diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2013-04-26 09:44:27 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-04-26 09:44:27 +0000 |
| commit | 56b8df8675f516ce962d02c08e7d8485deb19d36 (patch) | |
| tree | 5de1cdf1935195e84878ba996cb3102c9ebfc5f3 /main/linux-grsec | |
| parent | 924229b72ac5f4a85bd0795fa3c099891ad26fb1 (diff) | |
| download | aports-56b8df8675f516ce962d02c08e7d8485deb19d36.tar.bz2 aports-56b8df8675f516ce962d02c08e7d8485deb19d36.tar.xz | |
main/linux-grsec: upgrade to grsecurity-2.9.1-3.8.8-201304241907
Diffstat (limited to 'main/linux-grsec')
| -rw-r--r-- | main/linux-grsec/APKBUILD | 10 | ||||
| -rw-r--r-- | main/linux-grsec/grsecurity-2.9.1-3.8.8-201304241907.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.8.8-201304172116.patch) | 754 |
2 files changed, 720 insertions, 44 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 0dba0bc2b8..c247d4940a 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=3.8.8 _kernver=3.8 -pkgrel=0 +pkgrel=1 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -14,7 +14,7 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - grsecurity-2.9.1-3.8.8-201304172116.patch + grsecurity-2.9.1-3.8.8-201304241907.patch 0004-arp-flush-arp-cache-on-device-change.patch @@ -142,19 +142,19 @@ dev() { md5sums="1c738edfc54e7c65faeb90c436104e2f linux-3.8.tar.xz 08cdcef928c2ca402adf1c444a3c43ac patch-3.8.8.xz -51c922d1e46251ab693f87fa673380d6 grsecurity-2.9.1-3.8.8-201304172116.patch +fc7eefbae7601ee1ea9c6da643172293 grsecurity-2.9.1-3.8.8-201304241907.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch 0914bcf698bb5e1a39d2888ad2c5c442 kernelconfig.x86 477f1a2a20dd6634dfa42f4732235370 kernelconfig.x86_64" sha256sums="e070d1bdfbded5676a4f374721c63565f1c969466c5a3e214004a136b583184b linux-3.8.tar.xz 759313a1012f17c83af15f237f3ad8b50a45f1bb34c62409e558a4d65bf014c3 patch-3.8.8.xz -1ab35660c7a1a33a83e331b1ec23f52f3773ff94e7fd119acd83a58fc1dd3331 grsecurity-2.9.1-3.8.8-201304172116.patch +5c48d0ba120c1858e8b4dc5d4bd579bf0ea6100f1eb7c9469a104c0375639e3c grsecurity-2.9.1-3.8.8-201304241907.patch e2d2d1503f53572c6a2e21da729a13a430dd01f510405ffb3a33b29208860bde 0004-arp-flush-arp-cache-on-device-change.patch fea4df55c6db0a058eb24ede61473bf401a52ceb1945d5d552421847cc947160 kernelconfig.x86 6b4c04220aaecd9854ac6e889e7518c931f1c3f5f2e7c32c2c084ccfc3be911f kernelconfig.x86_64" sha512sums="10a7983391af907d8aec72bdb096d1cabd4911985715e9ea13d35ff09095c035db15d4ab08b92eda7c10026cc27348cb9728c212335f7fcdcda7c610856ec30f linux-3.8.tar.xz dedc73b00d159a944ebc8efe961afafa64db140eca7fa1609dfea52517c60707384e633a5d05c70bb31603f6b668a8ceef1ce28eac62f8ce0fa67395265e8338 patch-3.8.8.xz -be813a5108a42f9b1795d8b4646a492c4ccfcf6e82f984fdce2d7a4be0c1dfd8966c0f8522dd26930e23d48c46bc106e6e4c5fa35f6c008b1dca56367b5b59cd grsecurity-2.9.1-3.8.8-201304172116.patch +29fc165eb57e02c2903f6f67d3b8e51ccce4f68905bb1e5bc22decd95f8ffcb0d6fb70a19d590a6a87d70668a37a9769b545125d0450c9a2eb670bb40caf1500 grsecurity-2.9.1-3.8.8-201304241907.patch b6fdf376009f0f0f3fa194cb11be97343e4d394cf5d3547de6cfca8ad619c5bd3f60719331fd8cfadc47f09d22be8376ba5f871b46b24887ea73fe47e233a54e 0004-arp-flush-arp-cache-on-device-change.patch ffb12d33f55dbc50e97156feaf65e29f6b332750e43c33ed90b2def5029d039b0b87d559483cf3a80f330dadac68f921fa276dc6cc9fbc4e60050985d823501e kernelconfig.x86 3bdc68b0b8d36b051ac543f13eba1151902e1e43e76abef8d8dcbaa6927db6365f1b091505569af8146c89e486e24647e8e96fb6b96f30a0071f59e5923950cb kernelconfig.x86_64" diff --git a/main/linux-grsec/grsecurity-2.9.1-3.8.8-201304172116.patch b/main/linux-grsec/grsecurity-2.9.1-3.8.8-201304241907.patch index b90155e117..749175d279 100644 --- a/main/linux-grsec/grsecurity-2.9.1-3.8.8-201304172116.patch +++ b/main/linux-grsec/grsecurity-2.9.1-3.8.8-201304241907.patch @@ -3306,7 +3306,7 @@ index b0179b8..829510e 100644 + } diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S -index 11c1785..c67d54c 100644 +index 11c1785..1b209f4 100644 --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S @@ -8,7 +8,11 @@ @@ -3334,17 +3334,26 @@ index 11c1785..c67d54c 100644 .text : { /* Real text segment */ _stext = .; /* Text and read-only data */ __exception_text_start = .; -@@ -144,6 +153,10 @@ SECTIONS +@@ -112,6 +121,8 @@ SECTIONS + ARM_CPU_KEEP(PROC_INFO) + } + ++ _etext = .; /* End of text section */ ++ + RO_DATA(PAGE_SIZE) - _etext = .; /* End of text and rodata section */ + . = ALIGN(4); +@@ -142,7 +153,9 @@ SECTIONS + NOTES + +- _etext = .; /* End of text and rodata section */ +#ifdef CONFIG_PAX_KERNEXEC + . = ALIGN(1<<SECTION_SHIFT); +#endif -+ + #ifndef CONFIG_XIP_KERNEL . = ALIGN(PAGE_SIZE); - __init_begin = .; @@ -203,6 +216,11 @@ SECTIONS . = PAGE_OFFSET + TEXT_OFFSET; #else @@ -8237,6 +8246,18 @@ index 6fc1348..390c50a 100644 #define __S100 PAGE_READONLY #define __S101 PAGE_READONLY #define __S110 PAGE_SHARED +diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h +index 08fcce9..7619f2f 100644 +--- a/arch/sparc/include/asm/pgtable_64.h ++++ b/arch/sparc/include/asm/pgtable_64.h +@@ -915,6 +915,7 @@ static inline int io_remap_pfn_range(struct vm_area_struct *vma, + return remap_pfn_range(vma, from, phys_base >> PAGE_SHIFT, size, prot); + } + ++#include <asm/tlbflush.h> + #include <asm-generic/pgtable.h> + + /* We provide our own get_unmapped_area to cope with VA holes and diff --git a/arch/sparc/include/asm/pgtsrmmu.h b/arch/sparc/include/asm/pgtsrmmu.h index 79da178..c2eede8 100644 --- a/arch/sparc/include/asm/pgtsrmmu.h @@ -8354,6 +8375,20 @@ index 9689176..63c18ea 100644 { unsigned long mask, tmp1, tmp2, result; +diff --git a/arch/sparc/include/asm/switch_to_64.h b/arch/sparc/include/asm/switch_to_64.h +index cad36f5..c7de332 100644 +--- a/arch/sparc/include/asm/switch_to_64.h ++++ b/arch/sparc/include/asm/switch_to_64.h +@@ -18,8 +18,7 @@ do { \ + * and 2 stores in this critical code path. -DaveM + */ + #define switch_to(prev, next, last) \ +-do { flush_tlb_pending(); \ +- save_and_clear_fpu(); \ ++do { save_and_clear_fpu(); \ + /* If you are tempted to conditionalize the following */ \ + /* so that ASI is only written if it changes, think again. */ \ + __asm__ __volatile__("wr %%g0, %0, %%asi" \ diff --git a/arch/sparc/include/asm/thread_info_32.h b/arch/sparc/include/asm/thread_info_32.h index 25849ae..924c54b 100644 --- a/arch/sparc/include/asm/thread_info_32.h @@ -8412,6 +8447,82 @@ index 269bd92..e46a9b8 100644 /* * Thread-synchronous status. * +diff --git a/arch/sparc/include/asm/tlbflush_64.h b/arch/sparc/include/asm/tlbflush_64.h +index 2ef4634..f0d6a97 100644 +--- a/arch/sparc/include/asm/tlbflush_64.h ++++ b/arch/sparc/include/asm/tlbflush_64.h +@@ -11,24 +11,40 @@ + struct tlb_batch { + struct mm_struct *mm; + unsigned long tlb_nr; ++ unsigned long active; + unsigned long vaddrs[TLB_BATCH_NR]; + }; + + extern void flush_tsb_kernel_range(unsigned long start, unsigned long end); + extern void flush_tsb_user(struct tlb_batch *tb); ++extern void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr); + + /* TLB flush operations. */ + ++static inline void flush_tlb_mm(struct mm_struct *mm) ++{ ++} ++ ++static inline void flush_tlb_page(struct vm_area_struct *vma, ++ unsigned long vmaddr) ++{ ++} ++ ++static inline void flush_tlb_range(struct vm_area_struct *vma, ++ unsigned long start, unsigned long end) ++{ ++} ++ ++#define __HAVE_ARCH_ENTER_LAZY_MMU_MODE ++ + extern void flush_tlb_pending(void); +- +-#define flush_tlb_range(vma,start,end) \ +- do { (void)(start); flush_tlb_pending(); } while (0) +-#define flush_tlb_page(vma,addr) flush_tlb_pending() +-#define flush_tlb_mm(mm) flush_tlb_pending() ++extern void arch_enter_lazy_mmu_mode(void); ++extern void arch_leave_lazy_mmu_mode(void); ++#define arch_flush_lazy_mmu_mode() do {} while (0) + + /* Local cpu only. */ + extern void __flush_tlb_all(void); +- ++extern void __flush_tlb_page(unsigned long context, unsigned long vaddr); + extern void __flush_tlb_kernel_range(unsigned long start, unsigned long end); + + #ifndef CONFIG_SMP +@@ -38,15 +54,24 @@ do { flush_tsb_kernel_range(start,end); \ + __flush_tlb_kernel_range(start,end); \ + } while (0) + ++static inline void global_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr) ++{ ++ __flush_tlb_page(CTX_HWBITS(mm->context), vaddr); ++} ++ + #else /* CONFIG_SMP */ + + extern void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end); ++extern void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr); + + #define flush_tlb_kernel_range(start, end) \ + do { flush_tsb_kernel_range(start,end); \ + smp_flush_tlb_kernel_range(start, end); \ + } while (0) + ++#define global_flush_tlb_page(mm, vaddr) \ ++ smp_flush_tlb_page(mm, vaddr) ++ + #endif /* ! CONFIG_SMP */ + + #endif /* _SPARC64_TLBFLUSH_H */ diff --git a/arch/sparc/include/asm/uaccess.h b/arch/sparc/include/asm/uaccess.h index 0167d26..767bb0c 100644 --- a/arch/sparc/include/asm/uaccess.h @@ -8658,6 +8769,79 @@ index 7ff45e4..a58f271 100644 audit_syscall_exit(regs); if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) +diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c +index 537eb66..ca64d2a 100644 +--- a/arch/sparc/kernel/smp_64.c ++++ b/arch/sparc/kernel/smp_64.c +@@ -849,7 +849,7 @@ void smp_tsb_sync(struct mm_struct *mm) + } + + extern unsigned long xcall_flush_tlb_mm; +-extern unsigned long xcall_flush_tlb_pending; ++extern unsigned long xcall_flush_tlb_page; + extern unsigned long xcall_flush_tlb_kernel_range; + extern unsigned long xcall_fetch_glob_regs; + extern unsigned long xcall_fetch_glob_pmu; +@@ -1074,23 +1074,56 @@ local_flush_and_out: + put_cpu(); + } + ++struct tlb_pending_info { ++ unsigned long ctx; ++ unsigned long nr; ++ unsigned long *vaddrs; ++}; ++ ++static void tlb_pending_func(void *info) ++{ ++ struct tlb_pending_info *t = info; ++ ++ __flush_tlb_pending(t->ctx, t->nr, t->vaddrs); ++} ++ + void smp_flush_tlb_pending(struct mm_struct *mm, unsigned long nr, unsigned long *vaddrs) + { + u32 ctx = CTX_HWBITS(mm->context); ++ struct tlb_pending_info info; + int cpu = get_cpu(); + ++ info.ctx = ctx; ++ info.nr = nr; ++ info.vaddrs = vaddrs; ++ + if (mm == current->mm && atomic_read(&mm->mm_users) == 1) + cpumask_copy(mm_cpumask(mm), cpumask_of(cpu)); + else +- smp_cross_call_masked(&xcall_flush_tlb_pending, +- ctx, nr, (unsigned long) vaddrs, +- mm_cpumask(mm)); ++ smp_call_function_many(mm_cpumask(mm), tlb_pending_func, ++ &info, 1); + + __flush_tlb_pending(ctx, nr, vaddrs); + + put_cpu(); + } + ++void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr) ++{ ++ unsigned long context = CTX_HWBITS(mm->context); ++ int cpu = get_cpu(); ++ ++ if (mm == current->mm && atomic_read(&mm->mm_users) == 1) ++ cpumask_copy(mm_cpumask(mm), cpumask_of(cpu)); ++ else ++ smp_cross_call_masked(&xcall_flush_tlb_page, ++ context, vaddr, 0, ++ mm_cpumask(mm)); ++ __flush_tlb_page(context, vaddr); ++ ++ put_cpu(); ++} ++ + void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end) + { + start &= PAGE_MASK; diff --git a/arch/sparc/kernel/sys_sparc_32.c b/arch/sparc/kernel/sys_sparc_32.c index 2da0bdc..79128d2 100644 --- a/arch/sparc/kernel/sys_sparc_32.c @@ -10333,6 +10517,369 @@ index d2b5944..bd813f2 100644 return addr; } if (mm->get_unmapped_area == arch_get_unmapped_area) +diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c +index ba6ae7f..272aa4f 100644 +--- a/arch/sparc/mm/tlb.c ++++ b/arch/sparc/mm/tlb.c +@@ -24,11 +24,17 @@ static DEFINE_PER_CPU(struct tlb_batch, tlb_batch); + void flush_tlb_pending(void) + { + struct tlb_batch *tb = &get_cpu_var(tlb_batch); ++ struct mm_struct *mm = tb->mm; + +- if (tb->tlb_nr) { +- flush_tsb_user(tb); ++ if (!tb->tlb_nr) ++ goto out; + +- if (CTX_VALID(tb->mm->context)) { ++ flush_tsb_user(tb); ++ ++ if (CTX_VALID(mm->context)) { ++ if (tb->tlb_nr == 1) { ++ global_flush_tlb_page(mm, tb->vaddrs[0]); ++ } else { + #ifdef CONFIG_SMP + smp_flush_tlb_pending(tb->mm, tb->tlb_nr, + &tb->vaddrs[0]); +@@ -37,12 +43,30 @@ void flush_tlb_pending(void) + tb->tlb_nr, &tb->vaddrs[0]); + #endif + } +- tb->tlb_nr = 0; + } + ++ tb->tlb_nr = 0; ++ ++out: + put_cpu_var(tlb_batch); + } + ++void arch_enter_lazy_mmu_mode(void) ++{ ++ struct tlb_batch *tb = &__get_cpu_var(tlb_batch); ++ ++ tb->active = 1; ++} ++ ++void arch_leave_lazy_mmu_mode(void) ++{ ++ struct tlb_batch *tb = &__get_cpu_var(tlb_batch); ++ ++ if (tb->tlb_nr) ++ flush_tlb_pending(); ++ tb->active = 0; ++} ++ + static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr, + bool exec) + { +@@ -60,6 +84,12 @@ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr, + nr = 0; + } + ++ if (!tb->active) { ++ global_flush_tlb_page(mm, vaddr); ++ flush_tsb_user_page(mm, vaddr); ++ return; ++ } ++ + if (nr == 0) + tb->mm = mm; + +diff --git a/arch/sparc/mm/tsb.c b/arch/sparc/mm/tsb.c +index 428982b..2cc3bce 100644 +--- a/arch/sparc/mm/tsb.c ++++ b/arch/sparc/mm/tsb.c +@@ -7,11 +7,10 @@ + #include <linux/preempt.h> + #include <linux/slab.h> + #include <asm/page.h> +-#include <asm/tlbflush.h> +-#include <asm/tlb.h> +-#include <asm/mmu_context.h> + #include <asm/pgtable.h> ++#include <asm/mmu_context.h> + #include <asm/tsb.h> ++#include <asm/tlb.h> + #include <asm/oplib.h> + + extern struct tsb swapper_tsb[KERNEL_TSB_NENTRIES]; +@@ -46,23 +45,27 @@ void flush_tsb_kernel_range(unsigned long start, unsigned long end) + } + } + ++static void __flush_tsb_one_entry(unsigned long tsb, unsigned long v, ++ unsigned long hash_shift, ++ unsigned long nentries) ++{ ++ unsigned long tag, ent, hash; ++ ++ v &= ~0x1UL; ++ hash = tsb_hash(v, hash_shift, nentries); ++ ent = tsb + (hash * sizeof(struct tsb)); ++ tag = (v >> 22UL); ++ ++ tsb_flush(ent, tag); ++} ++ + static void __flush_tsb_one(struct tlb_batch *tb, unsigned long hash_shift, + unsigned long tsb, unsigned long nentries) + { + unsigned long i; + +- for (i = 0; i < tb->tlb_nr; i++) { +- unsigned long v = tb->vaddrs[i]; +- unsigned long tag, ent, hash; +- +- v &= ~0x1UL; +- +- hash = tsb_hash(v, hash_shift, nentries); +- ent = tsb + (hash * sizeof(struct tsb)); +- tag = (v >> 22UL); +- +- tsb_flush(ent, tag); +- } ++ for (i = 0; i < tb->tlb_nr; i++) ++ __flush_tsb_one_entry(tsb, tb->vaddrs[i], hash_shift, nentries); + } + + void flush_tsb_user(struct tlb_batch *tb) +@@ -90,6 +93,30 @@ void flush_tsb_user(struct tlb_batch *tb) + spin_unlock_irqrestore(&mm->context.lock, flags); + } + ++void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr) ++{ ++ unsigned long nentries, base, flags; ++ ++ spin_lock_irqsave(&mm->context.lock, flags); ++ ++ base = (unsigned long) mm->context.tsb_block[MM_TSB_BASE].tsb; ++ nentries = mm->context.tsb_block[MM_TSB_BASE].tsb_nentries; ++ if (tlb_type == cheetah_plus || tlb_type == hypervisor) ++ base = __pa(base); ++ __flush_tsb_one_entry(base, vaddr, PAGE_SHIFT, nentries); ++ ++#if defined(CONFIG_HUGETLB_PAGE) || defined(CONFIG_TRANSPARENT_HUGEPAGE) ++ if (mm->context.tsb_block[MM_TSB_HUGE].tsb) { ++ base = (unsigned long) mm->context.tsb_block[MM_TSB_HUGE].tsb; ++ nentries = mm->context.tsb_block[MM_TSB_HUGE].tsb_nentries; ++ if (tlb_type == cheetah_plus || tlb_type == hypervisor) ++ base = __pa(base); ++ __flush_tsb_one_entry(base, vaddr, HPAGE_SHIFT, nentries); ++ } ++#endif ++ spin_unlock_irqrestore(&mm->context.lock, flags); ++} ++ + #define HV_PGSZ_IDX_BASE HV_PGSZ_IDX_8K + #define HV_PGSZ_MASK_BASE HV_PGSZ_MASK_8K + +diff --git a/arch/sparc/mm/ultra.S b/arch/sparc/mm/ultra.S +index f8e13d4..432aa0c 100644 +--- a/arch/sparc/mm/ultra.S ++++ b/arch/sparc/mm/ultra.S +@@ -53,6 +53,33 @@ __flush_tlb_mm: /* 18 insns */ + nop + + .align 32 ++ .globl __flush_tlb_page ++__flush_tlb_page: /* 22 insns */ ++ /* %o0 = context, %o1 = vaddr */ ++ rdpr %pstate, %g7 ++ andn %g7, PSTATE_IE, %g2 ++ wrpr %g2, %pstate ++ mov SECONDARY_CONTEXT, %o4 ++ ldxa [%o4] ASI_DMMU, %g2 ++ stxa %o0, [%o4] ASI_DMMU ++ andcc %o1, 1, %g0 ++ andn %o1, 1, %o3 ++ be,pn %icc, 1f ++ or %o3, 0x10, %o3 ++ stxa %g0, [%o3] ASI_IMMU_DEMAP ++1: stxa %g0, [%o3] ASI_DMMU_DEMAP ++ membar #Sync ++ stxa %g2, [%o4] ASI_DMMU ++ sethi %hi(KERNBASE), %o4 ++ flush %o4 ++ retl ++ wrpr %g7, 0x0, %pstate ++ nop ++ nop ++ nop ++ nop ++ ++ .align 32 + .globl __flush_tlb_pending + __flush_tlb_pending: /* 26 insns */ + /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */ +@@ -203,6 +230,31 @@ __cheetah_flush_tlb_mm: /* 19 insns */ + retl + wrpr %g7, 0x0, %pstate + ++__cheetah_flush_tlb_page: /* 22 insns */ ++ /* %o0 = context, %o1 = vaddr */ ++ rdpr %pstate, %g7 ++ andn %g7, PSTATE_IE, %g2 ++ wrpr %g2, 0x0, %pstate ++ wrpr %g0, 1, %tl ++ mov PRIMARY_CONTEXT, %o4 ++ ldxa [%o4] ASI_DMMU, %g2 ++ srlx %g2, CTX_PGSZ1_NUC_SHIFT, %o3 ++ sllx %o3, CTX_PGSZ1_NUC_SHIFT, %o3 ++ or %o0, %o3, %o0 /* Preserve nucleus page size fields */ ++ stxa %o0, [%o4] ASI_DMMU ++ andcc %o1, 1, %g0 ++ be,pn %icc, 1f ++ andn %o1, 1, %o3 ++ stxa %g0, [%o3] ASI_IMMU_DEMAP ++1: stxa %g0, [%o3] ASI_DMMU_DEMAP ++ membar #Sync ++ stxa %g2, [%o4] ASI_DMMU ++ sethi %hi(KERNBASE), %o4 ++ flush %o4 ++ wrpr %g0, 0, %tl ++ retl ++ wrpr %g7, 0x0, %pstate ++ + __cheetah_flush_tlb_pending: /* 27 insns */ + /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */ + rdpr %pstate, %g7 +@@ -269,6 +321,20 @@ __hypervisor_flush_tlb_mm: /* 10 insns */ + retl + nop + ++__hypervisor_flush_tlb_page: /* 11 insns */ ++ /* %o0 = context, %o1 = vaddr */ ++ mov %o0, %g2 ++ mov %o1, %o0 /* ARG0: vaddr + IMMU-bit */ ++ mov %g2, %o1 /* ARG1: mmu context */ ++ mov HV_MMU_ALL, %o2 /* ARG2: flags */ ++ srlx %o0, PAGE_SHIFT, %o0 ++ sllx %o0, PAGE_SHIFT, %o0 ++ ta HV_MMU_UNMAP_ADDR_TRAP ++ brnz,pn %o0, __hypervisor_tlb_tl0_error ++ mov HV_MMU_UNMAP_ADDR_TRAP, %o1 ++ retl ++ nop ++ + __hypervisor_flush_tlb_pending: /* 16 insns */ + /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */ + sllx %o1, 3, %g1 +@@ -339,6 +405,13 @@ cheetah_patch_cachetlbops: + call tlb_patch_one + mov 19, %o2 + ++ sethi %hi(__flush_tlb_page), %o0 ++ or %o0, %lo(__flush_tlb_page), %o0 ++ sethi %hi(__cheetah_flush_tlb_page), %o1 ++ or %o1, %lo(__cheetah_flush_tlb_page), %o1 ++ call tlb_patch_one ++ mov 22, %o2 ++ + sethi %hi(__flush_tlb_pending), %o0 + or %o0, %lo(__flush_tlb_pending), %o0 + sethi %hi(__cheetah_flush_tlb_pending), %o1 +@@ -397,10 +470,9 @@ xcall_flush_tlb_mm: /* 21 insns */ + nop + nop + +- .globl xcall_flush_tlb_pending +-xcall_flush_tlb_pending: /* 21 insns */ +- /* %g5=context, %g1=nr, %g7=vaddrs[] */ +- sllx %g1, 3, %g1 ++ .globl xcall_flush_tlb_page ++xcall_flush_tlb_page: /* 17 insns */ ++ /* %g5=context, %g1=vaddr */ + mov PRIMARY_CONTEXT, %g4 + ldxa [%g4] ASI_DMMU, %g2 + srlx %g2, CTX_PGSZ1_NUC_SHIFT, %g4 +@@ -408,20 +480,16 @@ xcall_flush_tlb_pending: /* 21 insns */ + or %g5, %g4, %g5 + mov PRIMARY_CONTEXT, %g4 + stxa %g5, [%g4] ASI_DMMU +-1: sub %g1, (1 << 3), %g1 +- ldx [%g7 + %g1], %g5 +- andcc %g5, 0x1, %g0 ++ andcc %g1, 0x1, %g0 + be,pn %icc, 2f +- +- andn %g5, 0x1, %g5 ++ andn %g1, 0x1, %g5 + stxa %g0, [%g5] ASI_IMMU_DEMAP + 2: stxa %g0, [%g5] ASI_DMMU_DEMAP + membar #Sync +- brnz,pt %g1, 1b +- nop + stxa %g2, [%g4] ASI_DMMU + retry + nop ++ nop + + .globl xcall_flush_tlb_kernel_range + xcall_flush_tlb_kernel_range: /* 25 insns */ +@@ -656,15 +724,13 @@ __hypervisor_xcall_flush_tlb_mm: /* 21 insns */ + membar #Sync + retry + +- .globl __hypervisor_xcall_flush_tlb_pending +-__hypervisor_xcall_flush_tlb_pending: /* 21 insns */ +- /* %g5=ctx, %g1=nr, %g7=vaddrs[], %g2,%g3,%g4,g6=scratch */ +- sllx %g1, 3, %g1 ++ .globl __hypervisor_xcall_flush_tlb_page ++__hypervisor_xcall_flush_tlb_page: /* 17 insns */ ++ /* %g5=ctx, %g1=vaddr */ + mov %o0, %g2 + mov %o1, %g3 + mov %o2, %g4 +-1: sub %g1, (1 << 3), %g1 +- ldx [%g7 + %g1], %o0 /* ARG0: virtual address */ ++ mov %g1, %o0 /* ARG0: virtual address */ + mov %g5, %o1 /* ARG1: mmu context */ + mov HV_MMU_ALL, %o2 /* ARG2: flags */ + srlx %o0, PAGE_SHIFT, %o0 +@@ -673,8 +739,6 @@ __hypervisor_xcall_flush_tlb_pending: /* 21 insns */ + mov HV_MMU_UNMAP_ADDR_TRAP, %g6 + brnz,a,pn %o0, __hypervisor_tlb_xcall_error + mov %o0, %g5 +- brnz,pt %g1, 1b +- nop + mov %g2, %o0 + mov %g3, %o1 + mov %g4, %o2 +@@ -757,6 +821,13 @@ hypervisor_patch_cachetlbops: + call tlb_patch_one + mov 10, %o2 + ++ sethi %hi(__flush_tlb_page), %o0 ++ or %o0, %lo(__flush_tlb_page), %o0 ++ sethi %hi(__hypervisor_flush_tlb_page), %o1 ++ or %o1, %lo(__hypervisor_flush_tlb_page), %o1 ++ call tlb_patch_one ++ mov 11, %o2 ++ + sethi %hi(__flush_tlb_pending), %o0 + or %o0, %lo(__flush_tlb_pending), %o0 + sethi %hi(__hypervisor_flush_tlb_pending), %o1 +@@ -788,12 +859,12 @@ hypervisor_patch_cachetlbops: + call tlb_patch_one + mov 21, %o2 + +- sethi %hi(xcall_flush_tlb_pending), %o0 +- or %o0, %lo(xcall_flush_tlb_pending), %o0 +- sethi %hi(__hypervisor_xcall_flush_tlb_pending), %o1 +- or %o1, %lo(__hypervisor_xcall_flush_tlb_pending), %o1 ++ sethi %hi(xcall_flush_tlb_page), %o0 ++ or %o0, %lo(xcall_flush_tlb_page), %o0 ++ sethi %hi(__hypervisor_xcall_flush_tlb_page), %o1 ++ or %o1, %lo(__hypervisor_xcall_flush_tlb_page), %o1 + call tlb_patch_one +- mov 21, %o2 ++ mov 17, %o2 + + sethi %hi(xcall_flush_tlb_kernel_range), %o0 + or %o0, %lo(xcall_flush_tlb_kernel_range), %o0 diff --git a/arch/tile/include/asm/atomic_64.h b/arch/tile/include/asm/atomic_64.h index f4500c6..889656c 100644 --- a/arch/tile/include/asm/atomic_64.h @@ -39892,7 +40439,7 @@ index 4c83003..2a2a5b9 100644 break; } diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c -index 4d6f3c5..6169e60 100644 +index 4d6f3c5..449bc5c 100644 --- a/drivers/net/ethernet/emulex/benet/be_main.c +++ b/drivers/net/ethernet/emulex/benet/be_main.c @@ -455,7 +455,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) @@ -39904,6 +40451,18 @@ index 4d6f3c5..6169e60 100644 } void be_parse_stats(struct be_adapter *adapter) +@@ -759,8 +759,9 @@ static struct sk_buff *be_insert_vlan_in_pkt(struct be_adapter *adapter, + + if (vlan_tx_tag_present(skb)) { + vlan_tag = be_get_tx_vlan_tag(adapter, skb); +- __vlan_put_tag(skb, vlan_tag); +- skb->vlan_tci = 0; ++ skb = __vlan_put_tag(skb, vlan_tag); ++ if (skb) ++ skb->vlan_tci = 0; + } + + return skb; diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethernet/faraday/ftgmac100.c index 74d749e..eefb1bd 100644 --- a/drivers/net/ethernet/faraday/ftgmac100.c @@ -40321,9 +40880,18 @@ index 8efe47a..a8075c5 100644 }; diff --git a/drivers/net/tun.c b/drivers/net/tun.c -index cb95fe5..a5bdab5 100644 +index cb95fe5..16909e2 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c +@@ -1594,7 +1594,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) + + if (tun->flags & TUN_TAP_MQ && + (tun->numqueues + tun->numdisabled > 1)) +- return err; ++ return -EBUSY; + } + else { + char *name; @@ -1838,7 +1838,7 @@ unlock: } @@ -40343,6 +40911,19 @@ index cb95fe5..a5bdab5 100644 if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == 0x89) { if (copy_from_user(&ifr, argp, ifreq_len)) return -EFAULT; +diff --git a/drivers/net/usb/cdc_mbim.c b/drivers/net/usb/cdc_mbim.c +index 16c8429..6bd9167 100644 +--- a/drivers/net/usb/cdc_mbim.c ++++ b/drivers/net/usb/cdc_mbim.c +@@ -134,7 +134,7 @@ static struct sk_buff *cdc_mbim_tx_fixup(struct usbnet *dev, struct sk_buff *skb + goto error; + + if (skb) { +- if (skb->len <= sizeof(ETH_HLEN)) ++ if (skb->len <= ETH_HLEN) + goto error; + + /* mapping VLANs to MBIM sessions: diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c index cd8ccb2..cff5144 100644 --- a/drivers/net/usb/hso.c @@ -50762,10 +51343,10 @@ index b2a34a1..162fa69 100644 return rc; } diff --git a/fs/exec.c b/fs/exec.c -index 20df02c..c9a5bc9 100644 +index 20df02c..9a87617 100644 --- a/fs/exec.c +++ b/fs/exec.c -@@ -55,6 +55,17 @@ +@@ -55,8 +55,20 @@ #include <linux/pipe_fs_i.h> #include <linux/oom.h> #include <linux/compat.h> @@ -50782,8 +51363,11 @@ index 20df02c..c9a5bc9 100644 +#include <trace/events/fs.h> #include <asm/uaccess.h> ++#include <asm/sections.h> #include <asm/mmu_context.h> -@@ -66,6 +77,18 @@ + #include <asm/tlb.h> + +@@ -66,6 +78,18 @@ #include <trace/events/sched.h> @@ -50802,7 +51386,7 @@ index 20df02c..c9a5bc9 100644 int suid_dumpable = 0; static LIST_HEAD(formats); -@@ -75,8 +98,8 @@ void __register_binfmt(struct linux_binfmt * fmt, int insert) +@@ -75,8 +99,8 @@ void __register_binfmt(struct linux_binfmt * fmt, int insert) { BUG_ON(!fmt); write_lock(&binfmt_lock); @@ -50813,7 +51397,7 @@ index 20df02c..c9a5bc9 100644 write_unlock(&binfmt_lock); } -@@ -85,7 +108,7 @@ EXPORT_SYMBOL(__register_binfmt); +@@ -85,7 +109,7 @@ EXPORT_SYMBOL(__register_binfmt); void unregister_binfmt(struct linux_binfmt * fmt) { write_lock(&binfmt_lock); @@ -50822,7 +51406,7 @@ index 20df02c..c9a5bc9 100644 write_unlock(&binfmt_lock); } -@@ -180,18 +203,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -180,18 +204,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, int write) { struct page *page; @@ -50844,7 +51428,7 @@ index 20df02c..c9a5bc9 100644 return NULL; if (write) { -@@ -207,6 +222,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -207,6 +223,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, if (size <= ARG_MAX) return page; @@ -50862,7 +51446,7 @@ index 20df02c..c9a5bc9 100644 /* * Limit to 1/4-th the stack size for the argv+env strings. * This ensures that: -@@ -266,6 +292,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -266,6 +293,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) vma->vm_end = STACK_TOP_MAX; vma->vm_start = vma->vm_end - PAGE_SIZE; vma->vm_flags = VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP; @@ -50874,7 +51458,7 @@ index 20df02c..c9a5bc9 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); INIT_LIST_HEAD(&vma->anon_vma_chain); -@@ -276,6 +307,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -276,6 +308,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) mm->stack_vm = mm->total_vm = 1; up_write(&mm->mmap_sem); bprm->p = vma->vm_end - sizeof(void *); @@ -50887,7 +51471,7 @@ index 20df02c..c9a5bc9 100644 return 0; err: up_write(&mm->mmap_sem); -@@ -396,7 +433,7 @@ struct user_arg_ptr { +@@ -396,7 +434,7 @@ struct user_arg_ptr { } ptr; }; @@ -50896,7 +51480,7 @@ index 20df02c..c9a5bc9 100644 { const char __user *native; -@@ -405,14 +442,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) +@@ -405,14 +443,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) compat_uptr_t compat; if (get_user(compat, argv.ptr.compat + nr)) @@ -50913,7 +51497,7 @@ index 20df02c..c9a5bc9 100644 return native; } -@@ -431,7 +468,7 @@ static int count(struct user_arg_ptr argv, int max) +@@ -431,7 +469,7 @@ static int count(struct user_arg_ptr argv, int max) if (!p) break; @@ -50922,7 +51506,7 @@ index 20df02c..c9a5bc9 100644 return -EFAULT; if (i >= max) -@@ -466,7 +503,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, +@@ -466,7 +504,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, ret = -EFAULT; str = get_user_arg_ptr(argv, argc); @@ -50931,7 +51515,7 @@ index 20df02c..c9a5bc9 100644 goto out; len = strnlen_user(str, MAX_ARG_STRLEN); -@@ -548,7 +585,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, +@@ -548,7 +586,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, int r; mm_segment_t oldfs = get_fs(); struct user_arg_ptr argv = { @@ -50940,7 +51524,7 @@ index 20df02c..c9a5bc9 100644 }; set_fs(KERNEL_DS); -@@ -583,7 +620,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -583,7 +621,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) unsigned long new_end = old_end - shift; struct mmu_gather tlb; @@ -50950,7 +51534,7 @@ index 20df02c..c9a5bc9 100644 /* * ensure there are no vmas between where we want to go -@@ -592,6 +630,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -592,6 +631,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) if (vma != find_vma(mm, new_start)) return -EFAULT; @@ -50961,7 +51545,7 @@ index 20df02c..c9a5bc9 100644 /* * cover the whole range: [new_start, old_end) */ -@@ -672,10 +714,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -672,10 +715,6 @@ int setup_arg_pages(struct linux_binprm *bprm, stack_top = arch_align_stack(stack_top); stack_top = PAGE_ALIGN(stack_top); @@ -50972,7 +51556,7 @@ index 20df02c..c9a5bc9 100644 stack_shift = vma->vm_end - stack_top; bprm->p -= stack_shift; -@@ -687,8 +725,28 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -687,8 +726,28 @@ int setup_arg_pages(struct linux_binprm *bprm, bprm->exec -= stack_shift; down_write(&mm->mmap_sem); @@ -51001,7 +51585,7 @@ index 20df02c..c9a5bc9 100644 /* * Adjust stack execute permissions; explicitly enable for * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone -@@ -707,13 +765,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -707,13 +766,6 @@ int setup_arg_pages(struct linux_binprm *bprm, goto out_unlock; BUG_ON(prev != vma); @@ -51015,7 +51599,7 @@ index 20df02c..c9a5bc9 100644 /* mprotect_fixup is overkill to remove the temporary stack flags */ vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP; -@@ -737,6 +788,27 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -737,6 +789,27 @@ int setup_arg_pages(struct linux_binprm *bprm, #endif current->mm->start_stack = bprm->p; ret = expand_stack(vma, stack_base); @@ -51043,7 +51627,7 @@ index 20df02c..c9a5bc9 100644 if (ret) ret = -EFAULT; -@@ -772,6 +844,8 @@ struct file *open_exec(const char *name) +@@ -772,6 +845,8 @@ struct file *open_exec(const char *name) fsnotify_open(file); @@ -51052,7 +51636,7 @@ index 20df02c..c9a5bc9 100644 err = deny_write_access(file); if (err) goto exit; -@@ -795,7 +869,7 @@ int kernel_read(struct file *file, loff_t offset, +@@ -795,7 +870,7 @@ int kernel_read(struct file *file, loff_t offset, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -51061,7 +51645,7 @@ index 20df02c..c9a5bc9 100644 set_fs(old_fs); return result; } -@@ -1247,7 +1321,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) +@@ -1247,7 +1322,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -51070,7 +51654,7 @@ index 20df02c..c9a5bc9 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; } else { res = -EAGAIN; -@@ -1447,6 +1521,31 @@ int search_binary_handler(struct linux_binprm *bprm) +@@ -1447,6 +1522,31 @@ int search_binary_handler(struct linux_binprm *bprm) EXPORT_SYMBOL(search_binary_handler); @@ -51102,7 +51686,7 @@ index 20df02c..c9a5bc9 100644 /* * sys_execve() executes a new program. */ -@@ -1454,6 +1553,11 @@ static int do_execve_common(const char *filename, +@@ -1454,6 +1554,11 @@ static int do_execve_common(const char *filename, struct user_arg_ptr argv, struct user_arg_ptr envp) { @@ -51114,7 +51698,7 @@ index 20df02c..c9a5bc9 100644 struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1461,6 +1565,8 @@ static int do_execve_common(const char *filename, +@@ -1461,6 +1566,8 @@ static int do_execve_common(const char *filename, int retval; const struct cred *cred = current_cred(); @@ -51123,7 +51707,7 @@ index 20df02c..c9a5bc9 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1501,12 +1607,27 @@ static int do_execve_common(const char *filename, +@@ -1501,12 +1608,27 @@ static int do_execve_common(const char *filename, if (IS_ERR(file)) goto out_unmark; @@ -51151,7 +51735,7 @@ index 20df02c..c9a5bc9 100644 retval = bprm_mm_init(bprm); if (retval) goto out_file; -@@ -1523,24 +1644,65 @@ static int do_execve_common(const char *filename, +@@ -1523,24 +1645,65 @@ static int do_execve_common(const char *filename, if (retval < 0) goto out; @@ -51221,7 +51805,7 @@ index 20df02c..c9a5bc9 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1549,6 +1711,14 @@ static int do_execve_common(const char *filename, +@@ -1549,6 +1712,14 @@ static int do_execve_common(const char *filename, put_files_struct(displaced); return retval; @@ -51236,7 +51820,7 @@ index 20df02c..c9a5bc9 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1697,3 +1867,278 @@ asmlinkage long compat_sys_execve(const char __user * filename, +@@ -1697,3 +1868,278 @@ asmlinkage long compat_sys_execve(const char __user * filename, return error; } #endif @@ -53424,6 +54008,19 @@ index 2b6f569..fcb4d1f 100644 if (!IS_ERR(s)) kfree(s); } +diff --git a/fs/hfsplus/extents.c b/fs/hfsplus/extents.c +index eba76eab..fc8ddc1 100644 +--- a/fs/hfsplus/extents.c ++++ b/fs/hfsplus/extents.c +@@ -533,7 +533,7 @@ void hfsplus_file_truncate(struct inode *inode) + struct address_space *mapping = inode->i_mapping; + struct page *page; + void *fsdata; +- u32 size = inode->i_size; ++ loff_t size = inode->i_size; + + res = pagecache_write_begin(NULL, mapping, size, 0, + AOP_FLAG_UNINTERRUPTIBLE, diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c index 78bde32..767e906 100644 --- a/fs/hugetlbfs/inode.c @@ -73019,6 +73616,21 @@ index 5a15fab..d799ea7 100644 extern int __rtnl_link_register(struct rtnl_link_ops *ops); extern void __rtnl_link_unregister(struct rtnl_link_ops *ops); +diff --git a/include/net/scm.h b/include/net/scm.h +index 975cca0..b117081 100644 +--- a/include/net/scm.h ++++ b/include/net/scm.h +@@ -56,8 +56,8 @@ static __inline__ void scm_set_cred(struct scm_cookie *scm, + scm->pid = get_pid(pid); + scm->cred = cred ? get_cred(cred) : NULL; + scm->creds.pid = pid_vnr(pid); +- scm->creds.uid = cred ? cred->euid : INVALID_UID; +- scm->creds.gid = cred ? cred->egid : INVALID_GID; ++ scm->creds.uid = cred ? cred->uid : INVALID_UID; ++ scm->creds.gid = cred ? cred->gid : INVALID_GID; + } + + static __inline__ void scm_destroy_cred(struct scm_cookie *scm) diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h index 7fdf298..197e9f7 100644 --- a/include/net/sctp/sctp.h @@ -78437,7 +79049,7 @@ index 81fa536..6ccf96a 100644 int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); diff --git a/kernel/signal.c b/kernel/signal.c -index dec9c30..d1da15b 100644 +index dec9c30..92c8f65 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -50,12 +50,12 @@ static struct kmem_cache *sigqueue_cachep; @@ -78563,6 +79175,15 @@ index dec9c30..d1da15b 100644 if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) { error = check_kill_permission(sig, info, p); /* +@@ -2880,7 +2911,7 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) + + static int do_tkill(pid_t tgid, pid_t pid, int sig) + { +- struct siginfo info; ++ struct siginfo info = {}; + + info.si_signo = sig; + info.si_errno = 0; @@ -3138,8 +3169,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack, } seg = get_fs(); @@ -86701,9 +87322,30 @@ index a8e4f26..25e5f40 100644 #endif if (dflt != &ipv4_devconf_dflt) diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c -index 3b4f0cd..8cb864c 100644 +index 3b4f0cd..a6ba66e 100644 --- a/net/ipv4/esp4.c +++ b/net/ipv4/esp4.c +@@ -139,8 +139,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) + + /* skb is pure payload to encrypt */ + +- err = -ENOMEM; +- + esp = x->data; + aead = esp->aead; + alen = crypto_aead_authsize(aead); +@@ -176,8 +174,10 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) + } + + tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen); +- if (!tmp) ++ if (!tmp) { ++ err = -ENOMEM; + goto error; ++ } + + seqhi = esp_tmp_seqhi(tmp); + iv = esp_tmp_iv(aead, tmp, seqhilen); @@ -503,7 +503,7 @@ static void esp4_err(struct sk_buff *skb, u32 info) return; @@ -87226,6 +87868,21 @@ index a0fcc47..32e2c89 100644 get_random_bytes(&net->ipv4.dev_addr_genid, sizeof(net->ipv4.dev_addr_genid)); return 0; +diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c +index b236ef04..f962f19 100644 +--- a/net/ipv4/syncookies.c ++++ b/net/ipv4/syncookies.c +@@ -348,8 +348,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, + * hasn't changed since we received the original syn, but I see + * no easy way to do this. + */ +- flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), +- RT_SCOPE_UNIVERSE, IPPROTO_TCP, ++ flowi4_init_output(&fl4, sk->sk_bound_dev_if, sk->sk_mark, ++ RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP, + inet_sk_flowi_flags(sk), + (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, + ireq->loc_addr, th->source, th->dest); diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index d84400b..62e066e 100644 --- a/net/ipv4/sysctl_net_ipv4.c @@ -87490,6 +88147,25 @@ index f35f2df..ccb5ca6 100644 } else if (fastopen) { /* received a valid RST pkt */ reqsk_fastopen_remove(sk, req, true); tcp_reset(sk); +diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c +index 17d659e..a9f50ee 100644 +--- a/net/ipv4/tcp_output.c ++++ b/net/ipv4/tcp_output.c +@@ -2388,8 +2388,12 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb) + */ + TCP_SKB_CB(skb)->when = tcp_time_stamp; + +- /* make sure skb->data is aligned on arches that require it */ +- if (unlikely(NET_IP_ALIGN && ((unsigned long)skb->data & 3))) { ++ /* make sure skb->data is aligned on arches that require it ++ * and check if ack-trimming & collapsing extended the headroom ++ * beyond what csum_start can cover. ++ */ ++ if (unlikely((NET_IP_ALIGN && ((unsigned long)skb->data & 3)) || ++ skb_headroom(skb) >= 0xFFFF)) { + struct sk_buff *nskb = __pskb_copy(skb, MAX_TCP_HEADER, + GFP_ATOMIC); + return nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) : diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c index 4526fe6..1a34e43 100644 --- a/net/ipv4/tcp_probe.c |