commit: afd6906e2a1895d7bf65ab6b375cadffadf775f8 Author: Mike Pagano <mpagano <AT> gentoo <DOT> org> AuthorDate: Tue Dec 9 20:01:15 2014 +0000 Commit: Mike Pagano <mpagano <AT> gentoo <DOT> org> CommitDate: Tue Dec 9 20:01:15 2014 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/linux-patches.git;a=commit;h=afd6906e
Linux patch 3.17.6 --- 0000_README | 4 ++++ 1005_linux-3.17.6.patch | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) diff --git a/0000_README b/0000_README index b7aa750..eee297c 100644 --- a/0000_README +++ b/0000_README @@ -63,6 +63,10 @@ Patch: 1004_linux-3.17.5.patch From: http://www.kernel.org Desc: Linux 3.17.5 +Patch: 1005_linux-3.17.6.patch +From: http://www.kernel.org +Desc: Linux 3.17.6 + Patch: 1500_XATTR_USER_PREFIX.patch From: https://bugs.gentoo.org/show_bug.cgi?id=470644 Desc: Support for namespace user.pax.* on tmpfs. diff --git a/1005_linux-3.17.6.patch b/1005_linux-3.17.6.patch new file mode 100644 index 0000000..7496c0f --- /dev/null +++ b/1005_linux-3.17.6.patch @@ -0,0 +1,46 @@ +diff --git a/Makefile b/Makefile +index 42585f6a819a..bb43e9e6a79c 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 17 +-SUBLEVEL = 5 ++SUBLEVEL = 6 + EXTRAVERSION = + NAME = Shuffling Zombie Juror + +diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c +index ec94ba94079f..de88c4ab5146 100644 +--- a/net/netfilter/nf_conntrack_core.c ++++ b/net/netfilter/nf_conntrack_core.c +@@ -611,16 +611,12 @@ __nf_conntrack_confirm(struct sk_buff *skb) + */ + NF_CT_ASSERT(!nf_ct_is_confirmed(ct)); + pr_debug("Confirming conntrack %p\n", ct); +- +- /* We have to check the DYING flag after unlink to prevent +- * a race against nf_ct_get_next_corpse() possibly called from +- * user context, else we insert an already 'dead' hash, blocking +- * further use of that particular connection -JM. +- */ +- nf_ct_del_from_dying_or_unconfirmed_list(ct); ++ /* We have to check the DYING flag inside the lock to prevent ++ a race against nf_ct_get_next_corpse() possibly called from ++ user context, else we insert an already 'dead' hash, blocking ++ further use of that particular connection -JM */ + + if (unlikely(nf_ct_is_dying(ct))) { +- nf_ct_add_to_dying_list(ct); + nf_conntrack_double_unlock(hash, reply_hash); + local_bh_enable(); + return NF_ACCEPT; +@@ -640,6 +636,8 @@ __nf_conntrack_confirm(struct sk_buff *skb) + zone == nf_ct_zone(nf_ct_tuplehash_to_ctrack(h))) + goto out; + ++ nf_ct_del_from_dying_or_unconfirmed_list(ct); ++ + /* Timer relative to confirmation time, not original + setting time, otherwise we'd get timer wrap in + weird delay cases. */