diff options
author | Francesco Colista <francesco.colista@gmail.com> | 2012-04-03 06:03:46 +0000 |
---|---|---|
committer | Francesco Colista <francesco.colista@gmail.com> | 2012-04-03 06:03:46 +0000 |
commit | 027945a6923d34041d4d51ec0e545b16766ac1c7 (patch) | |
tree | 2b1d84fd842b32a29ce25216c8a79fbe5d0183bf | |
parent | 654f0bde6fd494625fbe95ce05533a5964a49c20 (diff) | |
parent | 00e42c64cf45d9166ded3ed62fbe497b6433fddc (diff) | |
download | aports-027945a6923d34041d4d51ec0e545b16766ac1c7.tar.bz2 aports-027945a6923d34041d4d51ec0e545b16766ac1c7.tar.xz |
Merge git://dev.alpinelinux.org/aports
-rw-r--r-- | main/dahdi-linux-grsec/APKBUILD | 2 | ||||
-rw-r--r-- | main/linux-firmware/APKBUILD | 4 | ||||
-rw-r--r-- | main/linux-grsec/APKBUILD | 29 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.9-3.3.0-201204010912.patch (renamed from main/linux-grsec/grsecurity-2.9-3.2.12-201203191822.patch) | 12737 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig.x86 | 304 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig.x86_64 | 309 | ||||
-rw-r--r-- | main/open-vm-tools-grsec/APKBUILD | 9 | ||||
-rw-r--r-- | main/open-vm-tools-vserver/APKBUILD | 9 | ||||
-rw-r--r-- | main/open-vm-tools/APKBUILD | 6 | ||||
-rw-r--r-- | main/xtables-addons-grsec/APKBUILD | 2 | ||||
-rw-r--r-- | testing/libee/APKBUILD | 32 | ||||
-rw-r--r-- | testing/libestr/APKBUILD | 30 | ||||
-rw-r--r-- | testing/openswan-grsec/APKBUILD | 2 | ||||
-rw-r--r-- | testing/rsyslog/APKBUILD | 17 | ||||
-rw-r--r-- | testing/wanpipe-grsec/APKBUILD | 2 |
15 files changed, 3948 insertions, 9546 deletions
diff --git a/main/dahdi-linux-grsec/APKBUILD b/main/dahdi-linux-grsec/APKBUILD index c5fd5d674c..c7c32c0236 100644 --- a/main/dahdi-linux-grsec/APKBUILD +++ b/main/dahdi-linux-grsec/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Timo Teras <timo.teras@iki.fi> _flavor=grsec -_kver=3.2.12 +_kver=3.3.0 _kpkgrel=0 _mypkgrel=0 diff --git a/main/linux-firmware/APKBUILD b/main/linux-firmware/APKBUILD index bfdbaeadbb..28c32b0e7d 100644 --- a/main/linux-firmware/APKBUILD +++ b/main/linux-firmware/APKBUILD @@ -1,7 +1,7 @@ # Contributor: William Pitcock <nenolod@dereferenced.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=linux-firmware -pkgver=20120227 +pkgver=20120402 pkgrel=0 pkgdesc="firmware files for linux" url="http://git.kernel.org/?p=linux/kernel/git/dwmw2/linux-firmware.git;a=summary" @@ -45,4 +45,4 @@ package() { mv "${_builddir}" ${pkgdir}/lib/firmware } -md5sums="32bd475e32ab11ed3e229bbec8b68ad3 linux-firmware-20120227.tar.bz2" +md5sums="1e78386f651bf467ac42caa775ec3c56 linux-firmware-20120402.tar.bz2" diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index cc177f6673..9e9028165b 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,8 +2,8 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.2.12 -_kernver=3.2 +pkgver=3.3.0 +_kernver=3.3 pkgrel=0 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net @@ -12,16 +12,11 @@ makedepends="perl installkernel bash gmp-dev" options="!strip" _config=${config:-kernelconfig.${CARCH}} install= -source="http://ftp.kernel.org/pub/linux/kernel/v3.0/linux-$_kernver.tar.bz2 - http://ftp.kernel.org/pub/linux/kernel/v3.0/patch-$pkgver.bz2 - grsecurity-2.9-3.2.12-201203191822.patch +source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz + grsecurity-2.9-3.3.0-201204010912.patch 0004-arp-flush-arp-cache-on-device-change.patch - x86-centaur-enable-cx8-for-via-eden-too.patch - inetpeer-invalidate-the-inetpeer-tree-along-with-the-routing-cache.patch - route-remove-redirect-genid.patch - kernelconfig.x86 kernelconfig.x86_64 " @@ -34,8 +29,8 @@ _abi_release=${pkgver}-${_flavor} prepare() { local _patch_failed= cd "$srcdir"/linux-$_kernver - if [ "$_kernver" != "$pkgver" ]; then - bunzip2 -c < "$srcdir"/patch-$pkgver.bz2 | patch -p1 -N || return 1 + if [ "${pkgver%.0}" != "$pkgver" ]; then + unxz -c < "$srcdir"/patch-$pkgver.xz | patch -p1 -N || return 1 fi # first apply patches in specified order @@ -140,12 +135,8 @@ dev() { "$subpkgdir"/lib/modules/${_abi_release}/build } -md5sums="7ceb61f87c097fc17509844b71268935 linux-3.2.tar.bz2 -377a6d731cd246aaa0c0f6a432b7aece patch-3.2.12.bz2 -3dc3551af038565f35bf0169942bf0ba grsecurity-2.9-3.2.12-201203191822.patch +md5sums="7133f5a2086a7d7ef97abac610c094f5 linux-3.3.tar.xz +4a84e775da56db17d11945991029482c grsecurity-2.9-3.3.0-201204010912.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch -f3eda7112ef074a4121ec6de943c63ee x86-centaur-enable-cx8-for-via-eden-too.patch -0e57daa3b43acadd82ae66fa9e3f7da1 inetpeer-invalidate-the-inetpeer-tree-along-with-the-routing-cache.patch -06061e5de624849e082c3c8dbe37c908 route-remove-redirect-genid.patch -a7d9961d4118514989499cf2da3c6801 kernelconfig.x86 -9120cc34f987b0fa1f74ba5df9f0aa40 kernelconfig.x86_64" +51458d030e02ea7bc134df4f37557cb0 kernelconfig.x86 +ae652877225cb3e3b8a3705b3a411d71 kernelconfig.x86_64" diff --git a/main/linux-grsec/grsecurity-2.9-3.2.12-201203191822.patch b/main/linux-grsec/grsecurity-2.9-3.3.0-201204010912.patch index 54fa297bca..2ccba897a3 100644 --- a/main/linux-grsec/grsecurity-2.9-3.2.12-201203191822.patch +++ b/main/linux-grsec/grsecurity-2.9-3.3.0-201204010912.patch @@ -1,12 +1,8 @@ diff --git a/Documentation/dontdiff b/Documentation/dontdiff -index dfa6fc6..df93044 100644 +index 0c083c5..9c2512a 100644 --- a/Documentation/dontdiff +++ b/Documentation/dontdiff -@@ -2,9 +2,11 @@ - *.aux - *.bin - *.bz2 -+*.c.[012]*.* +@@ -5,6 +5,7 @@ *.cis *.cpio *.csp @@ -14,7 +10,7 @@ index dfa6fc6..df93044 100644 *.dsp *.dvi *.elf -@@ -14,6 +16,7 @@ +@@ -14,6 +15,7 @@ *.gcov *.gen.S *.gif @@ -22,7 +18,7 @@ index dfa6fc6..df93044 100644 *.grep *.grp *.gz -@@ -48,9 +51,11 @@ +@@ -48,9 +50,11 @@ *.tab.h *.tex *.ver @@ -34,7 +30,7 @@ index dfa6fc6..df93044 100644 *_vga16.c *~ \#*# -@@ -70,6 +75,7 @@ Kerntypes +@@ -69,6 +73,7 @@ Image Module.markers Module.symvers PENDING @@ -42,7 +38,7 @@ index dfa6fc6..df93044 100644 SCCS System.map* TAGS -@@ -93,19 +99,24 @@ bounds.h +@@ -92,19 +97,24 @@ bounds.h bsetup btfixupprep build @@ -67,7 +63,7 @@ index dfa6fc6..df93044 100644 conmakehash consolemap_deftbl.c* cpustr.h -@@ -116,9 +127,11 @@ devlist.h* +@@ -115,9 +125,11 @@ devlist.h* dnotify_test docproc dslm @@ -79,7 +75,7 @@ index dfa6fc6..df93044 100644 fixdep flask.h fore200e_mkfirm -@@ -126,12 +139,15 @@ fore200e_pca_fw.c* +@@ -125,12 +137,15 @@ fore200e_pca_fw.c* gconf gconf.glade.h gen-devlist @@ -95,7 +91,7 @@ index dfa6fc6..df93044 100644 hpet_example hugepage-mmap hugepage-shm -@@ -146,7 +162,7 @@ int32.c +@@ -145,7 +160,7 @@ int32.c int4.c int8.c kallsyms @@ -104,7 +100,7 @@ index dfa6fc6..df93044 100644 keywords.c ksym.c* ksym.h* -@@ -154,7 +170,7 @@ kxgettext +@@ -153,7 +168,7 @@ kxgettext lkc_defs.h lex.c lex.*.c @@ -113,7 +109,7 @@ index dfa6fc6..df93044 100644 logo_*.c logo_*_clut224.c logo_*_mono.c -@@ -166,14 +182,15 @@ machtypes.h +@@ -165,14 +180,15 @@ machtypes.h map map_hugetlb maui_boot.h @@ -130,7 +126,7 @@ index dfa6fc6..df93044 100644 mkprep mkregtable mktables -@@ -209,6 +226,7 @@ r300_reg_safe.h +@@ -208,6 +224,7 @@ r300_reg_safe.h r420_reg_safe.h r600_reg_safe.h recordmcount @@ -138,7 +134,7 @@ index dfa6fc6..df93044 100644 relocs rlim_names.h rn50_reg_safe.h -@@ -219,6 +237,7 @@ setup +@@ -218,6 +235,7 @@ setup setup.bin setup.elf sImage @@ -146,7 +142,7 @@ index dfa6fc6..df93044 100644 sm_tbl* split-include syscalltab.h -@@ -229,6 +248,7 @@ tftpboot.img +@@ -228,6 +246,7 @@ tftpboot.img timeconst.h times.h* trix_boot.h @@ -154,7 +150,7 @@ index dfa6fc6..df93044 100644 utsrelease.h* vdso-syms.lds vdso.lds -@@ -246,7 +266,9 @@ vmlinux +@@ -245,7 +264,9 @@ vmlinux vmlinux-* vmlinux.aout vmlinux.bin.all @@ -164,7 +160,7 @@ index dfa6fc6..df93044 100644 vmlinuz voffset.h vsyscall.lds -@@ -254,9 +276,11 @@ vsyscall_32.lds +@@ -253,9 +274,11 @@ vsyscall_32.lds wanxlfw.inc uImage unifdef @@ -177,10 +173,10 @@ index dfa6fc6..df93044 100644 +zconf.lex.c zoffset.h diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 81c287f..d456d02 100644 +index d99fd9c..8689fef 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -1935,6 +1935,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -1977,6 +1977,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. @@ -195,7 +191,7 @@ index 81c287f..d456d02 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 15e80f1..4fb87db 100644 +index 1932984..0204e68 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -221,7 +217,7 @@ index 15e80f1..4fb87db 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -564,6 +565,53 @@ else +@@ -564,6 +565,50 @@ else KBUILD_CFLAGS += -O2 endif @@ -248,13 +244,10 @@ index 15e80f1..4fb87db 100644 +endif +endif +COLORIZE_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/colorize_plugin.so -+ifdef CONFIG_PAX_SIZE_OVERFLOW -+SIZE_OVERFLOW_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/size_overflow_plugin.so -DSIZE_OVERFLOW_PLUGIN -+endif +GCC_PLUGINS_CFLAGS := $(CONSTIFY_PLUGIN_CFLAGS) $(STACKLEAK_PLUGIN_CFLAGS) $(KALLOCSTAT_PLUGIN_CFLAGS) -+GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) $(SIZE_OVERFLOW_PLUGIN_CFLAGS) ++GCC_PLUGINS_CFLAGS += $(KERNEXEC_PLUGIN_CFLAGS) $(CHECKER_PLUGIN_CFLAGS) $(COLORIZE_PLUGIN_CFLAGS) +GCC_PLUGINS_AFLAGS := $(KERNEXEC_PLUGIN_AFLAGS) -+export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN SIZE_OVERFLOW_PLUGIN ++export CONSTIFY_PLUGIN STACKLEAK_PLUGIN KERNEXEC_PLUGIN CHECKER_PLUGIN +ifeq ($(KBUILD_EXTMOD),) +gcc-plugins: + $(Q)$(MAKE) $(build)=tools/gcc @@ -275,7 +268,7 @@ index 15e80f1..4fb87db 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -708,7 +756,7 @@ export mod_strip_cmd +@@ -708,7 +753,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -284,7 +277,7 @@ index 15e80f1..4fb87db 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -932,6 +980,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -932,6 +977,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -293,7 +286,7 @@ index 15e80f1..4fb87db 100644 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -941,7 +991,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -941,7 +988,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -302,7 +295,7 @@ index 15e80f1..4fb87db 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -985,6 +1035,7 @@ prepare0: archprepare FORCE +@@ -985,6 +1032,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -310,7 +303,7 @@ index 15e80f1..4fb87db 100644 prepare: prepare0 # Generate some files -@@ -1086,6 +1137,8 @@ all: modules +@@ -1089,6 +1137,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -319,7 +312,7 @@ index 15e80f1..4fb87db 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1101,7 +1154,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1104,7 +1154,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -328,7 +321,7 @@ index 15e80f1..4fb87db 100644 # Target to install modules PHONY += modules_install -@@ -1198,6 +1251,7 @@ distclean: mrproper +@@ -1201,6 +1251,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -336,7 +329,7 @@ index 15e80f1..4fb87db 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1358,6 +1412,8 @@ PHONY += $(module-dirs) modules +@@ -1361,6 +1412,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -345,7 +338,7 @@ index 15e80f1..4fb87db 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1484,17 +1540,21 @@ else +@@ -1487,17 +1540,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -371,7 +364,7 @@ index 15e80f1..4fb87db 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1504,11 +1564,15 @@ endif +@@ -1507,11 +1564,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -685,7 +678,7 @@ index fadd5f8..904e73a 100644 /* Allow reads even for write-only mappings */ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h -index 86976d0..683de93 100644 +index 86976d0..8e07f84 100644 --- a/arch/arm/include/asm/atomic.h +++ b/arch/arm/include/asm/atomic.h @@ -15,6 +15,10 @@ @@ -887,7 +880,35 @@ index 86976d0..683de93 100644 static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr) { unsigned long tmp, tmp2; -@@ -207,6 +349,10 @@ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr) +@@ -165,7 +307,9 @@ static inline int atomic_add_return(int i, atomic_t *v) + + return val; + } ++#define atomic_add_return_unchecked(i, v) atomic_add_return(i, v) + #define atomic_add(i, v) (void) atomic_add_return(i, v) ++#define atomic_add_unchecked(i, v) (void) atomic_add_return_unchecked(i, v) + + static inline int atomic_sub_return(int i, atomic_t *v) + { +@@ -179,7 +323,9 @@ static inline int atomic_sub_return(int i, atomic_t *v) + + return val; + } ++#define atomic_sub_return_unchecked(i, v) atomic_sub_return(i, v) + #define atomic_sub(i, v) (void) atomic_sub_return(i, v) ++#define atomic_sub_unchecked(i, v) (void) atomic_sub_return_unchecked(i, v) + + static inline int atomic_cmpxchg(atomic_t *v, int old, int new) + { +@@ -194,6 +340,7 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new) + + return ret; + } ++#define atomic_cmpxchg_unchecked(v, o, n) atomic_cmpxchg(v, o, n) + + static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr) + { +@@ -207,6 +354,10 @@ static inline void atomic_clear_mask(unsigned long mask, unsigned long *addr) #endif /* __LINUX_ARM_ARCH__ */ #define atomic_xchg(v, new) (xchg(&((v)->counter), new)) @@ -898,7 +919,7 @@ index 86976d0..683de93 100644 static inline int __atomic_add_unless(atomic_t *v, int a, int u) { -@@ -219,11 +365,27 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) +@@ -219,11 +370,27 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) } #define atomic_inc(v) atomic_add(1, v) @@ -926,7 +947,7 @@ index 86976d0..683de93 100644 #define atomic_dec_return(v) (atomic_sub_return(1, v)) #define atomic_sub_and_test(i, v) (atomic_sub_return(i, v) == 0) -@@ -239,6 +401,14 @@ typedef struct { +@@ -239,6 +406,14 @@ typedef struct { u64 __aligned(8) counter; } atomic64_t; @@ -941,7 +962,7 @@ index 86976d0..683de93 100644 #define ATOMIC64_INIT(i) { (i) } static inline u64 atomic64_read(atomic64_t *v) -@@ -254,6 +424,19 @@ static inline u64 atomic64_read(atomic64_t *v) +@@ -254,6 +429,19 @@ static inline u64 atomic64_read(atomic64_t *v) return result; } @@ -961,7 +982,7 @@ index 86976d0..683de93 100644 static inline void atomic64_set(atomic64_t *v, u64 i) { u64 tmp; -@@ -268,6 +451,20 @@ static inline void atomic64_set(atomic64_t *v, u64 i) +@@ -268,6 +456,20 @@ static inline void atomic64_set(atomic64_t *v, u64 i) : "cc"); } @@ -982,7 +1003,7 @@ index 86976d0..683de93 100644 static inline void atomic64_add(u64 i, atomic64_t *v) { u64 result; -@@ -276,6 +473,36 @@ static inline void atomic64_add(u64 i, atomic64_t *v) +@@ -276,6 +478,36 @@ static inline void atomic64_add(u64 i, atomic64_t *v) __asm__ __volatile__("@ atomic64_add\n" "1: ldrexd %0, %H0, [%3]\n" " adds %0, %0, %4\n" @@ -1019,7 +1040,7 @@ index 86976d0..683de93 100644 " adc %H0, %H0, %H4\n" " strexd %1, %0, %H0, [%3]\n" " teq %1, #0\n" -@@ -287,12 +514,49 @@ static inline void atomic64_add(u64 i, atomic64_t *v) +@@ -287,12 +519,49 @@ static inline void atomic64_add(u64 i, atomic64_t *v) static inline u64 atomic64_add_return(u64 i, atomic64_t *v) { @@ -1071,7 +1092,7 @@ index 86976d0..683de93 100644 "1: ldrexd %0, %H0, [%3]\n" " adds %0, %0, %4\n" " adc %H0, %H0, %H4\n" -@@ -316,6 +580,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) +@@ -316,6 +585,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) __asm__ __volatile__("@ atomic64_sub\n" "1: ldrexd %0, %H0, [%3]\n" " subs %0, %0, %4\n" @@ -1108,7 +1129,7 @@ index 86976d0..683de93 100644 " sbc %H0, %H0, %H4\n" " strexd %1, %0, %H0, [%3]\n" " teq %1, #0\n" -@@ -327,18 +621,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) +@@ -327,18 +626,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) static inline u64 atomic64_sub_return(u64 i, atomic64_t *v) { @@ -1146,7 +1167,7 @@ index 86976d0..683de93 100644 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (i) : "cc"); -@@ -372,6 +680,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new) +@@ -372,6 +685,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new) return oldval; } @@ -1177,7 +1198,7 @@ index 86976d0..683de93 100644 static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new) { u64 result; -@@ -395,21 +727,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new) +@@ -395,21 +732,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new) static inline u64 atomic64_dec_if_positive(atomic64_t *v) { @@ -1219,7 +1240,7 @@ index 86976d0..683de93 100644 : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter) : "cc"); -@@ -432,13 +777,25 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u) +@@ -432,13 +782,25 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u) " teq %0, %5\n" " teqeq %H0, %H5\n" " moveq %1, #0\n" @@ -1247,7 +1268,7 @@ index 86976d0..683de93 100644 : "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter) : "r" (&v->counter), "r" (u), "r" (a) : "cc"); -@@ -451,10 +808,13 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u) +@@ -451,10 +813,13 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u) #define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0) #define atomic64_inc(v) atomic64_add(1LL, (v)) @@ -1347,7 +1368,7 @@ index 53426c6..c7baff3 100644 #ifdef CONFIG_OUTER_CACHE diff --git a/arch/arm/include/asm/page.h b/arch/arm/include/asm/page.h -index ca94653..6ac0d56 100644 +index 97b440c..b7ff179 100644 --- a/arch/arm/include/asm/page.h +++ b/arch/arm/include/asm/page.h @@ -123,7 +123,7 @@ struct cpu_user_fns { @@ -1360,10 +1381,10 @@ index ca94653..6ac0d56 100644 #ifdef MULTI_USER extern struct cpu_user_fns cpu_user; diff --git a/arch/arm/include/asm/system.h b/arch/arm/include/asm/system.h -index 984014b..a6d914f 100644 +index e4c96cc..1145653 100644 --- a/arch/arm/include/asm/system.h +++ b/arch/arm/include/asm/system.h -@@ -90,6 +90,8 @@ void hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, +@@ -98,6 +98,8 @@ void hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, #define xchg(ptr,x) \ ((__typeof__(*(ptr)))__xchg((unsigned long)(x),(ptr),sizeof(*(ptr)))) @@ -1372,16 +1393,7 @@ index 984014b..a6d914f 100644 extern asmlinkage void c_backtrace(unsigned long fp, int pmode); -@@ -101,7 +103,7 @@ extern int __pure cpu_architecture(void); - extern void cpu_init(void); - - void arm_machine_restart(char mode, const char *cmd); --extern void (*arm_pm_restart)(char str, const char *cmd); -+extern void (*arm_pm_restart)(char str, const char *cmd) __noreturn; - - #define UDBG_UNDEFINED (1 << 0) - #define UDBG_SYSCALL (1 << 1) -@@ -526,6 +528,13 @@ static inline unsigned long long __cmpxchg64_mb(volatile void *ptr, +@@ -534,6 +536,13 @@ static inline unsigned long long __cmpxchg64_mb(volatile void *ptr, #endif /* __LINUX_ARM_ARCH__ >= 6 */ @@ -1396,7 +1408,7 @@ index 984014b..a6d914f 100644 #define arch_align_stack(x) (x) diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h -index b293616..96310e5 100644 +index 2958976..12ccac4 100644 --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h @@ -22,6 +22,8 @@ @@ -1470,7 +1482,7 @@ index 5b0bce6..becd81c 100644 EXPORT_SYMBOL(__get_user_1); diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c -index 3d0c6fb..9d326fa 100644 +index 971d65c..cc936fb 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -28,7 +28,6 @@ @@ -1481,33 +1493,19 @@ index 3d0c6fb..9d326fa 100644 #include <linux/hw_breakpoint.h> #include <linux/cpuidle.h> -@@ -92,7 +91,7 @@ static int __init hlt_setup(char *__unused) - __setup("nohlt", nohlt_setup); - __setup("hlt", hlt_setup); - --void arm_machine_restart(char mode, const char *cmd) -+__noreturn void arm_machine_restart(char mode, const char *cmd) - { - /* Disable interrupts first */ - local_irq_disable(); -@@ -134,7 +133,7 @@ void arm_machine_restart(char mode, const char *cmd) - void (*pm_power_off)(void); - EXPORT_SYMBOL(pm_power_off); - --void (*arm_pm_restart)(char str, const char *cmd) = arm_machine_restart; -+void (*arm_pm_restart)(char str, const char *cmd) __noreturn = arm_machine_restart; - EXPORT_SYMBOL_GPL(arm_pm_restart); - - static void do_nothing(void *unused) -@@ -248,6 +247,7 @@ void machine_power_off(void) +@@ -273,9 +272,10 @@ void machine_power_off(void) machine_shutdown(); if (pm_power_off) pm_power_off(); + BUG(); } - void machine_restart(char *cmd) -@@ -484,12 +484,6 @@ unsigned long get_wchan(struct task_struct *p) +-void machine_restart(char *cmd) ++__noreturn void machine_restart(char *cmd) + { + machine_shutdown(); + +@@ -517,12 +517,6 @@ unsigned long get_wchan(struct task_struct *p) return 0; } @@ -1521,10 +1519,10 @@ index 3d0c6fb..9d326fa 100644 /* * The vectors page is always readable from user space for the diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c -index 8fc2c8f..064c150 100644 +index a255c39..4a19b25 100644 --- a/arch/arm/kernel/setup.c +++ b/arch/arm/kernel/setup.c -@@ -108,13 +108,13 @@ struct processor processor __read_mostly; +@@ -109,13 +109,13 @@ struct processor processor __read_mostly; struct cpu_tlb_fns cpu_tlb __read_mostly; #endif #ifdef MULTI_USER @@ -1542,7 +1540,7 @@ index 8fc2c8f..064c150 100644 #endif diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index 99a5727..a3d5bb1 100644 +index f84dfe6..13e94f7 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c @@ -259,6 +259,8 @@ static int __die(const char *str, int err, struct thread_info *thread, struct pt @@ -1554,7 +1552,7 @@ index 99a5727..a3d5bb1 100644 /* * This function is protected against re-entrancy. */ -@@ -288,6 +290,9 @@ void die(const char *str, struct pt_regs *regs, int err) +@@ -291,6 +293,9 @@ void die(const char *str, struct pt_regs *regs, int err) panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); @@ -1631,7 +1629,7 @@ index d066df6..df28194 100644 .pushsection .fixup,"ax" diff --git a/arch/arm/lib/uaccess.S b/arch/arm/lib/uaccess.S -index d0ece2a..5ae2f39 100644 +index 5c908b1..e712687 100644 --- a/arch/arm/lib/uaccess.S +++ b/arch/arm/lib/uaccess.S @@ -20,7 +20,7 @@ @@ -1643,7 +1641,7 @@ index d0ece2a..5ae2f39 100644 * Purpose : copy a block to user memory from kernel memory * Params : to - user memory * : from - kernel memory -@@ -40,7 +40,7 @@ USER( T(strgtb) r3, [r0], #1) @ May fault +@@ -40,7 +40,7 @@ USER( TUSER( strgtb) r3, [r0], #1) @ May fault sub r2, r2, ip b .Lc2u_dest_aligned @@ -1652,9 +1650,9 @@ index d0ece2a..5ae2f39 100644 stmfd sp!, {r2, r4 - r7, lr} cmp r2, #4 blt .Lc2u_not_enough -@@ -278,14 +278,14 @@ USER( T(strgeb) r3, [r0], #1) @ May fault +@@ -278,14 +278,14 @@ USER( TUSER( strgeb) r3, [r0], #1) @ May fault ldrgtb r3, [r1], #0 - USER( T(strgtb) r3, [r0], #1) @ May fault + USER( TUSER( strgtb) r3, [r0], #1) @ May fault b .Lc2u_finished -ENDPROC(__copy_to_user) +ENDPROC(___copy_to_user) @@ -1669,7 +1667,7 @@ index d0ece2a..5ae2f39 100644 * Purpose : copy a block from user memory to kernel memory * Params : to - kernel memory * : from - user memory -@@ -304,7 +304,7 @@ USER( T(ldrgtb) r3, [r1], #1) @ May fault +@@ -304,7 +304,7 @@ USER( TUSER( ldrgtb) r3, [r1], #1) @ May fault sub r2, r2, ip b .Lcfu_dest_aligned @@ -1678,8 +1676,8 @@ index d0ece2a..5ae2f39 100644 stmfd sp!, {r0, r2, r4 - r7, lr} cmp r2, #4 blt .Lcfu_not_enough -@@ -544,7 +544,7 @@ USER( T(ldrgeb) r3, [r1], #1) @ May fault - USER( T(ldrgtb) r3, [r1], #1) @ May fault +@@ -544,7 +544,7 @@ USER( TUSER( ldrgeb) r3, [r1], #1) @ May fault + USER( TUSER( ldrgtb) r3, [r1], #1) @ May fault strgtb r3, [r0], #1 b .Lcfu_finished -ENDPROC(__copy_from_user) @@ -1701,10 +1699,10 @@ index 025f742..8432b08 100644 /* * This test is stubbed out of the main function above to keep diff --git a/arch/arm/mach-omap2/board-n8x0.c b/arch/arm/mach-omap2/board-n8x0.c -index e9d5f4a..f099699 100644 +index 6722627..8f97548c 100644 --- a/arch/arm/mach-omap2/board-n8x0.c +++ b/arch/arm/mach-omap2/board-n8x0.c -@@ -593,7 +593,7 @@ static int n8x0_menelaus_late_init(struct device *dev) +@@ -597,7 +597,7 @@ static int n8x0_menelaus_late_init(struct device *dev) } #endif @@ -1727,10 +1725,10 @@ index 2b2d51c..0127490 100644 static int mbox_show(struct seq_file *s, void *data) { diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c -index aa33949..d366075 100644 +index bb7eac3..3bade16 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c -@@ -183,6 +183,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr, +@@ -172,6 +172,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr, } #endif @@ -1744,7 +1742,7 @@ index aa33949..d366075 100644 tsk->thread.address = addr; tsk->thread.error_code = fsr; tsk->thread.trap_no = 14; -@@ -384,6 +391,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) +@@ -393,6 +400,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) } #endif /* CONFIG_MMU */ @@ -1778,7 +1776,7 @@ index aa33949..d366075 100644 /* * First Level Translation Fault Handler * -@@ -628,6 +662,20 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) +@@ -573,6 +607,20 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr); struct siginfo info; @@ -1800,10 +1798,10 @@ index aa33949..d366075 100644 return; diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c -index 44b628e..623ee2a 100644 +index ce8cb19..3ec539d 100644 --- a/arch/arm/mm/mmap.c +++ b/arch/arm/mm/mmap.c -@@ -54,6 +54,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -93,6 +93,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (len > TASK_SIZE) return -ENOMEM; @@ -1814,7 +1812,7 @@ index 44b628e..623ee2a 100644 if (addr) { if (do_align) addr = COLOUR_ALIGN(addr, pgoff); -@@ -61,15 +65,14 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -100,15 +104,14 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -1827,14 +1825,14 @@ index 44b628e..623ee2a 100644 - start_addr = addr = mm->free_area_cache; + start_addr = addr = mm->free_area_cache; } else { -- start_addr = addr = TASK_UNMAPPED_BASE; +- start_addr = addr = mm->mmap_base; - mm->cached_hole_size = 0; + start_addr = addr = mm->mmap_base; + mm->cached_hole_size = 0; } - /* 8 bits of randomness in 20 address space bits */ - if ((current->flags & PF_RANDOMIZE) && -@@ -89,14 +92,14 @@ full_search: + + full_search: +@@ -124,14 +127,14 @@ full_search: * Start a new search - just in case we missed * some holes. */ @@ -1852,11 +1850,34 @@ index 44b628e..623ee2a 100644 /* * Remember the place where we stopped the search: */ +@@ -266,10 +269,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) + + if (mmap_is_legacy()) { + mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ mm->mmap_base += mm->delta_mmap; ++#endif ++ + mm->get_unmapped_area = arch_get_unmapped_area; + mm->unmap_area = arch_unmap_area; + } else { + mm->mmap_base = mmap_base(random_factor); ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ mm->mmap_base -= mm->delta_mmap + mm->delta_stack; ++#endif ++ + mm->get_unmapped_area = arch_get_unmapped_area_topdown; + mm->unmap_area = arch_unmap_area_topdown; + } diff --git a/arch/arm/plat-samsung/include/plat/dma-ops.h b/arch/arm/plat-samsung/include/plat/dma-ops.h -index 4c1a363..df311d0 100644 +index 71a6827..e7fbc23 100644 --- a/arch/arm/plat-samsung/include/plat/dma-ops.h +++ b/arch/arm/plat-samsung/include/plat/dma-ops.h -@@ -41,7 +41,7 @@ struct samsung_dma_ops { +@@ -43,7 +43,7 @@ struct samsung_dma_ops { int (*started)(unsigned ch); int (*flush)(unsigned ch); int (*stop)(unsigned ch); @@ -2477,10 +2498,10 @@ index 5ca674b..e0e1b70 100644 addr = ALIGN(vmm->vm_end, HPAGE_SIZE); } diff --git a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c -index 00cb0e2..2ad8024 100644 +index 13df239d..cb52116 100644 --- a/arch/ia64/mm/init.c +++ b/arch/ia64/mm/init.c -@@ -120,6 +120,19 @@ ia64_init_addr_space (void) +@@ -121,6 +121,19 @@ ia64_init_addr_space (void) vma->vm_start = current->thread.rbs_bot & PAGE_MASK; vma->vm_end = vma->vm_start + PAGE_SIZE; vma->vm_flags = VM_DATA_DEFAULT_FLAGS|VM_GROWSUP|VM_ACCOUNT; @@ -2650,10 +2671,10 @@ index 455c0ac..ad65fbe 100644 - #endif /* _ASM_ELF_H */ diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h -index e59cd1a..8e329d6 100644 +index da9bd7d..91aa7ab 100644 --- a/arch/mips/include/asm/page.h +++ b/arch/mips/include/asm/page.h -@@ -93,7 +93,7 @@ extern void copy_user_highpage(struct page *to, struct page *from, +@@ -98,7 +98,7 @@ extern void copy_user_highpage(struct page *to, struct page *from, #ifdef CONFIG_CPU_MIPS32 typedef struct { unsigned long pte_low, pte_high; } pte_t; #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32)) @@ -2711,10 +2732,10 @@ index ff44823..97f8906 100644 /* diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c -index c47f96e..661d418 100644 +index 7955409..ceaea7c 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c -@@ -481,15 +481,3 @@ unsigned long get_wchan(struct task_struct *task) +@@ -483,15 +483,3 @@ unsigned long get_wchan(struct task_struct *task) out: return pc; } @@ -2731,7 +2752,7 @@ index c47f96e..661d418 100644 - return sp & ALMASK; -} diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c -index 937cf33..adb39bb 100644 +index 69ebd58..e4bff83 100644 --- a/arch/mips/mm/fault.c +++ b/arch/mips/mm/fault.c @@ -28,6 +28,23 @@ @@ -3417,10 +3438,10 @@ index d4a7f64..451de1c 100644 return (vm_flags & VM_SAO) ? __pgprot(_PAGE_SAO) : __pgprot(0); } diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h -index dd9c4fd..a2ced87 100644 +index f072e97..b436dee 100644 --- a/arch/powerpc/include/asm/page.h +++ b/arch/powerpc/include/asm/page.h -@@ -141,8 +141,9 @@ extern phys_addr_t kernstart_addr; +@@ -220,8 +220,9 @@ extern long long virt_phys_offset; * and needs to be executable. This means the whole heap ends * up being executable. */ @@ -3432,7 +3453,7 @@ index dd9c4fd..a2ced87 100644 #define VM_DATA_DEFAULT_FLAGS64 (VM_READ | VM_WRITE | \ VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC) -@@ -170,6 +171,9 @@ extern phys_addr_t kernstart_addr; +@@ -249,6 +250,9 @@ extern long long virt_phys_offset; #define is_kernel_addr(x) ((x) >= PAGE_OFFSET) #endif @@ -3443,10 +3464,10 @@ index dd9c4fd..a2ced87 100644 * Use the top bit of the higher-level page table entries to indicate whether * the entries we point to contain hugepages. This works because we know that diff --git a/arch/powerpc/include/asm/page_64.h b/arch/powerpc/include/asm/page_64.h -index fb40ede..d3ce956 100644 +index fed85e6..da5c71b 100644 --- a/arch/powerpc/include/asm/page_64.h +++ b/arch/powerpc/include/asm/page_64.h -@@ -144,15 +144,18 @@ do { \ +@@ -146,15 +146,18 @@ do { \ * stack by default, so in the absence of a PT_GNU_STACK program header * we turn execute permission off. */ @@ -3468,7 +3489,7 @@ index fb40ede..d3ce956 100644 #include <asm-generic/getorder.h> diff --git a/arch/powerpc/include/asm/pgtable.h b/arch/powerpc/include/asm/pgtable.h -index 88b0bd9..e32bc67 100644 +index 2e0e411..7899c68 100644 --- a/arch/powerpc/include/asm/pgtable.h +++ b/arch/powerpc/include/asm/pgtable.h @@ -2,6 +2,7 @@ @@ -3492,7 +3513,7 @@ index 4aad413..85d86bf 100644 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */ #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */ diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h -index 559da19..7e5835c 100644 +index 7fdc2c0..e47a9b02d3 100644 --- a/arch/powerpc/include/asm/reg.h +++ b/arch/powerpc/include/asm/reg.h @@ -212,6 +212,7 @@ @@ -3504,10 +3525,10 @@ index 559da19..7e5835c 100644 #define DSISR_ISSTORE 0x02000000 /* access was a store */ #define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */ diff --git a/arch/powerpc/include/asm/system.h b/arch/powerpc/include/asm/system.h -index e30a13d..2b7d994 100644 +index c377457..3c69fbc 100644 --- a/arch/powerpc/include/asm/system.h +++ b/arch/powerpc/include/asm/system.h -@@ -530,7 +530,7 @@ __cmpxchg_local(volatile void *ptr, unsigned long old, unsigned long new, +@@ -539,7 +539,7 @@ __cmpxchg_local(volatile void *ptr, unsigned long old, unsigned long new, #define cmpxchg64_local(ptr, o, n) __cmpxchg64_local_generic((ptr), (o), (n)) #endif @@ -3720,7 +3741,7 @@ index 429983c..7af363b 100644 ld r4,_DAR(r1) bl .bad_page_fault diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S -index cf9c69b..ebc9640 100644 +index 15c5a4f..22a4000 100644 --- a/arch/powerpc/kernel/exceptions-64s.S +++ b/arch/powerpc/kernel/exceptions-64s.S @@ -1004,10 +1004,10 @@ handle_page_fault: @@ -3736,10 +3757,10 @@ index cf9c69b..ebc9640 100644 addi r3,r1,STACK_FRAME_OVERHEAD lwz r4,_DAR(r1) diff --git a/arch/powerpc/kernel/irq.c b/arch/powerpc/kernel/irq.c -index 745c1e7..59d97a6 100644 +index 01e2877..a1ba360 100644 --- a/arch/powerpc/kernel/irq.c +++ b/arch/powerpc/kernel/irq.c -@@ -547,9 +547,6 @@ struct irq_host *irq_alloc_host(struct device_node *of_node, +@@ -560,9 +560,6 @@ struct irq_host *irq_alloc_host(struct device_node *of_node, host->ops = ops; host->of_node = of_node_get(of_node); @@ -3749,7 +3770,7 @@ index 745c1e7..59d97a6 100644 raw_spin_lock_irqsave(&irq_big_lock, flags); /* If it's a legacy controller, check for duplicates and -@@ -622,7 +619,12 @@ struct irq_host *irq_find_host(struct device_node *node) +@@ -635,7 +632,12 @@ struct irq_host *irq_find_host(struct device_node *node) */ raw_spin_lock_irqsave(&irq_big_lock, flags); list_for_each_entry(h, &irq_hosts, link) @@ -3797,10 +3818,10 @@ index 0b6d796..d760ddb 100644 /* Find this entry, or if that fails, the next avail. entry */ while (entry->jump[0]) { diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c -index 6457574..08b28d3 100644 +index d817ab0..b23b18e 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c -@@ -660,8 +660,8 @@ void show_regs(struct pt_regs * regs) +@@ -676,8 +676,8 @@ void show_regs(struct pt_regs * regs) * Lookup NIP late so we have the best change of getting the * above info out without failing */ @@ -3811,7 +3832,7 @@ index 6457574..08b28d3 100644 #endif show_stack(current, (unsigned long *) regs->gpr[1]); if (!user_mode(regs)) -@@ -1165,10 +1165,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1181,10 +1181,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) newsp = stack[0]; ip = stack[STACK_FRAME_LR_SAVE]; if (!firstframe || ip != lr) { @@ -3824,7 +3845,7 @@ index 6457574..08b28d3 100644 (void *)current->ret_stack[curr_frame].ret); curr_frame--; } -@@ -1188,7 +1188,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1204,7 +1204,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) struct pt_regs *regs = (struct pt_regs *) (sp + STACK_FRAME_OVERHEAD); lr = regs->link; @@ -3833,7 +3854,7 @@ index 6457574..08b28d3 100644 regs->trap, (void *)regs->nip, (void *)lr); firstframe = 1; } -@@ -1263,58 +1263,3 @@ void thread_info_cache_init(void) +@@ -1279,58 +1279,3 @@ void thread_info_cache_init(void) } #endif /* THREAD_SHIFT < PAGE_SHIFT */ @@ -3919,26 +3940,27 @@ index a50b5ec..547078a 100644 } else { err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]); diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c -index 5459d14..10f8070 100644 +index c091527..5592625 100644 --- a/arch/powerpc/kernel/traps.c +++ b/arch/powerpc/kernel/traps.c -@@ -98,6 +98,8 @@ static void pmac_backlight_unblank(void) - static inline void pmac_backlight_unblank(void) { } - #endif +@@ -131,6 +131,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs) + return flags; + } +extern void gr_handle_kernel_exploit(void); + - int die(const char *str, struct pt_regs *regs, long err) + static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, + int signr) { - static struct { -@@ -171,6 +173,8 @@ int die(const char *str, struct pt_regs *regs, long err) +@@ -178,6 +180,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, + panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); - ++ + gr_handle_kernel_exploit(); + - oops_exit(); - do_exit(err); + do_exit(signr); + } diff --git a/arch/powerpc/kernel/vdso.c b/arch/powerpc/kernel/vdso.c index 7d14bb6..1305601 100644 @@ -4006,7 +4028,7 @@ index 5eea6f3..5d10396 100644 EXPORT_SYMBOL(copy_in_user); diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c -index 5efe8c9..db9ceef 100644 +index 2f0d1b0..36fb5cc 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -32,6 +32,10 @@ @@ -4026,9 +4048,9 @@ index 5efe8c9..db9ceef 100644 #include <mm/mmu_decl.h> +#include <asm/ptrace.h> - #ifdef CONFIG_KPROBES - static inline int notify_page_fault(struct pt_regs *regs) -@@ -66,6 +71,33 @@ static inline int notify_page_fault(struct pt_regs *regs) + #include "icswx.h" + +@@ -68,6 +73,33 @@ static inline int notify_page_fault(struct pt_regs *regs) } #endif @@ -4062,7 +4084,7 @@ index 5efe8c9..db9ceef 100644 /* * Check whether the instruction at regs->nip is a store using * an update addressing form which will update r1. -@@ -136,7 +168,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, +@@ -138,7 +170,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, * indicate errors in DSISR but can validly be set in SRR1. */ if (trap == 0x400) @@ -4071,7 +4093,7 @@ index 5efe8c9..db9ceef 100644 else is_write = error_code & DSISR_ISSTORE; #else -@@ -259,7 +291,7 @@ good_area: +@@ -276,7 +308,7 @@ good_area: * "undefined". Of those that can be set, this is the only * one which seems bad. */ @@ -4080,7 +4102,7 @@ index 5efe8c9..db9ceef 100644 /* Guarded storage error. */ goto bad_area; #endif /* CONFIG_8xx */ -@@ -274,7 +306,7 @@ good_area: +@@ -291,7 +323,7 @@ good_area: * processors use the same I/D cache coherency mechanism * as embedded. */ @@ -4089,7 +4111,7 @@ index 5efe8c9..db9ceef 100644 goto bad_area; #endif /* CONFIG_PPC_STD_MMU */ -@@ -343,6 +375,23 @@ bad_area: +@@ -360,6 +392,23 @@ bad_area: bad_area_nosemaphore: /* User mode accesses cause a SIGSEGV */ if (user_mode(regs)) { @@ -4114,10 +4136,10 @@ index 5efe8c9..db9ceef 100644 return 0; } diff --git a/arch/powerpc/mm/mmap_64.c b/arch/powerpc/mm/mmap_64.c -index 5a783d8..c23e14b 100644 +index 67a42ed..1c7210c 100644 --- a/arch/powerpc/mm/mmap_64.c +++ b/arch/powerpc/mm/mmap_64.c -@@ -99,10 +99,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -91,10 +91,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) */ if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -4277,10 +4299,10 @@ index 547f1a6..0b22b53 100644 - #endif diff --git a/arch/s390/include/asm/system.h b/arch/s390/include/asm/system.h -index ef573c1..75a1ce6 100644 +index d73cc6b..1a296ad 100644 --- a/arch/s390/include/asm/system.h +++ b/arch/s390/include/asm/system.h -@@ -262,7 +262,7 @@ extern void (*_machine_restart)(char *command); +@@ -260,7 +260,7 @@ extern void (*_machine_restart)(char *command); extern void (*_machine_halt)(void); extern void (*_machine_power_off)(void); @@ -4401,10 +4423,10 @@ index dfcb343..eda788a 100644 if (r_type == R_390_GOTPC) *(unsigned int *) loc = val; diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c -index 53088e2..9f44a36 100644 +index e795933..b32563c 100644 --- a/arch/s390/kernel/process.c +++ b/arch/s390/kernel/process.c -@@ -320,39 +320,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -323,39 +323,3 @@ unsigned long get_wchan(struct task_struct *p) } return 0; } @@ -4630,18 +4652,6 @@ index afeb710..d1d1289 100644 bottomup: /* -diff --git a/arch/sparc/Kconfig b/arch/sparc/Kconfig -index f92602e..27060b2 100644 ---- a/arch/sparc/Kconfig -+++ b/arch/sparc/Kconfig -@@ -31,6 +31,7 @@ config SPARC - - config SPARC32 - def_bool !64BIT -+ select GENERIC_ATOMIC64 - - config SPARC64 - def_bool 64BIT diff --git a/arch/sparc/Makefile b/arch/sparc/Makefile index eddcfb3..b117d90 100644 --- a/arch/sparc/Makefile @@ -4655,19 +4665,6 @@ index eddcfb3..b117d90 100644 VMLINUX_MAIN += $(patsubst %/, %/lib.a, $(libs-y)) $(libs-y) VMLINUX_MAIN += $(drivers-y) $(net-y) -diff --git a/arch/sparc/include/asm/atomic_32.h b/arch/sparc/include/asm/atomic_32.h -index 5c3c8b6..ba822fa 100644 ---- a/arch/sparc/include/asm/atomic_32.h -+++ b/arch/sparc/include/asm/atomic_32.h -@@ -13,6 +13,8 @@ - - #include <linux/types.h> - -+#include <asm-generic/atomic64.h> -+ - #ifdef __KERNEL__ - - #include <asm/system.h> diff --git a/arch/sparc/include/asm/atomic_64.h b/arch/sparc/include/asm/atomic_64.h index 9f421df..b81fc12 100644 --- a/arch/sparc/include/asm/atomic_64.h @@ -4912,19 +4909,6 @@ index 7df8b7f..4946269 100644 extern unsigned long sparc64_elf_hwcap; #define ELF_HWCAP sparc64_elf_hwcap -diff --git a/arch/sparc/include/asm/page_32.h b/arch/sparc/include/asm/page_32.h -index 156707b..aefa786 100644 ---- a/arch/sparc/include/asm/page_32.h -+++ b/arch/sparc/include/asm/page_32.h -@@ -8,6 +8,8 @@ - #ifndef _SPARC_PAGE_H - #define _SPARC_PAGE_H - -+#include <linux/const.h> -+ - #define PAGE_SHIFT 12 - - #ifndef __ASSEMBLY__ diff --git a/arch/sparc/include/asm/pgtable_32.h b/arch/sparc/include/asm/pgtable_32.h index a790cc6..091ed94 100644 --- a/arch/sparc/include/asm/pgtable_32.h @@ -5080,7 +5064,7 @@ index 9689176..63c18ea 100644 unsigned long mask, tmp1, tmp2, result; diff --git a/arch/sparc/include/asm/thread_info_32.h b/arch/sparc/include/asm/thread_info_32.h -index fa57532..e1a4c53 100644 +index c2a1080..21ed218 100644 --- a/arch/sparc/include/asm/thread_info_32.h +++ b/arch/sparc/include/asm/thread_info_32.h @@ -50,6 +50,8 @@ struct thread_info { @@ -5093,7 +5077,7 @@ index fa57532..e1a4c53 100644 /* diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h -index 60d86be..952dea1 100644 +index 01d057f..0a02f7e 100644 --- a/arch/sparc/include/asm/thread_info_64.h +++ b/arch/sparc/include/asm/thread_info_64.h @@ -63,6 +63,8 @@ struct thread_info { @@ -5277,10 +5261,10 @@ index f793742..4d880af 100644 } while (++count < 16); printk("\n"); diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c -index 3739a06..48b2ff0 100644 +index 39d8b05..d1a7d90 100644 --- a/arch/sparc/kernel/process_64.c +++ b/arch/sparc/kernel/process_64.c -@@ -180,14 +180,14 @@ static void show_regwindow(struct pt_regs *regs) +@@ -182,14 +182,14 @@ static void show_regwindow(struct pt_regs *regs) printk("i4: %016lx i5: %016lx i6: %016lx i7: %016lx\n", rwk->ins[4], rwk->ins[5], rwk->ins[6], rwk->ins[7]); if (regs->tstate & TSTATE_PRIV) @@ -5297,7 +5281,7 @@ index 3739a06..48b2ff0 100644 printk("g0: %016lx g1: %016lx g2: %016lx g3: %016lx\n", regs->u_regs[0], regs->u_regs[1], regs->u_regs[2], regs->u_regs[3]); -@@ -200,7 +200,7 @@ void show_regs(struct pt_regs *regs) +@@ -202,7 +202,7 @@ void show_regs(struct pt_regs *regs) printk("o4: %016lx o5: %016lx sp: %016lx ret_pc: %016lx\n", regs->u_regs[12], regs->u_regs[13], regs->u_regs[14], regs->u_regs[15]); @@ -5306,7 +5290,7 @@ index 3739a06..48b2ff0 100644 show_regwindow(regs); show_stack(current, (unsigned long *) regs->u_regs[UREG_FP]); } -@@ -285,7 +285,7 @@ void arch_trigger_all_cpu_backtrace(void) +@@ -287,7 +287,7 @@ void arch_trigger_all_cpu_backtrace(void) ((tp && tp->task) ? tp->task->pid : -1)); if (gp->tstate & TSTATE_PRIV) { @@ -5338,7 +5322,7 @@ index 42b282f..28ce9f2 100644 addr = vmm->vm_end; if (flags & MAP_SHARED) diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c -index 441521a..b767073 100644 +index 232df99..cee1f9c 100644 --- a/arch/sparc/kernel/sys_sparc_64.c +++ b/arch/sparc/kernel/sys_sparc_64.c @@ -124,7 +124,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi @@ -5927,10 +5911,10 @@ index 59186e0..f747d7a 100644 cmp %g1, %g7 bne,pn %xcc, BACKOFF_LABEL(2f, 1b) diff --git a/arch/sparc/lib/ksyms.c b/arch/sparc/lib/ksyms.c -index 1b30bb3..b4a16c7 100644 +index f73c224..662af10 100644 --- a/arch/sparc/lib/ksyms.c +++ b/arch/sparc/lib/ksyms.c -@@ -142,12 +142,18 @@ EXPORT_SYMBOL(__downgrade_write); +@@ -136,12 +136,18 @@ EXPORT_SYMBOL(__downgrade_write); /* Atomic counter implementation. */ EXPORT_SYMBOL(atomic_add); @@ -6940,7 +6924,7 @@ index 392e533..536b092 100644 /* bytes per L2 cache line */ #define L2_CACHE_SHIFT CHIP_L2_LOG_LINE_SIZE() diff --git a/arch/um/Makefile b/arch/um/Makefile -index 7730af6..cce5b19 100644 +index 28688e6..4c0aa1c 100644 --- a/arch/um/Makefile +++ b/arch/um/Makefile @@ -61,6 +61,10 @@ USER_CFLAGS = $(patsubst $(KERNEL_DEFINES),,$(patsubst -D__KERNEL__,,\ @@ -7001,10 +6985,10 @@ index 7cfc3ce..cbd1a58 100644 struct page; diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c -index c533835..84db18e 100644 +index 69f2490..2634831 100644 --- a/arch/um/kernel/process.c +++ b/arch/um/kernel/process.c -@@ -406,22 +406,6 @@ int singlestepping(void * t) +@@ -408,22 +408,6 @@ int singlestepping(void * t) return 2; } @@ -7045,10 +7029,10 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index efb4294..61bc18c 100644 +index 5bed94e..fbcf200 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -235,7 +235,7 @@ config X86_HT +@@ -226,7 +226,7 @@ config X86_HT config X86_32_LAZY_GS def_bool y @@ -7057,7 +7041,7 @@ index efb4294..61bc18c 100644 config ARCH_HWEIGHT_CFLAGS string -@@ -1022,7 +1022,7 @@ choice +@@ -1058,7 +1058,7 @@ choice config NOHIGHMEM bool "off" @@ -7066,7 +7050,7 @@ index efb4294..61bc18c 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1059,7 +1059,7 @@ config NOHIGHMEM +@@ -1095,7 +1095,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -7075,7 +7059,7 @@ index efb4294..61bc18c 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1113,7 +1113,7 @@ config PAGE_OFFSET +@@ -1149,7 +1149,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -7084,7 +7068,7 @@ index efb4294..61bc18c 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1496,6 +1496,7 @@ config SECCOMP +@@ -1539,6 +1539,7 @@ config SECCOMP config CC_STACKPROTECTOR bool "Enable -fstack-protector buffer overflow detection (EXPERIMENTAL)" @@ -7092,7 +7076,7 @@ index efb4294..61bc18c 100644 ---help--- This option turns on the -fstack-protector GCC feature. This feature puts, at the beginning of functions, a canary value on -@@ -1553,6 +1554,7 @@ config KEXEC_JUMP +@@ -1596,6 +1597,7 @@ config KEXEC_JUMP config PHYSICAL_START hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP) default "0x1000000" @@ -7100,7 +7084,7 @@ index efb4294..61bc18c 100644 ---help--- This gives the physical address where the kernel is loaded. -@@ -1616,6 +1618,7 @@ config X86_NEED_RELOCS +@@ -1659,6 +1661,7 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" if X86_32 default "0x1000000" @@ -7108,7 +7092,7 @@ index efb4294..61bc18c 100644 range 0x2000 0x1000000 ---help--- This value puts the alignment restrictions on physical address -@@ -1647,9 +1650,10 @@ config HOTPLUG_CPU +@@ -1690,9 +1693,10 @@ config HOTPLUG_CPU Say N if you want to disable CPU hotplug. config COMPAT_VDSO @@ -7121,10 +7105,10 @@ index efb4294..61bc18c 100644 Map the 32-bit VDSO to the predictable old-style address too. diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu -index e3ca7e0..b30b28a 100644 +index 3c57033..22d44aa 100644 --- a/arch/x86/Kconfig.cpu +++ b/arch/x86/Kconfig.cpu -@@ -341,7 +341,7 @@ config X86_PPRO_FENCE +@@ -335,7 +335,7 @@ config X86_PPRO_FENCE config X86_F00F_BUG def_bool y @@ -7133,7 +7117,7 @@ index e3ca7e0..b30b28a 100644 config X86_INVD_BUG def_bool y -@@ -365,7 +365,7 @@ config X86_POPAD_OK +@@ -359,7 +359,7 @@ config X86_POPAD_OK config X86_ALIGNMENT_16 def_bool y @@ -7142,7 +7126,7 @@ index e3ca7e0..b30b28a 100644 config X86_INTEL_USERCOPY def_bool y -@@ -411,7 +411,7 @@ config X86_CMPXCHG64 +@@ -405,7 +405,7 @@ config X86_CMPXCHG64 # generates cmov. config X86_CMOV def_bool y @@ -7152,10 +7136,10 @@ index e3ca7e0..b30b28a 100644 config X86_MINIMUM_CPU_FAMILY int diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug -index bf56e17..05f9891 100644 +index e46c214..7c72b55 100644 --- a/arch/x86/Kconfig.debug +++ b/arch/x86/Kconfig.debug -@@ -81,7 +81,7 @@ config X86_PTDUMP +@@ -84,7 +84,7 @@ config X86_PTDUMP config DEBUG_RODATA bool "Write protect kernel read-only data structures" default y @@ -7164,7 +7148,7 @@ index bf56e17..05f9891 100644 ---help--- Mark the kernel read-only data as write-protected in the pagetables, in order to catch accidental (and incorrect) writes to such const -@@ -99,7 +99,7 @@ config DEBUG_RODATA_TEST +@@ -102,7 +102,7 @@ config DEBUG_RODATA_TEST config DEBUG_SET_MODULE_RONX bool "Set loadable kernel module data as NX and text as RO" @@ -7174,7 +7158,7 @@ index bf56e17..05f9891 100644 This option helps catch unintended modifications to loadable kernel module's text and read-only data. It also prevents execution diff --git a/arch/x86/Makefile b/arch/x86/Makefile -index b02e509..2631e48 100644 +index 209ba12..15140db 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -46,6 +46,7 @@ else @@ -7185,7 +7169,7 @@ index b02e509..2631e48 100644 KBUILD_AFLAGS += -m64 KBUILD_CFLAGS += -m64 -@@ -195,3 +196,12 @@ define archhelp +@@ -201,3 +202,12 @@ define archhelp echo ' FDARGS="..." arguments for the booted kernel' echo ' FDINITRD=file initrd for the booted kernel' endef @@ -7257,7 +7241,7 @@ index c7093bd..d4247ffe0 100644 return diff; } diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile -index 09664ef..edc5d03 100644 +index b123b9a..2cf2f23 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -14,6 +14,9 @@ cflags-$(CONFIG_X86_64) := -mcmodel=small @@ -7271,10 +7255,10 @@ index 09664ef..edc5d03 100644 KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ GCOV_PROFILE := n diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S -index 67a655a..b924059 100644 +index a055993..47e126c 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S -@@ -76,7 +76,7 @@ ENTRY(startup_32) +@@ -98,7 +98,7 @@ preferred_addr: notl %eax andl %eax, %ebx #else @@ -7283,7 +7267,7 @@ index 67a655a..b924059 100644 #endif /* Target address to relocate to for decompression */ -@@ -162,7 +162,7 @@ relocated: +@@ -184,7 +184,7 @@ relocated: * and where it was actually loaded. */ movl %ebp, %ebx @@ -7292,7 +7276,7 @@ index 67a655a..b924059 100644 jz 2f /* Nothing to be done if loaded at compiled addr. */ /* * Process relocations. -@@ -170,8 +170,7 @@ relocated: +@@ -192,8 +192,7 @@ relocated: 1: subl $4, %edi movl (%edi), %ecx @@ -7303,7 +7287,7 @@ index 67a655a..b924059 100644 jmp 1b 2: diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S -index 35af09d..99c9676 100644 +index 558d76c..606aa24 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -91,7 +91,7 @@ ENTRY(startup_32) @@ -7315,7 +7299,7 @@ index 35af09d..99c9676 100644 #endif /* Target address to relocate to for decompression */ -@@ -233,7 +233,7 @@ ENTRY(startup_64) +@@ -253,7 +253,7 @@ preferred_addr: notq %rax andq %rax, %rbp #else @@ -7325,7 +7309,7 @@ index 35af09d..99c9676 100644 /* Target address to relocate to for decompression */ diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c -index 3a19d04..7c1d55a 100644 +index 7116dcb..d9ae1d7 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -310,7 +310,7 @@ static void parse_elf(void *output) @@ -7337,7 +7321,7 @@ index 3a19d04..7c1d55a 100644 #else dest = (void *)(phdr->p_paddr); #endif -@@ -363,7 +363,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap, +@@ -365,7 +365,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap, error("Destination address too large"); #endif #ifndef CONFIG_RELOCATABLE @@ -7642,10 +7626,10 @@ index 4d3ff03..e4972ff 100644 err = check_flags(); } diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S -index bdb4d45..0476680 100644 +index f1bbeeb..aff09cb 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S -@@ -224,7 +224,7 @@ setup_data: .quad 0 # 64-bit physical pointer to +@@ -372,7 +372,7 @@ setup_data: .quad 0 # 64-bit physical pointer to # single linked list of # struct setup_data @@ -7992,6 +7976,40 @@ index 6214a9b..1f4fc9a 100644 mov %rsi,%rdx + pax_force_retaddr ret +diff --git a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S +index 7f24a15..9cd3ffe 100644 +--- a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S ++++ b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S +@@ -24,6 +24,8 @@ + * + */ + ++#include <asm/alternative-asm.h> ++ + .file "serpent-sse2-x86_64-asm_64.S" + .text + +@@ -695,12 +697,14 @@ __serpent_enc_blk_8way: + write_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); + write_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); + ++ pax_force_retaddr + ret; + + __enc_xor8: + xor_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); + xor_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); + ++ pax_force_retaddr + ret; + + .align 8 +@@ -758,4 +762,5 @@ serpent_dec_blk_8way: + write_blocks(%rsi, RC1, RD1, RB1, RE1, RK0, RK1, RK2); + write_blocks(%rax, RC2, RD2, RB2, RE2, RK0, RK1, RK2); + ++ pax_force_retaddr + ret; diff --git a/arch/x86/crypto/sha1_ssse3_asm.S b/arch/x86/crypto/sha1_ssse3_asm.S index b2c2f57..8470cab 100644 --- a/arch/x86/crypto/sha1_ssse3_asm.S @@ -8076,7 +8094,7 @@ index 7bcf3fc..f53832f 100644 + pax_force_retaddr 0, 1 ret diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c -index fd84387..887aa7e 100644 +index 39e4909..887aa7e 100644 --- a/arch/x86/ia32/ia32_aout.c +++ b/arch/x86/ia32/ia32_aout.c @@ -162,6 +162,8 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file, @@ -8088,34 +8106,6 @@ index fd84387..887aa7e 100644 fs = get_fs(); set_fs(KERNEL_DS); has_dumped = 1; -@@ -315,6 +317,13 @@ static int load_aout_binary(struct linux_binprm *bprm, struct pt_regs *regs) - current->mm->free_area_cache = TASK_UNMAPPED_BASE; - current->mm->cached_hole_size = 0; - -+ retval = setup_arg_pages(bprm, IA32_STACK_TOP, EXSTACK_DEFAULT); -+ if (retval < 0) { -+ /* Someone check-me: is this error path enough? */ -+ send_sig(SIGKILL, current, 0); -+ return retval; -+ } -+ - install_exec_creds(bprm); - current->flags &= ~PF_FORKNOEXEC; - -@@ -410,13 +419,6 @@ beyond_if: - - set_brk(current->mm->start_brk, current->mm->brk); - -- retval = setup_arg_pages(bprm, IA32_STACK_TOP, EXSTACK_DEFAULT); -- if (retval < 0) { -- /* Someone check-me: is this error path enough? */ -- send_sig(SIGKILL, current, 0); -- return retval; -- } -- - current->mm->start_stack = - (unsigned long)create_aout_tables((char __user *)bprm->p, bprm); - /* start thread */ diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c index 6557769..ef6ae89 100644 --- a/arch/x86/ia32/ia32_signal.c @@ -8197,20 +8187,21 @@ index 6557769..ef6ae89 100644 if (err) diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S -index a6253ec..4ad2120 100644 +index e3e7340..05ed805 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S -@@ -13,7 +13,9 @@ +@@ -13,8 +13,10 @@ #include <asm/thread_info.h> #include <asm/segment.h> #include <asm/irqflags.h> +#include <asm/pgtable.h> #include <linux/linkage.h> + #include <linux/err.h> +#include <asm/alternative-asm.h> /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ #include <linux/elf-em.h> -@@ -95,6 +97,32 @@ ENTRY(native_irq_enable_sysexit) +@@ -94,6 +96,32 @@ ENTRY(native_irq_enable_sysexit) ENDPROC(native_irq_enable_sysexit) #endif @@ -8243,7 +8234,7 @@ index a6253ec..4ad2120 100644 /* * 32bit SYSENTER instruction entry. * -@@ -121,12 +149,6 @@ ENTRY(ia32_sysenter_target) +@@ -120,12 +148,6 @@ ENTRY(ia32_sysenter_target) CFI_REGISTER rsp,rbp SWAPGS_UNSAFE_STACK movq PER_CPU_VAR(kernel_stack), %rsp @@ -8256,11 +8247,11 @@ index a6253ec..4ad2120 100644 movl %ebp,%ebp /* zero extension */ pushq_cfi $__USER32_DS /*CFI_REL_OFFSET ss,0*/ -@@ -134,25 +156,39 @@ ENTRY(ia32_sysenter_target) +@@ -133,24 +155,39 @@ ENTRY(ia32_sysenter_target) CFI_REL_OFFSET rsp,0 pushfq_cfi /*CFI_REL_OFFSET rflags,0*/ -- movl 8*3-THREAD_SIZE+TI_sysenter_return(%rsp), %r10d +- movl TI_sysenter_return+THREAD_INFO(%rsp,3*8-KERNEL_STACK_OFFSET),%r10d - CFI_REGISTER rip,r10 + orl $X86_EFLAGS_IF,(%rsp) + GET_THREAD_INFO(%r11) @@ -8293,78 +8284,75 @@ index a6253ec..4ad2120 100644 .section __ex_table,"a" .quad 1b,ia32_badarg .previous -- GET_THREAD_INFO(%r10) -- orl $TS_COMPAT,TI_status(%r10) -- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10) +- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) +- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + GET_THREAD_INFO(%r11) + orl $TS_COMPAT,TI_status(%r11) + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11) CFI_REMEMBER_STATE jnz sysenter_tracesys cmpq $(IA32_NR_syscalls-1),%rax -@@ -162,13 +198,15 @@ sysenter_do_call: +@@ -160,12 +197,15 @@ sysenter_do_call: sysenter_dispatch: call *ia32_sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) -- GET_THREAD_INFO(%r10) + GET_THREAD_INFO(%r11) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF -- testl $_TIF_ALLWORK_MASK,TI_flags(%r10) +- testl $_TIF_ALLWORK_MASK,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + testl $_TIF_ALLWORK_MASK,TI_flags(%r11) jnz sysexit_audit sysexit_from_sys_call: -- andl $~TS_COMPAT,TI_status(%r10) +- andl $~TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) + pax_exit_kernel_user + pax_erase_kstack + andl $~TS_COMPAT,TI_status(%r11) /* clear IF, that popfq doesn't enable interrupts early */ andl $~0x200,EFLAGS-R11(%rsp) movl RIP-R11(%rsp),%edx /* User %eip */ -@@ -194,6 +232,9 @@ sysexit_from_sys_call: +@@ -191,6 +231,9 @@ sysexit_from_sys_call: movl %eax,%esi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */ - call audit_syscall_entry + call __audit_syscall_entry + + pax_erase_kstack + movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */ cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -205,7 +246,7 @@ sysexit_from_sys_call: +@@ -202,7 +245,7 @@ sysexit_from_sys_call: .endm .macro auditsys_exit exit -- testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) +- testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r11) jnz ia32_ret_from_sys_call TRACE_IRQS_ON sti -@@ -215,12 +256,12 @@ sysexit_from_sys_call: +@@ -213,11 +256,12 @@ sysexit_from_sys_call: + 1: setbe %al /* 1 if error, 0 if not */ movzbl %al,%edi /* zero-extend that into %edi */ - inc %edi /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */ - call audit_syscall_exit -- GET_THREAD_INFO(%r10) + call __audit_syscall_exit + GET_THREAD_INFO(%r11) - movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall return value */ + movq RAX-ARGOFFSET(%rsp),%rax /* reload syscall return value */ movl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),%edi cli TRACE_IRQS_OFF -- testl %edi,TI_flags(%r10) +- testl %edi,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + testl %edi,TI_flags(%r11) jz \exit CLEAR_RREGS -ARGOFFSET jmp int_with_check -@@ -238,7 +279,7 @@ sysexit_audit: +@@ -235,7 +279,7 @@ sysexit_audit: sysenter_tracesys: #ifdef CONFIG_AUDITSYSCALL -- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) +- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r11) jz sysenter_auditsys #endif SAVE_REST -@@ -246,6 +287,9 @@ sysenter_tracesys: +@@ -243,6 +287,9 @@ sysenter_tracesys: movq $-ENOSYS,RAX(%rsp)/* ptrace can change this for a bad syscall */ movq %rsp,%rdi /* &pt_regs -> arg1 */ call syscall_trace_enter @@ -8374,7 +8362,7 @@ index a6253ec..4ad2120 100644 LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ RESTORE_REST cmpq $(IA32_NR_syscalls-1),%rax -@@ -277,19 +321,20 @@ ENDPROC(ia32_sysenter_target) +@@ -274,19 +321,20 @@ ENDPROC(ia32_sysenter_target) ENTRY(ia32_cstar_target) CFI_STARTPROC32 simple CFI_SIGNAL_FRAME @@ -8397,7 +8385,7 @@ index a6253ec..4ad2120 100644 movl %eax,%eax /* zero extension */ movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) -@@ -305,13 +350,19 @@ ENTRY(ia32_cstar_target) +@@ -302,12 +350,19 @@ ENTRY(ia32_cstar_target) /* no need to do an access_ok check here because r8 has been 32bit zero extended */ /* hardware stack frame is complete now */ @@ -8411,44 +8399,42 @@ index a6253ec..4ad2120 100644 .section __ex_table,"a" .quad 1b,ia32_badarg .previous -- GET_THREAD_INFO(%r10) -- orl $TS_COMPAT,TI_status(%r10) -- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10) +- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) +- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + GET_THREAD_INFO(%r11) + orl $TS_COMPAT,TI_status(%r11) + testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11) CFI_REMEMBER_STATE jnz cstar_tracesys cmpq $IA32_NR_syscalls-1,%rax -@@ -321,13 +372,15 @@ cstar_do_call: +@@ -317,12 +372,15 @@ cstar_do_call: cstar_dispatch: call *ia32_sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) -- GET_THREAD_INFO(%r10) + GET_THREAD_INFO(%r11) DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF -- testl $_TIF_ALLWORK_MASK,TI_flags(%r10) +- testl $_TIF_ALLWORK_MASK,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + testl $_TIF_ALLWORK_MASK,TI_flags(%r11) jnz sysretl_audit sysretl_from_sys_call: -- andl $~TS_COMPAT,TI_status(%r10) +- andl $~TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) + pax_exit_kernel_user + pax_erase_kstack + andl $~TS_COMPAT,TI_status(%r11) RESTORE_ARGS 0,-ARG_SKIP,0,0,0 movl RIP-ARGOFFSET(%rsp),%ecx CFI_REGISTER rip,rcx -@@ -355,7 +408,7 @@ sysretl_audit: +@@ -350,7 +408,7 @@ sysretl_audit: cstar_tracesys: #ifdef CONFIG_AUDITSYSCALL -- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) +- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%r11) jz cstar_auditsys #endif xchgl %r9d,%ebp -@@ -364,6 +417,9 @@ cstar_tracesys: +@@ -359,6 +417,9 @@ cstar_tracesys: movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ movq %rsp,%rdi /* &pt_regs -> arg1 */ call syscall_trace_enter @@ -8458,7 +8444,7 @@ index a6253ec..4ad2120 100644 LOAD_ARGS32 ARGOFFSET, 1 /* reload args from stack in case ptrace changed it */ RESTORE_REST xchgl %ebp,%r9d -@@ -409,20 +465,21 @@ ENTRY(ia32_syscall) +@@ -404,19 +465,21 @@ ENTRY(ia32_syscall) CFI_REL_OFFSET rip,RIP-RIP PARAVIRT_ADJUST_EXCEPTION_FRAME SWAPGS @@ -8473,9 +8459,8 @@ index a6253ec..4ad2120 100644 /* note the registers are not zero extended to the sf. this could be a problem. */ SAVE_ARGS 0,1,0 -- GET_THREAD_INFO(%r10) -- orl $TS_COMPAT,TI_status(%r10) -- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r10) +- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) +- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + pax_enter_kernel_user + /* + * No need to follow this irqs on/off section: the syscall @@ -8488,7 +8473,7 @@ index a6253ec..4ad2120 100644 jnz ia32_tracesys cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -441,6 +498,9 @@ ia32_tracesys: +@@ -435,6 +498,9 @@ ia32_tracesys: movq $-ENOSYS,RAX(%rsp) /* ptrace can change this for a bad syscall */ movq %rsp,%rdi /* &pt_regs -> arg1 */ call syscall_trace_enter @@ -8498,14 +8483,6 @@ index a6253ec..4ad2120 100644 LOAD_ARGS32 ARGOFFSET /* reload args from stack in case ptrace changed it */ RESTORE_REST cmpq $(IA32_NR_syscalls-1),%rax -@@ -455,6 +515,7 @@ ia32_badsys: - - quiet_ni_syscall: - movq $-ENOSYS,%rax -+ pax_force_retaddr - ret - CFI_ENDPROC - diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c index f6f5c53..b358b28 100644 --- a/arch/x86/ia32/sys_ia32.c @@ -8578,22 +8555,9 @@ index f6f5c53..b358b28 100644 set_fs(old_fs); diff --git a/arch/x86/include/asm/alternative-asm.h b/arch/x86/include/asm/alternative-asm.h -index 091508b..7692c6f 100644 +index 952bd01..7692c6f 100644 --- a/arch/x86/include/asm/alternative-asm.h +++ b/arch/x86/include/asm/alternative-asm.h -@@ -4,10 +4,10 @@ - - #ifdef CONFIG_SMP - .macro LOCK_PREFIX --1: lock -+672: lock - .section .smp_locks,"a" - .balign 4 -- .long 1b - . -+ .long 672b - . - .previous - .endm - #else @@ -15,6 +15,45 @@ .endm #endif @@ -8654,7 +8618,7 @@ index 37ad100..7d47faa 100644 ".previous" diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h -index 1a6c09a..fec2432 100644 +index 3ab9bdd..238033e 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -45,7 +45,7 @@ static inline void generic_apic_probe(void) @@ -9098,7 +9062,7 @@ index 58cb6d4..ca9010d 100644 /* * atomic_dec_if_positive - decrement by 1 if old value positive diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h -index 24098aa..1e37723 100644 +index fa13f0e..27c2e08 100644 --- a/arch/x86/include/asm/atomic64_32.h +++ b/arch/x86/include/asm/atomic64_32.h @@ -12,6 +12,14 @@ typedef struct { @@ -9163,7 +9127,7 @@ index 24098aa..1e37723 100644 * atomic64_read - read atomic64 variable * @v: pointer to type atomic64_t * -@@ -93,6 +134,22 @@ static inline long long atomic64_read(atomic64_t *v) +@@ -93,6 +134,22 @@ static inline long long atomic64_read(const atomic64_t *v) } /** @@ -9562,7 +9526,7 @@ index 0e1cbfc..5623683 100644 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h -index 1775d6e..b65017f 100644 +index b97596e..9bd48b06 100644 --- a/arch/x86/include/asm/bitops.h +++ b/arch/x86/include/asm/bitops.h @@ -38,7 +38,7 @@ @@ -9666,28 +9630,32 @@ index 46fc474..b02b0f9 100644 if (len) diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h -index 5d3acdf..6447a02 100644 +index b3b7332..3935f40 100644 --- a/arch/x86/include/asm/cmpxchg.h +++ b/arch/x86/include/asm/cmpxchg.h -@@ -14,6 +14,8 @@ extern void __cmpxchg_wrong_size(void) +@@ -14,8 +14,12 @@ extern void __cmpxchg_wrong_size(void) __compiletime_error("Bad argument size for cmpxchg"); extern void __xadd_wrong_size(void) __compiletime_error("Bad argument size for xadd"); +extern void __xadd_check_overflow_wrong_size(void) + __compiletime_error("Bad argument size for xadd_check_overflow"); + extern void __add_wrong_size(void) + __compiletime_error("Bad argument size for add"); ++extern void __add_check_overflow_wrong_size(void) ++ __compiletime_error("Bad argument size for add_check_overflow"); /* * Constants for operation sizes. On 32-bit, the 64-bit size it set to -@@ -195,6 +197,34 @@ extern void __xadd_wrong_size(void) +@@ -67,6 +71,34 @@ extern void __add_wrong_size(void) __ret; \ }) -+#define __xadd_check_overflow(ptr, inc, lock) \ ++#define __xchg_op_check_overflow(ptr, arg, op, lock) \ + ({ \ -+ __typeof__ (*(ptr)) __ret = (inc); \ ++ __typeof__ (*(ptr)) __ret = (arg); \ + switch (sizeof(*(ptr))) { \ + case __X86_CASE_L: \ -+ asm volatile (lock "xaddl %0, %1\n" \ ++ asm volatile (lock #op "l %0, %1\n" \ + "jno 0f\n" \ + "mov %0,%1\n" \ + "int $4\n0:\n" \ @@ -9696,7 +9664,7 @@ index 5d3acdf..6447a02 100644 + : : "memory", "cc"); \ + break; \ + case __X86_CASE_Q: \ -+ asm volatile (lock "xaddq %q0, %1\n" \ ++ asm volatile (lock #op "q %q0, %1\n" \ + "jno 0f\n" \ + "mov %0,%1\n" \ + "int $4\n0:\n" \ @@ -9705,26 +9673,29 @@ index 5d3acdf..6447a02 100644 + : : "memory", "cc"); \ + break; \ + default: \ -+ __xadd_check_overflow_wrong_size(); \ ++ __ ## op ## _check_overflow_wrong_size(); \ + } \ + __ret; \ + }) + /* - * xadd() adds "inc" to "*ptr" and atomically returns the previous - * value of "*ptr". -@@ -207,4 +237,6 @@ extern void __xadd_wrong_size(void) + * Note: no "lock" prefix even on SMP: xchg always implies lock anyway. + * Since this is generally used to protect other memory information, we +@@ -167,6 +199,9 @@ extern void __add_wrong_size(void) #define xadd_sync(ptr, inc) __xadd((ptr), (inc), "lock; ") #define xadd_local(ptr, inc) __xadd((ptr), (inc), "") -+#define xadd_check_overflow(ptr, inc) __xadd_check_overflow((ptr), (inc), LOCK_PREFIX) ++#define __xadd_check_overflow(ptr, inc, lock) __xchg_op_check_overflow((ptr), (inc), xadd, lock) ++#define xadd_check_overflow(ptr, inc) __xadd_check_overflow((ptr), (inc), LOCK_PREFIX) + - #endif /* ASM_X86_CMPXCHG_H */ + #define __add(ptr, inc, lock) \ + ({ \ + __typeof__ (*(ptr)) __ret = (inc); \ diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h -index f3444f7..051a196 100644 +index 8d67d42..183d0eb 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h -@@ -363,7 +363,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) +@@ -367,7 +367,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ ".previous\n" @@ -9734,7 +9705,7 @@ index f3444f7..051a196 100644 "4:\n" ".previous\n" diff --git a/arch/x86/include/asm/desc.h b/arch/x86/include/asm/desc.h -index 41935fa..3b40db8 100644 +index e95822d..a90010e 100644 --- a/arch/x86/include/asm/desc.h +++ b/arch/x86/include/asm/desc.h @@ -4,6 +4,7 @@ @@ -9753,11 +9724,13 @@ index 41935fa..3b40db8 100644 desc->s = 1; desc->dpl = 0x3; -@@ -34,17 +36,12 @@ static inline void fill_ldt(struct desc_struct *desc, const struct user_desc *in +@@ -34,19 +36,14 @@ static inline void fill_ldt(struct desc_struct *desc, const struct user_desc *in } extern struct desc_ptr idt_descr; -extern gate_desc idt_table[]; + extern struct desc_ptr nmi_idt_descr; +-extern gate_desc nmi_idt_table[]; - -struct gdt_page { - struct desc_struct gdt[GDT_ENTRIES]; @@ -9765,6 +9738,7 @@ index 41935fa..3b40db8 100644 - -DECLARE_PER_CPU_PAGE_ALIGNED(struct gdt_page, gdt_page); +extern gate_desc idt_table[256]; ++extern gate_desc nmi_idt_table[256]; +extern struct desc_struct cpu_gdt_table[NR_CPUS][PAGE_SIZE / sizeof(struct desc_struct)]; static inline struct desc_struct *get_cpu_gdt_table(unsigned int cpu) @@ -9774,7 +9748,7 @@ index 41935fa..3b40db8 100644 } #ifdef CONFIG_X86_64 -@@ -69,8 +66,14 @@ static inline void pack_gate(gate_desc *gate, unsigned char type, +@@ -71,8 +68,14 @@ static inline void pack_gate(gate_desc *gate, unsigned char type, unsigned long base, unsigned dpl, unsigned flags, unsigned short seg) { @@ -9791,7 +9765,7 @@ index 41935fa..3b40db8 100644 } #endif -@@ -115,12 +118,16 @@ static inline void paravirt_free_ldt(struct desc_struct *ldt, unsigned entries) +@@ -117,12 +120,16 @@ static inline void paravirt_free_ldt(struct desc_struct *ldt, unsigned entries) static inline void native_write_idt_entry(gate_desc *idt, int entry, const gate_desc *gate) { @@ -9808,7 +9782,7 @@ index 41935fa..3b40db8 100644 } static inline void -@@ -134,7 +141,9 @@ native_write_gdt_entry(struct desc_struct *gdt, int entry, const void *desc, int +@@ -136,7 +143,9 @@ native_write_gdt_entry(struct desc_struct *gdt, int entry, const void *desc, int default: size = sizeof(*gdt); break; } @@ -9818,7 +9792,7 @@ index 41935fa..3b40db8 100644 } static inline void pack_descriptor(struct desc_struct *desc, unsigned long base, -@@ -207,7 +216,9 @@ static inline void native_set_ldt(const void *addr, unsigned int entries) +@@ -209,7 +218,9 @@ static inline void native_set_ldt(const void *addr, unsigned int entries) static inline void native_load_tr_desc(void) { @@ -9828,7 +9802,7 @@ index 41935fa..3b40db8 100644 } static inline void native_load_gdt(const struct desc_ptr *dtr) -@@ -244,8 +255,10 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu) +@@ -246,8 +257,10 @@ static inline void native_load_tls(struct thread_struct *t, unsigned int cpu) struct desc_struct *gdt = get_cpu_gdt_table(cpu); unsigned int i; @@ -9839,16 +9813,25 @@ index 41935fa..3b40db8 100644 } #define _LDT_empty(info) \ -@@ -307,7 +320,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit) - desc->limit = (limit >> 16) & 0xf; +@@ -310,7 +323,7 @@ static inline void set_desc_limit(struct desc_struct *desc, unsigned long limit) } + #ifdef CONFIG_X86_64 +-static inline void set_nmi_gate(int gate, void *addr) ++static inline void set_nmi_gate(int gate, const void *addr) + { + gate_desc s; + +@@ -319,7 +332,7 @@ static inline void set_nmi_gate(int gate, void *addr) + } + #endif + -static inline void _set_gate(int gate, unsigned type, void *addr, +static inline void _set_gate(int gate, unsigned type, const void *addr, unsigned dpl, unsigned ist, unsigned seg) { gate_desc s; -@@ -326,7 +339,7 @@ static inline void _set_gate(int gate, unsigned type, void *addr, +@@ -338,7 +351,7 @@ static inline void _set_gate(int gate, unsigned type, void *addr, * Pentium F0 0F bugfix can have resulted in the mapped * IDT being write-protected. */ @@ -9857,7 +9840,7 @@ index 41935fa..3b40db8 100644 { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_INTERRUPT, addr, 0, 0, __KERNEL_CS); -@@ -356,19 +369,19 @@ static inline void alloc_intr_gate(unsigned int n, void *addr) +@@ -368,19 +381,19 @@ static inline void alloc_intr_gate(unsigned int n, void *addr) /* * This routine sets up an interrupt gate at directory privilege level 3. */ @@ -9880,7 +9863,7 @@ index 41935fa..3b40db8 100644 { BUG_ON((unsigned)n > 0xFF); _set_gate(n, GATE_TRAP, addr, 0, 0, __KERNEL_CS); -@@ -377,19 +390,31 @@ static inline void set_trap_gate(unsigned int n, void *addr) +@@ -389,19 +402,31 @@ static inline void set_trap_gate(unsigned int n, void *addr) static inline void set_task_gate(unsigned int n, unsigned int gdt_entry) { BUG_ON((unsigned)n > 0xFF); @@ -9933,7 +9916,7 @@ index 278441f..b95a174 100644 } __attribute__((packed)); diff --git a/arch/x86/include/asm/e820.h b/arch/x86/include/asm/e820.h -index 908b969..a1f4eb4 100644 +index 3778256..c5d4fce 100644 --- a/arch/x86/include/asm/e820.h +++ b/arch/x86/include/asm/e820.h @@ -69,7 +69,7 @@ struct e820map { @@ -10017,18 +10000,6 @@ index cc70c1c..d96d011 100644 +extern void machine_emergency_restart(void) __noreturn; #endif /* _ASM_X86_EMERGENCY_RESTART_H */ -diff --git a/arch/x86/include/asm/floppy.h b/arch/x86/include/asm/floppy.h -index dbe82a5..c6d8a00 100644 ---- a/arch/x86/include/asm/floppy.h -+++ b/arch/x86/include/asm/floppy.h -@@ -157,6 +157,7 @@ static unsigned long dma_mem_alloc(unsigned long size) - } - - -+static unsigned long vdma_mem_alloc(unsigned long size) __size_overflow(1); - static unsigned long vdma_mem_alloc(unsigned long size) - { - return (unsigned long)vmalloc(size); diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h index d09bb03..4ea4194 100644 --- a/arch/x86/include/asm/futex.h @@ -10107,10 +10078,10 @@ index eb92a6e..b98b2f4 100644 /* EISA */ extern void eisa_set_level_irq(unsigned int irq); diff --git a/arch/x86/include/asm/i387.h b/arch/x86/include/asm/i387.h -index a850b4d..bae26dc 100644 +index 2479049..3fb9795 100644 --- a/arch/x86/include/asm/i387.h +++ b/arch/x86/include/asm/i387.h -@@ -92,6 +92,11 @@ static inline int fxrstor_checking(struct i387_fxsave_struct *fx) +@@ -93,6 +93,11 @@ static inline int fxrstor_checking(struct i387_fxsave_struct *fx) { int err; @@ -10122,7 +10093,7 @@ index a850b4d..bae26dc 100644 /* See comment in fxsave() below. */ #ifdef CONFIG_AS_FXSAVEQ asm volatile("1: fxrstorq %[fx]\n\t" -@@ -121,6 +126,11 @@ static inline int fxsave_user(struct i387_fxsave_struct __user *fx) +@@ -122,6 +127,11 @@ static inline int fxsave_user(struct i387_fxsave_struct __user *fx) { int err; @@ -10134,7 +10105,16 @@ index a850b4d..bae26dc 100644 /* * Clear the bytes not touched by the fxsave and reserved * for the SW usage. -@@ -424,7 +434,7 @@ static inline bool interrupted_kernel_fpu_idle(void) +@@ -278,7 +288,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk) + "emms\n\t" /* clear stack tags */ + "fildl %P[addr]", /* set F?P to defined value */ + X86_FEATURE_FXSAVE_LEAK, +- [addr] "m" (tsk->thread.fpu.has_fpu)); ++ [addr] "m" (init_tss[smp_processor_id()].x86_tss.sp0)); + + return fpu_restore_checking(&tsk->thread.fpu); + } +@@ -445,7 +455,7 @@ static inline bool interrupted_kernel_fpu_idle(void) static inline bool interrupted_user_mode(void) { struct pt_regs *regs = get_irq_regs(); @@ -10202,19 +10182,10 @@ index 5478825..839e88c 100644 #define flush_insn_slot(p) do { } while (0) diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h -index b4973f4..a42170a 100644 +index 52d6640..a013b87 100644 --- a/arch/x86/include/asm/kvm_host.h +++ b/arch/x86/include/asm/kvm_host.h -@@ -459,7 +459,7 @@ struct kvm_arch { - unsigned int n_requested_mmu_pages; - unsigned int n_max_mmu_pages; - unsigned int indirect_shadow_pages; -- atomic_t invlpg_counter; -+ atomic_unchecked_t invlpg_counter; - struct hlist_head mmu_page_hash[KVM_NUM_MMU_PAGES]; - /* - * Hash table of struct kvm_mmu_page. -@@ -638,7 +638,7 @@ struct kvm_x86_ops { +@@ -663,7 +663,7 @@ struct kvm_x86_ops { int (*check_intercept)(struct kvm_vcpu *vcpu, struct x86_instruction_info *info, enum x86_intercept_stage stage); @@ -10223,36 +10194,6 @@ index b4973f4..a42170a 100644 struct kvm_arch_async_pf { u32 token; -@@ -667,9 +667,9 @@ void kvm_mmu_change_mmu_pages(struct kvm *kvm, unsigned int kvm_nr_mmu_pages); - int load_pdptrs(struct kvm_vcpu *vcpu, struct kvm_mmu *mmu, unsigned long cr3); - - int emulator_write_phys(struct kvm_vcpu *vcpu, gpa_t gpa, -- const void *val, int bytes); -+ const void *val, int bytes) __size_overflow(2); - int kvm_pv_mmu_op(struct kvm_vcpu *vcpu, unsigned long bytes, -- gpa_t addr, unsigned long *ret); -+ gpa_t addr, unsigned long *ret) __size_overflow(2,3); - u8 kvm_get_guest_memory_type(struct kvm_vcpu *vcpu, gfn_t gfn); - - extern bool tdp_enabled; -@@ -730,7 +730,7 @@ void kvm_get_cs_db_l_bits(struct kvm_vcpu *vcpu, int *db, int *l); - int kvm_set_xcr(struct kvm_vcpu *vcpu, u32 index, u64 xcr); - - int kvm_get_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 *pdata); --int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data); -+int kvm_set_msr_common(struct kvm_vcpu *vcpu, u32 msr, u64 data) __size_overflow(3); - - unsigned long kvm_get_rflags(struct kvm_vcpu *vcpu); - void kvm_set_rflags(struct kvm_vcpu *vcpu, unsigned long rflags); -@@ -755,7 +755,7 @@ int fx_init(struct kvm_vcpu *vcpu); - void kvm_mmu_flush_tlb(struct kvm_vcpu *vcpu); - void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, - const u8 *new, int bytes, -- bool guest_initiated); -+ bool guest_initiated) __size_overflow(2); - int kvm_mmu_unprotect_page_virt(struct kvm_vcpu *vcpu, gva_t gva); - void __kvm_mmu_free_some_pages(struct kvm_vcpu *vcpu); - int kvm_mmu_load(struct kvm_vcpu *vcpu); diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h index 9cdae5d..300d20f 100644 --- a/arch/x86/include/asm/local.h @@ -10840,7 +10781,7 @@ index effff47..f9e4035 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index 18601c8..3d716d1 100644 +index 49afb3f..ed14d07 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -11276,10 +11217,10 @@ index 013286a..8b42f4f 100644 #define pgprot_writecombine pgprot_writecombine extern pgprot_t pgprot_writecombine(pgprot_t prot); diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h -index bb3ee36..781a6b8 100644 +index 58545c9..fe6fc38e 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h -@@ -268,7 +268,7 @@ struct tss_struct { +@@ -266,7 +266,7 @@ struct tss_struct { } ____cacheline_aligned; @@ -11288,7 +11229,7 @@ index bb3ee36..781a6b8 100644 /* * Save the original ist values for checking stack pointers during debugging -@@ -861,11 +861,18 @@ static inline void spin_lock_prefetch(const void *x) +@@ -860,11 +860,18 @@ static inline void spin_lock_prefetch(const void *x) */ #define TASK_SIZE PAGE_OFFSET #define TASK_SIZE_MAX TASK_SIZE @@ -11309,7 +11250,7 @@ index bb3ee36..781a6b8 100644 .vm86_info = NULL, \ .sysenter_cs = __KERNEL_CS, \ .io_bitmap_ptr = NULL, \ -@@ -879,7 +886,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -878,7 +885,7 @@ static inline void spin_lock_prefetch(const void *x) */ #define INIT_TSS { \ .x86_tss = { \ @@ -11318,7 +11259,7 @@ index bb3ee36..781a6b8 100644 .ss0 = __KERNEL_DS, \ .ss1 = __KERNEL_CS, \ .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \ -@@ -890,11 +897,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -889,11 +896,7 @@ static inline void spin_lock_prefetch(const void *x) extern unsigned long thread_saved_pc(struct task_struct *tsk); #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long)) @@ -11331,7 +11272,7 @@ index bb3ee36..781a6b8 100644 /* * The below -8 is to reserve 8 bytes on top of the ring0 stack. -@@ -909,7 +912,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -908,7 +911,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define task_pt_regs(task) \ ({ \ struct pt_regs *__regs__; \ @@ -11340,7 +11281,7 @@ index bb3ee36..781a6b8 100644 __regs__ - 1; \ }) -@@ -919,13 +922,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -918,13 +921,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); /* * User space process size. 47bits minus one guard page. */ @@ -11356,7 +11297,7 @@ index bb3ee36..781a6b8 100644 #define TASK_SIZE (test_thread_flag(TIF_IA32) ? \ IA32_PAGE_OFFSET : TASK_SIZE_MAX) -@@ -936,11 +939,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -935,11 +938,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define STACK_TOP_MAX TASK_SIZE_MAX #define INIT_THREAD { \ @@ -11370,7 +11311,7 @@ index bb3ee36..781a6b8 100644 } /* -@@ -962,6 +965,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, +@@ -961,6 +964,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, */ #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) @@ -11661,7 +11602,7 @@ index 5e64171..f58957e 100644 #define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8+3) #define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS*8+3) diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h -index 73b11bc..d4a3b63 100644 +index 0434c40..1714bf0 100644 --- a/arch/x86/include/asm/smp.h +++ b/arch/x86/include/asm/smp.h @@ -36,7 +36,7 @@ DECLARE_PER_CPU(cpumask_var_t, cpu_core_map); @@ -11700,10 +11641,10 @@ index 73b11bc..d4a3b63 100644 #endif diff --git a/arch/x86/include/asm/spinlock.h b/arch/x86/include/asm/spinlock.h -index 972c260..43ab1fd 100644 +index a82c2bf..2198f61 100644 --- a/arch/x86/include/asm/spinlock.h +++ b/arch/x86/include/asm/spinlock.h -@@ -188,6 +188,14 @@ static inline int arch_write_can_lock(arch_rwlock_t *lock) +@@ -175,6 +175,14 @@ static inline int arch_write_can_lock(arch_rwlock_t *lock) static inline void arch_read_lock(arch_rwlock_t *rw) { asm volatile(LOCK_PREFIX READ_LOCK_SIZE(dec) " (%0)\n\t" @@ -11718,7 +11659,7 @@ index 972c260..43ab1fd 100644 "jns 1f\n" "call __read_lock_failed\n\t" "1:\n" -@@ -197,6 +205,14 @@ static inline void arch_read_lock(arch_rwlock_t *rw) +@@ -184,6 +192,14 @@ static inline void arch_read_lock(arch_rwlock_t *rw) static inline void arch_write_lock(arch_rwlock_t *rw) { asm volatile(LOCK_PREFIX WRITE_LOCK_SUB(%1) "(%0)\n\t" @@ -11733,7 +11674,7 @@ index 972c260..43ab1fd 100644 "jz 1f\n" "call __write_lock_failed\n\t" "1:\n" -@@ -226,13 +242,29 @@ static inline int arch_write_trylock(arch_rwlock_t *lock) +@@ -213,13 +229,29 @@ static inline int arch_write_trylock(arch_rwlock_t *lock) static inline void arch_read_unlock(arch_rwlock_t *rw) { @@ -11853,19 +11794,6 @@ index cb23852..2dde194 100644 asmlinkage long sys32_sysfs(int, u32, u32); asmlinkage long sys32_sched_rr_get_interval(compat_pid_t, -diff --git a/arch/x86/include/asm/syscalls.h b/arch/x86/include/asm/syscalls.h -index f1d8b44..a4de8b7 100644 ---- a/arch/x86/include/asm/syscalls.h -+++ b/arch/x86/include/asm/syscalls.h -@@ -30,7 +30,7 @@ long sys_clone(unsigned long, unsigned long, void __user *, - void __user *, struct pt_regs *); - - /* kernel/ldt.c */ --asmlinkage int sys_modify_ldt(int, void __user *, unsigned long); -+asmlinkage int sys_modify_ldt(int, void __user *, unsigned long) __size_overflow(3); - - /* kernel/signal.c */ - long sys_rt_sigreturn(struct pt_regs *); diff --git a/arch/x86/include/asm/system.h b/arch/x86/include/asm/system.h index 2d2f01c..f985723 100644 --- a/arch/x86/include/asm/system.h @@ -11914,7 +11842,7 @@ index 2d2f01c..f985723 100644 /* * Force strict CPU ordering. diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h -index d7ef849..6af292e 100644 +index cfd8144..1b1127d 100644 --- a/arch/x86/include/asm/thread_info.h +++ b/arch/x86/include/asm/thread_info.h @@ -10,6 +10,7 @@ @@ -11933,7 +11861,7 @@ index d7ef849..6af292e 100644 struct exec_domain *exec_domain; /* execution domain */ __u32 flags; /* low level flags */ __u32 status; /* thread synchronous flags */ -@@ -34,18 +34,12 @@ struct thread_info { +@@ -34,19 +34,13 @@ struct thread_info { mm_segment_t addr_limit; struct restart_block restart_block; void __user *sysenter_return; @@ -11944,7 +11872,8 @@ index d7ef849..6af292e 100644 - __u8 supervisor_stack[0]; -#endif + unsigned long lowest_stack; - int uaccess_err; + unsigned int sig_on_uaccess_error:1; + unsigned int uaccess_err:1; /* uaccess failed */ }; -#define INIT_THREAD_INFO(tsk) \ @@ -11954,7 +11883,7 @@ index d7ef849..6af292e 100644 .exec_domain = &default_exec_domain, \ .flags = 0, \ .cpu = 0, \ -@@ -56,7 +50,7 @@ struct thread_info { +@@ -57,7 +51,7 @@ struct thread_info { }, \ } @@ -11963,7 +11892,7 @@ index d7ef849..6af292e 100644 #define init_stack (init_thread_union.stack) #else /* !__ASSEMBLY__ */ -@@ -170,45 +164,40 @@ struct thread_info { +@@ -169,45 +163,40 @@ struct thread_info { ret; \ }) @@ -12034,7 +11963,7 @@ index d7ef849..6af292e 100644 /* * macros/functions for gaining access to the thread information structure * preempt_count needs to be 1 initially, until the scheduler is functional. -@@ -216,21 +205,8 @@ static inline struct thread_info *current_thread_info(void) +@@ -215,27 +204,8 @@ static inline struct thread_info *current_thread_info(void) #ifndef __ASSEMBLY__ DECLARE_PER_CPU(unsigned long, kernel_stack); @@ -12053,12 +11982,18 @@ index d7ef849..6af292e 100644 - movq PER_CPU_VAR(kernel_stack),reg ; \ - subq $(THREAD_SIZE-KERNEL_STACK_OFFSET),reg - +-/* +- * Same if PER_CPU_VAR(kernel_stack) is, perhaps with some offset, already in +- * a certain register (to be used in assembler memory operands). +- */ +-#define THREAD_INFO(reg, off) KERNEL_STACK_OFFSET+(off)-THREAD_SIZE(reg) +- +/* how to get the current stack pointer from C */ +register unsigned long current_stack_pointer asm("rsp") __used; #endif #endif /* !X86_32 */ -@@ -264,5 +240,16 @@ extern void arch_task_cache_init(void); +@@ -269,5 +239,16 @@ extern void arch_task_cache_init(void); extern void free_thread_info(struct thread_info *ti); extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src); #define arch_task_cache_init arch_task_cache_init @@ -12076,7 +12011,7 @@ index d7ef849..6af292e 100644 #endif #endif /* _ASM_X86_THREAD_INFO_H */ diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h -index 36361bf..324f262 100644 +index 8be5f54..7ae826d 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -7,12 +7,15 @@ @@ -12299,36 +12234,11 @@ index 36361bf..324f262 100644 #ifdef CONFIG_X86_WP_WORKS_OK diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h -index 566e803..4414921 100644 +index 566e803..b9521e9 100644 --- a/arch/x86/include/asm/uaccess_32.h +++ b/arch/x86/include/asm/uaccess_32.h -@@ -11,15 +11,15 @@ - #include <asm/page.h> - - unsigned long __must_check __copy_to_user_ll -- (void __user *to, const void *from, unsigned long n); -+ (void __user *to, const void *from, unsigned long n) __size_overflow(3); - unsigned long __must_check __copy_from_user_ll -- (void *to, const void __user *from, unsigned long n); -+ (void *to, const void __user *from, unsigned long n) __size_overflow(3); - unsigned long __must_check __copy_from_user_ll_nozero -- (void *to, const void __user *from, unsigned long n); -+ (void *to, const void __user *from, unsigned long n) __size_overflow(3); - unsigned long __must_check __copy_from_user_ll_nocache -- (void *to, const void __user *from, unsigned long n); -+ (void *to, const void __user *from, unsigned long n) __size_overflow(3); - unsigned long __must_check __copy_from_user_ll_nocache_nozero -- (void *to, const void __user *from, unsigned long n); -+ (void *to, const void __user *from, unsigned long n) __size_overflow(3); - - /** - * __copy_to_user_inatomic: - Copy a block of data into user space, with less checking. -@@ -41,8 +41,13 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero - */ - +@@ -43,6 +43,9 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero static __always_inline unsigned long __must_check -+__copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) __size_overflow(3); -+static __always_inline unsigned long __must_check __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) { + if ((long)n < 0) @@ -12337,7 +12247,7 @@ index 566e803..4414921 100644 if (__builtin_constant_p(n)) { unsigned long ret; -@@ -61,6 +66,8 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) +@@ -61,6 +64,8 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) return ret; } } @@ -12346,12 +12256,7 @@ index 566e803..4414921 100644 return __copy_to_user_ll(to, from, n); } -@@ -79,15 +86,23 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) - * On success, this will be zero. - */ - static __always_inline unsigned long __must_check -+__copy_to_user(void __user *to, const void *from, unsigned long n) __size_overflow(3); -+static __always_inline unsigned long __must_check +@@ -82,12 +87,16 @@ static __always_inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n) { might_fault(); @@ -12360,8 +12265,6 @@ index 566e803..4414921 100644 } static __always_inline unsigned long -+__copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) __size_overflow(3); -+static __always_inline unsigned long __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) { + if ((long)n < 0) @@ -12370,12 +12273,7 @@ index 566e803..4414921 100644 /* Avoid zeroing the tail if the copy fails.. * If 'n' is constant and 1, 2, or 4, we do still zero on a failure, * but as the zeroing behaviour is only significant when n is not -@@ -134,9 +149,15 @@ __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) - * for explanation of why this is needed. - */ - static __always_inline unsigned long -+__copy_from_user(void *to, const void __user *from, unsigned long n) __size_overflow(3); -+static __always_inline unsigned long +@@ -137,6 +146,10 @@ static __always_inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n) { might_fault(); @@ -12386,7 +12284,7 @@ index 566e803..4414921 100644 if (__builtin_constant_p(n)) { unsigned long ret; -@@ -152,13 +173,21 @@ __copy_from_user(void *to, const void __user *from, unsigned long n) +@@ -152,6 +165,8 @@ __copy_from_user(void *to, const void __user *from, unsigned long n) return ret; } } @@ -12395,9 +12293,7 @@ index 566e803..4414921 100644 return __copy_from_user_ll(to, from, n); } - static __always_inline unsigned long __copy_from_user_nocache(void *to, -+ const void __user *from, unsigned long n) __size_overflow(3); -+static __always_inline unsigned long __copy_from_user_nocache(void *to, +@@ -159,6 +174,10 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to, const void __user *from, unsigned long n) { might_fault(); @@ -12408,13 +12304,8 @@ index 566e803..4414921 100644 if (__builtin_constant_p(n)) { unsigned long ret; -@@ -179,17 +208,24 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to, - - static __always_inline unsigned long +@@ -181,15 +200,19 @@ static __always_inline unsigned long __copy_from_user_inatomic_nocache(void *to, const void __user *from, -+ unsigned long n) __size_overflow(3); -+static __always_inline unsigned long -+__copy_from_user_inatomic_nocache(void *to, const void __user *from, unsigned long n) { - return __copy_from_user_ll_nocache_nozero(to, from, n); @@ -12440,7 +12331,7 @@ index 566e803..4414921 100644 extern void copy_from_user_overflow(void) #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS -@@ -199,24 +235,72 @@ extern void copy_from_user_overflow(void) +@@ -199,17 +222,61 @@ extern void copy_from_user_overflow(void) #endif ; @@ -12461,8 +12352,6 @@ index 566e803..4414921 100644 + * On success, this will be zero. + */ +static inline unsigned long __must_check -+copy_to_user(void __user *to, const void *from, unsigned long n) __size_overflow(3); -+static inline unsigned long __must_check +copy_to_user(void __user *to, const void *from, unsigned long n) +{ + int sz = __compiletime_object_size(from); @@ -12491,8 +12380,6 @@ index 566e803..4414921 100644 + * data to the requested size using zero bytes. + */ +static inline unsigned long __must_check -+copy_from_user(void *to, const void __user *from, unsigned long n) __size_overflow(3); -+static inline unsigned long __must_check +copy_from_user(void *to, const void __user *from, unsigned long n) { int sz = __compiletime_object_size(to); @@ -12513,29 +12400,8 @@ index 566e803..4414921 100644 return n; } - long __must_check strncpy_from_user(char *dst, const char __user *src, -- long count); -+ unsigned long count) __size_overflow(3); - long __must_check __strncpy_from_user(char *dst, -- const char __user *src, long count); -+ const char __user *src, unsigned long count) __size_overflow(3); - - /** - * strlen_user: - Get the size of a string in user space. -@@ -234,8 +318,8 @@ long __must_check __strncpy_from_user(char *dst, - */ - #define strlen_user(str) strnlen_user(str, LONG_MAX) - --long strnlen_user(const char __user *str, long n); --unsigned long __must_check clear_user(void __user *mem, unsigned long len); --unsigned long __must_check __clear_user(void __user *mem, unsigned long len); -+long strnlen_user(const char __user *str, unsigned long n); -+unsigned long __must_check clear_user(void __user *mem, unsigned long len) __size_overflow(2); -+unsigned long __must_check __clear_user(void __user *mem, unsigned long len) __size_overflow(2); - - #endif /* _ASM_X86_UACCESS_32_H */ diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index 1c66d30..2582764 100644 +index 1c66d30..e66922c 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -10,6 +10,9 @@ @@ -12548,25 +12414,23 @@ index 1c66d30..2582764 100644 /* * Copy To/From Userspace -@@ -17,12 +20,14 @@ +@@ -17,12 +20,12 @@ /* Handles exceptions in both to and from, but doesn't do access_ok */ __must_check unsigned long -copy_user_generic_string(void *to, const void *from, unsigned len); -+copy_user_generic_string(void *to, const void *from, unsigned long len) __size_overflow(3); ++copy_user_generic_string(void *to, const void *from, unsigned long len); __must_check unsigned long -copy_user_generic_unrolled(void *to, const void *from, unsigned len); -+copy_user_generic_unrolled(void *to, const void *from, unsigned long len) __size_overflow(3); ++copy_user_generic_unrolled(void *to, const void *from, unsigned long len); static __always_inline __must_check unsigned long -copy_user_generic(void *to, const void *from, unsigned len) -+copy_user_generic(void *to, const void *from, unsigned long len) __size_overflow(3); -+static __always_inline __must_check unsigned long +copy_user_generic(void *to, const void *from, unsigned long len) { unsigned ret; -@@ -32,142 +37,237 @@ copy_user_generic(void *to, const void *from, unsigned len) +@@ -32,142 +35,226 @@ copy_user_generic(void *to, const void *from, unsigned len) ASM_OUTPUT2("=a" (ret), "=D" (to), "=S" (from), "=d" (len)), "1" (to), "2" (from), "3" (len) @@ -12576,22 +12440,19 @@ index 1c66d30..2582764 100644 } +static __always_inline __must_check unsigned long -+__copy_to_user(void __user *to, const void *from, unsigned long len) __size_overflow(3); ++__copy_to_user(void __user *to, const void *from, unsigned long len); +static __always_inline __must_check unsigned long -+__copy_from_user(void *to, const void __user *from, unsigned long len) __size_overflow(3); ++__copy_from_user(void *to, const void __user *from, unsigned long len); __must_check unsigned long -_copy_to_user(void __user *to, const void *from, unsigned len); -__must_check unsigned long -_copy_from_user(void *to, const void __user *from, unsigned len); -__must_check unsigned long -copy_in_user(void __user *to, const void __user *from, unsigned len); -+copy_in_user(void __user *to, const void __user *from, unsigned long len) __size_overflow(3); ++copy_in_user(void __user *to, const void __user *from, unsigned long len); static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, -+ unsigned long n) __size_overflow(3); -+static inline unsigned long __must_check copy_from_user(void *to, -+ const void __user *from, unsigned long n) { - int sz = __compiletime_object_size(to); @@ -12616,8 +12477,6 @@ index 1c66d30..2582764 100644 static __always_inline __must_check -int copy_to_user(void __user *dst, const void *src, unsigned size) -+int copy_to_user(void __user *dst, const void *src, unsigned long size) __size_overflow(3); -+static __always_inline __must_check +int copy_to_user(void __user *dst, const void *src, unsigned long size) { might_fault(); @@ -12630,8 +12489,6 @@ index 1c66d30..2582764 100644 static __always_inline __must_check -int __copy_from_user(void *dst, const void __user *src, unsigned size) -+unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long size) __size_overflow(3); -+static __always_inline __must_check +unsigned long __copy_from_user(void *dst, const void __user *src, unsigned long size) { - int ret = 0; @@ -12720,8 +12577,6 @@ index 1c66d30..2582764 100644 static __always_inline __must_check -int __copy_to_user(void __user *dst, const void *src, unsigned size) -+unsigned long __copy_to_user(void __user *dst, const void *src, unsigned long size) __size_overflow(3); -+static __always_inline __must_check +unsigned long __copy_to_user(void __user *dst, const void *src, unsigned long size) { - int ret = 0; @@ -12810,8 +12665,6 @@ index 1c66d30..2582764 100644 static __always_inline __must_check -int __copy_in_user(void __user *dst, const void __user *src, unsigned size) -+unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned long size) __size_overflow(3); -+static __always_inline __must_check +unsigned long __copy_in_user(void __user *dst, const void __user *src, unsigned long size) { - int ret = 0; @@ -12852,7 +12705,7 @@ index 1c66d30..2582764 100644 ret, "b", "b", "=q", 1); if (likely(!ret)) __put_user_asm(tmp, (u8 __user *)dst, -@@ -176,7 +276,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -176,7 +263,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 2: { u16 tmp; @@ -12861,7 +12714,7 @@ index 1c66d30..2582764 100644 ret, "w", "w", "=r", 2); if (likely(!ret)) __put_user_asm(tmp, (u16 __user *)dst, -@@ -186,7 +286,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -186,7 +273,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) case 4: { u32 tmp; @@ -12870,7 +12723,7 @@ index 1c66d30..2582764 100644 ret, "l", "k", "=r", 4); if (likely(!ret)) __put_user_asm(tmp, (u32 __user *)dst, -@@ -195,7 +295,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -195,7 +282,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 8: { u64 tmp; @@ -12879,7 +12732,7 @@ index 1c66d30..2582764 100644 ret, "q", "", "=r", 8); if (likely(!ret)) __put_user_asm(tmp, (u64 __user *)dst, -@@ -203,51 +303,103 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -203,8 +290,16 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) return ret; } default: @@ -12898,26 +12751,11 @@ index 1c66d30..2582764 100644 } } - __must_check long --strncpy_from_user(char *dst, const char __user *src, long count); -+strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3); - __must_check long --__strncpy_from_user(char *dst, const char __user *src, long count); --__must_check long strnlen_user(const char __user *str, long n); --__must_check long __strnlen_user(const char __user *str, long n); -+__strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3); -+__must_check long strnlen_user(const char __user *str, unsigned long n); -+__must_check long __strnlen_user(const char __user *str, unsigned long n); - __must_check long strlen_user(const char __user *str); --__must_check unsigned long clear_user(void __user *mem, unsigned long len); --__must_check unsigned long __clear_user(void __user *mem, unsigned long len); -+__must_check unsigned long clear_user(void __user *mem, unsigned long len) __size_overflow(2); -+__must_check unsigned long __clear_user(void __user *mem, unsigned long len) __size_overflow(2); +@@ -219,35 +314,72 @@ __must_check unsigned long clear_user(void __user *mem, unsigned long len); + __must_check unsigned long __clear_user(void __user *mem, unsigned long len); static __must_check __always_inline int -__copy_from_user_inatomic(void *dst, const void __user *src, unsigned size) -+__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size) __size_overflow(3); -+static __must_check __always_inline int +__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size) { - return copy_user_generic(dst, (__force const void *)src, size); @@ -12938,8 +12776,6 @@ index 1c66d30..2582764 100644 -static __must_check __always_inline int -__copy_to_user_inatomic(void __user *dst, const void *src, unsigned size) +static __must_check __always_inline unsigned long -+__copy_to_user_inatomic(void __user *dst, const void *src, unsigned long size) __size_overflow(3); -+static __must_check __always_inline unsigned long +__copy_to_user_inatomic(void __user *dst, const void *src, unsigned long size) { - return copy_user_generic((__force void *)dst, src, size); @@ -12960,11 +12796,10 @@ index 1c66d30..2582764 100644 -extern long __copy_user_nocache(void *dst, const void __user *src, - unsigned size, int zerorest); +extern unsigned long __copy_user_nocache(void *dst, const void __user *src, -+ unsigned long size, int zerorest) __size_overflow(3); ++ unsigned long size, int zerorest); -static inline int -__copy_from_user_nocache(void *dst, const void __user *src, unsigned size) -+static inline unsigned long __copy_from_user_nocache(void *dst, const void __user *src, unsigned long size) __size_overflow(3); +static inline unsigned long __copy_from_user_nocache(void *dst, const void __user *src, unsigned long size) { might_sleep(); @@ -12984,8 +12819,6 @@ index 1c66d30..2582764 100644 -__copy_from_user_inatomic_nocache(void *dst, const void __user *src, - unsigned size) +static inline unsigned long __copy_from_user_inatomic_nocache(void *dst, const void __user *src, -+ unsigned long size) __size_overflow(3); -+static inline unsigned long __copy_from_user_inatomic_nocache(void *dst, const void __user *src, + unsigned long size) { + if (size > INT_MAX) @@ -13002,7 +12835,7 @@ index 1c66d30..2582764 100644 -unsigned long -copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest); +extern unsigned long -+copy_user_handle_tail(char __user *to, char __user *from, unsigned long len, unsigned zerorest) __size_overflow(3); ++copy_user_handle_tail(char __user *to, char __user *from, unsigned long len, unsigned zerorest); #endif /* _ASM_X86_UACCESS_64_H */ diff --git a/arch/x86/include/asm/vdso.h b/arch/x86/include/asm/vdso.h @@ -13019,10 +12852,10 @@ index bb05228..d763d5b 100644 #endif diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h -index 1971e65..1e3559b 100644 +index 517d476..a1cb4d9 100644 --- a/arch/x86/include/asm/x86_init.h +++ b/arch/x86/include/asm/x86_init.h -@@ -28,7 +28,7 @@ struct x86_init_mpparse { +@@ -29,7 +29,7 @@ struct x86_init_mpparse { void (*mpc_oem_bus_info)(struct mpc_bus *m, char *name); void (*find_smp_config)(void); void (*get_smp_config)(unsigned int early); @@ -13031,7 +12864,7 @@ index 1971e65..1e3559b 100644 /** * struct x86_init_resources - platform specific resource related ops -@@ -42,7 +42,7 @@ struct x86_init_resources { +@@ -43,7 +43,7 @@ struct x86_init_resources { void (*probe_roms)(void); void (*reserve_resources)(void); char *(*memory_setup)(void); @@ -13040,7 +12873,7 @@ index 1971e65..1e3559b 100644 /** * struct x86_init_irqs - platform specific interrupt setup -@@ -55,7 +55,7 @@ struct x86_init_irqs { +@@ -56,7 +56,7 @@ struct x86_init_irqs { void (*pre_vector_init)(void); void (*intr_init)(void); void (*trap_init)(void); @@ -13049,7 +12882,7 @@ index 1971e65..1e3559b 100644 /** * struct x86_init_oem - oem platform specific customizing functions -@@ -65,7 +65,7 @@ struct x86_init_irqs { +@@ -66,7 +66,7 @@ struct x86_init_irqs { struct x86_init_oem { void (*arch_setup)(void); void (*banner)(void); @@ -13058,7 +12891,7 @@ index 1971e65..1e3559b 100644 /** * struct x86_init_mapping - platform specific initial kernel pagetable setup -@@ -76,7 +76,7 @@ struct x86_init_oem { +@@ -77,7 +77,7 @@ struct x86_init_oem { */ struct x86_init_mapping { void (*pagetable_reserve)(u64 start, u64 end); @@ -13067,7 +12900,7 @@ index 1971e65..1e3559b 100644 /** * struct x86_init_paging - platform specific paging functions -@@ -86,7 +86,7 @@ struct x86_init_mapping { +@@ -87,7 +87,7 @@ struct x86_init_mapping { struct x86_init_paging { void (*pagetable_setup_start)(pgd_t *base); void (*pagetable_setup_done)(pgd_t *base); @@ -13076,7 +12909,7 @@ index 1971e65..1e3559b 100644 /** * struct x86_init_timers - platform specific timer setup -@@ -101,7 +101,7 @@ struct x86_init_timers { +@@ -102,7 +102,7 @@ struct x86_init_timers { void (*tsc_pre_init)(void); void (*timer_init)(void); void (*wallclock_init)(void); @@ -13085,7 +12918,7 @@ index 1971e65..1e3559b 100644 /** * struct x86_init_iommu - platform specific iommu setup -@@ -109,7 +109,7 @@ struct x86_init_timers { +@@ -110,7 +110,7 @@ struct x86_init_timers { */ struct x86_init_iommu { int (*iommu_init)(void); @@ -13094,7 +12927,7 @@ index 1971e65..1e3559b 100644 /** * struct x86_init_pci - platform specific pci init functions -@@ -123,7 +123,7 @@ struct x86_init_pci { +@@ -124,7 +124,7 @@ struct x86_init_pci { int (*init)(void); void (*init_irq)(void); void (*fixup_irqs)(void); @@ -13103,7 +12936,7 @@ index 1971e65..1e3559b 100644 /** * struct x86_init_ops - functions for platform specific setup -@@ -139,7 +139,7 @@ struct x86_init_ops { +@@ -140,7 +140,7 @@ struct x86_init_ops { struct x86_init_timers timers; struct x86_init_iommu iommu; struct x86_init_pci pci; @@ -13112,16 +12945,16 @@ index 1971e65..1e3559b 100644 /** * struct x86_cpuinit_ops - platform specific cpu hotplug setups -@@ -147,7 +147,7 @@ struct x86_init_ops { - */ +@@ -149,7 +149,7 @@ struct x86_init_ops { struct x86_cpuinit_ops { void (*setup_percpu_clockev)(void); + void (*fixup_cpu_id)(struct cpuinfo_x86 *c, int node); -}; +} __no_const; /** * struct x86_platform_ops - platform specific runtime functions -@@ -169,7 +169,7 @@ struct x86_platform_ops { +@@ -171,7 +171,7 @@ struct x86_platform_ops { void (*nmi_init)(void); unsigned char (*get_nmi_reason)(void); int (*i8042_detect)(void); @@ -13130,10 +12963,10 @@ index 1971e65..1e3559b 100644 struct pci_dev; -@@ -177,7 +177,7 @@ struct x86_msi_ops { - int (*setup_msi_irqs)(struct pci_dev *dev, int nvec, int type); +@@ -180,7 +180,7 @@ struct x86_msi_ops { void (*teardown_msi_irq)(unsigned int irq); void (*teardown_msi_irqs)(struct pci_dev *dev); + void (*restore_msi_irqs)(struct pci_dev *dev, int irq); -}; +} __no_const; @@ -13383,10 +13216,10 @@ index 1f84794..e23f862 100644 } diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c -index f98d84c..e402a69 100644 +index 2eec05b..fef012b 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c -@@ -174,7 +174,7 @@ int first_system_vector = 0xfe; +@@ -184,7 +184,7 @@ int first_system_vector = 0xfe; /* * Debug level, exported for io_apic.c */ @@ -13395,7 +13228,7 @@ index f98d84c..e402a69 100644 int pic_mode; -@@ -1853,7 +1853,7 @@ void smp_error_interrupt(struct pt_regs *regs) +@@ -1908,7 +1908,7 @@ void smp_error_interrupt(struct pt_regs *regs) apic_write(APIC_ESR, 0); v1 = apic_read(APIC_ESR); ack_APIC_irq(); @@ -13405,7 +13238,7 @@ index f98d84c..e402a69 100644 apic_printk(APIC_DEBUG, KERN_DEBUG "APIC error on CPU%d: %02x(%02x)", smp_processor_id(), v0 , v1); diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c -index 6d939d7..0697fcc 100644 +index fb07275..e06bb59 100644 --- a/arch/x86/kernel/apic/io_apic.c +++ b/arch/x86/kernel/apic/io_apic.c @@ -1096,7 +1096,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin, @@ -13445,7 +13278,7 @@ index 6d939d7..0697fcc 100644 eoi_ioapic_irq(irq, cfg); } diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c -index a46bd38..6b906d7 100644 +index f76623c..aab694f 100644 --- a/arch/x86/kernel/apm_32.c +++ b/arch/x86/kernel/apm_32.c @@ -411,7 +411,7 @@ static DEFINE_MUTEX(apm_mutex); @@ -13520,7 +13353,7 @@ index a46bd38..6b906d7 100644 proc_create("apm", 0, NULL, &apm_file_ops); diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c -index 4f13faf..87db5d2 100644 +index 68de2dc..1f3c720 100644 --- a/arch/x86/kernel/asm-offsets.c +++ b/arch/x86/kernel/asm-offsets.c @@ -33,6 +33,8 @@ void common(void) { @@ -13560,10 +13393,10 @@ index 4f13faf..87db5d2 100644 BLANK(); OFFSET(XEN_vcpu_info_mask, vcpu_info, evtchn_upcall_mask); diff --git a/arch/x86/kernel/asm-offsets_64.c b/arch/x86/kernel/asm-offsets_64.c -index e72a119..6e2955d 100644 +index 834e897..dacddc8 100644 --- a/arch/x86/kernel/asm-offsets_64.c +++ b/arch/x86/kernel/asm-offsets_64.c -@@ -69,6 +69,7 @@ int main(void) +@@ -70,6 +70,7 @@ int main(void) BLANK(); #undef ENTRY @@ -13587,10 +13420,10 @@ index 25f24dc..4094a7f 100644 obj-y += proc.o capflags.o powerflags.o common.o obj-y += vmware.o hypervisor.o sched.o mshyperv.o diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c -index 0bab2b1..d0a1bf8 100644 +index f4773f4..b3fb13c 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c -@@ -664,7 +664,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, +@@ -669,7 +669,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, unsigned int size) { /* AMD errata T13 (order #21922) */ @@ -13600,7 +13433,7 @@ index 0bab2b1..d0a1bf8 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index aa003b1..47ea638 100644 +index c0f7d68..aa418f9 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -84,60 +84,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { @@ -13673,7 +13506,7 @@ index aa003b1..47ea638 100644 gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); /* Reload the per-cpu base */ -@@ -844,6 +790,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) +@@ -839,6 +785,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) /* Filter out anything that depends on CPUID levels we don't have */ filter_cpuid_features(c, true); @@ -13684,7 +13517,7 @@ index aa003b1..47ea638 100644 /* If the model name is still unset, do table lookup. */ if (!c->x86_model_id[0]) { const char *p; -@@ -1024,6 +974,9 @@ static __init int setup_disablecpuid(char *arg) +@@ -1019,10 +969,12 @@ static __init int setup_disablecpuid(char *arg) } __setup("clearcpuid=", setup_disablecpuid); @@ -13693,8 +13526,13 @@ index aa003b1..47ea638 100644 + #ifdef CONFIG_X86_64 struct desc_ptr idt_descr = { NR_VECTORS * 16 - 1, (unsigned long) idt_table }; +-struct desc_ptr nmi_idt_descr = { NR_VECTORS * 16 - 1, +- (unsigned long) nmi_idt_table }; ++struct desc_ptr nmi_idt_descr = { NR_VECTORS * 16 - 1, (unsigned long) nmi_idt_table }; -@@ -1039,7 +992,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = + DEFINE_PER_CPU_FIRST(union irq_stack_union, + irq_stack_union) __aligned(PAGE_SIZE); +@@ -1036,7 +988,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = EXPORT_PER_CPU_SYMBOL(current_task); DEFINE_PER_CPU(unsigned long, kernel_stack) = @@ -13703,7 +13541,7 @@ index aa003b1..47ea638 100644 EXPORT_PER_CPU_SYMBOL(kernel_stack); DEFINE_PER_CPU(char *, irq_stack_ptr) = -@@ -1104,7 +1057,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs) +@@ -1126,7 +1078,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs) { memset(regs, 0, sizeof(struct pt_regs)); regs->fs = __KERNEL_PERCPU; @@ -13712,7 +13550,7 @@ index aa003b1..47ea638 100644 return regs; } -@@ -1159,7 +1112,7 @@ void __cpuinit cpu_init(void) +@@ -1190,7 +1142,7 @@ void __cpuinit cpu_init(void) int i; cpu = stack_smp_processor_id(); @@ -13721,7 +13559,7 @@ index aa003b1..47ea638 100644 oist = &per_cpu(orig_ist, cpu); #ifdef CONFIG_NUMA -@@ -1185,7 +1138,7 @@ void __cpuinit cpu_init(void) +@@ -1216,7 +1168,7 @@ void __cpuinit cpu_init(void) switch_to_new_gdt(cpu); loadsegment(fs, 0); @@ -13730,7 +13568,7 @@ index aa003b1..47ea638 100644 memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8); syscall_init(); -@@ -1194,7 +1147,6 @@ void __cpuinit cpu_init(void) +@@ -1225,7 +1177,6 @@ void __cpuinit cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); @@ -13738,7 +13576,7 @@ index aa003b1..47ea638 100644 if (cpu != 0) enable_x2apic(); -@@ -1248,7 +1200,7 @@ void __cpuinit cpu_init(void) +@@ -1281,7 +1232,7 @@ void __cpuinit cpu_init(void) { int cpu = smp_processor_id(); struct task_struct *curr = current; @@ -13748,7 +13586,7 @@ index aa003b1..47ea638 100644 if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) { diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c -index 5231312..a78a987 100644 +index 3e6ff6c..54b4992 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -174,7 +174,7 @@ static void __cpuinit trap_init_f00f_bug(void) @@ -13760,21 +13598,8 @@ index 5231312..a78a987 100644 load_idt(&idt_descr); } #endif -diff --git a/arch/x86/kernel/cpu/mcheck/mce-inject.c b/arch/x86/kernel/cpu/mcheck/mce-inject.c -index 319882e..993534e 100644 ---- a/arch/x86/kernel/cpu/mcheck/mce-inject.c -+++ b/arch/x86/kernel/cpu/mcheck/mce-inject.c -@@ -173,6 +173,8 @@ static void raise_mce(struct mce *m) - - /* Error injection interface */ - static ssize_t mce_write(struct file *filp, const char __user *ubuf, -+ size_t usize, loff_t *off) __size_overflow(3); -+static ssize_t mce_write(struct file *filp, const char __user *ubuf, - size_t usize, loff_t *off) - { - struct mce m; diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c -index 2af127d..8ff7ac0 100644 +index 5a11ae2..a1a1c8a 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -42,6 +42,7 @@ @@ -13785,7 +13610,7 @@ index 2af127d..8ff7ac0 100644 #include "mce-internal.h" -@@ -202,7 +203,7 @@ static void print_mce(struct mce *m) +@@ -250,7 +251,7 @@ static void print_mce(struct mce *m) !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "", m->cs, m->ip); @@ -13794,7 +13619,7 @@ index 2af127d..8ff7ac0 100644 print_symbol("{%s}", m->ip); pr_cont("\n"); } -@@ -235,10 +236,10 @@ static void print_mce(struct mce *m) +@@ -283,10 +284,10 @@ static void print_mce(struct mce *m) #define PANIC_TIMEOUT 5 /* 5 seconds */ @@ -13807,7 +13632,7 @@ index 2af127d..8ff7ac0 100644 /* Panic in progress. Enable interrupts and wait for final IPI */ static void wait_for_panic(void) -@@ -262,7 +263,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) +@@ -310,7 +311,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) /* * Make sure only one CPU runs in machine check panic */ @@ -13816,7 +13641,7 @@ index 2af127d..8ff7ac0 100644 wait_for_panic(); barrier(); -@@ -270,7 +271,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) +@@ -318,7 +319,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) console_verbose(); } else { /* Don't log too much for fake panic */ @@ -13825,7 +13650,7 @@ index 2af127d..8ff7ac0 100644 return; } /* First print corrected ones that are still unlogged */ -@@ -610,7 +611,7 @@ static int mce_timed_out(u64 *t) +@@ -658,7 +659,7 @@ static int mce_timed_out(u64 *t) * might have been modified by someone else. */ rmb(); @@ -13834,7 +13659,7 @@ index 2af127d..8ff7ac0 100644 wait_for_panic(); if (!monarch_timeout) goto out; -@@ -1398,7 +1399,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) +@@ -1446,7 +1447,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) } /* Call the installed machine check handler for this CPU setup. */ @@ -13843,7 +13668,7 @@ index 2af127d..8ff7ac0 100644 unexpected_machine_check; /* -@@ -1421,7 +1422,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1469,7 +1470,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) return; } @@ -13853,7 +13678,7 @@ index 2af127d..8ff7ac0 100644 __mcheck_cpu_init_generic(); __mcheck_cpu_init_vendor(c); -@@ -1435,7 +1438,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1483,7 +1486,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) */ static DEFINE_SPINLOCK(mce_chrdev_state_lock); @@ -13862,7 +13687,7 @@ index 2af127d..8ff7ac0 100644 static int mce_chrdev_open_exclu; /* already open exclusive? */ static int mce_chrdev_open(struct inode *inode, struct file *file) -@@ -1443,7 +1446,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1491,7 +1494,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) spin_lock(&mce_chrdev_state_lock); if (mce_chrdev_open_exclu || @@ -13871,7 +13696,7 @@ index 2af127d..8ff7ac0 100644 spin_unlock(&mce_chrdev_state_lock); return -EBUSY; -@@ -1451,7 +1454,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1499,7 +1502,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) if (file->f_flags & O_EXCL) mce_chrdev_open_exclu = 1; @@ -13880,7 +13705,7 @@ index 2af127d..8ff7ac0 100644 spin_unlock(&mce_chrdev_state_lock); -@@ -1462,7 +1465,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) +@@ -1510,7 +1513,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) { spin_lock(&mce_chrdev_state_lock); @@ -13889,7 +13714,7 @@ index 2af127d..8ff7ac0 100644 mce_chrdev_open_exclu = 0; spin_unlock(&mce_chrdev_state_lock); -@@ -2171,7 +2174,7 @@ struct dentry *mce_get_debugfs_dir(void) +@@ -2229,7 +2232,7 @@ struct dentry *mce_get_debugfs_dir(void) static void mce_reset(void) { cpu_missing = 0; @@ -13942,19 +13767,6 @@ index 54060f5..c1a7577 100644 /* Make sure the vector pointer is visible before we enable MCEs: */ wmb(); -diff --git a/arch/x86/kernel/cpu/mtrr/if.c b/arch/x86/kernel/cpu/mtrr/if.c -index 7928963..1b16001 100644 ---- a/arch/x86/kernel/cpu/mtrr/if.c -+++ b/arch/x86/kernel/cpu/mtrr/if.c -@@ -91,6 +91,8 @@ mtrr_file_del(unsigned long base, unsigned long size, - * "base=%Lx size=%Lx type=%s" or "disable=%d" - */ - static ssize_t -+mtrr_write(struct file *file, const char __user *buf, size_t len, loff_t * ppos) __size_overflow(3); -+static ssize_t - mtrr_write(struct file *file, const char __user *buf, size_t len, loff_t * ppos) - { - int i, err; diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c index 6b96110..0da73eb 100644 --- a/arch/x86/kernel/cpu/mtrr/main.c @@ -13982,10 +13794,10 @@ index df5e41f..816c719 100644 extern int generic_get_free_region(unsigned long base, unsigned long size, int replace_reg); diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c -index 2bda212..78cc605 100644 +index 5adce10..99284ec 100644 --- a/arch/x86/kernel/cpu/perf_event.c +++ b/arch/x86/kernel/cpu/perf_event.c -@@ -1529,7 +1529,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) +@@ -1665,7 +1665,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) break; perf_callchain_store(entry, frame.return_address); @@ -14046,7 +13858,7 @@ index 37250fe..bf2ec74 100644 .__cr3 = __pa_nodebug(swapper_pg_dir), diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c -index 1aae78f..aab3a3d 100644 +index 4025fe4..d8451c6 100644 --- a/arch/x86/kernel/dumpstack.c +++ b/arch/x86/kernel/dumpstack.c @@ -2,6 +2,9 @@ @@ -14174,7 +13986,7 @@ index 1aae78f..aab3a3d 100644 } int __kprobes __die(const char *str, struct pt_regs *regs, long err) -@@ -269,7 +274,7 @@ int __kprobes __die(const char *str, struct pt_regs *regs, long err) +@@ -270,7 +275,7 @@ int __kprobes __die(const char *str, struct pt_regs *regs, long err) show_registers(regs); #ifdef CONFIG_X86_32 @@ -14183,7 +13995,7 @@ index 1aae78f..aab3a3d 100644 sp = regs->sp; ss = regs->ss & 0xffff; } else { -@@ -297,7 +302,7 @@ void die(const char *str, struct pt_regs *regs, long err) +@@ -298,7 +303,7 @@ void die(const char *str, struct pt_regs *regs, long err) unsigned long flags = oops_begin(); int sig = SIGSEGV; @@ -14276,7 +14088,7 @@ index c99f9ed..2a15d80 100644 +EXPORT_SYMBOL(pax_check_alloca); +#endif diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c -index 6d728d9..279514e 100644 +index 17107bd..b2deecf 100644 --- a/arch/x86/kernel/dumpstack_64.c +++ b/arch/x86/kernel/dumpstack_64.c @@ -119,9 +119,9 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs, @@ -14382,7 +14194,7 @@ index 6d728d9..279514e 100644 +EXPORT_SYMBOL(pax_check_alloca); +#endif diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_printk.c -index cd28a35..c72ed9a 100644 +index 9b9f18b..9fcaa04 100644 --- a/arch/x86/kernel/early_printk.c +++ b/arch/x86/kernel/early_printk.c @@ -7,6 +7,7 @@ @@ -14394,10 +14206,23 @@ index cd28a35..c72ed9a 100644 #include <asm/processor.h> #include <asm/fcntl.h> diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index f3f6f53..0841b66 100644 +index 79d97e6..76aaad7 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S -@@ -186,13 +186,146 @@ +@@ -98,12 +98,6 @@ + #endif + .endm + +-#ifdef CONFIG_VM86 +-#define resume_userspace_sig check_userspace +-#else +-#define resume_userspace_sig resume_userspace +-#endif +- + /* + * User gs save/restore + * +@@ -185,13 +179,146 @@ /*CFI_REL_OFFSET gs, PT_GS*/ .endm .macro SET_KERNEL_GS reg @@ -14545,7 +14370,7 @@ index f3f6f53..0841b66 100644 cld PUSH_GS pushl_cfi %fs -@@ -215,7 +348,7 @@ +@@ -214,7 +341,7 @@ CFI_REL_OFFSET ecx, 0 pushl_cfi %ebx CFI_REL_OFFSET ebx, 0 @@ -14554,7 +14379,7 @@ index f3f6f53..0841b66 100644 movl %edx, %ds movl %edx, %es movl $(__KERNEL_PERCPU), %edx -@@ -223,6 +356,15 @@ +@@ -222,6 +349,15 @@ SET_KERNEL_GS %edx .endm @@ -14570,7 +14395,7 @@ index f3f6f53..0841b66 100644 .macro RESTORE_INT_REGS popl_cfi %ebx CFI_RESTORE ebx -@@ -308,7 +450,7 @@ ENTRY(ret_from_fork) +@@ -307,7 +443,7 @@ ENTRY(ret_from_fork) popfl_cfi jmp syscall_exit CFI_ENDPROC @@ -14579,9 +14404,24 @@ index f3f6f53..0841b66 100644 /* * Interrupt exit functions should be protected against kprobes -@@ -333,7 +475,15 @@ check_userspace: +@@ -327,12 +463,29 @@ ret_from_exception: + preempt_stop(CLBR_ANY) + ret_from_intr: + GET_THREAD_INFO(%ebp) +-check_userspace: ++resume_userspace_sig: ++#ifdef CONFIG_VM86 + movl PT_EFLAGS(%esp), %eax # mix EFLAGS and CS movb PT_CS(%esp), %al andl $(X86_EFLAGS_VM | SEGMENT_RPL_MASK), %eax ++#else ++ /* ++ * We can be coming here from a syscall done in the kernel space, ++ * e.g. a failed kernel_execve(). ++ */ ++ movl PT_CS(%esp), %eax ++ andl $SEGMENT_RPL_MASK, %eax ++#endif cmpl $USER_RPL, %eax + +#ifdef CONFIG_PAX_KERNEXEC @@ -14595,7 +14435,7 @@ index f3f6f53..0841b66 100644 ENTRY(resume_userspace) LOCKDEP_SYS_EXIT -@@ -345,8 +495,8 @@ ENTRY(resume_userspace) +@@ -344,8 +497,8 @@ ENTRY(resume_userspace) andl $_TIF_WORK_MASK, %ecx # is there any work to be done on # int/exception return? jne work_pending @@ -14606,7 +14446,7 @@ index f3f6f53..0841b66 100644 #ifdef CONFIG_PREEMPT ENTRY(resume_kernel) -@@ -361,7 +511,7 @@ need_resched: +@@ -360,7 +513,7 @@ need_resched: jz restore_all call preempt_schedule_irq jmp need_resched @@ -14615,7 +14455,7 @@ index f3f6f53..0841b66 100644 #endif CFI_ENDPROC /* -@@ -395,23 +545,34 @@ sysenter_past_esp: +@@ -394,23 +547,34 @@ sysenter_past_esp: /*CFI_REL_OFFSET cs, 0*/ /* * Push current_thread_info()->sysenter_return to the stack. @@ -14653,7 +14493,7 @@ index f3f6f53..0841b66 100644 movl %ebp,PT_EBP(%esp) .section __ex_table,"a" .align 4 -@@ -434,12 +595,24 @@ sysenter_do_call: +@@ -433,12 +597,24 @@ sysenter_do_call: testl $_TIF_ALLWORK_MASK, %ecx jne sysexit_audit sysenter_exit: @@ -14678,17 +14518,17 @@ index f3f6f53..0841b66 100644 PTGS_TO_GS ENABLE_INTERRUPTS_SYSEXIT -@@ -456,6 +629,9 @@ sysenter_audit: +@@ -455,6 +631,9 @@ sysenter_audit: movl %eax,%edx /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */ - call audit_syscall_entry + call __audit_syscall_entry + + pax_erase_kstack + pushl_cfi %ebx movl PT_EAX(%esp),%eax /* reload syscall number */ jmp sysenter_do_call -@@ -482,11 +658,17 @@ sysexit_audit: +@@ -480,11 +659,17 @@ sysexit_audit: CFI_ENDPROC .pushsection .fixup,"ax" @@ -14708,7 +14548,7 @@ index f3f6f53..0841b66 100644 .popsection PTGS_TO_GS_EX ENDPROC(ia32_sysenter_target) -@@ -519,6 +701,15 @@ syscall_exit: +@@ -517,6 +702,15 @@ syscall_exit: testl $_TIF_ALLWORK_MASK, %ecx # current->work jne syscall_exit_work @@ -14724,7 +14564,7 @@ index f3f6f53..0841b66 100644 restore_all: TRACE_IRQS_IRET restore_all_notrace: -@@ -578,14 +769,34 @@ ldt_ss: +@@ -576,14 +770,34 @@ ldt_ss: * compensating for the offset by changing to the ESPFIX segment with * a base address that matches for the difference. */ @@ -14762,7 +14602,7 @@ index f3f6f53..0841b66 100644 pushl_cfi $__ESPFIX_SS pushl_cfi %eax /* new kernel esp */ /* Disable interrupts, but do not irqtrace this section: we -@@ -614,34 +825,28 @@ work_resched: +@@ -612,38 +826,30 @@ work_resched: movl TI_flags(%ebp), %ecx andl $_TIF_WORK_MASK, %ecx # is there any work to be done other # than syscall tracing? @@ -14780,6 +14620,8 @@ index f3f6f53..0841b66 100644 - jne work_notifysig_v86 # returning to kernel-space or + jz 1f # returning to kernel-space or # vm86-space +- TRACE_IRQS_ON +- ENABLE_INTERRUPTS(CLBR_NONE) - xorl %edx, %edx - call do_notify_resume - jmp resume_userspace_sig @@ -14794,6 +14636,8 @@ index f3f6f53..0841b66 100644 - movl %esp, %eax +1: #endif + TRACE_IRQS_ON + ENABLE_INTERRUPTS(CLBR_NONE) xorl %edx, %edx call do_notify_resume jmp resume_userspace_sig @@ -14802,7 +14646,7 @@ index f3f6f53..0841b66 100644 # perform syscall exit tracing ALIGN -@@ -649,11 +854,14 @@ syscall_trace_entry: +@@ -651,11 +857,14 @@ syscall_trace_entry: movl $-ENOSYS,PT_EAX(%esp) movl %esp, %eax call syscall_trace_enter @@ -14810,7 +14654,7 @@ index f3f6f53..0841b66 100644 + pax_erase_kstack + /* What it returned is what we'll actually use. */ - cmpl $(nr_syscalls), %eax + cmpl $(NR_syscalls), %eax jnae syscall_call jmp syscall_exit -END(syscall_trace_entry) @@ -14818,7 +14662,7 @@ index f3f6f53..0841b66 100644 # perform syscall exit tracing ALIGN -@@ -666,20 +874,24 @@ syscall_exit_work: +@@ -668,20 +877,24 @@ syscall_exit_work: movl %esp, %eax call syscall_trace_leave jmp resume_userspace @@ -14846,7 +14690,7 @@ index f3f6f53..0841b66 100644 CFI_ENDPROC /* * End of kprobes section -@@ -753,6 +965,36 @@ ptregs_clone: +@@ -753,6 +966,36 @@ ENTRY(ptregs_clone) CFI_ENDPROC ENDPROC(ptregs_clone) @@ -14883,7 +14727,7 @@ index f3f6f53..0841b66 100644 .macro FIXUP_ESPFIX_STACK /* * Switch back for ESPFIX stack to the normal zerobased stack -@@ -762,8 +1004,15 @@ ENDPROC(ptregs_clone) +@@ -762,8 +1005,15 @@ ENDPROC(ptregs_clone) * normal stack and adjusts ESP with the matching offset. */ /* fixup the stack */ @@ -14901,7 +14745,7 @@ index f3f6f53..0841b66 100644 shl $16, %eax addl %esp, %eax /* the adjusted stack pointer */ pushl_cfi $__KERNEL_DS -@@ -816,7 +1065,7 @@ vector=vector+1 +@@ -816,7 +1066,7 @@ vector=vector+1 .endr 2: jmp common_interrupt .endr @@ -14910,7 +14754,7 @@ index f3f6f53..0841b66 100644 .previous END(interrupt) -@@ -864,7 +1113,7 @@ ENTRY(coprocessor_error) +@@ -864,7 +1114,7 @@ ENTRY(coprocessor_error) pushl_cfi $do_coprocessor_error jmp error_code CFI_ENDPROC @@ -14919,7 +14763,7 @@ index f3f6f53..0841b66 100644 ENTRY(simd_coprocessor_error) RING0_INT_FRAME -@@ -885,7 +1134,7 @@ ENTRY(simd_coprocessor_error) +@@ -885,7 +1135,7 @@ ENTRY(simd_coprocessor_error) #endif jmp error_code CFI_ENDPROC @@ -14928,7 +14772,7 @@ index f3f6f53..0841b66 100644 ENTRY(device_not_available) RING0_INT_FRAME -@@ -893,7 +1142,7 @@ ENTRY(device_not_available) +@@ -893,7 +1143,7 @@ ENTRY(device_not_available) pushl_cfi $do_device_not_available jmp error_code CFI_ENDPROC @@ -14937,7 +14781,7 @@ index f3f6f53..0841b66 100644 #ifdef CONFIG_PARAVIRT ENTRY(native_iret) -@@ -902,12 +1151,12 @@ ENTRY(native_iret) +@@ -902,12 +1152,12 @@ ENTRY(native_iret) .align 4 .long native_iret, iret_exc .previous @@ -14952,7 +14796,7 @@ index f3f6f53..0841b66 100644 #endif ENTRY(overflow) -@@ -916,7 +1165,7 @@ ENTRY(overflow) +@@ -916,7 +1166,7 @@ ENTRY(overflow) pushl_cfi $do_overflow jmp error_code CFI_ENDPROC @@ -14961,7 +14805,7 @@ index f3f6f53..0841b66 100644 ENTRY(bounds) RING0_INT_FRAME -@@ -924,7 +1173,7 @@ ENTRY(bounds) +@@ -924,7 +1174,7 @@ ENTRY(bounds) pushl_cfi $do_bounds jmp error_code CFI_ENDPROC @@ -14970,7 +14814,7 @@ index f3f6f53..0841b66 100644 ENTRY(invalid_op) RING0_INT_FRAME -@@ -932,7 +1181,7 @@ ENTRY(invalid_op) +@@ -932,7 +1182,7 @@ ENTRY(invalid_op) pushl_cfi $do_invalid_op jmp error_code CFI_ENDPROC @@ -14979,7 +14823,7 @@ index f3f6f53..0841b66 100644 ENTRY(coprocessor_segment_overrun) RING0_INT_FRAME -@@ -940,35 +1189,35 @@ ENTRY(coprocessor_segment_overrun) +@@ -940,35 +1190,35 @@ ENTRY(coprocessor_segment_overrun) pushl_cfi $do_coprocessor_segment_overrun jmp error_code CFI_ENDPROC @@ -15020,7 +14864,7 @@ index f3f6f53..0841b66 100644 ENTRY(divide_error) RING0_INT_FRAME -@@ -976,7 +1225,7 @@ ENTRY(divide_error) +@@ -976,7 +1226,7 @@ ENTRY(divide_error) pushl_cfi $do_divide_error jmp error_code CFI_ENDPROC @@ -15029,7 +14873,7 @@ index f3f6f53..0841b66 100644 #ifdef CONFIG_X86_MCE ENTRY(machine_check) -@@ -985,7 +1234,7 @@ ENTRY(machine_check) +@@ -985,7 +1235,7 @@ ENTRY(machine_check) pushl_cfi machine_check_vector jmp error_code CFI_ENDPROC @@ -15038,7 +14882,7 @@ index f3f6f53..0841b66 100644 #endif ENTRY(spurious_interrupt_bug) -@@ -994,7 +1243,7 @@ ENTRY(spurious_interrupt_bug) +@@ -994,7 +1244,7 @@ ENTRY(spurious_interrupt_bug) pushl_cfi $do_spurious_interrupt_bug jmp error_code CFI_ENDPROC @@ -15047,7 +14891,7 @@ index f3f6f53..0841b66 100644 /* * End of kprobes section */ -@@ -1109,7 +1358,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, +@@ -1109,7 +1359,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, ENTRY(mcount) ret @@ -15056,7 +14900,7 @@ index f3f6f53..0841b66 100644 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -1138,7 +1387,7 @@ ftrace_graph_call: +@@ -1138,7 +1388,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -15065,7 +14909,7 @@ index f3f6f53..0841b66 100644 #else /* ! CONFIG_DYNAMIC_FTRACE */ -@@ -1174,7 +1423,7 @@ trace: +@@ -1174,7 +1424,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -15074,7 +14918,7 @@ index f3f6f53..0841b66 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -1195,7 +1444,7 @@ ENTRY(ftrace_graph_caller) +@@ -1195,7 +1445,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -15083,15 +14927,7 @@ index f3f6f53..0841b66 100644 .globl return_to_handler return_to_handler: -@@ -1209,7 +1458,6 @@ return_to_handler: - jmp *%ecx - #endif - --.section .rodata,"a" - #include "syscall_table_32.S" - - syscall_table_size=(.-sys_call_table) -@@ -1255,15 +1503,18 @@ error_code: +@@ -1250,15 +1500,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -15112,7 +14948,7 @@ index f3f6f53..0841b66 100644 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1305,7 +1556,7 @@ debug_stack_correct: +@@ -1300,7 +1553,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -15121,7 +14957,7 @@ index f3f6f53..0841b66 100644 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1342,6 +1593,9 @@ nmi_stack_correct: +@@ -1337,6 +1590,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -15131,7 +14967,7 @@ index f3f6f53..0841b66 100644 jmp restore_all_notrace CFI_ENDPROC -@@ -1378,12 +1632,15 @@ nmi_espfix_stack: +@@ -1373,12 +1629,15 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx,%edx # zero error code call do_nmi @@ -15148,7 +14984,7 @@ index f3f6f53..0841b66 100644 ENTRY(int3) RING0_INT_FRAME -@@ -1395,14 +1652,14 @@ ENTRY(int3) +@@ -1390,14 +1649,14 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -15165,7 +15001,7 @@ index f3f6f53..0841b66 100644 #ifdef CONFIG_KVM_GUEST ENTRY(async_page_fault) -@@ -1410,7 +1667,7 @@ ENTRY(async_page_fault) +@@ -1405,7 +1664,7 @@ ENTRY(async_page_fault) pushl_cfi $do_async_page_fault jmp error_code CFI_ENDPROC @@ -15175,19 +15011,19 @@ index f3f6f53..0841b66 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index faf8d5e..4f16a68 100644 +index 1333d98..b340ca2 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S -@@ -55,6 +55,8 @@ - #include <asm/paravirt.h> +@@ -56,6 +56,8 @@ #include <asm/ftrace.h> #include <asm/percpu.h> + #include <linux/err.h> +#include <asm/pgtable.h> +#include <asm/alternative-asm.h> /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ #include <linux/elf-em.h> -@@ -68,8 +70,9 @@ +@@ -69,8 +71,9 @@ #ifdef CONFIG_FUNCTION_TRACER #ifdef CONFIG_DYNAMIC_FTRACE ENTRY(mcount) @@ -15198,7 +15034,7 @@ index faf8d5e..4f16a68 100644 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -92,8 +95,9 @@ GLOBAL(ftrace_graph_call) +@@ -93,8 +96,9 @@ GLOBAL(ftrace_graph_call) #endif GLOBAL(ftrace_stub) @@ -15209,7 +15045,7 @@ index faf8d5e..4f16a68 100644 #else /* ! CONFIG_DYNAMIC_FTRACE */ ENTRY(mcount) -@@ -112,6 +116,7 @@ ENTRY(mcount) +@@ -113,6 +117,7 @@ ENTRY(mcount) #endif GLOBAL(ftrace_stub) @@ -15217,7 +15053,7 @@ index faf8d5e..4f16a68 100644 retq trace: -@@ -121,12 +126,13 @@ trace: +@@ -122,12 +127,13 @@ trace: movq 8(%rbp), %rsi subq $MCOUNT_INSN_SIZE, %rdi @@ -15232,7 +15068,7 @@ index faf8d5e..4f16a68 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -146,8 +152,9 @@ ENTRY(ftrace_graph_caller) +@@ -147,8 +153,9 @@ ENTRY(ftrace_graph_caller) MCOUNT_RESTORE_FRAME @@ -15243,7 +15079,7 @@ index faf8d5e..4f16a68 100644 GLOBAL(return_to_handler) subq $24, %rsp -@@ -163,6 +170,7 @@ GLOBAL(return_to_handler) +@@ -164,6 +171,7 @@ GLOBAL(return_to_handler) movq 8(%rsp), %rdx movq (%rsp), %rax addq $24, %rsp @@ -15251,7 +15087,7 @@ index faf8d5e..4f16a68 100644 jmp *%rdi #endif -@@ -178,6 +186,282 @@ ENTRY(native_usergs_sysret64) +@@ -179,6 +187,282 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -15534,7 +15370,7 @@ index faf8d5e..4f16a68 100644 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -231,8 +515,8 @@ ENDPROC(native_usergs_sysret64) +@@ -232,8 +516,8 @@ ENDPROC(native_usergs_sysret64) .endm .macro UNFAKE_STACK_FRAME @@ -15545,7 +15381,7 @@ index faf8d5e..4f16a68 100644 .endm /* -@@ -319,7 +603,7 @@ ENDPROC(native_usergs_sysret64) +@@ -320,7 +604,7 @@ ENDPROC(native_usergs_sysret64) movq %rsp, %rsi leaq -RBP(%rsp),%rdi /* arg1 for handler */ @@ -15554,7 +15390,7 @@ index faf8d5e..4f16a68 100644 je 1f SWAPGS /* -@@ -355,9 +639,10 @@ ENTRY(save_rest) +@@ -356,9 +640,10 @@ ENTRY(save_rest) movq_cfi r15, R15+16 movq %r11, 8(%rsp) /* return address */ FIXUP_TOP_OF_STACK %r11, 16 @@ -15566,7 +15402,7 @@ index faf8d5e..4f16a68 100644 /* save complete stack frame */ .pushsection .kprobes.text, "ax" -@@ -386,9 +671,10 @@ ENTRY(save_paranoid) +@@ -387,9 +672,10 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -15579,16 +15415,16 @@ index faf8d5e..4f16a68 100644 .popsection /* -@@ -410,7 +696,7 @@ ENTRY(ret_from_fork) +@@ -411,7 +697,7 @@ ENTRY(ret_from_fork) RESTORE_REST - testl $3, CS-ARGOFFSET(%rsp) # from kernel_thread? + testb $3, CS-ARGOFFSET(%rsp) # from kernel_thread? - je int_ret_from_sys_call + jz retint_restore_args testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -420,7 +706,7 @@ ENTRY(ret_from_fork) +@@ -421,7 +707,7 @@ ENTRY(ret_from_fork) jmp ret_from_sys_call # go to the SYSRET fastpath CFI_ENDPROC @@ -15597,7 +15433,7 @@ index faf8d5e..4f16a68 100644 /* * System call entry. Up to 6 arguments in registers are supported. -@@ -456,7 +742,7 @@ END(ret_from_fork) +@@ -457,7 +743,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -15606,7 +15442,7 @@ index faf8d5e..4f16a68 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -469,12 +755,13 @@ ENTRY(system_call_after_swapgs) +@@ -470,21 +756,23 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -15621,7 +15457,10 @@ index faf8d5e..4f16a68 100644 movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) CFI_REL_OFFSET rip,RIP-ARGOFFSET -@@ -484,7 +771,7 @@ ENTRY(system_call_after_swapgs) +- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) ++ GET_THREAD_INFO(%rcx) ++ testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%rcx) + jnz tracesys system_call_fastpath: cmpq $__NR_syscall_max,%rax ja badsys @@ -15630,7 +15469,13 @@ index faf8d5e..4f16a68 100644 call *sys_call_table(,%rax,8) # XXX: rip relative movq %rax,RAX-ARGOFFSET(%rsp) /* -@@ -503,6 +790,8 @@ sysret_check: +@@ -498,10 +786,13 @@ sysret_check: + LOCKDEP_SYS_EXIT + DISABLE_INTERRUPTS(CLBR_NONE) + TRACE_IRQS_OFF +- movl TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET),%edx ++ GET_THREAD_INFO(%rcx) ++ movl TI_flags(%rcx),%edx andl %edi,%edx jnz sysret_careful CFI_REMEMBER_STATE @@ -15639,7 +15484,7 @@ index faf8d5e..4f16a68 100644 /* * sysretq will re-enable interrupts: */ -@@ -554,14 +843,18 @@ badsys: +@@ -553,14 +844,18 @@ badsys: * jump back to the normal fast path. */ auditsys: @@ -15650,7 +15495,7 @@ index faf8d5e..4f16a68 100644 movq %rdi,%rdx /* 3rd arg: 1st syscall arg */ movq %rax,%rsi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */ - call audit_syscall_entry + call __audit_syscall_entry + + pax_erase_kstack + @@ -15659,7 +15504,16 @@ index faf8d5e..4f16a68 100644 jmp system_call_fastpath /* -@@ -591,16 +884,20 @@ tracesys: +@@ -581,7 +876,7 @@ sysret_audit: + /* Do syscall tracing */ + tracesys: + #ifdef CONFIG_AUDITSYSCALL +- testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) ++ testl $(_TIF_WORK_SYSCALL_ENTRY & ~_TIF_SYSCALL_AUDIT),TI_flags(%rcx) + jz auditsys + #endif + SAVE_REST +@@ -589,16 +884,20 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -15681,16 +15535,7 @@ index faf8d5e..4f16a68 100644 call *sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) /* Use IRET because user could have changed frame */ -@@ -612,7 +909,7 @@ tracesys: - GLOBAL(int_ret_from_sys_call) - DISABLE_INTERRUPTS(CLBR_NONE) - TRACE_IRQS_OFF -- testl $3,CS-ARGOFFSET(%rsp) -+ testb $3,CS-ARGOFFSET(%rsp) - je retint_restore_args - movl $_TIF_ALLWORK_MASK,%edi - /* edi: mask to check */ -@@ -623,6 +920,7 @@ GLOBAL(int_with_check) +@@ -619,6 +918,7 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -15698,7 +15543,7 @@ index faf8d5e..4f16a68 100644 jmp retint_swapgs /* Either reschedule or signal or syscall exit tracking needed. */ -@@ -669,7 +967,7 @@ int_restore_rest: +@@ -665,7 +965,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -15707,7 +15552,7 @@ index faf8d5e..4f16a68 100644 /* * Certain special system calls that need to save a complete full stack frame. -@@ -685,7 +983,7 @@ ENTRY(\label) +@@ -681,7 +981,7 @@ ENTRY(\label) call \func jmp ptregscall_common CFI_ENDPROC @@ -15716,7 +15561,7 @@ index faf8d5e..4f16a68 100644 .endm PTREGSCALL stub_clone, sys_clone, %r8 -@@ -703,9 +1001,10 @@ ENTRY(ptregscall_common) +@@ -699,9 +999,10 @@ ENTRY(ptregscall_common) movq_cfi_restore R12+8, r12 movq_cfi_restore RBP+8, rbp movq_cfi_restore RBX+8, rbx @@ -15728,7 +15573,7 @@ index faf8d5e..4f16a68 100644 ENTRY(stub_execve) CFI_STARTPROC -@@ -720,7 +1019,7 @@ ENTRY(stub_execve) +@@ -716,7 +1017,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -15737,7 +15582,7 @@ index faf8d5e..4f16a68 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -738,7 +1037,7 @@ ENTRY(stub_rt_sigreturn) +@@ -734,7 +1035,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -15746,7 +15591,7 @@ index faf8d5e..4f16a68 100644 /* * Build the entry stubs and pointer table with some assembler magic. -@@ -773,7 +1072,7 @@ vector=vector+1 +@@ -769,7 +1070,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -15755,7 +15600,7 @@ index faf8d5e..4f16a68 100644 .previous END(interrupt) -@@ -793,6 +1092,16 @@ END(interrupt) +@@ -789,6 +1090,16 @@ END(interrupt) subq $ORIG_RAX-RBP, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP SAVE_ARGS_IRQ @@ -15772,7 +15617,7 @@ index faf8d5e..4f16a68 100644 call \func .endm -@@ -824,7 +1133,7 @@ ret_from_intr: +@@ -820,7 +1131,7 @@ ret_from_intr: exit_intr: GET_THREAD_INFO(%rcx) @@ -15781,7 +15626,7 @@ index faf8d5e..4f16a68 100644 je retint_kernel /* Interrupt came from user space */ -@@ -846,12 +1155,15 @@ retint_swapgs: /* return to user-space */ +@@ -842,12 +1153,15 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -15797,7 +15642,7 @@ index faf8d5e..4f16a68 100644 /* * The iretq could re-enable interrupts: */ -@@ -940,7 +1252,7 @@ ENTRY(retint_kernel) +@@ -936,7 +1250,7 @@ ENTRY(retint_kernel) #endif CFI_ENDPROC @@ -15806,7 +15651,7 @@ index faf8d5e..4f16a68 100644 /* * End of kprobes section */ -@@ -956,7 +1268,7 @@ ENTRY(\sym) +@@ -953,7 +1267,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -15815,7 +15660,7 @@ index faf8d5e..4f16a68 100644 .endm #ifdef CONFIG_SMP -@@ -1021,12 +1333,22 @@ ENTRY(\sym) +@@ -1026,12 +1340,22 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -15839,7 +15684,7 @@ index faf8d5e..4f16a68 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1038,15 +1360,25 @@ ENTRY(\sym) +@@ -1043,15 +1367,25 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -15867,7 +15712,7 @@ index faf8d5e..4f16a68 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1056,14 +1388,30 @@ ENTRY(\sym) +@@ -1061,14 +1395,30 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -15899,7 +15744,7 @@ index faf8d5e..4f16a68 100644 .endm .macro errorentry sym do_sym -@@ -1074,13 +1422,23 @@ ENTRY(\sym) +@@ -1079,13 +1429,23 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -15924,7 +15769,7 @@ index faf8d5e..4f16a68 100644 .endm /* error code is on the stack already */ -@@ -1093,13 +1451,23 @@ ENTRY(\sym) +@@ -1098,13 +1458,23 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -15949,7 +15794,7 @@ index faf8d5e..4f16a68 100644 .endm zeroentry divide_error do_divide_error -@@ -1129,9 +1497,10 @@ gs_change: +@@ -1134,9 +1504,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -15961,7 +15806,7 @@ index faf8d5e..4f16a68 100644 .section __ex_table,"a" .align 8 -@@ -1153,13 +1522,14 @@ ENTRY(kernel_thread_helper) +@@ -1158,13 +1529,14 @@ ENTRY(kernel_thread_helper) * Here we are in the child and the registers are set as they were * at kernel_thread() invocation in the parent. */ @@ -15977,7 +15822,7 @@ index faf8d5e..4f16a68 100644 /* * execve(). This function needs to use IRET, not SYSRET, to set up all state properly. -@@ -1186,11 +1556,11 @@ ENTRY(kernel_execve) +@@ -1191,11 +1563,11 @@ ENTRY(kernel_execve) RESTORE_REST testq %rax,%rax je int_ret_from_sys_call @@ -15991,7 +15836,7 @@ index faf8d5e..4f16a68 100644 /* Call softirq on interrupt stack. Interrupts are off. */ ENTRY(call_softirq) -@@ -1208,9 +1578,10 @@ ENTRY(call_softirq) +@@ -1213,9 +1585,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -16003,7 +15848,7 @@ index faf8d5e..4f16a68 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1248,7 +1619,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1253,7 +1626,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -16012,7 +15857,7 @@ index faf8d5e..4f16a68 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1307,7 +1678,7 @@ ENTRY(xen_failsafe_callback) +@@ -1312,7 +1685,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -16021,7 +15866,7 @@ index faf8d5e..4f16a68 100644 apicinterrupt XEN_HVM_EVTCHN_CALLBACK \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1356,16 +1727,31 @@ ENTRY(paranoid_exit) +@@ -1361,16 +1734,31 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -16054,7 +15899,7 @@ index faf8d5e..4f16a68 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1394,7 +1780,7 @@ paranoid_schedule: +@@ -1399,7 +1787,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -16063,7 +15908,7 @@ index faf8d5e..4f16a68 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1421,12 +1807,13 @@ ENTRY(error_entry) +@@ -1426,12 +1814,13 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -16078,7 +15923,7 @@ index faf8d5e..4f16a68 100644 ret /* -@@ -1453,7 +1840,7 @@ bstep_iret: +@@ -1458,7 +1847,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -16087,17 +15932,30 @@ index faf8d5e..4f16a68 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1473,7 +1860,7 @@ ENTRY(error_exit) +@@ -1478,7 +1867,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC -END(error_exit) +ENDPROC(error_exit) - - /* runs on exception stack */ -@@ -1485,6 +1872,16 @@ ENTRY(nmi) - CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 + /* + * Test if a given stack is an NMI stack or not. +@@ -1535,9 +1924,11 @@ ENTRY(nmi) + * If %cs was not the kernel segment, then the NMI triggered in user + * space, which means it is definitely not nested. + */ ++ cmpl $__KERNEXEC_KERNEL_CS, 16(%rsp) ++ je 1f + cmpl $__KERNEL_CS, 16(%rsp) + jne first_nmi +- ++1: + /* + * Check the special variable on the stack to see if NMIs are + * executing. +@@ -1659,6 +2050,16 @@ restart_nmi: + */ call save_paranoid DEFAULT_FRAME 0 +#ifdef CONFIG_PAX_MEMORY_UDEREF @@ -16113,20 +15971,9 @@ index faf8d5e..4f16a68 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1495,12 +1892,28 @@ ENTRY(nmi) - DISABLE_INTERRUPTS(CLBR_NONE) +@@ -1666,14 +2067,25 @@ restart_nmi: testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore -- testl $3,CS(%rsp) -+ testb $3,CS(%rsp) - jnz nmi_userspace -+#ifdef CONFIG_PAX_MEMORY_UDEREF -+ pax_exit_kernel -+ SWAPGS_UNSAFE_STACK -+ RESTORE_ALL 8 -+ pax_force_retaddr_bts -+ jmp irq_return -+#endif nmi_swapgs: +#ifdef CONFIG_PAX_MEMORY_UDEREF + pax_exit_kernel_user @@ -16135,23 +15982,23 @@ index faf8d5e..4f16a68 100644 +#endif SWAPGS_UNSAFE_STACK + RESTORE_ALL 8 ++ /* Clear the NMI executing stack variable */ ++ movq $0, 10*8(%rsp) + jmp irq_return nmi_restore: + pax_exit_kernel RESTORE_ALL 8 + pax_force_retaddr_bts + /* Clear the NMI executing stack variable */ + movq $0, 10*8(%rsp) jmp irq_return - nmi_userspace: - GET_THREAD_INFO(%rcx) -@@ -1529,14 +1942,14 @@ nmi_schedule: - jmp paranoid_exit CFI_ENDPROC - #endif -END(nmi) +ENDPROC(nmi) - ENTRY(ignore_sysret) - CFI_STARTPROC + /* + * If an NMI hit an iret because of an exception or breakpoint, +@@ -1700,7 +2112,7 @@ ENTRY(ignore_sysret) mov $-ENOSYS,%eax sysret CFI_ENDPROC @@ -16222,7 +16069,7 @@ index c9a281f..ce2f317 100644 return -EFAULT; diff --git a/arch/x86/kernel/head32.c b/arch/x86/kernel/head32.c -index 3bb0850..55a56f4 100644 +index 51ff186..9e77418 100644 --- a/arch/x86/kernel/head32.c +++ b/arch/x86/kernel/head32.c @@ -19,6 +19,7 @@ @@ -16233,12 +16080,13 @@ index 3bb0850..55a56f4 100644 static void __init i386_default_early_setup(void) { -@@ -33,7 +34,7 @@ void __init i386_start_kernel(void) - { - memblock_init(); +@@ -31,8 +32,7 @@ static void __init i386_default_early_setup(void) -- memblock_x86_reserve_range(__pa_symbol(&_text), __pa_symbol(&__bss_stop), "TEXT DATA BSS"); -+ memblock_x86_reserve_range(LOAD_PHYSICAL_ADDR, __pa_symbol(&__bss_stop), "TEXT DATA BSS"); + void __init i386_start_kernel(void) + { +- memblock_reserve(__pa_symbol(&_text), +- __pa_symbol(&__bss_stop) - __pa_symbol(&_text)); ++ memblock_reserve(LOAD_PHYSICAL_ADDR, __pa_symbol(&__bss_stop) - LOAD_PHYSICAL_ADDR); #ifdef CONFIG_BLK_DEV_INITRD /* Reserve INITRD */ @@ -16681,7 +16529,7 @@ index ce0be7c..c41476e 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index e11e394..9aebc5d 100644 +index 40f4eb3..6d24d9d 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -19,6 +19,8 @@ @@ -16907,7 +16755,7 @@ index e11e394..9aebc5d 100644 NEXT_PAGE(level2_kernel_pgt) /* -@@ -389,33 +429,55 @@ NEXT_PAGE(level2_kernel_pgt) +@@ -389,37 +429,59 @@ NEXT_PAGE(level2_kernel_pgt) * If you want to increase this then increase MODULES_VADDR * too.) */ @@ -16971,6 +16819,11 @@ index e11e394..9aebc5d 100644 - .skip IDT_ENTRIES * 16 + .fill 512,8,0 + .align L1_CACHE_BYTES + ENTRY(nmi_idt_table) +- .skip IDT_ENTRIES * 16 ++ .fill 512,8,0 + __PAGE_ALIGNED_BSS .align PAGE_SIZE diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksyms_32.c @@ -16998,79 +16851,6 @@ index 9c3bd4a..e1d9b35 100644 +#ifdef CONFIG_PAX_KERNEXEC +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR); +#endif -diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c -index 739d859..d1d6be7 100644 ---- a/arch/x86/kernel/i387.c -+++ b/arch/x86/kernel/i387.c -@@ -188,6 +188,9 @@ int xfpregs_active(struct task_struct *target, const struct user_regset *regset) - - int xfpregs_get(struct task_struct *target, const struct user_regset *regset, - unsigned int pos, unsigned int count, -+ void *kbuf, void __user *ubuf) __size_overflow(4); -+int xfpregs_get(struct task_struct *target, const struct user_regset *regset, -+ unsigned int pos, unsigned int count, - void *kbuf, void __user *ubuf) - { - int ret; -@@ -207,6 +210,9 @@ int xfpregs_get(struct task_struct *target, const struct user_regset *regset, - - int xfpregs_set(struct task_struct *target, const struct user_regset *regset, - unsigned int pos, unsigned int count, -+ const void *kbuf, const void __user *ubuf) __size_overflow(4); -+int xfpregs_set(struct task_struct *target, const struct user_regset *regset, -+ unsigned int pos, unsigned int count, - const void *kbuf, const void __user *ubuf) - { - int ret; -@@ -240,6 +246,9 @@ int xfpregs_set(struct task_struct *target, const struct user_regset *regset, - - int xstateregs_get(struct task_struct *target, const struct user_regset *regset, - unsigned int pos, unsigned int count, -+ void *kbuf, void __user *ubuf) __size_overflow(4); -+int xstateregs_get(struct task_struct *target, const struct user_regset *regset, -+ unsigned int pos, unsigned int count, - void *kbuf, void __user *ubuf) - { - int ret; -@@ -269,6 +278,9 @@ int xstateregs_get(struct task_struct *target, const struct user_regset *regset, - - int xstateregs_set(struct task_struct *target, const struct user_regset *regset, - unsigned int pos, unsigned int count, -+ const void *kbuf, const void __user *ubuf) __size_overflow(4); -+int xstateregs_set(struct task_struct *target, const struct user_regset *regset, -+ unsigned int pos, unsigned int count, - const void *kbuf, const void __user *ubuf) - { - int ret; -@@ -439,6 +451,9 @@ static void convert_to_fxsr(struct task_struct *tsk, - - int fpregs_get(struct task_struct *target, const struct user_regset *regset, - unsigned int pos, unsigned int count, -+ void *kbuf, void __user *ubuf) __size_overflow(3,4); -+int fpregs_get(struct task_struct *target, const struct user_regset *regset, -+ unsigned int pos, unsigned int count, - void *kbuf, void __user *ubuf) - { - struct user_i387_ia32_struct env; -@@ -471,6 +486,9 @@ int fpregs_get(struct task_struct *target, const struct user_regset *regset, - - int fpregs_set(struct task_struct *target, const struct user_regset *regset, - unsigned int pos, unsigned int count, -+ const void *kbuf, const void __user *ubuf) __size_overflow(3,4); -+int fpregs_set(struct task_struct *target, const struct user_regset *regset, -+ unsigned int pos, unsigned int count, - const void *kbuf, const void __user *ubuf) - { - struct user_i387_ia32_struct env; -@@ -619,6 +637,8 @@ static inline int restore_i387_fsave(struct _fpstate_ia32 __user *buf) - } - - static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf, -+ unsigned int size) __size_overflow(2); -+static int restore_i387_fxsave(struct _fpstate_ia32 __user *buf, - unsigned int size) - { - struct task_struct *tsk = current; diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c index 6104852..6114160 100644 --- a/arch/x86/kernel/i8259.c @@ -17154,7 +16934,7 @@ index 8c96897..be66bfa 100644 return -EPERM; } diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c -index 429e0c9..17b3ece 100644 +index 7943e0c..dd32c5c 100644 --- a/arch/x86/kernel/irq.c +++ b/arch/x86/kernel/irq.c @@ -18,7 +18,7 @@ @@ -17166,7 +16946,7 @@ index 429e0c9..17b3ece 100644 /* Function pointer for generic interrupt vector handling */ void (*x86_platform_ipi_callback)(void) = NULL; -@@ -117,9 +117,9 @@ int arch_show_interrupts(struct seq_file *p, int prec) +@@ -121,9 +121,9 @@ int arch_show_interrupts(struct seq_file *p, int prec) seq_printf(p, "%10u ", per_cpu(mce_poll_count, j)); seq_printf(p, " Machine check polls\n"); #endif @@ -17178,7 +16958,7 @@ index 429e0c9..17b3ece 100644 #endif return 0; } -@@ -159,10 +159,10 @@ u64 arch_irq_stat_cpu(unsigned int cpu) +@@ -164,10 +164,10 @@ u64 arch_irq_stat_cpu(unsigned int cpu) u64 arch_irq_stat(void) { @@ -17192,10 +16972,10 @@ index 429e0c9..17b3ece 100644 return sum; } diff --git a/arch/x86/kernel/irq_32.c b/arch/x86/kernel/irq_32.c -index 7209070..cbcd71a 100644 +index 40fc861..9b8739b 100644 --- a/arch/x86/kernel/irq_32.c +++ b/arch/x86/kernel/irq_32.c -@@ -36,7 +36,7 @@ static int check_stack_overflow(void) +@@ -39,7 +39,7 @@ static int check_stack_overflow(void) __asm__ __volatile__("andl %%esp,%0" : "=r" (sp) : "0" (THREAD_SIZE - 1)); @@ -17204,7 +16984,7 @@ index 7209070..cbcd71a 100644 } static void print_stack_overflow(void) -@@ -54,8 +54,8 @@ static inline void print_stack_overflow(void) { } +@@ -59,8 +59,8 @@ static inline void print_stack_overflow(void) { } * per-CPU IRQ handling contexts (thread information and stack) */ union irq_ctx { @@ -17215,7 +16995,7 @@ index 7209070..cbcd71a 100644 } __attribute__((aligned(THREAD_SIZE))); static DEFINE_PER_CPU(union irq_ctx *, hardirq_ctx); -@@ -75,10 +75,9 @@ static void call_on_stack(void *func, void *stack) +@@ -80,10 +80,9 @@ static void call_on_stack(void *func, void *stack) static inline int execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) { @@ -17227,7 +17007,7 @@ index 7209070..cbcd71a 100644 irqctx = __this_cpu_read(hardirq_ctx); /* -@@ -87,21 +86,16 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) +@@ -92,21 +91,16 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) * handler) we can't do that and just have to keep using the * current stack (which is the irq stack already after all) */ @@ -17255,7 +17035,7 @@ index 7209070..cbcd71a 100644 if (unlikely(overflow)) call_on_stack(print_stack_overflow, isp); -@@ -113,6 +107,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) +@@ -118,6 +112,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) : "0" (irq), "1" (desc), "2" (isp), "D" (desc->handle_irq) : "memory", "cc", "ecx"); @@ -17267,7 +17047,7 @@ index 7209070..cbcd71a 100644 return 1; } -@@ -121,29 +120,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) +@@ -126,29 +125,11 @@ execute_on_irq_stack(int overflow, struct irq_desc *desc, int irq) */ void __cpuinit irq_ctx_init(int cpu) { @@ -17299,7 +17079,7 @@ index 7209070..cbcd71a 100644 printk(KERN_DEBUG "CPU %u irqstacks, hard=%p soft=%p\n", cpu, per_cpu(hardirq_ctx, cpu), per_cpu(softirq_ctx, cpu)); -@@ -152,7 +133,6 @@ void __cpuinit irq_ctx_init(int cpu) +@@ -157,7 +138,6 @@ void __cpuinit irq_ctx_init(int cpu) asmlinkage void do_softirq(void) { unsigned long flags; @@ -17307,7 +17087,7 @@ index 7209070..cbcd71a 100644 union irq_ctx *irqctx; u32 *isp; -@@ -162,15 +142,22 @@ asmlinkage void do_softirq(void) +@@ -167,15 +147,22 @@ asmlinkage void do_softirq(void) local_irq_save(flags); if (local_softirq_pending()) { @@ -17335,18 +17115,18 @@ index 7209070..cbcd71a 100644 * Shouldn't happen, we returned above if in_interrupt(): */ diff --git a/arch/x86/kernel/irq_64.c b/arch/x86/kernel/irq_64.c -index 69bca46..0bac999 100644 +index d04d3ec..ea4b374 100644 --- a/arch/x86/kernel/irq_64.c +++ b/arch/x86/kernel/irq_64.c -@@ -38,7 +38,7 @@ static inline void stack_overflow_check(struct pt_regs *regs) - #ifdef CONFIG_DEBUG_STACKOVERFLOW +@@ -44,7 +44,7 @@ static inline void stack_overflow_check(struct pt_regs *regs) + u64 estack_top, estack_bottom; u64 curbase = (u64)task_stack_page(current); - if (user_mode_vm(regs)) + if (user_mode(regs)) return; - WARN_ONCE(regs->sp >= curbase && + if (regs->sp >= curbase + sizeof(struct thread_info) + diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c index faba577..93b9e71 100644 --- a/arch/x86/kernel/kgdb.c @@ -17536,20 +17316,8 @@ index 7da647d..56fe348 100644 RELATIVE_ADDR_SIZE); insn_buf[0] = RELATIVEJUMP_OPCODE; -diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c -index a9c2116..a52d4fc 100644 ---- a/arch/x86/kernel/kvm.c -+++ b/arch/x86/kernel/kvm.c -@@ -437,6 +437,7 @@ static void __init paravirt_ops_setup(void) - pv_mmu_ops.set_pud = kvm_set_pud; - #if PAGETABLE_LEVELS == 4 - pv_mmu_ops.set_pgd = kvm_set_pgd; -+ pv_mmu_ops.set_pgd_batched = kvm_set_pgd; - #endif - #endif - pv_mmu_ops.flush_tlb_user = kvm_flush_tlb; diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c -index ea69726..8b497c9 100644 +index ea69726..604d066 100644 --- a/arch/x86/kernel/ldt.c +++ b/arch/x86/kernel/ldt.c @@ -67,13 +67,13 @@ static int alloc_ldt(mm_context_t *pc, int mincount, int reload) @@ -17602,15 +17370,7 @@ index ea69726..8b497c9 100644 return retval; } -@@ -141,6 +159,7 @@ void destroy_context(struct mm_struct *mm) - } - } - -+static int read_ldt(void __user *ptr, unsigned long bytecount) __size_overflow(2); - static int read_ldt(void __user *ptr, unsigned long bytecount) - { - int err; -@@ -230,6 +249,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) +@@ -230,6 +248,13 @@ static int write_ldt(void __user *ptr, unsigned long bytecount, int oldmode) } } @@ -17656,14 +17416,11 @@ index a3fa43b..8966f4c 100644 relocate_kernel_ptr = control_page; page_list[PA_CONTROL_PAGE] = __pa(control_page); diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/microcode_intel.c -index 3ca42d0..79d24cd 100644 +index 3ca42d0..7cff8cc 100644 --- a/arch/x86/kernel/microcode_intel.c +++ b/arch/x86/kernel/microcode_intel.c -@@ -434,15 +434,16 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device) - return ret; - } +@@ -436,13 +436,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device) -+static int get_ucode_user(void *to, const void *from, size_t n) __size_overflow(3); static int get_ucode_user(void *to, const void *from, size_t n) { - return copy_from_user(to, from, n); @@ -17816,10 +17573,10 @@ index 925179f..267ac7a 100644 if ((s64)val != *(s32 *)loc) goto overflow; diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c -index e88f37b..1353db6 100644 +index 47acaf3..ec48ab6 100644 --- a/arch/x86/kernel/nmi.c +++ b/arch/x86/kernel/nmi.c -@@ -408,6 +408,17 @@ static notrace __kprobes void default_do_nmi(struct pt_regs *regs) +@@ -505,6 +505,17 @@ static inline void nmi_nesting_postprocess(void) dotraplinkage notrace __kprobes void do_nmi(struct pt_regs *regs, long error_code) { @@ -17834,9 +17591,9 @@ index e88f37b..1353db6 100644 + } +#endif + - nmi_enter(); + nmi_nesting_preprocess(regs); - inc_irq_stat(__nmi_count); + nmi_enter(); diff --git a/arch/x86/kernel/paravirt-spinlocks.c b/arch/x86/kernel/paravirt-spinlocks.c index 676b8c7..870ba04 100644 --- a/arch/x86/kernel/paravirt-spinlocks.c @@ -17999,7 +17756,7 @@ index 35ccf75..7a15747 100644 #define DEBUG 1 diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index ee5d4fb..426649b 100644 +index 15763af..da59ada 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -48,16 +48,33 @@ void free_thread_xstate(struct task_struct *tsk) @@ -18140,7 +17897,7 @@ index ee5d4fb..426649b 100644 +} +#endif diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c -index 8598296..bfadef0 100644 +index c08d1ff..6ae1c81 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -67,6 +67,7 @@ asmlinkage void ret_from_fork(void) __asm__("ret_from_fork"); @@ -18151,7 +17908,7 @@ index 8598296..bfadef0 100644 } #ifndef CONFIG_SMP -@@ -130,15 +131,14 @@ void __show_regs(struct pt_regs *regs, int all) +@@ -132,15 +133,14 @@ void __show_regs(struct pt_regs *regs, int all) unsigned long sp; unsigned short ss, gs; @@ -18169,7 +17926,7 @@ index 8598296..bfadef0 100644 show_regs_common(); -@@ -200,13 +200,14 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -202,13 +202,14 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, struct task_struct *tsk; int err; @@ -18185,7 +17942,7 @@ index 8598296..bfadef0 100644 p->thread.ip = (unsigned long) ret_from_fork; -@@ -296,7 +297,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -299,7 +300,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) struct thread_struct *prev = &prev_p->thread, *next = &next_p->thread; int cpu = smp_processor_id(); @@ -18194,7 +17951,7 @@ index 8598296..bfadef0 100644 fpu_switch_t fpu; /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */ -@@ -320,6 +321,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -323,6 +324,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) */ lazy_save_gs(prev->gs); @@ -18205,7 +17962,7 @@ index 8598296..bfadef0 100644 /* * Load the per-thread Thread-Local Storage descriptor. */ -@@ -350,6 +355,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -353,6 +358,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) */ arch_end_context_switch(next_p); @@ -18215,7 +17972,7 @@ index 8598296..bfadef0 100644 /* * Restore %gs if needed (which is common) */ -@@ -358,8 +366,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -361,8 +369,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) switch_fpu_finish(next_p, fpu); @@ -18224,13 +17981,13 @@ index 8598296..bfadef0 100644 return prev_p; } -@@ -389,4 +395,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -392,4 +398,3 @@ unsigned long get_wchan(struct task_struct *p) } while (count++ < 16); return 0; } - diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c -index 6a364a6..b147d11 100644 +index cfa5c90..4facd28 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -89,7 +89,7 @@ static void __exit_idle(void) @@ -18242,7 +17999,7 @@ index 6a364a6..b147d11 100644 return; __exit_idle(); } -@@ -264,8 +264,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -270,8 +270,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, struct pt_regs *childregs; struct task_struct *me = current; @@ -18252,7 +18009,7 @@ index 6a364a6..b147d11 100644 *childregs = *regs; childregs->ax = 0; -@@ -277,6 +276,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -283,6 +282,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, p->thread.sp = (unsigned long) childregs; p->thread.sp0 = (unsigned long) (childregs+1); p->thread.usersp = me->thread.usersp; @@ -18260,7 +18017,7 @@ index 6a364a6..b147d11 100644 set_tsk_thread_flag(p, TIF_FORK); -@@ -379,7 +379,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -385,7 +385,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) struct thread_struct *prev = &prev_p->thread; struct thread_struct *next = &next_p->thread; int cpu = smp_processor_id(); @@ -18269,7 +18026,7 @@ index 6a364a6..b147d11 100644 unsigned fsindex, gsindex; fpu_switch_t fpu; -@@ -461,10 +461,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -467,10 +467,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) prev->usersp = percpu_read(old_rsp); percpu_write(old_rsp, next->usersp); percpu_write(current_task, next_p); @@ -18282,7 +18039,7 @@ index 6a364a6..b147d11 100644 /* * Now maybe reload the debug registers and handle I/O bitmaps -@@ -519,12 +518,11 @@ unsigned long get_wchan(struct task_struct *p) +@@ -525,12 +524,11 @@ unsigned long get_wchan(struct task_struct *p) if (!p || p == current || p->state == TASK_RUNNING) return 0; stack = (unsigned long)task_stack_page(p); @@ -18298,21 +18055,10 @@ index 6a364a6..b147d11 100644 ip = *(u64 *)(fp+8); if (!in_sched_functions(ip)) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c -index 8252879..f367ec9 100644 +index 5026738..9e6d6dc 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c -@@ -791,6 +791,10 @@ static int ioperm_active(struct task_struct *target, - static int ioperm_get(struct task_struct *target, - const struct user_regset *regset, - unsigned int pos, unsigned int count, -+ void *kbuf, void __user *ubuf) __size_overflow(3,4); -+static int ioperm_get(struct task_struct *target, -+ const struct user_regset *regset, -+ unsigned int pos, unsigned int count, - void *kbuf, void __user *ubuf) - { - if (!target->thread.io_bitmap_ptr) -@@ -822,7 +826,7 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -823,7 +823,7 @@ long arch_ptrace(struct task_struct *child, long request, unsigned long addr, unsigned long data) { int ret; @@ -18321,7 +18067,7 @@ index 8252879..f367ec9 100644 switch (request) { /* read the word at location addr in the USER area. */ -@@ -907,14 +911,14 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -908,14 +908,14 @@ long arch_ptrace(struct task_struct *child, long request, if ((int) addr < 0) return -EIO; ret = do_get_thread_area(child, addr, @@ -18338,7 +18084,7 @@ index 8252879..f367ec9 100644 break; #endif -@@ -1331,7 +1335,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, +@@ -1332,7 +1332,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, memset(info, 0, sizeof(*info)); info->si_signo = SIGTRAP; info->si_code = si_code; @@ -18380,7 +18126,7 @@ index 42eb330..139955c 100644 return ret; diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c -index 37a458b..e63d183 100644 +index d840e69..98e9581 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c @@ -35,7 +35,7 @@ void (*pm_power_off)(void); @@ -18392,7 +18138,7 @@ index 37a458b..e63d183 100644 enum reboot_type reboot_type = BOOT_ACPI; int reboot_force; -@@ -324,13 +324,17 @@ core_initcall(reboot_init); +@@ -335,13 +335,17 @@ core_initcall(reboot_init); extern const unsigned char machine_real_restart_asm[]; extern const u64 machine_real_restart_gdt[3]; @@ -18412,7 +18158,7 @@ index 37a458b..e63d183 100644 local_irq_disable(); /* Write zero to CMOS register number 0x0f, which the BIOS POST -@@ -356,14 +360,14 @@ void machine_real_restart(unsigned int type) +@@ -367,14 +371,14 @@ void machine_real_restart(unsigned int type) boot)". This seems like a fairly standard thing that gets set by REBOOT.COM programs, and the previous reset routine did this too. */ @@ -18429,7 +18175,7 @@ index 37a458b..e63d183 100644 /* GDT[0]: GDT self-pointer */ lowmem_gdt[0] = -@@ -374,7 +378,33 @@ void machine_real_restart(unsigned int type) +@@ -385,7 +389,33 @@ void machine_real_restart(unsigned int type) GDT_ENTRY(0x009b, restart_pa, 0xffff); /* Jump to the identity-mapped low memory code */ @@ -18463,7 +18209,7 @@ index 37a458b..e63d183 100644 } #ifdef CONFIG_APM_MODULE EXPORT_SYMBOL(machine_real_restart); -@@ -540,7 +570,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) +@@ -556,7 +586,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) * try to force a triple fault and then cycle between hitting the keyboard * controller and doing that */ @@ -18472,7 +18218,7 @@ index 37a458b..e63d183 100644 { int i; int attempt = 0; -@@ -664,13 +694,13 @@ void native_machine_shutdown(void) +@@ -680,13 +710,13 @@ void native_machine_shutdown(void) #endif } @@ -18488,7 +18234,7 @@ index 37a458b..e63d183 100644 { printk("machine restart\n"); -@@ -679,7 +709,7 @@ static void native_machine_restart(char *__unused) +@@ -695,7 +725,7 @@ static void native_machine_restart(char *__unused) __machine_emergency_restart(0); } @@ -18497,7 +18243,7 @@ index 37a458b..e63d183 100644 { /* stop other cpus and apics */ machine_shutdown(); -@@ -690,7 +720,7 @@ static void native_machine_halt(void) +@@ -706,7 +736,7 @@ static void native_machine_halt(void) stop_this_cpu(NULL); } @@ -18506,7 +18252,7 @@ index 37a458b..e63d183 100644 { if (pm_power_off) { if (!reboot_force) -@@ -699,6 +729,7 @@ static void native_machine_power_off(void) +@@ -715,6 +745,7 @@ static void native_machine_power_off(void) } /* a fallback in case there is no PM info available */ tboot_shutdown(TB_SHUTDOWN_HALT); @@ -18543,10 +18289,10 @@ index 7a6f3b3..bed145d7 100644 1: diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index cf0ef98..e3f780b 100644 +index d7d5099..28555d0 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -447,7 +447,7 @@ static void __init parse_setup_data(void) +@@ -448,7 +448,7 @@ static void __init parse_setup_data(void) switch (data->type) { case SETUP_E820_EXT: @@ -18555,7 +18301,7 @@ index cf0ef98..e3f780b 100644 break; case SETUP_DTB: add_dtb(pa_data); -@@ -650,7 +650,7 @@ static void __init trim_bios_range(void) +@@ -649,7 +649,7 @@ static void __init trim_bios_range(void) * area (640->1Mb) as ram even though it is not. * take them out. */ @@ -18564,7 +18310,7 @@ index cf0ef98..e3f780b 100644 sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map); } -@@ -773,14 +773,14 @@ void __init setup_arch(char **cmdline_p) +@@ -767,14 +767,14 @@ void __init setup_arch(char **cmdline_p) if (!boot_params.hdr.root_flags) root_mountflags &= ~MS_RDONLY; @@ -18585,7 +18331,7 @@ index cf0ef98..e3f780b 100644 bss_resource.start = virt_to_phys(&__bss_start); bss_resource.end = virt_to_phys(&__bss_stop)-1; diff --git a/arch/x86/kernel/setup_percpu.c b/arch/x86/kernel/setup_percpu.c -index 71f4727..217419b 100644 +index 71f4727..16dc9f7 100644 --- a/arch/x86/kernel/setup_percpu.c +++ b/arch/x86/kernel/setup_percpu.c @@ -21,19 +21,17 @@ @@ -18612,25 +18358,7 @@ index 71f4727..217419b 100644 [0 ... NR_CPUS-1] = BOOT_PERCPU_OFFSET, }; EXPORT_SYMBOL(__per_cpu_offset); -@@ -96,6 +94,8 @@ static bool __init pcpu_need_numa(void) - * Pointer to the allocated area on success, NULL on failure. - */ - static void * __init pcpu_alloc_bootmem(unsigned int cpu, unsigned long size, -+ unsigned long align) __size_overflow(2); -+static void * __init pcpu_alloc_bootmem(unsigned int cpu, unsigned long size, - unsigned long align) - { - const unsigned long goal = __pa(MAX_DMA_ADDRESS); -@@ -124,6 +124,8 @@ static void * __init pcpu_alloc_bootmem(unsigned int cpu, unsigned long size, - /* - * Helpers for first chunk memory allocation - */ -+static void * __init pcpu_fc_alloc(unsigned int cpu, size_t size, size_t align) __size_overflow(2); -+ - static void * __init pcpu_fc_alloc(unsigned int cpu, size_t size, size_t align) - { - return pcpu_alloc_bootmem(cpu, size, align); -@@ -155,10 +157,10 @@ static inline void setup_percpu_segment(int cpu) +@@ -155,10 +153,10 @@ static inline void setup_percpu_segment(int cpu) { #ifdef CONFIG_X86_32 struct desc_struct gdt; @@ -18644,7 +18372,7 @@ index 71f4727..217419b 100644 write_gdt_entry(get_cpu_gdt_table(cpu), GDT_ENTRY_PERCPU, &gdt, DESCTYPE_S); #endif -@@ -207,6 +209,11 @@ void __init setup_per_cpu_areas(void) +@@ -207,6 +205,11 @@ void __init setup_per_cpu_areas(void) /* alrighty, percpu areas up and running */ delta = (unsigned long)pcpu_base_addr - (unsigned long)__per_cpu_start; for_each_possible_cpu(cpu) { @@ -18656,7 +18384,7 @@ index 71f4727..217419b 100644 per_cpu_offset(cpu) = delta + pcpu_unit_offsets[cpu]; per_cpu(this_cpu_off, cpu) = per_cpu_offset(cpu); per_cpu(cpu_number, cpu) = cpu; -@@ -247,6 +254,12 @@ void __init setup_per_cpu_areas(void) +@@ -247,6 +250,12 @@ void __init setup_per_cpu_areas(void) */ set_cpu_numa_node(cpu, early_cpu_to_node(cpu)); #endif @@ -18670,7 +18398,7 @@ index 71f4727..217419b 100644 * Up to this point, the boot CPU has been using .init.data * area. Reload any changed state for the boot CPU. diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c -index 54ddaeb2..22c3bdc 100644 +index 46a01bd..2e88e6d 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c @@ -198,7 +198,7 @@ static unsigned long align_sigframe(unsigned long sp) @@ -18738,7 +18466,7 @@ index 54ddaeb2..22c3bdc 100644 } put_user_catch(err); if (err) -@@ -769,7 +772,7 @@ static void do_signal(struct pt_regs *regs) +@@ -765,7 +768,7 @@ static void do_signal(struct pt_regs *regs) * X86_32: vm86 regs switched out by assembly code before reaching * here, so testing against kernel CS suffices. */ @@ -18748,10 +18476,10 @@ index 54ddaeb2..22c3bdc 100644 signr = get_signal_to_deliver(&info, &ka, regs, NULL); diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index 9f548cb..caf76f7 100644 +index 66d250c..f1b10bd 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c -@@ -709,17 +709,20 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu) +@@ -715,17 +715,20 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu) set_idle_for_cpu(cpu, c_idle.idle); do_rest: per_cpu(current_task, cpu) = c_idle.idle; @@ -18775,7 +18503,7 @@ index 9f548cb..caf76f7 100644 initial_code = (unsigned long)start_secondary; stack_start = c_idle.idle->thread.sp; -@@ -861,6 +864,12 @@ int __cpuinit native_cpu_up(unsigned int cpu) +@@ -868,6 +871,12 @@ int __cpuinit native_cpu_up(unsigned int cpu) per_cpu(cpu_state, cpu) = CPU_UP_PREPARE; @@ -19207,15 +18935,6 @@ index 0514890..3dbebce 100644 mm->cached_hole_size = ~0UL; return addr; -diff --git a/arch/x86/kernel/syscall_table_32.S b/arch/x86/kernel/syscall_table_32.S -index 9a0e312..e6f66f2 100644 ---- a/arch/x86/kernel/syscall_table_32.S -+++ b/arch/x86/kernel/syscall_table_32.S -@@ -1,3 +1,4 @@ -+.section .rodata,"a",@progbits - ENTRY(sys_call_table) - .long sys_restart_syscall /* 0 - old "setup()" system call, used for restarting */ - .long sys_exit diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c index e2410e2..4fe3fbc 100644 --- a/arch/x86/kernel/tboot.c @@ -19303,7 +19022,7 @@ index dd5fbf4..b7f2232 100644 return pc; } diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c -index 6bb7b85..dd853e1 100644 +index 6bb7b85..8f88b4a 100644 --- a/arch/x86/kernel/tls.c +++ b/arch/x86/kernel/tls.c @@ -85,6 +85,11 @@ int do_set_thread_area(struct task_struct *p, int idx, @@ -19318,18 +19037,24 @@ index 6bb7b85..dd853e1 100644 set_tls_desc(p, idx, &info, 1); return 0; -diff --git a/arch/x86/kernel/tls.h b/arch/x86/kernel/tls.h -index 2f083a2..7d3fecc 100644 ---- a/arch/x86/kernel/tls.h -+++ b/arch/x86/kernel/tls.h -@@ -16,6 +16,6 @@ - - extern user_regset_active_fn regset_tls_active; - extern user_regset_get_fn regset_tls_get; --extern user_regset_set_fn regset_tls_set; -+extern user_regset_set_fn regset_tls_set __size_overflow(4); - - #endif /* _ARCH_X86_KERNEL_TLS_H */ +@@ -163,7 +168,7 @@ int regset_tls_get(struct task_struct *target, const struct user_regset *regset, + { + const struct desc_struct *tls; + +- if (pos > GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) || ++ if (pos >= GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) || + (pos % sizeof(struct user_desc)) != 0 || + (count % sizeof(struct user_desc)) != 0) + return -EINVAL; +@@ -198,7 +203,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset, + struct user_desc infobuf[GDT_ENTRY_TLS_ENTRIES]; + const struct user_desc *info; + +- if (pos > GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) || ++ if (pos >= GDT_ENTRY_TLS_ENTRIES * sizeof(struct user_desc) || + (pos % sizeof(struct user_desc)) != 0 || + (count % sizeof(struct user_desc)) != 0) + return -EINVAL; diff --git a/arch/x86/kernel/trampoline_32.S b/arch/x86/kernel/trampoline_32.S index 451c0a7..e57f551 100644 --- a/arch/x86/kernel/trampoline_32.S @@ -19379,7 +19104,7 @@ index 09ff517..df19fbff 100644 .short 0 .quad 0x00cf9b000000ffff # __KERNEL32_CS diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index 31d9d0f..e244dd9 100644 +index 4bbe04d..41d0943 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -70,12 +70,6 @@ asmlinkage int system_call(void); @@ -19497,7 +19222,7 @@ index 31d9d0f..e244dd9 100644 die("general protection fault", regs, error_code); } -@@ -414,7 +443,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -421,7 +450,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) /* It's safe to allow irq's after DR6 has been saved */ preempt_conditional_sti(regs); @@ -19506,7 +19231,7 @@ index 31d9d0f..e244dd9 100644 handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code, 1); preempt_conditional_cli(regs); -@@ -428,7 +457,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -436,7 +465,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) * We already checked v86 mode above, so we can check for kernel mode * by just checking the CPL of CS. */ @@ -19515,7 +19240,7 @@ index 31d9d0f..e244dd9 100644 tsk->thread.debugreg6 &= ~DR_STEP; set_tsk_thread_flag(tsk, TIF_SINGLESTEP); regs->flags &= ~X86_EFLAGS_TF; -@@ -457,7 +486,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) +@@ -466,7 +495,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) return; conditional_sti(regs); @@ -19524,17 +19249,6 @@ index 31d9d0f..e244dd9 100644 { if (!fixup_exception(regs)) { task->thread.error_code = error_code; -@@ -569,8 +598,8 @@ asmlinkage void __attribute__((weak)) smp_threshold_interrupt(void) - void __math_state_restore(struct task_struct *tsk) - { - /* We need a safe address that is cheap to find and that is already -- in L1. We've just brought in "tsk->thread.has_fpu", so use that */ --#define safe_address (tsk->thread.has_fpu) -+ in L1. */ -+#define safe_address (init_tss[smp_processor_id()].x86_tss.sp0) - - /* AMD K7/K8 CPUs don't save/restore FDP/FIP/FOP unless an exception - is pending. Clear the x87 state here by setting it to fixed diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S index b9242ba..50c5edd 100644 --- a/arch/x86/kernel/verify_cpu.S @@ -19548,7 +19262,7 @@ index b9242ba..50c5edd 100644 * verify_cpu, returns the status of longmode and SSE in register %eax. * 0: Success 1: Failure diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c -index 863f875..4307295 100644 +index b466cab..a0df083 100644 --- a/arch/x86/kernel/vm86_32.c +++ b/arch/x86/kernel/vm86_32.c @@ -41,6 +41,7 @@ @@ -19606,7 +19320,7 @@ index 863f875..4307295 100644 tsk->thread.sp0 = (unsigned long) &info->VM86_TSS_ESP0; if (cpu_has_sep) tsk->thread.sysenter_cs = 0; -@@ -529,7 +545,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i, +@@ -531,7 +547,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i, goto cannot_handle; if (i == 0x21 && is_revectored(AH(regs), &KVM86->int21_revectored)) goto cannot_handle; @@ -19880,14 +19594,14 @@ index 0f703f1..9e15f64 100644 #ifdef CONFIG_SMP diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c -index e4d4a22..47ee71f 100644 +index b07ba93..a212969 100644 --- a/arch/x86/kernel/vsyscall_64.c +++ b/arch/x86/kernel/vsyscall_64.c @@ -57,15 +57,13 @@ DEFINE_VVAR(struct vsyscall_gtod_data, vsyscall_gtod_data) = .lock = __SEQLOCK_UNLOCKED(__vsyscall_gtod_data.lock), }; --static enum { EMULATE, NATIVE, NONE } vsyscall_mode = NATIVE; +-static enum { EMULATE, NATIVE, NONE } vsyscall_mode = EMULATE; +static enum { EMULATE, NONE } vsyscall_mode = EMULATE; static int __init vsyscall_setup(char *str) @@ -19900,16 +19614,16 @@ index e4d4a22..47ee71f 100644 else if (!strcmp("none", str)) vsyscall_mode = NONE; else -@@ -178,7 +176,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) +@@ -207,7 +205,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) tsk = current; if (seccomp_mode(&tsk->seccomp)) - do_exit(SIGKILL); + do_group_exit(SIGKILL); - switch (vsyscall_nr) { - case 0: -@@ -220,8 +218,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) + /* + * With a real vsyscall, page faults cause SIGSEGV. We want to +@@ -279,8 +277,7 @@ bool emulate_vsyscall(struct pt_regs *regs, unsigned long address) return true; sigsegv: @@ -19919,7 +19633,7 @@ index e4d4a22..47ee71f 100644 } /* -@@ -274,10 +271,7 @@ void __init map_vsyscall(void) +@@ -333,10 +330,7 @@ void __init map_vsyscall(void) extern char __vvar_page; unsigned long physaddr_vvar_page = __pa_symbol(&__vvar_page); @@ -19975,11 +19689,62 @@ index 7110911..e8cdee5 100644 buf); if (unlikely(err)) { /* +diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c +index 89b02bf..0f6511d 100644 +--- a/arch/x86/kvm/cpuid.c ++++ b/arch/x86/kvm/cpuid.c +@@ -124,15 +124,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu, + struct kvm_cpuid2 *cpuid, + struct kvm_cpuid_entry2 __user *entries) + { +- int r; ++ int r, i; + + r = -E2BIG; + if (cpuid->nent > KVM_MAX_CPUID_ENTRIES) + goto out; + r = -EFAULT; +- if (copy_from_user(&vcpu->arch.cpuid_entries, entries, +- cpuid->nent * sizeof(struct kvm_cpuid_entry2))) ++ if (!access_ok(VERIFY_READ, entries, cpuid->nent * sizeof(struct kvm_cpuid_entry2))) + goto out; ++ for (i = 0; i < cpuid->nent; ++i) { ++ struct kvm_cpuid_entry2 cpuid_entry; ++ if (__copy_from_user(&cpuid_entry, entries + i, sizeof(cpuid_entry))) ++ goto out; ++ vcpu->arch.cpuid_entries[i] = cpuid_entry; ++ } + vcpu->arch.cpuid_nent = cpuid->nent; + kvm_apic_set_version(vcpu); + kvm_x86_ops->cpuid_update(vcpu); +@@ -147,15 +152,19 @@ int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu, + struct kvm_cpuid2 *cpuid, + struct kvm_cpuid_entry2 __user *entries) + { +- int r; ++ int r, i; + + r = -E2BIG; + if (cpuid->nent < vcpu->arch.cpuid_nent) + goto out; + r = -EFAULT; +- if (copy_to_user(entries, &vcpu->arch.cpuid_entries, +- vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2))) ++ if (!access_ok(VERIFY_WRITE, entries, vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2))) + goto out; ++ for (i = 0; i < vcpu->arch.cpuid_nent; ++i) { ++ struct kvm_cpuid_entry2 cpuid_entry = vcpu->arch.cpuid_entries[i]; ++ if (__copy_to_user(entries + i, &cpuid_entry, sizeof(cpuid_entry))) ++ goto out; ++ } + return 0; + + out: diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index f1e3be18..588efc8 100644 +index 0982507..7f6d72f 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c -@@ -249,6 +249,7 @@ struct gprefix { +@@ -250,6 +250,7 @@ struct gprefix { #define ____emulate_2op(ctxt, _op, _x, _y, _suffix, _dsttype) \ do { \ @@ -19987,7 +19752,7 @@ index f1e3be18..588efc8 100644 __asm__ __volatile__ ( \ _PRE_EFLAGS("0", "4", "2") \ _op _suffix " %"_x"3,%1; " \ -@@ -263,8 +264,6 @@ struct gprefix { +@@ -264,8 +265,6 @@ struct gprefix { /* Raw emulation: instruction has two explicit operands. */ #define __emulate_2op_nobyte(ctxt,_op,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ @@ -19996,7 +19761,7 @@ index f1e3be18..588efc8 100644 switch ((ctxt)->dst.bytes) { \ case 2: \ ____emulate_2op(ctxt,_op,_wx,_wy,"w",u16); \ -@@ -280,7 +279,6 @@ struct gprefix { +@@ -281,7 +280,6 @@ struct gprefix { #define __emulate_2op(ctxt,_op,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ @@ -20005,10 +19770,10 @@ index f1e3be18..588efc8 100644 case 1: \ ____emulate_2op(ctxt,_op,_bx,_by,"b",u8); \ diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index 54abb40..a192606 100644 +index cfdc6e0..ab92e84 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c -@@ -53,7 +53,7 @@ +@@ -54,7 +54,7 @@ #define APIC_BUS_CYCLE_NS 1 /* #define apic_debug(fmt,arg...) printk(KERN_WARNING fmt,##arg) */ @@ -20017,30 +19782,8 @@ index 54abb40..a192606 100644 #define APIC_LVT_NUM 6 /* 14 is the version for Xeon and Pentium 8.4.8*/ -diff --git a/arch/x86/kvm/mmu.c b/arch/x86/kvm/mmu.c -index f1b36cf..af8a124 100644 ---- a/arch/x86/kvm/mmu.c -+++ b/arch/x86/kvm/mmu.c -@@ -3555,7 +3555,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, - - pgprintk("%s: gpa %llx bytes %d\n", __func__, gpa, bytes); - -- invlpg_counter = atomic_read(&vcpu->kvm->arch.invlpg_counter); -+ invlpg_counter = atomic_read_unchecked(&vcpu->kvm->arch.invlpg_counter); - - /* - * Assume that the pte write on a page table of the same type -@@ -3587,7 +3587,7 @@ void kvm_mmu_pte_write(struct kvm_vcpu *vcpu, gpa_t gpa, - } - - spin_lock(&vcpu->kvm->mmu_lock); -- if (atomic_read(&vcpu->kvm->arch.invlpg_counter) != invlpg_counter) -+ if (atomic_read_unchecked(&vcpu->kvm->arch.invlpg_counter) != invlpg_counter) - gentry = 0; - kvm_mmu_free_some_pages(vcpu); - ++vcpu->kvm->stat.mmu_pte_write; diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h -index 9299410..ade2f9b 100644 +index 1561028..0ed7f14 100644 --- a/arch/x86/kvm/paging_tmpl.h +++ b/arch/x86/kvm/paging_tmpl.h @@ -197,7 +197,7 @@ retry_walk: @@ -20052,28 +19795,11 @@ index 9299410..ade2f9b 100644 if (unlikely(__copy_from_user(&pte, ptep_user, sizeof(pte)))) goto error; -@@ -705,7 +705,7 @@ static void FNAME(invlpg)(struct kvm_vcpu *vcpu, gva_t gva) - if (need_flush) - kvm_flush_remote_tlbs(vcpu->kvm); - -- atomic_inc(&vcpu->kvm->arch.invlpg_counter); -+ atomic_inc_unchecked(&vcpu->kvm->arch.invlpg_counter); - - spin_unlock(&vcpu->kvm->mmu_lock); - diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index 94a4672..1700ed1 100644 +index e385214..f8df033 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -3037,6 +3037,7 @@ static int svm_set_vm_cr(struct kvm_vcpu *vcpu, u64 data) - return 0; - } - -+static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) __size_overflow(3); - static int svm_set_msr(struct kvm_vcpu *vcpu, unsigned ecx, u64 data) - { - struct vcpu_svm *svm = to_svm(vcpu); -@@ -3405,7 +3406,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) +@@ -3420,7 +3420,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); @@ -20085,7 +19811,7 @@ index 94a4672..1700ed1 100644 load_TR_desc(); } -@@ -3783,6 +3788,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) +@@ -3798,6 +3802,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) #endif #endif @@ -20097,10 +19823,10 @@ index 94a4672..1700ed1 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 4ea7678..c715f2f 100644 +index 3b4c8d8..f457b63 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c -@@ -1305,7 +1305,11 @@ static void reload_tss(void) +@@ -1306,7 +1306,11 @@ static void reload_tss(void) struct desc_struct *descs; descs = (void *)gdt->address; @@ -20112,15 +19838,7 @@ index 4ea7678..c715f2f 100644 load_TR_desc(); } -@@ -2163,6 +2167,7 @@ static int vmx_get_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 *pdata) - * Returns 0 on success, non-0 otherwise. - * Assumes vcpu_load() was already called. - */ -+static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data) __size_overflow(3); - static int vmx_set_msr(struct kvm_vcpu *vcpu, u32 msr_index, u64 data) - { - struct vcpu_vmx *vmx = to_vmx(vcpu); -@@ -2633,8 +2638,11 @@ static __init int hardware_setup(void) +@@ -2631,8 +2635,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -20134,7 +19852,7 @@ index 4ea7678..c715f2f 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3648,7 +3656,7 @@ static void vmx_set_constant_host_state(void) +@@ -3648,7 +3655,7 @@ static void vmx_set_constant_host_state(void) vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl)); @@ -20143,7 +19861,7 @@ index 4ea7678..c715f2f 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -6169,6 +6177,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6184,6 +6191,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp .Lkvm_vmx_return \n\t" ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t" ".Lkvm_vmx_return: " @@ -20156,7 +19874,7 @@ index 4ea7678..c715f2f 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%"R"sp) \n\t" "pop %0 \n\t" -@@ -6217,6 +6231,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6232,6 +6245,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -20168,7 +19886,7 @@ index 4ea7678..c715f2f 100644 : "cc", "memory" , R"ax", R"bx", R"di", R"si" #ifdef CONFIG_X86_64 -@@ -6245,7 +6264,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6260,7 +6278,16 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) } } @@ -20187,18 +19905,10 @@ index 4ea7678..c715f2f 100644 vmx->exit_reason = vmcs_read32(VM_EXIT_REASON); diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 4c938da..6cd8090 100644 +index 9cbfc06..7ddc9fa 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -907,6 +907,7 @@ static int do_set_msr(struct kvm_vcpu *vcpu, unsigned index, u64 *data) - return kvm_set_msr(vcpu, index, *data); - } - -+static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock) __size_overflow(2); - static void kvm_write_wall_clock(struct kvm *kvm, gpa_t wall_clock) - { - int version; -@@ -1345,8 +1346,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) +@@ -1311,8 +1311,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); @@ -20209,7 +19919,7 @@ index 4c938da..6cd8090 100644 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; -@@ -2165,6 +2166,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2145,6 +2145,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; @@ -20218,54 +19928,7 @@ index 4c938da..6cd8090 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -2340,15 +2343,20 @@ static int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu, - struct kvm_cpuid2 *cpuid, - struct kvm_cpuid_entry2 __user *entries) - { -- int r; -+ int r, i; - - r = -E2BIG; - if (cpuid->nent > KVM_MAX_CPUID_ENTRIES) - goto out; - r = -EFAULT; -- if (copy_from_user(&vcpu->arch.cpuid_entries, entries, -- cpuid->nent * sizeof(struct kvm_cpuid_entry2))) -+ if (!access_ok(VERIFY_READ, entries, cpuid->nent * sizeof(struct kvm_cpuid_entry2))) - goto out; -+ for (i = 0; i < cpuid->nent; ++i) { -+ struct kvm_cpuid_entry2 cpuid_entry; -+ if (__copy_from_user(&cpuid_entry, entries + i, sizeof(cpuid_entry))) -+ goto out; -+ vcpu->arch.cpuid_entries[i] = cpuid_entry; -+ } - vcpu->arch.cpuid_nent = cpuid->nent; - kvm_apic_set_version(vcpu); - kvm_x86_ops->cpuid_update(vcpu); -@@ -2363,15 +2371,19 @@ static int kvm_vcpu_ioctl_get_cpuid2(struct kvm_vcpu *vcpu, - struct kvm_cpuid2 *cpuid, - struct kvm_cpuid_entry2 __user *entries) - { -- int r; -+ int r, i; - - r = -E2BIG; - if (cpuid->nent < vcpu->arch.cpuid_nent) - goto out; - r = -EFAULT; -- if (copy_to_user(entries, &vcpu->arch.cpuid_entries, -- vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2))) -+ if (!access_ok(VERIFY_WRITE, entries, vcpu->arch.cpuid_nent * sizeof(struct kvm_cpuid_entry2))) - goto out; -+ for (i = 0; i < vcpu->arch.cpuid_nent; ++i) { -+ struct kvm_cpuid_entry2 cpuid_entry = vcpu->arch.cpuid_entries[i]; -+ if (__copy_to_user(entries + i, &cpuid_entry, sizeof(cpuid_entry))) -+ goto out; -+ } - return 0; - - out: -@@ -2746,7 +2758,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, +@@ -2266,7 +2268,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu, struct kvm_interrupt *irq) { @@ -20274,67 +19937,7 @@ index 4c938da..6cd8090 100644 return -EINVAL; if (irqchip_in_kernel(vcpu->kvm)) return -ENXIO; -@@ -3949,6 +3961,9 @@ gpa_t kvm_mmu_gva_to_gpa_system(struct kvm_vcpu *vcpu, gva_t gva, - - static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes, - struct kvm_vcpu *vcpu, u32 access, -+ struct x86_exception *exception) __size_overflow(1,3); -+static int kvm_read_guest_virt_helper(gva_t addr, void *val, unsigned int bytes, -+ struct kvm_vcpu *vcpu, u32 access, - struct x86_exception *exception) - { - void *data = val; -@@ -3980,6 +3995,9 @@ out: - /* used for instruction fetching */ - static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt, - gva_t addr, void *val, unsigned int bytes, -+ struct x86_exception *exception) __size_overflow(2,4); -+static int kvm_fetch_guest_virt(struct x86_emulate_ctxt *ctxt, -+ gva_t addr, void *val, unsigned int bytes, - struct x86_exception *exception) - { - struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); -@@ -4004,6 +4022,9 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_virt); - - static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt, - gva_t addr, void *val, unsigned int bytes, -+ struct x86_exception *exception) __size_overflow(2,4); -+static int kvm_read_guest_virt_system(struct x86_emulate_ctxt *ctxt, -+ gva_t addr, void *val, unsigned int bytes, - struct x86_exception *exception) - { - struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); -@@ -4117,12 +4138,16 @@ static int read_prepare(struct kvm_vcpu *vcpu, void *val, int bytes) - } - - static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, -+ void *val, int bytes) __size_overflow(2); -+static int read_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, - void *val, int bytes) - { - return !kvm_read_guest(vcpu->kvm, gpa, val, bytes); - } - - static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, -+ void *val, int bytes) __size_overflow(2); -+static int write_emulate(struct kvm_vcpu *vcpu, gpa_t gpa, - void *val, int bytes) - { - return emulator_write_phys(vcpu, gpa, val, bytes); -@@ -4273,6 +4298,12 @@ static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt, - const void *old, - const void *new, - unsigned int bytes, -+ struct x86_exception *exception) __size_overflow(5); -+static int emulator_cmpxchg_emulated(struct x86_emulate_ctxt *ctxt, -+ unsigned long addr, -+ const void *old, -+ const void *new, -+ unsigned int bytes, - struct x86_exception *exception) - { - struct kvm_vcpu *vcpu = emul_to_vcpu(ctxt); -@@ -5162,7 +5193,7 @@ static void kvm_set_mmio_spte_mask(void) +@@ -4780,7 +4782,7 @@ static void kvm_set_mmio_spte_mask(void) kvm_mmu_set_mmio_spte_mask(mask); } @@ -20343,28 +19946,11 @@ index 4c938da..6cd8090 100644 { int r; struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque; -diff --git a/arch/x86/kvm/x86.h b/arch/x86/kvm/x86.h -index d36fe23..a4b189f 100644 ---- a/arch/x86/kvm/x86.h -+++ b/arch/x86/kvm/x86.h -@@ -119,10 +119,10 @@ void kvm_write_tsc(struct kvm_vcpu *vcpu, u64 data); - - int kvm_read_guest_virt(struct x86_emulate_ctxt *ctxt, - gva_t addr, void *val, unsigned int bytes, -- struct x86_exception *exception); -+ struct x86_exception *exception) __size_overflow(2,4); - - int kvm_write_guest_virt_system(struct x86_emulate_ctxt *ctxt, - gva_t addr, void *val, unsigned int bytes, -- struct x86_exception *exception); -+ struct x86_exception *exception) __size_overflow(2,4); - - #endif diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c -index cf4603b..7cdde38 100644 +index 642d880..44e0f3f 100644 --- a/arch/x86/lguest/boot.c +++ b/arch/x86/lguest/boot.c -@@ -1195,9 +1195,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count) +@@ -1200,9 +1200,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count) * Rebooting also tells the Host we're finished, but the RESTART flag tells the * Launcher to reboot us. */ @@ -21679,7 +21265,7 @@ index 51f1504..ddac4c1 100644 CFI_ENDPROC END(bad_get_user) diff --git a/arch/x86/lib/insn.c b/arch/x86/lib/insn.c -index 374562e..a75830b 100644 +index 5a1f9f3..ba9f577 100644 --- a/arch/x86/lib/insn.c +++ b/arch/x86/lib/insn.c @@ -21,6 +21,11 @@ @@ -22633,7 +22219,7 @@ index a63efd6..ccecad8 100644 ret CFI_ENDPROC diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c -index e218d5d..1e01930 100644 +index e218d5d..35679b4 100644 --- a/arch/x86/lib/usercopy_32.c +++ b/arch/x86/lib/usercopy_32.c @@ -43,7 +43,7 @@ do { \ @@ -22645,24 +22231,6 @@ index e218d5d..1e01930 100644 " stosb\n" \ " testb %%al,%%al\n" \ " jz 1f\n" \ -@@ -83,7 +83,7 @@ do { \ - * and returns @count. - */ - long --__strncpy_from_user(char *dst, const char __user *src, long count) -+__strncpy_from_user(char *dst, const char __user *src, unsigned long count) - { - long res; - __do_strncpy_from_user(dst, src, count, res); -@@ -110,7 +110,7 @@ EXPORT_SYMBOL(__strncpy_from_user); - * and returns @count. - */ - long --strncpy_from_user(char *dst, const char __user *src, long count) -+strncpy_from_user(char *dst, const char __user *src, unsigned long count) - { - long res = -EFAULT; - if (access_ok(VERIFY_READ, src, 1)) @@ -128,10 +128,12 @@ do { \ int __d0; \ might_fault(); \ @@ -22676,15 +22244,6 @@ index e218d5d..1e01930 100644 ".section .fixup,\"ax\"\n" \ "3: lea 0(%2,%0,4),%0\n" \ " jmp 2b\n" \ -@@ -192,7 +194,7 @@ EXPORT_SYMBOL(__clear_user); - * On exception, returns 0. - * If the string is too long, returns a value greater than @n. - */ --long strnlen_user(const char __user *s, long n) -+long strnlen_user(const char __user *s, unsigned long n) - { - unsigned long mask = -__addr_ok(s); - unsigned long res, tmp; @@ -200,6 +202,7 @@ long strnlen_user(const char __user *s, long n) might_fault(); @@ -22763,7 +22322,7 @@ index e218d5d..1e01930 100644 " addl $-64, %0\n" " addl $64, %4\n" " addl $64, %3\n" -@@ -278,10 +282,12 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) +@@ -278,10 +282,119 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -22773,13 +22332,58 @@ index e218d5d..1e01930 100644 "37: rep; movsb\n" "100:\n" + __COPYUSER_RESTORE_ES - ".section .fixup,\"ax\"\n" - "101: lea 0(%%eax,%0,4),%0\n" - " jmp 100b\n" -@@ -334,46 +340,155 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) - } - - static unsigned long ++ ".section .fixup,\"ax\"\n" ++ "101: lea 0(%%eax,%0,4),%0\n" ++ " jmp 100b\n" ++ ".previous\n" ++ ".section __ex_table,\"a\"\n" ++ " .align 4\n" ++ " .long 1b,100b\n" ++ " .long 2b,100b\n" ++ " .long 3b,100b\n" ++ " .long 4b,100b\n" ++ " .long 5b,100b\n" ++ " .long 6b,100b\n" ++ " .long 7b,100b\n" ++ " .long 8b,100b\n" ++ " .long 9b,100b\n" ++ " .long 10b,100b\n" ++ " .long 11b,100b\n" ++ " .long 12b,100b\n" ++ " .long 13b,100b\n" ++ " .long 14b,100b\n" ++ " .long 15b,100b\n" ++ " .long 16b,100b\n" ++ " .long 17b,100b\n" ++ " .long 18b,100b\n" ++ " .long 19b,100b\n" ++ " .long 20b,100b\n" ++ " .long 21b,100b\n" ++ " .long 22b,100b\n" ++ " .long 23b,100b\n" ++ " .long 24b,100b\n" ++ " .long 25b,100b\n" ++ " .long 26b,100b\n" ++ " .long 27b,100b\n" ++ " .long 28b,100b\n" ++ " .long 29b,100b\n" ++ " .long 30b,100b\n" ++ " .long 31b,100b\n" ++ " .long 32b,100b\n" ++ " .long 33b,100b\n" ++ " .long 34b,100b\n" ++ " .long 35b,100b\n" ++ " .long 36b,100b\n" ++ " .long 37b,100b\n" ++ " .long 99b,101b\n" ++ ".previous" ++ : "=&c"(size), "=&D" (d0), "=&S" (d1) ++ : "1"(to), "2"(from), "0"(size) ++ : "eax", "edx", "memory"); ++ return size; ++} ++ ++static unsigned long +__generic_copy_from_user_intel(void *to, const void __user *from, unsigned long size) +{ + int d0, d1; @@ -22835,62 +22439,10 @@ index e218d5d..1e01930 100644 + "36: movl %%eax, %0\n" + "37: rep; "__copyuser_seg" movsb\n" + "100:\n" -+ ".section .fixup,\"ax\"\n" -+ "101: lea 0(%%eax,%0,4),%0\n" -+ " jmp 100b\n" -+ ".previous\n" -+ ".section __ex_table,\"a\"\n" -+ " .align 4\n" -+ " .long 1b,100b\n" -+ " .long 2b,100b\n" -+ " .long 3b,100b\n" -+ " .long 4b,100b\n" -+ " .long 5b,100b\n" -+ " .long 6b,100b\n" -+ " .long 7b,100b\n" -+ " .long 8b,100b\n" -+ " .long 9b,100b\n" -+ " .long 10b,100b\n" -+ " .long 11b,100b\n" -+ " .long 12b,100b\n" -+ " .long 13b,100b\n" -+ " .long 14b,100b\n" -+ " .long 15b,100b\n" -+ " .long 16b,100b\n" -+ " .long 17b,100b\n" -+ " .long 18b,100b\n" -+ " .long 19b,100b\n" -+ " .long 20b,100b\n" -+ " .long 21b,100b\n" -+ " .long 22b,100b\n" -+ " .long 23b,100b\n" -+ " .long 24b,100b\n" -+ " .long 25b,100b\n" -+ " .long 26b,100b\n" -+ " .long 27b,100b\n" -+ " .long 28b,100b\n" -+ " .long 29b,100b\n" -+ " .long 30b,100b\n" -+ " .long 31b,100b\n" -+ " .long 32b,100b\n" -+ " .long 33b,100b\n" -+ " .long 34b,100b\n" -+ " .long 35b,100b\n" -+ " .long 36b,100b\n" -+ " .long 37b,100b\n" -+ " .long 99b,101b\n" -+ ".previous" -+ : "=&c"(size), "=&D" (d0), "=&S" (d1) -+ : "1"(to), "2"(from), "0"(size) -+ : "eax", "edx", "memory"); -+ return size; -+} -+ -+static unsigned long -+__copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) __size_overflow(3); -+static unsigned long - __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) - { + ".section .fixup,\"ax\"\n" + "101: lea 0(%%eax,%0,4),%0\n" + " jmp 100b\n" +@@ -339,41 +452,41 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) int d0, d1; __asm__ __volatile__( " .align 2,0x90\n" @@ -22950,7 +22502,7 @@ index e218d5d..1e01930 100644 " movl %%eax, 56(%3)\n" " movl %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -385,9 +500,9 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) +@@ -385,9 +498,9 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -22962,15 +22514,7 @@ index e218d5d..1e01930 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -434,47 +549,49 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) - */ - - static unsigned long __copy_user_zeroing_intel_nocache(void *to, -+ const void __user *from, unsigned long size) __size_overflow(3); -+static unsigned long __copy_user_zeroing_intel_nocache(void *to, - const void __user *from, unsigned long size) - { - int d0, d1; +@@ -440,41 +553,41 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, __asm__ __volatile__( " .align 2,0x90\n" @@ -23030,7 +22574,7 @@ index e218d5d..1e01930 100644 " movnti %%eax, 56(%3)\n" " movnti %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -487,9 +604,9 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, +@@ -487,9 +600,9 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -23042,15 +22586,7 @@ index e218d5d..1e01930 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -531,47 +648,49 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, - } - - static unsigned long __copy_user_intel_nocache(void *to, -+ const void __user *from, unsigned long size) __size_overflow(3); -+static unsigned long __copy_user_intel_nocache(void *to, - const void __user *from, unsigned long size) - { - int d0, d1; +@@ -537,41 +650,41 @@ static unsigned long __copy_user_intel_nocache(void *to, __asm__ __volatile__( " .align 2,0x90\n" @@ -23110,7 +22646,7 @@ index e218d5d..1e01930 100644 " movnti %%eax, 56(%3)\n" " movnti %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -584,9 +703,9 @@ static unsigned long __copy_user_intel_nocache(void *to, +@@ -584,9 +697,9 @@ static unsigned long __copy_user_intel_nocache(void *to, " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -23122,7 +22658,7 @@ index e218d5d..1e01930 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -629,32 +748,36 @@ static unsigned long __copy_user_intel_nocache(void *to, +@@ -629,32 +742,36 @@ static unsigned long __copy_user_intel_nocache(void *to, */ unsigned long __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size); @@ -23164,7 +22700,7 @@ index e218d5d..1e01930 100644 ".section .fixup,\"ax\"\n" \ "5: addl %3,%0\n" \ " jmp 2b\n" \ -@@ -682,14 +805,14 @@ do { \ +@@ -682,14 +799,14 @@ do { \ " negl %0\n" \ " andl $7,%0\n" \ " subl %0,%3\n" \ @@ -23182,7 +22718,7 @@ index e218d5d..1e01930 100644 "2:\n" \ ".section .fixup,\"ax\"\n" \ "5: addl %3,%0\n" \ -@@ -775,9 +898,9 @@ survive: +@@ -775,9 +892,9 @@ survive: } #endif if (movsl_is_ok(to, from, n)) @@ -23194,7 +22730,7 @@ index e218d5d..1e01930 100644 return n; } EXPORT_SYMBOL(__copy_to_user_ll); -@@ -797,10 +920,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from, +@@ -797,10 +914,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from, unsigned long n) { if (movsl_is_ok(to, from, n)) @@ -23207,7 +22743,7 @@ index e218d5d..1e01930 100644 return n; } EXPORT_SYMBOL(__copy_from_user_ll_nozero); -@@ -827,65 +949,50 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr +@@ -827,65 +943,50 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr if (n > 64 && cpu_has_xmm2) n = __copy_user_intel_nocache(to, from, n); else @@ -23310,15 +22846,11 @@ index e218d5d..1e01930 100644 +EXPORT_SYMBOL(set_fs); +#endif diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c -index b7c2849..bab76d3 100644 +index b7c2849..8633ad8 100644 --- a/arch/x86/lib/usercopy_64.c +++ b/arch/x86/lib/usercopy_64.c -@@ -39,16 +39,22 @@ do { \ - } while (0) - - long --__strncpy_from_user(char *dst, const char __user *src, long count) -+__strncpy_from_user(char *dst, const char __user *src, unsigned long count) +@@ -42,6 +42,12 @@ long + __strncpy_from_user(char *dst, const char __user *src, long count) { long res; + @@ -23330,14 +22862,6 @@ index b7c2849..bab76d3 100644 __do_strncpy_from_user(dst, src, count, res); return res; } - EXPORT_SYMBOL(__strncpy_from_user); - - long --strncpy_from_user(char *dst, const char __user *src, long count) -+strncpy_from_user(char *dst, const char __user *src, unsigned long count) - { - long res = -EFAULT; - if (access_ok(VERIFY_READ, src, 1)) @@ -65,6 +71,12 @@ unsigned long __clear_user(void __user *addr, unsigned long size) { long __d0; @@ -23351,24 +22875,6 @@ index b7c2849..bab76d3 100644 /* no memory constraint because it doesn't change any memory gcc knows about */ asm volatile( -@@ -107,7 +119,7 @@ EXPORT_SYMBOL(clear_user); - * Return 0 on exception, a value greater than N if too long - */ - --long __strnlen_user(const char __user *s, long n) -+long __strnlen_user(const char __user *s, unsigned long n) - { - long res = 0; - char c; -@@ -125,7 +137,7 @@ long __strnlen_user(const char __user *s, long n) - } - EXPORT_SYMBOL(__strnlen_user); - --long strnlen_user(const char __user *s, long n) -+long strnlen_user(const char __user *s, unsigned long n) - { - if (!access_ok(VERIFY_READ, s, 1)) - return 0; @@ -149,12 +161,20 @@ long strlen_user(const char __user *s) } EXPORT_SYMBOL(strlen_user); @@ -23405,7 +22911,7 @@ index b7c2849..bab76d3 100644 char c; unsigned zero_len; diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c -index d0474ad..36e9257 100644 +index 1fb85db..8b3540b 100644 --- a/arch/x86/mm/extable.c +++ b/arch/x86/mm/extable.c @@ -8,7 +8,7 @@ int fixup_exception(struct pt_regs *regs) @@ -23418,7 +22924,7 @@ index d0474ad..36e9257 100644 extern u32 pnp_bios_is_utter_crap; pnp_bios_is_utter_crap = 1; diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index 5db0490..2ddce45 100644 +index f0b4caf..d92fd42 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -13,11 +13,18 @@ @@ -23620,7 +23126,7 @@ index 5db0490..2ddce45 100644 printk(KERN_ALERT "BUG: unable to handle kernel "); if (address < PAGE_SIZE) printk(KERN_CONT "NULL pointer dereference"); -@@ -739,6 +820,21 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, +@@ -748,6 +829,21 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, } #endif @@ -23642,7 +23148,7 @@ index 5db0490..2ddce45 100644 if (unlikely(show_unhandled_signals)) show_signal_msg(regs, error_code, address, tsk); -@@ -835,7 +931,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, +@@ -844,7 +940,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) { printk(KERN_ERR "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n", @@ -23651,7 +23157,7 @@ index 5db0490..2ddce45 100644 code = BUS_MCEERR_AR; } #endif -@@ -890,6 +986,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) +@@ -900,6 +996,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) return 1; } @@ -23751,7 +23257,7 @@ index 5db0490..2ddce45 100644 /* * Handle a spurious fault caused by a stale TLB entry. * -@@ -962,6 +1151,9 @@ int show_unhandled_signals = 1; +@@ -972,6 +1161,9 @@ int show_unhandled_signals = 1; static inline int access_error(unsigned long error_code, struct vm_area_struct *vma) { @@ -23761,7 +23267,7 @@ index 5db0490..2ddce45 100644 if (error_code & PF_WRITE) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -995,18 +1187,32 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1005,18 +1197,32 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) { struct vm_area_struct *vma; struct task_struct *tsk; @@ -23799,7 +23305,7 @@ index 5db0490..2ddce45 100644 /* * Detect and handle instructions that would cause a page fault for -@@ -1067,7 +1273,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1077,7 +1283,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) * User-mode registers count as a user access even for any * potential system fault or CPU buglet: */ @@ -23808,7 +23314,7 @@ index 5db0490..2ddce45 100644 local_irq_enable(); error_code |= PF_USER; } else { -@@ -1122,6 +1328,11 @@ retry: +@@ -1132,6 +1338,11 @@ retry: might_sleep(); } @@ -23820,7 +23326,7 @@ index 5db0490..2ddce45 100644 vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1133,18 +1344,24 @@ retry: +@@ -1143,18 +1354,24 @@ retry: bad_area(regs, error_code, address); return; } @@ -23856,7 +23362,7 @@ index 5db0490..2ddce45 100644 if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1199,3 +1416,292 @@ good_area: +@@ -1209,3 +1426,292 @@ good_area: up_read(&mm->mmap_sem); } @@ -24179,7 +23685,7 @@ index f4f29b1..5cac4fb 100644 return (void *)vaddr; diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c -index f581a18..29efd37 100644 +index 8ecbb4b..29efd37 100644 --- a/arch/x86/mm/hugetlbpage.c +++ b/arch/x86/mm/hugetlbpage.c @@ -266,13 +266,20 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, @@ -24255,7 +23761,7 @@ index f581a18..29efd37 100644 /* don't allow allocations above current base */ if (mm->free_area_cache > base) -@@ -321,64 +328,63 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, +@@ -321,66 +328,63 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, largest_hole = 0; mm->free_area_cache = base; } @@ -24275,13 +23781,15 @@ index f581a18..29efd37 100644 * Lookup failure means no vma is above this address, * i.e. return with success: - */ -- if (!(vma = find_vma_prev(mm, addr, &prev_vma))) +- vma = find_vma(mm, addr); +- if (!vma) - return addr; - - /* * new region fits between prev_vma->vm_end and * vma->vm_start, use it: */ +- prev_vma = vma->vm_prev; - if (addr + len <= vma->vm_start && - (!prev_vma || (addr >= prev_vma->vm_end))) { + if (check_heap_stack_gap(vma, addr, len)) { @@ -24350,7 +23858,7 @@ index f581a18..29efd37 100644 mm->cached_hole_size = ~0UL; addr = hugetlb_get_unmapped_area_bottomup(file, addr0, len, pgoff, flags); -@@ -386,6 +392,7 @@ fail: +@@ -388,6 +392,7 @@ fail: /* * Restore the topdown base: */ @@ -24358,7 +23866,7 @@ index f581a18..29efd37 100644 mm->free_area_cache = base; mm->cached_hole_size = ~0UL; -@@ -399,10 +406,19 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -401,10 +406,19 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, struct hstate *h = hstate_file(file); struct mm_struct *mm = current->mm; struct vm_area_struct *vma; @@ -24379,7 +23887,7 @@ index f581a18..29efd37 100644 return -ENOMEM; if (flags & MAP_FIXED) { -@@ -414,8 +430,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -416,8 +430,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, if (addr) { addr = ALIGN(addr, huge_page_size(h)); vma = find_vma(mm, addr); @@ -24390,18 +23898,18 @@ index f581a18..29efd37 100644 } if (mm->get_unmapped_area == arch_get_unmapped_area) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c -index 87488b9..399f416 100644 +index 6cabf65..77e9c1c 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c -@@ -15,6 +15,7 @@ - #include <asm/tlbflush.h> +@@ -17,6 +17,7 @@ #include <asm/tlb.h> #include <asm/proto.h> + #include <asm/dma.h> /* for MAX_DMA_PFN */ +#include <asm/desc.h> unsigned long __initdata pgt_buf_start; unsigned long __meminitdata pgt_buf_end; -@@ -31,7 +32,7 @@ int direct_gbpages +@@ -33,7 +34,7 @@ int direct_gbpages static void __init find_early_table_space(unsigned long end, int use_pse, int use_gbpages) { @@ -24410,7 +23918,7 @@ index 87488b9..399f416 100644 phys_addr_t base; puds = (end + PUD_SIZE - 1) >> PUD_SHIFT; -@@ -312,8 +313,29 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, +@@ -314,8 +315,29 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, */ int devmem_is_allowed(unsigned long pagenr) { @@ -24441,7 +23949,7 @@ index 87488b9..399f416 100644 if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) return 0; if (!page_is_ram(pagenr)) -@@ -372,6 +394,86 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) +@@ -374,6 +396,86 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) void free_initmem(void) { @@ -24529,7 +24037,7 @@ index 87488b9..399f416 100644 (unsigned long)(&__init_begin), (unsigned long)(&__init_end)); diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c -index 29f7c6d..b46b35b 100644 +index 8663f6c..829ae76 100644 --- a/arch/x86/mm/init_32.c +++ b/arch/x86/mm/init_32.c @@ -74,36 +74,6 @@ static __init void *alloc_low_page(void) @@ -24722,7 +24230,7 @@ index 29f7c6d..b46b35b 100644 prot = PAGE_KERNEL_EXEC; pages_4k++; -@@ -472,7 +473,7 @@ void __init native_pagetable_setup_start(pgd_t *base) +@@ -466,7 +467,7 @@ void __init native_pagetable_setup_start(pgd_t *base) pud = pud_offset(pgd, va); pmd = pmd_offset(pud, va); @@ -24731,7 +24239,7 @@ index 29f7c6d..b46b35b 100644 break; pte = pte_offset_kernel(pmd, va); -@@ -524,12 +525,10 @@ void __init early_ioremap_page_table_range_init(void) +@@ -518,12 +519,10 @@ void __init early_ioremap_page_table_range_init(void) static void __init pagetable_init(void) { @@ -24746,7 +24254,7 @@ index 29f7c6d..b46b35b 100644 EXPORT_SYMBOL_GPL(__supported_pte_mask); /* user-defined highmem size */ -@@ -757,6 +756,12 @@ void __init mem_init(void) +@@ -735,6 +734,12 @@ void __init mem_init(void) pci_iommu_alloc(); @@ -24759,8 +24267,8 @@ index 29f7c6d..b46b35b 100644 #ifdef CONFIG_FLATMEM BUG_ON(!mem_map); #endif -@@ -774,7 +779,7 @@ void __init mem_init(void) - set_highmem_pages_init(); +@@ -761,7 +766,7 @@ void __init mem_init(void) + reservedpages++; codesize = (unsigned long) &_etext - (unsigned long) &_text; - datasize = (unsigned long) &_edata - (unsigned long) &_etext; @@ -24768,7 +24276,7 @@ index 29f7c6d..b46b35b 100644 initsize = (unsigned long) &__init_end - (unsigned long) &__init_begin; printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, " -@@ -815,10 +820,10 @@ void __init mem_init(void) +@@ -802,10 +807,10 @@ void __init mem_init(void) ((unsigned long)&__init_end - (unsigned long)&__init_begin) >> 10, @@ -24782,7 +24290,7 @@ index 29f7c6d..b46b35b 100644 ((unsigned long)&_etext - (unsigned long)&_text) >> 10); /* -@@ -896,6 +901,7 @@ void set_kernel_text_rw(void) +@@ -883,6 +888,7 @@ void set_kernel_text_rw(void) if (!kernel_set_to_readonly) return; @@ -24790,7 +24298,7 @@ index 29f7c6d..b46b35b 100644 pr_debug("Set kernel text: %lx - %lx for read write\n", start, start+size); -@@ -910,6 +916,7 @@ void set_kernel_text_ro(void) +@@ -897,6 +903,7 @@ void set_kernel_text_ro(void) if (!kernel_set_to_readonly) return; @@ -24798,7 +24306,7 @@ index 29f7c6d..b46b35b 100644 pr_debug("Set kernel text: %lx - %lx for read only\n", start, start+size); -@@ -938,6 +945,7 @@ void mark_rodata_ro(void) +@@ -925,6 +932,7 @@ void mark_rodata_ro(void) unsigned long start = PFN_ALIGN(_text); unsigned long size = PFN_ALIGN(_etext) - start; @@ -24807,7 +24315,7 @@ index 29f7c6d..b46b35b 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index bbaaa00..796fa65 100644 +index 436a030..b8596b9 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -75,7 +75,7 @@ early_param("gbpages", parse_direct_gbpages_on); @@ -24906,7 +24414,7 @@ index bbaaa00..796fa65 100644 adr = (void *)(((unsigned long)adr) | left); return adr; -@@ -693,6 +707,12 @@ void __init mem_init(void) +@@ -684,6 +698,12 @@ void __init mem_init(void) pci_iommu_alloc(); @@ -24919,7 +24427,7 @@ index bbaaa00..796fa65 100644 /* clear_bss() already clear the empty_zero_page */ reservedpages = 0; -@@ -853,8 +873,8 @@ int kern_addr_valid(unsigned long addr) +@@ -844,8 +864,8 @@ int kern_addr_valid(unsigned long addr) static struct vm_area_struct gate_vma = { .vm_start = VSYSCALL_START, .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE), @@ -24930,7 +24438,7 @@ index bbaaa00..796fa65 100644 }; struct vm_area_struct *get_gate_vma(struct mm_struct *mm) -@@ -888,7 +908,7 @@ int in_gate_area_no_mm(unsigned long addr) +@@ -879,7 +899,7 @@ int in_gate_area_no_mm(unsigned long addr) const char *arch_vma_name(struct vm_area_struct *vma) { @@ -25099,7 +24607,7 @@ index 845df68..1d8d29f 100644 mm->unmap_area = arch_unmap_area_topdown; } diff --git a/arch/x86/mm/mmio-mod.c b/arch/x86/mm/mmio-mod.c -index de54b9b..799051e 100644 +index dc0b727..dc9d71a 100644 --- a/arch/x86/mm/mmio-mod.c +++ b/arch/x86/mm/mmio-mod.c @@ -194,7 +194,7 @@ static void pre(struct kmmio_probe *p, struct pt_regs *regs, @@ -25143,7 +24651,7 @@ index b008656..773eac2 100644 struct split_state { diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c -index f9e5267..77b1a40 100644 +index e1ebde3..b1e1db38 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -261,7 +261,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address, @@ -25887,7 +25395,7 @@ index cb29191..036766d 100644 return 1; } diff --git a/arch/x86/pci/pcbios.c b/arch/x86/pci/pcbios.c -index db0e9a5..0372c14 100644 +index da8fe05..7ee6704 100644 --- a/arch/x86/pci/pcbios.c +++ b/arch/x86/pci/pcbios.c @@ -79,50 +79,93 @@ union bios32 { @@ -26416,7 +25924,7 @@ index 4c07cca..2c8427d 100644 ret ENDPROC(efi_call6) diff --git a/arch/x86/platform/mrst/mrst.c b/arch/x86/platform/mrst/mrst.c -index ad4ec1c..686479e 100644 +index 475e2cd..1b8e708 100644 --- a/arch/x86/platform/mrst/mrst.c +++ b/arch/x86/platform/mrst/mrst.c @@ -76,18 +76,20 @@ struct sfi_rtc_table_entry sfi_mrtc_array[SFI_MRTC_MAX]; @@ -26442,28 +25950,6 @@ index ad4ec1c..686479e 100644 } /* parse all the mtimer info to a static mtimer array */ -diff --git a/arch/x86/platform/uv/tlb_uv.c b/arch/x86/platform/uv/tlb_uv.c -index 81aee5a..9ad9aae 100644 ---- a/arch/x86/platform/uv/tlb_uv.c -+++ b/arch/x86/platform/uv/tlb_uv.c -@@ -1433,6 +1433,8 @@ static ssize_t tunables_read(struct file *file, char __user *userbuf, - * 0: display meaning of the statistics - */ - static ssize_t ptc_proc_write(struct file *file, const char __user *user, -+ size_t count, loff_t *data) __size_overflow(3); -+static ssize_t ptc_proc_write(struct file *file, const char __user *user, - size_t count, loff_t *data) - { - int cpu; -@@ -1548,6 +1550,8 @@ static int parse_tunables_write(struct bau_control *bcp, char *instr, - * Handle a write to debugfs. (/sys/kernel/debug/sgi_uv/bau_tunables) - */ - static ssize_t tunables_write(struct file *file, const char __user *user, -+ size_t count, loff_t *data) __size_overflow(3); -+static ssize_t tunables_write(struct file *file, const char __user *user, - size_t count, loff_t *data) - { - int cpu; diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c index f10c0af..3ec1f95 100644 --- a/arch/x86/power/cpu.c @@ -26660,7 +26146,7 @@ index 153407c..611cba9 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 1f92865..c843b20 100644 +index 4172af8..2c8ed7f 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -85,8 +85,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -26672,7 +26158,7 @@ index 1f92865..c843b20 100644 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE); __read_mostly int xen_have_vector_callback; EXPORT_SYMBOL_GPL(xen_have_vector_callback); -@@ -1029,7 +1027,7 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { +@@ -1029,30 +1027,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { #endif }; @@ -26681,8 +26167,10 @@ index 1f92865..c843b20 100644 { struct sched_shutdown r = { .reason = reason }; -@@ -1037,17 +1035,17 @@ static void xen_reboot(int reason) - BUG(); +- if (HYPERVISOR_sched_op(SCHEDOP_shutdown, &r)) +- BUG(); ++ HYPERVISOR_sched_op(SCHEDOP_shutdown, &r); ++ BUG(); } -static void xen_restart(char *msg) @@ -26702,7 +26190,13 @@ index 1f92865..c843b20 100644 { xen_reboot(SHUTDOWN_poweroff); } -@@ -1153,7 +1151,17 @@ asmlinkage void __init xen_start_kernel(void) + +-static void xen_machine_power_off(void) ++static __noreturn void xen_machine_power_off(void) + { + if (pm_power_off) + pm_power_off(); +@@ -1155,7 +1153,17 @@ asmlinkage void __init xen_start_kernel(void) __userpte_alloc_gfp &= ~__GFP_HIGHMEM; /* Work out if we support NX */ @@ -26721,7 +26215,7 @@ index 1f92865..c843b20 100644 xen_setup_features(); -@@ -1184,13 +1192,6 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1186,13 +1194,6 @@ asmlinkage void __init xen_start_kernel(void) machine_ops = xen_machine_ops; @@ -26736,7 +26230,7 @@ index 1f92865..c843b20 100644 #ifdef CONFIG_ACPI_NUMA diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index 87f6673..e2555a6 100644 +index 95c1cf6..4bfa5be 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c @@ -1733,6 +1733,9 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, @@ -26761,7 +26255,7 @@ index 87f6673..e2555a6 100644 set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); -@@ -1962,6 +1969,7 @@ static void __init xen_post_allocator_init(void) +@@ -1958,6 +1965,7 @@ static void __init xen_post_allocator_init(void) pv_mmu_ops.set_pud = xen_set_pud; #if PAGETABLE_LEVELS == 4 pv_mmu_ops.set_pgd = xen_set_pgd; @@ -26769,7 +26263,7 @@ index 87f6673..e2555a6 100644 #endif /* This will work as long as patching hasn't happened yet -@@ -2043,6 +2051,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { +@@ -2039,6 +2047,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { .pud_val = PV_CALLEE_SAVE(xen_pud_val), .make_pud = PV_CALLEE_SAVE(xen_make_pud), .set_pgd = xen_set_pgd_hyper, @@ -26778,7 +26272,7 @@ index 87f6673..e2555a6 100644 .alloc_pud = xen_alloc_pmd_init, .release_pud = xen_release_pmd_init, diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c -index 041d4fe..7666b7e 100644 +index 501d4e0..e877605 100644 --- a/arch/x86/xen/smp.c +++ b/arch/x86/xen/smp.c @@ -194,11 +194,6 @@ static void __init xen_smp_prepare_boot_cpu(void) @@ -26986,7 +26480,7 @@ index 1366a89..e17f54b 100644 struct list_head *cpu_list, local_list; diff --git a/block/bsg.c b/block/bsg.c -index c0ab25c..9d49f8f 100644 +index ff64ae3..593560c 100644 --- a/block/bsg.c +++ b/block/bsg.c @@ -176,16 +176,24 @@ static int blk_fill_sgv4_hdr_rq(struct request_queue *q, struct request *rq, @@ -27017,7 +26511,7 @@ index c0ab25c..9d49f8f 100644 if (blk_verify_command(rq->cmd, has_write_perm)) return -EPERM; diff --git a/block/compat_ioctl.c b/block/compat_ioctl.c -index 7b72502..646105c 100644 +index 7c668c8..db3521c 100644 --- a/block/compat_ioctl.c +++ b/block/compat_ioctl.c @@ -340,7 +340,7 @@ static int compat_fd_ioctl(struct block_device *bdev, fmode_t mode, @@ -27029,8 +26523,33 @@ index 7b72502..646105c 100644 if (err) { err = -EFAULT; goto out; +diff --git a/block/partitions/efi.c b/block/partitions/efi.c +index 6296b40..417c00f 100644 +--- a/block/partitions/efi.c ++++ b/block/partitions/efi.c +@@ -234,14 +234,14 @@ static gpt_entry *alloc_read_gpt_entries(struct parsed_partitions *state, + if (!gpt) + return NULL; + ++ if (!le32_to_cpu(gpt->num_partition_entries)) ++ return NULL; ++ pte = kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(gpt->sizeof_partition_entry), GFP_KERNEL); ++ if (!pte) ++ return NULL; ++ + count = le32_to_cpu(gpt->num_partition_entries) * + le32_to_cpu(gpt->sizeof_partition_entry); +- if (!count) +- return NULL; +- pte = kzalloc(count, GFP_KERNEL); +- if (!pte) +- return NULL; +- + if (read_lba(state, le64_to_cpu(gpt->partition_entry_lba), + (u8 *) pte, + count) < count) { diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c -index 688be8a..8a37d98 100644 +index 260fa80..e8f3caf 100644 --- a/block/scsi_ioctl.c +++ b/block/scsi_ioctl.c @@ -223,8 +223,20 @@ EXPORT_SYMBOL(blk_verify_command); @@ -27084,91 +26603,6 @@ index 688be8a..8a37d98 100644 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; -diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c -index a0f768c..1da9c73 100644 ---- a/crypto/ablkcipher.c -+++ b/crypto/ablkcipher.c -@@ -307,6 +307,8 @@ int ablkcipher_walk_phys(struct ablkcipher_request *req, - EXPORT_SYMBOL_GPL(ablkcipher_walk_phys); - - static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key, -+ unsigned int keylen) __size_overflow(3); -+static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key, - unsigned int keylen) - { - struct ablkcipher_alg *cipher = crypto_ablkcipher_alg(tfm); -@@ -329,6 +331,8 @@ static int setkey_unaligned(struct crypto_ablkcipher *tfm, const u8 *key, - } - - static int setkey(struct crypto_ablkcipher *tfm, const u8 *key, -+ unsigned int keylen) __size_overflow(3); -+static int setkey(struct crypto_ablkcipher *tfm, const u8 *key, - unsigned int keylen) - { - struct ablkcipher_alg *cipher = crypto_ablkcipher_alg(tfm); -diff --git a/crypto/aead.c b/crypto/aead.c -index 04add3dc..983032f 100644 ---- a/crypto/aead.c -+++ b/crypto/aead.c -@@ -27,6 +27,8 @@ - #include "internal.h" - - static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, -+ unsigned int keylen) __size_overflow(3); -+static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, - unsigned int keylen) - { - struct aead_alg *aead = crypto_aead_alg(tfm); -@@ -48,6 +50,7 @@ static int setkey_unaligned(struct crypto_aead *tfm, const u8 *key, - return ret; - } - -+static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen) __size_overflow(3); - static int setkey(struct crypto_aead *tfm, const u8 *key, unsigned int keylen) - { - struct aead_alg *aead = crypto_aead_alg(tfm); -diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c -index 1e61d1a..cf06b86 100644 ---- a/crypto/blkcipher.c -+++ b/crypto/blkcipher.c -@@ -359,6 +359,8 @@ int blkcipher_walk_virt_block(struct blkcipher_desc *desc, - EXPORT_SYMBOL_GPL(blkcipher_walk_virt_block); - - static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, -+ unsigned int keylen) __size_overflow(3); -+static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, - unsigned int keylen) - { - struct blkcipher_alg *cipher = &tfm->__crt_alg->cra_blkcipher; -@@ -380,6 +382,7 @@ static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, - return ret; - } - -+static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) __size_overflow(3); - static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) - { - struct blkcipher_alg *cipher = &tfm->__crt_alg->cra_blkcipher; -diff --git a/crypto/cipher.c b/crypto/cipher.c -index 39541e0..802d956 100644 ---- a/crypto/cipher.c -+++ b/crypto/cipher.c -@@ -21,6 +21,8 @@ - #include "internal.h" - - static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, -+ unsigned int keylen) __size_overflow(3); -+static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, - unsigned int keylen) - { - struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher; -@@ -43,6 +45,7 @@ static int setkey_unaligned(struct crypto_tfm *tfm, const u8 *key, - - } - -+static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) __size_overflow(3); - static int setkey(struct crypto_tfm *tfm, const u8 *key, unsigned int keylen) - { - struct cipher_alg *cia = &tfm->__crt_alg->cra_cipher; diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 671d4d6..5f24030 100644 --- a/crypto/cryptd.c @@ -27212,22 +26646,8 @@ index 5d41894..22021e4 100644 } EXPORT_SYMBOL_GPL(cper_next_record_id); -diff --git a/drivers/acpi/battery.c b/drivers/acpi/battery.c -index 7711d94..8622811 100644 ---- a/drivers/acpi/battery.c -+++ b/drivers/acpi/battery.c -@@ -787,6 +787,9 @@ static int acpi_battery_print_alarm(struct seq_file *seq, int result) - - static ssize_t acpi_battery_write_alarm(struct file *file, - const char __user * buffer, -+ size_t count, loff_t * ppos) __size_overflow(3); -+static ssize_t acpi_battery_write_alarm(struct file *file, -+ const char __user * buffer, - size_t count, loff_t * ppos) - { - int result = 0; diff --git a/drivers/acpi/ec_sys.c b/drivers/acpi/ec_sys.c -index 6c47ae9..abfdd63 100644 +index b258cab..3fb7da7 100644 --- a/drivers/acpi/ec_sys.c +++ b/drivers/acpi/ec_sys.c @@ -12,6 +12,7 @@ @@ -27318,10 +26738,10 @@ index 251c7b62..000462d 100644 bool enable = !device_may_wakeup(&dev->dev); device_set_wakeup_enable(&dev->dev, enable); diff --git a/drivers/acpi/processor_driver.c b/drivers/acpi/processor_driver.c -index 9d7bc9f..a6fc091 100644 +index 8ae05ce..7dbbed9 100644 --- a/drivers/acpi/processor_driver.c +++ b/drivers/acpi/processor_driver.c -@@ -473,7 +473,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device) +@@ -555,7 +555,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device) return 0; #endif @@ -27330,25 +26750,11 @@ index 9d7bc9f..a6fc091 100644 /* * Buggy BIOS check -diff --git a/drivers/acpi/sbs.c b/drivers/acpi/sbs.c -index 6e36d0c..f319944 100644 ---- a/drivers/acpi/sbs.c -+++ b/drivers/acpi/sbs.c -@@ -655,6 +655,9 @@ static int acpi_battery_read_alarm(struct seq_file *seq, void *offset) - - static ssize_t - acpi_battery_write_alarm(struct file *file, const char __user * buffer, -+ size_t count, loff_t * ppos) __size_overflow(3); -+static ssize_t -+acpi_battery_write_alarm(struct file *file, const char __user * buffer, - size_t count, loff_t * ppos) - { - struct seq_file *seq = file->private_data; diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index c04ad68..0b99473 100644 +index c06e0ec..a2c06ba 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c -@@ -4733,7 +4733,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4736,7 +4736,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -27357,7 +26763,7 @@ index c04ad68..0b99473 100644 ap = qc->ap; qc->flags = 0; -@@ -4749,7 +4749,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4752,7 +4752,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -27366,7 +26772,7 @@ index c04ad68..0b99473 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5754,6 +5754,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5816,6 +5816,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -27374,7 +26780,7 @@ index c04ad68..0b99473 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5767,8 +5768,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5829,8 +5830,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -27386,7 +26792,7 @@ index c04ad68..0b99473 100644 } diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c -index e8574bb..f9f6a72 100644 +index 048589f..4002b98 100644 --- a/drivers/ata/pata_arasan_cf.c +++ b/drivers/ata/pata_arasan_cf.c @@ -862,7 +862,9 @@ static int __devinit arasan_cf_probe(struct platform_device *pdev) @@ -27662,7 +27068,7 @@ index 361f5ae..7fc552d 100644 fore200e->tx_sat++; DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n", diff --git a/drivers/atm/he.c b/drivers/atm/he.c -index 9a51df4..f3bb5f8 100644 +index b182c2f..1c6fa8a 100644 --- a/drivers/atm/he.c +++ b/drivers/atm/he.c @@ -1709,7 +1709,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) @@ -27927,7 +27333,7 @@ index 1c05212..c28e200 100644 } atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc); diff --git a/drivers/atm/iphase.c b/drivers/atm/iphase.c -index 3d0c2b0..45441fa 100644 +index 9e373ba..cf93727 100644 --- a/drivers/atm/iphase.c +++ b/drivers/atm/iphase.c @@ -1146,7 +1146,7 @@ static int rx_pkt(struct atm_dev *dev) @@ -27954,8 +27360,8 @@ index 3d0c2b0..45441fa 100644 { - atomic_inc(&vcc->stats->rx_err); + atomic_inc_unchecked(&vcc->stats->rx_err); + atm_return(vcc, skb->truesize); dev_kfree_skb_any(skb); - atm_return(vcc, atm_guess_pdu2truesize(len)); goto INCR_DLE; @@ -1331,7 +1331,7 @@ static void rx_dle_intr(struct atm_dev *dev) if ((length > iadev->rx_buf_sz) || (length > @@ -27965,7 +27371,7 @@ index 3d0c2b0..45441fa 100644 + atomic_inc_unchecked(&vcc->stats->rx_err); IF_ERR(printk("rx_dle_intr: Bad AAL5 trailer %d (skb len %d)", length, skb->len);) - dev_kfree_skb_any(skb); + atm_return(vcc, skb->truesize); @@ -1347,7 +1347,7 @@ static void rx_dle_intr(struct atm_dev *dev) IF_RX(printk("rx_dle_intr: skb push");) @@ -28290,7 +27696,7 @@ index 1c70c45..300718d 100644 } diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c -index 5d1d076..12fbca4 100644 +index e8cd652..bbbd1fc 100644 --- a/drivers/atm/solos-pci.c +++ b/drivers/atm/solos-pci.c @@ -714,7 +714,7 @@ void solos_bh(unsigned long card_arg) @@ -28406,7 +27812,7 @@ index d889f56..17eb71e 100644 } diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c -index a4760e0..51283cf 100644 +index 8493536..31adee0 100644 --- a/drivers/base/devtmpfs.c +++ b/drivers/base/devtmpfs.c @@ -368,7 +368,7 @@ int devtmpfs_mount(const char *mntdir) @@ -28731,7 +28137,7 @@ index be73e9d..7fbf140 100644 cmdlist_t *reqQ; cmdlist_t *cmpQ; diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h -index 9cf2035..bffca95 100644 +index 8d68056..e67050f 100644 --- a/drivers/block/drbd/drbd_int.h +++ b/drivers/block/drbd/drbd_int.h @@ -736,7 +736,7 @@ struct drbd_request; @@ -28792,7 +28198,7 @@ index 9cf2035..bffca95 100644 void drbd_bump_write_ordering(struct drbd_conf *mdev, enum write_ordering_e wo); diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c -index 0358e55..bc33689 100644 +index 211fc44..c5116f1 100644 --- a/drivers/block/drbd/drbd_main.c +++ b/drivers/block/drbd/drbd_main.c @@ -2397,7 +2397,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packets cmd, @@ -28972,10 +28378,10 @@ index 43beaca..4a5b1dd 100644 } diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index 1e888c9..05cf1b0 100644 +index cd50435..ba1ffb5 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c -@@ -227,7 +227,7 @@ static int __do_lo_send_write(struct file *file, +@@ -226,7 +226,7 @@ static int __do_lo_send_write(struct file *file, mm_segment_t old_fs = get_fs(); set_fs(get_ds()); @@ -29124,7 +28530,7 @@ index 58c0e63..46c16bf 100644 intf->proc_dir = NULL; diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c -index 9397ab4..d01bee1 100644 +index 50fcf9c..91b5528 100644 --- a/drivers/char/ipmi/ipmi_si_intf.c +++ b/drivers/char/ipmi/ipmi_si_intf.c @@ -277,7 +277,7 @@ struct smi_info { @@ -29171,7 +28577,7 @@ index 1aeaaba..e018570 100644 .part_num = MBCS_PART_NUM, .mfg_num = MBCS_MFG_NUM, diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 1451790..f705c30 100644 +index d6e9d08..4493e89 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -18,6 +18,7 @@ @@ -29320,7 +28726,7 @@ index da3cfee..a5a6606 100644 *ppos = i; diff --git a/drivers/char/random.c b/drivers/char/random.c -index 6035ab8..bdfe4fd 100644 +index 54ca8b2..d58cb51 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -261,8 +261,13 @@ @@ -29355,7 +28761,7 @@ index 6035ab8..bdfe4fd 100644 #if 0 /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */ { 2048, 1638, 1231, 819, 411, 1 }, -@@ -909,7 +921,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, +@@ -913,7 +925,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, extract_buf(r, tmp); i = min_t(int, nbytes, EXTRACT_SIZE); @@ -29364,7 +28770,7 @@ index 6035ab8..bdfe4fd 100644 ret = -EFAULT; break; } -@@ -1228,7 +1240,7 @@ EXPORT_SYMBOL(generate_random_uuid); +@@ -1238,7 +1250,7 @@ EXPORT_SYMBOL(generate_random_uuid); #include <linux/sysctl.h> static int min_read_thresh = 8, min_write_thresh; @@ -29416,10 +28822,10 @@ index 1ee8ce7..b778bef 100644 return 0; diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c -index 361a1df..2471eee 100644 +index 32362cf..32a96e9 100644 --- a/drivers/char/tpm/tpm.c +++ b/drivers/char/tpm/tpm.c -@@ -414,7 +414,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf, +@@ -415,7 +415,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf, chip->vendor.req_complete_val) goto out_recv; @@ -29476,7 +28882,7 @@ index 0636520..169c1d0 100644 acpi_os_unmap_memory(virt, len); return 0; diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c -index 8e3c46d..c139b99 100644 +index b58b561..c9088c8 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c @@ -563,7 +563,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, @@ -29497,19 +28903,6 @@ index 8e3c46d..c139b99 100644 } static ssize_t port_fops_write(struct file *filp, const char __user *ubuf, -diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c -index eb1d864..39ee5a7 100644 ---- a/drivers/dma/dmatest.c -+++ b/drivers/dma/dmatest.c -@@ -591,7 +591,7 @@ static int dmatest_add_channel(struct dma_chan *chan) - } - if (dma_has_cap(DMA_PQ, dma_dev->cap_mask)) { - cnt = dmatest_add_threads(dtc, DMA_PQ); -- thread_count += cnt > 0 ?: 0; -+ thread_count += cnt > 0 ? cnt : 0; - } - - pr_info("dmatest: Started %u threads using %s\n", diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c index c9eee6d..f9d5280 100644 --- a/drivers/edac/amd64_edac.c @@ -29563,7 +28956,7 @@ index 6ffb6d2..383d8d7 100644 PCI_VEND_DEV(INTEL, 7205_0), PCI_ANY_ID, PCI_ANY_ID, 0, 0, E7205}, diff --git a/drivers/edac/edac_pci_sysfs.c b/drivers/edac/edac_pci_sysfs.c -index 495198a..ac08c85 100644 +index 97f5064..202b6e6 100644 --- a/drivers/edac/edac_pci_sysfs.c +++ b/drivers/edac/edac_pci_sysfs.c @@ -26,8 +26,8 @@ static int edac_pci_log_pe = 1; /* log PCI parity errors */ @@ -29663,10 +29056,10 @@ index c0510b3..6e2a954 100644 PCI_VEND_DEV(INTEL, 3000_HB), PCI_ANY_ID, PCI_ANY_ID, 0, 0, I3000}, diff --git a/drivers/edac/i3200_edac.c b/drivers/edac/i3200_edac.c -index aa08497..7e6822a 100644 +index 73f55e200..5faaf59 100644 --- a/drivers/edac/i3200_edac.c +++ b/drivers/edac/i3200_edac.c -@@ -456,7 +456,7 @@ static void __devexit i3200_remove_one(struct pci_dev *pdev) +@@ -445,7 +445,7 @@ static void __devexit i3200_remove_one(struct pci_dev *pdev) edac_mc_free(mci); } @@ -29728,7 +29121,7 @@ index 6104dba..e7ea8e1 100644 {0,} /* 0 terminated list. */ }; diff --git a/drivers/edac/i7core_edac.c b/drivers/edac/i7core_edac.c -index 70ad892..178943c 100644 +index 8568d9b..42b2fa8 100644 --- a/drivers/edac/i7core_edac.c +++ b/drivers/edac/i7core_edac.c @@ -391,7 +391,7 @@ static const struct pci_id_table pci_dev_table[] = { @@ -29780,10 +29173,10 @@ index 33864c6..01edc61 100644 PCI_VEND_DEV(INTEL, 82875_0), PCI_ANY_ID, PCI_ANY_ID, 0, 0, I82875P}, diff --git a/drivers/edac/i82975x_edac.c b/drivers/edac/i82975x_edac.c -index a5da732..983363b 100644 +index 4184e01..dcb2cd3 100644 --- a/drivers/edac/i82975x_edac.c +++ b/drivers/edac/i82975x_edac.c -@@ -604,7 +604,7 @@ static void __devexit i82975x_remove_one(struct pci_dev *pdev) +@@ -612,7 +612,7 @@ static void __devexit i82975x_remove_one(struct pci_dev *pdev) edac_mc_free(mci); } @@ -29806,7 +29199,7 @@ index 0106747..0b40417 100644 void amd_report_gart_errors(bool); void amd_register_ecc_decoder(void (*f)(int, struct mce *)); diff --git a/drivers/edac/r82600_edac.c b/drivers/edac/r82600_edac.c -index b153674..ad2ba9b 100644 +index e294e1b..a41b05b 100644 --- a/drivers/edac/r82600_edac.c +++ b/drivers/edac/r82600_edac.c @@ -373,7 +373,7 @@ static void __devexit r82600_remove_one(struct pci_dev *pdev) @@ -29819,7 +29212,7 @@ index b153674..ad2ba9b 100644 PCI_DEVICE(PCI_VENDOR_ID_RADISYS, R82600_BRIDGE_ID) }, diff --git a/drivers/edac/sb_edac.c b/drivers/edac/sb_edac.c -index 7a402bf..af0b211 100644 +index 1dc118d..8c68af9 100644 --- a/drivers/edac/sb_edac.c +++ b/drivers/edac/sb_edac.c @@ -367,7 +367,7 @@ static const struct pci_id_table pci_dev_descr_sbridge_table[] = { @@ -29921,7 +29314,7 @@ index 153980b..4b4d046 100644 iounmap(buf); return 0; diff --git a/drivers/gpio/gpio-vr41xx.c b/drivers/gpio/gpio-vr41xx.c -index 98723cb..10ca85b 100644 +index 82d5c20..44a7177 100644 --- a/drivers/gpio/gpio-vr41xx.c +++ b/drivers/gpio/gpio-vr41xx.c @@ -204,7 +204,7 @@ static int giu_get_irq(unsigned int irq) @@ -29933,107 +29326,11 @@ index 98723cb..10ca85b 100644 return -EINVAL; } -diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c -index 8323fc3..5c1d755 100644 ---- a/drivers/gpu/drm/drm_crtc.c -+++ b/drivers/gpu/drm/drm_crtc.c -@@ -1379,7 +1379,7 @@ int drm_mode_getconnector(struct drm_device *dev, void *data, - */ - if ((out_resp->count_modes >= mode_count) && mode_count) { - copied = 0; -- mode_ptr = (struct drm_mode_modeinfo *)(unsigned long)out_resp->modes_ptr; -+ mode_ptr = (struct drm_mode_modeinfo __user *)(unsigned long)out_resp->modes_ptr; - list_for_each_entry(mode, &connector->modes, head) { - drm_crtc_convert_to_umode(&u_mode, mode); - if (copy_to_user(mode_ptr + copied, -@@ -1394,8 +1394,8 @@ int drm_mode_getconnector(struct drm_device *dev, void *data, - - if ((out_resp->count_props >= props_count) && props_count) { - copied = 0; -- prop_ptr = (uint32_t *)(unsigned long)(out_resp->props_ptr); -- prop_values = (uint64_t *)(unsigned long)(out_resp->prop_values_ptr); -+ prop_ptr = (uint32_t __user *)(unsigned long)(out_resp->props_ptr); -+ prop_values = (uint64_t __user *)(unsigned long)(out_resp->prop_values_ptr); - for (i = 0; i < DRM_CONNECTOR_MAX_PROPERTY; i++) { - if (connector->property_ids[i] != 0) { - if (put_user(connector->property_ids[i], -@@ -1417,7 +1417,7 @@ int drm_mode_getconnector(struct drm_device *dev, void *data, - - if ((out_resp->count_encoders >= encoders_count) && encoders_count) { - copied = 0; -- encoder_ptr = (uint32_t *)(unsigned long)(out_resp->encoders_ptr); -+ encoder_ptr = (uint32_t __user *)(unsigned long)(out_resp->encoders_ptr); - for (i = 0; i < DRM_CONNECTOR_MAX_ENCODER; i++) { - if (connector->encoder_ids[i] != 0) { - if (put_user(connector->encoder_ids[i], -@@ -1576,7 +1576,7 @@ int drm_mode_setcrtc(struct drm_device *dev, void *data, - } - - for (i = 0; i < crtc_req->count_connectors; i++) { -- set_connectors_ptr = (uint32_t *)(unsigned long)crtc_req->set_connectors_ptr; -+ set_connectors_ptr = (uint32_t __user *)(unsigned long)crtc_req->set_connectors_ptr; - if (get_user(out_id, &set_connectors_ptr[i])) { - ret = -EFAULT; - goto out; -@@ -1857,7 +1857,7 @@ int drm_mode_dirtyfb_ioctl(struct drm_device *dev, - fb = obj_to_fb(obj); - - num_clips = r->num_clips; -- clips_ptr = (struct drm_clip_rect *)(unsigned long)r->clips_ptr; -+ clips_ptr = (struct drm_clip_rect __user *)(unsigned long)r->clips_ptr; - - if (!num_clips != !clips_ptr) { - ret = -EINVAL; -@@ -2283,7 +2283,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, - out_resp->flags = property->flags; - - if ((out_resp->count_values >= value_count) && value_count) { -- values_ptr = (uint64_t *)(unsigned long)out_resp->values_ptr; -+ values_ptr = (uint64_t __user *)(unsigned long)out_resp->values_ptr; - for (i = 0; i < value_count; i++) { - if (copy_to_user(values_ptr + i, &property->values[i], sizeof(uint64_t))) { - ret = -EFAULT; -@@ -2296,7 +2296,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, - if (property->flags & DRM_MODE_PROP_ENUM) { - if ((out_resp->count_enum_blobs >= enum_count) && enum_count) { - copied = 0; -- enum_ptr = (struct drm_mode_property_enum *)(unsigned long)out_resp->enum_blob_ptr; -+ enum_ptr = (struct drm_mode_property_enum __user *)(unsigned long)out_resp->enum_blob_ptr; - list_for_each_entry(prop_enum, &property->enum_blob_list, head) { - - if (copy_to_user(&enum_ptr[copied].value, &prop_enum->value, sizeof(uint64_t))) { -@@ -2319,7 +2319,7 @@ int drm_mode_getproperty_ioctl(struct drm_device *dev, - if ((out_resp->count_enum_blobs >= blob_count) && blob_count) { - copied = 0; - blob_id_ptr = (uint32_t *)(unsigned long)out_resp->enum_blob_ptr; -- blob_length_ptr = (uint32_t *)(unsigned long)out_resp->values_ptr; -+ blob_length_ptr = (uint32_t __user *)(unsigned long)out_resp->values_ptr; - - list_for_each_entry(prop_blob, &property->enum_blob_list, head) { - if (put_user(prop_blob->base.id, blob_id_ptr + copied)) { -@@ -2380,7 +2380,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev, - struct drm_mode_get_blob *out_resp = data; - struct drm_property_blob *blob; - int ret = 0; -- void *blob_ptr; -+ void __user *blob_ptr; - - if (!drm_core_check_feature(dev, DRIVER_MODESET)) - return -EINVAL; -@@ -2394,7 +2394,7 @@ int drm_mode_getblob_ioctl(struct drm_device *dev, - blob = obj_to_blob(obj); - - if (out_resp->length == blob->length) { -- blob_ptr = (void *)(unsigned long)out_resp->data; -+ blob_ptr = (void __user *)(unsigned long)out_resp->data; - if (copy_to_user(blob_ptr, blob->data, blob->length)){ - ret = -EFAULT; - goto done; diff --git a/drivers/gpu/drm/drm_crtc_helper.c b/drivers/gpu/drm/drm_crtc_helper.c -index d2619d7..bd6bd00 100644 +index 84a4a80..ce0306e 100644 --- a/drivers/gpu/drm/drm_crtc_helper.c +++ b/drivers/gpu/drm/drm_crtc_helper.c -@@ -279,7 +279,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder, +@@ -280,7 +280,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder, struct drm_crtc *tmp; int crtc_mask = 1; @@ -30043,10 +29340,10 @@ index d2619d7..bd6bd00 100644 dev = crtc->dev; diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c -index 40c187c..5746164 100644 +index ebf7d3f..d64c436 100644 --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c -@@ -308,7 +308,7 @@ module_exit(drm_core_exit); +@@ -312,7 +312,7 @@ module_exit(drm_core_exit); /** * Copy and IOCTL return string to user space */ @@ -30055,7 +29352,7 @@ index 40c187c..5746164 100644 { int len; -@@ -387,7 +387,7 @@ long drm_ioctl(struct file *filp, +@@ -391,7 +391,7 @@ long drm_ioctl(struct file *filp, dev = file_priv->minor->dev; atomic_inc(&dev->ioctl_count); @@ -30065,7 +29362,7 @@ index 40c187c..5746164 100644 DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n", diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c -index 828bf65..cdaa0e9 100644 +index 6263b01..7987f55 100644 --- a/drivers/gpu/drm/drm_fops.c +++ b/drivers/gpu/drm/drm_fops.c @@ -71,7 +71,7 @@ static int drm_setup(struct drm_device * dev) @@ -30093,12 +29390,16 @@ index 828bf65..cdaa0e9 100644 mutex_lock(&drm_global_mutex); - DRM_DEBUG("open_count = %d\n", dev->open_count); -+ DRM_DEBUG("open_count = %d\n", local_read(&dev->open_count)); ++ DRM_DEBUG("open_count = %ld\n", local_read(&dev->open_count)); if (dev->driver->preclose) dev->driver->preclose(dev, file_priv); -@@ -485,7 +485,7 @@ int drm_release(struct inode *inode, struct file *filp) - DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %d\n", +@@ -482,10 +482,10 @@ int drm_release(struct inode *inode, struct file *filp) + * Begin inline drm_release + */ + +- DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %d\n", ++ DRM_DEBUG("pid = %d, device = 0x%lx, open_count = %ld\n", task_pid_nr(current), (long)old_encode_dev(file_priv->minor->device), - dev->open_count); @@ -30223,10 +29524,10 @@ index ab1162d..42587b2 100644 #if defined(__i386__) pgprot = pgprot_val(vma->vm_page_prot); diff --git a/drivers/gpu/drm/drm_ioc32.c b/drivers/gpu/drm/drm_ioc32.c -index ddd70db..40321e6 100644 +index 637fcc3..e890b33 100644 --- a/drivers/gpu/drm/drm_ioc32.c +++ b/drivers/gpu/drm/drm_ioc32.c -@@ -456,7 +456,7 @@ static int compat_drm_infobufs(struct file *file, unsigned int cmd, +@@ -457,7 +457,7 @@ static int compat_drm_infobufs(struct file *file, unsigned int cmd, request = compat_alloc_user_space(nbytes); if (!access_ok(VERIFY_WRITE, request, nbytes)) return -EFAULT; @@ -30235,7 +29536,7 @@ index ddd70db..40321e6 100644 if (__put_user(count, &request->count) || __put_user(list, &request->list)) -@@ -517,7 +517,7 @@ static int compat_drm_mapbufs(struct file *file, unsigned int cmd, +@@ -518,7 +518,7 @@ static int compat_drm_mapbufs(struct file *file, unsigned int cmd, request = compat_alloc_user_space(nbytes); if (!access_ok(VERIFY_WRITE, request, nbytes)) return -EFAULT; @@ -30245,10 +29546,10 @@ index ddd70db..40321e6 100644 if (__put_user(count, &request->count) || __put_user(list, &request->list)) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c -index 904d7e9..ab88581 100644 +index 956fd38..e52167a 100644 --- a/drivers/gpu/drm/drm_ioctl.c +++ b/drivers/gpu/drm/drm_ioctl.c -@@ -256,7 +256,7 @@ int drm_getstats(struct drm_device *dev, void *data, +@@ -251,7 +251,7 @@ int drm_getstats(struct drm_device *dev, void *data, stats->data[i].value = (file_priv->master->lock.hw_lock ? file_priv->master->lock.hw_lock->lock : 0); else @@ -30258,10 +29559,10 @@ index 904d7e9..ab88581 100644 } diff --git a/drivers/gpu/drm/drm_lock.c b/drivers/gpu/drm/drm_lock.c -index 632ae24..244cf4a 100644 +index c79c713..2048588 100644 --- a/drivers/gpu/drm/drm_lock.c +++ b/drivers/gpu/drm/drm_lock.c -@@ -89,7 +89,7 @@ int drm_lock(struct drm_device *dev, void *data, struct drm_file *file_priv) +@@ -90,7 +90,7 @@ int drm_lock(struct drm_device *dev, void *data, struct drm_file *file_priv) if (drm_lock_take(&master->lock, lock->context)) { master->lock.file_priv = file_priv; master->lock.lock_time = jiffies; @@ -30270,7 +29571,7 @@ index 632ae24..244cf4a 100644 break; /* Got lock */ } -@@ -160,7 +160,7 @@ int drm_unlock(struct drm_device *dev, void *data, struct drm_file *file_priv) +@@ -161,7 +161,7 @@ int drm_unlock(struct drm_device *dev, void *data, struct drm_file *file_priv) return -EINVAL; } @@ -30280,10 +29581,10 @@ index 632ae24..244cf4a 100644 if (drm_lock_free(&master->lock, lock->context)) { /* FIXME: Should really bail out here. */ diff --git a/drivers/gpu/drm/i810/i810_dma.c b/drivers/gpu/drm/i810/i810_dma.c -index 8f371e8..9f85d52 100644 +index 7f4b4e1..bf4def2 100644 --- a/drivers/gpu/drm/i810/i810_dma.c +++ b/drivers/gpu/drm/i810/i810_dma.c -@@ -950,8 +950,8 @@ static int i810_dma_vertex(struct drm_device *dev, void *data, +@@ -948,8 +948,8 @@ static int i810_dma_vertex(struct drm_device *dev, void *data, dma->buflist[vertex->idx], vertex->discard, vertex->used); @@ -30294,7 +29595,7 @@ index 8f371e8..9f85d52 100644 sarea_priv->last_enqueue = dev_priv->counter - 1; sarea_priv->last_dispatch = (int)hw_status[5]; -@@ -1111,8 +1111,8 @@ static int i810_dma_mc(struct drm_device *dev, void *data, +@@ -1109,8 +1109,8 @@ static int i810_dma_mc(struct drm_device *dev, void *data, i810_dma_dispatch_mc(dev, dma->buflist[mc->idx], mc->used, mc->last_render); @@ -30321,7 +29622,7 @@ index c9339f4..f5e1b9d 100644 int front_offset; } drm_i810_private_t; diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c -index b2e3c97..58cf079 100644 +index deaa657..e0fd296 100644 --- a/drivers/gpu/drm/i915/i915_debugfs.c +++ b/drivers/gpu/drm/i915/i915_debugfs.c @@ -499,7 +499,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data) @@ -30333,7 +29634,7 @@ index b2e3c97..58cf079 100644 for (i = 0; i < I915_NUM_RINGS; i++) { if (IS_GEN6(dev) || IS_GEN7(dev)) { seq_printf(m, "Graphics Interrupt mask (%s): %08x\n", -@@ -1232,7 +1232,7 @@ static int i915_opregion(struct seq_file *m, void *unused) +@@ -1321,7 +1321,7 @@ static int i915_opregion(struct seq_file *m, void *unused) return ret; if (opregion->header) @@ -30343,10 +29644,10 @@ index b2e3c97..58cf079 100644 mutex_unlock(&dev->struct_mutex); diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c -index c4da951..3c59c5c 100644 +index ddfe3d9..f6e6b21 100644 --- a/drivers/gpu/drm/i915/i915_dma.c +++ b/drivers/gpu/drm/i915/i915_dma.c -@@ -1172,7 +1172,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) +@@ -1175,7 +1175,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -30356,10 +29657,10 @@ index c4da951..3c59c5c 100644 return can_switch; } diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h -index ae294a0..1755461 100644 +index 9689ca3..294f9c1 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h -@@ -229,7 +229,7 @@ struct drm_i915_display_funcs { +@@ -231,7 +231,7 @@ struct drm_i915_display_funcs { /* render clock increase/decrease */ /* display clock increase/decrease */ /* pll clock increase/decrease */ @@ -30368,7 +29669,7 @@ index ae294a0..1755461 100644 struct intel_device_info { u8 gen; -@@ -318,7 +318,7 @@ typedef struct drm_i915_private { +@@ -320,7 +320,7 @@ typedef struct drm_i915_private { int current_page; int page_flipping; @@ -30377,7 +29678,7 @@ index ae294a0..1755461 100644 /* protects the irq masks */ spinlock_t irq_lock; -@@ -893,7 +893,7 @@ struct drm_i915_gem_object { +@@ -896,7 +896,7 @@ struct drm_i915_gem_object { * will be page flipped away on the next vblank. When it * reaches 0, dev_priv->pending_flip_queue will be woken up. */ @@ -30386,7 +29687,7 @@ index ae294a0..1755461 100644 }; #define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base) -@@ -1273,7 +1273,7 @@ extern int intel_setup_gmbus(struct drm_device *dev); +@@ -1276,7 +1276,7 @@ extern int intel_setup_gmbus(struct drm_device *dev); extern void intel_teardown_gmbus(struct drm_device *dev); extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed); extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit); @@ -30396,7 +29697,7 @@ index ae294a0..1755461 100644 return container_of(adapter, struct intel_gmbus, adapter)->force_bit; } diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index b9da890..cad1d98 100644 +index 65e1f00..a30ef00 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c @@ -189,7 +189,7 @@ i915_gem_object_set_to_gpu_domain(struct drm_i915_gem_object *obj, @@ -30421,7 +29722,7 @@ index b9da890..cad1d98 100644 for (i = 0; i < count; i++) { char __user *ptr = (char __user *)(uintptr_t)exec[i].relocs_ptr; diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index d47a53b..61154c2 100644 +index 5bd4361..0241a42 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c @@ -475,7 +475,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS) @@ -30451,7 +29752,7 @@ index d47a53b..61154c2 100644 iir = I915_READ(IIR); -@@ -1750,7 +1750,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) +@@ -1743,7 +1743,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) { drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; @@ -30460,7 +29761,7 @@ index d47a53b..61154c2 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); -@@ -1938,7 +1938,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev) +@@ -1932,7 +1932,7 @@ static void i915_driver_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -30470,10 +29771,10 @@ index d47a53b..61154c2 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 9ec9755..6d1cf2d 100644 +index 397087c..9178d0d 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -2230,7 +2230,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y, +@@ -2238,7 +2238,7 @@ intel_pipe_set_base(struct drm_crtc *crtc, int x, int y, wait_event(dev_priv->pending_flip_queue, atomic_read(&dev_priv->mm.wedged) || @@ -30482,7 +29783,7 @@ index 9ec9755..6d1cf2d 100644 /* Big Hammer, we also need to ensure that any pending * MI_WAIT_FOR_EVENT inside a user batch buffer on the -@@ -2851,7 +2851,7 @@ static void intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc) +@@ -2859,7 +2859,7 @@ static void intel_crtc_wait_for_pending_flips(struct drm_crtc *crtc) obj = to_intel_framebuffer(crtc->fb)->obj; dev_priv = crtc->dev->dev_private; wait_event(dev_priv->pending_flip_queue, @@ -30491,7 +29792,7 @@ index 9ec9755..6d1cf2d 100644 } static bool intel_crtc_driving_pch(struct drm_crtc *crtc) -@@ -6952,7 +6952,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, +@@ -7171,7 +7171,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, atomic_clear_mask(1 << intel_crtc->plane, &obj->pending_flip.counter); @@ -30500,7 +29801,7 @@ index 9ec9755..6d1cf2d 100644 wake_up(&dev_priv->pending_flip_queue); schedule_work(&work->work); -@@ -7242,7 +7242,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7461,7 +7461,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, /* Block clients from rendering to the new back buffer until * the flip occurs and the object is no longer visible. */ @@ -30509,7 +29810,7 @@ index 9ec9755..6d1cf2d 100644 ret = dev_priv->display.queue_flip(dev, crtc, fb, obj); if (ret) -@@ -7256,7 +7256,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7475,7 +7475,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, return 0; cleanup_pending: @@ -30575,10 +29876,10 @@ index 2581202..f230a8d9 100644 *sequence = cur_fence; diff --git a/drivers/gpu/drm/nouveau/nouveau_bios.c b/drivers/gpu/drm/nouveau/nouveau_bios.c -index 5fc201b..7b032b9 100644 +index e5cbead..6c354a3 100644 --- a/drivers/gpu/drm/nouveau/nouveau_bios.c +++ b/drivers/gpu/drm/nouveau/nouveau_bios.c -@@ -201,7 +201,7 @@ struct methods { +@@ -199,7 +199,7 @@ struct methods { const char desc[8]; void (*loadbios)(struct drm_device *, uint8_t *); const bool rw; @@ -30587,7 +29888,7 @@ index 5fc201b..7b032b9 100644 static struct methods shadow_methods[] = { { "PRAMIN", load_vbios_pramin, true }, -@@ -5474,7 +5474,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, struct nvbios *bios, +@@ -5290,7 +5290,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, struct nvbios *bios, struct bit_table { const char id; int (* const parse_fn)(struct drm_device *, struct nvbios *, struct bit_entry *); @@ -30597,10 +29898,10 @@ index 5fc201b..7b032b9 100644 #define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry }) diff --git a/drivers/gpu/drm/nouveau/nouveau_drv.h b/drivers/gpu/drm/nouveau/nouveau_drv.h -index 4c0be3a..5757582 100644 +index b827098..c31a797 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drv.h +++ b/drivers/gpu/drm/nouveau/nouveau_drv.h -@@ -238,7 +238,7 @@ struct nouveau_channel { +@@ -242,7 +242,7 @@ struct nouveau_channel { struct list_head pending; uint32_t sequence; uint32_t sequence_ack; @@ -30609,7 +29910,7 @@ index 4c0be3a..5757582 100644 struct nouveau_vma vma; } fence; -@@ -319,7 +319,7 @@ struct nouveau_exec_engine { +@@ -323,7 +323,7 @@ struct nouveau_exec_engine { u32 handle, u16 class); void (*set_tile_region)(struct drm_device *dev, int i); void (*tlb_flush)(struct drm_device *, int engine); @@ -30618,7 +29919,7 @@ index 4c0be3a..5757582 100644 struct nouveau_instmem_engine { void *priv; -@@ -341,13 +341,13 @@ struct nouveau_instmem_engine { +@@ -345,13 +345,13 @@ struct nouveau_instmem_engine { struct nouveau_mc_engine { int (*init)(struct drm_device *dev); void (*takedown)(struct drm_device *dev); @@ -30634,7 +29935,7 @@ index 4c0be3a..5757582 100644 struct nouveau_fb_engine { int num_tiles; -@@ -558,7 +558,7 @@ struct nouveau_vram_engine { +@@ -566,7 +566,7 @@ struct nouveau_vram_engine { void (*put)(struct drm_device *, struct nouveau_mem **); bool (*flags_valid)(struct drm_device *, u32 tile_flags); @@ -30643,7 +29944,7 @@ index 4c0be3a..5757582 100644 struct nouveau_engine { struct nouveau_instmem_engine instmem; -@@ -706,7 +706,7 @@ struct drm_nouveau_private { +@@ -714,7 +714,7 @@ struct drm_nouveau_private { struct drm_global_reference mem_global_ref; struct ttm_bo_global_ref bo_global_ref; struct ttm_bo_device bdev; @@ -30688,10 +29989,10 @@ index 7ce3fde..cb3ea04 100644 if (++trycnt > 100000) { NV_ERROR(dev, "%s failed and gave up.\n", __func__); diff --git a/drivers/gpu/drm/nouveau/nouveau_state.c b/drivers/gpu/drm/nouveau/nouveau_state.c -index d8831ab..0ba8356 100644 +index f80c5e0..936baa7 100644 --- a/drivers/gpu/drm/nouveau/nouveau_state.c +++ b/drivers/gpu/drm/nouveau/nouveau_state.c -@@ -542,7 +542,7 @@ static bool nouveau_switcheroo_can_switch(struct pci_dev *pdev) +@@ -543,7 +543,7 @@ static bool nouveau_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -30807,32 +30108,20 @@ index 5a82b6b..9e69c73 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { -diff --git a/drivers/gpu/drm/radeon/r600_cs.c b/drivers/gpu/drm/radeon/r600_cs.c -index cb1acff..8861bc5 100644 ---- a/drivers/gpu/drm/radeon/r600_cs.c -+++ b/drivers/gpu/drm/radeon/r600_cs.c -@@ -1304,6 +1304,7 @@ static int r600_check_texture_resource(struct radeon_cs_parser *p, u32 idx, - h0 = G_038004_TEX_HEIGHT(word1) + 1; - d0 = G_038004_TEX_DEPTH(word1); - nfaces = 1; -+ array = 0; - switch (G_038000_DIM(word0)) { - case V_038000_SQ_TEX_DIM_1D: - case V_038000_SQ_TEX_DIM_2D: diff --git a/drivers/gpu/drm/radeon/radeon.h b/drivers/gpu/drm/radeon/radeon.h -index 8227e76..ce0b195 100644 +index 1668ec1..30ebdab 100644 --- a/drivers/gpu/drm/radeon/radeon.h +++ b/drivers/gpu/drm/radeon/radeon.h -@@ -192,7 +192,7 @@ extern int sumo_get_temp(struct radeon_device *rdev); - */ - struct radeon_fence_driver { +@@ -250,7 +250,7 @@ struct radeon_fence_driver { uint32_t scratch_reg; + uint64_t gpu_addr; + volatile uint32_t *cpu_addr; - atomic_t seq; + atomic_unchecked_t seq; uint32_t last_seq; unsigned long last_jiffies; unsigned long last_timeout; -@@ -530,7 +530,7 @@ struct r600_blit_cp_primitives { +@@ -752,7 +752,7 @@ struct r600_blit_cp_primitives { int x2, int y2); void (*draw_auto)(struct radeon_device *rdev); void (*set_default_state)(struct radeon_device *rdev); @@ -30841,7 +30130,7 @@ index 8227e76..ce0b195 100644 struct r600_blit { struct mutex mutex; -@@ -954,7 +954,7 @@ struct radeon_asic { +@@ -1201,7 +1201,7 @@ struct radeon_asic { void (*pre_page_flip)(struct radeon_device *rdev, int crtc); u32 (*page_flip)(struct radeon_device *rdev, int crtc, u64 crtc_base); void (*post_page_flip)(struct radeon_device *rdev, int crtc); @@ -30851,7 +30140,7 @@ index 8227e76..ce0b195 100644 /* * Asic structures diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 9231564..78b00fd 100644 +index 49f7cb7..2fcb48f 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c @@ -687,7 +687,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) @@ -30877,27 +30166,36 @@ index a1b59ca..86f2d44 100644 uint32_t irq_enable_reg; uint32_t r500_disp_irq_reg; diff --git a/drivers/gpu/drm/radeon/radeon_fence.c b/drivers/gpu/drm/radeon/radeon_fence.c -index 76ec0e9..6feb1a3 100644 +index 4bd36a3..e66fe9c 100644 --- a/drivers/gpu/drm/radeon/radeon_fence.c +++ b/drivers/gpu/drm/radeon/radeon_fence.c -@@ -78,7 +78,7 @@ int radeon_fence_emit(struct radeon_device *rdev, struct radeon_fence *fence) - write_unlock_irqrestore(&rdev->fence_drv.lock, irq_flags); +@@ -70,7 +70,7 @@ int radeon_fence_emit(struct radeon_device *rdev, struct radeon_fence *fence) + write_unlock_irqrestore(&rdev->fence_lock, irq_flags); return 0; } -- fence->seq = atomic_add_return(1, &rdev->fence_drv.seq); -+ fence->seq = atomic_add_return_unchecked(1, &rdev->fence_drv.seq); - if (!rdev->cp.ready) +- fence->seq = atomic_add_return(1, &rdev->fence_drv[fence->ring].seq); ++ fence->seq = atomic_add_return_unchecked(1, &rdev->fence_drv[fence->ring].seq); + if (!rdev->ring[fence->ring].ready) /* FIXME: cp is not running assume everythings is done right * away -@@ -373,7 +373,7 @@ int radeon_fence_driver_init(struct radeon_device *rdev) - return r; - } - radeon_fence_write(rdev, 0); -- atomic_set(&rdev->fence_drv.seq, 0); -+ atomic_set_unchecked(&rdev->fence_drv.seq, 0); - INIT_LIST_HEAD(&rdev->fence_drv.created); - INIT_LIST_HEAD(&rdev->fence_drv.emited); - INIT_LIST_HEAD(&rdev->fence_drv.signaled); +@@ -405,7 +405,7 @@ int radeon_fence_driver_start_ring(struct radeon_device *rdev, int ring) + } + rdev->fence_drv[ring].cpu_addr = &rdev->wb.wb[index/4]; + rdev->fence_drv[ring].gpu_addr = rdev->wb.gpu_addr + index; +- radeon_fence_write(rdev, atomic_read(&rdev->fence_drv[ring].seq), ring); ++ radeon_fence_write(rdev, atomic_read_unchecked(&rdev->fence_drv[ring].seq), ring); + rdev->fence_drv[ring].initialized = true; + DRM_INFO("fence driver on ring %d use gpu addr 0x%08Lx and cpu addr 0x%p\n", + ring, rdev->fence_drv[ring].gpu_addr, rdev->fence_drv[ring].cpu_addr); +@@ -418,7 +418,7 @@ static void radeon_fence_driver_init_ring(struct radeon_device *rdev, int ring) + rdev->fence_drv[ring].scratch_reg = -1; + rdev->fence_drv[ring].cpu_addr = NULL; + rdev->fence_drv[ring].gpu_addr = 0; +- atomic_set(&rdev->fence_drv[ring].seq, 0); ++ atomic_set_unchecked(&rdev->fence_drv[ring].seq, 0); + INIT_LIST_HEAD(&rdev->fence_drv[ring].created); + INIT_LIST_HEAD(&rdev->fence_drv[ring].emitted); + INIT_LIST_HEAD(&rdev->fence_drv[ring].signaled); diff --git a/drivers/gpu/drm/radeon/radeon_ioc32.c b/drivers/gpu/drm/radeon/radeon_ioc32.c index 48b7cea..342236f 100644 --- a/drivers/gpu/drm/radeon/radeon_ioc32.c @@ -30958,10 +30256,10 @@ index e8422ae..d22d4a8 100644 DRM_DEBUG("pid=%d\n", DRM_CURRENTPID); diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c -index 0b5468b..9c4b308 100644 +index c421e77..e6bf2e8 100644 --- a/drivers/gpu/drm/radeon/radeon_ttm.c +++ b/drivers/gpu/drm/radeon/radeon_ttm.c -@@ -672,8 +672,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) +@@ -842,8 +842,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) } if (unlikely(ttm_vm_ops == NULL)) { ttm_vm_ops = vma->vm_ops; @@ -30975,7 +30273,7 @@ index 0b5468b..9c4b308 100644 vma->vm_ops = &radeon_ttm_vm_ops; return 0; diff --git a/drivers/gpu/drm/radeon/rs690.c b/drivers/gpu/drm/radeon/rs690.c -index a9049ed..501f284 100644 +index f68dff2..8df955c 100644 --- a/drivers/gpu/drm/radeon/rs690.c +++ b/drivers/gpu/drm/radeon/rs690.c @@ -304,9 +304,11 @@ void rs690_crtc_bandwidth_compute(struct radeon_device *rdev, @@ -30992,7 +30290,7 @@ index a9049ed..501f284 100644 if (rdev->pm.max_bandwidth.full > rdev->pm.k8_bandwidth.full && rdev->pm.k8_bandwidth.full) diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c -index 727e93d..1565650 100644 +index 499debd..66fce72 100644 --- a/drivers/gpu/drm/ttm/ttm_page_alloc.c +++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c @@ -398,9 +398,9 @@ static int ttm_pool_get_num_unused_pages(void) @@ -31008,7 +30306,7 @@ index 727e93d..1565650 100644 int shrink_pages = sc->nr_to_scan; diff --git a/drivers/gpu/drm/via/via_drv.h b/drivers/gpu/drm/via/via_drv.h -index 9cf87d9..2000b7d 100644 +index 88edacc..1e5412b 100644 --- a/drivers/gpu/drm/via/via_drv.h +++ b/drivers/gpu/drm/via/via_drv.h @@ -51,7 +51,7 @@ typedef struct drm_via_ring_buffer { @@ -31192,10 +30490,10 @@ index 8a8725c..afed796 100644 marker = list_first_entry(&queue->head, struct vmw_marker, head); diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index bb656d8..4169fca 100644 +index af08ce7..7a15038 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -2012,7 +2012,7 @@ static bool hid_ignore(struct hid_device *hdev) +@@ -2020,7 +2020,7 @@ static bool hid_ignore(struct hid_device *hdev) int hid_add_device(struct hid_device *hdev) { @@ -31204,7 +30502,7 @@ index bb656d8..4169fca 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2027,7 +2027,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2035,7 +2035,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -31214,7 +30512,7 @@ index bb656d8..4169fca 100644 hid_debug_register(hdev, dev_name(&hdev->dev)); ret = device_add(&hdev->dev); diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c -index 4ef02b2..8a96831 100644 +index b1ec0e2..c295a61 100644 --- a/drivers/hid/usbhid/hiddev.c +++ b/drivers/hid/usbhid/hiddev.c @@ -624,7 +624,7 @@ static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) @@ -31242,7 +30540,7 @@ index 4065374..10ed7dc 100644 ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount); if (ret) diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c -index 0fb100e..baf87e5 100644 +index 12aa97f..c0679f7 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c @@ -132,7 +132,7 @@ static u64 do_hypercall(u64 control, void *input, void *output) @@ -31255,7 +30553,7 @@ index 0fb100e..baf87e5 100644 __asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi), "=a"(hv_status_lo) : "d" (control_hi), diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h -index 0aee112..b72d21f 100644 +index 6d7d286..92b0873 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h @@ -556,7 +556,7 @@ enum vmbus_connect_state { @@ -31268,7 +30566,7 @@ index 0aee112..b72d21f 100644 /* * Represents channel interrupts. Each bit position represents a diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c -index d2d0a2a..90b8f4d 100644 +index a220e57..428f54d 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c @@ -663,10 +663,10 @@ int vmbus_device_register(struct hv_device *child_device_obj) @@ -31285,7 +30583,7 @@ index d2d0a2a..90b8f4d 100644 child_device_obj->device.bus = &hv_bus; child_device_obj->device.parent = &hv_acpi_dev->dev; diff --git a/drivers/hwmon/acpi_power_meter.c b/drivers/hwmon/acpi_power_meter.c -index 66f6729..2d6de0a 100644 +index 554f046..f8b4729 100644 --- a/drivers/hwmon/acpi_power_meter.c +++ b/drivers/hwmon/acpi_power_meter.c @@ -316,8 +316,6 @@ static ssize_t set_trip(struct device *dev, struct device_attribute *devattr, @@ -31298,7 +30596,7 @@ index 66f6729..2d6de0a 100644 mutex_lock(&resource->lock); resource->trip[attr->index - 7] = temp; diff --git a/drivers/hwmon/sht15.c b/drivers/hwmon/sht15.c -index 5357925..6cf0418 100644 +index 91fdd1f..b66a686 100644 --- a/drivers/hwmon/sht15.c +++ b/drivers/hwmon/sht15.c @@ -166,7 +166,7 @@ struct sht15_data { @@ -31631,7 +30929,7 @@ index 8126824..55a2798 100644 } } diff --git a/drivers/ide/ide-pci-generic.c b/drivers/ide/ide-pci-generic.c -index a743e68..1cfd674 100644 +index 7f56b73..dab5b67 100644 --- a/drivers/ide/ide-pci-generic.c +++ b/drivers/ide/ide-pci-generic.c @@ -53,7 +53,7 @@ static const struct ide_port_ops netcell_port_ops = { @@ -31917,7 +31215,7 @@ index f46f49c..eb77678 100644 .init_chipset = init_chipset_via82cxxx, .enablebits = { { 0x40, 0x02, 0x02 }, { 0x40, 0x01, 0x01 } }, diff --git a/drivers/ieee802154/fakehard.c b/drivers/ieee802154/fakehard.c -index eb0e2cc..14241c7 100644 +index 73d4531..c90cd2d 100644 --- a/drivers/ieee802154/fakehard.c +++ b/drivers/ieee802154/fakehard.c @@ -386,7 +386,7 @@ static int __devinit ieee802154fake_probe(struct platform_device *pdev) @@ -31930,7 +31228,7 @@ index eb0e2cc..14241c7 100644 priv = netdev_priv(dev); priv->phy = phy; diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c -index 8b72f39..55df4c8 100644 +index c889aae..6cf5aa7 100644 --- a/drivers/infiniband/core/cm.c +++ b/drivers/infiniband/core/cm.c @@ -114,7 +114,7 @@ static char const counter_group_names[CM_COUNTER_GROUPS] @@ -32165,19 +31463,6 @@ index 40c8353..946b0e4 100644 } PDBG("%s stag_state 0x%0x type 0x%0x pdid 0x%0x, stag_idx 0x%x\n", __func__, stag_state, type, pdid, stag_idx); -diff --git a/drivers/infiniband/hw/ipath/ipath_fs.c b/drivers/infiniband/hw/ipath/ipath_fs.c -index 31ae1b1..641d285 100644 ---- a/drivers/infiniband/hw/ipath/ipath_fs.c -+++ b/drivers/infiniband/hw/ipath/ipath_fs.c -@@ -126,6 +126,8 @@ static const struct file_operations atomic_counters_ops = { - }; - - static ssize_t flash_read(struct file *file, char __user *buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t flash_read(struct file *file, char __user *buf, - size_t count, loff_t *ppos) - { - struct ipath_devdata *dd; diff --git a/drivers/infiniband/hw/ipath/ipath_rc.c b/drivers/infiniband/hw/ipath/ipath_rc.c index 79b3dbc..96e5fcc 100644 --- a/drivers/infiniband/hw/ipath/ipath_rc.c @@ -32233,7 +31518,7 @@ index 1f95bba..9530f87 100644 sdata, wqe->wr.wr.atomic.swap); goto send_comp; diff --git a/drivers/infiniband/hw/nes/nes.c b/drivers/infiniband/hw/nes/nes.c -index 5965b3d..16817fb 100644 +index 7140199..da60063 100644 --- a/drivers/infiniband/hw/nes/nes.c +++ b/drivers/infiniband/hw/nes/nes.c @@ -103,7 +103,7 @@ MODULE_PARM_DESC(limit_maxrdreqsz, "Limit max read request size to 256 Bytes"); @@ -32255,7 +31540,7 @@ index 5965b3d..16817fb 100644 /* Free the control structures */ diff --git a/drivers/infiniband/hw/nes/nes.h b/drivers/infiniband/hw/nes/nes.h -index 568b4f1..5ea3eff 100644 +index c438e46..ca30356 100644 --- a/drivers/infiniband/hw/nes/nes.h +++ b/drivers/infiniband/hw/nes/nes.h @@ -178,17 +178,17 @@ extern unsigned int nes_debug_level; @@ -32314,7 +31599,7 @@ index 568b4f1..5ea3eff 100644 extern u32 int_mod_timer_init; extern u32 int_mod_cq_depth_256; diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c -index 0a52d72..0642f36 100644 +index a4972ab..1bcfc31 100644 --- a/drivers/infiniband/hw/nes/nes_cm.c +++ b/drivers/infiniband/hw/nes/nes_cm.c @@ -68,14 +68,14 @@ u32 cm_packets_dropped; @@ -32360,7 +31645,7 @@ index 0a52d72..0642f36 100644 int nes_add_ref_cm_node(struct nes_cm_node *cm_node) { -@@ -1271,7 +1271,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core, +@@ -1274,7 +1274,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core, kfree(listener); listener = NULL; ret = 0; @@ -32423,7 +31708,7 @@ index 0a52d72..0642f36 100644 dev_kfree_skb_any(skb); } break; -@@ -2880,7 +2880,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) +@@ -2881,7 +2881,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) if ((cm_id) && (cm_id->event_handler)) { if (issue_disconn) { @@ -32432,7 +31717,7 @@ index 0a52d72..0642f36 100644 cm_event.event = IW_CM_EVENT_DISCONNECT; cm_event.status = disconn_status; cm_event.local_addr = cm_id->local_addr; -@@ -2902,7 +2902,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) +@@ -2903,7 +2903,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) } if (issue_close) { @@ -32441,7 +31726,7 @@ index 0a52d72..0642f36 100644 nes_disconnect(nesqp, 1); cm_id->provider_data = nesqp; -@@ -3038,7 +3038,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) +@@ -3039,7 +3039,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) nes_debug(NES_DBG_CM, "QP%u, cm_node=%p, jiffies = %lu listener = %p\n", nesqp->hwqp.qp_id, cm_node, jiffies, cm_node->listener); @@ -32450,7 +31735,7 @@ index 0a52d72..0642f36 100644 nes_debug(NES_DBG_CM, "netdev refcnt = %u.\n", netdev_refcnt_read(nesvnic->netdev)); -@@ -3240,7 +3240,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) +@@ -3241,7 +3241,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) struct nes_cm_core *cm_core; u8 *start_buff; @@ -32459,7 +31744,7 @@ index 0a52d72..0642f36 100644 cm_node = (struct nes_cm_node *)cm_id->provider_data; loopback = cm_node->loopbackpartner; cm_core = cm_node->cm_core; -@@ -3300,7 +3300,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) +@@ -3301,7 +3301,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) ntohl(cm_id->local_addr.sin_addr.s_addr), ntohs(cm_id->local_addr.sin_port)); @@ -32468,7 +31753,7 @@ index 0a52d72..0642f36 100644 nesqp->active_conn = 1; /* cache the cm_id in the qp */ -@@ -3406,7 +3406,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog) +@@ -3407,7 +3407,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog) g_cm_core->api->stop_listener(g_cm_core, (void *)cm_node); return err; } @@ -32477,7 +31762,7 @@ index 0a52d72..0642f36 100644 } cm_id->add_ref(cm_id); -@@ -3507,7 +3507,7 @@ static void cm_event_connected(struct nes_cm_event *event) +@@ -3508,7 +3508,7 @@ static void cm_event_connected(struct nes_cm_event *event) if (nesqp->destroyed) return; @@ -32486,7 +31771,7 @@ index 0a52d72..0642f36 100644 nes_debug(NES_DBG_CM, "QP%u attempting to connect to 0x%08X:0x%04X on" " local port 0x%04X. jiffies = %lu.\n", nesqp->hwqp.qp_id, -@@ -3694,7 +3694,7 @@ static void cm_event_reset(struct nes_cm_event *event) +@@ -3695,7 +3695,7 @@ static void cm_event_reset(struct nes_cm_event *event) cm_id->add_ref(cm_id); ret = cm_id->event_handler(cm_id, &cm_event); @@ -32495,7 +31780,7 @@ index 0a52d72..0642f36 100644 cm_event.event = IW_CM_EVENT_CLOSE; cm_event.status = 0; cm_event.provider_data = cm_id->provider_data; -@@ -3730,7 +3730,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event) +@@ -3731,7 +3731,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event) return; cm_id = cm_node->cm_id; @@ -32504,7 +31789,7 @@ index 0a52d72..0642f36 100644 nes_debug(NES_DBG_CM, "cm_node = %p - cm_id = %p, jiffies = %lu\n", cm_node, cm_id, jiffies); -@@ -3770,7 +3770,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event) +@@ -3771,7 +3771,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event) return; cm_id = cm_node->cm_id; @@ -32514,7 +31799,7 @@ index 0a52d72..0642f36 100644 cm_node, cm_id, jiffies); diff --git a/drivers/infiniband/hw/nes/nes_mgt.c b/drivers/infiniband/hw/nes/nes_mgt.c -index b3b2a24..7bfaf1e 100644 +index 3ba7be3..c81f6ff 100644 --- a/drivers/infiniband/hw/nes/nes_mgt.c +++ b/drivers/infiniband/hw/nes/nes_mgt.c @@ -40,8 +40,8 @@ @@ -32547,7 +31832,7 @@ index b3b2a24..7bfaf1e 100644 } diff --git a/drivers/infiniband/hw/nes/nes_nic.c b/drivers/infiniband/hw/nes/nes_nic.c -index c00d2f3..8834298 100644 +index f3a3ecf..57d311d 100644 --- a/drivers/infiniband/hw/nes/nes_nic.c +++ b/drivers/infiniband/hw/nes/nes_nic.c @@ -1277,39 +1277,39 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev, @@ -32611,7 +31896,7 @@ index c00d2f3..8834298 100644 /** diff --git a/drivers/infiniband/hw/nes/nes_verbs.c b/drivers/infiniband/hw/nes/nes_verbs.c -index 5095bc4..41e8fff 100644 +index 0927b5c..ed67986 100644 --- a/drivers/infiniband/hw/nes/nes_verbs.c +++ b/drivers/infiniband/hw/nes/nes_verbs.c @@ -46,9 +46,9 @@ @@ -32657,19 +31942,6 @@ index b881bdc..c2e360c 100644 #include "qib_common.h" #include "qib_verbs.h" -diff --git a/drivers/infiniband/hw/qib/qib_fs.c b/drivers/infiniband/hw/qib/qib_fs.c -index df7fa25..0c854f0 100644 ---- a/drivers/infiniband/hw/qib/qib_fs.c -+++ b/drivers/infiniband/hw/qib/qib_fs.c -@@ -267,6 +267,8 @@ static const struct file_operations qsfp_ops[] = { - }; - - static ssize_t flash_read(struct file *file, char __user *buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t flash_read(struct file *file, char __user *buf, - size_t count, loff_t *ppos) - { - struct qib_devdata *dd; diff --git a/drivers/input/gameport/gameport.c b/drivers/input/gameport/gameport.c index c351aa4..e6967c2 100644 --- a/drivers/input/gameport/gameport.c @@ -32692,7 +31964,7 @@ index c351aa4..e6967c2 100644 gameport->dev.release = gameport_release_port; if (gameport->parent) diff --git a/drivers/input/input.c b/drivers/input/input.c -index da38d97..2aa0b79 100644 +index 1f78c95..3cddc6c 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c @@ -1814,7 +1814,7 @@ static void input_cleanse_bitmasks(struct input_dev *dev) @@ -32726,7 +31998,7 @@ index b8d8611..7a4a04b 100644 #include <linux/input.h> #include <linux/gameport.h> diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c -index d728875..844c89b 100644 +index fd7a0d5..a4af10c 100644 --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c @@ -710,7 +710,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, @@ -32996,19 +32268,6 @@ index a3bd163..8956575 100644 typedef struct _diva_os_xdi_adapter { struct list_head link; -diff --git a/drivers/isdn/i4l/isdn_net.c b/drivers/isdn/i4l/isdn_net.c -index 2339d73..802ab87a 100644 ---- a/drivers/isdn/i4l/isdn_net.c -+++ b/drivers/isdn/i4l/isdn_net.c -@@ -1901,7 +1901,7 @@ static int isdn_net_header(struct sk_buff *skb, struct net_device *dev, - { - isdn_net_local *lp = netdev_priv(dev); - unsigned char *p; -- ushort len = 0; -+ int len = 0; - - switch (lp->p_encap) { - case ISDN_NET_ENCAP_ETHER: diff --git a/drivers/isdn/icn/icn.c b/drivers/isdn/icn/icn.c index 1f355bb..43f1fea 100644 --- a/drivers/isdn/icn/icn.c @@ -33053,20 +32312,8 @@ index b5fdcb7..5b6c59f 100644 end_switcher_text - start_switcher_text); printk(KERN_INFO "lguest: mapped switcher at %p\n", -diff --git a/drivers/lguest/lguest_user.c b/drivers/lguest/lguest_user.c -index ff4a0bc..f5fdd9c 100644 ---- a/drivers/lguest/lguest_user.c -+++ b/drivers/lguest/lguest_user.c -@@ -198,6 +198,7 @@ static int user_send_irq(struct lg_cpu *cpu, const unsigned long __user *input) - * Once our Guest is initialized, the Launcher makes it run by reading - * from /dev/lguest. - */ -+static ssize_t read(struct file *file, char __user *user, size_t size,loff_t*o) __size_overflow(3); - static ssize_t read(struct file *file, char __user *user, size_t size,loff_t*o) - { - struct lguest *lg = file->private_data; diff --git a/drivers/lguest/x86/core.c b/drivers/lguest/x86/core.c -index 65af42f..530c87a 100644 +index 3980903..ce25c5e 100644 --- a/drivers/lguest/x86/core.c +++ b/drivers/lguest/x86/core.c @@ -59,7 +59,7 @@ static struct { @@ -33317,7 +32564,7 @@ index 3d80cf0..b77cc47 100644 schedule_work(&sc->trigger_event); } diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c -index 8e91321..fd17aef 100644 +index 63cc542..8d45caf3 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -391,7 +391,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev, @@ -33352,10 +32599,10 @@ index 237571a..fb6d19b 100644 pmd->bl_info.value_type.inc = data_block_inc; pmd->bl_info.value_type.dec = data_block_dec; diff --git a/drivers/md/dm.c b/drivers/md/dm.c -index 4720f68..78d1df7 100644 +index b89c548..2af3ce4 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c -@@ -177,9 +177,9 @@ struct mapped_device { +@@ -176,9 +176,9 @@ struct mapped_device { /* * Event handling. */ @@ -33367,7 +32614,7 @@ index 4720f68..78d1df7 100644 struct list_head uevent_list; spinlock_t uevent_lock; /* Protect access to uevent_list */ -@@ -1845,8 +1845,8 @@ static struct mapped_device *alloc_dev(int minor) +@@ -1844,8 +1844,8 @@ static struct mapped_device *alloc_dev(int minor) rwlock_init(&md->map_lock); atomic_set(&md->holders, 1); atomic_set(&md->open_count, 0); @@ -33378,7 +32625,7 @@ index 4720f68..78d1df7 100644 INIT_LIST_HEAD(&md->uevent_list); spin_lock_init(&md->uevent_lock); -@@ -1980,7 +1980,7 @@ static void event_callback(void *context) +@@ -1979,7 +1979,7 @@ static void event_callback(void *context) dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj); @@ -33387,7 +32634,7 @@ index 4720f68..78d1df7 100644 wake_up(&md->eventq); } -@@ -2622,18 +2622,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, +@@ -2621,18 +2621,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, uint32_t dm_next_uevent_seq(struct mapped_device *md) { @@ -33410,10 +32657,10 @@ index 4720f68..78d1df7 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index f47f1f8..b7f559e 100644 +index ce88755..4d8686d 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c -@@ -278,10 +278,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); +@@ -277,10 +277,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); * start build, activate spare */ static DECLARE_WAIT_QUEUE_HEAD(md_event_waiters); @@ -33426,7 +32673,7 @@ index f47f1f8..b7f559e 100644 wake_up(&md_event_waiters); } EXPORT_SYMBOL_GPL(md_new_event); -@@ -291,7 +291,7 @@ EXPORT_SYMBOL_GPL(md_new_event); +@@ -290,7 +290,7 @@ EXPORT_SYMBOL_GPL(md_new_event); */ static void md_new_event_inintr(struct mddev *mddev) { @@ -33435,7 +32682,7 @@ index f47f1f8..b7f559e 100644 wake_up(&md_event_waiters); } -@@ -1525,7 +1525,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ +@@ -1524,7 +1524,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ rdev->preferred_minor = 0xffff; rdev->data_offset = le64_to_cpu(sb->data_offset); @@ -33444,7 +32691,7 @@ index f47f1f8..b7f559e 100644 rdev->sb_size = le32_to_cpu(sb->max_dev) * 2 + 256; bmask = queue_logical_block_size(rdev->bdev->bd_disk->queue)-1; -@@ -1742,7 +1742,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev) +@@ -1743,7 +1743,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev) else sb->resync_offset = cpu_to_le64(0); @@ -33453,7 +32700,7 @@ index f47f1f8..b7f559e 100644 sb->raid_disks = cpu_to_le32(mddev->raid_disks); sb->size = cpu_to_le64(mddev->dev_sectors); -@@ -2639,7 +2639,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store); +@@ -2688,7 +2688,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store); static ssize_t errors_show(struct md_rdev *rdev, char *page) { @@ -33462,7 +32709,7 @@ index f47f1f8..b7f559e 100644 } static ssize_t -@@ -2648,7 +2648,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len) +@@ -2697,7 +2697,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len) char *e; unsigned long n = simple_strtoul(buf, &e, 10); if (*buf && (*e == 0 || *e == '\n')) { @@ -33471,7 +32718,7 @@ index f47f1f8..b7f559e 100644 return len; } return -EINVAL; -@@ -3039,8 +3039,8 @@ int md_rdev_init(struct md_rdev *rdev) +@@ -3083,8 +3083,8 @@ int md_rdev_init(struct md_rdev *rdev) rdev->sb_loaded = 0; rdev->bb_page = NULL; atomic_set(&rdev->nr_pending, 0); @@ -33482,7 +32729,7 @@ index f47f1f8..b7f559e 100644 INIT_LIST_HEAD(&rdev->same_set); init_waitqueue_head(&rdev->blocked_wait); -@@ -6683,7 +6683,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -6735,7 +6735,7 @@ static int md_seq_show(struct seq_file *seq, void *v) spin_unlock(&pers_lock); seq_printf(seq, "\n"); @@ -33491,7 +32738,7 @@ index f47f1f8..b7f559e 100644 return 0; } if (v == (void*)2) { -@@ -6772,7 +6772,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -6827,7 +6827,7 @@ static int md_seq_show(struct seq_file *seq, void *v) chunk_kb ? "KB" : "B"); if (bitmap->file) { seq_printf(seq, ", file: "); @@ -33500,7 +32747,7 @@ index f47f1f8..b7f559e 100644 } seq_printf(seq, "\n"); -@@ -6803,7 +6803,7 @@ static int md_seq_open(struct inode *inode, struct file *file) +@@ -6858,7 +6858,7 @@ static int md_seq_open(struct inode *inode, struct file *file) return error; seq = file->private_data; @@ -33509,7 +32756,7 @@ index f47f1f8..b7f559e 100644 return error; } -@@ -6817,7 +6817,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) +@@ -6872,7 +6872,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) /* always allow read */ mask = POLLIN | POLLRDNORM; @@ -33518,7 +32765,7 @@ index f47f1f8..b7f559e 100644 mask |= POLLERR | POLLPRI; return mask; } -@@ -6861,7 +6861,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) +@@ -6916,7 +6916,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) struct gendisk *disk = rdev->bdev->bd_contains->bd_disk; curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + (int)part_stat_read(&disk->part0, sectors[1]) - @@ -33528,10 +32775,10 @@ index f47f1f8..b7f559e 100644 * as sync_io is counted when a request starts, and * disk_stats is counted when it completes. diff --git a/drivers/md/md.h b/drivers/md/md.h -index cf742d9..7c7c745 100644 +index 44c63df..b795d1a 100644 --- a/drivers/md/md.h +++ b/drivers/md/md.h -@@ -120,13 +120,13 @@ struct md_rdev { +@@ -93,13 +93,13 @@ struct md_rdev { * only maintained for arrays that * support hot removal */ @@ -33547,7 +32794,7 @@ index cf742d9..7c7c745 100644 * for reporting to userspace and storing * in superblock. */ -@@ -410,7 +410,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev) +@@ -421,7 +421,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev) static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors) { @@ -33608,10 +32855,10 @@ index 1cbfc6b..56e1dbb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index 7d9e071..015b1d5 100644 +index a0b225e..a9be913 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c -@@ -1568,7 +1568,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) +@@ -1632,7 +1632,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) if (r1_sync_page_io(rdev, sect, s, bio->bi_io_vec[idx].bv_page, READ) != 0) @@ -33620,7 +32867,7 @@ index 7d9e071..015b1d5 100644 } sectors -= s; sect += s; -@@ -1781,7 +1781,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, +@@ -1845,7 +1845,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, test_bit(In_sync, &rdev->flags)) { if (r1_sync_page_io(rdev, sect, s, conf->tmppage, READ)) { @@ -33630,10 +32877,10 @@ index 7d9e071..015b1d5 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index 685ddf3..955b087 100644 +index 58c44d6..f090bad 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c -@@ -1440,7 +1440,7 @@ static void end_sync_read(struct bio *bio, int error) +@@ -1623,7 +1623,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc */ @@ -33642,7 +32889,7 @@ index 685ddf3..955b087 100644 &conf->mirrors[d].rdev->corrected_errors); /* for reconstruct, we always reschedule after a read. -@@ -1740,7 +1740,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -1974,7 +1974,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) { struct timespec cur_time_mon; unsigned long hours_since_last; @@ -33651,7 +32898,7 @@ index 685ddf3..955b087 100644 ktime_get_ts(&cur_time_mon); -@@ -1762,9 +1762,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -1996,9 +1996,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) * overflowing the shift of read_errors by hours_since_last. */ if (hours_since_last >= 8 * sizeof(read_errors)) @@ -33663,7 +32910,7 @@ index 685ddf3..955b087 100644 } static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector, -@@ -1814,8 +1814,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2052,8 +2052,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 return; check_decay_read_errors(mddev, rdev); @@ -33674,7 +32921,7 @@ index 685ddf3..955b087 100644 char b[BDEVNAME_SIZE]; bdevname(rdev->bdev, b); -@@ -1823,7 +1823,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2061,7 +2061,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 "md/raid10:%s: %s: Raid device exceeded " "read_error threshold [cur %d:max %d]\n", mdname(mddev), b, @@ -33683,7 +32930,7 @@ index 685ddf3..955b087 100644 printk(KERN_NOTICE "md/raid10:%s: %s: Failing raid device\n", mdname(mddev), b); -@@ -1968,7 +1968,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2210,7 +2210,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 (unsigned long long)( sect + rdev->data_offset), bdevname(rdev->bdev, b)); @@ -33693,10 +32940,10 @@ index 685ddf3..955b087 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 858fdbb..b2dac95 100644 +index 360f2b9..08b5382 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c -@@ -1610,19 +1610,19 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1687,18 +1687,18 @@ static void raid5_end_read_request(struct bio * bi, int error) (unsigned long long)(sh->sector + rdev->data_offset), bdevname(rdev->bdev, b)); @@ -33705,22 +32952,21 @@ index 858fdbb..b2dac95 100644 clear_bit(R5_ReadError, &sh->dev[i].flags); clear_bit(R5_ReWrite, &sh->dev[i].flags); } -- if (atomic_read(&conf->disks[i].rdev->read_errors)) -- atomic_set(&conf->disks[i].rdev->read_errors, 0); -+ if (atomic_read_unchecked(&conf->disks[i].rdev->read_errors)) -+ atomic_set_unchecked(&conf->disks[i].rdev->read_errors, 0); +- if (atomic_read(&rdev->read_errors)) +- atomic_set(&rdev->read_errors, 0); ++ if (atomic_read_unchecked(&rdev->read_errors)) ++ atomic_set_unchecked(&rdev->read_errors, 0); } else { - const char *bdn = bdevname(conf->disks[i].rdev->bdev, b); + const char *bdn = bdevname(rdev->bdev, b); int retry = 0; - rdev = conf->disks[i].rdev; clear_bit(R5_UPTODATE, &sh->dev[i].flags); - atomic_inc(&rdev->read_errors); + atomic_inc_unchecked(&rdev->read_errors); - if (conf->mddev->degraded >= conf->max_degraded) + if (test_bit(R5_ReadRepl, &sh->dev[i].flags)) printk_ratelimited( KERN_WARNING -@@ -1642,7 +1642,7 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1727,7 +1727,7 @@ static void raid5_end_read_request(struct bio * bi, int error) (unsigned long long)(sh->sector + rdev->data_offset), bdn); @@ -33730,7 +32976,7 @@ index 858fdbb..b2dac95 100644 printk(KERN_WARNING "md/raid:%s: Too many read errors, failing device %s.\n", diff --git a/drivers/media/dvb/ddbridge/ddbridge-core.c b/drivers/media/dvb/ddbridge/ddbridge-core.c -index ba9a643..e474ab5 100644 +index ce4f858..7bcfb46 100644 --- a/drivers/media/dvb/ddbridge/ddbridge-core.c +++ b/drivers/media/dvb/ddbridge/ddbridge-core.c @@ -1678,7 +1678,7 @@ static struct ddb_info ddb_v6 = { @@ -33756,7 +33002,7 @@ index a7d876f..8c21b61 100644 struct dvb_demux *demux; void *priv; diff --git a/drivers/media/dvb/dvb-core/dvbdev.c b/drivers/media/dvb/dvb-core/dvbdev.c -index f732877..d38c35a 100644 +index 00a6732..70a682e 100644 --- a/drivers/media/dvb/dvb-core/dvbdev.c +++ b/drivers/media/dvb/dvb-core/dvbdev.c @@ -192,7 +192,7 @@ int dvb_register_device(struct dvb_adapter *adap, struct dvb_device **pdvbdev, @@ -33769,20 +33015,20 @@ index f732877..d38c35a 100644 int minor; int id; diff --git a/drivers/media/dvb/dvb-usb/cxusb.c b/drivers/media/dvb/dvb-usb/cxusb.c -index 9f2a02c..5920f88 100644 +index 3940bb0..fb3952a 100644 --- a/drivers/media/dvb/dvb-usb/cxusb.c +++ b/drivers/media/dvb/dvb-usb/cxusb.c -@@ -1069,7 +1069,7 @@ static struct dib0070_config dib7070p_dib0070_config = { +@@ -1068,7 +1068,7 @@ static struct dib0070_config dib7070p_dib0070_config = { + struct dib0700_adapter_state { - int (*set_param_save) (struct dvb_frontend *, - struct dvb_frontend_parameters *); + int (*set_param_save) (struct dvb_frontend *); -}; +} __no_const; - static int dib7070_set_param_override(struct dvb_frontend *fe, - struct dvb_frontend_parameters *fep) + static int dib7070_set_param_override(struct dvb_frontend *fe) + { diff --git a/drivers/media/dvb/dvb-usb/dw2102.c b/drivers/media/dvb/dvb-usb/dw2102.c -index f103ec1..5e8968b 100644 +index 451c5a7..649f711 100644 --- a/drivers/media/dvb/dvb-usb/dw2102.c +++ b/drivers/media/dvb/dvb-usb/dw2102.c @@ -95,7 +95,7 @@ struct su3000_state { @@ -33807,21 +33053,8 @@ index 404f63a..4796533 100644 #if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODULE) && defined(MODULE)) extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config, -diff --git a/drivers/media/dvb/frontends/ds3000.c b/drivers/media/dvb/frontends/ds3000.c -index 90bf573..e8463da 100644 ---- a/drivers/media/dvb/frontends/ds3000.c -+++ b/drivers/media/dvb/frontends/ds3000.c -@@ -1210,7 +1210,7 @@ static int ds3000_set_frontend(struct dvb_frontend *fe, - - for (i = 0; i < 30 ; i++) { - ds3000_read_status(fe, &status); -- if (status && FE_HAS_LOCK) -+ if (status & FE_HAS_LOCK) - break; - - msleep(10); diff --git a/drivers/media/dvb/ngene/ngene-cards.c b/drivers/media/dvb/ngene/ngene-cards.c -index 0564192..75b16f5 100644 +index 8418c02..8555013 100644 --- a/drivers/media/dvb/ngene/ngene-cards.c +++ b/drivers/media/dvb/ngene/ngene-cards.c @@ -477,7 +477,7 @@ static struct ngene_info ngene_info_m780 = { @@ -33846,19 +33079,6 @@ index 16a089f..ab1667d 100644 mutex_lock(&dev->lock); if (dev->rdsstat == 0) { dev->rdsstat = 1; -diff --git a/drivers/media/rc/redrat3.c b/drivers/media/rc/redrat3.c -index 61287fc..8b08712 100644 ---- a/drivers/media/rc/redrat3.c -+++ b/drivers/media/rc/redrat3.c -@@ -905,7 +905,7 @@ static int redrat3_set_tx_carrier(struct rc_dev *dev, u32 carrier) - return carrier; - } - --static int redrat3_transmit_ir(struct rc_dev *rcdev, int *txbuf, u32 n) -+static int redrat3_transmit_ir(struct rc_dev *rcdev, unsigned *txbuf, u32 n) - { - struct redrat3_dev *rr3 = rcdev->priv; - struct device *dev = rr3->dev; diff --git a/drivers/media/video/au0828/au0828.h b/drivers/media/video/au0828/au0828.h index 9cde353..8c6a1c3 100644 --- a/drivers/media/video/au0828/au0828.h @@ -33873,7 +33093,7 @@ index 9cde353..8c6a1c3 100644 u32 i2c_rc; diff --git a/drivers/media/video/cx88/cx88-alsa.c b/drivers/media/video/cx88/cx88-alsa.c -index 68d1240..46b32eb 100644 +index 04bf662..e0ac026 100644 --- a/drivers/media/video/cx88/cx88-alsa.c +++ b/drivers/media/video/cx88/cx88-alsa.c @@ -766,7 +766,7 @@ static struct snd_kcontrol_new snd_cx88_alc_switch = { @@ -33886,7 +33106,7 @@ index 68d1240..46b32eb 100644 {0x14f1,0x8811,PCI_ANY_ID,PCI_ANY_ID,0,0,0}, {0, } diff --git a/drivers/media/video/omap/omap_vout.c b/drivers/media/video/omap/omap_vout.c -index ee0d0b3..63f6b78 100644 +index 1fb7d5b..3901e77 100644 --- a/drivers/media/video/omap/omap_vout.c +++ b/drivers/media/video/omap/omap_vout.c @@ -64,7 +64,6 @@ enum omap_vout_channels { @@ -33897,7 +33117,7 @@ index ee0d0b3..63f6b78 100644 /* Variables configurable through module params*/ static u32 video1_numbuffers = 3; static u32 video2_numbuffers = 3; -@@ -999,6 +998,12 @@ static int omap_vout_open(struct file *file) +@@ -1000,6 +999,12 @@ static int omap_vout_open(struct file *file) { struct videobuf_queue *q; struct omap_vout_device *vout = NULL; @@ -33910,7 +33130,7 @@ index ee0d0b3..63f6b78 100644 vout = video_drvdata(file); v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__); -@@ -1016,10 +1021,6 @@ static int omap_vout_open(struct file *file) +@@ -1017,10 +1022,6 @@ static int omap_vout_open(struct file *file) vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT; q = &vout->vbq; @@ -33934,34 +33154,8 @@ index 305e6aa..0143317 100644 pvr2_i2c_func i2c_func[PVR2_I2C_FUNC_CNT]; int i2c_cx25840_hack_state; int i2c_linked; -diff --git a/drivers/media/video/saa7164/saa7164-encoder.c b/drivers/media/video/saa7164/saa7164-encoder.c -index 2fd38a0..ddec3c4 100644 ---- a/drivers/media/video/saa7164/saa7164-encoder.c -+++ b/drivers/media/video/saa7164/saa7164-encoder.c -@@ -1136,6 +1136,8 @@ struct saa7164_user_buffer *saa7164_enc_next_buf(struct saa7164_port *port) - } - - static ssize_t fops_read(struct file *file, char __user *buffer, -+ size_t count, loff_t *pos) __size_overflow(3); -+static ssize_t fops_read(struct file *file, char __user *buffer, - size_t count, loff_t *pos) - { - struct saa7164_encoder_fh *fh = file->private_data; -diff --git a/drivers/media/video/saa7164/saa7164-vbi.c b/drivers/media/video/saa7164/saa7164-vbi.c -index e2e0341..b80056c 100644 ---- a/drivers/media/video/saa7164/saa7164-vbi.c -+++ b/drivers/media/video/saa7164/saa7164-vbi.c -@@ -1081,6 +1081,8 @@ struct saa7164_user_buffer *saa7164_vbi_next_buf(struct saa7164_port *port) - } - - static ssize_t fops_read(struct file *file, char __user *buffer, -+ size_t count, loff_t *pos) __size_overflow(3); -+static ssize_t fops_read(struct file *file, char __user *buffer, - size_t count, loff_t *pos) - { - struct saa7164_vbi_fh *fh = file->private_data; diff --git a/drivers/media/video/timblogiw.c b/drivers/media/video/timblogiw.c -index a0895bf..b7ebb1b 100644 +index 4ed1c7c2..8f15e13 100644 --- a/drivers/media/video/timblogiw.c +++ b/drivers/media/video/timblogiw.c @@ -745,7 +745,7 @@ static int timblogiw_mmap(struct file *file, struct vm_area_struct *vma) @@ -33983,10 +33177,10 @@ index a0895bf..b7ebb1b 100644 .open = timblogiw_open, .release = timblogiw_close, diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c -index e9c6a60..daf6a33 100644 +index a7dc467..a55c423 100644 --- a/drivers/message/fusion/mptbase.c +++ b/drivers/message/fusion/mptbase.c -@@ -6753,8 +6753,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v) +@@ -6754,8 +6754,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v) seq_printf(m, " MaxChainDepth = 0x%02x frames\n", ioc->facts.MaxChainDepth); seq_printf(m, " MinBlockSize = 0x%02x bytes\n", 4*ioc->facts.BlockSize); @@ -34001,7 +33195,7 @@ index e9c6a60..daf6a33 100644 * Rounding UP to nearest 4-kB boundary here... */ diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c -index 9d95042..b808101 100644 +index 551262e..7551198 100644 --- a/drivers/message/fusion/mptsas.c +++ b/drivers/message/fusion/mptsas.c @@ -446,6 +446,23 @@ mptsas_is_end_device(struct mptsas_devinfo * attached) @@ -34082,7 +33276,7 @@ index 0c3ced7..1fe34ec 100644 return h->info_kbuf; } diff --git a/drivers/message/i2o/i2o_proc.c b/drivers/message/i2o/i2o_proc.c -index 07dbeaf..5533142 100644 +index 6d115c7..58ff7fd 100644 --- a/drivers/message/i2o/i2o_proc.c +++ b/drivers/message/i2o/i2o_proc.c @@ -255,13 +255,6 @@ static char *scsi_devices[] = { @@ -34212,7 +33406,7 @@ index 7ce65f4..e66e9bc 100644 }; diff --git a/drivers/mfd/janz-cmodio.c b/drivers/mfd/janz-cmodio.c -index 5c2a06a..8fa077c 100644 +index a9223ed..4127b13 100644 --- a/drivers/mfd/janz-cmodio.c +++ b/drivers/mfd/janz-cmodio.c @@ -13,6 +13,7 @@ @@ -34224,10 +33418,10 @@ index 5c2a06a..8fa077c 100644 #include <linux/pci.h> #include <linux/interrupt.h> diff --git a/drivers/misc/lis3lv02d/lis3lv02d.c b/drivers/misc/lis3lv02d/lis3lv02d.c -index 29d12a7..f900ba4 100644 +index a981e2a..5ca0c8b 100644 --- a/drivers/misc/lis3lv02d/lis3lv02d.c +++ b/drivers/misc/lis3lv02d/lis3lv02d.c -@@ -464,7 +464,7 @@ static irqreturn_t lis302dl_interrupt(int irq, void *data) +@@ -466,7 +466,7 @@ static irqreturn_t lis302dl_interrupt(int irq, void *data) * the lid is closed. This leads to interrupts as soon as a little move * is done. */ @@ -34236,7 +33430,7 @@ index 29d12a7..f900ba4 100644 wake_up_interruptible(&lis3->misc_wait); kill_fasync(&lis3->async_queue, SIGIO, POLL_IN); -@@ -550,7 +550,7 @@ static int lis3lv02d_misc_open(struct inode *inode, struct file *file) +@@ -552,7 +552,7 @@ static int lis3lv02d_misc_open(struct inode *inode, struct file *file) if (lis3->pm_dev) pm_runtime_get_sync(lis3->pm_dev); @@ -34245,7 +33439,7 @@ index 29d12a7..f900ba4 100644 return 0; } -@@ -583,7 +583,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file, char __user *buf, +@@ -585,7 +585,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file, char __user *buf, add_wait_queue(&lis3->misc_wait, &wait); while (true) { set_current_state(TASK_INTERRUPTIBLE); @@ -34254,7 +33448,7 @@ index 29d12a7..f900ba4 100644 if (data) break; -@@ -624,7 +624,7 @@ static unsigned int lis3lv02d_misc_poll(struct file *file, poll_table *wait) +@@ -626,7 +626,7 @@ static unsigned int lis3lv02d_misc_poll(struct file *file, poll_table *wait) struct lis3lv02d, miscdev); poll_wait(file, &lis3->misc_wait, wait); @@ -34292,7 +33486,7 @@ index 2f30bad..c4c13d0 100644 mcs_op_statistics[op].max = nsec; } diff --git a/drivers/misc/sgi-gru/gruprocfs.c b/drivers/misc/sgi-gru/gruprocfs.c -index 7768b87..f8aac38 100644 +index 950dbe9..eeef0f8 100644 --- a/drivers/misc/sgi-gru/gruprocfs.c +++ b/drivers/misc/sgi-gru/gruprocfs.c @@ -32,9 +32,9 @@ @@ -34547,10 +33741,10 @@ index 8d082b4..aa749ae 100644 /* * Timer function to enforce the timelimit on the partition disengage. diff --git a/drivers/mmc/host/sdhci-pci.c b/drivers/mmc/host/sdhci-pci.c -index 6878a94..fe5c5f1 100644 +index 6ebdc40..9edf5d8 100644 --- a/drivers/mmc/host/sdhci-pci.c +++ b/drivers/mmc/host/sdhci-pci.c -@@ -673,7 +673,7 @@ static const struct sdhci_pci_fixes sdhci_via = { +@@ -631,7 +631,7 @@ static const struct sdhci_pci_fixes sdhci_via = { .probe = via_probe, }; @@ -34560,10 +33754,10 @@ index 6878a94..fe5c5f1 100644 .vendor = PCI_VENDOR_ID_RICOH, .device = PCI_DEVICE_ID_RICOH_R5C822, diff --git a/drivers/mtd/devices/doc2000.c b/drivers/mtd/devices/doc2000.c -index e9fad91..0a7a16a 100644 +index b1cdf64..ce6e438 100644 --- a/drivers/mtd/devices/doc2000.c +++ b/drivers/mtd/devices/doc2000.c -@@ -773,7 +773,7 @@ static int doc_write(struct mtd_info *mtd, loff_t to, size_t len, +@@ -764,7 +764,7 @@ static int doc_write(struct mtd_info *mtd, loff_t to, size_t len, /* The ECC will not be calculated correctly if less than 512 is written */ /* DBB- @@ -34573,10 +33767,10 @@ index e9fad91..0a7a16a 100644 "ECC needs a full sector write (adr: %lx size %lx)\n", (long) to, (long) len); diff --git a/drivers/mtd/devices/doc2001.c b/drivers/mtd/devices/doc2001.c -index a3f7a27..234016e 100644 +index 7543b98..7069947 100644 --- a/drivers/mtd/devices/doc2001.c +++ b/drivers/mtd/devices/doc2001.c -@@ -392,7 +392,7 @@ static int doc_read (struct mtd_info *mtd, loff_t from, size_t len, +@@ -384,7 +384,7 @@ static int doc_read (struct mtd_info *mtd, loff_t from, size_t len, struct Nand *mychip = &this->chips[from >> (this->chipshift)]; /* Don't allow read past end of device */ @@ -34598,7 +33792,7 @@ index 3984d48..28aa897 100644 #include "denali.h" diff --git a/drivers/mtd/nftlmount.c b/drivers/mtd/nftlmount.c -index ac40925..483b753 100644 +index 51b9d6a..52af9a7 100644 --- a/drivers/mtd/nftlmount.c +++ b/drivers/mtd/nftlmount.c @@ -24,6 +24,7 @@ @@ -34610,7 +33804,7 @@ index ac40925..483b753 100644 #include <linux/mtd/nand.h> #include <linux/mtd/nftl.h> diff --git a/drivers/mtd/ubi/build.c b/drivers/mtd/ubi/build.c -index 6c3fb5a..5b2eeb0 100644 +index 115749f..3021f01 100644 --- a/drivers/mtd/ubi/build.c +++ b/drivers/mtd/ubi/build.c @@ -1311,7 +1311,7 @@ module_exit(ubi_exit); @@ -34642,7 +33836,7 @@ index 6c3fb5a..5b2eeb0 100644 } - return result; -+ if (result*scale >= INT_MAX) { ++ if ((intoverflow_t)result*scale >= INT_MAX) { + printk(KERN_ERR "UBI error: incorrect bytes count: \"%s\"\n", + str); + return -EINVAL; @@ -34652,24 +33846,11 @@ index 6c3fb5a..5b2eeb0 100644 } /** -diff --git a/drivers/mtd/ubi/debug.c b/drivers/mtd/ubi/debug.c -index ab80c0d..aec8580 100644 ---- a/drivers/mtd/ubi/debug.c -+++ b/drivers/mtd/ubi/debug.c -@@ -338,6 +338,8 @@ out: - - /* Write an UBI debugfs file */ - static ssize_t dfs_file_write(struct file *file, const char __user *user_buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t dfs_file_write(struct file *file, const char __user *user_buf, - size_t count, loff_t *ppos) - { - unsigned long ubi_num = (unsigned long)file->private_data; diff --git a/drivers/net/ethernet/atheros/atlx/atl2.c b/drivers/net/ethernet/atheros/atlx/atl2.c -index 1feae59..c2a61d2 100644 +index 071f4c8..440862e 100644 --- a/drivers/net/ethernet/atheros/atlx/atl2.c +++ b/drivers/net/ethernet/atheros/atlx/atl2.c -@@ -2857,7 +2857,7 @@ static void atl2_force_ps(struct atl2_hw *hw) +@@ -2862,7 +2862,7 @@ static void atl2_force_ps(struct atl2_hw *hw) */ #define ATL2_PARAM(X, desc) \ @@ -34679,10 +33860,10 @@ index 1feae59..c2a61d2 100644 MODULE_PARM_DESC(X, desc); #else diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -index 9a517c2..a50cfcb 100644 +index 66da39f..5dc436d 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -@@ -449,7 +449,7 @@ struct bnx2x_rx_mode_obj { +@@ -473,7 +473,7 @@ struct bnx2x_rx_mode_obj { int (*wait_comp)(struct bnx2x *bp, struct bnx2x_rx_mode_ramrod_params *p); @@ -34692,10 +33873,10 @@ index 9a517c2..a50cfcb 100644 /********************** Set multicast group ***********************************/ diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h -index 94b4bd0..73c02de 100644 +index aea8f72..fcebf75 100644 --- a/drivers/net/ethernet/broadcom/tg3.h +++ b/drivers/net/ethernet/broadcom/tg3.h -@@ -134,6 +134,7 @@ +@@ -140,6 +140,7 @@ #define CHIPREV_ID_5750_A0 0x4000 #define CHIPREV_ID_5750_A1 0x4001 #define CHIPREV_ID_5750_A3 0x4003 @@ -34704,7 +33885,7 @@ index 94b4bd0..73c02de 100644 #define CHIPREV_ID_5752_A0_HW 0x5000 #define CHIPREV_ID_5752_A0 0x6000 diff --git a/drivers/net/ethernet/chelsio/cxgb3/l2t.h b/drivers/net/ethernet/chelsio/cxgb3/l2t.h -index c5f5479..2e8c260 100644 +index c4e8643..0979484 100644 --- a/drivers/net/ethernet/chelsio/cxgb3/l2t.h +++ b/drivers/net/ethernet/chelsio/cxgb3/l2t.h @@ -87,7 +87,7 @@ typedef void (*arp_failure_handler_func)(struct t3cdev * dev, @@ -34716,52 +33897,11 @@ index c5f5479..2e8c260 100644 #define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb) -diff --git a/drivers/net/ethernet/chelsio/cxgb3/sge.c b/drivers/net/ethernet/chelsio/cxgb3/sge.c -index cfb60e1..9c76da7 100644 ---- a/drivers/net/ethernet/chelsio/cxgb3/sge.c -+++ b/drivers/net/ethernet/chelsio/cxgb3/sge.c -@@ -611,6 +611,8 @@ static void recycle_rx_buf(struct adapter *adap, struct sge_fl *q, - * of the SW ring. - */ - static void *alloc_ring(struct pci_dev *pdev, size_t nelem, size_t elem_size, -+ size_t sw_size, dma_addr_t * phys, void *metadata) __size_overflow(2,4); -+static void *alloc_ring(struct pci_dev *pdev, size_t nelem, size_t elem_size, - size_t sw_size, dma_addr_t * phys, void *metadata) - { - size_t len = nelem * elem_size; -diff --git a/drivers/net/ethernet/chelsio/cxgb4/sge.c b/drivers/net/ethernet/chelsio/cxgb4/sge.c -index 140254c..5b8a0a6 100644 ---- a/drivers/net/ethernet/chelsio/cxgb4/sge.c -+++ b/drivers/net/ethernet/chelsio/cxgb4/sge.c -@@ -593,6 +593,9 @@ static inline void __refill_fl(struct adapter *adap, struct sge_fl *fl) - */ - static void *alloc_ring(struct device *dev, size_t nelem, size_t elem_size, - size_t sw_size, dma_addr_t *phys, void *metadata, -+ size_t stat_size, int node) __size_overflow(2,4); -+static void *alloc_ring(struct device *dev, size_t nelem, size_t elem_size, -+ size_t sw_size, dma_addr_t *phys, void *metadata, - size_t stat_size, int node) - { - size_t len = nelem * elem_size + stat_size; -diff --git a/drivers/net/ethernet/chelsio/cxgb4vf/sge.c b/drivers/net/ethernet/chelsio/cxgb4vf/sge.c -index 8d5d55a..a3c3474 100644 ---- a/drivers/net/ethernet/chelsio/cxgb4vf/sge.c -+++ b/drivers/net/ethernet/chelsio/cxgb4vf/sge.c -@@ -730,6 +730,9 @@ static inline void __refill_fl(struct adapter *adapter, struct sge_fl *fl) - */ - static void *alloc_ring(struct device *dev, size_t nelem, size_t hwsize, - size_t swsize, dma_addr_t *busaddrp, void *swringp, -+ size_t stat_size) __size_overflow(2,4); -+static void *alloc_ring(struct device *dev, size_t nelem, size_t hwsize, -+ size_t swsize, dma_addr_t *busaddrp, void *swringp, - size_t stat_size) - { - /* diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethernet/dec/tulip/de4x5.c -index 871bcaa..4043505 100644 +index 4d71f5a..8004440 100644 --- a/drivers/net/ethernet/dec/tulip/de4x5.c +++ b/drivers/net/ethernet/dec/tulip/de4x5.c -@@ -5397,7 +5397,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) +@@ -5392,7 +5392,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) for (i=0; i<ETH_ALEN; i++) { tmp.addr[i] = dev->dev_addr[i]; } @@ -34770,7 +33910,7 @@ index 871bcaa..4043505 100644 break; case DE4X5_SET_HWADDR: /* Set the hardware address */ -@@ -5437,7 +5437,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) +@@ -5432,7 +5432,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) spin_lock_irqsave(&lp->lock, flags); memcpy(&statbuf, &lp->pktStats, ioc->len); spin_unlock_irqrestore(&lp->lock, flags); @@ -34793,7 +33933,7 @@ index 14d5b61..1398636 100644 "21140 MII PHY", "21142 Serial PHY", diff --git a/drivers/net/ethernet/dec/tulip/winbond-840.c b/drivers/net/ethernet/dec/tulip/winbond-840.c -index 4d01219..b58d26d 100644 +index 52da7b2..4ddfe1c 100644 --- a/drivers/net/ethernet/dec/tulip/winbond-840.c +++ b/drivers/net/ethernet/dec/tulip/winbond-840.c @@ -236,7 +236,7 @@ struct pci_id_info { @@ -34806,7 +33946,7 @@ index 4d01219..b58d26d 100644 "Winbond W89c840", CanHaveMII | HasBrokenTx | FDXOnNoMII}, { "Winbond W89c840", CanHaveMII | HasBrokenTx}, diff --git a/drivers/net/ethernet/dlink/sundance.c b/drivers/net/ethernet/dlink/sundance.c -index dcd7f7a..ecb7fb3 100644 +index 28a3a9b..d96cb63 100644 --- a/drivers/net/ethernet/dlink/sundance.c +++ b/drivers/net/ethernet/dlink/sundance.c @@ -218,7 +218,7 @@ enum { @@ -34819,10 +33959,10 @@ index dcd7f7a..ecb7fb3 100644 {"D-Link DFE-550FX 100Mbps Fiber-optics Adapter"}, {"D-Link DFE-580TX 4 port Server Adapter"}, diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c -index bf266a0..e024af7 100644 +index e703d64..d62ecf9 100644 --- a/drivers/net/ethernet/emulex/benet/be_main.c +++ b/drivers/net/ethernet/emulex/benet/be_main.c -@@ -397,7 +397,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) +@@ -402,7 +402,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) if (wrapped) newacc += 65536; @@ -34832,10 +33972,10 @@ index bf266a0..e024af7 100644 void be_parse_stats(struct be_adapter *adapter) diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethernet/faraday/ftgmac100.c -index fb5579a..debdffa 100644 +index 47f85c3..82ab6c4 100644 --- a/drivers/net/ethernet/faraday/ftgmac100.c +++ b/drivers/net/ethernet/faraday/ftgmac100.c -@@ -30,6 +30,8 @@ +@@ -31,6 +31,8 @@ #include <linux/netdevice.h> #include <linux/phy.h> #include <linux/platform_device.h> @@ -34845,10 +33985,10 @@ index fb5579a..debdffa 100644 #include "ftgmac100.h" diff --git a/drivers/net/ethernet/faraday/ftmac100.c b/drivers/net/ethernet/faraday/ftmac100.c -index a127cb2..0d043cd 100644 +index bb336a0..4b472da 100644 --- a/drivers/net/ethernet/faraday/ftmac100.c +++ b/drivers/net/ethernet/faraday/ftmac100.c -@@ -30,6 +30,8 @@ +@@ -31,6 +31,8 @@ #include <linux/module.h> #include <linux/netdevice.h> #include <linux/platform_device.h> @@ -34858,7 +33998,7 @@ index a127cb2..0d043cd 100644 #include "ftmac100.h" diff --git a/drivers/net/ethernet/fealnx.c b/drivers/net/ethernet/fealnx.c -index 61d2bdd..7f1154a 100644 +index c82d444..0007fb4 100644 --- a/drivers/net/ethernet/fealnx.c +++ b/drivers/net/ethernet/fealnx.c @@ -150,7 +150,7 @@ struct chip_info { @@ -34947,7 +34087,7 @@ index 2967039..ca8c40c 100644 enum e1000_nvm_type type; enum e1000_nvm_override override; diff --git a/drivers/net/ethernet/intel/igb/e1000_hw.h b/drivers/net/ethernet/intel/igb/e1000_hw.h -index 4519a13..f97fcd0 100644 +index f67cbd3..cef9e3d 100644 --- a/drivers/net/ethernet/intel/igb/e1000_hw.h +++ b/drivers/net/ethernet/intel/igb/e1000_hw.h @@ -314,6 +314,7 @@ struct e1000_mac_operations { @@ -35019,7 +34159,7 @@ index 4519a13..f97fcd0 100644 u32 timeout; u32 usec_delay; diff --git a/drivers/net/ethernet/intel/igbvf/vf.h b/drivers/net/ethernet/intel/igbvf/vf.h -index d7ed58f..64cde36 100644 +index 57db3c6..aa825fc 100644 --- a/drivers/net/ethernet/intel/igbvf/vf.h +++ b/drivers/net/ethernet/intel/igbvf/vf.h @@ -189,9 +189,10 @@ struct e1000_mac_operations { @@ -35052,7 +34192,7 @@ index d7ed58f..64cde36 100644 u32 timeout; u32 usec_delay; diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h -index 6c5cca8..de8ef63 100644 +index 9b95bef..7e254ee 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h @@ -2708,6 +2708,7 @@ struct ixgbe_eeprom_operations { @@ -35090,8 +34230,8 @@ index 6c5cca8..de8ef63 100644 - struct ixgbe_mac_operations ops; + ixgbe_mac_operations_no_const ops; enum ixgbe_mac_type type; - u8 addr[IXGBE_ETH_LENGTH_OF_ADDRESS]; - u8 perm_addr[IXGBE_ETH_LENGTH_OF_ADDRESS]; + u8 addr[ETH_ALEN]; + u8 perm_addr[ETH_ALEN]; @@ -2828,7 +2831,7 @@ struct ixgbe_mac_info { }; @@ -35119,7 +34259,7 @@ index 6c5cca8..de8ef63 100644 u32 timeout; u32 usec_delay; diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.h b/drivers/net/ethernet/intel/ixgbevf/vf.h -index 10306b4..28df758 100644 +index 25c951d..cc7cf33 100644 --- a/drivers/net/ethernet/intel/ixgbevf/vf.h +++ b/drivers/net/ethernet/intel/ixgbevf/vf.h @@ -70,6 +70,7 @@ struct ixgbe_mac_operations { @@ -35157,13 +34297,13 @@ index 10306b4..28df758 100644 u32 timeout; u32 udelay; diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c -index 94bbc85..78c12e6 100644 +index d498f04..1b49bed 100644 --- a/drivers/net/ethernet/mellanox/mlx4/main.c +++ b/drivers/net/ethernet/mellanox/mlx4/main.c -@@ -40,6 +40,7 @@ - #include <linux/dma-mapping.h> +@@ -41,6 +41,7 @@ #include <linux/slab.h> #include <linux/io-mapping.h> + #include <linux/delay.h> +#include <linux/sched.h> #include <linux/mlx4/device.h> @@ -35195,10 +34335,10 @@ index 4a518a3..936b334 100644 #define VXGE_HW_VIRTUAL_PATH_HANDLE(vpath) \ ((struct __vxge_hw_vpath_handle *)(vpath)->vpath_handles.next) diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index 0cf2351..56c4cef 100644 +index bbacb37..d60887d 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c -@@ -698,17 +698,17 @@ struct rtl8169_private { +@@ -695,17 +695,17 @@ struct rtl8169_private { struct mdio_ops { void (*write)(void __iomem *, int, int); int (*read)(void __iomem *, int); @@ -35220,10 +34360,10 @@ index 0cf2351..56c4cef 100644 int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv); int (*get_settings)(struct net_device *, struct ethtool_cmd *); diff --git a/drivers/net/ethernet/sis/sis190.c b/drivers/net/ethernet/sis/sis190.c -index 1b4658c..a30dabb 100644 +index 5b118cd..858b523 100644 --- a/drivers/net/ethernet/sis/sis190.c +++ b/drivers/net/ethernet/sis/sis190.c -@@ -1624,7 +1624,7 @@ static int __devinit sis190_get_mac_addr_from_eeprom(struct pci_dev *pdev, +@@ -1622,7 +1622,7 @@ static int __devinit sis190_get_mac_addr_from_eeprom(struct pci_dev *pdev, static int __devinit sis190_get_mac_addr_from_apc(struct pci_dev *pdev, struct net_device *dev) { @@ -35233,10 +34373,10 @@ index 1b4658c..a30dabb 100644 struct pci_dev *isa_bridge; u8 reg, tmp8; diff --git a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c -index 41e6b33..8e89b0f 100644 +index c07cfe9..81cbf7e 100644 --- a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c +++ b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c -@@ -139,8 +139,8 @@ void dwmac_mmc_ctrl(void __iomem *ioaddr, unsigned int mode) +@@ -140,8 +140,8 @@ void dwmac_mmc_ctrl(void __iomem *ioaddr, unsigned int mode) writel(value, ioaddr + MMC_CNTRL); @@ -35247,6 +34387,41 @@ index 41e6b33..8e89b0f 100644 } /* To mask all all interrupts.*/ +diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h +index dec5836..6d4db7d 100644 +--- a/drivers/net/hyperv/hyperv_net.h ++++ b/drivers/net/hyperv/hyperv_net.h +@@ -97,7 +97,7 @@ struct rndis_device { + + enum rndis_device_state state; + bool link_state; +- atomic_t new_req_id; ++ atomic_unchecked_t new_req_id; + + spinlock_t request_lock; + struct list_head req_list; +diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c +index 133b7fb..d58c559 100644 +--- a/drivers/net/hyperv/rndis_filter.c ++++ b/drivers/net/hyperv/rndis_filter.c +@@ -96,7 +96,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev, + * template + */ + set = &rndis_msg->msg.set_req; +- set->req_id = atomic_inc_return(&dev->new_req_id); ++ set->req_id = atomic_inc_return_unchecked(&dev->new_req_id); + + /* Add to the request list */ + spin_lock_irqsave(&dev->request_lock, flags); +@@ -627,7 +627,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev) + + /* Setup the rndis set */ + halt = &request->request_msg.msg.halt_req; +- halt->req_id = atomic_inc_return(&dev->new_req_id); ++ halt->req_id = atomic_inc_return_unchecked(&dev->new_req_id); + + /* Ignore return since this msg is optional. */ + rndis_filter_send_request(dev, request); diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c index 486b404..0d6677d 100644 --- a/drivers/net/ppp/ppp_generic.c @@ -35346,62 +34521,8 @@ index 46db5c5..37c1536 100644 err = platform_driver_register(&sk_isa_driver); if (err) -diff --git a/drivers/net/tun.c b/drivers/net/tun.c -index 7bea9c6..7ef073c 100644 ---- a/drivers/net/tun.c -+++ b/drivers/net/tun.c -@@ -359,7 +359,7 @@ static void tun_free_netdev(struct net_device *dev) - { - struct tun_struct *tun = netdev_priv(dev); - -- sock_put(tun->socket.sk); -+ sk_release_kernel(tun->socket.sk); - } - - /* Net device open. */ -@@ -979,10 +979,18 @@ static int tun_recvmsg(struct kiocb *iocb, struct socket *sock, - return ret; - } - -+static int tun_release(struct socket *sock) -+{ -+ if (sock->sk) -+ sock_put(sock->sk); -+ return 0; -+} -+ - /* Ops structure to mimic raw sockets with tun */ - static const struct proto_ops tun_socket_ops = { - .sendmsg = tun_sendmsg, - .recvmsg = tun_recvmsg, -+ .release = tun_release, - }; - - static struct proto tun_proto = { -@@ -1109,10 +1117,11 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) - tun->vnet_hdr_sz = sizeof(struct virtio_net_hdr); - - err = -ENOMEM; -- sk = sk_alloc(net, AF_UNSPEC, GFP_KERNEL, &tun_proto); -+ sk = sk_alloc(&init_net, AF_UNSPEC, GFP_KERNEL, &tun_proto); - if (!sk) - goto err_free_dev; - -+ sk_change_net(sk, net); - tun->socket.wq = &tun->wq; - init_waitqueue_head(&tun->wq.wait); - tun->socket.ops = &tun_socket_ops; -@@ -1173,7 +1182,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) - return 0; - - err_free_sk: -- sock_put(sk); -+ tun_free_netdev(dev); - err_free_dev: - free_netdev(dev); - failed: diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c -index 304fe78..db112fa 100644 +index e1324b4..e1b0041 100644 --- a/drivers/net/usb/hso.c +++ b/drivers/net/usb/hso.c @@ -71,7 +71,7 @@ @@ -35500,22 +34621,8 @@ index 304fe78..db112fa 100644 result = hso_start_serial_device(serial_table[i], GFP_NOIO); hso_kick_transmit(dev2ser(serial_table[i])); -diff --git a/drivers/net/vmxnet3/vmxnet3_ethtool.c b/drivers/net/vmxnet3/vmxnet3_ethtool.c -index e662cbc..8d4a102 100644 ---- a/drivers/net/vmxnet3/vmxnet3_ethtool.c -+++ b/drivers/net/vmxnet3/vmxnet3_ethtool.c -@@ -601,8 +601,7 @@ vmxnet3_set_rss_indir(struct net_device *netdev, - * Return with error code if any of the queue indices - * is out of range - */ -- if (p->ring_index[i] < 0 || -- p->ring_index[i] >= adapter->num_rx_queues) -+ if (p->ring_index[i] >= adapter->num_rx_queues) - return -EINVAL; - } - diff --git a/drivers/net/wireless/ath/ath.h b/drivers/net/wireless/ath/ath.h -index 0f9ee46..e2d6e65 100644 +index efc0111..79c8f5b 100644 --- a/drivers/net/wireless/ath/ath.h +++ b/drivers/net/wireless/ath/ath.h @@ -119,6 +119,7 @@ struct ath_ops { @@ -35526,22 +34633,8 @@ index 0f9ee46..e2d6e65 100644 struct ath_common; struct ath_bus_ops; -diff --git a/drivers/net/wireless/ath/ath5k/debug.c b/drivers/net/wireless/ath/ath5k/debug.c -index 8c5ce8b..abf101b 100644 ---- a/drivers/net/wireless/ath/ath5k/debug.c -+++ b/drivers/net/wireless/ath/ath5k/debug.c -@@ -343,6 +343,9 @@ static ssize_t read_file_debug(struct file *file, char __user *user_buf, - - static ssize_t write_file_debug(struct file *file, - const char __user *userbuf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t write_file_debug(struct file *file, -+ const char __user *userbuf, - size_t count, loff_t *ppos) - { - struct ath5k_hw *ah = file->private_data; diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/wireless/ath/ath9k/ar9002_mac.c -index b592016..fe47870 100644 +index 7b6417b..ab5db98 100644 --- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c +++ b/drivers/net/wireless/ath/ath9k/ar9002_mac.c @@ -183,8 +183,8 @@ ar9002_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) @@ -35624,7 +34717,7 @@ index b592016..fe47870 100644 | set11nRateFlags(i->rates, 2) | set11nRateFlags(i->rates, 3) diff --git a/drivers/net/wireless/ath/ath9k/ar9003_mac.c b/drivers/net/wireless/ath/ath9k/ar9003_mac.c -index f5ae3c6..7936af3 100644 +index 09b8c9d..905339e 100644 --- a/drivers/net/wireless/ath/ath9k/ar9003_mac.c +++ b/drivers/net/wireless/ath/ath9k/ar9003_mac.c @@ -35,47 +35,47 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) @@ -35745,37 +34838,11 @@ index f5ae3c6..7936af3 100644 } static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) -diff --git a/drivers/net/wireless/ath/ath9k/debug.c b/drivers/net/wireless/ath/ath9k/debug.c -index 2741203..837a960 100644 ---- a/drivers/net/wireless/ath/ath9k/debug.c -+++ b/drivers/net/wireless/ath/ath9k/debug.c -@@ -60,6 +60,8 @@ static ssize_t read_file_debug(struct file *file, char __user *user_buf, - } - - static ssize_t write_file_debug(struct file *file, const char __user *user_buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t write_file_debug(struct file *file, const char __user *user_buf, - size_t count, loff_t *ppos) - { - struct ath_softc *sc = file->private_data; -diff --git a/drivers/net/wireless/ath/ath9k/htc_drv_debug.c b/drivers/net/wireless/ath/ath9k/htc_drv_debug.c -index d3ff33c..c98bcda 100644 ---- a/drivers/net/wireless/ath/ath9k/htc_drv_debug.c -+++ b/drivers/net/wireless/ath/ath9k/htc_drv_debug.c -@@ -464,6 +464,8 @@ static ssize_t read_file_debug(struct file *file, char __user *user_buf, - } - - static ssize_t write_file_debug(struct file *file, const char __user *user_buf, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t write_file_debug(struct file *file, const char __user *user_buf, - size_t count, loff_t *ppos) - { - struct ath9k_htc_priv *priv = file->private_data; diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h -index 1bd8edf..10c6d30 100644 +index c8261d4..8d88929 100644 --- a/drivers/net/wireless/ath/ath9k/hw.h +++ b/drivers/net/wireless/ath/ath9k/hw.h -@@ -605,7 +605,7 @@ struct ath_hw_private_ops { +@@ -773,7 +773,7 @@ struct ath_hw_private_ops { /* ANI */ void (*ani_cache_ini_regs)(struct ath_hw *ah); @@ -35784,7 +34851,7 @@ index 1bd8edf..10c6d30 100644 /** * struct ath_hw_ops - callbacks used by hardware code and driver code -@@ -635,7 +635,7 @@ struct ath_hw_ops { +@@ -803,7 +803,7 @@ struct ath_hw_ops { void (*antdiv_comb_conf_set)(struct ath_hw *ah, struct ath_hw_antcomb_conf *antconf); @@ -35793,7 +34860,7 @@ index 1bd8edf..10c6d30 100644 struct ath_nf_limits { s16 max; -@@ -655,7 +655,7 @@ enum ath_cal_list { +@@ -823,7 +823,7 @@ enum ath_cal_list { #define AH_FASTCC 0x4 struct ath_hw { @@ -35803,10 +34870,10 @@ index 1bd8edf..10c6d30 100644 struct ieee80211_hw *hw; struct ath_common common; diff --git a/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h b/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h -index bea8524..c677c06 100644 +index af00e2c..ab04d34 100644 --- a/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h +++ b/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h -@@ -547,7 +547,7 @@ struct phy_func_ptr { +@@ -545,7 +545,7 @@ struct phy_func_ptr { void (*carrsuppr)(struct brcms_phy *); s32 (*rxsigpwr)(struct brcms_phy *, s32); void (*detach)(struct brcms_phy *); @@ -35815,26 +34882,26 @@ index bea8524..c677c06 100644 struct brcms_phy { struct brcms_phy_pub pubpi_ro; -diff --git a/drivers/net/wireless/iwlegacy/iwl3945-base.c b/drivers/net/wireless/iwlegacy/iwl3945-base.c -index 05f2ad1..ae00eea 100644 ---- a/drivers/net/wireless/iwlegacy/iwl3945-base.c -+++ b/drivers/net/wireless/iwlegacy/iwl3945-base.c -@@ -3685,7 +3685,9 @@ static int iwl3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *e +diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c +index a7dfba8..e28eacd 100644 +--- a/drivers/net/wireless/iwlegacy/3945-mac.c ++++ b/drivers/net/wireless/iwlegacy/3945-mac.c +@@ -3647,7 +3647,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) */ - if (iwl3945_mod_params.disable_hw_scan) { - IWL_DEBUG_INFO(priv, "Disabling hw_scan\n"); -- iwl3945_hw_ops.hw_scan = NULL; + if (il3945_mod_params.disable_hw_scan) { + D_INFO("Disabling hw_scan\n"); +- il3945_hw_ops.hw_scan = NULL; + pax_open_kernel(); -+ *(void **)&iwl3945_hw_ops.hw_scan = NULL; ++ *(void **)&il3945_hw_ops.hw_scan = NULL; + pax_close_kernel(); } - IWL_DEBUG_INFO(priv, "*** LOAD DRIVER ***\n"); + D_INFO("*** LOAD DRIVER ***\n"); diff --git a/drivers/net/wireless/iwlwifi/iwl-debug.h b/drivers/net/wireless/iwlwifi/iwl-debug.h -index 69a77e2..552b42c 100644 +index f8fc239..8cade22 100644 --- a/drivers/net/wireless/iwlwifi/iwl-debug.h +++ b/drivers/net/wireless/iwlwifi/iwl-debug.h -@@ -71,8 +71,8 @@ do { \ +@@ -86,8 +86,8 @@ do { \ } while (0) #else @@ -35843,13 +34910,13 @@ index 69a77e2..552b42c 100644 +#define IWL_DEBUG(m, level, fmt, args...) do {} while (0) +#define IWL_DEBUG_LIMIT(m, level, fmt, args...) do {} while (0) #define iwl_print_hex_dump(m, level, p, len) - #endif /* CONFIG_IWLWIFI_DEBUG */ - + #define IWL_DEBUG_QUIET_RFKILL(p, fmt, args...) \ + do { \ diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c -index 523ad55..f8c5dc5 100644 +index 4b9e730..7603659 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c -@@ -1678,9 +1678,11 @@ static int __init init_mac80211_hwsim(void) +@@ -1677,9 +1677,11 @@ static int __init init_mac80211_hwsim(void) return -EINVAL; if (fake_hw_scan) { @@ -35865,10 +34932,10 @@ index 523ad55..f8c5dc5 100644 spin_lock_init(&hwsim_radio_lock); diff --git a/drivers/net/wireless/mwifiex/main.h b/drivers/net/wireless/mwifiex/main.h -index 30f138b..c904585 100644 +index 3186aa4..b35b09f 100644 --- a/drivers/net/wireless/mwifiex/main.h +++ b/drivers/net/wireless/mwifiex/main.h -@@ -543,7 +543,7 @@ struct mwifiex_if_ops { +@@ -536,7 +536,7 @@ struct mwifiex_if_ops { void (*cleanup_mpa_buf) (struct mwifiex_adapter *); int (*cmdrsp_complete) (struct mwifiex_adapter *, struct sk_buff *); int (*event_complete) (struct mwifiex_adapter *, struct sk_buff *); @@ -35878,10 +34945,10 @@ index 30f138b..c904585 100644 struct mwifiex_adapter { u8 iface_type; diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c -index 0c13840..a5c3ed6 100644 +index a330c69..a81540f 100644 --- a/drivers/net/wireless/rndis_wlan.c +++ b/drivers/net/wireless/rndis_wlan.c -@@ -1275,7 +1275,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold) +@@ -1278,7 +1278,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold) netdev_dbg(usbdev->net, "%s(): %i\n", __func__, rts_threshold); @@ -35956,7 +35023,7 @@ index c0cc4e7..44d4e54 100644 } diff --git a/drivers/oprofile/oprof.c b/drivers/oprofile/oprof.c -index f8c752e..28bf4fc 100644 +index ed2c3ec..deda85a 100644 --- a/drivers/oprofile/oprof.c +++ b/drivers/oprofile/oprof.c @@ -110,7 +110,7 @@ static void switch_worker(struct work_struct *work) @@ -35968,42 +35035,6 @@ index f8c752e..28bf4fc 100644 start_switch_worker(); } -diff --git a/drivers/oprofile/oprofile_files.c b/drivers/oprofile/oprofile_files.c -index 84a208d..f07d177 100644 ---- a/drivers/oprofile/oprofile_files.c -+++ b/drivers/oprofile/oprofile_files.c -@@ -36,6 +36,8 @@ static ssize_t timeout_read(struct file *file, char __user *buf, - - - static ssize_t timeout_write(struct file *file, char const __user *buf, -+ size_t count, loff_t *offset) __size_overflow(3); -+static ssize_t timeout_write(struct file *file, char const __user *buf, - size_t count, loff_t *offset) - { - unsigned long val; -@@ -72,6 +74,7 @@ static ssize_t depth_read(struct file *file, char __user *buf, size_t count, lof - } - - -+static ssize_t depth_write(struct file *file, char const __user *buf, size_t count, loff_t *offset) __size_overflow(3); - static ssize_t depth_write(struct file *file, char const __user *buf, size_t count, loff_t *offset) - { - unsigned long val; -@@ -126,12 +129,14 @@ static const struct file_operations cpu_type_fops = { - }; - - -+static ssize_t enable_read(struct file *file, char __user *buf, size_t count, loff_t *offset) __size_overflow(3); - static ssize_t enable_read(struct file *file, char __user *buf, size_t count, loff_t *offset) - { - return oprofilefs_ulong_to_user(oprofile_started, buf, count, offset); - } - - -+static ssize_t enable_write(struct file *file, char const __user *buf, size_t count, loff_t *offset) __size_overflow(3); - static ssize_t enable_write(struct file *file, char const __user *buf, size_t count, loff_t *offset) - { - unsigned long val; diff --git a/drivers/oprofile/oprofile_stats.c b/drivers/oprofile/oprofile_stats.c index 917d28e..d62d981 100644 --- a/drivers/oprofile/oprofile_stats.c @@ -36047,18 +35078,10 @@ index 38b6fc0..b5cbfce 100644 extern struct oprofile_stat_struct oprofile_stats; diff --git a/drivers/oprofile/oprofilefs.c b/drivers/oprofile/oprofilefs.c -index 2f0aa0f..d5246c3 100644 +index 2f0aa0f..90fab02 100644 --- a/drivers/oprofile/oprofilefs.c +++ b/drivers/oprofile/oprofilefs.c -@@ -97,6 +97,7 @@ static ssize_t ulong_read_file(struct file *file, char __user *buf, size_t count - } - - -+static ssize_t ulong_write_file(struct file *file, char const __user *buf, size_t count, loff_t *offset) __size_overflow(3); - static ssize_t ulong_write_file(struct file *file, char const __user *buf, size_t count, loff_t *offset) - { - unsigned long value; -@@ -193,7 +194,7 @@ static const struct file_operations atomic_ro_fops = { +@@ -193,7 +193,7 @@ static const struct file_operations atomic_ro_fops = { int oprofilefs_create_ro_atomic(struct super_block *sb, struct dentry *root, @@ -36138,7 +35161,7 @@ index 24f049e..051f66e 100644 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index dfee1b3..a454fb6 100644 +index 71eac9c..2de27ef 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -136,7 +136,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, @@ -36171,21 +35194,8 @@ index 27911b5..5b6db88 100644 proc_create("devices", 0, proc_bus_pci_dir, &proc_bus_pci_dev_operations); proc_initialized = 1; -diff --git a/drivers/platform/x86/asus_acpi.c b/drivers/platform/x86/asus_acpi.c -index d9312b3..59f63f2 100644 ---- a/drivers/platform/x86/asus_acpi.c -+++ b/drivers/platform/x86/asus_acpi.c -@@ -887,6 +887,8 @@ static int lcd_proc_open(struct inode *inode, struct file *file) - } - - static ssize_t lcd_proc_write(struct file *file, const char __user *buffer, -+ size_t count, loff_t *pos) __size_overflow(3); -+static ssize_t lcd_proc_write(struct file *file, const char __user *buffer, - size_t count, loff_t *pos) - { - int rv, value; diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c -index 7b82868..b9344c9 100644 +index ea0c607..58c4628 100644 --- a/drivers/platform/x86/thinkpad_acpi.c +++ b/drivers/platform/x86/thinkpad_acpi.c @@ -2094,7 +2094,7 @@ static int hotkey_mask_get(void) @@ -36316,19 +35326,6 @@ index 7b82868..b9344c9 100644 /* * Polling driver -diff --git a/drivers/platform/x86/toshiba_acpi.c b/drivers/platform/x86/toshiba_acpi.c -index dcdc1f4..85cee16 100644 ---- a/drivers/platform/x86/toshiba_acpi.c -+++ b/drivers/platform/x86/toshiba_acpi.c -@@ -517,6 +517,8 @@ static int set_lcd_status(struct backlight_device *bd) - } - - static ssize_t lcd_proc_write(struct file *file, const char __user *buf, -+ size_t count, loff_t *pos) __size_overflow(3); -+static ssize_t lcd_proc_write(struct file *file, const char __user *buf, - size_t count, loff_t *pos) - { - struct toshiba_acpi_dev *dev = PDE(file->f_path.dentry->d_inode)->data; diff --git a/drivers/pnp/pnpbios/bioscalls.c b/drivers/pnp/pnpbios/bioscalls.c index b859d16..5cc6b1a 100644 --- a/drivers/pnp/pnpbios/bioscalls.c @@ -36412,10 +35409,10 @@ index b0ecacb..7c9da2e 100644 /* check if the resource is reserved */ diff --git a/drivers/power/bq27x00_battery.c b/drivers/power/bq27x00_battery.c -index bb16f5b..c751eef 100644 +index 1ed6ea0..77c0bd2 100644 --- a/drivers/power/bq27x00_battery.c +++ b/drivers/power/bq27x00_battery.c -@@ -67,7 +67,7 @@ +@@ -72,7 +72,7 @@ struct bq27x00_device_info; struct bq27x00_access_methods { int (*read)(struct bq27x00_device_info *di, u8 reg, bool single); @@ -36425,7 +35422,7 @@ index bb16f5b..c751eef 100644 enum bq27x00_chip { BQ27000, BQ27500 }; diff --git a/drivers/regulator/max8660.c b/drivers/regulator/max8660.c -index 33f5d9a..d957d3f 100644 +index a838e66..a9e1665 100644 --- a/drivers/regulator/max8660.c +++ b/drivers/regulator/max8660.c @@ -383,8 +383,10 @@ static int __devinit max8660_probe(struct i2c_client *client, @@ -36442,10 +35439,10 @@ index 33f5d9a..d957d3f 100644 /* diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c -index 023d17d..74ef35b 100644 +index e8cfc99..072aee2 100644 --- a/drivers/regulator/mc13892-regulator.c +++ b/drivers/regulator/mc13892-regulator.c -@@ -565,10 +565,12 @@ static int __devinit mc13892_regulator_probe(struct platform_device *pdev) +@@ -574,10 +574,12 @@ static int __devinit mc13892_regulator_probe(struct platform_device *pdev) } mc13xxx_unlock(mc13892); @@ -36457,9 +35454,9 @@ index 023d17d..74ef35b 100644 + *(void **)&mc13892_regulators[MC13892_VCAM].desc.ops->get_mode = mc13892_vcam_get_mode; + pax_close_kernel(); - for (i = 0; i < pdata->num_regulators; i++) { - init_data = &pdata->regulators[i]; - priv->regulators[i] = regulator_register( + + mc13xxx_data = mc13xxx_parse_regulators_dt(pdev, mc13892_regulators, + ARRAY_SIZE(mc13892_regulators)); diff --git a/drivers/rtc/rtc-dev.c b/drivers/rtc/rtc-dev.c index cace6d3..f623fda 100644 --- a/drivers/rtc/rtc-dev.c @@ -36534,10 +35531,10 @@ index a796de9..1ef20e1 100644 struct bfa_faa_cbfn_s { diff --git a/drivers/scsi/bfa/bfa_fcpim.c b/drivers/scsi/bfa/bfa_fcpim.c -index e07bd47..cd1bbbb 100644 +index f0f80e2..8ec946b 100644 --- a/drivers/scsi/bfa/bfa_fcpim.c +++ b/drivers/scsi/bfa/bfa_fcpim.c -@@ -4121,7 +4121,7 @@ bfa_fcp_attach(struct bfa_s *bfa, void *bfad, struct bfa_iocfc_cfg_s *cfg, +@@ -3715,7 +3715,7 @@ bfa_fcp_attach(struct bfa_s *bfa, void *bfad, struct bfa_iocfc_cfg_s *cfg, bfa_iotag_attach(fcp); @@ -36546,7 +35543,7 @@ index e07bd47..cd1bbbb 100644 bfa_mem_kva_curp(fcp) = (u8 *)fcp->itn_arr + (fcp->num_itns * sizeof(struct bfa_itn_s)); memset(fcp->itn_arr, 0, -@@ -4179,7 +4179,7 @@ bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport, +@@ -3773,7 +3773,7 @@ bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport, void (*isr)(struct bfa_s *bfa, struct bfi_msg_s *m)) { struct bfa_fcp_mod_s *fcp = BFA_FCP_MOD(bfa); @@ -36556,7 +35553,7 @@ index e07bd47..cd1bbbb 100644 itn = BFA_ITN_FROM_TAG(fcp, rport->rport_tag); itn->isr = isr; diff --git a/drivers/scsi/bfa/bfa_fcpim.h b/drivers/scsi/bfa/bfa_fcpim.h -index 1080bcb..a3b39e3 100644 +index 36f26da..38a34a8 100644 --- a/drivers/scsi/bfa/bfa_fcpim.h +++ b/drivers/scsi/bfa/bfa_fcpim.h @@ -37,6 +37,7 @@ struct bfa_iotag_s { @@ -36567,7 +35564,7 @@ index 1080bcb..a3b39e3 100644 void bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport, void (*isr)(struct bfa_s *bfa, struct bfi_msg_s *m)); -@@ -149,7 +150,7 @@ struct bfa_fcp_mod_s { +@@ -147,7 +148,7 @@ struct bfa_fcp_mod_s { struct list_head iotag_tio_free_q; /* free IO resources */ struct list_head iotag_unused_q; /* unused IO resources*/ struct bfa_iotag_s *iotag_arr; @@ -36621,10 +35618,10 @@ index 351dc0b..951dc32 100644 /* These three are default values which can be overridden */ diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c -index 865d452..e9b7fa7 100644 +index b96962c..0c82ec2 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c -@@ -505,7 +505,7 @@ static inline u32 next_command(struct ctlr_info *h) +@@ -507,7 +507,7 @@ static inline u32 next_command(struct ctlr_info *h) u32 a; if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant))) @@ -36633,7 +35630,7 @@ index 865d452..e9b7fa7 100644 if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) { a = *(h->reply_pool_head); /* Next cmd in ring buffer */ -@@ -2989,7 +2989,7 @@ static void start_io(struct ctlr_info *h) +@@ -2991,7 +2991,7 @@ static void start_io(struct ctlr_info *h) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, struct CommandList, list); /* can't do anything if fifo is full */ @@ -36642,7 +35639,7 @@ index 865d452..e9b7fa7 100644 dev_warn(&h->pdev->dev, "fifo full\n"); break; } -@@ -2999,7 +2999,7 @@ static void start_io(struct ctlr_info *h) +@@ -3001,7 +3001,7 @@ static void start_io(struct ctlr_info *h) h->Qdepth--; /* Tell the controller execute command */ @@ -36651,7 +35648,7 @@ index 865d452..e9b7fa7 100644 /* Put job onto the completed Q */ addQ(&h->cmpQ, c); -@@ -3008,17 +3008,17 @@ static void start_io(struct ctlr_info *h) +@@ -3010,17 +3010,17 @@ static void start_io(struct ctlr_info *h) static inline unsigned long get_next_completion(struct ctlr_info *h) { @@ -36672,7 +35669,7 @@ index 865d452..e9b7fa7 100644 (h->interrupts_enabled == 0); } -@@ -3917,7 +3917,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h) +@@ -3919,7 +3919,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -36681,7 +35678,7 @@ index 865d452..e9b7fa7 100644 if (hpsa_board_disabled(h->pdev)) { dev_warn(&h->pdev->dev, "controller appears to be disabled\n"); -@@ -4162,7 +4162,7 @@ static void controller_lockup_detected(struct ctlr_info *h) +@@ -4164,7 +4164,7 @@ static void controller_lockup_detected(struct ctlr_info *h) assert_spin_locked(&lockup_detector_lock); remove_ctlr_from_lockup_detector_list(h); @@ -36690,7 +35687,7 @@ index 865d452..e9b7fa7 100644 spin_lock_irqsave(&h->lock, flags); h->lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET); spin_unlock_irqrestore(&h->lock, flags); -@@ -4340,7 +4340,7 @@ reinit_after_soft_reset: +@@ -4344,7 +4344,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -36699,7 +35696,7 @@ index 865d452..e9b7fa7 100644 if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx)) goto clean2; -@@ -4374,7 +4374,7 @@ reinit_after_soft_reset: +@@ -4378,7 +4378,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -36708,7 +35705,7 @@ index 865d452..e9b7fa7 100644 spin_unlock_irqrestore(&h->lock, flags); free_irq(h->intr[h->intr_mode], h); rc = hpsa_request_irq(h, hpsa_msix_discard_completions, -@@ -4393,9 +4393,9 @@ reinit_after_soft_reset: +@@ -4397,9 +4397,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -36720,7 +35717,7 @@ index 865d452..e9b7fa7 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -4416,7 +4416,7 @@ reinit_after_soft_reset: +@@ -4420,7 +4420,7 @@ reinit_after_soft_reset: } /* Turn the interrupts on so we can service requests */ @@ -36729,7 +35726,7 @@ index 865d452..e9b7fa7 100644 hpsa_hba_inquiry(h); hpsa_register_scsi(h); /* hook ourselves into SCSI subsystem */ -@@ -4468,7 +4468,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) +@@ -4472,7 +4472,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) * To write all data in the battery backed cache to disks */ hpsa_flush_cache(h); @@ -36738,7 +35735,7 @@ index 865d452..e9b7fa7 100644 free_irq(h->intr[h->intr_mode], h); #ifdef CONFIG_PCI_MSI if (h->msix_vector) -@@ -4632,7 +4632,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h, +@@ -4636,7 +4636,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h, return; } /* Change the access methods to the performant access methods */ @@ -36774,7 +35771,7 @@ index f2df059..a3a9930 100644 typedef struct ips_ha { uint8_t ha_id[IPS_MAX_CHANNELS+1]; diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c -index 9de9db2..1e09660 100644 +index 4d70d96..84d0573 100644 --- a/drivers/scsi/libfc/fc_exch.c +++ b/drivers/scsi/libfc/fc_exch.c @@ -105,12 +105,12 @@ struct fc_exch_mgr { @@ -36912,10 +35909,10 @@ index db9238f..4378ed2 100644 .qc_issue = sas_ata_qc_issue, .qc_fill_rtf = sas_ata_qc_fill_rtf, diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h -index bb4c8e0..f33d849 100644 +index 825f930..ce42672 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h -@@ -425,7 +425,7 @@ struct lpfc_vport { +@@ -413,7 +413,7 @@ struct lpfc_vport { struct dentry *debug_nodelist; struct dentry *vport_debugfs_root; struct lpfc_debugfs_trc *disc_trc; @@ -36924,7 +35921,7 @@ index bb4c8e0..f33d849 100644 #endif uint8_t stat_data_enabled; uint8_t stat_data_blocked; -@@ -835,8 +835,8 @@ struct lpfc_hba { +@@ -821,8 +821,8 @@ struct lpfc_hba { struct timer_list fabric_block_timer; unsigned long bit_flags; #define FABRIC_COMANDS_BLOCKED 0 @@ -36935,7 +35932,7 @@ index bb4c8e0..f33d849 100644 unsigned long last_rsrc_error_time; unsigned long last_ramp_down_time; unsigned long last_ramp_up_time; -@@ -866,7 +866,7 @@ struct lpfc_hba { +@@ -852,7 +852,7 @@ struct lpfc_hba { struct dentry *debug_slow_ring_trc; struct lpfc_debugfs_trc *slow_ring_trc; @@ -36945,7 +35942,7 @@ index bb4c8e0..f33d849 100644 struct dentry *idiag_root; struct dentry *idiag_pci_cfg; diff --git a/drivers/scsi/lpfc/lpfc_debugfs.c b/drivers/scsi/lpfc/lpfc_debugfs.c -index 2838259..a07cfb5 100644 +index 3587a3f..d45b81b 100644 --- a/drivers/scsi/lpfc/lpfc_debugfs.c +++ b/drivers/scsi/lpfc/lpfc_debugfs.c @@ -106,7 +106,7 @@ MODULE_PARM_DESC(lpfc_debugfs_mask_disc_trc, @@ -37009,7 +36006,7 @@ index 2838259..a07cfb5 100644 dtp->jif = jiffies; #endif return; -@@ -3986,7 +3986,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) +@@ -4040,7 +4040,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) "slow_ring buffer\n"); goto debug_failed; } @@ -37018,7 +36015,7 @@ index 2838259..a07cfb5 100644 memset(phba->slow_ring_trc, 0, (sizeof(struct lpfc_debugfs_trc) * lpfc_debugfs_max_slow_ring_trc)); -@@ -4032,7 +4032,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) +@@ -4086,7 +4086,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) "buffer\n"); goto debug_failed; } @@ -37028,10 +36025,10 @@ index 2838259..a07cfb5 100644 snprintf(name, sizeof(name), "discovery_trace"); vport->debug_disc_trc = diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c -index 55bc4fc..a2a109c 100644 +index dfea2da..8e17227 100644 --- a/drivers/scsi/lpfc/lpfc_init.c +++ b/drivers/scsi/lpfc/lpfc_init.c -@@ -10027,8 +10027,10 @@ lpfc_init(void) +@@ -10145,8 +10145,10 @@ lpfc_init(void) printk(LPFC_COPYRIGHT "\n"); if (lpfc_enable_npiv) { @@ -37045,7 +36042,7 @@ index 55bc4fc..a2a109c 100644 lpfc_transport_template = fc_attach_transport(&lpfc_transport_functions); diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c -index 2e1e54e..1af0a0d 100644 +index c60f5d0..751535c 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c @@ -305,7 +305,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba) @@ -37100,7 +36097,7 @@ index 2e1e54e..1af0a0d 100644 /** diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c -index 5163edb..7b142bc 100644 +index ea8a0b4..812a124 100644 --- a/drivers/scsi/pmcraid.c +++ b/drivers/scsi/pmcraid.c @@ -200,8 +200,8 @@ static int pmcraid_slave_alloc(struct scsi_device *scsi_dev) @@ -37207,23 +36204,23 @@ index ca496c7..9c791d5 100644 /* To indicate add/delete/modify during CCN */ u8 change_detected; diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h -index fcf052c..a8025a4 100644 +index af1003f..be55a75 100644 --- a/drivers/scsi/qla2xxx/qla_def.h +++ b/drivers/scsi/qla2xxx/qla_def.h -@@ -2244,7 +2244,7 @@ struct isp_operations { - int (*get_flash_version) (struct scsi_qla_host *, void *); +@@ -2247,7 +2247,7 @@ struct isp_operations { int (*start_scsi) (srb_t *); int (*abort_isp) (struct scsi_qla_host *); + int (*iospace_config)(struct qla_hw_data*); -}; +} __no_const; /* MSI-X Support *************************************************************/ diff --git a/drivers/scsi/qla4xxx/ql4_def.h b/drivers/scsi/qla4xxx/ql4_def.h -index fd5edc6..4906148 100644 +index bfe6854..ceac088 100644 --- a/drivers/scsi/qla4xxx/ql4_def.h +++ b/drivers/scsi/qla4xxx/ql4_def.h -@@ -258,7 +258,7 @@ struct ddb_entry { +@@ -261,7 +261,7 @@ struct ddb_entry { * (4000 only) */ atomic_t relogin_timer; /* Max Time to wait for * relogin to complete */ @@ -37233,10 +36230,10 @@ index fd5edc6..4906148 100644 uint32_t default_time2wait; /* Default Min time between * relogins (+aens) */ diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c -index 4169c8b..a8b896b 100644 +index ce6d3b7..73fac54 100644 --- a/drivers/scsi/qla4xxx/ql4_os.c +++ b/drivers/scsi/qla4xxx/ql4_os.c -@@ -2104,12 +2104,12 @@ void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess) +@@ -2178,12 +2178,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess) */ if (!iscsi_is_session_online(cls_sess)) { /* Reset retry relogin timer */ @@ -37251,15 +36248,15 @@ index 4169c8b..a8b896b 100644 ddb_entry->default_time2wait + 4)); set_bit(DPC_RELOGIN_DEVICE, &ha->dpc_flags); atomic_set(&ddb_entry->retry_relogin_timer, -@@ -3835,7 +3835,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha, +@@ -3953,7 +3953,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha, atomic_set(&ddb_entry->retry_relogin_timer, INVALID_ENTRY); atomic_set(&ddb_entry->relogin_timer, 0); - atomic_set(&ddb_entry->relogin_retry_count, 0); + atomic_set_unchecked(&ddb_entry->relogin_retry_count, 0); - + def_timeout = le16_to_cpu(ddb_entry->fw_ddb_entry.def_timeout); ddb_entry->default_relogin_timeout = - le16_to_cpu(ddb_entry->fw_ddb_entry.def_timeout); + (def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ? diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c index 2aeb2e9..46e3925 100644 --- a/drivers/scsi/scsi.c @@ -37274,10 +36271,10 @@ index 2aeb2e9..46e3925 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index f85cfa6..a57c9e8 100644 +index b2c95db..227d74e 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -1416,7 +1416,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) +@@ -1411,7 +1411,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) shost = sdev->host; scsi_init_cmd_errh(cmd); cmd->result = DID_NO_CONNECT << 16; @@ -37286,7 +36283,7 @@ index f85cfa6..a57c9e8 100644 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1442,9 +1442,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1437,9 +1437,9 @@ static void scsi_softirq_done(struct request *rq) INIT_LIST_HEAD(&cmd->eh_entry); @@ -37325,7 +36322,7 @@ index 84a1fdf..693b0d6 100644 /* * TODO: need to fixup sg_tablesize, max_segment_size, diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c -index 1b21491..1b7f60e 100644 +index f59d4a0..1d89407 100644 --- a/drivers/scsi/scsi_transport_fc.c +++ b/drivers/scsi/scsi_transport_fc.c @@ -484,7 +484,7 @@ static DECLARE_TRANSPORT_CLASS(fc_vport_class, @@ -37365,7 +36362,7 @@ index 1b21491..1b7f60e 100644 /* * Check for overflow; dev_loss_tmo is u32 diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c -index 96029e6..4d77fa0 100644 +index cfd4914..ddd7129 100644 --- a/drivers/scsi/scsi_transport_iscsi.c +++ b/drivers/scsi/scsi_transport_iscsi.c @@ -79,7 +79,7 @@ struct iscsi_internal { @@ -37377,7 +36374,7 @@ index 96029e6..4d77fa0 100644 static struct workqueue_struct *iscsi_eh_timer_workq; static DEFINE_IDA(iscsi_sess_ida); -@@ -1062,7 +1062,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id) +@@ -1063,7 +1063,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id) int err; ihost = shost->shost_data; @@ -37386,7 +36383,7 @@ index 96029e6..4d77fa0 100644 if (target_id == ISCSI_MAX_TARGET) { id = ida_simple_get(&iscsi_sess_ida, 0, 0, GFP_KERNEL); -@@ -2663,7 +2663,7 @@ static __init int iscsi_transport_init(void) +@@ -2680,7 +2680,7 @@ static __init int iscsi_transport_init(void) printk(KERN_INFO "Loading iSCSI transport class v%s.\n", ISCSI_TRANSPORT_VERSION); @@ -37427,7 +36424,7 @@ index 21a045e..ec89e03 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c -index 441a1c5..07cece7 100644 +index eacd46b..e3f4d62 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -1077,7 +1077,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) @@ -37448,15 +36445,15 @@ index 441a1c5..07cece7 100644 {"allow_dio", &adio_fops}, {"debug", &debug_fops}, {"def_reserved_size", &dressz_fops}, -@@ -2327,7 +2327,7 @@ sg_proc_init(void) - { - int k, mask; - int num_leaves = ARRAY_SIZE(sg_proc_leaf_arr); -- struct sg_proc_leaf * leaf; -+ const struct sg_proc_leaf * leaf; - - sg_proc_sgp = proc_mkdir(sg_proc_sg_dirname, NULL); +@@ -2332,7 +2332,7 @@ sg_proc_init(void) if (!sg_proc_sgp) + return 1; + for (k = 0; k < num_leaves; ++k) { +- struct sg_proc_leaf *leaf = &sg_proc_leaf_arr[k]; ++ const struct sg_proc_leaf *leaf = &sg_proc_leaf_arr[k]; + umode_t mask = leaf->fops->write ? S_IRUGO | S_IWUSR : S_IRUGO; + proc_create(leaf->name, mask, sg_proc_sgp, leaf->fops); + } diff --git a/drivers/spi/spi-dw-pci.c b/drivers/spi/spi-dw-pci.c index f64250e..1ee3049 100644 --- a/drivers/spi/spi-dw-pci.c @@ -37471,7 +36468,7 @@ index f64250e..1ee3049 100644 { PCI_DEVICE(PCI_VENDOR_ID_INTEL, 0x0800) }, {}, diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c -index 77eae99..b7cdcc9 100644 +index b2ccdea..84cde75 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c @@ -1024,7 +1024,7 @@ int spi_bus_unlock(struct spi_master *master) @@ -37483,65 +36480,8 @@ index 77eae99..b7cdcc9 100644 static u8 *buf; -diff --git a/drivers/staging/gma500/power.c b/drivers/staging/gma500/power.c -index 436fe97..4082570 100644 ---- a/drivers/staging/gma500/power.c -+++ b/drivers/staging/gma500/power.c -@@ -266,7 +266,7 @@ bool gma_power_begin(struct drm_device *dev, bool force_on) - ret = gma_resume_pci(dev->pdev); - if (ret == 0) { - /* FIXME: we want to defer this for Medfield/Oaktrail */ -- gma_resume_display(dev); -+ gma_resume_display(dev->pdev); - psb_irq_preinstall(dev); - psb_irq_postinstall(dev); - pm_runtime_get(&dev->pdev->dev); -diff --git a/drivers/staging/hv/rndis_filter.c b/drivers/staging/hv/rndis_filter.c -index bafccb3..e3ac78d 100644 ---- a/drivers/staging/hv/rndis_filter.c -+++ b/drivers/staging/hv/rndis_filter.c -@@ -42,7 +42,7 @@ struct rndis_device { - - enum rndis_device_state state; - bool link_state; -- atomic_t new_req_id; -+ atomic_unchecked_t new_req_id; - - spinlock_t request_lock; - struct list_head req_list; -@@ -116,7 +116,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev, - * template - */ - set = &rndis_msg->msg.set_req; -- set->req_id = atomic_inc_return(&dev->new_req_id); -+ set->req_id = atomic_inc_return_unchecked(&dev->new_req_id); - - /* Add to the request list */ - spin_lock_irqsave(&dev->request_lock, flags); -@@ -646,7 +646,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev) - - /* Setup the rndis set */ - halt = &request->request_msg.msg.halt_req; -- halt->req_id = atomic_inc_return(&dev->new_req_id); -+ halt->req_id = atomic_inc_return_unchecked(&dev->new_req_id); - - /* Ignore return since this msg is optional. */ - rndis_filter_send_request(dev, request); -diff --git a/drivers/staging/iio/buffer_generic.h b/drivers/staging/iio/buffer_generic.h -index 9e8f010..af9efb56 100644 ---- a/drivers/staging/iio/buffer_generic.h -+++ b/drivers/staging/iio/buffer_generic.h -@@ -64,7 +64,7 @@ struct iio_buffer_access_funcs { - - int (*is_enabled)(struct iio_buffer *buffer); - int (*enable)(struct iio_buffer *buffer); --}; -+} __no_const; - - /** - * struct iio_buffer_setup_ops - buffer setup related callbacks diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c -index 8b307b4..a97ac91 100644 +index 400df8c..065d4f4 100644 --- a/drivers/staging/octeon/ethernet-rx.c +++ b/drivers/staging/octeon/ethernet-rx.c @@ -420,11 +420,11 @@ static int cvm_oct_napi_poll(struct napi_struct *napi, int budget) @@ -37573,7 +36513,7 @@ index 8b307b4..a97ac91 100644 dev_kfree_skb_irq(skb); } diff --git a/drivers/staging/octeon/ethernet.c b/drivers/staging/octeon/ethernet.c -index 076f866..2308070 100644 +index 9112cd8..92f8d51 100644 --- a/drivers/staging/octeon/ethernet.c +++ b/drivers/staging/octeon/ethernet.c @@ -258,11 +258,11 @@ static struct net_device_stats *cvm_oct_common_get_stats(struct net_device *dev) @@ -37592,101 +36532,6 @@ index 076f866..2308070 100644 #endif } -diff --git a/drivers/staging/pohmelfs/inode.c b/drivers/staging/pohmelfs/inode.c -index 7a19555..466456d 100644 ---- a/drivers/staging/pohmelfs/inode.c -+++ b/drivers/staging/pohmelfs/inode.c -@@ -1861,7 +1861,7 @@ static int pohmelfs_fill_super(struct super_block *sb, void *data, int silent) - mutex_init(&psb->mcache_lock); - psb->mcache_root = RB_ROOT; - psb->mcache_timeout = msecs_to_jiffies(5000); -- atomic_long_set(&psb->mcache_gen, 0); -+ atomic_long_set_unchecked(&psb->mcache_gen, 0); - - psb->trans_max_pages = 100; - -@@ -1876,7 +1876,7 @@ static int pohmelfs_fill_super(struct super_block *sb, void *data, int silent) - INIT_LIST_HEAD(&psb->crypto_ready_list); - INIT_LIST_HEAD(&psb->crypto_active_list); - -- atomic_set(&psb->trans_gen, 1); -+ atomic_set_unchecked(&psb->trans_gen, 1); - atomic_long_set(&psb->total_inodes, 0); - - mutex_init(&psb->state_lock); -diff --git a/drivers/staging/pohmelfs/mcache.c b/drivers/staging/pohmelfs/mcache.c -index e22665c..a2a9390 100644 ---- a/drivers/staging/pohmelfs/mcache.c -+++ b/drivers/staging/pohmelfs/mcache.c -@@ -121,7 +121,7 @@ struct pohmelfs_mcache *pohmelfs_mcache_alloc(struct pohmelfs_sb *psb, u64 start - m->data = data; - m->start = start; - m->size = size; -- m->gen = atomic_long_inc_return(&psb->mcache_gen); -+ m->gen = atomic_long_inc_return_unchecked(&psb->mcache_gen); - - mutex_lock(&psb->mcache_lock); - err = pohmelfs_mcache_insert(psb, m); -diff --git a/drivers/staging/pohmelfs/netfs.h b/drivers/staging/pohmelfs/netfs.h -index 985b6b7..7699e05 100644 ---- a/drivers/staging/pohmelfs/netfs.h -+++ b/drivers/staging/pohmelfs/netfs.h -@@ -571,14 +571,14 @@ struct pohmelfs_config; - struct pohmelfs_sb { - struct rb_root mcache_root; - struct mutex mcache_lock; -- atomic_long_t mcache_gen; -+ atomic_long_unchecked_t mcache_gen; - unsigned long mcache_timeout; - - unsigned int idx; - - unsigned int trans_retries; - -- atomic_t trans_gen; -+ atomic_unchecked_t trans_gen; - - unsigned int crypto_attached_size; - unsigned int crypto_align_size; -diff --git a/drivers/staging/pohmelfs/trans.c b/drivers/staging/pohmelfs/trans.c -index 06c1a74..866eebc 100644 ---- a/drivers/staging/pohmelfs/trans.c -+++ b/drivers/staging/pohmelfs/trans.c -@@ -492,7 +492,7 @@ int netfs_trans_finish(struct netfs_trans *t, struct pohmelfs_sb *psb) - int err; - struct netfs_cmd *cmd = t->iovec.iov_base; - -- t->gen = atomic_inc_return(&psb->trans_gen); -+ t->gen = atomic_inc_return_unchecked(&psb->trans_gen); - - cmd->size = t->iovec.iov_len - sizeof(struct netfs_cmd) + - t->attached_size + t->attached_pages * sizeof(struct netfs_cmd); -diff --git a/drivers/staging/rtl8192e/rtllib_module.c b/drivers/staging/rtl8192e/rtllib_module.c -index c36a140..dd27fda 100644 ---- a/drivers/staging/rtl8192e/rtllib_module.c -+++ b/drivers/staging/rtl8192e/rtllib_module.c -@@ -228,6 +228,8 @@ static int show_debug_level(char *page, char **start, off_t offset, - } - - static int store_debug_level(struct file *file, const char __user *buffer, -+ unsigned long count, void *data) __size_overflow(3); -+static int store_debug_level(struct file *file, const char __user *buffer, - unsigned long count, void *data) - { - char buf[] = "0x00000000"; -diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c b/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c -index e3d47bc..85f4d0d 100644 ---- a/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c -+++ b/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c -@@ -250,6 +250,8 @@ static int show_debug_level(char *page, char **start, off_t offset, - } - - static int store_debug_level(struct file *file, const char *buffer, -+ unsigned long count, void *data) __size_overflow(3); -+static int store_debug_level(struct file *file, const char *buffer, - unsigned long count, void *data) - { - char buf[] = "0x00000000"; diff --git a/drivers/staging/rtl8712/rtl871x_io.h b/drivers/staging/rtl8712/rtl871x_io.h index 86308a0..feaa925 100644 --- a/drivers/staging/rtl8712/rtl871x_io.h @@ -37713,8 +36558,25 @@ index c7b5e8b..783d6cb 100644 return -EFAULT; return 0; +diff --git a/drivers/staging/speakup/speakup_soft.c b/drivers/staging/speakup/speakup_soft.c +index 42cdafe..2769103 100644 +--- a/drivers/staging/speakup/speakup_soft.c ++++ b/drivers/staging/speakup/speakup_soft.c +@@ -241,11 +241,11 @@ static ssize_t softsynth_read(struct file *fp, char *buf, size_t count, + break; + } else if (!initialized) { + if (*init) { +- ch = *init; + init++; + } else { + initialized = 1; + } ++ ch = *init; + } else { + ch = synth_buffer_getc(); + } diff --git a/drivers/staging/usbip/usbip_common.h b/drivers/staging/usbip/usbip_common.h -index be21617..0954e45 100644 +index b8f8c48..1fc5025 100644 --- a/drivers/staging/usbip/usbip_common.h +++ b/drivers/staging/usbip/usbip_common.h @@ -289,7 +289,7 @@ struct usbip_device { @@ -37725,7 +36587,7 @@ index be21617..0954e45 100644 + } __no_const eh_ops; }; - #if 0 + /* usbip_common.c */ diff --git a/drivers/staging/usbip/vhci.h b/drivers/staging/usbip/vhci.h index 88b3298..3783eee 100644 --- a/drivers/staging/usbip/vhci.h @@ -37771,7 +36633,7 @@ index 2ee97e2..0420b86 100644 hcd->power_budget = 0; /* no limit */ diff --git a/drivers/staging/usbip/vhci_rx.c b/drivers/staging/usbip/vhci_rx.c -index 3872b8c..fe6d2f4 100644 +index 3f511b4..d3dbc1e 100644 --- a/drivers/staging/usbip/vhci_rx.c +++ b/drivers/staging/usbip/vhci_rx.c @@ -77,7 +77,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, @@ -37899,10 +36761,10 @@ index ed147c4..94fc3c6 100644 /* core tmem accessor functions */ diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c -index 03d3528..6bbe82f 100644 +index 501b27c..39dc3d3 100644 --- a/drivers/target/iscsi/iscsi_target.c +++ b/drivers/target/iscsi/iscsi_target.c -@@ -1364,7 +1364,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf) +@@ -1363,7 +1363,7 @@ static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf) * outstanding_r2ts reaches zero, go ahead and send the delayed * TASK_ABORTED status. */ @@ -37912,10 +36774,10 @@ index 03d3528..6bbe82f 100644 if (--cmd->outstanding_r2ts < 1) { iscsit_stop_dataout_timer(cmd); diff --git a/drivers/target/target_core_tmr.c b/drivers/target/target_core_tmr.c -index 6845228..df77141 100644 +index dcb0618..97e3d85 100644 --- a/drivers/target/target_core_tmr.c +++ b/drivers/target/target_core_tmr.c -@@ -250,7 +250,7 @@ static void core_tmr_drain_task_list( +@@ -260,7 +260,7 @@ static void core_tmr_drain_task_list( cmd->se_tfo->get_task_tag(cmd), cmd->pr_res_key, cmd->t_task_list_num, atomic_read(&cmd->t_task_cdbs_left), @@ -37924,7 +36786,7 @@ index 6845228..df77141 100644 atomic_read(&cmd->t_transport_active), atomic_read(&cmd->t_transport_stop), atomic_read(&cmd->t_transport_sent)); -@@ -281,7 +281,7 @@ static void core_tmr_drain_task_list( +@@ -291,7 +291,7 @@ static void core_tmr_drain_task_list( pr_debug("LUN_RESET: got t_transport_active = 1 for" " task: %p, t_fe_count: %d dev: %p\n", task, fe_count, dev); @@ -37933,7 +36795,7 @@ index 6845228..df77141 100644 spin_unlock_irqrestore(&cmd->t_state_lock, flags); core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count); -@@ -289,7 +289,7 @@ static void core_tmr_drain_task_list( +@@ -299,7 +299,7 @@ static void core_tmr_drain_task_list( } pr_debug("LUN_RESET: Got t_transport_active = 0 for task: %p," " t_fe_count: %d dev: %p\n", task, fe_count, dev); @@ -37943,19 +36805,19 @@ index 6845228..df77141 100644 core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index cdb774b..8753593 100644 +index cd5cd95..5249d30 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c -@@ -1343,7 +1343,7 @@ struct se_device *transport_add_device_to_core_hba( - - dev->queue_depth = dev_limits->queue_depth; - atomic_set(&dev->depth_left, dev->queue_depth); +@@ -1330,7 +1330,7 @@ struct se_device *transport_add_device_to_core_hba( + spin_lock_init(&dev->se_port_lock); + spin_lock_init(&dev->se_tmr_lock); + spin_lock_init(&dev->qf_cmd_lock); - atomic_set(&dev->dev_ordered_id, 0); + atomic_set_unchecked(&dev->dev_ordered_id, 0); se_dev_set_default_attribs(dev, dev_limits); -@@ -1530,7 +1530,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd) +@@ -1517,7 +1517,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd) * Used to determine when ORDERED commands should go from * Dormant to Active status. */ @@ -37964,7 +36826,7 @@ index cdb774b..8753593 100644 smp_mb__after_atomic_inc(); pr_debug("Allocated se_ordered_id: %u for Task Attr: 0x%02x on %s\n", cmd->se_ordered_id, cmd->sam_task_attr, -@@ -1800,7 +1800,7 @@ static void transport_generic_request_failure(struct se_cmd *cmd) +@@ -1862,7 +1862,7 @@ static void transport_generic_request_failure(struct se_cmd *cmd) " t_transport_active: %d t_transport_stop: %d" " t_transport_sent: %d\n", cmd->t_task_list_num, atomic_read(&cmd->t_task_cdbs_left), @@ -37973,8 +36835,8 @@ index cdb774b..8753593 100644 atomic_read(&cmd->t_task_cdbs_ex_left), atomic_read(&cmd->t_transport_active), atomic_read(&cmd->t_transport_stop), -@@ -2089,9 +2089,9 @@ check_depth: - +@@ -2121,9 +2121,9 @@ check_depth: + cmd = task->task_se_cmd; spin_lock_irqsave(&cmd->t_state_lock, flags); task->task_flags |= (TF_ACTIVE | TF_SENT); - atomic_inc(&cmd->t_task_cdbs_sent); @@ -37985,7 +36847,7 @@ index cdb774b..8753593 100644 cmd->t_task_list_num) atomic_set(&cmd->t_transport_sent, 1); -@@ -4297,7 +4297,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd) +@@ -4348,7 +4348,7 @@ bool transport_wait_for_tasks(struct se_cmd *cmd) atomic_set(&cmd->transport_lun_stop, 0); } if (!atomic_read(&cmd->t_transport_active) || @@ -37994,7 +36856,7 @@ index cdb774b..8753593 100644 spin_unlock_irqrestore(&cmd->t_state_lock, flags); return false; } -@@ -4546,7 +4546,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status) +@@ -4597,7 +4597,7 @@ int transport_check_aborted_status(struct se_cmd *cmd, int send_status) { int ret = 0; @@ -38003,7 +36865,7 @@ index cdb774b..8753593 100644 if (!send_status || (cmd->se_cmd_flags & SCF_SENT_DELAYED_TAS)) return 1; -@@ -4583,7 +4583,7 @@ void transport_send_task_abort(struct se_cmd *cmd) +@@ -4634,7 +4634,7 @@ void transport_send_task_abort(struct se_cmd *cmd) */ if (cmd->data_direction == DMA_TO_DEVICE) { if (cmd->se_tfo->write_pending_status(cmd) != 0) { @@ -38258,7 +37120,7 @@ index fc7bbba..9527e93 100644 return NULL; } diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index 39d6ab6..eb97f41 100644 +index d2256d0..97476fa 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c @@ -2123,6 +2123,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) @@ -38271,10 +37133,10 @@ index 39d6ab6..eb97f41 100644 } EXPORT_SYMBOL_GPL(n_tty_inherit_ops); diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index e18604b..a7d5a11 100644 +index d8653ab..f8afd9d 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c -@@ -773,8 +773,10 @@ static void __init unix98_pty_init(void) +@@ -765,8 +765,10 @@ static void __init unix98_pty_init(void) register_sysctl_table(pty_root_table); /* Now create the /dev/ptmx special device */ @@ -38389,10 +37251,10 @@ index 2b42a01..32a2ed3 100644 /* This is only available if kgdboc is a built in for early debugging */ static int __init kgdboc_early_init(char *opt) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index 05085be..67eadb0 100644 +index e41b9bb..84002fb 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c -@@ -3240,7 +3240,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); +@@ -3291,7 +3291,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); void tty_default_fops(struct file_operations *fops) { @@ -38402,10 +37264,10 @@ index 05085be..67eadb0 100644 /* diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c -index 8e0924f..4204eb4 100644 +index 24b95db..9c078d0 100644 --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c -@@ -75,7 +75,7 @@ static void put_ldisc(struct tty_ldisc *ld) +@@ -57,7 +57,7 @@ static void put_ldisc(struct tty_ldisc *ld) if (atomic_dec_and_lock(&ld->users, &tty_ldisc_lock)) { struct tty_ldisc_ops *ldo = ld->ops; @@ -38414,7 +37276,7 @@ index 8e0924f..4204eb4 100644 module_put(ldo->owner); spin_unlock_irqrestore(&tty_ldisc_lock, flags); -@@ -110,7 +110,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc) +@@ -92,7 +92,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc) spin_lock_irqsave(&tty_ldisc_lock, flags); tty_ldiscs[disc] = new_ldisc; new_ldisc->num = disc; @@ -38423,7 +37285,7 @@ index 8e0924f..4204eb4 100644 spin_unlock_irqrestore(&tty_ldisc_lock, flags); return ret; -@@ -138,7 +138,7 @@ int tty_unregister_ldisc(int disc) +@@ -120,7 +120,7 @@ int tty_unregister_ldisc(int disc) return -EINVAL; spin_lock_irqsave(&tty_ldisc_lock, flags); @@ -38432,7 +37294,7 @@ index 8e0924f..4204eb4 100644 ret = -EBUSY; else tty_ldiscs[disc] = NULL; -@@ -159,7 +159,7 @@ static struct tty_ldisc_ops *get_ldops(int disc) +@@ -141,7 +141,7 @@ static struct tty_ldisc_ops *get_ldops(int disc) if (ldops) { ret = ERR_PTR(-EAGAIN); if (try_module_get(ldops->owner)) { @@ -38441,7 +37303,7 @@ index 8e0924f..4204eb4 100644 ret = ldops; } } -@@ -172,7 +172,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops) +@@ -154,7 +154,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops) unsigned long flags; spin_lock_irqsave(&tty_ldisc_lock, flags); @@ -38611,7 +37473,7 @@ index a783d53..cb30d94 100644 ret = uio_get_minor(idev); if (ret) diff --git a/drivers/usb/atm/cxacru.c b/drivers/usb/atm/cxacru.c -index a845f8b..4f54072 100644 +index 98b89fe..aff824e 100644 --- a/drivers/usb/atm/cxacru.c +++ b/drivers/usb/atm/cxacru.c @@ -473,7 +473,7 @@ static ssize_t cxacru_sysfs_store_adsl_config(struct device *dev, @@ -38737,6 +37599,21 @@ index d956965..4179a77 100644 if (file->f_version != event_count) { file->f_version = event_count; return POLLIN | POLLRDNORM; +diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c +index b3bdfed..a9460e0 100644 +--- a/drivers/usb/core/message.c ++++ b/drivers/usb/core/message.c +@@ -869,8 +869,8 @@ char *usb_cache_string(struct usb_device *udev, int index) + buf = kmalloc(MAX_USB_STRING_SIZE, GFP_NOIO); + if (buf) { + len = usb_string(udev, index, buf, MAX_USB_STRING_SIZE); +- if (len > 0) { +- smallbuf = kmalloc(++len, GFP_NOIO); ++ if (len++ > 0) { ++ smallbuf = kmalloc(len, GFP_NOIO); + if (!smallbuf) + return buf; + memcpy(smallbuf, buf, len); diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c index 1fc8f12..20647c1 100644 --- a/drivers/usb/early/ehci-dbgp.c @@ -38839,19 +37716,6 @@ index b0b2ac3..89a4399 100644 "AGP", "PCI", "PRO AGP", -diff --git a/drivers/video/backlight/s6e63m0.c b/drivers/video/backlight/s6e63m0.c -index e132157..516db70 100644 ---- a/drivers/video/backlight/s6e63m0.c -+++ b/drivers/video/backlight/s6e63m0.c -@@ -690,7 +690,7 @@ static ssize_t s6e63m0_sysfs_store_gamma_mode(struct device *dev, - struct backlight_device *bd = NULL; - int brightness, rc; - -- rc = strict_strtoul(buf, 0, (unsigned long *)&lcd->gamma_mode); -+ rc = kstrtouint(buf, 0, &lcd->gamma_mode); - if (rc < 0) - return rc; - diff --git a/drivers/video/fbcmap.c b/drivers/video/fbcmap.c index 5c3960d..15cf8fc 100644 --- a/drivers/video/fbcmap.c @@ -38867,7 +37731,7 @@ index 5c3960d..15cf8fc 100644 goto out1; } diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c -index ad93629..e020fc3 100644 +index ac9141b..9f07583 100644 --- a/drivers/video/fbmem.c +++ b/drivers/video/fbmem.c @@ -428,7 +428,7 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image, @@ -38888,7 +37752,7 @@ index ad93629..e020fc3 100644 info->fbops->fb_imageblit(info, image); image->dy -= image->height + 8; } -@@ -1143,7 +1143,7 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd, +@@ -1157,7 +1157,7 @@ static long do_fb_ioctl(struct fb_info *info, unsigned int cmd, return -EFAULT; if (con2fb.console < 1 || con2fb.console > MAX_NR_CONSOLES) return -EINVAL; @@ -38945,7 +37809,7 @@ index 7672d2e..b56437f 100644 par->dev_flags |= LOCKUP; info->pixmap.scan_align = 1; diff --git a/drivers/video/i810/i810_main.c b/drivers/video/i810/i810_main.c -index 318f6fb..9a389c1 100644 +index b83f361..2b05a91 100644 --- a/drivers/video/i810/i810_main.c +++ b/drivers/video/i810/i810_main.c @@ -97,7 +97,7 @@ static int i810fb_blank (int blank_mode, struct fb_info *info); @@ -41700,7 +40564,7 @@ index 3c14e43..eafa544 100644 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 +4 4 4 4 4 4 diff --git a/drivers/video/udlfb.c b/drivers/video/udlfb.c -index 3473e75..c930142 100644 +index a197731..6c3af9d 100644 --- a/drivers/video/udlfb.c +++ b/drivers/video/udlfb.c @@ -619,11 +619,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int x, int y, @@ -41787,7 +40651,7 @@ index 3473e75..c930142 100644 return count; } diff --git a/drivers/video/uvesafb.c b/drivers/video/uvesafb.c -index 7f8472c..9842e87 100644 +index e7f69ef..83af4fd 100644 --- a/drivers/video/uvesafb.c +++ b/drivers/video/uvesafb.c @@ -19,6 +19,7 @@ @@ -42008,23 +40872,23 @@ index e56c934..fc22f4b 100644 struct list_head list; }; diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c -index 879ed88..bc03a01 100644 +index 014c8dd..6f3dfe6 100644 --- a/fs/9p/vfs_inode.c +++ b/fs/9p/vfs_inode.c -@@ -1286,7 +1286,7 @@ static void *v9fs_vfs_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -1303,7 +1303,7 @@ static void *v9fs_vfs_follow_link(struct dentry *dentry, struct nameidata *nd) void v9fs_vfs_put_link(struct dentry *dentry, struct nameidata *nd, void *p) { - char *s = nd_get_link(nd); + const char *s = nd_get_link(nd); - P9_DPRINTK(P9_DEBUG_VFS, " %s %s\n", dentry->d_name.name, - IS_ERR(s) ? "<error>" : s); + p9_debug(P9_DEBUG_VFS, " %s %s\n", + dentry->d_name.name, IS_ERR(s) ? "<error>" : s); diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt -index 79e2ca7..5828ad1 100644 +index e95d1b6..3454244 100644 --- a/fs/Kconfig.binfmt +++ b/fs/Kconfig.binfmt -@@ -86,7 +86,7 @@ config HAVE_AOUT +@@ -89,7 +89,7 @@ config HAVE_AOUT config BINFMT_AOUT tristate "Kernel support for a.out and ECOFF binaries" @@ -42077,7 +40941,7 @@ index b9d64d8..86cb1d5 100644 kiocb->ki_cur_seg = 0; /* ki_nbytes/left now reflect bytes instead of segs */ diff --git a/fs/attr.c b/fs/attr.c -index 7ee7ba4..0c61a60 100644 +index 95053ad..2cc93ca 100644 --- a/fs/attr.c +++ b/fs/attr.c @@ -99,6 +99,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset) @@ -42089,10 +40953,10 @@ index 7ee7ba4..0c61a60 100644 goto out_sig; if (offset > inode->i_sb->s_maxbytes) diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c -index 6861f61..a25f010 100644 +index 9c098db..c755da5 100644 --- a/fs/autofs4/waitq.c +++ b/fs/autofs4/waitq.c -@@ -60,7 +60,7 @@ static int autofs4_write(struct file *file, const void *addr, int bytes) +@@ -61,7 +61,7 @@ static int autofs4_write(struct autofs_sb_info *sbi, { unsigned long sigpipe, flags; mm_segment_t fs; @@ -42100,12 +40964,12 @@ index 6861f61..a25f010 100644 + const char __user *data = (const char __force_user *)addr; ssize_t wr = 0; - /** WARNING: this is not safe for writing more than PIPE_BUF bytes! **/ + sigpipe = sigismember(¤t->pending.signal, SIGPIPE); diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c -index 8342ca6..82fd192 100644 +index 6e6d536..457113a 100644 --- a/fs/befs/linuxvfs.c +++ b/fs/befs/linuxvfs.c -@@ -503,7 +503,7 @@ static void befs_put_link(struct dentry *dentry, struct nameidata *nd, void *p) +@@ -502,7 +502,7 @@ static void befs_put_link(struct dentry *dentry, struct nameidata *nd, void *p) { befs_inode_info *befs_ino = BEFS_I(dentry->d_inode); if (befs_ino->i_flags & BEFS_LONG_SYMLINK) { @@ -42115,7 +40979,7 @@ index 8342ca6..82fd192 100644 kfree(link); } diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c -index a6395bd..f1e376a 100644 +index 1ff9405..f1e376a 100644 --- a/fs/binfmt_aout.c +++ b/fs/binfmt_aout.c @@ -16,6 +16,7 @@ @@ -42157,17 +41021,7 @@ index a6395bd..f1e376a 100644 if (ex.a_data + ex.a_bss > rlim) return -ENOMEM; -@@ -259,9 +266,37 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) - current->mm->free_area_cache = current->mm->mmap_base; - current->mm->cached_hole_size = 0; - -+ retval = setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); -+ if (retval < 0) { -+ /* Someone check-me: is this error path enough? */ -+ send_sig(SIGKILL, current, 0); -+ return retval; -+ } -+ +@@ -269,6 +276,27 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) install_exec_creds(bprm); current->flags &= ~PF_FORKNOEXEC; @@ -42195,7 +41049,7 @@ index a6395bd..f1e376a 100644 if (N_MAGIC(ex) == OMAGIC) { unsigned long text_addr, map_size; loff_t pos; -@@ -334,7 +369,7 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) +@@ -341,7 +369,7 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) down_write(¤t->mm->mmap_sem); error = do_mmap(bprm->file, N_DATADDR(ex), ex.a_data, @@ -42204,22 +41058,8 @@ index a6395bd..f1e376a 100644 MAP_FIXED | MAP_PRIVATE | MAP_DENYWRITE | MAP_EXECUTABLE, fd_offset + ex.a_text); up_write(¤t->mm->mmap_sem); -@@ -352,13 +387,6 @@ beyond_if: - return retval; - } - -- retval = setup_arg_pages(bprm, STACK_TOP, EXSTACK_DEFAULT); -- if (retval < 0) { -- /* Someone check-me: is this error path enough? */ -- send_sig(SIGKILL, current, 0); -- return retval; -- } -- - current->mm->start_stack = - (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); - #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 6ff96c6..dbf63ee 100644 +index 07d096c..5e2a0b3 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -42853,19 +41693,7 @@ index 6ff96c6..dbf63ee 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -870,6 +1328,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) - start_data += load_bias; - end_data += load_bias; - -+#ifdef CONFIG_PAX_RANDMMAP -+ if (current->mm->pax_flags & MF_PAX_RANDMMAP) -+ elf_brk += PAGE_SIZE + ((pax_get_random_long() & ~PAGE_MASK) << 4); -+#endif -+ - /* Calling set_brk effectively mmaps the pages that we need - * for the bss and break sections. We must do this before - * mapping in the interpreter, to make sure it doesn't wind -@@ -881,9 +1344,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -881,11 +1339,35 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -42879,8 +41707,32 @@ index 6ff96c6..dbf63ee 100644 + */ } ++#ifdef CONFIG_PAX_RANDMMAP ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) { ++ unsigned long start, size; ++ ++ start = ELF_PAGEALIGN(elf_brk); ++ size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4); ++ down_write(¤t->mm->mmap_sem); ++ retval = -ENOMEM; ++ if (!find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) { ++ start = do_mmap(NULL, start, size, PROT_NONE, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0); ++ retval = IS_ERR_VALUE(start) ? start : 0; ++ } ++ up_write(¤t->mm->mmap_sem); ++ if (retval == 0) ++ retval = set_brk(start + size, start + size + PAGE_SIZE); ++ if (retval < 0) { ++ send_sig(SIGKILL, current, 0); ++ goto out_free_dentry; ++ } ++ } ++#endif ++ if (elf_interpreter) { -@@ -1098,7 +1563,7 @@ out: + unsigned long uninitialized_var(interp_map_addr); + +@@ -1098,7 +1580,7 @@ out: * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -42889,7 +41741,7 @@ index 6ff96c6..dbf63ee 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1132,7 +1597,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1132,7 +1614,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -42898,7 +41750,7 @@ index 6ff96c6..dbf63ee 100644 goto whole; /* -@@ -1354,9 +1819,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1354,9 +1836,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -42910,7 +41762,7 @@ index 6ff96c6..dbf63ee 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1862,14 +2327,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -1862,14 +2344,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -42927,7 +41779,7 @@ index 6ff96c6..dbf63ee 100644 return size; } -@@ -1963,7 +2428,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1963,7 +2445,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -42936,7 +41788,7 @@ index 6ff96c6..dbf63ee 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -1977,10 +2442,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1977,10 +2459,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -42949,7 +41801,7 @@ index 6ff96c6..dbf63ee 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -1994,7 +2461,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -1994,7 +2478,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -42958,7 +41810,7 @@ index 6ff96c6..dbf63ee 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2005,6 +2472,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2005,6 +2489,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -42966,7 +41818,7 @@ index 6ff96c6..dbf63ee 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2029,7 +2497,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2029,7 +2514,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -42975,7 +41827,7 @@ index 6ff96c6..dbf63ee 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2038,6 +2506,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2038,6 +2523,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -42983,7 +41835,7 @@ index 6ff96c6..dbf63ee 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2055,6 +2524,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2055,6 +2541,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -42991,7 +41843,7 @@ index 6ff96c6..dbf63ee 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2075,6 +2545,97 @@ out: +@@ -2075,6 +2562,97 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -43126,10 +41978,19 @@ index 1bffbe0..c8c283e 100644 goto err; } diff --git a/fs/bio.c b/fs/bio.c -index b1fe82c..84da0a9 100644 +index b980ecd..74800bf 100644 --- a/fs/bio.c +++ b/fs/bio.c -@@ -1233,7 +1233,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) +@@ -833,7 +833,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, + /* + * Overflow, abort + */ +- if (end < start) ++ if (end < start || end - start > INT_MAX - nr_pages) + return ERR_PTR(-EINVAL); + + nr_pages += end - start; +@@ -1229,7 +1229,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) const int read = bio_data_dir(bio) == READ; struct bio_map_data *bmd = bio->bi_private; int i; @@ -43139,10 +42000,10 @@ index b1fe82c..84da0a9 100644 __bio_for_each_segment(bvec, bio, i, 0) { char *addr = page_address(bvec->bv_page); diff --git a/fs/block_dev.c b/fs/block_dev.c -index abe9b48..5df59e8 100644 +index 5e9f198..6bf9b1c 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c -@@ -681,7 +681,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole, +@@ -703,7 +703,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole, else if (bdev->bd_contains == bdev) return true; /* is a whole device which isn't held */ @@ -43151,8 +42012,21 @@ index abe9b48..5df59e8 100644 return true; /* is a partition of a device that is being partitioned */ else if (whole->bd_holder != NULL) return false; /* is a partition of a held device */ +diff --git a/fs/btrfs/check-integrity.c b/fs/btrfs/check-integrity.c +index d986824..af1befd 100644 +--- a/fs/btrfs/check-integrity.c ++++ b/fs/btrfs/check-integrity.c +@@ -157,7 +157,7 @@ struct btrfsic_block { + union { + bio_end_io_t *bio; + bh_end_io_t *bh; +- } orig_bio_bh_end_io; ++ } __no_const orig_bio_bh_end_io; + int submit_bio_bh_rw; + u64 flush_gen; /* only valid if !never_written */ + }; diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index dede441..f2a2507 100644 +index 0639a55..7d9e07f 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -488,9 +488,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, @@ -43172,10 +42046,10 @@ index dede441..f2a2507 100644 WARN_ON(trans->transid != btrfs_header_generation(parent)); diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index fd1a06d..6e9033d 100644 +index 892b347..b3db246 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c -@@ -6895,7 +6895,7 @@ fail: +@@ -6930,7 +6930,7 @@ fail: return -ENOMEM; } @@ -43184,7 +42058,7 @@ index fd1a06d..6e9033d 100644 struct dentry *dentry, struct kstat *stat) { struct inode *inode = dentry->d_inode; -@@ -6909,6 +6909,14 @@ static int btrfs_getattr(struct vfsmount *mnt, +@@ -6944,6 +6944,14 @@ static int btrfs_getattr(struct vfsmount *mnt, return 0; } @@ -43200,10 +42074,10 @@ index fd1a06d..6e9033d 100644 * If a file is moved, it will inherit the cow and compression flags of the new * directory. diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c -index c04f02c..f5c9e2e 100644 +index d8b5471..e5463d7 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c -@@ -2733,9 +2733,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) +@@ -2783,9 +2783,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) for (i = 0; i < num_types; i++) { struct btrfs_space_info *tmp; @@ -43216,7 +42090,7 @@ index c04f02c..f5c9e2e 100644 info = NULL; rcu_read_lock(); list_for_each_entry_rcu(tmp, &root->fs_info->space_info, -@@ -2757,15 +2760,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) +@@ -2807,15 +2810,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) memcpy(dest, &space, sizeof(space)); dest++; space_args.total_spaces++; @@ -43234,7 +42108,7 @@ index c04f02c..f5c9e2e 100644 if (copy_to_user(user_dest, dest_orig, alloc_size)) diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c -index cfb5543..1ae7347 100644 +index 8c1aae2..1e46446 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -1244,7 +1244,7 @@ static int __update_reloc_root(struct btrfs_root *root, int del) @@ -43401,7 +42275,7 @@ index 0e3c092..818480e 100644 kunmap(page); if (ret != len) diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c -index 9895400..fa40a7d 100644 +index 3e8094b..cb3ff3d 100644 --- a/fs/ceph/dir.c +++ b/fs/ceph/dir.c @@ -244,7 +244,7 @@ static int ceph_readdir(struct file *filp, void *dirent, filldir_t filldir) @@ -43413,22 +42287,17 @@ index 9895400..fa40a7d 100644 int err; u32 ftype; struct ceph_mds_reply_info_parsed *rinfo; -diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c -index cfd1ce3..6b13a74 100644 ---- a/fs/cifs/asn1.c -+++ b/fs/cifs/asn1.c -@@ -416,6 +416,9 @@ asn1_subid_decode(struct asn1_ctx *ctx, unsigned long *subid) +@@ -598,7 +598,7 @@ static struct dentry *ceph_lookup(struct inode *dir, struct dentry *dentry, + if (nd && + (nd->flags & LOOKUP_OPEN) && + !(nd->intent.open.flags & O_CREAT)) { +- int mode = nd->intent.open.create_mode & ~current->fs->umask; ++ int mode = nd->intent.open.create_mode & ~current_umask(); + return ceph_lookup_open(dir, dentry, nd, mode, 1); + } - static int - asn1_oid_decode(struct asn1_ctx *ctx, -+ unsigned char *eoc, unsigned long **oid, unsigned int *len) __size_overflow(2); -+static int -+asn1_oid_decode(struct asn1_ctx *ctx, - unsigned char *eoc, unsigned long **oid, unsigned int *len) - { - unsigned long subid; diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c -index 84e8c07..6170d31 100644 +index 24b3dfc..3cd5454 100644 --- a/fs/cifs/cifs_debug.c +++ b/fs/cifs/cifs_debug.c @@ -265,8 +265,8 @@ static ssize_t cifs_stats_proc_write(struct file *file, @@ -43561,7 +42430,7 @@ index 84e8c07..6170d31 100644 } } diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c -index 8f1fe32..38f9e27 100644 +index b1fd382..df45435 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c @@ -989,7 +989,7 @@ cifs_init_request_bufs(void) @@ -43594,7 +42463,7 @@ index 8f1fe32..38f9e27 100644 atomic_set(&midCount, 0); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h -index 8238aa1..0347196 100644 +index 76e7d8b..4814992 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -392,28 +392,28 @@ struct cifs_tcon { @@ -43657,7 +42526,7 @@ index 8238aa1..0347196 100644 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, unsigned int bytes) -@@ -985,8 +985,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; +@@ -987,8 +987,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; /* Various Debug counters */ GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ #ifdef CONFIG_CIFS_STATS2 @@ -43752,21 +42621,10 @@ index 6901578..d402eb5 100644 return hit; diff --git a/fs/compat.c b/fs/compat.c -index c987875..08771ca 100644 +index 07880ba..3fb2862 100644 --- a/fs/compat.c +++ b/fs/compat.c -@@ -132,8 +132,8 @@ asmlinkage long compat_sys_utimes(const char __user *filename, struct compat_tim - static int cp_compat_stat(struct kstat *stat, struct compat_stat __user *ubuf) - { - compat_ino_t ino = stat->ino; -- typeof(ubuf->st_uid) uid = 0; -- typeof(ubuf->st_gid) gid = 0; -+ typeof(((struct compat_stat *)0)->st_uid) uid = 0; -+ typeof(((struct compat_stat *)0)->st_gid) gid = 0; - int err; - - SET_UID(uid, stat->uid); -@@ -504,7 +504,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p) +@@ -491,7 +491,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p) set_fs(KERNEL_DS); /* The __user pointer cast is valid because of the set_fs() */ @@ -43775,7 +42633,7 @@ index c987875..08771ca 100644 set_fs(oldfs); /* truncating is ok because it's a user address */ if (!ret) -@@ -562,7 +562,7 @@ ssize_t compat_rw_copy_check_uvector(int type, +@@ -549,7 +549,7 @@ ssize_t compat_rw_copy_check_uvector(int type, goto out; ret = -EINVAL; @@ -43784,7 +42642,7 @@ index c987875..08771ca 100644 goto out; if (nr_segs > fast_segs) { ret = -ENOMEM; -@@ -845,6 +845,7 @@ struct compat_old_linux_dirent { +@@ -832,6 +832,7 @@ struct compat_old_linux_dirent { struct compat_readdir_callback { struct compat_old_linux_dirent __user *dirent; @@ -43792,7 +42650,7 @@ index c987875..08771ca 100644 int result; }; -@@ -862,6 +863,10 @@ static int compat_fillonedir(void *__buf, const char *name, int namlen, +@@ -849,6 +850,10 @@ static int compat_fillonedir(void *__buf, const char *name, int namlen, buf->result = -EOVERFLOW; return -EOVERFLOW; } @@ -43803,7 +42661,7 @@ index c987875..08771ca 100644 buf->result++; dirent = buf->dirent; if (!access_ok(VERIFY_WRITE, dirent, -@@ -894,6 +899,7 @@ asmlinkage long compat_sys_old_readdir(unsigned int fd, +@@ -881,6 +886,7 @@ asmlinkage long compat_sys_old_readdir(unsigned int fd, buf.result = 0; buf.dirent = dirent; @@ -43811,7 +42669,7 @@ index c987875..08771ca 100644 error = vfs_readdir(file, compat_fillonedir, &buf); if (buf.result) -@@ -914,6 +920,7 @@ struct compat_linux_dirent { +@@ -901,6 +907,7 @@ struct compat_linux_dirent { struct compat_getdents_callback { struct compat_linux_dirent __user *current_dir; struct compat_linux_dirent __user *previous; @@ -43819,7 +42677,7 @@ index c987875..08771ca 100644 int count; int error; }; -@@ -935,6 +942,10 @@ static int compat_filldir(void *__buf, const char *name, int namlen, +@@ -922,6 +929,10 @@ static int compat_filldir(void *__buf, const char *name, int namlen, buf->error = -EOVERFLOW; return -EOVERFLOW; } @@ -43830,7 +42688,7 @@ index c987875..08771ca 100644 dirent = buf->previous; if (dirent) { if (__put_user(offset, &dirent->d_off)) -@@ -982,6 +993,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd, +@@ -969,6 +980,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd, buf.previous = NULL; buf.count = count; buf.error = 0; @@ -43838,7 +42696,7 @@ index c987875..08771ca 100644 error = vfs_readdir(file, compat_filldir, &buf); if (error >= 0) -@@ -1003,6 +1015,7 @@ out: +@@ -990,6 +1002,7 @@ out: struct compat_getdents_callback64 { struct linux_dirent64 __user *current_dir; struct linux_dirent64 __user *previous; @@ -43846,7 +42704,7 @@ index c987875..08771ca 100644 int count; int error; }; -@@ -1019,6 +1032,10 @@ static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t +@@ -1006,6 +1019,10 @@ static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t buf->error = -EINVAL; /* only used if we fail.. */ if (reclen > buf->count) return -EINVAL; @@ -43857,7 +42715,7 @@ index c987875..08771ca 100644 dirent = buf->previous; if (dirent) { -@@ -1070,13 +1087,14 @@ asmlinkage long compat_sys_getdents64(unsigned int fd, +@@ -1057,13 +1074,14 @@ asmlinkage long compat_sys_getdents64(unsigned int fd, buf.previous = NULL; buf.count = count; buf.error = 0; @@ -43892,10 +42750,10 @@ index 112e45a..b59845b 100644 /* diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c -index 51352de..93292ff 100644 +index a26bea1..ae23e72 100644 --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c -@@ -210,6 +210,8 @@ static int do_video_set_spu_palette(unsigned int fd, unsigned int cmd, +@@ -211,6 +211,8 @@ static int do_video_set_spu_palette(unsigned int fd, unsigned int cmd, err = get_user(palp, &up->palette); err |= get_user(length, &up->length); @@ -43904,7 +42762,7 @@ index 51352de..93292ff 100644 up_native = compat_alloc_user_space(sizeof(struct video_spu_palette)); err = put_user(compat_ptr(palp), &up_native->palette); -@@ -621,7 +623,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd, +@@ -622,7 +624,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd, return -EFAULT; if (__get_user(udata, &ss32->iomem_base)) return -EFAULT; @@ -43913,7 +42771,7 @@ index 51352de..93292ff 100644 if (__get_user(ss.iomem_reg_shift, &ss32->iomem_reg_shift) || __get_user(ss.port_high, &ss32->port_high)) return -EFAULT; -@@ -796,7 +798,7 @@ static int compat_ioctl_preallocate(struct file *file, +@@ -797,7 +799,7 @@ static int compat_ioctl_preallocate(struct file *file, copy_in_user(&p->l_len, &p32->l_len, sizeof(s64)) || copy_in_user(&p->l_sysid, &p32->l_sysid, sizeof(s32)) || copy_in_user(&p->l_pid, &p32->l_pid, sizeof(u32)) || @@ -43922,7 +42780,7 @@ index 51352de..93292ff 100644 return -EFAULT; return ioctl_preallocate(file, p); -@@ -1644,8 +1646,8 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd, +@@ -1611,8 +1613,8 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd, static int __init init_sys32_ioctl_cmp(const void *p, const void *q) { unsigned int a, b; @@ -43934,7 +42792,7 @@ index 51352de..93292ff 100644 return 1; if (a < b) diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c -index 9a37a9b..35792b6 100644 +index 5ddd7eb..c18bf04 100644 --- a/fs/configfs/dir.c +++ b/fs/configfs/dir.c @@ -1575,7 +1575,8 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir @@ -43962,10 +42820,24 @@ index 9a37a9b..35792b6 100644 /* * We'll have a dentry and an inode for diff --git a/fs/dcache.c b/fs/dcache.c -index f7908ae..920a680 100644 +index bcbdb33..55ffe97 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -3042,7 +3042,7 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -105,10 +105,10 @@ static unsigned int d_hash_shift __read_mostly; + static struct hlist_bl_head *dentry_hashtable __read_mostly; + + static inline struct hlist_bl_head *d_hash(const struct dentry *parent, +- unsigned long hash) ++ unsigned int hash) + { +- hash += ((unsigned long) parent ^ GOLDEN_RATIO_PRIME) / L1_CACHE_BYTES; +- hash = hash ^ ((hash ^ GOLDEN_RATIO_PRIME) >> D_HASHBITS); ++ hash += (unsigned long) parent / L1_CACHE_BYTES; ++ hash = hash + (hash >> D_HASHBITS); + return dentry_hashtable + (hash & D_HASHMASK); + } + +@@ -3066,7 +3066,7 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -43975,7 +42847,7 @@ index f7908ae..920a680 100644 dcache_init(); inode_init(); diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c -index f3a257d..715ac0f 100644 +index 956d5dd..e755e04 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c @@ -261,7 +261,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); @@ -43991,10 +42863,10 @@ index f3a257d..715ac0f 100644 } EXPORT_SYMBOL_GPL(debugfs_create_dir); diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c -index af11098..81e3bbe 100644 +index ab35b11..b30af66 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c -@@ -691,7 +691,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf, +@@ -672,7 +672,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf, old_fs = get_fs(); set_fs(get_ds()); rc = lower_dentry->d_inode->i_op->readlink(lower_dentry, @@ -44003,7 +42875,7 @@ index af11098..81e3bbe 100644 lower_bufsiz); set_fs(old_fs); if (rc < 0) -@@ -737,7 +737,7 @@ static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -718,7 +718,7 @@ static void *ecryptfs_follow_link(struct dentry *dentry, struct nameidata *nd) } old_fs = get_fs(); set_fs(get_ds()); @@ -44012,7 +42884,7 @@ index af11098..81e3bbe 100644 set_fs(old_fs); if (rc < 0) { kfree(buf); -@@ -752,7 +752,7 @@ out: +@@ -733,7 +733,7 @@ out: static void ecryptfs_put_link(struct dentry *dentry, struct nameidata *nd, void *ptr) { @@ -44022,12 +42894,12 @@ index af11098..81e3bbe 100644 /* Free the char* */ kfree(buf); diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c -index 0dc5a3d..d3cdeea 100644 +index 3a06f40..f7af544 100644 --- a/fs/ecryptfs/miscdev.c +++ b/fs/ecryptfs/miscdev.c -@@ -328,7 +328,7 @@ check_list: +@@ -345,7 +345,7 @@ check_list: goto out_unlock_msg_ctx; - i = 5; + i = PKT_TYPE_SIZE + PKT_CTR_SIZE; if (msg_ctx->msg) { - if (copy_to_user(&buf[i], packet_length, packet_length_size)) + if (packet_length_size > sizeof(packet_length) || copy_to_user(&buf[i], packet_length, packet_length_size)) @@ -44035,7 +42907,7 @@ index 0dc5a3d..d3cdeea 100644 i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c -index 608c1c3..7d040a8 100644 +index b2a34a1..162fa69 100644 --- a/fs/ecryptfs/read_write.c +++ b/fs/ecryptfs/read_write.c @@ -48,7 +48,7 @@ int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data, @@ -44057,10 +42929,10 @@ index 608c1c3..7d040a8 100644 return rc; } diff --git a/fs/exec.c b/fs/exec.c -index 3625464..ff895b9 100644 +index 153dee1..8ee97ba 100644 --- a/fs/exec.c +++ b/fs/exec.c -@@ -55,12 +55,28 @@ +@@ -55,6 +55,13 @@ #include <linux/pipe_fs_i.h> #include <linux/oom.h> #include <linux/compat.h> @@ -44074,7 +42946,8 @@ index 3625464..ff895b9 100644 #include <asm/uaccess.h> #include <asm/mmu_context.h> - #include <asm/tlb.h> +@@ -63,6 +70,15 @@ + #include <trace/events/task.h> #include "internal.h" +#ifndef CONFIG_PAX_HAVE_ACL_FLAGS @@ -44089,7 +42962,7 @@ index 3625464..ff895b9 100644 int core_uses_pid; char core_pattern[CORENAME_MAX_SIZE] = "core"; unsigned int core_pipe_limit; -@@ -70,7 +86,7 @@ struct core_name { +@@ -72,7 +88,7 @@ struct core_name { char *corename; int used, size; }; @@ -44098,7 +42971,7 @@ index 3625464..ff895b9 100644 /* The maximal length of core_pattern is also specified in sysctl.c */ -@@ -188,18 +204,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -190,18 +206,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, int write) { struct page *page; @@ -44120,7 +42993,7 @@ index 3625464..ff895b9 100644 return NULL; if (write) { -@@ -215,6 +223,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -217,6 +225,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, if (size <= ARG_MAX) return page; @@ -44138,7 +43011,7 @@ index 3625464..ff895b9 100644 /* * Limit to 1/4-th the stack size for the argv+env strings. * This ensures that: -@@ -274,6 +293,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -276,6 +295,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) vma->vm_end = STACK_TOP_MAX; vma->vm_start = vma->vm_end - PAGE_SIZE; vma->vm_flags = VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP; @@ -44150,7 +43023,7 @@ index 3625464..ff895b9 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); INIT_LIST_HEAD(&vma->anon_vma_chain); -@@ -288,6 +312,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -290,6 +314,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) mm->stack_vm = mm->total_vm = 1; up_write(&mm->mmap_sem); bprm->p = vma->vm_end - sizeof(void *); @@ -44163,7 +43036,7 @@ index 3625464..ff895b9 100644 return 0; err: up_write(&mm->mmap_sem); -@@ -396,19 +426,7 @@ err: +@@ -398,19 +428,7 @@ err: return err; } @@ -44184,7 +43057,7 @@ index 3625464..ff895b9 100644 { const char __user *native; -@@ -417,14 +435,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) +@@ -419,14 +437,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) compat_uptr_t compat; if (get_user(compat, argv.ptr.compat + nr)) @@ -44201,7 +43074,7 @@ index 3625464..ff895b9 100644 return native; } -@@ -443,7 +461,7 @@ static int count(struct user_arg_ptr argv, int max) +@@ -445,7 +463,7 @@ static int count(struct user_arg_ptr argv, int max) if (!p) break; @@ -44210,7 +43083,7 @@ index 3625464..ff895b9 100644 return -EFAULT; if (i++ >= max) -@@ -477,7 +495,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, +@@ -479,7 +497,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, ret = -EFAULT; str = get_user_arg_ptr(argv, argc); @@ -44219,7 +43092,7 @@ index 3625464..ff895b9 100644 goto out; len = strnlen_user(str, MAX_ARG_STRLEN); -@@ -559,7 +577,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, +@@ -561,7 +579,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, int r; mm_segment_t oldfs = get_fs(); struct user_arg_ptr argv = { @@ -44228,7 +43101,7 @@ index 3625464..ff895b9 100644 }; set_fs(KERNEL_DS); -@@ -594,7 +612,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -596,7 +614,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) unsigned long new_end = old_end - shift; struct mmu_gather tlb; @@ -44238,7 +43111,7 @@ index 3625464..ff895b9 100644 /* * ensure there are no vmas between where we want to go -@@ -603,6 +622,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -605,6 +624,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) if (vma != find_vma(mm, new_start)) return -EFAULT; @@ -44249,7 +43122,7 @@ index 3625464..ff895b9 100644 /* * cover the whole range: [new_start, old_end) */ -@@ -683,10 +706,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -685,10 +708,6 @@ int setup_arg_pages(struct linux_binprm *bprm, stack_top = arch_align_stack(stack_top); stack_top = PAGE_ALIGN(stack_top); @@ -44260,7 +43133,7 @@ index 3625464..ff895b9 100644 stack_shift = vma->vm_end - stack_top; bprm->p -= stack_shift; -@@ -698,8 +717,28 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -700,8 +719,28 @@ int setup_arg_pages(struct linux_binprm *bprm, bprm->exec -= stack_shift; down_write(&mm->mmap_sem); @@ -44289,7 +43162,7 @@ index 3625464..ff895b9 100644 /* * Adjust stack execute permissions; explicitly enable for * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone -@@ -718,13 +757,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -720,13 +759,6 @@ int setup_arg_pages(struct linux_binprm *bprm, goto out_unlock; BUG_ON(prev != vma); @@ -44303,7 +43176,7 @@ index 3625464..ff895b9 100644 /* mprotect_fixup is overkill to remove the temporary stack flags */ vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP; -@@ -805,7 +837,7 @@ int kernel_read(struct file *file, loff_t offset, +@@ -807,7 +839,7 @@ int kernel_read(struct file *file, loff_t offset, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -44312,68 +43185,7 @@ index 3625464..ff895b9 100644 set_fs(old_fs); return result; } -@@ -1067,6 +1099,21 @@ void set_task_comm(struct task_struct *tsk, char *buf) - perf_event_comm(tsk); - } - -+static void filename_to_taskname(char *tcomm, const char *fn, unsigned int len) -+{ -+ int i, ch; -+ -+ /* Copies the binary name from after last slash */ -+ for (i = 0; (ch = *(fn++)) != '\0';) { -+ if (ch == '/') -+ i = 0; /* overwrite what we wrote */ -+ else -+ if (i < len - 1) -+ tcomm[i++] = ch; -+ } -+ tcomm[i] = '\0'; -+} -+ - int flush_old_exec(struct linux_binprm * bprm) - { - int retval; -@@ -1081,6 +1128,7 @@ int flush_old_exec(struct linux_binprm * bprm) - - set_mm_exe_file(bprm->mm, bprm->file); - -+ filename_to_taskname(bprm->tcomm, bprm->filename, sizeof(bprm->tcomm)); - /* - * Release all of the old mmap stuff - */ -@@ -1112,10 +1160,6 @@ EXPORT_SYMBOL(would_dump); - - void setup_new_exec(struct linux_binprm * bprm) - { -- int i, ch; -- const char *name; -- char tcomm[sizeof(current->comm)]; -- - arch_pick_mmap_layout(current->mm); - - /* This is the point of no return */ -@@ -1126,18 +1170,7 @@ void setup_new_exec(struct linux_binprm * bprm) - else - set_dumpable(current->mm, suid_dumpable); - -- name = bprm->filename; -- -- /* Copies the binary name from after last slash */ -- for (i=0; (ch = *(name++)) != '\0';) { -- if (ch == '/') -- i = 0; /* overwrite what we wrote */ -- else -- if (i < (sizeof(tcomm) - 1)) -- tcomm[i++] = ch; -- } -- tcomm[i] = '\0'; -- set_task_comm(current, tcomm); -+ set_task_comm(current, bprm->tcomm); - - /* Set the new mm task size. We have to do that late because it may - * depend on TIF_32BIT which is only updated in flush_thread() on -@@ -1247,7 +1280,7 @@ int check_unsafe_exec(struct linux_binprm *bprm) +@@ -1252,7 +1284,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -44382,7 +43194,7 @@ index 3625464..ff895b9 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; } else { res = -EAGAIN; -@@ -1442,6 +1475,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) +@@ -1447,6 +1479,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) EXPORT_SYMBOL(search_binary_handler); @@ -44411,7 +43223,7 @@ index 3625464..ff895b9 100644 /* * sys_execve() executes a new program. */ -@@ -1450,6 +1505,11 @@ static int do_execve_common(const char *filename, +@@ -1455,6 +1509,11 @@ static int do_execve_common(const char *filename, struct user_arg_ptr envp, struct pt_regs *regs) { @@ -44423,7 +43235,7 @@ index 3625464..ff895b9 100644 struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1457,6 +1517,8 @@ static int do_execve_common(const char *filename, +@@ -1462,6 +1521,8 @@ static int do_execve_common(const char *filename, int retval; const struct cred *cred = current_cred(); @@ -44432,7 +43244,7 @@ index 3625464..ff895b9 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1497,12 +1559,27 @@ static int do_execve_common(const char *filename, +@@ -1502,12 +1563,27 @@ static int do_execve_common(const char *filename, if (IS_ERR(file)) goto out_unmark; @@ -44460,7 +43272,7 @@ index 3625464..ff895b9 100644 retval = bprm_mm_init(bprm); if (retval) goto out_file; -@@ -1519,24 +1596,65 @@ static int do_execve_common(const char *filename, +@@ -1524,24 +1600,65 @@ static int do_execve_common(const char *filename, if (retval < 0) goto out; @@ -44530,7 +43342,7 @@ index 3625464..ff895b9 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1545,6 +1663,14 @@ static int do_execve_common(const char *filename, +@@ -1550,6 +1667,14 @@ static int do_execve_common(const char *filename, put_files_struct(displaced); return retval; @@ -44545,7 +43357,7 @@ index 3625464..ff895b9 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1618,7 +1744,7 @@ static int expand_corename(struct core_name *cn) +@@ -1623,7 +1748,7 @@ static int expand_corename(struct core_name *cn) { char *old_corename = cn->corename; @@ -44554,7 +43366,7 @@ index 3625464..ff895b9 100644 cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL); if (!cn->corename) { -@@ -1715,7 +1841,7 @@ static int format_corename(struct core_name *cn, long signr) +@@ -1720,7 +1845,7 @@ static int format_corename(struct core_name *cn, long signr) int pid_in_pattern = 0; int err = 0; @@ -44563,7 +43375,7 @@ index 3625464..ff895b9 100644 cn->corename = kmalloc(cn->size, GFP_KERNEL); cn->used = 0; -@@ -1812,6 +1938,228 @@ out: +@@ -1817,6 +1942,218 @@ out: return ispipe; } @@ -44779,20 +43591,10 @@ index 3625464..ff895b9 100644 +EXPORT_SYMBOL(pax_track_stack); +#endif + -+#ifdef CONFIG_PAX_SIZE_OVERFLOW -+void report_size_overflow(const char *file, unsigned int line, const char *func) -+{ -+ printk(KERN_ERR "PAX: size overflow detected in function %s %s:%u\n", func, file, line); -+ dump_stack(); -+ do_group_exit(SIGKILL); -+} -+EXPORT_SYMBOL(report_size_overflow); -+#endif -+ static int zap_process(struct task_struct *start, int exit_code) { struct task_struct *t; -@@ -2023,17 +2371,17 @@ static void wait_for_dump_helpers(struct file *file) +@@ -2014,17 +2351,17 @@ static void wait_for_dump_helpers(struct file *file) pipe = file->f_path.dentry->d_inode->i_pipe; pipe_lock(pipe); @@ -44815,7 +43617,7 @@ index 3625464..ff895b9 100644 pipe_unlock(pipe); } -@@ -2094,7 +2442,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2085,7 +2422,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) int retval = 0; int flag = 0; int ispipe; @@ -44824,7 +43626,7 @@ index 3625464..ff895b9 100644 struct coredump_params cprm = { .signr = signr, .regs = regs, -@@ -2109,6 +2457,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2100,6 +2437,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) audit_core_dumps(signr); @@ -44834,7 +43636,7 @@ index 3625464..ff895b9 100644 binfmt = mm->binfmt; if (!binfmt || !binfmt->core_dump) goto fail; -@@ -2176,7 +2527,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2167,7 +2507,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } cprm.limit = RLIM_INFINITY; @@ -44843,7 +43645,7 @@ index 3625464..ff895b9 100644 if (core_pipe_limit && (core_pipe_limit < dump_count)) { printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", task_tgid_vnr(current), current->comm); -@@ -2203,6 +2554,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) +@@ -2194,6 +2534,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) } else { struct inode *inode; @@ -44852,7 +43654,7 @@ index 3625464..ff895b9 100644 if (cprm.limit < binfmt->min_coredump) goto fail_unlock; -@@ -2246,7 +2599,7 @@ close_fail: +@@ -2237,7 +2579,7 @@ close_fail: filp_close(cprm.file, NULL); fail_dropcount: if (ispipe) @@ -44861,7 +43663,7 @@ index 3625464..ff895b9 100644 fail_unlock: kfree(cn.corename); fail_corename: -@@ -2265,7 +2618,7 @@ fail: +@@ -2256,7 +2598,7 @@ fail: */ int dump_write(struct file *file, const void *addr, int nr) { @@ -44901,10 +43703,10 @@ index a203892..4e64db5 100644 } return 1; diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c -index 12ccacd..a6035fce0 100644 +index f9e2cd8..bfdc476 100644 --- a/fs/ext4/balloc.c +++ b/fs/ext4/balloc.c -@@ -436,8 +436,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, +@@ -438,8 +438,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, /* Hm, nope. Are (enough) root reserved clusters available? */ if (sbi->s_resuid == current_fsuid() || ((sbi->s_resgid != 0) && in_group_p(sbi->s_resgid)) || @@ -44916,10 +43718,10 @@ index 12ccacd..a6035fce0 100644 if (free_clusters >= (nclusters + dirty_clusters)) return 1; diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index 5b0e26a..0aa002d 100644 +index 513004f..2591a6b 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h -@@ -1208,19 +1208,19 @@ struct ext4_sb_info { +@@ -1218,19 +1218,19 @@ struct ext4_sb_info { unsigned long s_mb_last_start; /* stats for buddy allocator */ @@ -44950,7 +43752,7 @@ index 5b0e26a..0aa002d 100644 /* locality groups */ diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index e2d8be8..c7f0ce9 100644 +index cb990b2..4820141 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -1794,7 +1794,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, @@ -45203,10 +44005,10 @@ index 4c6992d..104cdea 100644 return -EMFILE; diff --git a/fs/filesystems.c b/fs/filesystems.c -index 0845f84..7b4ebef 100644 +index 96f2428..f5eeb8e 100644 --- a/fs/filesystems.c +++ b/fs/filesystems.c -@@ -274,7 +274,12 @@ struct file_system_type *get_fs_type(const char *name) +@@ -273,7 +273,12 @@ struct file_system_type *get_fs_type(const char *name) int len = dot ? dot - name : strlen(name); fs = __get_fs_type(name, len); @@ -46646,7 +45448,7 @@ index 3426521..3b75162 100644 cuse_class = class_create(THIS_MODULE, "cuse"); if (IS_ERR(cuse_class)) diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c -index 2aaf3ea..8e50863 100644 +index 5f3368a..8306426 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -1242,7 +1242,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos, @@ -46659,10 +45461,10 @@ index 2aaf3ea..8e50863 100644 if (!ret) ret = -EPIPE; diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c -index 9f63e49..d8a64c0 100644 +index 2066328..f5add3b 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c -@@ -1147,7 +1147,7 @@ static char *read_link(struct dentry *dentry) +@@ -1175,7 +1175,7 @@ static char *read_link(struct dentry *dentry) return link; } @@ -46672,10 +45474,10 @@ index 9f63e49..d8a64c0 100644 if (!IS_ERR(link)) free_page((unsigned long) link); diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c -index cfd4959..a780959 100644 +index 5698746..6086012 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c -@@ -1490,7 +1490,7 @@ out: +@@ -1487,7 +1487,7 @@ out: static void gfs2_put_link(struct dentry *dentry, struct nameidata *nd, void *p) { @@ -46685,10 +45487,10 @@ index cfd4959..a780959 100644 kfree(s); } diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c -index 0be5a78..9cfb853 100644 +index 1e85a7a..eb4218a 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c -@@ -915,7 +915,7 @@ static struct file_system_type hugetlbfs_fs_type = { +@@ -921,7 +921,7 @@ static struct file_system_type hugetlbfs_fs_type = { .kill_sb = kill_litter_super, }; @@ -46698,10 +45500,10 @@ index 0be5a78..9cfb853 100644 static int can_do_hugetlb_shm(void) { diff --git a/fs/inode.c b/fs/inode.c -index ee4e66b..9a39f9c 100644 +index 83ab215..8842101 100644 --- a/fs/inode.c +++ b/fs/inode.c -@@ -787,8 +787,8 @@ unsigned int get_next_ino(void) +@@ -870,8 +870,8 @@ unsigned int get_next_ino(void) #ifdef CONFIG_SMP if (unlikely((res & (LAST_INO_BATCH-1)) == 0)) { @@ -46712,29 +45514,11 @@ index ee4e66b..9a39f9c 100644 res = next - LAST_INO_BATCH; } -@@ -855,8 +855,7 @@ void lockdep_annotate_inode_mutex_key(struct inode *inode) - struct file_system_type *type = inode->i_sb->s_type; - - /* Set new key only if filesystem hasn't already changed it */ -- if (!lockdep_match_class(&inode->i_mutex, -- &type->i_mutex_key)) { -+ if (lockdep_match_class(&inode->i_mutex, &type->i_mutex_key)) { - /* - * ensure nobody is actually holding i_mutex - */ -@@ -883,6 +882,7 @@ void unlock_new_inode(struct inode *inode) - spin_lock(&inode->i_lock); - WARN_ON(!(inode->i_state & I_NEW)); - inode->i_state &= ~I_NEW; -+ smp_mb(); - wake_up_bit(&inode->i_state, __I_NEW); - spin_unlock(&inode->i_lock); - } diff --git a/fs/jffs2/erase.c b/fs/jffs2/erase.c -index e513f19..2ab1351 100644 +index eafb8d3..f423d37 100644 --- a/fs/jffs2/erase.c +++ b/fs/jffs2/erase.c -@@ -439,7 +439,8 @@ static void jffs2_mark_erased_block(struct jffs2_sb_info *c, struct jffs2_eraseb +@@ -438,7 +438,8 @@ static void jffs2_mark_erased_block(struct jffs2_sb_info *c, struct jffs2_eraseb struct jffs2_unknown_node marker = { .magic = cpu_to_je16(JFFS2_MAGIC_BITMASK), .nodetype = cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER), @@ -46745,10 +45529,10 @@ index e513f19..2ab1351 100644 jffs2_prealloc_raw_node_refs(c, jeb, 1); diff --git a/fs/jffs2/wbuf.c b/fs/jffs2/wbuf.c -index b09e51d..e482afa 100644 +index 30e8f47..21f600c 100644 --- a/fs/jffs2/wbuf.c +++ b/fs/jffs2/wbuf.c -@@ -1011,7 +1011,8 @@ static const struct jffs2_unknown_node oob_cleanmarker = +@@ -1012,7 +1012,8 @@ static const struct jffs2_unknown_node oob_cleanmarker = { .magic = constant_cpu_to_je16(JFFS2_MAGIC_BITMASK), .nodetype = constant_cpu_to_je16(JFFS2_NODETYPE_CLEANMARKER), @@ -46759,10 +45543,10 @@ index b09e51d..e482afa 100644 /* diff --git a/fs/jfs/super.c b/fs/jfs/super.c -index a44eff0..462e07d 100644 +index 682bca6..86b8e6e 100644 --- a/fs/jfs/super.c +++ b/fs/jfs/super.c -@@ -802,7 +802,7 @@ static int __init init_jfs_fs(void) +@@ -801,7 +801,7 @@ static int __init init_jfs_fs(void) jfs_inode_cachep = kmem_cache_create("jfs_ip", sizeof(struct jfs_inode_info), 0, @@ -46772,7 +45556,7 @@ index a44eff0..462e07d 100644 if (jfs_inode_cachep == NULL) return -ENOMEM; diff --git a/fs/libfs.c b/fs/libfs.c -index f6d411e..e82a08d 100644 +index 5b2dbb3..7442d54 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -165,6 +165,9 @@ int dcache_readdir(struct file * filp, void * dirent, filldir_t filldir) @@ -46843,10 +45627,10 @@ index 637694b..f84a121 100644 lock_flocks(); diff --git a/fs/namei.c b/fs/namei.c -index 9680cef..a19f203 100644 +index 46ea9cc..c7cf3a3 100644 --- a/fs/namei.c +++ b/fs/namei.c -@@ -279,16 +279,32 @@ int generic_permission(struct inode *inode, int mask) +@@ -278,16 +278,32 @@ int generic_permission(struct inode *inode, int mask) if (ret != -EACCES) return ret; @@ -46882,7 +45666,7 @@ index 9680cef..a19f203 100644 * Read/write DACs are always overridable. * Executable DACs are overridable when there is * at least one exec bit set. -@@ -297,14 +313,6 @@ int generic_permission(struct inode *inode, int mask) +@@ -296,14 +312,6 @@ int generic_permission(struct inode *inode, int mask) if (ns_capable(inode_userns(inode), CAP_DAC_OVERRIDE)) return 0; @@ -46897,7 +45681,7 @@ index 9680cef..a19f203 100644 return -EACCES; } -@@ -653,11 +661,19 @@ follow_link(struct path *link, struct nameidata *nd, void **p) +@@ -652,11 +660,19 @@ follow_link(struct path *link, struct nameidata *nd, void **p) return error; } @@ -46918,7 +45702,7 @@ index 9680cef..a19f203 100644 error = 0; if (s) error = __vfs_follow_link(nd, s); -@@ -1624,6 +1640,21 @@ static int path_lookupat(int dfd, const char *name, +@@ -1650,6 +1666,21 @@ static int path_lookupat(int dfd, const char *name, if (!err) err = complete_walk(nd); @@ -46940,7 +45724,7 @@ index 9680cef..a19f203 100644 if (!err && nd->flags & LOOKUP_DIRECTORY) { if (!nd->inode->i_op->lookup) { path_put(&nd->path); -@@ -1651,6 +1682,15 @@ static int do_path_lookup(int dfd, const char *name, +@@ -1677,6 +1708,15 @@ static int do_path_lookup(int dfd, const char *name, retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd); if (likely(!retval)) { @@ -46956,7 +45740,7 @@ index 9680cef..a19f203 100644 if (unlikely(!audit_dummy_context())) { if (nd->path.dentry && nd->inode) audit_inode(name, nd->path.dentry); -@@ -2048,6 +2088,13 @@ static int may_open(struct path *path, int acc_mode, int flag) +@@ -2071,6 +2111,13 @@ static int may_open(struct path *path, int acc_mode, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; @@ -46970,7 +45754,7 @@ index 9680cef..a19f203 100644 return 0; } -@@ -2109,6 +2156,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2132,6 +2179,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return ERR_PTR(error); @@ -46987,7 +45771,7 @@ index 9680cef..a19f203 100644 audit_inode(pathname, nd->path.dentry); if (open_flag & O_CREAT) { error = -EISDIR; -@@ -2119,6 +2176,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2142,6 +2199,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return ERR_PTR(error); @@ -47004,7 +45788,7 @@ index 9680cef..a19f203 100644 audit_inode(pathname, dir); goto ok; } -@@ -2140,6 +2207,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2163,6 +2230,16 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return ERR_PTR(error); @@ -47021,10 +45805,10 @@ index 9680cef..a19f203 100644 error = -ENOTDIR; if (nd->flags & LOOKUP_DIRECTORY) { -@@ -2180,6 +2257,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2203,6 +2280,12 @@ static struct file *do_last(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode) { - int mode = op->mode; + umode_t mode = op->mode; + + if (!gr_acl_handle_creat(path->dentry, nd->path.dentry, path->mnt, open_flag, acc_mode, mode)) { + error = -EACCES; @@ -47034,7 +45818,7 @@ index 9680cef..a19f203 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2203,6 +2286,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2226,6 +2309,8 @@ static struct file *do_last(struct nameidata *nd, struct path *path, error = vfs_create(dir->d_inode, dentry, mode, nd); if (error) goto exit_mutex_unlock; @@ -47043,7 +45827,7 @@ index 9680cef..a19f203 100644 mutex_unlock(&dir->d_inode->i_mutex); dput(nd->path.dentry); nd->path.dentry = dentry; -@@ -2212,6 +2297,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path, +@@ -2235,6 +2320,19 @@ static struct file *do_last(struct nameidata *nd, struct path *path, /* * It already exists. */ @@ -47063,7 +45847,7 @@ index 9680cef..a19f203 100644 mutex_unlock(&dir->d_inode->i_mutex); audit_inode(pathname, path->dentry); -@@ -2424,6 +2522,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path +@@ -2447,6 +2545,11 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path *path = nd.path; return dentry; eexist: @@ -47075,7 +45859,7 @@ index 9680cef..a19f203 100644 dput(dentry); dentry = ERR_PTR(-EEXIST); fail: -@@ -2446,6 +2549,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat +@@ -2469,6 +2572,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat } EXPORT_SYMBOL(user_path_create); @@ -47093,10 +45877,10 @@ index 9680cef..a19f203 100644 + return res; +} + - int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev) + int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -2513,6 +2630,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, +@@ -2536,6 +2653,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode, error = mnt_want_write(path.mnt); if (error) goto out_dput; @@ -47114,7 +45898,7 @@ index 9680cef..a19f203 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out_drop_write; -@@ -2530,6 +2658,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, int, mode, +@@ -2553,6 +2681,9 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode, } out_drop_write: mnt_drop_write(path.mnt); @@ -47124,7 +45908,7 @@ index 9680cef..a19f203 100644 out_dput: dput(dentry); mutex_unlock(&path.dentry->d_inode->i_mutex); -@@ -2579,12 +2710,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, int, mode) +@@ -2602,12 +2733,21 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, umode_t, mode) error = mnt_want_write(path.mnt); if (error) goto out_dput; @@ -47146,7 +45930,7 @@ index 9680cef..a19f203 100644 out_dput: dput(dentry); mutex_unlock(&path.dentry->d_inode->i_mutex); -@@ -2664,6 +2804,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -2687,6 +2827,8 @@ static long do_rmdir(int dfd, const char __user *pathname) char * name; struct dentry *dentry; struct nameidata nd; @@ -47155,7 +45939,7 @@ index 9680cef..a19f203 100644 error = user_path_parent(dfd, pathname, &nd, &name); if (error) -@@ -2692,6 +2834,15 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -2715,6 +2857,15 @@ static long do_rmdir(int dfd, const char __user *pathname) error = -ENOENT; goto exit3; } @@ -47171,7 +45955,7 @@ index 9680cef..a19f203 100644 error = mnt_want_write(nd.path.mnt); if (error) goto exit3; -@@ -2699,6 +2850,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -2722,6 +2873,8 @@ static long do_rmdir(int dfd, const char __user *pathname) if (error) goto exit4; error = vfs_rmdir(nd.path.dentry->d_inode, dentry); @@ -47180,7 +45964,7 @@ index 9680cef..a19f203 100644 exit4: mnt_drop_write(nd.path.mnt); exit3: -@@ -2761,6 +2914,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -2784,6 +2937,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct dentry *dentry; struct nameidata nd; struct inode *inode = NULL; @@ -47189,7 +45973,7 @@ index 9680cef..a19f203 100644 error = user_path_parent(dfd, pathname, &nd, &name); if (error) -@@ -2783,6 +2938,16 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -2806,6 +2961,16 @@ static long do_unlinkat(int dfd, const char __user *pathname) if (!inode) goto slashes; ihold(inode); @@ -47206,7 +45990,7 @@ index 9680cef..a19f203 100644 error = mnt_want_write(nd.path.mnt); if (error) goto exit2; -@@ -2790,6 +2955,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -2813,6 +2978,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) if (error) goto exit3; error = vfs_unlink(nd.path.dentry->d_inode, dentry); @@ -47215,7 +45999,7 @@ index 9680cef..a19f203 100644 exit3: mnt_drop_write(nd.path.mnt); exit2: -@@ -2865,10 +3032,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, +@@ -2888,10 +3055,18 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, error = mnt_want_write(path.mnt); if (error) goto out_dput; @@ -47234,7 +46018,7 @@ index 9680cef..a19f203 100644 out_drop_write: mnt_drop_write(path.mnt); out_dput: -@@ -2940,6 +3115,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -2963,6 +3138,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, { struct dentry *new_dentry; struct path old_path, new_path; @@ -47242,7 +46026,7 @@ index 9680cef..a19f203 100644 int how = 0; int error; -@@ -2963,7 +3139,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -2986,7 +3162,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, if (error) return error; @@ -47251,7 +46035,7 @@ index 9680cef..a19f203 100644 error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) goto out; -@@ -2974,13 +3150,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -2997,13 +3173,30 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, error = mnt_want_write(new_path.mnt); if (error) goto out_dput; @@ -47282,7 +46066,7 @@ index 9680cef..a19f203 100644 dput(new_dentry); mutex_unlock(&new_path.dentry->d_inode->i_mutex); path_put(&new_path); -@@ -3208,6 +3401,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, +@@ -3231,6 +3424,12 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, if (new_dentry == trap) goto exit5; @@ -47295,7 +46079,7 @@ index 9680cef..a19f203 100644 error = mnt_want_write(oldnd.path.mnt); if (error) goto exit5; -@@ -3217,6 +3416,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, +@@ -3240,6 +3439,9 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, goto exit6; error = vfs_rename(old_dir->d_inode, old_dentry, new_dir->d_inode, new_dentry); @@ -47305,7 +46089,7 @@ index 9680cef..a19f203 100644 exit6: mnt_drop_write(oldnd.path.mnt); exit5: -@@ -3242,6 +3444,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -3265,6 +3467,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -47314,7 +46098,7 @@ index 9680cef..a19f203 100644 int len; len = PTR_ERR(link); -@@ -3251,7 +3455,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -3274,7 +3478,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -47331,10 +46115,10 @@ index 9680cef..a19f203 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index cfc6d44..b4632a5 100644 +index e608199..9609cb9 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1326,6 +1326,9 @@ static int do_umount(struct vfsmount *mnt, int flags) +@@ -1155,6 +1155,9 @@ static int do_umount(struct mount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -47344,7 +46128,7 @@ index cfc6d44..b4632a5 100644 return retval; } -@@ -1345,6 +1348,9 @@ static int do_umount(struct vfsmount *mnt, int flags) +@@ -1174,6 +1177,9 @@ static int do_umount(struct mount *mnt, int flags) br_write_unlock(vfsmount_lock); up_write(&namespace_sem); release_mounts(&umount_list); @@ -47354,7 +46138,7 @@ index cfc6d44..b4632a5 100644 return retval; } -@@ -2336,6 +2342,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, +@@ -2175,6 +2181,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -47371,7 +46155,7 @@ index cfc6d44..b4632a5 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2350,6 +2366,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, +@@ -2189,6 +2205,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, dev_name, data_page); dput_out: path_put(&path); @@ -47381,7 +46165,7 @@ index cfc6d44..b4632a5 100644 return retval; } -@@ -2605,6 +2624,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2470,6 +2489,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -47393,46 +46177,11 @@ index cfc6d44..b4632a5 100644 get_fs_root(current->fs, &root); error = lock_mount(&old); if (error) -diff --git a/fs/ncpfs/ncplib_kernel.h b/fs/ncpfs/ncplib_kernel.h -index 09881e6..308ff20 100644 ---- a/fs/ncpfs/ncplib_kernel.h -+++ b/fs/ncpfs/ncplib_kernel.h -@@ -130,7 +130,7 @@ static inline int ncp_is_nfs_extras(struct ncp_server* server, unsigned int voln - int ncp__io2vol(struct ncp_server *, unsigned char *, unsigned int *, - const unsigned char *, unsigned int, int); - int ncp__vol2io(struct ncp_server *, unsigned char *, unsigned int *, -- const unsigned char *, unsigned int, int); -+ const unsigned char *, unsigned int, int) __size_overflow(5); - - #define NCP_ESC ':' - #define NCP_IO_TABLE(sb) (NCP_SBP(sb)->nls_io) -@@ -146,7 +146,7 @@ int ncp__vol2io(struct ncp_server *, unsigned char *, unsigned int *, - int ncp__io2vol(unsigned char *, unsigned int *, - const unsigned char *, unsigned int, int); - int ncp__vol2io(unsigned char *, unsigned int *, -- const unsigned char *, unsigned int, int); -+ const unsigned char *, unsigned int, int) __size_overflow(5); - - #define NCP_IO_TABLE(sb) NULL - #define ncp_tolower(t, c) tolower(c) -diff --git a/fs/nfs/blocklayout/blocklayout.c b/fs/nfs/blocklayout/blocklayout.c -index 3db6b82..a57597e 100644 ---- a/fs/nfs/blocklayout/blocklayout.c -+++ b/fs/nfs/blocklayout/blocklayout.c -@@ -90,7 +90,7 @@ static int is_writable(struct pnfs_block_extent *be, sector_t isect) - */ - struct parallel_io { - struct kref refcnt; -- struct rpc_call_ops call_ops; -+ rpc_call_ops_no_const call_ops; - void (*pnfs_callback) (void *data); - void *data; - }; diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c -index 50a15fa..ca113f9 100644 +index f649fba..236bf92 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c -@@ -150,7 +150,7 @@ static void nfs_zap_caches_locked(struct inode *inode) +@@ -151,7 +151,7 @@ static void nfs_zap_caches_locked(struct inode *inode) nfsi->attrtimeo = NFS_MINATTRTIMEO(inode); nfsi->attrtimeo_timestamp = jiffies; @@ -47441,7 +46190,7 @@ index 50a15fa..ca113f9 100644 if (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)) nfsi->cache_validity |= NFS_INO_INVALID_ATTR|NFS_INO_INVALID_DATA|NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL|NFS_INO_REVAL_PAGECACHE; else -@@ -1002,16 +1002,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt +@@ -1003,16 +1003,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt return nfs_size_to_loff_t(fattr->size) > i_size_read(inode); } @@ -47462,10 +46211,10 @@ index 50a15fa..ca113f9 100644 void nfs_fattr_init(struct nfs_fattr *fattr) diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c -index 7a2e442..8e544cc 100644 +index edf6d3e..bdd1da7 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c -@@ -914,7 +914,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, +@@ -925,7 +925,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, } else { oldfs = get_fs(); set_fs(KERNEL_DS); @@ -47474,7 +46223,7 @@ index 7a2e442..8e544cc 100644 set_fs(oldfs); } -@@ -1018,7 +1018,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, +@@ -1029,7 +1029,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, /* Write the data. */ oldfs = get_fs(); set_fs(KERNEL_DS); @@ -47483,7 +46232,7 @@ index 7a2e442..8e544cc 100644 set_fs(oldfs); if (host_err < 0) goto out_nfserr; -@@ -1553,7 +1553,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) +@@ -1564,7 +1564,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) */ oldfs = get_fs(); set_fs(KERNEL_DS); @@ -47492,36 +46241,11 @@ index 7a2e442..8e544cc 100644 set_fs(oldfs); if (host_err < 0) -diff --git a/fs/nilfs2/the_nilfs.c b/fs/nilfs2/the_nilfs.c -index d327140..501b7f8 100644 ---- a/fs/nilfs2/the_nilfs.c -+++ b/fs/nilfs2/the_nilfs.c -@@ -409,6 +409,12 @@ static int nilfs_store_disk_layout(struct the_nilfs *nilfs, - nilfs->ns_first_data_block = le64_to_cpu(sbp->s_first_data_block); - nilfs->ns_r_segments_percentage = - le32_to_cpu(sbp->s_r_segments_percentage); -+ if (nilfs->ns_r_segments_percentage < 1 || -+ nilfs->ns_r_segments_percentage > 99) { -+ printk(KERN_ERR "NILFS: invalid reserved segments percentage.\n"); -+ return -EINVAL; -+ } -+ - nilfs_set_nsegments(nilfs, le64_to_cpu(sbp->s_nsegments)); - nilfs->ns_crc_seed = le32_to_cpu(sbp->s_crc_seed); - return 0; -@@ -515,6 +521,7 @@ static int nilfs_load_super_block(struct the_nilfs *nilfs, - brelse(sbh[1]); - sbh[1] = NULL; - sbp[1] = NULL; -+ valid[1] = 0; - swp = 0; - } - if (!valid[swp]) { diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c -index 9fde1c0..14e8827 100644 +index 3568c8a..e0240d8 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c -@@ -276,7 +276,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, +@@ -278,7 +278,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, goto out_close_fd; ret = -EFAULT; @@ -47672,7 +46396,7 @@ index ba5d97e..c77db25 100644 } } diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c -index 4994f8b..eaab8eb 100644 +index 604e12c..8426483 100644 --- a/fs/ocfs2/super.c +++ b/fs/ocfs2/super.c @@ -301,11 +301,11 @@ static int ocfs2_osb_dump(struct ocfs2_super *osb, char *buf, int len) @@ -47692,7 +46416,7 @@ index 4994f8b..eaab8eb 100644 out += snprintf(buf + out, len - out, "%10s => State: %u Descriptor: %llu Size: %u bits " -@@ -2119,11 +2119,11 @@ static int ocfs2_initialize_super(struct super_block *sb, +@@ -2117,11 +2117,11 @@ static int ocfs2_initialize_super(struct super_block *sb, spin_lock_init(&osb->osb_xattr_lock); ocfs2_init_steal_slots(osb); @@ -47723,7 +46447,7 @@ index 5d22872..523db20 100644 kfree(link); } diff --git a/fs/open.c b/fs/open.c -index 22c41b5..78894cf 100644 +index 77becc0..aad7bd9 100644 --- a/fs/open.c +++ b/fs/open.c @@ -112,6 +112,10 @@ static long do_sys_truncate(const char __user *pathname, loff_t length) @@ -47798,7 +46522,7 @@ index 22c41b5..78894cf 100644 + goto out_unlock; + } + - error = security_path_chmod(path->dentry, path->mnt, mode); + error = security_path_chmod(path, mode); if (error) goto out_unlock; @@ -506,6 +538,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group) @@ -47811,46 +46535,8 @@ index 22c41b5..78894cf 100644 newattrs.ia_valid = ATTR_CTIME; if (user != (uid_t) -1) { newattrs.ia_valid |= ATTR_UID; -diff --git a/fs/partitions/efi.c b/fs/partitions/efi.c -index 6296b40..417c00f 100644 ---- a/fs/partitions/efi.c -+++ b/fs/partitions/efi.c -@@ -234,14 +234,14 @@ static gpt_entry *alloc_read_gpt_entries(struct parsed_partitions *state, - if (!gpt) - return NULL; - -+ if (!le32_to_cpu(gpt->num_partition_entries)) -+ return NULL; -+ pte = kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(gpt->sizeof_partition_entry), GFP_KERNEL); -+ if (!pte) -+ return NULL; -+ - count = le32_to_cpu(gpt->num_partition_entries) * - le32_to_cpu(gpt->sizeof_partition_entry); -- if (!count) -- return NULL; -- pte = kzalloc(count, GFP_KERNEL); -- if (!pte) -- return NULL; -- - if (read_lba(state, le64_to_cpu(gpt->partition_entry_lba), - (u8 *) pte, - count) < count) { -diff --git a/fs/partitions/ldm.c b/fs/partitions/ldm.c -index bd8ae78..539d250 100644 ---- a/fs/partitions/ldm.c -+++ b/fs/partitions/ldm.c -@@ -1324,7 +1324,7 @@ static bool ldm_frag_add (const u8 *data, int size, struct list_head *frags) - goto found; - } - -- f = kmalloc (sizeof (*f) + size*num, GFP_KERNEL); -+ f = kmalloc (size*num + sizeof (*f), GFP_KERNEL); - if (!f) { - ldm_crit ("Out of memory."); - return false; diff --git a/fs/pipe.c b/fs/pipe.c -index 4065f07..68c0706 100644 +index a932ced..6495412 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -420,9 +420,9 @@ redo: @@ -48008,7 +46694,7 @@ index 15af622..0e9f4467 100644 help Various /proc files exist to monitor process memory utilization: diff --git a/fs/proc/array.c b/fs/proc/array.c -index 3a1dafd..bf1bd84 100644 +index c602b8d..a7de642 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -60,6 +60,7 @@ @@ -48079,7 +46765,7 @@ index 3a1dafd..bf1bd84 100644 + state = *get_task_state(task); vsize = eip = esp = 0; - permitted = ptrace_may_access(task, PTRACE_MODE_READ); + permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT); @@ -449,6 +487,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, gtime = task->gtime; } @@ -48116,7 +46802,7 @@ index 3a1dafd..bf1bd84 100644 esp, eip, /* The signal information here is obsolete. -@@ -533,8 +590,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -536,8 +593,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { unsigned long size = 0, resident = 0, shared = 0, text = 0, data = 0; @@ -48133,7 +46819,7 @@ index 3a1dafd..bf1bd84 100644 if (mm) { size = task_statm(mm, &shared, &text, &data, &resident); mmput(mm); -@@ -544,3 +608,18 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -547,3 +611,18 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, return 0; } @@ -48153,10 +46839,10 @@ index 3a1dafd..bf1bd84 100644 +} +#endif diff --git a/fs/proc/base.c b/fs/proc/base.c -index 1ace83d..f5e575d 100644 +index d4548dd..d101f84 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c -@@ -107,6 +107,22 @@ struct pid_entry { +@@ -109,6 +109,14 @@ struct pid_entry { union proc_op op; }; @@ -48168,45 +46854,10 @@ index 1ace83d..f5e575d 100644 + int error; +}; + -+static int gr_fake_filldir(void * __buf, const char *name, int namlen, -+ loff_t offset, u64 ino, unsigned int d_type) -+{ -+ struct getdents_callback * buf = (struct getdents_callback *) __buf; -+ buf->error = -EINVAL; -+ return 0; -+} -+ #define NOD(NAME, MODE, IOP, FOP, OP) { \ .name = (NAME), \ .len = sizeof(NAME) - 1, \ -@@ -194,26 +210,6 @@ static int proc_root_link(struct inode *inode, struct path *path) - return result; - } - --static struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) --{ -- struct mm_struct *mm; -- int err; -- -- err = mutex_lock_killable(&task->signal->cred_guard_mutex); -- if (err) -- return ERR_PTR(err); -- -- mm = get_task_mm(task); -- if (mm && mm != current->mm && -- !ptrace_may_access(task, mode)) { -- mmput(mm); -- mm = ERR_PTR(-EACCES); -- } -- mutex_unlock(&task->signal->cred_guard_mutex); -- -- return mm; --} -- - struct mm_struct *mm_for_maps(struct task_struct *task) - { - return mm_access(task, PTRACE_MODE_READ); -@@ -229,6 +225,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer) +@@ -213,6 +221,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer) if (!mm->arg_end) goto out_mm; /* Shh! No looking before we're done */ @@ -48216,7 +46867,7 @@ index 1ace83d..f5e575d 100644 len = mm->arg_end - mm->arg_start; if (len > PAGE_SIZE) -@@ -256,12 +255,28 @@ out: +@@ -240,12 +251,28 @@ out: return res; } @@ -48245,7 +46896,7 @@ index 1ace83d..f5e575d 100644 do { nwords += 2; } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */ -@@ -275,7 +290,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer) +@@ -259,7 +286,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer) } @@ -48254,7 +46905,7 @@ index 1ace83d..f5e575d 100644 /* * Provides a wchan file via kallsyms in a proper one-value-per-file format. * Returns the resolved symbol. If that fails, simply return the address. -@@ -314,7 +329,7 @@ static void unlock_trace(struct task_struct *task) +@@ -298,7 +325,7 @@ static void unlock_trace(struct task_struct *task) mutex_unlock(&task->signal->cred_guard_mutex); } @@ -48263,7 +46914,7 @@ index 1ace83d..f5e575d 100644 #define MAX_STACK_TRACE_DEPTH 64 -@@ -505,7 +520,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer) +@@ -489,7 +516,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer) return count; } @@ -48272,7 +46923,7 @@ index 1ace83d..f5e575d 100644 static int proc_pid_syscall(struct task_struct *task, char *buffer) { long nr; -@@ -534,7 +549,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer) +@@ -518,7 +545,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer) /************************************************************************/ /* permission checks */ @@ -48281,19 +46932,67 @@ index 1ace83d..f5e575d 100644 { struct task_struct *task; int allowed = 0; -@@ -544,7 +559,10 @@ static int proc_fd_access_allowed(struct inode *inode) +@@ -528,7 +555,10 @@ static int proc_fd_access_allowed(struct inode *inode) */ task = get_proc_task(inode); if (task) { - allowed = ptrace_may_access(task, PTRACE_MODE_READ); + if (log) -+ allowed = ptrace_may_access_log(task, PTRACE_MODE_READ); -+ else + allowed = ptrace_may_access(task, PTRACE_MODE_READ); ++ else ++ allowed = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT); put_task_struct(task); } return allowed; -@@ -786,6 +804,10 @@ static int mem_open(struct inode* inode, struct file* file) +@@ -566,10 +596,35 @@ static bool has_pid_permissions(struct pid_namespace *pid, + struct task_struct *task, + int hide_pid_min) + { ++ if (gr_pid_is_chrooted(task) || gr_check_hidden_task(task)) ++ return false; ++ ++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) ++ rcu_read_lock(); ++ { ++ const struct cred *tmpcred = current_cred(); ++ const struct cred *cred = __task_cred(task); ++ ++ if (!tmpcred->uid || (tmpcred->uid == cred->uid) ++#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP ++ || in_group_p(CONFIG_GRKERNSEC_PROC_GID) ++#endif ++ ) { ++ rcu_read_unlock(); ++ return true; ++ } ++ } ++ rcu_read_unlock(); ++ ++ if (!pid->hide_pid) ++ return false; ++#endif ++ + if (pid->hide_pid < hide_pid_min) + return true; + if (in_group_p(pid->pid_gid)) + return true; ++ + return ptrace_may_access(task, PTRACE_MODE_READ); + } + +@@ -587,7 +642,11 @@ static int proc_pid_permission(struct inode *inode, int mask) + put_task_struct(task); + + if (!has_perms) { ++#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) ++ { ++#else + if (pid->hide_pid == 2) { ++#endif + /* + * Let's make getdents(), stat(), and open() + * consistent with each other. If a process +@@ -702,6 +761,10 @@ static int mem_open(struct inode* inode, struct file* file) file->f_mode |= FMODE_UNSIGNED_OFFSET; file->private_data = mm; @@ -48304,7 +47003,7 @@ index 1ace83d..f5e575d 100644 return 0; } -@@ -797,6 +819,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, +@@ -713,6 +776,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, ssize_t copied; char *page; @@ -48322,7 +47021,7 @@ index 1ace83d..f5e575d 100644 if (!mm) return 0; -@@ -897,6 +930,9 @@ static ssize_t environ_read(struct file *file, char __user *buf, +@@ -813,6 +887,9 @@ static ssize_t environ_read(struct file *file, char __user *buf, if (!task) goto out_no_task; @@ -48332,16 +47031,16 @@ index 1ace83d..f5e575d 100644 ret = -ENOMEM; page = (char *)__get_free_page(GFP_TEMPORARY); if (!page) -@@ -1519,7 +1555,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -1434,7 +1511,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) path_put(&nd->path); /* Are we allowed to snoop on the tasks file descriptors? */ - if (!proc_fd_access_allowed(inode)) -+ if (!proc_fd_access_allowed(inode,0)) ++ if (!proc_fd_access_allowed(inode, 0)) goto out; - error = PROC_I(inode)->op.proc_get_link(inode, &nd->path); -@@ -1558,8 +1594,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b + error = PROC_I(inode)->op.proc_get_link(dentry, &nd->path); +@@ -1473,8 +1550,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b struct path path; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -48360,9 +47059,9 @@ index 1ace83d..f5e575d 100644 + goto out; + } - error = PROC_I(inode)->op.proc_get_link(inode, &path); + error = PROC_I(inode)->op.proc_get_link(dentry, &path); if (error) -@@ -1624,7 +1670,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t +@@ -1539,7 +1626,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t rcu_read_lock(); cred = __task_cred(task); inode->i_uid = cred->euid; @@ -48374,35 +47073,9 @@ index 1ace83d..f5e575d 100644 rcu_read_unlock(); } security_task_to_inode(task, inode); -@@ -1642,6 +1692,9 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) - struct inode *inode = dentry->d_inode; - struct task_struct *task; - const struct cred *cred; -+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) -+ const struct cred *tmpcred = current_cred(); -+#endif - - generic_fillattr(inode, stat); - -@@ -1649,13 +1702,41 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) - stat->uid = 0; - stat->gid = 0; - task = pid_task(proc_pid(inode), PIDTYPE_PID); -+ -+ if (task && (gr_pid_is_chrooted(task) || gr_check_hidden_task(task))) { -+ rcu_read_unlock(); -+ return -ENOENT; -+ } -+ - if (task) { -+ cred = __task_cred(task); -+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) -+ if (!tmpcred->uid || (tmpcred->uid == cred->uid) -+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP -+ || in_group_p(CONFIG_GRKERNSEC_PROC_GID) -+#endif -+ ) { -+#endif +@@ -1575,10 +1666,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) + return -ENOENT; + } if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || +#ifdef CONFIG_GRKERNSEC_PROC_USER + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IXUSR)) || @@ -48410,7 +47083,7 @@ index 1ace83d..f5e575d 100644 + (inode->i_mode == (S_IFDIR|S_IRUSR|S_IRGRP|S_IXUSR|S_IXGRP)) || +#endif task_dumpable(task)) { -- cred = __task_cred(task); + cred = __task_cred(task); stat->uid = cred->euid; +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP + stat->gid = CONFIG_GRKERNSEC_PROC_GID; @@ -48418,16 +47091,9 @@ index 1ace83d..f5e575d 100644 stat->gid = cred->egid; +#endif } -+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) -+ } else { -+ rcu_read_unlock(); -+ return -ENOENT; -+ } -+#endif } rcu_read_unlock(); - return 0; -@@ -1692,11 +1773,20 @@ int pid_revalidate(struct dentry *dentry, struct nameidata *nd) +@@ -1616,11 +1716,20 @@ int pid_revalidate(struct dentry *dentry, struct nameidata *nd) if (task) { if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -48448,7 +47114,7 @@ index 1ace83d..f5e575d 100644 rcu_read_unlock(); } else { inode->i_uid = 0; -@@ -1814,7 +1904,8 @@ static int proc_fd_info(struct inode *inode, struct path *path, char *info) +@@ -1738,7 +1847,8 @@ static int proc_fd_info(struct inode *inode, struct path *path, char *info) int fd = proc_fd(inode); if (task) { @@ -48458,7 +47124,7 @@ index 1ace83d..f5e575d 100644 put_task_struct(task); } if (files) { -@@ -2082,11 +2173,21 @@ static const struct file_operations proc_fd_operations = { +@@ -2355,11 +2465,21 @@ static const struct file_operations proc_map_files_operations = { */ static int proc_fd_permission(struct inode *inode, int mask) { @@ -48482,7 +47148,7 @@ index 1ace83d..f5e575d 100644 return rv; } -@@ -2196,6 +2297,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, +@@ -2469,6 +2589,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, if (!task) goto out_no_task; @@ -48492,7 +47158,7 @@ index 1ace83d..f5e575d 100644 /* * Yes, it does not scale. And it should not. Don't add * new entries into /proc/<tgid>/ without very good reasons. -@@ -2240,6 +2344,9 @@ static int proc_pident_readdir(struct file *filp, +@@ -2513,6 +2636,9 @@ static int proc_pident_readdir(struct file *filp, if (!task) goto out_no_task; @@ -48502,7 +47168,7 @@ index 1ace83d..f5e575d 100644 ret = 0; i = filp->f_pos; switch (i) { -@@ -2510,7 +2617,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -2783,7 +2909,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd) static void proc_self_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie) { @@ -48511,7 +47177,7 @@ index 1ace83d..f5e575d 100644 if (!IS_ERR(s)) __putname(s); } -@@ -2708,7 +2815,7 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2984,7 +3110,7 @@ static const struct pid_entry tgid_base_stuff[] = { REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -48520,7 +47186,7 @@ index 1ace83d..f5e575d 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2733,10 +2840,10 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -3009,10 +3135,10 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -48533,7 +47199,7 @@ index 1ace83d..f5e575d 100644 ONE("stack", S_IRUGO, proc_pid_stack), #endif #ifdef CONFIG_SCHEDSTATS -@@ -2770,6 +2877,9 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -3046,6 +3172,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_HARDWALL INF("hardwall", S_IRUGO, proc_pid_hardwall), #endif @@ -48543,7 +47209,7 @@ index 1ace83d..f5e575d 100644 }; static int proc_tgid_base_readdir(struct file * filp, -@@ -2895,7 +3005,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, +@@ -3172,7 +3301,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, if (!inode) goto out; @@ -48558,7 +47224,7 @@ index 1ace83d..f5e575d 100644 inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; -@@ -2937,7 +3054,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, struct +@@ -3214,7 +3350,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, struct if (!task) goto out; @@ -48570,48 +47236,16 @@ index 1ace83d..f5e575d 100644 put_task_struct(task); out: return result; -@@ -3002,6 +3123,11 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir) +@@ -3277,6 +3417,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi + static int fake_filldir(void *buf, const char *name, int namelen, + loff_t offset, u64 ino, unsigned d_type) { - unsigned int nr; - struct task_struct *reaper; -+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) -+ const struct cred *tmpcred = current_cred(); -+ const struct cred *itercred; -+#endif -+ filldir_t __filldir = filldir; - struct tgid_iter iter; - struct pid_namespace *ns; ++ struct getdents_callback * __buf = (struct getdents_callback *) buf; ++ __buf->error = -EINVAL; + return 0; + } -@@ -3025,8 +3151,27 @@ int proc_pid_readdir(struct file * filp, void * dirent, filldir_t filldir) - for (iter = next_tgid(ns, iter); - iter.task; - iter.tgid += 1, iter = next_tgid(ns, iter)) { -+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) -+ rcu_read_lock(); -+ itercred = __task_cred(iter.task); -+#endif -+ if (gr_pid_is_chrooted(iter.task) || gr_check_hidden_task(iter.task) -+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) -+ || (tmpcred->uid && (itercred->uid != tmpcred->uid) -+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP -+ && !in_group_p(CONFIG_GRKERNSEC_PROC_GID) -+#endif -+ ) -+#endif -+ ) -+ __filldir = &gr_fake_filldir; -+ else -+ __filldir = filldir; -+#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) -+ rcu_read_unlock(); -+#endif - filp->f_pos = iter.tgid + TGID_OFFSET; -- if (proc_pid_fill_cache(filp, dirent, filldir, iter) < 0) { -+ if (proc_pid_fill_cache(filp, dirent, __filldir, iter) < 0) { - put_task_struct(iter.task); - goto out; - } -@@ -3054,7 +3199,7 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -3343,7 +3485,7 @@ static const struct pid_entry tid_base_stuff[] = { REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -48620,7 +47254,7 @@ index 1ace83d..f5e575d 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -3078,10 +3223,10 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -3367,10 +3509,10 @@ static const struct pid_entry tid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -48666,13 +47300,13 @@ index b143471..bb105e5 100644 } module_init(proc_devices_init); diff --git a/fs/proc/inode.c b/fs/proc/inode.c -index 7737c54..7172574 100644 +index 84fd323..f698a32 100644 --- a/fs/proc/inode.c +++ b/fs/proc/inode.c -@@ -18,12 +18,18 @@ - #include <linux/module.h> - #include <linux/sysctl.h> +@@ -21,12 +21,18 @@ + #include <linux/seq_file.h> #include <linux/slab.h> + #include <linux/mount.h> +#include <linux/grsecurity.h> #include <asm/system.h> @@ -48688,7 +47322,7 @@ index 7737c54..7172574 100644 static void proc_evict_inode(struct inode *inode) { struct proc_dir_entry *de; -@@ -49,6 +55,13 @@ static void proc_evict_inode(struct inode *inode) +@@ -52,6 +58,13 @@ static void proc_evict_inode(struct inode *inode) ns_ops = PROC_I(inode)->ns_ops; if (ns_ops && ns_ops->put) ns_ops->put(PROC_I(inode)->ns); @@ -48702,7 +47336,7 @@ index 7737c54..7172574 100644 } static struct kmem_cache * proc_inode_cachep; -@@ -440,7 +453,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) +@@ -457,7 +470,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) if (de->mode) { inode->i_mode = de->mode; inode->i_uid = de->uid; @@ -48715,7 +47349,7 @@ index 7737c54..7172574 100644 if (de->size) inode->i_size = de->size; diff --git a/fs/proc/internal.h b/fs/proc/internal.h -index 7838e5c..ff92cbc 100644 +index 2925775..4f08fae 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h @@ -51,6 +51,9 @@ extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, @@ -48817,7 +47451,7 @@ index b1822dd..df622cb 100644 seq_putc(m, '\n'); diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c -index f738024..876984a 100644 +index 06e1cc1..177cd98 100644 --- a/fs/proc/proc_net.c +++ b/fs/proc/proc_net.c @@ -105,6 +105,17 @@ static struct net *get_proc_task_net(struct inode *dir) @@ -48933,10 +47567,10 @@ index a6b6217..1e0579d 100644 .permission = proc_sys_permission, .setattr = proc_sys_setattr, diff --git a/fs/proc/root.c b/fs/proc/root.c -index 03102d9..4ae347e 100644 +index 46a15d8..335631a 100644 --- a/fs/proc/root.c +++ b/fs/proc/root.c -@@ -121,7 +121,15 @@ void __init proc_root_init(void) +@@ -187,7 +187,15 @@ void __init proc_root_init(void) #ifdef CONFIG_PROC_DEVICETREE proc_device_tree_init(); #endif @@ -49319,7 +47953,7 @@ index 7a99811..a7c96c4 100644 SF(s_do_balance), SF(s_unneeded_left_neighbor), SF(s_good_search_by_key_reada), SF(s_bmaps), diff --git a/fs/select.c b/fs/select.c -index d33418f..2a5345e 100644 +index e782258..3b4b44c 100644 --- a/fs/select.c +++ b/fs/select.c @@ -20,6 +20,7 @@ @@ -49339,7 +47973,7 @@ index d33418f..2a5345e 100644 return -EINVAL; diff --git a/fs/seq_file.c b/fs/seq_file.c -index dba43c3..4b3f701 100644 +index 4023d6b..53b39c5 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -9,6 +9,7 @@ @@ -49360,7 +47994,47 @@ index dba43c3..4b3f701 100644 /* * Wrappers around seq_open(e.g. swaps_open) need to be -@@ -549,7 +553,7 @@ static void single_stop(struct seq_file *p, void *v) +@@ -76,7 +80,8 @@ static int traverse(struct seq_file *m, loff_t offset) + return 0; + } + if (!m->buf) { +- m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL); ++ m->size = PAGE_SIZE; ++ m->buf = kmalloc(PAGE_SIZE, GFP_KERNEL); + if (!m->buf) + return -ENOMEM; + } +@@ -116,7 +121,8 @@ static int traverse(struct seq_file *m, loff_t offset) + Eoverflow: + m->op->stop(m, p); + kfree(m->buf); +- m->buf = kmalloc(m->size <<= 1, GFP_KERNEL); ++ m->size <<= 1; ++ m->buf = kmalloc(m->size, GFP_KERNEL); + return !m->buf ? -ENOMEM : -EAGAIN; + } + +@@ -169,7 +175,8 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos) + m->version = file->f_version; + /* grab buffer if we didn't have one */ + if (!m->buf) { +- m->buf = kmalloc(m->size = PAGE_SIZE, GFP_KERNEL); ++ m->size = PAGE_SIZE; ++ m->buf = kmalloc(PAGE_SIZE, GFP_KERNEL); + if (!m->buf) + goto Enomem; + } +@@ -210,7 +217,8 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos) + goto Fill; + m->op->stop(m, p); + kfree(m->buf); +- m->buf = kmalloc(m->size <<= 1, GFP_KERNEL); ++ m->size <<= 1; ++ m->buf = kmalloc(m->size, GFP_KERNEL); + if (!m->buf) + goto Enomem; + m->count = 0; +@@ -549,7 +557,7 @@ static void single_stop(struct seq_file *p, void *v) int single_open(struct file *file, int (*show)(struct seq_file *, void *), void *data) { @@ -49370,10 +48044,10 @@ index dba43c3..4b3f701 100644 if (op) { diff --git a/fs/splice.c b/fs/splice.c -index fa2defa..8601650 100644 +index 1ec0493..d6ab5c2 100644 --- a/fs/splice.c +++ b/fs/splice.c -@@ -194,7 +194,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, +@@ -193,7 +193,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, pipe_lock(pipe); for (;;) { @@ -49382,7 +48056,7 @@ index fa2defa..8601650 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -248,9 +248,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, +@@ -247,9 +247,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, do_wakeup = 0; } @@ -49394,7 +48068,7 @@ index fa2defa..8601650 100644 } pipe_unlock(pipe); -@@ -560,7 +560,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec, +@@ -559,7 +559,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -49403,7 +48077,7 @@ index fa2defa..8601650 100644 set_fs(old_fs); return res; -@@ -575,7 +575,7 @@ static ssize_t kernel_write(struct file *file, const char *buf, size_t count, +@@ -574,7 +574,7 @@ static ssize_t kernel_write(struct file *file, const char *buf, size_t count, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -49412,7 +48086,7 @@ index fa2defa..8601650 100644 set_fs(old_fs); return res; -@@ -626,7 +626,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos, +@@ -625,7 +625,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos, goto err; this_len = min_t(size_t, len, PAGE_CACHE_SIZE - offset); @@ -49421,7 +48095,7 @@ index fa2defa..8601650 100644 vec[i].iov_len = this_len; spd.pages[i] = page; spd.nr_pages++; -@@ -846,10 +846,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed); +@@ -845,10 +845,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed); int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd) { while (!pipe->nrbufs) { @@ -49434,7 +48108,7 @@ index fa2defa..8601650 100644 return 0; if (sd->flags & SPLICE_F_NONBLOCK) -@@ -1182,7 +1182,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, +@@ -1181,7 +1181,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, * out of the pipe right after the splice_to_pipe(). So set * PIPE_READERS appropriately. */ @@ -49443,7 +48117,7 @@ index fa2defa..8601650 100644 current->splice_pipe = pipe; } -@@ -1734,9 +1734,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1733,9 +1733,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -49455,7 +48129,7 @@ index fa2defa..8601650 100644 if (flags & SPLICE_F_NONBLOCK) { ret = -EAGAIN; break; -@@ -1768,7 +1768,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1767,7 +1767,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) pipe_lock(pipe); while (pipe->nrbufs >= pipe->buffers) { @@ -49464,7 +48138,7 @@ index fa2defa..8601650 100644 send_sig(SIGPIPE, current, 0); ret = -EPIPE; break; -@@ -1781,9 +1781,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1780,9 +1780,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -49476,7 +48150,7 @@ index fa2defa..8601650 100644 } pipe_unlock(pipe); -@@ -1819,14 +1819,14 @@ retry: +@@ -1818,14 +1818,14 @@ retry: pipe_double_lock(ipipe, opipe); do { @@ -49493,7 +48167,7 @@ index fa2defa..8601650 100644 break; /* -@@ -1923,7 +1923,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1922,7 +1922,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, pipe_double_lock(ipipe, opipe); do { @@ -49502,7 +48176,7 @@ index fa2defa..8601650 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -1968,7 +1968,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1967,7 +1967,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, * return EAGAIN if we have the potential of some data in the * future, otherwise just return 0 */ @@ -49511,19 +48185,6 @@ index fa2defa..8601650 100644 ret = -EAGAIN; pipe_unlock(ipipe); -diff --git a/fs/sysfs/bin.c b/fs/sysfs/bin.c -index a475983..9c6a1f0 100644 ---- a/fs/sysfs/bin.c -+++ b/fs/sysfs/bin.c -@@ -67,6 +67,8 @@ fill_read(struct file *file, char *buffer, loff_t off, size_t count) - } - - static ssize_t -+read(struct file *file, char __user *userbuf, size_t bytes, loff_t *off) __size_overflow(3); -+static ssize_t - read(struct file *file, char __user *userbuf, size_t bytes, loff_t *off) - { - struct bin_buffer *bb = file->private_data; diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c index 7fdf6a7..e6cd8ad 100644 --- a/fs/sysfs/dir.c @@ -49548,7 +48209,7 @@ index 7fdf6a7..e6cd8ad 100644 sd = sysfs_new_dirent(name, mode, SYSFS_DIR); if (!sd) diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c -index 779789a..f58193c 100644 +index 00012e3..8392349 100644 --- a/fs/sysfs/file.c +++ b/fs/sysfs/file.c @@ -37,7 +37,7 @@ static DEFINE_SPINLOCK(sysfs_open_dirent_lock); @@ -49609,44 +48270,6 @@ index a7ac78f..02158e1 100644 if (!IS_ERR(page)) free_page((unsigned long)page); } -diff --git a/fs/ubifs/debug.c b/fs/ubifs/debug.c -index b09ba2d..1cad1a8 100644 ---- a/fs/ubifs/debug.c -+++ b/fs/ubifs/debug.c -@@ -2817,6 +2817,7 @@ static ssize_t dfs_file_read(struct file *file, char __user *u, size_t count, - * debugfs file. Returns %0 or %1 in case of success and a negative error code - * in case of failure. - */ -+static int interpret_user_input(const char __user *u, size_t count) __size_overflow(2); - static int interpret_user_input(const char __user *u, size_t count) - { - size_t buf_size; -@@ -2835,6 +2836,8 @@ static int interpret_user_input(const char __user *u, size_t count) - } - - static ssize_t dfs_file_write(struct file *file, const char __user *u, -+ size_t count, loff_t *ppos) __size_overflow(3); -+static ssize_t dfs_file_write(struct file *file, const char __user *u, - size_t count, loff_t *ppos) - { - struct ubifs_info *c = file->private_data; -diff --git a/fs/udf/file.c b/fs/udf/file.c -index dca0c38..d567b84 100644 ---- a/fs/udf/file.c -+++ b/fs/udf/file.c -@@ -201,12 +201,10 @@ out: - static int udf_release_file(struct inode *inode, struct file *filp) - { - if (filp->f_mode & FMODE_WRITE) { -- mutex_lock(&inode->i_mutex); - down_write(&UDF_I(inode)->i_data_sem); - udf_discard_prealloc(inode); - udf_truncate_tail_extent(inode); - up_write(&UDF_I(inode)->i_data_sem); -- mutex_unlock(&inode->i_mutex); - } - return 0; - } diff --git a/fs/udf/misc.c b/fs/udf/misc.c index c175b4d..8f36a16 100644 --- a/fs/udf/misc.c @@ -49686,7 +48309,7 @@ index ba653f3..06ea4b1 100644 error = notify_change(path->dentry, &newattrs); mutex_unlock(&inode->i_mutex); diff --git a/fs/xattr.c b/fs/xattr.c -index 67583de..c5aad14 100644 +index 82f4337..236473c 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -315,7 +315,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr); @@ -49748,7 +48371,7 @@ index 67583de..c5aad14 100644 if (!error) { - error = setxattr(dentry, name, value, size, flags); + error = setxattr(&f->f_path, name, value, size, flags); - mnt_drop_write(f->f_path.mnt); + mnt_drop_write_file(f); } fput(f); diff --git a/fs/xattr_acl.c b/fs/xattr_acl.c @@ -49767,7 +48390,7 @@ index 8d5a506..7f62712 100644 struct posix_acl *acl; struct posix_acl_entry *acl_e; diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c -index d0ab788..827999b 100644 +index 188ef2f..adcf864 100644 --- a/fs/xfs/xfs_bmap.c +++ b/fs/xfs/xfs_bmap.c @@ -190,7 +190,7 @@ xfs_bmap_validate_ret( @@ -49801,7 +48424,7 @@ index 79d05e8..e3e5861 100644 *offset = off & 0x7fffffff; return 0; diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c -index d99a905..9f88202 100644 +index 76f3ca5..f57f712 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -128,7 +128,7 @@ xfs_find_handle( @@ -49814,7 +48437,7 @@ index d99a905..9f88202 100644 goto out_put; diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c -index 23ce927..e274cc1 100644 +index ab30253..4d86958 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c @@ -447,7 +447,7 @@ xfs_vn_put_link( @@ -50956,10 +49579,10 @@ index 0000000..1b9afa9 +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..2733872 +index 0000000..e8c5d41 --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,4163 @@ +@@ -0,0 +1,4179 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -50984,6 +49607,7 @@ index 0000000..2733872 +#include <linux/pid_namespace.h> +#include <linux/fdtable.h> +#include <linux/percpu.h> ++#include "../fs/mount.h" + +#include <asm/uaccess.h> +#include <asm/errno.h> @@ -51155,6 +49779,7 @@ index 0000000..2733872 +{ + struct dentry *dentry = path->dentry; + struct vfsmount *vfsmnt = path->mnt; ++ struct mount *mnt = real_mount(vfsmnt); + bool slash = false; + int error = 0; + @@ -51163,11 +49788,12 @@ index 0000000..2733872 + + if (dentry == vfsmnt->mnt_root || IS_ROOT(dentry)) { + /* Global root? */ -+ if (vfsmnt->mnt_parent == vfsmnt) { ++ if (!mnt_has_parent(mnt)) { + goto out; + } -+ dentry = vfsmnt->mnt_mountpoint; -+ vfsmnt = vfsmnt->mnt_parent; ++ dentry = mnt->mnt_mountpoint; ++ mnt = mnt->mnt_parent; ++ vfsmnt = &mnt->mnt; + continue; + } + parent = dentry->d_parent; @@ -51619,22 +50245,60 @@ index 0000000..2733872 + unsigned int index = + rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size); + struct acl_role_label **curr; -+ struct acl_role_label *tmp; ++ struct acl_role_label *tmp, *tmp2; + + curr = &acl_role_set.r_hash[index]; + -+ /* if role was already inserted due to domains and already has -+ a role in the same bucket as it attached, then we need to -+ combine these two buckets -+ */ -+ if (role->next) { -+ tmp = role->next; -+ while (tmp->next) ++ /* simple case, slot is empty, just set it to our role */ ++ if (*curr == NULL) { ++ *curr = role; ++ } else { ++ /* example: ++ 1 -> 2 -> 3 (adding 2 -> 3 to here) ++ 2 -> 3 ++ */ ++ /* first check to see if we can already be reached via this slot */ ++ tmp = *curr; ++ while (tmp && tmp != role) + tmp = tmp->next; -+ tmp->next = *curr; -+ } else -+ role->next = *curr; -+ *curr = role; ++ if (tmp == role) { ++ /* we don't need to add ourselves to this slot's chain */ ++ return; ++ } ++ /* we need to add ourselves to this chain, two cases */ ++ if (role->next == NULL) { ++ /* simple case, append the current chain to our role */ ++ role->next = *curr; ++ *curr = role; ++ } else { ++ /* 1 -> 2 -> 3 -> 4 ++ 2 -> 3 -> 4 ++ 3 -> 4 (adding 1 -> 2 -> 3 -> 4 to here) ++ */ ++ /* trickier case: walk our role's chain until we find ++ the role for the start of the current slot's chain */ ++ tmp = role; ++ tmp2 = *curr; ++ while (tmp->next && tmp->next != tmp2) ++ tmp = tmp->next; ++ if (tmp->next == tmp2) { ++ /* from example above, we found 3, so just ++ replace this slot's chain with ours */ ++ *curr = role; ++ } else { ++ /* we didn't find a subset of our role's chain ++ in the current slot's chain, so append their ++ chain to ours, and set us as the first role in ++ the slot's chain ++ ++ we could fold this case with the case above, ++ but making it explicit for clarity ++ */ ++ tmp->next = tmp2; ++ *curr = role; ++ } ++ } ++ } + + return; +} @@ -51892,6 +50556,7 @@ index 0000000..2733872 + + /* release the reference to the real root dentry and vfsmount */ + path_put(&real_root); ++ memset(&real_root, 0, sizeof(real_root)); + + /* free all object hash tables */ + @@ -51955,6 +50620,7 @@ index 0000000..2733872 + memset(&subj_map_set, 0, sizeof (struct acl_subj_map_db)); + + default_role = NULL; ++ kernel_role = NULL; + role_list = NULL; + + return; @@ -52415,40 +51081,28 @@ index 0000000..2733872 + num_sprole_pws = arg->num_sprole_pws; + acl_special_roles = (struct sprole_pw **) acl_alloc_num(num_sprole_pws, sizeof(struct sprole_pw *)); + -+ if (!acl_special_roles) { -+ err = -ENOMEM; -+ goto cleanup; -+ } ++ if (!acl_special_roles && num_sprole_pws) ++ return -ENOMEM; + + for (i = 0; i < num_sprole_pws; i++) { + sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw)); -+ if (!sptmp) { -+ err = -ENOMEM; -+ goto cleanup; -+ } ++ if (!sptmp) ++ return -ENOMEM; + if (copy_from_user(sptmp, arg->sprole_pws + i, -+ sizeof (struct sprole_pw))) { -+ err = -EFAULT; -+ goto cleanup; -+ } ++ sizeof (struct sprole_pw))) ++ return -EFAULT; + -+ len = -+ strnlen_user(sptmp->rolename, GR_SPROLE_LEN); ++ len = strnlen_user(sptmp->rolename, GR_SPROLE_LEN); + -+ if (!len || len >= GR_SPROLE_LEN) { -+ err = -EINVAL; -+ goto cleanup; -+ } ++ if (!len || len >= GR_SPROLE_LEN) ++ return -EINVAL; + -+ if ((tmp = (char *) acl_alloc(len)) == NULL) { -+ err = -ENOMEM; -+ goto cleanup; -+ } ++ if ((tmp = (char *) acl_alloc(len)) == NULL) ++ return -ENOMEM; ++ ++ if (copy_from_user(tmp, sptmp->rolename, len)) ++ return -EFAULT; + -+ if (copy_from_user(tmp, sptmp->rolename, len)) { -+ err = -EFAULT; -+ goto cleanup; -+ } + tmp[len-1] = '\0'; +#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG + printk(KERN_ALERT "Copying special role %s\n", tmp); @@ -52462,38 +51116,28 @@ index 0000000..2733872 + for (r_num = 0; r_num < arg->role_db.num_roles; r_num++) { + r_tmp = acl_alloc(sizeof (struct acl_role_label)); + -+ if (!r_tmp) { -+ err = -ENOMEM; -+ goto cleanup; -+ } ++ if (!r_tmp) ++ return -ENOMEM; + + if (copy_from_user(&r_utmp2, r_utmp + r_num, -+ sizeof (struct acl_role_label *))) { -+ err = -EFAULT; -+ goto cleanup; -+ } ++ sizeof (struct acl_role_label *))) ++ return -EFAULT; + + if (copy_from_user(r_tmp, r_utmp2, -+ sizeof (struct acl_role_label))) { -+ err = -EFAULT; -+ goto cleanup; -+ } ++ sizeof (struct acl_role_label))) ++ return -EFAULT; + + len = strnlen_user(r_tmp->rolename, GR_SPROLE_LEN); + -+ if (!len || len >= PATH_MAX) { -+ err = -EINVAL; -+ goto cleanup; -+ } ++ if (!len || len >= PATH_MAX) ++ return -EINVAL; ++ ++ if ((tmp = (char *) acl_alloc(len)) == NULL) ++ return -ENOMEM; ++ ++ if (copy_from_user(tmp, r_tmp->rolename, len)) ++ return -EFAULT; + -+ if ((tmp = (char *) acl_alloc(len)) == NULL) { -+ err = -ENOMEM; -+ goto cleanup; -+ } -+ if (copy_from_user(tmp, r_tmp->rolename, len)) { -+ err = -EFAULT; -+ goto cleanup; -+ } + tmp[len-1] = '\0'; + r_tmp->rolename = tmp; + @@ -52504,14 +51148,11 @@ index 0000000..2733872 + kernel_role = r_tmp; + } + -+ if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL) { -+ err = -ENOMEM; -+ goto cleanup; -+ } -+ if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct))) { -+ err = -EFAULT; -+ goto cleanup; -+ } ++ if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL) ++ return -ENOMEM; ++ ++ if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct))) ++ return -EFAULT; + + r_tmp->hash = ghash; + @@ -52522,32 +51163,28 @@ index 0000000..2733872 + (struct acl_subject_label **) + create_table(&(r_tmp->subj_hash_size), sizeof(void *)); + -+ if (!r_tmp->subj_hash) { -+ err = -ENOMEM; -+ goto cleanup; -+ } ++ if (!r_tmp->subj_hash) ++ return -ENOMEM; + + err = copy_user_allowedips(r_tmp); + if (err) -+ goto cleanup; ++ return err; + + /* copy domain info */ + if (r_tmp->domain_children != NULL) { + domainlist = acl_alloc_num(r_tmp->domain_child_num, sizeof(uid_t)); -+ if (domainlist == NULL) { -+ err = -ENOMEM; -+ goto cleanup; -+ } -+ if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t))) { -+ err = -EFAULT; -+ goto cleanup; -+ } ++ if (domainlist == NULL) ++ return -ENOMEM; ++ ++ if (copy_from_user(domainlist, r_tmp->domain_children, r_tmp->domain_child_num * sizeof(uid_t))) ++ return -EFAULT; ++ + r_tmp->domain_children = domainlist; + } + + err = copy_user_transitions(r_tmp); + if (err) -+ goto cleanup; ++ return err; + + memset(r_tmp->subj_hash, 0, + r_tmp->subj_hash_size * @@ -52556,7 +51193,7 @@ index 0000000..2733872 + err = copy_user_subjs(r_tmp->hash->first, r_tmp); + + if (err) -+ goto cleanup; ++ return err; + + /* set nested subject list to null */ + r_tmp->hash->first = NULL; @@ -52564,12 +51201,10 @@ index 0000000..2733872 + insert_acl_role_label(r_tmp); + } + -+ goto return_err; -+ cleanup: -+ free_variables(); -+ return_err: -+ return err; ++ if (default_role == NULL || kernel_role == NULL) ++ return -EINVAL; + ++ return err; +} + +static int @@ -52811,6 +51446,7 @@ index 0000000..2733872 +{ + struct dentry *dentry = (struct dentry *) l_dentry; + struct vfsmount *mnt = (struct vfsmount *) l_mnt; ++ struct mount *real_mnt = real_mount(mnt); + struct acl_object_label *retval; + struct dentry *parent; + @@ -52835,15 +51471,16 @@ index 0000000..2733872 + break; + + if (dentry == mnt->mnt_root || IS_ROOT(dentry)) { -+ if (mnt->mnt_parent == mnt) ++ if (!mnt_has_parent(real_mnt)) + break; + + retval = full_lookup(l_dentry, l_mnt, dentry, subj, &path, checkglob); + if (retval != NULL) + goto out; + -+ dentry = mnt->mnt_mountpoint; -+ mnt = mnt->mnt_parent; ++ dentry = real_mnt->mnt_mountpoint; ++ real_mnt = real_mnt->mnt_parent; ++ mnt = &real_mnt->mnt; + continue; + } + @@ -52898,6 +51535,7 @@ index 0000000..2733872 +{ + struct dentry *dentry = (struct dentry *) l_dentry; + struct vfsmount *mnt = (struct vfsmount *) l_mnt; ++ struct mount *real_mnt = real_mount(mnt); + struct acl_subject_label *retval; + struct dentry *parent; + @@ -52908,7 +51546,7 @@ index 0000000..2733872 + if (dentry == real_root.dentry && mnt == real_root.mnt) + break; + if (dentry == mnt->mnt_root || IS_ROOT(dentry)) { -+ if (mnt->mnt_parent == mnt) ++ if (!mnt_has_parent(real_mnt)) + break; + + spin_lock(&dentry->d_lock); @@ -52921,8 +51559,9 @@ index 0000000..2733872 + if (retval != NULL) + goto out; + -+ dentry = mnt->mnt_mountpoint; -+ mnt = mnt->mnt_parent; ++ dentry = real_mnt->mnt_mountpoint; ++ real_mnt = real_mnt->mnt_parent; ++ mnt = &real_mnt->mnt; + continue; + } + @@ -55236,10 +53875,10 @@ index 0000000..34fefda +} diff --git a/grsecurity/gracl_cap.c b/grsecurity/gracl_cap.c new file mode 100644 -index 0000000..955ddfb +index 0000000..6d21049 --- /dev/null +++ b/grsecurity/gracl_cap.c -@@ -0,0 +1,101 @@ +@@ -0,0 +1,110 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -55250,11 +53889,8 @@ index 0000000..955ddfb +extern const char *captab_log[]; +extern int captab_log_entries; + -+int -+gr_acl_is_capable(const int cap) ++int gr_task_acl_is_capable(const struct task_struct *task, const struct cred *cred, const int cap) +{ -+ struct task_struct *task = current; -+ const struct cred *cred = current_cred(); + struct acl_subject_label *curracl; + kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set; + kernel_cap_t cap_audit = __cap_empty_set; @@ -55305,11 +53941,17 @@ index 0000000..955ddfb + + if ((cap >= 0) && (cap < captab_log_entries) && cap_raised(cred->cap_effective, cap) && !cap_raised(cap_audit, cap)) + gr_log_cap(GR_DONT_AUDIT, GR_CAP_ACL_MSG, task, captab_log[cap]); ++ + return 0; +} + +int -+gr_acl_is_capable_nolog(const int cap) ++gr_acl_is_capable(const int cap) ++{ ++ return gr_task_acl_is_capable(current, current_cred(), cap); ++} ++ ++int gr_task_acl_is_capable_nolog(const struct task_struct *task, const int cap) +{ + struct acl_subject_label *curracl; + kernel_cap_t cap_drop = __cap_empty_set, cap_mask = __cap_empty_set; @@ -55317,7 +53959,7 @@ index 0000000..955ddfb + if (!gr_acl_is_enabled()) + return 1; + -+ curracl = current->acl; ++ curracl = task->acl; + + cap_drop = curracl->cap_lower; + cap_mask = curracl->cap_mask; @@ -55341,6 +53983,12 @@ index 0000000..955ddfb + return 0; +} + ++int ++gr_acl_is_capable_nolog(const int cap) ++{ ++ return gr_task_acl_is_capable_nolog(current, cap); ++} ++ diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c new file mode 100644 index 0000000..88d0e87 @@ -56834,10 +55482,10 @@ index 0000000..bc0be01 +} diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c new file mode 100644 -index 0000000..a2dc675 +index 0000000..9807ee2 --- /dev/null +++ b/grsecurity/grsec_chroot.c -@@ -0,0 +1,351 @@ +@@ -0,0 +1,368 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -56845,7 +55493,7 @@ index 0000000..a2dc675 +#include <linux/fs.h> +#include <linux/mount.h> +#include <linux/types.h> -+#include <linux/pid_namespace.h> ++#include "../fs/mount.h" +#include <linux/grsecurity.h> +#include <linux/grinternal.h> + @@ -56853,7 +55501,7 @@ index 0000000..a2dc675 +{ +#ifdef CONFIG_GRKERNSEC + if (task->pid > 1 && path->dentry != init_task.fs->root.dentry && -+ path->dentry != task->nsproxy->mnt_ns->root->mnt_root) ++ path->dentry != task->nsproxy->mnt_ns->root->mnt.mnt_root) + task->gr_is_chrooted = 1; + else + task->gr_is_chrooted = 0; @@ -57122,15 +55770,14 @@ index 0000000..a2dc675 +extern int captab_log_entries; + +int -+gr_chroot_is_capable(const int cap) ++gr_task_chroot_is_capable(const struct task_struct *task, const struct cred *cred, const int cap) +{ +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS -+ if (grsec_enable_chroot_caps && proc_is_chrooted(current)) { ++ if (grsec_enable_chroot_caps && proc_is_chrooted(task)) { + kernel_cap_t chroot_caps = GR_CHROOT_CAPS; + if (cap_raised(chroot_caps, cap)) { -+ const struct cred *creds = current_cred(); -+ if (cap_raised(creds->cap_effective, cap) && cap < captab_log_entries) { -+ gr_log_cap(GR_DONT_AUDIT, GR_CAP_CHROOT_MSG, current, captab_log[cap]); ++ if (cap_raised(cred->cap_effective, cap) && cap < captab_log_entries) { ++ gr_log_cap(GR_DONT_AUDIT, GR_CAP_CHROOT_MSG, task, captab_log[cap]); + } + return 0; + } @@ -57140,10 +55787,19 @@ index 0000000..a2dc675 +} + +int -+gr_chroot_is_capable_nolog(const int cap) ++gr_chroot_is_capable(const int cap) ++{ ++#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS ++ return gr_task_chroot_is_capable(current, current_cred(), cap); ++#endif ++ return 1; ++} ++ ++int ++gr_task_chroot_is_capable_nolog(const struct task_struct *task, const int cap) +{ +#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS -+ if (grsec_enable_chroot_caps && proc_is_chrooted(current)) { ++ if (grsec_enable_chroot_caps && proc_is_chrooted(task)) { + kernel_cap_t chroot_caps = GR_CHROOT_CAPS; + if (cap_raised(chroot_caps, cap)) { + return 0; @@ -57154,6 +55810,15 @@ index 0000000..a2dc675 +} + +int ++gr_chroot_is_capable_nolog(const int cap) ++{ ++#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS ++ return gr_task_chroot_is_capable_nolog(current, cap); ++#endif ++ return 1; ++} ++ ++int +gr_handle_chroot_sysctl(const int op) +{ +#ifdef CONFIG_GRKERNSEC_CHROOT_SYSCTL @@ -57634,10 +56299,10 @@ index 0000000..213ad8b +#endif diff --git a/grsecurity/grsec_exec.c b/grsecurity/grsec_exec.c new file mode 100644 -index 0000000..2b05ada +index 0000000..abfa971 --- /dev/null +++ b/grsecurity/grsec_exec.c -@@ -0,0 +1,146 @@ +@@ -0,0 +1,174 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/file.h> @@ -57715,8 +56380,12 @@ index 0000000..2b05ada +#ifdef CONFIG_GRKERNSEC +extern int gr_acl_is_capable(const int cap); +extern int gr_acl_is_capable_nolog(const int cap); ++extern int gr_task_acl_is_capable(const struct task_struct *task, const struct cred *cred, const int cap); ++extern int gr_task_acl_is_capable_nolog(const struct task_struct *task, const int cap); +extern int gr_chroot_is_capable(const int cap); +extern int gr_chroot_is_capable_nolog(const int cap); ++extern int gr_task_chroot_is_capable(const struct task_struct *task, const struct cred *cred, const int cap); ++extern int gr_task_chroot_is_capable_nolog(const struct task_struct *task, const int cap); +#endif + +const char *captab_log[] = { @@ -57771,6 +56440,17 @@ index 0000000..2b05ada +#endif +} + ++int gr_task_is_capable(const struct task_struct *task, const struct cred *cred, const int cap) ++{ ++#ifdef CONFIG_GRKERNSEC ++ if (gr_task_acl_is_capable(task, cred, cap) && gr_task_chroot_is_capable(task, cred, cap)) ++ return 1; ++ return 0; ++#else ++ return 1; ++#endif ++} ++ +int gr_is_capable_nolog(const int cap) +{ +#ifdef CONFIG_GRKERNSEC @@ -57782,8 +56462,21 @@ index 0000000..2b05ada +#endif +} + ++int gr_task_is_capable_nolog(const struct task_struct *task, const int cap) ++{ ++#ifdef CONFIG_GRKERNSEC ++ if (gr_task_acl_is_capable_nolog(task, cap) && gr_task_chroot_is_capable_nolog(task, cap)) ++ return 1; ++ return 0; ++#else ++ return 1; ++#endif ++} ++ +EXPORT_SYMBOL(gr_is_capable); +EXPORT_SYMBOL(gr_is_capable_nolog); ++EXPORT_SYMBOL(gr_task_is_capable); ++EXPORT_SYMBOL(gr_task_is_capable_nolog); diff --git a/grsecurity/grsec_fifo.c b/grsecurity/grsec_fifo.c new file mode 100644 index 0000000..d3ee748 @@ -60155,6 +58848,32 @@ index 0d68a1e..b74a761 100644 { machine_restart(NULL); } +diff --git a/include/asm-generic/int-l64.h b/include/asm-generic/int-l64.h +index 1ca3efc..e3dc852 100644 +--- a/include/asm-generic/int-l64.h ++++ b/include/asm-generic/int-l64.h +@@ -46,6 +46,8 @@ typedef unsigned int u32; + typedef signed long s64; + typedef unsigned long u64; + ++typedef unsigned int intoverflow_t __attribute__ ((mode(TI))); ++ + #define S8_C(x) x + #define U8_C(x) x ## U + #define S16_C(x) x +diff --git a/include/asm-generic/int-ll64.h b/include/asm-generic/int-ll64.h +index f394147..b6152b9 100644 +--- a/include/asm-generic/int-ll64.h ++++ b/include/asm-generic/int-ll64.h +@@ -51,6 +51,8 @@ typedef unsigned int u32; + typedef signed long long s64; + typedef unsigned long long u64; + ++typedef unsigned long long intoverflow_t; ++ + #define S8_C(x) x + #define U8_C(x) x ## U + #define S16_C(x) x diff --git a/include/asm-generic/kmap_types.h b/include/asm-generic/kmap_types.h index 0232ccb..13d9165 100644 --- a/include/asm-generic/kmap_types.h @@ -60277,88 +58996,6 @@ index 76bff2b..c7a14e2 100644 #endif /* !__ASSEMBLY__ */ #endif /* _ASM_GENERIC_PGTABLE_H */ -diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h -index ac68c99..b495b0a 100644 ---- a/include/asm-generic/uaccess.h -+++ b/include/asm-generic/uaccess.h -@@ -76,6 +76,8 @@ extern unsigned long search_exception_table(unsigned long); - */ - #ifndef __copy_from_user - static inline __must_check long __copy_from_user(void *to, -+ const void __user * from, unsigned long n) __size_overflow(3); -+static inline __must_check long __copy_from_user(void *to, - const void __user * from, unsigned long n) - { - if (__builtin_constant_p(n)) { -@@ -106,6 +108,8 @@ static inline __must_check long __copy_from_user(void *to, - - #ifndef __copy_to_user - static inline __must_check long __copy_to_user(void __user *to, -+ const void *from, unsigned long n) __size_overflow(3); -+static inline __must_check long __copy_to_user(void __user *to, - const void *from, unsigned long n) - { - if (__builtin_constant_p(n)) { -@@ -224,6 +228,7 @@ extern int __put_user_bad(void) __attribute__((noreturn)); - -EFAULT; \ - }) - -+static inline int __get_user_fn(size_t size, const void __user *ptr, void *x) __size_overflow(1); - static inline int __get_user_fn(size_t size, const void __user *ptr, void *x) - { - size = __copy_from_user(x, ptr, size); -@@ -240,6 +245,7 @@ extern int __get_user_bad(void) __attribute__((noreturn)); - #define __copy_to_user_inatomic __copy_to_user - #endif - -+static inline long copy_from_user(void *to, const void __user * from, unsigned long n) __size_overflow(3); - static inline long copy_from_user(void *to, - const void __user * from, unsigned long n) - { -@@ -250,6 +256,7 @@ static inline long copy_from_user(void *to, - return n; - } - -+static inline long copy_to_user(void __user *to, const void *from, unsigned long n) __size_overflow(3); - static inline long copy_to_user(void __user *to, - const void *from, unsigned long n) - { -@@ -265,6 +272,8 @@ static inline long copy_to_user(void __user *to, - */ - #ifndef __strncpy_from_user - static inline long -+__strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3); -+static inline long - __strncpy_from_user(char *dst, const char __user *src, long count) - { - char *tmp; -@@ -276,6 +285,8 @@ __strncpy_from_user(char *dst, const char __user *src, long count) - #endif - - static inline long -+strncpy_from_user(char *dst, const char __user *src, unsigned long count) __size_overflow(3); -+static inline long - strncpy_from_user(char *dst, const char __user *src, long count) - { - if (!access_ok(VERIFY_READ, src, 1)) -@@ -309,6 +320,8 @@ static inline long strlen_user(const char __user *src) - */ - #ifndef __clear_user - static inline __must_check unsigned long -+__clear_user(void __user *to, unsigned long n) __size_overflow(2); -+static inline __must_check unsigned long - __clear_user(void __user *to, unsigned long n) - { - memset((void __force *)to, 0, n); -@@ -317,6 +330,8 @@ __clear_user(void __user *to, unsigned long n) - #endif - - static inline __must_check unsigned long -+clear_user(void __user *to, unsigned long n) __size_overflow(2); -+static inline __must_check unsigned long - clear_user(void __user *to, unsigned long n) - { - might_sleep(); diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h index b5e2e4c..6a5373e 100644 --- a/include/asm-generic/vmlinux.lds.h @@ -60395,7 +59032,7 @@ index b5e2e4c..6a5373e 100644 /** * PERCPU_SECTION - define output section for percpu area, simple version diff --git a/include/drm/drmP.h b/include/drm/drmP.h -index bf4b2dc..2d0762f 100644 +index 92f0981..d44a37c 100644 --- a/include/drm/drmP.h +++ b/include/drm/drmP.h @@ -72,6 +72,7 @@ @@ -60425,7 +59062,7 @@ index bf4b2dc..2d0762f 100644 struct list_head filelist; diff --git a/include/drm/drm_crtc_helper.h b/include/drm/drm_crtc_helper.h -index 73b0712..0b7ef2f 100644 +index 37515d1..34fa8b0 100644 --- a/include/drm/drm_crtc_helper.h +++ b/include/drm/drm_crtc_helper.h @@ -74,7 +74,7 @@ struct drm_crtc_helper_funcs { @@ -60479,7 +59116,7 @@ index e86dfca..40cc55f 100644 #define N_MAGIC(exec) ((exec).a_info & 0xffff) #endif diff --git a/include/linux/atmdev.h b/include/linux/atmdev.h -index 49a83ca..df96b54 100644 +index f4ff882..84b53a6 100644 --- a/include/linux/atmdev.h +++ b/include/linux/atmdev.h @@ -237,7 +237,7 @@ struct compat_atm_iobuf { @@ -60492,27 +59129,10 @@ index 49a83ca..df96b54 100644 #undef __HANDLE_ITEM }; diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h -index fd88a39..8a801b4 100644 +index 0092102..8a801b4 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h -@@ -18,7 +18,7 @@ struct pt_regs; - #define BINPRM_BUF_SIZE 128 - - #ifdef __KERNEL__ --#include <linux/list.h> -+#include <linux/sched.h> - - #define CORENAME_MAX_SIZE 128 - -@@ -58,6 +58,7 @@ struct linux_binprm { - unsigned interp_flags; - unsigned interp_data; - unsigned long loader, exec; -+ char tcomm[TASK_COMM_LEN]; - }; - - #define BINPRM_FLAGS_ENFORCE_NONDUMP_BIT 0 -@@ -88,6 +89,7 @@ struct linux_binfmt { +@@ -89,6 +89,7 @@ struct linux_binfmt { int (*load_binary)(struct linux_binprm *, struct pt_regs * regs); int (*load_shlib)(struct file *); int (*core_dump)(struct coredump_params *cprm); @@ -60521,10 +59141,10 @@ index fd88a39..8a801b4 100644 }; diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h -index 0ed1eb0..3ab569b 100644 +index 606cf33..b72c577 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h -@@ -1315,7 +1315,7 @@ struct block_device_operations { +@@ -1379,7 +1379,7 @@ struct block_device_operations { /* this callback is with swap_lock and sometimes page table lock held */ void (*swap_slot_free_notify) (struct block_device *, unsigned long); struct module *owner; @@ -60630,16 +59250,15 @@ index 4c57065..4307975 100644 #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) #endif diff --git a/include/linux/capability.h b/include/linux/capability.h -index a63d13d..069bfd5 100644 +index 12d52de..b5f7fa7 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h -@@ -548,6 +548,9 @@ extern bool capable(int cap); +@@ -548,6 +548,8 @@ extern bool has_ns_capability_noaudit(struct task_struct *t, + extern bool capable(int cap); extern bool ns_capable(struct user_namespace *ns, int cap); - extern bool task_ns_capable(struct task_struct *t, int cap); extern bool nsown_capable(int cap); -+extern bool task_ns_capable_nolog(struct task_struct *t, int cap); -+extern bool ns_capable_nolog(struct user_namespace *ns, int cap); +extern bool capable_nolog(int cap); ++extern bool ns_capable_nolog(struct user_namespace *ns, int cap); /* audit system wants to get cap info from files as well */ extern int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data *cpu_caps); @@ -60657,11 +59276,11 @@ index 04ffb2e..6799180 100644 extern struct cleancache_ops cleancache_register_ops(struct cleancache_ops *ops); diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h -index dfadc96..d90deca 100644 +index 2f40791..89a56fd 100644 --- a/include/linux/compiler-gcc4.h +++ b/include/linux/compiler-gcc4.h -@@ -31,6 +31,15 @@ - +@@ -32,6 +32,12 @@ + #define __linktime_error(message) __attribute__((__error__(message))) #if __GNUC_MINOR__ >= 5 + @@ -60670,13 +59289,10 @@ index dfadc96..d90deca 100644 +#define __do_const __attribute__((do_const)) +#endif + -+#ifdef SIZE_OVERFLOW_PLUGIN -+#define __size_overflow(...) __attribute__((size_overflow(__VA_ARGS__))) -+#endif /* * Mark a position in code as unreachable. This can be used to * suppress control flow warnings after asm blocks that transfer -@@ -46,6 +55,11 @@ +@@ -47,6 +53,11 @@ #define __noclone __attribute__((__noclone__)) #endif @@ -60689,7 +59305,7 @@ index dfadc96..d90deca 100644 #if __GNUC_MINOR__ > 0 diff --git a/include/linux/compiler.h b/include/linux/compiler.h -index 320d6c9..1221a6b 100644 +index 4a24354..9570c1b 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -5,31 +5,62 @@ @@ -60765,7 +59381,7 @@ index 320d6c9..1221a6b 100644 #endif #ifdef __KERNEL__ -@@ -264,6 +297,17 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); +@@ -264,6 +297,14 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); # define __attribute_const__ /* unimplemented */ #endif @@ -60777,13 +59393,10 @@ index 320d6c9..1221a6b 100644 +# define __do_const +#endif + -+#ifndef __size_overflow -+# define __size_overflow(...) -+#endif /* * Tell gcc if a function is cold. The compiler will assume any path * directly leading to the call is unlikely. -@@ -273,6 +317,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); +@@ -273,6 +314,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); #define __cold #endif @@ -60806,7 +59419,7 @@ index 320d6c9..1221a6b 100644 /* Simple shorthand for a section definition */ #ifndef __section # define __section(S) __attribute__ ((__section__(#S))) -@@ -306,6 +366,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); +@@ -308,6 +365,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); * use is to mediate communication between process-level code and irq/NMI * handlers, all running on the same CPU. */ @@ -60828,21 +59441,8 @@ index e9eaec5..bfeb9bb 100644 } static inline void set_mems_allowed(nodemask_t nodemask) -diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h -index b936763..48685ee 100644 ---- a/include/linux/crash_dump.h -+++ b/include/linux/crash_dump.h -@@ -14,7 +14,7 @@ extern unsigned long long elfcorehdr_addr; - extern unsigned long long elfcorehdr_size; - - extern ssize_t copy_oldmem_page(unsigned long, char *, size_t, -- unsigned long, int); -+ unsigned long, int) __size_overflow(3); - - /* Architecture code defines this if there are other possible ELF - * machine types, e.g. on bi-arch capable hardware. */ diff --git a/include/linux/cred.h b/include/linux/cred.h -index 4030896..8d6f342 100644 +index adadf71..6af5560 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h @@ -207,6 +207,9 @@ static inline void validate_creds_for_do_exit(struct task_struct *tsk) @@ -60911,10 +59511,10 @@ index e13117c..e9fc938 100644 #define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1)) diff --git a/include/linux/efi.h b/include/linux/efi.h -index 2362a0b..cfaf8fcc 100644 +index 37c3007..92ab679 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -446,7 +446,7 @@ struct efivar_operations { +@@ -580,7 +580,7 @@ struct efivar_operations { efi_get_variable_t *get_variable; efi_get_next_variable_t *get_next_variable; efi_set_variable_t *set_variable; @@ -60924,10 +59524,10 @@ index 2362a0b..cfaf8fcc 100644 struct efivars { /* diff --git a/include/linux/elf.h b/include/linux/elf.h -index 31f0508..5421c01 100644 +index 999b4f5..57753b4 100644 --- a/include/linux/elf.h +++ b/include/linux/elf.h -@@ -49,6 +49,17 @@ typedef __s64 Elf64_Sxword; +@@ -40,6 +40,17 @@ typedef __s64 Elf64_Sxword; #define PT_GNU_EH_FRAME 0x6474e550 #define PT_GNU_STACK (PT_LOOS + 0x474e551) @@ -60945,7 +59545,7 @@ index 31f0508..5421c01 100644 /* * Extended Numbering -@@ -106,6 +117,8 @@ typedef __s64 Elf64_Sxword; +@@ -97,6 +108,8 @@ typedef __s64 Elf64_Sxword; #define DT_DEBUG 21 #define DT_TEXTREL 22 #define DT_JMPREL 23 @@ -60954,7 +59554,7 @@ index 31f0508..5421c01 100644 #define DT_ENCODING 32 #define OLD_DT_LOOS 0x60000000 #define DT_LOOS 0x6000000d -@@ -252,6 +265,19 @@ typedef struct elf64_hdr { +@@ -243,6 +256,19 @@ typedef struct elf64_hdr { #define PF_W 0x2 #define PF_X 0x1 @@ -60974,7 +59574,7 @@ index 31f0508..5421c01 100644 typedef struct elf32_phdr{ Elf32_Word p_type; Elf32_Off p_offset; -@@ -344,6 +370,8 @@ typedef struct elf64_shdr { +@@ -335,6 +361,8 @@ typedef struct elf64_shdr { #define EI_OSABI 7 #define EI_PAD 8 @@ -60983,7 +59583,7 @@ index 31f0508..5421c01 100644 #define ELFMAG0 0x7f /* EI_MAG */ #define ELFMAG1 'E' #define ELFMAG2 'L' -@@ -423,6 +451,7 @@ extern Elf32_Dyn _DYNAMIC []; +@@ -421,6 +449,7 @@ extern Elf32_Dyn _DYNAMIC []; #define elf_note elf32_note #define elf_addr_t Elf32_Off #define Elf_Half Elf32_Half @@ -60991,7 +59591,7 @@ index 31f0508..5421c01 100644 #else -@@ -433,6 +462,7 @@ extern Elf64_Dyn _DYNAMIC []; +@@ -431,6 +460,7 @@ extern Elf64_Dyn _DYNAMIC []; #define elf_note elf64_note #define elf_addr_t Elf64_Off #define Elf_Half Elf64_Half @@ -61035,10 +59635,10 @@ index 84ccf8e..2e9b14c 100644 }; diff --git a/include/linux/fs.h b/include/linux/fs.h -index 10b2288..09180e4 100644 +index 69cd5bb..58425c2 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h -@@ -1609,7 +1609,8 @@ struct file_operations { +@@ -1623,7 +1623,8 @@ struct file_operations { int (*setlease)(struct file *, long, struct file_lock **); long (*fallocate)(struct file *file, int mode, loff_t offset, loff_t len); @@ -61131,7 +59731,7 @@ index c3da42d..c70e0df 100644 int trace_set_clr_event(const char *system, const char *event, int set); diff --git a/include/linux/genhd.h b/include/linux/genhd.h -index c6f7f6a..aa0f7d3 100644 +index e61d319..0da8505 100644 --- a/include/linux/genhd.h +++ b/include/linux/genhd.h @@ -185,7 +185,7 @@ struct gendisk { @@ -61973,10 +60573,10 @@ index 0000000..ae576a1 +#define GR_BADPROCPID_MSG "denied read of sensitive /proc/pid/%s entry via fd passed across exec by " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..2ccf677 +index 0000000..acd05db --- /dev/null +++ b/include/linux/grsecurity.h -@@ -0,0 +1,229 @@ +@@ -0,0 +1,232 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include <linux/fs.h> @@ -62088,6 +60688,9 @@ index 0000000..2ccf677 + +int gr_is_capable(const int cap); +int gr_is_capable_nolog(const int cap); ++int gr_task_is_capable(const struct task_struct *task, const struct cred *cred, const int cap); ++int gr_task_is_capable_nolog(const struct task_struct *task, const int cap); ++ +void gr_learn_resource(const struct task_struct *task, const int limit, + const unsigned long wanted, const int gt); +void gr_copy_label(struct task_struct *tsk); @@ -62232,10 +60835,10 @@ index 0000000..e7ffaaf + +#endif diff --git a/include/linux/hid.h b/include/linux/hid.h -index c235e4e..f0cf7a0 100644 +index 3a95da6..51986f1 100644 --- a/include/linux/hid.h +++ b/include/linux/hid.h -@@ -679,7 +679,7 @@ struct hid_ll_driver { +@@ -696,7 +696,7 @@ struct hid_ll_driver { unsigned int code, int value); int (*parse)(struct hid_device *hdev); @@ -62268,7 +60871,7 @@ index 3a93f73..b19d0b3 100644 unsigned start1, unsigned end1, unsigned start2, unsigned end2) diff --git a/include/linux/i2c.h b/include/linux/i2c.h -index 07d103a..04ec65b 100644 +index 8e25a91..551b161 100644 --- a/include/linux/i2c.h +++ b/include/linux/i2c.h @@ -364,6 +364,7 @@ struct i2c_algorithm { @@ -62292,11 +60895,32 @@ index a6deef4..c56a7f2 100644 struct list_head context_list; /* list of context id's and pointers */ #endif +diff --git a/include/linux/if_team.h b/include/linux/if_team.h +index 58404b0..439ed95 100644 +--- a/include/linux/if_team.h ++++ b/include/linux/if_team.h +@@ -64,6 +64,7 @@ struct team_mode_ops { + void (*port_leave)(struct team *team, struct team_port *port); + void (*port_change_mac)(struct team *team, struct team_port *port); + }; ++typedef struct team_mode_ops __no_const team_mode_ops_no_const; + + enum team_option_type { + TEAM_OPTION_TYPE_U32, +@@ -112,7 +113,7 @@ struct team { + struct list_head option_list; + + const struct team_mode *mode; +- struct team_mode_ops ops; ++ team_mode_ops_no_const ops; + long mode_priv[TEAM_MODE_PRIV_LONGS]; + }; + diff --git a/include/linux/init.h b/include/linux/init.h -index 9146f39..885354d 100644 +index 6b95109..4aca62c 100644 --- a/include/linux/init.h +++ b/include/linux/init.h -@@ -293,13 +293,13 @@ void __init parse_early_options(char *cmdline); +@@ -294,13 +294,13 @@ void __init parse_early_options(char *cmdline); /* Each module must use one module_init(). */ #define module_init(initfn) \ @@ -62313,10 +60937,10 @@ index 9146f39..885354d 100644 void cleanup_module(void) __attribute__((alias(#exitfn))); diff --git a/include/linux/init_task.h b/include/linux/init_task.h -index 32574ee..00d4ef1 100644 +index 9c66b1a..a3fdded 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h -@@ -128,6 +128,12 @@ extern struct cred init_cred; +@@ -127,6 +127,12 @@ extern struct cred init_cred; #define INIT_TASK_COMM "swapper" @@ -62329,7 +60953,7 @@ index 32574ee..00d4ef1 100644 /* * INIT_TASK is used to set up the first task table, touch at * your own risk!. Base=0, limit=0x1fffff (=2MB) -@@ -166,6 +172,7 @@ extern struct cred init_cred; +@@ -165,6 +171,7 @@ extern struct cred init_cred; RCU_INIT_POINTER(.cred, &init_cred), \ .comm = INIT_TASK_COMM, \ .thread = INIT_THREAD, \ @@ -62441,7 +61065,7 @@ index fa39183..40160be 100644 extern struct kgdb_arch arch_kgdb_ops; diff --git a/include/linux/kmod.h b/include/linux/kmod.h -index b16f653..eb908f4 100644 +index 722f477..eef2a27 100644 --- a/include/linux/kmod.h +++ b/include/linux/kmod.h @@ -34,6 +34,8 @@ extern char modprobe_path[]; /* for sysctl */ @@ -62453,11 +61077,24 @@ index b16f653..eb908f4 100644 #define request_module(mod...) __request_module(true, mod) #define request_module_nowait(mod...) __request_module(false, mod) #define try_then_request_module(x, mod...) \ +diff --git a/include/linux/kref.h b/include/linux/kref.h +index 9c07dce..a92fa71 100644 +--- a/include/linux/kref.h ++++ b/include/linux/kref.h +@@ -63,7 +63,7 @@ static inline void kref_get(struct kref *kref) + static inline int kref_sub(struct kref *kref, unsigned int count, + void (*release)(struct kref *kref)) + { +- WARN_ON(release == NULL); ++ BUG_ON(release == NULL); + + if (atomic_sub_and_test((int) count, &kref->refcount)) { + release(kref); diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index d526231..c9599fc 100644 +index 900c763..43260cf 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h -@@ -308,7 +308,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); +@@ -326,7 +326,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); void vcpu_load(struct kvm_vcpu *vcpu); void vcpu_put(struct kvm_vcpu *vcpu); @@ -62466,34 +61103,7 @@ index d526231..c9599fc 100644 struct module *module); void kvm_exit(void); -@@ -385,20 +385,20 @@ void kvm_get_pfn(pfn_t pfn); - int kvm_read_guest_page(struct kvm *kvm, gfn_t gfn, void *data, int offset, - int len); - int kvm_read_guest_atomic(struct kvm *kvm, gpa_t gpa, void *data, -- unsigned long len); --int kvm_read_guest(struct kvm *kvm, gpa_t gpa, void *data, unsigned long len); -+ unsigned long len) __size_overflow(4); -+int kvm_read_guest(struct kvm *kvm, gpa_t gpa, void *data, unsigned long len) __size_overflow(2,4); - int kvm_read_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc, -- void *data, unsigned long len); -+ void *data, unsigned long len) __size_overflow(4); - int kvm_write_guest_page(struct kvm *kvm, gfn_t gfn, const void *data, - int offset, int len); - int kvm_write_guest(struct kvm *kvm, gpa_t gpa, const void *data, -- unsigned long len); -+ unsigned long len) __size_overflow(2,4); - int kvm_write_guest_cached(struct kvm *kvm, struct gfn_to_hva_cache *ghc, -- void *data, unsigned long len); -+ void *data, unsigned long len) __size_overflow(4); - int kvm_gfn_to_hva_cache_init(struct kvm *kvm, struct gfn_to_hva_cache *ghc, - gpa_t gpa); - int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len); --int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len); -+int kvm_clear_guest(struct kvm *kvm, gpa_t gpa, unsigned long len) __size_overflow(2,3); - struct kvm_memory_slot *gfn_to_memslot(struct kvm *kvm, gfn_t gfn); - int kvm_is_visible_gfn(struct kvm *kvm, gfn_t gfn); - unsigned long kvm_host_page_size(struct kvm *kvm, gfn_t gfn); -@@ -454,7 +454,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, +@@ -485,7 +485,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg); int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run); @@ -62502,15 +61112,6 @@ index d526231..c9599fc 100644 void kvm_arch_exit(void); int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); -@@ -690,7 +690,7 @@ int kvm_setup_default_irq_routing(struct kvm *kvm); - int kvm_set_irq_routing(struct kvm *kvm, - const struct kvm_irq_routing_entry *entries, - unsigned nr, -- unsigned flags); -+ unsigned flags) __size_overflow(3); - void kvm_free_irq_routing(struct kvm *kvm); - - #else diff --git a/include/linux/libata.h b/include/linux/libata.h index cafc09a..d7e7829 100644 --- a/include/linux/libata.h @@ -62538,10 +61139,10 @@ index 3797270..7765ede 100644 struct mca_bus { u64 default_dma_mask; diff --git a/include/linux/memory.h b/include/linux/memory.h -index 935699b..11042cc 100644 +index 1ac7f6e..a5794d0 100644 --- a/include/linux/memory.h +++ b/include/linux/memory.h -@@ -144,7 +144,7 @@ struct memory_accessor { +@@ -143,7 +143,7 @@ struct memory_accessor { size_t count); ssize_t (*write)(struct memory_accessor *, const char *buf, off_t offset, size_t count); @@ -62563,7 +61164,7 @@ index 9970337..9444122 100644 int abx500_register_ops(struct device *core_dev, struct abx500_ops *ops); void abx500_remove_ops(struct device *dev); diff --git a/include/linux/mm.h b/include/linux/mm.h -index 4baadd1..2e0b45e 100644 +index 17b27cd..467ba2f 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -115,7 +115,14 @@ extern unsigned int kobjsize(const void *objp); @@ -62632,7 +61233,7 @@ index 4baadd1..2e0b45e 100644 int vma_wants_writenotify(struct vm_area_struct *vma); extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, -@@ -1419,6 +1407,7 @@ out: +@@ -1409,6 +1397,7 @@ out: } extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -62640,7 +61241,7 @@ index 4baadd1..2e0b45e 100644 extern unsigned long do_brk(unsigned long, unsigned long); -@@ -1476,6 +1465,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +@@ -1466,6 +1455,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -62651,8 +61252,8 @@ index 4baadd1..2e0b45e 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1492,15 +1485,6 @@ static inline unsigned long vma_pages(struct vm_area_struct *vma) - return (vma->vm_end - vma->vm_start) >> PAGE_SHIFT; +@@ -1494,15 +1487,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, + return vma; } -#ifdef CONFIG_MMU @@ -62667,7 +61268,7 @@ index 4baadd1..2e0b45e 100644 struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr); int remap_pfn_range(struct vm_area_struct *, unsigned long addr, unsigned long pfn, unsigned long size, pgprot_t); -@@ -1614,7 +1598,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -1606,7 +1590,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -62676,9 +61277,9 @@ index 4baadd1..2e0b45e 100644 extern int soft_offline_page(struct page *page, int flags); extern void dump_page(struct page *page); -@@ -1628,5 +1612,11 @@ extern void copy_user_huge_page(struct page *dst, struct page *src, - unsigned int pages_per_huge_page); - #endif /* CONFIG_TRANSPARENT_HUGEPAGE || CONFIG_HUGETLBFS */ +@@ -1637,5 +1621,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; } + static inline bool page_is_guard(struct page *page) { return false; } + #endif /* CONFIG_DEBUG_PAGEALLOC */ +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT +extern void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot); @@ -62689,10 +61290,10 @@ index 4baadd1..2e0b45e 100644 #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h -index 5b42f1b..759e4b4 100644 +index 3cc3062..8947a82 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h -@@ -253,6 +253,8 @@ struct vm_area_struct { +@@ -252,6 +252,8 @@ struct vm_area_struct { #ifdef CONFIG_NUMA struct mempolicy *vm_policy; /* NUMA policy for the VMA */ #endif @@ -62701,7 +61302,7 @@ index 5b42f1b..759e4b4 100644 }; struct core_thread { -@@ -389,6 +391,24 @@ struct mm_struct { +@@ -388,6 +390,24 @@ struct mm_struct { #ifdef CONFIG_CPUMASK_OFFSTACK struct cpumask cpumask_allocation; #endif @@ -62747,10 +61348,10 @@ index 1d1b1e1..2a13c78 100644 #define pmdp_clear_flush_notify(__vma, __address, __pmdp) \ diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h -index 188cb2f..d78409b 100644 +index 650ba2f..af0a58c 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h -@@ -369,7 +369,7 @@ struct zone { +@@ -379,7 +379,7 @@ struct zone { unsigned long flags; /* zone flags, see below */ /* Zone statistics */ @@ -62760,7 +61361,7 @@ index 188cb2f..d78409b 100644 /* * The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h -index 468819c..17b9db3 100644 +index 83ac071..2656e0e 100644 --- a/include/linux/mod_devicetable.h +++ b/include/linux/mod_devicetable.h @@ -12,7 +12,7 @@ @@ -62782,7 +61383,7 @@ index 468819c..17b9db3 100644 struct hid_device_id { __u16 bus; diff --git a/include/linux/module.h b/include/linux/module.h -index 3cb7839..511cb87 100644 +index 4598bf0..e069d7f 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -17,6 +17,7 @@ @@ -62793,7 +61394,7 @@ index 3cb7839..511cb87 100644 #include <linux/percpu.h> #include <asm/module.h> -@@ -261,19 +262,16 @@ struct module +@@ -275,19 +276,16 @@ struct module int (*init)(void); /* If this is non-NULL, vfree after init() returns */ @@ -62817,7 +61418,7 @@ index 3cb7839..511cb87 100644 /* Arch-specific module values */ struct mod_arch_specific arch; -@@ -329,6 +327,10 @@ struct module +@@ -343,6 +341,10 @@ struct module #ifdef CONFIG_EVENT_TRACING struct ftrace_event_call **trace_events; unsigned int num_trace_events; @@ -62828,7 +61429,7 @@ index 3cb7839..511cb87 100644 #endif #ifdef CONFIG_FTRACE_MCOUNT_RECORD unsigned int num_ftrace_callsites; -@@ -379,16 +381,46 @@ bool is_module_address(unsigned long addr); +@@ -390,16 +392,46 @@ bool is_module_address(unsigned long addr); bool is_module_percpu_address(unsigned long addr); bool is_module_text_address(unsigned long addr); @@ -62880,22 +61481,19 @@ index 3cb7839..511cb87 100644 /* Search for module by name: must hold module_mutex. */ diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h -index b2be02e..edb10c9 100644 +index b2be02e..6a9fdb1 100644 --- a/include/linux/moduleloader.h +++ b/include/linux/moduleloader.h -@@ -23,11 +23,23 @@ unsigned int arch_mod_section_prepend(struct module *mod, unsigned int section); - - /* Allocator used for allocating struct module, core sections and init +@@ -25,9 +25,21 @@ unsigned int arch_mod_section_prepend(struct module *mod, unsigned int section); sections. Returns NULL on failure. */ --void *module_alloc(unsigned long size); -+void *module_alloc(unsigned long size) __size_overflow(1); -+ + void *module_alloc(unsigned long size); + +#ifdef CONFIG_PAX_KERNEXEC +void *module_alloc_exec(unsigned long size); +#else +#define module_alloc_exec(x) module_alloc(x) +#endif - ++ /* Free memory returned from module_alloc. */ void module_free(struct module *mod, void *module_region); @@ -62909,7 +61507,7 @@ index b2be02e..edb10c9 100644 or 0. */ int apply_relocate(Elf_Shdr *sechdrs, diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h -index 7939f63..ec6df57 100644 +index c47f4d6..23f9bdb 100644 --- a/include/linux/moduleparam.h +++ b/include/linux/moduleparam.h @@ -260,7 +260,7 @@ static inline void __kernel_param_unlock(void) @@ -62921,27 +61519,15 @@ index 7939f63..ec6df57 100644 = { len, string }; \ __module_param_call(MODULE_PARAM_PREFIX, name, \ ¶m_ops_string, \ -@@ -395,7 +395,7 @@ extern int param_get_invbool(char *buffer, const struct kernel_param *kp); - * module_param_named() for why this might be necessary. +@@ -396,7 +396,7 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp); */ #define module_param_array_named(name, array, type, nump, perm) \ + param_check_##type(name, &(array)[0]); \ - static const struct kparam_array __param_arr_##name \ + static const struct kparam_array __param_arr_##name __used \ = { .max = ARRAY_SIZE(array), .num = nump, \ .ops = ¶m_ops_##type, \ .elemsize = sizeof(array[0]), .elem = array }; \ -diff --git a/include/linux/mtd/map.h b/include/linux/mtd/map.h -index a9e6ba4..0f9e29b 100644 ---- a/include/linux/mtd/map.h -+++ b/include/linux/mtd/map.h -@@ -25,6 +25,7 @@ - #include <linux/types.h> - #include <linux/list.h> - #include <linux/string.h> -+#include <linux/kernel.h> - #include <linux/bug.h> - - diff --git a/include/linux/namei.h b/include/linux/namei.h index ffc0213..2c1f2cb 100644 --- a/include/linux/namei.h @@ -62971,18 +61557,18 @@ index ffc0213..2c1f2cb 100644 return nd->saved_names[nd->depth]; } diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index a82ad4d..90d15b7 100644 +index 0eac07c..a59f6a8 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -949,6 +949,7 @@ struct net_device_ops { - int (*ndo_set_features)(struct net_device *dev, - u32 features); +@@ -1002,6 +1002,7 @@ struct net_device_ops { + int (*ndo_neigh_construct)(struct neighbour *n); + void (*ndo_neigh_destroy)(struct neighbour *n); }; +typedef struct net_device_ops __no_const net_device_ops_no_const; /* * The DEVICE structure. -@@ -1088,7 +1089,7 @@ struct net_device { +@@ -1063,7 +1064,7 @@ struct net_device { int iflink; struct net_device_stats stats; @@ -63020,7 +61606,7 @@ index c65a18a..0c05f3a 100644 extern void *prom_early_alloc(unsigned long size); diff --git a/include/linux/oprofile.h b/include/linux/oprofile.h -index a4c5624..2dabfb7 100644 +index a4c5624..79d6d88 100644 --- a/include/linux/oprofile.h +++ b/include/linux/oprofile.h @@ -139,9 +139,9 @@ int oprofilefs_create_ulong(struct super_block * sb, struct dentry * root, @@ -63035,15 +61621,6 @@ index a4c5624..2dabfb7 100644 /** create a directory */ struct dentry * oprofilefs_mkdir(struct super_block * sb, struct dentry * root, -@@ -163,7 +163,7 @@ ssize_t oprofilefs_ulong_to_user(unsigned long val, char __user * buf, size_t co - * Read an ASCII string for a number from a userspace buffer and fill *val on success. - * Returns 0 on success, < 0 on error. - */ --int oprofilefs_ulong_from_user(unsigned long * val, char const __user * buf, size_t count); -+int oprofilefs_ulong_from_user(unsigned long * val, char const __user * buf, size_t count) __size_overflow(3); - - /** lock for read/write safety */ - extern raw_spinlock_t oprofilefs_lock; diff --git a/include/linux/padata.h b/include/linux/padata.h index 4633b2f..988bc08 100644 --- a/include/linux/padata.h @@ -63058,10 +61635,10 @@ index 4633b2f..988bc08 100644 atomic_t refcnt; unsigned int max_seq_nr; diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h -index b1f8912..c955bff 100644 +index abb2776..d8b8e15 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h -@@ -748,8 +748,8 @@ struct perf_event { +@@ -750,8 +750,8 @@ struct perf_event { enum perf_event_active_state state; unsigned int attach_state; @@ -63072,7 +61649,7 @@ index b1f8912..c955bff 100644 /* * These are the total time in nanoseconds that the event -@@ -800,8 +800,8 @@ struct perf_event { +@@ -802,8 +802,8 @@ struct perf_event { * These accumulate total time (in nanoseconds) that children * events have been enabled and running, respectively. */ @@ -63113,10 +61690,10 @@ index 77257c9..51d473a 100644 unsigned int w_counter; struct page *tmp_page; diff --git a/include/linux/pm_runtime.h b/include/linux/pm_runtime.h -index d3085e7..fd01052 100644 +index 609daae..5392427 100644 --- a/include/linux/pm_runtime.h +++ b/include/linux/pm_runtime.h -@@ -95,7 +95,7 @@ static inline bool pm_runtime_callbacks_present(struct device *dev) +@@ -97,7 +97,7 @@ static inline bool pm_runtime_callbacks_present(struct device *dev) static inline void pm_runtime_mark_last_busy(struct device *dev) { @@ -63126,7 +61703,7 @@ index d3085e7..fd01052 100644 #else /* !CONFIG_PM_RUNTIME */ diff --git a/include/linux/poison.h b/include/linux/poison.h -index 79159de..f1233a9 100644 +index 2110a81..13a11bb 100644 --- a/include/linux/poison.h +++ b/include/linux/poison.h @@ -19,8 +19,8 @@ @@ -63154,14 +61731,14 @@ index 58969b2..ead129b 100644 /** * preempt_notifier - key for installing preemption notifiers diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h -index 643b96c..ef55a9c 100644 +index 85c5073..51fac8b 100644 --- a/include/linux/proc_fs.h +++ b/include/linux/proc_fs.h -@@ -155,6 +155,19 @@ static inline struct proc_dir_entry *proc_create(const char *name, mode_t mode, +@@ -155,6 +155,18 @@ static inline struct proc_dir_entry *proc_create(const char *name, umode_t mode, return proc_create_data(name, mode, parent, proc_fops, NULL); } -+static inline struct proc_dir_entry *proc_create_grsec(const char *name, mode_t mode, ++static inline struct proc_dir_entry *proc_create_grsec(const char *name, umode_t mode, + struct proc_dir_entry *parent, const struct file_operations *proc_fops) +{ +#ifdef CONFIG_GRKERNSEC_PROC_USER @@ -63172,12 +61749,11 @@ index 643b96c..ef55a9c 100644 + return proc_create_data(name, mode, parent, proc_fops, NULL); +#endif +} -+ + static inline struct proc_dir_entry *create_proc_read_entry(const char *name, - mode_t mode, struct proc_dir_entry *base, + umode_t mode, struct proc_dir_entry *base, read_proc_t *read_proc, void * data) -@@ -258,7 +271,7 @@ union proc_op { +@@ -258,7 +270,7 @@ union proc_op { int (*proc_show)(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); @@ -63187,24 +61763,22 @@ index 643b96c..ef55a9c 100644 struct ctl_table_header; struct ctl_table; diff --git a/include/linux/ptrace.h b/include/linux/ptrace.h -index 800f113..e9ee2e3 100644 +index c2f1f6a..6fdb196 100644 --- a/include/linux/ptrace.h +++ b/include/linux/ptrace.h -@@ -129,10 +129,12 @@ extern void __ptrace_unlink(struct task_struct *child); - extern void exit_ptrace(struct task_struct *tracer); - #define PTRACE_MODE_READ 1 - #define PTRACE_MODE_ATTACH 2 --/* Returns 0 on success, -errno on denial. */ --extern int __ptrace_may_access(struct task_struct *task, unsigned int mode); - /* Returns true on success, false on denial. */ - extern bool ptrace_may_access(struct task_struct *task, unsigned int mode); -+/* Returns true on success, false on denial. */ -+extern bool ptrace_may_access_log(struct task_struct *task, unsigned int mode); -+/* Returns true on success, false on denial. */ -+extern bool ptrace_may_access_nolock(struct task_struct *task, unsigned int mode); - - static inline int ptrace_reparented(struct task_struct *child) - { +@@ -199,9 +199,10 @@ static inline void ptrace_event(int event, unsigned long message) + if (unlikely(ptrace_event_enabled(current, event))) { + current->ptrace_message = message; + ptrace_notify((event << 8) | SIGTRAP); +- } else if (event == PTRACE_EVENT_EXEC && unlikely(current->ptrace)) { ++ } else if (event == PTRACE_EVENT_EXEC) { + /* legacy EXEC report via SIGTRAP */ +- send_sig(SIGTRAP, current, 0); ++ if ((current->ptrace & (PT_PTRACED|PT_SEIZED)) == PT_PTRACED) ++ send_sig(SIGTRAP, current, 0); + } + } + diff --git a/include/linux/random.h b/include/linux/random.h index 8f74538..02a1012 100644 --- a/include/linux/random.h @@ -63268,7 +61842,7 @@ index e0879a7..a12f962 100644 #endif diff --git a/include/linux/reiserfs_fs.h b/include/linux/reiserfs_fs.h -index 96d465f..b084e05 100644 +index 2213ddc..650212a 100644 --- a/include/linux/reiserfs_fs.h +++ b/include/linux/reiserfs_fs.h @@ -1406,7 +1406,7 @@ static inline loff_t max_reiserfs_offset(struct inode *inode) @@ -63281,7 +61855,7 @@ index 96d465f..b084e05 100644 #define __fs_changed(gen,s) (gen != get_generation (s)) #define fs_changed(gen,s) \ diff --git a/include/linux/reiserfs_fs_sb.h b/include/linux/reiserfs_fs_sb.h -index 52c83b6..18ed7eb 100644 +index 8c9e85c..1698e9a 100644 --- a/include/linux/reiserfs_fs_sb.h +++ b/include/linux/reiserfs_fs_sb.h @@ -386,7 +386,7 @@ struct reiserfs_sb_info { @@ -63294,7 +61868,7 @@ index 52c83b6..18ed7eb 100644 unsigned long s_properties; /* File system properties. Currently holds on-disk FS format */ diff --git a/include/linux/relay.h b/include/linux/relay.h -index 14a86bc..17d0700 100644 +index a822fd7..62b70f6 100644 --- a/include/linux/relay.h +++ b/include/linux/relay.h @@ -159,7 +159,7 @@ struct rchan_callbacks @@ -63332,22 +61906,23 @@ index 4d50611..c6858a2 100644 #define RIO_RESOURCE_MEM 0x00000100 #define RIO_RESOURCE_DOORBELL 0x00000200 diff --git a/include/linux/rmap.h b/include/linux/rmap.h -index 2148b12..519b820 100644 +index 1cdd62a..e399f0d 100644 --- a/include/linux/rmap.h +++ b/include/linux/rmap.h -@@ -119,8 +119,8 @@ static inline void anon_vma_unlock(struct anon_vma *anon_vma) +@@ -119,9 +119,9 @@ static inline void anon_vma_unlock(struct anon_vma *anon_vma) void anon_vma_init(void); /* create anon_vma_cachep */ int anon_vma_prepare(struct vm_area_struct *); void unlink_anon_vmas(struct vm_area_struct *); -int anon_vma_clone(struct vm_area_struct *, struct vm_area_struct *); --int anon_vma_fork(struct vm_area_struct *, struct vm_area_struct *); +int anon_vma_clone(struct vm_area_struct *, const struct vm_area_struct *); + void anon_vma_moveto_tail(struct vm_area_struct *); +-int anon_vma_fork(struct vm_area_struct *, struct vm_area_struct *); +int anon_vma_fork(struct vm_area_struct *, const struct vm_area_struct *); void __anon_vma_link(struct vm_area_struct *); static inline void anon_vma_merge(struct vm_area_struct *vma, diff --git a/include/linux/sched.h b/include/linux/sched.h -index 1c4f3e9..342eb1f 100644 +index 0657368..765f70f 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -101,6 +101,7 @@ struct bio_list; @@ -63358,7 +61933,7 @@ index 1c4f3e9..342eb1f 100644 /* * List of flags we want to share for kernel threads, -@@ -380,10 +381,13 @@ struct user_namespace; +@@ -382,10 +383,13 @@ struct user_namespace; #define DEFAULT_MAX_MAP_COUNT (USHRT_MAX - MAPCOUNT_ELF_CORE_MARGIN) extern int sysctl_max_map_count; @@ -63372,7 +61947,7 @@ index 1c4f3e9..342eb1f 100644 extern void arch_pick_mmap_layout(struct mm_struct *mm); extern unsigned long arch_get_unmapped_area(struct file *, unsigned long, unsigned long, -@@ -629,6 +633,17 @@ struct signal_struct { +@@ -631,6 +635,17 @@ struct signal_struct { #ifdef CONFIG_TASKSTATS struct taskstats *stats; #endif @@ -63390,7 +61965,7 @@ index 1c4f3e9..342eb1f 100644 #ifdef CONFIG_AUDIT unsigned audit_tty; struct tty_audit_buf *tty_audit_buf; -@@ -710,6 +725,11 @@ struct user_struct { +@@ -714,6 +729,11 @@ struct user_struct { struct key *session_keyring; /* UID's default session keyring */ #endif @@ -63402,7 +61977,7 @@ index 1c4f3e9..342eb1f 100644 /* Hash table maintenance information */ struct hlist_node uidhash_node; uid_t uid; -@@ -1337,8 +1357,8 @@ struct task_struct { +@@ -1354,8 +1374,8 @@ struct task_struct { struct list_head thread_group; struct completion *vfork_done; /* for vfork() */ @@ -63413,7 +61988,7 @@ index 1c4f3e9..342eb1f 100644 cputime_t utime, stime, utimescaled, stimescaled; cputime_t gtime; -@@ -1354,13 +1374,6 @@ struct task_struct { +@@ -1371,13 +1391,6 @@ struct task_struct { struct task_cputime cputime_expires; struct list_head cpu_timers[3]; @@ -63427,7 +62002,7 @@ index 1c4f3e9..342eb1f 100644 char comm[TASK_COMM_LEN]; /* executable name excluding path - access with [gs]et_task_comm (which lock it with task_lock()) -@@ -1377,8 +1390,16 @@ struct task_struct { +@@ -1394,8 +1407,16 @@ struct task_struct { #endif /* CPU-specific state of this task */ struct thread_struct thread; @@ -63444,7 +62019,7 @@ index 1c4f3e9..342eb1f 100644 /* open file information */ struct files_struct *files; /* namespaces */ -@@ -1425,6 +1446,11 @@ struct task_struct { +@@ -1442,6 +1463,11 @@ struct task_struct { struct rt_mutex_waiter *pi_blocked_on; #endif @@ -63456,7 +62031,7 @@ index 1c4f3e9..342eb1f 100644 #ifdef CONFIG_DEBUG_MUTEXES /* mutex deadlock detection */ struct mutex_waiter *blocked_on; -@@ -1540,6 +1566,27 @@ struct task_struct { +@@ -1558,6 +1584,27 @@ struct task_struct { unsigned long default_timer_slack_ns; struct list_head *scm_work_list; @@ -63484,7 +62059,7 @@ index 1c4f3e9..342eb1f 100644 #ifdef CONFIG_FUNCTION_GRAPH_TRACER /* Index of current stored address in ret_stack */ int curr_ret_stack; -@@ -1574,6 +1621,51 @@ struct task_struct { +@@ -1592,6 +1639,51 @@ struct task_struct { #endif }; @@ -63536,7 +62111,7 @@ index 1c4f3e9..342eb1f 100644 /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) -@@ -2081,7 +2173,9 @@ void yield(void); +@@ -2104,7 +2196,9 @@ void yield(void); extern struct exec_domain default_exec_domain; union thread_union { @@ -63546,7 +62121,7 @@ index 1c4f3e9..342eb1f 100644 unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -2114,6 +2208,7 @@ extern struct pid_namespace init_pid_ns; +@@ -2137,6 +2231,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -63554,29 +62129,16 @@ index 1c4f3e9..342eb1f 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2235,6 +2330,12 @@ static inline void mmdrop(struct mm_struct * mm) - extern void mmput(struct mm_struct *); - /* Grab a reference to a task's mm, if it is not already going away */ - extern struct mm_struct *get_task_mm(struct task_struct *task); -+/* -+ * Grab a reference to a task's mm, if it is not already going away -+ * and ptrace_may_access with the mode parameter passed to it -+ * succeeds. -+ */ -+extern struct mm_struct *mm_access(struct task_struct *task, unsigned int mode); - /* Remove the current tasks stale references to the old mm_struct */ - extern void mm_release(struct task_struct *, struct mm_struct *); - /* Allocate a new mm structure and copy contents from tsk->mm */ -@@ -2251,7 +2352,7 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2280,7 +2375,7 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); --extern NORET_TYPE void do_group_exit(int); +-extern void do_group_exit(int); +extern __noreturn void do_group_exit(int); extern void daemonize(const char *, ...); extern int allow_signal(int); -@@ -2416,13 +2517,17 @@ static inline unsigned long *end_of_stack(struct task_struct *p) +@@ -2478,13 +2573,17 @@ static inline unsigned long *end_of_stack(struct task_struct *p) #endif @@ -63611,7 +62173,7 @@ index 899fbb4..1cb4138 100644 #define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */ diff --git a/include/linux/security.h b/include/linux/security.h -index e8c619d..e0cbd1c 100644 +index 83c18e8..2d98860 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -37,6 +37,7 @@ @@ -63623,7 +62185,7 @@ index e8c619d..e0cbd1c 100644 /* Maximum number of letters for an LSM name string */ diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h -index 0b69a46..b2ffa4c 100644 +index 44f1514..2bbf6c1 100644 --- a/include/linux/seq_file.h +++ b/include/linux/seq_file.h @@ -24,6 +24,9 @@ struct seq_file { @@ -63660,10 +62222,10 @@ index 92808b8..c28cac4 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 6cf8b53..bcce844 100644 +index ae86ade..2b51468 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -642,7 +642,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb) +@@ -654,7 +654,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb) */ static inline int skb_queue_empty(const struct sk_buff_head *list) { @@ -63672,7 +62234,7 @@ index 6cf8b53..bcce844 100644 } /** -@@ -655,7 +655,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list) +@@ -667,7 +667,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list) static inline bool skb_queue_is_last(const struct sk_buff_head *list, const struct sk_buff *skb) { @@ -63681,7 +62243,7 @@ index 6cf8b53..bcce844 100644 } /** -@@ -668,7 +668,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list, +@@ -680,7 +680,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list, static inline bool skb_queue_is_first(const struct sk_buff_head *list, const struct sk_buff *skb) { @@ -63690,7 +62252,7 @@ index 6cf8b53..bcce844 100644 } /** -@@ -1533,7 +1533,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) +@@ -1545,7 +1545,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) */ #ifndef NET_SKB_PAD @@ -63700,7 +62262,7 @@ index 6cf8b53..bcce844 100644 extern int ___pskb_trim(struct sk_buff *skb, unsigned int len); diff --git a/include/linux/slab.h b/include/linux/slab.h -index 573c809..07e1f43 100644 +index 573c809..e84c132 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -11,12 +11,20 @@ @@ -63741,14 +62303,7 @@ index 573c809..07e1f43 100644 /* * struct kmem_cache related prototypes -@@ -156,11 +167,12 @@ unsigned int kmem_cache_size(struct kmem_cache *); - /* - * Common kmalloc functions provided by all allocators - */ --void * __must_check __krealloc(const void *, size_t, gfp_t); --void * __must_check krealloc(const void *, size_t, gfp_t); -+void * __must_check __krealloc(const void *, size_t, gfp_t) __size_overflow(2); -+void * __must_check krealloc(const void *, size_t, gfp_t) __size_overflow(2); +@@ -161,6 +172,7 @@ void * __must_check krealloc(const void *, size_t, gfp_t); void kfree(const void *); void kzfree(const void *); size_t ksize(const void *); @@ -63756,29 +62311,71 @@ index 573c809..07e1f43 100644 /* * Allocator specific definitions. These are mainly used to establish optimized -@@ -287,7 +299,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, - */ - #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ - (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) --extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); -+extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long) __size_overflow(1); - #define kmalloc_track_caller(size, flags) \ - __kmalloc_track_caller(size, flags, _RET_IP_) - #else -@@ -306,7 +318,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); - */ - #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ - (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) --extern void *__kmalloc_node_track_caller(size_t, gfp_t, int, unsigned long); -+extern void *__kmalloc_node_track_caller(size_t, gfp_t, int, unsigned long) __size_overflow(1); - #define kmalloc_node_track_caller(size, flags, node) \ - __kmalloc_node_track_caller(size, flags, node, \ - _RET_IP_) +@@ -353,4 +365,59 @@ static inline void *kzalloc_node(size_t size, gfp_t flags, int node) + + void __init kmem_cache_init_late(void); + ++#define kmalloc(x, y) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x = (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "kmalloc size overflow\n")) \ ++ ___retval = NULL; \ ++ else \ ++ ___retval = kmalloc((size_t)___x, (y)); \ ++ ___retval; \ ++}) ++ ++#define kmalloc_node(x, y, z) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x = (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "kmalloc_node size overflow\n"))\ ++ ___retval = NULL; \ ++ else \ ++ ___retval = kmalloc_node((size_t)___x, (y), (z));\ ++ ___retval; \ ++}) ++ ++#define kzalloc(x, y) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x = (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "kzalloc size overflow\n")) \ ++ ___retval = NULL; \ ++ else \ ++ ___retval = kzalloc((size_t)___x, (y)); \ ++ ___retval; \ ++}) ++ ++#define __krealloc(x, y, z) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___y = (intoverflow_t)y; \ ++ if (WARN(___y > ULONG_MAX, "__krealloc size overflow\n"))\ ++ ___retval = NULL; \ ++ else \ ++ ___retval = __krealloc((x), (size_t)___y, (z)); \ ++ ___retval; \ ++}) ++ ++#define krealloc(x, y, z) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___y = (intoverflow_t)y; \ ++ if (WARN(___y > ULONG_MAX, "krealloc size overflow\n")) \ ++ ___retval = NULL; \ ++ else \ ++ ___retval = krealloc((x), (size_t)___y, (z)); \ ++ ___retval; \ ++}) ++ + #endif /* _LINUX_SLAB_H */ diff --git a/include/linux/slab_def.h b/include/linux/slab_def.h -index d00e0ba..d61fb1f 100644 +index fbd1117..1e5e46c 100644 --- a/include/linux/slab_def.h +++ b/include/linux/slab_def.h -@@ -68,10 +68,10 @@ struct kmem_cache { +@@ -66,10 +66,10 @@ struct kmem_cache { unsigned long node_allocs; unsigned long node_frees; unsigned long node_overflow; @@ -63793,71 +62390,8 @@ index d00e0ba..d61fb1f 100644 /* * If debugging is enabled, then the allocator can add additional -@@ -109,7 +109,7 @@ struct cache_sizes { - extern struct cache_sizes malloc_sizes[]; - - void *kmem_cache_alloc(struct kmem_cache *, gfp_t); --void *__kmalloc(size_t size, gfp_t flags); -+void *__kmalloc(size_t size, gfp_t flags) __size_overflow(1); - - #ifdef CONFIG_TRACING - extern void *kmem_cache_alloc_trace(size_t size, -@@ -127,6 +127,7 @@ static inline size_t slab_buffer_size(struct kmem_cache *cachep) - } - #endif - -+static __always_inline void *kmalloc(size_t size, gfp_t flags) __size_overflow(1); - static __always_inline void *kmalloc(size_t size, gfp_t flags) - { - struct kmem_cache *cachep; -@@ -162,7 +163,7 @@ found: - } - - #ifdef CONFIG_NUMA --extern void *__kmalloc_node(size_t size, gfp_t flags, int node); -+extern void *__kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1); - extern void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node); - - #ifdef CONFIG_TRACING -@@ -181,6 +182,7 @@ kmem_cache_alloc_node_trace(size_t size, - } - #endif - -+static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1); - static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) - { - struct kmem_cache *cachep; -diff --git a/include/linux/slob_def.h b/include/linux/slob_def.h -index 0ec00b3..65e7e0e 100644 ---- a/include/linux/slob_def.h -+++ b/include/linux/slob_def.h -@@ -9,8 +9,9 @@ static __always_inline void *kmem_cache_alloc(struct kmem_cache *cachep, - return kmem_cache_alloc_node(cachep, flags, -1); - } - --void *__kmalloc_node(size_t size, gfp_t flags, int node); -+void *__kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1); - -+static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1); - static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) - { - return __kmalloc_node(size, flags, node); -@@ -24,11 +25,13 @@ static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) - * kmalloc is the normal method of allocating memory - * in the kernel. - */ -+static __always_inline void *kmalloc(size_t size, gfp_t flags) __size_overflow(1); - static __always_inline void *kmalloc(size_t size, gfp_t flags) - { - return __kmalloc_node(size, flags, -1); - } - -+static __always_inline void *__kmalloc(size_t size, gfp_t flags) __size_overflow(1); - static __always_inline void *__kmalloc(size_t size, gfp_t flags) - { - return kmalloc(size, flags); diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h -index a32bcfd..d26bd6e 100644 +index a32bcfd..53b71f4 100644 --- a/include/linux/slub_def.h +++ b/include/linux/slub_def.h @@ -89,7 +89,7 @@ struct kmem_cache { @@ -63869,59 +62403,15 @@ index a32bcfd..d26bd6e 100644 void (*ctor)(void *); int inuse; /* Offset to metadata */ int align; /* Alignment */ -@@ -204,6 +204,7 @@ static __always_inline int kmalloc_index(size_t size) - * This ought to end up with a global pointer to the right cache - * in kmalloc_caches. - */ -+static __always_inline struct kmem_cache *kmalloc_slab(size_t size) __size_overflow(1); - static __always_inline struct kmem_cache *kmalloc_slab(size_t size) - { - int index = kmalloc_index(size); -@@ -215,9 +216,11 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size) +@@ -215,7 +215,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size) } void *kmem_cache_alloc(struct kmem_cache *, gfp_t); -void *__kmalloc(size_t size, gfp_t flags); -+void *__kmalloc(size_t size, gfp_t flags) __alloc_size(1) __size_overflow(1); ++void *__kmalloc(size_t size, gfp_t flags) __alloc_size(1); static __always_inline void * -+kmalloc_order(size_t size, gfp_t flags, unsigned int order) __size_overflow(1); -+static __always_inline void * kmalloc_order(size_t size, gfp_t flags, unsigned int order) - { - void *ret = (void *) __get_free_pages(flags | __GFP_COMP, order); -@@ -256,12 +259,14 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) - } - #endif - -+static __always_inline void *kmalloc_large(size_t size, gfp_t flags) __size_overflow(1); - static __always_inline void *kmalloc_large(size_t size, gfp_t flags) - { - unsigned int order = get_order(size); - return kmalloc_order_trace(size, flags, order); - } - -+static __always_inline void *kmalloc(size_t size, gfp_t flags) __size_overflow(1); - static __always_inline void *kmalloc(size_t size, gfp_t flags) - { - if (__builtin_constant_p(size)) { -@@ -281,7 +286,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) - } - - #ifdef CONFIG_NUMA --void *__kmalloc_node(size_t size, gfp_t flags, int node); -+void *__kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1); - void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node); - - #ifdef CONFIG_TRACING -@@ -298,6 +303,7 @@ kmem_cache_alloc_node_trace(struct kmem_cache *s, - } - #endif - -+static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) __size_overflow(1); - static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) - { - if (__builtin_constant_p(size) && diff --git a/include/linux/sonet.h b/include/linux/sonet.h index de8832d..0147b46 100644 --- a/include/linux/sonet.h @@ -63936,7 +62426,7 @@ index de8832d..0147b46 100644 #undef __HANDLE_ITEM }; diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h -index 3d8f9c4..69f1c0a 100644 +index 2c5993a..b0e79f0 100644 --- a/include/linux/sunrpc/clnt.h +++ b/include/linux/sunrpc/clnt.h @@ -172,9 +172,9 @@ static inline unsigned short rpc_get_port(const struct sockaddr *sap) @@ -64011,7 +62501,7 @@ index c14fe86..393245e 100644 #define RPCRDMA_VERSION 1 diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h -index 703cfa33..0b8ca72ac 100644 +index bb9127d..34ab358 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h @@ -155,7 +155,11 @@ enum @@ -64088,10 +62578,10 @@ index ff7dc08..893e1bd 100644 struct tty_ldisc { diff --git a/include/linux/types.h b/include/linux/types.h -index 57a9723..dbe234a 100644 +index e5fa503..df6e8a4 100644 --- a/include/linux/types.h +++ b/include/linux/types.h -@@ -213,10 +213,26 @@ typedef struct { +@@ -214,10 +214,26 @@ typedef struct { int counter; } atomic_t; @@ -64119,7 +62609,7 @@ index 57a9723..dbe234a 100644 struct list_head { diff --git a/include/linux/uaccess.h b/include/linux/uaccess.h -index 5ca0951..53a2fff 100644 +index 5ca0951..ab496a5 100644 --- a/include/linux/uaccess.h +++ b/include/linux/uaccess.h @@ -76,11 +76,11 @@ static inline unsigned long __copy_from_user_nocache(void *to, @@ -64137,15 +62627,6 @@ index 5ca0951..53a2fff 100644 ret; \ }) -@@ -105,7 +105,7 @@ extern long __probe_kernel_read(void *dst, const void *src, size_t size); - * Safely write to address @dst from the buffer at @src. If a kernel fault - * happens, handle that and return -EFAULT. - */ --extern long notrace probe_kernel_write(void *dst, const void *src, size_t size); -+extern long notrace probe_kernel_write(void *dst, const void *src, size_t size) __size_overflow(3); - extern long notrace __probe_kernel_write(void *dst, const void *src, size_t size); - - #endif /* __LINUX_UACCESS_H__ */ diff --git a/include/linux/unaligned/access_ok.h b/include/linux/unaligned/access_ok.h index 99c1b4d..bb94261 100644 --- a/include/linux/unaligned/access_ok.h @@ -64190,7 +62671,7 @@ index 99c1b4d..bb94261 100644 static inline void put_unaligned_le16(u16 val, void *p) diff --git a/include/linux/usb/renesas_usbhs.h b/include/linux/usb/renesas_usbhs.h -index e5a40c3..20ab0f6 100644 +index 0d3f988..000f101 100644 --- a/include/linux/usb/renesas_usbhs.h +++ b/include/linux/usb/renesas_usbhs.h @@ -39,7 +39,7 @@ enum { @@ -64202,7 +62683,7 @@ index e5a40c3..20ab0f6 100644 /* * callback functions for platform -@@ -89,7 +89,7 @@ struct renesas_usbhs_platform_callback { +@@ -97,7 +97,7 @@ struct renesas_usbhs_platform_callback { * VBUS control is needed for Host */ int (*set_vbus)(struct platform_device *pdev, int enable); @@ -64253,7 +62734,7 @@ index 6f8fbcf..8259001 100644 + MODULE_GRSEC diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h -index 4bde182..c42a656 100644 +index dcdfc2b..f937197 100644 --- a/include/linux/vmalloc.h +++ b/include/linux/vmalloc.h @@ -14,6 +14,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */ @@ -64268,46 +62749,110 @@ index 4bde182..c42a656 100644 /* bits [20..32] reserved for arch specific ioremap internals */ /* -@@ -51,18 +56,18 @@ static inline void vmalloc_init(void) - } +@@ -157,4 +162,103 @@ pcpu_free_vm_areas(struct vm_struct **vms, int nr_vms) + # endif #endif --extern void *vmalloc(unsigned long size); --extern void *vzalloc(unsigned long size); --extern void *vmalloc_user(unsigned long size); --extern void *vmalloc_node(unsigned long size, int node); --extern void *vzalloc_node(unsigned long size, int node); --extern void *vmalloc_exec(unsigned long size); --extern void *vmalloc_32(unsigned long size); --extern void *vmalloc_32_user(unsigned long size); --extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot); -+extern void *vmalloc(unsigned long size) __size_overflow(1); -+extern void *vzalloc(unsigned long size) __size_overflow(1); -+extern void *vmalloc_user(unsigned long size) __size_overflow(1); -+extern void *vmalloc_node(unsigned long size, int node) __size_overflow(1); -+extern void *vzalloc_node(unsigned long size, int node) __size_overflow(1); -+extern void *vmalloc_exec(unsigned long size) __size_overflow(1); -+extern void *vmalloc_32(unsigned long size) __size_overflow(1); -+extern void *vmalloc_32_user(unsigned long size) __size_overflow(1); -+extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) __size_overflow(1); - extern void *__vmalloc_node_range(unsigned long size, unsigned long align, - unsigned long start, unsigned long end, gfp_t gfp_mask, -- pgprot_t prot, int node, void *caller); -+ pgprot_t prot, int node, void *caller) __size_overflow(1); - extern void vfree(const void *addr); - - extern void *vmap(struct page **pages, unsigned int count, -@@ -123,8 +128,8 @@ extern struct vm_struct *alloc_vm_area(size_t size, pte_t **ptes); - extern void free_vm_area(struct vm_struct *area); - - /* for /dev/kmem */ --extern long vread(char *buf, char *addr, unsigned long count); --extern long vwrite(char *buf, char *addr, unsigned long count); -+extern long vread(char *buf, char *addr, unsigned long count) __size_overflow(3); -+extern long vwrite(char *buf, char *addr, unsigned long count) __size_overflow(3); - - /* - * Internals. Dont't use.. ++#define vmalloc(x) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x = (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "vmalloc size overflow\n")) \ ++ ___retval = NULL; \ ++ else \ ++ ___retval = vmalloc((unsigned long)___x); \ ++ ___retval; \ ++}) ++ ++#define vzalloc(x) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x = (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "vzalloc size overflow\n")) \ ++ ___retval = NULL; \ ++ else \ ++ ___retval = vzalloc((unsigned long)___x); \ ++ ___retval; \ ++}) ++ ++#define __vmalloc(x, y, z) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x = (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "__vmalloc size overflow\n"))\ ++ ___retval = NULL; \ ++ else \ ++ ___retval = __vmalloc((unsigned long)___x, (y), (z));\ ++ ___retval; \ ++}) ++ ++#define vmalloc_user(x) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x = (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "vmalloc_user size overflow\n"))\ ++ ___retval = NULL; \ ++ else \ ++ ___retval = vmalloc_user((unsigned long)___x); \ ++ ___retval; \ ++}) ++ ++#define vmalloc_exec(x) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x = (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "vmalloc_exec size overflow\n"))\ ++ ___retval = NULL; \ ++ else \ ++ ___retval = vmalloc_exec((unsigned long)___x); \ ++ ___retval; \ ++}) ++ ++#define vmalloc_node(x, y) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x = (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "vmalloc_node size overflow\n"))\ ++ ___retval = NULL; \ ++ else \ ++ ___retval = vmalloc_node((unsigned long)___x, (y));\ ++ ___retval; \ ++}) ++ ++#define vzalloc_node(x, y) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x = (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "vzalloc_node size overflow\n"))\ ++ ___retval = NULL; \ ++ else \ ++ ___retval = vzalloc_node((unsigned long)___x, (y));\ ++ ___retval; \ ++}) ++ ++#define vmalloc_32(x) \ ++({ \ ++ void *___retval; \ ++ intoverflow_t ___x = (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "vmalloc_32 size overflow\n"))\ ++ ___retval = NULL; \ ++ else \ ++ ___retval = vmalloc_32((unsigned long)___x); \ ++ ___retval; \ ++}) ++ ++#define vmalloc_32_user(x) \ ++({ \ ++void *___retval; \ ++ intoverflow_t ___x = (intoverflow_t)x; \ ++ if (WARN(___x > ULONG_MAX, "vmalloc_32_user size overflow\n"))\ ++ ___retval = NULL; \ ++ else \ ++ ___retval = vmalloc_32_user((unsigned long)___x);\ ++ ___retval; \ ++}) ++ + #endif /* _LINUX_VMALLOC_H */ diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h index 65efb92..137adbb 100644 --- a/include/linux/vmstat.h @@ -64426,10 +62971,10 @@ index c7c40f1..4f01585 100644 /* * Newer version of video_device, handled by videodev2.c diff --git a/include/media/v4l2-ioctl.h b/include/media/v4l2-ioctl.h -index 4d1c74a..65e1221 100644 +index 3f5d60f..44210ed 100644 --- a/include/media/v4l2-ioctl.h +++ b/include/media/v4l2-ioctl.h -@@ -274,7 +274,7 @@ struct v4l2_ioctl_ops { +@@ -278,7 +278,7 @@ struct v4l2_ioctl_ops { long (*vidioc_default) (struct file *file, void *fh, bool valid_prio, int cmd, void *arg); }; @@ -64476,10 +63021,10 @@ index 9e5425b..8136ffc 100644 /* Protects from simultaneous access to first_req list */ spinlock_t info_list_lock; diff --git a/include/net/flow.h b/include/net/flow.h -index 2a7eefd..3250f3b 100644 +index 6c469db..7743b8e 100644 --- a/include/net/flow.h +++ b/include/net/flow.h -@@ -218,6 +218,6 @@ extern struct flow_cache_object *flow_cache_lookup( +@@ -221,6 +221,6 @@ extern struct flow_cache_object *flow_cache_lookup( extern void flow_cache_flush(void); extern void flow_cache_flush_deferred(void); @@ -64488,7 +63033,7 @@ index 2a7eefd..3250f3b 100644 #endif diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h -index e9ff3fc..9d3e5c7 100644 +index b94765e..053f68b 100644 --- a/include/net/inetpeer.h +++ b/include/net/inetpeer.h @@ -48,8 +48,8 @@ struct inet_peer { @@ -64502,7 +63047,7 @@ index e9ff3fc..9d3e5c7 100644 __u32 tcp_ts; __u32 tcp_ts_stamp; }; -@@ -113,11 +113,11 @@ static inline int inet_getid(struct inet_peer *p, int more) +@@ -115,11 +115,11 @@ static inline int inet_getid(struct inet_peer *p, int more) more++; inet_peer_refcheck(p); do { @@ -64530,7 +63075,7 @@ index 10422ef..662570f 100644 fib_info_update_nh_saddr((net), &FIB_RES_NH(res))) #define FIB_RES_GW(res) (FIB_RES_NH(res).nh_gw) diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h -index e5a7b9a..f4fc44b 100644 +index ebe517f..1bd286b 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -509,7 +509,7 @@ struct ip_vs_conn { @@ -64588,10 +63133,10 @@ index 59ba38bc..d515662 100644 /* Protect concurent access to : * o self->open_count diff --git a/include/net/iucv/af_iucv.h b/include/net/iucv/af_iucv.h -index f2419cf..473679f 100644 +index 0954ec9..7413562 100644 --- a/include/net/iucv/af_iucv.h +++ b/include/net/iucv/af_iucv.h -@@ -139,7 +139,7 @@ struct iucv_sock { +@@ -138,7 +138,7 @@ struct iucv_sock { struct iucv_sock_list { struct hlist_head head; rwlock_t lock; @@ -64601,10 +63146,10 @@ index f2419cf..473679f 100644 unsigned int iucv_sock_poll(struct file *file, struct socket *sock, diff --git a/include/net/neighbour.h b/include/net/neighbour.h -index 2720884..3aa5c25 100644 +index 34c996f..bb3b4d4 100644 --- a/include/net/neighbour.h +++ b/include/net/neighbour.h -@@ -122,7 +122,7 @@ struct neigh_ops { +@@ -123,7 +123,7 @@ struct neigh_ops { void (*error_report)(struct neighbour *, struct sk_buff *); int (*output)(struct neighbour *, struct sk_buff *); int (*connected_output)(struct neighbour *, struct sk_buff *); @@ -64627,12 +63172,12 @@ index cb1f350..3279d2c 100644 /** diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h -index d786b4f..4c3dd41 100644 +index bbd023a..97c6d0d 100644 --- a/include/net/netns/ipv4.h +++ b/include/net/netns/ipv4.h -@@ -56,8 +56,8 @@ struct netns_ipv4 { - +@@ -57,8 +57,8 @@ struct netns_ipv4 { unsigned int sysctl_ping_group_range[2]; + long sysctl_tcp_mem[3]; - atomic_t rt_genid; - atomic_t dev_addr_genid; @@ -64642,7 +63187,7 @@ index d786b4f..4c3dd41 100644 #ifdef CONFIG_IP_MROUTE #ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h -index 6a72a58..e6a127d 100644 +index d368561..96aaa17 100644 --- a/include/net/sctp/sctp.h +++ b/include/net/sctp/sctp.h @@ -318,9 +318,9 @@ do { \ @@ -64659,10 +63204,10 @@ index 6a72a58..e6a127d 100644 #define SCTP_DISABLE_DEBUG #define SCTP_ASSERT(expr, str, func) diff --git a/include/net/sock.h b/include/net/sock.h -index 32e3937..87a1dbc 100644 +index 91c1c8b..15ae923 100644 --- a/include/net/sock.h +++ b/include/net/sock.h -@@ -277,7 +277,7 @@ struct sock { +@@ -299,7 +299,7 @@ struct sock { #ifdef CONFIG_RPS __u32 sk_rxhash; #endif @@ -64671,7 +63216,7 @@ index 32e3937..87a1dbc 100644 int sk_rcvbuf; struct sk_filter __rcu *sk_filter; -@@ -1402,7 +1402,7 @@ static inline void sk_nocaps_add(struct sock *sk, int flags) +@@ -1660,7 +1660,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) } static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb, @@ -64681,10 +63226,10 @@ index 32e3937..87a1dbc 100644 { if (skb->ip_summed == CHECKSUM_NONE) { diff --git a/include/net/tcp.h b/include/net/tcp.h -index bb18c4d..bb87972 100644 +index 2d80c29..aa07caf 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h -@@ -1409,7 +1409,7 @@ struct tcp_seq_afinfo { +@@ -1426,7 +1426,7 @@ struct tcp_seq_afinfo { char *name; sa_family_t family; const struct file_operations *seq_fops; @@ -64694,10 +63239,10 @@ index bb18c4d..bb87972 100644 struct tcp_iter_state { diff --git a/include/net/udp.h b/include/net/udp.h -index 3b285f4..0219639 100644 +index e39592f..fef9680 100644 --- a/include/net/udp.h +++ b/include/net/udp.h -@@ -237,7 +237,7 @@ struct udp_seq_afinfo { +@@ -243,7 +243,7 @@ struct udp_seq_afinfo { sa_family_t family; struct udp_table *udp_table; const struct file_operations *seq_fops; @@ -64707,7 +63252,7 @@ index 3b285f4..0219639 100644 struct udp_iter_state { diff --git a/include/net/xfrm.h b/include/net/xfrm.h -index b203e14..1df3991 100644 +index 89174e2..1f82598 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -505,7 +505,7 @@ struct xfrm_policy { @@ -64733,7 +63278,7 @@ index 1a046b1..ee0bef0 100644 /** * iw_create_cm_id - Create an IW CM identifier. diff --git a/include/scsi/libfc.h b/include/scsi/libfc.h -index 5d1a758..1dbf795 100644 +index 6a3922f..0b73022 100644 --- a/include/scsi/libfc.h +++ b/include/scsi/libfc.h @@ -748,6 +748,7 @@ struct libfc_function_template { @@ -64754,7 +63299,7 @@ index 5d1a758..1dbf795 100644 u8 qfull; enum fc_lport_state state; diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h -index 5591ed5..13eb457 100644 +index 77273f2..dd4031f 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h @@ -161,9 +161,9 @@ struct scsi_device { @@ -64810,7 +63355,7 @@ index 8c05e47..2b5df97 100644 struct snd_hwdep { struct snd_card *card; diff --git a/include/sound/info.h b/include/sound/info.h -index 5492cc4..1a65278 100644 +index 9ca1a49..aba1728 100644 --- a/include/sound/info.h +++ b/include/sound/info.h @@ -44,7 +44,7 @@ struct snd_info_entry_text { @@ -64848,10 +63393,10 @@ index af1b49e..a5d55a5 100644 /* * CSP private data diff --git a/include/sound/soc.h b/include/sound/soc.h -index 11cfb59..e3f93f4 100644 +index 0992dff..bb366fe 100644 --- a/include/sound/soc.h +++ b/include/sound/soc.h -@@ -683,7 +683,7 @@ struct snd_soc_platform_driver { +@@ -682,7 +682,7 @@ struct snd_soc_platform_driver { /* platform IO - used for platform DAPM */ unsigned int (*read)(struct snd_soc_platform *, unsigned int); int (*write)(struct snd_soc_platform *, unsigned int, unsigned int); @@ -64860,6 +63405,15 @@ index 11cfb59..e3f93f4 100644 struct snd_soc_platform { const char *name; +@@ -852,7 +852,7 @@ struct snd_soc_pcm_runtime { + struct snd_soc_dai_link *dai_link; + struct mutex pcm_mutex; + enum snd_soc_pcm_subclass pcm_subclass; +- struct snd_pcm_ops ops; ++ snd_pcm_ops_no_const ops; + + unsigned int complete:1; + unsigned int dev_registered:1; diff --git a/include/sound/ymfpci.h b/include/sound/ymfpci.h index 444cd6b..3327cc5 100644 --- a/include/sound/ymfpci.h @@ -64874,10 +63428,10 @@ index 444cd6b..3327cc5 100644 const struct firmware *dsp_microcode; const struct firmware *controller_microcode; diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h -index 94bbec3..3a8c6b0 100644 +index dc4e345..6bf6080 100644 --- a/include/target/target_core_base.h +++ b/include/target/target_core_base.h -@@ -346,7 +346,7 @@ struct t10_reservation_ops { +@@ -443,7 +443,7 @@ struct t10_reservation_ops { int (*t10_seq_non_holder)(struct se_cmd *, unsigned char *, u32); int (*t10_pr_register)(struct se_cmd *); int (*t10_pr_clear)(struct se_cmd *); @@ -64886,7 +63440,7 @@ index 94bbec3..3a8c6b0 100644 struct t10_reservation { /* Reservation effects all target ports */ -@@ -465,8 +465,8 @@ struct se_cmd { +@@ -561,8 +561,8 @@ struct se_cmd { atomic_t t_se_count; atomic_t t_task_cdbs_left; atomic_t t_task_cdbs_ex_left; @@ -64897,10 +63451,10 @@ index 94bbec3..3a8c6b0 100644 atomic_t t_transport_active; atomic_t t_transport_complete; atomic_t t_transport_queue_active; -@@ -705,7 +705,7 @@ struct se_device { +@@ -799,7 +799,7 @@ struct se_device { + spinlock_t stats_lock; /* Active commands on this virtual SE device */ atomic_t simple_cmds; - atomic_t depth_left; - atomic_t dev_ordered_id; + atomic_unchecked_t dev_ordered_id; atomic_t execute_tasks; @@ -64960,10 +63514,18 @@ index 0993a22..32ba2fe 100644 void *pmi_pal; u8 *vbe_state_orig; /* diff --git a/init/Kconfig b/init/Kconfig -index 43298f9..2f56c12 100644 +index 3f42cd6..613f41d 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1214,7 +1214,7 @@ config SLUB_DEBUG +@@ -799,6 +799,7 @@ endif # CGROUPS + + config CHECKPOINT_RESTORE + bool "Checkpoint/restore support" if EXPERT ++ depends on !GRKERNSEC + default n + help + Enables additional kernel features in a sake of checkpoint/restore. +@@ -1249,7 +1250,7 @@ config SLUB_DEBUG config COMPAT_BRK bool "Disable heap randomization" @@ -64973,24 +63535,24 @@ index 43298f9..2f56c12 100644 Randomizing heap placement makes heap exploits harder, but it also breaks ancient binaries (including anything libc5 based). diff --git a/init/do_mounts.c b/init/do_mounts.c -index db6e5ee..7677ff7 100644 +index 2974c8b..0b863ae 100644 --- a/init/do_mounts.c +++ b/init/do_mounts.c -@@ -325,11 +325,11 @@ static void __init get_fs_names(char *page) - +@@ -326,11 +326,11 @@ static void __init get_fs_names(char *page) static int __init do_mount_root(char *name, char *fs, int flags, void *data) { + struct super_block *s; - int err = sys_mount(name, "/root", fs, flags, data); + int err = sys_mount((char __force_user *)name, (char __force_user *)"/root", (char __force_user *)fs, flags, (void __force_user *)data); if (err) return err; - sys_chdir((const char __user __force *)"/root"); -+ sys_chdir((const char __force_user*)"/root"); - ROOT_DEV = current->fs->pwd.mnt->mnt_sb->s_dev; ++ sys_chdir((const char __force_user *)"/root"); + s = current->fs->pwd.dentry->d_sb; + ROOT_DEV = s->s_dev; printk(KERN_INFO - "VFS: Mounted root (%s filesystem)%s on device %u:%u.\n", -@@ -448,18 +448,18 @@ void __init change_floppy(char *fmt, ...) +@@ -450,18 +450,18 @@ void __init change_floppy(char *fmt, ...) va_start(args, fmt); vsprintf(buf, fmt, args); va_end(args); @@ -65012,7 +63574,7 @@ index db6e5ee..7677ff7 100644 termios.c_lflag |= ICANON; sys_ioctl(fd, TCSETSF, (long)&termios); sys_close(fd); -@@ -553,6 +553,6 @@ void __init prepare_namespace(void) +@@ -555,6 +555,6 @@ void __init prepare_namespace(void) mount_root(); out: devtmpfs_mount("dev"); @@ -65163,7 +63725,7 @@ index 32c4799..c27ee74 100644 sys_ioctl(fd, RAID_AUTORUN, raid_autopart); sys_close(fd); diff --git a/init/initramfs.c b/init/initramfs.c -index 2531811..040d4d4 100644 +index 8216c30..25e8e32 100644 --- a/init/initramfs.c +++ b/init/initramfs.c @@ -74,7 +74,7 @@ static void __init free_hash(void) @@ -65193,7 +63755,7 @@ index 2531811..040d4d4 100644 } return 0; } -@@ -280,11 +280,11 @@ static void __init clean_path(char *path, mode_t mode) +@@ -280,11 +280,11 @@ static void __init clean_path(char *path, umode_t mode) { struct stat st; @@ -65275,7 +63837,7 @@ index 2531811..040d4d4 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index 217ed23..ec5406f 100644 +index ff49a6d..5fa0429 100644 --- a/init/main.c +++ b/init/main.c @@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { } @@ -65337,7 +63899,7 @@ index 217ed23..ec5406f 100644 static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; static const char *panic_later, *panic_param; -@@ -681,6 +726,7 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -675,6 +720,7 @@ int __init_or_module do_one_initcall(initcall_t fn) { int count = preempt_count(); int ret; @@ -65345,7 +63907,7 @@ index 217ed23..ec5406f 100644 if (initcall_debug) ret = do_one_initcall_debug(fn); -@@ -693,15 +739,15 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -687,15 +733,15 @@ int __init_or_module do_one_initcall(initcall_t fn) sprintf(msgbuf, "error code %d ", ret); if (preempt_count() != count) { @@ -65365,7 +63927,7 @@ index 217ed23..ec5406f 100644 } return ret; -@@ -820,7 +866,7 @@ static int __init kernel_init(void * unused) +@@ -814,7 +860,7 @@ static int __init kernel_init(void * unused) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -65374,7 +63936,7 @@ index 217ed23..ec5406f 100644 printk(KERN_WARNING "Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -833,11 +879,13 @@ static int __init kernel_init(void * unused) +@@ -827,11 +873,13 @@ static int __init kernel_init(void * unused) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -65390,7 +63952,7 @@ index 217ed23..ec5406f 100644 * Ok, we have completed the initial bootup, and * we're essentially up and running. Get rid of the diff --git a/ipc/mqueue.c b/ipc/mqueue.c -index 5b4293d..f179875 100644 +index 86ee272..773d937 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -156,6 +156,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb, @@ -65400,7 +63962,7 @@ index 5b4293d..f179875 100644 + gr_learn_resource(current, RLIMIT_MSGQUEUE, u->mq_bytes + mq_bytes, 1); spin_lock(&mq_lock); if (u->mq_bytes + mq_bytes < u->mq_bytes || - u->mq_bytes + mq_bytes > task_rlimit(p, RLIMIT_MSGQUEUE)) { + u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) { diff --git a/ipc/msg.c b/ipc/msg.c index 7385de2..a8180e08 100644 --- a/ipc/msg.c @@ -65557,10 +64119,10 @@ index b76be5b..859e750 100644 shm_unlock(shp); diff --git a/kernel/acct.c b/kernel/acct.c -index fa7eb3d..7faf116 100644 +index 02e6167..54824f7 100644 --- a/kernel/acct.c +++ b/kernel/acct.c -@@ -570,7 +570,7 @@ static void do_acct_process(struct bsd_acct_struct *acct, +@@ -550,7 +550,7 @@ static void do_acct_process(struct bsd_acct_struct *acct, */ flim = current->signal->rlim[RLIMIT_FSIZE].rlim_cur; current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY; @@ -65570,7 +64132,7 @@ index fa7eb3d..7faf116 100644 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; set_fs(fs); diff --git a/kernel/audit.c b/kernel/audit.c -index 09fae26..ed71d5b 100644 +index bb0eb5b..cf2a03a 100644 --- a/kernel/audit.c +++ b/kernel/audit.c @@ -115,7 +115,7 @@ u32 audit_sig_sid = 0; @@ -65609,38 +64171,11 @@ index 09fae26..ed71d5b 100644 status_set.backlog = skb_queue_len(&audit_skb_queue); audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0, &status_set, sizeof(status_set)); -@@ -1260,12 +1260,13 @@ static void audit_log_vformat(struct audit_buffer *ab, const char *fmt, - avail = audit_expand(ab, - max_t(unsigned, AUDIT_BUFSIZ, 1+len-avail)); - if (!avail) -- goto out; -+ goto out_va_end; - len = vsnprintf(skb_tail_pointer(skb), avail, fmt, args2); - } -- va_end(args2); - if (len > 0) - skb_put(skb, len); -+out_va_end: -+ va_end(args2); - out: - return; - } diff --git a/kernel/auditsc.c b/kernel/auditsc.c -index 47b7fc1..c003c33 100644 +index af1de0f..06dfe57 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c -@@ -1166,8 +1166,8 @@ static void audit_log_execve_info(struct audit_context *context, - struct audit_buffer **ab, - struct audit_aux_data_execve *axi) - { -- int i; -- size_t len, len_sent = 0; -+ int i, len; -+ size_t len_sent = 0; - const char __user *p; - char *buf; - -@@ -2118,7 +2118,7 @@ int auditsc_get_stamp(struct audit_context *ctx, +@@ -2288,7 +2288,7 @@ int auditsc_get_stamp(struct audit_context *ctx, } /* global counter which is incremented every time something logs in */ @@ -65648,18 +64183,18 @@ index 47b7fc1..c003c33 100644 +static atomic_unchecked_t session_id = ATOMIC_INIT(0); /** - * audit_set_loginuid - set a task's audit_context loginuid -@@ -2131,7 +2131,7 @@ static atomic_t session_id = ATOMIC_INIT(0); - */ - int audit_set_loginuid(struct task_struct *task, uid_t loginuid) - { -- unsigned int sessionid = atomic_inc_return(&session_id); -+ unsigned int sessionid = atomic_inc_return_unchecked(&session_id); - struct audit_context *context = task->audit_context; + * audit_set_loginuid - set current task's audit_context loginuid +@@ -2312,7 +2312,7 @@ int audit_set_loginuid(uid_t loginuid) + return -EPERM; + #endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */ +- sessionid = atomic_inc_return(&session_id); ++ sessionid = atomic_inc_return_unchecked(&session_id); if (context && context->in_syscall) { + struct audit_buffer *ab; + diff --git a/kernel/capability.c b/kernel/capability.c -index b463871..fa3ea1f 100644 +index 3f1adb6..c564db0 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -202,6 +202,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr) @@ -65672,16 +64207,43 @@ index b463871..fa3ea1f 100644 if (copy_to_user(dataptr, kdata, tocopy * sizeof(struct __user_cap_data_struct))) { return -EFAULT; -@@ -374,7 +377,7 @@ bool ns_capable(struct user_namespace *ns, int cap) +@@ -303,10 +306,11 @@ bool has_ns_capability(struct task_struct *t, + int ret; + + rcu_read_lock(); +- ret = security_capable(__task_cred(t), ns, cap); ++ ret = security_capable(__task_cred(t), ns, cap) == 0 && ++ gr_task_is_capable(t, __task_cred(t), cap); + rcu_read_unlock(); + +- return (ret == 0); ++ return ret; + } + + /** +@@ -343,10 +347,10 @@ bool has_ns_capability_noaudit(struct task_struct *t, + int ret; + + rcu_read_lock(); +- ret = security_capable_noaudit(__task_cred(t), ns, cap); ++ ret = security_capable_noaudit(__task_cred(t), ns, cap) == 0 && gr_task_is_capable_nolog(t, cap); + rcu_read_unlock(); + +- return (ret == 0); ++ return ret; + } + + /** +@@ -384,7 +388,7 @@ bool ns_capable(struct user_namespace *ns, int cap) BUG(); } -- if (security_capable(ns, current_cred(), cap) == 0) { -+ if (security_capable(ns, current_cred(), cap) == 0 && gr_is_capable(cap)) { +- if (security_capable(current_cred(), ns, cap) == 0) { ++ if (security_capable(current_cred(), ns, cap) == 0 && gr_is_capable(cap)) { current->flags |= PF_SUPERPRIV; return true; } -@@ -382,6 +385,27 @@ bool ns_capable(struct user_namespace *ns, int cap) +@@ -392,6 +396,21 @@ bool ns_capable(struct user_namespace *ns, int cap) } EXPORT_SYMBOL(ns_capable); @@ -65692,7 +64254,7 @@ index b463871..fa3ea1f 100644 + BUG(); + } + -+ if (security_capable(ns, current_cred(), cap) == 0 && gr_is_capable_nolog(cap)) { ++ if (security_capable(current_cred(), ns, cap) == 0 && gr_is_capable_nolog(cap)) { + current->flags |= PF_SUPERPRIV; + return true; + } @@ -65700,24 +64262,18 @@ index b463871..fa3ea1f 100644 +} +EXPORT_SYMBOL(ns_capable_nolog); + -+bool capable_nolog(int cap) -+{ -+ return ns_capable_nolog(&init_user_ns, cap); -+} -+EXPORT_SYMBOL(capable_nolog); -+ /** - * task_ns_capable - Determine whether current task has a superior - * capability targeted at a specific task's user namespace. -@@ -396,6 +420,12 @@ bool task_ns_capable(struct task_struct *t, int cap) + * capable - Determine if the current task has a superior capability in effect + * @cap: The capability to be tested for +@@ -408,6 +427,12 @@ bool capable(int cap) } - EXPORT_SYMBOL(task_ns_capable); + EXPORT_SYMBOL(capable); -+bool task_ns_capable_nolog(struct task_struct *t, int cap) ++bool capable_nolog(int cap) +{ -+ return ns_capable_nolog(task_cred_xxx(t, user)->user_ns, cap); ++ return ns_capable_nolog(&init_user_ns, cap); +} -+EXPORT_SYMBOL(task_ns_capable_nolog); ++EXPORT_SYMBOL(capable_nolog); + /** * nsown_capable - Check superior capability to one's own user_ns @@ -66111,7 +64667,7 @@ index 0d7c087..01b8cef 100644 } EXPORT_SYMBOL_GPL(kgdb_schedule_breakpoint); diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c -index 63786e7..0780cac 100644 +index e2ae734..08a4c5c 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c @@ -1980,7 +1980,7 @@ static int kdb_lsmod(int argc, const char **argv) @@ -66121,7 +64677,7 @@ index 63786e7..0780cac 100644 - mod->core_size, (void *)mod); + mod->core_size_rx + mod->core_size_rw, (void *)mod); #ifdef CONFIG_MODULE_UNLOAD - kdb_printf("%4d ", module_refcount(mod)); + kdb_printf("%4ld ", module_refcount(mod)); #endif @@ -1990,7 +1990,7 @@ static int kdb_lsmod(int argc, const char **argv) kdb_printf(" (Loading)"); @@ -66133,7 +64689,7 @@ index 63786e7..0780cac 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index 58690af..d903d75 100644 +index 1b5c081..c375f83 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c @@ -173,7 +173,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write, @@ -66145,7 +64701,7 @@ index 58690af..d903d75 100644 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, enum event_type_t event_type); -@@ -2540,7 +2540,7 @@ static void __perf_event_read(void *info) +@@ -2581,7 +2581,7 @@ static void __perf_event_read(void *info) static inline u64 perf_event_count(struct perf_event *event) { @@ -66154,7 +64710,7 @@ index 58690af..d903d75 100644 } static u64 perf_event_read(struct perf_event *event) -@@ -3065,9 +3065,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) +@@ -2897,9 +2897,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) mutex_lock(&event->child_mutex); total += perf_event_read(event); *enabled += event->total_time_enabled + @@ -66166,7 +64722,7 @@ index 58690af..d903d75 100644 list_for_each_entry(child, &event->child_list, child_list) { total += perf_event_read(child); -@@ -3474,10 +3474,10 @@ void perf_event_update_userpage(struct perf_event *event) +@@ -3306,10 +3306,10 @@ void perf_event_update_userpage(struct perf_event *event) userpg->offset -= local64_read(&event->hw.prev_count); userpg->time_enabled = enabled + @@ -66179,7 +64735,7 @@ index 58690af..d903d75 100644 barrier(); ++userpg->lock; -@@ -3906,11 +3906,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, +@@ -3738,11 +3738,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, values[n++] = perf_event_count(event); if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { values[n++] = enabled + @@ -66193,7 +64749,7 @@ index 58690af..d903d75 100644 } if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(event); -@@ -4561,12 +4561,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) +@@ -4393,12 +4393,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) * need to add enough zero bytes after the string to handle * the 64bit alignment we do later. */ @@ -66208,7 +64764,7 @@ index 58690af..d903d75 100644 if (IS_ERR(name)) { name = strncpy(tmp, "//toolong", sizeof(tmp)); goto got_name; -@@ -5921,7 +5921,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, +@@ -5765,7 +5765,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, event->parent = parent_event; event->ns = get_pid_ns(current->nsproxy->pid_ns); @@ -66217,7 +64773,7 @@ index 58690af..d903d75 100644 event->state = PERF_EVENT_STATE_INACTIVE; -@@ -6443,10 +6443,10 @@ static void sync_child_event(struct perf_event *child_event, +@@ -6287,10 +6287,10 @@ static void sync_child_event(struct perf_event *child_event, /* * Add back the child's count to the parent's count: */ @@ -66232,10 +64788,10 @@ index 58690af..d903d75 100644 /* diff --git a/kernel/exit.c b/kernel/exit.c -index e6e01b9..0a21b0a 100644 +index 4b4042f..5bdd8d5 100644 --- a/kernel/exit.c +++ b/kernel/exit.c -@@ -57,6 +57,10 @@ +@@ -58,6 +58,10 @@ #include <asm/pgtable.h> #include <asm/mmu_context.h> @@ -66246,7 +64802,7 @@ index e6e01b9..0a21b0a 100644 static void exit_mm(struct task_struct * tsk); static void __unhash_process(struct task_struct *p, bool group_dead) -@@ -168,6 +172,10 @@ void release_task(struct task_struct * p) +@@ -169,6 +173,10 @@ void release_task(struct task_struct * p) struct task_struct *leader; int zap_leader; repeat: @@ -66257,7 +64813,7 @@ index e6e01b9..0a21b0a 100644 /* don't need to get the RCU readlock here - the process is dead and * can't be modifying its own credentials. But shut RCU-lockdep up */ rcu_read_lock(); -@@ -380,7 +388,7 @@ int allow_signal(int sig) +@@ -381,7 +389,7 @@ int allow_signal(int sig) * know it'll be handled, so that they don't get converted to * SIGKILL or just silently dropped. */ @@ -66266,7 +64822,7 @@ index e6e01b9..0a21b0a 100644 recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); return 0; -@@ -416,6 +424,17 @@ void daemonize(const char *name, ...) +@@ -417,6 +425,17 @@ void daemonize(const char *name, ...) vsnprintf(current->comm, sizeof(current->comm), name, args); va_end(args); @@ -66284,7 +64840,7 @@ index e6e01b9..0a21b0a 100644 /* * If we were started as result of loading a module, close all of the * user space pages. We don't need them, and if we didn't close them -@@ -893,6 +912,8 @@ NORET_TYPE void do_exit(long code) +@@ -892,6 +911,8 @@ void do_exit(long code) struct task_struct *tsk = current; int group_dead; @@ -66293,7 +64849,7 @@ index e6e01b9..0a21b0a 100644 profile_task_exit(tsk); WARN_ON(blk_needs_flush_plug(tsk)); -@@ -909,7 +930,6 @@ NORET_TYPE void do_exit(long code) +@@ -908,7 +929,6 @@ void do_exit(long code) * mm_release()->clear_child_tid() from writing to a user-controlled * kernel address. */ @@ -66301,7 +64857,7 @@ index e6e01b9..0a21b0a 100644 ptrace_event(PTRACE_EVENT_EXIT, code); -@@ -971,6 +991,9 @@ NORET_TYPE void do_exit(long code) +@@ -969,6 +989,9 @@ void do_exit(long code) tsk->exit_code = code; taskstats_exit(tsk, group_dead); @@ -66311,20 +64867,20 @@ index e6e01b9..0a21b0a 100644 exit_mm(tsk); if (group_dead) -@@ -1068,7 +1091,7 @@ SYSCALL_DEFINE1(exit, int, error_code) +@@ -1085,7 +1108,7 @@ SYSCALL_DEFINE1(exit, int, error_code) * Take down every thread in the group. This is called by fatal signals * as well as by sys_exit_group (below). */ --NORET_TYPE void +-void +__noreturn void do_group_exit(int exit_code) { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index 0acf42c0..9e40e2e 100644 +index 26a7a67..a1053f9 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -281,7 +281,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) +@@ -284,7 +284,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) *stackend = STACK_END_MAGIC; /* for overflow detection */ #ifdef CONFIG_CC_STACKPROTECTOR @@ -66333,7 +64889,7 @@ index 0acf42c0..9e40e2e 100644 #endif /* -@@ -305,13 +305,77 @@ out: +@@ -308,13 +308,77 @@ out: } #ifdef CONFIG_MMU @@ -66413,7 +64969,7 @@ index 0acf42c0..9e40e2e 100644 down_write(&oldmm->mmap_sem); flush_cache_dup_mm(oldmm); -@@ -323,8 +387,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -326,8 +390,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) mm->locked_vm = 0; mm->mmap = NULL; mm->mmap_cache = NULL; @@ -66424,7 +64980,7 @@ index 0acf42c0..9e40e2e 100644 mm->map_count = 0; cpumask_clear(mm_cpumask(mm)); mm->mm_rb = RB_ROOT; -@@ -340,8 +404,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -343,8 +407,6 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) prev = NULL; for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) { @@ -66433,7 +64989,7 @@ index 0acf42c0..9e40e2e 100644 if (mpnt->vm_flags & VM_DONTCOPY) { long pages = vma_pages(mpnt); mm->total_vm -= pages; -@@ -349,53 +411,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -352,53 +414,11 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) -pages); continue; } @@ -66491,7 +65047,7 @@ index 0acf42c0..9e40e2e 100644 /* * Link in the new vma and copy the page table entries. -@@ -418,6 +438,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -421,6 +441,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) if (retval) goto out; } @@ -66523,7 +65079,7 @@ index 0acf42c0..9e40e2e 100644 /* a new mm has just been created */ arch_dup_mmap(oldmm, mm); retval = 0; -@@ -426,14 +471,6 @@ out: +@@ -429,14 +474,6 @@ out: flush_tlb_mm(oldmm); up_write(&oldmm->mmap_sem); return retval; @@ -66538,34 +65094,18 @@ index 0acf42c0..9e40e2e 100644 } static inline int mm_alloc_pgd(struct mm_struct *mm) -@@ -645,6 +682,26 @@ struct mm_struct *get_task_mm(struct task_struct *task) - } - EXPORT_SYMBOL_GPL(get_task_mm); +@@ -658,8 +695,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) + return ERR_PTR(err); -+struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) -+{ -+ struct mm_struct *mm; -+ int err; -+ -+ err = mutex_lock_killable(&task->signal->cred_guard_mutex); -+ if (err) -+ return ERR_PTR(err); -+ -+ mm = get_task_mm(task); + mm = get_task_mm(task); +- if (mm && mm != current->mm && +- !ptrace_may_access(task, mode)) { + if (mm && ((mm != current->mm && !ptrace_may_access(task, mode)) || -+ (mode == PTRACE_MODE_ATTACH && (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))))) { -+ mmput(mm); -+ mm = ERR_PTR(-EACCES); -+ } -+ mutex_unlock(&task->signal->cred_guard_mutex); -+ -+ return mm; -+} -+ - /* Please note the differences between mmput and mm_release. - * mmput is called whenever we stop holding onto a mm_struct, - * error success whatever. -@@ -830,13 +887,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) ++ (mode == PTRACE_MODE_ATTACH && (gr_handle_proc_ptrace(task) || gr_acl_handle_procpidmem(task))))) { + mmput(mm); + mm = ERR_PTR(-EACCES); + } +@@ -881,13 +918,14 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) spin_unlock(&fs->lock); return -EAGAIN; } @@ -66581,7 +65121,7 @@ index 0acf42c0..9e40e2e 100644 return 0; } -@@ -1100,6 +1158,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1151,6 +1189,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; @@ -66591,7 +65131,7 @@ index 0acf42c0..9e40e2e 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && -@@ -1259,6 +1320,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1306,6 +1347,8 @@ static struct task_struct *copy_process(unsigned long clone_flags, if (clone_flags & CLONE_THREAD) p->tgid = current->tgid; @@ -66600,7 +65140,7 @@ index 0acf42c0..9e40e2e 100644 p->set_child_tid = (clone_flags & CLONE_CHILD_SETTID) ? child_tidptr : NULL; /* * Clear TID on mm_release()? -@@ -1421,6 +1484,8 @@ bad_fork_cleanup_count: +@@ -1472,6 +1515,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -66609,7 +65149,7 @@ index 0acf42c0..9e40e2e 100644 return ERR_PTR(retval); } -@@ -1521,6 +1586,8 @@ long do_fork(unsigned long clone_flags, +@@ -1572,6 +1617,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -66618,7 +65158,7 @@ index 0acf42c0..9e40e2e 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1630,7 +1697,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1670,7 +1717,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -66627,7 +65167,7 @@ index 0acf42c0..9e40e2e 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1719,7 +1786,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1759,7 +1806,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -66764,7 +65304,7 @@ index ae34bf5..4e2f3d0 100644 hrtimer_peek_ahead_timers(); } diff --git a/kernel/jump_label.c b/kernel/jump_label.c -index 66ff710..05a5128 100644 +index 01d3b70..9e4d098 100644 --- a/kernel/jump_label.c +++ b/kernel/jump_label.c @@ -55,7 +55,9 @@ jump_label_sort_entries(struct jump_entry *start, struct jump_entry *stop) @@ -66777,7 +65317,7 @@ index 66ff710..05a5128 100644 } static void jump_label_update(struct jump_label_key *key, int enable); -@@ -303,10 +305,12 @@ static void jump_label_invalidate_module_init(struct module *mod) +@@ -340,10 +342,12 @@ static void jump_label_invalidate_module_init(struct module *mod) struct jump_entry *iter_stop = iter_start + mod->num_jump_entries; struct jump_entry *iter; @@ -66897,10 +65437,10 @@ index 079f1d3..a407562 100644 return -ENOMEM; reset_iter(iter, 0); diff --git a/kernel/kexec.c b/kernel/kexec.c -index dc7bc08..4601964 100644 +index 7b08867..3bac516 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c -@@ -1048,7 +1048,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry, +@@ -1047,7 +1047,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry, unsigned long flags) { struct compat_kexec_segment in; @@ -66911,10 +65451,10 @@ index dc7bc08..4601964 100644 /* Don't allow clients that don't understand the native diff --git a/kernel/kmod.c b/kernel/kmod.c -index a4bea97..7a1ae9a 100644 +index a0a8854..642b106 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c -@@ -73,13 +73,12 @@ char modprobe_path[KMOD_PATH_LEN] = "/sbin/modprobe"; +@@ -75,13 +75,12 @@ char modprobe_path[KMOD_PATH_LEN] = "/sbin/modprobe"; * If module auto-loading support is disabled then this function * becomes a no-operation. */ @@ -66930,7 +65470,7 @@ index a4bea97..7a1ae9a 100644 static char *envp[] = { "HOME=/", "TERM=linux", "PATH=/sbin:/usr/sbin:/bin:/usr/bin", -@@ -88,9 +87,7 @@ int __request_module(bool wait, const char *fmt, ...) +@@ -90,9 +89,7 @@ int __request_module(bool wait, const char *fmt, ...) #define MAX_KMOD_CONCURRENT 50 /* Completely arbitrary value - KAO */ static int kmod_loop_msg; @@ -66941,7 +65481,7 @@ index a4bea97..7a1ae9a 100644 if (ret >= MODULE_NAME_LEN) return -ENAMETOOLONG; -@@ -98,6 +95,20 @@ int __request_module(bool wait, const char *fmt, ...) +@@ -100,6 +97,20 @@ int __request_module(bool wait, const char *fmt, ...) if (ret) return ret; @@ -66962,7 +65502,7 @@ index a4bea97..7a1ae9a 100644 /* If modprobe needs a service that is in a module, we get a recursive * loop. Limit the number of running kmod threads to max_threads/2 or * MAX_KMOD_CONCURRENT, whichever is the smaller. A cleaner method -@@ -133,6 +144,47 @@ int __request_module(bool wait, const char *fmt, ...) +@@ -135,6 +146,47 @@ int __request_module(bool wait, const char *fmt, ...) atomic_dec(&kmod_concurrent); return ret; } @@ -67010,7 +65550,7 @@ index a4bea97..7a1ae9a 100644 EXPORT_SYMBOL(__request_module); #endif /* CONFIG_MODULES */ -@@ -222,7 +274,7 @@ static int wait_for_helper(void *data) +@@ -224,7 +276,7 @@ static int wait_for_helper(void *data) * * Thus the __user pointer cast is valid here. */ @@ -67020,7 +65560,7 @@ index a4bea97..7a1ae9a 100644 /* * If ret is 0, either ____call_usermodehelper failed and the diff --git a/kernel/kprobes.c b/kernel/kprobes.c -index bc90b87..43c7d8c 100644 +index c62b854..cb67968 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -185,7 +185,7 @@ static kprobe_opcode_t __kprobes *__get_insn_slot(struct kprobe_insn_cache *c) @@ -67060,10 +65600,10 @@ index bc90b87..43c7d8c 100644 head = &kprobe_table[i]; preempt_disable(); diff --git a/kernel/lockdep.c b/kernel/lockdep.c -index b2e08c9..01d8049 100644 +index 8889f7d..95319b7 100644 --- a/kernel/lockdep.c +++ b/kernel/lockdep.c -@@ -592,6 +592,10 @@ static int static_obj(void *obj) +@@ -590,6 +590,10 @@ static int static_obj(void *obj) end = (unsigned long) &_end, addr = (unsigned long) obj; @@ -67074,7 +65614,7 @@ index b2e08c9..01d8049 100644 /* * static variable? */ -@@ -731,6 +735,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force) +@@ -730,6 +734,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force) if (!static_obj(lock->key)) { debug_locks_off(); printk("INFO: trying to register non-static key.\n"); @@ -67105,7 +65645,7 @@ index 91c32a0..b2c71c5 100644 if (!name) { diff --git a/kernel/module.c b/kernel/module.c -index 178333c..04e3408 100644 +index 2c93276..476fe81 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -58,6 +58,7 @@ @@ -67116,7 +65656,7 @@ index 178333c..04e3408 100644 #define CREATE_TRACE_POINTS #include <trace/events/module.h> -@@ -119,7 +120,8 @@ static BLOCKING_NOTIFIER_HEAD(module_notify_list); +@@ -113,7 +114,8 @@ static BLOCKING_NOTIFIER_HEAD(module_notify_list); /* Bounds of module allocation, for speeding __module_address. * Protected by module_mutex. */ @@ -67126,7 +65666,7 @@ index 178333c..04e3408 100644 int register_module_notifier(struct notifier_block * nb) { -@@ -284,7 +286,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, +@@ -277,7 +279,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, return true; list_for_each_entry_rcu(mod, &modules, list) { @@ -67135,7 +65675,7 @@ index 178333c..04e3408 100644 { mod->syms, mod->syms + mod->num_syms, mod->crcs, NOT_GPL_ONLY, false }, { mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms, -@@ -306,7 +308,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, +@@ -299,7 +301,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, #endif }; @@ -67144,7 +65684,7 @@ index 178333c..04e3408 100644 return true; } return false; -@@ -438,7 +440,7 @@ static inline void __percpu *mod_percpu(struct module *mod) +@@ -431,7 +433,7 @@ static inline void __percpu *mod_percpu(struct module *mod) static int percpu_modalloc(struct module *mod, unsigned long size, unsigned long align) { @@ -67153,7 +65693,25 @@ index 178333c..04e3408 100644 printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n", mod->name, align, PAGE_SIZE); align = PAGE_SIZE; -@@ -1183,7 +1185,7 @@ resolve_symbol_wait(struct module *mod, +@@ -1001,7 +1003,7 @@ struct module_attribute module_uevent = + static ssize_t show_coresize(struct module_attribute *mattr, + struct module_kobject *mk, char *buffer) + { +- return sprintf(buffer, "%u\n", mk->mod->core_size); ++ return sprintf(buffer, "%u\n", mk->mod->core_size_rx + mk->mod->core_size_rw); + } + + static struct module_attribute modinfo_coresize = +@@ -1010,7 +1012,7 @@ static struct module_attribute modinfo_coresize = + static ssize_t show_initsize(struct module_attribute *mattr, + struct module_kobject *mk, char *buffer) + { +- return sprintf(buffer, "%u\n", mk->mod->init_size); ++ return sprintf(buffer, "%u\n", mk->mod->init_size_rx + mk->mod->init_size_rw); + } + + static struct module_attribute modinfo_initsize = +@@ -1224,7 +1226,7 @@ resolve_symbol_wait(struct module *mod, */ #ifdef CONFIG_SYSFS @@ -67162,7 +65720,7 @@ index 178333c..04e3408 100644 static inline bool sect_empty(const Elf_Shdr *sect) { return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0; -@@ -1649,21 +1651,21 @@ static void set_section_ro_nx(void *base, +@@ -1690,21 +1692,21 @@ static void set_section_ro_nx(void *base, static void unset_module_core_ro_nx(struct module *mod) { @@ -67192,7 +65750,7 @@ index 178333c..04e3408 100644 set_memory_rw); } -@@ -1674,14 +1676,14 @@ void set_all_modules_text_rw(void) +@@ -1715,14 +1717,14 @@ void set_all_modules_text_rw(void) mutex_lock(&module_mutex); list_for_each_entry_rcu(mod, &modules, list) { @@ -67213,7 +65771,7 @@ index 178333c..04e3408 100644 set_memory_rw); } } -@@ -1695,14 +1697,14 @@ void set_all_modules_text_ro(void) +@@ -1736,14 +1738,14 @@ void set_all_modules_text_ro(void) mutex_lock(&module_mutex); list_for_each_entry_rcu(mod, &modules, list) { @@ -67234,7 +65792,7 @@ index 178333c..04e3408 100644 set_memory_ro); } } -@@ -1748,16 +1750,19 @@ static void free_module(struct module *mod) +@@ -1789,16 +1791,19 @@ static void free_module(struct module *mod) /* This may be NULL, but that's OK */ unset_module_init_ro_nx(mod); @@ -67257,7 +65815,7 @@ index 178333c..04e3408 100644 #ifdef CONFIG_MPU update_protections(current->mm); -@@ -1826,10 +1831,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1867,10 +1872,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) unsigned int i; int ret = 0; const struct kernel_symbol *ksym; @@ -67289,7 +65847,7 @@ index 178333c..04e3408 100644 switch (sym[i].st_shndx) { case SHN_COMMON: /* We compiled with -fno-common. These are not -@@ -1850,7 +1876,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1891,7 +1917,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) ksym = resolve_symbol_wait(mod, info, name); /* Ok if resolved. */ if (ksym && !IS_ERR(ksym)) { @@ -67299,7 +65857,7 @@ index 178333c..04e3408 100644 break; } -@@ -1869,11 +1897,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1910,11 +1938,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) secbase = (unsigned long)mod_percpu(mod); else secbase = info->sechdrs[sym[i].st_shndx].sh_addr; @@ -67320,7 +65878,7 @@ index 178333c..04e3408 100644 return ret; } -@@ -1977,22 +2014,12 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2018,22 +2055,12 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || strstarts(sname, ".init")) continue; @@ -67329,7 +65887,7 @@ index 178333c..04e3408 100644 + s->sh_entsize = get_offset(mod, &mod->core_size_rw, s, i); + else + s->sh_entsize = get_offset(mod, &mod->core_size_rx, s, i); - DEBUGP("\t%s\n", name); + pr_debug("\t%s\n", sname); } - switch (m) { - case 0: /* executable */ @@ -67346,8 +65904,8 @@ index 178333c..04e3408 100644 - } } - DEBUGP("Init section allocation order:\n"); -@@ -2006,23 +2033,13 @@ static void layout_sections(struct module *mod, struct load_info *info) + pr_debug("Init section allocation order:\n"); +@@ -2047,23 +2074,13 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || !strstarts(sname, ".init")) continue; @@ -67358,7 +65916,7 @@ index 178333c..04e3408 100644 + else + s->sh_entsize = get_offset(mod, &mod->init_size_rx, s, i); + s->sh_entsize |= INIT_OFFSET_MASK; - DEBUGP("\t%s\n", sname); + pr_debug("\t%s\n", sname); } - switch (m) { - case 0: /* executable */ @@ -67376,41 +65934,34 @@ index 178333c..04e3408 100644 } } -@@ -2187,7 +2204,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2235,7 +2252,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) /* Put symbol section at end of init part of module. */ symsect->sh_flags |= SHF_ALLOC; - symsect->sh_entsize = get_offset(mod, &mod->init_size, symsect, + symsect->sh_entsize = get_offset(mod, &mod->init_size_rx, symsect, info->index.sym) | INIT_OFFSET_MASK; - DEBUGP("\t%s\n", info->secstrings + symsect->sh_name); + pr_debug("\t%s\n", info->secstrings + symsect->sh_name); -@@ -2204,19 +2221,19 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2250,13 +2267,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) } /* Append room for core symbols at end of core part. */ - info->symoffs = ALIGN(mod->core_size, symsect->sh_addralign ?: 1); -- mod->core_size = info->symoffs + ndst * sizeof(Elf_Sym); +- info->stroffs = mod->core_size = info->symoffs + ndst * sizeof(Elf_Sym); +- mod->core_size += strtab_size; + info->symoffs = ALIGN(mod->core_size_rx, symsect->sh_addralign ?: 1); -+ mod->core_size_rx = info->symoffs + ndst * sizeof(Elf_Sym); ++ info->stroffs = mod->core_size_rx = info->symoffs + ndst * sizeof(Elf_Sym); ++ mod->core_size_rx += strtab_size; /* Put string table section at end of init part of module. */ strsect->sh_flags |= SHF_ALLOC; - strsect->sh_entsize = get_offset(mod, &mod->init_size, strsect, + strsect->sh_entsize = get_offset(mod, &mod->init_size_rx, strsect, info->index.str) | INIT_OFFSET_MASK; - DEBUGP("\t%s\n", info->secstrings + strsect->sh_name); - - /* Append room for core symbols' strings at end of core part. */ -- info->stroffs = mod->core_size; -+ info->stroffs = mod->core_size_rx; - __set_bit(0, info->strmap); -- mod->core_size += bitmap_weight(info->strmap, strsect->sh_size); -+ mod->core_size_rx += bitmap_weight(info->strmap, strsect->sh_size); + pr_debug("\t%s\n", info->secstrings + strsect->sh_name); } - - static void add_kallsyms(struct module *mod, const struct load_info *info) -@@ -2232,11 +2249,13 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2274,12 +2291,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) /* Make sure we get permanent strtab: don't use info->strtab. */ mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr; @@ -67421,25 +65972,22 @@ index 178333c..04e3408 100644 mod->symtab[i].st_info = elf_type(&mod->symtab[i], info); - mod->core_symtab = dst = mod->module_core + info->symoffs; +- mod->core_strtab = s = mod->module_core + info->stroffs; + mod->core_symtab = dst = mod->module_core_rx + info->symoffs; ++ mod->core_strtab = s = mod->module_core_rx + info->stroffs; src = mod->symtab; *dst = *src; - for (ndst = i = 1; i < mod->num_symtab; ++i, ++src) { -@@ -2249,10 +2268,12 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) + *s++ = 0; +@@ -2292,6 +2311,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) + s += strlcpy(s, &mod->strtab[src->st_name], KSYM_NAME_LEN) + 1; } mod->core_num_syms = ndst; - -- mod->core_strtab = s = mod->module_core + info->stroffs; -+ mod->core_strtab = s = mod->module_core_rx + info->stroffs; - for (*s = 0, i = 1; i < info->sechdrs[info->index.str].sh_size; ++i) - if (test_bit(i, info->strmap)) - *++s = mod->strtab[i]; + + pax_close_kernel(); } #else static inline void layout_symtab(struct module *mod, struct load_info *info) -@@ -2286,17 +2307,33 @@ void * __weak module_alloc(unsigned long size) +@@ -2325,17 +2346,33 @@ void * __weak module_alloc(unsigned long size) return size == 0 ? NULL : vmalloc_exec(size); } @@ -67478,7 +66026,7 @@ index 178333c..04e3408 100644 mutex_unlock(&module_mutex); } return ret; -@@ -2474,8 +2511,14 @@ static struct module *setup_load_info(struct load_info *info) +@@ -2513,8 +2550,14 @@ static struct module *setup_load_info(struct load_info *info) static int check_modinfo(struct module *mod, struct load_info *info) { const char *modmagic = get_modinfo(info, "vermagic"); @@ -67493,7 +66041,7 @@ index 178333c..04e3408 100644 /* This is allowed: modprobe --force will invalidate it. */ if (!modmagic) { err = try_to_force_load(mod, "bad vermagic"); -@@ -2498,7 +2541,7 @@ static int check_modinfo(struct module *mod, struct load_info *info) +@@ -2537,7 +2580,7 @@ static int check_modinfo(struct module *mod, struct load_info *info) } /* Set up license info based on the info section */ @@ -67502,7 +66050,7 @@ index 178333c..04e3408 100644 return 0; } -@@ -2592,7 +2635,7 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2631,7 +2674,7 @@ static int move_module(struct module *mod, struct load_info *info) void *ptr; /* Do the allocs. */ @@ -67511,7 +66059,7 @@ index 178333c..04e3408 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2602,23 +2645,50 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2641,23 +2684,50 @@ static int move_module(struct module *mod, struct load_info *info) if (!ptr) return -ENOMEM; @@ -67569,8 +66117,8 @@ index 178333c..04e3408 100644 + mod->module_init_rx = ptr; /* Transfer each section which specifies SHF_ALLOC */ - DEBUGP("final section addresses:\n"); -@@ -2629,16 +2699,45 @@ static int move_module(struct module *mod, struct load_info *info) + pr_debug("final section addresses:\n"); +@@ -2668,16 +2738,45 @@ static int move_module(struct module *mod, struct load_info *info) if (!(shdr->sh_flags & SHF_ALLOC)) continue; @@ -67620,10 +66168,10 @@ index 178333c..04e3408 100644 +#endif + + shdr->sh_addr = (unsigned long)dest; - DEBUGP("\t0x%lx %s\n", - shdr->sh_addr, info->secstrings + shdr->sh_name); + pr_debug("\t0x%lx %s\n", + (long)shdr->sh_addr, info->secstrings + shdr->sh_name); } -@@ -2689,12 +2788,12 @@ static void flush_module_icache(const struct module *mod) +@@ -2728,12 +2827,12 @@ static void flush_module_icache(const struct module *mod) * Do it before processing of module parameters, so the module * can provide parameter accessor functions of its own. */ @@ -67642,9 +66190,9 @@ index 178333c..04e3408 100644 set_fs(old_fs); } -@@ -2774,8 +2873,10 @@ static void module_deallocate(struct module *mod, struct load_info *info) +@@ -2803,8 +2902,10 @@ out: + static void module_deallocate(struct module *mod, struct load_info *info) { - kfree(info->strmap); percpu_modfree(mod); - module_free(mod, mod->module_init); - module_free(mod, mod->module_core); @@ -67655,7 +66203,7 @@ index 178333c..04e3408 100644 } int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -2839,9 +2940,38 @@ static struct module *load_module(void __user *umod, +@@ -2868,9 +2969,38 @@ static struct module *load_module(void __user *umod, if (err) goto free_unload; @@ -67694,7 +66242,7 @@ index 178333c..04e3408 100644 /* Fix up syms, so that st_value is a pointer to location. */ err = simplify_symbols(mod, &info); if (err < 0) -@@ -2857,13 +2987,6 @@ static struct module *load_module(void __user *umod, +@@ -2886,13 +3016,6 @@ static struct module *load_module(void __user *umod, flush_module_icache(mod); @@ -67708,7 +66256,7 @@ index 178333c..04e3408 100644 /* Mark state as coming so strong_try_module_get() ignores us. */ mod->state = MODULE_STATE_COMING; -@@ -2921,11 +3044,10 @@ static struct module *load_module(void __user *umod, +@@ -2949,11 +3072,10 @@ static struct module *load_module(void __user *umod, unlock: mutex_unlock(&module_mutex); synchronize_sched(); @@ -67721,7 +66269,7 @@ index 178333c..04e3408 100644 free_unload: module_unload_free(mod); free_module: -@@ -2966,16 +3088,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, +@@ -2994,16 +3116,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, MODULE_STATE_COMING, mod); /* Set RO and NX regions for core */ @@ -67746,7 +66294,7 @@ index 178333c..04e3408 100644 do_mod_ctors(mod); /* Start the module */ -@@ -3021,11 +3143,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, +@@ -3049,11 +3171,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, mod->strtab = mod->core_strtab; #endif unset_module_init_ro_nx(mod); @@ -67764,7 +66312,7 @@ index 178333c..04e3408 100644 mutex_unlock(&module_mutex); return 0; -@@ -3056,10 +3179,16 @@ static const char *get_ksymbol(struct module *mod, +@@ -3084,10 +3207,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -67784,7 +66332,7 @@ index 178333c..04e3408 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3307,7 +3436,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3322,7 +3451,7 @@ static int m_show(struct seq_file *m, void *p) char buf[8]; seq_printf(m, "%s %u", @@ -67793,7 +66341,7 @@ index 178333c..04e3408 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3316,7 +3445,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3331,7 +3460,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading": "Live"); /* Used by oprofile and other similar tools. */ @@ -67802,7 +66350,7 @@ index 178333c..04e3408 100644 /* Taints info */ if (mod->taints) -@@ -3352,7 +3481,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3367,7 +3496,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -67820,7 +66368,7 @@ index 178333c..04e3408 100644 return 0; } module_init(proc_modules_init); -@@ -3411,12 +3550,12 @@ struct module *__module_address(unsigned long addr) +@@ -3426,12 +3565,12 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -67836,7 +66384,7 @@ index 178333c..04e3408 100644 return mod; return NULL; } -@@ -3450,11 +3589,20 @@ bool is_module_text_address(unsigned long addr) +@@ -3465,11 +3604,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -67968,23 +66516,10 @@ index b452599..5d68f4e 100644 atomic_set(&pd->refcnt, 0); pd->pinst = pinst; diff --git a/kernel/panic.c b/kernel/panic.c -index 3458469..342c500 100644 +index 80aed44..f291d37 100644 --- a/kernel/panic.c +++ b/kernel/panic.c -@@ -78,7 +78,11 @@ NORET_TYPE void panic(const char * fmt, ...) - va_end(args); - printk(KERN_EMERG "Kernel panic - not syncing: %s\n",buf); - #ifdef CONFIG_DEBUG_BUGVERBOSE -- dump_stack(); -+ /* -+ * Avoid nested stack-dumping if a panic occurs during oops processing -+ */ -+ if (!oops_in_progress) -+ dump_stack(); - #endif - - /* -@@ -382,7 +386,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, +@@ -402,7 +402,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, const char *board; printk(KERN_WARNING "------------[ cut here ]------------\n"); @@ -67993,7 +66528,7 @@ index 3458469..342c500 100644 board = dmi_get_system_info(DMI_PRODUCT_NAME); if (board) printk(KERN_WARNING "Hardware name: %s\n", board); -@@ -437,7 +441,8 @@ EXPORT_SYMBOL(warn_slowpath_null); +@@ -457,7 +457,8 @@ EXPORT_SYMBOL(warn_slowpath_null); */ void __stack_chk_fail(void) { @@ -68004,7 +66539,7 @@ index 3458469..342c500 100644 } EXPORT_SYMBOL(__stack_chk_fail); diff --git a/kernel/pid.c b/kernel/pid.c -index fa5f722..0c93e57 100644 +index 9f08dfa..6765c40 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -33,6 +33,7 @@ @@ -68024,7 +66559,7 @@ index fa5f722..0c93e57 100644 int pid_max_min = RESERVED_PIDS + 1; int pid_max_max = PID_MAX_LIMIT; -@@ -418,10 +419,18 @@ EXPORT_SYMBOL(pid_task); +@@ -420,10 +421,18 @@ EXPORT_SYMBOL(pid_task); */ struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns) { @@ -68044,7 +66579,7 @@ index fa5f722..0c93e57 100644 } struct task_struct *find_task_by_vpid(pid_t vnr) -@@ -429,6 +438,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr) +@@ -431,6 +440,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr) return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); } @@ -68060,7 +66595,7 @@ index fa5f722..0c93e57 100644 { struct pid *pid; diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c -index e7cb76d..75eceb3 100644 +index 125cb67..a4d1c30 100644 --- a/kernel/posix-cpu-timers.c +++ b/kernel/posix-cpu-timers.c @@ -6,6 +6,7 @@ @@ -68071,7 +66606,7 @@ index e7cb76d..75eceb3 100644 #include <asm/uaccess.h> #include <linux/kernel_stat.h> #include <trace/events/timer.h> -@@ -1606,14 +1607,14 @@ struct k_clock clock_posix_cpu = { +@@ -1578,14 +1579,14 @@ struct k_clock clock_posix_cpu = { static __init int init_posix_cpu_timers(void) { @@ -68200,10 +66735,10 @@ index d523593..68197a4 100644 register_sysrq_key('o', &sysrq_poweroff_op); return 0; diff --git a/kernel/power/process.c b/kernel/power/process.c -index 3d4b954..11af930 100644 +index 7e42645..3d43df1 100644 --- a/kernel/power/process.c +++ b/kernel/power/process.c -@@ -41,6 +41,7 @@ static int try_to_freeze_tasks(bool sig_only) +@@ -32,6 +32,7 @@ static int try_to_freeze_tasks(bool user_only) u64 elapsed_csecs64; unsigned int elapsed_csecs; bool wakeup = false; @@ -68211,7 +66746,7 @@ index 3d4b954..11af930 100644 do_gettimeofday(&start); -@@ -51,6 +52,8 @@ static int try_to_freeze_tasks(bool sig_only) +@@ -42,6 +43,8 @@ static int try_to_freeze_tasks(bool user_only) while (true) { todo = 0; @@ -68219,8 +66754,8 @@ index 3d4b954..11af930 100644 + timedout = true; read_lock(&tasklist_lock); do_each_thread(g, p) { - if (frozen(p) || !freezable(p)) -@@ -71,9 +74,13 @@ static int try_to_freeze_tasks(bool sig_only) + if (p == current || !freeze_task(p)) +@@ -59,9 +62,13 @@ static int try_to_freeze_tasks(bool user_only) * try_to_stop() after schedule() in ptrace/signal * stop sees TIF_FREEZE. */ @@ -68236,7 +66771,7 @@ index 3d4b954..11af930 100644 } while_each_thread(g, p); read_unlock(&tasklist_lock); -@@ -82,7 +89,7 @@ static int try_to_freeze_tasks(bool sig_only) +@@ -70,7 +77,7 @@ static int try_to_freeze_tasks(bool user_only) todo += wq_busy; } @@ -68246,7 +66781,7 @@ index 3d4b954..11af930 100644 if (pm_wakeup_pending()) { diff --git a/kernel/printk.c b/kernel/printk.c -index 7982a0a..2095fdc 100644 +index 32690a0..cd7c798 100644 --- a/kernel/printk.c +++ b/kernel/printk.c @@ -313,6 +313,11 @@ static int check_syslog_permissions(int type, bool from_file) @@ -68323,82 +66858,19 @@ index 76b8e77..a2930e8 100644 } diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index 78ab24a..332c915 100644 +index 00ab2ca..d237f61 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -172,7 +172,8 @@ int ptrace_check_attach(struct task_struct *child, bool ignore_state) - return ret; - } - --int __ptrace_may_access(struct task_struct *task, unsigned int mode) -+static int __ptrace_may_access(struct task_struct *task, unsigned int mode, -+ unsigned int log) - { - const struct cred *cred = current_cred(), *tcred; - -@@ -198,7 +199,8 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode) - cred->gid == tcred->sgid && - cred->gid == tcred->gid)) - goto ok; -- if (ns_capable(tcred->user->user_ns, CAP_SYS_PTRACE)) -+ if ((!log && ns_capable_nolog(tcred->user->user_ns, CAP_SYS_PTRACE)) || -+ (log && ns_capable(tcred->user->user_ns, CAP_SYS_PTRACE))) - goto ok; - rcu_read_unlock(); - return -EPERM; -@@ -207,7 +209,9 @@ ok: - smp_rmb(); - if (task->mm) - dumpable = get_dumpable(task->mm); -- if (!dumpable && !task_ns_capable(task, CAP_SYS_PTRACE)) -+ if (!dumpable && -+ ((!log && !task_ns_capable_nolog(task, CAP_SYS_PTRACE)) || -+ (log && !task_ns_capable(task, CAP_SYS_PTRACE)))) - return -EPERM; - - return security_ptrace_access_check(task, mode); -@@ -217,7 +221,21 @@ bool ptrace_may_access(struct task_struct *task, unsigned int mode) - { - int err; - task_lock(task); -- err = __ptrace_may_access(task, mode); -+ err = __ptrace_may_access(task, mode, 0); -+ task_unlock(task); -+ return !err; -+} -+ -+bool ptrace_may_access_nolock(struct task_struct *task, unsigned int mode) -+{ -+ return __ptrace_may_access(task, mode, 0); -+} -+ -+bool ptrace_may_access_log(struct task_struct *task, unsigned int mode) -+{ -+ int err; -+ task_lock(task); -+ err = __ptrace_may_access(task, mode, 1); - task_unlock(task); - return !err; - } -@@ -262,7 +280,7 @@ static int ptrace_attach(struct task_struct *task, long request, - goto out; - - task_lock(task); -- retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH); -+ retval = __ptrace_may_access(task, PTRACE_MODE_ATTACH, 1); - task_unlock(task); - if (retval) - goto unlock_creds; -@@ -277,7 +295,7 @@ static int ptrace_attach(struct task_struct *task, long request, +@@ -285,7 +285,7 @@ static int ptrace_attach(struct task_struct *task, long request, task->ptrace = PT_PTRACED; if (seize) task->ptrace |= PT_SEIZED; -- if (task_ns_capable(task, CAP_SYS_PTRACE)) -+ if (task_ns_capable_nolog(task, CAP_SYS_PTRACE)) +- if (ns_capable(task_user_ns(task), CAP_SYS_PTRACE)) ++ if (ns_capable_nolog(task_user_ns(task), CAP_SYS_PTRACE)) task->ptrace |= PT_PTRACE_CAP; __ptrace_link(task, current); -@@ -483,7 +501,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst +@@ -491,7 +491,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst break; return -EIO; } @@ -68407,7 +66879,7 @@ index 78ab24a..332c915 100644 return -EFAULT; copied += retval; src += retval; -@@ -680,7 +698,7 @@ int ptrace_request(struct task_struct *child, long request, +@@ -688,7 +688,7 @@ int ptrace_request(struct task_struct *child, long request, bool seized = child->ptrace & PT_SEIZED; int ret = -EIO; siginfo_t siginfo, *si; @@ -68416,7 +66888,7 @@ index 78ab24a..332c915 100644 unsigned long __user *datalp = datavp; unsigned long flags; -@@ -882,14 +900,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, +@@ -890,14 +890,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, goto out; } @@ -68439,7 +66911,7 @@ index 78ab24a..332c915 100644 goto out_put_task_struct; } -@@ -915,7 +940,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, +@@ -923,7 +930,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0); if (copied != sizeof(tmp)) return -EIO; @@ -68448,7 +66920,7 @@ index 78ab24a..332c915 100644 } int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, -@@ -1025,14 +1050,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, +@@ -1033,14 +1040,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, goto out; } @@ -68472,7 +66944,7 @@ index 78ab24a..332c915 100644 } diff --git a/kernel/rcutiny.c b/kernel/rcutiny.c -index 636af6d..8af70ab 100644 +index 977296d..c4744dc 100644 --- a/kernel/rcutiny.c +++ b/kernel/rcutiny.c @@ -46,7 +46,7 @@ @@ -68484,8 +66956,8 @@ index 636af6d..8af70ab 100644 static void __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu), struct rcu_ctrlblk *rcp); -@@ -186,7 +186,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp) - RCU_TRACE(trace_rcu_batch_end(rcp->name, cb_count)); +@@ -297,7 +297,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp) + rcu_is_callbacks_kthread())); } -static void rcu_process_callbacks(struct softirq_action *unused) @@ -68493,11 +66965,24 @@ index 636af6d..8af70ab 100644 { __rcu_process_callbacks(&rcu_sched_ctrlblk); __rcu_process_callbacks(&rcu_bh_ctrlblk); +diff --git a/kernel/rcutiny_plugin.h b/kernel/rcutiny_plugin.h +index 9cb1ae4..aac7d3e 100644 +--- a/kernel/rcutiny_plugin.h ++++ b/kernel/rcutiny_plugin.h +@@ -920,7 +920,7 @@ static int rcu_kthread(void *arg) + have_rcu_kthread_work = morework; + local_irq_restore(flags); + if (work) +- rcu_process_callbacks(NULL); ++ rcu_process_callbacks(); + schedule_timeout_interruptible(1); /* Leave CPU for others. */ + } + diff --git a/kernel/rcutorture.c b/kernel/rcutorture.c -index 764825c..3aa6ac4 100644 +index a58ac28..196a3d8 100644 --- a/kernel/rcutorture.c +++ b/kernel/rcutorture.c -@@ -138,12 +138,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_count) = +@@ -148,12 +148,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_count) = { 0 }; static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_batch) = { 0 }; @@ -68516,7 +67001,7 @@ index 764825c..3aa6ac4 100644 static long n_rcu_torture_boost_ktrerror; static long n_rcu_torture_boost_rterror; static long n_rcu_torture_boost_failure; -@@ -223,11 +223,11 @@ rcu_torture_alloc(void) +@@ -243,11 +243,11 @@ rcu_torture_alloc(void) spin_lock_bh(&rcu_torture_lock); if (list_empty(&rcu_torture_freelist)) { @@ -68530,7 +67015,7 @@ index 764825c..3aa6ac4 100644 p = rcu_torture_freelist.next; list_del_init(p); spin_unlock_bh(&rcu_torture_lock); -@@ -240,7 +240,7 @@ rcu_torture_alloc(void) +@@ -260,7 +260,7 @@ rcu_torture_alloc(void) static void rcu_torture_free(struct rcu_torture *p) { @@ -68539,7 +67024,7 @@ index 764825c..3aa6ac4 100644 spin_lock_bh(&rcu_torture_lock); list_add_tail(&p->rtort_free, &rcu_torture_freelist); spin_unlock_bh(&rcu_torture_lock); -@@ -360,7 +360,7 @@ rcu_torture_cb(struct rcu_head *p) +@@ -380,7 +380,7 @@ rcu_torture_cb(struct rcu_head *p) i = rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i = RCU_TORTURE_PIPE_LEN; @@ -68548,7 +67033,7 @@ index 764825c..3aa6ac4 100644 if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) { rp->rtort_mbtest = 0; rcu_torture_free(rp); -@@ -407,7 +407,7 @@ static void rcu_sync_torture_deferred_free(struct rcu_torture *p) +@@ -427,7 +427,7 @@ static void rcu_sync_torture_deferred_free(struct rcu_torture *p) i = rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i = RCU_TORTURE_PIPE_LEN; @@ -68557,7 +67042,7 @@ index 764825c..3aa6ac4 100644 if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) { rp->rtort_mbtest = 0; list_del(&rp->rtort_free); -@@ -872,7 +872,7 @@ rcu_torture_writer(void *arg) +@@ -916,7 +916,7 @@ rcu_torture_writer(void *arg) i = old_rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i = RCU_TORTURE_PIPE_LEN; @@ -68566,7 +67051,7 @@ index 764825c..3aa6ac4 100644 old_rp->rtort_pipe_count++; cur_ops->deferred_free(old_rp); } -@@ -940,7 +940,7 @@ static void rcu_torture_timer(unsigned long unused) +@@ -997,7 +997,7 @@ static void rcu_torture_timer(unsigned long unused) return; } if (p->rtort_mbtest == 0) @@ -68575,7 +67060,7 @@ index 764825c..3aa6ac4 100644 spin_lock(&rand_lock); cur_ops->read_delay(&rand); n_rcu_torture_timers++; -@@ -1001,7 +1001,7 @@ rcu_torture_reader(void *arg) +@@ -1061,7 +1061,7 @@ rcu_torture_reader(void *arg) continue; } if (p->rtort_mbtest == 0) @@ -68584,7 +67069,7 @@ index 764825c..3aa6ac4 100644 cur_ops->read_delay(&rand); preempt_disable(); pipe_count = p->rtort_pipe_count; -@@ -1060,16 +1060,16 @@ rcu_torture_printk(char *page) +@@ -1123,10 +1123,10 @@ rcu_torture_printk(char *page) rcu_torture_current, rcu_torture_current_version, list_empty(&rcu_torture_freelist), @@ -68599,14 +67084,16 @@ index 764825c..3aa6ac4 100644 n_rcu_torture_boost_ktrerror, n_rcu_torture_boost_rterror, n_rcu_torture_boost_failure, - n_rcu_torture_boosts, - n_rcu_torture_timers); +@@ -1136,7 +1136,7 @@ rcu_torture_printk(char *page) + n_online_attempts, + n_offline_successes, + n_offline_attempts); - if (atomic_read(&n_rcu_torture_mberror) != 0 || + if (atomic_read_unchecked(&n_rcu_torture_mberror) != 0 || n_rcu_torture_boost_ktrerror != 0 || n_rcu_torture_boost_rterror != 0 || n_rcu_torture_boost_failure != 0) -@@ -1077,7 +1077,7 @@ rcu_torture_printk(char *page) +@@ -1144,7 +1144,7 @@ rcu_torture_printk(char *page) cnt += sprintf(&page[cnt], "\n%s%s ", torture_type, TORTURE_FLAG); if (i > 1) { cnt += sprintf(&page[cnt], "!!! "); @@ -68615,7 +67102,7 @@ index 764825c..3aa6ac4 100644 WARN_ON_ONCE(1); } cnt += sprintf(&page[cnt], "Reader Pipe: "); -@@ -1091,7 +1091,7 @@ rcu_torture_printk(char *page) +@@ -1158,7 +1158,7 @@ rcu_torture_printk(char *page) cnt += sprintf(&page[cnt], "Free-Block Circulation: "); for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { cnt += sprintf(&page[cnt], " %d", @@ -68624,7 +67111,7 @@ index 764825c..3aa6ac4 100644 } cnt += sprintf(&page[cnt], "\n"); if (cur_ops->stats) -@@ -1401,7 +1401,7 @@ rcu_torture_cleanup(void) +@@ -1600,7 +1600,7 @@ rcu_torture_cleanup(void) if (cur_ops->cleanup) cur_ops->cleanup(); @@ -68633,7 +67120,7 @@ index 764825c..3aa6ac4 100644 rcu_torture_print_module_parms(cur_ops, "End of test: FAILURE"); else rcu_torture_print_module_parms(cur_ops, "End of test: SUCCESS"); -@@ -1465,17 +1465,17 @@ rcu_torture_init(void) +@@ -1664,17 +1664,17 @@ rcu_torture_init(void) rcu_torture_current = NULL; rcu_torture_current_version = 0; @@ -68658,11 +67145,11 @@ index 764825c..3aa6ac4 100644 for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { per_cpu(rcu_torture_count, cpu)[i] = 0; diff --git a/kernel/rcutree.c b/kernel/rcutree.c -index 6b76d81..7afc1b3 100644 +index 6c4a672..70f3202 100644 --- a/kernel/rcutree.c +++ b/kernel/rcutree.c -@@ -367,9 +367,9 @@ void rcu_enter_nohz(void) - trace_rcu_dyntick("Start"); +@@ -363,9 +363,9 @@ static void rcu_idle_enter_common(struct rcu_dynticks *rdtp, long long oldval) + rcu_prepare_for_idle(smp_processor_id()); /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */ smp_mb__before_atomic_inc(); /* See above. */ - atomic_inc(&rdtp->dynticks); @@ -68670,12 +67157,12 @@ index 6b76d81..7afc1b3 100644 smp_mb__after_atomic_inc(); /* Force ordering with next sojourn. */ - WARN_ON_ONCE(atomic_read(&rdtp->dynticks) & 0x1); + WARN_ON_ONCE(atomic_read_unchecked(&rdtp->dynticks) & 0x1); - local_irq_restore(flags); } -@@ -391,10 +391,10 @@ void rcu_exit_nohz(void) - return; - } + /** +@@ -438,10 +438,10 @@ void rcu_irq_exit(void) + static void rcu_idle_exit_common(struct rcu_dynticks *rdtp, long long oldval) + { smp_mb__before_atomic_inc(); /* Force ordering w/previous sojourn. */ - atomic_inc(&rdtp->dynticks); + atomic_inc_unchecked(&rdtp->dynticks); @@ -68683,10 +67170,10 @@ index 6b76d81..7afc1b3 100644 smp_mb__after_atomic_inc(); /* See above. */ - WARN_ON_ONCE(!(atomic_read(&rdtp->dynticks) & 0x1)); + WARN_ON_ONCE(!(atomic_read_unchecked(&rdtp->dynticks) & 0x1)); - trace_rcu_dyntick("End"); - local_irq_restore(flags); - } -@@ -411,14 +411,14 @@ void rcu_nmi_enter(void) + rcu_cleanup_after_idle(smp_processor_id()); + trace_rcu_dyntick("End", oldval, rdtp->dynticks_nesting); + if (!is_idle_task(current)) { +@@ -531,14 +531,14 @@ void rcu_nmi_enter(void) struct rcu_dynticks *rdtp = &__get_cpu_var(rcu_dynticks); if (rdtp->dynticks_nmi_nesting == 0 && @@ -68704,7 +67191,7 @@ index 6b76d81..7afc1b3 100644 } /** -@@ -437,9 +437,9 @@ void rcu_nmi_exit(void) +@@ -557,9 +557,9 @@ void rcu_nmi_exit(void) return; /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */ smp_mb__before_atomic_inc(); /* See above. */ @@ -68715,17 +67202,26 @@ index 6b76d81..7afc1b3 100644 + WARN_ON_ONCE(atomic_read_unchecked(&rdtp->dynticks) & 0x1); } - /** -@@ -474,7 +474,7 @@ void rcu_irq_exit(void) + #ifdef CONFIG_PROVE_RCU +@@ -575,7 +575,7 @@ int rcu_is_cpu_idle(void) + int ret; + + preempt_disable(); +- ret = (atomic_read(&__get_cpu_var(rcu_dynticks).dynticks) & 0x1) == 0; ++ ret = (atomic_read_unchecked(&__get_cpu_var(rcu_dynticks).dynticks) & 0x1) == 0; + preempt_enable(); + return ret; + } +@@ -604,7 +604,7 @@ int rcu_is_cpu_rrupt_from_idle(void) */ static int dyntick_save_progress_counter(struct rcu_data *rdp) { - rdp->dynticks_snap = atomic_add_return(0, &rdp->dynticks->dynticks); + rdp->dynticks_snap = atomic_add_return_unchecked(0, &rdp->dynticks->dynticks); - return 0; + return (rdp->dynticks_snap & 0x1) == 0; } -@@ -489,7 +489,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp) +@@ -619,7 +619,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp) unsigned int curr; unsigned int snap; @@ -68734,7 +67230,7 @@ index 6b76d81..7afc1b3 100644 snap = (unsigned int)rdp->dynticks_snap; /* -@@ -1552,7 +1552,7 @@ __rcu_process_callbacks(struct rcu_state *rsp, struct rcu_data *rdp) +@@ -1667,7 +1667,7 @@ __rcu_process_callbacks(struct rcu_state *rsp, struct rcu_data *rdp) /* * Do RCU core processing for the current CPU. */ @@ -68743,24 +67239,44 @@ index 6b76d81..7afc1b3 100644 { trace_rcu_utilization("Start RCU core"); __rcu_process_callbacks(&rcu_sched_state, +@@ -2030,7 +2030,7 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp) + rdp->qlen = 0; + rdp->dynticks = &per_cpu(rcu_dynticks, cpu); + WARN_ON_ONCE(rdp->dynticks->dynticks_nesting != DYNTICK_TASK_NESTING); +- WARN_ON_ONCE(atomic_read(&rdp->dynticks->dynticks) != 1); ++ WARN_ON_ONCE(atomic_read_unchecked(&rdp->dynticks->dynticks) != 1); + rdp->cpu = cpu; + rdp->rsp = rsp; + raw_spin_unlock_irqrestore(&rnp->lock, flags); +@@ -2058,8 +2058,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible) + rdp->n_force_qs_snap = rsp->n_force_qs; + rdp->blimit = blimit; + rdp->dynticks->dynticks_nesting = DYNTICK_TASK_NESTING; +- atomic_set(&rdp->dynticks->dynticks, +- (atomic_read(&rdp->dynticks->dynticks) & ~0x1) + 1); ++ atomic_set_unchecked(&rdp->dynticks->dynticks, ++ (atomic_read_unchecked(&rdp->dynticks->dynticks) & ~0x1) + 1); + rcu_prepare_for_idle_init(cpu); + raw_spin_unlock(&rnp->lock); /* irqs remain disabled. */ + diff --git a/kernel/rcutree.h b/kernel/rcutree.h -index 849ce9e..74bc9de 100644 +index fddff92..2c08359 100644 --- a/kernel/rcutree.h +++ b/kernel/rcutree.h -@@ -86,7 +86,7 @@ - struct rcu_dynticks { - int dynticks_nesting; /* Track irq/process nesting level. */ - int dynticks_nmi_nesting; /* Track NMI nesting level. */ -- atomic_t dynticks; /* Even value for dynticks-idle, else odd. */ -+ atomic_unchecked_t dynticks; /* Even value for dynticks-idle, else odd. */ +@@ -87,7 +87,7 @@ struct rcu_dynticks { + long long dynticks_nesting; /* Track irq/process nesting level. */ + /* Process level is worth LLONG_MAX/2. */ + int dynticks_nmi_nesting; /* Track NMI nesting level. */ +- atomic_t dynticks; /* Even value for idle, else odd. */ ++ atomic_unchecked_t dynticks;/* Even value for idle, else odd. */ }; /* RCU's kthread states for tracing. */ diff --git a/kernel/rcutree_plugin.h b/kernel/rcutree_plugin.h -index 4b9b9f8..2326053 100644 +index 8bb35d7..6ea0a463 100644 --- a/kernel/rcutree_plugin.h +++ b/kernel/rcutree_plugin.h -@@ -842,7 +842,7 @@ void synchronize_rcu_expedited(void) +@@ -850,7 +850,7 @@ void synchronize_rcu_expedited(void) /* Clean up and exit. */ smp_mb(); /* ensure expedited GP seen before counter increment. */ @@ -68769,7 +67285,7 @@ index 4b9b9f8..2326053 100644 unlock_mb_ret: mutex_unlock(&sync_rcu_preempt_exp_mutex); mb_ret: -@@ -1815,8 +1815,8 @@ EXPORT_SYMBOL_GPL(synchronize_sched_expedited); +@@ -1833,8 +1833,8 @@ EXPORT_SYMBOL_GPL(synchronize_sched_expedited); #else /* #ifndef CONFIG_SMP */ @@ -68780,7 +67296,7 @@ index 4b9b9f8..2326053 100644 static int synchronize_sched_expedited_cpu_stop(void *data) { -@@ -1871,7 +1871,7 @@ void synchronize_sched_expedited(void) +@@ -1889,7 +1889,7 @@ void synchronize_sched_expedited(void) int firstsnap, s, snap, trycount = 0; /* Note that atomic_inc_return() implies full memory barrier. */ @@ -68789,7 +67305,7 @@ index 4b9b9f8..2326053 100644 get_online_cpus(); /* -@@ -1892,7 +1892,7 @@ void synchronize_sched_expedited(void) +@@ -1910,7 +1910,7 @@ void synchronize_sched_expedited(void) } /* Check to see if someone else did our work for us. */ @@ -68798,16 +67314,16 @@ index 4b9b9f8..2326053 100644 if (UINT_CMP_GE((unsigned)s, (unsigned)firstsnap)) { smp_mb(); /* ensure test happens before caller kfree */ return; -@@ -1907,7 +1907,7 @@ void synchronize_sched_expedited(void) +@@ -1925,7 +1925,7 @@ void synchronize_sched_expedited(void) * grace period works for us. */ get_online_cpus(); -- snap = atomic_read(&sync_sched_expedited_started) - 1; -+ snap = atomic_read_unchecked(&sync_sched_expedited_started) - 1; +- snap = atomic_read(&sync_sched_expedited_started); ++ snap = atomic_read_unchecked(&sync_sched_expedited_started); smp_mb(); /* ensure read is before try_stop_cpus(). */ } -@@ -1918,12 +1918,12 @@ void synchronize_sched_expedited(void) +@@ -1936,12 +1936,12 @@ void synchronize_sched_expedited(void) * than we did beat us to the punch. */ do { @@ -68822,32 +67338,23 @@ index 4b9b9f8..2326053 100644 put_online_cpus(); } -@@ -1985,7 +1985,7 @@ int rcu_needs_cpu(int cpu) - for_each_online_cpu(thatcpu) { - if (thatcpu == cpu) - continue; -- snap = atomic_add_return(0, &per_cpu(rcu_dynticks, -+ snap = atomic_add_return_unchecked(0, &per_cpu(rcu_dynticks, - thatcpu).dynticks); - smp_mb(); /* Order sampling of snap with end of grace period. */ - if ((snap & 0x1) != 0) { diff --git a/kernel/rcutree_trace.c b/kernel/rcutree_trace.c -index 9feffa4..54058df 100644 +index 654cfe6..c0b28e2 100644 --- a/kernel/rcutree_trace.c +++ b/kernel/rcutree_trace.c -@@ -69,7 +69,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp) +@@ -68,7 +68,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp) + rdp->passed_quiesce, rdp->passed_quiesce_gpnum, rdp->qs_pending); - #ifdef CONFIG_NO_HZ - seq_printf(m, " dt=%d/%d/%d df=%lu", + seq_printf(m, " dt=%d/%llx/%d df=%lu", - atomic_read(&rdp->dynticks->dynticks), + atomic_read_unchecked(&rdp->dynticks->dynticks), rdp->dynticks->dynticks_nesting, rdp->dynticks->dynticks_nmi_nesting, rdp->dynticks_fqs); -@@ -143,7 +143,7 @@ static void print_one_rcu_data_csv(struct seq_file *m, struct rcu_data *rdp) +@@ -140,7 +140,7 @@ static void print_one_rcu_data_csv(struct seq_file *m, struct rcu_data *rdp) + rdp->passed_quiesce, rdp->passed_quiesce_gpnum, rdp->qs_pending); - #ifdef CONFIG_NO_HZ - seq_printf(m, ",%d,%d,%d,%lu", + seq_printf(m, ",%d,%llx,%d,%lu", - atomic_read(&rdp->dynticks->dynticks), + atomic_read_unchecked(&rdp->dynticks->dynticks), rdp->dynticks->dynticks_nesting, @@ -68877,7 +67384,7 @@ index 7640b3a..5879283 100644 } __initcall(ioresources_init); diff --git a/kernel/rtmutex-tester.c b/kernel/rtmutex-tester.c -index 3d9f31c..7fefc9e 100644 +index 98ec494..4241d6d 100644 --- a/kernel/rtmutex-tester.c +++ b/kernel/rtmutex-tester.c @@ -20,7 +20,7 @@ @@ -68970,11 +67477,33 @@ index 3d9f31c..7fefc9e 100644 return; default: -diff --git a/kernel/sched.c b/kernel/sched.c -index d6b149c..896cbb8 100644 ---- a/kernel/sched.c -+++ b/kernel/sched.c -@@ -4389,6 +4389,19 @@ pick_next_task(struct rq *rq) +diff --git a/kernel/sched/auto_group.c b/kernel/sched/auto_group.c +index e8a1f83..363d17d 100644 +--- a/kernel/sched/auto_group.c ++++ b/kernel/sched/auto_group.c +@@ -11,7 +11,7 @@ + + unsigned int __read_mostly sysctl_sched_autogroup_enabled = 1; + static struct autogroup autogroup_default; +-static atomic_t autogroup_seq_nr; ++static atomic_unchecked_t autogroup_seq_nr; + + void __init autogroup_init(struct task_struct *init_task) + { +@@ -78,7 +78,7 @@ static inline struct autogroup *autogroup_create(void) + + kref_init(&ag->kref); + init_rwsem(&ag->lock); +- ag->id = atomic_inc_return(&autogroup_seq_nr); ++ ag->id = atomic_inc_return_unchecked(&autogroup_seq_nr); + ag->tg = tg; + #ifdef CONFIG_RT_GROUP_SCHED + /* +diff --git a/kernel/sched/core.c b/kernel/sched/core.c +index b342f57..00324a0 100644 +--- a/kernel/sched/core.c ++++ b/kernel/sched/core.c +@@ -3143,6 +3143,19 @@ pick_next_task(struct rq *rq) BUG(); /* the idle class will always have a runnable task */ } @@ -68994,7 +67523,7 @@ index d6b149c..896cbb8 100644 /* * __schedule() is the main scheduler function. */ -@@ -4408,6 +4421,8 @@ need_resched: +@@ -3162,6 +3175,8 @@ need_resched: schedule_debug(prev); @@ -69003,7 +67532,7 @@ index d6b149c..896cbb8 100644 if (sched_feat(HRTICK)) hrtick_clear(rq); -@@ -5098,6 +5113,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -3852,6 +3867,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = 20 - nice; @@ -69012,7 +67541,7 @@ index d6b149c..896cbb8 100644 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -5131,7 +5148,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -3885,7 +3902,8 @@ SYSCALL_DEFINE1(nice, int, increment) if (nice > 19) nice = 19; @@ -69022,7 +67551,7 @@ index d6b149c..896cbb8 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -5288,6 +5306,7 @@ recheck: +@@ -4042,6 +4060,7 @@ recheck: unsigned long rlim_rtprio = task_rlimit(p, RLIMIT_RTPRIO); @@ -69030,33 +67559,11 @@ index d6b149c..896cbb8 100644 /* can't set/change the rt policy */ if (policy != p->policy && !rlim_rtprio) return -EPERM; -diff --git a/kernel/sched_autogroup.c b/kernel/sched_autogroup.c -index 429242f..d7cca82 100644 ---- a/kernel/sched_autogroup.c -+++ b/kernel/sched_autogroup.c -@@ -7,7 +7,7 @@ - - unsigned int __read_mostly sysctl_sched_autogroup_enabled = 1; - static struct autogroup autogroup_default; --static atomic_t autogroup_seq_nr; -+static atomic_unchecked_t autogroup_seq_nr; - - static void __init autogroup_init(struct task_struct *init_task) - { -@@ -78,7 +78,7 @@ static inline struct autogroup *autogroup_create(void) - - kref_init(&ag->kref); - init_rwsem(&ag->lock); -- ag->id = atomic_inc_return(&autogroup_seq_nr); -+ ag->id = atomic_inc_return_unchecked(&autogroup_seq_nr); - ag->tg = tg; - #ifdef CONFIG_RT_GROUP_SCHED - /* -diff --git a/kernel/sched_fair.c b/kernel/sched_fair.c -index 8a39fa3..34f3dbc 100644 ---- a/kernel/sched_fair.c -+++ b/kernel/sched_fair.c -@@ -4801,7 +4801,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } +diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c +index aca16b8..8e3acc4 100644 +--- a/kernel/sched/fair.c ++++ b/kernel/sched/fair.c +@@ -5147,7 +5147,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } * run_rebalance_domains is triggered when needed from the scheduler tick. * Also triggered for nohz idle balancing (with nohz_balancing_kick set). */ @@ -69066,10 +67573,10 @@ index 8a39fa3..34f3dbc 100644 int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); diff --git a/kernel/signal.c b/kernel/signal.c -index 2065515..aed2987 100644 +index c73c428..7040057 100644 --- a/kernel/signal.c +++ b/kernel/signal.c -@@ -45,12 +45,12 @@ static struct kmem_cache *sigqueue_cachep; +@@ -46,12 +46,12 @@ static struct kmem_cache *sigqueue_cachep; int print_fatal_signals __read_mostly; @@ -69084,7 +67591,7 @@ index 2065515..aed2987 100644 { /* Is it explicitly or implicitly ignored? */ return handler == SIG_IGN || -@@ -60,7 +60,7 @@ static int sig_handler_ignored(void __user *handler, int sig) +@@ -61,7 +61,7 @@ static int sig_handler_ignored(void __user *handler, int sig) static int sig_task_ignored(struct task_struct *t, int sig, int from_ancestor_ns) { @@ -69093,7 +67600,7 @@ index 2065515..aed2987 100644 handler = sig_handler(t, sig); -@@ -364,6 +364,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi +@@ -365,6 +365,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi atomic_inc(&user->sigpending); rcu_read_unlock(); @@ -69103,7 +67610,7 @@ index 2065515..aed2987 100644 if (override_rlimit || atomic_read(&user->sigpending) <= task_rlimit(t, RLIMIT_SIGPENDING)) { -@@ -488,7 +491,7 @@ flush_signal_handlers(struct task_struct *t, int force_default) +@@ -489,7 +492,7 @@ flush_signal_handlers(struct task_struct *t, int force_default) int unhandled_signal(struct task_struct *tsk, int sig) { @@ -69112,7 +67619,7 @@ index 2065515..aed2987 100644 if (is_global_init(tsk)) return 1; if (handler != SIG_IGN && handler != SIG_DFL) -@@ -815,6 +818,13 @@ static int check_kill_permission(int sig, struct siginfo *info, +@@ -816,6 +819,13 @@ static int check_kill_permission(int sig, struct siginfo *info, } } @@ -69126,7 +67633,7 @@ index 2065515..aed2987 100644 return security_task_kill(t, info, sig, 0); } -@@ -1165,7 +1175,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) +@@ -1197,7 +1207,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) return send_signal(sig, info, p, 1); } @@ -69135,7 +67642,7 @@ index 2065515..aed2987 100644 specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t) { return send_signal(sig, info, t, 0); -@@ -1202,6 +1212,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) +@@ -1234,6 +1244,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) unsigned long int flags; int ret, blocked, ignored; struct k_sigaction *action; @@ -69143,7 +67650,7 @@ index 2065515..aed2987 100644 spin_lock_irqsave(&t->sighand->siglock, flags); action = &t->sighand->action[sig-1]; -@@ -1216,9 +1227,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) +@@ -1248,9 +1259,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) } if (action->sa.sa_handler == SIG_DFL) t->signal->flags &= ~SIGNAL_UNKILLABLE; @@ -69162,7 +67669,7 @@ index 2065515..aed2987 100644 return ret; } -@@ -1285,8 +1305,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) +@@ -1317,8 +1337,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) ret = check_kill_permission(sig, info, p); rcu_read_unlock(); @@ -69175,7 +67682,7 @@ index 2065515..aed2987 100644 return ret; } -@@ -2754,7 +2777,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) +@@ -2820,7 +2843,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) int error = -ESRCH; rcu_read_lock(); @@ -69224,7 +67731,7 @@ index db197d6..17aef0b 100644 raw_spin_unlock_irq(&call_function.lock); } diff --git a/kernel/softirq.c b/kernel/softirq.c -index 2c71d91..1021f81 100644 +index 4eb3a0f..6f1fa81 100644 --- a/kernel/softirq.c +++ b/kernel/softirq.c @@ -56,7 +56,7 @@ static struct softirq_action softirq_vec[NR_SOFTIRQS] __cacheline_aligned_in_smp @@ -69278,7 +67785,7 @@ index 2c71d91..1021f81 100644 struct tasklet_struct *list; diff --git a/kernel/sys.c b/kernel/sys.c -index 481611f..0754d86 100644 +index 888d227..f04b318 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -158,6 +158,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) @@ -69439,7 +67946,7 @@ index 481611f..0754d86 100644 __OLD_UTS_LEN); error |= __put_user(0, name->machine + __OLD_UTS_LEN); up_read(&uts_sem); -@@ -1720,7 +1759,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, +@@ -1838,7 +1877,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, error = get_dumpable(me->mm); break; case PR_SET_DUMPABLE: @@ -69449,7 +67956,7 @@ index 481611f..0754d86 100644 break; } diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index ae27196..7506d69 100644 +index f487f25..9056a9e 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -86,6 +86,13 @@ @@ -69549,7 +68056,7 @@ index ae27196..7506d69 100644 { .procname = "ngroups_max", .data = &ngroups_max, -@@ -1216,6 +1258,13 @@ static struct ctl_table vm_table[] = { +@@ -1225,6 +1267,13 @@ static struct ctl_table vm_table[] = { .proc_handler = proc_dointvec_minmax, .extra1 = &zero, }, @@ -69563,7 +68070,7 @@ index ae27196..7506d69 100644 #else { .procname = "nr_trim_pages", -@@ -1720,6 +1769,17 @@ static int test_perm(int mode, int op) +@@ -1729,6 +1778,17 @@ static int test_perm(int mode, int op) int sysctl_perm(struct ctl_table_root *root, struct ctl_table *table, int op) { int mode; @@ -69581,7 +68088,7 @@ index ae27196..7506d69 100644 if (root->permissions) mode = root->permissions(root, current->nsproxy, table); -@@ -2124,6 +2184,16 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -2133,6 +2193,16 @@ int proc_dostring(struct ctl_table *table, int write, buffer, lenp, ppos); } @@ -69598,7 +68105,7 @@ index ae27196..7506d69 100644 static size_t proc_skip_spaces(char **buf) { size_t ret; -@@ -2229,6 +2299,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, +@@ -2238,6 +2308,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, len = strlen(tmp); if (len > *size) len = *size; @@ -69607,7 +68114,7 @@ index ae27196..7506d69 100644 if (copy_to_user(*buf, tmp, len)) return -EFAULT; *size -= len; -@@ -2545,8 +2617,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int +@@ -2554,8 +2626,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int *i = val; } else { val = convdiv * (*i) / convmul; @@ -69620,7 +68127,7 @@ index ae27196..7506d69 100644 err = proc_put_long(&buffer, &left, val, false); if (err) break; -@@ -2941,6 +3016,12 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -2950,6 +3025,12 @@ int proc_dostring(struct ctl_table *table, int write, return -ENOSYS; } @@ -69633,7 +68140,7 @@ index ae27196..7506d69 100644 int proc_dointvec(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -2997,6 +3078,7 @@ EXPORT_SYMBOL(proc_dointvec_minmax); +@@ -3006,6 +3087,7 @@ EXPORT_SYMBOL(proc_dointvec_minmax); EXPORT_SYMBOL(proc_dointvec_userhz_jiffies); EXPORT_SYMBOL(proc_dointvec_ms_jiffies); EXPORT_SYMBOL(proc_dostring); @@ -69790,7 +68297,7 @@ index fd4a7b1..fae5c2a 100644 cpumask_clear_cpu(cpu, tick_get_broadcast_mask()); tick_broadcast_clear_oneshot(cpu); diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c -index 2378413..be455fd 100644 +index 0c63581..e25dcb6 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -14,6 +14,7 @@ @@ -69928,10 +68435,10 @@ index 0b537f2..9e71eca 100644 return -ENOMEM; return 0; diff --git a/kernel/timer.c b/kernel/timer.c -index 9c3c62b..441690e 100644 +index a297ffc..5e16b0b 100644 --- a/kernel/timer.c +++ b/kernel/timer.c -@@ -1304,7 +1304,7 @@ void update_process_times(int user_tick) +@@ -1354,7 +1354,7 @@ void update_process_times(int user_tick) /* * This function runs timers and the timer-tq in bottom half context. */ @@ -69941,7 +68448,7 @@ index 9c3c62b..441690e 100644 struct tvec_base *base = __this_cpu_read(tvec_bases); diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c -index 16fc34a..efd8bb8 100644 +index cdea7b5..9b820d4 100644 --- a/kernel/trace/blktrace.c +++ b/kernel/trace/blktrace.c @@ -324,7 +324,7 @@ static ssize_t blk_dropped_read(struct file *filp, char __user *buffer, @@ -69972,10 +68479,10 @@ index 16fc34a..efd8bb8 100644 ret = -EIO; bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt, diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index 25b4f4d..6f4772d 100644 +index 683d559..d70d914 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c -@@ -1587,12 +1587,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) +@@ -1726,12 +1726,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) if (unlikely(ftrace_disabled)) return 0; @@ -69995,7 +68502,7 @@ index 25b4f4d..6f4772d 100644 } /* -@@ -2608,7 +2613,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp) +@@ -2843,7 +2848,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp) int register_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops, @@ -70005,10 +68512,10 @@ index 25b4f4d..6f4772d 100644 struct ftrace_func_probe *entry; struct ftrace_page *pg; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index f2bd275..adaf3a2 100644 +index a3f1bc5..5e651718 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c -@@ -4201,10 +4201,9 @@ static const struct file_operations tracing_dyn_info_fops = { +@@ -4254,10 +4254,9 @@ static const struct file_operations tracing_dyn_info_fops = { }; #endif @@ -70020,7 +68527,7 @@ index f2bd275..adaf3a2 100644 static int once; if (d_tracer) -@@ -4224,10 +4223,9 @@ struct dentry *tracing_init_dentry(void) +@@ -4277,10 +4276,9 @@ struct dentry *tracing_init_dentry(void) return d_tracer; } @@ -70163,7 +68670,7 @@ index fd3c8aa..5f324a6 100644 } entry = ring_buffer_event_data(event); diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c -index 5199930..26c73a0 100644 +index 0d6ff35..67e0ed7 100644 --- a/kernel/trace/trace_output.c +++ b/kernel/trace/trace_output.c @@ -278,7 +278,7 @@ int trace_seq_path(struct trace_seq *s, struct path *path) @@ -70176,10 +68683,10 @@ index 5199930..26c73a0 100644 s->len = p - s->buffer; return 1; diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c -index 77575b3..6e623d1 100644 +index d4545f4..a9010a1 100644 --- a/kernel/trace/trace_stack.c +++ b/kernel/trace/trace_stack.c -@@ -50,7 +50,7 @@ static inline void check_stack(void) +@@ -53,7 +53,7 @@ static inline void check_stack(void) return; /* we do not handle interrupt stacks yet */ @@ -70220,7 +68727,7 @@ index 209b379..7f76423 100644 put_task_struct(tsk); } diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug -index 82928f5..92da771 100644 +index 8745ac7..d144e37 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1103,6 +1103,7 @@ config LATENCYTOP @@ -70272,7 +68779,7 @@ index 0d4a127..33a06c7 100644 } EXPORT_SYMBOL(bitmap_parselist_user); diff --git a/lib/bug.c b/lib/bug.c -index 1955209..cbbb2ad 100644 +index a28c141..2bd3d95 100644 --- a/lib/bug.c +++ b/lib/bug.c @@ -133,6 +133,8 @@ enum bug_trap_type report_bug(unsigned long bugaddr, struct pt_regs *regs) @@ -70285,10 +68792,10 @@ index 1955209..cbbb2ad 100644 file = NULL; line = 0; diff --git a/lib/debugobjects.c b/lib/debugobjects.c -index a78b7c6..2c73084 100644 +index 0ab9ae8..f01ceca 100644 --- a/lib/debugobjects.c +++ b/lib/debugobjects.c -@@ -284,7 +284,7 @@ static void debug_object_is_on_stack(void *addr, int onstack) +@@ -288,7 +288,7 @@ static void debug_object_is_on_stack(void *addr, int onstack) if (limit > 4) return; @@ -70298,7 +68805,7 @@ index a78b7c6..2c73084 100644 return; diff --git a/lib/devres.c b/lib/devres.c -index 7c0e953..f642b5c 100644 +index 9676617..5149e15 100644 --- a/lib/devres.c +++ b/lib/devres.c @@ -80,7 +80,7 @@ EXPORT_SYMBOL(devm_ioremap_nocache); @@ -70310,7 +68817,7 @@ index 7c0e953..f642b5c 100644 iounmap(addr); } EXPORT_SYMBOL(devm_iounmap); -@@ -141,7 +141,7 @@ void devm_ioport_unmap(struct device *dev, void __iomem *addr) +@@ -192,7 +192,7 @@ void devm_ioport_unmap(struct device *dev, void __iomem *addr) { ioport_unmap(addr); WARN_ON(devres_destroy(dev, devm_ioport_map_release, @@ -70382,24 +68889,11 @@ index bd2bea9..6b3c95e 100644 if (atomic_read(&task->signal->live) != 1) return false; -diff --git a/lib/kref.c b/lib/kref.c -index 3efb882..8492f4c 100644 ---- a/lib/kref.c -+++ b/lib/kref.c -@@ -52,7 +52,7 @@ void kref_get(struct kref *kref) - */ - int kref_put(struct kref *kref, void (*release)(struct kref *kref)) - { -- WARN_ON(release == NULL); -+ BUG_ON(release == NULL); - WARN_ON(release == (void (*)(struct kref *))kfree); - - if (atomic_dec_and_test(&kref->refcount)) { diff --git a/lib/radix-tree.c b/lib/radix-tree.c -index d9df745..e73c2fe 100644 +index dc63d08..95ae14a 100644 --- a/lib/radix-tree.c +++ b/lib/radix-tree.c -@@ -80,7 +80,7 @@ struct radix_tree_preload { +@@ -78,7 +78,7 @@ struct radix_tree_preload { int nr; struct radix_tree_node *nodes[RADIX_TREE_MAX_PATH]; }; @@ -70409,7 +68903,7 @@ index d9df745..e73c2fe 100644 static inline void *ptr_to_indirect(void *ptr) { diff --git a/lib/vsprintf.c b/lib/vsprintf.c -index 993599e..f1dbc14 100644 +index 38e612e..4fb99a8 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -16,6 +16,9 @@ @@ -70431,8 +68925,8 @@ index 993599e..f1dbc14 100644 sprint_symbol(sym, value); else kallsyms_lookup(value, NULL, NULL, NULL, sym); -@@ -777,7 +780,11 @@ char *uuid_string(char *buf, char *end, const u8 *addr, - return string(buf, end, uuid, spec); +@@ -789,7 +792,11 @@ char *netdev_feature_string(char *buf, char *end, const u8 *addr, + return number(buf, end, *(const netdev_features_t *)addr, spec); } +#ifdef CONFIG_GRKERNSEC_HIDESYM @@ -70443,7 +68937,7 @@ index 993599e..f1dbc14 100644 /* * Show a '%p' thing. A kernel extension is that the '%p' is followed -@@ -791,6 +798,8 @@ int kptr_restrict __read_mostly; +@@ -803,6 +810,8 @@ int kptr_restrict __read_mostly; * - 'S' For symbolic direct pointers with offset * - 's' For symbolic direct pointers without offset * - 'B' For backtraced symbolic direct pointers with offset @@ -70452,7 +68946,7 @@ index 993599e..f1dbc14 100644 * - 'R' For decoded struct resource, e.g., [mem 0x0-0x1f 64bit pref] * - 'r' For raw struct resource, e.g., [mem 0x0-0x1f flags 0x201] * - 'M' For a 6-byte MAC address, it prints the address in the -@@ -835,12 +844,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -848,12 +857,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, { if (!ptr && *fmt != 'K') { /* @@ -70467,7 +68961,7 @@ index 993599e..f1dbc14 100644 } switch (*fmt) { -@@ -850,6 +859,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -863,6 +872,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, /* Fallthrough */ case 'S': case 's': @@ -70481,26 +68975,7 @@ index 993599e..f1dbc14 100644 case 'B': return symbol_string(buf, end, ptr, spec, *fmt); case 'R': -@@ -878,9 +894,15 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, - case 'U': - return uuid_string(buf, end, ptr, spec, fmt); - case 'V': -- return buf + vsnprintf(buf, end > buf ? end - buf : 0, -- ((struct va_format *)ptr)->fmt, -- *(((struct va_format *)ptr)->va)); -+ { -+ va_list va; -+ -+ va_copy(va, *((struct va_format *)ptr)->va); -+ buf += vsnprintf(buf, end > buf ? end - buf : 0, -+ ((struct va_format *)ptr)->fmt, va); -+ va_end(va); -+ return buf; -+ } - case 'K': - /* - * %pK cannot be used in IRQ context because its test -@@ -1608,11 +1630,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) +@@ -1633,11 +1649,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) typeof(type) value; \ if (sizeof(type) == 8) { \ args = PTR_ALIGN(args, sizeof(u32)); \ @@ -70515,7 +68990,7 @@ index 993599e..f1dbc14 100644 } \ args += sizeof(type); \ value; \ -@@ -1675,7 +1697,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) +@@ -1700,7 +1716,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) case FORMAT_TYPE_STR: { const char *str_arg = args; args += strlen(str_arg) + 1; @@ -70532,10 +69007,10 @@ index 0000000..7cd6065 @@ -0,0 +1 @@ +-grsec diff --git a/mm/Kconfig b/mm/Kconfig -index 011b110..b492af2 100644 +index e338407..49b5b7a 100644 --- a/mm/Kconfig +++ b/mm/Kconfig -@@ -241,10 +241,10 @@ config KSM +@@ -247,10 +247,10 @@ config KSM root has set /sys/kernel/mm/ksm/run to 1 (if CONFIG_SYSFS is set). config DEFAULT_MMAP_MIN_ADDR @@ -70550,7 +69025,7 @@ index 011b110..b492af2 100644 from userspace allocation. Keeping a user from writing to low pages can help reduce the impact of kernel NULL pointer bugs. diff --git a/mm/filemap.c b/mm/filemap.c -index 03c5b0e..a01e793 100644 +index b662757..3081ddd 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -1770,7 +1770,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) @@ -70616,10 +69091,10 @@ index 57d82c6..e9e0552 100644 set_page_address(page, (void *)vaddr); diff --git a/mm/huge_memory.c b/mm/huge_memory.c -index 8f005e9..1cb1036 100644 +index 8f7fc39..69bf1e9 100644 --- a/mm/huge_memory.c +++ b/mm/huge_memory.c -@@ -704,7 +704,7 @@ out: +@@ -733,7 +733,7 @@ out: * run pte_offset_map on the pmd, if an huge pmd could * materialize from under us from a different thread. */ @@ -70629,10 +69104,10 @@ index 8f005e9..1cb1036 100644 /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 2316840..b418671 100644 +index a876871..132cde0 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -2347,6 +2347,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2346,6 +2346,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -70659,8 +69134,8 @@ index 2316840..b418671 100644 + /* * Hugetlb_cow() should be called with page lock of the original hugepage held. - */ -@@ -2450,6 +2471,11 @@ retry_avoidcopy: + * Called with hugetlb_instantiation_mutex held and pte_page locked so we +@@ -2459,6 +2480,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -70672,7 +69147,7 @@ index 2316840..b418671 100644 /* Make the old page be freed below */ new_page = old_page; mmu_notifier_invalidate_range_end(mm, -@@ -2601,6 +2627,10 @@ retry: +@@ -2613,6 +2639,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -70683,7 +69158,7 @@ index 2316840..b418671 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page); -@@ -2630,6 +2660,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2642,6 +2672,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -70691,10 +69166,10 @@ index 2316840..b418671 100644 + struct vm_area_struct *vma_m; +#endif + + address &= huge_page_mask(h); + ptep = huge_pte_offset(mm, address); - if (ptep) { - entry = huge_ptep_get(ptep); -@@ -2641,6 +2675,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2655,6 +2689,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(h - hstates); } @@ -70734,10 +69209,10 @@ index 2189af4..f2ca332 100644 #ifdef CONFIG_MEMORY_FAILURE extern bool is_free_buddy_page(struct page *page); diff --git a/mm/kmemleak.c b/mm/kmemleak.c -index f3b2a00..61da94d 100644 +index 45eb621..6ccd8ea 100644 --- a/mm/kmemleak.c +++ b/mm/kmemleak.c -@@ -357,7 +357,7 @@ static void print_unreferenced(struct seq_file *seq, +@@ -363,7 +363,7 @@ static void print_unreferenced(struct seq_file *seq, for (i = 0; i < object->trace_len; i++) { void *ptr = (void *)object->trace[i]; @@ -70849,7 +69324,7 @@ index 74bf193..feb6fd3 100644 if (end == start) goto out; diff --git a/mm/memory-failure.c b/mm/memory-failure.c -index 06d3479..0778eef 100644 +index 56080ea..115071e 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; @@ -70934,7 +69409,7 @@ index 06d3479..0778eef 100644 /* keep elevated page count for bad page */ return ret; diff --git a/mm/memory.c b/mm/memory.c -index 829d437..3d3926a 100644 +index fa2f04e..a8a40c8 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -457,8 +457,12 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -70963,7 +69438,7 @@ index 829d437..3d3926a 100644 } /* -@@ -1566,12 +1573,6 @@ no_page_table: +@@ -1585,12 +1592,6 @@ no_page_table: return page; } @@ -70976,7 +69451,7 @@ index 829d437..3d3926a 100644 /** * __get_user_pages() - pin user pages in memory * @tsk: task_struct of target task -@@ -1644,10 +1645,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1663,10 +1664,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE); i = 0; @@ -70989,7 +69464,7 @@ index 829d437..3d3926a 100644 if (!vma && in_gate_area(mm, start)) { unsigned long pg = start & PAGE_MASK; pgd_t *pgd; -@@ -1695,7 +1696,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1714,7 +1715,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, goto next_page; } @@ -70998,7 +69473,7 @@ index 829d437..3d3926a 100644 (vma->vm_flags & (VM_IO | VM_PFNMAP)) || !(vm_flags & vma->vm_flags)) return i ? : -EFAULT; -@@ -1722,11 +1723,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1741,11 +1742,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, int ret; unsigned int fault_flags = 0; @@ -71010,7 +69485,7 @@ index 829d437..3d3926a 100644 if (foll_flags & FOLL_WRITE) fault_flags |= FAULT_FLAG_WRITE; if (nonblocking) -@@ -1800,7 +1796,7 @@ next_page: +@@ -1819,7 +1815,7 @@ next_page: start += PAGE_SIZE; nr_pages--; } while (nr_pages && start < vma->vm_end); @@ -71019,7 +69494,7 @@ index 829d437..3d3926a 100644 return i; } EXPORT_SYMBOL(__get_user_pages); -@@ -2007,6 +2003,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, +@@ -2026,6 +2022,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, page_add_file_rmap(page); set_pte_at(mm, addr, pte, mk_pte(page, prot)); @@ -71030,7 +69505,7 @@ index 829d437..3d3926a 100644 retval = 0; pte_unmap_unlock(pte, ptl); return retval; -@@ -2041,10 +2041,22 @@ out: +@@ -2060,10 +2060,22 @@ out: int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, struct page *page) { @@ -71053,7 +69528,7 @@ index 829d437..3d3926a 100644 vma->vm_flags |= VM_INSERTPAGE; return insert_page(vma, addr, page, vma->vm_page_prot); } -@@ -2130,6 +2142,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, +@@ -2149,6 +2161,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, unsigned long pfn) { BUG_ON(!(vma->vm_flags & VM_MIXEDMAP)); @@ -71061,7 +69536,7 @@ index 829d437..3d3926a 100644 if (addr < vma->vm_start || addr >= vma->vm_end) return -EFAULT; -@@ -2445,6 +2458,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo +@@ -2464,6 +2477,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo copy_user_highpage(dst, src, va, vma); } @@ -71248,7 +69723,7 @@ index 829d437..3d3926a 100644 /* * This routine handles present pages, when users try to write * to a shared page. It is done by copying the page to a new address -@@ -2656,6 +2849,12 @@ gotten: +@@ -2675,6 +2868,12 @@ gotten: */ page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { @@ -71261,7 +69736,7 @@ index 829d437..3d3926a 100644 if (old_page) { if (!PageAnon(old_page)) { dec_mm_counter_fast(mm, MM_FILEPAGES); -@@ -2707,6 +2906,10 @@ gotten: +@@ -2726,6 +2925,10 @@ gotten: page_remove_rmap(old_page); } @@ -71272,7 +69747,7 @@ index 829d437..3d3926a 100644 /* Free the old page.. */ new_page = old_page; ret |= VM_FAULT_WRITE; -@@ -2986,6 +3189,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3005,6 +3208,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, swap_free(entry); if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) try_to_free_swap(page); @@ -71284,7 +69759,7 @@ index 829d437..3d3926a 100644 unlock_page(page); if (swapcache) { /* -@@ -3009,6 +3217,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3028,6 +3236,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -71296,7 +69771,7 @@ index 829d437..3d3926a 100644 unlock: pte_unmap_unlock(page_table, ptl); out: -@@ -3028,40 +3241,6 @@ out_release: +@@ -3047,40 +3260,6 @@ out_release: } /* @@ -71337,7 +69812,7 @@ index 829d437..3d3926a 100644 * We enter with non-exclusive mmap_sem (to exclude vma changes, * but allow concurrent faults), and pte mapped but not yet locked. * We return with mmap_sem still held, but pte unmapped and unlocked. -@@ -3070,27 +3249,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3089,27 +3268,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *page_table, pmd_t *pmd, unsigned int flags) { @@ -71370,7 +69845,7 @@ index 829d437..3d3926a 100644 if (unlikely(anon_vma_prepare(vma))) goto oom; page = alloc_zeroed_user_highpage_movable(vma, address); -@@ -3109,6 +3284,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3128,6 +3303,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, if (!pte_none(*page_table)) goto release; @@ -71382,7 +69857,7 @@ index 829d437..3d3926a 100644 inc_mm_counter_fast(mm, MM_ANONPAGES); page_add_new_anon_rmap(page, vma, address); setpte: -@@ -3116,6 +3296,12 @@ setpte: +@@ -3135,6 +3315,12 @@ setpte: /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -71395,7 +69870,7 @@ index 829d437..3d3926a 100644 unlock: pte_unmap_unlock(page_table, ptl); return 0; -@@ -3259,6 +3445,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3278,6 +3464,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, */ /* Only go through if we didn't race with anybody else... */ if (likely(pte_same(*page_table, orig_pte))) { @@ -71408,7 +69883,7 @@ index 829d437..3d3926a 100644 flush_icache_page(vma, page); entry = mk_pte(page, vma->vm_page_prot); if (flags & FAULT_FLAG_WRITE) -@@ -3278,6 +3470,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3297,6 +3489,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, /* no need to invalidate: a not-present page won't be cached */ update_mmu_cache(vma, address, page_table); @@ -71423,7 +69898,7 @@ index 829d437..3d3926a 100644 } else { if (cow_page) mem_cgroup_uncharge_page(cow_page); -@@ -3431,6 +3631,12 @@ int handle_pte_fault(struct mm_struct *mm, +@@ -3450,6 +3650,12 @@ int handle_pte_fault(struct mm_struct *mm, if (flags & FAULT_FLAG_WRITE) flush_tlb_fix_spurious_fault(vma, address); } @@ -71436,7 +69911,7 @@ index 829d437..3d3926a 100644 unlock: pte_unmap_unlock(pte, ptl); return 0; -@@ -3447,6 +3653,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3466,6 +3672,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, pmd_t *pmd; pte_t *pte; @@ -71447,7 +69922,7 @@ index 829d437..3d3926a 100644 __set_current_state(TASK_RUNNING); count_vm_event(PGFAULT); -@@ -3458,6 +3668,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3477,6 +3687,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, if (unlikely(is_vm_hugetlb_page(vma))) return hugetlb_fault(mm, vma, address, flags); @@ -71482,7 +69957,7 @@ index 829d437..3d3926a 100644 pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); if (!pud) -@@ -3487,7 +3725,7 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3506,7 +3744,7 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, * run pte_offset_map on the pmd, if an huge pmd could * materialize from under us from a different thread. */ @@ -71491,7 +69966,7 @@ index 829d437..3d3926a 100644 return VM_FAULT_OOM; /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) -@@ -3591,7 +3829,7 @@ static int __init gate_vma_init(void) +@@ -3610,7 +3848,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -71501,7 +69976,7 @@ index 829d437..3d3926a 100644 * Make sure the vDSO gets into every core dump. * Dumping its contents makes post-mortem fully interpretable later diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index c3fdbcb..2e8ef90 100644 +index 47296fe..5c3d263 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c @@ -640,6 +640,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, @@ -71512,10 +69987,10 @@ index c3fdbcb..2e8ef90 100644 + struct vm_area_struct *vma_m; +#endif + - vma = find_vma_prev(mm, start, &prev); + vma = find_vma(mm, start); if (!vma || vma->vm_start > start) return -EFAULT; -@@ -678,6 +682,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, +@@ -679,6 +683,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, err = policy_vma(vma, new_pol); if (err) goto out; @@ -71532,7 +70007,7 @@ index c3fdbcb..2e8ef90 100644 } out: -@@ -1111,6 +1125,17 @@ static long do_mbind(unsigned long start, unsigned long len, +@@ -1112,6 +1126,17 @@ static long do_mbind(unsigned long start, unsigned long len, if (end < start) return -EINVAL; @@ -71550,7 +70025,7 @@ index c3fdbcb..2e8ef90 100644 if (end == start) return 0; -@@ -1329,6 +1354,14 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1330,6 +1355,14 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, if (!mm) goto out; @@ -71565,7 +70040,7 @@ index c3fdbcb..2e8ef90 100644 /* * Check if this process has the right to modify the specified * process. The right exists if the process has administrative -@@ -1338,8 +1371,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1339,8 +1372,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, rcu_read_lock(); tcred = __task_cred(task); if (cred->euid != tcred->suid && cred->euid != tcred->uid && @@ -71576,10 +70051,10 @@ index c3fdbcb..2e8ef90 100644 err = -EPERM; goto out; diff --git a/mm/migrate.c b/mm/migrate.c -index 177aca4..ab3a744 100644 +index 1503b6b..156c672 100644 --- a/mm/migrate.c +++ b/mm/migrate.c -@@ -1313,6 +1313,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, +@@ -1370,6 +1370,14 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, if (!mm) return -EINVAL; @@ -71594,7 +70069,7 @@ index 177aca4..ab3a744 100644 /* * Check if this process has the right to modify the specified * process. The right exists if the process has administrative -@@ -1322,8 +1330,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, +@@ -1379,8 +1387,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, rcu_read_lock(); tcred = __task_cred(task); if (cred->euid != tcred->suid && cred->euid != tcred->uid && @@ -71605,7 +70080,7 @@ index 177aca4..ab3a744 100644 err = -EPERM; goto out; diff --git a/mm/mlock.c b/mm/mlock.c -index 4f4f53b..9511904 100644 +index ef726e8..13e0901 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -13,6 +13,7 @@ @@ -71623,10 +70098,10 @@ index 4f4f53b..9511904 100644 + if (end > TASK_SIZE) + return -EINVAL; + - vma = find_vma_prev(current->mm, start, &prev); + vma = find_vma(current->mm, start); if (!vma || vma->vm_start > start) return -ENOMEM; -@@ -395,6 +399,11 @@ static int do_mlock(unsigned long start, size_t len, int on) +@@ -396,6 +400,11 @@ static int do_mlock(unsigned long start, size_t len, int on) for (nstart = start ; ; ) { vm_flags_t newflags; @@ -71638,7 +70113,7 @@ index 4f4f53b..9511904 100644 /* Here we know that vma->vm_start <= nstart < vma->vm_end. */ newflags = vma->vm_flags | VM_LOCKED; -@@ -500,6 +509,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len) +@@ -501,6 +510,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len) lock_limit >>= PAGE_SHIFT; /* check against resource limits */ @@ -71646,7 +70121,7 @@ index 4f4f53b..9511904 100644 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK)) error = do_mlock(start, len, 1); up_write(¤t->mm->mmap_sem); -@@ -523,17 +533,23 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len) +@@ -524,17 +534,23 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len) static int do_mlockall(int flags) { struct vm_area_struct * vma, * prev = NULL; @@ -71673,7 +70148,7 @@ index 4f4f53b..9511904 100644 newflags = vma->vm_flags | VM_LOCKED; if (!(flags & MCL_CURRENT)) newflags &= ~VM_LOCKED; -@@ -566,6 +582,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) +@@ -567,6 +583,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) lock_limit >>= PAGE_SHIFT; ret = -ENOMEM; @@ -71682,7 +70157,7 @@ index 4f4f53b..9511904 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index eae90af..c930262 100644 +index da15a79..2e3d9ff 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -46,6 +46,16 @@ @@ -72016,18 +70491,7 @@ index eae90af..c930262 100644 vma->vm_mm = mm; vma->vm_start = addr; vma->vm_end = addr + len; -@@ -1266,8 +1397,9 @@ munmap_back: - vma->vm_pgoff = pgoff; - INIT_LIST_HEAD(&vma->anon_vma_chain); - -+ error = -EINVAL; /* when rejecting VM_GROWSDOWN|VM_GROWSUP */ -+ - if (file) { -- error = -EINVAL; - if (vm_flags & (VM_GROWSDOWN|VM_GROWSUP)) - goto free_vma; - if (vm_flags & VM_DENYWRITE) { -@@ -1281,6 +1413,19 @@ munmap_back: +@@ -1282,6 +1413,19 @@ munmap_back: error = file->f_op->mmap(file, vma); if (error) goto unmap_and_free_vma; @@ -72047,16 +70511,7 @@ index eae90af..c930262 100644 if (vm_flags & VM_EXECUTABLE) added_exe_file_vma(mm); -@@ -1293,6 +1438,8 @@ munmap_back: - pgoff = vma->vm_pgoff; - vm_flags = vma->vm_flags; - } else if (vm_flags & VM_SHARED) { -+ if (unlikely(vm_flags & (VM_GROWSDOWN|VM_GROWSUP))) -+ goto free_vma; - error = shmem_zero_setup(vma); - if (error) - goto free_vma; -@@ -1316,6 +1463,11 @@ munmap_back: +@@ -1319,6 +1463,11 @@ munmap_back: vma_link(mm, vma, prev, rb_link, rb_parent); file = vma->vm_file; @@ -72068,7 +70523,7 @@ index eae90af..c930262 100644 /* Once vma denies write, undo our temporary denial count */ if (correct_wcount) atomic_inc(&inode->i_writecount); -@@ -1324,6 +1476,7 @@ out: +@@ -1327,6 +1476,7 @@ out: mm->total_vm += len >> PAGE_SHIFT; vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); @@ -72076,7 +70531,7 @@ index eae90af..c930262 100644 if (vm_flags & VM_LOCKED) { if (!mlock_vma_pages_range(vma, addr, addr + len)) mm->locked_vm += (len >> PAGE_SHIFT); -@@ -1341,6 +1494,12 @@ unmap_and_free_vma: +@@ -1344,6 +1494,12 @@ unmap_and_free_vma: unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); charged = 0; free_vma: @@ -72089,7 +70544,7 @@ index eae90af..c930262 100644 kmem_cache_free(vm_area_cachep, vma); unacct_error: if (charged) -@@ -1348,6 +1507,44 @@ unacct_error: +@@ -1351,6 +1507,44 @@ unacct_error: return error; } @@ -72134,7 +70589,7 @@ index eae90af..c930262 100644 /* Get an address range which is currently unmapped. * For shmat() with addr=0. * -@@ -1374,18 +1571,23 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1377,18 +1571,23 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (flags & MAP_FIXED) return addr; @@ -72165,7 +70620,7 @@ index eae90af..c930262 100644 } full_search: -@@ -1396,34 +1598,40 @@ full_search: +@@ -1399,34 +1598,40 @@ full_search: * Start a new search - just in case we missed * some holes. */ @@ -72217,7 +70672,7 @@ index eae90af..c930262 100644 mm->free_area_cache = addr; mm->cached_hole_size = ~0UL; } -@@ -1441,7 +1649,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1444,7 +1649,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, { struct vm_area_struct *vma; struct mm_struct *mm = current->mm; @@ -72226,7 +70681,7 @@ index eae90af..c930262 100644 /* requested length too big for entire address space */ if (len > TASK_SIZE) -@@ -1450,13 +1658,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1453,13 +1658,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (flags & MAP_FIXED) return addr; @@ -72249,7 +70704,7 @@ index eae90af..c930262 100644 } /* check if free_area_cache is useful for us */ -@@ -1471,7 +1684,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1474,7 +1684,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, /* make sure it can fit in the remaining address space */ if (addr > len) { vma = find_vma(mm, addr-len); @@ -72258,7 +70713,7 @@ index eae90af..c930262 100644 /* remember the address as a hint for next time */ return (mm->free_area_cache = addr-len); } -@@ -1488,7 +1701,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1491,7 +1701,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, * return with success: */ vma = find_vma(mm, addr); @@ -72267,7 +70722,7 @@ index eae90af..c930262 100644 /* remember the address as a hint for next time */ return (mm->free_area_cache = addr); -@@ -1497,8 +1710,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1500,8 +1710,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, mm->cached_hole_size = vma->vm_start - addr; /* try just below the current vma->vm_start */ @@ -72278,7 +70733,7 @@ index eae90af..c930262 100644 bottomup: /* -@@ -1507,13 +1720,21 @@ bottomup: +@@ -1510,13 +1720,21 @@ bottomup: * can happen with large stack limits and large mmap() * allocations. */ @@ -72302,7 +70757,7 @@ index eae90af..c930262 100644 mm->cached_hole_size = ~0UL; return addr; -@@ -1522,6 +1743,12 @@ bottomup: +@@ -1525,6 +1743,12 @@ bottomup: void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) { @@ -72315,7 +70770,7 @@ index eae90af..c930262 100644 /* * Is this a new hole at the highest possible address? */ -@@ -1529,8 +1756,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) +@@ -1532,8 +1756,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) mm->free_area_cache = addr; /* dont allow allocations above current base */ @@ -72327,63 +70782,15 @@ index eae90af..c930262 100644 } unsigned long -@@ -1603,40 +1832,50 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) - - EXPORT_SYMBOL(find_vma); +@@ -1629,6 +1855,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, + return vma; + } --/* Same as find_vma, but also return a pointer to the previous VMA in *pprev. */ -+/* -+ * Same as find_vma, but also return a pointer to the previous VMA in *pprev. -+ */ - struct vm_area_struct * - find_vma_prev(struct mm_struct *mm, unsigned long addr, - struct vm_area_struct **pprev) - { -- struct vm_area_struct *vma = NULL, *prev = NULL; -- struct rb_node *rb_node; -- if (!mm) -- goto out; -- -- /* Guard against addr being lower than the first VMA */ -- vma = mm->mmap; -- -- /* Go through the RB tree quickly. */ -- rb_node = mm->mm_rb.rb_node; -- -- while (rb_node) { -- struct vm_area_struct *vma_tmp; -- vma_tmp = rb_entry(rb_node, struct vm_area_struct, vm_rb); -- -- if (addr < vma_tmp->vm_end) { -- rb_node = rb_node->rb_left; -- } else { -- prev = vma_tmp; -- if (!prev->vm_next || (addr < prev->vm_next->vm_end)) -- break; -+ struct vm_area_struct *vma; -+ -+ vma = find_vma(mm, addr); -+ if (vma) { -+ *pprev = vma->vm_prev; -+ } else { -+ struct rb_node *rb_node = mm->mm_rb.rb_node; -+ *pprev = NULL; -+ while (rb_node) { -+ *pprev = rb_entry(rb_node, struct vm_area_struct, vm_rb); - rb_node = rb_node->rb_right; - } - } -+ return vma; -+} -+ +#ifdef CONFIG_PAX_SEGMEXEC +struct vm_area_struct *pax_find_mirror_vma(struct vm_area_struct *vma) +{ + struct vm_area_struct *vma_m; - --out: -- *pprev = prev; -- return prev ? prev->vm_next : vma; ++ + BUG_ON(!vma || vma->vm_start >= vma->vm_end); + if (!(vma->vm_mm->pax_flags & MF_PAX_SEGMEXEC) || !(vma->vm_flags & VM_EXEC)) { + BUG_ON(vma->vm_mirror); @@ -72398,12 +70805,13 @@ index eae90af..c930262 100644 + BUG_ON(vma->anon_vma != vma_m->anon_vma && vma->anon_vma->root != vma_m->anon_vma->root); + BUG_ON((vma->vm_flags ^ vma_m->vm_flags) & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED | VM_RESERVED)); + return vma_m; - } ++} +#endif - ++ /* * Verify that the stack growth is acceptable and -@@ -1654,6 +1893,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns + * update accounting. This is shared with both the +@@ -1645,6 +1893,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns return -ENOMEM; /* Stack limit test */ @@ -72411,7 +70819,7 @@ index eae90af..c930262 100644 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) return -ENOMEM; -@@ -1664,6 +1904,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -1655,6 +1904,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns locked = mm->locked_vm + grow; limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); limit >>= PAGE_SHIFT; @@ -72419,7 +70827,7 @@ index eae90af..c930262 100644 if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -1694,37 +1935,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -1685,37 +1935,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -72477,7 +70885,7 @@ index eae90af..c930262 100644 unsigned long size, grow; size = address - vma->vm_start; -@@ -1739,6 +1991,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) +@@ -1730,6 +1991,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) } } } @@ -72486,7 +70894,7 @@ index eae90af..c930262 100644 vma_unlock_anon_vma(vma); khugepaged_enter_vma_merge(vma); return error; -@@ -1752,6 +2006,8 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1743,6 +2006,8 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address) { int error; @@ -72495,7 +70903,7 @@ index eae90af..c930262 100644 /* * We must make sure the anon_vma is allocated -@@ -1765,6 +2021,15 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1756,6 +2021,15 @@ int expand_downwards(struct vm_area_struct *vma, if (error) return error; @@ -72511,7 +70919,7 @@ index eae90af..c930262 100644 vma_lock_anon_vma(vma); /* -@@ -1774,9 +2039,17 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1765,9 +2039,17 @@ int expand_downwards(struct vm_area_struct *vma, */ /* Somebody else might have raced and expanded it already */ @@ -72530,7 +70938,7 @@ index eae90af..c930262 100644 size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -1786,11 +2059,22 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -1777,11 +2059,22 @@ int expand_downwards(struct vm_area_struct *vma, if (!error) { vma->vm_start = address; vma->vm_pgoff -= grow; @@ -72553,7 +70961,7 @@ index eae90af..c930262 100644 khugepaged_enter_vma_merge(vma); return error; } -@@ -1860,6 +2144,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -1851,6 +2144,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) do { long nrpages = vma_pages(vma); @@ -72567,7 +70975,7 @@ index eae90af..c930262 100644 mm->total_vm -= nrpages; vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); vma = remove_vma(vma); -@@ -1905,6 +2196,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -1896,6 +2196,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -72584,7 +70992,7 @@ index eae90af..c930262 100644 rb_erase(&vma->vm_rb, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -1933,14 +2234,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -1924,14 +2234,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct *new; int err = -ENOMEM; @@ -72618,7 +71026,7 @@ index eae90af..c930262 100644 /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -1953,6 +2273,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -1944,6 +2273,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -72641,7 +71049,7 @@ index eae90af..c930262 100644 pol = mpol_dup(vma_policy(vma)); if (IS_ERR(pol)) { err = PTR_ERR(pol); -@@ -1978,6 +2314,42 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -1969,6 +2314,42 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, else err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -72684,7 +71092,7 @@ index eae90af..c930262 100644 /* Success. */ if (!err) return 0; -@@ -1990,10 +2362,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -1981,10 +2362,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, removed_exe_file_vma(mm); fput(new->vm_file); } @@ -72704,7 +71112,7 @@ index eae90af..c930262 100644 kmem_cache_free(vm_area_cachep, new); out_err: return err; -@@ -2006,6 +2386,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -1997,6 +2386,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, int new_below) { @@ -72720,7 +71128,7 @@ index eae90af..c930262 100644 if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -2017,11 +2406,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2008,11 +2406,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, * work. This now handles partial unmappings. * Jeremy Fitzhardinge <jeremy@goop.org> */ @@ -72751,7 +71159,7 @@ index eae90af..c930262 100644 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -2096,6 +2504,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +@@ -2087,6 +2504,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -72760,7 +71168,7 @@ index eae90af..c930262 100644 return 0; } -@@ -2108,22 +2518,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) +@@ -2099,22 +2518,18 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) profile_munmap(addr); @@ -72789,7 +71197,7 @@ index eae90af..c930262 100644 /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -2137,6 +2543,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2128,6 +2543,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len) struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -72797,7 +71205,7 @@ index eae90af..c930262 100644 len = PAGE_ALIGN(len); if (!len) -@@ -2148,16 +2555,30 @@ unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2139,16 +2555,30 @@ unsigned long do_brk(unsigned long addr, unsigned long len) flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -72829,7 +71237,7 @@ index eae90af..c930262 100644 locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; -@@ -2174,22 +2595,22 @@ unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2165,22 +2595,22 @@ unsigned long do_brk(unsigned long addr, unsigned long len) /* * Clear old maps. this also does some error checking for us */ @@ -72856,7 +71264,7 @@ index eae90af..c930262 100644 return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2203,7 +2624,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2194,7 +2624,7 @@ unsigned long do_brk(unsigned long addr, unsigned long len) */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -72865,7 +71273,7 @@ index eae90af..c930262 100644 return -ENOMEM; } -@@ -2217,11 +2638,12 @@ unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2208,11 +2638,12 @@ unsigned long do_brk(unsigned long addr, unsigned long len) vma_link(mm, vma, prev, rb_link, rb_parent); out: perf_event_mmap(vma); @@ -72880,7 +71288,7 @@ index eae90af..c930262 100644 return addr; } -@@ -2268,8 +2690,10 @@ void exit_mmap(struct mm_struct *mm) +@@ -2259,8 +2690,10 @@ void exit_mmap(struct mm_struct *mm) * Walk the list again, actually closing and freeing it, * with preemption enabled, without holding any MM locks. */ @@ -72892,7 +71300,7 @@ index eae90af..c930262 100644 BUG_ON(mm->nr_ptes > (FIRST_USER_ADDRESS+PMD_SIZE-1)>>PMD_SHIFT); } -@@ -2283,6 +2707,13 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) +@@ -2274,6 +2707,13 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) struct vm_area_struct * __vma, * prev; struct rb_node ** rb_link, * rb_parent; @@ -72906,7 +71314,7 @@ index eae90af..c930262 100644 /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2305,7 +2736,22 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) +@@ -2296,7 +2736,22 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) if ((vma->vm_flags & VM_ACCOUNT) && security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -72929,16 +71337,16 @@ index eae90af..c930262 100644 return 0; } -@@ -2323,6 +2769,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, - struct rb_node **rb_link, *rb_parent; +@@ -2315,6 +2770,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, struct mempolicy *pol; + bool faulted_in_anon_vma = true; + BUG_ON(vma->vm_mirror); + /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2373,6 +2821,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2382,6 +2839,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, return NULL; } @@ -72978,7 +71386,7 @@ index eae90af..c930262 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2383,7 +2864,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -2392,7 +2882,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) unsigned long lim; lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; @@ -72987,7 +71395,7 @@ index eae90af..c930262 100644 if (cur + npages > lim) return 0; return 1; -@@ -2454,6 +2935,22 @@ int install_special_mapping(struct mm_struct *mm, +@@ -2463,6 +2953,22 @@ int install_special_mapping(struct mm_struct *mm, vma->vm_start = addr; vma->vm_end = addr + len; @@ -73011,7 +71419,7 @@ index eae90af..c930262 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); diff --git a/mm/mprotect.c b/mm/mprotect.c -index 5a688a2..27e031c 100644 +index f437d05..e3763f6 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -23,10 +23,16 @@ @@ -73203,7 +71611,7 @@ index 5a688a2..27e031c 100644 prot |= PROT_EXEC; vm_flags = calc_vm_prot_bits(prot); -@@ -287,6 +412,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -288,6 +413,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, if (start > vma->vm_start) prev = vma; @@ -73215,7 +71623,7 @@ index 5a688a2..27e031c 100644 for (nstart = start ; ; ) { unsigned long newflags; -@@ -296,6 +426,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -297,6 +427,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, /* newflags >> 4 shift VM_MAY% in place of VM_% */ if ((newflags & ~(newflags >> 4)) & (VM_READ | VM_WRITE | VM_EXEC)) { @@ -73230,7 +71638,7 @@ index 5a688a2..27e031c 100644 error = -EACCES; goto out; } -@@ -310,6 +448,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -311,6 +449,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, error = mprotect_fixup(vma, &prev, nstart, tmp, newflags); if (error) goto out; @@ -73241,7 +71649,7 @@ index 5a688a2..27e031c 100644 if (nstart < prev->vm_end) diff --git a/mm/mremap.c b/mm/mremap.c -index d6959cb..18a402a 100644 +index 87bb839..c3bfadb 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -106,6 +106,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, @@ -73257,7 +71665,7 @@ index d6959cb..18a402a 100644 set_pte_at(mm, new_addr, new_pte, pte); } -@@ -290,6 +296,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, +@@ -299,6 +305,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, if (is_vm_hugetlb_page(vma)) goto Einval; @@ -73269,7 +71677,7 @@ index d6959cb..18a402a 100644 /* We can't remap across vm area boundaries */ if (old_len > vma->vm_end - addr) goto Efault; -@@ -346,20 +357,25 @@ static unsigned long mremap_to(unsigned long addr, +@@ -355,20 +366,25 @@ static unsigned long mremap_to(unsigned long addr, unsigned long ret = -EINVAL; unsigned long charged = 0; unsigned long map_flags; @@ -73300,7 +71708,7 @@ index d6959cb..18a402a 100644 goto out; ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1); -@@ -431,6 +447,7 @@ unsigned long do_mremap(unsigned long addr, +@@ -440,6 +456,7 @@ unsigned long do_mremap(unsigned long addr, struct vm_area_struct *vma; unsigned long ret = -EINVAL; unsigned long charged = 0; @@ -73308,7 +71716,7 @@ index d6959cb..18a402a 100644 if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE)) goto out; -@@ -449,6 +466,17 @@ unsigned long do_mremap(unsigned long addr, +@@ -458,6 +475,17 @@ unsigned long do_mremap(unsigned long addr, if (!new_len) goto out; @@ -73326,7 +71734,7 @@ index d6959cb..18a402a 100644 if (flags & MREMAP_FIXED) { if (flags & MREMAP_MAYMOVE) ret = mremap_to(addr, old_len, new_addr, new_len); -@@ -498,6 +526,7 @@ unsigned long do_mremap(unsigned long addr, +@@ -507,6 +535,7 @@ unsigned long do_mremap(unsigned long addr, addr + new_len); } ret = addr; @@ -73334,7 +71742,7 @@ index d6959cb..18a402a 100644 goto out; } } -@@ -524,7 +553,13 @@ unsigned long do_mremap(unsigned long addr, +@@ -533,7 +562,13 @@ unsigned long do_mremap(unsigned long addr, ret = security_file_mmap(NULL, 0, 0, 0, new_addr, 1); if (ret) goto out; @@ -73348,43 +71756,6 @@ index d6959cb..18a402a 100644 } out: if (ret & ~PAGE_MASK) -diff --git a/mm/nobootmem.c b/mm/nobootmem.c -index 7fa41b4..6087460 100644 ---- a/mm/nobootmem.c -+++ b/mm/nobootmem.c -@@ -110,19 +110,30 @@ static void __init __free_pages_memory(unsigned long start, unsigned long end) - unsigned long __init free_all_memory_core_early(int nodeid) - { - int i; -- u64 start, end; -+ u64 start, end, startrange, endrange; - unsigned long count = 0; -- struct range *range = NULL; -+ struct range *range = NULL, rangerange = { 0, 0 }; - int nr_range; - - nr_range = get_free_all_memory_range(&range, nodeid); -+ startrange = __pa(range) >> PAGE_SHIFT; -+ endrange = (__pa(range + nr_range) - 1) >> PAGE_SHIFT; - - for (i = 0; i < nr_range; i++) { - start = range[i].start; - end = range[i].end; -+ if (start <= endrange && startrange < end) { -+ BUG_ON(rangerange.start | rangerange.end); -+ rangerange = range[i]; -+ continue; -+ } - count += end - start; - __free_pages_memory(start, end); - } -+ start = rangerange.start; -+ end = rangerange.end; -+ count += end - start; -+ __free_pages_memory(start, end); - - return count; - } diff --git a/mm/nommu.c b/mm/nommu.c index f59e170..34e2a2b 100644 --- a/mm/nommu.c @@ -73422,10 +71793,10 @@ index f59e170..34e2a2b 100644 new->vm_region = region; diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 485be89..c059ad3 100644 +index a13ded1..b949d15 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c -@@ -341,7 +341,7 @@ out: +@@ -335,7 +335,7 @@ out: * This usage means that zero-order pages may not be compound. */ @@ -73434,7 +71805,7 @@ index 485be89..c059ad3 100644 { __free_pages_ok(page, compound_order(page)); } -@@ -654,6 +654,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -692,6 +692,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) int i; int bad = 0; @@ -73442,10 +71813,10 @@ index 485be89..c059ad3 100644 + unsigned long index = 1UL << order; +#endif + - trace_mm_page_free_direct(page, order); + trace_mm_page_free(page, order); kmemcheck_free_shadow(page, order); -@@ -669,6 +673,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -707,6 +711,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) debug_check_no_obj_freed(page_address(page), PAGE_SIZE << order); } @@ -73458,7 +71829,7 @@ index 485be89..c059ad3 100644 arch_free_page(page, order); kernel_map_pages(page, 1 << order, 0); -@@ -784,8 +794,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) +@@ -830,8 +840,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) arch_alloc_page(page, order); kernel_map_pages(page, 1 << order, 1); @@ -73469,7 +71840,7 @@ index 485be89..c059ad3 100644 if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); -@@ -3357,7 +3369,13 @@ static int pageblock_is_reserved(unsigned long start_pfn, unsigned long end_pfn) +@@ -3468,7 +3480,13 @@ static int pageblock_is_reserved(unsigned long start_pfn, unsigned long end_pfn) unsigned long pfn; for (pfn = start_pfn; pfn < end_pfn; pfn++) { @@ -73484,10 +71855,10 @@ index 485be89..c059ad3 100644 } return 0; diff --git a/mm/percpu.c b/mm/percpu.c -index 716eb4a..8d10419 100644 +index f47af91..7eeef99 100644 --- a/mm/percpu.c +++ b/mm/percpu.c -@@ -121,7 +121,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly; +@@ -122,7 +122,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly; static unsigned int pcpu_high_unit_cpu __read_mostly; /* the address of the first chunk which starts with the kernel static area */ @@ -73497,7 +71868,7 @@ index 716eb4a..8d10419 100644 static const int *pcpu_unit_map __read_mostly; /* cpu -> unit */ diff --git a/mm/process_vm_access.c b/mm/process_vm_access.c -index e920aa3..137702a 100644 +index c20ff48..137702a 100644 --- a/mm/process_vm_access.c +++ b/mm/process_vm_access.c @@ -13,6 +13,7 @@ @@ -73535,42 +71906,20 @@ index e920aa3..137702a 100644 } if (nr_pages == 0) -@@ -298,23 +299,23 @@ static ssize_t process_vm_rw_core(pid_t pid, const struct iovec *lvec, +@@ -298,6 +299,11 @@ static ssize_t process_vm_rw_core(pid_t pid, const struct iovec *lvec, goto free_proc_pages; } -- task_lock(task); -- if (__ptrace_may_access(task, PTRACE_MODE_ATTACH)) { -- task_unlock(task); + if (gr_handle_ptrace(task, vm_write ? PTRACE_POKETEXT : PTRACE_ATTACH)) { - rc = -EPERM; - goto put_task_struct; - } -- mm = task->mm; - -- if (!mm || (task->flags & PF_KTHREAD)) { -- task_unlock(task); -- rc = -EINVAL; -+ mm = mm_access(task, PTRACE_MODE_ATTACH); -+ if (!mm || IS_ERR(mm)) { -+ rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; -+ /* -+ * Explicitly map EACCES to EPERM as EPERM is a more a -+ * appropriate error code for process_vw_readv/writev -+ */ -+ if (rc == -EACCES) -+ rc = -EPERM; - goto put_task_struct; - } - -- atomic_inc(&mm->mm_users); -- task_unlock(task); -- - for (i = 0; i < riovcnt && iov_l_curr_idx < liovcnt; i++) { - rc = process_vm_rw_single_vec( - (unsigned long)rvec[i].iov_base, rvec[i].iov_len, ++ rc = -EPERM; ++ goto put_task_struct; ++ } ++ + mm = mm_access(task, PTRACE_MODE_ATTACH); + if (!mm || IS_ERR(mm)) { + rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; diff --git a/mm/rmap.c b/mm/rmap.c -index a4fd368..e0ffec7 100644 +index c8454e0..b04f3a2 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -152,6 +152,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) @@ -73653,7 +72002,7 @@ index a4fd368..e0ffec7 100644 { struct anon_vma_chain *avc, *pavc; struct anon_vma *root = NULL; -@@ -276,7 +313,7 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src) +@@ -321,7 +358,7 @@ void anon_vma_moveto_tail(struct vm_area_struct *dst) * the corresponding VMA in the parent process is attached to. * Returns 0 on success, non-zero on failure. */ @@ -73663,7 +72012,7 @@ index a4fd368..e0ffec7 100644 struct anon_vma_chain *avc; struct anon_vma *anon_vma; diff --git a/mm/shmem.c b/mm/shmem.c -index 6c253f7..367e20a 100644 +index 269d049..a9d2b50 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -31,7 +31,7 @@ @@ -73695,10 +72044,10 @@ index 6c253f7..367e20a 100644 return -ENOMEM; diff --git a/mm/slab.c b/mm/slab.c -index 83311c9a..fcf8f86 100644 +index f0bd785..348b96a 100644 --- a/mm/slab.c +++ b/mm/slab.c -@@ -151,7 +151,7 @@ +@@ -153,7 +153,7 @@ /* Legal flag mask for kmem_cache_create(). */ #if DEBUG @@ -73707,7 +72056,7 @@ index 83311c9a..fcf8f86 100644 SLAB_POISON | SLAB_HWCACHE_ALIGN | \ SLAB_CACHE_DMA | \ SLAB_STORE_USER | \ -@@ -159,7 +159,7 @@ +@@ -161,7 +161,7 @@ SLAB_DESTROY_BY_RCU | SLAB_MEM_SPREAD | \ SLAB_DEBUG_OBJECTS | SLAB_NOLEAKTRACE | SLAB_NOTRACK) #else @@ -73716,7 +72065,7 @@ index 83311c9a..fcf8f86 100644 SLAB_CACHE_DMA | \ SLAB_RECLAIM_ACCOUNT | SLAB_PANIC | \ SLAB_DESTROY_BY_RCU | SLAB_MEM_SPREAD | \ -@@ -288,7 +288,7 @@ struct kmem_list3 { +@@ -290,7 +290,7 @@ struct kmem_list3 { * Need this for bootstrapping a per node allocator. */ #define NUM_INIT_LISTS (3 * MAX_NUMNODES) @@ -73725,7 +72074,7 @@ index 83311c9a..fcf8f86 100644 #define CACHE_CACHE 0 #define SIZE_AC MAX_NUMNODES #define SIZE_L3 (2 * MAX_NUMNODES) -@@ -389,10 +389,10 @@ static void kmem_list3_init(struct kmem_list3 *parent) +@@ -391,10 +391,10 @@ static void kmem_list3_init(struct kmem_list3 *parent) if ((x)->max_freeable < i) \ (x)->max_freeable = i; \ } while (0) @@ -73740,7 +72089,7 @@ index 83311c9a..fcf8f86 100644 #else #define STATS_INC_ACTIVE(x) do { } while (0) #define STATS_DEC_ACTIVE(x) do { } while (0) -@@ -538,7 +538,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct slab *slab, +@@ -542,7 +542,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct slab *slab, * reciprocal_divide(offset, cache->reciprocal_buffer_size) */ static inline unsigned int obj_to_index(const struct kmem_cache *cache, @@ -73749,7 +72098,7 @@ index 83311c9a..fcf8f86 100644 { u32 offset = (obj - slab->s_mem); return reciprocal_divide(offset, cache->reciprocal_buffer_size); -@@ -564,7 +564,7 @@ struct cache_names { +@@ -568,7 +568,7 @@ struct cache_names { static struct cache_names __initdata cache_names[] = { #define CACHE(x) { .name = "size-" #x, .name_dma = "size-" #x "(DMA)" }, #include <linux/kmalloc_sizes.h> @@ -73758,7 +72107,7 @@ index 83311c9a..fcf8f86 100644 #undef CACHE }; -@@ -1572,7 +1572,7 @@ void __init kmem_cache_init(void) +@@ -1588,7 +1588,7 @@ void __init kmem_cache_init(void) sizes[INDEX_AC].cs_cachep = kmem_cache_create(names[INDEX_AC].name, sizes[INDEX_AC].cs_size, ARCH_KMALLOC_MINALIGN, @@ -73767,7 +72116,7 @@ index 83311c9a..fcf8f86 100644 NULL); if (INDEX_AC != INDEX_L3) { -@@ -1580,7 +1580,7 @@ void __init kmem_cache_init(void) +@@ -1596,7 +1596,7 @@ void __init kmem_cache_init(void) kmem_cache_create(names[INDEX_L3].name, sizes[INDEX_L3].cs_size, ARCH_KMALLOC_MINALIGN, @@ -73776,7 +72125,7 @@ index 83311c9a..fcf8f86 100644 NULL); } -@@ -1598,7 +1598,7 @@ void __init kmem_cache_init(void) +@@ -1614,7 +1614,7 @@ void __init kmem_cache_init(void) sizes->cs_cachep = kmem_cache_create(names->name, sizes->cs_size, ARCH_KMALLOC_MINALIGN, @@ -73785,7 +72134,7 @@ index 83311c9a..fcf8f86 100644 NULL); } #ifdef CONFIG_ZONE_DMA -@@ -4322,10 +4322,10 @@ static int s_show(struct seq_file *m, void *p) +@@ -4339,10 +4339,10 @@ static int s_show(struct seq_file *m, void *p) } /* cpu stats */ { @@ -73800,7 +72149,7 @@ index 83311c9a..fcf8f86 100644 seq_printf(m, " : cpustat %6lu %6lu %6lu %6lu", allochit, allocmiss, freehit, freemiss); -@@ -4584,13 +4584,62 @@ static int __init slab_proc_init(void) +@@ -4601,13 +4601,62 @@ static int __init slab_proc_init(void) { proc_create("slabinfo",S_IWUSR|S_IRUSR,NULL,&proc_slabinfo_operations); #ifdef CONFIG_DEBUG_SLAB_LEAK @@ -74221,7 +72570,7 @@ index 8105be4..e045f96 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index 1a919f0..1739c9b 100644 +index 4907563..e3d7905 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -208,7 +208,7 @@ struct track { @@ -74233,7 +72582,7 @@ index 1a919f0..1739c9b 100644 static int sysfs_slab_add(struct kmem_cache *); static int sysfs_slab_alias(struct kmem_cache *, const char *); static void sysfs_slab_remove(struct kmem_cache *); -@@ -530,7 +530,7 @@ static void print_track(const char *s, struct track *t) +@@ -532,7 +532,7 @@ static void print_track(const char *s, struct track *t) if (!t->addr) return; @@ -74242,7 +72591,7 @@ index 1a919f0..1739c9b 100644 s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid); #ifdef CONFIG_STACKTRACE { -@@ -2559,6 +2559,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x) +@@ -2571,6 +2571,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x) page = virt_to_head_page(x); @@ -74251,7 +72600,7 @@ index 1a919f0..1739c9b 100644 slab_free(s, page, x, _RET_IP_); trace_kmem_cache_free(_RET_IP_, x); -@@ -2592,7 +2594,7 @@ static int slub_min_objects; +@@ -2604,7 +2606,7 @@ static int slub_min_objects; * Merge control. If this is set then no merging of slab caches will occur. * (Could be removed. This was introduced to pacify the merge skeptics.) */ @@ -74260,7 +72609,7 @@ index 1a919f0..1739c9b 100644 /* * Calculate the order of allocation given an slab object size. -@@ -3042,7 +3044,7 @@ static int kmem_cache_open(struct kmem_cache *s, +@@ -3057,7 +3059,7 @@ static int kmem_cache_open(struct kmem_cache *s, else s->cpu_partial = 30; @@ -74269,7 +72618,7 @@ index 1a919f0..1739c9b 100644 #ifdef CONFIG_NUMA s->remote_node_defrag_ratio = 1000; #endif -@@ -3146,8 +3148,7 @@ static inline int kmem_cache_close(struct kmem_cache *s) +@@ -3161,8 +3163,7 @@ static inline int kmem_cache_close(struct kmem_cache *s) void kmem_cache_destroy(struct kmem_cache *s) { down_write(&slub_lock); @@ -74279,7 +72628,7 @@ index 1a919f0..1739c9b 100644 list_del(&s->list); up_write(&slub_lock); if (kmem_cache_close(s)) { -@@ -3358,6 +3359,50 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) +@@ -3373,6 +3374,50 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) EXPORT_SYMBOL(__kmalloc_node); #endif @@ -74330,7 +72679,7 @@ index 1a919f0..1739c9b 100644 size_t ksize(const void *object) { struct page *page; -@@ -3632,7 +3677,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s) +@@ -3647,7 +3692,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s) int node; list_add(&s->list, &slab_caches); @@ -74339,7 +72688,7 @@ index 1a919f0..1739c9b 100644 for_each_node_state(node, N_NORMAL_MEMORY) { struct kmem_cache_node *n = get_node(s, node); -@@ -3749,17 +3794,17 @@ void __init kmem_cache_init(void) +@@ -3767,17 +3812,17 @@ void __init kmem_cache_init(void) /* Caches that are not of the two-to-the-power-of size */ if (KMALLOC_MIN_SIZE <= 32) { @@ -74360,7 +72709,7 @@ index 1a919f0..1739c9b 100644 caches++; } -@@ -3827,7 +3872,7 @@ static int slab_unmergeable(struct kmem_cache *s) +@@ -3845,7 +3890,7 @@ static int slab_unmergeable(struct kmem_cache *s) /* * We may have set a slab to be unmergeable during bootstrap. */ @@ -74369,7 +72718,7 @@ index 1a919f0..1739c9b 100644 return 1; return 0; -@@ -3886,7 +3931,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, +@@ -3904,7 +3949,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, down_write(&slub_lock); s = find_mergeable(size, align, flags, name, ctor); if (s) { @@ -74378,7 +72727,7 @@ index 1a919f0..1739c9b 100644 /* * Adjust the object sizes so that we clear * the complete object on kzalloc. -@@ -3895,7 +3940,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, +@@ -3913,7 +3958,7 @@ struct kmem_cache *kmem_cache_create(const char *name, size_t size, s->inuse = max_t(int, s->inuse, ALIGN(size, sizeof(void *))); if (sysfs_slab_alias(s, name)) { @@ -74387,7 +72736,7 @@ index 1a919f0..1739c9b 100644 goto err; } up_write(&slub_lock); -@@ -4023,7 +4068,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, +@@ -4041,7 +4086,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, } #endif @@ -74396,7 +72745,7 @@ index 1a919f0..1739c9b 100644 static int count_inuse(struct page *page) { return page->inuse; -@@ -4410,12 +4455,12 @@ static void resiliency_test(void) +@@ -4428,12 +4473,12 @@ static void resiliency_test(void) validate_slab_cache(kmalloc_caches[9]); } #else @@ -74411,7 +72760,7 @@ index 1a919f0..1739c9b 100644 enum slab_stat_type { SL_ALL, /* All slabs */ SL_PARTIAL, /* Only partially allocated slabs */ -@@ -4656,7 +4701,7 @@ SLAB_ATTR_RO(ctor); +@@ -4676,7 +4721,7 @@ SLAB_ATTR_RO(ctor); static ssize_t aliases_show(struct kmem_cache *s, char *buf) { @@ -74420,7 +72769,7 @@ index 1a919f0..1739c9b 100644 } SLAB_ATTR_RO(aliases); -@@ -5223,6 +5268,7 @@ static char *create_unique_id(struct kmem_cache *s) +@@ -5243,6 +5288,7 @@ static char *create_unique_id(struct kmem_cache *s) return name; } @@ -74428,7 +72777,7 @@ index 1a919f0..1739c9b 100644 static int sysfs_slab_add(struct kmem_cache *s) { int err; -@@ -5285,6 +5331,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) +@@ -5305,6 +5351,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) kobject_del(&s->kobj); kobject_put(&s->kobj); } @@ -74436,7 +72785,7 @@ index 1a919f0..1739c9b 100644 /* * Need to buffer aliases during bootup until sysfs becomes -@@ -5298,6 +5345,7 @@ struct saved_alias { +@@ -5318,6 +5365,7 @@ struct saved_alias { static struct saved_alias *alias_list; @@ -74444,7 +72793,7 @@ index 1a919f0..1739c9b 100644 static int sysfs_slab_alias(struct kmem_cache *s, const char *name) { struct saved_alias *al; -@@ -5320,6 +5368,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) +@@ -5340,6 +5388,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) alias_list = al; return 0; } @@ -74453,10 +72802,10 @@ index 1a919f0..1739c9b 100644 static int __init slab_sysfs_init(void) { diff --git a/mm/swap.c b/mm/swap.c -index 55b266d..a532537 100644 +index 14380e9..e244704 100644 --- a/mm/swap.c +++ b/mm/swap.c -@@ -31,6 +31,7 @@ +@@ -30,6 +30,7 @@ #include <linux/backing-dev.h> #include <linux/memcontrol.h> #include <linux/gfp.h> @@ -74464,7 +72813,7 @@ index 55b266d..a532537 100644 #include "internal.h" -@@ -71,6 +72,8 @@ static void __put_compound_page(struct page *page) +@@ -70,6 +71,8 @@ static void __put_compound_page(struct page *page) __page_cache_release(page); dtor = get_compound_page_dtor(page); @@ -74474,7 +72823,7 @@ index 55b266d..a532537 100644 } diff --git a/mm/swapfile.c b/mm/swapfile.c -index b1cd120..aaae885 100644 +index d999f09..e00270a 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -61,7 +61,7 @@ static DEFINE_MUTEX(swapon_mutex); @@ -74486,7 +72835,7 @@ index b1cd120..aaae885 100644 static inline unsigned char swap_count(unsigned char ent) { -@@ -1670,7 +1670,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) +@@ -1671,7 +1671,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) } filp_close(swap_file, NULL); err = 0; @@ -74495,7 +72844,7 @@ index b1cd120..aaae885 100644 wake_up_interruptible(&proc_poll_wait); out_dput: -@@ -1686,8 +1686,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) +@@ -1687,8 +1687,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) poll_wait(file, &proc_poll_wait, wait); @@ -74506,7 +72855,7 @@ index b1cd120..aaae885 100644 return POLLIN | POLLRDNORM | POLLERR | POLLPRI; } -@@ -1785,7 +1785,7 @@ static int swaps_open(struct inode *inode, struct file *file) +@@ -1786,7 +1786,7 @@ static int swaps_open(struct inode *inode, struct file *file) return ret; seq = file->private_data; @@ -74515,7 +72864,7 @@ index b1cd120..aaae885 100644 return 0; } -@@ -2123,7 +2123,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) +@@ -2124,7 +2124,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) (p->flags & SWP_DISCARDABLE) ? "D" : ""); mutex_unlock(&swapon_mutex); @@ -74525,10 +72874,26 @@ index b1cd120..aaae885 100644 if (S_ISREG(inode->i_mode)) diff --git a/mm/util.c b/mm/util.c -index 136ac4f..f917fa9 100644 +index 136ac4f..5117eef 100644 --- a/mm/util.c +++ b/mm/util.c -@@ -243,6 +243,12 @@ void __vma_link_list(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -114,6 +114,7 @@ EXPORT_SYMBOL(memdup_user); + * allocated buffer. Use this if you don't want to free the buffer immediately + * like, for example, with RCU. + */ ++#undef __krealloc + void *__krealloc(const void *p, size_t new_size, gfp_t flags) + { + void *ret; +@@ -147,6 +148,7 @@ EXPORT_SYMBOL(__krealloc); + * behaves exactly like kmalloc(). If @size is 0 and @p is not a + * %NULL pointer, the object pointed to is freed. + */ ++#undef krealloc + void *krealloc(const void *p, size_t new_size, gfp_t flags) + { + void *ret; +@@ -243,6 +245,12 @@ void __vma_link_list(struct mm_struct *mm, struct vm_area_struct *vma, void arch_pick_mmap_layout(struct mm_struct *mm) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -74542,7 +72907,7 @@ index 136ac4f..f917fa9 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 27be2f0..633e5cc 100644 +index 86ce9a5..0fa4d89 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -74648,7 +73013,7 @@ index 27be2f0..633e5cc 100644 if (!pmd_none(*pmd)) { pte_t *ptep, pte; -@@ -1294,6 +1334,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, +@@ -1319,6 +1359,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size, struct vm_struct *area; BUG_ON(in_interrupt()); @@ -74665,7 +73030,7 @@ index 27be2f0..633e5cc 100644 if (flags & VM_IOREMAP) { int bit = fls(size); -@@ -1526,6 +1576,11 @@ void *vmap(struct page **pages, unsigned int count, +@@ -1551,6 +1601,11 @@ void *vmap(struct page **pages, unsigned int count, if (count > totalram_pages) return NULL; @@ -74677,7 +73042,7 @@ index 27be2f0..633e5cc 100644 area = get_vm_area_caller((count << PAGE_SHIFT), flags, __builtin_return_address(0)); if (!area) -@@ -1627,6 +1682,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, +@@ -1652,6 +1707,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, if (!size || (size >> PAGE_SHIFT) > totalram_pages) goto fail; @@ -74691,11 +73056,60 @@ index 27be2f0..633e5cc 100644 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST, start, end, node, gfp_mask, caller); if (!area) -@@ -1800,10 +1862,9 @@ EXPORT_SYMBOL(vzalloc_node); +@@ -1704,6 +1766,7 @@ static void *__vmalloc_node(unsigned long size, unsigned long align, + gfp_mask, prot, node, caller); + } + ++#undef __vmalloc + void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot) + { + return __vmalloc_node(size, 1, gfp_mask, prot, -1, +@@ -1727,6 +1790,7 @@ static inline void *__vmalloc_node_flags(unsigned long size, + * For tight control over page level allocator and protection flags + * use __vmalloc() instead. + */ ++#undef vmalloc + void *vmalloc(unsigned long size) + { + return __vmalloc_node_flags(size, -1, GFP_KERNEL | __GFP_HIGHMEM); +@@ -1743,6 +1807,7 @@ EXPORT_SYMBOL(vmalloc); + * For tight control over page level allocator and protection flags + * use __vmalloc() instead. + */ ++#undef vzalloc + void *vzalloc(unsigned long size) + { + return __vmalloc_node_flags(size, -1, +@@ -1757,6 +1822,7 @@ EXPORT_SYMBOL(vzalloc); + * The resulting memory area is zeroed so it can be mapped to userspace + * without leaking data. + */ ++#undef vmalloc_user + void *vmalloc_user(unsigned long size) + { + struct vm_struct *area; +@@ -1784,6 +1850,7 @@ EXPORT_SYMBOL(vmalloc_user); + * For tight control over page level allocator and protection flags + * use __vmalloc() instead. + */ ++#undef vmalloc_node + void *vmalloc_node(unsigned long size, int node) + { + return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL, +@@ -1803,6 +1870,7 @@ EXPORT_SYMBOL(vmalloc_node); + * For tight control over page level allocator and protection flags + * use __vmalloc_node() instead. + */ ++#undef vzalloc_node + void *vzalloc_node(unsigned long size, int node) + { + return __vmalloc_node_flags(size, node, +@@ -1825,10 +1893,10 @@ EXPORT_SYMBOL(vzalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ - ++#undef vmalloc_exec void *vmalloc_exec(unsigned long size) { - return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC, @@ -74703,7 +73117,23 @@ index 27be2f0..633e5cc 100644 -1, __builtin_return_address(0)); } -@@ -2098,6 +2159,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, +@@ -1847,6 +1915,7 @@ void *vmalloc_exec(unsigned long size) + * Allocate enough 32bit PA addressable pages to cover @size from the + * page level allocator and map them into contiguous kernel virtual space. + */ ++#undef vmalloc_32 + void *vmalloc_32(unsigned long size) + { + return __vmalloc_node(size, 1, GFP_VMALLOC32, PAGE_KERNEL, +@@ -1861,6 +1930,7 @@ EXPORT_SYMBOL(vmalloc_32); + * The resulting memory area is 32bit addressable and zeroed so it can be + * mapped to userspace without leaking data. + */ ++#undef vmalloc_32_user + void *vmalloc_32_user(unsigned long size) + { + struct vm_struct *area; +@@ -2123,6 +2193,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, unsigned long uaddr = vma->vm_start; unsigned long usize = vma->vm_end - vma->vm_start; @@ -74713,7 +73143,7 @@ index 27be2f0..633e5cc 100644 return -EINVAL; diff --git a/mm/vmstat.c b/mm/vmstat.c -index 8fd603b..cf0d930 100644 +index f600557..1459fc8 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c @@ -78,7 +78,7 @@ void vm_events_fold_cpu(int cpu) @@ -74769,10 +73199,10 @@ index 8fd603b..cf0d930 100644 return 0; } diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c -index 5471628..cef8398 100644 +index efea35b..9c8dd0b 100644 --- a/net/8021q/vlan.c +++ b/net/8021q/vlan.c -@@ -588,8 +588,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) +@@ -554,8 +554,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) err = -EPERM; if (!capable(CAP_NET_ADMIN)) break; @@ -74783,10 +73213,10 @@ index 5471628..cef8398 100644 vn = net_generic(net, vlan_net_id); diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c -index fdfdb57..38d368c 100644 +index fccae26..e7ece2f 100644 --- a/net/9p/trans_fd.c +++ b/net/9p/trans_fd.c -@@ -423,7 +423,7 @@ static int p9_fd_write(struct p9_client *client, void *v, int len) +@@ -425,7 +425,7 @@ static int p9_fd_write(struct p9_client *client, void *v, int len) oldfs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -74796,7 +73226,7 @@ index fdfdb57..38d368c 100644 if (ret <= 0 && ret != -ERESTARTSYS && ret != -EAGAIN) diff --git a/net/atm/atm_misc.c b/net/atm/atm_misc.c -index f41f026..fe76ea8 100644 +index 876fbe8..8bbea9f 100644 --- a/net/atm/atm_misc.c +++ b/net/atm/atm_misc.c @@ -17,7 +17,7 @@ int atm_charge(struct atm_vcc *vcc, int truesize) @@ -74947,10 +73377,10 @@ index 7704df4..beb4e16 100644 hard_iface->net_dev->name); diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c -index f9cc957..efd9dae 100644 +index 987c75a..20d6f36 100644 --- a/net/batman-adv/soft-interface.c +++ b/net/batman-adv/soft-interface.c -@@ -634,7 +634,7 @@ static int interface_tx(struct sk_buff *skb, struct net_device *soft_iface) +@@ -645,7 +645,7 @@ static int interface_tx(struct sk_buff *skb, struct net_device *soft_iface) /* set broadcast sequence number */ bcast_packet->seqno = @@ -74959,7 +73389,7 @@ index f9cc957..efd9dae 100644 add_bcast_packet_to_list(bat_priv, skb, 1); -@@ -828,7 +828,7 @@ struct net_device *softif_create(const char *name) +@@ -843,7 +843,7 @@ struct net_device *softif_create(const char *name) atomic_set(&bat_priv->batman_queue_left, BATMAN_QUEUE_LEN); atomic_set(&bat_priv->mesh_state, MESH_INACTIVE); @@ -74969,7 +73399,7 @@ index f9cc957..efd9dae 100644 atomic_set(&bat_priv->tt_local_changes, 0); atomic_set(&bat_priv->tt_ogm_append_cnt, 0); diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h -index ab8d0fe..ceba3fd 100644 +index e9eb043..d174eeb 100644 --- a/net/batman-adv/types.h +++ b/net/batman-adv/types.h @@ -38,8 +38,8 @@ struct hard_iface { @@ -75006,7 +73436,7 @@ index 07d1c1d..7e9bea9 100644 frag2->seqno = htons(seqno); diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c -index c1c597e..05ebb40 100644 +index 07bc69e..21e76b1 100644 --- a/net/bluetooth/hci_conn.c +++ b/net/bluetooth/hci_conn.c @@ -234,7 +234,7 @@ void hci_le_ltk_reply(struct hci_conn *conn, u8 ltk[16]) @@ -75019,10 +73449,10 @@ index c1c597e..05ebb40 100644 hci_send_cmd(hdev, HCI_OP_LE_LTK_REPLY, sizeof(cp), &cp); } diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c -index 17b5b1c..826d872 100644 +index 32d338c..d24bcdb 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c -@@ -2176,8 +2176,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi +@@ -2418,8 +2418,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi break; case L2CAP_CONF_RFC: @@ -75035,7 +73465,7 @@ index 17b5b1c..826d872 100644 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && rfc.mode != chan->mode) -@@ -2265,8 +2267,10 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len) +@@ -2537,8 +2539,10 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len) switch (type) { case L2CAP_CONF_RFC: @@ -75048,24 +73478,11 @@ index 17b5b1c..826d872 100644 goto done; } } -diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c -index 8eb6b15..e3db7ab 100644 ---- a/net/bridge/br_multicast.c -+++ b/net/bridge/br_multicast.c -@@ -1488,7 +1488,7 @@ static int br_multicast_ipv6_rcv(struct net_bridge *br, - nexthdr = ip6h->nexthdr; - offset = ipv6_skip_exthdr(skb, sizeof(*ip6h), &nexthdr); - -- if (offset < 0 || nexthdr != IPPROTO_ICMPV6) -+ if (nexthdr != IPPROTO_ICMPV6) - return 0; - - /* Okay, we found ICMPv6 header */ diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c -index 5864cc4..121f3a30 100644 +index 5fe2ff3..10968b5 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c -@@ -1513,7 +1513,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) +@@ -1523,7 +1523,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) tmp.valid_hooks = t->table->valid_hooks; } mutex_unlock(&ebt_mutex); @@ -75075,7 +73492,7 @@ index 5864cc4..121f3a30 100644 ret = -EFAULT; break; diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c -index a986280..13444a1 100644 +index a97d97a..6f679ed 100644 --- a/net/caif/caif_socket.c +++ b/net/caif/caif_socket.c @@ -48,19 +48,20 @@ static struct dentry *debugfsdir; @@ -75180,7 +73597,7 @@ index a986280..13444a1 100644 set_rx_flow_on(cf_sk); caif_flow_ctrl(sk, CAIF_MODEMCMD_FLOW_ON_REQ); } -@@ -854,7 +855,7 @@ static int caif_connect(struct socket *sock, struct sockaddr *uaddr, +@@ -856,7 +857,7 @@ static int caif_connect(struct socket *sock, struct sockaddr *uaddr, /*ifindex = id of the interface.*/ cf_sk->conn_req.ifindex = cf_sk->sk.sk_bound_dev_if; @@ -75189,7 +73606,7 @@ index a986280..13444a1 100644 cf_sk->layer.receive = caif_sktrecv_cb; err = caif_connect_client(sock_net(sk), &cf_sk->conn_req, -@@ -943,7 +944,7 @@ static int caif_release(struct socket *sock) +@@ -945,7 +946,7 @@ static int caif_release(struct socket *sock) spin_unlock_bh(&sk->sk_receive_queue.lock); sock->sk = NULL; @@ -75198,7 +73615,7 @@ index a986280..13444a1 100644 WARN_ON(IS_ERR(cf_sk->debugfs_socket_dir)); if (cf_sk->debugfs_socket_dir != NULL) -@@ -1122,7 +1123,7 @@ static int caif_create(struct net *net, struct socket *sock, int protocol, +@@ -1124,7 +1125,7 @@ static int caif_create(struct net *net, struct socket *sock, int protocol, cf_sk->conn_req.protocol = protocol; /* Increase the number of sockets created. */ dbfs_atomic_inc(&cnt.caif_nr_socks); @@ -75408,10 +73825,10 @@ index 68bbf9f..5ef0d12 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index c56cacf..b28e35f 100644 +index 6ca32f6..c7e9bbd 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -1139,10 +1139,14 @@ void dev_load(struct net *net, const char *name) +@@ -1138,10 +1138,14 @@ void dev_load(struct net *net, const char *name) if (no_module && capable(CAP_NET_ADMIN)) no_module = request_module("netdev-%s", name); if (no_module && capable(CAP_SYS_MODULE)) { @@ -75426,7 +73843,7 @@ index c56cacf..b28e35f 100644 } } EXPORT_SYMBOL(dev_load); -@@ -1573,7 +1577,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) +@@ -1585,7 +1589,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) { if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) { if (skb_copy_ubufs(skb, GFP_ATOMIC)) { @@ -75435,7 +73852,7 @@ index c56cacf..b28e35f 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -1583,7 +1587,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) +@@ -1595,7 +1599,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) nf_reset(skb); if (unlikely(!is_skb_forwardable(dev, skb))) { @@ -75444,7 +73861,7 @@ index c56cacf..b28e35f 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -2036,7 +2040,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) +@@ -2057,7 +2061,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) struct dev_gso_cb { void (*destructor)(struct sk_buff *skb); @@ -75453,7 +73870,7 @@ index c56cacf..b28e35f 100644 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) -@@ -2970,7 +2974,7 @@ enqueue: +@@ -2913,7 +2917,7 @@ enqueue: local_irq_restore(flags); @@ -75462,7 +73879,7 @@ index c56cacf..b28e35f 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -3044,7 +3048,7 @@ int netif_rx_ni(struct sk_buff *skb) +@@ -2985,7 +2989,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -75471,7 +73888,7 @@ index c56cacf..b28e35f 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); -@@ -3333,7 +3337,7 @@ ncls: +@@ -3273,7 +3277,7 @@ ncls: if (pt_prev) { ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); } else { @@ -75480,7 +73897,7 @@ index c56cacf..b28e35f 100644 kfree_skb(skb); /* Jamal, now you will not able to escape explaining * me how you were going to use this. :-) -@@ -3897,7 +3901,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -3832,7 +3836,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); @@ -75489,7 +73906,7 @@ index c56cacf..b28e35f 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; -@@ -5955,7 +5959,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, +@@ -5889,7 +5893,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, } else { netdev_stats_to_stats64(storage, &dev->stats); } @@ -75561,7 +73978,7 @@ index c40f27e..7f49254 100644 m->msg_iov = iov; diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 9083e82..1673203 100644 +index f965dce..92c792a 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -57,7 +57,7 @@ struct rtnl_link { @@ -75572,7 +73989,7 @@ index 9083e82..1673203 100644 +} __no_const; static DEFINE_MUTEX(rtnl_mutex); - static u16 min_ifinfo_dump_size; + diff --git a/net/core/scm.c b/net/core/scm.c index ff52ad0..aff1c0f 100644 --- a/net/core/scm.c @@ -75614,10 +74031,10 @@ index ff52ad0..aff1c0f 100644 { int new_fd; diff --git a/net/core/sock.c b/net/core/sock.c -index b23f174..b9a0d26 100644 +index 02f8dfe..86dfd4a 100644 --- a/net/core/sock.c +++ b/net/core/sock.c -@@ -289,7 +289,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -341,7 +341,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) struct sk_buff_head *list = &sk->sk_receive_queue; if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) { @@ -75626,7 +74043,7 @@ index b23f174..b9a0d26 100644 trace_sock_rcvqueue_full(sk, skb); return -ENOMEM; } -@@ -299,7 +299,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -351,7 +351,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) return err; if (!sk_rmem_schedule(sk, skb->truesize)) { @@ -75635,7 +74052,7 @@ index b23f174..b9a0d26 100644 return -ENOBUFS; } -@@ -319,7 +319,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -371,7 +371,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) skb_dst_force(skb); spin_lock_irqsave(&list->lock, flags); @@ -75644,7 +74061,7 @@ index b23f174..b9a0d26 100644 __skb_queue_tail(list, skb); spin_unlock_irqrestore(&list->lock, flags); -@@ -339,7 +339,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) +@@ -391,7 +391,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) skb->dev = NULL; if (sk_rcvqueues_full(sk, skb)) { @@ -75653,7 +74070,7 @@ index b23f174..b9a0d26 100644 goto discard_and_relse; } if (nested) -@@ -357,7 +357,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) +@@ -409,7 +409,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) mutex_release(&sk->sk_lock.dep_map, 1, _RET_IP_); } else if (sk_add_backlog(sk, skb)) { bh_unlock_sock(sk); @@ -75662,7 +74079,7 @@ index b23f174..b9a0d26 100644 goto discard_and_relse; } -@@ -917,7 +917,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -974,7 +974,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, if (len > sizeof(peercred)) len = sizeof(peercred); cred_to_ucred(sk->sk_peer_pid, sk->sk_peer_cred, &peercred); @@ -75671,7 +74088,7 @@ index b23f174..b9a0d26 100644 return -EFAULT; goto lenout; } -@@ -930,7 +930,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -987,7 +987,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, return -ENOTCONN; if (lv < len) return -EINVAL; @@ -75680,7 +74097,7 @@ index b23f174..b9a0d26 100644 return -EFAULT; goto lenout; } -@@ -963,7 +963,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -1024,7 +1024,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, if (len > lv) len = lv; @@ -75689,7 +74106,7 @@ index b23f174..b9a0d26 100644 return -EFAULT; lenout: if (put_user(len, optlen)) -@@ -2020,7 +2020,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) +@@ -2108,7 +2108,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) */ smp_wmb(); atomic_set(&sk->sk_refcnt, 1); @@ -75698,6 +74115,38 @@ index b23f174..b9a0d26 100644 } EXPORT_SYMBOL(sock_init_data); +diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c +index b9868e1..849f809 100644 +--- a/net/core/sock_diag.c ++++ b/net/core/sock_diag.c +@@ -16,20 +16,27 @@ static DEFINE_MUTEX(sock_diag_table_mutex); + + int sock_diag_check_cookie(void *sk, __u32 *cookie) + { ++#ifndef CONFIG_GRKERNSEC_HIDESYM + if ((cookie[0] != INET_DIAG_NOCOOKIE || + cookie[1] != INET_DIAG_NOCOOKIE) && + ((u32)(unsigned long)sk != cookie[0] || + (u32)((((unsigned long)sk) >> 31) >> 1) != cookie[1])) + return -ESTALE; + else ++#endif + return 0; + } + EXPORT_SYMBOL_GPL(sock_diag_check_cookie); + + void sock_diag_save_cookie(void *sk, __u32 *cookie) + { ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ cookie[0] = 0; ++ cookie[1] = 0; ++#else + cookie[0] = (u32)(unsigned long)sk; + cookie[1] = (u32)(((unsigned long)sk >> 31) >> 1); ++#endif + } + EXPORT_SYMBOL_GPL(sock_diag_save_cookie); + diff --git a/net/decnet/sysctl_net_decnet.c b/net/decnet/sysctl_net_decnet.c index 02e75d1..9a57a7c 100644 --- a/net/decnet/sysctl_net_decnet.c @@ -75733,19 +74182,6 @@ index 39a2d29..f39c0fe 100644 ---help--- Econet is a fairly old and slow networking protocol mainly used by Acorn computers to access file and print servers. It uses native -diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c -index 36d1440..44ff28b 100644 ---- a/net/ipv4/ah4.c -+++ b/net/ipv4/ah4.c -@@ -19,6 +19,8 @@ struct ah_skb_cb { - #define AH_SKB_CB(__skb) ((struct ah_skb_cb *)&((__skb)->cb[0])) - - static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags, -+ unsigned int size) __size_overflow(3); -+static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags, - unsigned int size) - { - unsigned int len; diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 92fc5f6..b790d91 100644 --- a/net/ipv4/fib_frontend.c @@ -75787,71 +74223,6 @@ index 80106d8..232e898 100644 return nh->nh_saddr; } -diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c -index ccee270..db23c3c 100644 ---- a/net/ipv4/inet_diag.c -+++ b/net/ipv4/inet_diag.c -@@ -114,8 +114,14 @@ static int inet_csk_diag_fill(struct sock *sk, - r->idiag_retrans = 0; - - r->id.idiag_if = sk->sk_bound_dev_if; -+ -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ r->id.idiag_cookie[0] = 0; -+ r->id.idiag_cookie[1] = 0; -+#else - r->id.idiag_cookie[0] = (u32)(unsigned long)sk; - r->id.idiag_cookie[1] = (u32)(((unsigned long)sk >> 31) >> 1); -+#endif - - r->id.idiag_sport = inet->inet_sport; - r->id.idiag_dport = inet->inet_dport; -@@ -210,8 +216,15 @@ static int inet_twsk_diag_fill(struct inet_timewait_sock *tw, - r->idiag_family = tw->tw_family; - r->idiag_retrans = 0; - r->id.idiag_if = tw->tw_bound_dev_if; -+ -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ r->id.idiag_cookie[0] = 0; -+ r->id.idiag_cookie[1] = 0; -+#else - r->id.idiag_cookie[0] = (u32)(unsigned long)tw; - r->id.idiag_cookie[1] = (u32)(((unsigned long)tw >> 31) >> 1); -+#endif -+ - r->id.idiag_sport = tw->tw_sport; - r->id.idiag_dport = tw->tw_dport; - r->id.idiag_src[0] = tw->tw_rcv_saddr; -@@ -294,12 +307,14 @@ static int inet_diag_get_exact(struct sk_buff *in_skb, - if (sk == NULL) - goto unlock; - -+#ifndef CONFIG_GRKERNSEC_HIDESYM - err = -ESTALE; - if ((req->id.idiag_cookie[0] != INET_DIAG_NOCOOKIE || - req->id.idiag_cookie[1] != INET_DIAG_NOCOOKIE) && - ((u32)(unsigned long)sk != req->id.idiag_cookie[0] || - (u32)((((unsigned long)sk) >> 31) >> 1) != req->id.idiag_cookie[1])) - goto out; -+#endif - - err = -ENOMEM; - rep = alloc_skb(NLMSG_SPACE((sizeof(struct inet_diag_msg) + -@@ -589,8 +604,14 @@ static int inet_diag_fill_req(struct sk_buff *skb, struct sock *sk, - r->idiag_retrans = req->retrans; - - r->id.idiag_if = sk->sk_bound_dev_if; -+ -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ r->id.idiag_cookie[0] = 0; -+ r->id.idiag_cookie[1] = 0; -+#else - r->id.idiag_cookie[0] = (u32)(unsigned long)req; - r->id.idiag_cookie[1] = (u32)(((unsigned long)req >> 31) >> 1); -+#endif - - tmo = req->expires - jiffies; - if (tmo < 0) diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c index 984ec65..97ac518 100644 --- a/net/ipv4/inet_hashtables.c @@ -75882,10 +74253,10 @@ index 984ec65..97ac518 100644 inet_twsk_deschedule(tw, death_row); while (twrefcnt) { diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c -index 86f13c67..59a35b5 100644 +index d4d61b6..b81aec8 100644 --- a/net/ipv4/inetpeer.c +++ b/net/ipv4/inetpeer.c -@@ -436,8 +436,8 @@ relookup: +@@ -487,8 +487,8 @@ relookup: if (p) { p->daddr = *daddr; atomic_set(&p->refcnt, 1); @@ -75897,7 +74268,7 @@ index 86f13c67..59a35b5 100644 secure_ip_id(daddr->addr.a4) : secure_ipv6_id(daddr->addr.a6)); diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c -index fdaabf2..0ec3205 100644 +index 1f23a57..7180dfe 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -316,7 +316,7 @@ static inline int ip_frag_too_far(struct ipq *qp) @@ -75910,10 +74281,10 @@ index fdaabf2..0ec3205 100644 rc = qp->q.fragments && (end - start) > max; diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c -index 09ff51b..d3968eb 100644 +index 8aa87c1..35c3248 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c -@@ -1111,7 +1111,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, +@@ -1112,7 +1112,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, len = min_t(unsigned int, len, opt->optlen); if (put_user(len, optlen)) return -EFAULT; @@ -75923,7 +74294,7 @@ index 09ff51b..d3968eb 100644 return -EFAULT; return 0; } -@@ -1239,7 +1240,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, +@@ -1240,7 +1241,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, if (sk->sk_type != SOCK_STREAM) return -ENOPROTOOPT; @@ -75933,7 +74304,7 @@ index 09ff51b..d3968eb 100644 msg.msg_flags = flags; diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c -index 99ec116..c5628fe 100644 +index 6e412a6..6640538 100644 --- a/net/ipv4/ipconfig.c +++ b/net/ipv4/ipconfig.c @@ -318,7 +318,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg) @@ -75963,76 +74334,24 @@ index 99ec116..c5628fe 100644 set_fs(oldfs); return res; } -diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c -index fd7a3f6..e5be655 100644 ---- a/net/ipv4/netfilter/arp_tables.c -+++ b/net/ipv4/netfilter/arp_tables.c -@@ -984,6 +984,11 @@ static int __do_replace(struct net *net, const char *name, - unsigned int valid_hooks, - struct xt_table_info *newinfo, - unsigned int num_counters, -+ void __user *counters_ptr) __size_overflow(5); -+static int __do_replace(struct net *net, const char *name, -+ unsigned int valid_hooks, -+ struct xt_table_info *newinfo, -+ unsigned int num_counters, - void __user *counters_ptr) - { - int ret; -@@ -1104,6 +1109,8 @@ static int do_replace(struct net *net, const void __user *user, - } - - static int do_add_counters(struct net *net, const void __user *user, -+ unsigned int len, int compat) __size_overflow(3); -+static int do_add_counters(struct net *net, const void __user *user, - unsigned int len, int compat) - { - unsigned int i, curcpu; -diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c -index 24e556e..a8daf7a 100644 ---- a/net/ipv4/netfilter/ip_tables.c -+++ b/net/ipv4/netfilter/ip_tables.c -@@ -1172,6 +1172,10 @@ get_entries(struct net *net, struct ipt_get_entries __user *uptr, - static int - __do_replace(struct net *net, const char *name, unsigned int valid_hooks, - struct xt_table_info *newinfo, unsigned int num_counters, -+ void __user *counters_ptr) __size_overflow(5); -+static int -+__do_replace(struct net *net, const char *name, unsigned int valid_hooks, -+ struct xt_table_info *newinfo, unsigned int num_counters, - void __user *counters_ptr) - { - int ret; -@@ -1293,6 +1297,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len) - - static int - do_add_counters(struct net *net, const void __user *user, -+ unsigned int len, int compat) __size_overflow(3); -+static int -+do_add_counters(struct net *net, const void __user *user, - unsigned int len, int compat) - { - unsigned int i, curcpu; diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c -index 2133c30..0e8047e 100644 +index 2133c30..5c4b40b 100644 --- a/net/ipv4/netfilter/nf_nat_snmp_basic.c +++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c -@@ -435,6 +435,10 @@ static unsigned char asn1_subid_decode(struct asn1_ctx *ctx, - static unsigned char asn1_oid_decode(struct asn1_ctx *ctx, - unsigned char *eoc, - unsigned long **oid, -+ unsigned int *len) __size_overflow(2); -+static unsigned char asn1_oid_decode(struct asn1_ctx *ctx, -+ unsigned char *eoc, -+ unsigned long **oid, - unsigned int *len) - { - unsigned long subid; +@@ -399,7 +399,7 @@ static unsigned char asn1_octets_decode(struct asn1_ctx *ctx, + + *len = 0; + +- *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC); ++ *octets = kmalloc((eoc - ctx->pointer), GFP_ATOMIC); + if (*octets == NULL) + return 0; + diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index 43d4c3b..1914409 100644 +index b072386..abdebcf 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c -@@ -836,7 +836,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f, +@@ -838,7 +838,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f, sk_rmem_alloc_get(sp), 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -76042,10 +74361,10 @@ index 43d4c3b..1914409 100644 static int ping_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c -index 007e2eb..85a18a0 100644 +index 3ccda5a..3c1e61d 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c -@@ -303,7 +303,7 @@ static int raw_rcv_skb(struct sock * sk, struct sk_buff * skb) +@@ -304,7 +304,7 @@ static int raw_rcv_skb(struct sock * sk, struct sk_buff * skb) int raw_rcv(struct sock *sk, struct sk_buff *skb) { if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) { @@ -76054,7 +74373,7 @@ index 007e2eb..85a18a0 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -738,16 +738,20 @@ static int raw_init(struct sock *sk) +@@ -742,16 +742,20 @@ static int raw_init(struct sock *sk) static int raw_seticmpfilter(struct sock *sk, char __user *optval, int optlen) { @@ -76076,7 +74395,7 @@ index 007e2eb..85a18a0 100644 if (get_user(len, optlen)) goto out; -@@ -757,8 +761,8 @@ static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *o +@@ -761,8 +765,8 @@ static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *o if (len > sizeof(struct icmp_filter)) len = sizeof(struct icmp_filter); ret = -EFAULT; @@ -76087,7 +74406,7 @@ index 007e2eb..85a18a0 100644 goto out; ret = 0; out: return ret; -@@ -986,7 +990,13 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) +@@ -990,7 +994,13 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) sk_wmem_alloc_get(sp), sk_rmem_alloc_get(sp), 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -76103,10 +74422,10 @@ index 007e2eb..85a18a0 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index 94cdbc5..0cb0063 100644 +index 0197747..7adb0dc 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c -@@ -313,7 +313,7 @@ static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx, +@@ -311,7 +311,7 @@ static inline unsigned int rt_hash(__be32 daddr, __be32 saddr, int idx, static inline int rt_genid(struct net *net) { @@ -76115,16 +74434,16 @@ index 94cdbc5..0cb0063 100644 } #ifdef CONFIG_PROC_FS -@@ -937,7 +937,7 @@ static void rt_cache_invalidate(struct net *net) +@@ -935,7 +935,7 @@ static void rt_cache_invalidate(struct net *net) unsigned char shuffle; get_random_bytes(&shuffle, sizeof(shuffle)); - atomic_add(shuffle + 1U, &net->ipv4.rt_genid); + atomic_add_unchecked(shuffle + 1U, &net->ipv4.rt_genid); - redirect_genid++; + inetpeer_invalidate_tree(AF_INET); } -@@ -3022,7 +3022,7 @@ static int rt_fill_info(struct net *net, +@@ -3010,7 +3010,7 @@ static int rt_fill_info(struct net *net, error = rt->dst.error; if (peer) { inet_peer_refcheck(rt->peer); @@ -76133,65 +74452,11 @@ index 94cdbc5..0cb0063 100644 if (peer->tcp_ts_stamp) { ts = peer->tcp_ts; tsage = get_seconds() - peer->tcp_ts_stamp; -diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c -index 90f6544..769c0e9 100644 ---- a/net/ipv4/syncookies.c -+++ b/net/ipv4/syncookies.c -@@ -278,6 +278,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, - struct rtable *rt; - __u8 rcv_wscale; - bool ecn_ok = false; -+ struct flowi4 fl4; - - if (!sysctl_tcp_syncookies || !th->ack || th->rst) - goto out; -@@ -346,20 +347,16 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, - * hasn't changed since we received the original syn, but I see - * no easy way to do this. - */ -- { -- struct flowi4 fl4; -- -- flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), -- RT_SCOPE_UNIVERSE, IPPROTO_TCP, -- inet_sk_flowi_flags(sk), -- (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, -- ireq->loc_addr, th->source, th->dest); -- security_req_classify_flow(req, flowi4_to_flowi(&fl4)); -- rt = ip_route_output_key(sock_net(sk), &fl4); -- if (IS_ERR(rt)) { -- reqsk_free(req); -- goto out; -- } -+ flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), -+ RT_SCOPE_UNIVERSE, IPPROTO_TCP, -+ inet_sk_flowi_flags(sk), -+ (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, -+ ireq->loc_addr, th->source, th->dest); -+ security_req_classify_flow(req, flowi4_to_flowi(&fl4)); -+ rt = ip_route_output_key(sock_net(sk), &fl4); -+ if (IS_ERR(rt)) { -+ reqsk_free(req); -+ goto out; - } - - /* Try to redo what tcp_v4_send_synack did. */ -@@ -373,5 +370,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, - ireq->rcv_wscale = rcv_wscale; - - ret = get_cookie_sock(sk, skb, req, &rt->dst); -+ /* ip_queue_xmit() depends on our flow being setup -+ * Normal sockets get it right from inet_csk_route_child_sock() -+ */ -+ if (ret) -+ inet_sk(ret)->cork.fl.u.ip4 = fl4; - out: return ret; - } diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index eb90aa8..74908e1 100644 +index fd54c5f..96d6407 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c -@@ -87,6 +87,9 @@ int sysctl_tcp_tw_reuse __read_mostly; +@@ -88,6 +88,9 @@ int sysctl_tcp_tw_reuse __read_mostly; int sysctl_tcp_low_latency __read_mostly; EXPORT_SYMBOL(sysctl_tcp_low_latency); @@ -76201,24 +74466,7 @@ index eb90aa8..74908e1 100644 #ifdef CONFIG_TCP_MD5SIG static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk, -@@ -1465,9 +1468,13 @@ struct sock *tcp_v4_syn_recv_sock(struct sock *sk, struct sk_buff *skb, - inet_csk(newsk)->icsk_ext_hdr_len = inet_opt->opt.optlen; - newinet->inet_id = newtp->write_seq ^ jiffies; - -- if (!dst && (dst = inet_csk_route_child_sock(sk, newsk, req)) == NULL) -- goto put_and_exit; -- -+ if (!dst) { -+ dst = inet_csk_route_child_sock(sk, newsk, req); -+ if (!dst) -+ goto put_and_exit; -+ } else { -+ /* syncookie case : see end of cookie_v4_check() */ -+ } - sk_setup_caps(newsk, dst); - - tcp_mtup_init(newsk); -@@ -1632,6 +1639,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1638,6 +1641,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -76228,7 +74476,7 @@ index eb90aa8..74908e1 100644 tcp_v4_send_reset(rsk, skb); discard: kfree_skb(skb); -@@ -1694,12 +1704,19 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1700,12 +1706,19 @@ int tcp_v4_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -76251,7 +74499,7 @@ index eb90aa8..74908e1 100644 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1749,6 +1766,10 @@ no_tcp_socket: +@@ -1755,6 +1768,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -76262,7 +74510,7 @@ index eb90aa8..74908e1 100644 tcp_v4_send_reset(NULL, skb); } -@@ -2409,7 +2430,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req, +@@ -2417,7 +2434,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req, 0, /* non standard timer */ 0, /* open_requests have no inode */ atomic_read(&sk->sk_refcnt), @@ -76274,7 +74522,7 @@ index eb90aa8..74908e1 100644 len); } -@@ -2459,7 +2484,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len) +@@ -2467,7 +2488,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len) sock_i_uid(sk), icsk->icsk_probes_out, sock_i_ino(sk), @@ -76288,7 +74536,7 @@ index eb90aa8..74908e1 100644 jiffies_to_clock_t(icsk->icsk_rto), jiffies_to_clock_t(icsk->icsk_ack.ato), (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong, -@@ -2487,7 +2517,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw, +@@ -2495,7 +2521,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw, " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK%n", i, src, srcp, dest, destp, tw->tw_substate, 0, 0, 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, @@ -76304,7 +74552,7 @@ index eb90aa8..74908e1 100644 #define TMPSZ 150 diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c -index 66363b6..b0654a3 100644 +index 550e755..25721b3 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -27,6 +27,10 @@ @@ -76318,7 +74566,7 @@ index 66363b6..b0654a3 100644 int sysctl_tcp_syncookies __read_mostly = 1; EXPORT_SYMBOL(sysctl_tcp_syncookies); -@@ -751,6 +755,10 @@ listen_overflow: +@@ -753,6 +757,10 @@ listen_overflow: embryonic_reset: NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS); @@ -76343,7 +74591,7 @@ index 85ee7eb..53277ab 100644 cnt += width; } diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c -index 2e0f0af..e2948bf 100644 +index cd2e072..1fffee2 100644 --- a/net/ipv4/tcp_timer.c +++ b/net/ipv4/tcp_timer.c @@ -22,6 +22,10 @@ @@ -76357,7 +74605,7 @@ index 2e0f0af..e2948bf 100644 int sysctl_tcp_syn_retries __read_mostly = TCP_SYN_RETRIES; int sysctl_tcp_synack_retries __read_mostly = TCP_SYNACK_RETRIES; int sysctl_tcp_keepalive_time __read_mostly = TCP_KEEPALIVE_TIME; -@@ -199,6 +203,13 @@ static int tcp_write_timeout(struct sock *sk) +@@ -196,6 +200,13 @@ static int tcp_write_timeout(struct sock *sk) } } @@ -76372,7 +74620,7 @@ index 2e0f0af..e2948bf 100644 syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) { /* Has it gone just too far? */ diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c -index 5a65eea..bd913a1 100644 +index 5d075b5..d907d5f 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -86,6 +86,7 @@ @@ -76394,7 +74642,7 @@ index 5a65eea..bd913a1 100644 struct udp_table udp_table __read_mostly; EXPORT_SYMBOL(udp_table); -@@ -565,6 +570,9 @@ found: +@@ -566,6 +571,9 @@ found: return s; } @@ -76404,7 +74652,7 @@ index 5a65eea..bd913a1 100644 /* * This routine is called by the ICMP module when it gets some * sort of error condition. If err < 0 then the socket should -@@ -856,9 +864,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -857,9 +865,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, dport = usin->sin_port; if (dport == 0) return -EINVAL; @@ -76423,7 +74671,7 @@ index 5a65eea..bd913a1 100644 daddr = inet->inet_daddr; dport = inet->inet_dport; /* Open fast path for connected socket. -@@ -1099,7 +1116,7 @@ static unsigned int first_packet_length(struct sock *sk) +@@ -1100,7 +1117,7 @@ static unsigned int first_packet_length(struct sock *sk) udp_lib_checksum_complete(skb)) { UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, IS_UDPLITE(sk)); @@ -76432,7 +74680,7 @@ index 5a65eea..bd913a1 100644 __skb_unlink(skb, rcvq); __skb_queue_tail(&list_kill, skb); } -@@ -1185,6 +1202,10 @@ try_again: +@@ -1186,6 +1203,10 @@ try_again: if (!skb) goto out; @@ -76443,7 +74691,7 @@ index 5a65eea..bd913a1 100644 ulen = skb->len - sizeof(struct udphdr); copied = len; if (copied > ulen) -@@ -1487,7 +1508,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -1489,7 +1510,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) drop: UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); @@ -76452,7 +74700,7 @@ index 5a65eea..bd913a1 100644 kfree_skb(skb); return -1; } -@@ -1506,7 +1527,7 @@ static void flush_stack(struct sock **stack, unsigned int count, +@@ -1508,7 +1529,7 @@ static void flush_stack(struct sock **stack, unsigned int count, skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC); if (!skb1) { @@ -76461,7 +74709,7 @@ index 5a65eea..bd913a1 100644 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, IS_UDPLITE(sk)); UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, -@@ -1675,6 +1696,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, +@@ -1677,6 +1698,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, goto csum_error; UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); @@ -76471,7 +74719,7 @@ index 5a65eea..bd913a1 100644 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); /* -@@ -2098,8 +2122,13 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f, +@@ -2100,8 +2124,13 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f, sk_wmem_alloc_get(sp), sk_rmem_alloc_get(sp), 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -76488,10 +74736,10 @@ index 5a65eea..bd913a1 100644 int udp4_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index a5521c5..984a2f4 100644 +index 6b8ebc5..1d624f4 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c -@@ -2153,7 +2153,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) +@@ -2145,7 +2145,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) p.iph.ihl = 5; p.iph.protocol = IPPROTO_IPV6; p.iph.ttl = 64; @@ -76500,21 +74748,8 @@ index a5521c5..984a2f4 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); -diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c -index 4c0f894..fca5d15 100644 ---- a/net/ipv6/ah6.c -+++ b/net/ipv6/ah6.c -@@ -56,6 +56,8 @@ struct ah_skb_cb { - #define AH_SKB_CB(__skb) ((struct ah_skb_cb *)&((__skb)->cb[0])) - - static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags, -+ unsigned int size) __size_overflow(3); -+static void *ah_alloc_tmp(struct crypto_ahash *ahash, int nfrags, - unsigned int size) - { - unsigned int len; diff --git a/net/ipv6/inet6_connection_sock.c b/net/ipv6/inet6_connection_sock.c -index 1567fb1..29af910 100644 +index 02dd203..e03fcc9 100644 --- a/net/ipv6/inet6_connection_sock.c +++ b/net/ipv6/inet6_connection_sock.c @@ -178,7 +178,7 @@ void __inet6_csk_dst_store(struct sock *sk, struct dst_entry *dst, @@ -76536,7 +74771,7 @@ index 1567fb1..29af910 100644 dst = NULL; } diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c -index 26cb08c..8af9877 100644 +index 18a2719..779f36a 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c @@ -960,7 +960,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, @@ -76548,33 +74783,8 @@ index 26cb08c..8af9877 100644 msg.msg_controllen = len; msg.msg_flags = flags; -diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c -index 94874b0..dc413fa 100644 ---- a/net/ipv6/netfilter/ip6_tables.c -+++ b/net/ipv6/netfilter/ip6_tables.c -@@ -1194,6 +1194,10 @@ get_entries(struct net *net, struct ip6t_get_entries __user *uptr, - static int - __do_replace(struct net *net, const char *name, unsigned int valid_hooks, - struct xt_table_info *newinfo, unsigned int num_counters, -+ void __user *counters_ptr) __size_overflow(5); -+static int -+__do_replace(struct net *net, const char *name, unsigned int valid_hooks, -+ struct xt_table_info *newinfo, unsigned int num_counters, - void __user *counters_ptr) - { - int ret; -@@ -1315,6 +1319,9 @@ do_replace(struct net *net, const void __user *user, unsigned int len) - - static int - do_add_counters(struct net *net, const void __user *user, unsigned int len, -+ int compat) __size_overflow(3); -+static int -+do_add_counters(struct net *net, const void __user *user, unsigned int len, - int compat) - { - unsigned int i, curcpu; diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c -index 361ebf3..d5628fb 100644 +index d02f7e4..2d2a0f1 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c @@ -377,7 +377,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -76586,7 +74796,7 @@ index 361ebf3..d5628fb 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -404,7 +404,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb) +@@ -405,7 +405,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb) struct raw6_sock *rp = raw6_sk(sk); if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) { @@ -76595,7 +74805,7 @@ index 361ebf3..d5628fb 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -428,7 +428,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb) +@@ -429,7 +429,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb) if (inet->hdrincl) { if (skb_checksum_complete(skb)) { @@ -76604,7 +74814,7 @@ index 361ebf3..d5628fb 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -601,7 +601,7 @@ out: +@@ -602,7 +602,7 @@ out: return err; } @@ -76613,7 +74823,7 @@ index 361ebf3..d5628fb 100644 struct flowi6 *fl6, struct dst_entry **dstp, unsigned int flags) { -@@ -909,12 +909,15 @@ do_confirm: +@@ -912,12 +912,15 @@ do_confirm: static int rawv6_seticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int optlen) { @@ -76630,7 +74840,7 @@ index 361ebf3..d5628fb 100644 return 0; default: return -ENOPROTOOPT; -@@ -927,6 +930,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, +@@ -930,6 +933,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { int len; @@ -76638,7 +74848,7 @@ index 361ebf3..d5628fb 100644 switch (optname) { case ICMPV6_FILTER: -@@ -938,7 +942,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, +@@ -941,7 +945,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, len = sizeof(struct icmp6_filter); if (put_user(len, optlen)) return -EFAULT; @@ -76648,7 +74858,7 @@ index 361ebf3..d5628fb 100644 return -EFAULT; return 0; default: -@@ -1245,7 +1250,13 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) +@@ -1248,7 +1253,13 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -76664,10 +74874,10 @@ index 361ebf3..d5628fb 100644 static int raw6_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index b859e4a..f9d1589 100644 +index 3edd05a..63aad01 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c -@@ -93,6 +93,10 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, +@@ -94,6 +94,10 @@ static struct tcp_md5sig_key *tcp_v6_md5_do_lookup(struct sock *sk, } #endif @@ -76678,7 +74888,7 @@ index b859e4a..f9d1589 100644 static void tcp_v6_hash(struct sock *sk) { if (sk->sk_state != TCP_CLOSE) { -@@ -1651,6 +1655,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1650,6 +1654,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -76688,7 +74898,7 @@ index b859e4a..f9d1589 100644 tcp_v6_send_reset(sk, skb); discard: if (opt_skb) -@@ -1730,12 +1737,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) +@@ -1729,12 +1736,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -76711,7 +74921,7 @@ index b859e4a..f9d1589 100644 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1783,6 +1798,10 @@ no_tcp_socket: +@@ -1782,6 +1797,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -76767,7 +74977,7 @@ index b859e4a..f9d1589 100644 static int tcp6_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c -index 8c25419..47a51ae 100644 +index 4f96b5c..75543d7 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -50,6 +50,10 @@ @@ -76781,7 +74991,7 @@ index 8c25419..47a51ae 100644 int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2) { const struct in6_addr *sk_rcv_saddr6 = &inet6_sk(sk)->rcv_saddr; -@@ -549,7 +553,7 @@ int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb) +@@ -551,7 +555,7 @@ int udpv6_queue_rcv_skb(struct sock * sk, struct sk_buff *skb) return 0; drop: @@ -76790,7 +75000,7 @@ index 8c25419..47a51ae 100644 drop_no_sk_drops_inc: UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); kfree_skb(skb); -@@ -625,7 +629,7 @@ static void flush_stack(struct sock **stack, unsigned int count, +@@ -627,7 +631,7 @@ static void flush_stack(struct sock **stack, unsigned int count, continue; } drop: @@ -76799,7 +75009,7 @@ index 8c25419..47a51ae 100644 UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, IS_UDPLITE(sk)); UDP6_INC_STATS_BH(sock_net(sk), -@@ -780,6 +784,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, +@@ -782,6 +786,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); @@ -76809,7 +75019,7 @@ index 8c25419..47a51ae 100644 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0); kfree_skb(skb); -@@ -796,7 +803,7 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, +@@ -798,7 +805,7 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, if (!sock_owned_by_user(sk)) udpv6_queue_rcv_skb(sk, skb); else if (sk_add_backlog(sk, skb)) { @@ -76818,7 +75028,7 @@ index 8c25419..47a51ae 100644 bh_unlock_sock(sk); sock_put(sk); goto discard; -@@ -1407,8 +1414,13 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket +@@ -1410,8 +1417,13 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), @@ -76961,10 +75171,10 @@ index 253695d..9481ce8 100644 seq_printf(m, "Max header size: %d\n", self->max_header_size); diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c -index 274d150..656a144 100644 +index d5c5b8f..33beff0 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c -@@ -787,10 +787,10 @@ static int iucv_sock_autobind(struct sock *sk) +@@ -764,10 +764,10 @@ static int iucv_sock_autobind(struct sock *sk) write_lock_bh(&iucv_sk_list.lock); @@ -76978,7 +75188,7 @@ index 274d150..656a144 100644 write_unlock_bh(&iucv_sk_list.lock); diff --git a/net/key/af_key.c b/net/key/af_key.c -index 1e733e9..3d73c9f 100644 +index 11dbb22..c20f667 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c @@ -3016,10 +3016,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc @@ -76995,10 +75205,10 @@ index 1e733e9..3d73c9f 100644 return res; } diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h -index 73495f1..ad51356 100644 +index 2f0642d..e5c6fba 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h -@@ -27,6 +27,7 @@ +@@ -28,6 +28,7 @@ #include <net/ieee80211_radiotap.h> #include <net/cfg80211.h> #include <net/mac80211.h> @@ -77006,7 +75216,7 @@ index 73495f1..ad51356 100644 #include "key.h" #include "sta_info.h" -@@ -764,7 +765,7 @@ struct ieee80211_local { +@@ -781,7 +782,7 @@ struct ieee80211_local { /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */ spinlock_t queue_stop_reason_lock; @@ -77016,10 +75226,10 @@ index 73495f1..ad51356 100644 /* number of interfaces with corresponding FIF_ flags */ int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll, diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c -index 30d7355..e260095 100644 +index 8e2137b..2974283 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c -@@ -211,7 +211,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) +@@ -222,7 +222,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) break; } @@ -77028,7 +75238,7 @@ index 30d7355..e260095 100644 res = drv_start(local); if (res) goto err_del_bss; -@@ -235,7 +235,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) +@@ -246,7 +246,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) memcpy(dev->perm_addr, dev->dev_addr, ETH_ALEN); if (!is_valid_ether_addr(dev->dev_addr)) { @@ -77037,25 +75247,25 @@ index 30d7355..e260095 100644 drv_stop(local); return -EADDRNOTAVAIL; } -@@ -327,7 +327,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) +@@ -347,7 +347,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) mutex_unlock(&local->mtx); if (coming_up) - local->open_count++; + local_inc(&local->open_count); - if (hw_reconf_flags) { + if (hw_reconf_flags) ieee80211_hw_config(local, hw_reconf_flags); -@@ -347,7 +347,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) +@@ -360,7 +360,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) err_del_interface: - drv_remove_interface(local, &sdata->vif); + drv_remove_interface(local, sdata); err_stop: - if (!local->open_count) + if (!local_read(&local->open_count)) drv_stop(local); err_del_bss: sdata->bss = NULL; -@@ -472,7 +472,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -489,7 +489,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, } if (going_down) @@ -77064,7 +75274,7 @@ index 30d7355..e260095 100644 switch (sdata->vif.type) { case NL80211_IFTYPE_AP_VLAN: -@@ -531,7 +531,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -548,7 +548,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, ieee80211_recalc_ps(local, -1); @@ -77074,10 +75284,10 @@ index 30d7355..e260095 100644 napi_disable(&local->napi); ieee80211_clear_tx_pending(local); diff --git a/net/mac80211/main.c b/net/mac80211/main.c -index 7d9b21d..0687004 100644 +index b142bd4..a651749 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c -@@ -163,7 +163,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) +@@ -166,7 +166,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) local->hw.conf.power_level = power; } @@ -77087,7 +75297,7 @@ index 7d9b21d..0687004 100644 /* * Goal: diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c -index 9ee7164..56c5061 100644 +index 596efaf..8f1911f 100644 --- a/net/mac80211/pm.c +++ b/net/mac80211/pm.c @@ -34,7 +34,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) @@ -77118,7 +75328,7 @@ index 9ee7164..56c5061 100644 suspend: diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c -index 7d84b87..6a69cd9 100644 +index f9b8e81..bb89b46 100644 --- a/net/mac80211/rate.c +++ b/net/mac80211/rate.c @@ -401,7 +401,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, @@ -77144,12 +75354,12 @@ index c97a065..ff61928 100644 return p; diff --git a/net/mac80211/util.c b/net/mac80211/util.c -index d5230ec..c604b21 100644 +index 9919892..8c49803 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c -@@ -1000,7 +1000,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) - drv_set_coverage_class(local, hw->wiphy->coverage_class); - +@@ -1143,7 +1143,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) + } + #endif /* everything else happens only if HW was up & running */ - if (!local->open_count) + if (!local_read(&local->open_count)) @@ -77157,10 +75367,10 @@ index d5230ec..c604b21 100644 /* diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig -index d5597b7..ab6d39c 100644 +index f8ac4ef..b02560b 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig -@@ -779,6 +779,16 @@ config NETFILTER_XT_MATCH_ESP +@@ -806,6 +806,16 @@ config NETFILTER_XT_MATCH_ESP To compile it as a module, choose M here. If unsure, say N. @@ -77178,12 +75388,12 @@ index d5597b7..ab6d39c 100644 tristate '"hashlimit" match support' depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n) diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile -index 1a02853..5d8c22e 100644 +index 40f4c3d..0d5dd6b 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile -@@ -81,6 +81,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DCCP) += xt_dccp.o - obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o +@@ -83,6 +83,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o obj-$(CONFIG_NETFILTER_XT_MATCH_DSCP) += xt_dscp.o + obj-$(CONFIG_NETFILTER_XT_MATCH_ECN) += xt_ecn.o obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o +obj-$(CONFIG_NETFILTER_XT_MATCH_GRADM) += xt_gradm.o obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o @@ -77221,7 +75431,7 @@ index 29fa5ba..8debc79 100644 if (!todrop_rate[i]) return 0; diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c -index 6dc7d7d..e45913a 100644 +index 2555816..31492d9 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c @@ -562,7 +562,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, @@ -77243,7 +75453,7 @@ index 6dc7d7d..e45913a 100644 if ((ipvs->sync_state & IP_VS_STATE_MASTER) && cp->protocol == IPPROTO_SCTP) { diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c -index e1a66cf..0910076 100644 +index b3afe18..08ec940 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -788,7 +788,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest, @@ -77292,7 +75502,7 @@ index e1a66cf..0910076 100644 NLA_PUT_U32(skb, IPVS_DEST_ATTR_U_THRESH, dest->u_threshold); NLA_PUT_U32(skb, IPVS_DEST_ATTR_L_THRESH, dest->l_threshold); diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c -index 2b6678c0..aaa41fc 100644 +index 8a0d6d6..90ec197 100644 --- a/net/netfilter/ipvs/ip_vs_sync.c +++ b/net/netfilter/ipvs/ip_vs_sync.c @@ -649,7 +649,7 @@ control: @@ -77314,7 +75524,7 @@ index 2b6678c0..aaa41fc 100644 cp->old_state = cp->state; /* diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c -index aa2d720..d8aa111 100644 +index 7fd66de..e6fb361 100644 --- a/net/netfilter/ipvs/ip_vs_xmit.c +++ b/net/netfilter/ipvs/ip_vs_xmit.c @@ -1151,7 +1151,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, @@ -77449,10 +75659,10 @@ index 4fe4fb4..87a89e5 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index 1201b6d..bcff8c6 100644 +index 629b061..21cd04c 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c -@@ -742,7 +742,7 @@ static void netlink_overrun(struct sock *sk) +@@ -741,7 +741,7 @@ static void netlink_overrun(struct sock *sk) sk->sk_error_report(sk); } } @@ -77461,7 +75671,7 @@ index 1201b6d..bcff8c6 100644 } static struct sock *netlink_getsockbypid(struct sock *ssk, u32 pid) -@@ -1999,7 +1999,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) +@@ -1995,7 +1995,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) sk_wmem_alloc_get(s), nlk->cb, atomic_read(&s->sk_refcnt), @@ -77471,7 +75681,7 @@ index 1201b6d..bcff8c6 100644 ); diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c -index 732152f..60bb09e 100644 +index 7dab229..212156f 100644 --- a/net/netrom/af_netrom.c +++ b/net/netrom/af_netrom.c @@ -839,6 +839,7 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr, @@ -77491,10 +75701,10 @@ index 732152f..60bb09e 100644 *uaddr_len = sizeof(struct sockaddr_ax25); } diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index d9d4970..d5a6a68 100644 +index 2dbb32b..a1b4722 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c -@@ -1675,7 +1675,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1676,7 +1676,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, spin_lock(&sk->sk_receive_queue.lock); po->stats.tp_packets++; @@ -77503,7 +75713,7 @@ index d9d4970..d5a6a68 100644 __skb_queue_tail(&sk->sk_receive_queue, skb); spin_unlock(&sk->sk_receive_queue.lock); sk->sk_data_ready(sk, skb->len); -@@ -1684,7 +1684,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1685,7 +1685,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, drop_n_acct: spin_lock(&sk->sk_receive_queue.lock); po->stats.tp_drops++; @@ -77512,7 +75722,7 @@ index d9d4970..d5a6a68 100644 spin_unlock(&sk->sk_receive_queue.lock); drop_n_restore: -@@ -3266,7 +3266,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3271,7 +3271,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, case PACKET_HDRLEN: if (len > sizeof(int)) len = sizeof(int); @@ -77521,7 +75731,7 @@ index d9d4970..d5a6a68 100644 return -EFAULT; switch (val) { case TPACKET_V1: -@@ -3316,7 +3316,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3321,7 +3321,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, if (put_user(len, optlen)) return -EFAULT; @@ -77553,7 +75763,7 @@ index d65f699..05aa6ce 100644 err = proto_register(pp->prot, 1); diff --git a/net/phonet/pep.c b/net/phonet/pep.c -index 2ba6e9f..409573f 100644 +index 9f60008..ae96f04 100644 --- a/net/phonet/pep.c +++ b/net/phonet/pep.c @@ -388,7 +388,7 @@ static int pipe_do_rcv(struct sock *sk, struct sk_buff *skb) @@ -77574,7 +75784,7 @@ index 2ba6e9f..409573f 100644 err = -ENOBUFS; break; } -@@ -557,7 +557,7 @@ static int pipe_handler_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -580,7 +580,7 @@ static int pipe_handler_do_rcv(struct sock *sk, struct sk_buff *skb) } if (pn->rx_credits == 0) { @@ -77770,7 +75980,7 @@ index 74c064c..fdec26f 100644 /* count of skbs currently in use */ atomic_t rxrpc_n_skbs; diff --git a/net/rxrpc/ar-ack.c b/net/rxrpc/ar-ack.c -index f99cfce..cc529dd 100644 +index c3126e8..21facc7 100644 --- a/net/rxrpc/ar-ack.c +++ b/net/rxrpc/ar-ack.c @@ -175,7 +175,7 @@ static void rxrpc_resend(struct rxrpc_call *call) @@ -77938,7 +76148,7 @@ index 87f7135..74d3703 100644 } diff --git a/net/rxrpc/ar-output.c b/net/rxrpc/ar-output.c -index 338d793..47391d0 100644 +index 16ae887..d24f12b 100644 --- a/net/rxrpc/ar-output.c +++ b/net/rxrpc/ar-output.c @@ -682,9 +682,9 @@ static int rxrpc_send_data(struct kiocb *iocb, @@ -78031,7 +76241,7 @@ index 1e2eee8..ce3967e 100644 assoc->assoc_id, assoc->sndbuf_used, diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index 54a7cd2..944edae 100644 +index 408ebd0..202aa85 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -4574,7 +4574,7 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, @@ -78044,7 +76254,7 @@ index 54a7cd2..944edae 100644 to += addrlen; cnt++; diff --git a/net/socket.c b/net/socket.c -index 2dce67a..1e91168 100644 +index 28a96af..61a7a06 100644 --- a/net/socket.c +++ b/net/socket.c @@ -88,6 +88,7 @@ @@ -78073,7 +76283,7 @@ index 2dce67a..1e91168 100644 static struct file_system_type sock_fs_type = { .name = "sockfs", -@@ -1187,6 +1190,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, +@@ -1207,6 +1210,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, return -EAFNOSUPPORT; if (type < 0 || type >= SOCK_MAX) return -EINVAL; @@ -78082,7 +76292,7 @@ index 2dce67a..1e91168 100644 /* Compatibility. -@@ -1319,6 +1324,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol) +@@ -1339,6 +1344,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol) if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK)) flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK; @@ -78099,7 +76309,7 @@ index 2dce67a..1e91168 100644 retval = sock_create(family, type, protocol, &sock); if (retval < 0) goto out; -@@ -1431,6 +1446,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1451,6 +1466,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) if (sock) { err = move_addr_to_kernel(umyaddr, addrlen, (struct sockaddr *)&address); if (err >= 0) { @@ -78114,7 +76324,7 @@ index 2dce67a..1e91168 100644 err = security_socket_bind(sock, (struct sockaddr *)&address, addrlen); -@@ -1439,6 +1462,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1459,6 +1482,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) (struct sockaddr *) &address, addrlen); } @@ -78122,7 +76332,7 @@ index 2dce67a..1e91168 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1462,10 +1486,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) +@@ -1482,10 +1506,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) if ((unsigned)backlog > somaxconn) backlog = somaxconn; @@ -78143,7 +76353,7 @@ index 2dce67a..1e91168 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1509,6 +1543,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1529,6 +1563,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, newsock->type = sock->type; newsock->ops = sock->ops; @@ -78162,7 +76372,7 @@ index 2dce67a..1e91168 100644 /* * We don't need try_module_get here, as the listening socket (sock) * has the protocol module (sock->ops->owner) held. -@@ -1547,6 +1593,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1567,6 +1613,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, fd_install(newfd, newfile); err = newfd; @@ -78171,7 +76381,7 @@ index 2dce67a..1e91168 100644 out_put: fput_light(sock->file, fput_needed); out: -@@ -1579,6 +1627,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1599,6 +1647,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, int, addrlen) { struct socket *sock; @@ -78179,7 +76389,7 @@ index 2dce67a..1e91168 100644 struct sockaddr_storage address; int err, fput_needed; -@@ -1589,6 +1638,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1609,6 +1658,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, if (err < 0) goto out_put; @@ -78197,7 +76407,7 @@ index 2dce67a..1e91168 100644 err = security_socket_connect(sock, (struct sockaddr *)&address, addrlen); if (err) -@@ -1950,7 +2010,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, +@@ -1970,7 +2030,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -78206,7 +76416,7 @@ index 2dce67a..1e91168 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2120,7 +2180,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2140,7 +2200,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, * kernel msghdr to use the kernel address space) */ @@ -78215,7 +76425,7 @@ index 2dce67a..1e91168 100644 uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) { err = verify_compat_iovec(msg_sys, iov, -@@ -2748,7 +2808,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2768,7 +2828,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) } ifr = compat_alloc_user_space(buf_size); @@ -78224,7 +76434,7 @@ index 2dce67a..1e91168 100644 if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ)) return -EFAULT; -@@ -2772,12 +2832,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2792,12 +2852,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) offsetof(struct ethtool_rxnfc, fs.ring_cookie)); if (copy_in_user(rxnfc, compat_rxnfc, @@ -78241,7 +76451,7 @@ index 2dce67a..1e91168 100644 copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt, sizeof(rxnfc->rule_cnt))) return -EFAULT; -@@ -2789,12 +2849,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2809,12 +2869,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) if (convert_out) { if (copy_in_user(compat_rxnfc, rxnfc, @@ -78258,7 +76468,7 @@ index 2dce67a..1e91168 100644 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt, sizeof(rxnfc->rule_cnt))) return -EFAULT; -@@ -2864,7 +2924,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -2884,7 +2944,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -78267,7 +76477,7 @@ index 2dce67a..1e91168 100644 set_fs(old_fs); return err; -@@ -2973,7 +3033,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -2993,7 +3053,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -78276,7 +76486,7 @@ index 2dce67a..1e91168 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3078,7 +3138,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3098,7 +3158,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= __get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -78285,7 +76495,7 @@ index 2dce67a..1e91168 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3318,8 +3378,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3324,8 +3384,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -78296,7 +76506,7 @@ index 2dce67a..1e91168 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3339,7 +3399,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3345,7 +3405,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -78306,10 +76516,10 @@ index 2dce67a..1e91168 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c -index 00a1a2a..6a0138a 100644 +index 3341d89..c662621 100644 --- a/net/sunrpc/sched.c +++ b/net/sunrpc/sched.c -@@ -238,9 +238,9 @@ static int rpc_wait_bit_killable(void *word) +@@ -239,9 +239,9 @@ static int rpc_wait_bit_killable(void *word) #ifdef RPC_DEBUG static void rpc_task_set_debuginfo(struct rpc_task *task) { @@ -78322,7 +76532,7 @@ index 00a1a2a..6a0138a 100644 #else static inline void rpc_task_set_debuginfo(struct rpc_task *task) diff --git a/net/sunrpc/svcsock.c b/net/sunrpc/svcsock.c -index 71bed1c..5dff36d 100644 +index 4645709..d41d668 100644 --- a/net/sunrpc/svcsock.c +++ b/net/sunrpc/svcsock.c @@ -396,7 +396,7 @@ static int svc_partial_recvfrom(struct svc_rqst *rqstp, @@ -78490,7 +76700,7 @@ index 249a835..fb2794b 100644 goto err; return 0; diff --git a/net/sunrpc/xprtrdma/svc_rdma_transport.c b/net/sunrpc/xprtrdma/svc_rdma_transport.c -index ba1296d..0fec1a5 100644 +index 894cb42..cf5bafb 100644 --- a/net/sunrpc/xprtrdma/svc_rdma_transport.c +++ b/net/sunrpc/xprtrdma/svc_rdma_transport.c @@ -300,7 +300,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) @@ -78552,10 +76762,10 @@ index e758139..d29ea47 100644 return (mode << 6) | (mode << 3) | mode; } diff --git a/net/tipc/link.c b/net/tipc/link.c -index ae98a72..7bb6056 100644 +index ac1832a..533ed97 100644 --- a/net/tipc/link.c +++ b/net/tipc/link.c -@@ -1203,7 +1203,7 @@ static int link_send_sections_long(struct tipc_port *sender, +@@ -1205,7 +1205,7 @@ static int link_send_sections_long(struct tipc_port *sender, struct tipc_msg fragm_hdr; struct sk_buff *buf, *buf_chain, *prev; u32 fragm_crs, fragm_rest, hsz, sect_rest; @@ -78564,7 +76774,7 @@ index ae98a72..7bb6056 100644 int curr_sect; u32 fragm_no; -@@ -1247,7 +1247,7 @@ again: +@@ -1249,7 +1249,7 @@ again: if (!sect_rest) { sect_rest = msg_sect[++curr_sect].iov_len; @@ -78573,7 +76783,7 @@ index ae98a72..7bb6056 100644 } if (sect_rest < fragm_rest) -@@ -1266,7 +1266,7 @@ error: +@@ -1268,7 +1268,7 @@ error: } } else skb_copy_to_linear_data_offset(buf, fragm_crs, @@ -78583,7 +76793,7 @@ index ae98a72..7bb6056 100644 sect_rest -= sz; fragm_crs += sz; diff --git a/net/tipc/msg.c b/net/tipc/msg.c -index 83d5096..dcba497 100644 +index 3e4d3e2..27b55dc 100644 --- a/net/tipc/msg.c +++ b/net/tipc/msg.c @@ -99,7 +99,7 @@ int tipc_msg_build(struct tipc_msg *hdr, struct iovec const *msg_sect, @@ -78596,10 +76806,10 @@ index 83d5096..dcba497 100644 pos += msg_sect[cnt].iov_len; } diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c -index 1983717..4d6102c 100644 +index 8c49566..14510cb 100644 --- a/net/tipc/subscr.c +++ b/net/tipc/subscr.c -@@ -101,7 +101,7 @@ static void subscr_send_event(struct subscription *sub, +@@ -101,7 +101,7 @@ static void subscr_send_event(struct tipc_subscription *sub, { struct iovec msg_sect; @@ -78609,10 +76819,10 @@ index 1983717..4d6102c 100644 sub->evt.event = htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index d99678a..3514a21 100644 +index 85d3bb7..79f4487 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c -@@ -767,6 +767,12 @@ static struct sock *unix_find_other(struct net *net, +@@ -770,6 +770,12 @@ static struct sock *unix_find_other(struct net *net, err = -ECONNREFUSED; if (!S_ISSOCK(inode->i_mode)) goto put_fail; @@ -78625,7 +76835,7 @@ index d99678a..3514a21 100644 u = unix_find_socket_byinode(inode); if (!u) goto put_fail; -@@ -787,6 +793,13 @@ static struct sock *unix_find_other(struct net *net, +@@ -790,6 +796,13 @@ static struct sock *unix_find_other(struct net *net, if (u) { struct dentry *dentry; dentry = unix_sk(u)->dentry; @@ -78639,7 +76849,7 @@ index d99678a..3514a21 100644 if (dentry) touch_atime(unix_sk(u)->mnt, dentry); } else -@@ -869,11 +882,18 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) +@@ -872,11 +885,18 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len) err = security_path_mknod(&path, dentry, mode, 0); if (err) goto out_mknod_drop_write; @@ -78659,7 +76869,7 @@ index d99678a..3514a21 100644 dput(path.dentry); path.dentry = dentry; diff --git a/net/wireless/core.h b/net/wireless/core.h -index b9ec306..b4a563e 100644 +index 43ad9c8..ab5127c 100644 --- a/net/wireless/core.h +++ b/net/wireless/core.h @@ -27,7 +27,7 @@ struct cfg80211_registered_device { @@ -78709,7 +76919,7 @@ index 0af7f54..c916d2f 100644 iwp->length += essid_compat; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 9049a5c..cfa6f5c 100644 +index 7661576..80f7627 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -299,7 +299,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) @@ -78887,10 +77097,10 @@ index 0000000..8729101 +#!/bin/sh +echo -e "#include \"gcc-plugin.h\"\n#include \"tree.h\"\n#include \"tm.h\"\n#include \"rtl.h\"" | $1 -x c -shared - -o /dev/null -I`$2 -print-file-name=plugin`/include >/dev/null 2>&1 && echo "y" diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c -index f936d1f..a66d95f 100644 +index b89efe6..2c30808 100644 --- a/scripts/mod/file2alias.c +++ b/scripts/mod/file2alias.c -@@ -72,7 +72,7 @@ static void device_id_check(const char *modname, const char *device_id, +@@ -128,7 +128,7 @@ static void device_id_check(const char *modname, const char *device_id, unsigned long size, unsigned long id_size, void *symval) { @@ -78899,7 +77109,7 @@ index f936d1f..a66d95f 100644 if (size % id_size || size < id_size) { if (cross_build != 0) -@@ -102,7 +102,7 @@ static void device_id_check(const char *modname, const char *device_id, +@@ -158,7 +158,7 @@ static void device_id_check(const char *modname, const char *device_id, /* USB is special because the bcdDevice can be matched against a numeric range */ /* Looks like "usb:vNpNdNdcNdscNdpNicNiscNipN" */ static void do_usb_entry(struct usb_device_id *id, @@ -78908,7 +77118,7 @@ index f936d1f..a66d95f 100644 unsigned char range_lo, unsigned char range_hi, unsigned char max, struct module *mod) { -@@ -203,7 +203,7 @@ static void do_usb_entry_multi(struct usb_device_id *id, struct module *mod) +@@ -259,7 +259,7 @@ static void do_usb_entry_multi(struct usb_device_id *id, struct module *mod) { unsigned int devlo, devhi; unsigned char chi, clo, max; @@ -78917,7 +77127,7 @@ index f936d1f..a66d95f 100644 id->match_flags = TO_NATIVE(id->match_flags); id->idVendor = TO_NATIVE(id->idVendor); -@@ -437,7 +437,7 @@ static void do_pnp_device_entry(void *symval, unsigned long size, +@@ -501,7 +501,7 @@ static void do_pnp_device_entry(void *symval, unsigned long size, for (i = 0; i < count; i++) { const char *id = (char *)devs[i].id; char acpi_id[sizeof(devs[0].id)]; @@ -78926,7 +77136,7 @@ index f936d1f..a66d95f 100644 buf_printf(&mod->dev_table_buf, "MODULE_ALIAS(\"pnp:d%s*\");\n", id); -@@ -467,7 +467,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size, +@@ -531,7 +531,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size, for (j = 0; j < PNP_MAX_DEVICES; j++) { const char *id = (char *)card->devs[j].id; @@ -78935,7 +77145,7 @@ index f936d1f..a66d95f 100644 int dup = 0; if (!id[0]) -@@ -493,7 +493,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size, +@@ -557,7 +557,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size, /* add an individual alias for every device entry */ if (!dup) { char acpi_id[sizeof(card->devs[0].id)]; @@ -78944,7 +77154,7 @@ index f936d1f..a66d95f 100644 buf_printf(&mod->dev_table_buf, "MODULE_ALIAS(\"pnp:d%s*\");\n", id); -@@ -807,7 +807,7 @@ static void dmi_ascii_filter(char *d, const char *s) +@@ -882,7 +882,7 @@ static void dmi_ascii_filter(char *d, const char *s) static int do_dmi_entry(const char *filename, struct dmi_system_id *id, char *alias) { @@ -78954,7 +77164,7 @@ index f936d1f..a66d95f 100644 sprintf(alias, "dmi*"); diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index 2bd594e..d43245e 100644 +index 9adb667..c6ac044 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c @@ -919,6 +919,7 @@ enum mismatch { @@ -79006,7 +77216,7 @@ index 2bd594e..d43245e 100644 } fprintf(stderr, "\n"); } -@@ -1656,7 +1671,7 @@ static void section_rel(const char *modname, struct elf_info *elf, +@@ -1665,7 +1680,7 @@ static void section_rel(const char *modname, struct elf_info *elf, static void check_sec_ref(struct module *mod, const char *modname, struct elf_info *elf) { @@ -79015,7 +77225,7 @@ index 2bd594e..d43245e 100644 Elf_Shdr *sechdrs = elf->sechdrs; /* Walk through all sections */ -@@ -1754,7 +1769,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf, +@@ -1763,7 +1778,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf, va_end(ap); } @@ -79024,7 +77234,7 @@ index 2bd594e..d43245e 100644 { if (buf->size - buf->pos < len) { buf->size += len + SZ; -@@ -1972,7 +1987,7 @@ static void write_if_changed(struct buffer *b, const char *fname) +@@ -1981,7 +1996,7 @@ static void write_if_changed(struct buffer *b, const char *fname) if (fstat(fileno(file), &st) < 0) goto close_write; @@ -79100,10 +77310,10 @@ index 5c11312..72742b5 100644 write_hex_cnt = 0; for (i = 0; i < logo_clutsize; i++) { diff --git a/security/Kconfig b/security/Kconfig -index 51bd5a0..58c5b70 100644 +index 51bd5a0..3a4ebd0 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,639 @@ +@@ -4,6 +4,627 @@ menu "Security options" @@ -79195,6 +77405,7 @@ index 51bd5a0..58c5b70 100644 + +config PAX_XATTR_PAX_FLAGS + bool 'Use filesystem extended attributes marking' ++ depends on EXPERT + select CIFS_XATTR if CIFS + select EXT2_FS_XATTR if EXT2_FS + select EXT3_FS_XATTR if EXT3_FS @@ -79723,19 +77934,6 @@ index 51bd5a0..58c5b70 100644 + Since this has a negligible performance impact, you should enable + this feature. + -+config PAX_SIZE_OVERFLOW -+ bool "Prevent various integer overflows in function size parameters" -+ help -+ By saying Y here the kernel recomputes expressions of function -+ arguments marked by a size_overflow attribute with double integer -+ precision (DImode/TImode for 32/64 bit integer types). -+ -+ The recomputed argument is checked against INT_MAX and an event -+ is logged on overflow and the triggering process is killed. -+ -+ Homepage: -+ http://www.grsecurity.net/~ephox/overflow_plugin/ -+ +endmenu + +endmenu @@ -79743,7 +77941,7 @@ index 51bd5a0..58c5b70 100644 config KEYS bool "Enable access key retention support" help -@@ -169,7 +802,7 @@ config INTEL_TXT +@@ -169,7 +790,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -79753,10 +77951,10 @@ index 51bd5a0..58c5b70 100644 help This is the portion of low virtual memory which should be protected diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c -index 3783202..1852837 100644 +index 97ce8fa..23dad96 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c -@@ -621,7 +621,7 @@ static int apparmor_task_setrlimit(struct task_struct *task, +@@ -620,7 +620,7 @@ static int apparmor_task_setrlimit(struct task_struct *task, return error; } @@ -79766,7 +77964,7 @@ index 3783202..1852837 100644 .ptrace_access_check = apparmor_ptrace_access_check, diff --git a/security/commoncap.c b/security/commoncap.c -index ee4f848..a320c64 100644 +index 7ce191e..6c29c34 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -28,6 +28,7 @@ @@ -79777,16 +77975,7 @@ index ee4f848..a320c64 100644 /* * If a non-root user executes a setuid-root binary in -@@ -58,7 +59,7 @@ int cap_netlink_send(struct sock *sk, struct sk_buff *skb) - - int cap_netlink_recv(struct sk_buff *skb, int cap) - { -- if (!cap_raised(current_cap(), cap)) -+ if (!cap_raised(current_cap(), cap) || !gr_is_capable(cap)) - return -EPERM; - return 0; - } -@@ -579,6 +580,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) +@@ -569,6 +570,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) { const struct cred *cred = current_cred(); @@ -79824,25 +78013,6 @@ index 88a2788..581ab92 100644 entry = kmalloc(sizeof(*entry), GFP_KERNEL); if (!entry) { -diff --git a/security/integrity/ima/ima_audit.c b/security/integrity/ima/ima_audit.c -index c5c5a72..2ad942f 100644 ---- a/security/integrity/ima/ima_audit.c -+++ b/security/integrity/ima/ima_audit.c -@@ -56,9 +56,11 @@ void integrity_audit_msg(int audit_msgno, struct inode *inode, - audit_log_format(ab, " name="); - audit_log_untrustedstring(ab, fname); - } -- if (inode) -- audit_log_format(ab, " dev=%s ino=%lu", -- inode->i_sb->s_id, inode->i_ino); -+ if (inode) { -+ audit_log_format(ab, " dev="); -+ audit_log_untrustedstring(ab, inode->i_sb->s_id); -+ audit_log_format(ab, " ino=%lu", inode->i_ino); -+ } - audit_log_format(ab, " res=%d", !result ? 0 : 1); - audit_log_end(ab); - } diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index e1aa2b4..52027bf 100644 --- a/security/integrity/ima/ima_fs.c @@ -79929,7 +78099,7 @@ index 0b3f5d7..892c8a6 100644 if (iov != iovstack) kfree(iov); diff --git a/security/keys/keyring.c b/security/keys/keyring.c -index 37a7f3b..86dc19f 100644 +index d605f75..2bc6be9 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -214,15 +214,15 @@ static long keyring_read(const struct key *keyring, @@ -79951,54 +78121,6 @@ index 37a7f3b..86dc19f 100644 goto error; buflen -= tmp; -diff --git a/security/lsm_audit.c b/security/lsm_audit.c -index 893af8a..ba9237c 100644 ---- a/security/lsm_audit.c -+++ b/security/lsm_audit.c -@@ -234,10 +234,11 @@ static void dump_common_audit_data(struct audit_buffer *ab, - audit_log_d_path(ab, "path=", &a->u.path); - - inode = a->u.path.dentry->d_inode; -- if (inode) -- audit_log_format(ab, " dev=%s ino=%lu", -- inode->i_sb->s_id, -- inode->i_ino); -+ if (inode) { -+ audit_log_format(ab, " dev="); -+ audit_log_untrustedstring(ab, inode->i_sb->s_id); -+ audit_log_format(ab, " ino=%lu", inode->i_ino); -+ } - break; - } - case LSM_AUDIT_DATA_DENTRY: { -@@ -247,10 +248,11 @@ static void dump_common_audit_data(struct audit_buffer *ab, - audit_log_untrustedstring(ab, a->u.dentry->d_name.name); - - inode = a->u.dentry->d_inode; -- if (inode) -- audit_log_format(ab, " dev=%s ino=%lu", -- inode->i_sb->s_id, -- inode->i_ino); -+ if (inode) { -+ audit_log_format(ab, " dev="); -+ audit_log_untrustedstring(ab, inode->i_sb->s_id); -+ audit_log_format(ab, " ino=%lu", inode->i_ino); -+ } - break; - } - case LSM_AUDIT_DATA_INODE: { -@@ -265,8 +267,9 @@ static void dump_common_audit_data(struct audit_buffer *ab, - dentry->d_name.name); - dput(dentry); - } -- audit_log_format(ab, " dev=%s ino=%lu", inode->i_sb->s_id, -- inode->i_ino); -+ audit_log_format(ab, " dev="); -+ audit_log_untrustedstring(ab, inode->i_sb->s_id); -+ audit_log_format(ab, " ino=%lu", inode->i_ino); - break; - } - case LSM_AUDIT_DATA_TASK: diff --git a/security/min_addr.c b/security/min_addr.c index f728728..6457a0c 100644 --- a/security/min_addr.c @@ -80020,7 +78142,7 @@ index f728728..6457a0c 100644 /* diff --git a/security/security.c b/security/security.c -index e2f684a..8d62ef5 100644 +index d754249..8bf426e 100644 --- a/security/security.c +++ b/security/security.c @@ -26,8 +26,8 @@ @@ -80045,7 +78167,7 @@ index e2f684a..8d62ef5 100644 /* Save user chosen LSM */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index 1126c10..effb32b 100644 +index 6a3683e..f52f4c0 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -94,8 +94,6 @@ @@ -80057,7 +78179,7 @@ index 1126c10..effb32b 100644 /* SECMARK reference count */ static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); -@@ -5449,7 +5447,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) +@@ -5429,7 +5427,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif @@ -80080,7 +78202,7 @@ index b43813c..74be837 100644 #else static inline int selinux_xfrm_enabled(void) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index 7db62b4..ee4d949 100644 +index e8af5b0b..78527ef 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -3481,7 +3481,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) @@ -80093,10 +78215,10 @@ index 7db62b4..ee4d949 100644 .ptrace_access_check = smack_ptrace_access_check, diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c -index 4b327b6..646c57a 100644 +index 620d37c..e2ad89b 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c -@@ -504,7 +504,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, +@@ -501,7 +501,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. */ @@ -80150,7 +78272,7 @@ index ffd2025..df062c9 100644 /* PCM3052 register definitions */ diff --git a/sound/core/oss/pcm_oss.c b/sound/core/oss/pcm_oss.c -index 3cc4b86..af0a951 100644 +index 08fde00..0bf641a 100644 --- a/sound/core/oss/pcm_oss.c +++ b/sound/core/oss/pcm_oss.c @@ -1189,10 +1189,10 @@ snd_pcm_sframes_t snd_pcm_oss_write3(struct snd_pcm_substream *substream, const @@ -80296,7 +78418,7 @@ index 5cf8d65..912a79c 100644 dev->driver_data = NULL; ops->num_init_devices--; diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c -index f24bf9a..1f7b67c 100644 +index 621e60e..f4543f5 100644 --- a/sound/drivers/mts64.c +++ b/sound/drivers/mts64.c @@ -29,6 +29,7 @@ @@ -80369,7 +78491,7 @@ index b953fb4..1999c01 100644 int timeout = 10; while ((inb(opl4->fm_port) & OPL4_STATUS_BUSY) && --timeout > 0) diff --git a/sound/drivers/portman2x4.c b/sound/drivers/portman2x4.c -index f664823..590c745 100644 +index 3e32bd3..46fc152 100644 --- a/sound/drivers/portman2x4.c +++ b/sound/drivers/portman2x4.c @@ -48,6 +48,7 @@ @@ -80469,7 +78591,7 @@ index cd094ec..eca1277 100644 default: return -EINVAL; diff --git a/sound/isa/cmi8330.c b/sound/isa/cmi8330.c -index c94578d..0794ac1 100644 +index 7bd5e33..1fcab12 100644 --- a/sound/isa/cmi8330.c +++ b/sound/isa/cmi8330.c @@ -172,7 +172,7 @@ struct snd_cmi8330 { @@ -80533,10 +78655,10 @@ index 09d4648..cf234c7 100644 list_add(&s->list, &cs4297a_devs); diff --git a/sound/pci/hda/hda_codec.h b/sound/pci/hda/hda_codec.h -index 71f6744..d8aeae7 100644 +index f0f1943..8e1f96c 100644 --- a/sound/pci/hda/hda_codec.h +++ b/sound/pci/hda/hda_codec.h -@@ -614,7 +614,7 @@ struct hda_bus_ops { +@@ -611,7 +611,7 @@ struct hda_bus_ops { /* notify power-up/down from codec to controller */ void (*pm_notify)(struct hda_bus *bus); #endif @@ -80545,7 +78667,7 @@ index 71f6744..d8aeae7 100644 /* template to pass to the bus constructor */ struct hda_bus_template { -@@ -716,6 +716,7 @@ struct hda_codec_ops { +@@ -713,6 +713,7 @@ struct hda_codec_ops { #endif void (*reboot_notify)(struct hda_codec *codec); }; @@ -80553,7 +78675,7 @@ index 71f6744..d8aeae7 100644 /* record for amp information cache */ struct hda_cache_head { -@@ -746,7 +747,7 @@ struct hda_pcm_ops { +@@ -743,7 +744,7 @@ struct hda_pcm_ops { struct snd_pcm_substream *substream); int (*cleanup)(struct hda_pcm_stream *info, struct hda_codec *codec, struct snd_pcm_substream *substream); @@ -80562,7 +78684,7 @@ index 71f6744..d8aeae7 100644 /* PCM information for each substream */ struct hda_pcm_stream { -@@ -804,7 +805,7 @@ struct hda_codec { +@@ -801,7 +802,7 @@ struct hda_codec { const char *modelname; /* model name for preset */ /* set by patch */ @@ -80594,7 +78716,7 @@ index 0da778a..bc38b84 100644 diff --git a/sound/pci/ymfpci/ymfpci_main.c b/sound/pci/ymfpci/ymfpci_main.c -index 03ee4e3..be86b46 100644 +index 12a9a2b..2b6138f 100644 --- a/sound/pci/ymfpci/ymfpci_main.c +++ b/sound/pci/ymfpci/ymfpci_main.c @@ -203,8 +203,8 @@ static void snd_ymfpci_hw_stop(struct snd_ymfpci *chip) @@ -80628,7 +78750,7 @@ index 03ee4e3..be86b46 100644 wake_up(&chip->interrupt_sleep); } } -@@ -2382,7 +2382,7 @@ int __devinit snd_ymfpci_create(struct snd_card *card, +@@ -2389,7 +2389,7 @@ int __devinit snd_ymfpci_create(struct snd_card *card, spin_lock_init(&chip->reg_lock); spin_lock_init(&chip->voice_lock); init_waitqueue_head(&chip->interrupt_sleep); @@ -80638,23 +78760,23 @@ index 03ee4e3..be86b46 100644 chip->pci = pci; chip->irq = -1; diff --git a/sound/soc/soc-pcm.c b/sound/soc/soc-pcm.c -index ee15337..e2187a6 100644 +index cdc860a..db34a93 100644 --- a/sound/soc/soc-pcm.c +++ b/sound/soc/soc-pcm.c -@@ -583,7 +583,7 @@ static snd_pcm_uframes_t soc_pcm_pointer(struct snd_pcm_substream *substream) - } - - /* ASoC PCM operations */ --static struct snd_pcm_ops soc_pcm_ops = { -+static snd_pcm_ops_no_const soc_pcm_ops = { - .open = soc_pcm_open, - .close = soc_pcm_close, - .hw_params = soc_pcm_hw_params, +@@ -605,7 +605,7 @@ int soc_new_pcm(struct snd_soc_pcm_runtime *rtd, int num) + struct snd_soc_platform *platform = rtd->platform; + struct snd_soc_dai *codec_dai = rtd->codec_dai; + struct snd_soc_dai *cpu_dai = rtd->cpu_dai; +- struct snd_pcm_ops *soc_pcm_ops = &rtd->ops; ++ snd_pcm_ops_no_const *soc_pcm_ops = &rtd->ops; + struct snd_pcm *pcm; + char new_name[64]; + int ret = 0, playback = 0, capture = 0; diff --git a/sound/usb/card.h b/sound/usb/card.h -index a39edcc..1014050 100644 +index da5fa1a..113cd02 100644 --- a/sound/usb/card.h +++ b/sound/usb/card.h -@@ -44,6 +44,7 @@ struct snd_urb_ops { +@@ -45,6 +45,7 @@ struct snd_urb_ops { int (*prepare_sync)(struct snd_usb_substream *subs, struct snd_pcm_runtime *runtime, struct urb *u); int (*retire_sync)(struct snd_usb_substream *subs, struct snd_pcm_runtime *runtime, struct urb *u); }; @@ -80662,7 +78784,7 @@ index a39edcc..1014050 100644 struct snd_usb_substream { struct snd_usb_stream *stream; -@@ -93,7 +94,7 @@ struct snd_usb_substream { +@@ -94,7 +95,7 @@ struct snd_usb_substream { struct snd_pcm_hw_constraint_list rate_list; /* limited rates */ spinlock_t lock; @@ -80673,10 +78795,10 @@ index a39edcc..1014050 100644 }; diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile new file mode 100644 -index 0000000..ca64170 +index 0000000..894c8bf --- /dev/null +++ b/tools/gcc/Makefile -@@ -0,0 +1,26 @@ +@@ -0,0 +1,23 @@ +#CC := gcc +#PLUGIN_SOURCE_FILES := pax_plugin.c +#PLUGIN_OBJECT_FILES := $(patsubst %.c,%.o,$(PLUGIN_SOURCE_FILES)) @@ -80684,7 +78806,6 @@ index 0000000..ca64170 +#CFLAGS += -I$(GCCPLUGINS_DIR)/include -fPIC -O2 -Wall -W -std=gnu99 + +HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(GCCPLUGINS_DIR)/include/c-family -std=gnu99 -ggdb -+CFLAGS_size_overflow_plugin.o := -Wno-missing-initializer + +hostlibs-y := constify_plugin.so +hostlibs-$(CONFIG_PAX_MEMORY_STACKLEAK) += stackleak_plugin.so @@ -80692,7 +78813,6 @@ index 0000000..ca64170 +hostlibs-$(CONFIG_PAX_KERNEXEC_PLUGIN) += kernexec_plugin.so +hostlibs-$(CONFIG_CHECKER_PLUGIN) += checker_plugin.so +hostlibs-y += colorize_plugin.so -+hostlibs-$(CONFIG_PAX_SIZE_OVERFLOW) += size_overflow_plugin.so + +always := $(hostlibs-y) + @@ -80702,7 +78822,6 @@ index 0000000..ca64170 +kernexec_plugin-objs := kernexec_plugin.o +checker_plugin-objs := checker_plugin.o +colorize_plugin-objs := colorize_plugin.o -+size_overflow_plugin-objs := size_overflow_plugin.o diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c new file mode 100644 index 0000000..d41b5af @@ -81948,3870 +80067,6 @@ index 0000000..008f159 + + return 0; +} -diff --git a/tools/gcc/size_overflow_hash1.h b/tools/gcc/size_overflow_hash1.h -new file mode 100644 -index 0000000..55a1292 ---- /dev/null -+++ b/tools/gcc/size_overflow_hash1.h -@@ -0,0 +1,2760 @@ -+struct size_overflow_hash size_overflow_hash1[65536] = { -+ [10013].file = "security/smack/smackfs.c", -+ [10013].name = "smk_write_direct", -+ [10013].param3 = 1, -+ [10167].file = "sound/core/oss/pcm_plugin.c", -+ [10167].name = "snd_pcm_plugin_build", -+ [10167].param5 = 1, -+ [1020].file = "drivers/usb/misc/usbtest.c", -+ [1020].name = "test_unaligned_bulk", -+ [1020].param3 = 1, -+ [1022].file = "sound/pci/rme9652/rme9652.c", -+ [1022].name = "snd_rme9652_playback_copy", -+ [1022].param5 = 1, -+ [10341].file = "fs/nfsd/nfs4xdr.c", -+ [10341].name = "read_buf", -+ [10341].param2 = 1, -+ [10357].file = "net/sunrpc/cache.c", -+ [10357].name = "cache_read", -+ [10357].param3 = 1, -+ [10397].file = "drivers/gpu/drm/i915/i915_debugfs.c", -+ [10397].name = "i915_wedged_write", -+ [10397].param3 = 1, -+ [10414].file = "drivers/tty/vt/vt.c", -+ [10414].name = "vc_do_resize", -+ [10414].param3 = 1, -+ [10414].param4 = 1, -+ [10496].file = "drivers/bluetooth/hci_vhci.c", -+ [10496].name = "vhci_read", -+ [10496].param3 = 1, -+ [10565].file = "drivers/input/touchscreen/ad7879-spi.c", -+ [10565].name = "ad7879_spi_multi_read", -+ [10565].param3 = 1, -+ [10623].file = "drivers/infiniband/core/user_mad.c", -+ [10623].name = "ib_umad_write", -+ [10623].param3 = 1, -+ [10707].file = "fs/nfs/idmap.c", -+ [10707].name = "nfs_idmap_request_key", -+ [10707].param2 = 1, -+ [10773].file = "drivers/input/mousedev.c", -+ [10773].name = "mousedev_read", -+ [10773].param3 = 1, -+ [10777].file = "fs/ntfs/file.c", -+ [10777].name = "ntfs_file_buffered_write", -+ [10777].param6 = 1, -+ [10919].file = "net/ipv4/netfilter/arp_tables.c", -+ [10919].name = "do_arpt_set_ctl", -+ [10919].param4 = 1, -+ [11054].file = "drivers/net/wireless/libertas/debugfs.c", -+ [11054].name = "lbs_wrmac_write", -+ [11054].param3 = 1, -+ [11068].file = "drivers/net/wireless/libertas/debugfs.c", -+ [11068].name = "lbs_wrrf_write", -+ [11068].param3 = 1, -+ [11364].file = "fs/ext4/super.c", -+ [11364].name = "ext4_kvzalloc", -+ [11364].param1 = 1, -+ [11402].file = "drivers/net/wireless/libertas/debugfs.c", -+ [11402].name = "lbs_threshold_write", -+ [11402].param5 = 1, -+ [11494].file = "drivers/video/via/viafbdev.c", -+ [11494].name = "viafb_dvp1_proc_write", -+ [11494].param3 = 1, -+ [11616].file = "security/selinux/selinuxfs.c", -+ [11616].name = "sel_write_enforce", -+ [11616].param3 = 1, -+ [11699].file = "drivers/net/ethernet/neterion/vxge/vxge-config.h", -+ [11699].name = "vxge_os_dma_malloc", -+ [11699].param2 = 1, -+ [11766].file = "drivers/block/paride/pt.c", -+ [11766].name = "pt_read", -+ [11766].param3 = 1, -+ [11784].file = "fs/bio.c", -+ [11784].name = "bio_kmalloc", -+ [11784].param2 = 1, -+ [11814].file = "drivers/staging/speakup/kobjects.c", -+ [11814].name = "keymap_store", -+ [11814].param4 = 1, -+ [11912].file = "net/sunrpc/cache.c", -+ [11912].name = "cache_write_pipefs", -+ [11912].param3 = 1, -+ [11919].file = "drivers/lguest/core.c", -+ [11919].name = "__lgread", -+ [11919].param4 = 1, -+ [11986].file = "drivers/net/usb/asix.c", -+ [11986].name = "asix_read_cmd", -+ [11986].param5 = 1, -+ [12059].file = "drivers/net/wireless/libertas/debugfs.c", -+ [12059].name = "lbs_debugfs_write", -+ [12059].param3 = 1, -+ [12071].file = "lib/kstrtox.c", -+ [12071].name = "kstrtou8_from_user", -+ [12071].param2 = 1, -+ [12151].file = "fs/compat.c", -+ [12151].name = "compat_rw_copy_check_uvector", -+ [12151].param3 = 1, -+ [12205].file = "fs/reiserfs/journal.c", -+ [12205].name = "reiserfs_allocate_list_bitmaps", -+ [12205].param3 = 1, -+ [12234].file = "include/acpi/platform/aclinux.h", -+ [12234].name = "acpi_os_allocate", -+ [12234].param1 = 1, -+ [1227].file = "lib/cpu_rmap.c", -+ [1227].name = "alloc_cpu_rmap", -+ [1227].param1 = 1, -+ [12395].file = "drivers/char/hw_random/core.c", -+ [12395].name = "rng_dev_read", -+ [12395].param3 = 1, -+ [1248].file = "kernel/kprobes.c", -+ [1248].name = "write_enabled_file_bool", -+ [1248].param3 = 1, -+ [12501].file = "net/mac80211/debugfs.c", -+ [12501].name = "uapsd_max_sp_len_write", -+ [12501].param3 = 1, -+ [12591].file = "sound/core/pcm_lib.c", -+ [12591].name = "snd_pcm_lib_writev_transfer", -+ [12591].param5 = 1, -+ [12602].file = "net/sunrpc/cache.c", -+ [12602].name = "cache_downcall", -+ [12602].param3 = 1, -+ [12712].file = "drivers/net/wimax/i2400m/fw.c", -+ [12712].name = "i2400m_zrealloc_2x", -+ [12712].param3 = 1, -+ [12755].file = "sound/drivers/opl4/opl4_proc.c", -+ [12755].name = "snd_opl4_mem_proc_read", -+ [12755].param5 = 1, -+ [12833].file = "net/sctp/auth.c", -+ [12833].name = "sctp_auth_create_key", -+ [12833].param1 = 1, -+ [12840].file = "net/sctp/tsnmap.c", -+ [12840].name = "sctp_tsnmap_mark", -+ [12840].param2 = 1, -+ [12896].file = "drivers/net/wireless/wl12xx/debugfs.c", -+ [12896].name = "beacon_filtering_write", -+ [12896].param3 = 1, -+ [12931].file = "drivers/hid/hid-roccat.c", -+ [12931].name = "roccat_read", -+ [12931].param3 = 1, -+ [12954].file = "fs/proc/base.c", -+ [12954].name = "oom_adjust_write", -+ [12954].param3 = 1, -+ [13013].file = "drivers/media/dvb/ttpci/av7110_ca.c", -+ [13013].name = "dvb_ca_write", -+ [13013].param3 = 1, -+ [13103].file = "drivers/acpi/acpica/utobject.c", -+ [13103].name = "acpi_ut_create_string_object", -+ [13103].param1 = 1, -+ [13121].file = "net/ipv4/ip_sockglue.c", -+ [13121].name = "do_ip_setsockopt", -+ [13121].param5 = 1, -+ [13337].file = "net/core/iovec.c", -+ [13337].name = "csum_partial_copy_fromiovecend", -+ [13337].param4 = 1, -+ [13339].file = "security/smack/smackfs.c", -+ [13339].name = "smk_write_netlbladdr", -+ [13339].param3 = 1, -+ [13342].file = "fs/jbd2/journal.c", -+ [13342].name = "jbd2_alloc", -+ [13342].param1 = 1, -+ [13412].file = "fs/proc/base.c", -+ [13412].name = "oom_score_adj_write", -+ [13412].param3 = 1, -+ [13659].file = "drivers/net/wan/hdlc.c", -+ [13659].name = "attach_hdlc_protocol", -+ [13659].param3 = 1, -+ [13708].file = "drivers/usb/misc/usbtest.c", -+ [13708].name = "simple_alloc_urb", -+ [13708].param3 = 1, -+ [13863].file = "drivers/net/wireless/iwlwifi/iwl-agn-rs.c", -+ [13863].name = "rs_sta_dbgfs_scale_table_write", -+ [13863].param3 = 1, -+ [13924].file = "net/ipv4/netfilter/ip_tables.c", -+ [13924].name = "do_ipt_set_ctl", -+ [13924].param4 = 1, -+ [14019].file = "net/dns_resolver/dns_key.c", -+ [14019].name = "dns_resolver_instantiate", -+ [14019].param2 = 1, -+ [14019].param3 = 1, -+ [14025].file = "net/ax25/af_ax25.c", -+ [14025].name = "ax25_setsockopt", -+ [14025].param5 = 1, -+ [14029].file = "drivers/spi/spidev.c", -+ [14029].name = "spidev_compat_ioctl", -+ [14029].param2 = 1, -+ [14031].file = "drivers/net/wireless/ath/ath5k/debug.c", -+ [14031].name = "write_file_beacon", -+ [14031].param3 = 1, -+ [14086].file = "fs/nfs/nfs4proc.c", -+ [14086].name = "nfs4_reset_slot_table", -+ [14086].param2 = 1, -+ [14090].file = "drivers/bluetooth/btmrvl_debugfs.c", -+ [14090].name = "btmrvl_hsmode_write", -+ [14090].param3 = 1, -+ [14125].file = "kernel/module.c", -+ [14125].name = "load_module", -+ [14125].param2 = 1, -+ [14149].file = "drivers/hid/hidraw.c", -+ [14149].name = "hidraw_ioctl", -+ [14149].param2 = 1, -+ [14153].file = "drivers/staging/bcm/led_control.c", -+ [14153].name = "ValidateDSDParamsChecksum", -+ [14153].param3 = 1, -+ [14174].file = "sound/pci/es1938.c", -+ [14174].name = "snd_es1938_capture_copy", -+ [14174].param5 = 1, -+ [14207].file = "drivers/media/video/v4l2-event.c", -+ [14207].name = "v4l2_event_subscribe", -+ [14207].param3 = 1, -+ [14241].file = "drivers/platform/x86/asus_acpi.c", -+ [14241].name = "brn_proc_write", -+ [14241].param3 = 1, -+ [14299].file = "sound/core/oss/pcm_plugin.c", -+ [14299].name = "snd_pcm_plugin_alloc", -+ [14299].param2 = 1, -+ [14345].file = "fs/cachefiles/daemon.c", -+ [14345].name = "cachefiles_daemon_write", -+ [14345].param3 = 1, -+ [14347].file = "drivers/media/dvb/dvb-core/dvb_ca_en50221.c", -+ [14347].name = "dvb_ca_en50221_io_write", -+ [14347].param3 = 1, -+ [14462].file = "fs/namei.c", -+ [14462].name = "sys_rmdir", -+ [14462].param1 = 1, -+ [14478].file = "drivers/char/random.c", -+ [14478].name = "random_write", -+ [14478].param3 = 1, -+ [1458].file = "drivers/misc/lkdtm.c", -+ [1458].name = "direct_entry", -+ [1458].param3 = 1, -+ [145].file = "lib/xz/xz_dec_test.c", -+ [145].name = "xz_dec_test_write", -+ [145].param3 = 1, -+ [14646].file = "fs/compat.c", -+ [14646].name = "compat_writev", -+ [14646].param3 = 1, -+ [14736].file = "drivers/usb/misc/usbtest.c", -+ [14736].name = "unlink_queued", -+ [14736].param3 = 1, -+ [14842].file = "fs/namei.c", -+ [14842].name = "sys_renameat", -+ [14842].param2 = 1, -+ [14842].param4 = 1, -+ [15017].file = "drivers/edac/edac_device.c", -+ [15017].name = "edac_device_alloc_ctl_info", -+ [15017].param1 = 1, -+ [15087].file = "fs/bio.c", -+ [15087].name = "bio_map_kern", -+ [15087].param2 = 1, -+ [15087].param3 = 1, -+ [15112].file = "drivers/xen/evtchn.c", -+ [15112].name = "evtchn_write", -+ [15112].param3 = 1, -+ [15274].file = "crypto/shash.c", -+ [15274].name = "crypto_shash_setkey", -+ [15274].param3 = 1, -+ [15361].file = "drivers/char/agp/generic.c", -+ [15361].name = "agp_allocate_memory", -+ [15361].param2 = 1, -+ [15497].file = "drivers/media/dvb/ddbridge/ddbridge-core.c", -+ [15497].name = "ts_read", -+ [15497].param3 = 1, -+ [15551].file = "net/ipv4/netfilter/ipt_CLUSTERIP.c", -+ [15551].name = "clusterip_proc_write", -+ [15551].param3 = 1, -+ [15701].file = "drivers/hid/hid-roccat-common.c", -+ [15701].name = "roccat_common_receive", -+ [15701].param4 = 1, -+ [1572].file = "net/ceph/pagevec.c", -+ [1572].name = "ceph_copy_page_vector_to_user", -+ [1572].param4 = 1, -+ [15814].file = "net/mac80211/debugfs_netdev.c", -+ [15814].name = "ieee80211_if_write", -+ [15814].param3 = 1, -+ [15883].file = "security/keys/keyctl.c", -+ [15883].name = "sys_add_key", -+ [15883].param4 = 1, -+ [15884].file = "fs/exofs/super.c", -+ [15884].name = "exofs_read_lookup_dev_table", -+ [15884].param3 = 1, -+ [1603].file = "fs/debugfs/file.c", -+ [1603].name = "write_file_bool", -+ [1603].param3 = 1, -+ [16073].file = "net/sctp/socket.c", -+ [16073].name = "sctp_setsockopt", -+ [16073].param5 = 1, -+ [16138].file = "security/selinux/ss/services.c", -+ [16138].name = "security_context_to_sid_force", -+ [16138].param2 = 1, -+ [16166].file = "drivers/platform/x86/thinkpad_acpi.c", -+ [16166].name = "dispatch_proc_write", -+ [16166].param3 = 1, -+ [16229].file = "drivers/scsi/scsi_transport_iscsi.c", -+ [16229].name = "iscsi_offload_mesg", -+ [16229].param5 = 1, -+ [16353].file = "drivers/base/regmap/regmap.c", -+ [16353].name = "regmap_raw_write", -+ [16353].param4 = 1, -+ [16383].file = "fs/proc/base.c", -+ [16383].name = "comm_write", -+ [16383].param3 = 1, -+ [16447].file = "drivers/hid/usbhid/hiddev.c", -+ [16447].name = "hiddev_ioctl", -+ [16447].param2 = 1, -+ [16453].file = "include/linux/slab.h", -+ [16453].name = "kzalloc", -+ [16453].param1 = 1, -+ [16535].file = "fs/proc/generic.c", -+ [16535].name = "proc_file_read", -+ [16535].param3 = 1, -+ [16605].file = "fs/ecryptfs/miscdev.c", -+ [16605].name = "ecryptfs_send_miscdev", -+ [16605].param2 = 1, -+ [16606].file = "drivers/ide/ide-tape.c", -+ [16606].name = "idetape_chrdev_write", -+ [16606].param3 = 1, -+ [16741].file = "fs/namei.c", -+ [16741].name = "sys_unlinkat", -+ [16741].param2 = 1, -+ [16911].file = "drivers/media/dvb/ttpci/av7110_hw.c", -+ [16911].name = "LoadBitmap", -+ [16911].param2 = 1, -+ [17075].file = "sound/isa/gus/gus_dram.c", -+ [17075].name = "snd_gus_dram_write", -+ [17075].param4 = 1, -+ [17133].file = "drivers/usb/misc/iowarrior.c", -+ [17133].name = "iowarrior_read", -+ [17133].param3 = 1, -+ [17139].file = "fs/ubifs/xattr.c", -+ [17139].name = "ubifs_setxattr", -+ [17139].param4 = 1, -+ [17185].file = "net/wireless/scan.c", -+ [17185].name = "cfg80211_inform_bss", -+ [17185].param8 = 1, -+ [17349].file = "net/tipc/link.c", -+ [17349].name = "tipc_link_send_sections_fast", -+ [17349].param4 = 1, -+ [17377].file = "drivers/usb/class/cdc-wdm.c", -+ [17377].name = "wdm_write", -+ [17377].param3 = 1, -+ [17459].file = "drivers/usb/misc/rio500.c", -+ [17459].name = "write_rio", -+ [17459].param3 = 1, -+ [17460].file = "fs/nfsd/nfscache.c", -+ [17460].name = "nfsd_cache_update", -+ [17460].param3 = 1, -+ [17492].file = "net/dccp/proto.c", -+ [17492].name = "do_dccp_setsockopt", -+ [17492].param5 = 1, -+ [1754].file = "sound/core/oss/pcm_oss.c", -+ [1754].name = "snd_pcm_oss_write", -+ [1754].param3 = 1, -+ [17571].file = "drivers/ptp/ptp_chardev.c", -+ [17571].name = "ptp_read", -+ [17571].param4 = 1, -+ [17684].file = "fs/namei.c", -+ [17684].name = "sys_mknod", -+ [17684].param1 = 1, -+ [17718].file = "net/caif/caif_socket.c", -+ [17718].name = "setsockopt", -+ [17718].param5 = 1, -+ [17875].file = "fs/namei.c", -+ [17875].name = "sys_linkat", -+ [17875].param2 = 1, -+ [17875].param4 = 1, -+ [17946].file = "drivers/net/wireless/libertas/if_spi.c", -+ [17946].name = "if_spi_host_to_card", -+ [17946].param4 = 1, -+ [1800].file = "drivers/media/dvb/dvb-core/dmxdev.c", -+ [1800].name = "dvb_dvr_do_ioctl", -+ [1800].param3 = 1, -+ [18102].file = "net/netlink/af_netlink.c", -+ [18102].name = "netlink_change_ngroups", -+ [18102].param2 = 1, -+ [18183].file = "drivers/tty/tty_buffer.c", -+ [18183].name = "tty_insert_flip_string_fixed_flag", -+ [18183].param4 = 1, -+ [18224].file = "drivers/xen/grant-table.c", -+ [18224].name = "gnttab_map", -+ [18224].param2 = 1, -+ [18232].file = "fs/nfs/write.c", -+ [18232].name = "nfs_writedata_alloc", -+ [18232].param1 = 1, -+ [18277].file = "drivers/char/virtio_console.c", -+ [18277].name = "port_fops_write", -+ [18277].param3 = 1, -+ [18303].file = "fs/xattr.c", -+ [18303].name = "getxattr", -+ [18303].param4 = 1, -+ [18353].file = "net/rfkill/core.c", -+ [18353].name = "rfkill_fop_read", -+ [18353].param3 = 1, -+ [18386].file = "fs/read_write.c", -+ [18386].name = "vfs_readv", -+ [18386].param3 = 1, -+ [18391].file = "fs/ocfs2/stack_user.c", -+ [18391].name = "ocfs2_control_write", -+ [18391].param3 = 1, -+ [183].file = "crypto/ahash.c", -+ [183].name = "crypto_ahash_setkey", -+ [183].param3 = 1, -+ [18406].file = "drivers/media/video/tm6000/tm6000-core.c", -+ [18406].name = "tm6000_read_write_usb", -+ [18406].param7 = 1, -+ [1845].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", -+ [1845].name = "rt2x00debug_write_rf", -+ [1845].param3 = 1, -+ [18465].file = "drivers/net/ethernet/chelsio/cxgb3/cxgb3_offload.c", -+ [18465].name = "cxgb_alloc_mem", -+ [18465].param1 = 1, -+ [1858].file = "net/ipv6/netfilter/ip6_tables.c", -+ [1858].name = "do_ip6t_set_ctl", -+ [1858].param4 = 1, -+ [18659].file = "drivers/media/dvb/dvb-core/dvbdev.c", -+ [18659].name = "dvb_usercopy", -+ [18659].param2 = 1, -+ [18775].file = "drivers/net/wireless/ath/ath5k/debug.c", -+ [18775].name = "write_file_frameerrors", -+ [18775].param3 = 1, -+ [18928].file = "drivers/staging/speakup/devsynth.c", -+ [18928].name = "speakup_file_write", -+ [18928].param3 = 1, -+ [18988].file = "drivers/staging/vme/devices/vme_user.c", -+ [18988].name = "vme_user_read", -+ [18988].param3 = 1, -+ [19012].file = "drivers/acpi/event.c", -+ [19012].name = "acpi_system_read_event", -+ [19012].param3 = 1, -+ [19028].file = "mm/filemap.c", -+ [19028].name = "iov_iter_copy_from_user_atomic", -+ [19028].param4 = 1, -+ [19107].file = "security/smack/smackfs.c", -+ [19107].name = "smk_write_load_list", -+ [19107].param3 = 1, -+ [19261].file = "net/netlabel/netlabel_domainhash.c", -+ [19261].name = "netlbl_domhsh_init", -+ [19261].param1 = 1, -+ [19274].file = "net/core/pktgen.c", -+ [19274].name = "pktgen_if_write", -+ [19274].param3 = 1, -+ [19286].file = "drivers/base/regmap/regmap.c", -+ [19286].name = "_regmap_raw_write", -+ [19286].param4 = 1, -+ [19288].file = "net/ipv6/raw.c", -+ [19288].name = "rawv6_setsockopt", -+ [19288].param5 = 1, -+ [19308].file = "drivers/char/mem.c", -+ [19308].name = "read_oldmem", -+ [19308].param3 = 1, -+ [19332].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [19332].name = "iwl_dbgfs_plcp_delta_write", -+ [19332].param3 = 1, -+ [19349].file = "drivers/acpi/acpica/utobject.c", -+ [19349].name = "acpi_ut_create_package_object", -+ [19349].param1 = 1, -+ [19504].file = "drivers/usb/serial/garmin_gps.c", -+ [19504].name = "pkt_add", -+ [19504].param3 = 1, -+ [19522].file = "mm/percpu.c", -+ [19522].name = "pcpu_mem_zalloc", -+ [19522].param1 = 1, -+ [19548].file = "drivers/scsi/qla2xxx/qla_init.c", -+ [19548].name = "qla2x00_get_ctx_sp", -+ [19548].param3 = 1, -+ [19738].file = "fs/sysfs/file.c", -+ [19738].name = "sysfs_write_file", -+ [19738].param3 = 1, -+ [19833].file = "drivers/xen/xenfs/privcmd.c", -+ [19833].name = "gather_array", -+ [19833].param3 = 1, -+ [19909].file = "drivers/net/wireless/libertas/debugfs.c", -+ [19909].name = "lbs_sleepparams_write", -+ [19909].param3 = 1, -+ [19920].file = "drivers/input/joydev.c", -+ [19920].name = "joydev_ioctl", -+ [19920].param2 = 1, -+ [19931].file = "drivers/usb/misc/ftdi-elan.c", -+ [19931].name = "ftdi_elan_write", -+ [19931].param3 = 1, -+ [19943].file = "drivers/net/wireless/ath/ath9k/debug.c", -+ [19943].name = "write_file_regval", -+ [19943].param3 = 1, -+ [19960].file = "drivers/usb/class/usblp.c", -+ [19960].name = "usblp_read", -+ [19960].param3 = 1, -+ [20023].file = "drivers/media/video/gspca/gspca.c", -+ [20023].name = "dev_read", -+ [20023].param3 = 1, -+ [20113].file = "drivers/net/wireless/libertas/debugfs.c", -+ [20113].name = "lbs_rdmac_write", -+ [20113].param3 = 1, -+ [20314].file = "drivers/gpu/drm/drm_hashtab.c", -+ [20314].name = "drm_ht_create", -+ [20314].param2 = 1, -+ [20376].file = "mm/nobootmem.c", -+ [20376].name = "__alloc_bootmem_nopanic", -+ [20376].param1 = 1, -+ [20606].file = "fs/nilfs2/mdt.c", -+ [20606].name = "nilfs_mdt_init", -+ [20606].param3 = 1, -+ [20611].file = "net/netfilter/x_tables.c", -+ [20611].name = "xt_alloc_table_info", -+ [20611].param1 = 1, -+ [20713].file = "drivers/gpu/drm/ttm/ttm_bo_vm.c", -+ [20713].name = "ttm_bo_io", -+ [20713].param5 = 1, -+ [20730].file = "drivers/media/video/videobuf2-vmalloc.c", -+ [20730].name = "vb2_vmalloc_alloc", -+ [20730].param2 = 1, -+ [20801].file = "drivers/vhost/vhost.c", -+ [20801].name = "vhost_add_used_n", -+ [20801].param3 = 1, -+ [20835].file = "drivers/isdn/i4l/isdn_common.c", -+ [20835].name = "isdn_read", -+ [20835].param3 = 1, -+ [20951].file = "crypto/rng.c", -+ [20951].name = "rngapi_reset", -+ [20951].param3 = 1, -+ [21134].file = "drivers/video/via/viafbdev.c", -+ [21134].name = "viafb_dfph_proc_write", -+ [21134].param3 = 1, -+ [21193].file = "net/wireless/sme.c", -+ [21193].name = "cfg80211_disconnected", -+ [21193].param4 = 1, -+ [21277].file = "drivers/usb/storage/shuttle_usbat.c", -+ [21277].name = "usbat_flash_write_data", -+ [21277].param4 = 1, -+ [21312].file = "lib/ts_kmp.c", -+ [21312].name = "kmp_init", -+ [21312].param2 = 1, -+ [21335].file = "net/econet/af_econet.c", -+ [21335].name = "econet_sendmsg", -+ [21335].param4 = 1, -+ [21397].file = "net/core/sock.c", -+ [21397].name = "sock_setsockopt", -+ [21397].param5 = 1, -+ [21406].file = "fs/libfs.c", -+ [21406].name = "simple_write_to_buffer", -+ [21406].param2 = 1, -+ [21406].param5 = 1, -+ [21451].file = "net/netfilter/ipvs/ip_vs_ctl.c", -+ [21451].name = "do_ip_vs_set_ctl", -+ [21451].param4 = 1, -+ [21459].file = "security/smack/smackfs.c", -+ [21459].name = "smk_write_doi", -+ [21459].param3 = 1, -+ [21468].file = "drivers/char/virtio_console.c", -+ [21468].name = "port_fops_read", -+ [21468].param3 = 1, -+ [21511].file = "drivers/input/ff-core.c", -+ [21511].name = "input_ff_create", -+ [21511].param2 = 1, -+ [21538].file = "net/bluetooth/l2cap_sock.c", -+ [21538].name = "l2cap_sock_setsockopt", -+ [21538].param5 = 1, -+ [21608].file = "drivers/char/tpm/tpm.c", -+ [21608].name = "tpm_write", -+ [21608].param3 = 1, -+ [2160].file = "drivers/net/wireless/ray_cs.c", -+ [2160].name = "int_proc_write", -+ [2160].param3 = 1, -+ [21632].file = "fs/afs/cell.c", -+ [21632].name = "afs_cell_create", -+ [21632].param2 = 1, -+ [21679].file = "drivers/net/wireless/ath/carl9170/debug.c", -+ [21679].name = "carl9170_debugfs_write", -+ [21679].param3 = 1, -+ [21712].file = "net/rxrpc/ar-output.c", -+ [21712].name = "rxrpc_send_data", -+ [21712].param5 = 1, -+ [2180].file = "drivers/char/ppdev.c", -+ [2180].name = "pp_write", -+ [2180].param3 = 1, -+ [21946].file = "fs/nfs/idmap.c", -+ [21946].name = "nfs_map_name_to_uid", -+ [21946].param3 = 1, -+ [22085].file = "drivers/staging/sep/sep_driver.c", -+ [22085].name = "sep_lock_user_pages", -+ [22085].param2 = 1, -+ [22085].param3 = 1, -+ [22187].file = "fs/namei.c", -+ [22187].name = "user_path_at_empty", -+ [22187].param2 = 1, -+ [22190].file = "drivers/char/tpm/tpm.c", -+ [22190].name = "tpm_read", -+ [22190].param3 = 1, -+ [22204].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [22204].name = "iwl_dbgfs_echo_test_write", -+ [22204].param3 = 1, -+ [22291].file = "net/core/pktgen.c", -+ [22291].name = "pgctrl_write", -+ [22291].param3 = 1, -+ [22439].file = "fs/afs/rxrpc.c", -+ [22439].name = "afs_alloc_flat_call", -+ [22439].param2 = 1, -+ [22439].param3 = 1, -+ [2243].file = "drivers/scsi/scsi_tgt_lib.c", -+ [2243].name = "scsi_tgt_kspace_exec", -+ [2243].param8 = 1, -+ [22546].file = "drivers/char/pcmcia/cm4040_cs.c", -+ [22546].name = "cm4040_read", -+ [22546].param3 = 1, -+ [22742].file = "drivers/tty/tty_buffer.c", -+ [22742].name = "tty_insert_flip_string_flags", -+ [22742].param4 = 1, -+ [22772].file = "drivers/target/iscsi/iscsi_target_erl1.c", -+ [22772].name = "iscsit_dump_data_payload", -+ [22772].param2 = 1, -+ [2286].file = "drivers/scsi/mvumi.c", -+ [2286].name = "mvumi_alloc_mem_resource", -+ [2286].param3 = 1, -+ [22904].file = "security/selinux/ss/services.c", -+ [22904].name = "security_context_to_sid_default", -+ [22904].param2 = 1, -+ [22932].file = "fs/compat.c", -+ [22932].name = "compat_sys_writev", -+ [22932].param3 = 1, -+ [2302].file = "drivers/media/video/stk-webcam.c", -+ [2302].name = "v4l_stk_read", -+ [2302].param3 = 1, -+ [23037].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [23037].name = "iwl_dbgfs_wd_timeout_write", -+ [23037].param3 = 1, -+ [2307].file = "drivers/pcmcia/cistpl.c", -+ [2307].name = "pcmcia_replace_cis", -+ [2307].param3 = 1, -+ [23093].file = "drivers/scsi/st.c", -+ [23093].name = "st_read", -+ [23093].param3 = 1, -+ [23117].file = "drivers/media/dvb/ttpci/av7110_av.c", -+ [23117].name = "dvb_audio_write", -+ [23117].param3 = 1, -+ [2324].file = "net/ieee802154/wpan-class.c", -+ [2324].name = "wpan_phy_alloc", -+ [2324].param1 = 1, -+ [23535].file = "ipc/sem.c", -+ [23535].name = "sys_semtimedop", -+ [23535].param3 = 1, -+ [2357].file = "drivers/usb/serial/garmin_gps.c", -+ [2357].name = "garmin_read_process", -+ [2357].param3 = 1, -+ [23589].file = "kernel/relay.c", -+ [23589].name = "subbuf_read_actor", -+ [23589].param3 = 1, -+ [23619].file = "drivers/tty/tty_buffer.c", -+ [23619].name = "tty_buffer_request_room", -+ [23619].param2 = 1, -+ [23640].file = "drivers/usb/host/ehci-dbg.c", -+ [23640].name = "debug_lpm_write", -+ [23640].param3 = 1, -+ [23684].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [23684].name = "iwl_legacy_dbgfs_clear_traffic_statistics_write", -+ [23684].param3 = 1, -+ [23848].file = "crypto/blkcipher.c", -+ [23848].name = "async_setkey", -+ [23848].param3 = 1, -+ [2386].file = "drivers/acpi/acpica/exnames.c", -+ [2386].name = "acpi_ex_allocate_name_string", -+ [2386].param2 = 1, -+ [23883].file = "drivers/net/wireless/iwlwifi/iwl-trans-pcie.c", -+ [23883].name = "iwl_dbgfs_interrupt_write", -+ [23883].param3 = 1, -+ [23999].file = "sound/pci/rme9652/hdsp.c", -+ [23999].name = "snd_hdsp_capture_copy", -+ [23999].param5 = 1, -+ [24072].file = "drivers/staging/pohmelfs/inode.c", -+ [24072].name = "pohmelfs_send_readpages", -+ [24072].param3 = 1, -+ [24233].file = "drivers/pci/pcie/aer/aer_inject.c", -+ [24233].name = "aer_inject_write", -+ [24233].param3 = 1, -+ [24263].file = "kernel/cgroup.c", -+ [24263].name = "cgroup_file_write", -+ [24263].param3 = 1, -+ [24313].file = "drivers/staging/frontier/tranzport.c", -+ [24313].name = "usb_tranzport_write", -+ [24313].param3 = 1, -+ [24359].file = "kernel/power/qos.c", -+ [24359].name = "pm_qos_power_write", -+ [24359].param3 = 1, -+ [24410].file = "drivers/net/wireless/ipw2x00/libipw_module.c", -+ [24410].name = "debug_level_proc_write", -+ [24410].param3 = 1, -+ [24457].file = "fs/btrfs/backref.c", -+ [24457].name = "init_data_container", -+ [24457].param1 = 1, -+ [24539].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c", -+ [24539].name = "vmw_framebuffer_dmabuf_dirty", -+ [24539].param6 = 1, -+ [24719].file = "drivers/input/evdev.c", -+ [24719].name = "bits_to_user", -+ [24719].param2 = 1, -+ [24719].param3 = 1, -+ [2472].file = "net/ipv4/netfilter/ip_tables.c", -+ [2472].name = "compat_do_ipt_set_ctl", -+ [2472].param4 = 1, -+ [24755].file = "drivers/infiniband/hw/qib/qib_diag.c", -+ [24755].name = "qib_diag_write", -+ [24755].param3 = 1, -+ [24805].file = "security/keys/user_defined.c", -+ [24805].name = "user_update", -+ [24805].param3 = 1, -+ [25036].file = "fs/pipe.c", -+ [25036].name = "pipe_iov_copy_from_user", -+ [25036].param3 = 1, -+ [25127].file = "drivers/scsi/device_handler/scsi_dh_alua.c", -+ [25127].name = "realloc_buffer", -+ [25127].param2 = 1, -+ [25157].file = "security/keys/request_key_auth.c", -+ [25157].name = "request_key_auth_new", -+ [25157].param3 = 1, -+ [25158].file = "drivers/net/ethernet/mellanox/mlx4/en_rx.c", -+ [25158].name = "mlx4_en_create_rx_ring", -+ [25158].param3 = 1, -+ [25223].file = "drivers/platform/x86/toshiba_acpi.c", -+ [25223].name = "fan_proc_write", -+ [25223].param3 = 1, -+ [25267].file = "fs/configfs/file.c", -+ [25267].name = "configfs_write_file", -+ [25267].param3 = 1, -+ [25356].file = "net/core/dev.c", -+ [25356].name = "alloc_netdev_mqs", -+ [25356].param4 = 1, -+ [25356].param5 = 1, -+ [25495].file = "drivers/scsi/bfa/bfad_debugfs.c", -+ [25495].name = "bfad_debugfs_write_regwr", -+ [25495].param3 = 1, -+ [25558].file = "fs/proc/task_mmu.c", -+ [25558].name = "clear_refs_write", -+ [25558].param3 = 1, -+ [25692].file = "drivers/net/wireless/ath/ath6kl/wmi.c", -+ [25692].name = "ath6kl_wmi_send_action_cmd", -+ [25692].param6 = 1, -+ [2609].file = "lib/kstrtox.c", -+ [2609].name = "kstrtoul_from_user", -+ [2609].param2 = 1, -+ [26100].file = "sound/core/info.c", -+ [26100].name = "snd_info_entry_write", -+ [26100].param3 = 1, -+ [26215].file = "drivers/md/dm-table.c", -+ [26215].name = "dm_table_create", -+ [26215].param3 = 1, -+ [26256].file = "fs/hpfs/name.c", -+ [26256].name = "hpfs_translate_name", -+ [26256].param3 = 1, -+ [26404].file = "drivers/net/wireless/mwifiex/debugfs.c", -+ [26404].name = "mwifiex_rdeeprom_write", -+ [26404].param3 = 1, -+ [26494].file = "kernel/signal.c", -+ [26494].name = "sys_rt_sigpending", -+ [26494].param2 = 1, -+ [26497].file = "security/keys/keyctl.c", -+ [26497].name = "sys_keyctl", -+ [26497].param4 = 1, -+ [26533].file = "drivers/block/aoe/aoechr.c", -+ [26533].name = "aoechr_write", -+ [26533].param3 = 1, -+ [26560].file = "crypto/algapi.c", -+ [26560].name = "crypto_alloc_instance2", -+ [26560].param3 = 1, -+ [26620].file = "net/bluetooth/mgmt.c", -+ [26620].name = "mgmt_control", -+ [26620].param3 = 1, -+ [26701].file = "drivers/mtd/chips/cfi_util.c", -+ [26701].name = "cfi_read_pri", -+ [26701].param3 = 1, -+ [26757].file = "fs/xattr.c", -+ [26757].name = "sys_fgetxattr", -+ [26757].param4 = 1, -+ [2678].file = "drivers/platform/x86/asus_acpi.c", -+ [2678].name = "disp_proc_write", -+ [2678].param3 = 1, -+ [26834].file = "drivers/gpu/drm/drm_drv.c", -+ [26834].name = "drm_ioctl", -+ [26834].param2 = 1, -+ [26843].file = "drivers/firewire/core-cdev.c", -+ [26843].name = "fw_device_op_compat_ioctl", -+ [26843].param2 = 1, -+ [26845].file = "drivers/scsi/qla2xxx/qla_bsg.c", -+ [26845].name = "qla2x00_get_ctx_bsg_sp", -+ [26845].param3 = 1, -+ [26962].file = "drivers/usb/class/usbtmc.c", -+ [26962].name = "usbtmc_write", -+ [26962].param3 = 1, -+ [26966].file = "drivers/media/dvb/ddbridge/ddbridge-core.c", -+ [26966].name = "ts_write", -+ [26966].param3 = 1, -+ [27004].file = "drivers/misc/hpilo.c", -+ [27004].name = "ilo_write", -+ [27004].param3 = 1, -+ [27025].file = "fs/ntfs/file.c", -+ [27025].name = "__ntfs_copy_from_user_iovec_inatomic", -+ [27025].param3 = 1, -+ [27025].param4 = 1, -+ [27061].file = "drivers/firewire/core-cdev.c", -+ [27061].name = "iso_callback", -+ [27061].param3 = 1, -+ [2711].file = "drivers/media/dvb/dvb-core/dvb_ringbuffer.c", -+ [2711].name = "dvb_ringbuffer_read_user", -+ [2711].param3 = 1, -+ [27129].file = "fs/lockd/mon.c", -+ [27129].name = "nsm_get_handle", -+ [27129].param4 = 1, -+ [27142].file = "fs/proc/kcore.c", -+ [27142].name = "read_kcore", -+ [27142].param3 = 1, -+ [27164].file = "include/drm/drm_mem_util.h", -+ [27164].name = "drm_calloc_large", -+ [27164].param1 = 1, -+ [2722].file = "drivers/gpu/drm/ttm/ttm_page_alloc.c", -+ [2722].name = "ttm_alloc_new_pages", -+ [2722].param5 = 1, -+ [27232].file = "security/apparmor/lib.c", -+ [27232].name = "kvmalloc", -+ [27232].param1 = 1, -+ [27275].file = "drivers/scsi/cxgbi/libcxgbi.c", -+ [27275].name = "cxgbi_ddp_reserve", -+ [27275].param4 = 1, -+ [27280].file = "drivers/net/ethernet/mellanox/mlx4/en_tx.c", -+ [27280].name = "mlx4_en_create_tx_ring", -+ [27280].param4 = 1, -+ [27290].file = "security/selinux/ss/services.c", -+ [27290].name = "security_context_to_sid_core", -+ [27290].param2 = 1, -+ [27302].file = "fs/proc/base.c", -+ [27302].name = "proc_loginuid_write", -+ [27302].param3 = 1, -+ [27472].file = "security/selinux/selinuxfs.c", -+ [27472].name = "sel_write_load", -+ [27472].param3 = 1, -+ [27491].file = "fs/proc/base.c", -+ [27491].name = "proc_pid_attr_write", -+ [27491].param3 = 1, -+ [27568].file = "drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c", -+ [27568].name = "t4_alloc_mem", -+ [27568].param1 = 1, -+ [27582].file = "drivers/platform/x86/asus_acpi.c", -+ [27582].name = "ledd_proc_write", -+ [27582].param3 = 1, -+ [27695].file = "fs/namei.c", -+ [27695].name = "sys_link", -+ [27695].param1 = 1, -+ [27695].param2 = 1, -+ [27697].file = "drivers/staging/mei/iorw.c", -+ [27697].name = "amthi_read", -+ [27697].param4 = 1, -+ [27927].file = "drivers/tty/tty_io.c", -+ [27927].name = "redirected_tty_write", -+ [27927].param3 = 1, -+ [28040].file = "kernel/kfifo.c", -+ [28040].name = "__kfifo_alloc", -+ [28040].param2 = 1, -+ [28040].param3 = 1, -+ [28092].file = "fs/select.c", -+ [28092].name = "do_sys_poll", -+ [28092].param2 = 1, -+ [28170].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [28170].name = "iwl_dbgfs_ucode_tracing_write", -+ [28170].param3 = 1, -+ [28247].file = "net/sctp/tsnmap.c", -+ [28247].name = "sctp_tsnmap_init", -+ [28247].param2 = 1, -+ [28265].file = "fs/notify/fanotify/fanotify_user.c", -+ [28265].name = "fanotify_write", -+ [28265].param3 = 1, -+ [28316].file = "drivers/input/joydev.c", -+ [28316].name = "joydev_ioctl_common", -+ [28316].param2 = 1, -+ [28360].file = "drivers/hid/usbhid/hiddev.c", -+ [28360].name = "hiddev_compat_ioctl", -+ [28360].param2 = 1, -+ [28407].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", -+ [28407].name = "rt2x00debug_write_csr", -+ [28407].param3 = 1, -+ [28462].file = "net/rfkill/core.c", -+ [28462].name = "rfkill_fop_write", -+ [28462].param3 = 1, -+ [28635].file = "drivers/gpu/drm/drm_sman.c", -+ [28635].name = "drm_sman_init", -+ [28635].param2 = 1, -+ [28655].file = "drivers/infiniband/hw/mthca/mthca_allocator.c", -+ [28655].name = "mthca_alloc_init", -+ [28655].param2 = 1, -+ [28688].file = "mm/mempolicy.c", -+ [28688].name = "compat_sys_get_mempolicy", -+ [28688].param3 = 1, -+ [28783].file = "drivers/gpu/drm/i915/i915_debugfs.c", -+ [28783].name = "i915_cache_sharing_write", -+ [28783].param3 = 1, -+ [28787].file = "drivers/media/video/videobuf2-core.c", -+ [28787].name = "vb2_write", -+ [28787].param3 = 1, -+ [28879].file = "drivers/base/map.c", -+ [28879].name = "kobj_map", -+ [28879].param2 = 1, -+ [28879].param3 = 1, -+ [28889].file = "drivers/char/pcmcia/cm4040_cs.c", -+ [28889].name = "cm4040_write", -+ [28889].param3 = 1, -+ [29073].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c", -+ [29073].name = "vmw_kms_readback", -+ [29073].param6 = 1, -+ [29085].file = "security/apparmor/apparmorfs.c", -+ [29085].name = "profile_load", -+ [29085].param3 = 1, -+ [29092].file = "lib/lru_cache.c", -+ [29092].name = "lc_create", -+ [29092].param3 = 1, -+ [29189].file = "drivers/gpu/drm/ttm/ttm_page_alloc.c", -+ [29189].name = "ttm_put_pages", -+ [29189].param2 = 1, -+ [29257].file = "drivers/vhost/vhost.c", -+ [29257].name = "vhost_add_used_and_signal_n", -+ [29257].param4 = 1, -+ [29366].file = "drivers/char/pcmcia/cm4000_cs.c", -+ [29366].name = "cmm_read", -+ [29366].param3 = 1, -+ [29405].file = "drivers/media/dvb/dvb-usb/dw2102.c", -+ [29405].name = "dw210x_op_rw", -+ [29405].param6 = 1, -+ [29437].file = "drivers/net/wireless/iwlegacy/iwl-4965-rs.c", -+ [29437].name = "iwl4965_rs_sta_dbgfs_scale_table_write", -+ [29437].param3 = 1, -+ [29465].file = "drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c", -+ [29465].name = "mem_read", -+ [29465].param3 = 1, -+ [29714].file = "drivers/scsi/cxgbi/libcxgbi.c", -+ [29714].name = "cxgbi_device_register", -+ [29714].param1 = 1, -+ [29714].param2 = 1, -+ [29859].file = "net/rds/page.c", -+ [29859].name = "rds_page_copy_user", -+ [29859].param4 = 1, -+ [29875].file = "sound/isa/gus/gus_pcm.c", -+ [29875].name = "snd_gf1_pcm_playback_copy", -+ [29875].param5 = 1, -+ [29905].file = "mm/nobootmem.c", -+ [29905].name = "___alloc_bootmem", -+ [29905].param1 = 1, -+ [2995].file = "mm/page_alloc.c", -+ [2995].name = "alloc_large_system_hash", -+ [2995].param2 = 1, -+ [30242].file = "fs/cifs/cifssmb.c", -+ [30242].name = "cifs_readdata_alloc", -+ [30242].param1 = 1, -+ [30341].file = "drivers/infiniband/hw/qib/qib_verbs.c", -+ [30341].name = "qib_verbs_send", -+ [30341].param3 = 1, -+ [30341].param5 = 1, -+ [30438].file = "mm/filemap_xip.c", -+ [30438].name = "xip_file_read", -+ [30438].param3 = 1, -+ [30449].file = "drivers/telephony/ixj.c", -+ [30449].name = "ixj_read", -+ [30449].param3 = 1, -+ [30489].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [30489].name = "iwl_dbgfs_rx_handlers_write", -+ [30489].param3 = 1, -+ [30693].file = "fs/namei.c", -+ [30693].name = "sys_rename", -+ [30693].param1 = 1, -+ [30693].param2 = 1, -+ [307].file = "drivers/base/regmap/regmap-debugfs.c", -+ [307].name = "regmap_map_read_file", -+ [307].param3 = 1, -+ [30970].file = "drivers/usb/misc/ldusb.c", -+ [30970].name = "ld_usb_read", -+ [30970].param3 = 1, -+ [31155].file = "drivers/staging/frontier/alphatrack.c", -+ [31155].name = "usb_alphatrack_write", -+ [31155].param3 = 1, -+ [31207].file = "drivers/platform/x86/asus_acpi.c", -+ [31207].name = "parse_arg", -+ [31207].param2 = 1, -+ [31348].file = "kernel/sched.c", -+ [31348].name = "sys_sched_getaffinity", -+ [31348].param2 = 1, -+ [31465].file = "net/rds/message.c", -+ [31465].name = "rds_message_map_pages", -+ [31465].param2 = 1, -+ [31492].file = "drivers/hid/hidraw.c", -+ [31492].name = "hidraw_read", -+ [31492].param3 = 1, -+ [31649].file = "fs/ecryptfs/crypto.c", -+ [31649].name = "ecryptfs_decode_and_decrypt_filename", -+ [31649].param5 = 1, -+ [3170].file = "security/integrity/ima/ima_fs.c", -+ [3170].name = "ima_write_policy", -+ [3170].param3 = 1, -+ [31730].file = "net/dccp/proto.c", -+ [31730].name = "dccp_setsockopt", -+ [31730].param5 = 1, -+ [31782].file = "drivers/misc/pti.c", -+ [31782].name = "pti_char_write", -+ [31782].param3 = 1, -+ [31789].file = "fs/file.c", -+ [31789].name = "alloc_fdmem", -+ [31789].param1 = 1, -+ [31957].file = "fs/afs/proc.c", -+ [31957].name = "afs_proc_cells_write", -+ [31957].param3 = 1, -+ [32025].file = "drivers/nfc/pn544.c", -+ [32025].name = "pn544_write", -+ [32025].param3 = 1, -+ [32182].file = "net/sunrpc/cache.c", -+ [32182].name = "cache_write", -+ [32182].param3 = 1, -+ [32326].file = "drivers/tty/n_r3964.c", -+ [32326].name = "r3964_write", -+ [32326].param4 = 1, -+ [32402].file = "net/ceph/pagevec.c", -+ [32402].name = "ceph_copy_user_to_page_vector", -+ [32402].param4 = 1, -+ [3241].file = "drivers/usb/wusbcore/crypto.c", -+ [3241].name = "wusb_prf", -+ [3241].param7 = 1, -+ [32459].file = "drivers/media/radio/radio-wl1273.c", -+ [32459].name = "wl1273_fm_fops_write", -+ [32459].param3 = 1, -+ [32560].file = "drivers/input/input-mt.c", -+ [32560].name = "input_mt_init_slots", -+ [32560].param2 = 1, -+ [32574].file = "mm/mempolicy.c", -+ [32574].name = "sys_get_mempolicy", -+ [32574].param3 = 1, -+ [32608].file = "security/selinux/selinuxfs.c", -+ [32608].name = "sel_write_checkreqprot", -+ [32608].param3 = 1, -+ [32950].file = "fs/reiserfs/resize.c", -+ [32950].name = "reiserfs_resize", -+ [32950].param2 = 1, -+ [33010].file = "drivers/media/dvb/dvb-core/dvb_ringbuffer.c", -+ [33010].name = "dvb_ringbuffer_pkt_read_user", -+ [33010].param5 = 1, -+ [33268].file = "mm/maccess.c", -+ [33268].name = "__probe_kernel_write", -+ [33268].param3 = 1, -+ [33280].file = "fs/xfs/kmem.c", -+ [33280].name = "kmem_realloc", -+ [33280].param2 = 1, -+ [33375].file = "drivers/staging/rtl8712/osdep_service.h", -+ [33375].name = "_malloc", -+ [33375].param1 = 1, -+ [33637].file = "net/9p/client.c", -+ [33637].name = "p9_client_read", -+ [33637].param5 = 1, -+ [33669].file = "fs/gfs2/glock.c", -+ [33669].name = "gfs2_glock_nq_m", -+ [33669].param1 = 1, -+ [33810].file = "net/mac80211/util.c", -+ [33810].name = "ieee80211_send_probe_req", -+ [33810].param6 = 1, -+ [3384].file = "drivers/block/paride/pg.c", -+ [3384].name = "pg_write", -+ [3384].param3 = 1, -+ [34016].file = "drivers/tty/tty_buffer.c", -+ [34016].name = "tty_prepare_flip_string_flags", -+ [34016].param4 = 1, -+ [34105].file = "fs/libfs.c", -+ [34105].name = "simple_read_from_buffer", -+ [34105].param2 = 1, -+ [34105].param5 = 1, -+ [34120].file = "drivers/media/video/pvrusb2/pvrusb2-io.c", -+ [34120].name = "pvr2_stream_buffer_count", -+ [34120].param2 = 1, -+ [34226].file = "mm/shmem.c", -+ [34226].name = "shmem_xattr_set", -+ [34226].param4 = 1, -+ [34251].file = "drivers/staging/cxt1e1/sbecom_inline_linux.h", -+ [34251].name = "OS_kmalloc", -+ [34251].param1 = 1, -+ [34276].file = "drivers/media/video/videobuf2-core.c", -+ [34276].name = "__vb2_perform_fileio", -+ [34276].param3 = 1, -+ [34278].file = "fs/ubifs/debug.c", -+ [34278].name = "dfs_global_file_write", -+ [34278].param3 = 1, -+ [34432].file = "drivers/edac/edac_pci.c", -+ [34432].name = "edac_pci_alloc_ctl_info", -+ [34432].param1 = 1, -+ [34551].file = "fs/ocfs2/stack_user.c", -+ [34551].name = "ocfs2_control_cfu", -+ [34551].param2 = 1, -+ [34666].file = "fs/cifs/cifs_debug.c", -+ [34666].name = "cifs_security_flags_proc_write", -+ [34666].param3 = 1, -+ [34672].file = "drivers/tty/tty_io.c", -+ [34672].name = "tty_write", -+ [34672].param3 = 1, -+ [34760].file = "include/acpi/platform/aclinux.h", -+ [34760].name = "acpi_os_allocate_zeroed", -+ [34760].param1 = 1, -+ [34802].file = "drivers/scsi/cxgbi/libcxgbi.h", -+ [34802].name = "cxgbi_alloc_big_mem", -+ [34802].param1 = 1, -+ [34847].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [34847].name = "iwl_dbgfs_clear_traffic_statistics_write", -+ [34847].param3 = 1, -+ [34863].file = "drivers/video/fbsysfs.c", -+ [34863].name = "framebuffer_alloc", -+ [34863].param1 = 1, -+ [34882].file = "drivers/platform/x86/toshiba_acpi.c", -+ [34882].name = "video_proc_write", -+ [34882].param3 = 1, -+ [34988].file = "drivers/net/wireless/libertas/debugfs.c", -+ [34988].name = "lbs_rdrf_write", -+ [34988].param3 = 1, -+ [35007].file = "drivers/usb/mon/mon_bin.c", -+ [35007].name = "mon_bin_read", -+ [35007].param3 = 1, -+ [35050].file = "fs/ocfs2/dlmfs/dlmfs.c", -+ [35050].name = "dlmfs_file_write", -+ [35050].param3 = 1, -+ [35119].file = "fs/xattr.c", -+ [35119].name = "sys_llistxattr", -+ [35119].param3 = 1, -+ [35129].file = "mm/nobootmem.c", -+ [35129].name = "___alloc_bootmem_nopanic", -+ [35129].param1 = 1, -+ [35176].file = "drivers/usb/misc/ldusb.c", -+ [35176].name = "ld_usb_write", -+ [35176].param3 = 1, -+ [35234].file = "net/irda/irnet/irnet_ppp.c", -+ [35234].name = "irnet_ctrl_write", -+ [35234].param3 = 1, -+ [35256].file = "sound/core/memory.c", -+ [35256].name = "copy_from_user_toio", -+ [35256].param3 = 1, -+ [35268].file = "security/keys/request_key_auth.c", -+ [35268].name = "request_key_auth_read", -+ [35268].param3 = 1, -+ [3541].file = "drivers/mtd/ubi/cdev.c", -+ [3541].name = "vol_cdev_write", -+ [3541].param3 = 1, -+ [35443].file = "sound/core/pcm_memory.c", -+ [35443].name = "_snd_pcm_lib_alloc_vmalloc_buffer", -+ [35443].param2 = 1, -+ [35449].file = "fs/namei.c", -+ [35449].name = "sys_mkdir", -+ [35449].param1 = 1, -+ [35542].file = "drivers/tty/ipwireless/hardware.c", -+ [35542].name = "ipwireless_send_packet", -+ [35542].param4 = 1, -+ [35556].file = "fs/read_write.c", -+ [35556].name = "sys_readv", -+ [35556].param3 = 1, -+ [35610].file = "net/batman-adv/translation-table.c", -+ [35610].name = "tt_save_orig_buffer", -+ [35610].param4 = 1, -+ [35693].file = "drivers/staging/mei/main.c", -+ [35693].name = "mei_read", -+ [35693].param3 = 1, -+ [35729].file = "include/linux/skbuff.h", -+ [35729].name = "__dev_alloc_skb", -+ [35729].param1 = 1, -+ [35731].file = "drivers/usb/class/cdc-wdm.c", -+ [35731].name = "wdm_read", -+ [35731].param3 = 1, -+ [35796].file = "drivers/mtd/nand/nand_bch.c", -+ [35796].name = "nand_bch_init", -+ [35796].param2 = 1, -+ [35796].param3 = 1, -+ [35880].file = "fs/ecryptfs/crypto.c", -+ [35880].name = "ecryptfs_encrypt_and_encode_filename", -+ [35880].param6 = 1, -+ [3604].file = "net/batman-adv/translation-table.c", -+ [3604].name = "tt_update_orig", -+ [3604].param4 = 1, -+ [36080].file = "drivers/media/video/v4l2-ioctl.c", -+ [36080].name = "video_usercopy", -+ [36080].param2 = 1, -+ [36149].file = "fs/udf/inode.c", -+ [36149].name = "udf_alloc_i_data", -+ [36149].param2 = 1, -+ [36183].file = "drivers/tty/vt/vc_screen.c", -+ [36183].name = "vcs_read", -+ [36183].param3 = 1, -+ [36199].file = "net/sunrpc/auth_gss/auth_gss.c", -+ [36199].name = "gss_pipe_downcall", -+ [36199].param3 = 1, -+ [3630].file = "drivers/video/broadsheetfb.c", -+ [3630].name = "broadsheetfb_write", -+ [3630].param3 = 1, -+ [3632].file = "drivers/firewire/core-cdev.c", -+ [3632].name = "fw_device_op_read", -+ [3632].param3 = 1, -+ [36490].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c", -+ [36490].name = "ath6kl_cfg80211_connect_event", -+ [36490].param7 = 1, -+ [36522].file = "drivers/hid/hidraw.c", -+ [36522].name = "hidraw_send_report", -+ [36522].param3 = 1, -+ [36560].file = "net/sunrpc/cache.c", -+ [36560].name = "write_flush", -+ [36560].param3 = 1, -+ [36633].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", -+ [36633].name = "rt2x00debug_read_queue_stats", -+ [36633].param3 = 1, -+ [3665].file = "drivers/media/video/ivtv/ivtvfb.c", -+ [3665].name = "ivtvfb_write", -+ [3665].param3 = 1, -+ [36981].file = "drivers/video/via/viafbdev.c", -+ [36981].name = "viafb_dfpl_proc_write", -+ [36981].param3 = 1, -+ [37034].file = "fs/cifs/cifssmb.c", -+ [37034].name = "cifs_writedata_alloc", -+ [37034].param1 = 1, -+ [37044].file = "sound/firewire/packets-buffer.c", -+ [37044].name = "iso_packets_buffer_init", -+ [37044].param3 = 1, -+ [37115].file = "drivers/tty/tty_buffer.c", -+ [37115].name = "tty_prepare_flip_string", -+ [37115].param3 = 1, -+ [37163].file = "net/core/skbuff.c", -+ [37163].name = "__netdev_alloc_skb", -+ [37163].param2 = 1, -+ [37204].file = "drivers/isdn/hardware/eicon/divasi.c", -+ [37204].name = "um_idi_read", -+ [37204].param3 = 1, -+ [37233].file = "fs/ocfs2/cluster/tcp.c", -+ [37233].name = "o2net_send_message_vec", -+ [37233].param4 = 1, -+ [37309].file = "drivers/mtd/mtdchar.c", -+ [37309].name = "mtd_do_readoob", -+ [37309].param4 = 1, -+ [37382].file = "drivers/staging/pohmelfs/inode.c", -+ [37382].name = "pohmelfs_readpages_trans_complete", -+ [37382].param2 = 1, -+ [37384].file = "drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c", -+ [37384].name = "vmw_fifo_reserve", -+ [37384].param2 = 1, -+ [37497].file = "net/mac80211/util.c", -+ [37497].name = "ieee80211_build_probe_req", -+ [37497].param7 = 1, -+ [37594].file = "include/linux/poll.h", -+ [37594].name = "get_fd_set", -+ [37594].param1 = 1, -+ [37611].file = "drivers/xen/xenbus/xenbus_xs.c", -+ [37611].name = "split", -+ [37611].param2 = 1, -+ [37661].file = "mm/filemap.c", -+ [37661].name = "file_read_actor", -+ [37661].param4 = 1, -+ [37872].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [37872].name = "iwl_dbgfs_protection_mode_write", -+ [37872].param3 = 1, -+ [37976].file = "drivers/platform/x86/asus_acpi.c", -+ [37976].name = "bluetooth_proc_write", -+ [37976].param3 = 1, -+ [3797].file = "sound/pci/asihpi/hpicmn.c", -+ [3797].name = "hpi_alloc_control_cache", -+ [3797].param1 = 1, -+ [3801].file = "drivers/block/paride/pt.c", -+ [3801].name = "pt_write", -+ [3801].param3 = 1, -+ [38057].file = "fs/coda/psdev.c", -+ [38057].name = "coda_psdev_write", -+ [38057].param3 = 1, -+ [38186].file = "kernel/signal.c", -+ [38186].name = "do_sigpending", -+ [38186].param2 = 1, -+ [38401].file = "drivers/xen/xenfs/xenbus.c", -+ [38401].name = "queue_reply", -+ [38401].param3 = 1, -+ [3841].file = "drivers/platform/x86/asus_acpi.c", -+ [3841].name = "write_led", -+ [3841].param2 = 1, -+ [38532].file = "fs/afs/cell.c", -+ [38532].name = "afs_cell_lookup", -+ [38532].param2 = 1, -+ [38576].file = "drivers/i2c/i2c-dev.c", -+ [38576].name = "i2cdev_read", -+ [38576].param3 = 1, -+ [38747].file = "fs/xattr.c", -+ [38747].name = "sys_lgetxattr", -+ [38747].param4 = 1, -+ [38972].file = "security/smack/smackfs.c", -+ [38972].name = "smk_write_logging", -+ [38972].param3 = 1, -+ [39001].file = "net/xfrm/xfrm_hash.c", -+ [39001].name = "xfrm_hash_alloc", -+ [39001].param1 = 1, -+ [39044].file = "lib/kstrtox.c", -+ [39044].name = "kstrtos16_from_user", -+ [39044].param2 = 1, -+ [39052].file = "drivers/input/evdev.c", -+ [39052].name = "evdev_ioctl", -+ [39052].param2 = 1, -+ [39154].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [39154].name = "iwl_dbgfs_clear_ucode_statistics_write", -+ [39154].param3 = 1, -+ [39155].file = "drivers/xen/grant-table.c", -+ [39155].name = "get_free_entries", -+ [39155].param1 = 1, -+ [39254].file = "drivers/char/pcmcia/cm4000_cs.c", -+ [39254].name = "cmm_write", -+ [39254].param3 = 1, -+ [39415].file = "fs/pstore/inode.c", -+ [39415].name = "pstore_mkfile", -+ [39415].param5 = 1, -+ [39417].file = "drivers/block/DAC960.c", -+ [39417].name = "dac960_user_command_proc_write", -+ [39417].param3 = 1, -+ [39479].file = "drivers/ide/ide-tape.c", -+ [39479].name = "idetape_chrdev_read", -+ [39479].param3 = 1, -+ [39573].file = "drivers/hid/hid-picolcd.c", -+ [39573].name = "picolcd_debug_reset_write", -+ [39573].param3 = 1, -+ [39583].file = "drivers/net/ethernet/broadcom/cnic.c", -+ [39583].name = "cnic_init_id_tbl", -+ [39583].param2 = 1, -+ [39606].file = "drivers/bluetooth/hci_vhci.c", -+ [39606].name = "vhci_write", -+ [39606].param3 = 1, -+ [39638].file = "security/selinux/selinuxfs.c", -+ [39638].name = "sel_write_avc_cache_threshold", -+ [39638].param3 = 1, -+ [39645].file = "drivers/media/dvb/dvb-core/dvbdev.c", -+ [39645].name = "dvb_generic_ioctl", -+ [39645].param2 = 1, -+ [39741].file = "drivers/video/via/viafbdev.c", -+ [39741].name = "viafb_iga2_odev_proc_write", -+ [39741].param3 = 1, -+ [39888].file = "net/core/skbuff.c", -+ [39888].name = "__alloc_skb", -+ [39888].param1 = 1, -+ [40043].file = "drivers/media/video/v4l2-ioctl.c", -+ [40043].name = "video_ioctl2", -+ [40043].param2 = 1, -+ [40049].file = "drivers/bluetooth/btmrvl_debugfs.c", -+ [40049].name = "btmrvl_psmode_write", -+ [40049].param3 = 1, -+ [40075].file = "drivers/media/video/c-qcam.c", -+ [40075].name = "qc_capture", -+ [40075].param3 = 1, -+ [40163].file = "fs/ncpfs/file.c", -+ [40163].name = "ncp_file_write", -+ [40163].param3 = 1, -+ [40240].file = "drivers/char/nvram.c", -+ [40240].name = "nvram_write", -+ [40240].param3 = 1, -+ [40256].file = "drivers/tty/vt/vc_screen.c", -+ [40256].name = "vcs_write", -+ [40256].param3 = 1, -+ [40302].file = "sound/isa/gus/gus_dram.c", -+ [40302].name = "snd_gus_dram_poke", -+ [40302].param4 = 1, -+ [40355].file = "drivers/staging/mei/main.c", -+ [40355].name = "mei_write", -+ [40355].param3 = 1, -+ [40373].file = "fs/cifs/cifs_spnego.c", -+ [40373].name = "cifs_spnego_key_instantiate", -+ [40373].param3 = 1, -+ [40412].file = "fs/namei.c", -+ [40412].name = "user_path_at", -+ [40412].param2 = 1, -+ [40578].file = "sound/soc/soc-core.c", -+ [40578].name = "codec_reg_write_file", -+ [40578].param3 = 1, -+ [40678].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [40678].name = "iwl_legacy_dbgfs_traffic_log_write", -+ [40678].param3 = 1, -+ [40713].file = "net/mac80211/debugfs.c", -+ [40713].name = "noack_write", -+ [40713].param3 = 1, -+ [40754].file = "fs/btrfs/delayed-inode.c", -+ [40754].name = "btrfs_alloc_delayed_item", -+ [40754].param1 = 1, -+ [40786].file = "net/ipv4/netfilter/nf_nat_snmp_basic.c", -+ [40786].name = "asn1_octets_decode", -+ [40786].param2 = 1, -+ [40901].file = "drivers/block/drbd/drbd_bitmap.c", -+ [40901].name = "drbd_bm_resize", -+ [40901].param2 = 1, -+ [40952].file = "drivers/misc/sgi-xp/xpc_partition.c", -+ [40952].name = "xpc_kmalloc_cacheline_aligned", -+ [40952].param1 = 1, -+ [41000].file = "sound/core/pcm_native.c", -+ [41000].name = "snd_pcm_aio_read", -+ [41000].param3 = 1, -+ [41003].file = "fs/namei.c", -+ [41003].name = "user_path_parent", -+ [41003].param2 = 1, -+ [41005].file = "net/bridge/netfilter/ebtables.c", -+ [41005].name = "copy_counters_to_user", -+ [41005].param5 = 1, -+ [41090].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [41090].name = "iwl_legacy_dbgfs_sram_write", -+ [41090].param3 = 1, -+ [41122].file = "fs/binfmt_misc.c", -+ [41122].name = "bm_status_write", -+ [41122].param3 = 1, -+ [41230].file = "drivers/usb/storage/datafab.c", -+ [41230].name = "datafab_read_data", -+ [41230].param4 = 1, -+ [41249].file = "drivers/media/video/zr364xx.c", -+ [41249].name = "send_control_msg", -+ [41249].param6 = 1, -+ [41302].file = "net/dns_resolver/dns_query.c", -+ [41302].name = "dns_query", -+ [41302].param3 = 1, -+ [41418].file = "fs/libfs.c", -+ [41418].name = "simple_attr_write", -+ [41418].param3 = 1, -+ [4155].file = "kernel/kexec.c", -+ [4155].name = "do_kimage_alloc", -+ [4155].param3 = 1, -+ [41592].file = "net/sctp/ssnmap.c", -+ [41592].name = "sctp_ssnmap_new", -+ [41592].param1 = 1, -+ [41592].param2 = 1, -+ [41616].file = "net/core/filter.c", -+ [41616].name = "sk_chk_filter", -+ [41616].param2 = 1, -+ [41676].file = "fs/compat.c", -+ [41676].name = "compat_sys_preadv", -+ [41676].param3 = 1, -+ [41727].file = "drivers/media/video/meye.c", -+ [41727].name = "rvmalloc", -+ [41727].param1 = 1, -+ [41884].file = "sound/core/oss/pcm_plugin.c", -+ [41884].name = "snd_pcm_plug_alloc", -+ [41884].param2 = 1, -+ [41924].file = "security/keys/keyctl.c", -+ [41924].name = "keyctl_get_security", -+ [41924].param3 = 1, -+ [4202].file = "drivers/edac/edac_mc.c", -+ [4202].name = "edac_mc_alloc", -+ [4202].param1 = 1, -+ [42143].file = "drivers/media/video/c-qcam.c", -+ [42143].name = "qcam_read", -+ [42143].param3 = 1, -+ [42206].file = "fs/quota/quota_tree.c", -+ [42206].name = "getdqbuf", -+ [42206].param1 = 1, -+ [42270].file = "net/wireless/scan.c", -+ [42270].name = "cfg80211_inform_bss_frame", -+ [42270].param4 = 1, -+ [4233].file = "fs/select.c", -+ [4233].name = "sys_poll", -+ [4233].param2 = 1, -+ [42378].file = "drivers/net/wireless/ath/ath6kl/debug.c", -+ [42378].name = "ath6kl_regread_write", -+ [42378].param3 = 1, -+ [42420].file = "drivers/net/wireless/hostap/hostap_ioctl.c", -+ [42420].name = "prism2_set_genericelement", -+ [42420].param3 = 1, -+ [42466].file = "drivers/scsi/lpfc/lpfc_debugfs.c", -+ [42466].name = "lpfc_idiag_cmd_get", -+ [42466].param2 = 1, -+ [42472].file = "fs/compat.c", -+ [42472].name = "compat_readv", -+ [42472].param3 = 1, -+ [42483].file = "drivers/media/video/videobuf-dma-sg.c", -+ [42483].name = "videobuf_dma_init_user_locked", -+ [42483].param3 = 1, -+ [42483].param4 = 1, -+ [42562].file = "kernel/kfifo.c", -+ [42562].name = "__kfifo_to_user_r", -+ [42562].param3 = 1, -+ [42666].file = "drivers/pcmcia/cistpl.c", -+ [42666].name = "read_cis_cache", -+ [42666].param4 = 1, -+ [42882].file = "security/keys/user_defined.c", -+ [42882].name = "user_instantiate", -+ [42882].param3 = 1, -+ [42964].file = "drivers/video/fb_sys_fops.c", -+ [42964].name = "fb_sys_read", -+ [42964].param3 = 1, -+ [43023].file = "drivers/usb/misc/usblcd.c", -+ [43023].name = "lcd_write", -+ [43023].param3 = 1, -+ [4324].file = "drivers/video/fbmem.c", -+ [4324].name = "fb_read", -+ [4324].param3 = 1, -+ [43380].file = "drivers/scsi/bfa/bfad_debugfs.c", -+ [43380].name = "bfad_debugfs_write_regrd", -+ [43380].param3 = 1, -+ [43393].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [43393].name = "iwl_dbgfs_sram_write", -+ [43393].param3 = 1, -+ [4344].file = "fs/namei.c", -+ [4344].name = "sys_mkdirat", -+ [4344].param2 = 1, -+ [43510].file = "kernel/kexec.c", -+ [43510].name = "compat_sys_kexec_load", -+ [43510].param2 = 1, -+ [43515].file = "drivers/usb/storage/jumpshot.c", -+ [43515].name = "jumpshot_read_data", -+ [43515].param4 = 1, -+ [43540].file = "include/rdma/ib_verbs.h", -+ [43540].name = "ib_copy_to_udata", -+ [43540].param3 = 1, -+ [4357].file = "security/tomoyo/securityfs_if.c", -+ [4357].name = "tomoyo_read_self", -+ [4357].param3 = 1, -+ [43590].file = "security/smack/smackfs.c", -+ [43590].name = "smk_write_onlycap", -+ [43590].param3 = 1, -+ [43596].file = "drivers/usb/core/buffer.c", -+ [43596].name = "hcd_buffer_alloc", -+ [43596].param2 = 1, -+ [43632].file = "drivers/media/video/videobuf2-core.c", -+ [43632].name = "vb2_read", -+ [43632].param3 = 1, -+ [43731].file = "drivers/hid/hid-picolcd.c", -+ [43731].name = "picolcd_debug_eeprom_read", -+ [43731].param3 = 1, -+ [43777].file = "drivers/acpi/acpica/utobject.c", -+ [43777].name = "acpi_ut_create_buffer_object", -+ [43777].param1 = 1, -+ [43834].file = "security/apparmor/apparmorfs.c", -+ [43834].name = "profile_replace", -+ [43834].param3 = 1, -+ [43899].file = "drivers/media/rc/imon.c", -+ [43899].name = "vfd_write", -+ [43899].param3 = 1, -+ [43982].file = "drivers/platform/x86/toshiba_acpi.c", -+ [43982].name = "keys_proc_write", -+ [43982].param3 = 1, -+ [44039].file = "drivers/video/via/viafbdev.c", -+ [44039].name = "odev_update", -+ [44039].param2 = 1, -+ [44050].file = "fs/nfs/idmap.c", -+ [44050].name = "nfs_map_group_to_gid", -+ [44050].param3 = 1, -+ [44125].file = "fs/ext4/super.c", -+ [44125].name = "ext4_kvmalloc", -+ [44125].param1 = 1, -+ [44180].file = "drivers/video/via/viafbdev.c", -+ [44180].name = "viafb_vt1636_proc_write", -+ [44180].param3 = 1, -+ [44290].file = "drivers/net/usb/dm9601.c", -+ [44290].name = "dm_read", -+ [44290].param3 = 1, -+ [44298].file = "drivers/scsi/pmcraid.c", -+ [44298].name = "pmcraid_copy_sglist", -+ [44298].param3 = 1, -+ [44365].file = "fs/namei.c", -+ [44365].name = "do_rmdir", -+ [44365].param2 = 1, -+ [44640].file = "fs/select.c", -+ [44640].name = "sys_ppoll", -+ [44640].param2 = 1, -+ [44649].file = "mm/page_cgroup.c", -+ [44649].name = "swap_cgroup_swapon", -+ [44649].param2 = 1, -+ [44656].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [44656].name = "iwl_legacy_dbgfs_wd_timeout_write", -+ [44656].param3 = 1, -+ [4471].file = "fs/ntfs/malloc.h", -+ [4471].name = "__ntfs_malloc", -+ [4471].param1 = 1, -+ [44773].file = "drivers/staging/vme/devices/vme_user.c", -+ [44773].name = "vme_user_write", -+ [44773].param3 = 1, -+ [44825].file = "drivers/scsi/osd/osd_initiator.c", -+ [44825].name = "_osd_realloc_seg", -+ [44825].param3 = 1, -+ [44943].file = "mm/util.c", -+ [44943].name = "kmemdup", -+ [44943].param2 = 1, -+ [44990].file = "drivers/media/video/pvrusb2/pvrusb2-ioread.c", -+ [44990].name = "pvr2_ioread_set_sync_key", -+ [44990].param3 = 1, -+ [45000].file = "fs/afs/proc.c", -+ [45000].name = "afs_proc_rootcell_write", -+ [45000].param3 = 1, -+ [45119].file = "drivers/usb/misc/yurex.c", -+ [45119].name = "yurex_write", -+ [45119].param3 = 1, -+ [45169].file = "drivers/video/metronomefb.c", -+ [45169].name = "metronomefb_write", -+ [45169].param3 = 1, -+ [45200].file = "drivers/scsi/scsi_proc.c", -+ [45200].name = "proc_scsi_write_proc", -+ [45200].param3 = 1, -+ [45217].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [45217].name = "iwl_dbgfs_debug_level_write", -+ [45217].param3 = 1, -+ [45231].file = "fs/ecryptfs/crypto.c", -+ [45231].name = "ecryptfs_copy_filename", -+ [45231].param4 = 1, -+ [45233].file = "net/rds/info.c", -+ [45233].name = "rds_info_getsockopt", -+ [45233].param3 = 1, -+ [45244].file = "drivers/mfd/ab3100-core.c", -+ [45244].name = "ab3100_get_set_reg", -+ [45244].param3 = 1, -+ [45264].file = "drivers/net/wireless/ath/ath5k/debug.c", -+ [45264].name = "write_file_ani", -+ [45264].param3 = 1, -+ [45326].file = "drivers/mtd/ubi/cdev.c", -+ [45326].name = "vol_cdev_read", -+ [45326].param3 = 1, -+ [45335].file = "fs/read_write.c", -+ [45335].name = "vfs_writev", -+ [45335].param3 = 1, -+ [45421].file = "drivers/message/fusion/mptctl.c", -+ [45421].name = "mptctl_do_mpt_command", -+ [45421].param3 = 1, -+ [45534].file = "drivers/net/wireless/ath/carl9170/cmd.c", -+ [45534].name = "carl9170_cmd_buf", -+ [45534].param3 = 1, -+ [45576].file = "net/netfilter/xt_recent.c", -+ [45576].name = "recent_mt_proc_write", -+ [45576].param3 = 1, -+ [45586].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", -+ [45586].name = "rt2x00debug_write_bbp", -+ [45586].param3 = 1, -+ [45629].file = "lib/bch.c", -+ [45629].name = "bch_alloc", -+ [45629].param1 = 1, -+ [45633].file = "drivers/input/evdev.c", -+ [45633].name = "evdev_do_ioctl", -+ [45633].param2 = 1, -+ [45740].file = "drivers/net/wireless/ath/ath6kl/debug.c", -+ [45740].name = "ath6kl_lrssi_roam_write", -+ [45740].param3 = 1, -+ [45747].file = "net/netlink/af_netlink.c", -+ [45747].name = "__netlink_change_ngroups", -+ [45747].param2 = 1, -+ [45930].file = "security/apparmor/apparmorfs.c", -+ [45930].name = "profile_remove", -+ [45930].param3 = 1, -+ [45954].file = "drivers/usb/misc/legousbtower.c", -+ [45954].name = "tower_write", -+ [45954].param3 = 1, -+ [45995].file = "fs/namei.c", -+ [45995].name = "sys_mknodat", -+ [45995].param2 = 1, -+ [46072].file = "drivers/video/arcfb.c", -+ [46072].name = "arcfb_write", -+ [46072].param3 = 1, -+ [46140].file = "sound/core/memalloc.c", -+ [46140].name = "snd_mem_proc_write", -+ [46140].param3 = 1, -+ [4614].file = "sound/core/pcm_lib.c", -+ [4614].name = "snd_pcm_lib_write_transfer", -+ [4614].param5 = 1, -+ [4616].file = "net/sunrpc/cache.c", -+ [4616].name = "cache_do_downcall", -+ [4616].param3 = 1, -+ [46243].file = "fs/binfmt_misc.c", -+ [46243].name = "bm_register_write", -+ [46243].param3 = 1, -+ [46250].file = "fs/xattr.c", -+ [46250].name = "sys_getxattr", -+ [46250].param4 = 1, -+ [46343].file = "fs/compat.c", -+ [46343].name = "compat_do_readv_writev", -+ [46343].param4 = 1, -+ [4644].file = "drivers/net/usb/mcs7830.c", -+ [4644].name = "mcs7830_get_reg", -+ [4644].param3 = 1, -+ [46605].file = "sound/core/oss/pcm_oss.c", -+ [46605].name = "snd_pcm_oss_sync1", -+ [46605].param2 = 1, -+ [46630].file = "net/decnet/af_decnet.c", -+ [46630].name = "__dn_setsockopt", -+ [46630].param5 = 1, -+ [46655].file = "drivers/media/video/hdpvr/hdpvr-video.c", -+ [46655].name = "hdpvr_read", -+ [46655].param3 = 1, -+ [46685].file = "drivers/gpu/drm/ttm/ttm_bo_vm.c", -+ [46685].name = "ttm_bo_fbdev_io", -+ [46685].param4 = 1, -+ [46752].file = "drivers/staging/pohmelfs/dir.c", -+ [46752].name = "pohmelfs_name_alloc", -+ [46752].param1 = 1, -+ [46881].file = "drivers/char/lp.c", -+ [46881].name = "lp_write", -+ [46881].param3 = 1, -+ [47130].file = "kernel/kfifo.c", -+ [47130].name = "kfifo_copy_to_user", -+ [47130].param3 = 1, -+ [47265].file = "drivers/scsi/bnx2fc/bnx2fc_io.c", -+ [47265].name = "bnx2fc_cmd_mgr_alloc", -+ [47265].param2 = 1, -+ [47265].param3 = 1, -+ [47342].file = "fs/proc/base.c", -+ [47342].name = "sched_autogroup_write", -+ [47342].param3 = 1, -+ [47363].file = "drivers/input/evdev.c", -+ [47363].name = "evdev_ioctl_handler", -+ [47363].param2 = 1, -+ [47385].file = "drivers/net/wireless/zd1211rw/zd_usb.c", -+ [47385].name = "zd_usb_iowrite16v", -+ [47385].param3 = 1, -+ [47463].file = "fs/xfs/kmem.c", -+ [47463].name = "kmem_zalloc", -+ [47463].param1 = 1, -+ [47636].file = "drivers/usb/class/usblp.c", -+ [47636].name = "usblp_ioctl", -+ [47636].param2 = 1, -+ [47637].file = "drivers/block/cciss.c", -+ [47637].name = "cciss_proc_write", -+ [47637].param3 = 1, -+ [47652].file = "lib/kstrtox.c", -+ [47652].name = "kstrtoll_from_user", -+ [47652].param2 = 1, -+ [47881].file = "security/selinux/selinuxfs.c", -+ [47881].name = "sel_write_disable", -+ [47881].param3 = 1, -+ [48010].file = "drivers/net/wireless/ath/ath9k/debug.c", -+ [48010].name = "write_file_rx_chainmask", -+ [48010].param3 = 1, -+ [48155].file = "net/sctp/sm_make_chunk.c", -+ [48155].name = "sctp_make_abort_user", -+ [48155].param3 = 1, -+ [48182].file = "crypto/cryptd.c", -+ [48182].name = "cryptd_alloc_instance", -+ [48182].param2 = 1, -+ [48248].file = "security/keys/keyctl.c", -+ [48248].name = "keyctl_instantiate_key", -+ [48248].param3 = 1, -+ [48461].file = "drivers/gpu/drm/drm_memory.c", -+ [48461].name = "agp_remap", -+ [48461].param2 = 1, -+ [48642].file = "fs/hugetlbfs/inode.c", -+ [48642].name = "hugetlbfs_read", -+ [48642].param3 = 1, -+ [48720].file = "drivers/gpu/drm/i915/i915_debugfs.c", -+ [48720].name = "i915_max_freq_write", -+ [48720].param3 = 1, -+ [48768].file = "net/irda/irnet/irnet_ppp.c", -+ [48768].name = "dev_irnet_write", -+ [48768].param3 = 1, -+ [48856].file = "drivers/acpi/acpica/utalloc.c", -+ [48856].name = "acpi_ut_initialize_buffer", -+ [48856].param2 = 1, -+ [48941].file = "drivers/gpu/drm/nouveau/nouveau_vm.c", -+ [48941].name = "nouveau_vm_new", -+ [48941].param2 = 1, -+ [48941].param3 = 1, -+ [49126].file = "lib/prio_heap.c", -+ [49126].name = "heap_init", -+ [49126].param2 = 1, -+ [49143].file = "sound/core/oss/pcm_oss.c", -+ [49143].name = "snd_pcm_oss_write2", -+ [49143].param3 = 1, -+ [49216].file = "fs/read_write.c", -+ [49216].name = "do_readv_writev", -+ [49216].param4 = 1, -+ [49354].file = "drivers/media/video/cx18/cx18-fileops.c", -+ [49354].name = "cx18_v4l2_read", -+ [49354].param3 = 1, -+ [49448].file = "drivers/isdn/gigaset/common.c", -+ [49448].name = "gigaset_initdriver", -+ [49448].param2 = 1, -+ [49494].file = "drivers/virtio/virtio_ring.c", -+ [49494].name = "vring_new_virtqueue", -+ [49494].param1 = 1, -+ [49507].file = "fs/namei.c", -+ [49507].name = "sys_symlink", -+ [49507].param1 = 1, -+ [49604].file = "crypto/af_alg.c", -+ [49604].name = "alg_setsockopt", -+ [49604].param5 = 1, -+ [49646].file = "drivers/tty/vt/vt.c", -+ [49646].name = "vc_resize", -+ [49646].param2 = 1, -+ [49646].param3 = 1, -+ [49663].file = "drivers/media/video/uvc/uvc_driver.c", -+ [49663].name = "uvc_simplify_fraction", -+ [49663].param3 = 1, -+ [49718].file = "drivers/hid/hid-roccat-common.c", -+ [49718].name = "roccat_common_send", -+ [49718].param4 = 1, -+ [4972].file = "drivers/video/fb_sys_fops.c", -+ [4972].name = "fb_sys_write", -+ [4972].param3 = 1, -+ [49746].file = "net/ipv4/netfilter/arp_tables.c", -+ [49746].name = "compat_do_arpt_set_ctl", -+ [49746].param4 = 1, -+ [49780].file = "net/mac80211/key.c", -+ [49780].name = "ieee80211_key_alloc", -+ [49780].param3 = 1, -+ [49845].file = "mm/vmalloc.c", -+ [49845].name = "__vmalloc_node", -+ [49845].param1 = 1, -+ [49935].file = "fs/xfs/kmem.c", -+ [49935].name = "kmem_zalloc_greedy", -+ [49935].param2 = 1, -+ [49935].param3 = 1, -+ [50001].file = "sound/pci/ctxfi/ctresource.c", -+ [50001].name = "rsc_mgr_init", -+ [50001].param3 = 1, -+ [50022].file = "drivers/usb/storage/shuttle_usbat.c", -+ [50022].name = "usbat_flash_read_data", -+ [50022].param4 = 1, -+ [50096].file = "drivers/net/wireless/libertas/debugfs.c", -+ [50096].name = "lbs_rdbbp_write", -+ [50096].param3 = 1, -+ [50102].file = "drivers/telephony/ixj.c", -+ [50102].name = "ixj_write", -+ [50102].param3 = 1, -+ [50238].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [50238].name = "iwl_legacy_dbgfs_clear_ucode_statistics_write", -+ [50238].param3 = 1, -+ [50267].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", -+ [50267].name = "rt2x00debug_read_crypto_stats", -+ [50267].param3 = 1, -+ [50398].file = "fs/proc/base.c", -+ [50398].name = "mem_write", -+ [50398].param3 = 1, -+ [50518].file = "drivers/gpu/drm/nouveau/nouveau_gem.c", -+ [50518].name = "u_memcpya", -+ [50518].param2 = 1, -+ [50518].param3 = 1, -+ [5052].file = "drivers/char/ppdev.c", -+ [5052].name = "pp_read", -+ [5052].param3 = 1, -+ [50562].file = "drivers/media/video/zoran/zoran_procfs.c", -+ [50562].name = "zoran_write", -+ [50562].param3 = 1, -+ [50653].file = "net/sunrpc/cache.c", -+ [50653].name = "cache_write_procfs", -+ [50653].param3 = 1, -+ [50692].file = "lib/ts_bm.c", -+ [50692].name = "bm_init", -+ [50692].param2 = 1, -+ [50813].file = "mm/vmalloc.c", -+ [50813].name = "__vmalloc_node_flags", -+ [50813].param1 = 1, -+ [5087].file = "drivers/atm/solos-pci.c", -+ [5087].name = "console_store", -+ [5087].param4 = 1, -+ [5102].file = "drivers/usb/misc/usbtest.c", -+ [5102].name = "usbtest_alloc_urb", -+ [5102].param3 = 1, -+ [5102].param5 = 1, -+ [51052].file = "drivers/base/firmware_class.c", -+ [51052].name = "firmware_data_write", -+ [51052].param6 = 1, -+ [51177].file = "net/sunrpc/xprtrdma/transport.c", -+ [51177].name = "xprt_rdma_allocate", -+ [51177].param2 = 1, -+ [51182].file = "drivers/misc/sgi-xp/xpc_main.c", -+ [51182].name = "xpc_kzalloc_cacheline_aligned", -+ [51182].param1 = 1, -+ [51250].file = "fs/read_write.c", -+ [51250].name = "rw_copy_check_uvector", -+ [51250].param3 = 1, -+ [51253].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", -+ [51253].name = "rt2x00debug_write_eeprom", -+ [51253].param3 = 1, -+ [51284].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [51284].name = "iwl_legacy_dbgfs_interrupt_write", -+ [51284].param3 = 1, -+ [51323].file = "sound/pci/ac97/ac97_pcm.c", -+ [51323].name = "snd_ac97_pcm_assign", -+ [51323].param2 = 1, -+ [51340].file = "drivers/usb/class/usblp.c", -+ [51340].name = "usblp_write", -+ [51340].param3 = 1, -+ [51471].file = "drivers/block/floppy.c", -+ [51471].name = "fd_locked_ioctl", -+ [51471].param3 = 1, -+ [5197].file = "net/core/dev.c", -+ [5197].name = "dev_set_alias", -+ [5197].param3 = 1, -+ [51998].file = "drivers/net/macvtap.c", -+ [51998].name = "macvtap_get_user", -+ [51998].param4 = 1, -+ [5204].file = "drivers/media/video/usbvision/usbvision-video.c", -+ [5204].name = "usbvision_v4l2_read", -+ [5204].param3 = 1, -+ [52086].file = "drivers/usb/image/mdc800.c", -+ [52086].name = "mdc800_device_read", -+ [52086].param3 = 1, -+ [52172].file = "drivers/pcmcia/cistpl.c", -+ [52172].name = "pccard_store_cis", -+ [52172].param6 = 1, -+ [52173].file = "drivers/misc/ibmasm/ibmasmfs.c", -+ [52173].name = "remote_settings_file_write", -+ [52173].param3 = 1, -+ [52199].file = "mm/nobootmem.c", -+ [52199].name = "__alloc_bootmem", -+ [52199].param1 = 1, -+ [52201].file = "drivers/video/via/viafbdev.c", -+ [52201].name = "viafb_dvp0_proc_write", -+ [52201].param3 = 1, -+ [5233].file = "include/linux/poll.h", -+ [5233].name = "set_fd_set", -+ [5233].param1 = 1, -+ [52343].file = "drivers/usb/misc/adutux.c", -+ [52343].name = "adu_read", -+ [52343].param3 = 1, -+ [52364].file = "sound/core/pcm_lib.c", -+ [52364].name = "snd_pcm_lib_readv_transfer", -+ [52364].param5 = 1, -+ [52401].file = "drivers/staging/rtl8712/rtl871x_ioctl_linux.c", -+ [52401].name = "r871x_set_wpa_ie", -+ [52401].param3 = 1, -+ [52699].file = "lib/ts_fsm.c", -+ [52699].name = "fsm_init", -+ [52699].param2 = 1, -+ [52721].file = "security/keys/encrypted-keys/encrypted.c", -+ [52721].name = "encrypted_instantiate", -+ [52721].param3 = 1, -+ [53041].file = "fs/libfs.c", -+ [53041].name = "simple_transaction_get", -+ [53041].param3 = 1, -+ [5313].file = "fs/gfs2/quota.c", -+ [5313].name = "do_sync", -+ [5313].param1 = 1, -+ [53209].file = "drivers/usb/host/ehci-sched.c", -+ [53209].name = "iso_sched_alloc", -+ [53209].param1 = 1, -+ [53302].file = "drivers/firewire/core-cdev.c", -+ [53302].name = "dispatch_ioctl", -+ [53302].param2 = 1, -+ [53355].file = "fs/ceph/dir.c", -+ [53355].name = "ceph_read_dir", -+ [53355].param3 = 1, -+ [53405].file = "drivers/media/video/videobuf-core.c", -+ [53405].name = "__videobuf_copy_to_user", -+ [53405].param4 = 1, -+ [53407].file = "net/wireless/sme.c", -+ [53407].name = "cfg80211_connect_result", -+ [53407].param4 = 1, -+ [53407].param6 = 1, -+ [53426].file = "fs/libfs.c", -+ [53426].name = "simple_transaction_read", -+ [53426].param3 = 1, -+ [5344].file = "security/selinux/ss/hashtab.c", -+ [5344].name = "hashtab_create", -+ [5344].param3 = 1, -+ [53468].file = "drivers/char/mem.c", -+ [53468].name = "write_mem", -+ [53468].param3 = 1, -+ [53513].file = "drivers/mmc/core/mmc_ops.c", -+ [53513].name = "mmc_send_bus_test", -+ [53513].param4 = 1, -+ [53539].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [53539].name = "iwl_dbgfs_txfifo_flush_write", -+ [53539].param3 = 1, -+ [53626].file = "drivers/block/paride/pg.c", -+ [53626].name = "pg_read", -+ [53626].param3 = 1, -+ [53631].file = "mm/util.c", -+ [53631].name = "memdup_user", -+ [53631].param2 = 1, -+ [53680].file = "lib/kstrtox.c", -+ [53680].name = "kstrtol_from_user", -+ [53680].param2 = 1, -+ [5389].file = "drivers/infiniband/core/uverbs_cmd.c", -+ [5389].name = "ib_uverbs_unmarshall_recv", -+ [5389].param5 = 1, -+ [53901].file = "net/rds/message.c", -+ [53901].name = "rds_message_alloc", -+ [53901].param1 = 1, -+ [53904].file = "fs/namei.c", -+ [53904].name = "sys_unlink", -+ [53904].param1 = 1, -+ [5410].file = "kernel/kexec.c", -+ [5410].name = "sys_kexec_load", -+ [5410].param2 = 1, -+ [54182].file = "drivers/block/rbd.c", -+ [54182].name = "rbd_snap_add", -+ [54182].param4 = 1, -+ [5419].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [5419].name = "iwl_legacy_dbgfs_disable_ht40_write", -+ [5419].param3 = 1, -+ [54201].file = "drivers/platform/x86/asus_acpi.c", -+ [54201].name = "mled_proc_write", -+ [54201].param3 = 1, -+ [5422].file = "fs/namei.c", -+ [5422].name = "do_unlinkat", -+ [5422].param2 = 1, -+ [54252].file = "drivers/scsi/st.c", -+ [54252].name = "st_write", -+ [54252].param3 = 1, -+ [54263].file = "security/keys/trusted.c", -+ [54263].name = "trusted_instantiate", -+ [54263].param3 = 1, -+ [54298].file = "drivers/usb/wusbcore/crypto.c", -+ [54298].name = "wusb_ccm_mac", -+ [54298].param7 = 1, -+ [54318].file = "include/drm/drm_mem_util.h", -+ [54318].name = "drm_malloc_ab", -+ [54318].param1 = 1, -+ [54318].param2 = 1, -+ [54335].file = "drivers/md/dm-table.c", -+ [54335].name = "dm_vcalloc", -+ [54335].param1 = 1, -+ [54335].param2 = 1, -+ [54339].file = "security/smack/smackfs.c", -+ [54339].name = "smk_write_cipso", -+ [54339].param3 = 1, -+ [5438].file = "sound/core/memory.c", -+ [5438].name = "copy_to_user_fromio", -+ [5438].param3 = 1, -+ [54401].file = "lib/dynamic_debug.c", -+ [54401].name = "ddebug_proc_write", -+ [54401].param3 = 1, -+ [54427].file = "drivers/usb/storage/jumpshot.c", -+ [54427].name = "jumpshot_write_data", -+ [54427].param4 = 1, -+ [54467].file = "net/packet/af_packet.c", -+ [54467].name = "packet_setsockopt", -+ [54467].param5 = 1, -+ [54573].file = "ipc/sem.c", -+ [54573].name = "sys_semop", -+ [54573].param3 = 1, -+ [54643].file = "drivers/isdn/hardware/eicon/divasi.c", -+ [54643].name = "um_idi_write", -+ [54643].param3 = 1, -+ [54657].file = "mm/migrate.c", -+ [54657].name = "do_pages_stat", -+ [54657].param2 = 1, -+ [54663].file = "drivers/isdn/hardware/eicon/platform.h", -+ [54663].name = "diva_os_malloc", -+ [54663].param2 = 1, -+ [54751].file = "drivers/infiniband/core/device.c", -+ [54751].name = "ib_alloc_device", -+ [54751].param1 = 1, -+ [54806].file = "drivers/scsi/lpfc/lpfc_debugfs.c", -+ [54806].name = "lpfc_debugfs_dif_err_write", -+ [54806].param3 = 1, -+ [5494].file = "fs/cifs/cifsacl.c", -+ [5494].name = "cifs_idmap_key_instantiate", -+ [5494].param3 = 1, -+ [55066].file = "net/ipv6/ipv6_sockglue.c", -+ [55066].name = "do_ipv6_setsockopt", -+ [55066].param5 = 1, -+ [55105].file = "drivers/base/devres.c", -+ [55105].name = "devres_alloc", -+ [55105].param2 = 1, -+ [55115].file = "net/sctp/probe.c", -+ [55115].name = "sctpprobe_read", -+ [55115].param3 = 1, -+ [55155].file = "net/bluetooth/rfcomm/sock.c", -+ [55155].name = "rfcomm_sock_setsockopt", -+ [55155].param5 = 1, -+ [55187].file = "security/keys/keyctl.c", -+ [55187].name = "keyctl_describe_key", -+ [55187].param3 = 1, -+ [5524].file = "lib/kstrtox.c", -+ [5524].name = "kstrtos8_from_user", -+ [5524].param2 = 1, -+ [55253].file = "drivers/net/wireless/ray_cs.c", -+ [55253].name = "ray_cs_essid_proc_write", -+ [55253].param3 = 1, -+ [5548].file = "drivers/media/media-entity.c", -+ [5548].name = "media_entity_init", -+ [5548].param2 = 1, -+ [5548].param4 = 1, -+ [55580].file = "drivers/usb/mon/mon_bin.c", -+ [55580].name = "copy_from_buf", -+ [55580].param2 = 1, -+ [55682].file = "drivers/net/wireless/libertas/debugfs.c", -+ [55682].name = "lbs_host_sleep_write", -+ [55682].param3 = 1, -+ [55712].file = "drivers/char/mem.c", -+ [55712].name = "read_zero", -+ [55712].param3 = 1, -+ [55857].file = "drivers/net/wireless/ath/ath9k/debug.c", -+ [55857].name = "write_file_tx_chainmask", -+ [55857].param3 = 1, -+ [55978].file = "drivers/usb/misc/iowarrior.c", -+ [55978].name = "iowarrior_write", -+ [55978].param3 = 1, -+ [5599].file = "drivers/char/random.c", -+ [5599].name = "write_pool", -+ [5599].param3 = 1, -+ [56090].file = "drivers/media/video/videobuf-dma-sg.c", -+ [56090].name = "__videobuf_alloc_vb", -+ [56090].param1 = 1, -+ [56199].file = "fs/binfmt_misc.c", -+ [56199].name = "parse_command", -+ [56199].param2 = 1, -+ [56218].file = "drivers/mmc/card/mmc_test.c", -+ [56218].name = "mtf_test_write", -+ [56218].param3 = 1, -+ [56416].file = "drivers/misc/lkdtm.c", -+ [56416].name = "do_register_entry", -+ [56416].param4 = 1, -+ [56432].file = "drivers/mfd/aat2870-core.c", -+ [56432].name = "aat2870_reg_write_file", -+ [56432].param3 = 1, -+ [56471].file = "include/linux/slab.h", -+ [56471].name = "kcalloc", -+ [56471].param1 = 1, -+ [56471].param2 = 1, -+ [56513].file = "fs/cifs/connect.c", -+ [56513].name = "cifs_readv_from_socket", -+ [56513].param3 = 1, -+ [56544].file = "drivers/block/drbd/drbd_receiver.c", -+ [56544].name = "receive_DataRequest", -+ [56544].param3 = 1, -+ [5661].file = "lib/dma-debug.c", -+ [5661].name = "filter_write", -+ [5661].param3 = 1, -+ [56672].file = "drivers/char/agp/generic.c", -+ [56672].name = "agp_alloc_page_array", -+ [56672].param1 = 1, -+ [56843].file = "drivers/scsi/scsi_transport_iscsi.c", -+ [56843].name = "iscsi_recv_pdu", -+ [56843].param4 = 1, -+ [57120].file = "lib/kstrtox.c", -+ [57120].name = "kstrtouint_from_user", -+ [57120].param2 = 1, -+ [57128].file = "drivers/pnp/pnpbios/proc.c", -+ [57128].name = "pnpbios_proc_write", -+ [57128].param3 = 1, -+ [57190].file = "drivers/char/agp/generic.c", -+ [57190].name = "agp_generic_alloc_user", -+ [57190].param1 = 1, -+ [57471].file = "drivers/media/video/sn9c102/sn9c102_core.c", -+ [57471].name = "sn9c102_read", -+ [57471].param3 = 1, -+ [57605].file = "net/netlink/af_netlink.c", -+ [57605].name = "netlink_kernel_create", -+ [57605].param3 = 1, -+ [57670].file = "drivers/bluetooth/btmrvl_debugfs.c", -+ [57670].name = "btmrvl_pscmd_write", -+ [57670].param3 = 1, -+ [57675].file = "drivers/net/wireless/ath/ath9k/debug.c", -+ [57675].name = "write_file_regidx", -+ [57675].param3 = 1, -+ [57724].file = "net/bluetooth/hci_sock.c", -+ [57724].name = "hci_sock_setsockopt", -+ [57724].param5 = 1, -+ [57748].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [57748].name = "iwl_dbgfs_missed_beacon_write", -+ [57748].param3 = 1, -+ [57786].file = "net/ipv6/netfilter/ip6_tables.c", -+ [57786].name = "compat_do_ip6t_set_ctl", -+ [57786].param4 = 1, -+ [57872].file = "fs/ceph/xattr.c", -+ [57872].name = "ceph_setxattr", -+ [57872].param4 = 1, -+ [57927].file = "fs/read_write.c", -+ [57927].name = "sys_preadv", -+ [57927].param3 = 1, -+ [58020].file = "drivers/firewire/core-cdev.c", -+ [58020].name = "fw_device_op_ioctl", -+ [58020].param2 = 1, -+ [58043].file = "kernel/auditfilter.c", -+ [58043].name = "audit_unpack_string", -+ [58043].param3 = 1, -+ [5805].file = "drivers/xen/grant-table.c", -+ [5805].name = "gnttab_alloc_grant_references", -+ [5805].param1 = 1, -+ [58087].file = "kernel/module.c", -+ [58087].name = "module_alloc_update_bounds_rw", -+ [58087].param1 = 1, -+ [58107].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [58107].name = "iwl_dbgfs_sleep_level_override_write", -+ [58107].param3 = 1, -+ [58124].file = "drivers/usb/misc/usbtest.c", -+ [58124].name = "ctrl_out", -+ [58124].param3 = 1, -+ [58124].param5 = 1, -+ [58263].file = "security/keys/keyring.c", -+ [58263].name = "keyring_read", -+ [58263].param3 = 1, -+ [58278].file = "drivers/net/wireless/iwlwifi/iwl-trans-pcie.c", -+ [58278].name = "iwl_dbgfs_log_event_write", -+ [58278].param3 = 1, -+ [5830].file = "drivers/gpu/vga/vga_switcheroo.c", -+ [5830].name = "vga_switcheroo_debugfs_write", -+ [5830].param3 = 1, -+ [58320].file = "drivers/scsi/scsi_proc.c", -+ [58320].name = "proc_scsi_write", -+ [58320].param3 = 1, -+ [58344].file = "net/sunrpc/cache.c", -+ [58344].name = "read_flush", -+ [58344].param3 = 1, -+ [58392].file = "fs/namei.c", -+ [58392].name = "getname_flags", -+ [58392].param1 = 1, -+ [58418].file = "kernel/module.c", -+ [58418].name = "sys_init_module", -+ [58418].param2 = 1, -+ [58502].file = "sound/core/sgbuf.c", -+ [58502].name = "snd_malloc_sgbuf_pages", -+ [58502].param2 = 1, -+ [58597].file = "kernel/kfifo.c", -+ [58597].name = "__kfifo_to_user", -+ [58597].param3 = 1, -+ [58641].file = "drivers/usb/misc/adutux.c", -+ [58641].name = "adu_write", -+ [58641].param3 = 1, -+ [58709].file = "fs/compat.c", -+ [58709].name = "compat_sys_pwritev", -+ [58709].param3 = 1, -+ [58769].file = "drivers/net/wireless/zd1211rw/zd_usb.c", -+ [58769].name = "zd_usb_read_fw", -+ [58769].param4 = 1, -+ [5876].file = "drivers/net/ppp/ppp_generic.c", -+ [5876].name = "ppp_write", -+ [5876].param3 = 1, -+ [58826].file = "net/sunrpc/xprt.c", -+ [58826].name = "xprt_alloc", -+ [58826].param2 = 1, -+ [58867].file = "drivers/platform/x86/asus_acpi.c", -+ [58867].name = "wled_proc_write", -+ [58867].param3 = 1, -+ [58878].file = "drivers/net/wireless/libertas/debugfs.c", -+ [58878].name = "lbs_wrbbp_write", -+ [58878].param3 = 1, -+ [58888].file = "fs/xattr.c", -+ [58888].name = "listxattr", -+ [58888].param3 = 1, -+ [58912].file = "drivers/lguest/core.c", -+ [58912].name = "__lgwrite", -+ [58912].param4 = 1, -+ [58918].file = "sound/core/pcm_native.c", -+ [58918].name = "snd_pcm_aio_write", -+ [58918].param3 = 1, -+ [58919].file = "net/netlabel/netlabel_unlabeled.c", -+ [58919].name = "netlbl_unlabel_init", -+ [58919].param1 = 1, -+ [58942].file = "drivers/block/aoe/aoedev.c", -+ [58942].name = "aoedev_flush", -+ [58942].param2 = 1, -+ [58958].file = "fs/fuse/control.c", -+ [58958].name = "fuse_conn_limit_write", -+ [58958].param3 = 1, -+ [58].file = "lib/kstrtox.c", -+ [58].name = "kstrtoull_from_user", -+ [58].param2 = 1, -+ [59034].file = "drivers/acpi/acpica/dsobject.c", -+ [59034].name = "acpi_ds_build_internal_package_obj", -+ [59034].param3 = 1, -+ [59073].file = "drivers/staging/speakup/i18n.c", -+ [59073].name = "msg_set", -+ [59073].param3 = 1, -+ [59108].file = "drivers/net/wireless/ath/ath5k/debug.c", -+ [59108].name = "write_file_queue", -+ [59108].param3 = 1, -+ [59297].file = "drivers/media/dvb/ttpci/av7110_av.c", -+ [59297].name = "dvb_play", -+ [59297].param3 = 1, -+ [59472].file = "drivers/misc/ibmasm/ibmasmfs.c", -+ [59472].name = "command_file_write", -+ [59472].param3 = 1, -+ [59505].file = "drivers/media/video/pvrusb2/pvrusb2-ioread.c", -+ [59505].name = "pvr2_ioread_read", -+ [59505].param3 = 1, -+ [59681].file = "fs/xfs/kmem.c", -+ [59681].name = "kmem_alloc", -+ [59681].param1 = 1, -+ [5968].file = "net/sunrpc/sched.c", -+ [5968].name = "rpc_malloc", -+ [5968].param2 = 1, -+ [59794].file = "mm/mincore.c", -+ [59794].name = "sys_mincore", -+ [59794].param1 = 1, -+ [59794].param2 = 1, -+ [59838].file = "net/netlink/af_netlink.c", -+ [59838].name = "nl_pid_hash_zalloc", -+ [59838].param1 = 1, -+ [59856].file = "drivers/base/devres.c", -+ [59856].name = "devm_kzalloc", -+ [59856].param2 = 1, -+ [59991].file = "drivers/media/video/uvc/uvc_queue.c", -+ [59991].name = "uvc_alloc_buffers", -+ [59991].param2 = 1, -+ [59991].param3 = 1, -+ [60005].file = "fs/namei.c", -+ [60005].name = "getname", -+ [60005].param1 = 1, -+ [60066].file = "mm/filemap.c", -+ [60066].name = "iov_iter_copy_from_user", -+ [60066].param4 = 1, -+ [60198].file = "fs/nfs/nfs4proc.c", -+ [60198].name = "nfs4_write_cached_acl", -+ [60198].param3 = 1, -+ [60330].file = "drivers/media/video/w9966.c", -+ [60330].name = "w9966_v4l_read", -+ [60330].param3 = 1, -+ [6041].file = "drivers/mtd/mtdchar.c", -+ [6041].name = "mtd_write", -+ [6041].param3 = 1, -+ [60436].file = "drivers/net/macvtap.c", -+ [60436].name = "macvtap_sendmsg", -+ [60436].param4 = 1, -+ [60483].file = "drivers/char/virtio_console.c", -+ [60483].name = "fill_readbuf", -+ [60483].param3 = 1, -+ [604].file = "drivers/staging/rtl8712/usb_ops_linux.c", -+ [604].name = "r8712_usbctrl_vendorreq", -+ [604].param6 = 1, -+ [60543].file = "drivers/usb/class/usbtmc.c", -+ [60543].name = "usbtmc_read", -+ [60543].param3 = 1, -+ [60683].file = "sound/drivers/opl4/opl4_proc.c", -+ [60683].name = "snd_opl4_mem_proc_write", -+ [60683].param5 = 1, -+ [60693].file = "drivers/misc/hpilo.c", -+ [60693].name = "ilo_read", -+ [60693].param3 = 1, -+ [60744].file = "sound/pci/emu10k1/emuproc.c", -+ [60744].name = "snd_emu10k1_fx8010_read", -+ [60744].param5 = 1, -+ [60833].file = "drivers/block/aoe/aoenet.c", -+ [60833].name = "set_aoe_iflist", -+ [60833].param2 = 1, -+ [60878].file = "drivers/net/wireless/rt2x00/rt2x00debug.c", -+ [60878].name = "rt2x00debug_read_queue_dump", -+ [60878].param3 = 1, -+ [60882].file = "drivers/input/joydev.c", -+ [60882].name = "joydev_compat_ioctl", -+ [60882].param2 = 1, -+ [60891].file = "kernel/sched.c", -+ [60891].name = "sys_sched_setaffinity", -+ [60891].param2 = 1, -+ [60927].file = "drivers/net/wireless/ath/ath9k/debug.c", -+ [60927].name = "write_file_disable_ani", -+ [60927].param3 = 1, -+ [60928].file = "drivers/staging/bcm/Bcmchar.c", -+ [60928].name = "bcm_char_read", -+ [60928].param3 = 1, -+ [61058].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [61058].name = "iwl_dbgfs_disable_ht40_write", -+ [61058].param3 = 1, -+ [61120].file = "drivers/char/mem.c", -+ [61120].name = "read_mem", -+ [61120].param3 = 1, -+ [61222].file = "net/sunrpc/rpc_pipe.c", -+ [61222].name = "rpc_pipe_generic_upcall", -+ [61222].param4 = 1, -+ [61254].file = "drivers/scsi/scsi_devinfo.c", -+ [61254].name = "proc_scsi_devinfo_write", -+ [61254].param3 = 1, -+ [61283].file = "drivers/net/wireless/ath/ath6kl/debug.c", -+ [61283].name = "ath6kl_fwlog_read", -+ [61283].param3 = 1, -+ [61289].file = "security/apparmor/apparmorfs.c", -+ [61289].name = "aa_simple_write_to_buffer", -+ [61289].param4 = 1, -+ [61389].file = "include/linux/slab.h", -+ [61389].name = "kzalloc_node", -+ [61389].param1 = 1, -+ [61546].file = "mm/filemap.c", -+ [61546].name = "__iovec_copy_from_user_inatomic", -+ [61546].param3 = 1, -+ [61546].param4 = 1, -+ [61552].file = "drivers/input/evdev.c", -+ [61552].name = "str_to_user", -+ [61552].param2 = 1, -+ [61673].file = "security/keys/trusted.c", -+ [61673].name = "trusted_update", -+ [61673].param3 = 1, -+ [61676].file = "kernel/module.c", -+ [61676].name = "module_alloc_update_bounds_rx", -+ [61676].param1 = 1, -+ [61770].file = "drivers/media/video/et61x251/et61x251_core.c", -+ [61770].name = "et61x251_read", -+ [61770].param3 = 1, -+ [6186].file = "drivers/char/mem.c", -+ [6186].name = "read_kmem", -+ [6186].param3 = 1, -+ [61932].file = "drivers/message/fusion/mptctl.c", -+ [61932].name = "__mptctl_ioctl", -+ [61932].param2 = 1, -+ [62081].file = "drivers/net/irda/vlsi_ir.c", -+ [62081].name = "vlsi_alloc_ring", -+ [62081].param3 = 1, -+ [62116].file = "fs/libfs.c", -+ [62116].name = "simple_attr_read", -+ [62116].param3 = 1, -+ [6225].file = "drivers/block/floppy.c", -+ [6225].name = "fd_ioctl", -+ [6225].param3 = 1, -+ [62294].file = "sound/core/info.c", -+ [62294].name = "resize_info_buffer", -+ [62294].param2 = 1, -+ [62378].file = "net/ipv4/tcp.c", -+ [62378].name = "do_tcp_setsockopt", -+ [62378].param5 = 1, -+ [62387].file = "fs/nfs/idmap.c", -+ [62387].name = "nfs_idmap_lookup_id", -+ [62387].param2 = 1, -+ [62453].file = "fs/namei.c", -+ [62453].name = "user_path_create", -+ [62453].param2 = 1, -+ [62495].file = "drivers/block/floppy.c", -+ [62495].name = "fallback_on_nodma_alloc", -+ [62495].param2 = 1, -+ [62498].file = "fs/xattr.c", -+ [62498].name = "sys_listxattr", -+ [62498].param3 = 1, -+ [62583].file = "drivers/net/wireless/mwifiex/debugfs.c", -+ [62583].name = "mwifiex_regrdwr_write", -+ [62583].param3 = 1, -+ [625].file = "fs/read_write.c", -+ [625].name = "sys_pwritev", -+ [625].param3 = 1, -+ [62669].file = "drivers/platform/x86/asus_acpi.c", -+ [62669].name = "tled_proc_write", -+ [62669].param3 = 1, -+ [62714].file = "security/keys/keyctl.c", -+ [62714].name = "keyctl_update_key", -+ [62714].param3 = 1, -+ [62799].file = "fs/proc/task_mmu.c", -+ [62799].name = "pagemap_read", -+ [62799].param3 = 1, -+ [62811].file = "drivers/usb/misc/legousbtower.c", -+ [62811].name = "tower_read", -+ [62811].param3 = 1, -+ [62851].file = "fs/proc/vmcore.c", -+ [62851].name = "read_vmcore", -+ [62851].param3 = 1, -+ [62925].file = "include/rdma/ib_verbs.h", -+ [62925].name = "ib_copy_from_udata", -+ [62925].param3 = 1, -+ [62967].file = "security/keys/encrypted-keys/encrypted.c", -+ [62967].name = "encrypted_update", -+ [62967].param3 = 1, -+ [62970].file = "net/sched/sch_api.c", -+ [62970].name = "qdisc_class_hash_alloc", -+ [62970].param1 = 1, -+ [62999].file = "net/core/neighbour.c", -+ [62999].name = "neigh_hash_alloc", -+ [62999].param1 = 1, -+ [63004].file = "drivers/usb/storage/datafab.c", -+ [63004].name = "datafab_write_data", -+ [63004].param4 = 1, -+ [63007].file = "fs/proc/base.c", -+ [63007].name = "proc_coredump_filter_write", -+ [63007].param3 = 1, -+ [63010].file = "drivers/gpu/drm/ttm/ttm_page_alloc.c", -+ [63010].name = "ttm_page_pool_free", -+ [63010].param2 = 1, -+ [63076].file = "fs/cifs/xattr.c", -+ [63076].name = "cifs_setxattr", -+ [63076].param4 = 1, -+ [63091].file = "drivers/net/usb/pegasus.c", -+ [63091].name = "get_registers", -+ [63091].param3 = 1, -+ [63169].file = "drivers/scsi/sg.c", -+ [63169].name = "sg_read", -+ [63169].param3 = 1, -+ [6331].file = "drivers/atm/solos-pci.c", -+ [6331].name = "solos_param_store", -+ [6331].param4 = 1, -+ [63367].file = "net/netfilter/ipset/ip_set_core.c", -+ [63367].name = "ip_set_alloc", -+ [63367].param1 = 1, -+ [63473].file = "drivers/staging/pohmelfs/trans.c", -+ [63473].name = "netfs_trans_alloc", -+ [63473].param2 = 1, -+ [63473].param4 = 1, -+ [63489].file = "drivers/bluetooth/btmrvl_debugfs.c", -+ [63489].name = "btmrvl_hscfgcmd_write", -+ [63489].param3 = 1, -+ [63490].file = "crypto/shash.c", -+ [63490].name = "shash_compat_setkey", -+ [63490].param3 = 1, -+ [63583].file = "drivers/char/mem.c", -+ [63583].name = "write_kmem", -+ [63583].param3 = 1, -+ [63605].file = "mm/mempool.c", -+ [63605].name = "mempool_kmalloc", -+ [63605].param2 = 1, -+ [63717].file = "drivers/net/wireless/iwlwifi/iwl-trans-pcie.c", -+ [63717].name = "iwl_dbgfs_csr_write", -+ [63717].param3 = 1, -+ [63748].file = "drivers/staging/crystalhd/crystalhd_misc.c", -+ [63748].name = "crystalhd_map_dio", -+ [63748].param3 = 1, -+ [63765].file = "fs/seq_file.c", -+ [63765].name = "seq_read", -+ [63765].param3 = 1, -+ [63777].file = "drivers/virtio/virtio_ring.c", -+ [63777].name = "virtqueue_add_buf_gfp", -+ [63777].param3 = 1, -+ [63777].param4 = 1, -+ [63961].file = "fs/xattr.c", -+ [63961].name = "sys_flistxattr", -+ [63961].param3 = 1, -+ [63988].file = "drivers/input/evdev.c", -+ [63988].name = "evdev_ioctl_compat", -+ [63988].param2 = 1, -+ [64118].file = "fs/namei.c", -+ [64118].name = "sys_symlinkat", -+ [64118].param1 = 1, -+ [64156].file = "drivers/net/wireless/ath/ath6kl/cfg80211.c", -+ [64156].name = "ath6kl_mgmt_tx", -+ [64156].param9 = 1, -+ [64227].file = "mm/nobootmem.c", -+ [64227].name = "__alloc_bootmem_node_nopanic", -+ [64227].param2 = 1, -+ [64312].file = "drivers/video/hecubafb.c", -+ [64312].name = "hecubafb_write", -+ [64312].param3 = 1, -+ [64351].file = "kernel/kfifo.c", -+ [64351].name = "kfifo_copy_from_user", -+ [64351].param3 = 1, -+ [64392].file = "drivers/mmc/core/mmc_ops.c", -+ [64392].name = "mmc_send_cxd_data", -+ [64392].param5 = 1, -+ [64471].file = "drivers/bluetooth/btmrvl_debugfs.c", -+ [64471].name = "btmrvl_hscmd_write", -+ [64471].param3 = 1, -+ [64667].file = "sound/core/oss/pcm_oss.c", -+ [64667].name = "snd_pcm_oss_read", -+ [64667].param3 = 1, -+ [64689].file = "sound/isa/gus/gus_dram.c", -+ [64689].name = "snd_gus_dram_read", -+ [64689].param4 = 1, -+ [64692].file = "fs/binfmt_misc.c", -+ [64692].name = "bm_entry_write", -+ [64692].param3 = 1, -+ [64705].file = "drivers/staging/iio/accel/sca3000_ring.c", -+ [64705].name = "sca3000_read_first_n_hw_rb", -+ [64705].param2 = 1, -+ [64743].file = "fs/ocfs2/dlmfs/dlmfs.c", -+ [64743].name = "dlmfs_file_read", -+ [64743].param3 = 1, -+ [6477].file = "net/bluetooth/mgmt.c", -+ [6477].name = "mgmt_pending_add", -+ [6477].param5 = 1, -+ [64898].file = "drivers/media/video/videobuf-dma-sg.c", -+ [64898].name = "videobuf_dma_init_user", -+ [64898].param3 = 1, -+ [64898].param4 = 1, -+ [64906].file = "drivers/net/wireless/b43legacy/debugfs.c", -+ [64906].name = "b43legacy_debugfs_write", -+ [64906].param3 = 1, -+ [64961].file = "drivers/spi/spidev.c", -+ [64961].name = "spidev_ioctl", -+ [64961].param2 = 1, -+ [65033].file = "crypto/shash.c", -+ [65033].name = "shash_async_setkey", -+ [65033].param3 = 1, -+ [65093].file = "security/integrity/evm/evm_secfs.c", -+ [65093].name = "evm_write_key", -+ [65093].param3 = 1, -+ [65098].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [65098].name = "iwl_dbgfs_traffic_log_write", -+ [65098].param3 = 1, -+ [6514].file = "mm/nobootmem.c", -+ [6514].name = "__alloc_bootmem_low", -+ [6514].param1 = 1, -+ [65169].file = "net/core/skbuff.c", -+ [65169].name = "dev_alloc_skb", -+ [65169].param1 = 1, -+ [6517].file = "drivers/md/dm-table.c", -+ [6517].name = "alloc_targets", -+ [6517].param2 = 1, -+ [65195].file = "fs/jffs2/xattr.c", -+ [65195].name = "do_jffs2_setxattr", -+ [65195].param5 = 1, -+ [65237].file = "kernel/profile.c", -+ [65237].name = "read_profile", -+ [65237].param3 = 1, -+ [65345].file = "lib/xz/xz_dec_lzma2.c", -+ [65345].name = "xz_dec_lzma2_create", -+ [65345].param2 = 1, -+ [65364].file = "sound/core/pcm_lib.c", -+ [65364].name = "snd_pcm_lib_read_transfer", -+ [65364].param5 = 1, -+ [65409].file = "net/802/garp.c", -+ [65409].name = "garp_request_join", -+ [65409].param4 = 1, -+ [65432].file = "drivers/hid/hid-roccat-kone.c", -+ [65432].name = "kone_receive", -+ [65432].param4 = 1, -+ [65452].file = "drivers/message/fusion/mptctl.c", -+ [65452].name = "mptctl_ioctl", -+ [65452].param2 = 1, -+ [65514].file = "drivers/media/video/gspca/t613.c", -+ [65514].name = "reg_w_ixbuf", -+ [65514].param4 = 1, -+ [6551].file = "drivers/usb/host/xhci-mem.c", -+ [6551].name = "xhci_alloc_stream_info", -+ [6551].param3 = 1, -+ [65535].file = "drivers/media/dvb/dvb-usb/opera1.c", -+ [65535].name = "opera1_xilinx_rw", -+ [65535].param5 = 1, -+ [6657].file = "drivers/hid/hid-roccat-kone.c", -+ [6657].name = "kone_send", -+ [6657].param4 = 1, -+ [6672].file = "drivers/net/wireless/b43/debugfs.c", -+ [6672].name = "b43_debugfs_write", -+ [6672].param3 = 1, -+ [6691].file = "drivers/acpi/proc.c", -+ [6691].name = "acpi_system_write_wakeup_device", -+ [6691].param3 = 1, -+ [6772].file = "drivers/net/wireless/iwlwifi/iwl-debugfs.c", -+ [6772].name = "iwl_dbgfs_force_reset_write", -+ [6772].param3 = 1, -+ [6780].file = "sound/core/info.c", -+ [6780].name = "snd_info_entry_read", -+ [6780].param3 = 1, -+ [6800].file = "drivers/net/wireless/iwlegacy/iwl-debugfs.c", -+ [6800].name = "iwl_legacy_dbgfs_missed_beacon_write", -+ [6800].param3 = 1, -+ [680].file = "drivers/misc/ibmasm/ibmasmfs.c", -+ [680].name = "command_file_read", -+ [680].param3 = 1, -+ [6865].file = "drivers/staging/iio/ring_sw.c", -+ [6865].name = "iio_read_first_n_sw_rb", -+ [6865].param2 = 1, -+ [6867].file = "fs/coda/psdev.c", -+ [6867].name = "coda_psdev_read", -+ [6867].param3 = 1, -+ [6891].file = "drivers/bluetooth/btmrvl_debugfs.c", -+ [6891].name = "btmrvl_gpiogap_write", -+ [6891].param3 = 1, -+ [6944].file = "drivers/ide/ide-proc.c", -+ [6944].name = "ide_settings_proc_write", -+ [6944].param3 = 1, -+ [6950].file = "drivers/isdn/capi/capi.c", -+ [6950].name = "capi_write", -+ [6950].param3 = 1, -+ [697].file = "sound/isa/gus/gus_dram.c", -+ [697].name = "snd_gus_dram_peek", -+ [697].param4 = 1, -+ [7066].file = "security/keys/keyctl.c", -+ [7066].name = "keyctl_instantiate_key_common", -+ [7066].param4 = 1, -+ [7129].file = "mm/maccess.c", -+ [7129].name = "__probe_kernel_read", -+ [7129].param3 = 1, -+ [720].file = "sound/pci/rme9652/hdsp.c", -+ [720].name = "snd_hdsp_playback_copy", -+ [720].param5 = 1, -+ [7411].file = "drivers/vhost/vhost.c", -+ [7411].name = "__vhost_add_used_n", -+ [7411].param3 = 1, -+ [7488].file = "security/keys/user_defined.c", -+ [7488].name = "user_read", -+ [7488].param3 = 1, -+ [7551].file = "drivers/input/touchscreen/ad7879-spi.c", -+ [7551].name = "ad7879_spi_xfer", -+ [7551].param3 = 1, -+ [7676].file = "drivers/acpi/custom_method.c", -+ [7676].name = "cm_write", -+ [7676].param3 = 1, -+ [7832].file = "drivers/net/wireless/ath/ath5k/debug.c", -+ [7832].name = "write_file_antenna", -+ [7832].param3 = 1, -+ [7843].file = "fs/compat.c", -+ [7843].name = "compat_sys_readv", -+ [7843].param3 = 1, -+ [7958].file = "drivers/gpu/vga/vgaarb.c", -+ [7958].name = "vga_arb_write", -+ [7958].param3 = 1, -+ [7976].file = "drivers/usb/gadget/rndis.c", -+ [7976].name = "rndis_add_response", -+ [7976].param2 = 1, -+ [8014].file = "net/netfilter/ipset/ip_set_list_set.c", -+ [8014].name = "init_list_set", -+ [8014].param2 = 1, -+ [8014].param3 = 1, -+ [8087].file = "drivers/video/via/viafbdev.c", -+ [8087].name = "viafb_iga1_odev_proc_write", -+ [8087].param3 = 1, -+ [8126].file = "sound/soc/soc-core.c", -+ [8126].name = "codec_reg_read_file", -+ [8126].param3 = 1, -+ [8185].file = "drivers/net/wireless/ath/ath6kl/debug.c", -+ [8185].name = "ath6kl_regwrite_write", -+ [8185].param3 = 1, -+ [8317].file = "security/smack/smackfs.c", -+ [8317].name = "smk_write_ambient", -+ [8317].param3 = 1, -+ [8334].file = "drivers/scsi/sg.c", -+ [8334].name = "sg_proc_write_adio", -+ [8334].param3 = 1, -+ [8481].file = "drivers/isdn/i4l/isdn_common.c", -+ [8481].name = "isdn_write", -+ [8481].param3 = 1, -+ [8536].file = "fs/cifs/dns_resolve.c", -+ [8536].name = "dns_resolve_server_name_to_ip", -+ [8536].param1 = 1, -+ [8650].file = "drivers/gpu/drm/vmwgfx/vmwgfx_kms.c", -+ [8650].name = "vmw_kms_present", -+ [8650].param9 = 1, -+ [865].file = "drivers/base/regmap/regmap-debugfs.c", -+ [865].name = "regmap_access_read_file", -+ [865].param3 = 1, -+ [8663].file = "net/bridge/netfilter/ebtables.c", -+ [8663].name = "do_update_counters", -+ [8663].param4 = 1, -+ [8684].file = "fs/read_write.c", -+ [8684].name = "sys_writev", -+ [8684].param3 = 1, -+ [8699].file = "security/selinux/selinuxfs.c", -+ [8699].name = "sel_commit_bools_write", -+ [8699].param3 = 1, -+ [8714].file = "lib/kstrtox.c", -+ [8714].name = "kstrtou16_from_user", -+ [8714].param2 = 1, -+ [8764].file = "drivers/usb/core/devio.c", -+ [8764].name = "usbdev_read", -+ [8764].param3 = 1, -+ [8802].file = "fs/dlm/user.c", -+ [8802].name = "device_write", -+ [8802].param3 = 1, -+ [8810].file = "net/mac80211/debugfs_sta.c", -+ [8810].name = "sta_agg_status_write", -+ [8810].param3 = 1, -+ [8815].file = "security/tomoyo/securityfs_if.c", -+ [8815].name = "tomoyo_write_self", -+ [8815].param3 = 1, -+ [8821].file = "net/wireless/sme.c", -+ [8821].name = "cfg80211_roamed", -+ [8821].param5 = 1, -+ [8821].param7 = 1, -+ [8833].file = "security/selinux/ss/services.c", -+ [8833].name = "security_context_to_sid", -+ [8833].param2 = 1, -+ [8851].file = "net/key/af_key.c", -+ [8851].name = "pfkey_sendmsg", -+ [8851].param4 = 1, -+ [8917].file = "net/ipv4/raw.c", -+ [8917].name = "raw_setsockopt", -+ [8917].param5 = 1, -+ [8983].file = "include/linux/skbuff.h", -+ [8983].name = "alloc_skb", -+ [8983].param1 = 1, -+ [9226].file = "mm/migrate.c", -+ [9226].name = "sys_move_pages", -+ [9226].param2 = 1, -+ [9341].file = "drivers/acpi/apei/erst-dbg.c", -+ [9341].name = "erst_dbg_write", -+ [9341].param3 = 1, -+ [9463].file = "drivers/infiniband/hw/ipath/ipath_verbs.c", -+ [9463].name = "ipath_verbs_send", -+ [9463].param3 = 1, -+ [9463].param5 = 1, -+ [9546].file = "drivers/video/fbmem.c", -+ [9546].name = "fb_write", -+ [9546].param3 = 1, -+ [9601].file = "kernel/kfifo.c", -+ [9601].name = "__kfifo_from_user", -+ [9601].param3 = 1, -+ [9618].file = "security/selinux/selinuxfs.c", -+ [9618].name = "sel_write_bool", -+ [9618].param3 = 1, -+ [9768].file = "drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c", -+ [9768].name = "vmw_execbuf_process", -+ [9768].param5 = 1, -+ [9828].file = "drivers/media/dvb/dvb-core/dmxdev.c", -+ [9828].name = "dvb_demux_do_ioctl", -+ [9828].param3 = 1, -+ [9870].file = "net/atm/addr.c", -+ [9870].name = "atm_get_addr", -+ [9870].param3 = 1, -+ [9962].file = "drivers/scsi/sg.c", -+ [9962].name = "sg_proc_write_dressz", -+ [9962].param3 = 1, -+ [9977].file = "drivers/net/wireless/zd1211rw/zd_usb.c", -+ [9977].name = "zd_usb_iowrite16v_async", -+ [9977].param3 = 1, -+ [16344].collision = 1, -+ [30494].collision = 1, -+ [31291].collision = 1, -+ [33040].collision = 1, -+ [38314].collision = 1, -+ [54338].collision = 1, -+ [60651].collision = 1, -+}; -diff --git a/tools/gcc/size_overflow_hash2.h b/tools/gcc/size_overflow_hash2.h -new file mode 100644 -index 0000000..8ed7d96 ---- /dev/null -+++ b/tools/gcc/size_overflow_hash2.h -@@ -0,0 +1,44 @@ -+struct size_overflow_hash size_overflow_hash2[65536] = { -+ [2118].file = "fs/ntfs/malloc.h", -+ [2118].name = "ntfs_malloc_nofs", -+ [2118].param1 = 1, -+ [22224].file = "fs/proc/vmcore.c", -+ [22224].name = "read_from_oldmem", -+ [22224].param2 = 1, -+ [26518].file = "drivers/gpu/vga/vgaarb.c", -+ [26518].name = "vga_arb_read", -+ [26518].param3 = 1, -+ [26569].file = "lib/kstrtox.c", -+ [26569].name = "kstrtoint_from_user", -+ [26569].param2 = 1, -+ [30632].file = "drivers/ide/ide-proc.c", -+ [30632].name = "ide_driver_proc_write", -+ [30632].param3 = 1, -+ [36150].file = "net/ceph/buffer.c", -+ [36150].name = "ceph_buffer_new", -+ [36150].param1 = 1, -+ [39024].file = "lib/scatterlist.c", -+ [39024].name = "sg_kmalloc", -+ [39024].param1 = 1, -+ [39105].file = "drivers/gpu/drm/ttm/ttm_tt.c", -+ [39105].name = "ttm_tt_create", -+ [39105].param2 = 1, -+ [43208].file = "fs/nfs/read.c", -+ [43208].name = "nfs_readdata_alloc", -+ [43208].param1 = 1, -+ [46911].file = "drivers/media/video/ivtv/ivtv-fileops.c", -+ [46911].name = "ivtv_v4l2_read", -+ [46911].param3 = 1, -+ [50359].file = "kernel/sched.c", -+ [50359].name = "alloc_sched_domains", -+ [50359].param1 = 1, -+ [52857].file = "sound/pci/rme9652/rme9652.c", -+ [52857].name = "snd_rme9652_capture_copy", -+ [52857].param5 = 1, -+ [57500].file = "drivers/spi/spidev.c", -+ [57500].name = "spidev_write", -+ [57500].param3 = 1, -+ [65149].file = "fs/nilfs2/ioctl.c", -+ [65149].name = "nilfs_ioctl_wrap_copy", -+ [65149].param4 = 1, -+}; -diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c -new file mode 100644 -index 0000000..a9ae886 ---- /dev/null -+++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,1042 @@ -+/* -+ * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com> -+ * Licensed under the GPL v2, or (at your option) v3 -+ * -+ * Homepage: -+ * http://www.grsecurity.net/~ephox/overflow_plugin/ -+ * -+ * This plugin recomputes expressions of function arguments marked by a size_overflow attribute -+ * with double integer precision (DImode/TImode for 32/64 bit integer types). -+ * The recomputed argument is checked against INT_MAX and an event is logged on overflow and the triggering process is killed. -+ * -+ * Usage: -+ * $ gcc -I`gcc -print-file-name=plugin`/include -fPIC -shared -O2 -o size_overflow_plugin.so size_overflow_plugin.c -+ * $ gcc -fplugin=size_overflow_plugin.so test.c -O2 -+ */ -+ -+#include "gcc-plugin.h" -+#include "config.h" -+#include "system.h" -+#include "coretypes.h" -+#include "tree.h" -+#include "tree-pass.h" -+#include "intl.h" -+#include "plugin-version.h" -+#include "tm.h" -+#include "toplev.h" -+#include "function.h" -+#include "tree-flow.h" -+#include "plugin.h" -+#include "gimple.h" -+#include "c-common.h" -+#include "diagnostic.h" -+ -+struct size_overflow_hash { -+ const char *name; -+ const char *file; -+ unsigned short collision:1; -+ unsigned short param1:1; -+ unsigned short param2:1; -+ unsigned short param3:1; -+ unsigned short param4:1; -+ unsigned short param5:1; -+ unsigned short param6:1; -+ unsigned short param7:1; -+ unsigned short param8:1; -+ unsigned short param9:1; -+}; -+ -+#include "size_overflow_hash1.h" -+#include "size_overflow_hash2.h" -+ -+#define __unused __attribute__((__unused__)) -+#define NAME(node) IDENTIFIER_POINTER(DECL_NAME(node)) -+#define BEFORE_STMT true -+#define AFTER_STMT false -+#define CREATE_NEW_VAR NULL_TREE -+ -+int plugin_is_GPL_compatible; -+void debug_gimple_stmt (gimple gs); -+ -+static tree expand(struct pointer_set_t *visited, tree var); -+static tree signed_size_overflow_type; -+static tree unsigned_size_overflow_type; -+static tree report_size_overflow_decl; -+static tree const_char_ptr_type_node; -+static unsigned int handle_function(void); -+ -+static struct plugin_info size_overflow_plugin_info = { -+ .version = "20120311beta", -+ .help = "no-size_overflow\tturn off size overflow checking\n", -+}; -+ -+static tree handle_size_overflow_attribute(tree *node, tree __unused name, tree args, int __unused flags, bool *no_add_attrs) -+{ -+ unsigned int arg_count = type_num_arguments(*node); -+ -+ for (; args; args = TREE_CHAIN(args)) { -+ tree position = TREE_VALUE(args); -+ if (TREE_CODE(position) != INTEGER_CST || TREE_INT_CST_HIGH(position) || TREE_INT_CST_LOW(position) < 1 || TREE_INT_CST_LOW(position) > arg_count ) { -+ error("handle_size_overflow_attribute: overflow parameter outside range."); -+ *no_add_attrs = true; -+ } -+ } -+ return NULL_TREE; -+} -+ -+static struct attribute_spec no_size_overflow_attr = { -+ .name = "size_overflow", -+ .min_length = 1, -+ .max_length = -1, -+ .decl_required = false, -+ .type_required = true, -+ .function_type_required = true, -+ .handler = handle_size_overflow_attribute -+}; -+ -+static void register_attributes(void __unused *event_data, void __unused *data) -+{ -+ register_attribute(&no_size_overflow_attr); -+} -+ -+// http://www.team5150.com/~andrew/noncryptohashzoo2~/CrapWow.html -+static unsigned int CrapWow(const char *key, unsigned int len, unsigned int seed) -+{ -+#define cwfold( a, b, lo, hi ) { p = (unsigned int)(a) * (unsigned long long)(b); lo ^= (unsigned int)p; hi ^= (unsigned int)(p >> 32); } -+#define cwmixa( in ) { cwfold( in, m, k, h ); } -+#define cwmixb( in ) { cwfold( in, n, h, k ); } -+ -+ const unsigned int m = 0x57559429; -+ const unsigned int n = 0x5052acdb; -+ const unsigned int *key4 = (const unsigned int *)key; -+ unsigned int h = len; -+ unsigned int k = len + seed + n; -+ unsigned long long p; -+ -+ while (len >= 8) { -+ cwmixb(key4[0]) cwmixa(key4[1]) key4 += 2; -+ len -= 8; -+ } -+ if (len >= 4) { -+ cwmixb(key4[0]) key4 += 1; -+ len -= 4; -+ } -+ if (len) -+ cwmixa(key4[0] & ((1 << (len * 8)) - 1 )); -+ cwmixb(h ^ (k + n)); -+ return k ^ h; -+ -+#undef cwfold -+#undef cwmixa -+#undef cwmixb -+} -+ -+static inline unsigned int size_overflow_hash(const char *fndecl, unsigned int seed) -+{ -+ return CrapWow(fndecl, strlen(fndecl), seed) & 0xffff; -+} -+ -+static inline tree get_original_function_decl(tree fndecl) -+{ -+ if (DECL_ABSTRACT_ORIGIN(fndecl)) -+ return DECL_ABSTRACT_ORIGIN(fndecl); -+ return fndecl; -+} -+ -+static inline gimple get_def_stmt(tree node) -+{ -+ gcc_assert(TREE_CODE(node) == SSA_NAME); -+ return SSA_NAME_DEF_STMT(node); -+} -+ -+static struct size_overflow_hash *get_function_hash(tree fndecl) -+{ -+ unsigned int hash; -+ const char *func = NAME(fndecl); -+ -+ hash = size_overflow_hash(func, 0); -+ -+ if (size_overflow_hash1[hash].collision) { -+ hash = size_overflow_hash(func, 23432); -+ return &size_overflow_hash2[hash]; -+ } -+ return &size_overflow_hash1[hash]; -+} -+ -+static void check_missing_attribute(tree arg) -+{ -+ tree var, func = get_original_function_decl(current_function_decl); -+ const char *curfunc = NAME(func); -+ unsigned int new_hash, argnum = 1; -+ struct size_overflow_hash *hash; -+ location_t loc; -+ expanded_location xloc; -+ bool match = false; -+ -+ loc = DECL_SOURCE_LOCATION(func); -+ xloc = expand_location(loc); -+ -+ if (lookup_attribute("size_overflow", TYPE_ATTRIBUTES(TREE_TYPE(func)))) -+ return; -+ -+ hash = get_function_hash(func); -+ if (hash->name && !strcmp(hash->name, NAME(func)) && !strcmp(hash->file, xloc.file)) -+ return; -+ -+ gcc_assert(TREE_CODE(arg) != COMPONENT_REF); -+ -+ if (TREE_CODE(arg) == SSA_NAME) -+ arg = SSA_NAME_VAR(arg); -+ -+ for (var = DECL_ARGUMENTS(func); var; var = TREE_CHAIN(var)) { -+ if (strcmp(NAME(arg), NAME(var))) { -+ argnum++; -+ continue; -+ } -+ match = true; -+ if (!TYPE_UNSIGNED(TREE_TYPE(var))) -+ return; -+ break; -+ } -+ if (!match) { -+ warning(0, "check_missing_attribute: cannot find the %s argument in %s", NAME(arg), NAME(func)); -+ return; -+ } -+ -+#define check_param(num) \ -+ if (num == argnum && hash->param##num) \ -+ return; -+ check_param(1); -+ check_param(2); -+ check_param(3); -+ check_param(4); -+ check_param(5); -+ check_param(6); -+ check_param(7); -+ check_param(8); -+ check_param(9); -+#undef check_param -+ -+ new_hash = size_overflow_hash(curfunc, 0); -+ inform(loc, "Function %s is missing from the size_overflow hash table +%s+%d+%u+%s", curfunc, curfunc, argnum, new_hash, xloc.file); -+} -+ -+static tree create_new_var(tree type) -+{ -+ tree new_var = create_tmp_var(type, "cicus"); -+ -+ add_referenced_var(new_var); -+ mark_sym_for_renaming(new_var); -+ return new_var; -+} -+ -+static bool is_bool(tree node) -+{ -+ tree type; -+ -+ if (node == NULL_TREE) -+ return false; -+ -+ type = TREE_TYPE(node); -+ if (!INTEGRAL_TYPE_P(type)) -+ return false; -+ if (TREE_CODE(type) == BOOLEAN_TYPE) -+ return true; -+ if (TYPE_PRECISION(type) == 1) -+ return true; -+ return false; -+} -+ -+static gimple build_cast_stmt(tree type, tree var, tree new_var, location_t loc) -+{ -+ gimple assign; -+ -+ if (new_var == CREATE_NEW_VAR) -+ new_var = create_new_var(type); -+ -+ assign = gimple_build_assign(new_var, fold_convert(type, var)); -+ gimple_set_location(assign, loc); -+ gimple_set_lhs(assign, make_ssa_name(new_var, assign)); -+ -+ return assign; -+} -+ -+static tree create_assign(struct pointer_set_t *visited, gimple oldstmt, tree rhs1, bool before) -+{ -+ tree oldstmt_rhs1; -+ enum tree_code code; -+ gimple stmt; -+ gimple_stmt_iterator gsi; -+ -+ if (is_bool(rhs1)) { -+ pointer_set_insert(visited, oldstmt); -+ return gimple_get_lhs(oldstmt); -+ } -+ -+ if (rhs1 == NULL_TREE) { -+ debug_gimple_stmt(oldstmt); -+ error("create_assign: rhs1 is NULL_TREE"); -+ gcc_unreachable(); -+ } -+ -+ oldstmt_rhs1 = gimple_assign_rhs1(oldstmt); -+ code = TREE_CODE(oldstmt_rhs1); -+ if (code == PARM_DECL || (code == SSA_NAME && gimple_code(get_def_stmt(oldstmt_rhs1)) == GIMPLE_NOP)) -+ check_missing_attribute(oldstmt_rhs1); -+ -+ stmt = build_cast_stmt(signed_size_overflow_type, rhs1, CREATE_NEW_VAR, gimple_location(oldstmt)); -+ gsi = gsi_for_stmt(oldstmt); -+ if (before) -+ gsi_insert_before(&gsi, stmt, GSI_NEW_STMT); -+ else -+ gsi_insert_after(&gsi, stmt, GSI_NEW_STMT); -+ update_stmt(stmt); -+ pointer_set_insert(visited, oldstmt); -+ return gimple_get_lhs(stmt); -+} -+ -+static tree dup_assign(struct pointer_set_t *visited, gimple oldstmt, tree rhs1, tree rhs2, tree __unused rhs3) -+{ -+ tree new_var, lhs = gimple_get_lhs(oldstmt); -+ gimple stmt; -+ gimple_stmt_iterator gsi; -+ -+ if (gimple_num_ops(oldstmt) != 4 && rhs1 == NULL_TREE) { -+ rhs1 = gimple_assign_rhs1(oldstmt); -+ rhs1 = create_assign(visited, oldstmt, rhs1, BEFORE_STMT); -+ } -+ if (gimple_num_ops(oldstmt) == 3 && rhs2 == NULL_TREE) { -+ rhs2 = gimple_assign_rhs2(oldstmt); -+ rhs2 = create_assign(visited, oldstmt, rhs2, BEFORE_STMT); -+ } -+ -+ stmt = gimple_copy(oldstmt); -+ gimple_set_location(stmt, gimple_location(oldstmt)); -+ -+ if (gimple_assign_rhs_code(oldstmt) == WIDEN_MULT_EXPR) -+ gimple_assign_set_rhs_code(stmt, MULT_EXPR); -+ -+ if (is_bool(lhs)) -+ new_var = SSA_NAME_VAR(lhs); -+ else -+ new_var = create_new_var(signed_size_overflow_type); -+ new_var = make_ssa_name(new_var, stmt); -+ gimple_set_lhs(stmt, new_var); -+ -+ if (rhs1 != NULL_TREE) { -+ if (!gimple_assign_cast_p(oldstmt)) -+ rhs1 = fold_convert(signed_size_overflow_type, rhs1); -+ gimple_assign_set_rhs1(stmt, rhs1); -+ } -+ -+ if (rhs2 != NULL_TREE) -+ gimple_assign_set_rhs2(stmt, rhs2); -+#if BUILDING_GCC_VERSION >= 4007 -+ if (rhs3 != NULL_TREE) -+ gimple_assign_set_rhs3(stmt, rhs3); -+#endif -+ gimple_set_vuse(stmt, gimple_vuse(oldstmt)); -+ gimple_set_vdef(stmt, gimple_vdef(oldstmt)); -+ -+ gsi = gsi_for_stmt(oldstmt); -+ gsi_insert_after(&gsi, stmt, GSI_SAME_STMT); -+ update_stmt(stmt); -+ pointer_set_insert(visited, oldstmt); -+ return gimple_get_lhs(stmt); -+} -+ -+static gimple overflow_create_phi_node(gimple oldstmt, tree var) -+{ -+ basic_block bb; -+ gimple phi; -+ gimple_stmt_iterator gsi = gsi_for_stmt(oldstmt); -+ -+ bb = gsi_bb(gsi); -+ phi = make_phi_node(var, EDGE_COUNT(bb->preds)); -+ -+ gsi_insert_after(&gsi, phi, GSI_NEW_STMT); -+ gimple_set_bb(phi, bb); -+ return phi; -+} -+ -+static tree signed_cast_constant(tree node) -+{ -+ gcc_assert(is_gimple_constant(node)); -+ -+ if (TYPE_PRECISION(signed_size_overflow_type) == TYPE_PRECISION(TREE_TYPE(node))) -+ return build_int_cst_wide(signed_size_overflow_type, TREE_INT_CST_LOW(node), TREE_INT_CST_HIGH(node)); -+ else -+ return build_int_cst(signed_size_overflow_type, int_cst_value(node)); -+} -+ -+static gimple cast_old_phi_arg(gimple oldstmt, tree arg, tree new_var) -+{ -+ basic_block first_bb; -+ gimple newstmt; -+ gimple_stmt_iterator gsi; -+ -+ newstmt = build_cast_stmt(signed_size_overflow_type, arg, new_var, gimple_location(oldstmt)); -+ -+ first_bb = split_block_after_labels(ENTRY_BLOCK_PTR)->dest; -+ if (dom_info_available_p(CDI_DOMINATORS)) -+ set_immediate_dominator(CDI_DOMINATORS, first_bb, ENTRY_BLOCK_PTR); -+ gsi = gsi_start_bb(first_bb); -+ -+ gsi_insert_before(&gsi, newstmt, GSI_NEW_STMT); -+ return newstmt; -+} -+ -+static gimple handle_new_phi_arg(tree arg, tree new_var, tree new_rhs) -+{ -+ gimple newstmt; -+ gimple_stmt_iterator gsi; -+ void (*gsi_insert)(gimple_stmt_iterator *, gimple, enum gsi_iterator_update); -+ gimple def_newstmt = get_def_stmt(new_rhs); -+ -+ gsi_insert = gsi_insert_after; -+ gsi = gsi_for_stmt(def_newstmt); -+ -+ switch (gimple_code(get_def_stmt(arg))) { -+ case GIMPLE_PHI: -+ newstmt = gimple_build_assign(new_var, new_rhs); -+ gsi = gsi_after_labels(gimple_bb(def_newstmt)); -+ gsi_insert = gsi_insert_before; -+ break; -+ case GIMPLE_ASM: -+ case GIMPLE_CALL: -+ newstmt = gimple_build_assign(new_var, new_rhs); -+ break; -+ case GIMPLE_ASSIGN: -+ newstmt = gimple_copy(def_newstmt); -+ break; -+ default: -+ /* unknown gimple_code (build_new_phi_arg) */ -+ gcc_unreachable(); -+ } -+ -+ gimple_set_lhs(newstmt, make_ssa_name(new_var, newstmt)); -+ gsi_insert(&gsi, newstmt, GSI_NEW_STMT); -+ return newstmt; -+} -+ -+static tree build_new_phi_arg(struct pointer_set_t *visited, gimple oldstmt, tree arg, tree new_var) -+{ -+ gimple newstmt; -+ tree new_rhs; -+ -+ if (is_gimple_constant(arg)) -+ return signed_cast_constant(arg); -+ -+ pointer_set_insert(visited, oldstmt); -+ new_rhs = expand(visited, arg); -+ if (new_rhs == NULL_TREE) { -+ gcc_assert(TREE_CODE(TREE_TYPE(arg)) != VOID_TYPE); -+ newstmt = cast_old_phi_arg(oldstmt, arg, new_var); -+ } else -+ newstmt = handle_new_phi_arg(arg, new_var, new_rhs); -+ update_stmt(newstmt); -+ return gimple_get_lhs(newstmt); -+} -+ -+static tree build_new_phi(struct pointer_set_t *visited, gimple oldstmt) -+{ -+ gimple phi; -+ tree new_var = create_new_var(signed_size_overflow_type); -+ unsigned int i, n = gimple_phi_num_args(oldstmt); -+ -+ phi = overflow_create_phi_node(oldstmt, new_var); -+ -+ for (i = 0; i < n; i++) { -+ tree arg, lhs; -+ -+ arg = gimple_phi_arg_def(oldstmt, i); -+ lhs = build_new_phi_arg(visited, oldstmt, arg, new_var); -+ add_phi_arg(phi, lhs, gimple_phi_arg_edge(oldstmt, i), gimple_location(oldstmt)); -+ } -+ update_stmt(phi); -+ return gimple_phi_result(phi); -+} -+ -+static tree handle_unary_ops(struct pointer_set_t *visited, tree var) -+{ -+ gimple def_stmt = get_def_stmt(var); -+ tree new_rhs1, rhs1 = gimple_assign_rhs1(def_stmt); -+ -+ if (is_gimple_constant(rhs1)) -+ return dup_assign(visited, def_stmt, signed_cast_constant(rhs1), NULL_TREE, NULL_TREE); -+ -+ switch (TREE_CODE(rhs1)) { -+ case SSA_NAME: -+ new_rhs1 = expand(visited, rhs1); -+ break; -+ case ARRAY_REF: -+ case ADDR_EXPR: -+ case COMPONENT_REF: -+ case COND_EXPR: -+ case INDIRECT_REF: -+#if BUILDING_GCC_VERSION >= 4006 -+ case MEM_REF: -+#endif -+ case PARM_DECL: -+ case TARGET_MEM_REF: -+ case VAR_DECL: -+ return create_assign(visited, def_stmt, var, AFTER_STMT); -+ default: -+ debug_gimple_stmt(def_stmt); -+ debug_tree(rhs1); -+ gcc_unreachable(); -+ } -+ -+ if (new_rhs1 == NULL_TREE) -+ return create_assign(visited, def_stmt, rhs1, AFTER_STMT); -+ return dup_assign(visited, def_stmt, new_rhs1, NULL_TREE, NULL_TREE); -+} -+ -+static tree transform_mult_overflow(tree rhs, tree const_rhs, tree log2const_rhs, location_t loc) -+{ -+ tree new_def_rhs; -+ -+ if (!is_gimple_constant(rhs)) -+ return NULL_TREE; -+ -+ new_def_rhs = fold_build2_loc(loc, MULT_EXPR, TREE_TYPE(const_rhs), rhs, const_rhs); -+ new_def_rhs = signed_cast_constant(new_def_rhs); -+ if (int_cst_value(new_def_rhs) >= 0) -+ return NULL_TREE; -+ return fold_build2_loc(loc, RSHIFT_EXPR, TREE_TYPE(new_def_rhs), new_def_rhs, log2const_rhs); -+} -+ -+static tree handle_intentional_mult_overflow(struct pointer_set_t *visited, tree rhs, tree const_rhs) -+{ -+ gimple new_def_stmt, def_stmt; -+ tree def_rhs1, def_rhs2, new_def_rhs; -+ location_t loc; -+ tree log2const_rhs; -+ int log2 = exact_log2(TREE_INT_CST_LOW(const_rhs)); -+ -+ if (log2 == -1) { -+// warning(0, "Possibly unhandled intentional integer truncation"); -+ return NULL_TREE; -+ } -+ -+ def_stmt = get_def_stmt(rhs); -+ loc = gimple_location(def_stmt); -+ def_rhs1 = gimple_assign_rhs1(def_stmt); -+ def_rhs2 = gimple_assign_rhs2(def_stmt); -+ new_def_stmt = get_def_stmt(expand(visited, rhs)); -+ log2const_rhs = build_int_cstu(TREE_TYPE(const_rhs), log2); -+ -+ new_def_rhs = transform_mult_overflow(def_rhs1, const_rhs, log2const_rhs, loc); -+ if (new_def_rhs != NULL_TREE) { -+ gimple_assign_set_rhs1(new_def_stmt, new_def_rhs); -+ } else { -+ new_def_rhs = transform_mult_overflow(def_rhs2, const_rhs, log2const_rhs, loc); -+ if (new_def_rhs != NULL_TREE) -+ gimple_assign_set_rhs2(new_def_stmt, new_def_rhs); -+ } -+ if (new_def_rhs == NULL_TREE) -+ return NULL_TREE; -+ -+ update_stmt(new_def_stmt); -+// warning(0, "Handle integer truncation (gcc optimization)"); -+ return gimple_get_lhs(new_def_stmt); -+} -+ -+static bool is_mult_overflow(gimple def_stmt, tree rhs1) -+{ -+ gimple rhs1_def_stmt = get_def_stmt(rhs1); -+ -+ if (gimple_assign_rhs_code(def_stmt) != MULT_EXPR) -+ return false; -+ if (gimple_code(rhs1_def_stmt) != GIMPLE_ASSIGN) -+ return false; -+ if (gimple_assign_rhs_code(rhs1_def_stmt) != PLUS_EXPR) -+ return false; -+ return true; -+} -+ -+static tree handle_intentional_overflow(struct pointer_set_t *visited, gimple def_stmt, tree rhs1, tree rhs2) -+{ -+ if (is_mult_overflow(def_stmt, rhs1)) -+ return handle_intentional_mult_overflow(visited, rhs1, rhs2); -+ return NULL_TREE; -+} -+ -+static tree handle_binary_ops(struct pointer_set_t *visited, tree var) -+{ -+ tree rhs1, rhs2; -+ gimple def_stmt = get_def_stmt(var); -+ tree new_rhs1 = NULL_TREE; -+ tree new_rhs2 = NULL_TREE; -+ -+ rhs1 = gimple_assign_rhs1(def_stmt); -+ rhs2 = gimple_assign_rhs2(def_stmt); -+ -+ /* no DImode/TImode division in the 32/64 bit kernel */ -+ switch (gimple_assign_rhs_code(def_stmt)) { -+ case RDIV_EXPR: -+ case TRUNC_DIV_EXPR: -+ case CEIL_DIV_EXPR: -+ case FLOOR_DIV_EXPR: -+ case ROUND_DIV_EXPR: -+ case TRUNC_MOD_EXPR: -+ case CEIL_MOD_EXPR: -+ case FLOOR_MOD_EXPR: -+ case ROUND_MOD_EXPR: -+ case EXACT_DIV_EXPR: -+ case POINTER_PLUS_EXPR: -+ /* logical AND cannot cause an overflow */ -+ case BIT_AND_EXPR: -+ return create_assign(visited, def_stmt, var, AFTER_STMT); -+ default: -+ break; -+ } -+ -+ if (is_gimple_constant(rhs2)) { -+ new_rhs2 = signed_cast_constant(rhs2); -+ new_rhs1 = handle_intentional_overflow(visited, def_stmt, rhs1, rhs2); -+ } -+ -+ if (is_gimple_constant(rhs1)) { -+ new_rhs1 = signed_cast_constant(rhs1); -+ new_rhs2 = handle_intentional_overflow(visited, def_stmt, rhs2, rhs1); -+ } -+ -+ if (new_rhs1 == NULL_TREE && TREE_CODE(rhs1) == SSA_NAME) -+ new_rhs1 = expand(visited, rhs1); -+ if (new_rhs2 == NULL_TREE && TREE_CODE(rhs2) == SSA_NAME) -+ new_rhs2 = expand(visited, rhs2); -+ -+ return dup_assign(visited, def_stmt, new_rhs1, new_rhs2, NULL_TREE); -+} -+ -+#if BUILDING_GCC_VERSION >= 4007 -+static tree get_new_rhs(struct pointer_set_t *visited, tree rhs) -+{ -+ if (is_gimple_constant(rhs)) -+ return signed_cast_constant(rhs); -+ if (TREE_CODE(rhs) != SSA_NAME) -+ return NULL_TREE; -+ return expand(visited, rhs); -+} -+ -+static tree handle_ternary_ops(struct pointer_set_t *visited, tree var) -+{ -+ tree rhs1, rhs2, rhs3, new_rhs1, new_rhs2, new_rhs3; -+ gimple def_stmt = get_def_stmt(var); -+ -+ rhs1 = gimple_assign_rhs1(def_stmt); -+ rhs2 = gimple_assign_rhs2(def_stmt); -+ rhs3 = gimple_assign_rhs3(def_stmt); -+ new_rhs1 = get_new_rhs(visited, rhs1); -+ new_rhs2 = get_new_rhs(visited, rhs2); -+ new_rhs3 = get_new_rhs(visited, rhs3); -+ -+ if (new_rhs1 == NULL_TREE && new_rhs2 != NULL_TREE && new_rhs3 != NULL_TREE) -+ return dup_assign(visited, def_stmt, new_rhs1, new_rhs2, new_rhs3); -+ error("handle_ternary_ops: unknown rhs"); -+ gcc_unreachable(); -+} -+#endif -+ -+static void set_size_overflow_type(tree node) -+{ -+ switch (TYPE_MODE(TREE_TYPE(node))) { -+ case SImode: -+ signed_size_overflow_type = intDI_type_node; -+ unsigned_size_overflow_type = unsigned_intDI_type_node; -+ break; -+ case DImode: -+ if (LONG_TYPE_SIZE == GET_MODE_BITSIZE(SImode)) { -+ signed_size_overflow_type = intDI_type_node; -+ unsigned_size_overflow_type = unsigned_intDI_type_node; -+ } else { -+ signed_size_overflow_type = intTI_type_node; -+ unsigned_size_overflow_type = unsigned_intTI_type_node; -+ } -+ break; -+ default: -+ error("set_size_overflow_type: unsupported gcc configuration."); -+ gcc_unreachable(); -+ } -+} -+ -+static tree expand_visited(gimple def_stmt) -+{ -+ gimple tmp; -+ gimple_stmt_iterator gsi = gsi_for_stmt(def_stmt); -+ -+ gsi_next(&gsi); -+ tmp = gsi_stmt(gsi); -+ switch (gimple_code(tmp)) { -+ case GIMPLE_ASSIGN: -+ return gimple_get_lhs(tmp); -+ case GIMPLE_PHI: -+ return gimple_phi_result(tmp); -+ case GIMPLE_CALL: -+ return gimple_call_lhs(tmp); -+ default: -+ return NULL_TREE; -+ } -+} -+ -+static tree expand(struct pointer_set_t *visited, tree var) -+{ -+ gimple def_stmt; -+ -+ if (is_gimple_constant(var)) -+ return NULL_TREE; -+ -+ if (TREE_CODE(var) == ADDR_EXPR) -+ return NULL_TREE; -+ -+ if (SSA_NAME_IS_DEFAULT_DEF(var)) -+ return NULL_TREE; -+ -+ def_stmt = get_def_stmt(var); -+ -+ if (!def_stmt) -+ return NULL_TREE; -+ -+ if (pointer_set_contains(visited, def_stmt)) -+ return expand_visited(def_stmt); -+ -+ switch (gimple_code(def_stmt)) { -+ case GIMPLE_NOP: -+ check_missing_attribute(var); -+ return NULL_TREE; -+ case GIMPLE_PHI: -+ return build_new_phi(visited, def_stmt); -+ case GIMPLE_CALL: -+ case GIMPLE_ASM: -+ gcc_assert(TREE_CODE(TREE_TYPE(var)) != VOID_TYPE); -+ return create_assign(visited, def_stmt, var, AFTER_STMT); -+ case GIMPLE_ASSIGN: -+ switch (gimple_num_ops(def_stmt)) { -+ case 2: -+ return handle_unary_ops(visited, var); -+ case 3: -+ return handle_binary_ops(visited, var); -+#if BUILDING_GCC_VERSION >= 4007 -+ case 4: -+ return handle_ternary_ops(visited, var); -+#endif -+ } -+ default: -+ debug_gimple_stmt(def_stmt); -+ error("expand: unknown gimple code"); -+ gcc_unreachable(); -+ } -+} -+ -+static void change_function_arg(gimple func_stmt, tree origarg, unsigned int argnum, tree newarg) -+{ -+ gimple assign, stmt; -+ gimple_stmt_iterator gsi = gsi_for_stmt(func_stmt); -+ tree origtype = TREE_TYPE(origarg); -+ -+ stmt = gsi_stmt(gsi); -+ gcc_assert(gimple_code(stmt) == GIMPLE_CALL); -+ -+ assign = build_cast_stmt(origtype, newarg, CREATE_NEW_VAR, gimple_location(stmt)); -+ gsi_insert_before(&gsi, assign, GSI_SAME_STMT); -+ update_stmt(assign); -+ -+ gimple_call_set_arg(stmt, argnum, gimple_get_lhs(assign)); -+ update_stmt(stmt); -+} -+ -+static tree get_function_arg(unsigned int argnum, gimple stmt, tree fndecl) -+{ -+ const char *origid; -+ tree arg, origarg; -+ -+ if (!DECL_ABSTRACT_ORIGIN(fndecl)) { -+ gcc_assert(gimple_call_num_args(stmt) > argnum); -+ return gimple_call_arg(stmt, argnum); -+ } -+ -+ origarg = DECL_ARGUMENTS(DECL_ABSTRACT_ORIGIN(fndecl)); -+ while (origarg && argnum) { -+ argnum--; -+ origarg = TREE_CHAIN(origarg); -+ } -+ -+ gcc_assert(argnum == 0); -+ -+ gcc_assert(origarg != NULL_TREE); -+ origid = NAME(origarg); -+ for (arg = DECL_ARGUMENTS(fndecl); arg; arg = TREE_CHAIN(arg)) { -+ if (!strcmp(origid, NAME(arg))) -+ return arg; -+ } -+ return NULL_TREE; -+} -+ -+static void insert_cond(tree arg, basic_block cond_bb) -+{ -+ gimple cond_stmt; -+ gimple_stmt_iterator gsi = gsi_last_bb(cond_bb); -+ -+ cond_stmt = gimple_build_cond(GT_EXPR, arg, build_int_cstu(signed_size_overflow_type, 0x7fffffff), NULL_TREE, NULL_TREE); -+ gsi_insert_after(&gsi, cond_stmt, GSI_CONTINUE_LINKING); -+ update_stmt(cond_stmt); -+} -+ -+static tree create_string_param(tree string) -+{ -+ tree array_ref = build4(ARRAY_REF, TREE_TYPE(string), string, integer_zero_node, NULL, NULL); -+ -+ return build1(ADDR_EXPR, ptr_type_node, array_ref); -+} -+ -+static void insert_cond_result(basic_block bb_true, gimple stmt, tree arg) -+{ -+ gimple func_stmt, def_stmt; -+ tree current_func, loc_file, loc_line; -+ expanded_location xloc; -+ gimple_stmt_iterator gsi = gsi_start_bb(bb_true); -+ -+ def_stmt = get_def_stmt(arg); -+ xloc = expand_location(gimple_location(def_stmt)); -+ -+ if (!gimple_has_location(def_stmt)) { -+ xloc = expand_location(gimple_location(stmt)); -+ gcc_assert(gimple_has_location(stmt)); -+ } -+ -+ loc_line = build_int_cstu(unsigned_type_node, xloc.line); -+ -+ loc_file = build_string(strlen(xloc.file), xloc.file); -+ TREE_TYPE(loc_file) = char_array_type_node; -+ loc_file = create_string_param(loc_file); -+ -+ current_func = build_string(IDENTIFIER_LENGTH(DECL_NAME(current_function_decl)), NAME(current_function_decl)); -+ TREE_TYPE(current_func) = char_array_type_node; -+ current_func = create_string_param(current_func); -+ -+ // void report_size_overflow(const char *file, unsigned int line, const char *func) -+ func_stmt = gimple_build_call(report_size_overflow_decl, 3, loc_file, loc_line, current_func); -+ -+ gsi_insert_after(&gsi, func_stmt, GSI_CONTINUE_LINKING); -+} -+ -+static void insert_check_size_overflow(gimple stmt, tree arg) -+{ -+ basic_block cond_bb, join_bb, bb_true; -+ edge e; -+ gimple_stmt_iterator gsi = gsi_for_stmt(stmt); -+ -+ cond_bb = gimple_bb(stmt); -+ gsi_prev(&gsi); -+ if (gsi_end_p(gsi)) -+ e = split_block_after_labels(cond_bb); -+ else -+ e = split_block(cond_bb, gsi_stmt(gsi)); -+ cond_bb = e->src; -+ join_bb = e->dest; -+ e->flags = EDGE_FALSE_VALUE; -+ e->probability = REG_BR_PROB_BASE; -+ -+ bb_true = create_empty_bb(cond_bb); -+ make_edge(cond_bb, bb_true, EDGE_TRUE_VALUE); -+ -+ if (dom_info_available_p(CDI_DOMINATORS)) { -+ set_immediate_dominator(CDI_DOMINATORS, bb_true, cond_bb); -+ set_immediate_dominator(CDI_DOMINATORS, join_bb, cond_bb); -+ } -+ -+ insert_cond(arg, cond_bb); -+ insert_cond_result(bb_true, stmt, arg); -+} -+ -+static void handle_function_arg(gimple stmt, tree fndecl, unsigned int argnum) -+{ -+ struct pointer_set_t *visited; -+ tree arg, newarg; -+ gimple ucast_stmt; -+ gimple_stmt_iterator gsi; -+ location_t loc = gimple_location(stmt); -+ -+ arg = get_function_arg(argnum, stmt, fndecl); -+ if (arg == NULL_TREE) -+ return; -+ -+ if (is_gimple_constant(arg)) -+ return; -+ if (TREE_CODE(arg) != SSA_NAME) -+ return; -+ -+ set_size_overflow_type(arg); -+ visited = pointer_set_create(); -+ newarg = expand(visited, arg); -+ pointer_set_destroy(visited); -+ -+ if (newarg == NULL_TREE) -+ return; -+ -+ change_function_arg(stmt, arg, argnum, newarg); -+ -+ ucast_stmt = build_cast_stmt(unsigned_size_overflow_type, newarg, CREATE_NEW_VAR, loc); -+ gsi = gsi_for_stmt(stmt); -+ gsi_insert_before(&gsi, ucast_stmt, GSI_SAME_STMT); -+ -+ insert_check_size_overflow(stmt, gimple_get_lhs(ucast_stmt)); -+// inform(loc, "Integer size_overflow check applied here."); -+} -+ -+static void handle_function_by_attribute(gimple stmt, tree attr, tree fndecl) -+{ -+ tree p = TREE_VALUE(attr); -+ do { -+ handle_function_arg(stmt, fndecl, TREE_INT_CST_LOW(TREE_VALUE(p))-1); -+ p = TREE_CHAIN(p); -+ } while (p); -+} -+ -+static void handle_function_by_hash(gimple stmt, tree fndecl) -+{ -+ struct size_overflow_hash *hash; -+ expanded_location xloc; -+ -+ hash = get_function_hash(fndecl); -+ xloc = expand_location(DECL_SOURCE_LOCATION(fndecl)); -+ -+ fndecl = get_original_function_decl(fndecl); -+ if (!hash->name || !hash->file) -+ return; -+ if (strcmp(hash->name, NAME(fndecl)) || strcmp(hash->file, xloc.file)) -+ return; -+ -+#define search_param(argnum) \ -+ if (hash->param##argnum) \ -+ handle_function_arg(stmt, fndecl, argnum - 1); -+ -+ search_param(1); -+ search_param(2); -+ search_param(3); -+ search_param(4); -+ search_param(5); -+ search_param(6); -+ search_param(7); -+ search_param(8); -+ search_param(9); -+#undef search_param -+} -+ -+static unsigned int handle_function(void) -+{ -+ basic_block bb = ENTRY_BLOCK_PTR->next_bb; -+ int saved_last_basic_block = last_basic_block; -+ -+ do { -+ gimple_stmt_iterator gsi; -+ basic_block next = bb->next_bb; -+ -+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { -+ tree fndecl, attr; -+ gimple stmt = gsi_stmt(gsi); -+ -+ if (!(is_gimple_call(stmt))) -+ continue; -+ fndecl = gimple_call_fndecl(stmt); -+ if (fndecl == NULL_TREE) -+ continue; -+ if (gimple_call_num_args(stmt) == 0) -+ continue; -+ attr = lookup_attribute("size_overflow", TYPE_ATTRIBUTES(TREE_TYPE(fndecl))); -+ if (!attr || !TREE_VALUE(attr)) -+ handle_function_by_hash(stmt, fndecl); -+ else -+ handle_function_by_attribute(stmt, attr, fndecl); -+ gsi = gsi_for_stmt(stmt); -+ } -+ bb = next; -+ } while (bb && bb->index <= saved_last_basic_block); -+ return 0; -+} -+ -+static struct gimple_opt_pass size_overflow_pass = { -+ .pass = { -+ .type = GIMPLE_PASS, -+ .name = "size_overflow", -+ .gate = NULL, -+ .execute = handle_function, -+ .sub = NULL, -+ .next = NULL, -+ .static_pass_number = 0, -+ .tv_id = TV_NONE, -+ .properties_required = PROP_cfg | PROP_referenced_vars, -+ .properties_provided = 0, -+ .properties_destroyed = 0, -+ .todo_flags_start = 0, -+ .todo_flags_finish = TODO_verify_ssa | TODO_verify_stmts | TODO_dump_func | TODO_remove_unused_locals | TODO_update_ssa_no_phi | TODO_cleanup_cfg | TODO_ggc_collect | TODO_verify_flow -+ } -+}; -+ -+static void start_unit_callback(void __unused *gcc_data, void __unused *user_data) -+{ -+ tree fntype; -+ -+ const_char_ptr_type_node = build_pointer_type(build_type_variant(char_type_node, 1, 0)); -+ -+ // void report_size_overflow(const char *loc_file, unsigned int loc_line, const char *current_func) -+ fntype = build_function_type_list(void_type_node, -+ const_char_ptr_type_node, -+ unsigned_type_node, -+ const_char_ptr_type_node, -+ NULL_TREE); -+ report_size_overflow_decl = build_fn_decl("report_size_overflow", fntype); -+ -+ TREE_PUBLIC(report_size_overflow_decl) = 1; -+ DECL_EXTERNAL(report_size_overflow_decl) = 1; -+ DECL_ARTIFICIAL(report_size_overflow_decl) = 1; -+} -+ -+extern struct gimple_opt_pass pass_dce; -+ -+int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) -+{ -+ int i; -+ const char * const plugin_name = plugin_info->base_name; -+ const int argc = plugin_info->argc; -+ const struct plugin_argument * const argv = plugin_info->argv; -+ bool enable = true; -+ -+ struct register_pass_info size_overflow_pass_info = { -+ .pass = &size_overflow_pass.pass, -+ .reference_pass_name = "mudflap2", -+ .ref_pass_instance_number = 1, -+ .pos_op = PASS_POS_INSERT_BEFORE -+ }; -+ -+ struct register_pass_info dce_pass_info = { -+ .pass = &pass_dce.pass, -+ .reference_pass_name = "mudflap2", -+ .ref_pass_instance_number = 1, -+ .pos_op = PASS_POS_INSERT_BEFORE -+ }; -+ -+ if (!plugin_default_version_check(version, &gcc_version)) { -+ error(G_("incompatible gcc/plugin versions")); -+ return 1; -+ } -+ -+ for (i = 0; i < argc; ++i) { -+ if (!(strcmp(argv[i].key, "no-size_overflow"))) { -+ enable = false; -+ continue; -+ } -+ error(G_("unkown option '-fplugin-arg-%s-%s'"), plugin_name, argv[i].key); -+ } -+ -+ register_callback(plugin_name, PLUGIN_INFO, NULL, &size_overflow_plugin_info); -+ if (enable) { -+ register_callback ("start_unit", PLUGIN_START_UNIT, &start_unit_callback, NULL); -+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &size_overflow_pass_info); -+ register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &dce_pass_info); -+ } -+ register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL); -+ -+ return 0; -+} diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c new file mode 100644 index 0000000..b87ec9d @@ -86170,7 +80425,7 @@ index af0f22f..9a7d479 100644 break; } diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index d9cfb78..4f27c10 100644 +index a91f980..a58d32c 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -75,7 +75,7 @@ LIST_HEAD(vm_list); @@ -86182,7 +80437,7 @@ index d9cfb78..4f27c10 100644 struct kmem_cache *kvm_vcpu_cache; EXPORT_SYMBOL_GPL(kvm_vcpu_cache); -@@ -2268,7 +2268,7 @@ static void hardware_enable_nolock(void *junk) +@@ -2312,7 +2312,7 @@ static void hardware_enable_nolock(void *junk) if (r) { cpumask_clear_cpu(cpu, cpus_hardware_enabled); @@ -86191,7 +80446,7 @@ index d9cfb78..4f27c10 100644 printk(KERN_INFO "kvm: enabling virtualization on " "CPU%d failed\n", cpu); } -@@ -2322,10 +2322,10 @@ static int hardware_enable_all(void) +@@ -2366,10 +2366,10 @@ static int hardware_enable_all(void) kvm_usage_count++; if (kvm_usage_count == 1) { @@ -86204,7 +80459,7 @@ index d9cfb78..4f27c10 100644 hardware_disable_all_nolock(); r = -EBUSY; } -@@ -2676,7 +2676,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, +@@ -2732,7 +2732,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, kvm_arch_vcpu_put(vcpu); } @@ -86213,7 +80468,7 @@ index d9cfb78..4f27c10 100644 struct module *module) { int r; -@@ -2739,7 +2739,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2795,7 +2795,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (!vcpu_align) vcpu_align = __alignof__(struct kvm_vcpu); kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align, @@ -86222,7 +80477,7 @@ index d9cfb78..4f27c10 100644 if (!kvm_vcpu_cache) { r = -ENOMEM; goto out_free_3; -@@ -2749,9 +2749,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2805,9 +2805,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (r) goto out_free; diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86 index 2a1fefc198..3b1bda6d40 100644 --- a/main/linux-grsec/kernelconfig.x86 +++ b/main/linux-grsec/kernelconfig.x86 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/i386 3.2.12 Kernel Configuration +# Linux/i386 3.3.0 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y @@ -17,11 +17,9 @@ CONFIG_LOCKDEP_SUPPORT=y CONFIG_STACKTRACE_SUPPORT=y CONFIG_HAVE_LATENCYTOP_SUPPORT=y CONFIG_MMU=y -CONFIG_ZONE_DMA=y CONFIG_NEED_DMA_MAP_STATE=y CONFIG_NEED_SG_DMA_LENGTH=y CONFIG_GENERIC_ISA_DMA=y -CONFIG_GENERIC_IOMAP=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_HWEIGHT=y CONFIG_GENERIC_GPIO=y @@ -40,7 +38,6 @@ CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y CONFIG_ARCH_HIBERNATION_POSSIBLE=y CONFIG_ARCH_SUSPEND_POSSIBLE=y # CONFIG_ZONE_DMA32 is not set -CONFIG_ARCH_POPULATES_NODE_MAP=y # CONFIG_AUDIT_ARCH is not set CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y @@ -185,6 +182,7 @@ CONFIG_PROFILING=y CONFIG_OPROFILE=m # CONFIG_OPROFILE_EVENT_MULTIPLEX is not set CONFIG_HAVE_OPROFILE=y +CONFIG_OPROFILE_NMI_TIMER=y CONFIG_KPROBES=y # CONFIG_JUMP_LABEL is not set CONFIG_OPTPROBES=y @@ -206,6 +204,9 @@ CONFIG_HAVE_USER_RETURN_NOTIFIER=y CONFIG_HAVE_PERF_EVENTS_NMI=y CONFIG_HAVE_ARCH_JUMP_LABEL=y CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y # # GCOV-based kernel profiling @@ -229,6 +230,28 @@ CONFIG_BLK_DEV_BSGLIB=y # CONFIG_BLK_DEV_THROTTLING is not set # +# Partition Types +# +CONFIG_PARTITION_ADVANCED=y +# CONFIG_ACORN_PARTITION is not set +# CONFIG_OSF_PARTITION is not set +# CONFIG_AMIGA_PARTITION is not set +# CONFIG_ATARI_PARTITION is not set +# CONFIG_MAC_PARTITION is not set +CONFIG_MSDOS_PARTITION=y +# CONFIG_BSD_DISKLABEL is not set +# CONFIG_MINIX_SUBPARTITION is not set +# CONFIG_SOLARIS_X86_PARTITION is not set +# CONFIG_UNIXWARE_DISKLABEL is not set +# CONFIG_LDM_PARTITION is not set +# CONFIG_SGI_PARTITION is not set +# CONFIG_ULTRIX_PARTITION is not set +# CONFIG_SUN_PARTITION is not set +# CONFIG_KARMA_PARTITION is not set +CONFIG_EFI_PARTITION=y +# CONFIG_SYSV68_PARTITION is not set + +# # IO Schedulers # CONFIG_IOSCHED_NOOP=y @@ -274,6 +297,7 @@ CONFIG_FREEZER=y # # Processor type and features # +CONFIG_ZONE_DMA=y CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y @@ -285,6 +309,7 @@ CONFIG_X86_BIGSMP=y CONFIG_X86_EXTENDED_PLATFORM=y CONFIG_X86_WANT_INTEL_MID=y # CONFIG_X86_MRST is not set +# CONFIG_X86_MDFLD is not set # CONFIG_X86_RDC321X is not set # CONFIG_X86_32_NON_STANDARD is not set # CONFIG_X86_32_IRIS is not set @@ -329,8 +354,6 @@ CONFIG_M586=y CONFIG_X86_GENERIC=y CONFIG_X86_INTERNODE_CACHE_SHIFT=6 CONFIG_X86_CMPXCHG=y -CONFIG_CMPXCHG_LOCAL=y -CONFIG_CMPXCHG_DOUBLE=y CONFIG_X86_L1_CACHE_SHIFT=6 CONFIG_X86_XADD=y # CONFIG_X86_PPRO_FENCE is not set @@ -397,6 +420,8 @@ CONFIG_FLATMEM=y CONFIG_FLAT_NODE_MEM_MAP=y CONFIG_SPARSEMEM_STATIC=y CONFIG_HAVE_MEMBLOCK=y +CONFIG_HAVE_MEMBLOCK_NODE_MAP=y +CONFIG_ARCH_DISCARD_MEMBLOCK=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_COMPACTION=y @@ -600,6 +625,7 @@ CONFIG_HOTPLUG_PCI_SHPC=m # Executable file formats / Emulations # CONFIG_BINFMT_ELF=y +CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE=y # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set CONFIG_HAVE_AOUT=y CONFIG_BINFMT_MISC=m @@ -612,6 +638,7 @@ CONFIG_NET=y # CONFIG_PACKET=m CONFIG_UNIX=y +CONFIG_UNIX_DIAG=m CONFIG_XFRM=y CONFIG_XFRM_USER=m CONFIG_XFRM_SUB_POLICY=y @@ -653,6 +680,7 @@ CONFIG_INET_XFRM_MODE_BEET=m CONFIG_INET_LRO=y CONFIG_INET_DIAG=m CONFIG_INET_TCP_DIAG=m +CONFIG_INET_UDP_DIAG=m CONFIG_TCP_CONG_ADVANCED=y CONFIG_TCP_CONG_BIC=m CONFIG_TCP_CONG_CUBIC=y @@ -705,12 +733,14 @@ CONFIG_BRIDGE_NETFILTER=y # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=m +CONFIG_NETFILTER_NETLINK_ACCT=m CONFIG_NETFILTER_NETLINK_QUEUE=m CONFIG_NETFILTER_NETLINK_LOG=m CONFIG_NF_CONNTRACK=m CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_SECMARK=y CONFIG_NF_CONNTRACK_ZONES=y +CONFIG_NF_CONNTRACK_PROCFS=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CONNTRACK_TIMESTAMP=y CONFIG_NF_CT_PROTO_DCCP=m @@ -777,6 +807,7 @@ CONFIG_NETFILTER_XT_MATCH_CPU=m CONFIG_NETFILTER_XT_MATCH_DCCP=m CONFIG_NETFILTER_XT_MATCH_DEVGROUP=m CONFIG_NETFILTER_XT_MATCH_DSCP=m +CONFIG_NETFILTER_XT_MATCH_ECN=m CONFIG_NETFILTER_XT_MATCH_ESP=m CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m CONFIG_NETFILTER_XT_MATCH_HELPER=m @@ -788,6 +819,7 @@ CONFIG_NETFILTER_XT_MATCH_LIMIT=m CONFIG_NETFILTER_XT_MATCH_MAC=m CONFIG_NETFILTER_XT_MATCH_MARK=m CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m +CONFIG_NETFILTER_XT_MATCH_NFACCT=m CONFIG_NETFILTER_XT_MATCH_OSF=m CONFIG_NETFILTER_XT_MATCH_OWNER=m CONFIG_NETFILTER_XT_MATCH_POLICY=m @@ -848,6 +880,11 @@ CONFIG_IP_VS_SED=m CONFIG_IP_VS_NQ=m # +# IPVS SH scheduler +# +CONFIG_IP_VS_SH_TAB_BITS=8 + +# # IPVS application helper # CONFIG_IP_VS_FTP=m @@ -864,6 +901,7 @@ CONFIG_IP_NF_QUEUE=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_MATCH_AH=m CONFIG_IP_NF_MATCH_ECN=m +CONFIG_IP_NF_MATCH_RPFILTER=m CONFIG_IP_NF_MATCH_TTL=m CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m @@ -909,6 +947,7 @@ CONFIG_IP6_NF_MATCH_OPTS=m CONFIG_IP6_NF_MATCH_HL=m CONFIG_IP6_NF_MATCH_IPV6HEADER=m CONFIG_IP6_NF_MATCH_MH=m +CONFIG_IP6_NF_MATCH_RPFILTER=m CONFIG_IP6_NF_MATCH_RT=m CONFIG_IP6_NF_TARGET_HL=m CONFIG_IP6_NF_TARGET_LOG=m @@ -1071,9 +1110,12 @@ CONFIG_NET_SCH_FIFO=y # CONFIG_DCB is not set CONFIG_DNS_RESOLVER=y # CONFIG_BATMAN_ADV is not set +CONFIG_OPENVSWITCH=m CONFIG_RPS=y CONFIG_RFS_ACCEL=y CONFIG_XPS=y +CONFIG_NETPRIO_CGROUP=m +CONFIG_BQL=y # # Network testing @@ -1140,8 +1182,6 @@ CONFIG_VLSI_FIR=m CONFIG_VIA_FIR=m CONFIG_MCS_FIR=m CONFIG_BT=m -CONFIG_BT_L2CAP=y -CONFIG_BT_SCO=y CONFIG_BT_RFCOMM=m CONFIG_BT_RFCOMM_TTY=y CONFIG_BT_BNEP=m @@ -1240,9 +1280,11 @@ CONFIG_EXTRA_FIRMWARE="" # CONFIG_DEBUG_DRIVER is not set CONFIG_DEBUG_DEVRES=y # CONFIG_SYS_HYPERVISOR is not set +# CONFIG_GENERIC_CPU_DEVICES is not set CONFIG_REGMAP=y CONFIG_REGMAP_I2C=m CONFIG_REGMAP_SPI=m +# CONFIG_DMA_SHARED_BUFFER is not set CONFIG_CONNECTOR=m CONFIG_MTD=m CONFIG_MTD_TESTS=m @@ -1410,6 +1452,7 @@ CONFIG_PNPACPI=y CONFIG_BLK_DEV=y CONFIG_BLK_DEV_FD=m # CONFIG_PARIDE is not set +CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m CONFIG_BLK_CPQ_DA=m CONFIG_BLK_CPQ_CISS_DA=m CONFIG_CISS_SCSI_TAPE=y @@ -1422,6 +1465,7 @@ CONFIG_BLK_DEV_CRYPTOLOOP=m CONFIG_BLK_DEV_DRBD=m # CONFIG_DRBD_FAULT_INJECTION is not set CONFIG_BLK_DEV_NBD=m +CONFIG_BLK_DEV_NVME=m CONFIG_BLK_DEV_OSD=m CONFIG_BLK_DEV_SX8=m CONFIG_BLK_DEV_UB=m @@ -1436,8 +1480,11 @@ CONFIG_ATA_OVER_ETH=m CONFIG_VIRTIO_BLK=m # CONFIG_BLK_DEV_HD is not set # CONFIG_BLK_DEV_RBD is not set + +# +# Misc devices +# CONFIG_SENSORS_LIS3LV02D=m -CONFIG_MISC_DEVICES=y CONFIG_AD525X_DPOT=m CONFIG_AD525X_DPOT_I2C=m CONFIG_AD525X_DPOT_SPI=m @@ -1812,6 +1859,9 @@ CONFIG_MII=m CONFIG_IEEE802154_DRIVERS=m CONFIG_IEEE802154_FAKEHARD=m CONFIG_IFB=m +CONFIG_NET_TEAM=m +CONFIG_NET_TEAM_MODE_ROUNDROBIN=m +CONFIG_NET_TEAM_MODE_ACTIVEBACKUP=m CONFIG_MACVLAN=m CONFIG_MACVTAP=m CONFIG_NETCONSOLE=m @@ -1900,6 +1950,7 @@ CONFIG_TIGON3=m CONFIG_BNX2X=m CONFIG_NET_VENDOR_BROCADE=y CONFIG_BNA=m +CONFIG_NET_CALXEDA_XGMAC=m CONFIG_NET_VENDOR_CHELSIO=y CONFIG_CHELSIO_T1=m CONFIG_CHELSIO_T1_1G=y @@ -2021,6 +2072,8 @@ CONFIG_EPIC100=m CONFIG_SMSC9420=m CONFIG_NET_VENDOR_STMICRO=y CONFIG_STMMAC_ETH=m +# CONFIG_STMMAC_PLATFORM is not set +# CONFIG_STMMAC_PCI is not set # CONFIG_STMMAC_DEBUG_FS is not set # CONFIG_STMMAC_DA is not set CONFIG_STMMAC_RING=y @@ -2069,6 +2122,7 @@ CONFIG_LSI_ET1011C_PHY=m CONFIG_MICREL_PHY=m CONFIG_MDIO_BITBANG=m CONFIG_MDIO_GPIO=m +CONFIG_MICREL_KS8995MA=m CONFIG_PLIP=m CONFIG_PPP=m CONFIG_PPP_BSDCOMP=m @@ -2157,7 +2211,9 @@ CONFIG_ATH9K=m CONFIG_ATH9K_PCI=y CONFIG_ATH9K_AHB=y # CONFIG_ATH9K_DEBUGFS is not set +# CONFIG_ATH9K_DFS_CERTIFIED is not set CONFIG_ATH9K_RATE_CONTROL=y +CONFIG_ATH9K_BTCOEX_SUPPORT=y CONFIG_ATH9K_HTC=m # CONFIG_ATH9K_HTC_DEBUGFS is not set CONFIG_CARL9170=m @@ -2190,7 +2246,6 @@ CONFIG_B43LEGACY_PIO=y CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y # CONFIG_B43LEGACY_DMA_MODE is not set # CONFIG_B43LEGACY_PIO_MODE is not set -# CONFIG_BRCMSMAC is not set # CONFIG_BRCMFMAC is not set CONFIG_HOSTAP=m CONFIG_HOSTAP_FIRMWARE=y @@ -2215,13 +2270,13 @@ CONFIG_IWLWIFI=m # Debugging Options # # CONFIG_IWLWIFI_DEBUG is not set -# CONFIG_IWLWIFI_DEVICE_SVTOOL is not set -CONFIG_IWLWIFI_LEGACY=m +# CONFIG_IWLWIFI_P2P is not set +CONFIG_IWLEGACY=m # # Debugging Options # -# CONFIG_IWLWIFI_LEGACY_DEBUG is not set +# CONFIG_IWLEGACY_DEBUG is not set CONFIG_IWL4965=m CONFIG_IWL3945=m CONFIG_IWM=m @@ -2284,7 +2339,6 @@ CONFIG_WL12XX_MENU=m CONFIG_WL12XX=m CONFIG_WL12XX_SPI=m CONFIG_WL12XX_SDIO=m -CONFIG_WL12XX_SDIO_TEST=m CONFIG_WL12XX_PLATFORM_DATA=y CONFIG_ZD1211RW=m # CONFIG_ZD1211RW_DEBUG is not set @@ -2327,6 +2381,7 @@ CONFIG_X25_ASY=m CONFIG_SBNI=m CONFIG_SBNI_MULTILINE=y CONFIG_VMXNET3=m +CONFIG_HYPERV_NET=m CONFIG_ISDN=y # CONFIG_ISDN_I4L is not set CONFIG_ISDN_CAPI=m @@ -2407,20 +2462,21 @@ CONFIG_INPUT_KEYBOARD=y CONFIG_KEYBOARD_ATKBD=y # CONFIG_KEYBOARD_QT1070 is not set # CONFIG_KEYBOARD_QT2160 is not set -CONFIG_KEYBOARD_LKKBD=m -CONFIG_KEYBOARD_GPIO=m -CONFIG_KEYBOARD_GPIO_POLLED=m -CONFIG_KEYBOARD_TCA6416=m -CONFIG_KEYBOARD_MATRIX=m -CONFIG_KEYBOARD_LM8323=m +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_GPIO is not set +# CONFIG_KEYBOARD_GPIO_POLLED is not set +# CONFIG_KEYBOARD_TCA6416 is not set +# CONFIG_KEYBOARD_TCA8418 is not set +# CONFIG_KEYBOARD_MATRIX is not set +# CONFIG_KEYBOARD_LM8323 is not set # CONFIG_KEYBOARD_MAX7359 is not set -CONFIG_KEYBOARD_MCS=m +# CONFIG_KEYBOARD_MCS is not set # CONFIG_KEYBOARD_MPR121 is not set -CONFIG_KEYBOARD_NEWTON=m +# CONFIG_KEYBOARD_NEWTON is not set # CONFIG_KEYBOARD_OPENCORES is not set -CONFIG_KEYBOARD_STOWAWAY=m -CONFIG_KEYBOARD_SUNKBD=m -CONFIG_KEYBOARD_XTKBD=m +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_XTKBD is not set CONFIG_INPUT_MOUSE=y CONFIG_MOUSE_PS2=m CONFIG_MOUSE_PS2_ALPS=y @@ -2446,11 +2502,13 @@ CONFIG_TOUCHSCREEN_AD7879=m CONFIG_TOUCHSCREEN_AD7879_I2C=m CONFIG_TOUCHSCREEN_AD7879_SPI=m CONFIG_TOUCHSCREEN_ATMEL_MXT=m +# CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set CONFIG_TOUCHSCREEN_BU21013=m CONFIG_TOUCHSCREEN_CY8CTMG110=m CONFIG_TOUCHSCREEN_DYNAPRO=m CONFIG_TOUCHSCREEN_HAMPSHIRE=m CONFIG_TOUCHSCREEN_EETI=m +CONFIG_TOUCHSCREEN_EGALAX=m CONFIG_TOUCHSCREEN_FUJITSU=m CONFIG_TOUCHSCREEN_GUNZE=m CONFIG_TOUCHSCREEN_ELO=m @@ -2464,6 +2522,7 @@ CONFIG_TOUCHSCREEN_PENMOUNT=m CONFIG_TOUCHSCREEN_TOUCHRIGHT=m CONFIG_TOUCHSCREEN_TOUCHWIN=m CONFIG_TOUCHSCREEN_UCB1400=m +CONFIG_TOUCHSCREEN_PIXCIR=m CONFIG_TOUCHSCREEN_WM97XX=m CONFIG_TOUCHSCREEN_WM9705=y CONFIG_TOUCHSCREEN_WM9712=y @@ -2482,6 +2541,7 @@ CONFIG_TOUCHSCREEN_USB_IDEALTEK=y CONFIG_TOUCHSCREEN_USB_GENERAL_TOUCH=y CONFIG_TOUCHSCREEN_USB_GOTOP=y CONFIG_TOUCHSCREEN_USB_JASTEC=y +CONFIG_TOUCHSCREEN_USB_ELO=y CONFIG_TOUCHSCREEN_USB_E2I=y CONFIG_TOUCHSCREEN_USB_ZYTRONIC=y CONFIG_TOUCHSCREEN_USB_ETT_TC45USB=y @@ -2502,6 +2562,8 @@ CONFIG_INPUT_PCSPKR=m CONFIG_INPUT_MMA8450=m CONFIG_INPUT_MPU3050=m CONFIG_INPUT_APANEL=m +# CONFIG_INPUT_GP2A is not set +# CONFIG_INPUT_GPIO_TILT_POLLED is not set # CONFIG_INPUT_WISTRON_BTNS is not set CONFIG_INPUT_ATLAS_BTNS=m CONFIG_INPUT_ATI_REMOTE2=m @@ -2822,13 +2884,14 @@ CONFIG_POWER_SUPPLY=m # CONFIG_TEST_POWER is not set # CONFIG_BATTERY_DS2780 is not set # CONFIG_BATTERY_DS2782 is not set -# CONFIG_BATTERY_BQ20Z75 is not set +# CONFIG_BATTERY_SBS is not set # CONFIG_BATTERY_BQ27x00 is not set # CONFIG_BATTERY_MAX17040 is not set # CONFIG_BATTERY_MAX17042 is not set # CONFIG_CHARGER_PCF50633 is not set # CONFIG_CHARGER_ISP1704 is not set # CONFIG_CHARGER_MAX8903 is not set +# CONFIG_CHARGER_LP8727 is not set # CONFIG_CHARGER_GPIO is not set CONFIG_HWMON=m CONFIG_HWMON_VID=m @@ -2999,6 +3062,7 @@ CONFIG_SBC8360_WDT=m CONFIG_CPU5_WDT=m CONFIG_SMSC_SCH311X_WDT=m CONFIG_SMSC37B787_WDT=m +CONFIG_VIA_WDT=m CONFIG_W83627HF_WDT=m CONFIG_W83697HF_WDT=m CONFIG_W83697UG_WDT=m @@ -3055,7 +3119,9 @@ CONFIG_UCB1400_CORE=m CONFIG_TPS65010=m CONFIG_TPS6507X=m # CONFIG_MFD_TPS65912_SPI is not set +# CONFIG_MFD_STMPE is not set # CONFIG_MFD_TMIO is not set +# CONFIG_MFD_DA9052_SPI is not set CONFIG_MFD_WM8400=m # CONFIG_MFD_WM831X_SPI is not set CONFIG_MFD_PCF50633=m @@ -3101,6 +3167,7 @@ CONFIG_IR_RC6_DECODER=m CONFIG_IR_JVC_DECODER=m CONFIG_IR_SONY_DECODER=m CONFIG_IR_RC5_SZ_DECODER=m +CONFIG_IR_SANYO_DECODER=m CONFIG_IR_MCE_KBD_DECODER=m CONFIG_IR_LIRC_CODEC=m CONFIG_RC_ATI_REMOTE=m @@ -3142,7 +3209,6 @@ CONFIG_VIDEO_V4L2=m CONFIG_VIDEOBUF_GEN=m CONFIG_VIDEOBUF_DMA_SG=m CONFIG_VIDEOBUF_VMALLOC=m -CONFIG_VIDEOBUF_DMA_CONTIG=m CONFIG_VIDEOBUF_DVB=m CONFIG_VIDEO_BTCX=m CONFIG_VIDEO_TVEEPROM=m @@ -3150,7 +3216,6 @@ CONFIG_VIDEO_TUNER=m CONFIG_V4L2_MEM2MEM_DEV=m CONFIG_VIDEOBUF2_CORE=m CONFIG_VIDEOBUF2_MEMOPS=m -CONFIG_VIDEOBUF2_DMA_CONTIG=m CONFIG_VIDEOBUF2_VMALLOC=m CONFIG_VIDEO_CAPTURE_DRIVERS=y # CONFIG_VIDEO_ADV_DEBUG is not set @@ -3238,6 +3303,7 @@ CONFIG_VIDEO_NOON010PC30=m # Flash devices # # CONFIG_VIDEO_ADP1653 is not set +# CONFIG_VIDEO_AS3645A is not set # # Video improvement chips @@ -3251,61 +3317,6 @@ CONFIG_VIDEO_UPD64083=m CONFIG_VIDEO_THS7303=m CONFIG_VIDEO_M52790=m # CONFIG_VIDEO_VIVI is not set -CONFIG_VIDEO_BT848=m -CONFIG_VIDEO_BT848_DVB=y -CONFIG_VIDEO_BWQCAM=m -CONFIG_VIDEO_CQCAM=m -# CONFIG_VIDEO_CPIA2 is not set -CONFIG_VIDEO_ZORAN=m -CONFIG_VIDEO_ZORAN_DC30=m -CONFIG_VIDEO_ZORAN_ZR36060=m -CONFIG_VIDEO_ZORAN_BUZ=m -CONFIG_VIDEO_ZORAN_DC10=m -CONFIG_VIDEO_ZORAN_LML33=m -CONFIG_VIDEO_ZORAN_LML33R10=m -CONFIG_VIDEO_ZORAN_AVS6EYES=m -CONFIG_VIDEO_MEYE=m -CONFIG_VIDEO_SAA7134=m -CONFIG_VIDEO_SAA7134_ALSA=m -CONFIG_VIDEO_SAA7134_RC=y -CONFIG_VIDEO_SAA7134_DVB=m -CONFIG_VIDEO_MXB=m -CONFIG_VIDEO_HEXIUM_ORION=m -CONFIG_VIDEO_HEXIUM_GEMINI=m -CONFIG_VIDEO_TIMBERDALE=m -CONFIG_VIDEO_CX88=m -CONFIG_VIDEO_CX88_ALSA=m -CONFIG_VIDEO_CX88_BLACKBIRD=m -CONFIG_VIDEO_CX88_DVB=m -CONFIG_VIDEO_CX88_MPEG=m -CONFIG_VIDEO_CX88_VP3054=m -CONFIG_VIDEO_CX23885=m -# CONFIG_MEDIA_ALTERA_CI is not set -# CONFIG_VIDEO_CX25821 is not set -CONFIG_VIDEO_AU0828=m -CONFIG_VIDEO_IVTV=m -CONFIG_VIDEO_FB_IVTV=m -CONFIG_VIDEO_CX18=m -CONFIG_VIDEO_CX18_ALSA=m -CONFIG_VIDEO_SAA7164=m -CONFIG_VIDEO_CAFE_CCIC=m -# CONFIG_VIDEO_VIA_CAMERA is not set -CONFIG_SOC_CAMERA=m -# CONFIG_SOC_CAMERA_IMX074 is not set -CONFIG_SOC_CAMERA_MT9M001=m -CONFIG_SOC_CAMERA_MT9M111=m -CONFIG_SOC_CAMERA_MT9T031=m -CONFIG_SOC_CAMERA_MT9T112=m -CONFIG_SOC_CAMERA_MT9V022=m -CONFIG_SOC_CAMERA_RJ54N1=m -CONFIG_SOC_CAMERA_TW9910=m -CONFIG_SOC_CAMERA_PLATFORM=m -CONFIG_SOC_CAMERA_OV2640=m -# CONFIG_SOC_CAMERA_OV5642 is not set -# CONFIG_SOC_CAMERA_OV6650 is not set -CONFIG_SOC_CAMERA_OV772X=m -CONFIG_SOC_CAMERA_OV9640=m -CONFIG_SOC_CAMERA_OV9740=m CONFIG_V4L_USB_DRIVERS=y CONFIG_USB_VIDEO_CLASS=m CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y @@ -3319,6 +3330,7 @@ CONFIG_USB_GSPCA_CPIA1=m CONFIG_USB_GSPCA_ETOMS=m CONFIG_USB_GSPCA_FINEPIX=m CONFIG_USB_GSPCA_JEILINJ=m +CONFIG_USB_GSPCA_JL2005BCD=m CONFIG_USB_GSPCA_KINECT=m # CONFIG_USB_GSPCA_KONICA is not set CONFIG_USB_GSPCA_MARS=m @@ -3374,18 +3386,55 @@ CONFIG_VIDEO_USBVISION=m CONFIG_USB_ET61X251=m CONFIG_USB_SN9C102=m # CONFIG_USB_PWC is not set +# CONFIG_VIDEO_CPIA2 is not set CONFIG_USB_ZR364XX=m CONFIG_USB_STKWEBCAM=m CONFIG_USB_S2255=m +CONFIG_V4L_PCI_DRIVERS=y +CONFIG_VIDEO_AU0828=m +CONFIG_VIDEO_BT848=m +CONFIG_VIDEO_BT848_DVB=y +CONFIG_VIDEO_CX18=m +CONFIG_VIDEO_CX18_ALSA=m +CONFIG_VIDEO_CX23885=m +# CONFIG_MEDIA_ALTERA_CI is not set +# CONFIG_VIDEO_CX25821 is not set +CONFIG_VIDEO_CX88=m +CONFIG_VIDEO_CX88_ALSA=m +CONFIG_VIDEO_CX88_BLACKBIRD=m +CONFIG_VIDEO_CX88_DVB=m +CONFIG_VIDEO_CX88_VP3054=m +CONFIG_VIDEO_CX88_MPEG=m +CONFIG_VIDEO_HEXIUM_GEMINI=m +CONFIG_VIDEO_HEXIUM_ORION=m +CONFIG_VIDEO_IVTV=m +CONFIG_VIDEO_FB_IVTV=m +CONFIG_VIDEO_MEYE=m +CONFIG_VIDEO_MXB=m +CONFIG_VIDEO_SAA7134=m +CONFIG_VIDEO_SAA7134_ALSA=m +CONFIG_VIDEO_SAA7134_RC=y +CONFIG_VIDEO_SAA7134_DVB=m +CONFIG_VIDEO_SAA7164=m +CONFIG_VIDEO_ZORAN=m +CONFIG_VIDEO_ZORAN_DC30=m +CONFIG_VIDEO_ZORAN_ZR36060=m +CONFIG_VIDEO_ZORAN_BUZ=m +CONFIG_VIDEO_ZORAN_DC10=m +CONFIG_VIDEO_ZORAN_LML33=m +CONFIG_VIDEO_ZORAN_LML33R10=m +CONFIG_VIDEO_ZORAN_AVS6EYES=m +# CONFIG_V4L_ISA_PARPORT_DRIVERS is not set +# CONFIG_V4L_PLATFORM_DRIVERS is not set CONFIG_V4L_MEM2MEM_DRIVERS=y CONFIG_VIDEO_MEM2MEM_TESTDEV=m CONFIG_RADIO_ADAPTERS=y +# CONFIG_RADIO_SI470X is not set +CONFIG_USB_MR800=m +CONFIG_USB_DSBR=m CONFIG_RADIO_MAXIRADIO=m # CONFIG_I2C_SI4713 is not set # CONFIG_RADIO_SI4713 is not set -CONFIG_USB_DSBR=m -# CONFIG_RADIO_SI470X is not set -CONFIG_USB_MR800=m CONFIG_RADIO_TEA5764=m CONFIG_RADIO_SAA7706H=m CONFIG_RADIO_TEF6862=m @@ -3667,6 +3716,9 @@ CONFIG_DRM_SIS=m CONFIG_DRM_VIA=m CONFIG_DRM_SAVAGE=m CONFIG_DRM_VMWGFX=m +CONFIG_DRM_GMA500=m +CONFIG_DRM_GMA600=y +CONFIG_DRM_GMA3600=y # CONFIG_STUB_POULSBO is not set CONFIG_VGASTATE=m CONFIG_VIDEO_OUTPUT_CONTROL=m @@ -3799,15 +3851,6 @@ CONFIG_BACKLIGHT_ADP8860=m CONFIG_BACKLIGHT_PCF50633=m # -# Display device support -# -CONFIG_DISPLAY_SUPPORT=m - -# -# Display hardware drivers -# - -# # Console display driver support # CONFIG_VGA_CONSOLE=y @@ -3844,6 +3887,7 @@ CONFIG_SND_DYNAMIC_MINORS=y # CONFIG_SND_VERBOSE_PRINTK is not set # CONFIG_SND_DEBUG is not set CONFIG_SND_VMASTER=y +CONFIG_SND_KCTL_JACK=y CONFIG_SND_DMA_SGBUF=y CONFIG_SND_RAWMIDI_SEQ=m CONFIG_SND_OPL3_LIB_SEQ=m @@ -3983,7 +4027,6 @@ CONFIG_SND_PCMCIA=y CONFIG_SND_VXPOCKET=m CONFIG_SND_PDAUDIOCF=m CONFIG_SND_SOC=m -# CONFIG_SND_SOC_CACHE_LZO is not set CONFIG_SND_SOC_I2C_AND_SPI=m CONFIG_SND_SOC_ALL_CODECS=m CONFIG_SND_SOC_WM_HUBS=m @@ -3999,7 +4042,9 @@ CONFIG_SND_SOC_AK4641=m CONFIG_SND_SOC_AK4642=m CONFIG_SND_SOC_AK4671=m CONFIG_SND_SOC_ALC5623=m +CONFIG_SND_SOC_ALC5632=m CONFIG_SND_SOC_CS42L51=m +CONFIG_SND_SOC_CS42L73=m CONFIG_SND_SOC_CS4270=m CONFIG_SND_SOC_CS4271=m CONFIG_SND_SOC_CX20442=m @@ -4025,6 +4070,7 @@ CONFIG_SND_SOC_UDA134X=m CONFIG_SND_SOC_UDA1380=m CONFIG_SND_SOC_WL1273=m CONFIG_SND_SOC_WM1250_EV1=m +CONFIG_SND_SOC_WM2000=m CONFIG_SND_SOC_WM5100=m CONFIG_SND_SOC_WM8400=m CONFIG_SND_SOC_WM8510=m @@ -4062,15 +4108,15 @@ CONFIG_SND_SOC_WM8993=m CONFIG_SND_SOC_WM8995=m CONFIG_SND_SOC_WM8996=m CONFIG_SND_SOC_WM9081=m +CONFIG_SND_SOC_WM9090=m CONFIG_SND_SOC_LM4857=m CONFIG_SND_SOC_MAX9877=m CONFIG_SND_SOC_TPA6130A2=m -CONFIG_SND_SOC_WM2000=m -CONFIG_SND_SOC_WM9090=m # CONFIG_SOUND_PRIME is not set CONFIG_AC97_BUS=m CONFIG_HID_SUPPORT=y CONFIG_HID=m +CONFIG_HID_BATTERY_STRENGTH=y CONFIG_HIDRAW=y # @@ -4125,10 +4171,10 @@ CONFIG_HID_PICOLCD_BACKLIGHT=y CONFIG_HID_PICOLCD_LCD=y CONFIG_HID_PICOLCD_LEDS=y CONFIG_HID_PRIMAX=m -CONFIG_HID_QUANTA=m CONFIG_HID_ROCCAT=m CONFIG_HID_ROCCAT_COMMON=m CONFIG_HID_ROCCAT_ARVO=m +CONFIG_HID_ROCCAT_ISKU=m CONFIG_HID_ROCCAT_KONE=m CONFIG_HID_ROCCAT_KONEPLUS=m CONFIG_HID_ROCCAT_KOVAPLUS=m @@ -4138,6 +4184,7 @@ CONFIG_HID_SONY=m CONFIG_HID_SPEEDLINK=m # CONFIG_HID_SUNPLUS is not set # CONFIG_HID_GREENASIA is not set +CONFIG_HID_HYPERV_MOUSE=m # CONFIG_HID_SMARTJOYPLUS is not set # CONFIG_HID_TOPSEED is not set # CONFIG_HID_THRUSTMASTER is not set @@ -4163,7 +4210,6 @@ CONFIG_USB_DEVICE_CLASS=y # CONFIG_USB_DYNAMIC_MINORS is not set # CONFIG_USB_OTG_WHITELIST is not set # CONFIG_USB_OTG_BLACKLIST_HUB is not set -# CONFIG_USB_DWC3 is not set CONFIG_USB_MON=m CONFIG_USB_WUSB=m CONFIG_USB_WUSB_CBAF=m @@ -4178,6 +4224,7 @@ CONFIG_USB_XHCI_HCD=m CONFIG_USB_EHCI_HCD=m # CONFIG_USB_EHCI_ROOT_HUB_TT is not set # CONFIG_USB_EHCI_TT_NEWSCHED is not set +# CONFIG_USB_EHCI_MV is not set CONFIG_USB_OXU210HP_HCD=m CONFIG_USB_ISP116X_HCD=m CONFIG_USB_ISP1760_HCD=m @@ -4400,6 +4447,8 @@ CONFIG_LEDS_INTEL_SS4200=m CONFIG_LEDS_LT3593=m CONFIG_LEDS_DELL_NETBOOKS=m # CONFIG_LEDS_MC13783 is not set +# CONFIG_LEDS_TCA6507 is not set +# CONFIG_LEDS_OT200 is not set CONFIG_LEDS_TRIGGERS=y # @@ -4435,6 +4484,7 @@ CONFIG_INFINIBAND_IPOIB=m # CONFIG_INFINIBAND_IPOIB_CM is not set # CONFIG_INFINIBAND_IPOIB_DEBUG is not set CONFIG_INFINIBAND_SRP=m +CONFIG_INFINIBAND_SRPT=m CONFIG_INFINIBAND_ISER=m # CONFIG_EDAC is not set CONFIG_RTC_LIB=y @@ -4553,6 +4603,12 @@ CONFIG_VIRTIO_RING=m CONFIG_VIRTIO_PCI=m CONFIG_VIRTIO_BALLOON=m CONFIG_VIRTIO_MMIO=m + +# +# Microsoft Hyper-V guest support +# +CONFIG_HYPERV=m +CONFIG_HYPERV_UTILS=m CONFIG_STAGING=y # CONFIG_ET131X is not set # CONFIG_SLICOSS is not set @@ -4568,12 +4624,15 @@ CONFIG_USBIP_HOST=m # CONFIG_PANEL is not set # CONFIG_R8187SE is not set # CONFIG_RTL8192U is not set +CONFIG_RTLLIB=m +CONFIG_RTLLIB_CRYPTO_CCMP=m +CONFIG_RTLLIB_CRYPTO_TKIP=m +CONFIG_RTLLIB_CRYPTO_WEP=m # CONFIG_RTL8192E is not set # CONFIG_R8712U is not set # CONFIG_RTS_PSTOR is not set # CONFIG_RTS5139 is not set # CONFIG_TRANZPORT is not set -# CONFIG_POHMELFS is not set # CONFIG_IDE_PHISON is not set # CONFIG_LINE6_USB is not set CONFIG_DRM_NOUVEAU=m @@ -4590,8 +4649,6 @@ CONFIG_DRM_I2C_SIL164=m # CONFIG_VT6655 is not set # CONFIG_VT6656 is not set CONFIG_HYPERV_STORAGE=m -CONFIG_HYPERV_NET=m -CONFIG_HYPERV_MOUSE=m # CONFIG_VME_BUS is not set # CONFIG_DX_SEP is not set # CONFIG_IIO is not set @@ -4615,9 +4672,13 @@ CONFIG_HYPERV_MOUSE=m # CONFIG_SPEAKUP is not set # CONFIG_TOUCHSCREEN_CLEARPAD_TM1217 is not set # CONFIG_TOUCHSCREEN_SYNAPTICS_I2C_RMI4 is not set -# CONFIG_DRM_PSB is not set # CONFIG_INTEL_MEI is not set # CONFIG_STAGING_MEDIA is not set + +# +# Android +# +# CONFIG_ANDROID is not set CONFIG_X86_PLATFORM_DEVICES=y CONFIG_ACER_WMI=m CONFIG_ACERHDF=m @@ -4627,6 +4688,8 @@ CONFIG_DELL_WMI=m CONFIG_DELL_WMI_AIO=m CONFIG_FUJITSU_LAPTOP=m # CONFIG_FUJITSU_LAPTOP_DEBUG is not set +# CONFIG_FUJITSU_TABLET is not set +CONFIG_AMILO_RFKILL=m # CONFIG_TC1100_WMI is not set CONFIG_HP_ACCEL=m CONFIG_HP_WMI=m @@ -4678,8 +4741,6 @@ CONFIG_INTEL_IOMMU=y # CONFIG_INTEL_IOMMU_DEFAULT_ON is not set CONFIG_INTEL_IOMMU_FLOPPY_WA=y CONFIG_VIRT_DRIVERS=y -CONFIG_HYPERV=m -CONFIG_HYPERV_UTILS=m # CONFIG_PM_DEVFREQ is not set # @@ -4693,7 +4754,6 @@ CONFIG_DCDBAS=m CONFIG_DMIID=y # CONFIG_DMI_SYSFS is not set # CONFIG_ISCSI_IBFT_FIND is not set -# CONFIG_SIGMA is not set # CONFIG_GOOGLE_FIRMWARE is not set # @@ -4746,6 +4806,7 @@ CONFIG_OCFS2_DEBUG_MASKLOG=y # CONFIG_OCFS2_DEBUG_FS is not set CONFIG_BTRFS_FS=m CONFIG_BTRFS_FS_POSIX_ACL=y +# CONFIG_BTRFS_FS_CHECK_INTEGRITY is not set CONFIG_NILFS2_FS=m CONFIG_FS_POSIX_ACL=y CONFIG_EXPORTFS=m @@ -4885,6 +4946,7 @@ CONFIG_NFSD=m CONFIG_NFSD_V3=y # CONFIG_NFSD_V3_ACL is not set CONFIG_NFSD_V4=y +# CONFIG_NFSD_FAULT_INJECTION is not set CONFIG_LOCKD=m CONFIG_LOCKD_V4=y CONFIG_NFS_COMMON=y @@ -4909,28 +4971,6 @@ CONFIG_CIFS_ACL=y CONFIG_9P_FS=m CONFIG_9P_FSCACHE=y CONFIG_9P_FS_POSIX_ACL=y - -# -# Partition Types -# -CONFIG_PARTITION_ADVANCED=y -# CONFIG_ACORN_PARTITION is not set -# CONFIG_OSF_PARTITION is not set -# CONFIG_AMIGA_PARTITION is not set -# CONFIG_ATARI_PARTITION is not set -# CONFIG_MAC_PARTITION is not set -CONFIG_MSDOS_PARTITION=y -# CONFIG_BSD_DISKLABEL is not set -# CONFIG_MINIX_SUBPARTITION is not set -# CONFIG_SOLARIS_X86_PARTITION is not set -# CONFIG_UNIXWARE_DISKLABEL is not set -# CONFIG_LDM_PARTITION is not set -# CONFIG_SGI_PARTITION is not set -# CONFIG_ULTRIX_PARTITION is not set -# CONFIG_SUN_PARTITION is not set -# CONFIG_KARMA_PARTITION is not set -CONFIG_EFI_PARTITION=y -# CONFIG_SYSV68_PARTITION is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="utf8" CONFIG_NLS_CODEPAGE_437=m @@ -5092,6 +5132,7 @@ CONFIG_DEBUG_BOOT_PARAMS=y # CONFIG_CPA_DEBUG is not set # CONFIG_OPTIMIZE_INLINING is not set # CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set +CONFIG_DEBUG_NMI_SELFTEST=y # # Security options @@ -5243,7 +5284,6 @@ CONFIG_PAX_RANDMMAP=y CONFIG_PAX_MEMORY_UDEREF=y CONFIG_PAX_REFCOUNT=y # CONFIG_PAX_USERCOPY is not set -# CONFIG_PAX_SIZE_OVERFLOW is not set CONFIG_KEYS=y CONFIG_TRUSTED_KEYS=m CONFIG_ENCRYPTED_KEYS=m @@ -5355,6 +5395,7 @@ CONFIG_CRYPTO_SALSA20=m CONFIG_CRYPTO_SALSA20_586=m CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m +CONFIG_CRYPTO_SERPENT_SSE2_586=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_TWOFISH_COMMON=m @@ -5401,6 +5442,8 @@ CONFIG_VHOST_NET=m CONFIG_RAID6_PQ=m CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y CONFIG_CRC_CCITT=m CONFIG_CRC16=m CONFIG_CRC_T10DIF=m @@ -5440,6 +5483,7 @@ CONFIG_HAS_IOPORT=y CONFIG_HAS_DMA=y CONFIG_CHECK_SIGNATURE=y CONFIG_CPU_RMAP=y +CONFIG_DQL=y CONFIG_NLATTR=y CONFIG_LRU_CACHE=m CONFIG_AVERAGE=y diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64 index 3fc1a9fc33..70fd2d1a46 100644 --- a/main/linux-grsec/kernelconfig.x86_64 +++ b/main/linux-grsec/kernelconfig.x86_64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 3.2.12 Kernel Configuration +# Linux/x86_64 3.3.0 Kernel Configuration # CONFIG_64BIT=y # CONFIG_X86_32 is not set @@ -18,11 +18,9 @@ CONFIG_LOCKDEP_SUPPORT=y CONFIG_STACKTRACE_SUPPORT=y CONFIG_HAVE_LATENCYTOP_SUPPORT=y CONFIG_MMU=y -CONFIG_ZONE_DMA=y CONFIG_NEED_DMA_MAP_STATE=y CONFIG_NEED_SG_DMA_LENGTH=y CONFIG_GENERIC_ISA_DMA=y -CONFIG_GENERIC_IOMAP=y CONFIG_GENERIC_BUG=y CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y CONFIG_GENERIC_HWEIGHT=y @@ -42,7 +40,6 @@ CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y CONFIG_ARCH_HIBERNATION_POSSIBLE=y CONFIG_ARCH_SUSPEND_POSSIBLE=y CONFIG_ZONE_DMA32=y -CONFIG_ARCH_POPULATES_NODE_MAP=y CONFIG_AUDIT_ARCH=y CONFIG_ARCH_SUPPORTS_OPTIMIZED_INLINING=y CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y @@ -189,6 +186,7 @@ CONFIG_PROFILING=y CONFIG_OPROFILE=m # CONFIG_OPROFILE_EVENT_MULTIPLEX is not set CONFIG_HAVE_OPROFILE=y +CONFIG_OPROFILE_NMI_TIMER=y CONFIG_KPROBES=y # CONFIG_JUMP_LABEL is not set CONFIG_OPTPROBES=y @@ -210,6 +208,9 @@ CONFIG_HAVE_USER_RETURN_NOTIFIER=y CONFIG_HAVE_PERF_EVENTS_NMI=y CONFIG_HAVE_ARCH_JUMP_LABEL=y CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y # # GCOV-based kernel profiling @@ -230,6 +231,28 @@ CONFIG_BLK_DEV_BSG=y CONFIG_BLK_DEV_BSGLIB=y # CONFIG_BLK_DEV_INTEGRITY is not set # CONFIG_BLK_DEV_THROTTLING is not set + +# +# Partition Types +# +CONFIG_PARTITION_ADVANCED=y +# CONFIG_ACORN_PARTITION is not set +# CONFIG_OSF_PARTITION is not set +# CONFIG_AMIGA_PARTITION is not set +# CONFIG_ATARI_PARTITION is not set +# CONFIG_MAC_PARTITION is not set +CONFIG_MSDOS_PARTITION=y +# CONFIG_BSD_DISKLABEL is not set +# CONFIG_MINIX_SUBPARTITION is not set +# CONFIG_SOLARIS_X86_PARTITION is not set +# CONFIG_UNIXWARE_DISKLABEL is not set +# CONFIG_LDM_PARTITION is not set +# CONFIG_SGI_PARTITION is not set +# CONFIG_ULTRIX_PARTITION is not set +# CONFIG_SUN_PARTITION is not set +# CONFIG_KARMA_PARTITION is not set +CONFIG_EFI_PARTITION=y +# CONFIG_SYSV68_PARTITION is not set CONFIG_BLOCK_COMPAT=y # @@ -278,6 +301,7 @@ CONFIG_FREEZER=y # # Processor type and features # +CONFIG_ZONE_DMA=y CONFIG_TICK_ONESHOT=y CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y @@ -295,7 +319,7 @@ CONFIG_XEN=y CONFIG_XEN_DOM0=y CONFIG_XEN_PRIVILEGED_GUEST=y CONFIG_XEN_PVHVM=y -CONFIG_XEN_MAX_DOMAIN_MEMORY=128 +CONFIG_XEN_MAX_DOMAIN_MEMORY=500 CONFIG_XEN_SAVE_RESTORE=y # CONFIG_XEN_DEBUG_FS is not set CONFIG_KVM_CLOCK=y @@ -313,8 +337,6 @@ CONFIG_NO_BOOTMEM=y CONFIG_GENERIC_CPU=y CONFIG_X86_INTERNODE_CACHE_SHIFT=6 CONFIG_X86_CMPXCHG=y -CONFIG_CMPXCHG_LOCAL=y -CONFIG_CMPXCHG_DOUBLE=y CONFIG_X86_L1_CACHE_SHIFT=6 CONFIG_X86_XADD=y CONFIG_X86_WP_WORKS_OK=y @@ -370,6 +392,8 @@ CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y CONFIG_SPARSEMEM_ALLOC_MEM_MAP_TOGETHER=y CONFIG_SPARSEMEM_VMEMMAP=y CONFIG_HAVE_MEMBLOCK=y +CONFIG_HAVE_MEMBLOCK_NODE_MAP=y +CONFIG_ARCH_DISCARD_MEMBLOCK=y # CONFIG_MEMORY_HOTPLUG is not set CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 @@ -559,6 +583,7 @@ CONFIG_HOTPLUG_PCI_SHPC=m # CONFIG_BINFMT_ELF=y CONFIG_COMPAT_BINFMT_ELF=y +CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE=y # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set # CONFIG_HAVE_AOUT is not set CONFIG_BINFMT_MISC=m @@ -577,6 +602,7 @@ CONFIG_COMPAT_NETLINK_MESSAGES=y # CONFIG_PACKET=m CONFIG_UNIX=y +CONFIG_UNIX_DIAG=m CONFIG_XFRM=y CONFIG_XFRM_USER=m CONFIG_XFRM_SUB_POLICY=y @@ -618,6 +644,7 @@ CONFIG_INET_XFRM_MODE_BEET=m CONFIG_INET_LRO=y CONFIG_INET_DIAG=m CONFIG_INET_TCP_DIAG=m +CONFIG_INET_UDP_DIAG=m CONFIG_TCP_CONG_ADVANCED=y CONFIG_TCP_CONG_BIC=m CONFIG_TCP_CONG_CUBIC=y @@ -670,12 +697,14 @@ CONFIG_BRIDGE_NETFILTER=y # Core Netfilter Configuration # CONFIG_NETFILTER_NETLINK=m +CONFIG_NETFILTER_NETLINK_ACCT=m CONFIG_NETFILTER_NETLINK_QUEUE=m CONFIG_NETFILTER_NETLINK_LOG=m CONFIG_NF_CONNTRACK=m CONFIG_NF_CONNTRACK_MARK=y CONFIG_NF_CONNTRACK_SECMARK=y CONFIG_NF_CONNTRACK_ZONES=y +CONFIG_NF_CONNTRACK_PROCFS=y CONFIG_NF_CONNTRACK_EVENTS=y CONFIG_NF_CONNTRACK_TIMESTAMP=y CONFIG_NF_CT_PROTO_DCCP=m @@ -742,6 +771,7 @@ CONFIG_NETFILTER_XT_MATCH_CPU=m CONFIG_NETFILTER_XT_MATCH_DCCP=m CONFIG_NETFILTER_XT_MATCH_DEVGROUP=m CONFIG_NETFILTER_XT_MATCH_DSCP=m +CONFIG_NETFILTER_XT_MATCH_ECN=m CONFIG_NETFILTER_XT_MATCH_ESP=m CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m CONFIG_NETFILTER_XT_MATCH_HELPER=m @@ -753,6 +783,7 @@ CONFIG_NETFILTER_XT_MATCH_LIMIT=m CONFIG_NETFILTER_XT_MATCH_MAC=m CONFIG_NETFILTER_XT_MATCH_MARK=m CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m +CONFIG_NETFILTER_XT_MATCH_NFACCT=m CONFIG_NETFILTER_XT_MATCH_OSF=m CONFIG_NETFILTER_XT_MATCH_OWNER=m CONFIG_NETFILTER_XT_MATCH_POLICY=m @@ -813,6 +844,11 @@ CONFIG_IP_VS_SED=m CONFIG_IP_VS_NQ=m # +# IPVS SH scheduler +# +CONFIG_IP_VS_SH_TAB_BITS=8 + +# # IPVS application helper # CONFIG_IP_VS_FTP=m @@ -829,6 +865,7 @@ CONFIG_IP_NF_QUEUE=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_MATCH_AH=m CONFIG_IP_NF_MATCH_ECN=m +CONFIG_IP_NF_MATCH_RPFILTER=m CONFIG_IP_NF_MATCH_TTL=m CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m @@ -874,6 +911,7 @@ CONFIG_IP6_NF_MATCH_OPTS=m CONFIG_IP6_NF_MATCH_HL=m CONFIG_IP6_NF_MATCH_IPV6HEADER=m CONFIG_IP6_NF_MATCH_MH=m +CONFIG_IP6_NF_MATCH_RPFILTER=m CONFIG_IP6_NF_MATCH_RT=m CONFIG_IP6_NF_TARGET_HL=m CONFIG_IP6_NF_TARGET_LOG=m @@ -1036,9 +1074,12 @@ CONFIG_NET_SCH_FIFO=y # CONFIG_DCB is not set CONFIG_DNS_RESOLVER=y # CONFIG_BATMAN_ADV is not set +CONFIG_OPENVSWITCH=m CONFIG_RPS=y CONFIG_RFS_ACCEL=y CONFIG_XPS=y +CONFIG_NETPRIO_CGROUP=m +CONFIG_BQL=y CONFIG_HAVE_BPF_JIT=y CONFIG_BPF_JIT=y @@ -1106,8 +1147,6 @@ CONFIG_VLSI_FIR=m CONFIG_VIA_FIR=m CONFIG_MCS_FIR=m CONFIG_BT=m -CONFIG_BT_L2CAP=y -CONFIG_BT_SCO=y CONFIG_BT_RFCOMM=m CONFIG_BT_RFCOMM_TTY=y CONFIG_BT_BNEP=m @@ -1207,9 +1246,11 @@ CONFIG_EXTRA_FIRMWARE="" # CONFIG_DEBUG_DRIVER is not set CONFIG_DEBUG_DEVRES=y CONFIG_SYS_HYPERVISOR=y +# CONFIG_GENERIC_CPU_DEVICES is not set CONFIG_REGMAP=y CONFIG_REGMAP_I2C=m CONFIG_REGMAP_SPI=m +# CONFIG_DMA_SHARED_BUFFER is not set CONFIG_CONNECTOR=m CONFIG_MTD=m CONFIG_MTD_TESTS=m @@ -1375,6 +1416,7 @@ CONFIG_PNPACPI=y CONFIG_BLK_DEV=y CONFIG_BLK_DEV_FD=m # CONFIG_PARIDE is not set +CONFIG_BLK_DEV_PCIESSD_MTIP32XX=m CONFIG_BLK_CPQ_DA=m CONFIG_BLK_CPQ_CISS_DA=m CONFIG_CISS_SCSI_TAPE=y @@ -1387,6 +1429,7 @@ CONFIG_BLK_DEV_CRYPTOLOOP=m CONFIG_BLK_DEV_DRBD=m # CONFIG_DRBD_FAULT_INJECTION is not set CONFIG_BLK_DEV_NBD=m +CONFIG_BLK_DEV_NVME=m CONFIG_BLK_DEV_OSD=m CONFIG_BLK_DEV_SX8=m CONFIG_BLK_DEV_UB=m @@ -1403,8 +1446,11 @@ CONFIG_XEN_BLKDEV_BACKEND=m CONFIG_VIRTIO_BLK=m # CONFIG_BLK_DEV_HD is not set # CONFIG_BLK_DEV_RBD is not set + +# +# Misc devices +# CONFIG_SENSORS_LIS3LV02D=m -CONFIG_MISC_DEVICES=y CONFIG_AD525X_DPOT=m CONFIG_AD525X_DPOT_I2C=m CONFIG_AD525X_DPOT_SPI=m @@ -1777,6 +1823,9 @@ CONFIG_MII=m CONFIG_IEEE802154_DRIVERS=m CONFIG_IEEE802154_FAKEHARD=m CONFIG_IFB=m +CONFIG_NET_TEAM=m +CONFIG_NET_TEAM_MODE_ROUNDROBIN=m +CONFIG_NET_TEAM_MODE_ACTIVEBACKUP=m CONFIG_MACVLAN=m CONFIG_MACVTAP=m CONFIG_NETCONSOLE=m @@ -1865,6 +1914,7 @@ CONFIG_TIGON3=m CONFIG_BNX2X=m CONFIG_NET_VENDOR_BROCADE=y CONFIG_BNA=m +CONFIG_NET_CALXEDA_XGMAC=m CONFIG_NET_VENDOR_CHELSIO=y CONFIG_CHELSIO_T1=m CONFIG_CHELSIO_T1_1G=y @@ -1986,6 +2036,8 @@ CONFIG_EPIC100=m CONFIG_SMSC9420=m CONFIG_NET_VENDOR_STMICRO=y CONFIG_STMMAC_ETH=m +# CONFIG_STMMAC_PLATFORM is not set +# CONFIG_STMMAC_PCI is not set # CONFIG_STMMAC_DEBUG_FS is not set # CONFIG_STMMAC_DA is not set CONFIG_STMMAC_RING=y @@ -2034,6 +2086,7 @@ CONFIG_LSI_ET1011C_PHY=m CONFIG_MICREL_PHY=m CONFIG_MDIO_BITBANG=m CONFIG_MDIO_GPIO=m +CONFIG_MICREL_KS8995MA=m CONFIG_PLIP=m CONFIG_PPP=m CONFIG_PPP_BSDCOMP=m @@ -2122,7 +2175,9 @@ CONFIG_ATH9K=m CONFIG_ATH9K_PCI=y CONFIG_ATH9K_AHB=y # CONFIG_ATH9K_DEBUGFS is not set +# CONFIG_ATH9K_DFS_CERTIFIED is not set CONFIG_ATH9K_RATE_CONTROL=y +CONFIG_ATH9K_BTCOEX_SUPPORT=y CONFIG_ATH9K_HTC=m # CONFIG_ATH9K_HTC_DEBUGFS is not set CONFIG_CARL9170=m @@ -2155,7 +2210,6 @@ CONFIG_B43LEGACY_PIO=y CONFIG_B43LEGACY_DMA_AND_PIO_MODE=y # CONFIG_B43LEGACY_DMA_MODE is not set # CONFIG_B43LEGACY_PIO_MODE is not set -# CONFIG_BRCMSMAC is not set # CONFIG_BRCMFMAC is not set CONFIG_HOSTAP=m CONFIG_HOSTAP_FIRMWARE=y @@ -2180,13 +2234,13 @@ CONFIG_IWLWIFI=m # Debugging Options # # CONFIG_IWLWIFI_DEBUG is not set -# CONFIG_IWLWIFI_DEVICE_SVTOOL is not set -CONFIG_IWLWIFI_LEGACY=m +# CONFIG_IWLWIFI_P2P is not set +CONFIG_IWLEGACY=m # # Debugging Options # -# CONFIG_IWLWIFI_LEGACY_DEBUG is not set +# CONFIG_IWLEGACY_DEBUG is not set CONFIG_IWL4965=m CONFIG_IWL3945=m CONFIG_IWM=m @@ -2249,7 +2303,6 @@ CONFIG_WL12XX_MENU=m CONFIG_WL12XX=m CONFIG_WL12XX_SPI=m CONFIG_WL12XX_SDIO=m -CONFIG_WL12XX_SDIO_TEST=m CONFIG_WL12XX_PLATFORM_DATA=y CONFIG_ZD1211RW=m # CONFIG_ZD1211RW_DEBUG is not set @@ -2294,6 +2347,7 @@ CONFIG_SBNI_MULTILINE=y CONFIG_XEN_NETDEV_FRONTEND=y CONFIG_XEN_NETDEV_BACKEND=m CONFIG_VMXNET3=m +CONFIG_HYPERV_NET=m CONFIG_ISDN=y # CONFIG_ISDN_I4L is not set CONFIG_ISDN_CAPI=m @@ -2374,20 +2428,21 @@ CONFIG_INPUT_KEYBOARD=y CONFIG_KEYBOARD_ATKBD=y # CONFIG_KEYBOARD_QT1070 is not set # CONFIG_KEYBOARD_QT2160 is not set -CONFIG_KEYBOARD_LKKBD=m -CONFIG_KEYBOARD_GPIO=m -CONFIG_KEYBOARD_GPIO_POLLED=m -CONFIG_KEYBOARD_TCA6416=m -CONFIG_KEYBOARD_MATRIX=m -CONFIG_KEYBOARD_LM8323=m +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_GPIO is not set +# CONFIG_KEYBOARD_GPIO_POLLED is not set +# CONFIG_KEYBOARD_TCA6416 is not set +# CONFIG_KEYBOARD_TCA8418 is not set +# CONFIG_KEYBOARD_MATRIX is not set +# CONFIG_KEYBOARD_LM8323 is not set # CONFIG_KEYBOARD_MAX7359 is not set -CONFIG_KEYBOARD_MCS=m +# CONFIG_KEYBOARD_MCS is not set # CONFIG_KEYBOARD_MPR121 is not set -CONFIG_KEYBOARD_NEWTON=m +# CONFIG_KEYBOARD_NEWTON is not set # CONFIG_KEYBOARD_OPENCORES is not set -CONFIG_KEYBOARD_STOWAWAY=m -CONFIG_KEYBOARD_SUNKBD=m -CONFIG_KEYBOARD_XTKBD=m +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_XTKBD is not set CONFIG_INPUT_MOUSE=y CONFIG_MOUSE_PS2=m CONFIG_MOUSE_PS2_ALPS=y @@ -2413,11 +2468,13 @@ CONFIG_TOUCHSCREEN_AD7879=m CONFIG_TOUCHSCREEN_AD7879_I2C=m CONFIG_TOUCHSCREEN_AD7879_SPI=m CONFIG_TOUCHSCREEN_ATMEL_MXT=m +# CONFIG_TOUCHSCREEN_AUO_PIXCIR is not set CONFIG_TOUCHSCREEN_BU21013=m CONFIG_TOUCHSCREEN_CY8CTMG110=m CONFIG_TOUCHSCREEN_DYNAPRO=m CONFIG_TOUCHSCREEN_HAMPSHIRE=m CONFIG_TOUCHSCREEN_EETI=m +CONFIG_TOUCHSCREEN_EGALAX=m CONFIG_TOUCHSCREEN_FUJITSU=m CONFIG_TOUCHSCREEN_GUNZE=m CONFIG_TOUCHSCREEN_ELO=m @@ -2431,6 +2488,7 @@ CONFIG_TOUCHSCREEN_PENMOUNT=m CONFIG_TOUCHSCREEN_TOUCHRIGHT=m CONFIG_TOUCHSCREEN_TOUCHWIN=m CONFIG_TOUCHSCREEN_UCB1400=m +CONFIG_TOUCHSCREEN_PIXCIR=m CONFIG_TOUCHSCREEN_WM97XX=m CONFIG_TOUCHSCREEN_WM9705=y CONFIG_TOUCHSCREEN_WM9712=y @@ -2449,6 +2507,7 @@ CONFIG_TOUCHSCREEN_USB_IDEALTEK=y CONFIG_TOUCHSCREEN_USB_GENERAL_TOUCH=y CONFIG_TOUCHSCREEN_USB_GOTOP=y CONFIG_TOUCHSCREEN_USB_JASTEC=y +CONFIG_TOUCHSCREEN_USB_ELO=y CONFIG_TOUCHSCREEN_USB_E2I=y CONFIG_TOUCHSCREEN_USB_ZYTRONIC=y CONFIG_TOUCHSCREEN_USB_ETT_TC45USB=y @@ -2469,6 +2528,8 @@ CONFIG_INPUT_PCSPKR=m CONFIG_INPUT_MMA8450=m CONFIG_INPUT_MPU3050=m CONFIG_INPUT_APANEL=m +# CONFIG_INPUT_GP2A is not set +# CONFIG_INPUT_GPIO_TILT_POLLED is not set CONFIG_INPUT_ATLAS_BTNS=m CONFIG_INPUT_ATI_REMOTE2=m CONFIG_INPUT_KEYSPAN_REMOTE=m @@ -2784,13 +2845,14 @@ CONFIG_POWER_SUPPLY=m # CONFIG_TEST_POWER is not set # CONFIG_BATTERY_DS2780 is not set # CONFIG_BATTERY_DS2782 is not set -# CONFIG_BATTERY_BQ20Z75 is not set +# CONFIG_BATTERY_SBS is not set # CONFIG_BATTERY_BQ27x00 is not set # CONFIG_BATTERY_MAX17040 is not set # CONFIG_BATTERY_MAX17042 is not set # CONFIG_CHARGER_PCF50633 is not set # CONFIG_CHARGER_ISP1704 is not set # CONFIG_CHARGER_MAX8903 is not set +# CONFIG_CHARGER_LP8727 is not set # CONFIG_CHARGER_GPIO is not set CONFIG_HWMON=m CONFIG_HWMON_VID=m @@ -2959,6 +3021,7 @@ CONFIG_SBC8360_WDT=m CONFIG_CPU5_WDT=m CONFIG_SMSC_SCH311X_WDT=m CONFIG_SMSC37B787_WDT=m +CONFIG_VIA_WDT=m CONFIG_W83627HF_WDT=m CONFIG_W83697HF_WDT=m CONFIG_W83697UG_WDT=m @@ -3016,7 +3079,9 @@ CONFIG_UCB1400_CORE=m CONFIG_TPS65010=m CONFIG_TPS6507X=m # CONFIG_MFD_TPS65912_SPI is not set +# CONFIG_MFD_STMPE is not set # CONFIG_MFD_TMIO is not set +# CONFIG_MFD_DA9052_SPI is not set CONFIG_MFD_WM8400=m # CONFIG_MFD_WM831X_SPI is not set CONFIG_MFD_PCF50633=m @@ -3062,6 +3127,7 @@ CONFIG_IR_RC6_DECODER=m CONFIG_IR_JVC_DECODER=m CONFIG_IR_SONY_DECODER=m CONFIG_IR_RC5_SZ_DECODER=m +CONFIG_IR_SANYO_DECODER=m CONFIG_IR_MCE_KBD_DECODER=m CONFIG_IR_LIRC_CODEC=m CONFIG_RC_ATI_REMOTE=m @@ -3103,7 +3169,6 @@ CONFIG_VIDEO_V4L2=m CONFIG_VIDEOBUF_GEN=m CONFIG_VIDEOBUF_DMA_SG=m CONFIG_VIDEOBUF_VMALLOC=m -CONFIG_VIDEOBUF_DMA_CONTIG=m CONFIG_VIDEOBUF_DVB=m CONFIG_VIDEO_BTCX=m CONFIG_VIDEO_TVEEPROM=m @@ -3111,7 +3176,6 @@ CONFIG_VIDEO_TUNER=m CONFIG_V4L2_MEM2MEM_DEV=m CONFIG_VIDEOBUF2_CORE=m CONFIG_VIDEOBUF2_MEMOPS=m -CONFIG_VIDEOBUF2_DMA_CONTIG=m CONFIG_VIDEOBUF2_VMALLOC=m CONFIG_VIDEO_CAPTURE_DRIVERS=y # CONFIG_VIDEO_ADV_DEBUG is not set @@ -3199,6 +3263,7 @@ CONFIG_VIDEO_S5K6AA=m # Flash devices # # CONFIG_VIDEO_ADP1653 is not set +# CONFIG_VIDEO_AS3645A is not set # # Video improvement chips @@ -3212,61 +3277,6 @@ CONFIG_VIDEO_UPD64083=m CONFIG_VIDEO_THS7303=m CONFIG_VIDEO_M52790=m # CONFIG_VIDEO_VIVI is not set -CONFIG_VIDEO_BT848=m -CONFIG_VIDEO_BT848_DVB=y -CONFIG_VIDEO_BWQCAM=m -CONFIG_VIDEO_CQCAM=m -# CONFIG_VIDEO_CPIA2 is not set -CONFIG_VIDEO_ZORAN=m -CONFIG_VIDEO_ZORAN_DC30=m -CONFIG_VIDEO_ZORAN_ZR36060=m -CONFIG_VIDEO_ZORAN_BUZ=m -CONFIG_VIDEO_ZORAN_DC10=m -CONFIG_VIDEO_ZORAN_LML33=m -CONFIG_VIDEO_ZORAN_LML33R10=m -CONFIG_VIDEO_ZORAN_AVS6EYES=m -CONFIG_VIDEO_MEYE=m -CONFIG_VIDEO_SAA7134=m -CONFIG_VIDEO_SAA7134_ALSA=m -CONFIG_VIDEO_SAA7134_RC=y -CONFIG_VIDEO_SAA7134_DVB=m -CONFIG_VIDEO_MXB=m -CONFIG_VIDEO_HEXIUM_ORION=m -CONFIG_VIDEO_HEXIUM_GEMINI=m -CONFIG_VIDEO_TIMBERDALE=m -CONFIG_VIDEO_CX88=m -CONFIG_VIDEO_CX88_ALSA=m -CONFIG_VIDEO_CX88_BLACKBIRD=m -CONFIG_VIDEO_CX88_DVB=m -CONFIG_VIDEO_CX88_MPEG=m -CONFIG_VIDEO_CX88_VP3054=m -CONFIG_VIDEO_CX23885=m -# CONFIG_MEDIA_ALTERA_CI is not set -# CONFIG_VIDEO_CX25821 is not set -CONFIG_VIDEO_AU0828=m -CONFIG_VIDEO_IVTV=m -CONFIG_VIDEO_FB_IVTV=m -CONFIG_VIDEO_CX18=m -CONFIG_VIDEO_CX18_ALSA=m -CONFIG_VIDEO_SAA7164=m -CONFIG_VIDEO_CAFE_CCIC=m -# CONFIG_VIDEO_VIA_CAMERA is not set -CONFIG_SOC_CAMERA=m -# CONFIG_SOC_CAMERA_IMX074 is not set -CONFIG_SOC_CAMERA_MT9M001=m -CONFIG_SOC_CAMERA_MT9M111=m -CONFIG_SOC_CAMERA_MT9T031=m -CONFIG_SOC_CAMERA_MT9T112=m -CONFIG_SOC_CAMERA_MT9V022=m -CONFIG_SOC_CAMERA_RJ54N1=m -CONFIG_SOC_CAMERA_TW9910=m -CONFIG_SOC_CAMERA_PLATFORM=m -CONFIG_SOC_CAMERA_OV2640=m -# CONFIG_SOC_CAMERA_OV5642 is not set -# CONFIG_SOC_CAMERA_OV6650 is not set -CONFIG_SOC_CAMERA_OV772X=m -CONFIG_SOC_CAMERA_OV9640=m -CONFIG_SOC_CAMERA_OV9740=m CONFIG_V4L_USB_DRIVERS=y CONFIG_USB_VIDEO_CLASS=m CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y @@ -3280,6 +3290,7 @@ CONFIG_USB_GSPCA_CPIA1=m CONFIG_USB_GSPCA_ETOMS=m CONFIG_USB_GSPCA_FINEPIX=m CONFIG_USB_GSPCA_JEILINJ=m +CONFIG_USB_GSPCA_JL2005BCD=m CONFIG_USB_GSPCA_KINECT=m # CONFIG_USB_GSPCA_KONICA is not set CONFIG_USB_GSPCA_MARS=m @@ -3335,18 +3346,55 @@ CONFIG_VIDEO_USBVISION=m CONFIG_USB_ET61X251=m CONFIG_USB_SN9C102=m # CONFIG_USB_PWC is not set +# CONFIG_VIDEO_CPIA2 is not set CONFIG_USB_ZR364XX=m CONFIG_USB_STKWEBCAM=m CONFIG_USB_S2255=m +CONFIG_V4L_PCI_DRIVERS=y +CONFIG_VIDEO_AU0828=m +CONFIG_VIDEO_BT848=m +CONFIG_VIDEO_BT848_DVB=y +CONFIG_VIDEO_CX18=m +CONFIG_VIDEO_CX18_ALSA=m +CONFIG_VIDEO_CX23885=m +# CONFIG_MEDIA_ALTERA_CI is not set +# CONFIG_VIDEO_CX25821 is not set +CONFIG_VIDEO_CX88=m +CONFIG_VIDEO_CX88_ALSA=m +CONFIG_VIDEO_CX88_BLACKBIRD=m +CONFIG_VIDEO_CX88_DVB=m +CONFIG_VIDEO_CX88_VP3054=m +CONFIG_VIDEO_CX88_MPEG=m +CONFIG_VIDEO_HEXIUM_GEMINI=m +CONFIG_VIDEO_HEXIUM_ORION=m +CONFIG_VIDEO_IVTV=m +CONFIG_VIDEO_FB_IVTV=m +CONFIG_VIDEO_MEYE=m +CONFIG_VIDEO_MXB=m +CONFIG_VIDEO_SAA7134=m +CONFIG_VIDEO_SAA7134_ALSA=m +CONFIG_VIDEO_SAA7134_RC=y +CONFIG_VIDEO_SAA7134_DVB=m +CONFIG_VIDEO_SAA7164=m +CONFIG_VIDEO_ZORAN=m +CONFIG_VIDEO_ZORAN_DC30=m +CONFIG_VIDEO_ZORAN_ZR36060=m +CONFIG_VIDEO_ZORAN_BUZ=m +CONFIG_VIDEO_ZORAN_DC10=m +CONFIG_VIDEO_ZORAN_LML33=m +CONFIG_VIDEO_ZORAN_LML33R10=m +CONFIG_VIDEO_ZORAN_AVS6EYES=m +# CONFIG_V4L_ISA_PARPORT_DRIVERS is not set +# CONFIG_V4L_PLATFORM_DRIVERS is not set CONFIG_V4L_MEM2MEM_DRIVERS=y CONFIG_VIDEO_MEM2MEM_TESTDEV=m CONFIG_RADIO_ADAPTERS=y +# CONFIG_RADIO_SI470X is not set +CONFIG_USB_MR800=m +CONFIG_USB_DSBR=m CONFIG_RADIO_MAXIRADIO=m # CONFIG_I2C_SI4713 is not set # CONFIG_RADIO_SI4713 is not set -CONFIG_USB_DSBR=m -# CONFIG_RADIO_SI470X is not set -CONFIG_USB_MR800=m CONFIG_RADIO_TEA5764=m CONFIG_RADIO_SAA7706H=m CONFIG_RADIO_TEF6862=m @@ -3622,6 +3670,9 @@ CONFIG_DRM_SIS=m CONFIG_DRM_VIA=m CONFIG_DRM_SAVAGE=m CONFIG_DRM_VMWGFX=m +CONFIG_DRM_GMA500=m +CONFIG_DRM_GMA600=y +CONFIG_DRM_GMA3600=y # CONFIG_STUB_POULSBO is not set CONFIG_VGASTATE=m CONFIG_VIDEO_OUTPUT_CONTROL=m @@ -3754,15 +3805,6 @@ CONFIG_BACKLIGHT_ADP8860=m CONFIG_BACKLIGHT_PCF50633=m # -# Display device support -# -CONFIG_DISPLAY_SUPPORT=m - -# -# Display hardware drivers -# - -# # Console display driver support # CONFIG_VGA_CONSOLE=y @@ -3799,6 +3841,7 @@ CONFIG_SND_DYNAMIC_MINORS=y # CONFIG_SND_VERBOSE_PRINTK is not set # CONFIG_SND_DEBUG is not set CONFIG_SND_VMASTER=y +CONFIG_SND_KCTL_JACK=y CONFIG_SND_DMA_SGBUF=y CONFIG_SND_RAWMIDI_SEQ=m CONFIG_SND_OPL3_LIB_SEQ=m @@ -3937,7 +3980,6 @@ CONFIG_SND_PCMCIA=y CONFIG_SND_VXPOCKET=m CONFIG_SND_PDAUDIOCF=m CONFIG_SND_SOC=m -# CONFIG_SND_SOC_CACHE_LZO is not set CONFIG_SND_SOC_I2C_AND_SPI=m CONFIG_SND_SOC_ALL_CODECS=m CONFIG_SND_SOC_WM_HUBS=m @@ -3953,7 +3995,9 @@ CONFIG_SND_SOC_AK4641=m CONFIG_SND_SOC_AK4642=m CONFIG_SND_SOC_AK4671=m CONFIG_SND_SOC_ALC5623=m +CONFIG_SND_SOC_ALC5632=m CONFIG_SND_SOC_CS42L51=m +CONFIG_SND_SOC_CS42L73=m CONFIG_SND_SOC_CS4270=m CONFIG_SND_SOC_CS4271=m CONFIG_SND_SOC_CX20442=m @@ -3979,6 +4023,7 @@ CONFIG_SND_SOC_UDA134X=m CONFIG_SND_SOC_UDA1380=m CONFIG_SND_SOC_WL1273=m CONFIG_SND_SOC_WM1250_EV1=m +CONFIG_SND_SOC_WM2000=m CONFIG_SND_SOC_WM5100=m CONFIG_SND_SOC_WM8400=m CONFIG_SND_SOC_WM8510=m @@ -4016,15 +4061,15 @@ CONFIG_SND_SOC_WM8993=m CONFIG_SND_SOC_WM8995=m CONFIG_SND_SOC_WM8996=m CONFIG_SND_SOC_WM9081=m +CONFIG_SND_SOC_WM9090=m CONFIG_SND_SOC_LM4857=m CONFIG_SND_SOC_MAX9877=m CONFIG_SND_SOC_TPA6130A2=m -CONFIG_SND_SOC_WM2000=m -CONFIG_SND_SOC_WM9090=m # CONFIG_SOUND_PRIME is not set CONFIG_AC97_BUS=m CONFIG_HID_SUPPORT=y CONFIG_HID=m +CONFIG_HID_BATTERY_STRENGTH=y CONFIG_HIDRAW=y # @@ -4045,7 +4090,7 @@ CONFIG_USB_MOUSE=m # # CONFIG_HID_A4TECH is not set # CONFIG_HID_ACRUX is not set -CONFIG_HID_APPLE=m +CONFIG_HID_APPLE=m # CONFIG_HID_BELKIN is not set # CONFIG_HID_CHERRY is not set # CONFIG_HID_CHICONY is not set @@ -4079,10 +4124,10 @@ CONFIG_HID_PICOLCD_BACKLIGHT=y CONFIG_HID_PICOLCD_LCD=y CONFIG_HID_PICOLCD_LEDS=y CONFIG_HID_PRIMAX=m -CONFIG_HID_QUANTA=m CONFIG_HID_ROCCAT=m CONFIG_HID_ROCCAT_COMMON=m CONFIG_HID_ROCCAT_ARVO=m +CONFIG_HID_ROCCAT_ISKU=m CONFIG_HID_ROCCAT_KONE=m CONFIG_HID_ROCCAT_KONEPLUS=m CONFIG_HID_ROCCAT_KOVAPLUS=m @@ -4092,6 +4137,7 @@ CONFIG_HID_SONY=m CONFIG_HID_SPEEDLINK=m # CONFIG_HID_SUNPLUS is not set # CONFIG_HID_GREENASIA is not set +CONFIG_HID_HYPERV_MOUSE=m # CONFIG_HID_SMARTJOYPLUS is not set # CONFIG_HID_TOPSEED is not set # CONFIG_HID_THRUSTMASTER is not set @@ -4117,7 +4163,6 @@ CONFIG_USB_DEVICE_CLASS=y # CONFIG_USB_DYNAMIC_MINORS is not set # CONFIG_USB_OTG_WHITELIST is not set # CONFIG_USB_OTG_BLACKLIST_HUB is not set -# CONFIG_USB_DWC3 is not set CONFIG_USB_MON=m CONFIG_USB_WUSB=m CONFIG_USB_WUSB_CBAF=m @@ -4132,6 +4177,7 @@ CONFIG_USB_XHCI_HCD=m CONFIG_USB_EHCI_HCD=m # CONFIG_USB_EHCI_ROOT_HUB_TT is not set # CONFIG_USB_EHCI_TT_NEWSCHED is not set +# CONFIG_USB_EHCI_MV is not set CONFIG_USB_OXU210HP_HCD=m CONFIG_USB_ISP116X_HCD=m CONFIG_USB_ISP1760_HCD=m @@ -4355,6 +4401,8 @@ CONFIG_LEDS_INTEL_SS4200=m CONFIG_LEDS_LT3593=m CONFIG_LEDS_DELL_NETBOOKS=m # CONFIG_LEDS_MC13783 is not set +# CONFIG_LEDS_TCA6507 is not set +# CONFIG_LEDS_OT200 is not set CONFIG_LEDS_TRIGGERS=y # @@ -4392,6 +4440,7 @@ CONFIG_INFINIBAND_IPOIB=m # CONFIG_INFINIBAND_IPOIB_CM is not set # CONFIG_INFINIBAND_IPOIB_DEBUG is not set CONFIG_INFINIBAND_SRP=m +CONFIG_INFINIBAND_SRPT=m CONFIG_INFINIBAND_ISER=m # CONFIG_EDAC is not set CONFIG_RTC_LIB=y @@ -4512,6 +4561,12 @@ CONFIG_VIRTIO_BALLOON=m CONFIG_VIRTIO_MMIO=m # +# Microsoft Hyper-V guest support +# +CONFIG_HYPERV=m +CONFIG_HYPERV_UTILS=m + +# # Xen driver support # CONFIG_XEN_BALLOON=y @@ -4526,6 +4581,7 @@ CONFIG_XEN_GNTDEV=m CONFIG_XEN_GRANT_DEV_ALLOC=m CONFIG_SWIOTLB_XEN=y CONFIG_XEN_PCIDEV_BACKEND=m +CONFIG_XEN_PRIVCMD=m CONFIG_STAGING=y # CONFIG_ET131X is not set # CONFIG_SLICOSS is not set @@ -4541,12 +4597,15 @@ CONFIG_USBIP_HOST=m # CONFIG_PANEL is not set # CONFIG_R8187SE is not set # CONFIG_RTL8192U is not set +CONFIG_RTLLIB=m +CONFIG_RTLLIB_CRYPTO_CCMP=m +CONFIG_RTLLIB_CRYPTO_TKIP=m +CONFIG_RTLLIB_CRYPTO_WEP=m # CONFIG_RTL8192E is not set # CONFIG_R8712U is not set # CONFIG_RTS_PSTOR is not set # CONFIG_RTS5139 is not set # CONFIG_TRANZPORT is not set -# CONFIG_POHMELFS is not set # CONFIG_IDE_PHISON is not set # CONFIG_LINE6_USB is not set CONFIG_DRM_NOUVEAU=m @@ -4563,8 +4622,6 @@ CONFIG_DRM_I2C_SIL164=m # CONFIG_VT6655 is not set # CONFIG_VT6656 is not set CONFIG_HYPERV_STORAGE=m -CONFIG_HYPERV_NET=m -CONFIG_HYPERV_MOUSE=m # CONFIG_VME_BUS is not set # CONFIG_DX_SEP is not set # CONFIG_IIO is not set @@ -4588,9 +4645,13 @@ CONFIG_HYPERV_MOUSE=m # CONFIG_SPEAKUP is not set # CONFIG_TOUCHSCREEN_CLEARPAD_TM1217 is not set # CONFIG_TOUCHSCREEN_SYNAPTICS_I2C_RMI4 is not set -# CONFIG_DRM_PSB is not set # CONFIG_INTEL_MEI is not set # CONFIG_STAGING_MEDIA is not set + +# +# Android +# +# CONFIG_ANDROID is not set CONFIG_X86_PLATFORM_DEVICES=y CONFIG_ACER_WMI=m CONFIG_ACERHDF=m @@ -4600,6 +4661,8 @@ CONFIG_DELL_WMI=m CONFIG_DELL_WMI_AIO=m CONFIG_FUJITSU_LAPTOP=m # CONFIG_FUJITSU_LAPTOP_DEBUG is not set +# CONFIG_FUJITSU_TABLET is not set +CONFIG_AMILO_RFKILL=m CONFIG_HP_ACCEL=m CONFIG_HP_WMI=m CONFIG_MSI_LAPTOP=m @@ -4646,14 +4709,13 @@ CONFIG_IOMMU_API=y CONFIG_IOMMU_SUPPORT=y CONFIG_AMD_IOMMU=y CONFIG_AMD_IOMMU_STATS=y +CONFIG_AMD_IOMMU_V2=m CONFIG_DMAR_TABLE=y CONFIG_INTEL_IOMMU=y # CONFIG_INTEL_IOMMU_DEFAULT_ON is not set CONFIG_INTEL_IOMMU_FLOPPY_WA=y CONFIG_IRQ_REMAP=y CONFIG_VIRT_DRIVERS=y -CONFIG_HYPERV=m -CONFIG_HYPERV_UTILS=m # CONFIG_PM_DEVFREQ is not set # @@ -4667,7 +4729,6 @@ CONFIG_DCDBAS=m CONFIG_DMIID=y # CONFIG_DMI_SYSFS is not set # CONFIG_ISCSI_IBFT_FIND is not set -# CONFIG_SIGMA is not set # CONFIG_GOOGLE_FIRMWARE is not set # @@ -4720,6 +4781,7 @@ CONFIG_OCFS2_DEBUG_MASKLOG=y # CONFIG_OCFS2_DEBUG_FS is not set CONFIG_BTRFS_FS=m CONFIG_BTRFS_FS_POSIX_ACL=y +# CONFIG_BTRFS_FS_CHECK_INTEGRITY is not set CONFIG_NILFS2_FS=m CONFIG_FS_POSIX_ACL=y CONFIG_EXPORTFS=m @@ -4860,6 +4922,7 @@ CONFIG_NFSD=m CONFIG_NFSD_V3=y # CONFIG_NFSD_V3_ACL is not set CONFIG_NFSD_V4=y +# CONFIG_NFSD_FAULT_INJECTION is not set CONFIG_LOCKD=m CONFIG_LOCKD_V4=y CONFIG_NFS_COMMON=y @@ -4884,28 +4947,6 @@ CONFIG_CIFS_ACL=y CONFIG_9P_FS=m CONFIG_9P_FSCACHE=y CONFIG_9P_FS_POSIX_ACL=y - -# -# Partition Types -# -CONFIG_PARTITION_ADVANCED=y -# CONFIG_ACORN_PARTITION is not set -# CONFIG_OSF_PARTITION is not set -# CONFIG_AMIGA_PARTITION is not set -# CONFIG_ATARI_PARTITION is not set -# CONFIG_MAC_PARTITION is not set -CONFIG_MSDOS_PARTITION=y -# CONFIG_BSD_DISKLABEL is not set -# CONFIG_MINIX_SUBPARTITION is not set -# CONFIG_SOLARIS_X86_PARTITION is not set -# CONFIG_UNIXWARE_DISKLABEL is not set -# CONFIG_LDM_PARTITION is not set -# CONFIG_SGI_PARTITION is not set -# CONFIG_ULTRIX_PARTITION is not set -# CONFIG_SUN_PARTITION is not set -# CONFIG_KARMA_PARTITION is not set -CONFIG_EFI_PARTITION=y -# CONFIG_SYSV68_PARTITION is not set CONFIG_NLS=y CONFIG_NLS_DEFAULT="utf8" CONFIG_NLS_CODEPAGE_437=m @@ -5066,6 +5107,7 @@ CONFIG_DEBUG_BOOT_PARAMS=y # CONFIG_CPA_DEBUG is not set # CONFIG_OPTIMIZE_INLINING is not set # CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set +CONFIG_DEBUG_NMI_SELFTEST=y # # Security options @@ -5214,7 +5256,6 @@ CONFIG_PAX_RANDMMAP=y # CONFIG_PAX_MEMORY_STACKLEAK is not set CONFIG_PAX_REFCOUNT=y # CONFIG_PAX_USERCOPY is not set -# CONFIG_PAX_SIZE_OVERFLOW is not set CONFIG_KEYS=y CONFIG_TRUSTED_KEYS=m CONFIG_ENCRYPTED_KEYS=m @@ -5329,6 +5370,7 @@ CONFIG_CRYPTO_SALSA20=m CONFIG_CRYPTO_SALSA20_X86_64=m CONFIG_CRYPTO_SEED=m CONFIG_CRYPTO_SERPENT=m +CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m CONFIG_CRYPTO_TEA=m CONFIG_CRYPTO_TWOFISH=m CONFIG_CRYPTO_TWOFISH_COMMON=m @@ -5372,6 +5414,8 @@ CONFIG_VHOST_NET=m CONFIG_RAID6_PQ=m CONFIG_BITREVERSE=y CONFIG_GENERIC_FIND_FIRST_BIT=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y CONFIG_CRC_CCITT=m CONFIG_CRC16=m CONFIG_CRC_T10DIF=m @@ -5411,6 +5455,7 @@ CONFIG_HAS_IOPORT=y CONFIG_HAS_DMA=y CONFIG_CHECK_SIGNATURE=y CONFIG_CPU_RMAP=y +CONFIG_DQL=y CONFIG_NLATTR=y CONFIG_LRU_CACHE=m CONFIG_AVERAGE=y diff --git a/main/open-vm-tools-grsec/APKBUILD b/main/open-vm-tools-grsec/APKBUILD index 3eb3f01039..ad136a3c92 100644 --- a/main/open-vm-tools-grsec/APKBUILD +++ b/main/open-vm-tools-grsec/APKBUILD @@ -2,11 +2,11 @@ _flavor=grsec _realname=open-vm-tools -_kver=3.2.12 +_kver=3.3.0 _kpkgrel=0 -_realver=2011.12.20 -_realsubver=562307 +_realver=2012.03.13 +_realsubver=651368 _mypkgrel=0 # source open-vm-tools version @@ -41,6 +41,7 @@ makedepends="glib-dev gettext-dev linux-${_flavor}-dev=${_kernelver}" source="http://downloads.sourceforge.net/open-vm-tools/open-vm-tools-$_realver-$_realsubver.tar.gz vmware-modules.initd " +# constify.patch install_if="linux-${_flavor}=${_kernelver} open-vm-tools" _builddir="$srcdir/$_realname-$_realver-$_realsubver" @@ -79,5 +80,5 @@ package() { done } -md5sums="529c15cb6cfa2972a96664c504dee560 open-vm-tools-2011.12.20-562307.tar.gz +md5sums="a664206443d5de53f5f8ee8d5fe6c2d7 open-vm-tools-2012.03.13-651368.tar.gz afba2c3487d0b12cee80eb2f04b05ba1 vmware-modules.initd" diff --git a/main/open-vm-tools-vserver/APKBUILD b/main/open-vm-tools-vserver/APKBUILD index 3d513fea60..4c8c8b8ae6 100644 --- a/main/open-vm-tools-vserver/APKBUILD +++ b/main/open-vm-tools-vserver/APKBUILD @@ -6,11 +6,10 @@ _name=$_realname-$_flavor _kver=3.2.11 _kpkgrel=0 _myvsver=vs2.3.2.8 -_mypkgrel=0 - -_realver=2011.12.20 -_realsubver=562307 +_mypkgrel=1 +_realver=2012.03.13 +_realsubver=651368 # source open-vm-tools version if [ -f ../$_realname/APKBUILD ]; then @@ -78,5 +77,5 @@ package() { done } -md5sums="529c15cb6cfa2972a96664c504dee560 open-vm-tools-2011.12.20-562307.tar.gz +md5sums="a664206443d5de53f5f8ee8d5fe6c2d7 open-vm-tools-2012.03.13-651368.tar.gz afba2c3487d0b12cee80eb2f04b05ba1 vmware-modules.initd" diff --git a/main/open-vm-tools/APKBUILD b/main/open-vm-tools/APKBUILD index 1cf921004c..cea16dd72e 100644 --- a/main/open-vm-tools/APKBUILD +++ b/main/open-vm-tools/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=open-vm-tools -pkgver=2011.12.20 -_pkgsubver=562307 +pkgver=2012.03.13 +_pkgsubver=651368 pkgrel=0 pkgdesc="The Open Virtual Machine Tools are the open source implementation of VMware Tools." url="http://open-vm-tools.sourceforge.net/" @@ -81,7 +81,7 @@ gtk() { "$subpkgdir"/usr/lib/open-vm-tools/plugins/ } -md5sums="529c15cb6cfa2972a96664c504dee560 open-vm-tools-2011.12.20-562307.tar.gz +md5sums="a664206443d5de53f5f8ee8d5fe6c2d7 open-vm-tools-2012.03.13-651368.tar.gz 82840b6bed002284b9bd2358707ee826 codeset-uclibc.patch 89c7449323ddac4666b73a8467baf95a iconv-uclibc.patch 30a4161baf6274ac9cceb879460cd894 uclibc-stubs.patch diff --git a/main/xtables-addons-grsec/APKBUILD b/main/xtables-addons-grsec/APKBUILD index df4b4759c3..5409352e3b 100644 --- a/main/xtables-addons-grsec/APKBUILD +++ b/main/xtables-addons-grsec/APKBUILD @@ -3,7 +3,7 @@ _flavor=${FLAVOR:-grsec} _realname=xtables-addons _name=$_realname-$_flavor -_kver=3.2.12 +_kver=3.3.0 _kpkgrel=0 # source the kernel version diff --git a/testing/libee/APKBUILD b/testing/libee/APKBUILD new file mode 100644 index 0000000000..06588b9a31 --- /dev/null +++ b/testing/libee/APKBUILD @@ -0,0 +1,32 @@ +# Contributor: Uros Kolar <host.uros@gmail.com> +# Maintainer: Cameron Banta <cbanta@gmail.com> +pkgname=libee +pkgver=0.4.0 +pkgrel=1 +pkgdesc="event Expression Library inspired by CEE" +url="http://www.libee.org" +arch="all" +license="LGPL2.1" +makedepends="libestr-dev" +subpackages="$pkgname-dev" +source="http://www.libee.org/download/files/download/$pkgname-$pkgver.tar.gz" + +_builddir="$srcdir/$pkgname-$pkgver" +prepare() { + cd "$_builddir" + ./configure --prefix=/usr || return 1 +} + +build() { + cd "$_builddir" + #make fails on parallel builds + make -j1 || return 1 +} + +package() { + cd "$_builddir" + make DESTDIR="$pkgdir" install || return 1 + rm -rf "$pkgdir"/usr/lib/libee.la +} + +md5sums="257a23d5cc8f211fb99464a462bc92cd libee-0.4.0.tar.gz" diff --git a/testing/libestr/APKBUILD b/testing/libestr/APKBUILD new file mode 100644 index 0000000000..3ce89068dd --- /dev/null +++ b/testing/libestr/APKBUILD @@ -0,0 +1,30 @@ +# Contributor: Uros +# Maintainer: Cameron Banta <cbanta@gmail.com> +pkgname=libestr +pkgver=0.1.2 +pkgrel=1 +pkgdesc="essentials for string handling (and a bit more)" +url="http://libestr.adiscon.com" +arch="all" +license="LGPL2.1" +subpackages="$pkgname-dev" +source="http://libestr.adiscon.com/files/download/$pkgname-$pkgver.tar.gz" + +_builddir="$srcdir"/$pkgname-$pkgver +prepare() { + cd "$_builddir" + ./configure --prefix=/usr || return 1 +} + +build() { + cd "$_builddir" + make || return 1 +} + +package() { + cd "$_builddir" + make DESTDIR="$pkgdir" install || return 1 + rm -rf "$pkgdir"/usr/lib/libestr.la +} + +md5sums="30ec4054155dc7d7e9b06418181c4f12 libestr-0.1.2.tar.gz" diff --git a/testing/openswan-grsec/APKBUILD b/testing/openswan-grsec/APKBUILD index e61e9f7446..f229bf1ef9 100644 --- a/testing/openswan-grsec/APKBUILD +++ b/testing/openswan-grsec/APKBUILD @@ -21,7 +21,7 @@ pkgver=$pkgver pkgrel=$(( $_kpkgrel + $_mypkgrel )) pkgdesc="IPsec Implementation which Allows Building of VPNs" url="http://www.openswan.org/" -arch="all" +arch="" license="GPL" depends="" depends_dev="gmp-dev bison flex linux-$_flavor-dev=$_kernelver" diff --git a/testing/rsyslog/APKBUILD b/testing/rsyslog/APKBUILD index e985abbb82..83e7a43121 100644 --- a/testing/rsyslog/APKBUILD +++ b/testing/rsyslog/APKBUILD @@ -1,14 +1,14 @@ -# Contributor: cbanta@gmail.com # Maintainer: cbanta@gmail.com +# Contributor: cbanta@gmail.com pkgname=rsyslog -pkgver=5.8.7 -pkgrel=1 +pkgver=6.2.0 +pkgrel=0 pkgdesc="Enhanced multi-threaded syslogd with database support and more." url="http://www.rsyslog.com/" arch="all" license="GPLv3 LGPL-3" makedepends="zlib-dev gnutls-dev mysql-dev postgresql-dev net-snmp-dev - libnet-dev libgcrypt-dev" + libnet-dev libgcrypt-dev libee-dev libestr-dev" subpackages="$pkgname-doc $pkgname-mysql $pkgname-pgsql $pkgname-tls $pkgname-snmp" source="http://www.rsyslog.com/files/download/$pkgname/$pkgname-$pkgver.tar.gz $pkgname.initd @@ -19,8 +19,9 @@ source="http://www.rsyslog.com/files/download/$pkgname/$pkgname-$pkgver.tar.gz _builddir="$srcdir"/$pkgname-$pkgver -build() { +prepare() { cd "$_builddir" + export LDFLAGS="-lestr" ./configure \ --disable-gui \ --disable-rfc3195 \ @@ -42,6 +43,10 @@ build() { --sysconfdir=/etc \ --mandir=/usr/share/man \ --infodir=/usr/share/info +} + +build() { + cd "$_builddir" make || return 1 } @@ -80,7 +85,7 @@ snmp() { mv "$pkgdir"/usr/lib/rsyslog/omsnmp.so "$subpkgdir"/usr/lib/rsyslog/ } -md5sums="d806a91de534d6e33d7d1c1138cfdd37 rsyslog-5.8.7.tar.gz +md5sums="03e237abaa5d47f92c6e655f92f22532 rsyslog-6.2.0.tar.gz b3fcedb16f9de2d9434ce4c89004a73b rsyslog.initd 0a0aef98f677364e6178c34274df7723 rsyslog.confd bc43debc9ffdf66bc1409025fd3d1176 rsyslog.logrotate diff --git a/testing/wanpipe-grsec/APKBUILD b/testing/wanpipe-grsec/APKBUILD index 46232b7bbf..50317cf836 100644 --- a/testing/wanpipe-grsec/APKBUILD +++ b/testing/wanpipe-grsec/APKBUILD @@ -3,7 +3,7 @@ _flavor=${FLAVOR:-grsec} _realname=wanpipe _name=$_realname-$_flavor -_kver=3.2.12 +_kver=3.3.0 _kpkgrel=0 # source the kernel version |