aboutsummaryrefslogtreecommitdiffstats
path: root/main/linux-virt-grsec
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2013-08-23 14:47:51 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2013-08-23 14:48:08 +0000
commitdb2fc439f3c9f360a9beb7200bb7dc4345b116e0 (patch)
treee2db60d98073c2c32c48f8035d32fe792afdfc61 /main/linux-virt-grsec
parent11e44998295d10c832dccb35b46d093cdc452401 (diff)
downloadaports-db2fc439f3c9f360a9beb7200bb7dc4345b116e0.tar.bz2
aports-db2fc439f3c9f360a9beb7200bb7dc4345b116e0.tar.xz
main/linux-virt-grsec: upgrade to 3.10.7
Diffstat (limited to 'main/linux-virt-grsec')
-rw-r--r--main/linux-virt-grsec/APKBUILD34
-rw-r--r--main/linux-virt-grsec/grsecurity-2.9.1-3.10.7-201308171249.patch (renamed from main/linux-virt-grsec/grsecurity-2.9.1-3.9.11-unofficial-2.patch)17055
-rw-r--r--main/linux-virt-grsec/kernelconfig.x86162
-rw-r--r--main/linux-virt-grsec/kernelconfig.x86_64166
4 files changed, 9912 insertions, 7505 deletions
diff --git a/main/linux-virt-grsec/APKBUILD b/main/linux-virt-grsec/APKBUILD
index 85d1719115..ec49fdc49a 100644
--- a/main/linux-virt-grsec/APKBUILD
+++ b/main/linux-virt-grsec/APKBUILD
@@ -3,7 +3,7 @@
_flavor=grsec
pkgname=linux-virt-${_flavor}
-pkgver=3.9.11
+pkgver=3.10.7
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
@@ -18,7 +18,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-2.9.1-3.9.11-unofficial-2.patch
+ grsecurity-2.9.1-3.10.7-201308171249.patch
0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
@@ -147,36 +147,36 @@ dev() {
"$subpkgdir"/lib/modules/${_abi_release}/build
}
-md5sums="4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz
-552146435b7ecc414bf8e3cd8bb6ac4a patch-3.9.11.xz
-808e4e5dd176692d62ccfbf5988a88fa grsecurity-2.9.1-3.9.11-unofficial-2.patch
+md5sums="4f25cd5bec5f8d5a7d935b3f2ccb8481 linux-3.10.tar.xz
+6b1b6b62044fcf3624f067154d5c1666 patch-3.10.7.xz
+e8a352c746da4aaf2e14a89da6896023 grsecurity-2.9.1-3.10.7-201308171249.patch
a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
2a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
-35bdbb795392104434fdb16e226606bc kernelconfig.x86
-3fa1281098783b061581f6c1122edd77 kernelconfig.x86_64"
-sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 linux-3.9.tar.xz
-29be11d16ef152ae1858d567cbf45f0da0193adf364826f5e3fa8b2fcd839682 patch-3.9.11.xz
-bd672d212020b5a7a00b3e0f6df39efbba6d0a1cbad88e0bf65cbaf8f8045204 grsecurity-2.9.1-3.9.11-unofficial-2.patch
+246de0aecacde70ce26d9c4a4006aedb kernelconfig.x86
+307fc07ff32a2bc22f34eb2b1d0b886f kernelconfig.x86_64"
+sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz
+a92836d9ae477a7730c79d8ad521a2859ecdd8dea1ac0fa561fb5ce8517f5d1e patch-3.10.7.xz
+9424fb61b373fb3a84cdf0b82183ae4429158a8b582ef49a33af629557330e2a grsecurity-2.9.1-3.10.7-201308171249.patch
6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
-ca83354dfd4d2938bad03bd05aa25d6ab7228b289eabd43f10dab5c571f0ec07 kernelconfig.x86
-8e64c024e2f8d7d67198ad8c331cd3ef8df40015c85a0b5ef4c2487274404abb kernelconfig.x86_64"
-sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790 linux-3.9.tar.xz
-c3a0be102d816ae06d7dfdd2738915fc2114cb9bb488b03b34e4f52f2367dcba4d8cb8ba203687bf694c2dcad36d70bb9d3121ac739a28e2c7fb2c44f08a9c71 patch-3.9.11.xz
-730e24dffc70250945d873358a2fbe19f1c9249befeaba6e53ce8c1b4ebb19583d51d6a437b6d9a39b705f48001f4a645f92560ef6b4db88ee8fbf9f17bafd41 grsecurity-2.9.1-3.9.11-unofficial-2.patch
+324ad615f077368699edc840e34470557be880d2c812a7048cf993c60cec0fa6 kernelconfig.x86
+20a4b46aad191452b7269288dbd205ee05c7d7681e2c129f6381aa2f9a7e8200 kernelconfig.x86_64"
+sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz
+d34729cfca045f12077c44518171a5b933790b112f2576aa55ba7f6684567b04a6beea4da8a635dcc078a844f9cd47aa66ead1fd6d68b926fdc09ecb0ae34324 patch-3.10.7.xz
+1ddc7f9f28e5a8451a36b6cf800e173a59cbd2271aca772b24c568b77fa37997d0bd095e032ffb94d897a5e4d9ebc102e8eb69acb04a57f1938cd92fe98e306e grsecurity-2.9.1-3.10.7-201308171249.patch
81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
-ffe76f2a13888c7a54d1dadac09f1220c2423c6883d813ea8b69485d2a855152fe24b5b132d72ac6a1abd66eda5f9592e226bc53afeffd31d285a2cc62fc7d5b kernelconfig.x86
-485501f627ab9ac2a3e1ccfdee956989f20d9f0e88b3ed2a7239fb93928d4c054a761306ebccbec9a18ca5dee59b7249cd72add6c65645234798c828afebe52c kernelconfig.x86_64"
+3f1965a6c5fc9dc2cd3da407edab473caa964ef7cddba711f6c98b1710d2e50c7bba4ccb21ada794a387f100903ab16feebfd4910a6033d889878100a6bb4e77 kernelconfig.x86
+23fc5c7807d9b4804a2e4cd65c597bec1ca7117e35c1e9b001c0c6d6ff9d736ef166515c1a0a9545a66d78b75e411e192c4cff96f9cbfee1cdd2260d46b6bec0 kernelconfig.x86_64"
diff --git a/main/linux-virt-grsec/grsecurity-2.9.1-3.9.11-unofficial-2.patch b/main/linux-virt-grsec/grsecurity-2.9.1-3.10.7-201308171249.patch
index cb0d943df0..9a72c3e12c 100644
--- a/main/linux-virt-grsec/grsecurity-2.9.1-3.9.11-unofficial-2.patch
+++ b/main/linux-virt-grsec/grsecurity-2.9.1-3.10.7-201308171249.patch
@@ -229,10 +229,10 @@ index b89a739..79768fb 100644
+zconf.lex.c
zoffset.h
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
-index 8ccbf27..afffeb4 100644
+index 2fe6e76..889ee23 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
-@@ -948,6 +948,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -976,6 +976,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
Format: <unsigned int> such that (rxsize & ~0x1fffc0) == 0.
Default: 1024
@@ -243,7 +243,18 @@ index 8ccbf27..afffeb4 100644
hashdist= [KNL,NUMA] Large hashes allocated during boot
are distributed across NUMA nodes. Defaults on
for 64-bit NUMA, off otherwise.
-@@ -2147,6 +2151,18 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+@@ -1928,6 +1932,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
+ noexec=on: enable non-executable mappings (default)
+ noexec=off: disable non-executable mappings
+
++ nopcid [X86-64]
++ Disable PCID (Process-Context IDentifier) even if it
++ is supported by the processor.
++
+ nosmap [X86]
+ Disable SMAP (Supervisor Mode Access Prevention)
+ even if it is supported by processor.
+@@ -2195,6 +2203,25 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
the specified number of seconds. This is to be used if
your oopses keep scrolling off the screen.
@@ -252,6 +263,10 @@ index 8ccbf27..afffeb4 100644
+ expand down segment used by UDEREF on X86-32 or the frequent
+ page table updates on X86-64.
+
++ pax_sanitize_slab=
++ 0/1 to disable/enable slab object sanitization (enabled by
++ default).
++
+ pax_softmode= 0/1 to disable/enable PaX softmode on boot already.
+
+ pax_extra_latent_entropy
@@ -259,11 +274,14 @@ index 8ccbf27..afffeb4 100644
+ from the first 4GB of memory as the bootmem allocator
+ passes the memory pages to the buddy allocator.
+
++ pax_weakuderef [X86-64] enables the weaker but faster form of UDEREF
++ when the processor supports PCID.
++
pcbit= [HW,ISDN]
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index ad368cd..96b21c3 100644
+index 33e36ab..31f1dc8 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -364,7 +382,7 @@ index ad368cd..96b21c3 100644
vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \
$(core-y) $(core-m) $(drivers-y) $(drivers-m) \
-@@ -780,6 +840,8 @@ endif
+@@ -782,6 +842,8 @@ endif
# The actual objects are generated when descending,
# make sure no implicit rule kicks in
@@ -373,7 +391,7 @@ index ad368cd..96b21c3 100644
$(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
# Handle descending into subdirectories listed in $(vmlinux-dirs)
-@@ -789,7 +851,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
+@@ -791,7 +853,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ;
# Error messages still appears in the original language
PHONY += $(vmlinux-dirs)
@@ -382,7 +400,7 @@ index ad368cd..96b21c3 100644
$(Q)$(MAKE) $(build)=$@
# Store (new) KERNELRELASE string in include/config/kernel.release
-@@ -833,6 +895,7 @@ prepare0: archprepare FORCE
+@@ -835,6 +897,7 @@ prepare0: archprepare FORCE
$(Q)$(MAKE) $(build)=.
# All the preparing..
@@ -390,7 +408,7 @@ index ad368cd..96b21c3 100644
prepare: prepare0
# Generate some files
-@@ -940,6 +1003,8 @@ all: modules
+@@ -942,6 +1005,8 @@ all: modules
# using awk while concatenating to the final file.
PHONY += modules
@@ -399,7 +417,7 @@ index ad368cd..96b21c3 100644
modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin
$(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order
@$(kecho) ' Building modules, stage 2.';
-@@ -955,7 +1020,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
+@@ -957,7 +1022,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin)
# Target to prepare building external modules
PHONY += modules_prepare
@@ -408,7 +426,7 @@ index ad368cd..96b21c3 100644
# Target to install modules
PHONY += modules_install
-@@ -1021,7 +1086,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
+@@ -1023,7 +1088,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \
Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \
signing_key.priv signing_key.x509 x509.genkey \
extra_certificates signing_key.x509.keyid \
@@ -417,7 +435,7 @@ index ad368cd..96b21c3 100644
# clean - Delete most, but leave enough to build external modules
#
-@@ -1061,6 +1126,7 @@ distclean: mrproper
+@@ -1063,6 +1128,7 @@ distclean: mrproper
\( -name '*.orig' -o -name '*.rej' -o -name '*~' \
-o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \
-o -name '.*.rej' \
@@ -425,7 +443,7 @@ index ad368cd..96b21c3 100644
-o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \
-type f -print | xargs rm -f
-@@ -1221,6 +1287,8 @@ PHONY += $(module-dirs) modules
+@@ -1223,6 +1289,8 @@ PHONY += $(module-dirs) modules
$(module-dirs): crmodverdir $(objtree)/Module.symvers
$(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@)
@@ -434,7 +452,7 @@ index ad368cd..96b21c3 100644
modules: $(module-dirs)
@$(kecho) ' Building modules, stage 2.';
$(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost
-@@ -1357,17 +1425,21 @@ else
+@@ -1359,17 +1427,21 @@ else
target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@))
endif
@@ -460,7 +478,7 @@ index ad368cd..96b21c3 100644
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
%.symtypes: %.c prepare scripts FORCE
$(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@)
-@@ -1377,11 +1449,15 @@ endif
+@@ -1379,11 +1451,15 @@ endif
$(cmd_crmodverdir)
$(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \
$(build)=$(build-dir)
@@ -811,10 +829,10 @@ index 0c4132d..88f0d53 100644
/* Allow reads even for write-only mappings */
if (!(vma->vm_flags & (VM_READ | VM_WRITE)))
diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
-index 70cd012..71b82cd 100644
+index 18a9f5e..ca910b7 100644
--- a/arch/arm/Kconfig
+++ b/arch/arm/Kconfig
-@@ -1860,7 +1860,7 @@ config ALIGNMENT_TRAP
+@@ -1766,7 +1766,7 @@ config ALIGNMENT_TRAP
config UACCESS_WITH_MEMCPY
bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()"
@@ -824,7 +842,7 @@ index 70cd012..71b82cd 100644
help
Implement faster copy_to_user and clear_user methods for CPU
diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h
-index c79f61f..9ac0642 100644
+index da1c77d..2ee6056 100644
--- a/arch/arm/include/asm/atomic.h
+++ b/arch/arm/include/asm/atomic.h
@@ -17,17 +17,35 @@
@@ -1129,8 +1147,44 @@ index c79f61f..9ac0642 100644
+
#define ATOMIC64_INIT(i) { (i) }
+ #ifdef CONFIG_ARM_LPAE
+@@ -257,6 +452,19 @@ static inline u64 atomic64_read(const atomic64_t *v)
+ return result;
+ }
+
++static inline u64 atomic64_read_unchecked(const atomic64_unchecked_t *v)
++{
++ u64 result;
++
++ __asm__ __volatile__("@ atomic64_read_unchecked\n"
++" ldrd %0, %H0, [%1]"
++ : "=&r" (result)
++ : "r" (&v->counter), "Qo" (v->counter)
++ );
++
++ return result;
++}
++
+ static inline void atomic64_set(atomic64_t *v, u64 i)
+ {
+ __asm__ __volatile__("@ atomic64_set\n"
+@@ -265,6 +473,15 @@ static inline void atomic64_set(atomic64_t *v, u64 i)
+ : "r" (&v->counter), "r" (i)
+ );
+ }
++
++static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, u64 i)
++{
++ __asm__ __volatile__("@ atomic64_set_unchecked\n"
++" strd %2, %H2, [%1]"
++ : "=Qo" (v->counter)
++ : "r" (&v->counter), "r" (i)
++ );
++}
+ #else
static inline u64 atomic64_read(const atomic64_t *v)
-@@ -256,6 +451,19 @@ static inline u64 atomic64_read(const atomic64_t *v)
+ {
+@@ -279,6 +496,19 @@ static inline u64 atomic64_read(const atomic64_t *v)
return result;
}
@@ -1150,10 +1204,11 @@ index c79f61f..9ac0642 100644
static inline void atomic64_set(atomic64_t *v, u64 i)
{
u64 tmp;
-@@ -270,6 +478,20 @@ static inline void atomic64_set(atomic64_t *v, u64 i)
+@@ -292,6 +522,21 @@ static inline void atomic64_set(atomic64_t *v, u64 i)
+ : "r" (&v->counter), "r" (i)
: "cc");
}
-
++
+static inline void atomic64_set_unchecked(atomic64_unchecked_t *v, u64 i)
+{
+ u64 tmp;
@@ -1168,10 +1223,10 @@ index c79f61f..9ac0642 100644
+ : "cc");
+}
+
+ #endif
+
static inline void atomic64_add(u64 i, atomic64_t *v)
- {
- u64 result;
-@@ -278,6 +500,36 @@ static inline void atomic64_add(u64 i, atomic64_t *v)
+@@ -302,6 +547,36 @@ static inline void atomic64_add(u64 i, atomic64_t *v)
__asm__ __volatile__("@ atomic64_add\n"
"1: ldrexd %0, %H0, [%3]\n"
" adds %0, %0, %4\n"
@@ -1208,15 +1263,17 @@ index c79f61f..9ac0642 100644
" adc %H0, %H0, %H4\n"
" strexd %1, %0, %H0, [%3]\n"
" teq %1, #0\n"
-@@ -289,12 +541,49 @@ static inline void atomic64_add(u64 i, atomic64_t *v)
+@@ -313,12 +588,49 @@ static inline void atomic64_add(u64 i, atomic64_t *v)
static inline u64 atomic64_add_return(u64 i, atomic64_t *v)
{
+- u64 result;
+- unsigned long tmp;
+ u64 result, tmp;
-+
-+ smp_mb();
-+
-+ __asm__ __volatile__("@ atomic64_add_return\n"
+
+ smp_mb();
+
+ __asm__ __volatile__("@ atomic64_add_return\n"
+"1: ldrexd %1, %H1, [%3]\n"
+" adds %0, %1, %4\n"
+" adcs %H0, %H1, %H4\n"
@@ -1249,21 +1306,19 @@ index c79f61f..9ac0642 100644
+
+static inline u64 atomic64_add_return_unchecked(u64 i, atomic64_unchecked_t *v)
+{
- u64 result;
- unsigned long tmp;
-
- smp_mb();
-
-- __asm__ __volatile__("@ atomic64_add_return\n"
++ u64 result;
++ unsigned long tmp;
++
++ smp_mb();
++
+ __asm__ __volatile__("@ atomic64_add_return_unchecked\n"
"1: ldrexd %0, %H0, [%3]\n"
" adds %0, %0, %4\n"
" adc %H0, %H0, %H4\n"
-@@ -318,23 +607,34 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
+@@ -342,6 +654,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
__asm__ __volatile__("@ atomic64_sub\n"
"1: ldrexd %0, %H0, [%3]\n"
" subs %0, %0, %4\n"
--" sbc %H0, %H0, %H4\n"
+" sbcs %H0, %H0, %H4\n"
+
+#ifdef CONFIG_PAX_REFCOUNT
@@ -1272,46 +1327,45 @@ index c79f61f..9ac0642 100644
+"3:\n"
+#endif
+
- " strexd %1, %0, %H0, [%3]\n"
- " teq %1, #0\n"
- " bne 1b"
++" strexd %1, %0, %H0, [%3]\n"
++" teq %1, #0\n"
++" bne 1b"
+
+#ifdef CONFIG_PAX_REFCOUNT
+"\n4:\n"
+ _ASM_EXTABLE(2b, 4b)
+#endif
+
- : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
- : "r" (&v->counter), "r" (i)
- : "cc");
- }
-
--static inline u64 atomic64_sub_return(u64 i, atomic64_t *v)
-+static inline void atomic64_sub_unchecked(u64 i, atomic64_unchecked_t *v)
- {
- u64 result;
- unsigned long tmp;
-
-- smp_mb();
--
-- __asm__ __volatile__("@ atomic64_sub_return\n"
-+ __asm__ __volatile__("@ atomic64_sub_unchecked\n"
- "1: ldrexd %0, %H0, [%3]\n"
- " subs %0, %0, %4\n"
- " sbc %H0, %H0, %H4\n"
-@@ -344,6 +644,39 @@ static inline u64 atomic64_sub_return(u64 i, atomic64_t *v)
- : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
- : "r" (&v->counter), "r" (i)
- : "cc");
++ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
++ : "r" (&v->counter), "r" (i)
++ : "cc");
+}
+
-+static inline u64 atomic64_sub_return(u64 i, atomic64_t *v)
++static inline void atomic64_sub_unchecked(u64 i, atomic64_unchecked_t *v)
+{
-+ u64 result, tmp;
-+
-+ smp_mb();
++ u64 result;
++ unsigned long tmp;
+
-+ __asm__ __volatile__("@ atomic64_sub_return\n"
++ __asm__ __volatile__("@ atomic64_sub_unchecked\n"
++"1: ldrexd %0, %H0, [%3]\n"
++" subs %0, %0, %4\n"
+ " sbc %H0, %H0, %H4\n"
+ " strexd %1, %0, %H0, [%3]\n"
+ " teq %1, #0\n"
+@@ -353,18 +695,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v)
+
+ static inline u64 atomic64_sub_return(u64 i, atomic64_t *v)
+ {
+- u64 result;
+- unsigned long tmp;
++ u64 result, tmp;
+
+ smp_mb();
+
+ __asm__ __volatile__("@ atomic64_sub_return\n"
+-"1: ldrexd %0, %H0, [%3]\n"
+-" subs %0, %0, %4\n"
+-" sbc %H0, %H0, %H4\n"
+"1: ldrexd %1, %H1, [%3]\n"
+" subs %0, %1, %4\n"
+" sbcs %H0, %H1, %H4\n"
@@ -1324,22 +1378,19 @@ index c79f61f..9ac0642 100644
+"3:\n"
+#endif
+
-+" strexd %1, %0, %H0, [%3]\n"
-+" teq %1, #0\n"
-+" bne 1b"
+ " strexd %1, %0, %H0, [%3]\n"
+ " teq %1, #0\n"
+ " bne 1b"
+
+#ifdef CONFIG_PAX_REFCOUNT
+"\n4:\n"
+ _ASM_EXTABLE(2b, 4b)
+#endif
+
-+ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
-+ : "r" (&v->counter), "r" (i)
-+ : "cc");
-
- smp_mb();
-
-@@ -374,6 +707,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new)
+ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
+ : "r" (&v->counter), "r" (i)
+ : "cc");
+@@ -398,6 +754,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new)
return oldval;
}
@@ -1370,7 +1421,7 @@ index c79f61f..9ac0642 100644
static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new)
{
u64 result;
-@@ -397,21 +754,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new)
+@@ -421,21 +801,34 @@ static inline u64 atomic64_xchg(atomic64_t *ptr, u64 new)
static inline u64 atomic64_dec_if_positive(atomic64_t *v)
{
@@ -1412,7 +1463,7 @@ index c79f61f..9ac0642 100644
: "=&r" (result), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter)
: "cc");
-@@ -434,13 +804,25 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u)
+@@ -458,13 +851,25 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u)
" teq %0, %5\n"
" teqeq %H0, %H5\n"
" moveq %1, #0\n"
@@ -1441,7 +1492,7 @@ index c79f61f..9ac0642 100644
: "=&r" (val), "+r" (ret), "=&r" (tmp), "+Qo" (v->counter)
: "r" (&v->counter), "r" (u), "r" (a)
: "cc");
-@@ -453,10 +835,13 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u)
+@@ -477,10 +882,13 @@ static inline int atomic64_add_unless(atomic64_t *v, u64 a, u64 u)
#define atomic64_add_negative(a, v) (atomic64_add_return((a), (v)) < 0)
#define atomic64_inc(v) atomic64_add(1LL, (v))
@@ -1479,7 +1530,7 @@ index 75fe66b..ba3dee4 100644
#endif
diff --git a/arch/arm/include/asm/cacheflush.h b/arch/arm/include/asm/cacheflush.h
-index 738fcba..7a43500 100644
+index 17d0ae8..014e350 100644
--- a/arch/arm/include/asm/cacheflush.h
+++ b/arch/arm/include/asm/cacheflush.h
@@ -116,7 +116,7 @@ struct cpu_cache_fns {
@@ -1543,15 +1594,15 @@ index 6ddbe44..b5e38b1 100644
+#define DOMAIN_KERNELCLIENT 1
#define DOMAIN_MANAGER 3
+#define DOMAIN_VECTORS DOMAIN_USER
-+#else
+ #else
+
+#ifdef CONFIG_PAX_KERNEXEC
-+#define DOMAIN_MANAGER 1
-+#define DOMAIN_KERNEXEC 3
- #else
#define DOMAIN_MANAGER 1
- #endif
-
++#define DOMAIN_KERNEXEC 3
++#else
++#define DOMAIN_MANAGER 1
++#endif
++
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+#define DOMAIN_USERCLIENT 0
+#define DOMAIN_UDEREF 1
@@ -1562,8 +1613,8 @@ index 6ddbe44..b5e38b1 100644
+#endif
+#define DOMAIN_KERNELCLIENT 1
+
-+#endif
-+
+ #endif
+
#define domain_val(dom,type) ((type) << (2*(dom)))
#ifndef __ASSEMBLY__
@@ -1591,7 +1642,7 @@ index 6ddbe44..b5e38b1 100644
static inline void set_domain(unsigned val) { }
static inline void modify_domain(unsigned dom, unsigned type) { }
diff --git a/arch/arm/include/asm/elf.h b/arch/arm/include/asm/elf.h
-index 38050b1..9d90e8b 100644
+index 56211f2..17e8a25 100644
--- a/arch/arm/include/asm/elf.h
+++ b/arch/arm/include/asm/elf.h
@@ -116,7 +116,14 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs);
@@ -1610,7 +1661,7 @@ index 38050b1..9d90e8b 100644
/* When the program starts, a1 contains a pointer to a function to be
registered with atexit, as per the SVR4 ABI. A value of 0 means we
-@@ -126,8 +133,4 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs);
+@@ -126,10 +133,6 @@ int dump_task_regs(struct task_struct *t, elf_gregset_t *elfregs);
extern void elf_set_personality(const struct elf32_hdr *);
#define SET_PERSONALITY(ex) elf_set_personality(&(ex))
@@ -1618,7 +1669,9 @@ index 38050b1..9d90e8b 100644
-extern unsigned long arch_randomize_brk(struct mm_struct *mm);
-#define arch_randomize_brk arch_randomize_brk
-
- #endif
+ #ifdef CONFIG_MMU
+ #define ARCH_HAS_SETUP_ADDITIONAL_PAGES 1
+ struct linux_binprm;
diff --git a/arch/arm/include/asm/fncpy.h b/arch/arm/include/asm/fncpy.h
index de53547..52b9a28 100644
--- a/arch/arm/include/asm/fncpy.h
@@ -1751,7 +1804,7 @@ index 12f71a1..04e063c 100644
#ifdef CONFIG_OUTER_CACHE
diff --git a/arch/arm/include/asm/page.h b/arch/arm/include/asm/page.h
-index 812a494..71fc0b6 100644
+index cbdc7a2..32f44fe 100644
--- a/arch/arm/include/asm/page.h
+++ b/arch/arm/include/asm/page.h
@@ -114,7 +114,7 @@ struct cpu_user_fns {
@@ -1861,17 +1914,19 @@ index 5cfba15..f415e1a 100644
#define PTE_EXT_AP0 (_AT(pteval_t, 1) << 4)
#define PTE_EXT_AP1 (_AT(pteval_t, 2) << 4)
diff --git a/arch/arm/include/asm/pgtable-2level.h b/arch/arm/include/asm/pgtable-2level.h
-index f97ee02..07f1be5 100644
+index f97ee02..cc9fe9e 100644
--- a/arch/arm/include/asm/pgtable-2level.h
+++ b/arch/arm/include/asm/pgtable-2level.h
-@@ -125,6 +125,7 @@
- #define L_PTE_XN (_AT(pteval_t, 1) << 9)
+@@ -126,6 +126,9 @@
#define L_PTE_SHARED (_AT(pteval_t, 1) << 10) /* shared(v6), coherent(xsc3) */
#define L_PTE_NONE (_AT(pteval_t, 1) << 11)
-+#define L_PTE_PXN (_AT(pteval_t, 1) << 12) /* v7*/
++/* Two-level page tables only have PXN in the PGD, not in the PTE. */
++#define L_PTE_PXN (_AT(pteval_t, 0))
++
/*
* These are the memory types, defined to be compatible with
+ * pre-ARMv6 CPUs cacheable and bufferable bits: XXCB
diff --git a/arch/arm/include/asm/pgtable-3level-hwdef.h b/arch/arm/include/asm/pgtable-3level-hwdef.h
index 18f5cef..25b8f43 100644
--- a/arch/arm/include/asm/pgtable-3level-hwdef.h
@@ -2020,22 +2075,6 @@ index f3628fb..a0672dd 100644
#ifndef MULTI_CPU
extern void cpu_proc_init(void);
-diff --git a/arch/arm/include/asm/processor.h b/arch/arm/include/asm/processor.h
-index 06e7d50..8a8e251 100644
---- a/arch/arm/include/asm/processor.h
-+++ b/arch/arm/include/asm/processor.h
-@@ -65,9 +65,8 @@ struct thread_struct {
- regs->ARM_cpsr |= PSR_ENDSTATE; \
- regs->ARM_pc = pc & ~1; /* pc */ \
- regs->ARM_sp = sp; /* sp */ \
-- regs->ARM_r2 = stack[2]; /* r2 (envp) */ \
-- regs->ARM_r1 = stack[1]; /* r1 (argv) */ \
-- regs->ARM_r0 = stack[0]; /* r0 (argc) */ \
-+ /* r2 (envp), r1 (argv), r0 (argc) */ \
-+ (void)copy_from_user(&regs->ARM_r0, (const char __user *)stack, 3 * sizeof(unsigned long)); \
- nommu_start_thread(regs); \
- })
-
diff --git a/arch/arm/include/asm/psci.h b/arch/arm/include/asm/psci.h
index ce0dbe7..c085b6f 100644
--- a/arch/arm/include/asm/psci.h
@@ -2063,7 +2102,7 @@ index d3a22be..3a69ad5 100644
/*
* set platform specific SMP operations
diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h
-index cddda1f..ff357f7 100644
+index f00b569..aa5bb41 100644
--- a/arch/arm/include/asm/thread_info.h
+++ b/arch/arm/include/asm/thread_info.h
@@ -77,9 +77,9 @@ struct thread_info {
@@ -2079,20 +2118,20 @@ index cddda1f..ff357f7 100644
.restart_block = { \
.fn = do_no_restart_syscall, \
}, \
-@@ -152,6 +152,12 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *,
+@@ -152,7 +152,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *,
#define TIF_SYSCALL_AUDIT 9
#define TIF_SYSCALL_TRACEPOINT 10
#define TIF_SECCOMP 11 /* seccomp syscall filtering active */
-+
+-#define TIF_NOHZ 12 /* in adaptive nohz mode */
+/* within 8 bits of TIF_SYSCALL_TRACE
+ * to meet flexible second operand requirements
+ */
+#define TIF_GRSEC_SETXID 12
-+
++#define TIF_NOHZ 13 /* in adaptive nohz mode */
#define TIF_USING_IWMMXT 17
#define TIF_MEMDIE 18 /* is terminating due to OOM killer */
#define TIF_RESTORE_SIGMASK 20
-@@ -165,10 +171,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *,
+@@ -165,10 +169,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *,
#define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT)
#define _TIF_SECCOMP (1 << TIF_SECCOMP)
#define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT)
@@ -2105,8 +2144,35 @@ index cddda1f..ff357f7 100644
/*
* Change these and you break ASM code in entry-common.S
+diff --git a/arch/arm/include/asm/tlb.h b/arch/arm/include/asm/tlb.h
+index bdf2b84..aa9b4ac 100644
+--- a/arch/arm/include/asm/tlb.h
++++ b/arch/arm/include/asm/tlb.h
+@@ -43,6 +43,7 @@ struct mmu_gather {
+ struct mm_struct *mm;
+ unsigned int fullmm;
+ struct vm_area_struct *vma;
++ unsigned long start, end;
+ unsigned long range_start;
+ unsigned long range_end;
+ unsigned int nr;
+@@ -107,10 +108,12 @@ static inline void tlb_flush_mmu(struct mmu_gather *tlb)
+ }
+
+ static inline void
+-tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int fullmm)
++tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end)
+ {
+ tlb->mm = mm;
+- tlb->fullmm = fullmm;
++ tlb->fullmm = !(start | (end+1));
++ tlb->start = start;
++ tlb->end = end;
+ tlb->vma = NULL;
+ tlb->max = ARRAY_SIZE(tlb->local);
+ tlb->pages = tlb->local;
diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h
-index 7e1f760..510061e 100644
+index 7e1f760..de33b13 100644
--- a/arch/arm/include/asm/uaccess.h
+++ b/arch/arm/include/asm/uaccess.h
@@ -18,6 +18,7 @@
@@ -2117,7 +2183,7 @@ index 7e1f760..510061e 100644
#define VERIFY_READ 0
#define VERIFY_WRITE 1
-@@ -63,11 +64,35 @@ extern int __put_user_bad(void);
+@@ -63,11 +64,38 @@ extern int __put_user_bad(void);
static inline void set_fs(mm_segment_t fs)
{
current_thread_info()->addr_limit = fs;
@@ -2127,11 +2193,14 @@ index 7e1f760..510061e 100644
#define segment_eq(a,b) ((a) == (b))
++#define __HAVE_ARCH_PAX_OPEN_USERLAND
++#define __HAVE_ARCH_PAX_CLOSE_USERLAND
++
+static inline void pax_open_userland(void)
+{
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+ if (segment_eq(get_fs(), USER_DS) {
++ if (segment_eq(get_fs(), USER_DS)) {
+ BUG_ON(test_domain(DOMAIN_USER, DOMAIN_UDEREF));
+ modify_domain(DOMAIN_USER, DOMAIN_UDEREF);
+ }
@@ -2143,7 +2212,7 @@ index 7e1f760..510061e 100644
+{
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+ if (segment_eq(get_fs(), USER_DS) {
++ if (segment_eq(get_fs(), USER_DS)) {
+ BUG_ON(test_domain(DOMAIN_USER, DOMAIN_NOACCESS));
+ modify_domain(DOMAIN_USER, DOMAIN_NOACCESS);
+ }
@@ -2154,7 +2223,7 @@ index 7e1f760..510061e 100644
#define __addr_ok(addr) ({ \
unsigned long flag; \
__asm__("cmp %2, %0; movlo %0, #0" \
-@@ -143,8 +168,12 @@ extern int __get_user_4(void *);
+@@ -143,8 +171,12 @@ extern int __get_user_4(void *);
#define get_user(x,p) \
({ \
@@ -2168,7 +2237,7 @@ index 7e1f760..510061e 100644
})
extern int __put_user_1(void *, unsigned int);
-@@ -188,8 +217,12 @@ extern int __put_user_8(void *, unsigned long long);
+@@ -188,8 +220,12 @@ extern int __put_user_8(void *, unsigned long long);
#define put_user(x,p) \
({ \
@@ -2182,7 +2251,7 @@ index 7e1f760..510061e 100644
})
#else /* CONFIG_MMU */
-@@ -230,13 +263,17 @@ static inline void set_fs(mm_segment_t fs)
+@@ -230,13 +266,17 @@ static inline void set_fs(mm_segment_t fs)
#define __get_user(x,ptr) \
({ \
long __gu_err = 0; \
@@ -2200,7 +2269,7 @@ index 7e1f760..510061e 100644
(void) 0; \
})
-@@ -312,13 +349,17 @@ do { \
+@@ -312,13 +352,17 @@ do { \
#define __put_user(x,ptr) \
({ \
long __pu_err = 0; \
@@ -2218,7 +2287,7 @@ index 7e1f760..510061e 100644
(void) 0; \
})
-@@ -418,11 +459,44 @@ do { \
+@@ -418,11 +462,44 @@ do { \
#ifdef CONFIG_MMU
@@ -2266,7 +2335,7 @@ index 7e1f760..510061e 100644
#else
#define __copy_from_user(to,from,n) (memcpy(to, (void __force *)from, n), 0)
#define __copy_to_user(to,from,n) (memcpy((void __force *)to, from, n), 0)
-@@ -431,6 +505,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l
+@@ -431,6 +508,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l
static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n)
{
@@ -2276,7 +2345,7 @@ index 7e1f760..510061e 100644
if (access_ok(VERIFY_READ, from, n))
n = __copy_from_user(to, from, n);
else /* security hole - plug it */
-@@ -440,6 +517,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u
+@@ -440,6 +520,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u
static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n)
{
@@ -2326,7 +2395,7 @@ index 60d3b73..e5a0f22 100644
EXPORT_SYMBOL(__get_user_1);
EXPORT_SYMBOL(__get_user_2);
diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S
-index 0f82098..fb3d3d5 100644
+index d43c7e5..257c050 100644
--- a/arch/arm/kernel/entry-armv.S
+++ b/arch/arm/kernel/entry-armv.S
@@ -47,6 +47,87 @@
@@ -2458,7 +2527,7 @@ index 0f82098..fb3d3d5 100644
SPFIX( addeq r2, r2, #4 )
str r3, [sp, #-4]! @ save the "real" r0 copied
@ from the exception stack
-@@ -359,6 +453,9 @@ ENDPROC(__pabt_svc)
+@@ -316,6 +410,9 @@ ENDPROC(__pabt_svc)
.macro usr_entry
UNWIND(.fnstart )
UNWIND(.cantunwind ) @ don't unwind the user space
@@ -2468,7 +2537,17 @@ index 0f82098..fb3d3d5 100644
sub sp, sp, #S_FRAME_SIZE
ARM( stmib sp, {r1 - r12} )
THUMB( stmia sp, {r0 - r12} )
-@@ -456,7 +553,9 @@ __und_usr:
+@@ -357,7 +454,8 @@ ENDPROC(__pabt_svc)
+ .endm
+
+ .macro kuser_cmpxchg_check
+-#if !defined(CONFIG_CPU_32v6K) && !defined(CONFIG_NEEDS_SYSCALL_FOR_CMPXCHG)
++#if !defined(CONFIG_CPU_32v6K) && defined(CONFIG_KUSER_HELPERS) && \
++ !defined(CONFIG_NEEDS_SYSCALL_FOR_CMPXCHG)
+ #ifndef CONFIG_MMU
+ #warning "NPTL on non MMU needs fixing"
+ #else
+@@ -414,7 +512,9 @@ __und_usr:
tst r3, #PSR_T_BIT @ Thumb mode?
bne __und_usr_thumb
sub r4, r2, #4 @ ARM instr at LR - 4
@@ -2478,7 +2557,7 @@ index 0f82098..fb3d3d5 100644
#ifdef CONFIG_CPU_ENDIAN_BE8
rev r0, r0 @ little endian instruction
#endif
-@@ -491,10 +590,14 @@ __und_usr_thumb:
+@@ -449,10 +549,14 @@ __und_usr_thumb:
*/
.arch armv6t2
#endif
@@ -2493,7 +2572,17 @@ index 0f82098..fb3d3d5 100644
add r2, r2, #2 @ r2 is PC + 2, make it PC + 4
str r2, [sp, #S_PC] @ it's a 2x16bit instr, update
orr r0, r0, r5, lsl #16
-@@ -733,7 +836,7 @@ ENTRY(__switch_to)
+@@ -481,7 +585,8 @@ ENDPROC(__und_usr)
+ */
+ .pushsection .fixup, "ax"
+ .align 2
+-4: mov pc, r9
++4: pax_close_userland
++ mov pc, r9
+ .popsection
+ .pushsection __ex_table,"a"
+ .long 1b, 4b
+@@ -690,7 +795,7 @@ ENTRY(__switch_to)
THUMB( stmia ip!, {r4 - sl, fp} ) @ Store most regs on stack
THUMB( str sp, [ip], #4 )
THUMB( str lr, [ip], #4 )
@@ -2502,7 +2591,7 @@ index 0f82098..fb3d3d5 100644
ldr r6, [r2, #TI_CPU_DOMAIN]
#endif
set_tls r3, r4, r5
-@@ -742,7 +845,7 @@ ENTRY(__switch_to)
+@@ -699,7 +804,7 @@ ENTRY(__switch_to)
ldr r8, =__stack_chk_guard
ldr r7, [r7, #TSK_STACK_CANARY]
#endif
@@ -2512,7 +2601,7 @@ index 0f82098..fb3d3d5 100644
#endif
mov r5, r0
diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S
-index fefd7f9..e6f250e 100644
+index bc5bc0a..d0998ca 100644
--- a/arch/arm/kernel/entry-common.S
+++ b/arch/arm/kernel/entry-common.S
@@ -10,18 +10,46 @@
@@ -2565,7 +2654,7 @@ index fefd7f9..e6f250e 100644
.align 5
/*
* This is the fast syscall return path. We do as little as
-@@ -351,6 +379,7 @@ ENDPROC(ftrace_stub)
+@@ -350,6 +378,7 @@ ENDPROC(ftrace_stub)
.align 5
ENTRY(vector_swi)
@@ -2573,7 +2662,7 @@ index fefd7f9..e6f250e 100644
sub sp, sp, #S_FRAME_SIZE
stmia sp, {r0 - r12} @ Calling r0 - r12
ARM( add r8, sp, #S_PC )
-@@ -400,6 +429,12 @@ ENTRY(vector_swi)
+@@ -399,6 +428,12 @@ ENTRY(vector_swi)
ldr scno, [lr, #-4] @ get SWI instruction
#endif
@@ -2587,10 +2676,10 @@ index fefd7f9..e6f250e 100644
ldr ip, __cr_alignment
ldr ip, [ip]
diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S
-index 9a8531e..812e287 100644
+index 160f337..db67ee4 100644
--- a/arch/arm/kernel/entry-header.S
+++ b/arch/arm/kernel/entry-header.S
-@@ -73,9 +73,66 @@
+@@ -73,6 +73,60 @@
msr cpsr_c, \rtemp @ switch back to the SVC mode
.endm
@@ -2649,18 +2738,22 @@ index 9a8531e..812e287 100644
+ .endm
+
#ifndef CONFIG_THUMB2_KERNEL
- .macro svc_exit, rpsr
- msr spsr_cxsf, \rpsr
+ .macro svc_exit, rpsr, irq = 0
+ .if \irq != 0
+@@ -92,6 +146,9 @@
+ blne trace_hardirqs_off
+ #endif
+ .endif
+
+ pax_exit_kernel
+
+ msr spsr_cxsf, \rpsr
#if defined(CONFIG_CPU_V6)
ldr r0, [sp]
- strex r1, r2, [sp] @ clear the exclusive monitor
-@@ -121,6 +178,9 @@
- .endm
- #else /* CONFIG_THUMB2_KERNEL */
- .macro svc_exit, rpsr
+@@ -155,6 +212,9 @@
+ blne trace_hardirqs_off
+ #endif
+ .endif
+
+ pax_exit_kernel
+
@@ -2668,19 +2761,32 @@ index 9a8531e..812e287 100644
ldrd r0, r1, [sp, #S_LR] @ calling lr and pc
clrex @ clear the exclusive monitor
diff --git a/arch/arm/kernel/fiq.c b/arch/arm/kernel/fiq.c
-index 2adda11..7fbe958 100644
+index 25442f4..d4948fc 100644
--- a/arch/arm/kernel/fiq.c
+++ b/arch/arm/kernel/fiq.c
-@@ -82,7 +82,9 @@ void set_fiq_handler(void *start, unsigned int length)
- #if defined(CONFIG_CPU_USE_DOMAINS)
- memcpy((void *)0xffff001c, start, length);
- #else
+@@ -84,17 +84,16 @@ int show_fiq_list(struct seq_file *p, int prec)
+
+ void set_fiq_handler(void *start, unsigned int length)
+ {
+-#if defined(CONFIG_CPU_USE_DOMAINS)
+- void *base = (void *)0xffff0000;
+-#else
+ void *base = vectors_page;
+-#endif
+ unsigned offset = FIQ_OFFSET;
+
+ pax_open_kernel();
- memcpy(vectors_page + 0x1c, start, length);
+ memcpy(base + offset, start, length);
+ pax_close_kernel();
- #endif
- flush_icache_range(0xffff001c, 0xffff001c + length);
- if (!vectors_high())
++
++ if (!cache_is_vipt_nonaliasing())
++ flush_icache_range(base + offset, offset + length);
+ flush_icache_range(0xffff0000 + offset, 0xffff0000 + offset + length);
+- if (!vectors_high())
+- flush_icache_range(offset, offset + length);
+ }
+
+ int claim_fiq(struct fiq_handler *f)
diff --git a/arch/arm/kernel/head.S b/arch/arm/kernel/head.S
index 8bac553..caee108 100644
--- a/arch/arm/kernel/head.S
@@ -2782,6 +2888,34 @@ index 07314af..c46655c 100644
flush_icache_range((uintptr_t)(addr),
(uintptr_t)(addr) + size);
+diff --git a/arch/arm/kernel/perf_event.c b/arch/arm/kernel/perf_event.c
+index d9f5cd4..e186ee1 100644
+--- a/arch/arm/kernel/perf_event.c
++++ b/arch/arm/kernel/perf_event.c
+@@ -53,7 +53,12 @@ armpmu_map_cache_event(const unsigned (*cache_map)
+ static int
+ armpmu_map_hw_event(const unsigned (*event_map)[PERF_COUNT_HW_MAX], u64 config)
+ {
+- int mapping = (*event_map)[config];
++ int mapping;
++
++ if (config >= PERF_COUNT_HW_MAX)
++ return -EINVAL;
++
++ mapping = (*event_map)[config];
+ return mapping == HW_OP_UNSUPPORTED ? -ENOENT : mapping;
+ }
+
+@@ -253,6 +258,9 @@ validate_event(struct pmu_hw_events *hw_events,
+ struct arm_pmu *armpmu = to_arm_pmu(event->pmu);
+ struct pmu *leader_pmu = event->group_leader->pmu;
+
++ if (is_software_event(event))
++ return 1;
++
+ if (event->pmu != leader_pmu || event->state < PERF_EVENT_STATE_OFF)
+ return 1;
+
diff --git a/arch/arm/kernel/perf_event_cpu.c b/arch/arm/kernel/perf_event_cpu.c
index 1f2740e..b36e225 100644
--- a/arch/arm/kernel/perf_event_cpu.c
@@ -2796,10 +2930,10 @@ index 1f2740e..b36e225 100644
};
diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
-index 047d3e4..7e96107 100644
+index 5bc2615..4f1a0c2 100644
--- a/arch/arm/kernel/process.c
+++ b/arch/arm/kernel/process.c
-@@ -28,7 +28,6 @@
+@@ -28,10 +28,10 @@
#include <linux/tick.h>
#include <linux/utsname.h>
#include <linux/uaccess.h>
@@ -2807,30 +2941,39 @@ index 047d3e4..7e96107 100644
#include <linux/hw_breakpoint.h>
#include <linux/cpuidle.h>
#include <linux/leds.h>
-@@ -251,9 +250,10 @@ void machine_power_off(void)
- machine_shutdown();
++#include <linux/random.h>
+
+ #include <asm/cacheflush.h>
+ #include <asm/idmap.h>
+@@ -223,6 +223,7 @@ void machine_power_off(void)
+
if (pm_power_off)
pm_power_off();
+ BUG();
}
+ /*
+@@ -236,7 +237,7 @@ void machine_power_off(void)
+ * executing pre-reset code, and using RAM that the primary CPU's code wishes
+ * to use. Implementing such co-ordination would be essentially impossible.
+ */
-void machine_restart(char *cmd)
+__noreturn void machine_restart(char *cmd)
{
- machine_shutdown();
+ smp_send_stop();
+
+@@ -258,8 +259,8 @@ void __show_regs(struct pt_regs *regs)
+
+ show_regs_print_info(KERN_DEFAULT);
-@@ -278,8 +278,8 @@ void __show_regs(struct pt_regs *regs)
- init_utsname()->release,
- (int)strcspn(init_utsname()->version, " "),
- init_utsname()->version);
- print_symbol("PC is at %s\n", instruction_pointer(regs));
- print_symbol("LR is at %s\n", regs->ARM_lr);
-+ printk("PC is at %pA\n", instruction_pointer(regs));
-+ printk("LR is at %pA\n", regs->ARM_lr);
++ printk("PC is at %pA\n", (void *)instruction_pointer(regs));
++ printk("LR is at %pA\n", (void *)regs->ARM_lr);
printk("pc : [<%08lx>] lr : [<%08lx>] psr: %08lx\n"
"sp : %08lx ip : %08lx fp : %08lx\n",
regs->ARM_pc, regs->ARM_lr, regs->ARM_cpsr,
-@@ -447,12 +447,6 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -426,12 +427,6 @@ unsigned long get_wchan(struct task_struct *p)
return 0;
}
@@ -2841,20 +2984,70 @@ index 047d3e4..7e96107 100644
-}
-
#ifdef CONFIG_MMU
+ #ifdef CONFIG_KUSER_HELPERS
/*
- * The vectors page is always readable from user space for the
-@@ -465,9 +459,8 @@ static int __init gate_vma_init(void)
- {
- gate_vma.vm_start = 0xffff0000;
- gate_vma.vm_end = 0xffff0000 + PAGE_SIZE;
-- gate_vma.vm_page_prot = PAGE_READONLY_EXEC;
-- gate_vma.vm_flags = VM_READ | VM_EXEC |
-- VM_MAYREAD | VM_MAYEXEC;
-+ gate_vma.vm_flags = VM_NONE;
-+ gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags);
+@@ -447,7 +442,7 @@ static struct vm_area_struct gate_vma = {
+
+ static int __init gate_vma_init(void)
+ {
+- gate_vma.vm_page_prot = PAGE_READONLY_EXEC;
++ gate_vma.vm_page_prot = vm_get_page_prot(gate_vma.vm_flags);
return 0;
}
arch_initcall(gate_vma_init);
+@@ -466,48 +461,23 @@ int in_gate_area_no_mm(unsigned long addr)
+ {
+ return in_gate_area(NULL, addr);
+ }
+-#define is_gate_vma(vma) ((vma) = &gate_vma)
++#define is_gate_vma(vma) ((vma) == &gate_vma)
+ #else
+ #define is_gate_vma(vma) 0
+ #endif
+
+ const char *arch_vma_name(struct vm_area_struct *vma)
+ {
+- return is_gate_vma(vma) ? "[vectors]" :
+- (vma->vm_mm && vma->vm_start == vma->vm_mm->context.sigpage) ?
+- "[sigpage]" : NULL;
++ return is_gate_vma(vma) ? "[vectors]" : NULL;
+ }
+
+-static struct page *signal_page;
+-extern struct page *get_signal_page(void);
+-
+ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+ {
+ struct mm_struct *mm = current->mm;
+- unsigned long addr;
+- int ret;
+-
+- if (!signal_page)
+- signal_page = get_signal_page();
+- if (!signal_page)
+- return -ENOMEM;
+
+ down_write(&mm->mmap_sem);
+- addr = get_unmapped_area(NULL, 0, PAGE_SIZE, 0, 0);
+- if (IS_ERR_VALUE(addr)) {
+- ret = addr;
+- goto up_fail;
+- }
+-
+- ret = install_special_mapping(mm, addr, PAGE_SIZE,
+- VM_READ | VM_EXEC | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC,
+- &signal_page);
+-
+- if (ret == 0)
+- mm->context.sigpage = addr;
+-
+- up_fail:
++ mm->context.sigpage = (PAGE_OFFSET + (get_random_int() % 0x3FFEFFE0)) & 0xFFFFFFFC;
+ up_write(&mm->mmap_sem);
+- return ret;
++ return 0;
+ }
+ #endif
diff --git a/arch/arm/kernel/psci.c b/arch/arm/kernel/psci.c
index 3653164..d83e55d 100644
--- a/arch/arm/kernel/psci.c
@@ -2893,10 +3086,10 @@ index 03deeff..741ce88 100644
if (secure_computing(scno) == -1)
return -1;
diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c
-index 234e339..81264a1 100644
+index b4b1d39..efdc9be 100644
--- a/arch/arm/kernel/setup.c
+++ b/arch/arm/kernel/setup.c
-@@ -96,21 +96,23 @@ EXPORT_SYMBOL(system_serial_high);
+@@ -97,21 +97,23 @@ EXPORT_SYMBOL(system_serial_high);
unsigned int elf_hwcap __read_mostly;
EXPORT_SYMBOL(elf_hwcap);
@@ -2925,7 +3118,7 @@ index 234e339..81264a1 100644
EXPORT_SYMBOL(outer_cache);
#endif
-@@ -235,9 +237,13 @@ static int __get_cpu_architecture(void)
+@@ -236,9 +238,13 @@ static int __get_cpu_architecture(void)
asm("mrc p15, 0, %0, c0, c1, 4"
: "=r" (mmfr0));
if ((mmfr0 & 0x0000000f) >= 0x00000003 ||
@@ -2941,7 +3134,7 @@ index 234e339..81264a1 100644
(mmfr0 & 0x000000f0) == 0x00000020)
cpu_arch = CPU_ARCH_ARMv6;
else
-@@ -478,7 +484,7 @@ static void __init setup_processor(void)
+@@ -479,7 +485,7 @@ static void __init setup_processor(void)
__cpu_architecture = __get_cpu_architecture();
#ifdef MULTI_CPU
@@ -2951,42 +3144,64 @@ index 234e339..81264a1 100644
#ifdef MULTI_TLB
cpu_tlb = *list->tlb;
diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c
-index 296786b..a8d4dd5 100644
+index 5a42c12..a2bb7c6 100644
--- a/arch/arm/kernel/signal.c
+++ b/arch/arm/kernel/signal.c
-@@ -396,22 +396,14 @@ setup_return(struct pt_regs *regs, struct ksignal *ksig,
- __put_user(sigreturn_codes[idx+1], rc+1))
- return 1;
+@@ -45,8 +45,6 @@ static const unsigned long sigreturn_codes[7] = {
+ MOV_R7_NR_RT_SIGRETURN, SWI_SYS_RT_SIGRETURN, SWI_THUMB_RT_SIGRETURN,
+ };
-- if (cpsr & MODE32_BIT) {
-- /*
-- * 32-bit code can use the new high-page
-- * signal return code support.
-- */
-- retcode = KERN_SIGRETURN_CODE + (idx << 2) + thumb;
-- } else {
-- /*
-- * Ensure that the instruction cache sees
-- * the return code written onto the stack.
-- */
-- flush_icache_range((unsigned long)rc,
-- (unsigned long)(rc + 2));
+-static unsigned long signal_return_offset;
-
-- retcode = ((unsigned long)rc) + thumb;
-- }
-+ /*
-+ * Ensure that the instruction cache sees
-+ * the return code written onto the stack.
-+ */
-+ flush_icache_range((unsigned long)rc,
-+ (unsigned long)(rc + 2));
-+
-+ retcode = ((unsigned long)rc) + thumb;
- }
-
- regs->ARM_r0 = map_sig(ksig->sig);
+ #ifdef CONFIG_CRUNCH
+ static int preserve_crunch_context(struct crunch_sigframe __user *frame)
+ {
+@@ -406,8 +404,7 @@ setup_return(struct pt_regs *regs, struct ksignal *ksig,
+ * except when the MPU has protected the vectors
+ * page from PL0
+ */
+- retcode = mm->context.sigpage + signal_return_offset +
+- (idx << 2) + thumb;
++ retcode = mm->context.sigpage + (idx << 2) + thumb;
+ } else
+ #endif
+ {
+@@ -611,33 +608,3 @@ do_work_pending(struct pt_regs *regs, unsigned int thread_flags, int syscall)
+ } while (thread_flags & _TIF_WORK_MASK);
+ return 0;
+ }
+-
+-struct page *get_signal_page(void)
+-{
+- unsigned long ptr;
+- unsigned offset;
+- struct page *page;
+- void *addr;
+-
+- page = alloc_pages(GFP_KERNEL, 0);
+-
+- if (!page)
+- return NULL;
+-
+- addr = page_address(page);
+-
+- /* Give the signal return code some randomness */
+- offset = 0x200 + (get_random_int() & 0x7fc);
+- signal_return_offset = offset;
+-
+- /*
+- * Copy signal return handlers into the vector page, and
+- * set sigreturn to be a pointer to these.
+- */
+- memcpy(addr + offset, sigreturn_codes, sizeof(sigreturn_codes));
+-
+- ptr = (unsigned long)addr + offset;
+- flush_icache_range(ptr, ptr + sizeof(sigreturn_codes));
+-
+- return page;
+-}
diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c
-index 1f2cccc..f40c02e 100644
+index 5919eb4..b5d6dfe 100644
--- a/arch/arm/kernel/smp.c
+++ b/arch/arm/kernel/smp.c
@@ -70,7 +70,7 @@ enum ipi_msg_type {
@@ -2999,10 +3214,10 @@ index 1f2cccc..f40c02e 100644
void __init smp_set_ops(struct smp_operations *ops)
{
diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
-index 1c08911..264f009 100644
+index 6b9567e..b8af2d6 100644
--- a/arch/arm/kernel/traps.c
+++ b/arch/arm/kernel/traps.c
-@@ -57,7 +57,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long);
+@@ -55,7 +55,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long);
void dump_backtrace_entry(unsigned long where, unsigned long from, unsigned long frame)
{
#ifdef CONFIG_KALLSYMS
@@ -3011,7 +3226,7 @@ index 1c08911..264f009 100644
#else
printk("Function entered at [<%08lx>] from [<%08lx>]\n", where, from);
#endif
-@@ -266,6 +266,8 @@ static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED;
+@@ -257,6 +257,8 @@ static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED;
static int die_owner = -1;
static unsigned int die_nest_count;
@@ -3020,7 +3235,7 @@ index 1c08911..264f009 100644
static unsigned long oops_begin(void)
{
int cpu;
-@@ -308,6 +310,9 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, int signr)
+@@ -299,6 +301,9 @@ static void oops_end(unsigned long flags, struct pt_regs *regs, int signr)
panic("Fatal exception in interrupt");
if (panic_on_oops)
panic("Fatal exception");
@@ -3030,7 +3245,7 @@ index 1c08911..264f009 100644
if (signr)
do_exit(signr);
}
-@@ -601,7 +606,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
+@@ -592,7 +597,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
* The user helper at 0xffff0fe0 must be used instead.
* (see entry-armv.S for details)
*/
@@ -3040,18 +3255,10 @@ index 1c08911..264f009 100644
}
return 0;
-@@ -841,13 +848,10 @@ void __init early_trap_init(void *vectors_base)
- */
- kuser_get_tls_init(vectors);
+@@ -848,5 +855,9 @@ void __init early_trap_init(void *vectors_base)
+ kuser_init(vectors_base);
-- /*
-- * Copy signal return handlers into the vector page, and
-- * set sigreturn to be a pointer to these.
-- */
-- memcpy((void *)(vectors + KERN_SIGRETURN_CODE - CONFIG_VECTORS_BASE),
-- sigreturn_codes, sizeof(sigreturn_codes));
--
- flush_icache_range(vectors, vectors + PAGE_SIZE);
+ flush_icache_range(vectors, vectors + PAGE_SIZE * 2);
- modify_domain(DOMAIN_USER, DOMAIN_CLIENT);
+
+#ifndef CONFIG_PAX_MEMORY_UDEREF
@@ -3060,7 +3267,7 @@ index 1c08911..264f009 100644
+
}
diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S
-index b571484..4b2fc9b 100644
+index 33f2ea3..0b91824 100644
--- a/arch/arm/kernel/vmlinux.lds.S
+++ b/arch/arm/kernel/vmlinux.lds.S
@@ -8,7 +8,11 @@
@@ -3108,7 +3315,7 @@ index b571484..4b2fc9b 100644
#ifndef CONFIG_XIP_KERNEL
. = ALIGN(PAGE_SIZE);
-@@ -207,6 +220,11 @@ SECTIONS
+@@ -224,6 +237,11 @@ SECTIONS
. = PAGE_OFFSET + TEXT_OFFSET;
#else
__init_end = .;
@@ -3258,10 +3465,10 @@ index 025f742..8432b08 100644
/*
* This test is stubbed out of the main function above to keep
diff --git a/arch/arm/mach-kirkwood/common.c b/arch/arm/mach-kirkwood/common.c
-index 49792a0..f192052 100644
+index f389228..592ef66 100644
--- a/arch/arm/mach-kirkwood/common.c
+++ b/arch/arm/mach-kirkwood/common.c
-@@ -150,7 +150,16 @@ static void clk_gate_fn_disable(struct clk_hw *hw)
+@@ -149,7 +149,16 @@ static void clk_gate_fn_disable(struct clk_hw *hw)
clk_gate_ops.disable(hw);
}
@@ -3279,7 +3486,7 @@ index 49792a0..f192052 100644
static struct clk __init *clk_register_gate_fn(struct device *dev,
const char *name,
-@@ -184,14 +193,6 @@ static struct clk __init *clk_register_gate_fn(struct device *dev,
+@@ -183,14 +192,6 @@ static struct clk __init *clk_register_gate_fn(struct device *dev,
gate_fn->fn_en = fn_en;
gate_fn->fn_dis = fn_dis;
@@ -3308,10 +3515,10 @@ index f6eeb87..cc90868 100644
};
diff --git a/arch/arm/mach-omap2/gpmc.c b/arch/arm/mach-omap2/gpmc.c
-index 410e1ba..1d2dd59 100644
+index 6c4da12..d9ca72d 100644
--- a/arch/arm/mach-omap2/gpmc.c
+++ b/arch/arm/mach-omap2/gpmc.c
-@@ -145,7 +145,6 @@ struct omap3_gpmc_regs {
+@@ -147,7 +147,6 @@ struct omap3_gpmc_regs {
};
static struct gpmc_client_irq gpmc_client_irq[GPMC_NR_IRQ];
@@ -3319,7 +3526,7 @@ index 410e1ba..1d2dd59 100644
static unsigned gpmc_irq_start;
static struct resource gpmc_mem_root;
-@@ -707,6 +706,18 @@ static void gpmc_irq_noop(struct irq_data *data) { }
+@@ -711,6 +710,18 @@ static void gpmc_irq_noop(struct irq_data *data) { }
static unsigned int gpmc_irq_noop_ret(struct irq_data *data) { return 0; }
@@ -3338,7 +3545,7 @@ index 410e1ba..1d2dd59 100644
static int gpmc_setup_irq(void)
{
int i;
-@@ -721,15 +732,6 @@ static int gpmc_setup_irq(void)
+@@ -725,15 +736,6 @@ static int gpmc_setup_irq(void)
return gpmc_irq_start;
}
@@ -3368,7 +3575,7 @@ index f8bb3b9..831e7b8 100644
};
diff --git a/arch/arm/mach-omap2/omap_device.c b/arch/arm/mach-omap2/omap_device.c
-index 381be7a..89b9c7e 100644
+index e6d2307..d057195 100644
--- a/arch/arm/mach-omap2/omap_device.c
+++ b/arch/arm/mach-omap2/omap_device.c
@@ -499,7 +499,7 @@ void omap_device_delete(struct omap_device *od)
@@ -3409,10 +3616,10 @@ index 044c31d..2ee0861 100644
struct omap_device *omap_device_alloc(struct platform_device *pdev,
struct omap_hwmod **ohs, int oh_cnt);
diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c
-index 3a750de..4c9b88f 100644
+index 7341eff..fd75e34 100644
--- a/arch/arm/mach-omap2/omap_hwmod.c
+++ b/arch/arm/mach-omap2/omap_hwmod.c
-@@ -191,10 +191,10 @@ struct omap_hwmod_soc_ops {
+@@ -194,10 +194,10 @@ struct omap_hwmod_soc_ops {
int (*init_clkdm)(struct omap_hwmod *oh);
void (*update_context_lost)(struct omap_hwmod *oh);
int (*get_context_lost)(struct omap_hwmod *oh);
@@ -3449,10 +3656,23 @@ index d15c7bb..b2d1f0c 100644
pdev = omap_device_build(dev_name, id, oh, &pdata,
sizeof(struct omap_wd_timer_platform_data));
WARN(IS_ERR(pdev), "Can't build omap_device for %s:%s.\n",
-diff --git a/arch/arm/mach-ux500/include/mach/setup.h b/arch/arm/mach-ux500/include/mach/setup.h
-index bddce2b..3eb04e2 100644
---- a/arch/arm/mach-ux500/include/mach/setup.h
-+++ b/arch/arm/mach-ux500/include/mach/setup.h
+diff --git a/arch/arm/mach-tegra/cpuidle-tegra20.c b/arch/arm/mach-tegra/cpuidle-tegra20.c
+index 0cdba8d..297993e 100644
+--- a/arch/arm/mach-tegra/cpuidle-tegra20.c
++++ b/arch/arm/mach-tegra/cpuidle-tegra20.c
+@@ -181,7 +181,7 @@ static int tegra20_idle_lp2_coupled(struct cpuidle_device *dev,
+ bool entered_lp2 = false;
+
+ if (tegra_pending_sgi())
+- ACCESS_ONCE(abort_flag) = true;
++ ACCESS_ONCE_RW(abort_flag) = true;
+
+ cpuidle_coupled_parallel_barrier(dev, &abort_barrier);
+
+diff --git a/arch/arm/mach-ux500/setup.h b/arch/arm/mach-ux500/setup.h
+index cad3ca86..1d79e0f 100644
+--- a/arch/arm/mach-ux500/setup.h
++++ b/arch/arm/mach-ux500/setup.h
@@ -37,13 +37,6 @@ extern void ux500_timer_init(void);
.type = MT_DEVICE, \
}
@@ -3468,10 +3688,10 @@ index bddce2b..3eb04e2 100644
extern void ux500_cpu_die(unsigned int cpu);
diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig
-index 4045c49..0263c07 100644
+index 2950082..d0f0782 100644
--- a/arch/arm/mm/Kconfig
+++ b/arch/arm/mm/Kconfig
-@@ -425,7 +425,7 @@ config CPU_32v5
+@@ -436,7 +436,7 @@ config CPU_32v5
config CPU_32v6
bool
@@ -3480,7 +3700,7 @@ index 4045c49..0263c07 100644
select TLS_REG_EMUL if !CPU_32v6K && !MMU
config CPU_32v6K
-@@ -574,6 +574,7 @@ config CPU_CP15_MPU
+@@ -585,6 +585,7 @@ config CPU_CP15_MPU
config CPU_USE_DOMAINS
bool
@@ -3488,8 +3708,25 @@ index 4045c49..0263c07 100644
help
This option enables or disables the use of domain switching
via the set_fs() function.
+@@ -780,6 +781,7 @@ config NEED_KUSER_HELPERS
+ config KUSER_HELPERS
+ bool "Enable kuser helpers in vector page" if !NEED_KUSER_HELPERS
+ default y
++ depends on !(CPU_V6 || CPU_V6K || CPU_V7)
+ help
+ Warning: disabling this option may break user programs.
+
+@@ -790,7 +792,7 @@ config KUSER_HELPERS
+ run on ARMv4 through to ARMv7 without modification.
+
+ However, the fixed address nature of these helpers can be used
+- by ROP (return orientated programming) authors when creating
++ by ROP (Return Oriented Programming) authors when creating
+ exploits.
+
+ If all of the binaries and libraries which run on your platform
diff --git a/arch/arm/mm/alignment.c b/arch/arm/mm/alignment.c
-index db26e2e..ee44569 100644
+index 6f4585b..7b6f52b 100644
--- a/arch/arm/mm/alignment.c
+++ b/arch/arm/mm/alignment.c
@@ -211,10 +211,12 @@ union offset_union {
@@ -3554,7 +3791,7 @@ index db26e2e..ee44569 100644
goto fault; \
} while (0)
diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c
-index 5dbf13f..1a60561 100644
+index 5dbf13f..ee1ec24 100644
--- a/arch/arm/mm/fault.c
+++ b/arch/arm/mm/fault.c
@@ -25,6 +25,7 @@
@@ -3657,11 +3894,29 @@ index 5dbf13f..1a60561 100644
printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n",
inf->name, fsr, addr);
-@@ -575,9 +637,49 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs)
+@@ -569,15 +631,67 @@ hook_ifault_code(int nr, int (*fn)(unsigned long, unsigned int, struct pt_regs *
+ ifsr_info[nr].name = name;
+ }
+
++asmlinkage int sys_sigreturn(struct pt_regs *regs);
++asmlinkage int sys_rt_sigreturn(struct pt_regs *regs);
++
+ asmlinkage void __exception
+ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs)
+ {
const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr);
struct siginfo info;
+ if (user_mode(regs)) {
++ unsigned long sigpage = current->mm->context.sigpage;
++
++ if (sigpage <= addr && addr < sigpage + 7*4) {
++ if (addr < sigpage + 3*4)
++ sys_sigreturn(regs);
++ else
++ sys_rt_sigreturn(regs);
++ return;
++ }
+ if (addr == 0xffff0fe0UL) {
+ /*
+ * PaX: __kuser_get_tls emulation
@@ -3738,7 +3993,7 @@ index cf08bdf..772656c 100644
unsigned long search_exception_table(unsigned long addr);
diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c
-index ad722f1..763fdd3 100644
+index 0ecc43f..190b956 100644
--- a/arch/arm/mm/init.c
+++ b/arch/arm/mm/init.c
@@ -30,6 +30,8 @@
@@ -3750,12 +4005,12 @@ index ad722f1..763fdd3 100644
#include <asm/mach/arch.h>
#include <asm/mach/map.h>
-@@ -736,7 +738,46 @@ void free_initmem(void)
+@@ -726,7 +728,46 @@ void free_initmem(void)
{
#ifdef CONFIG_HAVE_TCM
extern char __tcm_start, __tcm_end;
+#endif
-+
+
+#ifdef CONFIG_PAX_KERNEXEC
+ unsigned long addr;
+ pgd_t *pgd;
@@ -3792,11 +4047,11 @@ index ad722f1..763fdd3 100644
+ }
+ }
+#endif
-
++
+#ifdef CONFIG_HAVE_TCM
poison_init_mem(&__tcm_start, &__tcm_end - &__tcm_start);
- totalram_pages += free_area(__phys_to_pfn(__pa(&__tcm_start)),
- __phys_to_pfn(__pa(&__tcm_end)),
+ free_reserved_area(&__tcm_start, &__tcm_end, 0, "TCM link");
+ #endif
diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c
index 04d9006..c547d85 100644
--- a/arch/arm/mm/ioremap.c
@@ -3926,7 +4181,7 @@ index 10062ce..8695745 100644
mm->unmap_area = arch_unmap_area_topdown;
}
diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c
-index a84ff76..f221c1d 100644
+index daf336f..4e6392c 100644
--- a/arch/arm/mm/mmu.c
+++ b/arch/arm/mm/mmu.c
@@ -36,6 +36,22 @@
@@ -3952,9 +4207,9 @@ index a84ff76..f221c1d 100644
/*
* empty_zero_page is a special page that is used for
* zero-initialized data and COW.
-@@ -211,10 +227,18 @@ void adjust_cr(unsigned long mask, unsigned long set)
- }
- #endif
+@@ -228,10 +244,18 @@ __setup("noalign", noalign_setup);
+
+ #endif /* ifdef CONFIG_CPU_CP15 / else */
-#define PROT_PTE_DEVICE L_PTE_PRESENT|L_PTE_YOUNG|L_PTE_DIRTY|L_PTE_XN
+#define PROT_PTE_DEVICE L_PTE_PRESENT|L_PTE_YOUNG|L_PTE_DIRTY
@@ -3973,7 +4228,7 @@ index a84ff76..f221c1d 100644
[MT_DEVICE] = { /* Strongly ordered / ARMv6 shared device */
.prot_pte = PROT_PTE_DEVICE | L_PTE_MT_DEV_SHARED |
L_PTE_SHARED,
-@@ -243,16 +267,16 @@ static struct mem_type mem_types[] = {
+@@ -260,16 +284,16 @@ static struct mem_type mem_types[] = {
[MT_UNCACHED] = {
.prot_pte = PROT_PTE_DEVICE,
.prot_l1 = PMD_TYPE_TABLE,
@@ -3993,7 +4248,7 @@ index a84ff76..f221c1d 100644
.domain = DOMAIN_KERNEL,
},
#endif
-@@ -260,36 +284,54 @@ static struct mem_type mem_types[] = {
+@@ -277,36 +301,54 @@ static struct mem_type mem_types[] = {
.prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY |
L_PTE_RDONLY,
.prot_l1 = PMD_TYPE_TABLE,
@@ -4002,8 +4257,7 @@ index a84ff76..f221c1d 100644
},
[MT_HIGH_VECTORS] = {
.prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY |
-- L_PTE_USER | L_PTE_RDONLY,
-+ L_PTE_RDONLY,
+ L_PTE_USER | L_PTE_RDONLY,
.prot_l1 = PMD_TYPE_TABLE,
- .domain = DOMAIN_USER,
+ .domain = DOMAIN_VECTORS,
@@ -4057,7 +4311,7 @@ index a84ff76..f221c1d 100644
.domain = DOMAIN_KERNEL,
},
[MT_MEMORY_ITCM] = {
-@@ -299,10 +341,10 @@ static struct mem_type mem_types[] = {
+@@ -316,10 +358,10 @@ static struct mem_type mem_types[] = {
},
[MT_MEMORY_SO] = {
.prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY |
@@ -4070,7 +4324,7 @@ index a84ff76..f221c1d 100644
.domain = DOMAIN_KERNEL,
},
[MT_MEMORY_DMA_READY] = {
-@@ -388,9 +430,35 @@ static void __init build_mem_type_table(void)
+@@ -405,9 +447,35 @@ static void __init build_mem_type_table(void)
* to prevent speculative instruction fetches.
*/
mem_types[MT_DEVICE].prot_sect |= PMD_SECT_XN;
@@ -4106,7 +4360,7 @@ index a84ff76..f221c1d 100644
}
if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) {
/*
-@@ -451,6 +519,9 @@ static void __init build_mem_type_table(void)
+@@ -468,6 +536,9 @@ static void __init build_mem_type_table(void)
* from SVC mode and no access from userspace.
*/
mem_types[MT_ROM].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
@@ -4116,7 +4370,7 @@ index a84ff76..f221c1d 100644
mem_types[MT_MINICLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE;
#endif
-@@ -468,11 +539,17 @@ static void __init build_mem_type_table(void)
+@@ -485,11 +556,17 @@ static void __init build_mem_type_table(void)
mem_types[MT_DEVICE_WC].prot_pte |= L_PTE_SHARED;
mem_types[MT_DEVICE_CACHED].prot_sect |= PMD_SECT_S;
mem_types[MT_DEVICE_CACHED].prot_pte |= L_PTE_SHARED;
@@ -4138,7 +4392,7 @@ index a84ff76..f221c1d 100644
}
}
-@@ -483,15 +560,20 @@ static void __init build_mem_type_table(void)
+@@ -500,15 +577,20 @@ static void __init build_mem_type_table(void)
if (cpu_arch >= CPU_ARCH_ARMv6) {
if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) {
/* Non-cacheable Normal is XCB = 001 */
@@ -4162,7 +4416,7 @@ index a84ff76..f221c1d 100644
}
#ifdef CONFIG_ARM_LPAE
-@@ -507,6 +589,8 @@ static void __init build_mem_type_table(void)
+@@ -524,6 +606,8 @@ static void __init build_mem_type_table(void)
vecs_pgprot |= PTE_EXT_AF;
#endif
@@ -4171,7 +4425,7 @@ index a84ff76..f221c1d 100644
for (i = 0; i < 16; i++) {
pteval_t v = pgprot_val(protection_map[i]);
protection_map[i] = __pgprot(v | user_pgprot);
-@@ -524,10 +608,15 @@ static void __init build_mem_type_table(void)
+@@ -541,10 +625,15 @@ static void __init build_mem_type_table(void)
mem_types[MT_LOW_VECTORS].prot_l1 |= ecc_mask;
mem_types[MT_HIGH_VECTORS].prot_l1 |= ecc_mask;
@@ -4190,30 +4444,30 @@ index a84ff76..f221c1d 100644
mem_types[MT_ROM].prot_sect |= cp->pmd;
switch (cp->pmd) {
-@@ -1147,18 +1236,15 @@ void __init arm_mm_memblock_reserve(void)
+@@ -1166,18 +1255,15 @@ void __init arm_mm_memblock_reserve(void)
* called function. This means you can't use any function or debugging
* method which may touch any device, otherwise the kernel _will_ crash.
*/
+
-+static char vectors[PAGE_SIZE] __read_only __aligned(PAGE_SIZE);
++static char vectors[PAGE_SIZE * 2] __read_only __aligned(PAGE_SIZE);
+
static void __init devicemaps_init(struct machine_desc *mdesc)
{
struct map_desc map;
unsigned long addr;
- void *vectors;
--
+
- /*
- * Allocate the vector page early.
- */
-- vectors = early_alloc(PAGE_SIZE);
-
+- vectors = early_alloc(PAGE_SIZE * 2);
+-
- early_trap_init(vectors);
+ early_trap_init(&vectors);
for (addr = VMALLOC_START; addr; addr += PMD_SIZE)
pmd_clear(pmd_off_k(addr));
-@@ -1198,7 +1284,7 @@ static void __init devicemaps_init(struct machine_desc *mdesc)
+@@ -1217,7 +1303,7 @@ static void __init devicemaps_init(struct machine_desc *mdesc)
* location (0xffff0000). If we aren't using high-vectors, also
* create a mapping at the low-vectors virtual address.
*/
@@ -4221,8 +4475,8 @@ index a84ff76..f221c1d 100644
+ map.pfn = __phys_to_pfn(virt_to_phys(&vectors));
map.virtual = 0xffff0000;
map.length = PAGE_SIZE;
- map.type = MT_HIGH_VECTORS;
-@@ -1256,8 +1342,39 @@ static void __init map_lowmem(void)
+ #ifdef CONFIG_KUSER_HELPERS
+@@ -1287,8 +1373,39 @@ static void __init map_lowmem(void)
map.pfn = __phys_to_pfn(start);
map.virtual = __phys_to_virt(start);
map.length = end - start;
@@ -4263,20 +4517,6 @@ index a84ff76..f221c1d 100644
create_mapping(&map);
}
}
-diff --git a/arch/arm/mm/proc-v7-2level.S b/arch/arm/mm/proc-v7-2level.S
-index 78f520b..31f0cb6 100644
---- a/arch/arm/mm/proc-v7-2level.S
-+++ b/arch/arm/mm/proc-v7-2level.S
-@@ -99,6 +99,9 @@ ENTRY(cpu_v7_set_pte_ext)
- tst r1, #L_PTE_XN
- orrne r3, r3, #PTE_EXT_XN
-
-+ tst r1, #L_PTE_PXN
-+ orrne r3, r3, #PTE_EXT_PXN
-+
- tst r1, #L_PTE_YOUNG
- tstne r1, #L_PTE_VALID
- #ifndef CONFIG_CPU_USE_DOMAINS
diff --git a/arch/arm/plat-omap/sram.c b/arch/arm/plat-omap/sram.c
index a5bc92d..0bb4730 100644
--- a/arch/arm/plat-omap/sram.c
@@ -4291,10 +4531,10 @@ index a5bc92d..0bb4730 100644
+ pax_close_kernel();
}
diff --git a/arch/arm/plat-samsung/include/plat/dma-ops.h b/arch/arm/plat-samsung/include/plat/dma-ops.h
-index 1141782..0959d64 100644
+index ce6d763..cfea917 100644
--- a/arch/arm/plat-samsung/include/plat/dma-ops.h
+++ b/arch/arm/plat-samsung/include/plat/dma-ops.h
-@@ -48,7 +48,7 @@ struct samsung_dma_ops {
+@@ -47,7 +47,7 @@ struct samsung_dma_ops {
int (*started)(unsigned ch);
int (*flush)(unsigned ch);
int (*stop)(unsigned ch);
@@ -4303,6 +4543,33 @@ index 1141782..0959d64 100644
extern void *samsung_dmadev_get_ops(void);
extern void *s3c_dma_get_ops(void);
+diff --git a/arch/arm64/include/asm/tlb.h b/arch/arm64/include/asm/tlb.h
+index 654f096..5546653 100644
+--- a/arch/arm64/include/asm/tlb.h
++++ b/arch/arm64/include/asm/tlb.h
+@@ -35,6 +35,7 @@ struct mmu_gather {
+ struct mm_struct *mm;
+ unsigned int fullmm;
+ struct vm_area_struct *vma;
++ unsigned long start, end;
+ unsigned long range_start;
+ unsigned long range_end;
+ unsigned int nr;
+@@ -97,10 +98,12 @@ static inline void tlb_flush_mmu(struct mmu_gather *tlb)
+ }
+
+ static inline void
+-tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int fullmm)
++tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end)
+ {
+ tlb->mm = mm;
+- tlb->fullmm = fullmm;
++ tlb->fullmm = !(start | (end+1));
++ tlb->start = start;
++ tlb->end = end;
+ tlb->vma = NULL;
+ tlb->max = ARRAY_SIZE(tlb->local);
+ tlb->pages = tlb->local;
diff --git a/arch/arm64/kernel/debug-monitors.c b/arch/arm64/kernel/debug-monitors.c
index f4726dc..39ed646 100644
--- a/arch/arm64/kernel/debug-monitors.c
@@ -4712,6 +4979,45 @@ index 54ff557..70c88b7 100644
}
static __always_inline void __ticket_spin_unlock_wait(arch_spinlock_t *lock)
+diff --git a/arch/ia64/include/asm/tlb.h b/arch/ia64/include/asm/tlb.h
+index ef3a9de..bc5efc7 100644
+--- a/arch/ia64/include/asm/tlb.h
++++ b/arch/ia64/include/asm/tlb.h
+@@ -22,7 +22,7 @@
+ * unmapping a portion of the virtual address space, these hooks are called according to
+ * the following template:
+ *
+- * tlb <- tlb_gather_mmu(mm, full_mm_flush); // start unmap for address space MM
++ * tlb <- tlb_gather_mmu(mm, start, end); // start unmap for address space MM
+ * {
+ * for each vma that needs a shootdown do {
+ * tlb_start_vma(tlb, vma);
+@@ -58,6 +58,7 @@ struct mmu_gather {
+ unsigned int max;
+ unsigned char fullmm; /* non-zero means full mm flush */
+ unsigned char need_flush; /* really unmapped some PTEs? */
++ unsigned long start, end;
+ unsigned long start_addr;
+ unsigned long end_addr;
+ struct page **pages;
+@@ -155,13 +156,15 @@ static inline void __tlb_alloc_page(struct mmu_gather *tlb)
+
+
+ static inline void
+-tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int full_mm_flush)
++tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end)
+ {
+ tlb->mm = mm;
+ tlb->max = ARRAY_SIZE(tlb->local);
+ tlb->pages = tlb->local;
+ tlb->nr = 0;
+- tlb->fullmm = full_mm_flush;
++ tlb->fullmm = !(start | (end+1));
++ tlb->start = start;
++ tlb->end = end;
+ tlb->start_addr = ~0UL;
+ }
+
diff --git a/arch/ia64/include/asm/uaccess.h b/arch/ia64/include/asm/uaccess.h
index 449c8c0..18965fb 100644
--- a/arch/ia64/include/asm/uaccess.h
@@ -4893,10 +5199,10 @@ index 24603be..948052d 100644
DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp);
}
diff --git a/arch/ia64/kernel/palinfo.c b/arch/ia64/kernel/palinfo.c
-index 79521d5..43dddff 100644
+index 2b3c2d7..a318d84 100644
--- a/arch/ia64/kernel/palinfo.c
+++ b/arch/ia64/kernel/palinfo.c
-@@ -1006,7 +1006,7 @@ static int __cpuinit palinfo_cpu_callback(struct notifier_block *nfb,
+@@ -980,7 +980,7 @@ static int __cpuinit palinfo_cpu_callback(struct notifier_block *nfb,
return NOTIFY_OK;
}
@@ -4906,10 +5212,10 @@ index 79521d5..43dddff 100644
.notifier_call = palinfo_cpu_callback,
.priority = 0,
diff --git a/arch/ia64/kernel/salinfo.c b/arch/ia64/kernel/salinfo.c
-index aa527d7..f237752 100644
+index 4bc580a..7767f24 100644
--- a/arch/ia64/kernel/salinfo.c
+++ b/arch/ia64/kernel/salinfo.c
-@@ -616,7 +616,7 @@ salinfo_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu
+@@ -609,7 +609,7 @@ salinfo_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu
return NOTIFY_OK;
}
@@ -5050,7 +5356,7 @@ index 76069c1..c2aa816 100644
}
diff --git a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c
-index 20bc967..a26993e 100644
+index d1fe4b4..2628f37 100644
--- a/arch/ia64/mm/init.c
+++ b/arch/ia64/mm/init.c
@@ -120,6 +120,19 @@ ia64_init_addr_space (void)
@@ -5246,11 +5552,102 @@ index c1f6afa..38cc6e9 100644
+#define arch_align_stack(x) ((x) & ~0xfUL)
#endif /* _ASM_EXEC_H */
+diff --git a/arch/mips/include/asm/local.h b/arch/mips/include/asm/local.h
+index d44622c..64990d2 100644
+--- a/arch/mips/include/asm/local.h
++++ b/arch/mips/include/asm/local.h
+@@ -12,15 +12,25 @@ typedef struct
+ atomic_long_t a;
+ } local_t;
+
++typedef struct {
++ atomic_long_unchecked_t a;
++} local_unchecked_t;
++
+ #define LOCAL_INIT(i) { ATOMIC_LONG_INIT(i) }
+
+ #define local_read(l) atomic_long_read(&(l)->a)
++#define local_read_unchecked(l) atomic_long_read_unchecked(&(l)->a)
+ #define local_set(l, i) atomic_long_set(&(l)->a, (i))
++#define local_set_unchecked(l, i) atomic_long_set_unchecked(&(l)->a, (i))
+
+ #define local_add(i, l) atomic_long_add((i), (&(l)->a))
++#define local_add_unchecked(i, l) atomic_long_add_unchecked((i), (&(l)->a))
+ #define local_sub(i, l) atomic_long_sub((i), (&(l)->a))
++#define local_sub_unchecked(i, l) atomic_long_sub_unchecked((i), (&(l)->a))
+ #define local_inc(l) atomic_long_inc(&(l)->a)
++#define local_inc_unchecked(l) atomic_long_inc_unchecked(&(l)->a)
+ #define local_dec(l) atomic_long_dec(&(l)->a)
++#define local_dec_unchecked(l) atomic_long_dec_unchecked(&(l)->a)
+
+ /*
+ * Same as above, but return the result value
+@@ -70,6 +80,51 @@ static __inline__ long local_add_return(long i, local_t * l)
+ return result;
+ }
+
++static __inline__ long local_add_return_unchecked(long i, local_unchecked_t * l)
++{
++ unsigned long result;
++
++ if (kernel_uses_llsc && R10000_LLSC_WAR) {
++ unsigned long temp;
++
++ __asm__ __volatile__(
++ " .set mips3 \n"
++ "1:" __LL "%1, %2 # local_add_return \n"
++ " addu %0, %1, %3 \n"
++ __SC "%0, %2 \n"
++ " beqzl %0, 1b \n"
++ " addu %0, %1, %3 \n"
++ " .set mips0 \n"
++ : "=&r" (result), "=&r" (temp), "=m" (l->a.counter)
++ : "Ir" (i), "m" (l->a.counter)
++ : "memory");
++ } else if (kernel_uses_llsc) {
++ unsigned long temp;
++
++ __asm__ __volatile__(
++ " .set mips3 \n"
++ "1:" __LL "%1, %2 # local_add_return \n"
++ " addu %0, %1, %3 \n"
++ __SC "%0, %2 \n"
++ " beqz %0, 1b \n"
++ " addu %0, %1, %3 \n"
++ " .set mips0 \n"
++ : "=&r" (result), "=&r" (temp), "=m" (l->a.counter)
++ : "Ir" (i), "m" (l->a.counter)
++ : "memory");
++ } else {
++ unsigned long flags;
++
++ local_irq_save(flags);
++ result = l->a.counter;
++ result += i;
++ l->a.counter = result;
++ local_irq_restore(flags);
++ }
++
++ return result;
++}
++
+ static __inline__ long local_sub_return(long i, local_t * l)
+ {
+ unsigned long result;
+@@ -117,6 +172,8 @@ static __inline__ long local_sub_return(long i, local_t * l)
+
+ #define local_cmpxchg(l, o, n) \
+ ((long)cmpxchg_local(&((l)->a.counter), (o), (n)))
++#define local_cmpxchg_unchecked(l, o, n) \
++ ((long)cmpxchg_local(&((l)->a.counter), (o), (n)))
+ #define local_xchg(l, n) (atomic_long_xchg((&(l)->a), (n)))
+
+ /**
diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h
-index eab99e5..607c98e 100644
+index f59552f..3abe9b9 100644
--- a/arch/mips/include/asm/page.h
+++ b/arch/mips/include/asm/page.h
-@@ -96,7 +96,7 @@ extern void copy_user_highpage(struct page *to, struct page *from,
+@@ -95,7 +95,7 @@ extern void copy_user_highpage(struct page *to, struct page *from,
#ifdef CONFIG_CPU_MIPS32
typedef struct { unsigned long pte_low, pte_high; } pte_t;
#define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32))
@@ -5276,10 +5673,10 @@ index 881d18b..cea38bc 100644
/*
diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h
-index 178f792..8ebc510 100644
+index 895320e..bf63e10 100644
--- a/arch/mips/include/asm/thread_info.h
+++ b/arch/mips/include/asm/thread_info.h
-@@ -111,6 +111,8 @@ register struct thread_info *__current_thread_info __asm__("$28");
+@@ -115,6 +115,8 @@ static inline struct thread_info *current_thread_info(void)
#define TIF_32BIT_ADDR 23 /* 32-bit address space (o32/n32) */
#define TIF_FPUBOUND 24 /* thread bound to FPU-full CPU set */
#define TIF_LOAD_WATCH 25 /* If set, load watch registers */
@@ -5288,7 +5685,7 @@ index 178f792..8ebc510 100644
#define TIF_SYSCALL_TRACE 31 /* syscall trace active */
#define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE)
-@@ -126,15 +128,18 @@ register struct thread_info *__current_thread_info __asm__("$28");
+@@ -130,15 +132,18 @@ static inline struct thread_info *current_thread_info(void)
#define _TIF_32BIT_ADDR (1<<TIF_32BIT_ADDR)
#define _TIF_FPUBOUND (1<<TIF_FPUBOUND)
#define _TIF_LOAD_WATCH (1<<TIF_LOAD_WATCH)
@@ -5310,7 +5707,7 @@ index 178f792..8ebc510 100644
#endif /* __KERNEL__ */
diff --git a/arch/mips/kernel/binfmt_elfn32.c b/arch/mips/kernel/binfmt_elfn32.c
-index e06f777..3244284 100644
+index 1188e00..41cf144 100644
--- a/arch/mips/kernel/binfmt_elfn32.c
+++ b/arch/mips/kernel/binfmt_elfn32.c
@@ -50,6 +50,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG];
@@ -5328,10 +5725,10 @@ index e06f777..3244284 100644
#include <linux/module.h>
#include <linux/elfcore.h>
diff --git a/arch/mips/kernel/binfmt_elfo32.c b/arch/mips/kernel/binfmt_elfo32.c
-index 556a435..b4fd2e3 100644
+index 202e581..689ca79 100644
--- a/arch/mips/kernel/binfmt_elfo32.c
+++ b/arch/mips/kernel/binfmt_elfo32.c
-@@ -52,6 +52,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG];
+@@ -56,6 +56,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG];
#undef ELF_ET_DYN_BASE
#define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2)
@@ -5346,10 +5743,10 @@ index 556a435..b4fd2e3 100644
/*
diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c
-index 3be4405..a799827 100644
+index c6a041d..b3e7318 100644
--- a/arch/mips/kernel/process.c
+++ b/arch/mips/kernel/process.c
-@@ -461,15 +461,3 @@ unsigned long get_wchan(struct task_struct *task)
+@@ -563,15 +563,3 @@ unsigned long get_wchan(struct task_struct *task)
out:
return pc;
}
@@ -5393,7 +5790,7 @@ index 9c6299c..2fb4c22 100644
goto out;
diff --git a/arch/mips/kernel/scall32-o32.S b/arch/mips/kernel/scall32-o32.S
-index 9ea2964..c4329c3 100644
+index 9b36424..e7f4154 100644
--- a/arch/mips/kernel/scall32-o32.S
+++ b/arch/mips/kernel/scall32-o32.S
@@ -52,7 +52,7 @@ NESTED(handle_sys, PT_SIZE, sp)
@@ -5406,7 +5803,7 @@ index 9ea2964..c4329c3 100644
bnez t0, syscall_trace_entry # -> yes
diff --git a/arch/mips/kernel/scall64-64.S b/arch/mips/kernel/scall64-64.S
-index 36cfd40..b1436e0 100644
+index 97a5909..59622f8 100644
--- a/arch/mips/kernel/scall64-64.S
+++ b/arch/mips/kernel/scall64-64.S
@@ -54,7 +54,7 @@ NESTED(handle_sys64, PT_SIZE, sp)
@@ -5419,7 +5816,7 @@ index 36cfd40..b1436e0 100644
and t0, t1, t0
bnez t0, syscall_trace_entry
diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S
-index 693d60b..ae0ba75 100644
+index edcb659..fb2ab09 100644
--- a/arch/mips/kernel/scall64-n32.S
+++ b/arch/mips/kernel/scall64-n32.S
@@ -47,7 +47,7 @@ NESTED(handle_sysn32, PT_SIZE, sp)
@@ -5432,7 +5829,7 @@ index 693d60b..ae0ba75 100644
and t0, t1, t0
bnez t0, n32_syscall_trace_entry
diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S
-index af8887f..611ccb6 100644
+index 74f485d..47d2c38 100644
--- a/arch/mips/kernel/scall64-o32.S
+++ b/arch/mips/kernel/scall64-o32.S
@@ -81,7 +81,7 @@ NESTED(handle_sys, PT_SIZE, sp)
@@ -5445,7 +5842,7 @@ index af8887f..611ccb6 100644
and t0, t1, t0
bnez t0, trace_a_syscall
diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c
-index 0fead53..a2c0fb5 100644
+index 0fead53..eeb00a6 100644
--- a/arch/mips/mm/fault.c
+++ b/arch/mips/mm/fault.c
@@ -27,6 +27,23 @@
@@ -5472,6 +5869,21 @@ index 0fead53..a2c0fb5 100644
/*
* This routine handles page faults. It determines the address,
* and the problem, and then passes it off to one of the appropriate
+@@ -196,6 +213,14 @@ bad_area:
+ bad_area_nosemaphore:
+ /* User mode accesses just cause a SIGSEGV */
+ if (user_mode(regs)) {
++
++#ifdef CONFIG_PAX_PAGEEXEC
++ if (cpu_has_rixi && (mm->pax_flags & MF_PAX_PAGEEXEC) && !write && address == instruction_pointer(regs)) {
++ pax_report_fault(regs, (void *)address, (void *)user_stack_pointer(regs));
++ do_group_exit(SIGKILL);
++ }
++#endif
++
+ tsk->thread.cp0_badvaddr = address;
+ tsk->thread.error_code = write;
+ #if 0
diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c
index 7e5fe27..9656513 100644
--- a/arch/mips/mm/mmap.c
@@ -5640,12 +6052,12 @@ index 4ce7a01..449202a 100644
#endif /* __ASM_OPENRISC_CACHE_H */
diff --git a/arch/parisc/include/asm/atomic.h b/arch/parisc/include/asm/atomic.h
-index f38e198..4179e38 100644
+index 472886c..00e7df9 100644
--- a/arch/parisc/include/asm/atomic.h
+++ b/arch/parisc/include/asm/atomic.h
-@@ -229,6 +229,16 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u)
-
- #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0)
+@@ -252,6 +252,16 @@ static inline long atomic64_dec_if_positive(atomic64_t *v)
+ return dec;
+ }
+#define atomic64_read_unchecked(v) atomic64_read(v)
+#define atomic64_set_unchecked(v, i) atomic64_set((v), (i))
@@ -5947,10 +6359,10 @@ index 5dfd248..64914ac 100644
return addr;
}
diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c
-index c6ae9f5..e9c3cf4 100644
+index 04e47c6..7a8faf6 100644
--- a/arch/parisc/kernel/traps.c
+++ b/arch/parisc/kernel/traps.c
-@@ -733,9 +733,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs)
+@@ -727,9 +727,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs)
down_read(&current->mm->mmap_sem);
vma = find_vma(current->mm,regs->iaoq[0]);
@@ -6177,7 +6589,7 @@ index 9e495c9..b6878e5 100644
#define SMP_CACHE_BYTES L1_CACHE_BYTES
diff --git a/arch/powerpc/include/asm/elf.h b/arch/powerpc/include/asm/elf.h
-index ac9790f..6d30741 100644
+index cc0655a..13eac2e 100644
--- a/arch/powerpc/include/asm/elf.h
+++ b/arch/powerpc/include/asm/elf.h
@@ -28,8 +28,19 @@
@@ -6202,7 +6614,7 @@ index ac9790f..6d30741 100644
/*
* Our registers are always unsigned longs, whether we're a 32 bit
-@@ -122,10 +133,6 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm,
+@@ -123,10 +134,6 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm,
(0x7ff >> (PAGE_SHIFT - 12)) : \
(0x3ffff >> (PAGE_SHIFT - 12)))
@@ -6252,7 +6664,7 @@ index 8565c25..2865190 100644
return (vm_flags & VM_SAO) ? __pgprot(_PAGE_SAO) : __pgprot(0);
}
diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h
-index f072e97..b436dee 100644
+index 988c812..63c7d70 100644
--- a/arch/powerpc/include/asm/page.h
+++ b/arch/powerpc/include/asm/page.h
@@ -220,8 +220,9 @@ extern long long virt_phys_offset;
@@ -6274,14 +6686,14 @@ index f072e97..b436dee 100644
+#define ktla_ktva(addr) (addr)
+#define ktva_ktla(addr) (addr)
+
+ #ifndef CONFIG_PPC_BOOK3S_64
/*
* Use the top bit of the higher-level page table entries to indicate whether
- * the entries we point to contain hugepages. This works because we know that
diff --git a/arch/powerpc/include/asm/page_64.h b/arch/powerpc/include/asm/page_64.h
-index cd915d6..c10cee8 100644
+index 88693ce..ac6f9ab 100644
--- a/arch/powerpc/include/asm/page_64.h
+++ b/arch/powerpc/include/asm/page_64.h
-@@ -154,15 +154,18 @@ do { \
+@@ -153,15 +153,18 @@ do { \
* stack by default, so in the absence of a PT_GNU_STACK program header
* we turn execute permission off.
*/
@@ -6303,10 +6715,10 @@ index cd915d6..c10cee8 100644
#include <asm-generic/getorder.h>
diff --git a/arch/powerpc/include/asm/pgalloc-64.h b/arch/powerpc/include/asm/pgalloc-64.h
-index 292725c..f87ae14 100644
+index b66ae72..4a378cd 100644
--- a/arch/powerpc/include/asm/pgalloc-64.h
+++ b/arch/powerpc/include/asm/pgalloc-64.h
-@@ -50,6 +50,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd)
+@@ -53,6 +53,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd)
#ifndef CONFIG_PPC_64K_PAGES
#define pgd_populate(MM, PGD, PUD) pgd_set(PGD, PUD)
@@ -6314,7 +6726,7 @@ index 292725c..f87ae14 100644
static inline pud_t *pud_alloc_one(struct mm_struct *mm, unsigned long addr)
{
-@@ -67,6 +68,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
+@@ -70,6 +71,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
pud_set(pud, (unsigned long)pmd);
}
@@ -6326,8 +6738,8 @@ index 292725c..f87ae14 100644
#define pmd_populate(mm, pmd, pte_page) \
pmd_populate_kernel(mm, pmd, page_address(pte_page))
#define pmd_populate_kernel(mm, pmd, pte) pmd_set(pmd, (unsigned long)(pte))
-@@ -76,6 +82,7 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd)
- #else /* CONFIG_PPC_64K_PAGES */
+@@ -171,6 +177,7 @@ extern void __tlb_remove_table(void *_table);
+ #endif
#define pud_populate(mm, pud, pmd) pud_set(pud, (unsigned long)pmd)
+#define pud_populate_kernel(mm, pud, pmd) pud_populate((mm), (pud), (pmd))
@@ -6335,7 +6747,7 @@ index 292725c..f87ae14 100644
static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd,
pte_t *pte)
diff --git a/arch/powerpc/include/asm/pgtable.h b/arch/powerpc/include/asm/pgtable.h
-index a9cbd3b..3b67efa 100644
+index 7aeb955..19f748e 100644
--- a/arch/powerpc/include/asm/pgtable.h
+++ b/arch/powerpc/include/asm/pgtable.h
@@ -2,6 +2,7 @@
@@ -6359,7 +6771,7 @@ index 4aad413..85d86bf 100644
#define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */
#define _PAGE_WRITETHRU 0x040 /* W: cache write-through */
diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h
-index 3b097a8..8f8c774 100644
+index e1fb161..2290d1d 100644
--- a/arch/powerpc/include/asm/reg.h
+++ b/arch/powerpc/include/asm/reg.h
@@ -234,6 +234,7 @@
@@ -6371,7 +6783,7 @@ index 3b097a8..8f8c774 100644
#define DSISR_ISSTORE 0x02000000 /* access was a store */
#define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */
diff --git a/arch/powerpc/include/asm/smp.h b/arch/powerpc/include/asm/smp.h
-index 195ce2a..ab5c614 100644
+index 48cfc85..891382f 100644
--- a/arch/powerpc/include/asm/smp.h
+++ b/arch/powerpc/include/asm/smp.h
@@ -50,7 +50,7 @@ struct smp_ops_t {
@@ -6384,36 +6796,36 @@ index 195ce2a..ab5c614 100644
extern void smp_send_debugger_break(void);
extern void start_secondary_resume(void);
diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h
-index 406b7b9..af63426 100644
+index ba7b197..d292e26 100644
--- a/arch/powerpc/include/asm/thread_info.h
+++ b/arch/powerpc/include/asm/thread_info.h
-@@ -97,7 +97,6 @@ static inline struct thread_info *current_thread_info(void)
+@@ -93,7 +93,6 @@ static inline struct thread_info *current_thread_info(void)
+ #define TIF_POLLING_NRFLAG 3 /* true if poll_idle() is polling
+ TIF_NEED_RESCHED */
+ #define TIF_32BIT 4 /* 32 bit binary */
+-#define TIF_PERFMON_WORK 5 /* work for pfm_handle_work() */
#define TIF_PERFMON_CTXSW 6 /* perfmon needs ctxsw calls */
#define TIF_SYSCALL_AUDIT 7 /* syscall auditing active */
#define TIF_SINGLESTEP 8 /* singlestepping active */
--#define TIF_MEMDIE 9 /* is terminating due to OOM killer */
- #define TIF_SECCOMP 10 /* secure computing */
- #define TIF_RESTOREALL 11 /* Restore all regs (implies NOERROR) */
- #define TIF_NOERROR 12 /* Force successful syscall return */
-@@ -106,6 +105,9 @@ static inline struct thread_info *current_thread_info(void)
- #define TIF_SYSCALL_TRACEPOINT 15 /* syscall tracepoint instrumentation */
+@@ -107,6 +106,9 @@ static inline struct thread_info *current_thread_info(void)
#define TIF_EMULATE_STACK_STORE 16 /* Is an instruction emulation
for stack store? */
-+#define TIF_MEMDIE 17 /* is terminating due to OOM killer */
+ #define TIF_MEMDIE 17 /* is terminating due to OOM killer */
++#define TIF_PERFMON_WORK 18 /* work for pfm_handle_work() */
+/* mask must be expressable within 16 bits to satisfy 'andi' instruction reqs */
-+#define TIF_GRSEC_SETXID 9 /* update credentials on syscall entry/exit */
++#define TIF_GRSEC_SETXID 5 /* update credentials on syscall entry/exit */
/* as above, but as bit values */
#define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE)
-@@ -124,8 +126,10 @@ static inline struct thread_info *current_thread_info(void)
- #define _TIF_UPROBE (1<<TIF_UPROBE)
+@@ -126,9 +128,10 @@ static inline struct thread_info *current_thread_info(void)
#define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT)
#define _TIF_EMULATE_STACK_STORE (1<<TIF_EMULATE_STACK_STORE)
+ #define _TIF_NOHZ (1<<TIF_NOHZ)
+#define _TIF_GRSEC_SETXID (1<<TIF_GRSEC_SETXID)
#define _TIF_SYSCALL_T_OR_A (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \
-- _TIF_SECCOMP | _TIF_SYSCALL_TRACEPOINT)
-+ _TIF_SECCOMP | _TIF_SYSCALL_TRACEPOINT | \
-+ _TIF_GRSEC_SETXID)
+ _TIF_SECCOMP | _TIF_SYSCALL_TRACEPOINT | \
+- _TIF_NOHZ)
++ _TIF_NOHZ | _TIF_GRSEC_SETXID)
#define _TIF_USER_WORK_MASK (_TIF_SIGPENDING | _TIF_NEED_RESCHED | \
_TIF_NOTIFY_RESUME | _TIF_UPROBE)
@@ -6590,10 +7002,10 @@ index 4db4959..aba5c41 100644
static inline unsigned long clear_user(void __user *addr, unsigned long size)
diff --git a/arch/powerpc/kernel/exceptions-64e.S b/arch/powerpc/kernel/exceptions-64e.S
-index ae54553..cf2184d 100644
+index 645170a..6cf0271 100644
--- a/arch/powerpc/kernel/exceptions-64e.S
+++ b/arch/powerpc/kernel/exceptions-64e.S
-@@ -716,6 +716,7 @@ storage_fault_common:
+@@ -757,6 +757,7 @@ storage_fault_common:
std r14,_DAR(r1)
std r15,_DSISR(r1)
addi r3,r1,STACK_FRAME_OVERHEAD
@@ -6601,7 +7013,7 @@ index ae54553..cf2184d 100644
mr r4,r14
mr r5,r15
ld r14,PACA_EXGEN+EX_R14(r13)
-@@ -724,8 +725,7 @@ storage_fault_common:
+@@ -765,8 +766,7 @@ storage_fault_common:
cmpdi r3,0
bne- 1f
b .ret_from_except_lite
@@ -6612,10 +7024,10 @@ index ae54553..cf2184d 100644
ld r4,_DAR(r1)
bl .bad_page_fault
diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S
-index 644378e..b6f2c26 100644
+index 902ca3c..e942155 100644
--- a/arch/powerpc/kernel/exceptions-64s.S
+++ b/arch/powerpc/kernel/exceptions-64s.S
-@@ -1390,10 +1390,10 @@ handle_page_fault:
+@@ -1357,10 +1357,10 @@ handle_page_fault:
11: ld r4,_DAR(r1)
ld r5,_DSISR(r1)
addi r3,r1,STACK_FRAME_OVERHEAD
@@ -6661,10 +7073,10 @@ index 2e3200c..72095ce 100644
/* Find this entry, or if that fails, the next avail. entry */
while (entry->jump[0]) {
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
-index 0d86c8a..df4c5f2 100644
+index 7baa27b..f6b394a 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
-@@ -871,8 +871,8 @@ void show_regs(struct pt_regs * regs)
+@@ -884,8 +884,8 @@ void show_regs(struct pt_regs * regs)
* Lookup NIP late so we have the best change of getting the
* above info out without failing
*/
@@ -6675,7 +7087,7 @@ index 0d86c8a..df4c5f2 100644
#endif
#ifdef CONFIG_PPC_TRANSACTIONAL_MEM
printk("PACATMSCRATCH [%llx]\n", get_paca()->tm_scratch);
-@@ -1331,10 +1331,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
+@@ -1345,10 +1345,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
newsp = stack[0];
ip = stack[STACK_FRAME_LR_SAVE];
if (!firstframe || ip != lr) {
@@ -6688,7 +7100,7 @@ index 0d86c8a..df4c5f2 100644
(void *)current->ret_stack[curr_frame].ret);
curr_frame--;
}
-@@ -1354,7 +1354,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
+@@ -1368,7 +1368,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack)
struct pt_regs *regs = (struct pt_regs *)
(sp + STACK_FRAME_OVERHEAD);
lr = regs->link;
@@ -6697,7 +7109,7 @@ index 0d86c8a..df4c5f2 100644
regs->trap, (void *)regs->nip, (void *)lr);
firstframe = 1;
}
-@@ -1396,58 +1396,3 @@ void notrace __ppc64_runlatch_off(void)
+@@ -1404,58 +1404,3 @@ void notrace __ppc64_runlatch_off(void)
mtspr(SPRN_CTRLT, ctrl);
}
#endif /* CONFIG_PPC64 */
@@ -6757,10 +7169,10 @@ index 0d86c8a..df4c5f2 100644
- return ret;
-}
diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c
-index f9b30c6..d72e7a3 100644
+index 64f7bd5..8dd550f 100644
--- a/arch/powerpc/kernel/ptrace.c
+++ b/arch/powerpc/kernel/ptrace.c
-@@ -1771,6 +1771,10 @@ long arch_ptrace(struct task_struct *child, long request,
+@@ -1783,6 +1783,10 @@ long arch_ptrace(struct task_struct *child, long request,
return ret;
}
@@ -6771,7 +7183,7 @@ index f9b30c6..d72e7a3 100644
/*
* We must return the syscall number to actually look up in the table.
* This can be -1L to skip running any syscall at all.
-@@ -1781,6 +1785,11 @@ long do_syscall_trace_enter(struct pt_regs *regs)
+@@ -1795,6 +1799,11 @@ long do_syscall_trace_enter(struct pt_regs *regs)
secure_computing_strict(regs->gpr[0]);
@@ -6783,7 +7195,7 @@ index f9b30c6..d72e7a3 100644
if (test_thread_flag(TIF_SYSCALL_TRACE) &&
tracehook_report_syscall_entry(regs))
/*
-@@ -1815,6 +1824,11 @@ void do_syscall_trace_leave(struct pt_regs *regs)
+@@ -1829,6 +1838,11 @@ void do_syscall_trace_leave(struct pt_regs *regs)
{
int step;
@@ -6796,10 +7208,10 @@ index f9b30c6..d72e7a3 100644
if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT)))
diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c
-index 201385c..0f01828 100644
+index 0f83122..c0aca6a 100644
--- a/arch/powerpc/kernel/signal_32.c
+++ b/arch/powerpc/kernel/signal_32.c
-@@ -976,7 +976,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka,
+@@ -987,7 +987,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka,
/* Save user registers on the stack */
frame = &rt_sf->uc.uc_mcontext;
addr = frame;
@@ -6809,10 +7221,10 @@ index 201385c..0f01828 100644
tramp = current->mm->context.vdso_base + vdso32_rt_sigtramp;
} else {
diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c
-index 3459473..2d40783 100644
+index 887e99d..310bc11 100644
--- a/arch/powerpc/kernel/signal_64.c
+++ b/arch/powerpc/kernel/signal_64.c
-@@ -749,7 +749,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info,
+@@ -751,7 +751,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info,
#endif
/* Set up to return from userspace. */
@@ -6822,7 +7234,7 @@ index 3459473..2d40783 100644
} else {
err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]);
diff --git a/arch/powerpc/kernel/sysfs.c b/arch/powerpc/kernel/sysfs.c
-index 3ce1f86..c30e629 100644
+index e68a845..8b140e6 100644
--- a/arch/powerpc/kernel/sysfs.c
+++ b/arch/powerpc/kernel/sysfs.c
@@ -522,7 +522,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self,
@@ -6835,10 +7247,10 @@ index 3ce1f86..c30e629 100644
};
diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
-index bf33ace..e836d8b 100644
+index 88929b1..bece8f8 100644
--- a/arch/powerpc/kernel/traps.c
+++ b/arch/powerpc/kernel/traps.c
-@@ -142,6 +142,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs)
+@@ -141,6 +141,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs)
return flags;
}
@@ -6847,7 +7259,7 @@ index bf33ace..e836d8b 100644
static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
int signr)
{
-@@ -191,6 +193,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
+@@ -190,6 +192,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs,
panic("Fatal exception in interrupt");
if (panic_on_oops)
panic("Fatal exception");
@@ -6858,7 +7270,7 @@ index bf33ace..e836d8b 100644
}
diff --git a/arch/powerpc/kernel/vdso.c b/arch/powerpc/kernel/vdso.c
-index 1b2076f..835e4be 100644
+index d4f463a..8fb7431 100644
--- a/arch/powerpc/kernel/vdso.c
+++ b/arch/powerpc/kernel/vdso.c
@@ -34,6 +34,7 @@
@@ -6869,7 +7281,7 @@ index 1b2076f..835e4be 100644
#include "setup.h"
-@@ -218,7 +219,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -222,7 +223,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
vdso_base = VDSO32_MBASE;
#endif
@@ -6878,7 +7290,7 @@ index 1b2076f..835e4be 100644
/* vDSO has a problem and was disabled, just don't "enable" it for the
* process
-@@ -238,7 +239,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
+@@ -242,7 +243,7 @@ int arch_setup_additional_pages(struct linux_binprm *bprm, int uses_interp)
vdso_base = get_unmapped_area(NULL, vdso_base,
(vdso_pages << PAGE_SHIFT) +
((VDSO_ALIGNMENT - 1) & PAGE_MASK),
@@ -6923,13 +7335,13 @@ index 5eea6f3..5d10396 100644
EXPORT_SYMBOL(copy_in_user);
diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c
-index 229951f..cdeca42 100644
+index 8726779..a33c512 100644
--- a/arch/powerpc/mm/fault.c
+++ b/arch/powerpc/mm/fault.c
-@@ -32,6 +32,10 @@
- #include <linux/perf_event.h>
+@@ -33,6 +33,10 @@
#include <linux/magic.h>
#include <linux/ratelimit.h>
+ #include <linux/context_tracking.h>
+#include <linux/slab.h>
+#include <linux/pagemap.h>
+#include <linux/compiler.h>
@@ -6937,7 +7349,7 @@ index 229951f..cdeca42 100644
#include <asm/firmware.h>
#include <asm/page.h>
-@@ -68,6 +72,33 @@ static inline int notify_page_fault(struct pt_regs *regs)
+@@ -69,6 +73,33 @@ static inline int notify_page_fault(struct pt_regs *regs)
}
#endif
@@ -6971,7 +7383,7 @@ index 229951f..cdeca42 100644
/*
* Check whether the instruction at regs->nip is a store using
* an update addressing form which will update r1.
-@@ -213,7 +244,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address,
+@@ -216,7 +247,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address,
* indicate errors in DSISR but can validly be set in SRR1.
*/
if (trap == 0x400)
@@ -6980,7 +7392,7 @@ index 229951f..cdeca42 100644
else
is_write = error_code & DSISR_ISSTORE;
#else
-@@ -364,7 +395,7 @@ good_area:
+@@ -371,7 +402,7 @@ good_area:
* "undefined". Of those that can be set, this is the only
* one which seems bad.
*/
@@ -6989,7 +7401,7 @@ index 229951f..cdeca42 100644
/* Guarded storage error. */
goto bad_area;
#endif /* CONFIG_8xx */
-@@ -379,7 +410,7 @@ good_area:
+@@ -386,7 +417,7 @@ good_area:
* processors use the same I/D cache coherency mechanism
* as embedded.
*/
@@ -6998,7 +7410,7 @@ index 229951f..cdeca42 100644
goto bad_area;
#endif /* CONFIG_PPC_STD_MMU */
-@@ -462,6 +493,23 @@ bad_area:
+@@ -471,6 +502,23 @@ bad_area:
bad_area_nosemaphore:
/* User mode accesses cause a SIGSEGV */
if (user_mode(regs)) {
@@ -7020,7 +7432,7 @@ index 229951f..cdeca42 100644
+#endif
+
_exception(SIGSEGV, regs, code, address);
- return 0;
+ goto bail;
}
diff --git a/arch/powerpc/mm/mmap_64.c b/arch/powerpc/mm/mmap_64.c
index 67a42ed..cd463e0 100644
@@ -7074,10 +7486,10 @@ index e779642..e5bb889 100644
};
diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c
-index 6a252c4..3024d81 100644
+index cafad40..9cbc0fc 100644
--- a/arch/powerpc/mm/numa.c
+++ b/arch/powerpc/mm/numa.c
-@@ -932,7 +932,7 @@ static void __init *careful_zallocation(int nid, unsigned long size,
+@@ -920,7 +920,7 @@ static void __init *careful_zallocation(int nid, unsigned long size,
return ret;
}
@@ -7087,7 +7499,7 @@ index 6a252c4..3024d81 100644
.priority = 1 /* Must run before sched domains notifier. */
};
diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c
-index cf9dada..241529f 100644
+index 3e99c14..f00953c 100644
--- a/arch/powerpc/mm/slice.c
+++ b/arch/powerpc/mm/slice.c
@@ -103,7 +103,7 @@ static int slice_area_is_free(struct mm_struct *mm, unsigned long addr,
@@ -7099,52 +7511,20 @@ index cf9dada..241529f 100644
}
static int slice_low_has_vma(struct mm_struct *mm, unsigned long slice)
-@@ -272,7 +272,7 @@ full_search:
- addr = _ALIGN_UP(addr + 1, 1ul << SLICE_HIGH_SHIFT);
- continue;
- }
-- if (!vma || addr + len <= vma->vm_start) {
-+ if (check_heap_stack_gap(vma, addr, len, 0)) {
- /*
- * Remember the place where we stopped the search:
- */
-@@ -329,10 +329,14 @@ static unsigned long slice_find_area_topdown(struct mm_struct *mm,
- }
- }
+@@ -277,6 +277,12 @@ static unsigned long slice_find_area_bottomup(struct mm_struct *mm,
+ info.align_offset = 0;
-- addr = mm->mmap_base;
-- while (addr > len) {
-+ if (mm->mmap_base < len)
-+ addr = -ENOMEM;
-+ else
-+ addr = mm->mmap_base - len;
+ addr = TASK_UNMAPPED_BASE;
+
-+ while (!IS_ERR_VALUE(addr)) {
- /* Go down by chunk size */
-- addr = _ALIGN_DOWN(addr - len, 1ul << pshift);
-+ addr = _ALIGN_DOWN(addr, 1ul << pshift);
-
- /* Check for hit with different page size */
- mask = slice_range_to_mask(addr, len);
-@@ -352,7 +356,7 @@ static unsigned long slice_find_area_topdown(struct mm_struct *mm,
- * return with success:
- */
- vma = find_vma(mm, addr);
-- if (!vma || (addr + len) <= vma->vm_start) {
-+ if (check_heap_stack_gap(vma, addr, len, 0)) {
- /* remember the address as a hint for next time */
- if (use_cache)
- mm->free_area_cache = addr;
-@@ -364,7 +368,7 @@ static unsigned long slice_find_area_topdown(struct mm_struct *mm,
- mm->cached_hole_size = vma->vm_start - addr;
-
- /* try just below the current vma->vm_start */
-- addr = vma->vm_start;
-+ addr = skip_heap_stack_gap(vma, len, 0);
- }
-
- /*
-@@ -442,6 +446,11 @@ unsigned long slice_get_unmapped_area(unsigned long addr, unsigned long len,
++#ifdef CONFIG_PAX_RANDMMAP
++ if (mm->pax_flags & MF_PAX_RANDMMAP)
++ addr += mm->delta_mmap;
++#endif
++
+ while (addr < TASK_SIZE) {
+ info.low_limit = addr;
+ if (!slice_scan_available(addr, available, 1, &addr))
+@@ -410,6 +416,11 @@ unsigned long slice_get_unmapped_area(unsigned long addr, unsigned long len,
if (fixed && addr > (mm->task_size - len))
return -EINVAL;
@@ -7157,10 +7537,10 @@ index cf9dada..241529f 100644
if (!fixed && addr) {
addr = _ALIGN_UP(addr, 1ul << pshift);
diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c
-index 68c57d3..1fdcfb2 100644
+index 9098692..3d54cd1 100644
--- a/arch/powerpc/platforms/cell/spufs/file.c
+++ b/arch/powerpc/platforms/cell/spufs/file.c
-@@ -281,9 +281,9 @@ spufs_mem_mmap_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
+@@ -280,9 +280,9 @@ spufs_mem_mmap_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
return VM_FAULT_NOPAGE;
}
@@ -7223,10 +7603,10 @@ index 4d7ccac..d03d0ad 100644
#define __read_mostly __attribute__((__section__(".data..read_mostly")))
diff --git a/arch/s390/include/asm/elf.h b/arch/s390/include/asm/elf.h
-index 1bfdf24..9c9ab2e 100644
+index 78f4f87..598ce39 100644
--- a/arch/s390/include/asm/elf.h
+++ b/arch/s390/include/asm/elf.h
-@@ -160,8 +160,14 @@ extern unsigned int vdso_enabled;
+@@ -162,8 +162,14 @@ extern unsigned int vdso_enabled;
the loader. We need to make sure that it is out of the way of the program
that it will "exec", and that there is sufficient room for the brk. */
@@ -7243,7 +7623,7 @@ index 1bfdf24..9c9ab2e 100644
/* This yields a mask that user programs can use to figure out what
instruction set this CPU supports. */
-@@ -207,9 +213,6 @@ struct linux_binprm;
+@@ -222,9 +228,6 @@ struct linux_binprm;
#define ARCH_HAS_SETUP_ADDITIONAL_PAGES 1
int arch_setup_additional_pages(struct linux_binprm *, int);
@@ -7265,6 +7645,34 @@ index c4a93d6..4d2a9b4 100644
+#define arch_align_stack(x) ((x) & ~0xfUL)
#endif /* __ASM_EXEC_H */
+diff --git a/arch/s390/include/asm/tlb.h b/arch/s390/include/asm/tlb.h
+index b75d7d6..6d6d92b 100644
+--- a/arch/s390/include/asm/tlb.h
++++ b/arch/s390/include/asm/tlb.h
+@@ -32,6 +32,7 @@ struct mmu_gather {
+ struct mm_struct *mm;
+ struct mmu_table_batch *batch;
+ unsigned int fullmm;
++ unsigned long start, end;
+ };
+
+ struct mmu_table_batch {
+@@ -48,10 +49,13 @@ extern void tlb_remove_table(struct mmu_gather *tlb, void *table);
+
+ static inline void tlb_gather_mmu(struct mmu_gather *tlb,
+ struct mm_struct *mm,
+- unsigned int full_mm_flush)
++ unsigned long start,
++ unsigned long end)
+ {
+ tlb->mm = mm;
+- tlb->fullmm = full_mm_flush;
++ tlb->start = start;
++ tlb->end = end;
++ tlb->fullmm = !(start | (end+1));
+ tlb->batch = NULL;
+ if (tlb->fullmm)
+ __tlb_flush_mm(mm);
diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h
index 9c33ed4..e40cbef 100644
--- a/arch/s390/include/asm/uaccess.h
@@ -7383,10 +7791,10 @@ index 7845e15..59c4353 100644
if (r_type == R_390_GOTPC)
rc = apply_rela_bits(loc, val, 1, 32, 0);
diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c
-index 536d645..4a5bd9e 100644
+index 2bc3edd..ab9d598 100644
--- a/arch/s390/kernel/process.c
+++ b/arch/s390/kernel/process.c
-@@ -250,39 +250,3 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -236,39 +236,3 @@ unsigned long get_wchan(struct task_struct *p)
}
return 0;
}
@@ -7504,10 +7912,10 @@ index f9f3cd5..58ff438 100644
#endif /* _ASM_SCORE_EXEC_H */
diff --git a/arch/score/kernel/process.c b/arch/score/kernel/process.c
-index 7956846..5f37677 100644
+index f4c6d02..e9355c3 100644
--- a/arch/score/kernel/process.c
+++ b/arch/score/kernel/process.c
-@@ -134,8 +134,3 @@ unsigned long get_wchan(struct task_struct *task)
+@@ -116,8 +116,3 @@ unsigned long get_wchan(struct task_struct *task)
return task_pt_regs(task)->cp0_epc;
}
@@ -7533,6 +7941,25 @@ index ef9e555..331bd29 100644
#define __read_mostly __attribute__((__section__(".data..read_mostly")))
+diff --git a/arch/sh/include/asm/tlb.h b/arch/sh/include/asm/tlb.h
+index e61d43d..362192e 100644
+--- a/arch/sh/include/asm/tlb.h
++++ b/arch/sh/include/asm/tlb.h
+@@ -36,10 +36,12 @@ static inline void init_tlb_gather(struct mmu_gather *tlb)
+ }
+
+ static inline void
+-tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int full_mm_flush)
++tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end)
+ {
+ tlb->mm = mm;
+- tlb->fullmm = full_mm_flush;
++ tlb->start = start;
++ tlb->end = end;
++ tlb->fullmm = !(start | (end+1));
+
+ init_tlb_gather(tlb);
+ }
diff --git a/arch/sh/kernel/cpu/sh4a/smp-shx3.c b/arch/sh/kernel/cpu/sh4a/smp-shx3.c
index 03f2b55..b0270327 100644
--- a/arch/sh/kernel/cpu/sh4a/smp-shx3.c
@@ -8053,7 +8480,7 @@ index 9689176..63c18ea 100644
unsigned long mask, tmp1, tmp2, result;
diff --git a/arch/sparc/include/asm/thread_info_32.h b/arch/sparc/include/asm/thread_info_32.h
-index 25849ae..924c54b 100644
+index dd38075..e7cac83 100644
--- a/arch/sparc/include/asm/thread_info_32.h
+++ b/arch/sparc/include/asm/thread_info_32.h
@@ -49,6 +49,8 @@ struct thread_info {
@@ -8066,7 +8493,7 @@ index 25849ae..924c54b 100644
/*
diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h
-index 269bd92..e46a9b8 100644
+index d5e5042..9bfee76 100644
--- a/arch/sparc/include/asm/thread_info_64.h
+++ b/arch/sparc/include/asm/thread_info_64.h
@@ -63,6 +63,8 @@ struct thread_info {
@@ -8211,19 +8638,19 @@ index e562d3c..191f176 100644
{
- unsigned long ret = ___copy_to_user(to, from, size);
+ unsigned long ret;
-+
+
+ if ((long)size < 0 || size > INT_MAX)
+ return size;
+
+ if (!__builtin_constant_p(size))
+ check_object_size(from, size, true);
-
++
+ ret = ___copy_to_user(to, from, size);
if (unlikely(ret))
ret = copy_to_user_fixup(to, from, size);
return ret;
diff --git a/arch/sparc/kernel/Makefile b/arch/sparc/kernel/Makefile
-index 6cf591b..b49e65a 100644
+index d432fb2..6056af1 100644
--- a/arch/sparc/kernel/Makefile
+++ b/arch/sparc/kernel/Makefile
@@ -3,7 +3,7 @@
@@ -8235,11 +8662,32 @@ index 6cf591b..b49e65a 100644
extra-y := head_$(BITS).o
+diff --git a/arch/sparc/kernel/ds.c b/arch/sparc/kernel/ds.c
+index 5ef48da..11d460f 100644
+--- a/arch/sparc/kernel/ds.c
++++ b/arch/sparc/kernel/ds.c
+@@ -783,6 +783,16 @@ void ldom_set_var(const char *var, const char *value)
+ char *base, *p;
+ int msg_len, loops;
+
++ if (strlen(var) + strlen(value) + 2 >
++ sizeof(pkt) - sizeof(pkt.header)) {
++ printk(KERN_ERR PFX
++ "contents length: %zu, which more than max: %lu,"
++ "so could not set (%s) variable to (%s).\n",
++ strlen(var) + strlen(value) + 2,
++ sizeof(pkt) - sizeof(pkt.header), var, value);
++ return;
++ }
++
+ memset(&pkt, 0, sizeof(pkt));
+ pkt.header.data.tag.type = DS_DATA;
+ pkt.header.data.handle = cp->handle;
diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c
-index 62eede1..9c5b904 100644
+index fdd819d..5af08c8 100644
--- a/arch/sparc/kernel/process_32.c
+++ b/arch/sparc/kernel/process_32.c
-@@ -125,14 +125,14 @@ void show_regs(struct pt_regs *r)
+@@ -116,14 +116,14 @@ void show_regs(struct pt_regs *r)
printk("PSR: %08lx PC: %08lx NPC: %08lx Y: %08lx %s\n",
r->psr, r->pc, r->npc, r->y, print_tainted());
@@ -8256,7 +8704,7 @@ index 62eede1..9c5b904 100644
printk("%%L: %08lx %08lx %08lx %08lx %08lx %08lx %08lx %08lx\n",
rw->locals[0], rw->locals[1], rw->locals[2], rw->locals[3],
-@@ -167,7 +167,7 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp)
+@@ -160,7 +160,7 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp)
rw = (struct reg_window32 *) fp;
pc = rw->ins[7];
printk("[%08lx : ", pc);
@@ -8266,10 +8714,10 @@ index 62eede1..9c5b904 100644
} while (++count < 16);
printk("\n");
diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c
-index cdb80b2..5ca141d 100644
+index baebab2..9cd13b1 100644
--- a/arch/sparc/kernel/process_64.c
+++ b/arch/sparc/kernel/process_64.c
-@@ -181,14 +181,14 @@ static void show_regwindow(struct pt_regs *regs)
+@@ -158,7 +158,7 @@ static void show_regwindow(struct pt_regs *regs)
printk("i4: %016lx i5: %016lx i6: %016lx i7: %016lx\n",
rwk->ins[4], rwk->ins[5], rwk->ins[6], rwk->ins[7]);
if (regs->tstate & TSTATE_PRIV)
@@ -8278,7 +8726,8 @@ index cdb80b2..5ca141d 100644
}
void show_regs(struct pt_regs *regs)
- {
+@@ -167,7 +167,7 @@ void show_regs(struct pt_regs *regs)
+
printk("TSTATE: %016lx TPC: %016lx TNPC: %016lx Y: %08x %s\n", regs->tstate,
regs->tpc, regs->tnpc, regs->y, print_tainted());
- printk("TPC: <%pS>\n", (void *) regs->tpc);
@@ -8286,7 +8735,7 @@ index cdb80b2..5ca141d 100644
printk("g0: %016lx g1: %016lx g2: %016lx g3: %016lx\n",
regs->u_regs[0], regs->u_regs[1], regs->u_regs[2],
regs->u_regs[3]);
-@@ -201,7 +201,7 @@ void show_regs(struct pt_regs *regs)
+@@ -180,7 +180,7 @@ void show_regs(struct pt_regs *regs)
printk("o4: %016lx o5: %016lx sp: %016lx ret_pc: %016lx\n",
regs->u_regs[12], regs->u_regs[13], regs->u_regs[14],
regs->u_regs[15]);
@@ -8295,7 +8744,7 @@ index cdb80b2..5ca141d 100644
show_regwindow(regs);
show_stack(current, (unsigned long *) regs->u_regs[UREG_FP]);
}
-@@ -290,7 +290,7 @@ void arch_trigger_all_cpu_backtrace(void)
+@@ -269,7 +269,7 @@ void arch_trigger_all_cpu_backtrace(void)
((tp && tp->task) ? tp->task->pid : -1));
if (gp->tstate & TSTATE_PRIV) {
@@ -8305,10 +8754,10 @@ index cdb80b2..5ca141d 100644
(void *) gp->o7,
(void *) gp->i7,
diff --git a/arch/sparc/kernel/prom_common.c b/arch/sparc/kernel/prom_common.c
-index 9f20566..67eb41b 100644
+index 79cc0d1..ec62734 100644
--- a/arch/sparc/kernel/prom_common.c
+++ b/arch/sparc/kernel/prom_common.c
-@@ -143,7 +143,7 @@ static int __init prom_common_nextprop(phandle node, char *prev, char *buf)
+@@ -144,7 +144,7 @@ static int __init prom_common_nextprop(phandle node, char *prev, char *buf)
unsigned int prom_early_allocated __initdata;
@@ -8370,7 +8819,7 @@ index 3a8d184..49498a8 100644
info.flags = 0;
info.length = len;
diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c
-index 708bc29..6bfdfad 100644
+index 2daaaa6..4fb84dc 100644
--- a/arch/sparc/kernel/sys_sparc_64.c
+++ b/arch/sparc/kernel/sys_sparc_64.c
@@ -90,13 +90,14 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi
@@ -8491,7 +8940,12 @@ index 708bc29..6bfdfad 100644
info.high_limit = STACK_TOP32;
addr = vm_unmapped_area(&info);
}
-@@ -264,6 +286,10 @@ static unsigned long mmap_rnd(void)
+@@ -260,10 +282,14 @@ unsigned long get_fb_unmapped_area(struct file *filp, unsigned long orig_addr, u
+ EXPORT_SYMBOL(get_fb_unmapped_area);
+
+ /* Essentially the same as PowerPC. */
+-static unsigned long mmap_rnd(void)
++static unsigned long mmap_rnd(struct mm_struct *mm)
{
unsigned long rnd = 0UL;
@@ -8502,6 +8956,15 @@ index 708bc29..6bfdfad 100644
if (current->flags & PF_RANDOMIZE) {
unsigned long val = get_random_int();
if (test_thread_flag(TIF_32BIT))
+@@ -276,7 +302,7 @@ static unsigned long mmap_rnd(void)
+
+ void arch_pick_mmap_layout(struct mm_struct *mm)
+ {
+- unsigned long random_factor = mmap_rnd();
++ unsigned long random_factor = mmap_rnd(mm);
+ unsigned long gap;
+
+ /*
@@ -289,6 +315,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm)
gap == RLIM_INFINITY ||
sysctl_legacy_va_layout) {
@@ -8615,7 +9078,7 @@ index 6629829..036032d 100644
}
diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c
-index 8d38ca9..845b1d6 100644
+index b3f833a..ac74b2d 100644
--- a/arch/sparc/kernel/traps_64.c
+++ b/arch/sparc/kernel/traps_64.c
@@ -76,7 +76,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p)
@@ -8725,7 +9188,7 @@ index 8d38ca9..845b1d6 100644
graph++;
}
}
-@@ -2367,6 +2378,8 @@ static inline struct reg_window *kernel_stack_up(struct reg_window *rw)
+@@ -2360,6 +2371,8 @@ static inline struct reg_window *kernel_stack_up(struct reg_window *rw)
return (struct reg_window *) (fp + STACK_BIAS);
}
@@ -8734,7 +9197,7 @@ index 8d38ca9..845b1d6 100644
void die_if_kernel(char *str, struct pt_regs *regs)
{
static int die_counter;
-@@ -2395,7 +2408,7 @@ void die_if_kernel(char *str, struct pt_regs *regs)
+@@ -2388,7 +2401,7 @@ void die_if_kernel(char *str, struct pt_regs *regs)
while (rw &&
count++ < 30 &&
kstack_valid(tp, (unsigned long) rw)) {
@@ -8743,7 +9206,7 @@ index 8d38ca9..845b1d6 100644
(void *) rw->ins[7]);
rw = kernel_stack_up(rw);
-@@ -2408,8 +2421,10 @@ void die_if_kernel(char *str, struct pt_regs *regs)
+@@ -2401,8 +2414,10 @@ void die_if_kernel(char *str, struct pt_regs *regs)
}
user_instruction_dump ((unsigned int __user *) regs->tpc);
}
@@ -8768,117 +9231,8 @@ index 8201c25e..072a2a7 100644
regs->tpc, (void *) regs->tpc);
}
}
-diff --git a/arch/sparc/kernel/us3_cpufreq.c b/arch/sparc/kernel/us3_cpufreq.c
-index eb1624b..55100de 100644
---- a/arch/sparc/kernel/us3_cpufreq.c
-+++ b/arch/sparc/kernel/us3_cpufreq.c
-@@ -18,14 +18,12 @@
- #include <asm/head.h>
- #include <asm/timer.h>
-
--static struct cpufreq_driver *cpufreq_us3_driver;
--
- struct us3_freq_percpu_info {
- struct cpufreq_frequency_table table[4];
- };
-
- /* Indexed by cpu number. */
--static struct us3_freq_percpu_info *us3_freq_table;
-+static struct us3_freq_percpu_info us3_freq_table[NR_CPUS];
-
- /* UltraSPARC-III has three dividers: 1, 2, and 32. These are controlled
- * in the Safari config register.
-@@ -191,12 +189,25 @@ static int __init us3_freq_cpu_init(struct cpufreq_policy *policy)
-
- static int us3_freq_cpu_exit(struct cpufreq_policy *policy)
- {
-- if (cpufreq_us3_driver)
-- us3_set_cpu_divider_index(policy->cpu, 0);
-+ us3_set_cpu_divider_index(policy->cpu, 0);
-
- return 0;
- }
-
-+static int __init us3_freq_init(void);
-+static void __exit us3_freq_exit(void);
-+
-+static struct cpufreq_driver cpufreq_us3_driver = {
-+ .init = us3_freq_cpu_init,
-+ .verify = us3_freq_verify,
-+ .target = us3_freq_target,
-+ .get = us3_freq_get,
-+ .exit = us3_freq_cpu_exit,
-+ .owner = THIS_MODULE,
-+ .name = "UltraSPARC-III",
-+
-+};
-+
- static int __init us3_freq_init(void)
- {
- unsigned long manuf, impl, ver;
-@@ -213,57 +224,15 @@ static int __init us3_freq_init(void)
- (impl == CHEETAH_IMPL ||
- impl == CHEETAH_PLUS_IMPL ||
- impl == JAGUAR_IMPL ||
-- impl == PANTHER_IMPL)) {
-- struct cpufreq_driver *driver;
--
-- ret = -ENOMEM;
-- driver = kzalloc(sizeof(struct cpufreq_driver), GFP_KERNEL);
-- if (!driver)
-- goto err_out;
--
-- us3_freq_table = kzalloc(
-- (NR_CPUS * sizeof(struct us3_freq_percpu_info)),
-- GFP_KERNEL);
-- if (!us3_freq_table)
-- goto err_out;
--
-- driver->init = us3_freq_cpu_init;
-- driver->verify = us3_freq_verify;
-- driver->target = us3_freq_target;
-- driver->get = us3_freq_get;
-- driver->exit = us3_freq_cpu_exit;
-- driver->owner = THIS_MODULE,
-- strcpy(driver->name, "UltraSPARC-III");
--
-- cpufreq_us3_driver = driver;
-- ret = cpufreq_register_driver(driver);
-- if (ret)
-- goto err_out;
--
-- return 0;
--
--err_out:
-- if (driver) {
-- kfree(driver);
-- cpufreq_us3_driver = NULL;
-- }
-- kfree(us3_freq_table);
-- us3_freq_table = NULL;
-- return ret;
-- }
-+ impl == PANTHER_IMPL))
-+ return cpufreq_register_driver(&cpufreq_us3_driver);
-
- return -ENODEV;
- }
-
- static void __exit us3_freq_exit(void)
- {
-- if (cpufreq_us3_driver) {
-- cpufreq_unregister_driver(cpufreq_us3_driver);
-- kfree(cpufreq_us3_driver);
-- cpufreq_us3_driver = NULL;
-- kfree(us3_freq_table);
-- us3_freq_table = NULL;
-- }
-+ cpufreq_unregister_driver(&cpufreq_us3_driver);
- }
-
- MODULE_AUTHOR("David S. Miller <davem@redhat.com>");
diff --git a/arch/sparc/lib/Makefile b/arch/sparc/lib/Makefile
-index 8410065f2..4fd4ca22 100644
+index dbe119b..089c7c1 100644
--- a/arch/sparc/lib/Makefile
+++ b/arch/sparc/lib/Makefile
@@ -2,7 +2,7 @@
@@ -9978,10 +10332,20 @@ index 5062ff3..e0b75f3 100644
* load/store/atomic was a write or not, it only says that there
* was no match. So in such a case we (carefully) read the
diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c
-index d2b5944..bd813f2 100644
+index d2b5944..d878f3c 100644
--- a/arch/sparc/mm/hugetlbpage.c
+++ b/arch/sparc/mm/hugetlbpage.c
-@@ -38,7 +38,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp,
+@@ -28,7 +28,8 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp,
+ unsigned long addr,
+ unsigned long len,
+ unsigned long pgoff,
+- unsigned long flags)
++ unsigned long flags,
++ unsigned long offset)
+ {
+ unsigned long task_size = TASK_SIZE;
+ struct vm_unmapped_area_info info;
+@@ -38,15 +39,22 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp,
info.flags = 0;
info.length = len;
@@ -9990,7 +10354,9 @@ index d2b5944..bd813f2 100644
info.high_limit = min(task_size, VA_EXCLUDE_START);
info.align_mask = PAGE_MASK & ~HPAGE_MASK;
info.align_offset = 0;
-@@ -47,6 +47,12 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp,
++ info.threadstack_offset = offset;
+ addr = vm_unmapped_area(&info);
+
if ((addr & ~PAGE_MASK) && task_size > VA_EXCLUDE_END) {
VM_BUG_ON(addr != -ENOMEM);
info.low_limit = VA_EXCLUDE_END;
@@ -10003,7 +10369,25 @@ index d2b5944..bd813f2 100644
info.high_limit = task_size;
addr = vm_unmapped_area(&info);
}
-@@ -85,6 +91,12 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -58,7 +66,8 @@ static unsigned long
+ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+ const unsigned long len,
+ const unsigned long pgoff,
+- const unsigned long flags)
++ const unsigned long flags,
++ const unsigned long offset)
+ {
+ struct mm_struct *mm = current->mm;
+ unsigned long addr = addr0;
+@@ -73,6 +82,7 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+ info.high_limit = mm->mmap_base;
+ info.align_mask = PAGE_MASK & ~HPAGE_MASK;
+ info.align_offset = 0;
++ info.threadstack_offset = offset;
+ addr = vm_unmapped_area(&info);
+
+ /*
+@@ -85,6 +95,12 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
VM_BUG_ON(addr != -ENOMEM);
info.flags = 0;
info.low_limit = TASK_UNMAPPED_BASE;
@@ -10016,7 +10400,7 @@ index d2b5944..bd813f2 100644
info.high_limit = STACK_TOP32;
addr = vm_unmapped_area(&info);
}
-@@ -99,6 +111,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+@@ -99,6 +115,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
struct mm_struct *mm = current->mm;
struct vm_area_struct *vma;
unsigned long task_size = TASK_SIZE;
@@ -10024,7 +10408,7 @@ index d2b5944..bd813f2 100644
if (test_thread_flag(TIF_32BIT))
task_size = STACK_TOP32;
-@@ -114,11 +127,14 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
+@@ -114,19 +131,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr,
return addr;
}
@@ -10041,20 +10425,16 @@ index d2b5944..bd813f2 100644
return addr;
}
if (mm->get_unmapped_area == arch_get_unmapped_area)
-diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c
-index 83d89bc..37e7bc4 100644
---- a/arch/sparc/mm/tlb.c
-+++ b/arch/sparc/mm/tlb.c
-@@ -85,8 +85,8 @@ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr,
- }
-
- if (!tb->active) {
-- global_flush_tlb_page(mm, vaddr);
- flush_tsb_user_page(mm, vaddr);
-+ global_flush_tlb_page(mm, vaddr);
- goto out;
- }
+ return hugetlb_get_unmapped_area_bottomup(file, addr, len,
+- pgoff, flags);
++ pgoff, flags, offset);
+ else
+ return hugetlb_get_unmapped_area_topdown(file, addr, len,
+- pgoff, flags);
++ pgoff, flags, offset);
+ }
+ pte_t *huge_pte_alloc(struct mm_struct *mm,
diff --git a/arch/tile/include/asm/atomic_64.h b/arch/tile/include/asm/atomic_64.h
index f4500c6..889656c 100644
--- a/arch/tile/include/asm/atomic_64.h
@@ -10095,10 +10475,10 @@ index a9a5299..0fce79e 100644
/* bytes per L2 cache line */
#define L2_CACHE_SHIFT CHIP_L2_LOG_LINE_SIZE()
diff --git a/arch/tile/include/asm/uaccess.h b/arch/tile/include/asm/uaccess.h
-index 9ab078a..d6635c2 100644
+index 8a082bc..7a6bf87 100644
--- a/arch/tile/include/asm/uaccess.h
+++ b/arch/tile/include/asm/uaccess.h
-@@ -403,9 +403,9 @@ static inline unsigned long __must_check copy_from_user(void *to,
+@@ -408,9 +408,9 @@ static inline unsigned long __must_check copy_from_user(void *to,
const void __user *from,
unsigned long n)
{
@@ -10215,11 +10595,30 @@ index 0032f92..cd151e0 100644
#ifdef CONFIG_64BIT
#define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval))
+diff --git a/arch/um/include/asm/tlb.h b/arch/um/include/asm/tlb.h
+index 4febacd..29b0301 100644
+--- a/arch/um/include/asm/tlb.h
++++ b/arch/um/include/asm/tlb.h
+@@ -45,10 +45,12 @@ static inline void init_tlb_gather(struct mmu_gather *tlb)
+ }
+
+ static inline void
+-tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned int full_mm_flush)
++tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end)
+ {
+ tlb->mm = mm;
+- tlb->fullmm = full_mm_flush;
++ tlb->start = start;
++ tlb->end = end;
++ tlb->fullmm = !(start | (end+1));
+
+ init_tlb_gather(tlb);
+ }
diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c
-index b462b13..e7a19aa 100644
+index bbcef52..6a2a483 100644
--- a/arch/um/kernel/process.c
+++ b/arch/um/kernel/process.c
-@@ -386,22 +386,6 @@ int singlestepping(void * t)
+@@ -367,22 +367,6 @@ int singlestepping(void * t)
return 2;
}
@@ -10260,10 +10659,10 @@ index ad8f795..2c7eec6 100644
/*
* Memory returned by kmalloc() may be used for DMA, so we must make
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
-index de80b33..c0f0899 100644
+index fe120da..24177f7 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
-@@ -243,7 +243,7 @@ config X86_HT
+@@ -239,7 +239,7 @@ config X86_HT
config X86_32_LAZY_GS
def_bool y
@@ -10272,7 +10671,7 @@ index de80b33..c0f0899 100644
config ARCH_HWEIGHT_CFLAGS
string
-@@ -1076,6 +1076,7 @@ config MICROCODE_EARLY
+@@ -1073,6 +1073,7 @@ config MICROCODE_EARLY
config X86_MSR
tristate "/dev/cpu/*/msr - Model-specific register support"
@@ -10280,7 +10679,7 @@ index de80b33..c0f0899 100644
---help---
This device gives privileged processes access to the x86
Model-Specific Registers (MSRs). It is a character device with
-@@ -1099,7 +1100,7 @@ choice
+@@ -1096,7 +1097,7 @@ choice
config NOHIGHMEM
bool "off"
@@ -10289,7 +10688,7 @@ index de80b33..c0f0899 100644
---help---
Linux can use up to 64 Gigabytes of physical memory on x86 systems.
However, the address space of 32-bit x86 processors is only 4
-@@ -1136,7 +1137,7 @@ config NOHIGHMEM
+@@ -1133,7 +1134,7 @@ config NOHIGHMEM
config HIGHMEM4G
bool "4GB"
@@ -10298,7 +10697,7 @@ index de80b33..c0f0899 100644
---help---
Select this if you have a 32-bit processor and between 1 and 4
gigabytes of physical RAM.
-@@ -1189,7 +1190,7 @@ config PAGE_OFFSET
+@@ -1186,7 +1187,7 @@ config PAGE_OFFSET
hex
default 0xB0000000 if VMSPLIT_3G_OPT
default 0x80000000 if VMSPLIT_2G
@@ -10307,7 +10706,7 @@ index de80b33..c0f0899 100644
default 0x40000000 if VMSPLIT_1G
default 0xC0000000
depends on X86_32
-@@ -1587,6 +1588,7 @@ config SECCOMP
+@@ -1584,6 +1585,7 @@ config SECCOMP
config CC_STACKPROTECTOR
bool "Enable -fstack-protector buffer overflow detection"
@@ -10315,7 +10714,7 @@ index de80b33..c0f0899 100644
---help---
This option turns on the -fstack-protector GCC feature. This
feature puts, at the beginning of functions, a canary value on
-@@ -1706,6 +1708,8 @@ config X86_NEED_RELOCS
+@@ -1703,6 +1705,8 @@ config X86_NEED_RELOCS
config PHYSICAL_ALIGN
hex "Alignment value to which kernel should be aligned" if X86_32
default "0x1000000"
@@ -10324,7 +10723,7 @@ index de80b33..c0f0899 100644
range 0x2000 0x1000000
---help---
This value puts the alignment restrictions on physical address
-@@ -1781,9 +1785,10 @@ config DEBUG_HOTPLUG_CPU0
+@@ -1778,9 +1782,10 @@ config DEBUG_HOTPLUG_CPU0
If unsure, say N.
config COMPAT_VDSO
@@ -10368,7 +10767,7 @@ index c026cca..14657ae 100644
config X86_MINIMUM_CPU_FAMILY
int
diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug
-index b322f12..652d0d9 100644
+index c198b7e..63eea60 100644
--- a/arch/x86/Kconfig.debug
+++ b/arch/x86/Kconfig.debug
@@ -84,7 +84,7 @@ config X86_PTDUMP
@@ -10389,15 +10788,6 @@ index b322f12..652d0d9 100644
---help---
This option helps catch unintended modifications to loadable
kernel module's text and read-only data. It also prevents execution
-@@ -294,7 +294,7 @@ config OPTIMIZE_INLINING
-
- config DEBUG_STRICT_USER_COPY_CHECKS
- bool "Strict copy size checks"
-- depends on DEBUG_KERNEL && !TRACE_BRANCH_PROFILING
-+ depends on DEBUG_KERNEL && !TRACE_BRANCH_PROFILING && !PAX_SIZE_OVERFLOW
- ---help---
- Enabling this option turns a certain set of sanity checks for user
- copy operations into compile time failures.
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
index 5c47726..8c4fa67 100644
--- a/arch/x86/Makefile
@@ -10496,7 +10886,7 @@ index 5ef205c..342191d 100644
KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
GCOV_PROFILE := n
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index c205035..5853587 100644
+index d606463..b887794 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -150,7 +150,6 @@ again:
@@ -10590,7 +10980,7 @@ index 1e3184f..0d11e2e 100644
jmp 1b
2:
diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S
-index c1d383d..57ab51c 100644
+index 16f24e6..47491a3 100644
--- a/arch/x86/boot/compressed/head_64.S
+++ b/arch/x86/boot/compressed/head_64.S
@@ -97,7 +97,7 @@ ENTRY(startup_32)
@@ -10824,7 +11214,7 @@ index 9105655..5e37f27 100644
movq r1,r2; \
movq r3,r4; \
diff --git a/arch/x86/crypto/aesni-intel_asm.S b/arch/x86/crypto/aesni-intel_asm.S
-index 04b7977..402f223 100644
+index 477e9d7..3ab339f 100644
--- a/arch/x86/crypto/aesni-intel_asm.S
+++ b/arch/x86/crypto/aesni-intel_asm.S
@@ -31,6 +31,7 @@
@@ -10835,7 +11225,7 @@ index 04b7977..402f223 100644
#ifdef __x86_64__
.data
-@@ -1435,6 +1436,7 @@ _return_T_done_decrypt:
+@@ -1441,6 +1442,7 @@ _return_T_done_decrypt:
pop %r14
pop %r13
pop %r12
@@ -10843,7 +11233,7 @@ index 04b7977..402f223 100644
ret
ENDPROC(aesni_gcm_dec)
-@@ -1699,6 +1701,7 @@ _return_T_done_encrypt:
+@@ -1705,6 +1707,7 @@ _return_T_done_encrypt:
pop %r14
pop %r13
pop %r12
@@ -10851,7 +11241,7 @@ index 04b7977..402f223 100644
ret
ENDPROC(aesni_gcm_enc)
-@@ -1716,6 +1719,7 @@ _key_expansion_256a:
+@@ -1722,6 +1725,7 @@ _key_expansion_256a:
pxor %xmm1, %xmm0
movaps %xmm0, (TKEYP)
add $0x10, TKEYP
@@ -10859,7 +11249,7 @@ index 04b7977..402f223 100644
ret
ENDPROC(_key_expansion_128)
ENDPROC(_key_expansion_256a)
-@@ -1742,6 +1746,7 @@ _key_expansion_192a:
+@@ -1748,6 +1752,7 @@ _key_expansion_192a:
shufps $0b01001110, %xmm2, %xmm1
movaps %xmm1, 0x10(TKEYP)
add $0x20, TKEYP
@@ -10867,7 +11257,7 @@ index 04b7977..402f223 100644
ret
ENDPROC(_key_expansion_192a)
-@@ -1762,6 +1767,7 @@ _key_expansion_192b:
+@@ -1768,6 +1773,7 @@ _key_expansion_192b:
movaps %xmm0, (TKEYP)
add $0x10, TKEYP
@@ -10875,7 +11265,7 @@ index 04b7977..402f223 100644
ret
ENDPROC(_key_expansion_192b)
-@@ -1775,6 +1781,7 @@ _key_expansion_256b:
+@@ -1781,6 +1787,7 @@ _key_expansion_256b:
pxor %xmm1, %xmm2
movaps %xmm2, (TKEYP)
add $0x10, TKEYP
@@ -10883,7 +11273,7 @@ index 04b7977..402f223 100644
ret
ENDPROC(_key_expansion_256b)
-@@ -1888,6 +1895,7 @@ ENTRY(aesni_set_key)
+@@ -1894,6 +1901,7 @@ ENTRY(aesni_set_key)
#ifndef __x86_64__
popl KEYP
#endif
@@ -10891,7 +11281,7 @@ index 04b7977..402f223 100644
ret
ENDPROC(aesni_set_key)
-@@ -1910,6 +1918,7 @@ ENTRY(aesni_enc)
+@@ -1916,6 +1924,7 @@ ENTRY(aesni_enc)
popl KLEN
popl KEYP
#endif
@@ -10899,7 +11289,7 @@ index 04b7977..402f223 100644
ret
ENDPROC(aesni_enc)
-@@ -1968,6 +1977,7 @@ _aesni_enc1:
+@@ -1974,6 +1983,7 @@ _aesni_enc1:
AESENC KEY STATE
movaps 0x70(TKEYP), KEY
AESENCLAST KEY STATE
@@ -10907,7 +11297,7 @@ index 04b7977..402f223 100644
ret
ENDPROC(_aesni_enc1)
-@@ -2077,6 +2087,7 @@ _aesni_enc4:
+@@ -2083,6 +2093,7 @@ _aesni_enc4:
AESENCLAST KEY STATE2
AESENCLAST KEY STATE3
AESENCLAST KEY STATE4
@@ -10915,7 +11305,7 @@ index 04b7977..402f223 100644
ret
ENDPROC(_aesni_enc4)
-@@ -2100,6 +2111,7 @@ ENTRY(aesni_dec)
+@@ -2106,6 +2117,7 @@ ENTRY(aesni_dec)
popl KLEN
popl KEYP
#endif
@@ -10923,7 +11313,7 @@ index 04b7977..402f223 100644
ret
ENDPROC(aesni_dec)
-@@ -2158,6 +2170,7 @@ _aesni_dec1:
+@@ -2164,6 +2176,7 @@ _aesni_dec1:
AESDEC KEY STATE
movaps 0x70(TKEYP), KEY
AESDECLAST KEY STATE
@@ -10931,7 +11321,7 @@ index 04b7977..402f223 100644
ret
ENDPROC(_aesni_dec1)
-@@ -2267,6 +2280,7 @@ _aesni_dec4:
+@@ -2273,6 +2286,7 @@ _aesni_dec4:
AESDECLAST KEY STATE2
AESDECLAST KEY STATE3
AESDECLAST KEY STATE4
@@ -10939,7 +11329,7 @@ index 04b7977..402f223 100644
ret
ENDPROC(_aesni_dec4)
-@@ -2325,6 +2339,7 @@ ENTRY(aesni_ecb_enc)
+@@ -2331,6 +2345,7 @@ ENTRY(aesni_ecb_enc)
popl KEYP
popl LEN
#endif
@@ -10947,7 +11337,7 @@ index 04b7977..402f223 100644
ret
ENDPROC(aesni_ecb_enc)
-@@ -2384,6 +2399,7 @@ ENTRY(aesni_ecb_dec)
+@@ -2390,6 +2405,7 @@ ENTRY(aesni_ecb_dec)
popl KEYP
popl LEN
#endif
@@ -10955,7 +11345,7 @@ index 04b7977..402f223 100644
ret
ENDPROC(aesni_ecb_dec)
-@@ -2426,6 +2442,7 @@ ENTRY(aesni_cbc_enc)
+@@ -2432,6 +2448,7 @@ ENTRY(aesni_cbc_enc)
popl LEN
popl IVP
#endif
@@ -10963,7 +11353,7 @@ index 04b7977..402f223 100644
ret
ENDPROC(aesni_cbc_enc)
-@@ -2517,6 +2534,7 @@ ENTRY(aesni_cbc_dec)
+@@ -2523,6 +2540,7 @@ ENTRY(aesni_cbc_dec)
popl LEN
popl IVP
#endif
@@ -10971,7 +11361,7 @@ index 04b7977..402f223 100644
ret
ENDPROC(aesni_cbc_dec)
-@@ -2544,6 +2562,7 @@ _aesni_inc_init:
+@@ -2550,6 +2568,7 @@ _aesni_inc_init:
mov $1, TCTR_LOW
MOVQ_R64_XMM TCTR_LOW INC
MOVQ_R64_XMM CTR TCTR_LOW
@@ -10979,7 +11369,7 @@ index 04b7977..402f223 100644
ret
ENDPROC(_aesni_inc_init)
-@@ -2573,6 +2592,7 @@ _aesni_inc:
+@@ -2579,6 +2598,7 @@ _aesni_inc:
.Linc_low:
movaps CTR, IV
PSHUFB_XMM BSWAP_MASK IV
@@ -10987,14 +11377,73 @@ index 04b7977..402f223 100644
ret
ENDPROC(_aesni_inc)
-@@ -2634,6 +2654,7 @@ ENTRY(aesni_ctr_enc)
+@@ -2640,6 +2660,7 @@ ENTRY(aesni_ctr_enc)
.Lctr_enc_ret:
movups IV, (IVP)
.Lctr_enc_just_ret:
+ pax_force_retaddr 0, 1
ret
ENDPROC(aesni_ctr_enc)
- #endif
+
+@@ -2766,6 +2787,7 @@ ENTRY(aesni_xts_crypt8)
+ pxor INC, STATE4
+ movdqu STATE4, 0x70(OUTP)
+
++ pax_force_retaddr 0, 1
+ ret
+ ENDPROC(aesni_xts_crypt8)
+
+diff --git a/arch/x86/crypto/blowfish-avx2-asm_64.S b/arch/x86/crypto/blowfish-avx2-asm_64.S
+index 784452e..46982c7 100644
+--- a/arch/x86/crypto/blowfish-avx2-asm_64.S
++++ b/arch/x86/crypto/blowfish-avx2-asm_64.S
+@@ -221,6 +221,7 @@ __blowfish_enc_blk32:
+
+ write_block(RXl, RXr);
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(__blowfish_enc_blk32)
+
+@@ -250,6 +251,7 @@ __blowfish_dec_blk32:
+
+ write_block(RXl, RXr);
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(__blowfish_dec_blk32)
+
+@@ -284,6 +286,7 @@ ENTRY(blowfish_ecb_enc_32way)
+
+ vzeroupper;
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(blowfish_ecb_enc_32way)
+
+@@ -318,6 +321,7 @@ ENTRY(blowfish_ecb_dec_32way)
+
+ vzeroupper;
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(blowfish_ecb_dec_32way)
+
+@@ -365,6 +369,7 @@ ENTRY(blowfish_cbc_dec_32way)
+
+ vzeroupper;
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(blowfish_cbc_dec_32way)
+
+@@ -445,5 +450,6 @@ ENTRY(blowfish_ctr_32way)
+
+ vzeroupper;
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(blowfish_ctr_32way)
diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S
index 246c670..4d1ed00 100644
--- a/arch/x86/crypto/blowfish-x86_64-asm_64.S
@@ -11050,6 +11499,174 @@ index 246c670..4d1ed00 100644
+ pax_force_retaddr 0, 1
ret;
ENDPROC(blowfish_dec_blk_4way)
+diff --git a/arch/x86/crypto/camellia-aesni-avx-asm_64.S b/arch/x86/crypto/camellia-aesni-avx-asm_64.S
+index ce71f92..2dd5b1e 100644
+--- a/arch/x86/crypto/camellia-aesni-avx-asm_64.S
++++ b/arch/x86/crypto/camellia-aesni-avx-asm_64.S
+@@ -16,6 +16,7 @@
+ */
+
+ #include <linux/linkage.h>
++#include <asm/alternative-asm.h>
+
+ #define CAMELLIA_TABLE_BYTE_LEN 272
+
+@@ -191,6 +192,7 @@ roundsm16_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd:
+ roundsm16(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7,
+ %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, %xmm15,
+ %rcx, (%r9));
++ pax_force_retaddr_bts
+ ret;
+ ENDPROC(roundsm16_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd)
+
+@@ -199,6 +201,7 @@ roundsm16_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab:
+ roundsm16(%xmm4, %xmm5, %xmm6, %xmm7, %xmm0, %xmm1, %xmm2, %xmm3,
+ %xmm12, %xmm13, %xmm14, %xmm15, %xmm8, %xmm9, %xmm10, %xmm11,
+ %rax, (%r9));
++ pax_force_retaddr_bts
+ ret;
+ ENDPROC(roundsm16_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab)
+
+@@ -780,6 +783,7 @@ __camellia_enc_blk16:
+ %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14,
+ %xmm15, (key_table)(CTX, %r8, 8), (%rax), 1 * 16(%rax));
+
++ pax_force_retaddr_bts
+ ret;
+
+ .align 8
+@@ -865,6 +869,7 @@ __camellia_dec_blk16:
+ %xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14,
+ %xmm15, (key_table)(CTX), (%rax), 1 * 16(%rax));
+
++ pax_force_retaddr_bts
+ ret;
+
+ .align 8
+@@ -904,6 +909,7 @@ ENTRY(camellia_ecb_enc_16way)
+ %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9,
+ %xmm8, %rsi);
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(camellia_ecb_enc_16way)
+
+@@ -932,6 +938,7 @@ ENTRY(camellia_ecb_dec_16way)
+ %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9,
+ %xmm8, %rsi);
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(camellia_ecb_dec_16way)
+
+@@ -981,6 +988,7 @@ ENTRY(camellia_cbc_dec_16way)
+ %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9,
+ %xmm8, %rsi);
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(camellia_cbc_dec_16way)
+
+@@ -1092,6 +1100,7 @@ ENTRY(camellia_ctr_16way)
+ %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9,
+ %xmm8, %rsi);
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(camellia_ctr_16way)
+
+@@ -1234,6 +1243,7 @@ camellia_xts_crypt_16way:
+ %xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9,
+ %xmm8, %rsi);
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(camellia_xts_crypt_16way)
+
+diff --git a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
+index 91a1878..bcf340a 100644
+--- a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
++++ b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
+@@ -11,6 +11,7 @@
+ */
+
+ #include <linux/linkage.h>
++#include <asm/alternative-asm.h>
+
+ #define CAMELLIA_TABLE_BYTE_LEN 272
+
+@@ -212,6 +213,7 @@ roundsm32_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd:
+ roundsm32(%ymm0, %ymm1, %ymm2, %ymm3, %ymm4, %ymm5, %ymm6, %ymm7,
+ %ymm8, %ymm9, %ymm10, %ymm11, %ymm12, %ymm13, %ymm14, %ymm15,
+ %rcx, (%r9));
++ pax_force_retaddr_bts
+ ret;
+ ENDPROC(roundsm32_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd)
+
+@@ -220,6 +222,7 @@ roundsm32_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab:
+ roundsm32(%ymm4, %ymm5, %ymm6, %ymm7, %ymm0, %ymm1, %ymm2, %ymm3,
+ %ymm12, %ymm13, %ymm14, %ymm15, %ymm8, %ymm9, %ymm10, %ymm11,
+ %rax, (%r9));
++ pax_force_retaddr_bts
+ ret;
+ ENDPROC(roundsm32_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab)
+
+@@ -802,6 +805,7 @@ __camellia_enc_blk32:
+ %ymm8, %ymm9, %ymm10, %ymm11, %ymm12, %ymm13, %ymm14,
+ %ymm15, (key_table)(CTX, %r8, 8), (%rax), 1 * 32(%rax));
+
++ pax_force_retaddr_bts
+ ret;
+
+ .align 8
+@@ -887,6 +891,7 @@ __camellia_dec_blk32:
+ %ymm8, %ymm9, %ymm10, %ymm11, %ymm12, %ymm13, %ymm14,
+ %ymm15, (key_table)(CTX), (%rax), 1 * 32(%rax));
+
++ pax_force_retaddr_bts
+ ret;
+
+ .align 8
+@@ -930,6 +935,7 @@ ENTRY(camellia_ecb_enc_32way)
+
+ vzeroupper;
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(camellia_ecb_enc_32way)
+
+@@ -962,6 +968,7 @@ ENTRY(camellia_ecb_dec_32way)
+
+ vzeroupper;
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(camellia_ecb_dec_32way)
+
+@@ -1028,6 +1035,7 @@ ENTRY(camellia_cbc_dec_32way)
+
+ vzeroupper;
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(camellia_cbc_dec_32way)
+
+@@ -1166,6 +1174,7 @@ ENTRY(camellia_ctr_32way)
+
+ vzeroupper;
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(camellia_ctr_32way)
+
+@@ -1331,6 +1340,7 @@ camellia_xts_crypt_32way:
+
+ vzeroupper;
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(camellia_xts_crypt_32way)
+
diff --git a/arch/x86/crypto/camellia-x86_64-asm_64.S b/arch/x86/crypto/camellia-x86_64-asm_64.S
index 310319c..ce174a4 100644
--- a/arch/x86/crypto/camellia-x86_64-asm_64.S
@@ -11168,7 +11785,7 @@ index c35fd5d..c1ee236 100644
ret;
ENDPROC(cast5_ctr_16way)
diff --git a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S
-index f93b610..c09bf40 100644
+index e3531f8..18ded3a 100644
--- a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S
+++ b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S
@@ -24,6 +24,7 @@
@@ -11179,7 +11796,7 @@ index f93b610..c09bf40 100644
#include "glue_helper-asm-avx.S"
.file "cast6-avx-x86_64-asm_64.S"
-@@ -293,6 +294,7 @@ __cast6_enc_blk8:
+@@ -295,6 +296,7 @@ __cast6_enc_blk8:
outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
@@ -11187,7 +11804,7 @@ index f93b610..c09bf40 100644
ret;
ENDPROC(__cast6_enc_blk8)
-@@ -338,6 +340,7 @@ __cast6_dec_blk8:
+@@ -340,6 +342,7 @@ __cast6_dec_blk8:
outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
@@ -11195,7 +11812,7 @@ index f93b610..c09bf40 100644
ret;
ENDPROC(__cast6_dec_blk8)
-@@ -356,6 +359,7 @@ ENTRY(cast6_ecb_enc_8way)
+@@ -358,6 +361,7 @@ ENTRY(cast6_ecb_enc_8way)
store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
@@ -11203,7 +11820,7 @@ index f93b610..c09bf40 100644
ret;
ENDPROC(cast6_ecb_enc_8way)
-@@ -374,6 +378,7 @@ ENTRY(cast6_ecb_dec_8way)
+@@ -376,6 +380,7 @@ ENTRY(cast6_ecb_dec_8way)
store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
@@ -11211,7 +11828,7 @@ index f93b610..c09bf40 100644
ret;
ENDPROC(cast6_ecb_dec_8way)
-@@ -397,6 +402,7 @@ ENTRY(cast6_cbc_dec_8way)
+@@ -399,6 +404,7 @@ ENTRY(cast6_cbc_dec_8way)
popq %r12;
@@ -11219,13 +11836,92 @@ index f93b610..c09bf40 100644
ret;
ENDPROC(cast6_cbc_dec_8way)
-@@ -422,5 +428,6 @@ ENTRY(cast6_ctr_8way)
+@@ -424,6 +430,7 @@ ENTRY(cast6_ctr_8way)
popq %r12;
+ pax_force_retaddr
ret;
ENDPROC(cast6_ctr_8way)
+
+@@ -446,6 +453,7 @@ ENTRY(cast6_xts_enc_8way)
+ /* dst <= regs xor IVs(in dst) */
+ store_xts_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+
++ pax_force_retaddr
+ ret;
+ ENDPROC(cast6_xts_enc_8way)
+
+@@ -468,5 +476,6 @@ ENTRY(cast6_xts_dec_8way)
+ /* dst <= regs xor IVs(in dst) */
+ store_xts_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+
++ pax_force_retaddr
+ ret;
+ ENDPROC(cast6_xts_dec_8way)
+diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
+index dbc4339..3d868c5 100644
+--- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
++++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
+@@ -45,6 +45,7 @@
+
+ #include <asm/inst.h>
+ #include <linux/linkage.h>
++#include <asm/alternative-asm.h>
+
+ ## ISCSI CRC 32 Implementation with crc32 and pclmulqdq Instruction
+
+@@ -312,6 +313,7 @@ do_return:
+ popq %rsi
+ popq %rdi
+ popq %rbx
++ pax_force_retaddr 0, 1
+ ret
+
+ ################################################################
+diff --git a/arch/x86/crypto/ghash-clmulni-intel_asm.S b/arch/x86/crypto/ghash-clmulni-intel_asm.S
+index 586f41a..d02851e 100644
+--- a/arch/x86/crypto/ghash-clmulni-intel_asm.S
++++ b/arch/x86/crypto/ghash-clmulni-intel_asm.S
+@@ -18,6 +18,7 @@
+
+ #include <linux/linkage.h>
+ #include <asm/inst.h>
++#include <asm/alternative-asm.h>
+
+ .data
+
+@@ -93,6 +94,7 @@ __clmul_gf128mul_ble:
+ psrlq $1, T2
+ pxor T2, T1
+ pxor T1, DATA
++ pax_force_retaddr
+ ret
+ ENDPROC(__clmul_gf128mul_ble)
+
+@@ -105,6 +107,7 @@ ENTRY(clmul_ghash_mul)
+ call __clmul_gf128mul_ble
+ PSHUFB_XMM BSWAP DATA
+ movups DATA, (%rdi)
++ pax_force_retaddr
+ ret
+ ENDPROC(clmul_ghash_mul)
+
+@@ -132,6 +135,7 @@ ENTRY(clmul_ghash_update)
+ PSHUFB_XMM BSWAP DATA
+ movups DATA, (%rdi)
+ .Lupdate_just_ret:
++ pax_force_retaddr
+ ret
+ ENDPROC(clmul_ghash_update)
+
+@@ -157,5 +161,6 @@ ENTRY(clmul_ghash_setkey)
+ pand .Lpoly, %xmm1
+ pxor %xmm1, %xmm0
+ movups %xmm0, (%rdi)
++ pax_force_retaddr
+ ret
+ ENDPROC(clmul_ghash_setkey)
diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S
index 9279e0b..9270820 100644
--- a/arch/x86/crypto/salsa20-x86_64-asm_64.S
@@ -11260,10 +11956,10 @@ index 9279e0b..9270820 100644
ret
ENDPROC(salsa20_ivsetup)
diff --git a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S
-index 43c9386..a0e2d60 100644
+index 2f202f4..d9164d6 100644
--- a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S
+++ b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S
-@@ -25,6 +25,7 @@
+@@ -24,6 +24,7 @@
*/
#include <linux/linkage.h>
@@ -11271,7 +11967,7 @@ index 43c9386..a0e2d60 100644
#include "glue_helper-asm-avx.S"
.file "serpent-avx-x86_64-asm_64.S"
-@@ -617,6 +618,7 @@ __serpent_enc_blk8_avx:
+@@ -618,6 +619,7 @@ __serpent_enc_blk8_avx:
write_blocks(RA1, RB1, RC1, RD1, RK0, RK1, RK2);
write_blocks(RA2, RB2, RC2, RD2, RK0, RK1, RK2);
@@ -11279,7 +11975,7 @@ index 43c9386..a0e2d60 100644
ret;
ENDPROC(__serpent_enc_blk8_avx)
-@@ -671,6 +673,7 @@ __serpent_dec_blk8_avx:
+@@ -672,6 +674,7 @@ __serpent_dec_blk8_avx:
write_blocks(RC1, RD1, RB1, RE1, RK0, RK1, RK2);
write_blocks(RC2, RD2, RB2, RE2, RK0, RK1, RK2);
@@ -11287,7 +11983,7 @@ index 43c9386..a0e2d60 100644
ret;
ENDPROC(__serpent_dec_blk8_avx)
-@@ -687,6 +690,7 @@ ENTRY(serpent_ecb_enc_8way_avx)
+@@ -688,6 +691,7 @@ ENTRY(serpent_ecb_enc_8way_avx)
store_8way(%rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
@@ -11295,7 +11991,7 @@ index 43c9386..a0e2d60 100644
ret;
ENDPROC(serpent_ecb_enc_8way_avx)
-@@ -703,6 +707,7 @@ ENTRY(serpent_ecb_dec_8way_avx)
+@@ -704,6 +708,7 @@ ENTRY(serpent_ecb_dec_8way_avx)
store_8way(%rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2);
@@ -11303,7 +11999,7 @@ index 43c9386..a0e2d60 100644
ret;
ENDPROC(serpent_ecb_dec_8way_avx)
-@@ -719,6 +724,7 @@ ENTRY(serpent_cbc_dec_8way_avx)
+@@ -720,6 +725,7 @@ ENTRY(serpent_cbc_dec_8way_avx)
store_cbc_8way(%rdx, %rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2);
@@ -11311,13 +12007,104 @@ index 43c9386..a0e2d60 100644
ret;
ENDPROC(serpent_cbc_dec_8way_avx)
-@@ -737,5 +743,6 @@ ENTRY(serpent_ctr_8way_avx)
+@@ -738,6 +744,7 @@ ENTRY(serpent_ctr_8way_avx)
store_ctr_8way(%rdx, %rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+ pax_force_retaddr
ret;
ENDPROC(serpent_ctr_8way_avx)
+
+@@ -758,6 +765,7 @@ ENTRY(serpent_xts_enc_8way_avx)
+ /* dst <= regs xor IVs(in dst) */
+ store_xts_8way(%rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+
++ pax_force_retaddr
+ ret;
+ ENDPROC(serpent_xts_enc_8way_avx)
+
+@@ -778,5 +786,6 @@ ENTRY(serpent_xts_dec_8way_avx)
+ /* dst <= regs xor IVs(in dst) */
+ store_xts_8way(%rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2);
+
++ pax_force_retaddr
+ ret;
+ ENDPROC(serpent_xts_dec_8way_avx)
+diff --git a/arch/x86/crypto/serpent-avx2-asm_64.S b/arch/x86/crypto/serpent-avx2-asm_64.S
+index b222085..abd483c 100644
+--- a/arch/x86/crypto/serpent-avx2-asm_64.S
++++ b/arch/x86/crypto/serpent-avx2-asm_64.S
+@@ -15,6 +15,7 @@
+ */
+
+ #include <linux/linkage.h>
++#include <asm/alternative-asm.h>
+ #include "glue_helper-asm-avx2.S"
+
+ .file "serpent-avx2-asm_64.S"
+@@ -610,6 +611,7 @@ __serpent_enc_blk16:
+ write_blocks(RA1, RB1, RC1, RD1, RK0, RK1, RK2);
+ write_blocks(RA2, RB2, RC2, RD2, RK0, RK1, RK2);
+
++ pax_force_retaddr
+ ret;
+ ENDPROC(__serpent_enc_blk16)
+
+@@ -664,6 +666,7 @@ __serpent_dec_blk16:
+ write_blocks(RC1, RD1, RB1, RE1, RK0, RK1, RK2);
+ write_blocks(RC2, RD2, RB2, RE2, RK0, RK1, RK2);
+
++ pax_force_retaddr
+ ret;
+ ENDPROC(__serpent_dec_blk16)
+
+@@ -684,6 +687,7 @@ ENTRY(serpent_ecb_enc_16way)
+
+ vzeroupper;
+
++ pax_force_retaddr
+ ret;
+ ENDPROC(serpent_ecb_enc_16way)
+
+@@ -704,6 +708,7 @@ ENTRY(serpent_ecb_dec_16way)
+
+ vzeroupper;
+
++ pax_force_retaddr
+ ret;
+ ENDPROC(serpent_ecb_dec_16way)
+
+@@ -725,6 +730,7 @@ ENTRY(serpent_cbc_dec_16way)
+
+ vzeroupper;
+
++ pax_force_retaddr
+ ret;
+ ENDPROC(serpent_cbc_dec_16way)
+
+@@ -748,6 +754,7 @@ ENTRY(serpent_ctr_16way)
+
+ vzeroupper;
+
++ pax_force_retaddr
+ ret;
+ ENDPROC(serpent_ctr_16way)
+
+@@ -772,6 +779,7 @@ ENTRY(serpent_xts_enc_16way)
+
+ vzeroupper;
+
++ pax_force_retaddr
+ ret;
+ ENDPROC(serpent_xts_enc_16way)
+
+@@ -796,5 +804,6 @@ ENTRY(serpent_xts_dec_16way)
+
+ vzeroupper;
+
++ pax_force_retaddr
+ ret;
+ ENDPROC(serpent_xts_dec_16way)
diff --git a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S
index acc066c..1559cc4 100644
--- a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S
@@ -11372,8 +12159,128 @@ index a410950..3356d42 100644
ret
ENDPROC(\name)
+diff --git a/arch/x86/crypto/sha256-avx-asm.S b/arch/x86/crypto/sha256-avx-asm.S
+index 642f156..4ab07b9 100644
+--- a/arch/x86/crypto/sha256-avx-asm.S
++++ b/arch/x86/crypto/sha256-avx-asm.S
+@@ -49,6 +49,7 @@
+
+ #ifdef CONFIG_AS_AVX
+ #include <linux/linkage.h>
++#include <asm/alternative-asm.h>
+
+ ## assume buffers not aligned
+ #define VMOVDQ vmovdqu
+@@ -460,6 +461,7 @@ done_hash:
+ popq %r13
+ popq %rbp
+ popq %rbx
++ pax_force_retaddr 0, 1
+ ret
+ ENDPROC(sha256_transform_avx)
+
+diff --git a/arch/x86/crypto/sha256-avx2-asm.S b/arch/x86/crypto/sha256-avx2-asm.S
+index 9e86944..2e7f95a 100644
+--- a/arch/x86/crypto/sha256-avx2-asm.S
++++ b/arch/x86/crypto/sha256-avx2-asm.S
+@@ -50,6 +50,7 @@
+
+ #ifdef CONFIG_AS_AVX2
+ #include <linux/linkage.h>
++#include <asm/alternative-asm.h>
+
+ ## assume buffers not aligned
+ #define VMOVDQ vmovdqu
+@@ -720,6 +721,7 @@ done_hash:
+ popq %r12
+ popq %rbp
+ popq %rbx
++ pax_force_retaddr 0, 1
+ ret
+ ENDPROC(sha256_transform_rorx)
+
+diff --git a/arch/x86/crypto/sha256-ssse3-asm.S b/arch/x86/crypto/sha256-ssse3-asm.S
+index f833b74..c36ed14 100644
+--- a/arch/x86/crypto/sha256-ssse3-asm.S
++++ b/arch/x86/crypto/sha256-ssse3-asm.S
+@@ -47,6 +47,7 @@
+ ########################################################################
+
+ #include <linux/linkage.h>
++#include <asm/alternative-asm.h>
+
+ ## assume buffers not aligned
+ #define MOVDQ movdqu
+@@ -471,6 +472,7 @@ done_hash:
+ popq %rbp
+ popq %rbx
+
++ pax_force_retaddr 0, 1
+ ret
+ ENDPROC(sha256_transform_ssse3)
+
+diff --git a/arch/x86/crypto/sha512-avx-asm.S b/arch/x86/crypto/sha512-avx-asm.S
+index 974dde9..4533d34 100644
+--- a/arch/x86/crypto/sha512-avx-asm.S
++++ b/arch/x86/crypto/sha512-avx-asm.S
+@@ -49,6 +49,7 @@
+
+ #ifdef CONFIG_AS_AVX
+ #include <linux/linkage.h>
++#include <asm/alternative-asm.h>
+
+ .text
+
+@@ -364,6 +365,7 @@ updateblock:
+ mov frame_RSPSAVE(%rsp), %rsp
+
+ nowork:
++ pax_force_retaddr 0, 1
+ ret
+ ENDPROC(sha512_transform_avx)
+
+diff --git a/arch/x86/crypto/sha512-avx2-asm.S b/arch/x86/crypto/sha512-avx2-asm.S
+index 568b961..061ef1d 100644
+--- a/arch/x86/crypto/sha512-avx2-asm.S
++++ b/arch/x86/crypto/sha512-avx2-asm.S
+@@ -51,6 +51,7 @@
+
+ #ifdef CONFIG_AS_AVX2
+ #include <linux/linkage.h>
++#include <asm/alternative-asm.h>
+
+ .text
+
+@@ -678,6 +679,7 @@ done_hash:
+
+ # Restore Stack Pointer
+ mov frame_RSPSAVE(%rsp), %rsp
++ pax_force_retaddr 0, 1
+ ret
+ ENDPROC(sha512_transform_rorx)
+
+diff --git a/arch/x86/crypto/sha512-ssse3-asm.S b/arch/x86/crypto/sha512-ssse3-asm.S
+index fb56855..e23914f 100644
+--- a/arch/x86/crypto/sha512-ssse3-asm.S
++++ b/arch/x86/crypto/sha512-ssse3-asm.S
+@@ -48,6 +48,7 @@
+ ########################################################################
+
+ #include <linux/linkage.h>
++#include <asm/alternative-asm.h>
+
+ .text
+
+@@ -363,6 +364,7 @@ updateblock:
+ mov frame_RSPSAVE(%rsp), %rsp
+
+ nowork:
++ pax_force_retaddr 0, 1
+ ret
+ ENDPROC(sha512_transform_ssse3)
+
diff --git a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S
-index 8d3e113..898b161 100644
+index 0505813..63b1d00 100644
--- a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S
+++ b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S
@@ -24,6 +24,7 @@
@@ -11384,7 +12291,7 @@ index 8d3e113..898b161 100644
#include "glue_helper-asm-avx.S"
.file "twofish-avx-x86_64-asm_64.S"
-@@ -282,6 +283,7 @@ __twofish_enc_blk8:
+@@ -284,6 +285,7 @@ __twofish_enc_blk8:
outunpack_blocks(RC1, RD1, RA1, RB1, RK1, RX0, RY0, RK2);
outunpack_blocks(RC2, RD2, RA2, RB2, RK1, RX0, RY0, RK2);
@@ -11392,7 +12299,7 @@ index 8d3e113..898b161 100644
ret;
ENDPROC(__twofish_enc_blk8)
-@@ -322,6 +324,7 @@ __twofish_dec_blk8:
+@@ -324,6 +326,7 @@ __twofish_dec_blk8:
outunpack_blocks(RA1, RB1, RC1, RD1, RK1, RX0, RY0, RK2);
outunpack_blocks(RA2, RB2, RC2, RD2, RK1, RX0, RY0, RK2);
@@ -11400,7 +12307,7 @@ index 8d3e113..898b161 100644
ret;
ENDPROC(__twofish_dec_blk8)
-@@ -340,6 +343,7 @@ ENTRY(twofish_ecb_enc_8way)
+@@ -342,6 +345,7 @@ ENTRY(twofish_ecb_enc_8way)
store_8way(%r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2);
@@ -11408,7 +12315,7 @@ index 8d3e113..898b161 100644
ret;
ENDPROC(twofish_ecb_enc_8way)
-@@ -358,6 +362,7 @@ ENTRY(twofish_ecb_dec_8way)
+@@ -360,6 +364,7 @@ ENTRY(twofish_ecb_dec_8way)
store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
@@ -11416,7 +12323,7 @@ index 8d3e113..898b161 100644
ret;
ENDPROC(twofish_ecb_dec_8way)
-@@ -381,6 +386,7 @@ ENTRY(twofish_cbc_dec_8way)
+@@ -383,6 +388,7 @@ ENTRY(twofish_cbc_dec_8way)
popq %r12;
@@ -11424,13 +12331,97 @@ index 8d3e113..898b161 100644
ret;
ENDPROC(twofish_cbc_dec_8way)
-@@ -406,5 +412,6 @@ ENTRY(twofish_ctr_8way)
+@@ -408,6 +414,7 @@ ENTRY(twofish_ctr_8way)
popq %r12;
+ pax_force_retaddr 0, 1
ret;
ENDPROC(twofish_ctr_8way)
+
+@@ -430,6 +437,7 @@ ENTRY(twofish_xts_enc_8way)
+ /* dst <= regs xor IVs(in dst) */
+ store_xts_8way(%r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2);
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(twofish_xts_enc_8way)
+
+@@ -452,5 +460,6 @@ ENTRY(twofish_xts_dec_8way)
+ /* dst <= regs xor IVs(in dst) */
+ store_xts_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(twofish_xts_dec_8way)
+diff --git a/arch/x86/crypto/twofish-avx2-asm_64.S b/arch/x86/crypto/twofish-avx2-asm_64.S
+index e1a83b9..33006b9 100644
+--- a/arch/x86/crypto/twofish-avx2-asm_64.S
++++ b/arch/x86/crypto/twofish-avx2-asm_64.S
+@@ -11,6 +11,7 @@
+ */
+
+ #include <linux/linkage.h>
++#include <asm/alternative-asm.h>
+ #include "glue_helper-asm-avx2.S"
+
+ .file "twofish-avx2-asm_64.S"
+@@ -422,6 +423,7 @@ __twofish_enc_blk16:
+ outunpack_enc16(RA, RB, RC, RD);
+ write_blocks16(RA, RB, RC, RD);
+
++ pax_force_retaddr_bts
+ ret;
+ ENDPROC(__twofish_enc_blk16)
+
+@@ -454,6 +456,7 @@ __twofish_dec_blk16:
+ outunpack_dec16(RA, RB, RC, RD);
+ write_blocks16(RA, RB, RC, RD);
+
++ pax_force_retaddr_bts
+ ret;
+ ENDPROC(__twofish_dec_blk16)
+
+@@ -476,6 +479,7 @@ ENTRY(twofish_ecb_enc_16way)
+ popq %r12;
+ vzeroupper;
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(twofish_ecb_enc_16way)
+
+@@ -498,6 +502,7 @@ ENTRY(twofish_ecb_dec_16way)
+ popq %r12;
+ vzeroupper;
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(twofish_ecb_dec_16way)
+
+@@ -521,6 +526,7 @@ ENTRY(twofish_cbc_dec_16way)
+ popq %r12;
+ vzeroupper;
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(twofish_cbc_dec_16way)
+
+@@ -546,6 +552,7 @@ ENTRY(twofish_ctr_16way)
+ popq %r12;
+ vzeroupper;
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(twofish_ctr_16way)
+
+@@ -574,6 +581,7 @@ twofish_xts_crypt_16way:
+ popq %r12;
+ vzeroupper;
+
++ pax_force_retaddr 0, 1
+ ret;
+ ENDPROC(twofish_xts_crypt_16way)
+
diff --git a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
index 1c3b7ce..b365c5e 100644
--- a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
@@ -11494,7 +12485,7 @@ index a039d21..29e7615 100644
ret
ENDPROC(twofish_dec_blk)
diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c
-index 03abf9b..a42ba29 100644
+index 52ff81c..98af645 100644
--- a/arch/x86/ia32/ia32_aout.c
+++ b/arch/x86/ia32/ia32_aout.c
@@ -159,6 +159,8 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file,
@@ -11507,7 +12498,7 @@ index 03abf9b..a42ba29 100644
set_fs(KERNEL_DS);
has_dumped = 1;
diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c
-index cf1a471..3bc4cf8 100644
+index cf1a471..5ba2673 100644
--- a/arch/x86/ia32/ia32_signal.c
+++ b/arch/x86/ia32/ia32_signal.c
@@ -340,7 +340,7 @@ static void __user *get_sigframe(struct ksignal *ksig, struct pt_regs *regs,
@@ -11537,7 +12528,12 @@ index cf1a471..3bc4cf8 100644
};
frame = get_sigframe(ksig, regs, sizeof(*frame), &fpstate);
-@@ -463,16 +463,18 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig,
+@@ -459,20 +459,22 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig,
+ else
+ put_user_ex(0, &frame->uc.uc_flags);
+ put_user_ex(0, &frame->uc.uc_link);
+- err |= __compat_save_altstack(&frame->uc.uc_stack, regs->sp);
++ __compat_save_altstack_ex(&frame->uc.uc_stack, regs->sp);
if (ksig->ka.sa.sa_flags & SA_RESTORER)
restorer = ksig->ka.sa.sa_restorer;
@@ -11560,7 +12556,7 @@ index cf1a471..3bc4cf8 100644
err |= copy_siginfo_to_user32(&frame->info, &ksig->info);
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
-index 474dc1b..24aaa3e 100644
+index 474dc1b..9297c58 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -15,8 +15,10 @@
@@ -11620,7 +12616,7 @@ index 474dc1b..24aaa3e 100644
movl %ebp,%ebp /* zero extension */
pushq_cfi $__USER32_DS
/*CFI_REL_OFFSET ss,0*/
-@@ -135,24 +157,44 @@ ENTRY(ia32_sysenter_target)
+@@ -135,24 +157,49 @@ ENTRY(ia32_sysenter_target)
CFI_REL_OFFSET rsp,0
pushfq_cfi
/*CFI_REL_OFFSET rflags,0*/
@@ -11654,8 +12650,8 @@ index 474dc1b..24aaa3e 100644
32bit zero extended */
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+ mov pax_user_shadow_base,%r11
-+ add %r11,%rbp
++ addq pax_user_shadow_base,%rbp
++ ASM_PAX_OPEN_USERLAND
+#endif
+
ASM_STAC
@@ -11664,13 +12660,18 @@ index 474dc1b..24aaa3e 100644
ASM_CLAC
- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ ASM_PAX_CLOSE_USERLAND
++#endif
++
+ GET_THREAD_INFO(%r11)
+ orl $TS_COMPAT,TI_status(%r11)
+ testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11)
CFI_REMEMBER_STATE
jnz sysenter_tracesys
cmpq $(IA32_NR_syscalls-1),%rax
-@@ -162,12 +204,15 @@ sysenter_do_call:
+@@ -162,12 +209,15 @@ sysenter_do_call:
sysenter_dispatch:
call *ia32_sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
@@ -11688,7 +12689,7 @@ index 474dc1b..24aaa3e 100644
/* clear IF, that popfq doesn't enable interrupts early */
andl $~0x200,EFLAGS-R11(%rsp)
movl RIP-R11(%rsp),%edx /* User %eip */
-@@ -193,6 +238,9 @@ sysexit_from_sys_call:
+@@ -193,6 +243,9 @@ sysexit_from_sys_call:
movl %eax,%esi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */
call __audit_syscall_entry
@@ -11698,7 +12699,7 @@ index 474dc1b..24aaa3e 100644
movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */
cmpq $(IA32_NR_syscalls-1),%rax
ja ia32_badsys
-@@ -204,7 +252,7 @@ sysexit_from_sys_call:
+@@ -204,7 +257,7 @@ sysexit_from_sys_call:
.endm
.macro auditsys_exit exit
@@ -11707,7 +12708,7 @@ index 474dc1b..24aaa3e 100644
jnz ia32_ret_from_sys_call
TRACE_IRQS_ON
ENABLE_INTERRUPTS(CLBR_NONE)
-@@ -215,11 +263,12 @@ sysexit_from_sys_call:
+@@ -215,11 +268,12 @@ sysexit_from_sys_call:
1: setbe %al /* 1 if error, 0 if not */
movzbl %al,%edi /* zero-extend that into %edi */
call __audit_syscall_exit
@@ -11721,7 +12722,7 @@ index 474dc1b..24aaa3e 100644
jz \exit
CLEAR_RREGS -ARGOFFSET
jmp int_with_check
-@@ -237,7 +286,7 @@ sysexit_audit:
+@@ -237,7 +291,7 @@ sysexit_audit:
sysenter_tracesys:
#ifdef CONFIG_AUDITSYSCALL
@@ -11730,7 +12731,7 @@ index 474dc1b..24aaa3e 100644
jz sysenter_auditsys
#endif
SAVE_REST
-@@ -249,6 +298,9 @@ sysenter_tracesys:
+@@ -249,6 +303,9 @@ sysenter_tracesys:
RESTORE_REST
cmpq $(IA32_NR_syscalls-1),%rax
ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */
@@ -11740,7 +12741,7 @@ index 474dc1b..24aaa3e 100644
jmp sysenter_do_call
CFI_ENDPROC
ENDPROC(ia32_sysenter_target)
-@@ -276,19 +328,25 @@ ENDPROC(ia32_sysenter_target)
+@@ -276,19 +333,25 @@ ENDPROC(ia32_sysenter_target)
ENTRY(ia32_cstar_target)
CFI_STARTPROC32 simple
CFI_SIGNAL_FRAME
@@ -11768,14 +12769,15 @@ index 474dc1b..24aaa3e 100644
movl %eax,%eax /* zero extension */
movq %rax,ORIG_RAX-ARGOFFSET(%rsp)
movq %rcx,RIP-ARGOFFSET(%rsp)
-@@ -304,12 +362,19 @@ ENTRY(ia32_cstar_target)
+@@ -304,12 +367,25 @@ ENTRY(ia32_cstar_target)
/* no need to do an access_ok check here because r8 has been
32bit zero extended */
/* hardware stack frame is complete now */
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+ mov pax_user_shadow_base,%r11
-+ add %r11,%r8
++ ASM_PAX_OPEN_USERLAND
++ movq pax_user_shadow_base,%r8
++ addq RSP-ARGOFFSET(%rsp),%r8
+#endif
+
ASM_STAC
@@ -11784,13 +12786,18 @@ index 474dc1b..24aaa3e 100644
ASM_CLAC
- orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
- testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET)
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ ASM_PAX_CLOSE_USERLAND
++#endif
++
+ GET_THREAD_INFO(%r11)
+ orl $TS_COMPAT,TI_status(%r11)
+ testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%r11)
CFI_REMEMBER_STATE
jnz cstar_tracesys
cmpq $IA32_NR_syscalls-1,%rax
-@@ -319,12 +384,15 @@ cstar_do_call:
+@@ -319,12 +395,15 @@ cstar_do_call:
cstar_dispatch:
call *ia32_sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
@@ -11808,7 +12815,7 @@ index 474dc1b..24aaa3e 100644
RESTORE_ARGS 0,-ARG_SKIP,0,0,0
movl RIP-ARGOFFSET(%rsp),%ecx
CFI_REGISTER rip,rcx
-@@ -352,7 +420,7 @@ sysretl_audit:
+@@ -352,7 +431,7 @@ sysretl_audit:
cstar_tracesys:
#ifdef CONFIG_AUDITSYSCALL
@@ -11817,7 +12824,7 @@ index 474dc1b..24aaa3e 100644
jz cstar_auditsys
#endif
xchgl %r9d,%ebp
-@@ -366,6 +434,9 @@ cstar_tracesys:
+@@ -366,11 +445,19 @@ cstar_tracesys:
xchgl %ebp,%r9d
cmpq $(IA32_NR_syscalls-1),%rax
ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */
@@ -11827,7 +12834,17 @@ index 474dc1b..24aaa3e 100644
jmp cstar_do_call
END(ia32_cstar_target)
-@@ -407,19 +478,26 @@ ENTRY(ia32_syscall)
+ ia32_badarg:
+ ASM_CLAC
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ ASM_PAX_CLOSE_USERLAND
++#endif
++
+ movq $-EFAULT,%rax
+ jmp ia32_sysret
+ CFI_ENDPROC
+@@ -407,19 +494,26 @@ ENTRY(ia32_syscall)
CFI_REL_OFFSET rip,RIP-RIP
PARAVIRT_ADJUST_EXCEPTION_FRAME
SWAPGS
@@ -11861,7 +12878,7 @@ index 474dc1b..24aaa3e 100644
jnz ia32_tracesys
cmpq $(IA32_NR_syscalls-1),%rax
ja ia32_badsys
-@@ -442,6 +520,9 @@ ia32_tracesys:
+@@ -442,6 +536,9 @@ ia32_tracesys:
RESTORE_REST
cmpq $(IA32_NR_syscalls-1),%rax
ja int_ret_from_sys_call /* ia32_tracesys has set RAX(%rsp) */
@@ -11872,7 +12889,7 @@ index 474dc1b..24aaa3e 100644
END(ia32_syscall)
diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c
-index ad7a20c..1ffa3c1 100644
+index 8e0ceec..af13504 100644
--- a/arch/x86/ia32/sys_ia32.c
+++ b/arch/x86/ia32/sys_ia32.c
@@ -69,8 +69,8 @@ asmlinkage long sys32_ftruncate64(unsigned int fd, unsigned long offset_low,
@@ -11886,15 +12903,6 @@ index ad7a20c..1ffa3c1 100644
SET_UID(uid, from_kuid_munged(current_user_ns(), stat->uid));
SET_GID(gid, from_kgid_munged(current_user_ns(), stat->gid));
if (!access_ok(VERIFY_WRITE, ubuf, sizeof(struct stat64)) ||
-@@ -205,7 +205,7 @@ asmlinkage long sys32_sendfile(int out_fd, int in_fd,
- return -EFAULT;
-
- set_fs(KERNEL_DS);
-- ret = sys_sendfile(out_fd, in_fd, offset ? (off_t __user *)&of : NULL,
-+ ret = sys_sendfile(out_fd, in_fd, offset ? (off_t __force_user *)&of : NULL,
- count);
- set_fs(old_fs);
-
diff --git a/arch/x86/include/asm/alternative-asm.h b/arch/x86/include/asm/alternative-asm.h
index 372231c..a5aa1a1 100644
--- a/arch/x86/include/asm/alternative-asm.h
@@ -12394,11 +13402,6 @@ index 722aa3b..3a0bb27 100644
-#define atomic_clear_mask(mask, addr) \
- asm volatile(LOCK_PREFIX "andl %0,%1" \
- : : "r" (~(mask)), "m" (*(addr)) : "memory")
--
--#define atomic_set_mask(mask, addr) \
-- asm volatile(LOCK_PREFIX "orl %0,%1" \
-- : : "r" ((unsigned)(mask)), "m" (*(addr)) \
-- : "memory")
+static inline void atomic_clear_mask(unsigned int mask, atomic_t *v)
+{
+ asm volatile(LOCK_PREFIX "andl %1,%0"
@@ -12406,7 +13409,11 @@ index 722aa3b..3a0bb27 100644
+ : "r" (~(mask))
+ : "memory");
+}
-+
+
+-#define atomic_set_mask(mask, addr) \
+- asm volatile(LOCK_PREFIX "orl %0,%1" \
+- : : "r" ((unsigned)(mask)), "m" (*(addr)) \
+- : "memory")
+static inline void atomic_clear_mask_unchecked(unsigned int mask, atomic_unchecked_t *v)
+{
+ asm volatile(LOCK_PREFIX "andl %1,%0"
@@ -13033,7 +14040,7 @@ index 46fc474..b02b0f9 100644
if (len)
diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h
-index 8d871ea..c1a0dc9 100644
+index d47786a..ce1b05d 100644
--- a/arch/x86/include/asm/cmpxchg.h
+++ b/arch/x86/include/asm/cmpxchg.h
@@ -14,8 +14,12 @@ extern void __cmpxchg_wrong_size(void)
@@ -13108,10 +14115,19 @@ index 59c6c40..5e0b22c 100644
struct compat_timespec {
compat_time_t tv_sec;
diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h
-index 93fe929..90858b7 100644
+index e99ac27..10d834e 100644
--- a/arch/x86/include/asm/cpufeature.h
+++ b/arch/x86/include/asm/cpufeature.h
-@@ -207,7 +207,7 @@
+@@ -203,7 +203,7 @@
+ #define X86_FEATURE_DECODEASSISTS (8*32+12) /* AMD Decode Assists support */
+ #define X86_FEATURE_PAUSEFILTER (8*32+13) /* AMD filtered pause intercept */
+ #define X86_FEATURE_PFTHRESHOLD (8*32+14) /* AMD pause filter threshold */
+-
++#define X86_FEATURE_STRONGUDEREF (8*32+31) /* PaX PCID based strong UDEREF */
+
+ /* Intel-defined CPU features, CPUID level 0x00000007:0 (ebx), word 9 */
+ #define X86_FEATURE_FSGSBASE (9*32+ 0) /* {RD/WR}{FS/GS}BASE instructions*/
+@@ -211,7 +211,7 @@
#define X86_FEATURE_BMI1 (9*32+ 3) /* 1st group bit manipulation extensions */
#define X86_FEATURE_HLE (9*32+ 4) /* Hardware Lock Elision */
#define X86_FEATURE_AVX2 (9*32+ 5) /* AVX2 instructions */
@@ -13120,7 +14136,15 @@ index 93fe929..90858b7 100644
#define X86_FEATURE_BMI2 (9*32+ 8) /* 2nd group bit manipulation extensions */
#define X86_FEATURE_ERMS (9*32+ 9) /* Enhanced REP MOVSB/STOSB */
#define X86_FEATURE_INVPCID (9*32+10) /* Invalidate Processor Context ID */
-@@ -377,7 +377,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
+@@ -353,6 +353,7 @@ extern const char * const x86_power_flags[32];
+ #undef cpu_has_centaur_mcr
+ #define cpu_has_centaur_mcr 0
+
++#define cpu_has_pcid boot_cpu_has(X86_FEATURE_PCID)
+ #endif /* CONFIG_X86_64 */
+
+ #if __GNUC__ >= 4
+@@ -394,7 +395,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit)
".section .discard,\"aw\",@progbits\n"
" .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */
".previous\n"
@@ -13443,12 +14467,14 @@ index 75ce3f4..882e801 100644
#endif /* _ASM_X86_EMERGENCY_RESTART_H */
diff --git a/arch/x86/include/asm/fpu-internal.h b/arch/x86/include/asm/fpu-internal.h
-index e25cc33..425d099 100644
+index e25cc33..7d3ec01 100644
--- a/arch/x86/include/asm/fpu-internal.h
+++ b/arch/x86/include/asm/fpu-internal.h
-@@ -127,7 +127,9 @@ static inline void sanitize_i387_state(struct task_struct *tsk)
+@@ -126,8 +126,11 @@ static inline void sanitize_i387_state(struct task_struct *tsk)
+ #define user_insn(insn, output, input...) \
({ \
int err; \
++ pax_open_userland(); \
asm volatile(ASM_STAC "\n" \
- "1:" #insn "\n\t" \
+ "1:" \
@@ -13457,7 +14483,15 @@ index e25cc33..425d099 100644
"2: " ASM_CLAC "\n" \
".section .fixup,\"ax\"\n" \
"3: movl $-1,%[err]\n" \
-@@ -300,7 +302,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk)
+@@ -136,6 +139,7 @@ static inline void sanitize_i387_state(struct task_struct *tsk)
+ _ASM_EXTABLE(1b, 3b) \
+ : [err] "=r" (err), output \
+ : "0"(0), input); \
++ pax_close_userland(); \
+ err; \
+ })
+
+@@ -300,7 +304,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk)
"emms\n\t" /* clear stack tags */
"fildl %P[addr]", /* set F?P to defined value */
X86_FEATURE_FXSAVE_LEAK,
@@ -13467,7 +14501,7 @@ index e25cc33..425d099 100644
return fpu_restore_checking(&tsk->thread.fpu);
}
diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h
-index be27ba1..8f13ff9 100644
+index be27ba1..04a8801 100644
--- a/arch/x86/include/asm/futex.h
+++ b/arch/x86/include/asm/futex.h
@@ -12,6 +12,7 @@
@@ -13506,8 +14540,11 @@ index be27ba1..8f13ff9 100644
: "r" (oparg), "i" (-EFAULT), "1" (0))
static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
-@@ -59,10 +61,10 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
+@@ -57,12 +59,13 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
+
+ pagefault_disable();
++ pax_open_userland();
switch (op) {
case FUTEX_OP_SET:
- __futex_atomic_op1("xchgl %0, %2", ret, oldval, uaddr, oparg);
@@ -13519,9 +14556,19 @@ index be27ba1..8f13ff9 100644
uaddr, oparg);
break;
case FUTEX_OP_OR:
-@@ -116,14 +118,14 @@ static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
+@@ -77,6 +80,7 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr)
+ default:
+ ret = -ENOSYS;
+ }
++ pax_close_userland();
+
+ pagefault_enable();
+
+@@ -115,18 +119,20 @@ static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr,
+ if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32)))
return -EFAULT;
++ pax_open_userland();
asm volatile("\t" ASM_STAC "\n"
- "1:\t" LOCK_PREFIX "cmpxchgl %4, %2\n"
+ "1:\t" LOCK_PREFIX __copyuser_seg"cmpxchgl %4, %2\n"
@@ -13536,11 +14583,15 @@ index be27ba1..8f13ff9 100644
: "i" (-EFAULT), "r" (newval), "1" (oldval)
: "memory"
);
++ pax_close_userland();
+
+ *uval = oldval;
+ return ret;
diff --git a/arch/x86/include/asm/hw_irq.h b/arch/x86/include/asm/hw_irq.h
-index 10a78c3..cc77143 100644
+index 1da97ef..9c2ebff 100644
--- a/arch/x86/include/asm/hw_irq.h
+++ b/arch/x86/include/asm/hw_irq.h
-@@ -147,8 +147,8 @@ extern void setup_ioapic_dest(void);
+@@ -148,8 +148,8 @@ extern void setup_ioapic_dest(void);
extern void enable_IO_APIC(void);
/* Statistics */
@@ -13922,29 +14973,31 @@ index 5f55e69..e20bfb1 100644
#ifdef CONFIG_SMP
diff --git a/arch/x86/include/asm/mmu_context.h b/arch/x86/include/asm/mmu_context.h
-index cdbf367..adb37ac 100644
+index cdbf367..4c73c9e 100644
--- a/arch/x86/include/asm/mmu_context.h
+++ b/arch/x86/include/asm/mmu_context.h
-@@ -24,6 +24,18 @@ void destroy_context(struct mm_struct *mm);
+@@ -24,6 +24,20 @@ void destroy_context(struct mm_struct *mm);
static inline void enter_lazy_tlb(struct mm_struct *mm, struct task_struct *tsk)
{
+
+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+ unsigned int i;
-+ pgd_t *pgd;
++ if (!(static_cpu_has(X86_FEATURE_PCID))) {
++ unsigned int i;
++ pgd_t *pgd;
+
-+ pax_open_kernel();
-+ pgd = get_cpu_pgd(smp_processor_id());
-+ for (i = USER_PGD_PTRS; i < 2 * USER_PGD_PTRS; ++i)
-+ set_pgd_batched(pgd+i, native_make_pgd(0));
-+ pax_close_kernel();
++ pax_open_kernel();
++ pgd = get_cpu_pgd(smp_processor_id(), kernel);
++ for (i = USER_PGD_PTRS; i < 2 * USER_PGD_PTRS; ++i)
++ set_pgd_batched(pgd+i, native_make_pgd(0));
++ pax_close_kernel();
++ }
+#endif
+
#ifdef CONFIG_SMP
if (this_cpu_read(cpu_tlbstate.state) == TLBSTATE_OK)
this_cpu_write(cpu_tlbstate.state, TLBSTATE_LAZY);
-@@ -34,16 +46,30 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
+@@ -34,16 +48,55 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
struct task_struct *tsk)
{
unsigned cpu = smp_processor_id();
@@ -13965,17 +15018,42 @@ index cdbf367..adb37ac 100644
/* Re-load page tables */
+#ifdef CONFIG_PAX_PER_CPU_PGD
+ pax_open_kernel();
-+ __clone_user_pgds(get_cpu_pgd(cpu), next->pgd);
-+ __shadow_user_pgds(get_cpu_pgd(cpu) + USER_PGD_PTRS, next->pgd);
++
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++ if (static_cpu_has(X86_FEATURE_PCID))
++ __clone_user_pgds(get_cpu_pgd(cpu, user), next->pgd);
++ else
++#endif
++
++ __clone_user_pgds(get_cpu_pgd(cpu, kernel), next->pgd);
++ __shadow_user_pgds(get_cpu_pgd(cpu, kernel) + USER_PGD_PTRS, next->pgd);
+ pax_close_kernel();
-+ load_cr3(get_cpu_pgd(cpu));
++ BUG_ON((__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL) != (read_cr3() & __PHYSICAL_MASK) && (__pa(get_cpu_pgd(cpu, user)) | PCID_USER) != (read_cr3() & __PHYSICAL_MASK));
++
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++ if (static_cpu_has(X86_FEATURE_PCID)) {
++ if (static_cpu_has(X86_FEATURE_INVPCID)) {
++ unsigned long descriptor[2];
++ descriptor[0] = PCID_USER;
++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_CONTEXT) : "memory");
++ } else {
++ write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER);
++ if (static_cpu_has(X86_FEATURE_STRONGUDEREF))
++ write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH);
++ else
++ write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL);
++ }
++ } else
++#endif
++
++ load_cr3(get_cpu_pgd(cpu, kernel));
+#else
load_cr3(next->pgd);
+#endif
/* stop flush ipis for the previous mm */
cpumask_clear_cpu(cpu, mm_cpumask(prev));
-@@ -53,9 +79,38 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
+@@ -53,9 +106,63 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
*/
if (unlikely(prev->context.ldt != next->context.ldt))
load_LDT_nolock(&next->context);
@@ -14005,17 +15083,42 @@ index cdbf367..adb37ac 100644
+
+#ifdef CONFIG_PAX_PER_CPU_PGD
+ pax_open_kernel();
-+ __clone_user_pgds(get_cpu_pgd(cpu), next->pgd);
-+ __shadow_user_pgds(get_cpu_pgd(cpu) + USER_PGD_PTRS, next->pgd);
++
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++ if (static_cpu_has(X86_FEATURE_PCID))
++ __clone_user_pgds(get_cpu_pgd(cpu, user), next->pgd);
++ else
++#endif
++
++ __clone_user_pgds(get_cpu_pgd(cpu, kernel), next->pgd);
++ __shadow_user_pgds(get_cpu_pgd(cpu, kernel) + USER_PGD_PTRS, next->pgd);
+ pax_close_kernel();
-+ load_cr3(get_cpu_pgd(cpu));
++ BUG_ON((__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL) != (read_cr3() & __PHYSICAL_MASK) && (__pa(get_cpu_pgd(cpu, user)) | PCID_USER) != (read_cr3() & __PHYSICAL_MASK));
++
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++ if (static_cpu_has(X86_FEATURE_PCID)) {
++ if (static_cpu_has(X86_FEATURE_INVPCID)) {
++ unsigned long descriptor[2];
++ descriptor[0] = PCID_USER;
++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_CONTEXT) : "memory");
++ } else {
++ write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER);
++ if (static_cpu_has(X86_FEATURE_STRONGUDEREF))
++ write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH);
++ else
++ write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL);
++ }
++ } else
++#endif
++
++ load_cr3(get_cpu_pgd(cpu, kernel));
+#endif
+
+#ifdef CONFIG_SMP
this_cpu_write(cpu_tlbstate.state, TLBSTATE_OK);
BUG_ON(this_cpu_read(cpu_tlbstate.active_mm) != next);
-@@ -64,11 +119,28 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
+@@ -64,11 +171,28 @@ static inline void switch_mm(struct mm_struct *prev, struct mm_struct *next,
* tlb flush IPI delivery. We must reload CR3
* to make sure to use no freed page tables.
*/
@@ -14039,9 +15142,9 @@ index cdbf367..adb37ac 100644
+#endif
+
}
-- }
- #endif
-+ }
++#endif
+ }
+-#endif
}
#define activate_mm(prev, next) \
@@ -14081,10 +15184,10 @@ index e3b7819..b257c64 100644
+
#endif /* _ASM_X86_MODULE_H */
diff --git a/arch/x86/include/asm/nmi.h b/arch/x86/include/asm/nmi.h
-index c0fa356..07a498a 100644
+index 86f9301..b365cda 100644
--- a/arch/x86/include/asm/nmi.h
+++ b/arch/x86/include/asm/nmi.h
-@@ -42,11 +42,11 @@ struct nmiaction {
+@@ -40,11 +40,11 @@ struct nmiaction {
nmi_handler_t handler;
unsigned long flags;
const char *name;
@@ -14098,7 +15201,7 @@ index c0fa356..07a498a 100644
.handler = (fn), \
.name = (n), \
.flags = (fg), \
-@@ -54,7 +54,7 @@ struct nmiaction {
+@@ -52,7 +52,7 @@ struct nmiaction {
__register_nmi_handler((t), &fn##_na); \
})
@@ -14136,10 +15239,10 @@ index 0f1ddee..e2fc3d1 100644
unsigned long y = x - __START_KERNEL_map;
diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h
-index 7361e47..16dc226 100644
+index cfdc9ee..3f7b5d6 100644
--- a/arch/x86/include/asm/paravirt.h
+++ b/arch/x86/include/asm/paravirt.h
-@@ -564,7 +564,7 @@ static inline pmd_t __pmd(pmdval_t val)
+@@ -560,7 +560,7 @@ static inline pmd_t __pmd(pmdval_t val)
return (pmd_t) { ret };
}
@@ -14148,7 +15251,7 @@ index 7361e47..16dc226 100644
{
pmdval_t ret;
-@@ -630,6 +630,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd)
+@@ -626,6 +626,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd)
val);
}
@@ -14167,7 +15270,7 @@ index 7361e47..16dc226 100644
static inline void pgd_clear(pgd_t *pgdp)
{
set_pgd(pgdp, __pgd(0));
-@@ -714,6 +726,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx,
+@@ -710,6 +722,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx,
pv_mmu_ops.set_fixmap(idx, phys, flags);
}
@@ -14189,7 +15292,7 @@ index 7361e47..16dc226 100644
#if defined(CONFIG_SMP) && defined(CONFIG_PARAVIRT_SPINLOCKS)
static inline int arch_spin_is_locked(struct arch_spinlock *lock)
-@@ -930,7 +957,7 @@ extern void default_banner(void);
+@@ -926,7 +953,7 @@ extern void default_banner(void);
#define PARA_PATCH(struct, off) ((PARAVIRT_PATCH_##struct + (off)) / 4)
#define PARA_SITE(ptype, clobbers, ops) _PVSITE(ptype, clobbers, ops, .long, 4)
@@ -14198,7 +15301,7 @@ index 7361e47..16dc226 100644
#endif
#define INTERRUPT_RETURN \
-@@ -1005,6 +1032,21 @@ extern void default_banner(void);
+@@ -1001,6 +1028,21 @@ extern void default_banner(void);
PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_irq_enable_sysexit), \
CLBR_NONE, \
jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_irq_enable_sysexit))
@@ -14221,7 +15324,7 @@ index 7361e47..16dc226 100644
#endif /* __ASSEMBLY__ */
diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h
-index b3b0ec1..b1cd3eb 100644
+index 0db1fca..52310cc 100644
--- a/arch/x86/include/asm/paravirt_types.h
+++ b/arch/x86/include/asm/paravirt_types.h
@@ -84,7 +84,7 @@ struct pv_init_ops {
@@ -14380,7 +15483,7 @@ index 4cc9f2b..5fd9226 100644
/*
diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h
-index 1e67223..dd6e7ea 100644
+index 1e67223..92a9585 100644
--- a/arch/x86/include/asm/pgtable.h
+++ b/arch/x86/include/asm/pgtable.h
@@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page);
@@ -14486,23 +15589,24 @@ index 1e67223..dd6e7ea 100644
}
static inline pte_t pte_mkdirty(pte_t pte)
-@@ -394,6 +459,15 @@ pte_t *populate_extra_pte(unsigned long vaddr);
+@@ -394,6 +459,16 @@ pte_t *populate_extra_pte(unsigned long vaddr);
#endif
#ifndef __ASSEMBLY__
+
+#ifdef CONFIG_PAX_PER_CPU_PGD
-+extern pgd_t cpu_pgd[NR_CPUS][PTRS_PER_PGD];
-+static inline pgd_t *get_cpu_pgd(unsigned int cpu)
++extern pgd_t cpu_pgd[NR_CPUS][2][PTRS_PER_PGD];
++enum cpu_pgd_type {kernel = 0, user = 1};
++static inline pgd_t *get_cpu_pgd(unsigned int cpu, enum cpu_pgd_type type)
+{
-+ return cpu_pgd[cpu];
++ return cpu_pgd[cpu][type];
+}
+#endif
+
#include <linux/mm_types.h>
#include <linux/log2.h>
-@@ -529,7 +603,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
+@@ -529,7 +604,7 @@ static inline unsigned long pud_page_vaddr(pud_t pud)
* Currently stuck as a macro due to indirect forward reference to
* linux/mmzone.h's __section_mem_map_addr() definition:
*/
@@ -14511,7 +15615,7 @@ index 1e67223..dd6e7ea 100644
/* Find an entry in the second-level page table.. */
static inline pmd_t *pmd_offset(pud_t *pud, unsigned long address)
-@@ -569,7 +643,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
+@@ -569,7 +644,7 @@ static inline unsigned long pgd_page_vaddr(pgd_t pgd)
* Currently stuck as a macro due to indirect forward reference to
* linux/mmzone.h's __section_mem_map_addr() definition:
*/
@@ -14520,7 +15624,7 @@ index 1e67223..dd6e7ea 100644
/* to find an entry in a page-table-directory. */
static inline unsigned long pud_index(unsigned long address)
-@@ -584,7 +658,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
+@@ -584,7 +659,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address)
static inline int pgd_bad(pgd_t pgd)
{
@@ -14529,7 +15633,7 @@ index 1e67223..dd6e7ea 100644
}
static inline int pgd_none(pgd_t pgd)
-@@ -607,7 +681,12 @@ static inline int pgd_none(pgd_t pgd)
+@@ -607,7 +682,12 @@ static inline int pgd_none(pgd_t pgd)
* pgd_offset() returns a (pgd_t *)
* pgd_index() is used get the offset into the pgd page's array of pgd_t's;
*/
@@ -14537,13 +15641,13 @@ index 1e67223..dd6e7ea 100644
+#define pgd_offset(mm, address) ((mm)->pgd + pgd_index(address))
+
+#ifdef CONFIG_PAX_PER_CPU_PGD
-+#define pgd_offset_cpu(cpu, address) (get_cpu_pgd(cpu) + pgd_index(address))
++#define pgd_offset_cpu(cpu, type, address) (get_cpu_pgd(cpu, type) + pgd_index(address))
+#endif
+
/*
* a shortcut which implies the use of the kernel's pgd, instead
* of a process's
-@@ -618,6 +697,22 @@ static inline int pgd_none(pgd_t pgd)
+@@ -618,6 +698,23 @@ static inline int pgd_none(pgd_t pgd)
#define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET)
#define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY)
@@ -14558,6 +15662,7 @@ index 1e67223..dd6e7ea 100644
+#define pax_user_shadow_base pax_user_shadow_base(%rip)
+#else
+extern unsigned long pax_user_shadow_base;
++extern pgdval_t clone_pgd_mask;
+#endif
+#endif
+
@@ -14566,7 +15671,7 @@ index 1e67223..dd6e7ea 100644
#ifndef __ASSEMBLY__
extern int direct_gbpages;
-@@ -784,11 +879,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
+@@ -784,11 +881,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm,
* dst and src can be on the same page, but the range must not overlap,
* and must not cross a page boundary.
*/
@@ -14743,7 +15848,7 @@ index 2d88344..4679fc3 100644
#define EARLY_DYNAMIC_PAGE_TABLES 64
diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h
-index 567b5d0..bd91d64 100644
+index e642300..0ef8f31 100644
--- a/arch/x86/include/asm/pgtable_types.h
+++ b/arch/x86/include/asm/pgtable_types.h
@@ -16,13 +16,12 @@
@@ -14858,10 +15963,33 @@ index 567b5d0..bd91d64 100644
#define pgprot_writecombine pgprot_writecombine
extern pgprot_t pgprot_writecombine(pgprot_t prot);
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h
-index 3270116..8d99d82 100644
+index 22224b3..c5d8d7d 100644
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
-@@ -285,7 +285,7 @@ struct tss_struct {
+@@ -198,9 +198,21 @@ static inline void native_cpuid(unsigned int *eax, unsigned int *ebx,
+ : "memory");
+ }
+
++/* invpcid (%rdx),%rax */
++#define __ASM_INVPCID ".byte 0x66,0x0f,0x38,0x82,0x02"
++
++#define INVPCID_SINGLE_ADDRESS 0UL
++#define INVPCID_SINGLE_CONTEXT 1UL
++#define INVPCID_ALL_GLOBAL 2UL
++#define INVPCID_ALL_MONGLOBAL 3UL
++
++#define PCID_KERNEL 0UL
++#define PCID_USER 1UL
++#define PCID_NOFLUSH (1UL << 63)
++
+ static inline void load_cr3(pgd_t *pgdir)
+ {
+- write_cr3(__pa(pgdir));
++ write_cr3(__pa(pgdir) | PCID_KERNEL);
+ }
+
+ #ifdef CONFIG_X86_32
+@@ -282,7 +294,7 @@ struct tss_struct {
} ____cacheline_aligned;
@@ -14870,7 +15998,15 @@ index 3270116..8d99d82 100644
/*
* Save the original ist values for checking stack pointers during debugging
-@@ -826,11 +826,18 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -452,6 +464,7 @@ struct thread_struct {
+ unsigned short ds;
+ unsigned short fsindex;
+ unsigned short gsindex;
++ unsigned short ss;
+ #endif
+ #ifdef CONFIG_X86_32
+ unsigned long ip;
+@@ -823,11 +836,18 @@ static inline void spin_lock_prefetch(const void *x)
*/
#define TASK_SIZE PAGE_OFFSET
#define TASK_SIZE_MAX TASK_SIZE
@@ -14891,7 +16027,7 @@ index 3270116..8d99d82 100644
.vm86_info = NULL, \
.sysenter_cs = __KERNEL_CS, \
.io_bitmap_ptr = NULL, \
-@@ -844,7 +851,7 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -841,7 +861,7 @@ static inline void spin_lock_prefetch(const void *x)
*/
#define INIT_TSS { \
.x86_tss = { \
@@ -14900,7 +16036,7 @@ index 3270116..8d99d82 100644
.ss0 = __KERNEL_DS, \
.ss1 = __KERNEL_CS, \
.io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \
-@@ -855,11 +862,7 @@ static inline void spin_lock_prefetch(const void *x)
+@@ -852,11 +872,7 @@ static inline void spin_lock_prefetch(const void *x)
extern unsigned long thread_saved_pc(struct task_struct *tsk);
#define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long))
@@ -14913,7 +16049,7 @@ index 3270116..8d99d82 100644
/*
* The below -8 is to reserve 8 bytes on top of the ring0 stack.
-@@ -874,7 +877,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -871,7 +887,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
#define task_pt_regs(task) \
({ \
struct pt_regs *__regs__; \
@@ -14922,7 +16058,7 @@ index 3270116..8d99d82 100644
__regs__ - 1; \
})
-@@ -884,13 +887,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -881,13 +897,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
/*
* User space process size. 47bits minus one guard page.
*/
@@ -14938,7 +16074,7 @@ index 3270116..8d99d82 100644
#define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \
IA32_PAGE_OFFSET : TASK_SIZE_MAX)
-@@ -901,11 +904,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
+@@ -898,11 +914,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk);
#define STACK_TOP_MAX TASK_SIZE_MAX
#define INIT_THREAD { \
@@ -14952,7 +16088,7 @@ index 3270116..8d99d82 100644
}
/*
-@@ -933,6 +936,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
+@@ -930,6 +946,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip,
*/
#define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3))
@@ -14963,16 +16099,26 @@ index 3270116..8d99d82 100644
#define KSTK_EIP(task) (task_pt_regs(task)->ip)
/* Get/set a process' ability to use the timestamp counter instruction */
-@@ -993,7 +1000,7 @@ extern bool cpu_has_amd_erratum(const int *);
- #define cpu_has_amd_erratum(x) (false)
- #endif /* CONFIG_CPU_SUP_AMD */
+@@ -942,7 +962,8 @@ extern int set_tsc_mode(unsigned int val);
+ extern u16 amd_get_nb_id(int cpu);
+
+ struct aperfmperf {
+- u64 aperf, mperf;
++ u64 aperf __intentional_overflow(0);
++ u64 mperf __intentional_overflow(0);
+ };
+
+ static inline void get_aperfmperf(struct aperfmperf *am)
+@@ -970,7 +991,7 @@ unsigned long calc_aperfmperf_ratio(struct aperfmperf *old,
+ return ratio;
+ }
-extern unsigned long arch_align_stack(unsigned long sp);
+#define arch_align_stack(x) ((x) & ~0xfUL)
extern void free_init_pages(char *what, unsigned long begin, unsigned long end);
void default_idle(void);
-@@ -1003,6 +1010,6 @@ bool xen_set_default_idle(void);
+@@ -980,6 +1001,6 @@ bool xen_set_default_idle(void);
#define xen_set_default_idle 0
#endif
@@ -15100,7 +16246,7 @@ index a82c4f1..ac45053 100644
extern struct machine_ops machine_ops;
diff --git a/arch/x86/include/asm/rwsem.h b/arch/x86/include/asm/rwsem.h
-index 2dbe4a7..ce1db00 100644
+index cad82c9..2e5c5c1 100644
--- a/arch/x86/include/asm/rwsem.h
+++ b/arch/x86/include/asm/rwsem.h
@@ -64,6 +64,14 @@ static inline void __down_read(struct rw_semaphore *sem)
@@ -15146,9 +16292,9 @@ index 2dbe4a7..ce1db00 100644
+#endif
+
/* adds 0xffff0001, returns the old value */
- " test %1,%1\n\t"
- /* was the count 0 before? */
-@@ -141,6 +165,14 @@ static inline void __up_read(struct rw_semaphore *sem)
+ " test " __ASM_SEL(%w1,%k1) "," __ASM_SEL(%w1,%k1) "\n\t"
+ /* was the active mask 0 before? */
+@@ -155,6 +179,14 @@ static inline void __up_read(struct rw_semaphore *sem)
long tmp;
asm volatile("# beginning __up_read\n\t"
LOCK_PREFIX " xadd %1,(%2)\n\t"
@@ -15163,7 +16309,7 @@ index 2dbe4a7..ce1db00 100644
/* subtracts 1, returns the old value */
" jns 1f\n\t"
" call call_rwsem_wake\n" /* expects old value in %edx */
-@@ -159,6 +191,14 @@ static inline void __up_write(struct rw_semaphore *sem)
+@@ -173,6 +205,14 @@ static inline void __up_write(struct rw_semaphore *sem)
long tmp;
asm volatile("# beginning __up_write\n\t"
LOCK_PREFIX " xadd %1,(%2)\n\t"
@@ -15178,7 +16324,7 @@ index 2dbe4a7..ce1db00 100644
/* subtracts 0xffff0001, returns the old value */
" jns 1f\n\t"
" call call_rwsem_wake\n" /* expects old value in %edx */
-@@ -176,6 +216,14 @@ static inline void __downgrade_write(struct rw_semaphore *sem)
+@@ -190,6 +230,14 @@ static inline void __downgrade_write(struct rw_semaphore *sem)
{
asm volatile("# beginning __downgrade_write\n\t"
LOCK_PREFIX _ASM_ADD "%2,(%1)\n\t"
@@ -15193,7 +16339,7 @@ index 2dbe4a7..ce1db00 100644
/*
* transitions 0xZZZZ0001 -> 0xYYYY0001 (i386)
* 0xZZZZZZZZ00000001 -> 0xYYYYYYYY00000001 (x86_64)
-@@ -194,7 +242,15 @@ static inline void __downgrade_write(struct rw_semaphore *sem)
+@@ -208,7 +256,15 @@ static inline void __downgrade_write(struct rw_semaphore *sem)
*/
static inline void rwsem_atomic_add(long delta, struct rw_semaphore *sem)
{
@@ -15210,7 +16356,7 @@ index 2dbe4a7..ce1db00 100644
: "+m" (sem->count)
: "er" (delta));
}
-@@ -204,7 +260,7 @@ static inline void rwsem_atomic_add(long delta, struct rw_semaphore *sem)
+@@ -218,7 +274,7 @@ static inline void rwsem_atomic_add(long delta, struct rw_semaphore *sem)
*/
static inline long rwsem_atomic_update(long delta, struct rw_semaphore *sem)
{
@@ -15220,7 +16366,7 @@ index 2dbe4a7..ce1db00 100644
#endif /* __KERNEL__ */
diff --git a/arch/x86/include/asm/segment.h b/arch/x86/include/asm/segment.h
-index c48a950..c6d7468 100644
+index c48a950..bc40804 100644
--- a/arch/x86/include/asm/segment.h
+++ b/arch/x86/include/asm/segment.h
@@ -64,10 +64,15 @@
@@ -15281,15 +16427,32 @@ index c48a950..c6d7468 100644
#define GDT_ENTRY_TSS 8 /* needs two entries */
#define GDT_ENTRY_LDT 10 /* needs two entries */
#define GDT_ENTRY_TLS_MIN 12
-@@ -185,6 +200,7 @@
+@@ -173,6 +188,8 @@
+ #define GDT_ENTRY_PER_CPU 15 /* Abused to load per CPU data from limit */
+ #define __PER_CPU_SEG (GDT_ENTRY_PER_CPU * 8 + 3)
+
++#define GDT_ENTRY_UDEREF_KERNEL_DS 16
++
+ /* TLS indexes for 64bit - hardcoded in arch_prctl */
+ #define FS_TLS 0
+ #define GS_TLS 1
+@@ -180,12 +197,14 @@
+ #define GS_TLS_SEL ((GDT_ENTRY_TLS_MIN+GS_TLS)*8 + 3)
+ #define FS_TLS_SEL ((GDT_ENTRY_TLS_MIN+FS_TLS)*8 + 3)
+
+-#define GDT_ENTRIES 16
++#define GDT_ENTRIES 17
+
#endif
#define __KERNEL_CS (GDT_ENTRY_KERNEL_CS*8)
+#define __KERNEXEC_KERNEL_CS (GDT_ENTRY_KERNEXEC_KERNEL_CS*8)
#define __KERNEL_DS (GDT_ENTRY_KERNEL_DS*8)
++#define __UDEREF_KERNEL_DS (GDT_ENTRY_UDEREF_KERNEL_DS*8)
#define __USER_DS (GDT_ENTRY_DEFAULT_USER_DS*8+3)
#define __USER_CS (GDT_ENTRY_DEFAULT_USER_CS*8+3)
-@@ -265,7 +281,7 @@ static inline unsigned long get_limit(unsigned long segment)
+ #ifndef CONFIG_PARAVIRT
+@@ -265,7 +284,7 @@ static inline unsigned long get_limit(unsigned long segment)
{
unsigned long __limit;
asm("lsll %1,%0" : "=r" (__limit) : "r" (segment));
@@ -15298,6 +16461,99 @@ index c48a950..c6d7468 100644
}
#endif /* !__ASSEMBLY__ */
+diff --git a/arch/x86/include/asm/smap.h b/arch/x86/include/asm/smap.h
+index 8d3120f..352b440 100644
+--- a/arch/x86/include/asm/smap.h
++++ b/arch/x86/include/asm/smap.h
+@@ -25,11 +25,40 @@
+
+ #include <asm/alternative-asm.h>
+
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++#define ASM_PAX_OPEN_USERLAND \
++ 661: jmp 663f; \
++ .pushsection .altinstr_replacement, "a" ; \
++ 662: pushq %rax; nop; \
++ .popsection ; \
++ .pushsection .altinstructions, "a" ; \
++ altinstruction_entry 661b, 662b, X86_FEATURE_STRONGUDEREF, 2, 2;\
++ .popsection ; \
++ call __pax_open_userland; \
++ popq %rax; \
++ 663:
++
++#define ASM_PAX_CLOSE_USERLAND \
++ 661: jmp 663f; \
++ .pushsection .altinstr_replacement, "a" ; \
++ 662: pushq %rax; nop; \
++ .popsection; \
++ .pushsection .altinstructions, "a" ; \
++ altinstruction_entry 661b, 662b, X86_FEATURE_STRONGUDEREF, 2, 2;\
++ .popsection; \
++ call __pax_close_userland; \
++ popq %rax; \
++ 663:
++#else
++#define ASM_PAX_OPEN_USERLAND
++#define ASM_PAX_CLOSE_USERLAND
++#endif
++
+ #ifdef CONFIG_X86_SMAP
+
+ #define ASM_CLAC \
+ 661: ASM_NOP3 ; \
+- .pushsection .altinstr_replacement, "ax" ; \
++ .pushsection .altinstr_replacement, "a" ; \
+ 662: __ASM_CLAC ; \
+ .popsection ; \
+ .pushsection .altinstructions, "a" ; \
+@@ -38,7 +67,7 @@
+
+ #define ASM_STAC \
+ 661: ASM_NOP3 ; \
+- .pushsection .altinstr_replacement, "ax" ; \
++ .pushsection .altinstr_replacement, "a" ; \
+ 662: __ASM_STAC ; \
+ .popsection ; \
+ .pushsection .altinstructions, "a" ; \
+@@ -56,6 +85,37 @@
+
+ #include <asm/alternative.h>
+
++#define __HAVE_ARCH_PAX_OPEN_USERLAND
++#define __HAVE_ARCH_PAX_CLOSE_USERLAND
++
++extern void __pax_open_userland(void);
++static __always_inline unsigned long pax_open_userland(void)
++{
++
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++ asm volatile(ALTERNATIVE(ASM_NOP5, "call %P[open]", X86_FEATURE_STRONGUDEREF)
++ :
++ : [open] "i" (__pax_open_userland)
++ : "memory", "rax");
++#endif
++
++ return 0;
++}
++
++extern void __pax_close_userland(void);
++static __always_inline unsigned long pax_close_userland(void)
++{
++
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++ asm volatile(ALTERNATIVE(ASM_NOP5, "call %P[close]", X86_FEATURE_STRONGUDEREF)
++ :
++ : [close] "i" (__pax_close_userland)
++ : "memory", "rax");
++#endif
++
++ return 0;
++}
++
+ #ifdef CONFIG_X86_SMAP
+
+ static __always_inline void clac(void)
diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h
index b073aae..39f9bdd 100644
--- a/arch/x86/include/asm/smp.h
@@ -15444,7 +16700,15 @@ index 70bbe39..4ae2bd4 100644
- void *data,
- unsigned long *end,
- int *graph);
--
++typedef unsigned long walk_stack_t(struct task_struct *task,
++ void *stack_start,
++ unsigned long *stack,
++ unsigned long bp,
++ const struct stacktrace_ops *ops,
++ void *data,
++ unsigned long *end,
++ int *graph);
+
-extern unsigned long
-print_context_stack(struct thread_info *tinfo,
- unsigned long *stack, unsigned long bp,
@@ -15456,15 +16720,6 @@ index 70bbe39..4ae2bd4 100644
- unsigned long *stack, unsigned long bp,
- const struct stacktrace_ops *ops, void *data,
- unsigned long *end, int *graph);
-+typedef unsigned long walk_stack_t(struct task_struct *task,
-+ void *stack_start,
-+ unsigned long *stack,
-+ unsigned long bp,
-+ const struct stacktrace_ops *ops,
-+ void *data,
-+ unsigned long *end,
-+ int *graph);
-+
+extern walk_stack_t print_context_stack;
+extern walk_stack_t print_context_stack_bp;
@@ -15502,7 +16757,7 @@ index 4ec45b3..a4f0a8a 100644
__switch_canary_iparam \
: "memory", "cc" __EXTRA_CLOBBER)
diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h
-index 2cd056e..0224df8 100644
+index a1df6e8..e002940 100644
--- a/arch/x86/include/asm/thread_info.h
+++ b/arch/x86/include/asm/thread_info.h
@@ -10,6 +10,7 @@
@@ -15590,38 +16845,24 @@ index 2cd056e..0224df8 100644
/* Only used for 64 bit */
#define _TIF_DO_NOTIFY_MASK \
-@@ -158,6 +154,23 @@ struct thread_info {
+@@ -158,45 +154,40 @@ struct thread_info {
#define PREEMPT_ACTIVE 0x10000000
-+#ifdef __ASSEMBLY__
-+/* how to get the thread information struct from ASM */
-+#define GET_THREAD_INFO(reg) \
-+ mov PER_CPU_VAR(current_tinfo), reg
-+
-+/* use this one if reg already contains %esp */
-+#define GET_THREAD_INFO_WITH_ESP(reg) GET_THREAD_INFO(reg)
-+#else
-+/* how to get the thread information struct from C */
-+DECLARE_PER_CPU(struct thread_info *, current_tinfo);
-+
-+static __always_inline struct thread_info *current_thread_info(void)
-+{
-+ return this_cpu_read_stable(current_tinfo);
-+}
-+#endif
-+
- #ifdef CONFIG_X86_32
-
- #define STACK_WARN (THREAD_SIZE/8)
-@@ -168,35 +181,13 @@ struct thread_info {
- */
- #ifndef __ASSEMBLY__
-
+-#ifdef CONFIG_X86_32
+-
+-#define STACK_WARN (THREAD_SIZE/8)
+-/*
+- * macros/functions for gaining access to the thread information structure
+- *
+- * preempt_count needs to be 1 initially, until the scheduler is functional.
+- */
+-#ifndef __ASSEMBLY__
+-
+-
+-/* how to get the current stack pointer from C */
+-register unsigned long current_stack_pointer asm("esp") __used;
-
- /* how to get the current stack pointer from C */
- register unsigned long current_stack_pointer asm("esp") __used;
-
-/* how to get the thread information struct from C */
-static inline struct thread_info *current_thread_info(void)
-{
@@ -15631,15 +16872,40 @@ index 2cd056e..0224df8 100644
-
-#else /* !__ASSEMBLY__ */
-
--/* how to get the thread information struct from ASM */
--#define GET_THREAD_INFO(reg) \
++#ifdef __ASSEMBLY__
+ /* how to get the thread information struct from ASM */
+ #define GET_THREAD_INFO(reg) \
- movl $-THREAD_SIZE, reg; \
- andl %esp, reg
--
--/* use this one if reg already contains %esp */
++ mov PER_CPU_VAR(current_tinfo), reg
+
+ /* use this one if reg already contains %esp */
-#define GET_THREAD_INFO_WITH_ESP(reg) \
- andl $-THREAD_SIZE, reg
--
++#define GET_THREAD_INFO_WITH_ESP(reg) GET_THREAD_INFO(reg)
++#else
++/* how to get the thread information struct from C */
++DECLARE_PER_CPU(struct thread_info *, current_tinfo);
++
++static __always_inline struct thread_info *current_thread_info(void)
++{
++ return this_cpu_read_stable(current_tinfo);
++}
++#endif
++
++#ifdef CONFIG_X86_32
++
++#define STACK_WARN (THREAD_SIZE/8)
++/*
++ * macros/functions for gaining access to the thread information structure
++ *
++ * preempt_count needs to be 1 initially, until the scheduler is functional.
++ */
++#ifndef __ASSEMBLY__
++
++/* how to get the current stack pointer from C */
++register unsigned long current_stack_pointer asm("esp") __used;
+
#endif
#else /* X86_32 */
@@ -15680,7 +16946,7 @@ index 2cd056e..0224df8 100644
#endif
#endif /* !X86_32 */
-@@ -285,5 +257,12 @@ static inline bool is_ia32_task(void)
+@@ -283,5 +255,12 @@ static inline bool is_ia32_task(void)
extern void arch_task_cache_init(void);
extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src);
extern void arch_release_task_struct(struct task_struct *tsk);
@@ -15693,8 +16959,94 @@ index 2cd056e..0224df8 100644
+
#endif
#endif /* _ASM_X86_THREAD_INFO_H */
+diff --git a/arch/x86/include/asm/tlbflush.h b/arch/x86/include/asm/tlbflush.h
+index 50a7fc0..d00c622 100644
+--- a/arch/x86/include/asm/tlbflush.h
++++ b/arch/x86/include/asm/tlbflush.h
+@@ -17,18 +17,39 @@
+
+ static inline void __native_flush_tlb(void)
+ {
+- native_write_cr3(native_read_cr3());
++
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++ if (static_cpu_has(X86_FEATURE_PCID)) {
++ unsigned int cpu = raw_get_cpu();
++
++ if (static_cpu_has(X86_FEATURE_INVPCID)) {
++ unsigned long descriptor[2];
++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_MONGLOBAL) : "memory");
++ } else {
++ native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER);
++ native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL);
++ }
++ raw_put_cpu_no_resched();
++ } else
++#endif
++
++ native_write_cr3(native_read_cr3());
+ }
+
+ static inline void __native_flush_tlb_global_irq_disabled(void)
+ {
+- unsigned long cr4;
++ if (static_cpu_has(X86_FEATURE_INVPCID)) {
++ unsigned long descriptor[2];
++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_ALL_GLOBAL) : "memory");
++ } else {
++ unsigned long cr4;
+
+- cr4 = native_read_cr4();
+- /* clear PGE */
+- native_write_cr4(cr4 & ~X86_CR4_PGE);
+- /* write old PGE again and flush TLBs */
+- native_write_cr4(cr4);
++ cr4 = native_read_cr4();
++ /* clear PGE */
++ native_write_cr4(cr4 & ~X86_CR4_PGE);
++ /* write old PGE again and flush TLBs */
++ native_write_cr4(cr4);
++ }
+ }
+
+ static inline void __native_flush_tlb_global(void)
+@@ -49,7 +70,33 @@ static inline void __native_flush_tlb_global(void)
+
+ static inline void __native_flush_tlb_single(unsigned long addr)
+ {
+- asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
++
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++ if (static_cpu_has(X86_FEATURE_PCID) && addr < TASK_SIZE_MAX) {
++ unsigned int cpu = raw_get_cpu();
++
++ if (static_cpu_has(X86_FEATURE_INVPCID)) {
++ unsigned long descriptor[2];
++ descriptor[0] = PCID_USER;
++ descriptor[1] = addr;
++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory");
++ if (!static_cpu_has(X86_FEATURE_STRONGUDEREF)) {
++ descriptor[0] = PCID_KERNEL;
++ descriptor[1] = addr + pax_user_shadow_base;
++ asm volatile(__ASM_INVPCID : : "d"(&descriptor), "a"(INVPCID_SINGLE_ADDRESS) : "memory");
++ }
++ } else {
++ native_write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH);
++ asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
++ native_write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH);
++ if (!static_cpu_has(X86_FEATURE_STRONGUDEREF))
++ asm volatile("invlpg (%0)" ::"r" (addr + pax_user_shadow_base) : "memory");
++ }
++ raw_put_cpu_no_resched();
++ } else
++#endif
++
++ asm volatile("invlpg (%0)" ::"r" (addr) : "memory");
+ }
+
+ static inline void __flush_tlb_all(void)
diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h
-index 5ee2687..70d5895 100644
+index 5ee2687..74590b9 100644
--- a/arch/x86/include/asm/uaccess.h
+++ b/arch/x86/include/asm/uaccess.h
@@ -7,6 +7,7 @@
@@ -15754,7 +17106,20 @@ index 5ee2687..70d5895 100644
/*
* The exception table consists of pairs of addresses relative to the
-@@ -176,13 +207,21 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
+@@ -165,10 +196,12 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
+ register __inttype(*(ptr)) __val_gu asm("%edx"); \
+ __chk_user_ptr(ptr); \
+ might_fault(); \
++ pax_open_userland(); \
+ asm volatile("call __get_user_%P3" \
+ : "=a" (__ret_gu), "=r" (__val_gu) \
+ : "0" (ptr), "i" (sizeof(*(ptr)))); \
+ (x) = (__typeof__(*(ptr))) __val_gu; \
++ pax_close_userland(); \
+ __ret_gu; \
+ })
+
+@@ -176,13 +209,21 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
asm volatile("call __put_user_" #size : "=a" (__ret_pu) \
: "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx")
@@ -15779,7 +17144,7 @@ index 5ee2687..70d5895 100644
"3: " ASM_CLAC "\n" \
".section .fixup,\"ax\"\n" \
"4: movl %3,%0\n" \
-@@ -195,8 +234,8 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
+@@ -195,8 +236,8 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL))
#define __put_user_asm_ex_u64(x, addr) \
asm volatile(ASM_STAC "\n" \
@@ -15790,34 +17155,50 @@ index 5ee2687..70d5895 100644
"3: " ASM_CLAC "\n" \
_ASM_EXTABLE_EX(1b, 2b) \
_ASM_EXTABLE_EX(2b, 3b) \
-@@ -246,7 +285,7 @@ extern void __put_user_8(void);
+@@ -246,7 +287,8 @@ extern void __put_user_8(void);
__typeof__(*(ptr)) __pu_val; \
__chk_user_ptr(ptr); \
might_fault(); \
- __pu_val = x; \
+ __pu_val = (x); \
++ pax_open_userland(); \
switch (sizeof(*(ptr))) { \
case 1: \
__put_user_x(1, __pu_val, ptr, __ret_pu); \
-@@ -345,7 +384,7 @@ do { \
+@@ -264,6 +306,7 @@ extern void __put_user_8(void);
+ __put_user_x(X, __pu_val, ptr, __ret_pu); \
+ break; \
+ } \
++ pax_close_userland(); \
+ __ret_pu; \
+ })
+
+@@ -344,8 +387,10 @@ do { \
+ } while (0)
#define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \
++do { \
++ pax_open_userland(); \
asm volatile(ASM_STAC "\n" \
- "1: mov"itype" %2,%"rtype"1\n" \
+ "1: "__copyuser_seg"mov"itype" %2,%"rtype"1\n"\
"2: " ASM_CLAC "\n" \
".section .fixup,\"ax\"\n" \
"3: mov %3,%0\n" \
-@@ -353,7 +392,7 @@ do { \
+@@ -353,8 +398,10 @@ do { \
" jmp 2b\n" \
".previous\n" \
_ASM_EXTABLE(1b, 3b) \
- : "=r" (err), ltype(x) \
+- : "m" (__m(addr)), "i" (errret), "0" (err))
+ : "=r" (err), ltype (x) \
- : "m" (__m(addr)), "i" (errret), "0" (err))
++ : "m" (__m(addr)), "i" (errret), "0" (err)); \
++ pax_close_userland(); \
++} while (0)
#define __get_user_size_ex(x, ptr, size) \
-@@ -378,7 +417,7 @@ do { \
+ do { \
+@@ -378,7 +425,7 @@ do { \
} while (0)
#define __get_user_asm_ex(x, addr, itype, rtype, ltype) \
@@ -15826,7 +17207,7 @@ index 5ee2687..70d5895 100644
"2:\n" \
_ASM_EXTABLE_EX(1b, 2b) \
: ltype(x) : "m" (__m(addr)))
-@@ -395,13 +434,24 @@ do { \
+@@ -395,13 +442,24 @@ do { \
int __gu_err; \
unsigned long __gu_val; \
__get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \
@@ -15853,21 +17234,26 @@ index 5ee2687..70d5895 100644
/*
* Tell gcc we read from memory instead of writing: this is because
-@@ -410,7 +460,7 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -409,8 +467,10 @@ struct __large_struct { unsigned long buf[100]; };
+ * aliasing issues.
*/
#define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \
++do { \
++ pax_open_userland(); \
asm volatile(ASM_STAC "\n" \
- "1: mov"itype" %"rtype"1,%2\n" \
+ "1: "__copyuser_seg"mov"itype" %"rtype"1,%2\n"\
"2: " ASM_CLAC "\n" \
".section .fixup,\"ax\"\n" \
"3: mov %3,%0\n" \
-@@ -418,10 +468,10 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -418,10 +478,12 @@ struct __large_struct { unsigned long buf[100]; };
".previous\n" \
_ASM_EXTABLE(1b, 3b) \
: "=r"(err) \
- : ltype(x), "m" (__m(addr)), "i" (errret), "0" (err))
-+ : ltype (x), "m" (__m(addr)), "i" (errret), "0" (err))
++ : ltype (x), "m" (__m(addr)), "i" (errret), "0" (err));\
++ pax_close_userland(); \
++} while (0)
#define __put_user_asm_ex(x, addr, itype, rtype, ltype) \
- asm volatile("1: mov"itype" %"rtype"0,%1\n" \
@@ -15875,7 +17261,21 @@ index 5ee2687..70d5895 100644
"2:\n" \
_ASM_EXTABLE_EX(1b, 2b) \
: : ltype(x), "m" (__m(addr)))
-@@ -460,8 +510,12 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -431,11 +493,13 @@ struct __large_struct { unsigned long buf[100]; };
+ */
+ #define uaccess_try do { \
+ current_thread_info()->uaccess_err = 0; \
++ pax_open_userland(); \
+ stac(); \
+ barrier();
+
+ #define uaccess_catch(err) \
+ clac(); \
++ pax_close_userland(); \
+ (err) |= (current_thread_info()->uaccess_err ? -EFAULT : 0); \
+ } while (0)
+
+@@ -460,8 +524,12 @@ struct __large_struct { unsigned long buf[100]; };
* On error, the variable @x is set to zero.
*/
@@ -15888,7 +17288,7 @@ index 5ee2687..70d5895 100644
/**
* __put_user: - Write a simple value into user space, with less checking.
-@@ -483,8 +537,12 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -483,8 +551,12 @@ struct __large_struct { unsigned long buf[100]; };
* Returns zero on success, or -EFAULT on error.
*/
@@ -15901,7 +17301,7 @@ index 5ee2687..70d5895 100644
#define __get_user_unaligned __get_user
#define __put_user_unaligned __put_user
-@@ -502,7 +560,7 @@ struct __large_struct { unsigned long buf[100]; };
+@@ -502,7 +574,7 @@ struct __large_struct { unsigned long buf[100]; };
#define get_user_ex(x, ptr) do { \
unsigned long __gue_val; \
__get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \
@@ -15910,7 +17310,7 @@ index 5ee2687..70d5895 100644
} while (0)
#define put_user_try uaccess_try
-@@ -519,8 +577,8 @@ strncpy_from_user(char *dst, const char __user *src, long count);
+@@ -519,8 +591,8 @@ strncpy_from_user(char *dst, const char __user *src, long count);
extern __must_check long strlen_user(const char __user *str);
extern __must_check long strnlen_user(const char __user *str, long n);
@@ -16004,18 +17404,18 @@ index 7f760a9..04b1c65 100644
unsigned long n)
{
- return __copy_from_user_ll_nocache_nozero(to, from, n);
--}
+ if ((long)n < 0)
+ return n;
++
++ return __copy_from_user_ll_nocache_nozero(to, from, n);
+ }
-unsigned long __must_check copy_to_user(void __user *to,
- const void *from, unsigned long n);
-unsigned long __must_check _copy_from_user(void *to,
- const void __user *from,
- unsigned long n);
-+ return __copy_from_user_ll_nocache_nozero(to, from, n);
-+}
-
+-
+extern void copy_to_user_overflow(void)
+#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
+ __compiletime_error("copy_to_user() buffer size is not provably correct")
@@ -16055,14 +17455,13 @@ index 7f760a9..04b1c65 100644
- if (likely(sz == -1 || sz >= n))
- n = _copy_from_user(to, from, n);
- else
-- copy_from_user_overflow();
+ if (unlikely(sz != (size_t)-1 && sz < n))
+ copy_to_user_overflow();
+ else if (access_ok(VERIFY_WRITE, to, n))
+ n = __copy_to_user(to, from, n);
+ return n;
+}
-
++
+/**
+ * copy_from_user: - Copy a block of data from user space.
+ * @to: Destination address, in kernel space.
@@ -16087,7 +17486,8 @@ index 7f760a9..04b1c65 100644
+ check_object_size(to, n, false);
+
+ if (unlikely(sz != (size_t)-1 && sz < n))
-+ copy_from_user_overflow();
+ copy_from_user_overflow();
+-
+ else if (access_ok(VERIFY_READ, from, n))
+ n = __copy_from_user(to, from, n);
+ else if ((long)n > 0)
@@ -16556,12 +17956,14 @@ index d8d9922..bf6cecb 100644
extern struct x86_init_ops x86_init;
extern struct x86_cpuinit_ops x86_cpuinit;
diff --git a/arch/x86/include/asm/xsave.h b/arch/x86/include/asm/xsave.h
-index 0415cda..b43d877 100644
+index 0415cda..3b22adc 100644
--- a/arch/x86/include/asm/xsave.h
+++ b/arch/x86/include/asm/xsave.h
-@@ -71,7 +71,9 @@ static inline int xsave_user(struct xsave_struct __user *buf)
+@@ -70,8 +70,11 @@ static inline int xsave_user(struct xsave_struct __user *buf)
+ if (unlikely(err))
return -EFAULT;
++ pax_open_userland();
__asm__ __volatile__(ASM_STAC "\n"
- "1: .byte " REX_PREFIX "0x0f,0xae,0x27\n"
+ "1:"
@@ -16570,7 +17972,14 @@ index 0415cda..b43d877 100644
"2: " ASM_CLAC "\n"
".section .fixup,\"ax\"\n"
"3: movl $-1,%[err]\n"
-@@ -87,12 +89,14 @@ static inline int xsave_user(struct xsave_struct __user *buf)
+@@ -81,18 +84,22 @@ static inline int xsave_user(struct xsave_struct __user *buf)
+ : [err] "=r" (err)
+ : "D" (buf), "a" (-1), "d" (-1), "0" (0)
+ : "memory");
++ pax_close_userland();
+ return err;
+ }
+
static inline int xrestore_user(struct xsave_struct __user *buf, u64 mask)
{
int err;
@@ -16579,6 +17988,7 @@ index 0415cda..b43d877 100644
u32 lmask = mask;
u32 hmask = mask >> 32;
++ pax_open_userland();
__asm__ __volatile__(ASM_STAC "\n"
- "1: .byte " REX_PREFIX "0x0f,0xae,0x2f\n"
+ "1:"
@@ -16587,6 +17997,14 @@ index 0415cda..b43d877 100644
"2: " ASM_CLAC "\n"
".section .fixup,\"ax\"\n"
"3: movl $-1,%[err]\n"
+@@ -102,6 +109,7 @@ static inline int xrestore_user(struct xsave_struct __user *buf, u64 mask)
+ : [err] "=r" (err)
+ : "D" (xstate), "a" (lmask), "d" (hmask), "0" (0)
+ : "memory"); /* memory required? */
++ pax_close_userland();
+ return err;
+ }
+
diff --git a/arch/x86/include/uapi/asm/e820.h b/arch/x86/include/uapi/asm/e820.h
index bbae024..e1528f9 100644
--- a/arch/x86/include/uapi/asm/e820.h
@@ -16636,10 +18054,10 @@ index 230c8ea..f915130 100644
* HP laptops which use a DSDT reporting as HP/SB400/10000,
* which includes some code which overrides all temperature
diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c
-index 0532f5d..36afc0a 100644
+index ec94e11..7fbbec0 100644
--- a/arch/x86/kernel/acpi/sleep.c
+++ b/arch/x86/kernel/acpi/sleep.c
-@@ -74,8 +74,12 @@ int acpi_suspend_lowlevel(void)
+@@ -88,8 +88,12 @@ int acpi_suspend_lowlevel(void)
#else /* CONFIG_64BIT */
#ifdef CONFIG_SMP
stack_start = (unsigned long)temp_stack + sizeof(temp_stack);
@@ -16653,10 +18071,10 @@ index 0532f5d..36afc0a 100644
#endif
initial_code = (unsigned long)wakeup_long64;
diff --git a/arch/x86/kernel/acpi/wakeup_32.S b/arch/x86/kernel/acpi/wakeup_32.S
-index 13ab720..95d5442 100644
+index d1daa66..59fecba 100644
--- a/arch/x86/kernel/acpi/wakeup_32.S
+++ b/arch/x86/kernel/acpi/wakeup_32.S
-@@ -30,13 +30,11 @@ wakeup_pmode_return:
+@@ -29,13 +29,11 @@ wakeup_pmode_return:
# and restore the stack ... but you need gdt for this to work
movl saved_context_esp, %esp
@@ -16673,7 +18091,7 @@ index 13ab720..95d5442 100644
bogus_magic:
jmp bogus_magic
diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c
-index ef5ccca..bd83949 100644
+index c15cf9a..0e63558 100644
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -268,6 +268,13 @@ void __init_or_module apply_alternatives(struct alt_instr *start,
@@ -17031,10 +18449,10 @@ index 794f6eb..67e1db2 100644
.name = "UV large system",
.probe = uv_probe,
diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c
-index 66b5faf..3442423 100644
+index 53a4e27..038760a 100644
--- a/arch/x86/kernel/apm_32.c
+++ b/arch/x86/kernel/apm_32.c
-@@ -434,7 +434,7 @@ static DEFINE_MUTEX(apm_mutex);
+@@ -433,7 +433,7 @@ static DEFINE_MUTEX(apm_mutex);
* This is for buggy BIOS's that refer to (real mode) segment 0x40
* even though they are called in protected mode.
*/
@@ -17043,7 +18461,7 @@ index 66b5faf..3442423 100644
(unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1);
static const char driver_version[] = "1.16ac"; /* no spaces */
-@@ -612,7 +612,10 @@ static long __apm_bios_call(void *_call)
+@@ -611,7 +611,10 @@ static long __apm_bios_call(void *_call)
BUG_ON(cpu != 0);
gdt = get_cpu_gdt_table(cpu);
save_desc_40 = gdt[0x40 / 8];
@@ -17054,7 +18472,7 @@ index 66b5faf..3442423 100644
apm_irq_save(flags);
APM_DO_SAVE_SEGS;
-@@ -621,7 +624,11 @@ static long __apm_bios_call(void *_call)
+@@ -620,7 +623,11 @@ static long __apm_bios_call(void *_call)
&call->esi);
APM_DO_RESTORE_SEGS;
apm_irq_restore(flags);
@@ -17066,7 +18484,7 @@ index 66b5faf..3442423 100644
put_cpu();
return call->eax & 0xff;
-@@ -688,7 +695,10 @@ static long __apm_bios_call_simple(void *_call)
+@@ -687,7 +694,10 @@ static long __apm_bios_call_simple(void *_call)
BUG_ON(cpu != 0);
gdt = get_cpu_gdt_table(cpu);
save_desc_40 = gdt[0x40 / 8];
@@ -17077,7 +18495,7 @@ index 66b5faf..3442423 100644
apm_irq_save(flags);
APM_DO_SAVE_SEGS;
-@@ -696,7 +706,11 @@ static long __apm_bios_call_simple(void *_call)
+@@ -695,7 +705,11 @@ static long __apm_bios_call_simple(void *_call)
&call->eax);
APM_DO_RESTORE_SEGS;
apm_irq_restore(flags);
@@ -17089,7 +18507,7 @@ index 66b5faf..3442423 100644
put_cpu();
return error;
}
-@@ -2363,12 +2377,15 @@ static int __init apm_init(void)
+@@ -2362,12 +2376,15 @@ static int __init apm_init(void)
* code to that CPU.
*/
gdt = get_cpu_gdt_table(0);
@@ -17125,16 +18543,16 @@ index 2861082..6d4718e 100644
+
+#ifdef CONFIG_PAX_KERNEXEC
+ OFFSET(PV_CPU_write_cr0, pv_cpu_ops, write_cr0);
-+#endif
-+
+ #endif
+
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ OFFSET(PV_MMU_read_cr3, pv_mmu_ops, read_cr3);
+ OFFSET(PV_MMU_write_cr3, pv_mmu_ops, write_cr3);
+#ifdef CONFIG_X86_64
+ OFFSET(PV_MMU_set_pgd_batched, pv_mmu_ops, set_pgd_batched);
+#endif
- #endif
-
++#endif
++
+#endif
+
+ BLANK();
@@ -17146,10 +18564,10 @@ index 2861082..6d4718e 100644
BLANK();
OFFSET(XEN_vcpu_info_mask, vcpu_info, evtchn_upcall_mask);
diff --git a/arch/x86/kernel/asm-offsets_64.c b/arch/x86/kernel/asm-offsets_64.c
-index 1b4754f..fbb4227 100644
+index e7c798b..2b2019b 100644
--- a/arch/x86/kernel/asm-offsets_64.c
+++ b/arch/x86/kernel/asm-offsets_64.c
-@@ -76,6 +76,7 @@ int main(void)
+@@ -77,6 +77,7 @@ int main(void)
BLANK();
#undef ENTRY
@@ -17158,7 +18576,7 @@ index 1b4754f..fbb4227 100644
BLANK();
diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile
-index a0e067d..9c7db16 100644
+index b0684e4..22ccfd7 100644
--- a/arch/x86/kernel/cpu/Makefile
+++ b/arch/x86/kernel/cpu/Makefile
@@ -8,10 +8,6 @@ CFLAGS_REMOVE_common.o = -pg
@@ -17171,12 +18589,12 @@ index a0e067d..9c7db16 100644
-
obj-y := intel_cacheinfo.o scattered.o topology.o
obj-y += proc.o capflags.o powerflags.o common.o
- obj-y += vmware.o hypervisor.o mshyperv.o
+ obj-y += rdrand.o
diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c
-index fa96eb0..03efe73 100644
+index 5013a48..0782c53 100644
--- a/arch/x86/kernel/cpu/amd.c
+++ b/arch/x86/kernel/cpu/amd.c
-@@ -737,7 +737,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c,
+@@ -744,7 +744,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c,
unsigned int size)
{
/* AMD errata T13 (order #21922) */
@@ -17186,7 +18604,7 @@ index fa96eb0..03efe73 100644
if (c->x86_model == 3 && c->x86_mask == 0)
size = 64;
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index d814772..c615653 100644
+index 22018f7..a5883af 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -88,60 +88,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = {
@@ -17250,7 +18668,48 @@ index d814772..c615653 100644
static int __init x86_xsave_setup(char *s)
{
setup_clear_cpu_cap(X86_FEATURE_XSAVE);
-@@ -386,7 +332,7 @@ void switch_to_new_gdt(int cpu)
+@@ -288,6 +234,40 @@ static __always_inline void setup_smap(struct cpuinfo_x86 *c)
+ set_in_cr4(X86_CR4_SMAP);
+ }
+
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++static __init int setup_disable_pcid(char *arg)
++{
++ setup_clear_cpu_cap(X86_FEATURE_PCID);
++ if (clone_pgd_mask != ~(pgdval_t)0UL)
++ pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT;
++ return 1;
++}
++__setup("nopcid", setup_disable_pcid);
++
++static void setup_pcid(struct cpuinfo_x86 *c)
++{
++ if (cpu_has(c, X86_FEATURE_PCID))
++ printk("PAX: PCID detected\n");
++
++ if (cpu_has(c, X86_FEATURE_INVPCID))
++ printk("PAX: INVPCID detected\n");
++
++ if (cpu_has(c, X86_FEATURE_PCID)) {
++ set_in_cr4(X86_CR4_PCIDE);
++ clone_pgd_mask = ~(pgdval_t)0UL;
++ if (pax_user_shadow_base)
++ printk("PAX: weak UDEREF enabled\n");
++ else {
++ set_cpu_cap(c, X86_FEATURE_STRONGUDEREF);
++ printk("PAX: strong UDEREF enabled\n");
++ }
++ } else if (pax_user_shadow_base)
++ printk("PAX: slow and weak UDEREF enabled\n");
++ else
++ printk("PAX: UDEREF disabled\n");
++}
++#endif
++
+ /*
+ * Some CPU features depend on higher CPUID levels, which may not always
+ * be available due to CPUID level capping or broken virtualization
+@@ -386,7 +366,7 @@ void switch_to_new_gdt(int cpu)
{
struct desc_ptr gdt_descr;
@@ -17259,7 +18718,18 @@ index d814772..c615653 100644
gdt_descr.size = GDT_SIZE - 1;
load_gdt(&gdt_descr);
/* Reload the per-cpu base */
-@@ -882,6 +828,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
+@@ -874,6 +854,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
+ setup_smep(c);
+ setup_smap(c);
+
++#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
++ setup_pcid(c);
++#endif
++
+ /*
+ * The vendor-specific functions might have changed features.
+ * Now we do "generic changes."
+@@ -882,6 +866,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c)
/* Filter out anything that depends on CPUID levels we don't have */
filter_cpuid_features(c, true);
@@ -17270,7 +18740,7 @@ index d814772..c615653 100644
/* If the model name is still unset, do table lookup. */
if (!c->x86_model_id[0]) {
const char *p;
-@@ -1065,10 +1015,12 @@ static __init int setup_disablecpuid(char *arg)
+@@ -1069,10 +1057,12 @@ static __init int setup_disablecpuid(char *arg)
}
__setup("clearcpuid=", setup_disablecpuid);
@@ -17285,7 +18755,7 @@ index d814772..c615653 100644
DEFINE_PER_CPU_FIRST(union irq_stack_union,
irq_stack_union) __aligned(PAGE_SIZE);
-@@ -1082,7 +1034,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
+@@ -1086,7 +1076,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned =
EXPORT_PER_CPU_SYMBOL(current_task);
DEFINE_PER_CPU(unsigned long, kernel_stack) =
@@ -17294,7 +18764,7 @@ index d814772..c615653 100644
EXPORT_PER_CPU_SYMBOL(kernel_stack);
DEFINE_PER_CPU(char *, irq_stack_ptr) =
-@@ -1227,7 +1179,7 @@ void __cpuinit cpu_init(void)
+@@ -1231,7 +1221,7 @@ void __cpuinit cpu_init(void)
load_ucode_ap();
cpu = stack_smp_processor_id();
@@ -17303,7 +18773,7 @@ index d814772..c615653 100644
oist = &per_cpu(orig_ist, cpu);
#ifdef CONFIG_NUMA
-@@ -1253,7 +1205,7 @@ void __cpuinit cpu_init(void)
+@@ -1257,7 +1247,7 @@ void __cpuinit cpu_init(void)
switch_to_new_gdt(cpu);
loadsegment(fs, 0);
@@ -17312,7 +18782,7 @@ index d814772..c615653 100644
memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8);
syscall_init();
-@@ -1262,7 +1214,6 @@ void __cpuinit cpu_init(void)
+@@ -1266,7 +1256,6 @@ void __cpuinit cpu_init(void)
wrmsrl(MSR_KERNEL_GS_BASE, 0);
barrier();
@@ -17320,7 +18790,7 @@ index d814772..c615653 100644
enable_x2apic();
/*
-@@ -1314,7 +1265,7 @@ void __cpuinit cpu_init(void)
+@@ -1318,7 +1307,7 @@ void __cpuinit cpu_init(void)
{
int cpu = smp_processor_id();
struct task_struct *curr = current;
@@ -17329,19 +18799,6 @@ index d814772..c615653 100644
struct thread_struct *thread = &curr->thread;
show_ucode_info_early();
-diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
-index 1905ce9..a7ac587 100644
---- a/arch/x86/kernel/cpu/intel.c
-+++ b/arch/x86/kernel/cpu/intel.c
-@@ -173,7 +173,7 @@ static void __cpuinit trap_init_f00f_bug(void)
- * Update the IDT descriptor and reload the IDT so that
- * it uses the read-only mapped virtual address.
- */
-- idt_descr.address = fix_to_virt(FIX_F00F_IDT);
-+ idt_descr.address = (struct desc_struct *)fix_to_virt(FIX_F00F_IDT);
- load_idt(&idt_descr);
- }
- #endif
diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c
index 7c6f7d5..8cac382 100644
--- a/arch/x86/kernel/cpu/intel_cacheinfo.c
@@ -17443,7 +18900,7 @@ index 7c6f7d5..8cac382 100644
};
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
-index 7bc1263..bff5686 100644
+index 9239504..b2471ce 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -45,6 +45,7 @@
@@ -17652,7 +19109,7 @@ index e9a701a..35317d6 100644
wmb();
diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c
-index 726bf96..81f0526 100644
+index ca22b73..9987afe 100644
--- a/arch/x86/kernel/cpu/mtrr/main.c
+++ b/arch/x86/kernel/cpu/mtrr/main.c
@@ -62,7 +62,7 @@ static DEFINE_MUTEX(mtrr_mutex);
@@ -17678,10 +19135,10 @@ index df5e41f..816c719 100644
extern int generic_get_free_region(unsigned long base, unsigned long size,
int replace_reg);
diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c
-index bf0f01a..9adfee1 100644
+index 1025f3c..824f677 100644
--- a/arch/x86/kernel/cpu/perf_event.c
+++ b/arch/x86/kernel/cpu/perf_event.c
-@@ -1305,7 +1305,7 @@ static void __init pmu_check_apic(void)
+@@ -1311,7 +1311,7 @@ static void __init pmu_check_apic(void)
pr_info("no hardware sampling interrupt available.\n");
}
@@ -17690,7 +19147,7 @@ index bf0f01a..9adfee1 100644
.name = "format",
.attrs = NULL,
};
-@@ -1374,7 +1374,7 @@ static struct attribute *events_attr[] = {
+@@ -1410,7 +1410,7 @@ static struct attribute *events_attr[] = {
NULL,
};
@@ -17699,7 +19156,7 @@ index bf0f01a..9adfee1 100644
.name = "events",
.attrs = events_attr,
};
-@@ -1873,7 +1873,7 @@ static unsigned long get_segment_base(unsigned int segment)
+@@ -1920,7 +1920,7 @@ static unsigned long get_segment_base(unsigned int segment)
if (idx > GDT_ENTRIES)
return 0;
@@ -17708,7 +19165,7 @@ index bf0f01a..9adfee1 100644
}
return get_desc_base(desc + idx);
-@@ -1963,7 +1963,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
+@@ -2010,7 +2010,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs)
break;
perf_callchain_store(entry, frame.return_address);
@@ -17718,10 +19175,10 @@ index bf0f01a..9adfee1 100644
}
diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c
-index 4a0a462..be3b204 100644
+index a9e2207..d70c83a 100644
--- a/arch/x86/kernel/cpu/perf_event_intel.c
+++ b/arch/x86/kernel/cpu/perf_event_intel.c
-@@ -1994,10 +1994,10 @@ __init int intel_pmu_init(void)
+@@ -2022,10 +2022,10 @@ __init int intel_pmu_init(void)
* v2 and above have a perf capabilities MSR
*/
if (version > 1) {
@@ -17736,10 +19193,10 @@ index 4a0a462..be3b204 100644
intel_ds_init();
diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
-index 3e091f0..d2dc8d6 100644
+index 52441a2..f94fae8 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c
+++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c
-@@ -2428,7 +2428,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types)
+@@ -3093,7 +3093,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types)
static int __init uncore_type_init(struct intel_uncore_type *type)
{
struct intel_uncore_pmu *pmus;
@@ -17748,7 +19205,7 @@ index 3e091f0..d2dc8d6 100644
struct attribute **attrs;
int i, j;
-@@ -2826,7 +2826,7 @@ static int
+@@ -3518,7 +3518,7 @@ static int
return NOTIFY_OK;
}
@@ -17758,10 +19215,10 @@ index 3e091f0..d2dc8d6 100644
/*
* to migrate uncore events, our notifier should be executed
diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.h b/arch/x86/kernel/cpu/perf_event_intel_uncore.h
-index e68a455..975a932 100644
+index f952891..4722ad4 100644
--- a/arch/x86/kernel/cpu/perf_event_intel_uncore.h
+++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.h
-@@ -428,7 +428,7 @@ struct intel_uncore_box {
+@@ -488,7 +488,7 @@ struct intel_uncore_box {
struct uncore_event_desc {
struct kobj_attribute attr;
const char *config;
@@ -17813,7 +19270,7 @@ index afa64ad..dce67dd 100644
return -EFAULT;
}
diff --git a/arch/x86/kernel/doublefault_32.c b/arch/x86/kernel/doublefault_32.c
-index 37250fe..bf2ec74 100644
+index 155a13f..1672b9b 100644
--- a/arch/x86/kernel/doublefault_32.c
+++ b/arch/x86/kernel/doublefault_32.c
@@ -11,7 +11,7 @@
@@ -17828,7 +19285,7 @@ index 37250fe..bf2ec74 100644
@@ -21,7 +21,7 @@ static void doublefault_fn(void)
unsigned long gdt, tss;
- store_gdt(&gdt_desc);
+ native_store_gdt(&gdt_desc);
- gdt = gdt_desc.address;
+ gdt = (unsigned long)gdt_desc.address;
@@ -17848,7 +19305,7 @@ index 37250fe..bf2ec74 100644
.__cr3 = __pa_nodebug(swapper_pg_dir),
diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c
-index c8797d5..c605e53 100644
+index deb6421..76bbc12 100644
--- a/arch/x86/kernel/dumpstack.c
+++ b/arch/x86/kernel/dumpstack.c
@@ -2,6 +2,9 @@
@@ -17953,16 +19410,16 @@ index c8797d5..c605e53 100644
}
return (unsigned long)frame;
-@@ -189,7 +188,7 @@ void dump_stack(void)
+@@ -150,7 +149,7 @@ static int print_trace_stack(void *data, char *name)
+ static void print_trace_address(void *data, unsigned long addr, int reliable)
+ {
+ touch_nmi_watchdog();
+- printk(data);
++ printk("%s", (char *)data);
+ printk_address(addr, reliable);
+ }
- bp = stack_frame(current, NULL);
- printk("Pid: %d, comm: %.20s %s %s %.*s\n",
-- current->pid, current->comm, print_tainted(),
-+ task_pid_nr(current), current->comm, print_tainted(),
- init_utsname()->release,
- (int)strcspn(init_utsname()->version, " "),
- init_utsname()->version);
-@@ -225,6 +224,8 @@ unsigned __kprobes long oops_begin(void)
+@@ -219,6 +218,8 @@ unsigned __kprobes long oops_begin(void)
}
EXPORT_SYMBOL_GPL(oops_begin);
@@ -17971,7 +19428,7 @@ index c8797d5..c605e53 100644
void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr)
{
if (regs && kexec_should_crash(current))
-@@ -246,7 +247,10 @@ void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr)
+@@ -240,7 +241,10 @@ void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr)
panic("Fatal exception in interrupt");
if (panic_on_oops)
panic("Fatal exception");
@@ -17983,7 +19440,7 @@ index c8797d5..c605e53 100644
}
int __kprobes __die(const char *str, struct pt_regs *regs, long err)
-@@ -274,7 +278,7 @@ int __kprobes __die(const char *str, struct pt_regs *regs, long err)
+@@ -268,7 +272,7 @@ int __kprobes __die(const char *str, struct pt_regs *regs, long err)
print_modules();
show_regs(regs);
#ifdef CONFIG_X86_32
@@ -17992,7 +19449,7 @@ index c8797d5..c605e53 100644
sp = regs->sp;
ss = regs->ss & 0xffff;
} else {
-@@ -302,7 +306,7 @@ void die(const char *str, struct pt_regs *regs, long err)
+@@ -296,7 +300,7 @@ void die(const char *str, struct pt_regs *regs, long err)
unsigned long flags = oops_begin();
int sig = SIGSEGV;
@@ -18002,7 +19459,7 @@ index c8797d5..c605e53 100644
if (__die(str, regs, err))
diff --git a/arch/x86/kernel/dumpstack_32.c b/arch/x86/kernel/dumpstack_32.c
-index 1038a41..db2c12b 100644
+index f2a1770..540657f 100644
--- a/arch/x86/kernel/dumpstack_32.c
+++ b/arch/x86/kernel/dumpstack_32.c
@@ -38,15 +38,13 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
@@ -18025,16 +19482,14 @@ index 1038a41..db2c12b 100644
if (ops->stack(data, "IRQ") < 0)
break;
touch_nmi_watchdog();
-@@ -86,7 +84,7 @@ void show_regs(struct pt_regs *regs)
- {
+@@ -87,27 +85,28 @@ void show_regs(struct pt_regs *regs)
int i;
+ show_regs_print_info(KERN_EMERG);
- __show_regs(regs, !user_mode_vm(regs));
+ __show_regs(regs, !user_mode(regs));
- pr_emerg("Process %.*s (pid: %d, ti=%p task=%p task.ti=%p)\n",
- TASK_COMM_LEN, current->comm, task_pid_nr(current),
-@@ -95,21 +93,22 @@ void show_regs(struct pt_regs *regs)
+ /*
* When in-kernel, we also print out the stack and code at the
* time of the fault..
*/
@@ -18060,7 +19515,7 @@ index 1038a41..db2c12b 100644
code_len = code_len - code_prologue + 1;
}
for (i = 0; i < code_len; i++, ip++) {
-@@ -118,7 +117,7 @@ void show_regs(struct pt_regs *regs)
+@@ -116,7 +115,7 @@ void show_regs(struct pt_regs *regs)
pr_cont(" Bad EIP value.");
break;
}
@@ -18069,7 +19524,7 @@ index 1038a41..db2c12b 100644
pr_cont(" <%02x>", c);
else
pr_cont(" %02x", c);
-@@ -131,6 +130,7 @@ int is_valid_bugaddr(unsigned long ip)
+@@ -129,6 +128,7 @@ int is_valid_bugaddr(unsigned long ip)
{
unsigned short ud2;
@@ -18077,7 +19532,7 @@ index 1038a41..db2c12b 100644
if (ip < PAGE_OFFSET)
return 0;
if (probe_kernel_address((unsigned short *)ip, ud2))
-@@ -138,3 +138,15 @@ int is_valid_bugaddr(unsigned long ip)
+@@ -136,3 +136,15 @@ int is_valid_bugaddr(unsigned long ip)
return ud2 == 0x0b0f;
}
@@ -18094,7 +19549,7 @@ index 1038a41..db2c12b 100644
+EXPORT_SYMBOL(pax_check_alloca);
+#endif
diff --git a/arch/x86/kernel/dumpstack_64.c b/arch/x86/kernel/dumpstack_64.c
-index b653675..51cc8c0 100644
+index addb207..99635fa 100644
--- a/arch/x86/kernel/dumpstack_64.c
+++ b/arch/x86/kernel/dumpstack_64.c
@@ -119,9 +119,9 @@ void dump_trace(struct task_struct *task, struct pt_regs *regs,
@@ -18158,16 +19613,7 @@ index b653675..51cc8c0 100644
put_cpu();
}
EXPORT_SYMBOL(dump_trace);
-@@ -249,7 +253,7 @@ void show_regs(struct pt_regs *regs)
- {
- int i;
- unsigned long sp;
-- const int cpu = smp_processor_id();
-+ const int cpu = raw_smp_processor_id();
- struct task_struct *cur = current;
-
- sp = regs->sp;
-@@ -304,3 +308,50 @@ int is_valid_bugaddr(unsigned long ip)
+@@ -300,3 +304,50 @@ int is_valid_bugaddr(unsigned long ip)
return ud2 == 0x0b0f;
}
@@ -18234,7 +19680,7 @@ index d32abea..74daf4f 100644
static int userdef __initdata;
diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_printk.c
-index 9b9f18b..9fcaa04 100644
+index d15f575..d692043 100644
--- a/arch/x86/kernel/early_printk.c
+++ b/arch/x86/kernel/early_printk.c
@@ -7,6 +7,7 @@
@@ -18246,7 +19692,7 @@ index 9b9f18b..9fcaa04 100644
#include <asm/processor.h>
#include <asm/fcntl.h>
diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S
-index 8f3e2de..caecc4e 100644
+index 8f3e2de..6b71e39 100644
--- a/arch/x86/kernel/entry_32.S
+++ b/arch/x86/kernel/entry_32.S
@@ -177,13 +177,153 @@
@@ -18756,6 +20202,15 @@ index 8f3e2de..caecc4e 100644
ENTRY(simd_coprocessor_error)
RING0_INT_FRAME
+@@ -826,7 +1065,7 @@ ENTRY(simd_coprocessor_error)
+ .section .altinstructions,"a"
+ altinstruction_entry 661b, 663f, X86_FEATURE_XMM, 662b-661b, 664f-663f
+ .previous
+-.section .altinstr_replacement,"ax"
++.section .altinstr_replacement,"a"
+ 663: pushl $do_simd_coprocessor_error
+ 664:
+ .previous
@@ -835,7 +1074,7 @@ ENTRY(simd_coprocessor_error)
#endif
jmp error_code
@@ -19006,7 +20461,7 @@ index 8f3e2de..caecc4e 100644
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index c1d01e6..a88cf02 100644
+index 7272089..833fdf8 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -59,6 +59,8 @@
@@ -19093,7 +20548,7 @@ index c1d01e6..a88cf02 100644
#endif
-@@ -284,6 +293,309 @@ ENTRY(native_usergs_sysret64)
+@@ -284,6 +293,427 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -19113,18 +20568,19 @@ index c1d01e6..a88cf02 100644
+
+ .macro pax_enter_kernel
+ pax_set_fptr_mask
-+#ifdef CONFIG_PAX_KERNEXEC
++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
+ call pax_enter_kernel
+#endif
+ .endm
+
+ .macro pax_exit_kernel
-+#ifdef CONFIG_PAX_KERNEXEC
++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
+ call pax_exit_kernel
+#endif
++
+ .endm
+
-+#ifdef CONFIG_PAX_KERNEXEC
++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF)
+ENTRY(pax_enter_kernel)
+ pushq %rdi
+
@@ -19132,6 +20588,7 @@ index c1d01e6..a88cf02 100644
+ PV_SAVE_REGS(CLBR_RDI)
+#endif
+
++#ifdef CONFIG_PAX_KERNEXEC
+ GET_CR0_INTO_RDI
+ bts $16,%rdi
+ jnc 3f
@@ -19139,6 +20596,32 @@ index c1d01e6..a88cf02 100644
+ cmp $__KERNEL_CS,%edi
+ jnz 2f
+1:
++#endif
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ 661: jmp 111f
++ .pushsection .altinstr_replacement, "a"
++ 662: ASM_NOP2
++ .popsection
++ .pushsection .altinstructions, "a"
++ altinstruction_entry 661b, 662b, X86_FEATURE_PCID, 2, 2
++ .popsection
++ GET_CR3_INTO_RDI
++ cmp $0,%dil
++ jnz 112f
++ mov $__KERNEL_DS,%edi
++ mov %edi,%ss
++ jmp 111f
++112: cmp $1,%dil
++ jz 113f
++ ud2
++113: sub $4097,%rdi
++ bts $63,%rdi
++ SET_RDI_INTO_CR3
++ mov $__UDEREF_KERNEL_DS,%edi
++ mov %edi,%ss
++111:
++#endif
+
+#ifdef CONFIG_PARAVIRT
+ PV_RESTORE_REGS(CLBR_RDI)
@@ -19148,10 +20631,12 @@ index c1d01e6..a88cf02 100644
+ pax_force_retaddr
+ retq
+
++#ifdef CONFIG_PAX_KERNEXEC
+2: ljmpq __KERNEL_CS,1b
+3: ljmpq __KERNEXEC_KERNEL_CS,4f
+4: SET_RDI_INTO_CR0
+ jmp 1b
++#endif
+ENDPROC(pax_enter_kernel)
+
+ENTRY(pax_exit_kernel)
@@ -19161,6 +20646,7 @@ index c1d01e6..a88cf02 100644
+ PV_SAVE_REGS(CLBR_RDI)
+#endif
+
++#ifdef CONFIG_PAX_KERNEXEC
+ mov %cs,%rdi
+ cmp $__KERNEXEC_KERNEL_CS,%edi
+ jz 2f
@@ -19168,6 +20654,30 @@ index c1d01e6..a88cf02 100644
+ bts $16,%rdi
+ jnc 4f
+1:
++#endif
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ 661: jmp 111f
++ .pushsection .altinstr_replacement, "a"
++ 662: ASM_NOP2
++ .popsection
++ .pushsection .altinstructions, "a"
++ altinstruction_entry 661b, 662b, X86_FEATURE_PCID, 2, 2
++ .popsection
++ mov %ss,%edi
++ cmp $__UDEREF_KERNEL_DS,%edi
++ jnz 111f
++ GET_CR3_INTO_RDI
++ cmp $0,%dil
++ jz 112f
++ ud2
++112: add $4097,%rdi
++ bts $63,%rdi
++ SET_RDI_INTO_CR3
++ mov $__KERNEL_DS,%edi
++ mov %edi,%ss
++111:
++#endif
+
+#ifdef CONFIG_PARAVIRT
+ PV_RESTORE_REGS(CLBR_RDI);
@@ -19177,6 +20687,7 @@ index c1d01e6..a88cf02 100644
+ pax_force_retaddr
+ retq
+
++#ifdef CONFIG_PAX_KERNEXEC
+2: GET_CR0_INTO_RDI
+ btr $16,%rdi
+ jnc 4f
@@ -19185,6 +20696,7 @@ index c1d01e6..a88cf02 100644
+ jmp 1b
+4: ud2
+ jmp 4b
++#endif
+ENDPROC(pax_exit_kernel)
+#endif
+
@@ -19217,6 +20729,21 @@ index c1d01e6..a88cf02 100644
+ PV_SAVE_REGS(CLBR_RDI)
+#endif
+
++ 661: jmp 111f
++ .pushsection .altinstr_replacement, "a"
++ 662: ASM_NOP2
++ .popsection
++ .pushsection .altinstructions, "a"
++ altinstruction_entry 661b, 662b, X86_FEATURE_PCID, 2, 2
++ .popsection
++ GET_CR3_INTO_RDI
++ cmp $1,%dil
++ jnz 3f
++ sub $4097,%rdi
++ bts $63,%rdi
++ jmp 2f
++111:
++
+ GET_CR3_INTO_RDI
+ mov %rdi,%rbx
+ add $__START_KERNEL_map,%rbx
@@ -19245,17 +20772,14 @@ index c1d01e6..a88cf02 100644
+ i = i + 1
+ .endr
+
-+#ifdef CONFIG_PARAVIRT
-+2:
-+#endif
-+ SET_RDI_INTO_CR3
-+
+#ifdef CONFIG_PAX_KERNEXEC
+ GET_CR0_INTO_RDI
+ bts $16,%rdi
+ SET_RDI_INTO_CR0
+#endif
+
++2: SET_RDI_INTO_CR3
++
+#ifdef CONFIG_PARAVIRT
+ PV_RESTORE_REGS(CLBR_RDI)
+#endif
@@ -19264,6 +20788,7 @@ index c1d01e6..a88cf02 100644
+ popq %rdi
+ pax_force_retaddr
+ retq
++3: ud2
+ENDPROC(pax_enter_kernel_user)
+
+ENTRY(pax_exit_kernel_user)
@@ -19274,14 +20799,21 @@ index c1d01e6..a88cf02 100644
+ PV_SAVE_REGS(CLBR_RDI)
+#endif
+
-+#ifdef CONFIG_PAX_KERNEXEC
-+ GET_CR0_INTO_RDI
-+ btr $16,%rdi
-+ jnc 3f
-+ SET_RDI_INTO_CR0
-+#endif
-+
+ GET_CR3_INTO_RDI
++ 661: jmp 1f
++ .pushsection .altinstr_replacement, "a"
++ 662: ASM_NOP2
++ .popsection
++ .pushsection .altinstructions, "a"
++ altinstruction_entry 661b, 662b, X86_FEATURE_PCID, 2, 2
++ .popsection
++ cmp $0,%dil
++ jnz 3f
++ add $4097,%rdi
++ bts $63,%rdi
++ SET_RDI_INTO_CR3
++ jmp 2f
++1:
+ mov %rdi,%rbx
+ add $__START_KERNEL_map,%rbx
+ sub phys_base(%rip),%rbx
@@ -19289,6 +20821,7 @@ index c1d01e6..a88cf02 100644
+#ifdef CONFIG_PARAVIRT
+ cmpl $0, pv_info+PARAVIRT_enabled
+ jz 1f
++ pushq %rdi
+ i = 0
+ .rept USER_PGD_PTRS
+ mov i*8(%rbx),%rsi
@@ -19297,18 +20830,27 @@ index c1d01e6..a88cf02 100644
+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched)
+ i = i + 1
+ .endr
++ popq %rdi
+ jmp 2f
+1:
+#endif
+
++#ifdef CONFIG_PAX_KERNEXEC
++ GET_CR0_INTO_RDI
++ btr $16,%rdi
++ jnc 3f
++ SET_RDI_INTO_CR0
++#endif
++
+ i = 0
+ .rept USER_PGD_PTRS
+ movb $0x67,i*8(%rbx)
+ i = i + 1
+ .endr
++2:
+
+#ifdef CONFIG_PARAVIRT
-+2: PV_RESTORE_REGS(CLBR_RDI)
++ PV_RESTORE_REGS(CLBR_RDI)
+#endif
+
+ popq %rbx
@@ -19316,7 +20858,6 @@ index c1d01e6..a88cf02 100644
+ pax_force_retaddr
+ retq
+3: ud2
-+ jmp 3b
+ENDPROC(pax_exit_kernel_user)
+#endif
+
@@ -19331,6 +20872,26 @@ index c1d01e6..a88cf02 100644
+ or $2,%ebx
+110:
+#endif
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ 661: jmp 111f
++ .pushsection .altinstr_replacement, "a"
++ 662: ASM_NOP2
++ .popsection
++ .pushsection .altinstructions, "a"
++ altinstruction_entry 661b, 662b, X86_FEATURE_PCID, 2, 2
++ .popsection
++ GET_CR3_INTO_RDI
++ cmp $0,%dil
++ jz 111f
++ sub $4097,%rdi
++ or $4,%ebx
++ bts $63,%rdi
++ SET_RDI_INTO_CR3
++ mov $__UDEREF_KERNEL_DS,%edi
++ mov %edi,%ss
++111:
++#endif
+ .endm
+
+ .macro pax_exit_kernel_nmi
@@ -19342,6 +20903,18 @@ index c1d01e6..a88cf02 100644
+ SET_RDI_INTO_CR0
+110:
+#endif
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ btr $2,%ebx
++ jnc 111f
++ GET_CR3_INTO_RDI
++ add $4097,%rdi
++ bts $63,%rdi
++ SET_RDI_INTO_CR3
++ mov $__KERNEL_DS,%edi
++ mov %edi,%ss
++111:
++#endif
+ .endm
+
+ .macro pax_erase_kstack
@@ -19403,7 +20976,7 @@ index c1d01e6..a88cf02 100644
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -375,8 +687,8 @@ ENDPROC(native_usergs_sysret64)
+@@ -375,8 +805,8 @@ ENDPROC(native_usergs_sysret64)
.endm
.macro UNFAKE_STACK_FRAME
@@ -19414,7 +20987,7 @@ index c1d01e6..a88cf02 100644
.endm
/*
-@@ -463,7 +775,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -463,7 +893,7 @@ ENDPROC(native_usergs_sysret64)
movq %rsp, %rsi
leaq -RBP(%rsp),%rdi /* arg1 for handler */
@@ -19423,7 +20996,7 @@ index c1d01e6..a88cf02 100644
je 1f
SWAPGS
/*
-@@ -498,9 +810,10 @@ ENTRY(save_rest)
+@@ -498,9 +928,10 @@ ENTRY(save_rest)
movq_cfi r15, R15+16
movq %r11, 8(%rsp) /* return address */
FIXUP_TOP_OF_STACK %r11, 16
@@ -19435,7 +21008,7 @@ index c1d01e6..a88cf02 100644
/* save complete stack frame */
.pushsection .kprobes.text, "ax"
-@@ -529,9 +842,10 @@ ENTRY(save_paranoid)
+@@ -529,9 +960,10 @@ ENTRY(save_paranoid)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx,%ebx
@@ -19448,7 +21021,7 @@ index c1d01e6..a88cf02 100644
.popsection
/*
-@@ -553,7 +867,7 @@ ENTRY(ret_from_fork)
+@@ -553,7 +985,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -19457,7 +21030,7 @@ index c1d01e6..a88cf02 100644
jz 1f
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -571,7 +885,7 @@ ENTRY(ret_from_fork)
+@@ -571,7 +1003,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -19466,7 +21039,7 @@ index c1d01e6..a88cf02 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -608,7 +922,7 @@ END(ret_from_fork)
+@@ -608,7 +1040,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -19475,7 +21048,7 @@ index c1d01e6..a88cf02 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -621,16 +935,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -621,16 +1053,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -19501,7 +21074,7 @@ index c1d01e6..a88cf02 100644
jnz tracesys
system_call_fastpath:
#if __SYSCALL_MASK == ~0
-@@ -640,7 +961,7 @@ system_call_fastpath:
+@@ -640,7 +1079,7 @@ system_call_fastpath:
cmpl $__NR_syscall_max,%eax
#endif
ja badsys
@@ -19510,7 +21083,7 @@ index c1d01e6..a88cf02 100644
call *sys_call_table(,%rax,8) # XXX: rip relative
movq %rax,RAX-ARGOFFSET(%rsp)
/*
-@@ -654,10 +975,13 @@ sysret_check:
+@@ -654,10 +1093,13 @@ sysret_check:
LOCKDEP_SYS_EXIT
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -19525,7 +21098,7 @@ index c1d01e6..a88cf02 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -709,14 +1033,18 @@ badsys:
+@@ -709,14 +1151,18 @@ badsys:
* jump back to the normal fast path.
*/
auditsys:
@@ -19545,7 +21118,7 @@ index c1d01e6..a88cf02 100644
jmp system_call_fastpath
/*
-@@ -737,7 +1065,7 @@ sysret_audit:
+@@ -737,7 +1183,7 @@ sysret_audit:
/* Do syscall tracing */
tracesys:
#ifdef CONFIG_AUDITSYSCALL
@@ -19554,7 +21127,7 @@ index c1d01e6..a88cf02 100644
jz auditsys
#endif
SAVE_REST
-@@ -745,12 +1073,16 @@ tracesys:
+@@ -745,12 +1191,16 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -19571,7 +21144,7 @@ index c1d01e6..a88cf02 100644
RESTORE_REST
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
-@@ -759,7 +1091,7 @@ tracesys:
+@@ -759,7 +1209,7 @@ tracesys:
cmpl $__NR_syscall_max,%eax
#endif
ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */
@@ -19580,7 +21153,7 @@ index c1d01e6..a88cf02 100644
call *sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
/* Use IRET because user could have changed frame */
-@@ -780,7 +1112,9 @@ GLOBAL(int_with_check)
+@@ -780,7 +1230,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -19591,7 +21164,7 @@ index c1d01e6..a88cf02 100644
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -826,7 +1160,7 @@ int_restore_rest:
+@@ -826,7 +1278,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -19600,7 +21173,7 @@ index c1d01e6..a88cf02 100644
.macro FORK_LIKE func
ENTRY(stub_\func)
-@@ -839,9 +1173,10 @@ ENTRY(stub_\func)
+@@ -839,9 +1291,10 @@ ENTRY(stub_\func)
DEFAULT_FRAME 0 8 /* offset 8: return address */
call sys_\func
RESTORE_TOP_OF_STACK %r11, 8
@@ -19612,7 +21185,7 @@ index c1d01e6..a88cf02 100644
.endm
.macro FIXED_FRAME label,func
-@@ -851,9 +1186,10 @@ ENTRY(\label)
+@@ -851,9 +1304,10 @@ ENTRY(\label)
FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
call \func
RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
@@ -19624,7 +21197,7 @@ index c1d01e6..a88cf02 100644
.endm
FORK_LIKE clone
-@@ -870,9 +1206,10 @@ ENTRY(ptregscall_common)
+@@ -870,9 +1324,10 @@ ENTRY(ptregscall_common)
movq_cfi_restore R12+8, r12
movq_cfi_restore RBP+8, rbp
movq_cfi_restore RBX+8, rbx
@@ -19636,7 +21209,7 @@ index c1d01e6..a88cf02 100644
ENTRY(stub_execve)
CFI_STARTPROC
-@@ -885,7 +1222,7 @@ ENTRY(stub_execve)
+@@ -885,7 +1340,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -19645,7 +21218,7 @@ index c1d01e6..a88cf02 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -902,7 +1239,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -902,7 +1357,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -19654,7 +21227,7 @@ index c1d01e6..a88cf02 100644
#ifdef CONFIG_X86_X32_ABI
ENTRY(stub_x32_rt_sigreturn)
-@@ -916,7 +1253,7 @@ ENTRY(stub_x32_rt_sigreturn)
+@@ -916,7 +1371,7 @@ ENTRY(stub_x32_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -19663,7 +21236,7 @@ index c1d01e6..a88cf02 100644
ENTRY(stub_x32_execve)
CFI_STARTPROC
-@@ -930,7 +1267,7 @@ ENTRY(stub_x32_execve)
+@@ -930,7 +1385,7 @@ ENTRY(stub_x32_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -19672,7 +21245,7 @@ index c1d01e6..a88cf02 100644
#endif
-@@ -967,7 +1304,7 @@ vector=vector+1
+@@ -967,7 +1422,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -19681,7 +21254,7 @@ index c1d01e6..a88cf02 100644
.previous
END(interrupt)
-@@ -987,6 +1324,16 @@ END(interrupt)
+@@ -987,6 +1442,16 @@ END(interrupt)
subq $ORIG_RAX-RBP, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
SAVE_ARGS_IRQ
@@ -19698,7 +21271,7 @@ index c1d01e6..a88cf02 100644
call \func
.endm
-@@ -1019,7 +1366,7 @@ ret_from_intr:
+@@ -1019,7 +1484,7 @@ ret_from_intr:
exit_intr:
GET_THREAD_INFO(%rcx)
@@ -19707,7 +21280,7 @@ index c1d01e6..a88cf02 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -1041,12 +1388,16 @@ retint_swapgs: /* return to user-space */
+@@ -1041,12 +1506,16 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -19724,7 +21297,7 @@ index c1d01e6..a88cf02 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -1129,7 +1480,7 @@ ENTRY(retint_kernel)
+@@ -1129,7 +1598,7 @@ ENTRY(retint_kernel)
#endif
CFI_ENDPROC
@@ -19733,7 +21306,7 @@ index c1d01e6..a88cf02 100644
/*
* End of kprobes section
*/
-@@ -1147,7 +1498,7 @@ ENTRY(\sym)
+@@ -1147,7 +1616,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -19742,7 +21315,7 @@ index c1d01e6..a88cf02 100644
.endm
#ifdef CONFIG_SMP
-@@ -1203,12 +1554,22 @@ ENTRY(\sym)
+@@ -1208,12 +1677,22 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -19766,7 +21339,7 @@ index c1d01e6..a88cf02 100644
.endm
.macro paranoidzeroentry sym do_sym
-@@ -1221,15 +1582,25 @@ ENTRY(\sym)
+@@ -1226,15 +1705,25 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -19794,7 +21367,7 @@ index c1d01e6..a88cf02 100644
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1240,14 +1611,30 @@ ENTRY(\sym)
+@@ -1245,14 +1734,30 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF_DEBUG
@@ -19826,7 +21399,7 @@ index c1d01e6..a88cf02 100644
.endm
.macro errorentry sym do_sym
-@@ -1259,13 +1646,23 @@ ENTRY(\sym)
+@@ -1264,13 +1769,23 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -19851,7 +21424,7 @@ index c1d01e6..a88cf02 100644
.endm
/* error code is on the stack already */
-@@ -1279,13 +1676,23 @@ ENTRY(\sym)
+@@ -1284,13 +1799,23 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
@@ -19876,7 +21449,7 @@ index c1d01e6..a88cf02 100644
.endm
zeroentry divide_error do_divide_error
-@@ -1315,9 +1722,10 @@ gs_change:
+@@ -1320,9 +1845,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -19888,7 +21461,7 @@ index c1d01e6..a88cf02 100644
_ASM_EXTABLE(gs_change,bad_gs)
.section .fixup,"ax"
-@@ -1345,9 +1753,10 @@ ENTRY(call_softirq)
+@@ -1350,9 +1876,10 @@ ENTRY(call_softirq)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -19900,7 +21473,7 @@ index c1d01e6..a88cf02 100644
#ifdef CONFIG_XEN
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1385,7 +1794,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1390,7 +1917,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -19909,7 +21482,7 @@ index c1d01e6..a88cf02 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1444,7 +1853,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1449,7 +1976,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -19918,7 +21491,7 @@ index c1d01e6..a88cf02 100644
apicinterrupt HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1496,18 +1905,33 @@ ENTRY(paranoid_exit)
+@@ -1501,18 +2028,33 @@ ENTRY(paranoid_exit)
DEFAULT_FRAME
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF_DEBUG
@@ -19954,7 +21527,7 @@ index c1d01e6..a88cf02 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1536,7 +1960,7 @@ paranoid_schedule:
+@@ -1541,7 +2083,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -19963,7 +21536,7 @@ index c1d01e6..a88cf02 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1563,12 +1987,13 @@ ENTRY(error_entry)
+@@ -1568,12 +2110,13 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -19978,7 +21551,7 @@ index c1d01e6..a88cf02 100644
ret
/*
-@@ -1595,7 +2020,7 @@ bstep_iret:
+@@ -1600,7 +2143,7 @@ bstep_iret:
movq %rcx,RIP+8(%rsp)
jmp error_swapgs
CFI_ENDPROC
@@ -19987,7 +21560,7 @@ index c1d01e6..a88cf02 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1606,7 +2031,7 @@ ENTRY(error_exit)
+@@ -1611,7 +2154,7 @@ ENTRY(error_exit)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
GET_THREAD_INFO(%rcx)
@@ -19996,7 +21569,7 @@ index c1d01e6..a88cf02 100644
jne retint_kernel
LOCKDEP_SYS_EXIT_IRQ
movl TI_flags(%rcx),%edx
-@@ -1615,7 +2040,7 @@ ENTRY(error_exit)
+@@ -1620,7 +2163,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
@@ -20005,7 +21578,7 @@ index c1d01e6..a88cf02 100644
/*
* Test if a given stack is an NMI stack or not.
-@@ -1673,9 +2098,11 @@ ENTRY(nmi)
+@@ -1678,9 +2221,11 @@ ENTRY(nmi)
* If %cs was not the kernel segment, then the NMI triggered in user
* space, which means it is definitely not nested.
*/
@@ -20018,7 +21591,7 @@ index c1d01e6..a88cf02 100644
/*
* Check the special variable on the stack to see if NMIs are
* executing.
-@@ -1709,8 +2136,7 @@ nested_nmi:
+@@ -1714,8 +2259,7 @@ nested_nmi:
1:
/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -20028,7 +21601,7 @@ index c1d01e6..a88cf02 100644
CFI_ADJUST_CFA_OFFSET 1*8
leaq -10*8(%rsp), %rdx
pushq_cfi $__KERNEL_DS
-@@ -1728,6 +2154,7 @@ nested_nmi_out:
+@@ -1733,6 +2277,7 @@ nested_nmi_out:
CFI_RESTORE rdx
/* No need to check faults here */
@@ -20036,7 +21609,7 @@ index c1d01e6..a88cf02 100644
INTERRUPT_RETURN
CFI_RESTORE_STATE
-@@ -1844,6 +2271,8 @@ end_repeat_nmi:
+@@ -1849,6 +2394,8 @@ end_repeat_nmi:
*/
movq %cr2, %r12
@@ -20045,7 +21618,7 @@ index c1d01e6..a88cf02 100644
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
-@@ -1856,26 +2285,31 @@ end_repeat_nmi:
+@@ -1861,26 +2408,31 @@ end_repeat_nmi:
movq %r12, %cr2
1:
@@ -20148,7 +21721,7 @@ index 42a392a..fbbd930 100644
return -EFAULT;
diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c
-index 8f3201d..6898c0c 100644
+index 55b6761..a6456fc 100644
--- a/arch/x86/kernel/head64.c
+++ b/arch/x86/kernel/head64.c
@@ -67,12 +67,12 @@ again:
@@ -20201,7 +21774,7 @@ index 8f3201d..6898c0c 100644
init_level4_pgt[511] = early_level4_pgt[511];
diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S
-index 73afd11..d1670f5 100644
+index 73afd11..0ef46f2 100644
--- a/arch/x86/kernel/head_32.S
+++ b/arch/x86/kernel/head_32.S
@@ -26,6 +26,12 @@
@@ -20522,7 +22095,7 @@ index 73afd11..d1670f5 100644
+
+#ifdef CONFIG_PAX_PER_CPU_PGD
+ENTRY(cpu_pgd)
-+ .rept NR_CPUS
++ .rept 2*NR_CPUS
+ .fill 4,8,0
+ .endr
+#endif
@@ -20633,7 +22206,7 @@ index 73afd11..d1670f5 100644
+ .fill PAGE_SIZE_asm - GDT_SIZE,1,0
+ .endr
diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S
-index 321d65e..ad8817d 100644
+index a836860..1b5c665 100644
--- a/arch/x86/kernel/head_64.S
+++ b/arch/x86/kernel/head_64.S
@@ -20,6 +20,8 @@
@@ -20674,10 +22247,10 @@ index 321d65e..ad8817d 100644
+#ifndef CONFIG_XEN
+ addq %rbp, level3_ident_pgt + (1*8)(%rip)
+#endif
-+
-+ addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip)
- addq %rbp, level2_fixmap_pgt + (506*8)(%rip)
++ addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip)
++
+ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip)
+ addq %rbp, level3_kernel_pgt + ((L3_START_KERNEL+1)*8)(%rip)
+
@@ -20749,10 +22322,10 @@ index 321d65e..ad8817d 100644
+ .section .rodata,"a",@progbits
-#ifndef CONFIG_XEN
--NEXT_PAGE(init_level4_pgt)
+ NEXT_PAGE(init_level4_pgt)
- .fill 512,8,0
-#else
- NEXT_PAGE(init_level4_pgt)
+-NEXT_PAGE(init_level4_pgt)
- .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
.org init_level4_pgt + L4_PAGE_OFFSET*8, 0
.quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE
@@ -20768,7 +22341,7 @@ index 321d65e..ad8817d 100644
+#ifdef CONFIG_PAX_PER_CPU_PGD
+NEXT_PAGE(cpu_pgd)
-+ .rept NR_CPUS
++ .rept 2*NR_CPUS
+ .fill 512,8,0
+ .endr
+#endif
@@ -20813,7 +22386,7 @@ index 321d65e..ad8817d 100644
NEXT_PAGE(level2_kernel_pgt)
/*
* 512 MB kernel mapping. We spend a full page on this pagetable
-@@ -488,39 +544,64 @@ NEXT_PAGE(level2_kernel_pgt)
+@@ -488,39 +544,70 @@ NEXT_PAGE(level2_kernel_pgt)
KERNEL_IMAGE_SIZE/PMD_SIZE)
NEXT_PAGE(level2_fixmap_pgt)
@@ -20856,6 +22429,12 @@ index 321d65e..ad8817d 100644
+ .quad 0x0000f40000000000 /* node/CPU stored in limit */
+ /* asm/segment.h:GDT_ENTRIES must match this */
+
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++ .quad 0x00cf93000000ffff /* __UDEREF_KERNEL_DS */
++#else
++ .quad 0x0 /* unused */
++#endif
++
+ /* zero the remaining page */
+ .fill PAGE_SIZE / 8 - GDT_ENTRIES,8,0
+ .endr
@@ -20877,7 +22456,10 @@ index 321d65e..ad8817d 100644
- .section .bss, "aw", @nobits
+
+ .section .rodata,"a",@progbits
- .align L1_CACHE_BYTES
++NEXT_PAGE(empty_zero_page)
++ .skip PAGE_SIZE
++
+ .align PAGE_SIZE
ENTRY(idt_table)
- .skip IDT_ENTRIES * 16
+ .fill 512,8,0
@@ -20885,11 +22467,11 @@ index 321d65e..ad8817d 100644
.align L1_CACHE_BYTES
ENTRY(nmi_idt_table)
- .skip IDT_ENTRIES * 16
-+ .fill 512,8,0
-
+-
- __PAGE_ALIGNED_BSS
- NEXT_PAGE(empty_zero_page)
- .skip PAGE_SIZE
+-NEXT_PAGE(empty_zero_page)
+- .skip PAGE_SIZE
++ .fill 512,8,0
diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksyms_32.c
index 0fa6912..37fce70 100644
--- a/arch/x86/kernel/i386_ksyms_32.c
@@ -20916,7 +22498,7 @@ index 0fa6912..37fce70 100644
+EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR);
+#endif
diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c
-index cb33909..1163b40 100644
+index f7ea30d..6318acc 100644
--- a/arch/x86/kernel/i387.c
+++ b/arch/x86/kernel/i387.c
@@ -51,7 +51,7 @@ static inline bool interrupted_kernel_fpu_idle(void)
@@ -21030,7 +22612,7 @@ index 4ddaf66..6292f4e 100644
return -EPERM;
}
diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c
-index 84b7789..e65e8be 100644
+index ac0631d..ff7cb62 100644
--- a/arch/x86/kernel/irq.c
+++ b/arch/x86/kernel/irq.c
@@ -18,7 +18,7 @@
@@ -21333,7 +22915,7 @@ index 836f832..a8bda67 100644
}
diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c
-index 7bfe318..383d238 100644
+index 211bce4..6e2580a 100644
--- a/arch/x86/kernel/kprobes/core.c
+++ b/arch/x86/kernel/kprobes/core.c
@@ -119,9 +119,12 @@ static void __kprobes __synthesize_relative_insn(void *from, void *to, u8 op)
@@ -21381,9 +22963,9 @@ index 7bfe318..383d238 100644
#ifdef CONFIG_X86_64
if (insn_rip_relative(&insn)) {
-@@ -355,7 +360,9 @@ int __kprobes __copy_instruction(u8 *dest, u8 *src)
- newdisp = (u8 *) src + (s64) insn.displacement.value - (u8 *) dest;
- BUG_ON((s64) (s32) newdisp != newdisp); /* Sanity check. */
+@@ -359,7 +364,9 @@ int __kprobes __copy_instruction(u8 *dest, u8 *src)
+ return 0;
+ }
disp = (u8 *) dest + insn_offset_displacement(&insn);
+ pax_open_kernel();
*(s32 *) disp = (s32) newdisp;
@@ -21391,7 +22973,7 @@ index 7bfe318..383d238 100644
}
#endif
return insn.length;
-@@ -488,7 +495,7 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k
+@@ -498,7 +505,7 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k
* nor set current_kprobe, because it doesn't use single
* stepping.
*/
@@ -21400,7 +22982,7 @@ index 7bfe318..383d238 100644
preempt_enable_no_resched();
return;
}
-@@ -505,9 +512,9 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k
+@@ -515,9 +522,9 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k
regs->flags &= ~X86_EFLAGS_IF;
/* single step inline if the instruction is an int3 */
if (p->opcode == BREAKPOINT_INSTRUCTION)
@@ -21412,7 +22994,7 @@ index 7bfe318..383d238 100644
}
/*
-@@ -586,7 +593,7 @@ static int __kprobes kprobe_handler(struct pt_regs *regs)
+@@ -596,7 +603,7 @@ static int __kprobes kprobe_handler(struct pt_regs *regs)
setup_singlestep(p, regs, kcb, 0);
return 1;
}
@@ -21421,7 +23003,7 @@ index 7bfe318..383d238 100644
/*
* The breakpoint instruction was removed right
* after we hit it. Another cpu has removed
-@@ -632,6 +639,9 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
+@@ -642,6 +649,9 @@ static void __used __kprobes kretprobe_trampoline_holder(void)
" movq %rax, 152(%rsp)\n"
RESTORE_REGS_STRING
" popfq\n"
@@ -21431,7 +23013,7 @@ index 7bfe318..383d238 100644
#else
" pushf\n"
SAVE_REGS_STRING
-@@ -769,7 +779,7 @@ static void __kprobes
+@@ -779,7 +789,7 @@ static void __kprobes
resume_execution(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *kcb)
{
unsigned long *tos = stack_addr(regs);
@@ -21440,7 +23022,7 @@ index 7bfe318..383d238 100644
unsigned long orig_ip = (unsigned long)p->addr;
kprobe_opcode_t *insn = p->ainsn.insn;
-@@ -951,7 +961,7 @@ kprobe_exceptions_notify(struct notifier_block *self, unsigned long val, void *d
+@@ -961,7 +971,7 @@ kprobe_exceptions_notify(struct notifier_block *self, unsigned long val, void *d
struct die_args *args = data;
int ret = NOTIFY_DONE;
@@ -21519,10 +23101,10 @@ index 76dc6f0..66bdfc3 100644
reset_current_kprobe();
preempt_enable_no_resched();
diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c
-index b686a90..60d36fb 100644
+index cd6d9a5..16245a4 100644
--- a/arch/x86/kernel/kvm.c
+++ b/arch/x86/kernel/kvm.c
-@@ -453,7 +453,7 @@ static int __cpuinit kvm_cpu_notify(struct notifier_block *self,
+@@ -455,7 +455,7 @@ static int __cpuinit kvm_cpu_notify(struct notifier_block *self,
return NOTIFY_OK;
}
@@ -21901,7 +23483,7 @@ index 676b8c7..870ba04 100644
.spin_is_locked = __ticket_spin_is_locked,
.spin_is_contended = __ticket_spin_is_contended,
diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c
-index 8bfb335..c1463c6 100644
+index cd6de64..27c6af0 100644
--- a/arch/x86/kernel/paravirt.c
+++ b/arch/x86/kernel/paravirt.c
@@ -55,6 +55,9 @@ u64 _paravirt_ident_64(u64 x)
@@ -21929,10 +23511,10 @@ index 8bfb335..c1463c6 100644
ret = paravirt_patch_ident_32(insnbuf, len);
- else if (opfunc == _paravirt_ident_64)
+ else if (opfunc == (void *)_paravirt_ident_64)
-+ ret = paravirt_patch_ident_64(insnbuf, len);
+ ret = paravirt_patch_ident_64(insnbuf, len);
+#if defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE)
+ else if (opfunc == (void *)__raw_callee_save__paravirt_ident_64)
- ret = paravirt_patch_ident_64(insnbuf, len);
++ ret = paravirt_patch_ident_64(insnbuf, len);
+#endif
else if (type == PARAVIRT_PATCH(pv_cpu_ops.iret) ||
@@ -21984,7 +23566,7 @@ index 8bfb335..c1463c6 100644
.cpuid = native_cpuid,
.get_debugreg = native_get_debugreg,
.set_debugreg = native_set_debugreg,
-@@ -395,21 +402,26 @@ struct pv_cpu_ops pv_cpu_ops = {
+@@ -394,21 +401,26 @@ struct pv_cpu_ops pv_cpu_ops = {
.end_context_switch = paravirt_nop,
};
@@ -22014,7 +23596,7 @@ index 8bfb335..c1463c6 100644
.read_cr2 = native_read_cr2,
.write_cr2 = native_write_cr2,
-@@ -459,6 +471,7 @@ struct pv_mmu_ops pv_mmu_ops = {
+@@ -458,6 +470,7 @@ struct pv_mmu_ops pv_mmu_ops = {
.make_pud = PTE_IDENT,
.set_pgd = native_set_pgd,
@@ -22022,7 +23604,7 @@ index 8bfb335..c1463c6 100644
#endif
#endif /* PAGETABLE_LEVELS >= 3 */
-@@ -479,6 +492,12 @@ struct pv_mmu_ops pv_mmu_ops = {
+@@ -478,6 +491,12 @@ struct pv_mmu_ops pv_mmu_ops = {
},
.set_fixmap = native_set_fixmap,
@@ -22075,7 +23657,7 @@ index 6c483ba..d10ce2f 100644
static struct dma_map_ops swiotlb_dma_ops = {
diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c
-index 14ae100..752a4f6 100644
+index 81a5f5e..20f8b58 100644
--- a/arch/x86/kernel/process.c
+++ b/arch/x86/kernel/process.c
@@ -36,7 +36,8 @@
@@ -22106,16 +23688,7 @@ index 14ae100..752a4f6 100644
t->io_bitmap_ptr = NULL;
clear_thread_flag(TIF_IO_BITMAP);
-@@ -136,7 +137,7 @@ void show_regs_common(void)
- board = dmi_get_system_info(DMI_BOARD_NAME);
-
- printk(KERN_DEFAULT "Pid: %d, comm: %.20s %s %s %.*s %s %s%s%s\n",
-- current->pid, current->comm, print_tainted(),
-+ task_pid_nr(current), current->comm, print_tainted(),
- init_utsname()->release,
- (int)strcspn(init_utsname()->version, " "),
- init_utsname()->version,
-@@ -149,6 +150,9 @@ void flush_thread(void)
+@@ -125,6 +126,9 @@ void flush_thread(void)
{
struct task_struct *tsk = current;
@@ -22125,7 +23698,7 @@ index 14ae100..752a4f6 100644
flush_ptrace_hw_breakpoint(tsk);
memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array));
drop_init_fpu(tsk);
-@@ -295,7 +299,7 @@ static void __exit_idle(void)
+@@ -271,7 +275,7 @@ static void __exit_idle(void)
void exit_idle(void)
{
/* idle loop has pid 0 */
@@ -22134,7 +23707,7 @@ index 14ae100..752a4f6 100644
return;
__exit_idle();
}
-@@ -398,7 +402,7 @@ bool xen_set_default_idle(void)
+@@ -327,7 +331,7 @@ bool xen_set_default_idle(void)
return ret;
}
#endif
@@ -22143,7 +23716,7 @@ index 14ae100..752a4f6 100644
{
local_irq_disable();
/*
-@@ -544,16 +548,37 @@ static int __init idle_setup(char *str)
+@@ -456,16 +460,37 @@ static int __init idle_setup(char *str)
}
early_param("idle", idle_setup);
@@ -22192,7 +23765,7 @@ index 14ae100..752a4f6 100644
+}
+#endif
diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c
-index b5a8905..d9cacac 100644
+index 7305f7d..22f73d6 100644
--- a/arch/x86/kernel/process_32.c
+++ b/arch/x86/kernel/process_32.c
@@ -65,6 +65,7 @@ asmlinkage void ret_from_kernel_thread(void) __asm__("ret_from_kernel_thread");
@@ -22203,7 +23776,7 @@ index b5a8905..d9cacac 100644
}
void __show_regs(struct pt_regs *regs, int all)
-@@ -74,21 +75,20 @@ void __show_regs(struct pt_regs *regs, int all)
+@@ -74,19 +75,18 @@ void __show_regs(struct pt_regs *regs, int all)
unsigned long sp;
unsigned short ss, gs;
@@ -22219,8 +23792,6 @@ index b5a8905..d9cacac 100644
}
+ gs = get_user_gs(regs);
- show_regs_common();
-
printk(KERN_DEFAULT "EIP: %04x:[<%08lx>] EFLAGS: %08lx CPU: %d\n",
(u16)regs->cs, regs->ip, regs->flags,
- smp_processor_id());
@@ -22228,7 +23799,7 @@ index b5a8905..d9cacac 100644
print_symbol("EIP is at %s\n", regs->ip);
printk(KERN_DEFAULT "EAX: %08lx EBX: %08lx ECX: %08lx EDX: %08lx\n",
-@@ -130,20 +130,21 @@ void release_thread(struct task_struct *dead_task)
+@@ -128,20 +128,21 @@ void release_thread(struct task_struct *dead_task)
int copy_thread(unsigned long clone_flags, unsigned long sp,
unsigned long arg, struct task_struct *p)
{
@@ -22254,7 +23825,7 @@ index b5a8905..d9cacac 100644
childregs->fs = __KERNEL_PERCPU;
childregs->bx = sp; /* function */
childregs->bp = arg;
-@@ -250,7 +251,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -248,7 +249,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
struct thread_struct *prev = &prev_p->thread,
*next = &next_p->thread;
int cpu = smp_processor_id();
@@ -22263,7 +23834,7 @@ index b5a8905..d9cacac 100644
fpu_switch_t fpu;
/* never put a printk in __switch_to... printk() calls wake_up*() indirectly */
-@@ -274,6 +275,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -272,6 +273,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
*/
lazy_save_gs(prev->gs);
@@ -22274,7 +23845,7 @@ index b5a8905..d9cacac 100644
/*
* Load the per-thread Thread-Local Storage descriptor.
*/
-@@ -304,6 +309,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -302,6 +307,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
*/
arch_end_context_switch(next_p);
@@ -22284,7 +23855,7 @@ index b5a8905..d9cacac 100644
/*
* Restore %gs if needed (which is common)
*/
-@@ -312,8 +320,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -310,8 +318,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
switch_fpu_finish(next_p, fpu);
@@ -22293,16 +23864,16 @@ index b5a8905..d9cacac 100644
return prev_p;
}
-@@ -343,4 +349,3 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -341,4 +347,3 @@ unsigned long get_wchan(struct task_struct *p)
} while (count++ < 16);
return 0;
}
-
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
-index 0f49677..fcbf88c 100644
+index 355ae06..560fbbe 100644
--- a/arch/x86/kernel/process_64.c
+++ b/arch/x86/kernel/process_64.c
-@@ -152,10 +152,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
+@@ -151,10 +151,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
struct pt_regs *childregs;
struct task_struct *me = current;
@@ -22315,7 +23886,16 @@ index 0f49677..fcbf88c 100644
set_tsk_thread_flag(p, TIF_FORK);
p->fpu_counter = 0;
p->thread.io_bitmap_ptr = NULL;
-@@ -274,7 +275,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -165,6 +166,8 @@ int copy_thread(unsigned long clone_flags, unsigned long sp,
+ p->thread.fs = p->thread.fsindex ? 0 : me->thread.fs;
+ savesegment(es, p->thread.es);
+ savesegment(ds, p->thread.ds);
++ savesegment(ss, p->thread.ss);
++ BUG_ON(p->thread.ss == __UDEREF_KERNEL_DS);
+ memset(p->thread.ptrace_bps, 0, sizeof(p->thread.ptrace_bps));
+
+ if (unlikely(p->flags & PF_KTHREAD)) {
+@@ -273,7 +276,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
struct thread_struct *prev = &prev_p->thread;
struct thread_struct *next = &next_p->thread;
int cpu = smp_processor_id();
@@ -22324,7 +23904,17 @@ index 0f49677..fcbf88c 100644
unsigned fsindex, gsindex;
fpu_switch_t fpu;
-@@ -356,10 +357,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+@@ -296,6 +299,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
+ if (unlikely(next->ds | prev->ds))
+ loadsegment(ds, next->ds);
+
++ savesegment(ss, prev->ss);
++ if (unlikely(next->ss != prev->ss))
++ loadsegment(ss, next->ss);
+
+ /* We must save %fs and %gs before load_TLS() because
+ * %fs and %gs may be cleared by load_TLS().
+@@ -355,10 +361,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p)
prev->usersp = this_cpu_read(old_rsp);
this_cpu_write(old_rsp, next->usersp);
this_cpu_write(current_task, next_p);
@@ -22337,7 +23927,7 @@ index 0f49677..fcbf88c 100644
/*
* Now maybe reload the debug registers and handle I/O bitmaps
-@@ -428,12 +428,11 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -427,12 +432,11 @@ unsigned long get_wchan(struct task_struct *p)
if (!p || p == current || p->state == TASK_RUNNING)
return 0;
stack = (unsigned long)task_stack_page(p);
@@ -22624,6 +24214,19 @@ index 76fa1e9..abf09ea 100644
.power_off = native_machine_power_off,
.shutdown = native_machine_shutdown,
.emergency_restart = native_machine_emergency_restart,
+diff --git a/arch/x86/kernel/reboot_fixups_32.c b/arch/x86/kernel/reboot_fixups_32.c
+index c8e41e9..64049ef 100644
+--- a/arch/x86/kernel/reboot_fixups_32.c
++++ b/arch/x86/kernel/reboot_fixups_32.c
+@@ -57,7 +57,7 @@ struct device_fixup {
+ unsigned int vendor;
+ unsigned int device;
+ void (*reboot_fixup)(struct pci_dev *);
+-};
++} __do_const;
+
+ /*
+ * PCI ids solely used for fixups_table go here
diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S
index f2bb9c9..bed145d7 100644
--- a/arch/x86/kernel/relocate_kernel_64.S
@@ -22645,10 +24248,10 @@ index f2bb9c9..bed145d7 100644
1:
diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c
-index fae9134..8fcd87c 100644
+index 56f7fcf..3b88ad1 100644
--- a/arch/x86/kernel/setup.c
+++ b/arch/x86/kernel/setup.c
-@@ -111,6 +111,7 @@
+@@ -110,6 +110,7 @@
#include <asm/mce.h>
#include <asm/alternative.h>
#include <asm/prom.h>
@@ -22656,7 +24259,23 @@ index fae9134..8fcd87c 100644
/*
* max_low_pfn_mapped: highest direct mapped pfn under 4GB
-@@ -447,7 +448,7 @@ static void __init parse_setup_data(void)
+@@ -205,10 +206,12 @@ EXPORT_SYMBOL(boot_cpu_data);
+ #endif
+
+
+-#if !defined(CONFIG_X86_PAE) || defined(CONFIG_X86_64)
+-unsigned long mmu_cr4_features;
++#ifdef CONFIG_X86_64
++unsigned long mmu_cr4_features __read_only = X86_CR4_PSE | X86_CR4_PAE | X86_CR4_PGE;
++#elif defined(CONFIG_X86_PAE)
++unsigned long mmu_cr4_features __read_only = X86_CR4_PAE;
+ #else
+-unsigned long mmu_cr4_features = X86_CR4_PAE;
++unsigned long mmu_cr4_features __read_only;
+ #endif
+
+ /* Boot loader ID and version as integers, for the benefit of proc_dointvec */
+@@ -444,7 +447,7 @@ static void __init parse_setup_data(void)
switch (data->type) {
case SETUP_E820_EXT:
@@ -22665,7 +24284,7 @@ index fae9134..8fcd87c 100644
break;
case SETUP_DTB:
add_dtb(pa_data);
-@@ -774,7 +775,7 @@ static void __init trim_bios_range(void)
+@@ -771,7 +774,7 @@ static void __init trim_bios_range(void)
* area (640->1Mb) as ram even though it is not.
* take them out.
*/
@@ -22674,7 +24293,7 @@ index fae9134..8fcd87c 100644
sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map);
}
-@@ -782,7 +783,7 @@ static void __init trim_bios_range(void)
+@@ -779,7 +782,7 @@ static void __init trim_bios_range(void)
/* called before trim_bios_range() to spare extra sanitize */
static void __init e820_add_kernel_range(void)
{
@@ -22683,7 +24302,7 @@ index fae9134..8fcd87c 100644
u64 size = __pa_symbol(_end) - start;
/*
-@@ -844,8 +845,12 @@ static void __init trim_low_memory_range(void)
+@@ -841,8 +844,12 @@ static void __init trim_low_memory_range(void)
void __init setup_arch(char **cmdline_p)
{
@@ -22696,7 +24315,7 @@ index fae9134..8fcd87c 100644
early_reserve_initrd();
-@@ -937,14 +942,14 @@ void __init setup_arch(char **cmdline_p)
+@@ -934,14 +941,14 @@ void __init setup_arch(char **cmdline_p)
if (!boot_params.hdr.root_flags)
root_mountflags &= ~MS_RDONLY;
@@ -22793,7 +24412,7 @@ index 5cdff03..80fa283 100644
* Up to this point, the boot CPU has been using .init.data
* area. Reload any changed state for the boot CPU.
diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c
-index 6956299..f20beae 100644
+index 6956299..18126ec4 100644
--- a/arch/x86/kernel/signal.c
+++ b/arch/x86/kernel/signal.c
@@ -196,7 +196,7 @@ static unsigned long align_sigframe(unsigned long sp)
@@ -22826,8 +24445,12 @@ index 6956299..f20beae 100644
if (err)
return -EFAULT;
-@@ -367,7 +367,10 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
- err |= __save_altstack(&frame->uc.uc_stack, regs->sp);
+@@ -364,10 +364,13 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
+ else
+ put_user_ex(0, &frame->uc.uc_flags);
+ put_user_ex(0, &frame->uc.uc_link);
+- err |= __save_altstack(&frame->uc.uc_stack, regs->sp);
++ __save_altstack_ex(&frame->uc.uc_stack, regs->sp);
/* Set up to return from userspace. */
- restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn);
@@ -22847,6 +24470,15 @@ index 6956299..f20beae 100644
} put_user_catch(err);
err |= copy_siginfo_to_user(&frame->info, &ksig->info);
+@@ -429,7 +432,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig,
+ else
+ put_user_ex(0, &frame->uc.uc_flags);
+ put_user_ex(0, &frame->uc.uc_link);
+- err |= __save_altstack(&frame->uc.uc_stack, regs->sp);
++ __save_altstack_ex(&frame->uc.uc_stack, regs->sp);
+
+ /* Set up to return from userspace. If provided, use a stub
+ already in userspace. */
@@ -615,7 +618,12 @@ setup_rt_frame(struct ksignal *ksig, struct pt_regs *regs)
{
int usig = signr_convert(ksig->sig);
@@ -22884,10 +24516,35 @@ index 48d2b7d..90d328a 100644
.smp_prepare_cpus = native_smp_prepare_cpus,
.smp_cpus_done = native_smp_cpus_done,
diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c
-index 9f190a2..90a0688 100644
+index bfd348e..f0c1bf2 100644
--- a/arch/x86/kernel/smpboot.c
+++ b/arch/x86/kernel/smpboot.c
-@@ -748,6 +748,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+@@ -251,14 +251,18 @@ notrace static void __cpuinit start_secondary(void *unused)
+
+ enable_start_cpu0 = 0;
+
+-#ifdef CONFIG_X86_32
+- /* switch away from the initial page table */
+- load_cr3(swapper_pg_dir);
+- __flush_tlb_all();
+-#endif
+-
+ /* otherwise gcc will move up smp_processor_id before the cpu_init */
+ barrier();
++
++ /* switch away from the initial page table */
++#ifdef CONFIG_PAX_PER_CPU_PGD
++ load_cr3(get_cpu_pgd(smp_processor_id(), kernel));
++ __flush_tlb_all();
++#elif defined(CONFIG_X86_32)
++ load_cr3(swapper_pg_dir);
++ __flush_tlb_all();
++#endif
++
+ /*
+ * Check TSC synchronization with the BP:
+ */
+@@ -748,6 +752,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
idle->thread.sp = (unsigned long) (((struct pt_regs *)
(THREAD_SIZE + task_stack_page(idle))) - 1);
per_cpu(current_task, cpu) = idle;
@@ -22895,7 +24552,7 @@ index 9f190a2..90a0688 100644
#ifdef CONFIG_X86_32
/* Stack for startup_32 can be just as for start_secondary onwards */
-@@ -755,11 +756,13 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
+@@ -755,11 +760,13 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle)
#else
clear_tsk_thread_flag(idle, TIF_FORK);
initial_gs = per_cpu_offset(cpu);
@@ -22912,12 +24569,15 @@ index 9f190a2..90a0688 100644
initial_code = (unsigned long)start_secondary;
stack_start = idle->thread.sp;
-@@ -908,6 +911,15 @@ int __cpuinit native_cpu_up(unsigned int cpu, struct task_struct *tidle)
+@@ -908,6 +915,18 @@ int __cpuinit native_cpu_up(unsigned int cpu, struct task_struct *tidle)
/* the FPU context is blank, nobody can own it */
__cpu_disable_lazy_restore(cpu);
+#ifdef CONFIG_PAX_PER_CPU_PGD
-+ clone_pgd_range(get_cpu_pgd(cpu) + KERNEL_PGD_BOUNDARY,
++ clone_pgd_range(get_cpu_pgd(cpu, kernel) + KERNEL_PGD_BOUNDARY,
++ swapper_pg_dir + KERNEL_PGD_BOUNDARY,
++ KERNEL_PGD_PTRS);
++ clone_pgd_range(get_cpu_pgd(cpu, user) + KERNEL_PGD_BOUNDARY,
+ swapper_pg_dir + KERNEL_PGD_BOUNDARY,
+ KERNEL_PGD_PTRS);
+#endif
@@ -23349,7 +25009,7 @@ index 24d3c91..d06b473 100644
return pc;
}
diff --git a/arch/x86/kernel/tls.c b/arch/x86/kernel/tls.c
-index 9d9d2f9..cad418a 100644
+index f7fec09..9991981 100644
--- a/arch/x86/kernel/tls.c
+++ b/arch/x86/kernel/tls.c
@@ -84,6 +84,11 @@ int do_set_thread_area(struct task_struct *p, int idx,
@@ -23364,7 +25024,7 @@ index 9d9d2f9..cad418a 100644
set_tls_desc(p, idx, &info, 1);
return 0;
-@@ -204,7 +209,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset,
+@@ -200,7 +205,7 @@ int regset_tls_set(struct task_struct *target, const struct user_regset *regset,
if (kbuf)
info = kbuf;
@@ -23374,7 +25034,7 @@ index 9d9d2f9..cad418a 100644
else
info = infobuf;
diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
-index 68bda7a..3ec7bb7 100644
+index 772e2a8..bad5bf6 100644
--- a/arch/x86/kernel/traps.c
+++ b/arch/x86/kernel/traps.c
@@ -68,12 +68,6 @@
@@ -23448,7 +25108,7 @@ index 68bda7a..3ec7bb7 100644
regs->ip, regs->sp, error_code);
print_vma_addr(" in ", regs->ip);
pr_cont("\n");
-@@ -266,7 +272,7 @@ do_general_protection(struct pt_regs *regs, long error_code)
+@@ -273,7 +279,7 @@ do_general_protection(struct pt_regs *regs, long error_code)
conditional_sti(regs);
#ifdef CONFIG_X86_32
@@ -23457,7 +25117,7 @@ index 68bda7a..3ec7bb7 100644
local_irq_enable();
handle_vm86_fault((struct kernel_vm86_regs *) regs, error_code);
goto exit;
-@@ -274,18 +280,42 @@ do_general_protection(struct pt_regs *regs, long error_code)
+@@ -281,18 +287,42 @@ do_general_protection(struct pt_regs *regs, long error_code)
#endif
tsk = current;
@@ -23502,7 +25162,7 @@ index 68bda7a..3ec7bb7 100644
tsk->thread.error_code = error_code;
tsk->thread.trap_nr = X86_TRAP_GP;
-@@ -440,7 +470,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
+@@ -450,7 +480,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
/* It's safe to allow irq's after DR6 has been saved */
preempt_conditional_sti(regs);
@@ -23511,7 +25171,7 @@ index 68bda7a..3ec7bb7 100644
handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code,
X86_TRAP_DB);
preempt_conditional_cli(regs);
-@@ -455,7 +485,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
+@@ -465,7 +495,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code)
* We already checked v86 mode above, so we can check for kernel mode
* by just checking the CPL of CS.
*/
@@ -23520,7 +25180,7 @@ index 68bda7a..3ec7bb7 100644
tsk->thread.debugreg6 &= ~DR_STEP;
set_tsk_thread_flag(tsk, TIF_SINGLESTEP);
regs->flags &= ~X86_EFLAGS_TF;
-@@ -487,7 +517,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr)
+@@ -497,7 +527,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr)
return;
conditional_sti(regs);
@@ -23530,7 +25190,7 @@ index 68bda7a..3ec7bb7 100644
if (!fixup_exception(regs)) {
task->thread.error_code = error_code;
diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c
-index 0ba4cfb..4596bec 100644
+index 2ed8459..7cf329f 100644
--- a/arch/x86/kernel/uprobes.c
+++ b/arch/x86/kernel/uprobes.c
@@ -629,7 +629,7 @@ int arch_uprobe_exception_notify(struct notifier_block *self, unsigned long val,
@@ -23542,6 +25202,15 @@ index 0ba4cfb..4596bec 100644
return NOTIFY_DONE;
switch (val) {
+@@ -719,7 +719,7 @@ arch_uretprobe_hijack_return_addr(unsigned long trampoline_vaddr, struct pt_regs
+
+ if (ncopied != rasize) {
+ pr_err("uprobe: return address clobbered: pid=%d, %%sp=%#lx, "
+- "%%ip=%#lx\n", current->pid, regs->sp, regs->ip);
++ "%%ip=%#lx\n", task_pid_nr(current), regs->sp, regs->ip);
+
+ force_sig_info(SIGSEGV, SEND_SIG_FORCED, current);
+ }
diff --git a/arch/x86/kernel/verify_cpu.S b/arch/x86/kernel/verify_cpu.S
index b9242ba..50c5edd 100644
--- a/arch/x86/kernel/verify_cpu.S
@@ -23555,7 +25224,7 @@ index b9242ba..50c5edd 100644
* verify_cpu, returns the status of longmode and SSE in register %eax.
* 0: Success 1: Failure
diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c
-index 3dbdd9c..888b14e 100644
+index e8edcf5..27f9344 100644
--- a/arch/x86/kernel/vm86_32.c
+++ b/arch/x86/kernel/vm86_32.c
@@ -44,6 +44,7 @@
@@ -23578,34 +25247,33 @@ index 3dbdd9c..888b14e 100644
@@ -214,6 +215,14 @@ SYSCALL_DEFINE1(vm86old, struct vm86_struct __user *, v86)
if (tsk->thread.saved_sp0)
- goto out;
+ return -EPERM;
+
+#ifdef CONFIG_GRKERNSEC_VM86
+ if (!capable(CAP_SYS_RAWIO)) {
+ gr_handle_vm86();
-+ goto out;
++ return -EPERM;
+ }
+#endif
+
tmp = copy_vm86_regs_from_user(&info.regs, &v86->regs,
offsetof(struct kernel_vm86_struct, vm86plus) -
sizeof(info.regs));
-@@ -242,6 +251,14 @@ SYSCALL_DEFINE2(vm86, unsigned long, cmd, unsigned long, arg)
- int tmp, ret;
+@@ -238,6 +247,13 @@ SYSCALL_DEFINE2(vm86, unsigned long, cmd, unsigned long, arg)
+ int tmp;
struct vm86plus_struct __user *v86;
+#ifdef CONFIG_GRKERNSEC_VM86
+ if (!capable(CAP_SYS_RAWIO)) {
+ gr_handle_vm86();
-+ ret = -EPERM;
-+ goto out;
++ return -EPERM;
+ }
+#endif
+
tsk = current;
switch (cmd) {
case VM86_REQUEST_IRQ:
-@@ -329,7 +346,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk
+@@ -318,7 +334,7 @@ static void do_sys_vm86(struct kernel_vm86_struct *info, struct task_struct *tsk
tsk->thread.saved_fs = info->regs32->fs;
tsk->thread.saved_gs = get_user_gs(info->regs32);
@@ -23614,7 +25282,7 @@ index 3dbdd9c..888b14e 100644
tsk->thread.sp0 = (unsigned long) &info->VM86_TSS_ESP0;
if (cpu_has_sep)
tsk->thread.sysenter_cs = 0;
-@@ -536,7 +553,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i,
+@@ -525,7 +541,7 @@ static void do_int(struct kernel_vm86_regs *regs, int i,
goto cannot_handle;
if (i == 0x21 && is_revectored(AH(regs), &KVM86->int21_revectored))
goto cannot_handle;
@@ -23624,7 +25292,7 @@ index 3dbdd9c..888b14e 100644
goto cannot_handle;
if ((segoffs >> 16) == BIOSSEG)
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
-index 22a1530..5efafbf 100644
+index 10c4f30..57377c2 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -26,6 +26,13 @@
@@ -23691,9 +25359,9 @@ index 22a1530..5efafbf 100644
+ __LOAD_PHYSICAL_ADDR = . - LOAD_OFFSET + __KERNEL_TEXT_OFFSET;
+ _text = .;
HEAD_TEXT
- #ifdef CONFIG_X86_32
- . = ALIGN(PAGE_SIZE);
-@@ -108,13 +128,48 @@ SECTIONS
+ . = ALIGN(8);
+ _stext = .;
+@@ -104,13 +124,48 @@ SECTIONS
IRQENTRY_TEXT
*(.fixup)
*(.gnu.warning)
@@ -23746,7 +25414,7 @@ index 22a1530..5efafbf 100644
#if defined(CONFIG_DEBUG_RODATA)
/* .text should occupy whole number of pages */
-@@ -126,16 +181,20 @@ SECTIONS
+@@ -122,16 +177,20 @@ SECTIONS
/* Data */
.data : AT(ADDR(.data) - LOAD_OFFSET) {
@@ -23770,7 +25438,7 @@ index 22a1530..5efafbf 100644
PAGE_ALIGNED_DATA(PAGE_SIZE)
-@@ -176,12 +235,19 @@ SECTIONS
+@@ -172,12 +231,19 @@ SECTIONS
#endif /* CONFIG_X86_64 */
/* Init code and data - will be freed after init */
@@ -23793,7 +25461,7 @@ index 22a1530..5efafbf 100644
/*
* percpu offsets are zero-based on SMP. PERCPU_VADDR() changes the
* output PHDR, so the next output section - .init.text - should
-@@ -190,12 +256,27 @@ SECTIONS
+@@ -186,12 +252,27 @@ SECTIONS
PERCPU_VADDR(INTERNODE_CACHE_BYTES, 0, :percpu)
#endif
@@ -23826,7 +25494,7 @@ index 22a1530..5efafbf 100644
.x86_cpu_dev.init : AT(ADDR(.x86_cpu_dev.init) - LOAD_OFFSET) {
__x86_cpu_dev_start = .;
-@@ -257,19 +338,12 @@ SECTIONS
+@@ -253,19 +334,12 @@ SECTIONS
}
. = ALIGN(8);
@@ -23847,7 +25515,7 @@ index 22a1530..5efafbf 100644
PERCPU_SECTION(INTERNODE_CACHE_BYTES)
#endif
-@@ -288,16 +362,10 @@ SECTIONS
+@@ -284,16 +358,10 @@ SECTIONS
.smp_locks : AT(ADDR(.smp_locks) - LOAD_OFFSET) {
__smp_locks = .;
*(.smp_locks)
@@ -23865,7 +25533,7 @@ index 22a1530..5efafbf 100644
/* BSS */
. = ALIGN(PAGE_SIZE);
.bss : AT(ADDR(.bss) - LOAD_OFFSET) {
-@@ -313,6 +381,7 @@ SECTIONS
+@@ -309,6 +377,7 @@ SECTIONS
__brk_base = .;
. += 64 * 1024; /* 64k alignment slop space */
*(.brk_reservation) /* areas brk users have reserved */
@@ -23873,7 +25541,7 @@ index 22a1530..5efafbf 100644
__brk_limit = .;
}
-@@ -339,13 +408,12 @@ SECTIONS
+@@ -335,13 +404,12 @@ SECTIONS
* for the boot processor.
*/
#define INIT_PER_CPU(x) init_per_cpu__##x = x + __per_cpu_load
@@ -24056,10 +25724,10 @@ index a20ecb5..d0e2194 100644
out:
diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c
-index 698eece..776b682 100644
+index 5953dce..f11a7d2 100644
--- a/arch/x86/kvm/emulate.c
+++ b/arch/x86/kvm/emulate.c
-@@ -328,6 +328,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
+@@ -329,6 +329,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
#define ____emulate_2op(ctxt, _op, _x, _y, _suffix, _dsttype) \
do { \
@@ -24067,7 +25735,7 @@ index 698eece..776b682 100644
__asm__ __volatile__ ( \
_PRE_EFLAGS("0", "4", "2") \
_op _suffix " %"_x"3,%1; " \
-@@ -342,8 +343,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
+@@ -343,8 +344,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
/* Raw emulation: instruction has two explicit operands. */
#define __emulate_2op_nobyte(ctxt,_op,_wx,_wy,_lx,_ly,_qx,_qy) \
do { \
@@ -24076,7 +25744,7 @@ index 698eece..776b682 100644
switch ((ctxt)->dst.bytes) { \
case 2: \
____emulate_2op(ctxt,_op,_wx,_wy,"w",u16); \
-@@ -359,7 +358,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
+@@ -360,7 +359,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt)
#define __emulate_2op(ctxt,_op,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \
do { \
@@ -24085,7 +25753,7 @@ index 698eece..776b682 100644
case 1: \
____emulate_2op(ctxt,_op,_bx,_by,"b",u8); \
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
-index f77df1c..6f20690 100644
+index 0eee2c8..94a32c3 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -55,7 +55,7 @@
@@ -24098,7 +25766,7 @@ index f77df1c..6f20690 100644
#define APIC_LVT_NUM 6
/* 14 is the version for Xeon and Pentium 8.4.8*/
diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h
-index 105dd5b..1b0ccc2 100644
+index da20860..d19fdf5 100644
--- a/arch/x86/kvm/paging_tmpl.h
+++ b/arch/x86/kvm/paging_tmpl.h
@@ -208,7 +208,7 @@ retry_walk:
@@ -24111,10 +25779,10 @@ index 105dd5b..1b0ccc2 100644
goto error;
walker->ptep_user[walker->level - 1] = ptep_user;
diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c
-index e1b1ce2..f7b4b43 100644
+index a14a6ea..dc86cf0 100644
--- a/arch/x86/kvm/svm.c
+++ b/arch/x86/kvm/svm.c
-@@ -3507,7 +3507,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
+@@ -3493,7 +3493,11 @@ static void reload_tss(struct kvm_vcpu *vcpu)
int cpu = raw_smp_processor_id();
struct svm_cpu_data *sd = per_cpu(svm_data, cpu);
@@ -24126,7 +25794,7 @@ index e1b1ce2..f7b4b43 100644
load_TR_desc();
}
-@@ -3901,6 +3905,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -3894,6 +3898,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu)
#endif
#endif
@@ -24138,10 +25806,10 @@ index e1b1ce2..f7b4b43 100644
local_irq_disable();
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
-index 0e2f2a4..4331db2 100644
+index 5402c94..c3bdeee 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
-@@ -1184,12 +1184,12 @@ static void vmcs_write64(unsigned long field, u64 value)
+@@ -1311,12 +1311,12 @@ static void vmcs_write64(unsigned long field, u64 value)
#endif
}
@@ -24156,7 +25824,7 @@ index 0e2f2a4..4331db2 100644
{
vmcs_writel(field, vmcs_readl(field) | mask);
}
-@@ -1390,7 +1390,11 @@ static void reload_tss(void)
+@@ -1517,7 +1517,11 @@ static void reload_tss(void)
struct desc_struct *descs;
descs = (void *)gdt->address;
@@ -24168,7 +25836,7 @@ index 0e2f2a4..4331db2 100644
load_TR_desc();
}
-@@ -1614,6 +1618,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
+@@ -1741,6 +1745,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu)
vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */
vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */
@@ -24179,7 +25847,7 @@ index 0e2f2a4..4331db2 100644
rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp);
vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */
vmx->loaded_vmcs->cpu = cpu;
-@@ -2779,8 +2787,11 @@ static __init int hardware_setup(void)
+@@ -2935,8 +2943,11 @@ static __init int hardware_setup(void)
if (!cpu_has_vmx_flexpriority())
flexpriority_enabled = 0;
@@ -24193,22 +25861,27 @@ index 0e2f2a4..4331db2 100644
if (enable_ept && !cpu_has_vmx_ept_2m_page())
kvm_disable_largepages();
-@@ -2792,10 +2803,12 @@ static __init int hardware_setup(void)
- !cpu_has_vmx_virtual_intr_delivery())
- enable_apicv_reg_vid = 0;
+@@ -2947,13 +2958,15 @@ static __init int hardware_setup(void)
+ if (!cpu_has_vmx_apicv())
+ enable_apicv = 0;
+ pax_open_kernel();
- if (enable_apicv_reg_vid)
+ if (enable_apicv)
- kvm_x86_ops->update_cr8_intercept = NULL;
+ *(void **)&kvm_x86_ops->update_cr8_intercept = NULL;
- else
+ else {
- kvm_x86_ops->hwapic_irr_update = NULL;
+- kvm_x86_ops->deliver_posted_interrupt = NULL;
+- kvm_x86_ops->sync_pir_to_irr = vmx_sync_pir_to_irr_dummy;
+ *(void **)&kvm_x86_ops->hwapic_irr_update = NULL;
++ *(void **)&kvm_x86_ops->deliver_posted_interrupt = NULL;
++ *(void **)&kvm_x86_ops->sync_pir_to_irr = vmx_sync_pir_to_irr_dummy;
+ }
+ pax_close_kernel();
if (nested)
nested_vmx_setup_ctls_msrs();
-@@ -3890,7 +3903,10 @@ static void vmx_set_constant_host_state(void)
+@@ -4076,7 +4089,10 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */
vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */
@@ -24219,16 +25892,16 @@ index 0e2f2a4..4331db2 100644
vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */
#ifdef CONFIG_X86_64
-@@ -3911,7 +3927,7 @@ static void vmx_set_constant_host_state(void)
- native_store_idt(&dt);
+@@ -4098,7 +4114,7 @@ static void vmx_set_constant_host_state(struct vcpu_vmx *vmx)
vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */
+ vmx->host_idt_base = dt.address;
- vmcs_writel(HOST_RIP, vmx_return); /* 22.2.5 */
+ vmcs_writel(HOST_RIP, ktla_ktva(vmx_return)); /* 22.2.5 */
rdmsr(MSR_IA32_SYSENTER_CS, low32, high32);
vmcs_write32(HOST_IA32_SYSENTER_CS, low32);
-@@ -6587,6 +6603,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -7030,6 +7046,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
"jmp 2f \n\t"
"1: " __ex(ASM_VMX_VMRESUME) "\n\t"
"2: "
@@ -24241,7 +25914,7 @@ index 0e2f2a4..4331db2 100644
/* Save guest registers, load host registers, keep flags */
"mov %0, %c[wordsize](%%" _ASM_SP ") \n\t"
"pop %0 \n\t"
-@@ -6639,6 +6661,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -7082,6 +7104,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
#endif
[cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)),
[wordsize]"i"(sizeof(ulong))
@@ -24253,7 +25926,7 @@ index 0e2f2a4..4331db2 100644
: "cc", "memory"
#ifdef CONFIG_X86_64
, "rax", "rbx", "rdi", "rsi"
-@@ -6652,7 +6679,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -7095,7 +7122,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
if (debugctlmsr)
update_debugctlmsr(debugctlmsr);
@@ -24262,7 +25935,7 @@ index 0e2f2a4..4331db2 100644
/*
* The sysexit path does not restore ds/es, so we must set them to
* a reasonable value ourselves.
-@@ -6661,8 +6688,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
+@@ -7104,8 +7131,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu)
* may be executed in interrupt context, which saves and restore segments
* around it, nullifying its effect.
*/
@@ -24284,10 +25957,10 @@ index 0e2f2a4..4331db2 100644
vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index 8563b45..272f1fe 100644
+index e8ba99c..ee9d7d9 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
-@@ -1685,8 +1685,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
+@@ -1725,8 +1725,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
{
struct kvm *kvm = vcpu->kvm;
int lm = is_long_mode(vcpu);
@@ -24298,7 +25971,7 @@ index 8563b45..272f1fe 100644
u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64
: kvm->arch.xen_hvm_config.blob_size_32;
u32 page_num = data & ~PAGE_MASK;
-@@ -2566,6 +2566,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
+@@ -2609,6 +2609,8 @@ long kvm_arch_dev_ioctl(struct file *filp,
if (n < msr_list.nmsrs)
goto out;
r = -EFAULT;
@@ -24307,16 +25980,7 @@ index 8563b45..272f1fe 100644
if (copy_to_user(user_msr_list->indices, &msrs_to_save,
num_msrs_to_save * sizeof(u32)))
goto out;
-@@ -2695,7 +2697,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu,
- static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu,
- struct kvm_interrupt *irq)
- {
-- if (irq->irq < 0 || irq->irq >= KVM_NR_INTERRUPTS)
-+ if (irq->irq >= KVM_NR_INTERRUPTS)
- return -EINVAL;
- if (irqchip_in_kernel(vcpu->kvm))
- return -ENXIO;
-@@ -5246,7 +5248,7 @@ static struct notifier_block pvclock_gtod_notifier = {
+@@ -5297,7 +5299,7 @@ static struct notifier_block pvclock_gtod_notifier = {
};
#endif
@@ -24826,7 +26490,7 @@ index f5cc9eb..51fa319 100644
CFI_ENDPROC
ENDPROC(atomic64_inc_not_zero_cx8)
diff --git a/arch/x86/lib/checksum_32.S b/arch/x86/lib/checksum_32.S
-index 2af5df3..62b1a5a 100644
+index e78b8ee..7e173a8 100644
--- a/arch/x86/lib/checksum_32.S
+++ b/arch/x86/lib/checksum_32.S
@@ -29,7 +29,8 @@
@@ -25217,27 +26881,43 @@ index 176cca6..1166c50 100644
.byte (copy_page_rep - copy_page) - (2f - 1b) /* offset */
2:
diff --git a/arch/x86/lib/copy_user_64.S b/arch/x86/lib/copy_user_64.S
-index a30ca15..d25fab6 100644
+index a30ca15..6b3f4e1 100644
--- a/arch/x86/lib/copy_user_64.S
+++ b/arch/x86/lib/copy_user_64.S
-@@ -18,6 +18,7 @@
+@@ -18,31 +18,7 @@
#include <asm/alternative-asm.h>
#include <asm/asm.h>
#include <asm/smap.h>
+-
+-/*
+- * By placing feature2 after feature1 in altinstructions section, we logically
+- * implement:
+- * If CPU has feature2, jmp to alt2 is used
+- * else if CPU has feature1, jmp to alt1 is used
+- * else jmp to orig is used.
+- */
+- .macro ALTERNATIVE_JUMP feature1,feature2,orig,alt1,alt2
+-0:
+- .byte 0xe9 /* 32bit jump */
+- .long \orig-1f /* by default jump to orig */
+-1:
+- .section .altinstr_replacement,"ax"
+-2: .byte 0xe9 /* near jump with 32bit immediate */
+- .long \alt1-1b /* offset */ /* or alternatively to alt1 */
+-3: .byte 0xe9 /* near jump with 32bit immediate */
+- .long \alt2-1b /* offset */ /* or alternatively to alt2 */
+- .previous
+-
+- .section .altinstructions,"a"
+- altinstruction_entry 0b,2b,\feature1,5,5
+- altinstruction_entry 0b,3b,\feature2,5,5
+- .previous
+- .endm
+#include <asm/pgtable.h>
- /*
- * By placing feature2 after feature1 in altinstructions section, we logically
-@@ -31,7 +32,7 @@
- .byte 0xe9 /* 32bit jump */
- .long \orig-1f /* by default jump to orig */
- 1:
-- .section .altinstr_replacement,"ax"
-+ .section .altinstr_replacement,"a"
- 2: .byte 0xe9 /* near jump with 32bit immediate */
- .long \alt1-1b /* offset */ /* or alternatively to alt1 */
- 3: .byte 0xe9 /* near jump with 32bit immediate */
-@@ -70,47 +71,20 @@
+ .macro ALIGN_DESTINATION
+ #ifdef FIX_ALIGNMENT
+@@ -70,52 +46,6 @@
#endif
.endm
@@ -25271,24 +26951,34 @@ index a30ca15..d25fab6 100644
- CFI_ENDPROC
-ENDPROC(_copy_from_user)
-
- .section .fixup,"ax"
- /* must zero dest */
- ENTRY(bad_from_user)
- bad_from_user:
+- .section .fixup,"ax"
+- /* must zero dest */
+-ENTRY(bad_from_user)
+-bad_from_user:
+- CFI_STARTPROC
+- movl %edx,%ecx
+- xorl %eax,%eax
+- rep
+- stosb
+-bad_to_user:
+- movl %edx,%eax
+- ret
+- CFI_ENDPROC
+-ENDPROC(bad_from_user)
+- .previous
+-
+ /*
+ * copy_user_generic_unrolled - memory copy with exception handling.
+ * This version is for CPUs like P4 that don't have efficient micro
+@@ -131,6 +61,7 @@ ENDPROC(bad_from_user)
+ */
+ ENTRY(copy_user_generic_unrolled)
CFI_STARTPROC
-+ testl %edx,%edx
-+ js bad_to_user
- movl %edx,%ecx
- xorl %eax,%eax
- rep
- stosb
- bad_to_user:
- movl %edx,%eax
-+ pax_force_retaddr
- ret
- CFI_ENDPROC
- ENDPROC(bad_from_user)
-@@ -141,19 +115,19 @@ ENTRY(copy_user_generic_unrolled)
++ ASM_PAX_OPEN_USERLAND
+ ASM_STAC
+ cmpl $8,%edx
+ jb 20f /* less then 8 bytes, go to byte copy loop */
+@@ -141,19 +72,19 @@ ENTRY(copy_user_generic_unrolled)
jz 17f
1: movq (%rsi),%r8
2: movq 1*8(%rsi),%r9
@@ -25312,32 +27002,51 @@ index a30ca15..d25fab6 100644
16: movq %r11,7*8(%rdi)
leaq 64(%rsi),%rsi
leaq 64(%rdi),%rdi
-@@ -180,6 +154,7 @@ ENTRY(copy_user_generic_unrolled)
+@@ -180,6 +111,8 @@ ENTRY(copy_user_generic_unrolled)
jnz 21b
23: xor %eax,%eax
ASM_CLAC
++ ASM_PAX_CLOSE_USERLAND
+ pax_force_retaddr
ret
.section .fixup,"ax"
-@@ -251,6 +226,7 @@ ENTRY(copy_user_generic_string)
+@@ -235,6 +168,7 @@ ENDPROC(copy_user_generic_unrolled)
+ */
+ ENTRY(copy_user_generic_string)
+ CFI_STARTPROC
++ ASM_PAX_OPEN_USERLAND
+ ASM_STAC
+ andl %edx,%edx
+ jz 4f
+@@ -251,6 +185,8 @@ ENTRY(copy_user_generic_string)
movsb
4: xorl %eax,%eax
ASM_CLAC
++ ASM_PAX_CLOSE_USERLAND
+ pax_force_retaddr
ret
.section .fixup,"ax"
-@@ -286,6 +262,7 @@ ENTRY(copy_user_enhanced_fast_string)
+@@ -278,6 +214,7 @@ ENDPROC(copy_user_generic_string)
+ */
+ ENTRY(copy_user_enhanced_fast_string)
+ CFI_STARTPROC
++ ASM_PAX_OPEN_USERLAND
+ ASM_STAC
+ andl %edx,%edx
+ jz 2f
+@@ -286,6 +223,8 @@ ENTRY(copy_user_enhanced_fast_string)
movsb
2: xorl %eax,%eax
ASM_CLAC
++ ASM_PAX_CLOSE_USERLAND
+ pax_force_retaddr
ret
.section .fixup,"ax"
diff --git a/arch/x86/lib/copy_user_nocache_64.S b/arch/x86/lib/copy_user_nocache_64.S
-index 6a4f43c..f08b4a2 100644
+index 6a4f43c..55d26f2 100644
--- a/arch/x86/lib/copy_user_nocache_64.S
+++ b/arch/x86/lib/copy_user_nocache_64.S
@@ -8,6 +8,7 @@
@@ -25356,7 +27065,7 @@ index 6a4f43c..f08b4a2 100644
.macro ALIGN_DESTINATION
#ifdef FIX_ALIGNMENT
-@@ -49,6 +51,15 @@
+@@ -49,6 +51,16 @@
*/
ENTRY(__copy_user_nocache)
CFI_STARTPROC
@@ -25369,10 +27078,11 @@ index 6a4f43c..f08b4a2 100644
+1:
+#endif
+
++ ASM_PAX_OPEN_USERLAND
ASM_STAC
cmpl $8,%edx
jb 20f /* less then 8 bytes, go to byte copy loop */
-@@ -59,19 +70,19 @@ ENTRY(__copy_user_nocache)
+@@ -59,19 +71,19 @@ ENTRY(__copy_user_nocache)
jz 17f
1: movq (%rsi),%r8
2: movq 1*8(%rsi),%r9
@@ -25396,9 +27106,11 @@ index 6a4f43c..f08b4a2 100644
16: movnti %r11,7*8(%rdi)
leaq 64(%rsi),%rsi
leaq 64(%rdi),%rdi
-@@ -99,6 +110,7 @@ ENTRY(__copy_user_nocache)
+@@ -98,7 +110,9 @@ ENTRY(__copy_user_nocache)
+ jnz 21b
23: xorl %eax,%eax
ASM_CLAC
++ ASM_PAX_CLOSE_USERLAND
sfence
+ pax_force_retaddr
ret
@@ -25425,29 +27137,40 @@ index 2419d5f..953ee51 100644
CFI_RESTORE_STATE
diff --git a/arch/x86/lib/csum-wrappers_64.c b/arch/x86/lib/csum-wrappers_64.c
-index 25b7ae8..169fafc 100644
+index 25b7ae8..c40113e 100644
--- a/arch/x86/lib/csum-wrappers_64.c
+++ b/arch/x86/lib/csum-wrappers_64.c
-@@ -52,7 +52,7 @@ csum_partial_copy_from_user(const void __user *src, void *dst,
+@@ -52,8 +52,12 @@ csum_partial_copy_from_user(const void __user *src, void *dst,
len -= 2;
}
}
- isum = csum_partial_copy_generic((__force const void *)src,
++ pax_open_userland();
++ stac();
+ isum = csum_partial_copy_generic((const void __force_kernel *)____m(src),
dst, len, isum, errp, NULL);
++ clac();
++ pax_close_userland();
if (unlikely(*errp))
goto out_err;
-@@ -105,7 +105,7 @@ csum_partial_copy_to_user(const void *src, void __user *dst,
+
+@@ -105,8 +109,13 @@ csum_partial_copy_to_user(const void *src, void __user *dst,
}
*errp = 0;
- return csum_partial_copy_generic(src, (void __force *)dst,
-+ return csum_partial_copy_generic(src, (void __force_kernel *)____m(dst),
++ pax_open_userland();
++ stac();
++ isum = csum_partial_copy_generic(src, (void __force_kernel *)____m(dst),
len, isum, NULL, errp);
++ clac();
++ pax_close_userland();
++ return isum;
}
EXPORT_SYMBOL(csum_partial_copy_to_user);
+
diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S
-index a451235..79fb5cf 100644
+index a451235..1daa956 100644
--- a/arch/x86/lib/getuser.S
+++ b/arch/x86/lib/getuser.S
@@ -33,17 +33,40 @@
@@ -25573,8 +27296,14 @@ index a451235..79fb5cf 100644
ret
#else
add $7,%_ASM_AX
-@@ -102,6 +163,7 @@ ENTRY(__get_user_8)
- 5: movl -3(%_ASM_AX),%ecx
+@@ -98,10 +159,11 @@ ENTRY(__get_user_8)
+ cmp TI_addr_limit(%_ASM_DX),%_ASM_AX
+ jae bad_get_user_8
+ ASM_STAC
+-4: movl -7(%_ASM_AX),%edx
+-5: movl -3(%_ASM_AX),%ecx
++4: __copyuser_seg movl -7(%_ASM_AX),%edx
++5: __copyuser_seg movl -3(%_ASM_AX),%ecx
xor %eax,%eax
ASM_CLAC
+ pax_force_retaddr
@@ -25644,9 +27373,18 @@ index 05a95e7..326f2fa 100644
CFI_ENDPROC
ENDPROC(__iowrite32_copy)
diff --git a/arch/x86/lib/memcpy_64.S b/arch/x86/lib/memcpy_64.S
-index 1c273be..da9cc0e 100644
+index 56313a3..9b59269 100644
--- a/arch/x86/lib/memcpy_64.S
+++ b/arch/x86/lib/memcpy_64.S
+@@ -24,7 +24,7 @@
+ * This gets patched over the unrolled variant (below) via the
+ * alternative instructions framework:
+ */
+- .section .altinstr_replacement, "ax", @progbits
++ .section .altinstr_replacement, "a", @progbits
+ .Lmemcpy_c:
+ movq %rdi, %rax
+ movq %rdx, %rcx
@@ -33,6 +33,7 @@
rep movsq
movl %edx, %ecx
@@ -25655,7 +27393,13 @@ index 1c273be..da9cc0e 100644
ret
.Lmemcpy_e:
.previous
-@@ -49,6 +50,7 @@
+@@ -44,11 +45,12 @@
+ * This gets patched over the unrolled variant (below) via the
+ * alternative instructions framework:
+ */
+- .section .altinstr_replacement, "ax", @progbits
++ .section .altinstr_replacement, "a", @progbits
+ .Lmemcpy_c_e:
movq %rdi, %rax
movq %rdx, %rcx
rep movsb
@@ -25735,7 +27479,7 @@ index 1c273be..da9cc0e 100644
CFI_ENDPROC
ENDPROC(memcpy)
diff --git a/arch/x86/lib/memmove_64.S b/arch/x86/lib/memmove_64.S
-index ee16461..c39c199 100644
+index 65268a6..5aa7815 100644
--- a/arch/x86/lib/memmove_64.S
+++ b/arch/x86/lib/memmove_64.S
@@ -61,13 +61,13 @@ ENTRY(memmove)
@@ -25850,7 +27594,7 @@ index ee16461..c39c199 100644
jmp 13f
12:
cmp $1, %rdx
-@@ -202,6 +202,7 @@ ENTRY(memmove)
+@@ -202,14 +202,16 @@ ENTRY(memmove)
movb (%rsi), %r11b
movb %r11b, (%rdi)
13:
@@ -25858,7 +27602,9 @@ index ee16461..c39c199 100644
retq
CFI_ENDPROC
-@@ -210,6 +211,7 @@ ENTRY(memmove)
+- .section .altinstr_replacement,"ax"
++ .section .altinstr_replacement,"a"
+ .Lmemmove_begin_forward_efs:
/* Forward moving data. */
movq %rdx, %rcx
rep movsb
@@ -25867,9 +27613,18 @@ index ee16461..c39c199 100644
.Lmemmove_end_forward_efs:
.previous
diff --git a/arch/x86/lib/memset_64.S b/arch/x86/lib/memset_64.S
-index 2dcb380..963660a 100644
+index 2dcb380..50a78bc 100644
--- a/arch/x86/lib/memset_64.S
+++ b/arch/x86/lib/memset_64.S
+@@ -16,7 +16,7 @@
+ *
+ * rax original destination
+ */
+- .section .altinstr_replacement, "ax", @progbits
++ .section .altinstr_replacement, "a", @progbits
+ .Lmemset_c:
+ movq %rdi,%r9
+ movq %rdx,%rcx
@@ -30,6 +30,7 @@
movl %edx,%ecx
rep stosb
@@ -25878,7 +27633,15 @@ index 2dcb380..963660a 100644
ret
.Lmemset_e:
.previous
-@@ -52,6 +53,7 @@
+@@ -45,13 +46,14 @@
+ *
+ * rax original destination
+ */
+- .section .altinstr_replacement, "ax", @progbits
++ .section .altinstr_replacement, "a", @progbits
+ .Lmemset_c_e:
+ movq %rdi,%r9
+ movb %sil,%al
movq %rdx,%rcx
rep stosb
movq %r9,%rax
@@ -26552,7 +28315,7 @@ index a63efd6..ccecad8 100644
ret
CFI_ENDPROC
diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c
-index f0312d7..9c39d63 100644
+index 3eb18ac..6890bc3 100644
--- a/arch/x86/lib/usercopy_32.c
+++ b/arch/x86/lib/usercopy_32.c
@@ -42,11 +42,13 @@ do { \
@@ -27070,7 +28833,7 @@ index f0312d7..9c39d63 100644
clac();
return n;
}
-@@ -632,66 +743,51 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr
+@@ -632,60 +743,38 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr
if (n > 64 && cpu_has_xmm2)
n = __copy_user_intel_nocache(to, from, n);
else
@@ -27100,15 +28863,28 @@ index f0312d7..9c39d63 100644
- */
-unsigned long
-copy_to_user(void __user *to, const void *from, unsigned long n)
-+void copy_from_user_overflow(void)
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++void __set_fs(mm_segment_t x)
{
- if (access_ok(VERIFY_WRITE, to, n))
- n = __copy_to_user(to, from, n);
- return n;
-+ WARN(1, "Buffer overflow detected!\n");
++ switch (x.seg) {
++ case 0:
++ loadsegment(gs, 0);
++ break;
++ case TASK_SIZE_MAX:
++ loadsegment(gs, __USER_DS);
++ break;
++ case -1UL:
++ loadsegment(gs, __KERNEL_DS);
++ break;
++ default:
++ BUG();
++ }
}
-EXPORT_SYMBOL(copy_to_user);
-+EXPORT_SYMBOL(copy_from_user_overflow);
++EXPORT_SYMBOL(__set_fs);
-/**
- * copy_from_user: - Copy a block of data from user space.
@@ -27128,53 +28904,32 @@ index f0312d7..9c39d63 100644
- */
-unsigned long
-_copy_from_user(void *to, const void __user *from, unsigned long n)
-+void copy_to_user_overflow(void)
++void set_fs(mm_segment_t x)
{
- if (access_ok(VERIFY_READ, from, n))
- n = __copy_from_user(to, from, n);
- else
- memset(to, 0, n);
- return n;
-+ WARN(1, "Buffer overflow detected!\n");
- }
--EXPORT_SYMBOL(_copy_from_user);
-+EXPORT_SYMBOL(copy_to_user_overflow);
-
--void copy_from_user_overflow(void)
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+void __set_fs(mm_segment_t x)
- {
-- WARN(1, "Buffer overflow detected!\n");
-+ switch (x.seg) {
-+ case 0:
-+ loadsegment(gs, 0);
-+ break;
-+ case TASK_SIZE_MAX:
-+ loadsegment(gs, __USER_DS);
-+ break;
-+ case -1UL:
-+ loadsegment(gs, __KERNEL_DS);
-+ break;
-+ default:
-+ BUG();
-+ }
-+ return;
- }
--EXPORT_SYMBOL(copy_from_user_overflow);
-+EXPORT_SYMBOL(__set_fs);
-+
-+void set_fs(mm_segment_t x)
-+{
+ current_thread_info()->addr_limit = x;
+ __set_fs(x);
-+}
+ }
+-EXPORT_SYMBOL(_copy_from_user);
+EXPORT_SYMBOL(set_fs);
+#endif
diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c
-index 906fea3..ee8a097 100644
+index 906fea3..0194a18 100644
--- a/arch/x86/lib/usercopy_64.c
+++ b/arch/x86/lib/usercopy_64.c
-@@ -39,7 +39,7 @@ unsigned long __clear_user(void __user *addr, unsigned long size)
+@@ -18,6 +18,7 @@ unsigned long __clear_user(void __user *addr, unsigned long size)
+ might_fault();
+ /* no memory constraint because it doesn't change any memory gcc knows
+ about */
++ pax_open_userland();
+ stac();
+ asm volatile(
+ " testq %[size8],%[size8]\n"
+@@ -39,9 +40,10 @@ unsigned long __clear_user(void __user *addr, unsigned long size)
_ASM_EXTABLE(0b,3b)
_ASM_EXTABLE(1b,2b)
: [size8] "=&c"(size), [dst] "=&D" (__d0)
@@ -27182,8 +28937,11 @@ index 906fea3..ee8a097 100644
+ : [size1] "r"(size & 7), "[size8]" (size / 8), "[dst]"(____m(addr)),
[zero] "r" (0UL), [eight] "r" (8UL));
clac();
++ pax_close_userland();
return size;
-@@ -54,12 +54,11 @@ unsigned long clear_user(void __user *to, unsigned long n)
+ }
+ EXPORT_SYMBOL(__clear_user);
+@@ -54,12 +56,11 @@ unsigned long clear_user(void __user *to, unsigned long n)
}
EXPORT_SYMBOL(clear_user);
@@ -27200,7 +28958,7 @@ index 906fea3..ee8a097 100644
}
EXPORT_SYMBOL(copy_in_user);
-@@ -69,7 +68,7 @@ EXPORT_SYMBOL(copy_in_user);
+@@ -69,11 +70,13 @@ EXPORT_SYMBOL(copy_in_user);
* it is not necessary to optimize tail handling.
*/
unsigned long
@@ -27209,22 +28967,31 @@ index 906fea3..ee8a097 100644
{
char c;
unsigned zero_len;
-@@ -87,3 +86,15 @@ copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest)
- clac();
+
++ clac();
++ pax_close_userland();
+ for (; len; --len, to++) {
+ if (__get_user_nocheck(c, from++, sizeof(char)))
+ break;
+@@ -84,6 +87,5 @@ copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest)
+ for (c = 0, zero_len = len; zerorest && zero_len; --zero_len)
+ if (__put_user_nocheck(c, to++, sizeof(char)))
+ break;
+- clac();
return len;
}
+diff --git a/arch/x86/mm/Makefile b/arch/x86/mm/Makefile
+index 23d8e5f..9ccc13a 100644
+--- a/arch/x86/mm/Makefile
++++ b/arch/x86/mm/Makefile
+@@ -28,3 +28,7 @@ obj-$(CONFIG_ACPI_NUMA) += srat.o
+ obj-$(CONFIG_NUMA_EMU) += numa_emulation.o
+
+ obj-$(CONFIG_MEMTEST) += memtest.o
+
-+void copy_from_user_overflow(void)
-+{
-+ WARN(1, "Buffer overflow detected!\n");
-+}
-+EXPORT_SYMBOL(copy_from_user_overflow);
-+
-+void copy_to_user_overflow(void)
-+{
-+ WARN(1, "Buffer overflow detected!\n");
-+}
-+EXPORT_SYMBOL(copy_to_user_overflow);
++quote:="
++obj-$(CONFIG_X86_64) += uderef_64.o
++CFLAGS_uderef_64.o := $(subst $(quote),,$(CONFIG_ARCH_HWEIGHT_CFLAGS))
diff --git a/arch/x86/mm/extable.c b/arch/x86/mm/extable.c
index 903ec1e..c4166b2 100644
--- a/arch/x86/mm/extable.c
@@ -27280,13 +29047,13 @@ index 903ec1e..c4166b2 100644
}
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c
-index 0e88336..2bb9777 100644
+index 654be4a..a4a3da1 100644
--- a/arch/x86/mm/fault.c
+++ b/arch/x86/mm/fault.c
-@@ -13,12 +13,19 @@
- #include <linux/perf_event.h> /* perf_sw_event */
+@@ -14,11 +14,18 @@
#include <linux/hugetlb.h> /* hstate_index_to_shift */
#include <linux/prefetch.h> /* prefetchw */
+ #include <linux/context_tracking.h> /* exception_enter(), ... */
+#include <linux/unistd.h>
+#include <linux/compiler.h>
@@ -27294,7 +29061,6 @@ index 0e88336..2bb9777 100644
#include <asm/pgalloc.h> /* pgd_*(), ... */
#include <asm/kmemcheck.h> /* kmemcheck_*(), ... */
#include <asm/fixmap.h> /* VSYSCALL_START */
- #include <asm/context_tracking.h> /* exception_enter(), ... */
+#include <asm/tlbflush.h>
+
+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
@@ -27371,7 +29137,7 @@ index 0e88336..2bb9777 100644
DEFINE_SPINLOCK(pgd_lock);
LIST_HEAD(pgd_list);
-@@ -232,10 +273,22 @@ void vmalloc_sync_all(void)
+@@ -232,10 +273,27 @@ void vmalloc_sync_all(void)
for (address = VMALLOC_START & PMD_MASK;
address >= TASK_SIZE && address < FIXADDR_TOP;
address += PMD_SIZE) {
@@ -27386,15 +29152,20 @@ index 0e88336..2bb9777 100644
+
+#ifdef CONFIG_PAX_PER_CPU_PGD
+ for (cpu = 0; cpu < nr_cpu_ids; ++cpu) {
-+ pgd_t *pgd = get_cpu_pgd(cpu);
++ pgd_t *pgd = get_cpu_pgd(cpu, user);
+ pmd_t *ret;
++
++ ret = vmalloc_sync_one(pgd, address);
++ if (!ret)
++ break;
++ pgd = get_cpu_pgd(cpu, kernel);
+#else
list_for_each_entry(page, &pgd_list, lru) {
+ pgd_t *pgd;
spinlock_t *pgt_lock;
pmd_t *ret;
-@@ -243,8 +296,14 @@ void vmalloc_sync_all(void)
+@@ -243,8 +301,14 @@ void vmalloc_sync_all(void)
pgt_lock = &pgd_page_get_mm(page)->page_table_lock;
spin_lock(pgt_lock);
@@ -27410,34 +29181,47 @@ index 0e88336..2bb9777 100644
if (!ret)
break;
-@@ -278,6 +337,11 @@ static noinline __kprobes int vmalloc_fault(unsigned long address)
+@@ -278,6 +342,12 @@ static noinline __kprobes int vmalloc_fault(unsigned long address)
* an interrupt in the middle of a task switch..
*/
pgd_paddr = read_cr3();
+
+#ifdef CONFIG_PAX_PER_CPU_PGD
-+ BUG_ON(__pa(get_cpu_pgd(smp_processor_id())) != (pgd_paddr & PHYSICAL_PAGE_MASK));
++ BUG_ON(__pa(get_cpu_pgd(smp_processor_id(), kernel)) != (pgd_paddr & __PHYSICAL_MASK));
++ vmalloc_sync_one(__va(pgd_paddr + PAGE_SIZE), address);
+#endif
+
pmd_k = vmalloc_sync_one(__va(pgd_paddr), address);
if (!pmd_k)
return -1;
-@@ -373,7 +437,14 @@ static noinline __kprobes int vmalloc_fault(unsigned long address)
+@@ -373,11 +443,25 @@ static noinline __kprobes int vmalloc_fault(unsigned long address)
* happen within a race in page table update. In the later
* case just flush:
*/
+- pgd = pgd_offset(current->active_mm, address);
+
+ pgd_ref = pgd_offset_k(address);
+ if (pgd_none(*pgd_ref))
+ return -1;
+
+#ifdef CONFIG_PAX_PER_CPU_PGD
-+ BUG_ON(__pa(get_cpu_pgd(smp_processor_id())) != (read_cr3() & PHYSICAL_PAGE_MASK));
-+ pgd = pgd_offset_cpu(smp_processor_id(), address);
++ BUG_ON(__pa(get_cpu_pgd(smp_processor_id(), kernel)) != (read_cr3() & __PHYSICAL_MASK));
++ pgd = pgd_offset_cpu(smp_processor_id(), user, address);
++ if (pgd_none(*pgd)) {
++ set_pgd(pgd, *pgd_ref);
++ arch_flush_lazy_mmu_mode();
++ } else {
++ BUG_ON(pgd_page_vaddr(*pgd) != pgd_page_vaddr(*pgd_ref));
++ }
++ pgd = pgd_offset_cpu(smp_processor_id(), kernel, address);
+#else
- pgd = pgd_offset(current->active_mm, address);
++ pgd = pgd_offset(current->active_mm, address);
+#endif
+
- pgd_ref = pgd_offset_k(address);
- if (pgd_none(*pgd_ref))
- return -1;
-@@ -543,7 +614,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address)
+ if (pgd_none(*pgd)) {
+ set_pgd(pgd, *pgd_ref);
+ arch_flush_lazy_mmu_mode();
+@@ -543,7 +627,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address)
static int is_errata100(struct pt_regs *regs, unsigned long address)
{
#ifdef CONFIG_X86_64
@@ -27446,7 +29230,7 @@ index 0e88336..2bb9777 100644
return 1;
#endif
return 0;
-@@ -570,7 +641,7 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address)
+@@ -570,7 +654,7 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address)
}
static const char nx_warning[] = KERN_CRIT
@@ -27455,7 +29239,7 @@ index 0e88336..2bb9777 100644
static void
show_fault_oops(struct pt_regs *regs, unsigned long error_code,
-@@ -579,15 +650,27 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
+@@ -579,15 +663,27 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code,
if (!oops_may_print())
return;
@@ -27485,7 +29269,7 @@ index 0e88336..2bb9777 100644
printk(KERN_ALERT "BUG: unable to handle kernel ");
if (address < PAGE_SIZE)
printk(KERN_CONT "NULL pointer dereference");
-@@ -750,6 +833,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
+@@ -750,6 +846,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code,
return;
}
#endif
@@ -27508,7 +29292,7 @@ index 0e88336..2bb9777 100644
/* Kernel addresses are always protection faults: */
if (address >= TASK_SIZE)
error_code |= PF_PROT;
-@@ -835,7 +934,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
+@@ -835,7 +947,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address,
if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) {
printk(KERN_ERR
"MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n",
@@ -27517,7 +29301,7 @@ index 0e88336..2bb9777 100644
code = BUS_MCEERR_AR;
}
#endif
-@@ -898,6 +997,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
+@@ -898,6 +1010,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte)
return 1;
}
@@ -27617,7 +29401,7 @@ index 0e88336..2bb9777 100644
/*
* Handle a spurious fault caused by a stale TLB entry.
*
-@@ -964,6 +1156,9 @@ int show_unhandled_signals = 1;
+@@ -964,6 +1169,9 @@ int show_unhandled_signals = 1;
static inline int
access_error(unsigned long error_code, struct vm_area_struct *vma)
{
@@ -27627,7 +29411,7 @@ index 0e88336..2bb9777 100644
if (error_code & PF_WRITE) {
/* write, present and write, not present: */
if (unlikely(!(vma->vm_flags & VM_WRITE)))
-@@ -992,7 +1187,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
+@@ -992,7 +1200,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs)
if (error_code & PF_USER)
return false;
@@ -27636,7 +29420,7 @@ index 0e88336..2bb9777 100644
return false;
return true;
-@@ -1008,19 +1203,34 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1008,18 +1216,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
{
struct vm_area_struct *vma;
struct task_struct *tsk;
@@ -27647,7 +29431,11 @@ index 0e88336..2bb9777 100644
unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE |
(write ? FAULT_FLAG_WRITE : 0);
-+ /* Get the faulting address: */
+- tsk = current;
+- mm = tsk->mm;
+-
+ /* Get the faulting address: */
+- address = read_cr2();
+ unsigned long address = read_cr2();
+
+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
@@ -27666,16 +29454,12 @@ index 0e88336..2bb9777 100644
+ }
+#endif
+
- tsk = current;
- mm = tsk->mm;
++ tsk = current;
++ mm = tsk->mm;
-- /* Get the faulting address: */
-- address = read_cr2();
--
/*
* Detect and handle instructions that would cause a page fault for
- * both a tracked kernel page and a userspace page.
-@@ -1080,7 +1290,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1080,7 +1303,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code)
* User-mode registers count as a user access even for any
* potential system fault or CPU buglet:
*/
@@ -27684,7 +29468,7 @@ index 0e88336..2bb9777 100644
local_irq_enable();
error_code |= PF_USER;
} else {
-@@ -1142,6 +1352,11 @@ retry:
+@@ -1142,6 +1365,11 @@ retry:
might_sleep();
}
@@ -27696,7 +29480,7 @@ index 0e88336..2bb9777 100644
vma = find_vma(mm, address);
if (unlikely(!vma)) {
bad_area(regs, error_code, address);
-@@ -1153,18 +1368,24 @@ retry:
+@@ -1153,18 +1381,24 @@ retry:
bad_area(regs, error_code, address);
return;
}
@@ -27732,9 +29516,9 @@ index 0e88336..2bb9777 100644
if (unlikely(expand_stack(vma, address))) {
bad_area(regs, error_code, address);
return;
-@@ -1228,3 +1449,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
+@@ -1230,3 +1464,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code)
__do_page_fault(regs, error_code);
- exception_exit(regs);
+ exception_exit(prev_state);
}
+
+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
@@ -28039,7 +29823,7 @@ index dd74e46..7d26398 100644
return 0;
diff --git a/arch/x86/mm/highmem_32.c b/arch/x86/mm/highmem_32.c
-index 6f31ee5..8ee4164 100644
+index 252b8f5..4dcfdc1 100644
--- a/arch/x86/mm/highmem_32.c
+++ b/arch/x86/mm/highmem_32.c
@@ -44,7 +44,11 @@ void *kmap_atomic_prot(struct page *page, pgprot_t prot)
@@ -28163,7 +29947,7 @@ index ae1aa71..d9bea75 100644
#endif /*HAVE_ARCH_HUGETLB_UNMAPPED_AREA*/
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index 0c13708..ca05f23 100644
+index 1f34e92..c97b98f 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -4,6 +4,7 @@
@@ -28183,15 +29967,18 @@ index 0c13708..ca05f23 100644
#include "mm_internal.h"
-@@ -448,7 +451,15 @@ void __init init_mem_mapping(void)
+@@ -465,7 +468,18 @@ void __init init_mem_mapping(void)
early_ioremap_page_table_range_init();
#endif
+#ifdef CONFIG_PAX_PER_CPU_PGD
-+ clone_pgd_range(get_cpu_pgd(0) + KERNEL_PGD_BOUNDARY,
++ clone_pgd_range(get_cpu_pgd(0, kernel) + KERNEL_PGD_BOUNDARY,
+ swapper_pg_dir + KERNEL_PGD_BOUNDARY,
+ KERNEL_PGD_PTRS);
-+ load_cr3(get_cpu_pgd(0));
++ clone_pgd_range(get_cpu_pgd(0, user) + KERNEL_PGD_BOUNDARY,
++ swapper_pg_dir + KERNEL_PGD_BOUNDARY,
++ KERNEL_PGD_PTRS);
++ load_cr3(get_cpu_pgd(0, kernel));
+#else
load_cr3(swapper_pg_dir);
+#endif
@@ -28199,7 +29986,7 @@ index 0c13708..ca05f23 100644
__flush_tlb_all();
early_memtest(0, max_pfn_mapped << PAGE_SHIFT);
-@@ -464,10 +475,40 @@ void __init init_mem_mapping(void)
+@@ -481,10 +495,40 @@ void __init init_mem_mapping(void)
* Access has to be given to non-kernel-ram areas as well, these contain the PCI
* mmio resources as well as potential bios/acpi data regions.
*/
@@ -28215,10 +30002,10 @@ index 0c13708..ca05f23 100644
+#ifdef CONFIG_GRKERNSEC_KMEM
+ /* allow BDA */
+ if (!pagenr)
-+ return 1;
+ return 1;
+ /* allow EBDA */
+ if (pagenr >= ebda_start && pagenr < ebda_end)
- return 1;
++ return 1;
+ /* if tboot is in use, allow access to its hardcoded serial log range */
+ if (tboot_enabled() && ((0x60000 >> PAGE_SHIFT) <= pagenr) && (pagenr < (0x68000 >> PAGE_SHIFT)))
+ return 1;
@@ -28241,7 +30028,7 @@ index 0c13708..ca05f23 100644
if (iomem_is_exclusive(pagenr << PAGE_SHIFT))
return 0;
if (!page_is_ram(pagenr))
-@@ -524,8 +565,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
+@@ -538,8 +582,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end)
#endif
}
@@ -28360,7 +30147,7 @@ index 0c13708..ca05f23 100644
(unsigned long)(&__init_begin),
(unsigned long)(&__init_end));
diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c
-index 2d19001..e549d98 100644
+index 3ac7e31..89611b7 100644
--- a/arch/x86/mm/init_32.c
+++ b/arch/x86/mm/init_32.c
@@ -62,33 +62,6 @@ static noinline int do_test_wp_bit(void);
@@ -28550,7 +30337,7 @@ index 2d19001..e549d98 100644
prot = PAGE_KERNEL_EXEC;
pages_4k++;
-@@ -482,7 +486,7 @@ void __init native_pagetable_init(void)
+@@ -474,7 +478,7 @@ void __init native_pagetable_init(void)
pud = pud_offset(pgd, va);
pmd = pmd_offset(pud, va);
@@ -28559,7 +30346,7 @@ index 2d19001..e549d98 100644
break;
/* should not be large page here */
-@@ -540,12 +544,10 @@ void __init early_ioremap_page_table_range_init(void)
+@@ -532,12 +536,10 @@ void __init early_ioremap_page_table_range_init(void)
static void __init pagetable_init(void)
{
@@ -28574,7 +30361,7 @@ index 2d19001..e549d98 100644
EXPORT_SYMBOL_GPL(__supported_pte_mask);
/* user-defined highmem size */
-@@ -780,7 +782,7 @@ void __init mem_init(void)
+@@ -772,7 +774,7 @@ void __init mem_init(void)
after_bootmem = 1;
codesize = (unsigned long) &_etext - (unsigned long) &_text;
@@ -28583,7 +30370,7 @@ index 2d19001..e549d98 100644
initsize = (unsigned long) &__init_end - (unsigned long) &__init_begin;
printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, "
-@@ -821,10 +823,10 @@ void __init mem_init(void)
+@@ -813,10 +815,10 @@ void __init mem_init(void)
((unsigned long)&__init_end -
(unsigned long)&__init_begin) >> 10,
@@ -28597,7 +30384,7 @@ index 2d19001..e549d98 100644
((unsigned long)&_etext - (unsigned long)&_text) >> 10);
/*
-@@ -914,6 +916,7 @@ void set_kernel_text_rw(void)
+@@ -906,6 +908,7 @@ void set_kernel_text_rw(void)
if (!kernel_set_to_readonly)
return;
@@ -28605,7 +30392,7 @@ index 2d19001..e549d98 100644
pr_debug("Set kernel text: %lx - %lx for read write\n",
start, start+size);
-@@ -928,6 +931,7 @@ void set_kernel_text_ro(void)
+@@ -920,6 +923,7 @@ void set_kernel_text_ro(void)
if (!kernel_set_to_readonly)
return;
@@ -28613,7 +30400,7 @@ index 2d19001..e549d98 100644
pr_debug("Set kernel text: %lx - %lx for read only\n",
start, start+size);
-@@ -956,6 +960,7 @@ void mark_rodata_ro(void)
+@@ -948,6 +952,7 @@ void mark_rodata_ro(void)
unsigned long start = PFN_ALIGN(_text);
unsigned long size = PFN_ALIGN(_etext) - start;
@@ -28622,10 +30409,10 @@ index 2d19001..e549d98 100644
printk(KERN_INFO "Write protecting the kernel text: %luk\n",
size >> 10);
diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c
-index 474e28f..f016b6e 100644
+index bb00c46..bf91a67 100644
--- a/arch/x86/mm/init_64.c
+++ b/arch/x86/mm/init_64.c
-@@ -150,7 +150,7 @@ early_param("gbpages", parse_direct_gbpages_on);
+@@ -151,7 +151,7 @@ early_param("gbpages", parse_direct_gbpages_on);
* around without checking the pgd every time.
*/
@@ -28634,7 +30421,7 @@ index 474e28f..f016b6e 100644
EXPORT_SYMBOL_GPL(__supported_pte_mask);
int force_personality32;
-@@ -183,12 +183,22 @@ void sync_global_pgds(unsigned long start, unsigned long end)
+@@ -184,12 +184,29 @@ void sync_global_pgds(unsigned long start, unsigned long end)
for (address = start; address <= end; address += PGDIR_SIZE) {
const pgd_t *pgd_ref = pgd_offset_k(address);
@@ -28652,12 +30439,19 @@ index 474e28f..f016b6e 100644
+
+#ifdef CONFIG_PAX_PER_CPU_PGD
+ for (cpu = 0; cpu < nr_cpu_ids; ++cpu) {
-+ pgd_t *pgd = pgd_offset_cpu(cpu, address);
++ pgd_t *pgd = pgd_offset_cpu(cpu, user, address);
++
++ if (pgd_none(*pgd))
++ set_pgd(pgd, *pgd_ref);
++ else
++ BUG_ON(pgd_page_vaddr(*pgd)
++ != pgd_page_vaddr(*pgd_ref));
++ pgd = pgd_offset_cpu(cpu, kernel, address);
+#else
list_for_each_entry(page, &pgd_list, lru) {
pgd_t *pgd;
spinlock_t *pgt_lock;
-@@ -197,6 +207,7 @@ void sync_global_pgds(unsigned long start, unsigned long end)
+@@ -198,6 +215,7 @@ void sync_global_pgds(unsigned long start, unsigned long end)
/* the pgt_lock only for Xen */
pgt_lock = &pgd_page_get_mm(page)->page_table_lock;
spin_lock(pgt_lock);
@@ -28665,7 +30459,7 @@ index 474e28f..f016b6e 100644
if (pgd_none(*pgd))
set_pgd(pgd, *pgd_ref);
-@@ -204,7 +215,10 @@ void sync_global_pgds(unsigned long start, unsigned long end)
+@@ -205,7 +223,10 @@ void sync_global_pgds(unsigned long start, unsigned long end)
BUG_ON(pgd_page_vaddr(*pgd)
!= pgd_page_vaddr(*pgd_ref));
@@ -28676,7 +30470,7 @@ index 474e28f..f016b6e 100644
}
spin_unlock(&pgd_lock);
}
-@@ -237,7 +251,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr)
+@@ -238,7 +259,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr)
{
if (pgd_none(*pgd)) {
pud_t *pud = (pud_t *)spp_getpage();
@@ -28685,7 +30479,7 @@ index 474e28f..f016b6e 100644
if (pud != pud_offset(pgd, 0))
printk(KERN_ERR "PAGETABLE BUG #00! %p <-> %p\n",
pud, pud_offset(pgd, 0));
-@@ -249,7 +263,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr)
+@@ -250,7 +271,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr)
{
if (pud_none(*pud)) {
pmd_t *pmd = (pmd_t *) spp_getpage();
@@ -28694,7 +30488,7 @@ index 474e28f..f016b6e 100644
if (pmd != pmd_offset(pud, 0))
printk(KERN_ERR "PAGETABLE BUG #01! %p <-> %p\n",
pmd, pmd_offset(pud, 0));
-@@ -278,7 +292,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte)
+@@ -279,7 +300,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte)
pmd = fill_pmd(pud, vaddr);
pte = fill_pte(pmd, vaddr);
@@ -28704,7 +30498,7 @@ index 474e28f..f016b6e 100644
/*
* It's enough to flush this one mapping.
-@@ -337,14 +353,12 @@ static void __init __init_extra_mapping(unsigned long phys, unsigned long size,
+@@ -338,14 +361,12 @@ static void __init __init_extra_mapping(unsigned long phys, unsigned long size,
pgd = pgd_offset_k((unsigned long)__va(phys));
if (pgd_none(*pgd)) {
pud = (pud_t *) spp_getpage();
@@ -28721,7 +30515,7 @@ index 474e28f..f016b6e 100644
}
pmd = pmd_offset(pud, phys);
BUG_ON(!pmd_none(*pmd));
-@@ -585,7 +599,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end,
+@@ -586,7 +607,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end,
prot);
spin_lock(&init_mm.page_table_lock);
@@ -28730,7 +30524,7 @@ index 474e28f..f016b6e 100644
spin_unlock(&init_mm.page_table_lock);
}
__flush_tlb_all();
-@@ -626,7 +640,7 @@ kernel_physical_mapping_init(unsigned long start,
+@@ -627,7 +648,7 @@ kernel_physical_mapping_init(unsigned long start,
page_size_mask);
spin_lock(&init_mm.page_table_lock);
@@ -28739,7 +30533,7 @@ index 474e28f..f016b6e 100644
spin_unlock(&init_mm.page_table_lock);
pgd_changed = true;
}
-@@ -1224,8 +1238,8 @@ int kern_addr_valid(unsigned long addr)
+@@ -1221,8 +1242,8 @@ int kern_addr_valid(unsigned long addr)
static struct vm_area_struct gate_vma = {
.vm_start = VSYSCALL_START,
.vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE),
@@ -28750,7 +30544,7 @@ index 474e28f..f016b6e 100644
};
struct vm_area_struct *get_gate_vma(struct mm_struct *mm)
-@@ -1259,7 +1273,7 @@ int in_gate_area_no_mm(unsigned long addr)
+@@ -1256,7 +1277,7 @@ int in_gate_area_no_mm(unsigned long addr)
const char *arch_vma_name(struct vm_area_struct *vma)
{
@@ -28760,7 +30554,7 @@ index 474e28f..f016b6e 100644
if (vma == &gate_vma)
return "[vsyscall]";
diff --git a/arch/x86/mm/iomap_32.c b/arch/x86/mm/iomap_32.c
-index 7b179b4..6bd1777 100644
+index 7b179b4..6bd17777 100644
--- a/arch/x86/mm/iomap_32.c
+++ b/arch/x86/mm/iomap_32.c
@@ -64,7 +64,11 @@ void *kmap_atomic_prot_pfn(unsigned long pfn, pgprot_t prot)
@@ -28776,7 +30570,7 @@ index 7b179b4..6bd1777 100644
return (void *)vaddr;
diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c
-index 78fe3f1..73b95e2 100644
+index 9a1e658..da003f3 100644
--- a/arch/x86/mm/ioremap.c
+++ b/arch/x86/mm/ioremap.c
@@ -97,7 +97,7 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr,
@@ -28797,7 +30591,7 @@ index 78fe3f1..73b95e2 100644
{
struct vm_struct *p, *o;
-@@ -315,6 +315,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
+@@ -310,6 +310,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
/* If page is RAM, we can use __va. Otherwise ioremap and unmap. */
if (page_is_ram(start >> PAGE_SHIFT))
@@ -28807,7 +30601,7 @@ index 78fe3f1..73b95e2 100644
return __va(phys);
addr = (void __force *)ioremap_cache(start, PAGE_SIZE);
-@@ -327,6 +330,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
+@@ -322,6 +325,9 @@ void *xlate_dev_mem_ptr(unsigned long phys)
void unxlate_dev_mem_ptr(unsigned long phys, void *addr)
{
if (page_is_ram(phys >> PAGE_SHIFT))
@@ -28817,7 +30611,7 @@ index 78fe3f1..73b95e2 100644
return;
iounmap((void __iomem *)((unsigned long)addr & PAGE_MASK));
-@@ -344,7 +350,7 @@ static int __init early_ioremap_debug_setup(char *str)
+@@ -339,7 +345,7 @@ static int __init early_ioremap_debug_setup(char *str)
early_param("early_ioremap_debug", early_ioremap_debug_setup);
static __initdata int after_paging_init;
@@ -28826,7 +30620,7 @@ index 78fe3f1..73b95e2 100644
static inline pmd_t * __init early_ioremap_pmd(unsigned long addr)
{
-@@ -381,8 +387,7 @@ void __init early_ioremap_init(void)
+@@ -376,8 +382,7 @@ void __init early_ioremap_init(void)
slot_virt[i] = __fix_to_virt(FIX_BTMAP_BEGIN - NR_FIX_BTMAPS*i);
pmd = early_ioremap_pmd(fix_to_virt(FIX_BTMAP_BEGIN));
@@ -28987,10 +30781,10 @@ index dc0b727..f612039 100644
might_sleep();
if (is_enabled()) /* recheck and proper locking in *_core() */
diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c
-index 72fe01e..f1a8daa 100644
+index a71c4e2..301ae44 100644
--- a/arch/x86/mm/numa.c
+++ b/arch/x86/mm/numa.c
-@@ -477,7 +477,7 @@ static bool __init numa_meminfo_cover_memory(const struct numa_meminfo *mi)
+@@ -474,7 +474,7 @@ static bool __init numa_meminfo_cover_memory(const struct numa_meminfo *mi)
return true;
}
@@ -29000,7 +30794,7 @@ index 72fe01e..f1a8daa 100644
unsigned long uninitialized_var(pfn_align);
int i, nid;
diff --git a/arch/x86/mm/pageattr-test.c b/arch/x86/mm/pageattr-test.c
-index 0e38951..4ca8458 100644
+index d0b1773..4c3327c 100644
--- a/arch/x86/mm/pageattr-test.c
+++ b/arch/x86/mm/pageattr-test.c
@@ -36,7 +36,7 @@ enum {
@@ -29013,7 +30807,7 @@ index 0e38951..4ca8458 100644
struct split_state {
diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c
-index fb4e73e..43f7238 100644
+index bb32480..75f2f5e 100644
--- a/arch/x86/mm/pageattr.c
+++ b/arch/x86/mm/pageattr.c
@@ -261,7 +261,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address,
@@ -29078,7 +30872,7 @@ index fb4e73e..43f7238 100644
+#ifdef CONFIG_PAX_PER_CPU_PGD
+ for (cpu = 0; cpu < nr_cpu_ids; ++cpu) {
-+ pgd_t *pgd = get_cpu_pgd(cpu);
++ pgd_t *pgd = get_cpu_pgd(cpu, kernel);
+#else
list_for_each_entry(page, &pgd_list, lru) {
- pgd_t *pgd;
@@ -29151,6 +30945,19 @@ index 6574388..87e9bef 100644
cattr_name(want_flags),
(unsigned long long)paddr,
(unsigned long long)(paddr + size - 1),
+diff --git a/arch/x86/mm/pat_rbtree.c b/arch/x86/mm/pat_rbtree.c
+index 415f6c4..d319983 100644
+--- a/arch/x86/mm/pat_rbtree.c
++++ b/arch/x86/mm/pat_rbtree.c
+@@ -160,7 +160,7 @@ success:
+
+ failure:
+ printk(KERN_INFO "%s:%d conflicting memory types "
+- "%Lx-%Lx %s<->%s\n", current->comm, current->pid, start,
++ "%Lx-%Lx %s<->%s\n", current->comm, task_pid_nr(current), start,
+ end, cattr_name(found_type), cattr_name(match->type));
+ return -EBUSY;
+ }
diff --git a/arch/x86/mm/pf_in.c b/arch/x86/mm/pf_in.c
index 9f0614d..92ae64a 100644
--- a/arch/x86/mm/pf_in.c
@@ -29201,10 +31008,10 @@ index 9f0614d..92ae64a 100644
p += get_opcode(p, &opcode);
for (i = 0; i < ARRAY_SIZE(imm_wop); i++)
diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c
-index 17fda6a..489c74a 100644
+index 17fda6a..f7d54a0 100644
--- a/arch/x86/mm/pgtable.c
+++ b/arch/x86/mm/pgtable.c
-@@ -91,10 +91,64 @@ static inline void pgd_list_del(pgd_t *pgd)
+@@ -91,10 +91,67 @@ static inline void pgd_list_del(pgd_t *pgd)
list_del(&page->lru);
}
@@ -29216,6 +31023,9 @@ index 17fda6a..489c74a 100644
+void __shadow_user_pgds(pgd_t *dst, const pgd_t *src)
+{
+ unsigned int count = USER_PGD_PTRS;
+
++ if (!pax_user_shadow_base)
++ return;
+
+ while (count--)
+ *dst++ = __pgd((pgd_val(*src++) | (_PAGE_NX & __supported_pte_mask)) & ~_PAGE_USER);
@@ -29229,7 +31039,7 @@ index 17fda6a..489c74a 100644
+
+ while (count--) {
+ pgd_t pgd;
-
++
+#ifdef CONFIG_X86_64
+ pgd = __pgd(pgd_val(*src++) | _PAGE_USER);
+#else
@@ -29271,7 +31081,7 @@ index 17fda6a..489c74a 100644
static void pgd_set_mm(pgd_t *pgd, struct mm_struct *mm)
{
BUILD_BUG_ON(sizeof(virt_to_page(pgd)->index) < sizeof(mm));
-@@ -135,6 +189,7 @@ static void pgd_dtor(pgd_t *pgd)
+@@ -135,6 +192,7 @@ static void pgd_dtor(pgd_t *pgd)
pgd_list_del(pgd);
spin_unlock(&pgd_lock);
}
@@ -29279,7 +31089,7 @@ index 17fda6a..489c74a 100644
/*
* List of all pgd's needed for non-PAE so it can invalidate entries
-@@ -147,7 +202,7 @@ static void pgd_dtor(pgd_t *pgd)
+@@ -147,7 +205,7 @@ static void pgd_dtor(pgd_t *pgd)
* -- nyc
*/
@@ -29288,7 +31098,7 @@ index 17fda6a..489c74a 100644
/*
* In PAE mode, we need to do a cr3 reload (=tlb flush) when
* updating the top-level pagetable entries to guarantee the
-@@ -159,7 +214,7 @@ static void pgd_dtor(pgd_t *pgd)
+@@ -159,7 +217,7 @@ static void pgd_dtor(pgd_t *pgd)
* not shared between pagetables (!SHARED_KERNEL_PMDS), we allocate
* and initialize the kernel pmds here.
*/
@@ -29297,7 +31107,7 @@ index 17fda6a..489c74a 100644
void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
{
-@@ -177,36 +232,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
+@@ -177,36 +235,38 @@ void pud_populate(struct mm_struct *mm, pud_t *pudp, pmd_t *pmd)
*/
flush_tlb_mm(mm);
}
@@ -29347,7 +31157,7 @@ index 17fda6a..489c74a 100644
return -ENOMEM;
}
-@@ -219,51 +276,55 @@ static int preallocate_pmds(pmd_t *pmds[])
+@@ -219,51 +279,55 @@ static int preallocate_pmds(pmd_t *pmds[])
* preallocate which never got a corresponding vma will need to be
* freed manually.
*/
@@ -29420,7 +31230,7 @@ index 17fda6a..489c74a 100644
pgd = (pgd_t *)__get_free_page(PGALLOC_GFP);
-@@ -272,11 +333,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
+@@ -272,11 +336,11 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
mm->pgd = pgd;
@@ -29434,7 +31244,7 @@ index 17fda6a..489c74a 100644
/*
* Make sure that pre-populating the pmds is atomic with
-@@ -286,14 +347,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
+@@ -286,14 +350,14 @@ pgd_t *pgd_alloc(struct mm_struct *mm)
spin_lock(&pgd_lock);
pgd_ctor(mm, pgd);
@@ -29452,7 +31262,7 @@ index 17fda6a..489c74a 100644
out_free_pgd:
free_page((unsigned long)pgd);
out:
-@@ -302,7 +363,7 @@ out:
+@@ -302,7 +366,7 @@ out:
void pgd_free(struct mm_struct *mm, pgd_t *pgd)
{
@@ -29550,6 +31360,49 @@ index 282375f..e03a98f 100644
}
}
EXPORT_SYMBOL_GPL(leave_mm);
+diff --git a/arch/x86/mm/uderef_64.c b/arch/x86/mm/uderef_64.c
+new file mode 100644
+index 0000000..dace51c
+--- /dev/null
++++ b/arch/x86/mm/uderef_64.c
+@@ -0,0 +1,37 @@
++#include <linux/mm.h>
++#include <asm/pgtable.h>
++#include <asm/uaccess.h>
++
++#ifdef CONFIG_PAX_MEMORY_UDEREF
++/* PaX: due to the special call convention these functions must
++ * - remain leaf functions under all configurations,
++ * - never be called directly, only dereferenced from the wrappers.
++ */
++void __pax_open_userland(void)
++{
++ unsigned int cpu;
++
++ if (unlikely(!segment_eq(get_fs(), USER_DS)))
++ return;
++
++ cpu = raw_get_cpu();
++ BUG_ON((read_cr3() & ~PAGE_MASK) != PCID_KERNEL);
++ write_cr3(__pa(get_cpu_pgd(cpu, user)) | PCID_USER | PCID_NOFLUSH);
++ raw_put_cpu_no_resched();
++}
++EXPORT_SYMBOL(__pax_open_userland);
++
++void __pax_close_userland(void)
++{
++ unsigned int cpu;
++
++ if (unlikely(!segment_eq(get_fs(), USER_DS)))
++ return;
++
++ cpu = raw_get_cpu();
++ BUG_ON((read_cr3() & ~PAGE_MASK) != PCID_USER);
++ write_cr3(__pa(get_cpu_pgd(cpu, kernel)) | PCID_KERNEL | PCID_NOFLUSH);
++ raw_put_cpu_no_resched();
++}
++EXPORT_SYMBOL(__pax_close_userland);
++#endif
diff --git a/arch/x86/net/bpf_jit.S b/arch/x86/net/bpf_jit.S
index 877b9a1..a8ecf42 100644
--- a/arch/x86/net/bpf_jit.S
@@ -29664,7 +31517,7 @@ index 877b9a1..a8ecf42 100644
+ pax_force_retaddr
ret
diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c
-index 3cbe4538..003d011 100644
+index f66b540..3e88dfb 100644
--- a/arch/x86/net/bpf_jit_comp.c
+++ b/arch/x86/net/bpf_jit_comp.c
@@ -12,6 +12,7 @@
@@ -29936,9 +31789,9 @@ index 3cbe4538..003d011 100644
}
oldproglen = proglen;
}
-@@ -737,7 +856,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+@@ -732,7 +851,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i];
+ if (image) {
bpf_flush_icache(image, image + proglen);
-
fp->bpf_func = (void *)image;
- }
+ } else
@@ -29948,7 +31801,7 @@ index 3cbe4538..003d011 100644
out:
kfree(addrs);
return;
-@@ -745,18 +867,20 @@ out:
+@@ -740,18 +862,20 @@ out:
static void jit_free_defer(struct work_struct *arg)
{
@@ -30462,7 +32315,7 @@ index c77b24a..c979855 100644
}
EXPORT_SYMBOL(pcibios_set_irq_routing);
diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c
-index 40e4469..0592924 100644
+index 40e4469..d915bf9 100644
--- a/arch/x86/platform/efi/efi_32.c
+++ b/arch/x86/platform/efi/efi_32.c
@@ -44,11 +44,22 @@ void efi_call_phys_prelog(void)
@@ -30505,7 +32358,7 @@ index 40e4469..0592924 100644
load_gdt(&gdt_descr);
+#ifdef CONFIG_PAX_PER_CPU_PGD
-+ load_cr3(get_cpu_pgd(smp_processor_id()));
++ load_cr3(get_cpu_pgd(smp_processor_id(), kernel));
+#else
load_cr3(swapper_pg_dir);
+#endif
@@ -30514,10 +32367,10 @@ index 40e4469..0592924 100644
local_irq_restore(efi_rt_eflags);
diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c
-index 2b20038..eaf558f 100644
+index 39a0e7f1..872396e 100644
--- a/arch/x86/platform/efi/efi_64.c
+++ b/arch/x86/platform/efi/efi_64.c
-@@ -75,6 +75,11 @@ void __init efi_call_phys_prelog(void)
+@@ -76,6 +76,11 @@ void __init efi_call_phys_prelog(void)
vaddress = (unsigned long)__va(pgd * PGDIR_SIZE);
set_pgd(pgd_offset_k(pgd * PGDIR_SIZE), *pgd_offset_k(vaddress));
}
@@ -30529,13 +32382,13 @@ index 2b20038..eaf558f 100644
__flush_tlb_all();
}
-@@ -88,6 +93,11 @@ void __init efi_call_phys_epilog(void)
+@@ -89,6 +94,11 @@ void __init efi_call_phys_epilog(void)
for (pgd = 0; pgd < n_pgds; pgd++)
set_pgd(pgd_offset_k(pgd * PGDIR_SIZE), save_pgd[pgd]);
kfree(save_pgd);
+
+#ifdef CONFIG_PAX_PER_CPU_PGD
-+ load_cr3(get_cpu_pgd(smp_processor_id()));
++ load_cr3(get_cpu_pgd(smp_processor_id(), kernel));
+#endif
+
__flush_tlb_all();
@@ -30738,7 +32591,7 @@ index 4c07cca..2c8427d 100644
ret
ENDPROC(efi_call6)
diff --git a/arch/x86/platform/mrst/mrst.c b/arch/x86/platform/mrst/mrst.c
-index e31bcd8..f12dc46 100644
+index a0a0a43..a48e233 100644
--- a/arch/x86/platform/mrst/mrst.c
+++ b/arch/x86/platform/mrst/mrst.c
@@ -78,13 +78,15 @@ struct sfi_rtc_table_entry sfi_mrtc_array[SFI_MRTC_MAX];
@@ -30773,23 +32626,30 @@ index d6ee929..3637cb5 100644
.getproplen = olpc_dt_getproplen,
.getproperty = olpc_dt_getproperty,
diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c
-index 3c68768..07e82b8 100644
+index 1cf5b30..fd45732 100644
--- a/arch/x86/power/cpu.c
+++ b/arch/x86/power/cpu.c
-@@ -134,7 +134,7 @@ static void do_fpu_end(void)
+@@ -137,11 +137,8 @@ static void do_fpu_end(void)
static void fix_processor_context(void)
{
int cpu = smp_processor_id();
- struct tss_struct *t = &per_cpu(init_tss, cpu);
+-#ifdef CONFIG_X86_64
+- struct desc_struct *desc = get_cpu_gdt_table(cpu);
+- tss_desc tss;
+-#endif
+ struct tss_struct *t = init_tss + cpu;
-
++
set_tss_desc(cpu, t); /*
* This just modifies memory; should not be
-@@ -144,8 +144,6 @@ static void fix_processor_context(void)
+ * necessary. But... This is necessary, because
+@@ -150,10 +147,6 @@ static void fix_processor_context(void)
*/
#ifdef CONFIG_X86_64
-- get_cpu_gdt_table(cpu)[GDT_ENTRY_TSS].type = 9;
+- memcpy(&tss, &desc[GDT_ENTRY_TSS], sizeof(tss_desc));
+- tss.type = 0x9; /* The available 64-bit TSS (see AMD vol 2, pg 91 */
+- write_gdt_entry(desc, GDT_ENTRY_TSS, &tss, DESC_TSS);
-
syscall_init(); /* This sets MSR_*STAR and related */
#endif
@@ -30895,10 +32755,18 @@ index c1b2791..f9e31c7 100644
END(trampoline_header)
diff --git a/arch/x86/realmode/rm/trampoline_64.S b/arch/x86/realmode/rm/trampoline_64.S
-index bb360dc..3e5945f 100644
+index bb360dc..d0fd8f8 100644
--- a/arch/x86/realmode/rm/trampoline_64.S
+++ b/arch/x86/realmode/rm/trampoline_64.S
-@@ -107,7 +107,7 @@ ENTRY(startup_32)
+@@ -94,6 +94,7 @@ ENTRY(startup_32)
+ movl %edx, %gs
+
+ movl pa_tr_cr4, %eax
++ andl $~X86_CR4_PCIDE, %eax
+ movl %eax, %cr4 # Enable PAE mode
+
+ # Setup trampoline 4 level pagetables
+@@ -107,7 +108,7 @@ ENTRY(startup_32)
wrmsr
# Enable paging and in turn activate Long Mode
@@ -30907,25 +32775,40 @@ index bb360dc..3e5945f 100644
movl %eax, %cr0
/*
+diff --git a/arch/x86/tools/Makefile b/arch/x86/tools/Makefile
+index e812034..c747134 100644
+--- a/arch/x86/tools/Makefile
++++ b/arch/x86/tools/Makefile
+@@ -37,7 +37,7 @@ $(obj)/test_get_len.o: $(srctree)/arch/x86/lib/insn.c $(srctree)/arch/x86/lib/in
+
+ $(obj)/insn_sanity.o: $(srctree)/arch/x86/lib/insn.c $(srctree)/arch/x86/lib/inat.c $(srctree)/arch/x86/include/asm/inat_types.h $(srctree)/arch/x86/include/asm/inat.h $(srctree)/arch/x86/include/asm/insn.h $(objtree)/arch/x86/lib/inat-tables.c
+
+-HOST_EXTRACFLAGS += -I$(srctree)/tools/include
++HOST_EXTRACFLAGS += -I$(srctree)/tools/include -ggdb
+ hostprogs-y += relocs
+ relocs-objs := relocs_32.o relocs_64.o relocs_common.o
+ relocs: $(obj)/relocs
diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c
-index 79d67bd..c7e1b90 100644
+index f7bab68..b6d9886 100644
--- a/arch/x86/tools/relocs.c
+++ b/arch/x86/tools/relocs.c
-@@ -12,10 +12,13 @@
- #include <regex.h>
- #include <tools/le_byteshift.h>
+@@ -1,5 +1,7 @@
+ /* This is included from relocs_32/64.c */
+#include "../../../include/generated/autoconf.h"
+
- static void die(char *fmt, ...);
+ #define ElfW(type) _ElfW(ELF_BITS, type)
+ #define _ElfW(bits, type) __ElfW(bits, type)
+ #define __ElfW(bits, type) Elf##bits##_##type
+@@ -11,6 +13,7 @@
+ #define Elf_Sym ElfW(Sym)
+
+ static Elf_Ehdr ehdr;
++static Elf_Phdr *phdr;
- #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
- static Elf32_Ehdr ehdr;
-+static Elf32_Phdr *phdr;
- static unsigned long reloc_count, reloc_idx;
- static unsigned long *relocs;
- static unsigned long reloc16_count, reloc16_idx;
-@@ -330,9 +333,39 @@ static void read_ehdr(FILE *fp)
+ struct relocs {
+ uint32_t *offset;
+@@ -383,9 +386,39 @@ static void read_ehdr(FILE *fp)
}
}
@@ -30933,7 +32816,7 @@ index 79d67bd..c7e1b90 100644
+{
+ unsigned int i;
+
-+ phdr = calloc(ehdr.e_phnum, sizeof(Elf32_Phdr));
++ phdr = calloc(ehdr.e_phnum, sizeof(Elf_Phdr));
+ if (!phdr) {
+ die("Unable to allocate %d program headers\n",
+ ehdr.e_phnum);
@@ -30947,14 +32830,14 @@ index 79d67bd..c7e1b90 100644
+ strerror(errno));
+ }
+ for(i = 0; i < ehdr.e_phnum; i++) {
-+ phdr[i].p_type = elf32_to_cpu(phdr[i].p_type);
-+ phdr[i].p_offset = elf32_to_cpu(phdr[i].p_offset);
-+ phdr[i].p_vaddr = elf32_to_cpu(phdr[i].p_vaddr);
-+ phdr[i].p_paddr = elf32_to_cpu(phdr[i].p_paddr);
-+ phdr[i].p_filesz = elf32_to_cpu(phdr[i].p_filesz);
-+ phdr[i].p_memsz = elf32_to_cpu(phdr[i].p_memsz);
-+ phdr[i].p_flags = elf32_to_cpu(phdr[i].p_flags);
-+ phdr[i].p_align = elf32_to_cpu(phdr[i].p_align);
++ phdr[i].p_type = elf_word_to_cpu(phdr[i].p_type);
++ phdr[i].p_offset = elf_off_to_cpu(phdr[i].p_offset);
++ phdr[i].p_vaddr = elf_addr_to_cpu(phdr[i].p_vaddr);
++ phdr[i].p_paddr = elf_addr_to_cpu(phdr[i].p_paddr);
++ phdr[i].p_filesz = elf_word_to_cpu(phdr[i].p_filesz);
++ phdr[i].p_memsz = elf_word_to_cpu(phdr[i].p_memsz);
++ phdr[i].p_flags = elf_word_to_cpu(phdr[i].p_flags);
++ phdr[i].p_align = elf_word_to_cpu(phdr[i].p_align);
+ }
+
+}
@@ -30963,10 +32846,10 @@ index 79d67bd..c7e1b90 100644
{
- int i;
+ unsigned int i;
- Elf32_Shdr shdr;
+ Elf_Shdr shdr;
secs = calloc(ehdr.e_shnum, sizeof(struct section));
-@@ -367,7 +400,7 @@ static void read_shdrs(FILE *fp)
+@@ -420,7 +453,7 @@ static void read_shdrs(FILE *fp)
static void read_strtabs(FILE *fp)
{
@@ -30975,7 +32858,7 @@ index 79d67bd..c7e1b90 100644
for (i = 0; i < ehdr.e_shnum; i++) {
struct section *sec = &secs[i];
if (sec->shdr.sh_type != SHT_STRTAB) {
-@@ -392,7 +425,7 @@ static void read_strtabs(FILE *fp)
+@@ -445,7 +478,7 @@ static void read_strtabs(FILE *fp)
static void read_symtabs(FILE *fp)
{
@@ -30984,7 +32867,7 @@ index 79d67bd..c7e1b90 100644
for (i = 0; i < ehdr.e_shnum; i++) {
struct section *sec = &secs[i];
if (sec->shdr.sh_type != SHT_SYMTAB) {
-@@ -423,9 +456,11 @@ static void read_symtabs(FILE *fp)
+@@ -476,9 +509,11 @@ static void read_symtabs(FILE *fp)
}
@@ -30997,8 +32880,8 @@ index 79d67bd..c7e1b90 100644
+
for (i = 0; i < ehdr.e_shnum; i++) {
struct section *sec = &secs[i];
- if (sec->shdr.sh_type != SHT_REL) {
-@@ -445,9 +480,22 @@ static void read_relocs(FILE *fp)
+ if (sec->shdr.sh_type != SHT_REL_TYPE) {
+@@ -498,9 +533,22 @@ static void read_relocs(FILE *fp)
die("Cannot read symbol table: %s\n",
strerror(errno));
}
@@ -31015,21 +32898,23 @@ index 79d67bd..c7e1b90 100644
+ }
+#endif
+
- for (j = 0; j < sec->shdr.sh_size/sizeof(Elf32_Rel); j++) {
- Elf32_Rel *rel = &sec->reltab[j];
-- rel->r_offset = elf32_to_cpu(rel->r_offset);
-+ rel->r_offset = elf32_to_cpu(rel->r_offset) + base;
- rel->r_info = elf32_to_cpu(rel->r_info);
- }
- }
-@@ -456,13 +504,13 @@ static void read_relocs(FILE *fp)
+ for (j = 0; j < sec->shdr.sh_size/sizeof(Elf_Rel); j++) {
+ Elf_Rel *rel = &sec->reltab[j];
+- rel->r_offset = elf_addr_to_cpu(rel->r_offset);
++ rel->r_offset = elf_addr_to_cpu(rel->r_offset) + base;
+ rel->r_info = elf_xword_to_cpu(rel->r_info);
+ #if (SHT_REL_TYPE == SHT_RELA)
+ rel->r_addend = elf_xword_to_cpu(rel->r_addend);
+@@ -512,7 +560,7 @@ static void read_relocs(FILE *fp)
static void print_absolute_symbols(void)
{
- int i;
+ unsigned int i;
- printf("Absolute symbols\n");
- printf(" Num: Value Size Type Bind Visibility Name\n");
+ const char *format;
+
+ if (ELF_BITS == 64)
+@@ -525,7 +573,7 @@ static void print_absolute_symbols(void)
for (i = 0; i < ehdr.e_shnum; i++) {
struct section *sec = &secs[i];
char *sym_strtab;
@@ -31038,76 +32923,76 @@ index 79d67bd..c7e1b90 100644
if (sec->shdr.sh_type != SHT_SYMTAB) {
continue;
-@@ -489,14 +537,14 @@ static void print_absolute_symbols(void)
+@@ -552,7 +600,7 @@ static void print_absolute_symbols(void)
static void print_absolute_relocs(void)
{
- int i, printed = 0;
+ unsigned int i, printed = 0;
+ const char *format;
- for (i = 0; i < ehdr.e_shnum; i++) {
- struct section *sec = &secs[i];
+ if (ELF_BITS == 64)
+@@ -565,7 +613,7 @@ static void print_absolute_relocs(void)
struct section *sec_applies, *sec_symtab;
char *sym_strtab;
- Elf32_Sym *sh_symtab;
+ Elf_Sym *sh_symtab;
- int j;
+ unsigned int j;
- if (sec->shdr.sh_type != SHT_REL) {
+ if (sec->shdr.sh_type != SHT_REL_TYPE) {
continue;
}
-@@ -558,13 +606,13 @@ static void print_absolute_relocs(void)
- static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym),
- int use_real_mode)
+@@ -642,13 +690,13 @@ static void add_reloc(struct relocs *r, uint32_t offset)
+ static void walk_relocs(int (*process)(struct section *sec, Elf_Rel *rel,
+ Elf_Sym *sym, const char *symname))
{
- int i;
+ unsigned int i;
/* Walk through the relocations */
for (i = 0; i < ehdr.e_shnum; i++) {
char *sym_strtab;
- Elf32_Sym *sh_symtab;
+ Elf_Sym *sh_symtab;
struct section *sec_applies, *sec_symtab;
- int j;
+ unsigned int j;
struct section *sec = &secs[i];
- if (sec->shdr.sh_type != SHT_REL) {
-@@ -588,6 +636,24 @@ static void walk_relocs(void (*visit)(Elf32_Rel *rel, Elf32_Sym *sym),
- sym = &sh_symtab[ELF32_R_SYM(rel->r_info)];
- r_type = ELF32_R_TYPE(rel->r_info);
-
-+ if (!use_real_mode) {
-+ /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */
-+ if (!strcmp(sec_name(sym->st_shndx), ".data..percpu") && strcmp(sym_name(sym_strtab, sym), "__per_cpu_load"))
-+ continue;
+ if (sec->shdr.sh_type != SHT_REL_TYPE) {
+@@ -812,6 +860,23 @@ static int do_reloc32(struct section *sec, Elf_Rel *rel, Elf_Sym *sym,
+ {
+ unsigned r_type = ELF32_R_TYPE(rel->r_info);
+ int shn_abs = (sym->st_shndx == SHN_ABS) && !is_reloc(S_REL, symname);
++ char *sym_strtab = sec->link->link->strtab;
+
-+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_X86_32)
-+ /* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */
-+ if (!strcmp(sec_name(sym->st_shndx), ".text.end") && !strcmp(sym_name(sym_strtab, sym), "_etext"))
-+ continue;
-+ if (!strcmp(sec_name(sym->st_shndx), ".init.text"))
-+ continue;
-+ if (!strcmp(sec_name(sym->st_shndx), ".exit.text"))
-+ continue;
-+ if (!strcmp(sec_name(sym->st_shndx), ".text") && strcmp(sym_name(sym_strtab, sym), "__LOAD_PHYSICAL_ADDR"))
-+ continue;
-+#endif
-+ }
++ /* Don't relocate actual per-cpu variables, they are absolute indices, not addresses */
++ if (!strcmp(sec_name(sym->st_shndx), ".data..percpu") && strcmp(sym_name(sym_strtab, sym), "__per_cpu_load"))
++ return 0;
+
- shn_abs = sym->st_shndx == SHN_ABS;
++#ifdef CONFIG_PAX_KERNEXEC
++ /* Don't relocate actual code, they are relocated implicitly by the base address of KERNEL_CS */
++ if (!strcmp(sec_name(sym->st_shndx), ".text.end") && !strcmp(sym_name(sym_strtab, sym), "_etext"))
++ return 0;
++ if (!strcmp(sec_name(sym->st_shndx), ".init.text"))
++ return 0;
++ if (!strcmp(sec_name(sym->st_shndx), ".exit.text"))
++ return 0;
++ if (!strcmp(sec_name(sym->st_shndx), ".text") && strcmp(sym_name(sym_strtab, sym), "__LOAD_PHYSICAL_ADDR"))
++ return 0;
++#endif
- switch (r_type) {
-@@ -681,7 +747,7 @@ static int write32(unsigned int v, FILE *f)
+ switch (r_type) {
+ case R_386_NONE:
+@@ -950,7 +1015,7 @@ static int write32_as_text(uint32_t v, FILE *f)
static void emit_relocs(int as_text, int use_real_mode)
{
- int i;
+ unsigned int i;
- /* Count how many relocations I have and allocate space for them. */
- reloc_count = 0;
- walk_relocs(count_reloc, use_real_mode);
-@@ -808,10 +874,11 @@ int main(int argc, char **argv)
- fname, strerror(errno));
- }
+ int (*write_reloc)(uint32_t, FILE *) = write32;
+ int (*do_reloc)(struct section *sec, Elf_Rel *rel, Elf_Sym *sym,
+ const char *symname);
+@@ -1026,10 +1091,11 @@ void process(FILE *fp, int use_real_mode, int as_text,
+ {
+ regex_init(use_real_mode);
read_ehdr(fp);
+ read_phdrs(fp);
read_shdrs(fp);
@@ -31115,9 +33000,22 @@ index 79d67bd..c7e1b90 100644
read_symtabs(fp);
- read_relocs(fp);
+ read_relocs(fp, use_real_mode);
+ if (ELF_BITS == 64)
+ percpu_init();
if (show_absolute_syms) {
- print_absolute_symbols();
- goto out;
+diff --git a/arch/x86/um/tls_32.c b/arch/x86/um/tls_32.c
+index 80ffa5b..a33bd15 100644
+--- a/arch/x86/um/tls_32.c
++++ b/arch/x86/um/tls_32.c
+@@ -260,7 +260,7 @@ out:
+ if (unlikely(task == current &&
+ !t->arch.tls_array[idx - GDT_ENTRY_TLS_MIN].flushed)) {
+ printk(KERN_ERR "get_tls_entry: task with pid %d got here "
+- "without flushed TLS.", current->pid);
++ "without flushed TLS.", task_pid_nr(current));
+ }
+
+ return 0;
diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile
index fd14be1..e3c79c0 100644
--- a/arch/x86/vdso/Makefile
@@ -31291,10 +33189,10 @@ index 431e875..cbb23f3 100644
-}
-__setup("vdso=", vdso_setup);
diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c
-index cf95e19..17e9f50 100644
+index a492be2..08678da 100644
--- a/arch/x86/xen/enlighten.c
+++ b/arch/x86/xen/enlighten.c
-@@ -100,8 +100,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
+@@ -123,8 +123,6 @@ EXPORT_SYMBOL_GPL(xen_start_info);
struct shared_info xen_dummy_shared_info;
@@ -31303,7 +33201,7 @@ index cf95e19..17e9f50 100644
RESERVE_BRK(shared_info_page_brk, PAGE_SIZE);
__read_mostly int xen_have_vector_callback;
EXPORT_SYMBOL_GPL(xen_have_vector_callback);
-@@ -511,8 +509,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
+@@ -542,8 +540,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr)
{
unsigned long va = dtr->address;
unsigned int size = dtr->size + 1;
@@ -31313,7 +33211,7 @@ index cf95e19..17e9f50 100644
int f;
/*
-@@ -560,8 +557,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
+@@ -591,8 +588,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
{
unsigned long va = dtr->address;
unsigned int size = dtr->size + 1;
@@ -31323,7 +33221,7 @@ index cf95e19..17e9f50 100644
int f;
/*
-@@ -569,7 +565,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
+@@ -600,7 +596,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr)
* 8-byte entries, or 16 4k pages..
*/
@@ -31332,7 +33230,7 @@ index cf95e19..17e9f50 100644
BUG_ON(va & ~PAGE_MASK);
for (f = 0; va < dtr->address + size; va += PAGE_SIZE, f++) {
-@@ -954,7 +950,7 @@ static u32 xen_safe_apic_wait_icr_idle(void)
+@@ -985,7 +981,7 @@ static u32 xen_safe_apic_wait_icr_idle(void)
return 0;
}
@@ -31341,7 +33239,7 @@ index cf95e19..17e9f50 100644
{
apic->read = xen_apic_read;
apic->write = xen_apic_write;
-@@ -1260,30 +1256,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = {
+@@ -1290,30 +1286,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = {
#endif
};
@@ -31379,7 +33277,7 @@ index cf95e19..17e9f50 100644
{
if (pm_power_off)
pm_power_off();
-@@ -1385,7 +1381,17 @@ asmlinkage void __init xen_start_kernel(void)
+@@ -1464,7 +1460,17 @@ asmlinkage void __init xen_start_kernel(void)
__userpte_alloc_gfp &= ~__GFP_HIGHMEM;
/* Work out if we support NX */
@@ -31398,7 +33296,7 @@ index cf95e19..17e9f50 100644
xen_setup_features();
-@@ -1416,13 +1422,6 @@ asmlinkage void __init xen_start_kernel(void)
+@@ -1495,13 +1501,6 @@ asmlinkage void __init xen_start_kernel(void)
machine_ops = xen_machine_ops;
@@ -31412,7 +33310,7 @@ index cf95e19..17e9f50 100644
xen_smp_init();
#ifdef CONFIG_ACPI_NUMA
-@@ -1616,7 +1615,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self,
+@@ -1700,7 +1699,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self,
return NOTIFY_OK;
}
@@ -31422,7 +33320,7 @@ index cf95e19..17e9f50 100644
};
diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c
-index e006c18..b9a7d6c 100644
+index fdc3ba2..3daee39 100644
--- a/arch/x86/xen/mmu.c
+++ b/arch/x86/xen/mmu.c
@@ -1894,6 +1894,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn)
@@ -31448,7 +33346,7 @@ index e006c18..b9a7d6c 100644
set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO);
set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO);
-@@ -2110,6 +2117,7 @@ static void __init xen_post_allocator_init(void)
+@@ -2108,6 +2115,7 @@ static void __init xen_post_allocator_init(void)
pv_mmu_ops.set_pud = xen_set_pud;
#if PAGETABLE_LEVELS == 4
pv_mmu_ops.set_pgd = xen_set_pgd;
@@ -31456,7 +33354,7 @@ index e006c18..b9a7d6c 100644
#endif
/* This will work as long as patching hasn't happened yet
-@@ -2188,6 +2196,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
+@@ -2186,6 +2194,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = {
.pud_val = PV_CALLEE_SAVE(xen_pud_val),
.make_pud = PV_CALLEE_SAVE(xen_make_pud),
.set_pgd = xen_set_pgd_hyper,
@@ -31465,10 +33363,10 @@ index e006c18..b9a7d6c 100644
.alloc_pud = xen_alloc_pmd_init,
.release_pud = xen_release_pmd_init,
diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c
-index 96c4e85..284fded 100644
+index d99cae8..18401e1 100644
--- a/arch/x86/xen/smp.c
+++ b/arch/x86/xen/smp.c
-@@ -230,11 +230,6 @@ static void __init xen_smp_prepare_boot_cpu(void)
+@@ -240,11 +240,6 @@ static void __init xen_smp_prepare_boot_cpu(void)
{
BUG_ON(smp_processor_id() != 0);
native_smp_prepare_boot_cpu();
@@ -31480,7 +33378,7 @@ index 96c4e85..284fded 100644
xen_filter_cpu_maps();
xen_setup_vcpu_info_placement();
}
-@@ -304,7 +299,7 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
+@@ -314,7 +309,7 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
ctxt->user_regs.ss = __KERNEL_DS;
#ifdef CONFIG_X86_32
ctxt->user_regs.fs = __KERNEL_PERCPU;
@@ -31489,7 +33387,7 @@ index 96c4e85..284fded 100644
#else
ctxt->gs_base_kernel = per_cpu_offset(cpu);
#endif
-@@ -314,8 +309,8 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
+@@ -324,8 +319,8 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle)
{
ctxt->user_regs.eflags = 0x1000; /* IOPL_RING1 */
@@ -31500,7 +33398,7 @@ index 96c4e85..284fded 100644
xen_copy_trap_info(ctxt->trap_ctxt);
-@@ -360,13 +355,12 @@ static int __cpuinit xen_cpu_up(unsigned int cpu, struct task_struct *idle)
+@@ -370,13 +365,12 @@ static int __cpuinit xen_cpu_up(unsigned int cpu, struct task_struct *idle)
int rc;
per_cpu(current_task, cpu) = idle;
@@ -31516,7 +33414,7 @@ index 96c4e85..284fded 100644
#endif
xen_setup_runstate_info(cpu);
xen_setup_timer(cpu);
-@@ -642,7 +636,7 @@ static const struct smp_ops xen_smp_ops __initconst = {
+@@ -651,7 +645,7 @@ static const struct smp_ops xen_smp_ops __initconst = {
void __init xen_smp_init(void)
{
@@ -31647,7 +33545,7 @@ index af00795..2bb8105 100644
#define XCHAL_ICACHE_SIZE 32768 /* I-cache size in bytes or 0 */
#define XCHAL_DCACHE_SIZE 32768 /* D-cache size in bytes or 0 */
diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c
-index 58916af..eb9dbcf 100644
+index 58916af..eb9dbcf6 100644
--- a/block/blk-iopoll.c
+++ b/block/blk-iopoll.c
@@ -77,7 +77,7 @@ void blk_iopoll_complete(struct blk_iopoll *iopoll)
@@ -31748,7 +33646,7 @@ index 7c668c8..db3521c 100644
err = -EFAULT;
goto out;
diff --git a/block/genhd.c b/block/genhd.c
-index 5098a64..d15a9e8 100644
+index cdeb527..10aa34db 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -467,21 +467,24 @@ static char *bdevt_str(dev_t devt, char *buf)
@@ -31780,33 +33678,35 @@ index 5098a64..d15a9e8 100644
EXPORT_SYMBOL(blk_unregister_region);
diff --git a/block/partitions/efi.c b/block/partitions/efi.c
-index ff5804e..a88acad 100644
+index c85fc89..51e690b 100644
--- a/block/partitions/efi.c
+++ b/block/partitions/efi.c
@@ -234,14 +234,14 @@ static gpt_entry *alloc_read_gpt_entries(struct parsed_partitions *state,
if (!gpt)
return NULL;
-- count = le32_to_cpu(gpt->num_partition_entries) *
-- le32_to_cpu(gpt->sizeof_partition_entry);
-- if (!count)
+ if (!le32_to_cpu(gpt->num_partition_entries))
- return NULL;
-- pte = kzalloc(count, GFP_KERNEL);
++ return NULL;
+ pte = kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(gpt->sizeof_partition_entry), GFP_KERNEL);
- if (!pte)
- return NULL;
-
-+ count = le32_to_cpu(gpt->num_partition_entries) *
-+ le32_to_cpu(gpt->sizeof_partition_entry);
++ if (!pte)
++ return NULL;
++
+ count = le32_to_cpu(gpt->num_partition_entries) *
+ le32_to_cpu(gpt->sizeof_partition_entry);
+- if (!count)
+- return NULL;
+- pte = kmalloc(count, GFP_KERNEL);
+- if (!pte)
+- return NULL;
+-
if (read_lba(state, le64_to_cpu(gpt->partition_entry_lba),
(u8 *) pte,
count) < count) {
diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
-index 9a87daa..fb17486 100644
+index a5ffcc9..3cedc9c 100644
--- a/block/scsi_ioctl.c
+++ b/block/scsi_ioctl.c
-@@ -223,8 +223,20 @@ EXPORT_SYMBOL(blk_verify_command);
+@@ -224,8 +224,20 @@ EXPORT_SYMBOL(blk_verify_command);
static int blk_fill_sghdr_rq(struct request_queue *q, struct request *rq,
struct sg_io_hdr *hdr, fmode_t mode)
{
@@ -31828,7 +33728,7 @@ index 9a87daa..fb17486 100644
if (blk_verify_command(rq->cmd, mode & FMODE_WRITE))
return -EPERM;
-@@ -433,6 +445,8 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
+@@ -434,6 +446,8 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
int err;
unsigned int in_len, out_len, bytes, opcode, cmdlen;
char *buffer = NULL, sense[SCSI_SENSE_BUFFERSIZE];
@@ -31837,7 +33737,7 @@ index 9a87daa..fb17486 100644
if (!sic)
return -EINVAL;
-@@ -466,9 +480,18 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
+@@ -467,9 +481,18 @@ int sg_scsi_ioctl(struct request_queue *q, struct gendisk *disk, fmode_t mode,
*/
err = -EFAULT;
rq->cmd_len = cmdlen;
@@ -31917,7 +33817,7 @@ index f220d64..d359ad6 100644
struct apei_exec_context {
u32 ip;
diff --git a/drivers/acpi/apei/cper.c b/drivers/acpi/apei/cper.c
-index fefc2ca..12a535d 100644
+index 33dc6a0..4b24b47 100644
--- a/drivers/acpi/apei/cper.c
+++ b/drivers/acpi/apei/cper.c
@@ -39,12 +39,12 @@
@@ -32030,10 +33930,10 @@ index 7586544..636a2f0 100644
if (err)
return err;
diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c
-index ee255c6..747c68b 100644
+index eb133c7..f571552 100644
--- a/drivers/acpi/processor_idle.c
+++ b/drivers/acpi/processor_idle.c
-@@ -986,7 +986,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr)
+@@ -994,7 +994,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr)
{
int i, count = CPUIDLE_DRIVER_STATE_START;
struct acpi_processor_cx *cx;
@@ -32043,10 +33943,10 @@ index ee255c6..747c68b 100644
if (!pr->flags.power_setup_done)
diff --git a/drivers/acpi/sysfs.c b/drivers/acpi/sysfs.c
-index 41c0504..f8c0836 100644
+index fcae5fa..e9f71ea 100644
--- a/drivers/acpi/sysfs.c
+++ b/drivers/acpi/sysfs.c
-@@ -420,11 +420,11 @@ static u32 num_counters;
+@@ -423,11 +423,11 @@ static u32 num_counters;
static struct attribute **all_attrs;
static u32 acpi_gpe_count;
@@ -32061,7 +33961,7 @@ index 41c0504..f8c0836 100644
static void delete_gpe_attr_array(void)
{
diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c
-index 09f6047..3b3dab4 100644
+index 7b9bdd8..37638ca 100644
--- a/drivers/ata/libahci.c
+++ b/drivers/ata/libahci.c
@@ -1230,7 +1230,7 @@ int ahci_kick_engine(struct ata_port *ap)
@@ -32074,7 +33974,7 @@ index 09f6047..3b3dab4 100644
unsigned long timeout_msec)
{
diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c
-index 8038ee3..a19a6e6 100644
+index adf002a..39bb8f9 100644
--- a/drivers/ata/libata-core.c
+++ b/drivers/ata/libata-core.c
@@ -4792,7 +4792,7 @@ void ata_qc_free(struct ata_queued_cmd *qc)
@@ -32115,20 +34015,20 @@ index 8038ee3..a19a6e6 100644
}
diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c
-index 405022d..fb70e53 100644
+index 7638121..357a965 100644
--- a/drivers/ata/pata_arasan_cf.c
+++ b/drivers/ata/pata_arasan_cf.c
-@@ -864,7 +864,9 @@ static int arasan_cf_probe(struct platform_device *pdev)
+@@ -865,7 +865,9 @@ static int arasan_cf_probe(struct platform_device *pdev)
/* Handle platform specific quirks */
- if (pdata->quirk) {
- if (pdata->quirk & CF_BROKEN_PIO) {
+ if (quirk) {
+ if (quirk & CF_BROKEN_PIO) {
- ap->ops->set_piomode = NULL;
+ pax_open_kernel();
+ *(void **)&ap->ops->set_piomode = NULL;
+ pax_close_kernel();
ap->pio_mask = 0;
}
- if (pdata->quirk & CF_BROKEN_MWDMA)
+ if (quirk & CF_BROKEN_MWDMA)
diff --git a/drivers/atm/adummy.c b/drivers/atm/adummy.c
index f9b983a..887b9d8 100644
--- a/drivers/atm/adummy.c
@@ -32382,7 +34282,7 @@ index 204814e..cede831 100644
fore200e->tx_sat++;
DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n",
diff --git a/drivers/atm/he.c b/drivers/atm/he.c
-index d689126..e78e412 100644
+index 507362a..a845e57 100644
--- a/drivers/atm/he.c
+++ b/drivers/atm/he.c
@@ -1698,7 +1698,7 @@ he_service_rbrq(struct he_dev *he_dev, int group)
@@ -33139,7 +35039,7 @@ index d78b204..ecc1929 100644
fn(cont, dev, &ic->classdev);
else
diff --git a/drivers/base/bus.c b/drivers/base/bus.c
-index 519865b..e540db3 100644
+index d414331..b4dd4ba 100644
--- a/drivers/base/bus.c
+++ b/drivers/base/bus.c
@@ -1163,7 +1163,7 @@ int subsys_interface_register(struct subsys_interface *sif)
@@ -33161,10 +35061,10 @@ index 519865b..e540db3 100644
subsys_dev_iter_init(&iter, subsys, NULL, NULL);
while ((dev = subsys_dev_iter_next(&iter)))
diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c
-index 01fc5b0..917801f 100644
+index 7413d06..79155fa 100644
--- a/drivers/base/devtmpfs.c
+++ b/drivers/base/devtmpfs.c
-@@ -348,7 +348,7 @@ int devtmpfs_mount(const char *mntdir)
+@@ -354,7 +354,7 @@ int devtmpfs_mount(const char *mntdir)
if (!thread)
return 0;
@@ -33173,7 +35073,7 @@ index 01fc5b0..917801f 100644
if (err)
printk(KERN_INFO "devtmpfs: error mounting %i\n", err);
else
-@@ -373,11 +373,11 @@ static int devtmpfsd(void *p)
+@@ -380,11 +380,11 @@ static int devtmpfsd(void *p)
*err = sys_unshare(CLONE_NEWNS);
if (*err)
goto out;
@@ -33189,10 +35089,10 @@ index 01fc5b0..917801f 100644
while (1) {
spin_lock(&req_lock);
diff --git a/drivers/base/node.c b/drivers/base/node.c
-index fac124a..66bd4ab 100644
+index 7616a77c..8f57f51 100644
--- a/drivers/base/node.c
+++ b/drivers/base/node.c
-@@ -625,7 +625,7 @@ static ssize_t print_nodes_state(enum node_states state, char *buf)
+@@ -626,7 +626,7 @@ static ssize_t print_nodes_state(enum node_states state, char *buf)
struct node_attr {
struct device_attribute attr;
enum node_states state;
@@ -33202,7 +35102,7 @@ index fac124a..66bd4ab 100644
static ssize_t show_node_state(struct device *dev,
struct device_attribute *attr, char *buf)
diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c
-index 9a6b05a..2fc8fb9 100644
+index 7072404..76dcebd 100644
--- a/drivers/base/power/domain.c
+++ b/drivers/base/power/domain.c
@@ -1850,7 +1850,7 @@ int pm_genpd_attach_cpuidle(struct generic_pm_domain *genpd, int state)
@@ -33298,10 +35198,10 @@ index e8d11b6..7b1b36f 100644
}
EXPORT_SYMBOL_GPL(unregister_syscore_ops);
diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
-index dadea48..a1f3835 100644
+index 62b6c2c..4a11354 100644
--- a/drivers/block/cciss.c
+++ b/drivers/block/cciss.c
-@@ -1184,6 +1184,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
+@@ -1189,6 +1189,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
int err;
u32 cp;
@@ -33310,7 +35210,7 @@ index dadea48..a1f3835 100644
err = 0;
err |=
copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
-@@ -3005,7 +3007,7 @@ static void start_io(ctlr_info_t *h)
+@@ -3010,7 +3012,7 @@ static void start_io(ctlr_info_t *h)
while (!list_empty(&h->reqQ)) {
c = list_entry(h->reqQ.next, CommandList_struct, list);
/* can't do anything if fifo is full */
@@ -33319,7 +35219,7 @@ index dadea48..a1f3835 100644
dev_warn(&h->pdev->dev, "fifo full\n");
break;
}
-@@ -3015,7 +3017,7 @@ static void start_io(ctlr_info_t *h)
+@@ -3020,7 +3022,7 @@ static void start_io(ctlr_info_t *h)
h->Qdepth--;
/* Tell the controller execute command */
@@ -33328,7 +35228,7 @@ index dadea48..a1f3835 100644
/* Put job onto the completed Q */
addQ(&h->cmpQ, c);
-@@ -3441,17 +3443,17 @@ startio:
+@@ -3446,17 +3448,17 @@ startio:
static inline unsigned long get_next_completion(ctlr_info_t *h)
{
@@ -33349,7 +35249,7 @@ index dadea48..a1f3835 100644
(h->interrupts_enabled == 0));
}
-@@ -3484,7 +3486,7 @@ static inline u32 next_command(ctlr_info_t *h)
+@@ -3489,7 +3491,7 @@ static inline u32 next_command(ctlr_info_t *h)
u32 a;
if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant)))
@@ -33358,7 +35258,7 @@ index dadea48..a1f3835 100644
if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) {
a = *(h->reply_pool_head); /* Next cmd in ring buffer */
-@@ -4041,7 +4043,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h)
+@@ -4046,7 +4048,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h)
trans_support & CFGTBL_Trans_use_short_tags);
/* Change the access methods to the performant access methods */
@@ -33367,7 +35267,7 @@ index dadea48..a1f3835 100644
h->transMethod = CFGTBL_Trans_Performant;
return;
-@@ -4310,7 +4312,7 @@ static int cciss_pci_init(ctlr_info_t *h)
+@@ -4319,7 +4321,7 @@ static int cciss_pci_init(ctlr_info_t *h)
if (prod_index < 0)
return -ENODEV;
h->product_name = products[prod_index].product_name;
@@ -33376,7 +35276,7 @@ index dadea48..a1f3835 100644
if (cciss_board_disabled(h)) {
dev_warn(&h->pdev->dev, "controller appears to be disabled\n");
-@@ -5032,7 +5034,7 @@ reinit_after_soft_reset:
+@@ -5051,7 +5053,7 @@ reinit_after_soft_reset:
}
/* make sure the board interrupts are off */
@@ -33385,7 +35285,7 @@ index dadea48..a1f3835 100644
rc = cciss_request_irq(h, do_cciss_msix_intr, do_cciss_intx);
if (rc)
goto clean2;
-@@ -5082,7 +5084,7 @@ reinit_after_soft_reset:
+@@ -5101,7 +5103,7 @@ reinit_after_soft_reset:
* fake ones to scoop up any residual completions.
*/
spin_lock_irqsave(&h->lock, flags);
@@ -33394,7 +35294,7 @@ index dadea48..a1f3835 100644
spin_unlock_irqrestore(&h->lock, flags);
free_irq(h->intr[h->intr_mode], h);
rc = cciss_request_irq(h, cciss_msix_discard_completions,
-@@ -5102,9 +5104,9 @@ reinit_after_soft_reset:
+@@ -5121,9 +5123,9 @@ reinit_after_soft_reset:
dev_info(&h->pdev->dev, "Board READY.\n");
dev_info(&h->pdev->dev,
"Waiting for stale completions to drain.\n");
@@ -33406,7 +35306,7 @@ index dadea48..a1f3835 100644
rc = controller_reset_failed(h->cfgtable);
if (rc)
-@@ -5127,7 +5129,7 @@ reinit_after_soft_reset:
+@@ -5146,7 +5148,7 @@ reinit_after_soft_reset:
cciss_scsi_setup(h);
/* Turn the interrupts on so we can service requests */
@@ -33415,7 +35315,7 @@ index dadea48..a1f3835 100644
/* Get the firmware version */
inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL);
-@@ -5199,7 +5201,7 @@ static void cciss_shutdown(struct pci_dev *pdev)
+@@ -5218,7 +5220,7 @@ static void cciss_shutdown(struct pci_dev *pdev)
kfree(flush_buf);
if (return_code != IO_OK)
dev_warn(&h->pdev->dev, "Error flushing cache\n");
@@ -33438,7 +35338,7 @@ index 7fda30e..eb5dfe0 100644
/* queue and queue Info */
struct list_head reqQ;
diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c
-index 3f08713..87d4b4a 100644
+index 639d26b..fd6ad1f 100644
--- a/drivers/block/cpqarray.c
+++ b/drivers/block/cpqarray.c
@@ -404,7 +404,7 @@ static int cpqarray_register_ctlr(int i, struct pci_dev *pdev)
@@ -33477,7 +35377,7 @@ index 3f08713..87d4b4a 100644
hba[ctlr]->ctlr = ctlr;
hba[ctlr]->board_id = board_id;
hba[ctlr]->pci_dev = NULL; /* not PCI */
-@@ -980,7 +980,7 @@ static void start_io(ctlr_info_t *h)
+@@ -978,7 +978,7 @@ static void start_io(ctlr_info_t *h)
while((c = h->reqQ) != NULL) {
/* Can't do anything if we're busy */
@@ -33486,7 +35386,7 @@ index 3f08713..87d4b4a 100644
return;
/* Get the first entry from the request Q */
-@@ -988,7 +988,7 @@ static void start_io(ctlr_info_t *h)
+@@ -986,7 +986,7 @@ static void start_io(ctlr_info_t *h)
h->Qdepth--;
/* Tell the controller to do our bidding */
@@ -33495,7 +35395,7 @@ index 3f08713..87d4b4a 100644
/* Get onto the completion Q */
addQ(&h->cmpQ, c);
-@@ -1050,7 +1050,7 @@ static irqreturn_t do_ida_intr(int irq, void *dev_id)
+@@ -1048,7 +1048,7 @@ static irqreturn_t do_ida_intr(int irq, void *dev_id)
unsigned long flags;
__u32 a,a1;
@@ -33504,7 +35404,7 @@ index 3f08713..87d4b4a 100644
/* Is this interrupt for us? */
if (istat == 0)
return IRQ_NONE;
-@@ -1061,7 +1061,7 @@ static irqreturn_t do_ida_intr(int irq, void *dev_id)
+@@ -1059,7 +1059,7 @@ static irqreturn_t do_ida_intr(int irq, void *dev_id)
*/
spin_lock_irqsave(IDA_LOCK(h->ctlr), flags);
if (istat & FIFO_NOT_EMPTY) {
@@ -33513,7 +35413,7 @@ index 3f08713..87d4b4a 100644
a1 = a; a &= ~3;
if ((c = h->cmpQ) == NULL)
{
-@@ -1195,6 +1195,7 @@ out_passthru:
+@@ -1193,6 +1193,7 @@ out_passthru:
ida_pci_info_struct pciinfo;
if (!arg) return -EINVAL;
@@ -33521,7 +35421,7 @@ index 3f08713..87d4b4a 100644
pciinfo.bus = host->pci_dev->bus->number;
pciinfo.dev_fn = host->pci_dev->devfn;
pciinfo.board_id = host->board_id;
-@@ -1449,11 +1450,11 @@ static int sendcmd(
+@@ -1447,11 +1448,11 @@ static int sendcmd(
/*
* Disable interrupt
*/
@@ -33535,7 +35435,7 @@ index 3f08713..87d4b4a 100644
if (temp != 0) {
break;
}
-@@ -1466,7 +1467,7 @@ DBG(
+@@ -1464,7 +1465,7 @@ DBG(
/*
* Send the cmd
*/
@@ -33544,7 +35444,7 @@ index 3f08713..87d4b4a 100644
complete = pollcomplete(ctlr);
pci_unmap_single(info_p->pci_dev, (dma_addr_t) c->req.sg[0].addr,
-@@ -1549,9 +1550,9 @@ static int revalidate_allvol(ctlr_info_t *host)
+@@ -1547,9 +1548,9 @@ static int revalidate_allvol(ctlr_info_t *host)
* we check the new geometry. Then turn interrupts back on when
* we're done.
*/
@@ -33556,7 +35456,7 @@ index 3f08713..87d4b4a 100644
for(i=0; i<NWD; i++) {
struct gendisk *disk = ida_gendisk[ctlr][i];
-@@ -1591,7 +1592,7 @@ static int pollcomplete(int ctlr)
+@@ -1589,7 +1590,7 @@ static int pollcomplete(int ctlr)
/* Wait (up to 2 seconds) for a command to complete */
for (i = 200000; i > 0; i--) {
@@ -33579,7 +35479,7 @@ index be73e9d..7fbf140 100644
cmdlist_t *reqQ;
cmdlist_t *cmpQ;
diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h
-index 6b51afa..17e1191 100644
+index f943aac..99bfd19 100644
--- a/drivers/block/drbd/drbd_int.h
+++ b/drivers/block/drbd/drbd_int.h
@@ -582,7 +582,7 @@ struct drbd_epoch {
@@ -33591,16 +35491,16 @@ index 6b51afa..17e1191 100644
atomic_t active; /* increased on every req. added, and dec on every finished. */
unsigned long flags;
};
-@@ -1011,7 +1011,7 @@ struct drbd_conf {
+@@ -1021,7 +1021,7 @@ struct drbd_conf {
+ unsigned int al_tr_number;
int al_tr_cycle;
- int al_tr_pos; /* position of the next transaction in the journal */
wait_queue_head_t seq_wait;
- atomic_t packet_seq;
+ atomic_unchecked_t packet_seq;
unsigned int peer_seq;
spinlock_t peer_seq_lock;
unsigned int minor;
-@@ -1527,7 +1527,7 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname,
+@@ -1562,7 +1562,7 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname,
char __user *uoptval;
int err;
@@ -33610,7 +35510,7 @@ index 6b51afa..17e1191 100644
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
-index 54d03d4..332f311 100644
+index a5dca6a..bb27967 100644
--- a/drivers/block/drbd/drbd_main.c
+++ b/drivers/block/drbd/drbd_main.c
@@ -1317,7 +1317,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packet cmd,
@@ -33643,10 +35543,10 @@ index 54d03d4..332f311 100644
idr_destroy(&tconn->volumes);
diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c
-index 2f5fffd..b22a1ae 100644
+index 4222aff..1f79506 100644
--- a/drivers/block/drbd/drbd_receiver.c
+++ b/drivers/block/drbd/drbd_receiver.c
-@@ -833,7 +833,7 @@ int drbd_connected(struct drbd_conf *mdev)
+@@ -834,7 +834,7 @@ int drbd_connected(struct drbd_conf *mdev)
{
int err;
@@ -33655,7 +35555,7 @@ index 2f5fffd..b22a1ae 100644
mdev->peer_seq = 0;
mdev->state_mutex = mdev->tconn->agreed_pro_version < 100 ?
-@@ -1191,7 +1191,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_tconn *tconn,
+@@ -1193,7 +1193,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_tconn *tconn,
do {
next_epoch = NULL;
@@ -33664,7 +35564,7 @@ index 2f5fffd..b22a1ae 100644
switch (ev & ~EV_CLEANUP) {
case EV_PUT:
-@@ -1231,7 +1231,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_tconn *tconn,
+@@ -1233,7 +1233,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_tconn *tconn,
rv = FE_DESTROYED;
} else {
epoch->flags = 0;
@@ -33673,7 +35573,7 @@ index 2f5fffd..b22a1ae 100644
/* atomic_set(&epoch->active, 0); is already zero */
if (rv == FE_STILL_LIVE)
rv = FE_RECYCLED;
-@@ -1449,7 +1449,7 @@ static int receive_Barrier(struct drbd_tconn *tconn, struct packet_info *pi)
+@@ -1451,7 +1451,7 @@ static int receive_Barrier(struct drbd_tconn *tconn, struct packet_info *pi)
conn_wait_active_ee_empty(tconn);
drbd_flush(tconn);
@@ -33682,7 +35582,7 @@ index 2f5fffd..b22a1ae 100644
epoch = kmalloc(sizeof(struct drbd_epoch), GFP_NOIO);
if (epoch)
break;
-@@ -1462,11 +1462,11 @@ static int receive_Barrier(struct drbd_tconn *tconn, struct packet_info *pi)
+@@ -1464,11 +1464,11 @@ static int receive_Barrier(struct drbd_tconn *tconn, struct packet_info *pi)
}
epoch->flags = 0;
@@ -33696,7 +35596,7 @@ index 2f5fffd..b22a1ae 100644
list_add(&epoch->list, &tconn->current_epoch->list);
tconn->current_epoch = epoch;
tconn->epochs++;
-@@ -2170,7 +2170,7 @@ static int receive_Data(struct drbd_tconn *tconn, struct packet_info *pi)
+@@ -2172,7 +2172,7 @@ static int receive_Data(struct drbd_tconn *tconn, struct packet_info *pi)
err = wait_for_and_update_peer_seq(mdev, peer_seq);
drbd_send_ack_dp(mdev, P_NEG_ACK, p, pi->size);
@@ -33705,7 +35605,7 @@ index 2f5fffd..b22a1ae 100644
err2 = drbd_drain_block(mdev, pi->size);
if (!err)
err = err2;
-@@ -2204,7 +2204,7 @@ static int receive_Data(struct drbd_tconn *tconn, struct packet_info *pi)
+@@ -2206,7 +2206,7 @@ static int receive_Data(struct drbd_tconn *tconn, struct packet_info *pi)
spin_lock(&tconn->epoch_lock);
peer_req->epoch = tconn->current_epoch;
@@ -33714,7 +35614,7 @@ index 2f5fffd..b22a1ae 100644
atomic_inc(&peer_req->epoch->active);
spin_unlock(&tconn->epoch_lock);
-@@ -4345,7 +4345,7 @@ struct data_cmd {
+@@ -4347,7 +4347,7 @@ struct data_cmd {
int expect_payload;
size_t pkt_size;
int (*fn)(struct drbd_tconn *, struct packet_info *);
@@ -33723,7 +35623,7 @@ index 2f5fffd..b22a1ae 100644
static struct data_cmd drbd_cmd_handler[] = {
[P_DATA] = { 1, sizeof(struct p_data), receive_Data },
-@@ -4465,7 +4465,7 @@ static void conn_disconnect(struct drbd_tconn *tconn)
+@@ -4467,7 +4467,7 @@ static void conn_disconnect(struct drbd_tconn *tconn)
if (!list_empty(&tconn->current_epoch->list))
conn_err(tconn, "ASSERTION FAILED: tconn->current_epoch->list not empty\n");
/* ok, no more ee's on the fly, it is safe to reset the epoch_size */
@@ -33732,7 +35632,7 @@ index 2f5fffd..b22a1ae 100644
tconn->send.seen_any_write_yet = false;
conn_info(tconn, "Connection closed\n");
-@@ -5221,7 +5221,7 @@ static int tconn_finish_peer_reqs(struct drbd_tconn *tconn)
+@@ -5223,7 +5223,7 @@ static int tconn_finish_peer_reqs(struct drbd_tconn *tconn)
struct asender_cmd {
size_t pkt_size;
int (*fn)(struct drbd_tconn *tconn, struct packet_info *);
@@ -33742,28 +35642,28 @@ index 2f5fffd..b22a1ae 100644
static struct asender_cmd asender_tbl[] = {
[P_PING] = { 0, got_Ping },
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
-index dfe7583..83768bb 100644
+index d92d50f..a7e9d97 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
-@@ -231,7 +231,7 @@ static int __do_lo_send_write(struct file *file,
- mm_segment_t old_fs = get_fs();
+@@ -232,7 +232,7 @@ static int __do_lo_send_write(struct file *file,
+ file_start_write(file);
set_fs(get_ds());
- bw = file->f_op->write(file, buf, len, &pos);
+ bw = file->f_op->write(file, (const char __force_user *)buf, len, &pos);
set_fs(old_fs);
+ file_end_write(file);
if (likely(bw == len))
- return 0;
diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c
-index 2e7de7a..ed86dc0 100644
+index f5d0ea1..c62380a 100644
--- a/drivers/block/pktcdvd.c
+++ b/drivers/block/pktcdvd.c
-@@ -83,7 +83,7 @@
-
+@@ -84,7 +84,7 @@
#define MAX_SPEED 0xffff
--#define ZONE(sector, pd) (((sector) + (pd)->offset) & ~((pd)->settings.size - 1))
-+#define ZONE(sector, pd) (((sector) + (pd)->offset) & ~((pd)->settings.size - 1UL))
+ #define ZONE(sector, pd) (((sector) + (pd)->offset) & \
+- ~(sector_t)((pd)->settings.size - 1))
++ ~(sector_t)((pd)->settings.size - 1UL))
static DEFINE_MUTEX(pktcdvd_mutex);
static struct pktcdvd_device *pkt_devs[MAX_WRITERS];
@@ -33820,7 +35720,7 @@ index 8a3aff7..d7538c2 100644
return 1;
diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c
-index d59cdcb..11afddf 100644
+index 4afcb65..a68a32d 100644
--- a/drivers/cdrom/gdrom.c
+++ b/drivers/cdrom/gdrom.c
@@ -491,7 +491,6 @@ static struct cdrom_device_ops gdrom_ops = {
@@ -33889,10 +35789,10 @@ index 2e04433..771f2cc 100644
kfree(segment);
return -EFAULT;
diff --git a/drivers/char/genrtc.c b/drivers/char/genrtc.c
-index 21cb980..f15107c 100644
+index 4f94375..413694e 100644
--- a/drivers/char/genrtc.c
+++ b/drivers/char/genrtc.c
-@@ -272,6 +272,7 @@ static int gen_rtc_ioctl(struct file *file,
+@@ -273,6 +273,7 @@ static int gen_rtc_ioctl(struct file *file,
switch (cmd) {
case RTC_PLL_GET:
@@ -33927,7 +35827,7 @@ index 86fe45c..c0ea948 100644
}
diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
-index 053201b..8335cce 100644
+index 4445fa1..7c6de37 100644
--- a/drivers/char/ipmi/ipmi_msghandler.c
+++ b/drivers/char/ipmi/ipmi_msghandler.c
@@ -420,7 +420,7 @@ struct ipmi_smi {
@@ -33951,7 +35851,7 @@ index 053201b..8335cce 100644
static int is_lan_addr(struct ipmi_addr *addr)
{
-@@ -2884,7 +2884,7 @@ int ipmi_register_smi(struct ipmi_smi_handlers *handlers,
+@@ -2883,7 +2883,7 @@ int ipmi_register_smi(struct ipmi_smi_handlers *handlers,
INIT_LIST_HEAD(&intf->cmd_rcvrs);
init_waitqueue_head(&intf->waitq);
for (i = 0; i < IPMI_NUM_STATS; i++)
@@ -33961,7 +35861,7 @@ index 053201b..8335cce 100644
intf->proc_dir = NULL;
diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
-index 0ac9b45..6179fb5 100644
+index af4b23f..79806fc 100644
--- a/drivers/char/ipmi/ipmi_si_intf.c
+++ b/drivers/char/ipmi/ipmi_si_intf.c
@@ -275,7 +275,7 @@ struct smi_info {
@@ -33985,7 +35885,7 @@ index 0ac9b45..6179fb5 100644
#define SI_MAX_PARMS 4
-@@ -3254,7 +3254,7 @@ static int try_smi_init(struct smi_info *new_smi)
+@@ -3258,7 +3258,7 @@ static int try_smi_init(struct smi_info *new_smi)
atomic_set(&new_smi->req_events, 0);
new_smi->run_to_completion = 0;
for (i = 0; i < SI_NUM_STATS; i++)
@@ -33995,7 +35895,7 @@ index 0ac9b45..6179fb5 100644
new_smi->interrupt_disabled = 1;
atomic_set(&new_smi->stop_operation, 0);
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 2c644af..4b7aede 100644
+index 1ccbe94..6ad651a 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -18,6 +18,7 @@
@@ -34006,7 +35906,7 @@ index 2c644af..4b7aede 100644
#include <linux/ptrace.h>
#include <linux/device.h>
#include <linux/highmem.h>
-@@ -37,6 +38,10 @@
+@@ -38,6 +39,10 @@
#define DEVPORT_MINOR 4
@@ -34017,7 +35917,7 @@ index 2c644af..4b7aede 100644
static inline unsigned long size_inside_page(unsigned long start,
unsigned long size)
{
-@@ -68,9 +73,13 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size)
+@@ -69,9 +74,13 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size)
while (cursor < to) {
if (!devmem_is_allowed(pfn)) {
@@ -34031,7 +35931,7 @@ index 2c644af..4b7aede 100644
return 0;
}
cursor += PAGE_SIZE;
-@@ -78,6 +87,11 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size)
+@@ -79,6 +88,11 @@ static inline int range_is_allowed(unsigned long pfn, unsigned long size)
}
return 1;
}
@@ -34043,7 +35943,7 @@ index 2c644af..4b7aede 100644
#else
static inline int range_is_allowed(unsigned long pfn, unsigned long size)
{
-@@ -120,6 +134,7 @@ static ssize_t read_mem(struct file *file, char __user *buf,
+@@ -121,6 +135,7 @@ static ssize_t read_mem(struct file *file, char __user *buf,
while (count > 0) {
unsigned long remaining;
@@ -34051,7 +35951,7 @@ index 2c644af..4b7aede 100644
sz = size_inside_page(p, count);
-@@ -135,7 +150,23 @@ static ssize_t read_mem(struct file *file, char __user *buf,
+@@ -136,7 +151,23 @@ static ssize_t read_mem(struct file *file, char __user *buf,
if (!ptr)
return -EFAULT;
@@ -34076,7 +35976,7 @@ index 2c644af..4b7aede 100644
unxlate_dev_mem_ptr(p, ptr);
if (remaining)
return -EFAULT;
-@@ -378,7 +409,7 @@ static ssize_t read_oldmem(struct file *file, char __user *buf,
+@@ -379,7 +410,7 @@ static ssize_t read_oldmem(struct file *file, char __user *buf,
else
csize = count;
@@ -34085,7 +35985,7 @@ index 2c644af..4b7aede 100644
if (rc < 0)
return rc;
buf += csize;
-@@ -398,9 +429,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
+@@ -399,9 +430,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
size_t count, loff_t *ppos)
{
unsigned long p = *ppos;
@@ -34096,7 +35996,7 @@ index 2c644af..4b7aede 100644
read = 0;
if (p < (unsigned long) high_memory) {
-@@ -422,6 +452,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
+@@ -423,6 +453,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
}
#endif
while (low_count > 0) {
@@ -34105,7 +36005,7 @@ index 2c644af..4b7aede 100644
sz = size_inside_page(p, low_count);
/*
-@@ -431,7 +463,22 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
+@@ -432,7 +464,22 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
*/
kbuf = xlate_dev_kmem_ptr((char *)p);
@@ -34129,7 +36029,7 @@ index 2c644af..4b7aede 100644
return -EFAULT;
buf += sz;
p += sz;
-@@ -833,6 +880,9 @@ static const struct memdev {
+@@ -869,6 +916,9 @@ static const struct memdev {
#ifdef CONFIG_CRASH_DUMP
[12] = { "oldmem", 0, &oldmem_fops, NULL },
#endif
@@ -34139,7 +36039,7 @@ index 2c644af..4b7aede 100644
};
static int memory_open(struct inode *inode, struct file *filp)
-@@ -904,7 +954,7 @@ static int __init chr_dev_init(void)
+@@ -940,7 +990,7 @@ static int __init chr_dev_init(void)
continue;
device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor),
@@ -34149,7 +36049,7 @@ index 2c644af..4b7aede 100644
return tty_init();
diff --git a/drivers/char/mwave/tp3780i.c b/drivers/char/mwave/tp3780i.c
-index c689697..04e6d6a 100644
+index c689697..04e6d6a2 100644
--- a/drivers/char/mwave/tp3780i.c
+++ b/drivers/char/mwave/tp3780i.c
@@ -479,6 +479,7 @@ int tp3780I_QueryAbilities(THINKPAD_BD_DATA * pBDData, MW_ABILITIES * pAbilities
@@ -34249,7 +36149,7 @@ index 5c5cc00..ac9edb7 100644
if (cmd != SIOCWANDEV)
diff --git a/drivers/char/random.c b/drivers/char/random.c
-index eccd7cc..98038d5 100644
+index 35487e8..dac8bd1 100644
--- a/drivers/char/random.c
+++ b/drivers/char/random.c
@@ -272,8 +272,13 @@
@@ -34415,10 +36315,10 @@ index 84ddc55..1d32f1e 100644
return 0;
}
diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c
-index ce5f3fc..e2d3e55 100644
+index fc45567..fa2a590 100644
--- a/drivers/char/virtio_console.c
+++ b/drivers/char/virtio_console.c
-@@ -679,7 +679,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count,
+@@ -682,7 +682,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count,
if (to_user) {
ssize_t ret;
@@ -34427,7 +36327,7 @@ index ce5f3fc..e2d3e55 100644
if (ret)
return -EFAULT;
} else {
-@@ -778,7 +778,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf,
+@@ -785,7 +785,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf,
if (!port_has_data(port) && !port->host_connected)
return 0;
@@ -34436,11 +36336,49 @@ index ce5f3fc..e2d3e55 100644
}
static int wait_port_writable(struct port *port, bool nonblock)
+diff --git a/drivers/clk/clk-composite.c b/drivers/clk/clk-composite.c
+index a33f46f..a720eed 100644
+--- a/drivers/clk/clk-composite.c
++++ b/drivers/clk/clk-composite.c
+@@ -122,7 +122,7 @@ struct clk *clk_register_composite(struct device *dev, const char *name,
+ struct clk *clk;
+ struct clk_init_data init;
+ struct clk_composite *composite;
+- struct clk_ops *clk_composite_ops;
++ clk_ops_no_const *clk_composite_ops;
+
+ composite = kzalloc(sizeof(*composite), GFP_KERNEL);
+ if (!composite) {
+diff --git a/drivers/clk/socfpga/clk.c b/drivers/clk/socfpga/clk.c
+index bd11315..7f87098 100644
+--- a/drivers/clk/socfpga/clk.c
++++ b/drivers/clk/socfpga/clk.c
+@@ -22,6 +22,7 @@
+ #include <linux/clk-provider.h>
+ #include <linux/io.h>
+ #include <linux/of.h>
++#include <asm/pgtable.h>
+
+ /* Clock Manager offsets */
+ #define CLKMGR_CTRL 0x0
+@@ -135,8 +136,10 @@ static __init struct clk *socfpga_clk_init(struct device_node *node,
+ if (strcmp(clk_name, "main_pll") || strcmp(clk_name, "periph_pll") ||
+ strcmp(clk_name, "sdram_pll")) {
+ socfpga_clk->hw.bit_idx = SOCFPGA_PLL_EXT_ENA;
+- clk_pll_ops.enable = clk_gate_ops.enable;
+- clk_pll_ops.disable = clk_gate_ops.disable;
++ pax_open_kernel();
++ *(void **)&clk_pll_ops.enable = clk_gate_ops.enable;
++ *(void **)&clk_pll_ops.disable = clk_gate_ops.disable;
++ pax_close_kernel();
+ }
+
+ clk = clk_register(NULL, &socfpga_clk->hw.hw);
diff --git a/drivers/clocksource/arm_arch_timer.c b/drivers/clocksource/arm_arch_timer.c
-index d7ad425..3e3f81f 100644
+index a2b2541..bc1e7ff 100644
--- a/drivers/clocksource/arm_arch_timer.c
+++ b/drivers/clocksource/arm_arch_timer.c
-@@ -262,7 +262,7 @@ static int __cpuinit arch_timer_cpu_notify(struct notifier_block *self,
+@@ -264,7 +264,7 @@ static int __cpuinit arch_timer_cpu_notify(struct notifier_block *self,
return NOTIFY_OK;
}
@@ -34449,6 +36387,19 @@ index d7ad425..3e3f81f 100644
.notifier_call = arch_timer_cpu_notify,
};
+diff --git a/drivers/clocksource/bcm_kona_timer.c b/drivers/clocksource/bcm_kona_timer.c
+index 350f493..489479e 100644
+--- a/drivers/clocksource/bcm_kona_timer.c
++++ b/drivers/clocksource/bcm_kona_timer.c
+@@ -199,7 +199,7 @@ static struct irqaction kona_timer_irq = {
+ .handler = kona_timer_interrupt,
+ };
+
+-static void __init kona_timer_init(void)
++static void __init kona_timer_init(struct device_node *np)
+ {
+ kona_timers_init();
+ kona_timer_clockevents_init();
diff --git a/drivers/clocksource/metag_generic.c b/drivers/clocksource/metag_generic.c
index ade7513..069445f 100644
--- a/drivers/clocksource/metag_generic.c
@@ -34463,7 +36414,7 @@ index ade7513..069445f 100644
};
diff --git a/drivers/cpufreq/acpi-cpufreq.c b/drivers/cpufreq/acpi-cpufreq.c
-index bb5939b..d9accb7 100644
+index edc089e..bc7c0bc 100644
--- a/drivers/cpufreq/acpi-cpufreq.c
+++ b/drivers/cpufreq/acpi-cpufreq.c
@@ -172,7 +172,7 @@ static ssize_t show_global_boost(struct kobject *kobj,
@@ -34475,7 +36426,7 @@ index bb5939b..d9accb7 100644
show_global_boost,
store_global_boost);
-@@ -712,8 +712,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
+@@ -705,8 +705,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
data->acpi_data = per_cpu_ptr(acpi_perf_data, cpu);
per_cpu(acfreq_data, cpu) = data;
@@ -34489,7 +36440,7 @@ index bb5939b..d9accb7 100644
result = acpi_processor_register_performance(data->acpi_data, cpu);
if (result)
-@@ -839,7 +842,9 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
+@@ -832,7 +835,9 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
policy->cur = acpi_cpufreq_guess_freq(data, policy->cpu);
break;
case ACPI_ADR_SPACE_FIXED_HARDWARE:
@@ -34500,7 +36451,7 @@ index bb5939b..d9accb7 100644
policy->cur = get_cur_freq_on_cpu(cpu);
break;
default:
-@@ -850,8 +855,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
+@@ -843,8 +848,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy)
acpi_processor_notify_smm(THIS_MODULE);
/* Check for APERF/MPERF support in hardware */
@@ -34515,10 +36466,10 @@ index bb5939b..d9accb7 100644
pr_debug("CPU%u - ACPI performance management activated.\n", cpu);
for (i = 0; i < perf->state_count; i++)
diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c
-index b02824d..51e44aa 100644
+index 6485547..477033e 100644
--- a/drivers/cpufreq/cpufreq.c
+++ b/drivers/cpufreq/cpufreq.c
-@@ -1813,7 +1813,7 @@ static int __cpuinit cpufreq_cpu_callback(struct notifier_block *nfb,
+@@ -1854,7 +1854,7 @@ static int __cpuinit cpufreq_cpu_callback(struct notifier_block *nfb,
return NOTIFY_OK;
}
@@ -34527,7 +36478,7 @@ index b02824d..51e44aa 100644
.notifier_call = cpufreq_cpu_callback,
};
-@@ -1845,8 +1845,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
+@@ -1886,8 +1886,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data)
pr_debug("trying to register driver %s\n", driver_data->name);
@@ -34539,36 +36490,77 @@ index b02824d..51e44aa 100644
+ pax_close_kernel();
+ }
- spin_lock_irqsave(&cpufreq_driver_lock, flags);
+ write_lock_irqsave(&cpufreq_driver_lock, flags);
if (cpufreq_driver) {
diff --git a/drivers/cpufreq/cpufreq_governor.c b/drivers/cpufreq/cpufreq_governor.c
-index 5a76086..0f4d394 100644
+index a86ff72..aad2b03 100644
--- a/drivers/cpufreq/cpufreq_governor.c
+++ b/drivers/cpufreq/cpufreq_governor.c
-@@ -201,8 +201,8 @@ int cpufreq_governor_dbs(struct dbs_data *dbs_data,
- {
+@@ -235,7 +235,7 @@ int cpufreq_governor_dbs(struct cpufreq_policy *policy,
+ struct dbs_data *dbs_data;
struct od_cpu_dbs_info_s *od_dbs_info = NULL;
struct cs_cpu_dbs_info_s *cs_dbs_info = NULL;
-- struct cs_ops *cs_ops = NULL;
- struct od_ops *od_ops = NULL;
-+ const struct cs_ops *cs_ops = NULL;
+ const struct od_ops *od_ops = NULL;
- struct od_dbs_tuners *od_tuners = dbs_data->tuners;
- struct cs_dbs_tuners *cs_tuners = dbs_data->tuners;
+ struct od_dbs_tuners *od_tuners = NULL;
+ struct cs_dbs_tuners *cs_tuners = NULL;
struct cpu_dbs_common_info *cpu_cdbs;
+@@ -298,7 +298,7 @@ int cpufreq_governor_dbs(struct cpufreq_policy *policy,
+
+ if ((cdata->governor == GOV_CONSERVATIVE) &&
+ (!policy->governor->initialized)) {
+- struct cs_ops *cs_ops = dbs_data->cdata->gov_ops;
++ const struct cs_ops *cs_ops = dbs_data->cdata->gov_ops;
+
+ cpufreq_register_notifier(cs_ops->notifier_block,
+ CPUFREQ_TRANSITION_NOTIFIER);
+@@ -315,7 +315,7 @@ int cpufreq_governor_dbs(struct cpufreq_policy *policy,
+
+ if ((dbs_data->cdata->governor == GOV_CONSERVATIVE) &&
+ (policy->governor->initialized == 1)) {
+- struct cs_ops *cs_ops = dbs_data->cdata->gov_ops;
++ const struct cs_ops *cs_ops = dbs_data->cdata->gov_ops;
+
+ cpufreq_unregister_notifier(cs_ops->notifier_block,
+ CPUFREQ_TRANSITION_NOTIFIER);
diff --git a/drivers/cpufreq/cpufreq_governor.h b/drivers/cpufreq/cpufreq_governor.h
-index cc4bd2f..ad142bc 100644
+index 0d9e6be..461fd3b 100644
--- a/drivers/cpufreq/cpufreq_governor.h
+++ b/drivers/cpufreq/cpufreq_governor.h
-@@ -142,7 +142,7 @@ struct dbs_data {
- void (*gov_check_cpu)(int cpu, unsigned int load);
+@@ -204,7 +204,7 @@ struct common_dbs_data {
+ void (*exit)(struct dbs_data *dbs_data);
/* Governor specific ops, see below */
- void *gov_ops;
+ const void *gov_ops;
};
- /* Governor specific ops, will be passed to dbs_data->gov_ops */
+ /* Governer Per policy data */
+diff --git a/drivers/cpufreq/cpufreq_ondemand.c b/drivers/cpufreq/cpufreq_ondemand.c
+index c087347..dad6268 100644
+--- a/drivers/cpufreq/cpufreq_ondemand.c
++++ b/drivers/cpufreq/cpufreq_ondemand.c
+@@ -615,14 +615,18 @@ void od_register_powersave_bias_handler(unsigned int (*f)
+ (struct cpufreq_policy *, unsigned int, unsigned int),
+ unsigned int powersave_bias)
+ {
+- od_ops.powersave_bias_target = f;
++ pax_open_kernel();
++ *(void **)&od_ops.powersave_bias_target = f;
++ pax_close_kernel();
+ od_set_powersave_bias(powersave_bias);
+ }
+ EXPORT_SYMBOL_GPL(od_register_powersave_bias_handler);
+
+ void od_unregister_powersave_bias_handler(void)
+ {
+- od_ops.powersave_bias_target = generic_powersave_bias_target;
++ pax_open_kernel();
++ *(void **)&od_ops.powersave_bias_target = generic_powersave_bias_target;
++ pax_close_kernel();
+ od_set_powersave_bias(0);
+ }
+ EXPORT_SYMBOL_GPL(od_unregister_powersave_bias_handler);
diff --git a/drivers/cpufreq/cpufreq_stats.c b/drivers/cpufreq/cpufreq_stats.c
index bfd6273..e39dd63 100644
--- a/drivers/cpufreq/cpufreq_stats.c
@@ -34583,10 +36575,10 @@ index bfd6273..e39dd63 100644
.priority = 1,
};
diff --git a/drivers/cpufreq/p4-clockmod.c b/drivers/cpufreq/p4-clockmod.c
-index 827629c9..0bc6a03 100644
+index 421ef37..e708530c 100644
--- a/drivers/cpufreq/p4-clockmod.c
+++ b/drivers/cpufreq/p4-clockmod.c
-@@ -167,10 +167,14 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c)
+@@ -160,10 +160,14 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c)
case 0x0F: /* Core Duo */
case 0x16: /* Celeron Core */
case 0x1C: /* Atom */
@@ -34603,7 +36595,7 @@ index 827629c9..0bc6a03 100644
/* fall through */
case 0x09: /* Pentium M (Banias) */
return speedstep_get_frequency(SPEEDSTEP_CPU_PM);
-@@ -182,7 +186,9 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c)
+@@ -175,7 +179,9 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c)
/* on P-4s, the TSC runs with constant frequency independent whether
* throttling is active or not. */
@@ -34614,8 +36606,117 @@ index 827629c9..0bc6a03 100644
if (speedstep_detect_processor() == SPEEDSTEP_CPU_P4M) {
printk(KERN_WARNING PFX "Warning: Pentium 4-M detected. "
+diff --git a/drivers/cpufreq/sparc-us3-cpufreq.c b/drivers/cpufreq/sparc-us3-cpufreq.c
+index c71ee14..7c2e183 100644
+--- a/drivers/cpufreq/sparc-us3-cpufreq.c
++++ b/drivers/cpufreq/sparc-us3-cpufreq.c
+@@ -18,14 +18,12 @@
+ #include <asm/head.h>
+ #include <asm/timer.h>
+
+-static struct cpufreq_driver *cpufreq_us3_driver;
+-
+ struct us3_freq_percpu_info {
+ struct cpufreq_frequency_table table[4];
+ };
+
+ /* Indexed by cpu number. */
+-static struct us3_freq_percpu_info *us3_freq_table;
++static struct us3_freq_percpu_info us3_freq_table[NR_CPUS];
+
+ /* UltraSPARC-III has three dividers: 1, 2, and 32. These are controlled
+ * in the Safari config register.
+@@ -186,12 +184,25 @@ static int __init us3_freq_cpu_init(struct cpufreq_policy *policy)
+
+ static int us3_freq_cpu_exit(struct cpufreq_policy *policy)
+ {
+- if (cpufreq_us3_driver)
+- us3_set_cpu_divider_index(policy, 0);
++ us3_set_cpu_divider_index(policy->cpu, 0);
+
+ return 0;
+ }
+
++static int __init us3_freq_init(void);
++static void __exit us3_freq_exit(void);
++
++static struct cpufreq_driver cpufreq_us3_driver = {
++ .init = us3_freq_cpu_init,
++ .verify = us3_freq_verify,
++ .target = us3_freq_target,
++ .get = us3_freq_get,
++ .exit = us3_freq_cpu_exit,
++ .owner = THIS_MODULE,
++ .name = "UltraSPARC-III",
++
++};
++
+ static int __init us3_freq_init(void)
+ {
+ unsigned long manuf, impl, ver;
+@@ -208,57 +219,15 @@ static int __init us3_freq_init(void)
+ (impl == CHEETAH_IMPL ||
+ impl == CHEETAH_PLUS_IMPL ||
+ impl == JAGUAR_IMPL ||
+- impl == PANTHER_IMPL)) {
+- struct cpufreq_driver *driver;
+-
+- ret = -ENOMEM;
+- driver = kzalloc(sizeof(struct cpufreq_driver), GFP_KERNEL);
+- if (!driver)
+- goto err_out;
+-
+- us3_freq_table = kzalloc(
+- (NR_CPUS * sizeof(struct us3_freq_percpu_info)),
+- GFP_KERNEL);
+- if (!us3_freq_table)
+- goto err_out;
+-
+- driver->init = us3_freq_cpu_init;
+- driver->verify = us3_freq_verify;
+- driver->target = us3_freq_target;
+- driver->get = us3_freq_get;
+- driver->exit = us3_freq_cpu_exit;
+- driver->owner = THIS_MODULE,
+- strcpy(driver->name, "UltraSPARC-III");
+-
+- cpufreq_us3_driver = driver;
+- ret = cpufreq_register_driver(driver);
+- if (ret)
+- goto err_out;
+-
+- return 0;
+-
+-err_out:
+- if (driver) {
+- kfree(driver);
+- cpufreq_us3_driver = NULL;
+- }
+- kfree(us3_freq_table);
+- us3_freq_table = NULL;
+- return ret;
+- }
++ impl == PANTHER_IMPL))
++ return cpufreq_register_driver(&cpufreq_us3_driver);
+
+ return -ENODEV;
+ }
+
+ static void __exit us3_freq_exit(void)
+ {
+- if (cpufreq_us3_driver) {
+- cpufreq_unregister_driver(cpufreq_us3_driver);
+- kfree(cpufreq_us3_driver);
+- cpufreq_us3_driver = NULL;
+- kfree(us3_freq_table);
+- us3_freq_table = NULL;
+- }
++ cpufreq_unregister_driver(&cpufreq_us3_driver);
+ }
+
+ MODULE_AUTHOR("David S. Miller <davem@redhat.com>");
diff --git a/drivers/cpufreq/speedstep-centrino.c b/drivers/cpufreq/speedstep-centrino.c
-index 3a953d5..f5993f6 100644
+index 618e6f4..e89d915 100644
--- a/drivers/cpufreq/speedstep-centrino.c
+++ b/drivers/cpufreq/speedstep-centrino.c
@@ -353,8 +353,11 @@ static int centrino_cpu_init(struct cpufreq_policy *policy)
@@ -34633,10 +36734,10 @@ index 3a953d5..f5993f6 100644
if (policy->cpu != 0)
return -ENODEV;
diff --git a/drivers/cpuidle/cpuidle.c b/drivers/cpuidle/cpuidle.c
-index eba6929..0f53baf 100644
+index c3a93fe..e808f24 100644
--- a/drivers/cpuidle/cpuidle.c
+++ b/drivers/cpuidle/cpuidle.c
-@@ -277,7 +277,7 @@ static int poll_idle(struct cpuidle_device *dev,
+@@ -254,7 +254,7 @@ static int poll_idle(struct cpuidle_device *dev,
static void poll_idle_init(struct cpuidle_driver *drv)
{
@@ -34724,45 +36825,11 @@ index b70709b..1d8d02a 100644
.notifier_call = sh_dmae_nmi_handler,
/* Run before NMI debug handler and KGDB */
-diff --git a/drivers/edac/edac_mc.c b/drivers/edac/edac_mc.c
-index 27e86d9..89e1090 100644
---- a/drivers/edac/edac_mc.c
-+++ b/drivers/edac/edac_mc.c
-@@ -48,6 +48,8 @@ static LIST_HEAD(mc_devices);
- */
- static void const *edac_mc_owner;
-
-+static struct bus_type mc_bus[EDAC_MAX_MCS];
-+
- unsigned edac_dimm_info_location(struct dimm_info *dimm, char *buf,
- unsigned len)
- {
-@@ -723,6 +725,11 @@ int edac_mc_add_mc(struct mem_ctl_info *mci)
- int ret = -EINVAL;
- edac_dbg(0, "\n");
-
-+ if (mci->mc_idx >= EDAC_MAX_MCS) {
-+ pr_warn_once("Too many memory controllers: %d\n", mci->mc_idx);
-+ return -ENODEV;
-+ }
-+
- #ifdef CONFIG_EDAC_DEBUG
- if (edac_debug_level >= 3)
- edac_mc_dump_mci(mci);
-@@ -762,6 +769,8 @@ int edac_mc_add_mc(struct mem_ctl_info *mci)
- /* set load time so that error rate can be tracked */
- mci->start_time = jiffies;
-
-+ mci->bus = &mc_bus[mci->mc_idx];
-+
- if (edac_create_sysfs_mci_device(mci)) {
- edac_mc_printk(mci, KERN_WARNING,
- "failed to create sysfs device\n");
diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c
-index 769d92e..8baa11a 100644
+index c4d700a..0b57abd 100644
--- a/drivers/edac/edac_mc_sysfs.c
+++ b/drivers/edac/edac_mc_sysfs.c
-@@ -148,7 +148,7 @@ static const char *edac_caps[] = {
+@@ -148,7 +148,7 @@ static const char * const edac_caps[] = {
struct dev_ch_attribute {
struct device_attribute attr;
int channel;
@@ -34771,60 +36838,7 @@ index 769d92e..8baa11a 100644
#define DEVICE_CHANNEL(_name, _mode, _show, _store, _var) \
struct dev_ch_attribute dev_attr_legacy_##_name = \
-@@ -370,7 +370,7 @@ static int edac_create_csrow_object(struct mem_ctl_info *mci,
- return -ENODEV;
-
- csrow->dev.type = &csrow_attr_type;
-- csrow->dev.bus = &mci->bus;
-+ csrow->dev.bus = mci->bus;
- device_initialize(&csrow->dev);
- csrow->dev.parent = &mci->dev;
- csrow->mci = mci;
-@@ -605,7 +605,7 @@ static int edac_create_dimm_object(struct mem_ctl_info *mci,
- dimm->mci = mci;
-
- dimm->dev.type = &dimm_attr_type;
-- dimm->dev.bus = &mci->bus;
-+ dimm->dev.bus = mci->bus;
- device_initialize(&dimm->dev);
-
- dimm->dev.parent = &mci->dev;
-@@ -975,11 +975,13 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info *mci)
- * The memory controller needs its own bus, in order to avoid
- * namespace conflicts at /sys/bus/edac.
- */
-- mci->bus.name = kasprintf(GFP_KERNEL, "mc%d", mci->mc_idx);
-- if (!mci->bus.name)
-+ mci->bus->name = kasprintf(GFP_KERNEL, "mc%d", mci->mc_idx);
-+ if (!mci->bus->name)
- return -ENOMEM;
-- edac_dbg(0, "creating bus %s\n", mci->bus.name);
-- err = bus_register(&mci->bus);
-+
-+ edac_dbg(0, "creating bus %s\n", mci->bus->name);
-+
-+ err = bus_register(mci->bus);
- if (err < 0)
- return err;
-
-@@ -988,7 +990,7 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info *mci)
- device_initialize(&mci->dev);
-
- mci->dev.parent = mci_pdev;
-- mci->dev.bus = &mci->bus;
-+ mci->dev.bus = mci->bus;
- dev_set_name(&mci->dev, "mc%d", mci->mc_idx);
- dev_set_drvdata(&mci->dev, mci);
- pm_runtime_forbid(&mci->dev);
-@@ -997,20 +999,22 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info *mci)
- err = device_add(&mci->dev);
- if (err < 0) {
- edac_dbg(1, "failure: create device %s\n", dev_name(&mci->dev));
-- bus_unregister(&mci->bus);
-- kfree(mci->bus.name);
-+ bus_unregister(mci->bus);
-+ kfree(mci->bus->name);
- return err;
+@@ -1005,14 +1005,16 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info *mci)
}
if (mci->set_sdram_scrub_rate || mci->get_sdram_scrub_rate) {
@@ -34845,28 +36859,6 @@ index 769d92e..8baa11a 100644
err = device_create_file(&mci->dev,
&dev_attr_sdram_scrub_rate);
if (err) {
-@@ -1064,8 +1068,8 @@ fail:
- }
- fail2:
- device_unregister(&mci->dev);
-- bus_unregister(&mci->bus);
-- kfree(mci->bus.name);
-+ bus_unregister(mci->bus);
-+ kfree(mci->bus->name);
- return err;
- }
-
-@@ -1098,8 +1102,8 @@ void edac_unregister_sysfs(struct mem_ctl_info *mci)
- {
- edac_dbg(1, "Unregistering device %s\n", dev_name(&mci->dev));
- device_unregister(&mci->dev);
-- bus_unregister(&mci->bus);
-- kfree(mci->bus.name);
-+ bus_unregister(mci->bus);
-+ kfree(mci->bus->name);
- }
-
- static void mc_attr_release(struct device *dev)
diff --git a/drivers/edac/edac_pci_sysfs.c b/drivers/edac/edac_pci_sysfs.c
index e8658e4..22746d6 100644
--- a/drivers/edac/edac_pci_sysfs.c
@@ -34963,19 +36955,6 @@ index e8658e4..22746d6 100644
panic("EDAC: PCI Parity Error");
}
}
-diff --git a/drivers/edac/i5100_edac.c b/drivers/edac/i5100_edac.c
-index 1b63517..157b934 100644
---- a/drivers/edac/i5100_edac.c
-+++ b/drivers/edac/i5100_edac.c
-@@ -974,7 +974,7 @@ static int i5100_setup_debugfs(struct mem_ctl_info *mci)
- if (!i5100_debugfs)
- return -ENODEV;
-
-- priv->debugfs = debugfs_create_dir(mci->bus.name, i5100_debugfs);
-+ priv->debugfs = debugfs_create_dir(mci->bus->name, i5100_debugfs);
-
- if (!priv->debugfs)
- return -ENOMEM;
diff --git a/drivers/edac/mce_amd.h b/drivers/edac/mce_amd.h
index 51b7e3a..aa8a3e8 100644
--- a/drivers/edac/mce_amd.h
@@ -35002,22 +36981,8 @@ index 57ea7f4..789e3c3 100644
card->driver->update_phy_reg(card, 4,
PHY_LINK_ACTIVE | PHY_CONTENDER, 0);
-diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
-index 27ac423..13573e8 100644
---- a/drivers/firewire/core-cdev.c
-+++ b/drivers/firewire/core-cdev.c
-@@ -1366,8 +1366,7 @@ static int init_iso_resource(struct client *client,
- int ret;
-
- if ((request->channels == 0 && request->bandwidth == 0) ||
-- request->bandwidth > BANDWIDTH_AVAILABLE_INITIAL ||
-- request->bandwidth < 0)
-+ request->bandwidth > BANDWIDTH_AVAILABLE_INITIAL)
- return -EINVAL;
-
- r = kmalloc(sizeof(*r), GFP_KERNEL);
diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c
-index 03ce7d9..b70f5da 100644
+index 664a6ff..af13580 100644
--- a/drivers/firewire/core-device.c
+++ b/drivers/firewire/core-device.c
@@ -232,7 +232,7 @@ EXPORT_SYMBOL(fw_device_enable_phys_dma);
@@ -35067,10 +37032,10 @@ index 94a58a0..f5eba42 100644
container_of(_dev_attr, struct dmi_device_attribute, dev_attr)
diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c
-index 4cd392d..4b629e1 100644
+index b95159b..841ae55 100644
--- a/drivers/firmware/dmi_scan.c
+++ b/drivers/firmware/dmi_scan.c
-@@ -490,11 +490,6 @@ void __init dmi_scan_machine(void)
+@@ -497,11 +497,6 @@ void __init dmi_scan_machine(void)
}
}
else {
@@ -35082,7 +37047,7 @@ index 4cd392d..4b629e1 100644
p = dmi_ioremap(0xF0000, 0x10000);
if (p == NULL)
goto error;
-@@ -769,7 +764,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *),
+@@ -786,7 +781,7 @@ int dmi_walk(void (*decode)(const struct dmi_header *, void *),
if (buf == NULL)
return -1;
@@ -35091,22 +37056,39 @@ index 4cd392d..4b629e1 100644
iounmap(buf);
return 0;
-diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c
-index f4baa11..7970c3a 100644
---- a/drivers/firmware/efivars.c
-+++ b/drivers/firmware/efivars.c
-@@ -139,7 +139,7 @@ struct efivar_attribute {
+diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
+index 5145fa3..0d3babd 100644
+--- a/drivers/firmware/efi/efi.c
++++ b/drivers/firmware/efi/efi.c
+@@ -65,14 +65,16 @@ static struct attribute_group efi_subsys_attr_group = {
};
- static struct efivars __efivars;
--static struct efivar_operations ops;
-+static efivar_operations_no_const ops __read_only;
+ static struct efivars generic_efivars;
+-static struct efivar_operations generic_ops;
++static efivar_operations_no_const generic_ops __read_only;
- #define PSTORE_EFI_ATTRIBUTES \
- (EFI_VARIABLE_NON_VOLATILE | \
-@@ -1844,7 +1844,7 @@ efivar_create_sysfs_entry(struct efivars *efivars,
+ static int generic_ops_register(void)
+ {
+- generic_ops.get_variable = efi.get_variable;
+- generic_ops.set_variable = efi.set_variable;
+- generic_ops.get_next_variable = efi.get_next_variable;
+- generic_ops.query_variable_store = efi_query_variable_store;
++ pax_open_kernel();
++ *(void **)&generic_ops.get_variable = efi.get_variable;
++ *(void **)&generic_ops.set_variable = efi.set_variable;
++ *(void **)&generic_ops.get_next_variable = efi.get_next_variable;
++ *(void **)&generic_ops.query_variable_store = efi_query_variable_store;
++ pax_close_kernel();
+
+ return efivars_register(&generic_efivars, &generic_ops, efi_kobj);
+ }
+diff --git a/drivers/firmware/efi/efivars.c b/drivers/firmware/efi/efivars.c
+index 8bd1bb6..c48b0c6 100644
+--- a/drivers/firmware/efi/efivars.c
++++ b/drivers/firmware/efi/efivars.c
+@@ -452,7 +452,7 @@ efivar_create_sysfs_entry(struct efivar_entry *new_var)
static int
- create_efivars_bin_attributes(struct efivars *efivars)
+ create_efivars_bin_attributes(void)
{
- struct bin_attribute *attr;
+ bin_attribute_no_const *attr;
@@ -35129,7 +37111,7 @@ index 2a90ba6..07f3733 100644
ret = sysfs_create_bin_file(firmware_kobj, &memconsole_bin_attr);
diff --git a/drivers/gpio/gpio-ich.c b/drivers/gpio/gpio-ich.c
-index de3c317..b7cd029 100644
+index e16d932..f0206ef 100644
--- a/drivers/gpio/gpio-ich.c
+++ b/drivers/gpio/gpio-ich.c
@@ -69,7 +69,7 @@ struct ichx_desc {
@@ -35155,10 +37137,10 @@ index 9902732..64b62dd 100644
return -EINVAL;
}
diff --git a/drivers/gpu/drm/drm_crtc_helper.c b/drivers/gpu/drm/drm_crtc_helper.c
-index 7b2d378..cc947ea 100644
+index ed1334e..ee0dd42 100644
--- a/drivers/gpu/drm/drm_crtc_helper.c
+++ b/drivers/gpu/drm/drm_crtc_helper.c
-@@ -319,7 +319,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder,
+@@ -321,7 +321,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder,
struct drm_crtc *tmp;
int crtc_mask = 1;
@@ -35168,7 +37150,7 @@ index 7b2d378..cc947ea 100644
dev = crtc->dev;
diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c
-index 25f91cd..a376f55 100644
+index 9cc247f..36aa285 100644
--- a/drivers/gpu/drm/drm_drv.c
+++ b/drivers/gpu/drm/drm_drv.c
@@ -306,7 +306,7 @@ module_exit(drm_core_exit);
@@ -35183,7 +37165,7 @@ index 25f91cd..a376f55 100644
@@ -376,7 +376,7 @@ long drm_ioctl(struct file *filp,
struct drm_file *file_priv = filp->private_data;
struct drm_device *dev;
- struct drm_ioctl_desc *ioctl;
+ const struct drm_ioctl_desc *ioctl = NULL;
- drm_ioctl_t *func;
+ drm_ioctl_no_const_t func;
unsigned int nr = DRM_IOCTL_NR(cmd);
@@ -35197,29 +37179,7 @@ index 25f91cd..a376f55 100644
+ atomic_inc_unchecked(&dev->counts[_DRM_STAT_IOCTLS]);
++file_priv->ioctl_count;
- DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n",
-diff --git a/drivers/gpu/drm/drm_encoder_slave.c b/drivers/gpu/drm/drm_encoder_slave.c
-index 48c52f7..0cfb60f 100644
---- a/drivers/gpu/drm/drm_encoder_slave.c
-+++ b/drivers/gpu/drm/drm_encoder_slave.c
-@@ -54,16 +54,12 @@ int drm_i2c_encoder_init(struct drm_device *dev,
- struct i2c_adapter *adap,
- const struct i2c_board_info *info)
- {
-- char modalias[sizeof(I2C_MODULE_PREFIX)
-- + I2C_NAME_SIZE];
- struct module *module = NULL;
- struct i2c_client *client;
- struct drm_i2c_encoder_driver *encoder_drv;
- int err = 0;
-
-- snprintf(modalias, sizeof(modalias),
-- "%s%s", I2C_MODULE_PREFIX, info->type);
-- request_module(modalias);
-+ request_module("%s%s", I2C_MODULE_PREFIX, info->type);
-
- client = i2c_new_device(adap, info);
- if (!client) {
+ if ((nr >= DRM_CORE_IOCTL_COUNT) &&
diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
index 429e07d..e681a2c 100644
--- a/drivers/gpu/drm/drm_fops.c
@@ -35486,7 +37446,7 @@ index d752c96..fe08455 100644
if (drm_lock_free(&master->lock, lock->context)) {
/* FIXME: Should really bail out here. */
diff --git a/drivers/gpu/drm/drm_stub.c b/drivers/gpu/drm/drm_stub.c
-index 7d30802..42c6cbb 100644
+index 16f3ec5..b28f9ca 100644
--- a/drivers/gpu/drm/drm_stub.c
+++ b/drivers/gpu/drm/drm_stub.c
@@ -501,7 +501,7 @@ void drm_unplug_dev(struct drm_device *dev)
@@ -35553,7 +37513,7 @@ index 6e0acad..93c8289 100644
int front_offset;
} drm_i810_private_t;
diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c
-index 7299ea4..5314487 100644
+index e913d32..4d9b351 100644
--- a/drivers/gpu/drm/i915/i915_debugfs.c
+++ b/drivers/gpu/drm/i915/i915_debugfs.c
@@ -499,7 +499,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data)
@@ -35566,7 +37526,7 @@ index 7299ea4..5314487 100644
if (IS_GEN6(dev) || IS_GEN7(dev)) {
seq_printf(m,
diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c
-index 4fa6beb..f930fec 100644
+index 17d9b0b..860e6d9 100644
--- a/drivers/gpu/drm/i915/i915_dma.c
+++ b/drivers/gpu/drm/i915/i915_dma.c
@@ -1259,7 +1259,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev)
@@ -35579,10 +37539,10 @@ index 4fa6beb..f930fec 100644
return can_switch;
}
diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h
-index ef99b1c..09ce7fb 100644
+index 47d8b68..52f5d8d 100644
--- a/drivers/gpu/drm/i915/i915_drv.h
+++ b/drivers/gpu/drm/i915/i915_drv.h
-@@ -893,7 +893,7 @@ typedef struct drm_i915_private {
+@@ -916,7 +916,7 @@ typedef struct drm_i915_private {
drm_dma_handle_t *status_page_dmah;
struct resource mch_res;
@@ -35591,7 +37551,7 @@ index ef99b1c..09ce7fb 100644
/* protects the irq masks */
spinlock_t irq_lock;
-@@ -1775,7 +1775,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter(
+@@ -1813,7 +1813,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter(
struct drm_i915_private *dev_priv, unsigned port);
extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed);
extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit);
@@ -35601,10 +37561,10 @@ index ef99b1c..09ce7fb 100644
return container_of(adapter, struct intel_gmbus, adapter)->force_bit;
}
diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
-index 9a48e1a..f0cbc3e 100644
+index 117ce38..eefd237 100644
--- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c
+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c
-@@ -729,9 +729,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
+@@ -727,9 +727,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec)
static int
validate_exec_list(struct drm_i915_gem_exec_object2 *exec,
@@ -35616,15 +37576,6 @@ index 9a48e1a..f0cbc3e 100644
int relocs_total = 0;
int relocs_max = INT_MAX / sizeof(struct drm_i915_gem_relocation_entry);
-@@ -1195,7 +1195,7 @@ i915_gem_execbuffer2(struct drm_device *dev, void *data,
- return -ENOMEM;
- }
- ret = copy_from_user(exec2_list,
-- (struct drm_i915_relocation_entry __user *)
-+ (struct drm_i915_gem_exec_object2 __user *)
- (uintptr_t) args->buffers_ptr,
- sizeof(*exec2_list) * args->buffer_count);
- if (ret != 0) {
diff --git a/drivers/gpu/drm/i915/i915_ioc32.c b/drivers/gpu/drm/i915/i915_ioc32.c
index 3c59584..500f2e9 100644
--- a/drivers/gpu/drm/i915/i915_ioc32.c
@@ -35661,10 +37612,10 @@ index 3c59584..500f2e9 100644
return ret;
diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c
-index 3c7bb04..182e049 100644
+index e5e32869..1678f36 100644
--- a/drivers/gpu/drm/i915/i915_irq.c
+++ b/drivers/gpu/drm/i915/i915_irq.c
-@@ -549,7 +549,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg)
+@@ -670,7 +670,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg)
int pipe;
u32 pipe_stats[I915_MAX_PIPES];
@@ -35673,7 +37624,7 @@ index 3c7bb04..182e049 100644
while (true) {
iir = I915_READ(VLV_IIR);
-@@ -705,7 +705,7 @@ static irqreturn_t ivybridge_irq_handler(int irq, void *arg)
+@@ -835,7 +835,7 @@ static irqreturn_t ivybridge_irq_handler(int irq, void *arg)
irqreturn_t ret = IRQ_NONE;
int i;
@@ -35682,7 +37633,7 @@ index 3c7bb04..182e049 100644
/* disable master interrupt before clearing iir */
de_ier = I915_READ(DEIER);
-@@ -791,7 +791,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg)
+@@ -925,7 +925,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg)
int ret = IRQ_NONE;
u32 de_iir, gt_iir, de_ier, pm_iir, sde_ier;
@@ -35691,7 +37642,7 @@ index 3c7bb04..182e049 100644
/* disable master interrupt before clearing iir */
de_ier = I915_READ(DEIER);
-@@ -1886,7 +1886,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
+@@ -2089,7 +2089,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev)
{
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
@@ -35700,7 +37651,7 @@ index 3c7bb04..182e049 100644
I915_WRITE(HWSTAM, 0xeffe);
-@@ -1912,7 +1912,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev)
+@@ -2124,7 +2124,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -35709,7 +37660,7 @@ index 3c7bb04..182e049 100644
/* VLV magic */
I915_WRITE(VLV_IMR, 0);
-@@ -2208,7 +2208,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev)
+@@ -2411,7 +2411,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -35718,7 +37669,7 @@ index 3c7bb04..182e049 100644
for_each_pipe(pipe)
I915_WRITE(PIPESTAT(pipe), 0);
-@@ -2259,7 +2259,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg)
+@@ -2490,7 +2490,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg)
I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT |
I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
@@ -35727,7 +37678,7 @@ index 3c7bb04..182e049 100644
iir = I915_READ16(IIR);
if (iir == 0)
-@@ -2344,7 +2344,7 @@ static void i915_irq_preinstall(struct drm_device * dev)
+@@ -2565,7 +2565,7 @@ static void i915_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -35736,8 +37687,8 @@ index 3c7bb04..182e049 100644
if (I915_HAS_HOTPLUG(dev)) {
I915_WRITE(PORT_HOTPLUG_EN, 0);
-@@ -2448,7 +2448,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg)
- };
+@@ -2664,7 +2664,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg)
+ I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
int pipe, ret = IRQ_NONE;
- atomic_inc(&dev_priv->irq_received);
@@ -35745,7 +37696,7 @@ index 3c7bb04..182e049 100644
iir = I915_READ(IIR);
do {
-@@ -2574,7 +2574,7 @@ static void i965_irq_preinstall(struct drm_device * dev)
+@@ -2791,7 +2791,7 @@ static void i965_irq_preinstall(struct drm_device * dev)
drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private;
int pipe;
@@ -35754,9 +37705,9 @@ index 3c7bb04..182e049 100644
I915_WRITE(PORT_HOTPLUG_EN, 0);
I915_WRITE(PORT_HOTPLUG_STAT, I915_READ(PORT_HOTPLUG_STAT));
-@@ -2690,7 +2690,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg)
- int irq_received;
- int ret = IRQ_NONE, pipe;
+@@ -2898,7 +2898,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg)
+ I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT |
+ I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT;
- atomic_inc(&dev_priv->irq_received);
+ atomic_inc_unchecked(&dev_priv->irq_received);
@@ -35764,10 +37715,10 @@ index 3c7bb04..182e049 100644
iir = I915_READ(IIR);
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index 2ab65b4..acbd821 100644
+index eea5982..eeef407 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
-@@ -8742,13 +8742,13 @@ struct intel_quirk {
+@@ -8935,13 +8935,13 @@ struct intel_quirk {
int subsystem_vendor;
int subsystem_device;
void (*hook)(struct drm_device *dev);
@@ -35783,7 +37734,7 @@ index 2ab65b4..acbd821 100644
static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
{
-@@ -8756,18 +8756,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
+@@ -8949,18 +8949,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
return 1;
}
@@ -35906,7 +37857,7 @@ index 598c281..60d590e 100644
*sequence = cur_fence;
diff --git a/drivers/gpu/drm/nouveau/nouveau_bios.c b/drivers/gpu/drm/nouveau/nouveau_bios.c
-index 50a6dd0..ea66ed8 100644
+index 6aa2137..fe8dc55 100644
--- a/drivers/gpu/drm/nouveau/nouveau_bios.c
+++ b/drivers/gpu/drm/nouveau/nouveau_bios.c
@@ -965,7 +965,7 @@ static int parse_bit_tmds_tbl_entry(struct drm_device *dev, struct nvbios *bios,
@@ -35919,10 +37870,10 @@ index 50a6dd0..ea66ed8 100644
#define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry })
diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.h b/drivers/gpu/drm/nouveau/nouveau_drm.h
-index 9c39baf..30a22be 100644
+index f2b30f8..d0f9a95 100644
--- a/drivers/gpu/drm/nouveau/nouveau_drm.h
+++ b/drivers/gpu/drm/nouveau/nouveau_drm.h
-@@ -81,7 +81,7 @@ struct nouveau_drm {
+@@ -92,7 +92,7 @@ struct nouveau_drm {
struct drm_global_reference mem_global_ref;
struct ttm_bo_global_ref bo_global_ref;
struct ttm_bo_device bdev;
@@ -35979,6 +37930,71 @@ index 25d3495..d81aaf6 100644
spin_unlock(&dev->count_lock);
return can_switch;
}
+diff --git a/drivers/gpu/drm/qxl/qxl_ttm.c b/drivers/gpu/drm/qxl/qxl_ttm.c
+index 489cb8c..0b8d0d3 100644
+--- a/drivers/gpu/drm/qxl/qxl_ttm.c
++++ b/drivers/gpu/drm/qxl/qxl_ttm.c
+@@ -103,7 +103,7 @@ static void qxl_ttm_global_fini(struct qxl_device *qdev)
+ }
+ }
+
+-static struct vm_operations_struct qxl_ttm_vm_ops;
++static vm_operations_struct_no_const qxl_ttm_vm_ops __read_only;
+ static const struct vm_operations_struct *ttm_vm_ops;
+
+ static int qxl_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
+@@ -147,8 +147,10 @@ int qxl_mmap(struct file *filp, struct vm_area_struct *vma)
+ return r;
+ if (unlikely(ttm_vm_ops == NULL)) {
+ ttm_vm_ops = vma->vm_ops;
++ pax_open_kernel();
+ qxl_ttm_vm_ops = *ttm_vm_ops;
+ qxl_ttm_vm_ops.fault = &qxl_ttm_fault;
++ pax_close_kernel();
+ }
+ vma->vm_ops = &qxl_ttm_vm_ops;
+ return 0;
+@@ -556,25 +558,23 @@ static int qxl_mm_dump_table(struct seq_file *m, void *data)
+ static int qxl_ttm_debugfs_init(struct qxl_device *qdev)
+ {
+ #if defined(CONFIG_DEBUG_FS)
+- static struct drm_info_list qxl_mem_types_list[QXL_DEBUGFS_MEM_TYPES];
+- static char qxl_mem_types_names[QXL_DEBUGFS_MEM_TYPES][32];
+- unsigned i;
++ static struct drm_info_list qxl_mem_types_list[QXL_DEBUGFS_MEM_TYPES] = {
++ {
++ .name = "qxl_mem_mm",
++ .show = &qxl_mm_dump_table,
++ },
++ {
++ .name = "qxl_surf_mm",
++ .show = &qxl_mm_dump_table,
++ }
++ };
+
+- for (i = 0; i < QXL_DEBUGFS_MEM_TYPES; i++) {
+- if (i == 0)
+- sprintf(qxl_mem_types_names[i], "qxl_mem_mm");
+- else
+- sprintf(qxl_mem_types_names[i], "qxl_surf_mm");
+- qxl_mem_types_list[i].name = qxl_mem_types_names[i];
+- qxl_mem_types_list[i].show = &qxl_mm_dump_table;
+- qxl_mem_types_list[i].driver_features = 0;
+- if (i == 0)
+- qxl_mem_types_list[i].data = qdev->mman.bdev.man[TTM_PL_VRAM].priv;
+- else
+- qxl_mem_types_list[i].data = qdev->mman.bdev.man[TTM_PL_PRIV0].priv;
++ pax_open_kernel();
++ *(void **)&qxl_mem_types_list[0].data = qdev->mman.bdev.man[TTM_PL_VRAM].priv;
++ *(void **)&qxl_mem_types_list[1].data = qdev->mman.bdev.man[TTM_PL_PRIV0].priv;
++ pax_close_kernel();
+
+- }
+- return qxl_debugfs_add_files(qdev, qxl_mem_types_list, i);
++ return qxl_debugfs_add_files(qdev, qxl_mem_types_list, QXL_DEBUGFS_MEM_TYPES);
+ #else
+ return 0;
+ #endif
diff --git a/drivers/gpu/drm/r128/r128_cce.c b/drivers/gpu/drm/r128/r128_cce.c
index d4660cf..70dbe65 100644
--- a/drivers/gpu/drm/r128/r128_cce.c
@@ -36109,10 +38125,10 @@ index 5a82b6b..9e69c73 100644
if (regcomp
(&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) {
diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c
-index 5073665..31d15a6 100644
+index b0dc0b6..a9bfe9c 100644
--- a/drivers/gpu/drm/radeon/radeon_device.c
+++ b/drivers/gpu/drm/radeon/radeon_device.c
-@@ -976,7 +976,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
+@@ -1014,7 +1014,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev)
bool can_switch;
spin_lock(&dev->count_lock);
@@ -36225,7 +38241,7 @@ index 4d20910..6726b6d 100644
DRM_DEBUG("pid=%d\n", DRM_CURRENTPID);
diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c
-index 6c0ce89..66f6d65 100644
+index 6c0ce89..57a2529 100644
--- a/drivers/gpu/drm/radeon/radeon_ttm.c
+++ b/drivers/gpu/drm/radeon/radeon_ttm.c
@@ -782,7 +782,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size)
@@ -36248,59 +38264,74 @@ index 6c0ce89..66f6d65 100644
}
vma->vm_ops = &radeon_ttm_vm_ops;
return 0;
-@@ -862,28 +864,33 @@ static int radeon_ttm_debugfs_init(struct radeon_device *rdev)
- sprintf(radeon_mem_types_names[i], "radeon_vram_mm");
- else
- sprintf(radeon_mem_types_names[i], "radeon_gtt_mm");
+@@ -853,38 +855,33 @@ static int radeon_mm_dump_table(struct seq_file *m, void *data)
+ static int radeon_ttm_debugfs_init(struct radeon_device *rdev)
+ {
+ #if defined(CONFIG_DEBUG_FS)
+- static struct drm_info_list radeon_mem_types_list[RADEON_DEBUGFS_MEM_TYPES+2];
+- static char radeon_mem_types_names[RADEON_DEBUGFS_MEM_TYPES+2][32];
++ static struct drm_info_list radeon_mem_types_list[RADEON_DEBUGFS_MEM_TYPES+2] = {
++ {
++ .name = "radeon_vram_mm",
++ .show = &radeon_mm_dump_table,
++ },
++ {
++ .name = "radeon_gtt_mm",
++ .show = &radeon_mm_dump_table,
++ },
++ {
++ .name = "ttm_page_pool",
++ .show = &ttm_page_alloc_debugfs,
++ },
++ {
++ .name = "ttm_dma_page_pool",
++ .show = &ttm_dma_page_alloc_debugfs,
++ },
++ };
+ unsigned i;
+
+- for (i = 0; i < RADEON_DEBUGFS_MEM_TYPES; i++) {
+- if (i == 0)
+- sprintf(radeon_mem_types_names[i], "radeon_vram_mm");
+- else
+- sprintf(radeon_mem_types_names[i], "radeon_gtt_mm");
- radeon_mem_types_list[i].name = radeon_mem_types_names[i];
- radeon_mem_types_list[i].show = &radeon_mm_dump_table;
- radeon_mem_types_list[i].driver_features = 0;
-+ pax_open_kernel();
-+ *(const char **)&radeon_mem_types_list[i].name = radeon_mem_types_names[i];
-+ *(void **)&radeon_mem_types_list[i].show = &radeon_mm_dump_table;
-+ *(u32 *)&radeon_mem_types_list[i].driver_features = 0;
- if (i == 0)
+- if (i == 0)
- radeon_mem_types_list[i].data = rdev->mman.bdev.man[TTM_PL_VRAM].priv;
-+ *(void **)&radeon_mem_types_list[i].data = rdev->mman.bdev.man[TTM_PL_VRAM].priv;
- else
+- else
- radeon_mem_types_list[i].data = rdev->mman.bdev.man[TTM_PL_TT].priv;
-
-+ *(void **)&radeon_mem_types_list[i].data = rdev->mman.bdev.man[TTM_PL_TT].priv;
-+ pax_close_kernel();
- }
- /* Add ttm page pool to debugfs */
- sprintf(radeon_mem_types_names[i], "ttm_page_pool");
+- }
+- /* Add ttm page pool to debugfs */
+- sprintf(radeon_mem_types_names[i], "ttm_page_pool");
- radeon_mem_types_list[i].name = radeon_mem_types_names[i];
- radeon_mem_types_list[i].show = &ttm_page_alloc_debugfs;
- radeon_mem_types_list[i].driver_features = 0;
- radeon_mem_types_list[i++].data = NULL;
+ pax_open_kernel();
-+ *(const char **)&radeon_mem_types_list[i].name = radeon_mem_types_names[i];
-+ *(void **)&radeon_mem_types_list[i].show = &ttm_page_alloc_debugfs;
-+ *(u32 *)&radeon_mem_types_list[i].driver_features = 0;
-+ *(void **)&radeon_mem_types_list[i++].data = NULL;
++ *(void **)&radeon_mem_types_list[0].data = rdev->mman.bdev.man[TTM_PL_VRAM].priv;
++ *(void **)&radeon_mem_types_list[1].data = rdev->mman.bdev.man[TTM_PL_TT].priv;
+ pax_close_kernel();
#ifdef CONFIG_SWIOTLB
- if (swiotlb_nr_tbl()) {
- sprintf(radeon_mem_types_names[i], "ttm_dma_page_pool");
+- if (swiotlb_nr_tbl()) {
+- sprintf(radeon_mem_types_names[i], "ttm_dma_page_pool");
- radeon_mem_types_list[i].name = radeon_mem_types_names[i];
- radeon_mem_types_list[i].show = &ttm_dma_page_alloc_debugfs;
- radeon_mem_types_list[i].driver_features = 0;
- radeon_mem_types_list[i++].data = NULL;
-+ pax_open_kernel();
-+ *(const char **)&radeon_mem_types_list[i].name = radeon_mem_types_names[i];
-+ *(void **)&radeon_mem_types_list[i].show = &ttm_dma_page_alloc_debugfs;
-+ *(u32 *)&radeon_mem_types_list[i].driver_features = 0;
-+ *(void **)&radeon_mem_types_list[i++].data = NULL;
-+ pax_close_kernel();
- }
+- }
++ if (swiotlb_nr_tbl())
++ i++;
#endif
return radeon_debugfs_add_files(rdev, radeon_mem_types_list, i);
+
diff --git a/drivers/gpu/drm/radeon/rs690.c b/drivers/gpu/drm/radeon/rs690.c
-index fad6633..4ff94de 100644
+index 55880d5..9e95342 100644
--- a/drivers/gpu/drm/radeon/rs690.c
+++ b/drivers/gpu/drm/radeon/rs690.c
-@@ -304,9 +304,11 @@ static void rs690_crtc_bandwidth_compute(struct radeon_device *rdev,
+@@ -327,9 +327,11 @@ static void rs690_crtc_bandwidth_compute(struct radeon_device *rdev,
if (rdev->pm.max_bandwidth.full > rdev->pm.sideport_bandwidth.full &&
rdev->pm.sideport_bandwidth.full)
rdev->pm.max_bandwidth = rdev->pm.sideport_bandwidth;
@@ -36352,7 +38383,7 @@ index bd2a3b4..122d9ad 100644
int shrink_pages = sc->nr_to_scan;
diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c
-index 9f4be3d..cbc9fcc 100644
+index dc0c065..58a0782 100644
--- a/drivers/gpu/drm/udl/udl_fb.c
+++ b/drivers/gpu/drm/udl/udl_fb.c
@@ -367,7 +367,6 @@ static int udl_fb_release(struct fb_info *info, int user)
@@ -36569,11 +38600,24 @@ index 8a8725c2..afed796 100644
else {
marker = list_first_entry(&queue->head,
struct vmw_marker, head);
+diff --git a/drivers/gpu/host1x/drm/dc.c b/drivers/gpu/host1x/drm/dc.c
+index 8c04943..4370ed9 100644
+--- a/drivers/gpu/host1x/drm/dc.c
++++ b/drivers/gpu/host1x/drm/dc.c
+@@ -999,7 +999,7 @@ static int tegra_dc_debugfs_init(struct tegra_dc *dc, struct drm_minor *minor)
+ }
+
+ for (i = 0; i < ARRAY_SIZE(debugfs_files); i++)
+- dc->debugfs_files[i].data = dc;
++ *(void **)&dc->debugfs_files[i].data = dc;
+
+ err = drm_debugfs_create_files(dc->debugfs_files,
+ ARRAY_SIZE(debugfs_files),
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
-index e6dbf09..3dd2540 100644
+index 402f486..f862d7e 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
-@@ -2268,7 +2268,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
+@@ -2275,7 +2275,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
int hid_add_device(struct hid_device *hdev)
{
@@ -36582,7 +38626,7 @@ index e6dbf09..3dd2540 100644
int ret;
if (WARN_ON(hdev->status & HID_STAT_ADDED))
-@@ -2302,7 +2302,7 @@ int hid_add_device(struct hid_device *hdev)
+@@ -2309,7 +2309,7 @@ int hid_add_device(struct hid_device *hdev)
/* XXX hack, any other cleaner solution after the driver core
* is converted to allow more than 20 bytes as the device name? */
dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
@@ -36620,7 +38664,7 @@ index 0b122f8..b1d8160 100644
ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount);
if (ret)
diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c
-index 7311589..861e9ef 100644
+index ae49237..380d4c9 100644
--- a/drivers/hv/hv.c
+++ b/drivers/hv/hv.c
@@ -112,7 +112,7 @@ static u64 do_hypercall(u64 control, void *input, void *output)
@@ -36685,7 +38729,7 @@ index 6351aba..dc4aaf4 100644
int res = 0;
diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c
-index b41baff..4953e4d 100644
+index 62c2e32..8f2859a 100644
--- a/drivers/hwmon/applesmc.c
+++ b/drivers/hwmon/applesmc.c
@@ -1084,7 +1084,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num)
@@ -36726,10 +38770,10 @@ index b25c643..a13460d 100644
{
sysfs_attr_init(&attr->attr);
diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c
-index 3f1e297..a6cafb5 100644
+index 658ce3a..0d0c2f3 100644
--- a/drivers/hwmon/coretemp.c
+++ b/drivers/hwmon/coretemp.c
-@@ -791,7 +791,7 @@ static int __cpuinit coretemp_cpu_callback(struct notifier_block *nfb,
+@@ -790,7 +790,7 @@ static int __cpuinit coretemp_cpu_callback(struct notifier_block *nfb,
return NOTIFY_OK;
}
@@ -36739,10 +38783,10 @@ index 3f1e297..a6cafb5 100644
};
diff --git a/drivers/hwmon/ibmaem.c b/drivers/hwmon/ibmaem.c
-index a14f634..2916ee2 100644
+index 1429f6e..ee03d59 100644
--- a/drivers/hwmon/ibmaem.c
+++ b/drivers/hwmon/ibmaem.c
-@@ -925,7 +925,7 @@ static int aem_register_sensors(struct aem_data *data,
+@@ -926,7 +926,7 @@ static int aem_register_sensors(struct aem_data *data,
struct aem_rw_sensor_template *rw)
{
struct device *dev = &data->pdev->dev;
@@ -36751,6 +38795,19 @@ index a14f634..2916ee2 100644
int err;
/* Set up read-only sensors */
+diff --git a/drivers/hwmon/iio_hwmon.c b/drivers/hwmon/iio_hwmon.c
+index 52b77af..aed1ddf 100644
+--- a/drivers/hwmon/iio_hwmon.c
++++ b/drivers/hwmon/iio_hwmon.c
+@@ -73,7 +73,7 @@ static int iio_hwmon_probe(struct platform_device *pdev)
+ {
+ struct device *dev = &pdev->dev;
+ struct iio_hwmon_state *st;
+- struct sensor_device_attribute *a;
++ sensor_device_attribute_no_const *a;
+ int ret, i;
+ int in_i = 1, temp_i = 1, curr_i = 1;
+ enum iio_chan_type type;
diff --git a/drivers/hwmon/pmbus/pmbus_core.c b/drivers/hwmon/pmbus/pmbus_core.c
index 9add6092..ee7ba3f 100644
--- a/drivers/hwmon/pmbus/pmbus_core.c
@@ -36866,7 +38923,7 @@ index 76f157b..9c0db1b 100644
};
diff --git a/drivers/i2c/busses/i2c-amd756-s4882.c b/drivers/i2c/busses/i2c-amd756-s4882.c
-index 378fcb5..5e91fa8 100644
+index 07f01ac..d79ad3d 100644
--- a/drivers/i2c/busses/i2c-amd756-s4882.c
+++ b/drivers/i2c/busses/i2c-amd756-s4882.c
@@ -43,7 +43,7 @@
@@ -36879,7 +38936,7 @@ index 378fcb5..5e91fa8 100644
/* Wrapper access functions for multiplexed SMBus */
static DEFINE_MUTEX(amd756_lock);
diff --git a/drivers/i2c/busses/i2c-nforce2-s4985.c b/drivers/i2c/busses/i2c-nforce2-s4985.c
-index 29015eb..af2d8e9 100644
+index 2ca268d..c6acbdf 100644
--- a/drivers/i2c/busses/i2c-nforce2-s4985.c
+++ b/drivers/i2c/busses/i2c-nforce2-s4985.c
@@ -41,7 +41,7 @@
@@ -36905,7 +38962,7 @@ index c3ccdea..5b3dc1a 100644
if (IS_ERR(rdwr_pa[i].buf)) {
res = PTR_ERR(rdwr_pa[i].buf);
diff --git a/drivers/ide/ide-cd.c b/drivers/ide/ide-cd.c
-index 8126824..55a2798 100644
+index 2ff6204..218c16e 100644
--- a/drivers/ide/ide-cd.c
+++ b/drivers/ide/ide-cd.c
@@ -768,7 +768,7 @@ static void cdrom_do_block_pc(ide_drive_t *drive, struct request *rq)
@@ -36918,7 +38975,7 @@ index 8126824..55a2798 100644
}
}
diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c
-index 8848f16..f8e6dd8 100644
+index e145931..08bfc59 100644
--- a/drivers/iio/industrialio-core.c
+++ b/drivers/iio/industrialio-core.c
@@ -506,7 +506,7 @@ static ssize_t iio_write_channel_info(struct device *dev,
@@ -37145,10 +39202,10 @@ index 9f5ad7c..588cd84 100644
}
}
diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c
-index 903a92d..9262548 100644
+index 4cb8eb2..146bf60 100644
--- a/drivers/infiniband/hw/cxgb4/mem.c
+++ b/drivers/infiniband/hw/cxgb4/mem.c
-@@ -122,7 +122,7 @@ static int write_tpt_entry(struct c4iw_rdev *rdev, u32 reset_tpt_entry,
+@@ -249,7 +249,7 @@ static int write_tpt_entry(struct c4iw_rdev *rdev, u32 reset_tpt_entry,
int err;
struct fw_ri_tpte tpt;
u32 stag_idx;
@@ -37157,7 +39214,7 @@ index 903a92d..9262548 100644
if (c4iw_fatal_error(rdev))
return -EIO;
-@@ -139,7 +139,7 @@ static int write_tpt_entry(struct c4iw_rdev *rdev, u32 reset_tpt_entry,
+@@ -266,7 +266,7 @@ static int write_tpt_entry(struct c4iw_rdev *rdev, u32 reset_tpt_entry,
if (rdev->stats.stag.cur > rdev->stats.stag.max)
rdev->stats.stag.max = rdev->stats.stag.cur;
mutex_unlock(&rdev->stats.lock);
@@ -37561,7 +39618,7 @@ index 4166452..fc952c3 100644
}
diff --git a/drivers/infiniband/hw/nes/nes_nic.c b/drivers/infiniband/hw/nes/nes_nic.c
-index 85cf4d1..05d8e71 100644
+index 49eb511..a774366 100644
--- a/drivers/infiniband/hw/nes/nes_nic.c
+++ b/drivers/infiniband/hw/nes/nes_nic.c
@@ -1273,39 +1273,39 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev,
@@ -37797,10 +39854,10 @@ index 25fc597..558bf3b3 100644
serio->dev.release = serio_release_port;
serio->dev.groups = serio_device_attr_groups;
diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c
-index b972d43..8943713 100644
+index d8f98b1..f62a640 100644
--- a/drivers/iommu/iommu.c
+++ b/drivers/iommu/iommu.c
-@@ -554,7 +554,7 @@ static struct notifier_block iommu_bus_nb = {
+@@ -583,7 +583,7 @@ static struct notifier_block iommu_bus_nb = {
static void iommu_bus_init(struct bus_type *bus, struct iommu_ops *ops)
{
bus_register_notifier(bus, &iommu_bus_nb);
@@ -37840,10 +39897,10 @@ index dcfea4e..f4226b2 100644
bool setup_remapped_irq(int irq, struct irq_cfg *cfg, struct irq_chip *chip)
diff --git a/drivers/irqchip/irq-gic.c b/drivers/irqchip/irq-gic.c
-index fc6aebf..762c5f5 100644
+index 19ceaa6..3625818 100644
--- a/drivers/irqchip/irq-gic.c
+++ b/drivers/irqchip/irq-gic.c
-@@ -83,7 +83,7 @@ static u8 gic_cpu_map[NR_GIC_CPU_IF] __read_mostly;
+@@ -84,7 +84,7 @@ static u8 gic_cpu_map[NR_GIC_CPU_IF] __read_mostly;
* Supported arch specific GIC irq extension.
* Default make them NULL.
*/
@@ -37852,7 +39909,7 @@ index fc6aebf..762c5f5 100644
.irq_eoi = NULL,
.irq_mask = NULL,
.irq_unmask = NULL,
-@@ -332,7 +332,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc)
+@@ -333,7 +333,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc)
chained_irq_exit(chip, desc);
}
@@ -37862,7 +39919,7 @@ index fc6aebf..762c5f5 100644
.irq_mask = gic_mask_irq,
.irq_unmask = gic_unmask_irq,
diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c
-index 89562a8..218999b 100644
+index ac6f72b..81150f2 100644
--- a/drivers/isdn/capi/capi.c
+++ b/drivers/isdn/capi/capi.c
@@ -81,8 +81,8 @@ struct capiminor {
@@ -37902,39 +39959,8 @@ index 89562a8..218999b 100644
capimsg_setu32(skb->data, 8, mp->ncci); /* NCCI */
capimsg_setu32(skb->data, 12, (u32)(long)skb->data);/* Data32 */
capimsg_setu16(skb->data, 16, len); /* Data length */
-diff --git a/drivers/isdn/capi/kcapi.c b/drivers/isdn/capi/kcapi.c
-index 9b1b274..c123709 100644
---- a/drivers/isdn/capi/kcapi.c
-+++ b/drivers/isdn/capi/kcapi.c
-@@ -93,7 +93,7 @@ capi_ctr_put(struct capi_ctr *ctr)
-
- static inline struct capi_ctr *get_capi_ctr_by_nr(u16 contr)
- {
-- if (contr - 1 >= CAPI_MAXCONTR)
-+ if (contr < 1 || contr - 1 >= CAPI_MAXCONTR)
- return NULL;
-
- return capi_controller[contr - 1];
-@@ -103,7 +103,7 @@ static inline struct capi20_appl *__get_capi_appl_by_nr(u16 applid)
- {
- lockdep_assert_held(&capi_controller_lock);
-
-- if (applid - 1 >= CAPI_MAXAPPL)
-+ if (applid < 1 || applid - 1 >= CAPI_MAXAPPL)
- return NULL;
-
- return capi_applications[applid - 1];
-@@ -111,7 +111,7 @@ static inline struct capi20_appl *__get_capi_appl_by_nr(u16 applid)
-
- static inline struct capi20_appl *get_capi_appl_by_nr(u16 applid)
- {
-- if (applid - 1 >= CAPI_MAXAPPL)
-+ if (applid < 1 || applid - 1 >= CAPI_MAXAPPL)
- return NULL;
-
- return rcu_dereference(capi_applications[applid - 1]);
diff --git a/drivers/isdn/gigaset/interface.c b/drivers/isdn/gigaset/interface.c
-index e2b5396..c5486dc 100644
+index 600c79b..3752bab 100644
--- a/drivers/isdn/gigaset/interface.c
+++ b/drivers/isdn/gigaset/interface.c
@@ -130,9 +130,9 @@ static int if_open(struct tty_struct *tty, struct file *filp)
@@ -37962,7 +39988,7 @@ index e2b5396..c5486dc 100644
mutex_unlock(&cs->mutex);
diff --git a/drivers/isdn/hardware/avm/b1.c b/drivers/isdn/hardware/avm/b1.c
-index 821f7ac..28d4030 100644
+index 4d9b195..455075c 100644
--- a/drivers/isdn/hardware/avm/b1.c
+++ b/drivers/isdn/hardware/avm/b1.c
@@ -176,7 +176,7 @@ int b1_load_t4file(avmcard *card, capiloaddatapart *t4file)
@@ -37984,10 +40010,10 @@ index 821f7ac..28d4030 100644
} else {
memcpy(buf, dp, left);
diff --git a/drivers/isdn/i4l/isdn_tty.c b/drivers/isdn/i4l/isdn_tty.c
-index ebaebdf..acd4405 100644
+index 3c5f249..5fac4d0 100644
--- a/drivers/isdn/i4l/isdn_tty.c
+++ b/drivers/isdn/i4l/isdn_tty.c
-@@ -1511,9 +1511,9 @@ isdn_tty_open(struct tty_struct *tty, struct file *filp)
+@@ -1508,9 +1508,9 @@ isdn_tty_open(struct tty_struct *tty, struct file *filp)
#ifdef ISDN_DEBUG_MODEM_OPEN
printk(KERN_DEBUG "isdn_tty_open %s, count = %d\n", tty->name,
@@ -37999,7 +40025,7 @@ index ebaebdf..acd4405 100644
port->tty = tty;
/*
* Start up serial port
-@@ -1557,7 +1557,7 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp)
+@@ -1554,7 +1554,7 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp)
#endif
return;
}
@@ -38008,7 +40034,7 @@ index ebaebdf..acd4405 100644
/*
* Uh, oh. tty->count is 1, which means that the tty
* structure will be freed. Info->count should always
-@@ -1566,15 +1566,15 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp)
+@@ -1563,15 +1563,15 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp)
* serial port won't be shutdown.
*/
printk(KERN_ERR "isdn_tty_close: bad port count; tty->count is 1, "
@@ -38030,7 +40056,7 @@ index ebaebdf..acd4405 100644
#ifdef ISDN_DEBUG_MODEM_OPEN
printk(KERN_DEBUG "isdn_tty_close after info->count != 0\n");
#endif
-@@ -1628,7 +1628,7 @@ isdn_tty_hangup(struct tty_struct *tty)
+@@ -1625,7 +1625,7 @@ isdn_tty_hangup(struct tty_struct *tty)
if (isdn_tty_paranoia_check(info, tty->name, "isdn_tty_hangup"))
return;
isdn_tty_shutdown(info);
@@ -38039,7 +40065,7 @@ index ebaebdf..acd4405 100644
port->flags &= ~ASYNC_NORMAL_ACTIVE;
port->tty = NULL;
wake_up_interruptible(&port->open_wait);
-@@ -1973,7 +1973,7 @@ isdn_tty_find_icall(int di, int ch, setup_parm *setup)
+@@ -1970,7 +1970,7 @@ isdn_tty_find_icall(int di, int ch, setup_parm *setup)
for (i = 0; i < ISDN_MAX_CHANNELS; i++) {
modem_info *info = &dev->mdm.info[i];
@@ -38088,28 +40114,28 @@ index 64e204e..c6bf189 100644
.callback = ss4200_led_dmi_callback,
.ident = "Intel SS4200-E",
diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c
-index a5ebc00..3de3364 100644
+index 0bf1e4e..b4bf44e 100644
--- a/drivers/lguest/core.c
+++ b/drivers/lguest/core.c
-@@ -92,9 +92,17 @@ static __init int map_switcher(void)
- * it's worked so far. The end address needs +1 because __get_vm_area
- * allocates an extra guard page, so we need space for that.
+@@ -97,9 +97,17 @@ static __init int map_switcher(void)
+ * The end address needs +1 because __get_vm_area allocates an
+ * extra guard page, so we need space for that.
*/
+
+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
+ switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE,
-+ VM_ALLOC | VM_KERNEXEC, SWITCHER_ADDR, SWITCHER_ADDR
++ VM_ALLOC | VM_KERNEXEC, switcher_addr, switcher_addr
+ + (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE);
+#else
switcher_vma = __get_vm_area(TOTAL_SWITCHER_PAGES * PAGE_SIZE,
- VM_ALLOC, SWITCHER_ADDR, SWITCHER_ADDR
+ VM_ALLOC, switcher_addr, switcher_addr
+ (TOTAL_SWITCHER_PAGES+1) * PAGE_SIZE);
+#endif
+
if (!switcher_vma) {
err = -ENOMEM;
printk("lguest: could not map switcher pages high\n");
-@@ -119,7 +127,7 @@ static __init int map_switcher(void)
+@@ -124,7 +132,7 @@ static __init int map_switcher(void)
* Now the Switcher is mapped at the right address, we can't fail!
* Copy in the compiled-in Switcher code (from x86/switcher_32.S).
*/
@@ -38119,10 +40145,10 @@ index a5ebc00..3de3364 100644
printk(KERN_INFO "lguest: mapped switcher at %p\n",
diff --git a/drivers/lguest/page_tables.c b/drivers/lguest/page_tables.c
-index 3b62be16..e33134a 100644
+index 5b9ac32..2ef4f26 100644
--- a/drivers/lguest/page_tables.c
+++ b/drivers/lguest/page_tables.c
-@@ -532,7 +532,7 @@ void pin_page(struct lg_cpu *cpu, unsigned long vaddr)
+@@ -559,7 +559,7 @@ void pin_page(struct lg_cpu *cpu, unsigned long vaddr)
/*:*/
#ifdef CONFIG_X86_PAE
@@ -38132,19 +40158,19 @@ index 3b62be16..e33134a 100644
/* If the entry's not present, there's nothing to release. */
if (pmd_flags(*spmd) & _PAGE_PRESENT) {
diff --git a/drivers/lguest/x86/core.c b/drivers/lguest/x86/core.c
-index 4af12e1..0e89afe 100644
+index f0a3347..f6608b2 100644
--- a/drivers/lguest/x86/core.c
+++ b/drivers/lguest/x86/core.c
@@ -59,7 +59,7 @@ static struct {
/* Offset from where switcher.S was compiled to where we've copied it */
static unsigned long switcher_offset(void)
{
-- return SWITCHER_ADDR - (unsigned long)start_switcher_text;
-+ return SWITCHER_ADDR - (unsigned long)ktla_ktva(start_switcher_text);
+- return switcher_addr - (unsigned long)start_switcher_text;
++ return switcher_addr - (unsigned long)ktla_ktva(start_switcher_text);
}
- /* This cpu's struct lguest_pages. */
-@@ -100,7 +100,13 @@ static void copy_in_guest_info(struct lg_cpu *cpu, struct lguest_pages *pages)
+ /* This cpu's struct lguest_pages (after the Switcher text page) */
+@@ -99,7 +99,13 @@ static void copy_in_guest_info(struct lg_cpu *cpu, struct lguest_pages *pages)
* These copies are pretty cheap, so we do them unconditionally: */
/* Save the current Host top-level page directory.
*/
@@ -38158,7 +40184,7 @@ index 4af12e1..0e89afe 100644
/*
* Set up the Guest's page tables to see this CPU's pages (and no
* other CPU's pages).
-@@ -476,7 +482,7 @@ void __init lguest_arch_host_init(void)
+@@ -475,7 +481,7 @@ void __init lguest_arch_host_init(void)
* compiled-in switcher code and the high-mapped copy we just made.
*/
for (i = 0; i < IDT_ENTRIES; i++)
@@ -38167,7 +40193,7 @@ index 4af12e1..0e89afe 100644
/*
* Set up the Switcher's per-cpu areas.
-@@ -559,7 +565,7 @@ void __init lguest_arch_host_init(void)
+@@ -558,7 +564,7 @@ void __init lguest_arch_host_init(void)
* it will be undisturbed when we switch. To change %cs and jump we
* need this structure to feed to Intel's "lcall" instruction.
*/
@@ -38238,8 +40264,21 @@ index 40634b0..4f5855e 100644
// Every interrupt can come to us here
// But we must truly tell each apart.
+diff --git a/drivers/md/bcache/closure.h b/drivers/md/bcache/closure.h
+index 0003992..854bbce 100644
+--- a/drivers/md/bcache/closure.h
++++ b/drivers/md/bcache/closure.h
+@@ -622,7 +622,7 @@ static inline void closure_wake_up(struct closure_waitlist *list)
+ static inline void set_closure_fn(struct closure *cl, closure_fn *fn,
+ struct workqueue_struct *wq)
+ {
+- BUG_ON(object_is_on_stack(cl));
++ BUG_ON(object_starts_on_stack(cl));
+ closure_set_ip(cl);
+ cl->fn = fn;
+ cl->wq = wq;
diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c
-index 4fd9d6a..834fa03 100644
+index 5a2c754..0fa55db 100644
--- a/drivers/md/bitmap.c
+++ b/drivers/md/bitmap.c
@@ -1779,7 +1779,7 @@ void bitmap_status(struct seq_file *seq, struct bitmap *bitmap)
@@ -38252,10 +40291,10 @@ index 4fd9d6a..834fa03 100644
seq_printf(seq, "\n");
diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
-index aa04f02..2a1309e 100644
+index 81a79b7..87a0f73 100644
--- a/drivers/md/dm-ioctl.c
+++ b/drivers/md/dm-ioctl.c
-@@ -1694,7 +1694,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param)
+@@ -1697,7 +1697,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param)
cmd == DM_LIST_VERSIONS_CMD)
return 0;
@@ -38265,7 +40304,7 @@ index aa04f02..2a1309e 100644
DMWARN("name not supplied when creating device");
return -EINVAL;
diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c
-index d053098..05cc375 100644
+index 699b5be..eac0a15 100644
--- a/drivers/md/dm-raid1.c
+++ b/drivers/md/dm-raid1.c
@@ -40,7 +40,7 @@ enum dm_raid1_error {
@@ -38341,7 +40380,7 @@ index d053098..05cc375 100644
return (test_bit(DM_RAID1_FLUSH_ERROR, &(m->error_type))) ? 'F' :
diff --git a/drivers/md/dm-stripe.c b/drivers/md/dm-stripe.c
-index 7b8b2b9..9c7d145 100644
+index d907ca6..cfb8384 100644
--- a/drivers/md/dm-stripe.c
+++ b/drivers/md/dm-stripe.c
@@ -20,7 +20,7 @@ struct stripe {
@@ -38396,7 +40435,7 @@ index 1ff252a..ee384c1 100644
"start=%llu, len=%llu, dev_size=%llu",
dm_device_name(ti->table->md), bdevname(bdev, b),
diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c
-index 00cee02..b89a29d 100644
+index 60bce43..9b997d0 100644
--- a/drivers/md/dm-thin-metadata.c
+++ b/drivers/md/dm-thin-metadata.c
@@ -397,7 +397,7 @@ static void __setup_btree_details(struct dm_pool_metadata *pmd)
@@ -38418,7 +40457,7 @@ index 00cee02..b89a29d 100644
pmd->bl_info.value_type.inc = data_block_inc;
pmd->bl_info.value_type.dec = data_block_dec;
diff --git a/drivers/md/dm.c b/drivers/md/dm.c
-index 9a0bdad..4df9543 100644
+index 33f2010..23fb84c 100644
--- a/drivers/md/dm.c
+++ b/drivers/md/dm.c
@@ -169,9 +169,9 @@ struct mapped_device {
@@ -38433,7 +40472,7 @@ index 9a0bdad..4df9543 100644
struct list_head uevent_list;
spinlock_t uevent_lock; /* Protect access to uevent_list */
-@@ -1879,8 +1879,8 @@ static struct mapped_device *alloc_dev(int minor)
+@@ -1884,8 +1884,8 @@ static struct mapped_device *alloc_dev(int minor)
rwlock_init(&md->map_lock);
atomic_set(&md->holders, 1);
atomic_set(&md->open_count, 0);
@@ -38444,7 +40483,7 @@ index 9a0bdad..4df9543 100644
INIT_LIST_HEAD(&md->uevent_list);
spin_lock_init(&md->uevent_lock);
-@@ -2028,7 +2028,7 @@ static void event_callback(void *context)
+@@ -2033,7 +2033,7 @@ static void event_callback(void *context)
dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj);
@@ -38453,7 +40492,7 @@ index 9a0bdad..4df9543 100644
wake_up(&md->eventq);
}
-@@ -2685,18 +2685,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
+@@ -2690,18 +2690,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action,
uint32_t dm_next_uevent_seq(struct mapped_device *md)
{
@@ -38476,10 +40515,10 @@ index 9a0bdad..4df9543 100644
void dm_uevent_add(struct mapped_device *md, struct list_head *elist)
diff --git a/drivers/md/md.c b/drivers/md/md.c
-index a4a93b9..4747b63 100644
+index 51f0345..c77810e 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
-@@ -240,10 +240,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio);
+@@ -234,10 +234,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio);
* start build, activate spare
*/
static DECLARE_WAIT_QUEUE_HEAD(md_event_waiters);
@@ -38492,7 +40531,7 @@ index a4a93b9..4747b63 100644
wake_up(&md_event_waiters);
}
EXPORT_SYMBOL_GPL(md_new_event);
-@@ -253,7 +253,7 @@ EXPORT_SYMBOL_GPL(md_new_event);
+@@ -247,7 +247,7 @@ EXPORT_SYMBOL_GPL(md_new_event);
*/
static void md_new_event_inintr(struct mddev *mddev)
{
@@ -38501,7 +40540,7 @@ index a4a93b9..4747b63 100644
wake_up(&md_event_waiters);
}
-@@ -1507,7 +1507,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_
+@@ -1501,7 +1501,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_
if ((le32_to_cpu(sb->feature_map) & MD_FEATURE_RESHAPE_ACTIVE) &&
(le32_to_cpu(sb->feature_map) & MD_FEATURE_NEW_OFFSET))
rdev->new_data_offset += (s32)le32_to_cpu(sb->new_offset);
@@ -38510,7 +40549,7 @@ index a4a93b9..4747b63 100644
rdev->sb_size = le32_to_cpu(sb->max_dev) * 2 + 256;
bmask = queue_logical_block_size(rdev->bdev->bd_disk->queue)-1;
-@@ -1751,7 +1751,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev)
+@@ -1745,7 +1745,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev)
else
sb->resync_offset = cpu_to_le64(0);
@@ -38519,7 +40558,7 @@ index a4a93b9..4747b63 100644
sb->raid_disks = cpu_to_le32(mddev->raid_disks);
sb->size = cpu_to_le64(mddev->dev_sectors);
-@@ -2751,7 +2751,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store);
+@@ -2750,7 +2750,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store);
static ssize_t
errors_show(struct md_rdev *rdev, char *page)
{
@@ -38528,7 +40567,7 @@ index a4a93b9..4747b63 100644
}
static ssize_t
-@@ -2760,7 +2760,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len)
+@@ -2759,7 +2759,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len)
char *e;
unsigned long n = simple_strtoul(buf, &e, 10);
if (*buf && (*e == 0 || *e == '\n')) {
@@ -38537,7 +40576,7 @@ index a4a93b9..4747b63 100644
return len;
}
return -EINVAL;
-@@ -3210,8 +3210,8 @@ int md_rdev_init(struct md_rdev *rdev)
+@@ -3207,8 +3207,8 @@ int md_rdev_init(struct md_rdev *rdev)
rdev->sb_loaded = 0;
rdev->bb_page = NULL;
atomic_set(&rdev->nr_pending, 0);
@@ -38548,7 +40587,7 @@ index a4a93b9..4747b63 100644
INIT_LIST_HEAD(&rdev->same_set);
init_waitqueue_head(&rdev->blocked_wait);
-@@ -6994,7 +6994,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
+@@ -7009,7 +7009,7 @@ static int md_seq_show(struct seq_file *seq, void *v)
spin_unlock(&pers_lock);
seq_printf(seq, "\n");
@@ -38557,7 +40596,7 @@ index a4a93b9..4747b63 100644
return 0;
}
if (v == (void*)2) {
-@@ -7097,7 +7097,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
+@@ -7112,7 +7112,7 @@ static int md_seq_open(struct inode *inode, struct file *file)
return error;
seq = file->private_data;
@@ -38566,7 +40605,7 @@ index a4a93b9..4747b63 100644
return error;
}
-@@ -7111,7 +7111,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
+@@ -7126,7 +7126,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait)
/* always allow read */
mask = POLLIN | POLLRDNORM;
@@ -38575,7 +40614,7 @@ index a4a93b9..4747b63 100644
mask |= POLLERR | POLLPRI;
return mask;
}
-@@ -7155,7 +7155,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
+@@ -7170,7 +7170,7 @@ static int is_mddev_idle(struct mddev *mddev, int init)
struct gendisk *disk = rdev->bdev->bd_contains->bd_disk;
curr_events = (int)part_stat_read(&disk->part0, sectors[0]) +
(int)part_stat_read(&disk->part0, sectors[1]) -
@@ -38585,7 +40624,7 @@ index a4a93b9..4747b63 100644
* as sync_io is counted when a request starts, and
* disk_stats is counted when it completes.
diff --git a/drivers/md/md.h b/drivers/md/md.h
-index d90fb1a..4174a2b 100644
+index 653f992b6..6af6c40 100644
--- a/drivers/md/md.h
+++ b/drivers/md/md.h
@@ -94,13 +94,13 @@ struct md_rdev {
@@ -38614,22 +40653,22 @@ index d90fb1a..4174a2b 100644
struct md_personality
diff --git a/drivers/md/persistent-data/dm-space-map.h b/drivers/md/persistent-data/dm-space-map.h
-index 1cbfc6b..56e1dbb 100644
+index 3e6d115..ffecdeb 100644
--- a/drivers/md/persistent-data/dm-space-map.h
+++ b/drivers/md/persistent-data/dm-space-map.h
-@@ -60,6 +60,7 @@ struct dm_space_map {
- int (*root_size)(struct dm_space_map *sm, size_t *result);
- int (*copy_root)(struct dm_space_map *sm, void *copy_to_here_le, size_t len);
+@@ -71,6 +71,7 @@ struct dm_space_map {
+ dm_sm_threshold_fn fn,
+ void *context);
};
+typedef struct dm_space_map __no_const dm_space_map_no_const;
/*----------------------------------------------------------------*/
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index 7116798..c81390c 100644
+index 6f48244..7d29145 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
-@@ -1836,7 +1836,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
+@@ -1822,7 +1822,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
if (r1_sync_page_io(rdev, sect, s,
bio->bi_io_vec[idx].bv_page,
READ) != 0)
@@ -38638,7 +40677,7 @@ index 7116798..c81390c 100644
}
sectors -= s;
sect += s;
-@@ -2058,7 +2058,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
+@@ -2049,7 +2049,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
test_bit(In_sync, &rdev->flags)) {
if (r1_sync_page_io(rdev, sect, s,
conf->tmppage, READ)) {
@@ -38648,10 +40687,10 @@ index 7116798..c81390c 100644
"md/raid1:%s: read error corrected "
"(%d sectors at %llu on %s)\n",
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index e4ea992..d234520 100644
+index 081bb33..3c4b287 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
-@@ -1942,7 +1942,7 @@ static void end_sync_read(struct bio *bio, int error)
+@@ -1940,7 +1940,7 @@ static void end_sync_read(struct bio *bio, int error)
/* The write handler will notice the lack of
* R10BIO_Uptodate and record any errors etc
*/
@@ -38660,7 +40699,7 @@ index e4ea992..d234520 100644
&conf->mirrors[d].rdev->corrected_errors);
/* for reconstruct, we always reschedule after a read.
-@@ -2291,7 +2291,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -2298,7 +2298,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
{
struct timespec cur_time_mon;
unsigned long hours_since_last;
@@ -38669,7 +40708,7 @@ index e4ea992..d234520 100644
ktime_get_ts(&cur_time_mon);
-@@ -2313,9 +2313,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -2320,9 +2320,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
* overflowing the shift of read_errors by hours_since_last.
*/
if (hours_since_last >= 8 * sizeof(read_errors))
@@ -38681,7 +40720,7 @@ index e4ea992..d234520 100644
}
static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector,
-@@ -2369,8 +2369,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2376,8 +2376,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
return;
check_decay_read_errors(mddev, rdev);
@@ -38692,7 +40731,7 @@ index e4ea992..d234520 100644
char b[BDEVNAME_SIZE];
bdevname(rdev->bdev, b);
-@@ -2378,7 +2378,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2385,7 +2385,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
"md/raid10:%s: %s: Raid device exceeded "
"read_error threshold [cur %d:max %d]\n",
mdname(mddev), b,
@@ -38701,7 +40740,7 @@ index e4ea992..d234520 100644
printk(KERN_NOTICE
"md/raid10:%s: %s: Failing raid device\n",
mdname(mddev), b);
-@@ -2533,7 +2533,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2540,7 +2540,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
sect +
choose_data_offset(r10_bio, rdev)),
bdevname(rdev->bdev, b));
@@ -38711,10 +40750,10 @@ index e4ea992..d234520 100644
rdev_dec_pending(rdev, mddev);
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index 251ab64..ed23a18 100644
+index a35b846..e295c6d 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
-@@ -1763,21 +1763,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
+@@ -1764,21 +1764,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
mdname(conf->mddev), STRIPE_SECTORS,
(unsigned long long)s,
bdevname(rdev->bdev, b));
@@ -38740,7 +40779,7 @@ index 251ab64..ed23a18 100644
if (test_bit(R5_ReadRepl, &sh->dev[i].flags))
printk_ratelimited(
KERN_WARNING
-@@ -1805,7 +1805,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
+@@ -1806,7 +1806,7 @@ static void raid5_end_read_request(struct bio * bi, int error)
mdname(conf->mddev),
(unsigned long long)s,
bdn);
@@ -38776,7 +40815,7 @@ index 9b6c3bb..baeb5c7 100644
#if IS_ENABLED(CONFIG_DVB_DIB3000MB)
extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config,
diff --git a/drivers/media/pci/cx88/cx88-video.c b/drivers/media/pci/cx88/cx88-video.c
-index bc78354..42c9459 100644
+index c7a9be1..683f6f8 100644
--- a/drivers/media/pci/cx88/cx88-video.c
+++ b/drivers/media/pci/cx88/cx88-video.c
@@ -50,9 +50,9 @@ MODULE_VERSION(CX88_VERSION);
@@ -38792,22 +40831,8 @@ index bc78354..42c9459 100644
module_param_array(video_nr, int, NULL, 0444);
module_param_array(vbi_nr, int, NULL, 0444);
-diff --git a/drivers/media/pci/saa7134/saa7134-alsa.c b/drivers/media/pci/saa7134/saa7134-alsa.c
-index 10460fd..dbcdfbf 100644
---- a/drivers/media/pci/saa7134/saa7134-alsa.c
-+++ b/drivers/media/pci/saa7134/saa7134-alsa.c
-@@ -172,7 +172,9 @@ static void saa7134_irq_alsa_done(struct saa7134_dev *dev,
- dprintk("irq: overrun [full=%d/%d] - Blocks in %d\n",dev->dmasound.read_count,
- dev->dmasound.bufsize, dev->dmasound.blocks);
- spin_unlock(&dev->slock);
-+ snd_pcm_stream_lock(dev->dmasound.substream);
- snd_pcm_stop(dev->dmasound.substream,SNDRV_PCM_STATE_XRUN);
-+ snd_pcm_stream_unlock(dev->dmasound.substream);
- return;
- }
-
diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c
-index 96c4a17..1305a79 100644
+index d338b19..aae4f9e 100644
--- a/drivers/media/platform/omap/omap_vout.c
+++ b/drivers/media/platform/omap/omap_vout.c
@@ -63,7 +63,6 @@ enum omap_vout_channels {
@@ -38818,7 +40843,7 @@ index 96c4a17..1305a79 100644
/* Variables configurable through module params*/
static u32 video1_numbuffers = 3;
static u32 video2_numbuffers = 3;
-@@ -1012,6 +1011,12 @@ static int omap_vout_open(struct file *file)
+@@ -1015,6 +1014,12 @@ static int omap_vout_open(struct file *file)
{
struct videobuf_queue *q;
struct omap_vout_device *vout = NULL;
@@ -38831,7 +40856,7 @@ index 96c4a17..1305a79 100644
vout = video_drvdata(file);
v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__);
-@@ -1029,10 +1034,6 @@ static int omap_vout_open(struct file *file)
+@@ -1032,10 +1037,6 @@ static int omap_vout_open(struct file *file)
vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT;
q = &vout->vbq;
@@ -38882,7 +40907,7 @@ index b713403..53cb5ad 100644
if (done && done != layer->shadow_buf)
vb2_buffer_done(&done->vb, VB2_BUF_STATE_DONE);
diff --git a/drivers/media/platform/s5p-tv/mixer_video.c b/drivers/media/platform/s5p-tv/mixer_video.c
-index 82142a2..6de47e8 100644
+index ef0efdf..8c78eb6 100644
--- a/drivers/media/platform/s5p-tv/mixer_video.c
+++ b/drivers/media/platform/s5p-tv/mixer_video.c
@@ -209,7 +209,7 @@ static void mxr_layer_default_geo(struct mxr_layer *layer)
@@ -38936,7 +40961,7 @@ index 82142a2..6de47e8 100644
/* retrieve update selection rectangle */
res.left = target->x_offset;
-@@ -938,13 +938,13 @@ static int start_streaming(struct vb2_queue *vq, unsigned int count)
+@@ -954,13 +954,13 @@ static int start_streaming(struct vb2_queue *vq, unsigned int count)
mxr_output_get(mdev);
mxr_layer_update_output(layer);
@@ -38952,7 +40977,7 @@ index 82142a2..6de47e8 100644
mxr_streamer_get(mdev);
return 0;
-@@ -1014,7 +1014,7 @@ static int stop_streaming(struct vb2_queue *vq)
+@@ -1030,7 +1030,7 @@ static int stop_streaming(struct vb2_queue *vq)
spin_unlock_irqrestore(&layer->enq_slock, flags);
/* disabling layer in hardware */
@@ -38961,7 +40986,7 @@ index 82142a2..6de47e8 100644
/* remove one streamer */
mxr_streamer_put(mdev);
/* allow changes in output configuration */
-@@ -1053,8 +1053,8 @@ void mxr_base_layer_unregister(struct mxr_layer *layer)
+@@ -1069,8 +1069,8 @@ void mxr_base_layer_unregister(struct mxr_layer *layer)
void mxr_layer_release(struct mxr_layer *layer)
{
@@ -38972,7 +40997,7 @@ index 82142a2..6de47e8 100644
}
void mxr_base_layer_release(struct mxr_layer *layer)
-@@ -1080,7 +1080,7 @@ struct mxr_layer *mxr_base_layer_create(struct mxr_device *mdev,
+@@ -1096,7 +1096,7 @@ struct mxr_layer *mxr_base_layer_create(struct mxr_device *mdev,
layer->mdev = mdev;
layer->idx = idx;
@@ -38995,10 +41020,10 @@ index 3d13a63..da31bf1 100644
.buffer_set = mxr_vp_buffer_set,
.stream_set = mxr_vp_stream_set,
diff --git a/drivers/media/radio/radio-cadet.c b/drivers/media/radio/radio-cadet.c
-index 643d80a..56bb96b 100644
+index 545c04c..a14bded 100644
--- a/drivers/media/radio/radio-cadet.c
+++ b/drivers/media/radio/radio-cadet.c
-@@ -302,6 +302,8 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo
+@@ -324,6 +324,8 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo
unsigned char readbuf[RDS_BUFFER];
int i = 0;
@@ -39007,7 +41032,7 @@ index 643d80a..56bb96b 100644
mutex_lock(&dev->lock);
if (dev->rdsstat == 0)
cadet_start_rds(dev);
-@@ -317,7 +319,7 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo
+@@ -339,7 +341,7 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo
while (i < count && dev->rdsin != dev->rdsout)
readbuf[i++] = dev->rdsbuf[dev->rdsout++];
@@ -39030,10 +41055,10 @@ index 3940bb0..fb3952a 100644
static int dib7070_set_param_override(struct dvb_frontend *fe)
{
diff --git a/drivers/media/usb/dvb-usb/dw2102.c b/drivers/media/usb/dvb-usb/dw2102.c
-index 9578a67..31aa652 100644
+index 6e237b6..dc25556 100644
--- a/drivers/media/usb/dvb-usb/dw2102.c
+++ b/drivers/media/usb/dvb-usb/dw2102.c
-@@ -115,7 +115,7 @@ struct su3000_state {
+@@ -118,7 +118,7 @@ struct su3000_state {
struct s6x0_state {
int (*old_set_voltage)(struct dvb_frontend *f, fe_sec_voltage_t v);
@@ -39043,7 +41068,7 @@ index 9578a67..31aa652 100644
/* debug */
static int dvb_usb_dw2102_debug;
diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
-index 7157af3..139e91a 100644
+index f129551..ecf6514 100644
--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
+++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
@@ -326,7 +326,7 @@ struct v4l2_buffer32 {
@@ -39074,40 +41099,10 @@ index 7157af3..139e91a 100644
return 0;
}
diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c
-index aa6e7c7..cb5de87 100644
+index 7658586..1079260 100644
--- a/drivers/media/v4l2-core/v4l2-ioctl.c
+++ b/drivers/media/v4l2-core/v4l2-ioctl.c
-@@ -236,7 +236,7 @@ static void v4l_print_format(const void *arg, bool write_only)
- const struct v4l2_vbi_format *vbi;
- const struct v4l2_sliced_vbi_format *sliced;
- const struct v4l2_window *win;
-- const struct v4l2_clip *clip;
-+ const struct v4l2_clip __user *pclip;
- unsigned i;
-
- pr_cont("type=%s", prt_names(p->type, v4l2_type_names));
-@@ -284,12 +284,16 @@ static void v4l_print_format(const void *arg, bool write_only)
- win->w.left, win->w.top,
- prt_names(win->field, v4l2_field_names),
- win->chromakey, win->bitmap, win->global_alpha);
-- clip = win->clips;
-+ pclip = win->clips;
- for (i = 0; i < win->clipcount; i++) {
-+ struct v4l2_clip clip;
-+
-+ if (copy_from_user(&clip, pclip, sizeof clip))
-+ break;
- printk(KERN_DEBUG "clip %u: wxh=%dx%d, x,y=%d,%d\n",
-- i, clip->c.width, clip->c.height,
-- clip->c.left, clip->c.top);
-- clip = clip->next;
-+ i, clip.c.width, clip.c.height,
-+ clip.c.left, clip.c.top);
-+ pclip = clip.next;
- }
- break;
- case V4L2_BUF_TYPE_VBI_CAPTURE:
-@@ -1923,7 +1927,8 @@ struct v4l2_ioctl_info {
+@@ -1995,7 +1995,8 @@ struct v4l2_ioctl_info {
struct file *file, void *fh, void *p);
} u;
void (*debug)(const void *arg, bool write_only);
@@ -39117,7 +41112,7 @@ index aa6e7c7..cb5de87 100644
/* This control needs a priority check */
#define INFO_FL_PRIO (1 << 0)
-@@ -2108,7 +2113,7 @@ static long __video_do_ioctl(struct file *file,
+@@ -2177,7 +2178,7 @@ static long __video_do_ioctl(struct file *file,
struct video_device *vfd = video_devdata(file);
const struct v4l2_ioctl_ops *ops = vfd->ioctl_ops;
bool write_only = false;
@@ -39126,7 +41121,7 @@ index aa6e7c7..cb5de87 100644
const struct v4l2_ioctl_info *info;
void *fh = file->private_data;
struct v4l2_fh *vfh = NULL;
-@@ -2193,7 +2198,7 @@ done:
+@@ -2251,7 +2252,7 @@ done:
}
static int check_array_args(unsigned int cmd, void *parg, size_t *array_size,
@@ -39135,7 +41130,7 @@ index aa6e7c7..cb5de87 100644
{
int ret = 0;
-@@ -2209,7 +2214,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size,
+@@ -2267,7 +2268,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size,
ret = -EINVAL;
break;
}
@@ -39144,7 +41139,7 @@ index aa6e7c7..cb5de87 100644
*kernel_ptr = (void *)&buf->m.planes;
*array_size = sizeof(struct v4l2_plane) * buf->length;
ret = 1;
-@@ -2244,7 +2249,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size,
+@@ -2302,7 +2303,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size,
ret = -EINVAL;
break;
}
@@ -39154,7 +41149,7 @@ index aa6e7c7..cb5de87 100644
*array_size = sizeof(struct v4l2_ext_control)
* ctrls->count;
diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c
-index fb69baa..3aeea2e 100644
+index 767ff4d..c69d259 100644
--- a/drivers/message/fusion/mptbase.c
+++ b/drivers/message/fusion/mptbase.c
@@ -6755,8 +6755,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v)
@@ -39184,7 +41179,7 @@ index fb69baa..3aeea2e 100644
seq_printf(m, " {CurRepSz=%d} x {CurRepDepth=%d} = %d bytes ^= 0x%x\n",
ioc->reply_sz, ioc->reply_depth, ioc->reply_sz*ioc->reply_depth, sz);
diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c
-index fa43c39..daeb158 100644
+index dd239bd..689c4f7 100644
--- a/drivers/message/fusion/mptsas.c
+++ b/drivers/message/fusion/mptsas.c
@@ -446,6 +446,23 @@ mptsas_is_end_device(struct mptsas_devinfo * attached)
@@ -39236,7 +41231,7 @@ index fa43c39..daeb158 100644
mptsas_get_port(struct mptsas_phyinfo *phy_info)
{
diff --git a/drivers/message/fusion/mptscsih.c b/drivers/message/fusion/mptscsih.c
-index 164afa7..b6b2e74 100644
+index 727819c..ad74694 100644
--- a/drivers/message/fusion/mptscsih.c
+++ b/drivers/message/fusion/mptscsih.c
@@ -1271,15 +1271,16 @@ mptscsih_info(struct Scsi_Host *SChost)
@@ -39265,7 +41260,7 @@ index 164afa7..b6b2e74 100644
return h->info_kbuf;
}
diff --git a/drivers/message/i2o/i2o_proc.c b/drivers/message/i2o/i2o_proc.c
-index 8001aa6..b137580 100644
+index b7d87cd..9890039 100644
--- a/drivers/message/i2o/i2o_proc.c
+++ b/drivers/message/i2o/i2o_proc.c
@@ -255,12 +255,6 @@ static char *scsi_devices[] = {
@@ -39522,7 +41517,7 @@ index 36f5d52..32311c3 100644
if (memcmp(before, after, BREAK_INSTR_SIZE)) {
printk(KERN_CRIT "kgdbts: ERROR kgdb corrupted memory\n");
diff --git a/drivers/misc/lis3lv02d/lis3lv02d.c b/drivers/misc/lis3lv02d/lis3lv02d.c
-index 4a87e5c..76bdf5c 100644
+index 4cd4a3d..b48cbc7 100644
--- a/drivers/misc/lis3lv02d/lis3lv02d.c
+++ b/drivers/misc/lis3lv02d/lis3lv02d.c
@@ -498,7 +498,7 @@ static irqreturn_t lis302dl_interrupt(int irq, void *data)
@@ -39543,7 +41538,7 @@ index 4a87e5c..76bdf5c 100644
return 0;
}
-@@ -617,7 +617,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file, char __user *buf,
+@@ -616,7 +616,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file, char __user *buf,
add_wait_queue(&lis3->misc_wait, &wait);
while (true) {
set_current_state(TASK_INTERRUPTIBLE);
@@ -39552,7 +41547,7 @@ index 4a87e5c..76bdf5c 100644
if (data)
break;
-@@ -658,7 +658,7 @@ static unsigned int lis3lv02d_misc_poll(struct file *file, poll_table *wait)
+@@ -657,7 +657,7 @@ static unsigned int lis3lv02d_misc_poll(struct file *file, poll_table *wait)
struct lis3lv02d, miscdev);
poll_wait(file, &lis3->misc_wait, wait);
@@ -39590,7 +41585,7 @@ index 2f30bad..c4c13d0 100644
mcs_op_statistics[op].max = nsec;
}
diff --git a/drivers/misc/sgi-gru/gruprocfs.c b/drivers/misc/sgi-gru/gruprocfs.c
-index 950dbe9..eeef0f8 100644
+index 797d796..ae8f01e 100644
--- a/drivers/misc/sgi-gru/gruprocfs.c
+++ b/drivers/misc/sgi-gru/gruprocfs.c
@@ -32,9 +32,9 @@
@@ -39675,31 +41670,6 @@ index 5c3ce24..4915ccb 100644
- atomic_long_t flush_tlb_gru;
- atomic_long_t flush_tlb_gru_tgh;
- atomic_long_t flush_tlb_gru_zero_asid;
--
-- atomic_long_t copy_gpa;
-- atomic_long_t read_gpa;
--
-- atomic_long_t mesq_receive;
-- atomic_long_t mesq_receive_none;
-- atomic_long_t mesq_send;
-- atomic_long_t mesq_send_failed;
-- atomic_long_t mesq_noop;
-- atomic_long_t mesq_send_unexpected_error;
-- atomic_long_t mesq_send_lb_overflow;
-- atomic_long_t mesq_send_qlimit_reached;
-- atomic_long_t mesq_send_amo_nacked;
-- atomic_long_t mesq_send_put_nacked;
-- atomic_long_t mesq_page_overflow;
-- atomic_long_t mesq_qf_locked;
-- atomic_long_t mesq_qf_noop_not_full;
-- atomic_long_t mesq_qf_switch_head_failed;
-- atomic_long_t mesq_qf_unexpected_error;
-- atomic_long_t mesq_noop_unexpected_error;
-- atomic_long_t mesq_noop_lb_overflow;
-- atomic_long_t mesq_noop_qlimit_reached;
-- atomic_long_t mesq_noop_amo_nacked;
-- atomic_long_t mesq_noop_put_nacked;
-- atomic_long_t mesq_noop_page_overflow;
+ atomic_long_unchecked_t vdata_alloc;
+ atomic_long_unchecked_t vdata_free;
+ atomic_long_unchecked_t gts_alloc;
@@ -39751,10 +41721,33 @@ index 5c3ce24..4915ccb 100644
+ atomic_long_unchecked_t flush_tlb_gru;
+ atomic_long_unchecked_t flush_tlb_gru_tgh;
+ atomic_long_unchecked_t flush_tlb_gru_zero_asid;
-+
+
+- atomic_long_t copy_gpa;
+- atomic_long_t read_gpa;
+ atomic_long_unchecked_t copy_gpa;
+ atomic_long_unchecked_t read_gpa;
-+
+
+- atomic_long_t mesq_receive;
+- atomic_long_t mesq_receive_none;
+- atomic_long_t mesq_send;
+- atomic_long_t mesq_send_failed;
+- atomic_long_t mesq_noop;
+- atomic_long_t mesq_send_unexpected_error;
+- atomic_long_t mesq_send_lb_overflow;
+- atomic_long_t mesq_send_qlimit_reached;
+- atomic_long_t mesq_send_amo_nacked;
+- atomic_long_t mesq_send_put_nacked;
+- atomic_long_t mesq_page_overflow;
+- atomic_long_t mesq_qf_locked;
+- atomic_long_t mesq_qf_noop_not_full;
+- atomic_long_t mesq_qf_switch_head_failed;
+- atomic_long_t mesq_qf_unexpected_error;
+- atomic_long_t mesq_noop_unexpected_error;
+- atomic_long_t mesq_noop_lb_overflow;
+- atomic_long_t mesq_noop_qlimit_reached;
+- atomic_long_t mesq_noop_amo_nacked;
+- atomic_long_t mesq_noop_put_nacked;
+- atomic_long_t mesq_noop_page_overflow;
+ atomic_long_unchecked_t mesq_receive;
+ atomic_long_unchecked_t mesq_receive_none;
+ atomic_long_unchecked_t mesq_send;
@@ -39869,21 +41862,21 @@ index 49f04bc..65660c2 100644
/*
* dma onto stack is unsafe/nonportable, but callers to this
diff --git a/drivers/mmc/host/dw_mmc.h b/drivers/mmc/host/dw_mmc.h
-index 53b8fd9..615b462 100644
+index 0b74189..818358f 100644
--- a/drivers/mmc/host/dw_mmc.h
+++ b/drivers/mmc/host/dw_mmc.h
-@@ -205,5 +205,5 @@ struct dw_mci_drv_data {
+@@ -202,5 +202,5 @@ struct dw_mci_drv_data {
+ void (*prepare_command)(struct dw_mci *host, u32 *cmdr);
+ void (*set_ios)(struct dw_mci *host, struct mmc_ios *ios);
int (*parse_dt)(struct dw_mci *host);
- int (*setup_bus)(struct dw_mci *host,
- struct device_node *slot_np, u8 bus_width);
-};
+} __do_const;
#endif /* _DW_MMC_H_ */
diff --git a/drivers/mmc/host/sdhci-s3c.c b/drivers/mmc/host/sdhci-s3c.c
-index 7363efe..681558e 100644
+index c6f6246..60760a8 100644
--- a/drivers/mmc/host/sdhci-s3c.c
+++ b/drivers/mmc/host/sdhci-s3c.c
-@@ -720,9 +720,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev)
+@@ -664,9 +664,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev)
* we can use overriding functions instead of default.
*/
if (host->quirks & SDHCI_QUIRK_NONSTANDARD_CLOCK) {
@@ -39898,19 +41891,6 @@ index 7363efe..681558e 100644
}
/* It supports additional host capabilities if needed */
-diff --git a/drivers/mtd/devices/doc2000.c b/drivers/mtd/devices/doc2000.c
-index a4eb8b5..8c0628f 100644
---- a/drivers/mtd/devices/doc2000.c
-+++ b/drivers/mtd/devices/doc2000.c
-@@ -753,7 +753,7 @@ static int doc_write(struct mtd_info *mtd, loff_t to, size_t len,
-
- /* The ECC will not be calculated correctly if less than 512 is written */
- /* DBB-
-- if (len != 0x200 && eccbuf)
-+ if (len != 0x200)
- printk(KERN_WARNING
- "ECC needs a full sector write (adr: %lx size %lx)\n",
- (long) to, (long) len);
diff --git a/drivers/mtd/nand/denali.c b/drivers/mtd/nand/denali.c
index 0c8bb6b..6f35deb 100644
--- a/drivers/mtd/nand/denali.c
@@ -39936,7 +41916,7 @@ index 51b9d6a..52af9a7 100644
#include <linux/mtd/nand.h>
#include <linux/mtd/nftl.h>
diff --git a/drivers/mtd/sm_ftl.c b/drivers/mtd/sm_ftl.c
-index 8dd6ba5..419cc1d 100644
+index f9d5615..99dd95f 100644
--- a/drivers/mtd/sm_ftl.c
+++ b/drivers/mtd/sm_ftl.c
@@ -56,7 +56,7 @@ ssize_t sm_attr_show(struct device *dev, struct device_attribute *attr,
@@ -39949,10 +41929,10 @@ index 8dd6ba5..419cc1d 100644
struct sm_sysfs_attribute *vendor_attribute;
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
-index dbbea0e..3f4a0b1 100644
+index f975696..4597e21 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
-@@ -4822,7 +4822,7 @@ static unsigned int bond_get_num_tx_queues(void)
+@@ -4870,7 +4870,7 @@ static unsigned int bond_get_num_tx_queues(void)
return tx_queues;
}
@@ -39961,7 +41941,7 @@ index dbbea0e..3f4a0b1 100644
.kind = "bond",
.priv_size = sizeof(struct bonding),
.setup = bond_setup,
-@@ -4947,8 +4947,8 @@ static void __exit bonding_exit(void)
+@@ -4995,8 +4995,8 @@ static void __exit bonding_exit(void)
bond_destroy_debugfs();
@@ -39971,28 +41951,19 @@ index dbbea0e..3f4a0b1 100644
#ifdef CONFIG_NET_POLL_CONTROLLER
/*
-diff --git a/drivers/net/dummy.c b/drivers/net/dummy.c
-index 42aa54a..b710c6b 100644
---- a/drivers/net/dummy.c
-+++ b/drivers/net/dummy.c
-@@ -185,6 +185,8 @@ static int __init dummy_init_module(void)
-
- rtnl_lock();
- err = __rtnl_link_register(&dummy_link_ops);
-+ if (err < 0)
-+ goto out;
+diff --git a/drivers/net/can/usb/peak_usb/pcan_usb.c b/drivers/net/can/usb/peak_usb/pcan_usb.c
+index 25723d8..925ab8e 100644
+--- a/drivers/net/can/usb/peak_usb/pcan_usb.c
++++ b/drivers/net/can/usb/peak_usb/pcan_usb.c
+@@ -649,7 +649,7 @@ static int pcan_usb_decode_data(struct pcan_usb_msg_context *mc, u8 status_len)
+ if ((mc->ptr + rec_len) > mc->end)
+ goto decode_failed;
- for (i = 0; i < numdummies && !err; i++) {
- err = dummy_init_one();
-@@ -192,6 +194,8 @@ static int __init dummy_init_module(void)
+- memcpy(cf->data, mc->ptr, rec_len);
++ memcpy(cf->data, mc->ptr, cf->can_dlc);
+ mc->ptr += rec_len;
}
- if (err < 0)
- __rtnl_link_unregister(&dummy_link_ops);
-+
-+out:
- rtnl_unlock();
- return err;
diff --git a/drivers/net/ethernet/8390/ax88796.c b/drivers/net/ethernet/8390/ax88796.c
index e1d2643..7f4133b 100644
--- a/drivers/net/ethernet/8390/ax88796.c
@@ -40010,117 +41981,11 @@ index e1d2643..7f4133b 100644
}
if (!request_mem_region(mem->start, mem_size, pdev->name)) {
-diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
-index ac25f05..35c9d1a 100644
---- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
-+++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c
-@@ -1667,8 +1667,8 @@ check_sum:
- return 0;
- }
-
--static void atl1e_tx_map(struct atl1e_adapter *adapter,
-- struct sk_buff *skb, struct atl1e_tpd_desc *tpd)
-+static int atl1e_tx_map(struct atl1e_adapter *adapter,
-+ struct sk_buff *skb, struct atl1e_tpd_desc *tpd)
- {
- struct atl1e_tpd_desc *use_tpd = NULL;
- struct atl1e_tx_buffer *tx_buffer = NULL;
-@@ -1679,6 +1679,8 @@ static void atl1e_tx_map(struct atl1e_adapter *adapter,
- u16 nr_frags;
- u16 f;
- int segment;
-+ int ring_start = adapter->tx_ring.next_to_use;
-+ int ring_end;
-
- nr_frags = skb_shinfo(skb)->nr_frags;
- segment = (tpd->word3 >> TPD_SEGMENT_EN_SHIFT) & TPD_SEGMENT_EN_MASK;
-@@ -1691,6 +1693,9 @@ static void atl1e_tx_map(struct atl1e_adapter *adapter,
- tx_buffer->length = map_len;
- tx_buffer->dma = pci_map_single(adapter->pdev,
- skb->data, hdr_len, PCI_DMA_TODEVICE);
-+ if (dma_mapping_error(&adapter->pdev->dev, tx_buffer->dma))
-+ return -ENOSPC;
-+
- ATL1E_SET_PCIMAP_TYPE(tx_buffer, ATL1E_TX_PCIMAP_SINGLE);
- mapped_len += map_len;
- use_tpd->buffer_addr = cpu_to_le64(tx_buffer->dma);
-@@ -1717,6 +1722,22 @@ static void atl1e_tx_map(struct atl1e_adapter *adapter,
- tx_buffer->dma =
- pci_map_single(adapter->pdev, skb->data + mapped_len,
- map_len, PCI_DMA_TODEVICE);
-+
-+ if (dma_mapping_error(&adapter->pdev->dev, tx_buffer->dma)) {
-+ /* We need to unwind the mappings we've done */
-+ ring_end = adapter->tx_ring.next_to_use;
-+ adapter->tx_ring.next_to_use = ring_start;
-+ while (adapter->tx_ring.next_to_use != ring_end) {
-+ tpd = atl1e_get_tpd(adapter);
-+ tx_buffer = atl1e_get_tx_buffer(adapter, tpd);
-+ pci_unmap_single(adapter->pdev, tx_buffer->dma,
-+ tx_buffer->length, PCI_DMA_TODEVICE);
-+ }
-+ /* Reset the tx rings next pointer */
-+ adapter->tx_ring.next_to_use = ring_start;
-+ return -ENOSPC;
-+ }
-+
- ATL1E_SET_PCIMAP_TYPE(tx_buffer, ATL1E_TX_PCIMAP_SINGLE);
- mapped_len += map_len;
- use_tpd->buffer_addr = cpu_to_le64(tx_buffer->dma);
-@@ -1752,6 +1773,23 @@ static void atl1e_tx_map(struct atl1e_adapter *adapter,
- (i * MAX_TX_BUF_LEN),
- tx_buffer->length,
- DMA_TO_DEVICE);
-+
-+ if (dma_mapping_error(&adapter->pdev->dev, tx_buffer->dma)) {
-+ /* We need to unwind the mappings we've done */
-+ ring_end = adapter->tx_ring.next_to_use;
-+ adapter->tx_ring.next_to_use = ring_start;
-+ while (adapter->tx_ring.next_to_use != ring_end) {
-+ tpd = atl1e_get_tpd(adapter);
-+ tx_buffer = atl1e_get_tx_buffer(adapter, tpd);
-+ dma_unmap_page(&adapter->pdev->dev, tx_buffer->dma,
-+ tx_buffer->length, DMA_TO_DEVICE);
-+ }
-+
-+ /* Reset the ring next to use pointer */
-+ adapter->tx_ring.next_to_use = ring_start;
-+ return -ENOSPC;
-+ }
-+
- ATL1E_SET_PCIMAP_TYPE(tx_buffer, ATL1E_TX_PCIMAP_PAGE);
- use_tpd->buffer_addr = cpu_to_le64(tx_buffer->dma);
- use_tpd->word2 = (use_tpd->word2 & (~TPD_BUFLEN_MASK)) |
-@@ -1769,6 +1807,7 @@ static void atl1e_tx_map(struct atl1e_adapter *adapter,
- /* The last buffer info contain the skb address,
- so it will be free after unmap */
- tx_buffer->skb = skb;
-+ return 0;
- }
-
- static void atl1e_tx_queue(struct atl1e_adapter *adapter, u16 count,
-@@ -1836,10 +1875,15 @@ static netdev_tx_t atl1e_xmit_frame(struct sk_buff *skb,
- return NETDEV_TX_OK;
- }
-
-- atl1e_tx_map(adapter, skb, tpd);
-+ if (atl1e_tx_map(adapter, skb, tpd)) {
-+ dev_kfree_skb_any(skb);
-+ goto out;
-+ }
-+
- atl1e_tx_queue(adapter, tpd_req, tpd);
-
- netdev->trans_start = jiffies; /* NETIF_F_LLTX driver :( */
-+out:
- spin_unlock_irqrestore(&adapter->tx_lock, flags);
- return NETDEV_TX_OK;
- }
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h
-index aee7671..3ca2651 100644
+index 151675d..0139a9d 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h
-@@ -1093,7 +1093,7 @@ static inline u8 bnx2x_get_path_func_num(struct bnx2x *bp)
+@@ -1112,7 +1112,7 @@ static inline u8 bnx2x_get_path_func_num(struct bnx2x *bp)
static inline void bnx2x_init_bp_objs(struct bnx2x *bp)
{
/* RX_MODE controlling object */
@@ -40130,7 +41995,7 @@ index aee7671..3ca2651 100644
/* multicast configuration controlling object */
bnx2x_init_mcast_obj(bp, &bp->mcast_obj, bp->fp->cl_id, bp->fp->cid,
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c
-index edfa67a..d6c52ae 100644
+index ce1a916..10b52b0 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_ethtool.c
@@ -960,6 +960,9 @@ static int bnx2x_set_dump(struct net_device *dev, struct ethtool_dump *val)
@@ -40153,10 +42018,10 @@ index edfa67a..d6c52ae 100644
* cause false alarms by reading never written registers. We
* will re-enable parity attentions right after the dump.
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
-index c50696b..cf96f52 100644
+index b4c9dea..2a9927f 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c
-@@ -11394,6 +11394,8 @@ static int bnx2x_init_bp(struct bnx2x *bp)
+@@ -11497,6 +11497,8 @@ static int bnx2x_init_bp(struct bnx2x *bp)
bp->min_msix_vec_cnt = 2;
BNX2X_DEV_INFO("bp->min_msix_vec_cnt %d", bp->min_msix_vec_cnt);
@@ -40166,10 +42031,10 @@ index c50696b..cf96f52 100644
}
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c
-index 7306416..5fb7fb5 100644
+index 32a9609..0b1c53a 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c
-@@ -2381,15 +2381,14 @@ int bnx2x_config_rx_mode(struct bnx2x *bp,
+@@ -2387,15 +2387,14 @@ int bnx2x_config_rx_mode(struct bnx2x *bp,
return rc;
}
@@ -40191,10 +42056,10 @@ index 7306416..5fb7fb5 100644
}
diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h
-index ff90760..08d8aed 100644
+index 43c00bc..dd1d03d 100644
--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h
+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h
-@@ -1306,8 +1306,7 @@ int bnx2x_vlan_mac_move(struct bnx2x *bp,
+@@ -1321,8 +1321,7 @@ int bnx2x_vlan_mac_move(struct bnx2x *bp,
/********************* RX MODE ****************/
@@ -40205,7 +42070,7 @@ index ff90760..08d8aed 100644
/**
* bnx2x_config_rx_mode - Send and RX_MODE ramrod according to the provided parameters.
diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h
-index 25309bf..fcfd54c 100644
+index ff6e30e..87e8452 100644
--- a/drivers/net/ethernet/broadcom/tg3.h
+++ b/drivers/net/ethernet/broadcom/tg3.h
@@ -147,6 +147,7 @@
@@ -40216,24 +42081,11 @@ index 25309bf..fcfd54c 100644
#define CHIPREV_ID_5750_C2 0x4202
#define CHIPREV_ID_5752_A0_HW 0x5000
#define CHIPREV_ID_5752_A0 0x6000
-diff --git a/drivers/net/ethernet/brocade/bna/bnad_debugfs.c b/drivers/net/ethernet/brocade/bna/bnad_debugfs.c
-index 6e8bc9d..94d957d 100644
---- a/drivers/net/ethernet/brocade/bna/bnad_debugfs.c
-+++ b/drivers/net/ethernet/brocade/bna/bnad_debugfs.c
-@@ -244,7 +244,7 @@ bnad_debugfs_lseek(struct file *file, loff_t offset, int orig)
- file->f_pos += offset;
- break;
- case 2:
-- file->f_pos = debug->buffer_len - offset;
-+ file->f_pos = debug->buffer_len + offset;
- break;
- default:
- return -EINVAL;
diff --git a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c
-index 2b5e621..32187b8 100644
+index 71497e8..b650951 100644
--- a/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c
+++ b/drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c
-@@ -3036,7 +3036,9 @@ static void t3_io_resume(struct pci_dev *pdev)
+@@ -3037,7 +3037,9 @@ static void t3_io_resume(struct pci_dev *pdev)
CH_ALERT(adapter, "adapter recovering, PEX ERR 0x%x\n",
t3_read_reg(adapter, A_PCIE_PEX_ERR));
@@ -40279,10 +42131,10 @@ index 4c83003..2a2a5b9 100644
break;
}
diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c
-index 2886c9b..db71673 100644
+index 6e43426..1bd8365 100644
--- a/drivers/net/ethernet/emulex/benet/be_main.c
+++ b/drivers/net/ethernet/emulex/benet/be_main.c
-@@ -455,7 +455,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val)
+@@ -469,7 +469,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val)
if (wrapped)
newacc += 65536;
@@ -40290,9 +42142,9 @@ index 2886c9b..db71673 100644
+ ACCESS_ONCE_RW(*acc) = newacc;
}
- void be_parse_stats(struct be_adapter *adapter)
+ void populate_erx_stats(struct be_adapter *adapter,
diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethernet/faraday/ftgmac100.c
-index 7c361d1..57e3ff1 100644
+index 21b85fb..b49e5fc 100644
--- a/drivers/net/ethernet/faraday/ftgmac100.c
+++ b/drivers/net/ethernet/faraday/ftgmac100.c
@@ -31,6 +31,8 @@
@@ -40305,7 +42157,7 @@ index 7c361d1..57e3ff1 100644
#include "ftgmac100.h"
diff --git a/drivers/net/ethernet/faraday/ftmac100.c b/drivers/net/ethernet/faraday/ftmac100.c
-index b5ea8fb..bd25e9a 100644
+index a6eda8d..935d273 100644
--- a/drivers/net/ethernet/faraday/ftmac100.c
+++ b/drivers/net/ethernet/faraday/ftmac100.c
@@ -31,6 +31,8 @@
@@ -40356,11 +42208,11 @@ index fbe5363..266b4e3 100644
__vxge_hw_mempool_create(vpath->hldev,
fifo->config->memblock_size,
diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c
-index 5c033f2..7bbb0d8 100644
+index 5e7fb1d..f8d1810 100644
--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c
+++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_83xx_init.c
-@@ -1894,7 +1894,9 @@ int qlcnic_83xx_config_default_opmode(struct qlcnic_adapter *adapter)
- op_mode = QLCRDX(ahw, QLC_83XX_DRV_OP_MODE);
+@@ -1948,7 +1948,9 @@ int qlcnic_83xx_config_default_opmode(struct qlcnic_adapter *adapter)
+ op_mode = QLC_83XX_DEFAULT_OPMODE;
if (op_mode == QLC_83XX_DEFAULT_OPMODE) {
- adapter->nic_ops->init_driver = qlcnic_83xx_init_default_driver;
@@ -40399,11 +42251,54 @@ index b0c3de9..fc5857e 100644
} else {
return -EIO;
}
+diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ctx.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ctx.c
+index 6acf82b..14b097e 100644
+--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ctx.c
++++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_ctx.c
+@@ -206,10 +206,10 @@ int qlcnic_fw_cmd_set_drv_version(struct qlcnic_adapter *adapter)
+ if (err) {
+ dev_info(&adapter->pdev->dev,
+ "Failed to set driver version in firmware\n");
+- return -EIO;
++ err = -EIO;
+ }
+-
+- return 0;
++ qlcnic_free_mbx_args(&cmd);
++ return err;
+ }
+
+ int
+diff --git a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c
+index d3f8797..82a03d3 100644
+--- a/drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c
++++ b/drivers/net/ethernet/qlogic/qlcnic/qlcnic_io.c
+@@ -262,7 +262,7 @@ void qlcnic_82xx_change_filter(struct qlcnic_adapter *adapter, u64 *uaddr,
+
+ mac_req = (struct qlcnic_mac_req *)&(req->words[0]);
+ mac_req->op = vlan_id ? QLCNIC_MAC_VLAN_ADD : QLCNIC_MAC_ADD;
+- memcpy(mac_req->mac_addr, &uaddr, ETH_ALEN);
++ memcpy(mac_req->mac_addr, uaddr, ETH_ALEN);
+
+ vlan_req = (struct qlcnic_vlan_req *)&req->words[1];
+ vlan_req->vlan_id = cpu_to_le16(vlan_id);
+diff --git a/drivers/net/ethernet/realtek/8139cp.c b/drivers/net/ethernet/realtek/8139cp.c
+index 887aebe..9095ff9 100644
+--- a/drivers/net/ethernet/realtek/8139cp.c
++++ b/drivers/net/ethernet/realtek/8139cp.c
+@@ -524,6 +524,7 @@ rx_status_loop:
+ PCI_DMA_FROMDEVICE);
+ if (dma_mapping_error(&cp->pdev->dev, new_mapping)) {
+ dev->stats.rx_dropped++;
++ kfree_skb(new_skb);
+ goto rx_next;
+ }
+
diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c
-index 54fd2ef..33c8a4f 100644
+index 393f961..d343034 100644
--- a/drivers/net/ethernet/realtek/r8169.c
+++ b/drivers/net/ethernet/realtek/r8169.c
-@@ -740,22 +740,22 @@ struct rtl8169_private {
+@@ -753,22 +753,22 @@ struct rtl8169_private {
struct mdio_ops {
void (*write)(struct rtl8169_private *, int, int);
int (*read)(struct rtl8169_private *, int);
@@ -40430,66 +42325,11 @@ index 54fd2ef..33c8a4f 100644
int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv);
int (*get_settings)(struct net_device *, struct ethtool_cmd *);
-diff --git a/drivers/net/ethernet/renesas/sh_eth.c b/drivers/net/ethernet/renesas/sh_eth.c
-index 8791999..68caa85 100644
---- a/drivers/net/ethernet/renesas/sh_eth.c
-+++ b/drivers/net/ethernet/renesas/sh_eth.c
-@@ -172,8 +172,9 @@ static struct sh_eth_cpu_data sh_eth_my_cpu_data = {
- .rmcr_value = 0x00000001,
-
- .tx_check = EESR_FTC | EESR_CND | EESR_DLC | EESR_CD | EESR_RTO,
-- .eesr_err_check = EESR_TWB | EESR_TABT | EESR_RABT | EESR_RDE |
-- EESR_RFRMER | EESR_TFE | EESR_TDE | EESR_ECI,
-+ .eesr_err_check = EESR_TWB | EESR_TABT | EESR_RABT | EESR_RFE |
-+ EESR_RDE | EESR_RFRMER | EESR_TFE | EESR_TDE |
-+ EESR_ECI,
- .tx_error_check = EESR_TWB | EESR_TABT | EESR_TDE | EESR_TFE,
-
- .apr = 1,
-@@ -286,9 +287,9 @@ static struct sh_eth_cpu_data sh_eth_my_cpu_data_giga = {
- .eesipr_value = DMAC_M_RFRMER | DMAC_M_ECI | 0x003fffff,
-
- .tx_check = EESR_TC1 | EESR_FTC,
-- .eesr_err_check = EESR_TWB1 | EESR_TWB | EESR_TABT | EESR_RABT | \
-- EESR_RDE | EESR_RFRMER | EESR_TFE | EESR_TDE | \
-- EESR_ECI,
-+ .eesr_err_check = EESR_TWB1 | EESR_TWB | EESR_TABT | EESR_RABT |
-+ EESR_RFE | EESR_RDE | EESR_RFRMER | EESR_TFE |
-+ EESR_TDE | EESR_ECI,
- .tx_error_check = EESR_TWB1 | EESR_TWB | EESR_TABT | EESR_TDE | \
- EESR_TFE,
- .fdr_value = 0x0000072f,
-@@ -505,9 +506,9 @@ static struct sh_eth_cpu_data sh_eth_my_cpu_data = {
- .eesipr_value = DMAC_M_RFRMER | DMAC_M_ECI | 0x003fffff,
-
- .tx_check = EESR_TC1 | EESR_FTC,
-- .eesr_err_check = EESR_TWB1 | EESR_TWB | EESR_TABT | EESR_RABT | \
-- EESR_RDE | EESR_RFRMER | EESR_TFE | EESR_TDE | \
-- EESR_ECI,
-+ .eesr_err_check = EESR_TWB1 | EESR_TWB | EESR_TABT | EESR_RABT |
-+ EESR_RFE | EESR_RDE | EESR_RFRMER | EESR_TFE |
-+ EESR_TDE | EESR_ECI,
- .tx_error_check = EESR_TWB1 | EESR_TWB | EESR_TABT | EESR_TDE | \
- EESR_TFE,
-
-diff --git a/drivers/net/ethernet/renesas/sh_eth.h b/drivers/net/ethernet/renesas/sh_eth.h
-index 828be45..832be11 100644
---- a/drivers/net/ethernet/renesas/sh_eth.h
-+++ b/drivers/net/ethernet/renesas/sh_eth.h
-@@ -472,7 +472,7 @@ enum EESR_BIT {
-
- #define DEFAULT_TX_CHECK (EESR_FTC | EESR_CND | EESR_DLC | EESR_CD | \
- EESR_RTO)
--#define DEFAULT_EESR_ERR_CHECK (EESR_TWB | EESR_TABT | EESR_RABT | \
-+#define DEFAULT_EESR_ERR_CHECK (EESR_TWB | EESR_TABT | EESR_RABT | EESR_RFE | \
- EESR_RDE | EESR_RFRMER | EESR_ADE | \
- EESR_TFE | EESR_TDE | EESR_ECI)
- #define DEFAULT_TX_ERROR_CHECK (EESR_TWB | EESR_TABT | EESR_ADE | EESR_TDE | \
diff --git a/drivers/net/ethernet/sfc/ptp.c b/drivers/net/ethernet/sfc/ptp.c
-index 3f93624..cf01144 100644
+index 9a95abf..36df7f9 100644
--- a/drivers/net/ethernet/sfc/ptp.c
+++ b/drivers/net/ethernet/sfc/ptp.c
-@@ -553,7 +553,7 @@ static int efx_ptp_synchronize(struct efx_nic *efx, unsigned int num_readings)
+@@ -535,7 +535,7 @@ static int efx_ptp_synchronize(struct efx_nic *efx, unsigned int num_readings)
(u32)((u64)ptp->start.dma_addr >> 32));
/* Clear flag that signals MC ready */
@@ -40513,19 +42353,6 @@ index 50617c5..b13724c 100644
}
/* To mask all all interrupts.*/
-diff --git a/drivers/net/ethernet/sun/sunvnet.c b/drivers/net/ethernet/sun/sunvnet.c
-index 1df0ff3..3df5684 100644
---- a/drivers/net/ethernet/sun/sunvnet.c
-+++ b/drivers/net/ethernet/sun/sunvnet.c
-@@ -1239,6 +1239,8 @@ static int vnet_port_remove(struct vio_dev *vdev)
- dev_set_drvdata(&vdev->dev, NULL);
-
- kfree(port);
-+
-+ unregister_netdev(vp->dev);
- }
- return 0;
- }
diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h
index e6fe0d8..2b7d752 100644
--- a/drivers/net/hyperv/hyperv_net.h
@@ -40562,10 +42389,10 @@ index 0775f0a..d4fb316 100644
/* Ignore return since this msg is optional. */
rndis_filter_send_request(dev, request);
diff --git a/drivers/net/ieee802154/fakehard.c b/drivers/net/ieee802154/fakehard.c
-index 8f1c256..a2991d1 100644
+index bf0d55e..82bcfbd1 100644
--- a/drivers/net/ieee802154/fakehard.c
+++ b/drivers/net/ieee802154/fakehard.c
-@@ -385,7 +385,7 @@ static int ieee802154fake_probe(struct platform_device *pdev)
+@@ -364,7 +364,7 @@ static int ieee802154fake_probe(struct platform_device *pdev)
phy->transmit_power = 0xbf;
dev->netdev_ops = &fake_ops;
@@ -40574,34 +42401,11 @@ index 8f1c256..a2991d1 100644
priv = netdev_priv(dev);
priv->phy = phy;
-diff --git a/drivers/net/ifb.c b/drivers/net/ifb.c
-index 8216438..c51944d 100644
---- a/drivers/net/ifb.c
-+++ b/drivers/net/ifb.c
-@@ -290,11 +290,17 @@ static int __init ifb_init_module(void)
-
- rtnl_lock();
- err = __rtnl_link_register(&ifb_link_ops);
-+ if (err < 0)
-+ goto out;
-
-- for (i = 0; i < numifbs && !err; i++)
-+ for (i = 0; i < numifbs && !err; i++) {
- err = ifb_init_one(i);
-+ cond_resched();
-+ }
- if (err)
- __rtnl_link_unregister(&ifb_link_ops);
-+
-+out:
- rtnl_unlock();
-
- return err;
diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
-index 011062e..ada88e9 100644
+index 6e91931..2b0ebe7 100644
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
-@@ -892,13 +892,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
+@@ -905,13 +905,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = {
int macvlan_link_register(struct rtnl_link_ops *ops)
{
/* common fields */
@@ -40624,7 +42428,7 @@ index 011062e..ada88e9 100644
return rtnl_link_register(ops);
};
-@@ -954,7 +956,7 @@ static int macvlan_device_event(struct notifier_block *unused,
+@@ -967,7 +969,7 @@ static int macvlan_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
@@ -40634,121 +42438,10 @@ index 011062e..ada88e9 100644
};
diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c
-index acf6450..d880503 100644
+index 523d6b2..5e16aa1 100644
--- a/drivers/net/macvtap.c
+++ b/drivers/net/macvtap.c
-@@ -525,8 +525,10 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from,
- return -EMSGSIZE;
- num_pages = get_user_pages_fast(base, size, 0, &page[i]);
- if (num_pages != size) {
-- for (i = 0; i < num_pages; i++)
-- put_page(page[i]);
-+ int j;
-+
-+ for (j = 0; j < num_pages; j++)
-+ put_page(page[i + j]);
- return -EFAULT;
- }
- truesize = size * PAGE_SIZE;
-@@ -632,6 +634,28 @@ static int macvtap_skb_to_vnet_hdr(const struct sk_buff *skb,
- return 0;
- }
-
-+static unsigned long iov_pages(const struct iovec *iv, int offset,
-+ unsigned long nr_segs)
-+{
-+ unsigned long seg, base;
-+ int pages = 0, len, size;
-+
-+ while (nr_segs && (offset >= iv->iov_len)) {
-+ offset -= iv->iov_len;
-+ ++iv;
-+ --nr_segs;
-+ }
-+
-+ for (seg = 0; seg < nr_segs; seg++) {
-+ base = (unsigned long)iv[seg].iov_base + offset;
-+ len = iv[seg].iov_len - offset;
-+ size = ((base & ~PAGE_MASK) + len + ~PAGE_MASK) >> PAGE_SHIFT;
-+ pages += size;
-+ offset = 0;
-+ }
-+
-+ return pages;
-+}
-
- /* Get packet from user space buffer */
- static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
-@@ -647,6 +671,7 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
- int copylen = 0;
- bool zerocopy = false;
- struct flow_keys keys;
-+ size_t linear;
-
- if (q->flags & IFF_VNET_HDR) {
- vnet_hdr_len = q->vnet_hdr_sz;
-@@ -678,42 +703,35 @@ static ssize_t macvtap_get_user(struct macvtap_queue *q, struct msghdr *m,
- if (unlikely(count > UIO_MAXIOV))
- goto err;
-
-- if (m && m->msg_control && sock_flag(&q->sk, SOCK_ZEROCOPY))
-- zerocopy = true;
-+ if (m && m->msg_control && sock_flag(&q->sk, SOCK_ZEROCOPY)) {
-+ copylen = vnet_hdr.hdr_len ? vnet_hdr.hdr_len : GOODCOPY_LEN;
-+ linear = copylen;
-+ if (iov_pages(iv, vnet_hdr_len + copylen, count)
-+ <= MAX_SKB_FRAGS)
-+ zerocopy = true;
-+ }
-
-- if (zerocopy) {
-- /* Userspace may produce vectors with count greater than
-- * MAX_SKB_FRAGS, so we need to linearize parts of the skb
-- * to let the rest of data to be fit in the frags.
-- */
-- if (count > MAX_SKB_FRAGS) {
-- copylen = iov_length(iv, count - MAX_SKB_FRAGS);
-- if (copylen < vnet_hdr_len)
-- copylen = 0;
-- else
-- copylen -= vnet_hdr_len;
-- }
-- /* There are 256 bytes to be copied in skb, so there is enough
-- * room for skb expand head in case it is used.
-- * The rest buffer is mapped from userspace.
-- */
-- if (copylen < vnet_hdr.hdr_len)
-- copylen = vnet_hdr.hdr_len;
-- if (!copylen)
-- copylen = GOODCOPY_LEN;
-- } else
-+ if (!zerocopy) {
- copylen = len;
-+ linear = vnet_hdr.hdr_len;
-+ }
-
- skb = macvtap_alloc_skb(&q->sk, NET_IP_ALIGN, copylen,
-- vnet_hdr.hdr_len, noblock, &err);
-+ linear, noblock, &err);
- if (!skb)
- goto err;
-
- if (zerocopy)
- err = zerocopy_sg_from_iovec(skb, iv, vnet_hdr_len, count);
-- else
-+ else {
- err = skb_copy_datagram_from_iovec(skb, 0, iv, vnet_hdr_len,
- len);
-+ if (!err && m && m->msg_control) {
-+ struct ubuf_info *uarg = m->msg_control;
-+ uarg->callback(uarg, false);
-+ }
-+ }
-+
- if (err)
- goto err_kfree;
-
-@@ -1099,7 +1117,7 @@ static int macvtap_device_event(struct notifier_block *unused,
+@@ -1110,7 +1110,7 @@ static int macvtap_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
@@ -40805,10 +42498,10 @@ index 1252d9c..80e660b 100644
/* We've got a compressed packet; read the change byte */
diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c
-index 0017b67..ab8f595 100644
+index b305105..8ead6df 100644
--- a/drivers/net/team/team.c
+++ b/drivers/net/team/team.c
-@@ -2668,7 +2668,7 @@ static int team_device_event(struct notifier_block *unused,
+@@ -2682,7 +2682,7 @@ static int team_device_event(struct notifier_block *unused,
return NOTIFY_DONE;
}
@@ -40818,125 +42511,32 @@ index 0017b67..ab8f595 100644
};
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
-index 8ad822e..9bf0655 100644
+index 2491eb2..1a453eb 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
-@@ -1013,8 +1013,10 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from,
- return -EMSGSIZE;
- num_pages = get_user_pages_fast(base, size, 0, &page[i]);
- if (num_pages != size) {
-- for (i = 0; i < num_pages; i++)
-- put_page(page[i]);
-+ int j;
-+
-+ for (j = 0; j < num_pages; j++)
-+ put_page(page[i + j]);
- return -EFAULT;
- }
- truesize = size * PAGE_SIZE;
-@@ -1038,6 +1040,29 @@ static int zerocopy_sg_from_iovec(struct sk_buff *skb, const struct iovec *from,
- return 0;
- }
+@@ -1076,8 +1076,9 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile,
+ u32 rxhash;
-+static unsigned long iov_pages(const struct iovec *iv, int offset,
-+ unsigned long nr_segs)
-+{
-+ unsigned long seg, base;
-+ int pages = 0, len, size;
-+
-+ while (nr_segs && (offset >= iv->iov_len)) {
-+ offset -= iv->iov_len;
-+ ++iv;
-+ --nr_segs;
-+ }
-+
-+ for (seg = 0; seg < nr_segs; seg++) {
-+ base = (unsigned long)iv[seg].iov_base + offset;
-+ len = iv[seg].iov_len - offset;
-+ size = ((base & ~PAGE_MASK) + len + ~PAGE_MASK) >> PAGE_SHIFT;
-+ pages += size;
-+ offset = 0;
-+ }
-+
-+ return pages;
-+}
-+
- /* Get packet from user space buffer */
- static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile,
- void *msg_control, const struct iovec *iv,
-@@ -1045,7 +1070,7 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile,
- {
- struct tun_pi pi = { 0, cpu_to_be16(ETH_P_IP) };
- struct sk_buff *skb;
-- size_t len = total_len, align = NET_SKB_PAD;
-+ size_t len = total_len, align = NET_SKB_PAD, linear;
- struct virtio_net_hdr gso = { 0 };
- int offset = 0;
- int copylen;
-@@ -1086,34 +1111,23 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile,
+ if (!(tun->flags & TUN_NO_PI)) {
+- if ((len -= sizeof(pi)) > total_len)
++ if (len < sizeof(pi))
return -EINVAL;
- }
++ len -= sizeof(pi);
-- if (msg_control)
-- zerocopy = true;
--
-- if (zerocopy) {
-- /* Userspace may produce vectors with count greater than
-- * MAX_SKB_FRAGS, so we need to linearize parts of the skb
-- * to let the rest of data to be fit in the frags.
-- */
-- if (count > MAX_SKB_FRAGS) {
-- copylen = iov_length(iv, count - MAX_SKB_FRAGS);
-- if (copylen < offset)
-- copylen = 0;
-- else
-- copylen -= offset;
-- } else
-- copylen = 0;
-- /* There are 256 bytes to be copied in skb, so there is enough
-- * room for skb expand head in case it is used.
-+ if (msg_control) {
-+ /* There are 256 bytes to be copied in skb, so there is
-+ * enough room for skb expand head in case it is used.
- * The rest of the buffer is mapped from userspace.
- */
-- if (copylen < gso.hdr_len)
-- copylen = gso.hdr_len;
-- if (!copylen)
-- copylen = GOODCOPY_LEN;
-- } else
-+ copylen = gso.hdr_len ? gso.hdr_len : GOODCOPY_LEN;
-+ linear = copylen;
-+ if (iov_pages(iv, offset + copylen, count) <= MAX_SKB_FRAGS)
-+ zerocopy = true;
-+ }
-+
-+ if (!zerocopy) {
- copylen = len;
-+ linear = gso.hdr_len;
-+ }
-
-- skb = tun_alloc_skb(tfile, align, copylen, gso.hdr_len, noblock);
-+ skb = tun_alloc_skb(tfile, align, copylen, linear, noblock);
- if (IS_ERR(skb)) {
- if (PTR_ERR(skb) != -EAGAIN)
- tun->dev->stats.rx_dropped++;
-@@ -1122,8 +1136,13 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile,
+ if (memcpy_fromiovecend((void *)&pi, iv, 0, sizeof(pi)))
+ return -EFAULT;
+@@ -1085,8 +1086,9 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile,
+ }
- if (zerocopy)
- err = zerocopy_sg_from_iovec(skb, iv, offset, count);
-- else
-+ else {
- err = skb_copy_datagram_from_iovec(skb, 0, iv, offset, len);
-+ if (!err && msg_control) {
-+ struct ubuf_info *uarg = msg_control;
-+ uarg->callback(uarg, false);
-+ }
-+ }
+ if (tun->flags & TUN_VNET_HDR) {
+- if ((len -= tun->vnet_hdr_sz) > total_len)
++ if (len < tun->vnet_hdr_sz)
+ return -EINVAL;
++ len -= tun->vnet_hdr_sz;
- if (err) {
- tun->dev->stats.rx_dropped++;
-@@ -1859,7 +1878,7 @@ unlock:
+ if (memcpy_fromiovecend((void *)&gso, iv, offset, sizeof(gso)))
+ return -EFAULT;
+@@ -1869,7 +1871,7 @@ unlock:
}
static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
@@ -40945,7 +42545,7 @@ index 8ad822e..9bf0655 100644
{
struct tun_file *tfile = file->private_data;
struct tun_struct *tun;
-@@ -1871,6 +1890,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
+@@ -1881,6 +1883,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
int vnet_hdr_sz;
int ret;
@@ -40956,7 +42556,7 @@ index 8ad822e..9bf0655 100644
if (copy_from_user(&ifr, argp, ifreq_len))
return -EFAULT;
diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c
-index e2dd324..be92fcf 100644
+index cba1d46..f703766 100644
--- a/drivers/net/usb/hso.c
+++ b/drivers/net/usb/hso.c
@@ -71,7 +71,7 @@
@@ -41037,7 +42637,7 @@ index e2dd324..be92fcf 100644
/* Setup and send a ctrl req read on
* port i */
if (!serial->rx_urb_filled[0]) {
-@@ -3066,7 +3065,7 @@ static int hso_resume(struct usb_interface *iface)
+@@ -3057,7 +3056,7 @@ static int hso_resume(struct usb_interface *iface)
/* Start all serial ports */
for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) {
if (serial_table[i] && (serial_table[i]->interface == iface)) {
@@ -41047,10 +42647,10 @@ index e2dd324..be92fcf 100644
hso_start_serial_device(serial_table[i], GFP_NOIO);
hso_kick_transmit(dev2ser(serial_table[i]));
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
-index a4fe5f1..6c9e77f 100644
+index 57325f3..36b181f 100644
--- a/drivers/net/vxlan.c
+++ b/drivers/net/vxlan.c
-@@ -1454,7 +1454,7 @@ nla_put_failure:
+@@ -1579,7 +1579,7 @@ nla_put_failure:
return -EMSGSIZE;
}
@@ -41060,7 +42660,7 @@ index a4fe5f1..6c9e77f 100644
.maxtype = IFLA_VXLAN_MAX,
.policy = vxlan_policy,
diff --git a/drivers/net/wireless/at76c50x-usb.c b/drivers/net/wireless/at76c50x-usb.c
-index 5ac5f7a..5f82012 100644
+index 34c8a33..3261fdc 100644
--- a/drivers/net/wireless/at76c50x-usb.c
+++ b/drivers/net/wireless/at76c50x-usb.c
@@ -353,7 +353,7 @@ static int at76_dfu_get_state(struct usb_device *udev, u8 *state)
@@ -41278,10 +42878,10 @@ index 301bf72..3f5654f 100644
static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads)
diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h
-index 784e81c..349e01e 100644
+index ae30343..a117806 100644
--- a/drivers/net/wireless/ath/ath9k/hw.h
+++ b/drivers/net/wireless/ath/ath9k/hw.h
-@@ -653,7 +653,7 @@ struct ath_hw_private_ops {
+@@ -652,7 +652,7 @@ struct ath_hw_private_ops {
/* ANI */
void (*ani_cache_ini_regs)(struct ath_hw *ah);
@@ -41290,7 +42890,7 @@ index 784e81c..349e01e 100644
/**
* struct ath_spec_scan - parameters for Atheros spectral scan
-@@ -722,7 +722,7 @@ struct ath_hw_ops {
+@@ -721,7 +721,7 @@ struct ath_hw_ops {
struct ath_spec_scan *param);
void (*spectral_scan_trigger)(struct ath_hw *ah);
void (*spectral_scan_wait)(struct ath_hw *ah);
@@ -41300,7 +42900,7 @@ index 784e81c..349e01e 100644
struct ath_nf_limits {
s16 max;
diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c
-index c353b5f..62aaca2 100644
+index b37a582..680835d 100644
--- a/drivers/net/wireless/iwlegacy/3945-mac.c
+++ b/drivers/net/wireless/iwlegacy/3945-mac.c
@@ -3639,7 +3639,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent)
@@ -41315,7 +42915,7 @@ index c353b5f..62aaca2 100644
D_INFO("*** LOAD DRIVER ***\n");
diff --git a/drivers/net/wireless/iwlwifi/dvm/debugfs.c b/drivers/net/wireless/iwlwifi/dvm/debugfs.c
-index 81d4071..f2071ea 100644
+index d532948..e0d8bb1 100644
--- a/drivers/net/wireless/iwlwifi/dvm/debugfs.c
+++ b/drivers/net/wireless/iwlwifi/dvm/debugfs.c
@@ -203,7 +203,7 @@ static ssize_t iwl_dbgfs_sram_write(struct file *file,
@@ -41354,6 +42954,21 @@ index 81d4071..f2071ea 100644
int value;
memset(buf, 0, sizeof(buf));
+@@ -698,10 +698,10 @@ DEBUGFS_READ_FILE_OPS(temperature);
+ DEBUGFS_READ_WRITE_FILE_OPS(sleep_level_override);
+ DEBUGFS_READ_FILE_OPS(current_sleep_command);
+
+-static const char *fmt_value = " %-30s %10u\n";
+-static const char *fmt_hex = " %-30s 0x%02X\n";
+-static const char *fmt_table = " %-30s %10u %10u %10u %10u\n";
+-static const char *fmt_header =
++static const char fmt_value[] = " %-30s %10u\n";
++static const char fmt_hex[] = " %-30s 0x%02X\n";
++static const char fmt_table[] = " %-30s %10u %10u %10u %10u\n";
++static const char fmt_header[] =
+ "%-32s current cumulative delta max\n";
+
+ static int iwl_statistics_flag(struct iwl_priv *priv, char *buf, int bufsz)
@@ -1871,7 +1871,7 @@ static ssize_t iwl_dbgfs_clear_ucode_statistics_write(struct file *file,
{
struct iwl_priv *priv = file->private_data;
@@ -41417,7 +43032,7 @@ index 81d4071..f2071ea 100644
memset(buf, 0, sizeof(buf));
buf_size = min(count, sizeof(buf) - 1);
-@@ -2256,7 +2256,7 @@ static ssize_t iwl_dbgfs_log_event_write(struct file *file,
+@@ -2254,7 +2254,7 @@ static ssize_t iwl_dbgfs_log_event_write(struct file *file,
struct iwl_priv *priv = file->private_data;
u32 event_log_flag;
char buf[8];
@@ -41426,7 +43041,7 @@ index 81d4071..f2071ea 100644
/* check that the interface is up */
if (!iwl_is_ready(priv))
-@@ -2310,7 +2310,7 @@ static ssize_t iwl_dbgfs_calib_disabled_write(struct file *file,
+@@ -2308,7 +2308,7 @@ static ssize_t iwl_dbgfs_calib_disabled_write(struct file *file,
struct iwl_priv *priv = file->private_data;
char buf[8];
u32 calib_disabled;
@@ -41436,10 +43051,10 @@ index 81d4071..f2071ea 100644
memset(buf, 0, sizeof(buf));
buf_size = min(count, sizeof(buf) - 1);
diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c
-index 12c4f31..484d948 100644
+index 50ba0a4..29424e7 100644
--- a/drivers/net/wireless/iwlwifi/pcie/trans.c
+++ b/drivers/net/wireless/iwlwifi/pcie/trans.c
-@@ -1328,7 +1328,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
+@@ -1329,7 +1329,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
struct isr_statistics *isr_stats = &trans_pcie->isr_stats;
char buf[8];
@@ -41448,7 +43063,7 @@ index 12c4f31..484d948 100644
u32 reset_flag;
memset(buf, 0, sizeof(buf));
-@@ -1349,7 +1349,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
+@@ -1350,7 +1350,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
{
struct iwl_trans *trans = file->private_data;
char buf[8];
@@ -41458,10 +43073,10 @@ index 12c4f31..484d948 100644
memset(buf, 0, sizeof(buf));
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
-index 2b49f48..14fc244 100644
+index cb34c78..9fec0dc 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
-@@ -2143,25 +2143,19 @@ static int __init init_mac80211_hwsim(void)
+@@ -2195,25 +2195,19 @@ static int __init init_mac80211_hwsim(void)
if (channels > 1) {
hwsim_if_comb.num_different_channels = channels;
@@ -41500,48 +43115,8 @@ index 2b49f48..14fc244 100644
}
spin_lock_init(&hwsim_radio_lock);
-diff --git a/drivers/net/wireless/mwifiex/debugfs.c b/drivers/net/wireless/mwifiex/debugfs.c
-index 753b568..a5f9875 100644
---- a/drivers/net/wireless/mwifiex/debugfs.c
-+++ b/drivers/net/wireless/mwifiex/debugfs.c
-@@ -26,10 +26,17 @@
- static struct dentry *mwifiex_dfs_dir;
-
- static char *bss_modes[] = {
-- "Unknown",
-- "Ad-hoc",
-- "Managed",
-- "Auto"
-+ "UNSPECIFIED",
-+ "ADHOC",
-+ "STATION",
-+ "AP",
-+ "AP_VLAN",
-+ "WDS",
-+ "MONITOR",
-+ "MESH_POINT",
-+ "P2P_CLIENT",
-+ "P2P_GO",
-+ "P2P_DEVICE",
- };
-
- /* size/addr for mwifiex_debug_info */
-@@ -200,7 +207,12 @@ mwifiex_info_read(struct file *file, char __user *ubuf,
- p += sprintf(p, "driver_version = %s", fmt);
- p += sprintf(p, "\nverext = %s", priv->version_str);
- p += sprintf(p, "\ninterface_name=\"%s\"\n", netdev->name);
-- p += sprintf(p, "bss_mode=\"%s\"\n", bss_modes[info.bss_mode]);
-+
-+ if (info.bss_mode >= ARRAY_SIZE(bss_modes))
-+ p += sprintf(p, "bss_mode=\"%d\"\n", info.bss_mode);
-+ else
-+ p += sprintf(p, "bss_mode=\"%s\"\n", bss_modes[info.bss_mode]);
-+
- p += sprintf(p, "media_state=\"%s\"\n",
- (!priv->media_connected ? "Disconnected" : "Connected"));
- p += sprintf(p, "mac_address=\"%pM\"\n", netdev->dev_addr);
diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c
-index 525fd75..6c9f791 100644
+index 8169a85..7fa3b47 100644
--- a/drivers/net/wireless/rndis_wlan.c
+++ b/drivers/net/wireless/rndis_wlan.c
@@ -1238,7 +1238,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold)
@@ -41554,10 +43129,10 @@ index 525fd75..6c9f791 100644
tmp = cpu_to_le32(rts_threshold);
diff --git a/drivers/net/wireless/rt2x00/rt2x00.h b/drivers/net/wireless/rt2x00/rt2x00.h
-index 086abb4..8279c30 100644
+index 7510723..5ba37f5 100644
--- a/drivers/net/wireless/rt2x00/rt2x00.h
+++ b/drivers/net/wireless/rt2x00/rt2x00.h
-@@ -396,7 +396,7 @@ struct rt2x00_intf {
+@@ -386,7 +386,7 @@ struct rt2x00_intf {
* for hardware which doesn't support hardware
* sequence counting.
*/
@@ -41567,10 +43142,10 @@ index 086abb4..8279c30 100644
static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif)
diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c
-index 4d91795..62fccff 100644
+index d955741..8730748 100644
--- a/drivers/net/wireless/rt2x00/rt2x00queue.c
+++ b/drivers/net/wireless/rt2x00/rt2x00queue.c
-@@ -251,9 +251,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev,
+@@ -252,9 +252,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev,
* sequence counter given by mac80211.
*/
if (test_bit(ENTRY_TXD_FIRST_FRAGMENT, &txdesc->flags))
@@ -41583,10 +43158,10 @@ index 4d91795..62fccff 100644
hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
hdr->seq_ctrl |= cpu_to_le16(seqno);
diff --git a/drivers/net/wireless/ti/wl1251/sdio.c b/drivers/net/wireless/ti/wl1251/sdio.c
-index e57ee48..541cf6c 100644
+index e2b3d9c..67a5184 100644
--- a/drivers/net/wireless/ti/wl1251/sdio.c
+++ b/drivers/net/wireless/ti/wl1251/sdio.c
-@@ -269,13 +269,17 @@ static int wl1251_sdio_probe(struct sdio_func *func,
+@@ -271,13 +271,17 @@ static int wl1251_sdio_probe(struct sdio_func *func,
irq_set_irq_type(wl->irq, IRQ_TYPE_EDGE_RISING);
@@ -41609,7 +43184,7 @@ index e57ee48..541cf6c 100644
wl1251_info("using SDIO interrupt");
}
diff --git a/drivers/net/wireless/ti/wl12xx/main.c b/drivers/net/wireless/ti/wl12xx/main.c
-index 09694e3..24ccec7 100644
+index 1c627da..69f7d17 100644
--- a/drivers/net/wireless/ti/wl12xx/main.c
+++ b/drivers/net/wireless/ti/wl12xx/main.c
@@ -656,7 +656,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl)
@@ -41635,10 +43210,10 @@ index 09694e3..24ccec7 100644
wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER,
WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER,
diff --git a/drivers/net/wireless/ti/wl18xx/main.c b/drivers/net/wireless/ti/wl18xx/main.c
-index da3ef1b..4790b95 100644
+index 9fa692d..b31fee0 100644
--- a/drivers/net/wireless/ti/wl18xx/main.c
+++ b/drivers/net/wireless/ti/wl18xx/main.c
-@@ -1664,8 +1664,10 @@ static int wl18xx_setup(struct wl1271 *wl)
+@@ -1687,8 +1687,10 @@ static int wl18xx_setup(struct wl1271 *wl)
}
if (!checksum_param) {
@@ -41811,7 +43386,7 @@ index 93404f7..4a313d8 100644
};
diff --git a/drivers/parport/procfs.c b/drivers/parport/procfs.c
-index 3f56bc0..707d642 100644
+index 92ed045..62d39bd7 100644
--- a/drivers/parport/procfs.c
+++ b/drivers/parport/procfs.c
@@ -64,7 +64,7 @@ static int do_active_device(ctl_table *table, int write,
@@ -41942,10 +43517,10 @@ index 76ba8a1..20ca857 100644
/* initialize our int15 lock */
diff --git a/drivers/pci/hotplug/pci_hotplug_core.c b/drivers/pci/hotplug/pci_hotplug_core.c
-index 202f4a9..8ee47d0 100644
+index ec20f74..c1d961e 100644
--- a/drivers/pci/hotplug/pci_hotplug_core.c
+++ b/drivers/pci/hotplug/pci_hotplug_core.c
-@@ -448,8 +448,10 @@ int __pci_hp_register(struct hotplug_slot *slot, struct pci_bus *bus,
+@@ -441,8 +441,10 @@ int __pci_hp_register(struct hotplug_slot *slot, struct pci_bus *bus,
return -EINVAL;
}
@@ -41972,7 +43547,7 @@ index 7d72c5e..edce02c 100644
int retval = -ENOMEM;
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
-index 9c6e9bb..2916736 100644
+index 5b4a9d9..cd5ac1f 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -1071,7 +1071,7 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine)
@@ -42003,10 +43578,10 @@ index 9c6e9bb..2916736 100644
if (!sysfs_initialized)
return -EACCES;
diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h
-index 7346ee6..41520eb 100644
+index d1182c4..2a138ec 100644
--- a/drivers/pci/pci.h
+++ b/drivers/pci/pci.h
-@@ -93,7 +93,7 @@ struct pci_vpd_ops {
+@@ -92,7 +92,7 @@ struct pci_vpd_ops {
struct pci_vpd {
unsigned int len;
const struct pci_vpd_ops *ops;
@@ -42014,7 +43589,7 @@ index 7346ee6..41520eb 100644
+ bin_attribute_no_const *attr; /* descriptor for sysfs VPD entry */
};
- extern int pci_vpd_pci22_init(struct pci_dev *dev);
+ int pci_vpd_pci22_init(struct pci_dev *dev);
diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c
index d320df6..ca9a8f6 100644
--- a/drivers/pci/pcie/aspm.c
@@ -42033,7 +43608,7 @@ index d320df6..ca9a8f6 100644
#define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1)
diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c
-index 9c8b3bd..899c8fa 100644
+index ea37072..10e58e56 100644
--- a/drivers/pci/probe.c
+++ b/drivers/pci/probe.c
@@ -173,7 +173,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type,
@@ -42046,10 +43621,10 @@ index 9c8b3bd..899c8fa 100644
/* No printks while decoding is disabled! */
if (!dev->mmio_always_on) {
diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c
-index 0b00947..64f7c0a 100644
+index 0812608..b04018c4 100644
--- a/drivers/pci/proc.c
+++ b/drivers/pci/proc.c
-@@ -465,7 +465,16 @@ static const struct file_operations proc_bus_pci_dev_operations = {
+@@ -453,7 +453,16 @@ static const struct file_operations proc_bus_pci_dev_operations = {
static int __init pci_proc_init(void)
{
struct pci_dev *dev = NULL;
@@ -42105,10 +43680,10 @@ index 6b22938..bc9700e 100644
/* disable hardware control by fn key */
diff --git a/drivers/platform/x86/sony-laptop.c b/drivers/platform/x86/sony-laptop.c
-index 14d4dce..b129917 100644
+index 2ac045f..39c443d 100644
--- a/drivers/platform/x86/sony-laptop.c
+++ b/drivers/platform/x86/sony-laptop.c
-@@ -2465,7 +2465,7 @@ static void sony_nc_gfx_switch_cleanup(struct platform_device *pd)
+@@ -2483,7 +2483,7 @@ static void sony_nc_gfx_switch_cleanup(struct platform_device *pd)
}
/* High speed charging function */
@@ -42118,7 +43693,7 @@ index 14d4dce..b129917 100644
static ssize_t sony_nc_highspeed_charging_store(struct device *dev,
struct device_attribute *attr,
diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c
-index edec135..59a24a3 100644
+index 54d31c0..3f896d3 100644
--- a/drivers/platform/x86/thinkpad_acpi.c
+++ b/drivers/platform/x86/thinkpad_acpi.c
@@ -2093,7 +2093,7 @@ static int hotkey_mask_get(void)
@@ -42332,12 +43907,12 @@ index 3e6db1c..1fbbdae 100644
/* check if the resource is reserved */
diff --git a/drivers/power/pda_power.c b/drivers/power/pda_power.c
-index 7df7c5f..bd48c47 100644
+index 0c52e2a..3421ab7 100644
--- a/drivers/power/pda_power.c
+++ b/drivers/power/pda_power.c
@@ -37,7 +37,11 @@ static int polling;
- #ifdef CONFIG_USB_OTG_UTILS
+ #if IS_ENABLED(CONFIG_USB_PHY)
static struct usb_phy *transceiver;
-static struct notifier_block otg_nb;
+static int otg_handle_notification(struct notifier_block *nb,
@@ -42350,7 +43925,7 @@ index 7df7c5f..bd48c47 100644
static struct regulator *ac_draw;
@@ -369,7 +373,6 @@ static int pda_power_probe(struct platform_device *pdev)
- #ifdef CONFIG_USB_OTG_UTILS
+ #if IS_ENABLED(CONFIG_USB_PHY)
if (!IS_ERR_OR_NULL(transceiver) && pdata->use_otg_notifier) {
- otg_nb.notifier_call = otg_handle_notification;
ret = usb_register_notifier(transceiver, &otg_nb);
@@ -42376,7 +43951,7 @@ index cc439fd..8fa30df 100644
#endif /* CONFIG_SYSFS */
diff --git a/drivers/power/power_supply_core.c b/drivers/power/power_supply_core.c
-index 5deac43..608c5ff 100644
+index 1c517c3..ffa2f17 100644
--- a/drivers/power/power_supply_core.c
+++ b/drivers/power/power_supply_core.c
@@ -24,7 +24,10 @@
@@ -42389,9 +43964,9 @@ index 5deac43..608c5ff 100644
+ .groups = power_supply_attr_groups,
+};
- static int __power_supply_changed_work(struct device *dev, void *data)
- {
-@@ -393,7 +396,7 @@ static int __init power_supply_class_init(void)
+ static bool __power_supply_is_supplied_by(struct power_supply *supplier,
+ struct power_supply *supply)
+@@ -554,7 +557,7 @@ static int __init power_supply_class_init(void)
return PTR_ERR(power_supply_class);
power_supply_class->dev_uevent = power_supply_uevent;
@@ -42425,7 +44000,7 @@ index 29178f7..c65f324 100644
__power_supply_attrs[i] = &power_supply_attrs[i].attr;
}
diff --git a/drivers/regulator/max8660.c b/drivers/regulator/max8660.c
-index 4d7c635..9860196 100644
+index d428ef9..fdc0357 100644
--- a/drivers/regulator/max8660.c
+++ b/drivers/regulator/max8660.c
@@ -333,8 +333,10 @@ static int max8660_probe(struct i2c_client *client,
@@ -42442,7 +44017,7 @@ index 4d7c635..9860196 100644
/*
diff --git a/drivers/regulator/max8973-regulator.c b/drivers/regulator/max8973-regulator.c
-index 9a8ea91..c483dd9 100644
+index adb1414..c13e0ce 100644
--- a/drivers/regulator/max8973-regulator.c
+++ b/drivers/regulator/max8973-regulator.c
@@ -401,9 +401,11 @@ static int max8973_probe(struct i2c_client *client,
@@ -42461,10 +44036,10 @@ index 9a8ea91..c483dd9 100644
max->enable_external_control = pdata->enable_ext_control;
diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c
-index 9891aec..beb3083 100644
+index b716283..3cc4349 100644
--- a/drivers/regulator/mc13892-regulator.c
+++ b/drivers/regulator/mc13892-regulator.c
-@@ -583,10 +583,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev)
+@@ -582,10 +582,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev)
}
mc13xxx_unlock(mc13892);
@@ -42478,9 +44053,9 @@ index 9891aec..beb3083 100644
+ pax_close_kernel();
mc13xxx_data = mc13xxx_parse_regulators_dt(pdev, mc13892_regulators,
- ARRAY_SIZE(mc13892_regulators),
+ ARRAY_SIZE(mc13892_regulators));
diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c
-index cc5bea9..689f7d9 100644
+index f1cb706..4c7832a 100644
--- a/drivers/rtc/rtc-cmos.c
+++ b/drivers/rtc/rtc-cmos.c
@@ -724,7 +724,9 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq)
@@ -42516,10 +44091,10 @@ index d049393..bb20be0 100644
case RTC_PIE_ON:
diff --git a/drivers/rtc/rtc-ds1307.c b/drivers/rtc/rtc-ds1307.c
-index 970a236..3613169 100644
+index b53992a..776df84 100644
--- a/drivers/rtc/rtc-ds1307.c
+++ b/drivers/rtc/rtc-ds1307.c
-@@ -106,7 +106,7 @@ struct ds1307 {
+@@ -107,7 +107,7 @@ struct ds1307 {
u8 offset; /* register's offset */
u8 regs[11];
u16 nvram_offset;
@@ -42578,32 +44153,6 @@ index 23a90e7..9cf04ee 100644
/*
* Queue element to wait for room in request queue. FIFO order is
-diff --git a/drivers/scsi/bfa/bfad_debugfs.c b/drivers/scsi/bfa/bfad_debugfs.c
-index 439c012..b63d534 100644
---- a/drivers/scsi/bfa/bfad_debugfs.c
-+++ b/drivers/scsi/bfa/bfad_debugfs.c
-@@ -186,7 +186,7 @@ bfad_debugfs_lseek(struct file *file, loff_t offset, int orig)
- file->f_pos += offset;
- break;
- case 2:
-- file->f_pos = debug->buffer_len - offset;
-+ file->f_pos = debug->buffer_len + offset;
- break;
- default:
- return -EINVAL;
-diff --git a/drivers/scsi/fnic/fnic_debugfs.c b/drivers/scsi/fnic/fnic_debugfs.c
-index adc1f7f..85e1ffd 100644
---- a/drivers/scsi/fnic/fnic_debugfs.c
-+++ b/drivers/scsi/fnic/fnic_debugfs.c
-@@ -174,7 +174,7 @@ static loff_t fnic_trace_debugfs_lseek(struct file *file,
- pos = file->f_pos + offset;
- break;
- case 2:
-- pos = fnic_dbg_prt->buffer_len - offset;
-+ pos = fnic_dbg_prt->buffer_len + offset;
- }
- return (pos < 0 || pos > fnic_dbg_prt->buffer_len) ?
- -EINVAL : (file->f_pos = pos);
diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c
index df0c3c7..b00e1d0 100644
--- a/drivers/scsi/hosts.c
@@ -42767,7 +44316,7 @@ index 9816479..c5d4e97 100644
/* queue and queue Info */
struct list_head reqQ;
diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c
-index c772d8d..35c362c 100644
+index 8b928c6..9c76300 100644
--- a/drivers/scsi/libfc/fc_exch.c
+++ b/drivers/scsi/libfc/fc_exch.c
@@ -100,12 +100,12 @@ struct fc_exch_mgr {
@@ -42789,7 +44338,7 @@ index c772d8d..35c362c 100644
} stats;
};
-@@ -725,7 +725,7 @@ static struct fc_exch *fc_exch_em_alloc(struct fc_lport *lport,
+@@ -736,7 +736,7 @@ static struct fc_exch *fc_exch_em_alloc(struct fc_lport *lport,
/* allocate memory for exchange */
ep = mempool_alloc(mp->ep_pool, GFP_ATOMIC);
if (!ep) {
@@ -42798,7 +44347,7 @@ index c772d8d..35c362c 100644
goto out;
}
memset(ep, 0, sizeof(*ep));
-@@ -786,7 +786,7 @@ out:
+@@ -797,7 +797,7 @@ out:
return ep;
err:
spin_unlock_bh(&pool->lock);
@@ -42807,7 +44356,7 @@ index c772d8d..35c362c 100644
mempool_free(ep, mp->ep_pool);
return NULL;
}
-@@ -929,7 +929,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
+@@ -940,7 +940,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
xid = ntohs(fh->fh_ox_id); /* we originated exch */
ep = fc_exch_find(mp, xid);
if (!ep) {
@@ -42816,7 +44365,7 @@ index c772d8d..35c362c 100644
reject = FC_RJT_OX_ID;
goto out;
}
-@@ -959,7 +959,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
+@@ -970,7 +970,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
ep = fc_exch_find(mp, xid);
if ((f_ctl & FC_FC_FIRST_SEQ) && fc_sof_is_init(fr_sof(fp))) {
if (ep) {
@@ -42825,7 +44374,7 @@ index c772d8d..35c362c 100644
reject = FC_RJT_RX_ID;
goto rel;
}
-@@ -970,7 +970,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
+@@ -981,7 +981,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
}
xid = ep->xid; /* get our XID */
} else if (!ep) {
@@ -42834,7 +44383,7 @@ index c772d8d..35c362c 100644
reject = FC_RJT_RX_ID; /* XID not found */
goto out;
}
-@@ -987,7 +987,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
+@@ -998,7 +998,7 @@ static enum fc_pf_rjt_reason fc_seq_lookup_recip(struct fc_lport *lport,
} else {
sp = &ep->seq;
if (sp->id != fh->fh_seq_id) {
@@ -42843,7 +44392,7 @@ index c772d8d..35c362c 100644
if (f_ctl & FC_FC_END_SEQ) {
/*
* Update sequence_id based on incoming last
-@@ -1437,22 +1437,22 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
+@@ -1448,22 +1448,22 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
ep = fc_exch_find(mp, ntohs(fh->fh_ox_id));
if (!ep) {
@@ -42870,7 +44419,7 @@ index c772d8d..35c362c 100644
goto rel;
}
sof = fr_sof(fp);
-@@ -1461,7 +1461,7 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
+@@ -1472,7 +1472,7 @@ static void fc_exch_recv_seq_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
sp->ssb_stat |= SSB_ST_RESP;
sp->id = fh->fh_seq_id;
} else if (sp->id != fh->fh_seq_id) {
@@ -42879,7 +44428,7 @@ index c772d8d..35c362c 100644
goto rel;
}
-@@ -1525,9 +1525,9 @@ static void fc_exch_recv_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
+@@ -1536,9 +1536,9 @@ static void fc_exch_recv_resp(struct fc_exch_mgr *mp, struct fc_frame *fp)
sp = fc_seq_lookup_orig(mp, fp); /* doesn't hold sequence */
if (!sp)
@@ -42891,7 +44440,7 @@ index c772d8d..35c362c 100644
fc_frame_free(fp);
}
-@@ -2174,13 +2174,13 @@ void fc_exch_update_stats(struct fc_lport *lport)
+@@ -2185,13 +2185,13 @@ void fc_exch_update_stats(struct fc_lport *lport)
list_for_each_entry(ema, &lport->ema_list, ema_list) {
mp = ema->mp;
@@ -42912,7 +44461,7 @@ index c772d8d..35c362c 100644
}
EXPORT_SYMBOL(fc_exch_update_stats);
diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c
-index bdb81cd..d3c7c2c 100644
+index 161c98e..6d563b3 100644
--- a/drivers/scsi/libsas/sas_ata.c
+++ b/drivers/scsi/libsas/sas_ata.c
@@ -554,7 +554,7 @@ static struct ata_port_operations sas_sata_ops = {
@@ -42925,10 +44474,10 @@ index bdb81cd..d3c7c2c 100644
.qc_issue = sas_ata_qc_issue,
.qc_fill_rtf = sas_ata_qc_fill_rtf,
diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h
-index 7706c99..3b4fc0c 100644
+index bcc56ca..6f4174a 100644
--- a/drivers/scsi/lpfc/lpfc.h
+++ b/drivers/scsi/lpfc/lpfc.h
-@@ -424,7 +424,7 @@ struct lpfc_vport {
+@@ -431,7 +431,7 @@ struct lpfc_vport {
struct dentry *debug_nodelist;
struct dentry *vport_debugfs_root;
struct lpfc_debugfs_trc *disc_trc;
@@ -42937,7 +44486,7 @@ index 7706c99..3b4fc0c 100644
#endif
uint8_t stat_data_enabled;
uint8_t stat_data_blocked;
-@@ -853,8 +853,8 @@ struct lpfc_hba {
+@@ -865,8 +865,8 @@ struct lpfc_hba {
struct timer_list fabric_block_timer;
unsigned long bit_flags;
#define FABRIC_COMANDS_BLOCKED 0
@@ -42948,7 +44497,7 @@ index 7706c99..3b4fc0c 100644
unsigned long last_rsrc_error_time;
unsigned long last_ramp_down_time;
unsigned long last_ramp_up_time;
-@@ -890,7 +890,7 @@ struct lpfc_hba {
+@@ -902,7 +902,7 @@ struct lpfc_hba {
struct dentry *debug_slow_ring_trc;
struct lpfc_debugfs_trc *slow_ring_trc;
@@ -42958,7 +44507,7 @@ index 7706c99..3b4fc0c 100644
struct dentry *idiag_root;
struct dentry *idiag_pci_cfg;
diff --git a/drivers/scsi/lpfc/lpfc_debugfs.c b/drivers/scsi/lpfc/lpfc_debugfs.c
-index f63f5ff..32549a4 100644
+index f525ecb..32549a4 100644
--- a/drivers/scsi/lpfc/lpfc_debugfs.c
+++ b/drivers/scsi/lpfc/lpfc_debugfs.c
@@ -106,7 +106,7 @@ MODULE_PARM_DESC(lpfc_debugfs_mask_disc_trc,
@@ -43022,15 +44571,6 @@ index f63f5ff..32549a4 100644
dtp->jif = jiffies;
#endif
return;
-@@ -1178,7 +1178,7 @@ lpfc_debugfs_lseek(struct file *file, loff_t off, int whence)
- pos = file->f_pos + off;
- break;
- case 2:
-- pos = debug->len - off;
-+ pos = debug->len + off;
- }
- return (pos < 0 || pos > debug->len) ? -EINVAL : (file->f_pos = pos);
- }
@@ -4182,7 +4182,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport)
"slow_ring buffer\n");
goto debug_failed;
@@ -43050,10 +44590,10 @@ index f63f5ff..32549a4 100644
snprintf(name, sizeof(name), "discovery_trace");
vport->debug_disc_trc =
diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c
-index 314b4f6..7005d10 100644
+index cb465b2..2e7b25f 100644
--- a/drivers/scsi/lpfc/lpfc_init.c
+++ b/drivers/scsi/lpfc/lpfc_init.c
-@@ -10551,8 +10551,10 @@ lpfc_init(void)
+@@ -10950,8 +10950,10 @@ lpfc_init(void)
"misc_register returned with status %d", error);
if (lpfc_enable_npiv) {
@@ -43067,10 +44607,10 @@ index 314b4f6..7005d10 100644
lpfc_transport_template =
fc_attach_transport(&lpfc_transport_functions);
diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c
-index 98af07c..7625fb5 100644
+index 8523b278e..ce1d812 100644
--- a/drivers/scsi/lpfc/lpfc_scsi.c
+++ b/drivers/scsi/lpfc/lpfc_scsi.c
-@@ -325,7 +325,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba)
+@@ -331,7 +331,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba)
uint32_t evt_posted;
spin_lock_irqsave(&phba->hbalock, flags);
@@ -43079,7 +44619,7 @@ index 98af07c..7625fb5 100644
phba->last_rsrc_error_time = jiffies;
if ((phba->last_ramp_down_time + QUEUE_RAMP_DOWN_INTERVAL) > jiffies) {
-@@ -366,7 +366,7 @@ lpfc_rampup_queue_depth(struct lpfc_vport *vport,
+@@ -372,7 +372,7 @@ lpfc_rampup_queue_depth(struct lpfc_vport *vport,
unsigned long flags;
struct lpfc_hba *phba = vport->phba;
uint32_t evt_posted;
@@ -43088,7 +44628,7 @@ index 98af07c..7625fb5 100644
if (vport->cfg_lun_queue_depth <= queue_depth)
return;
-@@ -410,8 +410,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba)
+@@ -416,8 +416,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba)
unsigned long num_rsrc_err, num_cmd_success;
int i;
@@ -43099,7 +44639,7 @@ index 98af07c..7625fb5 100644
/*
* The error and success command counters are global per
-@@ -439,8 +439,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba)
+@@ -445,8 +445,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba)
}
}
lpfc_destroy_vport_work_array(phba, vports);
@@ -43110,7 +44650,7 @@ index 98af07c..7625fb5 100644
}
/**
-@@ -474,8 +474,8 @@ lpfc_ramp_up_queue_handler(struct lpfc_hba *phba)
+@@ -480,8 +480,8 @@ lpfc_ramp_up_queue_handler(struct lpfc_hba *phba)
}
}
lpfc_destroy_vport_work_array(phba, vports);
@@ -43121,133 +44661,8 @@ index 98af07c..7625fb5 100644
}
/**
-diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
-index 9d53540..e5a5746 100644
---- a/drivers/scsi/megaraid/megaraid_sas_base.c
-+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
-@@ -4852,10 +4852,12 @@ megasas_mgmt_fw_ioctl(struct megasas_instance *instance,
- sense, sense_handle);
- }
-
-- for (i = 0; i < ioc->sge_count && kbuff_arr[i]; i++) {
-- dma_free_coherent(&instance->pdev->dev,
-- kern_sge32[i].length,
-- kbuff_arr[i], kern_sge32[i].phys_addr);
-+ for (i = 0; i < ioc->sge_count; i++) {
-+ if (kbuff_arr[i])
-+ dma_free_coherent(&instance->pdev->dev,
-+ kern_sge32[i].length,
-+ kbuff_arr[i],
-+ kern_sge32[i].phys_addr);
- }
-
- megasas_return_cmd(instance, cmd);
-diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
-index dcbf7c8..f8c4b85 100644
---- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c
-+++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
-@@ -1273,6 +1273,7 @@ _scsih_slave_alloc(struct scsi_device *sdev)
- struct MPT3SAS_DEVICE *sas_device_priv_data;
- struct scsi_target *starget;
- struct _raid_device *raid_device;
-+ struct _sas_device *sas_device;
- unsigned long flags;
-
- sas_device_priv_data = kzalloc(sizeof(struct scsi_device), GFP_KERNEL);
-@@ -1301,6 +1302,19 @@ _scsih_slave_alloc(struct scsi_device *sdev)
- spin_unlock_irqrestore(&ioc->raid_device_lock, flags);
- }
-
-+ if (!(sas_target_priv_data->flags & MPT_TARGET_FLAGS_VOLUME)) {
-+ spin_lock_irqsave(&ioc->sas_device_lock, flags);
-+ sas_device = mpt3sas_scsih_sas_device_find_by_sas_address(ioc,
-+ sas_target_priv_data->sas_address);
-+ if (sas_device && (sas_device->starget == NULL)) {
-+ sdev_printk(KERN_INFO, sdev,
-+ "%s : sas_device->starget set to starget @ %d\n",
-+ __func__, __LINE__);
-+ sas_device->starget = starget;
-+ }
-+ spin_unlock_irqrestore(&ioc->sas_device_lock, flags);
-+ }
-+
- return 0;
- }
-
-@@ -6392,7 +6406,7 @@ _scsih_search_responding_sas_devices(struct MPT3SAS_ADAPTER *ioc)
- handle))) {
- ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
- MPI2_IOCSTATUS_MASK;
-- if (ioc_status == MPI2_IOCSTATUS_CONFIG_INVALID_PAGE)
-+ if (ioc_status != MPI2_IOCSTATUS_SUCCESS)
- break;
- handle = le16_to_cpu(sas_device_pg0.DevHandle);
- device_info = le32_to_cpu(sas_device_pg0.DeviceInfo);
-@@ -6494,7 +6508,7 @@ _scsih_search_responding_raid_devices(struct MPT3SAS_ADAPTER *ioc)
- &volume_pg1, MPI2_RAID_VOLUME_PGAD_FORM_GET_NEXT_HANDLE, handle))) {
- ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
- MPI2_IOCSTATUS_MASK;
-- if (ioc_status == MPI2_IOCSTATUS_CONFIG_INVALID_PAGE)
-+ if (ioc_status != MPI2_IOCSTATUS_SUCCESS)
- break;
- handle = le16_to_cpu(volume_pg1.DevHandle);
-
-@@ -6518,7 +6532,7 @@ _scsih_search_responding_raid_devices(struct MPT3SAS_ADAPTER *ioc)
- phys_disk_num))) {
- ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
- MPI2_IOCSTATUS_MASK;
-- if (ioc_status == MPI2_IOCSTATUS_CONFIG_INVALID_PAGE)
-+ if (ioc_status != MPI2_IOCSTATUS_SUCCESS)
- break;
- phys_disk_num = pd_pg0.PhysDiskNum;
- handle = le16_to_cpu(pd_pg0.DevHandle);
-@@ -6597,7 +6611,7 @@ _scsih_search_responding_expanders(struct MPT3SAS_ADAPTER *ioc)
-
- ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
- MPI2_IOCSTATUS_MASK;
-- if (ioc_status == MPI2_IOCSTATUS_CONFIG_INVALID_PAGE)
-+ if (ioc_status != MPI2_IOCSTATUS_SUCCESS)
- break;
-
- handle = le16_to_cpu(expander_pg0.DevHandle);
-@@ -6742,8 +6756,6 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
- MPI2_SAS_EXPAND_PGAD_FORM_GET_NEXT_HNDL, handle))) {
- ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
- MPI2_IOCSTATUS_MASK;
-- if (ioc_status == MPI2_IOCSTATUS_CONFIG_INVALID_PAGE)
-- break;
- if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_info(MPT3SAS_FMT "\tbreak from expander scan: " \
- "ioc_status(0x%04x), loginfo(0x%08x)\n",
-@@ -6787,8 +6799,6 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
- phys_disk_num))) {
- ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
- MPI2_IOCSTATUS_MASK;
-- if (ioc_status == MPI2_IOCSTATUS_CONFIG_INVALID_PAGE)
-- break;
- if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_info(MPT3SAS_FMT "\tbreak from phys disk scan: "\
- "ioc_status(0x%04x), loginfo(0x%08x)\n",
-@@ -6854,8 +6864,6 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
- &volume_pg1, MPI2_RAID_VOLUME_PGAD_FORM_GET_NEXT_HANDLE, handle))) {
- ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
- MPI2_IOCSTATUS_MASK;
-- if (ioc_status == MPI2_IOCSTATUS_CONFIG_INVALID_PAGE)
-- break;
- if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_info(MPT3SAS_FMT "\tbreak from volume scan: " \
- "ioc_status(0x%04x), loginfo(0x%08x)\n",
-@@ -6914,8 +6922,6 @@ _scsih_scan_for_devices_after_reset(struct MPT3SAS_ADAPTER *ioc)
- handle))) {
- ioc_status = le16_to_cpu(mpi_reply.IOCStatus) &
- MPI2_IOCSTATUS_MASK;
-- if (ioc_status == MPI2_IOCSTATUS_CONFIG_INVALID_PAGE)
-- break;
- if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
- pr_info(MPT3SAS_FMT "\tbreak from end device scan:"\
- " ioc_status(0x%04x), loginfo(0x%08x)\n",
diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c
-index b46f5e9..c4c4ccb 100644
+index 8e1b737..50ff510 100644
--- a/drivers/scsi/pmcraid.c
+++ b/drivers/scsi/pmcraid.c
@@ -200,8 +200,8 @@ static int pmcraid_slave_alloc(struct scsi_device *scsi_dev)
@@ -43282,7 +44697,7 @@ index b46f5e9..c4c4ccb 100644
pinstance->num_hrrq;
cmd->cmd_done = pmcraid_io_done;
-@@ -3859,7 +3859,7 @@ static long pmcraid_ioctl_passthrough(
+@@ -3846,7 +3846,7 @@ static long pmcraid_ioctl_passthrough(
* block of scsi_cmd which is re-used (e.g. cancel/abort), which uses
* hrrq_id assigned here in queuecommand
*/
@@ -43291,7 +44706,7 @@ index b46f5e9..c4c4ccb 100644
pinstance->num_hrrq;
if (request_size) {
-@@ -4497,7 +4497,7 @@ static void pmcraid_worker_function(struct work_struct *workp)
+@@ -4483,7 +4483,7 @@ static void pmcraid_worker_function(struct work_struct *workp)
pinstance = container_of(workp, struct pmcraid_instance, worker_q);
/* add resources only after host is added into system */
@@ -43300,7 +44715,7 @@ index b46f5e9..c4c4ccb 100644
return;
fw_version = be16_to_cpu(pinstance->inq_data->fw_version);
-@@ -5324,8 +5324,8 @@ static int pmcraid_init_instance(struct pci_dev *pdev, struct Scsi_Host *host,
+@@ -5310,8 +5310,8 @@ static int pmcraid_init_instance(struct pci_dev *pdev, struct Scsi_Host *host,
init_waitqueue_head(&pinstance->reset_wait_q);
atomic_set(&pinstance->outstanding_cmds, 0);
@@ -43311,7 +44726,7 @@ index b46f5e9..c4c4ccb 100644
INIT_LIST_HEAD(&pinstance->free_res_q);
INIT_LIST_HEAD(&pinstance->used_res_q);
-@@ -6038,7 +6038,7 @@ static int pmcraid_probe(struct pci_dev *pdev,
+@@ -6024,7 +6024,7 @@ static int pmcraid_probe(struct pci_dev *pdev,
/* Schedule worker thread to handle CCN and take care of adding and
* removing devices to OS
*/
@@ -43354,10 +44769,10 @@ index e1d150f..6c6df44 100644
/* To indicate add/delete/modify during CCN */
u8 change_detected;
diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c
-index b3db9dc..c3b1756 100644
+index bf60c63..74d4dce 100644
--- a/drivers/scsi/qla2xxx/qla_attr.c
+++ b/drivers/scsi/qla2xxx/qla_attr.c
-@@ -1971,7 +1971,7 @@ qla24xx_vport_disable(struct fc_vport *fc_vport, bool disable)
+@@ -2001,7 +2001,7 @@ qla24xx_vport_disable(struct fc_vport *fc_vport, bool disable)
return 0;
}
@@ -43366,7 +44781,7 @@ index b3db9dc..c3b1756 100644
.show_host_node_name = 1,
.show_host_port_name = 1,
-@@ -2018,7 +2018,7 @@ struct fc_function_template qla2xxx_transport_functions = {
+@@ -2048,7 +2048,7 @@ struct fc_function_template qla2xxx_transport_functions = {
.bsg_timeout = qla24xx_bsg_timeout,
};
@@ -43376,10 +44791,10 @@ index b3db9dc..c3b1756 100644
.show_host_node_name = 1,
.show_host_port_name = 1,
diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h
-index b310fa9..b9b3944 100644
+index 026bfde..90c4018 100644
--- a/drivers/scsi/qla2xxx/qla_gbl.h
+++ b/drivers/scsi/qla2xxx/qla_gbl.h
-@@ -523,8 +523,8 @@ extern void qla2x00_get_sym_node_name(scsi_qla_host_t *, uint8_t *);
+@@ -528,8 +528,8 @@ extern void qla2x00_get_sym_node_name(scsi_qla_host_t *, uint8_t *);
struct device_attribute;
extern struct device_attribute *qla2x00_host_attrs[];
struct fc_function_template;
@@ -43391,10 +44806,10 @@ index b310fa9..b9b3944 100644
extern void qla2x00_free_sysfs_attr(scsi_qla_host_t *);
extern void qla2x00_init_host_attr(scsi_qla_host_t *);
diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c
-index 2c6dd3d..e5ecd82 100644
+index ad72c1d..afc9a98 100644
--- a/drivers/scsi/qla2xxx/qla_os.c
+++ b/drivers/scsi/qla2xxx/qla_os.c
-@@ -1554,8 +1554,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha)
+@@ -1571,8 +1571,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha)
!pci_set_consistent_dma_mask(ha->pdev, DMA_BIT_MASK(64))) {
/* Ok, a 64bit DMA mask is applicable. */
ha->flags.enable_64bit_addressing = 1;
@@ -43408,10 +44823,10 @@ index 2c6dd3d..e5ecd82 100644
}
}
diff --git a/drivers/scsi/qla4xxx/ql4_def.h b/drivers/scsi/qla4xxx/ql4_def.h
-index 129f5dd..ade53e8 100644
+index ddf16a8..80f4dd0 100644
--- a/drivers/scsi/qla4xxx/ql4_def.h
+++ b/drivers/scsi/qla4xxx/ql4_def.h
-@@ -275,7 +275,7 @@ struct ddb_entry {
+@@ -291,7 +291,7 @@ struct ddb_entry {
* (4000 only) */
atomic_t relogin_timer; /* Max Time to wait for
* relogin to complete */
@@ -43421,10 +44836,10 @@ index 129f5dd..ade53e8 100644
uint32_t default_time2wait; /* Default Min time between
* relogins (+aens) */
diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c
-index 6142729..b6a85c9 100644
+index 4d231c1..2892c37 100644
--- a/drivers/scsi/qla4xxx/ql4_os.c
+++ b/drivers/scsi/qla4xxx/ql4_os.c
-@@ -2622,12 +2622,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess)
+@@ -2971,12 +2971,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess)
*/
if (!iscsi_is_session_online(cls_sess)) {
/* Reset retry relogin timer */
@@ -43439,7 +44854,7 @@ index 6142729..b6a85c9 100644
ddb_entry->default_time2wait + 4));
set_bit(DPC_RELOGIN_DEVICE, &ha->dpc_flags);
atomic_set(&ddb_entry->retry_relogin_timer,
-@@ -4742,7 +4742,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha,
+@@ -5081,7 +5081,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha,
atomic_set(&ddb_entry->retry_relogin_timer, INVALID_ENTRY);
atomic_set(&ddb_entry->relogin_timer, 0);
@@ -43449,7 +44864,7 @@ index 6142729..b6a85c9 100644
ddb_entry->default_relogin_timeout =
(def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ?
diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c
-index 2c0d0ec..4e8681a 100644
+index eaa808e..95f8841 100644
--- a/drivers/scsi/scsi.c
+++ b/drivers/scsi/scsi.c
@@ -661,7 +661,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd)
@@ -43462,10 +44877,10 @@ index 2c0d0ec..4e8681a 100644
/* check if the device is still usable */
if (unlikely(cmd->device->sdev_state == SDEV_DEL)) {
diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c
-index c31187d..0ead8c3 100644
+index 86d5220..f22c51a 100644
--- a/drivers/scsi/scsi_lib.c
+++ b/drivers/scsi/scsi_lib.c
-@@ -1459,7 +1459,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
+@@ -1458,7 +1458,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q)
shost = sdev->host;
scsi_init_cmd_errh(cmd);
cmd->result = DID_NO_CONNECT << 16;
@@ -43474,7 +44889,7 @@ index c31187d..0ead8c3 100644
/*
* SCSI request completion path will do scsi_device_unbusy(),
-@@ -1485,9 +1485,9 @@ static void scsi_softirq_done(struct request *rq)
+@@ -1484,9 +1484,9 @@ static void scsi_softirq_done(struct request *rq)
INIT_LIST_HEAD(&cmd->eh_entry);
@@ -43513,10 +44928,10 @@ index 84a1fdf..693b0d6 100644
/*
* TODO: need to fixup sg_tablesize, max_segment_size,
diff --git a/drivers/scsi/scsi_transport_fc.c b/drivers/scsi/scsi_transport_fc.c
-index e894ca7..de9d7660 100644
+index e106c27..11a380e 100644
--- a/drivers/scsi/scsi_transport_fc.c
+++ b/drivers/scsi/scsi_transport_fc.c
-@@ -498,7 +498,7 @@ static DECLARE_TRANSPORT_CLASS(fc_vport_class,
+@@ -497,7 +497,7 @@ static DECLARE_TRANSPORT_CLASS(fc_vport_class,
* Netlink Infrastructure
*/
@@ -43525,7 +44940,7 @@ index e894ca7..de9d7660 100644
/**
* fc_get_event_number - Obtain the next sequential FC event number
-@@ -511,7 +511,7 @@ static atomic_t fc_event_seq;
+@@ -510,7 +510,7 @@ static atomic_t fc_event_seq;
u32
fc_get_event_number(void)
{
@@ -43534,7 +44949,7 @@ index e894ca7..de9d7660 100644
}
EXPORT_SYMBOL(fc_get_event_number);
-@@ -659,7 +659,7 @@ static __init int fc_transport_init(void)
+@@ -654,7 +654,7 @@ static __init int fc_transport_init(void)
{
int error;
@@ -43543,7 +44958,7 @@ index e894ca7..de9d7660 100644
error = transport_class_register(&fc_host_class);
if (error)
-@@ -849,7 +849,7 @@ static int fc_str_to_dev_loss(const char *buf, unsigned long *val)
+@@ -844,7 +844,7 @@ static int fc_str_to_dev_loss(const char *buf, unsigned long *val)
char *cp;
*val = simple_strtoul(buf, &cp, 0);
@@ -43553,10 +44968,10 @@ index e894ca7..de9d7660 100644
/*
* Check for overflow; dev_loss_tmo is u32
diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c
-index 0a74b97..fa8d648 100644
+index 133926b..903000d 100644
--- a/drivers/scsi/scsi_transport_iscsi.c
+++ b/drivers/scsi/scsi_transport_iscsi.c
-@@ -79,7 +79,7 @@ struct iscsi_internal {
+@@ -80,7 +80,7 @@ struct iscsi_internal {
struct transport_container session_cont;
};
@@ -43565,7 +44980,7 @@ index 0a74b97..fa8d648 100644
static struct workqueue_struct *iscsi_eh_timer_workq;
static DEFINE_IDA(iscsi_sess_ida);
-@@ -1064,7 +1064,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id)
+@@ -1738,7 +1738,7 @@ int iscsi_add_session(struct iscsi_cls_session *session, unsigned int target_id)
int err;
ihost = shost->shost_data;
@@ -43574,7 +44989,7 @@ index 0a74b97..fa8d648 100644
if (target_id == ISCSI_MAX_TARGET) {
id = ida_simple_get(&iscsi_sess_ida, 0, 0, GFP_KERNEL);
-@@ -2955,7 +2955,7 @@ static __init int iscsi_transport_init(void)
+@@ -3944,7 +3944,7 @@ static __init int iscsi_transport_init(void)
printk(KERN_INFO "Loading iSCSI transport class v%s.\n",
ISCSI_TRANSPORT_VERSION);
@@ -43615,10 +45030,10 @@ index f379c7f..e8fc69c 100644
transport_setup_device(&rport->dev);
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index 0f0370f..7e076c4 100644
+index 610417e..1544fa9 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
-@@ -2929,7 +2929,7 @@ static int sd_probe(struct device *dev)
+@@ -2928,7 +2928,7 @@ static int sd_probe(struct device *dev)
sdkp->disk = gd;
sdkp->index = index;
atomic_set(&sdkp->openers, 0);
@@ -43628,10 +45043,10 @@ index 0f0370f..7e076c4 100644
if (!sdp->request_queue->rq_timeout) {
if (sdp->type != TYPE_MOD)
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c
-index 9f0c465..47194ee 100644
+index df5e961..df6b97f 100644
--- a/drivers/scsi/sg.c
+++ b/drivers/scsi/sg.c
-@@ -1101,7 +1101,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
+@@ -1102,7 +1102,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)
sdp->disk->disk_name,
MKDEV(SCSI_GENERIC_MAJOR, sdp->index),
NULL,
@@ -43641,10 +45056,10 @@ index 9f0c465..47194ee 100644
return blk_trace_startstop(sdp->device->request_queue, 1);
case BLKTRACESTOP:
diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c
-index 004b10f..7c98d51 100644
+index 32b7bb1..2f1c4bd 100644
--- a/drivers/spi/spi.c
+++ b/drivers/spi/spi.c
-@@ -1620,7 +1620,7 @@ int spi_bus_unlock(struct spi_master *master)
+@@ -1631,7 +1631,7 @@ int spi_bus_unlock(struct spi_master *master)
EXPORT_SYMBOL_GPL(spi_bus_unlock);
/* portable code must never pass more than 32 bytes */
@@ -43653,19 +45068,19 @@ index 004b10f..7c98d51 100644
static u8 *buf;
-diff --git a/drivers/staging/iio/iio_hwmon.c b/drivers/staging/iio/iio_hwmon.c
-index 93af756..a4bc5bf 100644
---- a/drivers/staging/iio/iio_hwmon.c
-+++ b/drivers/staging/iio/iio_hwmon.c
-@@ -67,7 +67,7 @@ static int iio_hwmon_probe(struct platform_device *pdev)
+diff --git a/drivers/staging/media/solo6x10/solo6x10-core.c b/drivers/staging/media/solo6x10/solo6x10-core.c
+index 3675020..e80d92c 100644
+--- a/drivers/staging/media/solo6x10/solo6x10-core.c
++++ b/drivers/staging/media/solo6x10/solo6x10-core.c
+@@ -434,7 +434,7 @@ static void solo_device_release(struct device *dev)
+
+ static int solo_sysfs_init(struct solo_dev *solo_dev)
{
- struct device *dev = &pdev->dev;
- struct iio_hwmon_state *st;
-- struct sensor_device_attribute *a;
-+ sensor_device_attribute_no_const *a;
- int ret, i;
- int in_i = 1, temp_i = 1, curr_i = 1;
- enum iio_chan_type type;
+- struct bin_attribute *sdram_attr = &solo_dev->sdram_attr;
++ bin_attribute_no_const *sdram_attr = &solo_dev->sdram_attr;
+ struct device *dev = &solo_dev->dev;
+ const char *driver;
+ int i;
diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c
index 34afc16..ffe44dd 100644
--- a/drivers/staging/octeon/ethernet-rx.c
@@ -43745,7 +45160,7 @@ index 1f5088b..0e59820 100644
return 0;
diff --git a/drivers/staging/usbip/vhci.h b/drivers/staging/usbip/vhci.h
-index 5dddc4d..34fcb2f 100644
+index a863a98..d272795 100644
--- a/drivers/staging/usbip/vhci.h
+++ b/drivers/staging/usbip/vhci.h
@@ -83,7 +83,7 @@ struct vhci_hcd {
@@ -43758,7 +45173,7 @@ index 5dddc4d..34fcb2f 100644
/*
* NOTE:
diff --git a/drivers/staging/usbip/vhci_hcd.c b/drivers/staging/usbip/vhci_hcd.c
-index f1ca084..7b5c0c3 100644
+index d7974cb..d78076b 100644
--- a/drivers/staging/usbip/vhci_hcd.c
+++ b/drivers/staging/usbip/vhci_hcd.c
@@ -441,7 +441,7 @@ static void vhci_tx_urb(struct urb *urb)
@@ -43789,10 +45204,10 @@ index f1ca084..7b5c0c3 100644
hcd->power_budget = 0; /* no limit */
diff --git a/drivers/staging/usbip/vhci_rx.c b/drivers/staging/usbip/vhci_rx.c
-index faf8e60..c46f8ab 100644
+index d07fcb5..358e1e1 100644
--- a/drivers/staging/usbip/vhci_rx.c
+++ b/drivers/staging/usbip/vhci_rx.c
-@@ -76,7 +76,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev,
+@@ -80,7 +80,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev,
if (!urb) {
pr_err("cannot find a urb of seqnum %u\n", pdu->base.seqnum);
pr_info("max seqnum %d\n",
@@ -43802,10 +45217,10 @@ index faf8e60..c46f8ab 100644
return;
}
diff --git a/drivers/staging/vt6655/hostap.c b/drivers/staging/vt6655/hostap.c
-index 5f13890..36a044b 100644
+index 8417c2f..ef5ebd6 100644
--- a/drivers/staging/vt6655/hostap.c
+++ b/drivers/staging/vt6655/hostap.c
-@@ -73,14 +73,13 @@ static int msglevel =MSG_LEVEL_INFO;
+@@ -69,14 +69,13 @@ static int msglevel = MSG_LEVEL_INFO;
*
*/
@@ -43813,17 +45228,17 @@ index 5f13890..36a044b 100644
+
static int hostap_enable_hostapd(PSDevice pDevice, int rtnl_locked)
{
- PSDevice apdev_priv;
+ PSDevice apdev_priv;
struct net_device *dev = pDevice->dev;
int ret;
- const struct net_device_ops apdev_netdev_ops = {
- .ndo_start_xmit = pDevice->tx_80211,
- };
- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "%s: Enabling hostapd mode\n", dev->name);
+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "%s: Enabling hostapd mode\n", dev->name);
-@@ -92,6 +91,8 @@ static int hostap_enable_hostapd(PSDevice pDevice, int rtnl_locked)
- *apdev_priv = *pDevice;
+@@ -88,6 +87,8 @@ static int hostap_enable_hostapd(PSDevice pDevice, int rtnl_locked)
+ *apdev_priv = *pDevice;
memcpy(pDevice->apdev->dev_addr, dev->dev_addr, ETH_ALEN);
+ /* only half broken now */
@@ -43832,7 +45247,7 @@ index 5f13890..36a044b 100644
pDevice->apdev->type = ARPHRD_IEEE80211;
diff --git a/drivers/staging/vt6656/hostap.c b/drivers/staging/vt6656/hostap.c
-index a94e66f..31984d0 100644
+index c699a30..b90a5fd 100644
--- a/drivers/staging/vt6656/hostap.c
+++ b/drivers/staging/vt6656/hostap.c
@@ -60,14 +60,13 @@ static int msglevel =MSG_LEVEL_INFO;
@@ -43862,10 +45277,10 @@ index a94e66f..31984d0 100644
pDevice->apdev->type = ARPHRD_IEEE80211;
diff --git a/drivers/staging/zcache/tmem.c b/drivers/staging/zcache/tmem.c
-index a2b7e03..9ff4bbd 100644
+index d7e51e4..d07eaab 100644
--- a/drivers/staging/zcache/tmem.c
+++ b/drivers/staging/zcache/tmem.c
-@@ -50,7 +50,7 @@
+@@ -51,7 +51,7 @@
* A tmem host implementation must use this function to register callbacks
* for memory allocation.
*/
@@ -43874,7 +45289,7 @@ index a2b7e03..9ff4bbd 100644
static void tmem_objnode_tree_init(void);
-@@ -64,7 +64,7 @@ void tmem_register_hostops(struct tmem_hostops *m)
+@@ -65,7 +65,7 @@ void tmem_register_hostops(struct tmem_hostops *m)
* A tmem host implementation must use this function to register
* callbacks for a page-accessible memory (PAM) implementation.
*/
@@ -43884,7 +45299,7 @@ index a2b7e03..9ff4bbd 100644
void tmem_register_pamops(struct tmem_pamops *m)
{
diff --git a/drivers/staging/zcache/tmem.h b/drivers/staging/zcache/tmem.h
-index adbe5a8..d387359 100644
+index d128ce2..a43980c 100644
--- a/drivers/staging/zcache/tmem.h
+++ b/drivers/staging/zcache/tmem.h
@@ -226,6 +226,7 @@ struct tmem_pamops {
@@ -43904,10 +45319,10 @@ index adbe5a8..d387359 100644
/* core tmem accessor functions */
diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c
-index 2e4d655..fd72e68 100644
+index 4630481..c26782a 100644
--- a/drivers/target/target_core_device.c
+++ b/drivers/target/target_core_device.c
-@@ -1414,7 +1414,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
+@@ -1400,7 +1400,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name)
spin_lock_init(&dev->se_port_lock);
spin_lock_init(&dev->se_tmr_lock);
spin_lock_init(&dev->qf_cmd_lock);
@@ -43917,10 +45332,10 @@ index 2e4d655..fd72e68 100644
spin_lock_init(&dev->t10_wwn.t10_vpd_lock);
INIT_LIST_HEAD(&dev->t10_pr.registration_list);
diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c
-index fc9a5a0..1d5975e 100644
+index 21e3158..43c6004 100644
--- a/drivers/target/target_core_transport.c
+++ b/drivers/target/target_core_transport.c
-@@ -1081,7 +1081,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd)
+@@ -1080,7 +1080,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd)
* Used to determine when ORDERED commands should go from
* Dormant to Active status.
*/
@@ -43930,10 +45345,10 @@ index fc9a5a0..1d5975e 100644
pr_debug("Allocated se_ordered_id: %u for Task Attr: 0x%02x on %s\n",
cmd->se_ordered_id, cmd->sam_task_attr,
diff --git a/drivers/tty/cyclades.c b/drivers/tty/cyclades.c
-index 345bd0e..61d5375 100644
+index 33f83fe..d80f8e1 100644
--- a/drivers/tty/cyclades.c
+++ b/drivers/tty/cyclades.c
-@@ -1576,10 +1576,10 @@ static int cy_open(struct tty_struct *tty, struct file *filp)
+@@ -1570,10 +1570,10 @@ static int cy_open(struct tty_struct *tty, struct file *filp)
printk(KERN_DEBUG "cyc:cy_open ttyC%d, count = %d\n", info->line,
info->port.count);
#endif
@@ -43946,7 +45361,7 @@ index 345bd0e..61d5375 100644
#endif
/*
-@@ -3978,7 +3978,7 @@ static int cyclades_proc_show(struct seq_file *m, void *v)
+@@ -3972,7 +3972,7 @@ static int cyclades_proc_show(struct seq_file *m, void *v)
for (j = 0; j < cy_card[i].nports; j++) {
info = &cy_card[i].ports[j];
@@ -44228,10 +45643,10 @@ index 8fd72ff..34a0bed 100644
ipwireless_disassociate_network_ttys(network,
ttyj->channel_idx);
diff --git a/drivers/tty/moxa.c b/drivers/tty/moxa.c
-index adeac25..787a0a1 100644
+index 1deaca4..c8582d4 100644
--- a/drivers/tty/moxa.c
+++ b/drivers/tty/moxa.c
-@@ -1193,7 +1193,7 @@ static int moxa_open(struct tty_struct *tty, struct file *filp)
+@@ -1189,7 +1189,7 @@ static int moxa_open(struct tty_struct *tty, struct file *filp)
}
ch = &brd->ports[port % MAX_PORTS_PER_BOARD];
@@ -44241,10 +45656,10 @@ index adeac25..787a0a1 100644
tty_port_tty_set(&ch->port, tty);
mutex_lock(&ch->port.mutex);
diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c
-index 4a43ef5d7..aa71f27 100644
+index 6422390..49003ac8 100644
--- a/drivers/tty/n_gsm.c
+++ b/drivers/tty/n_gsm.c
-@@ -1636,7 +1636,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
+@@ -1632,7 +1632,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr)
spin_lock_init(&dlci->lock);
mutex_init(&dlci->mutex);
dlci->fifo = &dlci->_fifo;
@@ -44253,7 +45668,7 @@ index 4a43ef5d7..aa71f27 100644
kfree(dlci);
return NULL;
}
-@@ -2936,7 +2936,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp)
+@@ -2932,7 +2932,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp)
struct gsm_dlci *dlci = tty->driver_data;
struct tty_port *port = &dlci->port;
@@ -44263,10 +45678,10 @@ index 4a43ef5d7..aa71f27 100644
dlci_get(dlci->gsm->dlci[0]);
mux_get(dlci->gsm);
diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index 1f8cba6..47b06c2 100644
+index 6c7fe90..9241dab 100644
--- a/drivers/tty/n_tty.c
+++ b/drivers/tty/n_tty.c
-@@ -2205,6 +2205,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
+@@ -2203,6 +2203,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
{
*ops = tty_ldisc_N_TTY;
ops->owner = NULL;
@@ -44276,10 +45691,10 @@ index 1f8cba6..47b06c2 100644
}
EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c
-index 74a5e8b..40c36a7 100644
+index abfd990..5ab5da9 100644
--- a/drivers/tty/pty.c
+++ b/drivers/tty/pty.c
-@@ -797,8 +797,10 @@ static void __init unix98_pty_init(void)
+@@ -796,8 +796,10 @@ static void __init unix98_pty_init(void)
panic("Couldn't register Unix98 pts driver");
/* Now create the /dev/ptmx special device */
@@ -44292,10 +45707,10 @@ index 74a5e8b..40c36a7 100644
cdev_init(&ptmx_cdev, &ptmx_fops);
if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
diff --git a/drivers/tty/rocket.c b/drivers/tty/rocket.c
-index 1d27003..959f452 100644
+index 354564e..fe50d9a 100644
--- a/drivers/tty/rocket.c
+++ b/drivers/tty/rocket.c
-@@ -923,7 +923,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp)
+@@ -914,7 +914,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp)
tty->driver_data = info;
tty_port_tty_set(port, tty);
@@ -44304,7 +45719,7 @@ index 1d27003..959f452 100644
atomic_inc(&rp_num_ports_open);
#ifdef ROCKET_DEBUG_OPEN
-@@ -932,7 +932,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp)
+@@ -923,7 +923,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp)
#endif
}
#ifdef ROCKET_DEBUG_OPEN
@@ -44313,7 +45728,7 @@ index 1d27003..959f452 100644
#endif
/*
-@@ -1527,7 +1527,7 @@ static void rp_hangup(struct tty_struct *tty)
+@@ -1515,7 +1515,7 @@ static void rp_hangup(struct tty_struct *tty)
spin_unlock_irqrestore(&info->port.lock, flags);
return;
}
@@ -44429,10 +45844,10 @@ index 1002054..dd644a8 100644
/* This is only available if kgdboc is a built in for early debugging */
static int __init kgdboc_early_init(char *opt)
diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c
-index 2769a38..f3dbe48 100644
+index 0c8a9fa..234a95f 100644
--- a/drivers/tty/serial/samsung.c
+++ b/drivers/tty/serial/samsung.c
-@@ -451,11 +451,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port)
+@@ -453,11 +453,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port)
}
}
@@ -44449,7 +45864,7 @@ index 2769a38..f3dbe48 100644
dbg("s3c24xx_serial_startup: port=%p (%08lx,%p)\n",
port->mapbase, port->membase);
-@@ -1120,10 +1125,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport,
+@@ -1124,10 +1129,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport,
/* setup info for port */
port->dev = &platdev->dev;
@@ -44461,7 +45876,7 @@ index 2769a38..f3dbe48 100644
if (cfg->uart_flags & UPF_CONS_FLOW) {
diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
-index 8fbb6d2..822a9e6 100644
+index f87dbfd..42ad4b1 100644
--- a/drivers/tty/serial/serial_core.c
+++ b/drivers/tty/serial/serial_core.c
@@ -1454,7 +1454,7 @@ static void uart_hangup(struct tty_struct *tty)
@@ -44501,10 +45916,10 @@ index 8fbb6d2..822a9e6 100644
goto end;
}
diff --git a/drivers/tty/synclink.c b/drivers/tty/synclink.c
-index 8983276..72a4090 100644
+index 8eaf1ab..85c030d 100644
--- a/drivers/tty/synclink.c
+++ b/drivers/tty/synclink.c
-@@ -3093,7 +3093,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp)
+@@ -3090,7 +3090,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp)
if (debug_level >= DEBUG_LEVEL_INFO)
printk("%s(%d):mgsl_close(%s) entry, count=%d\n",
@@ -44513,7 +45928,7 @@ index 8983276..72a4090 100644
if (tty_port_close_start(&info->port, tty, filp) == 0)
goto cleanup;
-@@ -3111,7 +3111,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp)
+@@ -3108,7 +3108,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp)
cleanup:
if (debug_level >= DEBUG_LEVEL_INFO)
printk("%s(%d):mgsl_close(%s) exit, count=%d\n", __FILE__,__LINE__,
@@ -44522,7 +45937,7 @@ index 8983276..72a4090 100644
} /* end of mgsl_close() */
-@@ -3210,8 +3210,8 @@ static void mgsl_hangup(struct tty_struct *tty)
+@@ -3207,8 +3207,8 @@ static void mgsl_hangup(struct tty_struct *tty)
mgsl_flush_buffer(tty);
shutdown(info);
@@ -44533,7 +45948,7 @@ index 8983276..72a4090 100644
info->port.flags &= ~ASYNC_NORMAL_ACTIVE;
info->port.tty = NULL;
-@@ -3300,12 +3300,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp,
+@@ -3297,12 +3297,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp,
if (debug_level >= DEBUG_LEVEL_INFO)
printk("%s(%d):block_til_ready before block on %s count=%d\n",
@@ -44548,7 +45963,7 @@ index 8983276..72a4090 100644
}
spin_unlock_irqrestore(&info->irq_spinlock, flags);
port->blocked_open++;
-@@ -3334,7 +3334,7 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp,
+@@ -3331,7 +3331,7 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp,
if (debug_level >= DEBUG_LEVEL_INFO)
printk("%s(%d):block_til_ready blocking on %s count=%d\n",
@@ -44557,7 +45972,7 @@ index 8983276..72a4090 100644
tty_unlock(tty);
schedule();
-@@ -3346,12 +3346,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp,
+@@ -3343,12 +3343,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp,
/* FIXME: Racy on hangup during close wait */
if (extra_count)
@@ -44572,7 +45987,7 @@ index 8983276..72a4090 100644
if (!retval)
port->flags |= ASYNC_NORMAL_ACTIVE;
-@@ -3403,7 +3403,7 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp)
+@@ -3400,7 +3400,7 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp)
if (debug_level >= DEBUG_LEVEL_INFO)
printk("%s(%d):mgsl_open(%s), old ref count = %d\n",
@@ -44581,7 +45996,7 @@ index 8983276..72a4090 100644
/* If port is closing, signal caller to try again */
if (tty_hung_up_p(filp) || info->port.flags & ASYNC_CLOSING){
-@@ -3422,10 +3422,10 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp)
+@@ -3419,10 +3419,10 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp)
spin_unlock_irqrestore(&info->netlock, flags);
goto cleanup;
}
@@ -44594,7 +46009,7 @@ index 8983276..72a4090 100644
/* 1st open on this device, init hardware */
retval = startup(info);
if (retval < 0)
-@@ -3449,8 +3449,8 @@ cleanup:
+@@ -3446,8 +3446,8 @@ cleanup:
if (retval) {
if (tty->count == 1)
info->port.tty = NULL; /* tty layer will release tty struct */
@@ -44605,7 +46020,7 @@ index 8983276..72a4090 100644
}
return retval;
-@@ -7668,7 +7668,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
+@@ -7665,7 +7665,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding,
unsigned short new_crctype;
/* return error if TTY interface open */
@@ -44614,7 +46029,7 @@ index 8983276..72a4090 100644
return -EBUSY;
switch (encoding)
-@@ -7763,7 +7763,7 @@ static int hdlcdev_open(struct net_device *dev)
+@@ -7760,7 +7760,7 @@ static int hdlcdev_open(struct net_device *dev)
/* arbitrate between network and tty opens */
spin_lock_irqsave(&info->netlock, flags);
@@ -44623,7 +46038,7 @@ index 8983276..72a4090 100644
printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name);
spin_unlock_irqrestore(&info->netlock, flags);
return -EBUSY;
-@@ -7849,7 +7849,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
+@@ -7846,7 +7846,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name);
/* return error if TTY interface open */
@@ -44633,7 +46048,7 @@ index 8983276..72a4090 100644
if (cmd != SIOCWANDEV)
diff --git a/drivers/tty/synclink_gt.c b/drivers/tty/synclink_gt.c
-index aa9eece..d8baaec 100644
+index 1abf946..1ee34fc 100644
--- a/drivers/tty/synclink_gt.c
+++ b/drivers/tty/synclink_gt.c
@@ -670,7 +670,7 @@ static int open(struct tty_struct *tty, struct file *filp)
@@ -44751,7 +46166,7 @@ index aa9eece..d8baaec 100644
if (!retval)
diff --git a/drivers/tty/synclinkmp.c b/drivers/tty/synclinkmp.c
-index 6d5780c..aa4d8cd 100644
+index ff17138..e38b41e 100644
--- a/drivers/tty/synclinkmp.c
+++ b/drivers/tty/synclinkmp.c
@@ -750,7 +750,7 @@ static int open(struct tty_struct *tty, struct file *filp)
@@ -44890,10 +46305,10 @@ index 6d5780c..aa4d8cd 100644
if (!retval)
port->flags |= ASYNC_NORMAL_ACTIVE;
diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c
-index 3687f0c..6b9b808 100644
+index b51c154..17d55d1 100644
--- a/drivers/tty/sysrq.c
+++ b/drivers/tty/sysrq.c
-@@ -995,7 +995,7 @@ EXPORT_SYMBOL(unregister_sysrq_key);
+@@ -1022,7 +1022,7 @@ EXPORT_SYMBOL(unregister_sysrq_key);
static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf,
size_t count, loff_t *ppos)
{
@@ -44903,10 +46318,10 @@ index 3687f0c..6b9b808 100644
if (get_user(c, buf))
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
-index a9cd0b9..47b9336 100644
+index 4476682..d77e748 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
-@@ -3398,7 +3398,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
+@@ -3466,7 +3466,7 @@ EXPORT_SYMBOL_GPL(get_current_tty);
void tty_default_fops(struct file_operations *fops)
{
@@ -44916,19 +46331,10 @@ index a9cd0b9..47b9336 100644
/*
diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c
-index d794087..e4f49e5 100644
+index 1afe192..73d2c20 100644
--- a/drivers/tty/tty_ldisc.c
+++ b/drivers/tty/tty_ldisc.c
-@@ -56,7 +56,7 @@ static void put_ldisc(struct tty_ldisc *ld)
- if (atomic_dec_and_test(&ld->users)) {
- struct tty_ldisc_ops *ldo = ld->ops;
-
-- ldo->refcount--;
-+ atomic_dec(&ldo->refcount);
- module_put(ldo->owner);
- raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags);
-
-@@ -93,7 +93,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc)
+@@ -66,7 +66,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc)
raw_spin_lock_irqsave(&tty_ldisc_lock, flags);
tty_ldiscs[disc] = new_ldisc;
new_ldisc->num = disc;
@@ -44937,7 +46343,7 @@ index d794087..e4f49e5 100644
raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags);
return ret;
-@@ -121,7 +121,7 @@ int tty_unregister_ldisc(int disc)
+@@ -94,7 +94,7 @@ int tty_unregister_ldisc(int disc)
return -EINVAL;
raw_spin_lock_irqsave(&tty_ldisc_lock, flags);
@@ -44946,7 +46352,7 @@ index d794087..e4f49e5 100644
ret = -EBUSY;
else
tty_ldiscs[disc] = NULL;
-@@ -142,7 +142,7 @@ static struct tty_ldisc_ops *get_ldops(int disc)
+@@ -115,7 +115,7 @@ static struct tty_ldisc_ops *get_ldops(int disc)
if (ldops) {
ret = ERR_PTR(-EAGAIN);
if (try_module_get(ldops->owner)) {
@@ -44955,7 +46361,7 @@ index d794087..e4f49e5 100644
ret = ldops;
}
}
-@@ -155,7 +155,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops)
+@@ -128,7 +128,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops)
unsigned long flags;
raw_spin_lock_irqsave(&tty_ldisc_lock, flags);
@@ -44964,20 +46370,29 @@ index d794087..e4f49e5 100644
module_put(ldops->owner);
raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags);
}
+@@ -196,7 +196,7 @@ static inline void tty_ldisc_put(struct tty_ldisc *ld)
+ /* unreleased reader reference(s) will cause this WARN */
+ WARN_ON(!atomic_dec_and_test(&ld->users));
+
+- ld->ops->refcount--;
++ atomic_dec(&ld->ops->refcount);
+ module_put(ld->ops->owner);
+ kfree(ld);
+ raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags);
diff --git a/drivers/tty/tty_port.c b/drivers/tty/tty_port.c
-index b7ff59d..7c6105e 100644
+index f597e88..b7f68ed 100644
--- a/drivers/tty/tty_port.c
+++ b/drivers/tty/tty_port.c
-@@ -218,7 +218,7 @@ void tty_port_hangup(struct tty_port *port)
+@@ -232,7 +232,7 @@ void tty_port_hangup(struct tty_port *port)
unsigned long flags;
spin_lock_irqsave(&port->lock, flags);
- port->count = 0;
+ atomic_set(&port->count, 0);
port->flags &= ~ASYNC_NORMAL_ACTIVE;
- if (port->tty) {
- set_bit(TTY_IO_ERROR, &port->tty->flags);
-@@ -344,7 +344,7 @@ int tty_port_block_til_ready(struct tty_port *port,
+ tty = port->tty;
+ if (tty)
+@@ -390,7 +390,7 @@ int tty_port_block_til_ready(struct tty_port *port,
/* The port lock protects the port counts */
spin_lock_irqsave(&port->lock, flags);
if (!tty_hung_up_p(filp))
@@ -44986,7 +46401,7 @@ index b7ff59d..7c6105e 100644
port->blocked_open++;
spin_unlock_irqrestore(&port->lock, flags);
-@@ -386,7 +386,7 @@ int tty_port_block_til_ready(struct tty_port *port,
+@@ -432,7 +432,7 @@ int tty_port_block_til_ready(struct tty_port *port,
we must not mess that up further */
spin_lock_irqsave(&port->lock, flags);
if (!tty_hung_up_p(filp))
@@ -44995,7 +46410,7 @@ index b7ff59d..7c6105e 100644
port->blocked_open--;
if (retval == 0)
port->flags |= ASYNC_NORMAL_ACTIVE;
-@@ -406,19 +406,19 @@ int tty_port_close_start(struct tty_port *port,
+@@ -466,19 +466,19 @@ int tty_port_close_start(struct tty_port *port,
return 0;
}
@@ -45022,7 +46437,7 @@ index b7ff59d..7c6105e 100644
spin_unlock_irqrestore(&port->lock, flags);
if (port->ops->drop)
port->ops->drop(port);
-@@ -516,7 +516,7 @@ int tty_port_open(struct tty_port *port, struct tty_struct *tty,
+@@ -564,7 +564,7 @@ int tty_port_open(struct tty_port *port, struct tty_struct *tty,
{
spin_lock_irq(&port->lock);
if (!tty_hung_up_p(filp))
@@ -45201,7 +46616,7 @@ index 8a7eb77..c00402f 100644
pos += tmp;
diff --git a/drivers/usb/atm/usbatm.c b/drivers/usb/atm/usbatm.c
-index 35f10bf..6a38a0b 100644
+index d3527dd..26effa2 100644
--- a/drivers/usb/atm/usbatm.c
+++ b/drivers/usb/atm/usbatm.c
@@ -333,7 +333,7 @@ static void usbatm_extract_one_cell(struct usbatm_data *instance, unsigned char
@@ -45315,7 +46730,7 @@ index 2a3bbdf..91d72cf 100644
file->f_version = event_count;
return POLLIN | POLLRDNORM;
diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
-index f9ec44c..eb5779f 100644
+index d53547d..6a22d02 100644
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -1526,7 +1526,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags)
@@ -45350,7 +46765,7 @@ index 444d30e..f15c850 100644
__u16 size, int timeout)
{
diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c
-index 3f81a3d..a3aa993 100644
+index aa38db4..0a08682 100644
--- a/drivers/usb/core/sysfs.c
+++ b/drivers/usb/core/sysfs.c
@@ -239,7 +239,7 @@ show_urbnum(struct device *dev, struct device_attribute *attr, char *buf)
@@ -45363,10 +46778,10 @@ index 3f81a3d..a3aa993 100644
static DEVICE_ATTR(urbnum, S_IRUGO, show_urbnum, NULL);
diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c
-index f81b925..78d22ec 100644
+index b10da72..43aa0b2 100644
--- a/drivers/usb/core/usb.c
+++ b/drivers/usb/core/usb.c
-@@ -388,7 +388,7 @@ struct usb_device *usb_alloc_dev(struct usb_device *parent,
+@@ -389,7 +389,7 @@ struct usb_device *usb_alloc_dev(struct usb_device *parent,
set_dev_node(&dev->dev, dev_to_node(bus->controller));
dev->state = USB_STATE_ATTACHED;
dev->lpm_disable_count = 1;
@@ -45532,132 +46947,6 @@ index 5f3bcd3..bfca43f 100644
usb_autopm_put_interface(serial->interface);
error_get_interface:
usb_serial_put(serial);
-diff --git a/drivers/usb/serial/cp210x.c b/drivers/usb/serial/cp210x.c
-index 4747d1c..3850e92 100644
---- a/drivers/usb/serial/cp210x.c
-+++ b/drivers/usb/serial/cp210x.c
-@@ -53,6 +53,7 @@ static const struct usb_device_id id_table[] = {
- { USB_DEVICE(0x0489, 0xE000) }, /* Pirelli Broadband S.p.A, DP-L10 SIP/GSM Mobile */
- { USB_DEVICE(0x0489, 0xE003) }, /* Pirelli Broadband S.p.A, DP-L10 SIP/GSM Mobile */
- { USB_DEVICE(0x0745, 0x1000) }, /* CipherLab USB CCD Barcode Scanner 1000 */
-+ { USB_DEVICE(0x0846, 0x1100) }, /* NetGear Managed Switch M4100 series, M5300 series, M7100 series */
- { USB_DEVICE(0x08e6, 0x5501) }, /* Gemalto Prox-PU/CU contactless smartcard reader */
- { USB_DEVICE(0x08FD, 0x000A) }, /* Digianswer A/S , ZigBee/802.15.4 MAC Device */
- { USB_DEVICE(0x0BED, 0x1100) }, /* MEI (TM) Cashflow-SC Bill/Voucher Acceptor */
-@@ -118,6 +119,8 @@ static const struct usb_device_id id_table[] = {
- { USB_DEVICE(0x10C4, 0x85F8) }, /* Virtenio Preon32 */
- { USB_DEVICE(0x10C4, 0x8664) }, /* AC-Services CAN-IF */
- { USB_DEVICE(0x10C4, 0x8665) }, /* AC-Services OBD-IF */
-+ { USB_DEVICE(0x10C4, 0x88A4) }, /* MMB Networks ZigBee USB Device */
-+ { USB_DEVICE(0x10C4, 0x88A5) }, /* Planet Innovation Ingeni ZigBee USB Device */
- { USB_DEVICE(0x10C4, 0xEA60) }, /* Silicon Labs factory default */
- { USB_DEVICE(0x10C4, 0xEA61) }, /* Silicon Labs factory default */
- { USB_DEVICE(0x10C4, 0xEA70) }, /* Silicon Labs factory default */
-@@ -148,6 +151,7 @@ static const struct usb_device_id id_table[] = {
- { USB_DEVICE(0x17F4, 0xAAAA) }, /* Wavesense Jazz blood glucose meter */
- { USB_DEVICE(0x1843, 0x0200) }, /* Vaisala USB Instrument Cable */
- { USB_DEVICE(0x18EF, 0xE00F) }, /* ELV USB-I2C-Interface */
-+ { USB_DEVICE(0x1ADB, 0x0001) }, /* Schweitzer Engineering C662 Cable */
- { USB_DEVICE(0x1BE3, 0x07A6) }, /* WAGO 750-923 USB Service Cable */
- { USB_DEVICE(0x1E29, 0x0102) }, /* Festo CPX-USB */
- { USB_DEVICE(0x1E29, 0x0501) }, /* Festo CMSP */
-diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c
-index 9162db2..b7cabbf 100644
---- a/drivers/usb/serial/option.c
-+++ b/drivers/usb/serial/option.c
-@@ -343,17 +343,12 @@ static void option_instat_callback(struct urb *urb);
- #define OLIVETTI_VENDOR_ID 0x0b3c
- #define OLIVETTI_PRODUCT_OLICARD100 0xc000
- #define OLIVETTI_PRODUCT_OLICARD145 0xc003
-+#define OLIVETTI_PRODUCT_OLICARD200 0xc005
-
- /* Celot products */
- #define CELOT_VENDOR_ID 0x211f
- #define CELOT_PRODUCT_CT680M 0x6801
-
--/* ONDA Communication vendor id */
--#define ONDA_VENDOR_ID 0x1ee8
--
--/* ONDA MT825UP HSDPA 14.2 modem */
--#define ONDA_MT825UP 0x000b
--
- /* Samsung products */
- #define SAMSUNG_VENDOR_ID 0x04e8
- #define SAMSUNG_PRODUCT_GT_B3730 0x6889
-@@ -446,7 +441,8 @@ static void option_instat_callback(struct urb *urb);
-
- /* Hyundai Petatel Inc. products */
- #define PETATEL_VENDOR_ID 0x1ff4
--#define PETATEL_PRODUCT_NP10T 0x600e
-+#define PETATEL_PRODUCT_NP10T_600A 0x600a
-+#define PETATEL_PRODUCT_NP10T_600E 0x600e
-
- /* TP-LINK Incorporated products */
- #define TPLINK_VENDOR_ID 0x2357
-@@ -786,6 +782,7 @@ static const struct usb_device_id option_ids[] = {
- { USB_DEVICE(KYOCERA_VENDOR_ID, KYOCERA_PRODUCT_KPC650) },
- { USB_DEVICE(KYOCERA_VENDOR_ID, KYOCERA_PRODUCT_KPC680) },
- { USB_DEVICE(QUALCOMM_VENDOR_ID, 0x6613)}, /* Onda H600/ZTE MF330 */
-+ { USB_DEVICE(QUALCOMM_VENDOR_ID, 0x0023)}, /* ONYX 3G device */
- { USB_DEVICE(QUALCOMM_VENDOR_ID, 0x9000)}, /* SIMCom SIM5218 */
- { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6280) }, /* BP3-USB & BP3-EXT HSDPA */
- { USB_DEVICE(CMOTECH_VENDOR_ID, CMOTECH_PRODUCT_6008) },
-@@ -821,7 +818,8 @@ static const struct usb_device_id option_ids[] = {
- { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0017, 0xff, 0xff, 0xff),
- .driver_info = (kernel_ulong_t)&net_intf3_blacklist },
- { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0018, 0xff, 0xff, 0xff) },
-- { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0019, 0xff, 0xff, 0xff) },
-+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0019, 0xff, 0xff, 0xff),
-+ .driver_info = (kernel_ulong_t)&net_intf3_blacklist },
- { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0020, 0xff, 0xff, 0xff) },
- { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0021, 0xff, 0xff, 0xff),
- .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
-@@ -1260,8 +1258,8 @@ static const struct usb_device_id option_ids[] = {
-
- { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD100) },
- { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD145) },
-+ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD200) },
- { USB_DEVICE(CELOT_VENDOR_ID, CELOT_PRODUCT_CT680M) }, /* CT-650 CDMA 450 1xEVDO modem */
-- { USB_DEVICE(ONDA_VENDOR_ID, ONDA_MT825UP) }, /* ONDA MT825UP modem */
- { USB_DEVICE_AND_INTERFACE_INFO(SAMSUNG_VENDOR_ID, SAMSUNG_PRODUCT_GT_B3730, USB_CLASS_CDC_DATA, 0x00, 0x00) }, /* Samsung GT-B3730 LTE USB modem.*/
- { USB_DEVICE(YUGA_VENDOR_ID, YUGA_PRODUCT_CEM600) },
- { USB_DEVICE(YUGA_VENDOR_ID, YUGA_PRODUCT_CEM610) },
-@@ -1333,9 +1331,12 @@ static const struct usb_device_id option_ids[] = {
- { USB_DEVICE_AND_INTERFACE_INFO(MEDIATEK_VENDOR_ID, MEDIATEK_PRODUCT_DC_4COM2, 0xff, 0x02, 0x01) },
- { USB_DEVICE_AND_INTERFACE_INFO(MEDIATEK_VENDOR_ID, MEDIATEK_PRODUCT_DC_4COM2, 0xff, 0x00, 0x00) },
- { USB_DEVICE(CELLIENT_VENDOR_ID, CELLIENT_PRODUCT_MEN200) },
-- { USB_DEVICE(PETATEL_VENDOR_ID, PETATEL_PRODUCT_NP10T) },
-+ { USB_DEVICE(PETATEL_VENDOR_ID, PETATEL_PRODUCT_NP10T_600A) },
-+ { USB_DEVICE(PETATEL_VENDOR_ID, PETATEL_PRODUCT_NP10T_600E) },
- { USB_DEVICE(TPLINK_VENDOR_ID, TPLINK_PRODUCT_MA180),
- .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
-+ { USB_DEVICE(TPLINK_VENDOR_ID, 0x9000), /* TP-Link MA260 */
-+ .driver_info = (kernel_ulong_t)&net_intf4_blacklist },
- { USB_DEVICE(CHANGHONG_VENDOR_ID, CHANGHONG_PRODUCT_CH690) },
- { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d01, 0xff, 0x02, 0x01) }, /* D-Link DWM-156 (variant) */
- { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d01, 0xff, 0x00, 0x00) }, /* D-Link DWM-156 (variant) */
-@@ -1343,6 +1344,8 @@ static const struct usb_device_id option_ids[] = {
- { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d02, 0xff, 0x00, 0x00) },
- { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d03, 0xff, 0x02, 0x01) },
- { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d03, 0xff, 0x00, 0x00) },
-+ { USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e01, 0xff, 0xff, 0xff) }, /* D-Link DWM-152/C1 */
-+ { USB_DEVICE_AND_INTERFACE_INFO(0x07d1, 0x3e02, 0xff, 0xff, 0xff) }, /* D-Link DWM-156/C1 */
- { } /* Terminating entry */
- };
- MODULE_DEVICE_TABLE(usb, option_ids);
-diff --git a/drivers/usb/storage/realtek_cr.c b/drivers/usb/storage/realtek_cr.c
-index 6c3586a..a94e621 100644
---- a/drivers/usb/storage/realtek_cr.c
-+++ b/drivers/usb/storage/realtek_cr.c
-@@ -429,7 +429,7 @@ static int rts51x_read_status(struct us_data *us,
-
- buf = kmalloc(len, GFP_NOIO);
- if (buf == NULL)
-- return USB_STOR_TRANSPORT_ERROR;
-+ return -ENOMEM;
-
- US_DEBUGP("%s, lun = %d\n", __func__, lun);
-
diff --git a/drivers/usb/storage/usb.h b/drivers/usb/storage/usb.h
index 75f70f0..d467e1a 100644
--- a/drivers/usb/storage/usb.h
@@ -45706,55 +46995,18 @@ index 6ef94bc..1b41265 100644
}
/*
-diff --git a/drivers/vhost/net.c b/drivers/vhost/net.c
-index dfff647..3a19054 100644
---- a/drivers/vhost/net.c
-+++ b/drivers/vhost/net.c
-@@ -857,7 +857,7 @@ static long vhost_net_set_backend(struct vhost_net *n, unsigned index, int fd)
- mutex_unlock(&vq->mutex);
-
- if (oldubufs) {
-- vhost_ubuf_put_and_wait(oldubufs);
-+ vhost_ubuf_put_and_wait_and_free(oldubufs);
- mutex_lock(&vq->mutex);
- vhost_zerocopy_signal_used(n, vq);
- mutex_unlock(&vq->mutex);
-@@ -875,7 +875,7 @@ err_used:
- rcu_assign_pointer(vq->private_data, oldsock);
- vhost_net_enable_vq(n, vq);
- if (ubufs)
-- vhost_ubuf_put_and_wait(ubufs);
-+ vhost_ubuf_put_and_wait_and_free(ubufs);
- err_ubufs:
- fput(sock->file);
- err_vq:
-diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c
-index 9759249..2e2524c 100644
---- a/drivers/vhost/vhost.c
-+++ b/drivers/vhost/vhost.c
-@@ -1581,5 +1581,11 @@ void vhost_ubuf_put_and_wait(struct vhost_ubuf_ref *ubufs)
- {
- kref_put(&ubufs->kref, vhost_zerocopy_done_signal);
- wait_event(ubufs->wait, !atomic_read(&ubufs->kref.refcount));
-+}
-+
-+void vhost_ubuf_put_and_wait_and_free(struct vhost_ubuf_ref *ubufs)
-+{
-+ vhost_ubuf_put_and_wait(ubufs);
- kfree(ubufs);
- }
-+
-diff --git a/drivers/vhost/vhost.h b/drivers/vhost/vhost.h
-index 17261e2..70cbe6f 100644
---- a/drivers/vhost/vhost.h
-+++ b/drivers/vhost/vhost.h
-@@ -63,6 +63,7 @@ struct vhost_ubuf_ref {
- struct vhost_ubuf_ref *vhost_ubuf_alloc(struct vhost_virtqueue *, bool zcopy);
- void vhost_ubuf_put(struct vhost_ubuf_ref *);
- void vhost_ubuf_put_and_wait(struct vhost_ubuf_ref *);
-+void vhost_ubuf_put_and_wait_and_free(struct vhost_ubuf_ref *);
-
- struct ubuf_info;
+diff --git a/drivers/vhost/vringh.c b/drivers/vhost/vringh.c
+index 5174eba..86e764a 100644
+--- a/drivers/vhost/vringh.c
++++ b/drivers/vhost/vringh.c
+@@ -800,7 +800,7 @@ static inline int getu16_kern(u16 *val, const u16 *p)
+
+ static inline int putu16_kern(u16 *p, u16 val)
+ {
+- ACCESS_ONCE(*p) = val;
++ ACCESS_ONCE_RW(*p) = val;
+ return 0;
+ }
diff --git a/drivers/video/aty/aty128fb.c b/drivers/video/aty/aty128fb.c
index 8c55011..eed4ae1a 100644
@@ -45813,8 +47065,21 @@ index 95ec042..e6affdd 100644
return 0;
}
+diff --git a/drivers/video/backlight/backlight.c b/drivers/video/backlight/backlight.c
+index c74e7aa..e3c2790 100644
+--- a/drivers/video/backlight/backlight.c
++++ b/drivers/video/backlight/backlight.c
+@@ -304,7 +304,7 @@ struct backlight_device *backlight_device_register(const char *name,
+ new_bd->dev.class = backlight_class;
+ new_bd->dev.parent = parent;
+ new_bd->dev.release = bl_device_release;
+- dev_set_name(&new_bd->dev, name);
++ dev_set_name(&new_bd->dev, "%s", name);
+ dev_set_drvdata(&new_bd->dev, devdata);
+
+ /* Set default properties */
diff --git a/drivers/video/backlight/kb3886_bl.c b/drivers/video/backlight/kb3886_bl.c
-index 6c5ed6b..b727c88 100644
+index bca6ccc..252107e 100644
--- a/drivers/video/backlight/kb3886_bl.c
+++ b/drivers/video/backlight/kb3886_bl.c
@@ -78,7 +78,7 @@ static struct kb3886bl_machinfo *bl_machinfo;
@@ -45826,6 +47091,19 @@ index 6c5ed6b..b727c88 100644
{
.ident = "Sahara Touch-iT",
.matches = {
+diff --git a/drivers/video/backlight/lcd.c b/drivers/video/backlight/lcd.c
+index 34fb6bd..3649fd9 100644
+--- a/drivers/video/backlight/lcd.c
++++ b/drivers/video/backlight/lcd.c
+@@ -219,7 +219,7 @@ struct lcd_device *lcd_device_register(const char *name, struct device *parent,
+ new_ld->dev.class = lcd_class;
+ new_ld->dev.parent = parent;
+ new_ld->dev.release = lcd_device_release;
+- dev_set_name(&new_ld->dev, name);
++ dev_set_name(&new_ld->dev, "%s", name);
+ dev_set_drvdata(&new_ld->dev, devdata);
+
+ rc = device_register(&new_ld->dev);
diff --git a/drivers/video/fb_defio.c b/drivers/video/fb_defio.c
index 900aa4e..6d49418 100644
--- a/drivers/video/fb_defio.c
@@ -45865,7 +47143,7 @@ index 5c3960d..15cf8fc 100644
goto out1;
}
diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c
-index 86291dc..7cc5962 100644
+index 098bfc6..796841d 100644
--- a/drivers/video/fbmem.c
+++ b/drivers/video/fbmem.c
@@ -428,7 +428,7 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image,
@@ -48729,7 +50007,7 @@ index 0d6f2cd..6285b97 100644
ret_code = device_register(&new_dev->dev);
if (ret_code) {
diff --git a/drivers/video/s1d13xxxfb.c b/drivers/video/s1d13xxxfb.c
-index 76d9053..dec2bfd 100644
+index 05c2dc3..ea1f391 100644
--- a/drivers/video/s1d13xxxfb.c
+++ b/drivers/video/s1d13xxxfb.c
@@ -881,8 +881,10 @@ static int s1d13xxxfb_probe(struct platform_device *pdev)
@@ -48746,10 +50024,10 @@ index 76d9053..dec2bfd 100644
FBINFO_HWACCEL_FILLRECT | FBINFO_HWACCEL_COPYAREA;
break;
diff --git a/drivers/video/smscufx.c b/drivers/video/smscufx.c
-index 97bd662..39fab85 100644
+index b2b33fc..f9f4658 100644
--- a/drivers/video/smscufx.c
+++ b/drivers/video/smscufx.c
-@@ -1171,7 +1171,9 @@ static int ufx_ops_release(struct fb_info *info, int user)
+@@ -1175,7 +1175,9 @@ static int ufx_ops_release(struct fb_info *info, int user)
fb_deferred_io_cleanup(info);
kfree(info->fbdefio);
info->fbdefio = NULL;
@@ -48761,10 +50039,10 @@ index 97bd662..39fab85 100644
pr_debug("released /dev/fb%d user=%d count=%d",
diff --git a/drivers/video/udlfb.c b/drivers/video/udlfb.c
-index 86d449e..8e04dc5 100644
+index ec03e72..f578436 100644
--- a/drivers/video/udlfb.c
+++ b/drivers/video/udlfb.c
-@@ -619,11 +619,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int x, int y,
+@@ -623,11 +623,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int x, int y,
dlfb_urb_completion(urb);
error:
@@ -48780,7 +50058,7 @@ index 86d449e..8e04dc5 100644
>> 10)), /* Kcycles */
&dev->cpu_kcycles_used);
-@@ -744,11 +744,11 @@ static void dlfb_dpy_deferred_io(struct fb_info *info,
+@@ -748,11 +748,11 @@ static void dlfb_dpy_deferred_io(struct fb_info *info,
dlfb_urb_completion(urb);
error:
@@ -48796,7 +50074,7 @@ index 86d449e..8e04dc5 100644
>> 10)), /* Kcycles */
&dev->cpu_kcycles_used);
}
-@@ -989,7 +989,9 @@ static int dlfb_ops_release(struct fb_info *info, int user)
+@@ -993,7 +993,9 @@ static int dlfb_ops_release(struct fb_info *info, int user)
fb_deferred_io_cleanup(info);
kfree(info->fbdefio);
info->fbdefio = NULL;
@@ -48807,7 +50085,7 @@ index 86d449e..8e04dc5 100644
}
pr_warn("released /dev/fb%d user=%d count=%d\n",
-@@ -1372,7 +1374,7 @@ static ssize_t metrics_bytes_rendered_show(struct device *fbdev,
+@@ -1376,7 +1378,7 @@ static ssize_t metrics_bytes_rendered_show(struct device *fbdev,
struct fb_info *fb_info = dev_get_drvdata(fbdev);
struct dlfb_data *dev = fb_info->par;
return snprintf(buf, PAGE_SIZE, "%u\n",
@@ -48816,7 +50094,7 @@ index 86d449e..8e04dc5 100644
}
static ssize_t metrics_bytes_identical_show(struct device *fbdev,
-@@ -1380,7 +1382,7 @@ static ssize_t metrics_bytes_identical_show(struct device *fbdev,
+@@ -1384,7 +1386,7 @@ static ssize_t metrics_bytes_identical_show(struct device *fbdev,
struct fb_info *fb_info = dev_get_drvdata(fbdev);
struct dlfb_data *dev = fb_info->par;
return snprintf(buf, PAGE_SIZE, "%u\n",
@@ -48825,7 +50103,7 @@ index 86d449e..8e04dc5 100644
}
static ssize_t metrics_bytes_sent_show(struct device *fbdev,
-@@ -1388,7 +1390,7 @@ static ssize_t metrics_bytes_sent_show(struct device *fbdev,
+@@ -1392,7 +1394,7 @@ static ssize_t metrics_bytes_sent_show(struct device *fbdev,
struct fb_info *fb_info = dev_get_drvdata(fbdev);
struct dlfb_data *dev = fb_info->par;
return snprintf(buf, PAGE_SIZE, "%u\n",
@@ -48834,7 +50112,7 @@ index 86d449e..8e04dc5 100644
}
static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev,
-@@ -1396,7 +1398,7 @@ static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev,
+@@ -1400,7 +1402,7 @@ static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev,
struct fb_info *fb_info = dev_get_drvdata(fbdev);
struct dlfb_data *dev = fb_info->par;
return snprintf(buf, PAGE_SIZE, "%u\n",
@@ -48843,7 +50121,7 @@ index 86d449e..8e04dc5 100644
}
static ssize_t edid_show(
-@@ -1456,10 +1458,10 @@ static ssize_t metrics_reset_store(struct device *fbdev,
+@@ -1460,10 +1462,10 @@ static ssize_t metrics_reset_store(struct device *fbdev,
struct fb_info *fb_info = dev_get_drvdata(fbdev);
struct dlfb_data *dev = fb_info->par;
@@ -48859,7 +50137,7 @@ index 86d449e..8e04dc5 100644
return count;
}
diff --git a/drivers/video/uvesafb.c b/drivers/video/uvesafb.c
-index d428445..79a78df 100644
+index e328a61..1b08ecb 100644
--- a/drivers/video/uvesafb.c
+++ b/drivers/video/uvesafb.c
@@ -19,6 +19,7 @@
@@ -49124,10 +50402,10 @@ index fef20db..d28b1ab 100644
return -ENOMEM;
return 0;
diff --git a/fs/9p/vfs_addr.c b/fs/9p/vfs_addr.c
-index 0ad61c6..f198bd7 100644
+index 055562c..fdfb10d 100644
--- a/fs/9p/vfs_addr.c
+++ b/fs/9p/vfs_addr.c
-@@ -185,7 +185,7 @@ static int v9fs_vfs_writepage_locked(struct page *page)
+@@ -186,7 +186,7 @@ static int v9fs_vfs_writepage_locked(struct page *page)
retval = v9fs_file_write_internal(inode,
v9inode->writeback_fid,
@@ -49150,10 +50428,10 @@ index d86edc8..40ff2fb 100644
p9_debug(P9_DEBUG_VFS, " %s %s\n",
dentry->d_name.name, IS_ERR(s) ? "<error>" : s);
diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt
-index 0efd152..b5802ad 100644
+index 370b24c..ff0be7b 100644
--- a/fs/Kconfig.binfmt
+++ b/fs/Kconfig.binfmt
-@@ -89,7 +89,7 @@ config HAVE_AOUT
+@@ -103,7 +103,7 @@ config HAVE_AOUT
config BINFMT_AOUT
tristate "Kernel support for a.out and ECOFF binaries"
@@ -49163,10 +50441,10 @@ index 0efd152..b5802ad 100644
A.out (Assembler.OUTput) is a set of formats for libraries and
executables used in the earliest versions of UNIX. Linux used
diff --git a/fs/aio.c b/fs/aio.c
-index 1dc8786..d3b29e8 100644
+index 2bbcacf..8614116 100644
--- a/fs/aio.c
+++ b/fs/aio.c
-@@ -111,7 +111,7 @@ static int aio_setup_ring(struct kioctx *ctx)
+@@ -160,7 +160,7 @@ static int aio_setup_ring(struct kioctx *ctx)
size += sizeof(struct io_event) * nr_events;
nr_pages = (size + PAGE_SIZE-1) >> PAGE_SHIFT;
@@ -49175,39 +50453,39 @@ index 1dc8786..d3b29e8 100644
return -EINVAL;
nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event);
-@@ -1375,18 +1375,19 @@ static ssize_t aio_fsync(struct kiocb *iocb)
- static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat)
+@@ -950,6 +950,7 @@ static ssize_t aio_rw_vect_retry(struct kiocb *iocb, int rw, aio_rw_op *rw_op)
+ static ssize_t aio_setup_vectored_rw(int rw, struct kiocb *kiocb, bool compat)
{
ssize_t ret;
+ struct iovec iovstack;
- #ifdef CONFIG_COMPAT
+ kiocb->ki_nr_segs = kiocb->ki_nbytes;
+
+@@ -957,17 +958,22 @@ static ssize_t aio_setup_vectored_rw(int rw, struct kiocb *kiocb, bool compat)
if (compat)
- ret = compat_rw_copy_check_uvector(type,
+ ret = compat_rw_copy_check_uvector(rw,
(struct compat_iovec __user *)kiocb->ki_buf,
-- kiocb->ki_nbytes, 1, &kiocb->ki_inline_vec,
-+ kiocb->ki_nbytes, 1, &iovstack,
+- kiocb->ki_nr_segs, 1, &kiocb->ki_inline_vec,
++ kiocb->ki_nr_segs, 1, &iovstack,
&kiocb->ki_iovec);
else
#endif
- ret = rw_copy_check_uvector(type,
+ ret = rw_copy_check_uvector(rw,
(struct iovec __user *)kiocb->ki_buf,
-- kiocb->ki_nbytes, 1, &kiocb->ki_inline_vec,
-+ kiocb->ki_nbytes, 1, &iovstack,
+- kiocb->ki_nr_segs, 1, &kiocb->ki_inline_vec,
++ kiocb->ki_nr_segs, 1, &iovstack,
&kiocb->ki_iovec);
if (ret < 0)
- goto out;
-@@ -1395,6 +1396,10 @@ static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat)
- if (ret < 0)
- goto out;
+ return ret;
+ if (kiocb->ki_iovec == &iovstack) {
+ kiocb->ki_inline_vec = iovstack;
+ kiocb->ki_iovec = &kiocb->ki_inline_vec;
+ }
- kiocb->ki_nr_segs = kiocb->ki_nbytes;
- kiocb->ki_cur_seg = 0;
- /* ki_nbytes/left now reflect bytes instead of segs */
++
+ /* ki_nbytes now reflect bytes instead of segs */
+ kiocb->ki_nbytes = ret;
+ return 0;
diff --git a/fs/attr.c b/fs/attr.c
index 1449adb..a2038c2 100644
--- a/fs/attr.c
@@ -49280,7 +50558,7 @@ index 2722387..c8dd2a7 100644
{
if (BEFS_SB(sb)->byte_order == BEFS_BYTESEX_LE)
diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c
-index 8615ee8..388ed68 100644
+index f95dddc..b1e2c1c 100644
--- a/fs/befs/linuxvfs.c
+++ b/fs/befs/linuxvfs.c
@@ -510,7 +510,7 @@ static void befs_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
@@ -49293,7 +50571,7 @@ index 8615ee8..388ed68 100644
kfree(link);
}
diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
-index bbc8f88..7c7ac97 100644
+index bce8769..7fc7544 100644
--- a/fs/binfmt_aout.c
+++ b/fs/binfmt_aout.c
@@ -16,6 +16,7 @@
@@ -49313,7 +50591,7 @@ index bbc8f88..7c7ac97 100644
fs = get_fs();
set_fs(KERNEL_DS);
has_dumped = 1;
-@@ -70,10 +73,12 @@ static int aout_core_dump(struct coredump_params *cprm)
+@@ -69,10 +72,12 @@ static int aout_core_dump(struct coredump_params *cprm)
/* If the size of the dump file exceeds the rlimit, then see what would happen
if we wrote the stack, but not the data area. */
@@ -49326,7 +50604,7 @@ index bbc8f88..7c7ac97 100644
if ((dump.u_ssize + 1) * PAGE_SIZE > cprm->limit)
dump.u_ssize = 0;
-@@ -234,6 +239,8 @@ static int load_aout_binary(struct linux_binprm * bprm)
+@@ -233,6 +238,8 @@ static int load_aout_binary(struct linux_binprm * bprm)
rlim = rlimit(RLIMIT_DATA);
if (rlim >= RLIM_INFINITY)
rlim = ~0;
@@ -49335,7 +50613,7 @@ index bbc8f88..7c7ac97 100644
if (ex.a_data + ex.a_bss > rlim)
return -ENOMEM;
-@@ -268,6 +275,27 @@ static int load_aout_binary(struct linux_binprm * bprm)
+@@ -267,6 +274,27 @@ static int load_aout_binary(struct linux_binprm * bprm)
install_exec_creds(bprm);
@@ -49363,7 +50641,7 @@ index bbc8f88..7c7ac97 100644
if (N_MAGIC(ex) == OMAGIC) {
unsigned long text_addr, map_size;
loff_t pos;
-@@ -333,7 +361,7 @@ static int load_aout_binary(struct linux_binprm * bprm)
+@@ -324,7 +352,7 @@ static int load_aout_binary(struct linux_binprm * bprm)
}
error = vm_mmap(bprm->file, N_DATADDR(ex), ex.a_data,
@@ -49373,7 +50651,7 @@ index bbc8f88..7c7ac97 100644
fd_offset + ex.a_text);
if (error != N_DATADDR(ex)) {
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 86af964..5d53bf6 100644
+index f8a0b0e..6f036ed 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -34,6 +34,7 @@
@@ -49384,7 +50662,7 @@ index 86af964..5d53bf6 100644
#include <asm/uaccess.h>
#include <asm/param.h>
#include <asm/page.h>
-@@ -60,6 +61,10 @@ static int elf_core_dump(struct coredump_params *cprm);
+@@ -60,6 +61,14 @@ static int elf_core_dump(struct coredump_params *cprm);
#define elf_core_dump NULL
#endif
@@ -49392,10 +50670,14 @@ index 86af964..5d53bf6 100644
+static void elf_handle_mprotect(struct vm_area_struct *vma, unsigned long newflags);
+#endif
+
++#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
++static void elf_handle_mmap(struct file *file);
++#endif
++
#if ELF_EXEC_PAGESIZE > PAGE_SIZE
#define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE
#else
-@@ -79,6 +84,11 @@ static struct linux_binfmt elf_format = {
+@@ -79,6 +88,15 @@ static struct linux_binfmt elf_format = {
.load_binary = load_elf_binary,
.load_shlib = load_elf_library,
.core_dump = elf_core_dump,
@@ -49404,10 +50686,14 @@ index 86af964..5d53bf6 100644
+ .handle_mprotect= elf_handle_mprotect,
+#endif
+
++#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
++ .handle_mmap = elf_handle_mmap,
++#endif
++
.min_coredump = ELF_EXEC_PAGESIZE,
};
-@@ -86,6 +96,8 @@ static struct linux_binfmt elf_format = {
+@@ -86,6 +104,8 @@ static struct linux_binfmt elf_format = {
static int set_brk(unsigned long start, unsigned long end)
{
@@ -49416,7 +50702,7 @@ index 86af964..5d53bf6 100644
start = ELF_PAGEALIGN(start);
end = ELF_PAGEALIGN(end);
if (end > start) {
-@@ -94,7 +106,7 @@ static int set_brk(unsigned long start, unsigned long end)
+@@ -94,7 +114,7 @@ static int set_brk(unsigned long start, unsigned long end)
if (BAD_ADDR(addr))
return addr;
}
@@ -49425,7 +50711,7 @@ index 86af964..5d53bf6 100644
return 0;
}
-@@ -155,12 +167,13 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
+@@ -155,12 +175,13 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
elf_addr_t __user *u_rand_bytes;
const char *k_platform = ELF_PLATFORM;
const char *k_base_platform = ELF_BASE_PLATFORM;
@@ -49440,22 +50726,22 @@ index 86af964..5d53bf6 100644
/*
* In some cases (e.g. Hyper-Threading), we want to avoid L1
-@@ -202,8 +215,12 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
+@@ -202,8 +223,12 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
* Generate 16 random bytes for userspace PRNG seeding.
*/
get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes));
- u_rand_bytes = (elf_addr_t __user *)
- STACK_ALLOC(p, sizeof(k_rand_bytes));
-+ srandom32(k_rand_bytes[0] ^ random32());
-+ srandom32(k_rand_bytes[1] ^ random32());
-+ srandom32(k_rand_bytes[2] ^ random32());
-+ srandom32(k_rand_bytes[3] ^ random32());
++ prandom_seed(k_rand_bytes[0] ^ prandom_u32());
++ prandom_seed(k_rand_bytes[1] ^ prandom_u32());
++ prandom_seed(k_rand_bytes[2] ^ prandom_u32());
++ prandom_seed(k_rand_bytes[3] ^ prandom_u32());
+ p = STACK_ROUND(p, sizeof(k_rand_bytes));
+ u_rand_bytes = (elf_addr_t __user *) p;
if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes)))
return -EFAULT;
-@@ -315,9 +332,11 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
+@@ -318,9 +343,11 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec,
return -EFAULT;
current->mm->env_end = p;
@@ -49468,7 +50754,7 @@ index 86af964..5d53bf6 100644
return -EFAULT;
return 0;
}
-@@ -385,15 +404,14 @@ static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
+@@ -388,15 +415,14 @@ static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr)
an ELF header */
static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
@@ -49487,7 +50773,7 @@ index 86af964..5d53bf6 100644
unsigned long total_size;
int retval, i, size;
-@@ -439,6 +457,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+@@ -442,6 +468,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
goto out_close;
}
@@ -49499,7 +50785,7 @@ index 86af964..5d53bf6 100644
eppnt = elf_phdata;
for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) {
if (eppnt->p_type == PT_LOAD) {
-@@ -462,8 +485,6 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+@@ -465,8 +496,6 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
map_addr = elf_map(interpreter, load_addr + vaddr,
eppnt, elf_prot, elf_type, total_size);
total_size = 0;
@@ -49508,7 +50794,7 @@ index 86af964..5d53bf6 100644
error = map_addr;
if (BAD_ADDR(map_addr))
goto out_close;
-@@ -482,8 +503,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
+@@ -485,8 +514,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex,
k = load_addr + eppnt->p_vaddr;
if (BAD_ADDR(k) ||
eppnt->p_filesz > eppnt->p_memsz ||
@@ -49519,7 +50805,7 @@ index 86af964..5d53bf6 100644
error = -ENOMEM;
goto out_close;
}
-@@ -535,6 +556,315 @@ out:
+@@ -538,6 +567,315 @@ out:
return error;
}
@@ -49835,7 +51121,7 @@ index 86af964..5d53bf6 100644
/*
* These are the functions used to load ELF style executables and shared
* libraries. There is no binary dependent code anywhere else.
-@@ -551,6 +881,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
+@@ -554,6 +892,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
{
unsigned int random_variable = 0;
@@ -49847,7 +51133,7 @@ index 86af964..5d53bf6 100644
if ((current->flags & PF_RANDOMIZE) &&
!(current->personality & ADDR_NO_RANDOMIZE)) {
random_variable = get_random_int() & STACK_RND_MASK;
-@@ -569,7 +904,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -572,7 +915,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
unsigned long load_addr = 0, load_bias = 0;
int load_addr_set = 0;
char * elf_interpreter = NULL;
@@ -49856,7 +51142,7 @@ index 86af964..5d53bf6 100644
struct elf_phdr *elf_ppnt, *elf_phdata;
unsigned long elf_bss, elf_brk;
int retval, i;
-@@ -579,12 +914,12 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -582,12 +925,12 @@ static int load_elf_binary(struct linux_binprm *bprm)
unsigned long start_code, end_code, start_data, end_data;
unsigned long reloc_func_desc __maybe_unused = 0;
int executable_stack = EXSTACK_DEFAULT;
@@ -49870,7 +51156,7 @@ index 86af964..5d53bf6 100644
loc = kmalloc(sizeof(*loc), GFP_KERNEL);
if (!loc) {
-@@ -720,11 +1055,81 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -723,11 +1066,81 @@ static int load_elf_binary(struct linux_binprm *bprm)
goto out_free_dentry;
/* OK, This is the point of no return */
@@ -49953,7 +51239,7 @@ index 86af964..5d53bf6 100644
if (elf_read_implies_exec(loc->elf_ex, executable_stack))
current->personality |= READ_IMPLIES_EXEC;
-@@ -815,6 +1220,20 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -819,6 +1232,20 @@ static int load_elf_binary(struct linux_binprm *bprm)
#else
load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
#endif
@@ -49974,7 +51260,7 @@ index 86af964..5d53bf6 100644
}
error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
-@@ -847,9 +1266,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -851,9 +1278,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
* allowed task size. Note that p_filesz must always be
* <= p_memsz so it is only necessary to check p_memsz.
*/
@@ -49987,7 +51273,7 @@ index 86af964..5d53bf6 100644
/* set_brk can never work. Avoid overflows. */
send_sig(SIGKILL, current, 0);
retval = -EINVAL;
-@@ -888,17 +1307,45 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -892,17 +1319,45 @@ static int load_elf_binary(struct linux_binprm *bprm)
goto out_free_dentry;
}
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
@@ -50001,8 +51287,6 @@ index 86af964..5d53bf6 100644
+ */
}
-- if (elf_interpreter) {
-- unsigned long interp_map_addr = 0;
+#ifdef CONFIG_PAX_RANDMMAP
+ if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
+ unsigned long start, size, flags;
@@ -50012,7 +51296,7 @@ index 86af964..5d53bf6 100644
+ size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4);
+ flags = MAP_FIXED | MAP_PRIVATE;
+ vm_flags = VM_DONTEXPAND | VM_DONTDUMP;
-
++
+ down_write(&current->mm->mmap_sem);
+ start = get_unmapped_area(NULL, start, PAGE_ALIGN(size), 0, flags);
+ retval = -ENOMEM;
@@ -50032,14 +51316,16 @@ index 86af964..5d53bf6 100644
+ }
+#endif
+
-+ if (elf_interpreter) {
+ if (elf_interpreter) {
+- unsigned long interp_map_addr = 0;
+-
elf_entry = load_elf_interp(&loc->interp_elf_ex,
interpreter,
- &interp_map_addr,
load_bias);
if (!IS_ERR((void *)elf_entry)) {
/*
-@@ -1120,7 +1567,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
+@@ -1124,7 +1579,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
* Decide what to dump of a segment, part, all or none.
*/
static unsigned long vma_dump_size(struct vm_area_struct *vma,
@@ -50048,7 +51334,7 @@ index 86af964..5d53bf6 100644
{
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
-@@ -1158,7 +1605,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
+@@ -1162,7 +1617,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
if (vma->vm_file == NULL)
return 0;
@@ -50057,7 +51343,7 @@ index 86af964..5d53bf6 100644
goto whole;
/*
-@@ -1383,9 +1830,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
+@@ -1387,9 +1842,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
{
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
int i = 0;
@@ -50069,7 +51355,7 @@ index 86af964..5d53bf6 100644
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
}
-@@ -1394,7 +1841,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
+@@ -1398,7 +1853,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
{
mm_segment_t old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -50078,7 +51364,7 @@ index 86af964..5d53bf6 100644
set_fs(old_fs);
fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
}
-@@ -2015,14 +2462,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
+@@ -2019,14 +2474,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
}
static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
@@ -50095,7 +51381,7 @@ index 86af964..5d53bf6 100644
return size;
}
-@@ -2116,7 +2563,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2119,7 +2574,7 @@ static int elf_core_dump(struct coredump_params *cprm)
dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
@@ -50104,7 +51390,7 @@ index 86af964..5d53bf6 100644
offset += elf_core_extra_data_size();
e_shoff = offset;
-@@ -2130,10 +2577,12 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2133,10 +2588,12 @@ static int elf_core_dump(struct coredump_params *cprm)
offset = dataoff;
size += sizeof(*elf);
@@ -50117,7 +51403,7 @@ index 86af964..5d53bf6 100644
if (size > cprm->limit
|| !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
goto end_coredump;
-@@ -2147,7 +2596,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2150,7 +2607,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_offset = offset;
phdr.p_vaddr = vma->vm_start;
phdr.p_paddr = 0;
@@ -50126,7 +51412,7 @@ index 86af964..5d53bf6 100644
phdr.p_memsz = vma->vm_end - vma->vm_start;
offset += phdr.p_filesz;
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
-@@ -2158,6 +2607,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2161,6 +2618,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_align = ELF_EXEC_PAGESIZE;
size += sizeof(phdr);
@@ -50134,7 +51420,7 @@ index 86af964..5d53bf6 100644
if (size > cprm->limit
|| !dump_write(cprm->file, &phdr, sizeof(phdr)))
goto end_coredump;
-@@ -2182,7 +2632,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2185,7 +2643,7 @@ static int elf_core_dump(struct coredump_params *cprm)
unsigned long addr;
unsigned long end;
@@ -50143,7 +51429,7 @@ index 86af964..5d53bf6 100644
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
struct page *page;
-@@ -2191,6 +2641,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2194,6 +2652,7 @@ static int elf_core_dump(struct coredump_params *cprm)
page = get_dump_page(addr);
if (page) {
void *kaddr = kmap(page);
@@ -50151,7 +51437,7 @@ index 86af964..5d53bf6 100644
stop = ((size += PAGE_SIZE) > cprm->limit) ||
!dump_write(cprm->file, kaddr,
PAGE_SIZE);
-@@ -2208,6 +2659,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2211,6 +2670,7 @@ static int elf_core_dump(struct coredump_params *cprm)
if (e_phnum == PN_XNUM) {
size += sizeof(*shdr4extnum);
@@ -50159,7 +51445,7 @@ index 86af964..5d53bf6 100644
if (size > cprm->limit
|| !dump_write(cprm->file, shdr4extnum,
sizeof(*shdr4extnum)))
-@@ -2228,6 +2680,97 @@ out:
+@@ -2231,6 +2691,167 @@ out:
#endif /* CONFIG_ELF_CORE */
@@ -50179,7 +51465,7 @@ index 86af964..5d53bf6 100644
+ unsigned long oldflags;
+ bool is_textrel_rw, is_textrel_rx, is_relro;
+
-+ if (!(vma->vm_mm->pax_flags & MF_PAX_MPROTECT))
++ if (!(vma->vm_mm->pax_flags & MF_PAX_MPROTECT) || !vma->vm_file)
+ return;
+
+ oldflags = vma->vm_flags & (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_EXEC | VM_WRITE | VM_READ);
@@ -50187,15 +51473,15 @@ index 86af964..5d53bf6 100644
+
+#ifdef CONFIG_PAX_ELFRELOCS
+ /* possible TEXTREL */
-+ is_textrel_rw = vma->vm_file && !vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYREAD | VM_EXEC | VM_READ) && newflags == (VM_WRITE | VM_READ);
-+ is_textrel_rx = vma->vm_file && vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_WRITE | VM_READ) && newflags == (VM_EXEC | VM_READ);
++ is_textrel_rw = !vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYREAD | VM_EXEC | VM_READ) && newflags == (VM_WRITE | VM_READ);
++ is_textrel_rx = vma->anon_vma && oldflags == (VM_MAYEXEC | VM_MAYWRITE | VM_MAYREAD | VM_WRITE | VM_READ) && newflags == (VM_EXEC | VM_READ);
+#else
+ is_textrel_rw = false;
+ is_textrel_rx = false;
+#endif
+
+ /* possible RELRO */
-+ is_relro = vma->vm_file && vma->anon_vma && oldflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ) && newflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ);
++ is_relro = vma->anon_vma && oldflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ) && newflags == (VM_MAYWRITE | VM_MAYREAD | VM_READ);
+
+ if (!is_textrel_rw && !is_textrel_rx && !is_relro)
+ return;
@@ -50227,9 +51513,9 @@ index 86af964..5d53bf6 100644
+ elf_dyn dyn;
+
+ if (sizeof(dyn) != kernel_read(vma->vm_file, elf_p.p_offset + i*sizeof(dyn), (char *)&dyn, sizeof(dyn)))
-+ return;
++ break;
+ if (dyn.d_tag == DT_NULL)
-+ return;
++ break;
+ if (dyn.d_tag == DT_TEXTREL || (dyn.d_tag == DT_FLAGS && (dyn.d_un.d_val & DF_TEXTREL))) {
+ gr_log_textrel(vma);
+ if (is_textrel_rw)
@@ -50237,19 +51523,89 @@ index 86af964..5d53bf6 100644
+ else
+ /* PaX: disallow write access after relocs are done, hopefully noone else needs it... */
+ vma->vm_flags &= ~VM_MAYWRITE;
-+ return;
++ break;
+ }
+ i++;
+ }
-+ return;
++ is_textrel_rw = false;
++ is_textrel_rx = false;
++ continue;
+
+ case PT_GNU_RELRO:
+ if (!is_relro)
+ continue;
+ if ((elf_p.p_offset >> PAGE_SHIFT) == vma->vm_pgoff && ELF_PAGEALIGN(elf_p.p_memsz) == vma->vm_end - vma->vm_start)
+ vma->vm_flags &= ~VM_MAYWRITE;
-+ return;
++ is_relro = false;
++ continue;
++
++#ifdef CONFIG_PAX_PT_PAX_FLAGS
++ case PT_PAX_FLAGS: {
++ const char *msg_mprotect = "", *msg_emutramp = "";
++ char *buffer_lib, *buffer_exe;
++
++ if (elf_p.p_flags & PF_NOMPROTECT)
++ msg_mprotect = "MPROTECT disabled";
++
++#ifdef CONFIG_PAX_EMUTRAMP
++ if (!(vma->vm_mm->pax_flags & MF_PAX_EMUTRAMP) && !(elf_p.p_flags & PF_NOEMUTRAMP))
++ msg_emutramp = "EMUTRAMP enabled";
++#endif
++
++ if (!msg_mprotect[0] && !msg_emutramp[0])
++ continue;
++
++ if (!printk_ratelimit())
++ continue;
++
++ buffer_lib = (char *)__get_free_page(GFP_KERNEL);
++ buffer_exe = (char *)__get_free_page(GFP_KERNEL);
++ if (buffer_lib && buffer_exe) {
++ char *path_lib, *path_exe;
++
++ path_lib = pax_get_path(&vma->vm_file->f_path, buffer_lib, PAGE_SIZE);
++ path_exe = pax_get_path(&vma->vm_mm->exe_file->f_path, buffer_exe, PAGE_SIZE);
++
++ pr_info("PAX: %s wants %s%s%s on %s\n", path_lib, msg_mprotect,
++ (msg_mprotect[0] && msg_emutramp[0] ? " and " : ""), msg_emutramp, path_exe);
++
++ }
++ free_page((unsigned long)buffer_exe);
++ free_page((unsigned long)buffer_lib);
++ continue;
+ }
++#endif
++
++ }
++ }
++}
++#endif
++
++#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
++
++extern int grsec_enable_log_rwxmaps;
++
++static void elf_handle_mmap(struct file *file)
++{
++ struct elfhdr elf_h;
++ struct elf_phdr elf_p;
++ unsigned long i;
++
++ if (!grsec_enable_log_rwxmaps)
++ return;
++
++ if (sizeof(elf_h) != kernel_read(file, 0UL, (char *)&elf_h, sizeof(elf_h)) ||
++ memcmp(elf_h.e_ident, ELFMAG, SELFMAG) ||
++ (elf_h.e_type != ET_DYN && elf_h.e_type != ET_EXEC) || !elf_check_arch(&elf_h) ||
++ elf_h.e_phentsize != sizeof(struct elf_phdr) ||
++ elf_h.e_phnum > 65536UL / sizeof(struct elf_phdr))
++ return;
++
++ for (i = 0UL; i < elf_h.e_phnum; i++) {
++ if (sizeof(elf_p) != kernel_read(file, elf_h.e_phoff + i*sizeof(elf_p), (char *)&elf_p, sizeof(elf_p)))
++ return;
++ if (elf_p.p_type == PT_GNU_STACK && (elf_p.p_flags & PF_X))
++ gr_log_ptgnustack(file);
+ }
+}
+#endif
@@ -50258,10 +51614,10 @@ index 86af964..5d53bf6 100644
{
register_binfmt(&elf_format);
diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c
-index 2036d21..b0430d0 100644
+index d50bbe5..af3b649 100644
--- a/fs/binfmt_flat.c
+++ b/fs/binfmt_flat.c
-@@ -562,7 +562,9 @@ static int load_flat_file(struct linux_binprm * bprm,
+@@ -566,7 +566,9 @@ static int load_flat_file(struct linux_binprm * bprm,
realdatastart = (unsigned long) -ENOMEM;
printk("Unable to allocate RAM for process data, errno %d\n",
(int)-realdatastart);
@@ -50271,7 +51627,7 @@ index 2036d21..b0430d0 100644
ret = realdatastart;
goto err;
}
-@@ -586,8 +588,10 @@ static int load_flat_file(struct linux_binprm * bprm,
+@@ -590,8 +592,10 @@ static int load_flat_file(struct linux_binprm * bprm,
}
if (IS_ERR_VALUE(result)) {
printk("Unable to read data+bss, errno %d\n", (int)-result);
@@ -50282,7 +51638,7 @@ index 2036d21..b0430d0 100644
ret = result;
goto err;
}
-@@ -654,8 +658,10 @@ static int load_flat_file(struct linux_binprm * bprm,
+@@ -653,8 +657,10 @@ static int load_flat_file(struct linux_binprm * bprm,
}
if (IS_ERR_VALUE(result)) {
printk("Unable to read code+data+bss, errno %d\n",(int)-result);
@@ -50294,10 +51650,10 @@ index 2036d21..b0430d0 100644
goto err;
}
diff --git a/fs/bio.c b/fs/bio.c
-index b96fc6c..431d628 100644
+index 94bbc04..6fe78a4 100644
--- a/fs/bio.c
+++ b/fs/bio.c
-@@ -818,7 +818,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q,
+@@ -1096,7 +1096,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q,
/*
* Overflow, abort
*/
@@ -50306,7 +51662,7 @@ index b96fc6c..431d628 100644
return ERR_PTR(-EINVAL);
nr_pages += end - start;
-@@ -952,7 +952,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q,
+@@ -1230,7 +1230,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q,
/*
* Overflow, abort
*/
@@ -50315,46 +51671,20 @@ index b96fc6c..431d628 100644
return ERR_PTR(-EINVAL);
nr_pages += end - start;
-@@ -1214,7 +1214,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err)
+@@ -1492,7 +1492,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err)
const int read = bio_data_dir(bio) == READ;
struct bio_map_data *bmd = bio->bi_private;
int i;
- char *p = bmd->sgvecs[0].iov_base;
+ char *p = (char __force_kernel *)bmd->sgvecs[0].iov_base;
- __bio_for_each_segment(bvec, bio, i, 0) {
+ bio_for_each_segment_all(bvec, bio, i) {
char *addr = page_address(bvec->bv_page);
diff --git a/fs/block_dev.c b/fs/block_dev.c
-index aae187a..8325c5d 100644
+index 85f5c85..d6f0b1a 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
-@@ -57,17 +57,24 @@ static void bdev_inode_switch_bdi(struct inode *inode,
- struct backing_dev_info *dst)
- {
- struct backing_dev_info *old = inode->i_data.backing_dev_info;
-+ bool wakeup_bdi = false;
-
- if (unlikely(dst == old)) /* deadlock avoidance */
- return;
- bdi_lock_two(&old->wb, &dst->wb);
- spin_lock(&inode->i_lock);
- inode->i_data.backing_dev_info = dst;
-- if (inode->i_state & I_DIRTY)
-+ if (inode->i_state & I_DIRTY) {
-+ if (bdi_cap_writeback_dirty(dst) && !wb_has_dirty_io(&dst->wb))
-+ wakeup_bdi = true;
- list_move(&inode->i_wb_list, &dst->wb.b_dirty);
-+ }
- spin_unlock(&inode->i_lock);
- spin_unlock(&old->wb.list_lock);
- spin_unlock(&dst->wb.list_lock);
-+
-+ if (wakeup_bdi)
-+ bdi_wakeup_thread_delayed(dst);
- }
-
- /* Kill _all_ buffers and pagecache , dirty or not.. */
-@@ -652,7 +659,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole,
+@@ -658,7 +658,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole,
else if (bdev->bd_contains == bdev)
return true; /* is a whole device which isn't held */
@@ -50364,10 +51694,10 @@ index aae187a..8325c5d 100644
else if (whole->bd_holder != NULL)
return false; /* is a partition of a held device */
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
-index 7a983f7..c73ee93 100644
+index 7fb054b..ad36c67 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
-@@ -1036,9 +1036,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans,
+@@ -1076,9 +1076,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans,
free_extent_buffer(buf);
add_root_to_dirty_list(root);
} else {
@@ -50384,10 +51714,10 @@ index 7a983f7..c73ee93 100644
WARN_ON(trans->transid != btrfs_header_generation(parent));
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
-index f49b62f..07834ab 100644
+index 0f81d67..0ad55fe 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
-@@ -3077,9 +3077,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -3084,9 +3084,12 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
for (i = 0; i < num_types; i++) {
struct btrfs_space_info *tmp;
@@ -50400,7 +51730,7 @@ index f49b62f..07834ab 100644
info = NULL;
rcu_read_lock();
list_for_each_entry_rcu(tmp, &root->fs_info->space_info,
-@@ -3101,10 +3104,7 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -3108,10 +3111,7 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
memcpy(dest, &space, sizeof(space));
dest++;
space_args.total_spaces++;
@@ -50412,11 +51742,11 @@ index f49b62f..07834ab 100644
up_read(&info->groups_sem);
}
diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c
-index f6b8859..54fe8c5 100644
+index f0857e0..e7023c5 100644
--- a/fs/btrfs/super.c
+++ b/fs/btrfs/super.c
-@@ -266,7 +266,7 @@ void __btrfs_abort_transaction(struct btrfs_trans_handle *trans,
- function, line, errstr);
+@@ -265,7 +265,7 @@ void __btrfs_abort_transaction(struct btrfs_trans_handle *trans,
+ function, line, errstr);
return;
}
- ACCESS_ONCE(trans->transaction->aborted) = errno;
@@ -50424,6 +51754,19 @@ index f6b8859..54fe8c5 100644
__btrfs_std_error(root->fs_info, function, line, errno, NULL);
}
/*
+diff --git a/fs/buffer.c b/fs/buffer.c
+index d2a4d1b..df798ca 100644
+--- a/fs/buffer.c
++++ b/fs/buffer.c
+@@ -3367,7 +3367,7 @@ void __init buffer_init(void)
+ bh_cachep = kmem_cache_create("buffer_head",
+ sizeof(struct buffer_head), 0,
+ (SLAB_RECLAIM_ACCOUNT|SLAB_PANIC|
+- SLAB_MEM_SPREAD),
++ SLAB_MEM_SPREAD|SLAB_NO_SANITIZE),
+ NULL);
+
+ /*
diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c
index 622f469..e8d2d55 100644
--- a/fs/cachefiles/bind.c
@@ -50566,10 +51909,10 @@ index eccd339..4c1d995 100644
return 0;
diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c
-index 4809922..aab2c39 100644
+index 317f9ee..3d24511 100644
--- a/fs/cachefiles/rdwr.c
+++ b/fs/cachefiles/rdwr.c
-@@ -965,7 +965,7 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page)
+@@ -966,7 +966,7 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page)
old_fs = get_fs();
set_fs(KERNEL_DS);
ret = file->f_op->write(
@@ -50577,9 +51920,9 @@ index 4809922..aab2c39 100644
+ file, (const void __force_user *) data, len, &pos);
set_fs(old_fs);
kunmap(page);
- if (ret != len)
+ file_end_write(file);
diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c
-index 6d797f4..0ace2e5 100644
+index f02d82b..2632cf86 100644
--- a/fs/ceph/dir.c
+++ b/fs/ceph/dir.c
@@ -243,7 +243,7 @@ static int ceph_readdir(struct file *filp, void *dirent, filldir_t filldir)
@@ -50592,10 +51935,10 @@ index 6d797f4..0ace2e5 100644
u32 ftype;
struct ceph_mds_reply_info_parsed *rinfo;
diff --git a/fs/cifs/cifs_debug.c b/fs/cifs/cifs_debug.c
-index d9ea6ed..1e6c8ac 100644
+index d597483..747901b 100644
--- a/fs/cifs/cifs_debug.c
+++ b/fs/cifs/cifs_debug.c
-@@ -267,8 +267,8 @@ static ssize_t cifs_stats_proc_write(struct file *file,
+@@ -284,8 +284,8 @@ static ssize_t cifs_stats_proc_write(struct file *file,
if (c == '1' || c == 'y' || c == 'Y' || c == '0') {
#ifdef CONFIG_CIFS_STATS2
@@ -50606,7 +51949,7 @@ index d9ea6ed..1e6c8ac 100644
#endif /* CONFIG_CIFS_STATS2 */
spin_lock(&cifs_tcp_ses_lock);
list_for_each(tmp1, &cifs_tcp_ses_list) {
-@@ -281,7 +281,7 @@ static ssize_t cifs_stats_proc_write(struct file *file,
+@@ -298,7 +298,7 @@ static ssize_t cifs_stats_proc_write(struct file *file,
tcon = list_entry(tmp3,
struct cifs_tcon,
tcon_list);
@@ -50615,7 +51958,7 @@ index d9ea6ed..1e6c8ac 100644
if (server->ops->clear_stats)
server->ops->clear_stats(tcon);
}
-@@ -313,8 +313,8 @@ static int cifs_stats_proc_show(struct seq_file *m, void *v)
+@@ -330,8 +330,8 @@ static int cifs_stats_proc_show(struct seq_file *m, void *v)
smBufAllocCount.counter, cifs_min_small);
#ifdef CONFIG_CIFS_STATS2
seq_printf(m, "Total Large %d Small %d Allocations\n",
@@ -50626,7 +51969,7 @@ index d9ea6ed..1e6c8ac 100644
#endif /* CONFIG_CIFS_STATS2 */
seq_printf(m, "Operations (MIDs): %d\n", atomic_read(&midCount));
-@@ -343,7 +343,7 @@ static int cifs_stats_proc_show(struct seq_file *m, void *v)
+@@ -360,7 +360,7 @@ static int cifs_stats_proc_show(struct seq_file *m, void *v)
if (tcon->need_reconnect)
seq_puts(m, "\tDISCONNECTED ");
seq_printf(m, "\nSMBs: %d",
@@ -50636,11 +51979,11 @@ index d9ea6ed..1e6c8ac 100644
server->ops->print_stats(m, tcon);
}
diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c
-index 345fc89..b2acae5 100644
+index 3752b9f..8db5569 100644
--- a/fs/cifs/cifsfs.c
+++ b/fs/cifs/cifsfs.c
-@@ -1033,7 +1033,7 @@ cifs_init_request_bufs(void)
- /* cERROR(1, "CIFSMaxBufSize %d 0x%x",CIFSMaxBufSize,CIFSMaxBufSize); */
+@@ -1035,7 +1035,7 @@ cifs_init_request_bufs(void)
+ */
cifs_req_cachep = kmem_cache_create("cifs_request",
CIFSMaxBufSize + max_hdr_size, 0,
- SLAB_HWCACHE_ALIGN, NULL);
@@ -50648,7 +51991,7 @@ index 345fc89..b2acae5 100644
if (cifs_req_cachep == NULL)
return -ENOMEM;
-@@ -1060,7 +1060,7 @@ cifs_init_request_bufs(void)
+@@ -1062,7 +1062,7 @@ cifs_init_request_bufs(void)
efficient to alloc 1 per page off the slab compared to 17K (5page)
alloc of large cifs buffers even when page debugging is on */
cifs_sm_req_cachep = kmem_cache_create("cifs_small_rq",
@@ -50657,7 +52000,7 @@ index 345fc89..b2acae5 100644
NULL);
if (cifs_sm_req_cachep == NULL) {
mempool_destroy(cifs_req_poolp);
-@@ -1145,8 +1145,8 @@ init_cifs(void)
+@@ -1147,8 +1147,8 @@ init_cifs(void)
atomic_set(&bufAllocCount, 0);
atomic_set(&smBufAllocCount, 0);
#ifdef CONFIG_CIFS_STATS2
@@ -50669,10 +52012,10 @@ index 345fc89..b2acae5 100644
atomic_set(&midCount, 0);
diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h
-index 4f07f6f..55de8ce 100644
+index ea3a0b3..0194e39 100644
--- a/fs/cifs/cifsglob.h
+++ b/fs/cifs/cifsglob.h
-@@ -751,35 +751,35 @@ struct cifs_tcon {
+@@ -752,35 +752,35 @@ struct cifs_tcon {
__u16 Flags; /* optional support bits */
enum statusEnum tidStatus;
#ifdef CONFIG_CIFS_STATS
@@ -50732,7 +52075,7 @@ index 4f07f6f..55de8ce 100644
} smb2_stats;
#endif /* CONFIG_CIFS_SMB2 */
} stats;
-@@ -1080,7 +1080,7 @@ convert_delimiter(char *path, char delim)
+@@ -1081,7 +1081,7 @@ convert_delimiter(char *path, char delim)
}
#ifdef CONFIG_CIFS_STATS
@@ -50741,7 +52084,7 @@ index 4f07f6f..55de8ce 100644
static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon,
unsigned int bytes)
-@@ -1445,8 +1445,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount;
+@@ -1446,8 +1446,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount;
/* Various Debug counters */
GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */
#ifdef CONFIG_CIFS_STATS2
@@ -50753,7 +52096,7 @@ index 4f07f6f..55de8ce 100644
GLOBAL_EXTERN atomic_t smBufAllocCount;
GLOBAL_EXTERN atomic_t midCount;
diff --git a/fs/cifs/link.c b/fs/cifs/link.c
-index 9f6c4c4..8de307a 100644
+index b83c3f5..6437caa 100644
--- a/fs/cifs/link.c
+++ b/fs/cifs/link.c
@@ -616,7 +616,7 @@ symlink_exit:
@@ -50766,7 +52109,7 @@ index 9f6c4c4..8de307a 100644
kfree(p);
}
diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c
-index 1b15bf8..1ce489e 100644
+index 1bec014..f329411 100644
--- a/fs/cifs/misc.c
+++ b/fs/cifs/misc.c
@@ -169,7 +169,7 @@ cifs_buf_get(void)
@@ -50788,10 +52131,10 @@ index 1b15bf8..1ce489e 100644
}
diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c
-index 47bc5a8..10decbe 100644
+index 3efdb9d..e845a5e 100644
--- a/fs/cifs/smb1ops.c
+++ b/fs/cifs/smb1ops.c
-@@ -586,27 +586,27 @@ static void
+@@ -591,27 +591,27 @@ static void
cifs_clear_stats(struct cifs_tcon *tcon)
{
#ifdef CONFIG_CIFS_STATS
@@ -50840,7 +52183,7 @@ index 47bc5a8..10decbe 100644
#endif
}
-@@ -615,36 +615,36 @@ cifs_print_stats(struct seq_file *m, struct cifs_tcon *tcon)
+@@ -620,36 +620,36 @@ cifs_print_stats(struct seq_file *m, struct cifs_tcon *tcon)
{
#ifdef CONFIG_CIFS_STATS
seq_printf(m, " Oplocks breaks: %d",
@@ -50897,7 +52240,7 @@ index 47bc5a8..10decbe 100644
}
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c
-index bceffe7..cd1ae59 100644
+index f2e76f3..c44fac7 100644
--- a/fs/cifs/smb2ops.c
+++ b/fs/cifs/smb2ops.c
@@ -274,8 +274,8 @@ smb2_clear_stats(struct cifs_tcon *tcon)
@@ -51019,13 +52362,13 @@ index bceffe7..cd1ae59 100644
}
diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c
-index 41d9d07..dbb4772 100644
+index 2b95ce2..d079d75 100644
--- a/fs/cifs/smb2pdu.c
+++ b/fs/cifs/smb2pdu.c
-@@ -1761,8 +1761,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
+@@ -1760,8 +1760,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon,
default:
- cERROR(1, "info level %u isn't supported",
- srch_inf->info_level);
+ cifs_dbg(VFS, "info level %u isn't supported\n",
+ srch_inf->info_level);
- rc = -EINVAL;
- goto qdir_exit;
+ return -EINVAL;
@@ -51081,7 +52424,7 @@ index 1da168c..8bc7ff6 100644
return hit;
diff --git a/fs/compat.c b/fs/compat.c
-index d487985..c9e04b1 100644
+index fc3b55d..7b568ae 100644
--- a/fs/compat.c
+++ b/fs/compat.c
@@ -54,7 +54,7 @@
@@ -51093,7 +52436,7 @@ index d487985..c9e04b1 100644
int compat_printk(const char *fmt, ...)
{
-@@ -490,7 +490,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p)
+@@ -488,7 +488,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p)
set_fs(KERNEL_DS);
/* The __user pointer cast is valid because of the set_fs() */
@@ -51102,7 +52445,7 @@ index d487985..c9e04b1 100644
set_fs(oldfs);
/* truncating is ok because it's a user address */
if (!ret)
-@@ -548,7 +548,7 @@ ssize_t compat_rw_copy_check_uvector(int type,
+@@ -546,7 +546,7 @@ ssize_t compat_rw_copy_check_uvector(int type,
goto out;
ret = -EINVAL;
@@ -51111,7 +52454,7 @@ index d487985..c9e04b1 100644
goto out;
if (nr_segs > fast_segs) {
ret = -ENOMEM;
-@@ -835,6 +835,7 @@ struct compat_old_linux_dirent {
+@@ -833,6 +833,7 @@ struct compat_old_linux_dirent {
struct compat_readdir_callback {
struct compat_old_linux_dirent __user *dirent;
@@ -51119,7 +52462,7 @@ index d487985..c9e04b1 100644
int result;
};
-@@ -852,6 +853,10 @@ static int compat_fillonedir(void *__buf, const char *name, int namlen,
+@@ -850,6 +851,10 @@ static int compat_fillonedir(void *__buf, const char *name, int namlen,
buf->result = -EOVERFLOW;
return -EOVERFLOW;
}
@@ -51130,7 +52473,7 @@ index d487985..c9e04b1 100644
buf->result++;
dirent = buf->dirent;
if (!access_ok(VERIFY_WRITE, dirent,
-@@ -882,6 +887,7 @@ asmlinkage long compat_sys_old_readdir(unsigned int fd,
+@@ -880,6 +885,7 @@ asmlinkage long compat_sys_old_readdir(unsigned int fd,
buf.result = 0;
buf.dirent = dirent;
@@ -51138,7 +52481,7 @@ index d487985..c9e04b1 100644
error = vfs_readdir(f.file, compat_fillonedir, &buf);
if (buf.result)
-@@ -901,6 +907,7 @@ struct compat_linux_dirent {
+@@ -899,6 +905,7 @@ struct compat_linux_dirent {
struct compat_getdents_callback {
struct compat_linux_dirent __user *current_dir;
struct compat_linux_dirent __user *previous;
@@ -51146,7 +52489,7 @@ index d487985..c9e04b1 100644
int count;
int error;
};
-@@ -922,6 +929,10 @@ static int compat_filldir(void *__buf, const char *name, int namlen,
+@@ -920,6 +927,10 @@ static int compat_filldir(void *__buf, const char *name, int namlen,
buf->error = -EOVERFLOW;
return -EOVERFLOW;
}
@@ -51157,7 +52500,7 @@ index d487985..c9e04b1 100644
dirent = buf->previous;
if (dirent) {
if (__put_user(offset, &dirent->d_off))
-@@ -967,6 +978,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd,
+@@ -965,6 +976,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd,
buf.previous = NULL;
buf.count = count;
buf.error = 0;
@@ -51165,7 +52508,7 @@ index d487985..c9e04b1 100644
error = vfs_readdir(f.file, compat_filldir, &buf);
if (error >= 0)
-@@ -987,6 +999,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd,
+@@ -985,6 +997,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd,
struct compat_getdents_callback64 {
struct linux_dirent64 __user *current_dir;
struct linux_dirent64 __user *previous;
@@ -51173,7 +52516,7 @@ index d487985..c9e04b1 100644
int count;
int error;
};
-@@ -1003,6 +1016,10 @@ static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t
+@@ -1001,6 +1014,10 @@ static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t
buf->error = -EINVAL; /* only used if we fail.. */
if (reclen > buf->count)
return -EINVAL;
@@ -51184,7 +52527,7 @@ index d487985..c9e04b1 100644
dirent = buf->previous;
if (dirent) {
-@@ -1052,13 +1069,14 @@ asmlinkage long compat_sys_getdents64(unsigned int fd,
+@@ -1050,13 +1067,14 @@ asmlinkage long compat_sys_getdents64(unsigned int fd,
buf.previous = NULL;
buf.count = count;
buf.error = 0;
@@ -51219,10 +52562,10 @@ index a81147e..20bf2b5 100644
/*
diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
-index 3ced75f..b28d192 100644
+index 996cdc5..15e2f33 100644
--- a/fs/compat_ioctl.c
+++ b/fs/compat_ioctl.c
-@@ -623,7 +623,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd,
+@@ -622,7 +622,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd,
return -EFAULT;
if (__get_user(udata, &ss32->iomem_base))
return -EFAULT;
@@ -51231,7 +52574,7 @@ index 3ced75f..b28d192 100644
if (__get_user(ss.iomem_reg_shift, &ss32->iomem_reg_shift) ||
__get_user(ss.port_high, &ss32->port_high))
return -EFAULT;
-@@ -704,8 +704,8 @@ static int do_i2c_rdwr_ioctl(unsigned int fd, unsigned int cmd,
+@@ -703,8 +703,8 @@ static int do_i2c_rdwr_ioctl(unsigned int fd, unsigned int cmd,
for (i = 0; i < nmsgs; i++) {
if (copy_in_user(&tmsgs[i].addr, &umsgs[i].addr, 3*sizeof(u16)))
return -EFAULT;
@@ -51242,7 +52585,7 @@ index 3ced75f..b28d192 100644
return -EFAULT;
}
return sys_ioctl(fd, cmd, (unsigned long)tdata);
-@@ -798,7 +798,7 @@ static int compat_ioctl_preallocate(struct file *file,
+@@ -797,7 +797,7 @@ static int compat_ioctl_preallocate(struct file *file,
copy_in_user(&p->l_len, &p32->l_len, sizeof(s64)) ||
copy_in_user(&p->l_sysid, &p32->l_sysid, sizeof(s32)) ||
copy_in_user(&p->l_pid, &p32->l_pid, sizeof(u32)) ||
@@ -51251,7 +52594,7 @@ index 3ced75f..b28d192 100644
return -EFAULT;
return ioctl_preallocate(file, p);
-@@ -1620,8 +1620,8 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd,
+@@ -1619,8 +1619,8 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd,
static int __init init_sys32_ioctl_cmp(const void *p, const void *q)
{
unsigned int a, b;
@@ -51291,7 +52634,7 @@ index 7aabc6a..34c1197 100644
/*
* We'll have a dentry and an inode for
diff --git a/fs/coredump.c b/fs/coredump.c
-index c647965..a77bff3 100644
+index dafafba..10b3b27 100644
--- a/fs/coredump.c
+++ b/fs/coredump.c
@@ -52,7 +52,7 @@ struct core_name {
@@ -51321,40 +52664,43 @@ index c647965..a77bff3 100644
cn->corename = kmalloc(cn->size, GFP_KERNEL);
cn->used = 0;
-@@ -414,17 +414,17 @@ static void wait_for_dump_helpers(struct file *file)
- pipe = file_inode(file)->i_pipe;
+@@ -435,8 +435,8 @@ static void wait_for_dump_helpers(struct file *file)
+ struct pipe_inode_info *pipe = file->private_data;
pipe_lock(pipe);
- pipe->readers++;
- pipe->writers--;
+ atomic_inc(&pipe->readers);
+ atomic_dec(&pipe->writers);
+ wake_up_interruptible_sync(&pipe->wait);
+ kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
+ pipe_unlock(pipe);
+@@ -445,11 +445,11 @@ static void wait_for_dump_helpers(struct file *file)
+ * We actually want wait_event_freezable() but then we need
+ * to clear TIF_SIGPENDING and improve dump_interrupted().
+ */
+- wait_event_interruptible(pipe->wait, pipe->readers == 1);
++ wait_event_interruptible(pipe->wait, atomic_read(&pipe->readers) == 1);
-- while ((pipe->readers > 1) && (!signal_pending(current))) {
-+ while ((atomic_read(&pipe->readers) > 1) && (!signal_pending(current))) {
- wake_up_interruptible_sync(&pipe->wait);
- kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
- pipe_wait(pipe);
- }
-
+ pipe_lock(pipe);
- pipe->readers--;
- pipe->writers++;
+ atomic_dec(&pipe->readers);
+ atomic_inc(&pipe->writers);
pipe_unlock(pipe);
-
}
-@@ -471,7 +471,8 @@ void do_coredump(siginfo_t *siginfo)
- int ispipe;
+
+@@ -496,7 +496,8 @@ void do_coredump(siginfo_t *siginfo)
struct files_struct *displaced;
bool need_nonrelative = false;
+ bool core_dumped = false;
- static atomic_t core_dump_count = ATOMIC_INIT(0);
+ static atomic_unchecked_t core_dump_count = ATOMIC_INIT(0);
+ long signr = siginfo->si_signo;
struct coredump_params cprm = {
.siginfo = siginfo,
.regs = signal_pt_regs(),
-@@ -484,7 +485,10 @@ void do_coredump(siginfo_t *siginfo)
+@@ -509,7 +510,10 @@ void do_coredump(siginfo_t *siginfo)
.mm_flags = mm->flags,
};
@@ -51366,7 +52712,7 @@ index c647965..a77bff3 100644
binfmt = mm->binfmt;
if (!binfmt || !binfmt->core_dump)
-@@ -508,7 +512,7 @@ void do_coredump(siginfo_t *siginfo)
+@@ -533,7 +537,7 @@ void do_coredump(siginfo_t *siginfo)
need_nonrelative = true;
}
@@ -51375,7 +52721,7 @@ index c647965..a77bff3 100644
if (retval < 0)
goto fail_creds;
-@@ -556,7 +560,7 @@ void do_coredump(siginfo_t *siginfo)
+@@ -576,7 +580,7 @@ void do_coredump(siginfo_t *siginfo)
}
cprm.limit = RLIM_INFINITY;
@@ -51384,7 +52730,7 @@ index c647965..a77bff3 100644
if (core_pipe_limit && (core_pipe_limit < dump_count)) {
printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n",
task_tgid_vnr(current), current->comm);
-@@ -583,6 +587,8 @@ void do_coredump(siginfo_t *siginfo)
+@@ -608,6 +612,8 @@ void do_coredump(siginfo_t *siginfo)
} else {
struct inode *inode;
@@ -51393,7 +52739,7 @@ index c647965..a77bff3 100644
if (cprm.limit < binfmt->min_coredump)
goto fail_unlock;
-@@ -640,7 +646,7 @@ close_fail:
+@@ -666,7 +672,7 @@ close_fail:
filp_close(cprm.file, NULL);
fail_dropcount:
if (ispipe)
@@ -51402,30 +52748,31 @@ index c647965..a77bff3 100644
fail_unlock:
kfree(cn.corename);
fail_corename:
-@@ -659,7 +665,7 @@ fail:
- */
- int dump_write(struct file *file, const void *addr, int nr)
+@@ -687,7 +693,7 @@ int dump_write(struct file *file, const void *addr, int nr)
{
-- return access_ok(VERIFY_READ, addr, nr) && file->f_op->write(file, addr, nr, &file->f_pos) == nr;
-+ return access_ok(VERIFY_READ, addr, nr) && file->f_op->write(file, (const char __force_user *)addr, nr, &file->f_pos) == nr;
+ return !dump_interrupted() &&
+ access_ok(VERIFY_READ, addr, nr) &&
+- file->f_op->write(file, addr, nr, &file->f_pos) == nr;
++ file->f_op->write(file, (const char __force_user *)addr, nr, &file->f_pos) == nr;
}
EXPORT_SYMBOL(dump_write);
diff --git a/fs/dcache.c b/fs/dcache.c
-index e689268..f36956e 100644
+index f09b908..04b9690 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
-@@ -3100,7 +3100,7 @@ void __init vfs_caches_init(unsigned long mempages)
+@@ -3086,7 +3086,8 @@ void __init vfs_caches_init(unsigned long mempages)
mempages -= reserve;
names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0,
- SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL);
-+ SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_USERCOPY, NULL);
++ SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_USERCOPY|
++ SLAB_NO_SANITIZE, NULL);
dcache_init();
inode_init();
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
-index 4888cb3..e0f7cf8 100644
+index c7c83ff..bda9461 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
@@ -415,7 +415,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file);
@@ -51475,21 +52822,8 @@ index e4141f2..d8263e8 100644
goto out_unlock_msg_ctx;
i += packet_length_size;
if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size))
-diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c
-index 6a16053..2155147 100644
---- a/fs/ecryptfs/read_write.c
-+++ b/fs/ecryptfs/read_write.c
-@@ -240,7 +240,7 @@ int ecryptfs_read_lower(char *data, loff_t offset, size_t size,
- return -EIO;
- fs_save = get_fs();
- set_fs(get_ds());
-- rc = vfs_read(lower_file, data, size, &offset);
-+ rc = vfs_read(lower_file, (char __force_user *)data, size, &offset);
- set_fs(fs_save);
- return rc;
- }
diff --git a/fs/exec.c b/fs/exec.c
-index 0d5c76f..3d4585e 100644
+index ffd7a81..3c84660 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -55,8 +55,20 @@
@@ -51616,7 +52950,7 @@ index 0d5c76f..3d4585e 100644
+
+#ifdef CONFIG_PAX_RANDUSTACK
+ if (randomize_va_space)
-+ bprm->p ^= random32() & ~PAGE_MASK;
++ bprm->p ^= prandom_u32() & ~PAGE_MASK;
+#endif
+
return 0;
@@ -51696,6 +53030,24 @@ index 0d5c76f..3d4585e 100644
/*
* cover the whole range: [new_start, old_end)
*/
+@@ -607,7 +653,7 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
+ return -ENOMEM;
+
+ lru_add_drain();
+- tlb_gather_mmu(&tlb, mm, 0);
++ tlb_gather_mmu(&tlb, mm, old_start, old_end);
+ if (new_end > old_start) {
+ /*
+ * when the old and new regions overlap clear from new_end.
+@@ -624,7 +670,7 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift)
+ free_pgd_range(&tlb, old_start, old_end, new_end,
+ vma->vm_next ? vma->vm_next->vm_start : USER_PGTABLES_CEILING);
+ }
+- tlb_finish_mmu(&tlb, new_end, old_end);
++ tlb_finish_mmu(&tlb, old_start, old_end);
+
+ /*
+ * Shrink the vma to just the new range. Always succeeds.
@@ -672,10 +718,6 @@ int setup_arg_pages(struct linux_binprm *bprm,
stack_top = arch_align_stack(stack_top);
stack_top = PAGE_ALIGN(stack_top);
@@ -51767,7 +53119,7 @@ index 0d5c76f..3d4585e 100644
+
+#ifdef CONFIG_X86
+ if (!ret) {
-+ size = mmap_min_addr + ((mm->delta_mmap ^ mm->delta_stack) & (0xFFUL << PAGE_SHIFT));
++ size = PAGE_SIZE + mmap_min_addr + ((mm->delta_mmap ^ mm->delta_stack) & (0xFFUL << PAGE_SHIFT));
+ ret = 0 != mmap_region(NULL, 0, PAGE_ALIGN(size), vm_flags, 0);
+ }
+#endif
@@ -51796,7 +53148,7 @@ index 0d5c76f..3d4585e 100644
set_fs(old_fs);
return result;
}
-@@ -1252,7 +1330,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm)
+@@ -1251,7 +1329,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm)
}
rcu_read_unlock();
@@ -51805,7 +53157,7 @@ index 0d5c76f..3d4585e 100644
bprm->unsafe |= LSM_UNSAFE_SHARE;
} else {
res = -EAGAIN;
-@@ -1452,6 +1530,31 @@ int search_binary_handler(struct linux_binprm *bprm)
+@@ -1451,6 +1529,31 @@ int search_binary_handler(struct linux_binprm *bprm)
EXPORT_SYMBOL(search_binary_handler);
@@ -51837,7 +53189,7 @@ index 0d5c76f..3d4585e 100644
/*
* sys_execve() executes a new program.
*/
-@@ -1459,6 +1562,11 @@ static int do_execve_common(const char *filename,
+@@ -1458,6 +1561,11 @@ static int do_execve_common(const char *filename,
struct user_arg_ptr argv,
struct user_arg_ptr envp)
{
@@ -51849,7 +53201,7 @@ index 0d5c76f..3d4585e 100644
struct linux_binprm *bprm;
struct file *file;
struct files_struct *displaced;
-@@ -1466,6 +1574,8 @@ static int do_execve_common(const char *filename,
+@@ -1465,6 +1573,8 @@ static int do_execve_common(const char *filename,
int retval;
const struct cred *cred = current_cred();
@@ -51858,7 +53210,7 @@ index 0d5c76f..3d4585e 100644
/*
* We move the actual failure in case of RLIMIT_NPROC excess from
* set*uid() to execve() because too many poorly written programs
-@@ -1506,12 +1616,22 @@ static int do_execve_common(const char *filename,
+@@ -1505,12 +1615,22 @@ static int do_execve_common(const char *filename,
if (IS_ERR(file))
goto out_unmark;
@@ -51881,7 +53233,7 @@ index 0d5c76f..3d4585e 100644
retval = bprm_mm_init(bprm);
if (retval)
goto out_file;
-@@ -1528,24 +1648,70 @@ static int do_execve_common(const char *filename,
+@@ -1527,24 +1647,70 @@ static int do_execve_common(const char *filename,
if (retval < 0)
goto out;
@@ -51956,7 +53308,7 @@ index 0d5c76f..3d4585e 100644
current->fs->in_exec = 0;
current->in_execve = 0;
acct_update_integrals(current);
-@@ -1554,6 +1720,14 @@ static int do_execve_common(const char *filename,
+@@ -1553,6 +1719,14 @@ static int do_execve_common(const char *filename,
put_files_struct(displaced);
return retval;
@@ -51971,7 +53323,7 @@ index 0d5c76f..3d4585e 100644
out:
if (bprm->mm) {
acct_arg_size(bprm, 0);
-@@ -1702,3 +1876,283 @@ asmlinkage long compat_sys_execve(const char __user * filename,
+@@ -1701,3 +1875,287 @@ asmlinkage long compat_sys_execve(const char __user * filename,
return error;
}
#endif
@@ -52030,6 +53382,25 @@ index 0d5c76f..3d4585e 100644
+EXPORT_SYMBOL(pax_check_flags);
+
+#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC)
++char *pax_get_path(const struct path *path, char *buf, int buflen)
++{
++ char *pathname = d_path(path, buf, buflen);
++
++ if (IS_ERR(pathname))
++ goto toolong;
++
++ pathname = mangle_path(buf, pathname, "\t\n\\");
++ if (!pathname)
++ goto toolong;
++
++ *pathname = 0;
++ return buf;
++
++toolong:
++ return "<path too long>";
++}
++EXPORT_SYMBOL(pax_get_path);
++
+void pax_report_fault(struct pt_regs *regs, void *pc, void *sp)
+{
+ struct task_struct *tsk = current;
@@ -52053,36 +53424,19 @@ index 0d5c76f..3d4585e 100644
+ vma_fault = vma;
+ vma = vma->vm_next;
+ }
-+ if (vma_exec) {
-+ path_exec = d_path(&vma_exec->vm_file->f_path, buffer_exec, PAGE_SIZE);
-+ if (IS_ERR(path_exec))
-+ path_exec = "<path too long>";
-+ else {
-+ path_exec = mangle_path(buffer_exec, path_exec, "\t\n\\");
-+ if (path_exec) {
-+ *path_exec = 0;
-+ path_exec = buffer_exec;
-+ } else
-+ path_exec = "<path too long>";
-+ }
-+ }
++ if (vma_exec)
++ path_exec = pax_get_path(&vma_exec->vm_file->f_path, buffer_exec, PAGE_SIZE);
+ if (vma_fault) {
+ start = vma_fault->vm_start;
+ end = vma_fault->vm_end;
+ offset = vma_fault->vm_pgoff << PAGE_SHIFT;
-+ if (vma_fault->vm_file) {
-+ path_fault = d_path(&vma_fault->vm_file->f_path, buffer_fault, PAGE_SIZE);
-+ if (IS_ERR(path_fault))
-+ path_fault = "<path too long>";
-+ else {
-+ path_fault = mangle_path(buffer_fault, path_fault, "\t\n\\");
-+ if (path_fault) {
-+ *path_fault = 0;
-+ path_fault = buffer_fault;
-+ } else
-+ path_fault = "<path too long>";
-+ }
-+ } else
++ if (vma_fault->vm_file)
++ path_fault = pax_get_path(&vma_fault->vm_file->f_path, buffer_fault, PAGE_SIZE);
++ else if ((unsigned long)pc >= mm->start_brk && (unsigned long)pc < mm->brk)
++ path_fault = "<heap>";
++ else if (vma_fault->vm_flags & (VM_GROWSDOWN | VM_GROWSUP))
++ path_fault = "<stack>";
++ else
+ path_fault = "<anonymous mapping>";
+ }
+ up_read(&mm->mmap_sem);
@@ -52116,7 +53470,9 @@ index 0d5c76f..3d4585e 100644
+ printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current),
+ from_kuid_munged(&init_user_ns, current_uid()), from_kuid_munged(&init_user_ns, current_euid()));
+ print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs));
++ preempt_disable();
+ show_regs(regs);
++ preempt_enable();
+ force_sig_info(SIGKILL, SEND_SIG_FORCED, current);
+}
+#endif
@@ -52289,40 +53645,26 @@ index 22548f5..41521d8 100644
return 0;
}
return 1;
-diff --git a/fs/ext3/inode.c b/fs/ext3/inode.c
-index d512c4b..d706dbf 100644
---- a/fs/ext3/inode.c
-+++ b/fs/ext3/inode.c
-@@ -218,7 +218,8 @@ void ext3_evict_inode (struct inode *inode)
- */
- if (inode->i_nlink && ext3_should_journal_data(inode) &&
- EXT3_SB(inode->i_sb)->s_journal &&
-- (S_ISLNK(inode->i_mode) || S_ISREG(inode->i_mode))) {
-+ (S_ISLNK(inode->i_mode) || S_ISREG(inode->i_mode)) &&
-+ inode->i_ino != EXT3_JOURNAL_INO) {
- tid_t commit_tid = atomic_read(&ei->i_datasync_tid);
- journal_t *journal = EXT3_SB(inode->i_sb)->s_journal;
-
diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
-index 92e68b3..115d987 100644
+index 3742e4c..69a797f 100644
--- a/fs/ext4/balloc.c
+++ b/fs/ext4/balloc.c
-@@ -505,8 +505,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
+@@ -528,8 +528,8 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi,
/* Hm, nope. Are (enough) root reserved clusters available? */
if (uid_eq(sbi->s_resuid, current_fsuid()) ||
(!gid_eq(sbi->s_resgid, GLOBAL_ROOT_GID) && in_group_p(sbi->s_resgid)) ||
- capable(CAP_SYS_RESOURCE) ||
-- (flags & EXT4_MB_USE_ROOT_BLOCKS)) {
-+ (flags & EXT4_MB_USE_ROOT_BLOCKS) ||
+- (flags & EXT4_MB_USE_ROOT_BLOCKS)) {
++ (flags & EXT4_MB_USE_ROOT_BLOCKS) ||
+ capable_nolog(CAP_SYS_RESOURCE)) {
- if (free_clusters >= (nclusters + dirty_clusters))
- return 1;
+ if (free_clusters >= (nclusters + dirty_clusters +
+ resv_clusters))
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
-index 3b83cd6..0f34dcd 100644
+index 5aae3d1..b5da7f8 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
-@@ -1254,19 +1254,19 @@ struct ext4_sb_info {
+@@ -1252,19 +1252,19 @@ struct ext4_sb_info {
unsigned long s_mb_last_start;
/* stats for buddy allocator */
@@ -52353,10 +53695,10 @@ index 3b83cd6..0f34dcd 100644
/* locality groups */
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
-index 8b6e837..36fd6c1 100644
+index 59c6750..a549154 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
-@@ -1754,7 +1754,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
+@@ -1865,7 +1865,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac,
BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len);
if (EXT4_SB(sb)->s_mb_stats)
@@ -52365,7 +53707,7 @@ index 8b6e837..36fd6c1 100644
break;
}
-@@ -2059,7 +2059,7 @@ repeat:
+@@ -2170,7 +2170,7 @@ repeat:
ac->ac_status = AC_STATUS_CONTINUE;
ac->ac_flags |= EXT4_MB_HINT_FIRST;
cr = 3;
@@ -52374,7 +53716,7 @@ index 8b6e837..36fd6c1 100644
goto repeat;
}
}
-@@ -2567,25 +2567,25 @@ int ext4_mb_release(struct super_block *sb)
+@@ -2678,25 +2678,25 @@ int ext4_mb_release(struct super_block *sb)
if (sbi->s_mb_stats) {
ext4_msg(sb, KERN_INFO,
"mballoc: %u blocks %u reqs (%u success)",
@@ -52410,7 +53752,7 @@ index 8b6e837..36fd6c1 100644
}
free_percpu(sbi->s_locality_groups);
-@@ -3039,16 +3039,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
+@@ -3150,16 +3150,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac)
struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb);
if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) {
@@ -52433,7 +53775,7 @@ index 8b6e837..36fd6c1 100644
}
if (ac->ac_op == EXT4_MB_HISTORY_ALLOC)
-@@ -3448,7 +3448,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
+@@ -3559,7 +3559,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac)
trace_ext4_mb_new_inode_pa(ac, pa);
ext4_mb_use_inode_pa(ac, pa);
@@ -52442,7 +53784,7 @@ index 8b6e837..36fd6c1 100644
ei = EXT4_I(ac->ac_inode);
grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
-@@ -3508,7 +3508,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
+@@ -3619,7 +3619,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac)
trace_ext4_mb_new_group_pa(ac, pa);
ext4_mb_use_group_pa(ac, pa);
@@ -52451,7 +53793,7 @@ index 8b6e837..36fd6c1 100644
grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group);
lg = ac->ac_lg;
-@@ -3597,7 +3597,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
+@@ -3708,7 +3708,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh,
* from the bitmap and continue.
*/
}
@@ -52460,7 +53802,7 @@ index 8b6e837..36fd6c1 100644
return err;
}
-@@ -3615,7 +3615,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
+@@ -3726,7 +3726,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b,
ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit);
BUG_ON(group != e4b->bd_group && pa->pa_len != 0);
mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len);
@@ -52470,7 +53812,7 @@ index 8b6e837..36fd6c1 100644
return 0;
diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c
-index b3b1f7d..cff51d5 100644
+index 214461e..3614c89 100644
--- a/fs/ext4/mmp.c
+++ b/fs/ext4/mmp.c
@@ -113,7 +113,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh,
@@ -52483,7 +53825,7 @@ index b3b1f7d..cff51d5 100644
"MMP failure info: last update time: %llu, last update "
"node: %s, last update device: %s\n",
diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
-index 1cb76e8..0fe3928 100644
+index 49d3c01..9579efd 100644
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -79,12 +79,20 @@ static int verify_group_input(struct super_block *sb,
@@ -52522,10 +53864,10 @@ index 1cb76e8..0fe3928 100644
else if (input->reserved_blocks > input->blocks_count / 5)
ext4_warning(sb, "Reserved blocks too high (%u)",
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index febbe0e..d0cdc02 100644
+index 3f7c39e..227f24f 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
-@@ -1238,7 +1238,7 @@ static ext4_fsblk_t get_sb_block(void **data)
+@@ -1236,7 +1236,7 @@ static ext4_fsblk_t get_sb_block(void **data)
}
#define DEFAULT_JOURNAL_IOPRIO (IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 3))
@@ -52534,15 +53876,15 @@ index febbe0e..d0cdc02 100644
"Contact linux-ext4@vger.kernel.org if you think we should keep it.\n";
#ifdef CONFIG_QUOTA
-@@ -2380,7 +2380,7 @@ struct ext4_attr {
+@@ -2372,7 +2372,7 @@ struct ext4_attr {
ssize_t (*store)(struct ext4_attr *, struct ext4_sb_info *,
const char *, size_t);
int offset;
-};
+} __do_const;
- static int parse_strtoul(const char *buf,
- unsigned long max, unsigned long *value)
+ static int parse_strtoull(const char *buf,
+ unsigned long long max, unsigned long long *value)
diff --git a/fs/fcntl.c b/fs/fcntl.c
index 6599222..e7bf0de 100644
--- a/fs/fcntl.c
@@ -52573,82 +53915,8 @@ index 999ff5c..41f4109 100644
copy_to_user(ufh, handle,
sizeof(struct file_handle) + handle_bytes))
retval = -EFAULT;
-diff --git a/fs/fifo.c b/fs/fifo.c
-index cf6f434..3d7942c 100644
---- a/fs/fifo.c
-+++ b/fs/fifo.c
-@@ -59,10 +59,10 @@ static int fifo_open(struct inode *inode, struct file *filp)
- */
- filp->f_op = &read_pipefifo_fops;
- pipe->r_counter++;
-- if (pipe->readers++ == 0)
-+ if (atomic_inc_return(&pipe->readers) == 1)
- wake_up_partner(inode);
-
-- if (!pipe->writers) {
-+ if (!atomic_read(&pipe->writers)) {
- if ((filp->f_flags & O_NONBLOCK)) {
- /* suppress POLLHUP until we have
- * seen a writer */
-@@ -81,15 +81,15 @@ static int fifo_open(struct inode *inode, struct file *filp)
- * errno=ENXIO when there is no process reading the FIFO.
- */
- ret = -ENXIO;
-- if ((filp->f_flags & O_NONBLOCK) && !pipe->readers)
-+ if ((filp->f_flags & O_NONBLOCK) && !atomic_read(&pipe->readers))
- goto err;
-
- filp->f_op = &write_pipefifo_fops;
- pipe->w_counter++;
-- if (!pipe->writers++)
-+ if (atomic_inc_return(&pipe->writers) == 1)
- wake_up_partner(inode);
-
-- if (!pipe->readers) {
-+ if (!atomic_read(&pipe->readers)) {
- if (wait_for_partner(inode, &pipe->r_counter))
- goto err_wr;
- }
-@@ -104,11 +104,11 @@ static int fifo_open(struct inode *inode, struct file *filp)
- */
- filp->f_op = &rdwr_pipefifo_fops;
-
-- pipe->readers++;
-- pipe->writers++;
-+ atomic_inc(&pipe->readers);
-+ atomic_inc(&pipe->writers);
- pipe->r_counter++;
- pipe->w_counter++;
-- if (pipe->readers == 1 || pipe->writers == 1)
-+ if (atomic_read(&pipe->readers) == 1 || atomic_read(&pipe->writers) == 1)
- wake_up_partner(inode);
- break;
-
-@@ -122,19 +122,19 @@ static int fifo_open(struct inode *inode, struct file *filp)
- return 0;
-
- err_rd:
-- if (!--pipe->readers)
-+ if (atomic_dec_and_test(&pipe->readers))
- wake_up_interruptible(&pipe->wait);
- ret = -ERESTARTSYS;
- goto err;
-
- err_wr:
-- if (!--pipe->writers)
-+ if (atomic_dec_and_test(&pipe->writers))
- wake_up_interruptible(&pipe->wait);
- ret = -ERESTARTSYS;
- goto err;
-
- err:
-- if (!pipe->readers && !pipe->writers)
-+ if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers))
- free_pipe_info(inode);
-
- err_nocleanup:
diff --git a/fs/file.c b/fs/file.c
-index 3906d95..5fe379b 100644
+index 4a78f98..9447397 100644
--- a/fs/file.c
+++ b/fs/file.c
@@ -16,6 +16,7 @@
@@ -52659,7 +53927,7 @@ index 3906d95..5fe379b 100644
#include <linux/fdtable.h>
#include <linux/bitops.h>
#include <linux/interrupt.h>
-@@ -892,6 +893,7 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags)
+@@ -828,6 +829,7 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags)
if (!file)
return __close_fd(files, fd);
@@ -52667,7 +53935,7 @@ index 3906d95..5fe379b 100644
if (fd >= rlimit(RLIMIT_NOFILE))
return -EBADF;
-@@ -918,6 +920,7 @@ SYSCALL_DEFINE3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags)
+@@ -854,6 +856,7 @@ SYSCALL_DEFINE3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags)
if (unlikely(oldfd == newfd))
return -EINVAL;
@@ -52675,7 +53943,7 @@ index 3906d95..5fe379b 100644
if (newfd >= rlimit(RLIMIT_NOFILE))
return -EBADF;
-@@ -973,6 +976,7 @@ SYSCALL_DEFINE1(dup, unsigned int, fildes)
+@@ -909,6 +912,7 @@ SYSCALL_DEFINE1(dup, unsigned int, fildes)
int f_dupfd(unsigned int from, struct file *file, unsigned flags)
{
int err;
@@ -52927,7 +54195,9 @@ index ee38fef..0a326d4 100644
#ifdef CONFIG_FSCACHE_STATS
-extern atomic_t fscache_n_ops_processed[FSCACHE_MAX_THREADS];
-extern atomic_t fscache_n_objs_processed[FSCACHE_MAX_THREADS];
--
++extern atomic_unchecked_t fscache_n_ops_processed[FSCACHE_MAX_THREADS];
++extern atomic_unchecked_t fscache_n_objs_processed[FSCACHE_MAX_THREADS];
+
-extern atomic_t fscache_n_op_pend;
-extern atomic_t fscache_n_op_run;
-extern atomic_t fscache_n_op_enqueue;
@@ -52936,13 +54206,26 @@ index ee38fef..0a326d4 100644
-extern atomic_t fscache_n_op_gc;
-extern atomic_t fscache_n_op_cancelled;
-extern atomic_t fscache_n_op_rejected;
--
++extern atomic_unchecked_t fscache_n_op_pend;
++extern atomic_unchecked_t fscache_n_op_run;
++extern atomic_unchecked_t fscache_n_op_enqueue;
++extern atomic_unchecked_t fscache_n_op_deferred_release;
++extern atomic_unchecked_t fscache_n_op_release;
++extern atomic_unchecked_t fscache_n_op_gc;
++extern atomic_unchecked_t fscache_n_op_cancelled;
++extern atomic_unchecked_t fscache_n_op_rejected;
+
-extern atomic_t fscache_n_attr_changed;
-extern atomic_t fscache_n_attr_changed_ok;
-extern atomic_t fscache_n_attr_changed_nobufs;
-extern atomic_t fscache_n_attr_changed_nomem;
-extern atomic_t fscache_n_attr_changed_calls;
--
++extern atomic_unchecked_t fscache_n_attr_changed;
++extern atomic_unchecked_t fscache_n_attr_changed_ok;
++extern atomic_unchecked_t fscache_n_attr_changed_nobufs;
++extern atomic_unchecked_t fscache_n_attr_changed_nomem;
++extern atomic_unchecked_t fscache_n_attr_changed_calls;
+
-extern atomic_t fscache_n_allocs;
-extern atomic_t fscache_n_allocs_ok;
-extern atomic_t fscache_n_allocs_wait;
@@ -52951,7 +54234,15 @@ index ee38fef..0a326d4 100644
-extern atomic_t fscache_n_allocs_object_dead;
-extern atomic_t fscache_n_alloc_ops;
-extern atomic_t fscache_n_alloc_op_waits;
--
++extern atomic_unchecked_t fscache_n_allocs;
++extern atomic_unchecked_t fscache_n_allocs_ok;
++extern atomic_unchecked_t fscache_n_allocs_wait;
++extern atomic_unchecked_t fscache_n_allocs_nobufs;
++extern atomic_unchecked_t fscache_n_allocs_intr;
++extern atomic_unchecked_t fscache_n_allocs_object_dead;
++extern atomic_unchecked_t fscache_n_alloc_ops;
++extern atomic_unchecked_t fscache_n_alloc_op_waits;
+
-extern atomic_t fscache_n_retrievals;
-extern atomic_t fscache_n_retrievals_ok;
-extern atomic_t fscache_n_retrievals_wait;
@@ -52962,91 +54253,6 @@ index ee38fef..0a326d4 100644
-extern atomic_t fscache_n_retrievals_object_dead;
-extern atomic_t fscache_n_retrieval_ops;
-extern atomic_t fscache_n_retrieval_op_waits;
--
--extern atomic_t fscache_n_stores;
--extern atomic_t fscache_n_stores_ok;
--extern atomic_t fscache_n_stores_again;
--extern atomic_t fscache_n_stores_nobufs;
--extern atomic_t fscache_n_stores_oom;
--extern atomic_t fscache_n_store_ops;
--extern atomic_t fscache_n_store_calls;
--extern atomic_t fscache_n_store_pages;
--extern atomic_t fscache_n_store_radix_deletes;
--extern atomic_t fscache_n_store_pages_over_limit;
--
--extern atomic_t fscache_n_store_vmscan_not_storing;
--extern atomic_t fscache_n_store_vmscan_gone;
--extern atomic_t fscache_n_store_vmscan_busy;
--extern atomic_t fscache_n_store_vmscan_cancelled;
--extern atomic_t fscache_n_store_vmscan_wait;
--
--extern atomic_t fscache_n_marks;
--extern atomic_t fscache_n_uncaches;
--
--extern atomic_t fscache_n_acquires;
--extern atomic_t fscache_n_acquires_null;
--extern atomic_t fscache_n_acquires_no_cache;
--extern atomic_t fscache_n_acquires_ok;
--extern atomic_t fscache_n_acquires_nobufs;
--extern atomic_t fscache_n_acquires_oom;
--
--extern atomic_t fscache_n_invalidates;
--extern atomic_t fscache_n_invalidates_run;
--
--extern atomic_t fscache_n_updates;
--extern atomic_t fscache_n_updates_null;
--extern atomic_t fscache_n_updates_run;
--
--extern atomic_t fscache_n_relinquishes;
--extern atomic_t fscache_n_relinquishes_null;
--extern atomic_t fscache_n_relinquishes_waitcrt;
--extern atomic_t fscache_n_relinquishes_retire;
--
--extern atomic_t fscache_n_cookie_index;
--extern atomic_t fscache_n_cookie_data;
--extern atomic_t fscache_n_cookie_special;
--
--extern atomic_t fscache_n_object_alloc;
--extern atomic_t fscache_n_object_no_alloc;
--extern atomic_t fscache_n_object_lookups;
--extern atomic_t fscache_n_object_lookups_negative;
--extern atomic_t fscache_n_object_lookups_positive;
--extern atomic_t fscache_n_object_lookups_timed_out;
--extern atomic_t fscache_n_object_created;
--extern atomic_t fscache_n_object_avail;
--extern atomic_t fscache_n_object_dead;
--
--extern atomic_t fscache_n_checkaux_none;
--extern atomic_t fscache_n_checkaux_okay;
--extern atomic_t fscache_n_checkaux_update;
--extern atomic_t fscache_n_checkaux_obsolete;
-+extern atomic_unchecked_t fscache_n_ops_processed[FSCACHE_MAX_THREADS];
-+extern atomic_unchecked_t fscache_n_objs_processed[FSCACHE_MAX_THREADS];
-+
-+extern atomic_unchecked_t fscache_n_op_pend;
-+extern atomic_unchecked_t fscache_n_op_run;
-+extern atomic_unchecked_t fscache_n_op_enqueue;
-+extern atomic_unchecked_t fscache_n_op_deferred_release;
-+extern atomic_unchecked_t fscache_n_op_release;
-+extern atomic_unchecked_t fscache_n_op_gc;
-+extern atomic_unchecked_t fscache_n_op_cancelled;
-+extern atomic_unchecked_t fscache_n_op_rejected;
-+
-+extern atomic_unchecked_t fscache_n_attr_changed;
-+extern atomic_unchecked_t fscache_n_attr_changed_ok;
-+extern atomic_unchecked_t fscache_n_attr_changed_nobufs;
-+extern atomic_unchecked_t fscache_n_attr_changed_nomem;
-+extern atomic_unchecked_t fscache_n_attr_changed_calls;
-+
-+extern atomic_unchecked_t fscache_n_allocs;
-+extern atomic_unchecked_t fscache_n_allocs_ok;
-+extern atomic_unchecked_t fscache_n_allocs_wait;
-+extern atomic_unchecked_t fscache_n_allocs_nobufs;
-+extern atomic_unchecked_t fscache_n_allocs_intr;
-+extern atomic_unchecked_t fscache_n_allocs_object_dead;
-+extern atomic_unchecked_t fscache_n_alloc_ops;
-+extern atomic_unchecked_t fscache_n_alloc_op_waits;
-+
+extern atomic_unchecked_t fscache_n_retrievals;
+extern atomic_unchecked_t fscache_n_retrievals_ok;
+extern atomic_unchecked_t fscache_n_retrievals_wait;
@@ -53057,7 +54263,17 @@ index ee38fef..0a326d4 100644
+extern atomic_unchecked_t fscache_n_retrievals_object_dead;
+extern atomic_unchecked_t fscache_n_retrieval_ops;
+extern atomic_unchecked_t fscache_n_retrieval_op_waits;
-+
+
+-extern atomic_t fscache_n_stores;
+-extern atomic_t fscache_n_stores_ok;
+-extern atomic_t fscache_n_stores_again;
+-extern atomic_t fscache_n_stores_nobufs;
+-extern atomic_t fscache_n_stores_oom;
+-extern atomic_t fscache_n_store_ops;
+-extern atomic_t fscache_n_store_calls;
+-extern atomic_t fscache_n_store_pages;
+-extern atomic_t fscache_n_store_radix_deletes;
+-extern atomic_t fscache_n_store_pages_over_limit;
+extern atomic_unchecked_t fscache_n_stores;
+extern atomic_unchecked_t fscache_n_stores_ok;
+extern atomic_unchecked_t fscache_n_stores_again;
@@ -53068,39 +54284,73 @@ index ee38fef..0a326d4 100644
+extern atomic_unchecked_t fscache_n_store_pages;
+extern atomic_unchecked_t fscache_n_store_radix_deletes;
+extern atomic_unchecked_t fscache_n_store_pages_over_limit;
-+
+
+-extern atomic_t fscache_n_store_vmscan_not_storing;
+-extern atomic_t fscache_n_store_vmscan_gone;
+-extern atomic_t fscache_n_store_vmscan_busy;
+-extern atomic_t fscache_n_store_vmscan_cancelled;
+-extern atomic_t fscache_n_store_vmscan_wait;
+extern atomic_unchecked_t fscache_n_store_vmscan_not_storing;
+extern atomic_unchecked_t fscache_n_store_vmscan_gone;
+extern atomic_unchecked_t fscache_n_store_vmscan_busy;
+extern atomic_unchecked_t fscache_n_store_vmscan_cancelled;
+extern atomic_unchecked_t fscache_n_store_vmscan_wait;
-+
+
+-extern atomic_t fscache_n_marks;
+-extern atomic_t fscache_n_uncaches;
+extern atomic_unchecked_t fscache_n_marks;
+extern atomic_unchecked_t fscache_n_uncaches;
-+
+
+-extern atomic_t fscache_n_acquires;
+-extern atomic_t fscache_n_acquires_null;
+-extern atomic_t fscache_n_acquires_no_cache;
+-extern atomic_t fscache_n_acquires_ok;
+-extern atomic_t fscache_n_acquires_nobufs;
+-extern atomic_t fscache_n_acquires_oom;
+extern atomic_unchecked_t fscache_n_acquires;
+extern atomic_unchecked_t fscache_n_acquires_null;
+extern atomic_unchecked_t fscache_n_acquires_no_cache;
+extern atomic_unchecked_t fscache_n_acquires_ok;
+extern atomic_unchecked_t fscache_n_acquires_nobufs;
+extern atomic_unchecked_t fscache_n_acquires_oom;
-+
+
+-extern atomic_t fscache_n_invalidates;
+-extern atomic_t fscache_n_invalidates_run;
+extern atomic_unchecked_t fscache_n_invalidates;
+extern atomic_unchecked_t fscache_n_invalidates_run;
-+
+
+-extern atomic_t fscache_n_updates;
+-extern atomic_t fscache_n_updates_null;
+-extern atomic_t fscache_n_updates_run;
+extern atomic_unchecked_t fscache_n_updates;
+extern atomic_unchecked_t fscache_n_updates_null;
+extern atomic_unchecked_t fscache_n_updates_run;
-+
+
+-extern atomic_t fscache_n_relinquishes;
+-extern atomic_t fscache_n_relinquishes_null;
+-extern atomic_t fscache_n_relinquishes_waitcrt;
+-extern atomic_t fscache_n_relinquishes_retire;
+extern atomic_unchecked_t fscache_n_relinquishes;
+extern atomic_unchecked_t fscache_n_relinquishes_null;
+extern atomic_unchecked_t fscache_n_relinquishes_waitcrt;
+extern atomic_unchecked_t fscache_n_relinquishes_retire;
-+
+
+-extern atomic_t fscache_n_cookie_index;
+-extern atomic_t fscache_n_cookie_data;
+-extern atomic_t fscache_n_cookie_special;
+extern atomic_unchecked_t fscache_n_cookie_index;
+extern atomic_unchecked_t fscache_n_cookie_data;
+extern atomic_unchecked_t fscache_n_cookie_special;
-+
+
+-extern atomic_t fscache_n_object_alloc;
+-extern atomic_t fscache_n_object_no_alloc;
+-extern atomic_t fscache_n_object_lookups;
+-extern atomic_t fscache_n_object_lookups_negative;
+-extern atomic_t fscache_n_object_lookups_positive;
+-extern atomic_t fscache_n_object_lookups_timed_out;
+-extern atomic_t fscache_n_object_created;
+-extern atomic_t fscache_n_object_avail;
+-extern atomic_t fscache_n_object_dead;
+extern atomic_unchecked_t fscache_n_object_alloc;
+extern atomic_unchecked_t fscache_n_object_no_alloc;
+extern atomic_unchecked_t fscache_n_object_lookups;
@@ -53110,7 +54360,11 @@ index ee38fef..0a326d4 100644
+extern atomic_unchecked_t fscache_n_object_created;
+extern atomic_unchecked_t fscache_n_object_avail;
+extern atomic_unchecked_t fscache_n_object_dead;
-+
+
+-extern atomic_t fscache_n_checkaux_none;
+-extern atomic_t fscache_n_checkaux_okay;
+-extern atomic_t fscache_n_checkaux_update;
+-extern atomic_t fscache_n_checkaux_obsolete;
+extern atomic_unchecked_t fscache_n_checkaux_none;
+extern atomic_unchecked_t fscache_n_checkaux_okay;
+extern atomic_unchecked_t fscache_n_checkaux_update;
@@ -53807,13 +55061,27 @@ index 40d13c7..ddf52b9 100644
-atomic_t fscache_n_op_gc;
-atomic_t fscache_n_op_cancelled;
-atomic_t fscache_n_op_rejected;
--
++atomic_unchecked_t fscache_n_op_pend;
++atomic_unchecked_t fscache_n_op_run;
++atomic_unchecked_t fscache_n_op_enqueue;
++atomic_unchecked_t fscache_n_op_requeue;
++atomic_unchecked_t fscache_n_op_deferred_release;
++atomic_unchecked_t fscache_n_op_release;
++atomic_unchecked_t fscache_n_op_gc;
++atomic_unchecked_t fscache_n_op_cancelled;
++atomic_unchecked_t fscache_n_op_rejected;
+
-atomic_t fscache_n_attr_changed;
-atomic_t fscache_n_attr_changed_ok;
-atomic_t fscache_n_attr_changed_nobufs;
-atomic_t fscache_n_attr_changed_nomem;
-atomic_t fscache_n_attr_changed_calls;
--
++atomic_unchecked_t fscache_n_attr_changed;
++atomic_unchecked_t fscache_n_attr_changed_ok;
++atomic_unchecked_t fscache_n_attr_changed_nobufs;
++atomic_unchecked_t fscache_n_attr_changed_nomem;
++atomic_unchecked_t fscache_n_attr_changed_calls;
+
-atomic_t fscache_n_allocs;
-atomic_t fscache_n_allocs_ok;
-atomic_t fscache_n_allocs_wait;
@@ -53822,7 +55090,15 @@ index 40d13c7..ddf52b9 100644
-atomic_t fscache_n_allocs_object_dead;
-atomic_t fscache_n_alloc_ops;
-atomic_t fscache_n_alloc_op_waits;
--
++atomic_unchecked_t fscache_n_allocs;
++atomic_unchecked_t fscache_n_allocs_ok;
++atomic_unchecked_t fscache_n_allocs_wait;
++atomic_unchecked_t fscache_n_allocs_nobufs;
++atomic_unchecked_t fscache_n_allocs_intr;
++atomic_unchecked_t fscache_n_allocs_object_dead;
++atomic_unchecked_t fscache_n_alloc_ops;
++atomic_unchecked_t fscache_n_alloc_op_waits;
+
-atomic_t fscache_n_retrievals;
-atomic_t fscache_n_retrievals_ok;
-atomic_t fscache_n_retrievals_wait;
@@ -53833,89 +55109,6 @@ index 40d13c7..ddf52b9 100644
-atomic_t fscache_n_retrievals_object_dead;
-atomic_t fscache_n_retrieval_ops;
-atomic_t fscache_n_retrieval_op_waits;
--
--atomic_t fscache_n_stores;
--atomic_t fscache_n_stores_ok;
--atomic_t fscache_n_stores_again;
--atomic_t fscache_n_stores_nobufs;
--atomic_t fscache_n_stores_oom;
--atomic_t fscache_n_store_ops;
--atomic_t fscache_n_store_calls;
--atomic_t fscache_n_store_pages;
--atomic_t fscache_n_store_radix_deletes;
--atomic_t fscache_n_store_pages_over_limit;
--
--atomic_t fscache_n_store_vmscan_not_storing;
--atomic_t fscache_n_store_vmscan_gone;
--atomic_t fscache_n_store_vmscan_busy;
--atomic_t fscache_n_store_vmscan_cancelled;
--atomic_t fscache_n_store_vmscan_wait;
--
--atomic_t fscache_n_marks;
--atomic_t fscache_n_uncaches;
--
--atomic_t fscache_n_acquires;
--atomic_t fscache_n_acquires_null;
--atomic_t fscache_n_acquires_no_cache;
--atomic_t fscache_n_acquires_ok;
--atomic_t fscache_n_acquires_nobufs;
--atomic_t fscache_n_acquires_oom;
--
--atomic_t fscache_n_invalidates;
--atomic_t fscache_n_invalidates_run;
--
--atomic_t fscache_n_updates;
--atomic_t fscache_n_updates_null;
--atomic_t fscache_n_updates_run;
--
--atomic_t fscache_n_relinquishes;
--atomic_t fscache_n_relinquishes_null;
--atomic_t fscache_n_relinquishes_waitcrt;
--atomic_t fscache_n_relinquishes_retire;
--
--atomic_t fscache_n_cookie_index;
--atomic_t fscache_n_cookie_data;
--atomic_t fscache_n_cookie_special;
--
--atomic_t fscache_n_object_alloc;
--atomic_t fscache_n_object_no_alloc;
--atomic_t fscache_n_object_lookups;
--atomic_t fscache_n_object_lookups_negative;
--atomic_t fscache_n_object_lookups_positive;
--atomic_t fscache_n_object_lookups_timed_out;
--atomic_t fscache_n_object_created;
--atomic_t fscache_n_object_avail;
--atomic_t fscache_n_object_dead;
--
--atomic_t fscache_n_checkaux_none;
--atomic_t fscache_n_checkaux_okay;
--atomic_t fscache_n_checkaux_update;
--atomic_t fscache_n_checkaux_obsolete;
-+atomic_unchecked_t fscache_n_op_pend;
-+atomic_unchecked_t fscache_n_op_run;
-+atomic_unchecked_t fscache_n_op_enqueue;
-+atomic_unchecked_t fscache_n_op_requeue;
-+atomic_unchecked_t fscache_n_op_deferred_release;
-+atomic_unchecked_t fscache_n_op_release;
-+atomic_unchecked_t fscache_n_op_gc;
-+atomic_unchecked_t fscache_n_op_cancelled;
-+atomic_unchecked_t fscache_n_op_rejected;
-+
-+atomic_unchecked_t fscache_n_attr_changed;
-+atomic_unchecked_t fscache_n_attr_changed_ok;
-+atomic_unchecked_t fscache_n_attr_changed_nobufs;
-+atomic_unchecked_t fscache_n_attr_changed_nomem;
-+atomic_unchecked_t fscache_n_attr_changed_calls;
-+
-+atomic_unchecked_t fscache_n_allocs;
-+atomic_unchecked_t fscache_n_allocs_ok;
-+atomic_unchecked_t fscache_n_allocs_wait;
-+atomic_unchecked_t fscache_n_allocs_nobufs;
-+atomic_unchecked_t fscache_n_allocs_intr;
-+atomic_unchecked_t fscache_n_allocs_object_dead;
-+atomic_unchecked_t fscache_n_alloc_ops;
-+atomic_unchecked_t fscache_n_alloc_op_waits;
-+
+atomic_unchecked_t fscache_n_retrievals;
+atomic_unchecked_t fscache_n_retrievals_ok;
+atomic_unchecked_t fscache_n_retrievals_wait;
@@ -53926,7 +55119,17 @@ index 40d13c7..ddf52b9 100644
+atomic_unchecked_t fscache_n_retrievals_object_dead;
+atomic_unchecked_t fscache_n_retrieval_ops;
+atomic_unchecked_t fscache_n_retrieval_op_waits;
-+
+
+-atomic_t fscache_n_stores;
+-atomic_t fscache_n_stores_ok;
+-atomic_t fscache_n_stores_again;
+-atomic_t fscache_n_stores_nobufs;
+-atomic_t fscache_n_stores_oom;
+-atomic_t fscache_n_store_ops;
+-atomic_t fscache_n_store_calls;
+-atomic_t fscache_n_store_pages;
+-atomic_t fscache_n_store_radix_deletes;
+-atomic_t fscache_n_store_pages_over_limit;
+atomic_unchecked_t fscache_n_stores;
+atomic_unchecked_t fscache_n_stores_ok;
+atomic_unchecked_t fscache_n_stores_again;
@@ -53937,39 +55140,73 @@ index 40d13c7..ddf52b9 100644
+atomic_unchecked_t fscache_n_store_pages;
+atomic_unchecked_t fscache_n_store_radix_deletes;
+atomic_unchecked_t fscache_n_store_pages_over_limit;
-+
+
+-atomic_t fscache_n_store_vmscan_not_storing;
+-atomic_t fscache_n_store_vmscan_gone;
+-atomic_t fscache_n_store_vmscan_busy;
+-atomic_t fscache_n_store_vmscan_cancelled;
+-atomic_t fscache_n_store_vmscan_wait;
+atomic_unchecked_t fscache_n_store_vmscan_not_storing;
+atomic_unchecked_t fscache_n_store_vmscan_gone;
+atomic_unchecked_t fscache_n_store_vmscan_busy;
+atomic_unchecked_t fscache_n_store_vmscan_cancelled;
+atomic_unchecked_t fscache_n_store_vmscan_wait;
-+
+
+-atomic_t fscache_n_marks;
+-atomic_t fscache_n_uncaches;
+atomic_unchecked_t fscache_n_marks;
+atomic_unchecked_t fscache_n_uncaches;
-+
+
+-atomic_t fscache_n_acquires;
+-atomic_t fscache_n_acquires_null;
+-atomic_t fscache_n_acquires_no_cache;
+-atomic_t fscache_n_acquires_ok;
+-atomic_t fscache_n_acquires_nobufs;
+-atomic_t fscache_n_acquires_oom;
+atomic_unchecked_t fscache_n_acquires;
+atomic_unchecked_t fscache_n_acquires_null;
+atomic_unchecked_t fscache_n_acquires_no_cache;
+atomic_unchecked_t fscache_n_acquires_ok;
+atomic_unchecked_t fscache_n_acquires_nobufs;
+atomic_unchecked_t fscache_n_acquires_oom;
-+
+
+-atomic_t fscache_n_invalidates;
+-atomic_t fscache_n_invalidates_run;
+atomic_unchecked_t fscache_n_invalidates;
+atomic_unchecked_t fscache_n_invalidates_run;
-+
+
+-atomic_t fscache_n_updates;
+-atomic_t fscache_n_updates_null;
+-atomic_t fscache_n_updates_run;
+atomic_unchecked_t fscache_n_updates;
+atomic_unchecked_t fscache_n_updates_null;
+atomic_unchecked_t fscache_n_updates_run;
-+
+
+-atomic_t fscache_n_relinquishes;
+-atomic_t fscache_n_relinquishes_null;
+-atomic_t fscache_n_relinquishes_waitcrt;
+-atomic_t fscache_n_relinquishes_retire;
+atomic_unchecked_t fscache_n_relinquishes;
+atomic_unchecked_t fscache_n_relinquishes_null;
+atomic_unchecked_t fscache_n_relinquishes_waitcrt;
+atomic_unchecked_t fscache_n_relinquishes_retire;
-+
+
+-atomic_t fscache_n_cookie_index;
+-atomic_t fscache_n_cookie_data;
+-atomic_t fscache_n_cookie_special;
+atomic_unchecked_t fscache_n_cookie_index;
+atomic_unchecked_t fscache_n_cookie_data;
+atomic_unchecked_t fscache_n_cookie_special;
-+
+
+-atomic_t fscache_n_object_alloc;
+-atomic_t fscache_n_object_no_alloc;
+-atomic_t fscache_n_object_lookups;
+-atomic_t fscache_n_object_lookups_negative;
+-atomic_t fscache_n_object_lookups_positive;
+-atomic_t fscache_n_object_lookups_timed_out;
+-atomic_t fscache_n_object_created;
+-atomic_t fscache_n_object_avail;
+-atomic_t fscache_n_object_dead;
+atomic_unchecked_t fscache_n_object_alloc;
+atomic_unchecked_t fscache_n_object_no_alloc;
+atomic_unchecked_t fscache_n_object_lookups;
@@ -53979,7 +55216,11 @@ index 40d13c7..ddf52b9 100644
+atomic_unchecked_t fscache_n_object_created;
+atomic_unchecked_t fscache_n_object_avail;
+atomic_unchecked_t fscache_n_object_dead;
-+
+
+-atomic_t fscache_n_checkaux_none;
+-atomic_t fscache_n_checkaux_okay;
+-atomic_t fscache_n_checkaux_update;
+-atomic_t fscache_n_checkaux_obsolete;
+atomic_unchecked_t fscache_n_checkaux_none;
+atomic_unchecked_t fscache_n_checkaux_okay;
+atomic_unchecked_t fscache_n_checkaux_update;
@@ -54186,10 +55427,10 @@ index 40d13c7..ddf52b9 100644
seq_printf(m, "CacheOp: alo=%d luo=%d luc=%d gro=%d\n",
atomic_read(&fscache_n_cop_alloc_object),
diff --git a/fs/fuse/cuse.c b/fs/fuse/cuse.c
-index 6f96a8d..6019bb9 100644
+index aef34b1..59bfd7b 100644
--- a/fs/fuse/cuse.c
+++ b/fs/fuse/cuse.c
-@@ -597,10 +597,12 @@ static int __init cuse_init(void)
+@@ -600,10 +600,12 @@ static int __init cuse_init(void)
INIT_LIST_HEAD(&cuse_conntbl[i]);
/* inherit and extend fuse_dev_operations */
@@ -54207,10 +55448,10 @@ index 6f96a8d..6019bb9 100644
cuse_class = class_create(THIS_MODULE, "cuse");
if (IS_ERR(cuse_class))
diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
-index 11dfa0c..6f64416 100644
+index 1d55f94..088da65 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
-@@ -1294,7 +1294,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
+@@ -1339,7 +1339,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
ret = 0;
pipe_lock(pipe);
@@ -54219,77 +55460,20 @@ index 11dfa0c..6f64416 100644
send_sig(SIGPIPE, current, 0);
if (!ret)
ret = -EPIPE;
+@@ -1364,7 +1364,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
+ page_nr++;
+ ret += buf->len;
+
+- if (pipe->files)
++ if (atomic_read(&pipe->files))
+ do_wakeup = 1;
+ }
+
diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
-index 185c479..2a4c1b2 100644
+index 5b12746..b481b03 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
-@@ -1225,13 +1225,29 @@ static int fuse_direntplus_link(struct file *file,
- if (name.name[1] == '.' && name.len == 2)
- return 0;
- }
-+
-+ if (invalid_nodeid(o->nodeid))
-+ return -EIO;
-+ if (!fuse_valid_type(o->attr.mode))
-+ return -EIO;
-+
- fc = get_fuse_conn(dir);
-
- name.hash = full_name_hash(name.name, name.len);
- dentry = d_lookup(parent, &name);
-- if (dentry && dentry->d_inode) {
-+ if (dentry) {
- inode = dentry->d_inode;
-- if (get_node_id(inode) == o->nodeid) {
-+ if (!inode) {
-+ d_drop(dentry);
-+ } else if (get_node_id(inode) != o->nodeid ||
-+ ((o->attr.mode ^ inode->i_mode) & S_IFMT)) {
-+ err = d_invalidate(dentry);
-+ if (err)
-+ goto out;
-+ } else if (is_bad_inode(inode)) {
-+ err = -EIO;
-+ goto out;
-+ } else {
- struct fuse_inode *fi;
- fi = get_fuse_inode(inode);
- spin_lock(&fc->lock);
-@@ -1244,9 +1260,6 @@ static int fuse_direntplus_link(struct file *file,
- */
- goto found;
- }
-- err = d_invalidate(dentry);
-- if (err)
-- goto out;
- dput(dentry);
- dentry = NULL;
- }
-@@ -1261,10 +1274,19 @@ static int fuse_direntplus_link(struct file *file,
- if (!inode)
- goto out;
-
-- alias = d_materialise_unique(dentry, inode);
-- err = PTR_ERR(alias);
-- if (IS_ERR(alias))
-- goto out;
-+ if (S_ISDIR(inode->i_mode)) {
-+ mutex_lock(&fc->inst_mutex);
-+ alias = fuse_d_add_directory(dentry, inode);
-+ mutex_unlock(&fc->inst_mutex);
-+ err = PTR_ERR(alias);
-+ if (IS_ERR(alias)) {
-+ iput(inode);
-+ goto out;
-+ }
-+ } else {
-+ alias = d_splice_alias(inode, dentry);
-+ }
-+
- if (alias) {
- dput(dentry);
- dentry = alias;
-@@ -1415,7 +1437,7 @@ static char *read_link(struct dentry *dentry)
+@@ -1437,7 +1437,7 @@ static char *read_link(struct dentry *dentry)
return link;
}
@@ -54299,10 +55483,10 @@ index 185c479..2a4c1b2 100644
if (!IS_ERR(link))
free_page((unsigned long) link);
diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c
-index cc00bd1..3edb692 100644
+index 62b484e..0f9a140 100644
--- a/fs/gfs2/inode.c
+++ b/fs/gfs2/inode.c
-@@ -1500,7 +1500,7 @@ out:
+@@ -1441,7 +1441,7 @@ out:
static void gfs2_put_link(struct dentry *dentry, struct nameidata *nd, void *p)
{
@@ -54362,7 +55546,7 @@ index a3f868a..bb308ae 100644
static int can_do_hugetlb_shm(void)
{
diff --git a/fs/inode.c b/fs/inode.c
-index a898b3d..9b5a214 100644
+index 00d5fc3..98ce7d7 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -878,8 +878,8 @@ unsigned int get_next_ino(void)
@@ -54405,10 +55589,10 @@ index a6597d6..41b30ec 100644
/*
diff --git a/fs/jfs/super.c b/fs/jfs/super.c
-index 2003e83..40db287 100644
+index 788e0a9..8433098 100644
--- a/fs/jfs/super.c
+++ b/fs/jfs/super.c
-@@ -856,7 +856,7 @@ static int __init init_jfs_fs(void)
+@@ -878,7 +878,7 @@ static int __init init_jfs_fs(void)
jfs_inode_cachep =
kmem_cache_create("jfs_ip", sizeof(struct jfs_inode_info), 0,
@@ -54446,7 +55630,7 @@ index 916da8c..1588998 100644
next->d_inode->i_ino,
dt_type(next->d_inode)) < 0)
diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c
-index 9760ecb..9b838ef 100644
+index acd3947..1f896e2 100644
--- a/fs/lockd/clntproc.c
+++ b/fs/lockd/clntproc.c
@@ -36,11 +36,11 @@ static const struct rpc_call_ops nlmclnt_cancel_ops;
@@ -54476,36 +55660,6 @@ index a2aa97d..10d6c41 100644
if (IS_ERR(nlmsvc_task)) {
error = PTR_ERR(nlmsvc_task);
printk(KERN_WARNING
-diff --git a/fs/lockd/svclock.c b/fs/lockd/svclock.c
-index e703318..8ebd3f5 100644
---- a/fs/lockd/svclock.c
-+++ b/fs/lockd/svclock.c
-@@ -939,6 +939,7 @@ nlmsvc_retry_blocked(void)
- unsigned long timeout = MAX_SCHEDULE_TIMEOUT;
- struct nlm_block *block;
-
-+ spin_lock(&nlm_blocked_lock);
- while (!list_empty(&nlm_blocked) && !kthread_should_stop()) {
- block = list_entry(nlm_blocked.next, struct nlm_block, b_list);
-
-@@ -948,6 +949,7 @@ nlmsvc_retry_blocked(void)
- timeout = block->b_when - jiffies;
- break;
- }
-+ spin_unlock(&nlm_blocked_lock);
-
- dprintk("nlmsvc_retry_blocked(%p, when=%ld)\n",
- block, block->b_when);
-@@ -957,7 +959,9 @@ nlmsvc_retry_blocked(void)
- retry_deferred_block(block);
- } else
- nlmsvc_grant_blocked(block);
-+ spin_lock(&nlm_blocked_lock);
- }
-+ spin_unlock(&nlm_blocked_lock);
-
- return timeout;
- }
diff --git a/fs/locks.c b/fs/locks.c
index cb424a4..850e4dd 100644
--- a/fs/locks.c
@@ -54532,7 +55686,7 @@ index cb424a4..850e4dd 100644
lock_flocks();
diff --git a/fs/namei.c b/fs/namei.c
-index 85e40d1..b66744e 100644
+index 9ed9361..2b72db1 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask)
@@ -54647,7 +55801,7 @@ index 85e40d1..b66744e 100644
+ }
+
if (!err && nd->flags & LOOKUP_DIRECTORY) {
- if (!nd->inode->i_op->lookup) {
+ if (!can_lookup(nd->inode)) {
path_put(&nd->path);
@@ -2002,8 +2027,15 @@ static int filename_lookup(int dfd, struct filename *name,
retval = path_lookupat(dfd, name->name,
@@ -55106,10 +56260,10 @@ index 85e40d1..b66744e 100644
out:
return len;
diff --git a/fs/namespace.c b/fs/namespace.c
-index e945b81..fc018e2 100644
+index 7b1ca9b..6faeccf 100644
--- a/fs/namespace.c
+++ b/fs/namespace.c
-@@ -1219,6 +1219,9 @@ static int do_umount(struct mount *mnt, int flags)
+@@ -1265,6 +1265,9 @@ static int do_umount(struct mount *mnt, int flags)
if (!(sb->s_flags & MS_RDONLY))
retval = do_remount_sb(sb, MS_RDONLY, NULL, 0);
up_write(&sb->s_umount);
@@ -55119,17 +56273,17 @@ index e945b81..fc018e2 100644
return retval;
}
-@@ -1238,6 +1241,9 @@ static int do_umount(struct mount *mnt, int flags)
+@@ -1283,6 +1286,9 @@ static int do_umount(struct mount *mnt, int flags)
+ }
br_write_unlock(&vfsmount_lock);
- up_write(&namespace_sem);
- release_mounts(&umount_list);
+ namespace_unlock();
+
+ gr_log_unmount(mnt->mnt_devname, retval);
+
return retval;
}
-@@ -1257,7 +1263,7 @@ static inline bool may_mount(void)
+@@ -1302,7 +1308,7 @@ static inline bool may_mount(void)
* unixes. Our API is identical to OSF/1 to avoid making a mess of AMD
*/
@@ -55138,7 +56292,7 @@ index e945b81..fc018e2 100644
{
struct path path;
struct mount *mnt;
-@@ -1297,7 +1303,7 @@ out:
+@@ -1342,7 +1348,7 @@ out:
/*
* The 2.0 compatible umount. No flags.
*/
@@ -55147,7 +56301,7 @@ index e945b81..fc018e2 100644
{
return sys_umount(name, 0);
}
-@@ -2267,6 +2273,16 @@ long do_mount(const char *dev_name, const char *dir_name,
+@@ -2313,6 +2319,16 @@ long do_mount(const char *dev_name, const char *dir_name,
MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
MS_STRICTATIME);
@@ -55164,7 +56318,7 @@ index e945b81..fc018e2 100644
if (flags & MS_REMOUNT)
retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags,
data_page);
-@@ -2281,6 +2297,9 @@ long do_mount(const char *dev_name, const char *dir_name,
+@@ -2327,6 +2343,9 @@ long do_mount(const char *dev_name, const char *dir_name,
dev_name, data_page);
dput_out:
path_put(&path);
@@ -55174,7 +56328,7 @@ index e945b81..fc018e2 100644
return retval;
}
-@@ -2454,8 +2473,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
+@@ -2500,8 +2519,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
}
EXPORT_SYMBOL(mount_subtree);
@@ -55185,7 +56339,7 @@ index e945b81..fc018e2 100644
{
int ret;
char *kernel_type;
-@@ -2567,6 +2586,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
+@@ -2614,6 +2633,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
if (error)
goto out2;
@@ -55195,9 +56349,9 @@ index e945b81..fc018e2 100644
+ }
+
get_fs_root(current->fs, &root);
- error = lock_mount(&old);
- if (error)
-@@ -2815,7 +2839,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns)
+ old_mp = lock_mount(&old);
+ error = PTR_ERR(old_mp);
+@@ -2864,7 +2888,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns)
!nsown_capable(CAP_SYS_ADMIN))
return -EPERM;
@@ -55207,10 +56361,10 @@ index e945b81..fc018e2 100644
get_mnt_ns(mnt_ns);
diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c
-index 5088b57..eabd719 100644
+index cff089a..4c3d57a 100644
--- a/fs/nfs/callback.c
+++ b/fs/nfs/callback.c
-@@ -208,7 +208,6 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt,
+@@ -211,7 +211,6 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt,
struct svc_rqst *rqstp;
int (*callback_svc)(void *vrqstp);
struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion];
@@ -55218,7 +56372,7 @@ index 5088b57..eabd719 100644
int ret;
nfs_callback_bc_serv(minorversion, xprt, serv);
-@@ -232,10 +231,9 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt,
+@@ -235,10 +234,9 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt,
svc_sock_update_bufs(serv);
@@ -55231,7 +56385,7 @@ index 5088b57..eabd719 100644
ret = PTR_ERR(cb_info->task);
svc_exit_thread(cb_info->rqst);
diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c
-index 59461c9..b17c57e 100644
+index a35582c..ebbdcd5 100644
--- a/fs/nfs/callback_xdr.c
+++ b/fs/nfs/callback_xdr.c
@@ -51,7 +51,7 @@ struct callback_op {
@@ -55244,10 +56398,10 @@ index 59461c9..b17c57e 100644
static struct callback_op callback_ops[];
diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c
-index 1f94167..79c4ce4 100644
+index c1c7a9d..7afa0b8 100644
--- a/fs/nfs/inode.c
+++ b/fs/nfs/inode.c
-@@ -1041,16 +1041,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt
+@@ -1043,16 +1043,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt
return nfs_size_to_loff_t(fattr->size) > i_size_read(inode);
}
@@ -55268,10 +56422,10 @@ index 1f94167..79c4ce4 100644
void nfs_fattr_init(struct nfs_fattr *fattr)
diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
-index d41a351..7899577 100644
+index 2c37442..9b9538b 100644
--- a/fs/nfs/nfs4state.c
+++ b/fs/nfs/nfs4state.c
-@@ -1182,7 +1182,7 @@ void nfs4_schedule_state_manager(struct nfs_client *clp)
+@@ -1193,7 +1193,7 @@ void nfs4_schedule_state_manager(struct nfs_client *clp)
snprintf(buf, sizeof(buf), "%s-manager",
rpc_peeraddr2str(clp->cl_rpcclient, RPC_DISPLAY_ADDR));
rcu_read_unlock();
@@ -55281,10 +56435,10 @@ index d41a351..7899577 100644
printk(KERN_ERR "%s: kthread_run: %ld\n",
__func__, PTR_ERR(task));
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
-index d401d01..10b3e62 100644
+index 27d74a2..c4c2a73 100644
--- a/fs/nfsd/nfs4proc.c
+++ b/fs/nfsd/nfs4proc.c
-@@ -1109,7 +1109,7 @@ struct nfsd4_operation {
+@@ -1126,7 +1126,7 @@ struct nfsd4_operation {
nfsd4op_rsize op_rsize_bop;
stateid_getter op_get_currentstateid;
stateid_setter op_set_currentstateid;
@@ -55294,10 +56448,10 @@ index d401d01..10b3e62 100644
static struct nfsd4_operation nfsd4_ops[];
diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
-index a49c11b..8cd8130 100644
+index 582321a..0224663 100644
--- a/fs/nfsd/nfs4xdr.c
+++ b/fs/nfsd/nfs4xdr.c
-@@ -1457,7 +1457,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
+@@ -1458,7 +1458,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p)
typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *);
@@ -55306,7 +56460,7 @@ index a49c11b..8cd8130 100644
[OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access,
[OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close,
[OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit,
-@@ -1497,7 +1497,7 @@ static nfsd4_dec nfsd4_dec_ops[] = {
+@@ -1498,7 +1498,7 @@ static nfsd4_dec nfsd4_dec_ops[] = {
[OP_RELEASE_LOCKOWNER] = (nfsd4_dec)nfsd4_decode_release_lockowner,
};
@@ -55315,7 +56469,7 @@ index a49c11b..8cd8130 100644
[OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access,
[OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close,
[OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit,
-@@ -1559,7 +1559,7 @@ static nfsd4_dec nfsd41_dec_ops[] = {
+@@ -1560,7 +1560,7 @@ static nfsd4_dec nfsd41_dec_ops[] = {
};
struct nfsd4_minorversion_ops {
@@ -55325,15 +56479,16 @@ index a49c11b..8cd8130 100644
};
diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c
-index ca05f6d..b88c3a7 100644
+index e76244e..9fe8f2f1 100644
--- a/fs/nfsd/nfscache.c
+++ b/fs/nfsd/nfscache.c
-@@ -461,13 +461,16 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
+@@ -526,14 +526,17 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
{
struct svc_cacherep *rp = rqstp->rq_cacherep;
struct kvec *resv = &rqstp->rq_res.head[0], *cachv;
- int len;
+ long len;
+ size_t bufsize = 0;
if (!rp)
return;
@@ -55349,10 +56504,10 @@ index ca05f6d..b88c3a7 100644
/* Don't cache excessive amounts of data and XDR failures */
if (!statp || len > (256 >> 2)) {
diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c
-index 2b2e239..c915b48 100644
+index baf149a..76b86ad 100644
--- a/fs/nfsd/vfs.c
+++ b/fs/nfsd/vfs.c
-@@ -939,7 +939,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
+@@ -940,7 +940,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
} else {
oldfs = get_fs();
set_fs(KERNEL_DS);
@@ -55361,7 +56516,7 @@ index 2b2e239..c915b48 100644
set_fs(oldfs);
}
-@@ -1026,7 +1026,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
+@@ -1027,7 +1027,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file,
/* Write the data. */
oldfs = get_fs(); set_fs(KERNEL_DS);
@@ -55370,7 +56525,7 @@ index 2b2e239..c915b48 100644
set_fs(oldfs);
if (host_err < 0)
goto out_nfserr;
-@@ -1572,7 +1572,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp)
+@@ -1573,7 +1573,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp)
*/
oldfs = get_fs(); set_fs(KERNEL_DS);
@@ -55463,18 +56618,10 @@ index e7bc1d7..06bd4bb 100644
}
diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
-index 5d84442..2c034ba 100644
+index 77cc85d..a1e6299 100644
--- a/fs/notify/fanotify/fanotify_user.c
+++ b/fs/notify/fanotify/fanotify_user.c
-@@ -121,6 +121,7 @@ static int fill_event_metadata(struct fsnotify_group *group,
- metadata->event_len = FAN_EVENT_METADATA_LEN;
- metadata->metadata_len = FAN_EVENT_METADATA_LEN;
- metadata->vers = FANOTIFY_METADATA_VERSION;
-+ metadata->reserved = 0;
- metadata->mask = event->mask & FAN_ALL_OUTGOING_EVENTS;
- metadata->pid = pid_vnr(event->tgid);
- if (unlikely(event->mask & FAN_Q_OVERFLOW))
-@@ -251,8 +252,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
+@@ -253,8 +253,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group,
fd = fanotify_event_metadata.fd;
ret = -EFAULT;
@@ -55521,10 +56668,10 @@ index aa411c3..c260a84 100644
"inode 0x%lx or driver bug.", vdir->i_ino);
goto err_out;
diff --git a/fs/ntfs/file.c b/fs/ntfs/file.c
-index 5b2d4f0..c6de396 100644
+index c5670b8..01a3656 100644
--- a/fs/ntfs/file.c
+++ b/fs/ntfs/file.c
-@@ -2242,6 +2242,6 @@ const struct inode_operations ntfs_file_inode_ops = {
+@@ -2241,6 +2241,6 @@ const struct inode_operations ntfs_file_inode_ops = {
#endif /* NTFS_RW */
};
@@ -55533,6 +56680,50 @@ index 5b2d4f0..c6de396 100644
-const struct inode_operations ntfs_empty_inode_ops = {};
+const struct inode_operations ntfs_empty_inode_ops __read_only;
+diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c
+index 20dfec7..e238cb7 100644
+--- a/fs/ocfs2/aops.c
++++ b/fs/ocfs2/aops.c
+@@ -1756,7 +1756,7 @@ try_again:
+ goto out;
+ } else if (ret == 1) {
+ clusters_need = wc->w_clen;
+- ret = ocfs2_refcount_cow(inode, filp, di_bh,
++ ret = ocfs2_refcount_cow(inode, di_bh,
+ wc->w_cpos, wc->w_clen, UINT_MAX);
+ if (ret) {
+ mlog_errno(ret);
+diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
+index ff54014..ff125fd 100644
+--- a/fs/ocfs2/file.c
++++ b/fs/ocfs2/file.c
+@@ -370,7 +370,7 @@ static int ocfs2_cow_file_pos(struct inode *inode,
+ if (!(ext_flags & OCFS2_EXT_REFCOUNTED))
+ goto out;
+
+- return ocfs2_refcount_cow(inode, NULL, fe_bh, cpos, 1, cpos+1);
++ return ocfs2_refcount_cow(inode, fe_bh, cpos, 1, cpos+1);
+
+ out:
+ return status;
+@@ -899,7 +899,7 @@ static int ocfs2_zero_extend_get_range(struct inode *inode,
+ zero_clusters = last_cpos - zero_cpos;
+
+ if (needs_cow) {
+- rc = ocfs2_refcount_cow(inode, NULL, di_bh, zero_cpos,
++ rc = ocfs2_refcount_cow(inode, di_bh, zero_cpos,
+ zero_clusters, UINT_MAX);
+ if (rc) {
+ mlog_errno(rc);
+@@ -2078,7 +2078,7 @@ static int ocfs2_prepare_inode_for_refcount(struct inode *inode,
+
+ *meta_level = 1;
+
+- ret = ocfs2_refcount_cow(inode, file, di_bh, cpos, clusters, UINT_MAX);
++ ret = ocfs2_refcount_cow(inode, di_bh, cpos, clusters, UINT_MAX);
+ if (ret)
+ mlog_errno(ret);
+ out:
diff --git a/fs/ocfs2/localalloc.c b/fs/ocfs2/localalloc.c
index aebeacd..0dcdd26 100644
--- a/fs/ocfs2/localalloc.c
@@ -55546,6 +56737,19 @@ index aebeacd..0dcdd26 100644
bail:
if (handle)
+diff --git a/fs/ocfs2/move_extents.c b/fs/ocfs2/move_extents.c
+index f1fc172..452068b 100644
+--- a/fs/ocfs2/move_extents.c
++++ b/fs/ocfs2/move_extents.c
+@@ -69,7 +69,7 @@ static int __ocfs2_move_extent(handle_t *handle,
+ u64 ino = ocfs2_metadata_cache_owner(context->et.et_ci);
+ u64 old_blkno = ocfs2_clusters_to_blocks(inode->i_sb, p_cpos);
+
+- ret = ocfs2_duplicate_clusters_by_page(handle, context->file, cpos,
++ ret = ocfs2_duplicate_clusters_by_page(handle, inode, cpos,
+ p_cpos, new_p_cpos, len);
+ if (ret) {
+ mlog_errno(ret);
diff --git a/fs/ocfs2/ocfs2.h b/fs/ocfs2/ocfs2.h
index d355e6e..578d905 100644
--- a/fs/ocfs2/ocfs2.h
@@ -55567,6 +56771,188 @@ index d355e6e..578d905 100644
};
enum ocfs2_local_alloc_state
+diff --git a/fs/ocfs2/refcounttree.c b/fs/ocfs2/refcounttree.c
+index 998b17e..aefe414 100644
+--- a/fs/ocfs2/refcounttree.c
++++ b/fs/ocfs2/refcounttree.c
+@@ -49,7 +49,6 @@
+
+ struct ocfs2_cow_context {
+ struct inode *inode;
+- struct file *file;
+ u32 cow_start;
+ u32 cow_len;
+ struct ocfs2_extent_tree data_et;
+@@ -66,7 +65,7 @@ struct ocfs2_cow_context {
+ u32 *num_clusters,
+ unsigned int *extent_flags);
+ int (*cow_duplicate_clusters)(handle_t *handle,
+- struct file *file,
++ struct inode *inode,
+ u32 cpos, u32 old_cluster,
+ u32 new_cluster, u32 new_len);
+ };
+@@ -2922,14 +2921,12 @@ static int ocfs2_clear_cow_buffer(handle_t *handle, struct buffer_head *bh)
+ }
+
+ int ocfs2_duplicate_clusters_by_page(handle_t *handle,
+- struct file *file,
++ struct inode *inode,
+ u32 cpos, u32 old_cluster,
+ u32 new_cluster, u32 new_len)
+ {
+ int ret = 0, partial;
+- struct inode *inode = file_inode(file);
+- struct ocfs2_caching_info *ci = INODE_CACHE(inode);
+- struct super_block *sb = ocfs2_metadata_cache_get_super(ci);
++ struct super_block *sb = inode->i_sb;
+ u64 new_block = ocfs2_clusters_to_blocks(sb, new_cluster);
+ struct page *page;
+ pgoff_t page_index;
+@@ -2973,13 +2970,6 @@ int ocfs2_duplicate_clusters_by_page(handle_t *handle,
+ if (PAGE_CACHE_SIZE <= OCFS2_SB(sb)->s_clustersize)
+ BUG_ON(PageDirty(page));
+
+- if (PageReadahead(page)) {
+- page_cache_async_readahead(mapping,
+- &file->f_ra, file,
+- page, page_index,
+- readahead_pages);
+- }
+-
+ if (!PageUptodate(page)) {
+ ret = block_read_full_page(page, ocfs2_get_block);
+ if (ret) {
+@@ -2999,7 +2989,8 @@ int ocfs2_duplicate_clusters_by_page(handle_t *handle,
+ }
+ }
+
+- ocfs2_map_and_dirty_page(inode, handle, from, to,
++ ocfs2_map_and_dirty_page(inode,
++ handle, from, to,
+ page, 0, &new_block);
+ mark_page_accessed(page);
+ unlock:
+@@ -3015,12 +3006,11 @@ unlock:
+ }
+
+ int ocfs2_duplicate_clusters_by_jbd(handle_t *handle,
+- struct file *file,
++ struct inode *inode,
+ u32 cpos, u32 old_cluster,
+ u32 new_cluster, u32 new_len)
+ {
+ int ret = 0;
+- struct inode *inode = file_inode(file);
+ struct super_block *sb = inode->i_sb;
+ struct ocfs2_caching_info *ci = INODE_CACHE(inode);
+ int i, blocks = ocfs2_clusters_to_blocks(sb, new_len);
+@@ -3145,7 +3135,7 @@ static int ocfs2_replace_clusters(handle_t *handle,
+
+ /*If the old clusters is unwritten, no need to duplicate. */
+ if (!(ext_flags & OCFS2_EXT_UNWRITTEN)) {
+- ret = context->cow_duplicate_clusters(handle, context->file,
++ ret = context->cow_duplicate_clusters(handle, context->inode,
+ cpos, old, new, len);
+ if (ret) {
+ mlog_errno(ret);
+@@ -3423,35 +3413,12 @@ static int ocfs2_replace_cow(struct ocfs2_cow_context *context)
+ return ret;
+ }
+
+-static void ocfs2_readahead_for_cow(struct inode *inode,
+- struct file *file,
+- u32 start, u32 len)
+-{
+- struct address_space *mapping;
+- pgoff_t index;
+- unsigned long num_pages;
+- int cs_bits = OCFS2_SB(inode->i_sb)->s_clustersize_bits;
+-
+- if (!file)
+- return;
+-
+- mapping = file->f_mapping;
+- num_pages = (len << cs_bits) >> PAGE_CACHE_SHIFT;
+- if (!num_pages)
+- num_pages = 1;
+-
+- index = ((loff_t)start << cs_bits) >> PAGE_CACHE_SHIFT;
+- page_cache_sync_readahead(mapping, &file->f_ra, file,
+- index, num_pages);
+-}
+-
+ /*
+ * Starting at cpos, try to CoW write_len clusters. Don't CoW
+ * past max_cpos. This will stop when it runs into a hole or an
+ * unrefcounted extent.
+ */
+ static int ocfs2_refcount_cow_hunk(struct inode *inode,
+- struct file *file,
+ struct buffer_head *di_bh,
+ u32 cpos, u32 write_len, u32 max_cpos)
+ {
+@@ -3480,8 +3447,6 @@ static int ocfs2_refcount_cow_hunk(struct inode *inode,
+
+ BUG_ON(cow_len == 0);
+
+- ocfs2_readahead_for_cow(inode, file, cow_start, cow_len);
+-
+ context = kzalloc(sizeof(struct ocfs2_cow_context), GFP_NOFS);
+ if (!context) {
+ ret = -ENOMEM;
+@@ -3503,7 +3468,6 @@ static int ocfs2_refcount_cow_hunk(struct inode *inode,
+ context->ref_root_bh = ref_root_bh;
+ context->cow_duplicate_clusters = ocfs2_duplicate_clusters_by_page;
+ context->get_clusters = ocfs2_di_get_clusters;
+- context->file = file;
+
+ ocfs2_init_dinode_extent_tree(&context->data_et,
+ INODE_CACHE(inode), di_bh);
+@@ -3532,7 +3496,6 @@ out:
+ * clusters between cpos and cpos+write_len are safe to modify.
+ */
+ int ocfs2_refcount_cow(struct inode *inode,
+- struct file *file,
+ struct buffer_head *di_bh,
+ u32 cpos, u32 write_len, u32 max_cpos)
+ {
+@@ -3552,7 +3515,7 @@ int ocfs2_refcount_cow(struct inode *inode,
+ num_clusters = write_len;
+
+ if (ext_flags & OCFS2_EXT_REFCOUNTED) {
+- ret = ocfs2_refcount_cow_hunk(inode, file, di_bh, cpos,
++ ret = ocfs2_refcount_cow_hunk(inode, di_bh, cpos,
+ num_clusters, max_cpos);
+ if (ret) {
+ mlog_errno(ret);
+diff --git a/fs/ocfs2/refcounttree.h b/fs/ocfs2/refcounttree.h
+index 7754608..6422bbcdb 100644
+--- a/fs/ocfs2/refcounttree.h
++++ b/fs/ocfs2/refcounttree.h
+@@ -53,7 +53,7 @@ int ocfs2_prepare_refcount_change_for_del(struct inode *inode,
+ int *credits,
+ int *ref_blocks);
+ int ocfs2_refcount_cow(struct inode *inode,
+- struct file *filep, struct buffer_head *di_bh,
++ struct buffer_head *di_bh,
+ u32 cpos, u32 write_len, u32 max_cpos);
+
+ typedef int (ocfs2_post_refcount_func)(struct inode *inode,
+@@ -85,11 +85,11 @@ int ocfs2_refcount_cow_xattr(struct inode *inode,
+ u32 cpos, u32 write_len,
+ struct ocfs2_post_refcount *post);
+ int ocfs2_duplicate_clusters_by_page(handle_t *handle,
+- struct file *file,
++ struct inode *inode,
+ u32 cpos, u32 old_cluster,
+ u32 new_cluster, u32 new_len);
+ int ocfs2_duplicate_clusters_by_jbd(handle_t *handle,
+- struct file *file,
++ struct inode *inode,
+ u32 cpos, u32 old_cluster,
+ u32 new_cluster, u32 new_len);
+ int ocfs2_cow_sync_writeback(struct super_block *sb,
diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c
index b7e74b5..19c6536 100644
--- a/fs/ocfs2/suballoc.c
@@ -55664,7 +57050,7 @@ index 01b8516..579c4df 100644
/* Copy the blockcheck stats from the superblock probe */
osb->osb_ecc_stats = *stats;
diff --git a/fs/open.c b/fs/open.c
-index 6835446..eadf09f 100644
+index 8c74100..4239c48 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -32,6 +32,8 @@
@@ -55694,7 +57080,7 @@ index 6835446..eadf09f 100644
if (!error)
error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, f.file);
sb_end_write(inode->i_sb);
-@@ -388,6 +394,9 @@ retry:
+@@ -360,6 +366,9 @@ retry:
if (__mnt_is_readonly(path.mnt))
res = -EROFS;
@@ -55704,7 +57090,7 @@ index 6835446..eadf09f 100644
out_path_release:
path_put(&path);
if (retry_estale(res, lookup_flags)) {
-@@ -419,6 +428,8 @@ retry:
+@@ -391,6 +400,8 @@ retry:
if (error)
goto dput_and_out;
@@ -55713,7 +57099,7 @@ index 6835446..eadf09f 100644
set_fs_pwd(current->fs, &path);
dput_and_out:
-@@ -448,6 +459,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd)
+@@ -420,6 +431,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd)
goto out_putf;
error = inode_permission(inode, MAY_EXEC | MAY_CHDIR);
@@ -55727,7 +57113,7 @@ index 6835446..eadf09f 100644
if (!error)
set_fs_pwd(current->fs, &f.file->f_path);
out_putf:
-@@ -477,7 +495,13 @@ retry:
+@@ -449,7 +467,13 @@ retry:
if (error)
goto dput_and_out;
@@ -55741,7 +57127,7 @@ index 6835446..eadf09f 100644
error = 0;
dput_and_out:
path_put(&path);
-@@ -499,6 +523,16 @@ static int chmod_common(struct path *path, umode_t mode)
+@@ -471,6 +495,16 @@ static int chmod_common(struct path *path, umode_t mode)
if (error)
return error;
mutex_lock(&inode->i_mutex);
@@ -55758,7 +57144,7 @@ index 6835446..eadf09f 100644
error = security_path_chmod(path, mode);
if (error)
goto out_unlock;
-@@ -559,6 +593,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
+@@ -531,6 +565,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group)
uid = make_kuid(current_user_ns(), user);
gid = make_kgid(current_user_ns(), group);
@@ -55768,7 +57154,7 @@ index 6835446..eadf09f 100644
newattrs.ia_valid = ATTR_CTIME;
if (user != (uid_t) -1) {
if (!uid_valid(uid))
-@@ -974,6 +1011,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
+@@ -946,6 +983,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode)
} else {
fsnotify_open(f);
fd_install(fd, f);
@@ -55777,10 +57163,28 @@ index 6835446..eadf09f 100644
}
putname(tmp);
diff --git a/fs/pipe.c b/fs/pipe.c
-index 2234f3f..f9083a1 100644
+index d2c45e1..009fe1c 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
-@@ -438,9 +438,9 @@ redo:
+@@ -56,7 +56,7 @@ unsigned int pipe_min_size = PAGE_SIZE;
+
+ static void pipe_lock_nested(struct pipe_inode_info *pipe, int subclass)
+ {
+- if (pipe->files)
++ if (atomic_read(&pipe->files))
+ mutex_lock_nested(&pipe->mutex, subclass);
+ }
+
+@@ -71,7 +71,7 @@ EXPORT_SYMBOL(pipe_lock);
+
+ void pipe_unlock(struct pipe_inode_info *pipe)
+ {
+- if (pipe->files)
++ if (atomic_read(&pipe->files))
+ mutex_unlock(&pipe->mutex);
+ }
+ EXPORT_SYMBOL(pipe_unlock);
+@@ -449,9 +449,9 @@ redo:
}
if (bufs) /* More to do? */
continue;
@@ -55792,16 +57196,16 @@ index 2234f3f..f9083a1 100644
/* syscall merging: Usually we must not sleep
* if O_NONBLOCK is set, or if we got some data.
* But if a writer sleeps in kernel space, then
-@@ -504,7 +504,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov,
- mutex_lock(&inode->i_mutex);
- pipe = inode->i_pipe;
+@@ -513,7 +513,7 @@ pipe_write(struct kiocb *iocb, const struct iovec *_iov,
+ ret = 0;
+ __pipe_lock(pipe);
- if (!pipe->readers) {
+ if (!atomic_read(&pipe->readers)) {
send_sig(SIGPIPE, current, 0);
ret = -EPIPE;
goto out;
-@@ -553,7 +553,7 @@ redo1:
+@@ -562,7 +562,7 @@ redo1:
for (;;) {
int bufs;
@@ -55810,7 +57214,7 @@ index 2234f3f..f9083a1 100644
send_sig(SIGPIPE, current, 0);
if (!ret)
ret = -EPIPE;
-@@ -644,9 +644,9 @@ redo2:
+@@ -653,9 +653,9 @@ redo2:
kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
do_wakeup = 0;
}
@@ -55821,8 +57225,8 @@ index 2234f3f..f9083a1 100644
+ atomic_dec(&pipe->waiting_writers);
}
out:
- mutex_unlock(&inode->i_mutex);
-@@ -716,7 +716,7 @@ pipe_poll(struct file *filp, poll_table *wait)
+ __pipe_unlock(pipe);
+@@ -709,7 +709,7 @@ pipe_poll(struct file *filp, poll_table *wait)
mask = 0;
if (filp->f_mode & FMODE_READ) {
mask = (nrbufs > 0) ? POLLIN | POLLRDNORM : 0;
@@ -55831,7 +57235,7 @@ index 2234f3f..f9083a1 100644
mask |= POLLHUP;
}
-@@ -726,7 +726,7 @@ pipe_poll(struct file *filp, poll_table *wait)
+@@ -719,7 +719,7 @@ pipe_poll(struct file *filp, poll_table *wait)
* Most Unices do not set POLLERR for FIFOs but on Linux they
* behave exactly like pipes for poll().
*/
@@ -55840,52 +57244,30 @@ index 2234f3f..f9083a1 100644
mask |= POLLERR;
}
-@@ -740,10 +740,10 @@ pipe_release(struct inode *inode, int decr, int decw)
-
- mutex_lock(&inode->i_mutex);
- pipe = inode->i_pipe;
-- pipe->readers -= decr;
-- pipe->writers -= decw;
-+ atomic_sub(decr, &pipe->readers);
-+ atomic_sub(decw, &pipe->writers);
-
-- if (!pipe->readers && !pipe->writers) {
-+ if (!atomic_read(&pipe->readers) && !atomic_read(&pipe->writers)) {
- free_pipe_info(inode);
- } else {
- wake_up_interruptible_sync_poll(&pipe->wait, POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM | POLLERR | POLLHUP);
-@@ -833,7 +833,7 @@ pipe_read_open(struct inode *inode, struct file *filp)
-
- if (inode->i_pipe) {
- ret = 0;
-- inode->i_pipe->readers++;
-+ atomic_inc(&inode->i_pipe->readers);
- }
+@@ -734,17 +734,17 @@ pipe_release(struct inode *inode, struct file *file)
- mutex_unlock(&inode->i_mutex);
-@@ -850,7 +850,7 @@ pipe_write_open(struct inode *inode, struct file *filp)
+ __pipe_lock(pipe);
+ if (file->f_mode & FMODE_READ)
+- pipe->readers--;
++ atomic_dec(&pipe->readers);
+ if (file->f_mode & FMODE_WRITE)
+- pipe->writers--;
++ atomic_dec(&pipe->writers);
- if (inode->i_pipe) {
- ret = 0;
-- inode->i_pipe->writers++;
-+ atomic_inc(&inode->i_pipe->writers);
+- if (pipe->readers || pipe->writers) {
++ if (atomic_read(&pipe->readers) || atomic_read(&pipe->writers)) {
+ wake_up_interruptible_sync_poll(&pipe->wait, POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM | POLLERR | POLLHUP);
+ kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
+ kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
}
-
- mutex_unlock(&inode->i_mutex);
-@@ -871,9 +871,9 @@ pipe_rdwr_open(struct inode *inode, struct file *filp)
- if (inode->i_pipe) {
- ret = 0;
- if (filp->f_mode & FMODE_READ)
-- inode->i_pipe->readers++;
-+ atomic_inc(&inode->i_pipe->readers);
- if (filp->f_mode & FMODE_WRITE)
-- inode->i_pipe->writers++;
-+ atomic_inc(&inode->i_pipe->writers);
+ spin_lock(&inode->i_lock);
+- if (!--pipe->files) {
++ if (atomic_dec_and_test(&pipe->files)) {
+ inode->i_pipe = NULL;
+ kill = 1;
}
-
- mutex_unlock(&inode->i_mutex);
-@@ -965,7 +965,7 @@ void free_pipe_info(struct inode *inode)
- inode->i_pipe = NULL;
+@@ -811,7 +811,7 @@ void free_pipe_info(struct pipe_inode_info *pipe)
+ kfree(pipe);
}
-static struct vfsmount *pipe_mnt __read_mostly;
@@ -55893,16 +57275,109 @@ index 2234f3f..f9083a1 100644
/*
* pipefs_dname() is called from d_path().
-@@ -995,7 +995,8 @@ static struct inode * get_pipe_inode(void)
+@@ -841,8 +841,9 @@ static struct inode * get_pipe_inode(void)
goto fail_iput;
- inode->i_pipe = pipe;
+ inode->i_pipe = pipe;
+- pipe->files = 2;
- pipe->readers = pipe->writers = 1;
++ atomic_set(&pipe->files, 2);
+ atomic_set(&pipe->readers, 1);
+ atomic_set(&pipe->writers, 1);
- inode->i_fop = &rdwr_pipefifo_fops;
+ inode->i_fop = &pipefifo_fops;
/*
+@@ -1022,17 +1023,17 @@ static int fifo_open(struct inode *inode, struct file *filp)
+ spin_lock(&inode->i_lock);
+ if (inode->i_pipe) {
+ pipe = inode->i_pipe;
+- pipe->files++;
++ atomic_inc(&pipe->files);
+ spin_unlock(&inode->i_lock);
+ } else {
+ spin_unlock(&inode->i_lock);
+ pipe = alloc_pipe_info();
+ if (!pipe)
+ return -ENOMEM;
+- pipe->files = 1;
++ atomic_set(&pipe->files, 1);
+ spin_lock(&inode->i_lock);
+ if (unlikely(inode->i_pipe)) {
+- inode->i_pipe->files++;
++ atomic_inc(&inode->i_pipe->files);
+ spin_unlock(&inode->i_lock);
+ free_pipe_info(pipe);
+ pipe = inode->i_pipe;
+@@ -1057,10 +1058,10 @@ static int fifo_open(struct inode *inode, struct file *filp)
+ * opened, even when there is no process writing the FIFO.
+ */
+ pipe->r_counter++;
+- if (pipe->readers++ == 0)
++ if (atomic_inc_return(&pipe->readers) == 1)
+ wake_up_partner(pipe);
+
+- if (!is_pipe && !pipe->writers) {
++ if (!is_pipe && !atomic_read(&pipe->writers)) {
+ if ((filp->f_flags & O_NONBLOCK)) {
+ /* suppress POLLHUP until we have
+ * seen a writer */
+@@ -1079,14 +1080,14 @@ static int fifo_open(struct inode *inode, struct file *filp)
+ * errno=ENXIO when there is no process reading the FIFO.
+ */
+ ret = -ENXIO;
+- if (!is_pipe && (filp->f_flags & O_NONBLOCK) && !pipe->readers)
++ if (!is_pipe && (filp->f_flags & O_NONBLOCK) && !atomic_read(&pipe->readers))
+ goto err;
+
+ pipe->w_counter++;
+- if (!pipe->writers++)
++ if (atomic_inc_return(&pipe->writers) == 1)
+ wake_up_partner(pipe);
+
+- if (!is_pipe && !pipe->readers) {
++ if (!is_pipe && !atomic_read(&pipe->readers)) {
+ if (wait_for_partner(pipe, &pipe->r_counter))
+ goto err_wr;
+ }
+@@ -1100,11 +1101,11 @@ static int fifo_open(struct inode *inode, struct file *filp)
+ * the process can at least talk to itself.
+ */
+
+- pipe->readers++;
+- pipe->writers++;
++ atomic_inc(&pipe->readers);
++ atomic_inc(&pipe->writers);
+ pipe->r_counter++;
+ pipe->w_counter++;
+- if (pipe->readers == 1 || pipe->writers == 1)
++ if (atomic_read(&pipe->readers) == 1 || atomic_read(&pipe->writers) == 1)
+ wake_up_partner(pipe);
+ break;
+
+@@ -1118,20 +1119,20 @@ static int fifo_open(struct inode *inode, struct file *filp)
+ return 0;
+
+ err_rd:
+- if (!--pipe->readers)
++ if (atomic_dec_and_test(&pipe->readers))
+ wake_up_interruptible(&pipe->wait);
+ ret = -ERESTARTSYS;
+ goto err;
+
+ err_wr:
+- if (!--pipe->writers)
++ if (atomic_dec_and_test(&pipe->writers))
+ wake_up_interruptible(&pipe->wait);
+ ret = -ERESTARTSYS;
+ goto err;
+
+ err:
+ spin_lock(&inode->i_lock);
+- if (!--pipe->files) {
++ if (atomic_dec_and_test(&pipe->files)) {
+ inode->i_pipe = NULL;
+ kill = 1;
+ }
diff --git a/fs/proc/Kconfig b/fs/proc/Kconfig
index 15af622..0e9f4467 100644
--- a/fs/proc/Kconfig
@@ -56088,10 +57563,10 @@ index cbd0f1b..adec3f0 100644
static struct pid *
get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos)
diff --git a/fs/proc/base.c b/fs/proc/base.c
-index 69078c7..3e12a75 100644
+index c3834da..b402b2b 100644
--- a/fs/proc/base.c
+++ b/fs/proc/base.c
-@@ -112,6 +112,14 @@ struct pid_entry {
+@@ -113,6 +113,14 @@ struct pid_entry {
union proc_op op;
};
@@ -56106,7 +57581,7 @@ index 69078c7..3e12a75 100644
#define NOD(NAME, MODE, IOP, FOP, OP) { \
.name = (NAME), \
.len = sizeof(NAME) - 1, \
-@@ -209,6 +217,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer)
+@@ -210,6 +218,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer)
if (!mm->arg_end)
goto out_mm; /* Shh! No looking before we're done */
@@ -56116,7 +57591,7 @@ index 69078c7..3e12a75 100644
len = mm->arg_end - mm->arg_start;
if (len > PAGE_SIZE)
-@@ -236,12 +247,28 @@ out:
+@@ -237,12 +248,28 @@ out:
return res;
}
@@ -56145,7 +57620,7 @@ index 69078c7..3e12a75 100644
do {
nwords += 2;
} while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */
-@@ -255,7 +282,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer)
+@@ -256,7 +283,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer)
}
@@ -56154,7 +57629,7 @@ index 69078c7..3e12a75 100644
/*
* Provides a wchan file via kallsyms in a proper one-value-per-file format.
* Returns the resolved symbol. If that fails, simply return the address.
-@@ -294,7 +321,7 @@ static void unlock_trace(struct task_struct *task)
+@@ -295,7 +322,7 @@ static void unlock_trace(struct task_struct *task)
mutex_unlock(&task->signal->cred_guard_mutex);
}
@@ -56163,7 +57638,7 @@ index 69078c7..3e12a75 100644
#define MAX_STACK_TRACE_DEPTH 64
-@@ -486,7 +513,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer)
+@@ -518,7 +545,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer)
return count;
}
@@ -56172,7 +57647,7 @@ index 69078c7..3e12a75 100644
static int proc_pid_syscall(struct task_struct *task, char *buffer)
{
long nr;
-@@ -515,7 +542,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer)
+@@ -547,7 +574,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer)
/************************************************************************/
/* permission checks */
@@ -56181,7 +57656,7 @@ index 69078c7..3e12a75 100644
{
struct task_struct *task;
int allowed = 0;
-@@ -525,7 +552,10 @@ static int proc_fd_access_allowed(struct inode *inode)
+@@ -557,7 +584,10 @@ static int proc_fd_access_allowed(struct inode *inode)
*/
task = get_proc_task(inode);
if (task) {
@@ -56193,7 +57668,7 @@ index 69078c7..3e12a75 100644
put_task_struct(task);
}
return allowed;
-@@ -556,10 +586,35 @@ static bool has_pid_permissions(struct pid_namespace *pid,
+@@ -588,10 +618,35 @@ static bool has_pid_permissions(struct pid_namespace *pid,
struct task_struct *task,
int hide_pid_min)
{
@@ -56229,7 +57704,7 @@ index 69078c7..3e12a75 100644
return ptrace_may_access(task, PTRACE_MODE_READ);
}
-@@ -577,7 +632,11 @@ static int proc_pid_permission(struct inode *inode, int mask)
+@@ -609,7 +664,11 @@ static int proc_pid_permission(struct inode *inode, int mask)
put_task_struct(task);
if (!has_perms) {
@@ -56241,7 +57716,7 @@ index 69078c7..3e12a75 100644
/*
* Let's make getdents(), stat(), and open()
* consistent with each other. If a process
-@@ -675,6 +734,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
+@@ -707,6 +766,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
if (!task)
return -ESRCH;
@@ -56253,7 +57728,7 @@ index 69078c7..3e12a75 100644
mm = mm_access(task, mode);
put_task_struct(task);
-@@ -690,6 +754,10 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
+@@ -722,6 +786,10 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode)
file->private_data = mm;
@@ -56264,7 +57739,7 @@ index 69078c7..3e12a75 100644
return 0;
}
-@@ -711,6 +779,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
+@@ -743,6 +811,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
ssize_t copied;
char *page;
@@ -56282,7 +57757,7 @@ index 69078c7..3e12a75 100644
if (!mm)
return 0;
-@@ -723,7 +802,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
+@@ -755,7 +834,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf,
goto free;
while (count > 0) {
@@ -56291,7 +57766,7 @@ index 69078c7..3e12a75 100644
if (write && copy_from_user(page, buf, this_len)) {
copied = -EFAULT;
-@@ -815,6 +894,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
+@@ -847,6 +926,13 @@ static ssize_t environ_read(struct file *file, char __user *buf,
if (!mm)
return 0;
@@ -56305,7 +57780,7 @@ index 69078c7..3e12a75 100644
page = (char *)__get_free_page(GFP_TEMPORARY);
if (!page)
return -ENOMEM;
-@@ -824,7 +910,7 @@ static ssize_t environ_read(struct file *file, char __user *buf,
+@@ -856,7 +942,7 @@ static ssize_t environ_read(struct file *file, char __user *buf,
goto free;
while (count > 0) {
size_t this_len, max_len;
@@ -56314,7 +57789,7 @@ index 69078c7..3e12a75 100644
if (src >= (mm->env_end - mm->env_start))
break;
-@@ -1430,7 +1516,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd)
+@@ -1461,7 +1547,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd)
int error = -EACCES;
/* Are we allowed to snoop on the tasks file descriptors? */
@@ -56323,7 +57798,7 @@ index 69078c7..3e12a75 100644
goto out;
error = PROC_I(inode)->op.proc_get_link(dentry, &path);
-@@ -1474,8 +1560,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
+@@ -1505,8 +1591,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b
struct path path;
/* Are we allowed to snoop on the tasks file descriptors? */
@@ -56344,7 +57819,7 @@ index 69078c7..3e12a75 100644
error = PROC_I(inode)->op.proc_get_link(dentry, &path);
if (error)
-@@ -1525,7 +1621,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
+@@ -1556,7 +1652,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t
rcu_read_lock();
cred = __task_cred(task);
inode->i_uid = cred->euid;
@@ -56356,7 +57831,7 @@ index 69078c7..3e12a75 100644
rcu_read_unlock();
}
security_task_to_inode(task, inode);
-@@ -1561,10 +1661,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
+@@ -1592,10 +1692,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat)
return -ENOENT;
}
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
@@ -56376,7 +57851,7 @@ index 69078c7..3e12a75 100644
}
}
rcu_read_unlock();
-@@ -1602,11 +1711,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
+@@ -1633,11 +1742,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags)
if (task) {
if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) ||
@@ -56397,7 +57872,7 @@ index 69078c7..3e12a75 100644
rcu_read_unlock();
} else {
inode->i_uid = GLOBAL_ROOT_UID;
-@@ -2059,6 +2177,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
+@@ -2196,6 +2314,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir,
if (!task)
goto out_no_task;
@@ -56407,7 +57882,7 @@ index 69078c7..3e12a75 100644
/*
* Yes, it does not scale. And it should not. Don't add
* new entries into /proc/<tgid>/ without very good reasons.
-@@ -2103,6 +2224,9 @@ static int proc_pident_readdir(struct file *filp,
+@@ -2240,6 +2361,9 @@ static int proc_pident_readdir(struct file *filp,
if (!task)
goto out_no_task;
@@ -56417,7 +57892,7 @@ index 69078c7..3e12a75 100644
ret = 0;
i = filp->f_pos;
switch (i) {
-@@ -2516,7 +2640,7 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2653,7 +2777,7 @@ static const struct pid_entry tgid_base_stuff[] = {
REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
@@ -56426,7 +57901,7 @@ index 69078c7..3e12a75 100644
INF("syscall", S_IRUGO, proc_pid_syscall),
#endif
INF("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -2541,10 +2665,10 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2678,10 +2802,10 @@ static const struct pid_entry tgid_base_stuff[] = {
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
@@ -56439,7 +57914,7 @@ index 69078c7..3e12a75 100644
ONE("stack", S_IRUGO, proc_pid_stack),
#endif
#ifdef CONFIG_SCHEDSTATS
-@@ -2578,6 +2702,9 @@ static const struct pid_entry tgid_base_stuff[] = {
+@@ -2715,6 +2839,9 @@ static const struct pid_entry tgid_base_stuff[] = {
#ifdef CONFIG_HARDWALL
INF("hardwall", S_IRUGO, proc_pid_hardwall),
#endif
@@ -56449,7 +57924,7 @@ index 69078c7..3e12a75 100644
#ifdef CONFIG_USER_NS
REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations),
REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations),
-@@ -2707,7 +2834,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir,
+@@ -2847,7 +2974,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir,
if (!inode)
goto out;
@@ -56464,7 +57939,7 @@ index 69078c7..3e12a75 100644
inode->i_op = &proc_tgid_base_inode_operations;
inode->i_fop = &proc_tgid_base_operations;
inode->i_flags|=S_IMMUTABLE;
-@@ -2745,7 +2879,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
+@@ -2885,7 +3019,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign
if (!task)
goto out;
@@ -56476,7 +57951,7 @@ index 69078c7..3e12a75 100644
put_task_struct(task);
out:
return result;
-@@ -2808,6 +2946,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi
+@@ -2948,6 +3086,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi
static int fake_filldir(void *buf, const char *name, int namelen,
loff_t offset, u64 ino, unsigned d_type)
{
@@ -56485,7 +57960,7 @@ index 69078c7..3e12a75 100644
return 0;
}
-@@ -2859,7 +2999,7 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -3007,7 +3147,7 @@ static const struct pid_entry tid_base_stuff[] = {
REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations),
#endif
REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations),
@@ -56494,7 +57969,7 @@ index 69078c7..3e12a75 100644
INF("syscall", S_IRUGO, proc_pid_syscall),
#endif
INF("cmdline", S_IRUGO, proc_pid_cmdline),
-@@ -2886,10 +3026,10 @@ static const struct pid_entry tid_base_stuff[] = {
+@@ -3034,10 +3174,10 @@ static const struct pid_entry tid_base_stuff[] = {
#ifdef CONFIG_SECURITY
DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations),
#endif
@@ -56578,13 +58053,13 @@ index d7a4a28..0201742 100644
}
diff --git a/fs/proc/inode.c b/fs/proc/inode.c
-index 869116c..820cb27 100644
+index 073aea6..0630370 100644
--- a/fs/proc/inode.c
+++ b/fs/proc/inode.c
-@@ -22,11 +22,17 @@
- #include <linux/seq_file.h>
+@@ -23,11 +23,17 @@
#include <linux/slab.h>
#include <linux/mount.h>
+ #include <linux/magic.h>
+#include <linux/grsecurity.h>
#include <asm/uaccess.h>
@@ -56599,8 +58074,8 @@ index 869116c..820cb27 100644
static void proc_evict_inode(struct inode *inode)
{
struct proc_dir_entry *de;
-@@ -54,6 +60,13 @@ static void proc_evict_inode(struct inode *inode)
- ns = PROC_I(inode)->ns;
+@@ -55,6 +61,13 @@ static void proc_evict_inode(struct inode *inode)
+ ns = PROC_I(inode)->ns.ns;
if (ns_ops && ns)
ns_ops->put(ns);
+
@@ -56613,7 +58088,7 @@ index 869116c..820cb27 100644
}
static struct kmem_cache * proc_inode_cachep;
-@@ -456,7 +469,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
+@@ -385,7 +398,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de)
if (de->mode) {
inode->i_mode = de->mode;
inode->i_uid = de->uid;
@@ -56626,24 +58101,24 @@ index 869116c..820cb27 100644
if (de->size)
inode->i_size = de->size;
diff --git a/fs/proc/internal.h b/fs/proc/internal.h
-index 85ff3a4..a512bd8 100644
+index d600fb0..3b495fe 100644
--- a/fs/proc/internal.h
+++ b/fs/proc/internal.h
-@@ -56,6 +56,9 @@ extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns,
- struct pid *pid, struct task_struct *task);
- extern int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns,
- struct pid *pid, struct task_struct *task);
+@@ -155,6 +155,9 @@ extern int proc_pid_status(struct seq_file *, struct pid_namespace *,
+ struct pid *, struct task_struct *);
+ extern int proc_pid_statm(struct seq_file *, struct pid_namespace *,
+ struct pid *, struct task_struct *);
+#ifdef CONFIG_GRKERNSEC_PROC_IPADDR
+extern int proc_pid_ipaddr(struct task_struct *task, char *buffer);
+#endif
- extern loff_t mem_lseek(struct file *file, loff_t offset, int orig);
- extern const struct file_operations proc_tid_children_operations;
+ /*
+ * base.c
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
-index eda6f01..006ae24 100644
+index 0a22194..a9fc8c1 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
-@@ -481,9 +481,10 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
+@@ -484,9 +484,10 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
* the addresses in the elf_phdr on our list.
*/
start = kc_offset_to_vaddr(*fpos - elf_buflen);
@@ -56656,12 +58131,14 @@ index eda6f01..006ae24 100644
while (buflen) {
struct kcore_list *m;
-@@ -512,20 +513,23 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
+@@ -515,20 +516,23 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
kfree(elf_buf);
} else {
if (kern_addr_valid(start)) {
- unsigned long n;
--
++ char *elf_buf;
++ mm_segment_t oldfs;
+
- n = copy_to_user(buffer, (char *)start, tsz);
- /*
- * We cannot distinguish between fault on source
@@ -56672,9 +58149,6 @@ index eda6f01..006ae24 100644
- if (n) {
- if (clear_user(buffer + tsz - n,
- n))
-+ char *elf_buf;
-+ mm_segment_t oldfs;
-+
+ elf_buf = kmalloc(tsz, GFP_KERNEL);
+ if (!elf_buf)
+ return -ENOMEM;
@@ -56692,7 +58166,7 @@ index eda6f01..006ae24 100644
} else {
if (clear_user(buffer, tsz))
return -EFAULT;
-@@ -545,6 +549,9 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
+@@ -548,6 +552,9 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos)
static int open_kcore(struct inode *inode, struct file *filp)
{
@@ -56703,10 +58177,10 @@ index eda6f01..006ae24 100644
return -EPERM;
if (kcore_need_update)
diff --git a/fs/proc/meminfo.c b/fs/proc/meminfo.c
-index 1efaaa1..834e49a 100644
+index 5aa847a..f77c8d4 100644
--- a/fs/proc/meminfo.c
+++ b/fs/proc/meminfo.c
-@@ -158,7 +158,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v)
+@@ -159,7 +159,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v)
vmi.used >> 10,
vmi.largest_chunk >> 10
#ifdef CONFIG_MEMORY_FAILURE
@@ -56729,7 +58203,7 @@ index ccfd99b..1b7e255 100644
seq_putc(m, '\n');
diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c
-index b4ac657..0842bd2 100644
+index 986e832..6e8e859 100644
--- a/fs/proc/proc_net.c
+++ b/fs/proc/proc_net.c
@@ -23,6 +23,7 @@
@@ -56740,7 +58214,7 @@ index b4ac657..0842bd2 100644
#include "internal.h"
-@@ -105,6 +106,17 @@ static struct net *get_proc_task_net(struct inode *dir)
+@@ -109,6 +110,17 @@ static struct net *get_proc_task_net(struct inode *dir)
struct task_struct *task;
struct nsproxy *ns;
struct net *net = NULL;
@@ -56946,10 +58420,10 @@ index ac05f33..1e6dc7e 100644
kfree(ctl_table_arg);
goto out;
diff --git a/fs/proc/root.c b/fs/proc/root.c
-index 9c7fab1..ed1c8e0 100644
+index 41a6ea9..23eaa92 100644
--- a/fs/proc/root.c
+++ b/fs/proc/root.c
-@@ -180,7 +180,15 @@ void __init proc_root_init(void)
+@@ -182,7 +182,15 @@ void __init proc_root_init(void)
#ifdef CONFIG_PROC_DEVICETREE
proc_device_tree_init();
#endif
@@ -56966,10 +58440,10 @@ index 9c7fab1..ed1c8e0 100644
}
diff --git a/fs/proc/self.c b/fs/proc/self.c
-index aa5cc3b..c91a5d0 100644
+index 6b6a993..807cccc 100644
--- a/fs/proc/self.c
+++ b/fs/proc/self.c
-@@ -37,7 +37,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd)
+@@ -39,7 +39,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd)
static void proc_self_put_link(struct dentry *dentry, struct nameidata *nd,
void *cookie)
{
@@ -56979,7 +58453,7 @@ index aa5cc3b..c91a5d0 100644
kfree(s);
}
diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c
-index 3e636d8..83e3b71 100644
+index 3e636d8..350cc48 100644
--- a/fs/proc/task_mmu.c
+++ b/fs/proc/task_mmu.c
@@ -11,12 +11,19 @@
@@ -57146,6 +58620,34 @@ index 3e636d8..83e3b71 100644
mss.resident >> 10,
(unsigned long)(mss.pss >> (10 + PSS_SHIFT)),
mss.shared_clean >> 10,
+@@ -792,14 +843,14 @@ typedef struct {
+ } pagemap_entry_t;
+
+ struct pagemapread {
+- int pos, len;
++ int pos, len; /* units: PM_ENTRY_BYTES, not bytes */
+ pagemap_entry_t *buffer;
+ };
+
+ #define PAGEMAP_WALK_SIZE (PMD_SIZE)
+ #define PAGEMAP_WALK_MASK (PMD_MASK)
+
+-#define PM_ENTRY_BYTES sizeof(u64)
++#define PM_ENTRY_BYTES sizeof(pagemap_entry_t)
+ #define PM_STATUS_BITS 3
+ #define PM_STATUS_OFFSET (64 - PM_STATUS_BITS)
+ #define PM_STATUS_MASK (((1LL << PM_STATUS_BITS) - 1) << PM_STATUS_OFFSET)
+@@ -1038,8 +1089,8 @@ static ssize_t pagemap_read(struct file *file, char __user *buf,
+ if (!count)
+ goto out_task;
+
+- pm.len = PM_ENTRY_BYTES * (PAGEMAP_WALK_SIZE >> PAGE_SHIFT);
+- pm.buffer = kmalloc(pm.len, GFP_TEMPORARY);
++ pm.len = (PAGEMAP_WALK_SIZE >> PAGE_SHIFT);
++ pm.buffer = kmalloc(pm.len * PM_ENTRY_BYTES, GFP_TEMPORARY);
+ ret = -ENOMEM;
+ if (!pm.buffer)
+ goto out_task;
@@ -1264,6 +1315,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid)
int n;
char buffer[50];
@@ -57200,10 +58702,10 @@ index 56123a6..5a2f6ec 100644
pid_t tid = vm_is_stack(priv->task, vma, is_pid);
diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c
-index b870f74..e9048df 100644
+index 17f7e08..e4b1529 100644
--- a/fs/proc/vmcore.c
+++ b/fs/proc/vmcore.c
-@@ -98,9 +98,13 @@ static ssize_t read_from_oldmem(char *buf, size_t count,
+@@ -99,9 +99,13 @@ static ssize_t read_from_oldmem(char *buf, size_t count,
nr_bytes = count;
/* If pfn is not ram, return zeros for sparse dump files */
@@ -57220,7 +58722,7 @@ index b870f74..e9048df 100644
tmp = copy_oldmem_page(pfn, buf, nr_bytes,
offset, userbuf);
if (tmp < 0)
-@@ -185,7 +189,7 @@ static ssize_t read_vmcore(struct file *file, char __user *buffer,
+@@ -186,7 +190,7 @@ static ssize_t read_vmcore(struct file *file, char __user *buffer,
if (tsz > nr_bytes)
tsz = nr_bytes;
@@ -57274,10 +58776,10 @@ index 16e8abb..2dcf914 100644
if (!msg_head) {
printk(KERN_ERR
diff --git a/fs/read_write.c b/fs/read_write.c
-index e6ddc8d..9155227 100644
+index 2cefa41..c7e2fe0 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
-@@ -429,7 +429,7 @@ ssize_t __kernel_write(struct file *file, const char *buf, size_t count, loff_t
+@@ -411,7 +411,7 @@ ssize_t __kernel_write(struct file *file, const char *buf, size_t count, loff_t
old_fs = get_fs();
set_fs(get_ds());
@@ -57402,10 +58904,10 @@ index 2b7882b..1c5ef48 100644
/* balance leaf returns 0 except if combining L R and S into
diff --git a/fs/reiserfs/procfs.c b/fs/reiserfs/procfs.c
-index 9cc0740a..46bf953 100644
+index 1d48974..2f8f4e0 100644
--- a/fs/reiserfs/procfs.c
+++ b/fs/reiserfs/procfs.c
-@@ -112,7 +112,7 @@ static int show_super(struct seq_file *m, struct super_block *sb)
+@@ -114,7 +114,7 @@ static int show_super(struct seq_file *m, void *unused)
"SMALL_TAILS " : "NO_TAILS ",
replay_only(sb) ? "REPLAY_ONLY " : "",
convert_reiserfs(sb) ? "CONV " : "",
@@ -57457,7 +58959,7 @@ index 8c1c96c..a0f9b6d 100644
return -EINVAL;
diff --git a/fs/seq_file.c b/fs/seq_file.c
-index 38bb59f..a304f9d 100644
+index 774c1eb..b67582a 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -10,6 +10,7 @@
@@ -57524,10 +59026,10 @@ index 38bb59f..a304f9d 100644
if (op) {
diff --git a/fs/splice.c b/fs/splice.c
-index 29e394e..b13c247 100644
+index d37431d..81c3044 100644
--- a/fs/splice.c
+++ b/fs/splice.c
-@@ -195,7 +195,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
+@@ -196,7 +196,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
pipe_lock(pipe);
for (;;) {
@@ -57536,7 +59038,16 @@ index 29e394e..b13c247 100644
send_sig(SIGPIPE, current, 0);
if (!ret)
ret = -EPIPE;
-@@ -249,9 +249,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
+@@ -219,7 +219,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
+ page_nr++;
+ ret += buf->len;
+
+- if (pipe->files)
++ if (atomic_read(&pipe->files))
+ do_wakeup = 1;
+
+ if (!--spd->nr_pages)
+@@ -250,9 +250,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe,
do_wakeup = 0;
}
@@ -57548,7 +59059,7 @@ index 29e394e..b13c247 100644
}
pipe_unlock(pipe);
-@@ -564,7 +564,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec,
+@@ -565,7 +565,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec,
old_fs = get_fs();
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
@@ -57557,7 +59068,7 @@ index 29e394e..b13c247 100644
set_fs(old_fs);
return res;
-@@ -579,7 +579,7 @@ ssize_t kernel_write(struct file *file, const char *buf, size_t count,
+@@ -580,7 +580,7 @@ ssize_t kernel_write(struct file *file, const char *buf, size_t count,
old_fs = get_fs();
set_fs(get_ds());
/* The cast to a user pointer is valid due to the set_fs() */
@@ -57566,7 +59077,7 @@ index 29e394e..b13c247 100644
set_fs(old_fs);
return res;
-@@ -632,7 +632,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
+@@ -633,7 +633,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
goto err;
this_len = min_t(size_t, len, PAGE_CACHE_SIZE - offset);
@@ -57575,7 +59086,16 @@ index 29e394e..b13c247 100644
vec[i].iov_len = this_len;
spd.pages[i] = page;
spd.nr_pages++;
-@@ -853,10 +853,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed);
+@@ -829,7 +829,7 @@ int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_desc *sd,
+ ops->release(pipe, buf);
+ pipe->curbuf = (pipe->curbuf + 1) & (pipe->buffers - 1);
+ pipe->nrbufs--;
+- if (pipe->files)
++ if (atomic_read(&pipe->files))
+ sd->need_wakeup = true;
+ }
+
+@@ -854,10 +854,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed);
int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd)
{
while (!pipe->nrbufs) {
@@ -57588,7 +59108,7 @@ index 29e394e..b13c247 100644
return 0;
if (sd->flags & SPLICE_F_NONBLOCK)
-@@ -1192,7 +1192,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
+@@ -1193,7 +1193,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
* out of the pipe right after the splice_to_pipe(). So set
* PIPE_READERS appropriately.
*/
@@ -57597,7 +59117,7 @@ index 29e394e..b13c247 100644
current->splice_pipe = pipe;
}
-@@ -1741,9 +1741,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
+@@ -1769,9 +1769,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
ret = -ERESTARTSYS;
break;
}
@@ -57609,7 +59129,7 @@ index 29e394e..b13c247 100644
if (flags & SPLICE_F_NONBLOCK) {
ret = -EAGAIN;
break;
-@@ -1775,7 +1775,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
+@@ -1803,7 +1803,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
pipe_lock(pipe);
while (pipe->nrbufs >= pipe->buffers) {
@@ -57618,7 +59138,7 @@ index 29e394e..b13c247 100644
send_sig(SIGPIPE, current, 0);
ret = -EPIPE;
break;
-@@ -1788,9 +1788,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
+@@ -1816,9 +1816,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
ret = -ERESTARTSYS;
break;
}
@@ -57630,7 +59150,7 @@ index 29e394e..b13c247 100644
}
pipe_unlock(pipe);
-@@ -1826,14 +1826,14 @@ retry:
+@@ -1854,14 +1854,14 @@ retry:
pipe_double_lock(ipipe, opipe);
do {
@@ -57647,7 +59167,7 @@ index 29e394e..b13c247 100644
break;
/*
-@@ -1930,7 +1930,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
+@@ -1958,7 +1958,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
pipe_double_lock(ipipe, opipe);
do {
@@ -57656,7 +59176,7 @@ index 29e394e..b13c247 100644
send_sig(SIGPIPE, current, 0);
if (!ret)
ret = -EPIPE;
-@@ -1975,7 +1975,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
+@@ -2003,7 +2003,7 @@ static int link_pipe(struct pipe_inode_info *ipipe,
* return EAGAIN if we have the potential of some data in the
* future, otherwise just return 0
*/
@@ -57702,63 +59222,6 @@ index 04ce1ac..a13dd1e 100644
generic_fillattr(inode, stat);
return 0;
-diff --git a/fs/super.c b/fs/super.c
-index 7465d43..68307c0 100644
---- a/fs/super.c
-+++ b/fs/super.c
-@@ -336,19 +336,19 @@ EXPORT_SYMBOL(deactivate_super);
- * and want to turn it into a full-blown active reference. grab_super()
- * is called with sb_lock held and drops it. Returns 1 in case of
- * success, 0 if we had failed (superblock contents was already dead or
-- * dying when grab_super() had been called).
-+ * dying when grab_super() had been called). Note that this is only
-+ * called for superblocks not in rundown mode (== ones still on ->fs_supers
-+ * of their type), so increment of ->s_count is OK here.
- */
- static int grab_super(struct super_block *s) __releases(sb_lock)
- {
-- if (atomic_inc_not_zero(&s->s_active)) {
-- spin_unlock(&sb_lock);
-- return 1;
-- }
-- /* it's going away */
- s->s_count++;
- spin_unlock(&sb_lock);
-- /* wait for it to die */
- down_write(&s->s_umount);
-+ if ((s->s_flags & MS_BORN) && atomic_inc_not_zero(&s->s_active)) {
-+ put_super(s);
-+ return 1;
-+ }
- up_write(&s->s_umount);
- put_super(s);
- return 0;
-@@ -463,11 +463,6 @@ retry:
- destroy_super(s);
- s = NULL;
- }
-- down_write(&old->s_umount);
-- if (unlikely(!(old->s_flags & MS_BORN))) {
-- deactivate_locked_super(old);
-- goto retry;
-- }
- return old;
- }
- }
-@@ -660,10 +655,10 @@ restart:
- if (hlist_unhashed(&sb->s_instances))
- continue;
- if (sb->s_bdev == bdev) {
-- if (grab_super(sb)) /* drops sb_lock */
-- return sb;
-- else
-+ if (!grab_super(sb))
- goto restart;
-+ up_write(&sb->s_umount);
-+ return sb;
- }
- }
- spin_unlock(&sb_lock);
diff --git a/fs/sysfs/bin.c b/fs/sysfs/bin.c
index 15c68f9..36a8b3e 100644
--- a/fs/sysfs/bin.c
@@ -57781,7 +59244,7 @@ index 15c68f9..36a8b3e 100644
if (!bb->vm_ops)
return -EINVAL;
diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
-index 6f31590..3c87c8a 100644
+index e8e0e71..79c28ac5 100644
--- a/fs/sysfs/dir.c
+++ b/fs/sysfs/dir.c
@@ -40,7 +40,7 @@ static DEFINE_IDA(sysfs_ino_ida);
@@ -57793,7 +59256,7 @@ index 6f31590..3c87c8a 100644
{
unsigned long hash = init_name_hash();
unsigned int len = strlen(name);
-@@ -685,6 +685,18 @@ static int create_dir(struct kobject *kobj, struct sysfs_dirent *parent_sd,
+@@ -679,6 +679,18 @@ static int create_dir(struct kobject *kobj, struct sysfs_dirent *parent_sd,
struct sysfs_dirent *sd;
int rc;
@@ -57804,7 +59267,7 @@ index 6f31590..3c87c8a 100644
+
+ if ((!strcmp(parent_name, "") && (!strcmp(name, "devices") || !strcmp(name, "fs"))) ||
+ (!strcmp(parent_name, "devices") && !strcmp(name, "system")) ||
-+ (!strcmp(parent_name, "fs") && (!strcmp(name, "selinux") || !strcmp(name, "fuse"))) ||
++ (!strcmp(parent_name, "fs") && (!strcmp(name, "selinux") || !strcmp(name, "fuse") || !strcmp(name, "ecryptfs"))) ||
+ (!strcmp(parent_name, "system") && !strcmp(name, "cpu")))
+ mode = S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO;
+#endif
@@ -58068,20 +59531,20 @@ index 9fbea87..6b19972 100644
struct posix_acl *acl;
struct posix_acl_entry *acl_e;
diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c
-index b44af92..06073da 100644
+index 8904284..ee0e14b 100644
--- a/fs/xfs/xfs_bmap.c
+++ b/fs/xfs/xfs_bmap.c
-@@ -192,7 +192,7 @@ xfs_bmap_validate_ret(
- int nmap,
- int ret_nmap);
+@@ -765,7 +765,7 @@ xfs_bmap_validate_ret(
+
#else
+ #define xfs_bmap_check_leaf_extents(cur, ip, whichfork) do { } while (0)
-#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap)
-+#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap) do {} while (0)
++#define xfs_bmap_validate_ret(bno,len,flags,mval,onmap,nmap) do { } while (0)
#endif /* DEBUG */
- STATIC int
+ /*
diff --git a/fs/xfs/xfs_dir2_sf.c b/fs/xfs/xfs_dir2_sf.c
-index 1b9fc3e..e1bdde0 100644
+index 6157424..ac98f6d 100644
--- a/fs/xfs/xfs_dir2_sf.c
+++ b/fs/xfs/xfs_dir2_sf.c
@@ -851,7 +851,15 @@ xfs_dir2_sf_getdents(
@@ -58102,7 +59565,7 @@ index 1b9fc3e..e1bdde0 100644
*offset = off & 0x7fffffff;
return 0;
diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
-index d681e34..2a3f5ab 100644
+index 5e99968..45bd327 100644
--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c
@@ -127,7 +127,7 @@ xfs_find_handle(
@@ -58129,10 +59592,10 @@ index ca9ecaa..60100c7 100644
kfree(s);
diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig
new file mode 100644
-index 0000000..c9c4ac3
+index 0000000..712a85d
--- /dev/null
+++ b/grsecurity/Kconfig
-@@ -0,0 +1,1054 @@
+@@ -0,0 +1,1043 @@
+#
+# grecurity configuration
+#
@@ -58843,22 +60306,11 @@ index 0000000..c9c4ac3
+ help
+ If you say Y here, calls to mmap() and mprotect() with explicit
+ usage of PROT_WRITE and PROT_EXEC together will be logged when
-+ denied by the PAX_MPROTECT feature. If the sysctl option is
-+ enabled, a sysctl option with name "rwxmap_logging" is created.
-+
-+config GRKERNSEC_AUDIT_TEXTREL
-+ bool 'ELF text relocations logging (READ HELP)'
-+ depends on PAX_MPROTECT
-+ help
-+ If you say Y here, text relocations will be logged with the filename
-+ of the offending library or binary. The purpose of the feature is
-+ to help Linux distribution developers get rid of libraries and
-+ binaries that need text relocations which hinder the future progress
-+ of PaX. Only Linux distribution developers should say Y here, and
-+ never on a production machine, as this option creates an information
-+ leak that could aid an attacker in defeating the randomization of
-+ a single memory region. If the sysctl option is enabled, a sysctl
-+ option with name "audit_textrel" is created.
++ denied by the PAX_MPROTECT feature. This feature will also
++ log other problematic scenarios that can occur when PAX_MPROTECT
++ is enabled on a binary, like textrels and PT_GNU_STACK. If the
++ sysctl option is enabled, a sysctl option with name "rwxmap_logging"
++ is created.
+
+endmenu
+
@@ -59189,10 +60641,10 @@ index 0000000..c9c4ac3
+endmenu
diff --git a/grsecurity/Makefile b/grsecurity/Makefile
new file mode 100644
-index 0000000..1b9afa9
+index 0000000..36845aa
--- /dev/null
+++ b/grsecurity/Makefile
-@@ -0,0 +1,38 @@
+@@ -0,0 +1,42 @@
+# grsecurity's ACL system was originally written in 2001 by Michael Dalton
+# during 2001-2009 it has been completely redesigned by Brad Spengler
+# into an RBAC system
@@ -59210,6 +60662,10 @@ index 0000000..1b9afa9
+obj-$(CONFIG_GRKERNSEC) += grsec_init.o grsum.o gracl.o gracl_segv.o \
+ gracl_cap.o gracl_alloc.o gracl_shm.o grsec_mem.o gracl_fs.o \
+ gracl_learn.o grsec_log.o
++ifdef CONFIG_COMPAT
++obj-$(CONFIG_GRKERNSEC) += gracl_compat.o
++endif
++
+obj-$(CONFIG_GRKERNSEC_RESLOG) += gracl_res.o
+
+ifdef CONFIG_NET
@@ -59233,10 +60689,10 @@ index 0000000..1b9afa9
+endif
diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c
new file mode 100644
-index 0000000..0d5c602
+index 0000000..c0793fd
--- /dev/null
+++ b/grsecurity/gracl.c
-@@ -0,0 +1,4073 @@
+@@ -0,0 +1,4178 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -59339,6 +60795,144 @@ index 0000000..0d5c602
+extern void gr_remove_uid(uid_t uid);
+extern int gr_find_uid(uid_t uid);
+
++static int copy_acl_object_label_normal(struct acl_object_label *obj, const struct acl_object_label *userp)
++{
++ if (copy_from_user(obj, userp, sizeof(struct acl_object_label)))
++ return -EFAULT;
++
++ return 0;
++}
++
++static int copy_acl_ip_label_normal(struct acl_ip_label *ip, const struct acl_ip_label *userp)
++{
++ if (copy_from_user(ip, userp, sizeof(struct acl_ip_label)))
++ return -EFAULT;
++
++ return 0;
++}
++
++static int copy_acl_subject_label_normal(struct acl_subject_label *subj, const struct acl_subject_label *userp)
++{
++ if (copy_from_user(subj, userp, sizeof(struct acl_subject_label)))
++ return -EFAULT;
++
++ return 0;
++}
++
++static int copy_acl_role_label_normal(struct acl_role_label *role, const struct acl_role_label *userp)
++{
++ if (copy_from_user(role, userp, sizeof(struct acl_role_label)))
++ return -EFAULT;
++
++ return 0;
++}
++
++static int copy_role_allowed_ip_normal(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp)
++{
++ if (copy_from_user(roleip, userp, sizeof(struct role_allowed_ip)))
++ return -EFAULT;
++
++ return 0;
++}
++
++static int copy_sprole_pw_normal(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp)
++{
++ if (copy_from_user(pw, userp + idx, sizeof(struct sprole_pw)))
++ return -EFAULT;
++
++ return 0;
++}
++
++static int copy_gr_hash_struct_normal(struct gr_hash_struct *hash, const struct gr_hash_struct *userp)
++{
++ if (copy_from_user(hash, userp, sizeof(struct gr_hash_struct)))
++ return -EFAULT;
++
++ return 0;
++}
++
++static int copy_role_transition_normal(struct role_transition *trans, const struct role_transition *userp)
++{
++ if (copy_from_user(trans, userp, sizeof(struct role_transition)))
++ return -EFAULT;
++
++ return 0;
++}
++
++int copy_pointer_from_array_normal(void *ptr, unsigned long idx, const void *userp)
++{
++ if (copy_from_user(ptr, userp + (idx * sizeof(void *)), sizeof(void *)))
++ return -EFAULT;
++
++ return 0;
++}
++
++static int copy_gr_arg_wrapper_normal(const char __user *buf, struct gr_arg_wrapper *uwrap)
++{
++ if (copy_from_user(uwrap, buf, sizeof (struct gr_arg_wrapper)))
++ return -EFAULT;
++
++ if ((uwrap->version != GRSECURITY_VERSION) || (uwrap->size != sizeof(struct gr_arg)))
++ return -EINVAL;
++
++ return 0;
++}
++
++static int copy_gr_arg_normal(const struct gr_arg __user *buf, struct gr_arg *arg)
++{
++ if (copy_from_user(arg, buf, sizeof (struct gr_arg)))
++ return -EFAULT;
++
++ return 0;
++}
++
++static size_t get_gr_arg_wrapper_size_normal(void)
++{
++ return sizeof(struct gr_arg_wrapper);
++}
++
++#ifdef CONFIG_COMPAT
++extern int copy_gr_arg_wrapper_compat(const char *buf, struct gr_arg_wrapper *uwrap);
++extern int copy_gr_arg_compat(const struct gr_arg __user *buf, struct gr_arg *arg);
++extern int copy_acl_object_label_compat(struct acl_object_label *obj, const struct acl_object_label *userp);
++extern int copy_acl_subject_label_compat(struct acl_subject_label *subj, const struct acl_subject_label *userp);
++extern int copy_acl_role_label_compat(struct acl_role_label *role, const struct acl_role_label *userp);
++extern int copy_role_allowed_ip_compat(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp);
++extern int copy_role_transition_compat(struct role_transition *trans, const struct role_transition *userp);
++extern int copy_gr_hash_struct_compat(struct gr_hash_struct *hash, const struct gr_hash_struct *userp);
++extern int copy_pointer_from_array_compat(void *ptr, unsigned long idx, const void *userp);
++extern int copy_acl_ip_label_compat(struct acl_ip_label *ip, const struct acl_ip_label *userp);
++extern int copy_sprole_pw_compat(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp);
++extern size_t get_gr_arg_wrapper_size_compat(void);
++
++int (* copy_gr_arg_wrapper)(const char *buf, struct gr_arg_wrapper *uwrap) __read_only;
++int (* copy_gr_arg)(const struct gr_arg *buf, struct gr_arg *arg) __read_only;
++int (* copy_acl_object_label)(struct acl_object_label *obj, const struct acl_object_label *userp) __read_only;
++int (* copy_acl_subject_label)(struct acl_subject_label *subj, const struct acl_subject_label *userp) __read_only;
++int (* copy_acl_role_label)(struct acl_role_label *role, const struct acl_role_label *userp) __read_only;
++int (* copy_acl_ip_label)(struct acl_ip_label *ip, const struct acl_ip_label *userp) __read_only;
++int (* copy_pointer_from_array)(void *ptr, unsigned long idx, const void *userp) __read_only;
++int (* copy_sprole_pw)(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp) __read_only;
++int (* copy_gr_hash_struct)(struct gr_hash_struct *hash, const struct gr_hash_struct *userp) __read_only;
++int (* copy_role_transition)(struct role_transition *trans, const struct role_transition *userp) __read_only;
++int (* copy_role_allowed_ip)(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp) __read_only;
++size_t (* get_gr_arg_wrapper_size)(void) __read_only;
++
++#else
++#define copy_gr_arg_wrapper copy_gr_arg_wrapper_normal
++#define copy_gr_arg copy_gr_arg_normal
++#define copy_gr_hash_struct copy_gr_hash_struct_normal
++#define copy_acl_object_label copy_acl_object_label_normal
++#define copy_acl_subject_label copy_acl_subject_label_normal
++#define copy_acl_role_label copy_acl_role_label_normal
++#define copy_acl_ip_label copy_acl_ip_label_normal
++#define copy_pointer_from_array copy_pointer_from_array_normal
++#define copy_sprole_pw copy_sprole_pw_normal
++#define copy_role_transition copy_role_transition_normal
++#define copy_role_allowed_ip copy_role_allowed_ip_normal
++#define get_gr_arg_wrapper_size get_gr_arg_wrapper_size_normal
++#endif
++
+__inline__ int
+gr_acl_is_enabled(void)
+{
@@ -60282,33 +61876,34 @@ index 0000000..0d5c602
+ return;
+}
+
-+static __u32
-+count_user_objs(struct acl_object_label *userp)
++static struct acl_subject_label *
++do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role, int *already_copied);
++
++static int alloc_and_copy_string(char **name, unsigned int maxlen)
+{
-+ struct acl_object_label o_tmp;
-+ __u32 num = 0;
++ unsigned int len = strnlen_user(*name, maxlen);
++ char *tmp;
+
-+ while (userp) {
-+ if (copy_from_user(&o_tmp, userp,
-+ sizeof (struct acl_object_label)))
-+ break;
++ if (!len || len >= maxlen)
++ return -EINVAL;
+
-+ userp = o_tmp.prev;
-+ num++;
-+ }
++ if ((tmp = (char *) acl_alloc(len)) == NULL)
++ return -ENOMEM;
+
-+ return num;
-+}
++ if (copy_from_user(tmp, *name, len))
++ return -EFAULT;
+
-+static struct acl_subject_label *
-+do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role, int *already_copied);
++ tmp[len-1] = '\0';
++ *name = tmp;
++
++ return 0;
++}
+
+static int
+copy_user_glob(struct acl_object_label *obj)
+{
+ struct acl_object_label *g_tmp, **guser;
-+ unsigned int len;
-+ char *tmp;
++ int error;
+
+ if (obj->globbed == NULL)
+ return 0;
@@ -60320,22 +61915,12 @@ index 0000000..0d5c602
+ if (g_tmp == NULL)
+ return -ENOMEM;
+
-+ if (copy_from_user(g_tmp, *guser,
-+ sizeof (struct acl_object_label)))
++ if (copy_acl_object_label(g_tmp, *guser))
+ return -EFAULT;
+
-+ len = strnlen_user(g_tmp->filename, PATH_MAX);
-+
-+ if (!len || len >= PATH_MAX)
-+ return -EINVAL;
-+
-+ if ((tmp = (char *) acl_alloc(len)) == NULL)
-+ return -ENOMEM;
-+
-+ if (copy_from_user(tmp, g_tmp->filename, len))
-+ return -EFAULT;
-+ tmp[len-1] = '\0';
-+ g_tmp->filename = tmp;
++ error = alloc_and_copy_string(&g_tmp->filename, PATH_MAX);
++ if (error)
++ return error;
+
+ *guser = g_tmp;
+ guser = &(g_tmp->next);
@@ -60349,33 +61934,21 @@ index 0000000..0d5c602
+ struct acl_role_label *role)
+{
+ struct acl_object_label *o_tmp;
-+ unsigned int len;
+ int ret;
-+ char *tmp;
+
+ while (userp) {
+ if ((o_tmp = (struct acl_object_label *)
+ acl_alloc(sizeof (struct acl_object_label))) == NULL)
+ return -ENOMEM;
+
-+ if (copy_from_user(o_tmp, userp,
-+ sizeof (struct acl_object_label)))
++ if (copy_acl_object_label(o_tmp, userp))
+ return -EFAULT;
+
+ userp = o_tmp->prev;
+
-+ len = strnlen_user(o_tmp->filename, PATH_MAX);
-+
-+ if (!len || len >= PATH_MAX)
-+ return -EINVAL;
-+
-+ if ((tmp = (char *) acl_alloc(len)) == NULL)
-+ return -ENOMEM;
-+
-+ if (copy_from_user(tmp, o_tmp->filename, len))
-+ return -EFAULT;
-+ tmp[len-1] = '\0';
-+ o_tmp->filename = tmp;
++ ret = alloc_and_copy_string(&o_tmp->filename, PATH_MAX);
++ if (ret)
++ return ret;
+
+ insert_acl_obj_label(o_tmp, subj);
+ if (!insert_name_entry(o_tmp->filename, o_tmp->inode,
@@ -60412,8 +61985,7 @@ index 0000000..0d5c602
+ __u32 num = 0;
+
+ while (userp) {
-+ if (copy_from_user(&s_tmp, userp,
-+ sizeof (struct acl_subject_label)))
++ if (copy_acl_subject_label(&s_tmp, userp))
+ break;
+
+ userp = s_tmp.prev;
@@ -60436,8 +62008,7 @@ index 0000000..0d5c602
+ acl_alloc(sizeof (struct role_allowed_ip))) == NULL)
+ return -ENOMEM;
+
-+ if (copy_from_user(rtmp, ruserip,
-+ sizeof (struct role_allowed_ip)))
++ if (copy_role_allowed_ip(rtmp, ruserip))
+ return -EFAULT;
+
+ ruserip = rtmp->prev;
@@ -60461,9 +62032,7 @@ index 0000000..0d5c602
+copy_user_transitions(struct acl_role_label *rolep)
+{
+ struct role_transition *rusertp, *rtmp = NULL, *rlast;
-+
-+ unsigned int len;
-+ char *tmp;
++ int error;
+
+ rusertp = rolep->transitions;
+
@@ -60474,24 +62043,14 @@ index 0000000..0d5c602
+ acl_alloc(sizeof (struct role_transition))) == NULL)
+ return -ENOMEM;
+
-+ if (copy_from_user(rtmp, rusertp,
-+ sizeof (struct role_transition)))
++ if (copy_role_transition(rtmp, rusertp))
+ return -EFAULT;
+
+ rusertp = rtmp->prev;
+
-+ len = strnlen_user(rtmp->rolename, GR_SPROLE_LEN);
-+
-+ if (!len || len >= GR_SPROLE_LEN)
-+ return -EINVAL;
-+
-+ if ((tmp = (char *) acl_alloc(len)) == NULL)
-+ return -ENOMEM;
-+
-+ if (copy_from_user(tmp, rtmp->rolename, len))
-+ return -EFAULT;
-+ tmp[len-1] = '\0';
-+ rtmp->rolename = tmp;
++ error = alloc_and_copy_string(&rtmp->rolename, GR_SPROLE_LEN);
++ if (error)
++ return error;
+
+ if (!rlast) {
+ rtmp->prev = NULL;
@@ -60508,12 +62067,26 @@ index 0000000..0d5c602
+ return 0;
+}
+
++static __u32 count_user_objs(const struct acl_object_label __user *userp)
++{
++ struct acl_object_label o_tmp;
++ __u32 num = 0;
++
++ while (userp) {
++ if (copy_acl_object_label(&o_tmp, userp))
++ break;
++
++ userp = o_tmp.prev;
++ num++;
++ }
++
++ return num;
++}
++
+static struct acl_subject_label *
+do_copy_user_subj(struct acl_subject_label *userp, struct acl_role_label *role, int *already_copied)
+{
+ struct acl_subject_label *s_tmp = NULL, *s_tmp2;
-+ unsigned int len;
-+ char *tmp;
+ __u32 num_objs;
+ struct acl_ip_label **i_tmp, *i_utmp2;
+ struct gr_hash_struct ghash;
@@ -60547,27 +62120,17 @@ index 0000000..0d5c602
+ subjmap->kernel = s_tmp;
+ insert_subj_map_entry(subjmap);
+
-+ if (copy_from_user(s_tmp, userp,
-+ sizeof (struct acl_subject_label)))
++ if (copy_acl_subject_label(s_tmp, userp))
+ return ERR_PTR(-EFAULT);
+
-+ len = strnlen_user(s_tmp->filename, PATH_MAX);
-+
-+ if (!len || len >= PATH_MAX)
-+ return ERR_PTR(-EINVAL);
-+
-+ if ((tmp = (char *) acl_alloc(len)) == NULL)
-+ return ERR_PTR(-ENOMEM);
-+
-+ if (copy_from_user(tmp, s_tmp->filename, len))
-+ return ERR_PTR(-EFAULT);
-+ tmp[len-1] = '\0';
-+ s_tmp->filename = tmp;
++ err = alloc_and_copy_string(&s_tmp->filename, PATH_MAX);
++ if (err)
++ return ERR_PTR(err);
+
+ if (!strcmp(s_tmp->filename, "/"))
+ role->root_label = s_tmp;
+
-+ if (copy_from_user(&ghash, s_tmp->hash, sizeof(struct gr_hash_struct)))
++ if (copy_gr_hash_struct(&ghash, s_tmp->hash))
+ return ERR_PTR(-EFAULT);
+
+ /* copy user and group transition tables */
@@ -60648,28 +62211,18 @@ index 0000000..0d5c602
+ if (!*(i_tmp + i_num))
+ return ERR_PTR(-ENOMEM);
+
-+ if (copy_from_user
-+ (&i_utmp2, s_tmp->ips + i_num,
-+ sizeof (struct acl_ip_label *)))
++ if (copy_pointer_from_array(&i_utmp2, i_num, s_tmp->ips))
+ return ERR_PTR(-EFAULT);
+
-+ if (copy_from_user
-+ (*(i_tmp + i_num), i_utmp2,
-+ sizeof (struct acl_ip_label)))
++ if (copy_acl_ip_label(*(i_tmp + i_num), i_utmp2))
+ return ERR_PTR(-EFAULT);
+
+ if ((*(i_tmp + i_num))->iface == NULL)
+ continue;
+
-+ len = strnlen_user((*(i_tmp + i_num))->iface, IFNAMSIZ);
-+ if (!len || len >= IFNAMSIZ)
-+ return ERR_PTR(-EINVAL);
-+ tmp = acl_alloc(len);
-+ if (tmp == NULL)
-+ return ERR_PTR(-ENOMEM);
-+ if (copy_from_user(tmp, (*(i_tmp + i_num))->iface, len))
-+ return ERR_PTR(-EFAULT);
-+ (*(i_tmp + i_num))->iface = tmp;
++ err = alloc_and_copy_string(&(*(i_tmp + i_num))->iface, IFNAMSIZ);
++ if (err)
++ return ERR_PTR(err);
+ }
+
+ s_tmp->ips = i_tmp;
@@ -60690,8 +62243,7 @@ index 0000000..0d5c602
+ int err;
+
+ while (userp) {
-+ if (copy_from_user(&s_pre, userp,
-+ sizeof (struct acl_subject_label)))
++ if (copy_acl_subject_label(&s_pre, userp))
+ return -EFAULT;
+
+ ret = do_copy_user_subj(userp, role, NULL);
@@ -60717,8 +62269,6 @@ index 0000000..0d5c602
+ struct gr_hash_struct *ghash;
+ uid_t *domainlist;
+ unsigned int r_num;
-+ unsigned int len;
-+ char *tmp;
+ int err = 0;
+ __u16 i;
+ __u32 num_subjs;
@@ -60739,26 +62289,17 @@ index 0000000..0d5c602
+ sptmp = (struct sprole_pw *) acl_alloc(sizeof(struct sprole_pw));
+ if (!sptmp)
+ return -ENOMEM;
-+ if (copy_from_user(sptmp, arg->sprole_pws + i,
-+ sizeof (struct sprole_pw)))
++ if (copy_sprole_pw(sptmp, i, arg->sprole_pws))
+ return -EFAULT;
+
-+ len = strnlen_user(sptmp->rolename, GR_SPROLE_LEN);
-+
-+ if (!len || len >= GR_SPROLE_LEN)
-+ return -EINVAL;
-+
-+ if ((tmp = (char *) acl_alloc(len)) == NULL)
-+ return -ENOMEM;
-+
-+ if (copy_from_user(tmp, sptmp->rolename, len))
-+ return -EFAULT;
++ err = alloc_and_copy_string((char **)&sptmp->rolename, GR_SPROLE_LEN);
++ if (err)
++ return err;
+
-+ tmp[len-1] = '\0';
+#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG
-+ printk(KERN_ALERT "Copying special role %s\n", tmp);
++ printk(KERN_ALERT "Copying special role %s\n", sptmp->rolename);
+#endif
-+ sptmp->rolename = tmp;
++
+ acl_special_roles[i] = sptmp;
+ }
+
@@ -60770,27 +62311,15 @@ index 0000000..0d5c602
+ if (!r_tmp)
+ return -ENOMEM;
+
-+ if (copy_from_user(&r_utmp2, r_utmp + r_num,
-+ sizeof (struct acl_role_label *)))
-+ return -EFAULT;
-+
-+ if (copy_from_user(r_tmp, r_utmp2,
-+ sizeof (struct acl_role_label)))
++ if (copy_pointer_from_array(&r_utmp2, r_num, r_utmp))
+ return -EFAULT;
+
-+ len = strnlen_user(r_tmp->rolename, GR_SPROLE_LEN);
-+
-+ if (!len || len >= PATH_MAX)
-+ return -EINVAL;
-+
-+ if ((tmp = (char *) acl_alloc(len)) == NULL)
-+ return -ENOMEM;
-+
-+ if (copy_from_user(tmp, r_tmp->rolename, len))
++ if (copy_acl_role_label(r_tmp, r_utmp2))
+ return -EFAULT;
+
-+ tmp[len-1] = '\0';
-+ r_tmp->rolename = tmp;
++ err = alloc_and_copy_string(&r_tmp->rolename, GR_SPROLE_LEN);
++ if (err)
++ return err;
+
+ if (!strcmp(r_tmp->rolename, "default")
+ && (r_tmp->roletype & GR_ROLE_DEFAULT)) {
@@ -60802,7 +62331,7 @@ index 0000000..0d5c602
+ if ((ghash = (struct gr_hash_struct *) acl_alloc(sizeof(struct gr_hash_struct))) == NULL)
+ return -ENOMEM;
+
-+ if (copy_from_user(ghash, r_tmp->hash, sizeof(struct gr_hash_struct)))
++ if (copy_gr_hash_struct(ghash, r_tmp->hash))
+ return -EFAULT;
+
+ r_tmp->hash = ghash;
@@ -62411,13 +63940,14 @@ index 0000000..0d5c602
+}
+
+ssize_t
-+write_grsec_handler(struct file *file, const char * buf, size_t count, loff_t *ppos)
++write_grsec_handler(struct file *file, const char __user * buf, size_t count, loff_t *ppos)
+{
+ struct gr_arg_wrapper uwrap;
+ unsigned char *sprole_salt = NULL;
+ unsigned char *sprole_sum = NULL;
-+ int error = sizeof (struct gr_arg_wrapper);
++ int error = 0;
+ int error2 = 0;
++ size_t req_count = 0;
+
+ mutex_lock(&gr_dev_mutex);
+
@@ -62426,8 +63956,42 @@ index 0000000..0d5c602
+ goto out;
+ }
+
-+ if (count != sizeof (struct gr_arg_wrapper)) {
-+ gr_log_int_int(GR_DONT_AUDIT_GOOD, GR_DEV_ACL_MSG, (int)count, (int)sizeof(struct gr_arg_wrapper));
++#ifdef CONFIG_COMPAT
++ pax_open_kernel();
++ if (is_compat_task()) {
++ copy_gr_arg_wrapper = &copy_gr_arg_wrapper_compat;
++ copy_gr_arg = &copy_gr_arg_compat;
++ copy_acl_object_label = &copy_acl_object_label_compat;
++ copy_acl_subject_label = &copy_acl_subject_label_compat;
++ copy_acl_role_label = &copy_acl_role_label_compat;
++ copy_acl_ip_label = &copy_acl_ip_label_compat;
++ copy_role_allowed_ip = &copy_role_allowed_ip_compat;
++ copy_role_transition = &copy_role_transition_compat;
++ copy_sprole_pw = &copy_sprole_pw_compat;
++ copy_gr_hash_struct = &copy_gr_hash_struct_compat;
++ copy_pointer_from_array = &copy_pointer_from_array_compat;
++ get_gr_arg_wrapper_size = &get_gr_arg_wrapper_size_compat;
++ } else {
++ copy_gr_arg_wrapper = &copy_gr_arg_wrapper_normal;
++ copy_gr_arg = &copy_gr_arg_normal;
++ copy_acl_object_label = &copy_acl_object_label_normal;
++ copy_acl_subject_label = &copy_acl_subject_label_normal;
++ copy_acl_role_label = &copy_acl_role_label_normal;
++ copy_acl_ip_label = &copy_acl_ip_label_normal;
++ copy_role_allowed_ip = &copy_role_allowed_ip_normal;
++ copy_role_transition = &copy_role_transition_normal;
++ copy_sprole_pw = &copy_sprole_pw_normal;
++ copy_gr_hash_struct = &copy_gr_hash_struct_normal;
++ copy_pointer_from_array = &copy_pointer_from_array_normal;
++ get_gr_arg_wrapper_size = &get_gr_arg_wrapper_size_normal;
++ }
++ pax_close_kernel();
++#endif
++
++ req_count = get_gr_arg_wrapper_size();
++
++ if (count != req_count) {
++ gr_log_int_int(GR_DONT_AUDIT_GOOD, GR_DEV_ACL_MSG, (int)count, (int)req_count);
+ error = -EINVAL;
+ goto out;
+ }
@@ -62438,20 +64002,13 @@ index 0000000..0d5c602
+ gr_auth_attempts = 0;
+ }
+
-+ if (copy_from_user(&uwrap, buf, sizeof (struct gr_arg_wrapper))) {
-+ error = -EFAULT;
-+ goto out;
-+ }
-+
-+ if ((uwrap.version != GRSECURITY_VERSION) || (uwrap.size != sizeof(struct gr_arg))) {
-+ error = -EINVAL;
++ error = copy_gr_arg_wrapper(buf, &uwrap);
++ if (error)
+ goto out;
-+ }
+
-+ if (copy_from_user(gr_usermode, uwrap.arg, sizeof (struct gr_arg))) {
-+ error = -EFAULT;
++ error = copy_gr_arg(uwrap.arg, gr_usermode);
++ if (error)
+ goto out;
-+ }
+
+ if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_SPROLEPAM &&
+ gr_auth_attempts >= CONFIG_GRKERNSEC_ACL_MAXTRIES &&
@@ -62644,6 +64201,10 @@ index 0000000..0d5c602
+
+ out:
+ mutex_unlock(&gr_dev_mutex);
++
++ if (!error)
++ error = req_count;
++
+ return error;
+}
+
@@ -63537,6 +65098,281 @@ index 0000000..bdd51ea
+ return gr_task_acl_is_capable_nolog(current, cap);
+}
+
+diff --git a/grsecurity/gracl_compat.c b/grsecurity/gracl_compat.c
+new file mode 100644
+index 0000000..a43dd06
+--- /dev/null
++++ b/grsecurity/gracl_compat.c
+@@ -0,0 +1,269 @@
++#include <linux/kernel.h>
++#include <linux/gracl.h>
++#include <linux/compat.h>
++#include <linux/gracl_compat.h>
++
++#include <asm/uaccess.h>
++
++int copy_gr_arg_wrapper_compat(const char *buf, struct gr_arg_wrapper *uwrap)
++{
++ struct gr_arg_wrapper_compat uwrapcompat;
++
++ if (copy_from_user(&uwrapcompat, buf, sizeof(uwrapcompat)))
++ return -EFAULT;
++
++ if ((uwrapcompat.version != GRSECURITY_VERSION) ||
++ (uwrapcompat.size != sizeof(struct gr_arg_compat)))
++ return -EINVAL;
++
++ uwrap->arg = compat_ptr(uwrapcompat.arg);
++ uwrap->version = uwrapcompat.version;
++ uwrap->size = sizeof(struct gr_arg);
++
++ return 0;
++}
++
++int copy_gr_arg_compat(const struct gr_arg __user *buf, struct gr_arg *arg)
++{
++ struct gr_arg_compat argcompat;
++
++ if (copy_from_user(&argcompat, buf, sizeof(argcompat)))
++ return -EFAULT;
++
++ arg->role_db.r_table = compat_ptr(argcompat.role_db.r_table);
++ arg->role_db.num_pointers = argcompat.role_db.num_pointers;
++ arg->role_db.num_roles = argcompat.role_db.num_roles;
++ arg->role_db.num_domain_children = argcompat.role_db.num_domain_children;
++ arg->role_db.num_subjects = argcompat.role_db.num_subjects;
++ arg->role_db.num_objects = argcompat.role_db.num_objects;
++
++ memcpy(&arg->pw, &argcompat.pw, sizeof(arg->pw));
++ memcpy(&arg->salt, &argcompat.salt, sizeof(arg->salt));
++ memcpy(&arg->sum, &argcompat.sum, sizeof(arg->sum));
++ memcpy(&arg->sp_role, &argcompat.sp_role, sizeof(arg->sp_role));
++ arg->sprole_pws = compat_ptr(argcompat.sprole_pws);
++ arg->segv_device = argcompat.segv_device;
++ arg->segv_inode = argcompat.segv_inode;
++ arg->segv_uid = argcompat.segv_uid;
++ arg->num_sprole_pws = argcompat.num_sprole_pws;
++ arg->mode = argcompat.mode;
++
++ return 0;
++}
++
++int copy_acl_object_label_compat(struct acl_object_label *obj, const struct acl_object_label *userp)
++{
++ struct acl_object_label_compat objcompat;
++
++ if (copy_from_user(&objcompat, userp, sizeof(objcompat)))
++ return -EFAULT;
++
++ obj->filename = compat_ptr(objcompat.filename);
++ obj->inode = objcompat.inode;
++ obj->device = objcompat.device;
++ obj->mode = objcompat.mode;
++
++ obj->nested = compat_ptr(objcompat.nested);
++ obj->globbed = compat_ptr(objcompat.globbed);
++
++ obj->prev = compat_ptr(objcompat.prev);
++ obj->next = compat_ptr(objcompat.next);
++
++ return 0;
++}
++
++int copy_acl_subject_label_compat(struct acl_subject_label *subj, const struct acl_subject_label *userp)
++{
++ unsigned int i;
++ struct acl_subject_label_compat subjcompat;
++
++ if (copy_from_user(&subjcompat, userp, sizeof(subjcompat)))
++ return -EFAULT;
++
++ subj->filename = compat_ptr(subjcompat.filename);
++ subj->inode = subjcompat.inode;
++ subj->device = subjcompat.device;
++ subj->mode = subjcompat.mode;
++ subj->cap_mask = subjcompat.cap_mask;
++ subj->cap_lower = subjcompat.cap_lower;
++ subj->cap_invert_audit = subjcompat.cap_invert_audit;
++
++ for (i = 0; i < GR_NLIMITS; i++) {
++ if (subjcompat.res[i].rlim_cur == COMPAT_RLIM_INFINITY)
++ subj->res[i].rlim_cur = RLIM_INFINITY;
++ else
++ subj->res[i].rlim_cur = subjcompat.res[i].rlim_cur;
++ if (subjcompat.res[i].rlim_max == COMPAT_RLIM_INFINITY)
++ subj->res[i].rlim_max = RLIM_INFINITY;
++ else
++ subj->res[i].rlim_max = subjcompat.res[i].rlim_max;
++ }
++ subj->resmask = subjcompat.resmask;
++
++ subj->user_trans_type = subjcompat.user_trans_type;
++ subj->group_trans_type = subjcompat.group_trans_type;
++ subj->user_transitions = compat_ptr(subjcompat.user_transitions);
++ subj->group_transitions = compat_ptr(subjcompat.group_transitions);
++ subj->user_trans_num = subjcompat.user_trans_num;
++ subj->group_trans_num = subjcompat.group_trans_num;
++
++ memcpy(&subj->sock_families, &subjcompat.sock_families, sizeof(subj->sock_families));
++ memcpy(&subj->ip_proto, &subjcompat.ip_proto, sizeof(subj->ip_proto));
++ subj->ip_type = subjcompat.ip_type;
++ subj->ips = compat_ptr(subjcompat.ips);
++ subj->ip_num = subjcompat.ip_num;
++ subj->inaddr_any_override = subjcompat.inaddr_any_override;
++
++ subj->crashes = subjcompat.crashes;
++ subj->expires = subjcompat.expires;
++
++ subj->parent_subject = compat_ptr(subjcompat.parent_subject);
++ subj->hash = compat_ptr(subjcompat.hash);
++ subj->prev = compat_ptr(subjcompat.prev);
++ subj->next = compat_ptr(subjcompat.next);
++
++ subj->obj_hash = compat_ptr(subjcompat.obj_hash);
++ subj->obj_hash_size = subjcompat.obj_hash_size;
++ subj->pax_flags = subjcompat.pax_flags;
++
++ return 0;
++}
++
++int copy_acl_role_label_compat(struct acl_role_label *role, const struct acl_role_label *userp)
++{
++ struct acl_role_label_compat rolecompat;
++
++ if (copy_from_user(&rolecompat, userp, sizeof(rolecompat)))
++ return -EFAULT;
++
++ role->rolename = compat_ptr(rolecompat.rolename);
++ role->uidgid = rolecompat.uidgid;
++ role->roletype = rolecompat.roletype;
++
++ role->auth_attempts = rolecompat.auth_attempts;
++ role->expires = rolecompat.expires;
++
++ role->root_label = compat_ptr(rolecompat.root_label);
++ role->hash = compat_ptr(rolecompat.hash);
++
++ role->prev = compat_ptr(rolecompat.prev);
++ role->next = compat_ptr(rolecompat.next);
++
++ role->transitions = compat_ptr(rolecompat.transitions);
++ role->allowed_ips = compat_ptr(rolecompat.allowed_ips);
++ role->domain_children = compat_ptr(rolecompat.domain_children);
++ role->domain_child_num = rolecompat.domain_child_num;
++
++ role->umask = rolecompat.umask;
++
++ role->subj_hash = compat_ptr(rolecompat.subj_hash);
++ role->subj_hash_size = rolecompat.subj_hash_size;
++
++ return 0;
++}
++
++int copy_role_allowed_ip_compat(struct role_allowed_ip *roleip, const struct role_allowed_ip *userp)
++{
++ struct role_allowed_ip_compat roleip_compat;
++
++ if (copy_from_user(&roleip_compat, userp, sizeof(roleip_compat)))
++ return -EFAULT;
++
++ roleip->addr = roleip_compat.addr;
++ roleip->netmask = roleip_compat.netmask;
++
++ roleip->prev = compat_ptr(roleip_compat.prev);
++ roleip->next = compat_ptr(roleip_compat.next);
++
++ return 0;
++}
++
++int copy_role_transition_compat(struct role_transition *trans, const struct role_transition *userp)
++{
++ struct role_transition_compat trans_compat;
++
++ if (copy_from_user(&trans_compat, userp, sizeof(trans_compat)))
++ return -EFAULT;
++
++ trans->rolename = compat_ptr(trans_compat.rolename);
++
++ trans->prev = compat_ptr(trans_compat.prev);
++ trans->next = compat_ptr(trans_compat.next);
++
++ return 0;
++
++}
++
++int copy_gr_hash_struct_compat(struct gr_hash_struct *hash, const struct gr_hash_struct *userp)
++{
++ struct gr_hash_struct_compat hash_compat;
++
++ if (copy_from_user(&hash_compat, userp, sizeof(hash_compat)))
++ return -EFAULT;
++
++ hash->table = compat_ptr(hash_compat.table);
++ hash->nametable = compat_ptr(hash_compat.nametable);
++ hash->first = compat_ptr(hash_compat.first);
++
++ hash->table_size = hash_compat.table_size;
++ hash->used_size = hash_compat.used_size;
++
++ hash->type = hash_compat.type;
++
++ return 0;
++}
++
++int copy_pointer_from_array_compat(void *ptr, unsigned long idx, const void *userp)
++{
++ compat_uptr_t ptrcompat;
++
++ if (copy_from_user(&ptrcompat, userp + (idx * sizeof(ptrcompat)), sizeof(ptrcompat)))
++ return -EFAULT;
++
++ *(void **)ptr = compat_ptr(ptrcompat);
++
++ return 0;
++}
++
++int copy_acl_ip_label_compat(struct acl_ip_label *ip, const struct acl_ip_label *userp)
++{
++ struct acl_ip_label_compat ip_compat;
++
++ if (copy_from_user(&ip_compat, userp, sizeof(ip_compat)))
++ return -EFAULT;
++
++ ip->iface = compat_ptr(ip_compat.iface);
++ ip->addr = ip_compat.addr;
++ ip->netmask = ip_compat.netmask;
++ ip->low = ip_compat.low;
++ ip->high = ip_compat.high;
++ ip->mode = ip_compat.mode;
++ ip->type = ip_compat.type;
++
++ memcpy(&ip->proto, &ip_compat.proto, sizeof(ip->proto));
++
++ ip->prev = compat_ptr(ip_compat.prev);
++ ip->next = compat_ptr(ip_compat.next);
++
++ return 0;
++}
++
++int copy_sprole_pw_compat(struct sprole_pw *pw, unsigned long idx, const struct sprole_pw *userp)
++{
++ struct sprole_pw_compat pw_compat;
++
++ if (copy_from_user(&pw_compat, (const void *)userp + (sizeof(pw_compat) * idx), sizeof(pw_compat)))
++ return -EFAULT;
++
++ pw->rolename = compat_ptr(pw_compat.rolename);
++ memcpy(&pw->salt, pw_compat.salt, sizeof(pw->salt));
++ memcpy(&pw->sum, pw_compat.sum, sizeof(pw->sum));
++
++ return 0;
++}
++
++size_t get_gr_arg_wrapper_size_compat(void)
++{
++ return sizeof(struct gr_arg_wrapper_compat);
++}
++
diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c
new file mode 100644
index 0000000..a340c17
@@ -66106,10 +67942,10 @@ index 0000000..8ca18bf
+}
diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c
new file mode 100644
-index 0000000..a862e9f
+index 0000000..ab2d875
--- /dev/null
+++ b/grsecurity/grsec_init.c
-@@ -0,0 +1,283 @@
+@@ -0,0 +1,279 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/mm.h>
@@ -66133,7 +67969,6 @@ index 0000000..a862e9f
+int grsec_enable_forkfail;
+int grsec_enable_audit_ptrace;
+int grsec_enable_time;
-+int grsec_enable_audit_textrel;
+int grsec_enable_group;
+kgid_t grsec_audit_gid;
+int grsec_enable_chdir;
@@ -66265,9 +68100,6 @@ index 0000000..a862e9f
+ grsec_lock = 1;
+#endif
+
-+#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
-+ grsec_enable_audit_textrel = 1;
-+#endif
+#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
+ grsec_enable_log_rwxmaps = 1;
+#endif
@@ -66459,15 +68291,16 @@ index 0000000..5e05e20
+}
diff --git a/grsecurity/grsec_log.c b/grsecurity/grsec_log.c
new file mode 100644
-index 0000000..7c06085
+index 0000000..dbe0a6b
--- /dev/null
+++ b/grsecurity/grsec_log.c
-@@ -0,0 +1,326 @@
+@@ -0,0 +1,341 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/file.h>
+#include <linux/tty.h>
+#include <linux/fs.h>
++#include <linux/mm.h>
+#include <linux/grinternal.h>
+
+#ifdef CONFIG_TREE_PREEMPT_RCU
@@ -66614,6 +68447,7 @@ index 0000000..7c06085
+ struct vfsmount *mnt = NULL;
+ struct file *file = NULL;
+ struct task_struct *task = NULL;
++ struct vm_area_struct *vma = NULL;
+ const struct cred *cred, *pcred;
+ va_list ap;
+
@@ -66753,6 +68587,19 @@ index 0000000..7c06085
+ file = va_arg(ap, struct file *);
+ gr_log_middle_varargs(audit, msg, file ? gr_to_filename(file->f_path.dentry, file->f_path.mnt) : "<anonymous mapping>");
+ break;
++ case GR_RWXMAPVMA:
++ vma = va_arg(ap, struct vm_area_struct *);
++ if (vma->vm_file)
++ str1 = gr_to_filename(vma->vm_file->f_path.dentry, vma->vm_file->f_path.mnt);
++ else if (vma->vm_flags & (VM_GROWSDOWN | VM_GROWSUP))
++ str1 = "<stack>";
++ else if (vma->vm_start <= current->mm->brk &&
++ vma->vm_end >= current->mm->start_brk)
++ str1 = "<heap>";
++ else
++ str1 = "<anonymous mapping>";
++ gr_log_middle_varargs(audit, msg, str1);
++ break;
+ case GR_PSACCT:
+ {
+ unsigned int wday, cday;
@@ -66905,10 +68752,10 @@ index 0000000..2131422
+}
diff --git a/grsecurity/grsec_pax.c b/grsecurity/grsec_pax.c
new file mode 100644
-index 0000000..a3b12a0
+index 0000000..6ee9d50
--- /dev/null
+++ b/grsecurity/grsec_pax.c
-@@ -0,0 +1,36 @@
+@@ -0,0 +1,45 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/mm.h>
@@ -66919,9 +68766,18 @@ index 0000000..a3b12a0
+void
+gr_log_textrel(struct vm_area_struct * vma)
+{
-+#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
-+ if (grsec_enable_audit_textrel)
-+ gr_log_textrel_ulong_ulong(GR_DO_AUDIT, GR_TEXTREL_AUDIT_MSG, vma->vm_file, vma->vm_start, vma->vm_pgoff);
++#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
++ if (grsec_enable_log_rwxmaps)
++ gr_log_textrel_ulong_ulong(GR_DONT_AUDIT, GR_TEXTREL_AUDIT_MSG, vma->vm_file, vma->vm_start, vma->vm_pgoff);
++#endif
++ return;
++}
++
++void gr_log_ptgnustack(struct file *file)
++{
++#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
++ if (grsec_enable_log_rwxmaps)
++ gr_log_rwxmap(GR_DONT_AUDIT, GR_PTGNUSTACK_MSG, file);
+#endif
+ return;
+}
@@ -66937,11 +68793,11 @@ index 0000000..a3b12a0
+}
+
+void
-+gr_log_rwxmprotect(struct file *file)
++gr_log_rwxmprotect(struct vm_area_struct *vma)
+{
+#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
+ if (grsec_enable_log_rwxmaps)
-+ gr_log_rwxmap(GR_DONT_AUDIT, GR_RWXMPROTECT_MSG, file);
++ gr_log_rwxmap_vma(GR_DONT_AUDIT, GR_RWXMPROTECT_MSG, vma);
+#endif
+ return;
+}
@@ -67485,10 +69341,10 @@ index 0000000..4030d57
+}
diff --git a/grsecurity/grsec_sysctl.c b/grsecurity/grsec_sysctl.c
new file mode 100644
-index 0000000..f55ef0f
+index 0000000..7624d1c
--- /dev/null
+++ b/grsecurity/grsec_sysctl.c
-@@ -0,0 +1,469 @@
+@@ -0,0 +1,460 @@
+#include <linux/kernel.h>
+#include <linux/sched.h>
+#include <linux/sysctl.h>
@@ -67882,15 +69738,6 @@ index 0000000..f55ef0f
+ .proc_handler = &proc_dointvec,
+ },
+#endif
-+#ifdef CONFIG_GRKERNSEC_AUDIT_TEXTREL
-+ {
-+ .procname = "audit_textrel",
-+ .data = &grsec_enable_audit_textrel,
-+ .maxlen = sizeof(int),
-+ .mode = 0600,
-+ .proc_handler = &proc_dointvec,
-+ },
-+#endif
+#ifdef CONFIG_GRKERNSEC_DMESG
+ {
+ .procname = "dmesg",
@@ -68713,11 +70560,41 @@ index a59ff51..2594a70 100644
#endif /* CONFIG_MMU */
#endif /* !__ASSEMBLY__ */
+diff --git a/include/asm-generic/tlb.h b/include/asm-generic/tlb.h
+index 13821c3..5672d7e 100644
+--- a/include/asm-generic/tlb.h
++++ b/include/asm-generic/tlb.h
+@@ -112,7 +112,7 @@ struct mmu_gather {
+
+ #define HAVE_GENERIC_MMU_GATHER
+
+-void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, bool fullmm);
++void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end);
+ void tlb_flush_mmu(struct mmu_gather *tlb);
+ void tlb_finish_mmu(struct mmu_gather *tlb, unsigned long start,
+ unsigned long end);
+diff --git a/include/asm-generic/uaccess.h b/include/asm-generic/uaccess.h
+index c184aa8..d049942 100644
+--- a/include/asm-generic/uaccess.h
++++ b/include/asm-generic/uaccess.h
+@@ -343,4 +343,12 @@ clear_user(void __user *to, unsigned long n)
+ return __clear_user(to, n);
+ }
+
++#ifndef __HAVE_ARCH_PAX_OPEN_USERLAND
++//static inline unsigned long pax_open_userland(void) { return 0; }
++#endif
++
++#ifndef __HAVE_ARCH_PAX_CLOSE_USERLAND
++//static inline unsigned long pax_close_userland(void) { return 0; }
++#endif
++
+ #endif /* __ASM_GENERIC_UACCESS_H */
diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h
-index afa12c7..99d4da0 100644
+index eb58d2d..df131bf 100644
--- a/include/asm-generic/vmlinux.lds.h
+++ b/include/asm-generic/vmlinux.lds.h
-@@ -245,6 +245,7 @@
+@@ -239,6 +239,7 @@
.rodata : AT(ADDR(.rodata) - LOAD_OFFSET) { \
VMLINUX_SYMBOL(__start_rodata) = .; \
*(.rodata) *(.rodata.*) \
@@ -68725,7 +70602,7 @@ index afa12c7..99d4da0 100644
*(__vermagic) /* Kernel version magic */ \
. = ALIGN(8); \
VMLINUX_SYMBOL(__start___tracepoints_ptrs) = .; \
-@@ -755,17 +756,18 @@
+@@ -749,17 +750,18 @@
* section in the linker script will go there too. @phdr should have
* a leading colon.
*
@@ -68762,7 +70639,7 @@ index 418d270..bfd2794 100644
struct crypto_instance {
struct crypto_alg alg;
diff --git a/include/drm/drmP.h b/include/drm/drmP.h
-index f1ce786..086a7a5 100644
+index 63d17ee..716de2b 100644
--- a/include/drm/drmP.h
+++ b/include/drm/drmP.h
@@ -72,6 +72,7 @@
@@ -68788,19 +70665,20 @@ index f1ce786..086a7a5 100644
unsigned long arg);
#define DRM_IOCTL_NR(n) _IOC_NR(n)
-@@ -314,9 +317,9 @@ typedef int drm_ioctl_compat_t(struct file *filp, unsigned int cmd,
+@@ -314,10 +317,10 @@ typedef int drm_ioctl_compat_t(struct file *filp, unsigned int cmd,
struct drm_ioctl_desc {
unsigned int cmd;
int flags;
- drm_ioctl_t *func;
+ drm_ioctl_t func;
unsigned int cmd_drv;
+ const char *name;
-};
+} __do_const;
/**
* Creates a driver or general drm_ioctl_desc array entry for the given
-@@ -1014,7 +1017,7 @@ struct drm_info_list {
+@@ -1015,7 +1018,7 @@ struct drm_info_list {
int (*show)(struct seq_file*, void*); /** show callback */
u32 driver_features; /**< Required driver features for this entry */
void *data;
@@ -68809,7 +70687,7 @@ index f1ce786..086a7a5 100644
/**
* debugfs node structure. This structure represents a debugfs file.
-@@ -1087,7 +1090,7 @@ struct drm_device {
+@@ -1088,7 +1091,7 @@ struct drm_device {
/** \name Usage Counters */
/*@{ */
@@ -68818,7 +70696,7 @@ index f1ce786..086a7a5 100644
atomic_t ioctl_count; /**< Outstanding IOCTLs pending */
atomic_t vma_count; /**< Outstanding vma areas open */
int buf_use; /**< Buffers in use -- cannot alloc */
-@@ -1098,7 +1101,7 @@ struct drm_device {
+@@ -1099,7 +1102,7 @@ struct drm_device {
/*@{ */
unsigned long counters;
enum drm_stat_type types[15];
@@ -68889,14 +70767,15 @@ index c1da539..1dcec55 100644
struct atmphy_ops {
int (*start)(struct atm_dev *dev);
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
-index c3a0914..ec5d48a 100644
+index 70cf138..0418ee2 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
-@@ -73,8 +73,9 @@ struct linux_binfmt {
+@@ -73,8 +73,10 @@ struct linux_binfmt {
int (*load_binary)(struct linux_binprm *);
int (*load_shlib)(struct file *);
int (*core_dump)(struct coredump_params *cprm);
+ void (*handle_mprotect)(struct vm_area_struct *vma, unsigned long newflags);
++ void (*handle_mmap)(struct file *);
unsigned long min_coredump; /* minimal dump size */
-};
+} __do_const;
@@ -68904,10 +70783,10 @@ index c3a0914..ec5d48a 100644
extern void __register_binfmt(struct linux_binfmt *fmt, int insert);
diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h
-index 33f358f..7f2c27f 100644
+index 2fdb4a4..54aad7e 100644
--- a/include/linux/blkdev.h
+++ b/include/linux/blkdev.h
-@@ -1499,7 +1499,7 @@ struct block_device_operations {
+@@ -1526,7 +1526,7 @@ struct block_device_operations {
/* this callback is with swap_lock and sometimes page table lock held */
void (*swap_slot_free_notify) (struct block_device *, unsigned long);
struct module *owner;
@@ -68975,7 +70854,7 @@ index 8609d57..86e4d79 100644
int (*generic_packet) (struct cdrom_device_info *,
struct packet_command *);
diff --git a/include/linux/cleancache.h b/include/linux/cleancache.h
-index 42e55de..1cd0e66 100644
+index 4ce9056..86caac6 100644
--- a/include/linux/cleancache.h
+++ b/include/linux/cleancache.h
@@ -31,7 +31,7 @@ struct cleancache_ops {
@@ -68985,40 +70864,52 @@ index 42e55de..1cd0e66 100644
-};
+} __no_const;
- extern struct cleancache_ops
+ extern struct cleancache_ops *
cleancache_register_ops(struct cleancache_ops *ops);
+diff --git a/include/linux/clk-provider.h b/include/linux/clk-provider.h
+index 1186098..f87e53d 100644
+--- a/include/linux/clk-provider.h
++++ b/include/linux/clk-provider.h
+@@ -132,6 +132,7 @@ struct clk_ops {
+ unsigned long);
+ void (*init)(struct clk_hw *hw);
+ };
++typedef struct clk_ops __no_const clk_ops_no_const;
+
+ /**
+ * struct clk_init_data - holds init data that's common to all clocks and is
diff --git a/include/linux/compat.h b/include/linux/compat.h
-index 377cd8c..2479845 100644
+index 7f0c1dd..206ac34 100644
--- a/include/linux/compat.h
+++ b/include/linux/compat.h
-@@ -332,14 +332,14 @@ long compat_sys_msgsnd(int first, int second, int third, void __user *uptr);
- long compat_sys_msgrcv(int first, int second, int msgtyp, int third,
- int version, void __user *uptr);
- long compat_sys_shmat(int first, int second, compat_uptr_t third, int version,
-- void __user *uptr);
-+ void __user *uptr) __intentional_overflow(0);
- #else
- long compat_sys_semctl(int semid, int semnum, int cmd, int arg);
- long compat_sys_msgsnd(int msqid, struct compat_msgbuf __user *msgp,
+@@ -312,7 +312,7 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr,
+ compat_size_t __user *len_ptr);
+
+ asmlinkage long compat_sys_ipc(u32, int, int, u32, compat_uptr_t, u32);
+-asmlinkage long compat_sys_shmat(int shmid, compat_uptr_t shmaddr, int shmflg);
++asmlinkage long compat_sys_shmat(int shmid, compat_uptr_t shmaddr, int shmflg) __intentional_overflow(0);
+ asmlinkage long compat_sys_semctl(int semid, int semnum, int cmd, int arg);
+ asmlinkage long compat_sys_msgsnd(int msqid, compat_uptr_t msgp,
compat_ssize_t msgsz, int msgflg);
- long compat_sys_msgrcv(int msqid, struct compat_msgbuf __user *msgp,
- compat_ssize_t msgsz, long msgtyp, int msgflg);
--long compat_sys_shmat(int shmid, compat_uptr_t shmaddr, int shmflg);
-+long compat_sys_shmat(int shmid, compat_uptr_t shmaddr, int shmflg) __intentional_overflow(0);
- #endif
- long compat_sys_msgctl(int first, int second, void __user *uptr);
- long compat_sys_shmctl(int first, int second, void __user *uptr);
-@@ -442,7 +442,7 @@ extern int compat_ptrace_request(struct task_struct *child,
+@@ -419,7 +419,7 @@ extern int compat_ptrace_request(struct task_struct *child,
extern long compat_arch_ptrace(struct task_struct *child, compat_long_t request,
compat_ulong_t addr, compat_ulong_t data);
asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
- compat_long_t addr, compat_long_t data);
+ compat_ulong_t addr, compat_ulong_t data);
+ asmlinkage long compat_sys_lookup_dcookie(u32, u32, char __user *, size_t);
/*
- * epoll (fs/eventpoll.c) compat bits follow ...
+@@ -669,6 +669,7 @@ asmlinkage long compat_sys_sigaltstack(const compat_stack_t __user *uss_ptr,
+
+ int compat_restore_altstack(const compat_stack_t __user *uss);
+ int __compat_save_altstack(compat_stack_t __user *, unsigned long);
++void __compat_save_altstack_ex(compat_stack_t __user *, unsigned long);
+
+ asmlinkage long compat_sys_sched_rr_get_interval(compat_pid_t pid,
+ struct compat_timespec __user *interval);
diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h
-index 68b162d..660f5f0 100644
+index 842de22..7f3a41f 100644
--- a/include/linux/compiler-gcc4.h
+++ b/include/linux/compiler-gcc4.h
@@ -39,9 +39,29 @@
@@ -69052,7 +70943,7 @@ index 68b162d..660f5f0 100644
* Mark a position in code as unreachable. This can be used to
* suppress control flow warnings after asm blocks that transfer
diff --git a/include/linux/compiler.h b/include/linux/compiler.h
-index 10b8f23..5e0b083 100644
+index 92669cd..1771a15 100644
--- a/include/linux/compiler.h
+++ b/include/linux/compiler.h
@@ -5,11 +5,14 @@
@@ -69170,7 +71061,7 @@ index 10b8f23..5e0b083 100644
/* Simple shorthand for a section definition */
#ifndef __section
# define __section(S) __attribute__ ((__section__(#S)))
-@@ -349,6 +407,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
+@@ -349,7 +407,8 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect);
* use is to mediate communication between process-level code and irq/NMI
* handlers, all running on the same CPU.
*/
@@ -69178,7 +71069,8 @@ index 10b8f23..5e0b083 100644
+#define ACCESS_ONCE(x) (*(volatile const typeof(x) *)&(x))
+#define ACCESS_ONCE_RW(x) (*(volatile typeof(x) *)&(x))
- #endif /* __LINUX_COMPILER_H */
+ /* Ignore/forbid kprobes attach on very low level functions marked by this attribute: */
+ #ifdef CONFIG_KPROBES
diff --git a/include/linux/completion.h b/include/linux/completion.h
index 33f0280..35c6568 100644
--- a/include/linux/completion.h
@@ -69216,7 +71108,7 @@ index 34025df..d94bbbc 100644
/*
* Users often need to create attribute structures for their configurable
diff --git a/include/linux/cpu.h b/include/linux/cpu.h
-index 714e792..e6130d9 100644
+index 9f3c7e8..a18c7b6 100644
--- a/include/linux/cpu.h
+++ b/include/linux/cpu.h
@@ -115,7 +115,7 @@ enum {
@@ -69229,10 +71121,10 @@ index 714e792..e6130d9 100644
register_cpu_notifier(&fn##_nb); \
}
diff --git a/include/linux/cpufreq.h b/include/linux/cpufreq.h
-index a22944c..4e695fe 100644
+index 037d36a..ca5fe6e 100644
--- a/include/linux/cpufreq.h
+++ b/include/linux/cpufreq.h
-@@ -252,7 +252,7 @@ struct cpufreq_driver {
+@@ -262,7 +262,7 @@ struct cpufreq_driver {
int (*suspend) (struct cpufreq_policy *policy);
int (*resume) (struct cpufreq_policy *policy);
struct freq_attr **attr;
@@ -69241,7 +71133,7 @@ index a22944c..4e695fe 100644
/* flags */
-@@ -311,6 +311,7 @@ struct global_attr {
+@@ -321,6 +321,7 @@ struct global_attr {
ssize_t (*store)(struct kobject *a, struct attribute *b,
const char *c, size_t count);
};
@@ -69250,7 +71142,7 @@ index a22944c..4e695fe 100644
#define define_one_global_ro(_name) \
static struct global_attr _name = \
diff --git a/include/linux/cpuidle.h b/include/linux/cpuidle.h
-index 480c14d..552896f 100644
+index 8f04062..900239a 100644
--- a/include/linux/cpuidle.h
+++ b/include/linux/cpuidle.h
@@ -52,7 +52,8 @@ struct cpuidle_state {
@@ -69263,7 +71155,7 @@ index 480c14d..552896f 100644
/* Idle State Flags */
#define CPUIDLE_FLAG_TIME_VALID (0x01) /* is residency time measurable? */
-@@ -194,7 +195,7 @@ struct cpuidle_governor {
+@@ -191,7 +192,7 @@ struct cpuidle_governor {
void (*reflect) (struct cpuidle_device *dev, int index);
struct module *owner;
@@ -69273,7 +71165,7 @@ index 480c14d..552896f 100644
#ifdef CONFIG_CPU_IDLE
diff --git a/include/linux/cpumask.h b/include/linux/cpumask.h
-index 0325602..5e9feff 100644
+index d08e4d2..95fad61 100644
--- a/include/linux/cpumask.h
+++ b/include/linux/cpumask.h
@@ -118,17 +118,17 @@ static inline unsigned int cpumask_first(const struct cpumask *srcp)
@@ -69368,7 +71260,7 @@ index b92eadf..b4ecdc1 100644
#define crt_ablkcipher crt_u.ablkcipher
#define crt_aead crt_u.aead
diff --git a/include/linux/ctype.h b/include/linux/ctype.h
-index 8acfe31..6ffccd63 100644
+index 653589e..4ef254a 100644
--- a/include/linux/ctype.h
+++ b/include/linux/ctype.h
@@ -56,7 +56,7 @@ static inline unsigned char __toupper(unsigned char c)
@@ -69407,10 +71299,10 @@ index fe8c447..bdc1f33 100644
/**
* struct devfreq - Device devfreq structure
diff --git a/include/linux/device.h b/include/linux/device.h
-index 9d6464e..8a5cc92 100644
+index c0a1261..dba7569 100644
--- a/include/linux/device.h
+++ b/include/linux/device.h
-@@ -295,7 +295,7 @@ struct subsys_interface {
+@@ -290,7 +290,7 @@ struct subsys_interface {
struct list_head node;
int (*add_dev)(struct device *dev, struct subsys_interface *sif);
int (*remove_dev)(struct device *dev, struct subsys_interface *sif);
@@ -69419,7 +71311,7 @@ index 9d6464e..8a5cc92 100644
int subsys_interface_register(struct subsys_interface *sif);
void subsys_interface_unregister(struct subsys_interface *sif);
-@@ -475,7 +475,7 @@ struct device_type {
+@@ -473,7 +473,7 @@ struct device_type {
void (*release)(struct device *dev);
const struct dev_pm_ops *pm;
@@ -69428,7 +71320,7 @@ index 9d6464e..8a5cc92 100644
/* interface for exporting device attributes */
struct device_attribute {
-@@ -485,11 +485,12 @@ struct device_attribute {
+@@ -483,11 +483,12 @@ struct device_attribute {
ssize_t (*store)(struct device *dev, struct device_attribute *attr,
const char *buf, size_t count);
};
@@ -69456,10 +71348,10 @@ index 94af418..b1ca7a2 100644
#define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1))
diff --git a/include/linux/dmaengine.h b/include/linux/dmaengine.h
-index 91ac8da..a841318 100644
+index 96d3e4a..dc36433 100644
--- a/include/linux/dmaengine.h
+++ b/include/linux/dmaengine.h
-@@ -1034,9 +1034,9 @@ struct dma_pinned_list {
+@@ -1035,9 +1035,9 @@ struct dma_pinned_list {
struct dma_pinned_list *dma_pin_iovec_pages(struct iovec *iov, size_t len);
void dma_unpin_iovec_pages(struct dma_pinned_list* pinned_list);
@@ -69471,34 +71363,11 @@ index 91ac8da..a841318 100644
struct dma_pinned_list *pinned_list, struct page *page,
unsigned int offset, size_t len);
-diff --git a/include/linux/edac.h b/include/linux/edac.h
-index 0b76327..5c6d7fb 100644
---- a/include/linux/edac.h
-+++ b/include/linux/edac.h
-@@ -622,7 +622,7 @@ struct edac_raw_error_desc {
- */
- struct mem_ctl_info {
- struct device dev;
-- struct bus_type bus;
-+ struct bus_type *bus;
-
- struct list_head link; /* for global list of mem_ctl_info structs */
-
-@@ -742,4 +742,9 @@ struct mem_ctl_info {
- #endif
- };
-
-+/*
-+ * Maximum number of memory controllers in the coherent fabric.
-+ */
-+#define EDAC_MAX_MCS 16
-+
- #endif
diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 3d7df3d..301f024 100644
+index 2bc0ad7..3f7b006 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
-@@ -740,6 +740,7 @@ struct efivar_operations {
+@@ -745,6 +745,7 @@ struct efivar_operations {
efi_set_variable_t *set_variable;
efi_query_variable_store_t *query_variable_store;
};
@@ -69559,7 +71428,7 @@ index fcb51c8..bdafcf6 100644
/**
diff --git a/include/linux/fb.h b/include/linux/fb.h
-index 58b9860..58e5516 100644
+index d49c60f..2834fbe 100644
--- a/include/linux/fb.h
+++ b/include/linux/fb.h
@@ -304,7 +304,7 @@ struct fb_ops {
@@ -69572,7 +71441,7 @@ index 58b9860..58e5516 100644
#ifdef CONFIG_FB_TILEBLITTING
#define FB_TILE_CURSOR_NONE 0
diff --git a/include/linux/filter.h b/include/linux/filter.h
-index c45eabc..baa0be5 100644
+index f65f5a6..2f4f93a 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -20,6 +20,7 @@ struct compat_sock_fprog {
@@ -69594,7 +71463,7 @@ index c45eabc..baa0be5 100644
struct sock_filter insns[0];
};
diff --git a/include/linux/frontswap.h b/include/linux/frontswap.h
-index 3044254..9767f41 100644
+index 8293262..2b3b8bd 100644
--- a/include/linux/frontswap.h
+++ b/include/linux/frontswap.h
@@ -11,7 +11,7 @@ struct frontswap_ops {
@@ -69605,12 +71474,12 @@ index 3044254..9767f41 100644
+} __no_const;
extern bool frontswap_enabled;
- extern struct frontswap_ops
+ extern struct frontswap_ops *
diff --git a/include/linux/fs.h b/include/linux/fs.h
-index 2c28271..8d3d74c 100644
+index 65c2be2..4c53f6e 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
-@@ -1541,7 +1541,8 @@ struct file_operations {
+@@ -1543,7 +1543,8 @@ struct file_operations {
long (*fallocate)(struct file *file, int mode, loff_t offset,
loff_t len);
int (*show_fdinfo)(struct seq_file *m, struct file *f);
@@ -69620,7 +71489,7 @@ index 2c28271..8d3d74c 100644
struct inode_operations {
struct dentry * (*lookup) (struct inode *,struct dentry *, unsigned int);
-@@ -2672,4 +2673,14 @@ static inline void inode_has_no_xattr(struct inode *inode)
+@@ -2688,4 +2689,14 @@ static inline void inode_has_no_xattr(struct inode *inode)
inode->i_flags |= S_NOSEC;
}
@@ -69716,19 +71585,6 @@ index a78680a..87bd73e 100644
}
/*
-diff --git a/include/linux/ftrace_event.h b/include/linux/ftrace_event.h
-index 13a54d0..c6ce2a7 100644
---- a/include/linux/ftrace_event.h
-+++ b/include/linux/ftrace_event.h
-@@ -274,7 +274,7 @@ extern int trace_define_field(struct ftrace_event_call *call, const char *type,
- extern int trace_add_event_call(struct ftrace_event_call *call);
- extern void trace_remove_event_call(struct ftrace_event_call *call);
-
--#define is_signed_type(type) (((type)(-1)) < (type)0)
-+#define is_signed_type(type) (((type)(-1)) < (type)1)
-
- int trace_set_clr_event(const char *system, const char *event, int set);
-
diff --git a/include/linux/genhd.h b/include/linux/genhd.h
index 9f3c275..911b591 100644
--- a/include/linux/genhd.h
@@ -70124,6 +71980,168 @@ index 0000000..ebe6d72
+
+#endif
+
+diff --git a/include/linux/gracl_compat.h b/include/linux/gracl_compat.h
+new file mode 100644
+index 0000000..33ebd1f
+--- /dev/null
++++ b/include/linux/gracl_compat.h
+@@ -0,0 +1,156 @@
++#ifndef GR_ACL_COMPAT_H
++#define GR_ACL_COMPAT_H
++
++#include <linux/resource.h>
++#include <asm/resource.h>
++
++struct sprole_pw_compat {
++ compat_uptr_t rolename;
++ unsigned char salt[GR_SALT_LEN];
++ unsigned char sum[GR_SHA_LEN];
++};
++
++struct gr_hash_struct_compat {
++ compat_uptr_t table;
++ compat_uptr_t nametable;
++ compat_uptr_t first;
++ __u32 table_size;
++ __u32 used_size;
++ int type;
++};
++
++struct acl_subject_label_compat {
++ compat_uptr_t filename;
++ compat_ino_t inode;
++ __u32 device;
++ __u32 mode;
++ kernel_cap_t cap_mask;
++ kernel_cap_t cap_lower;
++ kernel_cap_t cap_invert_audit;
++
++ struct compat_rlimit res[GR_NLIMITS];
++ __u32 resmask;
++
++ __u8 user_trans_type;
++ __u8 group_trans_type;
++ compat_uptr_t user_transitions;
++ compat_uptr_t group_transitions;
++ __u16 user_trans_num;
++ __u16 group_trans_num;
++
++ __u32 sock_families[2];
++ __u32 ip_proto[8];
++ __u32 ip_type;
++ compat_uptr_t ips;
++ __u32 ip_num;
++ __u32 inaddr_any_override;
++
++ __u32 crashes;
++ compat_ulong_t expires;
++
++ compat_uptr_t parent_subject;
++ compat_uptr_t hash;
++ compat_uptr_t prev;
++ compat_uptr_t next;
++
++ compat_uptr_t obj_hash;
++ __u32 obj_hash_size;
++ __u16 pax_flags;
++};
++
++struct role_allowed_ip_compat {
++ __u32 addr;
++ __u32 netmask;
++
++ compat_uptr_t prev;
++ compat_uptr_t next;
++};
++
++struct role_transition_compat {
++ compat_uptr_t rolename;
++
++ compat_uptr_t prev;
++ compat_uptr_t next;
++};
++
++struct acl_role_label_compat {
++ compat_uptr_t rolename;
++ uid_t uidgid;
++ __u16 roletype;
++
++ __u16 auth_attempts;
++ compat_ulong_t expires;
++
++ compat_uptr_t root_label;
++ compat_uptr_t hash;
++
++ compat_uptr_t prev;
++ compat_uptr_t next;
++
++ compat_uptr_t transitions;
++ compat_uptr_t allowed_ips;
++ compat_uptr_t domain_children;
++ __u16 domain_child_num;
++
++ umode_t umask;
++
++ compat_uptr_t subj_hash;
++ __u32 subj_hash_size;
++};
++
++struct user_acl_role_db_compat {
++ compat_uptr_t r_table;
++ __u32 num_pointers;
++ __u32 num_roles;
++ __u32 num_domain_children;
++ __u32 num_subjects;
++ __u32 num_objects;
++};
++
++struct acl_object_label_compat {
++ compat_uptr_t filename;
++ compat_ino_t inode;
++ __u32 device;
++ __u32 mode;
++
++ compat_uptr_t nested;
++ compat_uptr_t globbed;
++
++ compat_uptr_t prev;
++ compat_uptr_t next;
++};
++
++struct acl_ip_label_compat {
++ compat_uptr_t iface;
++ __u32 addr;
++ __u32 netmask;
++ __u16 low, high;
++ __u8 mode;
++ __u32 type;
++ __u32 proto[8];
++
++ compat_uptr_t prev;
++ compat_uptr_t next;
++};
++
++struct gr_arg_compat {
++ struct user_acl_role_db_compat role_db;
++ unsigned char pw[GR_PW_LEN];
++ unsigned char salt[GR_SALT_LEN];
++ unsigned char sum[GR_SHA_LEN];
++ unsigned char sp_role[GR_SPROLE_LEN];
++ compat_uptr_t sprole_pws;
++ __u32 segv_device;
++ compat_ino_t segv_inode;
++ uid_t segv_uid;
++ __u16 num_sprole_pws;
++ __u16 mode;
++};
++
++struct gr_arg_wrapper_compat {
++ compat_uptr_t arg;
++ __u32 version;
++ __u32 size;
++};
++
++#endif
diff --git a/include/linux/gralloc.h b/include/linux/gralloc.h
new file mode 100644
index 0000000..323ecf2
@@ -70287,10 +72305,10 @@ index 0000000..be66033
+#endif
diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h
new file mode 100644
-index 0000000..12994b5
+index 0000000..fd8598b
--- /dev/null
+++ b/include/linux/grinternal.h
-@@ -0,0 +1,227 @@
+@@ -0,0 +1,228 @@
+#ifndef __GRINTERNAL_H
+#define __GRINTERNAL_H
+
@@ -70366,7 +72384,6 @@ index 0000000..12994b5
+extern kgid_t grsec_socket_server_gid;
+extern kgid_t grsec_audit_gid;
+extern int grsec_enable_group;
-+extern int grsec_enable_audit_textrel;
+extern int grsec_enable_log_rwxmaps;
+extern int grsec_enable_mount;
+extern int grsec_enable_chdir;
@@ -70474,7 +72491,8 @@ index 0000000..12994b5
+ GR_CRASH1,
+ GR_CRASH2,
+ GR_PSACCT,
-+ GR_RWXMAP
++ GR_RWXMAP,
++ GR_RWXMAPVMA
+};
+
+#define gr_log_hidden_sysctl(audit, msg, str) gr_log_varargs(audit, msg, GR_SYSCTL_HIDDEN, str)
@@ -70512,6 +72530,7 @@ index 0000000..12994b5
+#define gr_log_crash2(audit, msg, task, ulong1) gr_log_varargs(audit, msg, GR_CRASH2, task, ulong1)
+#define gr_log_procacct(audit, msg, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) gr_log_varargs(audit, msg, GR_PSACCT, task, num1, num2, num3, num4, num5, num6, num7, num8, num9)
+#define gr_log_rwxmap(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAP, str)
++#define gr_log_rwxmap_vma(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAPVMA, str)
+
+void gr_log_varargs(int audit, const char *msg, int argtypes, ...);
+
@@ -70520,10 +72539,10 @@ index 0000000..12994b5
+#endif
diff --git a/include/linux/grmsg.h b/include/linux/grmsg.h
new file mode 100644
-index 0000000..2f159b5
+index 0000000..a4396b5
--- /dev/null
+++ b/include/linux/grmsg.h
-@@ -0,0 +1,112 @@
+@@ -0,0 +1,113 @@
+#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
+#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
@@ -70627,7 +72646,8 @@ index 0000000..2f159b5
+#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for "
+#define GR_RWXMMAP_MSG "denied RWX mmap of %.950s by "
+#define GR_RWXMPROTECT_MSG "denied RWX mprotect of %.950s by "
-+#define GR_TEXTREL_AUDIT_MSG "text relocation in %s, VMA:0x%08lx 0x%08lx by "
++#define GR_TEXTREL_AUDIT_MSG "denied text relocation in %.950s, VMA:0x%08lx 0x%08lx by "
++#define GR_PTGNUSTACK_MSG "denied marking stack executable as requested by PT_GNU_STACK marking in %.950s by "
+#define GR_VM86_MSG "denied use of vm86 by "
+#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by "
+#define GR_PTRACE_READEXEC_MSG "denied ptrace of unreadable binary %.950s by "
@@ -70638,10 +72658,10 @@ index 0000000..2f159b5
+#define GR_BRUTE_SUID_MSG "bruteforce prevention initiated due to crash of %.950s against uid %u, banning suid/sgid execs for %u minutes. Please investigate the crash report for "
diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h
new file mode 100644
-index 0000000..d957f6d
+index 0000000..3676b0b
--- /dev/null
+++ b/include/linux/grsecurity.h
-@@ -0,0 +1,241 @@
+@@ -0,0 +1,242 @@
+#ifndef GR_SECURITY_H
+#define GR_SECURITY_H
+#include <linux/fs.h>
@@ -70719,8 +72739,9 @@ index 0000000..d957f6d
+void gr_log_unmount(const char *devname, const int retval);
+void gr_log_mount(const char *from, const char *to, const int retval);
+void gr_log_textrel(struct vm_area_struct *vma);
++void gr_log_ptgnustack(struct file *file);
+void gr_log_rwxmmap(struct file *file);
-+void gr_log_rwxmprotect(struct file *file);
++void gr_log_rwxmprotect(struct vm_area_struct *vma);
+
+int gr_handle_follow_link(const struct inode *parent,
+ const struct inode *inode,
@@ -70955,17 +72976,17 @@ index 1c7b89a..7f52502 100644
container_of(_dev_attr, struct sensor_device_attribute_2, dev_attr)
diff --git a/include/linux/i2c.h b/include/linux/i2c.h
-index d0c4db7..61b3577 100644
+index e988fa9..ff9f17e 100644
--- a/include/linux/i2c.h
+++ b/include/linux/i2c.h
-@@ -369,6 +369,7 @@ struct i2c_algorithm {
+@@ -366,6 +366,7 @@ struct i2c_algorithm {
/* To determine what the adapter supports */
u32 (*functionality) (struct i2c_adapter *);
};
+typedef struct i2c_algorithm __no_const i2c_algorithm_no_const;
- /*
- * i2c_adapter is the structure used to identify a physical i2c bus along
+ /**
+ * struct i2c_bus_recovery_info - I2C bus recovery information
diff --git a/include/linux/i2o.h b/include/linux/i2o.h
index d23c3c2..eb63c81 100644
--- a/include/linux/i2o.h
@@ -70992,21 +73013,6 @@ index aff7ad8..3942bbd 100644
extern int register_pppox_proto(int proto_num, const struct pppox_proto *pp);
extern void unregister_pppox_proto(int proto_num);
-diff --git a/include/linux/if_vlan.h b/include/linux/if_vlan.h
-index 218a3b6..ee586cb 100644
---- a/include/linux/if_vlan.h
-+++ b/include/linux/if_vlan.h
-@@ -79,9 +79,8 @@ static inline int is_vlan_dev(struct net_device *dev)
- }
-
- #define vlan_tx_tag_present(__skb) ((__skb)->vlan_tci & VLAN_TAG_PRESENT)
--#define vlan_tx_nonzero_tag_present(__skb) \
-- (vlan_tx_tag_present(__skb) && ((__skb)->vlan_tci & VLAN_VID_MASK))
- #define vlan_tx_tag_get(__skb) ((__skb)->vlan_tci & ~VLAN_TAG_PRESENT)
-+#define vlan_tx_tag_get_id(__skb) ((__skb)->vlan_tci & VLAN_VID_MASK)
-
- #if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE)
-
diff --git a/include/linux/init.h b/include/linux/init.h
index 8618147..0821126 100644
--- a/include/linux/init.h
@@ -71122,7 +73128,7 @@ index 5fa5afe..ac55b25 100644
extern void __raise_softirq_irqoff(unsigned int nr);
diff --git a/include/linux/iommu.h b/include/linux/iommu.h
-index ba3b8a9..7e14ed8 100644
+index 3aeb730..2177f39 100644
--- a/include/linux/iommu.h
+++ b/include/linux/iommu.h
@@ -113,7 +113,7 @@ struct iommu_ops {
@@ -71135,7 +73141,7 @@ index ba3b8a9..7e14ed8 100644
#define IOMMU_GROUP_NOTIFY_ADD_DEVICE 1 /* Device added */
#define IOMMU_GROUP_NOTIFY_DEL_DEVICE 2 /* Pre Device removed */
diff --git a/include/linux/ioport.h b/include/linux/ioport.h
-index 85ac9b9b..e5759ab 100644
+index 89b7c24..382af74 100644
--- a/include/linux/ioport.h
+++ b/include/linux/ioport.h
@@ -161,7 +161,7 @@ struct resource *lookup_resource(struct resource *root, resource_size_t start);
@@ -71162,7 +73168,7 @@ index bc4e066..50468a9 100644
/*
* irq_chip specific flags
diff --git a/include/linux/irqchip/arm-gic.h b/include/linux/irqchip/arm-gic.h
-index 3fd8e42..a73e966 100644
+index 3e203eb..3fe68d0 100644
--- a/include/linux/irqchip/arm-gic.h
+++ b/include/linux/irqchip/arm-gic.h
@@ -59,9 +59,11 @@
@@ -71179,7 +73185,7 @@ index 3fd8e42..a73e966 100644
void gic_init_bases(unsigned int, int, void __iomem *, void __iomem *,
u32 offset, struct device_node *);
diff --git a/include/linux/kallsyms.h b/include/linux/kallsyms.h
-index 6883e19..06992b1 100644
+index 6883e19..e854fcb 100644
--- a/include/linux/kallsyms.h
+++ b/include/linux/kallsyms.h
@@ -15,7 +15,8 @@
@@ -71192,12 +73198,13 @@ index 6883e19..06992b1 100644
/* Lookup the address for a symbol. Returns 0 if not found. */
unsigned long kallsyms_lookup_name(const char *name);
-@@ -106,6 +107,17 @@ static inline int lookup_symbol_attrs(unsigned long addr, unsigned long *size, u
+@@ -106,6 +107,21 @@ static inline int lookup_symbol_attrs(unsigned long addr, unsigned long *size, u
/* Stupid that this does nothing, but I didn't create this mess. */
#define __print_symbol(fmt, addr)
#endif /*CONFIG_KALLSYMS*/
-+#else /* when included by kallsyms.c, vsnprintf.c, or
++#else /* when included by kallsyms.c, vsnprintf.c, kprobes.c, or
+ arch/x86/kernel/dumpstack.c, with HIDESYM enabled */
++extern unsigned long kallsyms_lookup_name(const char *name);
+extern void __print_symbol(const char *fmt, unsigned long address);
+extern int sprint_backtrace(char *buffer, unsigned long address);
+extern int sprint_symbol(char *buffer, unsigned long address);
@@ -71206,6 +73213,9 @@ index 6883e19..06992b1 100644
+ unsigned long *symbolsize,
+ unsigned long *offset,
+ char **modname, char *namebuf);
++extern int kallsyms_lookup_size_offset(unsigned long addr,
++ unsigned long *symbolsize,
++ unsigned long *offset);
+#endif
/* This macro allows us to keep printk typechecking */
@@ -71255,7 +73265,7 @@ index c6e091b..a940adf 100644
extern struct kgdb_arch arch_kgdb_ops;
diff --git a/include/linux/kmod.h b/include/linux/kmod.h
-index 5398d58..5883a34 100644
+index 0555cc6..b16a7a4 100644
--- a/include/linux/kmod.h
+++ b/include/linux/kmod.h
@@ -34,6 +34,8 @@ extern char modprobe_path[]; /* for sysctl */
@@ -71302,10 +73312,10 @@ index f66b065..c2c29b4 100644
int kobj_ns_type_register(const struct kobj_ns_type_operations *ops);
int kobj_ns_type_registered(enum kobj_ns_type type);
diff --git a/include/linux/kref.h b/include/linux/kref.h
-index 7419c02..aa2f02d 100644
+index 484604d..0f6c5b6 100644
--- a/include/linux/kref.h
+++ b/include/linux/kref.h
-@@ -65,7 +65,7 @@ static inline void kref_get(struct kref *kref)
+@@ -68,7 +68,7 @@ static inline void kref_get(struct kref *kref)
static inline int kref_sub(struct kref *kref, unsigned int count,
void (*release)(struct kref *kref))
{
@@ -71315,19 +73325,19 @@ index 7419c02..aa2f02d 100644
if (atomic_sub_and_test((int) count, &kref->refcount)) {
release(kref);
diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h
-index c139582..0b5b102 100644
+index 8db53cf..c21121d 100644
--- a/include/linux/kvm_host.h
+++ b/include/linux/kvm_host.h
-@@ -424,7 +424,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu);
- int __must_check vcpu_load(struct kvm_vcpu *vcpu);
- void vcpu_put(struct kvm_vcpu *vcpu);
-
+@@ -444,7 +444,7 @@ static inline void kvm_irqfd_exit(void)
+ {
+ }
+ #endif
-int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+int kvm_init(const void *opaque, unsigned vcpu_size, unsigned vcpu_align,
struct module *module);
void kvm_exit(void);
-@@ -582,7 +582,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
+@@ -616,7 +616,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu,
struct kvm_guest_debug *dbg);
int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run);
@@ -71350,7 +73360,7 @@ index eae7a05..2cdd875 100644
struct ata_port_info {
unsigned long flags;
diff --git a/include/linux/list.h b/include/linux/list.h
-index 6a1f8df..eaec1ff 100644
+index b83e565..baa6c1d 100644
--- a/include/linux/list.h
+++ b/include/linux/list.h
@@ -112,6 +112,19 @@ extern void __list_del_entry(struct list_head *entry);
@@ -71383,10 +73393,10 @@ index 6a1f8df..eaec1ff 100644
* list_move - delete from one list and add as another's head
* @list: the entry to move
diff --git a/include/linux/math64.h b/include/linux/math64.h
-index b8ba855..0148090 100644
+index 2913b86..8dcbb1e 100644
--- a/include/linux/math64.h
+++ b/include/linux/math64.h
-@@ -14,7 +14,7 @@
+@@ -15,7 +15,7 @@
* This is commonly provided by 32bit archs to provide an optimized 64bit
* divide.
*/
@@ -71395,8 +73405,17 @@ index b8ba855..0148090 100644
{
*remainder = dividend % divisor;
return dividend / divisor;
-@@ -50,7 +50,7 @@ static inline s64 div64_s64(s64 dividend, s64 divisor)
- #define div64_long(x,y) div_s64((x),(y))
+@@ -33,7 +33,7 @@ static inline s64 div_s64_rem(s64 dividend, s32 divisor, s32 *remainder)
+ /**
+ * div64_u64 - unsigned 64bit divide with 64bit divisor
+ */
+-static inline u64 div64_u64(u64 dividend, u64 divisor)
++static inline u64 __intentional_overflow(0) div64_u64(u64 dividend, u64 divisor)
+ {
+ return dividend / divisor;
+ }
+@@ -52,7 +52,7 @@ static inline s64 div64_s64(s64 dividend, s64 divisor)
+ #define div64_ul(x, y) div_u64((x), (y))
#ifndef div_u64_rem
-static inline u64 div_u64_rem(u64 dividend, u32 divisor, u32 *remainder)
@@ -71404,7 +73423,7 @@ index b8ba855..0148090 100644
{
*remainder = do_div(dividend, divisor);
return dividend;
-@@ -79,7 +79,7 @@ extern s64 div64_s64(s64 dividend, s64 divisor);
+@@ -81,7 +81,7 @@ extern s64 div64_s64(s64 dividend, s64 divisor);
* divide.
*/
#ifndef div_u64
@@ -71414,10 +73433,10 @@ index b8ba855..0148090 100644
u32 remainder;
return div_u64_rem(dividend, divisor, &remainder);
diff --git a/include/linux/mm.h b/include/linux/mm.h
-index e2091b8..3c7b38c 100644
+index e0c8528..bcf0c29 100644
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
-@@ -101,6 +101,11 @@ extern unsigned int kobjsize(const void *objp);
+@@ -104,6 +104,11 @@ extern unsigned int kobjsize(const void *objp);
#define VM_HUGETLB 0x00400000 /* Huge TLB Page VM */
#define VM_NONLINEAR 0x00800000 /* Is non-linear (remap_file_pages) */
#define VM_ARCH_1 0x01000000 /* Architecture-specific flag */
@@ -71429,7 +73448,7 @@ index e2091b8..3c7b38c 100644
#define VM_DONTDUMP 0x04000000 /* Do not include in the core dump */
#define VM_MIXEDMAP 0x10000000 /* Can contain "struct page" and pure PFN pages */
-@@ -202,8 +207,8 @@ struct vm_operations_struct {
+@@ -205,8 +210,8 @@ struct vm_operations_struct {
/* called by access_process_vm when get_user_pages() fails, typically
* for use by special VMAs that can switch between memory and hardware
*/
@@ -71440,7 +73459,7 @@ index e2091b8..3c7b38c 100644
#ifdef CONFIG_NUMA
/*
* set_policy() op must add a reference to any non-NULL @new mempolicy
-@@ -233,6 +238,7 @@ struct vm_operations_struct {
+@@ -236,6 +241,7 @@ struct vm_operations_struct {
int (*remap_pages)(struct vm_area_struct *vma, unsigned long addr,
unsigned long size, pgoff_t pgoff);
};
@@ -71448,7 +73467,7 @@ index e2091b8..3c7b38c 100644
struct mmu_gather;
struct inode;
-@@ -970,8 +976,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address,
+@@ -980,8 +986,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address,
unsigned long *pfn);
int follow_phys(struct vm_area_struct *vma, unsigned long address,
unsigned int flags, unsigned long *prot, resource_size_t *phys);
@@ -71459,7 +73478,7 @@ index e2091b8..3c7b38c 100644
static inline void unmap_shared_mapping_range(struct address_space *mapping,
loff_t const holebegin, loff_t const holelen)
-@@ -1010,9 +1016,9 @@ static inline int fixup_user_fault(struct task_struct *tsk,
+@@ -1020,9 +1026,9 @@ static inline int fixup_user_fault(struct task_struct *tsk,
}
#endif
@@ -71472,7 +73491,7 @@ index e2091b8..3c7b38c 100644
long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
unsigned long start, unsigned long nr_pages,
-@@ -1043,34 +1049,6 @@ int set_page_dirty(struct page *page);
+@@ -1053,34 +1059,6 @@ int set_page_dirty(struct page *page);
int set_page_dirty_lock(struct page *page);
int clear_page_dirty_for_io(struct page *page);
@@ -71507,7 +73526,7 @@ index e2091b8..3c7b38c 100644
extern pid_t
vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group);
-@@ -1173,6 +1151,15 @@ static inline void sync_mm_rss(struct mm_struct *mm)
+@@ -1180,6 +1158,15 @@ static inline void sync_mm_rss(struct mm_struct *mm)
}
#endif
@@ -71523,7 +73542,7 @@ index e2091b8..3c7b38c 100644
int vma_wants_writenotify(struct vm_area_struct *vma);
extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr,
-@@ -1191,8 +1178,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
+@@ -1198,8 +1185,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd,
{
return 0;
}
@@ -71539,7 +73558,7 @@ index e2091b8..3c7b38c 100644
#endif
#ifdef __PAGETABLE_PMD_FOLDED
-@@ -1201,8 +1195,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
+@@ -1208,8 +1202,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud,
{
return 0;
}
@@ -71555,7 +73574,7 @@ index e2091b8..3c7b38c 100644
#endif
int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma,
-@@ -1220,11 +1221,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
+@@ -1227,11 +1228,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a
NULL: pud_offset(pgd, address);
}
@@ -71579,7 +73598,7 @@ index e2091b8..3c7b38c 100644
#endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */
#if USE_SPLIT_PTLOCKS
-@@ -1455,6 +1468,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1517,6 +1530,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
unsigned long len, unsigned long prot, unsigned long flags,
unsigned long pgoff, unsigned long *populate);
extern int do_munmap(struct mm_struct *, unsigned long, size_t);
@@ -71587,7 +73606,7 @@ index e2091b8..3c7b38c 100644
#ifdef CONFIG_MMU
extern int __mm_populate(unsigned long addr, unsigned long len,
-@@ -1483,10 +1497,11 @@ struct vm_unmapped_area_info {
+@@ -1545,10 +1559,11 @@ struct vm_unmapped_area_info {
unsigned long high_limit;
unsigned long align_mask;
unsigned long align_offset;
@@ -71601,7 +73620,7 @@ index e2091b8..3c7b38c 100644
/*
* Search for an unmapped address range.
-@@ -1498,7 +1513,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
+@@ -1560,7 +1575,7 @@ extern unsigned long unmapped_area_topdown(struct vm_unmapped_area_info *info);
* - satisfies (begin_addr & align_mask) == (align_offset & align_mask)
*/
static inline unsigned long
@@ -71610,7 +73629,7 @@ index e2091b8..3c7b38c 100644
{
if (!(info->flags & VM_UNMAPPED_AREA_TOPDOWN))
return unmapped_area(info);
-@@ -1561,6 +1576,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
+@@ -1623,6 +1638,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add
extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr,
struct vm_area_struct **pprev);
@@ -71621,7 +73640,7 @@ index e2091b8..3c7b38c 100644
/* Look up the first VMA which intersects the interval start_addr..end_addr-1,
NULL if none. Assume start_addr < end_addr. */
static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr)
-@@ -1589,15 +1608,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
+@@ -1651,15 +1670,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm,
return vma;
}
@@ -71637,7 +73656,7 @@ index e2091b8..3c7b38c 100644
#ifdef CONFIG_ARCH_USES_NUMA_PROT_NONE
unsigned long change_prot_numa(struct vm_area_struct *vma,
unsigned long start, unsigned long end);
-@@ -1649,6 +1659,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
+@@ -1711,6 +1721,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long);
static inline void vm_stat_account(struct mm_struct *mm,
unsigned long flags, struct file *file, long pages)
{
@@ -71649,7 +73668,7 @@ index e2091b8..3c7b38c 100644
mm->total_vm += pages;
}
#endif /* CONFIG_PROC_FS */
-@@ -1725,7 +1740,7 @@ extern int unpoison_memory(unsigned long pfn);
+@@ -1791,7 +1806,7 @@ extern int unpoison_memory(unsigned long pfn);
extern int sysctl_memory_failure_early_kill;
extern int sysctl_memory_failure_recovery;
extern void shake_page(struct page *p, int access);
@@ -71658,9 +73677,9 @@ index e2091b8..3c7b38c 100644
extern int soft_offline_page(struct page *page, int flags);
extern void dump_page(struct page *page);
-@@ -1756,5 +1771,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; }
- static inline bool page_is_guard(struct page *page) { return false; }
- #endif /* CONFIG_DEBUG_PAGEALLOC */
+@@ -1828,5 +1843,11 @@ void __init setup_nr_node_ids(void);
+ static inline void setup_nr_node_ids(void) {}
+ #endif
+#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT
+extern void track_exec_limit(struct mm_struct *mm, unsigned long start, unsigned long end, unsigned long prot);
@@ -71731,7 +73750,7 @@ index c5d5278..f0b68c8 100644
}
diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h
-index c74092e..b663967 100644
+index 5c76737..61f518e 100644
--- a/include/linux/mmzone.h
+++ b/include/linux/mmzone.h
@@ -396,7 +396,7 @@ struct zone {
@@ -71744,10 +73763,10 @@ index c74092e..b663967 100644
/*
* The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on
diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h
-index 779cf7c..e6768240 100644
+index b508016..237cfe5 100644
--- a/include/linux/mod_devicetable.h
+++ b/include/linux/mod_devicetable.h
-@@ -12,7 +12,7 @@
+@@ -13,7 +13,7 @@
typedef unsigned long kernel_ulong_t;
#endif
@@ -71756,7 +73775,7 @@ index 779cf7c..e6768240 100644
struct pci_device_id {
__u32 vendor, device; /* Vendor and device ID or PCI_ANY_ID*/
-@@ -138,7 +138,7 @@ struct usb_device_id {
+@@ -139,7 +139,7 @@ struct usb_device_id {
#define USB_DEVICE_ID_MATCH_INT_PROTOCOL 0x0200
#define USB_DEVICE_ID_MATCH_INT_NUMBER 0x0400
@@ -71765,7 +73784,7 @@ index 779cf7c..e6768240 100644
#define HID_BUS_ANY 0xffff
#define HID_GROUP_ANY 0x0000
-@@ -464,7 +464,7 @@ struct dmi_system_id {
+@@ -465,7 +465,7 @@ struct dmi_system_id {
const char *ident;
struct dmi_strmatch matches[4];
void *driver_data;
@@ -71775,7 +73794,7 @@ index 779cf7c..e6768240 100644
* struct dmi_device_id appears during expansion of
* "MODULE_DEVICE_TABLE(dmi, x)". Compiler doesn't look inside it
diff --git a/include/linux/module.h b/include/linux/module.h
-index ead1b57..81a3b6c 100644
+index 46f1ea0..a34ca37 100644
--- a/include/linux/module.h
+++ b/include/linux/module.h
@@ -17,9 +17,11 @@
@@ -71997,7 +74016,7 @@ index 5a5ff57..5ae5070 100644
return nd->saved_names[nd->depth];
}
diff --git a/include/linux/net.h b/include/linux/net.h
-index aa16731..514b875 100644
+index 99c9f0c..e1cf296 100644
--- a/include/linux/net.h
+++ b/include/linux/net.h
@@ -183,7 +183,7 @@ struct net_proto_family {
@@ -72010,10 +74029,10 @@ index aa16731..514b875 100644
struct iovec;
struct kvec;
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
-index 6151e90..2e0afb0 100644
+index 96e4c21..9cc8278 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
-@@ -1028,6 +1028,7 @@ struct net_device_ops {
+@@ -1026,6 +1026,7 @@ struct net_device_ops {
int (*ndo_change_carrier)(struct net_device *dev,
bool new_carrier);
};
@@ -72031,7 +74050,7 @@ index 6151e90..2e0afb0 100644
*/
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
-index ee14284..bc65d63 100644
+index 0060fde..481c6ae 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -82,7 +82,7 @@ struct nf_sockopt_ops {
@@ -72044,10 +74063,10 @@ index ee14284..bc65d63 100644
/* Function to register/unregister hook points. */
int nf_register_hook(struct nf_hook_ops *reg);
diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h
-index 7958e84..ed74d7a 100644
+index d80e275..c3510b8 100644
--- a/include/linux/netfilter/ipset/ip_set.h
+++ b/include/linux/netfilter/ipset/ip_set.h
-@@ -98,7 +98,7 @@ struct ip_set_type_variant {
+@@ -124,7 +124,7 @@ struct ip_set_type_variant {
/* Return true if "b" set is the same as "a"
* according to the create set parameters */
bool (*same_set)(const struct ip_set *a, const struct ip_set *b);
@@ -72057,7 +74076,7 @@ index 7958e84..ed74d7a 100644
/* The core set type structure */
struct ip_set_type {
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
-index ecbb8e4..8a1c4e1 100644
+index cadb740..d7c37c0 100644
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -16,7 +16,7 @@ struct nfnl_callback {
@@ -72098,11 +74117,11 @@ index 5dc635f..35f5e11 100644
/* this value hold the maximum octet of charset */
#define NLS_MAX_CHARSET_SIZE 6 /* for UTF-8 */
diff --git a/include/linux/notifier.h b/include/linux/notifier.h
-index d65746e..62e72c2 100644
+index d14a4c3..a078786 100644
--- a/include/linux/notifier.h
+++ b/include/linux/notifier.h
-@@ -51,7 +51,8 @@ struct notifier_block {
- int (*notifier_call)(struct notifier_block *, unsigned long, void *);
+@@ -54,7 +54,8 @@ struct notifier_block {
+ notifier_fn_t notifier_call;
struct notifier_block __rcu *next;
int priority;
-};
@@ -72128,7 +74147,7 @@ index a4c5624..79d6d88 100644
/** create a directory */
struct dentry * oprofilefs_mkdir(struct super_block * sb, struct dentry * root,
diff --git a/include/linux/pci_hotplug.h b/include/linux/pci_hotplug.h
-index 45fc162..01a4068 100644
+index 8db71dc..a76bf2c 100644
--- a/include/linux/pci_hotplug.h
+++ b/include/linux/pci_hotplug.h
@@ -80,7 +80,8 @@ struct hotplug_slot_ops {
@@ -72142,10 +74161,10 @@ index 45fc162..01a4068 100644
/**
* struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot
diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h
-index 2f522a3..494e45f 100644
+index c5b6dbf..b124155 100644
--- a/include/linux/perf_event.h
+++ b/include/linux/perf_event.h
-@@ -333,8 +333,8 @@ struct perf_event {
+@@ -318,8 +318,8 @@ struct perf_event {
enum perf_event_active_state state;
unsigned int attach_state;
@@ -72156,7 +74175,7 @@ index 2f522a3..494e45f 100644
/*
* These are the total time in nanoseconds that the event
-@@ -385,8 +385,8 @@ struct perf_event {
+@@ -370,8 +370,8 @@ struct perf_event {
* These accumulate total time (in nanoseconds) that children
* events have been enabled and running, respectively.
*/
@@ -72167,7 +74186,7 @@ index 2f522a3..494e45f 100644
/*
* Protect attach/detach and child_list:
-@@ -703,7 +703,7 @@ static inline void perf_callchain_store(struct perf_callchain_entry *entry, u64
+@@ -692,7 +692,7 @@ static inline void perf_callchain_store(struct perf_callchain_entry *entry, u64
entry->ip[entry->nr++] = ip;
}
@@ -72176,7 +74195,7 @@ index 2f522a3..494e45f 100644
extern int sysctl_perf_event_mlock;
extern int sysctl_perf_event_sample_rate;
-@@ -711,19 +711,24 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write,
+@@ -700,19 +700,24 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp,
loff_t *ppos);
@@ -72204,7 +74223,7 @@ index 2f522a3..494e45f 100644
}
extern void perf_event_init(void);
-@@ -811,7 +816,7 @@ static inline void perf_restore_debug_store(void) { }
+@@ -806,7 +811,7 @@ static inline void perf_restore_debug_store(void) { }
*/
#define perf_cpu_notifier(fn) \
do { \
@@ -72213,28 +74232,30 @@ index 2f522a3..494e45f 100644
{ .notifier_call = fn, .priority = CPU_PRI_PERF }; \
unsigned long cpu = smp_processor_id(); \
unsigned long flags; \
-@@ -830,7 +835,7 @@ do { \
- struct perf_pmu_events_attr {
+@@ -826,7 +831,7 @@ struct perf_pmu_events_attr {
struct device_attribute attr;
u64 id;
+ const char *event_str;
-};
+} __do_const;
#define PMU_EVENT_ATTR(_name, _var, _id, _show) \
static struct perf_pmu_events_attr _var = { \
diff --git a/include/linux/pipe_fs_i.h b/include/linux/pipe_fs_i.h
-index ad1a427..6419649 100644
+index b8809fe..ae4ccd0 100644
--- a/include/linux/pipe_fs_i.h
+++ b/include/linux/pipe_fs_i.h
-@@ -45,9 +45,9 @@ struct pipe_buffer {
- struct pipe_inode_info {
+@@ -47,10 +47,10 @@ struct pipe_inode_info {
+ struct mutex mutex;
wait_queue_head_t wait;
unsigned int nrbufs, curbuf, buffers;
- unsigned int readers;
- unsigned int writers;
+- unsigned int files;
- unsigned int waiting_writers;
+ atomic_t readers;
+ atomic_t writers;
++ atomic_t files;
+ atomic_t waiting_writers;
unsigned int r_counter;
unsigned int w_counter;
@@ -72252,10 +74273,10 @@ index 5f28cae..3d23723 100644
extern void s5p_ehci_set_platdata(struct s5p_ehci_platdata *pd);
-diff --git a/include/linux/platform_data/usb-exynos.h b/include/linux/platform_data/usb-exynos.h
+diff --git a/include/linux/platform_data/usb-ohci-exynos.h b/include/linux/platform_data/usb-ohci-exynos.h
index c256c59..8ea94c7 100644
---- a/include/linux/platform_data/usb-exynos.h
-+++ b/include/linux/platform_data/usb-exynos.h
+--- a/include/linux/platform_data/usb-ohci-exynos.h
++++ b/include/linux/platform_data/usb-ohci-exynos.h
@@ -14,7 +14,7 @@
struct exynos4_ohci_platdata {
int (*phy_init)(struct platform_device *pdev, int type);
@@ -72345,20 +74366,75 @@ index 4ea1d37..80f4b33 100644
/*
* The return value from decompress routine is the length of the
+diff --git a/include/linux/preempt.h b/include/linux/preempt.h
+index f5d4723..a6ea2fa 100644
+--- a/include/linux/preempt.h
++++ b/include/linux/preempt.h
+@@ -18,8 +18,13 @@
+ # define sub_preempt_count(val) do { preempt_count() -= (val); } while (0)
+ #endif
+
++#define raw_add_preempt_count(val) do { preempt_count() += (val); } while (0)
++#define raw_sub_preempt_count(val) do { preempt_count() -= (val); } while (0)
++
+ #define inc_preempt_count() add_preempt_count(1)
++#define raw_inc_preempt_count() raw_add_preempt_count(1)
+ #define dec_preempt_count() sub_preempt_count(1)
++#define raw_dec_preempt_count() raw_sub_preempt_count(1)
+
+ #define preempt_count() (current_thread_info()->preempt_count)
+
+@@ -64,6 +69,12 @@ do { \
+ barrier(); \
+ } while (0)
+
++#define raw_preempt_disable() \
++do { \
++ raw_inc_preempt_count(); \
++ barrier(); \
++} while (0)
++
+ #define sched_preempt_enable_no_resched() \
+ do { \
+ barrier(); \
+@@ -72,6 +83,12 @@ do { \
+
+ #define preempt_enable_no_resched() sched_preempt_enable_no_resched()
+
++#define raw_preempt_enable_no_resched() \
++do { \
++ barrier(); \
++ raw_dec_preempt_count(); \
++} while (0)
++
+ #define preempt_enable() \
+ do { \
+ preempt_enable_no_resched(); \
+@@ -116,8 +133,10 @@ do { \
+ * region.
+ */
+ #define preempt_disable() barrier()
++#define raw_preempt_disable() barrier()
+ #define sched_preempt_enable_no_resched() barrier()
+ #define preempt_enable_no_resched() barrier()
++#define raw_preempt_enable_no_resched() barrier()
+ #define preempt_enable() barrier()
+
+ #define preempt_disable_notrace() barrier()
diff --git a/include/linux/printk.h b/include/linux/printk.h
-index 822171f..12b30e8 100644
+index 22c7052..ad3fa0a 100644
--- a/include/linux/printk.h
+++ b/include/linux/printk.h
-@@ -98,6 +98,8 @@ int no_printk(const char *fmt, ...)
- extern asmlinkage __printf(1, 2)
- void early_printk(const char *fmt, ...);
+@@ -106,6 +106,8 @@ static inline __printf(1, 2) __cold
+ void early_printk(const char *s, ...) { }
+ #endif
+extern int kptr_restrict;
+
#ifdef CONFIG_PRINTK
asmlinkage __printf(5, 0)
int vprintk_emit(int facility, int level,
-@@ -132,7 +134,6 @@ extern bool printk_timed_ratelimit(unsigned long *caller_jiffies,
+@@ -140,7 +142,6 @@ extern bool printk_timed_ratelimit(unsigned long *caller_jiffies,
extern int printk_delay_msec;
extern int dmesg_restrict;
@@ -72367,10 +74443,10 @@ index 822171f..12b30e8 100644
extern void wake_up_klogd(void);
diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h
-index 94dfb2a..88b9d3b 100644
+index 608e60a..c26f864 100644
--- a/include/linux/proc_fs.h
+++ b/include/linux/proc_fs.h
-@@ -165,6 +165,18 @@ static inline struct proc_dir_entry *proc_create(const char *name, umode_t mode,
+@@ -34,6 +34,19 @@ static inline struct proc_dir_entry *proc_create(
return proc_create_data(name, mode, parent, proc_fops, NULL);
}
@@ -72386,23 +74462,28 @@ index 94dfb2a..88b9d3b 100644
+#endif
+}
+
- static inline struct proc_dir_entry *create_proc_read_entry(const char *name,
- umode_t mode, struct proc_dir_entry *base,
- read_proc_t *read_proc, void * data)
-@@ -266,7 +278,7 @@ struct proc_ns_operations {
++
+ extern void proc_set_size(struct proc_dir_entry *, loff_t);
+ extern void proc_set_user(struct proc_dir_entry *, kuid_t, kgid_t);
+ extern void *PDE_DATA(const struct inode *);
+diff --git a/include/linux/proc_ns.h b/include/linux/proc_ns.h
+index 34a1e10..03a6d03 100644
+--- a/include/linux/proc_ns.h
++++ b/include/linux/proc_ns.h
+@@ -14,7 +14,7 @@ struct proc_ns_operations {
void (*put)(void *ns);
int (*install)(struct nsproxy *nsproxy, void *ns);
unsigned int (*inum)(void *ns);
-};
+} __do_const;
- extern const struct proc_ns_operations netns_operations;
- extern const struct proc_ns_operations utsns_operations;
- extern const struct proc_ns_operations ipcns_operations;
+
+ struct proc_ns {
+ void *ns;
diff --git a/include/linux/random.h b/include/linux/random.h
-index 347ce55..880f97c 100644
+index 3b9377d..61b506a 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
-@@ -39,6 +39,11 @@ void prandom_seed(u32 seed);
+@@ -32,6 +32,11 @@ void prandom_seed(u32 seed);
u32 prandom_u32_state(struct rnd_state *);
void prandom_bytes_state(struct rnd_state *state, void *buf, int nbytes);
@@ -72415,7 +74496,7 @@ index 347ce55..880f97c 100644
* Handle minimum values for seeds
*/
diff --git a/include/linux/rculist.h b/include/linux/rculist.h
-index 8089e35..3a0d59a 100644
+index f4b1001..8ddb2b6 100644
--- a/include/linux/rculist.h
+++ b/include/linux/rculist.h
@@ -44,6 +44,9 @@ extern void __list_add_rcu(struct list_head *new,
@@ -72516,10 +74597,10 @@ index 8e0c9fe..ac4d221 100644
/**
* struct user_regset_view - available regsets
diff --git a/include/linux/relay.h b/include/linux/relay.h
-index 91cacc3..b55ff74 100644
+index d7c8359..818daf5 100644
--- a/include/linux/relay.h
+++ b/include/linux/relay.h
-@@ -160,7 +160,7 @@ struct rchan_callbacks
+@@ -157,7 +157,7 @@ struct rchan_callbacks
* The callback should return 0 if successful, negative if not.
*/
int (*remove_buf_file)(struct dentry *dentry);
@@ -72529,10 +74610,10 @@ index 91cacc3..b55ff74 100644
/*
* CONFIG_RELAY kernel API, kernel/relay.c
diff --git a/include/linux/rio.h b/include/linux/rio.h
-index a3e7842..d973ca6 100644
+index 18e0993..8ab5b21 100644
--- a/include/linux/rio.h
+++ b/include/linux/rio.h
-@@ -339,7 +339,7 @@ struct rio_ops {
+@@ -345,7 +345,7 @@ struct rio_ops {
int (*map_inb)(struct rio_mport *mport, dma_addr_t lstart,
u64 rstart, u32 size, u32 flags);
void (*unmap_inb)(struct rio_mport *mport, dma_addr_t lstart);
@@ -72557,7 +74638,7 @@ index 6dacb93..6174423 100644
static inline void anon_vma_merge(struct vm_area_struct *vma,
struct vm_area_struct *next)
diff --git a/include/linux/sched.h b/include/linux/sched.h
-index be4e742..01f1387 100644
+index 178a8d9..450bf11 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -62,6 +62,7 @@ struct bio_list;
@@ -72568,7 +74649,7 @@ index be4e742..01f1387 100644
/*
* List of flags we want to share for kernel threads,
-@@ -315,7 +316,7 @@ extern char __sched_text_start[], __sched_text_end[];
+@@ -303,7 +304,7 @@ extern char __sched_text_start[], __sched_text_end[];
extern int in_sched_functions(unsigned long addr);
#define MAX_SCHEDULE_TIMEOUT LONG_MAX
@@ -72577,8 +74658,8 @@ index be4e742..01f1387 100644
extern signed long schedule_timeout_interruptible(signed long timeout);
extern signed long schedule_timeout_killable(signed long timeout);
extern signed long schedule_timeout_uninterruptible(signed long timeout);
-@@ -329,6 +330,18 @@ struct user_namespace;
- #include <linux/aio.h>
+@@ -314,6 +315,19 @@ struct nsproxy;
+ struct user_namespace;
#ifdef CONFIG_MMU
+
@@ -72593,10 +74674,11 @@ index be4e742..01f1387 100644
+
+extern bool check_heap_stack_gap(const struct vm_area_struct *vma, unsigned long addr, unsigned long len, unsigned long offset);
+extern unsigned long skip_heap_stack_gap(const struct vm_area_struct *vma, unsigned long len, unsigned long offset);
++
extern void arch_pick_mmap_layout(struct mm_struct *mm);
extern unsigned long
arch_get_unmapped_area(struct file *, unsigned long, unsigned long,
-@@ -605,6 +618,17 @@ struct signal_struct {
+@@ -591,6 +605,17 @@ struct signal_struct {
#ifdef CONFIG_TASKSTATS
struct taskstats *stats;
#endif
@@ -72613,8 +74695,8 @@ index be4e742..01f1387 100644
+
#ifdef CONFIG_AUDIT
unsigned audit_tty;
- struct tty_audit_buf *tty_audit_buf;
-@@ -683,6 +707,14 @@ struct user_struct {
+ unsigned audit_tty_log_passwd;
+@@ -671,6 +696,14 @@ struct user_struct {
struct key *session_keyring; /* UID's default session keyring */
#endif
@@ -72629,16 +74711,7 @@ index be4e742..01f1387 100644
/* Hash table maintenance information */
struct hlist_node uidhash_node;
kuid_t uid;
-@@ -1082,7 +1114,7 @@ struct sched_class {
- #ifdef CONFIG_FAIR_GROUP_SCHED
- void (*task_move_group) (struct task_struct *p, int on_rq);
- #endif
--};
-+} __do_const;
-
- struct load_weight {
- unsigned long weight, inv_weight;
-@@ -1323,8 +1355,8 @@ struct task_struct {
+@@ -1158,8 +1191,8 @@ struct task_struct {
struct list_head thread_group;
struct completion *vfork_done; /* for vfork() */
@@ -72649,7 +74722,7 @@ index be4e742..01f1387 100644
cputime_t utime, stime, utimescaled, stimescaled;
cputime_t gtime;
-@@ -1349,11 +1381,6 @@ struct task_struct {
+@@ -1184,11 +1217,6 @@ struct task_struct {
struct task_cputime cputime_expires;
struct list_head cpu_timers[3];
@@ -72661,7 +74734,7 @@ index be4e742..01f1387 100644
char comm[TASK_COMM_LEN]; /* executable name excluding path
- access with [gs]et_task_comm (which lock
it with task_lock())
-@@ -1370,6 +1397,10 @@ struct task_struct {
+@@ -1205,6 +1233,10 @@ struct task_struct {
#endif
/* CPU-specific state of this task */
struct thread_struct thread;
@@ -72672,7 +74745,7 @@ index be4e742..01f1387 100644
/* filesystem information */
struct fs_struct *fs;
/* open file information */
-@@ -1443,6 +1474,10 @@ struct task_struct {
+@@ -1278,6 +1310,10 @@ struct task_struct {
gfp_t lockdep_reclaim_gfp;
#endif
@@ -72683,7 +74756,7 @@ index be4e742..01f1387 100644
/* journalling filesystem info */
void *journal_info;
-@@ -1481,6 +1516,10 @@ struct task_struct {
+@@ -1316,6 +1352,10 @@ struct task_struct {
/* cg_list protected by css_set_lock and tsk->alloc_lock */
struct list_head cg_list;
#endif
@@ -72694,9 +74767,9 @@ index be4e742..01f1387 100644
#ifdef CONFIG_FUTEX
struct robust_list_head __user *robust_list;
#ifdef CONFIG_COMPAT
-@@ -1577,8 +1616,74 @@ struct task_struct {
- #ifdef CONFIG_UPROBES
- struct uprobe_task *utask;
+@@ -1416,8 +1456,76 @@ struct task_struct {
+ unsigned int sequential_io;
+ unsigned int sequential_io_avg;
#endif
+
+#ifdef CONFIG_GRKERNSEC
@@ -72762,6 +74835,8 @@ index be4e742..01f1387 100644
+extern void (*pax_set_initial_flags_func)(struct linux_binprm *bprm);
+#endif
+
++struct path;
++extern char *pax_get_path(const struct path *path, char *buf, int buflen);
+extern void pax_report_fault(struct pt_regs *regs, void *pc, void *sp);
+extern void pax_report_insns(struct pt_regs *regs, void *pc, void *sp);
+extern void pax_report_refcount_overflow(struct pt_regs *regs);
@@ -72769,7 +74844,7 @@ index be4e742..01f1387 100644
/* Future-safe accessor for struct task_struct's cpus_allowed. */
#define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed)
-@@ -1637,7 +1742,7 @@ struct pid_namespace;
+@@ -1476,7 +1584,7 @@ struct pid_namespace;
pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type,
struct pid_namespace *ns);
@@ -72778,7 +74853,7 @@ index be4e742..01f1387 100644
{
return tsk->pid;
}
-@@ -2073,7 +2178,9 @@ void yield(void);
+@@ -1919,7 +2027,9 @@ void yield(void);
extern struct exec_domain default_exec_domain;
union thread_union {
@@ -72788,7 +74863,7 @@ index be4e742..01f1387 100644
unsigned long stack[THREAD_SIZE/sizeof(long)];
};
-@@ -2106,6 +2213,7 @@ extern struct pid_namespace init_pid_ns;
+@@ -1952,6 +2062,7 @@ extern struct pid_namespace init_pid_ns;
*/
extern struct task_struct *find_task_by_vpid(pid_t nr);
@@ -72796,7 +74871,7 @@ index be4e742..01f1387 100644
extern struct task_struct *find_task_by_pid_ns(pid_t nr,
struct pid_namespace *ns);
-@@ -2272,7 +2380,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
+@@ -2118,7 +2229,7 @@ extern void __cleanup_sighand(struct sighand_struct *);
extern void exit_itimers(struct signal_struct *);
extern void flush_itimer_signals(void);
@@ -72805,7 +74880,7 @@ index be4e742..01f1387 100644
extern int allow_signal(int);
extern int disallow_signal(int);
-@@ -2463,9 +2571,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
+@@ -2309,9 +2420,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p)
#endif
@@ -72830,7 +74905,7 @@ index bf8086b..962b035 100644
extern unsigned int sysctl_sched_latency;
extern unsigned int sysctl_sched_min_granularity;
diff --git a/include/linux/security.h b/include/linux/security.h
-index 032c366..2c1c2dc2 100644
+index 4686491..2bd210e 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -26,6 +26,7 @@
@@ -72842,7 +74917,7 @@ index 032c366..2c1c2dc2 100644
struct linux_binprm;
struct cred;
diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h
-index 68a04a3..866e6a1 100644
+index 2da29ac..aac448ec 100644
--- a/include/linux/seq_file.h
+++ b/include/linux/seq_file.h
@@ -26,6 +26,9 @@ struct seq_file {
@@ -72878,11 +74953,23 @@ index 429c199..4d42e38 100644
};
/* shm_mode upper byte flags */
+diff --git a/include/linux/signal.h b/include/linux/signal.h
+index d897484..323ba98 100644
+--- a/include/linux/signal.h
++++ b/include/linux/signal.h
+@@ -433,6 +433,7 @@ void signals_init(void);
+
+ int restore_altstack(const stack_t __user *);
+ int __save_altstack(stack_t __user *, unsigned long);
++void __save_altstack_ex(stack_t __user *, unsigned long);
+
+ #ifdef CONFIG_PROC_FS
+ struct seq_file;
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
-index 1f2803c..4858a3d 100644
+index dec1748..112c1f9 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
-@@ -599,7 +599,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
+@@ -640,7 +640,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from,
extern struct sk_buff *__alloc_skb(unsigned int size,
gfp_t priority, int flags, int node);
extern struct sk_buff *build_skb(void *data, unsigned int frag_size);
@@ -72891,7 +74978,7 @@ index 1f2803c..4858a3d 100644
gfp_t priority)
{
return __alloc_skb(size, priority, 0, NUMA_NO_NODE);
-@@ -709,7 +709,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
+@@ -756,7 +756,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb)
*/
static inline int skb_queue_empty(const struct sk_buff_head *list)
{
@@ -72900,7 +74987,7 @@ index 1f2803c..4858a3d 100644
}
/**
-@@ -722,7 +722,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list)
+@@ -769,7 +769,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list)
static inline bool skb_queue_is_last(const struct sk_buff_head *list,
const struct sk_buff *skb)
{
@@ -72909,7 +74996,7 @@ index 1f2803c..4858a3d 100644
}
/**
-@@ -735,7 +735,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list,
+@@ -782,7 +782,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list,
static inline bool skb_queue_is_first(const struct sk_buff_head *list,
const struct sk_buff *skb)
{
@@ -72918,7 +75005,7 @@ index 1f2803c..4858a3d 100644
}
/**
-@@ -1756,7 +1756,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
+@@ -1848,7 +1848,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len)
* NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8)
*/
#ifndef NET_SKB_PAD
@@ -72927,7 +75014,7 @@ index 1f2803c..4858a3d 100644
#endif
extern int ___pskb_trim(struct sk_buff *skb, unsigned int len);
-@@ -2351,7 +2351,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
+@@ -2443,7 +2443,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags,
int noblock, int *err);
extern unsigned int datagram_poll(struct file *file, struct socket *sock,
struct poll_table_struct *wait);
@@ -72936,7 +75023,7 @@ index 1f2803c..4858a3d 100644
int offset, struct iovec *to,
int size);
extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb,
-@@ -2641,6 +2641,9 @@ static inline void nf_reset(struct sk_buff *skb)
+@@ -2733,6 +2733,9 @@ static inline void nf_reset(struct sk_buff *skb)
nf_bridge_put(skb->nf_bridge);
skb->nf_bridge = NULL;
#endif
@@ -72947,10 +75034,10 @@ index 1f2803c..4858a3d 100644
static inline void nf_reset_trace(struct sk_buff *skb)
diff --git a/include/linux/slab.h b/include/linux/slab.h
-index 5d168d7..720bff3 100644
+index 0c62175..f016ac1 100644
--- a/include/linux/slab.h
+++ b/include/linux/slab.h
-@@ -12,13 +12,20 @@
+@@ -12,15 +12,29 @@
#include <linux/gfp.h>
#include <linux/types.h>
#include <linux/workqueue.h>
@@ -72971,8 +75058,17 @@ index 5d168d7..720bff3 100644
+
#define SLAB_RED_ZONE 0x00000400UL /* DEBUG: Red zone objs in a cache */
#define SLAB_POISON 0x00000800UL /* DEBUG: Poison objects */
++
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++#define SLAB_NO_SANITIZE 0x00001000UL /* PaX: Do not sanitize objs on free */
++#else
++#define SLAB_NO_SANITIZE 0x00000000UL
++#endif
++
#define SLAB_HWCACHE_ALIGN 0x00002000UL /* Align objs on cache lines */
-@@ -89,10 +96,13 @@
+ #define SLAB_CACHE_DMA 0x00004000UL /* Use GFP_DMA memory */
+ #define SLAB_STORE_USER 0x00010000UL /* DEBUG: Store the last owner for bug hunting */
+@@ -89,10 +103,13 @@
* ZERO_SIZE_PTR can be passed to kfree though in the same way that NULL can.
* Both make kfree a no-op.
*/
@@ -72987,9 +75083,18 @@ index 5d168d7..720bff3 100644
- (unsigned long)ZERO_SIZE_PTR)
+#define ZERO_OR_NULL_PTR(x) ((unsigned long)(x) - 1 >= (unsigned long)ZERO_SIZE_PTR - 1)
+
+ struct mem_cgroup;
+@@ -132,6 +149,8 @@ void * __must_check krealloc(const void *, size_t, gfp_t);
+ void kfree(const void *);
+ void kzfree(const void *);
+ size_t ksize(const void *);
++const char *check_heap_object(const void *ptr, unsigned long n);
++bool is_usercopy_object(const void *ptr);
+
/*
- * Common fields provided in kmem_cache by all slab allocators
-@@ -112,7 +122,7 @@ struct kmem_cache {
+ * Some archs want to perform DMA into kmalloc caches and need a guaranteed
+@@ -164,7 +183,7 @@ struct kmem_cache {
unsigned int align; /* Alignment as calculated */
unsigned long flags; /* Active flags on the slab */
const char *name; /* Slab name for sysfs */
@@ -72998,16 +75103,27 @@ index 5d168d7..720bff3 100644
void (*ctor)(void *); /* Called on object slot creation */
struct list_head list; /* List of all slab caches on the system */
};
-@@ -232,6 +242,8 @@ void * __must_check krealloc(const void *, size_t, gfp_t);
- void kfree(const void *);
- void kzfree(const void *);
- size_t ksize(const void *);
-+const char *check_heap_object(const void *ptr, unsigned long n);
-+bool is_usercopy_object(const void *ptr);
+@@ -226,6 +245,10 @@ extern struct kmem_cache *kmalloc_caches[KMALLOC_SHIFT_HIGH + 1];
+ extern struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1];
+ #endif
++#ifdef CONFIG_PAX_USERCOPY_SLABS
++extern struct kmem_cache *kmalloc_usercopy_caches[KMALLOC_SHIFT_HIGH + 1];
++#endif
++
/*
- * Allocator specific definitions. These are mainly used to establish optimized
-@@ -311,6 +323,7 @@ size_t ksize(const void *);
+ * Figure out which kmalloc slab an allocation of a certain size
+ * belongs to.
+@@ -234,7 +257,7 @@ extern struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1];
+ * 2 = 120 .. 192 bytes
+ * n = 2^(n-1) .. 2^n -1
+ */
+-static __always_inline int kmalloc_index(size_t size)
++static __always_inline __size_overflow(1) int kmalloc_index(size_t size)
+ {
+ if (!size)
+ return 0;
+@@ -406,6 +429,7 @@ void print_slabinfo_header(struct seq_file *m);
* for general use, and so are not documented here. For a full list of
* potential flags, always refer to linux/gfp.h.
*/
@@ -73015,7 +75131,7 @@ index 5d168d7..720bff3 100644
static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags)
{
if (size != 0 && n > SIZE_MAX / size)
-@@ -370,7 +383,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep,
+@@ -465,7 +489,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep,
#if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \
(defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) || \
(defined(CONFIG_SLOB) && defined(CONFIG_TRACING))
@@ -73024,7 +75140,7 @@ index 5d168d7..720bff3 100644
#define kmalloc_track_caller(size, flags) \
__kmalloc_track_caller(size, flags, _RET_IP_)
#else
-@@ -390,7 +403,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long);
+@@ -485,7 +509,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long);
#if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \
(defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) || \
(defined(CONFIG_SLOB) && defined(CONFIG_TRACING))
@@ -73034,10 +75150,10 @@ index 5d168d7..720bff3 100644
__kmalloc_node_track_caller(size, flags, node, \
_RET_IP_)
diff --git a/include/linux/slab_def.h b/include/linux/slab_def.h
-index 8bb6e0e..8eb0dbe 100644
+index cd40158..4e2f7af 100644
--- a/include/linux/slab_def.h
+++ b/include/linux/slab_def.h
-@@ -52,7 +52,7 @@ struct kmem_cache {
+@@ -50,7 +50,7 @@ struct kmem_cache {
/* 4) cache creation/removal */
const char *name;
struct list_head list;
@@ -73046,7 +75162,7 @@ index 8bb6e0e..8eb0dbe 100644
int object_size;
int align;
-@@ -68,10 +68,10 @@ struct kmem_cache {
+@@ -66,10 +66,14 @@ struct kmem_cache {
unsigned long node_allocs;
unsigned long node_frees;
unsigned long node_overflow;
@@ -73058,20 +75174,15 @@ index 8bb6e0e..8eb0dbe 100644
+ atomic_unchecked_t allocmiss;
+ atomic_unchecked_t freehit;
+ atomic_unchecked_t freemiss;
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++ atomic_unchecked_t sanitized;
++ atomic_unchecked_t not_sanitized;
++#endif
/*
* If debugging is enabled, then the allocator can add additional
-@@ -111,11 +111,16 @@ struct cache_sizes {
- #ifdef CONFIG_ZONE_DMA
- struct kmem_cache *cs_dmacachep;
- #endif
-+
-+#ifdef CONFIG_PAX_USERCOPY_SLABS
-+ struct kmem_cache *cs_usercopycachep;
-+#endif
-+
+@@ -103,7 +107,7 @@ struct kmem_cache {
};
- extern struct cache_sizes malloc_sizes[];
void *kmem_cache_alloc(struct kmem_cache *, gfp_t);
-void *__kmalloc(size_t size, gfp_t flags);
@@ -73079,21 +75190,21 @@ index 8bb6e0e..8eb0dbe 100644
#ifdef CONFIG_TRACING
extern void *kmem_cache_alloc_trace(struct kmem_cache *, gfp_t, size_t);
-@@ -152,6 +157,13 @@ found:
- cachep = malloc_sizes[i].cs_dmacachep;
+@@ -136,6 +140,13 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags)
+ cachep = kmalloc_dma_caches[i];
else
#endif
+
+#ifdef CONFIG_PAX_USERCOPY_SLABS
+ if (flags & GFP_USERCOPY)
-+ cachep = malloc_sizes[i].cs_usercopycachep;
++ cachep = kmalloc_usercopy_caches[i];
+ else
+#endif
+
- cachep = malloc_sizes[i].cs_cachep;
+ cachep = kmalloc_caches[i];
ret = kmem_cache_alloc_trace(cachep, flags, size);
-@@ -162,7 +174,7 @@ found:
+@@ -146,7 +157,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags)
}
#ifdef CONFIG_NUMA
@@ -73102,18 +75213,18 @@ index 8bb6e0e..8eb0dbe 100644
extern void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node);
#ifdef CONFIG_TRACING
-@@ -205,6 +217,13 @@ found:
- cachep = malloc_sizes[i].cs_dmacachep;
+@@ -185,6 +196,13 @@ static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node)
+ cachep = kmalloc_dma_caches[i];
else
#endif
+
+#ifdef CONFIG_PAX_USERCOPY_SLABS
+ if (flags & GFP_USERCOPY)
-+ cachep = malloc_sizes[i].cs_usercopycachep;
++ cachep = kmalloc_usercopy_caches[i];
+ else
+#endif
+
- cachep = malloc_sizes[i].cs_cachep;
+ cachep = kmalloc_caches[i];
return kmem_cache_alloc_node_trace(cachep, flags, node, size);
diff --git a/include/linux/slob_def.h b/include/linux/slob_def.h
@@ -73139,10 +75250,10 @@ index f28e14a..7831211 100644
return kmalloc(size, flags);
}
diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h
-index 9db4825..ed42fb5 100644
+index 027276f..092bfe8 100644
--- a/include/linux/slub_def.h
+++ b/include/linux/slub_def.h
-@@ -91,7 +91,7 @@ struct kmem_cache {
+@@ -80,7 +80,7 @@ struct kmem_cache {
struct kmem_cache_order_objects max;
struct kmem_cache_order_objects min;
gfp_t allocflags; /* gfp flags to use on each alloc */
@@ -73151,17 +75262,8 @@ index 9db4825..ed42fb5 100644
void (*ctor)(void *);
int inuse; /* Offset to metadata */
int align; /* Alignment */
-@@ -156,7 +156,7 @@ extern struct kmem_cache *kmalloc_caches[SLUB_PAGE_SHIFT];
- * Sorry that the following has to be that ugly but some versions of GCC
- * have trouble with constant propagation and loops.
- */
--static __always_inline int kmalloc_index(size_t size)
-+static __always_inline __size_overflow(1) int kmalloc_index(size_t size)
- {
- if (!size)
- return 0;
-@@ -221,7 +221,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size)
- }
+@@ -105,7 +105,7 @@ struct kmem_cache {
+ };
void *kmem_cache_alloc(struct kmem_cache *, gfp_t);
-void *__kmalloc(size_t size, gfp_t flags);
@@ -73169,7 +75271,7 @@ index 9db4825..ed42fb5 100644
static __always_inline void *
kmalloc_order(size_t size, gfp_t flags, unsigned int order)
-@@ -265,7 +265,7 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order)
+@@ -149,7 +149,7 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order)
}
#endif
@@ -73178,7 +75280,7 @@ index 9db4825..ed42fb5 100644
{
unsigned int order = get_order(size);
return kmalloc_order_trace(size, flags, order);
-@@ -290,7 +290,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags)
+@@ -175,7 +175,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags)
}
#ifdef CONFIG_NUMA
@@ -73187,11 +75289,25 @@ index 9db4825..ed42fb5 100644
void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node);
#ifdef CONFIG_TRACING
+diff --git a/include/linux/smp.h b/include/linux/smp.h
+index c848876..11e8a84 100644
+--- a/include/linux/smp.h
++++ b/include/linux/smp.h
+@@ -221,7 +221,9 @@ static inline void kick_all_cpus_sync(void) { }
+ #endif
+
+ #define get_cpu() ({ preempt_disable(); smp_processor_id(); })
++#define raw_get_cpu() ({ raw_preempt_disable(); raw_smp_processor_id(); })
+ #define put_cpu() preempt_enable()
++#define raw_put_cpu_no_resched() raw_preempt_enable_no_resched()
+
+ /*
+ * Callback to arch code if there's nosmp or maxcpus=0 on the
diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h
-index e8d702e..0a56eb4 100644
+index 54f91d3..be2c379 100644
--- a/include/linux/sock_diag.h
+++ b/include/linux/sock_diag.h
-@@ -10,7 +10,7 @@ struct sock;
+@@ -11,7 +11,7 @@ struct sock;
struct sock_diag_handler {
__u8 family;
int (*dump)(struct sk_buff *skb, struct nlmsghdr *nlh);
@@ -73248,7 +75364,7 @@ index 07d8e53..dc934c9 100644
#endif /* _LINUX_SUNRPC_ADDR_H */
diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h
-index 2cf4ffa..470d140 100644
+index bfe11be..12bc8c4 100644
--- a/include/linux/sunrpc/clnt.h
+++ b/include/linux/sunrpc/clnt.h
@@ -96,7 +96,7 @@ struct rpc_procinfo {
@@ -73330,10 +75446,25 @@ index a5ffd32..0935dea 100644
extern dma_addr_t swiotlb_map_page(struct device *dev, struct page *page,
unsigned long offset, size_t size,
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
-index 313a8e0..6b273a9 100644
+index 4147d70..d356a10 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
-@@ -418,11 +418,11 @@ asmlinkage long sys_sync(void);
+@@ -97,8 +97,12 @@ struct sigaltstack;
+ #define __MAP(n,...) __MAP##n(__VA_ARGS__)
+
+ #define __SC_DECL(t, a) t a
+-#define __TYPE_IS_LL(t) (__same_type((t)0, 0LL) || __same_type((t)0, 0ULL))
+-#define __SC_LONG(t, a) __typeof(__builtin_choose_expr(__TYPE_IS_LL(t), 0LL, 0L)) a
++#define __TYPE_IS_SL(t) (__same_type((t)0, 0L))
++#define __TYPE_IS_UL(t) (__same_type((t)0, 0UL))
++#define __TYPE_IS_SLL(t) (__same_type((t)0, 0LL))
++#define __TYPE_IS_ULL(t) (__same_type((t)0, 0ULL))
++#define __TYPE_IS_LL(t) (__TYPE_IS_SLL(t) || __TYPE_IS_ULL(t))
++#define __SC_LONG(t, a) __typeof(__builtin_choose_expr(__TYPE_IS_LL(t), __builtin_choose_expr(__TYPE_IS_ULL(t), 0ULL, 0LL), __builtin_choose_expr(__TYPE_IS_UL(t), 0UL, 0L))) a
+ #define __SC_CAST(t, a) (t) a
+ #define __SC_ARGS(t, a) a
+ #define __SC_TEST(t, a) (void)BUILD_BUG_ON_ZERO(!__TYPE_IS_LL(t) && sizeof(t) > sizeof(long))
+@@ -362,11 +366,11 @@ asmlinkage long sys_sync(void);
asmlinkage long sys_fsync(unsigned int fd);
asmlinkage long sys_fdatasync(unsigned int fd);
asmlinkage long sys_bdflush(int func, long data);
@@ -73349,7 +75480,7 @@ index 313a8e0..6b273a9 100644
asmlinkage long sys_truncate(const char __user *path, long length);
asmlinkage long sys_ftruncate(unsigned int fd, unsigned long length);
asmlinkage long sys_stat(const char __user *filename,
-@@ -634,7 +634,7 @@ asmlinkage long sys_getsockname(int, struct sockaddr __user *, int __user *);
+@@ -578,7 +582,7 @@ asmlinkage long sys_getsockname(int, struct sockaddr __user *, int __user *);
asmlinkage long sys_getpeername(int, struct sockaddr __user *, int __user *);
asmlinkage long sys_send(int, void __user *, size_t, unsigned);
asmlinkage long sys_sendto(int, void __user *, size_t, unsigned,
@@ -73479,7 +75610,7 @@ index e7e0473..7989295 100644
#endif /* _LINUX_THREAD_INFO_H */
diff --git a/include/linux/tty.h b/include/linux/tty.h
-index c75d886..04cb148 100644
+index 8780bd2..d1ae08b 100644
--- a/include/linux/tty.h
+++ b/include/linux/tty.h
@@ -194,7 +194,7 @@ struct tty_port {
@@ -73491,7 +75622,7 @@ index c75d886..04cb148 100644
wait_queue_head_t open_wait; /* Open waiters */
wait_queue_head_t close_wait; /* Close waiters */
wait_queue_head_t delta_msr_wait; /* Modem status change */
-@@ -515,7 +515,7 @@ extern int tty_port_open(struct tty_port *port,
+@@ -550,7 +550,7 @@ extern int tty_port_open(struct tty_port *port,
struct tty_struct *tty, struct file *filp);
static inline int tty_port_users(struct tty_port *port)
{
@@ -73514,13 +75645,13 @@ index 756a609..b302dd6 100644
struct tty_driver {
int magic; /* magic number for this structure */
diff --git a/include/linux/tty_ldisc.h b/include/linux/tty_ldisc.h
-index 455a0d7..bf97ff5 100644
+index 58390c7..95e214c 100644
--- a/include/linux/tty_ldisc.h
+++ b/include/linux/tty_ldisc.h
@@ -146,7 +146,7 @@ struct tty_ldisc_ops {
struct module *owner;
-
+
- int refcount;
+ atomic_t refcount;
};
@@ -73642,10 +75773,10 @@ index 99c1b4d..562e6f3 100644
static inline void put_unaligned_le16(u16 val, void *p)
diff --git a/include/linux/usb.h b/include/linux/usb.h
-index 4d22d0f..8d0e8f8 100644
+index a0bee5a..5533a52 100644
--- a/include/linux/usb.h
+++ b/include/linux/usb.h
-@@ -554,7 +554,7 @@ struct usb_device {
+@@ -552,7 +552,7 @@ struct usb_device {
int maxchild;
u32 quirks;
@@ -73654,7 +75785,7 @@ index 4d22d0f..8d0e8f8 100644
unsigned long active_duration;
-@@ -1604,7 +1604,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in,
+@@ -1607,7 +1607,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in,
extern int usb_control_msg(struct usb_device *dev, unsigned int pipe,
__u8 request, __u8 requesttype, __u16 value, __u16 index,
@@ -73664,7 +75795,7 @@ index 4d22d0f..8d0e8f8 100644
void *data, int len, int *actual_length, int timeout);
extern int usb_bulk_msg(struct usb_device *usb_dev, unsigned int pipe,
diff --git a/include/linux/usb/renesas_usbhs.h b/include/linux/usb/renesas_usbhs.h
-index c5d36c6..108f4f9 100644
+index e452ba6..78f8e80 100644
--- a/include/linux/usb/renesas_usbhs.h
+++ b/include/linux/usb/renesas_usbhs.h
@@ -39,7 +39,7 @@ enum {
@@ -73718,10 +75849,10 @@ index 6f8fbcf..8259001 100644
+ MODULE_GRSEC
diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h
-index 6071e91..4c73b47 100644
+index 7d5773a..541c01c 100644
--- a/include/linux/vmalloc.h
+++ b/include/linux/vmalloc.h
-@@ -14,6 +14,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */
+@@ -16,6 +16,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */
#define VM_USERMAP 0x00000008 /* suitable for remap_vmalloc_range */
#define VM_VPAGES 0x00000010 /* buffer for pages was vmalloc'ed */
#define VM_UNLIST 0x00000020 /* vm_struct is not listed in vmlist */
@@ -73733,7 +75864,7 @@ index 6071e91..4c73b47 100644
/* bits [20..32] reserved for arch specific ioremap internals */
/*
-@@ -62,7 +67,7 @@ extern void *vmalloc_32_user(unsigned long size);
+@@ -75,7 +80,7 @@ extern void *vmalloc_32_user(unsigned long size);
extern void *__vmalloc(unsigned long size, gfp_t gfp_mask, pgprot_t prot);
extern void *__vmalloc_node_range(unsigned long size, unsigned long align,
unsigned long start, unsigned long end, gfp_t gfp_mask,
@@ -73742,7 +75873,7 @@ index 6071e91..4c73b47 100644
extern void vfree(const void *addr);
extern void *vmap(struct page **pages, unsigned int count,
-@@ -124,8 +129,8 @@ extern struct vm_struct *alloc_vm_area(size_t size, pte_t **ptes);
+@@ -137,8 +142,8 @@ extern struct vm_struct *alloc_vm_area(size_t size, pte_t **ptes);
extern void free_vm_area(struct vm_struct *area);
/* for /dev/kmem */
@@ -73754,10 +75885,10 @@ index 6071e91..4c73b47 100644
/*
* Internals. Dont't use..
diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h
-index 5fd71a7..e5ef9a9 100644
+index c586679..f06b389 100644
--- a/include/linux/vmstat.h
+++ b/include/linux/vmstat.h
-@@ -95,18 +95,18 @@ static inline void vm_events_fold_cpu(int cpu)
+@@ -90,18 +90,18 @@ static inline void vm_events_fold_cpu(int cpu)
/*
* Zone based page accounting with per cpu differentials.
*/
@@ -73780,7 +75911,7 @@ index 5fd71a7..e5ef9a9 100644
#ifdef CONFIG_SMP
if (x < 0)
x = 0;
-@@ -117,7 +117,7 @@ static inline unsigned long global_page_state(enum zone_stat_item item)
+@@ -112,7 +112,7 @@ static inline unsigned long global_page_state(enum zone_stat_item item)
static inline unsigned long zone_page_state(struct zone *zone,
enum zone_stat_item item)
{
@@ -73789,7 +75920,7 @@ index 5fd71a7..e5ef9a9 100644
#ifdef CONFIG_SMP
if (x < 0)
x = 0;
-@@ -134,7 +134,7 @@ static inline unsigned long zone_page_state(struct zone *zone,
+@@ -129,7 +129,7 @@ static inline unsigned long zone_page_state(struct zone *zone,
static inline unsigned long zone_page_state_snapshot(struct zone *zone,
enum zone_stat_item item)
{
@@ -73798,7 +75929,7 @@ index 5fd71a7..e5ef9a9 100644
#ifdef CONFIG_SMP
int cpu;
-@@ -226,8 +226,8 @@ static inline void __mod_zone_page_state(struct zone *zone,
+@@ -221,8 +221,8 @@ static inline void __mod_zone_page_state(struct zone *zone,
static inline void __inc_zone_state(struct zone *zone, enum zone_stat_item item)
{
@@ -73809,7 +75940,7 @@ index 5fd71a7..e5ef9a9 100644
}
static inline void __inc_zone_page_state(struct page *page,
-@@ -238,8 +238,8 @@ static inline void __inc_zone_page_state(struct page *page,
+@@ -233,8 +233,8 @@ static inline void __inc_zone_page_state(struct page *page,
static inline void __dec_zone_state(struct zone *zone, enum zone_stat_item item)
{
@@ -73877,18 +76008,6 @@ index 95d1c91..6798cca 100644
/*
* Newer version of video_device, handled by videodev2.c
-diff --git a/include/media/v4l2-ioctl.h b/include/media/v4l2-ioctl.h
-index 4118ad1..cb7e25f 100644
---- a/include/media/v4l2-ioctl.h
-+++ b/include/media/v4l2-ioctl.h
-@@ -284,7 +284,6 @@ struct v4l2_ioctl_ops {
- bool valid_prio, int cmd, void *arg);
- };
-
--
- /* v4l debugging and diagnostics */
-
- /* Debug bitmask flags to be used on V4L2 */
diff --git a/include/net/9p/transport.h b/include/net/9p/transport.h
index adcbb20..62c2559 100644
--- a/include/net/9p/transport.h
@@ -73902,22 +76021,8 @@ index adcbb20..62c2559 100644
void v9fs_register_trans(struct p9_trans_module *m);
void v9fs_unregister_trans(struct p9_trans_module *m);
-diff --git a/include/net/addrconf.h b/include/net/addrconf.h
-index 84a6440..dbc6db7 100644
---- a/include/net/addrconf.h
-+++ b/include/net/addrconf.h
-@@ -86,6 +86,9 @@ extern int ipv6_dev_get_saddr(struct net *net,
- const struct in6_addr *daddr,
- unsigned int srcprefs,
- struct in6_addr *saddr);
-+extern int __ipv6_get_lladdr(struct inet6_dev *idev,
-+ struct in6_addr *addr,
-+ unsigned char banned_flags);
- extern int ipv6_get_lladdr(struct net_device *dev,
- struct in6_addr *addr,
- unsigned char banned_flags);
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
-index cdd3302..76f8ede 100644
+index fb94cf1..7c0c987 100644
--- a/include/net/bluetooth/l2cap.h
+++ b/include/net/bluetooth/l2cap.h
@@ -551,7 +551,7 @@ struct l2cap_ops {
@@ -73930,7 +76035,7 @@ index cdd3302..76f8ede 100644
struct l2cap_conn {
struct hci_conn *hcon;
diff --git a/include/net/caif/cfctrl.h b/include/net/caif/cfctrl.h
-index 9e5425b..8136ffc 100644
+index f2ae33d..c457cf0 100644
--- a/include/net/caif/cfctrl.h
+++ b/include/net/caif/cfctrl.h
@@ -52,7 +52,7 @@ struct cfctrl_rsp {
@@ -73966,10 +76071,10 @@ index 628e11b..4c475df 100644
#endif
diff --git a/include/net/genetlink.h b/include/net/genetlink.h
-index bdfbe68..4402ebe 100644
+index 93024a4..eeb6b6e 100644
--- a/include/net/genetlink.h
+++ b/include/net/genetlink.h
-@@ -118,7 +118,7 @@ struct genl_ops {
+@@ -119,7 +119,7 @@ struct genl_ops {
struct netlink_callback *cb);
int (*done)(struct netlink_callback *cb);
struct list_head ops_list;
@@ -73992,7 +76097,7 @@ index 734d9b5..48a9a4b 100644
return;
}
diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h
-index 1832927..ce39aea 100644
+index de2c785..0588a6b 100644
--- a/include/net/inet_connection_sock.h
+++ b/include/net/inet_connection_sock.h
@@ -62,7 +62,7 @@ struct inet_connection_sock_af_ops {
@@ -74060,10 +76165,10 @@ index e49db91..76a81de 100644
fib_info_update_nh_saddr((net), &FIB_RES_NH(res)))
#define FIB_RES_GW(res) (FIB_RES_NH(res).nh_gw)
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
-index fce8e6b..3ca4916 100644
+index 4c062cc..3562c31 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
-@@ -599,7 +599,7 @@ struct ip_vs_conn {
+@@ -612,7 +612,7 @@ struct ip_vs_conn {
struct ip_vs_conn *control; /* Master control connection */
atomic_t n_control; /* Number of controlled ones */
struct ip_vs_dest *dest; /* real server */
@@ -74072,7 +76177,7 @@ index fce8e6b..3ca4916 100644
/* packet transmitter for different forwarding methods. If it
mangles the packet, it must return NF_DROP or better NF_STOLEN,
-@@ -737,7 +737,7 @@ struct ip_vs_dest {
+@@ -761,7 +761,7 @@ struct ip_vs_dest {
__be16 port; /* port number of the server */
union nf_inet_addr addr; /* IP address of the server */
volatile unsigned int flags; /* dest status flags */
@@ -74081,7 +76186,7 @@ index fce8e6b..3ca4916 100644
atomic_t weight; /* server weight */
atomic_t refcnt; /* reference counter */
-@@ -981,11 +981,11 @@ struct netns_ipvs {
+@@ -1013,11 +1013,11 @@ struct netns_ipvs {
/* ip_vs_lblc */
int sysctl_lblc_expiration;
struct ctl_table_header *lblc_ctl_header;
@@ -74188,10 +76293,10 @@ index 567c681..cd73ac0 100644
struct llc_sap_state {
u8 curr_state;
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
-index f7eba13..91ed983 100644
+index 885898a..cdace34 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
-@@ -4119,7 +4119,7 @@ struct rate_control_ops {
+@@ -4205,7 +4205,7 @@ struct rate_control_ops {
void (*add_sta_debugfs)(void *priv, void *priv_sta,
struct dentry *dir);
void (*remove_sta_debugfs)(void *priv, void *priv_sta);
@@ -74214,10 +76319,10 @@ index 7e748ad..5c6229b 100644
struct pneigh_entry {
struct pneigh_entry *next;
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
-index de644bc..dfbcc4c 100644
+index b176978..ea169f4 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
-@@ -115,7 +115,7 @@ struct net {
+@@ -117,7 +117,7 @@ struct net {
#endif
struct netns_ipvs *ipvs;
struct sock *diag_nlsk;
@@ -74226,7 +76331,7 @@ index de644bc..dfbcc4c 100644
};
/*
-@@ -272,7 +272,11 @@ static inline struct net *read_pnet(struct net * const *pnet)
+@@ -274,7 +274,11 @@ static inline struct net *read_pnet(struct net * const *pnet)
#define __net_init __init
#define __net_exit __exit_refok
#define __net_initdata __initdata
@@ -74238,7 +76343,7 @@ index de644bc..dfbcc4c 100644
#endif
struct pernet_operations {
-@@ -282,7 +286,7 @@ struct pernet_operations {
+@@ -284,7 +288,7 @@ struct pernet_operations {
void (*exit_batch)(struct list_head *net_exit_list);
int *id;
size_t size;
@@ -74247,7 +76352,7 @@ index de644bc..dfbcc4c 100644
/*
* Use these carefully. If you implement a network device and it
-@@ -330,12 +334,12 @@ static inline void unregister_net_sysctl_table(struct ctl_table_header *header)
+@@ -332,12 +336,12 @@ static inline void unregister_net_sysctl_table(struct ctl_table_header *header)
static inline int rt_genid(struct net *net)
{
@@ -74327,6 +76432,19 @@ index 2ba9de8..47bd6c7 100644
#ifdef CONFIG_IP_MROUTE
#ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES
+diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h
+index 005e2c2..023d340 100644
+--- a/include/net/netns/ipv6.h
++++ b/include/net/netns/ipv6.h
+@@ -71,7 +71,7 @@ struct netns_ipv6 {
+ struct fib_rules_ops *mr6_rules_ops;
+ #endif
+ #endif
+- atomic_t dev_addr_genid;
++ atomic_unchecked_t dev_addr_genid;
+ };
+
+ #if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
diff --git a/include/net/protocol.h b/include/net/protocol.h
index 047c047..b9dad15 100644
--- a/include/net/protocol.h
@@ -74350,7 +76468,7 @@ index 047c047..b9dad15 100644
#define INET6_PROTO_NOPOLICY 0x1
#define INET6_PROTO_FINAL 0x2
diff --git a/include/net/rtnetlink.h b/include/net/rtnetlink.h
-index 5a15fab..d799ea7 100644
+index 7026648..584cc8c 100644
--- a/include/net/rtnetlink.h
+++ b/include/net/rtnetlink.h
@@ -81,7 +81,7 @@ struct rtnl_link_ops {
@@ -74363,7 +76481,7 @@ index 5a15fab..d799ea7 100644
extern int __rtnl_link_register(struct rtnl_link_ops *ops);
extern void __rtnl_link_unregister(struct rtnl_link_ops *ops);
diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
-index df85a0c..19ac300 100644
+index cd89510..d67810f 100644
--- a/include/net/sctp/sctp.h
+++ b/include/net/sctp/sctp.h
@@ -330,9 +330,9 @@ do { \
@@ -74402,10 +76520,10 @@ index 2a82d13..62a31c2 100644
/* Get the size of a DATA chunk payload. */
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
-index 0e0f9d2..cd05ebb 100644
+index 1bd4c41..9250b5b 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
-@@ -517,7 +517,7 @@ struct sctp_pf {
+@@ -516,7 +516,7 @@ struct sctp_pf {
struct sctp_association *asoc);
void (*addr_v4map) (struct sctp_sock *, union sctp_addr *);
struct sctp_af *af;
@@ -74414,20 +76532,8 @@ index 0e0f9d2..cd05ebb 100644
/* Structure to track chunk fragments that have been acked, but peer
-diff --git a/include/net/secure_seq.h b/include/net/secure_seq.h
-index c2e542b..6ca975b 100644
---- a/include/net/secure_seq.h
-+++ b/include/net/secure_seq.h
-@@ -3,6 +3,7 @@
-
- #include <linux/types.h>
-
-+extern void net_secret_init(void);
- extern __u32 secure_ip_id(__be32 daddr);
- extern __u32 secure_ipv6_id(const __be32 daddr[4]);
- extern u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport);
diff --git a/include/net/sock.h b/include/net/sock.h
-index 0be480a..586232f 100644
+index 66772cf..25bc45b 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -325,7 +325,7 @@ struct sock {
@@ -74439,7 +76545,7 @@ index 0be480a..586232f 100644
int sk_rcvbuf;
struct sk_filter __rcu *sk_filter;
-@@ -1796,7 +1796,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
+@@ -1797,7 +1797,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags)
}
static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb,
@@ -74448,7 +76554,7 @@ index 0be480a..586232f 100644
int copy, int offset)
{
if (skb->ip_summed == CHECKSUM_NONE) {
-@@ -2055,7 +2055,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
+@@ -2056,7 +2056,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
}
}
@@ -74458,10 +76564,10 @@ index 0be480a..586232f 100644
/**
* sk_page_frag - return an appropriate page_frag
diff --git a/include/net/tcp.h b/include/net/tcp.h
-index a345480..3c65cf4 100644
+index 5bba80f..8520a82 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
-@@ -529,7 +529,7 @@ extern void tcp_retransmit_timer(struct sock *sk);
+@@ -524,7 +524,7 @@ extern void tcp_retransmit_timer(struct sock *sk);
extern void tcp_xmit_retransmit_queue(struct sock *);
extern void tcp_simple_retransmit(struct sock *);
extern int tcp_trim_head(struct sock *, struct sk_buff *, u32);
@@ -74470,7 +76576,7 @@ index a345480..3c65cf4 100644
extern void tcp_send_probe0(struct sock *);
extern void tcp_send_partial(struct sock *);
-@@ -700,8 +700,8 @@ struct tcp_skb_cb {
+@@ -697,8 +697,8 @@ struct tcp_skb_cb {
struct inet6_skb_parm h6;
#endif
} header; /* For incoming frames */
@@ -74481,7 +76587,7 @@ index a345480..3c65cf4 100644
__u32 when; /* used to compute rtt's */
__u8 tcp_flags; /* TCP header flags. (tcp[13]) */
-@@ -715,7 +715,7 @@ struct tcp_skb_cb {
+@@ -712,7 +712,7 @@ struct tcp_skb_cb {
__u8 ip_dsfield; /* IPv4 tos or IPv6 dsfield */
/* 1 byte hole */
@@ -74490,23 +76596,11 @@ index a345480..3c65cf4 100644
};
#define TCP_SKB_CB(__skb) ((struct tcp_skb_cb *)&((__skb)->cb[0]))
-diff --git a/include/net/udp.h b/include/net/udp.h
-index 065f379..ad99eed 100644
---- a/include/net/udp.h
-+++ b/include/net/udp.h
-@@ -181,6 +181,7 @@ extern int udp_get_port(struct sock *sk, unsigned short snum,
- extern void udp_err(struct sk_buff *, u32);
- extern int udp_sendmsg(struct kiocb *iocb, struct sock *sk,
- struct msghdr *msg, size_t len);
-+extern int udp_push_pending_frames(struct sock *sk);
- extern void udp_flush_pending_frames(struct sock *sk);
- extern int udp_rcv(struct sk_buff *skb);
- extern int udp_ioctl(struct sock *sk, int cmd, unsigned long arg);
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
-index 24c8886..e6fb816 100644
+index 94ce082..62b278d 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
-@@ -304,7 +304,7 @@ struct xfrm_policy_afinfo {
+@@ -305,7 +305,7 @@ struct xfrm_policy_afinfo {
struct net_device *dev,
const struct flowi *fl);
struct dst_entry *(*blackhole_route)(struct net *net, struct dst_entry *orig);
@@ -74515,7 +76609,7 @@ index 24c8886..e6fb816 100644
extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo);
extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo);
-@@ -340,7 +340,7 @@ struct xfrm_state_afinfo {
+@@ -341,7 +341,7 @@ struct xfrm_state_afinfo {
struct sk_buff *skb);
int (*transport_finish)(struct sk_buff *skb,
int async);
@@ -74524,7 +76618,7 @@ index 24c8886..e6fb816 100644
extern int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo);
extern int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo);
-@@ -423,7 +423,7 @@ struct xfrm_mode {
+@@ -424,7 +424,7 @@ struct xfrm_mode {
struct module *owner;
unsigned int encap;
int flags;
@@ -74533,7 +76627,7 @@ index 24c8886..e6fb816 100644
/* Flags for xfrm_mode. */
enum {
-@@ -520,7 +520,7 @@ struct xfrm_policy {
+@@ -521,7 +521,7 @@ struct xfrm_policy {
struct timer_list timer;
struct flow_cache_object flo;
@@ -74577,7 +76671,7 @@ index e1379b4..67eafbe 100644
u8 qfull;
enum fc_lport_state state;
diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h
-index a7f9cba..b1f44d0 100644
+index cc64587..608f523 100644
--- a/include/scsi/scsi_device.h
+++ b/include/scsi/scsi_device.h
@@ -171,9 +171,9 @@ struct scsi_device {
@@ -74608,10 +76702,10 @@ index b797e8f..8e2c3aa 100644
/**
diff --git a/include/sound/compress_driver.h b/include/sound/compress_driver.h
-index ff6c741..393815f 100644
+index 9031a26..750d592 100644
--- a/include/sound/compress_driver.h
+++ b/include/sound/compress_driver.h
-@@ -130,7 +130,7 @@ struct snd_compr_ops {
+@@ -128,7 +128,7 @@ struct snd_compr_ops {
struct snd_compr_caps *caps);
int (*get_codec_caps) (struct snd_compr_stream *stream,
struct snd_compr_codec_caps *codec);
@@ -74621,10 +76715,10 @@ index ff6c741..393815f 100644
/**
* struct snd_compr: Compressed device
diff --git a/include/sound/soc.h b/include/sound/soc.h
-index a6a059c..2243336 100644
+index 85c1522..f44bad1 100644
--- a/include/sound/soc.h
+++ b/include/sound/soc.h
-@@ -771,7 +771,7 @@ struct snd_soc_codec_driver {
+@@ -781,7 +781,7 @@ struct snd_soc_codec_driver {
/* probe ordering - for components with runtime dependencies */
int probe_order;
int remove_order;
@@ -74633,7 +76727,7 @@ index a6a059c..2243336 100644
/* SoC platform interface */
struct snd_soc_platform_driver {
-@@ -817,7 +817,7 @@ struct snd_soc_platform_driver {
+@@ -827,7 +827,7 @@ struct snd_soc_platform_driver {
unsigned int (*read)(struct snd_soc_platform *, unsigned int);
int (*write)(struct snd_soc_platform *, unsigned int, unsigned int);
int (*bespoke_trigger)(struct snd_pcm_substream *, int);
@@ -74643,10 +76737,10 @@ index a6a059c..2243336 100644
struct snd_soc_platform {
const char *name;
diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h
-index f8640f3..b72d113 100644
+index 4ea4f98..a63629b 100644
--- a/include/target/target_core_base.h
+++ b/include/target/target_core_base.h
-@@ -658,7 +658,7 @@ struct se_device {
+@@ -653,7 +653,7 @@ struct se_device {
spinlock_t stats_lock;
/* Active commands on this virtual SE device */
atomic_t simple_cmds;
@@ -74826,7 +76920,7 @@ index d876736..ccce5c0 100644
#define __cpu_to_le64s(x) do { (void)(x); } while (0)
#define __le64_to_cpus(x) do { (void)(x); } while (0)
diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h
-index 8072d35..e77aeb8 100644
+index ef6103b..d4e65dd 100644
--- a/include/uapi/linux/elf.h
+++ b/include/uapi/linux/elf.h
@@ -37,6 +37,17 @@ typedef __s64 Elf64_Sxword;
@@ -74885,24 +76979,6 @@ index 8072d35..e77aeb8 100644
#define ELFMAG0 0x7f /* EI_MAG */
#define ELFMAG1 'E'
#define ELFMAG2 'L'
-diff --git a/include/uapi/linux/if_pppox.h b/include/uapi/linux/if_pppox.h
-index 0b46fd5..e36a4ae 100644
---- a/include/uapi/linux/if_pppox.h
-+++ b/include/uapi/linux/if_pppox.h
-@@ -135,11 +135,11 @@ struct pppoe_tag {
-
- struct pppoe_hdr {
- #if defined(__LITTLE_ENDIAN_BITFIELD)
-- __u8 ver : 4;
- __u8 type : 4;
-+ __u8 ver : 4;
- #elif defined(__BIG_ENDIAN_BITFIELD)
-- __u8 type : 4;
- __u8 ver : 4;
-+ __u8 type : 4;
- #else
- #error "Please fix <asm/byteorder.h>"
- #endif
diff --git a/include/uapi/linux/personality.h b/include/uapi/linux/personality.h
index aa169c4..6a2771d 100644
--- a/include/uapi/linux/personality.h
@@ -75023,10 +77099,10 @@ index 1a91850..28573f8 100644
void *pmi_pal;
u8 *vbe_state_orig; /*
diff --git a/init/Kconfig b/init/Kconfig
-index 5341d72..153f24f 100644
+index 2d9b831..ae4c8ac 100644
--- a/init/Kconfig
+++ b/init/Kconfig
-@@ -984,6 +984,7 @@ endif # CGROUPS
+@@ -1029,6 +1029,7 @@ endif # CGROUPS
config CHECKPOINT_RESTORE
bool "Checkpoint/restore support" if EXPERT
@@ -75034,7 +77110,7 @@ index 5341d72..153f24f 100644
default n
help
Enables additional kernel features in a sake of checkpoint/restore.
-@@ -1471,7 +1472,7 @@ config SLUB_DEBUG
+@@ -1516,7 +1517,7 @@ config SLUB_DEBUG
config COMPAT_BRK
bool "Disable heap randomization"
@@ -75043,7 +77119,7 @@ index 5341d72..153f24f 100644
help
Randomizing heap placement makes heap exploits harder, but it
also breaks ancient binaries (including anything libc5 based).
-@@ -1734,7 +1735,7 @@ config INIT_ALL_POSSIBLE
+@@ -1779,7 +1780,7 @@ config INIT_ALL_POSSIBLE
config STOP_MACHINE
bool
default y
@@ -75148,7 +77224,7 @@ index f5b978a..69dbfe8 100644
if (!S_ISBLK(stat.st_mode))
return 0;
diff --git a/init/do_mounts_initrd.c b/init/do_mounts_initrd.c
-index a32ec1c..60a6659 100644
+index 3e0878e..8a9d7a0 100644
--- a/init/do_mounts_initrd.c
+++ b/init/do_mounts_initrd.c
@@ -37,13 +37,13 @@ static int init_linuxrc(struct subprocess_info *info, struct cred *new)
@@ -75169,7 +77245,7 @@ index a32ec1c..60a6659 100644
sys_setsid();
return 0;
}
-@@ -58,8 +58,8 @@ static void __init handle_initrd(void)
+@@ -59,8 +59,8 @@ static void __init handle_initrd(void)
create_dev("/dev/root.old", Root_RAM0);
/* mount initrd on rootfs' /root */
mount_block_root("/dev/root.old", root_mountflags & ~MS_RDONLY);
@@ -75180,7 +77256,7 @@ index a32ec1c..60a6659 100644
/* try loading default modules from initrd */
load_default_modules();
-@@ -76,31 +76,31 @@ static void __init handle_initrd(void)
+@@ -80,31 +80,31 @@ static void __init handle_initrd(void)
current->flags &= ~PF_FREEZER_SKIP;
/* move initrd to rootfs' /old */
@@ -75219,7 +77295,7 @@ index a32ec1c..60a6659 100644
printk(KERN_NOTICE "Trying to free ramdisk memory ... ");
if (fd < 0) {
error = fd;
-@@ -123,11 +123,11 @@ int __init initrd_load(void)
+@@ -127,11 +127,11 @@ int __init initrd_load(void)
* mounted in the normal path.
*/
if (rd_load_image("/initrd.image") && ROOT_DEV != Root_RAM0) {
@@ -75400,10 +77476,10 @@ index a67ef9d..2d17ed9 100644
#ifdef CONFIG_BLK_DEV_RAM
int fd;
diff --git a/init/main.c b/init/main.c
-index 63534a1..85feae2 100644
+index 9484f4b..0eac7c3 100644
--- a/init/main.c
+++ b/init/main.c
-@@ -98,6 +98,8 @@ static inline void mark_rodata_ro(void) { }
+@@ -100,6 +100,8 @@ static inline void mark_rodata_ro(void) { }
extern void tc_init(void);
#endif
@@ -75412,7 +77488,7 @@ index 63534a1..85feae2 100644
/*
* Debug helper: via this flag we know that we are in 'early bootup code'
* where only the boot processor is running with IRQ disabled. This means
-@@ -151,6 +153,64 @@ static int __init set_reset_devices(char *str)
+@@ -153,6 +155,74 @@ static int __init set_reset_devices(char *str)
__setup("reset_devices", set_reset_devices);
@@ -75427,11 +77503,10 @@ index 63534a1..85feae2 100644
+#endif
+
+#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF)
-+unsigned long pax_user_shadow_base __read_only = 1UL << TASK_SIZE_MAX_SHIFT;
++unsigned long pax_user_shadow_base __read_only;
+EXPORT_SYMBOL(pax_user_shadow_base);
+extern char pax_enter_kernel_user[];
+extern char pax_exit_kernel_user[];
-+extern pgdval_t clone_pgd_mask;
+#endif
+
+#if defined(CONFIG_X86) && defined(CONFIG_PAX_MEMORY_UDEREF)
@@ -75456,11 +77531,22 @@ index 63534a1..85feae2 100644
+ memcpy(pax_exit_kernel_user, (unsigned char []){0xc3}, 1);
+ clone_pgd_mask = ~(pgdval_t)0UL;
+ pax_user_shadow_base = 0UL;
++ setup_clear_cpu_cap(X86_FEATURE_PCID);
+#endif
+
+ return 0;
+}
+early_param("pax_nouderef", setup_pax_nouderef);
++
++#ifdef CONFIG_X86_64
++static int __init setup_pax_weakuderef(char *str)
++{
++ if (clone_pgd_mask != ~(pgdval_t)0UL)
++ pax_user_shadow_base = 1UL << TASK_SIZE_MAX_SHIFT;
++ return 1;
++}
++__setup("pax_weakuderef", setup_pax_weakuderef);
++#endif
+#endif
+
+#ifdef CONFIG_PAX_SOFTMODE
@@ -75477,7 +77563,16 @@ index 63534a1..85feae2 100644
static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, };
const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
static const char *panic_later, *panic_param;
-@@ -683,6 +743,7 @@ int __init_or_module do_one_initcall(initcall_t fn)
+@@ -655,8 +725,6 @@ static void __init do_ctors(void)
+ bool initcall_debug;
+ core_param(initcall_debug, initcall_debug, bool, 0644);
+
+-static char msgbuf[64];
+-
+ static int __init_or_module do_one_initcall_debug(initcall_t fn)
+ {
+ ktime_t calltime, delta, rettime;
+@@ -679,23 +747,22 @@ int __init_or_module do_one_initcall(initcall_t fn)
{
int count = preempt_count();
int ret;
@@ -75485,11 +77580,13 @@ index 63534a1..85feae2 100644
if (initcall_debug)
ret = do_one_initcall_debug(fn);
-@@ -695,15 +756,15 @@ int __init_or_module do_one_initcall(initcall_t fn)
- sprintf(msgbuf, "error code %d ", ret);
+ else
+ ret = fn();
+- msgbuf[0] = 0;
+-
if (preempt_count() != count) {
-- strlcat(msgbuf, "preemption imbalance ", sizeof(msgbuf));
+- sprintf(msgbuf, "preemption imbalance ");
+ msg1 = " preemption imbalance";
preempt_count() = count;
}
@@ -75498,14 +77595,12 @@ index 63534a1..85feae2 100644
+ msg2 = " disabled interrupts";
local_irq_enable();
}
-- if (msgbuf[0]) {
-- printk("initcall %pF returned with %s\n", fn, msgbuf);
-+ if (msgbuf[0] || *msg1 || *msg2) {
-+ printk("initcall %pF returned with %s%s%s\n", fn, msgbuf, msg1, msg2);
- }
+- WARN(msgbuf[0], "initcall %pF returned with %s\n", fn, msgbuf);
++ WARN(*msg1 || *msg2, "initcall %pF returned with%s%s\n", fn, msg1, msg2);
return ret;
-@@ -757,8 +818,14 @@ static void __init do_initcall_level(int level)
+ }
+@@ -748,8 +815,14 @@ static void __init do_initcall_level(int level)
level, level,
&repair_env_string);
@@ -75521,7 +77616,7 @@ index 63534a1..85feae2 100644
}
static void __init do_initcalls(void)
-@@ -792,8 +859,14 @@ static void __init do_pre_smp_initcalls(void)
+@@ -783,8 +856,14 @@ static void __init do_pre_smp_initcalls(void)
{
initcall_t *fn;
@@ -75537,7 +77632,7 @@ index 63534a1..85feae2 100644
}
/*
-@@ -811,8 +884,8 @@ static int run_init_process(const char *init_filename)
+@@ -802,8 +881,8 @@ static int run_init_process(const char *init_filename)
{
argv_init[0] = init_filename;
return do_execve(init_filename,
@@ -75548,16 +77643,16 @@ index 63534a1..85feae2 100644
}
static noinline void __init kernel_init_freeable(void);
-@@ -890,7 +963,7 @@ static noinline void __init kernel_init_freeable(void)
+@@ -880,7 +959,7 @@ static noinline void __init kernel_init_freeable(void)
do_basic_setup();
/* Open the /dev/console on the rootfs, this should never fail */
- if (sys_open((const char __user *) "/dev/console", O_RDWR, 0) < 0)
+ if (sys_open((const char __force_user *) "/dev/console", O_RDWR, 0) < 0)
- printk(KERN_WARNING "Warning: unable to open an initial console.\n");
+ pr_err("Warning: unable to open an initial console.\n");
(void) sys_dup(0);
-@@ -903,11 +976,13 @@ static noinline void __init kernel_init_freeable(void)
+@@ -893,11 +972,13 @@ static noinline void __init kernel_init_freeable(void)
if (!ramdisk_execute_command)
ramdisk_execute_command = "/init";
@@ -75647,10 +77742,10 @@ index e4e47f6..a85e0ad 100644
if (u->mq_bytes + mq_bytes < u->mq_bytes ||
u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) {
diff --git a/ipc/msg.c b/ipc/msg.c
-index fede1d0..9778e0f8 100644
+index d0c6d96..69a893c 100644
--- a/ipc/msg.c
+++ b/ipc/msg.c
-@@ -309,18 +309,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg)
+@@ -296,18 +296,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg)
return security_msg_queue_associate(msq, msgflg);
}
@@ -75676,10 +77771,10 @@ index fede1d0..9778e0f8 100644
msg_params.flg = msgflg;
diff --git a/ipc/sem.c b/ipc/sem.c
-index 58d31f1..cce7a55 100644
+index 70480a3..f4e8262 100644
--- a/ipc/sem.c
+++ b/ipc/sem.c
-@@ -364,10 +364,15 @@ static inline int sem_more_checks(struct kern_ipc_perm *ipcp,
+@@ -460,10 +460,15 @@ static inline int sem_more_checks(struct kern_ipc_perm *ipcp,
return 0;
}
@@ -75696,7 +77791,7 @@ index 58d31f1..cce7a55 100644
struct ipc_params sem_params;
ns = current->nsproxy->ipc_ns;
-@@ -375,10 +380,6 @@ SYSCALL_DEFINE3(semget, key_t, key, int, nsems, int, semflg)
+@@ -471,10 +476,6 @@ SYSCALL_DEFINE3(semget, key_t, key, int, nsems, int, semflg)
if (nsems < 0 || nsems > ns->sc_semmsl)
return -EINVAL;
@@ -75802,10 +77897,10 @@ index 7e199fa..180a1ca 100644
shm_unlock(shp);
diff --git a/kernel/acct.c b/kernel/acct.c
-index b9bd7f0..1762b4a 100644
+index 8d6e145..33e0b1e 100644
--- a/kernel/acct.c
+++ b/kernel/acct.c
-@@ -550,7 +550,7 @@ static void do_acct_process(struct bsd_acct_struct *acct,
+@@ -556,7 +556,7 @@ static void do_acct_process(struct bsd_acct_struct *acct,
*/
flim = current->signal->rlim[RLIMIT_FSIZE].rlim_cur;
current->signal->rlim[RLIMIT_FSIZE].rlim_cur = RLIM_INFINITY;
@@ -75815,10 +77910,10 @@ index b9bd7f0..1762b4a 100644
current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
set_fs(fs);
diff --git a/kernel/audit.c b/kernel/audit.c
-index 8a667f10..7375e3f 100644
+index 91e53d0..d9e3ec4 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
-@@ -116,7 +116,7 @@ u32 audit_sig_sid = 0;
+@@ -118,7 +118,7 @@ u32 audit_sig_sid = 0;
3) suppressed due to audit_rate_limit
4) suppressed due to audit_backlog_limit
*/
@@ -75827,7 +77922,7 @@ index 8a667f10..7375e3f 100644
/* The netlink socket. */
static struct sock *audit_sock;
-@@ -238,7 +238,7 @@ void audit_log_lost(const char *message)
+@@ -240,7 +240,7 @@ void audit_log_lost(const char *message)
unsigned long now;
int print;
@@ -75836,7 +77931,7 @@ index 8a667f10..7375e3f 100644
print = (audit_failure == AUDIT_FAIL_PANIC || !audit_rate_limit);
-@@ -257,7 +257,7 @@ void audit_log_lost(const char *message)
+@@ -259,7 +259,7 @@ void audit_log_lost(const char *message)
printk(KERN_WARNING
"audit: audit_lost=%d audit_rate_limit=%d "
"audit_backlog_limit=%d\n",
@@ -75845,7 +77940,7 @@ index 8a667f10..7375e3f 100644
audit_rate_limit,
audit_backlog_limit);
audit_panic(message);
-@@ -681,7 +681,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
+@@ -664,7 +664,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
status_set.pid = audit_pid;
status_set.rate_limit = audit_rate_limit;
status_set.backlog_limit = audit_backlog_limit;
@@ -75854,11 +77949,24 @@ index 8a667f10..7375e3f 100644
status_set.backlog = skb_queue_len(&audit_skb_queue);
audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0,
&status_set, sizeof(status_set));
+diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
+index 6bd4a90..0ee9eff 100644
+--- a/kernel/auditfilter.c
++++ b/kernel/auditfilter.c
+@@ -423,7 +423,7 @@ static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data,
+ f->lsm_rule = NULL;
+
+ /* Support legacy tests for a valid loginuid */
+- if ((f->type == AUDIT_LOGINUID) && (f->val == 4294967295)) {
++ if ((f->type == AUDIT_LOGINUID) && (f->val == 4294967295U)) {
+ f->type = AUDIT_LOGINUID_SET;
+ f->val = 0;
+ }
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
-index c4b72b0..8654c4e 100644
+index 3c8a601..3a416f6 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
-@@ -2295,7 +2295,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
+@@ -1956,7 +1956,7 @@ int auditsc_get_stamp(struct audit_context *ctx,
}
/* global counter which is incremented every time something logs in */
@@ -75867,7 +77975,7 @@ index c4b72b0..8654c4e 100644
/**
* audit_set_loginuid - set current task's audit_context loginuid
-@@ -2319,7 +2319,7 @@ int audit_set_loginuid(kuid_t loginuid)
+@@ -1980,7 +1980,7 @@ int audit_set_loginuid(kuid_t loginuid)
return -EPERM;
#endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */
@@ -75973,10 +78081,10 @@ index f6c2ce5..982c0f9 100644
+ return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid);
+}
diff --git a/kernel/cgroup.c b/kernel/cgroup.c
-index 526f4ba..19cca33 100644
+index 2e9b387..61817b1 100644
--- a/kernel/cgroup.c
+++ b/kernel/cgroup.c
-@@ -5580,7 +5580,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
+@@ -5398,7 +5398,7 @@ static int cgroup_css_links_read(struct cgroup *cont,
struct css_set *cg = link->cg;
struct task_struct *task;
int count = 0;
@@ -75986,7 +78094,7 @@ index 526f4ba..19cca33 100644
if (count++ > MAX_TASKS_SHOWN_PER_CSS) {
seq_puts(seq, " ...\n");
diff --git a/kernel/compat.c b/kernel/compat.c
-index 19971d8..02fe2df 100644
+index 0a09e48..f44f3f0 100644
--- a/kernel/compat.c
+++ b/kernel/compat.c
@@ -13,6 +13,7 @@
@@ -76033,16 +78141,7 @@ index 19971d8..02fe2df 100644
set_fs(old_fs);
if (!ret) {
-@@ -523,7 +524,7 @@ asmlinkage long compat_sys_getrusage(int who, struct compat_rusage __user *ru)
- mm_segment_t old_fs = get_fs();
-
- set_fs(KERNEL_DS);
-- ret = sys_getrusage(who, (struct rusage __user *) &r);
-+ ret = sys_getrusage(who, (struct rusage __force_user *) &r);
- set_fs(old_fs);
-
- if (ret)
-@@ -552,8 +553,8 @@ COMPAT_SYSCALL_DEFINE4(wait4,
+@@ -533,8 +534,8 @@ COMPAT_SYSCALL_DEFINE4(wait4,
set_fs (KERNEL_DS);
ret = sys_wait4(pid,
(stat_addr ?
@@ -76053,7 +78152,7 @@ index 19971d8..02fe2df 100644
set_fs (old_fs);
if (ret > 0) {
-@@ -579,8 +580,8 @@ COMPAT_SYSCALL_DEFINE5(waitid,
+@@ -560,8 +561,8 @@ COMPAT_SYSCALL_DEFINE5(waitid,
memset(&info, 0, sizeof(info));
set_fs(KERNEL_DS);
@@ -76064,7 +78163,7 @@ index 19971d8..02fe2df 100644
set_fs(old_fs);
if ((ret < 0) || (info.si_signo == 0))
-@@ -714,8 +715,8 @@ long compat_sys_timer_settime(timer_t timer_id, int flags,
+@@ -695,8 +696,8 @@ long compat_sys_timer_settime(timer_t timer_id, int flags,
oldfs = get_fs();
set_fs(KERNEL_DS);
err = sys_timer_settime(timer_id, flags,
@@ -76075,7 +78174,7 @@ index 19971d8..02fe2df 100644
set_fs(oldfs);
if (!err && old && put_compat_itimerspec(old, &oldts))
return -EFAULT;
-@@ -732,7 +733,7 @@ long compat_sys_timer_gettime(timer_t timer_id,
+@@ -713,7 +714,7 @@ long compat_sys_timer_gettime(timer_t timer_id,
oldfs = get_fs();
set_fs(KERNEL_DS);
err = sys_timer_gettime(timer_id,
@@ -76084,7 +78183,7 @@ index 19971d8..02fe2df 100644
set_fs(oldfs);
if (!err && put_compat_itimerspec(setting, &ts))
return -EFAULT;
-@@ -751,7 +752,7 @@ long compat_sys_clock_settime(clockid_t which_clock,
+@@ -732,7 +733,7 @@ long compat_sys_clock_settime(clockid_t which_clock,
oldfs = get_fs();
set_fs(KERNEL_DS);
err = sys_clock_settime(which_clock,
@@ -76093,7 +78192,7 @@ index 19971d8..02fe2df 100644
set_fs(oldfs);
return err;
}
-@@ -766,7 +767,7 @@ long compat_sys_clock_gettime(clockid_t which_clock,
+@@ -747,7 +748,7 @@ long compat_sys_clock_gettime(clockid_t which_clock,
oldfs = get_fs();
set_fs(KERNEL_DS);
err = sys_clock_gettime(which_clock,
@@ -76102,7 +78201,7 @@ index 19971d8..02fe2df 100644
set_fs(oldfs);
if (!err && put_compat_timespec(&ts, tp))
return -EFAULT;
-@@ -786,7 +787,7 @@ long compat_sys_clock_adjtime(clockid_t which_clock,
+@@ -767,7 +768,7 @@ long compat_sys_clock_adjtime(clockid_t which_clock,
oldfs = get_fs();
set_fs(KERNEL_DS);
@@ -76111,7 +78210,7 @@ index 19971d8..02fe2df 100644
set_fs(oldfs);
err = compat_put_timex(utp, &txc);
-@@ -806,7 +807,7 @@ long compat_sys_clock_getres(clockid_t which_clock,
+@@ -787,7 +788,7 @@ long compat_sys_clock_getres(clockid_t which_clock,
oldfs = get_fs();
set_fs(KERNEL_DS);
err = sys_clock_getres(which_clock,
@@ -76120,7 +78219,7 @@ index 19971d8..02fe2df 100644
set_fs(oldfs);
if (!err && tp && put_compat_timespec(&ts, tp))
return -EFAULT;
-@@ -818,9 +819,9 @@ static long compat_clock_nanosleep_restart(struct restart_block *restart)
+@@ -799,9 +800,9 @@ static long compat_clock_nanosleep_restart(struct restart_block *restart)
long err;
mm_segment_t oldfs;
struct timespec tu;
@@ -76132,7 +78231,7 @@ index 19971d8..02fe2df 100644
oldfs = get_fs();
set_fs(KERNEL_DS);
err = clock_nanosleep_restart(restart);
-@@ -852,8 +853,8 @@ long compat_sys_clock_nanosleep(clockid_t which_clock, int flags,
+@@ -833,8 +834,8 @@ long compat_sys_clock_nanosleep(clockid_t which_clock, int flags,
oldfs = get_fs();
set_fs(KERNEL_DS);
err = sys_clock_nanosleep(which_clock, flags,
@@ -76144,7 +78243,7 @@ index 19971d8..02fe2df 100644
if ((err == -ERESTART_RESTARTBLOCK) && rmtp &&
diff --git a/kernel/configs.c b/kernel/configs.c
-index 42e8fa0..9e7406b 100644
+index c18b1f1..b9a0132 100644
--- a/kernel/configs.c
+++ b/kernel/configs.c
@@ -74,8 +74,19 @@ static int __init ikconfig_init(void)
@@ -76310,7 +78409,7 @@ index e0573a4..3874e41 100644
/**
diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c
-index c26278f..e323fb8 100644
+index 0506d44..2c20034 100644
--- a/kernel/debug/debug_core.c
+++ b/kernel/debug/debug_core.c
@@ -123,7 +123,7 @@ static DEFINE_RAW_SPINLOCK(dbg_slave_lock);
@@ -76396,10 +78495,10 @@ index 00eb8f7..d7e3244 100644
#ifdef CONFIG_MODULE_UNLOAD
{
diff --git a/kernel/events/core.c b/kernel/events/core.c
-index f8ddcfb..77c06ec 100644
+index e76e495..cbfe63a 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
-@@ -154,8 +154,15 @@ static struct srcu_struct pmus_srcu;
+@@ -156,8 +156,15 @@ static struct srcu_struct pmus_srcu;
* 0 - disallow raw tracepoint access for unpriv
* 1 - disallow cpu events for unpriv
* 2 - disallow kernel profiling for unpriv
@@ -76416,7 +78515,7 @@ index f8ddcfb..77c06ec 100644
/* Minimum for 512 kiB + 1 user control page */
int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */
-@@ -182,7 +189,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write,
+@@ -184,7 +191,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write,
return 0;
}
@@ -76425,7 +78524,7 @@ index f8ddcfb..77c06ec 100644
static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx,
enum event_type_t event_type);
-@@ -2674,7 +2681,7 @@ static void __perf_event_read(void *info)
+@@ -2747,7 +2754,7 @@ static void __perf_event_read(void *info)
static inline u64 perf_event_count(struct perf_event *event)
{
@@ -76434,7 +78533,7 @@ index f8ddcfb..77c06ec 100644
}
static u64 perf_event_read(struct perf_event *event)
-@@ -3020,9 +3027,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
+@@ -3093,9 +3100,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running)
mutex_lock(&event->child_mutex);
total += perf_event_read(event);
*enabled += event->total_time_enabled +
@@ -76446,7 +78545,7 @@ index f8ddcfb..77c06ec 100644
list_for_each_entry(child, &event->child_list, child_list) {
total += perf_event_read(child);
-@@ -3408,10 +3415,10 @@ void perf_event_update_userpage(struct perf_event *event)
+@@ -3481,10 +3488,10 @@ void perf_event_update_userpage(struct perf_event *event)
userpg->offset -= local64_read(&event->hw.prev_count);
userpg->time_enabled = enabled +
@@ -76459,7 +78558,7 @@ index f8ddcfb..77c06ec 100644
arch_perf_update_userpage(userpg, now);
-@@ -3961,7 +3968,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
+@@ -4034,7 +4041,7 @@ perf_output_sample_ustack(struct perf_output_handle *handle, u64 dump_size,
/* Data. */
sp = perf_user_stack_pointer(regs);
@@ -76468,7 +78567,7 @@ index f8ddcfb..77c06ec 100644
dyn_size = dump_size - rem;
perf_output_skip(handle, rem);
-@@ -4049,11 +4056,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
+@@ -4122,11 +4129,11 @@ static void perf_output_read_one(struct perf_output_handle *handle,
values[n++] = perf_event_count(event);
if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) {
values[n++] = enabled +
@@ -76482,7 +78581,7 @@ index f8ddcfb..77c06ec 100644
}
if (read_format & PERF_FORMAT_ID)
values[n++] = primary_event_id(event);
-@@ -4801,12 +4808,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
+@@ -4835,12 +4842,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event)
* need to add enough zero bytes after the string to handle
* the 64bit alignment we do later.
*/
@@ -76497,7 +78596,7 @@ index f8ddcfb..77c06ec 100644
if (IS_ERR(name)) {
name = strncpy(tmp, "//toolong", sizeof(tmp));
goto got_name;
-@@ -6242,7 +6249,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
+@@ -6262,7 +6269,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu,
event->parent = parent_event;
event->ns = get_pid_ns(task_active_pid_ns(current));
@@ -76506,7 +78605,7 @@ index f8ddcfb..77c06ec 100644
event->state = PERF_EVENT_STATE_INACTIVE;
-@@ -6552,6 +6559,11 @@ SYSCALL_DEFINE5(perf_event_open,
+@@ -6572,6 +6579,11 @@ SYSCALL_DEFINE5(perf_event_open,
if (flags & ~PERF_FLAG_ALL)
return -EINVAL;
@@ -76518,7 +78617,7 @@ index f8ddcfb..77c06ec 100644
err = perf_copy_attr(attr_uptr, &attr);
if (err)
return err;
-@@ -6884,10 +6896,10 @@ static void sync_child_event(struct perf_event *child_event,
+@@ -6904,10 +6916,10 @@ static void sync_child_event(struct perf_event *child_event,
/*
* Add back the child's count to the parent's count:
*/
@@ -76571,7 +78670,7 @@ index ca65997..cc8cee4 100644
/* Callchain handling */
extern struct perf_callchain_entry *
diff --git a/kernel/exit.c b/kernel/exit.c
-index 60bc027..ca6d727 100644
+index 7bb73f9..d7978ed 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -172,6 +172,10 @@ void release_task(struct task_struct * p)
@@ -76594,7 +78693,7 @@ index 60bc027..ca6d727 100644
recalc_sigpending();
spin_unlock_irq(&current->sighand->siglock);
return 0;
-@@ -710,6 +714,8 @@ void do_exit(long code)
+@@ -709,6 +713,8 @@ void do_exit(long code)
struct task_struct *tsk = current;
int group_dead;
@@ -76603,7 +78702,7 @@ index 60bc027..ca6d727 100644
profile_task_exit(tsk);
WARN_ON(blk_needs_flush_plug(tsk));
-@@ -726,7 +732,6 @@ void do_exit(long code)
+@@ -725,7 +731,6 @@ void do_exit(long code)
* mm_release()->clear_child_tid() from writing to a user-controlled
* kernel address.
*/
@@ -76611,7 +78710,7 @@ index 60bc027..ca6d727 100644
ptrace_event(PTRACE_EVENT_EXIT, code);
-@@ -785,6 +790,9 @@ void do_exit(long code)
+@@ -784,6 +789,9 @@ void do_exit(long code)
tsk->exit_code = code;
taskstats_exit(tsk, group_dead);
@@ -76631,10 +78730,10 @@ index 60bc027..ca6d727 100644
{
struct signal_struct *sig = current->signal;
diff --git a/kernel/fork.c b/kernel/fork.c
-index 1766d32..c0e44e2 100644
+index 987b28a..11ee8a5 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
-@@ -318,7 +318,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
+@@ -319,7 +319,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig)
*stackend = STACK_END_MAGIC; /* for overflow detection */
#ifdef CONFIG_CC_STACKPROTECTOR
@@ -76643,7 +78742,7 @@ index 1766d32..c0e44e2 100644
#endif
/*
-@@ -344,13 +344,81 @@ free_tsk:
+@@ -345,13 +345,81 @@ free_tsk:
}
#ifdef CONFIG_MMU
@@ -76727,7 +78826,7 @@ index 1766d32..c0e44e2 100644
uprobe_start_dup_mmap();
down_write(&oldmm->mmap_sem);
-@@ -364,8 +432,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
+@@ -365,8 +433,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
mm->locked_vm = 0;
mm->mmap = NULL;
mm->mmap_cache = NULL;
@@ -76738,7 +78837,7 @@ index 1766d32..c0e44e2 100644
mm->map_count = 0;
cpumask_clear(mm_cpumask(mm));
mm->mm_rb = RB_ROOT;
-@@ -381,57 +449,15 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
+@@ -382,57 +450,15 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
prev = NULL;
for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) {
@@ -76800,7 +78899,7 @@ index 1766d32..c0e44e2 100644
}
/*
-@@ -463,6 +489,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
+@@ -464,6 +490,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm)
if (retval)
goto out;
}
@@ -76832,7 +78931,7 @@ index 1766d32..c0e44e2 100644
/* a new mm has just been created */
arch_dup_mmap(oldmm, mm);
retval = 0;
-@@ -472,14 +523,6 @@ out:
+@@ -473,14 +524,6 @@ out:
up_write(&oldmm->mmap_sem);
uprobe_end_dup_mmap();
return retval;
@@ -76847,7 +78946,7 @@ index 1766d32..c0e44e2 100644
}
static inline int mm_alloc_pgd(struct mm_struct *mm)
-@@ -694,8 +737,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
+@@ -695,8 +738,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode)
return ERR_PTR(err);
mm = get_task_mm(task);
@@ -76858,7 +78957,7 @@ index 1766d32..c0e44e2 100644
mmput(mm);
mm = ERR_PTR(-EACCES);
}
-@@ -917,13 +960,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
+@@ -918,13 +961,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk)
spin_unlock(&fs->lock);
return -EAGAIN;
}
@@ -76880,7 +78979,7 @@ index 1766d32..c0e44e2 100644
return 0;
}
-@@ -1196,6 +1246,9 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+@@ -1197,10 +1247,13 @@ static struct task_struct *copy_process(unsigned long clone_flags,
DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled);
#endif
retval = -EAGAIN;
@@ -76889,8 +78988,14 @@ index 1766d32..c0e44e2 100644
+
if (atomic_read(&p->real_cred->user->processes) >=
task_rlimit(p, RLIMIT_NPROC)) {
- if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
-@@ -1441,6 +1494,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
+- if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) &&
+- p->real_cred->user != INIT_USER)
++ if (p->real_cred->user != INIT_USER &&
++ !capable(CAP_SYS_RESOURCE) && !capable(CAP_SYS_ADMIN))
+ goto bad_fork_free;
+ }
+ current->flags &= ~PF_NPROC_EXCEEDED;
+@@ -1446,6 +1499,11 @@ static struct task_struct *copy_process(unsigned long clone_flags,
goto bad_fork_free_pid;
}
@@ -76902,7 +79007,7 @@ index 1766d32..c0e44e2 100644
if (clone_flags & CLONE_THREAD) {
current->signal->nr_threads++;
atomic_inc(&current->signal->live);
-@@ -1524,6 +1582,8 @@ bad_fork_cleanup_count:
+@@ -1529,6 +1587,8 @@ bad_fork_cleanup_count:
bad_fork_free:
free_task(p);
fork_out:
@@ -76911,31 +79016,7 @@ index 1766d32..c0e44e2 100644
return ERR_PTR(retval);
}
-@@ -1574,6 +1634,23 @@ long do_fork(unsigned long clone_flags,
- return -EINVAL;
- }
-
-+#ifdef CONFIG_GRKERNSEC
-+ if (clone_flags & CLONE_NEWUSER) {
-+ /*
-+ * This doesn't really inspire confidence:
-+ * http://marc.info/?l=linux-kernel&m=135543612731939&w=2
-+ * http://marc.info/?l=linux-kernel&m=135545831607095&w=2
-+ * Increases kernel attack surface in areas developers
-+ * previously cared little about ("low importance due
-+ * to requiring "root" capability")
-+ * To be removed when this code receives *proper* review
-+ */
-+ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) ||
-+ !capable(CAP_SETGID))
-+ return -EPERM;
-+ }
-+#endif
-+
- /*
- * Determine whether and which event to report to ptracer. When
- * called from kernel_thread or CLONE_UNTRACED is explicitly
-@@ -1608,6 +1685,8 @@ long do_fork(unsigned long clone_flags,
+@@ -1613,6 +1673,8 @@ long do_fork(unsigned long clone_flags,
if (clone_flags & CLONE_PARENT_SETTID)
put_user(nr, parent_tidptr);
@@ -76944,7 +79025,16 @@ index 1766d32..c0e44e2 100644
if (clone_flags & CLONE_VFORK) {
p->vfork_done = &vfork;
init_completion(&vfork);
-@@ -1761,7 +1840,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
+@@ -1723,7 +1785,7 @@ void __init proc_caches_init(void)
+ mm_cachep = kmem_cache_create("mm_struct",
+ sizeof(struct mm_struct), ARCH_MIN_MMSTRUCT_ALIGN,
+ SLAB_HWCACHE_ALIGN|SLAB_PANIC|SLAB_NOTRACK, NULL);
+- vm_area_cachep = KMEM_CACHE(vm_area_struct, SLAB_PANIC);
++ vm_area_cachep = KMEM_CACHE(vm_area_struct, SLAB_PANIC | SLAB_NO_SANITIZE);
+ mmap_init();
+ nsproxy_cache_init();
+ }
+@@ -1763,7 +1825,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp)
return 0;
/* don't need lock here; in the worst case we'll do useless copy */
@@ -76953,7 +79043,7 @@ index 1766d32..c0e44e2 100644
return 0;
*new_fsp = copy_fs_struct(fs);
-@@ -1873,7 +1952,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
+@@ -1875,7 +1937,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags)
fs = current->fs;
spin_lock(&fs->lock);
current->fs = new_fs;
@@ -77046,67 +79136,19 @@ index 9b22d03..6295b62 100644
prev->next = info->next;
else
diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c
-index 7ef5556..f67a983 100644
+index 2288fbd..0f3941f 100644
--- a/kernel/hrtimer.c
+++ b/kernel/hrtimer.c
-@@ -709,17 +709,20 @@ static int hrtimer_switch_to_hres(void)
- return 1;
- }
-
-+static void clock_was_set_work(struct work_struct *work)
-+{
-+ clock_was_set();
-+}
-+
-+static DECLARE_WORK(hrtimer_work, clock_was_set_work);
-+
- /*
-- * Called from timekeeping code to reprogramm the hrtimer interrupt
-- * device. If called from the timer interrupt context we defer it to
-- * softirq context.
-+ * Called from timekeeping and resume code to reprogramm the hrtimer
-+ * interrupt device on all cpus.
- */
- void clock_was_set_delayed(void)
- {
-- struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases);
--
-- cpu_base->clock_was_set = 1;
-- __raise_softirq_irqoff(HRTIMER_SOFTIRQ);
-+ schedule_work(&hrtimer_work);
- }
-
- #else
-@@ -768,8 +771,10 @@ void hrtimers_resume(void)
- WARN_ONCE(!irqs_disabled(),
- KERN_INFO "hrtimers_resume() called with IRQs enabled!");
-
-+ /* Retrigger on the local CPU */
- retrigger_next_event(NULL);
-- timerfd_clock_was_set();
-+ /* And schedule a retrigger for all others */
-+ clock_was_set_delayed();
- }
-
- static inline void timer_stats_hrtimer_set_start_info(struct hrtimer *timer)
-@@ -1416,15 +1421,8 @@ void hrtimer_peek_ahead_timers(void)
+@@ -1435,7 +1435,7 @@ void hrtimer_peek_ahead_timers(void)
local_irq_restore(flags);
}
-static void run_hrtimer_softirq(struct softirq_action *h)
+static void run_hrtimer_softirq(void)
{
-- struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases);
--
-- if (cpu_base->clock_was_set) {
-- cpu_base->clock_was_set = 0;
-- clock_was_set();
-- }
--
hrtimer_peek_ahead_timers();
}
-
-@@ -1758,7 +1756,7 @@ static int __cpuinit hrtimer_cpu_notify(struct notifier_block *self,
+@@ -1770,7 +1770,7 @@ static int __cpuinit hrtimer_cpu_notify(struct notifier_block *self,
return NOTIFY_OK;
}
@@ -77172,7 +79214,7 @@ index 60f48fa..7f3a770 100644
static int
diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c
-index 2169fee..706ccca 100644
+index 3127ad5..159d880 100644
--- a/kernel/kallsyms.c
+++ b/kernel/kallsyms.c
@@ -11,6 +11,9 @@
@@ -77248,7 +79290,7 @@ index 2169fee..706ccca 100644
if (all_var)
return is_kernel(addr);
-@@ -470,7 +509,6 @@ static unsigned long get_ksymbol_core(struct kallsym_iter *iter)
+@@ -480,7 +519,6 @@ static unsigned long get_ksymbol_core(struct kallsym_iter *iter)
static void reset_iter(struct kallsym_iter *iter, loff_t new_pos)
{
@@ -77256,7 +79298,7 @@ index 2169fee..706ccca 100644
iter->nameoff = get_symbol_offset(new_pos);
iter->pos = new_pos;
}
-@@ -518,6 +556,11 @@ static int s_show(struct seq_file *m, void *p)
+@@ -528,6 +566,11 @@ static int s_show(struct seq_file *m, void *p)
{
struct kallsym_iter *iter = m->private;
@@ -77268,7 +79310,7 @@ index 2169fee..706ccca 100644
/* Some debugging symbols have no name. Ignore them. */
if (!iter->name[0])
return 0;
-@@ -531,6 +574,7 @@ static int s_show(struct seq_file *m, void *p)
+@@ -541,6 +584,7 @@ static int s_show(struct seq_file *m, void *p)
*/
type = iter->exported ? toupper(iter->type) :
tolower(iter->type);
@@ -77276,7 +79318,7 @@ index 2169fee..706ccca 100644
seq_printf(m, "%pK %c %s\t[%s]\n", (void *)iter->value,
type, iter->name, iter->module_name);
} else
-@@ -556,7 +600,7 @@ static int kallsyms_open(struct inode *inode, struct file *file)
+@@ -566,7 +610,7 @@ static int kallsyms_open(struct inode *inode, struct file *file)
struct kallsym_iter *iter;
int ret;
@@ -77301,10 +79343,10 @@ index e30ac0f..3528cac 100644
/*
diff --git a/kernel/kexec.c b/kernel/kexec.c
-index ffd4e11..c3ff6bf 100644
+index 59f7b55..4022f65 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
-@@ -1048,7 +1048,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry,
+@@ -1041,7 +1041,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry,
unsigned long flags)
{
struct compat_kexec_segment in;
@@ -77315,7 +79357,7 @@ index ffd4e11..c3ff6bf 100644
/* Don't allow clients that don't understand the native
diff --git a/kernel/kmod.c b/kernel/kmod.c
-index 8985c87..f539dbe 100644
+index 8241906..d625f2c 100644
--- a/kernel/kmod.c
+++ b/kernel/kmod.c
@@ -75,7 +75,7 @@ static void free_modprobe_argv(struct subprocess_info *info)
@@ -77325,9 +79367,9 @@ index 8985c87..f539dbe 100644
-static int call_modprobe(char *module_name, int wait)
+static int call_modprobe(char *module_name, char *module_param, int wait)
{
+ struct subprocess_info *info;
static char *envp[] = {
- "HOME=/",
-@@ -84,7 +84,7 @@ static int call_modprobe(char *module_name, int wait)
+@@ -85,7 +85,7 @@ static int call_modprobe(char *module_name, int wait)
NULL
};
@@ -77336,7 +79378,7 @@ index 8985c87..f539dbe 100644
if (!argv)
goto out;
-@@ -96,7 +96,8 @@ static int call_modprobe(char *module_name, int wait)
+@@ -97,7 +97,8 @@ static int call_modprobe(char *module_name, int wait)
argv[1] = "-q";
argv[2] = "--";
argv[3] = module_name; /* check free_modprobe_argv() */
@@ -77344,9 +79386,9 @@ index 8985c87..f539dbe 100644
+ argv[4] = module_param;
+ argv[5] = NULL;
- return call_usermodehelper_fns(modprobe_path, argv, envp,
- wait | UMH_KILLABLE, NULL, free_modprobe_argv, NULL);
-@@ -121,9 +122,8 @@ out:
+ info = call_usermodehelper_setup(modprobe_path, argv, envp, GFP_KERNEL,
+ NULL, free_modprobe_argv, NULL);
+@@ -129,9 +130,8 @@ out:
* If module auto-loading support is disabled then this function
* becomes a no-operation.
*/
@@ -77357,7 +79399,7 @@ index 8985c87..f539dbe 100644
char module_name[MODULE_NAME_LEN];
unsigned int max_modprobes;
int ret;
-@@ -139,9 +139,7 @@ int __request_module(bool wait, const char *fmt, ...)
+@@ -147,9 +147,7 @@ int __request_module(bool wait, const char *fmt, ...)
*/
WARN_ON_ONCE(wait && current_is_async());
@@ -77368,7 +79410,7 @@ index 8985c87..f539dbe 100644
if (ret >= MODULE_NAME_LEN)
return -ENAMETOOLONG;
-@@ -149,6 +147,20 @@ int __request_module(bool wait, const char *fmt, ...)
+@@ -157,6 +155,20 @@ int __request_module(bool wait, const char *fmt, ...)
if (ret)
return ret;
@@ -77389,7 +79431,7 @@ index 8985c87..f539dbe 100644
/* If modprobe needs a service that is in a module, we get a recursive
* loop. Limit the number of running kmod threads to max_threads/2 or
* MAX_KMOD_CONCURRENT, whichever is the smaller. A cleaner method
-@@ -177,11 +189,52 @@ int __request_module(bool wait, const char *fmt, ...)
+@@ -185,11 +197,52 @@ int __request_module(bool wait, const char *fmt, ...)
trace_module_request(module_name, wait, _RET_IP_);
@@ -77443,7 +79485,7 @@ index 8985c87..f539dbe 100644
EXPORT_SYMBOL(__request_module);
#endif /* CONFIG_MODULES */
-@@ -292,7 +345,7 @@ static int wait_for_helper(void *data)
+@@ -300,7 +353,7 @@ static int wait_for_helper(void *data)
*
* Thus the __user pointer cast is valid here.
*/
@@ -77452,7 +79494,7 @@ index 8985c87..f539dbe 100644
/*
* If ret is 0, either ____call_usermodehelper failed and the
-@@ -649,7 +702,7 @@ EXPORT_SYMBOL(call_usermodehelper_fns);
+@@ -651,7 +704,7 @@ EXPORT_SYMBOL(call_usermodehelper);
static int proc_cap_handler(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -77462,10 +79504,20 @@ index 8985c87..f539dbe 100644
kernel_cap_t new_cap;
int err, i;
diff --git a/kernel/kprobes.c b/kernel/kprobes.c
-index 3fed7f0..a3f95ed 100644
+index bddf3b2..233bf40 100644
--- a/kernel/kprobes.c
+++ b/kernel/kprobes.c
-@@ -185,7 +185,7 @@ static kprobe_opcode_t __kprobes *__get_insn_slot(struct kprobe_insn_cache *c)
+@@ -31,6 +31,9 @@
+ * <jkenisto@us.ibm.com> and Prasanna S Panchamukhi
+ * <prasanna@in.ibm.com> added function-return probes.
+ */
++#ifdef CONFIG_GRKERNSEC_HIDESYM
++#define __INCLUDED_BY_HIDESYM 1
++#endif
+ #include <linux/kprobes.h>
+ #include <linux/hash.h>
+ #include <linux/init.h>
+@@ -185,7 +188,7 @@ static kprobe_opcode_t __kprobes *__get_insn_slot(struct kprobe_insn_cache *c)
* kernel image and loaded module images reside. This is required
* so x86_64 can correctly handle the %rip-relative fixups.
*/
@@ -77474,7 +79526,7 @@ index 3fed7f0..a3f95ed 100644
if (!kip->insns) {
kfree(kip);
return NULL;
-@@ -225,7 +225,7 @@ static int __kprobes collect_one_slot(struct kprobe_insn_page *kip, int idx)
+@@ -225,7 +228,7 @@ static int __kprobes collect_one_slot(struct kprobe_insn_page *kip, int idx)
*/
if (!list_is_singular(&kip->list)) {
list_del(&kip->list);
@@ -77483,7 +79535,7 @@ index 3fed7f0..a3f95ed 100644
kfree(kip);
}
return 1;
-@@ -2073,7 +2073,7 @@ static int __init init_kprobes(void)
+@@ -2083,7 +2086,7 @@ static int __init init_kprobes(void)
{
int i, err = 0;
unsigned long offset = 0, size = 0;
@@ -77492,7 +79544,7 @@ index 3fed7f0..a3f95ed 100644
const char *symbol_name;
void *addr;
struct kprobe_blackpoint *kb;
-@@ -2158,11 +2158,11 @@ static void __kprobes report_probe(struct seq_file *pi, struct kprobe *p,
+@@ -2168,11 +2171,11 @@ static void __kprobes report_probe(struct seq_file *pi, struct kprobe *p,
kprobe_type = "k";
if (sym)
@@ -77506,7 +79558,7 @@ index 3fed7f0..a3f95ed 100644
p->addr, kprobe_type, p->addr);
if (!pp)
-@@ -2199,7 +2199,7 @@ static int __kprobes show_kprobe_addr(struct seq_file *pi, void *v)
+@@ -2209,7 +2212,7 @@ static int __kprobes show_kprobe_addr(struct seq_file *pi, void *v)
const char *sym = NULL;
unsigned int i = *(loff_t *) v;
unsigned long offset = 0;
@@ -77538,10 +79590,10 @@ index 6ada93c..dce7d5d 100644
.name = "notes",
.mode = S_IRUGO,
diff --git a/kernel/lockdep.c b/kernel/lockdep.c
-index 8a0efac..56f1e2d 100644
+index 1f3186b..bb7dbc6 100644
--- a/kernel/lockdep.c
+++ b/kernel/lockdep.c
-@@ -590,6 +590,10 @@ static int static_obj(void *obj)
+@@ -596,6 +596,10 @@ static int static_obj(void *obj)
end = (unsigned long) &_end,
addr = (unsigned long) obj;
@@ -77552,7 +79604,7 @@ index 8a0efac..56f1e2d 100644
/*
* static variable?
*/
-@@ -730,6 +734,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force)
+@@ -736,6 +740,7 @@ register_lock_class(struct lockdep_map *lock, unsigned int subclass, int force)
if (!static_obj(lock->key)) {
debug_locks_off();
printk("INFO: trying to register non-static key.\n");
@@ -77560,7 +79612,7 @@ index 8a0efac..56f1e2d 100644
printk("the code is fine but needs lockdep annotation.\n");
printk("turning off the locking correctness validator.\n");
dump_stack();
-@@ -3078,7 +3083,7 @@ static int __lock_acquire(struct lockdep_map *lock, unsigned int subclass,
+@@ -3080,7 +3085,7 @@ static int __lock_acquire(struct lockdep_map *lock, unsigned int subclass,
if (!class)
return 0;
}
@@ -77619,7 +79671,7 @@ index b2c71c5..7b88d63 100644
seq_printf(m, "%40s %14lu %29s %pS\n",
name, stats->contending_point[i],
diff --git a/kernel/module.c b/kernel/module.c
-index a55f61b..1561428 100644
+index fa53db8..6f17200 100644
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -61,6 +61,7 @@
@@ -77685,7 +79737,7 @@ index a55f61b..1561428 100644
}
static struct module_attribute modinfo_initsize =
-@@ -1312,7 +1314,7 @@ resolve_symbol_wait(struct module *mod,
+@@ -1313,7 +1315,7 @@ resolve_symbol_wait(struct module *mod,
*/
#ifdef CONFIG_SYSFS
@@ -77694,7 +79746,7 @@ index a55f61b..1561428 100644
static inline bool sect_empty(const Elf_Shdr *sect)
{
return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0;
-@@ -1452,7 +1454,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info)
+@@ -1453,7 +1455,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info)
{
unsigned int notes, loaded, i;
struct module_notes_attrs *notes_attrs;
@@ -77703,7 +79755,7 @@ index a55f61b..1561428 100644
/* failed to create section attributes, so can't create notes */
if (!mod->sect_attrs)
-@@ -1564,7 +1566,7 @@ static void del_usage_links(struct module *mod)
+@@ -1565,7 +1567,7 @@ static void del_usage_links(struct module *mod)
static int module_add_modinfo_attrs(struct module *mod)
{
struct module_attribute *attr;
@@ -77712,7 +79764,7 @@ index a55f61b..1561428 100644
int error = 0;
int i;
-@@ -1778,21 +1780,21 @@ static void set_section_ro_nx(void *base,
+@@ -1779,21 +1781,21 @@ static void set_section_ro_nx(void *base,
static void unset_module_core_ro_nx(struct module *mod)
{
@@ -77742,7 +79794,7 @@ index a55f61b..1561428 100644
set_memory_rw);
}
-@@ -1805,14 +1807,14 @@ void set_all_modules_text_rw(void)
+@@ -1806,14 +1808,14 @@ void set_all_modules_text_rw(void)
list_for_each_entry_rcu(mod, &modules, list) {
if (mod->state == MODULE_STATE_UNFORMED)
continue;
@@ -77763,7 +79815,7 @@ index a55f61b..1561428 100644
set_memory_rw);
}
}
-@@ -1828,14 +1830,14 @@ void set_all_modules_text_ro(void)
+@@ -1829,14 +1831,14 @@ void set_all_modules_text_ro(void)
list_for_each_entry_rcu(mod, &modules, list) {
if (mod->state == MODULE_STATE_UNFORMED)
continue;
@@ -77784,7 +79836,7 @@ index a55f61b..1561428 100644
set_memory_ro);
}
}
-@@ -1886,16 +1888,19 @@ static void free_module(struct module *mod)
+@@ -1887,16 +1889,19 @@ static void free_module(struct module *mod)
/* This may be NULL, but that's OK */
unset_module_init_ro_nx(mod);
@@ -77807,7 +79859,7 @@ index a55f61b..1561428 100644
#ifdef CONFIG_MPU
update_protections(current->mm);
-@@ -1965,9 +1970,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1966,9 +1971,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
int ret = 0;
const struct kernel_symbol *ksym;
@@ -77839,7 +79891,7 @@ index a55f61b..1561428 100644
switch (sym[i].st_shndx) {
case SHN_COMMON:
/* We compiled with -fno-common. These are not
-@@ -1988,7 +2015,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -1989,7 +2016,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
ksym = resolve_symbol_wait(mod, info, name);
/* Ok if resolved. */
if (ksym && !IS_ERR(ksym)) {
@@ -77849,7 +79901,7 @@ index a55f61b..1561428 100644
break;
}
-@@ -2007,11 +2036,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
+@@ -2008,11 +2037,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info)
secbase = (unsigned long)mod_percpu(mod);
else
secbase = info->sechdrs[sym[i].st_shndx].sh_addr;
@@ -77870,7 +79922,7 @@ index a55f61b..1561428 100644
return ret;
}
-@@ -2095,22 +2133,12 @@ static void layout_sections(struct module *mod, struct load_info *info)
+@@ -2096,22 +2134,12 @@ static void layout_sections(struct module *mod, struct load_info *info)
|| s->sh_entsize != ~0UL
|| strstarts(sname, ".init"))
continue;
@@ -77897,7 +79949,7 @@ index a55f61b..1561428 100644
}
pr_debug("Init section allocation order:\n");
-@@ -2124,23 +2152,13 @@ static void layout_sections(struct module *mod, struct load_info *info)
+@@ -2125,23 +2153,13 @@ static void layout_sections(struct module *mod, struct load_info *info)
|| s->sh_entsize != ~0UL
|| !strstarts(sname, ".init"))
continue;
@@ -77926,7 +79978,7 @@ index a55f61b..1561428 100644
}
}
-@@ -2313,7 +2331,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
+@@ -2314,7 +2332,7 @@ static void layout_symtab(struct module *mod, struct load_info *info)
/* Put symbol section at end of init part of module. */
symsect->sh_flags |= SHF_ALLOC;
@@ -77935,7 +79987,7 @@ index a55f61b..1561428 100644
info->index.sym) | INIT_OFFSET_MASK;
pr_debug("\t%s\n", info->secstrings + symsect->sh_name);
-@@ -2330,13 +2348,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
+@@ -2331,13 +2349,13 @@ static void layout_symtab(struct module *mod, struct load_info *info)
}
/* Append room for core symbols at end of core part. */
@@ -77953,7 +80005,7 @@ index a55f61b..1561428 100644
info->index.str) | INIT_OFFSET_MASK;
pr_debug("\t%s\n", info->secstrings + strsect->sh_name);
}
-@@ -2354,12 +2372,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+@@ -2355,12 +2373,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
/* Make sure we get permanent strtab: don't use info->strtab. */
mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr;
@@ -77970,7 +80022,7 @@ index a55f61b..1561428 100644
src = mod->symtab;
for (ndst = i = 0; i < mod->num_symtab; i++) {
if (i == 0 ||
-@@ -2371,6 +2391,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
+@@ -2372,6 +2392,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info)
}
}
mod->core_num_syms = ndst;
@@ -77979,7 +80031,7 @@ index a55f61b..1561428 100644
}
#else
static inline void layout_symtab(struct module *mod, struct load_info *info)
-@@ -2404,17 +2426,33 @@ void * __weak module_alloc(unsigned long size)
+@@ -2405,17 +2427,33 @@ void * __weak module_alloc(unsigned long size)
return vmalloc_exec(size);
}
@@ -78018,7 +80070,7 @@ index a55f61b..1561428 100644
mutex_unlock(&module_mutex);
}
return ret;
-@@ -2690,8 +2728,14 @@ static struct module *setup_load_info(struct load_info *info, int flags)
+@@ -2691,8 +2729,14 @@ static struct module *setup_load_info(struct load_info *info, int flags)
static int check_modinfo(struct module *mod, struct load_info *info, int flags)
{
const char *modmagic = get_modinfo(info, "vermagic");
@@ -78033,7 +80085,7 @@ index a55f61b..1561428 100644
if (flags & MODULE_INIT_IGNORE_VERMAGIC)
modmagic = NULL;
-@@ -2717,7 +2761,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
+@@ -2718,7 +2762,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
}
/* Set up license info based on the info section */
@@ -78042,7 +80094,7 @@ index a55f61b..1561428 100644
return 0;
}
-@@ -2811,7 +2855,7 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2799,7 +2843,7 @@ static int move_module(struct module *mod, struct load_info *info)
void *ptr;
/* Do the allocs. */
@@ -78051,7 +80103,7 @@ index a55f61b..1561428 100644
/*
* The pointer to this block is stored in the module structure
* which is inside the block. Just mark it as not being a
-@@ -2821,11 +2865,11 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2809,11 +2853,11 @@ static int move_module(struct module *mod, struct load_info *info)
if (!ptr)
return -ENOMEM;
@@ -78067,17 +80119,20 @@ index a55f61b..1561428 100644
/*
* The pointer to this block is stored in the module structure
* which is inside the block. This block doesn't need to be
-@@ -2834,13 +2878,45 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2822,13 +2866,45 @@ static int move_module(struct module *mod, struct load_info *info)
*/
kmemleak_ignore(ptr);
if (!ptr) {
- module_free(mod, mod->module_core);
+ module_free(mod, mod->module_core_rw);
-+ return -ENOMEM;
-+ }
+ return -ENOMEM;
+ }
+- memset(ptr, 0, mod->init_size);
+- mod->module_init = ptr;
+ memset(ptr, 0, mod->init_size_rw);
+ mod->module_init_rw = ptr;
-+ } else
+ } else
+- mod->module_init = NULL;
+ mod->module_init_rw = NULL;
+
+ ptr = module_alloc_update_bounds_rx(mod->core_size_rx);
@@ -78102,22 +80157,19 @@ index a55f61b..1561428 100644
+ if (mod->module_init_rw)
+ module_free(mod, mod->module_init_rw);
+ module_free(mod, mod->module_core_rw);
- return -ENOMEM;
- }
-- memset(ptr, 0, mod->init_size);
-- mod->module_init = ptr;
++ return -ENOMEM;
++ }
+
+ pax_open_kernel();
+ memset(ptr, 0, mod->init_size_rx);
+ pax_close_kernel();
+ mod->module_init_rx = ptr;
- } else
-- mod->module_init = NULL;
++ } else
+ mod->module_init_rx = NULL;
/* Transfer each section which specifies SHF_ALLOC */
pr_debug("final section addresses:\n");
-@@ -2851,16 +2927,45 @@ static int move_module(struct module *mod, struct load_info *info)
+@@ -2839,16 +2915,45 @@ static int move_module(struct module *mod, struct load_info *info)
if (!(shdr->sh_flags & SHF_ALLOC))
continue;
@@ -78170,7 +80222,7 @@ index a55f61b..1561428 100644
pr_debug("\t0x%lx %s\n",
(long)shdr->sh_addr, info->secstrings + shdr->sh_name);
}
-@@ -2917,12 +3022,12 @@ static void flush_module_icache(const struct module *mod)
+@@ -2905,12 +3010,12 @@ static void flush_module_icache(const struct module *mod)
* Do it before processing of module parameters, so the module
* can provide parameter accessor functions of its own.
*/
@@ -78189,7 +80241,7 @@ index a55f61b..1561428 100644
set_fs(old_fs);
}
-@@ -2989,8 +3094,10 @@ static int alloc_module_percpu(struct module *mod, struct load_info *info)
+@@ -2977,8 +3082,10 @@ static int alloc_module_percpu(struct module *mod, struct load_info *info)
static void module_deallocate(struct module *mod, struct load_info *info)
{
percpu_modfree(mod);
@@ -78202,7 +80254,7 @@ index a55f61b..1561428 100644
}
int __weak module_finalize(const Elf_Ehdr *hdr,
-@@ -3003,7 +3110,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
+@@ -2991,7 +3098,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr,
static int post_relocation(struct module *mod, const struct load_info *info)
{
/* Sort exception table now relocations are done. */
@@ -78212,7 +80264,7 @@ index a55f61b..1561428 100644
/* Copy relocated percpu area over. */
percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr,
-@@ -3057,16 +3166,16 @@ static int do_init_module(struct module *mod)
+@@ -3045,16 +3154,16 @@ static int do_init_module(struct module *mod)
MODULE_STATE_COMING, mod);
/* Set RO and NX regions for core */
@@ -78237,7 +80289,7 @@ index a55f61b..1561428 100644
do_mod_ctors(mod);
/* Start the module */
-@@ -3128,11 +3237,12 @@ static int do_init_module(struct module *mod)
+@@ -3116,11 +3225,12 @@ static int do_init_module(struct module *mod)
mod->strtab = mod->core_strtab;
#endif
unset_module_init_ro_nx(mod);
@@ -78255,7 +80307,7 @@ index a55f61b..1561428 100644
mutex_unlock(&module_mutex);
wake_up_all(&module_wq);
-@@ -3264,9 +3374,38 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3252,9 +3362,38 @@ static int load_module(struct load_info *info, const char __user *uargs,
if (err)
goto free_unload;
@@ -78294,7 +80346,7 @@ index a55f61b..1561428 100644
/* Fix up syms, so that st_value is a pointer to location. */
err = simplify_symbols(mod, info);
if (err < 0)
-@@ -3282,13 +3421,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3270,13 +3409,6 @@ static int load_module(struct load_info *info, const char __user *uargs,
flush_module_icache(mod);
@@ -78308,7 +80360,7 @@ index a55f61b..1561428 100644
dynamic_debug_setup(info->debug, info->num_debug);
/* Finally it's fully formed, ready to start executing. */
-@@ -3323,11 +3455,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
+@@ -3311,11 +3443,10 @@ static int load_module(struct load_info *info, const char __user *uargs,
ddebug_cleanup:
dynamic_debug_remove(info->debug);
synchronize_sched();
@@ -78321,7 +80373,7 @@ index a55f61b..1561428 100644
free_unload:
module_unload_free(mod);
unlink_mod:
-@@ -3410,10 +3541,16 @@ static const char *get_ksymbol(struct module *mod,
+@@ -3398,10 +3529,16 @@ static const char *get_ksymbol(struct module *mod,
unsigned long nextval;
/* At worse, next value is at end of module */
@@ -78341,7 +80393,7 @@ index a55f61b..1561428 100644
/* Scan for closest preceding symbol, and next symbol. (ELF
starts real symbols at 1). */
-@@ -3666,7 +3803,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3654,7 +3791,7 @@ static int m_show(struct seq_file *m, void *p)
return 0;
seq_printf(m, "%s %u",
@@ -78350,7 +80402,7 @@ index a55f61b..1561428 100644
print_unload_info(m, mod);
/* Informative for users. */
-@@ -3675,7 +3812,7 @@ static int m_show(struct seq_file *m, void *p)
+@@ -3663,7 +3800,7 @@ static int m_show(struct seq_file *m, void *p)
mod->state == MODULE_STATE_COMING ? "Loading":
"Live");
/* Used by oprofile and other similar tools. */
@@ -78359,7 +80411,7 @@ index a55f61b..1561428 100644
/* Taints info */
if (mod->taints)
-@@ -3711,7 +3848,17 @@ static const struct file_operations proc_modules_operations = {
+@@ -3699,7 +3836,17 @@ static const struct file_operations proc_modules_operations = {
static int __init proc_modules_init(void)
{
@@ -78377,7 +80429,7 @@ index a55f61b..1561428 100644
return 0;
}
module_init(proc_modules_init);
-@@ -3772,14 +3919,14 @@ struct module *__module_address(unsigned long addr)
+@@ -3760,14 +3907,14 @@ struct module *__module_address(unsigned long addr)
{
struct module *mod;
@@ -78395,7 +80447,7 @@ index a55f61b..1561428 100644
return mod;
}
return NULL;
-@@ -3814,11 +3961,20 @@ bool is_module_text_address(unsigned long addr)
+@@ -3802,11 +3949,20 @@ bool is_module_text_address(unsigned long addr)
*/
struct module *__module_text_address(unsigned long addr)
{
@@ -78468,10 +80520,28 @@ index 0799fd3..d06ae3b 100644
extern void debug_mutex_init(struct mutex *lock, const char *name,
struct lock_class_key *key);
diff --git a/kernel/mutex.c b/kernel/mutex.c
-index 52f2301..73f7528 100644
+index ad53a66..f1bf8bc 100644
--- a/kernel/mutex.c
+++ b/kernel/mutex.c
-@@ -199,7 +199,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
+@@ -134,7 +134,7 @@ void mspin_lock(struct mspin_node **lock, struct mspin_node *node)
+ node->locked = 1;
+ return;
+ }
+- ACCESS_ONCE(prev->next) = node;
++ ACCESS_ONCE_RW(prev->next) = node;
+ smp_wmb();
+ /* Wait until the lock holder passes the lock down */
+ while (!ACCESS_ONCE(node->locked))
+@@ -155,7 +155,7 @@ static void mspin_unlock(struct mspin_node **lock, struct mspin_node *node)
+ while (!(next = ACCESS_ONCE(node->next)))
+ arch_mutex_cpu_relax();
+ }
+- ACCESS_ONCE(next->locked) = 1;
++ ACCESS_ONCE_RW(next->locked) = 1;
+ smp_wmb();
+ }
+
+@@ -341,7 +341,7 @@ slowpath:
spin_lock_mutex(&lock->wait_lock, flags);
debug_mutex_lock_common(lock, &waiter);
@@ -78480,7 +80550,7 @@ index 52f2301..73f7528 100644
/* add waiting tasks to the end of the waitqueue (FIFO): */
list_add_tail(&waiter.list, &lock->wait_list);
-@@ -228,8 +228,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
+@@ -371,8 +371,7 @@ slowpath:
* TASK_UNINTERRUPTIBLE case.)
*/
if (unlikely(signal_pending_state(state, task))) {
@@ -78490,7 +80560,7 @@ index 52f2301..73f7528 100644
mutex_release(&lock->dep_map, 1, ip);
spin_unlock_mutex(&lock->wait_lock, flags);
-@@ -248,7 +247,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass,
+@@ -391,7 +390,7 @@ slowpath:
done:
lock_acquired(&lock->dep_map, ip);
/* got the lock - rejoice! */
@@ -78556,19 +80626,19 @@ index 2d5cc4c..d9ea600 100644
return -ENOENT;
}
diff --git a/kernel/panic.c b/kernel/panic.c
-index 7c57cc9..28f1b3f 100644
+index 167ec09..0dda5f9 100644
--- a/kernel/panic.c
+++ b/kernel/panic.c
-@@ -403,7 +403,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller,
- const char *board;
-
+@@ -400,7 +400,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller,
+ unsigned taint, struct slowpath_args *args)
+ {
printk(KERN_WARNING "------------[ cut here ]------------\n");
- printk(KERN_WARNING "WARNING: at %s:%d %pS()\n", file, line, caller);
+ printk(KERN_WARNING "WARNING: at %s:%d %pA()\n", file, line, caller);
- board = dmi_get_system_info(DMI_PRODUCT_NAME);
- if (board)
- printk(KERN_WARNING "Hardware name: %s\n", board);
-@@ -459,7 +459,8 @@ EXPORT_SYMBOL(warn_slowpath_null);
+
+ if (args)
+ vprintk(args->fmt, args->args);
+@@ -453,7 +453,8 @@ EXPORT_SYMBOL(warn_slowpath_null);
*/
void __stack_chk_fail(void)
{
@@ -78579,7 +80649,7 @@ index 7c57cc9..28f1b3f 100644
}
EXPORT_SYMBOL(__stack_chk_fail);
diff --git a/kernel/pid.c b/kernel/pid.c
-index 047dc62..418d74b 100644
+index 0db3e79..95b9dc2 100644
--- a/kernel/pid.c
+++ b/kernel/pid.c
@@ -33,6 +33,7 @@
@@ -78590,7 +80660,7 @@ index 047dc62..418d74b 100644
#include <linux/pid_namespace.h>
#include <linux/init_task.h>
#include <linux/syscalls.h>
-@@ -46,7 +47,7 @@ struct pid init_struct_pid = INIT_STRUCT_PID;
+@@ -47,7 +48,7 @@ struct pid init_struct_pid = INIT_STRUCT_PID;
int pid_max = PID_MAX_DEFAULT;
@@ -78599,7 +80669,7 @@ index 047dc62..418d74b 100644
int pid_max_min = RESERVED_PIDS + 1;
int pid_max_max = PID_MAX_LIMIT;
-@@ -440,10 +441,18 @@ EXPORT_SYMBOL(pid_task);
+@@ -442,10 +443,18 @@ EXPORT_SYMBOL(pid_task);
*/
struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns)
{
@@ -78619,7 +80689,7 @@ index 047dc62..418d74b 100644
}
struct task_struct *find_task_by_vpid(pid_t vnr)
-@@ -451,6 +460,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr)
+@@ -453,6 +462,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr)
return find_task_by_pid_ns(vnr, task_active_pid_ns(current));
}
@@ -78635,10 +80705,10 @@ index 047dc62..418d74b 100644
{
struct pid *pid;
diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c
-index bea15bd..789f3d0 100644
+index 6917e8e..9909aeb 100644
--- a/kernel/pid_namespace.c
+++ b/kernel/pid_namespace.c
-@@ -249,7 +249,7 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write,
+@@ -247,7 +247,7 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
struct pid_namespace *pid_ns = task_active_pid_ns(current);
@@ -78648,10 +80718,10 @@ index bea15bd..789f3d0 100644
if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN))
return -EPERM;
diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c
-index 8fd709c..542bf4b 100644
+index 42670e9..8719c2f 100644
--- a/kernel/posix-cpu-timers.c
+++ b/kernel/posix-cpu-timers.c
-@@ -1592,14 +1592,14 @@ struct k_clock clock_posix_cpu = {
+@@ -1636,14 +1636,14 @@ struct k_clock clock_posix_cpu = {
static __init int init_posix_cpu_timers(void)
{
@@ -78669,18 +80739,18 @@ index 8fd709c..542bf4b 100644
.clock_get = thread_cpu_clock_get,
.timer_create = thread_cpu_timer_create,
diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c
-index 6edbb2c..334f085 100644
+index 424c2d4..a9194f7 100644
--- a/kernel/posix-timers.c
+++ b/kernel/posix-timers.c
@@ -43,6 +43,7 @@
- #include <linux/idr.h>
+ #include <linux/hash.h>
#include <linux/posix-clock.h>
#include <linux/posix-timers.h>
+#include <linux/grsecurity.h>
#include <linux/syscalls.h>
#include <linux/wait.h>
#include <linux/workqueue.h>
-@@ -129,7 +130,7 @@ static DEFINE_SPINLOCK(idr_lock);
+@@ -122,7 +123,7 @@ static DEFINE_SPINLOCK(hash_lock);
* which we beg off on and pass to do_sys_settimeofday().
*/
@@ -78689,7 +80759,7 @@ index 6edbb2c..334f085 100644
/*
* These ones are defined below.
-@@ -227,7 +228,7 @@ static int posix_get_boottime(const clockid_t which_clock, struct timespec *tp)
+@@ -275,7 +276,7 @@ static int posix_get_tai(clockid_t which_clock, struct timespec *tp)
*/
static __init int init_posix_timers(void)
{
@@ -78698,7 +80768,7 @@ index 6edbb2c..334f085 100644
.clock_getres = hrtimer_get_res,
.clock_get = posix_clock_realtime_get,
.clock_set = posix_clock_realtime_set,
-@@ -239,7 +240,7 @@ static __init int init_posix_timers(void)
+@@ -287,7 +288,7 @@ static __init int init_posix_timers(void)
.timer_get = common_timer_get,
.timer_del = common_timer_del,
};
@@ -78707,7 +80777,7 @@ index 6edbb2c..334f085 100644
.clock_getres = hrtimer_get_res,
.clock_get = posix_ktime_get_ts,
.nsleep = common_nsleep,
-@@ -249,19 +250,19 @@ static __init int init_posix_timers(void)
+@@ -297,19 +298,19 @@ static __init int init_posix_timers(void)
.timer_get = common_timer_get,
.timer_del = common_timer_del,
};
@@ -78726,12 +80796,21 @@ index 6edbb2c..334f085 100644
.clock_getres = posix_get_coarse_res,
.clock_get = posix_get_monotonic_coarse,
};
+- struct k_clock clock_tai = {
++ static struct k_clock clock_tai = {
+ .clock_getres = hrtimer_get_res,
+ .clock_get = posix_get_tai,
+ .nsleep = common_nsleep,
+@@ -319,7 +320,7 @@ static __init int init_posix_timers(void)
+ .timer_get = common_timer_get,
+ .timer_del = common_timer_del,
+ };
- struct k_clock clock_boottime = {
+ static struct k_clock clock_boottime = {
.clock_getres = hrtimer_get_res,
.clock_get = posix_get_boottime,
.nsleep = common_nsleep,
-@@ -473,7 +474,7 @@ void posix_timers_register_clock(const clockid_t clock_id,
+@@ -531,7 +532,7 @@ void posix_timers_register_clock(const clockid_t clock_id,
return;
}
@@ -78740,7 +80819,7 @@ index 6edbb2c..334f085 100644
}
EXPORT_SYMBOL_GPL(posix_timers_register_clock);
-@@ -519,9 +520,9 @@ static struct k_clock *clockid_to_kclock(const clockid_t id)
+@@ -577,9 +578,9 @@ static struct k_clock *clockid_to_kclock(const clockid_t id)
return (id & CLOCKFD_MASK) == CLOCKFD ?
&clock_posix_dynamic : &clock_posix_cpu;
@@ -78752,7 +80831,7 @@ index 6edbb2c..334f085 100644
}
static int common_timer_create(struct k_itimer *new_timer)
-@@ -964,6 +965,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock,
+@@ -1011,6 +1012,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock,
if (copy_from_user(&new_tp, tp, sizeof (*tp)))
return -EFAULT;
@@ -78766,20 +80845,6 @@ index 6edbb2c..334f085 100644
return kc->clock_set(which_clock, &new_tp);
}
-diff --git a/kernel/power/autosleep.c b/kernel/power/autosleep.c
-index c6422ff..9012ecf 100644
---- a/kernel/power/autosleep.c
-+++ b/kernel/power/autosleep.c
-@@ -32,7 +32,8 @@ static void try_to_suspend(struct work_struct *work)
-
- mutex_lock(&autosleep_lock);
-
-- if (!pm_save_wakeup_count(initial_count)) {
-+ if (!pm_save_wakeup_count(initial_count) ||
-+ system_state != SYSTEM_RUNNING) {
- mutex_unlock(&autosleep_lock);
- goto out;
- }
diff --git a/kernel/power/process.c b/kernel/power/process.c
index 98088e0..aaf95c0 100644
--- a/kernel/power/process.c
@@ -78824,10 +80889,10 @@ index 98088e0..aaf95c0 100644
if (pm_wakeup_pending()) {
diff --git a/kernel/printk.c b/kernel/printk.c
-index 0e4eba6a..d58ebf0 100644
+index d37d45c..ab918b3 100644
--- a/kernel/printk.c
+++ b/kernel/printk.c
-@@ -395,6 +395,11 @@ static int check_syslog_permissions(int type, bool from_file)
+@@ -390,6 +390,11 @@ static int check_syslog_permissions(int type, bool from_file)
if (from_file && type != SYSLOG_ACTION_OPEN)
return 0;
@@ -78840,7 +80905,7 @@ index 0e4eba6a..d58ebf0 100644
if (capable(CAP_SYSLOG))
return 0;
diff --git a/kernel/profile.c b/kernel/profile.c
-index dc3384e..0de5b49 100644
+index 0bf4007..6234708 100644
--- a/kernel/profile.c
+++ b/kernel/profile.c
@@ -37,7 +37,7 @@ struct profile_hit {
@@ -78901,10 +80966,10 @@ index dc3384e..0de5b49 100644
}
diff --git a/kernel/ptrace.c b/kernel/ptrace.c
-index acbd284..00bb0c9 100644
+index 335a7ae..3bbbceb 100644
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
-@@ -324,7 +324,7 @@ static int ptrace_attach(struct task_struct *task, long request,
+@@ -326,7 +326,7 @@ static int ptrace_attach(struct task_struct *task, long request,
if (seize)
flags |= PT_SEIZED;
rcu_read_lock();
@@ -78913,7 +80978,7 @@ index acbd284..00bb0c9 100644
flags |= PT_PTRACE_CAP;
rcu_read_unlock();
task->ptrace = flags;
-@@ -535,7 +535,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
+@@ -537,7 +537,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst
break;
return -EIO;
}
@@ -78922,7 +80987,7 @@ index acbd284..00bb0c9 100644
return -EFAULT;
copied += retval;
src += retval;
-@@ -726,7 +726,7 @@ int ptrace_request(struct task_struct *child, long request,
+@@ -805,7 +805,7 @@ int ptrace_request(struct task_struct *child, long request,
bool seized = child->ptrace & PT_SEIZED;
int ret = -EIO;
siginfo_t siginfo, *si;
@@ -78931,7 +80996,7 @@ index acbd284..00bb0c9 100644
unsigned long __user *datalp = datavp;
unsigned long flags;
-@@ -928,14 +928,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
+@@ -1011,14 +1011,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr,
goto out;
}
@@ -78954,7 +81019,7 @@ index acbd284..00bb0c9 100644
goto out_put_task_struct;
}
-@@ -963,7 +970,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
+@@ -1046,7 +1053,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr,
copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0);
if (copied != sizeof(tmp))
return -EIO;
@@ -78963,7 +81028,7 @@ index acbd284..00bb0c9 100644
}
int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr,
-@@ -1057,7 +1064,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request,
+@@ -1140,7 +1147,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request,
}
asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
@@ -78972,7 +81037,7 @@ index acbd284..00bb0c9 100644
{
struct task_struct *child;
long ret;
-@@ -1073,14 +1080,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
+@@ -1156,14 +1163,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid,
goto out;
}
@@ -79215,10 +81280,10 @@ index e1f3a8c..42c94a2 100644
for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) {
per_cpu(rcu_torture_count, cpu)[i] = 0;
diff --git a/kernel/rcutree.c b/kernel/rcutree.c
-index 5b8ad82..59e1f64 100644
+index 3538001..e379e0b 100644
--- a/kernel/rcutree.c
+++ b/kernel/rcutree.c
-@@ -353,9 +353,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval,
+@@ -358,9 +358,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval,
rcu_prepare_for_idle(smp_processor_id());
/* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */
smp_mb__before_atomic_inc(); /* See above. */
@@ -79230,7 +81295,7 @@ index 5b8ad82..59e1f64 100644
/*
* It is illegal to enter an extended quiescent state while
-@@ -491,10 +491,10 @@ static void rcu_eqs_exit_common(struct rcu_dynticks *rdtp, long long oldval,
+@@ -496,10 +496,10 @@ static void rcu_eqs_exit_common(struct rcu_dynticks *rdtp, long long oldval,
int user)
{
smp_mb__before_atomic_inc(); /* Force ordering w/previous sojourn. */
@@ -79243,7 +81308,7 @@ index 5b8ad82..59e1f64 100644
rcu_cleanup_after_idle(smp_processor_id());
trace_rcu_dyntick("End", oldval, rdtp->dynticks_nesting);
if (!user && !is_idle_task(current)) {
-@@ -633,14 +633,14 @@ void rcu_nmi_enter(void)
+@@ -638,14 +638,14 @@ void rcu_nmi_enter(void)
struct rcu_dynticks *rdtp = &__get_cpu_var(rcu_dynticks);
if (rdtp->dynticks_nmi_nesting == 0 &&
@@ -79261,7 +81326,7 @@ index 5b8ad82..59e1f64 100644
}
/**
-@@ -659,9 +659,9 @@ void rcu_nmi_exit(void)
+@@ -664,9 +664,9 @@ void rcu_nmi_exit(void)
return;
/* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */
smp_mb__before_atomic_inc(); /* See above. */
@@ -79273,7 +81338,7 @@ index 5b8ad82..59e1f64 100644
}
/**
-@@ -675,7 +675,7 @@ int rcu_is_cpu_idle(void)
+@@ -680,7 +680,7 @@ int rcu_is_cpu_idle(void)
int ret;
preempt_disable();
@@ -79282,7 +81347,7 @@ index 5b8ad82..59e1f64 100644
preempt_enable();
return ret;
}
-@@ -743,7 +743,7 @@ static int rcu_is_cpu_rrupt_from_idle(void)
+@@ -748,7 +748,7 @@ static int rcu_is_cpu_rrupt_from_idle(void)
*/
static int dyntick_save_progress_counter(struct rcu_data *rdp)
{
@@ -79291,7 +81356,7 @@ index 5b8ad82..59e1f64 100644
return (rdp->dynticks_snap & 0x1) == 0;
}
-@@ -758,7 +758,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp)
+@@ -763,7 +763,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp)
unsigned int curr;
unsigned int snap;
@@ -79300,7 +81365,28 @@ index 5b8ad82..59e1f64 100644
snap = (unsigned int)rdp->dynticks_snap;
/*
-@@ -1698,7 +1698,7 @@ rcu_send_cbs_to_orphanage(int cpu, struct rcu_state *rsp,
+@@ -1440,9 +1440,9 @@ static int rcu_gp_init(struct rcu_state *rsp)
+ rdp = this_cpu_ptr(rsp->rda);
+ rcu_preempt_check_blocked_tasks(rnp);
+ rnp->qsmask = rnp->qsmaskinit;
+- ACCESS_ONCE(rnp->gpnum) = rsp->gpnum;
++ ACCESS_ONCE_RW(rnp->gpnum) = rsp->gpnum;
+ WARN_ON_ONCE(rnp->completed != rsp->completed);
+- ACCESS_ONCE(rnp->completed) = rsp->completed;
++ ACCESS_ONCE_RW(rnp->completed) = rsp->completed;
+ if (rnp == rdp->mynode)
+ rcu_start_gp_per_cpu(rsp, rnp, rdp);
+ rcu_preempt_boost_start_gp(rnp);
+@@ -1524,7 +1524,7 @@ static void rcu_gp_cleanup(struct rcu_state *rsp)
+ */
+ rcu_for_each_node_breadth_first(rsp, rnp) {
+ raw_spin_lock_irq(&rnp->lock);
+- ACCESS_ONCE(rnp->completed) = rsp->gpnum;
++ ACCESS_ONCE_RW(rnp->completed) = rsp->gpnum;
+ rdp = this_cpu_ptr(rsp->rda);
+ if (rnp == rdp->mynode)
+ __rcu_process_gp_end(rsp, rnp, rdp);
+@@ -1855,7 +1855,7 @@ rcu_send_cbs_to_orphanage(int cpu, struct rcu_state *rsp,
rsp->qlen += rdp->qlen;
rdp->n_cbs_orphaned += rdp->qlen;
rdp->qlen_lazy = 0;
@@ -79309,7 +81395,7 @@ index 5b8ad82..59e1f64 100644
}
/*
-@@ -1944,7 +1944,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp)
+@@ -2101,7 +2101,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp)
}
smp_mb(); /* List handling before counting for rcu_barrier(). */
rdp->qlen_lazy -= count_lazy;
@@ -79318,7 +81404,7 @@ index 5b8ad82..59e1f64 100644
rdp->n_cbs_invoked += count;
/* Reinstate batch limit if we have worked down the excess. */
-@@ -2137,7 +2137,7 @@ __rcu_process_callbacks(struct rcu_state *rsp)
+@@ -2295,7 +2295,7 @@ __rcu_process_callbacks(struct rcu_state *rsp)
/*
* Do RCU core processing for the current CPU.
*/
@@ -79327,7 +81413,7 @@ index 5b8ad82..59e1f64 100644
{
struct rcu_state *rsp;
-@@ -2260,7 +2260,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu),
+@@ -2419,7 +2419,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu),
local_irq_restore(flags);
return;
}
@@ -79336,7 +81422,7 @@ index 5b8ad82..59e1f64 100644
if (lazy)
rdp->qlen_lazy++;
else
-@@ -2469,11 +2469,11 @@ void synchronize_sched_expedited(void)
+@@ -2628,11 +2628,11 @@ void synchronize_sched_expedited(void)
* counter wrap on a 32-bit system. Quite a few more CPUs would of
* course be required on a 64-bit system.
*/
@@ -79350,7 +81436,7 @@ index 5b8ad82..59e1f64 100644
return;
}
-@@ -2481,7 +2481,7 @@ void synchronize_sched_expedited(void)
+@@ -2640,7 +2640,7 @@ void synchronize_sched_expedited(void)
* Take a ticket. Note that atomic_inc_return() implies a
* full memory barrier.
*/
@@ -79359,7 +81445,7 @@ index 5b8ad82..59e1f64 100644
firstsnap = snap;
get_online_cpus();
WARN_ON_ONCE(cpu_is_offline(raw_smp_processor_id()));
-@@ -2494,14 +2494,14 @@ void synchronize_sched_expedited(void)
+@@ -2653,14 +2653,14 @@ void synchronize_sched_expedited(void)
synchronize_sched_expedited_cpu_stop,
NULL) == -EAGAIN) {
put_online_cpus();
@@ -79376,7 +81462,7 @@ index 5b8ad82..59e1f64 100644
return;
}
-@@ -2510,7 +2510,7 @@ void synchronize_sched_expedited(void)
+@@ -2669,7 +2669,7 @@ void synchronize_sched_expedited(void)
udelay(trycount * num_online_cpus());
} else {
wait_rcu_gp(call_rcu_sched);
@@ -79385,7 +81471,7 @@ index 5b8ad82..59e1f64 100644
return;
}
-@@ -2519,7 +2519,7 @@ void synchronize_sched_expedited(void)
+@@ -2678,7 +2678,7 @@ void synchronize_sched_expedited(void)
if (ULONG_CMP_GE((ulong)s, (ulong)firstsnap)) {
/* ensure test happens before caller kfree */
smp_mb__before_atomic_inc(); /* ^^^ */
@@ -79394,7 +81480,7 @@ index 5b8ad82..59e1f64 100644
return;
}
-@@ -2531,10 +2531,10 @@ void synchronize_sched_expedited(void)
+@@ -2690,10 +2690,10 @@ void synchronize_sched_expedited(void)
* period works for us.
*/
get_online_cpus();
@@ -79407,7 +81493,7 @@ index 5b8ad82..59e1f64 100644
/*
* Everyone up to our most recent fetch is covered by our grace
-@@ -2543,16 +2543,16 @@ void synchronize_sched_expedited(void)
+@@ -2702,16 +2702,16 @@ void synchronize_sched_expedited(void)
* than we did already did their update.
*/
do {
@@ -79427,7 +81513,7 @@ index 5b8ad82..59e1f64 100644
put_online_cpus();
}
-@@ -2726,7 +2726,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
+@@ -2893,7 +2893,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
* ACCESS_ONCE() to prevent the compiler from speculating
* the increment to precede the early-exit check.
*/
@@ -79436,7 +81522,7 @@ index 5b8ad82..59e1f64 100644
WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 1);
_rcu_barrier_trace(rsp, "Inc1", -1, rsp->n_barrier_done);
smp_mb(); /* Order ->n_barrier_done increment with below mechanism. */
-@@ -2776,7 +2776,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
+@@ -2943,7 +2943,7 @@ static void _rcu_barrier(struct rcu_state *rsp)
/* Increment ->n_barrier_done to prevent duplicate work. */
smp_mb(); /* Keep increment after above mechanism. */
@@ -79445,7 +81531,7 @@ index 5b8ad82..59e1f64 100644
WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 0);
_rcu_barrier_trace(rsp, "Inc2", -1, rsp->n_barrier_done);
smp_mb(); /* Keep increment before caller's subsequent code. */
-@@ -2821,10 +2821,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp)
+@@ -2988,10 +2988,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp)
rdp->grpmask = 1UL << (cpu - rdp->mynode->grplo);
init_callback_list(rdp);
rdp->qlen_lazy = 0;
@@ -79458,7 +81544,7 @@ index 5b8ad82..59e1f64 100644
rdp->cpu = cpu;
rdp->rsp = rsp;
rcu_boot_init_nocb_percpu_data(rdp);
-@@ -2857,8 +2857,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible)
+@@ -3024,8 +3024,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible)
rdp->blimit = blimit;
init_callback_list(rdp); /* Re-enable callbacks on this CPU. */
rdp->dynticks->dynticks_nesting = DYNTICK_TASK_EXIT_IDLE;
@@ -79466,10 +81552,10 @@ index 5b8ad82..59e1f64 100644
- (atomic_read(&rdp->dynticks->dynticks) & ~0x1) + 1);
+ atomic_set_unchecked(&rdp->dynticks->dynticks,
+ (atomic_read_unchecked(&rdp->dynticks->dynticks) & ~0x1) + 1);
- rcu_prepare_for_idle_init(cpu);
raw_spin_unlock(&rnp->lock); /* irqs remain disabled. */
-@@ -2964,7 +2964,7 @@ static int __init rcu_spawn_gp_kthread(void)
+ /* Add CPU to rcu_node bitmasks. */
+@@ -3120,7 +3120,7 @@ static int __init rcu_spawn_gp_kthread(void)
struct task_struct *t;
for_each_rcu_flavor(rsp) {
@@ -79479,19 +81565,19 @@ index 5b8ad82..59e1f64 100644
rnp = rcu_get_root(rsp);
raw_spin_lock_irqsave(&rnp->lock, flags);
diff --git a/kernel/rcutree.h b/kernel/rcutree.h
-index c896b50..c357252 100644
+index 4df5034..5ee93f2 100644
--- a/kernel/rcutree.h
+++ b/kernel/rcutree.h
-@@ -86,7 +86,7 @@ struct rcu_dynticks {
+@@ -87,7 +87,7 @@ struct rcu_dynticks {
long long dynticks_nesting; /* Track irq/process nesting level. */
/* Process level is worth LLONG_MAX/2. */
int dynticks_nmi_nesting; /* Track NMI nesting level. */
- atomic_t dynticks; /* Even value for idle, else odd. */
+ atomic_unchecked_t dynticks;/* Even value for idle, else odd. */
#ifdef CONFIG_RCU_FAST_NO_HZ
- int dyntick_drain; /* Prepare-for-idle state variable. */
- unsigned long dyntick_holdoff;
-@@ -416,17 +416,17 @@ struct rcu_state {
+ bool all_lazy; /* Are all CPU's CBs lazy? */
+ unsigned long nonlazy_posted;
+@@ -414,17 +414,17 @@ struct rcu_state {
/* _rcu_barrier(). */
/* End of fields guarded by barrier_mutex. */
@@ -79521,10 +81607,10 @@ index c896b50..c357252 100644
unsigned long jiffies_force_qs; /* Time at which to invoke */
/* force_quiescent_state(). */
diff --git a/kernel/rcutree_plugin.h b/kernel/rcutree_plugin.h
-index c1cc7e1..f62e436 100644
+index 3db5a37..b395fb35 100644
--- a/kernel/rcutree_plugin.h
+++ b/kernel/rcutree_plugin.h
-@@ -892,7 +892,7 @@ void synchronize_rcu_expedited(void)
+@@ -903,7 +903,7 @@ void synchronize_rcu_expedited(void)
/* Clean up and exit. */
smp_mb(); /* ensure expedited GP seen before counter increment. */
@@ -79533,7 +81619,7 @@ index c1cc7e1..f62e436 100644
unlock_mb_ret:
mutex_unlock(&sync_rcu_preempt_exp_mutex);
mb_ret:
-@@ -1440,7 +1440,7 @@ static void rcu_boost_kthread_setaffinity(struct rcu_node *rnp, int outgoingcpu)
+@@ -1451,7 +1451,7 @@ static void rcu_boost_kthread_setaffinity(struct rcu_node *rnp, int outgoingcpu)
free_cpumask_var(cm);
}
@@ -79542,16 +81628,16 @@ index c1cc7e1..f62e436 100644
.store = &rcu_cpu_kthread_task,
.thread_should_run = rcu_cpu_kthread_should_run,
.thread_fn = rcu_cpu_kthread,
-@@ -2072,7 +2072,7 @@ static void print_cpu_stall_info(struct rcu_state *rsp, int cpu)
+@@ -1916,7 +1916,7 @@ static void print_cpu_stall_info(struct rcu_state *rsp, int cpu)
print_cpu_stall_fast_no_hz(fast_no_hz, cpu);
- printk(KERN_ERR "\t%d: (%lu %s) idle=%03x/%llx/%d %s\n",
+ printk(KERN_ERR "\t%d: (%lu %s) idle=%03x/%llx/%d softirq=%u/%u %s\n",
cpu, ticks_value, ticks_title,
- atomic_read(&rdtp->dynticks) & 0xfff,
+ atomic_read_unchecked(&rdtp->dynticks) & 0xfff,
rdtp->dynticks_nesting, rdtp->dynticks_nmi_nesting,
+ rdp->softirq_snap, kstat_softirqs_cpu(RCU_SOFTIRQ, cpu),
fast_no_hz);
- }
-@@ -2192,7 +2192,7 @@ static void __call_rcu_nocb_enqueue(struct rcu_data *rdp,
+@@ -2079,7 +2079,7 @@ static void __call_rcu_nocb_enqueue(struct rcu_data *rdp,
/* Enqueue the callback on the nocb list and update counts. */
old_rhpp = xchg(&rdp->nocb_tail, rhtp);
@@ -79560,7 +81646,7 @@ index c1cc7e1..f62e436 100644
atomic_long_add(rhcount, &rdp->nocb_q_count);
atomic_long_add(rhcount_lazy, &rdp->nocb_q_count_lazy);
-@@ -2384,12 +2384,12 @@ static int rcu_nocb_kthread(void *arg)
+@@ -2219,12 +2219,12 @@ static int rcu_nocb_kthread(void *arg)
* Extract queued callbacks, update counts, and wait
* for a grace period to elapse.
*/
@@ -79573,10 +81659,10 @@ index c1cc7e1..f62e436 100644
- ACCESS_ONCE(rdp->nocb_p_count_lazy) += cl;
+ ACCESS_ONCE_RW(rdp->nocb_p_count) += c;
+ ACCESS_ONCE_RW(rdp->nocb_p_count_lazy) += cl;
- wait_rcu_gp(rdp->rsp->call_remote);
+ rcu_nocb_wait_gp(rdp);
/* Each pass through the following loop invokes a callback. */
-@@ -2411,8 +2411,8 @@ static int rcu_nocb_kthread(void *arg)
+@@ -2246,8 +2246,8 @@ static int rcu_nocb_kthread(void *arg)
list = next;
}
trace_rcu_batch_end(rdp->rsp->name, c, !!list, 0, 0, 1);
@@ -79587,9 +81673,9 @@ index c1cc7e1..f62e436 100644
rdp->n_nocbs_invoked += c;
}
return 0;
-@@ -2438,7 +2438,7 @@ static void __init rcu_spawn_nocb_kthreads(struct rcu_state *rsp)
- rdp = per_cpu_ptr(rsp->rda, cpu);
- t = kthread_run(rcu_nocb_kthread, rdp, "rcuo%d", cpu);
+@@ -2274,7 +2274,7 @@ static void __init rcu_spawn_nocb_kthreads(struct rcu_state *rsp)
+ t = kthread_run(rcu_nocb_kthread, rdp,
+ "rcuo%c/%d", rsp->abbr, cpu);
BUG_ON(IS_ERR(t));
- ACCESS_ONCE(rdp->nocb_kthread) = t;
+ ACCESS_ONCE_RW(rdp->nocb_kthread) = t;
@@ -79597,10 +81683,10 @@ index c1cc7e1..f62e436 100644
}
diff --git a/kernel/rcutree_trace.c b/kernel/rcutree_trace.c
-index 93f8e8f..cf812ae 100644
+index cf6c174..a8f4b50 100644
--- a/kernel/rcutree_trace.c
+++ b/kernel/rcutree_trace.c
-@@ -123,7 +123,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp)
+@@ -121,7 +121,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp)
ulong2long(rdp->completed), ulong2long(rdp->gpnum),
rdp->passed_quiesce, rdp->qs_pending);
seq_printf(m, " dt=%d/%llx/%d df=%lu",
@@ -79609,7 +81695,7 @@ index 93f8e8f..cf812ae 100644
rdp->dynticks->dynticks_nesting,
rdp->dynticks->dynticks_nmi_nesting,
rdp->dynticks_fqs);
-@@ -184,17 +184,17 @@ static int show_rcuexp(struct seq_file *m, void *v)
+@@ -182,17 +182,17 @@ static int show_rcuexp(struct seq_file *m, void *v)
struct rcu_state *rsp = (struct rcu_state *)m->private;
seq_printf(m, "s=%lu d=%lu w=%lu tf=%lu wd1=%lu wd2=%lu n=%lu sc=%lu dt=%lu dl=%lu dx=%lu\n",
@@ -79638,10 +81724,10 @@ index 93f8e8f..cf812ae 100644
}
diff --git a/kernel/resource.c b/kernel/resource.c
-index 73f35d4..4684fc4 100644
+index d738698..5f8e60a 100644
--- a/kernel/resource.c
+++ b/kernel/resource.c
-@@ -143,8 +143,18 @@ static const struct file_operations proc_iomem_operations = {
+@@ -152,8 +152,18 @@ static const struct file_operations proc_iomem_operations = {
static int __init ioresources_init(void)
{
@@ -79661,10 +81747,10 @@ index 73f35d4..4684fc4 100644
}
__initcall(ioresources_init);
diff --git a/kernel/rtmutex-tester.c b/kernel/rtmutex-tester.c
-index 7890b10..8b68605f 100644
+index 1d96dd0..994ff19 100644
--- a/kernel/rtmutex-tester.c
+++ b/kernel/rtmutex-tester.c
-@@ -21,7 +21,7 @@
+@@ -22,7 +22,7 @@
#define MAX_RT_TEST_MUTEXES 8
static spinlock_t rttest_lock;
@@ -79673,7 +81759,7 @@ index 7890b10..8b68605f 100644
struct test_thread_data {
int opcode;
-@@ -62,7 +62,7 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
+@@ -63,7 +63,7 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
case RTTEST_LOCKCONT:
td->mutexes[td->opdata] = 1;
@@ -79682,7 +81768,7 @@ index 7890b10..8b68605f 100644
return 0;
case RTTEST_RESET:
-@@ -75,7 +75,7 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
+@@ -76,7 +76,7 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
return 0;
case RTTEST_RESETEVENT:
@@ -79691,7 +81777,7 @@ index 7890b10..8b68605f 100644
return 0;
default:
-@@ -92,9 +92,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
+@@ -93,9 +93,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
return ret;
td->mutexes[id] = 1;
@@ -79703,7 +81789,7 @@ index 7890b10..8b68605f 100644
td->mutexes[id] = 4;
return 0;
-@@ -105,9 +105,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
+@@ -106,9 +106,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
return ret;
td->mutexes[id] = 1;
@@ -79715,7 +81801,7 @@ index 7890b10..8b68605f 100644
td->mutexes[id] = ret ? 0 : 4;
return ret ? -EINTR : 0;
-@@ -116,9 +116,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
+@@ -117,9 +117,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup)
if (id < 0 || id >= MAX_RT_TEST_MUTEXES || td->mutexes[id] != 4)
return ret;
@@ -79727,7 +81813,7 @@ index 7890b10..8b68605f 100644
td->mutexes[id] = 0;
return 0;
-@@ -165,7 +165,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex)
+@@ -166,7 +166,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex)
break;
td->mutexes[dat] = 2;
@@ -79736,7 +81822,7 @@ index 7890b10..8b68605f 100644
break;
default:
-@@ -185,7 +185,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex)
+@@ -186,7 +186,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex)
return;
td->mutexes[dat] = 3;
@@ -79745,7 +81831,7 @@ index 7890b10..8b68605f 100644
break;
case RTTEST_LOCKNOWAIT:
-@@ -197,7 +197,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex)
+@@ -198,7 +198,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex)
return;
td->mutexes[dat] = 1;
@@ -79777,10 +81863,10 @@ index 64de5f8..7735e12 100644
#ifdef CONFIG_RT_GROUP_SCHED
/*
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
-index 67d0465..4cf9361 100644
+index e8b3350..d83d44e 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
-@@ -3406,7 +3406,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible);
+@@ -3440,7 +3440,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible);
* The return value is -ERESTARTSYS if interrupted, 0 if timed out,
* positive (at least 1, or number of jiffies left till timeout) if completed.
*/
@@ -79789,7 +81875,7 @@ index 67d0465..4cf9361 100644
wait_for_completion_interruptible_timeout(struct completion *x,
unsigned long timeout)
{
-@@ -3423,7 +3423,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible_timeout);
+@@ -3457,7 +3457,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible_timeout);
*
* The return value is -ERESTARTSYS if interrupted, 0 if completed.
*/
@@ -79798,7 +81884,7 @@ index 67d0465..4cf9361 100644
{
long t = wait_for_common(x, MAX_SCHEDULE_TIMEOUT, TASK_KILLABLE);
if (t == -ERESTARTSYS)
-@@ -3444,7 +3444,7 @@ EXPORT_SYMBOL(wait_for_completion_killable);
+@@ -3478,7 +3478,7 @@ EXPORT_SYMBOL(wait_for_completion_killable);
* The return value is -ERESTARTSYS if interrupted, 0 if timed out,
* positive (at least 1, or number of jiffies left till timeout) if completed.
*/
@@ -79807,7 +81893,7 @@ index 67d0465..4cf9361 100644
wait_for_completion_killable_timeout(struct completion *x,
unsigned long timeout)
{
-@@ -3670,6 +3670,8 @@ int can_nice(const struct task_struct *p, const int nice)
+@@ -3704,6 +3704,8 @@ int can_nice(const struct task_struct *p, const int nice)
/* convert nice value [19,-20] to rlimit style value [1,40] */
int nice_rlim = 20 - nice;
@@ -79816,7 +81902,7 @@ index 67d0465..4cf9361 100644
return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) ||
capable(CAP_SYS_NICE));
}
-@@ -3703,7 +3705,8 @@ SYSCALL_DEFINE1(nice, int, increment)
+@@ -3737,7 +3739,8 @@ SYSCALL_DEFINE1(nice, int, increment)
if (nice > 19)
nice = 19;
@@ -79826,7 +81912,7 @@ index 67d0465..4cf9361 100644
return -EPERM;
retval = security_task_setnice(current, nice);
-@@ -3857,6 +3860,7 @@ recheck:
+@@ -3891,6 +3894,7 @@ recheck:
unsigned long rlim_rtprio =
task_rlimit(p, RLIMIT_RTPRIO);
@@ -79834,7 +81920,7 @@ index 67d0465..4cf9361 100644
/* can't set/change the rt policy */
if (policy != p->policy && !rlim_rtprio)
return -EPERM;
-@@ -4954,7 +4958,7 @@ static void migrate_tasks(unsigned int dead_cpu)
+@@ -4988,7 +4992,7 @@ static void migrate_tasks(unsigned int dead_cpu)
#if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL)
@@ -79843,7 +81929,7 @@ index 67d0465..4cf9361 100644
{
.procname = "sched_domain",
.mode = 0555,
-@@ -4971,17 +4975,17 @@ static struct ctl_table sd_ctl_root[] = {
+@@ -5005,17 +5009,17 @@ static struct ctl_table sd_ctl_root[] = {
{}
};
@@ -79865,7 +81951,7 @@ index 67d0465..4cf9361 100644
/*
* In the intermediate directories, both the child directory and
-@@ -4989,22 +4993,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
+@@ -5023,22 +5027,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
* will always be set. In the lowest directory the names are
* static strings and all have proc handlers.
*/
@@ -79897,7 +81983,7 @@ index 67d0465..4cf9361 100644
const char *procname, void *data, int maxlen,
umode_t mode, proc_handler *proc_handler,
bool load_idx)
-@@ -5024,7 +5031,7 @@ set_table_entry(struct ctl_table *entry,
+@@ -5058,7 +5065,7 @@ set_table_entry(struct ctl_table *entry,
static struct ctl_table *
sd_alloc_ctl_domain_table(struct sched_domain *sd)
{
@@ -79906,7 +81992,7 @@ index 67d0465..4cf9361 100644
if (table == NULL)
return NULL;
-@@ -5059,9 +5066,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
+@@ -5093,9 +5100,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
return table;
}
@@ -79918,7 +82004,7 @@ index 67d0465..4cf9361 100644
struct sched_domain *sd;
int domain_num = 0, i;
char buf[32];
-@@ -5088,11 +5095,13 @@ static struct ctl_table_header *sd_sysctl_header;
+@@ -5122,11 +5129,13 @@ static struct ctl_table_header *sd_sysctl_header;
static void register_sched_domain_sysctl(void)
{
int i, cpu_num = num_possible_cpus();
@@ -79933,7 +82019,7 @@ index 67d0465..4cf9361 100644
if (entry == NULL)
return;
-@@ -5115,8 +5124,12 @@ static void unregister_sched_domain_sysctl(void)
+@@ -5149,8 +5158,12 @@ static void unregister_sched_domain_sysctl(void)
if (sd_sysctl_header)
unregister_sysctl_table(sd_sysctl_header);
sd_sysctl_header = NULL;
@@ -79948,7 +82034,7 @@ index 67d0465..4cf9361 100644
}
#else
static void register_sched_domain_sysctl(void)
-@@ -5215,7 +5228,7 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu)
+@@ -5249,7 +5262,7 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu)
* happens before everything else. This has to be lower priority than
* the notifier in the perf_event subsystem, though.
*/
@@ -79958,10 +82044,10 @@ index 67d0465..4cf9361 100644
.priority = CPU_PRI_MIGRATION,
};
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
-index 7a33e59..2f7730c 100644
+index c61a614..d7f3d7e 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
-@@ -830,7 +830,7 @@ void task_numa_fault(int node, int pages, bool migrated)
+@@ -831,7 +831,7 @@ void task_numa_fault(int node, int pages, bool migrated)
static void reset_ptenuma_scan(struct task_struct *p)
{
@@ -79970,7 +82056,7 @@ index 7a33e59..2f7730c 100644
p->mm->numa_scan_offset = 0;
}
-@@ -5654,7 +5654,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
+@@ -5686,7 +5686,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
* run_rebalance_domains is triggered when needed from the scheduler tick.
* Also triggered for nohz idle balancing (with nohz_balancing_kick set).
*/
@@ -79979,11 +82065,24 @@ index 7a33e59..2f7730c 100644
{
int this_cpu = smp_processor_id();
struct rq *this_rq = cpu_rq(this_cpu);
+diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h
+index ce39224d..0e09343 100644
+--- a/kernel/sched/sched.h
++++ b/kernel/sched/sched.h
+@@ -1009,7 +1009,7 @@ struct sched_class {
+ #ifdef CONFIG_FAIR_GROUP_SCHED
+ void (*task_move_group) (struct task_struct *p, int on_rq);
+ #endif
+-};
++} __do_const;
+
+ #define sched_class_highest (&stop_sched_class)
+ #define for_each_class(class) \
diff --git a/kernel/signal.c b/kernel/signal.c
-index 598dc06..471310a 100644
+index 113411b..20d0a99 100644
--- a/kernel/signal.c
+++ b/kernel/signal.c
-@@ -50,12 +50,12 @@ static struct kmem_cache *sigqueue_cachep;
+@@ -51,12 +51,12 @@ static struct kmem_cache *sigqueue_cachep;
int print_fatal_signals __read_mostly;
@@ -79998,7 +82097,7 @@ index 598dc06..471310a 100644
{
/* Is it explicitly or implicitly ignored? */
return handler == SIG_IGN ||
-@@ -64,7 +64,7 @@ static int sig_handler_ignored(void __user *handler, int sig)
+@@ -65,7 +65,7 @@ static int sig_handler_ignored(void __user *handler, int sig)
static int sig_task_ignored(struct task_struct *t, int sig, bool force)
{
@@ -80007,7 +82106,7 @@ index 598dc06..471310a 100644
handler = sig_handler(t, sig);
-@@ -368,6 +368,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi
+@@ -369,6 +369,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi
atomic_inc(&user->sigpending);
rcu_read_unlock();
@@ -80017,7 +82116,7 @@ index 598dc06..471310a 100644
if (override_rlimit ||
atomic_read(&user->sigpending) <=
task_rlimit(t, RLIMIT_SIGPENDING)) {
-@@ -495,7 +498,7 @@ flush_signal_handlers(struct task_struct *t, int force_default)
+@@ -496,7 +499,7 @@ flush_signal_handlers(struct task_struct *t, int force_default)
int unhandled_signal(struct task_struct *tsk, int sig)
{
@@ -80026,7 +82125,7 @@ index 598dc06..471310a 100644
if (is_global_init(tsk))
return 1;
if (handler != SIG_IGN && handler != SIG_DFL)
-@@ -815,6 +818,13 @@ static int check_kill_permission(int sig, struct siginfo *info,
+@@ -816,6 +819,13 @@ static int check_kill_permission(int sig, struct siginfo *info,
}
}
@@ -80040,7 +82139,7 @@ index 598dc06..471310a 100644
return security_task_kill(t, info, sig, 0);
}
-@@ -1197,7 +1207,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
+@@ -1199,7 +1209,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
return send_signal(sig, info, p, 1);
}
@@ -80049,7 +82148,7 @@ index 598dc06..471310a 100644
specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t)
{
return send_signal(sig, info, t, 0);
-@@ -1234,6 +1244,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
+@@ -1236,6 +1246,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
unsigned long int flags;
int ret, blocked, ignored;
struct k_sigaction *action;
@@ -80057,7 +82156,7 @@ index 598dc06..471310a 100644
spin_lock_irqsave(&t->sighand->siglock, flags);
action = &t->sighand->action[sig-1];
-@@ -1248,9 +1259,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
+@@ -1250,9 +1261,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t)
}
if (action->sa.sa_handler == SIG_DFL)
t->signal->flags &= ~SIGNAL_UNKILLABLE;
@@ -80076,7 +82175,7 @@ index 598dc06..471310a 100644
return ret;
}
-@@ -1317,8 +1337,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
+@@ -1319,8 +1339,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p)
ret = check_kill_permission(sig, info, p);
rcu_read_unlock();
@@ -80089,7 +82188,7 @@ index 598dc06..471310a 100644
return ret;
}
-@@ -2923,7 +2946,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
+@@ -2926,7 +2949,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info)
int error = -ESRCH;
rcu_read_lock();
@@ -80106,7 +82205,24 @@ index 598dc06..471310a 100644
if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) {
error = check_kill_permission(sig, info, p);
/*
-@@ -3237,8 +3268,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack,
+@@ -3219,6 +3250,16 @@ int __save_altstack(stack_t __user *uss, unsigned long sp)
+ __put_user(t->sas_ss_size, &uss->ss_size);
+ }
+
++#ifdef CONFIG_X86
++void __save_altstack_ex(stack_t __user *uss, unsigned long sp)
++{
++ struct task_struct *t = current;
++ put_user_ex((void __user *)t->sas_ss_sp, &uss->ss_sp);
++ put_user_ex(sas_ss_flags(sp), &uss->ss_flags);
++ put_user_ex(t->sas_ss_size, &uss->ss_size);
++}
++#endif
++
+ #ifdef CONFIG_COMPAT
+ COMPAT_SYSCALL_DEFINE2(sigaltstack,
+ const compat_stack_t __user *, uss_ptr,
+@@ -3240,8 +3281,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack,
}
seg = get_fs();
set_fs(KERNEL_DS);
@@ -80117,8 +82233,25 @@ index 598dc06..471310a 100644
compat_user_stack_pointer());
set_fs(seg);
if (ret >= 0 && uoss_ptr) {
+@@ -3268,6 +3309,16 @@ int __compat_save_altstack(compat_stack_t __user *uss, unsigned long sp)
+ __put_user(sas_ss_flags(sp), &uss->ss_flags) |
+ __put_user(t->sas_ss_size, &uss->ss_size);
+ }
++
++#ifdef CONFIG_X86
++void __compat_save_altstack_ex(compat_stack_t __user *uss, unsigned long sp)
++{
++ struct task_struct *t = current;
++ put_user_ex(ptr_to_compat((void __user *)t->sas_ss_sp), &uss->ss_sp);
++ put_user_ex(sas_ss_flags(sp), &uss->ss_flags);
++ put_user_ex(t->sas_ss_size, &uss->ss_size);
++}
++#endif
+ #endif
+
+ #ifdef __ARCH_WANT_SYS_SIGPENDING
diff --git a/kernel/smp.c b/kernel/smp.c
-index 8e451f3..8322029 100644
+index 4dba0f7..fe9f773 100644
--- a/kernel/smp.c
+++ b/kernel/smp.c
@@ -73,7 +73,7 @@ hotplug_cfd(struct notifier_block *nfb, unsigned long action, void *hcpu)
@@ -80153,7 +82286,7 @@ index 02fc5c9..e54c335 100644
mutex_unlock(&smpboot_threads_lock);
put_online_cpus();
diff --git a/kernel/softirq.c b/kernel/softirq.c
-index d93dcb1..1cd8a71 100644
+index 3d6833f..da6d93d 100644
--- a/kernel/softirq.c
+++ b/kernel/softirq.c
@@ -53,11 +53,11 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned;
@@ -80179,7 +82312,7 @@ index d93dcb1..1cd8a71 100644
trace_softirq_exit(vec_nr);
if (unlikely(prev_count != preempt_count())) {
printk(KERN_ERR "huh, entered softirq %u %s %p"
-@@ -396,7 +396,7 @@ void __raise_softirq_irqoff(unsigned int nr)
+@@ -405,7 +405,7 @@ void __raise_softirq_irqoff(unsigned int nr)
or_softirq_pending(1UL << nr);
}
@@ -80188,7 +82321,7 @@ index d93dcb1..1cd8a71 100644
{
softirq_vec[nr].action = action;
}
-@@ -452,7 +452,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t)
+@@ -461,7 +461,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t)
EXPORT_SYMBOL(__tasklet_hi_schedule_first);
@@ -80197,7 +82330,7 @@ index d93dcb1..1cd8a71 100644
{
struct tasklet_struct *list;
-@@ -487,7 +487,7 @@ static void tasklet_action(struct softirq_action *a)
+@@ -496,7 +496,7 @@ static void tasklet_action(struct softirq_action *a)
}
}
@@ -80206,7 +82339,7 @@ index d93dcb1..1cd8a71 100644
{
struct tasklet_struct *list;
-@@ -723,7 +723,7 @@ static int __cpuinit remote_softirq_cpu_notify(struct notifier_block *self,
+@@ -730,7 +730,7 @@ static int __cpuinit remote_softirq_cpu_notify(struct notifier_block *self,
return NOTIFY_OK;
}
@@ -80215,7 +82348,7 @@ index d93dcb1..1cd8a71 100644
.notifier_call = remote_softirq_cpu_notify,
};
-@@ -840,11 +840,11 @@ static int __cpuinit cpu_callback(struct notifier_block *nfb,
+@@ -847,11 +847,11 @@ static int __cpuinit cpu_callback(struct notifier_block *nfb,
return NOTIFY_OK;
}
@@ -80246,10 +82379,10 @@ index 01d5ccb..cdcbee6 100644
return idx;
}
diff --git a/kernel/sys.c b/kernel/sys.c
-index e5f0aca..8d58b1f 100644
+index 2bbd9a7..0875671 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
-@@ -158,6 +158,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
+@@ -163,6 +163,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
error = -EACCES;
goto out;
}
@@ -80262,7 +82395,7 @@ index e5f0aca..8d58b1f 100644
no_nice = security_task_setnice(p, niceval);
if (no_nice) {
error = no_nice;
-@@ -621,6 +627,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
+@@ -626,6 +632,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
goto error;
}
@@ -80272,7 +82405,7 @@ index e5f0aca..8d58b1f 100644
if (rgid != (gid_t) -1 ||
(egid != (gid_t) -1 && !gid_eq(kegid, old->gid)))
new->sgid = new->egid;
-@@ -656,6 +665,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
+@@ -661,6 +670,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
old = current_cred();
retval = -EPERM;
@@ -80283,7 +82416,7 @@ index e5f0aca..8d58b1f 100644
if (nsown_capable(CAP_SETGID))
new->gid = new->egid = new->sgid = new->fsgid = kgid;
else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid))
-@@ -673,7 +686,7 @@ error:
+@@ -678,7 +691,7 @@ error:
/*
* change the user struct in a credentials set to match the new UID
*/
@@ -80292,7 +82425,7 @@ index e5f0aca..8d58b1f 100644
{
struct user_struct *new_user;
-@@ -753,6 +766,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
+@@ -758,6 +771,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
goto error;
}
@@ -80302,7 +82435,7 @@ index e5f0aca..8d58b1f 100644
if (!uid_eq(new->uid, old->uid)) {
retval = set_user(new);
if (retval < 0)
-@@ -803,6 +819,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
+@@ -808,6 +824,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
old = current_cred();
retval = -EPERM;
@@ -80315,7 +82448,7 @@ index e5f0aca..8d58b1f 100644
if (nsown_capable(CAP_SETUID)) {
new->suid = new->uid = kuid;
if (!uid_eq(kuid, old->uid)) {
-@@ -872,6 +894,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
+@@ -877,6 +899,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
goto error;
}
@@ -80325,7 +82458,7 @@ index e5f0aca..8d58b1f 100644
if (ruid != (uid_t) -1) {
new->uid = kruid;
if (!uid_eq(kruid, old->uid)) {
-@@ -954,6 +979,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
+@@ -959,6 +984,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
goto error;
}
@@ -80335,7 +82468,7 @@ index e5f0aca..8d58b1f 100644
if (rgid != (gid_t) -1)
new->gid = krgid;
if (egid != (gid_t) -1)
-@@ -1015,12 +1043,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
+@@ -1020,12 +1048,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) ||
nsown_capable(CAP_SETUID)) {
if (!uid_eq(kuid, old->fsuid)) {
@@ -80352,7 +82485,7 @@ index e5f0aca..8d58b1f 100644
abort_creds(new);
return old_fsuid;
-@@ -1053,12 +1085,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
+@@ -1058,12 +1090,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) ||
gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) ||
nsown_capable(CAP_SETGID)) {
@@ -80369,7 +82502,7 @@ index e5f0aca..8d58b1f 100644
abort_creds(new);
return old_fsgid;
-@@ -1366,19 +1402,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
+@@ -1432,19 +1468,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
return -EFAULT;
down_read(&uts_sem);
@@ -80394,7 +82527,7 @@ index e5f0aca..8d58b1f 100644
__OLD_UTS_LEN);
error |= __put_user(0, name->machine + __OLD_UTS_LEN);
up_read(&uts_sem);
-@@ -1580,6 +1616,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource,
+@@ -1646,6 +1682,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource,
*/
new_rlim->rlim_cur = 1;
}
@@ -80409,7 +82542,7 @@ index e5f0aca..8d58b1f 100644
if (!retval) {
if (old_rlim)
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
-index afc1dc6..f6cf355 100644
+index 9edcf45..713c960 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -93,7 +93,6 @@
@@ -80420,7 +82553,7 @@ index afc1dc6..f6cf355 100644
/* External variables not in a header file. */
extern int sysctl_overcommit_memory;
extern int sysctl_overcommit_ratio;
-@@ -120,18 +119,18 @@ extern int blk_iopoll_enabled;
+@@ -119,18 +118,18 @@ extern int blk_iopoll_enabled;
/* Constants used for minimum and maximum */
#ifdef CONFIG_LOCKUP_DETECTOR
@@ -80448,7 +82581,7 @@ index afc1dc6..f6cf355 100644
#endif
/* this is needed for the proc_doulongvec_minmax of vm_dirty_bytes */
-@@ -178,10 +177,8 @@ static int proc_taint(struct ctl_table *table, int write,
+@@ -177,10 +176,8 @@ static int proc_taint(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos);
#endif
@@ -80459,7 +82592,7 @@ index afc1dc6..f6cf355 100644
static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos);
-@@ -212,6 +209,8 @@ static int sysrq_sysctl_handler(ctl_table *table, int write,
+@@ -211,6 +208,8 @@ static int sysrq_sysctl_handler(ctl_table *table, int write,
#endif
@@ -80468,7 +82601,7 @@ index afc1dc6..f6cf355 100644
static struct ctl_table kern_table[];
static struct ctl_table vm_table[];
static struct ctl_table fs_table[];
-@@ -226,6 +225,20 @@ extern struct ctl_table epoll_table[];
+@@ -225,6 +224,20 @@ extern struct ctl_table epoll_table[];
int sysctl_legacy_va_layout;
#endif
@@ -80489,7 +82622,7 @@ index afc1dc6..f6cf355 100644
/* The default sysctl tables: */
static struct ctl_table sysctl_base_table[] = {
-@@ -274,6 +287,22 @@ static int max_extfrag_threshold = 1000;
+@@ -273,6 +286,22 @@ static int max_extfrag_threshold = 1000;
#endif
static struct ctl_table kern_table[] = {
@@ -80512,7 +82645,7 @@ index afc1dc6..f6cf355 100644
{
.procname = "sched_child_runs_first",
.data = &sysctl_sched_child_runs_first,
-@@ -608,7 +637,7 @@ static struct ctl_table kern_table[] = {
+@@ -607,7 +636,7 @@ static struct ctl_table kern_table[] = {
.data = &modprobe_path,
.maxlen = KMOD_PATH_LEN,
.mode = 0644,
@@ -80521,7 +82654,7 @@ index afc1dc6..f6cf355 100644
},
{
.procname = "modules_disabled",
-@@ -775,16 +804,20 @@ static struct ctl_table kern_table[] = {
+@@ -774,16 +803,20 @@ static struct ctl_table kern_table[] = {
.extra1 = &zero,
.extra2 = &one,
},
@@ -80543,7 +82676,7 @@ index afc1dc6..f6cf355 100644
{
.procname = "ngroups_max",
.data = &ngroups_max,
-@@ -1026,10 +1059,17 @@ static struct ctl_table kern_table[] = {
+@@ -1025,10 +1058,17 @@ static struct ctl_table kern_table[] = {
*/
{
.procname = "perf_event_paranoid",
@@ -80564,7 +82697,7 @@ index afc1dc6..f6cf355 100644
},
{
.procname = "perf_event_mlock_kb",
-@@ -1283,6 +1323,13 @@ static struct ctl_table vm_table[] = {
+@@ -1282,6 +1322,13 @@ static struct ctl_table vm_table[] = {
.proc_handler = proc_dointvec_minmax,
.extra1 = &zero,
},
@@ -80578,7 +82711,7 @@ index afc1dc6..f6cf355 100644
#else
{
.procname = "nr_trim_pages",
-@@ -1733,6 +1780,16 @@ int proc_dostring(struct ctl_table *table, int write,
+@@ -1746,6 +1793,16 @@ int proc_dostring(struct ctl_table *table, int write,
buffer, lenp, ppos);
}
@@ -80595,7 +82728,7 @@ index afc1dc6..f6cf355 100644
static size_t proc_skip_spaces(char **buf)
{
size_t ret;
-@@ -1838,6 +1895,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
+@@ -1851,6 +1908,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val,
len = strlen(tmp);
if (len > *size)
len = *size;
@@ -80604,7 +82737,7 @@ index afc1dc6..f6cf355 100644
if (copy_to_user(*buf, tmp, len))
return -EFAULT;
*size -= len;
-@@ -2002,7 +2061,7 @@ int proc_dointvec(struct ctl_table *table, int write,
+@@ -2015,7 +2074,7 @@ int proc_dointvec(struct ctl_table *table, int write,
static int proc_taint(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
@@ -80613,7 +82746,7 @@ index afc1dc6..f6cf355 100644
unsigned long tmptaint = get_taint();
int err;
-@@ -2030,7 +2089,6 @@ static int proc_taint(struct ctl_table *table, int write,
+@@ -2043,7 +2102,6 @@ static int proc_taint(struct ctl_table *table, int write,
return err;
}
@@ -80621,7 +82754,7 @@ index afc1dc6..f6cf355 100644
static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
-@@ -2039,7 +2097,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
+@@ -2052,7 +2110,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write,
return proc_dointvec_minmax(table, write, buffer, lenp, ppos);
}
@@ -80629,7 +82762,7 @@ index afc1dc6..f6cf355 100644
struct do_proc_dointvec_minmax_conv_param {
int *min;
-@@ -2186,8 +2243,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
+@@ -2199,8 +2256,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
*i = val;
} else {
val = convdiv * (*i) / convmul;
@@ -80642,7 +82775,7 @@ index afc1dc6..f6cf355 100644
err = proc_put_long(&buffer, &left, val, false);
if (err)
break;
-@@ -2579,6 +2639,12 @@ int proc_dostring(struct ctl_table *table, int write,
+@@ -2592,6 +2652,12 @@ int proc_dostring(struct ctl_table *table, int write,
return -ENOSYS;
}
@@ -80655,7 +82788,7 @@ index afc1dc6..f6cf355 100644
int proc_dointvec(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
-@@ -2635,5 +2701,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
+@@ -2648,5 +2714,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax);
EXPORT_SYMBOL(proc_dointvec_userhz_jiffies);
EXPORT_SYMBOL(proc_dointvec_ms_jiffies);
EXPORT_SYMBOL(proc_dostring);
@@ -80690,10 +82823,10 @@ index 145bb4d..b2aa969 100644
return cmd_attr_register_cpumask(info);
else if (info->attrs[TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK])
diff --git a/kernel/time.c b/kernel/time.c
-index f8342a4..288f13b 100644
+index d3617db..c98bbe9 100644
--- a/kernel/time.c
+++ b/kernel/time.c
-@@ -171,6 +171,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz)
+@@ -172,6 +172,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz)
return error;
if (tz) {
@@ -80705,7 +82838,7 @@ index f8342a4..288f13b 100644
sys_tz = *tz;
update_vsyscall_tz();
if (firsttime) {
-@@ -501,7 +506,7 @@ EXPORT_SYMBOL(usecs_to_jiffies);
+@@ -502,7 +507,7 @@ EXPORT_SYMBOL(usecs_to_jiffies);
* The >> (NSEC_JIFFIE_SC - SEC_JIFFIE_SC) converts the scaled nsec
* value to a scaled second value.
*/
@@ -80727,21 +82860,8 @@ index f11d83b..d016d91 100644
.clock_getres = alarm_clock_getres,
.clock_get = alarm_clock_get,
.timer_create = alarm_timer_create,
-diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c
-index 90ad470..1814e9a 100644
---- a/kernel/time/tick-broadcast.c
-+++ b/kernel/time/tick-broadcast.c
-@@ -138,7 +138,7 @@ int tick_device_uses_broadcast(struct clock_event_device *dev, int cpu)
- * then clear the broadcast bit.
- */
- if (!(dev->features & CLOCK_EVT_FEAT_C3STOP)) {
-- int cpu = smp_processor_id();
-+ cpu = smp_processor_id();
- cpumask_clear_cpu(cpu, tick_get_broadcast_mask());
- tick_broadcast_clear_oneshot(cpu);
- } else {
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
-index 183df62..59b1442 100644
+index baeeb5c..c22704a 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -15,6 +15,7 @@
@@ -80752,20 +82872,20 @@ index 183df62..59b1442 100644
#include <linux/syscore_ops.h>
#include <linux/clocksource.h>
#include <linux/jiffies.h>
-@@ -448,6 +449,8 @@ int do_settimeofday(const struct timespec *tv)
+@@ -495,6 +496,8 @@ int do_settimeofday(const struct timespec *tv)
if (!timespec_valid_strict(tv))
return -EINVAL;
+ gr_log_timechange();
+
- write_seqlock_irqsave(&tk->lock, flags);
+ raw_spin_lock_irqsave(&timekeeper_lock, flags);
+ write_seqcount_begin(&timekeeper_seq);
- timekeeping_forward_now(tk);
diff --git a/kernel/time/timer_list.c b/kernel/time/timer_list.c
-index af5a7e9..715611a 100644
+index 3bdf283..cc68d83 100644
--- a/kernel/time/timer_list.c
+++ b/kernel/time/timer_list.c
-@@ -38,12 +38,16 @@ DECLARE_PER_CPU(struct hrtimer_cpu_base, hrtimer_bases);
+@@ -45,12 +45,16 @@ DECLARE_PER_CPU(struct hrtimer_cpu_base, hrtimer_bases);
static void print_name_offset(struct seq_file *m, void *sym)
{
@@ -80782,7 +82902,7 @@ index af5a7e9..715611a 100644
}
static void
-@@ -112,7 +116,11 @@ next_one:
+@@ -119,7 +123,11 @@ next_one:
static void
print_base(struct seq_file *m, struct hrtimer_clock_base *base, u64 now)
{
@@ -80794,7 +82914,7 @@ index af5a7e9..715611a 100644
SEQ_printf(m, " .index: %d\n",
base->index);
SEQ_printf(m, " .resolution: %Lu nsecs\n",
-@@ -293,7 +301,11 @@ static int __init init_timer_list_procfs(void)
+@@ -355,7 +363,11 @@ static int __init init_timer_list_procfs(void)
{
struct proc_dir_entry *pe;
@@ -80880,10 +83000,10 @@ index 0b537f2..40d6c20 100644
return -ENOMEM;
return 0;
diff --git a/kernel/timer.c b/kernel/timer.c
-index 3361cff..0751080 100644
+index 15bc1b4..32da49c 100644
--- a/kernel/timer.c
+++ b/kernel/timer.c
-@@ -1365,7 +1365,7 @@ void update_process_times(int user_tick)
+@@ -1366,7 +1366,7 @@ void update_process_times(int user_tick)
/*
* This function runs timers and the timer-tq in bottom half context.
*/
@@ -80892,7 +83012,7 @@ index 3361cff..0751080 100644
{
struct tvec_base *base = __this_cpu_read(tvec_bases);
-@@ -1483,7 +1483,7 @@ static void process_timeout(unsigned long __data)
+@@ -1429,7 +1429,7 @@ static void process_timeout(unsigned long __data)
*
* In all cases the return value is guaranteed to be non-negative.
*/
@@ -80901,7 +83021,7 @@ index 3361cff..0751080 100644
{
struct timer_list timer;
unsigned long expire;
-@@ -1774,7 +1774,7 @@ static int __cpuinit timer_cpu_notify(struct notifier_block *self,
+@@ -1635,7 +1635,7 @@ static int __cpuinit timer_cpu_notify(struct notifier_block *self,
return NOTIFY_OK;
}
@@ -80911,7 +83031,7 @@ index 3361cff..0751080 100644
};
diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c
-index 5a0f781..1497f95 100644
+index b8b8560..75b1a09 100644
--- a/kernel/trace/blktrace.c
+++ b/kernel/trace/blktrace.c
@@ -317,7 +317,7 @@ static ssize_t blk_dropped_read(struct file *filp, char __user *buffer,
@@ -80942,10 +83062,10 @@ index 5a0f781..1497f95 100644
ret = -EIO;
bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt,
diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c
-index 0a0e2a6..943495e 100644
+index 6c508ff..ee55a13 100644
--- a/kernel/trace/ftrace.c
+++ b/kernel/trace/ftrace.c
-@@ -1909,12 +1909,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
+@@ -1915,12 +1915,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec)
if (unlikely(ftrace_disabled))
return 0;
@@ -80965,16 +83085,7 @@ index 0a0e2a6..943495e 100644
}
/*
-@@ -2986,7 +2991,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp)
-
- int
- register_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops,
-- void *data)
-+ void *data)
- {
- struct ftrace_func_probe *entry;
- struct ftrace_page *pg;
-@@ -3854,8 +3859,10 @@ static int ftrace_process_locs(struct module *mod,
+@@ -3931,8 +3936,10 @@ static int ftrace_process_locs(struct module *mod,
if (!count)
return 0;
@@ -80985,7 +83096,7 @@ index 0a0e2a6..943495e 100644
start_pg = ftrace_allocate_pages(count);
if (!start_pg)
-@@ -4574,8 +4581,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write,
+@@ -4655,8 +4662,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write,
#ifdef CONFIG_FUNCTION_GRAPH_TRACER
static int ftrace_graph_active;
@@ -80994,7 +83105,7 @@ index 0a0e2a6..943495e 100644
int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace)
{
return 0;
-@@ -4719,6 +4724,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state,
+@@ -4800,6 +4805,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state,
return NOTIFY_DONE;
}
@@ -81005,7 +83116,7 @@ index 0a0e2a6..943495e 100644
int register_ftrace_graph(trace_func_graph_ret_t retfunc,
trace_func_graph_ent_t entryfunc)
{
-@@ -4732,7 +4741,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc,
+@@ -4813,7 +4822,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc,
goto out;
}
@@ -81014,10 +83125,10 @@ index 0a0e2a6..943495e 100644
ftrace_graph_active++;
diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c
-index 6989df2..c2265cf 100644
+index e444ff8..438b8f4 100644
--- a/kernel/trace/ring_buffer.c
+++ b/kernel/trace/ring_buffer.c
-@@ -349,9 +349,9 @@ struct buffer_data_page {
+@@ -352,9 +352,9 @@ struct buffer_data_page {
*/
struct buffer_page {
struct list_head list; /* list of buffer pages */
@@ -81029,7 +83140,7 @@ index 6989df2..c2265cf 100644
unsigned long real_end; /* real end of data */
struct buffer_data_page *page; /* Actual data page */
};
-@@ -464,8 +464,8 @@ struct ring_buffer_per_cpu {
+@@ -473,8 +473,8 @@ struct ring_buffer_per_cpu {
unsigned long last_overrun;
local_t entries_bytes;
local_t entries;
@@ -81040,7 +83151,7 @@ index 6989df2..c2265cf 100644
local_t dropped_events;
local_t committing;
local_t commits;
-@@ -864,8 +864,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -992,8 +992,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
*
* We add a counter to the write field to denote this.
*/
@@ -81051,7 +83162,7 @@ index 6989df2..c2265cf 100644
/*
* Just make sure we have seen our old_write and synchronize
-@@ -893,8 +893,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -1021,8 +1021,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer,
* cmpxchg to only update if an interrupt did not already
* do it for us. If the cmpxchg fails, we don't care.
*/
@@ -81062,7 +83173,7 @@ index 6989df2..c2265cf 100644
/*
* No need to worry about races with clearing out the commit.
-@@ -1253,12 +1253,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
+@@ -1386,12 +1386,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer);
static inline unsigned long rb_page_entries(struct buffer_page *bpage)
{
@@ -81077,7 +83188,7 @@ index 6989df2..c2265cf 100644
}
static int
-@@ -1353,7 +1353,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
+@@ -1486,7 +1486,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages)
* bytes consumed in ring buffer from here.
* Increment overrun to account for the lost events.
*/
@@ -81086,7 +83197,7 @@ index 6989df2..c2265cf 100644
local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
}
-@@ -1909,7 +1909,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2063,7 +2063,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer,
* it is our responsibility to update
* the counters.
*/
@@ -81095,7 +83206,7 @@ index 6989df2..c2265cf 100644
local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes);
/*
-@@ -2059,7 +2059,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2213,7 +2213,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
if (tail == BUF_PAGE_SIZE)
tail_page->real_end = 0;
@@ -81104,7 +83215,7 @@ index 6989df2..c2265cf 100644
return;
}
-@@ -2094,7 +2094,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2248,7 +2248,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
rb_event_set_padding(event);
/* Set the write back to the previous setting */
@@ -81113,7 +83224,7 @@ index 6989df2..c2265cf 100644
return;
}
-@@ -2106,7 +2106,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2260,7 +2260,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer,
/* Set write to end of buffer */
length = (tail + length) - BUF_PAGE_SIZE;
@@ -81122,7 +83233,7 @@ index 6989df2..c2265cf 100644
}
/*
-@@ -2132,7 +2132,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2286,7 +2286,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
* about it.
*/
if (unlikely(next_page == commit_page)) {
@@ -81131,7 +83242,7 @@ index 6989df2..c2265cf 100644
goto out_reset;
}
-@@ -2188,7 +2188,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2342,7 +2342,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer,
cpu_buffer->tail_page) &&
(cpu_buffer->commit_page ==
cpu_buffer->reader_page))) {
@@ -81140,7 +83251,7 @@ index 6989df2..c2265cf 100644
goto out_reset;
}
}
-@@ -2236,7 +2236,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2390,7 +2390,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
length += RB_LEN_TIME_EXTEND;
tail_page = cpu_buffer->tail_page;
@@ -81149,7 +83260,7 @@ index 6989df2..c2265cf 100644
/* set write to only the index of the write */
write &= RB_WRITE_MASK;
-@@ -2253,7 +2253,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2407,7 +2407,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer,
kmemcheck_annotate_bitfield(event, bitfield);
rb_update_event(cpu_buffer, event, length, add_timestamp, delta);
@@ -81158,7 +83269,7 @@ index 6989df2..c2265cf 100644
/*
* If this is the first commit on the page, then update
-@@ -2286,7 +2286,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2440,7 +2440,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) {
unsigned long write_mask =
@@ -81167,7 +83278,7 @@ index 6989df2..c2265cf 100644
unsigned long event_length = rb_event_length(event);
/*
* This is on the tail page. It is possible that
-@@ -2296,7 +2296,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2450,7 +2450,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer,
*/
old_index += write_mask;
new_index += write_mask;
@@ -81176,7 +83287,7 @@ index 6989df2..c2265cf 100644
if (index == old_index) {
/* update counters */
local_sub(event_length, &cpu_buffer->entries_bytes);
-@@ -2670,7 +2670,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2842,7 +2842,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
/* Do the likely case first */
if (likely(bpage->page == (void *)addr)) {
@@ -81185,7 +83296,7 @@ index 6989df2..c2265cf 100644
return;
}
-@@ -2682,7 +2682,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
+@@ -2854,7 +2854,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer,
start = bpage;
do {
if (bpage->page == (void *)addr) {
@@ -81194,7 +83305,7 @@ index 6989df2..c2265cf 100644
return;
}
rb_inc_page(cpu_buffer, &bpage);
-@@ -2964,7 +2964,7 @@ static inline unsigned long
+@@ -3138,7 +3138,7 @@ static inline unsigned long
rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer)
{
return local_read(&cpu_buffer->entries) -
@@ -81203,7 +83314,7 @@ index 6989df2..c2265cf 100644
}
/**
-@@ -3053,7 +3053,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
+@@ -3227,7 +3227,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu)
return 0;
cpu_buffer = buffer->buffers[cpu];
@@ -81212,7 +83323,7 @@ index 6989df2..c2265cf 100644
return ret;
}
-@@ -3076,7 +3076,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
+@@ -3250,7 +3250,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu)
return 0;
cpu_buffer = buffer->buffers[cpu];
@@ -81221,7 +83332,7 @@ index 6989df2..c2265cf 100644
return ret;
}
-@@ -3161,7 +3161,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
+@@ -3335,7 +3335,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer)
/* if you care about this being correct, lock the buffer */
for_each_buffer_cpu(buffer, cpu) {
cpu_buffer = buffer->buffers[cpu];
@@ -81230,7 +83341,7 @@ index 6989df2..c2265cf 100644
}
return overruns;
-@@ -3337,8 +3337,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3511,8 +3511,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
/*
* Reset the reader page to size zero.
*/
@@ -81241,7 +83352,7 @@ index 6989df2..c2265cf 100644
local_set(&cpu_buffer->reader_page->page->commit, 0);
cpu_buffer->reader_page->real_end = 0;
-@@ -3372,7 +3372,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -3546,7 +3546,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer)
* want to compare with the last_overrun.
*/
smp_mb();
@@ -81250,7 +83361,7 @@ index 6989df2..c2265cf 100644
/*
* Here's the tricky part.
-@@ -3942,8 +3942,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -4116,8 +4116,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
cpu_buffer->head_page
= list_entry(cpu_buffer->pages, struct buffer_page, list);
@@ -81261,7 +83372,7 @@ index 6989df2..c2265cf 100644
local_set(&cpu_buffer->head_page->page->commit, 0);
cpu_buffer->head_page->read = 0;
-@@ -3953,14 +3953,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
+@@ -4127,14 +4127,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer)
INIT_LIST_HEAD(&cpu_buffer->reader_page->list);
INIT_LIST_HEAD(&cpu_buffer->new_pages);
@@ -81280,7 +83391,7 @@ index 6989df2..c2265cf 100644
local_set(&cpu_buffer->dropped_events, 0);
local_set(&cpu_buffer->entries, 0);
local_set(&cpu_buffer->committing, 0);
-@@ -4364,8 +4364,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
+@@ -4538,8 +4538,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer,
rb_init_page(bpage);
bpage = reader->page;
reader->page = *data_page;
@@ -81292,77 +83403,36 @@ index 6989df2..c2265cf 100644
*data_page = bpage;
diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c
-index 3f28192..9afb0a9 100644
+index 06a5bce..53ad6e7 100644
--- a/kernel/trace/trace.c
+++ b/kernel/trace/trace.c
-@@ -683,7 +683,15 @@ __update_max_tr(struct trace_array *tr, struct task_struct *tsk, int cpu)
-
- memcpy(max_data->comm, tsk->comm, TASK_COMM_LEN);
- max_data->pid = tsk->pid;
-- max_data->uid = task_uid(tsk);
-+ /*
-+ * If tsk == current, then use current_uid(), as that does not use
-+ * RCU. The irq tracer can be called out of RCU scope.
-+ */
-+ if (tsk == current)
-+ max_data->uid = current_uid();
-+ else
-+ max_data->uid = task_uid(tsk);
-+
- max_data->nice = tsk->static_prio - 20 - MAX_RT_PRIO;
- max_data->policy = tsk->policy;
- max_data->rt_priority = tsk->rt_priority;
-@@ -2893,7 +2901,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
+@@ -3347,7 +3347,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set)
return 0;
}
--int set_tracer_flag(unsigned int mask, int enabled)
-+int set_tracer_flag(unsigned long mask, int enabled)
+-int set_tracer_flag(struct trace_array *tr, unsigned int mask, int enabled)
++int set_tracer_flag(struct trace_array *tr, unsigned long mask, int enabled)
{
/* do nothing if flag is already set */
if (!!(trace_flags & mask) == !!enabled)
-@@ -4637,10 +4645,9 @@ static const struct file_operations tracing_dyn_info_fops = {
- };
- #endif
-
--static struct dentry *d_tracer;
--
- struct dentry *tracing_init_dentry(void)
- {
-+ static struct dentry *d_tracer;
- static int once;
-
- if (d_tracer)
-@@ -4660,10 +4667,9 @@ struct dentry *tracing_init_dentry(void)
- return d_tracer;
- }
-
--static struct dentry *d_percpu;
--
- static struct dentry *tracing_dentry_percpu(void)
- {
-+ static struct dentry *d_percpu;
- static int once;
- struct dentry *d_tracer;
-
diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h
-index 2081971..09f861e 100644
+index 51b4448..7be601f 100644
--- a/kernel/trace/trace.h
+++ b/kernel/trace/trace.h
-@@ -948,7 +948,7 @@ extern const char *__stop___trace_bprintk_fmt[];
+@@ -1035,7 +1035,7 @@ extern const char *__stop___trace_bprintk_fmt[];
void trace_printk_init_buffers(void);
void trace_printk_start_comm(void);
int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set);
--int set_tracer_flag(unsigned int mask, int enabled);
-+int set_tracer_flag(unsigned long mask, int enabled);
+-int set_tracer_flag(struct trace_array *tr, unsigned int mask, int enabled);
++int set_tracer_flag(struct trace_array *tr, unsigned long mask, int enabled);
- #undef FTRACE_ENTRY
- #define FTRACE_ENTRY(call, struct_name, id, tstruct, print, filter) \
+ /*
+ * Normal trace_printk() and friends allocates special buffers
diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c
-index 57e9b28..eebe41c 100644
+index 6953263..2004e16 100644
--- a/kernel/trace/trace_events.c
+++ b/kernel/trace/trace_events.c
-@@ -1329,10 +1329,6 @@ static LIST_HEAD(ftrace_module_file_list);
+@@ -1748,10 +1748,6 @@ static LIST_HEAD(ftrace_module_file_list);
struct ftrace_module_file_ops {
struct list_head list;
struct module *mod;
@@ -81373,7 +83443,7 @@ index 57e9b28..eebe41c 100644
};
static struct ftrace_module_file_ops *
-@@ -1353,17 +1349,12 @@ trace_create_file_ops(struct module *mod)
+@@ -1792,17 +1788,12 @@ trace_create_file_ops(struct module *mod)
file_ops->mod = mod;
@@ -81397,19 +83467,19 @@ index 57e9b28..eebe41c 100644
list_add(&file_ops->list, &ftrace_module_file_list);
-@@ -1387,8 +1378,8 @@ static void trace_module_add_events(struct module *mod)
-
- for_each_event(call, start, end) {
- __trace_add_event_call(*call, mod,
-- &file_ops->id, &file_ops->enable,
-- &file_ops->filter, &file_ops->format);
-+ &mod->trace_id, &mod->trace_enable,
-+ &mod->trace_filter, &mod->trace_format);
- }
+@@ -1895,8 +1886,8 @@ __trace_add_new_mod_event(struct ftrace_event_call *call,
+ struct ftrace_module_file_ops *file_ops)
+ {
+ return __trace_add_new_event(call, tr,
+- &file_ops->id, &file_ops->enable,
+- &file_ops->filter, &file_ops->format);
++ &file_ops->mod->trace_id, &file_ops->mod->trace_enable,
++ &file_ops->mod->trace_filter, &file_ops->mod->trace_format);
}
+ #else
diff --git a/kernel/trace/trace_mmiotrace.c b/kernel/trace/trace_mmiotrace.c
-index fd3c8aa..5f324a6 100644
+index a5e8f48..a9690d2 100644
--- a/kernel/trace/trace_mmiotrace.c
+++ b/kernel/trace/trace_mmiotrace.c
@@ -24,7 +24,7 @@ struct header_iter {
@@ -81427,7 +83497,7 @@ index fd3c8aa..5f324a6 100644
{
- unsigned long cnt = atomic_xchg(&dropped_count, 0);
+ unsigned long cnt = atomic_xchg_unchecked(&dropped_count, 0);
- unsigned long over = ring_buffer_overruns(iter->tr->buffer);
+ unsigned long over = ring_buffer_overruns(iter->trace_buffer->buffer);
if (over > prev_overruns)
@@ -317,7 +317,7 @@ static void __trace_mmiotrace_rw(struct trace_array *tr,
@@ -81449,10 +83519,10 @@ index fd3c8aa..5f324a6 100644
}
entry = ring_buffer_event_data(event);
diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c
-index 697e88d..1a79993 100644
+index bb922d9..2a54a257 100644
--- a/kernel/trace/trace_output.c
+++ b/kernel/trace/trace_output.c
-@@ -278,7 +278,7 @@ int trace_seq_path(struct trace_seq *s, const struct path *path)
+@@ -294,7 +294,7 @@ int trace_seq_path(struct trace_seq *s, const struct path *path)
p = d_path(path, s->buffer + s->len, PAGE_SIZE - s->len);
if (!IS_ERR(p)) {
@@ -81461,7 +83531,7 @@ index 697e88d..1a79993 100644
if (p) {
s->len = p - s->buffer;
return 1;
-@@ -851,14 +851,16 @@ int register_ftrace_event(struct trace_event *event)
+@@ -893,14 +893,16 @@ int register_ftrace_event(struct trace_event *event)
goto out;
}
@@ -81496,10 +83566,32 @@ index b20428c..4845a10 100644
local_irq_save(flags);
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
-index e134d8f..a018cdd 100644
+index 9064b91..1f5d2f8 100644
--- a/kernel/user_namespace.c
+++ b/kernel/user_namespace.c
-@@ -853,7 +853,7 @@ static int userns_install(struct nsproxy *nsproxy, void *ns)
+@@ -82,6 +82,21 @@ int create_user_ns(struct cred *new)
+ !kgid_has_mapping(parent_ns, group))
+ return -EPERM;
+
++#ifdef CONFIG_GRKERNSEC
++ /*
++ * This doesn't really inspire confidence:
++ * http://marc.info/?l=linux-kernel&m=135543612731939&w=2
++ * http://marc.info/?l=linux-kernel&m=135545831607095&w=2
++ * Increases kernel attack surface in areas developers
++ * previously cared little about ("low importance due
++ * to requiring "root" capability")
++ * To be removed when this code receives *proper* review
++ */
++ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) ||
++ !capable(CAP_SETGID))
++ return -EPERM;
++#endif
++
+ ns = kmem_cache_zalloc(user_ns_cachep, GFP_KERNEL);
+ if (!ns)
+ return -ENOMEM;
+@@ -862,7 +877,7 @@ static int userns_install(struct nsproxy *nsproxy, void *ns)
if (atomic_read(&current->mm->mm_users) > 1)
return -EINVAL;
@@ -81522,10 +83614,10 @@ index 4f69f9a..7c6f8f8 100644
memcpy(&uts_table, table, sizeof(uts_table));
uts_table.data = get_uts(table, write);
diff --git a/kernel/watchdog.c b/kernel/watchdog.c
-index 4a94467..80a6f9c 100644
+index 05039e3..17490c7 100644
--- a/kernel/watchdog.c
+++ b/kernel/watchdog.c
-@@ -526,7 +526,7 @@ int proc_dowatchdog(struct ctl_table *table, int write,
+@@ -531,7 +531,7 @@ int proc_dowatchdog(struct ctl_table *table, int write,
}
#endif /* CONFIG_SYSCTL */
@@ -81534,8 +83626,21 @@ index 4a94467..80a6f9c 100644
.store = &softlockup_watchdog,
.thread_should_run = watchdog_should_run,
.thread_fn = watchdog,
+diff --git a/kernel/workqueue.c b/kernel/workqueue.c
+index 6f01921..139869b 100644
+--- a/kernel/workqueue.c
++++ b/kernel/workqueue.c
+@@ -4596,7 +4596,7 @@ static void rebind_workers(struct worker_pool *pool)
+ WARN_ON_ONCE(!(worker_flags & WORKER_UNBOUND));
+ worker_flags |= WORKER_REBOUND;
+ worker_flags &= ~WORKER_UNBOUND;
+- ACCESS_ONCE(worker->flags) = worker_flags;
++ ACCESS_ONCE_RW(worker->flags) = worker_flags;
+ }
+
+ spin_unlock_irq(&pool->lock);
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
-index 28be08c..47bab92 100644
+index 74fdc5c..3310593 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -549,7 +549,7 @@ config DEBUG_MUTEXES
@@ -81573,7 +83678,16 @@ index 28be08c..47bab92 100644
select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM_UNWIND
select KALLSYMS
select KALLSYMS_ALL
-@@ -1310,7 +1311,7 @@ config INTERVAL_TREE_TEST
+@@ -1298,7 +1299,7 @@ config ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS
+ config DEBUG_STRICT_USER_COPY_CHECKS
+ bool "Strict user copy size checks"
+ depends on ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS
+- depends on DEBUG_KERNEL && !TRACE_BRANCH_PROFILING
++ depends on DEBUG_KERNEL && !TRACE_BRANCH_PROFILING && !PAX_SIZE_OVERFLOW
+ help
+ Enabling this option turns a certain set of sanity checks for user
+ copy operations into compile time failures.
+@@ -1328,7 +1329,7 @@ config INTERVAL_TREE_TEST
config PROVIDE_OHCI1394_DMA_INIT
bool "Remote debugging over FireWire early on boot"
@@ -81582,7 +83696,7 @@ index 28be08c..47bab92 100644
help
If you want to debug problems which hang or crash the kernel early
on boot and the crashing machine has a FireWire port, you can use
-@@ -1339,7 +1340,7 @@ config PROVIDE_OHCI1394_DMA_INIT
+@@ -1357,7 +1358,7 @@ config PROVIDE_OHCI1394_DMA_INIT
config FIREWIRE_OHCI_REMOTE_DMA
bool "Remote debugging over FireWire with firewire-ohci"
@@ -81592,10 +83706,10 @@ index 28be08c..47bab92 100644
This option lets you use the FireWire bus for remote debugging
with help of the firewire-ohci driver. It enables unfiltered
diff --git a/lib/Makefile b/lib/Makefile
-index 6e2cc56..9b13738 100644
+index c55a037..fb46e3b 100644
--- a/lib/Makefile
+++ b/lib/Makefile
-@@ -47,7 +47,7 @@ obj-$(CONFIG_GENERIC_HWEIGHT) += hweight.o
+@@ -50,7 +50,7 @@ obj-$(CONFIG_GENERIC_HWEIGHT) += hweight.o
obj-$(CONFIG_BTREE) += btree.o
obj-$(CONFIG_DEBUG_PREEMPT) += smp_processor_id.o
@@ -81786,7 +83900,7 @@ index bd2bea9..6b3c95e 100644
return false;
diff --git a/lib/kobject.c b/lib/kobject.c
-index a654866..d8bb115 100644
+index b7e29a6..2f3ca75 100644
--- a/lib/kobject.c
+++ b/lib/kobject.c
@@ -805,7 +805,7 @@ static struct kset *kset_create(const char *name,
@@ -82038,8 +84152,22 @@ index d23762e..e21eab2 100644
{
phys_addr_t paddr = dma_to_phys(hwdev, dev_addr);
+diff --git a/lib/usercopy.c b/lib/usercopy.c
+index 4f5b1dd..7cab418 100644
+--- a/lib/usercopy.c
++++ b/lib/usercopy.c
+@@ -7,3 +7,9 @@ void copy_from_user_overflow(void)
+ WARN(1, "Buffer overflow detected!\n");
+ }
+ EXPORT_SYMBOL(copy_from_user_overflow);
++
++void copy_to_user_overflow(void)
++{
++ WARN(1, "Buffer overflow detected!\n");
++}
++EXPORT_SYMBOL(copy_to_user_overflow);
diff --git a/lib/vsprintf.c b/lib/vsprintf.c
-index 0d62fd7..b7bc911 100644
+index e149c64..24aa71a 100644
--- a/lib/vsprintf.c
+++ b/lib/vsprintf.c
@@ -16,6 +16,9 @@
@@ -82052,7 +84180,7 @@ index 0d62fd7..b7bc911 100644
#include <stdarg.h>
#include <linux/module.h> /* for KSYM_SYMBOL_LEN */
#include <linux/types.h>
-@@ -974,7 +977,11 @@ char *netdev_feature_string(char *buf, char *end, const u8 *addr,
+@@ -981,7 +984,11 @@ char *netdev_feature_string(char *buf, char *end, const u8 *addr,
return number(buf, end, *(const netdev_features_t *)addr, spec);
}
@@ -82064,16 +84192,15 @@ index 0d62fd7..b7bc911 100644
/*
* Show a '%p' thing. A kernel extension is that the '%p' is followed
-@@ -988,6 +995,8 @@ int kptr_restrict __read_mostly;
+@@ -994,6 +1001,7 @@ int kptr_restrict __read_mostly;
+ * - 'f' For simple symbolic function names without offset
* - 'S' For symbolic direct pointers with offset
* - 's' For symbolic direct pointers without offset
- * - 'B' For backtraced symbolic direct pointers with offset
+ * - 'A' For symbolic direct pointers with offset approved for use with GRKERNSEC_HIDESYM
-+ * - 'a' For symbolic direct pointers without offset approved for use with GRKERNSEC_HIDESYM
+ * - '[FfSs]R' as above with __builtin_extract_return_addr() translation
+ * - 'B' For backtraced symbolic direct pointers with offset
* - 'R' For decoded struct resource, e.g., [mem 0x0-0x1f 64bit pref]
- * - 'r' For raw struct resource, e.g., [mem 0x0-0x1f flags 0x201]
- * - 'M' For a 6-byte MAC address, it prints the address in the
-@@ -1044,12 +1053,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+@@ -1052,12 +1060,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
if (!ptr && *fmt != 'K') {
/*
@@ -82088,20 +84215,20 @@ index 0d62fd7..b7bc911 100644
}
switch (*fmt) {
-@@ -1059,6 +1068,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+@@ -1067,6 +1075,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
/* Fallthrough */
case 'S':
case 's':
+#ifdef CONFIG_GRKERNSEC_HIDESYM
+ break;
+#else
-+ return symbol_string(buf, end, ptr, spec, *fmt);
++ return symbol_string(buf, end, ptr, spec, fmt);
+#endif
+ case 'A':
case 'B':
- return symbol_string(buf, end, ptr, spec, *fmt);
+ return symbol_string(buf, end, ptr, spec, fmt);
case 'R':
-@@ -1099,6 +1114,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+@@ -1107,6 +1121,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
va_end(va);
return buf;
}
@@ -82110,7 +84237,7 @@ index 0d62fd7..b7bc911 100644
case 'K':
/*
* %pK cannot be used in IRQ context because its test
-@@ -1128,6 +1145,21 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
+@@ -1136,6 +1152,21 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr,
return number(buf, end,
(unsigned long long) *((phys_addr_t *)ptr), spec);
}
@@ -82132,7 +84259,7 @@ index 0d62fd7..b7bc911 100644
spec.flags |= SMALL;
if (spec.field_width == -1) {
spec.field_width = default_width;
-@@ -1849,11 +1881,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
+@@ -1857,11 +1888,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
typeof(type) value; \
if (sizeof(type) == 8) { \
args = PTR_ALIGN(args, sizeof(u32)); \
@@ -82147,7 +84274,7 @@ index 0d62fd7..b7bc911 100644
} \
args += sizeof(type); \
value; \
-@@ -1916,7 +1948,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
+@@ -1924,7 +1955,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf)
case FORMAT_TYPE_STR: {
const char *str_arg = args;
args += strlen(str_arg) + 1;
@@ -82164,10 +84291,10 @@ index 0000000..7cd6065
@@ -0,0 +1 @@
+-grsec
diff --git a/mm/Kconfig b/mm/Kconfig
-index 3bea74f..e821c99 100644
+index e742d06..c56fdd8 100644
--- a/mm/Kconfig
+++ b/mm/Kconfig
-@@ -311,10 +311,10 @@ config KSM
+@@ -317,10 +317,10 @@ config KSM
root has set /sys/kernel/mm/ksm/run to 1 (if CONFIG_SYSFS is set).
config DEFAULT_MMAP_MIN_ADDR
@@ -82181,7 +84308,7 @@ index 3bea74f..e821c99 100644
This is the portion of low virtual memory which should be protected
from userspace allocation. Keeping a user from writing to low pages
can help reduce the impact of kernel NULL pointer bugs.
-@@ -345,7 +345,7 @@ config MEMORY_FAILURE
+@@ -351,7 +351,7 @@ config MEMORY_FAILURE
config HWPOISON_INJECT
tristate "HWPoison pages injector"
@@ -82191,10 +84318,10 @@ index 3bea74f..e821c99 100644
config NOMMU_INITIAL_TRIM_EXCESS
diff --git a/mm/backing-dev.c b/mm/backing-dev.c
-index 41733c5..d80d7a9 100644
+index 5025174..9fc1c5c 100644
--- a/mm/backing-dev.c
+++ b/mm/backing-dev.c
-@@ -716,7 +716,6 @@ EXPORT_SYMBOL(bdi_destroy);
+@@ -515,7 +515,6 @@ EXPORT_SYMBOL(bdi_destroy);
int bdi_setup_and_register(struct backing_dev_info *bdi, char *name,
unsigned int cap)
{
@@ -82202,7 +84329,7 @@ index 41733c5..d80d7a9 100644
int err;
bdi->name = name;
-@@ -725,8 +724,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name,
+@@ -524,8 +523,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name,
if (err)
return err;
@@ -82213,10 +84340,10 @@ index 41733c5..d80d7a9 100644
bdi_destroy(bdi);
return err;
diff --git a/mm/filemap.c b/mm/filemap.c
-index e1979fd..dda5120 100644
+index 7905fe7..e60faa8 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
-@@ -1748,7 +1748,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
+@@ -1766,7 +1766,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma)
struct address_space *mapping = file->f_mapping;
if (!mapping->a_ops->readpage)
@@ -82225,7 +84352,7 @@ index e1979fd..dda5120 100644
file_accessed(file);
vma->vm_ops = &generic_file_vm_ops;
return 0;
-@@ -2088,6 +2088,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i
+@@ -2106,6 +2106,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i
*pos = i_size_read(inode);
if (limit != RLIM_INFINITY) {
@@ -82278,7 +84405,7 @@ index b32b70c..e512eb0 100644
set_page_address(page, (void *)vaddr);
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index 2baa6e3..cd0a264 100644
+index 5cf99bf..5c01c2f 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -2022,15 +2022,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
@@ -82323,7 +84450,16 @@ index 2baa6e3..cd0a264 100644
if (ret)
goto out;
-@@ -2529,6 +2533,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2490,7 +2494,7 @@ void unmap_hugepage_range(struct vm_area_struct *vma, unsigned long start,
+
+ mm = vma->vm_mm;
+
+- tlb_gather_mmu(&tlb, mm, 0);
++ tlb_gather_mmu(&tlb, mm, start, end);
+ __unmap_hugepage_range(&tlb, vma, start, end, ref_page);
+ tlb_finish_mmu(&tlb, start, end);
+ }
+@@ -2545,6 +2549,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma,
return 1;
}
@@ -82351,7 +84487,7 @@ index 2baa6e3..cd0a264 100644
/*
* Hugetlb_cow() should be called with page lock of the original hugepage held.
* Called with hugetlb_instantiation_mutex held and pte_page locked so we
-@@ -2647,6 +2672,11 @@ retry_avoidcopy:
+@@ -2663,6 +2688,11 @@ retry_avoidcopy:
make_huge_pte(vma, new_page, 1));
page_remove_rmap(old_page);
hugepage_add_new_anon_rmap(new_page, vma, address);
@@ -82363,7 +84499,7 @@ index 2baa6e3..cd0a264 100644
/* Make the old page be freed below */
new_page = old_page;
}
-@@ -2805,6 +2835,10 @@ retry:
+@@ -2821,6 +2851,10 @@ retry:
&& (vma->vm_flags & VM_SHARED)));
set_huge_pte_at(mm, address, ptep, new_pte);
@@ -82374,7 +84510,7 @@ index 2baa6e3..cd0a264 100644
if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) {
/* Optimization, do the COW without a second fault */
ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page);
-@@ -2834,6 +2868,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2850,6 +2884,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
static DEFINE_MUTEX(hugetlb_instantiation_mutex);
struct hstate *h = hstate_vma(vma);
@@ -82385,7 +84521,7 @@ index 2baa6e3..cd0a264 100644
address &= huge_page_mask(h);
ptep = huge_pte_offset(mm, address);
-@@ -2847,6 +2885,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2863,6 +2901,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma,
VM_FAULT_SET_HINDEX(hstate_index(h));
}
@@ -82413,7 +84549,7 @@ index 2baa6e3..cd0a264 100644
if (!ptep)
return VM_FAULT_OOM;
diff --git a/mm/internal.h b/mm/internal.h
-index 8562de0..7fdfe92 100644
+index 8562de0..92b2073 100644
--- a/mm/internal.h
+++ b/mm/internal.h
@@ -100,6 +100,7 @@ extern pmd_t *mm_find_pmd(struct mm_struct *mm, unsigned long address);
@@ -82424,6 +84560,15 @@ index 8562de0..7fdfe92 100644
extern void prep_compound_page(struct page *page, unsigned long order);
#ifdef CONFIG_MEMORY_FAILURE
extern bool is_free_buddy_page(struct page *page);
+@@ -355,7 +356,7 @@ extern u32 hwpoison_filter_enable;
+
+ extern unsigned long vm_mmap_pgoff(struct file *, unsigned long,
+ unsigned long, unsigned long,
+- unsigned long, unsigned long);
++ unsigned long, unsigned long) __intentional_overflow(-1);
+
+ extern void set_pageblock_order(void);
+ unsigned long reclaim_clean_pages_from_list(struct zone *zone,
diff --git a/mm/kmemleak.c b/mm/kmemleak.c
index c8d7f31..2dbeffd 100644
--- a/mm/kmemleak.c
@@ -82469,7 +84614,7 @@ index d53adf9..03a24bf 100644
set_fs(old_fs);
diff --git a/mm/madvise.c b/mm/madvise.c
-index c58c94b..86ec14e 100644
+index 7055883..aafb1ed 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c
@@ -51,6 +51,10 @@ static long madvise_behavior(struct vm_area_struct * vma,
@@ -82531,25 +84676,25 @@ index c58c94b..86ec14e 100644
return 0;
}
-@@ -491,6 +522,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior)
+@@ -485,6 +516,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior)
if (end < start)
- goto out;
+ return error;
+#ifdef CONFIG_PAX_SEGMEXEC
+ if (current->mm->pax_flags & MF_PAX_SEGMEXEC) {
+ if (end > SEGMEXEC_TASK_SIZE)
-+ goto out;
++ return error;
+ } else
+#endif
+
+ if (end > TASK_SIZE)
-+ goto out;
++ return error;
+
error = 0;
if (end == start)
- goto out;
+ return error;
diff --git a/mm/memory-failure.c b/mm/memory-failure.c
-index df0694c..bc95539 100644
+index ceb0c7f..b2b8e94 100644
--- a/mm/memory-failure.c
+++ b/mm/memory-failure.c
@@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0;
@@ -82666,10 +84811,39 @@ index df0694c..bc95539 100644
} else {
pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n",
diff --git a/mm/memory.c b/mm/memory.c
-index ba94dec..08ffe0d 100644
+index 5e50800..7c0340f 100644
--- a/mm/memory.c
+++ b/mm/memory.c
-@@ -438,6 +438,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
+@@ -211,14 +211,15 @@ static int tlb_next_batch(struct mmu_gather *tlb)
+ * tear-down from @mm. The @fullmm argument is used when @mm is without
+ * users and we're going to destroy the full address space (exit/execve).
+ */
+-void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, bool fullmm)
++void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, unsigned long start, unsigned long end)
+ {
+ tlb->mm = mm;
+
+- tlb->fullmm = fullmm;
++ /* Is it from 0 to ~0? */
++ tlb->fullmm = !(start | (end+1));
+ tlb->need_flush_all = 0;
+- tlb->start = -1UL;
+- tlb->end = 0;
++ tlb->start = start;
++ tlb->end = end;
+ tlb->need_flush = 0;
+ tlb->local.next = NULL;
+ tlb->local.nr = 0;
+@@ -258,8 +259,6 @@ void tlb_finish_mmu(struct mmu_gather *tlb, unsigned long start, unsigned long e
+ {
+ struct mmu_gather_batch *batch, *next;
+
+- tlb->start = start;
+- tlb->end = end;
+ tlb_flush_mmu(tlb);
+
+ /* keep the page table cache within bounds */
+@@ -429,6 +428,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
free_pte_range(tlb, pmd, addr);
} while (pmd++, addr = next, addr != end);
@@ -82677,7 +84851,7 @@ index ba94dec..08ffe0d 100644
start &= PUD_MASK;
if (start < floor)
return;
-@@ -452,6 +453,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
+@@ -443,6 +443,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud,
pmd = pmd_offset(pud, start);
pud_clear(pud);
pmd_free_tlb(tlb, pmd, start);
@@ -82686,7 +84860,7 @@ index ba94dec..08ffe0d 100644
}
static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
-@@ -471,6 +474,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
+@@ -462,6 +464,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
free_pmd_range(tlb, pud, addr, next, floor, ceiling);
} while (pud++, addr = next, addr != end);
@@ -82694,7 +84868,7 @@ index ba94dec..08ffe0d 100644
start &= PGDIR_MASK;
if (start < floor)
return;
-@@ -485,6 +489,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
+@@ -476,6 +479,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd,
pud = pud_offset(pgd, start);
pgd_clear(pgd);
pud_free_tlb(tlb, pud, start);
@@ -82703,7 +84877,65 @@ index ba94dec..08ffe0d 100644
}
/*
-@@ -1644,12 +1650,6 @@ no_page_table:
+@@ -1101,7 +1106,6 @@ static unsigned long zap_pte_range(struct mmu_gather *tlb,
+ spinlock_t *ptl;
+ pte_t *start_pte;
+ pte_t *pte;
+- unsigned long range_start = addr;
+
+ again:
+ init_rss_vec(rss);
+@@ -1204,17 +1208,25 @@ again:
+ * and page-free while holding it.
+ */
+ if (force_flush) {
++ unsigned long old_end;
++
+ force_flush = 0;
+
+-#ifdef HAVE_GENERIC_MMU_GATHER
+- tlb->start = range_start;
++ /*
++ * Flush the TLB just for the previous segment,
++ * then update the range to be the remaining
++ * TLB range.
++ */
++ old_end = tlb->end;
+ tlb->end = addr;
+-#endif
++
+ tlb_flush_mmu(tlb);
+- if (addr != end) {
+- range_start = addr;
++
++ tlb->start = addr;
++ tlb->end = old_end;
++
++ if (addr != end)
+ goto again;
+- }
+ }
+
+ return addr;
+@@ -1399,7 +1411,7 @@ void zap_page_range(struct vm_area_struct *vma, unsigned long start,
+ unsigned long end = start + size;
+
+ lru_add_drain();
+- tlb_gather_mmu(&tlb, mm, 0);
++ tlb_gather_mmu(&tlb, mm, start, end);
+ update_hiwater_rss(mm);
+ mmu_notifier_invalidate_range_start(mm, start, end);
+ for ( ; vma && vma->vm_start < end; vma = vma->vm_next)
+@@ -1425,7 +1437,7 @@ static void zap_page_range_single(struct vm_area_struct *vma, unsigned long addr
+ unsigned long end = address + size;
+
+ lru_add_drain();
+- tlb_gather_mmu(&tlb, mm, 0);
++ tlb_gather_mmu(&tlb, mm, address, end);
+ update_hiwater_rss(mm);
+ mmu_notifier_invalidate_range_start(mm, address, end);
+ unmap_single_vma(&tlb, vma, address, end, details);
+@@ -1638,12 +1650,6 @@ no_page_table:
return page;
}
@@ -82716,7 +84948,7 @@ index ba94dec..08ffe0d 100644
/**
* __get_user_pages() - pin user pages in memory
* @tsk: task_struct of target task
-@@ -1736,10 +1736,10 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1730,10 +1736,10 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
i = 0;
@@ -82729,7 +84961,7 @@ index ba94dec..08ffe0d 100644
if (!vma && in_gate_area(mm, start)) {
unsigned long pg = start & PAGE_MASK;
pgd_t *pgd;
-@@ -1788,7 +1788,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1782,7 +1788,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
goto next_page;
}
@@ -82738,7 +84970,7 @@ index ba94dec..08ffe0d 100644
(vma->vm_flags & (VM_IO | VM_PFNMAP)) ||
!(vm_flags & vma->vm_flags))
return i ? : -EFAULT;
-@@ -1817,11 +1817,6 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
+@@ -1811,11 +1817,6 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
int ret;
unsigned int fault_flags = 0;
@@ -82750,7 +84982,7 @@ index ba94dec..08ffe0d 100644
if (foll_flags & FOLL_WRITE)
fault_flags |= FAULT_FLAG_WRITE;
if (nonblocking)
-@@ -1901,7 +1896,7 @@ next_page:
+@@ -1895,7 +1896,7 @@ next_page:
start += page_increm * PAGE_SIZE;
nr_pages -= page_increm;
} while (nr_pages && start < vma->vm_end);
@@ -82759,7 +84991,7 @@ index ba94dec..08ffe0d 100644
return i;
}
EXPORT_SYMBOL(__get_user_pages);
-@@ -2108,6 +2103,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -2102,6 +2103,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
page_add_file_rmap(page);
set_pte_at(mm, addr, pte, mk_pte(page, prot));
@@ -82770,7 +85002,7 @@ index ba94dec..08ffe0d 100644
retval = 0;
pte_unmap_unlock(pte, ptl);
return retval;
-@@ -2152,9 +2151,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
+@@ -2146,9 +2151,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr,
if (!page_count(page))
return -EINVAL;
if (!(vma->vm_flags & VM_MIXEDMAP)) {
@@ -82792,7 +85024,7 @@ index ba94dec..08ffe0d 100644
}
return insert_page(vma, addr, page, vma->vm_page_prot);
}
-@@ -2237,6 +2248,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
+@@ -2231,6 +2248,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr,
unsigned long pfn)
{
BUG_ON(!(vma->vm_flags & VM_MIXEDMAP));
@@ -82800,7 +85032,7 @@ index ba94dec..08ffe0d 100644
if (addr < vma->vm_start || addr >= vma->vm_end)
return -EFAULT;
-@@ -2484,7 +2496,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
+@@ -2478,7 +2496,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud,
BUG_ON(pud_huge(*pud));
@@ -82811,7 +85043,7 @@ index ba94dec..08ffe0d 100644
if (!pmd)
return -ENOMEM;
do {
-@@ -2504,7 +2518,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
+@@ -2498,7 +2518,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd,
unsigned long next;
int err;
@@ -82822,7 +85054,7 @@ index ba94dec..08ffe0d 100644
if (!pud)
return -ENOMEM;
do {
-@@ -2592,6 +2608,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
+@@ -2586,6 +2608,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo
copy_user_highpage(dst, src, va, vma);
}
@@ -83009,7 +85241,7 @@ index ba94dec..08ffe0d 100644
/*
* This routine handles present pages, when users try to write
* to a shared page. It is done by copying the page to a new address
-@@ -2808,6 +3004,12 @@ gotten:
+@@ -2802,6 +3004,12 @@ gotten:
*/
page_table = pte_offset_map_lock(mm, pmd, address, &ptl);
if (likely(pte_same(*page_table, orig_pte))) {
@@ -83022,7 +85254,7 @@ index ba94dec..08ffe0d 100644
if (old_page) {
if (!PageAnon(old_page)) {
dec_mm_counter_fast(mm, MM_FILEPAGES);
-@@ -2859,6 +3061,10 @@ gotten:
+@@ -2853,6 +3061,10 @@ gotten:
page_remove_rmap(old_page);
}
@@ -83033,7 +85265,7 @@ index ba94dec..08ffe0d 100644
/* Free the old page.. */
new_page = old_page;
ret |= VM_FAULT_WRITE;
-@@ -3134,6 +3340,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3128,6 +3340,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
swap_free(entry);
if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page))
try_to_free_swap(page);
@@ -83045,7 +85277,7 @@ index ba94dec..08ffe0d 100644
unlock_page(page);
if (page != swapcache) {
/*
-@@ -3157,6 +3368,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3151,6 +3368,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma,
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
@@ -83057,7 +85289,7 @@ index ba94dec..08ffe0d 100644
unlock:
pte_unmap_unlock(page_table, ptl);
out:
-@@ -3176,40 +3392,6 @@ out_release:
+@@ -3170,40 +3392,6 @@ out_release:
}
/*
@@ -83098,7 +85330,7 @@ index ba94dec..08ffe0d 100644
* We enter with non-exclusive mmap_sem (to exclude vma changes,
* but allow concurrent faults), and pte mapped but not yet locked.
* We return with mmap_sem still held, but pte unmapped and unlocked.
-@@ -3218,27 +3400,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3212,27 +3400,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long address, pte_t *page_table, pmd_t *pmd,
unsigned int flags)
{
@@ -83131,7 +85363,7 @@ index ba94dec..08ffe0d 100644
if (unlikely(anon_vma_prepare(vma)))
goto oom;
page = alloc_zeroed_user_highpage_movable(vma, address);
-@@ -3257,6 +3435,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3256,6 +3440,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma,
if (!pte_none(*page_table))
goto release;
@@ -83143,7 +85375,7 @@ index ba94dec..08ffe0d 100644
inc_mm_counter_fast(mm, MM_ANONPAGES);
page_add_new_anon_rmap(page, vma, address);
setpte:
-@@ -3264,6 +3447,12 @@ setpte:
+@@ -3263,6 +3452,12 @@ setpte:
/* No need to invalidate - it was non-present before */
update_mmu_cache(vma, address, page_table);
@@ -83156,7 +85388,7 @@ index ba94dec..08ffe0d 100644
unlock:
pte_unmap_unlock(page_table, ptl);
return 0;
-@@ -3407,6 +3596,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3406,6 +3601,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
*/
/* Only go through if we didn't race with anybody else... */
if (likely(pte_same(*page_table, orig_pte))) {
@@ -83169,7 +85401,7 @@ index ba94dec..08ffe0d 100644
flush_icache_page(vma, page);
entry = mk_pte(page, vma->vm_page_prot);
if (flags & FAULT_FLAG_WRITE)
-@@ -3426,6 +3621,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3425,6 +3626,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma,
/* no need to invalidate: a not-present page won't be cached */
update_mmu_cache(vma, address, page_table);
@@ -83184,7 +85416,7 @@ index ba94dec..08ffe0d 100644
} else {
if (cow_page)
mem_cgroup_uncharge_page(cow_page);
-@@ -3747,6 +3950,12 @@ int handle_pte_fault(struct mm_struct *mm,
+@@ -3746,6 +3955,12 @@ int handle_pte_fault(struct mm_struct *mm,
if (flags & FAULT_FLAG_WRITE)
flush_tlb_fix_spurious_fault(vma, address);
}
@@ -83197,7 +85429,7 @@ index ba94dec..08ffe0d 100644
unlock:
pte_unmap_unlock(pte, ptl);
return 0;
-@@ -3763,6 +3972,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3762,6 +3977,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
pmd_t *pmd;
pte_t *pte;
@@ -83208,7 +85440,7 @@ index ba94dec..08ffe0d 100644
__set_current_state(TASK_RUNNING);
count_vm_event(PGFAULT);
-@@ -3774,6 +3987,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -3773,6 +3992,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma,
if (unlikely(is_vm_hugetlb_page(vma)))
return hugetlb_fault(mm, vma, address, flags);
@@ -83243,7 +85475,7 @@ index ba94dec..08ffe0d 100644
retry:
pgd = pgd_offset(mm, address);
pud = pud_alloc(mm, pgd, address);
-@@ -3872,6 +4113,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
+@@ -3871,6 +4118,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
@@ -83267,7 +85499,7 @@ index ba94dec..08ffe0d 100644
#endif /* __PAGETABLE_PUD_FOLDED */
#ifndef __PAGETABLE_PMD_FOLDED
-@@ -3902,6 +4160,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
+@@ -3901,6 +4165,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address)
spin_unlock(&mm->page_table_lock);
return 0;
}
@@ -83298,7 +85530,7 @@ index ba94dec..08ffe0d 100644
#endif /* __PAGETABLE_PMD_FOLDED */
#if !defined(__HAVE_ARCH_GATE_AREA)
-@@ -3915,7 +4197,7 @@ static int __init gate_vma_init(void)
+@@ -3914,7 +4202,7 @@ static int __init gate_vma_init(void)
gate_vma.vm_start = FIXADDR_USER_START;
gate_vma.vm_end = FIXADDR_USER_END;
gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC;
@@ -83307,7 +85539,7 @@ index ba94dec..08ffe0d 100644
return 0;
}
-@@ -4049,8 +4331,8 @@ out:
+@@ -4048,8 +4336,8 @@ out:
return ret;
}
@@ -83318,7 +85550,7 @@ index ba94dec..08ffe0d 100644
{
resource_size_t phys_addr;
unsigned long prot = 0;
-@@ -4075,8 +4357,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
+@@ -4074,8 +4362,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr,
* Access another process' address space as given in mm. If non-NULL, use the
* given task for page fault accounting.
*/
@@ -83329,7 +85561,7 @@ index ba94dec..08ffe0d 100644
{
struct vm_area_struct *vma;
void *old_buf = buf;
-@@ -4084,7 +4366,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -4083,7 +4371,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
down_read(&mm->mmap_sem);
/* ignore errors, just check how much was successfully transferred */
while (len) {
@@ -83338,7 +85570,7 @@ index ba94dec..08ffe0d 100644
void *maddr;
struct page *page = NULL;
-@@ -4143,8 +4425,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -4142,8 +4430,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
*
* The caller must hold a reference on @mm.
*/
@@ -83349,7 +85581,7 @@ index ba94dec..08ffe0d 100644
{
return __access_remote_vm(NULL, mm, addr, buf, len, write);
}
-@@ -4154,11 +4436,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
+@@ -4153,11 +4441,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
* Source/target buffer must be kernel space,
* Do not walk the page table directly, use get_user_pages
*/
@@ -83365,7 +85597,7 @@ index ba94dec..08ffe0d 100644
mm = get_task_mm(tsk);
if (!mm)
diff --git a/mm/mempolicy.c b/mm/mempolicy.c
-index 7431001..0f8344e 100644
+index 4baf12e..5497066 100644
--- a/mm/mempolicy.c
+++ b/mm/mempolicy.c
@@ -708,6 +708,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
@@ -83379,11 +85611,7 @@ index 7431001..0f8344e 100644
vma = find_vma(mm, start);
if (!vma || vma->vm_start > start)
return -EFAULT;
-@@ -744,9 +748,20 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
- if (err)
- goto out;
- }
-+
+@@ -751,6 +755,16 @@ static int mbind_range(struct mm_struct *mm, unsigned long start,
err = vma_replace_policy(vma, new_pol);
if (err)
goto out;
@@ -83400,7 +85628,7 @@ index 7431001..0f8344e 100644
}
out:
-@@ -1202,6 +1217,17 @@ static long do_mbind(unsigned long start, unsigned long len,
+@@ -1206,6 +1220,17 @@ static long do_mbind(unsigned long start, unsigned long len,
if (end < start)
return -EINVAL;
@@ -83418,7 +85646,7 @@ index 7431001..0f8344e 100644
if (end == start)
return 0;
-@@ -1430,8 +1456,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
+@@ -1434,8 +1459,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
*/
tcred = __task_cred(task);
if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
@@ -83428,7 +85656,7 @@ index 7431001..0f8344e 100644
rcu_read_unlock();
err = -EPERM;
goto out_put;
-@@ -1462,6 +1487,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
+@@ -1466,6 +1490,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode,
goto out;
}
@@ -83445,10 +85673,10 @@ index 7431001..0f8344e 100644
capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
diff --git a/mm/migrate.c b/mm/migrate.c
-index c04d9af..0b41805 100644
+index 6f0c244..6d1ae32 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
-@@ -1395,8 +1395,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
+@@ -1399,8 +1399,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
*/
tcred = __task_cred(task);
if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
@@ -83530,18 +85758,18 @@ index 79b7cf7..9944291 100644
capable(CAP_IPC_LOCK))
ret = do_mlockall(flags);
diff --git a/mm/mmap.c b/mm/mmap.c
-index 0dceed8..a559c2e 100644
+index 7dbe397..bfb7626 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
-@@ -33,6 +33,7 @@
- #include <linux/uprobes.h>
- #include <linux/rbtree_augmented.h>
+@@ -36,6 +36,7 @@
#include <linux/sched/sysctl.h>
+ #include <linux/notifier.h>
+ #include <linux/memory.h>
+#include <linux/random.h>
#include <asm/uaccess.h>
#include <asm/cacheflush.h>
-@@ -49,6 +50,16 @@
+@@ -52,6 +53,16 @@
#define arch_rebalance_pgtables(addr, len) (addr)
#endif
@@ -83558,7 +85786,7 @@ index 0dceed8..a559c2e 100644
static void unmap_region(struct mm_struct *mm,
struct vm_area_struct *vma, struct vm_area_struct *prev,
unsigned long start, unsigned long end);
-@@ -68,22 +79,32 @@ static void unmap_region(struct mm_struct *mm,
+@@ -71,16 +82,25 @@ static void unmap_region(struct mm_struct *mm,
* x: (no) no x: (no) yes x: (no) yes x: (yes) yes
*
*/
@@ -83587,14 +85815,15 @@ index 0dceed8..a559c2e 100644
}
EXPORT_SYMBOL(vm_get_page_prot);
- int sysctl_overcommit_memory __read_mostly = OVERCOMMIT_GUESS; /* heuristic overcommit */
- int sysctl_overcommit_ratio __read_mostly = 50; /* default is 50% */
+@@ -89,6 +109,7 @@ int sysctl_overcommit_ratio __read_mostly = 50; /* default is 50% */
int sysctl_max_map_count __read_mostly = DEFAULT_MAX_MAP_COUNT;
+ unsigned long sysctl_user_reserve_kbytes __read_mostly = 1UL << 17; /* 128MB */
+ unsigned long sysctl_admin_reserve_kbytes __read_mostly = 1UL << 13; /* 8MB */
+unsigned long sysctl_heap_stack_gap __read_mostly = 64*1024;
/*
* Make sure vm_committed_as in one cacheline and not cacheline shared with
* other variables. It can be updated by several CPUs frequently.
-@@ -239,6 +260,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
+@@ -247,6 +268,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
struct vm_area_struct *next = vma->vm_next;
might_sleep();
@@ -83602,7 +85831,7 @@ index 0dceed8..a559c2e 100644
if (vma->vm_ops && vma->vm_ops->close)
vma->vm_ops->close(vma);
if (vma->vm_file)
-@@ -283,6 +305,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
+@@ -291,6 +313,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk)
* not page aligned -Ram Gupta
*/
rlim = rlimit(RLIMIT_DATA);
@@ -83610,7 +85839,7 @@ index 0dceed8..a559c2e 100644
if (rlim < RLIM_INFINITY && (brk - mm->start_brk) +
(mm->end_data - mm->start_data) > rlim)
goto out;
-@@ -897,6 +920,12 @@ static int
+@@ -933,6 +956,12 @@ static int
can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags,
struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
{
@@ -83623,7 +85852,7 @@ index 0dceed8..a559c2e 100644
if (is_mergeable_vma(vma, file, vm_flags) &&
is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) {
if (vma->vm_pgoff == vm_pgoff)
-@@ -916,6 +945,12 @@ static int
+@@ -952,6 +981,12 @@ static int
can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff)
{
@@ -83636,7 +85865,7 @@ index 0dceed8..a559c2e 100644
if (is_mergeable_vma(vma, file, vm_flags) &&
is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) {
pgoff_t vm_pglen;
-@@ -958,13 +993,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
+@@ -994,13 +1029,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags,
struct vm_area_struct *vma_merge(struct mm_struct *mm,
struct vm_area_struct *prev, unsigned long addr,
unsigned long end, unsigned long vm_flags,
@@ -83658,7 +85887,7 @@ index 0dceed8..a559c2e 100644
/*
* We later require that vma->vm_flags == vm_flags,
* so this tests vma->vm_flags & VM_SPECIAL, too.
-@@ -980,6 +1022,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
+@@ -1016,6 +1058,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
if (next && next->vm_end == end) /* cases 6, 7, 8 */
next = next->vm_next;
@@ -83674,7 +85903,7 @@ index 0dceed8..a559c2e 100644
/*
* Can it merge with the predecessor?
*/
-@@ -999,9 +1050,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
+@@ -1035,9 +1086,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
/* cases 1, 6 */
err = vma_adjust(prev, prev->vm_start,
next->vm_end, prev->vm_pgoff, NULL);
@@ -83700,7 +85929,7 @@ index 0dceed8..a559c2e 100644
if (err)
return NULL;
khugepaged_enter_vma_merge(prev);
-@@ -1015,12 +1081,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
+@@ -1051,12 +1117,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm,
mpol_equal(policy, vma_policy(next)) &&
can_vma_merge_before(next, vm_flags,
anon_vma, file, pgoff+pglen)) {
@@ -83730,7 +85959,7 @@ index 0dceed8..a559c2e 100644
if (err)
return NULL;
khugepaged_enter_vma_merge(area);
-@@ -1129,8 +1210,10 @@ none:
+@@ -1165,8 +1246,10 @@ none:
void vm_stat_account(struct mm_struct *mm, unsigned long flags,
struct file *file, long pages)
{
@@ -83743,7 +85972,7 @@ index 0dceed8..a559c2e 100644
mm->total_vm += pages;
-@@ -1138,7 +1221,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags,
+@@ -1174,7 +1257,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags,
mm->shared_vm += pages;
if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC)
mm->exec_vm += pages;
@@ -83752,7 +85981,7 @@ index 0dceed8..a559c2e 100644
mm->stack_vm += pages;
}
#endif /* CONFIG_PROC_FS */
-@@ -1177,7 +1260,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1213,7 +1296,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
* (the exception is when the underlying filesystem is noexec
* mounted, in which case we dont add PROT_EXEC.)
*/
@@ -83761,7 +85990,7 @@ index 0dceed8..a559c2e 100644
if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC)))
prot |= PROT_EXEC;
-@@ -1203,7 +1286,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1239,7 +1322,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
/* Obtain the address to map to. we verify (or select) it and ensure
* that it represents a valid section of the address space.
*/
@@ -83770,12 +85999,19 @@ index 0dceed8..a559c2e 100644
if (addr & ~PAGE_MASK)
return addr;
-@@ -1214,6 +1297,36 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1250,6 +1333,43 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) |
mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC;
+#ifdef CONFIG_PAX_MPROTECT
+ if (mm->pax_flags & MF_PAX_MPROTECT) {
++
++#ifdef CONFIG_GRKERNSEC_RWXMAP_LOG
++ if (file && !pgoff && (vm_flags & VM_EXEC) && mm->binfmt &&
++ mm->binfmt->handle_mmap)
++ mm->binfmt->handle_mmap(file);
++#endif
++
+#ifndef CONFIG_PAX_MPROTECT_COMPAT
+ if ((vm_flags & (VM_WRITE | VM_EXEC)) == (VM_WRITE | VM_EXEC)) {
+ gr_log_rwxmmap(file);
@@ -83807,7 +86043,7 @@ index 0dceed8..a559c2e 100644
if (flags & MAP_LOCKED)
if (!can_do_mlock())
return -EPERM;
-@@ -1225,6 +1338,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1261,6 +1381,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
locked += mm->locked_vm;
lock_limit = rlimit(RLIMIT_MEMLOCK);
lock_limit >>= PAGE_SHIFT;
@@ -83815,7 +86051,7 @@ index 0dceed8..a559c2e 100644
if (locked > lock_limit && !capable(CAP_IPC_LOCK))
return -EAGAIN;
}
-@@ -1305,6 +1419,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
+@@ -1341,6 +1462,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr,
vm_flags |= VM_NORESERVE;
}
@@ -83825,7 +86061,7 @@ index 0dceed8..a559c2e 100644
addr = mmap_region(file, addr, len, vm_flags, pgoff);
if (!IS_ERR_VALUE(addr) &&
((vm_flags & VM_LOCKED) ||
-@@ -1396,7 +1513,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma)
+@@ -1432,7 +1556,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma)
vm_flags_t vm_flags = vma->vm_flags;
/* If it was private or non-writable, the write bit is already clear */
@@ -83834,7 +86070,7 @@ index 0dceed8..a559c2e 100644
return 0;
/* The backer wishes to know when pages are first written to? */
-@@ -1444,16 +1561,30 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
+@@ -1480,7 +1604,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
unsigned long charged = 0;
struct inode *inode = file ? file_inode(file) : NULL;
@@ -83848,6 +86084,17 @@ index 0dceed8..a559c2e 100644
+ */
+ verify_mm_writelocked(mm);
+
+ /* Check against address space limit. */
++
++#ifdef CONFIG_PAX_RANDMMAP
++ if (!(mm->pax_flags & MF_PAX_RANDMMAP) || (vm_flags & (VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)))
++#endif
++
+ if (!may_expand_vm(mm, len >> PAGE_SHIFT)) {
+ unsigned long nr_pages;
+
+@@ -1499,11 +1638,10 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
+
/* Clear old maps */
error = -ENOMEM;
-munmap_back:
@@ -83858,16 +86105,8 @@ index 0dceed8..a559c2e 100644
+ BUG_ON(find_vma_links(mm, addr, addr + len, &prev, &rb_link, &rb_parent));
}
- /* Check against address space limit. */
-+
-+#ifdef CONFIG_PAX_RANDMMAP
-+ if (!(mm->pax_flags & MF_PAX_RANDMMAP) || (vm_flags & (VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC)))
-+#endif
-+
- if (!may_expand_vm(mm, len >> PAGE_SHIFT))
- return -ENOMEM;
-
-@@ -1485,6 +1616,16 @@ munmap_back:
+ /*
+@@ -1534,6 +1672,16 @@ munmap_back:
goto unacct_error;
}
@@ -83884,7 +86123,7 @@ index 0dceed8..a559c2e 100644
vma->vm_mm = mm;
vma->vm_start = addr;
vma->vm_end = addr + len;
-@@ -1509,6 +1650,13 @@ munmap_back:
+@@ -1558,6 +1706,13 @@ munmap_back:
if (error)
goto unmap_and_free_vma;
@@ -83898,7 +86137,7 @@ index 0dceed8..a559c2e 100644
/* Can addr have changed??
*
* Answer: Yes, several device drivers can do it in their
-@@ -1547,6 +1695,11 @@ munmap_back:
+@@ -1596,6 +1751,11 @@ munmap_back:
vma_link(mm, vma, prev, rb_link, rb_parent);
file = vma->vm_file;
@@ -83910,7 +86149,7 @@ index 0dceed8..a559c2e 100644
/* Once vma denies write, undo our temporary denial count */
if (correct_wcount)
atomic_inc(&inode->i_writecount);
-@@ -1554,6 +1707,7 @@ out:
+@@ -1603,6 +1763,7 @@ out:
perf_event_mmap(vma);
vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT);
@@ -83918,7 +86157,7 @@ index 0dceed8..a559c2e 100644
if (vm_flags & VM_LOCKED) {
if (!((vm_flags & VM_SPECIAL) || is_vm_hugetlb_page(vma) ||
vma == get_gate_vma(current->mm)))
-@@ -1577,6 +1731,12 @@ unmap_and_free_vma:
+@@ -1626,6 +1787,12 @@ unmap_and_free_vma:
unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end);
charged = 0;
free_vma:
@@ -83931,7 +86170,7 @@ index 0dceed8..a559c2e 100644
kmem_cache_free(vm_area_cachep, vma);
unacct_error:
if (charged)
-@@ -1584,7 +1744,63 @@ unacct_error:
+@@ -1633,7 +1800,63 @@ unacct_error:
return error;
}
@@ -83940,7 +86179,7 @@ index 0dceed8..a559c2e 100644
+unsigned long gr_rand_threadstack_offset(const struct mm_struct *mm, const struct file *filp, unsigned long flags)
+{
+ if ((mm->pax_flags & MF_PAX_RANDMMAP) && !filp && (flags & MAP_STACK))
-+ return ((random32() & 0xFF) + 1) << PAGE_SHIFT;
++ return ((prandom_u32() & 0xFF) + 1) << PAGE_SHIFT;
+
+ return 0;
+}
@@ -83967,7 +86206,7 @@ index 0dceed8..a559c2e 100644
+ return sysctl_heap_stack_gap <= vma->vm_start - addr - len;
+#ifdef CONFIG_STACK_GROWSUP
+ else if (vma->vm_prev && (vma->vm_prev->vm_flags & VM_GROWSUP))
-+ return addr - vma->vm_prev->vm_end <= sysctl_heap_stack_gap;
++ return addr - vma->vm_prev->vm_end >= sysctl_heap_stack_gap;
+#endif
+ else if (offset)
+ return offset <= vma->vm_start - addr - len;
@@ -83996,7 +86235,7 @@ index 0dceed8..a559c2e 100644
{
/*
* We implement the search by looking for an rbtree node that
-@@ -1632,11 +1848,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info)
+@@ -1681,11 +1904,29 @@ unsigned long unmapped_area(struct vm_unmapped_area_info *info)
}
}
@@ -84027,7 +86266,7 @@ index 0dceed8..a559c2e 100644
if (gap_end >= low_limit && gap_end - gap_start >= length)
goto found;
-@@ -1686,7 +1920,7 @@ found:
+@@ -1735,7 +1976,7 @@ found:
return gap_start;
}
@@ -84036,7 +86275,7 @@ index 0dceed8..a559c2e 100644
{
struct mm_struct *mm = current->mm;
struct vm_area_struct *vma;
-@@ -1740,6 +1974,24 @@ check_current:
+@@ -1789,6 +2030,24 @@ check_current:
gap_end = vma->vm_start;
if (gap_end < low_limit)
return -ENOMEM;
@@ -84061,7 +86300,7 @@ index 0dceed8..a559c2e 100644
if (gap_start <= high_limit && gap_end - gap_start >= length)
goto found;
-@@ -1803,6 +2055,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -1852,6 +2111,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
struct mm_struct *mm = current->mm;
struct vm_area_struct *vma;
struct vm_unmapped_area_info info;
@@ -84069,7 +86308,7 @@ index 0dceed8..a559c2e 100644
if (len > TASK_SIZE)
return -ENOMEM;
-@@ -1810,29 +2063,45 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -1859,29 +2119,45 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
if (flags & MAP_FIXED)
return addr;
@@ -84118,7 +86357,7 @@ index 0dceed8..a559c2e 100644
mm->free_area_cache = addr;
}
-@@ -1850,6 +2119,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1899,6 +2175,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
struct mm_struct *mm = current->mm;
unsigned long addr = addr0;
struct vm_unmapped_area_info info;
@@ -84126,7 +86365,7 @@ index 0dceed8..a559c2e 100644
/* requested length too big for entire address space */
if (len > TASK_SIZE)
-@@ -1858,12 +2128,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1907,12 +2184,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
if (flags & MAP_FIXED)
return addr;
@@ -84144,7 +86383,7 @@ index 0dceed8..a559c2e 100644
return addr;
}
-@@ -1872,6 +2145,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1921,6 +2201,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
info.low_limit = PAGE_SIZE;
info.high_limit = mm->mmap_base;
info.align_mask = 0;
@@ -84152,7 +86391,7 @@ index 0dceed8..a559c2e 100644
addr = vm_unmapped_area(&info);
/*
-@@ -1884,6 +2158,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1933,6 +2214,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
VM_BUG_ON(addr != -ENOMEM);
info.flags = 0;
info.low_limit = TASK_UNMAPPED_BASE;
@@ -84165,7 +86404,7 @@ index 0dceed8..a559c2e 100644
info.high_limit = TASK_SIZE;
addr = vm_unmapped_area(&info);
}
-@@ -1894,6 +2174,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
+@@ -1943,6 +2230,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0,
void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
{
@@ -84178,7 +86417,7 @@ index 0dceed8..a559c2e 100644
/*
* Is this a new hole at the highest possible address?
*/
-@@ -1901,8 +2187,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
+@@ -1950,8 +2243,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr)
mm->free_area_cache = addr;
/* dont allow allocations above current base */
@@ -84190,7 +86429,7 @@ index 0dceed8..a559c2e 100644
}
unsigned long
-@@ -2001,6 +2289,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
+@@ -2047,6 +2342,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr,
return vma;
}
@@ -84219,7 +86458,7 @@ index 0dceed8..a559c2e 100644
/*
* Verify that the stack growth is acceptable and
* update accounting. This is shared with both the
-@@ -2017,6 +2327,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -2063,6 +2380,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
return -ENOMEM;
/* Stack limit test */
@@ -84227,7 +86466,7 @@ index 0dceed8..a559c2e 100644
if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur))
return -ENOMEM;
-@@ -2027,6 +2338,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -2073,6 +2391,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
locked = mm->locked_vm + grow;
limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur);
limit >>= PAGE_SHIFT;
@@ -84235,7 +86474,7 @@ index 0dceed8..a559c2e 100644
if (locked > limit && !capable(CAP_IPC_LOCK))
return -ENOMEM;
}
-@@ -2056,37 +2368,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
+@@ -2102,37 +2421,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns
* PA-RISC uses this for its stack; IA64 for its Register Backing Store.
* vma is the last one with address > vma->vm_end. Have to extend vma.
*/
@@ -84293,7 +86532,7 @@ index 0dceed8..a559c2e 100644
unsigned long size, grow;
size = address - vma->vm_start;
-@@ -2121,6 +2444,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
+@@ -2167,6 +2497,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address)
}
}
}
@@ -84302,7 +86541,7 @@ index 0dceed8..a559c2e 100644
vma_unlock_anon_vma(vma);
khugepaged_enter_vma_merge(vma);
validate_mm(vma->vm_mm);
-@@ -2135,6 +2460,8 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2181,6 +2513,8 @@ int expand_downwards(struct vm_area_struct *vma,
unsigned long address)
{
int error;
@@ -84311,7 +86550,7 @@ index 0dceed8..a559c2e 100644
/*
* We must make sure the anon_vma is allocated
-@@ -2148,6 +2475,15 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2194,6 +2528,15 @@ int expand_downwards(struct vm_area_struct *vma,
if (error)
return error;
@@ -84327,7 +86566,7 @@ index 0dceed8..a559c2e 100644
vma_lock_anon_vma(vma);
/*
-@@ -2157,9 +2493,17 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2203,9 +2546,17 @@ int expand_downwards(struct vm_area_struct *vma,
*/
/* Somebody else might have raced and expanded it already */
@@ -84346,7 +86585,7 @@ index 0dceed8..a559c2e 100644
size = vma->vm_end - address;
grow = (vma->vm_start - address) >> PAGE_SHIFT;
-@@ -2184,13 +2528,27 @@ int expand_downwards(struct vm_area_struct *vma,
+@@ -2230,13 +2581,27 @@ int expand_downwards(struct vm_area_struct *vma,
vma->vm_pgoff -= grow;
anon_vma_interval_tree_post_update_vma(vma);
vma_gap_update(vma);
@@ -84374,7 +86613,7 @@ index 0dceed8..a559c2e 100644
khugepaged_enter_vma_merge(vma);
validate_mm(vma->vm_mm);
return error;
-@@ -2288,6 +2646,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2334,6 +2699,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma)
do {
long nrpages = vma_pages(vma);
@@ -84388,7 +86627,16 @@ index 0dceed8..a559c2e 100644
if (vma->vm_flags & VM_ACCOUNT)
nr_accounted += nrpages;
vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages);
-@@ -2333,6 +2698,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2356,7 +2728,7 @@ static void unmap_region(struct mm_struct *mm,
+ struct mmu_gather tlb;
+
+ lru_add_drain();
+- tlb_gather_mmu(&tlb, mm, 0);
++ tlb_gather_mmu(&tlb, mm, start, end);
+ update_hiwater_rss(mm);
+ unmap_vmas(&tlb, vma, start, end);
+ free_pgtables(&tlb, vma, prev ? prev->vm_end : FIRST_USER_ADDRESS,
+@@ -2379,6 +2751,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma,
insertion_point = (prev ? &prev->vm_next : &mm->mmap);
vma->vm_prev = NULL;
do {
@@ -84405,7 +86653,7 @@ index 0dceed8..a559c2e 100644
vma_rb_erase(vma, &mm->mm_rb);
mm->map_count--;
tail_vma = vma;
-@@ -2364,14 +2739,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2410,14 +2792,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
struct vm_area_struct *new;
int err = -ENOMEM;
@@ -84439,7 +86687,7 @@ index 0dceed8..a559c2e 100644
/* most fields are the same, copy all, and then fixup */
*new = *vma;
-@@ -2384,6 +2778,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2430,6 +2831,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT);
}
@@ -84462,7 +86710,7 @@ index 0dceed8..a559c2e 100644
pol = mpol_dup(vma_policy(vma));
if (IS_ERR(pol)) {
err = PTR_ERR(pol);
-@@ -2406,6 +2816,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2452,6 +2869,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
else
err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new);
@@ -84499,7 +86747,7 @@ index 0dceed8..a559c2e 100644
/* Success. */
if (!err)
return 0;
-@@ -2415,10 +2855,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2461,10 +2908,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
new->vm_ops->close(new);
if (new->vm_file)
fput(new->vm_file);
@@ -84519,7 +86767,7 @@ index 0dceed8..a559c2e 100644
kmem_cache_free(vm_area_cachep, new);
out_err:
return err;
-@@ -2431,6 +2879,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
+@@ -2477,6 +2932,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma,
int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
unsigned long addr, int new_below)
{
@@ -84535,7 +86783,7 @@ index 0dceed8..a559c2e 100644
if (mm->map_count >= sysctl_max_map_count)
return -ENOMEM;
-@@ -2442,11 +2899,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -2488,11 +2952,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
* work. This now handles partial unmappings.
* Jeremy Fitzhardinge <jeremy@goop.org>
*/
@@ -84566,7 +86814,7 @@ index 0dceed8..a559c2e 100644
if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
return -EINVAL;
-@@ -2521,6 +2997,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
+@@ -2567,6 +3050,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len)
/* Fix up all other VM information */
remove_vma_list(mm, vma);
@@ -84575,7 +86823,7 @@ index 0dceed8..a559c2e 100644
return 0;
}
-@@ -2529,6 +3007,13 @@ int vm_munmap(unsigned long start, size_t len)
+@@ -2575,6 +3060,13 @@ int vm_munmap(unsigned long start, size_t len)
int ret;
struct mm_struct *mm = current->mm;
@@ -84589,7 +86837,7 @@ index 0dceed8..a559c2e 100644
down_write(&mm->mmap_sem);
ret = do_munmap(mm, start, len);
up_write(&mm->mmap_sem);
-@@ -2542,16 +3027,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
+@@ -2588,16 +3080,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len)
return vm_munmap(addr, len);
}
@@ -84606,7 +86854,7 @@ index 0dceed8..a559c2e 100644
/*
* this is really a simplified "do_mmap". it only handles
* anonymous maps. eventually we may be able to do some
-@@ -2565,6 +3040,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2611,6 +3093,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
struct rb_node ** rb_link, * rb_parent;
pgoff_t pgoff = addr >> PAGE_SHIFT;
int error;
@@ -84614,7 +86862,7 @@ index 0dceed8..a559c2e 100644
len = PAGE_ALIGN(len);
if (!len)
-@@ -2572,16 +3048,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2618,16 +3101,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags;
@@ -84646,7 +86894,7 @@ index 0dceed8..a559c2e 100644
locked += mm->locked_vm;
lock_limit = rlimit(RLIMIT_MEMLOCK);
lock_limit >>= PAGE_SHIFT;
-@@ -2598,21 +3088,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2644,21 +3141,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
/*
* Clear old maps. this also does some error checking for us
*/
@@ -84671,7 +86919,7 @@ index 0dceed8..a559c2e 100644
return -ENOMEM;
/* Can we just expand an old private anonymous mapping? */
-@@ -2626,7 +3115,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2672,7 +3168,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
*/
vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL);
if (!vma) {
@@ -84680,7 +86928,7 @@ index 0dceed8..a559c2e 100644
return -ENOMEM;
}
-@@ -2640,9 +3129,10 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
+@@ -2686,9 +3182,10 @@ static unsigned long do_brk(unsigned long addr, unsigned long len)
vma_link(mm, vma, prev, rb_link, rb_parent);
out:
perf_event_mmap(vma);
@@ -84693,7 +86941,16 @@ index 0dceed8..a559c2e 100644
return addr;
}
-@@ -2704,6 +3194,7 @@ void exit_mmap(struct mm_struct *mm)
+@@ -2735,7 +3232,7 @@ void exit_mmap(struct mm_struct *mm)
+
+ lru_add_drain();
+ flush_cache_mm(mm);
+- tlb_gather_mmu(&tlb, mm, 1);
++ tlb_gather_mmu(&tlb, mm, 0, -1);
+ /* update_hiwater_rss(mm) here? but nobody should be looking */
+ /* Use -1 here to ensure all VMAs in the mm are unmapped */
+ unmap_vmas(&tlb, vma, 0, -1);
+@@ -2750,6 +3247,7 @@ void exit_mmap(struct mm_struct *mm)
while (vma) {
if (vma->vm_flags & VM_ACCOUNT)
nr_accounted += vma_pages(vma);
@@ -84701,7 +86958,7 @@ index 0dceed8..a559c2e 100644
vma = remove_vma(vma);
}
vm_unacct_memory(nr_accounted);
-@@ -2720,6 +3211,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2766,6 +3264,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
struct vm_area_struct *prev;
struct rb_node **rb_link, *rb_parent;
@@ -84715,7 +86972,7 @@ index 0dceed8..a559c2e 100644
/*
* The vm_pgoff of a purely anonymous vma should be irrelevant
* until its first write fault, when page's anon_vma and index
-@@ -2743,7 +3241,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
+@@ -2789,7 +3294,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma)
security_vm_enough_memory_mm(mm, vma_pages(vma)))
return -ENOMEM;
@@ -84737,7 +86994,7 @@ index 0dceed8..a559c2e 100644
return 0;
}
-@@ -2763,6 +3275,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
+@@ -2809,6 +3328,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
struct mempolicy *pol;
bool faulted_in_anon_vma = true;
@@ -84746,7 +87003,7 @@ index 0dceed8..a559c2e 100644
/*
* If anonymous vma has not yet been faulted, update new pgoff
* to match new location, to increase its chance of merging.
-@@ -2829,6 +3343,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
+@@ -2875,6 +3396,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap,
return NULL;
}
@@ -84786,7 +87043,7 @@ index 0dceed8..a559c2e 100644
/*
* Return true if the calling process may expand its vm space by the passed
* number of pages
-@@ -2840,6 +3387,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
+@@ -2886,6 +3440,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages)
lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT;
@@ -84794,7 +87051,7 @@ index 0dceed8..a559c2e 100644
if (cur + npages > lim)
return 0;
return 1;
-@@ -2910,6 +3458,22 @@ int install_special_mapping(struct mm_struct *mm,
+@@ -2956,6 +3511,22 @@ int install_special_mapping(struct mm_struct *mm,
vma->vm_start = addr;
vma->vm_end = addr + len;
@@ -84818,7 +87075,7 @@ index 0dceed8..a559c2e 100644
vma->vm_page_prot = vm_get_page_prot(vma->vm_flags);
diff --git a/mm/mprotect.c b/mm/mprotect.c
-index 94722a4..07d9926 100644
+index 94722a4..e661e29 100644
--- a/mm/mprotect.c
+++ b/mm/mprotect.c
@@ -23,10 +23,18 @@
@@ -85029,7 +87286,7 @@ index 94722a4..07d9926 100644
/* newflags >> 4 shift VM_MAY% in place of VM_% */
if ((newflags & ~(newflags >> 4)) & (VM_READ | VM_WRITE | VM_EXEC)) {
+ if (prot & (PROT_WRITE | PROT_EXEC))
-+ gr_log_rwxmprotect(vma->vm_file);
++ gr_log_rwxmprotect(vma);
+
+ error = -EACCES;
+ goto out;
@@ -85157,18 +87414,18 @@ index 463a257..c0c7a92 100644
out:
if (ret & ~PAGE_MASK)
diff --git a/mm/nommu.c b/mm/nommu.c
-index e001768..9b52b30 100644
+index 298884d..5f74980 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
-@@ -63,7 +63,6 @@ int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */
- int sysctl_overcommit_ratio = 50; /* default is 50% */
- int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT;
+@@ -65,7 +65,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT;
int sysctl_nr_trim_pages = CONFIG_NOMMU_INITIAL_TRIM_EXCESS;
+ unsigned long sysctl_user_reserve_kbytes __read_mostly = 1UL << 17; /* 128MB */
+ unsigned long sysctl_admin_reserve_kbytes __read_mostly = 1UL << 13; /* 8MB */
-int heap_stack_gap = 0;
atomic_long_t mmap_pages_allocated;
-@@ -841,15 +840,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr)
+@@ -842,15 +841,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr)
EXPORT_SYMBOL(find_vma);
/*
@@ -85184,7 +87441,7 @@ index e001768..9b52b30 100644
* expand a stack to a given address
* - not supported under NOMMU conditions
*/
-@@ -1560,6 +1550,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
+@@ -1561,6 +1551,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma,
/* most fields are the same, copy all, and then fixup */
*new = *vma;
@@ -85192,7 +87449,7 @@ index e001768..9b52b30 100644
*region = *vma->vm_region;
new->vm_region = region;
-@@ -1992,8 +1983,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr,
+@@ -1995,8 +1986,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr,
}
EXPORT_SYMBOL(generic_file_remap_pages);
@@ -85203,7 +87460,7 @@ index e001768..9b52b30 100644
{
struct vm_area_struct *vma;
-@@ -2034,8 +2025,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
+@@ -2037,8 +2028,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm,
*
* The caller must hold a reference on @mm.
*/
@@ -85214,7 +87471,7 @@ index e001768..9b52b30 100644
{
return __access_remote_vm(NULL, mm, addr, buf, len, write);
}
-@@ -2044,7 +2035,7 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
+@@ -2047,7 +2038,7 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr,
* Access another process' address space.
* - source/target buffer must be kernel space
*/
@@ -85224,7 +87481,7 @@ index e001768..9b52b30 100644
struct mm_struct *mm;
diff --git a/mm/page-writeback.c b/mm/page-writeback.c
-index efe6814..64b4701 100644
+index 4514ad7..92eaa1c 100644
--- a/mm/page-writeback.c
+++ b/mm/page-writeback.c
@@ -659,7 +659,7 @@ unsigned long bdi_dirty_limit(struct backing_dev_info *bdi, unsigned long dirty)
@@ -85246,18 +87503,18 @@ index efe6814..64b4701 100644
.next = NULL,
};
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index ab62b75..410422f 100644
+index 2ee0fd3..6e2edfb 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
-@@ -59,6 +59,7 @@
- #include <linux/migrate.h>
+@@ -60,6 +60,7 @@
#include <linux/page-debug-flags.h>
+ #include <linux/hugetlb.h>
#include <linux/sched/rt.h>
+#include <linux/random.h>
#include <asm/tlbflush.h>
#include <asm/div64.h>
-@@ -344,7 +345,7 @@ out:
+@@ -345,7 +346,7 @@ out:
* This usage means that zero-order pages may not be compound.
*/
@@ -85266,7 +87523,7 @@ index ab62b75..410422f 100644
{
__free_pages_ok(page, compound_order(page));
}
-@@ -701,6 +702,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
+@@ -702,6 +703,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
int i;
int bad = 0;
@@ -85277,7 +87534,7 @@ index ab62b75..410422f 100644
trace_mm_page_free(page, order);
kmemcheck_free_shadow(page, order);
-@@ -716,6 +721,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
+@@ -717,6 +722,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order)
debug_check_no_obj_freed(page_address(page),
PAGE_SIZE << order);
}
@@ -85290,7 +87547,7 @@ index ab62b75..410422f 100644
arch_free_page(page, order);
kernel_map_pages(page, 1 << order, 0);
-@@ -738,6 +749,19 @@ static void __free_pages_ok(struct page *page, unsigned int order)
+@@ -739,6 +750,19 @@ static void __free_pages_ok(struct page *page, unsigned int order)
local_irq_restore(flags);
}
@@ -85310,7 +87567,7 @@ index ab62b75..410422f 100644
/*
* Read access to zone->managed_pages is safe because it's unsigned long,
* but we still need to serialize writers. Currently all callers of
-@@ -760,6 +784,19 @@ void __meminit __free_pages_bootmem(struct page *page, unsigned int order)
+@@ -761,6 +785,19 @@ void __meminit __free_pages_bootmem(struct page *page, unsigned int order)
set_page_count(p, 0);
}
@@ -85330,7 +87587,7 @@ index ab62b75..410422f 100644
page_zone(page)->managed_pages += 1 << order;
set_page_refcounted(page);
__free_pages(page, order);
-@@ -869,8 +906,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags)
+@@ -870,8 +907,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags)
arch_alloc_page(page, order);
kernel_map_pages(page, 1 << order, 1);
@@ -85342,10 +87599,10 @@ index ab62b75..410422f 100644
if (order && (gfp_flags & __GFP_COMP))
prep_compound_page(page, order);
diff --git a/mm/page_io.c b/mm/page_io.c
-index 6182870..4bba6a2 100644
+index a8a3ef4..7260a60 100644
--- a/mm/page_io.c
+++ b/mm/page_io.c
-@@ -205,7 +205,7 @@ int swap_writepage(struct page *page, struct writeback_control *wbc)
+@@ -214,7 +214,7 @@ int __swap_writepage(struct page *page, struct writeback_control *wbc,
struct file *swap_file = sis->swap_file;
struct address_space *mapping = swap_file->f_mapping;
struct iovec iov = {
@@ -85419,7 +87676,7 @@ index fd26d04..0cea1b0 100644
if (!mm || IS_ERR(mm)) {
rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH;
diff --git a/mm/rmap.c b/mm/rmap.c
-index 807c96b..0e05279 100644
+index 6280da8..b5c090e 100644
--- a/mm/rmap.c
+++ b/mm/rmap.c
@@ -163,6 +163,10 @@ int anon_vma_prepare(struct vm_area_struct *vma)
@@ -85508,20 +87765,33 @@ index 807c96b..0e05279 100644
{
struct anon_vma_chain *avc;
struct anon_vma *anon_vma;
+@@ -373,8 +407,10 @@ static void anon_vma_ctor(void *data)
+ void __init anon_vma_init(void)
+ {
+ anon_vma_cachep = kmem_cache_create("anon_vma", sizeof(struct anon_vma),
+- 0, SLAB_DESTROY_BY_RCU|SLAB_PANIC, anon_vma_ctor);
+- anon_vma_chain_cachep = KMEM_CACHE(anon_vma_chain, SLAB_PANIC);
++ 0, SLAB_DESTROY_BY_RCU|SLAB_PANIC|SLAB_NO_SANITIZE,
++ anon_vma_ctor);
++ anon_vma_chain_cachep = KMEM_CACHE(anon_vma_chain,
++ SLAB_PANIC|SLAB_NO_SANITIZE);
+ }
+
+ /*
diff --git a/mm/shmem.c b/mm/shmem.c
-index 1c44af7..cefe9a6 100644
+index 5e6a842..b41916e 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
-@@ -31,7 +31,7 @@
- #include <linux/export.h>
+@@ -33,7 +33,7 @@
#include <linux/swap.h>
+ #include <linux/aio.h>
-static struct vfsmount *shm_mnt;
+struct vfsmount *shm_mnt;
#ifdef CONFIG_SHMEM
/*
-@@ -75,7 +75,7 @@ static struct vfsmount *shm_mnt;
+@@ -77,7 +77,7 @@ static struct vfsmount *shm_mnt;
#define BOGO_DIRENT_SIZE 20
/* Symlink up to this size is kmalloc'ed instead of using a swappable page */
@@ -85530,7 +87800,7 @@ index 1c44af7..cefe9a6 100644
/*
* shmem_fallocate and shmem_writepage communicate via inode->i_private
-@@ -2201,6 +2201,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
+@@ -2203,6 +2203,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = {
static int shmem_xattr_validate(const char *name)
{
struct { const char *prefix; size_t len; } arr[] = {
@@ -85542,7 +87812,7 @@ index 1c44af7..cefe9a6 100644
{ XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN },
{ XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN }
};
-@@ -2256,6 +2261,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
+@@ -2258,6 +2263,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name,
if (err)
return err;
@@ -85558,7 +87828,7 @@ index 1c44af7..cefe9a6 100644
return simple_xattr_set(&info->xattrs, name, value, size, flags);
}
-@@ -2568,8 +2582,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
+@@ -2570,8 +2584,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent)
int err = -ENOMEM;
/* Round up to L1_CACHE_BYTES to resist false sharing */
@@ -85569,19 +87839,10 @@ index 1c44af7..cefe9a6 100644
return -ENOMEM;
diff --git a/mm/slab.c b/mm/slab.c
-index 856e4a1..fafb820 100644
+index bd88411..2d46fd6 100644
--- a/mm/slab.c
+++ b/mm/slab.c
-@@ -306,7 +306,7 @@ struct kmem_list3 {
- * Need this for bootstrapping a per node allocator.
- */
- #define NUM_INIT_LISTS (3 * MAX_NUMNODES)
--static struct kmem_list3 __initdata initkmem_list3[NUM_INIT_LISTS];
-+static struct kmem_list3 initkmem_list3[NUM_INIT_LISTS];
- #define CACHE_CACHE 0
- #define SIZE_AC MAX_NUMNODES
- #define SIZE_L3 (2 * MAX_NUMNODES)
-@@ -407,10 +407,10 @@ static void kmem_list3_init(struct kmem_list3 *parent)
+@@ -366,10 +366,12 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent)
if ((x)->max_freeable < i) \
(x)->max_freeable = i; \
} while (0)
@@ -85593,10 +87854,21 @@ index 856e4a1..fafb820 100644
+#define STATS_INC_ALLOCMISS(x) atomic_inc_unchecked(&(x)->allocmiss)
+#define STATS_INC_FREEHIT(x) atomic_inc_unchecked(&(x)->freehit)
+#define STATS_INC_FREEMISS(x) atomic_inc_unchecked(&(x)->freemiss)
++#define STATS_INC_SANITIZED(x) atomic_inc_unchecked(&(x)->sanitized)
++#define STATS_INC_NOT_SANITIZED(x) atomic_inc_unchecked(&(x)->not_sanitized)
#else
#define STATS_INC_ACTIVE(x) do { } while (0)
#define STATS_DEC_ACTIVE(x) do { } while (0)
-@@ -518,7 +518,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct slab *slab,
+@@ -386,6 +388,8 @@ static void kmem_cache_node_init(struct kmem_cache_node *parent)
+ #define STATS_INC_ALLOCMISS(x) do { } while (0)
+ #define STATS_INC_FREEHIT(x) do { } while (0)
+ #define STATS_INC_FREEMISS(x) do { } while (0)
++#define STATS_INC_SANITIZED(x) do { } while (0)
++#define STATS_INC_NOT_SANITIZED(x) do { } while (0)
+ #endif
+
+ #if DEBUG
+@@ -477,7 +481,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct slab *slab,
* reciprocal_divide(offset, cache->reciprocal_buffer_size)
*/
static inline unsigned int obj_to_index(const struct kmem_cache *cache,
@@ -85605,36 +87877,7 @@ index 856e4a1..fafb820 100644
{
u32 offset = (obj - slab->s_mem);
return reciprocal_divide(offset, cache->reciprocal_buffer_size);
-@@ -539,12 +539,13 @@ EXPORT_SYMBOL(malloc_sizes);
- struct cache_names {
- char *name;
- char *name_dma;
-+ char *name_usercopy;
- };
-
- static struct cache_names __initdata cache_names[] = {
--#define CACHE(x) { .name = "size-" #x, .name_dma = "size-" #x "(DMA)" },
-+#define CACHE(x) { .name = "size-" #x, .name_dma = "size-" #x "(DMA)", .name_usercopy = "size-" #x "(USERCOPY)" },
- #include <linux/kmalloc_sizes.h>
-- {NULL,}
-+ {NULL}
- #undef CACHE
- };
-
-@@ -729,6 +730,12 @@ static inline struct kmem_cache *__find_general_cachep(size_t size,
- if (unlikely(gfpflags & GFP_DMA))
- return csizep->cs_dmacachep;
- #endif
-+
-+#ifdef CONFIG_PAX_USERCOPY_SLABS
-+ if (unlikely(gfpflags & GFP_USERCOPY))
-+ return csizep->cs_usercopycachep;
-+#endif
-+
- return csizep->cs_cachep;
- }
-
-@@ -1482,7 +1489,7 @@ static int __cpuinit cpuup_callback(struct notifier_block *nfb,
+@@ -1384,7 +1388,7 @@ static int __cpuinit cpuup_callback(struct notifier_block *nfb,
return notifier_from_errno(err);
}
@@ -85643,44 +87886,44 @@ index 856e4a1..fafb820 100644
&cpuup_callback, NULL, 0
};
-@@ -1667,12 +1674,12 @@ void __init kmem_cache_init(void)
+@@ -1565,12 +1569,12 @@ void __init kmem_cache_init(void)
*/
- sizes[INDEX_AC].cs_cachep = create_kmalloc_cache(names[INDEX_AC].name,
-- sizes[INDEX_AC].cs_size, ARCH_KMALLOC_FLAGS);
-+ sizes[INDEX_AC].cs_size, ARCH_KMALLOC_FLAGS|SLAB_USERCOPY);
+ kmalloc_caches[INDEX_AC] = create_kmalloc_cache("kmalloc-ac",
+- kmalloc_size(INDEX_AC), ARCH_KMALLOC_FLAGS);
++ kmalloc_size(INDEX_AC), SLAB_USERCOPY | ARCH_KMALLOC_FLAGS);
- if (INDEX_AC != INDEX_L3)
- sizes[INDEX_L3].cs_cachep =
- create_kmalloc_cache(names[INDEX_L3].name,
-- sizes[INDEX_L3].cs_size, ARCH_KMALLOC_FLAGS);
-+ sizes[INDEX_L3].cs_size, ARCH_KMALLOC_FLAGS|SLAB_USERCOPY);
+ if (INDEX_AC != INDEX_NODE)
+ kmalloc_caches[INDEX_NODE] =
+ create_kmalloc_cache("kmalloc-node",
+- kmalloc_size(INDEX_NODE), ARCH_KMALLOC_FLAGS);
++ kmalloc_size(INDEX_NODE), SLAB_USERCOPY | ARCH_KMALLOC_FLAGS);
slab_early_init = 0;
-@@ -1686,13 +1693,20 @@ void __init kmem_cache_init(void)
- */
- if (!sizes->cs_cachep)
- sizes->cs_cachep = create_kmalloc_cache(names->name,
-- sizes->cs_size, ARCH_KMALLOC_FLAGS);
-+ sizes->cs_size, ARCH_KMALLOC_FLAGS|SLAB_USERCOPY);
+@@ -3583,6 +3587,21 @@ static inline void __cache_free(struct kmem_cache *cachep, void *objp,
+ struct array_cache *ac = cpu_cache_get(cachep);
- #ifdef CONFIG_ZONE_DMA
- sizes->cs_dmacachep = create_kmalloc_cache(
- names->name_dma, sizes->cs_size,
- SLAB_CACHE_DMA|ARCH_KMALLOC_FLAGS);
- #endif
+ check_irq_off();
+
-+#ifdef CONFIG_PAX_USERCOPY_SLABS
-+ sizes->cs_usercopycachep = create_kmalloc_cache(
-+ names->name_usercopy, sizes->cs_size,
-+ ARCH_KMALLOC_FLAGS|SLAB_USERCOPY);
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++ if (pax_sanitize_slab) {
++ if (!(cachep->flags & (SLAB_POISON | SLAB_NO_SANITIZE))) {
++ memset(objp, PAX_MEMORY_SANITIZE_VALUE, cachep->object_size);
++
++ if (cachep->ctor)
++ cachep->ctor(objp);
++
++ STATS_INC_SANITIZED(cachep);
++ } else
++ STATS_INC_NOT_SANITIZED(cachep);
++ }
+#endif
+
- sizes++;
- names++;
- }
-@@ -3924,6 +3938,7 @@ void kfree(const void *objp)
+ kmemleak_free_recursive(objp, cachep->flags);
+ objp = cache_free_debugcheck(cachep, objp, caller);
+
+@@ -3800,6 +3819,7 @@ void kfree(const void *objp)
if (unlikely(ZERO_OR_NULL_PTR(objp)))
return;
@@ -85688,7 +87931,7 @@ index 856e4a1..fafb820 100644
local_irq_save(flags);
kfree_debugcheck(objp);
c = virt_to_cache(objp);
-@@ -4365,10 +4380,10 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep)
+@@ -4241,14 +4261,22 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep)
}
/* cpu stats */
{
@@ -85703,7 +87946,19 @@ index 856e4a1..fafb820 100644
seq_printf(m, " : cpustat %6lu %6lu %6lu %6lu",
allochit, allocmiss, freehit, freemiss);
-@@ -4600,13 +4615,71 @@ static const struct file_operations proc_slabstats_operations = {
+ }
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++ {
++ unsigned long sanitized = atomic_read_unchecked(&cachep->sanitized);
++ unsigned long not_sanitized = atomic_read_unchecked(&cachep->not_sanitized);
++
++ seq_printf(m, " : pax %6lu %6lu", sanitized, not_sanitized);
++ }
++#endif
+ #endif
+ }
+
+@@ -4476,13 +4504,71 @@ static const struct file_operations proc_slabstats_operations = {
static int __init slab_proc_init(void)
{
#ifdef CONFIG_DEBUG_SLAB_LEAK
@@ -85777,19 +88032,36 @@ index 856e4a1..fafb820 100644
* ksize - get the actual amount of memory allocated for a given object
* @objp: Pointer to the object
diff --git a/mm/slab.h b/mm/slab.h
-index 34a98d6..73633d1 100644
+index f96b49e..db1d204 100644
--- a/mm/slab.h
+++ b/mm/slab.h
-@@ -58,7 +58,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size,
+@@ -32,6 +32,15 @@ extern struct list_head slab_caches;
+ /* The slab cache that manages slab cache information */
+ extern struct kmem_cache *kmem_cache;
+
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++#ifdef CONFIG_X86_64
++#define PAX_MEMORY_SANITIZE_VALUE '\xfe'
++#else
++#define PAX_MEMORY_SANITIZE_VALUE '\xff'
++#endif
++extern bool pax_sanitize_slab;
++#endif
++
+ unsigned long calculate_alignment(unsigned long flags,
+ unsigned long align, unsigned long size);
+
+@@ -67,7 +76,8 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size,
/* Legal flag mask for kmem_cache_create(), for various configurations */
#define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | SLAB_PANIC | \
- SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS )
-+ SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS | SLAB_USERCOPY)
++ SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS | \
++ SLAB_USERCOPY | SLAB_NO_SANITIZE)
#if defined(CONFIG_DEBUG_SLAB)
#define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER)
-@@ -220,6 +220,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x)
+@@ -229,6 +239,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x)
return s;
page = virt_to_head_page(x);
@@ -85800,10 +88072,10 @@ index 34a98d6..73633d1 100644
if (slab_equal_or_root(cachep, s))
return cachep;
diff --git a/mm/slab_common.c b/mm/slab_common.c
-index 3f3cd97..93b0236 100644
+index 2d41450..4efe6ee 100644
--- a/mm/slab_common.c
+++ b/mm/slab_common.c
-@@ -22,7 +22,7 @@
+@@ -22,11 +22,22 @@
#include "slab.h"
@@ -85812,7 +88084,22 @@ index 3f3cd97..93b0236 100644
LIST_HEAD(slab_caches);
DEFINE_MUTEX(slab_mutex);
struct kmem_cache *kmem_cache;
-@@ -209,7 +209,7 @@ kmem_cache_create_memcg(struct mem_cgroup *memcg, const char *name, size_t size,
+
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++bool pax_sanitize_slab __read_only = true;
++static int __init pax_sanitize_slab_setup(char *str)
++{
++ pax_sanitize_slab = !!simple_strtol(str, NULL, 0);
++ printk("%sabled PaX slab sanitization\n", pax_sanitize_slab ? "En" : "Dis");
++ return 1;
++}
++__setup("pax_sanitize_slab=", pax_sanitize_slab_setup);
++#endif
++
+ #ifdef CONFIG_DEBUG_VM
+ static int kmem_cache_sanity_check(struct mem_cgroup *memcg, const char *name,
+ size_t size)
+@@ -209,7 +220,7 @@ kmem_cache_create_memcg(struct mem_cgroup *memcg, const char *name, size_t size,
err = __kmem_cache_create(s, flags);
if (!err) {
@@ -85821,7 +88108,7 @@ index 3f3cd97..93b0236 100644
list_add(&s->list, &slab_caches);
memcg_cache_list_add(memcg, s);
} else {
-@@ -255,8 +255,7 @@ void kmem_cache_destroy(struct kmem_cache *s)
+@@ -255,8 +266,7 @@ void kmem_cache_destroy(struct kmem_cache *s)
get_online_cpus();
mutex_lock(&slab_mutex);
@@ -85831,8 +88118,8 @@ index 3f3cd97..93b0236 100644
list_del(&s->list);
if (!__kmem_cache_shutdown(s)) {
-@@ -302,7 +301,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz
- panic("Creation of kmalloc slab %s size=%zd failed. Reason %d\n",
+@@ -302,7 +312,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz
+ panic("Creation of kmalloc slab %s size=%zu failed. Reason %d\n",
name, size, err);
- s->refcount = -1; /* Exempt from merging for now */
@@ -85840,7 +88127,7 @@ index 3f3cd97..93b0236 100644
}
struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
-@@ -315,7 +314,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
+@@ -315,7 +325,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size,
create_boot_cache(s, name, size, flags);
list_add(&s->list, &slab_caches);
@@ -85849,8 +88136,90 @@ index 3f3cd97..93b0236 100644
return s;
}
+@@ -327,6 +337,11 @@ struct kmem_cache *kmalloc_dma_caches[KMALLOC_SHIFT_HIGH + 1];
+ EXPORT_SYMBOL(kmalloc_dma_caches);
+ #endif
+
++#ifdef CONFIG_PAX_USERCOPY_SLABS
++struct kmem_cache *kmalloc_usercopy_caches[KMALLOC_SHIFT_HIGH + 1];
++EXPORT_SYMBOL(kmalloc_usercopy_caches);
++#endif
++
+ /*
+ * Conversion table for small slabs sizes / 8 to the index in the
+ * kmalloc array. This is necessary for slabs < 192 since we have non power
+@@ -391,6 +406,13 @@ struct kmem_cache *kmalloc_slab(size_t size, gfp_t flags)
+ return kmalloc_dma_caches[index];
+
+ #endif
++
++#ifdef CONFIG_PAX_USERCOPY_SLABS
++ if (unlikely((flags & GFP_USERCOPY)))
++ return kmalloc_usercopy_caches[index];
++
++#endif
++
+ return kmalloc_caches[index];
+ }
+
+@@ -447,7 +469,7 @@ void __init create_kmalloc_caches(unsigned long flags)
+ for (i = KMALLOC_SHIFT_LOW; i <= KMALLOC_SHIFT_HIGH; i++) {
+ if (!kmalloc_caches[i]) {
+ kmalloc_caches[i] = create_kmalloc_cache(NULL,
+- 1 << i, flags);
++ 1 << i, SLAB_USERCOPY | flags);
+ }
+
+ /*
+@@ -456,10 +478,10 @@ void __init create_kmalloc_caches(unsigned long flags)
+ * earlier power of two caches
+ */
+ if (KMALLOC_MIN_SIZE <= 32 && !kmalloc_caches[1] && i == 6)
+- kmalloc_caches[1] = create_kmalloc_cache(NULL, 96, flags);
++ kmalloc_caches[1] = create_kmalloc_cache(NULL, 96, SLAB_USERCOPY | flags);
+
+ if (KMALLOC_MIN_SIZE <= 64 && !kmalloc_caches[2] && i == 7)
+- kmalloc_caches[2] = create_kmalloc_cache(NULL, 192, flags);
++ kmalloc_caches[2] = create_kmalloc_cache(NULL, 192, SLAB_USERCOPY | flags);
+ }
+
+ /* Kmalloc array is now usable */
+@@ -492,6 +514,23 @@ void __init create_kmalloc_caches(unsigned long flags)
+ }
+ }
+ #endif
++
++#ifdef CONFIG_PAX_USERCOPY_SLABS
++ for (i = 0; i <= KMALLOC_SHIFT_HIGH; i++) {
++ struct kmem_cache *s = kmalloc_caches[i];
++
++ if (s) {
++ int size = kmalloc_size(i);
++ char *n = kasprintf(GFP_NOWAIT,
++ "usercopy-kmalloc-%d", size);
++
++ BUG_ON(!n);
++ kmalloc_usercopy_caches[i] = create_kmalloc_cache(n,
++ size, SLAB_USERCOPY | flags);
++ }
++ }
++#endif
++
+ }
+ #endif /* !CONFIG_SLOB */
+
+@@ -516,6 +555,9 @@ void print_slabinfo_header(struct seq_file *m)
+ seq_puts(m, " : globalstat <listallocs> <maxobjs> <grown> <reaped> "
+ "<error> <maxfreeable> <nodeallocs> <remotefrees> <alienoverflow>");
+ seq_puts(m, " : cpustat <allochit> <allocmiss> <freehit> <freemiss>");
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++ seq_puts(m, " : pax <sanitized> <not_sanitized>");
++#endif
+ #endif
+ seq_putc(m, '\n');
+ }
diff --git a/mm/slob.c b/mm/slob.c
-index eeed4a0..6ee34ec 100644
+index eeed4a0..bb0e9ab 100644
--- a/mm/slob.c
+++ b/mm/slob.c
@@ -157,7 +157,7 @@ static void set_slob(slob_t *s, slobidx_t size, slob_t *next)
@@ -85905,7 +88274,7 @@ index eeed4a0..6ee34ec 100644
current->reclaim_state->reclaimed_slab += 1 << order;
- free_pages((unsigned long)b, order);
+ __ClearPageSlab(sp);
-+ reset_page_mapcount(sp);
++ page_mapcount_reset(sp);
+ sp->private = 0;
+ __free_pages(sp, order);
}
@@ -85931,7 +88300,7 @@ index eeed4a0..6ee34ec 100644
INIT_LIST_HEAD(&sp->list);
set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE));
set_slob_page_free(sp, slob_list);
-@@ -359,9 +363,7 @@ static void slob_free(void *block, int size)
+@@ -359,12 +363,15 @@ static void slob_free(void *block, int size)
if (slob_page_free(sp))
clear_slob_page_free(sp);
spin_unlock_irqrestore(&slob_lock, flags);
@@ -85942,7 +88311,15 @@ index eeed4a0..6ee34ec 100644
return;
}
-@@ -424,11 +426,10 @@ out:
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++ if (pax_sanitize_slab)
++ memset(block, PAX_MEMORY_SANITIZE_VALUE, size);
++#endif
++
+ if (!slob_page_free(sp)) {
+ /* This slob page is about to become partially free. Easy! */
+ sp->units = units;
+@@ -424,11 +431,10 @@ out:
*/
static __always_inline void *
@@ -85957,7 +88334,7 @@ index eeed4a0..6ee34ec 100644
gfp &= gfp_allowed_mask;
-@@ -442,23 +443,41 @@ __do_kmalloc_node(size_t size, gfp_t gfp, int node, unsigned long caller)
+@@ -442,23 +448,41 @@ __do_kmalloc_node(size_t size, gfp_t gfp, int node, unsigned long caller)
if (!m)
return NULL;
@@ -86002,7 +88379,7 @@ index eeed4a0..6ee34ec 100644
return ret;
}
-@@ -493,34 +512,112 @@ void kfree(const void *block)
+@@ -493,34 +517,112 @@ void kfree(const void *block)
return;
kmemleak_free(block);
@@ -86019,7 +88396,7 @@ index eeed4a0..6ee34ec 100644
+ slob_free(m, m[0].units + align);
+ } else {
+ __ClearPageSlab(sp);
-+ reset_page_mapcount(sp);
++ page_mapcount_reset(sp);
+ sp->private = 0;
__free_pages(sp, compound_order(sp));
+ }
@@ -86124,7 +88501,7 @@ index eeed4a0..6ee34ec 100644
}
EXPORT_SYMBOL(ksize);
-@@ -536,23 +633,33 @@ int __kmem_cache_create(struct kmem_cache *c, unsigned long flags)
+@@ -536,23 +638,33 @@ int __kmem_cache_create(struct kmem_cache *c, unsigned long flags)
void *kmem_cache_alloc_node(struct kmem_cache *c, gfp_t flags, int node)
{
@@ -86160,7 +88537,7 @@ index eeed4a0..6ee34ec 100644
if (c->ctor)
c->ctor(b);
-@@ -564,10 +671,14 @@ EXPORT_SYMBOL(kmem_cache_alloc_node);
+@@ -564,10 +676,14 @@ EXPORT_SYMBOL(kmem_cache_alloc_node);
static void __kmem_cache_free(void *b, int size)
{
@@ -86177,7 +88554,7 @@ index eeed4a0..6ee34ec 100644
}
static void kmem_rcu_free(struct rcu_head *head)
-@@ -580,17 +691,31 @@ static void kmem_rcu_free(struct rcu_head *head)
+@@ -580,17 +696,31 @@ static void kmem_rcu_free(struct rcu_head *head)
void kmem_cache_free(struct kmem_cache *c, void *b)
{
@@ -86213,10 +88590,10 @@ index eeed4a0..6ee34ec 100644
EXPORT_SYMBOL(kmem_cache_free);
diff --git a/mm/slub.c b/mm/slub.c
-index 4aec537..8043df1 100644
+index 57707f0..7857bd3 100644
--- a/mm/slub.c
+++ b/mm/slub.c
-@@ -197,7 +197,7 @@ struct track {
+@@ -198,7 +198,7 @@ struct track {
enum track_item { TRACK_ALLOC, TRACK_FREE };
@@ -86225,7 +88602,7 @@ index 4aec537..8043df1 100644
static int sysfs_slab_add(struct kmem_cache *);
static int sysfs_slab_alias(struct kmem_cache *, const char *);
static void sysfs_slab_remove(struct kmem_cache *);
-@@ -518,7 +518,7 @@ static void print_track(const char *s, struct track *t)
+@@ -519,7 +519,7 @@ static void print_track(const char *s, struct track *t)
if (!t->addr)
return;
@@ -86234,7 +88611,22 @@ index 4aec537..8043df1 100644
s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid);
#ifdef CONFIG_STACKTRACE
{
-@@ -2653,7 +2653,7 @@ static int slub_min_objects;
+@@ -2594,6 +2594,14 @@ static __always_inline void slab_free(struct kmem_cache *s,
+
+ slab_free_hook(s, x);
+
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++ if (pax_sanitize_slab && !(s->flags & SLAB_NO_SANITIZE)) {
++ memset(x, PAX_MEMORY_SANITIZE_VALUE, s->object_size);
++ if (s->ctor)
++ s->ctor(x);
++ }
++#endif
++
+ redo:
+ /*
+ * Determine the currently cpus per cpu slab.
+@@ -2661,7 +2669,7 @@ static int slub_min_objects;
* Merge control. If this is set then no merging of slab caches will occur.
* (Could be removed. This was introduced to pacify the merge skeptics.)
*/
@@ -86243,32 +88635,17 @@ index 4aec537..8043df1 100644
/*
* Calculate the order of allocation given an slab object size.
-@@ -3181,6 +3181,10 @@ EXPORT_SYMBOL(kmalloc_caches);
- static struct kmem_cache *kmalloc_dma_caches[SLUB_PAGE_SHIFT];
- #endif
+@@ -2938,6 +2946,9 @@ static int calculate_sizes(struct kmem_cache *s, int forced_order)
+ s->inuse = size;
-+#ifdef CONFIG_PAX_USERCOPY_SLABS
-+static struct kmem_cache *kmalloc_usercopy_caches[SLUB_PAGE_SHIFT];
-+#endif
-+
- static int __init setup_slub_min_order(char *str)
- {
- get_option(&str, &slub_min_order);
-@@ -3272,6 +3276,13 @@ static struct kmem_cache *get_slab(size_t size, gfp_t flags)
- return kmalloc_dma_caches[index];
-
- #endif
-+
-+#ifdef CONFIG_PAX_USERCOPY_SLABS
-+ if (flags & SLAB_USERCOPY)
-+ return kmalloc_usercopy_caches[index];
-+
+ if (((flags & (SLAB_DESTROY_BY_RCU | SLAB_POISON)) ||
++#ifdef CONFIG_PAX_MEMORY_SANITIZE
++ (pax_sanitize_slab && !(flags & SLAB_NO_SANITIZE)) ||
+#endif
-+
- return kmalloc_caches[index];
- }
-
-@@ -3340,6 +3351,59 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node)
+ s->ctor)) {
+ /*
+ * Relocate free pointer after the object if it is not
+@@ -3283,6 +3294,59 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node)
EXPORT_SYMBOL(__kmalloc_node);
#endif
@@ -86328,7 +88705,7 @@ index 4aec537..8043df1 100644
size_t ksize(const void *object)
{
struct page *page;
-@@ -3404,6 +3468,7 @@ void kfree(const void *x)
+@@ -3347,6 +3411,7 @@ void kfree(const void *x)
if (unlikely(ZERO_OR_NULL_PTR(x)))
return;
@@ -86336,51 +88713,7 @@ index 4aec537..8043df1 100644
page = virt_to_head_page(x);
if (unlikely(!PageSlab(page))) {
BUG_ON(!PageCompound(page));
-@@ -3712,17 +3777,17 @@ void __init kmem_cache_init(void)
-
- /* Caches that are not of the two-to-the-power-of size */
- if (KMALLOC_MIN_SIZE <= 32) {
-- kmalloc_caches[1] = create_kmalloc_cache("kmalloc-96", 96, 0);
-+ kmalloc_caches[1] = create_kmalloc_cache("kmalloc-96", 96, SLAB_USERCOPY);
- caches++;
- }
-
- if (KMALLOC_MIN_SIZE <= 64) {
-- kmalloc_caches[2] = create_kmalloc_cache("kmalloc-192", 192, 0);
-+ kmalloc_caches[2] = create_kmalloc_cache("kmalloc-192", 192, SLAB_USERCOPY);
- caches++;
- }
-
- for (i = KMALLOC_SHIFT_LOW; i < SLUB_PAGE_SHIFT; i++) {
-- kmalloc_caches[i] = create_kmalloc_cache("kmalloc", 1 << i, 0);
-+ kmalloc_caches[i] = create_kmalloc_cache("kmalloc", 1 << i, SLAB_USERCOPY);
- caches++;
- }
-
-@@ -3764,6 +3829,22 @@ void __init kmem_cache_init(void)
- }
- }
- #endif
-+
-+#ifdef CONFIG_PAX_USERCOPY_SLABS
-+ for (i = 0; i < SLUB_PAGE_SHIFT; i++) {
-+ struct kmem_cache *s = kmalloc_caches[i];
-+
-+ if (s && s->size) {
-+ char *name = kasprintf(GFP_NOWAIT,
-+ "usercopy-kmalloc-%d", s->object_size);
-+
-+ BUG_ON(!name);
-+ kmalloc_usercopy_caches[i] = create_kmalloc_cache(name,
-+ s->object_size, SLAB_USERCOPY);
-+ }
-+ }
-+#endif
-+
- printk(KERN_INFO
- "SLUB: Genslabs=%d, HWalign=%d, Order=%d-%d, MinObjects=%d,"
- " CPUs=%d, Nodes=%d\n",
-@@ -3790,7 +3871,7 @@ static int slab_unmergeable(struct kmem_cache *s)
+@@ -3652,7 +3717,7 @@ static int slab_unmergeable(struct kmem_cache *s)
/*
* We may have set a slab to be unmergeable during bootstrap.
*/
@@ -86389,7 +88722,7 @@ index 4aec537..8043df1 100644
return 1;
return 0;
-@@ -3848,7 +3929,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size,
+@@ -3710,7 +3775,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size,
s = find_mergeable(memcg, size, align, flags, name, ctor);
if (s) {
@@ -86398,7 +88731,7 @@ index 4aec537..8043df1 100644
/*
* Adjust the object sizes so that we clear
* the complete object on kzalloc.
-@@ -3857,7 +3938,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size,
+@@ -3719,7 +3784,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size,
s->inuse = max_t(int, s->inuse, ALIGN(size, sizeof(void *)));
if (sysfs_slab_alias(s, name)) {
@@ -86407,7 +88740,7 @@ index 4aec537..8043df1 100644
s = NULL;
}
}
-@@ -3919,7 +4000,7 @@ static int __cpuinit slab_cpuup_callback(struct notifier_block *nfb,
+@@ -3781,7 +3846,7 @@ static int __cpuinit slab_cpuup_callback(struct notifier_block *nfb,
return NOTIFY_OK;
}
@@ -86416,7 +88749,7 @@ index 4aec537..8043df1 100644
.notifier_call = slab_cpuup_callback
};
-@@ -3977,7 +4058,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags,
+@@ -3839,7 +3904,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags,
}
#endif
@@ -86425,7 +88758,7 @@ index 4aec537..8043df1 100644
static int count_inuse(struct page *page)
{
return page->inuse;
-@@ -4364,12 +4445,12 @@ static void resiliency_test(void)
+@@ -4226,12 +4291,12 @@ static void resiliency_test(void)
validate_slab_cache(kmalloc_caches[9]);
}
#else
@@ -86440,7 +88773,7 @@ index 4aec537..8043df1 100644
enum slab_stat_type {
SL_ALL, /* All slabs */
SL_PARTIAL, /* Only partially allocated slabs */
-@@ -4613,7 +4694,7 @@ SLAB_ATTR_RO(ctor);
+@@ -4475,7 +4540,7 @@ SLAB_ATTR_RO(ctor);
static ssize_t aliases_show(struct kmem_cache *s, char *buf)
{
@@ -86449,7 +88782,32 @@ index 4aec537..8043df1 100644
}
SLAB_ATTR_RO(aliases);
-@@ -5266,6 +5347,7 @@ static char *create_unique_id(struct kmem_cache *s)
+@@ -4563,6 +4628,14 @@ static ssize_t cache_dma_show(struct kmem_cache *s, char *buf)
+ SLAB_ATTR_RO(cache_dma);
+ #endif
+
++#ifdef CONFIG_PAX_USERCOPY_SLABS
++static ssize_t usercopy_show(struct kmem_cache *s, char *buf)
++{
++ return sprintf(buf, "%d\n", !!(s->flags & SLAB_USERCOPY));
++}
++SLAB_ATTR_RO(usercopy);
++#endif
++
+ static ssize_t destroy_by_rcu_show(struct kmem_cache *s, char *buf)
+ {
+ return sprintf(buf, "%d\n", !!(s->flags & SLAB_DESTROY_BY_RCU));
+@@ -4897,6 +4970,9 @@ static struct attribute *slab_attrs[] = {
+ #ifdef CONFIG_ZONE_DMA
+ &cache_dma_attr.attr,
+ #endif
++#ifdef CONFIG_PAX_USERCOPY_SLABS
++ &usercopy_attr.attr,
++#endif
+ #ifdef CONFIG_NUMA
+ &remote_node_defrag_ratio_attr.attr,
+ #endif
+@@ -5128,6 +5204,7 @@ static char *create_unique_id(struct kmem_cache *s)
return name;
}
@@ -86457,7 +88815,7 @@ index 4aec537..8043df1 100644
static int sysfs_slab_add(struct kmem_cache *s)
{
int err;
-@@ -5289,7 +5371,7 @@ static int sysfs_slab_add(struct kmem_cache *s)
+@@ -5151,7 +5228,7 @@ static int sysfs_slab_add(struct kmem_cache *s)
}
s->kobj.kset = slab_kset;
@@ -86466,7 +88824,7 @@ index 4aec537..8043df1 100644
if (err) {
kobject_put(&s->kobj);
return err;
-@@ -5323,6 +5405,7 @@ static void sysfs_slab_remove(struct kmem_cache *s)
+@@ -5185,6 +5262,7 @@ static void sysfs_slab_remove(struct kmem_cache *s)
kobject_del(&s->kobj);
kobject_put(&s->kobj);
}
@@ -86474,7 +88832,7 @@ index 4aec537..8043df1 100644
/*
* Need to buffer aliases during bootup until sysfs becomes
-@@ -5336,6 +5419,7 @@ struct saved_alias {
+@@ -5198,6 +5276,7 @@ struct saved_alias {
static struct saved_alias *alias_list;
@@ -86482,7 +88840,7 @@ index 4aec537..8043df1 100644
static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
{
struct saved_alias *al;
-@@ -5358,6 +5442,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
+@@ -5220,6 +5299,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name)
alias_list = al;
return 0;
}
@@ -86491,10 +88849,10 @@ index 4aec537..8043df1 100644
static int __init slab_sysfs_init(void)
{
diff --git a/mm/sparse-vmemmap.c b/mm/sparse-vmemmap.c
-index 1b7e22a..3fcd4f3 100644
+index 27eeab3..7c3f7f2 100644
--- a/mm/sparse-vmemmap.c
+++ b/mm/sparse-vmemmap.c
-@@ -128,7 +128,7 @@ pud_t * __meminit vmemmap_pud_populate(pgd_t *pgd, unsigned long addr, int node)
+@@ -130,7 +130,7 @@ pud_t * __meminit vmemmap_pud_populate(pgd_t *pgd, unsigned long addr, int node)
void *p = vmemmap_alloc_block(PAGE_SIZE, node);
if (!p)
return NULL;
@@ -86503,7 +88861,7 @@ index 1b7e22a..3fcd4f3 100644
}
return pud;
}
-@@ -140,7 +140,7 @@ pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node)
+@@ -142,7 +142,7 @@ pgd_t * __meminit vmemmap_pgd_populate(unsigned long addr, int node)
void *p = vmemmap_alloc_block(PAGE_SIZE, node);
if (!p)
return NULL;
@@ -86513,10 +88871,10 @@ index 1b7e22a..3fcd4f3 100644
return pgd;
}
diff --git a/mm/sparse.c b/mm/sparse.c
-index 7ca6dc8..6472aa1 100644
+index 1c91f0d3..485470a 100644
--- a/mm/sparse.c
+++ b/mm/sparse.c
-@@ -783,7 +783,7 @@ static void clear_hwpoisoned_pages(struct page *memmap, int nr_pages)
+@@ -761,7 +761,7 @@ static void clear_hwpoisoned_pages(struct page *memmap, int nr_pages)
for (i = 0; i < PAGES_PER_SECTION; i++) {
if (PageHWPoison(&memmap[i])) {
@@ -86526,18 +88884,18 @@ index 7ca6dc8..6472aa1 100644
}
}
diff --git a/mm/swap.c b/mm/swap.c
-index 8a529a0..154ef26 100644
+index dfd7d71..ccdf688 100644
--- a/mm/swap.c
+++ b/mm/swap.c
-@@ -30,6 +30,7 @@
- #include <linux/backing-dev.h>
+@@ -31,6 +31,7 @@
#include <linux/memcontrol.h>
#include <linux/gfp.h>
+ #include <linux/uio.h>
+#include <linux/hugetlb.h>
#include "internal.h"
-@@ -72,6 +73,8 @@ static void __put_compound_page(struct page *page)
+@@ -73,6 +74,8 @@ static void __put_compound_page(struct page *page)
__page_cache_release(page);
dtor = get_compound_page_dtor(page);
@@ -86547,7 +88905,7 @@ index 8a529a0..154ef26 100644
}
diff --git a/mm/swapfile.c b/mm/swapfile.c
-index a1f7772..9e982ac 100644
+index 746af55b..7ac94ae 100644
--- a/mm/swapfile.c
+++ b/mm/swapfile.c
@@ -66,7 +66,7 @@ static DEFINE_MUTEX(swapon_mutex);
@@ -86559,7 +88917,7 @@ index a1f7772..9e982ac 100644
static inline unsigned char swap_count(unsigned char ent)
{
-@@ -1683,7 +1683,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
+@@ -1684,7 +1684,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile)
}
filp_close(swap_file, NULL);
err = 0;
@@ -86568,7 +88926,7 @@ index a1f7772..9e982ac 100644
wake_up_interruptible(&proc_poll_wait);
out_dput:
-@@ -1700,8 +1700,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait)
+@@ -1701,8 +1701,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait)
poll_wait(file, &proc_poll_wait, wait);
@@ -86579,7 +88937,7 @@ index a1f7772..9e982ac 100644
return POLLIN | POLLRDNORM | POLLERR | POLLPRI;
}
-@@ -1799,7 +1799,7 @@ static int swaps_open(struct inode *inode, struct file *file)
+@@ -1800,7 +1800,7 @@ static int swaps_open(struct inode *inode, struct file *file)
return ret;
seq = file->private_data;
@@ -86588,7 +88946,7 @@ index a1f7772..9e982ac 100644
return 0;
}
-@@ -2142,7 +2142,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags)
+@@ -2143,7 +2143,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags)
(frontswap_map) ? "FS" : "");
mutex_unlock(&swapon_mutex);
@@ -86615,10 +88973,10 @@ index ab1424d..7c5bd5a 100644
mm->unmap_area = arch_unmap_area;
}
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index 0f751f2..2bc3bd1 100644
+index d365724..6cae7c2 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
-@@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
+@@ -59,8 +59,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
pte = pte_offset_kernel(pmd, addr);
do {
@@ -86640,7 +88998,7 @@ index 0f751f2..2bc3bd1 100644
} while (pte++, addr += PAGE_SIZE, addr != end);
}
-@@ -100,16 +111,29 @@ static int vmap_pte_range(pmd_t *pmd, unsigned long addr,
+@@ -120,16 +131,29 @@ static int vmap_pte_range(pmd_t *pmd, unsigned long addr,
pte = pte_alloc_kernel(pmd, addr);
if (!pte)
return -ENOMEM;
@@ -86672,7 +89030,7 @@ index 0f751f2..2bc3bd1 100644
return 0;
}
-@@ -119,7 +143,7 @@ static int vmap_pmd_range(pud_t *pud, unsigned long addr,
+@@ -139,7 +163,7 @@ static int vmap_pmd_range(pud_t *pud, unsigned long addr,
pmd_t *pmd;
unsigned long next;
@@ -86681,7 +89039,7 @@ index 0f751f2..2bc3bd1 100644
if (!pmd)
return -ENOMEM;
do {
-@@ -136,7 +160,7 @@ static int vmap_pud_range(pgd_t *pgd, unsigned long addr,
+@@ -156,7 +180,7 @@ static int vmap_pud_range(pgd_t *pgd, unsigned long addr,
pud_t *pud;
unsigned long next;
@@ -86690,7 +89048,7 @@ index 0f751f2..2bc3bd1 100644
if (!pud)
return -ENOMEM;
do {
-@@ -196,6 +220,12 @@ int is_vmalloc_or_module_addr(const void *x)
+@@ -216,6 +240,12 @@ int is_vmalloc_or_module_addr(const void *x)
if (addr >= MODULES_VADDR && addr < MODULES_END)
return 1;
#endif
@@ -86703,7 +89061,7 @@ index 0f751f2..2bc3bd1 100644
return is_vmalloc_addr(x);
}
-@@ -216,8 +246,14 @@ struct page *vmalloc_to_page(const void *vmalloc_addr)
+@@ -236,8 +266,14 @@ struct page *vmalloc_to_page(const void *vmalloc_addr)
if (!pgd_none(*pgd)) {
pud_t *pud = pud_offset(pgd, addr);
@@ -86718,7 +89076,7 @@ index 0f751f2..2bc3bd1 100644
if (!pmd_none(*pmd)) {
pte_t *ptep, pte;
-@@ -329,7 +365,7 @@ static void purge_vmap_area_lazy(void);
+@@ -339,7 +375,7 @@ static void purge_vmap_area_lazy(void);
* Allocate a region of KVA of the specified size and alignment, within the
* vstart and vend.
*/
@@ -86727,7 +89085,7 @@ index 0f751f2..2bc3bd1 100644
unsigned long align,
unsigned long vstart, unsigned long vend,
int node, gfp_t gfp_mask)
-@@ -1328,6 +1364,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
+@@ -1337,6 +1373,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
struct vm_struct *area;
BUG_ON(in_interrupt());
@@ -86744,7 +89102,7 @@ index 0f751f2..2bc3bd1 100644
if (flags & VM_IOREMAP) {
int bit = fls(size);
-@@ -1569,6 +1615,11 @@ void *vmap(struct page **pages, unsigned int count,
+@@ -1581,6 +1627,11 @@ void *vmap(struct page **pages, unsigned int count,
if (count > totalram_pages)
return NULL;
@@ -86756,7 +89114,7 @@ index 0f751f2..2bc3bd1 100644
area = get_vm_area_caller((count << PAGE_SHIFT), flags,
__builtin_return_address(0));
if (!area)
-@@ -1670,6 +1721,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
+@@ -1682,6 +1733,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
if (!size || (size >> PAGE_SHIFT) > totalram_pages)
goto fail;
@@ -86770,7 +89128,7 @@ index 0f751f2..2bc3bd1 100644
area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST,
start, end, node, gfp_mask, caller);
if (!area)
-@@ -1845,10 +1903,9 @@ EXPORT_SYMBOL(vzalloc_node);
+@@ -1858,10 +1916,9 @@ EXPORT_SYMBOL(vzalloc_node);
* For tight control over page level allocator and protection flags
* use __vmalloc() instead.
*/
@@ -86782,7 +89140,7 @@ index 0f751f2..2bc3bd1 100644
NUMA_NO_NODE, __builtin_return_address(0));
}
-@@ -2139,6 +2196,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
+@@ -2168,6 +2225,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
unsigned long uaddr = vma->vm_start;
unsigned long usize = vma->vm_end - vma->vm_start;
@@ -86791,7 +89149,7 @@ index 0f751f2..2bc3bd1 100644
if ((PAGE_SIZE-1) & (unsigned long)addr)
return -EINVAL;
-@@ -2578,7 +2637,11 @@ static int s_show(struct seq_file *m, void *p)
+@@ -2629,7 +2688,11 @@ static int s_show(struct seq_file *m, void *p)
v->addr, v->addr + v->size, v->size);
if (v->caller)
@@ -86804,10 +89162,10 @@ index 0f751f2..2bc3bd1 100644
if (v->nr_pages)
seq_printf(m, " pages=%d", v->nr_pages);
diff --git a/mm/vmstat.c b/mm/vmstat.c
-index e1d8ed1..253fa3c 100644
+index f42745e..62f8346 100644
--- a/mm/vmstat.c
+++ b/mm/vmstat.c
-@@ -78,7 +78,7 @@ void vm_events_fold_cpu(int cpu)
+@@ -76,7 +76,7 @@ void vm_events_fold_cpu(int cpu)
*
* vm_stat contains the global counters
*/
@@ -86816,7 +89174,7 @@ index e1d8ed1..253fa3c 100644
EXPORT_SYMBOL(vm_stat);
#ifdef CONFIG_SMP
-@@ -454,7 +454,7 @@ void refresh_cpu_vm_stats(int cpu)
+@@ -452,7 +452,7 @@ void refresh_cpu_vm_stats(int cpu)
v = p->vm_stat_diff[i];
p->vm_stat_diff[i] = 0;
local_irq_restore(flags);
@@ -86825,7 +89183,7 @@ index e1d8ed1..253fa3c 100644
global_diff[i] += v;
#ifdef CONFIG_NUMA
/* 3 seconds idle till flush */
-@@ -492,7 +492,7 @@ void refresh_cpu_vm_stats(int cpu)
+@@ -490,7 +490,7 @@ void refresh_cpu_vm_stats(int cpu)
for (i = 0; i < NR_VM_ZONE_STAT_ITEMS; i++)
if (global_diff[i])
@@ -86833,8 +89191,8 @@ index e1d8ed1..253fa3c 100644
+ atomic_long_add_unchecked(global_diff[i], &vm_stat[i]);
}
- void drain_zonestat(struct zone *zone, struct per_cpu_pageset *pset)
-@@ -503,8 +503,8 @@ void drain_zonestat(struct zone *zone, struct per_cpu_pageset *pset)
+ /*
+@@ -505,8 +505,8 @@ void drain_zonestat(struct zone *zone, struct per_cpu_pageset *pset)
if (pset->vm_stat_diff[i]) {
int v = pset->vm_stat_diff[i];
pset->vm_stat_diff[i] = 0;
@@ -86845,7 +89203,7 @@ index e1d8ed1..253fa3c 100644
}
}
#endif
-@@ -1224,7 +1224,7 @@ static int __cpuinit vmstat_cpuup_callback(struct notifier_block *nfb,
+@@ -1226,7 +1226,7 @@ static int __cpuinit vmstat_cpuup_callback(struct notifier_block *nfb,
return NOTIFY_OK;
}
@@ -86854,7 +89212,7 @@ index e1d8ed1..253fa3c 100644
{ &vmstat_cpuup_callback, NULL, 0 };
#endif
-@@ -1239,10 +1239,20 @@ static int __init setup_vmstat(void)
+@@ -1241,10 +1241,20 @@ static int __init setup_vmstat(void)
start_cpu_timer(cpu);
#endif
#ifdef CONFIG_PROC_FS
@@ -86880,24 +89238,10 @@ index e1d8ed1..253fa3c 100644
return 0;
}
diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c
-index 85addcd..c429a13 100644
+index 9424f37..6aabf19 100644
--- a/net/8021q/vlan.c
+++ b/net/8021q/vlan.c
-@@ -114,6 +114,13 @@ void unregister_vlan_dev(struct net_device *dev, struct list_head *head)
- if (vlan_id)
- vlan_vid_del(real_dev, vlan_id);
-
-+ /* Take it out of our own structures, but be sure to interlock with
-+ * HW accelerating devices or SW vlan input packet processing if
-+ * VLAN is not 0 (leave it there for 802.1p).
-+ */
-+ if (vlan_id)
-+ vlan_vid_del(real_dev, vlan_id);
-+
- /* Get rid of the vlan's reference to real_dev */
- dev_put(real_dev);
- }
-@@ -496,7 +503,7 @@ out:
+@@ -469,7 +469,7 @@ out:
return NOTIFY_DONE;
}
@@ -86906,7 +89250,7 @@ index 85addcd..c429a13 100644
.notifier_call = vlan_device_event,
};
-@@ -571,8 +578,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
+@@ -544,8 +544,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg)
err = -EPERM;
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
break;
@@ -86916,44 +89260,6 @@ index 85addcd..c429a13 100644
struct vlan_net *vn;
vn = net_generic(net, vlan_net_id);
-diff --git a/net/8021q/vlan_core.c b/net/8021q/vlan_core.c
-index f3b6f51..6c205fc 100644
---- a/net/8021q/vlan_core.c
-+++ b/net/8021q/vlan_core.c
-@@ -8,7 +8,7 @@
- bool vlan_do_receive(struct sk_buff **skbp)
- {
- struct sk_buff *skb = *skbp;
-- u16 vlan_id = skb->vlan_tci & VLAN_VID_MASK;
-+ u16 vlan_id = vlan_tx_tag_get_id(skb);
- struct net_device *vlan_dev;
- struct vlan_pcpu_stats *rx_stats;
-
-diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
-index 63bd98c..c09b2b0 100644
---- a/net/8021q/vlan_dev.c
-+++ b/net/8021q/vlan_dev.c
-@@ -73,6 +73,8 @@ vlan_dev_get_egress_qos_mask(struct net_device *dev, struct sk_buff *skb)
- {
- struct vlan_priority_tci_mapping *mp;
-
-+ smp_rmb(); /* coupled with smp_wmb() in vlan_dev_set_egress_priority() */
-+
- mp = vlan_dev_priv(dev)->egress_priority_map[(skb->priority & 0xF)];
- while (mp) {
- if (mp->priority == skb->priority) {
-@@ -248,6 +250,11 @@ int vlan_dev_set_egress_priority(const struct net_device *dev,
- np->next = mp;
- np->priority = skb_prio;
- np->vlan_qos = vlan_qos;
-+ /* Before inserting this element in hash table, make sure all its fields
-+ * are committed to memory.
-+ * coupled with smp_rmb() in vlan_dev_get_egress_qos_mask()
-+ */
-+ smp_wmb();
- vlan->egress_priority_map[skb_prio & 0xF] = np;
- if (vlan_qos)
- vlan->nr_egress_mappings++;
diff --git a/net/9p/mod.c b/net/9p/mod.c
index 6ab36ae..6f1841b 100644
--- a/net/9p/mod.c
@@ -86976,27 +89282,6 @@ index 6ab36ae..6f1841b 100644
spin_unlock(&v9fs_trans_lock);
}
EXPORT_SYMBOL(v9fs_unregister_trans);
-diff --git a/net/9p/trans_common.c b/net/9p/trans_common.c
-index de8df95..2ee3879 100644
---- a/net/9p/trans_common.c
-+++ b/net/9p/trans_common.c
-@@ -24,11 +24,11 @@
- */
- void p9_release_pages(struct page **pages, int nr_pages)
- {
-- int i = 0;
-- while (pages[i] && nr_pages--) {
-- put_page(pages[i]);
-- i++;
-- }
-+ int i;
-+
-+ for (i = 0; i < nr_pages; i++)
-+ if (pages[i])
-+ put_page(pages[i]);
- }
- EXPORT_SYMBOL(p9_release_pages);
-
diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
index 02efb25..41541a9 100644
--- a/net/9p/trans_fd.c
@@ -87051,7 +89336,7 @@ index 876fbe8..8bbea9f 100644
#undef __HANDLE_ITEM
}
diff --git a/net/atm/lec.h b/net/atm/lec.h
-index a86aff9..3a0d6f6 100644
+index 4149db1..f2ab682 100644
--- a/net/atm/lec.h
+++ b/net/atm/lec.h
@@ -48,7 +48,7 @@ struct lane2_ops {
@@ -87064,7 +89349,7 @@ index a86aff9..3a0d6f6 100644
/*
* ATM LAN Emulation supports both LLC & Dix Ethernet EtherType
diff --git a/net/atm/proc.c b/net/atm/proc.c
-index 6ac35ff..ac0e136 100644
+index bbb6461..cf04016 100644
--- a/net/atm/proc.c
+++ b/net/atm/proc.c
@@ -45,9 +45,9 @@ static void add_stats(struct seq_file *seq, const char *aal,
@@ -87116,10 +89401,10 @@ index d5744b7..506bae3 100644
table = kmemdup(ax25_param_table, sizeof(ax25_param_table), GFP_KERNEL);
if (!table)
diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c
-index a5bb0a7..e1d8b97 100644
+index f680ee1..97e3542 100644
--- a/net/batman-adv/bat_iv_ogm.c
+++ b/net/batman-adv/bat_iv_ogm.c
-@@ -63,7 +63,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface)
+@@ -79,7 +79,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface)
/* randomize initial seqno to avoid collision */
get_random_bytes(&random_seqno, sizeof(random_seqno));
@@ -87128,7 +89413,7 @@ index a5bb0a7..e1d8b97 100644
hard_iface->bat_iv.ogm_buff_len = BATADV_OGM_HLEN;
ogm_buff = kmalloc(hard_iface->bat_iv.ogm_buff_len, GFP_ATOMIC);
-@@ -611,9 +611,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
+@@ -627,9 +627,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface)
batadv_ogm_packet = (struct batadv_ogm_packet *)(*ogm_buff);
/* change sequence number to network order */
@@ -87140,7 +89425,7 @@ index a5bb0a7..e1d8b97 100644
batadv_ogm_packet->ttvn = atomic_read(&bat_priv->tt.vn);
batadv_ogm_packet->tt_crc = htons(bat_priv->tt.local_crc);
-@@ -1013,7 +1013,7 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr,
+@@ -1037,7 +1037,7 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr,
return;
/* could be changed by schedule_own_packet() */
@@ -87149,11 +89434,94 @@ index a5bb0a7..e1d8b97 100644
if (batadv_ogm_packet->flags & BATADV_DIRECTLINK)
has_directlink_flag = 1;
+diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c
+index de27b31..7058bfe 100644
+--- a/net/batman-adv/bridge_loop_avoidance.c
++++ b/net/batman-adv/bridge_loop_avoidance.c
+@@ -1522,6 +1522,8 @@ out:
+ * in these cases, the skb is further handled by this function and
+ * returns 1, otherwise it returns 0 and the caller shall further
+ * process the skb.
++ *
++ * This call might reallocate skb data.
+ */
+ int batadv_bla_tx(struct batadv_priv *bat_priv, struct sk_buff *skb, short vid)
+ {
+diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c
+index f105219..7614af3 100644
+--- a/net/batman-adv/gateway_client.c
++++ b/net/batman-adv/gateway_client.c
+@@ -508,6 +508,7 @@ out:
+ return 0;
+ }
+
++/* this call might reallocate skb data */
+ static bool batadv_is_type_dhcprequest(struct sk_buff *skb, int header_len)
+ {
+ int ret = false;
+@@ -568,6 +569,7 @@ out:
+ return ret;
+ }
+
++/* this call might reallocate skb data */
+ bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len)
+ {
+ struct ethhdr *ethhdr;
+@@ -619,6 +621,12 @@ bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len)
+
+ if (!pskb_may_pull(skb, *header_len + sizeof(*udphdr)))
+ return false;
++
++ /* skb->data might have been reallocated by pskb_may_pull() */
++ ethhdr = (struct ethhdr *)skb->data;
++ if (ntohs(ethhdr->h_proto) == ETH_P_8021Q)
++ ethhdr = (struct ethhdr *)(skb->data + VLAN_HLEN);
++
+ udphdr = (struct udphdr *)(skb->data + *header_len);
+ *header_len += sizeof(*udphdr);
+
+@@ -634,12 +642,14 @@ bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len)
+ return true;
+ }
+
++/* this call might reallocate skb data */
+ bool batadv_gw_out_of_range(struct batadv_priv *bat_priv,
+- struct sk_buff *skb, struct ethhdr *ethhdr)
++ struct sk_buff *skb)
+ {
+ struct batadv_neigh_node *neigh_curr = NULL, *neigh_old = NULL;
+ struct batadv_orig_node *orig_dst_node = NULL;
+ struct batadv_gw_node *curr_gw = NULL;
++ struct ethhdr *ethhdr;
+ bool ret, out_of_range = false;
+ unsigned int header_len = 0;
+ uint8_t curr_tq_avg;
+@@ -648,6 +658,7 @@ bool batadv_gw_out_of_range(struct batadv_priv *bat_priv,
+ if (!ret)
+ goto out;
+
++ ethhdr = (struct ethhdr *)skb->data;
+ orig_dst_node = batadv_transtable_search(bat_priv, ethhdr->h_source,
+ ethhdr->h_dest);
+ if (!orig_dst_node)
+diff --git a/net/batman-adv/gateway_client.h b/net/batman-adv/gateway_client.h
+index 039902d..1037d75 100644
+--- a/net/batman-adv/gateway_client.h
++++ b/net/batman-adv/gateway_client.h
+@@ -34,7 +34,6 @@ void batadv_gw_node_delete(struct batadv_priv *bat_priv,
+ void batadv_gw_node_purge(struct batadv_priv *bat_priv);
+ int batadv_gw_client_seq_print_text(struct seq_file *seq, void *offset);
+ bool batadv_gw_is_dhcp_target(struct sk_buff *skb, unsigned int *header_len);
+-bool batadv_gw_out_of_range(struct batadv_priv *bat_priv,
+- struct sk_buff *skb, struct ethhdr *ethhdr);
++bool batadv_gw_out_of_range(struct batadv_priv *bat_priv, struct sk_buff *skb);
+
+ #endif /* _NET_BATMAN_ADV_GATEWAY_CLIENT_H_ */
diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c
-index 368219e..53f56f9 100644
+index 522243a..b48c0ef 100644
--- a/net/batman-adv/hard-interface.c
+++ b/net/batman-adv/hard-interface.c
-@@ -370,7 +370,7 @@ int batadv_hardif_enable_interface(struct batadv_hard_iface *hard_iface,
+@@ -401,7 +401,7 @@ int batadv_hardif_enable_interface(struct batadv_hard_iface *hard_iface,
hard_iface->batman_adv_ptype.dev = hard_iface->net_dev;
dev_add_pack(&hard_iface->batman_adv_ptype);
@@ -87162,7 +89530,7 @@ index 368219e..53f56f9 100644
batadv_info(hard_iface->soft_iface, "Adding interface: %s\n",
hard_iface->net_dev->name);
-@@ -514,7 +514,7 @@ batadv_hardif_add_interface(struct net_device *net_dev)
+@@ -550,7 +550,7 @@ batadv_hardif_add_interface(struct net_device *net_dev)
/* This can't be called via a bat_priv callback because
* we have no bat_priv yet.
*/
@@ -87172,10 +89540,31 @@ index 368219e..53f56f9 100644
return hard_iface;
diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
-index 2711e87..4ca48fa 100644
+index 819dfb0..226bacd 100644
--- a/net/batman-adv/soft-interface.c
+++ b/net/batman-adv/soft-interface.c
-@@ -252,7 +252,7 @@ static int batadv_interface_tx(struct sk_buff *skb,
+@@ -180,6 +180,9 @@ static int batadv_interface_tx(struct sk_buff *skb,
+ if (batadv_bla_tx(bat_priv, skb, vid))
+ goto dropped;
+
++ /* skb->data might have been reallocated by batadv_bla_tx() */
++ ethhdr = (struct ethhdr *)skb->data;
++
+ /* Register the client MAC in the transtable */
+ if (!is_multicast_ether_addr(ethhdr->h_source))
+ batadv_tt_local_add(soft_iface, ethhdr->h_source, skb->skb_iif);
+@@ -220,6 +223,10 @@ static int batadv_interface_tx(struct sk_buff *skb,
+ default:
+ break;
+ }
++
++ /* reminder: ethhdr might have become unusable from here on
++ * (batadv_gw_is_dhcp_target() might have reallocated skb data)
++ */
+ }
+
+ /* ethernet packet should be broadcasted */
+@@ -253,7 +260,7 @@ static int batadv_interface_tx(struct sk_buff *skb,
primary_if->net_dev->dev_addr, ETH_ALEN);
/* set broadcast sequence number */
@@ -87184,7 +89573,16 @@ index 2711e87..4ca48fa 100644
bcast_packet->seqno = htonl(seqno);
batadv_add_bcast_packet_to_list(bat_priv, skb, brd_delay);
-@@ -527,7 +527,7 @@ struct net_device *batadv_softif_create(const char *name)
+@@ -266,7 +273,7 @@ static int batadv_interface_tx(struct sk_buff *skb,
+ /* unicast packet */
+ } else {
+ if (atomic_read(&bat_priv->gw_mode) != BATADV_GW_MODE_OFF) {
+- ret = batadv_gw_out_of_range(bat_priv, skb, ethhdr);
++ ret = batadv_gw_out_of_range(bat_priv, skb);
+ if (ret)
+ goto dropped;
+ }
+@@ -472,7 +479,7 @@ static int batadv_softif_init_late(struct net_device *dev)
atomic_set(&bat_priv->batman_queue_left, BATADV_BATMAN_QUEUE_LEN);
atomic_set(&bat_priv->mesh_state, BATADV_MESH_INACTIVE);
@@ -87194,7 +89592,7 @@ index 2711e87..4ca48fa 100644
atomic_set(&bat_priv->tt.local_changes, 0);
atomic_set(&bat_priv->tt.ogm_append_cnt, 0);
diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
-index 4cd87a0..348e705 100644
+index aba8364..50fcbb8 100644
--- a/net/batman-adv/types.h
+++ b/net/batman-adv/types.h
@@ -51,7 +51,7 @@
@@ -87215,7 +89613,7 @@ index 4cd87a0..348e705 100644
struct kobject *hardif_obj;
atomic_t refcount;
struct packet_type batman_adv_ptype;
-@@ -495,7 +495,7 @@ struct batadv_priv {
+@@ -558,7 +558,7 @@ struct batadv_priv {
#ifdef CONFIG_BATMAN_ADV_DEBUG
atomic_t log_level;
#endif
@@ -87225,7 +89623,7 @@ index 4cd87a0..348e705 100644
atomic_t batman_queue_left;
char num_ifaces;
diff --git a/net/batman-adv/unicast.c b/net/batman-adv/unicast.c
-index 50e079f..49ce2d2 100644
+index 0bb3b59..0e3052e 100644
--- a/net/batman-adv/unicast.c
+++ b/net/batman-adv/unicast.c
@@ -270,7 +270,7 @@ int batadv_frag_send_skb(struct sk_buff *skb, struct batadv_priv *bat_priv,
@@ -87237,11 +89635,63 @@ index 50e079f..49ce2d2 100644
frag1->seqno = htons(seqno - 1);
frag2->seqno = htons(seqno);
+@@ -326,7 +326,9 @@ static bool batadv_unicast_push_and_fill_skb(struct sk_buff *skb, int hdr_size,
+ * @skb: the skb containing the payload to encapsulate
+ * @orig_node: the destination node
+ *
+- * Returns false if the payload could not be encapsulated or true otherwise
++ * Returns false if the payload could not be encapsulated or true otherwise.
++ *
++ * This call might reallocate skb data.
+ */
+ static bool batadv_unicast_prepare_skb(struct sk_buff *skb,
+ struct batadv_orig_node *orig_node)
+@@ -343,7 +345,9 @@ static bool batadv_unicast_prepare_skb(struct sk_buff *skb,
+ * @orig_node: the destination node
+ * @packet_subtype: the batman 4addr packet subtype to use
+ *
+- * Returns false if the payload could not be encapsulated or true otherwise
++ * Returns false if the payload could not be encapsulated or true otherwise.
++ *
++ * This call might reallocate skb data.
+ */
+ bool batadv_unicast_4addr_prepare_skb(struct batadv_priv *bat_priv,
+ struct sk_buff *skb,
+@@ -401,7 +405,7 @@ int batadv_unicast_generic_send_skb(struct batadv_priv *bat_priv,
+ struct batadv_neigh_node *neigh_node;
+ int data_len = skb->len;
+ int ret = NET_RX_DROP;
+- unsigned int dev_mtu;
++ unsigned int dev_mtu, header_len;
+
+ /* get routing information */
+ if (is_multicast_ether_addr(ethhdr->h_dest)) {
+@@ -429,10 +433,12 @@ find_router:
+ switch (packet_type) {
+ case BATADV_UNICAST:
+ batadv_unicast_prepare_skb(skb, orig_node);
++ header_len = sizeof(struct batadv_unicast_packet);
+ break;
+ case BATADV_UNICAST_4ADDR:
+ batadv_unicast_4addr_prepare_skb(bat_priv, skb, orig_node,
+ packet_subtype);
++ header_len = sizeof(struct batadv_unicast_4addr_packet);
+ break;
+ default:
+ /* this function supports UNICAST and UNICAST_4ADDR only. It
+@@ -441,6 +447,7 @@ find_router:
+ goto out;
+ }
+
++ ethhdr = (struct ethhdr *)(skb->data + header_len);
+ unicast_packet = (struct batadv_unicast_packet *)skb->data;
+
+ /* inform the destination node that we are still missing a correct route
diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
-index b88605f..958e3e2 100644
+index ace5e55..a65a1c0 100644
--- a/net/bluetooth/hci_core.c
+++ b/net/bluetooth/hci_core.c
-@@ -1793,16 +1793,16 @@ int hci_register_dev(struct hci_dev *hdev)
+@@ -2211,16 +2211,16 @@ int hci_register_dev(struct hci_dev *hdev)
list_add(&hdev->list, &hci_dev_list);
write_unlock(&hci_dev_list_lock);
@@ -87263,10 +89713,10 @@ index b88605f..958e3e2 100644
destroy_workqueue(hdev->workqueue);
error = -ENOMEM;
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
-index 6a93614..1415549 100644
+index 9bd7d95..6c4884f 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
-@@ -929,7 +929,7 @@ static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
+@@ -934,7 +934,7 @@ static int hci_sock_setsockopt(struct socket *sock, int level, int optname,
uf.event_mask[1] = *((u32 *) f->event_mask + 1);
}
@@ -87276,10 +89726,10 @@ index 6a93614..1415549 100644
err = -EFAULT;
break;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
-index 04b32e1..dfc8ec1 100644
+index 68843a2..30e9342 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
-@@ -3398,8 +3398,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
+@@ -3507,8 +3507,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
break;
case L2CAP_CONF_RFC:
@@ -87293,10 +89743,10 @@ index 04b32e1..dfc8ec1 100644
if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
rfc.mode != chan->mode)
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
-index 1bcfb84..dad9f98 100644
+index 36fed40..be2eeb2 100644
--- a/net/bluetooth/l2cap_sock.c
+++ b/net/bluetooth/l2cap_sock.c
-@@ -479,7 +479,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
+@@ -485,7 +485,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
struct sock *sk = sock->sk;
struct l2cap_chan *chan = l2cap_pi(sk)->chan;
struct l2cap_options opts;
@@ -87306,7 +89756,7 @@ index 1bcfb84..dad9f98 100644
u32 opt;
BT_DBG("sk %p", sk);
-@@ -501,7 +502,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
+@@ -507,7 +508,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname,
opts.max_tx = chan->max_tx;
opts.txwin_size = chan->tx_win;
@@ -87315,7 +89765,7 @@ index 1bcfb84..dad9f98 100644
if (copy_from_user((char *) &opts, optval, len)) {
err = -EFAULT;
break;
-@@ -581,7 +582,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
+@@ -587,7 +588,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
struct bt_security sec;
struct bt_power pwr;
struct l2cap_conn *conn;
@@ -87325,7 +89775,7 @@ index 1bcfb84..dad9f98 100644
u32 opt;
BT_DBG("sk %p", sk);
-@@ -604,7 +606,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
+@@ -610,7 +612,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
sec.level = BT_SECURITY_LOW;
@@ -87334,7 +89784,7 @@ index 1bcfb84..dad9f98 100644
if (copy_from_user((char *) &sec, optval, len)) {
err = -EFAULT;
break;
-@@ -701,7 +703,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
+@@ -707,7 +709,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname,
pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
@@ -87344,7 +89794,7 @@ index 1bcfb84..dad9f98 100644
err = -EFAULT;
break;
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
-index 7c9224b..381009e 100644
+index 30b3721..c1bd0a0 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -666,7 +666,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c
@@ -87404,24 +89854,8 @@ index b6e44ad..5b0d514 100644
spin_unlock_irqrestore(&dev->port.lock, flags);
if (dev->tty_dev->parent)
device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST);
-diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
-index 923fbea..642566d 100644
---- a/net/bridge/br_multicast.c
-+++ b/net/bridge/br_multicast.c
-@@ -465,8 +465,9 @@ static struct sk_buff *br_ip6_multicast_alloc_query(struct net_bridge *br,
- skb_set_transport_header(skb, skb->len);
- mldq = (struct mld_msg *) icmp6_hdr(skb);
-
-- interval = ipv6_addr_any(group) ? br->multicast_last_member_interval :
-- br->multicast_query_response_interval;
-+ interval = ipv6_addr_any(group) ?
-+ br->multicast_query_response_interval :
-+ br->multicast_last_member_interval;
-
- mldq->mld_type = ICMPV6_MGM_QUERY;
- mldq->mld_code = 0;
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
-index 8d493c9..3849e49 100644
+index 3d110c4..4e1b2eb 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -1525,7 +1525,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
@@ -87452,7 +89886,7 @@ index 8d493c9..3849e49 100644
break;
}
diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c
-index a376ec1..1fbd6be 100644
+index 2bd4b58..0dc30a1 100644
--- a/net/caif/cfctrl.c
+++ b/net/caif/cfctrl.c
@@ -10,6 +10,7 @@
@@ -87495,10 +89929,10 @@ index a376ec1..1fbd6be 100644
list_del(&p->list);
goto out;
diff --git a/net/can/af_can.c b/net/can/af_can.c
-index c48e522..1223690 100644
+index c4e5085..aa9efdf 100644
--- a/net/can/af_can.c
+++ b/net/can/af_can.c
-@@ -870,7 +870,7 @@ static const struct net_proto_family can_family_ops = {
+@@ -862,7 +862,7 @@ static const struct net_proto_family can_family_ops = {
};
/* notifier block for netdevice event */
@@ -87508,7 +89942,7 @@ index c48e522..1223690 100644
};
diff --git a/net/can/gw.c b/net/can/gw.c
-index 117814a..ad4fb73 100644
+index 3ee690e..00d581b 100644
--- a/net/can/gw.c
+++ b/net/can/gw.c
@@ -80,7 +80,6 @@ MODULE_PARM_DESC(max_hops,
@@ -87519,7 +89953,7 @@ index 117814a..ad4fb73 100644
static struct kmem_cache *cgw_cache __read_mostly;
-@@ -928,6 +927,10 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg)
+@@ -927,6 +926,10 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh)
return err;
}
@@ -87530,7 +89964,7 @@ index 117814a..ad4fb73 100644
static __init int cgw_module_init(void)
{
/* sanitize given module parameter */
-@@ -943,7 +946,6 @@ static __init int cgw_module_init(void)
+@@ -942,7 +945,6 @@ static __init int cgw_module_init(void)
return -ENOMEM;
/* set notifier */
@@ -87679,10 +90113,10 @@ index f0a1ba6..0541331 100644
a0 = a[0];
a1 = a[1];
diff --git a/net/core/datagram.c b/net/core/datagram.c
-index 368f9c3..f82d4a3 100644
+index b71423d..0360434 100644
--- a/net/core/datagram.c
+++ b/net/core/datagram.c
-@@ -289,7 +289,7 @@ int skb_kill_datagram(struct sock *sk, struct sk_buff *skb, unsigned int flags)
+@@ -295,7 +295,7 @@ int skb_kill_datagram(struct sock *sk, struct sk_buff *skb, unsigned int flags)
}
kfree_skb(skb);
@@ -87692,10 +90126,10 @@ index 368f9c3..f82d4a3 100644
return err;
diff --git a/net/core/dev.c b/net/core/dev.c
-index c9eb9e6..9186a82 100644
+index 7ddbb31..3902452 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
-@@ -1617,7 +1617,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
+@@ -1649,7 +1649,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
{
if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) {
if (skb_copy_ubufs(skb, GFP_ATOMIC)) {
@@ -87704,7 +90138,7 @@ index c9eb9e6..9186a82 100644
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -1626,7 +1626,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
+@@ -1658,7 +1658,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb)
skb_orphan(skb);
if (unlikely(!is_skb_forwardable(dev, skb))) {
@@ -87713,7 +90147,7 @@ index c9eb9e6..9186a82 100644
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -2351,7 +2351,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
+@@ -2404,7 +2404,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb)
struct dev_gso_cb {
void (*destructor)(struct sk_buff *skb);
@@ -87722,7 +90156,7 @@ index c9eb9e6..9186a82 100644
#define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb)
-@@ -3099,7 +3099,7 @@ enqueue:
+@@ -3139,7 +3139,7 @@ enqueue:
local_irq_restore(flags);
@@ -87731,7 +90165,7 @@ index c9eb9e6..9186a82 100644
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -3171,7 +3171,7 @@ int netif_rx_ni(struct sk_buff *skb)
+@@ -3211,7 +3211,7 @@ int netif_rx_ni(struct sk_buff *skb)
}
EXPORT_SYMBOL(netif_rx_ni);
@@ -87740,25 +90174,7 @@ index c9eb9e6..9186a82 100644
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
-@@ -3471,8 +3471,15 @@ ncls:
- }
- }
-
-- if (vlan_tx_nonzero_tag_present(skb))
-- skb->pkt_type = PACKET_OTHERHOST;
-+ if (unlikely(vlan_tx_tag_present(skb))) {
-+ if (vlan_tx_tag_get_id(skb))
-+ skb->pkt_type = PACKET_OTHERHOST;
-+ /* Note: we might in the future use prio bits
-+ * and set skb->priority like in vlan_do_receive()
-+ * For the time being, just ignore Priority Code Point
-+ */
-+ skb->vlan_tci = 0;
-+ }
-
- /* deliver only exact match when indicated */
- null_or_dev = deliver_exact ? skb->dev : NULL;
-@@ -3496,7 +3503,7 @@ ncls:
+@@ -3545,7 +3545,7 @@ ncls:
ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
} else {
drop:
@@ -87767,7 +90183,7 @@ index c9eb9e6..9186a82 100644
kfree_skb(skb);
/* Jamal, now you will not able to escape explaining
* me how you were going to use this. :-)
-@@ -4101,7 +4108,7 @@ void netif_napi_del(struct napi_struct *napi)
+@@ -4153,7 +4153,7 @@ void netif_napi_del(struct napi_struct *napi)
}
EXPORT_SYMBOL(netif_napi_del);
@@ -87776,7 +90192,7 @@ index c9eb9e6..9186a82 100644
{
struct softnet_data *sd = &__get_cpu_var(softnet_data);
unsigned long time_limit = jiffies + 2;
-@@ -5528,7 +5535,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
+@@ -5590,7 +5590,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev,
} else {
netdev_stats_to_stats64(storage, &dev->stats);
}
@@ -87786,10 +90202,10 @@ index c9eb9e6..9186a82 100644
}
EXPORT_SYMBOL(dev_get_stats);
diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
-index 6cc0481..59cfb00 100644
+index 5b7d0e1..cb960fc 100644
--- a/net/core/dev_ioctl.c
+++ b/net/core/dev_ioctl.c
-@@ -376,9 +376,13 @@ void dev_load(struct net *net, const char *name)
+@@ -365,9 +365,13 @@ void dev_load(struct net *net, const char *name)
if (no_module && capable(CAP_NET_ADMIN))
no_module = request_module("netdev-%s", name);
if (no_module && capable(CAP_SYS_MODULE)) {
@@ -87804,10 +90220,10 @@ index 6cc0481..59cfb00 100644
}
EXPORT_SYMBOL(dev_load);
diff --git a/net/core/ethtool.c b/net/core/ethtool.c
-index 41f4bdf..9e7c219 100644
+index ce91766..3b71cdb 100644
--- a/net/core/ethtool.c
+++ b/net/core/ethtool.c
-@@ -1314,10 +1314,19 @@ static int ethtool_get_dump_data(struct net_device *dev,
+@@ -1319,10 +1319,19 @@ static int ethtool_get_dump_data(struct net_device *dev,
if (ret)
return ret;
@@ -87828,7 +90244,7 @@ index 41f4bdf..9e7c219 100644
data = vzalloc(tmp.len);
if (!data)
return -ENOMEM;
-@@ -1325,6 +1334,16 @@ static int ethtool_get_dump_data(struct net_device *dev,
+@@ -1330,6 +1339,16 @@ static int ethtool_get_dump_data(struct net_device *dev,
if (ret)
goto out;
@@ -87846,7 +90262,7 @@ index 41f4bdf..9e7c219 100644
ret = -EFAULT;
goto out;
diff --git a/net/core/flow.c b/net/core/flow.c
-index 2bfd081..53c6058 100644
+index 7102f16..146b4bd 100644
--- a/net/core/flow.c
+++ b/net/core/flow.c
@@ -61,7 +61,7 @@ struct flow_cache {
@@ -87886,7 +90302,7 @@ index 2bfd081..53c6058 100644
fle->object = flo;
else
diff --git a/net/core/iovec.c b/net/core/iovec.c
-index 7e7aeb0..2a998cb 100644
+index de178e4..1dabd8b 100644
--- a/net/core/iovec.c
+++ b/net/core/iovec.c
@@ -42,7 +42,7 @@ int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr_storage *a
@@ -87908,57 +90324,10 @@ index 7e7aeb0..2a998cb 100644
m->msg_iov = iov;
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
-index 3863b8f..7c7ea84 100644
+index ce90b02..8752627 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
-@@ -239,7 +239,7 @@ static void neigh_flush_dev(struct neigh_table *tbl, struct net_device *dev)
- we must kill timers etc. and move
- it to safe state.
- */
-- skb_queue_purge(&n->arp_queue);
-+ __skb_queue_purge(&n->arp_queue);
- n->arp_queue_len_bytes = 0;
- n->output = neigh_blackhole;
- if (n->nud_state & NUD_VALID)
-@@ -294,7 +294,7 @@ static struct neighbour *neigh_alloc(struct neigh_table *tbl, struct net_device
- if (!n)
- goto out_entries;
-
-- skb_queue_head_init(&n->arp_queue);
-+ __skb_queue_head_init(&n->arp_queue);
- rwlock_init(&n->lock);
- seqlock_init(&n->ha_lock);
- n->updated = n->used = now;
-@@ -716,7 +716,9 @@ void neigh_destroy(struct neighbour *neigh)
- if (neigh_del_timer(neigh))
- pr_warn("Impossible event\n");
-
-- skb_queue_purge(&neigh->arp_queue);
-+ write_lock_bh(&neigh->lock);
-+ __skb_queue_purge(&neigh->arp_queue);
-+ write_unlock_bh(&neigh->lock);
- neigh->arp_queue_len_bytes = 0;
-
- if (dev->netdev_ops->ndo_neigh_destroy)
-@@ -866,7 +868,7 @@ static void neigh_invalidate(struct neighbour *neigh)
- neigh->ops->error_report(neigh, skb);
- write_lock(&neigh->lock);
- }
-- skb_queue_purge(&neigh->arp_queue);
-+ __skb_queue_purge(&neigh->arp_queue);
- neigh->arp_queue_len_bytes = 0;
- }
-
-@@ -1218,7 +1220,7 @@ int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
-
- write_lock_bh(&neigh->lock);
- }
-- skb_queue_purge(&neigh->arp_queue);
-+ __skb_queue_purge(&neigh->arp_queue);
- neigh->arp_queue_len_bytes = 0;
- }
- out:
-@@ -2778,7 +2780,7 @@ static int proc_unres_qlen(ctl_table *ctl, int write, void __user *buffer,
+@@ -2771,7 +2771,7 @@ static int proc_unres_qlen(ctl_table *ctl, int write, void __user *buffer,
size_t *lenp, loff_t *ppos)
{
int size, ret;
@@ -87968,7 +90337,7 @@ index 3863b8f..7c7ea84 100644
tmp.extra1 = &zero;
tmp.extra2 = &unres_qlen_max;
diff --git a/net/core/net-procfs.c b/net/core/net-procfs.c
-index 3174f19..5810985 100644
+index 569d355..79cf2d0 100644
--- a/net/core/net-procfs.c
+++ b/net/core/net-procfs.c
@@ -271,8 +271,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v)
@@ -87976,20 +90345,20 @@ index 3174f19..5810985 100644
seq_printf(seq, "%04x", ntohs(pt->type));
+#ifdef CONFIG_GRKERNSEC_HIDESYM
-+ seq_printf(seq, " %-8s %pF\n",
++ seq_printf(seq, " %-8s %pf\n",
+ pt->dev ? pt->dev->name : "", NULL);
+#else
- seq_printf(seq, " %-8s %pF\n",
+ seq_printf(seq, " %-8s %pf\n",
pt->dev ? pt->dev->name : "", pt->func);
+#endif
}
return 0;
diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c
-index 7427ab5..389f411 100644
+index 981fed3..536af34 100644
--- a/net/core/net-sysfs.c
+++ b/net/core/net-sysfs.c
-@@ -1321,7 +1321,7 @@ void netdev_class_remove_file(struct class_attribute *class_attr)
+@@ -1311,7 +1311,7 @@ void netdev_class_remove_file(struct class_attribute *class_attr)
}
EXPORT_SYMBOL(netdev_class_remove_file);
@@ -87999,10 +90368,10 @@ index 7427ab5..389f411 100644
kobj_ns_type_register(&net_ns_type_operations);
return class_register(&net_class);
diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
-index 80e271d..2980cc2 100644
+index f9765203..9feaef8 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
-@@ -442,7 +442,7 @@ static int __register_pernet_operations(struct list_head *list,
+@@ -443,7 +443,7 @@ static int __register_pernet_operations(struct list_head *list,
int error;
LIST_HEAD(net_exit_list);
@@ -88011,7 +90380,7 @@ index 80e271d..2980cc2 100644
if (ops->init || (ops->id && ops->size)) {
for_each_net(net) {
error = ops_init(ops, net);
-@@ -455,7 +455,7 @@ static int __register_pernet_operations(struct list_head *list,
+@@ -456,7 +456,7 @@ static int __register_pernet_operations(struct list_head *list,
out_undo:
/* If I have an error cleanup all namespaces I initialized */
@@ -88020,7 +90389,7 @@ index 80e271d..2980cc2 100644
ops_exit_list(ops, &net_exit_list);
ops_free_list(ops, &net_exit_list);
return error;
-@@ -466,7 +466,7 @@ static void __unregister_pernet_operations(struct pernet_operations *ops)
+@@ -467,7 +467,7 @@ static void __unregister_pernet_operations(struct pernet_operations *ops)
struct net *net;
LIST_HEAD(net_exit_list);
@@ -88029,7 +90398,7 @@ index 80e271d..2980cc2 100644
for_each_net(net)
list_add_tail(&net->exit_list, &net_exit_list);
ops_exit_list(ops, &net_exit_list);
-@@ -600,7 +600,7 @@ int register_pernet_device(struct pernet_operations *ops)
+@@ -601,7 +601,7 @@ int register_pernet_device(struct pernet_operations *ops)
mutex_lock(&net_mutex);
error = register_pernet_operations(&pernet_list, ops);
if (!error && (first_device == &pernet_list))
@@ -88039,7 +90408,7 @@ index 80e271d..2980cc2 100644
return error;
}
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
-index 23854b5..ff4fda4 100644
+index a08bd2b..c59bd7c 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -58,7 +58,7 @@ struct rtnl_link {
@@ -88077,11 +90446,20 @@ index 23854b5..ff4fda4 100644
}
EXPORT_SYMBOL_GPL(__rtnl_link_unregister);
+@@ -2374,7 +2377,7 @@ static int rtnl_bridge_getlink(struct sk_buff *skb, struct netlink_callback *cb)
+ struct nlattr *extfilt;
+ u32 filter_mask = 0;
+
+- extfilt = nlmsg_find_attr(cb->nlh, sizeof(struct rtgenmsg),
++ extfilt = nlmsg_find_attr(cb->nlh, sizeof(struct ifinfomsg),
+ IFLA_EXT_MASK);
+ if (extfilt)
+ filter_mask = nla_get_u32(extfilt);
diff --git a/net/core/scm.c b/net/core/scm.c
-index 2dc6cda..2159524 100644
+index 03795d0..eaf7368 100644
--- a/net/core/scm.c
+++ b/net/core/scm.c
-@@ -226,7 +226,7 @@ EXPORT_SYMBOL(__scm_send);
+@@ -210,7 +210,7 @@ EXPORT_SYMBOL(__scm_send);
int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
{
struct cmsghdr __user *cm
@@ -88090,7 +90468,7 @@ index 2dc6cda..2159524 100644
struct cmsghdr cmhdr;
int cmlen = CMSG_LEN(len);
int err;
-@@ -249,7 +249,7 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
+@@ -233,7 +233,7 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data)
err = -EFAULT;
if (copy_to_user(cm, &cmhdr, sizeof cmhdr))
goto out;
@@ -88099,7 +90477,7 @@ index 2dc6cda..2159524 100644
goto out;
cmlen = CMSG_SPACE(len);
if (msg->msg_controllen < cmlen)
-@@ -265,7 +265,7 @@ EXPORT_SYMBOL(put_cmsg);
+@@ -249,7 +249,7 @@ EXPORT_SYMBOL(put_cmsg);
void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
{
struct cmsghdr __user *cm
@@ -88108,7 +90486,7 @@ index 2dc6cda..2159524 100644
int fdmax = 0;
int fdnum = scm->fp->count;
-@@ -285,7 +285,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
+@@ -269,7 +269,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm)
if (fdnum < fdmax)
fdmax = fdnum;
@@ -88117,26 +90495,30 @@ index 2dc6cda..2159524 100644
i++, cmfptr++)
{
struct socket *sock;
-diff --git a/net/core/secure_seq.c b/net/core/secure_seq.c
-index e61a8bb..6a2f13c 100644
---- a/net/core/secure_seq.c
-+++ b/net/core/secure_seq.c
-@@ -12,12 +12,10 @@
-
- static u32 net_secret[MD5_MESSAGE_BYTES / 4] ____cacheline_aligned;
-
--static int __init net_secret_init(void)
-+void net_secret_init(void)
- {
- get_random_bytes(net_secret, sizeof(net_secret));
-- return 0;
+diff --git a/net/core/skbuff.c b/net/core/skbuff.c
+index 1c1738c..4cab7f0 100644
+--- a/net/core/skbuff.c
++++ b/net/core/skbuff.c
+@@ -3087,13 +3087,15 @@ void __init skb_init(void)
+ skbuff_head_cache = kmem_cache_create("skbuff_head_cache",
+ sizeof(struct sk_buff),
+ 0,
+- SLAB_HWCACHE_ALIGN|SLAB_PANIC,
++ SLAB_HWCACHE_ALIGN|SLAB_PANIC|
++ SLAB_NO_SANITIZE,
+ NULL);
+ skbuff_fclone_cache = kmem_cache_create("skbuff_fclone_cache",
+ (2*sizeof(struct sk_buff)) +
+ sizeof(atomic_t),
+ 0,
+- SLAB_HWCACHE_ALIGN|SLAB_PANIC,
++ SLAB_HWCACHE_ALIGN|SLAB_PANIC|
++ SLAB_NO_SANITIZE,
+ NULL);
}
--late_initcall(net_secret_init);
- #ifdef CONFIG_INET
- static u32 seq_scale(u32 seq)
diff --git a/net/core/sock.c b/net/core/sock.c
-index 684c37d..b541900 100644
+index d6d024c..6ea7ab4 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -390,7 +390,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
@@ -88184,7 +90566,7 @@ index 684c37d..b541900 100644
goto discard_and_relse;
}
-@@ -942,12 +942,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
+@@ -933,12 +933,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
struct timeval tm;
} v;
@@ -88200,7 +90582,7 @@ index 684c37d..b541900 100644
return -EINVAL;
memset(&v, 0, sizeof(v));
-@@ -1099,11 +1099,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
+@@ -1090,11 +1090,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
case SO_PEERNAME:
{
@@ -88214,7 +90596,7 @@ index 684c37d..b541900 100644
return -EINVAL;
if (copy_to_user(optval, address, len))
return -EFAULT;
-@@ -1166,7 +1166,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
+@@ -1161,7 +1161,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname,
if (len > lv)
len = lv;
@@ -88223,7 +90605,7 @@ index 684c37d..b541900 100644
return -EFAULT;
lenout:
if (put_user(len, optlen))
-@@ -2284,7 +2284,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
+@@ -2277,7 +2277,7 @@ void sock_init_data(struct socket *sock, struct sock *sk)
*/
smp_wmb();
atomic_set(&sk->sk_refcnt, 1);
@@ -88233,7 +90615,7 @@ index 684c37d..b541900 100644
EXPORT_SYMBOL(sock_init_data);
diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
-index a29e90c..922399c 100644
+index a0e9cf6..ef7f9ed 100644
--- a/net/core/sock_diag.c
+++ b/net/core/sock_diag.c
@@ -9,26 +9,33 @@
@@ -88271,7 +90653,7 @@ index a29e90c..922399c 100644
}
EXPORT_SYMBOL_GPL(sock_diag_save_cookie);
-@@ -75,8 +82,11 @@ int sock_diag_register(const struct sock_diag_handler *hndl)
+@@ -113,8 +120,11 @@ int sock_diag_register(const struct sock_diag_handler *hndl)
mutex_lock(&sock_diag_table_mutex);
if (sock_diag_handlers[hndl->family])
err = -EBUSY;
@@ -88284,7 +90666,7 @@ index a29e90c..922399c 100644
mutex_unlock(&sock_diag_table_mutex);
return err;
-@@ -92,7 +102,9 @@ void sock_diag_unregister(const struct sock_diag_handler *hnld)
+@@ -130,7 +140,9 @@ void sock_diag_unregister(const struct sock_diag_handler *hnld)
mutex_lock(&sock_diag_table_mutex);
BUG_ON(sock_diag_handlers[family] != hnld);
@@ -88389,30 +90771,10 @@ index a55eecc..dd8428c 100644
*lenp = len;
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
-index c929d9c..df10cde 100644
+index d01be2a..8976537 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
-@@ -115,6 +115,7 @@
- #include <net/inet_common.h>
- #include <net/xfrm.h>
- #include <net/net_namespace.h>
-+#include <net/secure_seq.h>
- #ifdef CONFIG_IP_MROUTE
- #include <linux/mroute.h>
- #endif
-@@ -263,8 +264,10 @@ void build_ehash_secret(void)
- get_random_bytes(&rnd, sizeof(rnd));
- } while (rnd == 0);
-
-- if (cmpxchg(&inet_ehash_secret, 0, rnd) == 0)
-+ if (cmpxchg(&inet_ehash_secret, 0, rnd) == 0) {
- get_random_bytes(&ipv6_hash_secret, sizeof(ipv6_hash_secret));
-+ net_secret_init();
-+ }
- }
- EXPORT_SYMBOL(build_ehash_secret);
-
-@@ -1699,13 +1702,9 @@ static int __init inet_init(void)
+@@ -1703,13 +1703,9 @@ static int __init inet_init(void)
BUILD_BUG_ON(sizeof(struct inet_skb_parm) > FIELD_SIZEOF(struct sk_buff, cb));
@@ -88427,7 +90789,7 @@ index c929d9c..df10cde 100644
rc = proto_register(&udp_prot, 1);
if (rc)
-@@ -1814,8 +1813,6 @@ out_unregister_udp_proto:
+@@ -1818,8 +1814,6 @@ out_unregister_udp_proto:
proto_unregister(&udp_prot);
out_unregister_tcp_proto:
proto_unregister(&tcp_prot);
@@ -88450,10 +90812,46 @@ index 2e7f194..0fa4d6d 100644
ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_AH, 0);
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
-index c6287cd..e9bc96a 100644
+index dfc39d4..0d4fa52 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
-@@ -1992,7 +1992,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write,
+@@ -771,7 +771,7 @@ static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh,
+ ci = nla_data(tb[IFA_CACHEINFO]);
+ if (!ci->ifa_valid || ci->ifa_prefered > ci->ifa_valid) {
+ err = -EINVAL;
+- goto errout;
++ goto errout_free;
+ }
+ *pvalid_lft = ci->ifa_valid;
+ *pprefered_lft = ci->ifa_prefered;
+@@ -779,6 +779,8 @@ static struct in_ifaddr *rtm_to_ifaddr(struct net *net, struct nlmsghdr *nlh,
+
+ return ifa;
+
++errout_free:
++ inet_free_ifa(ifa);
+ errout:
+ return ERR_PTR(err);
+ }
+@@ -1529,7 +1531,7 @@ static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
+ idx = 0;
+ head = &net->dev_index_head[h];
+ rcu_read_lock();
+- cb->seq = atomic_read(&net->ipv4.dev_addr_genid) ^
++ cb->seq = atomic_read_unchecked(&net->ipv4.dev_addr_genid) ^
+ net->dev_base_seq;
+ hlist_for_each_entry_rcu(dev, head, index_hlist) {
+ if (idx < s_idx)
+@@ -1840,7 +1842,7 @@ static int inet_netconf_dump_devconf(struct sk_buff *skb,
+ idx = 0;
+ head = &net->dev_index_head[h];
+ rcu_read_lock();
+- cb->seq = atomic_read(&net->ipv4.dev_addr_genid) ^
++ cb->seq = atomic_read_unchecked(&net->ipv4.dev_addr_genid) ^
+ net->dev_base_seq;
+ hlist_for_each_entry_rcu(dev, head, index_hlist) {
+ if (idx < s_idx)
+@@ -2065,7 +2067,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write,
#define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \
DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush)
@@ -88462,7 +90860,7 @@ index c6287cd..e9bc96a 100644
struct ctl_table_header *sysctl_header;
struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX];
} devinet_sysctl = {
-@@ -2110,7 +2110,7 @@ static __net_init int devinet_init_net(struct net *net)
+@@ -2183,7 +2185,7 @@ static __net_init int devinet_init_net(struct net *net)
int err;
struct ipv4_devconf *all, *dflt;
#ifdef CONFIG_SYSCTL
@@ -88471,7 +90869,7 @@ index c6287cd..e9bc96a 100644
struct ctl_table_header *forw_hdr;
#endif
-@@ -2128,7 +2128,7 @@ static __net_init int devinet_init_net(struct net *net)
+@@ -2201,7 +2203,7 @@ static __net_init int devinet_init_net(struct net *net)
goto err_alloc_dflt;
#ifdef CONFIG_SYSCTL
@@ -88480,7 +90878,7 @@ index c6287cd..e9bc96a 100644
if (tbl == NULL)
goto err_alloc_ctl;
-@@ -2148,7 +2148,10 @@ static __net_init int devinet_init_net(struct net *net)
+@@ -2221,7 +2223,10 @@ static __net_init int devinet_init_net(struct net *net)
goto err_reg_dflt;
err = -ENOMEM;
@@ -88492,7 +90890,7 @@ index c6287cd..e9bc96a 100644
if (forw_hdr == NULL)
goto err_reg_ctl;
net->ipv4.forw_hdr = forw_hdr;
-@@ -2164,8 +2167,7 @@ err_reg_ctl:
+@@ -2237,8 +2242,7 @@ err_reg_ctl:
err_reg_dflt:
__devinet_sysctl_unregister(all);
err_reg_all:
@@ -88503,9 +90901,18 @@ index c6287cd..e9bc96a 100644
#endif
if (dflt != &ipv4_devconf_dflt)
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
-index 4cfe34d..a6ba66e 100644
+index 4cfe34d..d2fac8a 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
+@@ -477,7 +477,7 @@ static u32 esp4_get_mtu(struct xfrm_state *x, int mtu)
+ }
+
+ return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) -
+- net_adj) & ~(align - 1)) + (net_adj - 2);
++ net_adj) & ~(align - 1)) + net_adj - 2;
+ }
+
+ static void esp4_err(struct sk_buff *skb, u32 info)
@@ -503,7 +503,7 @@ static void esp4_err(struct sk_buff *skb, u32 info)
return;
@@ -88516,7 +90923,7 @@ index 4cfe34d..a6ba66e 100644
ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_ESP, 0);
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
-index eb4bb12..ee4ec7d 100644
+index c7629a2..b62d139 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -1017,12 +1017,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event,
@@ -88556,8 +90963,32 @@ index 8f6cb7a..34507f9 100644
return nh->nh_saddr;
}
+diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
+index 49616fe..6e8a13d 100644
+--- a/net/ipv4/fib_trie.c
++++ b/net/ipv4/fib_trie.c
+@@ -71,7 +71,6 @@
+ #include <linux/init.h>
+ #include <linux/list.h>
+ #include <linux/slab.h>
+-#include <linux/prefetch.h>
+ #include <linux/export.h>
+ #include <net/net_namespace.h>
+ #include <net/ip.h>
+@@ -1761,10 +1760,8 @@ static struct leaf *leaf_walk_rcu(struct tnode *p, struct rt_trie_node *c)
+ if (!c)
+ continue;
+
+- if (IS_LEAF(c)) {
+- prefetch(rcu_dereference_rtnl(p->child[idx]));
++ if (IS_LEAF(c))
+ return (struct leaf *) c;
+- }
+
+ /* Rescan start scanning in new node */
+ p = (struct tnode *) c;
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
-index 786d97a..1889c0d 100644
+index 6acb541..9ea617d 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -37,7 +37,7 @@ struct local_ports sysctl_local_ports __read_mostly = {
@@ -88614,10 +91045,10 @@ index 000e3d2..5472da3 100644
secure_ip_id(daddr->addr.a4) :
secure_ipv6_id(daddr->addr.a6));
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
-index 52c273e..579060b 100644
+index b66910a..cfe416e 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
-@@ -311,7 +311,7 @@ static inline int ip_frag_too_far(struct ipq *qp)
+@@ -282,7 +282,7 @@ static inline int ip_frag_too_far(struct ipq *qp)
return 0;
start = qp->rid;
@@ -88626,7 +91057,7 @@ index 52c273e..579060b 100644
qp->rid = end;
rc = qp->q.fragments && (end - start) > max;
-@@ -788,12 +788,11 @@ static struct ctl_table ip4_frags_ctl_table[] = {
+@@ -759,12 +759,11 @@ static struct ctl_table ip4_frags_ctl_table[] = {
static int __net_init ip4_frags_ns_ctl_register(struct net *net)
{
@@ -88641,7 +91072,7 @@ index 52c273e..579060b 100644
if (table == NULL)
goto err_alloc;
-@@ -804,9 +803,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
+@@ -775,9 +774,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
/* Don't export sysctls to unprivileged users */
if (net->user_ns != &init_user_ns)
table[0].procname = NULL;
@@ -88654,7 +91085,7 @@ index 52c273e..579060b 100644
if (hdr == NULL)
goto err_reg;
-@@ -814,8 +814,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
+@@ -785,8 +785,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
return 0;
err_reg:
@@ -88665,19 +91096,28 @@ index 52c273e..579060b 100644
return -ENOMEM;
}
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
-index c7e8c04..56cb4c1 100644
+index 855004f..9644112 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
-@@ -124,7 +124,7 @@ static bool log_ecn_error = true;
+@@ -115,7 +115,7 @@ static bool log_ecn_error = true;
module_param(log_ecn_error, bool, 0644);
MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
-static struct rtnl_link_ops ipgre_link_ops __read_mostly;
+static struct rtnl_link_ops ipgre_link_ops;
static int ipgre_tunnel_init(struct net_device *dev);
- static void ipgre_tunnel_setup(struct net_device *dev);
- static int ipgre_tunnel_bind_dev(struct net_device *dev);
-@@ -1823,7 +1823,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
+
+ static int ipgre_net_id __read_mostly;
+@@ -572,7 +572,7 @@ static int ipgre_header(struct sk_buff *skb, struct net_device *dev,
+ if (daddr)
+ memcpy(&iph->daddr, daddr, 4);
+ if (iph->daddr)
+- return t->hlen;
++ return t->hlen + sizeof(*iph);
+
+ return -(t->hlen + sizeof(*iph));
+ }
+@@ -919,7 +919,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
[IFLA_GRE_PMTUDISC] = { .type = NLA_U8 },
};
@@ -88686,7 +91126,7 @@ index c7e8c04..56cb4c1 100644
.kind = "gre",
.maxtype = IFLA_GRE_MAX,
.policy = ipgre_policy,
-@@ -1836,7 +1836,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = {
+@@ -933,7 +933,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = {
.fill_info = ipgre_fill_info,
};
@@ -88695,31 +91135,6 @@ index c7e8c04..56cb4c1 100644
.kind = "gretap",
.maxtype = IFLA_GRE_MAX,
.policy = ipgre_policy,
-diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
-index 2bdf802..439f123 100644
---- a/net/ipv4/ip_input.c
-+++ b/net/ipv4/ip_input.c
-@@ -190,10 +190,7 @@ static int ip_local_deliver_finish(struct sk_buff *skb)
- {
- struct net *net = dev_net(skb->dev);
-
-- __skb_pull(skb, ip_hdrlen(skb));
--
-- /* Point into the IP datagram, just past the header. */
-- skb_reset_transport_header(skb);
-+ __skb_pull(skb, skb_network_header_len(skb));
-
- rcu_read_lock();
- {
-@@ -437,6 +434,8 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
- goto drop;
- }
-
-+ skb->transport_header = skb->network_header + iph->ihl*4;
-+
- /* Remove any debris in the socket control block */
- memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
-
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index d9c4f11..02b82dbc 100644
--- a/net/ipv4/ip_sockglue.c
@@ -88744,7 +91159,7 @@ index d9c4f11..02b82dbc 100644
msg.msg_flags = flags;
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
-index c3a4233..3fa029d 100644
+index 17cc0ff..63856c4 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -47,7 +47,7 @@
@@ -88756,35 +91171,7 @@ index c3a4233..3fa029d 100644
static int vti_net_id __read_mostly;
struct vti_net {
-@@ -399,8 +399,7 @@ static netdev_tx_t vti_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
- tunnel->err_count = 0;
- }
-
-- IPCB(skb)->flags &= ~(IPSKB_XFRM_TUNNEL_SIZE | IPSKB_XFRM_TRANSFORMED |
-- IPSKB_REROUTED);
-+ memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
- skb_dst_drop(skb);
- skb_dst_set(skb, &rt->dst);
- nf_reset(skb);
-@@ -645,17 +644,10 @@ static int __net_init vti_fb_tunnel_init(struct net_device *dev)
- struct iphdr *iph = &tunnel->parms.iph;
- struct vti_net *ipn = net_generic(dev_net(dev), vti_net_id);
-
-- tunnel->dev = dev;
-- strcpy(tunnel->parms.name, dev->name);
--
- iph->version = 4;
- iph->protocol = IPPROTO_IPIP;
- iph->ihl = 5;
-
-- dev->tstats = alloc_percpu(struct pcpu_tstats);
-- if (!dev->tstats)
-- return -ENOMEM;
--
- dev_hold(dev);
- rcu_assign_pointer(ipn->tunnels_wc[0], tunnel);
- return 0;
-@@ -886,7 +878,7 @@ static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = {
+@@ -840,7 +840,7 @@ static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = {
[IFLA_VTI_REMOTE] = { .len = FIELD_SIZEOF(struct iphdr, daddr) },
};
@@ -88794,7 +91181,7 @@ index c3a4233..3fa029d 100644
.maxtype = IFLA_VTI_MAX,
.policy = vti_policy,
diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
-index f01d1b1..8fe03ad 100644
+index 59cb8c7..a72160c 100644
--- a/net/ipv4/ipcomp.c
+++ b/net/ipv4/ipcomp.c
@@ -48,7 +48,7 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info)
@@ -88807,10 +91194,10 @@ index f01d1b1..8fe03ad 100644
ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_COMP, 0);
diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
-index bf6c5cf..ab2e9c6 100644
+index efa1138..20dbba0 100644
--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
-@@ -323,7 +323,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg)
+@@ -334,7 +334,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg)
mm_segment_t oldfs = get_fs();
set_fs(get_ds());
@@ -88819,7 +91206,7 @@ index bf6c5cf..ab2e9c6 100644
set_fs(oldfs);
return res;
}
-@@ -334,7 +334,7 @@ static int __init ic_dev_ioctl(unsigned int cmd, struct ifreq *arg)
+@@ -345,7 +345,7 @@ static int __init ic_dev_ioctl(unsigned int cmd, struct ifreq *arg)
mm_segment_t oldfs = get_fs();
set_fs(get_ds());
@@ -88828,7 +91215,7 @@ index bf6c5cf..ab2e9c6 100644
set_fs(oldfs);
return res;
}
-@@ -345,7 +345,7 @@ static int __init ic_route_ioctl(unsigned int cmd, struct rtentry *arg)
+@@ -356,7 +356,7 @@ static int __init ic_route_ioctl(unsigned int cmd, struct rtentry *arg)
mm_segment_t oldfs = get_fs();
set_fs(get_ds());
@@ -88838,19 +91225,19 @@ index bf6c5cf..ab2e9c6 100644
return res;
}
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
-index 7533846..d2361d1 100644
+index 7cfc456..e726868 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
-@@ -138,7 +138,7 @@ struct ipip_net {
+@@ -124,7 +124,7 @@ MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN");
+ static int ipip_net_id __read_mostly;
+
static int ipip_tunnel_init(struct net_device *dev);
- static void ipip_tunnel_setup(struct net_device *dev);
- static void ipip_dev_free(struct net_device *dev);
-static struct rtnl_link_ops ipip_link_ops __read_mostly;
+static struct rtnl_link_ops ipip_link_ops;
- static struct rtnl_link_stats64 *ipip_get_stats64(struct net_device *dev,
- struct rtnl_link_stats64 *tot)
-@@ -974,7 +974,7 @@ static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
+ static int ipip_err(struct sk_buff *skb, u32 info)
+ {
+@@ -406,7 +406,7 @@ static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = {
[IFLA_IPTUN_PMTUDISC] = { .type = NLA_U8 },
};
@@ -88860,10 +91247,10 @@ index 7533846..d2361d1 100644
.maxtype = IFLA_IPTUN_MAX,
.policy = ipip_policy,
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
-index 7dc6a97..229c61b 100644
+index 85a4f21..1beb1f5 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
-@@ -879,14 +879,14 @@ static int compat_table_info(const struct xt_table_info *info,
+@@ -880,14 +880,14 @@ static int compat_table_info(const struct xt_table_info *info,
#endif
static int get_info(struct net *net, void __user *user,
@@ -88881,7 +91268,7 @@ index 7dc6a97..229c61b 100644
sizeof(struct arpt_getinfo));
return -EINVAL;
}
-@@ -923,7 +923,7 @@ static int get_info(struct net *net, void __user *user,
+@@ -924,7 +924,7 @@ static int get_info(struct net *net, void __user *user,
info.size = private->size;
strcpy(info.name, name);
@@ -88890,7 +91277,7 @@ index 7dc6a97..229c61b 100644
ret = -EFAULT;
else
ret = 0;
-@@ -1682,7 +1682,7 @@ static int compat_do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user,
+@@ -1683,7 +1683,7 @@ static int compat_do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user,
switch (cmd) {
case ARPT_SO_GET_INFO:
@@ -88899,7 +91286,7 @@ index 7dc6a97..229c61b 100644
break;
case ARPT_SO_GET_ENTRIES:
ret = compat_get_entries(sock_net(sk), user, len);
-@@ -1727,7 +1727,7 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len
+@@ -1728,7 +1728,7 @@ static int do_arpt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len
switch (cmd) {
case ARPT_SO_GET_INFO:
@@ -88909,7 +91296,7 @@ index 7dc6a97..229c61b 100644
case ARPT_SO_GET_ENTRIES:
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
-index 3efcf87..5247916 100644
+index d23118d..6ad7277 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1068,14 +1068,14 @@ static int compat_table_info(const struct xt_table_info *info,
@@ -88958,10 +91345,10 @@ index 3efcf87..5247916 100644
case IPT_SO_GET_ENTRIES:
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c
-index 2e91006..f084394 100644
+index 7d93d62..cbbf2a3 100644
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
-@@ -844,7 +844,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f,
+@@ -843,7 +843,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f,
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
@@ -89026,7 +91413,7 @@ index dd44e0a..06dcca4 100644
static int raw_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
-index cfede9a..22248f9 100644
+index d35bbf0..faa3ab8 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2558,34 +2558,34 @@ static struct ctl_table ipv4_route_flush_table[] = {
@@ -89082,10 +91469,10 @@ index cfede9a..22248f9 100644
sizeof(net->ipv4.dev_addr_genid));
return 0;
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
-index 960fd29..d55bf64 100644
+index 3f25e75..3ae0f4d 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
-@@ -55,7 +55,7 @@ static int ipv4_local_port_range(ctl_table *table, int write,
+@@ -57,7 +57,7 @@ static int ipv4_local_port_range(ctl_table *table, int write,
{
int ret;
int range[2];
@@ -89094,7 +91481,7 @@ index 960fd29..d55bf64 100644
.data = &range,
.maxlen = sizeof(range),
.mode = table->mode,
-@@ -108,7 +108,7 @@ static int ipv4_ping_group_range(ctl_table *table, int write,
+@@ -110,7 +110,7 @@ static int ipv4_ping_group_range(ctl_table *table, int write,
int ret;
gid_t urange[2];
kgid_t low, high;
@@ -89103,7 +91490,7 @@ index 960fd29..d55bf64 100644
.data = &urange,
.maxlen = sizeof(urange),
.mode = table->mode,
-@@ -139,7 +139,7 @@ static int proc_tcp_congestion_control(ctl_table *ctl, int write,
+@@ -141,7 +141,7 @@ static int proc_tcp_congestion_control(ctl_table *ctl, int write,
void __user *buffer, size_t *lenp, loff_t *ppos)
{
char val[TCP_CA_NAME_MAX];
@@ -89112,7 +91499,7 @@ index 960fd29..d55bf64 100644
.data = val,
.maxlen = TCP_CA_NAME_MAX,
};
-@@ -158,7 +158,7 @@ static int proc_tcp_available_congestion_control(ctl_table *ctl,
+@@ -160,7 +160,7 @@ static int proc_tcp_available_congestion_control(ctl_table *ctl,
void __user *buffer, size_t *lenp,
loff_t *ppos)
{
@@ -89121,7 +91508,7 @@ index 960fd29..d55bf64 100644
int ret;
tbl.data = kmalloc(tbl.maxlen, GFP_USER);
-@@ -175,7 +175,7 @@ static int proc_allowed_congestion_control(ctl_table *ctl,
+@@ -177,7 +177,7 @@ static int proc_allowed_congestion_control(ctl_table *ctl,
void __user *buffer, size_t *lenp,
loff_t *ppos)
{
@@ -89130,7 +91517,7 @@ index 960fd29..d55bf64 100644
int ret;
tbl.data = kmalloc(tbl.maxlen, GFP_USER);
-@@ -201,15 +201,17 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
+@@ -203,15 +203,17 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
struct mem_cgroup *memcg;
#endif
@@ -89151,7 +91538,7 @@ index 960fd29..d55bf64 100644
}
ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos);
-@@ -236,7 +238,7 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
+@@ -238,7 +240,7 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write,
static int proc_tcp_fastopen_key(ctl_table *ctl, int write, void __user *buffer,
size_t *lenp, loff_t *ppos)
{
@@ -89160,7 +91547,7 @@ index 960fd29..d55bf64 100644
struct tcp_fastopen_context *ctxt;
int ret;
u32 user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */
-@@ -477,7 +479,7 @@ static struct ctl_table ipv4_table[] = {
+@@ -481,7 +483,7 @@ static struct ctl_table ipv4_table[] = {
},
{
.procname = "ip_local_reserved_ports",
@@ -89169,7 +91556,7 @@ index 960fd29..d55bf64 100644
.maxlen = 65536,
.mode = 0644,
.proc_handler = proc_do_large_bitmap,
-@@ -856,11 +858,10 @@ static struct ctl_table ipv4_net_table[] = {
+@@ -846,11 +848,10 @@ static struct ctl_table ipv4_net_table[] = {
static __net_init int ipv4_sysctl_init_net(struct net *net)
{
@@ -89183,7 +91570,7 @@ index 960fd29..d55bf64 100644
if (table == NULL)
goto err_alloc;
-@@ -895,15 +896,17 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
+@@ -885,15 +886,17 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
tcp_init_mem(net);
@@ -89204,7 +91591,7 @@ index 960fd29..d55bf64 100644
err_alloc:
return -ENOMEM;
}
-@@ -925,16 +928,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
+@@ -915,16 +918,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
static __init int sysctl_ipv4_init(void)
{
struct ctl_table_header *hdr;
@@ -89222,10 +91609,10 @@ index 960fd29..d55bf64 100644
hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
if (hdr == NULL)
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
-index 59163c8..8277c51 100644
+index 9c62257..651cc27 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
-@@ -4727,7 +4727,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
+@@ -4436,7 +4436,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb,
* simplifies code)
*/
static void
@@ -89234,7 +91621,7 @@ index 59163c8..8277c51 100644
struct sk_buff *head, struct sk_buff *tail,
u32 start, u32 end)
{
-@@ -5841,6 +5841,7 @@ discard:
+@@ -5522,6 +5522,7 @@ discard:
tcp_paws_reject(&tp->rx_opt, 0))
goto discard_and_undo;
@@ -89242,7 +91629,7 @@ index 59163c8..8277c51 100644
if (th->syn) {
/* We see SYN without ACK. It is attempt of
* simultaneous connect with crossed SYNs.
-@@ -5891,6 +5892,7 @@ discard:
+@@ -5572,6 +5573,7 @@ discard:
goto discard;
#endif
}
@@ -89250,7 +91637,7 @@ index 59163c8..8277c51 100644
/* "fifth, if neither of the SYN or RST bits is set then
* drop the segment and return."
*/
-@@ -5935,7 +5937,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
+@@ -5616,7 +5618,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
goto discard;
if (th->syn) {
@@ -89260,7 +91647,7 @@ index 59163c8..8277c51 100644
if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
return 1;
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
-index d09203c..518eff5 100644
+index 7999fc5..c812f42 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -90,6 +90,10 @@ int sysctl_tcp_low_latency __read_mostly;
@@ -89274,25 +91661,7 @@ index d09203c..518eff5 100644
#ifdef CONFIG_TCP_MD5SIG
static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key,
__be32 daddr, __be32 saddr, const struct tcphdr *th);
-@@ -1005,7 +1009,7 @@ int tcp_md5_do_add(struct sock *sk, const union tcp_md5_addr *addr,
- struct tcp_sock *tp = tcp_sk(sk);
- struct tcp_md5sig_info *md5sig;
-
-- key = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&addr, AF_INET);
-+ key = tcp_md5_do_lookup(sk, addr, family);
- if (key) {
- /* Pre-existing entry - just update that one. */
- memcpy(key->key, newkey, newkeylen);
-@@ -1050,7 +1054,7 @@ int tcp_md5_do_del(struct sock *sk, const union tcp_md5_addr *addr, int family)
- struct tcp_md5sig_key *key;
- struct tcp_md5sig_info *md5sig;
-
-- key = tcp_md5_do_lookup(sk, (union tcp_md5_addr *)&addr, AF_INET);
-+ key = tcp_md5_do_lookup(sk, addr, family);
- if (!key)
- return -ENOENT;
- hlist_del_rcu(&key->node);
-@@ -1897,6 +1901,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -1855,6 +1859,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
return 0;
reset:
@@ -89302,7 +91671,7 @@ index d09203c..518eff5 100644
tcp_v4_send_reset(rsk, skb);
discard:
kfree_skb(skb);
-@@ -1996,12 +2003,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
+@@ -2000,12 +2007,19 @@ int tcp_v4_rcv(struct sk_buff *skb)
TCP_SKB_CB(skb)->sacked = 0;
sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
@@ -89325,7 +91694,7 @@ index d09203c..518eff5 100644
if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) {
NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
-@@ -2052,6 +2066,10 @@ no_tcp_socket:
+@@ -2058,6 +2072,10 @@ csum_error:
bad_packet:
TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
} else {
@@ -89337,7 +91706,7 @@ index d09203c..518eff5 100644
}
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
-index 2f672e7..b8895e9 100644
+index 0f01788..d52a859 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -27,6 +27,10 @@
@@ -89351,7 +91720,7 @@ index 2f672e7..b8895e9 100644
int sysctl_tcp_syncookies __read_mostly = 1;
EXPORT_SYMBOL(sysctl_tcp_syncookies);
-@@ -749,7 +753,10 @@ embryonic_reset:
+@@ -717,7 +721,10 @@ embryonic_reset:
* avoid becoming vulnerable to outside attack aiming at
* resetting legit local connections.
*/
@@ -89377,7 +91746,7 @@ index d4943f6..e7a74a5 100644
cnt += width;
}
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
-index b78aac3..e18230b 100644
+index 4b85e6f..22f9ac9 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -22,6 +22,10 @@
@@ -89406,7 +91775,7 @@ index b78aac3..e18230b 100644
syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) {
/* Has it gone just too far? */
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
-index 0a073a2..d4a04de 100644
+index 93b731d..5a2dd92 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -87,6 +87,7 @@
@@ -89438,24 +91807,7 @@ index 0a073a2..d4a04de 100644
/*
* This routine is called by the ICMP module when it gets some
* sort of error condition. If err < 0 then the socket should
-@@ -799,7 +807,7 @@ send:
- /*
- * Push out all pending data as one UDP datagram. Socket is locked.
- */
--static int udp_push_pending_frames(struct sock *sk)
-+int udp_push_pending_frames(struct sock *sk)
- {
- struct udp_sock *up = udp_sk(sk);
- struct inet_sock *inet = inet_sk(sk);
-@@ -818,6 +826,7 @@ out:
- up->pending = 0;
- return err;
- }
-+EXPORT_SYMBOL(udp_push_pending_frames);
-
- int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
- size_t len)
-@@ -889,9 +898,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
+@@ -890,9 +898,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
dport = usin->sin_port;
if (dport == 0)
return -EINVAL;
@@ -89474,8 +91826,8 @@ index 0a073a2..d4a04de 100644
daddr = inet->inet_daddr;
dport = inet->inet_dport;
/* Open fast path for connected socket.
-@@ -1133,7 +1151,7 @@ static unsigned int first_packet_length(struct sock *sk)
- udp_lib_checksum_complete(skb)) {
+@@ -1136,7 +1153,7 @@ static unsigned int first_packet_length(struct sock *sk)
+ IS_UDPLITE(sk));
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS,
IS_UDPLITE(sk));
- atomic_inc(&sk->sk_drops);
@@ -89483,7 +91835,7 @@ index 0a073a2..d4a04de 100644
__skb_unlink(skb, rcvq);
__skb_queue_tail(&list_kill, skb);
}
-@@ -1219,6 +1237,10 @@ try_again:
+@@ -1222,6 +1239,10 @@ try_again:
if (!skb)
goto out;
@@ -89494,7 +91846,7 @@ index 0a073a2..d4a04de 100644
ulen = skb->len - sizeof(struct udphdr);
copied = len;
if (copied > ulen)
-@@ -1252,7 +1274,7 @@ try_again:
+@@ -1255,7 +1276,7 @@ try_again:
if (unlikely(err)) {
trace_kfree_skb(skb, udp_recvmsg);
if (!peeked) {
@@ -89503,8 +91855,8 @@ index 0a073a2..d4a04de 100644
UDP_INC_STATS_USER(sock_net(sk),
UDP_MIB_INERRORS, is_udplite);
}
-@@ -1535,7 +1557,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
-
+@@ -1542,7 +1563,7 @@ csum_error:
+ UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite);
drop:
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
- atomic_inc(&sk->sk_drops);
@@ -89512,7 +91864,7 @@ index 0a073a2..d4a04de 100644
kfree_skb(skb);
return -1;
}
-@@ -1554,7 +1576,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
+@@ -1561,7 +1582,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC);
if (!skb1) {
@@ -89521,7 +91873,7 @@ index 0a073a2..d4a04de 100644
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS,
IS_UDPLITE(sk));
UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS,
-@@ -1723,6 +1745,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
+@@ -1730,6 +1751,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
goto csum_error;
UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
@@ -89531,7 +91883,7 @@ index 0a073a2..d4a04de 100644
icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0);
/*
-@@ -2152,7 +2177,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
+@@ -2160,7 +2184,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f,
from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)),
0, sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
@@ -89580,53 +91932,19 @@ index 9a459be..086b866 100644
return -ENOMEM;
}
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
-index 50a4c7c..231de25 100644
+index fb8c94c..fb18024 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
-@@ -1375,6 +1375,23 @@ try_nextdev:
- }
- EXPORT_SYMBOL(ipv6_dev_get_saddr);
-
-+int __ipv6_get_lladdr(struct inet6_dev *idev, struct in6_addr *addr,
-+ unsigned char banned_flags)
-+{
-+ struct inet6_ifaddr *ifp;
-+ int err = -EADDRNOTAVAIL;
-+
-+ list_for_each_entry(ifp, &idev->addr_list, if_list) {
-+ if (ifp->scope == IFA_LINK &&
-+ !(ifp->flags & banned_flags)) {
-+ *addr = ifp->addr;
-+ err = 0;
-+ break;
-+ }
-+ }
-+ return err;
-+}
-+
- int ipv6_get_lladdr(struct net_device *dev, struct in6_addr *addr,
- unsigned char banned_flags)
- {
-@@ -1384,17 +1401,8 @@ int ipv6_get_lladdr(struct net_device *dev, struct in6_addr *addr,
- rcu_read_lock();
- idev = __in6_dev_get(dev);
- if (idev) {
-- struct inet6_ifaddr *ifp;
--
- read_lock_bh(&idev->lock);
-- list_for_each_entry(ifp, &idev->addr_list, if_list) {
-- if (ifp->scope == IFA_LINK &&
-- !(ifp->flags & banned_flags)) {
-- *addr = ifp->addr;
-- err = 0;
-- break;
-- }
-- }
-+ err = __ipv6_get_lladdr(idev, addr, banned_flags);
- read_unlock_bh(&idev->lock);
- }
- rcu_read_unlock();
-@@ -2274,7 +2282,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
+@@ -621,7 +621,7 @@ static int inet6_netconf_dump_devconf(struct sk_buff *skb,
+ idx = 0;
+ head = &net->dev_index_head[h];
+ rcu_read_lock();
+- cb->seq = atomic_read(&net->ipv6.dev_addr_genid) ^
++ cb->seq = atomic_read_unchecked(&net->ipv6.dev_addr_genid) ^
+ net->dev_base_seq;
+ hlist_for_each_entry_rcu(dev, head, index_hlist) {
+ if (idx < s_idx)
+@@ -2380,7 +2380,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg)
p.iph.ihl = 5;
p.iph.protocol = IPPROTO_IPV6;
p.iph.ttl = 64;
@@ -89635,17 +91953,25 @@ index 50a4c7c..231de25 100644
if (ops->ndo_do_ioctl) {
mm_segment_t oldfs = get_fs();
-@@ -2557,6 +2565,9 @@ static void init_loopback(struct net_device *dev)
- if (sp_ifa->flags & (IFA_F_DADFAILED | IFA_F_TENTATIVE))
- continue;
+@@ -4002,7 +4002,7 @@ static int inet6_dump_addr(struct sk_buff *skb, struct netlink_callback *cb,
+ s_ip_idx = ip_idx = cb->args[2];
-+ if (sp_ifa->rt)
-+ continue;
-+
- sp_rt = addrconf_dst_alloc(idev, &sp_ifa->addr, 0);
+ rcu_read_lock();
+- cb->seq = atomic_read(&net->ipv6.dev_addr_genid) ^ net->dev_base_seq;
++ cb->seq = atomic_read_unchecked(&net->ipv6.dev_addr_genid) ^ net->dev_base_seq;
+ for (h = s_h; h < NETDEV_HASHENTRIES; h++, s_idx = 0) {
+ idx = 0;
+ head = &net->dev_index_head[h];
+@@ -4587,7 +4587,7 @@ static void __ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
+ dst_free(&ifp->rt->dst);
+ break;
+ }
+- atomic_inc(&net->ipv6.dev_addr_genid);
++ atomic_inc_unchecked(&net->ipv6.dev_addr_genid);
+ }
- /* Failure cases are ignored */
-@@ -4412,7 +4423,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write,
+ static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifp)
+@@ -4607,7 +4607,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
@@ -89654,7 +91980,7 @@ index 50a4c7c..231de25 100644
int ret;
/*
-@@ -4494,7 +4505,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write,
+@@ -4689,7 +4689,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write,
int *valp = ctl->data;
int val = *valp;
loff_t pos = *ppos;
@@ -89663,11 +91989,24 @@ index 50a4c7c..231de25 100644
int ret;
/*
+diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
+index 40ffd72..aeac0dc 100644
+--- a/net/ipv6/esp6.c
++++ b/net/ipv6/esp6.c
+@@ -425,7 +425,7 @@ static u32 esp6_get_mtu(struct xfrm_state *x, int mtu)
+ net_adj = 0;
+
+ return ((mtu - x->props.header_len - crypto_aead_authsize(esp->aead) -
+- net_adj) & ~(align - 1)) + (net_adj - 2);
++ net_adj) & ~(align - 1)) + net_adj - 2;
+ }
+
+ static void esp6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
-index fff5bdd..15194fb 100644
+index b4ff0a4..db9b764 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
-@@ -973,7 +973,7 @@ ctl_table ipv6_icmp_table_template[] = {
+@@ -980,7 +980,7 @@ ctl_table ipv6_icmp_table_template[] = {
struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net)
{
@@ -89676,58 +92015,11 @@ index fff5bdd..15194fb 100644
table = kmemdup(ipv6_icmp_table_template,
sizeof(ipv6_icmp_table_template),
-diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
-index 192dd1a..5fc9c7a 100644
---- a/net/ipv6/ip6_fib.c
-+++ b/net/ipv6/ip6_fib.c
-@@ -632,6 +632,12 @@ insert_above:
- return ln;
- }
-
-+static inline bool rt6_qualify_for_ecmp(struct rt6_info *rt)
-+{
-+ return (rt->rt6i_flags & (RTF_GATEWAY|RTF_ADDRCONF|RTF_DYNAMIC)) ==
-+ RTF_GATEWAY;
-+}
-+
- /*
- * Insert routing information in a node.
- */
-@@ -646,6 +652,7 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt,
- int add = (!info->nlh ||
- (info->nlh->nlmsg_flags & NLM_F_CREATE));
- int found = 0;
-+ bool rt_can_ecmp = rt6_qualify_for_ecmp(rt);
-
- ins = &fn->leaf;
-
-@@ -691,9 +698,8 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt,
- * To avoid long list, we only had siblings if the
- * route have a gateway.
- */
-- if (rt->rt6i_flags & RTF_GATEWAY &&
-- !(rt->rt6i_flags & RTF_EXPIRES) &&
-- !(iter->rt6i_flags & RTF_EXPIRES))
-+ if (rt_can_ecmp &&
-+ rt6_qualify_for_ecmp(iter))
- rt->rt6i_nsiblings++;
- }
-
-@@ -715,7 +721,8 @@ static int fib6_add_rt2node(struct fib6_node *fn, struct rt6_info *rt,
- /* Find the first route that have the same metric */
- sibling = fn->leaf;
- while (sibling) {
-- if (sibling->rt6i_metric == rt->rt6i_metric) {
-+ if (sibling->rt6i_metric == rt->rt6i_metric &&
-+ rt6_qualify_for_ecmp(sibling)) {
- list_add_tail(&rt->rt6i_siblings,
- &sibling->rt6i_siblings);
- break;
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
-index 95d13c7..791fe2f 100644
+index ecd6073..58162ae 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
-@@ -73,7 +73,7 @@ struct ip6gre_net {
+@@ -74,7 +74,7 @@ struct ip6gre_net {
struct net_device *fb_tunnel_dev;
};
@@ -89736,7 +92028,7 @@ index 95d13c7..791fe2f 100644
static int ip6gre_tunnel_init(struct net_device *dev);
static void ip6gre_tunnel_setup(struct net_device *dev);
static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t);
-@@ -1337,7 +1337,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev)
+@@ -1283,7 +1283,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev)
}
@@ -89745,7 +92037,7 @@ index 95d13c7..791fe2f 100644
.handler = ip6gre_rcv,
.err_handler = ip6gre_err,
.flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
-@@ -1671,7 +1671,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = {
+@@ -1617,7 +1617,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = {
[IFLA_GRE_FLAGS] = { .type = NLA_U32 },
};
@@ -89754,7 +92046,7 @@ index 95d13c7..791fe2f 100644
.kind = "ip6gre",
.maxtype = IFLA_GRE_MAX,
.policy = ip6gre_policy,
-@@ -1684,7 +1684,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {
+@@ -1630,7 +1630,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = {
.fill_info = ip6gre_fill_info,
};
@@ -89763,84 +92055,11 @@ index 95d13c7..791fe2f 100644
.kind = "ip6gretap",
.maxtype = IFLA_GRE_MAX,
.policy = ip6gre_policy,
-diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
-index 851fdae..8f6f09a 100644
---- a/net/ipv6/ip6_output.c
-+++ b/net/ipv6/ip6_output.c
-@@ -822,11 +822,17 @@ static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
- const struct flowi6 *fl6)
- {
- struct ipv6_pinfo *np = inet6_sk(sk);
-- struct rt6_info *rt = (struct rt6_info *)dst;
-+ struct rt6_info *rt;
-
- if (!dst)
- goto out;
-
-+ if (dst->ops->family != AF_INET6) {
-+ dst_release(dst);
-+ return NULL;
-+ }
-+
-+ rt = (struct rt6_info *)dst;
- /* Yes, checking route validity in not connected
- * case is not very simple. Take into account,
- * that we do not support routing by source, TOS,
-@@ -1093,11 +1099,12 @@ static inline struct ipv6_rt_hdr *ip6_rthdr_dup(struct ipv6_rt_hdr *src,
- return src ? kmemdup(src, (src->hdrlen + 1) * 8, gfp) : NULL;
- }
-
--static void ip6_append_data_mtu(int *mtu,
-+static void ip6_append_data_mtu(unsigned int *mtu,
- int *maxfraglen,
- unsigned int fragheaderlen,
- struct sk_buff *skb,
-- struct rt6_info *rt)
-+ struct rt6_info *rt,
-+ bool pmtuprobe)
- {
- if (!(rt->dst.flags & DST_XFRM_TUNNEL)) {
- if (skb == NULL) {
-@@ -1109,7 +1116,9 @@ static void ip6_append_data_mtu(int *mtu,
- * this fragment is not first, the headers
- * space is regarded as data space.
- */
-- *mtu = dst_mtu(rt->dst.path);
-+ *mtu = min(*mtu, pmtuprobe ?
-+ rt->dst.dev->mtu :
-+ dst_mtu(rt->dst.path));
- }
- *maxfraglen = ((*mtu - fragheaderlen) & ~7)
- + fragheaderlen - sizeof(struct frag_hdr);
-@@ -1126,11 +1135,10 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
- struct ipv6_pinfo *np = inet6_sk(sk);
- struct inet_cork *cork;
- struct sk_buff *skb, *skb_prev = NULL;
-- unsigned int maxfraglen, fragheaderlen;
-+ unsigned int maxfraglen, fragheaderlen, mtu;
- int exthdrlen;
- int dst_exthdrlen;
- int hh_len;
-- int mtu;
- int copy;
- int err;
- int offset = 0;
-@@ -1290,7 +1298,9 @@ alloc_new_skb:
- /* update mtu and maxfraglen if necessary */
- if (skb == NULL || skb_prev == NULL)
- ip6_append_data_mtu(&mtu, &maxfraglen,
-- fragheaderlen, skb, rt);
-+ fragheaderlen, skb, rt,
-+ np->pmtudisc ==
-+ IPV6_PMTUDISC_PROBE);
-
- skb_prev = skb;
-
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
-index fff83cb..82d49dd 100644
+index 1e55866..b398dab 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
-@@ -87,7 +87,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
+@@ -88,7 +88,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2)
static int ip6_tnl_dev_init(struct net_device *dev);
static void ip6_tnl_dev_setup(struct net_device *dev);
@@ -89849,7 +92068,7 @@ index fff83cb..82d49dd 100644
static int ip6_tnl_net_id __read_mostly;
struct ip6_tnl_net {
-@@ -1684,7 +1684,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = {
+@@ -1672,7 +1672,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = {
[IFLA_IPTUN_PROTO] = { .type = NLA_U8 },
};
@@ -89871,98 +92090,11 @@ index d1e2e8e..51c19ae 100644
msg.msg_controllen = len;
msg.msg_flags = flags;
-diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
-index bfa6cc3..c3998c2 100644
---- a/net/ipv6/mcast.c
-+++ b/net/ipv6/mcast.c
-@@ -1343,8 +1343,9 @@ static void ip6_mc_hdr(struct sock *sk, struct sk_buff *skb,
- hdr->daddr = *daddr;
- }
-
--static struct sk_buff *mld_newpack(struct net_device *dev, int size)
-+static struct sk_buff *mld_newpack(struct inet6_dev *idev, int size)
- {
-+ struct net_device *dev = idev->dev;
- struct net *net = dev_net(dev);
- struct sock *sk = net->ipv6.igmp_sk;
- struct sk_buff *skb;
-@@ -1369,7 +1370,7 @@ static struct sk_buff *mld_newpack(struct net_device *dev, int size)
-
- skb_reserve(skb, hlen);
-
-- if (ipv6_get_lladdr(dev, &addr_buf, IFA_F_TENTATIVE)) {
-+ if (__ipv6_get_lladdr(idev, &addr_buf, IFA_F_TENTATIVE)) {
- /* <draft-ietf-magma-mld-source-05.txt>:
- * use unspecified address as the source address
- * when a valid link-local address is not available.
-@@ -1465,7 +1466,7 @@ static struct sk_buff *add_grhead(struct sk_buff *skb, struct ifmcaddr6 *pmc,
- struct mld2_grec *pgr;
-
- if (!skb)
-- skb = mld_newpack(dev, dev->mtu);
-+ skb = mld_newpack(pmc->idev, dev->mtu);
- if (!skb)
- return NULL;
- pgr = (struct mld2_grec *)skb_put(skb, sizeof(struct mld2_grec));
-@@ -1485,7 +1486,8 @@ static struct sk_buff *add_grhead(struct sk_buff *skb, struct ifmcaddr6 *pmc,
- static struct sk_buff *add_grec(struct sk_buff *skb, struct ifmcaddr6 *pmc,
- int type, int gdeleted, int sdeleted)
- {
-- struct net_device *dev = pmc->idev->dev;
-+ struct inet6_dev *idev = pmc->idev;
-+ struct net_device *dev = idev->dev;
- struct mld2_report *pmr;
- struct mld2_grec *pgr = NULL;
- struct ip6_sf_list *psf, *psf_next, *psf_prev, **psf_list;
-@@ -1514,7 +1516,7 @@ static struct sk_buff *add_grec(struct sk_buff *skb, struct ifmcaddr6 *pmc,
- AVAILABLE(skb) < grec_size(pmc, type, gdeleted, sdeleted)) {
- if (skb)
- mld_sendpack(skb);
-- skb = mld_newpack(dev, dev->mtu);
-+ skb = mld_newpack(idev, dev->mtu);
- }
- }
- first = 1;
-@@ -1541,7 +1543,7 @@ static struct sk_buff *add_grec(struct sk_buff *skb, struct ifmcaddr6 *pmc,
- pgr->grec_nsrcs = htons(scount);
- if (skb)
- mld_sendpack(skb);
-- skb = mld_newpack(dev, dev->mtu);
-+ skb = mld_newpack(idev, dev->mtu);
- first = 1;
- scount = 0;
- }
-@@ -1596,8 +1598,8 @@ static void mld_send_report(struct inet6_dev *idev, struct ifmcaddr6 *pmc)
- struct sk_buff *skb = NULL;
- int type;
-
-+ read_lock_bh(&idev->lock);
- if (!pmc) {
-- read_lock_bh(&idev->lock);
- for (pmc=idev->mc_list; pmc; pmc=pmc->next) {
- if (pmc->mca_flags & MAF_NOREPORT)
- continue;
-@@ -1609,7 +1611,6 @@ static void mld_send_report(struct inet6_dev *idev, struct ifmcaddr6 *pmc)
- skb = add_grec(skb, pmc, type, 0, 0);
- spin_unlock_bh(&pmc->mca_lock);
- }
-- read_unlock_bh(&idev->lock);
- } else {
- spin_lock_bh(&pmc->mca_lock);
- if (pmc->mca_sfcount[MCAST_EXCLUDE])
-@@ -1619,6 +1620,7 @@ static void mld_send_report(struct inet6_dev *idev, struct ifmcaddr6 *pmc)
- skb = add_grec(skb, pmc, type, 0, 0);
- spin_unlock_bh(&pmc->mca_lock);
- }
-+ read_unlock_bh(&idev->lock);
- if (skb)
- mld_sendpack(skb);
- }
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
-index 341b54a..591e8ed 100644
+index 44400c2..8e11f52 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
-@@ -1076,14 +1076,14 @@ static int compat_table_info(const struct xt_table_info *info,
+@@ -1078,14 +1078,14 @@ static int compat_table_info(const struct xt_table_info *info,
#endif
static int get_info(struct net *net, void __user *user,
@@ -89980,7 +92112,7 @@ index 341b54a..591e8ed 100644
sizeof(struct ip6t_getinfo));
return -EINVAL;
}
-@@ -1120,7 +1120,7 @@ static int get_info(struct net *net, void __user *user,
+@@ -1122,7 +1122,7 @@ static int get_info(struct net *net, void __user *user,
info.size = private->size;
strcpy(info.name, name);
@@ -89989,7 +92121,7 @@ index 341b54a..591e8ed 100644
ret = -EFAULT;
else
ret = 0;
-@@ -1974,7 +1974,7 @@ compat_do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
+@@ -1976,7 +1976,7 @@ compat_do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
switch (cmd) {
case IP6T_SO_GET_INFO:
@@ -89998,7 +92130,7 @@ index 341b54a..591e8ed 100644
break;
case IP6T_SO_GET_ENTRIES:
ret = compat_get_entries(sock_net(sk), user, len);
-@@ -2021,7 +2021,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
+@@ -2023,7 +2023,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
switch (cmd) {
case IP6T_SO_GET_INFO:
@@ -90008,10 +92140,10 @@ index 341b54a..591e8ed 100644
case IP6T_SO_GET_ENTRIES:
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
-index 6700069..1e50f42 100644
+index dffdc1a..ccc6678 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
-@@ -89,12 +89,11 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = {
+@@ -90,12 +90,11 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = {
static int nf_ct_frag6_sysctl_register(struct net *net)
{
@@ -90026,7 +92158,7 @@ index 6700069..1e50f42 100644
GFP_KERNEL);
if (table == NULL)
goto err_alloc;
-@@ -102,9 +101,9 @@ static int nf_ct_frag6_sysctl_register(struct net *net)
+@@ -103,9 +102,9 @@ static int nf_ct_frag6_sysctl_register(struct net *net)
table[0].data = &net->nf_frag.frags.timeout;
table[1].data = &net->nf_frag.frags.low_thresh;
table[2].data = &net->nf_frag.frags.high_thresh;
@@ -90039,7 +92171,7 @@ index 6700069..1e50f42 100644
if (hdr == NULL)
goto err_reg;
-@@ -112,8 +111,7 @@ static int nf_ct_frag6_sysctl_register(struct net *net)
+@@ -113,8 +112,7 @@ static int nf_ct_frag6_sysctl_register(struct net *net)
return 0;
err_reg:
@@ -90050,7 +92182,7 @@ index 6700069..1e50f42 100644
return -ENOMEM;
}
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
-index 330b5e7..796fbf1 100644
+index eedff8c..6e13a47 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -378,7 +378,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb)
@@ -90080,7 +92212,7 @@ index 330b5e7..796fbf1 100644
kfree_skb(skb);
return NET_RX_DROP;
}
-@@ -603,7 +603,7 @@ out:
+@@ -602,7 +602,7 @@ out:
return err;
}
@@ -90089,7 +92221,7 @@ index 330b5e7..796fbf1 100644
struct flowi6 *fl6, struct dst_entry **dstp,
unsigned int flags)
{
-@@ -915,12 +915,15 @@ do_confirm:
+@@ -914,12 +914,15 @@ do_confirm:
static int rawv6_seticmpfilter(struct sock *sk, int level, int optname,
char __user *optval, int optlen)
{
@@ -90106,7 +92238,7 @@ index 330b5e7..796fbf1 100644
return 0;
default:
return -ENOPROTOOPT;
-@@ -933,6 +936,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
+@@ -932,6 +935,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
char __user *optval, int __user *optlen)
{
int len;
@@ -90114,7 +92246,7 @@ index 330b5e7..796fbf1 100644
switch (optname) {
case ICMPV6_FILTER:
-@@ -944,7 +948,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
+@@ -943,7 +947,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
len = sizeof(struct icmp6_filter);
if (put_user(len, optlen))
return -EFAULT;
@@ -90124,7 +92256,7 @@ index 330b5e7..796fbf1 100644
return -EFAULT;
return 0;
default:
-@@ -1252,7 +1257,7 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
+@@ -1251,7 +1256,7 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)),
0,
sock_i_ino(sp),
@@ -90134,10 +92266,10 @@ index 330b5e7..796fbf1 100644
static int raw6_seq_show(struct seq_file *seq, void *v)
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
-index 0ba10e5..c14a4f6 100644
+index 790d9f4..68ae078 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
-@@ -602,12 +602,11 @@ static struct ctl_table ip6_frags_ctl_table[] = {
+@@ -621,12 +621,11 @@ static struct ctl_table ip6_frags_ctl_table[] = {
static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
{
@@ -90152,7 +92284,7 @@ index 0ba10e5..c14a4f6 100644
if (table == NULL)
goto err_alloc;
-@@ -618,9 +617,10 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
+@@ -637,9 +636,10 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
/* Don't export sysctls to unprivileged users */
if (net->user_ns != &init_user_ns)
table[0].procname = NULL;
@@ -90165,7 +92297,7 @@ index 0ba10e5..c14a4f6 100644
if (hdr == NULL)
goto err_reg;
-@@ -628,8 +628,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
+@@ -647,8 +647,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
return 0;
err_reg:
@@ -90176,172 +92308,10 @@ index 0ba10e5..c14a4f6 100644
return -ENOMEM;
}
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
-index e5fe004..d8ed9b0 100644
+index bacce6c..9d1741a 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
-@@ -65,6 +65,12 @@
- #include <linux/sysctl.h>
- #endif
-
-+enum rt6_nud_state {
-+ RT6_NUD_FAIL_HARD = -2,
-+ RT6_NUD_FAIL_SOFT = -1,
-+ RT6_NUD_SUCCEED = 1
-+};
-+
- static struct rt6_info *ip6_rt_copy(struct rt6_info *ort,
- const struct in6_addr *dest);
- static struct dst_entry *ip6_dst_check(struct dst_entry *dst, u32 cookie);
-@@ -527,26 +533,29 @@ static inline int rt6_check_dev(struct rt6_info *rt, int oif)
- return 0;
- }
-
--static inline bool rt6_check_neigh(struct rt6_info *rt)
-+static inline enum rt6_nud_state rt6_check_neigh(struct rt6_info *rt)
- {
- struct neighbour *neigh;
-- bool ret = false;
-+ enum rt6_nud_state ret = RT6_NUD_FAIL_HARD;
-
- if (rt->rt6i_flags & RTF_NONEXTHOP ||
- !(rt->rt6i_flags & RTF_GATEWAY))
-- return true;
-+ return RT6_NUD_SUCCEED;
-
- rcu_read_lock_bh();
- neigh = __ipv6_neigh_lookup_noref(rt->dst.dev, &rt->rt6i_gateway);
- if (neigh) {
- read_lock(&neigh->lock);
- if (neigh->nud_state & NUD_VALID)
-- ret = true;
-+ ret = RT6_NUD_SUCCEED;
- #ifdef CONFIG_IPV6_ROUTER_PREF
- else if (!(neigh->nud_state & NUD_FAILED))
-- ret = true;
-+ ret = RT6_NUD_SUCCEED;
- #endif
- read_unlock(&neigh->lock);
-+ } else {
-+ ret = IS_ENABLED(CONFIG_IPV6_ROUTER_PREF) ?
-+ RT6_NUD_SUCCEED : RT6_NUD_FAIL_SOFT;
- }
- rcu_read_unlock_bh();
-
-@@ -560,43 +569,52 @@ static int rt6_score_route(struct rt6_info *rt, int oif,
-
- m = rt6_check_dev(rt, oif);
- if (!m && (strict & RT6_LOOKUP_F_IFACE))
-- return -1;
-+ return RT6_NUD_FAIL_HARD;
- #ifdef CONFIG_IPV6_ROUTER_PREF
- m |= IPV6_DECODE_PREF(IPV6_EXTRACT_PREF(rt->rt6i_flags)) << 2;
- #endif
-- if (!rt6_check_neigh(rt) && (strict & RT6_LOOKUP_F_REACHABLE))
-- return -1;
-+ if (strict & RT6_LOOKUP_F_REACHABLE) {
-+ int n = rt6_check_neigh(rt);
-+ if (n < 0)
-+ return n;
-+ }
- return m;
- }
-
- static struct rt6_info *find_match(struct rt6_info *rt, int oif, int strict,
-- int *mpri, struct rt6_info *match)
-+ int *mpri, struct rt6_info *match,
-+ bool *do_rr)
- {
- int m;
-+ bool match_do_rr = false;
-
- if (rt6_check_expired(rt))
- goto out;
-
- m = rt6_score_route(rt, oif, strict);
-- if (m < 0)
-+ if (m == RT6_NUD_FAIL_SOFT && !IS_ENABLED(CONFIG_IPV6_ROUTER_PREF)) {
-+ match_do_rr = true;
-+ m = 0; /* lowest valid score */
-+ } else if (m < 0) {
- goto out;
-+ }
-+
-+ if (strict & RT6_LOOKUP_F_REACHABLE)
-+ rt6_probe(rt);
-
- if (m > *mpri) {
-- if (strict & RT6_LOOKUP_F_REACHABLE)
-- rt6_probe(match);
-+ *do_rr = match_do_rr;
- *mpri = m;
- match = rt;
-- } else if (strict & RT6_LOOKUP_F_REACHABLE) {
-- rt6_probe(rt);
- }
--
- out:
- return match;
- }
-
- static struct rt6_info *find_rr_leaf(struct fib6_node *fn,
- struct rt6_info *rr_head,
-- u32 metric, int oif, int strict)
-+ u32 metric, int oif, int strict,
-+ bool *do_rr)
- {
- struct rt6_info *rt, *match;
- int mpri = -1;
-@@ -604,10 +622,10 @@ static struct rt6_info *find_rr_leaf(struct fib6_node *fn,
- match = NULL;
- for (rt = rr_head; rt && rt->rt6i_metric == metric;
- rt = rt->dst.rt6_next)
-- match = find_match(rt, oif, strict, &mpri, match);
-+ match = find_match(rt, oif, strict, &mpri, match, do_rr);
- for (rt = fn->leaf; rt && rt != rr_head && rt->rt6i_metric == metric;
- rt = rt->dst.rt6_next)
-- match = find_match(rt, oif, strict, &mpri, match);
-+ match = find_match(rt, oif, strict, &mpri, match, do_rr);
-
- return match;
- }
-@@ -616,15 +634,16 @@ static struct rt6_info *rt6_select(struct fib6_node *fn, int oif, int strict)
- {
- struct rt6_info *match, *rt0;
- struct net *net;
-+ bool do_rr = false;
-
- rt0 = fn->rr_ptr;
- if (!rt0)
- fn->rr_ptr = rt0 = fn->leaf;
-
-- match = find_rr_leaf(fn, rt0, rt0->rt6i_metric, oif, strict);
-+ match = find_rr_leaf(fn, rt0, rt0->rt6i_metric, oif, strict,
-+ &do_rr);
-
-- if (!match &&
-- (strict & RT6_LOOKUP_F_REACHABLE)) {
-+ if (do_rr) {
- struct rt6_info *next = rt0->dst.rt6_next;
-
- /* no entries matched; do round-robin */
-@@ -1074,10 +1093,13 @@ static void ip6_link_failure(struct sk_buff *skb)
-
- rt = (struct rt6_info *) skb_dst(skb);
- if (rt) {
-- if (rt->rt6i_flags & RTF_CACHE)
-- rt6_update_expires(rt, 0);
-- else if (rt->rt6i_node && (rt->rt6i_flags & RTF_DEFAULT))
-+ if (rt->rt6i_flags & RTF_CACHE) {
-+ dst_hold(&rt->dst);
-+ if (ip6_del_rt(rt))
-+ dst_free(&rt->dst);
-+ } else if (rt->rt6i_node && (rt->rt6i_flags & RTF_DEFAULT)) {
- rt->rt6i_node->fn_sernum = -1;
-+ }
- }
- }
-
-@@ -2881,7 +2903,7 @@ ctl_table ipv6_route_table_template[] = {
+@@ -2903,7 +2903,7 @@ ctl_table ipv6_route_table_template[] = {
struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
{
@@ -90351,7 +92321,7 @@ index e5fe004..d8ed9b0 100644
table = kmemdup(ipv6_route_table_template,
sizeof(ipv6_route_table_template),
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
-index 02f96dc..58dd9e8 100644
+index 60df36d..f3ab7c8 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev);
@@ -90363,16 +92333,7 @@ index 02f96dc..58dd9e8 100644
static int sit_net_id __read_mostly;
struct sit_net {
-@@ -624,7 +624,7 @@ static int ipip6_rcv(struct sk_buff *skb)
- tunnel->dev->stats.rx_errors++;
- goto out;
- }
-- } else {
-+ } else if (!(tunnel->dev->flags&IFF_POINTOPOINT)) {
- if (is_spoofed_6rd(tunnel, iph->saddr,
- &ipv6_hdr(skb)->saddr) ||
- is_spoofed_6rd(tunnel, iph->daddr,
-@@ -1486,7 +1486,7 @@ static const struct nla_policy ipip6_policy[IFLA_IPTUN_MAX + 1] = {
+@@ -1453,7 +1453,7 @@ static const struct nla_policy ipip6_policy[IFLA_IPTUN_MAX + 1] = {
#endif
};
@@ -90395,7 +92356,7 @@ index e85c48b..b8268d3 100644
struct ctl_table *ipv6_icmp_table;
int err;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
-index 0fce928..c52a518 100644
+index 0a17ed9..2526cc3 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -103,6 +103,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb)
@@ -90409,7 +92370,7 @@ index 0fce928..c52a518 100644
static void tcp_v6_hash(struct sock *sk)
{
if (sk->sk_state != TCP_CLOSE) {
-@@ -1446,6 +1450,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
+@@ -1398,6 +1402,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb)
return 0;
reset:
@@ -90419,7 +92380,7 @@ index 0fce928..c52a518 100644
tcp_v6_send_reset(sk, skb);
discard:
if (opt_skb)
-@@ -1527,12 +1534,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
+@@ -1480,12 +1487,20 @@ static int tcp_v6_rcv(struct sk_buff *skb)
TCP_SKB_CB(skb)->sacked = 0;
sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest);
@@ -90442,7 +92403,7 @@ index 0fce928..c52a518 100644
if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) {
NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP);
-@@ -1581,6 +1596,10 @@ no_tcp_socket:
+@@ -1536,6 +1551,10 @@ csum_error:
bad_packet:
TCP_INC_STATS_BH(net, TCP_MIB_INERRS);
} else {
@@ -90454,7 +92415,7 @@ index 0fce928..c52a518 100644
}
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
-index 27f0f8e..a8928b5 100644
+index e7b28f9..d09c290 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -52,6 +52,10 @@
@@ -90477,8 +92438,8 @@ index 27f0f8e..a8928b5 100644
if (is_udp4)
UDP_INC_STATS_USER(sock_net(sk),
UDP_MIB_INERRORS,
-@@ -657,7 +661,7 @@ int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
- return rc;
+@@ -665,7 +669,7 @@ csum_error:
+ UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_CSUMERRORS, is_udplite);
drop:
UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite);
- atomic_inc(&sk->sk_drops);
@@ -90486,7 +92447,7 @@ index 27f0f8e..a8928b5 100644
kfree_skb(skb);
return -1;
}
-@@ -715,7 +719,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
+@@ -723,7 +727,7 @@ static void flush_stack(struct sock **stack, unsigned int count,
if (likely(skb1 == NULL))
skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC);
if (!skb1) {
@@ -90495,8 +92456,8 @@ index 27f0f8e..a8928b5 100644
UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS,
IS_UDPLITE(sk));
UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS,
-@@ -852,6 +856,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
- goto discard;
+@@ -860,6 +864,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
+ goto csum_error;
UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE);
+#ifdef CONFIG_GRKERNSEC_BLACKHOLE
@@ -90505,25 +92466,7 @@ index 27f0f8e..a8928b5 100644
icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0);
kfree_skb(skb);
-@@ -945,11 +952,16 @@ static int udp_v6_push_pending_frames(struct sock *sk)
- struct udphdr *uh;
- struct udp_sock *up = udp_sk(sk);
- struct inet_sock *inet = inet_sk(sk);
-- struct flowi6 *fl6 = &inet->cork.fl.u.ip6;
-+ struct flowi6 *fl6;
- int err = 0;
- int is_udplite = IS_UDPLITE(sk);
- __wsum csum = 0;
-
-+ if (up->pending == AF_INET)
-+ return udp_push_pending_frames(sk);
-+
-+ fl6 = &inet->cork.fl.u.ip6;
-+
- /* Grab the skbuff where UDP header space exists. */
- if ((skb = skb_peek(&sk->sk_write_queue)) == NULL)
- goto out;
-@@ -1377,7 +1389,7 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket
+@@ -1392,7 +1399,7 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket
0,
sock_i_ino(sp),
atomic_read(&sp->sk_refcnt), sp,
@@ -90572,7 +92515,7 @@ index 23ed03d..465a71d 100644
return -ENOMEM;
}
diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c
-index 362ba47..66196f4 100644
+index 41ac7938..75e3bb1 100644
--- a/net/irda/ircomm/ircomm_tty.c
+++ b/net/irda/ircomm/ircomm_tty.c
@@ -319,11 +319,11 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self,
@@ -90646,21 +92589,8 @@ index 362ba47..66196f4 100644
seq_printf(m, "Max data size: %d\n", self->max_data_size);
seq_printf(m, "Max header size: %d\n", self->max_header_size);
-diff --git a/net/irda/irlap_frame.c b/net/irda/irlap_frame.c
-index 8c00416..9ea0c93 100644
---- a/net/irda/irlap_frame.c
-+++ b/net/irda/irlap_frame.c
-@@ -544,7 +544,7 @@ static void irlap_recv_discovery_xid_cmd(struct irlap_cb *self,
- /*
- * We now have some discovery info to deliver!
- */
-- discovery = kmalloc(sizeof(discovery_t), GFP_ATOMIC);
-+ discovery = kzalloc(sizeof(discovery_t), GFP_ATOMIC);
- if (!discovery) {
- IRDA_WARNING("%s: unable to malloc!\n", __func__);
- return;
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
-index 206ce6d..cfb27cd 100644
+index ae69165..c8b82d8 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -773,10 +773,10 @@ static int iucv_sock_autobind(struct sock *sk)
@@ -90690,26 +92620,10 @@ index 4fe76ff..426a904 100644
};
diff --git a/net/key/af_key.c b/net/key/af_key.c
-index 5b1e5af..1b929e7 100644
+index ab8bd2c..cd2d641 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
-@@ -1710,6 +1710,7 @@ static int key_notify_sa_flush(const struct km_event *c)
- hdr->sadb_msg_version = PF_KEY_V2;
- hdr->sadb_msg_errno = (uint8_t) 0;
- hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
-+ hdr->sadb_msg_reserved = 0;
-
- pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
-
-@@ -2695,6 +2696,7 @@ static int key_notify_policy_flush(const struct km_event *c)
- hdr->sadb_msg_errno = (uint8_t) 0;
- hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
- hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
-+ hdr->sadb_msg_reserved = 0;
- pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
- return 0;
-
-@@ -3041,10 +3043,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc
+@@ -3048,10 +3048,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc
static u32 get_acqseq(void)
{
u32 res;
@@ -90722,34 +92636,20 @@ index 5b1e5af..1b929e7 100644
} while (!res);
return res;
}
-diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
-index 8dec687..5ebee2d 100644
---- a/net/l2tp/l2tp_ppp.c
-+++ b/net/l2tp/l2tp_ppp.c
-@@ -1793,7 +1793,8 @@ static const struct proto_ops pppol2tp_ops = {
-
- static const struct pppox_proto pppol2tp_proto = {
- .create = pppol2tp_create,
-- .ioctl = pppol2tp_ioctl
-+ .ioctl = pppol2tp_ioctl,
-+ .owner = THIS_MODULE,
- };
-
- #ifdef CONFIG_L2TP_V3
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
-index 843d8c4..cb04fa1 100644
+index ae36f8e..09d42ac 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
-@@ -799,7 +799,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
+@@ -806,7 +806,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
ret = ieee80211_vif_use_channel(sdata, chandef,
IEEE80211_CHANCTX_EXCLUSIVE);
}
- } else if (local->open_count == local->monitors) {
+ } else if (local_read(&local->open_count) == local->monitors) {
- local->_oper_channel = chandef->chan;
- local->_oper_channel_type = cfg80211_get_chandef_type(chandef);
+ local->_oper_chandef = *chandef;
ieee80211_hw_config(local, 0);
-@@ -2834,7 +2834,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy,
+ }
+@@ -2922,7 +2922,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy,
else
local->probe_req_reg--;
@@ -90758,7 +92658,7 @@ index 843d8c4..cb04fa1 100644
break;
ieee80211_queue_work(&local->hw, &local->reconfig_filter);
-@@ -3297,8 +3297,8 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy,
+@@ -3385,8 +3385,8 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy,
if (chanctx_conf) {
*chandef = chanctx_conf->def;
ret = 0;
@@ -90770,7 +92670,7 @@ index 843d8c4..cb04fa1 100644
if (local->use_chanctx)
*chandef = local->monitor_chandef;
diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
-index 4e74cd6..963b8a1 100644
+index 9ca8e32..48e4a9b 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -28,6 +28,7 @@
@@ -90781,7 +92681,7 @@ index 4e74cd6..963b8a1 100644
#include "key.h"
#include "sta_info.h"
#include "debug.h"
-@@ -897,7 +898,7 @@ struct ieee80211_local {
+@@ -891,7 +892,7 @@ struct ieee80211_local {
/* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
spinlock_t queue_stop_reason_lock;
@@ -90791,10 +92691,10 @@ index 4e74cd6..963b8a1 100644
/* number of interfaces with corresponding FIF_ flags */
int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c
-index 9cbebc2..14879bb 100644
+index 514e90f..56f22bf 100644
--- a/net/mac80211/iface.c
+++ b/net/mac80211/iface.c
-@@ -495,7 +495,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
+@@ -502,7 +502,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
break;
}
@@ -90803,7 +92703,7 @@ index 9cbebc2..14879bb 100644
res = drv_start(local);
if (res)
goto err_del_bss;
-@@ -540,7 +540,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
+@@ -545,7 +545,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
break;
}
@@ -90812,7 +92712,7 @@ index 9cbebc2..14879bb 100644
res = ieee80211_add_virtual_monitor(local);
if (res)
goto err_stop;
-@@ -649,7 +649,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
+@@ -653,7 +653,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
atomic_inc(&local->iff_promiscs);
if (coming_up)
@@ -90821,7 +92721,7 @@ index 9cbebc2..14879bb 100644
if (hw_reconf_flags)
ieee80211_hw_config(local, hw_reconf_flags);
-@@ -663,7 +663,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
+@@ -691,7 +691,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up)
err_del_interface:
drv_remove_interface(local, sdata);
err_stop:
@@ -90830,7 +92730,7 @@ index 9cbebc2..14879bb 100644
drv_stop(local);
err_del_bss:
sdata->bss = NULL;
-@@ -806,7 +806,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+@@ -828,7 +828,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
}
if (going_down)
@@ -90839,29 +92739,38 @@ index 9cbebc2..14879bb 100644
switch (sdata->vif.type) {
case NL80211_IFTYPE_AP_VLAN:
-@@ -871,7 +871,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+@@ -895,7 +895,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+ }
+ spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
+
+- if (local->open_count == 0)
++ if (local_read(&local->open_count) == 0)
+ ieee80211_clear_tx_pending(local);
+
+ /*
+@@ -931,7 +931,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
ieee80211_recalc_ps(local, -1);
- if (local->open_count == 0) {
+ if (local_read(&local->open_count) == 0) {
- if (local->ops->napi_poll)
- napi_disable(&local->napi);
- ieee80211_clear_tx_pending(local);
-@@ -897,7 +897,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
- }
- spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags);
+ ieee80211_stop_device(local);
-- if (local->monitors == local->open_count && local->monitors > 0)
-+ if (local->monitors == local_read(&local->open_count) && local->monitors > 0)
+ /* no reconfiguring after stop! */
+@@ -942,7 +942,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata,
+ ieee80211_configure_filter(local);
+ ieee80211_hw_config(local, hw_reconf_flags);
+
+- if (local->monitors == local->open_count)
++ if (local->monitors == local_read(&local->open_count))
ieee80211_add_virtual_monitor(local);
}
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
-index 1a8591b..ef5db54 100644
+index 8a7bfc4..4407cd0 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
-@@ -180,7 +180,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
+@@ -181,7 +181,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
changed &= ~(IEEE80211_CONF_CHANGE_CHANNEL |
IEEE80211_CONF_CHANGE_POWER);
@@ -90871,19 +92780,19 @@ index 1a8591b..ef5db54 100644
/*
* Goal:
diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c
-index 835584c..be46e67 100644
+index 3401262..d5cd68d 100644
--- a/net/mac80211/pm.c
+++ b/net/mac80211/pm.c
-@@ -33,7 +33,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
+@@ -12,7 +12,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
+ struct ieee80211_sub_if_data *sdata;
struct sta_info *sta;
- struct ieee80211_chanctx *ctx;
- if (!local->open_count)
+ if (!local_read(&local->open_count))
goto suspend;
ieee80211_scan_cancel(local);
-@@ -75,7 +75,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
+@@ -59,7 +59,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
cancel_work_sync(&local->dynamic_ps_enable_work);
del_timer_sync(&local->dynamic_ps_timer);
@@ -90892,8 +92801,8 @@ index 835584c..be46e67 100644
if (local->wowlan) {
int err = drv_suspend(local, wowlan);
if (err < 0) {
-@@ -214,7 +214,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
- mutex_unlock(&local->chanctx_mtx);
+@@ -116,7 +116,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan)
+ WARN_ON(!list_empty(&local->chanctx_list));
/* stop hardware - this must stop RX */
- if (local->open_count)
@@ -90902,10 +92811,10 @@ index 835584c..be46e67 100644
suspend:
diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c
-index dd88381..eef4dd6 100644
+index a02bef3..f2f38dd 100644
--- a/net/mac80211/rate.c
+++ b/net/mac80211/rate.c
-@@ -493,7 +493,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
+@@ -712,7 +712,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
ASSERT_RTNL();
@@ -90928,10 +92837,10 @@ index c97a065..ff61928 100644
return p;
diff --git a/net/mac80211/util.c b/net/mac80211/util.c
-index 1f4b908..c4def45 100644
+index 72e6292..e6319eb 100644
--- a/net/mac80211/util.c
+++ b/net/mac80211/util.c
-@@ -1388,7 +1388,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
+@@ -1472,7 +1472,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
}
#endif
/* everything else happens only if HW was up & running */
@@ -90940,6 +92849,15 @@ index 1f4b908..c4def45 100644
goto wake_up;
/*
+@@ -1696,7 +1696,7 @@ int ieee80211_reconfig(struct ieee80211_local *local)
+ local->in_reconfig = false;
+ barrier();
+
+- if (local->monitors == local->open_count && local->monitors > 0)
++ if (local->monitors == local_read(&local->open_count) && local->monitors > 0)
+ ieee80211_add_virtual_monitor(local);
+
+ /*
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index 56d22ca..87c778f 100644
--- a/net/netfilter/Kconfig
@@ -90974,10 +92892,10 @@ index a1abf87..dbcb7ee 100644
obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o
obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
-index 1ba9dbc..e39f4ca 100644
+index f771390..145b765 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
-@@ -1801,7 +1801,7 @@ done:
+@@ -1820,7 +1820,7 @@ done:
return ret;
}
@@ -90987,28 +92905,28 @@ index 1ba9dbc..e39f4ca 100644
.get_optmin = SO_IP_SET,
.get_optmax = SO_IP_SET + 1,
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c
-index 704e514..d644cc2 100644
+index a083bda..da661c3 100644
--- a/net/netfilter/ipvs/ip_vs_conn.c
+++ b/net/netfilter/ipvs/ip_vs_conn.c
-@@ -551,7 +551,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest)
+@@ -556,7 +556,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest)
/* Increase the refcnt counter of the dest */
- atomic_inc(&dest->refcnt);
+ ip_vs_dest_hold(dest);
- conn_flags = atomic_read(&dest->conn_flags);
+ conn_flags = atomic_read_unchecked(&dest->conn_flags);
if (cp->protocol != IPPROTO_UDP)
conn_flags &= ~IP_VS_CONN_F_ONE_PACKET;
flags = cp->flags;
-@@ -895,7 +895,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p,
- atomic_set(&cp->refcnt, 1);
+@@ -900,7 +900,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p,
+ cp->control = NULL;
atomic_set(&cp->n_control, 0);
- atomic_set(&cp->in_pkts, 0);
+ atomic_set_unchecked(&cp->in_pkts, 0);
- atomic_inc(&ipvs->conn_count);
- if (flags & IP_VS_CONN_F_NO_CPORT)
-@@ -1174,7 +1174,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp)
+ cp->packet_xmit = NULL;
+ cp->app = NULL;
+@@ -1190,7 +1190,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp)
/* Don't drop the entry if its number of incoming packets is not
located in [0, 8] */
@@ -91018,7 +92936,7 @@ index 704e514..d644cc2 100644
if (!todrop_rate[i]) return 0;
diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c
-index 61f49d2..6c8c5bc 100644
+index 23b8eb5..48a8959 100644
--- a/net/netfilter/ipvs/ip_vs_core.c
+++ b/net/netfilter/ipvs/ip_vs_core.c
@@ -559,7 +559,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb,
@@ -91030,7 +92948,7 @@ index 61f49d2..6c8c5bc 100644
ip_vs_conn_put(cp);
return ret;
}
-@@ -1689,7 +1689,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af)
+@@ -1711,7 +1711,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af)
if (cp->flags & IP_VS_CONN_F_ONE_PACKET)
pkts = sysctl_sync_threshold(ipvs);
else
@@ -91040,19 +92958,19 @@ index 61f49d2..6c8c5bc 100644
if (ipvs->sync_state & IP_VS_STATE_MASTER)
ip_vs_sync_conn(net, cp, pkts);
diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c
-index 9e2d1cc..6ed0748 100644
+index 9e6c2a0..28552e2 100644
--- a/net/netfilter/ipvs/ip_vs_ctl.c
+++ b/net/netfilter/ipvs/ip_vs_ctl.c
-@@ -787,7 +787,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest,
+@@ -789,7 +789,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest,
+ */
ip_vs_rs_hash(ipvs, dest);
- write_unlock_bh(&ipvs->rs_lock);
}
- atomic_set(&dest->conn_flags, conn_flags);
+ atomic_set_unchecked(&dest->conn_flags, conn_flags);
/* bind the service */
if (!dest->svc) {
-@@ -1688,7 +1688,7 @@ proc_do_sync_ports(ctl_table *table, int write,
+@@ -1657,7 +1657,7 @@ proc_do_sync_ports(ctl_table *table, int write,
* align with netns init in ip_vs_control_net_init()
*/
@@ -91061,7 +92979,7 @@ index 9e2d1cc..6ed0748 100644
{
.procname = "amemthresh",
.maxlen = sizeof(int),
-@@ -2087,7 +2087,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
+@@ -2060,7 +2060,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
" %-7s %-6d %-10d %-10d\n",
&dest->addr.in6,
ntohs(dest->port),
@@ -91070,7 +92988,7 @@ index 9e2d1cc..6ed0748 100644
atomic_read(&dest->weight),
atomic_read(&dest->activeconns),
atomic_read(&dest->inactconns));
-@@ -2098,7 +2098,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
+@@ -2071,7 +2071,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v)
"%-7s %-6d %-10d %-10d\n",
ntohl(dest->addr.ip),
ntohs(dest->port),
@@ -91079,14 +92997,7 @@ index 9e2d1cc..6ed0748 100644
atomic_read(&dest->weight),
atomic_read(&dest->activeconns),
atomic_read(&dest->inactconns));
-@@ -2562,13 +2562,14 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get,
- struct ip_vs_dest *dest;
- struct ip_vs_dest_entry entry;
-
-+ memset(&entry, 0, sizeof(entry));
- list_for_each_entry(dest, &svc->destinations, n_list) {
- if (count >= get->num_dests)
- break;
+@@ -2549,7 +2549,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get,
entry.addr = dest->addr.ip;
entry.port = dest->port;
@@ -91095,16 +93006,16 @@ index 9e2d1cc..6ed0748 100644
entry.weight = atomic_read(&dest->weight);
entry.u_threshold = dest->u_threshold;
entry.l_threshold = dest->l_threshold;
-@@ -3104,7 +3105,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest)
+@@ -3092,7 +3092,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest)
if (nla_put(skb, IPVS_DEST_ATTR_ADDR, sizeof(dest->addr), &dest->addr) ||
- nla_put_u16(skb, IPVS_DEST_ATTR_PORT, dest->port) ||
+ nla_put_be16(skb, IPVS_DEST_ATTR_PORT, dest->port) ||
nla_put_u32(skb, IPVS_DEST_ATTR_FWD_METHOD,
- (atomic_read(&dest->conn_flags) &
+ (atomic_read_unchecked(&dest->conn_flags) &
IP_VS_CONN_F_FWD_MASK)) ||
nla_put_u32(skb, IPVS_DEST_ATTR_WEIGHT,
atomic_read(&dest->weight)) ||
-@@ -3694,7 +3695,7 @@ static int __net_init ip_vs_control_net_init_sysctl(struct net *net)
+@@ -3682,7 +3682,7 @@ static int __net_init ip_vs_control_net_init_sysctl(struct net *net)
{
int idx;
struct netns_ipvs *ipvs = net_ipvs(net);
@@ -91114,10 +93025,10 @@ index 9e2d1cc..6ed0748 100644
atomic_set(&ipvs->dropentry, 0);
spin_lock_init(&ipvs->dropentry_lock);
diff --git a/net/netfilter/ipvs/ip_vs_lblc.c b/net/netfilter/ipvs/ip_vs_lblc.c
-index fdd89b9..bd96aa9 100644
+index 5ea26bd..c9bc65f 100644
--- a/net/netfilter/ipvs/ip_vs_lblc.c
+++ b/net/netfilter/ipvs/ip_vs_lblc.c
-@@ -115,7 +115,7 @@ struct ip_vs_lblc_table {
+@@ -118,7 +118,7 @@ struct ip_vs_lblc_table {
* IPVS LBLC sysctl table
*/
#ifdef CONFIG_SYSCTL
@@ -91127,10 +93038,10 @@ index fdd89b9..bd96aa9 100644
.procname = "lblc_expiration",
.data = NULL,
diff --git a/net/netfilter/ipvs/ip_vs_lblcr.c b/net/netfilter/ipvs/ip_vs_lblcr.c
-index c03b6a3..8ce3681 100644
+index 50123c2..067c773 100644
--- a/net/netfilter/ipvs/ip_vs_lblcr.c
+++ b/net/netfilter/ipvs/ip_vs_lblcr.c
-@@ -288,7 +288,7 @@ struct ip_vs_lblcr_table {
+@@ -299,7 +299,7 @@ struct ip_vs_lblcr_table {
* IPVS LBLCR sysctl table
*/
@@ -91140,7 +93051,7 @@ index c03b6a3..8ce3681 100644
.procname = "lblcr_expiration",
.data = NULL,
diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
-index 44fd10c..2a163b3 100644
+index f6046d9..4f10cfd 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -596,7 +596,7 @@ static void ip_vs_sync_conn_v0(struct net *net, struct ip_vs_conn *cp,
@@ -91161,7 +93072,7 @@ index 44fd10c..2a163b3 100644
else
pkts = sysctl_sync_threshold(ipvs);
goto sloop;
-@@ -885,7 +885,7 @@ static void ip_vs_proc_conn(struct net *net, struct ip_vs_conn_param *param,
+@@ -882,7 +882,7 @@ static void ip_vs_proc_conn(struct net *net, struct ip_vs_conn_param *param,
if (opt)
memcpy(&cp->in_seq, opt, sizeof(*opt));
@@ -91171,10 +93082,10 @@ index 44fd10c..2a163b3 100644
cp->old_state = cp->state;
/*
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
-index ee6b7a9..f9a89f6 100644
+index b75ff64..0c51bbe 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
-@@ -1210,7 +1210,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
+@@ -1102,7 +1102,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp,
else
rc = NF_ACCEPT;
/* do not touch skb anymore */
@@ -91183,7 +93094,7 @@ index ee6b7a9..f9a89f6 100644
goto out;
}
-@@ -1332,7 +1332,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
+@@ -1194,7 +1194,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp,
else
rc = NF_ACCEPT;
/* do not touch skb anymore */
@@ -91206,10 +93117,10 @@ index 2d3030a..7ba1c0a 100644
table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table),
GFP_KERNEL);
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
-index c8e001a..f842a8b 100644
+index 0283bae..5febcb0 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
-@@ -1594,6 +1594,10 @@ void nf_conntrack_init_end(void)
+@@ -1614,6 +1614,10 @@ void nf_conntrack_init_end(void)
#define DYING_NULLS_VAL ((1<<30)+1)
#define TEMPLATE_NULLS_VAL ((1<<30)+2)
@@ -91220,7 +93131,7 @@ index c8e001a..f842a8b 100644
int nf_conntrack_init_net(struct net *net)
{
int ret;
-@@ -1608,7 +1612,11 @@ int nf_conntrack_init_net(struct net *net)
+@@ -1628,7 +1632,11 @@ int nf_conntrack_init_net(struct net *net)
goto err_stat;
}
@@ -91233,10 +93144,10 @@ index c8e001a..f842a8b 100644
ret = -ENOMEM;
goto err_slabname;
diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c
-index b5d2eb8..61ef19a 100644
+index 1df1761..ce8b88a 100644
--- a/net/netfilter/nf_conntrack_ecache.c
+++ b/net/netfilter/nf_conntrack_ecache.c
-@@ -186,7 +186,7 @@ static struct nf_ct_ext_type event_extend __read_mostly = {
+@@ -188,7 +188,7 @@ static struct nf_ct_ext_type event_extend __read_mostly = {
#ifdef CONFIG_SYSCTL
static int nf_conntrack_event_init_sysctl(struct net *net)
{
@@ -91246,10 +93157,10 @@ index b5d2eb8..61ef19a 100644
table = kmemdup(event_sysctl_table, sizeof(event_sysctl_table),
GFP_KERNEL);
diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c
-index 94b4b98..97cf0ad 100644
+index 974a2a4..52cc6ff 100644
--- a/net/netfilter/nf_conntrack_helper.c
+++ b/net/netfilter/nf_conntrack_helper.c
-@@ -56,7 +56,7 @@ static struct ctl_table helper_sysctl_table[] = {
+@@ -57,7 +57,7 @@ static struct ctl_table helper_sysctl_table[] = {
static int nf_conntrack_helper_init_sysctl(struct net *net)
{
@@ -91259,10 +93170,10 @@ index 94b4b98..97cf0ad 100644
table = kmemdup(helper_sysctl_table, sizeof(helper_sysctl_table),
GFP_KERNEL);
diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c
-index 58ab405..50eb8d3 100644
+index 0ab9636..cea3c6a 100644
--- a/net/netfilter/nf_conntrack_proto.c
+++ b/net/netfilter/nf_conntrack_proto.c
-@@ -51,7 +51,7 @@ nf_ct_register_sysctl(struct net *net,
+@@ -52,7 +52,7 @@ nf_ct_register_sysctl(struct net *net,
static void
nf_ct_unregister_sysctl(struct ctl_table_header **header,
@@ -91272,32 +93183,75 @@ index 58ab405..50eb8d3 100644
{
if (users > 0)
diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c
-index ba65b20..2a4d937 100644
+index a99b6c3..3841268 100644
--- a/net/netfilter/nf_conntrack_proto_dccp.c
+++ b/net/netfilter/nf_conntrack_proto_dccp.c
-@@ -456,7 +456,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
-
+@@ -457,7 +457,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
out_invalid:
if (LOG_INVALID(net, IPPROTO_DCCP))
-- nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, msg);
-+ nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, "%s", msg);
+ nf_log_packet(net, nf_ct_l3num(ct), 0, skb, NULL, NULL,
+- NULL, msg);
++ NULL, "%s", msg);
return false;
}
-@@ -613,7 +613,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl,
+@@ -614,7 +614,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl,
out_invalid:
if (LOG_INVALID(net, IPPROTO_DCCP))
-- nf_log_packet(pf, 0, skb, NULL, NULL, NULL, msg);
-+ nf_log_packet(pf, 0, skb, NULL, NULL, NULL, "%s", msg);
+- nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL, msg);
++ nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL, "%s", msg);
return -NF_ACCEPT;
}
+diff --git a/net/netfilter/nf_conntrack_proto_tcp.c b/net/netfilter/nf_conntrack_proto_tcp.c
+index 4d4d8f1..e0f9a32 100644
+--- a/net/netfilter/nf_conntrack_proto_tcp.c
++++ b/net/netfilter/nf_conntrack_proto_tcp.c
+@@ -526,7 +526,7 @@ static bool tcp_in_window(const struct nf_conn *ct,
+ const struct nf_conntrack_tuple *tuple = &ct->tuplehash[dir].tuple;
+ __u32 seq, ack, sack, end, win, swin;
+ s16 receiver_offset;
+- bool res;
++ bool res, in_recv_win;
+
+ /*
+ * Get the required data from the packet.
+@@ -649,14 +649,18 @@ static bool tcp_in_window(const struct nf_conn *ct,
+ receiver->td_end, receiver->td_maxend, receiver->td_maxwin,
+ receiver->td_scale);
+
++ /* Is the ending sequence in the receive window (if available)? */
++ in_recv_win = !receiver->td_maxwin ||
++ after(end, sender->td_end - receiver->td_maxwin - 1);
++
+ pr_debug("tcp_in_window: I=%i II=%i III=%i IV=%i\n",
+ before(seq, sender->td_maxend + 1),
+- after(end, sender->td_end - receiver->td_maxwin - 1),
++ (in_recv_win ? 1 : 0),
+ before(sack, receiver->td_end + 1),
+ after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1));
+
+ if (before(seq, sender->td_maxend + 1) &&
+- after(end, sender->td_end - receiver->td_maxwin - 1) &&
++ in_recv_win &&
+ before(sack, receiver->td_end + 1) &&
+ after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1)) {
+ /*
+@@ -725,7 +729,7 @@ static bool tcp_in_window(const struct nf_conn *ct,
+ nf_log_packet(net, pf, 0, skb, NULL, NULL, NULL,
+ "nf_ct_tcp: %s ",
+ before(seq, sender->td_maxend + 1) ?
+- after(end, sender->td_end - receiver->td_maxwin - 1) ?
++ in_recv_win ?
+ before(sack, receiver->td_end + 1) ?
+ after(sack, receiver->td_end - MAXACKWINDOW(sender) - 1) ? "BUG"
+ : "ACK is under the lower bound (possible overly delayed ACK)"
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
-index fedee39..d62a93d 100644
+index bd700b4..4a3dc61 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
-@@ -470,7 +470,7 @@ static ctl_table nf_ct_netfilter_table[] = {
+@@ -471,7 +471,7 @@ static ctl_table nf_ct_netfilter_table[] = {
static int nf_conntrack_standalone_init_sysctl(struct net *net)
{
@@ -91320,26 +93274,26 @@ index 902fb0a..87f7fdb 100644
table = kmemdup(tstamp_sysctl_table, sizeof(tstamp_sysctl_table),
GFP_KERNEL);
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
-index 9e31269..bc4c1b7 100644
+index 3b18dd1..f79e0ca 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
-@@ -215,7 +215,7 @@ static const struct file_operations nflog_file_ops = {
+@@ -243,7 +243,7 @@ static const struct file_operations nflog_file_ops = {
#ifdef CONFIG_SYSCTL
static char nf_log_sysctl_fnames[NFPROTO_NUMPROTO-NFPROTO_UNSPEC][3];
-static struct ctl_table nf_log_sysctl_table[NFPROTO_NUMPROTO+1];
+static ctl_table_no_const nf_log_sysctl_table[NFPROTO_NUMPROTO+1] __read_only;
- static struct ctl_table_header *nf_log_dir_header;
static int nf_log_proc_dostring(ctl_table *table, int write,
-@@ -246,14 +246,16 @@ static int nf_log_proc_dostring(ctl_table *table, int write,
- rcu_assign_pointer(nf_loggers[tindex], logger);
+ void __user *buffer, size_t *lenp, loff_t *ppos)
+@@ -274,14 +274,16 @@ static int nf_log_proc_dostring(ctl_table *table, int write,
+ rcu_assign_pointer(net->nf.nf_loggers[tindex], logger);
mutex_unlock(&nf_log_mutex);
} else {
+ ctl_table_no_const nf_log_table = *table;
+
mutex_lock(&nf_log_mutex);
- logger = rcu_dereference_protected(nf_loggers[tindex],
+ logger = rcu_dereference_protected(net->nf.nf_loggers[tindex],
lockdep_is_held(&nf_log_mutex));
if (!logger)
- table->data = "NONE";
@@ -91352,22 +93306,6 @@ index 9e31269..bc4c1b7 100644
mutex_unlock(&nf_log_mutex);
}
-diff --git a/net/netfilter/nf_nat_sip.c b/net/netfilter/nf_nat_sip.c
-index 96ccdf7..dac11f7 100644
---- a/net/netfilter/nf_nat_sip.c
-+++ b/net/netfilter/nf_nat_sip.c
-@@ -230,9 +230,10 @@ static unsigned int nf_nat_sip(struct sk_buff *skb, unsigned int protoff,
- &ct->tuplehash[!dir].tuple.src.u3,
- false);
- if (!mangle_packet(skb, protoff, dataoff, dptr, datalen,
-- poff, plen, buffer, buflen))
-+ poff, plen, buffer, buflen)) {
- nf_ct_helper_log(skb, ct, "cannot mangle received");
- return NF_DROP;
-+ }
- }
-
- /* The rport= parameter (RFC 3581) contains the port number
diff --git a/net/netfilter/nf_sockopt.c b/net/netfilter/nf_sockopt.c
index f042ae5..30ea486 100644
--- a/net/netfilter/nf_sockopt.c
@@ -91391,27 +93329,171 @@ index f042ae5..30ea486 100644
}
EXPORT_SYMBOL(nf_unregister_sockopt);
diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
-index f248db5..3778ad9 100644
+index 962e979..e46f350 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
-@@ -72,7 +72,7 @@ struct nfulnl_instance {
+@@ -82,7 +82,7 @@ static int nfnl_log_net_id __read_mostly;
+ struct nfnl_log_net {
+ spinlock_t instances_lock;
+ struct hlist_head instance_table[INSTANCE_BUCKETS];
+- atomic_t global_seq;
++ atomic_unchecked_t global_seq;
};
- static DEFINE_SPINLOCK(instances_lock);
--static atomic_t global_seq;
-+static atomic_unchecked_t global_seq;
-
- #define INSTANCE_BUCKETS 16
- static struct hlist_head instance_table[INSTANCE_BUCKETS];
-@@ -536,7 +536,7 @@ __build_packet_message(struct nfulnl_instance *inst,
+ static struct nfnl_log_net *nfnl_log_pernet(struct net *net)
+@@ -419,6 +419,7 @@ __build_packet_message(struct nfnl_log_net *log,
+ nfmsg->version = NFNETLINK_V0;
+ nfmsg->res_id = htons(inst->group_num);
+
++ memset(&pmsg, 0, sizeof(pmsg));
+ pmsg.hw_protocol = skb->protocol;
+ pmsg.hook = hooknum;
+
+@@ -498,7 +499,10 @@ __build_packet_message(struct nfnl_log_net *log,
+ if (indev && skb->dev &&
+ skb->mac_header != skb->network_header) {
+ struct nfulnl_msg_packet_hw phw;
+- int len = dev_parse_header(skb, phw.hw_addr);
++ int len;
++
++ memset(&phw, 0, sizeof(phw));
++ len = dev_parse_header(skb, phw.hw_addr);
+ if (len > 0) {
+ phw.hw_addrlen = htons(len);
+ if (nla_put(inst->skb, NFULA_HWADDR, sizeof(phw), &phw))
+@@ -559,7 +563,7 @@ __build_packet_message(struct nfnl_log_net *log,
/* global sequence number */
if ((inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) &&
nla_put_be32(inst->skb, NFULA_SEQ_GLOBAL,
-- htonl(atomic_inc_return(&global_seq))))
-+ htonl(atomic_inc_return_unchecked(&global_seq))))
+- htonl(atomic_inc_return(&log->global_seq))))
++ htonl(atomic_inc_return_unchecked(&log->global_seq))))
goto nla_put_failure;
if (data_len) {
+diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c
+index 5352b2d..e0083ce 100644
+--- a/net/netfilter/nfnetlink_queue_core.c
++++ b/net/netfilter/nfnetlink_queue_core.c
+@@ -444,7 +444,10 @@ nfqnl_build_packet_message(struct nfqnl_instance *queue,
+ if (indev && entskb->dev &&
+ entskb->mac_header != entskb->network_header) {
+ struct nfqnl_msg_packet_hw phw;
+- int len = dev_parse_header(entskb, phw.hw_addr);
++ int len;
++
++ memset(&phw, 0, sizeof(phw));
++ len = dev_parse_header(entskb, phw.hw_addr);
+ if (len) {
+ phw.hw_addrlen = htons(len);
+ if (nla_put(skb, NFQA_HWADDR, sizeof(phw), &phw))
+diff --git a/net/netfilter/xt_TCPMSS.c b/net/netfilter/xt_TCPMSS.c
+index 7011c71..6113cc7 100644
+--- a/net/netfilter/xt_TCPMSS.c
++++ b/net/netfilter/xt_TCPMSS.c
+@@ -52,7 +52,8 @@ tcpmss_mangle_packet(struct sk_buff *skb,
+ {
+ const struct xt_tcpmss_info *info = par->targinfo;
+ struct tcphdr *tcph;
+- unsigned int tcplen, i;
++ int len, tcp_hdrlen;
++ unsigned int i;
+ __be16 oldval;
+ u16 newmss;
+ u8 *opt;
+@@ -64,11 +65,14 @@ tcpmss_mangle_packet(struct sk_buff *skb,
+ if (!skb_make_writable(skb, skb->len))
+ return -1;
+
+- tcplen = skb->len - tcphoff;
++ len = skb->len - tcphoff;
++ if (len < (int)sizeof(struct tcphdr))
++ return -1;
++
+ tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff);
++ tcp_hdrlen = tcph->doff * 4;
+
+- /* Header cannot be larger than the packet */
+- if (tcplen < tcph->doff*4)
++ if (len < tcp_hdrlen)
+ return -1;
+
+ if (info->mss == XT_TCPMSS_CLAMP_PMTU) {
+@@ -87,9 +91,8 @@ tcpmss_mangle_packet(struct sk_buff *skb,
+ newmss = info->mss;
+
+ opt = (u_int8_t *)tcph;
+- for (i = sizeof(struct tcphdr); i < tcph->doff*4; i += optlen(opt, i)) {
+- if (opt[i] == TCPOPT_MSS && tcph->doff*4 - i >= TCPOLEN_MSS &&
+- opt[i+1] == TCPOLEN_MSS) {
++ for (i = sizeof(struct tcphdr); i <= tcp_hdrlen - TCPOLEN_MSS; i += optlen(opt, i)) {
++ if (opt[i] == TCPOPT_MSS && opt[i+1] == TCPOLEN_MSS) {
+ u_int16_t oldmss;
+
+ oldmss = (opt[i+2] << 8) | opt[i+3];
+@@ -112,9 +115,10 @@ tcpmss_mangle_packet(struct sk_buff *skb,
+ }
+
+ /* There is data after the header so the option can't be added
+- without moving it, and doing so may make the SYN packet
+- itself too large. Accept the packet unmodified instead. */
+- if (tcplen > tcph->doff*4)
++ * without moving it, and doing so may make the SYN packet
++ * itself too large. Accept the packet unmodified instead.
++ */
++ if (len > tcp_hdrlen)
+ return 0;
+
+ /*
+@@ -143,10 +147,10 @@ tcpmss_mangle_packet(struct sk_buff *skb,
+ newmss = min(newmss, (u16)1220);
+
+ opt = (u_int8_t *)tcph + sizeof(struct tcphdr);
+- memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr));
++ memmove(opt + TCPOLEN_MSS, opt, len - sizeof(struct tcphdr));
+
+ inet_proto_csum_replace2(&tcph->check, skb,
+- htons(tcplen), htons(tcplen + TCPOLEN_MSS), 1);
++ htons(len), htons(len + TCPOLEN_MSS), 1);
+ opt[0] = TCPOPT_MSS;
+ opt[1] = TCPOLEN_MSS;
+ opt[2] = (newmss & 0xff00) >> 8;
+diff --git a/net/netfilter/xt_TCPOPTSTRIP.c b/net/netfilter/xt_TCPOPTSTRIP.c
+index b68fa19..625fa1d 100644
+--- a/net/netfilter/xt_TCPOPTSTRIP.c
++++ b/net/netfilter/xt_TCPOPTSTRIP.c
+@@ -38,7 +38,7 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb,
+ struct tcphdr *tcph;
+ u_int16_t n, o;
+ u_int8_t *opt;
+- int len;
++ int len, tcp_hdrlen;
+
+ /* This is a fragment, no TCP header is available */
+ if (par->fragoff != 0)
+@@ -52,7 +52,9 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb,
+ return NF_DROP;
+
+ tcph = (struct tcphdr *)(skb_network_header(skb) + tcphoff);
+- if (tcph->doff * 4 > len)
++ tcp_hdrlen = tcph->doff * 4;
++
++ if (len < tcp_hdrlen)
+ return NF_DROP;
+
+ opt = (u_int8_t *)tcph;
+@@ -61,10 +63,10 @@ tcpoptstrip_mangle_packet(struct sk_buff *skb,
+ * Walk through all TCP options - if we find some option to remove,
+ * set all octets to %TCPOPT_NOP and adjust checksum.
+ */
+- for (i = sizeof(struct tcphdr); i < tcp_hdrlen(skb); i += optl) {
++ for (i = sizeof(struct tcphdr); i < tcp_hdrlen - 1; i += optl) {
+ optl = optlen(opt, i);
+
+- if (i + optl > tcp_hdrlen(skb))
++ if (i + optl > tcp_hdrlen)
+ break;
+
+ if (!tcpoptstrip_test_bit(info->strip_bmap, opt[i]))
diff --git a/net/netfilter/xt_gradm.c b/net/netfilter/xt_gradm.c
new file mode 100644
index 0000000..c566332
@@ -91504,10 +93586,10 @@ index 4fe4fb4..87a89e5 100644
return 0;
}
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
-index 1e3fd5b..ad397ea 100644
+index 57ee84d..8b99cf5 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
-@@ -781,7 +781,7 @@ static void netlink_overrun(struct sock *sk)
+@@ -121,7 +121,7 @@ static void netlink_overrun(struct sock *sk)
sk->sk_error_report(sk);
}
}
@@ -91515,8 +93597,8 @@ index 1e3fd5b..ad397ea 100644
+ atomic_inc_unchecked(&sk->sk_drops);
}
- static struct sock *netlink_getsockbyportid(struct sock *ssk, u32 portid)
-@@ -2063,7 +2063,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
+ static void netlink_rcv_wake(struct sock *sk)
+@@ -2771,7 +2771,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v)
sk_wmem_alloc_get(s),
nlk->cb,
atomic_read(&s->sk_refcnt),
@@ -91526,10 +93608,10 @@ index 1e3fd5b..ad397ea 100644
);
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
-index 5a55be3..7630745 100644
+index 1076fe1..8285fd7 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
-@@ -296,18 +296,20 @@ int genl_register_ops(struct genl_family *family, struct genl_ops *ops)
+@@ -310,18 +310,20 @@ int genl_register_ops(struct genl_family *family, struct genl_ops *ops)
goto errout;
}
@@ -91545,41 +93627,54 @@ index 5a55be3..7630745 100644
+ *(unsigned int *)&ops->flags |= GENL_CMD_CAP_HASPOL;
+ pax_close_kernel();
- genl_lock();
+ genl_lock_all();
- list_add_tail(&ops->ops_list, &family->ops_list);
+ pax_list_add_tail((struct list_head *)&ops->ops_list, &family->ops_list);
- genl_unlock();
+ genl_unlock_all();
- genl_ctrl_event(CTRL_CMD_NEWOPS, ops);
+ genl_ctrl_event(CTRL_CMD_NEWOPS, (void *)ops);
err = 0;
errout:
return err;
-@@ -337,9 +339,9 @@ int genl_unregister_ops(struct genl_family *family, struct genl_ops *ops)
- genl_lock();
+@@ -351,9 +353,9 @@ int genl_unregister_ops(struct genl_family *family, struct genl_ops *ops)
+ genl_lock_all();
list_for_each_entry(rc, &family->ops_list, ops_list) {
if (rc == ops) {
- list_del(&ops->ops_list);
+ pax_list_del((struct list_head *)&ops->ops_list);
- genl_unlock();
+ genl_unlock_all();
- genl_ctrl_event(CTRL_CMD_DELOPS, ops);
+ genl_ctrl_event(CTRL_CMD_DELOPS, (void *)ops);
return 0;
}
}
+@@ -789,6 +791,10 @@ static int ctrl_dumpfamily(struct sk_buff *skb, struct netlink_callback *cb)
+ struct net *net = sock_net(skb->sk);
+ int chains_to_skip = cb->args[0];
+ int fams_to_skip = cb->args[1];
++ bool need_locking = chains_to_skip || fams_to_skip;
++
++ if (need_locking)
++ genl_lock();
+
+ for (i = chains_to_skip; i < GENL_FAM_TAB_SIZE; i++) {
+ n = 0;
+@@ -810,6 +816,9 @@ errout:
+ cb->args[0] = i;
+ cb->args[1] = n;
+
++ if (need_locking)
++ genl_unlock();
++
+ return skb->len;
+ }
+
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
-index 103bd70..f21aad3 100644
+index ec0c80f..41e1830 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
-@@ -834,6 +834,7 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr,
- struct sock *sk = sock->sk;
- struct nr_sock *nr = nr_sk(sk);
-
-+ memset(sax, 0, sizeof(*sax));
- lock_sock(sk);
- if (peer != 0) {
- if (sk->sk_state != TCP_ESTABLISHED) {
-@@ -848,7 +849,6 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr,
+@@ -850,7 +850,6 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr,
*uaddr_len = sizeof(struct full_sockaddr_ax25);
} else {
sax->fsa_ax25.sax25_family = AF_NETROM;
@@ -91588,28 +93683,28 @@ index 103bd70..f21aad3 100644
*uaddr_len = sizeof(struct sockaddr_ax25);
}
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
-index e50f72a..f71867d 100644
+index 20a1bd0..bb8f1c1 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
-@@ -1578,7 +1578,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -1681,7 +1681,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
spin_lock(&sk->sk_receive_queue.lock);
- po->stats.tp_packets++;
+ po->stats.stats1.tp_packets++;
- skb->dropcount = atomic_read(&sk->sk_drops);
+ skb->dropcount = atomic_read_unchecked(&sk->sk_drops);
__skb_queue_tail(&sk->sk_receive_queue, skb);
spin_unlock(&sk->sk_receive_queue.lock);
sk->sk_data_ready(sk, skb->len);
-@@ -1587,7 +1587,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
+@@ -1690,7 +1690,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev,
drop_n_acct:
spin_lock(&sk->sk_receive_queue.lock);
- po->stats.tp_drops++;
+ po->stats.stats1.tp_drops++;
- atomic_inc(&sk->sk_drops);
+ atomic_inc_unchecked(&sk->sk_drops);
spin_unlock(&sk->sk_receive_queue.lock);
drop_n_restore:
-@@ -2579,6 +2579,7 @@ out:
+@@ -2640,6 +2640,7 @@ out:
static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
{
@@ -91617,7 +93712,7 @@ index e50f72a..f71867d 100644
struct sock_exterr_skb *serr;
struct sk_buff *skb, *skb2;
int copied, err;
-@@ -2600,8 +2601,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
+@@ -2661,8 +2662,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len)
sock_recv_timestamp(msg, sk, skb);
serr = SKB_EXT_ERR(skb);
@@ -91628,7 +93723,7 @@ index e50f72a..f71867d 100644
msg->msg_flags |= MSG_ERRQUEUE;
err = copied;
-@@ -3225,7 +3227,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3281,7 +3283,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
case PACKET_HDRLEN:
if (len > sizeof(int))
len = sizeof(int);
@@ -91637,7 +93732,7 @@ index e50f72a..f71867d 100644
return -EFAULT;
switch (val) {
case TPACKET_V1:
-@@ -3267,7 +3269,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
+@@ -3324,7 +3326,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname,
len = lv;
if (put_user(len, optlen))
return -EFAULT;
@@ -92142,142 +94237,6 @@ index f226709..0e735a8 100644
_proto("Tx RESPONSE %%%u", ntohl(hdr->serial));
ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len);
-diff --git a/net/sched/sch_qfq.c b/net/sched/sch_qfq.c
-index d51852b..5792252 100644
---- a/net/sched/sch_qfq.c
-+++ b/net/sched/sch_qfq.c
-@@ -113,7 +113,6 @@
-
- #define FRAC_BITS 30 /* fixed point arithmetic */
- #define ONE_FP (1UL << FRAC_BITS)
--#define IWSUM (ONE_FP/QFQ_MAX_WSUM)
-
- #define QFQ_MTU_SHIFT 16 /* to support TSO/GSO */
- #define QFQ_MIN_LMAX 512 /* see qfq_slot_insert */
-@@ -189,6 +188,7 @@ struct qfq_sched {
- struct qfq_aggregate *in_serv_agg; /* Aggregate being served. */
- u32 num_active_agg; /* Num. of active aggregates */
- u32 wsum; /* weight sum */
-+ u32 iwsum; /* inverse weight sum */
-
- unsigned long bitmaps[QFQ_MAX_STATE]; /* Group bitmaps. */
- struct qfq_group groups[QFQ_MAX_INDEX + 1]; /* The groups. */
-@@ -314,6 +314,7 @@ static void qfq_update_agg(struct qfq_sched *q, struct qfq_aggregate *agg,
-
- q->wsum +=
- (int) agg->class_weight * (new_num_classes - agg->num_classes);
-+ q->iwsum = ONE_FP / q->wsum;
-
- agg->num_classes = new_num_classes;
- }
-@@ -340,6 +341,10 @@ static void qfq_destroy_agg(struct qfq_sched *q, struct qfq_aggregate *agg)
- {
- if (!hlist_unhashed(&agg->nonfull_next))
- hlist_del_init(&agg->nonfull_next);
-+ q->wsum -= agg->class_weight;
-+ if (q->wsum != 0)
-+ q->iwsum = ONE_FP / q->wsum;
-+
- if (q->in_serv_agg == agg)
- q->in_serv_agg = qfq_choose_next_agg(q);
- kfree(agg);
-@@ -827,38 +832,60 @@ static void qfq_make_eligible(struct qfq_sched *q)
- }
- }
-
--
- /*
-- * The index of the slot in which the aggregate is to be inserted must
-- * not be higher than QFQ_MAX_SLOTS-2. There is a '-2' and not a '-1'
-- * because the start time of the group may be moved backward by one
-- * slot after the aggregate has been inserted, and this would cause
-- * non-empty slots to be right-shifted by one position.
-+ * The index of the slot in which the input aggregate agg is to be
-+ * inserted must not be higher than QFQ_MAX_SLOTS-2. There is a '-2'
-+ * and not a '-1' because the start time of the group may be moved
-+ * backward by one slot after the aggregate has been inserted, and
-+ * this would cause non-empty slots to be right-shifted by one
-+ * position.
-+ *
-+ * QFQ+ fully satisfies this bound to the slot index if the parameters
-+ * of the classes are not changed dynamically, and if QFQ+ never
-+ * happens to postpone the service of agg unjustly, i.e., it never
-+ * happens that the aggregate becomes backlogged and eligible, or just
-+ * eligible, while an aggregate with a higher approximated finish time
-+ * is being served. In particular, in this case QFQ+ guarantees that
-+ * the timestamps of agg are low enough that the slot index is never
-+ * higher than 2. Unfortunately, QFQ+ cannot provide the same
-+ * guarantee if it happens to unjustly postpone the service of agg, or
-+ * if the parameters of some class are changed.
-+ *
-+ * As for the first event, i.e., an out-of-order service, the
-+ * upper bound to the slot index guaranteed by QFQ+ grows to
-+ * 2 +
-+ * QFQ_MAX_AGG_CLASSES * ((1<<QFQ_MTU_SHIFT)/QFQ_MIN_LMAX) *
-+ * (current_max_weight/current_wsum) <= 2 + 8 * 128 * 1.
- *
-- * If the weight and lmax (max_pkt_size) of the classes do not change,
-- * then QFQ+ does meet the above contraint according to the current
-- * values of its parameters. In fact, if the weight and lmax of the
-- * classes do not change, then, from the theory, QFQ+ guarantees that
-- * the slot index is never higher than
-- * 2 + QFQ_MAX_AGG_CLASSES * ((1<<QFQ_MTU_SHIFT)/QFQ_MIN_LMAX) *
-- * (QFQ_MAX_WEIGHT/QFQ_MAX_WSUM) = 2 + 8 * 128 * (1 / 64) = 18
-+ * The following function deals with this problem by backward-shifting
-+ * the timestamps of agg, if needed, so as to guarantee that the slot
-+ * index is never higher than QFQ_MAX_SLOTS-2. This backward-shift may
-+ * cause the service of other aggregates to be postponed, yet the
-+ * worst-case guarantees of these aggregates are not violated. In
-+ * fact, in case of no out-of-order service, the timestamps of agg
-+ * would have been even lower than they are after the backward shift,
-+ * because QFQ+ would have guaranteed a maximum value equal to 2 for
-+ * the slot index, and 2 < QFQ_MAX_SLOTS-2. Hence the aggregates whose
-+ * service is postponed because of the backward-shift would have
-+ * however waited for the service of agg before being served.
- *
-- * When the weight of a class is increased or the lmax of the class is
-- * decreased, a new aggregate with smaller slot size than the original
-- * parent aggregate of the class may happen to be activated. The
-- * activation of this aggregate should be properly delayed to when the
-- * service of the class has finished in the ideal system tracked by
-- * QFQ+. If the activation of the aggregate is not delayed to this
-- * reference time instant, then this aggregate may be unjustly served
-- * before other aggregates waiting for service. This may cause the
-- * above bound to the slot index to be violated for some of these
-- * unlucky aggregates.
-+ * The other event that may cause the slot index to be higher than 2
-+ * for agg is a recent change of the parameters of some class. If the
-+ * weight of a class is increased or the lmax (max_pkt_size) of the
-+ * class is decreased, then a new aggregate with smaller slot size
-+ * than the original parent aggregate of the class may happen to be
-+ * activated. The activation of this aggregate should be properly
-+ * delayed to when the service of the class has finished in the ideal
-+ * system tracked by QFQ+. If the activation of the aggregate is not
-+ * delayed to this reference time instant, then this aggregate may be
-+ * unjustly served before other aggregates waiting for service. This
-+ * may cause the above bound to the slot index to be violated for some
-+ * of these unlucky aggregates.
- *
- * Instead of delaying the activation of the new aggregate, which is
-- * quite complex, the following inaccurate but simple solution is used:
-- * if the slot index is higher than QFQ_MAX_SLOTS-2, then the
-- * timestamps of the aggregate are shifted backward so as to let the
-- * slot index become equal to QFQ_MAX_SLOTS-2.
-+ * quite complex, the above-discussed capping of the slot index is
-+ * used to handle also the consequences of a change of the parameters
-+ * of a class.
- */
- static void qfq_slot_insert(struct qfq_group *grp, struct qfq_aggregate *agg,
- u64 roundedS)
-@@ -1077,7 +1104,7 @@ static struct sk_buff *qfq_dequeue(struct Qdisc *sch)
- else
- in_serv_agg->budget -= len;
-
-- q->V += (u64)len * IWSUM;
-+ q->V += (u64)len * q->iwsum;
- pr_debug("qfq dequeue: len %u F %lld now %lld\n",
- len, (unsigned long long) in_serv_agg->F,
- (unsigned long long) q->V);
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index 391a245..296b3d7 100644
--- a/net/sctp/ipv6.c
@@ -92309,24 +94268,11 @@ index 391a245..296b3d7 100644
}
/* Initialize IPv6 support and register with socket layer. */
-diff --git a/net/sctp/probe.c b/net/sctp/probe.c
-index ad0dba8..e62c225 100644
---- a/net/sctp/probe.c
-+++ b/net/sctp/probe.c
-@@ -63,7 +63,7 @@ static struct {
- struct timespec tstart;
- } sctpw;
-
--static void printl(const char *fmt, ...)
-+static __printf(1, 2) void printl(const char *fmt, ...)
- {
- va_list args;
- int len;
diff --git a/net/sctp/proc.c b/net/sctp/proc.c
-index ab3bba8..2fbab4e 100644
+index 4e45ee3..e66a031 100644
--- a/net/sctp/proc.c
+++ b/net/sctp/proc.c
-@@ -336,7 +336,8 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v)
+@@ -337,7 +337,8 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v)
seq_printf(seq,
"%8pK %8pK %-3d %-3d %-2d %-4d "
"%4d %8d %8d %7d %5lu %-5d %5d ",
@@ -92337,7 +94283,7 @@ index ab3bba8..2fbab4e 100644
assoc->assoc_id,
assoc->sndbuf_used,
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
-index 1c2e46c..f91cf5e 100644
+index eaee00c..97c0afd 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -834,8 +834,10 @@ int sctp_register_af(struct sctp_af *af)
@@ -92393,10 +94339,10 @@ index 8aab894..f6b7e7d 100644
sctp_generate_t1_cookie_event,
sctp_generate_t1_init_event,
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
-index 02c43e4..7bea2ca 100644
+index 6abb1ca..1678f8b 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
-@@ -2166,11 +2166,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
+@@ -2167,11 +2167,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
{
struct sctp_association *asoc;
struct sctp_ulpevent *event;
@@ -92411,7 +94357,7 @@ index 02c43e4..7bea2ca 100644
/*
* At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT,
-@@ -4221,13 +4223,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len,
+@@ -4222,13 +4224,16 @@ static int sctp_getsockopt_disable_fragments(struct sock *sk, int len,
static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
int __user *optlen)
{
@@ -92429,7 +94375,7 @@ index 02c43e4..7bea2ca 100644
return -EFAULT;
return 0;
}
-@@ -4245,6 +4250,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
+@@ -4246,6 +4251,8 @@ static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
*/
static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen)
{
@@ -92438,7 +94384,7 @@ index 02c43e4..7bea2ca 100644
/* Applicable to UDP-style socket only */
if (sctp_style(sk, TCP))
return -EOPNOTSUPP;
-@@ -4253,7 +4260,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv
+@@ -4254,7 +4261,8 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv
len = sizeof(int);
if (put_user(len, optlen))
return -EFAULT;
@@ -92448,7 +94394,7 @@ index 02c43e4..7bea2ca 100644
return -EFAULT;
return 0;
}
-@@ -4625,12 +4633,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len,
+@@ -4626,12 +4634,15 @@ static int sctp_getsockopt_delayed_ack(struct sock *sk, int len,
*/
static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen)
{
@@ -92465,7 +94411,7 @@ index 02c43e4..7bea2ca 100644
return -EFAULT;
return 0;
}
-@@ -4671,6 +4682,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
+@@ -4672,6 +4683,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len;
if (space_left < addrlen)
return -ENOMEM;
@@ -92496,8 +94442,27 @@ index bf3c6e8..376d8d0 100644
int i;
table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
+diff --git a/net/sctp/transport.c b/net/sctp/transport.c
+index 098f1d5f..60da2f7 100644
+--- a/net/sctp/transport.c
++++ b/net/sctp/transport.c
+@@ -178,12 +178,12 @@ static void sctp_transport_destroy(struct sctp_transport *transport)
+ {
+ SCTP_ASSERT(transport->dead, "Transport is not dead", return);
+
+- call_rcu(&transport->rcu, sctp_transport_destroy_rcu);
+-
+ sctp_packet_free(&transport->packet);
+
+ if (transport->asoc)
+ sctp_association_put(transport->asoc);
++
++ call_rcu(&transport->rcu, sctp_transport_destroy_rcu);
+ }
+
+ /* Start T3_rtx timer if it is not already running and update the heartbeat
diff --git a/net/socket.c b/net/socket.c
-index e216502..74be616 100644
+index 4ca1526..df83e47 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -88,6 +88,7 @@
@@ -92526,7 +94491,7 @@ index e216502..74be616 100644
static struct file_system_type sock_fs_type = {
.name = "sockfs",
-@@ -1268,6 +1271,8 @@ int __sock_create(struct net *net, int family, int type, int protocol,
+@@ -1246,6 +1249,8 @@ int __sock_create(struct net *net, int family, int type, int protocol,
return -EAFNOSUPPORT;
if (type < 0 || type >= SOCK_MAX)
return -EINVAL;
@@ -92535,7 +94500,7 @@ index e216502..74be616 100644
/* Compatibility.
-@@ -1399,6 +1404,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
+@@ -1377,6 +1382,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
@@ -92552,7 +94517,7 @@ index e216502..74be616 100644
retval = sock_create(family, type, protocol, &sock);
if (retval < 0)
goto out;
-@@ -1526,6 +1541,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
+@@ -1504,6 +1519,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
if (sock) {
err = move_addr_to_kernel(umyaddr, addrlen, &address);
if (err >= 0) {
@@ -92567,7 +94532,7 @@ index e216502..74be616 100644
err = security_socket_bind(sock,
(struct sockaddr *)&address,
addrlen);
-@@ -1534,6 +1557,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
+@@ -1512,6 +1535,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
(struct sockaddr *)
&address, addrlen);
}
@@ -92575,7 +94540,7 @@ index e216502..74be616 100644
fput_light(sock->file, fput_needed);
}
return err;
-@@ -1557,10 +1581,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog)
+@@ -1535,10 +1559,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog)
if ((unsigned int)backlog > somaxconn)
backlog = somaxconn;
@@ -92596,7 +94561,7 @@ index e216502..74be616 100644
fput_light(sock->file, fput_needed);
}
return err;
-@@ -1604,6 +1638,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
+@@ -1582,6 +1616,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
newsock->type = sock->type;
newsock->ops = sock->ops;
@@ -92615,7 +94580,7 @@ index e216502..74be616 100644
/*
* We don't need try_module_get here, as the listening socket (sock)
* has the protocol module (sock->ops->owner) held.
-@@ -1649,6 +1695,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
+@@ -1627,6 +1673,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
fd_install(newfd, newfile);
err = newfd;
@@ -92624,7 +94589,7 @@ index e216502..74be616 100644
out_put:
fput_light(sock->file, fput_needed);
out:
-@@ -1681,6 +1729,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
+@@ -1659,6 +1707,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
int, addrlen)
{
struct socket *sock;
@@ -92632,7 +94597,7 @@ index e216502..74be616 100644
struct sockaddr_storage address;
int err, fput_needed;
-@@ -1691,6 +1740,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
+@@ -1669,6 +1718,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
if (err < 0)
goto out_put;
@@ -92650,7 +94615,7 @@ index e216502..74be616 100644
err =
security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
if (err)
-@@ -1772,6 +1832,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
+@@ -1750,6 +1810,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
* the protocol.
*/
@@ -92659,7 +94624,7 @@ index e216502..74be616 100644
SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
unsigned int, flags, struct sockaddr __user *, addr,
int, addr_len)
-@@ -1838,7 +1900,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
+@@ -1816,7 +1878,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
struct socket *sock;
struct iovec iov;
struct msghdr msg;
@@ -92668,7 +94633,7 @@ index e216502..74be616 100644
int err, err2;
int fput_needed;
-@@ -2045,7 +2107,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2023,7 +2085,7 @@ static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
* checking falls down on this.
*/
if (copy_from_user(ctl_buf,
@@ -92677,7 +94642,7 @@ index e216502..74be616 100644
ctl_len))
goto out_freectl;
msg_sys->msg_control = ctl_buf;
-@@ -2196,7 +2258,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2174,7 +2236,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
int err, total_len, len;
/* kernel mode address */
@@ -92686,7 +94651,7 @@ index e216502..74be616 100644
/* user mode address pointers */
struct sockaddr __user *uaddr;
-@@ -2224,7 +2286,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+@@ -2202,7 +2264,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
* kernel msghdr to use the kernel address space)
*/
@@ -92695,7 +94660,7 @@ index e216502..74be616 100644
uaddr_len = COMPAT_NAMELEN(msg);
if (MSG_CMSG_COMPAT & flags) {
err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
-@@ -2975,7 +3037,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
+@@ -2955,7 +3017,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
err = dev_ioctl(net, cmd,
@@ -92704,7 +94669,7 @@ index e216502..74be616 100644
set_fs(old_fs);
return err;
-@@ -3084,7 +3146,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
+@@ -3064,7 +3126,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -92713,7 +94678,7 @@ index e216502..74be616 100644
set_fs(old_fs);
if (cmd == SIOCGIFMAP && !err) {
-@@ -3189,7 +3251,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
+@@ -3169,7 +3231,7 @@ static int routing_ioctl(struct net *net, struct socket *sock,
ret |= __get_user(rtdev, &(ur4->rt_dev));
if (rtdev) {
ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
@@ -92722,7 +94687,7 @@ index e216502..74be616 100644
devname[15] = 0;
} else
r4.rt_dev = NULL;
-@@ -3415,8 +3477,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
+@@ -3395,8 +3457,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname,
int __user *uoptlen;
int err;
@@ -92733,7 +94698,7 @@ index e216502..74be616 100644
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
-@@ -3436,7 +3498,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
+@@ -3416,7 +3478,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname,
char __user *uoptval;
int err;
@@ -92743,10 +94708,10 @@ index e216502..74be616 100644
set_fs(KERNEL_DS);
if (level == SOL_SOCKET)
diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c
-index d5f35f1..da2680b5 100644
+index 426f8fc..1ef9c32 100644
--- a/net/sunrpc/clnt.c
+++ b/net/sunrpc/clnt.c
-@@ -1283,7 +1283,9 @@ call_start(struct rpc_task *task)
+@@ -1288,7 +1288,9 @@ call_start(struct rpc_task *task)
(RPC_IS_ASYNC(task) ? "async" : "sync"));
/* Increment call count */
@@ -92908,58 +94873,6 @@ index 8343737..677025e 100644
.mode = 0644,
.proc_handler = read_reset_stat,
},
-diff --git a/net/sunrpc/xprtrdma/svc_rdma_marshal.c b/net/sunrpc/xprtrdma/svc_rdma_marshal.c
-index 8d2eddd..65b1462 100644
---- a/net/sunrpc/xprtrdma/svc_rdma_marshal.c
-+++ b/net/sunrpc/xprtrdma/svc_rdma_marshal.c
-@@ -98,6 +98,7 @@ void svc_rdma_rcl_chunk_counts(struct rpcrdma_read_chunk *ch,
- */
- static u32 *decode_write_list(u32 *va, u32 *vaend)
- {
-+ unsigned long start, end;
- int nchunks;
-
- struct rpcrdma_write_array *ary =
-@@ -113,9 +114,12 @@ static u32 *decode_write_list(u32 *va, u32 *vaend)
- return NULL;
- }
- nchunks = ntohl(ary->wc_nchunks);
-- if (((unsigned long)&ary->wc_array[0] +
-- (sizeof(struct rpcrdma_write_chunk) * nchunks)) >
-- (unsigned long)vaend) {
-+
-+ start = (unsigned long)&ary->wc_array[0];
-+ end = (unsigned long)vaend;
-+ if (nchunks < 0 ||
-+ nchunks > (SIZE_MAX - start) / sizeof(struct rpcrdma_write_chunk) ||
-+ (start + (sizeof(struct rpcrdma_write_chunk) * nchunks)) > end) {
- dprintk("svcrdma: ary=%p, wc_nchunks=%d, vaend=%p\n",
- ary, nchunks, vaend);
- return NULL;
-@@ -129,6 +133,7 @@ static u32 *decode_write_list(u32 *va, u32 *vaend)
-
- static u32 *decode_reply_array(u32 *va, u32 *vaend)
- {
-+ unsigned long start, end;
- int nchunks;
- struct rpcrdma_write_array *ary =
- (struct rpcrdma_write_array *)va;
-@@ -143,9 +148,12 @@ static u32 *decode_reply_array(u32 *va, u32 *vaend)
- return NULL;
- }
- nchunks = ntohl(ary->wc_nchunks);
-- if (((unsigned long)&ary->wc_array[0] +
-- (sizeof(struct rpcrdma_write_chunk) * nchunks)) >
-- (unsigned long)vaend) {
-+
-+ start = (unsigned long)&ary->wc_array[0];
-+ end = (unsigned long)vaend;
-+ if (nchunks < 0 ||
-+ nchunks > (SIZE_MAX - start) / sizeof(struct rpcrdma_write_chunk) ||
-+ (start + (sizeof(struct rpcrdma_write_chunk) * nchunks)) > end) {
- dprintk("svcrdma: ary=%p, wc_nchunks=%d, vaend=%p\n",
- ary, nchunks, vaend);
- return NULL;
diff --git a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
index 0ce7552..d074459 100644
--- a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c
@@ -93067,7 +94980,7 @@ index 9bc6db0..47ac8c0 100644
int mode = (table->mode >> 6) & 7;
return (mode << 6) | (mode << 3) | mode;
diff --git a/net/tipc/link.c b/net/tipc/link.c
-index daa6080..2bbbe70 100644
+index a80feee..2bbbe70 100644
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -1201,7 +1201,7 @@ static int link_send_sections_long(struct tipc_port *sender,
@@ -93097,38 +95010,6 @@ index daa6080..2bbbe70 100644
sect_crs += sz;
sect_rest -= sz;
fragm_crs += sz;
-@@ -2306,8 +2306,11 @@ static int link_recv_changeover_msg(struct tipc_link **l_ptr,
- struct tipc_msg *tunnel_msg = buf_msg(tunnel_buf);
- u32 msg_typ = msg_type(tunnel_msg);
- u32 msg_count = msg_msgcnt(tunnel_msg);
-+ u32 bearer_id = msg_bearer_id(tunnel_msg);
-
-- dest_link = (*l_ptr)->owner->links[msg_bearer_id(tunnel_msg)];
-+ if (bearer_id >= MAX_BEARERS)
-+ goto exit;
-+ dest_link = (*l_ptr)->owner->links[bearer_id];
- if (!dest_link)
- goto exit;
- if (dest_link == *l_ptr) {
-@@ -2521,14 +2524,16 @@ int tipc_link_recv_fragment(struct sk_buff **pending, struct sk_buff **fb,
- struct tipc_msg *imsg = (struct tipc_msg *)msg_data(fragm);
- u32 msg_sz = msg_size(imsg);
- u32 fragm_sz = msg_data_sz(fragm);
-- u32 exp_fragm_cnt = msg_sz/fragm_sz + !!(msg_sz % fragm_sz);
-+ u32 exp_fragm_cnt;
- u32 max = TIPC_MAX_USER_MSG_SIZE + NAMED_H_SIZE;
-+
- if (msg_type(imsg) == TIPC_MCAST_MSG)
- max = TIPC_MAX_USER_MSG_SIZE + MCAST_H_SIZE;
-- if (msg_size(imsg) > max) {
-+ if (fragm_sz == 0 || msg_size(imsg) > max) {
- kfree_skb(fbuf);
- return 0;
- }
-+ exp_fragm_cnt = msg_sz / fragm_sz + !!(msg_sz % fragm_sz);
- pbuf = tipc_buf_acquire(msg_size(imsg));
- if (pbuf != NULL) {
- pbuf->next = *pending;
diff --git a/net/tipc/msg.c b/net/tipc/msg.c
index f2db8a8..9245aa4 100644
--- a/net/tipc/msg.c
@@ -93156,7 +95037,7 @@ index 6b42d47..2ac24d5 100644
sub->evt.event = htohl(event, sub->swap);
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
-index 2db702d..09a77488 100644
+index 826e099..4fa8c93 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -783,6 +783,12 @@ static struct sock *unix_find_other(struct net *net,
@@ -93205,7 +95086,7 @@ index 2db702d..09a77488 100644
done_path_create(&path, dentry);
return err;
}
-@@ -2323,9 +2342,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2324,9 +2343,13 @@ static int unix_seq_show(struct seq_file *seq, void *v)
seq_puts(seq, "Num RefCount Protocol Flags Type St "
"Inode Path\n");
else {
@@ -93220,7 +95101,7 @@ index 2db702d..09a77488 100644
seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu",
s,
-@@ -2352,8 +2375,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
+@@ -2353,8 +2376,10 @@ static int unix_seq_show(struct seq_file *seq, void *v)
}
for ( ; i < len; i++)
seq_putc(seq, u->addr->name->sun_path[i]);
@@ -93246,6 +95127,19 @@ index 8800604..0526440 100644
table = kmemdup(unix_table, sizeof(unix_table), GFP_KERNEL);
if (table == NULL)
+diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
+index 3f77f42..662d89b 100644
+--- a/net/vmw_vsock/af_vsock.c
++++ b/net/vmw_vsock/af_vsock.c
+@@ -335,7 +335,7 @@ void vsock_for_each_connected_socket(void (*fn)(struct sock *sk))
+ for (i = 0; i < ARRAY_SIZE(vsock_connected_table); i++) {
+ struct vsock_sock *vsk;
+ list_for_each_entry(vsk, &vsock_connected_table[i],
+- connected_table);
++ connected_table)
+ fn(sk_vsock(vsk));
+ }
+
diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c
index c8717c1..08539f5 100644
--- a/net/wireless/wext-core.c
@@ -93284,7 +95178,7 @@ index c8717c1..08539f5 100644
iwp->length += essid_compat;
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
-index 167c67d..3f2ae427 100644
+index ea970b8..c68edb9f 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -334,7 +334,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy)
@@ -93305,7 +95199,7 @@ index 167c67d..3f2ae427 100644
rt_genid_bump(net);
if (delpol) {
xfrm_policy_requeue(delpol, policy);
-@@ -1611,7 +1611,7 @@ free_dst:
+@@ -1629,7 +1629,7 @@ free_dst:
goto out;
}
@@ -93314,7 +95208,7 @@ index 167c67d..3f2ae427 100644
xfrm_dst_alloc_copy(void **target, const void *src, int size)
{
if (!*target) {
-@@ -1623,7 +1623,7 @@ xfrm_dst_alloc_copy(void **target, const void *src, int size)
+@@ -1641,7 +1641,7 @@ xfrm_dst_alloc_copy(void **target, const void *src, int size)
return 0;
}
@@ -93323,7 +95217,7 @@ index 167c67d..3f2ae427 100644
xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel)
{
#ifdef CONFIG_XFRM_SUB_POLICY
-@@ -1635,7 +1635,7 @@ xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel)
+@@ -1653,7 +1653,7 @@ xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel)
#endif
}
@@ -93332,7 +95226,7 @@ index 167c67d..3f2ae427 100644
xfrm_dst_update_origin(struct dst_entry *dst, const struct flowi *fl)
{
#ifdef CONFIG_XFRM_SUB_POLICY
-@@ -1729,7 +1729,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols,
+@@ -1747,7 +1747,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols,
xdst->num_pols = num_pols;
memcpy(xdst->pols, pols, sizeof(struct xfrm_policy*) * num_pols);
@@ -93341,7 +95235,7 @@ index 167c67d..3f2ae427 100644
return xdst;
}
-@@ -2598,7 +2598,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first)
+@@ -2618,7 +2618,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first)
if (xdst->xfrm_genid != dst->xfrm->genid)
return 0;
if (xdst->num_pols > 0 &&
@@ -93350,7 +95244,7 @@ index 167c67d..3f2ae427 100644
return 0;
mtu = dst_mtu(dst->child);
-@@ -2686,8 +2686,11 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
+@@ -2706,8 +2706,11 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo)
dst_ops->link_failure = xfrm_link_failure;
if (likely(dst_ops->neigh_lookup == NULL))
dst_ops->neigh_lookup = xfrm_neigh_lookup;
@@ -93364,7 +95258,7 @@ index 167c67d..3f2ae427 100644
rcu_assign_pointer(xfrm_policy_afinfo[afinfo->family], afinfo);
}
spin_unlock(&xfrm_policy_afinfo_lock);
-@@ -2741,7 +2744,9 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo)
+@@ -2761,7 +2764,9 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo)
dst_ops->check = NULL;
dst_ops->negative_advice = NULL;
dst_ops->link_failure = NULL;
@@ -93375,7 +95269,7 @@ index 167c67d..3f2ae427 100644
}
return err;
}
-@@ -3124,7 +3129,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol,
+@@ -3144,7 +3149,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol,
sizeof(pol->xfrm_vec[i].saddr));
pol->xfrm_vec[i].encap_family = mp->new_family;
/* flush bundles */
@@ -93385,7 +95279,7 @@ index 167c67d..3f2ae427 100644
}
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
-index 2c341bd..4404211 100644
+index 78f66fa..9286768 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -177,12 +177,14 @@ int xfrm_register_type(const struct xfrm_type *type, unsigned short family)
@@ -93493,7 +95387,7 @@ index 05a6e3d..6716ec9 100644
__xfrm_sysctl_init(net);
diff --git a/scripts/Makefile.build b/scripts/Makefile.build
-index 0e801c3..5c8ad3b 100644
+index d5d859c..781cbcb 100644
--- a/scripts/Makefile.build
+++ b/scripts/Makefile.build
@@ -111,7 +111,7 @@ endif
@@ -93591,7 +95485,7 @@ index 1ac414f..38575f7 100644
+ $(host-cxxmulti) $(host-cxxobjs) $(host-cshlib) $(host-cshobjs) $(host-cxxshlib) $(host-cxxshobjs)
diff --git a/scripts/basic/fixdep.c b/scripts/basic/fixdep.c
-index 7f6425e..9864506 100644
+index 078fe1d..fbdb363 100644
--- a/scripts/basic/fixdep.c
+++ b/scripts/basic/fixdep.c
@@ -161,7 +161,7 @@ static unsigned int strhash(const char *str, unsigned int sz)
@@ -93628,7 +95522,7 @@ index 7f6425e..9864506 100644
const char *p, *q;
for (; m < end; m++) {
-@@ -406,7 +406,7 @@ static void print_deps(void)
+@@ -435,7 +435,7 @@ static void print_deps(void)
static void traps(void)
{
static char test[] __attribute__((aligned(sizeof(int)))) = "CONF";
@@ -93660,23 +95554,23 @@ index 0000000..5e0222d
+ [[ "$plugincc" =~ "$1" ]] && echo "$1"
+ [[ "$plugincc" =~ "$2" ]] && echo "$2"
+fi
-diff --git a/scripts/headers_install.pl b/scripts/headers_install.pl
-index 581ca99..a6ff02e 100644
---- a/scripts/headers_install.pl
-+++ b/scripts/headers_install.pl
-@@ -35,6 +35,7 @@ foreach my $filename (@files) {
- $line =~ s/([\s(])__user\s/$1/g;
- $line =~ s/([\s(])__force\s/$1/g;
- $line =~ s/([\s(])__iomem\s/$1/g;
-+ $line =~ s/(\s?)__intentional_overflow\([-\d\s,]*\)\s?/$1/g;
- $line =~ s/\s__attribute_const__\s/ /g;
- $line =~ s/\s__attribute_const__$//g;
- $line =~ s/\b__packed\b/__attribute__((packed))/g;
+diff --git a/scripts/headers_install.sh b/scripts/headers_install.sh
+index 643764f..6cc0137 100644
+--- a/scripts/headers_install.sh
++++ b/scripts/headers_install.sh
+@@ -29,6 +29,7 @@ do
+ FILE="$(basename "$i")"
+ sed -r \
+ -e 's/([ \t(])(__user|__force|__iomem)[ \t]/\1/g' \
++ -e 's/__intentional_overflow\([- \t,0-9]*\)//g' \
+ -e 's/__attribute_const__([ \t]|$)/\1/g' \
+ -e 's@^#include <linux/compiler.h>@@' \
+ -e 's/(^|[^a-zA-Z0-9])__packed([^a-zA-Z0-9_]|$)/\1__attribute__((packed))\2/g' \
diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh
-index 3d569d6..0c09522 100644
+index 0149949..d482a0d 100644
--- a/scripts/link-vmlinux.sh
+++ b/scripts/link-vmlinux.sh
-@@ -159,7 +159,7 @@ else
+@@ -158,7 +158,7 @@ else
fi;
# final build of init/
@@ -93686,7 +95580,7 @@ index 3d569d6..0c09522 100644
kallsymso=""
kallsyms_vmlinux=""
diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c
-index 771ac17..9f0d3ee 100644
+index 45f9a33..e4194b3 100644
--- a/scripts/mod/file2alias.c
+++ b/scripts/mod/file2alias.c
@@ -140,7 +140,7 @@ static void device_id_check(const char *modname, const char *device_id,
@@ -93753,10 +95647,10 @@ index 771ac17..9f0d3ee 100644
sprintf(alias, "dmi*");
diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c
-index 78b30c1..536850d 100644
+index a4be8e1..6e8a5fb 100644
--- a/scripts/mod/modpost.c
+++ b/scripts/mod/modpost.c
-@@ -931,6 +931,7 @@ enum mismatch {
+@@ -933,6 +933,7 @@ enum mismatch {
ANY_INIT_TO_ANY_EXIT,
ANY_EXIT_TO_ANY_INIT,
EXPORT_TO_INIT_EXIT,
@@ -93764,7 +95658,7 @@ index 78b30c1..536850d 100644
};
struct sectioncheck {
-@@ -1045,6 +1046,12 @@ const struct sectioncheck sectioncheck[] = {
+@@ -1047,6 +1048,12 @@ const struct sectioncheck sectioncheck[] = {
.tosec = { INIT_SECTIONS, EXIT_SECTIONS, NULL },
.mismatch = EXPORT_TO_INIT_EXIT,
.symbol_white_list = { DEFAULT_SYMBOL_WHITE_LIST, NULL },
@@ -93777,7 +95671,7 @@ index 78b30c1..536850d 100644
}
};
-@@ -1167,10 +1174,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr,
+@@ -1169,10 +1176,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr,
continue;
if (ELF_ST_TYPE(sym->st_info) == STT_SECTION)
continue;
@@ -93790,7 +95684,7 @@ index 78b30c1..536850d 100644
if (d < 0)
d = addr - sym->st_value;
if (d < distance) {
-@@ -1449,6 +1456,14 @@ static void report_sec_mismatch(const char *modname,
+@@ -1451,6 +1458,14 @@ static void report_sec_mismatch(const char *modname,
tosym, prl_to, prl_to, tosym);
free(prl_to);
break;
@@ -93805,7 +95699,7 @@ index 78b30c1..536850d 100644
}
fprintf(stderr, "\n");
}
-@@ -1683,7 +1698,7 @@ static void section_rel(const char *modname, struct elf_info *elf,
+@@ -1685,7 +1700,7 @@ static void section_rel(const char *modname, struct elf_info *elf,
static void check_sec_ref(struct module *mod, const char *modname,
struct elf_info *elf)
{
@@ -93814,7 +95708,7 @@ index 78b30c1..536850d 100644
Elf_Shdr *sechdrs = elf->sechdrs;
/* Walk through all sections */
-@@ -1781,7 +1796,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf,
+@@ -1804,7 +1819,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf,
va_end(ap);
}
@@ -93823,7 +95717,7 @@ index 78b30c1..536850d 100644
{
if (buf->size - buf->pos < len) {
buf->size += len + SZ;
-@@ -1999,7 +2014,7 @@ static void write_if_changed(struct buffer *b, const char *fname)
+@@ -2023,7 +2038,7 @@ static void write_if_changed(struct buffer *b, const char *fname)
if (fstat(fileno(file), &st) < 0)
goto close_write;
@@ -93928,10 +95822,10 @@ index f5eb43d..1814de8 100644
shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff));
shstrtab_sec = shdr + r2(&ehdr->e_shstrndx);
diff --git a/security/Kconfig b/security/Kconfig
-index e9c6ac7..66bf8e9 100644
+index e9c6ac7..3e3f362 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,945 @@
+@@ -4,6 +4,959 @@
menu "Security options"
@@ -94299,7 +96193,7 @@ index e9c6ac7..66bf8e9 100644
+config PAX_NOEXEC
+ bool "Enforce non-executable pages"
+ default y if GRKERNSEC_CONFIG_AUTO
-+ depends on ALPHA || (ARM && (CPU_V6 || CPU_V7)) || IA64 || MIPS || PARISC || PPC || S390 || SPARC || X86
++ depends on ALPHA || (ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || IA64 || MIPS || PARISC || PPC || S390 || SPARC || X86
+ help
+ By design some architectures do not allow for protecting memory
+ pages against execution or even if they do, Linux does not make
@@ -94329,8 +96223,6 @@ index e9c6ac7..66bf8e9 100644
+ bool "Paging based non-executable pages"
+ default y if GRKERNSEC_CONFIG_AUTO
+ depends on PAX_NOEXEC && (!X86_32 || M586 || M586TSC || M586MMX || M686 || MPENTIUMII || MPENTIUMIII || MPENTIUMM || MCORE2 || MATOM || MPENTIUM4 || MPSC || MK7 || MK8 || MWINCHIPC6 || MWINCHIP2 || MWINCHIP3D || MVIAC3_2 || MVIAC7)
-+ select S390_SWITCH_AMODE if S390
-+ select S390_EXEC_PROTECT if S390
+ select ARCH_TRACK_EXEC_LIMIT if X86_32
+ help
+ This implementation is based on the paging feature of the CPU.
@@ -94512,7 +96404,7 @@ index e9c6ac7..66bf8e9 100644
+config PAX_KERNEXEC
+ bool "Enforce non-executable kernel pages"
+ default y if GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_NONE || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_GUEST) || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_KVM))
-+ depends on (X86 || (ARM && (CPU_V6 || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN
++ depends on (X86 || (ARM && (CPU_V6 || CPU_V6K || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN
+ select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE)
+ select PAX_KERNEXEC_PLUGIN if X86_64
+ help
@@ -94611,7 +96503,7 @@ index e9c6ac7..66bf8e9 100644
+
+config PAX_RANDKSTACK
+ bool "Randomize kernel stack base"
-+ default y if GRKERNSEC_CONFIG_AUTO
++ default y if GRKERNSEC_CONFIG_AUTO && !(GRKERNSEC_CONFIG_VIRT_HOST && GRKERNSEC_CONFIG_VIRT_VIRTUALBOX)
+ depends on X86_TSC && X86
+ help
+ By saying Y here the kernel will randomize every task's kernel
@@ -94669,21 +96561,32 @@ index e9c6ac7..66bf8e9 100644
+ default y if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_PRIORITY_SECURITY)
+ depends on !HIBERNATION
+ help
-+ By saying Y here the kernel will erase memory pages as soon as they
-+ are freed. This in turn reduces the lifetime of data stored in the
-+ pages, making it less likely that sensitive information such as
-+ passwords, cryptographic secrets, etc stay in memory for too long.
++ By saying Y here the kernel will erase memory pages and slab objects
++ as soon as they are freed. This in turn reduces the lifetime of data
++ stored in them, making it less likely that sensitive information such
++ as passwords, cryptographic secrets, etc stay in memory for too long.
+
+ This is especially useful for programs whose runtime is short, long
+ lived processes and the kernel itself benefit from this as long as
-+ they operate on whole memory pages and ensure timely freeing of pages
-+ that may hold sensitive information.
++ they ensure timely freeing of memory that may hold sensitive
++ information.
++
++ A nice side effect of the sanitization of slab objects is the
++ reduction of possible info leaks caused by padding bytes within the
++ leaky structures. Use-after-free bugs for structures containing
++ pointers can also be detected as dereferencing the sanitized pointer
++ will generate an access violation.
+
+ The tradeoff is performance impact, on a single CPU system kernel
+ compilation sees a 3% slowdown, other systems and workloads may vary
+ and you are advised to test this feature on your expected workload
+ before deploying it.
+
++ To reduce the performance penalty by sanitizing pages only, albeit
++ limiting the effectiveness of this feature at the same time, slab
++ sanitization can be disabled with the kernel commandline parameter
++ "pax_sanitize_slab=0".
++
+ Note that this feature does not protect data stored in live pages,
+ e.g., process memory swapped to disk may stay there for a long time.
+
@@ -94733,7 +96636,7 @@ index e9c6ac7..66bf8e9 100644
+config PAX_MEMORY_UDEREF
+ bool "Prevent invalid userland pointer dereference"
+ default y if GRKERNSEC_CONFIG_AUTO && !(X86_64 && GRKERNSEC_CONFIG_PRIORITY_PERF) && (GRKERNSEC_CONFIG_VIRT_NONE || GRKERNSEC_CONFIG_VIRT_EPT)
-+ depends on (X86 || (ARM && (CPU_V6 || CPU_V7) && !ARM_LPAE)) && !UML_X86 && !XEN
++ depends on (X86 || (ARM && (CPU_V6 || CPU_V6K || CPU_V7) && !ARM_LPAE)) && !UML_X86 && !XEN
+ select PAX_PER_CPU_PGD if X86_64
+ help
+ By saying Y here the kernel will be prevented from dereferencing
@@ -94750,10 +96653,15 @@ index e9c6ac7..66bf8e9 100644
+ VMs running on CPUs without hardware virtualization support (i.e.,
+ the majority of IA-32 CPUs) will likely experience the slowdown.
+
++ On X86_64 the kernel will make use of PCID support when available
++ (Intel's Westmere, Sandy Bridge, etc) for better security (default)
++ or performance impact. Pass pax_weakuderef on the kernel command
++ line to choose the latter.
++
+config PAX_REFCOUNT
+ bool "Prevent various kernel object reference counter overflows"
+ default y if GRKERNSEC_CONFIG_AUTO
-+ depends on GRKERNSEC && ((ARM && (CPU_32v6 || CPU_32v6K || CPU_32v7)) || SPARC64 || X86)
++ depends on GRKERNSEC && ((ARM && (CPU_V6 || CPU_V6K || CPU_V7)) || SPARC64 || X86)
+ help
+ By saying Y here the kernel will detect and prevent overflowing
+ various (but not all) kinds of object reference counters. Such
@@ -94877,7 +96785,7 @@ index e9c6ac7..66bf8e9 100644
source security/keys/Kconfig
config SECURITY_DMESG_RESTRICT
-@@ -103,7 +1042,7 @@ config INTEL_TXT
+@@ -103,7 +1056,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
@@ -95286,10 +97194,10 @@ index d65fa7f..cbfe366 100644
if (iov != iovstack)
kfree(iov);
diff --git a/security/keys/internal.h b/security/keys/internal.h
-index 8bbefc3..299d03f 100644
+index d4f1468..cc52f92 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
-@@ -240,7 +240,7 @@ extern long keyctl_instantiate_key_iov(key_serial_t,
+@@ -242,7 +242,7 @@ extern long keyctl_instantiate_key_iov(key_serial_t,
extern long keyctl_invalidate_key(key_serial_t);
extern long keyctl_instantiate_key_common(key_serial_t,
@@ -95356,10 +97264,10 @@ index 8fb7c7b..ba3610d 100644
/* record the root user tracking */
rb_link_node(&root_key_user.node,
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
-index 4b5c948..2054dc1 100644
+index 33cfd27..842fc5a 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
-@@ -986,7 +986,7 @@ static int keyctl_change_reqkey_auth(struct key *key)
+@@ -987,7 +987,7 @@ static int keyctl_change_reqkey_auth(struct key *key)
/*
* Copy the iovec data from userspace
*/
@@ -95368,7 +97276,7 @@ index 4b5c948..2054dc1 100644
unsigned ioc)
{
for (; ioc > 0; ioc--) {
-@@ -1008,7 +1008,7 @@ static long copy_from_user_iovec(void *buffer, const struct iovec *iov,
+@@ -1009,7 +1009,7 @@ static long copy_from_user_iovec(void *buffer, const struct iovec *iov,
* If successful, 0 will be returned.
*/
long keyctl_instantiate_key_common(key_serial_t id,
@@ -95377,7 +97285,7 @@ index 4b5c948..2054dc1 100644
unsigned ioc,
size_t plen,
key_serial_t ringid)
-@@ -1103,7 +1103,7 @@ long keyctl_instantiate_key(key_serial_t id,
+@@ -1104,7 +1104,7 @@ long keyctl_instantiate_key(key_serial_t id,
[0].iov_len = plen
};
@@ -95386,7 +97294,7 @@ index 4b5c948..2054dc1 100644
}
return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid);
-@@ -1136,7 +1136,7 @@ long keyctl_instantiate_key_iov(key_serial_t id,
+@@ -1137,7 +1137,7 @@ long keyctl_instantiate_key_iov(key_serial_t id,
if (ret == 0)
goto no_payload_free;
@@ -95440,7 +97348,7 @@ index f728728..6457a0c 100644
/*
diff --git a/security/security.c b/security/security.c
-index 03f248b..5710c33 100644
+index a3dce87..9ca1435 100644
--- a/security/security.c
+++ b/security/security.c
@@ -20,6 +20,7 @@
@@ -95473,7 +97381,7 @@ index 03f248b..5710c33 100644
/* Save user chosen LSM */
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index 7171a95..c35e879 100644
+index 5c6f2cd..b4f945c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -96,8 +96,6 @@
@@ -95485,7 +97393,7 @@ index 7171a95..c35e879 100644
/* SECMARK reference count */
static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0);
-@@ -5498,7 +5496,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
+@@ -5529,7 +5527,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
#endif
@@ -95508,7 +97416,7 @@ index 65f67cb..3f141ef 100644
}
#else
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
-index fa64740..bc95b74 100644
+index d52c780..6431349 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -3392,7 +3392,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
@@ -95536,7 +97444,7 @@ index 390c646..f2f8db3 100644
if (!fstype) {
error = -ENODEV;
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
-index a2ee362..5754f34 100644
+index f0b756e..b129202 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -503,7 +503,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
@@ -95743,10 +97651,10 @@ index af49721..e85058e 100644
if (err < 0)
return err;
diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c
-index eb560fa..69a4995 100644
+index f928181..33fb83d 100644
--- a/sound/core/pcm_native.c
+++ b/sound/core/pcm_native.c
-@@ -2806,11 +2806,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
+@@ -2819,11 +2819,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream,
switch (substream->stream) {
case SNDRV_PCM_STREAM_PLAYBACK:
result = snd_pcm_playback_ioctl1(NULL, substream, cmd,
@@ -95801,7 +97709,7 @@ index 040c60e..989a19a 100644
dev->driver_data = NULL;
ops->num_init_devices--;
diff --git a/sound/core/sound.c b/sound/core/sound.c
-index 70ccdab..50f2e10 100644
+index f002bd9..c462985 100644
--- a/sound/core/sound.c
+++ b/sound/core/sound.c
@@ -86,7 +86,7 @@ static void snd_request_other(int minor)
@@ -96070,63 +97978,6 @@ index 7d8803a..559f8d0 100644
list_add(&s->list, &cs4297a_devs);
-diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c
-index dafe04a..660552c 100644
---- a/sound/pci/hda/patch_sigmatel.c
-+++ b/sound/pci/hda/patch_sigmatel.c
-@@ -418,9 +418,11 @@ static void stac_update_outputs(struct hda_codec *codec)
- val &= ~spec->eapd_mask;
- else
- val |= spec->eapd_mask;
-- if (spec->gpio_data != val)
-+ if (spec->gpio_data != val) {
-+ spec->gpio_data = val;
- stac_gpio_set(codec, spec->gpio_mask, spec->gpio_dir,
- val);
-+ }
- }
- }
-
-@@ -3228,7 +3230,7 @@ static const struct hda_fixup stac927x_fixups[] = {
- /* configure the analog microphone on some laptops */
- { 0x0c, 0x90a79130 },
- /* correct the front output jack as a hp out */
-- { 0x0f, 0x0227011f },
-+ { 0x0f, 0x0221101f },
- /* correct the front input jack as a mic */
- { 0x0e, 0x02a79130 },
- {}
-@@ -3608,20 +3610,18 @@ static int stac_parse_auto_config(struct hda_codec *codec)
- static int stac_init(struct hda_codec *codec)
- {
- struct sigmatel_spec *spec = codec->spec;
-- unsigned int gpio;
- int i;
-
- /* override some hints */
- stac_store_hints(codec);
-
- /* set up GPIO */
-- gpio = spec->gpio_data;
- /* turn on EAPD statically when spec->eapd_switch isn't set.
- * otherwise, unsol event will turn it on/off dynamically
- */
- if (!spec->eapd_switch)
-- gpio |= spec->eapd_mask;
-- stac_gpio_set(codec, spec->gpio_mask, spec->gpio_dir, gpio);
-+ spec->gpio_data |= spec->eapd_mask;
-+ stac_gpio_set(codec, spec->gpio_mask, spec->gpio_dir, spec->gpio_data);
-
- snd_hda_gen_init(codec);
-
-@@ -3930,6 +3930,7 @@ static void stac_setup_gpio(struct hda_codec *codec)
- {
- struct sigmatel_spec *spec = codec->spec;
-
-+ spec->gpio_mask |= spec->eapd_mask;
- if (spec->gpio_led) {
- if (!spec->vref_mute_led_nid) {
- spec->gpio_mask |= spec->gpio_led;
diff --git a/sound/pci/ymfpci/ymfpci.h b/sound/pci/ymfpci/ymfpci.h
index 4631a23..001ae57 100644
--- a/sound/pci/ymfpci/ymfpci.h
@@ -96185,10 +98036,10 @@ index 22056c5..25d3244 100644
chip->pci = pci;
chip->irq = -1;
diff --git a/sound/soc/fsl/fsl_ssi.c b/sound/soc/fsl/fsl_ssi.c
-index 7decbd9..d17d9d0 100644
+index 0f0bed6..c161e28 100644
--- a/sound/soc/fsl/fsl_ssi.c
+++ b/sound/soc/fsl/fsl_ssi.c
-@@ -643,7 +643,7 @@ static int fsl_ssi_probe(struct platform_device *pdev)
+@@ -657,7 +657,7 @@ static int fsl_ssi_probe(struct platform_device *pdev)
{
struct fsl_ssi_private *ssi_private;
int ret = 0;
@@ -96198,7 +98049,7 @@ index 7decbd9..d17d9d0 100644
const char *p, *sprop;
const uint32_t *iprop;
diff --git a/sound/sound_core.c b/sound/sound_core.c
-index bb23009..db346c2 100644
+index 359753f..45759f4 100644
--- a/sound/sound_core.c
+++ b/sound/sound_core.c
@@ -292,7 +292,7 @@ retry:
@@ -96210,19 +98061,6 @@ index bb23009..db346c2 100644
return s->unit_minor;
fail:
-diff --git a/sound/usb/6fire/pcm.c b/sound/usb/6fire/pcm.c
-index 40dd50a..6d0a6d1 100644
---- a/sound/usb/6fire/pcm.c
-+++ b/sound/usb/6fire/pcm.c
-@@ -543,7 +543,7 @@ static snd_pcm_uframes_t usb6fire_pcm_pointer(
- snd_pcm_uframes_t ret;
-
- if (rt->panic || !sub)
-- return SNDRV_PCM_STATE_XRUN;
-+ return SNDRV_PCM_POS_XRUN;
-
- spin_lock_irqsave(&sub->lock, flags);
- ret = sub->dma_off;
diff --git a/tools/gcc/.gitignore b/tools/gcc/.gitignore
new file mode 100644
index 0000000..50f2f2f
@@ -98264,10 +100102,10 @@ index 0000000..b5395ba
+}
diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data
new file mode 100644
-index 0000000..7982a0c
+index 0000000..b04803b
--- /dev/null
+++ b/tools/gcc/size_overflow_hash.data
-@@ -0,0 +1,5893 @@
+@@ -0,0 +1,6350 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
+batadv_orig_node_del_if_4 batadv_orig_node_del_if 2 4 NULL
+storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL
@@ -98293,6 +100131,7 @@ index 0000000..7982a0c
+br_port_info_size_268 br_port_info_size 0 268 NULL
+generic_file_direct_write_291 generic_file_direct_write 0 291 NULL
+read_file_war_stats_292 read_file_war_stats 3 292 NULL
++SYSC_connect_304 SYSC_connect 3 304 NULL
+syslog_print_307 syslog_print 2 307 NULL
+platform_device_add_data_310 platform_device_add_data 3 310 NULL
+dn_setsockopt_314 dn_setsockopt 5 314 NULL
@@ -98303,6 +100142,7 @@ index 0000000..7982a0c
+snd_ca0106_ptr_read_467 snd_ca0106_ptr_read 0 467 NULL
+_alloc_get_attr_desc_470 _alloc_get_attr_desc 2 470 NULL
+dccp_manip_pkt_476 dccp_manip_pkt 4 476 NULL
++nvme_trans_modesel_data_488 nvme_trans_modesel_data 4 488 NULL
+pidlist_resize_496 pidlist_resize 2 496 NULL
+read_vbt_r0_503 read_vbt_r0 1 503 NULL
+rx_rx_defrag_end_read_505 rx_rx_defrag_end_read 3 505 NULL
@@ -98321,6 +100161,7 @@ index 0000000..7982a0c
+compat_sys_shmat_620 compat_sys_shmat 3 620 NULL
+isp1760_register_628 isp1760_register 1-2 628 NULL
+clone_split_bio_633 clone_split_bio 6 633 NULL
++ceph_osdc_new_request_635 ceph_osdc_new_request 6 635 NULL
+remap_to_cache_640 remap_to_cache 3 640 NULL
+drbd_bm_find_next_643 drbd_bm_find_next 2 643 NULL
+unlink_queued_645 unlink_queued 3-4 645 NULL
@@ -98348,6 +100189,7 @@ index 0000000..7982a0c
+pte_prefetch_gfn_to_pfn_997 pte_prefetch_gfn_to_pfn 2 997 NULL nohasharray
+hdlcdev_rx_997 hdlcdev_rx 3 997 &pte_prefetch_gfn_to_pfn_997
+dm_cache_set_dirty_1016 dm_cache_set_dirty 2 1016 NULL
++_do_truncate_1019 _do_truncate 2 1019 NULL
+smk_write_cipso2_1021 smk_write_cipso2 3 1021 NULL
+gigaset_initdriver_1060 gigaset_initdriver 2 1060 NULL
+Read_hfc16_1070 Read_hfc16 0 1070 NULL
@@ -98360,6 +100202,7 @@ index 0000000..7982a0c
+sys_mremap_1107 sys_mremap 5-1-2 1107 NULL
+cfg80211_report_obss_beacon_1133 cfg80211_report_obss_beacon 3 1133 NULL
+vmalloc_32_1135 vmalloc_32 1 1135 NULL
++dec_zcache_eph_zpages_1138 dec_zcache_eph_zpages 1 1138 NULL
+i2400m_rx_ctl_1157 i2400m_rx_ctl 4 1157 NULL
+ipc_alloc_1192 ipc_alloc 1 1192 NULL
+ib_create_send_mad_1196 ib_create_send_mad 5 1196 NULL
@@ -98377,6 +100220,7 @@ index 0000000..7982a0c
+wm_adsp_buf_alloc_1317 wm_adsp_buf_alloc 2 1317 NULL
+compat_put_u64_1319 compat_put_u64 1 1319 NULL
+ffs_1322 ffs 0 1322 NULL
++qlcnic_pci_sriov_configure_1327 qlcnic_pci_sriov_configure 2 1327 NULL
+carl9170_rx_stream_1334 carl9170_rx_stream 3 1334 NULL
+btrfs_submit_compressed_write_1347 btrfs_submit_compressed_write 5 1347 NULL
+gen_pool_best_fit_1348 gen_pool_best_fit 2-3-4 1348 NULL
@@ -98394,11 +100238,13 @@ index 0000000..7982a0c
+stack_max_size_read_1445 stack_max_size_read 3 1445 NULL
+tx_queue_len_read_1463 tx_queue_len_read 3 1463 NULL
+xprt_alloc_1475 xprt_alloc 2 1475 NULL
++SYSC_syslog_1477 SYSC_syslog 3 1477 NULL
+sta_num_ps_buf_frames_read_1488 sta_num_ps_buf_frames_read 3 1488 NULL
+posix_acl_permission_1495 posix_acl_permission 0 1495 NULL
+tomoyo_round2_1518 tomoyo_round2 0 1518 NULL
+__vfio_dma_map_1523 __vfio_dma_map 3 1523 NULL
+alloc_perm_bits_1532 alloc_perm_bits 2 1532 NULL
++ath6kl_init_get_fwcaps_1557 ath6kl_init_get_fwcaps 3 1557 NULL
+ieee80211_if_read_dot11MeshHWMPnetDiameterTraversalTime_1589 ieee80211_if_read_dot11MeshHWMPnetDiameterTraversalTime 3 1589 NULL
+fc_frame_alloc_1596 fc_frame_alloc 2 1596 NULL
+packet_buffer_init_1607 packet_buffer_init 2 1607 NULL
@@ -98406,6 +100252,7 @@ index 0000000..7982a0c
+v9fs_fid_xattr_get_1618 v9fs_fid_xattr_get 0 1618 NULL
+btmrvl_hsmode_read_1647 btmrvl_hsmode_read 3 1647 NULL
+ikconfig_read_current_1658 ikconfig_read_current 3 1658 NULL
++mei_cl_recv_1665 mei_cl_recv 3 1665 NULL
+netdev_feature_string_1667 netdev_feature_string 0 1667 NULL
+compat_x25_ioctl_1674 compat_x25_ioctl 3 1674 NULL
+rmap_add_1677 rmap_add 3 1677 NULL
@@ -98419,11 +100266,14 @@ index 0000000..7982a0c
+ebt_size_mwt_1768 ebt_size_mwt 0 1768 NULL
+cosa_write_1774 cosa_write 3 1774 NULL
+update_macheader_1775 update_macheader 7 1775 NULL
++dec_zcache_pers_zbytes_1779 dec_zcache_pers_zbytes 1 1779 NULL
+fcoe_ctlr_device_add_1793 fcoe_ctlr_device_add 3 1793 NULL
+__nodelist_scnprintf_1815 __nodelist_scnprintf 0-2-4 1815 NULL
+alloc_pages_exact_1892 alloc_pages_exact 1 1892 NULL
+rx_defrag_called_read_1897 rx_defrag_called_read 3 1897 NULL
+nfs_parse_server_name_1899 nfs_parse_server_name 2 1899 NULL
++SyS_add_key_1900 SyS_add_key 4 1900 NULL
++isku_sysfs_write_keys_media_1910 isku_sysfs_write_keys_media 6 1910 NULL
+tx_tx_retry_data_read_1926 tx_tx_retry_data_read 3 1926 NULL
+memblock_alloc_base_1938 memblock_alloc_base 1-2 1938 NULL
+cyttsp_probe_1940 cyttsp_probe 4 1940 NULL
@@ -98457,8 +100307,10 @@ index 0000000..7982a0c
+mlx4_init_icm_table_2151 mlx4_init_icm_table 5-4 2151 NULL
+iov_iter_count_2152 iov_iter_count 0 2152 NULL
+_ore_get_io_state_2166 _ore_get_io_state 3-4-5 2166 NULL
++bio_integrity_alloc_2194 bio_integrity_alloc 3 2194 NULL
+ssb_bus_ssbbus_register_2217 ssb_bus_ssbbus_register 2 2217 NULL
-+u32_array_read_2219 u32_array_read 3 2219 NULL
++mei_dbgfs_read_meclients_2219 mei_dbgfs_read_meclients 3 2219 NULL nohasharray
++u32_array_read_2219 u32_array_read 3 2219 &mei_dbgfs_read_meclients_2219
+vhci_write_2224 vhci_write 3 2224 NULL
+efx_tsoh_page_count_2225 efx_tsoh_page_count 0 2225 NULL
+lowpan_get_mac_header_length_2231 lowpan_get_mac_header_length 0 2231 NULL
@@ -98475,10 +100327,12 @@ index 0000000..7982a0c
+__erst_read_to_erange_2341 __erst_read_to_erange 0 2341 NULL
+zr364xx_read_2354 zr364xx_read 3 2354 NULL
+viafb_iga2_odev_proc_write_2363 viafb_iga2_odev_proc_write 3 2363 NULL
++SyS_mremap_2367 SyS_mremap 1-2-5 2367 NULL
+xfs_buf_map_from_irec_2368 xfs_buf_map_from_irec 5 2368 NULL
+il_dbgfs_sensitivity_read_2370 il_dbgfs_sensitivity_read 3 2370 NULL
+rtl_port_map_2385 rtl_port_map 1-2 2385 NULL
+rxpipe_rx_prep_beacon_drop_read_2403 rxpipe_rx_prep_beacon_drop_read 3 2403 NULL
++SYSC_mlock_2415 SYSC_mlock 1 2415 NULL
+isdn_v110_open_2418 isdn_v110_open 3 2418 NULL
+raid1_size_2419 raid1_size 0-2 2419 NULL
+roccat_common2_send_2422 roccat_common2_send 4 2422 NULL
@@ -98498,6 +100352,7 @@ index 0000000..7982a0c
+gspca_dev_probe_2570 gspca_dev_probe 4 2570 NULL
+i915_next_seqno_write_2572 i915_next_seqno_write 3 2572 NULL
+pcm_sanity_check_2574 pcm_sanity_check 0 2574 NULL
++slot_bytes_2609 slot_bytes 0 2609 NULL
+smk_write_logging_2618 smk_write_logging 3 2618 NULL
+kvm_gfn_to_hva_cache_init_2636 kvm_gfn_to_hva_cache_init 3 2636 NULL
+lro_gen_skb_2644 lro_gen_skb 6 2644 NULL
@@ -98505,7 +100360,8 @@ index 0000000..7982a0c
+memcpy_fromiovecend_2707 memcpy_fromiovecend 3-4 2707 NULL
+__xip_file_write_2733 __xip_file_write 4-3 2733 NULL
+hid_report_raw_event_2762 hid_report_raw_event 4 2762 NULL
-+mon_bin_ioctl_2771 mon_bin_ioctl 3 2771 NULL
++mon_bin_ioctl_2771 mon_bin_ioctl 3 2771 NULL nohasharray
++bictcp_update_2771 bictcp_update 2 2771 &mon_bin_ioctl_2771
+__next_cpu_2782 __next_cpu 1 2782 NULL
+set_msr_hyperv_pw_2785 set_msr_hyperv_pw 3 2785 NULL
+sel_read_enforce_2828 sel_read_enforce 3 2828 NULL
@@ -98521,6 +100377,7 @@ index 0000000..7982a0c
+xfs_trans_get_buf_map_2927 xfs_trans_get_buf_map 4 2927 NULL
+nes_read_indexed_2946 nes_read_indexed 0 2946 NULL
+tm6000_i2c_recv_regs16_2949 tm6000_i2c_recv_regs16 5 2949 NULL
++set_fast_connectable_2952 set_fast_connectable 4 2952 NULL
+ppp_cp_event_2965 ppp_cp_event 6 2965 NULL
+do_strnlen_user_2976 do_strnlen_user 0-2 2976 NULL
+p9_nr_pages_2992 p9_nr_pages 0-2 2992 NULL
@@ -98549,6 +100406,7 @@ index 0000000..7982a0c
+mempool_create_node_3191 mempool_create_node 1 3191 NULL
+alloc_context_3194 alloc_context 1 3194 NULL
+shmem_pread_slow_3198 shmem_pread_slow 3 3198 NULL
++SyS_sendto_3219 SyS_sendto 6 3219 NULL
+kimage_crash_alloc_3233 kimage_crash_alloc 3 3233 NULL
+do_read_log_to_user_3236 do_read_log_to_user 4 3236 NULL
+ext3_xattr_find_entry_3237 ext3_xattr_find_entry 0 3237 NULL
@@ -98573,6 +100431,7 @@ index 0000000..7982a0c
+mei_io_cb_alloc_resp_buf_3414 mei_io_cb_alloc_resp_buf 2 3414 NULL
+pci_add_cap_save_buffer_3426 pci_add_cap_save_buffer 3 3426 NULL
+crystalhd_create_dio_pool_3427 crystalhd_create_dio_pool 2 3427 NULL
++SyS_msgsnd_3436 SyS_msgsnd 3 3436 NULL
+pipe_iov_copy_to_user_3447 pipe_iov_copy_to_user 3 3447 NULL
+percpu_modalloc_3448 percpu_modalloc 2-3 3448 NULL
+map_single_3449 map_single 0-2 3449 NULL
@@ -98584,6 +100443,7 @@ index 0000000..7982a0c
+kvm_handle_bad_page_3503 kvm_handle_bad_page 2 3503 NULL
+mem_tx_free_mem_blks_read_3521 mem_tx_free_mem_blks_read 3 3521 NULL nohasharray
+ieee80211_wx_set_gen_ie_rsl_3521 ieee80211_wx_set_gen_ie_rsl 3 3521 &mem_tx_free_mem_blks_read_3521
++SyS_readv_3539 SyS_readv 3 3539 NULL
+btrfs_dir_name_len_3549 btrfs_dir_name_len 0 3549 NULL
+b43legacy_read16_3561 b43legacy_read16 0 3561 NULL
+alloc_smp_resp_3566 alloc_smp_resp 1 3566 NULL
@@ -98594,12 +100454,13 @@ index 0000000..7982a0c
+edac_mc_alloc_3611 edac_mc_alloc 4 3611 NULL
+tx_tx_starts_read_3617 tx_tx_starts_read 3 3617 NULL
+aligned_kmalloc_3628 aligned_kmalloc 1 3628 NULL
-+cm_copy_private_data_3649 cm_copy_private_data 2 3649 NULL
++x86_swiotlb_alloc_coherent_3649 x86_swiotlb_alloc_coherent 2 3649 NULL nohasharray
++cm_copy_private_data_3649 cm_copy_private_data 2 3649 &x86_swiotlb_alloc_coherent_3649
+ath6kl_disconnect_timeout_read_3650 ath6kl_disconnect_timeout_read 3 3650 NULL
+i915_compat_ioctl_3656 i915_compat_ioctl 2 3656 NULL
-+create_irq_3703 create_irq 0 3703 NULL nohasharray
-+btmrvl_psmode_write_3703 btmrvl_psmode_write 3 3703 &create_irq_3703 nohasharray
-+snd_m3_assp_read_3703 snd_m3_assp_read 0 3703 &btmrvl_psmode_write_3703
++snd_m3_assp_read_3703 snd_m3_assp_read 0 3703 NULL nohasharray
++create_irq_3703 create_irq 0 3703 &snd_m3_assp_read_3703 nohasharray
++btmrvl_psmode_write_3703 btmrvl_psmode_write 3 3703 &create_irq_3703
+videobuf_pages_to_sg_3708 videobuf_pages_to_sg 2 3708 NULL
+ci_ll_write_3740 ci_ll_write 4 3740 NULL nohasharray
+ath6kl_mgmt_tx_3740 ath6kl_mgmt_tx 7 3740 &ci_ll_write_3740
@@ -98618,6 +100479,7 @@ index 0000000..7982a0c
+pipeline_pre_proc_swi_read_3898 pipeline_pre_proc_swi_read 3 3898 NULL
+comedi_buf_read_n_available_3899 comedi_buf_read_n_available 0 3899 NULL
+vcs_write_3910 vcs_write 3 3910 NULL
++brcmf_debugfs_fws_stats_read_3947 brcmf_debugfs_fws_stats_read 3 3947 NULL
+atalk_compat_ioctl_3991 atalk_compat_ioctl 3 3991 NULL
+do_add_counters_3992 do_add_counters 3 3992 NULL
+userspace_status_4004 userspace_status 4 4004 NULL
@@ -98631,6 +100493,7 @@ index 0000000..7982a0c
+read_file_queues_4078 read_file_queues 3 4078 NULL
+fbcon_do_set_font_4079 fbcon_do_set_font 2-3 4079 NULL
+da9052_free_irq_4090 da9052_free_irq 2 4090 NULL
++C_SYSC_rt_sigpending_4114 C_SYSC_rt_sigpending 2 4114 NULL
+ntb_netdev_change_mtu_4147 ntb_netdev_change_mtu 2 4147 NULL
+tm6000_read_4151 tm6000_read 3 4151 NULL
+mpt_raid_phys_disk_get_num_paths_4155 mpt_raid_phys_disk_get_num_paths 0 4155 NULL
@@ -98678,6 +100541,7 @@ index 0000000..7982a0c
+kone_receive_4690 kone_receive 4 4690 NULL
+round_pipe_size_4701 round_pipe_size 0 4701 NULL
+cxgbi_alloc_big_mem_4707 cxgbi_alloc_big_mem 1 4707 NULL
++konepure_sysfs_read_4709 konepure_sysfs_read 6 4709 NULL
+btmrvl_gpiogap_read_4718 btmrvl_gpiogap_read 3 4718 NULL
+ati_create_gatt_pages_4722 ati_create_gatt_pages 1 4722 NULL nohasharray
+show_header_4722 show_header 3 4722 &ati_create_gatt_pages_4722
@@ -98701,6 +100565,7 @@ index 0000000..7982a0c
+skb_network_header_len_4971 skb_network_header_len 0 4971 NULL
+ieee80211_if_fmt_dot11MeshHWMPconfirmationInterval_4976 ieee80211_if_fmt_dot11MeshHWMPconfirmationInterval 3 4976 NULL
+vmw_surface_define_size_4993 vmw_surface_define_size 0 4993 NULL
++compat_SyS_ipc_5000 compat_SyS_ipc 3-4-5-6 5000 NULL
+qla82xx_pci_mem_write_direct_5008 qla82xx_pci_mem_write_direct 2 5008 NULL
+do_mincore_5018 do_mincore 0-1 5018 NULL
+mtd_device_parse_register_5024 mtd_device_parse_register 5 5024 NULL
@@ -98722,8 +100587,10 @@ index 0000000..7982a0c
+skb_network_header_5203 skb_network_header 0 5203 NULL
+pipe_set_size_5204 pipe_set_size 2 5204 NULL
+ppp_cp_parse_cr_5214 ppp_cp_parse_cr 4 5214 NULL
++dwc2_hcd_urb_alloc_5217 dwc2_hcd_urb_alloc 2 5217 NULL
+ath6kl_debug_roam_tbl_event_5224 ath6kl_debug_roam_tbl_event 3 5224 NULL
-+ssb_ioremap_5228 ssb_ioremap 2 5228 NULL
++ssb_ioremap_5228 ssb_ioremap 2 5228 NULL nohasharray
++konepure_sysfs_write_5228 konepure_sysfs_write 6 5228 &ssb_ioremap_5228
+isdn_ppp_skb_push_5236 isdn_ppp_skb_push 2 5236 NULL
+do_atmif_sioc_5247 do_atmif_sioc 3 5247 NULL
+gfn_to_hva_memslot_5265 gfn_to_hva_memslot 2 5265 NULL
@@ -98748,6 +100615,7 @@ index 0000000..7982a0c
+__max_nr_grant_frames_5505 __max_nr_grant_frames 0 5505 NULL
+spidev_message_5518 spidev_message 3 5518 NULL
+ieee80211_if_fmt_auto_open_plinks_5534 ieee80211_if_fmt_auto_open_plinks 3 5534 NULL
++get_entry_msg_len_5552 get_entry_msg_len 0 5552 NULL
+brcmu_pkt_buf_get_skb_5556 brcmu_pkt_buf_get_skb 1 5556 NULL
+le_readq_5557 le_readq 0 5557 NULL
+inw_5558 inw 0 5558 NULL
@@ -98757,17 +100625,20 @@ index 0000000..7982a0c
+usb_dump_device_descriptor_5599 usb_dump_device_descriptor 0 5599 NULL
+ldm_frag_add_5611 ldm_frag_add 2 5611 NULL
+compat_copy_entries_5617 compat_copy_entries 0 5617 NULL
++SYSC_fsetxattr_5639 SYSC_fsetxattr 4 5639 NULL
+ext4_xattr_get_5661 ext4_xattr_get 0 5661 NULL
+posix_clock_register_5662 posix_clock_register 2 5662 NULL
+mthca_map_reg_5664 mthca_map_reg 2-3 5664 NULL
+__videobuf_alloc_vb_5665 __videobuf_alloc_vb 1 5665 NULL
+wb_clear_dirty_5684 wb_clear_dirty 2 5684 NULL
+get_arg_5694 get_arg 3 5694 NULL
++subbuf_read_actor_5708 subbuf_read_actor 3 5708 NULL
+vmw_kms_readback_5727 vmw_kms_readback 6 5727 NULL
+reexecute_instruction_5733 reexecute_instruction 2 5733 NULL
+rts51x_transfer_data_partial_5735 rts51x_transfer_data_partial 6 5735 NULL
+ubi_cdev_compat_ioctl_5746 ubi_cdev_compat_ioctl 3 5746 NULL
-+sctp_setsockopt_autoclose_5775 sctp_setsockopt_autoclose 3 5775 NULL
++sctp_setsockopt_autoclose_5775 sctp_setsockopt_autoclose 3 5775 NULL nohasharray
++qlcnic_83xx_sysfs_flash_read_handler_5775 qlcnic_83xx_sysfs_flash_read_handler 6 5775 &sctp_setsockopt_autoclose_5775
+compat_sys_writev_5784 compat_sys_writev 3 5784 NULL
+__vxge_hw_blockpool_malloc_5786 __vxge_hw_blockpool_malloc 2 5786 NULL
+skb_copy_datagram_iovec_5806 skb_copy_datagram_iovec 2-4 5806 NULL
@@ -98782,6 +100653,7 @@ index 0000000..7982a0c
+uinput_compat_ioctl_5861 uinput_compat_ioctl 3 5861 &compat_sys_move_pages_5861
+paging64_walk_addr_5887 paging64_walk_addr 3 5887 NULL
+port_show_regs_5904 port_show_regs 3 5904 NULL
++rbd_segment_length_5907 rbd_segment_length 0-3-2 5907 NULL
+uhci_debug_read_5911 uhci_debug_read 3 5911 NULL
+qla82xx_pci_mem_read_2M_5912 qla82xx_pci_mem_read_2M 2 5912 NULL
+ttm_bo_kmap_ttm_5922 ttm_bo_kmap_ttm 3 5922 NULL
@@ -98792,14 +100664,17 @@ index 0000000..7982a0c
+__apu_get_register_5967 __apu_get_register 0 5967 NULL
+ieee80211_if_fmt_rc_rateidx_mask_5ghz_5971 ieee80211_if_fmt_rc_rateidx_mask_5ghz 3 5971 NULL
+native_pte_val_5978 native_pte_val 0 5978 NULL
++SyS_semop_5980 SyS_semop 3 5980 NULL
+ntfs_rl_append_6037 ntfs_rl_append 2-4 6037 NULL
+da9052_request_irq_6058 da9052_request_irq 2 6058 NULL
+sctp_setsockopt_connectx_6073 sctp_setsockopt_connectx 3 6073 NULL
+rts51x_ms_rw_multi_sector_6076 rts51x_ms_rw_multi_sector 3-4 6076 NULL
++md_trim_bio_6078 md_trim_bio 2 6078 NULL
+ipmi_addr_length_6110 ipmi_addr_length 0 6110 NULL
+dfs_global_file_write_6112 dfs_global_file_write 3 6112 NULL
+matrix_keypad_build_keymap_6129 matrix_keypad_build_keymap 3 6129 NULL
+nouveau_parent_create__6131 nouveau_parent_create_ 7 6131 NULL
++ieee80211_if_fmt_beacon_timeout_6153 ieee80211_if_fmt_beacon_timeout 3 6153 NULL
+ivtv_copy_buf_to_user_6159 ivtv_copy_buf_to_user 4 6159 NULL
+vdma_mem_alloc_6171 vdma_mem_alloc 1 6171 NULL
+wl1251_cmd_template_set_6172 wl1251_cmd_template_set 4 6172 NULL
@@ -98819,9 +100694,14 @@ index 0000000..7982a0c
+nf_nat_ipv6_manip_pkt_6289 nf_nat_ipv6_manip_pkt 2 6289 NULL
+nf_nat_sack_adjust_6297 nf_nat_sack_adjust 2 6297 NULL
+mid_get_vbt_data_r10_6308 mid_get_vbt_data_r10 2 6308 NULL
++qlcnic_sriov_alloc_bc_msg_6309 qlcnic_sriov_alloc_bc_msg 2 6309 NULL
++SyS_mincore_6329 SyS_mincore 1 6329 NULL
++fuse_get_req_for_background_6337 fuse_get_req_for_background 2 6337 NULL
+ucs2_strnlen_6342 ucs2_strnlen 0 6342 NULL
++mei_dbgfs_read_devstate_6352 mei_dbgfs_read_devstate 3 6352 NULL
+_proc_do_string_6376 _proc_do_string 2 6376 NULL
+osd_req_read_sg_kern_6378 osd_req_read_sg_kern 5 6378 NULL
++isku_sysfs_write_light_6406 isku_sysfs_write_light 6 6406 NULL
+posix_acl_fix_xattr_userns_6420 posix_acl_fix_xattr_userns 4 6420 NULL
+ipr_change_queue_depth_6431 ipr_change_queue_depth 2 6431 NULL
+__alloc_bootmem_node_nopanic_6432 __alloc_bootmem_node_nopanic 2-3 6432 NULL
@@ -98836,9 +100716,13 @@ index 0000000..7982a0c
+read_file_disable_ani_6536 read_file_disable_ani 3 6536 NULL
+rndis_set_oid_6547 rndis_set_oid 4 6547 NULL
+wdm_read_6549 wdm_read 3 6549 NULL
++isku_sysfs_write_keys_easyzone_6553 isku_sysfs_write_keys_easyzone 6 6553 NULL
+fb_alloc_cmap_6554 fb_alloc_cmap 2 6554 NULL
++SyS_semtimedop_6563 SyS_semtimedop 3 6563 NULL
++SyS_fcntl64_6582 SyS_fcntl64 3 6582 NULL
+snmp_mib_init_6604 snmp_mib_init 2-3 6604 NULL
+ecryptfs_filldir_6622 ecryptfs_filldir 3 6622 NULL
++compat_SyS_shmat_6642 compat_SyS_shmat 2 6642 NULL
+virtscsi_alloc_tgt_6643 virtscsi_alloc_tgt 2 6643 NULL
+aac_srcv_ioremap_6659 aac_srcv_ioremap 2 6659 NULL
+process_rcvd_data_6679 process_rcvd_data 3 6679 NULL
@@ -98875,6 +100759,7 @@ index 0000000..7982a0c
+rsa_extract_mpi_6973 rsa_extract_mpi 5 6973 NULL
+crypto_authenc_esn_setkey_6985 crypto_authenc_esn_setkey 3 6985 NULL
+request_key_async_6990 request_key_async 4 6990 NULL
++tpl_write_6998 tpl_write 3 6998 NULL
+r871x_set_wpa_ie_7000 r871x_set_wpa_ie 3 7000 NULL
+cipso_v4_gentag_enum_7006 cipso_v4_gentag_enum 0 7006 NULL
+tracing_cpumask_read_7010 tracing_cpumask_read 3 7010 NULL
@@ -98888,12 +100773,14 @@ index 0000000..7982a0c
+check_header_7108 check_header 0 7108 NULL
+qlcnic_enable_msix_7144 qlcnic_enable_msix 2 7144 NULL
+__alloc_objio_seg_7203 __alloc_objio_seg 1 7203 NULL
++batadv_check_unicast_ttvn_7206 batadv_check_unicast_ttvn 3 7206 NULL
+sys32_ipc_7238 sys32_ipc 3-5-6 7238 NULL
+get_param_h_7247 get_param_h 0 7247 NULL
+af_alg_make_sg_7254 af_alg_make_sg 3 7254 NULL
+vm_mmap_pgoff_7259 vm_mmap_pgoff 0 7259 NULL
+dma_ops_alloc_addresses_7272 dma_ops_alloc_addresses 3-4-5 7272 NULL
+rx_rate_rx_frames_per_rates_read_7282 rx_rate_rx_frames_per_rates_read 3 7282 NULL
++isku_sysfs_write_macro_7293 isku_sysfs_write_macro 6 7293 NULL
+wb_remove_mapping_7307 wb_remove_mapping 2 7307 NULL
+mgmt_control_7349 mgmt_control 3 7349 NULL
+ext3_free_blocks_7362 ext3_free_blocks 3-4 7362 NULL
@@ -98904,6 +100791,7 @@ index 0000000..7982a0c
+readb_7401 readb 0 7401 NULL
+drm_property_create_blob_7414 drm_property_create_blob 2 7414 NULL
+ip_options_get_alloc_7448 ip_options_get_alloc 1 7448 NULL
++SYSC_setgroups_7454 SYSC_setgroups 1 7454 NULL
+numa_emulation_7466 numa_emulation 2 7466 NULL
+__mutex_lock_common_7469 __mutex_lock_common 0 7469 NULL
+garp_request_join_7471 garp_request_join 4 7471 NULL
@@ -98914,6 +100802,7 @@ index 0000000..7982a0c
+array_zalloc_7519 array_zalloc 1-2 7519 NULL
+goal_in_my_reservation_7553 goal_in_my_reservation 3 7553 NULL
+smk_read_mapped_7562 smk_read_mapped 3 7562 NULL
++btrfs_block_rsv_add_7579 btrfs_block_rsv_add 3 7579 NULL
+ext3_try_to_allocate_7590 ext3_try_to_allocate 5-3 7590 NULL
+groups_alloc_7614 groups_alloc 1 7614 NULL
+sg_virt_7616 sg_virt 0 7616 NULL
@@ -98921,6 +100810,7 @@ index 0000000..7982a0c
+acpi_ex_allocate_name_string_7685 acpi_ex_allocate_name_string 2-1 7685 &skb_copy_expand_7685
+acpi_ns_get_pathname_length_7699 acpi_ns_get_pathname_length 0 7699 NULL
+dev_write_7708 dev_write 3 7708 NULL
++unmap_region_7709 unmap_region 1 7709 NULL
+brcmf_sdcard_send_buf_7713 brcmf_sdcard_send_buf 6 7713 NULL
+set_bypass_pwup_pfs_7742 set_bypass_pwup_pfs 3 7742 NULL
+vxge_device_register_7752 vxge_device_register 4 7752 NULL
@@ -98939,6 +100829,7 @@ index 0000000..7982a0c
+libfc_host_alloc_7917 libfc_host_alloc 2 7917 NULL
+f_hidg_write_7932 f_hidg_write 3 7932 NULL
+io_apic_setup_irq_pin_once_7934 io_apic_setup_irq_pin_once 1 7934 NULL
++hash_netiface6_expire_7944 hash_netiface6_expire 3 7944 NULL
+integrity_digsig_verify_7956 integrity_digsig_verify 3 7956 NULL
+smk_write_load_self_7958 smk_write_load_self 3 7958 NULL
+sys_mbind_7990 sys_mbind 5 7990 NULL
@@ -98954,6 +100845,7 @@ index 0000000..7982a0c
+venus_lookup_8121 venus_lookup 4 8121 NULL
+ieee80211_if_fmt_num_buffered_multicast_8127 ieee80211_if_fmt_num_buffered_multicast 3 8127 NULL
+dma_map_area_8178 dma_map_area 5-2-3 8178 NULL
++ore_truncate_8181 ore_truncate 3 8181 NULL
+__sk_mem_schedule_8185 __sk_mem_schedule 2 8185 NULL
+ieee80211_if_fmt_dot11MeshHoldingTimeout_8187 ieee80211_if_fmt_dot11MeshHoldingTimeout 3 8187 NULL
+recent_mt_proc_write_8206 recent_mt_proc_write 3 8206 NULL
@@ -98963,6 +100855,7 @@ index 0000000..7982a0c
+create_log_8225 create_log 2 8225 NULL nohasharray
+kvm_mmu_page_set_gfn_8225 kvm_mmu_page_set_gfn 2 8225 &create_log_8225
+sctp_ssnmap_size_8228 sctp_ssnmap_size 0-1-2 8228 NULL
++ceph_sync_write_8233 ceph_sync_write 4 8233 NULL
+bnx2x_iov_get_max_queue_count_8235 bnx2x_iov_get_max_queue_count 0 8235 NULL
+check_xattr_ref_inode_8244 check_xattr_ref_inode 0 8244 NULL
+add_rx_skb_8257 add_rx_skb 3 8257 NULL
@@ -98974,11 +100867,13 @@ index 0000000..7982a0c
+ipwireless_send_packet_8328 ipwireless_send_packet 4 8328 NULL
+tracing_entries_read_8345 tracing_entries_read 3 8345 NULL
+ieee80211_if_fmt_ht_opmode_8347 ieee80211_if_fmt_ht_opmode 3 8347 NULL
-+ping_getfrag_8360 ping_getfrag 4-3 8360 NULL
++isku_sysfs_write_talk_8360 isku_sysfs_write_talk 6 8360 NULL nohasharray
++ping_getfrag_8360 ping_getfrag 4-3 8360 &isku_sysfs_write_talk_8360
+uvc_v4l2_compat_ioctl32_8375 uvc_v4l2_compat_ioctl32 3 8375 NULL
+xdi_copy_from_user_8395 xdi_copy_from_user 4 8395 NULL
+zd_rf_scnprint_id_8406 zd_rf_scnprint_id 0-3 8406 NULL
-+uvc_v4l2_ioctl_8411 uvc_v4l2_ioctl 2 8411 NULL
++smk_write_change_rule_8411 smk_write_change_rule 3 8411 NULL nohasharray
++uvc_v4l2_ioctl_8411 uvc_v4l2_ioctl 2 8411 &smk_write_change_rule_8411
+pca953x_gpio_to_irq_8424 pca953x_gpio_to_irq 2 8424 NULL
+snd_usb_ctl_msg_8436 snd_usb_ctl_msg 8 8436 NULL
+irq_create_mapping_8437 irq_create_mapping 2 8437 NULL
@@ -98990,6 +100885,7 @@ index 0000000..7982a0c
+pnp_resource_len_8532 pnp_resource_len 0 8532 NULL
+alloc_pg_vec_8533 alloc_pg_vec 2 8533 NULL
+ocfs2_read_virt_blocks_8538 ocfs2_read_virt_blocks 2-3 8538 NULL
++user_on_off_8552 user_on_off 2 8552 NULL
+profile_remove_8556 profile_remove 3 8556 NULL
+cache_slow_downcall_8570 cache_slow_downcall 2 8570 NULL
+mga_ioremap_8571 mga_ioremap 1-2 8571 NULL
@@ -98999,7 +100895,7 @@ index 0000000..7982a0c
+shash_setkey_unaligned_8620 shash_setkey_unaligned 3 8620 NULL
+it821x_firmware_command_8628 it821x_firmware_command 3 8628 NULL
+scsi_dma_map_8632 scsi_dma_map 0 8632 NULL
-+fuse_send_write_pages_8636 fuse_send_write_pages 0 8636 NULL
++fuse_send_write_pages_8636 fuse_send_write_pages 0-5 8636 NULL
+generic_acl_set_8658 generic_acl_set 4 8658 NULL
+dio_bio_alloc_8677 dio_bio_alloc 5 8677 NULL
+lbs_bcnmiss_read_8678 lbs_bcnmiss_read 3 8678 NULL
@@ -99044,6 +100940,7 @@ index 0000000..7982a0c
+vol_cdev_read_8968 vol_cdev_read 3 8968 NULL nohasharray
+seq_open_net_8968 seq_open_net 4 8968 &vol_cdev_read_8968
+bio_integrity_get_tag_8974 bio_integrity_get_tag 3 8974 NULL
++btrfs_alloc_free_block_8986 btrfs_alloc_free_block 3 8986 NULL
+snd_emu10k1_ptr_read_9026 snd_emu10k1_ptr_read 0-2 9026 NULL
+__pskb_copy_9038 __pskb_copy 2 9038 NULL
+nla_put_9042 nla_put 3 9042 NULL
@@ -99056,6 +100953,7 @@ index 0000000..7982a0c
+caif_stream_sendmsg_9110 caif_stream_sendmsg 4 9110 NULL nohasharray
+gfn_to_rmap_9110 gfn_to_rmap 2-3 9110 &caif_stream_sendmsg_9110
+pmcraid_change_queue_depth_9116 pmcraid_change_queue_depth 2 9116 NULL
++isku_sysfs_write_keys_macro_9120 isku_sysfs_write_keys_macro 6 9120 NULL
+mq_remove_mapping_9124 mq_remove_mapping 2 9124 NULL
+mlx4_alloc_resize_umem_9132 mlx4_alloc_resize_umem 3 9132 NULL
+ext4_list_backups_9138 ext4_list_backups 0 9138 NULL
@@ -99067,6 +100965,7 @@ index 0000000..7982a0c
+gx1_gx_base_9198 gx1_gx_base 0 9198 NULL
+snd_m3_get_pointer_9206 snd_m3_get_pointer 0 9206 NULL
+get_pfn_9207 get_pfn 1 9207 NULL
++virtqueue_add_9217 virtqueue_add 5-4 9217 NULL
+tx_tx_prepared_descs_read_9221 tx_tx_prepared_descs_read 3 9221 NULL
+sctp_getsockopt_delayed_ack_9232 sctp_getsockopt_delayed_ack 2 9232 NULL
+ocfs2_clear_ext_refcount_9256 ocfs2_clear_ext_refcount 4 9256 NULL
@@ -99079,7 +100978,10 @@ index 0000000..7982a0c
+ceph_sync_setxattr_9310 ceph_sync_setxattr 4 9310 NULL
+memblock_find_in_range_node_9328 memblock_find_in_range_node 0-3-4 9328 NULL
+ieee80211_if_fmt_txpower_9334 ieee80211_if_fmt_txpower 3 9334 NULL
++nvme_trans_fmt_get_parm_header_9340 nvme_trans_fmt_get_parm_header 2 9340 NULL
+ocfs2_orphan_for_truncate_9342 ocfs2_orphan_for_truncate 4 9342 NULL
++sta_beacon_loss_count_read_9370 sta_beacon_loss_count_read 3 9370 NULL
++virtqueue_add_outbuf_9395 virtqueue_add_outbuf 3 9395 NULL
+read_9397 read 3 9397 NULL
+nf_nat_sip_expect_9418 nf_nat_sip_expect 8 9418 NULL
+bm_realloc_pages_9431 bm_realloc_pages 2 9431 NULL
@@ -99103,6 +101005,7 @@ index 0000000..7982a0c
+f2fs_read_data_pages_9574 f2fs_read_data_pages 4 9574 NULL
+biovec_create_pools_9575 biovec_create_pools 2 9575 NULL
+ieee80211_tdls_mgmt_9581 ieee80211_tdls_mgmt 8 9581 NULL
++use_block_rsv_9597 use_block_rsv 3 9597 NULL
+do_sync_9604 do_sync 1 9604 NULL
+snd_emu10k1_fx8010_read_9605 snd_emu10k1_fx8010_read 5-6 9605 NULL
+saa7164_buffer_alloc_user_9627 saa7164_buffer_alloc_user 2 9627 NULL
@@ -99121,6 +101024,7 @@ index 0000000..7982a0c
+fnb_9703 fnb 2-3 9703 NULL
+fuse_iter_npages_9705 fuse_iter_npages 0 9705 NULL nohasharray
+ieee80211_if_read_aid_9705 ieee80211_if_read_aid 3 9705 &fuse_iter_npages_9705
++nla_get_u8_9736 nla_get_u8 0 9736 NULL
+ieee80211_if_fmt_num_mcast_sta_9738 ieee80211_if_fmt_num_mcast_sta 3 9738 NULL
+ddb_input_read_9743 ddb_input_read 3 9743 NULL
+sta_last_ack_signal_read_9751 sta_last_ack_signal_read 3 9751 NULL
@@ -99152,11 +101056,13 @@ index 0000000..7982a0c
+get_free_serial_index_9969 get_free_serial_index 0 9969 NULL
+btrfs_add_link_9973 btrfs_add_link 5 9973 NULL
+ath6kl_usb_submit_ctrl_out_9978 ath6kl_usb_submit_ctrl_out 6 9978 NULL
++SYSC_move_pages_9986 SYSC_move_pages 2 9986 NULL
+aat2870_dump_reg_10019 aat2870_dump_reg 0 10019 NULL
+handle_request_10024 handle_request 9 10024 NULL
+batadv_orig_hash_add_if_10033 batadv_orig_hash_add_if 2 10033 NULL
+ieee80211_probereq_get_10040 ieee80211_probereq_get 4-5 10040 NULL
+xen_destroy_contiguous_region_10054 xen_destroy_contiguous_region 1 10054 NULL
++vfio_pci_write_10063 vfio_pci_write 3 10063 NULL
+ieee80211_set_probe_resp_10077 ieee80211_set_probe_resp 3 10077 NULL
+ufs_bitmap_search_10105 ufs_bitmap_search 0-3 10105 NULL
+get_elem_size_10110 get_elem_size 0-2 10110 NULL nohasharray
@@ -99174,6 +101080,7 @@ index 0000000..7982a0c
+jffs2_user_setxattr_10182 jffs2_user_setxattr 4 10182 NULL
+do_ioctl_trans_10194 do_ioctl_trans 3 10194 NULL
+cciss_proc_write_10259 cciss_proc_write 3 10259 NULL
++__qlcnic_pci_sriov_enable_10281 __qlcnic_pci_sriov_enable 2 10281 NULL
+snd_rme9652_capture_copy_10287 snd_rme9652_capture_copy 5 10287 NULL
+ubi_leb_change_10289 ubi_leb_change 4 10289 NULL
+read_emulate_10310 read_emulate 2-4 10310 NULL
@@ -99196,6 +101103,8 @@ index 0000000..7982a0c
+sel_write_disable_10511 sel_write_disable 3 10511 NULL
+osd_req_write_sg_kern_10514 osd_req_write_sg_kern 5 10514 NULL
+rds_message_alloc_10517 rds_message_alloc 1 10517 NULL
++qlcnic_pci_sriov_enable_10519 qlcnic_pci_sriov_enable 2 10519 NULL nohasharray
++hash_netiface4_expire_10519 hash_netiface4_expire 3 10519 &qlcnic_pci_sriov_enable_10519
+ocfs2_add_refcounted_extent_10526 ocfs2_add_refcounted_extent 6 10526 NULL
+get_vm_area_caller_10527 get_vm_area_caller 1 10527 NULL
+snd_pcm_lib_read_10536 snd_pcm_lib_read 0-3 10536 NULL
@@ -99207,6 +101116,7 @@ index 0000000..7982a0c
+ima_show_htable_violations_10619 ima_show_htable_violations 3 10619 NULL
+alloc_coherent_10632 alloc_coherent 2 10632 NULL
+nfs_idmap_lookup_id_10660 nfs_idmap_lookup_id 2 10660 NULL
++dtf_read_device_10663 dtf_read_device 3 10663 NULL
+parport_write_10669 parport_write 0 10669 NULL
+inl_10708 inl 0 10708 NULL nohasharray
+selinux_inode_setxattr_10708 selinux_inode_setxattr 4 10708 &inl_10708
@@ -99236,6 +101146,7 @@ index 0000000..7982a0c
+tifm_alloc_adapter_10903 tifm_alloc_adapter 1 10903 NULL
+__copy_from_user_10918 __copy_from_user 3 10918 NULL
+da9052_map_irq_10952 da9052_map_irq 2 10952 NULL
++ci_port_test_write_10962 ci_port_test_write 3 10962 NULL
+bm_entry_read_10976 bm_entry_read 3 10976 NULL
+i915_min_freq_write_10981 i915_min_freq_write 3 10981 NULL
+sched_autogroup_write_10984 sched_autogroup_write 3 10984 NULL
@@ -99251,7 +101162,9 @@ index 0000000..7982a0c
+stmpe_gpio_to_irq_11110 stmpe_gpio_to_irq 2 11110 NULL
+tw_change_queue_depth_11116 tw_change_queue_depth 2 11116 NULL
+page_offset_11120 page_offset 0 11120 NULL
-+tracing_buffers_read_11124 tracing_buffers_read 3 11124 NULL
++tracing_buffers_read_11124 tracing_buffers_read 3 11124 NULL nohasharray
++cea_db_payload_len_11124 cea_db_payload_len 0 11124 &tracing_buffers_read_11124
++alloc_alien_cache_11127 alloc_alien_cache 2 11127 NULL
+acpi_os_map_memory_11161 acpi_os_map_memory 1-2 11161 NULL
+ioat2_alloc_ring_11172 ioat2_alloc_ring 2 11172 NULL nohasharray
+snd_gf1_pcm_playback_silence_11172 snd_gf1_pcm_playback_silence 3-4 11172 &ioat2_alloc_ring_11172
@@ -99275,6 +101188,7 @@ index 0000000..7982a0c
+batadv_skb_head_push_11360 batadv_skb_head_push 2 11360 NULL
+drm_vblank_init_11362 drm_vblank_init 2 11362 NULL
+qib_get_base_info_11369 qib_get_base_info 3 11369 NULL
++isku_sysfs_read_keys_capslock_11392 isku_sysfs_read_keys_capslock 6 11392 NULL
+dev_irnet_write_11398 dev_irnet_write 3 11398 NULL
+___alloc_bootmem_11410 ___alloc_bootmem 1-2 11410 NULL
+str_to_user_11411 str_to_user 2 11411 NULL
@@ -99299,9 +101213,12 @@ index 0000000..7982a0c
+oprofilefs_ulong_to_user_11582 oprofilefs_ulong_to_user 3 11582 NULL
+snd_pcm_action_11589 snd_pcm_action 0 11589 NULL
+fw_device_op_ioctl_11595 fw_device_op_ioctl 2 11595 NULL
++SYSC_mq_timedsend_11607 SYSC_mq_timedsend 3 11607 NULL
++add_new_bitmap_11644 add_new_bitmap 3 11644 NULL
+sisusb_send_bridge_packet_11649 sisusb_send_bridge_packet 2 11649 NULL
+nla_total_size_11658 nla_total_size 0-1 11658 NULL
+ide_queue_pc_tail_11673 ide_queue_pc_tail 5 11673 NULL
++compat_SyS_msgsnd_11675 compat_SyS_msgsnd 2-3 11675 NULL
+btrfs_alloc_delayed_item_11678 btrfs_alloc_delayed_item 1 11678 NULL
+dsp_buffer_alloc_11684 dsp_buffer_alloc 2 11684 NULL
+sctp_setsockopt_hmac_ident_11687 sctp_setsockopt_hmac_ident 3 11687 NULL
@@ -99354,6 +101271,7 @@ index 0000000..7982a0c
+compat_do_arpt_set_ctl_12184 compat_do_arpt_set_ctl 4 12184 NULL
+ip_generic_getfrag_12187 ip_generic_getfrag 3-4 12187 NULL
+bl_is_sector_init_12199 bl_is_sector_init 2 12199 NULL
++scaled_div_12201 scaled_div 1-2 12201 NULL
+free_initrd_mem_12203 free_initrd_mem 1 12203 NULL
+receive_copy_12216 receive_copy 3 12216 NULL
+snd_pcm_kernel_ioctl_12219 snd_pcm_kernel_ioctl 0 12219 NULL
@@ -99368,6 +101286,7 @@ index 0000000..7982a0c
+roundup_to_multiple_of_64_12288 roundup_to_multiple_of_64 0-1 12288 NULL nohasharray
+il_dbgfs_nvm_read_12288 il_dbgfs_nvm_read 3 12288 &roundup_to_multiple_of_64_12288
+vxge_get_num_vfs_12302 vxge_get_num_vfs 0 12302 NULL
++wrap_min_12303 wrap_min 0-1-2 12303 NULL
+tipc_msg_build_12326 tipc_msg_build 4 12326 NULL
+pcbit_writecmd_12332 pcbit_writecmd 2 12332 NULL
+mptctl_ioctl_12355 mptctl_ioctl 2 12355 NULL
@@ -99375,6 +101294,7 @@ index 0000000..7982a0c
+__nf_ct_ext_add_length_12364 __nf_ct_ext_add_length 3 12364 NULL
+xfs_iext_inline_to_direct_12384 xfs_iext_inline_to_direct 2 12384 NULL
+btrfs_file_extent_ram_bytes_12391 btrfs_file_extent_ram_bytes 0 12391 NULL
++hbucket_elem_add_12416 hbucket_elem_add 3 12416 NULL
+ieee80211_if_read_num_mcast_sta_12419 ieee80211_if_read_num_mcast_sta 3 12419 NULL
+skb_do_copy_data_nocache_12465 skb_do_copy_data_nocache 5 12465 NULL
+qla4_82xx_pci_mem_write_direct_12479 qla4_82xx_pci_mem_write_direct 2 12479 NULL
@@ -99395,6 +101315,7 @@ index 0000000..7982a0c
+pwr_rcvd_awake_bcns_cnt_read_12632 pwr_rcvd_awake_bcns_cnt_read 3 12632 NULL
+ctrl_cdev_compat_ioctl_12634 ctrl_cdev_compat_ioctl 3 12634 NULL
+pn_sendmsg_12640 pn_sendmsg 4 12640 NULL
++dwc3_link_state_write_12641 dwc3_link_state_write 3 12641 NULL
+wb_create_12651 wb_create 1 12651 NULL
+ocfs2_read_block_12659 ocfs2_read_block 0 12659 NULL
+sel_read_class_12669 sel_read_class 3 12669 NULL nohasharray
@@ -99402,12 +101323,14 @@ index 0000000..7982a0c
+ieee80211_if_read_num_buffered_multicast_12716 ieee80211_if_read_num_buffered_multicast 3 12716 NULL
+ivtv_write_12721 ivtv_write 3 12721 NULL
+key_rx_spec_read_12736 key_rx_spec_read 3 12736 NULL
++__mei_cl_async_send_12737 __mei_cl_async_send 3 12737 NULL
+__videobuf_alloc_cached_12740 __videobuf_alloc_cached 1 12740 NULL
+ieee80211_if_read_dot11MeshMaxRetries_12756 ieee80211_if_read_dot11MeshMaxRetries 3 12756 NULL
+listxattr_12769 listxattr 3 12769 NULL
+sctp_ssnmap_init_12772 sctp_ssnmap_init 2-3 12772 NULL
+ieee80211_rx_mgmt_beacon_12780 ieee80211_rx_mgmt_beacon 3 12780 NULL
+platform_create_bundle_12785 platform_create_bundle 4-6 12785 NULL
++btrfs_remove_free_space_12793 btrfs_remove_free_space 2 12793 NULL
+scsi_adjust_queue_depth_12802 scsi_adjust_queue_depth 3 12802 NULL
+xfs_inumbers_fmt_12817 xfs_inumbers_fmt 3 12817 NULL
+readq_12825 readq 0 12825 NULL
@@ -99431,6 +101354,7 @@ index 0000000..7982a0c
+generic_segment_checks_13041 generic_segment_checks 0 13041 NULL
+ocfs2_write_begin_13045 ocfs2_write_begin 3-4 13045 NULL
+__dn_setsockopt_13060 __dn_setsockopt 5 13060 NULL
++biovec_create_pool_13079 biovec_create_pool 2 13079 NULL
+irq_set_chip_and_handler_13088 irq_set_chip_and_handler 1 13088 NULL
+xattr_getsecurity_13090 xattr_getsecurity 0 13090 NULL
+blk_rq_map_sg_13092 blk_rq_map_sg 0 13092 NULL
@@ -99465,6 +101389,7 @@ index 0000000..7982a0c
+lpfc_idiag_mbxacc_get_setup_13282 lpfc_idiag_mbxacc_get_setup 0 13282 NULL
+platform_device_add_resources_13289 platform_device_add_resources 3 13289 NULL
+i915_drop_caches_write_13308 i915_drop_caches_write 3 13308 NULL
++reexecute_instruction_13321 reexecute_instruction 2 13321 NULL
+us122l_ctl_msg_13330 us122l_ctl_msg 8 13330 NULL
+__clone_and_map_data_bio_13334 __clone_and_map_data_bio 4-8 13334 NULL
+kvm_read_nested_guest_page_13337 kvm_read_nested_guest_page 5-2 13337 NULL
@@ -99472,6 +101397,7 @@ index 0000000..7982a0c
+mthca_alloc_mtt_range_13371 mthca_alloc_mtt_range 2 13371 NULL
+iso_sched_alloc_13377 iso_sched_alloc 1 13377 NULL nohasharray
+wep_key_not_found_read_13377 wep_key_not_found_read 3 13377 &iso_sched_alloc_13377
++dis_bypass_write_13388 dis_bypass_write 3 13388 NULL
+carl9170_rx_untie_data_13405 carl9170_rx_untie_data 3 13405 NULL
+sky2_receive_13407 sky2_receive 2 13407 NULL
+netxen_alloc_sds_rings_13417 netxen_alloc_sds_rings 2 13417 NULL
@@ -99484,7 +101410,8 @@ index 0000000..7982a0c
+core_status_13515 core_status 4 13515 NULL
+smk_write_mapped_13519 smk_write_mapped 3 13519 NULL
+bm_init_13529 bm_init 2 13529 NULL
-+non_atomic_pte_lookup_13540 non_atomic_pte_lookup 2 13540 NULL
++non_atomic_pte_lookup_13540 non_atomic_pte_lookup 2 13540 NULL nohasharray
++SYSC_remap_file_pages_13540 SYSC_remap_file_pages 1 13540 &non_atomic_pte_lookup_13540
+ieee80211_if_read_ap_power_level_13558 ieee80211_if_read_ap_power_level 3 13558 NULL
+ubifs_get_idx_gc_leb_13566 ubifs_get_idx_gc_leb 0 13566 NULL
+sys_madvise_13569 sys_madvise 1 13569 NULL
@@ -99509,6 +101436,7 @@ index 0000000..7982a0c
+ath6kl_mgmt_powersave_ap_13791 ath6kl_mgmt_powersave_ap 6 13791 NULL
+random_read_13815 random_read 3 13815 NULL
+hsi_register_board_info_13820 hsi_register_board_info 2 13820 NULL
++___mei_cl_send_13821 ___mei_cl_send 3 13821 NULL
+evdev_ioctl_compat_13851 evdev_ioctl_compat 2-3 13851 NULL
+compat_ip_setsockopt_13870 compat_ip_setsockopt 5 13870 NULL nohasharray
+alloc_trace_uprobe_13870 alloc_trace_uprobe 3 13870 &compat_ip_setsockopt_13870
@@ -99528,7 +101456,9 @@ index 0000000..7982a0c
+bm_block_bits_13981 bm_block_bits 0 13981 NULL nohasharray
+dvb_demux_read_13981 dvb_demux_read 3 13981 &bm_block_bits_13981
+btrfs_get_blocks_direct_14016 btrfs_get_blocks_direct 2 14016 NULL
++dmi_format_ids_14018 dmi_format_ids 2 14018 NULL
+_rtl92s_firmware_downloadcode_14021 _rtl92s_firmware_downloadcode 3 14021 NULL
++iscsi_create_flashnode_conn_14022 iscsi_create_flashnode_conn 4 14022 NULL
+dvb_usercopy_14036 dvb_usercopy 2 14036 NULL
+read_def_modal_eeprom_14041 read_def_modal_eeprom 3 14041 NULL
+ieee80211_if_fmt_aid_14055 ieee80211_if_fmt_aid 3 14055 NULL
@@ -99539,6 +101469,7 @@ index 0000000..7982a0c
+nlmsg_len_14115 nlmsg_len 0 14115 NULL
+vfio_fops_compat_ioctl_14130 vfio_fops_compat_ioctl 3 14130 NULL
+ntfs_rl_replace_14136 ntfs_rl_replace 2-4 14136 NULL
++isku_sysfs_read_light_14140 isku_sysfs_read_light 6 14140 NULL
+em_canid_change_14150 em_canid_change 3 14150 NULL
+gsm_dlci_data_14155 gsm_dlci_data 3 14155 NULL
+print_input_mask_14168 print_input_mask 3-0 14168 NULL
@@ -99577,6 +101508,7 @@ index 0000000..7982a0c
+drm_vmalloc_dma_14550 drm_vmalloc_dma 1 14550 NULL
+usb_dump_desc_14553 usb_dump_desc 0 14553 NULL
+qp_host_alloc_queue_14566 qp_host_alloc_queue 1 14566 NULL
++SyS_setdomainname_14569 SyS_setdomainname 2 14569 NULL
+remap_to_origin_then_cache_14583 remap_to_origin_then_cache 3 14583 NULL
+idmap_pipe_downcall_14591 idmap_pipe_downcall 3 14591 NULL
+ceph_osdc_alloc_request_14597 ceph_osdc_alloc_request 3 14597 NULL
@@ -99586,6 +101518,8 @@ index 0000000..7982a0c
+pipeline_enc_tx_stat_fifo_int_read_14680 pipeline_enc_tx_stat_fifo_int_read 3 14680 NULL
+ieee80211_if_fmt_rc_rateidx_mask_2ghz_14683 ieee80211_if_fmt_rc_rateidx_mask_2ghz 3 14683 NULL
+tsi148_master_set_14685 tsi148_master_set 4 14685 NULL
++SyS_fsetxattr_14702 SyS_fsetxattr 4 14702 NULL
++persistent_ram_ecc_string_14704 persistent_ram_ecc_string 0 14704 NULL
+u_audio_playback_14709 u_audio_playback 3 14709 NULL
+get_bio_block_14714 get_bio_block 0 14714 NULL
+vfd_write_14717 vfd_write 3 14717 NULL
@@ -99600,6 +101534,7 @@ index 0000000..7982a0c
+hpet_readl_14801 hpet_readl 0 14801 NULL nohasharray
+snd_als300_gcr_read_14801 snd_als300_gcr_read 0 14801 &hpet_readl_14801
+bcma_scan_read32_14802 bcma_scan_read32 0 14802 NULL
++do_tune_cpucache_14828 do_tune_cpucache 2 14828 NULL
+__mutex_fastpath_lock_retval_14844 __mutex_fastpath_lock_retval 0 14844 NULL
+mrp_attr_create_14853 mrp_attr_create 3 14853 NULL
+lcd_write_14857 lcd_write 3 14857 NULL nohasharray
@@ -99608,6 +101543,7 @@ index 0000000..7982a0c
+sriov_enable_migration_14889 sriov_enable_migration 2 14889 NULL
+acpi_os_allocate_14892 acpi_os_allocate 1 14892 NULL
+unifi_read_14899 unifi_read 3 14899 NULL
++SYSC_readv_14901 SYSC_readv 3 14901 NULL
+krealloc_14908 krealloc 2 14908 NULL
+regmap_irq_get_virq_14910 regmap_irq_get_virq 2 14910 NULL
+__arch_hweight64_14923 __arch_hweight64 0 14923 NULL nohasharray
@@ -99618,6 +101554,7 @@ index 0000000..7982a0c
+mce_flush_rx_buffer_14976 mce_flush_rx_buffer 2 14976 NULL
+setkey_14987 setkey 3 14987 NULL nohasharray
+gpio_twl4030_write_14987 gpio_twl4030_write 1 14987 &setkey_14987
++xfs_dinode_size_14996 xfs_dinode_size 0 14996 NULL
+vmap_15025 vmap 2 15025 NULL
+blk_integrity_tuple_size_15027 blk_integrity_tuple_size 0 15027 NULL
+irq_get_next_irq_15053 irq_get_next_irq 1 15053 NULL
@@ -99625,15 +101562,18 @@ index 0000000..7982a0c
+ieee80211_if_read_uapsd_max_sp_len_15067 ieee80211_if_read_uapsd_max_sp_len 3 15067 NULL
+nfs4_write_cached_acl_15070 nfs4_write_cached_acl 4 15070 NULL
+ntfs_copy_from_user_15072 ntfs_copy_from_user 3-5 15072 NULL
++compat_SyS_preadv_15105 compat_SyS_preadv 3 15105 NULL
+hex_dump_to_buffer_15121 hex_dump_to_buffer 6 15121 NULL
+start_port_15124 start_port 0 15124 NULL
+memchr_15126 memchr 0 15126 NULL
+ipwireless_ppp_mru_15153 ipwireless_ppp_mru 0 15153 NULL
+self_check_not_bad_15175 self_check_not_bad 0 15175 NULL
++SYSC_setdomainname_15180 SYSC_setdomainname 2 15180 NULL
+iscsi_create_endpoint_15193 iscsi_create_endpoint 1 15193 NULL
+reserve_resources_15194 reserve_resources 3 15194 NULL
+bfad_debugfs_write_regrd_15218 bfad_debugfs_write_regrd 3 15218 NULL
+il_dbgfs_rx_stats_read_15243 il_dbgfs_rx_stats_read 3 15243 NULL
++div64_u64_15263 div64_u64 0-1-2 15263 NULL
+compat_raw_ioctl_15290 compat_raw_ioctl 3 15290 NULL
+sys_connect_15291 sys_connect 3 15291 NULL nohasharray
+xlate_dev_mem_ptr_15291 xlate_dev_mem_ptr 1 15291 &sys_connect_15291
@@ -99694,7 +101634,8 @@ index 0000000..7982a0c
+gx1_read_conf_reg_15817 gx1_read_conf_reg 0 15817 NULL nohasharray
+nameseq_list_15817 nameseq_list 3 15817 &gx1_read_conf_reg_15817 nohasharray
+gnttab_expand_15817 gnttab_expand 1 15817 &nameseq_list_15817
-+afs_proc_rootcell_write_15822 afs_proc_rootcell_write 3 15822 NULL
++afs_proc_rootcell_write_15822 afs_proc_rootcell_write 3 15822 NULL nohasharray
++firmware_upload_15822 firmware_upload 3 15822 &afs_proc_rootcell_write_15822
+brcmf_sdbrcm_died_dump_15841 brcmf_sdbrcm_died_dump 3 15841 NULL
+table_size_15851 table_size 0-1-2 15851 NULL
+ubi_io_write_15870 ubi_io_write 5-4 15870 NULL nohasharray
@@ -99707,6 +101648,7 @@ index 0000000..7982a0c
+lpfc_idiag_drbacc_read_15948 lpfc_idiag_drbacc_read 3 15948 NULL
+snd_pcm_lib_read_transfer_15952 snd_pcm_lib_read_transfer 4-2-5 15952 NULL
+remap_pci_mem_15966 remap_pci_mem 1-2 15966 NULL
++tfrc_calc_x_15975 tfrc_calc_x 1-2 15975 NULL
+frame_alloc_15981 frame_alloc 4 15981 NULL
+alloc_vm_area_15989 alloc_vm_area 1 15989 NULL
+hdpvr_register_videodev_16010 hdpvr_register_videodev 3 16010 NULL
@@ -99725,6 +101667,7 @@ index 0000000..7982a0c
+bnx2i_get_cid_num_16166 bnx2i_get_cid_num 0 16166 NULL
+mapping_level_16188 mapping_level 2 16188 NULL
+cipso_v4_map_cat_rng_hton_16203 cipso_v4_map_cat_rng_hton 0 16203 NULL
++SyS_pselect6_16210 SyS_pselect6 1 16210 NULL
+create_table_16213 create_table 2 16213 NULL
+atomic_read_file_16227 atomic_read_file 3 16227 NULL
+BcmGetSectionValStartOffset_16235 BcmGetSectionValStartOffset 0 16235 NULL
@@ -99741,8 +101684,11 @@ index 0000000..7982a0c
+mirror_status_16283 mirror_status 5 16283 &account_16283
+retry_instruction_16285 retry_instruction 2 16285 NULL
+stk_allocate_buffers_16291 stk_allocate_buffers 2 16291 NULL
++rbd_segment_offset_16293 rbd_segment_offset 0-2 16293 NULL
++tfrc_invert_loss_event_rate_16295 tfrc_invert_loss_event_rate 1 16295 NULL
+rsc_mgr_init_16299 rsc_mgr_init 3 16299 NULL
+wb_map_16301 wb_map 2 16301 NULL
++ext4_blocks_count_16320 ext4_blocks_count 0 16320 NULL
+vmw_cursor_update_image_16332 vmw_cursor_update_image 3-4 16332 NULL
+total_ps_buffered_read_16365 total_ps_buffered_read 3 16365 NULL
+iscsi_tcp_conn_setup_16376 iscsi_tcp_conn_setup 2 16376 NULL
@@ -99772,6 +101718,7 @@ index 0000000..7982a0c
+drm_malloc_ab_16831 drm_malloc_ab 1-2 16831 NULL
+scsi_mode_sense_16835 scsi_mode_sense 5 16835 NULL
+hfsplus_min_io_size_16859 hfsplus_min_io_size 0 16859 NULL
++vfio_pci_rw_16861 vfio_pci_rw 3 16861 NULL
+alloc_idx_lebs_16872 alloc_idx_lebs 2 16872 NULL
+carl9170_debugfs_ampdu_state_read_16873 carl9170_debugfs_ampdu_state_read 3 16873 NULL
+st_write_16874 st_write 3 16874 NULL
@@ -99826,6 +101773,7 @@ index 0000000..7982a0c
+_fd_dma_mem_free_17406 _fd_dma_mem_free 1 17406 NULL
+lpfc_debugfs_dif_err_write_17424 lpfc_debugfs_dif_err_write 3 17424 NULL
+sta_connected_time_read_17435 sta_connected_time_read 3 17435 NULL
++SYSC_fcntl_17441 SYSC_fcntl 3 17441 NULL
+nla_get_u32_17455 nla_get_u32 0 17455 NULL
+__ref_totlen_17461 __ref_totlen 0 17461 NULL
+compat_cmd_17465 compat_cmd 2 17465 NULL
@@ -99845,16 +101793,22 @@ index 0000000..7982a0c
+ocfs2_mark_extent_written_17615 ocfs2_mark_extent_written 6 17615 NULL
+ieee80211_if_read_dot11MeshHWMPactivePathToRootTimeout_17618 ieee80211_if_read_dot11MeshHWMPactivePathToRootTimeout 3 17618 NULL
+twl4030_set_gpio_direction_17645 twl4030_set_gpio_direction 1 17645 NULL
++SYSC_migrate_pages_17657 SYSC_migrate_pages 2 17657 NULL
+packet_setsockopt_17662 packet_setsockopt 5 17662 NULL nohasharray
+ubi_io_read_data_17662 ubi_io_read_data 0 17662 &packet_setsockopt_17662
+pwr_enable_ps_read_17686 pwr_enable_ps_read 3 17686 NULL
+gfn_to_pfn_memslot_17693 gfn_to_pfn_memslot 2 17693 NULL
+__einj_error_trigger_17707 __einj_error_trigger 1 17707 NULL nohasharray
+venus_rename_17707 venus_rename 5-4 17707 &__einj_error_trigger_17707
++isku_sysfs_write_keys_function_17726 isku_sysfs_write_keys_function 6 17726 NULL
+exofs_read_lookup_dev_table_17733 exofs_read_lookup_dev_table 3 17733 NULL
+sctpprobe_read_17741 sctpprobe_read 3 17741 NULL
+mark_unsafe_pages_17759 mark_unsafe_pages 0 17759 NULL
+brcmf_usb_attach_17766 brcmf_usb_attach 2-3 17766 NULL
++dtf_read_run_17768 dtf_read_run 3 17768 NULL
++brcmf_sdio_chip_verifynvram_17776 brcmf_sdio_chip_verifynvram 4 17776 NULL
++hash_ipport6_expire_17784 hash_ipport6_expire 3 17784 NULL
++perf_clock_17787 perf_clock 0 17787 NULL
+ubifs_leb_change_17789 ubifs_leb_change 4 17789 NULL
+_snd_pcm_lib_alloc_vmalloc_buffer_17820 _snd_pcm_lib_alloc_vmalloc_buffer 2 17820 NULL
+gnet_stats_copy_app_17821 gnet_stats_copy_app 3 17821 NULL
@@ -99890,7 +101844,9 @@ index 0000000..7982a0c
+hex_byte_pack_18064 hex_byte_pack 0 18064 NULL
+packet_came_18072 packet_came 3 18072 NULL
+kvm_read_guest_page_18074 kvm_read_guest_page 5-2 18074 NULL
++SYSC_pselect6_18076 SYSC_pselect6 1 18076 NULL
+get_vm_area_18080 get_vm_area 1 18080 NULL
++SYSC_semtimedop_18091 SYSC_semtimedop 3 18091 NULL
+mpi_alloc_18094 mpi_alloc 1 18094 NULL
+dfs_file_read_18116 dfs_file_read 3 18116 NULL
+svc_getnl_18120 svc_getnl 0 18120 NULL
@@ -99903,6 +101859,7 @@ index 0000000..7982a0c
+gsm_control_message_18209 gsm_control_message 4 18209 NULL
+do_ipv6_setsockopt_18215 do_ipv6_setsockopt 5 18215 NULL
+gnttab_alloc_grant_references_18240 gnttab_alloc_grant_references 1 18240 NULL
++alloc_trace_uprobe_18247 alloc_trace_uprobe 3 18247 NULL
+snd_ctl_ioctl_compat_18250 snd_ctl_ioctl_compat 3 18250 NULL
+qdisc_class_hash_alloc_18262 qdisc_class_hash_alloc 1 18262 NULL
+gfs2_alloc_sort_buffer_18275 gfs2_alloc_sort_buffer 1 18275 NULL
@@ -99920,13 +101877,17 @@ index 0000000..7982a0c
+bio_integrity_advance_18324 bio_integrity_advance 2 18324 NULL
+pwr_power_save_off_read_18355 pwr_power_save_off_read 3 18355 NULL
+xlbd_reserve_minors_18365 xlbd_reserve_minors 1-2 18365 NULL
++SyS_process_vm_readv_18366 SyS_process_vm_readv 3-5 18366 NULL
+ep_io_18367 ep_io 0 18367 NULL
+qib_user_sdma_num_pages_18371 qib_user_sdma_num_pages 0 18371 NULL
++ci_role_write_18388 ci_role_write 3 18388 NULL
+__video_register_device_18399 __video_register_device 3 18399 NULL
-+adis16136_show_serial_18402 adis16136_show_serial 3 18402 NULL
++hash_ip4_expire_18402 hash_ip4_expire 3 18402 NULL nohasharray
++adis16136_show_serial_18402 adis16136_show_serial 3 18402 &hash_ip4_expire_18402
+crystalhd_user_data_18407 crystalhd_user_data 3 18407 NULL
+usbnet_write_cmd_nopm_18426 usbnet_write_cmd_nopm 7 18426 NULL
-+batadv_orig_node_add_if_18433 batadv_orig_node_add_if 2 18433 NULL
++batadv_orig_node_add_if_18433 batadv_orig_node_add_if 2 18433 NULL nohasharray
++iscsi_create_flashnode_sess_18433 iscsi_create_flashnode_sess 4 18433 &batadv_orig_node_add_if_18433
+snd_hda_get_connections_18437 snd_hda_get_connections 0 18437 NULL
+fuse_perform_write_18457 fuse_perform_write 4 18457 NULL
+regset_tls_set_18459 regset_tls_set 4 18459 NULL
@@ -99942,7 +101903,8 @@ index 0000000..7982a0c
+debug_output_18575 debug_output 3 18575 NULL
+check_lpt_type_18577 check_lpt_type 0 18577 NULL
+__netdev_alloc_skb_18595 __netdev_alloc_skb 2 18595 NULL
-+filemap_fdatawait_range_18600 filemap_fdatawait_range 0 18600 NULL
++filemap_fdatawait_range_18600 filemap_fdatawait_range 0 18600 NULL nohasharray
++slabinfo_write_18600 slabinfo_write 3 18600 &filemap_fdatawait_range_18600
+iowarrior_write_18604 iowarrior_write 3 18604 NULL
+batadv_arp_get_type_18609 batadv_arp_get_type 3 18609 NULL
+from_buffer_18625 from_buffer 3 18625 NULL
@@ -99951,9 +101913,11 @@ index 0000000..7982a0c
+unmap_page_18665 unmap_page 2-3 18665 NULL
+xfs_iext_insert_18667 xfs_iext_insert 3 18667 NULL
+replay_log_leb_18704 replay_log_leb 3 18704 NULL
-+iwl_dbgfs_rx_handlers_read_18708 iwl_dbgfs_rx_handlers_read 3 18708 NULL
++unlocked_compat_ipmi_ioctl_18708 unlocked_compat_ipmi_ioctl 3 18708 NULL nohasharray
++iwl_dbgfs_rx_handlers_read_18708 iwl_dbgfs_rx_handlers_read 3 18708 &unlocked_compat_ipmi_ioctl_18708
+ceph_alloc_page_vector_18710 ceph_alloc_page_vector 1 18710 NULL
+ocfs2_trim_extent_18711 ocfs2_trim_extent 4-3 18711 NULL
++compat_SyS_writev_18712 compat_SyS_writev 3 18712 NULL
+blk_rq_bytes_18715 blk_rq_bytes 0 18715 NULL
+snd_als4k_gcr_read_addr_18741 snd_als4k_gcr_read_addr 0 18741 NULL
+o2hb_debug_create_18744 o2hb_debug_create 4 18744 NULL
@@ -99962,6 +101926,7 @@ index 0000000..7982a0c
+md_compat_ioctl_18764 md_compat_ioctl 4 18764 NULL
+read_file_dump_nfcal_18766 read_file_dump_nfcal 3 18766 NULL
+ffs_epfile_read_18775 ffs_epfile_read 3 18775 NULL
++SyS_lsetxattr_18776 SyS_lsetxattr 4 18776 NULL
+alloc_fcdev_18780 alloc_fcdev 1 18780 NULL
+fat_compat_dir_ioctl_18800 fat_compat_dir_ioctl 3 18800 NULL
+ieee80211_auth_challenge_18810 ieee80211_auth_challenge 3 18810 NULL
@@ -99978,6 +101943,7 @@ index 0000000..7982a0c
+ceph_setxattr_18913 ceph_setxattr 4 18913 NULL
+mangle_packet_18920 mangle_packet 7-9 18920 NULL
+snapshot_write_next_18937 snapshot_write_next 0 18937 NULL
++regcache_sync_block_18963 regcache_sync_block 3-4 18963 NULL
+__nla_reserve_18974 __nla_reserve 3 18974 NULL
+gfn_to_pfn_atomic_18981 gfn_to_pfn_atomic 2 18981 NULL
+find_dirtiest_idx_leb_19001 find_dirtiest_idx_leb 0 19001 NULL
@@ -99989,6 +101955,8 @@ index 0000000..7982a0c
+drm_fb_helper_init_19044 drm_fb_helper_init 3-4 19044 NULL
+create_gpadl_header_19064 create_gpadl_header 2 19064 NULL
+ieee80211_key_alloc_19065 ieee80211_key_alloc 3 19065 NULL
++msix_map_region_19072 msix_map_region 2 19072 NULL
++ceph_create_snap_context_19082 ceph_create_snap_context 1 19082 NULL
+sys_process_vm_readv_19090 sys_process_vm_readv 3-5 19090 NULL nohasharray
+brcmf_usbdev_qinit_19090 brcmf_usbdev_qinit 2 19090 &sys_process_vm_readv_19090
+sta_last_seq_ctrl_read_19106 sta_last_seq_ctrl_read 3 19106 NULL
@@ -100016,11 +101984,14 @@ index 0000000..7982a0c
+gfn_to_gpa_19320 gfn_to_gpa 0-1 19320 NULL
+debug_read_19322 debug_read 3 19322 NULL
+cfg80211_inform_bss_19332 cfg80211_inform_bss 8 19332 NULL
++closure_sub_19359 closure_sub 2 19359 NULL
+read_zero_19366 read_zero 3 19366 NULL
+interpret_user_input_19393 interpret_user_input 2 19393 NULL
++sync_fill_pt_info_19397 sync_fill_pt_info 0 19397 NULL
+get_n_events_by_type_19401 get_n_events_by_type 0 19401 NULL
+dvbdmx_write_19423 dvbdmx_write 3 19423 NULL
+__phys_addr_19434 __phys_addr 0 19434 NULL
++SyS_sched_getaffinity_19444 SyS_sched_getaffinity 2 19444 NULL
+xfrm_alg_auth_len_19454 xfrm_alg_auth_len 0 19454 NULL
+hpet_compat_ioctl_19455 hpet_compat_ioctl 3 19455 NULL
+gnet_stats_copy_19458 gnet_stats_copy 4 19458 NULL
@@ -100039,10 +102010,12 @@ index 0000000..7982a0c
+bm_status_read_19583 bm_status_read 3 19583 NULL
+batadv_tt_update_orig_19586 batadv_tt_update_orig 4 19586 NULL
+load_xattr_datum_19594 load_xattr_datum 0 19594 NULL
++__mei_cl_recv_19636 __mei_cl_recv 3 19636 NULL
+usbvision_rvmalloc_19655 usbvision_rvmalloc 1 19655 NULL
+LoadBitmap_19658 LoadBitmap 2 19658 NULL
+usbnet_write_cmd_19679 usbnet_write_cmd 7 19679 NULL
+bio_detain_19690 bio_detain 2 19690 NULL
++mem_cgroup_swappiness_19718 mem_cgroup_swappiness 0 19718 NULL
+read_reg_19723 read_reg 0 19723 NULL
+wm8350_block_write_19727 wm8350_block_write 3-2 19727 NULL
+memcpy_toiovecend_19736 memcpy_toiovecend 4-3 19736 NULL
@@ -100068,8 +102041,10 @@ index 0000000..7982a0c
+iwl_dbgfs_rx_queue_read_19943 iwl_dbgfs_rx_queue_read 3 19943 NULL
+attach_hdlc_protocol_19986 attach_hdlc_protocol 3 19986 NULL
+diva_um_idi_read_20003 diva_um_idi_read 0 20003 NULL
++SYSC_fgetxattr_20027 SYSC_fgetxattr 4 20027 NULL
+split_scan_timeout_read_20029 split_scan_timeout_read 3 20029 NULL
+alloc_ieee80211_20063 alloc_ieee80211 1 20063 NULL
++btrfs_pin_extent_for_log_replay_20069 btrfs_pin_extent_for_log_replay 2 20069 NULL
+rawv6_sendmsg_20080 rawv6_sendmsg 4 20080 NULL
+fuse_conn_limit_read_20084 fuse_conn_limit_read 3 20084 NULL
+team_options_register_20091 team_options_register 3 20091 NULL
@@ -100097,6 +102072,7 @@ index 0000000..7982a0c
+__kfifo_from_user_20399 __kfifo_from_user 3 20399 NULL
+xen_create_contiguous_region_20457 xen_create_contiguous_region 1 20457 NULL
+nfs3_setxattr_20458 nfs3_setxattr 4 20458 NULL
++dec_zcache_pers_zpages_20465 dec_zcache_pers_zpages 1 20465 NULL
+compat_ipv6_setsockopt_20468 compat_ipv6_setsockopt 5 20468 NULL
+read_buf_20469 read_buf 2 20469 NULL
+btrfs_get_32_20476 btrfs_get_32 0 20476 NULL
@@ -100114,6 +102090,7 @@ index 0000000..7982a0c
+crypto_ahash_reqsize_20569 crypto_ahash_reqsize 0 20569 NULL
+i915_max_freq_read_20581 i915_max_freq_read 3 20581 NULL
+batadv_tt_append_diff_20588 batadv_tt_append_diff 4 20588 NULL
++sync_timeline_create_20601 sync_timeline_create 2 20601 NULL
+lirc_write_20604 lirc_write 3 20604 NULL
+qib_qsfp_write_20614 qib_qsfp_write 0-4-2 20614 NULL
+snd_pcm_oss_prepare_20641 snd_pcm_oss_prepare 0 20641 NULL
@@ -100139,12 +102116,15 @@ index 0000000..7982a0c
+ocfs2_align_bytes_to_clusters_20754 ocfs2_align_bytes_to_clusters 2 20754 NULL
+brcmf_p2p_escan_20763 brcmf_p2p_escan 2 20763 NULL
+ubi_io_read_20767 ubi_io_read 0 20767 NULL
++ext4_r_blocks_count_20768 ext4_r_blocks_count 0 20768 NULL
+fb_alloc_cmap_gfp_20792 fb_alloc_cmap_gfp 2 20792 NULL
+iommu_range_alloc_20794 iommu_range_alloc 3 20794 NULL
+iwl_dbgfs_rxon_flags_read_20795 iwl_dbgfs_rxon_flags_read 3 20795 NULL
+sys_sendto_20809 sys_sendto 6 20809 NULL
++cfv_alloc_and_copy_skb_20812 cfv_alloc_and_copy_skb 4 20812 NULL
+strndup_user_20819 strndup_user 2 20819 NULL
+calc_layout_20829 calc_layout 3 20829 NULL
++dtf_read_channel_20831 dtf_read_channel 3 20831 NULL
+wl1271_format_buffer_20834 wl1271_format_buffer 2 20834 NULL
+uvc_alloc_entity_20836 uvc_alloc_entity 3-4 20836 NULL
+snd_pcm_capture_avail_20867 snd_pcm_capture_avail 0 20867 NULL
@@ -100177,10 +102157,13 @@ index 0000000..7982a0c
+i2400m_rx_trace_21127 i2400m_rx_trace 3 21127 NULL
+tps6586x_irq_init_21144 tps6586x_irq_init 3 21144 NULL
+ocfs2_block_check_validate_21149 ocfs2_block_check_validate 2 21149 NULL
++alloc_pg_vec_21159 alloc_pg_vec 3 21159 NULL
+cx18_v4l2_read_21196 cx18_v4l2_read 3 21196 NULL
+ipc_rcu_alloc_21208 ipc_rcu_alloc 1 21208 NULL
++scsi_execute_req_flags_21215 scsi_execute_req_flags 5 21215 NULL
+_ocfs2_free_clusters_21220 _ocfs2_free_clusters 4 21220 NULL
+get_numpages_21227 get_numpages 0-1-2 21227 NULL
++SyS_mlock_21238 SyS_mlock 1 21238 NULL
+input_ff_create_21240 input_ff_create 2 21240 NULL
+cfg80211_notify_new_peer_candidate_21242 cfg80211_notify_new_peer_candidate 4 21242 NULL
+ocfs2_blocks_for_bytes_21268 ocfs2_blocks_for_bytes 0-2 21268 NULL
@@ -100194,6 +102177,7 @@ index 0000000..7982a0c
+gfs2_ea_get_copy_21353 gfs2_ea_get_copy 0 21353 NULL
+max77693_irq_domain_map_21357 max77693_irq_domain_map 2 21357 NULL
+alloc_orinocodev_21371 alloc_orinocodev 1 21371 NULL
++SYSC_rt_sigpending_21379 SYSC_rt_sigpending 2 21379 NULL
+video_ioctl2_21380 video_ioctl2 2 21380 NULL
+diva_get_driver_dbg_mask_21399 diva_get_driver_dbg_mask 0 21399 NULL
+snd_m3_inw_21406 snd_m3_inw 0 21406 NULL
@@ -100203,6 +102187,7 @@ index 0000000..7982a0c
+aggr_size_tx_agg_vs_rate_read_21438 aggr_size_tx_agg_vs_rate_read 3 21438 NULL
+__ertm_hdr_size_21450 __ertm_hdr_size 0 21450 NULL
+concat_writev_21451 concat_writev 3 21451 NULL
++mei_nfc_send_21477 mei_nfc_send 3 21477 NULL
+read_file_xmit_21487 read_file_xmit 3 21487 NULL
+mmc_alloc_sg_21504 mmc_alloc_sg 1 21504 NULL
+btrfs_file_aio_write_21520 btrfs_file_aio_write 4 21520 NULL
@@ -100212,6 +102197,7 @@ index 0000000..7982a0c
+rx_rx_beacon_early_term_read_21559 rx_rx_beacon_early_term_read 3 21559 NULL
+xfs_buf_read_uncached_21585 xfs_buf_read_uncached 3 21585 NULL
+ocfs2_acl_from_xattr_21604 ocfs2_acl_from_xattr 2 21604 NULL
++compat_SyS_pwritev64_21606 compat_SyS_pwritev64 3 21606 NULL
+__jfs_getxattr_21631 __jfs_getxattr 0 21631 NULL
+validate_nnode_21638 validate_nnode 0 21638 NULL
+__irq_alloc_descs_21639 __irq_alloc_descs 2-1-3 21639 NULL
@@ -100244,9 +102230,12 @@ index 0000000..7982a0c
+qsfp_1_read_21915 qsfp_1_read 3 21915 NULL
+security_mmap_addr_21970 security_mmap_addr 0 21970 NULL
+alloc_ldt_21972 alloc_ldt 2 21972 NULL
++SYSC_prctl_21980 SYSC_prctl 4 21980 NULL
+rxpipe_descr_host_int_trig_rx_data_read_22001 rxpipe_descr_host_int_trig_rx_data_read 3 22001 NULL nohasharray
+compat_rw_copy_check_uvector_22001 compat_rw_copy_check_uvector 0-3 22001 &rxpipe_descr_host_int_trig_rx_data_read_22001
++regcache_sync_block_raw_flush_22021 regcache_sync_block_raw_flush 3-4 22021 NULL
+btrfs_get_16_22023 btrfs_get_16 0 22023 NULL
++_sp2d_min_pg_22032 _sp2d_min_pg 0 22032 NULL
+zd_usb_read_fw_22049 zd_usb_read_fw 4 22049 NULL
+ieee80211_if_fmt_dropped_frames_ttl_22054 ieee80211_if_fmt_dropped_frames_ttl 3 22054 NULL
+btrfs_reloc_clone_csums_22077 btrfs_reloc_clone_csums 2 22077 NULL
@@ -100254,6 +102243,8 @@ index 0000000..7982a0c
+mem_rw_22085 mem_rw 3 22085 NULL
+is_swbp_at_addr_22089 is_swbp_at_addr 2 22089 NULL
+lowpan_fragment_xmit_22095 lowpan_fragment_xmit 3-4 22095 NULL
++sched_clock_cpu_22098 sched_clock_cpu 0 22098 NULL
++qlcnic_sriov_pf_enable_22103 qlcnic_sriov_pf_enable 2 22103 NULL
+sys_remap_file_pages_22124 sys_remap_file_pages 1 22124 NULL
+__bitmap_size_22138 __bitmap_size 0 22138 NULL
+compat_insn_22142 compat_insn 2 22142 NULL
@@ -100270,6 +102261,7 @@ index 0000000..7982a0c
+__tun_chr_ioctl_22300 __tun_chr_ioctl 4 22300 &pci_vpd_srdt_size_22300
+extend_brk_22301 extend_brk 0 22301 NULL
+mesh_table_alloc_22305 mesh_table_alloc 1 22305 NULL
++C_SYSC_msgrcv_22320 C_SYSC_msgrcv 2-3 22320 NULL
+get_segment_base_22324 get_segment_base 0 22324 NULL
+radix_tree_find_next_bit_22334 radix_tree_find_next_bit 2-3 22334 NULL
+atomic_read_22342 atomic_read 0 22342 NULL
@@ -100289,6 +102281,7 @@ index 0000000..7982a0c
+handle_received_packet_22457 handle_received_packet 3 22457 NULL
+mem_cgroup_read_22461 mem_cgroup_read 5 22461 NULL
+batadv_check_unicast_packet_22468 batadv_check_unicast_packet 3 22468 NULL
++dtf_write_device_22471 dtf_write_device 3 22471 NULL
+cache_write_procfs_22491 cache_write_procfs 3 22491 NULL
+mp_find_ioapic_pin_22499 mp_find_ioapic_pin 0-2 22499 NULL
+mutex_lock_interruptible_22505 mutex_lock_interruptible 0 22505 NULL
@@ -100307,15 +102300,19 @@ index 0000000..7982a0c
+wl1271_rx_filter_get_fields_size_22638 wl1271_rx_filter_get_fields_size 0 22638 NULL
+pwr_wake_on_timer_exp_read_22640 pwr_wake_on_timer_exp_read 3 22640 NULL
+iwl_dbgfs_calib_disabled_read_22649 iwl_dbgfs_calib_disabled_read 3 22649 NULL
++compat_SyS_msgrcv_22661 compat_SyS_msgrcv 2-3 22661 NULL
+ubifs_leb_write_22679 ubifs_leb_write 4-5 22679 NULL
++qlcnic_83xx_sysfs_flash_write_handler_22680 qlcnic_83xx_sysfs_flash_write_handler 6 22680 NULL
+ocfs2_get_block_22687 ocfs2_get_block 2 22687 NULL
+compat_fd_ioctl_22694 compat_fd_ioctl 4 22694 NULL
+map_22700 map 2 22700 NULL
+alloc_libipw_22708 alloc_libipw 1 22708 NULL
+brcmf_sdbrcm_read_control_22721 brcmf_sdbrcm_read_control 3 22721 NULL
+cx18_copy_buf_to_user_22735 cx18_copy_buf_to_user 4 22735 NULL
-+ceph_decode_32_22738 ceph_decode_32 0 22738 NULL
++ceph_decode_32_22738 ceph_decode_32 0 22738 NULL nohasharray
++__mei_cl_send_22738 __mei_cl_send 3 22738 &ceph_decode_32_22738
+iio_debugfs_write_reg_22742 iio_debugfs_write_reg 3 22742 NULL
++qlcnic_sriov_init_22762 qlcnic_sriov_init 2 22762 NULL
+print_frame_22769 print_frame 0 22769 NULL
+ftrace_arch_read_dyn_info_22773 ftrace_arch_read_dyn_info 0 22773 NULL
+compat_blkdev_ioctl_22841 compat_blkdev_ioctl 3 22841 NULL
@@ -100336,14 +102333,17 @@ index 0000000..7982a0c
+usb_get_langid_22983 usb_get_langid 0 22983 NULL
+set_msr_hyperv_22985 set_msr_hyperv 3 22985 NULL
+remote_settings_file_write_22987 remote_settings_file_write 3 22987 NULL
++brcmf_sdio_chip_exit_download_23001 brcmf_sdio_chip_exit_download 4 23001 NULL
+viafb_dvp0_proc_write_23023 viafb_dvp0_proc_write 3 23023 NULL
+cifs_local_to_utf16_bytes_23025 cifs_local_to_utf16_bytes 0 23025 NULL
+st_status_23032 st_status 5 23032 NULL
+nv50_disp_chan_create__23056 nv50_disp_chan_create_ 5 23056 NULL
+reiserfs_add_entry_23062 reiserfs_add_entry 4 23062 NULL
++mei_cl_send_23068 mei_cl_send 3 23068 NULL
+kvm_mmu_gva_to_gpa_write_23075 kvm_mmu_gva_to_gpa_write 0 23075 NULL
+vm_map_ram_23078 vm_map_ram 2 23078 NULL nohasharray
+raw_sendmsg_23078 raw_sendmsg 4 23078 &vm_map_ram_23078
++get_user_hdr_len_23079 get_user_hdr_len 0 23079 NULL
+qla4_82xx_pci_mem_read_2M_23081 qla4_82xx_pci_mem_read_2M 2 23081 NULL
+isr_tx_procs_read_23084 isr_tx_procs_read 3 23084 NULL
+lnw_gpio_irq_map_23087 lnw_gpio_irq_map 2 23087 NULL
@@ -100359,6 +102359,7 @@ index 0000000..7982a0c
+ca91cx42_master_set_23146 ca91cx42_master_set 4 23146 NULL
+read_file_ani_23161 read_file_ani 3 23161 NULL
+ioremap_23172 ioremap 1-2 23172 NULL
++tg_get_cfs_quota_23176 tg_get_cfs_quota 0 23176 NULL
+usblp_write_23178 usblp_write 3 23178 NULL
+msnd_fifo_alloc_23179 msnd_fifo_alloc 2 23179 NULL
+gss_pipe_downcall_23182 gss_pipe_downcall 3 23182 NULL
@@ -100404,18 +102405,22 @@ index 0000000..7982a0c
+__i2400mu_send_barker_23652 __i2400mu_send_barker 3 23652 NULL
+ext3_compat_ioctl_23659 ext3_compat_ioctl 3 23659 NULL
+sInW_23663 sInW 0 23663 NULL
++SyS_connect_23669 SyS_connect 3 23669 NULL
+proc_ioctl_compat_23682 proc_ioctl_compat 2 23682 NULL
+nftl_partscan_23688 nftl_partscan 0 23688 NULL
+cx18_read_23699 cx18_read 3 23699 NULL
++isku_sysfs_write_control_23718 isku_sysfs_write_control 6 23718 NULL
+mp_config_acpi_gsi_23728 mp_config_acpi_gsi 2 23728 NULL
+pack_sg_list_p_23739 pack_sg_list_p 0-2 23739 NULL
+rx_rx_dropped_frame_read_23748 rx_rx_dropped_frame_read 3 23748 NULL
+__kfifo_max_r_23768 __kfifo_max_r 0-2-1 23768 NULL
++__build_packet_message_23778 __build_packet_message 10-4 23778 NULL
+security_inode_getxattr_23781 security_inode_getxattr 0 23781 NULL
+diva_alloc_dma_map_23798 diva_alloc_dma_map 2 23798 NULL
+rx_path_reset_read_23801 rx_path_reset_read 3 23801 NULL
+__earlyonly_bootmem_alloc_23824 __earlyonly_bootmem_alloc 2-3 23824 NULL
+ceph_copy_page_vector_to_user_23829 ceph_copy_page_vector_to_user 3-4 23829 NULL
++tfrc_binsearch_23833 tfrc_binsearch 0 23833 NULL
+xfs_dir2_leaf_getdents_23841 xfs_dir2_leaf_getdents 3 23841 NULL
+pgdat_end_pfn_23842 pgdat_end_pfn 0 23842 NULL
+iwl_dbgfs_nvm_read_23845 iwl_dbgfs_nvm_read 3 23845 NULL
@@ -100441,6 +102446,7 @@ index 0000000..7982a0c
+ocfs2_mark_extent_refcounted_24035 ocfs2_mark_extent_refcounted 6 24035 NULL
+adis16400_show_serial_number_24037 adis16400_show_serial_number 3 24037 NULL
+afs_cell_alloc_24052 afs_cell_alloc 2 24052 NULL
++brcmf_sdio_ramrw_24074 brcmf_sdio_ramrw 5 24074 NULL
+blkcipher_copy_iv_24075 blkcipher_copy_iv 3 24075 NULL
+vb2_fop_read_24080 vb2_fop_read 3 24080 NULL
+pipeline_post_proc_swi_read_24108 pipeline_post_proc_swi_read 3 24108 NULL
@@ -100466,8 +102472,11 @@ index 0000000..7982a0c
+ext2_free_blocks_24292 ext2_free_blocks 2-3 24292 NULL
+map_page_24298 map_page 3-4 24298 NULL
+btmrvl_pscmd_read_24308 btmrvl_pscmd_read 3 24308 NULL
++reserve_metadata_bytes_24313 reserve_metadata_bytes 3 24313 NULL
+ath6kl_add_bss_if_needed_24317 ath6kl_add_bss_if_needed 6 24317 NULL
+ocfs2_direct_IO_get_blocks_24333 ocfs2_direct_IO_get_blocks 2 24333 NULL
++si476x_radio_read_acf_blob_24336 si476x_radio_read_acf_blob 3 24336 NULL
++C_SYSC_pwritev_24345 C_SYSC_pwritev 3 24345 NULL
+kzalloc_node_24352 kzalloc_node 1 24352 NULL
+qla2x00_handle_queue_full_24365 qla2x00_handle_queue_full 2 24365 NULL
+cfi_read_pri_24366 cfi_read_pri 3 24366 NULL
@@ -100519,7 +102528,8 @@ index 0000000..7982a0c
+l2cap_create_basic_pdu_24869 l2cap_create_basic_pdu 3 24869 &pnp_alloc_24869
+setup_buffering_24872 setup_buffering 3 24872 NULL
+bnx2fc_cmd_mgr_alloc_24873 bnx2fc_cmd_mgr_alloc 3-2 24873 NULL
-+queues_read_24877 queues_read 3 24877 NULL
++queues_read_24877 queues_read 3 24877 NULL nohasharray
++symbol_string_24877 symbol_string 0 24877 &queues_read_24877
+codec_list_read_file_24910 codec_list_read_file 3 24910 NULL
+v4l2_ctrl_new_24927 v4l2_ctrl_new 7 24927 NULL
+next_token_24929 next_token 0 24929 NULL
@@ -100536,6 +102546,7 @@ index 0000000..7982a0c
+ni_660x_num_counters_25031 ni_660x_num_counters 0 25031 NULL
+nfs_dns_resolve_name_25036 nfs_dns_resolve_name 3 25036 NULL
+gs_buf_alloc_25067 gs_buf_alloc 2 25067 NULL
++SYSC_listxattr_25072 SYSC_listxattr 3 25072 NULL
+ceph_osdc_writepages_25085 ceph_osdc_writepages 5 25085 NULL
+snd_rawmidi_kernel_write_25106 snd_rawmidi_kernel_write 3 25106 NULL
+sys_fgetxattr_25166 sys_fgetxattr 4 25166 NULL
@@ -100544,6 +102555,7 @@ index 0000000..7982a0c
+ks8851_rdreg32_25187 ks8851_rdreg32 0 25187 NULL
+ocfs2_block_check_compute_25223 ocfs2_block_check_compute 2 25223 NULL
+free_memcg_kmem_pages_25228 free_memcg_kmem_pages 1 25228 NULL
++dtf_write_string_25232 dtf_write_string 5 25232 NULL
+mon_stat_read_25238 mon_stat_read 3 25238 NULL
+tcf_csum_ipv6_udp_25241 tcf_csum_ipv6_udp 4 25241 NULL
+nilfs_palloc_find_available_slot_25245 nilfs_palloc_find_available_slot 3-5 25245 NULL
@@ -100556,6 +102568,7 @@ index 0000000..7982a0c
+help_25316 help 5 25316 NULL nohasharray
+ath9k_debugfs_read_buf_25316 ath9k_debugfs_read_buf 3 25316 &help_25316
+rng_buffer_size_25348 rng_buffer_size 0 25348 NULL
++SYSC_kexec_load_25361 SYSC_kexec_load 2 25361 NULL
+rio_destid_next_25368 rio_destid_next 2 25368 NULL nohasharray
+unix_mkname_25368 unix_mkname 0-2 25368 &rio_destid_next_25368
+sel_read_mls_25369 sel_read_mls 3 25369 NULL
@@ -100593,6 +102606,7 @@ index 0000000..7982a0c
+ext2_find_near_25734 ext2_find_near 0 25734 NULL
+__set_clear_dirty_25744 __set_clear_dirty 2 25744 NULL
+cxgbi_device_portmap_create_25747 cxgbi_device_portmap_create 3 25747 NULL
++dtf_write_channel_25748 dtf_write_channel 3 25748 NULL
+event_rx_pool_read_25792 event_rx_pool_read 3 25792 NULL
+sg_read_25799 sg_read 3 25799 NULL
+system_enable_read_25815 system_enable_read 3 25815 NULL
@@ -100602,10 +102616,12 @@ index 0000000..7982a0c
+parport_read_25855 parport_read 0 25855 NULL
+xfs_dir2_sf_hdr_size_25858 xfs_dir2_sf_hdr_size 0 25858 NULL
+uf_ap_process_data_pdu_25860 uf_ap_process_data_pdu 7 25860 NULL
++key_attr_size_25865 key_attr_size 0 25865 NULL
+ath6kl_regread_read_25884 ath6kl_regread_read 3 25884 NULL
+run_delalloc_nocow_25896 run_delalloc_nocow 3 25896 NULL
+sisusbcon_scroll_area_25899 sisusbcon_scroll_area 4-3 25899 NULL
+lpfc_change_queue_depth_25905 lpfc_change_queue_depth 2 25905 NULL
++nvme_trans_mode_page_create_25908 nvme_trans_mode_page_create 7 25908 NULL
+do_jffs2_setxattr_25910 do_jffs2_setxattr 5 25910 NULL
+rcname_read_25919 rcname_read 3 25919 NULL
+snd_es1938_capture_copy_25930 snd_es1938_capture_copy 5 25930 NULL
@@ -100630,6 +102646,7 @@ index 0000000..7982a0c
+copy_oldmem_page_26164 copy_oldmem_page 3-1 26164 NULL
+gfs2_xattr_acl_get_26166 gfs2_xattr_acl_get 0 26166 NULL nohasharray
+ath6kl_roam_table_read_26166 ath6kl_roam_table_read 3 26166 &gfs2_xattr_acl_get_26166
++perf_adjust_period_26168 perf_adjust_period 2-3 26168 NULL
+mid_get_vbt_data_r1_26170 mid_get_vbt_data_r1 2 26170 NULL
+disk_devt_26180 disk_devt 0 26180 NULL
+get_registers_26187 get_registers 3 26187 NULL
@@ -100645,6 +102662,7 @@ index 0000000..7982a0c
+snd_pcm_plug_client_channels_buf_26309 snd_pcm_plug_client_channels_buf 0-3 26309 NULL nohasharray
+pax_get_random_long_26309 pax_get_random_long 0 26309 &snd_pcm_plug_client_channels_buf_26309
+pwr_wake_on_host_read_26321 pwr_wake_on_host_read 3 26321 NULL
++efx_rx_mk_skb_26342 efx_rx_mk_skb 5 26342 NULL
+ocfs2_duplicate_clusters_by_page_26357 ocfs2_duplicate_clusters_by_page 5 26357 NULL
+cifs_readdata_alloc_26360 cifs_readdata_alloc 1 26360 NULL
+dup_to_netobj_26363 dup_to_netobj 3 26363 NULL
@@ -100662,6 +102680,7 @@ index 0000000..7982a0c
+rts51x_read_mem_26577 rts51x_read_mem 4 26577 NULL nohasharray
+batadv_receive_server_sync_packet_26577 batadv_receive_server_sync_packet 3 26577 &rts51x_read_mem_26577
+cirrusfb_get_memsize_26597 cirrusfb_get_memsize 0 26597 NULL
++regcache_set_reg_present_26598 regcache_set_reg_present 2 26598 NULL
+__unmap_single_26604 __unmap_single 2-3 26604 NULL
+iommu_alloc_26621 iommu_alloc 4 26621 NULL
+pack_value_26625 pack_value 1 26625 NULL
@@ -100673,6 +102692,7 @@ index 0000000..7982a0c
+rtllib_authentication_req_26713 rtllib_authentication_req 3 26713 NULL
+aty_ld_le32_26720 aty_ld_le32 0 26720 NULL
+nouveau_namedb_create__26732 nouveau_namedb_create_ 7 26732 NULL
++SyS_fcntl_26737 SyS_fcntl 3 26737 NULL
+pipeline_tcp_rx_stat_fifo_int_read_26745 pipeline_tcp_rx_stat_fifo_int_read 3 26745 NULL
+srp_ring_alloc_26760 srp_ring_alloc 2 26760 NULL
+snd_hda_get_raw_connections_26762 snd_hda_get_raw_connections 0 26762 NULL
@@ -100706,10 +102726,12 @@ index 0000000..7982a0c
+snd_pcm_lib_period_bytes_27071 snd_pcm_lib_period_bytes 0 27071 NULL
+paravirt_read_msr_27077 paravirt_read_msr 0 27077 NULL
+alloc_fdmem_27083 alloc_fdmem 1 27083 NULL
++compat_SyS_rt_sigpending_27084 compat_SyS_rt_sigpending 2 27084 NULL
+find_first_bit_27088 find_first_bit 0-2 27088 NULL
+btmrvl_hscmd_write_27089 btmrvl_hscmd_write 3 27089 NULL
+nes_reg_user_mr_27106 nes_reg_user_mr 2-3 27106 NULL
+__devcgroup_inode_permission_27108 __devcgroup_inode_permission 0 27108 NULL
++SYSC_ipc_27123 SYSC_ipc 3 27123 NULL
+get_kernel_page_27133 get_kernel_page 0 27133 NULL
+drbd_get_capacity_27141 drbd_get_capacity 0 27141 NULL
+pms_capture_27142 pms_capture 4 27142 NULL
@@ -100724,10 +102746,12 @@ index 0000000..7982a0c
+__dma_map_cont_27289 __dma_map_cont 5 27289 NULL
+hpi_read_reg_27302 hpi_read_reg 0 27302 NULL
+copy_from_buf_27308 copy_from_buf 4-2 27308 NULL
-+ath6kl_wmi_test_cmd_27312 ath6kl_wmi_test_cmd 3 27312 NULL
++virtqueue_add_inbuf_27312 virtqueue_add_inbuf 3 27312 NULL nohasharray
++ath6kl_wmi_test_cmd_27312 ath6kl_wmi_test_cmd 3 27312 &virtqueue_add_inbuf_27312
+ocfs2_blocks_to_clusters_27327 ocfs2_blocks_to_clusters 0-2 27327 NULL
+snd_pcm_oss_write2_27332 snd_pcm_oss_write2 3-0 27332 NULL
+afs_cell_create_27346 afs_cell_create 2 27346 NULL
++compat_SyS_semctl_27349 compat_SyS_semctl 4 27349 NULL
+pcbit_stat_27364 pcbit_stat 2 27364 NULL
+init_memory_mapping_27395 init_memory_mapping 0 27395 NULL
+phys_pte_init_27411 phys_pte_init 0-3-2 27411 NULL
@@ -100735,6 +102759,7 @@ index 0000000..7982a0c
+acpi_os_get_root_pointer_27416 acpi_os_get_root_pointer 0 27416 NULL nohasharray
+ieee80211_if_read_smps_27416 ieee80211_if_read_smps 3 27416 &acpi_os_get_root_pointer_27416
+pack_sg_list_27425 pack_sg_list 0-2 27425 NULL
++ktime_to_us_27455 ktime_to_us 0 27455 NULL
+v4l2_ctrl_new_std_menu_items_27487 v4l2_ctrl_new_std_menu_items 4 27487 NULL
+set_tpl_pfs_27490 set_tpl_pfs 3 27490 NULL
+hcd_buffer_alloc_27495 hcd_buffer_alloc 2 27495 NULL
@@ -100745,6 +102770,7 @@ index 0000000..7982a0c
+garmin_read_process_27509 garmin_read_process 3 27509 NULL
+ib_copy_to_udata_27525 ib_copy_to_udata 3 27525 NULL
+snd_sonicvibes_getdmaa_27552 snd_sonicvibes_getdmaa 0 27552 NULL
++SyS_fgetxattr_27571 SyS_fgetxattr 4 27571 NULL
+libipw_alloc_txb_27579 libipw_alloc_txb 1-2-3 27579 NULL
+read_flush_procfs_27642 read_flush_procfs 3 27642 NULL nohasharray
+nl80211_send_connect_result_27642 nl80211_send_connect_result 5-7 27642 &read_flush_procfs_27642 nohasharray
@@ -100756,11 +102782,13 @@ index 0000000..7982a0c
+qword_get_27670 qword_get 0 27670 NULL
+ocfs2_extend_dir_27695 ocfs2_extend_dir 4 27695 NULL
+fs_path_add_from_extent_buffer_27702 fs_path_add_from_extent_buffer 4 27702 NULL
++inc_zcache_eph_zbytes_27704 inc_zcache_eph_zbytes 1 27704 NULL
+evm_write_key_27715 evm_write_key 3 27715 NULL
+ieee80211_if_fmt_dot11MeshGateAnnouncementProtocol_27722 ieee80211_if_fmt_dot11MeshGateAnnouncementProtocol 3 27722 NULL
+reg_w_buf_27724 reg_w_buf 3 27724 NULL
+xfs_dir2_block_sfsize_27727 xfs_dir2_block_sfsize 0 27727 NULL
+a4t_cs_init_27734 a4t_cs_init 3 27734 NULL
++SyS_setsockopt_27759 SyS_setsockopt 5 27759 NULL
+kcalloc_27770 kcalloc 1-2 27770 NULL
+twl4030_set_gpio_dataout_27792 twl4030_set_gpio_dataout 1 27792 NULL
+DivaSTraceGetMemotyRequirement_27797 DivaSTraceGetMemotyRequirement 0-1 27797 NULL
@@ -100774,6 +102802,7 @@ index 0000000..7982a0c
+ieee80211_if_read_dot11MeshHWMProotInterval_27873 ieee80211_if_read_dot11MeshHWMProotInterval 3 27873 NULL
+unix_seqpacket_sendmsg_27893 unix_seqpacket_sendmsg 4 27893 NULL
+gluebi_write_27905 gluebi_write 3 27905 NULL
++SyS_ptrace_27924 SyS_ptrace 3-4 27924 NULL
+bm_find_next_27929 bm_find_next 2 27929 NULL
+tracing_clock_write_27961 tracing_clock_write 3 27961 NULL
+tipc_media_addr_printf_27971 tipc_media_addr_printf 2 27971 NULL
@@ -100782,6 +102811,7 @@ index 0000000..7982a0c
+edt_ft5x06_debugfs_raw_data_read_28002 edt_ft5x06_debugfs_raw_data_read 3 28002 NULL
+snd_rawmidi_write_28008 snd_rawmidi_write 3 28008 NULL
+serial8250_port_size_28019 serial8250_port_size 0 28019 NULL
++alloc_one_pg_vec_page_28031 alloc_one_pg_vec_page 1 28031 NULL
+sctp_setsockopt_maxburst_28041 sctp_setsockopt_maxburst 3 28041 NULL
+rts51x_xd_rw_28046 rts51x_xd_rw 3-4 28046 NULL
+cx231xx_init_vbi_isoc_28053 cx231xx_init_vbi_isoc 3-2 28053 NULL
@@ -100819,6 +102849,7 @@ index 0000000..7982a0c
+dlmfs_file_read_28385 dlmfs_file_read 3 28385 NULL
+tx_frag_cache_miss_read_28394 tx_frag_cache_miss_read 3 28394 NULL
+set_bypass_pfs_28395 set_bypass_pfs 3 28395 NULL
++bypass_pwup_write_28416 bypass_pwup_write 3 28416 NULL
+subdev_ioctl_28417 subdev_ioctl 2 28417 NULL
+__split_large_page_28429 __split_large_page 2 28429 NULL
+mpage_readpages_28436 mpage_readpages 3 28436 NULL
@@ -100858,13 +102889,16 @@ index 0000000..7982a0c
+snd_pcm_aio_write_28738 snd_pcm_aio_write 3 28738 NULL nohasharray
+phantom_compat_ioctl_28738 phantom_compat_ioctl 3 28738 &snd_pcm_aio_write_28738
+read_file_btcoex_28743 read_file_btcoex 3 28743 NULL
++max_hw_blocks_28748 max_hw_blocks 0 28748 NULL
+ath6kl_get_num_reg_28780 ath6kl_get_num_reg 0 28780 NULL
+dvb_net_sec_callback_28786 dvb_net_sec_callback 2 28786 NULL
-+sel_write_member_28800 sel_write_member 3 28800 NULL
++btrfs_block_rsv_refill_28800 btrfs_block_rsv_refill 3 28800 NULL nohasharray
++sel_write_member_28800 sel_write_member 3 28800 &btrfs_block_rsv_refill_28800
+cgroup_file_read_28804 cgroup_file_read 3 28804 NULL
+btrfs_ref_to_path_28809 btrfs_ref_to_path 0 28809 NULL
+memory_bm_create_28814 memory_bm_create 0 28814 NULL
+iwl_dbgfs_rxon_filter_flags_read_28832 iwl_dbgfs_rxon_filter_flags_read 3 28832 NULL
++C_SYSC_shmat_28843 C_SYSC_shmat 2 28843 NULL
+vp_request_msix_vectors_28849 vp_request_msix_vectors 2 28849 NULL
+ipv6_renew_options_28867 ipv6_renew_options 5 28867 NULL
+packet_sendmsg_spkt_28885 packet_sendmsg_spkt 4 28885 NULL
@@ -100877,6 +102911,7 @@ index 0000000..7982a0c
+alloc_sched_domains_28972 alloc_sched_domains 1 28972 NULL
+ext4_mb_add_groupinfo_28988 ext4_mb_add_groupinfo 2 28988 NULL
+bin_uuid_28999 bin_uuid 3 28999 NULL
++offset_to_bitmap_29004 offset_to_bitmap 2 29004 NULL
+xz_dec_init_29029 xz_dec_init 2 29029 NULL
+sys_fcntl64_29031 sys_fcntl64 3 29031 NULL
+ieee80211_if_read_ht_opmode_29044 ieee80211_if_read_ht_opmode 3 29044 NULL
@@ -100886,6 +102921,7 @@ index 0000000..7982a0c
+memblock_alloc_base_nid_29072 memblock_alloc_base_nid 1-2 29072 NULL
+sctp_getsockopt_assoc_stats_29074 sctp_getsockopt_assoc_stats 2 29074 NULL
+mark_extents_written_29082 mark_extents_written 2 29082 NULL
++i915_error_object_create_sized_29091 i915_error_object_create_sized 3 29091 NULL
+isdn_ppp_write_29109 isdn_ppp_write 4 29109 NULL
+snprintf_29125 snprintf 0 29125 NULL
+iov_shorten_29130 iov_shorten 0 29130 NULL
@@ -100899,6 +102935,7 @@ index 0000000..7982a0c
+comedi_alloc_subdevices_29207 comedi_alloc_subdevices 2 29207 NULL
+do_shrinker_shrink_29208 do_shrinker_shrink 0 29208 NULL
+iwl_dbgfs_temperature_read_29224 iwl_dbgfs_temperature_read 3 29224 NULL
++nvme_trans_copy_from_user_29227 nvme_trans_copy_from_user 3 29227 NULL
+devm_ioremap_29235 devm_ioremap 2-3 29235 NULL
+irq_domain_add_linear_29236 irq_domain_add_linear 2 29236 NULL
+recover_peb_29238 recover_peb 6-7 29238 NULL
@@ -100907,18 +102944,22 @@ index 0000000..7982a0c
+prism2_set_genericelement_29277 prism2_set_genericelement 3 29277 NULL
+bitmap_ord_to_pos_29279 bitmap_ord_to_pos 3 29279 NULL
+sn9c102_read_29305 sn9c102_read 3 29305 NULL
++__fuse_get_req_29315 __fuse_get_req 2 29315 NULL
+lo_compat_ioctl_29336 lo_compat_ioctl 4 29336 NULL
+tun_put_user_29337 tun_put_user 5 29337 NULL
+__alloc_ei_netdev_29338 __alloc_ei_netdev 1 29338 NULL
+alloc_and_copy_ftrace_hash_29368 alloc_and_copy_ftrace_hash 1 29368 NULL
++ktime_us_delta_29375 ktime_us_delta 0 29375 NULL
+mwifiex_cfg80211_mgmt_tx_29387 mwifiex_cfg80211_mgmt_tx 7 29387 NULL
+pca953x_irq_setup_29407 pca953x_irq_setup 3 29407 NULL
+mempool_create_29437 mempool_create 1 29437 NULL
+crypto_ahash_alignmask_29445 crypto_ahash_alignmask 0 29445 NULL
+apei_exec_ctx_get_output_29457 apei_exec_ctx_get_output 0 29457 NULL
+validate_scan_freqs_29462 validate_scan_freqs 0 29462 NULL
++SyS_flistxattr_29474 SyS_flistxattr 3 29474 NULL
+do_register_entry_29478 do_register_entry 4 29478 NULL
+simple_strtoul_29480 simple_strtoul 0 29480 NULL
++sched_clock_local_29498 sched_clock_local 0 29498 NULL
+btmrvl_pscmd_write_29504 btmrvl_pscmd_write 3 29504 NULL
+btrfs_file_extent_disk_bytenr_29505 btrfs_file_extent_disk_bytenr 0 29505 NULL
+atk_debugfs_ggrp_read_29522 atk_debugfs_ggrp_read 3 29522 NULL
@@ -100944,13 +102985,16 @@ index 0000000..7982a0c
+probes_write_29711 probes_write 3 29711 NULL
+emi62_writememory_29731 emi62_writememory 4 29731 NULL
+read_cis_cache_29735 read_cis_cache 4 29735 NULL
++std_nic_write_29752 std_nic_write 3 29752 NULL
+ip_vs_conn_fill_param_sync_29771 ip_vs_conn_fill_param_sync 6 29771 NULL
++tcf_csum_ipv6_icmp_29777 tcf_csum_ipv6_icmp 3 29777 NULL
+dbAlloc_29794 dbAlloc 0 29794 NULL
+ext4_trim_all_free_29806 ext4_trim_all_free 4-3-2 29806 NULL
+tcp_sendpage_29829 tcp_sendpage 4 29829 NULL
+scan_bitmap_block_29840 scan_bitmap_block 4 29840 NULL
+__probe_kernel_write_29842 __probe_kernel_write 3 29842 NULL
+kvm_read_hva_atomic_29848 kvm_read_hva_atomic 3 29848 NULL
++solo_enc_alloc_29860 solo_enc_alloc 3 29860 NULL
+ipv6_setsockopt_29871 ipv6_setsockopt 5 29871 NULL
+scsi_end_request_29876 scsi_end_request 3 29876 NULL
+crypto_aead_alignmask_29885 crypto_aead_alignmask 0 29885 NULL
@@ -100975,6 +103019,7 @@ index 0000000..7982a0c
+calgary_unmap_page_30130 calgary_unmap_page 2-3 30130 NULL
+_osd_req_sizeof_alist_header_30134 _osd_req_sizeof_alist_header 0 30134 NULL
+u_memcpya_30139 u_memcpya 2-3 30139 NULL
++btrfs_start_transaction_lflush_30178 btrfs_start_transaction_lflush 2 30178 NULL
+cx25821_video_ioctl_30188 cx25821_video_ioctl 2 30188 NULL
+mempool_create_page_pool_30189 mempool_create_page_pool 1 30189 NULL
+drm_property_create_bitmask_30195 drm_property_create_bitmask 5 30195 NULL
@@ -100993,6 +103038,7 @@ index 0000000..7982a0c
+generic_ptrace_pokedata_30338 generic_ptrace_pokedata 2 30338 NULL
+resource_from_user_30341 resource_from_user 3 30341 NULL
+__vmalloc_node_flags_30352 __vmalloc_node_flags 1 30352 NULL
++C_SYSC_readv_30369 C_SYSC_readv 3 30369 NULL
+sys_get_mempolicy_30379 sys_get_mempolicy 3-4 30379 NULL
+mangle_sdp_packet_30381 mangle_sdp_packet 10 30381 NULL
+c4iw_init_resource_30393 c4iw_init_resource 2-3 30393 NULL
@@ -101008,6 +103054,7 @@ index 0000000..7982a0c
+ocrdma_reg_user_mr_30474 ocrdma_reg_user_mr 2-3 30474 NULL
+write_head_30481 write_head 4 30481 NULL
+adu_write_30487 adu_write 3 30487 NULL
++dwc3_testmode_write_30516 dwc3_testmode_write 3 30516 NULL
+debug_debug2_read_30526 debug_debug2_read 3 30526 NULL
+batadv_dat_snoop_incoming_arp_request_30548 batadv_dat_snoop_incoming_arp_request 3 30548 NULL
+disk_expand_part_tbl_30561 disk_expand_part_tbl 2 30561 NULL
@@ -101016,6 +103063,7 @@ index 0000000..7982a0c
+blk_init_tags_30592 blk_init_tags 1 30592 NULL
+i2c_hid_get_report_length_30598 i2c_hid_get_report_length 0 30598 NULL
+sgl_map_user_pages_30610 sgl_map_user_pages 2-3-4 30610 NULL
++SyS_msgrcv_30611 SyS_msgrcv 3 30611 NULL
+macvtap_sendmsg_30629 macvtap_sendmsg 4 30629 NULL
+ieee80211_if_read_dot11MeshAwakeWindowDuration_30631 ieee80211_if_read_dot11MeshAwakeWindowDuration 3 30631 NULL
+compat_raw_setsockopt_30634 compat_raw_setsockopt 5 30634 NULL
@@ -101032,6 +103080,7 @@ index 0000000..7982a0c
+sctp_setsockopt_auth_chunk_30843 sctp_setsockopt_auth_chunk 3 30843 NULL
+cfg80211_rx_mgmt_30844 cfg80211_rx_mgmt 5 30844 NULL
+hda_hwdep_ioctl_compat_30847 hda_hwdep_ioctl_compat 4 30847 NULL
++trace_probe_nr_files_30882 trace_probe_nr_files 0 30882 NULL
+ieee80211_if_fmt_dropped_frames_no_route_30884 ieee80211_if_fmt_dropped_frames_no_route 3 30884 NULL
+iommu_map_mmio_space_30919 iommu_map_mmio_space 1 30919 NULL
+sctp_setsockopt_rtoinfo_30941 sctp_setsockopt_rtoinfo 3 30941 NULL
@@ -101069,6 +103118,7 @@ index 0000000..7982a0c
+sisusbcon_scroll_31315 sisusbcon_scroll 5-2-3 31315 NULL
+command_file_write_31318 command_file_write 3 31318 NULL
+em28xx_init_usb_xfer_31337 em28xx_init_usb_xfer 4-6 31337 NULL
++__cpu_to_node_31345 __cpu_to_node 0 31345 NULL
+xprt_rdma_allocate_31372 xprt_rdma_allocate 2 31372 NULL
+vb2_vmalloc_get_userptr_31374 vb2_vmalloc_get_userptr 3-2 31374 NULL
+trace_parser_get_init_31379 trace_parser_get_init 2 31379 NULL
@@ -101114,6 +103164,7 @@ index 0000000..7982a0c
+shmem_pwrite_slow_31741 shmem_pwrite_slow 3 31741 NULL
+NCR_700_change_queue_depth_31742 NCR_700_change_queue_depth 2 31742 NULL nohasharray
+input_abs_get_max_31742 input_abs_get_max 0 31742 &NCR_700_change_queue_depth_31742
++muldiv64_31743 muldiv64 2-3 31743 NULL
+bcm_char_read_31750 bcm_char_read 3 31750 NULL
+snd_seq_device_new_31753 snd_seq_device_new 4 31753 NULL
+set_memory_wb_31761 set_memory_wb 1 31761 NULL
@@ -101129,9 +103180,11 @@ index 0000000..7982a0c
+new_dir_31919 new_dir 3 31919 NULL
+kmem_alloc_31920 kmem_alloc 1 31920 NULL
+guestwidth_to_adjustwidth_31937 guestwidth_to_adjustwidth 0-1 31937 NULL
++SYSC_sethostname_31940 SYSC_sethostname 2 31940 NULL
+iov_iter_copy_from_user_31942 iov_iter_copy_from_user 4 31942 NULL
+vb2_write_31948 vb2_write 3 31948 NULL
+pvr2_ctrl_get_valname_31951 pvr2_ctrl_get_valname 4 31951 NULL
++regcache_rbtree_sync_31964 regcache_rbtree_sync 2 31964 NULL
+copy_from_user_toio_31966 copy_from_user_toio 3 31966 NULL
+mtd_add_partition_31971 mtd_add_partition 3 31971 NULL
+find_next_zero_bit_31990 find_next_zero_bit 0-2-3 31990 NULL
@@ -101142,8 +103195,10 @@ index 0000000..7982a0c
+aead_len_32021 aead_len 0 32021 NULL
+ocfs2_remove_extent_32032 ocfs2_remove_extent 4-3 32032 NULL
+posix_acl_set_32037 posix_acl_set 4 32037 NULL
++stk_read_32038 stk_read 3 32038 NULL
+vmw_cursor_update_dmabuf_32045 vmw_cursor_update_dmabuf 3-4 32045 NULL
+sys_sched_setaffinity_32046 sys_sched_setaffinity 2 32046 NULL
++SYSC_llistxattr_32061 SYSC_llistxattr 3 32061 NULL
+proc_scsi_devinfo_write_32064 proc_scsi_devinfo_write 3 32064 NULL
+cfg80211_send_unprot_deauth_32080 cfg80211_send_unprot_deauth 3 32080 NULL
+bio_alloc_32095 bio_alloc 2 32095 NULL
@@ -101162,6 +103217,7 @@ index 0000000..7982a0c
+fb_compat_ioctl_32265 fb_compat_ioctl 3 32265 NULL
+vmalloc_user_32308 vmalloc_user 1 32308 NULL
+hex_string_32310 hex_string 0 32310 NULL
++SyS_select_32319 SyS_select 1 32319 NULL
+nouveau_bar_create__32332 nouveau_bar_create_ 4 32332 NULL
+nl80211_send_mlme_event_32337 nl80211_send_mlme_event 4 32337 NULL
+t4_alloc_mem_32342 t4_alloc_mem 1 32342 NULL
@@ -101169,6 +103225,7 @@ index 0000000..7982a0c
+sel_read_initcon_32362 sel_read_initcon 3 32362 NULL
+_drbd_bm_find_next_32372 _drbd_bm_find_next 2 32372 NULL
+usbtmc_read_32377 usbtmc_read 3 32377 NULL
++local_clock_32385 local_clock 0 32385 NULL
+qla4_82xx_pci_mem_write_2M_32398 qla4_82xx_pci_mem_write_2M 2 32398 NULL
+xfs_iext_add_indirect_multi_32400 xfs_iext_add_indirect_multi 3 32400 NULL
+vmci_qp_alloc_32405 vmci_qp_alloc 3-5 32405 NULL
@@ -101178,6 +103235,7 @@ index 0000000..7982a0c
+cache_status_32462 cache_status 5 32462 NULL
+ieee80211_fill_mesh_addresses_32465 ieee80211_fill_mesh_addresses 0 32465 NULL
+ide_driver_proc_write_32493 ide_driver_proc_write 3 32493 NULL
++bypass_pwoff_write_32499 bypass_pwoff_write 3 32499 NULL
+ctrl_std_val_to_sym_32516 ctrl_std_val_to_sym 5 32516 NULL
+disconnect_32521 disconnect 4 32521 NULL
+qsfp_read_32522 qsfp_read 0-4-2 32522 NULL
@@ -101201,6 +103259,7 @@ index 0000000..7982a0c
+ib_sg_dma_len_32649 ib_sg_dma_len 0 32649 NULL
+generic_readlink_32654 generic_readlink 3 32654 NULL
+move_addr_to_kernel_32673 move_addr_to_kernel 2 32673 NULL
++compat_SyS_pwritev_32680 compat_SyS_pwritev 3 32680 NULL
+jfs_readpages_32702 jfs_readpages 4 32702 NULL
+snd_hwdep_ioctl_compat_32736 snd_hwdep_ioctl_compat 3 32736 NULL
+get_arg_page_32746 get_arg_page 2 32746 NULL
@@ -101216,14 +103275,17 @@ index 0000000..7982a0c
+ath6kl_usb_submit_ctrl_in_32880 ath6kl_usb_submit_ctrl_in 6 32880 NULL nohasharray
+cifs_writedata_alloc_32880 cifs_writedata_alloc 1 32880 &ath6kl_usb_submit_ctrl_in_32880
+ath6kl_usb_post_recv_transfers_32892 ath6kl_usb_post_recv_transfers 2 32892 NULL
++ext4_get_group_number_32899 ext4_get_group_number 0 32899 NULL
+il_dbgfs_tx_stats_read_32913 il_dbgfs_tx_stats_read 3 32913 NULL
+zlib_inflate_workspacesize_32927 zlib_inflate_workspacesize 0 32927 NULL
+rmap_recycle_32938 rmap_recycle 3 32938 NULL
+irq_reserve_irqs_32946 irq_reserve_irqs 1-2 32946 NULL
+ext4_valid_block_bitmap_32958 ext4_valid_block_bitmap 3 32958 NULL
-+arch_ptrace_32981 arch_ptrace 3 32981 NULL
++arch_ptrace_32981 arch_ptrace 3-4 32981 NULL
+compat_filldir_32999 compat_filldir 3 32999 NULL
-+ext3_alloc_blocks_33007 ext3_alloc_blocks 3 33007 NULL
++ext3_alloc_blocks_33007 ext3_alloc_blocks 3 33007 NULL nohasharray
++SyS_syslog_33007 SyS_syslog 3 33007 &ext3_alloc_blocks_33007
++SYSC_lgetxattr_33049 SYSC_lgetxattr 4 33049 NULL
+pipeline_dec_packet_in_fifo_full_read_33052 pipeline_dec_packet_in_fifo_full_read 3 33052 NULL
+ebt_compat_match_offset_33053 ebt_compat_match_offset 0-2 33053 NULL
+bitmap_resize_33054 bitmap_resize 2 33054 NULL
@@ -101245,7 +103307,9 @@ index 0000000..7982a0c
+sched_find_first_bit_33270 sched_find_first_bit 0 33270 NULL
+cachefiles_cook_key_33274 cachefiles_cook_key 2 33274 NULL
+mei_compat_ioctl_33275 mei_compat_ioctl 3 33275 NULL
++sync_pt_create_33282 sync_pt_create 2 33282 NULL
+mcs7830_get_reg_33308 mcs7830_get_reg 3 33308 NULL
++isku_sysfs_read_keys_easyzone_33318 isku_sysfs_read_keys_easyzone 6 33318 NULL
+ath6kl_usb_ctrl_msg_exchange_33327 ath6kl_usb_ctrl_msg_exchange 4 33327 NULL
+gsm_mux_rx_netchar_33336 gsm_mux_rx_netchar 3 33336 NULL
+joydev_ioctl_33343 joydev_ioctl 2 33343 NULL
@@ -101255,10 +103319,12 @@ index 0000000..7982a0c
+ocfs2_quota_read_33382 ocfs2_quota_read 5 33382 NULL
+ieee80211_if_read_dropped_frames_no_route_33383 ieee80211_if_read_dropped_frames_no_route 3 33383 NULL
+scsi_varlen_cdb_length_33385 scsi_varlen_cdb_length 0 33385 NULL
++tg_get_cfs_period_33390 tg_get_cfs_period 0 33390 NULL
+ocfs2_allocate_unwritten_extents_33394 ocfs2_allocate_unwritten_extents 2-3 33394 NULL
+ext4_meta_bg_first_block_no_33408 ext4_meta_bg_first_block_no 2 33408 NULL nohasharray
+snd_pcm_capture_ioctl1_33408 snd_pcm_capture_ioctl1 0 33408 &ext4_meta_bg_first_block_no_33408
+ufs_getfrag_block_33409 ufs_getfrag_block 2 33409 NULL
++dis_tap_write_33426 dis_tap_write 3 33426 NULL
+ubh_scanc_33436 ubh_scanc 0-4-3 33436 NULL
+ovs_vport_alloc_33475 ovs_vport_alloc 1 33475 NULL
+create_entry_33479 create_entry 2 33479 NULL
@@ -101320,11 +103386,13 @@ index 0000000..7982a0c
+ppp_write_34034 ppp_write 3 34034 NULL
+tty_insert_flip_string_34042 tty_insert_flip_string 3 34042 NULL
+__domain_flush_pages_34045 __domain_flush_pages 2-3 34045 NULL
++is_trap_at_addr_34047 is_trap_at_addr 2 34047 NULL
+acpi_dev_get_irqresource_34064 acpi_dev_get_irqresource 2 34064 NULL
+memcg_update_all_caches_34068 memcg_update_all_caches 1 34068 NULL
+read_file_ant_diversity_34071 read_file_ant_diversity 3 34071 NULL
+compat_hdio_ioctl_34088 compat_hdio_ioctl 4 34088 NULL
+pipeline_pipeline_fifo_full_read_34095 pipeline_pipeline_fifo_full_read 3 34095 NULL
++proc_scsi_host_write_34107 proc_scsi_host_write 3 34107 NULL
+is_discarded_oblock_34120 is_discarded_oblock 2 34120 NULL
+islpci_mgt_transmit_34133 islpci_mgt_transmit 5 34133 NULL
+ttm_dma_page_pool_free_34135 ttm_dma_page_pool_free 2 34135 NULL
@@ -101342,13 +103410,16 @@ index 0000000..7982a0c
+crypto_ablkcipher_ivsize_34363 crypto_ablkcipher_ivsize 0 34363 NULL
+rngapi_reset_34366 rngapi_reset 3 34366 NULL nohasharray
+p54_alloc_skb_34366 p54_alloc_skb 3 34366 &rngapi_reset_34366
++i2c_hid_get_raw_report_34376 i2c_hid_get_raw_report 0 34376 NULL
+reiserfs_resize_34377 reiserfs_resize 2 34377 NULL
+ea_read_34378 ea_read 0 34378 NULL
++fuse_send_read_34379 fuse_send_read 4 34379 NULL
+av7110_vbi_write_34384 av7110_vbi_write 3 34384 NULL
+usbvision_v4l2_read_34386 usbvision_v4l2_read 3 34386 NULL
+read_rbu_image_type_34387 read_rbu_image_type 6 34387 NULL
+iwl_calib_set_34400 iwl_calib_set 3 34400 NULL nohasharray
+ivtv_read_pos_34400 ivtv_read_pos 3 34400 &iwl_calib_set_34400
++wd_exp_mode_write_34407 wd_exp_mode_write 3 34407 NULL
+nl80211_send_disassoc_34424 nl80211_send_disassoc 4 34424 NULL
+usbtest_alloc_urb_34446 usbtest_alloc_urb 3-5 34446 NULL
+mwifiex_regrdwr_read_34472 mwifiex_regrdwr_read 3 34472 NULL
@@ -101377,6 +103448,7 @@ index 0000000..7982a0c
+reg_w_ixbuf_34736 reg_w_ixbuf 4 34736 NULL
+qib_cdev_init_34778 qib_cdev_init 1 34778 NULL
+__copy_in_user_34790 __copy_in_user 3 34790 NULL
++SYSC_keyctl_34800 SYSC_keyctl 4 34800 NULL
+drbd_get_max_capacity_34804 drbd_get_max_capacity 0 34804 NULL
+b43_debugfs_write_34838 b43_debugfs_write 3 34838 NULL
+nl_portid_hash_zalloc_34843 nl_portid_hash_zalloc 1 34843 NULL
@@ -101386,9 +103458,12 @@ index 0000000..7982a0c
+msg_print_text_34889 msg_print_text 0 34889 NULL
+ieee80211_if_write_34894 ieee80211_if_write 3 34894 NULL
+compat_put_uint_34905 compat_put_uint 1 34905 NULL
++si476x_radio_read_rsq_primary_blob_34916 si476x_radio_read_rsq_primary_blob 3 34916 NULL
+__inode_permission_34925 __inode_permission 0 34925 NULL nohasharray
+btrfs_super_chunk_root_34925 btrfs_super_chunk_root 0 34925 &__inode_permission_34925
-+skb_gro_header_slow_34958 skb_gro_header_slow 2 34958 NULL
++ceph_aio_write_34930 ceph_aio_write 4 34930 NULL
++skb_gro_header_slow_34958 skb_gro_header_slow 2 34958 NULL nohasharray
++i2c_transfer_34958 i2c_transfer 0 34958 &skb_gro_header_slow_34958
+Realloc_34961 Realloc 2 34961 NULL
+mq_lookup_34990 mq_lookup 2 34990 NULL
+rx_rx_hdr_overflow_read_35002 rx_rx_hdr_overflow_read 3 35002 NULL
@@ -101397,6 +103472,7 @@ index 0000000..7982a0c
+sisusb_copy_memory_35016 sisusb_copy_memory 4 35016 NULL
+alloc_p2m_page_35025 alloc_p2m_page 0 35025 NULL
+coda_psdev_read_35029 coda_psdev_read 3 35029 NULL
++brcmf_sdio_chip_writenvram_35042 brcmf_sdio_chip_writenvram 4 35042 NULL
+btmrvl_gpiogap_write_35053 btmrvl_gpiogap_write 3 35053 NULL
+pwr_connection_out_of_sync_read_35061 pwr_connection_out_of_sync_read 3 35061 NULL
+store_ifalias_35088 store_ifalias 4 35088 NULL
@@ -101408,6 +103484,7 @@ index 0000000..7982a0c
+gntdev_alloc_map_35145 gntdev_alloc_map 2 35145 NULL
+iscsi_conn_setup_35159 iscsi_conn_setup 2 35159 NULL
+ieee80211_if_read_bssid_35161 ieee80211_if_read_bssid 3 35161 NULL
++solo_v4l2_init_35179 solo_v4l2_init 2 35179 NULL
+mlx4_ib_get_cq_umem_35184 mlx4_ib_get_cq_umem 5-6 35184 NULL
+iwl_nvm_read_chunk_35198 iwl_nvm_read_chunk 0 35198 NULL
+uprobe_get_swbp_addr_35201 uprobe_get_swbp_addr 0 35201 NULL
@@ -101418,8 +103495,10 @@ index 0000000..7982a0c
+rx_rx_cmplt_task_read_35226 rx_rx_cmplt_task_read 3 35226 NULL nohasharray
+video_register_device_no_warn_35226 video_register_device_no_warn 3 35226 &rx_rx_cmplt_task_read_35226
+gfn_to_page_many_atomic_35234 gfn_to_page_many_atomic 2 35234 NULL
++SYSC_madvise_35241 SYSC_madvise 1 35241 NULL
+set_fd_set_35249 set_fd_set 1 35249 NULL
+ioapic_setup_resources_35255 ioapic_setup_resources 1 35255 NULL
++dis_disc_write_35265 dis_disc_write 3 35265 NULL
+dma_show_regs_35266 dma_show_regs 3 35266 NULL
+irda_recvmsg_stream_35280 irda_recvmsg_stream 4 35280 NULL
+i2o_block_end_request_35282 i2o_block_end_request 3 35282 NULL
@@ -101435,6 +103514,7 @@ index 0000000..7982a0c
+nouveau_devinit_create__35348 nouveau_devinit_create_ 4 35348 NULL
+hpi_alloc_control_cache_35351 hpi_alloc_control_cache 1 35351 NULL
+compat_filldir64_35354 compat_filldir64 3 35354 NULL
++SyS_getxattr_35408 SyS_getxattr 4 35408 NULL
+rawv6_send_hdrinc_35425 rawv6_send_hdrinc 3 35425 NULL
+__set_test_and_free_35436 __set_test_and_free 2 35436 NULL
+buffer_to_user_35439 buffer_to_user 3 35439 NULL
@@ -101458,6 +103538,7 @@ index 0000000..7982a0c
+rdmaltWithLock_35669 rdmaltWithLock 0 35669 NULL
+compat_sys_kexec_load_35674 compat_sys_kexec_load 2 35674 NULL
+dm_table_create_35687 dm_table_create 3 35687 NULL
++SYSC_pwritev_35690 SYSC_pwritev 3 35690 NULL
+rds_page_copy_user_35691 rds_page_copy_user 4 35691 NULL
+pci_enable_sriov_35745 pci_enable_sriov 2 35745 NULL
+iwl_dbgfs_disable_ht40_read_35761 iwl_dbgfs_disable_ht40_read 3 35761 NULL
@@ -101469,6 +103550,7 @@ index 0000000..7982a0c
+kvm_dirty_bitmap_bytes_35886 kvm_dirty_bitmap_bytes 0 35886 NULL
+ieee80211_if_fmt_dot11MeshRetryTimeout_35890 ieee80211_if_fmt_dot11MeshRetryTimeout 3 35890 NULL
+uwb_rc_cmd_done_35892 uwb_rc_cmd_done 4 35892 NULL
++SyS_set_mempolicy_35909 SyS_set_mempolicy 3 35909 NULL
+kernel_setsockopt_35913 kernel_setsockopt 5 35913 NULL
+rbio_nr_pages_35916 rbio_nr_pages 0-1-2 35916 NULL
+vol_cdev_compat_ioctl_35923 vol_cdev_compat_ioctl 3 35923 NULL
@@ -101482,6 +103564,7 @@ index 0000000..7982a0c
+koneplus_sysfs_write_35993 koneplus_sysfs_write 6 35993 NULL
+il3945_ucode_tx_stats_read_36016 il3945_ucode_tx_stats_read 3 36016 NULL
+ubi_eba_write_leb_36029 ubi_eba_write_leb 5-6 36029 NULL
++__videobuf_alloc_36031 __videobuf_alloc 1 36031 NULL
+account_shadowed_36048 account_shadowed 2 36048 NULL
+gpio_power_read_36059 gpio_power_read 3 36059 NULL
+write_emulate_36065 write_emulate 2-4 36065 NULL
@@ -101501,12 +103584,16 @@ index 0000000..7982a0c
+b1_alloc_card_36155 b1_alloc_card 1 36155 NULL
+btrfs_file_extent_inline_len_36158 btrfs_file_extent_inline_len 0 36158 NULL
+snd_korg1212_copy_from_36169 snd_korg1212_copy_from 6 36169 NULL
++SyS_kexec_load_36176 SyS_kexec_load 2 36176 NULL
++SYSC_sched_getaffinity_36208 SYSC_sched_getaffinity 2 36208 NULL
++SYSC_process_vm_readv_36216 SYSC_process_vm_readv 3-5 36216 NULL
+ubifs_read_nnode_36221 ubifs_read_nnode 0 36221 NULL
+is_dirty_36223 is_dirty 2 36223 NULL
+dma_alloc_attrs_36225 dma_alloc_attrs 0 36225 NULL
+nfqnl_mangle_36226 nfqnl_mangle 4-2 36226 NULL
+atomic_stats_read_36228 atomic_stats_read 3 36228 NULL
+viafb_iga1_odev_proc_write_36241 viafb_iga1_odev_proc_write 3 36241 NULL
++SYSC_getxattr_36242 SYSC_getxattr 4 36242 NULL
+rproc_recovery_read_36245 rproc_recovery_read 3 36245 NULL
+scrub_stripe_36248 scrub_stripe 5-4 36248 NULL
+compat_sys_mbind_36256 compat_sys_mbind 5 36256 NULL
@@ -101520,13 +103607,17 @@ index 0000000..7982a0c
+fat_compat_ioctl_filldir_36328 fat_compat_ioctl_filldir 3 36328 NULL
+lc_create_36332 lc_create 4 36332 NULL
+jbd2_journal_init_revoke_table_36336 jbd2_journal_init_revoke_table 1 36336 NULL
++isku_sysfs_read_key_mask_36343 isku_sysfs_read_key_mask 6 36343 NULL
+v9fs_file_readn_36353 v9fs_file_readn 4 36353 NULL nohasharray
+xz_dec_lzma2_create_36353 xz_dec_lzma2_create 2 36353 &v9fs_file_readn_36353
+to_sector_36361 to_sector 0-1 36361 NULL
+tunables_read_36385 tunables_read 3 36385 NULL
+afs_alloc_flat_call_36399 afs_alloc_flat_call 2-3 36399 NULL
++SyS_sethostname_36417 SyS_sethostname 2 36417 NULL
+sctp_tsnmap_init_36446 sctp_tsnmap_init 2 36446 NULL
+alloc_etherdev_mqs_36450 alloc_etherdev_mqs 1 36450 NULL
++tcf_csum_ipv6_udp_36457 tcf_csum_ipv6_udp 3 36457 NULL
++SyS_process_vm_writev_36476 SyS_process_vm_writev 3-5 36476 NULL
+b43_nphy_load_samples_36481 b43_nphy_load_samples 3 36481 NULL
+tx_tx_checksum_result_read_36490 tx_tx_checksum_result_read 3 36490 NULL
+__hwahc_op_set_ptk_36510 __hwahc_op_set_ptk 5 36510 NULL
@@ -101549,10 +103640,12 @@ index 0000000..7982a0c
+format_decode_36638 format_decode 0 36638 NULL
+ced_ioctl_36647 ced_ioctl 2 36647 NULL
+lpfc_idiag_extacc_alloc_get_36648 lpfc_idiag_extacc_alloc_get 0-3 36648 NULL
++perf_calculate_period_36662 perf_calculate_period 3-2 36662 NULL
+osd_req_list_collection_objects_36664 osd_req_list_collection_objects 5 36664 NULL
+iscsi_host_alloc_36671 iscsi_host_alloc 2 36671 NULL
+ptr_to_compat_36680 ptr_to_compat 0 36680 NULL
+ext4_mb_discard_group_preallocations_36685 ext4_mb_discard_group_preallocations 2 36685 NULL
++sched_clock_36717 sched_clock 0 36717 NULL
+extract_icmp6_fields_36732 extract_icmp6_fields 2 36732 NULL
+snd_rawmidi_kernel_read1_36740 snd_rawmidi_kernel_read1 4 36740 NULL
+cxgbi_device_register_36746 cxgbi_device_register 1-2 36746 NULL
@@ -101561,6 +103654,7 @@ index 0000000..7982a0c
+ptp_filter_init_36780 ptp_filter_init 2 36780 NULL
+proc_fault_inject_read_36802 proc_fault_inject_read 3 36802 NULL
+hiddev_ioctl_36816 hiddev_ioctl 2 36816 NULL
++tcf_csum_ipv6_tcp_36822 tcf_csum_ipv6_tcp 3 36822 NULL
+int_hardware_entry_36833 int_hardware_entry 3 36833 NULL
+fc_change_queue_depth_36841 fc_change_queue_depth 2 36841 NULL
+keyctl_describe_key_36853 keyctl_describe_key 3 36853 NULL
@@ -101582,6 +103676,7 @@ index 0000000..7982a0c
+setxattr_37006 setxattr 4 37006 NULL
+qp_broker_create_37053 qp_broker_create 6-5 37053 NULL nohasharray
+ieee80211_if_read_drop_unencrypted_37053 ieee80211_if_read_drop_unencrypted 3 37053 &qp_broker_create_37053
++SYSC_setxattr_37078 SYSC_setxattr 4 37078 NULL
+parse_command_37079 parse_command 2 37079 NULL
+pipeline_cs_rx_packet_in_read_37089 pipeline_cs_rx_packet_in_read 3 37089 NULL
+tun_get_user_37094 tun_get_user 5 37094 NULL
@@ -101599,6 +103694,7 @@ index 0000000..7982a0c
+nested_svm_map_37268 nested_svm_map 2 37268 NULL
+c101_run_37279 c101_run 2 37279 NULL
+srp_target_alloc_37288 srp_target_alloc 3 37288 NULL
++isku_sysfs_write_talkfx_37298 isku_sysfs_write_talkfx 6 37298 NULL
+ieee80211_if_read_power_mode_37305 ieee80211_if_read_power_mode 3 37305 NULL
+jffs2_write_dirent_37311 jffs2_write_dirent 5 37311 NULL
+send_msg_37323 send_msg 4 37323 NULL
@@ -101614,6 +103710,7 @@ index 0000000..7982a0c
+find_next_bit_37422 find_next_bit 0-2-3 37422 &acpi_os_allocate_zeroed_37422
+tty_insert_flip_string_fixed_flag_37428 tty_insert_flip_string_fixed_flag 4 37428 NULL
+iwl_print_last_event_logs_37433 iwl_print_last_event_logs 0-7-9 37433 NULL
++tty_audit_log_37440 tty_audit_log 5 37440 NULL
+tcp_established_options_37450 tcp_established_options 0 37450 NULL
+brcmf_sdio_dump_console_37455 brcmf_sdio_dump_console 4 37455 NULL
+__remove_37457 __remove 2 37457 NULL
@@ -101630,12 +103727,15 @@ index 0000000..7982a0c
+xhci_alloc_streams_37586 xhci_alloc_streams 5 37586 NULL
+mlx4_get_mgm_entry_size_37607 mlx4_get_mgm_entry_size 0 37607 NULL
+kvm_read_guest_page_mmu_37611 kvm_read_guest_page_mmu 6-3 37611 NULL
-+policy_residency_37629 policy_residency 0 37629 NULL
++SYSC_mbind_37622 SYSC_mbind 5 37622 NULL
++btrfs_calc_trans_metadata_size_37629 btrfs_calc_trans_metadata_size 0-2 37629 NULL nohasharray
++policy_residency_37629 policy_residency 0 37629 &btrfs_calc_trans_metadata_size_37629
+check_pt_base_37635 check_pt_base 3 37635 NULL
+alloc_fd_37637 alloc_fd 1 37637 NULL
+bio_copy_user_iov_37660 bio_copy_user_iov 4 37660 NULL
+rfcomm_sock_sendmsg_37661 rfcomm_sock_sendmsg 4 37661 NULL nohasharray
+vmw_framebuffer_dmabuf_dirty_37661 vmw_framebuffer_dmabuf_dirty 6 37661 &rfcomm_sock_sendmsg_37661
++SYSC_get_mempolicy_37664 SYSC_get_mempolicy 4-3 37664 NULL
+lnw_gpio_to_irq_37665 lnw_gpio_to_irq 2 37665 NULL
+ieee80211_if_read_rc_rateidx_mcs_mask_2ghz_37675 ieee80211_if_read_rc_rateidx_mcs_mask_2ghz 3 37675 NULL
+regmap_map_read_file_37685 regmap_map_read_file 3 37685 NULL
@@ -101655,7 +103755,8 @@ index 0000000..7982a0c
+rx_decrypt_key_not_found_read_37820 rx_decrypt_key_not_found_read 3 37820 NULL
+bitmap_find_next_zero_area_37827 bitmap_find_next_zero_area 2-3-5-4 37827 NULL
+o2hb_debug_read_37851 o2hb_debug_read 3 37851 NULL
-+xfs_dir2_block_to_sf_37868 xfs_dir2_block_to_sf 3 37868 NULL
++isku_sysfs_write_last_set_37868 isku_sysfs_write_last_set 6 37868 NULL nohasharray
++xfs_dir2_block_to_sf_37868 xfs_dir2_block_to_sf 3 37868 &isku_sysfs_write_last_set_37868
+sys_setxattr_37880 sys_setxattr 4 37880 NULL
+dvb_net_sec_37884 dvb_net_sec 3 37884 NULL
+max77686_irq_domain_map_37897 max77686_irq_domain_map 2 37897 NULL
@@ -101671,12 +103772,14 @@ index 0000000..7982a0c
+aggr_recv_addba_req_evt_38037 aggr_recv_addba_req_evt 4 38037 NULL
+klsi_105_prepare_write_buffer_38044 klsi_105_prepare_write_buffer 3 38044 NULL nohasharray
+il_dbgfs_chain_noise_read_38044 il_dbgfs_chain_noise_read 3 38044 &klsi_105_prepare_write_buffer_38044
++SyS_llistxattr_38048 SyS_llistxattr 3 38048 NULL
+_xfs_buf_alloc_38058 _xfs_buf_alloc 3 38058 NULL nohasharray
+is_discarded_38058 is_discarded 2 38058 &_xfs_buf_alloc_38058
+nsm_create_handle_38060 nsm_create_handle 4 38060 NULL
+alloc_ltalkdev_38071 alloc_ltalkdev 1 38071 NULL
+xfs_buf_readahead_map_38081 xfs_buf_readahead_map 3 38081 NULL
+uwb_mac_addr_print_38085 uwb_mac_addr_print 2 38085 NULL
++tcf_csum_ipv4_udp_38089 tcf_csum_ipv4_udp 3 38089 NULL
+request_key_auth_new_38092 request_key_auth_new 3 38092 NULL
+proc_self_readlink_38094 proc_self_readlink 3 38094 NULL
+ep0_read_38095 ep0_read 3 38095 NULL
@@ -101699,7 +103802,8 @@ index 0000000..7982a0c
+from_dblock_38256 from_dblock 0-1 38256 NULL
+vmci_qp_broker_set_page_store_38260 vmci_qp_broker_set_page_store 2-3 38260 NULL
+ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 NULL nohasharray
-+mthca_alloc_icm_table_38268 mthca_alloc_icm_table 4-3 38268 &ieee80211_if_read_auto_open_plinks_38268
++SYSC_msgrcv_38268 SYSC_msgrcv 3 38268 &ieee80211_if_read_auto_open_plinks_38268 nohasharray
++mthca_alloc_icm_table_38268 mthca_alloc_icm_table 4-3 38268 &SYSC_msgrcv_38268
+xfs_bmbt_to_bmdr_38275 xfs_bmbt_to_bmdr 3 38275 NULL nohasharray
+xfs_bmdr_to_bmbt_38275 xfs_bmdr_to_bmbt 5 38275 &xfs_bmbt_to_bmdr_38275
+ftdi_process_packet_38281 ftdi_process_packet 4 38281 NULL nohasharray
@@ -101722,6 +103826,7 @@ index 0000000..7982a0c
+i915_min_freq_read_38470 i915_min_freq_read 3 38470 NULL
+kvm_arch_setup_async_pf_38481 kvm_arch_setup_async_pf 3 38481 NULL
+blk_end_bidi_request_38482 blk_end_bidi_request 3-4 38482 NULL
++cpu_to_mem_38501 cpu_to_mem 0 38501 NULL
+dev_names_read_38509 dev_names_read 3 38509 NULL
+iscsi_create_iface_38510 iscsi_create_iface 5 38510 NULL
+event_rx_mismatch_read_38518 event_rx_mismatch_read 3 38518 NULL
@@ -101729,6 +103834,7 @@ index 0000000..7982a0c
+mlx4_ib_db_map_user_38529 mlx4_ib_db_map_user 2 38529 NULL
+ubifs_idx_node_sz_38546 ubifs_idx_node_sz 0-2 38546 NULL
+btrfs_discard_extent_38547 btrfs_discard_extent 2 38547 NULL
++cpu_to_node_38561 cpu_to_node 0 38561 NULL
+irda_sendmsg_dgram_38563 irda_sendmsg_dgram 4 38563 NULL
+il4965_rs_sta_dbgfs_scale_table_read_38564 il4965_rs_sta_dbgfs_scale_table_read 3 38564 NULL
+_ipw_read32_38565 _ipw_read32 0 38565 NULL
@@ -101743,6 +103849,7 @@ index 0000000..7982a0c
+qp_broker_alloc_38646 qp_broker_alloc 5-6 38646 NULL
+mmc_send_cxd_data_38655 mmc_send_cxd_data 5 38655 NULL
+nouveau_instmem_create__38664 nouveau_instmem_create_ 4 38664 NULL
++skb_tnl_header_len_38669 skb_tnl_header_len 0 38669 NULL
+cfg80211_send_disassoc_38678 cfg80211_send_disassoc 3 38678 NULL
+iscsit_dump_data_payload_38683 iscsit_dump_data_payload 2 38683 NULL
+ext4_wait_block_bitmap_38695 ext4_wait_block_bitmap 2 38695 NULL
@@ -101768,7 +103875,8 @@ index 0000000..7982a0c
+ext3_trim_all_free_38929 ext3_trim_all_free 3-4-2 38929 NULL
+sbp_count_se_tpg_luns_38943 sbp_count_se_tpg_luns 0 38943 NULL
+__ath6kl_wmi_send_mgmt_cmd_38971 __ath6kl_wmi_send_mgmt_cmd 7 38971 NULL
-+usb_maxpacket_38977 usb_maxpacket 0 38977 NULL
++C_SYSC_preadv64_38977 C_SYSC_preadv64 3 38977 NULL nohasharray
++usb_maxpacket_38977 usb_maxpacket 0 38977 &C_SYSC_preadv64_38977
+OSDSetBlock_38986 OSDSetBlock 4-2 38986 NULL
+udf_new_block_38999 udf_new_block 4 38999 NULL
+get_nodes_39012 get_nodes 3 39012 NULL
@@ -101814,6 +103922,7 @@ index 0000000..7982a0c
+user_power_read_39414 user_power_read 3 39414 NULL
+alloc_agpphysmem_i8xx_39427 alloc_agpphysmem_i8xx 1 39427 NULL
+sys_semop_39457 sys_semop 3 39457 NULL
++ptrace_peek_siginfo_39458 ptrace_peek_siginfo 3 39458 NULL
+setkey_unaligned_39474 setkey_unaligned 3 39474 NULL
+do_get_mempolicy_39485 do_get_mempolicy 3 39485 NULL
+ieee80211_if_fmt_dot11MeshHWMPmaxPREQretries_39499 ieee80211_if_fmt_dot11MeshHWMPmaxPREQretries 3 39499 NULL
@@ -101860,11 +103969,13 @@ index 0000000..7982a0c
+fwnet_pd_new_39947 fwnet_pd_new 4 39947 &error_error_frame_read_39947
+tty_prepare_flip_string_39955 tty_prepare_flip_string 3 39955 NULL
+dma_push_rx_39973 dma_push_rx 2 39973 NULL
++vfio_pci_read_39975 vfio_pci_read 3 39975 NULL
+broadsheetfb_write_39976 broadsheetfb_write 3 39976 NULL
+mthca_array_init_39987 mthca_array_init 2 39987 NULL
+xen_hvm_config_40018 xen_hvm_config 2 40018 NULL
+nf_nat_icmpv6_reply_translation_40023 nf_nat_icmpv6_reply_translation 5 40023 NULL nohasharray
+ivtvfb_write_40023 ivtvfb_write 3 40023 &nf_nat_icmpv6_reply_translation_40023
++disc_pwup_write_40027 disc_pwup_write 3 40027 NULL
+ea_foreach_i_40028 ea_foreach_i 0 40028 NULL
+datablob_hmac_append_40038 datablob_hmac_append 3 40038 NULL
+regmap_add_irq_chip_40042 regmap_add_irq_chip 4 40042 NULL
@@ -101873,6 +103984,7 @@ index 0000000..7982a0c
+atomic_xchg_40070 atomic_xchg 0 40070 NULL
+gen_pool_first_fit_40110 gen_pool_first_fit 2-3-4 40110 NULL
+sctp_setsockopt_delayed_ack_40129 sctp_setsockopt_delayed_ack 3 40129 NULL
++dwc2_max_desc_num_40132 dwc2_max_desc_num 0 40132 NULL
+rx_rx_frame_checksum_read_40140 rx_rx_frame_checksum_read 3 40140 NULL
+iwch_alloc_fastreg_pbl_40153 iwch_alloc_fastreg_pbl 2 40153 NULL
+pt_write_40159 pt_write 3 40159 NULL
@@ -101889,6 +104001,7 @@ index 0000000..7982a0c
+rs_sta_dbgfs_scale_table_read_40262 rs_sta_dbgfs_scale_table_read 3 40262 NULL
+usbnet_read_cmd_40275 usbnet_read_cmd 7 40275 NULL
+rx_xfr_hint_trig_read_40283 rx_xfr_hint_trig_read 3 40283 NULL
++_calc_trunk_info_40291 _calc_trunk_info 2 40291 NULL
+crash_free_reserved_phys_range_40292 crash_free_reserved_phys_range 1 40292 NULL
+ubi_io_write_data_40305 ubi_io_write_data 4-5 40305 NULL
+batadv_tt_changes_fill_buff_40323 batadv_tt_changes_fill_buff 4 40323 NULL
@@ -101913,6 +104026,8 @@ index 0000000..7982a0c
+ima_write_policy_40548 ima_write_policy 3 40548 NULL
+esp_alloc_tmp_40558 esp_alloc_tmp 3-2 40558 NULL
+ufs_inode_getfrag_40560 ufs_inode_getfrag 2-4 40560 NULL
++bdev_sectors_40564 bdev_sectors 0 40564 NULL
++lba_to_map_index_40580 lba_to_map_index 0-1 40580 NULL
+skge_rx_get_40598 skge_rx_get 3 40598 NULL
+get_priv_descr_and_size_40612 get_priv_descr_and_size 0 40612 NULL
+bl_mark_sectors_init_40613 bl_mark_sectors_init 2-3 40613 NULL
@@ -101924,6 +104039,7 @@ index 0000000..7982a0c
+alloc_rbio_40676 alloc_rbio 4 40676 NULL
+videobuf_dma_init_user_locked_40678 videobuf_dma_init_user_locked 3 40678 NULL
+nfc_hci_set_param_40697 nfc_hci_set_param 5 40697 NULL
++vfio_pci_config_rw_40698 vfio_pci_config_rw 3 40698 NULL
+__seq_open_private_40715 __seq_open_private 3 40715 NULL
+fuse_readpages_40737 fuse_readpages 4 40737 NULL
+xfs_iext_remove_direct_40744 xfs_iext_remove_direct 3 40744 NULL nohasharray
@@ -101934,12 +104050,15 @@ index 0000000..7982a0c
+ad1889_readl_40765 ad1889_readl 0 40765 NULL
+pg_write_40766 pg_write 3 40766 NULL
+show_list_40775 show_list 3 40775 NULL
++calcu_metadata_size_40782 calcu_metadata_size 0 40782 NULL
+kfifo_out_copy_r_40784 kfifo_out_copy_r 0-3 40784 NULL
+bitmap_weight_40791 bitmap_weight 0-2 40791 NULL
+pyra_sysfs_read_40795 pyra_sysfs_read 6 40795 NULL
+netdev_alloc_skb_ip_align_40811 netdev_alloc_skb_ip_align 2 40811 NULL
+nl80211_send_roamed_40825 nl80211_send_roamed 5-7 40825 NULL
++SyS_mbind_40828 SyS_mbind 5 40828 NULL
+__mlx4_qp_reserve_range_40847 __mlx4_qp_reserve_range 2-3 40847 NULL
++isku_sysfs_write_keys_thumbster_40851 isku_sysfs_write_keys_thumbster 6 40851 NULL
+ocfs2_zero_partial_clusters_40856 ocfs2_zero_partial_clusters 2-3 40856 NULL
+v9fs_file_read_40858 v9fs_file_read 3 40858 NULL
+read_file_queue_40895 read_file_queue 3 40895 NULL
@@ -101977,8 +104096,10 @@ index 0000000..7982a0c
+hiddev_compat_ioctl_41255 hiddev_compat_ioctl 2-3 41255 NULL
+erst_read_41260 erst_read 0 41260 NULL
+__fprog_create_41263 __fprog_create 2 41263 NULL
++setup_cluster_bitmap_41270 setup_cluster_bitmap 4 41270 NULL
+alloc_context_41283 alloc_context 1 41283 NULL
+arch_gnttab_map_shared_41306 arch_gnttab_map_shared 3 41306 NULL
++objio_alloc_io_state_41316 objio_alloc_io_state 6 41316 NULL
+twl_change_queue_depth_41342 twl_change_queue_depth 2 41342 NULL
+cnic_init_id_tbl_41354 cnic_init_id_tbl 2 41354 NULL
+jbd2_alloc_41359 jbd2_alloc 1 41359 NULL
@@ -101997,6 +104118,7 @@ index 0000000..7982a0c
+layout_leb_in_gaps_41470 layout_leb_in_gaps 0 41470 NULL
+rt2x00debug_write_rfcsr_41473 rt2x00debug_write_rfcsr 3 41473 NULL
+wep_interrupt_read_41492 wep_interrupt_read 3 41492 NULL
++SyS_get_mempolicy_41495 SyS_get_mempolicy 3-4 41495 NULL
+hpfs_translate_name_41497 hpfs_translate_name 3 41497 NULL
+xfrm_hash_new_size_41505 xfrm_hash_new_size 0-1 41505 NULL
+ldisc_receive_41516 ldisc_receive 4 41516 NULL
@@ -102010,6 +104132,7 @@ index 0000000..7982a0c
+tcp_hdrlen_41610 tcp_hdrlen 0 41610 NULL
+usb_endpoint_maxp_41613 usb_endpoint_maxp 0 41613 NULL
+a2mp_send_41615 a2mp_send 4 41615 NULL
++btrfs_calc_trunc_metadata_size_41626 btrfs_calc_trunc_metadata_size 0-2 41626 NULL
+mempool_create_kmalloc_pool_41650 mempool_create_kmalloc_pool 1 41650 NULL
+rx_rx_pre_complt_read_41653 rx_rx_pre_complt_read 3 41653 NULL
+get_std_timing_41654 get_std_timing 0 41654 NULL
@@ -102022,7 +104145,9 @@ index 0000000..7982a0c
+get_bios_ebda_41730 get_bios_ebda 0 41730 NULL
+fillonedir_41746 fillonedir 3 41746 NULL
+ocfs2_dx_dir_rebalance_41793 ocfs2_dx_dir_rebalance 7 41793 NULL
++iwl_dbgfs_bt_notif_read_41794 iwl_dbgfs_bt_notif_read 3 41794 NULL
+hsi_alloc_controller_41802 hsi_alloc_controller 1 41802 NULL
++regcache_sync_block_raw_41803 regcache_sync_block_raw 3-4 41803 NULL
+da9052_enable_irq_41814 da9052_enable_irq 2 41814 NULL
+sco_send_frame_41815 sco_send_frame 3 41815 NULL
+lp_gpio_to_irq_41822 lp_gpio_to_irq 2 41822 NULL
@@ -102030,11 +104155,13 @@ index 0000000..7982a0c
+do_ip_setsockopt_41852 do_ip_setsockopt 5 41852 NULL
+keyctl_instantiate_key_41855 keyctl_instantiate_key 3 41855 NULL
+ieee80211_rx_radiotap_space_41870 ieee80211_rx_radiotap_space 0 41870 NULL
++get_packet_41914 get_packet 3 41914 NULL
+get_fdb_entries_41916 get_fdb_entries 3 41916 NULL
+find_ge_pid_41918 find_ge_pid 1 41918 NULL
+build_inv_iotlb_pages_41922 build_inv_iotlb_pages 4-5 41922 NULL
+nfsd_getxattr_41934 nfsd_getxattr 0 41934 NULL
+ext4_da_write_inline_data_begin_41935 ext4_da_write_inline_data_begin 3-4 41935 NULL
++read_gssp_41947 read_gssp 3 41947 NULL
+ocfs2_xattr_bucket_get_name_value_41949 ocfs2_xattr_bucket_get_name_value 0 41949 NULL
+portnames_read_41958 portnames_read 3 41958 NULL
+ubi_self_check_all_ff_41959 ubi_self_check_all_ff 4 41959 NULL
@@ -102079,6 +104206,7 @@ index 0000000..7982a0c
+snd_pcm_plug_alloc_42339 snd_pcm_plug_alloc 2 42339 NULL
+ide_raw_taskfile_42355 ide_raw_taskfile 4 42355 NULL
+il_dbgfs_disable_ht40_read_42386 il_dbgfs_disable_ht40_read 3 42386 NULL
++hash_ipportnet4_expire_42391 hash_ipportnet4_expire 3 42391 NULL
+msnd_fifo_read_42406 msnd_fifo_read 0-3 42406 NULL
+krng_get_random_42420 krng_get_random 3 42420 NULL
+gsm_data_alloc_42437 gsm_data_alloc 3 42437 NULL
@@ -102091,6 +104219,7 @@ index 0000000..7982a0c
+follow_hugetlb_page_42486 follow_hugetlb_page 0-7 42486 NULL
+omfs_readpages_42490 omfs_readpages 4 42490 NULL
+brcmf_sdbrcm_bus_txctl_42492 brcmf_sdbrcm_bus_txctl 3 42492 NULL
++bypass_write_42498 bypass_write 3 42498 NULL
+kvm_write_wall_clock_42520 kvm_write_wall_clock 2 42520 NULL
+smk_write_netlbladdr_42525 smk_write_netlbladdr 3 42525 NULL
+snd_emux_create_port_42533 snd_emux_create_port 3 42533 NULL
@@ -102104,11 +104233,13 @@ index 0000000..7982a0c
+__pskb_pull_42602 __pskb_pull 2 42602 &map_state_42602
+nd_get_link_42603 nd_get_link 0 42603 NULL
+sys_move_pages_42626 sys_move_pages 2 42626 NULL
++resp_write_42628 resp_write 2 42628 NULL
+ieee80211_if_fmt_dot11MeshHWMPactivePathTimeout_42635 ieee80211_if_fmt_dot11MeshHWMPactivePathTimeout 3 42635 NULL
+scsi_activate_tcq_42640 scsi_activate_tcq 2 42640 NULL
+br_mdb_rehash_42643 br_mdb_rehash 2 42643 NULL
+l2tp_xmit_skb_42672 l2tp_xmit_skb 3 42672 NULL
+request_key_and_link_42693 request_key_and_link 4 42693 NULL
++acpi_dev_get_irqresource_42694 acpi_dev_get_irqresource 2 42694 NULL
+vb2_read_42703 vb2_read 3 42703 NULL
+sierra_net_send_cmd_42708 sierra_net_send_cmd 3 42708 NULL
+__ocfs2_decrease_refcount_42717 __ocfs2_decrease_refcount 4 42717 NULL
@@ -102117,13 +104248,15 @@ index 0000000..7982a0c
+ax25_setsockopt_42740 ax25_setsockopt 5 42740 NULL
+xen_bind_pirq_gsi_to_irq_42750 xen_bind_pirq_gsi_to_irq 1 42750 NULL
+snd_midi_event_decode_42780 snd_midi_event_decode 0 42780 NULL
-+cryptd_hash_setkey_42781 cryptd_hash_setkey 3 42781 NULL
++cryptd_hash_setkey_42781 cryptd_hash_setkey 3 42781 NULL nohasharray
++isku_sysfs_read_info_42781 isku_sysfs_read_info 6 42781 &cryptd_hash_setkey_42781
+koneplus_sysfs_read_42792 koneplus_sysfs_read 6 42792 NULL
+ntfs_attr_extend_allocation_42796 ntfs_attr_extend_allocation 0-2 42796 NULL
+fw_device_op_compat_ioctl_42804 fw_device_op_compat_ioctl 2-3 42804 NULL
+drm_ioctl_42813 drm_ioctl 2 42813 NULL
+iwl_dbgfs_ucode_bt_stats_read_42820 iwl_dbgfs_ucode_bt_stats_read 3 42820 NULL
+set_arg_42824 set_arg 3 42824 NULL
++si476x_radio_read_rsq_blob_42827 si476x_radio_read_rsq_blob 3 42827 NULL
+ocfs2_desc_bitmap_to_cluster_off_42831 ocfs2_desc_bitmap_to_cluster_off 2 42831 NULL
+prandom_u32_42853 prandom_u32 0 42853 NULL
+of_property_count_strings_42863 of_property_count_strings 0 42863 NULL
@@ -102144,12 +104277,14 @@ index 0000000..7982a0c
+nfs_idmap_get_desc_42990 nfs_idmap_get_desc 4-2 42990 NULL
+mlx4_qp_reserve_range_43000 mlx4_qp_reserve_range 2-3 43000 NULL
+isr_rx_mem_overflow_read_43025 isr_rx_mem_overflow_read 3 43025 NULL
++add_bytes_to_bitmap_43026 add_bytes_to_bitmap 0 43026 NULL
+wep_default_key_count_read_43035 wep_default_key_count_read 3 43035 NULL
+nouveau_gpuobj_create__43072 nouveau_gpuobj_create_ 9 43072 NULL
+nfs_map_group_to_gid_43082 nfs_map_group_to_gid 3 43082 NULL
+cpuset_sprintf_memlist_43088 cpuset_sprintf_memlist 0 43088 NULL
+ieee80211_if_fmt_drop_unencrypted_43107 ieee80211_if_fmt_drop_unencrypted 3 43107 NULL
-+read_file_dfs_43145 read_file_dfs 3 43145 NULL
++read_file_dfs_43145 read_file_dfs 3 43145 NULL nohasharray
++i2c_hid_get_report_43145 i2c_hid_get_report 0 43145 &read_file_dfs_43145
+uuid_string_43154 uuid_string 0 43154 NULL
+usb_string_sub_43164 usb_string_sub 0 43164 NULL
+il_dbgfs_power_save_status_read_43165 il_dbgfs_power_save_status_read 3 43165 NULL
@@ -102172,8 +104307,10 @@ index 0000000..7982a0c
+__ext4_get_inode_loc_43332 __ext4_get_inode_loc 0 43332 NULL
+kvm_host_page_size_43348 kvm_host_page_size 2 43348 NULL
+gart_free_coherent_43362 gart_free_coherent 4-2 43362 NULL
++hash_net4_expire_43378 hash_net4_expire 3 43378 NULL
+__alloc_bootmem_low_43423 __alloc_bootmem_low 1-2 43423 NULL nohasharray
+gdm_wimax_netif_rx_43423 gdm_wimax_netif_rx 3 43423 &__alloc_bootmem_low_43423
++isku_sysfs_write_keys_capslock_43432 isku_sysfs_write_keys_capslock 6 43432 NULL
+usb_alloc_urb_43436 usb_alloc_urb 1 43436 NULL
+ucs2_strsize_43438 ucs2_strsize 0 43438 NULL
+ath6kl_wmi_roam_tbl_event_rx_43440 ath6kl_wmi_roam_tbl_event_rx 3 43440 NULL
@@ -102197,6 +104334,7 @@ index 0000000..7982a0c
+dmam_declare_coherent_memory_43679 dmam_declare_coherent_memory 4-2 43679 NULL
+calgary_map_page_43686 calgary_map_page 3-4 43686 NULL
+max77693_bulk_write_43698 max77693_bulk_write 2-3 43698 NULL
++drbd_md_first_sector_43729 drbd_md_first_sector 0 43729 NULL
+snd_rme32_playback_copy_43732 snd_rme32_playback_copy 5 43732 NULL
+ocfs2_replace_clusters_43733 ocfs2_replace_clusters 5 43733 NULL
+osdv1_attr_list_elem_size_43747 osdv1_attr_list_elem_size 0-1 43747 NULL
@@ -102207,6 +104345,7 @@ index 0000000..7982a0c
+byte_pos_43787 byte_pos 0-2 43787 &ocfs2_xattr_get_value_outside_43787
+btrfs_copy_from_user_43806 btrfs_copy_from_user 3-1 43806 NULL
+ext4_read_block_bitmap_43814 ext4_read_block_bitmap 2 43814 NULL
++div64_u64_safe_43815 div64_u64_safe 1-2 43815 NULL
+ieee80211_if_fmt_element_ttl_43825 ieee80211_if_fmt_element_ttl 3 43825 NULL
+ieee80211_alloc_hw_43829 ieee80211_alloc_hw 1 43829 NULL
+p54_download_eeprom_43842 p54_download_eeprom 4 43842 NULL
@@ -102225,6 +104364,7 @@ index 0000000..7982a0c
+emit_flags_44006 emit_flags 4-3 44006 NULL
+write_flush_procfs_44011 write_flush_procfs 3 44011 NULL
+swiotlb_unmap_page_44063 swiotlb_unmap_page 2 44063 NULL
++SYSC_add_key_44079 SYSC_add_key 4 44079 NULL
+load_discard_44083 load_discard 3 44083 NULL
+xlog_recover_add_to_cont_trans_44102 xlog_recover_add_to_cont_trans 4 44102 NULL
+tracing_set_trace_read_44122 tracing_set_trace_read 3 44122 NULL
@@ -102232,6 +104372,7 @@ index 0000000..7982a0c
+scsi_get_resid_44147 scsi_get_resid 0 44147 NULL
+ubifs_find_dirty_idx_leb_44169 ubifs_find_dirty_idx_leb 0 44169 NULL
+ocfs2_xattr_bucket_find_44174 ocfs2_xattr_bucket_find 0 44174 NULL
++SYSC_set_mempolicy_44176 SYSC_set_mempolicy 3 44176 NULL
+handle_eviocgbit_44193 handle_eviocgbit 3 44193 NULL
+IO_APIC_get_PCI_irq_vector_44198 IO_APIC_get_PCI_irq_vector 0 44198 NULL
+__set_free_44211 __set_free 2 44211 NULL
@@ -102260,12 +104401,14 @@ index 0000000..7982a0c
+___alloc_bootmem_node_nopanic_44461 ___alloc_bootmem_node_nopanic 2-3 44461 NULL
+btrfs_chunk_item_size_44478 btrfs_chunk_item_size 0-1 44478 NULL
+sdio_align_size_44489 sdio_align_size 0-2 44489 NULL
++bio_advance_44496 bio_advance 2 44496 NULL
+ieee80211_if_read_dropped_frames_ttl_44500 ieee80211_if_read_dropped_frames_ttl 3 44500 NULL
+security_getprocattr_44505 security_getprocattr 0 44505 NULL nohasharray
+iwl_dbgfs_sram_read_44505 iwl_dbgfs_sram_read 3 44505 &security_getprocattr_44505
+spidev_write_44510 spidev_write 3 44510 NULL
+sys_msgsnd_44537 sys_msgsnd 3 44537 NULL nohasharray
+comm_write_44537 comm_write 3 44537 &sys_msgsnd_44537
++hash_ipport4_expire_44564 hash_ipport4_expire 3 44564 NULL
+dgrp_config_proc_write_44571 dgrp_config_proc_write 3 44571 NULL
+snd_pcm_alloc_vmalloc_buffer_44595 snd_pcm_alloc_vmalloc_buffer 2 44595 NULL
+slip_compat_ioctl_44599 slip_compat_ioctl 4 44599 NULL
@@ -102276,6 +104419,7 @@ index 0000000..7982a0c
+mpi_resize_44674 mpi_resize 2 44674 NULL
+ts_read_44687 ts_read 3 44687 NULL
+qib_get_user_pages_44689 qib_get_user_pages 1-2 44689 NULL
++xfer_to_user_44713 xfer_to_user 3 44713 NULL
+_zd_iowrite32v_locked_44725 _zd_iowrite32v_locked 3 44725 NULL
+clusterip_proc_write_44729 clusterip_proc_write 3 44729 NULL
+fib_count_nexthops_44730 fib_count_nexthops 0 44730 NULL
@@ -102289,25 +104433,31 @@ index 0000000..7982a0c
+sctp_setsockopt_44788 sctp_setsockopt 5 44788 NULL
+rx_dropped_read_44799 rx_dropped_read 3 44799 NULL
+qla4xxx_alloc_work_44813 qla4xxx_alloc_work 2 44813 NULL
++mei_cl_read_start_44824 mei_cl_read_start 2 44824 NULL
+rmap_write_protect_44833 rmap_write_protect 2 44833 NULL
+sisusb_write_44834 sisusb_write 3 44834 NULL
+nl80211_send_unprot_disassoc_44846 nl80211_send_unprot_disassoc 4 44846 NULL
+kvm_read_hva_44847 kvm_read_hva 3 44847 NULL
++cubic_root_44848 cubic_root 1 44848 NULL
++copydesc_user_44855 copydesc_user 3 44855 NULL
+skb_availroom_44883 skb_availroom 0 44883 NULL
+nf_bridge_encap_header_len_44890 nf_bridge_encap_header_len 0 44890 NULL
+do_tty_write_44896 do_tty_write 5 44896 NULL
+tx_queue_status_read_44978 tx_queue_status_read 3 44978 NULL
+nf_nat_seq_adjust_44989 nf_nat_seq_adjust 4 44989 NULL
++map_index_to_lba_44993 map_index_to_lba 0-1 44993 NULL
+bytepos_delta_45017 bytepos_delta 0 45017 NULL
+read_block_bitmap_45021 read_block_bitmap 2 45021 NULL nohasharray
+ptrace_writedata_45021 ptrace_writedata 4-3 45021 &read_block_bitmap_45021
+vhci_get_user_45039 vhci_get_user 3 45039 NULL
+sel_write_user_45060 sel_write_user 3 45060 NULL
++vmscan_swappiness_45062 vmscan_swappiness 0 45062 NULL
+snd_mixart_BA0_read_45069 snd_mixart_BA0_read 5 45069 NULL nohasharray
+do_video_ioctl_45069 do_video_ioctl 3 45069 &snd_mixart_BA0_read_45069
+kvm_mmu_page_get_gfn_45110 kvm_mmu_page_get_gfn 0-2 45110 NULL
+pwr_missing_bcns_cnt_read_45113 pwr_missing_bcns_cnt_read 3 45113 NULL
+usbdev_read_45114 usbdev_read 3 45114 NULL
++isku_sysfs_write_reset_45133 isku_sysfs_write_reset 6 45133 NULL
+send_to_tty_45141 send_to_tty 3 45141 NULL
+stmpe_irq_map_45146 stmpe_irq_map 2 45146 NULL
+crypto_aead_blocksize_45148 crypto_aead_blocksize 0 45148 NULL
@@ -102324,17 +104474,20 @@ index 0000000..7982a0c
+spi_alloc_master_45223 spi_alloc_master 2 45223 NULL
+__dirty_45228 __dirty 2 45228 NULL
+ieee80211_if_read_peer_45233 ieee80211_if_read_peer 3 45233 NULL
++prism2_pda_proc_read_45246 prism2_pda_proc_read 3 45246 NULL
+input_mt_init_slots_45279 input_mt_init_slots 2 45279 NULL
+vcc_compat_ioctl_45291 vcc_compat_ioctl 3 45291 NULL
+snd_pcm_oss_sync1_45298 snd_pcm_oss_sync1 2 45298 NULL
+pte_val_45313 pte_val 0 45313 NULL
++__i2c_hid_command_45321 __i2c_hid_command 0 45321 NULL
+copy_vm86_regs_from_user_45340 copy_vm86_regs_from_user 3 45340 NULL
+lane2_associate_req_45398 lane2_associate_req 4 45398 NULL
+keymap_store_45406 keymap_store 4 45406 NULL
+paging64_gva_to_gpa_45421 paging64_gva_to_gpa 2 45421 NULL nohasharray
+ieee80211_if_fmt_dot11MeshHWMProotInterval_45421 ieee80211_if_fmt_dot11MeshHWMProotInterval 3 45421 &paging64_gva_to_gpa_45421
+tty_buffer_alloc_45437 tty_buffer_alloc 2 45437 NULL
-+intel_render_ring_init_dri_45446 intel_render_ring_init_dri 2-3 45446 NULL
++intel_render_ring_init_dri_45446 intel_render_ring_init_dri 2-3 45446 NULL nohasharray
++SYSC_mremap_45446 SYSC_mremap 5-1-2 45446 &intel_render_ring_init_dri_45446
+__node_remap_45458 __node_remap 4 45458 NULL
+rds_ib_set_wr_signal_state_45463 rds_ib_set_wr_signal_state 0 45463 NULL
+udp_manip_pkt_45467 udp_manip_pkt 4 45467 NULL
@@ -102391,6 +104544,7 @@ index 0000000..7982a0c
+rb_simple_read_45972 rb_simple_read 3 45972 NULL
+ezusb_writememory_45976 ezusb_writememory 4 45976 NULL
+ioat2_dca_count_dca_slots_45984 ioat2_dca_count_dca_slots 0 45984 NULL
++ore_calc_stripe_info_46023 ore_calc_stripe_info 2 46023 NULL
+sierra_setup_urb_46029 sierra_setup_urb 5 46029 NULL
+get_free_entries_46030 get_free_entries 1 46030 NULL
+__access_remote_vm_46031 __access_remote_vm 0-5-3 46031 NULL
@@ -102407,8 +104561,10 @@ index 0000000..7982a0c
+pkt_ctl_compat_ioctl_46110 pkt_ctl_compat_ioctl 3 46110 NULL
+memcg_update_array_size_46111 memcg_update_array_size 1 46111 NULL nohasharray
+il3945_ucode_general_stats_read_46111 il3945_ucode_general_stats_read 3 46111 &memcg_update_array_size_46111
++C_SYSC_writev_46113 C_SYSC_writev 3 46113 NULL
+mlx4_ib_alloc_fast_reg_page_list_46119 mlx4_ib_alloc_fast_reg_page_list 2 46119 NULL
+paging32_walk_addr_nested_46121 paging32_walk_addr_nested 3 46121 NULL
++vb2_dma_sg_get_userptr_46146 vb2_dma_sg_get_userptr 2 46146 NULL
+__netlink_change_ngroups_46156 __netlink_change_ngroups 2 46156 NULL
+twl_direction_out_46182 twl_direction_out 2 46182 NULL
+vxge_os_dma_malloc_46184 vxge_os_dma_malloc 2 46184 NULL
@@ -102420,6 +104576,7 @@ index 0000000..7982a0c
+nf_nat_ftp_46265 nf_nat_ftp 6 46265 NULL
+ReadReg_46277 ReadReg 0 46277 NULL
+batadv_iv_ogm_queue_add_46319 batadv_iv_ogm_queue_add 3 46319 NULL
++qlcnic_83xx_sysfs_flash_bulk_write_46320 qlcnic_83xx_sysfs_flash_bulk_write 4 46320 NULL
+__hwahc_dev_set_key_46328 __hwahc_dev_set_key 5 46328 NULL
+iwl_dbgfs_chain_noise_read_46355 iwl_dbgfs_chain_noise_read 3 46355 NULL
+smk_write_direct_46363 smk_write_direct 3 46363 NULL
@@ -102427,6 +104584,7 @@ index 0000000..7982a0c
+ubi_dump_flash_46381 ubi_dump_flash 4 46381 NULL
+fuse_file_aio_write_46399 fuse_file_aio_write 4 46399 NULL
+crypto_ablkcipher_reqsize_46411 crypto_ablkcipher_reqsize 0 46411 NULL
++hash_ipportip6_expire_46443 hash_ipportip6_expire 3 46443 NULL
+cp210x_set_config_46447 cp210x_set_config 4 46447 NULL
+filldir64_46469 filldir64 3 46469 NULL
+fill_in_write_vector_46498 fill_in_write_vector 0 46498 NULL
@@ -102465,7 +104623,8 @@ index 0000000..7982a0c
+xfs_iroot_realloc_46826 xfs_iroot_realloc 2 46826 NULL
+shmem_pwrite_fast_46842 shmem_pwrite_fast 3 46842 NULL
+spi_async_46857 spi_async 0 46857 NULL
-+vsnprintf_46863 vsnprintf 0 46863 NULL
++vsnprintf_46863 vsnprintf 0 46863 NULL nohasharray
++SyS_move_pages_46863 SyS_move_pages 2 46863 &vsnprintf_46863
+nvme_alloc_queue_46865 nvme_alloc_queue 3 46865 NULL
+sip_sprintf_addr_46872 sip_sprintf_addr 0 46872 NULL
+rvmalloc_46873 rvmalloc 1 46873 NULL
@@ -102488,6 +104647,7 @@ index 0000000..7982a0c
+sel_write_bool_46996 sel_write_bool 3 46996 &gfs2_xattr_system_set_46996
+ttm_bo_io_47000 ttm_bo_io 5 47000 NULL
+blk_rq_map_kern_47004 blk_rq_map_kern 4 47004 NULL
++add_free_space_entry_47005 add_free_space_entry 2 47005 NULL
+__map_single_47020 __map_single 3-4-7 47020 NULL
+cx231xx_init_bulk_47024 cx231xx_init_bulk 3-2 47024 NULL
+swiotlb_sync_single_47031 swiotlb_sync_single 2 47031 NULL
@@ -102496,6 +104656,7 @@ index 0000000..7982a0c
+ufs_new_fragments_47070 ufs_new_fragments 3-5-4 47070 NULL
+pipeline_dec_packet_in_read_47076 pipeline_dec_packet_in_read 3 47076 NULL
+scsi_deactivate_tcq_47086 scsi_deactivate_tcq 2 47086 NULL
++iwl_dump_nic_event_log_47089 iwl_dump_nic_event_log 0 47089 NULL
+mousedev_read_47123 mousedev_read 3 47123 NULL
+ses_recv_diag_47143 ses_recv_diag 4 47143 NULL nohasharray
+acpi_ut_initialize_buffer_47143 acpi_ut_initialize_buffer 2 47143 &ses_recv_diag_47143
@@ -102515,7 +104676,9 @@ index 0000000..7982a0c
+tty_audit_log_47280 tty_audit_log 8 47280 NULL
+gfs2_readpages_47285 gfs2_readpages 4 47285 NULL
+vsnprintf_47291 vsnprintf 0 47291 NULL
++SYSC_semop_47292 SYSC_semop 3 47292 NULL
+tx_internal_desc_overflow_read_47300 tx_internal_desc_overflow_read 3 47300 NULL
++SyS_madvise_47354 SyS_madvise 1 47354 NULL
+ieee80211_if_read_dot11MeshHoldingTimeout_47356 ieee80211_if_read_dot11MeshHoldingTimeout 3 47356 NULL
+avc_get_hash_stats_47359 avc_get_hash_stats 0 47359 NULL
+find_first_zero_bit_le_47369 find_first_zero_bit_le 2 47369 NULL
@@ -102527,13 +104690,17 @@ index 0000000..7982a0c
+pfkey_sendmsg_47394 pfkey_sendmsg 4 47394 NULL
+gfn_to_pfn_prot_47398 gfn_to_pfn_prot 2 47398 NULL
+ocfs2_resv_end_47408 ocfs2_resv_end 0 47408 NULL
++sta_vht_capa_read_47409 sta_vht_capa_read 3 47409 NULL
+crypto_ablkcipher_alignmask_47410 crypto_ablkcipher_alignmask 0 47410 NULL
+vzalloc_47421 vzalloc 1 47421 NULL
++hash_ipportip4_expire_47426 hash_ipportip4_expire 3 47426 NULL
+posix_acl_from_disk_47445 posix_acl_from_disk 2 47445 NULL
+__load_mapping_47460 __load_mapping 2 47460 NULL
++nvme_trans_send_fw_cmd_47479 nvme_trans_send_fw_cmd 4 47479 NULL
+wb_force_mapping_47485 wb_force_mapping 2 47485 NULL nohasharray
+newpart_47485 newpart 6 47485 &wb_force_mapping_47485
+core_sys_select_47494 core_sys_select 1 47494 NULL
++alloc_arraycache_47505 alloc_arraycache 2 47505 NULL
+unlink_simple_47506 unlink_simple 3 47506 NULL
+ufs_inode_getblock_47512 ufs_inode_getblock 4 47512 NULL
+vscnprintf_47533 vscnprintf 0-2 47533 NULL nohasharray
@@ -102541,8 +104708,11 @@ index 0000000..7982a0c
+oz_events_read_47535 oz_events_read 3 47535 NULL
+ieee80211_if_fmt_min_discovery_timeout_47539 ieee80211_if_fmt_min_discovery_timeout 3 47539 NULL
+read_ldt_47570 read_ldt 2 47570 NULL
++_rtl_rx_get_padding_47572 _rtl_rx_get_padding 0 47572 NULL nohasharray
++isku_sysfs_read_last_set_47572 isku_sysfs_read_last_set 6 47572 &_rtl_rx_get_padding_47572
+pci_iomap_47575 pci_iomap 3 47575 NULL
+rpipe_get_idx_47579 rpipe_get_idx 2 47579 NULL
++SYSC_fcntl64_47581 SYSC_fcntl64 3 47581 NULL
+ext4_kvzalloc_47605 ext4_kvzalloc 1 47605 NULL
+sctp_ssnmap_new_47608 sctp_ssnmap_new 1-2 47608 NULL
+uea_request_47613 uea_request 4 47613 NULL
@@ -102550,6 +104720,7 @@ index 0000000..7982a0c
+twl4030_clear_set_47624 twl4030_clear_set 4 47624 NULL
+irq_set_chip_47638 irq_set_chip 1 47638 NULL
+__build_packet_message_47643 __build_packet_message 3-9 47643 NULL
++global_rt_runtime_47712 global_rt_runtime 0 47712 NULL
+save_microcode_47717 save_microcode 3 47717 NULL
+bits_to_user_47733 bits_to_user 2-3 47733 NULL
+carl9170_debugfs_read_47738 carl9170_debugfs_read 3 47738 NULL
@@ -102559,15 +104730,18 @@ index 0000000..7982a0c
+alloc_sched_domains_47756 alloc_sched_domains 1 47756 NULL
+i915_wedged_write_47771 i915_wedged_write 3 47771 NULL
+uwb_ie_dump_hex_47774 uwb_ie_dump_hex 4 47774 NULL
++SyS_setgroups16_47780 SyS_setgroups16 1 47780 NULL
+error_error_numll_frame_cts_start_read_47781 error_error_numll_frame_cts_start_read 3 47781 NULL
+posix_acl_fix_xattr_from_user_47793 posix_acl_fix_xattr_from_user 2 47793 NULL
+stmmac_set_bfsize_47834 stmmac_set_bfsize 0 47834 NULL
++KEY_SIZE_47855 KEY_SIZE 0 47855 NULL
+ubifs_unpack_nnode_47866 ubifs_unpack_nnode 0 47866 NULL
+vhci_read_47878 vhci_read 3 47878 NULL
+keyctl_instantiate_key_common_47889 keyctl_instantiate_key_common 4 47889 NULL
+load_mapping_47904 load_mapping 3 47904 NULL
+osd_req_read_sg_47905 osd_req_read_sg 5 47905 NULL
+comedi_write_47926 comedi_write 3 47926 NULL
++nvme_trans_get_blk_desc_len_47946 nvme_trans_get_blk_desc_len 0-2 47946 NULL
+lp8788_irq_map_47964 lp8788_irq_map 2 47964 NULL
+iwl_dbgfs_ucode_tracing_read_47983 iwl_dbgfs_ucode_tracing_read 3 47983 NULL nohasharray
+mempool_resize_47983 mempool_resize 2 47983 &iwl_dbgfs_ucode_tracing_read_47983
@@ -102576,9 +104750,11 @@ index 0000000..7982a0c
+ffs_epfile_write_48014 ffs_epfile_write 3 48014 NULL
+bio_integrity_set_tag_48035 bio_integrity_set_tag 3 48035 NULL
+pppoe_sendmsg_48039 pppoe_sendmsg 4 48039 NULL
++SYSC_writev_48040 SYSC_writev 3 48040 NULL
+wpan_phy_alloc_48056 wpan_phy_alloc 1 48056 NULL
+posix_acl_alloc_48063 posix_acl_alloc 1 48063 NULL
+palmas_bulk_write_48068 palmas_bulk_write 2-3-5 48068 NULL
++disc_write_48070 disc_write 3 48070 NULL
+mmc_alloc_host_48097 mmc_alloc_host 1 48097 NULL
+skb_copy_datagram_const_iovec_48102 skb_copy_datagram_const_iovec 4-2-5 48102 NULL
+radio_isa_common_probe_48107 radio_isa_common_probe 3 48107 NULL
@@ -102588,9 +104764,11 @@ index 0000000..7982a0c
+bitmap_onto_48152 bitmap_onto 4 48152 NULL
+isr_dma1_done_read_48159 isr_dma1_done_read 3 48159 NULL
+c4iw_id_table_alloc_48163 c4iw_id_table_alloc 3 48163 NULL
-+ocfs2_find_next_zero_bit_unaligned_48170 ocfs2_find_next_zero_bit_unaligned 2-3 48170 NULL
++ocfs2_find_next_zero_bit_unaligned_48170 ocfs2_find_next_zero_bit_unaligned 2-3 48170 NULL nohasharray
++rbd_obj_method_sync_48170 rbd_obj_method_sync 8 48170 &ocfs2_find_next_zero_bit_unaligned_48170
+alloc_cc770dev_48186 alloc_cc770dev 1 48186 NULL
+init_ipath_48187 init_ipath 1 48187 NULL
++brcmf_sdio_chip_cm3_exitdl_48192 brcmf_sdio_chip_cm3_exitdl 4 48192 NULL
+snd_seq_dump_var_event_48209 snd_seq_dump_var_event 0 48209 NULL
+is_block_in_journal_48223 is_block_in_journal 3 48223 NULL
+uv_blade_nr_possible_cpus_48226 uv_blade_nr_possible_cpus 0 48226 NULL
@@ -102611,6 +104789,7 @@ index 0000000..7982a0c
+lbs_debugfs_write_48413 lbs_debugfs_write 3 48413 NULL
+pwr_tx_without_ps_read_48423 pwr_tx_without_ps_read 3 48423 NULL
+nfs4_alloc_pages_48426 nfs4_alloc_pages 1 48426 NULL
++print_filtered_48442 print_filtered 2-0 48442 NULL
+tun_recvmsg_48463 tun_recvmsg 4 48463 NULL
+r8712_usbctrl_vendorreq_48489 r8712_usbctrl_vendorreq 6 48489 NULL
+send_control_msg_48498 send_control_msg 6 48498 NULL
@@ -102627,6 +104806,7 @@ index 0000000..7982a0c
+do_ip_vs_set_ctl_48641 do_ip_vs_set_ctl 4 48641 NULL
+mtd_read_48655 mtd_read 0 48655 NULL
+aes_encrypt_packets_read_48666 aes_encrypt_packets_read 3 48666 NULL
++ore_get_rw_state_48667 ore_get_rw_state 4 48667 NULL
+sm501_create_subdev_48668 sm501_create_subdev 3-4 48668 NULL nohasharray
+sys_setgroups_48668 sys_setgroups 1 48668 &sm501_create_subdev_48668
+altera_drscan_48698 altera_drscan 2 48698 NULL
@@ -102641,7 +104821,8 @@ index 0000000..7982a0c
+efi_memory_uc_48828 efi_memory_uc 1 48828 NULL
+azx_get_position_48841 azx_get_position 0 48841 NULL
+vc_do_resize_48842 vc_do_resize 3-4 48842 NULL
-+viafb_dvp1_proc_write_48864 viafb_dvp1_proc_write 3 48864 NULL
++C_SYSC_pwritev64_48864 C_SYSC_pwritev64 3 48864 NULL nohasharray
++viafb_dvp1_proc_write_48864 viafb_dvp1_proc_write 3 48864 &C_SYSC_pwritev64_48864
+__ffs_ep0_read_events_48868 __ffs_ep0_read_events 3 48868 NULL
+sys_setgroups16_48882 sys_setgroups16 1 48882 NULL
+ext2_alloc_branch_48889 ext2_alloc_branch 4 48889 NULL
@@ -102657,6 +104838,7 @@ index 0000000..7982a0c
+_alloc_set_attr_list_48991 _alloc_set_attr_list 4 48991 NULL
+rds_rm_size_48996 rds_rm_size 0-2 48996 NULL
+sel_write_enforce_48998 sel_write_enforce 3 48998 NULL
++filemap_check_errors_49022 filemap_check_errors 0 49022 NULL
+transient_status_49027 transient_status 4 49027 NULL
+ipath_reg_user_mr_49038 ipath_reg_user_mr 2-3 49038 NULL
+setup_msi_irq_49052 setup_msi_irq 3-4 49052 NULL
@@ -102664,7 +104846,8 @@ index 0000000..7982a0c
+scsi_register_49094 scsi_register 2 49094 NULL
+paging64_walk_addr_nested_49100 paging64_walk_addr_nested 3 49100 NULL
+compat_do_readv_writev_49102 compat_do_readv_writev 4 49102 NULL
-+xfrm_replay_state_esn_len_49119 xfrm_replay_state_esn_len 0 49119 NULL
++check_exists_49119 check_exists 2 49119 NULL nohasharray
++xfrm_replay_state_esn_len_49119 xfrm_replay_state_esn_len 0 49119 &check_exists_49119
+pt_read_49136 pt_read 3 49136 NULL
+tipc_multicast_49144 tipc_multicast 5 49144 NULL
+atyfb_setup_generic_49151 atyfb_setup_generic 3 49151 NULL
@@ -102676,14 +104859,18 @@ index 0000000..7982a0c
+iwl_dbgfs_ucode_general_stats_read_49199 iwl_dbgfs_ucode_general_stats_read 3 49199 NULL
+il4965_rs_sta_dbgfs_stats_table_read_49206 il4965_rs_sta_dbgfs_stats_table_read 3 49206 NULL
+do_jffs2_getxattr_49210 do_jffs2_getxattr 0 49210 NULL
++resp_write_same_49217 resp_write_same 2 49217 NULL
+nouveau_therm_create__49228 nouveau_therm_create_ 4 49228 NULL
+nouveau_i2c_port_create__49237 nouveau_i2c_port_create_ 6 49237 NULL
+hugetlb_cgroup_read_49259 hugetlb_cgroup_read 5 49259 NULL
+ieee80211_if_read_rssi_threshold_49260 ieee80211_if_read_rssi_threshold 3 49260 NULL
++isku_sysfs_read_keys_media_49268 isku_sysfs_read_keys_media 6 49268 NULL
+osd_req_add_get_attr_list_49278 osd_req_add_get_attr_list 3 49278 NULL
+rx_filter_beacon_filter_read_49279 rx_filter_beacon_filter_read 3 49279 NULL
+uio_read_49300 uio_read 3 49300 NULL
+ocfs2_resmap_find_free_bits_49301 ocfs2_resmap_find_free_bits 3 49301 NULL
++isku_sysfs_read_keys_macro_49312 isku_sysfs_read_keys_macro 6 49312 NULL
++SYSC_mincore_49319 SYSC_mincore 1 49319 NULL
+fwtty_port_handler_49327 fwtty_port_handler 9 49327 NULL
+srpt_alloc_ioctx_ring_49330 srpt_alloc_ioctx_ring 2-3-4 49330 NULL
+cfpkt_setlen_49343 cfpkt_setlen 2 49343 NULL
@@ -102697,22 +104884,26 @@ index 0000000..7982a0c
+samples_to_bytes_49426 samples_to_bytes 0-2 49426 NULL
+md_domain_init_49432 md_domain_init 2 49432 NULL
+compat_do_msg_fill_49440 compat_do_msg_fill 3 49440 NULL
++get_lru_size_49441 get_lru_size 0 49441 NULL
+agp_3_5_isochronous_node_enable_49465 agp_3_5_isochronous_node_enable 3 49465 NULL
+xfs_iformat_local_49472 xfs_iformat_local 4 49472 NULL
+savu_sysfs_read_49473 savu_sysfs_read 6 49473 NULL
+isr_decrypt_done_read_49490 isr_decrypt_done_read 3 49490 NULL
++SyS_listxattr_49519 SyS_listxattr 3 49519 NULL
+emulator_write_phys_49520 emulator_write_phys 2-4 49520 NULL
+acpi_os_ioremap_49523 acpi_os_ioremap 1-2 49523 NULL
+smk_write_access_49561 smk_write_access 3 49561 NULL
+ntfs_malloc_nofs_49572 ntfs_malloc_nofs 1 49572 NULL
+alloc_chunk_49575 alloc_chunk 1 49575 NULL
+sctp_setsockopt_default_send_param_49578 sctp_setsockopt_default_send_param 3 49578 NULL
++tap_write_49595 tap_write 3 49595 NULL
+isr_wakeups_read_49607 isr_wakeups_read 3 49607 NULL
+btrfs_mksubvol_49616 btrfs_mksubvol 3 49616 NULL
+heap_init_49617 heap_init 2 49617 NULL
+smk_write_doi_49621 smk_write_doi 3 49621 NULL
+btrfsic_cmp_log_and_dev_bytenr_49628 btrfsic_cmp_log_and_dev_bytenr 2 49628 NULL
+aa_simple_write_to_buffer_49683 aa_simple_write_to_buffer 3-4 49683 NULL
++SyS_pwritev_49688 SyS_pwritev 3 49688 NULL
+sys_gethostname_49698 sys_gethostname 2 49698 NULL
+cx2341x_ctrl_new_menu_49700 cx2341x_ctrl_new_menu 3 49700 NULL
+dm_thin_insert_block_49720 dm_thin_insert_block 2-3 49720 NULL
@@ -102724,16 +104915,18 @@ index 0000000..7982a0c
+fuse_wr_pages_49753 fuse_wr_pages 0-1-2 49753 NULL
+key_conf_keylen_read_49758 key_conf_keylen_read 3 49758 NULL
+fuse_conn_waiting_read_49762 fuse_conn_waiting_read 3 49762 NULL
-+isku_sysfs_write_49767 isku_sysfs_write 6 49767 NULL
++isku_sysfs_write_49767 isku_sysfs_write 6-5 49767 NULL
+ceph_osdc_readpages_49789 ceph_osdc_readpages 10-4 49789 NULL
+nfs4_acl_new_49806 nfs4_acl_new 1 49806 NULL
+arch_gnttab_map_status_49812 arch_gnttab_map_status 3 49812 NULL
+ntfs_copy_from_user_iovec_49829 ntfs_copy_from_user_iovec 3-6-0 49829 NULL
+add_uuid_49831 add_uuid 4 49831 NULL
++tcf_csum_ipv4_tcp_49834 tcf_csum_ipv4_tcp 3 49834 NULL
+ath6kl_fwlog_block_read_49836 ath6kl_fwlog_block_read 3 49836 NULL
+twl4030_write_49846 twl4030_write 2 49846 NULL
+scsi_dispatch_cmd_entry_49848 scsi_dispatch_cmd_entry 3 49848 NULL
+timeradd_entry_49850 timeradd_entry 3 49850 NULL
++btrfs_subvolume_reserve_metadata_49859 btrfs_subvolume_reserve_metadata 3 49859 NULL
+sctp_setsockopt_bindx_49870 sctp_setsockopt_bindx 3 49870 NULL
+ceph_get_caps_49890 ceph_get_caps 0 49890 NULL
+__cow_file_range_49901 __cow_file_range 5 49901 NULL
@@ -102741,6 +104934,7 @@ index 0000000..7982a0c
+batadv_tt_realloc_packet_buff_49960 batadv_tt_realloc_packet_buff 4 49960 NULL
+b43legacy_pio_read_49978 b43legacy_pio_read 0 49978 NULL
+ieee80211_if_fmt_dtim_count_49987 ieee80211_if_fmt_dtim_count 3 49987 NULL
++sta2x11_swiotlb_alloc_coherent_49994 sta2x11_swiotlb_alloc_coherent 2 49994 NULL
+l2cap_chan_send_49995 l2cap_chan_send 3 49995 NULL
+__module_alloc_50004 __module_alloc 1 50004 NULL
+dn_mss_from_pmtu_50011 dn_mss_from_pmtu 0-2 50011 NULL
@@ -102755,6 +104949,7 @@ index 0000000..7982a0c
+sock_setsockopt_50088 sock_setsockopt 5 50088 NULL
+altera_swap_dr_50090 altera_swap_dr 2 50090 NULL
+read_file_slot_50111 read_file_slot 3 50111 NULL
++SYSC_preadv_50134 SYSC_preadv 3 50134 NULL
+copy_items_50140 copy_items 6 50140 NULL
+tx_frag_need_fragmentation_read_50153 tx_frag_need_fragmentation_read 3 50153 NULL
+set_cmd_header_50155 set_cmd_header 0 50155 NULL
@@ -102774,6 +104969,8 @@ index 0000000..7982a0c
+afs_extract_data_50261 afs_extract_data 5 50261 NULL
+rxrpc_setsockopt_50286 rxrpc_setsockopt 5 50286 NULL
+soc_codec_reg_show_50302 soc_codec_reg_show 0 50302 NULL
++SYSC_flistxattr_50307 SYSC_flistxattr 3 50307 NULL
++SYSC_sched_setaffinity_50310 SYSC_sched_setaffinity 2 50310 NULL
+soc_camera_read_50319 soc_camera_read 3 50319 NULL
+do_launder_page_50329 do_launder_page 0 50329 NULL
+nouveau_engine_create__50331 nouveau_engine_create_ 7 50331 NULL
@@ -102782,16 +104979,20 @@ index 0000000..7982a0c
+snd_pcm_lib_writev_50337 snd_pcm_lib_writev 0-3 50337 &ocfs2_block_to_cluster_group_50337
+roccat_common2_send_with_status_50343 roccat_common2_send_with_status 4 50343 NULL
+tpm_read_50344 tpm_read 3 50344 NULL
++sched_clock_remote_50347 sched_clock_remote 0 50347 NULL
+kvm_arch_create_memslot_50354 kvm_arch_create_memslot 2 50354 NULL
+isdn_ppp_read_50356 isdn_ppp_read 4 50356 NULL
+unpack_u16_chunk_50357 unpack_u16_chunk 0 50357 NULL
+xfrm_send_migrate_50365 xfrm_send_migrate 5 50365 NULL
+roccat_common2_receive_50369 roccat_common2_receive 4 50369 NULL
+sl_alloc_bufs_50380 sl_alloc_bufs 2 50380 NULL
++hash_ip6_expire_50390 hash_ip6_expire 3 50390 NULL
+l2tp_ip_sendmsg_50411 l2tp_ip_sendmsg 4 50411 NULL
++ceph_writepages_osd_request_50423 ceph_writepages_osd_request 5 50423 NULL
+iscsi_create_conn_50425 iscsi_create_conn 2 50425 NULL
+validate_acl_mac_addrs_50429 validate_acl_mac_addrs 0 50429 NULL
+btrfs_error_discard_extent_50444 btrfs_error_discard_extent 2 50444 NULL
++calc_csum_metadata_size_50448 calc_csum_metadata_size 0 50448 NULL
+pgctrl_write_50453 pgctrl_write 3 50453 NULL
+force_mapping_50464 force_mapping 2 50464 NULL
+cdrom_read_cdda_50478 cdrom_read_cdda 4 50478 NULL
@@ -102803,8 +105004,10 @@ index 0000000..7982a0c
+fat_readpages_50582 fat_readpages 4 50582 NULL
+iwl_dbgfs_missed_beacon_read_50584 iwl_dbgfs_missed_beacon_read 3 50584 NULL
+build_inv_iommu_pages_50589 build_inv_iommu_pages 2-3 50589 NULL
++sge_rx_50594 sge_rx 3 50594 NULL
+rx_rx_checksum_result_read_50617 rx_rx_checksum_result_read 3 50617 NULL
+__ffs_50625 __ffs 0 50625 NULL
++regcache_rbtree_write_50629 regcache_rbtree_write 2 50629 NULL
+simple_transaction_get_50633 simple_transaction_get 3 50633 NULL
+ath6kl_tm_rx_event_50664 ath6kl_tm_rx_event 3 50664 NULL nohasharray
+sys_readv_50664 sys_readv 3 50664 &ath6kl_tm_rx_event_50664
@@ -102830,6 +105033,7 @@ index 0000000..7982a0c
+videobuf_dma_init_user_50839 videobuf_dma_init_user 3 50839 NULL
+self_check_write_50856 self_check_write 5 50856 NULL
+carl9170_debugfs_write_50857 carl9170_debugfs_write 3 50857 NULL
++SyS_lgetxattr_50889 SyS_lgetxattr 4 50889 NULL
+netlbl_secattr_catmap_walk_rng_50894 netlbl_secattr_catmap_walk_rng 0-2 50894 NULL
+osd_req_write_sg_50908 osd_req_write_sg 5 50908 NULL
+xfs_iext_remove_50909 xfs_iext_remove 3 50909 NULL
@@ -102837,6 +105041,7 @@ index 0000000..7982a0c
+hash_recvmsg_50924 hash_recvmsg 4 50924 NULL
+chd_dec_fetch_cdata_50926 chd_dec_fetch_cdata 3 50926 NULL
+ocfs2_add_refcount_flag_50952 ocfs2_add_refcount_flag 6 50952 NULL
++SyS_setxattr_50957 SyS_setxattr 4 50957 NULL
+iwl_statistics_flag_50981 iwl_statistics_flag 0-3 50981 NULL
+timeout_write_50991 timeout_write 3 50991 NULL
+wm831x_irq_map_50995 wm831x_irq_map 2 50995 NULL
@@ -102851,6 +105056,7 @@ index 0000000..7982a0c
+do_arpt_set_ctl_51053 do_arpt_set_ctl 4 51053 NULL
+wusb_prf_64_51065 wusb_prf_64 7 51065 NULL
+jbd2_journal_init_revoke_51088 jbd2_journal_init_revoke 2 51088 NULL
++solo_enc_v4l2_init_51094 solo_enc_v4l2_init 2 51094 NULL
+__ocfs2_find_path_51096 __ocfs2_find_path 0 51096 NULL
+ti_recv_51110 ti_recv 3 51110 NULL
+dgrp_net_read_51113 dgrp_net_read 3 51113 NULL
@@ -102873,6 +105079,7 @@ index 0000000..7982a0c
+pvr2_std_id_to_str_51288 pvr2_std_id_to_str 2 51288 NULL
+bnad_debugfs_read_regrd_51308 bnad_debugfs_read_regrd 3 51308 NULL
+get_cell_51316 get_cell 2 51316 NULL
++init_map_ipmac_51317 init_map_ipmac 4-3-5 51317 NULL
+alloc_hippi_dev_51320 alloc_hippi_dev 1 51320 NULL
+ext2_xattr_get_51327 ext2_xattr_get 0 51327 NULL
+alloc_smp_req_51337 alloc_smp_req 1 51337 NULL nohasharray
@@ -102890,6 +105097,8 @@ index 0000000..7982a0c
+____alloc_ei_netdev_51475 ____alloc_ei_netdev 1 51475 NULL
+xfs_buf_get_uncached_51477 xfs_buf_get_uncached 2 51477 NULL
+vaddr_51480 vaddr 0 51480 NULL
++skb_inner_mac_header_51482 skb_inner_mac_header 0 51482 NULL nohasharray
++btrfs_find_space_cluster_51482 btrfs_find_space_cluster 5 51482 &skb_inner_mac_header_51482
+__cpa_process_fault_51502 __cpa_process_fault 2 51502 NULL
+ieee80211_if_write_uapsd_queues_51526 ieee80211_if_write_uapsd_queues 3 51526 NULL
+load_pdptrs_51541 load_pdptrs 3 51541 NULL
@@ -102919,11 +105128,13 @@ index 0000000..7982a0c
+if_write_51756 if_write 3 51756 NULL
+ioremap_prot_51764 ioremap_prot 1-2 51764 NULL
+iio_buffer_add_channel_sysfs_51766 iio_buffer_add_channel_sysfs 0 51766 NULL
++to_ratio_51809 to_ratio 2-1 51809 NULL
+qib_alloc_devdata_51819 qib_alloc_devdata 2 51819 NULL
+buffer_from_user_51826 buffer_from_user 3 51826 NULL
+ioread32_51847 ioread32 0 51847 NULL nohasharray
+read_file_tgt_tx_stats_51847 read_file_tgt_tx_stats 3 51847 &ioread32_51847
+do_readv_writev_51849 do_readv_writev 4 51849 NULL
++SYSC_sendto_51852 SYSC_sendto 6 51852 NULL
+pointer_size_read_51863 pointer_size_read 3 51863 NULL
+mlx4_alloc_db_from_pgdir_51865 mlx4_alloc_db_from_pgdir 3 51865 NULL
+get_indirect_ea_51869 get_indirect_ea 4 51869 NULL
@@ -102940,6 +105151,7 @@ index 0000000..7982a0c
+arizona_free_irq_51969 arizona_free_irq 2 51969 NULL nohasharray
+snd_mask_min_51969 snd_mask_min 0 51969 &arizona_free_irq_51969
+ath6kl_sdio_alloc_prep_scat_req_51986 ath6kl_sdio_alloc_prep_scat_req 2 51986 NULL
++dwc3_mode_write_51997 dwc3_mode_write 3 51997 NULL
+skb_copy_datagram_from_iovec_52014 skb_copy_datagram_from_iovec 4-2-5 52014 NULL
+rdmalt_52022 rdmalt 0 52022 NULL
+vxge_rx_alloc_52024 vxge_rx_alloc 3 52024 NULL
@@ -102952,6 +105164,7 @@ index 0000000..7982a0c
+isofs_readpages_52067 isofs_readpages 4 52067 NULL
+nsm_get_handle_52089 nsm_get_handle 4 52089 NULL
+o2net_debug_read_52105 o2net_debug_read 3 52105 NULL
++smsdvb_stats_read_52114 smsdvb_stats_read 3 52114 NULL
+retry_count_read_52129 retry_count_read 3 52129 NULL
+zram_meta_alloc_52140 zram_meta_alloc 1 52140 NULL
+hysdn_conf_write_52145 hysdn_conf_write 3 52145 NULL nohasharray
@@ -102972,12 +105185,14 @@ index 0000000..7982a0c
+shrink_slab_52261 shrink_slab 2-3 52261 NULL
+hva_to_pfn_slow_52262 hva_to_pfn_slow 1 52262 NULL
+sisusbcon_do_font_op_52271 sisusbcon_do_font_op 9 52271 NULL
++atomic64_read_52300 atomic64_read 0 52300 NULL
+ath6kl_wmi_get_new_buf_52304 ath6kl_wmi_get_new_buf 1 52304 NULL
+read_file_reset_52310 read_file_reset 3 52310 NULL
+request_asymmetric_key_52317 request_asymmetric_key 2-4 52317 NULL
+hwflags_read_52318 hwflags_read 3 52318 NULL
+ntfs_rl_split_52328 ntfs_rl_split 2-4 52328 NULL
+test_unaligned_bulk_52333 test_unaligned_bulk 3 52333 NULL
++compat_SyS_preadv64_52351 compat_SyS_preadv64 3 52351 NULL
+bytes_to_frames_52362 bytes_to_frames 0-2 52362 NULL
+copy_entries_to_user_52367 copy_entries_to_user 1 52367 NULL
+mq_emit_config_values_52378 mq_emit_config_values 3 52378 NULL
@@ -102996,20 +105211,24 @@ index 0000000..7982a0c
+skb_cow_head_52495 skb_cow_head 2 52495 &fd_do_rw_52495
+qib_user_sdma_pin_pages_52498 qib_user_sdma_pin_pages 3-5 52498 NULL
+int_tasklet_entry_52500 int_tasklet_entry 3 52500 NULL
++qlcnic_83xx_sysfs_flash_write_52507 qlcnic_83xx_sysfs_flash_write 4 52507 NULL
+pm_qos_power_write_52513 pm_qos_power_write 3 52513 NULL
+dup_variable_bug_52525 dup_variable_bug 3 52525 NULL
+from_oblock_52546 from_oblock 0-1 52546 NULL
+dccpprobe_read_52549 dccpprobe_read 3 52549 NULL
+ocfs2_make_right_split_rec_52562 ocfs2_make_right_split_rec 3 52562 NULL
+emit_code_52583 emit_code 0-3 52583 NULL
++isku_sysfs_read_macro_52587 isku_sysfs_read_macro 6 52587 NULL
+tps80031_writes_52638 tps80031_writes 3-4 52638 NULL
+brcmf_sdio_assert_info_52653 brcmf_sdio_assert_info 4 52653 NULL
++SYSC_gethostname_52677 SYSC_gethostname 2 52677 NULL
+nvd0_disp_pioc_create__52693 nvd0_disp_pioc_create_ 5 52693 NULL
+nouveau_client_create__52715 nouveau_client_create_ 5 52715 NULL
+cx25840_ir_rx_read_52724 cx25840_ir_rx_read 3 52724 NULL
+blkcipher_next_slow_52733 blkcipher_next_slow 3-4 52733 NULL
+relay_alloc_page_array_52735 relay_alloc_page_array 1 52735 NULL
+carl9170_debugfs_vif_dump_read_52755 carl9170_debugfs_vif_dump_read 3 52755 NULL
++ieee80211_if_read_beacon_timeout_52756 ieee80211_if_read_beacon_timeout 3 52756 NULL
+copy_ctr_args_52761 copy_ctr_args 2 52761 NULL
+pwr_rcvd_beacons_read_52836 pwr_rcvd_beacons_read 3 52836 NULL
+ext2_xattr_set_acl_52857 ext2_xattr_set_acl 4 52857 NULL
@@ -103043,6 +105262,7 @@ index 0000000..7982a0c
+brcmf_usb_dl_cmd_53130 brcmf_usb_dl_cmd 4 53130 NULL
+ps_poll_ps_poll_max_ap_turn_read_53140 ps_poll_ps_poll_max_ap_turn_read 3 53140 NULL
+ieee80211_bss_info_update_53170 ieee80211_bss_info_update 4 53170 NULL
++btrfs_io_bio_alloc_53179 btrfs_io_bio_alloc 2 53179 NULL
+clear_capture_buf_53192 clear_capture_buf 2 53192 NULL
+mtdoops_erase_block_53206 mtdoops_erase_block 2 53206 NULL
+fixup_user_fault_53210 fixup_user_fault 3 53210 NULL
@@ -103051,6 +105271,7 @@ index 0000000..7982a0c
+xfs_trans_read_buf_map_53258 xfs_trans_read_buf_map 5 53258 NULL
+wil_write_file_ssid_53266 wil_write_file_ssid 3 53266 NULL
+btrfs_file_extent_num_bytes_53269 btrfs_file_extent_num_bytes 0 53269 NULL
++isku_sysfs_write_key_mask_53305 isku_sysfs_write_key_mask 6 53305 NULL
+batadv_interface_rx_53325 batadv_interface_rx 4 53325 NULL
+gsm_control_reply_53333 gsm_control_reply 4 53333 NULL
+vm_mmap_53339 vm_mmap 0 53339 NULL
@@ -103072,7 +105293,8 @@ index 0000000..7982a0c
+ocfs2_xattr_set_acl_53508 ocfs2_xattr_set_acl 4 53508 NULL
+check_acl_53512 check_acl 0 53512 NULL
+alloc_pages_exact_nid_53515 alloc_pages_exact_nid 2 53515 NULL
-+set_registers_53582 set_registers 3 53582 NULL
++SYSC_bind_53582 SYSC_bind 3 53582 NULL nohasharray
++set_registers_53582 set_registers 3 53582 &SYSC_bind_53582
+cifs_utf16_bytes_53593 cifs_utf16_bytes 0 53593 NULL
+gfn_to_pfn_async_53597 gfn_to_pfn_async 2 53597 NULL
+___alloc_bootmem_nopanic_53626 ___alloc_bootmem_nopanic 1-2 53626 NULL
@@ -103080,6 +105302,7 @@ index 0000000..7982a0c
+ccid_getsockopt_builtin_ccids_53634 ccid_getsockopt_builtin_ccids 2 53634 NULL
+nr_sendmsg_53656 nr_sendmsg 4 53656 NULL
+_preload_range_53676 _preload_range 2-3 53676 NULL
++lowpan_fragment_xmit_53680 lowpan_fragment_xmit 3-4 53680 NULL
+fuse_fill_write_pages_53682 fuse_fill_write_pages 4 53682 NULL
+v4l2_event_subscribe_53687 v4l2_event_subscribe 3 53687 NULL
+bdev_logical_block_size_53690 bdev_logical_block_size 0 53690 NULL nohasharray
@@ -103101,7 +105324,8 @@ index 0000000..7982a0c
+nls_nullsize_53815 nls_nullsize 0 53815 NULL
+pms_read_53873 pms_read 3 53873 NULL
+ieee80211_if_fmt_dropped_frames_congestion_53883 ieee80211_if_fmt_dropped_frames_congestion 3 53883 NULL
-+ocfs2_rm_xattr_cluster_53900 ocfs2_rm_xattr_cluster 5-4-3 53900 NULL
++ocfs2_rm_xattr_cluster_53900 ocfs2_rm_xattr_cluster 5-4-3 53900 NULL nohasharray
++SyS_setgroups_53900 SyS_setgroups 1 53900 &ocfs2_rm_xattr_cluster_53900
+proc_file_read_53905 proc_file_read 3 53905 NULL
+early_reserve_e820_53915 early_reserve_e820 1-2 53915 NULL
+ocfs2_make_clusters_writable_53938 ocfs2_make_clusters_writable 4 53938 NULL
@@ -103117,10 +105341,12 @@ index 0000000..7982a0c
+pipeline_dec_packet_out_read_54052 pipeline_dec_packet_out_read 3 54052 NULL
+nl80211_send_disconnected_54056 nl80211_send_disconnected 5 54056 NULL
+rproc_state_read_54057 rproc_state_read 3 54057 NULL
++btrfs_start_transaction_54066 btrfs_start_transaction 2 54066 NULL
+_malloc_54077 _malloc 1 54077 NULL
+bitmap_bitremap_54096 bitmap_bitremap 4 54096 NULL
+altera_set_ir_pre_54103 altera_set_ir_pre 2 54103 NULL
+create_xattr_54106 create_xattr 5 54106 NULL
++inc_zcache_pers_zbytes_54107 inc_zcache_pers_zbytes 1 54107 NULL
+strn_len_54122 strn_len 0 54122 NULL
+isku_receive_54130 isku_receive 4 54130 NULL
+isr_host_acknowledges_read_54136 isr_host_acknowledges_read 3 54136 NULL
@@ -103128,6 +105354,7 @@ index 0000000..7982a0c
+memcpy_toiovec_54166 memcpy_toiovec 3 54166 &i2400m_zrealloc_2x_54166
+nouveau_falcon_create__54169 nouveau_falcon_create_ 8 54169 NULL
+acpi_os_read_memory_54186 acpi_os_read_memory 1-3 54186 NULL
++SyS_ipc_54206 SyS_ipc 3 54206 NULL
+__register_chrdev_54223 __register_chrdev 2-3 54223 NULL
+_format_mac_addr_54229 _format_mac_addr 2-0 54229 NULL
+pi_read_regr_54231 pi_read_regr 0 54231 NULL
@@ -103171,6 +105398,7 @@ index 0000000..7982a0c
+unix_dgram_connect_54535 unix_dgram_connect 3 54535 NULL
+setsockopt_54539 setsockopt 5 54539 NULL
+mwifiex_usb_submit_rx_urb_54558 mwifiex_usb_submit_rx_urb 2 54558 NULL
++SYSC_setsockopt_54561 SYSC_setsockopt 5 54561 NULL
+nfsd_vfs_write_54577 nfsd_vfs_write 6 54577 NULL
+fw_iso_buffer_init_54582 fw_iso_buffer_init 3 54582 NULL
+nvme_npages_54601 nvme_npages 0-1 54601 NULL
@@ -103184,7 +105412,8 @@ index 0000000..7982a0c
+evm_read_key_54674 evm_read_key 3 54674 NULL
+resource_string_54699 resource_string 0 54699 NULL
+platform_get_irq_byname_54700 platform_get_irq_byname 0 54700 NULL
-+rfkill_fop_read_54711 rfkill_fop_read 3 54711 NULL
++rfkill_fop_read_54711 rfkill_fop_read 3 54711 NULL nohasharray
++compat_SyS_readv_54711 compat_SyS_readv 3 54711 &rfkill_fop_read_54711
+_add_sg_continuation_descriptor_54721 _add_sg_continuation_descriptor 3 54721 NULL
+ocfs2_control_write_54737 ocfs2_control_write 3 54737 NULL
+kzalloc_54740 kzalloc 1 54740 NULL
@@ -103222,6 +105451,7 @@ index 0000000..7982a0c
+__proc_file_read_54978 __proc_file_read 3 54978 NULL
+ext3_xattr_get_54989 ext3_xattr_get 0 54989 NULL
+Bus_to_Virtual_54991 Bus_to_Virtual 1 54991 NULL
++mem_cgroup_get_lru_size_55008 mem_cgroup_get_lru_size 0 55008 NULL
+cx231xx_v4l2_read_55014 cx231xx_v4l2_read 3 55014 NULL
+paging32_get_level1_sp_gpa_55022 paging32_get_level1_sp_gpa 0 55022 NULL
+error_error_null_Frame_tx_start_read_55024 error_error_null_Frame_tx_start_read 3 55024 NULL
@@ -103242,12 +105472,16 @@ index 0000000..7982a0c
+ht40allow_map_read_55209 ht40allow_map_read 3 55209 NULL
+__kfifo_dma_out_prepare_r_55211 __kfifo_dma_out_prepare_r 4-5 55211 NULL
+do_raw_setsockopt_55215 do_raw_setsockopt 5 55215 NULL
++qxl_alloc_client_monitors_config_55216 qxl_alloc_client_monitors_config 2 55216 NULL
++nouveau_mc_create__55217 nouveau_mc_create_ 4 55217 NULL
+dump_command_55220 dump_command 1 55220 NULL
+dbAllocDmap_55227 dbAllocDmap 0 55227 NULL
+tipc_port_reject_sections_55229 tipc_port_reject_sections 5 55229 NULL
++hash_netport6_expire_55232 hash_netport6_expire 3 55232 NULL
+register_unifi_sdio_55239 register_unifi_sdio 2 55239 NULL
+memcpy_fromiovec_55247 memcpy_fromiovec 3 55247 NULL
-+ptrace_request_55288 ptrace_request 3 55288 NULL
++persistent_ram_new_55286 persistent_ram_new 1-2 55286 NULL
++ptrace_request_55288 ptrace_request 3-4 55288 NULL
+rx_streaming_interval_read_55291 rx_streaming_interval_read 3 55291 NULL
+gsm_control_modem_55303 gsm_control_modem 3 55303 NULL
+qp_alloc_guest_work_55305 qp_alloc_guest_work 3-5 55305 NULL nohasharray
@@ -103260,6 +105494,7 @@ index 0000000..7982a0c
+acpi_system_read_event_55362 acpi_system_read_event 3 55362 NULL
+nf_nat_ipv4_manip_pkt_55387 nf_nat_ipv4_manip_pkt 2 55387 NULL
+iwl_dbgfs_plcp_delta_read_55407 iwl_dbgfs_plcp_delta_read 3 55407 NULL
++si476x_radio_read_rds_blckcnt_blob_55427 si476x_radio_read_rds_blckcnt_blob 3 55427 NULL
+alloc_skb_55439 alloc_skb 1 55439 NULL
+__vxge_hw_channel_allocate_55462 __vxge_hw_channel_allocate 3 55462 NULL
+isdnhdlc_decode_55466 isdnhdlc_decode 0 55466 NULL
@@ -103275,7 +105510,9 @@ index 0000000..7982a0c
+buffer_size_55534 buffer_size 0 55534 NULL
+set_msr_interception_55538 set_msr_interception 2 55538 NULL
+tty_port_register_device_55543 tty_port_register_device 3 55543 NULL
++hash_netport4_expire_55584 hash_netport4_expire 3 55584 NULL
+add_partition_55588 add_partition 2 55588 NULL
++SyS_keyctl_55602 SyS_keyctl 4 55602 NULL
+free_pages_55603 free_pages 1 55603 NULL
+macvtap_put_user_55609 macvtap_put_user 4 55609 NULL
+selinux_setprocattr_55611 selinux_setprocattr 4 55611 NULL
@@ -103295,6 +105532,7 @@ index 0000000..7982a0c
+__videobuf_alloc_uncached_55711 __videobuf_alloc_uncached 1 55711 NULL
+pm8001_store_update_fw_55716 pm8001_store_update_fw 4 55716 NULL
+mtdswap_init_55719 mtdswap_init 2 55719 NULL
++tap_pwup_write_55723 tap_pwup_write 3 55723 NULL
+__iio_allocate_kfifo_55738 __iio_allocate_kfifo 2 55738 NULL
+set_local_name_55757 set_local_name 4 55757 NULL
+strlen_55778 strlen 0 55778 NULL
@@ -103323,12 +105561,14 @@ index 0000000..7982a0c
+kmem_zalloc_large_56128 kmem_zalloc_large 1 56128 NULL
+sel_read_handle_status_56139 sel_read_handle_status 3 56139 NULL
+map_addr_56144 map_addr 7 56144 NULL
++__i2c_transfer_56162 __i2c_transfer 0 56162 NULL
+rawv6_setsockopt_56165 rawv6_setsockopt 5 56165 NULL
+create_irq_nr_56180 create_irq_nr 1 56180 NULL
+ath9k_dump_legacy_btcoex_56194 ath9k_dump_legacy_btcoex 0 56194 NULL
+skb_headroom_56200 skb_headroom 0 56200 NULL
+usb_dump_iad_descriptor_56204 usb_dump_iad_descriptor 0 56204 NULL
+ncp_read_bounce_size_56221 ncp_read_bounce_size 0-1 56221 NULL
++vring_add_indirect_56222 vring_add_indirect 4 56222 NULL
+ocfs2_find_xe_in_bucket_56224 ocfs2_find_xe_in_bucket 0 56224 NULL
+cp210x_get_config_56229 cp210x_get_config 4 56229 NULL
+do_ipt_set_ctl_56238 do_ipt_set_ctl 4 56238 NULL
@@ -103347,6 +105587,7 @@ index 0000000..7982a0c
+vxge_os_dma_malloc_async_56348 vxge_os_dma_malloc_async 3 56348 NULL
+iov_iter_copy_from_user_atomic_56368 iov_iter_copy_from_user_atomic 4 56368 NULL
+dev_read_56369 dev_read 3 56369 NULL
++write_gssp_56404 write_gssp 3 56404 NULL
+ocfs2_control_read_56405 ocfs2_control_read 3 56405 NULL
+__get_vm_area_caller_56416 __get_vm_area_caller 1 56416 NULL nohasharray
+acpi_os_write_memory_56416 acpi_os_write_memory 1-3 56416 &__get_vm_area_caller_56416
@@ -103357,9 +105598,12 @@ index 0000000..7982a0c
+cx231xx_init_isoc_56453 cx231xx_init_isoc 3-2 56453 NULL
+set_connectable_56458 set_connectable 4 56458 NULL
+osd_req_list_partition_objects_56464 osd_req_list_partition_objects 5 56464 NULL
++putused_user_56467 putused_user 3 56467 NULL
+calc_linear_pos_56472 calc_linear_pos 0-3 56472 NULL
++global_rt_period_56476 global_rt_period 0 56476 NULL
+crypto_shash_alignmask_56486 crypto_shash_alignmask 0 56486 NULL
+ieee80211_rx_mgmt_probe_beacon_56491 ieee80211_rx_mgmt_probe_beacon 3 56491 NULL
++init_map_ip_56508 init_map_ip 5 56508 NULL
+cfg80211_connect_result_56515 cfg80211_connect_result 4-6 56515 NULL
+ip_options_get_56538 ip_options_get 4 56538 NULL
+ocfs2_change_extent_flag_56549 ocfs2_change_extent_flag 5 56549 NULL
@@ -103386,6 +105630,7 @@ index 0000000..7982a0c
+mtdchar_write_56831 mtdchar_write 3 56831 NULL nohasharray
+ntfs_rl_realloc_56831 ntfs_rl_realloc 3 56831 &mtdchar_write_56831
+snd_rawmidi_kernel_write1_56847 snd_rawmidi_kernel_write1 4 56847 NULL
++si476x_radio_read_agc_blob_56849 si476x_radio_read_agc_blob 3 56849 NULL
+wb_lookup_56858 wb_lookup 2 56858 NULL
+ext3_xattr_ibody_get_56880 ext3_xattr_ibody_get 0 56880 NULL
+pvr2_debugifc_print_status_56890 pvr2_debugifc_print_status 3 56890 NULL
@@ -103423,6 +105668,7 @@ index 0000000..7982a0c
+rx_hw_stuck_read_57179 rx_hw_stuck_read 3 57179 NULL
+tt3650_ci_msg_57219 tt3650_ci_msg 4 57219 NULL
+dma_fifo_alloc_57236 dma_fifo_alloc 5-3-2 57236 NULL
++flush_space_57241 flush_space 3 57241 NULL
+ieee80211_if_fmt_tsf_57249 ieee80211_if_fmt_tsf 3 57249 NULL
+oprofilefs_ulong_from_user_57251 oprofilefs_ulong_from_user 3 57251 NULL
+alloc_flex_gd_57259 alloc_flex_gd 1 57259 NULL
@@ -103489,6 +105735,7 @@ index 0000000..7982a0c
+nouveau_gpio_create__57735 nouveau_gpio_create_ 4-5 57735 NULL
+compat_sys_set_mempolicy_57742 compat_sys_set_mempolicy 3 57742 NULL
+ieee80211_if_fmt_dot11MeshHWMPpreqMinInterval_57762 ieee80211_if_fmt_dot11MeshHWMPpreqMinInterval 3 57762 NULL
++SYSC_process_vm_writev_57776 SYSC_process_vm_writev 3-5 57776 NULL
+ld2_57794 ld2 0 57794 NULL
+ivtv_read_57796 ivtv_read 3 57796 NULL
+generic_ptrace_peekdata_57806 generic_ptrace_peekdata 2 57806 NULL
@@ -103538,9 +105785,11 @@ index 0000000..7982a0c
+pcim_iomap_58334 pcim_iomap 3 58334 NULL
+diva_init_dma_map_58336 diva_init_dma_map 3 58336 NULL
+next_pidmap_58347 next_pidmap 2 58347 NULL
++SyS_migrate_pages_58348 SyS_migrate_pages 2 58348 NULL
+vmalloc_to_sg_58354 vmalloc_to_sg 2 58354 NULL
+save_hint_58359 save_hint 2 58359 NULL
+brcmf_debugfs_sdio_counter_read_58369 brcmf_debugfs_sdio_counter_read 3 58369 NULL
++hash_ipportnet6_expire_58379 hash_ipportnet6_expire 3 58379 NULL
+il_dbgfs_status_read_58388 il_dbgfs_status_read 3 58388 NULL
+kvm_mmu_write_protect_pt_masked_58406 kvm_mmu_write_protect_pt_masked 3 58406 NULL
+i2400m_pld_size_58415 i2400m_pld_size 0 58415 NULL
@@ -103556,10 +105805,12 @@ index 0000000..7982a0c
+memblock_alloc_try_nid_58493 memblock_alloc_try_nid 1-2 58493 NULL
+rndis_add_response_58544 rndis_add_response 2 58544 NULL
+__clear_discard_58546 __clear_discard 2 58546 NULL
++wrap_max_58548 wrap_max 0-1-2 58548 NULL
+wep_decrypt_fail_read_58567 wep_decrypt_fail_read 3 58567 NULL
+sip_sprintf_addr_port_58574 sip_sprintf_addr_port 0 58574 NULL
+scnprint_mac_oui_58578 scnprint_mac_oui 3-0 58578 NULL
+ea_read_inline_58589 ea_read_inline 0 58589 NULL
++isku_sysfs_read_keys_thumbster_58590 isku_sysfs_read_keys_thumbster 6 58590 NULL
+xip_file_read_58592 xip_file_read 3 58592 NULL
+gdth_search_isa_58595 gdth_search_isa 1 58595 NULL
+ebt_buf_count_58607 ebt_buf_count 0 58607 NULL
@@ -103586,7 +105837,7 @@ index 0000000..7982a0c
+__do_config_autodelink_58763 __do_config_autodelink 3 58763 NULL
+regmap_calc_reg_len_58795 regmap_calc_reg_len 0 58795 NULL
+raw_send_hdrinc_58803 raw_send_hdrinc 4 58803 NULL
-+isku_sysfs_read_58806 isku_sysfs_read 6 58806 NULL
++isku_sysfs_read_58806 isku_sysfs_read 6-5 58806 NULL
+ep_read_58813 ep_read 3 58813 NULL
+command_write_58841 command_write 3 58841 NULL
+ocfs2_truncate_log_append_58850 ocfs2_truncate_log_append 3 58850 NULL
@@ -103606,6 +105857,7 @@ index 0000000..7982a0c
+edac_align_ptr_59003 edac_align_ptr 0 59003 NULL
+ep_write_59008 ep_write 3 59008 NULL
+i915_ring_stop_write_59010 i915_ring_stop_write 3 59010 NULL
++SyS_preadv_59029 SyS_preadv 3 59029 NULL
+init_pci_cap_msi_perm_59033 init_pci_cap_msi_perm 2 59033 NULL
+selinux_transaction_write_59038 selinux_transaction_write 3 59038 NULL
+crypto_aead_reqsize_59039 crypto_aead_reqsize 0 59039 NULL
@@ -103639,8 +105891,10 @@ index 0000000..7982a0c
+xfs_dir2_sf_entsize_59366 xfs_dir2_sf_entsize 0-2 59366 NULL
+pvr2_debugifc_print_info_59380 pvr2_debugifc_print_info 3 59380 NULL
+fc_frame_alloc_fill_59394 fc_frame_alloc_fill 2 59394 NULL
++isku_sysfs_read_keys_function_59412 isku_sysfs_read_keys_function 6 59412 NULL
+vxge_hw_ring_rxds_per_block_get_59425 vxge_hw_ring_rxds_per_block_get 0 59425 NULL
+squashfs_read_data_59440 squashfs_read_data 6 59440 NULL
++SyS_sched_setaffinity_59442 SyS_sched_setaffinity 2 59442 NULL
+fs_path_ensure_buf_59445 fs_path_ensure_buf 2 59445 NULL
+descriptor_loc_59446 descriptor_loc 3 59446 NULL
+do_compat_semctl_59449 do_compat_semctl 4 59449 NULL
@@ -103658,7 +105912,9 @@ index 0000000..7982a0c
+ubifs_setxattr_59650 ubifs_setxattr 4 59650 NULL nohasharray
+hidraw_read_59650 hidraw_read 3 59650 &ubifs_setxattr_59650
+v9fs_xattr_set_acl_59651 v9fs_xattr_set_acl 4 59651 NULL
++paravirt_sched_clock_59660 paravirt_sched_clock 0 59660 NULL
+__devcgroup_check_permission_59665 __devcgroup_check_permission 0 59665 NULL
++iwl_dbgfs_mac_params_read_59666 iwl_dbgfs_mac_params_read 3 59666 NULL
+alloc_dca_provider_59670 alloc_dca_provider 2 59670 NULL
+can_nocow_odirect_59681 can_nocow_odirect 3 59681 NULL
+sriov_enable_59689 sriov_enable 2 59689 NULL
@@ -103671,6 +105927,8 @@ index 0000000..7982a0c
+ext3_acl_count_59754 ext3_acl_count 0-1 59754 NULL
+long_retry_limit_read_59766 long_retry_limit_read 3 59766 NULL
+venus_remove_59781 venus_remove 4 59781 NULL
++mei_nfc_recv_59784 mei_nfc_recv 3 59784 NULL
++C_SYSC_preadv_59801 C_SYSC_preadv 3 59801 NULL
+ipw_write_59807 ipw_write 3 59807 NULL
+rtllib_wx_set_gen_ie_59808 rtllib_wx_set_gen_ie 3 59808 NULL
+scsi_init_shared_tag_map_59812 scsi_init_shared_tag_map 2 59812 NULL
@@ -103678,7 +105936,8 @@ index 0000000..7982a0c
+gspca_dev_probe2_59833 gspca_dev_probe2 4 59833 NULL
+regmap_raw_write_async_59849 regmap_raw_write_async 2-4 59849 NULL
+pvr2_ioread_set_sync_key_59882 pvr2_ioread_set_sync_key 3 59882 NULL
-+shmem_zero_setup_59885 shmem_zero_setup 0 59885 NULL
++shmem_zero_setup_59885 shmem_zero_setup 0 59885 NULL nohasharray
++start_transaction_59885 start_transaction 2 59885 &shmem_zero_setup_59885
+ffs_prepare_buffer_59892 ffs_prepare_buffer 2 59892 NULL
+swiotlb_map_page_59909 swiotlb_map_page 3 59909 NULL
+il_dbgfs_rxon_flags_read_59950 il_dbgfs_rxon_flags_read 3 59950 NULL nohasharray
@@ -103709,11 +105968,13 @@ index 0000000..7982a0c
+mp_register_gsi_60079 mp_register_gsi 2 60079 NULL
+rxrpc_kernel_send_data_60083 rxrpc_kernel_send_data 3 60083 NULL
+ieee80211_if_fmt_fwded_frames_60103 ieee80211_if_fmt_fwded_frames 3 60103 NULL
++SYSC_msgsnd_60113 SYSC_msgsnd 3 60113 NULL
+ttm_bo_kmap_60118 ttm_bo_kmap 3-2 60118 NULL
+jmb38x_ms_count_slots_60164 jmb38x_ms_count_slots 0 60164 NULL
+init_state_60165 init_state 2 60165 NULL
+sg_build_sgat_60179 sg_build_sgat 3 60179 NULL nohasharray
+jffs2_alloc_full_dirent_60179 jffs2_alloc_full_dirent 1 60179 &sg_build_sgat_60179
++fuse_async_req_send_60183 fuse_async_req_send 0-3 60183 NULL
+rx_rx_tkip_replays_read_60193 rx_rx_tkip_replays_read 3 60193 NULL
+svc_compat_ioctl_60194 svc_compat_ioctl 3 60194 NULL
+ib_send_cm_mra_60202 ib_send_cm_mra 4 60202 NULL nohasharray
@@ -103734,6 +105995,7 @@ index 0000000..7982a0c
+dccp_setsockopt_60367 dccp_setsockopt 5 60367 NULL
+ubi_eba_atomic_leb_change_60379 ubi_eba_atomic_leb_change 5 60379 NULL
+instruction_pointer_60384 instruction_pointer 0 60384 NULL
++drop_outstanding_extent_60390 drop_outstanding_extent 0 60390 NULL
+mthca_alloc_resize_buf_60394 mthca_alloc_resize_buf 3 60394 NULL
+ocfs2_zero_extend_60396 ocfs2_zero_extend 3 60396 NULL
+driver_names_read_60399 driver_names_read 3 60399 NULL
@@ -103743,7 +106005,8 @@ index 0000000..7982a0c
+tstats_write_60432 tstats_write 3 60432 NULL nohasharray
+kmalloc_60432 kmalloc 1 60432 &tstats_write_60432
+tipc_buf_acquire_60437 tipc_buf_acquire 1 60437 NULL
-+rx_data_60442 rx_data 4 60442 NULL
++rx_data_60442 rx_data 4 60442 NULL nohasharray
++scaled_div32_60442 scaled_div32 1-2 60442 &rx_data_60442
+tcf_csum_ipv4_igmp_60446 tcf_csum_ipv4_igmp 3 60446 NULL
+snd_hda_get_num_raw_conns_60462 snd_hda_get_num_raw_conns 0 60462 NULL
+crypto_shash_setkey_60483 crypto_shash_setkey 3 60483 NULL
@@ -103751,6 +106014,8 @@ index 0000000..7982a0c
+hysdn_sched_rx_60533 hysdn_sched_rx 3 60533 NULL
+v9fs_fid_readn_60544 v9fs_fid_readn 4 60544 NULL
+nonpaging_map_60551 nonpaging_map 4 60551 NULL
++nfsd_hashsize_60562 nfsd_hashsize 0 60562 NULL
++hash_net6_expire_60598 hash_net6_expire 3 60598 NULL
+skb_transport_offset_60619 skb_transport_offset 0 60619 NULL
+wl1273_fm_fops_write_60621 wl1273_fm_fops_write 3 60621 NULL
+acl_alloc_stack_init_60630 acl_alloc_stack_init 1 60630 NULL
@@ -103780,7 +106045,7 @@ index 0000000..7982a0c
+hsc_msg_alloc_60990 hsc_msg_alloc 1 60990 NULL
+ath6kl_lrssi_roam_read_61022 ath6kl_lrssi_roam_read 3 61022 NULL
+symtab_init_61050 symtab_init 2 61050 NULL
-+fuse_send_write_61053 fuse_send_write 0 61053 NULL
++fuse_send_write_61053 fuse_send_write 0-4 61053 NULL
+bitmap_scnlistprintf_61062 bitmap_scnlistprintf 0-4-2 61062 NULL
+ahash_align_buffer_size_61070 ahash_align_buffer_size 0-1-2 61070 NULL
+get_derived_key_61100 get_derived_key 4 61100 NULL
@@ -103789,17 +106054,23 @@ index 0000000..7982a0c
+__probe_kernel_read_61119 __probe_kernel_read 3 61119 &p80211_headerlen_61119
+vmemmap_alloc_block_buf_61126 vmemmap_alloc_block_buf 1 61126 NULL
+afs_proc_cells_write_61139 afs_proc_cells_write 3 61139 NULL
++brcmf_sdio_chip_cr4_exitdl_61143 brcmf_sdio_chip_cr4_exitdl 4 61143 NULL
+__vmalloc_61168 __vmalloc 1 61168 NULL
+event_oom_late_read_61175 event_oom_late_read 3 61175 NULL nohasharray
+pair_device_61175 pair_device 4 61175 &event_oom_late_read_61175
+sys_lsetxattr_61177 sys_lsetxattr 4 61177 NULL
++SyS_prctl_61202 SyS_prctl 4 61202 NULL
+arch_hibernation_header_save_61212 arch_hibernation_header_save 0 61212 NULL
+smk_read_ambient_61220 smk_read_ambient 3 61220 NULL
+btrfs_bio_alloc_61270 btrfs_bio_alloc 3 61270 NULL
+vortex_adbdma_getlinearpos_61283 vortex_adbdma_getlinearpos 0 61283 NULL
-+sys_add_key_61288 sys_add_key 4 61288 NULL
++sys_add_key_61288 sys_add_key 4 61288 NULL nohasharray
++nvme_trans_copy_to_user_61288 nvme_trans_copy_to_user 3 61288 &sys_add_key_61288
+ext4_issue_discard_61305 ext4_issue_discard 2 61305 NULL
++xfer_from_user_61307 xfer_from_user 3 61307 NULL
++timespec_to_ns_61317 timespec_to_ns 0 61317 NULL
+xfrm_user_sec_ctx_size_61320 xfrm_user_sec_ctx_size 0 61320 NULL
++C_SYSC_msgsnd_61330 C_SYSC_msgsnd 2-3 61330 NULL
+st5481_setup_isocpipes_61340 st5481_setup_isocpipes 6-4 61340 NULL
+rx_rx_wa_ba_not_expected_read_61341 rx_rx_wa_ba_not_expected_read 3 61341 NULL
+f1x_map_sysaddr_to_csrow_61344 f1x_map_sysaddr_to_csrow 2 61344 NULL
@@ -103814,6 +106085,7 @@ index 0000000..7982a0c
+btrfs_item_size_61485 btrfs_item_size 0 61485 NULL
+erst_errno_61526 erst_errno 0 61526 NULL
+ntfs_attr_lookup_61539 ntfs_attr_lookup 0 61539 NULL
++get_ohm_of_thermistor_61545 get_ohm_of_thermistor 2 61545 NULL
+o2hb_pop_count_61553 o2hb_pop_count 2 61553 NULL
+dvb_net_ioctl_61559 dvb_net_ioctl 2 61559 NULL
+ieee80211_if_read_rc_rateidx_mask_2ghz_61570 ieee80211_if_read_rc_rateidx_mask_2ghz 3 61570 NULL
@@ -103829,6 +106101,7 @@ index 0000000..7982a0c
+ttm_page_pool_free_61661 ttm_page_pool_free 2 61661 NULL
+insert_one_name_61668 insert_one_name 7 61668 NULL
+lock_loop_61681 lock_loop 1 61681 NULL
++__do_tune_cpucache_61684 __do_tune_cpucache 2 61684 NULL
+filter_read_61692 filter_read 3 61692 NULL
+iov_length_61716 iov_length 0 61716 NULL
+fragmentation_threshold_read_61718 fragmentation_threshold_read 3 61718 NULL
@@ -103839,6 +106112,7 @@ index 0000000..7982a0c
+bfad_debugfs_write_regwr_61841 bfad_debugfs_write_regwr 3 61841 NULL
+fs_path_prepare_for_add_61854 fs_path_prepare_for_add 2 61854 NULL
+evdev_compute_buffer_size_61863 evdev_compute_buffer_size 0 61863 NULL
++SYSC_lsetxattr_61869 SYSC_lsetxattr 4 61869 NULL
+get_fw_name_61874 get_fw_name 3 61874 NULL
+free_init_pages_61875 free_init_pages 2 61875 NULL
+twl4030_sih_setup_61878 twl4030_sih_setup 3 61878 NULL
@@ -103860,6 +106134,7 @@ index 0000000..7982a0c
+virtnet_send_command_61993 virtnet_send_command 5-6 61993 NULL
+xt_compat_match_offset_62011 xt_compat_match_offset 0 62011 NULL
+jffs2_do_unlink_62020 jffs2_do_unlink 4 62020 NULL
++SYSC_select_62024 SYSC_select 1 62024 NULL
+pmcraid_build_passthrough_ioadls_62034 pmcraid_build_passthrough_ioadls 2 62034 NULL
+ppp_tx_cp_62044 ppp_tx_cp 5 62044 NULL
+sctp_user_addto_chunk_62047 sctp_user_addto_chunk 2-3 62047 NULL
@@ -103876,6 +106151,7 @@ index 0000000..7982a0c
+alloc_upcall_62186 alloc_upcall 2 62186 NULL
+btrfs_xattr_acl_set_62203 btrfs_xattr_acl_set 4 62203 NULL
+sock_kmalloc_62205 sock_kmalloc 2 62205 NULL
++SYSC_setgroups16_62232 SYSC_setgroups16 1 62232 NULL
+nfsd_read_file_62241 nfsd_read_file 6 62241 NULL
+allocate_partition_62245 allocate_partition 4 62245 NULL
+__qib_get_user_pages_62287 __qib_get_user_pages 1-2 62287 NULL
@@ -103925,6 +106201,7 @@ index 0000000..7982a0c
+init_chip_wc_pat_62768 init_chip_wc_pat 2 62768 NULL
+ax25_sendmsg_62770 ax25_sendmsg 4 62770 NULL
+page_key_alloc_62771 page_key_alloc 0 62771 NULL
++C_SYSC_ipc_62776 C_SYSC_ipc 5-3-6-4 62776 NULL
+tracing_total_entries_read_62817 tracing_total_entries_read 3 62817 NULL
+__rounddown_pow_of_two_62836 __rounddown_pow_of_two 0 62836 NULL
+bio_get_nr_vecs_62838 bio_get_nr_vecs 0 62838 NULL
@@ -103937,11 +106214,13 @@ index 0000000..7982a0c
+if_spi_host_to_card_62890 if_spi_host_to_card 4 62890 NULL
+mempool_create_slab_pool_62907 mempool_create_slab_pool 1 62907 NULL
+getdqbuf_62908 getdqbuf 1 62908 NULL
-+try_async_pf_62914 try_async_pf 3 62914 NULL
++try_async_pf_62914 try_async_pf 3 62914 NULL nohasharray
++SyS_remap_file_pages_62914 SyS_remap_file_pages 1 62914 &try_async_pf_62914
+agp_create_user_memory_62955 agp_create_user_memory 1 62955 NULL
+__vb2_perform_fileio_63033 __vb2_perform_fileio 3 63033 NULL
+pipeline_defrag_to_csum_swi_read_63037 pipeline_defrag_to_csum_swi_read 3 63037 NULL
+scsi_host_alloc_63041 scsi_host_alloc 2 63041 NULL
++gso_pskb_expand_head_63052 gso_pskb_expand_head 2 63052 NULL
+unlink1_63059 unlink1 3 63059 NULL
+xen_set_nslabs_63066 xen_set_nslabs 0 63066 NULL
+ocfs2_decrease_refcount_63078 ocfs2_decrease_refcount 3 63078 NULL
@@ -103952,6 +106231,7 @@ index 0000000..7982a0c
+xen_zap_pfn_range_63149 xen_zap_pfn_range 1 63149 NULL
+smk_write_revoke_subj_63173 smk_write_revoke_subj 3 63173 NULL
+vme_master_read_63221 vme_master_read 0 63221 NULL
++SyS_gethostname_63227 SyS_gethostname 2 63227 NULL
+module_alloc_update_bounds_rw_63233 module_alloc_update_bounds_rw 1 63233 NULL
+ptp_read_63251 ptp_read 4 63251 NULL
+raid5_resize_63306 raid5_resize 2 63306 NULL
@@ -104005,6 +106285,8 @@ index 0000000..7982a0c
+kovaplus_sysfs_write_63795 kovaplus_sysfs_write 6 63795 NULL
+mwifiex_11n_create_rx_reorder_tbl_63806 mwifiex_11n_create_rx_reorder_tbl 4 63806 NULL
+copy_nodes_to_user_63807 copy_nodes_to_user 2 63807 NULL
++dec_zcache_eph_zbytes_63817 dec_zcache_eph_zbytes 1 63817 NULL
++prepare_copy_63826 prepare_copy 2 63826 NULL
+sel_write_load_63830 sel_write_load 3 63830 NULL
+proc_pid_attr_write_63845 proc_pid_attr_write 3 63845 NULL
+init_map_ipmac_63896 init_map_ipmac 4-3 63896 NULL
@@ -104022,19 +106304,23 @@ index 0000000..7982a0c
+diva_xdi_write_63975 diva_xdi_write 4 63975 NULL
+read_file_frameerrors_64001 read_file_frameerrors 3 64001 NULL
+kmemdup_64015 kmemdup 2 64015 NULL
++SyS_rt_sigpending_64018 SyS_rt_sigpending 2 64018 NULL
+offset_to_vaddr_64025 offset_to_vaddr 0-2 64025 NULL nohasharray
+tcf_csum_skb_nextlayer_64025 tcf_csum_skb_nextlayer 3 64025 &offset_to_vaddr_64025
+dbAllocDmapLev_64030 dbAllocDmapLev 0 64030 NULL
+resize_async_buffer_64031 resize_async_buffer 4 64031 NULL
+sep_lli_table_secure_dma_64042 sep_lli_table_secure_dma 2-3 64042 NULL
++tfrc_calc_x_reverse_lookup_64057 tfrc_calc_x_reverse_lookup 0 64057 NULL
+get_u8_64076 get_u8 0 64076 NULL
+sl_realloc_bufs_64086 sl_realloc_bufs 2 64086 NULL
+vmci_handle_arr_get_size_64088 vmci_handle_arr_get_size 0 64088 NULL
+lbs_highrssi_read_64089 lbs_highrssi_read 3 64089 NULL
++SyS_mq_timedsend_64107 SyS_mq_timedsend 3 64107 NULL
+do_load_xattr_datum_64118 do_load_xattr_datum 0 64118 NULL
+ol_quota_entries_per_block_64122 ol_quota_entries_per_block 0 64122 NULL
+ext4_prepare_inline_data_64124 ext4_prepare_inline_data 3 64124 NULL
+init_bch_64130 init_bch 1-2 64130 NULL
++SYSC_ptrace_64136 SYSC_ptrace 3-4 64136 NULL
+uea_idma_write_64139 uea_idma_write 3 64139 NULL
+ablkcipher_copy_iv_64140 ablkcipher_copy_iv 3 64140 NULL
+dlfb_ops_write_64150 dlfb_ops_write 3 64150 NULL
@@ -104051,6 +106337,7 @@ index 0000000..7982a0c
+ocfs2_block_check_validate_bhs_64302 ocfs2_block_check_validate_bhs 0 64302 NULL
+error_error_bar_retry_read_64305 error_error_bar_retry_read 3 64305 NULL
+ffz_64324 ffz 0 64324 NULL
++map_region_64328 map_region 1 64328 NULL
+sisusbcon_clear_64329 sisusbcon_clear 4-3-5 64329 NULL
+ts_write_64336 ts_write 3 64336 NULL
+usbtmc_write_64340 usbtmc_write 3 64340 NULL
@@ -104073,6 +106360,7 @@ index 0000000..7982a0c
+read_file_spectral_short_repeat_64431 read_file_spectral_short_repeat 3 64431 &ext4_trim_extent_64431
+cap_capable_64462 cap_capable 0 64462 NULL
+ip_vs_create_timeout_table_64478 ip_vs_create_timeout_table 2 64478 NULL
++single_open_size_64483 single_open_size 4 64483 NULL
+p54_parse_rssical_64493 p54_parse_rssical 3 64493 NULL
+msg_data_sz_64503 msg_data_sz 0 64503 NULL
+remove_uuid_64505 remove_uuid 4 64505 NULL nohasharray
@@ -104081,6 +106369,8 @@ index 0000000..7982a0c
+opera1_usb_i2c_msgxfer_64521 opera1_usb_i2c_msgxfer 4 64521 NULL
+ses_send_diag_64527 ses_send_diag 4 64527 NULL
+prctl_set_mm_64538 prctl_set_mm 3 64538 NULL
++SyS_bind_64544 SyS_bind 3 64544 NULL
++rbd_obj_read_sync_64554 rbd_obj_read_sync 3-4 64554 NULL
+__spi_sync_64561 __spi_sync 0 64561 NULL
+__apei_exec_run_64563 __apei_exec_run 0 64563 NULL
+fanotify_write_64623 fanotify_write 3 64623 NULL
@@ -104101,6 +106391,7 @@ index 0000000..7982a0c
+bio_map_kern_64751 bio_map_kern 3 64751 NULL
+rt2x00debug_write_csr_64753 rt2x00debug_write_csr 3 64753 NULL
+isr_low_rssi_read_64789 isr_low_rssi_read 3 64789 NULL
++regmap_reg_ranges_read_file_64798 regmap_reg_ranges_read_file 3 64798 NULL
+nfsctl_transaction_write_64800 nfsctl_transaction_write 3 64800 NULL
+megaraid_change_queue_depth_64815 megaraid_change_queue_depth 2 64815 NULL
+ecryptfs_send_miscdev_64816 ecryptfs_send_miscdev 2 64816 NULL
@@ -104132,10 +106423,12 @@ index 0000000..7982a0c
+__alloc_bootmem_node_high_65076 __alloc_bootmem_node_high 2-3 65076 NULL
+ocfs2_truncate_cluster_pages_65086 ocfs2_truncate_cluster_pages 2 65086 NULL
+ath9k_dump_mci_btcoex_65090 ath9k_dump_mci_btcoex 0 65090 NULL
++C_SYSC_semctl_65091 C_SYSC_semctl 4 65091 NULL
+ssb_bus_register_65183 ssb_bus_register 3 65183 NULL
+rx_rx_done_read_65217 rx_rx_done_read 3 65217 NULL
+print_endpoint_stat_65232 print_endpoint_stat 3-4-0 65232 NULL
+whci_n_caps_65247 whci_n_caps 0 65247 NULL
++atomic_long_read_65263 atomic_long_read 0 65263 NULL
+kmem_zalloc_greedy_65268 kmem_zalloc_greedy 3-2 65268 NULL
+kmalloc_parameter_65279 kmalloc_parameter 1 65279 NULL
+compat_core_sys_select_65285 compat_core_sys_select 1 65285 NULL
@@ -104145,11 +106438,13 @@ index 0000000..7982a0c
+unpack_array_65318 unpack_array 0 65318 NULL
+pci_vpd_find_tag_65325 pci_vpd_find_tag 0-2 65325 NULL
+dccp_setsockopt_service_65336 dccp_setsockopt_service 4 65336 NULL
++init_list_set_65351 init_list_set 2-3 65351 NULL
+dma_rx_requested_read_65354 dma_rx_requested_read 3 65354 NULL
+batadv_tt_save_orig_buffer_65361 batadv_tt_save_orig_buffer 4 65361 NULL
+alloc_cpu_rmap_65363 alloc_cpu_rmap 1 65363 NULL
+__ext4_new_inode_65370 __ext4_new_inode 5 65370 NULL
-+strchr_65372 strchr 0 65372 NULL
++strchr_65372 strchr 0 65372 NULL nohasharray
++SyS_writev_65372 SyS_writev 3 65372 &strchr_65372
+__alloc_bootmem_nopanic_65397 __alloc_bootmem_nopanic 1-2 65397 NULL
+trace_seq_to_user_65398 trace_seq_to_user 3 65398 NULL
+mtd_get_device_size_65400 mtd_get_device_size 0 65400 NULL
@@ -106897,6 +109192,32 @@ index 0000000..4fae911
+
+ return 0;
+}
+diff --git a/tools/lib/lk/Makefile b/tools/lib/lk/Makefile
+index 926cbf3..b8403e0 100644
+--- a/tools/lib/lk/Makefile
++++ b/tools/lib/lk/Makefile
+@@ -10,7 +10,7 @@ LIB_OBJS += $(OUTPUT)debugfs.o
+
+ LIBFILE = liblk.a
+
+-CFLAGS = -ggdb3 -Wall -Wextra -std=gnu99 -Werror -O6 -D_FORTIFY_SOURCE=2 $(EXTRA_WARNINGS) $(EXTRA_CFLAGS) -fPIC
++CFLAGS = -ggdb3 -Wall -Wextra -std=gnu99 -Werror -O6 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $(EXTRA_WARNINGS) $(EXTRA_CFLAGS) -fPIC
+ EXTLIBS = -lpthread -lrt -lelf -lm
+ ALL_CFLAGS = $(CFLAGS) $(BASIC_CFLAGS) -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
+ ALL_LDFLAGS = $(LDFLAGS)
+diff --git a/tools/perf/Makefile b/tools/perf/Makefile
+index b0f164b..63c9f7d 100644
+--- a/tools/perf/Makefile
++++ b/tools/perf/Makefile
+@@ -188,7 +188,7 @@ endif
+
+ ifndef PERF_DEBUG
+ ifeq ($(call try-cc,$(SOURCE_HELLO),$(CFLAGS) -D_FORTIFY_SOURCE=2,-D_FORTIFY_SOURCE=2),y)
+- CFLAGS := $(CFLAGS) -D_FORTIFY_SOURCE=2
++ CFLAGS := $(CFLAGS) -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
+ endif
+ endif
+
diff --git a/tools/perf/util/include/asm/alternative-asm.h b/tools/perf/util/include/asm/alternative-asm.h
index 6789d78..4afd019e 100644
--- a/tools/perf/util/include/asm/alternative-asm.h
@@ -106927,7 +109248,7 @@ index 96b919d..c49bb74 100644
+
#endif
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index f18013f..90421df 100644
+index 302681c..3bde377 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -75,12 +75,17 @@ LIST_HEAD(vm_list);
@@ -106950,16 +109271,16 @@ index f18013f..90421df 100644
struct dentry *kvm_debugfs_dir;
-@@ -769,7 +774,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
+@@ -766,7 +771,7 @@ int __kvm_set_memory_region(struct kvm *kvm,
/* We can read the guest memory with __xxx_user() later on. */
- if (user_alloc &&
+ if ((mem->slot < KVM_USER_MEM_SLOTS) &&
((mem->userspace_addr & (PAGE_SIZE - 1)) ||
- !access_ok(VERIFY_WRITE,
+ !__access_ok(VERIFY_WRITE,
(void __user *)(unsigned long)mem->userspace_addr,
mem->memory_size)))
goto out;
-@@ -1881,7 +1886,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
+@@ -1878,7 +1883,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
return 0;
}
@@ -106968,7 +109289,7 @@ index f18013f..90421df 100644
.release = kvm_vcpu_release,
.unlocked_ioctl = kvm_vcpu_ioctl,
#ifdef CONFIG_COMPAT
-@@ -2402,7 +2407,7 @@ static int kvm_vm_mmap(struct file *file, struct vm_area_struct *vma)
+@@ -2561,7 +2566,7 @@ static int kvm_vm_mmap(struct file *file, struct vm_area_struct *vma)
return 0;
}
@@ -106977,7 +109298,7 @@ index f18013f..90421df 100644
.release = kvm_vm_release,
.unlocked_ioctl = kvm_vm_ioctl,
#ifdef CONFIG_COMPAT
-@@ -2500,7 +2505,7 @@ out:
+@@ -2662,7 +2667,7 @@ out:
return r;
}
@@ -106986,7 +109307,7 @@ index f18013f..90421df 100644
.unlocked_ioctl = kvm_dev_ioctl,
.compat_ioctl = kvm_dev_ioctl,
.llseek = noop_llseek,
-@@ -2526,7 +2531,7 @@ static void hardware_enable_nolock(void *junk)
+@@ -2688,7 +2693,7 @@ static void hardware_enable_nolock(void *junk)
if (r) {
cpumask_clear_cpu(cpu, cpus_hardware_enabled);
@@ -106995,7 +109316,7 @@ index f18013f..90421df 100644
printk(KERN_INFO "kvm: enabling virtualization on "
"CPU%d failed\n", cpu);
}
-@@ -2580,10 +2585,10 @@ static int hardware_enable_all(void)
+@@ -2742,10 +2747,10 @@ static int hardware_enable_all(void)
kvm_usage_count++;
if (kvm_usage_count == 1) {
@@ -107008,7 +109329,7 @@ index f18013f..90421df 100644
hardware_disable_all_nolock();
r = -EBUSY;
}
-@@ -2941,7 +2946,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
+@@ -3099,7 +3104,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
kvm_arch_vcpu_put(vcpu);
}
@@ -107017,7 +109338,7 @@ index f18013f..90421df 100644
struct module *module)
{
int r;
-@@ -2977,7 +2982,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3146,7 +3151,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (!vcpu_align)
vcpu_align = __alignof__(struct kvm_vcpu);
kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align,
@@ -107026,7 +109347,7 @@ index f18013f..90421df 100644
if (!kvm_vcpu_cache) {
r = -ENOMEM;
goto out_free_3;
-@@ -2987,9 +2992,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3156,9 +3161,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (r)
goto out_free;
@@ -107038,7 +109359,7 @@ index f18013f..90421df 100644
r = misc_register(&kvm_dev);
if (r) {
-@@ -2999,9 +3006,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3168,9 +3175,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
register_syscore_ops(&kvm_syscore_ops);
diff --git a/main/linux-virt-grsec/kernelconfig.x86 b/main/linux-virt-grsec/kernelconfig.x86
index ee9b9222b2..36db38fae0 100644
--- a/main/linux-virt-grsec/kernelconfig.x86
+++ b/main/linux-virt-grsec/kernelconfig.x86
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.9.8 Kernel Configuration
+# Linux/x86 3.10.7 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -17,12 +17,10 @@ CONFIG_NEED_SG_DMA_LENGTH=y
CONFIG_GENERIC_ISA_DMA=y
CONFIG_GENERIC_BUG=y
CONFIG_GENERIC_HWEIGHT=y
-CONFIG_GENERIC_GPIO=y
CONFIG_ARCH_MAY_HAVE_PC_FDC=y
CONFIG_RWSEM_XCHGADD_ALGORITHM=y
CONFIG_GENERIC_CALIBRATE_DELAY=y
CONFIG_ARCH_HAS_CPU_RELAX=y
-CONFIG_ARCH_HAS_DEFAULT_IDLE=y
CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
CONFIG_ARCH_HAS_CPU_AUTOPROBE=y
CONFIG_HAVE_SETUP_PER_CPU_AREA=y
@@ -94,6 +92,9 @@ CONFIG_GENERIC_CMOS_UPDATE=y
# Timers subsystem
#
CONFIG_TICK_ONESHOT=y
+CONFIG_NO_HZ_COMMON=y
+# CONFIG_HZ_PERIODIC is not set
+CONFIG_NO_HZ_IDLE=y
CONFIG_NO_HZ=y
CONFIG_HIGH_RES_TIMERS=y
@@ -159,19 +160,19 @@ CONFIG_RD_XZ=y
CONFIG_CC_OPTIMIZE_FOR_SIZE=y
CONFIG_SYSCTL=y
CONFIG_ANON_INODES=y
-CONFIG_EXPERT=y
CONFIG_HAVE_UID16=y
+CONFIG_SYSCTL_EXCEPTION_TRACE=y
+CONFIG_HOTPLUG=y
+CONFIG_HAVE_PCSPKR_PLATFORM=y
+CONFIG_EXPERT=y
CONFIG_UID16=y
CONFIG_SYSCTL_SYSCALL=y
-CONFIG_SYSCTL_EXCEPTION_TRACE=y
CONFIG_KALLSYMS=y
CONFIG_KALLSYMS_ALL=y
-CONFIG_HOTPLUG=y
CONFIG_PRINTK=y
CONFIG_BUG=y
CONFIG_ELF_CORE=y
# CONFIG_PCSPKR_PLATFORM is not set
-CONFIG_HAVE_PCSPKR_PLATFORM=y
CONFIG_BASE_FULL=y
CONFIG_FUTEX=y
CONFIG_EPOLL=y
@@ -180,6 +181,7 @@ CONFIG_TIMERFD=y
CONFIG_EVENTFD=y
CONFIG_SHMEM=y
CONFIG_AIO=y
+CONFIG_PCI_QUIRKS=y
CONFIG_EMBEDDED=y
CONFIG_HAVE_PERF_EVENTS=y
@@ -189,7 +191,6 @@ CONFIG_HAVE_PERF_EVENTS=y
CONFIG_PERF_EVENTS=y
# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
CONFIG_VM_EVENT_COUNTERS=y
-CONFIG_PCI_QUIRKS=y
# CONFIG_SLUB_DEBUG is not set
# CONFIG_COMPAT_BRK is not set
# CONFIG_SLAB is not set
@@ -203,6 +204,7 @@ CONFIG_OPROFILE_NMI_TIMER=y
# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set
CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
CONFIG_ARCH_USE_BUILTIN_BSWAP=y
+CONFIG_USER_RETURN_NOTIFIER=y
CONFIG_HAVE_IOREMAP_PROT=y
CONFIG_HAVE_KPROBES=y
CONFIG_HAVE_KRETPROBES=y
@@ -288,6 +290,7 @@ CONFIG_IOSCHED_DEADLINE=y
CONFIG_DEFAULT_DEADLINE=y
# CONFIG_DEFAULT_NOOP is not set
CONFIG_DEFAULT_IOSCHED="deadline"
+CONFIG_PREEMPT_NOTIFIERS=y
CONFIG_PADATA=y
CONFIG_ASN1=m
CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
@@ -310,15 +313,15 @@ CONFIG_X86_BIGSMP=y
# CONFIG_X86_INTEL_LPSS is not set
# CONFIG_X86_32_IRIS is not set
CONFIG_SCHED_OMIT_FRAME_POINTER=y
-CONFIG_PARAVIRT_GUEST=y
-CONFIG_PARAVIRT_TIME_ACCOUNTING=y
+CONFIG_HYPERVISOR_GUEST=y
+CONFIG_PARAVIRT=y
+# CONFIG_PARAVIRT_DEBUG is not set
+CONFIG_PARAVIRT_SPINLOCKS=y
# CONFIG_XEN_PRIVILEGED_GUEST is not set
CONFIG_KVM_GUEST=y
# CONFIG_LGUEST_GUEST is not set
-CONFIG_PARAVIRT=y
-CONFIG_PARAVIRT_SPINLOCKS=y
+CONFIG_PARAVIRT_TIME_ACCOUNTING=y
CONFIG_PARAVIRT_CLOCK=y
-# CONFIG_PARAVIRT_DEBUG is not set
CONFIG_NO_BOOTMEM=y
# CONFIG_MEMTEST is not set
# CONFIG_M486 is not set
@@ -419,6 +422,7 @@ CONFIG_MIGRATION=y
CONFIG_ZONE_DMA_FLAG=1
CONFIG_BOUNCE=y
CONFIG_VIRT_TO_BUS=y
+CONFIG_MMU_NOTIFIER=y
CONFIG_KSM=y
CONFIG_DEFAULT_MMAP_MIN_ADDR=65536
# CONFIG_TRANSPARENT_HUGEPAGE is not set
@@ -562,8 +566,6 @@ CONFIG_AMD_NB=y
CONFIG_HOTPLUG_PCI=m
# CONFIG_HOTPLUG_PCI_COMPAQ is not set
# CONFIG_HOTPLUG_PCI_IBM is not set
-CONFIG_HOTPLUG_PCI_ACPI=m
-CONFIG_HOTPLUG_PCI_ACPI_IBM=m
# CONFIG_HOTPLUG_PCI_CPCI is not set
CONFIG_HOTPLUG_PCI_SHPC=m
# CONFIG_RAPIDIO is not set
@@ -574,6 +576,7 @@ CONFIG_HOTPLUG_PCI_SHPC=m
CONFIG_BINFMT_ELF=y
CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE=y
# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
+CONFIG_BINFMT_SCRIPT=y
CONFIG_HAVE_AOUT=y
CONFIG_BINFMT_MISC=m
CONFIG_COREDUMP=y
@@ -611,6 +614,7 @@ CONFIG_IP_PNP_BOOTP=y
CONFIG_IP_PNP_RARP=y
CONFIG_NET_IPIP=m
CONFIG_NET_IPGRE_DEMUX=y
+CONFIG_NET_IP_TUNNEL=m
CONFIG_NET_IPGRE=m
CONFIG_NET_IPGRE_BROADCAST=y
CONFIG_IP_MROUTE=y
@@ -1003,7 +1007,6 @@ CONFIG_ATALK=m
CONFIG_DEV_APPLETALK=m
CONFIG_IPDDP=m
CONFIG_IPDDP_ENCAP=y
-CONFIG_IPDDP_DECAP=y
CONFIG_X25=m
CONFIG_LAPB=m
CONFIG_PHONET=m
@@ -1080,6 +1083,8 @@ CONFIG_DNS_RESOLVER=y
CONFIG_OPENVSWITCH=m
CONFIG_VSOCKETS=m
CONFIG_VMWARE_VMCI_VSOCKETS=m
+CONFIG_NETLINK_MMAP=y
+CONFIG_NETLINK_DIAG=m
CONFIG_RPS=y
CONFIG_RFS_ACCEL=y
CONFIG_XPS=y
@@ -1182,6 +1187,7 @@ CONFIG_BLK_DEV_RBD=m
#
# CONFIG_SENSORS_LIS3LV02D is not set
# CONFIG_AD525X_DPOT is not set
+# CONFIG_DUMMY_IRQ is not set
# CONFIG_IBM_ASM is not set
# CONFIG_PHANTOM is not set
# CONFIG_INTEL_MID_PTI is not set
@@ -1204,6 +1210,7 @@ CONFIG_VMWARE_BALLOON=m
# CONFIG_BMP085_I2C is not set
# CONFIG_PCH_PHUB is not set
# CONFIG_USB_SWITCH_FSA9480 is not set
+# CONFIG_SRAM is not set
# CONFIG_C2PORT is not set
#
@@ -1228,6 +1235,7 @@ CONFIG_TI_ST=m
#
# CONFIG_ALTERA_STAPL is not set
# CONFIG_INTEL_MEI is not set
+# CONFIG_INTEL_MEI_ME is not set
CONFIG_VMWARE_VMCI=m
CONFIG_HAVE_IDE=y
# CONFIG_IDE is not set
@@ -1460,6 +1468,10 @@ CONFIG_MD_RAID10=m
CONFIG_MD_RAID456=m
CONFIG_MD_MULTIPATH=m
CONFIG_MD_FAULTY=m
+CONFIG_BCACHE=m
+# CONFIG_BCACHE_DEBUG is not set
+# CONFIG_BCACHE_EDEBUG is not set
+# CONFIG_BCACHE_CLOSURES_DEBUG is not set
CONFIG_BLK_DEV_DM=m
# CONFIG_DM_DEBUG is not set
CONFIG_DM_BUFIO=m
@@ -1528,6 +1540,7 @@ CONFIG_IFB=m
CONFIG_NET_TEAM=m
CONFIG_NET_TEAM_MODE_BROADCAST=m
CONFIG_NET_TEAM_MODE_ROUNDROBIN=m
+CONFIG_NET_TEAM_MODE_RANDOM=m
CONFIG_NET_TEAM_MODE_ACTIVEBACKUP=m
CONFIG_NET_TEAM_MODE_LOADBALANCE=m
CONFIG_MACVLAN=m
@@ -1547,6 +1560,9 @@ CONFIG_VIRTIO_NET=m
#
# CAIF transport drivers
#
+CONFIG_VHOST_NET=m
+CONFIG_VHOST_SCSI=m
+CONFIG_VHOST_RING=m
#
# Distributed Switch Architecture drivers
@@ -1670,6 +1686,7 @@ CONFIG_MDIO_GPIO=m
# CONFIG_USB_KAWETH is not set
# CONFIG_USB_PEGASUS is not set
# CONFIG_USB_RTL8150 is not set
+# CONFIG_USB_RTL8152 is not set
# CONFIG_USB_USBNET is not set
# CONFIG_USB_CDC_PHONET is not set
# CONFIG_USB_IPHETH is not set
@@ -1771,6 +1788,7 @@ CONFIG_INPUT_MISC=y
# CONFIG_INPUT_PCF8574 is not set
# CONFIG_INPUT_GPIO_ROTARY_ENCODER is not set
# CONFIG_INPUT_ADXL34X is not set
+# CONFIG_INPUT_IMS_PCU is not set
# CONFIG_INPUT_CMA3000 is not set
#
@@ -1945,6 +1963,11 @@ CONFIG_I2C_PIIX4=m
# CONFIG_I2C_DEBUG_ALGO is not set
# CONFIG_I2C_DEBUG_BUS is not set
# CONFIG_SPI is not set
+
+#
+# Qualcomm MSM SSBI bus support
+#
+# CONFIG_SSBI is not set
# CONFIG_HSI is not set
#
@@ -2095,6 +2118,7 @@ CONFIG_HWMON=m
# CONFIG_SENSORS_LTC4215 is not set
# CONFIG_SENSORS_LTC4245 is not set
# CONFIG_SENSORS_LTC4261 is not set
+# CONFIG_SENSORS_LM95234 is not set
# CONFIG_SENSORS_LM95241 is not set
# CONFIG_SENSORS_LM95245 is not set
# CONFIG_SENSORS_MAX16065 is not set
@@ -2106,6 +2130,7 @@ CONFIG_HWMON=m
# CONFIG_SENSORS_MAX6650 is not set
# CONFIG_SENSORS_MAX6697 is not set
# CONFIG_SENSORS_MCP3021 is not set
+# CONFIG_SENSORS_NCT6775 is not set
# CONFIG_SENSORS_NTC_THERMISTOR is not set
# CONFIG_SENSORS_PC87360 is not set
# CONFIG_SENSORS_PC87427 is not set
@@ -2240,31 +2265,35 @@ CONFIG_BCMA_POSSIBLE=y
# Multifunction device drivers
#
CONFIG_MFD_CORE=m
-# CONFIG_MFD_SM501 is not set
-# CONFIG_MFD_RTSX_PCI is not set
-# CONFIG_MFD_TI_AM335X_TSCADC is not set
+# CONFIG_MFD_CS5535 is not set
+# CONFIG_MFD_CROS_EC is not set
+# CONFIG_MFD_MC13XXX_I2C is not set
# CONFIG_HTC_PASIC3 is not set
+# CONFIG_LPC_ICH is not set
+# CONFIG_LPC_SCH is not set
+# CONFIG_MFD_JANZ_CMODIO is not set
+# CONFIG_MFD_VIPERBOARD is not set
+# CONFIG_MFD_RETU is not set
+# CONFIG_MFD_PCF50633 is not set
# CONFIG_UCB1400_CORE is not set
-# CONFIG_MFD_LM3533 is not set
+# CONFIG_MFD_RDC321X is not set
+# CONFIG_MFD_RTSX_PCI is not set
+# CONFIG_MFD_SI476X_CORE is not set
+# CONFIG_MFD_SM501 is not set
+# CONFIG_ABX500_CORE is not set
+# CONFIG_MFD_SYSCON is not set
+# CONFIG_MFD_TI_AM335X_TSCADC is not set
# CONFIG_TPS6105X is not set
# CONFIG_TPS65010 is not set
# CONFIG_TPS6507X is not set
# CONFIG_MFD_TPS65217 is not set
-# CONFIG_MFD_TMIO is not set
-# CONFIG_MFD_ARIZONA_I2C is not set
-# CONFIG_MFD_PCF50633 is not set
-# CONFIG_MFD_MC13XXX_I2C is not set
-# CONFIG_ABX500_CORE is not set
-# CONFIG_MFD_CS5535 is not set
+# CONFIG_MFD_TPS65912 is not set
+CONFIG_MFD_WL1273_CORE=m
+# CONFIG_MFD_LM3533 is not set
# CONFIG_MFD_TIMBERDALE is not set
-# CONFIG_LPC_SCH is not set
-# CONFIG_LPC_ICH is not set
-# CONFIG_MFD_RDC321X is not set
-# CONFIG_MFD_JANZ_CMODIO is not set
+# CONFIG_MFD_TMIO is not set
# CONFIG_MFD_VX855 is not set
-CONFIG_MFD_WL1273_CORE=m
-# CONFIG_MFD_VIPERBOARD is not set
-# CONFIG_MFD_RETU is not set
+# CONFIG_MFD_ARIZONA_I2C is not set
# CONFIG_REGULATOR is not set
# CONFIG_MEDIA_SUPPORT is not set
@@ -2316,6 +2345,7 @@ CONFIG_DRM_GMA3600=y
# CONFIG_DRM_AST is not set
CONFIG_DRM_MGAG200=m
CONFIG_DRM_CIRRUS_QEMU=m
+CONFIG_DRM_QXL=m
CONFIG_VGASTATE=m
CONFIG_VIDEO_OUTPUT_CONTROL=m
CONFIG_HDMI=y
@@ -2332,7 +2362,6 @@ CONFIG_FB_SYS_COPYAREA=m
CONFIG_FB_SYS_IMAGEBLIT=m
# CONFIG_FB_FOREIGN_ENDIAN is not set
# CONFIG_FB_SYS_FOPS is not set
-# CONFIG_FB_WMT_GE_ROPS is not set
CONFIG_FB_DEFERRED_IO=y
# CONFIG_FB_SVGALIB is not set
# CONFIG_FB_MACMODES is not set
@@ -2385,6 +2414,7 @@ CONFIG_FB_UVESA=m
# CONFIG_FB_MB862XX is not set
# CONFIG_FB_BROADSHEET is not set
# CONFIG_FB_AUO_K190X is not set
+CONFIG_FB_HYPERV=m
# CONFIG_EXYNOS_VIDEO is not set
CONFIG_BACKLIGHT_LCD_SUPPORT=y
# CONFIG_LCD_CLASS_DEVICE is not set
@@ -2565,6 +2595,7 @@ CONFIG_HID_GENERIC=m
# CONFIG_HID_A4TECH is not set
# CONFIG_HID_ACRUX is not set
# CONFIG_HID_APPLE is not set
+# CONFIG_HID_APPLEIR is not set
# CONFIG_HID_AUREAL is not set
# CONFIG_HID_BELKIN is not set
# CONFIG_HID_CHERRY is not set
@@ -2573,6 +2604,7 @@ CONFIG_HID_GENERIC=m
# CONFIG_HID_CYPRESS is not set
# CONFIG_HID_DRAGONRISE is not set
# CONFIG_HID_EMS_FF is not set
+# CONFIG_HID_ELECOM is not set
# CONFIG_HID_EZKEY is not set
# CONFIG_HID_HOLTEK is not set
# CONFIG_HID_KEYTOUCH is not set
@@ -2580,11 +2612,13 @@ CONFIG_HID_GENERIC=m
# CONFIG_HID_UCLOGIC is not set
# CONFIG_HID_WALTOP is not set
# CONFIG_HID_GYRATION is not set
+# CONFIG_HID_ICADE is not set
# CONFIG_HID_TWINHAN is not set
# CONFIG_HID_KENSINGTON is not set
# CONFIG_HID_LCPOWER is not set
# CONFIG_HID_LENOVO_TPKBD is not set
# CONFIG_HID_LOGITECH is not set
+# CONFIG_HID_MAGICMOUSE is not set
# CONFIG_HID_MICROSOFT is not set
# CONFIG_HID_MONTEREY is not set
# CONFIG_HID_MULTITOUCH is not set
@@ -2594,6 +2628,7 @@ CONFIG_HID_GENERIC=m
# CONFIG_HID_PETALYNX is not set
# CONFIG_HID_PICOLCD is not set
# CONFIG_HID_PRIMAX is not set
+# CONFIG_HID_PS3REMOTE is not set
# CONFIG_HID_ROCCAT is not set
# CONFIG_HID_SAITEK is not set
# CONFIG_HID_SAMSUNG is not set
@@ -2608,6 +2643,8 @@ CONFIG_HID_HYPERV_MOUSE=m
# CONFIG_HID_TOPSEED is not set
# CONFIG_HID_THINGM is not set
# CONFIG_HID_THRUSTMASTER is not set
+# CONFIG_HID_WACOM is not set
+# CONFIG_HID_WIIMOTE is not set
# CONFIG_HID_ZEROPLUS is not set
# CONFIG_HID_ZYDACRON is not set
# CONFIG_HID_SENSOR_HUB is not set
@@ -2642,10 +2679,10 @@ CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
#
# Miscellaneous USB options
#
+# CONFIG_USB_DEFAULT_PERSIST is not set
# CONFIG_USB_DYNAMIC_MINORS is not set
# CONFIG_USB_OTG_WHITELIST is not set
# CONFIG_USB_OTG_BLACKLIST_HUB is not set
-# CONFIG_USB_DWC3 is not set
CONFIG_USB_MON=m
# CONFIG_USB_WUSB_CBAF is not set
@@ -2659,6 +2696,7 @@ CONFIG_USB_EHCI_HCD=m
# CONFIG_USB_EHCI_ROOT_HUB_TT is not set
# CONFIG_USB_EHCI_TT_NEWSCHED is not set
CONFIG_USB_EHCI_PCI=m
+CONFIG_USB_EHCI_HCD_PLATFORM=m
# CONFIG_USB_OXU210HP_HCD is not set
# CONFIG_USB_ISP116X_HCD is not set
# CONFIG_USB_ISP1760_HCD is not set
@@ -2666,7 +2704,6 @@ CONFIG_USB_EHCI_PCI=m
CONFIG_USB_OHCI_HCD=m
CONFIG_USB_OHCI_HCD_SSB=y
CONFIG_USB_OHCI_HCD_PLATFORM=y
-CONFIG_USB_EHCI_HCD_PLATFORM=m
# CONFIG_USB_OHCI_BIG_ENDIAN_DESC is not set
# CONFIG_USB_OHCI_BIG_ENDIAN_MMIO is not set
CONFIG_USB_OHCI_LITTLE_ENDIAN=y
@@ -2674,7 +2711,6 @@ CONFIG_USB_UHCI_HCD=m
# CONFIG_USB_SL811_HCD is not set
# CONFIG_USB_R8A66597_HCD is not set
CONFIG_USB_HCD_SSB=m
-# CONFIG_USB_CHIPIDEA is not set
#
# USB Device Class drivers
@@ -2712,6 +2748,8 @@ CONFIG_USB_STORAGE_ENE_UB6250=m
#
# CONFIG_USB_MDC800 is not set
# CONFIG_USB_MICROTEK is not set
+# CONFIG_USB_DWC3 is not set
+# CONFIG_USB_CHIPIDEA is not set
#
# USB port drivers
@@ -2744,22 +2782,9 @@ CONFIG_USB_STORAGE_ENE_UB6250=m
# CONFIG_USB_YUREX is not set
# CONFIG_USB_EZUSB_FX2 is not set
# CONFIG_USB_HSIC_USB3503 is not set
-
-#
-# USB Physical Layer drivers
-#
-# CONFIG_OMAP_USB3 is not set
-# CONFIG_OMAP_CONTROL_USB is not set
-# CONFIG_USB_ISP1301 is not set
-# CONFIG_USB_RCAR_PHY is not set
# CONFIG_USB_ATM is not set
+# CONFIG_USB_PHY is not set
# CONFIG_USB_GADGET is not set
-
-#
-# OTG and related infrastructure
-#
-# CONFIG_USB_GPIO_VBUS is not set
-# CONFIG_NOP_USB_XCEIV is not set
# CONFIG_UWB is not set
# CONFIG_MMC is not set
# CONFIG_MEMSTICK is not set
@@ -2776,6 +2801,7 @@ CONFIG_LEDS_CLASS=y
# CONFIG_LEDS_LP3944 is not set
# CONFIG_LEDS_LP5521 is not set
# CONFIG_LEDS_LP5523 is not set
+# CONFIG_LEDS_LP5562 is not set
# CONFIG_LEDS_CLEVO_MAIL is not set
# CONFIG_LEDS_PCA955X is not set
# CONFIG_LEDS_PCA9633 is not set
@@ -2786,11 +2812,11 @@ CONFIG_LEDS_CLASS=y
# CONFIG_LEDS_LM355x is not set
# CONFIG_LEDS_OT200 is not set
# CONFIG_LEDS_BLINKM is not set
-# CONFIG_LEDS_TRIGGERS is not set
#
# LED Triggers
#
+# CONFIG_LEDS_TRIGGERS is not set
# CONFIG_ACCESSIBILITY is not set
# CONFIG_INFINIBAND is not set
# CONFIG_EDAC is not set
@@ -2877,6 +2903,7 @@ CONFIG_INTEL_IOATDMA=m
CONFIG_TIMB_DMA=m
CONFIG_PCH_DMA=m
CONFIG_DMA_ENGINE=y
+CONFIG_DMA_ACPI=y
#
# DMA Clients
@@ -2890,6 +2917,7 @@ CONFIG_DCA=m
CONFIG_VFIO_IOMMU_TYPE1=m
CONFIG_VFIO=m
CONFIG_VFIO_PCI=m
+CONFIG_VIRT_DRIVERS=y
CONFIG_VIRTIO=m
#
@@ -2946,6 +2974,7 @@ CONFIG_STAGING=y
# CONFIG_CED1401 is not set
# CONFIG_DGRP is not set
# CONFIG_FIREWIRE_SERIAL is not set
+# CONFIG_USB_DWC2 is not set
# CONFIG_X86_PLATFORM_DEVICES is not set
#
@@ -2970,7 +2999,6 @@ CONFIG_INTEL_IOMMU_FLOPPY_WA=y
#
# Rpmsg drivers
#
-CONFIG_VIRT_DRIVERS=y
# CONFIG_PM_DEVFREQ is not set
# CONFIG_EXTCON is not set
CONFIG_MEMORY=y
@@ -2978,6 +3006,7 @@ CONFIG_MEMORY=y
# CONFIG_VME_BUS is not set
# CONFIG_PWM is not set
# CONFIG_IPACK_BUS is not set
+# CONFIG_RESET_CONTROLLER is not set
#
# Firmware Drivers
@@ -3030,6 +3059,7 @@ CONFIG_XFS_FS=m
CONFIG_XFS_QUOTA=y
CONFIG_XFS_POSIX_ACL=y
CONFIG_XFS_RT=y
+# CONFIG_XFS_WARN is not set
# CONFIG_XFS_DEBUG is not set
CONFIG_GFS2_FS=m
CONFIG_GFS2_FS_LOCKING_DLM=y
@@ -3042,6 +3072,8 @@ CONFIG_OCFS2_DEBUG_MASKLOG=y
CONFIG_BTRFS_FS=m
CONFIG_BTRFS_FS_POSIX_ACL=y
# CONFIG_BTRFS_FS_CHECK_INTEGRITY is not set
+# CONFIG_BTRFS_FS_RUN_SANITY_TESTS is not set
+# CONFIG_BTRFS_DEBUG is not set
CONFIG_NILFS2_FS=m
CONFIG_FS_POSIX_ACL=y
CONFIG_EXPORTFS=m
@@ -3326,6 +3358,8 @@ CONFIG_RCU_CPU_STALL_TIMEOUT=60
# CONFIG_NOTIFIER_ERROR_INJECTION is not set
# CONFIG_FAULT_INJECTION is not set
CONFIG_LATENCYTOP=y
+CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y
+# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set
# CONFIG_DEBUG_PAGEALLOC is not set
CONFIG_USER_STACKTRACE_SUPPORT=y
CONFIG_HAVE_FUNCTION_TRACER=y
@@ -3349,6 +3383,7 @@ CONFIG_TRACING_SUPPORT=y
CONFIG_HAVE_ARCH_KGDB=y
# CONFIG_KGDB is not set
CONFIG_HAVE_ARCH_KMEMCHECK=y
+# CONFIG_TEST_STRING_HELPERS is not set
CONFIG_TEST_KSTRTOX=m
CONFIG_STRICT_DEVMEM=y
# CONFIG_X86_VERBOSE_BOOTUP is not set
@@ -3357,6 +3392,7 @@ CONFIG_DEBUG_STACKOVERFLOW=y
# CONFIG_X86_PTDUMP is not set
CONFIG_DEBUG_NX_TEST=m
CONFIG_DOUBLEFAULT=y
+# CONFIG_DEBUG_TLBFLUSH is not set
# CONFIG_IOMMU_STRESS is not set
CONFIG_HAVE_MMIOTRACE_SUPPORT=y
CONFIG_IO_DELAY_TYPE_0X80=0
@@ -3371,7 +3407,6 @@ CONFIG_DEFAULT_IO_DELAY_TYPE=0
CONFIG_DEBUG_BOOT_PARAMS=y
# CONFIG_CPA_DEBUG is not set
# CONFIG_OPTIMIZE_INLINING is not set
-# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set
CONFIG_DEBUG_NMI_SELFTEST=y
#
@@ -3507,7 +3542,6 @@ CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
# CONFIG_GRKERNSEC_RWXMAP_LOG is not set
-# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
#
# Executable Protections
@@ -3552,8 +3586,6 @@ CONFIG_ASYNC_MEMCPY=m
CONFIG_ASYNC_XOR=m
CONFIG_ASYNC_PQ=m
CONFIG_ASYNC_RAID6_RECOV=m
-CONFIG_ASYNC_TX_DISABLE_PQ_VAL_DMA=y
-CONFIG_ASYNC_TX_DISABLE_XOR_VAL_DMA=y
CONFIG_CRYPTO=y
#
@@ -3606,6 +3638,7 @@ CONFIG_CRYPTO_XTS=m
#
# Hash modes
#
+CONFIG_CRYPTO_CMAC=m
CONFIG_CRYPTO_HMAC=m
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_VMAC=m
@@ -3683,10 +3716,19 @@ CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m
CONFIG_PUBLIC_KEY_ALGO_RSA=m
CONFIG_X509_CERTIFICATE_PARSER=m
CONFIG_HAVE_KVM=y
+CONFIG_HAVE_KVM_IRQCHIP=y
+CONFIG_HAVE_KVM_IRQ_ROUTING=y
+CONFIG_HAVE_KVM_EVENTFD=y
+CONFIG_KVM_APIC_ARCHITECTURE=y
+CONFIG_KVM_MMIO=y
+CONFIG_KVM_ASYNC_PF=y
+CONFIG_HAVE_KVM_MSI=y
+CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y
CONFIG_VIRTUALIZATION=y
-# CONFIG_KVM is not set
-# CONFIG_VHOST_NET is not set
-# CONFIG_TCM_VHOST is not set
+CONFIG_KVM=m
+CONFIG_KVM_INTEL=m
+CONFIG_KVM_AMD=m
+CONFIG_KVM_DEVICE_ASSIGNMENT=y
# CONFIG_LGUEST is not set
# CONFIG_BINARY_PRINTF is not set
diff --git a/main/linux-virt-grsec/kernelconfig.x86_64 b/main/linux-virt-grsec/kernelconfig.x86_64
index 26983932c2..d6c571438d 100644
--- a/main/linux-virt-grsec/kernelconfig.x86_64
+++ b/main/linux-virt-grsec/kernelconfig.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.9.8 Kernel Configuration
+# Linux/x86 3.10.7 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -18,12 +18,10 @@ CONFIG_GENERIC_ISA_DMA=y
CONFIG_GENERIC_BUG=y
CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y
CONFIG_GENERIC_HWEIGHT=y
-CONFIG_GENERIC_GPIO=y
CONFIG_ARCH_MAY_HAVE_PC_FDC=y
CONFIG_RWSEM_XCHGADD_ALGORITHM=y
CONFIG_GENERIC_CALIBRATE_DELAY=y
CONFIG_ARCH_HAS_CPU_RELAX=y
-CONFIG_ARCH_HAS_DEFAULT_IDLE=y
CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y
CONFIG_ARCH_HAS_CPU_AUTOPROBE=y
CONFIG_HAVE_SETUP_PER_CPU_AREA=y
@@ -95,6 +93,10 @@ CONFIG_GENERIC_CMOS_UPDATE=y
# Timers subsystem
#
CONFIG_TICK_ONESHOT=y
+CONFIG_NO_HZ_COMMON=y
+# CONFIG_HZ_PERIODIC is not set
+CONFIG_NO_HZ_IDLE=y
+# CONFIG_NO_HZ_FULL is not set
CONFIG_NO_HZ=y
CONFIG_HIGH_RES_TIMERS=y
@@ -162,17 +164,17 @@ CONFIG_RD_XZ=y
CONFIG_CC_OPTIMIZE_FOR_SIZE=y
CONFIG_SYSCTL=y
CONFIG_ANON_INODES=y
+CONFIG_SYSCTL_EXCEPTION_TRACE=y
+CONFIG_HOTPLUG=y
+CONFIG_HAVE_PCSPKR_PLATFORM=y
CONFIG_EXPERT=y
CONFIG_SYSCTL_SYSCALL=y
-CONFIG_SYSCTL_EXCEPTION_TRACE=y
CONFIG_KALLSYMS=y
CONFIG_KALLSYMS_ALL=y
-CONFIG_HOTPLUG=y
CONFIG_PRINTK=y
CONFIG_BUG=y
CONFIG_ELF_CORE=y
# CONFIG_PCSPKR_PLATFORM is not set
-CONFIG_HAVE_PCSPKR_PLATFORM=y
CONFIG_BASE_FULL=y
CONFIG_FUTEX=y
CONFIG_EPOLL=y
@@ -181,6 +183,7 @@ CONFIG_TIMERFD=y
CONFIG_EVENTFD=y
CONFIG_SHMEM=y
CONFIG_AIO=y
+CONFIG_PCI_QUIRKS=y
CONFIG_EMBEDDED=y
CONFIG_HAVE_PERF_EVENTS=y
@@ -190,7 +193,6 @@ CONFIG_HAVE_PERF_EVENTS=y
CONFIG_PERF_EVENTS=y
# CONFIG_DEBUG_PERF_USE_VMALLOC is not set
CONFIG_VM_EVENT_COUNTERS=y
-CONFIG_PCI_QUIRKS=y
# CONFIG_SLUB_DEBUG is not set
# CONFIG_COMPAT_BRK is not set
# CONFIG_SLAB is not set
@@ -204,6 +206,7 @@ CONFIG_OPROFILE_NMI_TIMER=y
# CONFIG_HAVE_64BIT_ALIGNED_ACCESS is not set
CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y
CONFIG_ARCH_USE_BUILTIN_BSWAP=y
+CONFIG_USER_RETURN_NOTIFIER=y
CONFIG_HAVE_IOREMAP_PROT=y
CONFIG_HAVE_KPROBES=y
CONFIG_HAVE_KRETPROBES=y
@@ -284,6 +287,7 @@ CONFIG_IOSCHED_DEADLINE=y
CONFIG_DEFAULT_DEADLINE=y
# CONFIG_DEFAULT_NOOP is not set
CONFIG_DEFAULT_IOSCHED="deadline"
+CONFIG_PREEMPT_NOTIFIERS=y
CONFIG_PADATA=y
CONFIG_ASN1=m
CONFIG_INLINE_SPIN_UNLOCK_IRQ=y
@@ -304,8 +308,10 @@ CONFIG_X86_X2APIC=y
# CONFIG_X86_EXTENDED_PLATFORM is not set
# CONFIG_X86_INTEL_LPSS is not set
CONFIG_SCHED_OMIT_FRAME_POINTER=y
-CONFIG_PARAVIRT_GUEST=y
-CONFIG_PARAVIRT_TIME_ACCOUNTING=y
+CONFIG_HYPERVISOR_GUEST=y
+CONFIG_PARAVIRT=y
+# CONFIG_PARAVIRT_DEBUG is not set
+CONFIG_PARAVIRT_SPINLOCKS=y
CONFIG_XEN=y
CONFIG_XEN_DOM0=y
CONFIG_XEN_PRIVILEGED_GUEST=y
@@ -314,10 +320,8 @@ CONFIG_XEN_MAX_DOMAIN_MEMORY=500
CONFIG_XEN_SAVE_RESTORE=y
# CONFIG_XEN_DEBUG_FS is not set
CONFIG_KVM_GUEST=y
-CONFIG_PARAVIRT=y
-CONFIG_PARAVIRT_SPINLOCKS=y
+CONFIG_PARAVIRT_TIME_ACCOUNTING=y
CONFIG_PARAVIRT_CLOCK=y
-# CONFIG_PARAVIRT_DEBUG is not set
CONFIG_NO_BOOTMEM=y
# CONFIG_MEMTEST is not set
# CONFIG_MK8 is not set
@@ -534,8 +538,6 @@ CONFIG_ISA_DMA_API=y
CONFIG_AMD_NB=y
# CONFIG_PCCARD is not set
CONFIG_HOTPLUG_PCI=m
-CONFIG_HOTPLUG_PCI_ACPI=m
-CONFIG_HOTPLUG_PCI_ACPI_IBM=m
# CONFIG_HOTPLUG_PCI_CPCI is not set
CONFIG_HOTPLUG_PCI_SHPC=m
# CONFIG_RAPIDIO is not set
@@ -546,6 +548,7 @@ CONFIG_HOTPLUG_PCI_SHPC=m
CONFIG_BINFMT_ELF=y
CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE=y
# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
+CONFIG_BINFMT_SCRIPT=y
# CONFIG_HAVE_AOUT is not set
CONFIG_BINFMT_MISC=m
CONFIG_COREDUMP=y
@@ -584,6 +587,7 @@ CONFIG_IP_PNP_BOOTP=y
CONFIG_IP_PNP_RARP=y
CONFIG_NET_IPIP=m
CONFIG_NET_IPGRE_DEMUX=y
+CONFIG_NET_IP_TUNNEL=m
CONFIG_NET_IPGRE=m
CONFIG_NET_IPGRE_BROADCAST=y
CONFIG_IP_MROUTE=y
@@ -976,7 +980,6 @@ CONFIG_ATALK=m
CONFIG_DEV_APPLETALK=m
CONFIG_IPDDP=m
CONFIG_IPDDP_ENCAP=y
-CONFIG_IPDDP_DECAP=y
CONFIG_X25=m
CONFIG_LAPB=m
CONFIG_PHONET=m
@@ -1053,6 +1056,8 @@ CONFIG_DNS_RESOLVER=y
CONFIG_OPENVSWITCH=m
CONFIG_VSOCKETS=m
CONFIG_VMWARE_VMCI_VSOCKETS=m
+CONFIG_NETLINK_MMAP=y
+CONFIG_NETLINK_DIAG=m
CONFIG_RPS=y
CONFIG_RFS_ACCEL=y
CONFIG_XPS=y
@@ -1158,6 +1163,7 @@ CONFIG_BLK_DEV_RBD=m
#
# CONFIG_SENSORS_LIS3LV02D is not set
# CONFIG_AD525X_DPOT is not set
+# CONFIG_DUMMY_IRQ is not set
# CONFIG_IBM_ASM is not set
# CONFIG_PHANTOM is not set
# CONFIG_INTEL_MID_PTI is not set
@@ -1180,6 +1186,7 @@ CONFIG_VMWARE_BALLOON=m
# CONFIG_BMP085_I2C is not set
# CONFIG_PCH_PHUB is not set
# CONFIG_USB_SWITCH_FSA9480 is not set
+# CONFIG_SRAM is not set
# CONFIG_C2PORT is not set
#
@@ -1204,6 +1211,7 @@ CONFIG_TI_ST=m
#
# CONFIG_ALTERA_STAPL is not set
# CONFIG_INTEL_MEI is not set
+# CONFIG_INTEL_MEI_ME is not set
CONFIG_VMWARE_VMCI=m
CONFIG_HAVE_IDE=y
# CONFIG_IDE is not set
@@ -1434,6 +1442,10 @@ CONFIG_MD_RAID10=m
CONFIG_MD_RAID456=m
CONFIG_MD_MULTIPATH=m
CONFIG_MD_FAULTY=m
+CONFIG_BCACHE=m
+# CONFIG_BCACHE_DEBUG is not set
+# CONFIG_BCACHE_EDEBUG is not set
+# CONFIG_BCACHE_CLOSURES_DEBUG is not set
CONFIG_BLK_DEV_DM=m
# CONFIG_DM_DEBUG is not set
CONFIG_DM_BUFIO=m
@@ -1503,6 +1515,7 @@ CONFIG_IFB=m
CONFIG_NET_TEAM=m
CONFIG_NET_TEAM_MODE_BROADCAST=m
CONFIG_NET_TEAM_MODE_ROUNDROBIN=m
+CONFIG_NET_TEAM_MODE_RANDOM=m
CONFIG_NET_TEAM_MODE_ACTIVEBACKUP=m
CONFIG_NET_TEAM_MODE_LOADBALANCE=m
CONFIG_MACVLAN=m
@@ -1522,6 +1535,9 @@ CONFIG_VIRTIO_NET=m
#
# CAIF transport drivers
#
+CONFIG_VHOST_NET=m
+CONFIG_VHOST_SCSI=m
+CONFIG_VHOST_RING=m
#
# Distributed Switch Architecture drivers
@@ -1645,6 +1661,7 @@ CONFIG_MDIO_GPIO=m
# CONFIG_USB_KAWETH is not set
# CONFIG_USB_PEGASUS is not set
# CONFIG_USB_RTL8150 is not set
+# CONFIG_USB_RTL8152 is not set
# CONFIG_USB_USBNET is not set
# CONFIG_USB_CDC_PHONET is not set
# CONFIG_USB_IPHETH is not set
@@ -1747,6 +1764,7 @@ CONFIG_INPUT_MISC=y
# CONFIG_INPUT_PCF8574 is not set
# CONFIG_INPUT_GPIO_ROTARY_ENCODER is not set
# CONFIG_INPUT_ADXL34X is not set
+# CONFIG_INPUT_IMS_PCU is not set
# CONFIG_INPUT_CMA3000 is not set
CONFIG_INPUT_XEN_KBDDEV_FRONTEND=y
@@ -1919,6 +1937,11 @@ CONFIG_I2C_PIIX4=m
# CONFIG_I2C_DEBUG_ALGO is not set
# CONFIG_I2C_DEBUG_BUS is not set
# CONFIG_SPI is not set
+
+#
+# Qualcomm MSM SSBI bus support
+#
+# CONFIG_SSBI is not set
# CONFIG_HSI is not set
#
@@ -2069,6 +2092,7 @@ CONFIG_HWMON=m
# CONFIG_SENSORS_LTC4215 is not set
# CONFIG_SENSORS_LTC4245 is not set
# CONFIG_SENSORS_LTC4261 is not set
+# CONFIG_SENSORS_LM95234 is not set
# CONFIG_SENSORS_LM95241 is not set
# CONFIG_SENSORS_LM95245 is not set
# CONFIG_SENSORS_MAX16065 is not set
@@ -2080,6 +2104,7 @@ CONFIG_HWMON=m
# CONFIG_SENSORS_MAX6650 is not set
# CONFIG_SENSORS_MAX6697 is not set
# CONFIG_SENSORS_MCP3021 is not set
+# CONFIG_SENSORS_NCT6775 is not set
# CONFIG_SENSORS_NTC_THERMISTOR is not set
# CONFIG_SENSORS_PC87360 is not set
# CONFIG_SENSORS_PC87427 is not set
@@ -2213,31 +2238,35 @@ CONFIG_BCMA_POSSIBLE=y
# Multifunction device drivers
#
CONFIG_MFD_CORE=m
-# CONFIG_MFD_SM501 is not set
-# CONFIG_MFD_RTSX_PCI is not set
-# CONFIG_MFD_TI_AM335X_TSCADC is not set
+# CONFIG_MFD_CS5535 is not set
+# CONFIG_MFD_CROS_EC is not set
+# CONFIG_MFD_MC13XXX_I2C is not set
# CONFIG_HTC_PASIC3 is not set
+# CONFIG_LPC_ICH is not set
+# CONFIG_LPC_SCH is not set
+# CONFIG_MFD_JANZ_CMODIO is not set
+# CONFIG_MFD_VIPERBOARD is not set
+# CONFIG_MFD_RETU is not set
+# CONFIG_MFD_PCF50633 is not set
# CONFIG_UCB1400_CORE is not set
-# CONFIG_MFD_LM3533 is not set
+# CONFIG_MFD_RDC321X is not set
+# CONFIG_MFD_RTSX_PCI is not set
+# CONFIG_MFD_SI476X_CORE is not set
+# CONFIG_MFD_SM501 is not set
+# CONFIG_ABX500_CORE is not set
+# CONFIG_MFD_SYSCON is not set
+# CONFIG_MFD_TI_AM335X_TSCADC is not set
# CONFIG_TPS6105X is not set
# CONFIG_TPS65010 is not set
# CONFIG_TPS6507X is not set
# CONFIG_MFD_TPS65217 is not set
-# CONFIG_MFD_TMIO is not set
-# CONFIG_MFD_ARIZONA_I2C is not set
-# CONFIG_MFD_PCF50633 is not set
-# CONFIG_MFD_MC13XXX_I2C is not set
-# CONFIG_ABX500_CORE is not set
-# CONFIG_MFD_CS5535 is not set
+# CONFIG_MFD_TPS65912 is not set
+CONFIG_MFD_WL1273_CORE=m
+# CONFIG_MFD_LM3533 is not set
# CONFIG_MFD_TIMBERDALE is not set
-# CONFIG_LPC_SCH is not set
-# CONFIG_LPC_ICH is not set
-# CONFIG_MFD_RDC321X is not set
-# CONFIG_MFD_JANZ_CMODIO is not set
+# CONFIG_MFD_TMIO is not set
# CONFIG_MFD_VX855 is not set
-CONFIG_MFD_WL1273_CORE=m
-# CONFIG_MFD_VIPERBOARD is not set
-# CONFIG_MFD_RETU is not set
+# CONFIG_MFD_ARIZONA_I2C is not set
# CONFIG_REGULATOR is not set
# CONFIG_MEDIA_SUPPORT is not set
@@ -2283,6 +2312,7 @@ CONFIG_DRM_GMA3600=y
# CONFIG_DRM_AST is not set
CONFIG_DRM_MGAG200=m
CONFIG_DRM_CIRRUS_QEMU=m
+CONFIG_DRM_QXL=m
CONFIG_VGASTATE=m
CONFIG_VIDEO_OUTPUT_CONTROL=m
CONFIG_HDMI=y
@@ -2299,7 +2329,6 @@ CONFIG_FB_SYS_COPYAREA=m
CONFIG_FB_SYS_IMAGEBLIT=m
# CONFIG_FB_FOREIGN_ENDIAN is not set
CONFIG_FB_SYS_FOPS=m
-# CONFIG_FB_WMT_GE_ROPS is not set
CONFIG_FB_DEFERRED_IO=y
# CONFIG_FB_SVGALIB is not set
# CONFIG_FB_MACMODES is not set
@@ -2352,6 +2381,7 @@ CONFIG_XEN_FBDEV_FRONTEND=m
# CONFIG_FB_MB862XX is not set
# CONFIG_FB_BROADSHEET is not set
# CONFIG_FB_AUO_K190X is not set
+CONFIG_FB_HYPERV=m
# CONFIG_EXYNOS_VIDEO is not set
CONFIG_BACKLIGHT_LCD_SUPPORT=y
# CONFIG_LCD_CLASS_DEVICE is not set
@@ -2531,6 +2561,7 @@ CONFIG_HID_GENERIC=m
# CONFIG_HID_A4TECH is not set
# CONFIG_HID_ACRUX is not set
# CONFIG_HID_APPLE is not set
+# CONFIG_HID_APPLEIR is not set
# CONFIG_HID_AUREAL is not set
# CONFIG_HID_BELKIN is not set
# CONFIG_HID_CHERRY is not set
@@ -2539,6 +2570,7 @@ CONFIG_HID_GENERIC=m
# CONFIG_HID_CYPRESS is not set
# CONFIG_HID_DRAGONRISE is not set
# CONFIG_HID_EMS_FF is not set
+# CONFIG_HID_ELECOM is not set
# CONFIG_HID_EZKEY is not set
# CONFIG_HID_HOLTEK is not set
# CONFIG_HID_KEYTOUCH is not set
@@ -2546,11 +2578,13 @@ CONFIG_HID_GENERIC=m
# CONFIG_HID_UCLOGIC is not set
# CONFIG_HID_WALTOP is not set
# CONFIG_HID_GYRATION is not set
+# CONFIG_HID_ICADE is not set
# CONFIG_HID_TWINHAN is not set
# CONFIG_HID_KENSINGTON is not set
# CONFIG_HID_LCPOWER is not set
# CONFIG_HID_LENOVO_TPKBD is not set
# CONFIG_HID_LOGITECH is not set
+# CONFIG_HID_MAGICMOUSE is not set
# CONFIG_HID_MICROSOFT is not set
# CONFIG_HID_MONTEREY is not set
# CONFIG_HID_MULTITOUCH is not set
@@ -2560,6 +2594,7 @@ CONFIG_HID_GENERIC=m
# CONFIG_HID_PETALYNX is not set
# CONFIG_HID_PICOLCD is not set
# CONFIG_HID_PRIMAX is not set
+# CONFIG_HID_PS3REMOTE is not set
# CONFIG_HID_ROCCAT is not set
# CONFIG_HID_SAITEK is not set
# CONFIG_HID_SAMSUNG is not set
@@ -2574,6 +2609,8 @@ CONFIG_HID_HYPERV_MOUSE=m
# CONFIG_HID_TOPSEED is not set
# CONFIG_HID_THINGM is not set
# CONFIG_HID_THRUSTMASTER is not set
+# CONFIG_HID_WACOM is not set
+# CONFIG_HID_WIIMOTE is not set
# CONFIG_HID_ZEROPLUS is not set
# CONFIG_HID_ZYDACRON is not set
# CONFIG_HID_SENSOR_HUB is not set
@@ -2608,10 +2645,10 @@ CONFIG_USB_ANNOUNCE_NEW_DEVICES=y
#
# Miscellaneous USB options
#
+CONFIG_USB_DEFAULT_PERSIST=y
# CONFIG_USB_DYNAMIC_MINORS is not set
# CONFIG_USB_OTG_WHITELIST is not set
# CONFIG_USB_OTG_BLACKLIST_HUB is not set
-# CONFIG_USB_DWC3 is not set
CONFIG_USB_MON=m
# CONFIG_USB_WUSB_CBAF is not set
@@ -2625,6 +2662,7 @@ CONFIG_USB_EHCI_HCD=m
# CONFIG_USB_EHCI_ROOT_HUB_TT is not set
# CONFIG_USB_EHCI_TT_NEWSCHED is not set
CONFIG_USB_EHCI_PCI=m
+CONFIG_USB_EHCI_HCD_PLATFORM=m
# CONFIG_USB_OXU210HP_HCD is not set
# CONFIG_USB_ISP116X_HCD is not set
# CONFIG_USB_ISP1760_HCD is not set
@@ -2632,7 +2670,6 @@ CONFIG_USB_EHCI_PCI=m
CONFIG_USB_OHCI_HCD=m
CONFIG_USB_OHCI_HCD_SSB=y
CONFIG_USB_OHCI_HCD_PLATFORM=y
-CONFIG_USB_EHCI_HCD_PLATFORM=m
# CONFIG_USB_OHCI_BIG_ENDIAN_DESC is not set
# CONFIG_USB_OHCI_BIG_ENDIAN_MMIO is not set
CONFIG_USB_OHCI_LITTLE_ENDIAN=y
@@ -2640,7 +2677,6 @@ CONFIG_USB_UHCI_HCD=m
# CONFIG_USB_SL811_HCD is not set
# CONFIG_USB_R8A66597_HCD is not set
CONFIG_USB_HCD_SSB=m
-# CONFIG_USB_CHIPIDEA is not set
#
# USB Device Class drivers
@@ -2678,6 +2714,8 @@ CONFIG_USB_STORAGE_ENE_UB6250=m
#
# CONFIG_USB_MDC800 is not set
# CONFIG_USB_MICROTEK is not set
+# CONFIG_USB_DWC3 is not set
+# CONFIG_USB_CHIPIDEA is not set
#
# USB port drivers
@@ -2710,22 +2748,9 @@ CONFIG_USB_STORAGE_ENE_UB6250=m
# CONFIG_USB_YUREX is not set
# CONFIG_USB_EZUSB_FX2 is not set
# CONFIG_USB_HSIC_USB3503 is not set
-
-#
-# USB Physical Layer drivers
-#
-# CONFIG_OMAP_USB3 is not set
-# CONFIG_OMAP_CONTROL_USB is not set
-# CONFIG_USB_ISP1301 is not set
-# CONFIG_USB_RCAR_PHY is not set
# CONFIG_USB_ATM is not set
+# CONFIG_USB_PHY is not set
# CONFIG_USB_GADGET is not set
-
-#
-# OTG and related infrastructure
-#
-# CONFIG_USB_GPIO_VBUS is not set
-# CONFIG_NOP_USB_XCEIV is not set
# CONFIG_UWB is not set
# CONFIG_MMC is not set
# CONFIG_MEMSTICK is not set
@@ -2742,6 +2767,7 @@ CONFIG_LEDS_CLASS=y
# CONFIG_LEDS_LP3944 is not set
# CONFIG_LEDS_LP5521 is not set
# CONFIG_LEDS_LP5523 is not set
+# CONFIG_LEDS_LP5562 is not set
# CONFIG_LEDS_CLEVO_MAIL is not set
# CONFIG_LEDS_PCA955X is not set
# CONFIG_LEDS_PCA9633 is not set
@@ -2752,11 +2778,11 @@ CONFIG_LEDS_CLASS=y
# CONFIG_LEDS_LM355x is not set
# CONFIG_LEDS_OT200 is not set
# CONFIG_LEDS_BLINKM is not set
-# CONFIG_LEDS_TRIGGERS is not set
#
# LED Triggers
#
+# CONFIG_LEDS_TRIGGERS is not set
# CONFIG_ACCESSIBILITY is not set
# CONFIG_INFINIBAND is not set
# CONFIG_EDAC is not set
@@ -2843,6 +2869,7 @@ CONFIG_INTEL_IOATDMA=m
CONFIG_TIMB_DMA=m
CONFIG_PCH_DMA=m
CONFIG_DMA_ENGINE=y
+CONFIG_DMA_ACPI=y
#
# DMA Clients
@@ -2856,6 +2883,7 @@ CONFIG_DCA=m
CONFIG_VFIO_IOMMU_TYPE1=m
CONFIG_VFIO=m
CONFIG_VFIO_PCI=m
+CONFIG_VIRT_DRIVERS=y
CONFIG_VIRTIO=m
#
@@ -2889,7 +2917,7 @@ CONFIG_XEN_XENBUS_FRONTEND=y
CONFIG_XEN_GNTDEV=m
CONFIG_XEN_GRANT_DEV_ALLOC=m
CONFIG_SWIOTLB_XEN=y
-CONFIG_XEN_TMEM=y
+CONFIG_XEN_TMEM=m
CONFIG_XEN_PCIDEV_BACKEND=m
CONFIG_XEN_PRIVCMD=y
CONFIG_XEN_HAVE_PVMMU=y
@@ -2933,6 +2961,7 @@ CONFIG_STAGING=y
# CONFIG_CED1401 is not set
# CONFIG_DGRP is not set
# CONFIG_FIREWIRE_SERIAL is not set
+# CONFIG_USB_DWC2 is not set
# CONFIG_X86_PLATFORM_DEVICES is not set
#
@@ -2958,7 +2987,6 @@ CONFIG_IRQ_REMAP=y
#
# Rpmsg drivers
#
-CONFIG_VIRT_DRIVERS=y
# CONFIG_PM_DEVFREQ is not set
# CONFIG_EXTCON is not set
CONFIG_MEMORY=y
@@ -2967,6 +2995,7 @@ CONFIG_MEMORY=y
# CONFIG_VME_BUS is not set
# CONFIG_PWM is not set
# CONFIG_IPACK_BUS is not set
+# CONFIG_RESET_CONTROLLER is not set
#
# Firmware Drivers
@@ -3019,6 +3048,7 @@ CONFIG_XFS_FS=m
CONFIG_XFS_QUOTA=y
CONFIG_XFS_POSIX_ACL=y
CONFIG_XFS_RT=y
+# CONFIG_XFS_WARN is not set
# CONFIG_XFS_DEBUG is not set
CONFIG_GFS2_FS=m
CONFIG_GFS2_FS_LOCKING_DLM=y
@@ -3031,6 +3061,8 @@ CONFIG_OCFS2_DEBUG_MASKLOG=y
CONFIG_BTRFS_FS=m
CONFIG_BTRFS_FS_POSIX_ACL=y
# CONFIG_BTRFS_FS_CHECK_INTEGRITY is not set
+# CONFIG_BTRFS_FS_RUN_SANITY_TESTS is not set
+# CONFIG_BTRFS_DEBUG is not set
CONFIG_NILFS2_FS=m
CONFIG_FS_POSIX_ACL=y
CONFIG_EXPORTFS=m
@@ -3314,6 +3346,8 @@ CONFIG_RCU_CPU_STALL_TIMEOUT=60
# CONFIG_NOTIFIER_ERROR_INJECTION is not set
# CONFIG_FAULT_INJECTION is not set
CONFIG_LATENCYTOP=y
+CONFIG_ARCH_HAS_DEBUG_STRICT_USER_COPY_CHECKS=y
+# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set
# CONFIG_DEBUG_PAGEALLOC is not set
CONFIG_USER_STACKTRACE_SUPPORT=y
CONFIG_HAVE_FUNCTION_TRACER=y
@@ -3338,6 +3372,7 @@ CONFIG_TRACING_SUPPORT=y
CONFIG_HAVE_ARCH_KGDB=y
# CONFIG_KGDB is not set
CONFIG_HAVE_ARCH_KMEMCHECK=y
+# CONFIG_TEST_STRING_HELPERS is not set
CONFIG_TEST_KSTRTOX=m
CONFIG_STRICT_DEVMEM=y
# CONFIG_X86_VERBOSE_BOOTUP is not set
@@ -3360,7 +3395,6 @@ CONFIG_DEFAULT_IO_DELAY_TYPE=0
CONFIG_DEBUG_BOOT_PARAMS=y
# CONFIG_CPA_DEBUG is not set
# CONFIG_OPTIMIZE_INLINING is not set
-# CONFIG_DEBUG_STRICT_USER_COPY_CHECKS is not set
CONFIG_DEBUG_NMI_SELFTEST=y
#
@@ -3493,7 +3527,6 @@ CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
# CONFIG_GRKERNSEC_RWXMAP_LOG is not set
-# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
#
# Executable Protections
@@ -3538,8 +3571,6 @@ CONFIG_ASYNC_MEMCPY=m
CONFIG_ASYNC_XOR=m
CONFIG_ASYNC_PQ=m
CONFIG_ASYNC_RAID6_RECOV=m
-CONFIG_ASYNC_TX_DISABLE_PQ_VAL_DMA=y
-CONFIG_ASYNC_TX_DISABLE_XOR_VAL_DMA=y
CONFIG_CRYPTO=y
#
@@ -3592,6 +3623,7 @@ CONFIG_CRYPTO_XTS=m
#
# Hash modes
#
+CONFIG_CRYPTO_CMAC=m
CONFIG_CRYPTO_HMAC=m
CONFIG_CRYPTO_XCBC=m
CONFIG_CRYPTO_VMAC=m
@@ -3600,7 +3632,6 @@ CONFIG_CRYPTO_VMAC=m
# Digest
#
CONFIG_CRYPTO_CRC32C=m
-CONFIG_CRYPTO_CRC32C_X86_64=y
CONFIG_CRYPTO_CRC32C_INTEL=m
CONFIG_CRYPTO_CRC32=m
# CONFIG_CRYPTO_CRC32_PCLMUL is not set
@@ -3614,6 +3645,8 @@ CONFIG_CRYPTO_RMD256=m
CONFIG_CRYPTO_RMD320=m
CONFIG_CRYPTO_SHA1=m
CONFIG_CRYPTO_SHA1_SSSE3=m
+CONFIG_CRYPTO_SHA256_SSSE3=m
+CONFIG_CRYPTO_SHA512_SSSE3=m
CONFIG_CRYPTO_SHA256=y
CONFIG_CRYPTO_SHA512=m
CONFIG_CRYPTO_TGR192=m
@@ -3634,6 +3667,7 @@ CONFIG_CRYPTO_BLOWFISH_X86_64=m
CONFIG_CRYPTO_CAMELLIA=m
CONFIG_CRYPTO_CAMELLIA_X86_64=m
CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64=m
+CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64=m
CONFIG_CRYPTO_CAST_COMMON=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_CAST5_AVX_X86_64=m
@@ -3648,6 +3682,7 @@ CONFIG_CRYPTO_SEED=m
CONFIG_CRYPTO_SERPENT=m
CONFIG_CRYPTO_SERPENT_SSE2_X86_64=m
CONFIG_CRYPTO_SERPENT_AVX_X86_64=m
+CONFIG_CRYPTO_SERPENT_AVX2_X86_64=m
CONFIG_CRYPTO_TEA=m
CONFIG_CRYPTO_TWOFISH=m
CONFIG_CRYPTO_TWOFISH_COMMON=m
@@ -3678,10 +3713,19 @@ CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m
CONFIG_PUBLIC_KEY_ALGO_RSA=m
CONFIG_X509_CERTIFICATE_PARSER=m
CONFIG_HAVE_KVM=y
+CONFIG_HAVE_KVM_IRQCHIP=y
+CONFIG_HAVE_KVM_IRQ_ROUTING=y
+CONFIG_HAVE_KVM_EVENTFD=y
+CONFIG_KVM_APIC_ARCHITECTURE=y
+CONFIG_KVM_MMIO=y
+CONFIG_KVM_ASYNC_PF=y
+CONFIG_HAVE_KVM_MSI=y
+CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y
CONFIG_VIRTUALIZATION=y
-# CONFIG_KVM is not set
-# CONFIG_VHOST_NET is not set
-# CONFIG_TCM_VHOST is not set
+CONFIG_KVM=m
+CONFIG_KVM_INTEL=m
+CONFIG_KVM_AMD=m
+CONFIG_KVM_DEVICE_ASSIGNMENT=y
# CONFIG_BINARY_PRINTF is not set
#