3679c03a52250f02dbf72052d77e79fc25 /target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch | |
parent | a7423fef3206283ec09144932b04feff7b68461f (diff) | |
download | upstream-e31d158c4d03f51c728d8adc38fd73314171318e.tar.gz upstream-e31d158c4d03f51c728d8adc38fd73314171318e.tar.bz2 upstream-e31d158c4d03f51c728d8adc38fd73314171318e.zip |
kernel: bump 4.14 to 4.14.176
Refreshed all patches.
Remove upstreamed:
- 0001-net-thunderx-workaround-BGX-TX-Underflow-issue.patch
- 600-ipv6-addrconf-call-ipv6_mc_up-for-non-Ethernet-inter.patch
- 184-USB-serial-option-add-Wistron-Neweb-D19Q1.patch
Fixes:
- CVE-2020-8648 (potentially)
- CVE-2020-8647
- CVE-2020-8649
Compile-tested on: cns3xxx, octeontx
Runtime-tested on: cns3xxx
Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>
Diffstat (limited to 'target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch')
-rw-r--r-- | target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch b/target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch index de88825802..885d632d22 100644 --- a/target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch +++ b/target/linux/generic/backport-4.14/320-v4.16-netfilter-nf_conntrack-add-IPS_OFFLOAD-status-bit.patch @@ -47,7 +47,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> }; --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c -@@ -960,6 +960,9 @@ static unsigned int early_drop_list(stru +@@ -974,6 +974,9 @@ static unsigned int early_drop_list(stru hlist_nulls_for_each_entry_rcu(h, n, head, hnnode) { tmp = nf_ct_tuplehash_to_ctrack(h); @@ -57,7 +57,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> if (nf_ct_is_expired(tmp)) { nf_ct_gc_expired(tmp); continue; -@@ -1037,6 +1040,18 @@ static bool gc_worker_can_early_drop(con +@@ -1051,6 +1054,18 @@ static bool gc_worker_can_early_drop(con return false; } @@ -76,7 +76,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> static void gc_worker(struct work_struct *work) { unsigned int min_interval = max(HZ / GC_MAX_BUCKETS_DIV, 1u); -@@ -1073,6 +1088,11 @@ static void gc_worker(struct work_struct +@@ -1087,6 +1102,11 @@ static void gc_worker(struct work_struct tmp = nf_ct_tuplehash_to_ctrack(h); scanned++; |