nils/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
218de7e0ae
gluon/patches/lede/0049-ebtables-Use-flock-for-concurrent-option.patch
Matthias Schiffer dce388fdc7
modules: update LEDE 
c3cdc53164 ag71xx: Fix rx ring buffer stall on small packets flood on qca956x and qca953x.
e07ee06aad ar71xx: QCA956X: add missing register
7bc25dfa63 mvebu: fix mvneta build with Linux 4.4.110
541a1a7ff5 lantiq: activate noise margin delta for VDSL too
dea8979a81 Lantiq: make possible to tweak DSL SRN from UCI
9934231670 libubox: update to latest lede-17.01 git HEAD
7f5a040359 kernel: update kernel 4.4 to version 4.4.110
ddedcb19e5 brcm47xx: relocate the stack in loader
da43069f5b brcm47xx: relocate loader to higher address
f19416ae9d fstools: backport fix from master branch
55c23e44f4 procd: update to latest git HEAD
ffbbcc9b34 brcm47xx: image: build firmware for Asus WL-500g Deluxe
0426596453 Revert "iptables: fix nftables compile issue (FS#711)"
da126d557c iptables: fix nftables compile issue (FS#711)
473e994571 rpcd: backport version 2017-12-07 from master
b833944eb2 uci: update to HEAD of lede-17.01 branch
dca4dfacf2 iproute2: cake: fix patch format error
ee55629a30 kernel: bump 4.4 to 4.4.108 for 17.01
c4e9487cf5 iproute2: cake: support new operating modes for 17.01
4f1dca9eca kmod-sched-cake: bump to latest bake of cake for 17.01
959a49dc15 ramips: fix widora neo diag led
a1908023cc base-files: fix logic when to show failsafe banner
1c9299877b base-files: set FAILSAFE in /etc/profile when /tmp/.failsafe exists
2603c85060 wireguard: bump to 20171221
f8a441e020 kernel: bump 4.4 to 4.4.107
ceea0ac25d wireguard: bump to 20171211
ebb54740c7 brcm47xx: remove target specific network preinit config
b41d154f50 rules.mk: export TMPDIR
e719a08cc1 usbutils: Update usb.ids file to latest
4cfcfecf76 hostapd: remove unused local var declaration
796bc21023 hostapd: don't set htmode for wpa_supplicant
50147d41b9 libnl-tiny: use fixed message size instead of using the page size
0625814426 packages: nvram: fix memory leak in _nvram_free
0f175041ad mac80211: don't pass the hostapd ctrl iface in adhoc
05f0fac189 hostapd: explicitly set beacon interval for wpa_supplicant
7f78a86254 hostapd: set mcast_rate in mesh mode
c315843f88 igmpproxy: remove firewall rules when service is stopped
91e48304a9 openvpn: add support to start/stop single instances
e5c284bb81 package/elfutils: add CFLAG -Wno-format-nonliteral
dde29b2b01 tools/coreutils: install readlink
2f75641b1f uhttpd: fix query string handling
79024cd3be openssl: fix cryptodev config dependency
bead60c2d3 uqmi: replace legacy command invoke with newer type
5872c19c63 procd: Always tell cmake whether to include seccomp support or not
cd901ef1a6 libunwind: disable building with ssp
1aedf2f149 tools/squashfs: use host cflags
7fa70027d4 ppp: make the patches apply correctly again
d63eb474b3 ppp: fix compile warning
9bd667fc24 dropbear: fix PKG_CONFIG_DEPENDS
9d1bfb8f4d dropbear: make ssh compression support configurable
ed4f4f1a8e procd: Install seccomp-trace symlink
77e79b2dd0 openvpn: update to 2.4.4
5beb0abc83 build: remove @ as it's causing an error
eff1f7e7ef usbutils: avoid duplicating the git revision
9cf371c1f4 dnsmasq: Pass TARGET_CPPFLAGS to Makefile
2f80d84638 wwan: json format in some modem definitions
c61cf4a447 base-files: add /etc/profile.d to conffiles
bdc998c696 base-files: order conffiles alphabetically
c58e824acc procd: mdns: Support txt values with spaces
aaa73fea36 ar71xx: fix switch port numbering on RB750r2 and RB750UPr2
b69ea02a00 scripts/dowload.pl: use glob to expand target dir
80a22eee4b samba36: Remove syslog and load printers lines.
71797b6eca samba36: Don't resolve interfaces.
1458bc2d9c samba36: Remove guest ok since LuCI configures it.
f0065554b2 config: make CONFIG_ALL_* select other CONIFG_ALL_* options
2b88309335 nvram: add help message for nvram magic not found
118a2ea0bc nvram: improve argument check when program start
c446ee4ad4 nvram: add usage() function
9e84d333b1 nvram: fix memory leak
3b6b892d67 ca-certificates: Update to 20170717
23b9dc2eca base-files: drop unused preinit_echo function
ca7c9db47f tools/pkg-config: Update to 0.29.2
75d8127338 base-files: suppress uci not found output in login.sh
b616aa6db7 scripts/package-metadata.pl: inhibit compile deps on missing build types
2e1a87a3e1 build: bundle-libraries.sh: do not override argv[0] in inner exec calls
a37f8b0c6e samba36: Remove legacy options
89c4f47caa scripts/download.pl: Adjust URLs
338968a170 build: fix invocation of bundled ld.so in SDK and Imagebuilder
0a976262a5 kmod-sched-cake: drop maintainer
610e2afdcc zlib: use default Build/Configure rule
cf11a41af6 lzo: use default Build/Configure rule
c86490605c netfilter: add iptables-mod-rpfilter package
ea23ba9a25 bzip2: add symlink to binary
d413c75d24 dropbear: add option to set max auth tries
8693ab5152 dropbear: server support option '-T' max auth tries
0e6a6c8487 hostapd: configure NAS ID regardless of encryption
ef3649d90e hostapd: add acct_interval option
3027a68093 valgrind: bump to 3.13.0
3129db331c busybox: backport 'ip rule suppress_{prefixlength, ifgroup}'
86158ad37d libunwind: update to version 1.2.1
59004433e9 imagebuilder: don't rewrite package list output
74eeb07817 imagebuilder: clean package_list
7f3f2bc03b build: remove old kernel-headers build directories
c7234e3036 imagebuilder: add package_list function
9c3e4b5434 base-files: board.json's switch reset means existence, not argument
7d1f4073ce gdb: remove Build/Compile rule ; default one works
9a99039989 rb532: enable high-res timers, refresh kernel config
e802cbfc25 xburst: enable high-res timers, refresh kernel config
e01367e3af kernel: add CONFIG_SCHED_HRTICK=y to the generic config
6e1e2e7b96 package/grub2: update to 2.02
13a5568d6e ip17xx: correct aneg_done return value
816fb3433b mvswitch: fix autonegotiation issue
41ee45428b ppp: propagate master firewall zone to dynamic slave interface
a44c44077e usbmode: remove devices with unsupported modes
e8bd0a606a tar: override symlink permissions
59a1c1675d tools/sparse: Update to snapshot 2017-03-31
a6e5943a2a elfutils: Pass -Wno-unused-result to silence warnings as errors
08070221ed gcc: fix documentation entries added by 910-mbsd_multi.patch
ef43c04c34 scripts/download.pl: print the command used to download files
6e09b20563 tools/libressl: update to 2.5.4
08be74f699 tools/isl: update to 0.18
26ea59cd01 lldpd: bump to 0.9.7
444b64f533 libunwind: update to 1.2
e5612d6640 lantiq: spi: double time out tolerance
28c350f2f0 base-files: fix default procd reload
108a42bcba ramips: support jumbo frame on mt7621 up to 2k
8d4c047dd1 lldpd: drop specific respawn params [use system-wide]
8ee15ed61a elfutils: bump to 0.169
9754a9c606 devel/trace-cmd: Update to 2.6.1
79def69047 comgt-3g: enable modem before to setpin
070463fb61 devel/strace: Update to 4.16
67caf6bbce network/utils/ipset: Update to 6.32
f0a493160c mac80211: gracefully handle preexisting VIF
827f108b42 scripts: Probe external toolchains for libthread-db
bb9eb2c96e build: new fixes for symlinked .config handling
4607007a86 build: allow val.% targets to bypass the prepare steps
90575776b7 x86: keep /boot mounted for kexec
6b9eb0c73a hostapd: fix reload frequency change patch
040ff6fdbd build: remove absolute path to perl and replace with /usr/bin/env perl
98588273b1 kernel: allow selecting RTC drivers on targets without explicit RTC support
f30114c7c4 dropbear: fix procd interface trigger install
3e7f191008 include/packages-defaults.mk: Remove LARGEFILE option
a1392e08c5 netifd: return error status in reload_service
10182cb2c6 grub2: update to 2.02~rc2
38ea91ea9a base-files: use restart if no reload hook for service
9b24d99b91 iproute2: add libgenl.h and ll_map.h to InstallDev section
94597229c3 busybox: fix installation of cron and ntpd scripts in the default config
9ce30f7175 kernel: move initramfs's init script out of base-files
c8a0f3aa29 target.mk: check that CPU_TYPE has known CPU_CFLAGS mapping
977db9f08a scripts/download.pl: fix error message on hash mismatch
7fb03d9610 netifd: fix fw3 warnings in dhcp script
f69d73f1b2 build: allow specifying flow-control to grub on serial console
91821c8c0b kexec-tools: get kexec running on MUSL and x86 hardware
affff02798 busybox: don't install NTP scripts if NTP isn't configured
7ccfa826ee ar8327: Add workarounds for AR8337 switch.
0aafbf6c00 build: fix STAMP_PREPARED with quilt
80304ace58 lantiq: remove lantiq_board_model, it is unused
8be5b12ea1 lantiq: remove lantiq_board_name, use the generic function instead
0f0d742ae3 lantiq: move lantiq_board_detect() to 03_preinit_board.sh
f173464f13 base-files: add generic board_name function to functions.sh
62a8252a0f mac80211: Fix race condition leading to wifi interfaces not coming up at boot sometimes.
5f03ce1213 scripts: only generate config from feature flag if fully match
f7f69130e5 lzo: Update to 2.10
6ba0cc14e9 tools/coreutils: Update to 8.27
100553d605 tools/libressl: Update to 2.5.1
25fe034861 tools/dosfstools: Update to 4.1
ed4976d884 tools/sed: Update to 4.4
7263e3cdca lldpd: bump to 0.9.6
3225fbfcbf x86: image: drop duplicated copy of bzImage into vmlinuz
37aae44a47 libnl: Fix building with uClibc
950439234e toolchain: add musl libc.so to external toolchain
cfb5a550e4 iwcap: fix handling kill signal during dump
1411493569 x86: image: drop unneeded grub call
58e0c0feec x86: image: drop unused ROOTDELAY variable
05f0b8d18b ccache: update to 3.3.4
15efa09507 base-files: add submission service port
56b9f0ffc0 procd.sh: use parameterized respawn values
28c9731984 toolchain: Allow external toolchains to specify libthread-db
2dd9b62f82 rssileds: Fix build with external toolchains
2d31ec4c1b adb: Also pass TARGET_CPPFLAGS
ec395eeb17 swconfig: Link with libubox
c6dd059a9a px5g: Fix TARGET_LDFLAGS and add TARGET_CPPFLAGS
12b811a609 omcproxy: Update to latest HEAD
1e3ff02ea5 bsdiff: Also pass down TARGET_CPPFLAGS
051a33e7c9 thc-ipv6: Allow overriding CFLAGS
a91d8dd162 tools/m4: update 1.4.18
acd481470c build: get rid of FIND_L from host.mk
11cd6077ba build: unsilence move command
903a404663 build: skip headers install and config on make target/linux/prepare
a7fc27edce build: make Host/Install/Default use Host/Compile/Default with an extra argument
94f079e338 build: Pass -iremap gcc option as a single argument
3056122bf7 toolchain/gcc: parallelize make install
a33b0ced78 toolchain/musl: parallelize make install
1d0f7e3136 imagebuilder: make submake invocations less verbose
bdb05f5ef5 gcc: remove obsolete uclibc patch
90a43e508e toolchain/gcc: reduce source directory size by about 420 MB
82615922b0 bcm53xx: suppress osafeloader info error messages during flashing
c566a9e563 toolchain: Broaden the executable loader pattern
3387158e45 build: Suffix build directory with _$(LIBC) for external toolchains
2428b6d6b6 tools/sstrip: Fix compile under standard linux.
50b478956a openssl: update to 1.0.2n
135aa3ba7e base-files: upgrade: make get_partitions() endian agnostic
207bcea1de cyassl: update to wolfssl 3.12.2 (1 CVE)
3bb881862b mdadm: fix parameter quoting
6c1b6e8221 mdadm: Fix config generation
4fc0fb3ca3 mdadm: Do not check RUN_DIR
157b892994 kernel: remove out of tree direct-io disable hack
adc9f935c3 utils/mdadm: Update to 4.0
8bf67f63b9 mdadm: extend uci config support
4af145ea67 rules.mk: make PKG_CONFIG_DEPENDS properly track string values
2b664499cd kernel: bump 4.4 to 4.4.103 for 17.01
ed82c52a4a uqmi: also try newer pin verification
b41a2e646e opkg: bump to version 2017-12-08
f5f5f583f9 hostapd: backport fix for wnm_sleep_mode=0
19ebc19f54 hostapd: Expose the tdls_prohibit option to UCI
3590316121 dnsmasq: backport infinite dns retries fix
060b7f1fbb curl: apply CVE 2017-8816 and 2017-8817 security patches
4b5861c47d mt76: update to the latest version
f19d47f848 tools: patch various gnu tools for macOS 10.13
e5a10bc0fc samba36: backport an upstream fix for an information leak (CVE-2017-15275)
d77fe9219a ramips: backport MT7628 pinmux fixes
9601e6a0e2 ramips: add missing reset button for Nexx WT1520
0946ec0f46 wireguard: bump to snapshot 20171127
2018-01-09 19:03:34 +01:00

147 lines
4.3 KiB
Diff
Raw Blame History

From: Sven Eckelmann <sven@narfation.org>
Date: Wed, 20 Dec 2017 16:55:17 +0100
Subject: ebtables: Use flock() for --concurrent option
The previous locking mechanism was not atomic, hence it was possible
that a killed ebtables process would leave the lock file in place which
in turn made future ebtables processes wait indefinitely for the lock to
become free.
Fix this by using flock(). This also simplifies code quite a bit because
there is no need for a custom signal handler or an __exit routine
anymore.
diff --git a/package/network/utils/ebtables/patches/300-fix-concurrent.patch b/package/network/utils/ebtables/patches/300-fix-concurrent.patch
new file mode 100644
index 0000000000000000000000000000000000000000..1a99162bf51cd175e26d49e7ee5277b8b8645f48
--- /dev/null
+++ b/package/network/utils/ebtables/patches/300-fix-concurrent.patch
@@ -0,0 +1,127 @@
+From 6a826591878db3fa9e2a94b87a3d5edd8e0fc442 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Fri, 6 Oct 2017 12:48:50 +0200
+Subject: Use flock() for --concurrent option
+
+The previous locking mechanism was not atomic, hence it was possible
+that a killed ebtables process would leave the lock file in place which
+in turn made future ebtables processes wait indefinitely for the lock to
+become free.
+
+Fix this by using flock(). This also simplifies code quite a bit because
+there is no need for a custom signal handler or an __exit routine
+anymore.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+
+Origin: upstream, https://git.netfilter.org/ebtables/commit/?id=6a826591878db3fa9e2a94b87a3d5edd8e0fc442
+---
+ ebtables.c | 8 --------
+ libebtc.c | 49 +++++--------------------------------------------
+ 2 files changed, 5 insertions(+), 52 deletions(-)
+
+diff --git a/ebtables.c b/ebtables.c
+index 62f1ba8..f7dfccf 100644
+--- a/ebtables.c
++++ b/ebtables.c
+@@ -528,12 +528,6 @@ void ebt_early_init_once()
+ ebt_iterate_targets(merge_target);
+ }
+
+-/* signal handler, installed when the option --concurrent is specified. */
+-static void sighandler(int signum)
+-{
+- exit(-1);
+-}
+-
+ /* We use exec_style instead of #ifdef's because ebtables.so is a shared object. */
+ int do_command(int argc, char *argv[], int exec_style,
+ struct ebt_u_replace *replace_)
+@@ -1047,8 +1041,6 @@ big_iface_length:
+ strcpy(replace->filename, optarg);
+ break;
+ case 13 : /* concurrent */
+- signal(SIGINT, sighandler);
+- signal(SIGTERM, sighandler);
+ use_lockfd = 1;
+ break;
+ case 1 :
+diff --git a/libebtc.c b/libebtc.c
+index 74830ec..c0ff8cc 100644
+--- a/libebtc.c
++++ b/libebtc.c
+@@ -31,6 +31,7 @@
+ #include "include/ethernetdb.h"
+ #include <unistd.h>
+ #include <fcntl.h>
++#include <sys/file.h>
+ #include <sys/wait.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+@@ -137,58 +138,18 @@ void ebt_list_extensions()
+ #define LOCKDIR "/var/lib/ebtables"
+ #define LOCKFILE LOCKDIR"/lock"
+ #endif
+-static int lockfd = -1, locked;
+ int use_lockfd;
+ /* Returns 0 on success, -1 when the file is locked by another process
+ * or -2 on any other error. */
+ static int lock_file()
+ {
+- int try = 0;
+- int ret = 0;
+- sigset_t sigset;
+-
+-tryagain:
+- /* the SIGINT handler will call unlock_file. To make sure the state
+- * of the variable locked is correct, we need to temporarily mask the
+- * SIGINT interrupt. */
+- sigemptyset(&sigset);
+- sigaddset(&sigset, SIGINT);
+- sigprocmask(SIG_BLOCK, &sigset, NULL);
+- lockfd = open(LOCKFILE, O_CREAT | O_EXCL | O_WRONLY, 00600);
+- if (lockfd < 0) {
+- if (errno == EEXIST)
+- ret = -1;
+- else if (try == 1)
+- ret = -2;
+- else {
+- if (mkdir(LOCKDIR, 00700))
+- ret = -2;
+- else {
+- try = 1;
+- goto tryagain;
+- }
+- }
+- } else {
+- close(lockfd);
+- locked = 1;
+- }
+- sigprocmask(SIG_UNBLOCK, &sigset, NULL);
+- return ret;
+-}
++ int fd = open(LOCKFILE, O_CREAT, 00600);
+
+-void unlock_file()
+-{
+- if (locked) {
+- remove(LOCKFILE);
+- locked = 0;
+- }
++ if (fd < 0)
++ return -2;
++ return flock(fd, LOCK_EX);
+ }
+
+-void __attribute__ ((destructor)) onexit()
+-{
+- if (use_lockfd)
+- unlock_file();
+-}
+ /* Get the table from the kernel or from a binary file
+ * init: 1 = ask the kernel for the initial contents of a table, i.e. the
+ * way it looks when the table is insmod'ed
+--
+cgit v1.1
+
Reference in New Issue View Git Blame Copy Permalink