| 1 |
commit: 116b95f1a7590519be254e3128fefd92d8eaaefd |
| 2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sun Oct 11 22:56:14 2015 +0000 |
| 4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Oct 11 22:56:14 2015 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/hardened-patchset.git/commit/?id=116b95f1 |
| 7 |
|
| 8 |
grsecurity-3.1-4.2.3-201510092347 |
| 9 |
|
| 10 |
4.2.3/0000_README | 2 +- |
| 11 |
...> 4420_grsecurity-3.1-4.2.3-201510092347.patch} | 252 +++++++++++++++++++-- |
| 12 |
2 files changed, 235 insertions(+), 19 deletions(-) |
| 13 |
|
| 14 |
diff --git a/4.2.3/0000_README b/4.2.3/0000_README |
| 15 |
index 08d9f55..1d05b9f 100644 |
| 16 |
--- a/4.2.3/0000_README |
| 17 |
+++ b/4.2.3/0000_README |
| 18 |
@@ -2,7 +2,7 @@ README |
| 19 |
----------------------------------------------------------------------------- |
| 20 |
Individual Patch Descriptions: |
| 21 |
----------------------------------------------------------------------------- |
| 22 |
-Patch: 4420_grsecurity-3.1-4.2.3-201510072230.patch |
| 23 |
+Patch: 4420_grsecurity-3.1-4.2.3-201510092347.patch |
| 24 |
From: http://www.grsecurity.net |
| 25 |
Desc: hardened-sources base patch from upstream grsecurity |
| 26 |
|
| 27 |
|
| 28 |
diff --git a/4.2.3/4420_grsecurity-3.1-4.2.3-201510072230.patch b/4.2.3/4420_grsecurity-3.1-4.2.3-201510092347.patch |
| 29 |
similarity index 99% |
| 30 |
rename from 4.2.3/4420_grsecurity-3.1-4.2.3-201510072230.patch |
| 31 |
rename to 4.2.3/4420_grsecurity-3.1-4.2.3-201510092347.patch |
| 32 |
index b4b589d..5075ca5 100644 |
| 33 |
--- a/4.2.3/4420_grsecurity-3.1-4.2.3-201510072230.patch |
| 34 |
+++ b/4.2.3/4420_grsecurity-3.1-4.2.3-201510092347.patch |
| 35 |
@@ -24915,7 +24915,7 @@ index eec40f5..4fee808 100644 |
| 36 |
#include <asm/processor.h> |
| 37 |
#include <asm/fcntl.h> |
| 38 |
diff --git a/arch/x86/kernel/espfix_64.c b/arch/x86/kernel/espfix_64.c |
| 39 |
-index ce95676..da8c6ff 100644 |
| 40 |
+index ce95676..af5c012 100644 |
| 41 |
--- a/arch/x86/kernel/espfix_64.c |
| 42 |
+++ b/arch/x86/kernel/espfix_64.c |
| 43 |
@@ -41,6 +41,7 @@ |
| 44 |
@@ -24939,12 +24939,12 @@ index ce95676..da8c6ff 100644 |
| 45 |
|
| 46 |
static unsigned int page_random, slot_random; |
| 47 |
|
| 48 |
-@@ -122,14 +125,25 @@ static void init_espfix_random(void) |
| 49 |
+@@ -122,10 +125,19 @@ static void init_espfix_random(void) |
| 50 |
void __init init_espfix_bsp(void) |
| 51 |
{ |
| 52 |
pgd_t *pgd_p; |
| 53 |
+ pud_t *pud_p; |
| 54 |
-+ unsigned long addr, index = pgd_index(ESPFIX_BASE_ADDR); |
| 55 |
++ unsigned long index = pgd_index(ESPFIX_BASE_ADDR); |
| 56 |
|
| 57 |
/* Install the espfix pud into the kernel page directory */ |
| 58 |
- pgd_p = &init_level4_pgt[pgd_index(ESPFIX_BASE_ADDR)]; |
| 59 |
@@ -24961,13 +24961,7 @@ index ce95676..da8c6ff 100644 |
| 60 |
|
| 61 |
/* Randomize the locations */ |
| 62 |
init_espfix_random(); |
| 63 |
- |
| 64 |
-+ addr = espfix_base_addr(0); |
| 65 |
-+ |
| 66 |
- /* The rest is the same as for any other processor */ |
| 67 |
- init_espfix_ap(0); |
| 68 |
- } |
| 69 |
-@@ -170,35 +184,39 @@ void init_espfix_ap(int cpu) |
| 70 |
+@@ -170,35 +182,39 @@ void init_espfix_ap(int cpu) |
| 71 |
pud_p = &espfix_pud_page[pud_index(addr)]; |
| 72 |
pud = *pud_p; |
| 73 |
if (!pud_present(pud)) { |
| 74 |
@@ -26887,6 +26881,80 @@ index c2bedae..25e7ab60 100644 |
| 75 |
.attr = { |
| 76 |
.name = "data", |
| 77 |
.mode = S_IRUGO, |
| 78 |
+diff --git a/arch/x86/kernel/kvmclock.c b/arch/x86/kernel/kvmclock.c |
| 79 |
+index 49487b4..a94a0d3 100644 |
| 80 |
+--- a/arch/x86/kernel/kvmclock.c |
| 81 |
++++ b/arch/x86/kernel/kvmclock.c |
| 82 |
+@@ -29,7 +29,7 @@ |
| 83 |
+ #include <asm/x86_init.h> |
| 84 |
+ #include <asm/reboot.h> |
| 85 |
+ |
| 86 |
+-static int kvmclock = 1; |
| 87 |
++static int kvmclock __read_only = 1; |
| 88 |
+ static int msr_kvm_system_time = MSR_KVM_SYSTEM_TIME; |
| 89 |
+ static int msr_kvm_wall_clock = MSR_KVM_WALL_CLOCK; |
| 90 |
+ |
| 91 |
+@@ -41,7 +41,7 @@ static int parse_no_kvmclock(char *arg) |
| 92 |
+ early_param("no-kvmclock", parse_no_kvmclock); |
| 93 |
+ |
| 94 |
+ /* The hypervisor will put information about time periodically here */ |
| 95 |
+-static struct pvclock_vsyscall_time_info *hv_clock; |
| 96 |
++static struct pvclock_vsyscall_time_info hv_clock[NR_CPUS] __page_aligned_bss; |
| 97 |
+ static struct pvclock_wall_clock wall_clock; |
| 98 |
+ |
| 99 |
+ /* |
| 100 |
+@@ -132,7 +132,7 @@ bool kvm_check_and_clear_guest_paused(void) |
| 101 |
+ struct pvclock_vcpu_time_info *src; |
| 102 |
+ int cpu = smp_processor_id(); |
| 103 |
+ |
| 104 |
+- if (!hv_clock) |
| 105 |
++ if (!kvmclock) |
| 106 |
+ return ret; |
| 107 |
+ |
| 108 |
+ src = &hv_clock[cpu].pvti; |
| 109 |
+@@ -159,7 +159,7 @@ int kvm_register_clock(char *txt) |
| 110 |
+ int low, high, ret; |
| 111 |
+ struct pvclock_vcpu_time_info *src; |
| 112 |
+ |
| 113 |
+- if (!hv_clock) |
| 114 |
++ if (!kvmclock) |
| 115 |
+ return 0; |
| 116 |
+ |
| 117 |
+ src = &hv_clock[cpu].pvti; |
| 118 |
+@@ -219,7 +219,6 @@ static void kvm_shutdown(void) |
| 119 |
+ void __init kvmclock_init(void) |
| 120 |
+ { |
| 121 |
+ struct pvclock_vcpu_time_info *vcpu_time; |
| 122 |
+- unsigned long mem; |
| 123 |
+ int size, cpu; |
| 124 |
+ u8 flags; |
| 125 |
+ |
| 126 |
+@@ -237,15 +236,8 @@ void __init kvmclock_init(void) |
| 127 |
+ printk(KERN_INFO "kvm-clock: Using msrs %x and %x", |
| 128 |
+ msr_kvm_system_time, msr_kvm_wall_clock); |
| 129 |
+ |
| 130 |
+- mem = memblock_alloc(size, PAGE_SIZE); |
| 131 |
+- if (!mem) |
| 132 |
+- return; |
| 133 |
+- hv_clock = __va(mem); |
| 134 |
+- memset(hv_clock, 0, size); |
| 135 |
+- |
| 136 |
+ if (kvm_register_clock("primary cpu clock")) { |
| 137 |
+- hv_clock = NULL; |
| 138 |
+- memblock_free(mem, size); |
| 139 |
++ kvmclock = 0; |
| 140 |
+ return; |
| 141 |
+ } |
| 142 |
+ pv_time_ops.sched_clock = kvm_clock_read; |
| 143 |
+@@ -286,7 +278,7 @@ int __init kvm_setup_vsyscall_timeinfo(void) |
| 144 |
+ struct pvclock_vcpu_time_info *vcpu_time; |
| 145 |
+ unsigned int size; |
| 146 |
+ |
| 147 |
+- if (!hv_clock) |
| 148 |
++ if (!kvmclock) |
| 149 |
+ return 0; |
| 150 |
+ |
| 151 |
+ size = PAGE_ALIGN(sizeof(struct pvclock_vsyscall_time_info)*NR_CPUS); |
| 152 |
diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c |
| 153 |
index 2bcc052..864eb84 100644 |
| 154 |
--- a/arch/x86/kernel/ldt.c |
| 155 |
@@ -33514,10 +33582,19 @@ index 81bf3d2..7ef25c2 100644 |
| 156 |
* XXX: batch / limit 'nr', to avoid large irq off latency |
| 157 |
* needs some instrumenting to determine the common sizes used by |
| 158 |
diff --git a/arch/x86/mm/highmem_32.c b/arch/x86/mm/highmem_32.c |
| 159 |
-index eecb207a..ad42a30 100644 |
| 160 |
+index eecb207a..808343a 100644 |
| 161 |
--- a/arch/x86/mm/highmem_32.c |
| 162 |
+++ b/arch/x86/mm/highmem_32.c |
| 163 |
-@@ -45,7 +45,9 @@ void *kmap_atomic_prot(struct page *page, pgprot_t prot) |
| 164 |
+@@ -35,6 +35,8 @@ void *kmap_atomic_prot(struct page *page, pgprot_t prot) |
| 165 |
+ unsigned long vaddr; |
| 166 |
+ int idx, type; |
| 167 |
+ |
| 168 |
++ BUG_ON(pgprot_val(prot) & _PAGE_USER); |
| 169 |
++ |
| 170 |
+ preempt_disable(); |
| 171 |
+ pagefault_disable(); |
| 172 |
+ |
| 173 |
+@@ -45,7 +47,9 @@ void *kmap_atomic_prot(struct page *page, pgprot_t prot) |
| 174 |
idx = type + KM_TYPE_NR*smp_processor_id(); |
| 175 |
vaddr = __fix_to_virt(FIX_KMAP_BEGIN + idx); |
| 176 |
BUG_ON(!pte_none(*(kmap_pte-idx))); |
| 177 |
@@ -34682,7 +34759,7 @@ index 9f0614d..92ae64a 100644 |
| 178 |
p += get_opcode(p, &opcode); |
| 179 |
for (i = 0; i < ARRAY_SIZE(imm_wop); i++) |
| 180 |
diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c |
| 181 |
-index fb0a9dd..72a6e6f 100644 |
| 182 |
+index fb0a9dd..6fc86ab 100644 |
| 183 |
--- a/arch/x86/mm/pgtable.c |
| 184 |
+++ b/arch/x86/mm/pgtable.c |
| 185 |
@@ -98,10 +98,75 @@ static inline void pgd_list_del(pgd_t *pgd) |
| 186 |
@@ -34970,6 +35047,55 @@ index fb0a9dd..72a6e6f 100644 |
| 187 |
pgd_dtor(pgd); |
| 188 |
paravirt_pgd_free(mm, pgd); |
| 189 |
_pgd_free(pgd); |
| 190 |
+@@ -544,6 +616,40 @@ void __init reserve_top_address(unsigned long reserve) |
| 191 |
+ |
| 192 |
+ int fixmaps_set; |
| 193 |
+ |
| 194 |
++static void fix_user_fixmap(enum fixed_addresses idx, unsigned long address) |
| 195 |
++{ |
| 196 |
++#ifdef CONFIG_X86_64 |
| 197 |
++ pgd_t *pgd; |
| 198 |
++ pud_t *pud; |
| 199 |
++ pmd_t *pmd; |
| 200 |
++ |
| 201 |
++ switch (idx) { |
| 202 |
++ default: |
| 203 |
++ return; |
| 204 |
++ |
| 205 |
++#ifdef CONFIG_X86_VSYSCALL_EMULATION |
| 206 |
++ case VSYSCALL_PAGE: |
| 207 |
++#endif |
| 208 |
++#ifdef CONFIG_PARAVIRT_CLOCK |
| 209 |
++ case PVCLOCK_FIXMAP_BEGIN ... PVCLOCK_FIXMAP_END: |
| 210 |
++#endif |
| 211 |
++ break; |
| 212 |
++ } |
| 213 |
++ |
| 214 |
++ pgd = pgd_offset_k(address); |
| 215 |
++ if (!(pgd_val(*pgd) & _PAGE_USER)) |
| 216 |
++ set_pgd(pgd, __pgd(pgd_val(*pgd) | _PAGE_USER)); |
| 217 |
++ |
| 218 |
++ pud = pud_offset(pgd, address); |
| 219 |
++ if (!(pud_val(*pud) & _PAGE_USER)) |
| 220 |
++ set_pud(pud, __pud(pud_val(*pud) | _PAGE_USER)); |
| 221 |
++ |
| 222 |
++ pmd = pmd_offset(pud, address); |
| 223 |
++ if (!(pmd_val(*pmd) & _PAGE_USER)) |
| 224 |
++ set_pmd(pmd, __pmd(pmd_val(*pmd) | _PAGE_USER)); |
| 225 |
++#endif |
| 226 |
++} |
| 227 |
++ |
| 228 |
+ void __native_set_fixmap(enum fixed_addresses idx, pte_t pte) |
| 229 |
+ { |
| 230 |
+ unsigned long address = __fix_to_virt(idx); |
| 231 |
+@@ -554,6 +660,7 @@ void __native_set_fixmap(enum fixed_addresses idx, pte_t pte) |
| 232 |
+ } |
| 233 |
+ set_pte_vaddr(address, pte); |
| 234 |
+ fixmaps_set++; |
| 235 |
++ fix_user_fixmap(idx, address); |
| 236 |
+ } |
| 237 |
+ |
| 238 |
+ void native_set_fixmap(enum fixed_addresses idx, phys_addr_t phys, |
| 239 |
diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c |
| 240 |
index 90555bf..f5f1828 100644 |
| 241 |
--- a/arch/x86/mm/setup_nx.c |
| 242 |
@@ -37079,6 +37205,33 @@ index 45e7d51..2967121 100644 |
| 243 |
if (!ret) |
| 244 |
kobject_uevent(&pinst->kobj, KOBJ_ADD); |
| 245 |
|
| 246 |
+diff --git a/crypto/scatterwalk.c b/crypto/scatterwalk.c |
| 247 |
+index ea5815c..5880da6 100644 |
| 248 |
+--- a/crypto/scatterwalk.c |
| 249 |
++++ b/crypto/scatterwalk.c |
| 250 |
+@@ -109,14 +109,20 @@ void scatterwalk_map_and_copy(void *buf, struct scatterlist *sg, |
| 251 |
+ { |
| 252 |
+ struct scatter_walk walk; |
| 253 |
+ struct scatterlist tmp[2]; |
| 254 |
++ void *realbuf = buf; |
| 255 |
+ |
| 256 |
+ if (!nbytes) |
| 257 |
+ return; |
| 258 |
+ |
| 259 |
+ sg = scatterwalk_ffwd(tmp, sg, start); |
| 260 |
+ |
| 261 |
+- if (sg_page(sg) == virt_to_page(buf) && |
| 262 |
+- sg->offset == offset_in_page(buf)) |
| 263 |
++#ifdef CONFIG_GRKERNSEC_KSTACKOVERFLOW |
| 264 |
++ if (object_starts_on_stack(buf)) |
| 265 |
++ realbuf = buf - current->stack + current->lowmem_stack; |
| 266 |
++#endif |
| 267 |
++ |
| 268 |
++ if (sg_page(sg) == virt_to_page(realbuf) && |
| 269 |
++ sg->offset == offset_in_page(realbuf)) |
| 270 |
+ return; |
| 271 |
+ |
| 272 |
+ scatterwalk_start(&walk, sg); |
| 273 |
diff --git a/crypto/zlib.c b/crypto/zlib.c |
| 274 |
index d51a30a..fb1f8af 100644 |
| 275 |
--- a/crypto/zlib.c |
| 276 |
@@ -50874,10 +51027,20 @@ index 487be20..f4c87bc 100644 |
| 277 |
err = 0; |
| 278 |
break; |
| 279 |
diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c |
| 280 |
-index 079f7ad..b2a2bfa7 100644 |
| 281 |
+index 079f7ad..7e59810 100644 |
| 282 |
--- a/drivers/net/slip/slhc.c |
| 283 |
+++ b/drivers/net/slip/slhc.c |
| 284 |
-@@ -487,7 +487,7 @@ slhc_uncompress(struct slcompress *comp, unsigned char *icp, int isize) |
| 285 |
+@@ -94,6 +94,9 @@ slhc_init(int rslots, int tslots) |
| 286 |
+ register struct cstate *ts; |
| 287 |
+ struct slcompress *comp; |
| 288 |
+ |
| 289 |
++ if (rslots <= 0 || tslots <= 0 || rslots >= 256 || tslots >= 256) |
| 290 |
++ goto out_fail; |
| 291 |
++ |
| 292 |
+ comp = kzalloc(sizeof(struct slcompress), GFP_KERNEL); |
| 293 |
+ if (! comp) |
| 294 |
+ goto out_fail; |
| 295 |
+@@ -487,7 +490,7 @@ slhc_uncompress(struct slcompress *comp, unsigned char *icp, int isize) |
| 296 |
register struct tcphdr *thp; |
| 297 |
register struct iphdr *ip; |
| 298 |
register struct cstate *cs; |
| 299 |
@@ -102842,6 +103005,18 @@ index e951453..0685f5b 100644 |
| 300 |
} |
| 301 |
|
| 302 |
#endif /* __NET_NET_NAMESPACE_H */ |
| 303 |
+diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h |
| 304 |
+index 37cd391..4023c4c 100644 |
| 305 |
+--- a/include/net/netfilter/nf_conntrack.h |
| 306 |
++++ b/include/net/netfilter/nf_conntrack.h |
| 307 |
+@@ -292,6 +292,7 @@ extern unsigned int nf_conntrack_hash_rnd; |
| 308 |
+ void init_nf_conntrack_hash_rnd(void); |
| 309 |
+ |
| 310 |
+ struct nf_conn *nf_ct_tmpl_alloc(struct net *net, u16 zone, gfp_t flags); |
| 311 |
++void nf_ct_tmpl_free(struct nf_conn *tmpl); |
| 312 |
+ |
| 313 |
+ #define NF_CT_STAT_INC(net, count) __this_cpu_inc((net)->ct.stat->count) |
| 314 |
+ #define NF_CT_STAT_INC_ATOMIC(net, count) this_cpu_inc((net)->ct.stat->count) |
| 315 |
diff --git a/include/net/netlink.h b/include/net/netlink.h |
| 316 |
index 2a5dbcc..8243656 100644 |
| 317 |
--- a/include/net/netlink.h |
| 318 |
@@ -121709,10 +121884,25 @@ index 45da11a..ef3e5dc 100644 |
| 319 |
table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table), |
| 320 |
GFP_KERNEL); |
| 321 |
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c |
| 322 |
-index 3c20d02..b7e071a 100644 |
| 323 |
+index 3c20d02..b2c15f4 100644 |
| 324 |
--- a/net/netfilter/nf_conntrack_core.c |
| 325 |
+++ b/net/netfilter/nf_conntrack_core.c |
| 326 |
-@@ -1753,6 +1753,10 @@ void nf_conntrack_init_end(void) |
| 327 |
+@@ -320,12 +320,13 @@ out_free: |
| 328 |
+ } |
| 329 |
+ EXPORT_SYMBOL_GPL(nf_ct_tmpl_alloc); |
| 330 |
+ |
| 331 |
+-static void nf_ct_tmpl_free(struct nf_conn *tmpl) |
| 332 |
++void nf_ct_tmpl_free(struct nf_conn *tmpl) |
| 333 |
+ { |
| 334 |
+ nf_ct_ext_destroy(tmpl); |
| 335 |
+ nf_ct_ext_free(tmpl); |
| 336 |
+ kfree(tmpl); |
| 337 |
+ } |
| 338 |
++EXPORT_SYMBOL_GPL(nf_ct_tmpl_free); |
| 339 |
+ |
| 340 |
+ static void |
| 341 |
+ destroy_conntrack(struct nf_conntrack *nfct) |
| 342 |
+@@ -1753,6 +1754,10 @@ void nf_conntrack_init_end(void) |
| 343 |
#define DYING_NULLS_VAL ((1<<30)+1) |
| 344 |
#define TEMPLATE_NULLS_VAL ((1<<30)+2) |
| 345 |
|
| 346 |
@@ -121723,7 +121913,7 @@ index 3c20d02..b7e071a 100644 |
| 347 |
int nf_conntrack_init_net(struct net *net) |
| 348 |
{ |
| 349 |
int ret = -ENOMEM; |
| 350 |
-@@ -1777,7 +1781,11 @@ int nf_conntrack_init_net(struct net *net) |
| 351 |
+@@ -1777,7 +1782,11 @@ int nf_conntrack_init_net(struct net *net) |
| 352 |
if (!net->ct.stat) |
| 353 |
goto err_pcpu_lists; |
| 354 |
|
| 355 |
@@ -121854,6 +122044,19 @@ index c68c1e5..8b5d670 100644 |
| 356 |
mutex_unlock(&nf_sockopt_mutex); |
| 357 |
} |
| 358 |
EXPORT_SYMBOL(nf_unregister_sockopt); |
| 359 |
+diff --git a/net/netfilter/nf_synproxy_core.c b/net/netfilter/nf_synproxy_core.c |
| 360 |
+index d7f1685..d6ee8f8 100644 |
| 361 |
+--- a/net/netfilter/nf_synproxy_core.c |
| 362 |
++++ b/net/netfilter/nf_synproxy_core.c |
| 363 |
+@@ -378,7 +378,7 @@ static int __net_init synproxy_net_init(struct net *net) |
| 364 |
+ err3: |
| 365 |
+ free_percpu(snet->stats); |
| 366 |
+ err2: |
| 367 |
+- nf_conntrack_free(ct); |
| 368 |
++ nf_ct_tmpl_free(ct); |
| 369 |
+ err1: |
| 370 |
+ return err; |
| 371 |
+ } |
| 372 |
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c |
| 373 |
index 4670821..a6c3c47d 100644 |
| 374 |
--- a/net/netfilter/nfnetlink_log.c |
| 375 |
@@ -121896,6 +122099,19 @@ index 66def31..d64a66d 100644 |
| 376 |
} |
| 377 |
|
| 378 |
static const struct nla_policy nft_match_policy[NFTA_MATCH_MAX + 1] = { |
| 379 |
+diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c |
| 380 |
+index 43ddeee..f3377ce 100644 |
| 381 |
+--- a/net/netfilter/xt_CT.c |
| 382 |
++++ b/net/netfilter/xt_CT.c |
| 383 |
+@@ -233,7 +233,7 @@ out: |
| 384 |
+ return 0; |
| 385 |
+ |
| 386 |
+ err3: |
| 387 |
+- nf_conntrack_free(ct); |
| 388 |
++ nf_ct_tmpl_free(ct); |
| 389 |
+ err2: |
| 390 |
+ nf_ct_l3proto_module_put(par->family); |
| 391 |
+ err1: |
| 392 |
diff --git a/net/netfilter/xt_gradm.c b/net/netfilter/xt_gradm.c |
| 393 |
new file mode 100644 |
| 394 |
index 0000000..c566332 |
Archives