b3f95490b9
This adds initial support for kernel 4.14 based on the patches for kernel 4.9. In the configuration I deactivated some of the new possible security features like: CONFIG_REFCOUNT_FULL CONFIG_SLAB_FREELIST_HARDENED CONFIG_SOFTLOCKUP_DETECTOR CONFIG_WARN_ALL_UNSEEDED_RANDOM And these overlay FS options are also deactivated: CONFIG_OVERLAY_FS_INDEX CONFIG_OVERLAY_FS_REDIRECT_DIR I activated this: CONFIG_FORTIFY_SOURCE CONFIG_POSIX_TIMERS CONFIG_SLAB_MERGE_DEFAULT CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED I am not sure if I did the porting correct for the following patches: target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch target/linux/generic/hack-4.14/220-gc_sections.patch target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch target/linux/generic/pending-4.14/305-mips_module_reloc.patch target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
136 lines
3.5 KiB
Diff
136 lines
3.5 KiB
Diff
From 3b6115d6b57a263bdc8c9b1df273bd4a7955eead Mon Sep 17 00:00:00 2001
|
|
From: Felix Fietkau <nbd@nbd.name>
|
|
Date: Sat, 8 Jul 2017 08:16:31 +0200
|
|
Subject: debloat: add some debloat patches, strip down procfs and make O_DIRECT support optional, saves ~15K after lzma on MIPS
|
|
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
---
|
|
net/Kconfig | 3 +++
|
|
net/core/Makefile | 3 ++-
|
|
net/core/sock.c | 2 ++
|
|
net/ipv4/Kconfig | 1 +
|
|
net/netlink/Kconfig | 1 +
|
|
net/packet/Kconfig | 1 +
|
|
net/unix/Kconfig | 1 +
|
|
7 files changed, 11 insertions(+), 1 deletion(-)
|
|
|
|
--- a/net/Kconfig
|
|
+++ b/net/Kconfig
|
|
@@ -97,6 +97,9 @@ source "net/netlabel/Kconfig"
|
|
|
|
endif # if INET
|
|
|
|
+config SOCK_DIAG
|
|
+ bool
|
|
+
|
|
config NETWORK_SECMARK
|
|
bool "Security Marking"
|
|
help
|
|
--- a/net/core/Makefile
|
|
+++ b/net/core/Makefile
|
|
@@ -10,9 +10,10 @@ obj-$(CONFIG_SYSCTL) += sysctl_net_core.
|
|
|
|
obj-y += dev.o ethtool.o dev_addr_lists.o dst.o netevent.o \
|
|
neighbour.o rtnetlink.o utils.o link_watch.o filter.o \
|
|
- sock_diag.o dev_ioctl.o tso.o sock_reuseport.o \
|
|
+ dev_ioctl.o tso.o sock_reuseport.o \
|
|
fib_notifier.o
|
|
|
|
+obj-$(CONFIG_SOCK_DIAG) += sock_diag.o
|
|
obj-y += net-sysfs.o
|
|
obj-$(CONFIG_PROC_FS) += net-procfs.o
|
|
obj-$(CONFIG_NET_PKTGEN) += pktgen.o
|
|
--- a/net/core/sock.c
|
|
+++ b/net/core/sock.c
|
|
@@ -528,6 +528,18 @@ discard_and_relse:
|
|
}
|
|
EXPORT_SYMBOL(__sk_receive_skb);
|
|
|
|
+u64 sock_gen_cookie(struct sock *sk)
|
|
+{
|
|
+ while (1) {
|
|
+ u64 res = atomic64_read(&sk->sk_cookie);
|
|
+
|
|
+ if (res)
|
|
+ return res;
|
|
+ res = atomic64_inc_return(&sock_net(sk)->cookie_gen);
|
|
+ atomic64_cmpxchg(&sk->sk_cookie, 0, res);
|
|
+ }
|
|
+}
|
|
+
|
|
struct dst_entry *__sk_dst_check(struct sock *sk, u32 cookie)
|
|
{
|
|
struct dst_entry *dst = __sk_dst_get(sk);
|
|
@@ -1597,9 +1609,11 @@ void sk_destruct(struct sock *sk)
|
|
|
|
static void __sk_free(struct sock *sk)
|
|
{
|
|
+#ifdef CONFIG_SOCK_DIAG
|
|
if (unlikely(sock_diag_has_destroy_listeners(sk) && sk->sk_net_refcnt))
|
|
sock_diag_broadcast_destroy(sk);
|
|
else
|
|
+#endif
|
|
sk_destruct(sk);
|
|
}
|
|
|
|
--- a/net/core/sock_diag.c
|
|
+++ b/net/core/sock_diag.c
|
|
@@ -19,18 +19,6 @@ static int (*inet_rcv_compat)(struct sk_
|
|
static DEFINE_MUTEX(sock_diag_table_mutex);
|
|
static struct workqueue_struct *broadcast_wq;
|
|
|
|
-u64 sock_gen_cookie(struct sock *sk)
|
|
-{
|
|
- while (1) {
|
|
- u64 res = atomic64_read(&sk->sk_cookie);
|
|
-
|
|
- if (res)
|
|
- return res;
|
|
- res = atomic64_inc_return(&sock_net(sk)->cookie_gen);
|
|
- atomic64_cmpxchg(&sk->sk_cookie, 0, res);
|
|
- }
|
|
-}
|
|
-
|
|
int sock_diag_check_cookie(struct sock *sk, const __u32 *cookie)
|
|
{
|
|
u64 res;
|
|
--- a/net/ipv4/Kconfig
|
|
+++ b/net/ipv4/Kconfig
|
|
@@ -420,6 +420,7 @@ config INET_XFRM_MODE_BEET
|
|
|
|
config INET_DIAG
|
|
tristate "INET: socket monitoring interface"
|
|
+ select SOCK_DIAG
|
|
default y
|
|
---help---
|
|
Support for INET (TCP, DCCP, etc) socket monitoring interface used by
|
|
--- a/net/netlink/Kconfig
|
|
+++ b/net/netlink/Kconfig
|
|
@@ -4,6 +4,7 @@
|
|
|
|
config NETLINK_DIAG
|
|
tristate "NETLINK: socket monitoring interface"
|
|
+ select SOCK_DIAG
|
|
default n
|
|
---help---
|
|
Support for NETLINK socket monitoring interface used by the ss tool.
|
|
--- a/net/packet/Kconfig
|
|
+++ b/net/packet/Kconfig
|
|
@@ -18,6 +18,7 @@ config PACKET
|
|
config PACKET_DIAG
|
|
tristate "Packet: sockets monitoring interface"
|
|
depends on PACKET
|
|
+ select SOCK_DIAG
|
|
default n
|
|
---help---
|
|
Support for PF_PACKET sockets monitoring interface used by the ss tool.
|
|
--- a/net/unix/Kconfig
|
|
+++ b/net/unix/Kconfig
|
|
@@ -22,6 +22,7 @@ config UNIX
|
|
config UNIX_DIAG
|
|
tristate "UNIX: socket monitoring interface"
|
|
depends on UNIX
|
|
+ select SOCK_DIAG
|
|
default n
|
|
---help---
|
|
Support for UNIX socket monitoring interface used by the ss tool.
|