mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-06 22:08:54 +00:00
f4985a22ca
Fixes: - CVE-2020-10757 Run tested: ath79, ipq40xx Build tested: ath79, ipq40xx Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
137 lines
3.5 KiB
Diff
137 lines
3.5 KiB
Diff
From 3b6115d6b57a263bdc8c9b1df273bd4a7955eead Mon Sep 17 00:00:00 2001
|
|
From: Felix Fietkau <nbd@nbd.name>
|
|
Date: Sat, 8 Jul 2017 08:16:31 +0200
|
|
Subject: debloat: add some debloat patches, strip down procfs and make O_DIRECT support optional, saves ~15K after lzma on MIPS
|
|
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
---
|
|
net/Kconfig | 3 +++
|
|
net/core/Makefile | 3 ++-
|
|
net/core/sock.c | 2 ++
|
|
net/ipv4/Kconfig | 1 +
|
|
net/netlink/Kconfig | 1 +
|
|
net/packet/Kconfig | 1 +
|
|
net/unix/Kconfig | 1 +
|
|
7 files changed, 11 insertions(+), 1 deletion(-)
|
|
|
|
--- a/net/Kconfig
|
|
+++ b/net/Kconfig
|
|
@@ -97,6 +97,9 @@ source "net/netlabel/Kconfig"
|
|
|
|
endif # if INET
|
|
|
|
+config SOCK_DIAG
|
|
+ bool
|
|
+
|
|
config NETWORK_SECMARK
|
|
bool "Security Marking"
|
|
help
|
|
--- a/net/core/Makefile
|
|
+++ b/net/core/Makefile
|
|
@@ -10,9 +10,10 @@ obj-$(CONFIG_SYSCTL) += sysctl_net_core.
|
|
|
|
obj-y += dev.o ethtool.o dev_addr_lists.o dst.o netevent.o \
|
|
neighbour.o rtnetlink.o utils.o link_watch.o filter.o \
|
|
- sock_diag.o dev_ioctl.o tso.o sock_reuseport.o \
|
|
+ dev_ioctl.o tso.o sock_reuseport.o \
|
|
fib_notifier.o
|
|
|
|
+obj-$(CONFIG_SOCK_DIAG) += sock_diag.o
|
|
obj-y += net-sysfs.o
|
|
obj-$(CONFIG_PROC_FS) += net-procfs.o
|
|
obj-$(CONFIG_NET_PKTGEN) += pktgen.o
|
|
--- a/net/core/sock.c
|
|
+++ b/net/core/sock.c
|
|
@@ -528,6 +528,18 @@ discard_and_relse:
|
|
}
|
|
EXPORT_SYMBOL(__sk_receive_skb);
|
|
|
|
+u64 sock_gen_cookie(struct sock *sk)
|
|
+{
|
|
+ while (1) {
|
|
+ u64 res = atomic64_read(&sk->sk_cookie);
|
|
+
|
|
+ if (res)
|
|
+ return res;
|
|
+ res = atomic64_inc_return(&sock_net(sk)->cookie_gen);
|
|
+ atomic64_cmpxchg(&sk->sk_cookie, 0, res);
|
|
+ }
|
|
+}
|
|
+
|
|
struct dst_entry *__sk_dst_check(struct sock *sk, u32 cookie)
|
|
{
|
|
struct dst_entry *dst = __sk_dst_get(sk);
|
|
@@ -1599,9 +1611,11 @@ void sk_destruct(struct sock *sk)
|
|
|
|
static void __sk_free(struct sock *sk)
|
|
{
|
|
+#ifdef CONFIG_SOCK_DIAG
|
|
if (unlikely(sk->sk_net_refcnt && sock_diag_has_destroy_listeners(sk)))
|
|
sock_diag_broadcast_destroy(sk);
|
|
else
|
|
+#endif
|
|
sk_destruct(sk);
|
|
}
|
|
|
|
--- a/net/core/sock_diag.c
|
|
+++ b/net/core/sock_diag.c
|
|
@@ -19,18 +19,6 @@ static int (*inet_rcv_compat)(struct sk_
|
|
static DEFINE_MUTEX(sock_diag_table_mutex);
|
|
static struct workqueue_struct *broadcast_wq;
|
|
|
|
-u64 sock_gen_cookie(struct sock *sk)
|
|
-{
|
|
- while (1) {
|
|
- u64 res = atomic64_read(&sk->sk_cookie);
|
|
-
|
|
- if (res)
|
|
- return res;
|
|
- res = atomic64_inc_return(&sock_net(sk)->cookie_gen);
|
|
- atomic64_cmpxchg(&sk->sk_cookie, 0, res);
|
|
- }
|
|
-}
|
|
-
|
|
int sock_diag_check_cookie(struct sock *sk, const __u32 *cookie)
|
|
{
|
|
u64 res;
|
|
--- a/net/ipv4/Kconfig
|
|
+++ b/net/ipv4/Kconfig
|
|
@@ -421,6 +421,7 @@ config INET_XFRM_MODE_BEET
|
|
|
|
config INET_DIAG
|
|
tristate "INET: socket monitoring interface"
|
|
+ select SOCK_DIAG
|
|
default y
|
|
---help---
|
|
Support for INET (TCP, DCCP, etc) socket monitoring interface used by
|
|
--- a/net/netlink/Kconfig
|
|
+++ b/net/netlink/Kconfig
|
|
@@ -4,6 +4,7 @@
|
|
|
|
config NETLINK_DIAG
|
|
tristate "NETLINK: socket monitoring interface"
|
|
+ select SOCK_DIAG
|
|
default n
|
|
---help---
|
|
Support for NETLINK socket monitoring interface used by the ss tool.
|
|
--- a/net/packet/Kconfig
|
|
+++ b/net/packet/Kconfig
|
|
@@ -18,6 +18,7 @@ config PACKET
|
|
config PACKET_DIAG
|
|
tristate "Packet: sockets monitoring interface"
|
|
depends on PACKET
|
|
+ select SOCK_DIAG
|
|
default n
|
|
---help---
|
|
Support for PF_PACKET sockets monitoring interface used by the ss tool.
|
|
--- a/net/unix/Kconfig
|
|
+++ b/net/unix/Kconfig
|
|
@@ -22,6 +22,7 @@ config UNIX
|
|
config UNIX_DIAG
|
|
tristate "UNIX: socket monitoring interface"
|
|
depends on UNIX
|
|
+ select SOCK_DIAG
|
|
default n
|
|
---help---
|
|
Support for UNIX socket monitoring interface used by the ss tool.
|