diff options
Diffstat (limited to 'main')
-rw-r--r-- | main/linux-grsec/5-5-xfrm4-Invalidate-all-ipv4-routes-on-IPsec-pmtu-events.patch | 84 | ||||
-rw-r--r-- | main/linux-grsec/APKBUILD | 72 | ||||
-rw-r--r-- | main/linux-grsec/grsecurity-2.9.1-3.8.2-201303102007.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.6.11-al5-unofficial-0.patch) | 29532 | ||||
-rw-r--r-- | main/linux-grsec/ipv4-remove-output-route-check-in-ipv4_mtu.patch | 38 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig.x86 | 771 | ||||
-rw-r--r-- | main/linux-grsec/kernelconfig.x86_64 | 692 | ||||
-rw-r--r-- | main/linux-grsec/patch-3.6.11-al5.patch | 17815 | ||||
-rw-r--r-- | main/linux-grsec/r8169-fix-vlan-tag-reordering.patch | 73 | ||||
-rw-r--r-- | main/linux-grsec/r8169-num-rx-desc.patch | 13 | ||||
-rw-r--r-- | main/linux-grsec/usb-ehci-revert-remove-ass-pss-polling-timeout.patch | 84 | ||||
-rw-r--r-- | main/linux-grsec/xsa43-pvops.patch | 54 |
11 files changed, 19907 insertions, 29321 deletions
diff --git a/main/linux-grsec/5-5-xfrm4-Invalidate-all-ipv4-routes-on-IPsec-pmtu-events.patch b/main/linux-grsec/5-5-xfrm4-Invalidate-all-ipv4-routes-on-IPsec-pmtu-events.patch deleted file mode 100644 index 4d75cf36ad..0000000000 --- a/main/linux-grsec/5-5-xfrm4-Invalidate-all-ipv4-routes-on-IPsec-pmtu-events.patch +++ /dev/null @@ -1,84 +0,0 @@ -From patchwork Tue Jan 22 09:06:36 2013 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 7bit -Subject: [5/5] xfrm4: Invalidate all ipv4 routes on IPsec pmtu events -Date: Mon, 21 Jan 2013 23:06:36 -0000 -From: Steffen Klassert <steffen.klassert@secunet.com> -X-Patchwork-Id: 214475 -Message-Id: <1358845596-2066-6-git-send-email-steffen.klassert@secunet.com> -To: David Miller <davem@davemloft.net> -Cc: Herbert Xu <herbert@gondor.apana.org.au>, - Steffen Klassert <steffen.klassert@secunet.com>, netdev@vger.kernel.org - -On IPsec pmtu events we can't access the transport headers of -the original packet, so we can't find the socket that sent -the packet. The only chance to notify the socket about the -pmtu change is to force a relookup for all routes. This -patch implenents this for the IPsec protocols. - -Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> - ---- -net/ipv4/ah4.c | 7 +++++-- - net/ipv4/esp4.c | 7 +++++-- - net/ipv4/ipcomp.c | 7 +++++-- - 3 files changed, 15 insertions(+), 6 deletions(-) - -diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c -index a154d0a..a69b4e4 100644 ---- a/net/ipv4/ah4.c -+++ b/net/ipv4/ah4.c -@@ -420,9 +420,12 @@ static void ah4_err(struct sk_buff *skb, u32 info) - if (!x) - return; - -- if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) -+ if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) { -+ atomic_inc(&flow_cache_genid); -+ rt_genid_bump(net); -+ - ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_AH, 0); -- else -+ } else - ipv4_redirect(skb, net, 0, 0, IPPROTO_AH, 0); - xfrm_state_put(x); - } -diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c -index fd26ff4..3b4f0cd 100644 ---- a/net/ipv4/esp4.c -+++ b/net/ipv4/esp4.c -@@ -502,9 +502,12 @@ static void esp4_err(struct sk_buff *skb, u32 info) - if (!x) - return; - -- if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) -+ if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) { -+ atomic_inc(&flow_cache_genid); -+ rt_genid_bump(net); -+ - ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_ESP, 0); -- else -+ } else - ipv4_redirect(skb, net, 0, 0, IPPROTO_ESP, 0); - xfrm_state_put(x); - } -diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c -index d3ab47e..9a46dae 100644 ---- a/net/ipv4/ipcomp.c -+++ b/net/ipv4/ipcomp.c -@@ -47,9 +47,12 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info) - if (!x) - return; - -- if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) -+ if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) { -+ atomic_inc(&flow_cache_genid); -+ rt_genid_bump(net); -+ - ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_COMP, 0); -- else -+ } else - ipv4_redirect(skb, net, 0, 0, IPPROTO_COMP, 0); - xfrm_state_put(x); - } diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index 3375c68937..84ad89a591 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -2,10 +2,9 @@ _flavor=grsec pkgname=linux-${_flavor} -pkgver=3.6.11 -_kernver=3.6 -pkgrel=17 -_al=5 +pkgver=3.8.2 +_kernver=3.8 +pkgrel=0 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -15,16 +14,10 @@ _config=${config:-kernelconfig.${CARCH}} install= source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz - patch-3.6.11-al${_al}.patch - grsecurity-2.9.1-3.6.11-al${_al}-unofficial-0.patch + grsecurity-2.9.1-3.8.2-201303102007.patch 0004-arp-flush-arp-cache-on-device-change.patch - r8169-num-rx-desc.patch - ipv4-remove-output-route-check-in-ipv4_mtu.patch - r8169-fix-vlan-tag-reordering.patch - - xsa43-pvops.patch - 5-5-xfrm4-Invalidate-all-ipv4-routes-on-IPsec-pmtu-events.patch + usb-ehci-revert-remove-ass-pss-polling-timeout.patch kernelconfig.x86 kernelconfig.x86_64 @@ -33,7 +26,7 @@ subpackages="$pkgname-dev" arch="x86 x86_64 arm" license="GPL-2" -_abi_release=${pkgver}-${_flavor} +_abi_release=${pkgver}-${pkgrel}-${_flavor} prepare() { local _patch_failed= @@ -62,6 +55,8 @@ prepare() { return 1 fi + echo "-$pkgrel" > localversion-alpine + mkdir -p "$srcdir"/build cp "$srcdir"/$_config "$srcdir"/build/.config || return 1 make -C "$srcdir"/linux-$_kernver O="$srcdir"/build HOSTCC="${CC:-gcc}" \ @@ -146,39 +141,24 @@ dev() { "$subpkgdir"/lib/modules/${_abi_release}/build } -md5sums="1a1760420eac802c541a20ab51a093d1 linux-3.6.tar.xz -bd4bba74093405887d521309a74c19e9 patch-3.6.11.xz -820b19a4cb9b2d95b998a7096a0784f0 patch-3.6.11-al5.patch -5de38a21b1217b13326a862c7b88f1da grsecurity-2.9.1-3.6.11-al5-unofficial-0.patch +md5sums="1c738edfc54e7c65faeb90c436104e2f linux-3.8.tar.xz +e282fcff76e975e121e0636018e31a56 patch-3.8.2.xz +b7f8fd74ca2355e04bd6fb9761ff4b5f grsecurity-2.9.1-3.8.2-201303102007.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch -daf2cbb558588c49c138fe9ca2482b64 r8169-num-rx-desc.patch -d9b4a528e722d10ba53034ebd440c31b ipv4-remove-output-route-check-in-ipv4_mtu.patch -44a37e1289e1056300574848aea8bd31 r8169-fix-vlan-tag-reordering.patch -2399192c10ba600a086a4c946f1b72f2 xsa43-pvops.patch -3c84d36165b43f0f0f0bdde77c6f68c0 5-5-xfrm4-Invalidate-all-ipv4-routes-on-IPsec-pmtu-events.patch -02ed0c981afbf6a1fc81d5fa9b44e7df kernelconfig.x86 -4927251c008b2c2bf5648d732ec63f9d kernelconfig.x86_64" -sha256sums="4ab9a6ef1c1735713f9f659d67f92efa7c1dfbffb2a2ad544005b30f9791784f linux-3.6.tar.xz -4bdc3822571a4a765bf6f347aad8b899730acef549ae4236813fd17f254f4327 patch-3.6.11.xz -79d754deced2d975efeeb316354bf1577266d30442c2243971a279a8d8fcb292 patch-3.6.11-al5.patch -d44e17a36af283c2cfe2d07dc4e0325a110ccf9d29253f605d7f6793d3166ce4 grsecurity-2.9.1-3.6.11-al5-unofficial-0.patch +eb332f6769f785a1c6b54b1f49ffd01a usb-ehci-revert-remove-ass-pss-polling-timeout.patch +3bcafb0c6230e2279930027e48162d0a kernelconfig.x86 +653949f92e603ec35e072fbdc58a414b kernelconfig.x86_64" +sha256sums="e070d1bdfbded5676a4f374721c63565f1c969466c5a3e214004a136b583184b linux-3.8.tar.xz +2bd1a39db4608a03250bfef11d3b7894ab1f0ebcb5316bafeeed23535822fd9c patch-3.8.2.xz +13ba06a41de3198729867c7fe5741b01a138298bc1d973dfcd8a3bec80127d01 grsecurity-2.9.1-3.8.2-201303102007.patch e2d2d1503f53572c6a2e21da729a13a430dd01f510405ffb3a33b29208860bde 0004-arp-flush-arp-cache-on-device-change.patch -fdce1143aa10a48582b5bb9cf441b75c6f52701a61f28139970f3110a170fb97 r8169-num-rx-desc.patch -c3673636d7604b7b3df665acc0fc0153a76ac6b7f36bb931d235ea1132ac1852 ipv4-remove-output-route-check-in-ipv4_mtu.patch -7ba9b10b04197d3009ad3facabd0bdb2cab870fabcc841716efb1041412a20cd r8169-fix-vlan-tag-reordering.patch -6efe83c9951dcba20f18095814d19089e19230c6876bbdab32cc2f1165bb07c8 xsa43-pvops.patch -ea006140f59d820c61996290434ca6a16f66e6b175e33488b36b650af3592787 5-5-xfrm4-Invalidate-all-ipv4-routes-on-IPsec-pmtu-events.patch -c4236fa6150c9cba98280aadc2daccd917410148e06d2231cc8c5370d1735577 kernelconfig.x86 -3afefde6d92e1c41f6487c2279c5b707ef42ce42e4f7fe9e37d482c3e24ec3b1 kernelconfig.x86_64" -sha512sums="6e3354184d1799228a2d33b92e4a6b743cc24352b8ccc1fd487fab07ab97be2aa03ba87b8406a177581692db1fd40674fbd4e213a782cbe0a6a969b10c4c17a1 linux-3.6.tar.xz -08423f145ee7aef49f50d95032595ee79250135b6ecfa72f802502a277f215b63c4dc04ed149fe4ed7cdaa5ef063b8003b7f72f41d8417e45efbe7e30e621387 patch-3.6.11.xz -92cad1b250ce10af0424148c41c4da8d90370d65b9821bbcf8de215eedaef4b8c7bd54c4bbea4a83a557489c3af81bc482d810783febf9c4aaa3b9f20a64fd37 patch-3.6.11-al5.patch -5cefb9bf53bf99a0173a6e1037427d75a4d926b3d9c66fff38355007efa48a07ed6be3e6796537c9e068eb3ea09085d3cf86df5833238318d201c95ca3ed9583 grsecurity-2.9.1-3.6.11-al5-unofficial-0.patch +949393b84740cfe8a0d72d391ca2a89d24aa425df27c031f121fec7f7f331eed usb-ehci-revert-remove-ass-pss-polling-timeout.patch +f4f752af87b802ddfa201392906c4b7ec14a2239e994abd3fb08068824477cb4 kernelconfig.x86 +07e8251d7348414ee534d822fdf6561545309be87821032115d0161c443ad000 kernelconfig.x86_64" +sha512sums="10a7983391af907d8aec72bdb096d1cabd4911985715e9ea13d35ff09095c035db15d4ab08b92eda7c10026cc27348cb9728c212335f7fcdcda7c610856ec30f linux-3.8.tar.xz +752a122646261461da9238feeacc61ab787bea9999f066b056226387ce718da57592e536eb1c6aa28b949f0a7ad1fa97cc97204fdc3e8f3939d9b0d3b9517d03 patch-3.8.2.xz +4d7bf6b3635b9b6a673fd43eed6cd7f60ef18645b2447be521ac7e8fac9a8d6e38eba7d273dd654fad162c6171d0d5f8aa99b57662f669ff00dbede0626793de grsecurity-2.9.1-3.8.2-201303102007.patch b6fdf376009f0f0f3fa194cb11be97343e4d394cf5d3547de6cfca8ad619c5bd3f60719331fd8cfadc47f09d22be8376ba5f871b46b24887ea73fe47e233a54e 0004-arp-flush-arp-cache-on-device-change.patch -d9c91b57415c7c3c365add35565f72ba6225e48212f55abb209e1f426902206543edefb9fc01715357e445b69222a6fb94c3469d701e465450919bad3c83d874 r8169-num-rx-desc.patch -fbbaa9c940f70823f5672db04b78de71233ecdda83d0cbeaeac941d732b0e3b18be38a0ed85d7bd03818114d00d9fe00935532968bee5b4673e8fadfda8c0281 ipv4-remove-output-route-check-in-ipv4_mtu.patch -958f5dfb57b6760e92d39027e8ec8d0abc2d99f6b40ef3c108fe90acfe00f3d5fdc2ccebddeffbf70794f6d7a394d985adf40808c2d4c8f7d0591c589b88bbbc r8169-fix-vlan-tag-reordering.patch -383c00a2520f0e27a4e51ef4e499cd8dc33f75ef4d3d5eab22944126c41de20dccf563d1d05cd557cae4091167de78f44ec5bfb76e33f503b36b5e3d756fcaed xsa43-pvops.patch -7016cdac82e9969636920e5e8accafcf7b160fb5afa2ce79fc43ee0b0591afe825f047efa18c7e7b0b310085298221a8b751ff1dd51eee940fa262f0b7054813 5-5-xfrm4-Invalidate-all-ipv4-routes-on-IPsec-pmtu-events.patch -065fff74ab7f885a45d98a1cd2bc5aaf6cb9a08d830297aaab54b512b7c90d692e37101810ee36a1f26e757990f763b664788a858b3ab40d0b4821205b9d3995 kernelconfig.x86 -ba9a0b035a97089e51e0a0b723c69148866dabb4baf74c870a005350f7bfd789ab47595c7bc7e218de6d7479d16279cb906aee2ffeda9a6b141ad43ecc26dd4f kernelconfig.x86_64" +bb4576df6b5e029747975f5ed9d04c807d1bfd5e73f5418375f164a03342c15b2ca918e68bb6ff5bd0dc2fa8364e022aee18b254528210d2e24f8e06e6521609 usb-ehci-revert-remove-ass-pss-polling-timeout.patch +9a37f22bbab39e7a2a35258a5004ad52e7ec40d1cb7e0e61df3e7c278fd1e0163f196fbb0110ef34b1984c5fae409c57b870e689f955c8520c2b27aa0afe8247 kernelconfig.x86 +e77717d46bdbb4bdf7d59a8ee9a9cf62f08b50f0e0b6dc3bf78cf007fce355b19a824205d1341bbb730708f5651f0b244d90d3b771b968b16af7ba4ca7ae8d58 kernelconfig.x86_64" diff --git a/main/linux-grsec/grsecurity-2.9.1-3.6.11-al5-unofficial-0.patch b/main/linux-grsec/grsecurity-2.9.1-3.8.2-201303102007.patch index 66590630c5..e5f056b25e 100644 --- a/main/linux-grsec/grsecurity-2.9.1-3.6.11-al5-unofficial-0.patch +++ b/main/linux-grsec/grsecurity-2.9.1-3.8.2-201303102007.patch @@ -1,5 +1,5 @@ diff --git a/Documentation/dontdiff b/Documentation/dontdiff -index 39462cf..611a556 100644 +index b89a739..b47493f 100644 --- a/Documentation/dontdiff +++ b/Documentation/dontdiff @@ -2,9 +2,11 @@ @@ -127,10 +127,10 @@ index 39462cf..611a556 100644 logo_*.c logo_*_clut224.c logo_*_mono.c -@@ -163,14 +181,15 @@ machtypes.h +@@ -162,14 +180,15 @@ mach-types.h + machtypes.h map map_hugetlb - maui_boot.h -media mconf +mdp @@ -144,7 +144,7 @@ index 39462cf..611a556 100644 mkprep mkregtable mktables -@@ -187,6 +206,8 @@ oui.c* +@@ -185,6 +204,8 @@ oui.c* page-types parse.c parse.h @@ -153,7 +153,7 @@ index 39462cf..611a556 100644 patches* pca200e.bin pca200e_ecd.bin2 -@@ -196,6 +217,7 @@ perf-archive +@@ -194,6 +215,7 @@ perf-archive piggyback piggy.gzip piggy.S @@ -161,7 +161,7 @@ index 39462cf..611a556 100644 pnmtologo ppc_defs.h* pss_boot.h -@@ -205,7 +227,10 @@ r200_reg_safe.h +@@ -203,7 +225,10 @@ r200_reg_safe.h r300_reg_safe.h r420_reg_safe.h r600_reg_safe.h @@ -172,10 +172,11 @@ index 39462cf..611a556 100644 relocs rlim_names.h rn50_reg_safe.h -@@ -215,8 +240,11 @@ series +@@ -213,8 +238,12 @@ series setup setup.bin setup.elf ++signing_key* +size_overflow_hash.h sImage +slabinfo @@ -184,7 +185,7 @@ index 39462cf..611a556 100644 split-include syscalltab.h tables.c -@@ -226,6 +254,7 @@ tftpboot.img +@@ -224,6 +253,7 @@ tftpboot.img timeconst.h times.h* trix_boot.h @@ -192,7 +193,7 @@ index 39462cf..611a556 100644 utsrelease.h* vdso-syms.lds vdso.lds -@@ -237,13 +266,17 @@ vdso32.lds +@@ -235,13 +265,17 @@ vdso32.lds vdso32.so.dbg vdso64.lds vdso64.so.dbg @@ -210,7 +211,7 @@ index 39462cf..611a556 100644 vmlinuz voffset.h vsyscall.lds -@@ -251,9 +284,11 @@ vsyscall_32.lds +@@ -249,9 +283,12 @@ vsyscall_32.lds wanxlfw.inc uImage unifdef @@ -218,25 +219,27 @@ index 39462cf..611a556 100644 wakeup.bin wakeup.elf wakeup.lds ++x509* zImage* zconf.hash.c +zconf.lex.c zoffset.h diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 15199ed..6ee9267 100644 +index 986614d..e8bfedc 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -910,6 +910,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted. - gpt [EFI] Forces disk with valid GPT signature but - invalid Protective MBR to be treated as GPT. +@@ -922,6 +922,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. + Format: <unsigned int> such that (rxsize & ~0x1fffc0) == 0. + Default: 1024 -+ grsec_proc_gid= [GRKERNSEC_PROC_USERGROUP] Chooses GID to ++ grsec_proc_gid= [GRKERNSEC_PROC_USERGROUP] Chooses GID to + ignore grsecurity's /proc restrictions + ++ hashdist= [KNL,NUMA] Large hashes allocated during boot are distributed across NUMA nodes. Defaults on for 64-bit NUMA, off otherwise. -@@ -2055,6 +2058,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -2121,6 +2125,18 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. @@ -247,11 +250,16 @@ index 15199ed..6ee9267 100644 + + pax_softmode= 0/1 to disable/enable PaX softmode on boot already. + ++ pax_extra_latent_entropy ++ Enable a very simple form of latent entropy extraction ++ from the first 4GB of memory as the bootmem allocator ++ passes the memory pages to the buddy allocator. ++ pcbit= [HW,ISDN] pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 50dc4d1..52b593c 100644 +index 20d5318..d5cec9c 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -266,7 +274,7 @@ index 50dc4d1..52b593c 100644 # Decide whether to build built-in, modular, or both. # Normally, just do built-in. -@@ -404,8 +405,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn \ +@@ -414,8 +415,8 @@ export RCS_TAR_IGNORE := --exclude SCCS --exclude BitKeeper --exclude .svn \ # Rules shared between *config targets and build targets # Basic helpers built in scripts/ @@ -277,18 +285,20 @@ index 50dc4d1..52b593c 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -561,6 +562,60 @@ else +@@ -575,6 +576,62 @@ else KBUILD_CFLAGS += -O2 endif +ifndef DISABLE_PAX_PLUGINS ++ifeq ($(call cc-ifversion, -ge, 0408, y), y) ++PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)") ++else +PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(HOSTCXX)" "$(CC)") ++endif +ifneq ($(PLUGINCC),) -+ifndef DISABLE_PAX_CONSTIFY_PLUGIN +ifndef CONFIG_UML +CONSTIFY_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/constify_plugin.so -DCONSTIFY_PLUGIN +endif -+endif +ifdef CONFIG_PAX_MEMORY_STACKLEAK +STACKLEAK_PLUGIN_CFLAGS := -fplugin=$(objtree)/tools/gcc/stackleak_plugin.so -DSTACKLEAK_PLUGIN +STACKLEAK_PLUGIN_CFLAGS += -fplugin-arg-stackleak_plugin-track-lowest-sp=100 @@ -338,7 +348,7 @@ index 50dc4d1..52b593c 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifdef CONFIG_READABLE_ASM -@@ -715,7 +770,7 @@ export mod_strip_cmd +@@ -731,7 +788,7 @@ export mod_sign_cmd ifeq ($(KBUILD_EXTMOD),) @@ -347,7 +357,7 @@ index 50dc4d1..52b593c 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -762,6 +817,8 @@ endif +@@ -778,6 +835,8 @@ endif # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -356,7 +366,7 @@ index 50dc4d1..52b593c 100644 $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -771,7 +828,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; +@@ -787,7 +846,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -365,7 +375,7 @@ index 50dc4d1..52b593c 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -815,6 +872,7 @@ prepare0: archprepare FORCE +@@ -831,6 +890,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -373,7 +383,7 @@ index 50dc4d1..52b593c 100644 prepare: prepare0 # Generate some files -@@ -922,6 +980,8 @@ all: modules +@@ -938,6 +998,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -382,7 +392,7 @@ index 50dc4d1..52b593c 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -937,7 +997,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -953,7 +1015,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -391,16 +401,16 @@ index 50dc4d1..52b593c 100644 # Target to install modules PHONY += modules_install -@@ -994,7 +1054,7 @@ CLEAN_DIRS += $(MODVERDIR) - MRPROPER_DIRS += include/config usr/include include/generated \ - arch/*/include/generated - MRPROPER_FILES += .config .config.old .version .old_version \ -- include/linux/version.h \ -+ include/linux/version.h tools/gcc/size_overflow_hash.h\ - Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS +@@ -1019,7 +1081,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ + Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ + signing_key.priv signing_key.x509 x509.genkey \ + extra_certificates signing_key.x509.keyid \ +- signing_key.x509.signer ++ signing_key.x509.signer tools/gcc/size_overflow_hash.h # clean - Delete most, but leave enough to build external modules -@@ -1032,6 +1092,7 @@ distclean: mrproper + # +@@ -1059,6 +1121,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -408,7 +418,7 @@ index 50dc4d1..52b593c 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1192,6 +1253,8 @@ PHONY += $(module-dirs) modules +@@ -1219,6 +1282,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -417,7 +427,7 @@ index 50dc4d1..52b593c 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1326,17 +1389,21 @@ else +@@ -1355,17 +1420,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -443,7 +453,7 @@ index 50dc4d1..52b593c 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1346,11 +1413,15 @@ endif +@@ -1375,11 +1444,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -579,19 +589,31 @@ index 2fd00b7..cfd5069 100644 for (i = 0; i < n; i++) { diff --git a/arch/alpha/kernel/osf_sys.c b/arch/alpha/kernel/osf_sys.c -index bc1acdd..a922a6d 100644 +index 14db93e..47bed62 100644 --- a/arch/alpha/kernel/osf_sys.c +++ b/arch/alpha/kernel/osf_sys.c -@@ -1312,7 +1312,7 @@ arch_get_unmapped_area_1(unsigned long addr, unsigned long len, +@@ -1295,16 +1295,16 @@ SYSCALL_DEFINE1(old_adjtimex, struct timex32 __user *, txc_p) + generic version except that we know how to honor ADDR_LIMIT_32BIT. */ + + static unsigned long +-arch_get_unmapped_area_1(unsigned long addr, unsigned long len, +- unsigned long limit) ++arch_get_unmapped_area_1(struct file *filp, unsigned long addr, unsigned long len, ++ unsigned long limit, unsigned long flags) + { + struct vm_area_struct *vma = find_vma(current->mm, addr); +- ++ unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags); + while (1) { /* At this point: (!vma || addr < vma->vm_end). */ if (limit - len < addr) return -ENOMEM; - if (!vma || addr + len <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr, len)) ++ if (check_heap_stack_gap(vma, addr, len, offset)) return addr; addr = vma->vm_end; vma = vma->vm_next; -@@ -1348,6 +1348,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1340,20 +1340,24 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, merely specific addresses, but regions of memory -- perhaps this feature should be incorporated into all ports? */ @@ -600,19 +622,26 @@ index bc1acdd..a922a6d 100644 +#endif + if (addr) { - addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit); +- addr = arch_get_unmapped_area_1 (PAGE_ALIGN(addr), len, limit); ++ addr = arch_get_unmapped_area_1 (filp, PAGE_ALIGN(addr), len, limit, flags); if (addr != (unsigned long) -ENOMEM) -@@ -1355,8 +1359,8 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, + return addr; } /* Next, try allocating at TASK_UNMAPPED_BASE. */ - addr = arch_get_unmapped_area_1 (PAGE_ALIGN(TASK_UNMAPPED_BASE), - len, limit); -+ addr = arch_get_unmapped_area_1 (PAGE_ALIGN(current->mm->mmap_base), len, limit); ++ addr = arch_get_unmapped_area_1 (filp, PAGE_ALIGN(current->mm->mmap_base), len, limit, flags); + if (addr != (unsigned long) -ENOMEM) return addr; + /* Finally, try allocating in low memory. */ +- addr = arch_get_unmapped_area_1 (PAGE_SIZE, len, limit); ++ addr = arch_get_unmapped_area_1 (filp, PAGE_SIZE, len, limit, flags); + + return addr; + } diff --git a/arch/alpha/mm/fault.c b/arch/alpha/mm/fault.c index 0c4132d..88f0d53 100644 --- a/arch/alpha/mm/fault.c @@ -773,6 +802,41 @@ index 0c4132d..88f0d53 100644 } else if (!cause) { /* Allow reads even for write-only mappings */ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) +diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig +index 67874b8..0e40765 100644 +--- a/arch/arm/Kconfig ++++ b/arch/arm/Kconfig +@@ -1813,7 +1813,7 @@ config ALIGNMENT_TRAP + + config UACCESS_WITH_MEMCPY + bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()" +- depends on MMU ++ depends on MMU && !PAX_MEMORY_UDEREF + default y if CPU_FEROCEON + help + Implement faster copy_to_user and clear_user methods for CPU +diff --git a/arch/arm/common/gic.c b/arch/arm/common/gic.c +index 87dfa902..3a523fc 100644 +--- a/arch/arm/common/gic.c ++++ b/arch/arm/common/gic.c +@@ -81,7 +81,7 @@ static u8 gic_cpu_map[NR_GIC_CPU_IF] __read_mostly; + * Supported arch specific GIC irq extension. + * Default make them NULL. + */ +-struct irq_chip gic_arch_extn = { ++irq_chip_no_const gic_arch_extn __read_only = { + .irq_eoi = NULL, + .irq_mask = NULL, + .irq_unmask = NULL, +@@ -329,7 +329,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc) + chained_irq_exit(chip, desc); + } + +-static struct irq_chip gic_chip = { ++static irq_chip_no_const gic_chip __read_only = { + .name = "GIC", + .irq_mask = gic_mask_irq, + .irq_unmask = gic_unmask_irq, diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h index c79f61f..9ac0642 100644 --- a/arch/arm/include/asm/atomic.h @@ -1162,11 +1226,13 @@ index c79f61f..9ac0642 100644 static inline u64 atomic64_add_return(u64 i, atomic64_t *v) { +- u64 result; +- unsigned long tmp; + u64 result, tmp; -+ -+ smp_mb(); -+ -+ __asm__ __volatile__("@ atomic64_add_return\n" + + smp_mb(); + + __asm__ __volatile__("@ atomic64_add_return\n" +"1: ldrexd %1, %H1, [%3]\n" +" adds %0, %1, %4\n" +" adcs %H0, %H1, %H4\n" @@ -1199,21 +1265,19 @@ index c79f61f..9ac0642 100644 + +static inline u64 atomic64_add_return_unchecked(u64 i, atomic64_unchecked_t *v) +{ - u64 result; - unsigned long tmp; - - smp_mb(); - -- __asm__ __volatile__("@ atomic64_add_return\n" ++ u64 result; ++ unsigned long tmp; ++ ++ smp_mb(); ++ + __asm__ __volatile__("@ atomic64_add_return_unchecked\n" "1: ldrexd %0, %H0, [%3]\n" " adds %0, %0, %4\n" " adc %H0, %H0, %H4\n" -@@ -318,23 +607,34 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) +@@ -318,6 +607,36 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) __asm__ __volatile__("@ atomic64_sub\n" "1: ldrexd %0, %H0, [%3]\n" " subs %0, %0, %4\n" --" sbc %H0, %H0, %H4\n" +" sbcs %H0, %H0, %H4\n" + +#ifdef CONFIG_PAX_REFCOUNT @@ -1222,46 +1286,45 @@ index c79f61f..9ac0642 100644 +"3:\n" +#endif + - " strexd %1, %0, %H0, [%3]\n" - " teq %1, #0\n" - " bne 1b" ++" strexd %1, %0, %H0, [%3]\n" ++" teq %1, #0\n" ++" bne 1b" + +#ifdef CONFIG_PAX_REFCOUNT +"\n4:\n" + _ASM_EXTABLE(2b, 4b) +#endif + - : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) - : "r" (&v->counter), "r" (i) - : "cc"); - } - --static inline u64 atomic64_sub_return(u64 i, atomic64_t *v) -+static inline void atomic64_sub_unchecked(u64 i, atomic64_unchecked_t *v) - { - u64 result; - unsigned long tmp; - -- smp_mb(); -- -- __asm__ __volatile__("@ atomic64_sub_return\n" -+ __asm__ __volatile__("@ atomic64_sub_unchecked\n" - "1: ldrexd %0, %H0, [%3]\n" - " subs %0, %0, %4\n" - " sbc %H0, %H0, %H4\n" -@@ -344,6 +644,39 @@ static inline u64 atomic64_sub_return(u64 i, atomic64_t *v) - : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) - : "r" (&v->counter), "r" (i) - : "cc"); ++ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) ++ : "r" (&v->counter), "r" (i) ++ : "cc"); +} + -+static inline u64 atomic64_sub_return(u64 i, atomic64_t *v) ++static inline void atomic64_sub_unchecked(u64 i, atomic64_unchecked_t *v) +{ -+ u64 result, tmp; -+ -+ smp_mb(); ++ u64 result; ++ unsigned long tmp; + -+ __asm__ __volatile__("@ atomic64_sub_return\n" ++ __asm__ __volatile__("@ atomic64_sub_unchecked\n" ++"1: ldrexd %0, %H0, [%3]\n" ++" subs %0, %0, %4\n" + " sbc %H0, %H0, %H4\n" + " strexd %1, %0, %H0, [%3]\n" + " teq %1, #0\n" +@@ -329,18 +648,32 @@ static inline void atomic64_sub(u64 i, atomic64_t *v) + + static inline u64 atomic64_sub_return(u64 i, atomic64_t *v) + { +- u64 result; +- unsigned long tmp; ++ u64 result, tmp; + + smp_mb(); + + __asm__ __volatile__("@ atomic64_sub_return\n" +-"1: ldrexd %0, %H0, [%3]\n" +-" subs %0, %0, %4\n" +-" sbc %H0, %H0, %H4\n" +"1: ldrexd %1, %H1, [%3]\n" +" subs %0, %1, %4\n" +" sbcs %H0, %H1, %H4\n" @@ -1274,21 +1337,18 @@ index c79f61f..9ac0642 100644 +"3:\n" +#endif + -+" strexd %1, %0, %H0, [%3]\n" -+" teq %1, #0\n" -+" bne 1b" + " strexd %1, %0, %H0, [%3]\n" + " teq %1, #0\n" + " bne 1b" + +#ifdef CONFIG_PAX_REFCOUNT +"\n4:\n" + _ASM_EXTABLE(2b, 4b) +#endif + -+ : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) -+ : "r" (&v->counter), "r" (i) -+ : "cc"); - - smp_mb(); - + : "=&r" (result), "=&r" (tmp), "+Qo" (v->counter) + : "r" (&v->counter), "r" (i) + : "cc"); @@ -374,6 +707,30 @@ static inline u64 atomic64_cmpxchg(atomic64_t *ptr, u64 old, u64 new) return oldval; } @@ -1406,7 +1466,7 @@ index c79f61f..9ac0642 100644 #define atomic64_dec_and_test(v) (atomic64_dec_return((v)) == 0) #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1LL, 0LL) diff --git a/arch/arm/include/asm/cache.h b/arch/arm/include/asm/cache.h -index 75fe66b..2255c86 100644 +index 75fe66b..ba3dee4 100644 --- a/arch/arm/include/asm/cache.h +++ b/arch/arm/include/asm/cache.h @@ -4,8 +4,10 @@ @@ -1421,11 +1481,18 @@ index 75fe66b..2255c86 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make +@@ -24,5 +26,6 @@ + #endif + + #define __read_mostly __attribute__((__section__(".data..read_mostly"))) ++#define __read_only __attribute__ ((__section__(".data..read_only"))) + + #endif diff --git a/arch/arm/include/asm/cacheflush.h b/arch/arm/include/asm/cacheflush.h -index e4448e1..7bc86b7 100644 +index e1489c5..d418304 100644 --- a/arch/arm/include/asm/cacheflush.h +++ b/arch/arm/include/asm/cacheflush.h -@@ -108,7 +108,7 @@ struct cpu_cache_fns { +@@ -116,7 +116,7 @@ struct cpu_cache_fns { void (*dma_unmap_area)(const void *, size_t, int); void (*dma_flush_range)(const void *, const void *); @@ -1434,6 +1501,31 @@ index e4448e1..7bc86b7 100644 /* * Select the calling method +diff --git a/arch/arm/include/asm/checksum.h b/arch/arm/include/asm/checksum.h +index 6dcc164..b14d917 100644 +--- a/arch/arm/include/asm/checksum.h ++++ b/arch/arm/include/asm/checksum.h +@@ -37,7 +37,19 @@ __wsum + csum_partial_copy_nocheck(const void *src, void *dst, int len, __wsum sum); + + __wsum +-csum_partial_copy_from_user(const void __user *src, void *dst, int len, __wsum sum, int *err_ptr); ++__csum_partial_copy_from_user(const void __user *src, void *dst, int len, __wsum sum, int *err_ptr); ++ ++static inline __wsum ++csum_partial_copy_from_user(const void __user *src, void *dst, int len, __wsum sum, int *err_ptr) ++{ ++ __wsum ret; ++ pax_open_userland(); ++ ret = __csum_partial_copy_from_user(src, dst, len, sum, err_ptr); ++ pax_close_userland(); ++ return ret; ++} ++ ++ + + /* + * Fold a partial checksum without adding pseudo headers diff --git a/arch/arm/include/asm/cmpxchg.h b/arch/arm/include/asm/cmpxchg.h index 7eb18c1..e38b6d2 100644 --- a/arch/arm/include/asm/cmpxchg.h @@ -1447,6 +1539,94 @@ index 7eb18c1..e38b6d2 100644 #include <asm-generic/cmpxchg-local.h> +diff --git a/arch/arm/include/asm/delay.h b/arch/arm/include/asm/delay.h +index ab98fdd..6b19938 100644 +--- a/arch/arm/include/asm/delay.h ++++ b/arch/arm/include/asm/delay.h +@@ -24,9 +24,9 @@ extern struct arm_delay_ops { + void (*delay)(unsigned long); + void (*const_udelay)(unsigned long); + void (*udelay)(unsigned long); +-} arm_delay_ops; ++} *arm_delay_ops; + +-#define __delay(n) arm_delay_ops.delay(n) ++#define __delay(n) arm_delay_ops->delay(n) + + /* + * This function intentionally does not exist; if you see references to +@@ -47,8 +47,8 @@ extern void __bad_udelay(void); + * first constant multiplications gets optimized away if the delay is + * a constant) + */ +-#define __udelay(n) arm_delay_ops.udelay(n) +-#define __const_udelay(n) arm_delay_ops.const_udelay(n) ++#define __udelay(n) arm_delay_ops->udelay(n) ++#define __const_udelay(n) arm_delay_ops->const_udelay(n) + + #define udelay(n) \ + (__builtin_constant_p(n) ? \ +diff --git a/arch/arm/include/asm/domain.h b/arch/arm/include/asm/domain.h +index 6ddbe44..b5e38b1 100644 +--- a/arch/arm/include/asm/domain.h ++++ b/arch/arm/include/asm/domain.h +@@ -48,18 +48,37 @@ + * Domain types + */ + #define DOMAIN_NOACCESS 0 +-#define DOMAIN_CLIENT 1 + #ifdef CONFIG_CPU_USE_DOMAINS ++#define DOMAIN_USERCLIENT 1 ++#define DOMAIN_KERNELCLIENT 1 + #define DOMAIN_MANAGER 3 ++#define DOMAIN_VECTORS DOMAIN_USER + #else ++ ++#ifdef CONFIG_PAX_KERNEXEC + #define DOMAIN_MANAGER 1 ++#define DOMAIN_KERNEXEC 3 ++#else ++#define DOMAIN_MANAGER 1 ++#endif ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++#define DOMAIN_USERCLIENT 0 ++#define DOMAIN_UDEREF 1 ++#define DOMAIN_VECTORS DOMAIN_KERNEL ++#else ++#define DOMAIN_USERCLIENT 1 ++#define DOMAIN_VECTORS DOMAIN_USER ++#endif ++#define DOMAIN_KERNELCLIENT 1 ++ + #endif + + #define domain_val(dom,type) ((type) << (2*(dom))) + + #ifndef __ASSEMBLY__ + +-#ifdef CONFIG_CPU_USE_DOMAINS ++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) + static inline void set_domain(unsigned val) + { + asm volatile( +@@ -68,15 +87,7 @@ static inline void set_domain(unsigned val) + isb(); + } + +-#define modify_domain(dom,type) \ +- do { \ +- struct thread_info *thread = current_thread_info(); \ +- unsigned int domain = thread->cpu_domain; \ +- domain &= ~domain_val(dom, DOMAIN_MANAGER); \ +- thread->cpu_domain = domain | domain_val(dom, type); \ +- set_domain(thread->cpu_domain); \ +- } while (0) +- ++extern void modify_domain(unsigned int dom, unsigned int type); + #else + static inline void set_domain(unsigned val) { } + static inline void modify_domain(unsigned dom, unsigned type) { } diff --git a/arch/arm/include/asm/elf.h b/arch/arm/include/asm/elf.h index 38050b1..9d90e8b 100644 --- a/arch/arm/include/asm/elf.h @@ -1476,6 +1656,92 @@ index 38050b1..9d90e8b 100644 -#define arch_randomize_brk arch_randomize_brk - #endif +diff --git a/arch/arm/include/asm/fncpy.h b/arch/arm/include/asm/fncpy.h +index de53547..52b9a28 100644 +--- a/arch/arm/include/asm/fncpy.h ++++ b/arch/arm/include/asm/fncpy.h +@@ -81,7 +81,9 @@ + BUG_ON((uintptr_t)(dest_buf) & (FNCPY_ALIGN - 1) || \ + (__funcp_address & ~(uintptr_t)1 & (FNCPY_ALIGN - 1))); \ + \ ++ pax_open_kernel(); \ + memcpy(dest_buf, (void const *)(__funcp_address & ~1), size); \ ++ pax_close_kernel(); \ + flush_icache_range((unsigned long)(dest_buf), \ + (unsigned long)(dest_buf) + (size)); \ + \ +diff --git a/arch/arm/include/asm/futex.h b/arch/arm/include/asm/futex.h +index e42cf59..7b94b8f 100644 +--- a/arch/arm/include/asm/futex.h ++++ b/arch/arm/include/asm/futex.h +@@ -50,6 +50,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, + if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) + return -EFAULT; + ++ pax_open_userland(); ++ + smp_mb(); + __asm__ __volatile__("@futex_atomic_cmpxchg_inatomic\n" + "1: ldrex %1, [%4]\n" +@@ -65,6 +67,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, + : "cc", "memory"); + smp_mb(); + ++ pax_close_userland(); ++ + *uval = val; + return ret; + } +@@ -95,6 +99,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, + if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) + return -EFAULT; + ++ pax_open_userland(); ++ + __asm__ __volatile__("@futex_atomic_cmpxchg_inatomic\n" + "1: " TUSER(ldr) " %1, [%4]\n" + " teq %1, %2\n" +@@ -105,6 +111,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, + : "r" (oldval), "r" (newval), "r" (uaddr), "Ir" (-EFAULT) + : "cc", "memory"); + ++ pax_close_userland(); ++ + *uval = val; + return ret; + } +@@ -127,6 +135,7 @@ futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr) + return -EFAULT; + + pagefault_disable(); /* implies preempt_disable() */ ++ pax_open_userland(); + + switch (op) { + case FUTEX_OP_SET: +@@ -148,6 +157,7 @@ futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr) + ret = -ENOSYS; + } + ++ pax_close_userland(); + pagefault_enable(); /* subsumes preempt_enable() */ + + if (!ret) { +diff --git a/arch/arm/include/asm/hardware/gic.h b/arch/arm/include/asm/hardware/gic.h +index 4b1ce6c..bea3f73 100644 +--- a/arch/arm/include/asm/hardware/gic.h ++++ b/arch/arm/include/asm/hardware/gic.h +@@ -34,9 +34,10 @@ + + #ifndef __ASSEMBLY__ + #include <linux/irqdomain.h> ++#include <linux/irq.h> + struct device_node; + +-extern struct irq_chip gic_arch_extn; ++extern irq_chip_no_const gic_arch_extn; + + void gic_init_bases(unsigned int, int, void __iomem *, void __iomem *, + u32 offset, struct device_node *); diff --git a/arch/arm/include/asm/kmap_types.h b/arch/arm/include/asm/kmap_types.h index 83eb2f7..ed77159 100644 --- a/arch/arm/include/asm/kmap_types.h @@ -1488,6 +1754,42 @@ index 83eb2f7..ed77159 100644 +#define KM_TYPE_NR 17 #endif +diff --git a/arch/arm/include/asm/mach/dma.h b/arch/arm/include/asm/mach/dma.h +index 9e614a1..3302cca 100644 +--- a/arch/arm/include/asm/mach/dma.h ++++ b/arch/arm/include/asm/mach/dma.h +@@ -22,7 +22,7 @@ struct dma_ops { + int (*residue)(unsigned int, dma_t *); /* optional */ + int (*setspeed)(unsigned int, dma_t *, int); /* optional */ + const char *type; +-}; ++} __do_const; + + struct dma_struct { + void *addr; /* single DMA address */ +diff --git a/arch/arm/include/asm/mach/map.h b/arch/arm/include/asm/mach/map.h +index 2fe141f..192dc01 100644 +--- a/arch/arm/include/asm/mach/map.h ++++ b/arch/arm/include/asm/mach/map.h +@@ -27,13 +27,16 @@ struct map_desc { + #define MT_MINICLEAN 6 + #define MT_LOW_VECTORS 7 + #define MT_HIGH_VECTORS 8 +-#define MT_MEMORY 9 ++#define MT_MEMORY_RWX 9 + #define MT_ROM 10 +-#define MT_MEMORY_NONCACHED 11 ++#define MT_MEMORY_NONCACHED_RX 11 + #define MT_MEMORY_DTCM 12 + #define MT_MEMORY_ITCM 13 + #define MT_MEMORY_SO 14 + #define MT_MEMORY_DMA_READY 15 ++#define MT_MEMORY_RW 16 ++#define MT_MEMORY_RX 17 ++#define MT_MEMORY_NONCACHED_RW 18 + + #ifdef CONFIG_MMU + extern void iotable_init(struct map_desc *, int); diff --git a/arch/arm/include/asm/outercache.h b/arch/arm/include/asm/outercache.h index 53426c6..c7baff3 100644 --- a/arch/arm/include/asm/outercache.h @@ -1502,7 +1804,7 @@ index 53426c6..c7baff3 100644 #ifdef CONFIG_OUTER_CACHE diff --git a/arch/arm/include/asm/page.h b/arch/arm/include/asm/page.h -index ecf9019..b71d9a1 100644 +index 812a494..71fc0b6 100644 --- a/arch/arm/include/asm/page.h +++ b/arch/arm/include/asm/page.h @@ -114,7 +114,7 @@ struct cpu_user_fns { @@ -1515,10 +1817,18 @@ index ecf9019..b71d9a1 100644 #ifdef MULTI_USER extern struct cpu_user_fns cpu_user; diff --git a/arch/arm/include/asm/pgalloc.h b/arch/arm/include/asm/pgalloc.h -index 943504f..bf8d667 100644 +index 943504f..c37a730 100644 --- a/arch/arm/include/asm/pgalloc.h +++ b/arch/arm/include/asm/pgalloc.h -@@ -43,6 +43,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) +@@ -17,6 +17,7 @@ + #include <asm/processor.h> + #include <asm/cacheflush.h> + #include <asm/tlbflush.h> ++#include <asm/system_info.h> + + #define check_pgt_cache() do { } while (0) + +@@ -43,6 +44,11 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) set_pud(pud, __pud(__pa(pmd) | PMD_TYPE_TABLE)); } @@ -1530,7 +1840,7 @@ index 943504f..bf8d667 100644 #else /* !CONFIG_ARM_LPAE */ /* -@@ -51,6 +56,7 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) +@@ -51,6 +57,7 @@ static inline void pud_populate(struct mm_struct *mm, pud_t *pud, pmd_t *pmd) #define pmd_alloc_one(mm,addr) ({ BUG(); ((pmd_t *)2); }) #define pmd_free(mm, pmd) do { } while (0) #define pud_populate(mm,pmd,pte) BUG() @@ -1538,50 +1848,427 @@ index 943504f..bf8d667 100644 #endif /* CONFIG_ARM_LPAE */ +@@ -126,6 +133,19 @@ static inline void pte_free(struct mm_struct *mm, pgtable_t pte) + __free_page(pte); + } + ++static inline void __section_update(pmd_t *pmdp, unsigned long addr, pmdval_t prot) ++{ ++#ifdef CONFIG_ARM_LPAE ++ pmdp[0] = __pmd(pmd_val(pmdp[0]) | prot); ++#else ++ if (addr & SECTION_SIZE) ++ pmdp[1] = __pmd(pmd_val(pmdp[1]) | prot); ++ else ++ pmdp[0] = __pmd(pmd_val(pmdp[0]) | prot); ++#endif ++ flush_pmd_entry(pmdp); ++} ++ + static inline void __pmd_populate(pmd_t *pmdp, phys_addr_t pte, + pmdval_t prot) + { +@@ -155,7 +175,7 @@ pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmdp, pte_t *ptep) + static inline void + pmd_populate(struct mm_struct *mm, pmd_t *pmdp, pgtable_t ptep) + { +- __pmd_populate(pmdp, page_to_phys(ptep), _PAGE_USER_TABLE); ++ __pmd_populate(pmdp, page_to_phys(ptep), _PAGE_USER_TABLE | __supported_pmd_mask); + } + #define pmd_pgtable(pmd) pmd_page(pmd) + +diff --git a/arch/arm/include/asm/pgtable-2level-hwdef.h b/arch/arm/include/asm/pgtable-2level-hwdef.h +index 5cfba15..f415e1a 100644 +--- a/arch/arm/include/asm/pgtable-2level-hwdef.h ++++ b/arch/arm/include/asm/pgtable-2level-hwdef.h +@@ -20,12 +20,15 @@ + #define PMD_TYPE_FAULT (_AT(pmdval_t, 0) << 0) + #define PMD_TYPE_TABLE (_AT(pmdval_t, 1) << 0) + #define PMD_TYPE_SECT (_AT(pmdval_t, 2) << 0) ++#define PMD_PXNTABLE (_AT(pmdval_t, 1) << 2) /* v7 */ + #define PMD_BIT4 (_AT(pmdval_t, 1) << 4) + #define PMD_DOMAIN(x) (_AT(pmdval_t, (x)) << 5) + #define PMD_PROTECTION (_AT(pmdval_t, 1) << 9) /* v5 */ ++ + /* + * - section + */ ++#define PMD_SECT_PXN (_AT(pmdval_t, 1) << 0) /* v7 */ + #define PMD_SECT_BUFFERABLE (_AT(pmdval_t, 1) << 2) + #define PMD_SECT_CACHEABLE (_AT(pmdval_t, 1) << 3) + #define PMD_SECT_XN (_AT(pmdval_t, 1) << 4) /* v6 */ +@@ -37,6 +40,7 @@ + #define PMD_SECT_nG (_AT(pmdval_t, 1) << 17) /* v6 */ + #define PMD_SECT_SUPER (_AT(pmdval_t, 1) << 18) /* v6 */ + #define PMD_SECT_AF (_AT(pmdval_t, 0)) ++#define PMD_SECT_RDONLY (_AT(pmdval_t, 0)) + + #define PMD_SECT_UNCACHED (_AT(pmdval_t, 0)) + #define PMD_SECT_BUFFERED (PMD_SECT_BUFFERABLE) +@@ -66,6 +70,7 @@ + * - extended small page/tiny page + */ + #define PTE_EXT_XN (_AT(pteval_t, 1) << 0) /* v6 */ ++#define PTE_EXT_PXN (_AT(pteval_t, 1) << 2) /* v7 */ + #define PTE_EXT_AP_MASK (_AT(pteval_t, 3) << 4) + #define PTE_EXT_AP0 (_AT(pteval_t, 1) << 4) + #define PTE_EXT_AP1 (_AT(pteval_t, 2) << 4) +diff --git a/arch/arm/include/asm/pgtable-2level.h b/arch/arm/include/asm/pgtable-2level.h +index f97ee02..07f1be5 100644 +--- a/arch/arm/include/asm/pgtable-2level.h ++++ b/arch/arm/include/asm/pgtable-2level.h +@@ -125,6 +125,7 @@ + #define L_PTE_XN (_AT(pteval_t, 1) << 9) + #define L_PTE_SHARED (_AT(pteval_t, 1) << 10) /* shared(v6), coherent(xsc3) */ + #define L_PTE_NONE (_AT(pteval_t, 1) << 11) ++#define L_PTE_PXN (_AT(pteval_t, 1) << 12) /* v7*/ + + /* + * These are the memory types, defined to be compatible with +diff --git a/arch/arm/include/asm/pgtable-3level-hwdef.h b/arch/arm/include/asm/pgtable-3level-hwdef.h +index d795282..a43ea90 100644 +--- a/arch/arm/include/asm/pgtable-3level-hwdef.h ++++ b/arch/arm/include/asm/pgtable-3level-hwdef.h +@@ -32,15 +32,18 @@ + #define PMD_TYPE_SECT (_AT(pmdval_t, 1) << 0) + #define PMD_BIT4 (_AT(pmdval_t, 0)) + #define PMD_DOMAIN(x) (_AT(pmdval_t, 0)) ++#define PMD_PXNTABLE (_AT(pmdval_t, 1) << 59) /* PXNTable */ + + /* + * - section + */ + #define PMD_SECT_BUFFERABLE (_AT(pmdval_t, 1) << 2) + #define PMD_SECT_CACHEABLE (_AT(pmdval_t, 1) << 3) ++#define PMD_SECT_RDONLY (_AT(pmdval_t, 1) << 7) + #define PMD_SECT_S (_AT(pmdval_t, 3) << 8) + #define PMD_SECT_AF (_AT(pmdval_t, 1) << 10) + #define PMD_SECT_nG (_AT(pmdval_t, 1) << 11) ++#define PMD_SECT_PXN (_AT(pmdval_t, 1) << 53) + #define PMD_SECT_XN (_AT(pmdval_t, 1) << 54) + #define PMD_SECT_AP_WRITE (_AT(pmdval_t, 0)) + #define PMD_SECT_AP_READ (_AT(pmdval_t, 0)) +@@ -66,6 +69,7 @@ + #define PTE_EXT_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */ + #define PTE_EXT_AF (_AT(pteval_t, 1) << 10) /* Access Flag */ + #define PTE_EXT_NG (_AT(pteval_t, 1) << 11) /* nG */ ++#define PTE_EXT_PXN (_AT(pteval_t, 1) << 53) /* PXN */ + #define PTE_EXT_XN (_AT(pteval_t, 1) << 54) /* XN */ + + /* +diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h +index a3f3792..7b932a6 100644 +--- a/arch/arm/include/asm/pgtable-3level.h ++++ b/arch/arm/include/asm/pgtable-3level.h +@@ -74,6 +74,7 @@ + #define L_PTE_RDONLY (_AT(pteval_t, 1) << 7) /* AP[2] */ + #define L_PTE_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */ + #define L_PTE_YOUNG (_AT(pteval_t, 1) << 10) /* AF */ ++#define L_PTE_PXN (_AT(pteval_t, 1) << 53) /* PXN */ + #define L_PTE_XN (_AT(pteval_t, 1) << 54) /* XN */ + #define L_PTE_DIRTY (_AT(pteval_t, 1) << 55) /* unused */ + #define L_PTE_SPECIAL (_AT(pteval_t, 1) << 56) /* unused */ +@@ -82,6 +83,7 @@ + /* + * To be used in assembly code with the upper page attributes. + */ ++#define L_PTE_PXN_HIGH (1 << (53 - 32)) + #define L_PTE_XN_HIGH (1 << (54 - 32)) + #define L_PTE_DIRTY_HIGH (1 << (55 - 32)) + +diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h +index 9c82f988..514705a 100644 +--- a/arch/arm/include/asm/pgtable.h ++++ b/arch/arm/include/asm/pgtable.h +@@ -30,6 +30,9 @@ + #include <asm/pgtable-2level.h> + #endif + ++#define ktla_ktva(addr) (addr) ++#define ktva_ktla(addr) (addr) ++ + /* + * Just any arbitrary offset to the start of the vmalloc VM area: the + * current 8MB value just means that there will be a 8MB "hole" after the +@@ -45,6 +48,9 @@ + #define LIBRARY_TEXT_START 0x0c000000 + + #ifndef __ASSEMBLY__ ++extern pteval_t __supported_pte_mask; ++extern pmdval_t __supported_pmd_mask; ++ + extern void __pte_error(const char *file, int line, pte_t); + extern void __pmd_error(const char *file, int line, pmd_t); + extern void __pgd_error(const char *file, int line, pgd_t); +@@ -53,6 +59,50 @@ extern void __pgd_error(const char *file, int line, pgd_t); + #define pmd_ERROR(pmd) __pmd_error(__FILE__, __LINE__, pmd) + #define pgd_ERROR(pgd) __pgd_error(__FILE__, __LINE__, pgd) + ++#define __HAVE_ARCH_PAX_OPEN_KERNEL ++#define __HAVE_ARCH_PAX_CLOSE_KERNEL ++ ++#ifdef CONFIG_PAX_KERNEXEC ++#include <asm/domain.h> ++#include <linux/thread_info.h> ++#include <linux/preempt.h> ++#endif ++ ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++static inline int test_domain(int domain, int domaintype) ++{ ++ return ((current_thread_info()->cpu_domain) & domain_val(domain, 3)) == domain_val(domain, domaintype); ++} ++#endif ++ ++#ifdef CONFIG_PAX_KERNEXEC ++static inline unsigned long pax_open_kernel(void) { ++#ifdef CONFIG_ARM_LPAE ++ /* TODO */ ++#else ++ preempt_disable(); ++ BUG_ON(test_domain(DOMAIN_KERNEL, DOMAIN_KERNEXEC)); ++ modify_domain(DOMAIN_KERNEL, DOMAIN_KERNEXEC); ++#endif ++ return 0; ++} ++ ++static inline unsigned long pax_close_kernel(void) { ++#ifdef CONFIG_ARM_LPAE ++ /* TODO */ ++#else ++ BUG_ON(test_domain(DOMAIN_KERNEL, DOMAIN_MANAGER)); ++ /* DOMAIN_MANAGER = "client" under KERNEXEC */ ++ modify_domain(DOMAIN_KERNEL, DOMAIN_MANAGER); ++ preempt_enable_no_resched(); ++#endif ++ return 0; ++} ++#else ++static inline unsigned long pax_open_kernel(void) { return 0; } ++static inline unsigned long pax_close_kernel(void) { return 0; } ++#endif ++ + /* + * This is the lowest virtual address we can permit any user space + * mapping to be mapped at. This is particularly important for +@@ -63,8 +113,8 @@ extern void __pgd_error(const char *file, int line, pgd_t); + /* + * The pgprot_* and protection_map entries will be fixed up in runtime + * to include the cachable and bufferable bits based on memory policy, +- * as well as any architecture dependent bits like global/ASID and SMP +- * shared mapping bits. ++ * as well as any architecture dependent bits like global/ASID, PXN, ++ * and SMP shared mapping bits. + */ + #define _L_PTE_DEFAULT L_PTE_PRESENT | L_PTE_YOUNG + +@@ -240,7 +290,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; } + + static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) + { +- const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER | L_PTE_NONE; ++ const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER | L_PTE_NONE | __supported_pte_mask; + pte_val(pte) = (pte_val(pte) & ~mask) | (pgprot_val(newprot) & mask); + return pte; + } +diff --git a/arch/arm/include/asm/proc-fns.h b/arch/arm/include/asm/proc-fns.h +index f3628fb..a0672dd 100644 +--- a/arch/arm/include/asm/proc-fns.h ++++ b/arch/arm/include/asm/proc-fns.h +@@ -75,7 +75,7 @@ extern struct processor { + unsigned int suspend_size; + void (*do_suspend)(void *); + void (*do_resume)(void *); +-} processor; ++} __do_const processor; + + #ifndef MULTI_CPU + extern void cpu_proc_init(void); +diff --git a/arch/arm/include/asm/processor.h b/arch/arm/include/asm/processor.h +index 06e7d50..8a8e251 100644 +--- a/arch/arm/include/asm/processor.h ++++ b/arch/arm/include/asm/processor.h +@@ -65,9 +65,8 @@ struct thread_struct { + regs->ARM_cpsr |= PSR_ENDSTATE; \ + regs->ARM_pc = pc & ~1; /* pc */ \ + regs->ARM_sp = sp; /* sp */ \ +- regs->ARM_r2 = stack[2]; /* r2 (envp) */ \ +- regs->ARM_r1 = stack[1]; /* r1 (argv) */ \ +- regs->ARM_r0 = stack[0]; /* r0 (argc) */ \ ++ /* r2 (envp), r1 (argv), r0 (argc) */ \ ++ (void)copy_from_user(®s->ARM_r0, (const char __user *)stack, 3 * sizeof(unsigned long)); \ + nommu_start_thread(regs); \ + }) + +diff --git a/arch/arm/include/asm/smp.h b/arch/arm/include/asm/smp.h +index d3a22be..3a69ad5 100644 +--- a/arch/arm/include/asm/smp.h ++++ b/arch/arm/include/asm/smp.h +@@ -107,7 +107,7 @@ struct smp_operations { + int (*cpu_disable)(unsigned int cpu); + #endif + #endif +-}; ++} __no_const; + + /* + * set platform specific SMP operations diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h -index af7b0bd..6750a8c 100644 +index cddda1f..ff357f7 100644 --- a/arch/arm/include/asm/thread_info.h +++ b/arch/arm/include/asm/thread_info.h -@@ -148,6 +148,12 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, - #define TIF_NOTIFY_RESUME 2 /* callback before returning to user */ - #define TIF_SYSCALL_TRACE 8 +@@ -77,9 +77,9 @@ struct thread_info { + .flags = 0, \ + .preempt_count = INIT_PREEMPT_COUNT, \ + .addr_limit = KERNEL_DS, \ +- .cpu_domain = domain_val(DOMAIN_USER, DOMAIN_MANAGER) | \ +- domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \ +- domain_val(DOMAIN_IO, DOMAIN_CLIENT), \ ++ .cpu_domain = domain_val(DOMAIN_USER, DOMAIN_USERCLIENT) | \ ++ domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT) | \ ++ domain_val(DOMAIN_IO, DOMAIN_KERNELCLIENT), \ + .restart_block = { \ + .fn = do_no_restart_syscall, \ + }, \ +@@ -152,6 +152,12 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, #define TIF_SYSCALL_AUDIT 9 + #define TIF_SYSCALL_TRACEPOINT 10 + #define TIF_SECCOMP 11 /* seccomp syscall filtering active */ + +/* within 8 bits of TIF_SYSCALL_TRACE -+ to meet flexible second operand requirements -+*/ -+#define TIF_GRSEC_SETXID 10 ++ * to meet flexible second operand requirements ++ */ ++#define TIF_GRSEC_SETXID 12 + - #define TIF_POLLING_NRFLAG 16 #define TIF_USING_IWMMXT 17 #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ -@@ -163,9 +169,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, - #define _TIF_POLLING_NRFLAG (1 << TIF_POLLING_NRFLAG) - #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) + #define TIF_RESTORE_SIGMASK 20 +@@ -165,10 +171,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, + #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) #define _TIF_SECCOMP (1 << TIF_SECCOMP) + #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) +#define _TIF_GRSEC_SETXID (1 << TIF_GRSEC_SETXID) /* Checks for any syscall work in entry-common.S */ --#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT) -+#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \ -+ _TIF_GRSEC_SETXID) + #define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \ +- _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP) ++ _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | _TIF_GRSEC_SETXID) /* * Change these and you break ASM code in entry-common.S diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h -index 77bd79f..ad4cd27 100644 +index 7e1f760..752fcb7 100644 --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h -@@ -22,6 +22,8 @@ +@@ -18,6 +18,7 @@ + #include <asm/domain.h> + #include <asm/unified.h> + #include <asm/compiler.h> ++#include <asm/pgtable.h> + #define VERIFY_READ 0 #define VERIFY_WRITE 1 +@@ -60,10 +61,34 @@ extern int __put_user_bad(void); + #define USER_DS TASK_SIZE + #define get_fs() (current_thread_info()->addr_limit) -+extern void check_object_size(const void *ptr, unsigned long n, bool to); ++static inline void pax_open_userland(void) ++{ + - /* - * The exception table consists of pairs of addresses: the first is the - * address of an instruction that is allowed to fault, and the second is -@@ -418,8 +420,23 @@ do { \ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ if (get_fs() == USER_DS) { ++ BUG_ON(test_domain(DOMAIN_USER, DOMAIN_UDEREF)); ++ modify_domain(DOMAIN_USER, DOMAIN_UDEREF); ++ } ++#endif ++ ++} ++ ++static inline void pax_close_userland(void) ++{ ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ if (get_fs() == USER_DS) { ++ BUG_ON(test_domain(DOMAIN_USER, DOMAIN_NOACCESS)); ++ modify_domain(DOMAIN_USER, DOMAIN_NOACCESS); ++ } ++#endif ++ ++} ++ + static inline void set_fs(mm_segment_t fs) + { + current_thread_info()->addr_limit = fs; +- modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_CLIENT : DOMAIN_MANAGER); ++ modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_KERNELCLIENT : DOMAIN_MANAGER); + } + + #define segment_eq(a,b) ((a) == (b)) +@@ -143,8 +168,12 @@ extern int __get_user_4(void *); + + #define get_user(x,p) \ + ({ \ ++ int __e; \ + might_fault(); \ +- __get_user_check(x,p); \ ++ pax_open_userland(); \ ++ __e = __get_user_check(x,p); \ ++ pax_close_userland(); \ ++ __e; \ + }) + + extern int __put_user_1(void *, unsigned int); +@@ -188,8 +217,12 @@ extern int __put_user_8(void *, unsigned long long); + + #define put_user(x,p) \ + ({ \ ++ int __e; \ + might_fault(); \ +- __put_user_check(x,p); \ ++ pax_open_userland(); \ ++ __e = __put_user_check(x,p); \ ++ pax_close_userland(); \ ++ __e; \ + }) + + #else /* CONFIG_MMU */ +@@ -230,13 +263,17 @@ static inline void set_fs(mm_segment_t fs) + #define __get_user(x,ptr) \ + ({ \ + long __gu_err = 0; \ ++ pax_open_userland(); \ + __get_user_err((x),(ptr),__gu_err); \ ++ pax_close_userland(); \ + __gu_err; \ + }) + + #define __get_user_error(x,ptr,err) \ + ({ \ ++ pax_open_userland(); \ + __get_user_err((x),(ptr),err); \ ++ pax_close_userland(); \ + (void) 0; \ + }) + +@@ -312,13 +349,17 @@ do { \ + #define __put_user(x,ptr) \ + ({ \ + long __pu_err = 0; \ ++ pax_open_userland(); \ + __put_user_err((x),(ptr),__pu_err); \ ++ pax_close_userland(); \ + __pu_err; \ + }) + + #define __put_user_error(x,ptr,err) \ + ({ \ ++ pax_open_userland(); \ + __put_user_err((x),(ptr),err); \ ++ pax_close_userland(); \ + (void) 0; \ + }) + +@@ -418,11 +459,44 @@ do { \ #ifdef CONFIG_MMU @@ -1592,22 +2279,44 @@ index 77bd79f..ad4cd27 100644 + +static inline unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n) +{ -+ if (!__builtin_constant_p(n)) -+ check_object_size(to, n, false); -+ return ___copy_from_user(to, from, n); ++ unsigned long ret; ++ ++ check_object_size(to, n, false); ++ pax_open_userland(); ++ ret = ___copy_from_user(to, from, n); ++ pax_close_userland(); ++ return ret; +} + +static inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n) +{ -+ if (!__builtin_constant_p(n)) -+ check_object_size(from, n, true); -+ return ___copy_to_user(to, from, n); ++ unsigned long ret; ++ ++ check_object_size(from, n, true); ++ pax_open_userland(); ++ ret = ___copy_to_user(to, from, n); ++ pax_close_userland(); ++ return ret; +} + extern unsigned long __must_check __copy_to_user_std(void __user *to, const void *from, unsigned long n); - extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n); +-extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n); ++extern unsigned long __must_check ___clear_user(void __user *addr, unsigned long n); extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned long n); -@@ -431,6 +448,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l ++ ++static inline unsigned long __must_check __clear_user(void __user *addr, unsigned long n) ++{ ++ unsigned long ret; ++ pax_open_userland(); ++ ret = ___clear_user(addr, n); ++ pax_close_userland(); ++ return ret; ++} ++ + #else + #define __copy_from_user(to,from,n) (memcpy(to, (void __force *)from, n), 0) + #define __copy_to_user(to,from,n) (memcpy((void __force *)to, from, n), 0) +@@ -431,6 +505,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { @@ -1617,7 +2326,7 @@ index 77bd79f..ad4cd27 100644 if (access_ok(VERIFY_READ, from, n)) n = __copy_from_user(to, from, n); else /* security hole - plug it */ -@@ -440,6 +460,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u +@@ -440,6 +517,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) { @@ -1627,23 +2336,508 @@ index 77bd79f..ad4cd27 100644 if (access_ok(VERIFY_WRITE, to, n)) n = __copy_to_user(to, from, n); return n; +diff --git a/arch/arm/include/uapi/asm/ptrace.h b/arch/arm/include/uapi/asm/ptrace.h +index 96ee092..37f1844 100644 +--- a/arch/arm/include/uapi/asm/ptrace.h ++++ b/arch/arm/include/uapi/asm/ptrace.h +@@ -73,7 +73,7 @@ + * ARMv7 groups of PSR bits + */ + #define APSR_MASK 0xf80f0000 /* N, Z, C, V, Q and GE flags */ +-#define PSR_ISET_MASK 0x01000010 /* ISA state (J, T) mask */ ++#define PSR_ISET_MASK 0x01000020 /* ISA state (J, T) mask */ + #define PSR_IT_MASK 0x0600fc00 /* If-Then execution state mask */ + #define PSR_ENDIAN_MASK 0x00000200 /* Endianness state mask */ + diff --git a/arch/arm/kernel/armksyms.c b/arch/arm/kernel/armksyms.c -index 60d3b73..9168db0 100644 +index 60d3b73..d27ee09 100644 --- a/arch/arm/kernel/armksyms.c +++ b/arch/arm/kernel/armksyms.c -@@ -89,8 +89,8 @@ EXPORT_SYMBOL(__memzero); +@@ -89,9 +89,9 @@ EXPORT_SYMBOL(__memzero); #ifdef CONFIG_MMU EXPORT_SYMBOL(copy_page); -EXPORT_SYMBOL(__copy_from_user); -EXPORT_SYMBOL(__copy_to_user); +-EXPORT_SYMBOL(__clear_user); +EXPORT_SYMBOL(___copy_from_user); +EXPORT_SYMBOL(___copy_to_user); - EXPORT_SYMBOL(__clear_user); ++EXPORT_SYMBOL(___clear_user); EXPORT_SYMBOL(__get_user_1); + EXPORT_SYMBOL(__get_user_2); +diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S +index 0f82098..3dbd3ee 100644 +--- a/arch/arm/kernel/entry-armv.S ++++ b/arch/arm/kernel/entry-armv.S +@@ -47,6 +47,87 @@ + 9997: + .endm + ++ .macro pax_enter_kernel ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ @ make aligned space for saved DACR ++ sub sp, sp, #8 ++ @ save regs ++ stmdb sp!, {r1, r2} ++ @ read DACR from cpu_domain into r1 ++ mov r2, sp ++ @ assume 8K pages, since we have to split the immediate in two ++ bic r2, r2, #(0x1fc0) ++ bic r2, r2, #(0x3f) ++ ldr r1, [r2, #TI_CPU_DOMAIN] ++ @ store old DACR on stack ++ str r1, [sp, #8] ++#ifdef CONFIG_PAX_KERNEXEC ++ @ set type of DOMAIN_KERNEL to DOMAIN_KERNELCLIENT ++ bic r1, r1, #(domain_val(DOMAIN_KERNEL, 3)) ++ orr r1, r1, #(domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT)) ++#endif ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ @ set current DOMAIN_USER to DOMAIN_NOACCESS ++ bic r1, r1, #(domain_val(DOMAIN_USER, 3)) ++#endif ++ @ write r1 to current_thread_info()->cpu_domain ++ str r1, [r2, #TI_CPU_DOMAIN] ++ @ write r1 to DACR ++ mcr p15, 0, r1, c3, c0, 0 ++ @ instruction sync ++ instr_sync ++ @ restore regs ++ ldmia sp!, {r1, r2} ++#endif ++ .endm ++ ++ .macro pax_open_userland ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ @ save regs ++ stmdb sp!, {r0, r1} ++ @ read DACR from cpu_domain into r1 ++ mov r0, sp ++ @ assume 8K pages, since we have to split the immediate in two ++ bic r0, r0, #(0x1fc0) ++ bic r0, r0, #(0x3f) ++ ldr r1, [r0, #TI_CPU_DOMAIN] ++ @ set current DOMAIN_USER to DOMAIN_CLIENT ++ bic r1, r1, #(domain_val(DOMAIN_USER, 3)) ++ orr r1, r1, #(domain_val(DOMAIN_USER, DOMAIN_UDEREF)) ++ @ write r1 to current_thread_info()->cpu_domain ++ str r1, [r0, #TI_CPU_DOMAIN] ++ @ write r1 to DACR ++ mcr p15, 0, r1, c3, c0, 0 ++ @ instruction sync ++ instr_sync ++ @ restore regs ++ ldmia sp!, {r0, r1} ++#endif ++ .endm ++ ++ .macro pax_close_userland ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ @ save regs ++ stmdb sp!, {r0, r1} ++ @ read DACR from cpu_domain into r1 ++ mov r0, sp ++ @ assume 8K pages, since we have to split the immediate in two ++ bic r0, r0, #(0x1fc0) ++ bic r0, r0, #(0x3f) ++ ldr r1, [r0, #TI_CPU_DOMAIN] ++ @ set current DOMAIN_USER to DOMAIN_NOACCESS ++ bic r1, r1, #(domain_val(DOMAIN_USER, 3)) ++ @ write r1 to current_thread_info()->cpu_domain ++ str r1, [r0, #TI_CPU_DOMAIN] ++ @ write r1 to DACR ++ mcr p15, 0, r1, c3, c0, 0 ++ @ instruction sync ++ instr_sync ++ @ restore regs ++ ldmia sp!, {r0, r1} ++#endif ++ .endm ++ + .macro pabt_helper + @ PABORT handler takes pt_regs in r2, fault address in r4 and psr in r5 + #ifdef MULTI_PABORT +@@ -89,11 +170,15 @@ + * Invalid mode handlers + */ + .macro inv_entry, reason ++ ++ pax_enter_kernel ++ + sub sp, sp, #S_FRAME_SIZE + ARM( stmib sp, {r1 - lr} ) + THUMB( stmia sp, {r0 - r12} ) + THUMB( str sp, [sp, #S_SP] ) + THUMB( str lr, [sp, #S_LR] ) ++ + mov r1, #\reason + .endm + +@@ -149,7 +234,11 @@ ENDPROC(__und_invalid) + .macro svc_entry, stack_hole=0 + UNWIND(.fnstart ) + UNWIND(.save {r0 - pc} ) ++ ++ pax_enter_kernel ++ + sub sp, sp, #(S_FRAME_SIZE + \stack_hole - 4) ++ + #ifdef CONFIG_THUMB2_KERNEL + SPFIX( str r0, [sp] ) @ temporarily saved + SPFIX( mov r0, sp ) +@@ -164,7 +253,12 @@ ENDPROC(__und_invalid) + ldmia r0, {r3 - r5} + add r7, sp, #S_SP - 4 @ here for interlock avoidance + mov r6, #-1 @ "" "" "" "" ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ @ offset sp by 8 as done in pax_enter_kernel ++ add r2, sp, #(S_FRAME_SIZE + \stack_hole + 4) ++#else + add r2, sp, #(S_FRAME_SIZE + \stack_hole - 4) ++#endif + SPFIX( addeq r2, r2, #4 ) + str r3, [sp, #-4]! @ save the "real" r0 copied + @ from the exception stack +@@ -359,6 +453,9 @@ ENDPROC(__pabt_svc) + .macro usr_entry + UNWIND(.fnstart ) + UNWIND(.cantunwind ) @ don't unwind the user space ++ ++ pax_enter_kernel_user ++ + sub sp, sp, #S_FRAME_SIZE + ARM( stmib sp, {r1 - r12} ) + THUMB( stmia sp, {r0 - r12} ) +@@ -456,7 +553,9 @@ __und_usr: + tst r3, #PSR_T_BIT @ Thumb mode? + bne __und_usr_thumb + sub r4, r2, #4 @ ARM instr at LR - 4 ++ pax_open_userland + 1: ldrt r0, [r4] ++ pax_close_userland + #ifdef CONFIG_CPU_ENDIAN_BE8 + rev r0, r0 @ little endian instruction + #endif +@@ -491,10 +590,14 @@ __und_usr_thumb: + */ + .arch armv6t2 + #endif ++ pax_open_userland + 2: ldrht r5, [r4] ++ pax_close_userland + cmp r5, #0xe800 @ 32bit instruction if xx != 0 + blo __und_usr_fault_16 @ 16bit undefined instruction ++ pax_open_userland + 3: ldrht r0, [r2] ++ pax_close_userland + add r2, r2, #2 @ r2 is PC + 2, make it PC + 4 + str r2, [sp, #S_PC] @ it's a 2x16bit instr, update + orr r0, r0, r5, lsl #16 +@@ -733,7 +836,7 @@ ENTRY(__switch_to) + THUMB( stmia ip!, {r4 - sl, fp} ) @ Store most regs on stack + THUMB( str sp, [ip], #4 ) + THUMB( str lr, [ip], #4 ) +-#ifdef CONFIG_CPU_USE_DOMAINS ++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) + ldr r6, [r2, #TI_CPU_DOMAIN] + #endif + set_tls r3, r4, r5 +@@ -742,7 +845,7 @@ ENTRY(__switch_to) + ldr r8, =__stack_chk_guard + ldr r7, [r7, #TSK_STACK_CANARY] + #endif +-#ifdef CONFIG_CPU_USE_DOMAINS ++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) + mcr p15, 0, r6, c3, c0, 0 @ Set domain register + #endif + mov r5, r0 +diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S +index a6c301e..908821b 100644 +--- a/arch/arm/kernel/entry-common.S ++++ b/arch/arm/kernel/entry-common.S +@@ -10,18 +10,46 @@ + + #include <asm/unistd.h> + #include <asm/ftrace.h> ++#include <asm/domain.h> + #include <asm/unwind.h> + ++#include "entry-header.S" ++ + #ifdef CONFIG_NEED_RET_TO_USER + #include <mach/entry-macro.S> + #else + .macro arch_ret_to_user, tmp1, tmp2 ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ @ save regs ++ stmdb sp!, {r1, r2} ++ @ read DACR from cpu_domain into r1 ++ mov r2, sp ++ @ assume 8K pages, since we have to split the immediate in two ++ bic r2, r2, #(0x1fc0) ++ bic r2, r2, #(0x3f) ++ ldr r1, [r2, #TI_CPU_DOMAIN] ++#ifdef CONFIG_PAX_KERNEXEC ++ @ set type of DOMAIN_KERNEL to DOMAIN_KERNELCLIENT ++ bic r1, r1, #(domain_val(DOMAIN_KERNEL, 3)) ++ orr r1, r1, #(domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT)) ++#endif ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ @ set current DOMAIN_USER to DOMAIN_UDEREF ++ bic r1, r1, #(domain_val(DOMAIN_USER, 3)) ++ orr r1, r1, #(domain_val(DOMAIN_USER, DOMAIN_UDEREF)) ++#endif ++ @ write r1 to current_thread_info()->cpu_domain ++ str r1, [r2, #TI_CPU_DOMAIN] ++ @ write r1 to DACR ++ mcr p15, 0, r1, c3, c0, 0 ++ @ instruction sync ++ instr_sync ++ @ restore regs ++ ldmia sp!, {r1, r2} ++#endif + .endm + #endif + +-#include "entry-header.S" +- +- + .align 5 + /* + * This is the fast syscall return path. We do as little as +@@ -339,6 +367,7 @@ ENDPROC(ftrace_stub) + + .align 5 + ENTRY(vector_swi) ++ + sub sp, sp, #S_FRAME_SIZE + stmia sp, {r0 - r12} @ Calling r0 - r12 + ARM( add r8, sp, #S_PC ) +@@ -388,6 +417,12 @@ ENTRY(vector_swi) + ldr scno, [lr, #-4] @ get SWI instruction + #endif + ++ /* ++ * do this here to avoid a performance hit of wrapping the code above ++ * that directly dereferences userland to parse the SWI instruction ++ */ ++ pax_enter_kernel_user ++ + #ifdef CONFIG_ALIGNMENT_TRAP + ldr ip, __cr_alignment + ldr ip, [ip] +diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S +index 9a8531e..812e287 100644 +--- a/arch/arm/kernel/entry-header.S ++++ b/arch/arm/kernel/entry-header.S +@@ -73,9 +73,66 @@ + msr cpsr_c, \rtemp @ switch back to the SVC mode + .endm + ++ .macro pax_enter_kernel_user ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ @ save regs ++ stmdb sp!, {r0, r1} ++ @ read DACR from cpu_domain into r1 ++ mov r0, sp ++ @ assume 8K pages, since we have to split the immediate in two ++ bic r0, r0, #(0x1fc0) ++ bic r0, r0, #(0x3f) ++ ldr r1, [r0, #TI_CPU_DOMAIN] ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ @ set current DOMAIN_USER to DOMAIN_NOACCESS ++ bic r1, r1, #(domain_val(DOMAIN_USER, 3)) ++#endif ++#ifdef CONFIG_PAX_KERNEXEC ++ @ set current DOMAIN_KERNEL to DOMAIN_KERNELCLIENT ++ bic r1, r1, #(domain_val(DOMAIN_KERNEL, 3)) ++ orr r1, r1, #(domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT)) ++#endif ++ @ write r1 to current_thread_info()->cpu_domain ++ str r1, [r0, #TI_CPU_DOMAIN] ++ @ write r1 to DACR ++ mcr p15, 0, r1, c3, c0, 0 ++ @ instruction sync ++ instr_sync ++ @ restore regs ++ ldmia sp!, {r0, r1} ++#endif ++ .endm ++ ++ .macro pax_exit_kernel ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ @ save regs ++ stmdb sp!, {r0, r1} ++ @ read old DACR from stack into r1 ++ ldr r1, [sp, #(8 + S_SP)] ++ sub r1, r1, #8 ++ ldr r1, [r1] ++ ++ @ write r1 to current_thread_info()->cpu_domain ++ mov r0, sp ++ @ assume 8K pages, since we have to split the immediate in two ++ bic r0, r0, #(0x1fc0) ++ bic r0, r0, #(0x3f) ++ str r1, [r0, #TI_CPU_DOMAIN] ++ @ write r1 to DACR ++ mcr p15, 0, r1, c3, c0, 0 ++ @ instruction sync ++ instr_sync ++ @ restore regs ++ ldmia sp!, {r0, r1} ++#endif ++ .endm ++ + #ifndef CONFIG_THUMB2_KERNEL + .macro svc_exit, rpsr + msr spsr_cxsf, \rpsr ++ ++ pax_exit_kernel ++ + #if defined(CONFIG_CPU_V6) + ldr r0, [sp] + strex r1, r2, [sp] @ clear the exclusive monitor +@@ -121,6 +178,9 @@ + .endm + #else /* CONFIG_THUMB2_KERNEL */ + .macro svc_exit, rpsr ++ ++ pax_exit_kernel ++ + ldr lr, [sp, #S_SP] @ top of the stack + ldrd r0, r1, [sp, #S_LR] @ calling lr and pc + clrex @ clear the exclusive monitor +diff --git a/arch/arm/kernel/fiq.c b/arch/arm/kernel/fiq.c +index 2adda11..7fbe958 100644 +--- a/arch/arm/kernel/fiq.c ++++ b/arch/arm/kernel/fiq.c +@@ -82,7 +82,9 @@ void set_fiq_handler(void *start, unsigned int length) + #if defined(CONFIG_CPU_USE_DOMAINS) + memcpy((void *)0xffff001c, start, length); + #else ++ pax_open_kernel(); + memcpy(vectors_page + 0x1c, start, length); ++ pax_close_kernel(); + #endif + flush_icache_range(0xffff001c, 0xffff001c + length); + if (!vectors_high()) +diff --git a/arch/arm/kernel/head.S b/arch/arm/kernel/head.S +index 486a15a..2d6880e 100644 +--- a/arch/arm/kernel/head.S ++++ b/arch/arm/kernel/head.S +@@ -52,7 +52,9 @@ + .equ swapper_pg_dir, KERNEL_RAM_VADDR - PG_DIR_SIZE + + .macro pgtbl, rd, phys +- add \rd, \phys, #TEXT_OFFSET - PG_DIR_SIZE ++ mov \rd, #TEXT_OFFSET ++ sub \rd, #PG_DIR_SIZE ++ add \rd, \rd, \phys + .endm + + /* +@@ -416,7 +418,7 @@ __enable_mmu: + mov r5, #(domain_val(DOMAIN_USER, DOMAIN_MANAGER) | \ + domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \ + domain_val(DOMAIN_TABLE, DOMAIN_MANAGER) | \ +- domain_val(DOMAIN_IO, DOMAIN_CLIENT)) ++ domain_val(DOMAIN_IO, DOMAIN_KERNELCLIENT)) + mcr p15, 0, r5, c3, c0, 0 @ load domain access register + mcr p15, 0, r4, c2, c0, 0 @ load page table pointer + #endif +diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c +index 5ff2e77..556d030 100644 +--- a/arch/arm/kernel/hw_breakpoint.c ++++ b/arch/arm/kernel/hw_breakpoint.c +@@ -1011,7 +1011,7 @@ static int __cpuinit dbg_reset_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata dbg_reset_nb = { ++static struct notifier_block dbg_reset_nb = { + .notifier_call = dbg_reset_notify, + }; + +diff --git a/arch/arm/kernel/module.c b/arch/arm/kernel/module.c +index 1e9be5d..03edbc2 100644 +--- a/arch/arm/kernel/module.c ++++ b/arch/arm/kernel/module.c +@@ -37,12 +37,37 @@ + #endif + + #ifdef CONFIG_MMU +-void *module_alloc(unsigned long size) ++static inline void *__module_alloc(unsigned long size, pgprot_t prot) + { ++ if (!size || PAGE_ALIGN(size) > MODULES_END - MODULES_VADDR) ++ return NULL; + return __vmalloc_node_range(size, 1, MODULES_VADDR, MODULES_END, +- GFP_KERNEL, PAGE_KERNEL_EXEC, -1, ++ GFP_KERNEL, prot, -1, + __builtin_return_address(0)); + } ++ ++void *module_alloc(unsigned long size) ++{ ++ ++#ifdef CONFIG_PAX_KERNEXEC ++ return __module_alloc(size, PAGE_KERNEL); ++#else ++ return __module_alloc(size, PAGE_KERNEL_EXEC); ++#endif ++ ++} ++ ++#ifdef CONFIG_PAX_KERNEXEC ++void module_free_exec(struct module *mod, void *module_region) ++{ ++ module_free(mod, module_region); ++} ++ ++void *module_alloc_exec(unsigned long size) ++{ ++ return __module_alloc(size, PAGE_KERNEL_EXEC); ++} ++#endif + #endif + + int +diff --git a/arch/arm/kernel/patch.c b/arch/arm/kernel/patch.c +index 07314af..c46655c 100644 +--- a/arch/arm/kernel/patch.c ++++ b/arch/arm/kernel/patch.c +@@ -18,6 +18,7 @@ void __kprobes __patch_text(void *addr, unsigned int insn) + bool thumb2 = IS_ENABLED(CONFIG_THUMB2_KERNEL); + int size; + ++ pax_open_kernel(); + if (thumb2 && __opcode_is_thumb16(insn)) { + *(u16 *)addr = __opcode_to_mem_thumb16(insn); + size = sizeof(u16); +@@ -39,6 +40,7 @@ void __kprobes __patch_text(void *addr, unsigned int insn) + *(u32 *)addr = insn; + size = sizeof(u32); + } ++ pax_close_kernel(); + + flush_icache_range((uintptr_t)(addr), + (uintptr_t)(addr) + size); +diff --git a/arch/arm/kernel/perf_event_cpu.c b/arch/arm/kernel/perf_event_cpu.c +index 5f66206..dce492f 100644 +--- a/arch/arm/kernel/perf_event_cpu.c ++++ b/arch/arm/kernel/perf_event_cpu.c +@@ -171,7 +171,7 @@ static int __cpuinit cpu_pmu_notify(struct notifier_block *b, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata cpu_pmu_hotplug_notifier = { ++static struct notifier_block cpu_pmu_hotplug_notifier = { + .notifier_call = cpu_pmu_notify, + }; + diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c -index 693b744..e684262 100644 +index c6dec5f..f853532 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -28,7 +28,6 @@ @@ -1653,7 +2847,7 @@ index 693b744..e684262 100644 -#include <linux/random.h> #include <linux/hw_breakpoint.h> #include <linux/cpuidle.h> - + #include <linux/leds.h> @@ -256,9 +255,10 @@ void machine_power_off(void) machine_shutdown(); if (pm_power_off) @@ -1666,7 +2860,18 @@ index 693b744..e684262 100644 { machine_shutdown(); -@@ -501,12 +501,6 @@ unsigned long get_wchan(struct task_struct *p) +@@ -283,8 +283,8 @@ void __show_regs(struct pt_regs *regs) + init_utsname()->release, + (int)strcspn(init_utsname()->version, " "), + init_utsname()->version); +- print_symbol("PC is at %s\n", instruction_pointer(regs)); +- print_symbol("LR is at %s\n", regs->ARM_lr); ++ printk("PC is at %pA\n", instruction_pointer(regs)); ++ printk("LR is at %pA\n", regs->ARM_lr); + printk("pc : [<%08lx>] lr : [<%08lx>] psr: %08lx\n" + "sp : %08lx ip : %08lx fp : %08lx\n", + regs->ARM_pc, regs->ARM_lr, regs->ARM_cpsr, +@@ -452,12 +452,6 @@ unsigned long get_wchan(struct task_struct *p) return 0; } @@ -1680,36 +2885,47 @@ index 693b744..e684262 100644 /* * The vectors page is always readable from user space for the diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c -index 3e0fc5f..a42d2ec 100644 +index 03deeff..741ce88 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c -@@ -913,11 +913,20 @@ enum ptrace_syscall_dir { - PTRACE_SYSCALL_EXIT, - }; +@@ -937,10 +937,19 @@ static int tracehook_report_syscall(struct pt_regs *regs, + return current_thread_info()->syscall; + } +#ifdef CONFIG_GRKERNSEC_SETXID +extern void gr_delayed_cred_worker(void); +#endif + - static int ptrace_syscall_trace(struct pt_regs *regs, int scno, - enum ptrace_syscall_dir dir) + asmlinkage int syscall_trace_enter(struct pt_regs *regs, int scno) { - unsigned long ip; + current_thread_info()->syscall = scno; +#ifdef CONFIG_GRKERNSEC_SETXID + if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) + gr_delayed_cred_worker(); +#endif + - if (!test_thread_flag(TIF_SYSCALL_TRACE)) - return scno; - + /* Do the secure computing check first; failures should be fast. */ + if (secure_computing(scno) == -1) + return -1; diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c -index a81dcec..ac42f0f 100644 +index 3f6cbb2..6d856f5 100644 --- a/arch/arm/kernel/setup.c +++ b/arch/arm/kernel/setup.c -@@ -112,13 +112,13 @@ struct processor processor __read_mostly; - struct cpu_tlb_fns cpu_tlb __read_mostly; +@@ -97,21 +97,23 @@ EXPORT_SYMBOL(system_serial_high); + unsigned int elf_hwcap __read_mostly; + EXPORT_SYMBOL(elf_hwcap); + ++pteval_t __supported_pte_mask __read_only; ++pmdval_t __supported_pmd_mask __read_only; + + #ifdef MULTI_CPU +-struct processor processor __read_mostly; ++struct processor processor; + #endif + #ifdef MULTI_TLB +-struct cpu_tlb_fns cpu_tlb __read_mostly; ++struct cpu_tlb_fns cpu_tlb __read_only; #endif #ifdef MULTI_USER -struct cpu_user_fns cpu_user __read_mostly; @@ -1725,10 +2941,57 @@ index a81dcec..ac42f0f 100644 EXPORT_SYMBOL(outer_cache); #endif +@@ -236,9 +238,13 @@ static int __get_cpu_architecture(void) + asm("mrc p15, 0, %0, c0, c1, 4" + : "=r" (mmfr0)); + if ((mmfr0 & 0x0000000f) >= 0x00000003 || +- (mmfr0 & 0x000000f0) >= 0x00000030) ++ (mmfr0 & 0x000000f0) >= 0x00000030) { + cpu_arch = CPU_ARCH_ARMv7; +- else if ((mmfr0 & 0x0000000f) == 0x00000002 || ++ if ((mmfr0 & 0x0000000f) == 0x00000005 || (mmfr0 & 0x0000000f) == 0x00000004) { ++ __supported_pte_mask |= L_PTE_PXN; ++ __supported_pmd_mask |= PMD_PXNTABLE; ++ } ++ } else if ((mmfr0 & 0x0000000f) == 0x00000002 || + (mmfr0 & 0x000000f0) == 0x00000020) + cpu_arch = CPU_ARCH_ARMv6; + else +@@ -462,7 +468,7 @@ static void __init setup_processor(void) + __cpu_architecture = __get_cpu_architecture(); + + #ifdef MULTI_CPU +- processor = *list->proc; ++ memcpy((void *)&processor, list->proc, sizeof processor); + #endif + #ifdef MULTI_TLB + cpu_tlb = *list->tlb; +diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c +index 84f4cbf..672f5b8 100644 +--- a/arch/arm/kernel/smp.c ++++ b/arch/arm/kernel/smp.c +@@ -70,7 +70,7 @@ enum ipi_msg_type { + + static DECLARE_COMPLETION(cpu_running); + +-static struct smp_operations smp_ops; ++static struct smp_operations smp_ops __read_only; + + void __init smp_set_ops(struct smp_operations *ops) + { diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index b0179b8..b54c6c1 100644 +index b0179b8..b7b16c7 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c +@@ -57,7 +57,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long); + void dump_backtrace_entry(unsigned long where, unsigned long from, unsigned long frame) + { + #ifdef CONFIG_KALLSYMS +- printk("[<%08lx>] (%pS) from [<%08lx>] (%pS)\n", where, (void *)where, from, (void *)from); ++ printk("[<%08lx>] (%pA) from [<%08lx>] (%pA)\n", where, (void *)where, from, (void *)from); + #else + printk("Function entered at [<%08lx>] from [<%08lx>]\n", where, from); + #endif @@ -266,6 +266,8 @@ static arch_spinlock_t die_lock = __ARCH_SPIN_LOCK_UNLOCKED; static int die_owner = -1; static unsigned int die_nest_count; @@ -1748,6 +3011,109 @@ index b0179b8..b54c6c1 100644 if (signr) do_exit(signr); } +@@ -601,7 +606,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs) + * The user helper at 0xffff0fe0 must be used instead. + * (see entry-armv.S for details) + */ ++ pax_open_kernel(); + *((unsigned int *)0xffff0ff0) = regs->ARM_r0; ++ pax_close_kernel(); + } + return 0; + +@@ -849,5 +856,9 @@ void __init early_trap_init(void *vectors_base) + sigreturn_codes, sizeof(sigreturn_codes)); + + flush_icache_range(vectors, vectors + PAGE_SIZE); +- modify_domain(DOMAIN_USER, DOMAIN_CLIENT); ++ ++#ifndef CONFIG_PAX_MEMORY_UDEREF ++ modify_domain(DOMAIN_USER, DOMAIN_USERCLIENT); ++#endif ++ + } +diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S +index 11c1785..c67d54c 100644 +--- a/arch/arm/kernel/vmlinux.lds.S ++++ b/arch/arm/kernel/vmlinux.lds.S +@@ -8,7 +8,11 @@ + #include <asm/thread_info.h> + #include <asm/memory.h> + #include <asm/page.h> +- ++ ++#ifdef CONFIG_PAX_KERNEXEC ++#include <asm/pgtable.h> ++#endif ++ + #define PROC_INFO \ + . = ALIGN(4); \ + VMLINUX_SYMBOL(__proc_info_begin) = .; \ +@@ -90,6 +94,11 @@ SECTIONS + _text = .; + HEAD_TEXT + } ++ ++#ifdef CONFIG_PAX_KERNEXEC ++ . = ALIGN(1<<SECTION_SHIFT); ++#endif ++ + .text : { /* Real text segment */ + _stext = .; /* Text and read-only data */ + __exception_text_start = .; +@@ -144,6 +153,10 @@ SECTIONS + + _etext = .; /* End of text and rodata section */ + ++#ifdef CONFIG_PAX_KERNEXEC ++ . = ALIGN(1<<SECTION_SHIFT); ++#endif ++ + #ifndef CONFIG_XIP_KERNEL + . = ALIGN(PAGE_SIZE); + __init_begin = .; +@@ -203,6 +216,11 @@ SECTIONS + . = PAGE_OFFSET + TEXT_OFFSET; + #else + __init_end = .; ++ ++#ifdef CONFIG_PAX_KERNEXEC ++ . = ALIGN(1<<SECTION_SHIFT); ++#endif ++ + . = ALIGN(THREAD_SIZE); + __data_loc = .; + #endif +diff --git a/arch/arm/lib/clear_user.S b/arch/arm/lib/clear_user.S +index 14a0d98..7771a7d 100644 +--- a/arch/arm/lib/clear_user.S ++++ b/arch/arm/lib/clear_user.S +@@ -12,14 +12,14 @@ + + .text + +-/* Prototype: int __clear_user(void *addr, size_t sz) ++/* Prototype: int ___clear_user(void *addr, size_t sz) + * Purpose : clear some user memory + * Params : addr - user memory address to clear + * : sz - number of bytes to clear + * Returns : number of bytes NOT cleared + */ + ENTRY(__clear_user_std) +-WEAK(__clear_user) ++WEAK(___clear_user) + stmfd sp!, {r1, lr} + mov r2, #0 + cmp r1, #4 +@@ -44,7 +44,7 @@ WEAK(__clear_user) + USER( strnebt r2, [r0]) + mov r0, #0 + ldmfd sp!, {r1, pc} +-ENDPROC(__clear_user) ++ENDPROC(___clear_user) + ENDPROC(__clear_user_std) + + .pushsection .fixup,"ax" diff --git a/arch/arm/lib/copy_from_user.S b/arch/arm/lib/copy_from_user.S index 66a477a..bee61d3 100644 --- a/arch/arm/lib/copy_from_user.S @@ -1814,6 +3180,65 @@ index d066df6..df28194 100644 ENDPROC(__copy_to_user_std) .pushsection .fixup,"ax" +diff --git a/arch/arm/lib/csumpartialcopyuser.S b/arch/arm/lib/csumpartialcopyuser.S +index 7d08b43..f7ca7ea 100644 +--- a/arch/arm/lib/csumpartialcopyuser.S ++++ b/arch/arm/lib/csumpartialcopyuser.S +@@ -57,8 +57,8 @@ + * Returns : r0 = checksum, [[sp, #0], #0] = 0 or -EFAULT + */ + +-#define FN_ENTRY ENTRY(csum_partial_copy_from_user) +-#define FN_EXIT ENDPROC(csum_partial_copy_from_user) ++#define FN_ENTRY ENTRY(__csum_partial_copy_from_user) ++#define FN_EXIT ENDPROC(__csum_partial_copy_from_user) + + #include "csumpartialcopygeneric.S" + +diff --git a/arch/arm/lib/delay.c b/arch/arm/lib/delay.c +index 0dc5385..45833ef 100644 +--- a/arch/arm/lib/delay.c ++++ b/arch/arm/lib/delay.c +@@ -28,12 +28,14 @@ + /* + * Default to the loop-based delay implementation. + */ +-struct arm_delay_ops arm_delay_ops = { ++static struct arm_delay_ops arm_loop_delay_ops = { + .delay = __loop_delay, + .const_udelay = __loop_const_udelay, + .udelay = __loop_udelay, + }; + ++struct arm_delay_ops *arm_delay_ops __read_only = &arm_loop_delay_ops; ++ + static const struct delay_timer *delay_timer; + static bool delay_calibrated; + +@@ -67,6 +69,12 @@ static void __timer_udelay(unsigned long usecs) + __timer_const_udelay(usecs * UDELAY_MULT); + } + ++static struct arm_delay_ops arm_timer_delay_ops = { ++ .delay = __timer_delay, ++ .const_udelay = __timer_const_udelay, ++ .udelay = __timer_udelay, ++}; ++ + void __init register_current_timer_delay(const struct delay_timer *timer) + { + if (!delay_calibrated) { +@@ -74,9 +82,7 @@ void __init register_current_timer_delay(const struct delay_timer *timer) + delay_timer = timer; + lpj_fine = timer->freq / HZ; + loops_per_jiffy = lpj_fine; +- arm_delay_ops.delay = __timer_delay; +- arm_delay_ops.const_udelay = __timer_const_udelay; +- arm_delay_ops.udelay = __timer_udelay; ++ arm_delay_ops = &arm_timer_delay_ops; + delay_calibrated = true; + } else { + pr_info("Ignoring duplicate/late registration of read_current_timer delay\n"); diff --git a/arch/arm/lib/uaccess_with_memcpy.c b/arch/arm/lib/uaccess_with_memcpy.c index 025f742..8432b08 100644 --- a/arch/arm/lib/uaccess_with_memcpy.c @@ -1828,23 +3253,47 @@ index 025f742..8432b08 100644 /* * This test is stubbed out of the main function above to keep diff --git a/arch/arm/mach-kirkwood/common.c b/arch/arm/mach-kirkwood/common.c -index 1201191..eabbb2c 100644 +index bac21a5..b67ef8e 100644 --- a/arch/arm/mach-kirkwood/common.c +++ b/arch/arm/mach-kirkwood/common.c -@@ -160,7 +160,7 @@ static void clk_gate_fn_disable(struct clk_hw *hw) +@@ -150,7 +150,16 @@ static void clk_gate_fn_disable(struct clk_hw *hw) clk_gate_ops.disable(hw); } -static struct clk_ops clk_gate_fn_ops; -+static clk_ops_no_const clk_gate_fn_ops; ++static int clk_gate_fn_is_enabled(struct clk_hw *hw) ++{ ++ return clk_gate_ops.is_enabled(hw); ++} ++ ++static struct clk_ops clk_gate_fn_ops = { ++ .enable = clk_gate_fn_enable, ++ .disable = clk_gate_fn_disable, ++ .is_enabled = clk_gate_fn_is_enabled, ++}; static struct clk __init *clk_register_gate_fn(struct device *dev, const char *name, +@@ -184,14 +193,6 @@ static struct clk __init *clk_register_gate_fn(struct device *dev, + gate_fn->fn_en = fn_en; + gate_fn->fn_dis = fn_dis; + +- /* ops is the gate ops, but with our enable/disable functions */ +- if (clk_gate_fn_ops.enable != clk_gate_fn_enable || +- clk_gate_fn_ops.disable != clk_gate_fn_disable) { +- clk_gate_fn_ops = clk_gate_ops; +- clk_gate_fn_ops.enable = clk_gate_fn_enable; +- clk_gate_fn_ops.disable = clk_gate_fn_disable; +- } +- + clk = clk_register(dev, &gate_fn->gate.hw); + + if (IS_ERR(clk)) diff --git a/arch/arm/mach-omap2/board-n8x0.c b/arch/arm/mach-omap2/board-n8x0.c -index 677357f..8828dda 100644 +index 0abb30f..54064da 100644 --- a/arch/arm/mach-omap2/board-n8x0.c +++ b/arch/arm/mach-omap2/board-n8x0.c -@@ -593,7 +593,7 @@ static int n8x0_menelaus_late_init(struct device *dev) +@@ -631,7 +631,7 @@ static int n8x0_menelaus_late_init(struct device *dev) } #endif @@ -1853,14 +3302,27 @@ index 677357f..8828dda 100644 .late_init = n8x0_menelaus_late_init, }; +diff --git a/arch/arm/mach-omap2/omap-wakeupgen.c b/arch/arm/mach-omap2/omap-wakeupgen.c +index 5d3b4f4..ddba3c0 100644 +--- a/arch/arm/mach-omap2/omap-wakeupgen.c ++++ b/arch/arm/mach-omap2/omap-wakeupgen.c +@@ -340,7 +340,7 @@ static int __cpuinit irq_cpu_hotplug_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata irq_hotplug_notifier = { ++static struct notifier_block irq_hotplug_notifier = { + .notifier_call = irq_cpu_hotplug_notify, + }; + diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c -index 37afbd1..c22ad7c 100644 +index 4653efb..8c60bf7 100644 --- a/arch/arm/mach-omap2/omap_hwmod.c +++ b/arch/arm/mach-omap2/omap_hwmod.c -@@ -187,10 +187,10 @@ struct omap_hwmod_soc_ops { - int (*is_hardreset_asserted)(struct omap_hwmod *oh, - struct omap_hwmod_rst_info *ohri); +@@ -189,10 +189,10 @@ struct omap_hwmod_soc_ops { int (*init_clkdm)(struct omap_hwmod *oh); + void (*update_context_lost)(struct omap_hwmod *oh); + int (*get_context_lost)(struct omap_hwmod *oh); -}; +} __no_const; @@ -1870,11 +3332,103 @@ index 37afbd1..c22ad7c 100644 /* omap_hwmod_list contains all registered struct omap_hwmods */ static LIST_HEAD(omap_hwmod_list); +diff --git a/arch/arm/mach-omap2/wd_timer.c b/arch/arm/mach-omap2/wd_timer.c +index 7c2b4ed..b2ea51f 100644 +--- a/arch/arm/mach-omap2/wd_timer.c ++++ b/arch/arm/mach-omap2/wd_timer.c +@@ -110,7 +110,9 @@ static int __init omap_init_wdt(void) + struct omap_hwmod *oh; + char *oh_name = "wd_timer2"; + char *dev_name = "omap_wdt"; +- struct omap_wd_timer_platform_data pdata; ++ static struct omap_wd_timer_platform_data pdata = { ++ .read_reset_sources = prm_read_reset_sources ++ }; + + if (!cpu_class_is_omap2() || of_have_populated_dt()) + return 0; +@@ -121,8 +123,6 @@ static int __init omap_init_wdt(void) + return -EINVAL; + } + +- pdata.read_reset_sources = prm_read_reset_sources; +- + pdev = omap_device_build(dev_name, id, oh, &pdata, + sizeof(struct omap_wd_timer_platform_data), + NULL, 0, 0); +diff --git a/arch/arm/mach-ux500/include/mach/setup.h b/arch/arm/mach-ux500/include/mach/setup.h +index 6be4c4d..32ac32a 100644 +--- a/arch/arm/mach-ux500/include/mach/setup.h ++++ b/arch/arm/mach-ux500/include/mach/setup.h +@@ -38,13 +38,6 @@ extern struct sys_timer ux500_timer; + .type = MT_DEVICE, \ + } + +-#define __MEM_DEV_DESC(x, sz) { \ +- .virtual = IO_ADDRESS(x), \ +- .pfn = __phys_to_pfn(x), \ +- .length = sz, \ +- .type = MT_MEMORY, \ +-} +- + extern struct smp_operations ux500_smp_ops; + extern void ux500_cpu_die(unsigned int cpu); + +diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig +index 3fd629d..8b1aca9 100644 +--- a/arch/arm/mm/Kconfig ++++ b/arch/arm/mm/Kconfig +@@ -425,7 +425,7 @@ config CPU_32v5 + + config CPU_32v6 + bool +- select CPU_USE_DOMAINS if CPU_V6 && MMU ++ select CPU_USE_DOMAINS if CPU_V6 && MMU && !PAX_KERNEXEC + select TLS_REG_EMUL if !CPU_32v6K && !MMU + + config CPU_32v6K +@@ -577,6 +577,7 @@ config CPU_CP15_MPU + + config CPU_USE_DOMAINS + bool ++ depends on !ARM_LPAE && !PAX_KERNEXEC + help + This option enables or disables the use of domain switching + via the set_fs() function. diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c -index c3bd834..e81ef02 100644 +index 5dbf13f..6393f55 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c -@@ -174,6 +174,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr, +@@ -25,6 +25,7 @@ + #include <asm/system_misc.h> + #include <asm/system_info.h> + #include <asm/tlbflush.h> ++#include <asm/sections.h> + + #include "fault.h" + +@@ -138,6 +139,20 @@ __do_kernel_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr, + if (fixup_exception(regs)) + return; + ++#ifdef CONFIG_PAX_KERNEXEC ++ if ((fsr & FSR_WRITE) && ++ (((unsigned long)_stext <= addr && addr < init_mm.end_code) || ++ (MODULES_VADDR <= addr && addr < MODULES_END))) ++ { ++ if (current->signal->curr_ip) ++ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid())); ++ else ++ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid())); ++ } ++#endif ++ + /* + * No handler, we'll have to terminate things with extreme prejudice. + */ +@@ -174,6 +189,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr, } #endif @@ -1888,7 +3442,7 @@ index c3bd834..e81ef02 100644 tsk->thread.address = addr; tsk->thread.error_code = fsr; tsk->thread.trap_no = 14; -@@ -397,6 +404,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) +@@ -398,6 +420,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) } #endif /* CONFIG_MMU */ @@ -1922,12 +3476,49 @@ index c3bd834..e81ef02 100644 /* * First Level Translation Fault Handler * -@@ -574,6 +608,20 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) +@@ -543,9 +592,22 @@ do_DataAbort(unsigned long addr, unsigned int fsr, struct pt_regs *regs) + const struct fsr_info *inf = fsr_info + fsr_fs(fsr); + struct siginfo info; + ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ if (addr < TASK_SIZE && is_domain_fault(fsr)) { ++ if (current->signal->curr_ip) ++ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid()), addr); ++ else ++ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid()), addr); ++ goto die; ++ } ++#endif ++ + if (!inf->fn(addr, fsr & ~FSR_LNX_PF, regs)) + return; + ++die: + printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n", + inf->name, fsr, addr); + +@@ -575,9 +637,38 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr); struct siginfo info; ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ if (!user_mode(regs) && (is_domain_fault(ifsr) || is_xn_fault(ifsr))) { ++ if (current->signal->curr_ip) ++ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid()), ++ addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr); ++ else ++ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid()), ++ addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr); ++ goto die; ++ } ++#endif ++ +#ifdef CONFIG_PAX_REFCOUNT -+ if (fsr_fs(ifsr) == 2) { ++ if (fsr_fs(ifsr) == FAULT_CODE_DEBUG) { + unsigned int bkpt; + + if (!probe_kernel_address((unsigned int *)addr, bkpt) && bkpt == 0xe12f1073) { @@ -1943,11 +3534,129 @@ index c3bd834..e81ef02 100644 if (!inf->fn(addr, ifsr | FSR_LNX_PF, regs)) return; ++die: + printk(KERN_ALERT "Unhandled prefetch abort: %s (0x%03x) at 0x%08lx\n", + inf->name, ifsr, addr); + +diff --git a/arch/arm/mm/fault.h b/arch/arm/mm/fault.h +index cf08bdf..772656c 100644 +--- a/arch/arm/mm/fault.h ++++ b/arch/arm/mm/fault.h +@@ -3,6 +3,7 @@ + + /* + * Fault status register encodings. We steal bit 31 for our own purposes. ++ * Set when the FSR value is from an instruction fault. + */ + #define FSR_LNX_PF (1 << 31) + #define FSR_WRITE (1 << 11) +@@ -22,6 +23,17 @@ static inline int fsr_fs(unsigned int fsr) + } + #endif + ++/* valid for LPAE and !LPAE */ ++static inline int is_xn_fault(unsigned int fsr) ++{ ++ return ((fsr_fs(fsr) & 0x3c) == 0xc); ++} ++ ++static inline int is_domain_fault(unsigned int fsr) ++{ ++ return ((fsr_fs(fsr) & 0xD) == 0x9); ++} ++ + void do_bad_area(unsigned long addr, unsigned int fsr, struct pt_regs *regs); + unsigned long search_exception_table(unsigned long addr); + +diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c +index ad722f1..763fdd3 100644 +--- a/arch/arm/mm/init.c ++++ b/arch/arm/mm/init.c +@@ -30,6 +30,8 @@ + #include <asm/setup.h> + #include <asm/tlb.h> + #include <asm/fixmap.h> ++#include <asm/system_info.h> ++#include <asm/cp15.h> + + #include <asm/mach/arch.h> + #include <asm/mach/map.h> +@@ -736,7 +738,46 @@ void free_initmem(void) + { + #ifdef CONFIG_HAVE_TCM + extern char __tcm_start, __tcm_end; ++#endif + ++#ifdef CONFIG_PAX_KERNEXEC ++ unsigned long addr; ++ pgd_t *pgd; ++ pud_t *pud; ++ pmd_t *pmd; ++ int cpu_arch = cpu_architecture(); ++ unsigned int cr = get_cr(); ++ ++ if (cpu_arch >= CPU_ARCH_ARMv6 && (cr & CR_XP)) { ++ /* make pages tables, etc before .text NX */ ++ for (addr = PAGE_OFFSET; addr < (unsigned long)_stext; addr += SECTION_SIZE) { ++ pgd = pgd_offset_k(addr); ++ pud = pud_offset(pgd, addr); ++ pmd = pmd_offset(pud, addr); ++ __section_update(pmd, addr, PMD_SECT_XN); ++ } ++ /* make init NX */ ++ for (addr = (unsigned long)__init_begin; addr < (unsigned long)_sdata; addr += SECTION_SIZE) { ++ pgd = pgd_offset_k(addr); ++ pud = pud_offset(pgd, addr); ++ pmd = pmd_offset(pud, addr); ++ __section_update(pmd, addr, PMD_SECT_XN); ++ } ++ /* make kernel code/rodata RX */ ++ for (addr = (unsigned long)_stext; addr < (unsigned long)__init_begin; addr += SECTION_SIZE) { ++ pgd = pgd_offset_k(addr); ++ pud = pud_offset(pgd, addr); ++ pmd = pmd_offset(pud, addr); ++#ifdef CONFIG_ARM_LPAE ++ __section_update(pmd, addr, PMD_SECT_RDONLY); ++#else ++ __section_update(pmd, addr, PMD_SECT_APX|PMD_SECT_AP_WRITE); ++#endif ++ } ++ } ++#endif ++ ++#ifdef CONFIG_HAVE_TCM + poison_init_mem(&__tcm_start, &__tcm_end - &__tcm_start); + totalram_pages += free_area(__phys_to_pfn(__pa(&__tcm_start)), + __phys_to_pfn(__pa(&__tcm_end)), +diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c +index 88fd86c..7a224ce 100644 +--- a/arch/arm/mm/ioremap.c ++++ b/arch/arm/mm/ioremap.c +@@ -335,9 +335,9 @@ __arm_ioremap_exec(unsigned long phys_addr, size_t size, bool cached) + unsigned int mtype; + + if (cached) +- mtype = MT_MEMORY; ++ mtype = MT_MEMORY_RX; + else +- mtype = MT_MEMORY_NONCACHED; ++ mtype = MT_MEMORY_NONCACHED_RX; + + return __arm_ioremap_caller(phys_addr, size, mtype, + __builtin_return_address(0)); diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c -index ce8cb19..3ec539d 100644 +index 10062ce..aa96dd7 100644 --- a/arch/arm/mm/mmap.c +++ b/arch/arm/mm/mmap.c -@@ -93,6 +93,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -59,6 +59,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, + struct vm_area_struct *vma; + int do_align = 0; + int aliasing = cache_is_vipt_aliasing(); ++ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; + + /* +@@ -81,6 +82,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (len > TASK_SIZE) return -ENOMEM; @@ -1958,45 +3667,70 @@ index ce8cb19..3ec539d 100644 if (addr) { if (do_align) addr = COLOUR_ALIGN(addr, pgoff); -@@ -100,15 +104,14 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -88,8 +93,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vma->vm_start)) -+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len)) ++ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) return addr; } - if (len > mm->cached_hole_size) { -- start_addr = addr = mm->free_area_cache; -+ start_addr = addr = mm->free_area_cache; - } else { -- start_addr = addr = mm->mmap_base; -- mm->cached_hole_size = 0; -+ start_addr = addr = mm->mmap_base; -+ mm->cached_hole_size = 0; + +@@ -112,6 +116,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + unsigned long addr = addr0; + int do_align = 0; + int aliasing = cache_is_vipt_aliasing(); ++ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; + + /* +@@ -132,6 +137,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + return addr; } - full_search: -@@ -124,14 +127,14 @@ full_search: - * Start a new search - just in case we missed - * some holes. - */ -- if (start_addr != TASK_UNMAPPED_BASE) { -- start_addr = addr = TASK_UNMAPPED_BASE; -+ if (start_addr != mm->mmap_base) { -+ start_addr = addr = mm->mmap_base; - mm->cached_hole_size = 0; - goto full_search; - } - return -ENOMEM; - } -- if (!vma || addr + len <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr, len)) { - /* - * Remember the place where we stopped the search: - */ -@@ -266,10 +269,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ + /* requesting a specific address */ + if (addr) { + if (do_align) +@@ -139,8 +148,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + else + addr = PAGE_ALIGN(addr); + vma = find_vma(mm, addr); +- if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) + return addr; + } + +@@ -162,6 +170,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = mm->mmap_base; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = TASK_SIZE; + addr = vm_unmapped_area(&info); + } +@@ -173,6 +187,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) + { + unsigned long random_factor = 0UL; + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ + /* 8 bits of randomness in 20 address space bits */ + if ((current->flags & PF_RANDOMIZE) && + !(current->personality & ADDR_NO_RANDOMIZE)) +@@ -180,10 +198,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; @@ -2019,11 +3753,376 @@ index ce8cb19..3ec539d 100644 mm->get_unmapped_area = arch_get_unmapped_area_topdown; mm->unmap_area = arch_unmap_area_topdown; } +diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c +index ce328c7..f82bebb 100644 +--- a/arch/arm/mm/mmu.c ++++ b/arch/arm/mm/mmu.c +@@ -35,6 +35,23 @@ + + #include "mm.h" + ++ ++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++void modify_domain(unsigned int dom, unsigned int type) ++{ ++ struct thread_info *thread = current_thread_info(); ++ unsigned int domain = thread->cpu_domain; ++ /* ++ * DOMAIN_MANAGER might be defined to some other value, ++ * use the arch-defined constant ++ */ ++ domain &= ~domain_val(dom, 3); ++ thread->cpu_domain = domain | domain_val(dom, type); ++ set_domain(thread->cpu_domain); ++} ++EXPORT_SYMBOL(modify_domain); ++#endif ++ + /* + * empty_zero_page is a special page that is used for + * zero-initialized data and COW. +@@ -195,10 +212,18 @@ void adjust_cr(unsigned long mask, unsigned long set) + } + #endif + +-#define PROT_PTE_DEVICE L_PTE_PRESENT|L_PTE_YOUNG|L_PTE_DIRTY|L_PTE_XN ++#define PROT_PTE_DEVICE L_PTE_PRESENT|L_PTE_YOUNG|L_PTE_DIRTY + #define PROT_SECT_DEVICE PMD_TYPE_SECT|PMD_SECT_AP_WRITE + +-static struct mem_type mem_types[] = { ++#ifdef CONFIG_PAX_KERNEXEC ++#define L_PTE_KERNEXEC L_PTE_RDONLY ++#define PMD_SECT_KERNEXEC PMD_SECT_RDONLY ++#else ++#define L_PTE_KERNEXEC L_PTE_DIRTY ++#define PMD_SECT_KERNEXEC PMD_SECT_AP_WRITE ++#endif ++ ++static struct mem_type mem_types[] __read_only = { + [MT_DEVICE] = { /* Strongly ordered / ARMv6 shared device */ + .prot_pte = PROT_PTE_DEVICE | L_PTE_MT_DEV_SHARED | + L_PTE_SHARED, +@@ -227,16 +252,16 @@ static struct mem_type mem_types[] = { + [MT_UNCACHED] = { + .prot_pte = PROT_PTE_DEVICE, + .prot_l1 = PMD_TYPE_TABLE, +- .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN, ++ .prot_sect = PROT_SECT_DEVICE, + .domain = DOMAIN_IO, + }, + [MT_CACHECLEAN] = { +- .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_RDONLY, + .domain = DOMAIN_KERNEL, + }, + #ifndef CONFIG_ARM_LPAE + [MT_MINICLEAN] = { +- .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN | PMD_SECT_MINICACHE, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_MINICACHE | PMD_SECT_RDONLY, + .domain = DOMAIN_KERNEL, + }, + #endif +@@ -244,36 +269,54 @@ static struct mem_type mem_types[] = { + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | + L_PTE_RDONLY, + .prot_l1 = PMD_TYPE_TABLE, +- .domain = DOMAIN_USER, ++ .domain = DOMAIN_VECTORS, + }, + [MT_HIGH_VECTORS] = { + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | + L_PTE_USER | L_PTE_RDONLY, + .prot_l1 = PMD_TYPE_TABLE, +- .domain = DOMAIN_USER, ++ .domain = DOMAIN_VECTORS, + }, +- [MT_MEMORY] = { ++ [MT_MEMORY_RWX] = { + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY, + .prot_l1 = PMD_TYPE_TABLE, + .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE, + .domain = DOMAIN_KERNEL, + }, ++ [MT_MEMORY_RW] = { ++ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY, ++ .prot_l1 = PMD_TYPE_TABLE, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE, ++ .domain = DOMAIN_KERNEL, ++ }, ++ [MT_MEMORY_RX] = { ++ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_KERNEXEC, ++ .prot_l1 = PMD_TYPE_TABLE, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_KERNEXEC, ++ .domain = DOMAIN_KERNEL, ++ }, + [MT_ROM] = { +- .prot_sect = PMD_TYPE_SECT, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_RDONLY, + .domain = DOMAIN_KERNEL, + }, +- [MT_MEMORY_NONCACHED] = { ++ [MT_MEMORY_NONCACHED_RW] = { + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | + L_PTE_MT_BUFFERABLE, + .prot_l1 = PMD_TYPE_TABLE, + .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE, + .domain = DOMAIN_KERNEL, + }, ++ [MT_MEMORY_NONCACHED_RX] = { ++ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_KERNEXEC | ++ L_PTE_MT_BUFFERABLE, ++ .prot_l1 = PMD_TYPE_TABLE, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_KERNEXEC, ++ .domain = DOMAIN_KERNEL, ++ }, + [MT_MEMORY_DTCM] = { +- .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | +- L_PTE_XN, ++ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY, + .prot_l1 = PMD_TYPE_TABLE, +- .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_RDONLY, + .domain = DOMAIN_KERNEL, + }, + [MT_MEMORY_ITCM] = { +@@ -283,10 +326,10 @@ static struct mem_type mem_types[] = { + }, + [MT_MEMORY_SO] = { + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | +- L_PTE_MT_UNCACHED | L_PTE_XN, ++ L_PTE_MT_UNCACHED, + .prot_l1 = PMD_TYPE_TABLE, + .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE | PMD_SECT_S | +- PMD_SECT_UNCACHED | PMD_SECT_XN, ++ PMD_SECT_UNCACHED, + .domain = DOMAIN_KERNEL, + }, + [MT_MEMORY_DMA_READY] = { +@@ -371,9 +414,35 @@ static void __init build_mem_type_table(void) + * to prevent speculative instruction fetches. + */ + mem_types[MT_DEVICE].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_DEVICE].prot_pte |= L_PTE_XN; + mem_types[MT_DEVICE_NONSHARED].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_DEVICE_NONSHARED].prot_pte |= L_PTE_XN; + mem_types[MT_DEVICE_CACHED].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_DEVICE_CACHED].prot_pte |= L_PTE_XN; + mem_types[MT_DEVICE_WC].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_DEVICE_WC].prot_pte |= L_PTE_XN; ++ ++ /* Mark other regions on ARMv6+ as execute-never */ ++ ++#ifdef CONFIG_PAX_KERNEXEC ++ mem_types[MT_UNCACHED].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_UNCACHED].prot_pte |= L_PTE_XN; ++ mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_CACHECLEAN].prot_pte |= L_PTE_XN; ++#ifndef CONFIG_ARM_LPAE ++ mem_types[MT_MINICLEAN].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_MINICLEAN].prot_pte |= L_PTE_XN; ++#endif ++ mem_types[MT_MEMORY_RW].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_MEMORY_RW].prot_pte |= L_PTE_XN; ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_pte |= PMD_SECT_XN; ++ mem_types[MT_MEMORY_DTCM].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_MEMORY_DTCM].prot_pte |= L_PTE_XN; ++#endif ++ ++ mem_types[MT_MEMORY_SO].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_MEMORY_SO].prot_pte |= L_PTE_XN; + } + if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) { + /* +@@ -432,6 +501,9 @@ static void __init build_mem_type_table(void) + * from SVC mode and no access from userspace. + */ + mem_types[MT_ROM].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; ++#ifdef CONFIG_PAX_KERNEXEC ++ mem_types[MT_MEMORY_RX].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; ++#endif + mem_types[MT_MINICLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; + mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; + #endif +@@ -448,11 +520,17 @@ static void __init build_mem_type_table(void) + mem_types[MT_DEVICE_WC].prot_pte |= L_PTE_SHARED; + mem_types[MT_DEVICE_CACHED].prot_sect |= PMD_SECT_S; + mem_types[MT_DEVICE_CACHED].prot_pte |= L_PTE_SHARED; +- mem_types[MT_MEMORY].prot_sect |= PMD_SECT_S; +- mem_types[MT_MEMORY].prot_pte |= L_PTE_SHARED; ++ mem_types[MT_MEMORY_RWX].prot_sect |= PMD_SECT_S; ++ mem_types[MT_MEMORY_RWX].prot_pte |= L_PTE_SHARED; ++ mem_types[MT_MEMORY_RW].prot_sect |= PMD_SECT_S; ++ mem_types[MT_MEMORY_RW].prot_pte |= L_PTE_SHARED; ++ mem_types[MT_MEMORY_RX].prot_sect |= PMD_SECT_S; ++ mem_types[MT_MEMORY_RX].prot_pte |= L_PTE_SHARED; + mem_types[MT_MEMORY_DMA_READY].prot_pte |= L_PTE_SHARED; +- mem_types[MT_MEMORY_NONCACHED].prot_sect |= PMD_SECT_S; +- mem_types[MT_MEMORY_NONCACHED].prot_pte |= L_PTE_SHARED; ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= PMD_SECT_S; ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_pte |= L_PTE_SHARED; ++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |= PMD_SECT_S; ++ mem_types[MT_MEMORY_NONCACHED_RX].prot_pte |= L_PTE_SHARED; + } + } + +@@ -463,15 +541,20 @@ static void __init build_mem_type_table(void) + if (cpu_arch >= CPU_ARCH_ARMv6) { + if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) { + /* Non-cacheable Normal is XCB = 001 */ +- mem_types[MT_MEMORY_NONCACHED].prot_sect |= ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= ++ PMD_SECT_BUFFERED; ++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |= + PMD_SECT_BUFFERED; + } else { + /* For both ARMv6 and non-TEX-remapping ARMv7 */ +- mem_types[MT_MEMORY_NONCACHED].prot_sect |= ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= ++ PMD_SECT_TEX(1); ++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |= + PMD_SECT_TEX(1); + } + } else { +- mem_types[MT_MEMORY_NONCACHED].prot_sect |= PMD_SECT_BUFFERABLE; ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= PMD_SECT_BUFFERABLE; ++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |= PMD_SECT_BUFFERABLE; + } + + #ifdef CONFIG_ARM_LPAE +@@ -487,6 +570,8 @@ static void __init build_mem_type_table(void) + vecs_pgprot |= PTE_EXT_AF; + #endif + ++ user_pgprot |= __supported_pte_mask; ++ + for (i = 0; i < 16; i++) { + pteval_t v = pgprot_val(protection_map[i]); + protection_map[i] = __pgprot(v | user_pgprot); +@@ -501,10 +586,15 @@ static void __init build_mem_type_table(void) + + mem_types[MT_LOW_VECTORS].prot_l1 |= ecc_mask; + mem_types[MT_HIGH_VECTORS].prot_l1 |= ecc_mask; +- mem_types[MT_MEMORY].prot_sect |= ecc_mask | cp->pmd; +- mem_types[MT_MEMORY].prot_pte |= kern_pgprot; ++ mem_types[MT_MEMORY_RWX].prot_sect |= ecc_mask | cp->pmd; ++ mem_types[MT_MEMORY_RWX].prot_pte |= kern_pgprot; ++ mem_types[MT_MEMORY_RW].prot_sect |= ecc_mask | cp->pmd; ++ mem_types[MT_MEMORY_RW].prot_pte |= kern_pgprot; ++ mem_types[MT_MEMORY_RX].prot_sect |= ecc_mask | cp->pmd; ++ mem_types[MT_MEMORY_RX].prot_pte |= kern_pgprot; + mem_types[MT_MEMORY_DMA_READY].prot_pte |= kern_pgprot; +- mem_types[MT_MEMORY_NONCACHED].prot_sect |= ecc_mask; ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= ecc_mask; ++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |= ecc_mask; + mem_types[MT_ROM].prot_sect |= cp->pmd; + + switch (cp->pmd) { +@@ -1105,18 +1195,15 @@ void __init arm_mm_memblock_reserve(void) + * called function. This means you can't use any function or debugging + * method which may touch any device, otherwise the kernel _will_ crash. + */ ++ ++static char vectors[PAGE_SIZE] __read_only __aligned(PAGE_SIZE); ++ + static void __init devicemaps_init(struct machine_desc *mdesc) + { + struct map_desc map; + unsigned long addr; +- void *vectors; + +- /* +- * Allocate the vector page early. +- */ +- vectors = early_alloc(PAGE_SIZE); +- +- early_trap_init(vectors); ++ early_trap_init(&vectors); + + for (addr = VMALLOC_START; addr; addr += PMD_SIZE) + pmd_clear(pmd_off_k(addr)); +@@ -1156,7 +1243,7 @@ static void __init devicemaps_init(struct machine_desc *mdesc) + * location (0xffff0000). If we aren't using high-vectors, also + * create a mapping at the low-vectors virtual address. + */ +- map.pfn = __phys_to_pfn(virt_to_phys(vectors)); ++ map.pfn = __phys_to_pfn(virt_to_phys(&vectors)); + map.virtual = 0xffff0000; + map.length = PAGE_SIZE; + map.type = MT_HIGH_VECTORS; +@@ -1214,8 +1301,39 @@ static void __init map_lowmem(void) + map.pfn = __phys_to_pfn(start); + map.virtual = __phys_to_virt(start); + map.length = end - start; +- map.type = MT_MEMORY; + ++#ifdef CONFIG_PAX_KERNEXEC ++ if (map.virtual <= (unsigned long)_stext && ((unsigned long)_end < (map.virtual + map.length))) { ++ struct map_desc kernel; ++ struct map_desc initmap; ++ ++ /* when freeing initmem we will make this RW */ ++ initmap.pfn = __phys_to_pfn(__pa(__init_begin)); ++ initmap.virtual = (unsigned long)__init_begin; ++ initmap.length = _sdata - __init_begin; ++ initmap.type = MT_MEMORY_RWX; ++ create_mapping(&initmap); ++ ++ /* when freeing initmem we will make this RX */ ++ kernel.pfn = __phys_to_pfn(__pa(_stext)); ++ kernel.virtual = (unsigned long)_stext; ++ kernel.length = __init_begin - _stext; ++ kernel.type = MT_MEMORY_RWX; ++ create_mapping(&kernel); ++ ++ if (map.virtual < (unsigned long)_stext) { ++ map.length = (unsigned long)_stext - map.virtual; ++ map.type = MT_MEMORY_RWX; ++ create_mapping(&map); ++ } ++ ++ map.pfn = __phys_to_pfn(__pa(_sdata)); ++ map.virtual = (unsigned long)_sdata; ++ map.length = end - __pa(_sdata); ++ } ++#endif ++ ++ map.type = MT_MEMORY_RW; + create_mapping(&map); + } + } +diff --git a/arch/arm/mm/proc-v7-2level.S b/arch/arm/mm/proc-v7-2level.S +index 6d98c13..3cfb174 100644 +--- a/arch/arm/mm/proc-v7-2level.S ++++ b/arch/arm/mm/proc-v7-2level.S +@@ -99,6 +99,9 @@ ENTRY(cpu_v7_set_pte_ext) + tst r1, #L_PTE_XN + orrne r3, r3, #PTE_EXT_XN + ++ tst r1, #L_PTE_PXN ++ orrne r3, r3, #PTE_EXT_PXN ++ + tst r1, #L_PTE_YOUNG + tstne r1, #L_PTE_VALID + #ifndef CONFIG_CPU_USE_DOMAINS +diff --git a/arch/arm/plat-omap/sram.c b/arch/arm/plat-omap/sram.c +index a5bc92d..0bb4730 100644 +--- a/arch/arm/plat-omap/sram.c ++++ b/arch/arm/plat-omap/sram.c +@@ -93,6 +93,8 @@ void __init omap_map_sram(unsigned long start, unsigned long size, + * Looks like we need to preserve some bootloader code at the + * beginning of SRAM for jumping to flash for reboot to work... + */ ++ pax_open_kernel(); + memset_io(omap_sram_base + omap_sram_skip, 0, + omap_sram_size - omap_sram_skip); ++ pax_close_kernel(); + } diff --git a/arch/arm/plat-orion/include/plat/addr-map.h b/arch/arm/plat-orion/include/plat/addr-map.h -index fd556f7..af2e7d2 100644 +index b76c065..b6e766b 100644 --- a/arch/arm/plat-orion/include/plat/addr-map.h +++ b/arch/arm/plat-orion/include/plat/addr-map.h -@@ -26,7 +26,7 @@ struct orion_addr_map_cfg { +@@ -27,7 +27,7 @@ struct orion_addr_map_cfg { value in bridge_virt_base */ void __iomem *(*win_cfg_base) (const struct orion_addr_map_cfg *cfg, const int win); @@ -2045,18 +4144,31 @@ index f5144cd..71f6d1f 100644 extern void *samsung_dmadev_get_ops(void); extern void *s3c_dma_get_ops(void); -diff --git a/arch/arm/plat-samsung/include/plat/ehci.h b/arch/arm/plat-samsung/include/plat/ehci.h -index 5f28cae..3d23723 100644 ---- a/arch/arm/plat-samsung/include/plat/ehci.h -+++ b/arch/arm/plat-samsung/include/plat/ehci.h -@@ -14,7 +14,7 @@ - struct s5p_ehci_platdata { - int (*phy_init)(struct platform_device *pdev, int type); - int (*phy_exit)(struct platform_device *pdev, int type); --}; -+} __no_const; +diff --git a/arch/arm64/kernel/debug-monitors.c b/arch/arm64/kernel/debug-monitors.c +index 0c3ba9f..95722b3 100644 +--- a/arch/arm64/kernel/debug-monitors.c ++++ b/arch/arm64/kernel/debug-monitors.c +@@ -151,7 +151,7 @@ static int __cpuinit os_lock_notify(struct notifier_block *self, + return NOTIFY_OK; + } - extern void s5p_ehci_set_platdata(struct s5p_ehci_platdata *pd); +-static struct notifier_block __cpuinitdata os_lock_nb = { ++static struct notifier_block os_lock_nb = { + .notifier_call = os_lock_notify, + }; + +diff --git a/arch/arm64/kernel/hw_breakpoint.c b/arch/arm64/kernel/hw_breakpoint.c +index 5ab825c..96aaec8 100644 +--- a/arch/arm64/kernel/hw_breakpoint.c ++++ b/arch/arm64/kernel/hw_breakpoint.c +@@ -831,7 +831,7 @@ static int __cpuinit hw_breakpoint_reset_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata hw_breakpoint_reset_nb = { ++static struct notifier_block hw_breakpoint_reset_nb = { + .notifier_call = hw_breakpoint_reset_notify, + }; diff --git a/arch/avr32/include/asm/cache.h b/arch/avr32/include/asm/cache.h index c3a58a1..78fbf54 100644 @@ -2075,7 +4187,7 @@ index c3a58a1..78fbf54 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/avr32/include/asm/elf.h b/arch/avr32/include/asm/elf.h -index 3b3159b..425ea94 100644 +index e2c3287..6c4f98c 100644 --- a/arch/avr32/include/asm/elf.h +++ b/arch/avr32/include/asm/elf.h @@ -84,8 +84,14 @@ typedef struct user_fpu_struct elf_fpregset_t; @@ -2111,7 +4223,7 @@ index 479330b..53717a8 100644 #endif /* __ASM_AVR32_KMAP_TYPES_H */ diff --git a/arch/avr32/mm/fault.c b/arch/avr32/mm/fault.c -index b92e609..b69c101 100644 +index b2f2d2d..d1c85cb 100644 --- a/arch/avr32/mm/fault.c +++ b/arch/avr32/mm/fault.c @@ -41,6 +41,23 @@ static inline int notify_page_fault(struct pt_regs *regs, int trap) @@ -2138,7 +4250,7 @@ index b92e609..b69c101 100644 /* * This routine handles page faults. It determines the address and the * problem, and then passes it off to one of the appropriate routines. -@@ -173,6 +190,16 @@ bad_area: +@@ -174,6 +191,16 @@ bad_area: up_read(&mm->mmap_sem); if (user_mode(regs)) { @@ -2260,55 +4372,47 @@ index 43901f2..0d8b865 100644 #endif diff --git a/arch/frv/mm/elf-fdpic.c b/arch/frv/mm/elf-fdpic.c -index 385fd30..6c3d97e 100644 +index 385fd30..3aaf4fe 100644 --- a/arch/frv/mm/elf-fdpic.c +++ b/arch/frv/mm/elf-fdpic.c -@@ -73,8 +73,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi +@@ -61,6 +61,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi + { + struct vm_area_struct *vma; + unsigned long limit; ++ unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags); + + if (len > TASK_SIZE) + return -ENOMEM; +@@ -73,8 +74,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi if (addr) { addr = PAGE_ALIGN(addr); vma = find_vma(current->mm, addr); - if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vma->vm_start)) -+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len)) ++ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) goto success; } -@@ -89,7 +88,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi +@@ -89,7 +89,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi for (; vma; vma = vma->vm_next) { if (addr > limit) break; - if (addr + len <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr, len)) ++ if (check_heap_stack_gap(vma, addr, len, offset)) goto success; addr = vma->vm_end; } -@@ -104,7 +103,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi +@@ -104,7 +104,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi for (; vma; vma = vma->vm_next) { if (addr > limit) break; - if (addr + len <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr, len)) ++ if (check_heap_stack_gap(vma, addr, len, offset)) goto success; addr = vma->vm_end; } -diff --git a/arch/h8300/include/asm/cache.h b/arch/h8300/include/asm/cache.h -index c635028..6d9445a 100644 ---- a/arch/h8300/include/asm/cache.h -+++ b/arch/h8300/include/asm/cache.h -@@ -1,8 +1,10 @@ - #ifndef __ARCH_H8300_CACHE_H - #define __ARCH_H8300_CACHE_H - -+#include <linux/const.h> -+ - /* bytes per L1 cache line */ --#define L1_CACHE_BYTES 4 -+#define L1_CACHE_BYTES _AC(4,UL) - - /* m68k-elf-gcc 2.95.2 doesn't like these */ - diff --git a/arch/hexagon/include/asm/cache.h b/arch/hexagon/include/asm/cache.h -index 0f01de2..d37d309 100644 +index f4ca594..adc72fd6 100644 --- a/arch/hexagon/include/asm/cache.h +++ b/arch/hexagon/include/asm/cache.h @@ -21,9 +21,11 @@ @@ -2460,27 +4564,102 @@ index 54ff557..70c88b7 100644 static __always_inline void __ticket_spin_unlock_wait(arch_spinlock_t *lock) diff --git a/arch/ia64/include/asm/uaccess.h b/arch/ia64/include/asm/uaccess.h -index 449c8c0..432a3d2 100644 +index 449c8c0..50cdf87 100644 --- a/arch/ia64/include/asm/uaccess.h +++ b/arch/ia64/include/asm/uaccess.h -@@ -257,7 +257,7 @@ __copy_from_user (void *to, const void __user *from, unsigned long count) +@@ -42,6 +42,8 @@ + #include <asm/pgtable.h> + #include <asm/io.h> + ++extern void check_object_size(const void *ptr, unsigned long n, bool to); ++ + /* + * For historical reasons, the following macros are grossly misnamed: + */ +@@ -240,12 +242,24 @@ extern unsigned long __must_check __copy_user (void __user *to, const void __use + static inline unsigned long + __copy_to_user (void __user *to, const void *from, unsigned long count) + { ++ if (count > INT_MAX) ++ return count; ++ ++ if (!__builtin_constant_p(count)) ++ check_object_size(from, count, true); ++ + return __copy_user(to, (__force void __user *) from, count); + } + + static inline unsigned long + __copy_from_user (void *to, const void __user *from, unsigned long count) + { ++ if (count > INT_MAX) ++ return count; ++ ++ if (!__builtin_constant_p(count)) ++ check_object_size(to, count, false); ++ + return __copy_user((__force void __user *) to, from, count); + } + +@@ -255,10 +269,13 @@ __copy_from_user (void *to, const void __user *from, unsigned long count) + ({ \ + void __user *__cu_to = (to); \ const void *__cu_from = (from); \ - long __cu_len = (n); \ +- long __cu_len = (n); \ ++ unsigned long __cu_len = (n); \ \ - if (__access_ok(__cu_to, __cu_len, get_fs())) \ -+ if (__cu_len > 0 && __cu_len <= INT_MAX && __access_ok(__cu_to, __cu_len, get_fs())) \ ++ if (__cu_len <= INT_MAX && __access_ok(__cu_to, __cu_len, get_fs())) { \ ++ if (!__builtin_constant_p(n)) \ ++ check_object_size(__cu_from, __cu_len, true); \ __cu_len = __copy_user(__cu_to, (__force void __user *) __cu_from, __cu_len); \ ++ } \ __cu_len; \ }) -@@ -269,7 +269,7 @@ __copy_from_user (void *to, const void __user *from, unsigned long count) - long __cu_len = (n); \ + +@@ -266,11 +283,14 @@ __copy_from_user (void *to, const void __user *from, unsigned long count) + ({ \ + void *__cu_to = (to); \ + const void __user *__cu_from = (from); \ +- long __cu_len = (n); \ ++ unsigned long __cu_len = (n); \ \ __chk_user_ptr(__cu_from); \ - if (__access_ok(__cu_from, __cu_len, get_fs())) \ -+ if (__cu_len > 0 && __cu_len <= INT_MAX && __access_ok(__cu_from, __cu_len, get_fs())) \ ++ if (__cu_len <= INT_MAX && __access_ok(__cu_from, __cu_len, get_fs())) { \ ++ if (!__builtin_constant_p(n)) \ ++ check_object_size(__cu_to, __cu_len, false); \ __cu_len = __copy_user((__force void __user *) __cu_to, __cu_from, __cu_len); \ ++ } \ __cu_len; \ }) + +diff --git a/arch/ia64/kernel/err_inject.c b/arch/ia64/kernel/err_inject.c +index 2d67317..07d8bfa 100644 +--- a/arch/ia64/kernel/err_inject.c ++++ b/arch/ia64/kernel/err_inject.c +@@ -256,7 +256,7 @@ static int __cpuinit err_inject_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata err_inject_cpu_notifier = ++static struct notifier_block err_inject_cpu_notifier = + { + .notifier_call = err_inject_cpu_callback, + }; +diff --git a/arch/ia64/kernel/mca.c b/arch/ia64/kernel/mca.c +index 65bf9cd..794f06b 100644 +--- a/arch/ia64/kernel/mca.c ++++ b/arch/ia64/kernel/mca.c +@@ -1922,7 +1922,7 @@ static int __cpuinit mca_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block mca_cpu_notifier __cpuinitdata = { ++static struct notifier_block mca_cpu_notifier = { + .notifier_call = mca_cpu_callback + }; + diff --git a/arch/ia64/kernel/module.c b/arch/ia64/kernel/module.c index 24603be..948052d 100644 --- a/arch/ia64/kernel/module.c @@ -2573,11 +4752,45 @@ index 24603be..948052d 100644 mod->arch.gp = gp; DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp); } +diff --git a/arch/ia64/kernel/palinfo.c b/arch/ia64/kernel/palinfo.c +index 77597e5..6f28f3f 100644 +--- a/arch/ia64/kernel/palinfo.c ++++ b/arch/ia64/kernel/palinfo.c +@@ -1045,7 +1045,7 @@ static int __cpuinit palinfo_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata palinfo_cpu_notifier = ++static struct notifier_block palinfo_cpu_notifier = + { + .notifier_call = palinfo_cpu_callback, + .priority = 0, +diff --git a/arch/ia64/kernel/salinfo.c b/arch/ia64/kernel/salinfo.c +index 79802e5..1a89ec5 100644 +--- a/arch/ia64/kernel/salinfo.c ++++ b/arch/ia64/kernel/salinfo.c +@@ -616,7 +616,7 @@ salinfo_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu + return NOTIFY_OK; + } + +-static struct notifier_block salinfo_cpu_notifier __cpuinitdata = ++static struct notifier_block salinfo_cpu_notifier = + { + .notifier_call = salinfo_cpu_callback, + .priority = 0, diff --git a/arch/ia64/kernel/sys_ia64.c b/arch/ia64/kernel/sys_ia64.c -index d9439ef..b9a4303 100644 +index d9439ef..d0cac6b 100644 --- a/arch/ia64/kernel/sys_ia64.c +++ b/arch/ia64/kernel/sys_ia64.c -@@ -43,6 +43,13 @@ arch_get_unmapped_area (struct file *filp, unsigned long addr, unsigned long len +@@ -28,6 +28,7 @@ arch_get_unmapped_area (struct file *filp, unsigned long addr, unsigned long len + unsigned long start_addr, align_mask = PAGE_SIZE - 1; + struct mm_struct *mm = current->mm; + struct vm_area_struct *vma; ++ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + + if (len > RGN_MAP_LIMIT) + return -ENOMEM; +@@ -43,6 +44,13 @@ arch_get_unmapped_area (struct file *filp, unsigned long addr, unsigned long len if (REGION_NUMBER(addr) == RGN_HPAGE) addr = 0; #endif @@ -2591,7 +4804,7 @@ index d9439ef..b9a4303 100644 if (!addr) addr = mm->free_area_cache; -@@ -61,14 +68,14 @@ arch_get_unmapped_area (struct file *filp, unsigned long addr, unsigned long len +@@ -61,14 +69,14 @@ arch_get_unmapped_area (struct file *filp, unsigned long addr, unsigned long len for (vma = find_vma(mm, addr); ; vma = vma->vm_next) { /* At this point: (!vma || addr < vma->vm_end). */ if (TASK_SIZE - len < addr || RGN_MAP_LIMIT - len < REGION_OFFSET(addr)) { @@ -2605,10 +4818,23 @@ index d9439ef..b9a4303 100644 return -ENOMEM; } - if (!vma || addr + len <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr, len)) { ++ if (check_heap_stack_gap(vma, addr, len, offset)) { /* Remember the address where we stopped this search: */ mm->free_area_cache = addr + len; return addr; +diff --git a/arch/ia64/kernel/topology.c b/arch/ia64/kernel/topology.c +index dc00b2c..cce53c2 100644 +--- a/arch/ia64/kernel/topology.c ++++ b/arch/ia64/kernel/topology.c +@@ -445,7 +445,7 @@ static int __cpuinit cache_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata cache_cpu_notifier = ++static struct notifier_block cache_cpu_notifier = + { + .notifier_call = cache_cpu_callback + }; diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S index 0ccb28f..8992469 100644 --- a/arch/ia64/kernel/vmlinux.lds.S @@ -2623,7 +4849,7 @@ index 0ccb28f..8992469 100644 * ensure percpu data fits * into percpu page size diff --git a/arch/ia64/mm/fault.c b/arch/ia64/mm/fault.c -index 8443daf..0a01e30 100644 +index 6cf0341..d352594 100644 --- a/arch/ia64/mm/fault.c +++ b/arch/ia64/mm/fault.c @@ -72,6 +72,23 @@ mapped_kernel_page_is_present (unsigned long address) @@ -2674,20 +4900,28 @@ index 8443daf..0a01e30 100644 /* * If for any reason at all we couldn't handle the fault, make diff --git a/arch/ia64/mm/hugetlbpage.c b/arch/ia64/mm/hugetlbpage.c -index 5ca674b..e0e1b70 100644 +index 5ca674b..127c3cb 100644 --- a/arch/ia64/mm/hugetlbpage.c +++ b/arch/ia64/mm/hugetlbpage.c -@@ -171,7 +171,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u +@@ -149,6 +149,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u + unsigned long pgoff, unsigned long flags) + { + struct vm_area_struct *vmm; ++ unsigned long offset = gr_rand_threadstack_offset(current->mm, file, flags); + + if (len > RGN_MAP_LIMIT) + return -ENOMEM; +@@ -171,7 +172,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u /* At this point: (!vmm || addr < vmm->vm_end). */ if (REGION_OFFSET(addr) + len > RGN_MAP_LIMIT) return -ENOMEM; - if (!vmm || (addr + len) <= vmm->vm_start) -+ if (check_heap_stack_gap(vmm, addr, len)) ++ if (check_heap_stack_gap(vmm, addr, len, offset)) return addr; addr = ALIGN(vmm->vm_end, HPAGE_SIZE); } diff --git a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c -index 0eab454..bd794f2 100644 +index b755ea9..b9a969e 100644 --- a/arch/ia64/mm/init.c +++ b/arch/ia64/mm/init.c @@ -120,6 +120,19 @@ ia64_init_addr_space (void) @@ -2786,7 +5020,7 @@ index 4efe96a..60e8699 100644 #define SMP_CACHE_BYTES L1_CACHE_BYTES diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h -index 3f4c5cb..3439c6e 100644 +index 01cc6ba..bcb7a5d 100644 --- a/arch/mips/include/asm/atomic.h +++ b/arch/mips/include/asm/atomic.h @@ -21,6 +21,10 @@ @@ -2800,7 +5034,7 @@ index 3f4c5cb..3439c6e 100644 #define ATOMIC_INIT(i) { (i) } /* -@@ -765,6 +769,16 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) +@@ -759,6 +763,16 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) */ #define atomic64_add_negative(i, v) (atomic64_add_return(i, (v)) < 0) @@ -2872,10 +5106,10 @@ index c1f6afa..38cc6e9 100644 #endif /* _ASM_EXEC_H */ diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h -index da9bd7d..91aa7ab 100644 +index dbaec94..6a14935 100644 --- a/arch/mips/include/asm/page.h +++ b/arch/mips/include/asm/page.h -@@ -98,7 +98,7 @@ extern void copy_user_highpage(struct page *to, struct page *from, +@@ -96,7 +96,7 @@ extern void copy_user_highpage(struct page *to, struct page *from, #ifdef CONFIG_CPU_MIPS32 typedef struct { unsigned long pte_low, pte_high; } pte_t; #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32)) @@ -2901,7 +5135,7 @@ index 881d18b..cea38bc 100644 /* diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h -index ca97e0e..cd08920 100644 +index b2050b9..d71bb1b 100644 --- a/arch/mips/include/asm/thread_info.h +++ b/arch/mips/include/asm/thread_info.h @@ -111,6 +111,8 @@ register struct thread_info *__current_thread_info __asm__("$28"); @@ -2912,8 +5146,8 @@ index ca97e0e..cd08920 100644 +#define TIF_GRSEC_SETXID 29 /* update credentials on syscall entry/exit */ #define TIF_SYSCALL_TRACE 31 /* syscall trace active */ - #ifdef CONFIG_MIPS32_O32 -@@ -134,15 +136,18 @@ register struct thread_info *__current_thread_info __asm__("$28"); + #define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE) +@@ -126,15 +128,18 @@ register struct thread_info *__current_thread_info __asm__("$28"); #define _TIF_32BIT_ADDR (1<<TIF_32BIT_ADDR) #define _TIF_FPUBOUND (1<<TIF_FPUBOUND) #define _TIF_LOAD_WATCH (1<<TIF_LOAD_WATCH) @@ -2926,11 +5160,11 @@ index ca97e0e..cd08920 100644 +#define _TIF_WORK_SYSCALL_EXIT (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_GRSEC_SETXID) /* work to do on interrupt/exception return */ - #define _TIF_WORK_MASK (0x0000ffef & \ - ~(_TIF_SECCOMP | _TIF_SYSCALL_AUDIT)) + #define _TIF_WORK_MASK \ + (_TIF_SIGPENDING | _TIF_NEED_RESCHED | _TIF_NOTIFY_RESUME) /* work to do on any return to u-space */ --#define _TIF_ALLWORK_MASK (0x8000ffff & ~_TIF_SECCOMP) -+#define _TIF_ALLWORK_MASK ((0x8000ffff & ~_TIF_SECCOMP) | _TIF_GRSEC_SETXID) +-#define _TIF_ALLWORK_MASK (_TIF_WORK_MASK | _TIF_WORK_SYSCALL_EXIT) ++#define _TIF_ALLWORK_MASK (_TIF_WORK_MASK | _TIF_WORK_SYSCALL_EXIT | _TIF_GRSEC_SETXID) #endif /* __KERNEL__ */ @@ -2971,10 +5205,10 @@ index ff44823..97f8906 100644 /* diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c -index 69b17a9..9db82f9 100644 +index a11c6f9..be5e164 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c -@@ -478,15 +478,3 @@ unsigned long get_wchan(struct task_struct *task) +@@ -460,15 +460,3 @@ unsigned long get_wchan(struct task_struct *task) out: return pc; } @@ -3018,7 +5252,7 @@ index 4812c6d..2069554 100644 goto out; diff --git a/arch/mips/kernel/scall32-o32.S b/arch/mips/kernel/scall32-o32.S -index a632bc1..0b77c7c 100644 +index d20a4bc..7096ae5 100644 --- a/arch/mips/kernel/scall32-o32.S +++ b/arch/mips/kernel/scall32-o32.S @@ -52,7 +52,7 @@ NESTED(handle_sys, PT_SIZE, sp) @@ -3031,7 +5265,7 @@ index a632bc1..0b77c7c 100644 bnez t0, syscall_trace_entry # -> yes diff --git a/arch/mips/kernel/scall64-64.S b/arch/mips/kernel/scall64-64.S -index 3b5a5e9..e1ee86d 100644 +index b64f642..0fe6eab 100644 --- a/arch/mips/kernel/scall64-64.S +++ b/arch/mips/kernel/scall64-64.S @@ -54,7 +54,7 @@ NESTED(handle_sys64, PT_SIZE, sp) @@ -3044,10 +5278,10 @@ index 3b5a5e9..e1ee86d 100644 and t0, t1, t0 bnez t0, syscall_trace_entry diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S -index 6be6f70..1859577 100644 +index c29ac19..c592d05 100644 --- a/arch/mips/kernel/scall64-n32.S +++ b/arch/mips/kernel/scall64-n32.S -@@ -53,7 +53,7 @@ NESTED(handle_sysn32, PT_SIZE, sp) +@@ -47,7 +47,7 @@ NESTED(handle_sysn32, PT_SIZE, sp) sd a3, PT_R26(sp) # save a3 for syscall restarting @@ -3057,7 +5291,7 @@ index 6be6f70..1859577 100644 and t0, t1, t0 bnez t0, n32_syscall_trace_entry diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S -index 5422855..74e63a3 100644 +index cf3e75e..72e93fe 100644 --- a/arch/mips/kernel/scall64-o32.S +++ b/arch/mips/kernel/scall64-o32.S @@ -81,7 +81,7 @@ NESTED(handle_sys, PT_SIZE, sp) @@ -3070,7 +5304,7 @@ index 5422855..74e63a3 100644 and t0, t1, t0 bnez t0, trace_a_syscall diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c -index c14f6df..537e729 100644 +index ddcec1e..c7f983e 100644 --- a/arch/mips/mm/fault.c +++ b/arch/mips/mm/fault.c @@ -27,6 +27,23 @@ @@ -3098,10 +5332,18 @@ index c14f6df..537e729 100644 * This routine handles page faults. It determines the address, * and the problem, and then passes it off to one of the appropriate diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c -index 302d779..7d35bf8 100644 +index 7e5fe27..479a219 100644 --- a/arch/mips/mm/mmap.c +++ b/arch/mips/mm/mmap.c -@@ -95,6 +95,11 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, +@@ -59,6 +59,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, + struct vm_area_struct *vma; + unsigned long addr = addr0; + int do_color_align; ++ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; + + if (unlikely(len > TASK_SIZE)) +@@ -84,6 +85,11 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, do_color_align = 1; /* requesting a specific address */ @@ -3113,48 +5355,52 @@ index 302d779..7d35bf8 100644 if (addr) { if (do_color_align) addr = COLOUR_ALIGN(addr, pgoff); -@@ -102,8 +107,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, +@@ -91,8 +97,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vma->vm_start)) -+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vmm, addr, len)) ++ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vmm, addr, len, offset)) return addr; } -@@ -118,7 +122,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, - /* At this point: (!vma || addr < vma->vm_end). */ - if (TASK_SIZE - len < addr) - return -ENOMEM; -- if (!vma || addr + len <= vma->vm_start) -+ if (check_heap_stack_gap(vmm, addr, len)) - return addr; - addr = vma->vm_end; - if (do_color_align) -@@ -145,7 +149,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, - /* make sure it can fit in the remaining address space */ - if (likely(addr > len)) { - vma = find_vma(mm, addr - len); -- if (!vma || addr <= vma->vm_start) { -+ if (check_heap_stack_gap(vmm, addr - len, len)) - /* cache the address as a hint for next time */ - return mm->free_area_cache = addr - len; - } -@@ -165,7 +169,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, - * return with success: - */ - vma = find_vma(mm, addr); -- if (likely(!vma || addr + len <= vma->vm_start)) { -+ if (check_heap_stack_gap(vmm, addr, len)) { - /* cache the address as a hint for next time */ - return mm->free_area_cache = addr; - } -@@ -242,30 +246,3 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -146,6 +151,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) + { + unsigned long random_factor = 0UL; + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ + if (current->flags & PF_RANDOMIZE) { + random_factor = get_random_int(); + random_factor = random_factor << PAGE_SHIFT; +@@ -157,42 +166,27 @@ void arch_pick_mmap_layout(struct mm_struct *mm) + + if (mmap_is_legacy()) { + mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ mm->mmap_base += mm->delta_mmap; ++#endif ++ + mm->get_unmapped_area = arch_get_unmapped_area; + mm->unmap_area = arch_unmap_area; + } else { + mm->mmap_base = mmap_base(random_factor); ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ mm->mmap_base -= mm->delta_mmap + mm->delta_stack; ++#endif ++ + mm->get_unmapped_area = arch_get_unmapped_area_topdown; mm->unmap_area = arch_unmap_area_topdown; } } -- + -static inline unsigned long brk_rnd(void) -{ - unsigned long rnd = get_random_int(); @@ -3181,6 +5427,10 @@ index 302d779..7d35bf8 100644 - - return ret; -} +- + int __virt_addr_valid(const volatile void *kaddr) + { + return pfn_valid(PFN_DOWN(virt_to_phys(kaddr))); diff --git a/arch/mn10300/proc-mn103e010/include/proc/cache.h b/arch/mn10300/proc-mn103e010/include/proc/cache.h index 967d144..db12197 100644 --- a/arch/mn10300/proc-mn103e010/include/proc/cache.h @@ -3372,7 +5622,7 @@ index 4ba2c93..f5e3974 100644 else copy_from_user_overflow(); diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c -index 5e34ccf..672bc9c 100644 +index 2a625fb..9908930 100644 --- a/arch/parisc/kernel/module.c +++ b/arch/parisc/kernel/module.c @@ -98,16 +98,38 @@ @@ -3418,7 +5668,7 @@ index 5e34ccf..672bc9c 100644 } static inline int in_local(struct module *me, void *loc) -@@ -373,13 +395,13 @@ int module_frob_arch_sections(CONST Elf_Ehdr *hdr, +@@ -371,13 +393,13 @@ int module_frob_arch_sections(CONST Elf_Ehdr *hdr, } /* align things a bit */ @@ -3438,7 +5688,7 @@ index 5e34ccf..672bc9c 100644 me->arch.got_max = gots; me->arch.fdesc_max = fdescs; -@@ -397,7 +419,7 @@ static Elf64_Word get_got(struct module *me, unsigned long value, long addend) +@@ -395,7 +417,7 @@ static Elf64_Word get_got(struct module *me, unsigned long value, long addend) BUG_ON(value == 0); @@ -3447,7 +5697,7 @@ index 5e34ccf..672bc9c 100644 for (i = 0; got[i].addr; i++) if (got[i].addr == value) goto out; -@@ -415,7 +437,7 @@ static Elf64_Word get_got(struct module *me, unsigned long value, long addend) +@@ -413,7 +435,7 @@ static Elf64_Word get_got(struct module *me, unsigned long value, long addend) #ifdef CONFIG_64BIT static Elf_Addr get_fdesc(struct module *me, unsigned long value) { @@ -3456,7 +5706,7 @@ index 5e34ccf..672bc9c 100644 if (!value) { printk(KERN_ERR "%s: zero OPD requested!\n", me->name); -@@ -433,7 +455,7 @@ static Elf_Addr get_fdesc(struct module *me, unsigned long value) +@@ -431,7 +453,7 @@ static Elf_Addr get_fdesc(struct module *me, unsigned long value) /* Create new one */ fdesc->addr = value; @@ -3465,7 +5715,7 @@ index 5e34ccf..672bc9c 100644 return (Elf_Addr)fdesc; } #endif /* CONFIG_64BIT */ -@@ -845,7 +867,7 @@ register_unwind_table(struct module *me, +@@ -843,7 +865,7 @@ register_unwind_table(struct module *me, table = (unsigned char *)sechdrs[me->arch.unwind_section].sh_addr; end = table + sechdrs[me->arch.unwind_section].sh_size; @@ -3475,28 +5725,56 @@ index 5e34ccf..672bc9c 100644 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n", me->arch.unwind_section, table, end, gp); diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c -index f76c108..8117482 100644 +index f76c108..92bad82 100644 --- a/arch/parisc/kernel/sys_parisc.c +++ b/arch/parisc/kernel/sys_parisc.c -@@ -43,7 +43,7 @@ static unsigned long get_unshared_area(unsigned long addr, unsigned long len) +@@ -33,9 +33,11 @@ + #include <linux/utsname.h> + #include <linux/personality.h> + +-static unsigned long get_unshared_area(unsigned long addr, unsigned long len) ++static unsigned long get_unshared_area(struct file *filp, unsigned long addr, unsigned long len, ++ unsigned long flags) + { + struct vm_area_struct *vma; ++ unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags); + + addr = PAGE_ALIGN(addr); + +@@ -43,7 +45,7 @@ static unsigned long get_unshared_area(unsigned long addr, unsigned long len) /* At this point: (!vma || addr < vma->vm_end). */ if (TASK_SIZE - len < addr) return -ENOMEM; - if (!vma || addr + len <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr, len)) ++ if (check_heap_stack_gap(vma, addr, len, offset)) return addr; addr = vma->vm_end; } -@@ -81,7 +81,7 @@ static unsigned long get_shared_area(struct address_space *mapping, +@@ -67,11 +69,12 @@ static int get_offset(struct address_space *mapping) + return offset & 0x3FF000; + } + +-static unsigned long get_shared_area(struct address_space *mapping, +- unsigned long addr, unsigned long len, unsigned long pgoff) ++static unsigned long get_shared_area(struct file *filp, struct address_space *mapping, ++ unsigned long addr, unsigned long len, unsigned long pgoff, unsigned long flags) + { + struct vm_area_struct *vma; + int offset = mapping ? get_offset(mapping) : 0; ++ unsigned long rand_offset = gr_rand_threadstack_offset(current->mm, filp, flags); + + offset = (offset + (pgoff << PAGE_SHIFT)) & 0x3FF000; + +@@ -81,7 +84,7 @@ static unsigned long get_shared_area(struct address_space *mapping, /* At this point: (!vma || addr < vma->vm_end). */ if (TASK_SIZE - len < addr) return -ENOMEM; - if (!vma || addr + len <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr, len)) ++ if (check_heap_stack_gap(vma, addr, len, rand_offset)) return addr; addr = DCACHE_ALIGN(vma->vm_end - offset) + offset; if (addr < vma->vm_end) /* handle wraparound */ -@@ -100,7 +100,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -100,14 +103,14 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, if (flags & MAP_FIXED) return addr; if (!addr) @@ -3504,7 +5782,17 @@ index f76c108..8117482 100644 + addr = current->mm->mmap_base; if (filp) { - addr = get_shared_area(filp->f_mapping, addr, len, pgoff); +- addr = get_shared_area(filp->f_mapping, addr, len, pgoff); ++ addr = get_shared_area(filp, filp->f_mapping, addr, len, pgoff, flags); + } else if(flags & MAP_SHARED) { +- addr = get_shared_area(NULL, addr, len, pgoff); ++ addr = get_shared_area(filp, NULL, addr, len, pgoff, flags); + } else { +- addr = get_unshared_area(addr, len); ++ addr = get_unshared_area(filp, addr, len, flags); + } + return addr; + } diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c index 45ba99f..8e22c33 100644 --- a/arch/parisc/kernel/traps.c @@ -3694,10 +5982,10 @@ index 18162ce..94de376 100644 /* * If for any reason at all we couldn't handle the fault, make diff --git a/arch/powerpc/include/asm/atomic.h b/arch/powerpc/include/asm/atomic.h -index da29032..f76c24c 100644 +index e3b1d41..8e81edf 100644 --- a/arch/powerpc/include/asm/atomic.h +++ b/arch/powerpc/include/asm/atomic.h -@@ -522,6 +522,16 @@ static __inline__ long atomic64_inc_not_zero(atomic64_t *v) +@@ -523,6 +523,16 @@ static __inline__ long atomic64_inc_not_zero(atomic64_t *v) return t1; } @@ -3736,10 +6024,10 @@ index 9e495c9..b6878e5 100644 #define SMP_CACHE_BYTES L1_CACHE_BYTES diff --git a/arch/powerpc/include/asm/elf.h b/arch/powerpc/include/asm/elf.h -index 3bf9cca..e7457d0 100644 +index 6abf0a1..459d0f1 100644 --- a/arch/powerpc/include/asm/elf.h +++ b/arch/powerpc/include/asm/elf.h -@@ -178,8 +178,19 @@ typedef elf_fpreg_t elf_vsrreghalf_t32[ELF_NVSRHALFREG]; +@@ -28,8 +28,19 @@ the loader. We need to make sure that it is out of the way of the program that it will "exec", and that there is sufficient room for the brk. */ @@ -3761,16 +6049,17 @@ index 3bf9cca..e7457d0 100644 /* * Our registers are always unsigned longs, whether we're a 32 bit -@@ -274,9 +285,6 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm, +@@ -124,10 +135,6 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm, (0x7ff >> (PAGE_SHIFT - 12)) : \ (0x3ffff >> (PAGE_SHIFT - 12))) -extern unsigned long arch_randomize_brk(struct mm_struct *mm); -#define arch_randomize_brk arch_randomize_brk - - #endif /* __KERNEL__ */ - - /* +- + #ifdef CONFIG_SPU_BASE + /* Notes used in ET_CORE. Note name is "SPU/<fd>/<filename>". */ + #define NT_SPU 1 diff --git a/arch/powerpc/include/asm/exec.h b/arch/powerpc/include/asm/exec.h index 8196e9c..d83a9f3 100644 --- a/arch/powerpc/include/asm/exec.h @@ -3797,10 +6086,10 @@ index 5acabbd..7ea14fa 100644 #endif /* __KERNEL__ */ #endif /* _ASM_POWERPC_KMAP_TYPES_H */ diff --git a/arch/powerpc/include/asm/mman.h b/arch/powerpc/include/asm/mman.h -index d4a7f64..451de1c 100644 +index 8565c25..2865190 100644 --- a/arch/powerpc/include/asm/mman.h +++ b/arch/powerpc/include/asm/mman.h -@@ -44,7 +44,7 @@ static inline unsigned long arch_calc_vm_prot_bits(unsigned long prot) +@@ -24,7 +24,7 @@ static inline unsigned long arch_calc_vm_prot_bits(unsigned long prot) } #define arch_calc_vm_prot_bits(prot) arch_calc_vm_prot_bits(prot) @@ -3836,10 +6125,10 @@ index f072e97..b436dee 100644 * Use the top bit of the higher-level page table entries to indicate whether * the entries we point to contain hugepages. This works because we know that diff --git a/arch/powerpc/include/asm/page_64.h b/arch/powerpc/include/asm/page_64.h -index fed85e6..da5c71b 100644 +index cd915d6..c10cee8 100644 --- a/arch/powerpc/include/asm/page_64.h +++ b/arch/powerpc/include/asm/page_64.h -@@ -146,15 +146,18 @@ do { \ +@@ -154,15 +154,18 @@ do { \ * stack by default, so in the absence of a PT_GNU_STACK program header * we turn execute permission off. */ @@ -3893,7 +6182,7 @@ index 292725c..f87ae14 100644 static inline void pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmd, pte_t *pte) diff --git a/arch/powerpc/include/asm/pgtable.h b/arch/powerpc/include/asm/pgtable.h -index 2e0e411..7899c68 100644 +index a9cbd3b..3b67efa 100644 --- a/arch/powerpc/include/asm/pgtable.h +++ b/arch/powerpc/include/asm/pgtable.h @@ -2,6 +2,7 @@ @@ -3917,10 +6206,10 @@ index 4aad413..85d86bf 100644 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */ #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */ diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h -index 6386086..6982225 100644 +index 3d5c9dc..62f8414 100644 --- a/arch/powerpc/include/asm/reg.h +++ b/arch/powerpc/include/asm/reg.h -@@ -212,6 +212,7 @@ +@@ -215,6 +215,7 @@ #define SPRN_DBCR 0x136 /* e300 Data Breakpoint Control Reg */ #define SPRN_DSISR 0x012 /* Data Storage Interrupt Status Register */ #define DSISR_NOHPTE 0x40000000 /* no translation found */ @@ -3929,10 +6218,10 @@ index 6386086..6982225 100644 #define DSISR_ISSTORE 0x02000000 /* access was a store */ #define DSISR_DABRMATCH 0x00400000 /* hit data breakpoint */ diff --git a/arch/powerpc/include/asm/thread_info.h b/arch/powerpc/include/asm/thread_info.h -index faf9352..ab2ccec 100644 +index 406b7b9..af63426 100644 --- a/arch/powerpc/include/asm/thread_info.h +++ b/arch/powerpc/include/asm/thread_info.h -@@ -97,12 +97,14 @@ static inline struct thread_info *current_thread_info(void) +@@ -97,7 +97,6 @@ static inline struct thread_info *current_thread_info(void) #define TIF_PERFMON_CTXSW 6 /* perfmon needs ctxsw calls */ #define TIF_SYSCALL_AUDIT 7 /* syscall auditing active */ #define TIF_SINGLESTEP 8 /* singlestepping active */ @@ -3940,18 +6229,20 @@ index faf9352..ab2ccec 100644 #define TIF_SECCOMP 10 /* secure computing */ #define TIF_RESTOREALL 11 /* Restore all regs (implies NOERROR) */ #define TIF_NOERROR 12 /* Force successful syscall return */ - #define TIF_NOTIFY_RESUME 13 /* callback before returning to user */ +@@ -106,6 +105,9 @@ static inline struct thread_info *current_thread_info(void) #define TIF_SYSCALL_TRACEPOINT 15 /* syscall tracepoint instrumentation */ -+#define TIF_MEMDIE 16 /* is terminating due to OOM killer */ + #define TIF_EMULATE_STACK_STORE 16 /* Is an instruction emulation + for stack store? */ ++#define TIF_MEMDIE 17 /* is terminating due to OOM killer */ +/* mask must be expressable within 16 bits to satisfy 'andi' instruction reqs */ +#define TIF_GRSEC_SETXID 9 /* update credentials on syscall entry/exit */ /* as above, but as bit values */ #define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE) -@@ -119,8 +121,10 @@ static inline struct thread_info *current_thread_info(void) - #define _TIF_NOERROR (1<<TIF_NOERROR) - #define _TIF_NOTIFY_RESUME (1<<TIF_NOTIFY_RESUME) +@@ -124,8 +126,10 @@ static inline struct thread_info *current_thread_info(void) + #define _TIF_UPROBE (1<<TIF_UPROBE) #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT) + #define _TIF_EMULATE_STACK_STORE (1<<TIF_EMULATE_STACK_STORE) +#define _TIF_GRSEC_SETXID (1<<TIF_GRSEC_SETXID) #define _TIF_SYSCALL_T_OR_A (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \ - _TIF_SECCOMP | _TIF_SYSCALL_TRACEPOINT) @@ -3959,9 +6250,9 @@ index faf9352..ab2ccec 100644 + _TIF_GRSEC_SETXID) #define _TIF_USER_WORK_MASK (_TIF_SIGPENDING | _TIF_NEED_RESCHED | \ - _TIF_NOTIFY_RESUME) + _TIF_NOTIFY_RESUME | _TIF_UPROBE) diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h -index 17bb40c..353c98b 100644 +index 4db4959..335e00c 100644 --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -13,6 +13,8 @@ @@ -3973,7 +6264,7 @@ index 17bb40c..353c98b 100644 /* * The fs value determines whether argument validity checking should be * performed or not. If get_fs() == USER_DS, checking is performed, with -@@ -329,52 +331,6 @@ do { \ +@@ -318,52 +320,6 @@ do { \ extern unsigned long __copy_tofrom_user(void __user *to, const void __user *from, unsigned long size); @@ -4026,7 +6317,7 @@ index 17bb40c..353c98b 100644 static inline unsigned long __copy_from_user_inatomic(void *to, const void __user *from, unsigned long n) { -@@ -398,6 +354,10 @@ static inline unsigned long __copy_from_user_inatomic(void *to, +@@ -387,6 +343,10 @@ static inline unsigned long __copy_from_user_inatomic(void *to, if (ret == 0) return 0; } @@ -4037,7 +6328,7 @@ index 17bb40c..353c98b 100644 return __copy_tofrom_user((__force void __user *)to, from, n); } -@@ -424,6 +384,10 @@ static inline unsigned long __copy_to_user_inatomic(void __user *to, +@@ -413,6 +373,10 @@ static inline unsigned long __copy_to_user_inatomic(void __user *to, if (ret == 0) return 0; } @@ -4048,7 +6339,7 @@ index 17bb40c..353c98b 100644 return __copy_tofrom_user(to, (__force const void __user *)from, n); } -@@ -441,6 +405,92 @@ static inline unsigned long __copy_to_user(void __user *to, +@@ -430,6 +394,92 @@ static inline unsigned long __copy_to_user(void __user *to, return __copy_to_user_inatomic(to, from, size); } @@ -4142,10 +6433,10 @@ index 17bb40c..353c98b 100644 static inline unsigned long clear_user(void __user *addr, unsigned long size) diff --git a/arch/powerpc/kernel/exceptions-64e.S b/arch/powerpc/kernel/exceptions-64e.S -index 98be7f0..8ef62de 100644 +index 4684e33..acc4d19e 100644 --- a/arch/powerpc/kernel/exceptions-64e.S +++ b/arch/powerpc/kernel/exceptions-64e.S -@@ -661,6 +661,7 @@ storage_fault_common: +@@ -715,6 +715,7 @@ storage_fault_common: std r14,_DAR(r1) std r15,_DSISR(r1) addi r3,r1,STACK_FRAME_OVERHEAD @@ -4153,7 +6444,7 @@ index 98be7f0..8ef62de 100644 mr r4,r14 mr r5,r15 ld r14,PACA_EXGEN+EX_R14(r13) -@@ -669,8 +670,7 @@ storage_fault_common: +@@ -723,8 +724,7 @@ storage_fault_common: cmpdi r3,0 bne- 1f b .ret_from_except_lite @@ -4164,10 +6455,10 @@ index 98be7f0..8ef62de 100644 ld r4,_DAR(r1) bl .bad_page_fault diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S -index 39aa97d..dc916ee 100644 +index 4665e82..080ea99 100644 --- a/arch/powerpc/kernel/exceptions-64s.S +++ b/arch/powerpc/kernel/exceptions-64s.S -@@ -890,10 +890,10 @@ handle_page_fault: +@@ -1206,10 +1206,10 @@ handle_page_fault: 11: ld r4,_DAR(r1) ld r5,_DSISR(r1) addi r3,r1,STACK_FRAME_OVERHEAD @@ -4213,10 +6504,10 @@ index 2e3200c..72095ce 100644 /* Find this entry, or if that fails, the next avail. entry */ while (entry->jump[0]) { diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c -index 1a1f2dd..f4d1bb4 100644 +index 8143067..21ae55b 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c -@@ -681,8 +681,8 @@ void show_regs(struct pt_regs * regs) +@@ -680,8 +680,8 @@ void show_regs(struct pt_regs * regs) * Lookup NIP late so we have the best change of getting the * above info out without failing */ @@ -4227,7 +6518,7 @@ index 1a1f2dd..f4d1bb4 100644 #endif show_stack(current, (unsigned long *) regs->gpr[1]); if (!user_mode(regs)) -@@ -1181,10 +1181,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1129,10 +1129,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) newsp = stack[0]; ip = stack[STACK_FRAME_LR_SAVE]; if (!firstframe || ip != lr) { @@ -4240,7 +6531,7 @@ index 1a1f2dd..f4d1bb4 100644 (void *)current->ret_stack[curr_frame].ret); curr_frame--; } -@@ -1204,7 +1204,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1152,7 +1152,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) struct pt_regs *regs = (struct pt_regs *) (sp + STACK_FRAME_OVERHEAD); lr = regs->link; @@ -4249,7 +6540,7 @@ index 1a1f2dd..f4d1bb4 100644 regs->trap, (void *)regs->nip, (void *)lr); firstframe = 1; } -@@ -1246,58 +1246,3 @@ void __ppc64_runlatch_off(void) +@@ -1194,58 +1194,3 @@ void __ppc64_runlatch_off(void) mtspr(SPRN_CTRLT, ctrl); } #endif /* CONFIG_PPC64 */ @@ -4309,10 +6600,10 @@ index 1a1f2dd..f4d1bb4 100644 - return ret; -} diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c -index c10fc28..c4ef063 100644 +index c497000..8fde506 100644 --- a/arch/powerpc/kernel/ptrace.c +++ b/arch/powerpc/kernel/ptrace.c -@@ -1660,6 +1660,10 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -1737,6 +1737,10 @@ long arch_ptrace(struct task_struct *child, long request, return ret; } @@ -4323,7 +6614,7 @@ index c10fc28..c4ef063 100644 /* * We must return the syscall number to actually look up in the table. * This can be -1L to skip running any syscall at all. -@@ -1670,6 +1674,11 @@ long do_syscall_trace_enter(struct pt_regs *regs) +@@ -1747,6 +1751,11 @@ long do_syscall_trace_enter(struct pt_regs *regs) secure_computing_strict(regs->gpr[0]); @@ -4335,7 +6626,7 @@ index c10fc28..c4ef063 100644 if (test_thread_flag(TIF_SYSCALL_TRACE) && tracehook_report_syscall_entry(regs)) /* -@@ -1704,6 +1713,11 @@ void do_syscall_trace_leave(struct pt_regs *regs) +@@ -1781,6 +1790,11 @@ void do_syscall_trace_leave(struct pt_regs *regs) { int step; @@ -4348,10 +6639,10 @@ index c10fc28..c4ef063 100644 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c -index 8b4c049..dcd6ef3 100644 +index 804e323..79181c1 100644 --- a/arch/powerpc/kernel/signal_32.c +++ b/arch/powerpc/kernel/signal_32.c -@@ -852,7 +852,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka, +@@ -851,7 +851,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka, /* Save user registers on the stack */ frame = &rt_sf->uc.uc_mcontext; addr = frame; @@ -4361,7 +6652,7 @@ index 8b4c049..dcd6ef3 100644 goto badframe; regs->link = current->mm->context.vdso_base + vdso32_rt_sigtramp; diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c -index d183f87..1867f1a 100644 +index 1ca045d..139c3f7 100644 --- a/arch/powerpc/kernel/signal_64.c +++ b/arch/powerpc/kernel/signal_64.c @@ -430,7 +430,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info, @@ -4373,8 +6664,21 @@ index d183f87..1867f1a 100644 regs->link = current->mm->context.vdso_base + vdso64_rt_sigtramp; } else { err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]); +diff --git a/arch/powerpc/kernel/sysfs.c b/arch/powerpc/kernel/sysfs.c +index 3ce1f86..c30e629 100644 +--- a/arch/powerpc/kernel/sysfs.c ++++ b/arch/powerpc/kernel/sysfs.c +@@ -522,7 +522,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata sysfs_cpu_nb = { ++static struct notifier_block sysfs_cpu_nb = { + .notifier_call = sysfs_cpu_notify, + }; + diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c -index ae0843f..f16372c 100644 +index 3251840..3f7c77a 100644 --- a/arch/powerpc/kernel/traps.c +++ b/arch/powerpc/kernel/traps.c @@ -133,6 +133,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs) @@ -4397,7 +6701,7 @@ index ae0843f..f16372c 100644 } diff --git a/arch/powerpc/kernel/vdso.c b/arch/powerpc/kernel/vdso.c -index b67db22..38825d2 100644 +index 1b2076f..835e4be 100644 --- a/arch/powerpc/kernel/vdso.c +++ b/arch/powerpc/kernel/vdso.c @@ -34,6 +34,7 @@ @@ -4462,7 +6766,7 @@ index 5eea6f3..5d10396 100644 EXPORT_SYMBOL(copy_in_user); diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c -index 08ffcf5..a0ab912 100644 +index 3a8489a..6a63b3b 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -32,6 +32,10 @@ @@ -4510,7 +6814,7 @@ index 08ffcf5..a0ab912 100644 /* * Check whether the instruction at regs->nip is a store using * an update addressing form which will update r1. -@@ -215,7 +246,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, +@@ -213,7 +244,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, * indicate errors in DSISR but can validly be set in SRR1. */ if (trap == 0x400) @@ -4519,7 +6823,7 @@ index 08ffcf5..a0ab912 100644 else is_write = error_code & DSISR_ISSTORE; #else -@@ -366,7 +397,7 @@ good_area: +@@ -364,7 +395,7 @@ good_area: * "undefined". Of those that can be set, this is the only * one which seems bad. */ @@ -4528,7 +6832,7 @@ index 08ffcf5..a0ab912 100644 /* Guarded storage error. */ goto bad_area; #endif /* CONFIG_8xx */ -@@ -381,7 +412,7 @@ good_area: +@@ -379,7 +410,7 @@ good_area: * processors use the same I/D cache coherency mechanism * as embedded. */ @@ -4537,7 +6841,7 @@ index 08ffcf5..a0ab912 100644 goto bad_area; #endif /* CONFIG_PPC_STD_MMU */ -@@ -463,6 +494,23 @@ bad_area: +@@ -462,6 +493,23 @@ bad_area: bad_area_nosemaphore: /* User mode accesses cause a SIGSEGV */ if (user_mode(regs)) { @@ -4562,10 +6866,21 @@ index 08ffcf5..a0ab912 100644 return 0; } diff --git a/arch/powerpc/mm/mmap_64.c b/arch/powerpc/mm/mmap_64.c -index 67a42ed..1c7210c 100644 +index 67a42ed..cd463e0 100644 --- a/arch/powerpc/mm/mmap_64.c +++ b/arch/powerpc/mm/mmap_64.c -@@ -91,10 +91,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -57,6 +57,10 @@ static unsigned long mmap_rnd(void) + { + unsigned long rnd = 0; + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ + if (current->flags & PF_RANDOMIZE) { + /* 8MB for 32bit, 1GB for 64bit */ + if (is_32bit_task()) +@@ -91,10 +95,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) */ if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -4588,29 +6903,55 @@ index 67a42ed..1c7210c 100644 mm->get_unmapped_area = arch_get_unmapped_area_topdown; mm->unmap_area = arch_unmap_area_topdown; } +diff --git a/arch/powerpc/mm/mmu_context_nohash.c b/arch/powerpc/mm/mmu_context_nohash.c +index e779642..e5bb889 100644 +--- a/arch/powerpc/mm/mmu_context_nohash.c ++++ b/arch/powerpc/mm/mmu_context_nohash.c +@@ -363,7 +363,7 @@ static int __cpuinit mmu_context_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata mmu_context_cpu_nb = { ++static struct notifier_block mmu_context_cpu_nb = { + .notifier_call = mmu_context_cpu_notify, + }; + +diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c +index bba87ca..c346a33 100644 +--- a/arch/powerpc/mm/numa.c ++++ b/arch/powerpc/mm/numa.c +@@ -932,7 +932,7 @@ static void __init *careful_zallocation(int nid, unsigned long size, + return ret; + } + +-static struct notifier_block __cpuinitdata ppc64_numa_nb = { ++static struct notifier_block ppc64_numa_nb = { + .notifier_call = cpu_numa_callback, + .priority = 1 /* Must run before sched domains notifier. */ + }; diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c -index 73709f7..6b90313 100644 +index cf9dada..241529f 100644 --- a/arch/powerpc/mm/slice.c +++ b/arch/powerpc/mm/slice.c -@@ -98,7 +98,7 @@ static int slice_area_is_free(struct mm_struct *mm, unsigned long addr, +@@ -103,7 +103,7 @@ static int slice_area_is_free(struct mm_struct *mm, unsigned long addr, if ((mm->task_size - len) < addr) return 0; vma = find_vma(mm, addr); - return (!vma || (addr + len) <= vma->vm_start); -+ return check_heap_stack_gap(vma, addr, len); ++ return check_heap_stack_gap(vma, addr, len, 0); } static int slice_low_has_vma(struct mm_struct *mm, unsigned long slice) -@@ -256,7 +256,7 @@ full_search: +@@ -272,7 +272,7 @@ full_search: addr = _ALIGN_UP(addr + 1, 1ul << SLICE_HIGH_SHIFT); continue; } - if (!vma || addr + len <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr, len)) { ++ if (check_heap_stack_gap(vma, addr, len, 0)) { /* * Remember the place where we stopped the search: */ -@@ -313,10 +313,14 @@ static unsigned long slice_find_area_topdown(struct mm_struct *mm, +@@ -329,10 +329,14 @@ static unsigned long slice_find_area_topdown(struct mm_struct *mm, } } @@ -4628,25 +6969,25 @@ index 73709f7..6b90313 100644 /* Check for hit with different page size */ mask = slice_range_to_mask(addr, len); -@@ -336,7 +340,7 @@ static unsigned long slice_find_area_topdown(struct mm_struct *mm, +@@ -352,7 +356,7 @@ static unsigned long slice_find_area_topdown(struct mm_struct *mm, * return with success: */ vma = find_vma(mm, addr); - if (!vma || (addr + len) <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr, len)) { ++ if (check_heap_stack_gap(vma, addr, len, 0)) { /* remember the address as a hint for next time */ if (use_cache) mm->free_area_cache = addr; -@@ -348,7 +352,7 @@ static unsigned long slice_find_area_topdown(struct mm_struct *mm, +@@ -364,7 +368,7 @@ static unsigned long slice_find_area_topdown(struct mm_struct *mm, mm->cached_hole_size = vma->vm_start - addr; /* try just below the current vma->vm_start */ - addr = vma->vm_start; -+ addr = skip_heap_stack_gap(vma, len); ++ addr = skip_heap_stack_gap(vma, len, 0); } /* -@@ -426,6 +430,11 @@ unsigned long slice_get_unmapped_area(unsigned long addr, unsigned long len, +@@ -442,6 +446,11 @@ unsigned long slice_get_unmapped_area(unsigned long addr, unsigned long len, if (fixed && addr > (mm->task_size - len)) return -EINVAL; @@ -4658,6 +6999,19 @@ index 73709f7..6b90313 100644 /* If hint, make sure it matches our alignment restrictions */ if (!fixed && addr) { addr = _ALIGN_UP(addr, 1ul << pshift); +diff --git a/arch/powerpc/platforms/powermac/smp.c b/arch/powerpc/platforms/powermac/smp.c +index bdb738a..49c9f95 100644 +--- a/arch/powerpc/platforms/powermac/smp.c ++++ b/arch/powerpc/platforms/powermac/smp.c +@@ -885,7 +885,7 @@ static int smp_core99_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata smp_core99_cpu_nb = { ++static struct notifier_block smp_core99_cpu_nb = { + .notifier_call = smp_core99_cpu_notify, + }; + #endif /* CONFIG_HOTPLUG_CPU */ diff --git a/arch/s390/include/asm/atomic.h b/arch/s390/include/asm/atomic.h index c797832..ce575c8 100644 --- a/arch/s390/include/asm/atomic.h @@ -4696,10 +7050,10 @@ index 4d7ccac..d03d0ad 100644 #define __read_mostly __attribute__((__section__(".data..read_mostly"))) diff --git a/arch/s390/include/asm/elf.h b/arch/s390/include/asm/elf.h -index 9b94a16..63d4034 100644 +index 178ff96..8c93bd1 100644 --- a/arch/s390/include/asm/elf.h +++ b/arch/s390/include/asm/elf.h -@@ -159,8 +159,14 @@ extern unsigned int vdso_enabled; +@@ -160,8 +160,14 @@ extern unsigned int vdso_enabled; the loader. We need to make sure that it is out of the way of the program that it will "exec", and that there is sufficient room for the brk. */ @@ -4716,13 +7070,15 @@ index 9b94a16..63d4034 100644 /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. */ -@@ -209,7 +215,4 @@ struct linux_binprm; +@@ -210,9 +216,6 @@ struct linux_binprm; #define ARCH_HAS_SETUP_ADDITIONAL_PAGES 1 int arch_setup_additional_pages(struct linux_binprm *, int); -extern unsigned long arch_randomize_brk(struct mm_struct *mm); -#define arch_randomize_brk arch_randomize_brk - + void *fill_cpu_elf_notes(void *ptr, struct save_area *sa); + #endif diff --git a/arch/s390/include/asm/exec.h b/arch/s390/include/asm/exec.h index c4a93d6..4d2a9b4 100644 @@ -4737,10 +7093,10 @@ index c4a93d6..4d2a9b4 100644 #endif /* __ASM_EXEC_H */ diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h -index a8ab18b..75ddbf0 100644 +index 34268df..ea97318 100644 --- a/arch/s390/include/asm/uaccess.h +++ b/arch/s390/include/asm/uaccess.h -@@ -239,6 +239,10 @@ static inline unsigned long __must_check +@@ -252,6 +252,10 @@ static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) { might_fault(); @@ -4751,7 +7107,7 @@ index a8ab18b..75ddbf0 100644 if (access_ok(VERIFY_WRITE, to, n)) n = __copy_to_user(to, from, n); return n; -@@ -264,6 +268,9 @@ copy_to_user(void __user *to, const void *from, unsigned long n) +@@ -277,6 +281,9 @@ copy_to_user(void __user *to, const void *from, unsigned long n) static inline unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n) { @@ -4761,7 +7117,7 @@ index a8ab18b..75ddbf0 100644 if (__builtin_constant_p(n) && (n <= 256)) return uaccess.copy_from_user_small(n, from, to); else -@@ -295,10 +302,14 @@ __compiletime_warning("copy_from_user() buffer size is not provably correct") +@@ -308,10 +315,14 @@ __compiletime_warning("copy_from_user() buffer size is not provably correct") static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { @@ -4779,10 +7135,10 @@ index a8ab18b..75ddbf0 100644 return n; } diff --git a/arch/s390/kernel/module.c b/arch/s390/kernel/module.c -index 46412b1..e32874f 100644 +index 4610dea..cf0af21 100644 --- a/arch/s390/kernel/module.c +++ b/arch/s390/kernel/module.c -@@ -160,11 +160,11 @@ module_frob_arch_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs, +@@ -171,11 +171,11 @@ module_frob_arch_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs, /* Increase core size by size of got & plt and set start offsets for got and plt. */ @@ -4799,7 +7155,7 @@ index 46412b1..e32874f 100644 return 0; } -@@ -241,7 +241,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, +@@ -252,7 +252,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, if (info->got_initialized == 0) { Elf_Addr *gotent; @@ -4808,7 +7164,7 @@ index 46412b1..e32874f 100644 info->got_offset; *gotent = val; info->got_initialized = 1; -@@ -265,7 +265,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, +@@ -276,7 +276,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, else if (r_type == R_390_GOTENT || r_type == R_390_GOTPLTENT) *(unsigned int *) loc = @@ -4817,7 +7173,7 @@ index 46412b1..e32874f 100644 else if (r_type == R_390_GOT64 || r_type == R_390_GOTPLT64) *(unsigned long *) loc = val; -@@ -279,7 +279,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, +@@ -290,7 +290,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, case R_390_PLTOFF64: /* 16 bit offset from GOT to PLT. */ if (info->plt_initialized == 0) { unsigned int *ip; @@ -4826,7 +7182,7 @@ index 46412b1..e32874f 100644 info->plt_offset; #ifndef CONFIG_64BIT ip[0] = 0x0d105810; /* basr 1,0; l 1,6(1); br 1 */ -@@ -304,7 +304,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, +@@ -315,7 +315,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, val - loc + 0xffffUL < 0x1ffffeUL) || (r_type == R_390_PLT32DBL && val - loc + 0xffffffffULL < 0x1fffffffeULL))) @@ -4835,7 +7191,7 @@ index 46412b1..e32874f 100644 me->arch.plt_offset + info->plt_offset; val += rela->r_addend - loc; -@@ -326,7 +326,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, +@@ -337,7 +337,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, case R_390_GOTOFF32: /* 32 bit offset to GOT. */ case R_390_GOTOFF64: /* 64 bit offset to GOT. */ val = val + rela->r_addend - @@ -4844,7 +7200,7 @@ index 46412b1..e32874f 100644 if (r_type == R_390_GOTOFF16) *(unsigned short *) loc = val; else if (r_type == R_390_GOTOFF32) -@@ -336,7 +336,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, +@@ -347,7 +347,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, break; case R_390_GOTPC: /* 32 bit PC relative offset to GOT. */ case R_390_GOTPCDBL: /* 32 bit PC rel. off. to GOT shifted by 1. */ @@ -4854,10 +7210,10 @@ index 46412b1..e32874f 100644 if (r_type == R_390_GOTPC) *(unsigned int *) loc = val; diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c -index 7331753..dd71de4 100644 +index 536d645..4a5bd9e 100644 --- a/arch/s390/kernel/process.c +++ b/arch/s390/kernel/process.c -@@ -316,39 +316,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -250,39 +250,3 @@ unsigned long get_wchan(struct task_struct *p) } return 0; } @@ -4975,10 +7331,10 @@ index f9f3cd5..58ff438 100644 #endif /* _ASM_SCORE_EXEC_H */ diff --git a/arch/score/kernel/process.c b/arch/score/kernel/process.c -index 637970c..0b6556b 100644 +index 7956846..5f37677 100644 --- a/arch/score/kernel/process.c +++ b/arch/score/kernel/process.c -@@ -161,8 +161,3 @@ unsigned long get_wchan(struct task_struct *task) +@@ -134,8 +134,3 @@ unsigned long get_wchan(struct task_struct *task) return task_pt_regs(task)->cp0_epc; } @@ -5004,86 +7360,103 @@ index ef9e555..331bd29 100644 #define __read_mostly __attribute__((__section__(".data..read_mostly"))) +diff --git a/arch/sh/kernel/cpu/sh4a/smp-shx3.c b/arch/sh/kernel/cpu/sh4a/smp-shx3.c +index 03f2b55..b027032 100644 +--- a/arch/sh/kernel/cpu/sh4a/smp-shx3.c ++++ b/arch/sh/kernel/cpu/sh4a/smp-shx3.c +@@ -143,7 +143,7 @@ shx3_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu) + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata shx3_cpu_notifier = { ++static struct notifier_block shx3_cpu_notifier = { + .notifier_call = shx3_cpu_callback, + }; + diff --git a/arch/sh/mm/mmap.c b/arch/sh/mm/mmap.c -index afeb710..d1d1289 100644 +index 6777177..cb5e44f 100644 --- a/arch/sh/mm/mmap.c +++ b/arch/sh/mm/mmap.c -@@ -74,8 +74,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -36,6 +36,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, + struct mm_struct *mm = current->mm; + struct vm_area_struct *vma; + int do_colour_align; ++ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; + + if (flags & MAP_FIXED) { +@@ -55,6 +56,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, + if (filp || (flags & MAP_SHARED)) + do_colour_align = 1; + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ + if (addr) { + if (do_colour_align) + addr = COLOUR_ALIGN(addr, pgoff); +@@ -62,14 +67,13 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vma->vm_start)) -+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len)) ++ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) return addr; } -@@ -106,7 +105,7 @@ full_search: - } - return -ENOMEM; - } -- if (likely(!vma || addr + len <= vma->vm_start)) { -+ if (likely(check_heap_stack_gap(vma, addr, len))) { - /* - * Remember the place where we stopped the search: - */ -@@ -157,8 +156,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + info.flags = 0; + info.length = len; +- info.low_limit = TASK_UNMAPPED_BASE; ++ info.low_limit = mm->mmap_base; + info.high_limit = TASK_SIZE; + info.align_mask = do_colour_align ? (PAGE_MASK & shm_align_mask) : 0; + info.align_offset = pgoff << PAGE_SHIFT; +@@ -85,6 +89,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + struct mm_struct *mm = current->mm; + unsigned long addr = addr0; + int do_colour_align; ++ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; + + if (flags & MAP_FIXED) { +@@ -104,6 +109,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + if (filp || (flags & MAP_SHARED)) + do_colour_align = 1; + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ + /* requesting a specific address */ + if (addr) { + if (do_colour_align) +@@ -112,8 +121,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vma->vm_start)) -+ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len)) ++ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) return addr; } -@@ -179,7 +177,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - /* make sure it can fit in the remaining address space */ - if (likely(addr > len)) { - vma = find_vma(mm, addr-len); -- if (!vma || addr <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr - len, len)) { - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr-len); - } -@@ -188,18 +186,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - if (unlikely(mm->mmap_base < len)) - goto bottomup; - -- addr = mm->mmap_base-len; -- if (do_colour_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); -+ addr = mm->mmap_base - len; - - do { -+ if (do_colour_align) -+ addr = COLOUR_ALIGN_DOWN(addr, pgoff); - /* - * Lookup failure means no vma is above this address, - * else if new region fits below vma->vm_start, - * return with success: - */ - vma = find_vma(mm, addr); -- if (likely(!vma || addr+len <= vma->vm_start)) { -+ if (likely(check_heap_stack_gap(vma, addr, len))) { - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr); - } -@@ -209,10 +207,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - mm->cached_hole_size = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = vma->vm_start-len; -- if (do_colour_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); -- } while (likely(len < vma->vm_start)); -+ addr = skip_heap_stack_gap(vma, len); -+ } while (!IS_ERR_VALUE(addr)); - - bottomup: - /* +@@ -135,6 +143,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = TASK_UNMAPPED_BASE; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = TASK_SIZE; + addr = vm_unmapped_area(&info); + } diff --git a/arch/sparc/include/asm/atomic_64.h b/arch/sparc/include/asm/atomic_64.h -index ce35a1c..2e7b8f9 100644 +index be56a24..443328f 100644 --- a/arch/sparc/include/asm/atomic_64.h +++ b/arch/sparc/include/asm/atomic_64.h @@ -14,18 +14,40 @@ @@ -5291,7 +7664,7 @@ index 5bb6991..5c2132e 100644 #ifdef CONFIG_SPARC32 #define SMP_CACHE_BYTES_SHIFT 5 diff --git a/arch/sparc/include/asm/elf_32.h b/arch/sparc/include/asm/elf_32.h -index 2d4d755..81b6662 100644 +index ac74a2c..a9e58af 100644 --- a/arch/sparc/include/asm/elf_32.h +++ b/arch/sparc/include/asm/elf_32.h @@ -114,6 +114,13 @@ typedef struct { @@ -5309,10 +7682,10 @@ index 2d4d755..81b6662 100644 instruction set this cpu supports. This can NOT be done in userspace on Sparc. */ diff --git a/arch/sparc/include/asm/elf_64.h b/arch/sparc/include/asm/elf_64.h -index 7df8b7f..4946269 100644 +index 370ca1e..d4f4a98 100644 --- a/arch/sparc/include/asm/elf_64.h +++ b/arch/sparc/include/asm/elf_64.h -@@ -180,6 +180,13 @@ typedef struct { +@@ -189,6 +189,13 @@ typedef struct { #define ELF_ET_DYN_BASE 0x0000010000000000UL #define COMPAT_ELF_ET_DYN_BASE 0x0000000070000000UL @@ -5339,7 +7712,7 @@ index 9b1c36d..209298b 100644 static inline pmd_t *pmd_alloc_one(struct mm_struct *mm, unsigned long address) diff --git a/arch/sparc/include/asm/pgalloc_64.h b/arch/sparc/include/asm/pgalloc_64.h -index 40b2d7a..22a665b 100644 +index bcfe063..b333142 100644 --- a/arch/sparc/include/asm/pgalloc_64.h +++ b/arch/sparc/include/asm/pgalloc_64.h @@ -26,6 +26,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd) @@ -5507,7 +7880,7 @@ index 9689176..63c18ea 100644 unsigned long mask, tmp1, tmp2, result; diff --git a/arch/sparc/include/asm/thread_info_32.h b/arch/sparc/include/asm/thread_info_32.h -index e6cd224..3a71793 100644 +index 25849ae..924c54b 100644 --- a/arch/sparc/include/asm/thread_info_32.h +++ b/arch/sparc/include/asm/thread_info_32.h @@ -49,6 +49,8 @@ struct thread_info { @@ -5520,7 +7893,7 @@ index e6cd224..3a71793 100644 /* diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h -index cfa8c38..13f30d3 100644 +index 269bd92..e46a9b8 100644 --- a/arch/sparc/include/asm/thread_info_64.h +++ b/arch/sparc/include/asm/thread_info_64.h @@ -63,6 +63,8 @@ struct thread_info { @@ -5532,7 +7905,7 @@ index cfa8c38..13f30d3 100644 unsigned long fpregs[0] __attribute__ ((aligned(64))); }; -@@ -193,10 +195,11 @@ register struct thread_info *current_thread_info_reg asm("g6"); +@@ -192,10 +194,11 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define TIF_UNALIGNED 5 /* allowed to do unaligned accesses */ /* flag bit 6 is available */ #define TIF_32BIT 7 /* 32-bit binary */ @@ -5545,7 +7918,7 @@ index cfa8c38..13f30d3 100644 /* NOTE: Thread flags >= 12 should be ones we have no interest * in using in assembly, else we can't use the mask as * an immediate value in instructions such as andcc. -@@ -215,12 +218,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); +@@ -214,12 +217,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT) #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) @@ -5638,7 +8011,7 @@ index 53a28dd..50c38c3 100644 } diff --git a/arch/sparc/include/asm/uaccess_64.h b/arch/sparc/include/asm/uaccess_64.h -index 7c831d8..d440ca7 100644 +index e562d3c..191f176 100644 --- a/arch/sparc/include/asm/uaccess_64.h +++ b/arch/sparc/include/asm/uaccess_64.h @@ -10,6 +10,7 @@ @@ -5672,13 +8045,13 @@ index 7c831d8..d440ca7 100644 { - unsigned long ret = ___copy_to_user(to, from, size); + unsigned long ret; -+ + + if ((long)size < 0 || size > INT_MAX) + return size; + + if (!__builtin_constant_p(size)) + check_object_size(from, size, true); - ++ + ret = ___copy_to_user(to, from, size); if (unlikely(ret)) ret = copy_to_user_fixup(to, from, size); @@ -5696,28 +8069,8 @@ index 6cf591b..b49e65a 100644 extra-y := head_$(BITS).o -diff --git a/arch/sparc/kernel/leon_kernel.c b/arch/sparc/kernel/leon_kernel.c -index f8b6eee..87f60ee 100644 ---- a/arch/sparc/kernel/leon_kernel.c -+++ b/arch/sparc/kernel/leon_kernel.c -@@ -56,11 +56,13 @@ static inline unsigned int leon_eirq_get(int cpu) - static void leon_handle_ext_irq(unsigned int irq, struct irq_desc *desc) - { - unsigned int eirq; -+ struct irq_bucket *p; - int cpu = sparc_leon3_cpuid(); - - eirq = leon_eirq_get(cpu); -- if ((eirq & 0x10) && irq_map[eirq]->irq) /* bit4 tells if IRQ happened */ -- generic_handle_irq(irq_map[eirq]->irq); -+ p = irq_map[eirq]; -+ if ((eirq & 0x10) && p && p->irq) /* bit4 tells if IRQ happened */ -+ generic_handle_irq(p->irq); - } - - /* The extended IRQ controller has been found, this function registers it */ diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c -index 14006d8..8146238 100644 +index be8e862..5b50b12 100644 --- a/arch/sparc/kernel/process_32.c +++ b/arch/sparc/kernel/process_32.c @@ -126,14 +126,14 @@ void show_regs(struct pt_regs *r) @@ -5747,10 +8100,10 @@ index 14006d8..8146238 100644 } while (++count < 16); printk("\n"); diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c -index aff0c72..9067b39 100644 +index cdb80b2..5ca141d 100644 --- a/arch/sparc/kernel/process_64.c +++ b/arch/sparc/kernel/process_64.c -@@ -179,14 +179,14 @@ static void show_regwindow(struct pt_regs *regs) +@@ -181,14 +181,14 @@ static void show_regwindow(struct pt_regs *regs) printk("i4: %016lx i5: %016lx i6: %016lx i7: %016lx\n", rwk->ins[4], rwk->ins[5], rwk->ins[6], rwk->ins[7]); if (regs->tstate & TSTATE_PRIV) @@ -5767,7 +8120,7 @@ index aff0c72..9067b39 100644 printk("g0: %016lx g1: %016lx g2: %016lx g3: %016lx\n", regs->u_regs[0], regs->u_regs[1], regs->u_regs[2], regs->u_regs[3]); -@@ -199,7 +199,7 @@ void show_regs(struct pt_regs *regs) +@@ -201,7 +201,7 @@ void show_regs(struct pt_regs *regs) printk("o4: %016lx o5: %016lx sp: %016lx ret_pc: %016lx\n", regs->u_regs[12], regs->u_regs[13], regs->u_regs[14], regs->u_regs[15]); @@ -5776,7 +8129,7 @@ index aff0c72..9067b39 100644 show_regwindow(regs); show_stack(current, (unsigned long *) regs->u_regs[UREG_FP]); } -@@ -284,7 +284,7 @@ void arch_trigger_all_cpu_backtrace(void) +@@ -290,7 +290,7 @@ void arch_trigger_all_cpu_backtrace(void) ((tp && tp->task) ? tp->task->pid : -1)); if (gp->tstate & TSTATE_PRIV) { @@ -5786,7 +8139,7 @@ index aff0c72..9067b39 100644 (void *) gp->o7, (void *) gp->i7, diff --git a/arch/sparc/kernel/ptrace_64.c b/arch/sparc/kernel/ptrace_64.c -index 484daba..0674139 100644 +index 7ff45e4..a58f271 100644 --- a/arch/sparc/kernel/ptrace_64.c +++ b/arch/sparc/kernel/ptrace_64.c @@ -1057,6 +1057,10 @@ long arch_ptrace(struct task_struct *child, long request, @@ -5825,32 +8178,30 @@ index 484daba..0674139 100644 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/sparc/kernel/sys_sparc_32.c b/arch/sparc/kernel/sys_sparc_32.c -index 0c9b31b..7cb7aee 100644 +index 2da0bdc..79128d2 100644 --- a/arch/sparc/kernel/sys_sparc_32.c +++ b/arch/sparc/kernel/sys_sparc_32.c -@@ -54,7 +54,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi +@@ -52,7 +52,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi if (len > TASK_SIZE - PAGE_SIZE) return -ENOMEM; if (!addr) - addr = TASK_UNMAPPED_BASE; + addr = current->mm->mmap_base; - if (flags & MAP_SHARED) - addr = COLOUR_ALIGN(addr); -@@ -65,7 +65,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi - /* At this point: (!vmm || addr < vmm->vm_end). */ - if (TASK_SIZE - PAGE_SIZE - len < addr) - return -ENOMEM; -- if (!vmm || addr + len <= vmm->vm_start) -+ if (check_heap_stack_gap(vmm, addr, len)) - return addr; - addr = vmm->vm_end; - if (flags & MAP_SHARED) + info.flags = 0; + info.length = len; diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c -index 11c6c96..3ec33e8 100644 +index 708bc29..f0129cb 100644 --- a/arch/sparc/kernel/sys_sparc_64.c +++ b/arch/sparc/kernel/sys_sparc_64.c -@@ -107,7 +107,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi +@@ -90,13 +90,14 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi + struct vm_area_struct * vma; + unsigned long task_size = TASK_SIZE; + int do_color_align; ++ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; + + if (flags & MAP_FIXED) { /* We do not accept a shared mapping if it would violate * cache aliasing constraints. */ @@ -5859,7 +8210,7 @@ index 11c6c96..3ec33e8 100644 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1))) return -EINVAL; return addr; -@@ -122,6 +122,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi +@@ -111,6 +112,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi if (filp || (flags & MAP_SHARED)) do_color_align = 1; @@ -5869,45 +8220,46 @@ index 11c6c96..3ec33e8 100644 + if (addr) { if (do_color_align) - addr = COLOUR_ALIGN(addr, pgoff); -@@ -129,15 +133,14 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi + addr = COLOR_ALIGN(addr, pgoff); +@@ -118,14 +123,13 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); - if (task_size - len >= addr && - (!vma || addr + len <= vma->vm_start)) -+ if (task_size - len >= addr && check_heap_stack_gap(vma, addr, len)) ++ if (task_size - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) return addr; } - if (len > mm->cached_hole_size) { -- start_addr = addr = mm->free_area_cache; -+ start_addr = addr = mm->free_area_cache; - } else { -- start_addr = addr = TASK_UNMAPPED_BASE; -+ start_addr = addr = mm->mmap_base; - mm->cached_hole_size = 0; + info.flags = 0; + info.length = len; +- info.low_limit = TASK_UNMAPPED_BASE; ++ info.low_limit = mm->mmap_base; + info.high_limit = min(task_size, VA_EXCLUDE_START); + info.align_mask = do_color_align ? (PAGE_MASK & (SHMLBA - 1)) : 0; + info.align_offset = pgoff << PAGE_SHIFT; +@@ -134,6 +138,12 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi + if ((addr & ~PAGE_MASK) && task_size > VA_EXCLUDE_END) { + VM_BUG_ON(addr != -ENOMEM); + info.low_limit = VA_EXCLUDE_END; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = task_size; + addr = vm_unmapped_area(&info); } +@@ -151,6 +161,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + unsigned long task_size = STACK_TOP32; + unsigned long addr = addr0; + int do_color_align; ++ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; -@@ -157,14 +160,14 @@ full_search: - vma = find_vma(mm, VA_EXCLUDE_END); - } - if (unlikely(task_size < addr)) { -- if (start_addr != TASK_UNMAPPED_BASE) { -- start_addr = addr = TASK_UNMAPPED_BASE; -+ if (start_addr != mm->mmap_base) { -+ start_addr = addr = mm->mmap_base; - mm->cached_hole_size = 0; - goto full_search; - } - return -ENOMEM; - } -- if (likely(!vma || addr + len <= vma->vm_start)) { -+ if (likely(check_heap_stack_gap(vma, addr, len))) { - /* - * Remember the place where we stopped the search: - */ -@@ -198,7 +201,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + /* This should only ever run for 32-bit processes. */ +@@ -160,7 +171,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, /* We do not accept a shared mapping if it would violate * cache aliasing constraints. */ @@ -5916,62 +8268,52 @@ index 11c6c96..3ec33e8 100644 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1))) return -EINVAL; return addr; -@@ -219,8 +222,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -173,6 +184,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + if (filp || (flags & MAP_SHARED)) + do_color_align = 1; + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ + /* requesting a specific address */ + if (addr) { + if (do_color_align) +@@ -181,8 +196,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); - if (task_size - len >= addr && - (!vma || addr + len <= vma->vm_start)) -+ if (task_size - len >= addr && check_heap_stack_gap(vma, addr, len)) ++ if (task_size - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) return addr; } -@@ -241,7 +243,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - /* make sure it can fit in the remaining address space */ - if (likely(addr > len)) { - vma = find_vma(mm, addr-len); -- if (!vma || addr <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr - len, len)) { - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr-len); - } -@@ -250,18 +252,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - if (unlikely(mm->mmap_base < len)) - goto bottomup; - -- addr = mm->mmap_base-len; -- if (do_color_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); -+ addr = mm->mmap_base - len; - - do { -+ if (do_color_align) -+ addr = COLOUR_ALIGN_DOWN(addr, pgoff); - /* - * Lookup failure means no vma is above this address, - * else if new region fits below vma->vm_start, - * return with success: - */ - vma = find_vma(mm, addr); -- if (likely(!vma || addr+len <= vma->vm_start)) { -+ if (likely(check_heap_stack_gap(vma, addr, len))) { - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr); - } -@@ -271,10 +273,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - mm->cached_hole_size = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = vma->vm_start-len; -- if (do_color_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); -- } while (likely(len < vma->vm_start)); -+ addr = skip_heap_stack_gap(vma, len); -+ } while (!IS_ERR_VALUE(addr)); +@@ -204,6 +218,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = TASK_UNMAPPED_BASE; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = STACK_TOP32; + addr = vm_unmapped_area(&info); + } +@@ -264,6 +284,10 @@ static unsigned long mmap_rnd(void) + { + unsigned long rnd = 0UL; - bottomup: - /* -@@ -373,6 +373,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ + if (current->flags & PF_RANDOMIZE) { + unsigned long val = get_random_int(); + if (test_thread_flag(TIF_32BIT)) +@@ -289,6 +313,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) gap == RLIM_INFINITY || sysctl_legacy_va_layout) { mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; @@ -5984,7 +8326,7 @@ index 11c6c96..3ec33e8 100644 mm->get_unmapped_area = arch_get_unmapped_area; mm->unmap_area = arch_unmap_area; } else { -@@ -385,6 +391,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -301,6 +331,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) gap = (task_size / 6 * 5); mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor); @@ -5998,10 +8340,10 @@ index 11c6c96..3ec33e8 100644 mm->unmap_area = arch_unmap_area_topdown; } diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S -index 7f5f65d..3308382 100644 +index e0fed77..604a7e5 100644 --- a/arch/sparc/kernel/syscalls.S +++ b/arch/sparc/kernel/syscalls.S -@@ -62,7 +62,7 @@ sys32_rt_sigreturn: +@@ -58,7 +58,7 @@ sys32_rt_sigreturn: #endif .align 32 1: ldx [%g6 + TI_FLAGS], %l5 @@ -6010,7 +8352,7 @@ index 7f5f65d..3308382 100644 be,pt %icc, rtrap nop call syscall_trace_leave -@@ -179,7 +179,7 @@ linux_sparc_syscall32: +@@ -190,7 +190,7 @@ linux_sparc_syscall32: srl %i5, 0, %o5 ! IEU1 srl %i2, 0, %o2 ! IEU0 Group @@ -6019,7 +8361,7 @@ index 7f5f65d..3308382 100644 bne,pn %icc, linux_syscall_trace32 ! CTI mov %i0, %l5 ! IEU1 call %l7 ! CTI Group brk forced -@@ -202,7 +202,7 @@ linux_sparc_syscall: +@@ -213,7 +213,7 @@ linux_sparc_syscall: mov %i3, %o3 ! IEU1 mov %i4, %o4 ! IEU0 Group @@ -6028,7 +8370,7 @@ index 7f5f65d..3308382 100644 bne,pn %icc, linux_syscall_trace ! CTI Group mov %i0, %l5 ! IEU0 2: call %l7 ! CTI Group brk forced -@@ -218,7 +218,7 @@ ret_sys_call: +@@ -229,7 +229,7 @@ ret_sys_call: cmp %o0, -ERESTART_RESTARTBLOCK bgeu,pn %xcc, 1f @@ -6037,6 +8379,19 @@ index 7f5f65d..3308382 100644 ldx [%sp + PTREGS_OFF + PT_V9_TNPC], %l1 ! pc = npc 2: +diff --git a/arch/sparc/kernel/sysfs.c b/arch/sparc/kernel/sysfs.c +index 654e8aa..45f431b 100644 +--- a/arch/sparc/kernel/sysfs.c ++++ b/arch/sparc/kernel/sysfs.c +@@ -266,7 +266,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata sysfs_cpu_nb = { ++static struct notifier_block sysfs_cpu_nb = { + .notifier_call = sysfs_cpu_notify, + }; + diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c index a5785ea..405c5f7 100644 --- a/arch/sparc/kernel/traps_32.c @@ -6071,10 +8426,10 @@ index a5785ea..405c5f7 100644 } diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c -index 3b05e66..6ea2917 100644 +index e7ecf15..6520e65 100644 --- a/arch/sparc/kernel/traps_64.c +++ b/arch/sparc/kernel/traps_64.c -@@ -75,7 +75,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p) +@@ -76,7 +76,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p) i + 1, p->trapstack[i].tstate, p->trapstack[i].tpc, p->trapstack[i].tnpc, p->trapstack[i].tt); @@ -6083,7 +8438,7 @@ index 3b05e66..6ea2917 100644 } } -@@ -95,6 +95,12 @@ void bad_trap(struct pt_regs *regs, long lvl) +@@ -96,6 +96,12 @@ void bad_trap(struct pt_regs *regs, long lvl) lvl -= 0x100; if (regs->tstate & TSTATE_PRIV) { @@ -6096,7 +8451,7 @@ index 3b05e66..6ea2917 100644 sprintf(buffer, "Kernel bad sw trap %lx", lvl); die_if_kernel(buffer, regs); } -@@ -113,11 +119,16 @@ void bad_trap(struct pt_regs *regs, long lvl) +@@ -114,11 +120,16 @@ void bad_trap(struct pt_regs *regs, long lvl) void bad_trap_tl1(struct pt_regs *regs, long lvl) { char buffer[32]; @@ -6114,7 +8469,7 @@ index 3b05e66..6ea2917 100644 dump_tl1_traplog((struct tl1_traplog *)(regs + 1)); sprintf (buffer, "Bad trap %lx at tl>0", lvl); -@@ -1141,7 +1152,7 @@ static void cheetah_log_errors(struct pt_regs *regs, struct cheetah_err_info *in +@@ -1142,7 +1153,7 @@ static void cheetah_log_errors(struct pt_regs *regs, struct cheetah_err_info *in regs->tpc, regs->tnpc, regs->u_regs[UREG_I7], regs->tstate); printk("%s" "ERROR(%d): ", (recoverable ? KERN_WARNING : KERN_CRIT), smp_processor_id()); @@ -6123,7 +8478,7 @@ index 3b05e66..6ea2917 100644 printk("%s" "ERROR(%d): M_SYND(%lx), E_SYND(%lx)%s%s\n", (recoverable ? KERN_WARNING : KERN_CRIT), smp_processor_id(), (afsr & CHAFSR_M_SYNDROME) >> CHAFSR_M_SYNDROME_SHIFT, -@@ -1748,7 +1759,7 @@ void cheetah_plus_parity_error(int type, struct pt_regs *regs) +@@ -1749,7 +1760,7 @@ void cheetah_plus_parity_error(int type, struct pt_regs *regs) smp_processor_id(), (type & 0x1) ? 'I' : 'D', regs->tpc); @@ -6132,7 +8487,7 @@ index 3b05e66..6ea2917 100644 panic("Irrecoverable Cheetah+ parity error."); } -@@ -1756,7 +1767,7 @@ void cheetah_plus_parity_error(int type, struct pt_regs *regs) +@@ -1757,7 +1768,7 @@ void cheetah_plus_parity_error(int type, struct pt_regs *regs) smp_processor_id(), (type & 0x1) ? 'I' : 'D', regs->tpc); @@ -6141,7 +8496,7 @@ index 3b05e66..6ea2917 100644 } struct sun4v_error_entry { -@@ -1963,9 +1974,9 @@ void sun4v_itlb_error_report(struct pt_regs *regs, int tl) +@@ -2104,9 +2115,9 @@ void sun4v_itlb_error_report(struct pt_regs *regs, int tl) printk(KERN_EMERG "SUN4V-ITLB: Error at TPC[%lx], tl %d\n", regs->tpc, tl); @@ -6153,7 +8508,7 @@ index 3b05e66..6ea2917 100644 (void *) regs->u_regs[UREG_I7]); printk(KERN_EMERG "SUN4V-ITLB: vaddr[%lx] ctx[%lx] " "pte[%lx] error[%lx]\n", -@@ -1987,9 +1998,9 @@ void sun4v_dtlb_error_report(struct pt_regs *regs, int tl) +@@ -2128,9 +2139,9 @@ void sun4v_dtlb_error_report(struct pt_regs *regs, int tl) printk(KERN_EMERG "SUN4V-DTLB: Error at TPC[%lx], tl %d\n", regs->tpc, tl); @@ -6165,7 +8520,7 @@ index 3b05e66..6ea2917 100644 (void *) regs->u_regs[UREG_I7]); printk(KERN_EMERG "SUN4V-DTLB: vaddr[%lx] ctx[%lx] " "pte[%lx] error[%lx]\n", -@@ -2195,13 +2206,13 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp) +@@ -2336,13 +2347,13 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp) fp = (unsigned long)sf->fp + STACK_BIAS; } @@ -6181,7 +8536,7 @@ index 3b05e66..6ea2917 100644 graph++; } } -@@ -2226,6 +2237,8 @@ static inline struct reg_window *kernel_stack_up(struct reg_window *rw) +@@ -2367,6 +2378,8 @@ static inline struct reg_window *kernel_stack_up(struct reg_window *rw) return (struct reg_window *) (fp + STACK_BIAS); } @@ -6190,7 +8545,7 @@ index 3b05e66..6ea2917 100644 void die_if_kernel(char *str, struct pt_regs *regs) { static int die_counter; -@@ -2254,7 +2267,7 @@ void die_if_kernel(char *str, struct pt_regs *regs) +@@ -2395,7 +2408,7 @@ void die_if_kernel(char *str, struct pt_regs *regs) while (rw && count++ < 30 && kstack_valid(tp, (unsigned long) rw)) { @@ -6199,7 +8554,7 @@ index 3b05e66..6ea2917 100644 (void *) rw->ins[7]); rw = kernel_stack_up(rw); -@@ -2267,8 +2280,10 @@ void die_if_kernel(char *str, struct pt_regs *regs) +@@ -2408,8 +2421,10 @@ void die_if_kernel(char *str, struct pt_regs *regs) } user_instruction_dump ((unsigned int __user *) regs->tpc); } @@ -6212,10 +8567,10 @@ index 3b05e66..6ea2917 100644 } EXPORT_SYMBOL(die_if_kernel); diff --git a/arch/sparc/kernel/unaligned_64.c b/arch/sparc/kernel/unaligned_64.c -index f81d038..e7a4680 100644 +index 8201c25e..072a2a7 100644 --- a/arch/sparc/kernel/unaligned_64.c +++ b/arch/sparc/kernel/unaligned_64.c -@@ -278,7 +278,7 @@ static void log_unaligned(struct pt_regs *regs) +@@ -286,7 +286,7 @@ static void log_unaligned(struct pt_regs *regs) static DEFINE_RATELIMIT_STATE(ratelimit, 5 * HZ, 5); if (__ratelimit(&ratelimit)) { @@ -6225,7 +8580,7 @@ index f81d038..e7a4680 100644 } } diff --git a/arch/sparc/lib/Makefile b/arch/sparc/lib/Makefile -index dff4096..bd9a388 100644 +index 8410065f2..4fd4ca22 100644 --- a/arch/sparc/lib/Makefile +++ b/arch/sparc/lib/Makefile @@ -2,7 +2,7 @@ @@ -6238,7 +8593,7 @@ index dff4096..bd9a388 100644 lib-$(CONFIG_SPARC32) += ashrdi3.o lib-$(CONFIG_SPARC32) += memcpy.o memset.o diff --git a/arch/sparc/lib/atomic_64.S b/arch/sparc/lib/atomic_64.S -index 4d502da..527c48d 100644 +index 85c233d..68500e0 100644 --- a/arch/sparc/lib/atomic_64.S +++ b/arch/sparc/lib/atomic_64.S @@ -17,7 +17,12 @@ @@ -6452,7 +8807,7 @@ index 4d502da..527c48d 100644 cmp %g1, %g7 bne,pn %xcc, BACKOFF_LABEL(2f, 1b) diff --git a/arch/sparc/lib/ksyms.c b/arch/sparc/lib/ksyms.c -index 3b31218..345c609 100644 +index 0c4e35e..745d3e4 100644 --- a/arch/sparc/lib/ksyms.c +++ b/arch/sparc/lib/ksyms.c @@ -109,12 +109,18 @@ EXPORT_SYMBOL(__downgrade_write); @@ -6472,8 +8827,8 @@ index 3b31218..345c609 100644 EXPORT_SYMBOL(atomic64_sub); +EXPORT_SYMBOL(atomic64_sub_unchecked); EXPORT_SYMBOL(atomic64_sub_ret); + EXPORT_SYMBOL(atomic64_dec_if_positive); - /* Atomic bit operations. */ diff --git a/arch/sparc/mm/Makefile b/arch/sparc/mm/Makefile index 30c3ecc..736f015 100644 --- a/arch/sparc/mm/Makefile @@ -6488,7 +8843,7 @@ index 30c3ecc..736f015 100644 obj-$(CONFIG_SPARC64) += ultra.o tlb.o tsb.o gup.o obj-y += fault_$(BITS).o diff --git a/arch/sparc/mm/fault_32.c b/arch/sparc/mm/fault_32.c -index 77ac917..baf45db 100644 +index e98bfda..ea8d221 100644 --- a/arch/sparc/mm/fault_32.c +++ b/arch/sparc/mm/fault_32.c @@ -21,6 +21,9 @@ @@ -6805,7 +9160,7 @@ index 77ac917..baf45db 100644 if (!(vma->vm_flags & (VM_READ | VM_EXEC))) goto bad_area; diff --git a/arch/sparc/mm/fault_64.c b/arch/sparc/mm/fault_64.c -index 1fe0429..8dd5dd5 100644 +index 5062ff3..e0b75f3 100644 --- a/arch/sparc/mm/fault_64.c +++ b/arch/sparc/mm/fault_64.c @@ -21,6 +21,9 @@ @@ -6827,7 +9182,7 @@ index 1fe0429..8dd5dd5 100644 printk(KERN_CRIT "OOPS: Fault was to vaddr[%lx]\n", vaddr); dump_stack(); unhandled_fault(regs->tpc, current, regs); -@@ -272,6 +275,466 @@ static void noinline __kprobes bogus_32bit_fault_address(struct pt_regs *regs, +@@ -270,6 +273,466 @@ static void noinline __kprobes bogus_32bit_fault_address(struct pt_regs *regs, show_regs(regs); } @@ -7294,7 +9649,7 @@ index 1fe0429..8dd5dd5 100644 asmlinkage void __kprobes do_sparc64_fault(struct pt_regs *regs) { struct mm_struct *mm = current->mm; -@@ -343,6 +806,29 @@ retry: +@@ -341,6 +804,29 @@ retry: if (!vma) goto bad_area; @@ -7325,65 +9680,66 @@ index 1fe0429..8dd5dd5 100644 * load/store/atomic was a write or not, it only says that there * was no match. So in such a case we (carefully) read the diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c -index 07e1453..0a7d9e9 100644 +index d2b5944..bd813f2 100644 --- a/arch/sparc/mm/hugetlbpage.c +++ b/arch/sparc/mm/hugetlbpage.c -@@ -67,7 +67,7 @@ full_search: - } - return -ENOMEM; - } -- if (likely(!vma || addr + len <= vma->vm_start)) { -+ if (likely(check_heap_stack_gap(vma, addr, len))) { - /* - * Remember the place where we stopped the search: - */ -@@ -106,7 +106,7 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - /* make sure it can fit in the remaining address space */ - if (likely(addr > len)) { - vma = find_vma(mm, addr-len); -- if (!vma || addr <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr - len, len)) { - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr-len); - } -@@ -115,16 +115,17 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - if (unlikely(mm->mmap_base < len)) - goto bottomup; - -- addr = (mm->mmap_base-len) & HPAGE_MASK; -+ addr = mm->mmap_base - len; - - do { -+ addr &= HPAGE_MASK; - /* - * Lookup failure means no vma is above this address, - * else if new region fits below vma->vm_start, - * return with success: - */ - vma = find_vma(mm, addr); -- if (likely(!vma || addr+len <= vma->vm_start)) { -+ if (likely(check_heap_stack_gap(vma, addr, len))) { - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr); - } -@@ -134,8 +135,8 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - mm->cached_hole_size = vma->vm_start - addr; +@@ -38,7 +38,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp, + + info.flags = 0; + info.length = len; +- info.low_limit = TASK_UNMAPPED_BASE; ++ info.low_limit = mm->mmap_base; + info.high_limit = min(task_size, VA_EXCLUDE_START); + info.align_mask = PAGE_MASK & ~HPAGE_MASK; + info.align_offset = 0; +@@ -47,6 +47,12 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp, + if ((addr & ~PAGE_MASK) && task_size > VA_EXCLUDE_END) { + VM_BUG_ON(addr != -ENOMEM); + info.low_limit = VA_EXCLUDE_END; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = task_size; + addr = vm_unmapped_area(&info); + } +@@ -85,6 +91,12 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = TASK_UNMAPPED_BASE; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = STACK_TOP32; + addr = vm_unmapped_area(&info); + } +@@ -99,6 +111,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, + struct mm_struct *mm = current->mm; + struct vm_area_struct *vma; + unsigned long task_size = TASK_SIZE; ++ unsigned long offset = gr_rand_threadstack_offset(mm, file, flags); - /* try just below the current vma->vm_start */ -- addr = (vma->vm_start-len) & HPAGE_MASK; -- } while (likely(len < vma->vm_start)); -+ addr = skip_heap_stack_gap(vma, len); -+ } while (!IS_ERR_VALUE(addr)); + if (test_thread_flag(TIF_32BIT)) + task_size = STACK_TOP32; +@@ -114,11 +127,14 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, + return addr; + } - bottomup: - /* -@@ -181,8 +182,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ if (addr) { addr = ALIGN(addr, HPAGE_SIZE); vma = find_vma(mm, addr); - if (task_size - len >= addr && - (!vma || addr + len <= vma->vm_start)) -+ if (task_size - len >= addr && check_heap_stack_gap(vma, addr, len)) ++ if (task_size - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) return addr; } if (mm->get_unmapped_area == arch_get_unmapped_area) @@ -7443,7 +9799,7 @@ index 9ab078a..d6635c2 100644 else copy_from_user_overflow(); diff --git a/arch/um/Makefile b/arch/um/Makefile -index 0970910..9f65c40 100644 +index 133f7de..1d6f2f1 100644 --- a/arch/um/Makefile +++ b/arch/um/Makefile @@ -62,6 +62,10 @@ USER_CFLAGS = $(patsubst $(KERNEL_DEFINES),,$(patsubst -D__KERNEL__,,\ @@ -7490,7 +9846,7 @@ index 2e0a6b1..a64d0f5 100644 #endif diff --git a/arch/um/include/asm/page.h b/arch/um/include/asm/page.h -index 7cfc3ce..cbd1a58 100644 +index 5ff53d9..5850cdf 100644 --- a/arch/um/include/asm/page.h +++ b/arch/um/include/asm/page.h @@ -14,6 +14,9 @@ @@ -7516,10 +9872,10 @@ index 0032f92..cd151e0 100644 #ifdef CONFIG_64BIT #define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval)) diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c -index c5f5afa..6abce4b 100644 +index b462b13..e7a19aa 100644 --- a/arch/um/kernel/process.c +++ b/arch/um/kernel/process.c -@@ -402,22 +402,6 @@ int singlestepping(void * t) +@@ -386,22 +386,6 @@ int singlestepping(void * t) return 2; } @@ -7560,10 +9916,10 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 01897ac..446d4b9 100644 +index 0694d09..b58b3aa 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -220,7 +220,7 @@ config X86_HT +@@ -238,7 +238,7 @@ config X86_HT config X86_32_LAZY_GS def_bool y @@ -7572,7 +9928,15 @@ index 01897ac..446d4b9 100644 config ARCH_HWEIGHT_CFLAGS string -@@ -1049,7 +1049,7 @@ choice +@@ -1031,6 +1031,7 @@ config MICROCODE_OLD_INTERFACE + + config X86_MSR + tristate "/dev/cpu/*/msr - Model-specific register support" ++ depends on !GRKERNSEC_KMEM + ---help--- + This device gives privileged processes access to the x86 + Model-Specific Registers (MSRs). It is a character device with +@@ -1054,7 +1055,7 @@ choice config NOHIGHMEM bool "off" @@ -7581,7 +9945,7 @@ index 01897ac..446d4b9 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1086,7 +1086,7 @@ config NOHIGHMEM +@@ -1091,7 +1092,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -7590,7 +9954,7 @@ index 01897ac..446d4b9 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1140,7 +1140,7 @@ config PAGE_OFFSET +@@ -1145,7 +1146,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -7599,7 +9963,7 @@ index 01897ac..446d4b9 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1524,6 +1524,7 @@ config SECCOMP +@@ -1542,6 +1543,7 @@ config SECCOMP config CC_STACKPROTECTOR bool "Enable -fstack-protector buffer overflow detection" @@ -7607,7 +9971,7 @@ index 01897ac..446d4b9 100644 ---help--- This option turns on the -fstack-protector GCC feature. This feature puts, at the beginning of functions, a canary value on -@@ -1581,6 +1582,7 @@ config KEXEC_JUMP +@@ -1599,6 +1601,7 @@ config KEXEC_JUMP config PHYSICAL_START hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP) default "0x1000000" @@ -7615,7 +9979,7 @@ index 01897ac..446d4b9 100644 ---help--- This gives the physical address where the kernel is loaded. -@@ -1644,6 +1646,7 @@ config X86_NEED_RELOCS +@@ -1662,6 +1665,7 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" if X86_32 default "0x1000000" @@ -7623,32 +9987,32 @@ index 01897ac..446d4b9 100644 range 0x2000 0x1000000 ---help--- This value puts the alignment restrictions on physical address -@@ -1675,9 +1678,10 @@ config HOTPLUG_CPU - Say N if you want to disable CPU hotplug. +@@ -1737,9 +1741,10 @@ config DEBUG_HOTPLUG_CPU0 + If unsure, say N. config COMPAT_VDSO - def_bool y + def_bool n prompt "Compat VDSO support" depends on X86_32 || IA32_EMULATION -+ depends on !PAX_NOEXEC && !PAX_MEMORY_UDEREF ++ depends on !PAX_PAGEEXEC && !PAX_SEGMEXEC && !PAX_KERNEXEC && !PAX_MEMORY_UDEREF ---help--- Map the 32-bit VDSO to the predictable old-style address too. diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu -index 706e12e..62e4feb 100644 +index c026cca..14657ae 100644 --- a/arch/x86/Kconfig.cpu +++ b/arch/x86/Kconfig.cpu -@@ -334,7 +334,7 @@ config X86_PPRO_FENCE +@@ -319,7 +319,7 @@ config X86_PPRO_FENCE config X86_F00F_BUG def_bool y -- depends on M586MMX || M586TSC || M586 || M486 || M386 -+ depends on (M586MMX || M586TSC || M586 || M486 || M386) && !PAX_KERNEXEC +- depends on M586MMX || M586TSC || M586 || M486 ++ depends on (M586MMX || M586TSC || M586 || M486) && !PAX_KERNEXEC config X86_INVD_BUG def_bool y -@@ -358,7 +358,7 @@ config X86_POPAD_OK +@@ -327,7 +327,7 @@ config X86_INVD_BUG config X86_ALIGNMENT_16 def_bool y @@ -7657,7 +10021,7 @@ index 706e12e..62e4feb 100644 config X86_INTEL_USERCOPY def_bool y -@@ -404,7 +404,7 @@ config X86_CMPXCHG64 +@@ -373,7 +373,7 @@ config X86_CMPXCHG64 # generates cmov. config X86_CMOV def_bool y @@ -7698,7 +10062,7 @@ index b322f12..652d0d9 100644 Enabling this option turns a certain set of sanity checks for user copy operations into compile time failures. diff --git a/arch/x86/Makefile b/arch/x86/Makefile -index 05afcca..b6ecb51 100644 +index e71fc42..7829607 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -50,6 +50,7 @@ else @@ -7709,7 +10073,7 @@ index 05afcca..b6ecb51 100644 KBUILD_AFLAGS += -m64 KBUILD_CFLAGS += -m64 -@@ -229,3 +230,12 @@ define archhelp +@@ -230,3 +231,12 @@ define archhelp echo ' FDARGS="..." arguments for the booted kernel' echo ' FDINITRD=file initrd for the booted kernel' endef @@ -7723,10 +10087,10 @@ index 05afcca..b6ecb51 100644 +archprepare: + $(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD))) diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile -index f7535be..37db2d1 100644 +index 379814b..add62ce 100644 --- a/arch/x86/boot/Makefile +++ b/arch/x86/boot/Makefile -@@ -64,6 +64,9 @@ KBUILD_CFLAGS := $(LINUXINCLUDE) -g -Os -D_SETUP -D__KERNEL__ \ +@@ -65,6 +65,9 @@ KBUILD_CFLAGS := $(USERINCLUDE) -g -Os -D_SETUP -D__KERNEL__ \ $(call cc-option, -fno-stack-protector) \ $(call cc-option, -mpreferred-stack-boundary=2) KBUILD_CFLAGS += $(call cc-option, -m32) @@ -7795,10 +10159,10 @@ index 8a84501..b2d165f 100644 KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ GCOV_PROFILE := n diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index 90201aa..be1de62 100644 +index c205035..5853587 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c -@@ -144,7 +144,6 @@ again: +@@ -150,7 +150,6 @@ again: *addr = max_addr; } @@ -7806,7 +10170,7 @@ index 90201aa..be1de62 100644 efi_call_phys1(sys_table->boottime->free_pool, map); fail: -@@ -208,7 +207,6 @@ static efi_status_t low_alloc(unsigned long size, unsigned long align, +@@ -214,7 +213,6 @@ static efi_status_t low_alloc(unsigned long size, unsigned long align, if (i == map_size / desc_size) status = EFI_NOT_FOUND; @@ -7815,10 +10179,10 @@ index 90201aa..be1de62 100644 fail: return status; diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S -index aa4aaf1..6656f2f 100644 +index 1e3184f..0d11e2e 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S -@@ -116,7 +116,7 @@ preferred_addr: +@@ -118,7 +118,7 @@ preferred_addr: notl %eax andl %eax, %ebx #else @@ -7827,7 +10191,7 @@ index aa4aaf1..6656f2f 100644 #endif /* Target address to relocate to for decompression */ -@@ -202,7 +202,7 @@ relocated: +@@ -204,7 +204,7 @@ relocated: * and where it was actually loaded. */ movl %ebp, %ebx @@ -7836,7 +10200,7 @@ index aa4aaf1..6656f2f 100644 jz 2f /* Nothing to be done if loaded at compiled addr. */ /* * Process relocations. -@@ -210,8 +210,7 @@ relocated: +@@ -212,8 +212,7 @@ relocated: 1: subl $4, %edi movl (%edi), %ecx @@ -7847,7 +10211,7 @@ index aa4aaf1..6656f2f 100644 jmp 1b 2: diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S -index 2c4b171..e1fa5b1 100644 +index f5d1aaa..cce11dc 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -91,7 +91,7 @@ ENTRY(startup_32) @@ -7990,10 +10354,10 @@ index 4d3ff03..e4972ff 100644 err = check_flags(); } diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S -index b4e15dd..8ac59ce 100644 +index 944ce59..87ee37a 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S -@@ -391,10 +391,14 @@ setup_data: .quad 0 # 64-bit physical pointer to +@@ -401,10 +401,14 @@ setup_data: .quad 0 # 64-bit physical pointer to # single linked list of # struct setup_data @@ -8373,6 +10737,124 @@ index 0b33743..7a56206 100644 movq RXOR, %rbx; + pax_force_retaddr 0, 1 ret; +diff --git a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S +index 15b00ac..2071784 100644 +--- a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S ++++ b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S +@@ -23,6 +23,8 @@ + * + */ + ++#include <asm/alternative-asm.h> ++ + .file "cast5-avx-x86_64-asm_64.S" + + .extern cast_s1 +@@ -281,6 +283,7 @@ __skip_enc: + outunpack_blocks(RR3, RL3, RTMP, RX, RKM); + outunpack_blocks(RR4, RL4, RTMP, RX, RKM); + ++ pax_force_retaddr 0, 1 + ret; + + .align 16 +@@ -353,6 +356,7 @@ __dec_tail: + outunpack_blocks(RR3, RL3, RTMP, RX, RKM); + outunpack_blocks(RR4, RL4, RTMP, RX, RKM); + ++ pax_force_retaddr 0, 1 + ret; + + __skip_dec: +@@ -392,6 +396,7 @@ cast5_ecb_enc_16way: + vmovdqu RR4, (6*4*4)(%r11); + vmovdqu RL4, (7*4*4)(%r11); + ++ pax_force_retaddr + ret; + + .align 16 +@@ -427,6 +432,7 @@ cast5_ecb_dec_16way: + vmovdqu RR4, (6*4*4)(%r11); + vmovdqu RL4, (7*4*4)(%r11); + ++ pax_force_retaddr + ret; + + .align 16 +@@ -479,6 +485,7 @@ cast5_cbc_dec_16way: + + popq %r12; + ++ pax_force_retaddr + ret; + + .align 16 +@@ -555,4 +562,5 @@ cast5_ctr_16way: + + popq %r12; + ++ pax_force_retaddr + ret; +diff --git a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S +index 2569d0d..637c289 100644 +--- a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S ++++ b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S +@@ -23,6 +23,8 @@ + * + */ + ++#include <asm/alternative-asm.h> ++ + #include "glue_helper-asm-avx.S" + + .file "cast6-avx-x86_64-asm_64.S" +@@ -294,6 +296,7 @@ __cast6_enc_blk8: + outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM); + outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM); + ++ pax_force_retaddr 0, 1 + ret; + + .align 8 +@@ -340,6 +343,7 @@ __cast6_dec_blk8: + outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM); + outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM); + ++ pax_force_retaddr 0, 1 + ret; + + .align 8 +@@ -361,6 +365,7 @@ cast6_ecb_enc_8way: + + store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + ++ pax_force_retaddr + ret; + + .align 8 +@@ -382,6 +387,7 @@ cast6_ecb_dec_8way: + + store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + ++ pax_force_retaddr + ret; + + .align 8 +@@ -408,6 +414,7 @@ cast6_cbc_dec_8way: + + popq %r12; + ++ pax_force_retaddr + ret; + + .align 8 +@@ -436,4 +443,5 @@ cast6_ctr_8way: + + popq %r12; + ++ pax_force_retaddr + ret; diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S index 6214a9b..1f4fc9a 100644 --- a/arch/x86/crypto/salsa20-x86_64-asm_64.S @@ -8406,7 +10888,7 @@ index 6214a9b..1f4fc9a 100644 + pax_force_retaddr ret diff --git a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S -index 504106b..4e50951 100644 +index 02b0e9f..cf4cf5c 100644 --- a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S @@ -24,6 +24,8 @@ @@ -8415,27 +10897,52 @@ index 504106b..4e50951 100644 +#include <asm/alternative-asm.h> + + #include "glue_helper-asm-avx.S" + .file "serpent-avx-x86_64-asm_64.S" - .text +@@ -618,6 +620,7 @@ __serpent_enc_blk8_avx: + write_blocks(RA1, RB1, RC1, RD1, RK0, RK1, RK2); + write_blocks(RA2, RB2, RC2, RD2, RK0, RK1, RK2); -@@ -638,12 +640,14 @@ __serpent_enc_blk_8way_avx: - write_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); - write_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); ++ pax_force_retaddr + ret; + + .align 8 +@@ -673,6 +676,7 @@ __serpent_dec_blk8_avx: + write_blocks(RC1, RD1, RB1, RE1, RK0, RK1, RK2); + write_blocks(RC2, RD2, RB2, RE2, RK0, RK1, RK2); + pax_force_retaddr ret; - __enc_xor8: - xor_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); - xor_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); + .align 8 +@@ -692,6 +696,7 @@ serpent_ecb_enc_8way_avx: + + store_8way(%rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + pax_force_retaddr ret; .align 8 -@@ -701,4 +705,5 @@ serpent_dec_blk_8way_avx: - write_blocks(%rsi, RC1, RD1, RB1, RE1, RK0, RK1, RK2); - write_blocks(%rax, RC2, RD2, RB2, RE2, RK0, RK1, RK2); +@@ -711,6 +716,7 @@ serpent_ecb_dec_8way_avx: + + store_8way(%rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2); + ++ pax_force_retaddr + ret; + + .align 8 +@@ -730,6 +736,7 @@ serpent_cbc_dec_8way_avx: + + store_cbc_8way(%rdx, %rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2); + ++ pax_force_retaddr + ret; + + .align 8 +@@ -751,4 +758,5 @@ serpent_ctr_8way_avx: + + store_ctr_8way(%rdx, %rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + pax_force_retaddr ret; @@ -8495,38 +11002,63 @@ index 49d6987..df66bd4 100644 .size \name, .-\name diff --git a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S -index 35f4557..16b379f 100644 +index ebac16b..8092eb9 100644 --- a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S -@@ -21,6 +21,8 @@ +@@ -23,6 +23,8 @@ * */ +#include <asm/alternative-asm.h> + + #include "glue_helper-asm-avx.S" + .file "twofish-avx-x86_64-asm_64.S" - .text +@@ -283,6 +285,7 @@ __twofish_enc_blk8: + outunpack_blocks(RC1, RD1, RA1, RB1, RK1, RX0, RY0, RK2); + outunpack_blocks(RC2, RD2, RA2, RB2, RK1, RX0, RY0, RK2); -@@ -250,12 +252,14 @@ __twofish_enc_blk_8way: - outunpack_blocks(%rsi, RC1, RD1, RA1, RB1, RK1, RX, RY, RK2); - outunpack_blocks(%rax, RC2, RD2, RA2, RB2, RK1, RX, RY, RK2); ++ pax_force_retaddr 0, 1 + ret; -+ pax_force_retaddr + .align 8 +@@ -324,6 +327,7 @@ __twofish_dec_blk8: + outunpack_blocks(RA1, RB1, RC1, RD1, RK1, RX0, RY0, RK2); + outunpack_blocks(RA2, RB2, RC2, RD2, RK1, RX0, RY0, RK2); + ++ pax_force_retaddr 0, 1 ret; - __enc_xor8: - outunpack_xor_blocks(%rsi, RC1, RD1, RA1, RB1, RK1, RX, RY, RK2); - outunpack_xor_blocks(%rax, RC2, RD2, RA2, RB2, RK1, RX, RY, RK2); + .align 8 +@@ -345,6 +349,7 @@ twofish_ecb_enc_8way: -+ pax_force_retaddr + store_8way(%r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2); + ++ pax_force_retaddr 0, 1 ret; .align 8 -@@ -297,4 +301,5 @@ twofish_dec_blk_8way: - outunpack_blocks(%rsi, RA1, RB1, RC1, RD1, RK1, RX, RY, RK2); - outunpack_blocks(%rax, RA2, RB2, RC2, RD2, RK1, RX, RY, RK2); +@@ -366,6 +371,7 @@ twofish_ecb_dec_8way: -+ pax_force_retaddr + store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + ++ pax_force_retaddr 0, 1 + ret; + + .align 8 +@@ -392,6 +398,7 @@ twofish_cbc_dec_8way: + + popq %r12; + ++ pax_force_retaddr 0, 1 + ret; + + .align 8 +@@ -420,4 +427,5 @@ twofish_ctr_8way: + + popq %r12; + ++ pax_force_retaddr 0, 1 ret; diff --git a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S index 5b012a2..36d5364 100644 @@ -8591,7 +11123,7 @@ index 7bcf3fc..f53832f 100644 + pax_force_retaddr 0, 1 ret diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c -index 07b3a68..bd2a388 100644 +index a703af1..f5b9c36 100644 --- a/arch/x86/ia32/ia32_aout.c +++ b/arch/x86/ia32/ia32_aout.c @@ -159,6 +159,8 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file, @@ -8604,37 +11136,10 @@ index 07b3a68..bd2a388 100644 set_fs(KERNEL_DS); has_dumped = 1; diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c -index 673ac9b..7a8c5df 100644 +index a1daf4a..f8c4537 100644 --- a/arch/x86/ia32/ia32_signal.c +++ b/arch/x86/ia32/ia32_signal.c -@@ -162,7 +162,7 @@ asmlinkage long sys32_sigaltstack(const stack_ia32_t __user *uss_ptr, - } - seg = get_fs(); - set_fs(KERNEL_DS); -- ret = do_sigaltstack(uss_ptr ? &uss : NULL, &uoss, regs->sp); -+ ret = do_sigaltstack(uss_ptr ? (const stack_t __force_user *)&uss : NULL, (stack_t __force_user *)&uoss, regs->sp); - set_fs(seg); - if (ret >= 0 && uoss_ptr) { - if (!access_ok(VERIFY_WRITE, uoss_ptr, sizeof(stack_ia32_t))) -@@ -361,7 +361,7 @@ static int ia32_setup_sigcontext(struct sigcontext_ia32 __user *sc, - */ - static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, - size_t frame_size, -- void **fpstate) -+ void __user **fpstate) - { - unsigned long sp; - -@@ -382,7 +382,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, - - if (used_math()) { - sp = sp - sig_xstate_ia32_size; -- *fpstate = (struct _fpstate_ia32 *) sp; -+ *fpstate = (struct _fpstate_ia32 __user *) sp; - if (save_i387_xstate_ia32(*fpstate) < 0) - return (void __user *) -1L; - } -@@ -390,7 +390,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, +@@ -348,7 +348,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, sp -= frame_size; /* Align the stack pointer according to the i386 ABI, * i.e. so that on function entry ((sp + 4) & 15) == 0. */ @@ -8643,16 +11148,16 @@ index 673ac9b..7a8c5df 100644 return (void __user *) sp; } -@@ -448,7 +448,7 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka, +@@ -406,7 +406,7 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka, * These are actually not used anymore, but left because some * gdb versions depend on them as a marker. */ -- put_user_ex(*((u64 *)&code), (u64 *)frame->retcode); +- put_user_ex(*((u64 *)&code), (u64 __user *)frame->retcode); + put_user_ex(*((const u64 *)&code), (u64 __user *)frame->retcode); } put_user_catch(err); if (err) -@@ -490,7 +490,7 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -448,7 +448,7 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, 0xb8, __NR_ia32_rt_sigreturn, 0x80cd, @@ -8661,7 +11166,7 @@ index 673ac9b..7a8c5df 100644 }; frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate); -@@ -520,16 +520,18 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -471,16 +471,18 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, if (ka->sa.sa_flags & SA_RESTORER) restorer = ka->sa.sa_restorer; @@ -8678,19 +11183,19 @@ index 673ac9b..7a8c5df 100644 * Not actually used anymore, but left because some gdb * versions need it. */ -- put_user_ex(*((u64 *)&code), (u64 *)frame->retcode); +- put_user_ex(*((u64 *)&code), (u64 __user *)frame->retcode); + put_user_ex(*((const u64 *)&code), (u64 __user *)frame->retcode); } put_user_catch(err); - if (err) + err |= copy_siginfo_to_user32(&frame->info, info); diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S -index f6d477a..fc58dfb 100644 +index 142c4ce..19b683f 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S -@@ -14,8 +14,10 @@ - #include <asm/segment.h> +@@ -15,8 +15,10 @@ #include <asm/irqflags.h> #include <asm/asm.h> + #include <asm/smap.h> +#include <asm/pgtable.h> #include <linux/linkage.h> #include <linux/err.h> @@ -8698,7 +11203,7 @@ index f6d477a..fc58dfb 100644 /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ #include <linux/elf-em.h> -@@ -95,6 +97,32 @@ ENTRY(native_irq_enable_sysexit) +@@ -96,6 +98,32 @@ ENTRY(native_irq_enable_sysexit) ENDPROC(native_irq_enable_sysexit) #endif @@ -8731,7 +11236,7 @@ index f6d477a..fc58dfb 100644 /* * 32bit SYSENTER instruction entry. * -@@ -121,12 +149,6 @@ ENTRY(ia32_sysenter_target) +@@ -122,12 +150,6 @@ ENTRY(ia32_sysenter_target) CFI_REGISTER rsp,rbp SWAPGS_UNSAFE_STACK movq PER_CPU_VAR(kernel_stack), %rsp @@ -8744,7 +11249,7 @@ index f6d477a..fc58dfb 100644 movl %ebp,%ebp /* zero extension */ pushq_cfi $__USER32_DS /*CFI_REL_OFFSET ss,0*/ -@@ -134,22 +156,42 @@ ENTRY(ia32_sysenter_target) +@@ -135,24 +157,44 @@ ENTRY(ia32_sysenter_target) CFI_REL_OFFSET rsp,0 pushfq_cfi /*CFI_REL_OFFSET rflags,0*/ @@ -8782,8 +11287,10 @@ index f6d477a..fc58dfb 100644 + add %r11,%rbp +#endif + + ASM_STAC 1: movl (%rbp),%ebp _ASM_EXTABLE(1b,ia32_badarg) + ASM_CLAC - orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) - testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + GET_THREAD_INFO(%r11) @@ -8792,7 +11299,7 @@ index f6d477a..fc58dfb 100644 CFI_REMEMBER_STATE jnz sysenter_tracesys cmpq $(IA32_NR_syscalls-1),%rax -@@ -159,12 +201,15 @@ sysenter_do_call: +@@ -162,12 +204,15 @@ sysenter_do_call: sysenter_dispatch: call *ia32_sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) @@ -8810,7 +11317,7 @@ index f6d477a..fc58dfb 100644 /* clear IF, that popfq doesn't enable interrupts early */ andl $~0x200,EFLAGS-R11(%rsp) movl RIP-R11(%rsp),%edx /* User %eip */ -@@ -190,6 +235,9 @@ sysexit_from_sys_call: +@@ -193,6 +238,9 @@ sysexit_from_sys_call: movl %eax,%esi /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */ call __audit_syscall_entry @@ -8820,7 +11327,7 @@ index f6d477a..fc58dfb 100644 movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall number */ cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -201,7 +249,7 @@ sysexit_from_sys_call: +@@ -204,7 +252,7 @@ sysexit_from_sys_call: .endm .macro auditsys_exit exit @@ -8829,7 +11336,7 @@ index f6d477a..fc58dfb 100644 jnz ia32_ret_from_sys_call TRACE_IRQS_ON ENABLE_INTERRUPTS(CLBR_NONE) -@@ -212,11 +260,12 @@ sysexit_from_sys_call: +@@ -215,11 +263,12 @@ sysexit_from_sys_call: 1: setbe %al /* 1 if error, 0 if not */ movzbl %al,%edi /* zero-extend that into %edi */ call __audit_syscall_exit @@ -8843,7 +11350,7 @@ index f6d477a..fc58dfb 100644 jz \exit CLEAR_RREGS -ARGOFFSET jmp int_with_check -@@ -234,7 +283,7 @@ sysexit_audit: +@@ -237,7 +286,7 @@ sysexit_audit: sysenter_tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -8852,7 +11359,7 @@ index f6d477a..fc58dfb 100644 jz sysenter_auditsys #endif SAVE_REST -@@ -246,6 +295,9 @@ sysenter_tracesys: +@@ -249,6 +298,9 @@ sysenter_tracesys: RESTORE_REST cmpq $(IA32_NR_syscalls-1),%rax ja int_ret_from_sys_call /* sysenter_tracesys has set RAX(%rsp) */ @@ -8862,7 +11369,7 @@ index f6d477a..fc58dfb 100644 jmp sysenter_do_call CFI_ENDPROC ENDPROC(ia32_sysenter_target) -@@ -273,19 +325,25 @@ ENDPROC(ia32_sysenter_target) +@@ -276,19 +328,25 @@ ENDPROC(ia32_sysenter_target) ENTRY(ia32_cstar_target) CFI_STARTPROC32 simple CFI_SIGNAL_FRAME @@ -8890,7 +11397,7 @@ index f6d477a..fc58dfb 100644 movl %eax,%eax /* zero extension */ movq %rax,ORIG_RAX-ARGOFFSET(%rsp) movq %rcx,RIP-ARGOFFSET(%rsp) -@@ -301,10 +359,17 @@ ENTRY(ia32_cstar_target) +@@ -304,12 +362,19 @@ ENTRY(ia32_cstar_target) /* no need to do an access_ok check here because r8 has been 32bit zero extended */ /* hardware stack frame is complete now */ @@ -8900,8 +11407,10 @@ index f6d477a..fc58dfb 100644 + add %r11,%r8 +#endif + + ASM_STAC 1: movl (%r8),%r9d _ASM_EXTABLE(1b,ia32_badarg) + ASM_CLAC - orl $TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET) - testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) + GET_THREAD_INFO(%r11) @@ -8910,7 +11419,7 @@ index f6d477a..fc58dfb 100644 CFI_REMEMBER_STATE jnz cstar_tracesys cmpq $IA32_NR_syscalls-1,%rax -@@ -314,12 +379,15 @@ cstar_do_call: +@@ -319,12 +384,15 @@ cstar_do_call: cstar_dispatch: call *ia32_sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) @@ -8928,7 +11437,7 @@ index f6d477a..fc58dfb 100644 RESTORE_ARGS 0,-ARG_SKIP,0,0,0 movl RIP-ARGOFFSET(%rsp),%ecx CFI_REGISTER rip,rcx -@@ -347,7 +415,7 @@ sysretl_audit: +@@ -352,7 +420,7 @@ sysretl_audit: cstar_tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -8937,7 +11446,7 @@ index f6d477a..fc58dfb 100644 jz cstar_auditsys #endif xchgl %r9d,%ebp -@@ -361,6 +429,9 @@ cstar_tracesys: +@@ -366,6 +434,9 @@ cstar_tracesys: xchgl %ebp,%r9d cmpq $(IA32_NR_syscalls-1),%rax ja int_ret_from_sys_call /* cstar_tracesys has set RAX(%rsp) */ @@ -8947,7 +11456,7 @@ index f6d477a..fc58dfb 100644 jmp cstar_do_call END(ia32_cstar_target) -@@ -401,19 +472,26 @@ ENTRY(ia32_syscall) +@@ -407,19 +478,26 @@ ENTRY(ia32_syscall) CFI_REL_OFFSET rip,RIP-RIP PARAVIRT_ADJUST_EXCEPTION_FRAME SWAPGS @@ -8981,7 +11490,7 @@ index f6d477a..fc58dfb 100644 jnz ia32_tracesys cmpq $(IA32_NR_syscalls-1),%rax ja ia32_badsys -@@ -436,6 +514,9 @@ ia32_tracesys: +@@ -442,6 +520,9 @@ ia32_tracesys: RESTORE_REST cmpq $(IA32_NR_syscalls-1),%rax ja int_ret_from_sys_call /* ia32_tracesys has set RAX(%rsp) */ @@ -8992,7 +11501,7 @@ index f6d477a..fc58dfb 100644 END(ia32_syscall) diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c -index 4540bec..714d913 100644 +index d0b689b..34be51d 100644 --- a/arch/x86/ia32/sys_ia32.c +++ b/arch/x86/ia32/sys_ia32.c @@ -69,8 +69,8 @@ asmlinkage long sys32_ftruncate64(unsigned int fd, unsigned long offset_low, @@ -9006,15 +11515,6 @@ index 4540bec..714d913 100644 SET_UID(uid, from_kuid_munged(current_user_ns(), stat->uid)); SET_GID(gid, from_kgid_munged(current_user_ns(), stat->gid)); if (!access_ok(VERIFY_WRITE, ubuf, sizeof(struct stat64)) || -@@ -287,7 +287,7 @@ asmlinkage long sys32_sigaction(int sig, struct old_sigaction32 __user *act, - return ret; - } - --asmlinkage long sys32_waitpid(compat_pid_t pid, unsigned int *stat_addr, -+asmlinkage long sys32_waitpid(compat_pid_t pid, unsigned int __user *stat_addr, - int options) - { - return compat_sys_wait4(pid, stat_addr, options, NULL); @@ -303,7 +303,7 @@ asmlinkage long sys32_sched_rr_get_interval(compat_pid_t pid, mm_segment_t old_fs = get_fs(); @@ -9052,10 +11552,10 @@ index 4540bec..714d913 100644 set_fs(old_fs); diff --git a/arch/x86/include/asm/alternative-asm.h b/arch/x86/include/asm/alternative-asm.h -index 952bd01..7692c6f 100644 +index 372231c..a5aa1a1 100644 --- a/arch/x86/include/asm/alternative-asm.h +++ b/arch/x86/include/asm/alternative-asm.h -@@ -15,6 +15,45 @@ +@@ -18,6 +18,45 @@ .endm #endif @@ -9102,29 +11602,29 @@ index 952bd01..7692c6f 100644 .long \orig - . .long \alt - . diff --git a/arch/x86/include/asm/alternative.h b/arch/x86/include/asm/alternative.h -index 7078068..f58bcda 100644 +index 58ed6d9..f1cbe58 100644 --- a/arch/x86/include/asm/alternative.h +++ b/arch/x86/include/asm/alternative.h @@ -105,7 +105,7 @@ static inline int alternatives_text_reserved(void *start, void *end) - ".section .discard,\"aw\",@progbits\n" \ + ".pushsection .discard,\"aw\",@progbits\n" \ DISCARD_ENTRY(1) \ - ".previous\n" \ -- ".section .altinstr_replacement, \"ax\"\n" \ -+ ".section .altinstr_replacement, \"a\"\n" \ + ".popsection\n" \ +- ".pushsection .altinstr_replacement, \"ax\"\n" \ ++ ".pushsection .altinstr_replacement, \"a\"\n" \ ALTINSTR_REPLACEMENT(newinstr, feature, 1) \ - ".previous" + ".popsection" @@ -119,7 +119,7 @@ static inline int alternatives_text_reserved(void *start, void *end) DISCARD_ENTRY(1) \ DISCARD_ENTRY(2) \ - ".previous\n" \ -- ".section .altinstr_replacement, \"ax\"\n" \ -+ ".section .altinstr_replacement, \"a\"\n" \ + ".popsection\n" \ +- ".pushsection .altinstr_replacement, \"ax\"\n" \ ++ ".pushsection .altinstr_replacement, \"a\"\n" \ ALTINSTR_REPLACEMENT(newinstr1, feature1, 1) \ ALTINSTR_REPLACEMENT(newinstr2, feature2, 2) \ - ".previous" + ".popsection" diff --git a/arch/x86/include/asm/apic.h b/arch/x86/include/asm/apic.h -index f342612..b3fe911 100644 +index 3388034..050f0b9 100644 --- a/arch/x86/include/asm/apic.h +++ b/arch/x86/include/asm/apic.h @@ -44,7 +44,7 @@ static inline void generic_apic_probe(void) @@ -9136,15 +11636,6 @@ index f342612..b3fe911 100644 extern int local_apic_timer_c2_ok; extern int disable_apic; -@@ -391,7 +391,7 @@ struct apic { - */ - int (*x86_32_numa_cpu_node)(int cpu); - #endif --}; -+} __do_const; - - /* - * Pointer to the local APIC driver in use on this system (there's diff --git a/arch/x86/include/asm/apm.h b/arch/x86/include/asm/apm.h index 20370c6..a2eb9b0 100644 --- a/arch/x86/include/asm/apm.h @@ -9168,7 +11659,7 @@ index 20370c6..a2eb9b0 100644 "popl %%ebp\n\t" "popl %%edi\n\t" diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h -index 58cb6d4..a4b806c 100644 +index 722aa3b..3a0bb27 100644 --- a/arch/x86/include/asm/atomic.h +++ b/arch/x86/include/asm/atomic.h @@ -22,7 +22,18 @@ @@ -9421,19 +11912,14 @@ index 58cb6d4..a4b806c 100644 : "+m" (v->counter), "=qm" (c) : "ir" (i) : "memory"); return c; -@@ -179,7 +341,7 @@ static inline int atomic_add_return(int i, atomic_t *v) - goto no_xadd; - #endif - /* Modern 486+ processor */ -- return i + xadd(&v->counter, i); +@@ -172,6 +334,18 @@ static inline int atomic_add_negative(int i, atomic_t *v) + */ + static inline int atomic_add_return(int i, atomic_t *v) + { + return i + xadd_check_overflow(&v->counter, i); - - #ifdef CONFIG_M386 - no_xadd: /* Legacy 386 processor */ -@@ -192,6 +354,34 @@ no_xadd: /* Legacy 386 processor */ - } - - /** ++} ++ ++/** + * atomic_add_return_unchecked - add integer and return + * @i: integer value to add + * @v: pointer of type atomic_unchecked_t @@ -9442,30 +11928,10 @@ index 58cb6d4..a4b806c 100644 + */ +static inline int atomic_add_return_unchecked(int i, atomic_unchecked_t *v) +{ -+#ifdef CONFIG_M386 -+ int __i; -+ unsigned long flags; -+ if (unlikely(boot_cpu_data.x86 <= 3)) -+ goto no_xadd; -+#endif -+ /* Modern 486+ processor */ -+ return i + xadd(&v->counter, i); -+ -+#ifdef CONFIG_M386 -+no_xadd: /* Legacy 386 processor */ -+ raw_local_irq_save(flags); -+ __i = atomic_read_unchecked(v); -+ atomic_set_unchecked(v, i + __i); -+ raw_local_irq_restore(flags); -+ return i + __i; -+#endif -+} -+ -+/** - * atomic_sub_return - subtract integer and return - * @v: pointer of type atomic_t - * @i: integer value to subtract -@@ -204,6 +394,10 @@ static inline int atomic_sub_return(int i, atomic_t *v) + return i + xadd(&v->counter, i); + } + +@@ -188,6 +362,10 @@ static inline int atomic_sub_return(int i, atomic_t *v) } #define atomic_inc_return(v) (atomic_add_return(1, v)) @@ -9476,7 +11942,7 @@ index 58cb6d4..a4b806c 100644 #define atomic_dec_return(v) (atomic_sub_return(1, v)) static inline int atomic_cmpxchg(atomic_t *v, int old, int new) -@@ -211,11 +405,21 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new) +@@ -195,11 +373,21 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new) return cmpxchg(&v->counter, old, new); } @@ -9498,7 +11964,7 @@ index 58cb6d4..a4b806c 100644 /** * __atomic_add_unless - add unless the number is already a given value * @v: pointer of type atomic_t -@@ -227,12 +431,25 @@ static inline int atomic_xchg(atomic_t *v, int new) +@@ -211,12 +399,25 @@ static inline int atomic_xchg(atomic_t *v, int new) */ static inline int __atomic_add_unless(atomic_t *v, int a, int u) { @@ -9527,11 +11993,10 @@ index 58cb6d4..a4b806c 100644 if (likely(old == c)) break; c = old; -@@ -240,6 +457,48 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) - return c; +@@ -225,6 +426,49 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) } -+/** + /** + * atomic_inc_not_zero_hint - increment if not null + * @v: pointer of type atomic_t + * @hint: probable value of the atomic before the increment @@ -9573,21 +12038,18 @@ index 58cb6d4..a4b806c 100644 + + return 0; +} - - /* - * atomic_dec_if_positive - decrement by 1 if old value positive -@@ -293,14 +552,37 @@ static inline void atomic_or_long(unsigned long *v1, unsigned long v2) ++ ++/** + * atomic_inc_short - increment of a short integer + * @v: pointer to type int + * +@@ -253,14 +497,37 @@ static inline void atomic_or_long(unsigned long *v1, unsigned long v2) #endif /* These are x86-specific, used by some header files */ -#define atomic_clear_mask(mask, addr) \ - asm volatile(LOCK_PREFIX "andl %0,%1" \ - : : "r" (~(mask)), "m" (*(addr)) : "memory") -- --#define atomic_set_mask(mask, addr) \ -- asm volatile(LOCK_PREFIX "orl %0,%1" \ -- : : "r" ((unsigned)(mask)), "m" (*(addr)) \ -- : "memory") +static inline void atomic_clear_mask(unsigned int mask, atomic_t *v) +{ + asm volatile(LOCK_PREFIX "andl %1,%0" @@ -9595,7 +12057,11 @@ index 58cb6d4..a4b806c 100644 + : "r" (~(mask)) + : "memory"); +} -+ + +-#define atomic_set_mask(mask, addr) \ +- asm volatile(LOCK_PREFIX "orl %0,%1" \ +- : : "r" ((unsigned)(mask)), "m" (*(addr)) \ +- : "memory") +static inline void atomic_clear_mask_unchecked(unsigned int mask, atomic_unchecked_t *v) +{ + asm volatile(LOCK_PREFIX "andl %1,%0" @@ -10109,7 +12575,7 @@ index 0e1cbfc..5623683 100644 #define atomic64_inc_not_zero(v) atomic64_add_unless((v), 1, 0) diff --git a/arch/x86/include/asm/bitops.h b/arch/x86/include/asm/bitops.h -index 72f5009..2f8b9a9 100644 +index 6dfd019..0c6699f 100644 --- a/arch/x86/include/asm/bitops.h +++ b/arch/x86/include/asm/bitops.h @@ -40,7 +40,7 @@ @@ -10122,11 +12588,11 @@ index 72f5009..2f8b9a9 100644 /** diff --git a/arch/x86/include/asm/boot.h b/arch/x86/include/asm/boot.h -index b13fe63..0dab13a 100644 +index 4fa687a..60f2d39 100644 --- a/arch/x86/include/asm/boot.h +++ b/arch/x86/include/asm/boot.h -@@ -11,10 +11,15 @@ - #include <asm/pgtable_types.h> +@@ -6,10 +6,15 @@ + #include <uapi/asm/boot.h> /* Physical address where kernel should be loaded. */ -#define LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \ @@ -10213,7 +12679,7 @@ index 46fc474..b02b0f9 100644 if (len) diff --git a/arch/x86/include/asm/cmpxchg.h b/arch/x86/include/asm/cmpxchg.h -index 99480e5..d81165b 100644 +index 8d871ea..c1a0dc9 100644 --- a/arch/x86/include/asm/cmpxchg.h +++ b/arch/x86/include/asm/cmpxchg.h @@ -14,8 +14,12 @@ extern void __cmpxchg_wrong_size(void) @@ -10275,10 +12741,10 @@ index 99480e5..d81165b 100644 ({ \ __typeof__ (*(ptr)) __ret = (inc); \ diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h -index 6b7ee5f..9d664b3 100644 +index 2d9075e..b75a844 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h -@@ -202,13 +202,14 @@ +@@ -206,7 +206,7 @@ #define X86_FEATURE_BMI1 (9*32+ 3) /* 1st group bit manipulation extensions */ #define X86_FEATURE_HLE (9*32+ 4) /* Hardware Lock Elision */ #define X86_FEATURE_AVX2 (9*32+ 5) /* AVX2 instructions */ @@ -10287,14 +12753,7 @@ index 6b7ee5f..9d664b3 100644 #define X86_FEATURE_BMI2 (9*32+ 8) /* 2nd group bit manipulation extensions */ #define X86_FEATURE_ERMS (9*32+ 9) /* Enhanced REP MOVSB/STOSB */ #define X86_FEATURE_INVPCID (9*32+10) /* Invalidate Processor Context ID */ - #define X86_FEATURE_RTM (9*32+11) /* Restricted Transactional Memory */ - #define X86_FEATURE_RDSEED (9*32+18) /* The RDSEED instruction */ - #define X86_FEATURE_ADX (9*32+19) /* The ADCX and ADOX instructions */ -+#define X86_FEATURE_SMAP (9*32+20) /* Supervisor Mode Access Prevention */ - - #if defined(__KERNEL__) && !defined(__ASSEMBLY__) - -@@ -373,7 +374,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) +@@ -375,7 +375,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ ".previous\n" @@ -10514,21 +12973,8 @@ index 278441f..b95a174 100644 }; } __attribute__((packed)); -diff --git a/arch/x86/include/asm/e820.h b/arch/x86/include/asm/e820.h -index 3778256..c5d4fce 100644 ---- a/arch/x86/include/asm/e820.h -+++ b/arch/x86/include/asm/e820.h -@@ -69,7 +69,7 @@ struct e820map { - #define ISA_START_ADDRESS 0xa0000 - #define ISA_END_ADDRESS 0x100000 - --#define BIOS_BEGIN 0x000a0000 -+#define BIOS_BEGIN 0x000c0000 - #define BIOS_END 0x00100000 - - #define BIOS_ROM_BASE 0xffe00000 diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h -index 5939f44..f8845f6 100644 +index 9c999c1..3860cb8 100644 --- a/arch/x86/include/asm/elf.h +++ b/arch/x86/include/asm/elf.h @@ -243,7 +243,25 @@ extern int force_personality32; @@ -10608,106 +13054,61 @@ index 75ce3f4..882e801 100644 #endif /* _ASM_X86_EMERGENCY_RESTART_H */ diff --git a/arch/x86/include/asm/fpu-internal.h b/arch/x86/include/asm/fpu-internal.h -index 04cb0f8..1da4bc9 100644 +index 41ab26e..a88c9e6 100644 --- a/arch/x86/include/asm/fpu-internal.h +++ b/arch/x86/include/asm/fpu-internal.h -@@ -82,10 +82,12 @@ static inline void sanitize_i387_state(struct task_struct *tsk) - } - - #ifdef CONFIG_X86_64 --static inline int fxrstor_checking(struct i387_fxsave_struct *fx) -+static inline int fxrstor_checking(struct i387_fxsave_struct __user *fx) - { - int err; - -+ fx = (struct i387_fxsave_struct __user *)____m(fx); -+ - /* See comment in fxsave() below. */ - #ifdef CONFIG_AS_FXSAVEQ - asm volatile("1: fxrstorq %[fx]\n\t" -@@ -115,6 +117,8 @@ static inline int fxsave_user(struct i387_fxsave_struct __user *fx) - { - int err; - -+ fx = (struct i387_fxsave_struct __user *)____m(fx); -+ - /* - * Clear the bytes not touched by the fxsave and reserved - * for the SW usage. -@@ -183,15 +187,15 @@ static inline void fpu_fxsave(struct fpu *fpu) - #else /* CONFIG_X86_32 */ - - /* perform fxrstor iff the processor has extended states, otherwise frstor */ --static inline int fxrstor_checking(struct i387_fxsave_struct *fx) -+static inline int fxrstor_checking(struct i387_fxsave_struct __user *fx) - { - /* - * The "nop" is needed to make the instructions the same - * length. - */ - alternative_input( -- "nop ; frstor %1", -- "fxrstor %1", -+ __copyuser_seg" frstor %1; nop", -+ __copyuser_seg" fxrstor %1", - X86_FEATURE_FXSR, - "m" (*fx)); - -@@ -250,7 +254,14 @@ static inline int __save_init_fpu(struct task_struct *tsk) - - static inline int fpu_fxrstor_checking(struct fpu *fpu) - { -- return fxrstor_checking(&fpu->state->fxsave); -+ int ret; -+ mm_segment_t fs; -+ -+ fs = get_fs(); -+ set_fs(KERNEL_DS); -+ ret = fxrstor_checking(&fpu->state->fxsave); -+ set_fs(fs); -+ return ret; - } - - static inline int fpu_restore_checking(struct fpu *fpu) -@@ -271,7 +282,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk) +@@ -126,7 +126,9 @@ static inline void sanitize_i387_state(struct task_struct *tsk) + ({ \ + int err; \ + asm volatile(ASM_STAC "\n" \ +- "1:" #insn "\n\t" \ ++ "1:" \ ++ __copyuser_seg \ ++ #insn "\n\t" \ + "2: " ASM_CLAC "\n" \ + ".section .fixup,\"ax\"\n" \ + "3: movl $-1,%[err]\n" \ +@@ -299,7 +301,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk) "emms\n\t" /* clear stack tags */ "fildl %P[addr]", /* set F?P to defined value */ X86_FEATURE_FXSAVE_LEAK, - [addr] "m" (tsk->thread.fpu.has_fpu)); -+ [addr] "m" (init_tss[smp_processor_id()].x86_tss.sp0)); ++ [addr] "m" (init_tss[raw_smp_processor_id()].x86_tss.sp0)); return fpu_restore_checking(&tsk->thread.fpu); } diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h -index 71ecbcb..11df950 100644 +index be27ba1..8f13ff9 100644 --- a/arch/x86/include/asm/futex.h +++ b/arch/x86/include/asm/futex.h -@@ -11,20 +11,22 @@ - #include <asm/processor.h> +@@ -12,6 +12,7 @@ + #include <asm/smap.h> #define __futex_atomic_op1(insn, ret, oldval, uaddr, oparg) \ + typecheck(u32 __user *, uaddr); \ - asm volatile("1:\t" insn "\n" \ - "2:\t.section .fixup,\"ax\"\n" \ - "3:\tmov\t%3, %1\n" \ + asm volatile("\t" ASM_STAC "\n" \ + "1:\t" insn "\n" \ + "2:\t" ASM_CLAC "\n" \ +@@ -20,15 +21,16 @@ "\tjmp\t2b\n" \ "\t.previous\n" \ _ASM_EXTABLE(1b, 3b) \ - : "=r" (oldval), "=r" (ret), "+m" (*uaddr) \ -+ : "=r" (oldval), "=r" (ret), "+m" (*(u32 __user *)____m(uaddr))\ ++ : "=r" (oldval), "=r" (ret), "+m" (*(u32 __user *)____m(uaddr)) \ : "i" (-EFAULT), "0" (oparg), "1" (0)) #define __futex_atomic_op2(insn, ret, oldval, uaddr, oparg) \ + typecheck(u32 __user *, uaddr); \ - asm volatile("1:\tmovl %2, %0\n" \ + asm volatile("\t" ASM_STAC "\n" \ + "1:\tmovl %2, %0\n" \ "\tmovl\t%0, %3\n" \ "\t" insn "\n" \ - "2:\t" LOCK_PREFIX "cmpxchgl %3, %2\n" \ + "2:\t" LOCK_PREFIX __copyuser_seg"cmpxchgl %3, %2\n" \ "\tjnz\t1b\n" \ - "3:\t.section .fixup,\"ax\"\n" \ - "4:\tmov\t%5, %1\n" \ -@@ -33,7 +35,7 @@ + "3:\t" ASM_CLAC "\n" \ + "\t.section .fixup,\"ax\"\n" \ +@@ -38,7 +40,7 @@ _ASM_EXTABLE(1b, 4b) \ _ASM_EXTABLE(2b, 4b) \ : "=&a" (oldval), "=&r" (ret), \ @@ -10716,7 +13117,7 @@ index 71ecbcb..11df950 100644 : "r" (oparg), "i" (-EFAULT), "1" (0)) static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) -@@ -60,10 +62,10 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) +@@ -59,10 +61,10 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) switch (op) { case FUTEX_OP_SET: @@ -10729,13 +13130,14 @@ index 71ecbcb..11df950 100644 uaddr, oparg); break; case FUTEX_OP_OR: -@@ -122,13 +124,13 @@ static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, - if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) +@@ -116,14 +118,14 @@ static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, return -EFAULT; -- asm volatile("1:\t" LOCK_PREFIX "cmpxchgl %4, %2\n" -+ asm volatile("1:\t" LOCK_PREFIX __copyuser_seg"cmpxchgl %4, %2\n" - "2:\t.section .fixup, \"ax\"\n" + asm volatile("\t" ASM_STAC "\n" +- "1:\t" LOCK_PREFIX "cmpxchgl %4, %2\n" ++ "1:\t" LOCK_PREFIX __copyuser_seg"cmpxchgl %4, %2\n" + "2:\t" ASM_CLAC "\n" + "\t.section .fixup, \"ax\"\n" "3:\tmov %3, %0\n" "\tjmp 2b\n" "\t.previous\n" @@ -10760,10 +13162,32 @@ index eb92a6e..b98b2f4 100644 /* EISA */ extern void eisa_set_level_irq(unsigned int irq); +diff --git a/arch/x86/include/asm/i8259.h b/arch/x86/include/asm/i8259.h +index a203659..9889f1c 100644 +--- a/arch/x86/include/asm/i8259.h ++++ b/arch/x86/include/asm/i8259.h +@@ -62,7 +62,7 @@ struct legacy_pic { + void (*init)(int auto_eoi); + int (*irq_pending)(unsigned int irq); + void (*make_irq)(unsigned int irq); +-}; ++} __do_const; + + extern struct legacy_pic *legacy_pic; + extern struct legacy_pic null_legacy_pic; diff --git a/arch/x86/include/asm/io.h b/arch/x86/include/asm/io.h -index d8e8eef..99f81ae 100644 +index d8e8eef..15b1179 100644 --- a/arch/x86/include/asm/io.h +++ b/arch/x86/include/asm/io.h +@@ -184,7 +184,7 @@ static inline void __iomem *ioremap(resource_size_t offset, unsigned long size) + return ioremap_nocache(offset, size); + } + +-extern void iounmap(volatile void __iomem *addr); ++extern void iounmap(const volatile void __iomem *addr); + + extern void set_iounmap_nonlazy(void); + @@ -194,6 +194,17 @@ extern void set_iounmap_nonlazy(void); #include <linux/vmalloc.h> @@ -10799,10 +13223,10 @@ index bba3cf8..06bc8da 100644 #define INTERRUPT_RETURN iret #define ENABLE_INTERRUPTS_SYSEXIT sti; sysexit diff --git a/arch/x86/include/asm/kprobes.h b/arch/x86/include/asm/kprobes.h -index 5478825..839e88c 100644 +index d3ddd17..c9fb0cc 100644 --- a/arch/x86/include/asm/kprobes.h +++ b/arch/x86/include/asm/kprobes.h -@@ -37,13 +37,8 @@ typedef u8 kprobe_opcode_t; +@@ -38,13 +38,8 @@ typedef u8 kprobe_opcode_t; #define RELATIVEJUMP_SIZE 5 #define RELATIVECALL_OPCODE 0xe8 #define RELATIVE_ADDR_SIZE 4 @@ -10818,21 +13242,8 @@ index 5478825..839e88c 100644 #define flush_insn_slot(p) do { } while (0) -diff --git a/arch/x86/include/asm/kvm_host.h b/arch/x86/include/asm/kvm_host.h -index 09155d6..d2e6df9 100644 ---- a/arch/x86/include/asm/kvm_host.h -+++ b/arch/x86/include/asm/kvm_host.h -@@ -694,7 +694,7 @@ struct kvm_x86_ops { - int (*check_intercept)(struct kvm_vcpu *vcpu, - struct x86_instruction_info *info, - enum x86_intercept_stage stage); --}; -+} __do_const; - - struct kvm_arch_async_pf { - u32 token; diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h -index c8bed0d..85c03fd 100644 +index 2d89e39..baee879 100644 --- a/arch/x86/include/asm/local.h +++ b/arch/x86/include/asm/local.h @@ -10,33 +10,97 @@ typedef struct { @@ -11009,11 +13420,10 @@ index c8bed0d..85c03fd 100644 : "+m" (l->a.counter), "=qm" (c) : "ir" (i) : "memory"); return c; -@@ -132,7 +232,15 @@ static inline long local_add_return(long i, local_t *l) - #endif - /* Modern 486+ processor */ - __i = i; -- asm volatile(_ASM_XADD "%0, %1;" +@@ -125,6 +225,30 @@ static inline int local_add_negative(long i, local_t *l) + static inline long local_add_return(long i, local_t *l) + { + long __i = i; + asm volatile(_ASM_XADD "%0, %1\n" + +#ifdef CONFIG_PAX_REFCOUNT @@ -11023,13 +13433,11 @@ index c8bed0d..85c03fd 100644 + _ASM_EXTABLE(0b, 0b) +#endif + - : "+r" (i), "+m" (l->a.counter) - : : "memory"); - return i + __i; -@@ -147,6 +255,38 @@ no_xadd: /* Legacy 386 processor */ - #endif - } - ++ : "+r" (i), "+m" (l->a.counter) ++ : : "memory"); ++ return i + __i; ++} ++ +/** + * local_add_return_unchecked - add and return + * @i: integer value to add @@ -11039,33 +13447,11 @@ index c8bed0d..85c03fd 100644 + */ +static inline long local_add_return_unchecked(long i, local_unchecked_t *l) +{ -+ long __i; -+#ifdef CONFIG_M386 -+ unsigned long flags; -+ if (unlikely(boot_cpu_data.x86 <= 3)) -+ goto no_xadd; -+#endif -+ /* Modern 486+ processor */ -+ __i = i; -+ asm volatile(_ASM_XADD "%0, %1\n" -+ : "+r" (i), "+m" (l->a.counter) -+ : : "memory"); -+ return i + __i; -+ -+#ifdef CONFIG_M386 -+no_xadd: /* Legacy 386 processor */ -+ local_irq_save(flags); -+ __i = local_read_unchecked(l); -+ local_set_unchecked(l, i + __i); -+ local_irq_restore(flags); -+ return i + __i; -+#endif -+} -+ - static inline long local_sub_return(long i, local_t *l) - { - return local_add_return(-i, l); -@@ -157,6 +297,8 @@ static inline long local_sub_return(long i, local_t *l) ++ long __i = i; + asm volatile(_ASM_XADD "%0, %1;" + : "+r" (i), "+m" (l->a.counter) + : : "memory"); +@@ -141,6 +265,8 @@ static inline long local_sub_return(long i, local_t *l) #define local_cmpxchg(l, o, n) \ (cmpxchg_local(&((l)->a.counter), (o), (n))) @@ -11075,24 +13461,26 @@ index c8bed0d..85c03fd 100644 #define local_xchg(l, n) (xchg(&((l)->a.counter), (n))) diff --git a/arch/x86/include/asm/mman.h b/arch/x86/include/asm/mman.h -index 593e51d..fa69c9a 100644 ---- a/arch/x86/include/asm/mman.h +new file mode 100644 +index 0000000..2bfd3ba +--- /dev/null +++ b/arch/x86/include/asm/mman.h -@@ -5,4 +5,14 @@ - - #include <asm-generic/mman.h> - +@@ -0,0 +1,15 @@ ++#ifndef _X86_MMAN_H ++#define _X86_MMAN_H ++ ++#include <uapi/asm/mman.h> ++ +#ifdef __KERNEL__ +#ifndef __ASSEMBLY__ +#ifdef CONFIG_X86_32 +#define arch_mmap_check i386_mmap_check -+int i386_mmap_check(unsigned long addr, unsigned long len, -+ unsigned long flags); ++int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags); +#endif +#endif +#endif + - #endif /* _ASM_X86_MMAN_H */ ++#endif /* X86_MMAN_H */ diff --git a/arch/x86/include/asm/mmu.h b/arch/x86/include/asm/mmu.h index 5f55e69..e20bfb1 100644 --- a/arch/x86/include/asm/mmu.h @@ -11245,14 +13633,14 @@ index cdbf367..adb37ac 100644 +#endif + } -- } - #endif -+ } ++#endif + } +-#endif } #define activate_mm(prev, next) \ diff --git a/arch/x86/include/asm/module.h b/arch/x86/include/asm/module.h -index 9eae775..c914fea 100644 +index e3b7819..b257c64 100644 --- a/arch/x86/include/asm/module.h +++ b/arch/x86/include/asm/module.h @@ -5,6 +5,7 @@ @@ -11260,10 +13648,10 @@ index 9eae775..c914fea 100644 #ifdef CONFIG_X86_64 /* X86_64 does not define MODULE_PROC_FAMILY */ +#define MODULE_PROC_FAMILY "" - #elif defined CONFIG_M386 - #define MODULE_PROC_FAMILY "386 " #elif defined CONFIG_M486 -@@ -59,8 +60,20 @@ + #define MODULE_PROC_FAMILY "486 " + #elif defined CONFIG_M586 +@@ -57,8 +58,20 @@ #error unknown processor family #endif @@ -11286,6 +13674,33 @@ index 9eae775..c914fea 100644 +#define MODULE_ARCH_VERMAGIC MODULE_PROC_FAMILY MODULE_PAX_KERNEXEC MODULE_PAX_UDEREF + #endif /* _ASM_X86_MODULE_H */ +diff --git a/arch/x86/include/asm/nmi.h b/arch/x86/include/asm/nmi.h +index c0fa356..07a498a 100644 +--- a/arch/x86/include/asm/nmi.h ++++ b/arch/x86/include/asm/nmi.h +@@ -42,11 +42,11 @@ struct nmiaction { + nmi_handler_t handler; + unsigned long flags; + const char *name; +-}; ++} __do_const; + + #define register_nmi_handler(t, fn, fg, n, init...) \ + ({ \ +- static struct nmiaction init fn##_na = { \ ++ static const struct nmiaction init fn##_na = { \ + .handler = (fn), \ + .name = (n), \ + .flags = (fg), \ +@@ -54,7 +54,7 @@ struct nmiaction { + __register_nmi_handler((t), &fn##_na); \ + }) + +-int __register_nmi_handler(unsigned int, struct nmiaction *); ++int __register_nmi_handler(unsigned int, const struct nmiaction *); + + void unregister_nmi_handler(unsigned int, const char *); + diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h index 320f7bb..e89f8f8 100644 --- a/arch/x86/include/asm/page_64_types.h @@ -11300,10 +13715,10 @@ index 320f7bb..e89f8f8 100644 extern unsigned long __phys_addr(unsigned long); #define __phys_reloc_hide(x) (x) diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h -index a0facf3..c017b15 100644 +index 5edd174..9cf5821 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h -@@ -632,6 +632,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd) +@@ -630,6 +630,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd) val); } @@ -11322,7 +13737,7 @@ index a0facf3..c017b15 100644 static inline void pgd_clear(pgd_t *pgdp) { set_pgd(pgdp, __pgd(0)); -@@ -713,6 +725,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx, +@@ -711,6 +723,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx, pv_mmu_ops.set_fixmap(idx, phys, flags); } @@ -11344,7 +13759,7 @@ index a0facf3..c017b15 100644 #if defined(CONFIG_SMP) && defined(CONFIG_PARAVIRT_SPINLOCKS) static inline int arch_spin_is_locked(struct arch_spinlock *lock) -@@ -929,7 +956,7 @@ extern void default_banner(void); +@@ -927,7 +954,7 @@ extern void default_banner(void); #define PARA_PATCH(struct, off) ((PARAVIRT_PATCH_##struct + (off)) / 4) #define PARA_SITE(ptype, clobbers, ops) _PVSITE(ptype, clobbers, ops, .long, 4) @@ -11353,7 +13768,7 @@ index a0facf3..c017b15 100644 #endif #define INTERRUPT_RETURN \ -@@ -1004,6 +1031,21 @@ extern void default_banner(void); +@@ -1002,6 +1029,21 @@ extern void default_banner(void); PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_irq_enable_sysexit), \ CLBR_NONE, \ jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_irq_enable_sysexit)) @@ -11376,10 +13791,10 @@ index a0facf3..c017b15 100644 #endif /* __ASSEMBLY__ */ diff --git a/arch/x86/include/asm/paravirt_types.h b/arch/x86/include/asm/paravirt_types.h -index 142236e..6a6b4a6 100644 +index 142236e..5446ffbc 100644 --- a/arch/x86/include/asm/paravirt_types.h +++ b/arch/x86/include/asm/paravirt_types.h -@@ -84,20 +84,20 @@ struct pv_init_ops { +@@ -84,7 +84,7 @@ struct pv_init_ops { */ unsigned (*patch)(u8 type, u16 clobber, void *insnbuf, unsigned long addr, unsigned len); @@ -11388,13 +13803,7 @@ index 142236e..6a6b4a6 100644 struct pv_lazy_ops { - /* Set deferred update mode, used for batching operations. */ - void (*enter)(void); - void (*leave)(void); --}; -+} __no_const; - - struct pv_time_ops { +@@ -97,7 +97,7 @@ struct pv_time_ops { unsigned long long (*sched_clock)(void); unsigned long long (*steal_clock)(int cpu); unsigned long (*get_tsc_khz)(void); @@ -11541,7 +13950,7 @@ index 4cc9f2b..5fd9226 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index 3f3dd52..ef2b389 100644 +index 1c1a955..50f828c 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -11571,7 +13980,7 @@ index 3f3dd52..ef2b389 100644 + preempt_disable(); + barrier(); + cr0 = read_cr0() ^ X86_CR0_WP; -+ BUG_ON(unlikely(cr0 & X86_CR0_WP)); ++ BUG_ON(cr0 & X86_CR0_WP); + write_cr0(cr0); + return cr0 ^ X86_CR0_WP; +} @@ -11581,7 +13990,7 @@ index 3f3dd52..ef2b389 100644 + unsigned long cr0; + + cr0 = read_cr0() ^ X86_CR0_WP; -+ BUG_ON(unlikely(!(cr0 & X86_CR0_WP))); ++ BUG_ON(!(cr0 & X86_CR0_WP)); + write_cr0(cr0); + barrier(); + preempt_enable_no_resched(); @@ -11651,7 +14060,7 @@ index 3f3dd52..ef2b389 100644 #include <linux/mm_types.h> static inline int pte_none(pte_t pte) -@@ -570,7 +639,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) +@@ -583,7 +652,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) static inline int pgd_bad(pgd_t pgd) { @@ -11660,7 +14069,7 @@ index 3f3dd52..ef2b389 100644 } static inline int pgd_none(pgd_t pgd) -@@ -593,7 +662,12 @@ static inline int pgd_none(pgd_t pgd) +@@ -606,7 +675,12 @@ static inline int pgd_none(pgd_t pgd) * pgd_offset() returns a (pgd_t *) * pgd_index() is used get the offset into the pgd page's array of pgd_t's; */ @@ -11674,7 +14083,7 @@ index 3f3dd52..ef2b389 100644 /* * a shortcut which implies the use of the kernel's pgd, instead * of a process's -@@ -604,6 +678,20 @@ static inline int pgd_none(pgd_t pgd) +@@ -617,6 +691,20 @@ static inline int pgd_none(pgd_t pgd) #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) @@ -11695,7 +14104,7 @@ index 3f3dd52..ef2b389 100644 #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -768,11 +856,23 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, +@@ -781,11 +869,23 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -11722,7 +14131,7 @@ index 3f3dd52..ef2b389 100644 #include <asm-generic/pgtable.h> #endif /* __ASSEMBLY__ */ diff --git a/arch/x86/include/asm/pgtable_32.h b/arch/x86/include/asm/pgtable_32.h -index 0c92113..34a77c6 100644 +index 8faa215..a8a17ea 100644 --- a/arch/x86/include/asm/pgtable_32.h +++ b/arch/x86/include/asm/pgtable_32.h @@ -25,9 +25,6 @@ @@ -11758,7 +14167,7 @@ index 0c92113..34a77c6 100644 __flush_tlb_one((vaddr)); \ } while (0) -@@ -74,6 +79,9 @@ do { \ +@@ -75,6 +80,9 @@ do { \ #endif /* !__ASSEMBLY__ */ @@ -11802,7 +14211,7 @@ index ed5903b..c7fe163 100644 #define MODULES_END VMALLOC_END #define MODULES_LEN (MODULES_VADDR - MODULES_END) diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h -index 8251be0..4ea8b46 100644 +index 47356f9..deb94a2 100644 --- a/arch/x86/include/asm/pgtable_64.h +++ b/arch/x86/include/asm/pgtable_64.h @@ -16,10 +16,14 @@ @@ -11872,7 +14281,7 @@ index 766ea16..5b96cb3 100644 #endif /* _ASM_X86_PGTABLE_64_DEFS_H */ diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h -index 013286a..8b42f4f 100644 +index 3c32db8..1ddccf5 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -16,13 +16,12 @@ @@ -11912,7 +14321,7 @@ index 013286a..8b42f4f 100644 #endif #define _PAGE_FILE (_AT(pteval_t, 1) << _PAGE_BIT_FILE) -@@ -96,6 +96,9 @@ +@@ -116,6 +116,9 @@ #define PAGE_READONLY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | \ _PAGE_ACCESSED) @@ -11922,7 +14331,7 @@ index 013286a..8b42f4f 100644 #define __PAGE_KERNEL_EXEC \ (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_GLOBAL) #define __PAGE_KERNEL (__PAGE_KERNEL_EXEC | _PAGE_NX) -@@ -106,7 +109,7 @@ +@@ -126,7 +129,7 @@ #define __PAGE_KERNEL_WC (__PAGE_KERNEL | _PAGE_CACHE_WC) #define __PAGE_KERNEL_NOCACHE (__PAGE_KERNEL | _PAGE_PCD | _PAGE_PWT) #define __PAGE_KERNEL_UC_MINUS (__PAGE_KERNEL | _PAGE_PCD) @@ -11931,7 +14340,7 @@ index 013286a..8b42f4f 100644 #define __PAGE_KERNEL_VVAR (__PAGE_KERNEL_RO | _PAGE_USER) #define __PAGE_KERNEL_VVAR_NOCACHE (__PAGE_KERNEL_VVAR | _PAGE_PCD | _PAGE_PWT) #define __PAGE_KERNEL_LARGE (__PAGE_KERNEL | _PAGE_PSE) -@@ -168,8 +171,8 @@ +@@ -188,8 +191,8 @@ * bits are combined, this will alow user to access the high address mapped * VDSO in the presence of CONFIG_COMPAT_VDSO */ @@ -11942,7 +14351,7 @@ index 013286a..8b42f4f 100644 #define PGD_IDENT_ATTR 0x001 /* PRESENT (no other attributes) */ #endif -@@ -207,7 +210,17 @@ static inline pgdval_t pgd_flags(pgd_t pgd) +@@ -227,7 +230,17 @@ static inline pgdval_t pgd_flags(pgd_t pgd) { return native_pgd_val(pgd) & PTE_FLAGS_MASK; } @@ -11960,7 +14369,7 @@ index 013286a..8b42f4f 100644 #if PAGETABLE_LEVELS > 3 typedef struct { pudval_t pud; } pud_t; -@@ -221,8 +234,6 @@ static inline pudval_t native_pud_val(pud_t pud) +@@ -241,8 +254,6 @@ static inline pudval_t native_pud_val(pud_t pud) return pud.pud; } #else @@ -11969,7 +14378,7 @@ index 013286a..8b42f4f 100644 static inline pudval_t native_pud_val(pud_t pud) { return native_pgd_val(pud.pgd); -@@ -242,8 +253,6 @@ static inline pmdval_t native_pmd_val(pmd_t pmd) +@@ -262,8 +273,6 @@ static inline pmdval_t native_pmd_val(pmd_t pmd) return pmd.pmd; } #else @@ -11978,7 +14387,7 @@ index 013286a..8b42f4f 100644 static inline pmdval_t native_pmd_val(pmd_t pmd) { return native_pgd_val(pmd.pud.pgd); -@@ -283,7 +292,6 @@ typedef struct page *pgtable_t; +@@ -303,7 +312,6 @@ typedef struct page *pgtable_t; extern pteval_t __supported_pte_mask; extern void set_nx(void); @@ -11986,23 +14395,11 @@ index 013286a..8b42f4f 100644 #define pgprot_writecombine pgprot_writecombine extern pgprot_t pgprot_writecombine(pgprot_t prot); -diff --git a/arch/x86/include/asm/processor-flags.h b/arch/x86/include/asm/processor-flags.h -index aea1d1d..680cf09 100644 ---- a/arch/x86/include/asm/processor-flags.h -+++ b/arch/x86/include/asm/processor-flags.h -@@ -65,6 +65,7 @@ - #define X86_CR4_PCIDE 0x00020000 /* enable PCID support */ - #define X86_CR4_OSXSAVE 0x00040000 /* enable xsave and xrestore */ - #define X86_CR4_SMEP 0x00100000 /* enable SMEP support */ -+#define X86_CR4_SMAP 0x00200000 /* enable SMAP support */ - - /* - * x86-64 Task Priority Register, CR8 diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h -index d048cad..45e350f 100644 +index 888184b..a07ac89 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h -@@ -289,7 +289,7 @@ struct tss_struct { +@@ -287,7 +287,7 @@ struct tss_struct { } ____cacheline_aligned; @@ -12011,7 +14408,7 @@ index d048cad..45e350f 100644 /* * Save the original ist values for checking stack pointers during debugging -@@ -822,11 +822,18 @@ static inline void spin_lock_prefetch(const void *x) +@@ -827,11 +827,18 @@ static inline void spin_lock_prefetch(const void *x) */ #define TASK_SIZE PAGE_OFFSET #define TASK_SIZE_MAX TASK_SIZE @@ -12032,7 +14429,7 @@ index d048cad..45e350f 100644 .vm86_info = NULL, \ .sysenter_cs = __KERNEL_CS, \ .io_bitmap_ptr = NULL, \ -@@ -840,7 +847,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -845,7 +852,7 @@ static inline void spin_lock_prefetch(const void *x) */ #define INIT_TSS { \ .x86_tss = { \ @@ -12041,7 +14438,7 @@ index d048cad..45e350f 100644 .ss0 = __KERNEL_DS, \ .ss1 = __KERNEL_CS, \ .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \ -@@ -851,11 +858,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -856,11 +863,7 @@ static inline void spin_lock_prefetch(const void *x) extern unsigned long thread_saved_pc(struct task_struct *tsk); #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long)) @@ -12054,7 +14451,7 @@ index d048cad..45e350f 100644 /* * The below -8 is to reserve 8 bytes on top of the ring0 stack. -@@ -870,7 +873,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -875,7 +878,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define task_pt_regs(task) \ ({ \ struct pt_regs *__regs__; \ @@ -12063,7 +14460,7 @@ index d048cad..45e350f 100644 __regs__ - 1; \ }) -@@ -880,13 +883,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -885,13 +888,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); /* * User space process size. 47bits minus one guard page. */ @@ -12079,7 +14476,7 @@ index d048cad..45e350f 100644 #define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \ IA32_PAGE_OFFSET : TASK_SIZE_MAX) -@@ -897,11 +900,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -902,11 +905,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define STACK_TOP_MAX TASK_SIZE_MAX #define INIT_THREAD { \ @@ -12093,7 +14490,7 @@ index d048cad..45e350f 100644 } /* -@@ -929,6 +932,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, +@@ -934,6 +937,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, */ #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) @@ -12104,7 +14501,7 @@ index d048cad..45e350f 100644 #define KSTK_EIP(task) (task_pt_regs(task)->ip) /* Get/set a process' ability to use the timestamp counter instruction */ -@@ -989,12 +996,12 @@ extern bool cpu_has_amd_erratum(const int *); +@@ -994,12 +1001,12 @@ extern bool cpu_has_amd_erratum(const int *); #define cpu_has_amd_erratum(x) (false) #endif /* CONFIG_CPU_SUP_AMD */ @@ -12120,10 +14517,10 @@ index d048cad..45e350f 100644 #endif /* _ASM_X86_PROCESSOR_H */ diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h -index 19f16eb..b50624b 100644 +index 942a086..6c26446 100644 --- a/arch/x86/include/asm/ptrace.h +++ b/arch/x86/include/asm/ptrace.h -@@ -155,28 +155,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs) +@@ -85,28 +85,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs) } /* @@ -12159,7 +14556,7 @@ index 19f16eb..b50624b 100644 #endif } -@@ -192,15 +193,16 @@ static inline int v8086_mode(struct pt_regs *regs) +@@ -122,15 +123,16 @@ static inline int v8086_mode(struct pt_regs *regs) #ifdef CONFIG_X86_64 static inline bool user_64bit_mode(struct pt_regs *regs) { @@ -12177,7 +14574,22 @@ index 19f16eb..b50624b 100644 + return cs == __USER_CS || cs == pv_info.extra_user_64bit_cs; #endif } + +@@ -181,9 +183,11 @@ static inline unsigned long regs_get_register(struct pt_regs *regs, + * Traps from the kernel do not save sp and ss. + * Use the helper function to retrieve sp. + */ +- if (offset == offsetof(struct pt_regs, sp) && +- regs->cs == __KERNEL_CS) +- return kernel_stack_pointer(regs); ++ if (offset == offsetof(struct pt_regs, sp)) { ++ unsigned long cs = regs->cs & 0xffff; ++ if (cs == __KERNEL_CS || cs == __KERNEXEC_KERNEL_CS) ++ return kernel_stack_pointer(regs); ++ } #endif + return *(unsigned long *)((unsigned long)regs + offset); + } diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h index fe1ec5b..dc5c3fe 100644 --- a/arch/x86/include/asm/realmode.h @@ -12423,7 +14835,7 @@ index c48a950..c6d7468 100644 #endif /* !__ASSEMBLY__ */ diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h -index 4f19a15..9e14f27 100644 +index b073aae..39f9bdd 100644 --- a/arch/x86/include/asm/smp.h +++ b/arch/x86/include/asm/smp.h @@ -36,7 +36,7 @@ DECLARE_PER_CPU_READ_MOSTLY(cpumask_var_t, cpu_core_map); @@ -12444,7 +14856,7 @@ index 4f19a15..9e14f27 100644 /* Globals due to paravirt */ extern void set_cpu_sibling_map(int cpu); -@@ -190,14 +190,8 @@ extern unsigned disabled_cpus __cpuinitdata; +@@ -191,14 +191,8 @@ extern unsigned disabled_cpus __cpuinitdata; extern int safe_smp_processor_id(void); #elif defined(CONFIG_X86_64_SMP) @@ -12568,7 +14980,15 @@ index 70bbe39..4ae2bd4 100644 - void *data, - unsigned long *end, - int *graph); -- ++typedef unsigned long walk_stack_t(struct task_struct *task, ++ void *stack_start, ++ unsigned long *stack, ++ unsigned long bp, ++ const struct stacktrace_ops *ops, ++ void *data, ++ unsigned long *end, ++ int *graph); + -extern unsigned long -print_context_stack(struct thread_info *tinfo, - unsigned long *stack, unsigned long bp, @@ -12580,15 +15000,6 @@ index 70bbe39..4ae2bd4 100644 - unsigned long *stack, unsigned long bp, - const struct stacktrace_ops *ops, void *data, - unsigned long *end, int *graph); -+typedef unsigned long walk_stack_t(struct task_struct *task, -+ void *stack_start, -+ unsigned long *stack, -+ unsigned long bp, -+ const struct stacktrace_ops *ops, -+ void *data, -+ unsigned long *end, -+ int *graph); -+ +extern walk_stack_t print_context_stack; +extern walk_stack_t print_context_stack_bp; @@ -12625,21 +15036,8 @@ index 4ec45b3..a4f0a8a 100644 [current_task] "m" (current_task) \ __switch_canary_iparam \ : "memory", "cc" __EXTRA_CLOBBER) -diff --git a/arch/x86/include/asm/sys_ia32.h b/arch/x86/include/asm/sys_ia32.h -index 3fda9db4..4ca1c61 100644 ---- a/arch/x86/include/asm/sys_ia32.h -+++ b/arch/x86/include/asm/sys_ia32.h -@@ -40,7 +40,7 @@ asmlinkage long sys32_sigaction(int, struct old_sigaction32 __user *, - struct old_sigaction32 __user *); - asmlinkage long sys32_alarm(unsigned int); - --asmlinkage long sys32_waitpid(compat_pid_t, unsigned int *, int); -+asmlinkage long sys32_waitpid(compat_pid_t, unsigned int __user *, int); - asmlinkage long sys32_sysfs(int, u32, u32); - - asmlinkage long sys32_sched_rr_get_interval(compat_pid_t, diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h -index 89f794f..1422765 100644 +index 2d946e6..e453ec4 100644 --- a/arch/x86/include/asm/thread_info.h +++ b/arch/x86/include/asm/thread_info.h @@ -10,6 +10,7 @@ @@ -12697,7 +15095,7 @@ index 89f794f..1422765 100644 #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) -@@ -122,16 +117,18 @@ struct thread_info { +@@ -122,17 +117,18 @@ struct thread_info { #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) #define _TIF_ADDR32 (1 << TIF_ADDR32) #define _TIF_X32 (1 << TIF_X32) @@ -12706,60 +15104,45 @@ index 89f794f..1422765 100644 /* work to do in syscall_trace_enter() */ #define _TIF_WORK_SYSCALL_ENTRY \ (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_EMU | _TIF_SYSCALL_AUDIT | \ -- _TIF_SECCOMP | _TIF_SINGLESTEP | _TIF_SYSCALL_TRACEPOINT) -+ _TIF_SECCOMP | _TIF_SINGLESTEP | _TIF_SYSCALL_TRACEPOINT | \ -+ _TIF_GRSEC_SETXID) + _TIF_SECCOMP | _TIF_SINGLESTEP | _TIF_SYSCALL_TRACEPOINT | \ +- _TIF_NOHZ) ++ _TIF_NOHZ | _TIF_GRSEC_SETXID) /* work to do in syscall_trace_leave() */ #define _TIF_WORK_SYSCALL_EXIT \ (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_SINGLESTEP | \ -- _TIF_SYSCALL_TRACEPOINT) -+ _TIF_SYSCALL_TRACEPOINT | _TIF_GRSEC_SETXID) +- _TIF_SYSCALL_TRACEPOINT | _TIF_NOHZ) ++ _TIF_SYSCALL_TRACEPOINT | _TIF_NOHZ | _TIF_GRSEC_SETXID) /* work to do on interrupt/exception return */ #define _TIF_WORK_MASK \ -@@ -141,7 +138,8 @@ struct thread_info { - +@@ -143,7 +139,7 @@ struct thread_info { /* work to do on any return to user space */ #define _TIF_ALLWORK_MASK \ -- ((0x0000FFFF & ~_TIF_SECCOMP) | _TIF_SYSCALL_TRACEPOINT) -+ ((0x0000FFFF & ~_TIF_SECCOMP) | _TIF_SYSCALL_TRACEPOINT | \ -+ _TIF_GRSEC_SETXID) + ((0x0000FFFF & ~_TIF_SECCOMP) | _TIF_SYSCALL_TRACEPOINT | \ +- _TIF_NOHZ) ++ _TIF_NOHZ | _TIF_GRSEC_SETXID) /* Only used for 64 bit */ #define _TIF_DO_NOTIFY_MASK \ -@@ -157,6 +155,23 @@ struct thread_info { +@@ -159,45 +155,40 @@ struct thread_info { #define PREEMPT_ACTIVE 0x10000000 -+#ifdef __ASSEMBLY__ -+/* how to get the thread information struct from ASM */ -+#define GET_THREAD_INFO(reg) \ -+ mov PER_CPU_VAR(current_tinfo), reg -+ -+/* use this one if reg already contains %esp */ -+#define GET_THREAD_INFO_WITH_ESP(reg) GET_THREAD_INFO(reg) -+#else -+/* how to get the thread information struct from C */ -+DECLARE_PER_CPU(struct thread_info *, current_tinfo); -+ -+static __always_inline struct thread_info *current_thread_info(void) -+{ -+ return this_cpu_read_stable(current_tinfo); -+} -+#endif -+ - #ifdef CONFIG_X86_32 - - #define STACK_WARN (THREAD_SIZE/8) -@@ -167,35 +182,13 @@ struct thread_info { - */ - #ifndef __ASSEMBLY__ - +-#ifdef CONFIG_X86_32 +- +-#define STACK_WARN (THREAD_SIZE/8) +-/* +- * macros/functions for gaining access to the thread information structure +- * +- * preempt_count needs to be 1 initially, until the scheduler is functional. +- */ +-#ifndef __ASSEMBLY__ +- +- +-/* how to get the current stack pointer from C */ +-register unsigned long current_stack_pointer asm("esp") __used; - - /* how to get the current stack pointer from C */ - register unsigned long current_stack_pointer asm("esp") __used; - -/* how to get the thread information struct from C */ -static inline struct thread_info *current_thread_info(void) -{ @@ -12769,15 +15152,40 @@ index 89f794f..1422765 100644 - -#else /* !__ASSEMBLY__ */ - --/* how to get the thread information struct from ASM */ --#define GET_THREAD_INFO(reg) \ ++#ifdef __ASSEMBLY__ + /* how to get the thread information struct from ASM */ + #define GET_THREAD_INFO(reg) \ - movl $-THREAD_SIZE, reg; \ - andl %esp, reg -- --/* use this one if reg already contains %esp */ ++ mov PER_CPU_VAR(current_tinfo), reg + + /* use this one if reg already contains %esp */ -#define GET_THREAD_INFO_WITH_ESP(reg) \ - andl $-THREAD_SIZE, reg -- ++#define GET_THREAD_INFO_WITH_ESP(reg) GET_THREAD_INFO(reg) ++#else ++/* how to get the thread information struct from C */ ++DECLARE_PER_CPU(struct thread_info *, current_tinfo); ++ ++static __always_inline struct thread_info *current_thread_info(void) ++{ ++ return this_cpu_read_stable(current_tinfo); ++} ++#endif ++ ++#ifdef CONFIG_X86_32 ++ ++#define STACK_WARN (THREAD_SIZE/8) ++/* ++ * macros/functions for gaining access to the thread information structure ++ * ++ * preempt_count needs to be 1 initially, until the scheduler is functional. ++ */ ++#ifndef __ASSEMBLY__ ++ ++/* how to get the current stack pointer from C */ ++register unsigned long current_stack_pointer asm("esp") __used; + #endif #else /* X86_32 */ @@ -12788,7 +15196,7 @@ index 89f794f..1422765 100644 /* * macros/functions for gaining access to the thread information structure * preempt_count needs to be 1 initially, until the scheduler is functional. -@@ -203,27 +196,8 @@ static inline struct thread_info *current_thread_info(void) +@@ -205,27 +196,8 @@ static inline struct thread_info *current_thread_info(void) #ifndef __ASSEMBLY__ DECLARE_PER_CPU(unsigned long, kernel_stack); @@ -12818,7 +15226,7 @@ index 89f794f..1422765 100644 #endif #endif /* !X86_32 */ -@@ -284,5 +258,12 @@ static inline bool is_ia32_task(void) +@@ -286,5 +258,12 @@ static inline bool is_ia32_task(void) extern void arch_task_cache_init(void); extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src); extern void arch_release_task_struct(struct task_struct *tsk); @@ -12832,26 +15240,18 @@ index 89f794f..1422765 100644 #endif #endif /* _ASM_X86_THREAD_INFO_H */ diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h -index e1f3a17..1ab364d 100644 +index 1709801..0a60f2f 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h -@@ -7,12 +7,15 @@ +@@ -7,6 +7,7 @@ #include <linux/compiler.h> #include <linux/thread_info.h> #include <linux/string.h> +#include <linux/sched.h> #include <asm/asm.h> #include <asm/page.h> - - #define VERIFY_READ 0 - #define VERIFY_WRITE 1 - -+extern void check_object_size(const void *ptr, unsigned long n, bool to); -+ - /* - * The fs value determines whether argument validity checking should be - * performed or not. If get_fs() == USER_DS, checking is performed, with -@@ -28,7 +31,12 @@ + #include <asm/smap.h> +@@ -29,7 +30,12 @@ #define get_ds() (KERNEL_DS) #define get_fs() (current_thread_info()->addr_limit) @@ -12864,7 +15264,7 @@ index e1f3a17..1ab364d 100644 #define segment_eq(a, b) ((a).seg == (b).seg) -@@ -76,8 +84,33 @@ +@@ -77,8 +83,33 @@ * checks that the pointer is in the user space range - after calling * this function, memory access functions may still return -EFAULT. */ @@ -12900,7 +15300,7 @@ index e1f3a17..1ab364d 100644 /* * The exception table consists of pairs of addresses relative to the -@@ -188,12 +221,20 @@ extern int __get_user_bad(void); +@@ -189,13 +220,21 @@ extern int __get_user_bad(void); asm volatile("call __put_user_" #size : "=a" (__ret_pu) \ : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx") @@ -12917,25 +15317,26 @@ index e1f3a17..1ab364d 100644 #ifdef CONFIG_X86_32 #define __put_user_asm_u64(x, addr, err, errret) \ -- asm volatile("1: movl %%eax,0(%2)\n" \ + asm volatile(ASM_STAC "\n" \ +- "1: movl %%eax,0(%2)\n" \ - "2: movl %%edx,4(%2)\n" \ -+ asm volatile("1: "__copyuser_seg"movl %%eax,0(%2)\n" \ ++ "1: "__copyuser_seg"movl %%eax,0(%2)\n" \ + "2: "__copyuser_seg"movl %%edx,4(%2)\n" \ - "3:\n" \ + "3: " ASM_CLAC "\n" \ ".section .fixup,\"ax\"\n" \ "4: movl %3,%0\n" \ -@@ -205,8 +246,8 @@ extern int __get_user_bad(void); - : "A" (x), "r" (addr), "i" (errret), "0" (err)) +@@ -208,8 +247,8 @@ extern int __get_user_bad(void); #define __put_user_asm_ex_u64(x, addr) \ -- asm volatile("1: movl %%eax,0(%1)\n" \ + asm volatile(ASM_STAC "\n" \ +- "1: movl %%eax,0(%1)\n" \ - "2: movl %%edx,4(%1)\n" \ -+ asm volatile("1: "__copyuser_seg"movl %%eax,0(%1)\n" \ ++ "1: "__copyuser_seg"movl %%eax,0(%1)\n" \ + "2: "__copyuser_seg"movl %%edx,4(%1)\n" \ - "3:\n" \ + "3: " ASM_CLAC "\n" \ _ASM_EXTABLE_EX(1b, 2b) \ _ASM_EXTABLE_EX(2b, 3b) \ -@@ -258,7 +299,7 @@ extern void __put_user_8(void); +@@ -259,7 +298,7 @@ extern void __put_user_8(void); __typeof__(*(ptr)) __pu_val; \ __chk_user_ptr(ptr); \ might_fault(); \ @@ -12944,16 +15345,16 @@ index e1f3a17..1ab364d 100644 switch (sizeof(*(ptr))) { \ case 1: \ __put_user_x(1, __pu_val, ptr, __ret_pu); \ -@@ -379,7 +420,7 @@ do { \ - } while (0) +@@ -358,7 +397,7 @@ do { \ #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \ -- asm volatile("1: mov"itype" %2,%"rtype"1\n" \ -+ asm volatile("1: "__copyuser_seg"mov"itype" %2,%"rtype"1\n"\ - "2:\n" \ + asm volatile(ASM_STAC "\n" \ +- "1: mov"itype" %2,%"rtype"1\n" \ ++ "1: "__copyuser_seg"mov"itype" %2,%"rtype"1\n"\ + "2: " ASM_CLAC "\n" \ ".section .fixup,\"ax\"\n" \ "3: mov %3,%0\n" \ -@@ -387,7 +428,7 @@ do { \ +@@ -366,7 +405,7 @@ do { \ " jmp 2b\n" \ ".previous\n" \ _ASM_EXTABLE(1b, 3b) \ @@ -12962,7 +15363,7 @@ index e1f3a17..1ab364d 100644 : "m" (__m(addr)), "i" (errret), "0" (err)) #define __get_user_size_ex(x, ptr, size) \ -@@ -412,7 +453,7 @@ do { \ +@@ -391,7 +430,7 @@ do { \ } while (0) #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \ @@ -12971,7 +15372,7 @@ index e1f3a17..1ab364d 100644 "2:\n" \ _ASM_EXTABLE_EX(1b, 2b) \ : ltype(x) : "m" (__m(addr))) -@@ -429,13 +470,24 @@ do { \ +@@ -408,13 +447,24 @@ do { \ int __gu_err; \ unsigned long __gu_val; \ __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \ @@ -12998,16 +15399,16 @@ index e1f3a17..1ab364d 100644 /* * Tell gcc we read from memory instead of writing: this is because -@@ -443,7 +495,7 @@ struct __large_struct { unsigned long buf[100]; }; - * aliasing issues. +@@ -423,7 +473,7 @@ struct __large_struct { unsigned long buf[100]; }; */ #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \ -- asm volatile("1: mov"itype" %"rtype"1,%2\n" \ -+ asm volatile("1: "__copyuser_seg"mov"itype" %"rtype"1,%2\n"\ - "2:\n" \ + asm volatile(ASM_STAC "\n" \ +- "1: mov"itype" %"rtype"1,%2\n" \ ++ "1: "__copyuser_seg"mov"itype" %"rtype"1,%2\n"\ + "2: " ASM_CLAC "\n" \ ".section .fixup,\"ax\"\n" \ "3: mov %3,%0\n" \ -@@ -451,10 +503,10 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -431,10 +481,10 @@ struct __large_struct { unsigned long buf[100]; }; ".previous\n" \ _ASM_EXTABLE(1b, 3b) \ : "=r"(err) \ @@ -13020,7 +15421,7 @@ index e1f3a17..1ab364d 100644 "2:\n" \ _ASM_EXTABLE_EX(1b, 2b) \ : : ltype(x), "m" (__m(addr))) -@@ -493,8 +545,12 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -473,8 +523,12 @@ struct __large_struct { unsigned long buf[100]; }; * On error, the variable @x is set to zero. */ @@ -13033,7 +15434,7 @@ index e1f3a17..1ab364d 100644 /** * __put_user: - Write a simple value into user space, with less checking. -@@ -516,8 +572,12 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -496,8 +550,12 @@ struct __large_struct { unsigned long buf[100]; }; * Returns zero on success, or -EFAULT on error. */ @@ -13046,7 +15447,7 @@ index e1f3a17..1ab364d 100644 #define __get_user_unaligned __get_user #define __put_user_unaligned __put_user -@@ -535,7 +595,7 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -515,7 +573,7 @@ struct __large_struct { unsigned long buf[100]; }; #define get_user_ex(x, ptr) do { \ unsigned long __gue_val; \ __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \ @@ -13054,9 +15455,20 @@ index e1f3a17..1ab364d 100644 + (x) = (__typeof__(*(ptr)))__gue_val; \ } while (0) - #ifdef CONFIG_X86_WP_WORKS_OK + #define put_user_try uaccess_try +@@ -532,8 +590,8 @@ strncpy_from_user(char *dst, const char __user *src, long count); + extern __must_check long strlen_user(const char __user *str); + extern __must_check long strnlen_user(const char __user *str, long n); + +-unsigned long __must_check clear_user(void __user *mem, unsigned long len); +-unsigned long __must_check __clear_user(void __user *mem, unsigned long len); ++unsigned long __must_check clear_user(void __user *mem, unsigned long len) __size_overflow(2); ++unsigned long __must_check __clear_user(void __user *mem, unsigned long len) __size_overflow(2); + + /* + * movsl can be slow when source and dest are not both 8-byte aligned diff --git a/arch/x86/include/asm/uaccess_32.h b/arch/x86/include/asm/uaccess_32.h -index 576e39b..ccd0a39 100644 +index 7f760a9..04b1c65 100644 --- a/arch/x86/include/asm/uaccess_32.h +++ b/arch/x86/include/asm/uaccess_32.h @@ -11,15 +11,15 @@ @@ -13080,25 +15492,18 @@ index 576e39b..ccd0a39 100644 /** * __copy_to_user_inatomic: - Copy a block of data into user space, with less checking. -@@ -43,6 +43,9 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero +@@ -43,6 +43,11 @@ unsigned long __must_check __copy_from_user_ll_nocache_nozero static __always_inline unsigned long __must_check __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) { + if ((long)n < 0) + return n; + ++ check_object_size(from, n, true); ++ if (__builtin_constant_p(n)) { unsigned long ret; -@@ -61,6 +64,8 @@ __copy_to_user_inatomic(void __user *to, const void *from, unsigned long n) - return ret; - } - } -+ if (!__builtin_constant_p(n)) -+ check_object_size(from, n, true); - return __copy_to_user_ll(to, from, n); - } - @@ -82,12 +87,16 @@ static __always_inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n) { @@ -13116,7 +15521,7 @@ index 576e39b..ccd0a39 100644 /* Avoid zeroing the tail if the copy fails.. * If 'n' is constant and 1, 2, or 4, we do still zero on a failure, * but as the zeroing behaviour is only significant when n is not -@@ -137,6 +146,10 @@ static __always_inline unsigned long +@@ -137,6 +146,12 @@ static __always_inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n) { might_fault(); @@ -13124,18 +15529,11 @@ index 576e39b..ccd0a39 100644 + if ((long)n < 0) + return n; + ++ check_object_size(to, n, false); ++ if (__builtin_constant_p(n)) { unsigned long ret; -@@ -152,6 +165,8 @@ __copy_from_user(void *to, const void __user *from, unsigned long n) - return ret; - } - } -+ if (!__builtin_constant_p(n)) -+ check_object_size(to, n, false); - return __copy_from_user_ll(to, from, n); - } - @@ -159,6 +174,10 @@ static __always_inline unsigned long __copy_from_user_nocache(void *to, const void __user *from, unsigned long n) { @@ -13152,18 +15550,18 @@ index 576e39b..ccd0a39 100644 unsigned long n) { - return __copy_from_user_ll_nocache_nozero(to, from, n); --} + if ((long)n < 0) + return n; ++ ++ return __copy_from_user_ll_nocache_nozero(to, from, n); + } -unsigned long __must_check copy_to_user(void __user *to, - const void *from, unsigned long n); -unsigned long __must_check _copy_from_user(void *to, - const void __user *from, - unsigned long n); -+ return __copy_from_user_ll_nocache_nozero(to, from, n); -+} - +- +extern void copy_to_user_overflow(void) +#ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS + __compiletime_error("copy_to_user() buffer size is not provably correct") @@ -13174,7 +15572,7 @@ index 576e39b..ccd0a39 100644 extern void copy_from_user_overflow(void) #ifdef CONFIG_DEBUG_STRICT_USER_COPY_CHECKS -@@ -199,21 +222,65 @@ extern void copy_from_user_overflow(void) +@@ -199,17 +222,60 @@ extern void copy_from_user_overflow(void) #endif ; @@ -13203,7 +15601,6 @@ index 576e39b..ccd0a39 100644 - if (likely(sz == -1 || sz >= n)) - n = _copy_from_user(to, from, n); - else -- copy_from_user_overflow(); + if (unlikely(sz != (size_t)-1 && sz < n)) + copy_to_user_overflow(); + else if (access_ok(VERIFY_WRITE, to, n)) @@ -13231,27 +15628,21 @@ index 576e39b..ccd0a39 100644 +copy_from_user(void *to, const void __user *from, unsigned long n) +{ + size_t sz = __compiletime_object_size(to); - ++ ++ check_object_size(to, n, false); ++ + if (unlikely(sz != (size_t)-1 && sz < n)) -+ copy_from_user_overflow(); + copy_from_user_overflow(); +- + else if (access_ok(VERIFY_READ, from, n)) + n = __copy_from_user(to, from, n); -+ else if ((long)n > 0) { -+ if (!__builtin_constant_p(n)) -+ check_object_size(to, n, false); ++ else if ((long)n > 0) + memset(to, 0, n); -+ } return n; } --unsigned long __must_check clear_user(void __user *mem, unsigned long len); --unsigned long __must_check __clear_user(void __user *mem, unsigned long len); -+unsigned long __must_check clear_user(void __user *mem, unsigned long len) __size_overflow(2); -+unsigned long __must_check __clear_user(void __user *mem, unsigned long len) __size_overflow(2); - - #endif /* _ASM_X86_UACCESS_32_H */ diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index d8def8b..6052b20 100644 +index 142810c..747941a 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -10,6 +10,9 @@ @@ -13282,7 +15673,7 @@ index d8def8b..6052b20 100644 copy_user_generic(void *to, const void *from, unsigned len) { unsigned ret; -@@ -41,142 +44,205 @@ copy_user_generic(void *to, const void *from, unsigned len) +@@ -41,142 +44,204 @@ copy_user_generic(void *to, const void *from, unsigned len) ASM_OUTPUT2("=a" (ret), "=D" (to), "=S" (from), "=d" (len)), "1" (to), "2" (from), "3" (len) @@ -13333,13 +15724,12 @@ index d8def8b..6052b20 100644 - WARN(1, "Buffer overflow detected!\n"); -#endif + ++ check_object_size(to, n, false); ++ + if (access_ok(VERIFY_READ, from, n)) + n = __copy_from_user(to, from, n); -+ else if (n < INT_MAX) { -+ if (!__builtin_constant_p(n)) -+ check_object_size(to, n, false); ++ else if (n < INT_MAX) + memset(to, 0, n); -+ } return n; } @@ -13364,12 +15754,12 @@ index d8def8b..6052b20 100644 + unsigned ret = 0; might_fault(); -- if (!__builtin_constant_p(size)) -- return copy_user_generic(dst, (__force void *)src, size); + + if (size > INT_MAX) + return size; + ++ check_object_size(dst, size, false); ++ +#ifdef CONFIG_PAX_MEMORY_UDEREF + if (!__access_ok(VERIFY_READ, src, size)) + return size; @@ -13380,10 +15770,9 @@ index d8def8b..6052b20 100644 + return size; + } + -+ if (!__builtin_constant_p(size)) { -+ check_object_size(dst, size, false); + if (!__builtin_constant_p(size)) +- return copy_user_generic(dst, (__force void *)src, size); + return copy_user_generic(dst, (__force_kernel const void *)____m(src), size); -+ } switch (size) { - case 1:__get_user_asm(*(u8 *)dst, (u8 __user *)src, + case 1:__get_user_asm(*(u8 *)dst, (const u8 __user *)src, @@ -13438,12 +15827,12 @@ index d8def8b..6052b20 100644 + unsigned ret = 0; might_fault(); -- if (!__builtin_constant_p(size)) -- return copy_user_generic((__force void *)dst, src, size); + + if (size > INT_MAX) + return size; + ++ check_object_size(src, size, true); ++ +#ifdef CONFIG_PAX_MEMORY_UDEREF + if (!__access_ok(VERIFY_WRITE, dst, size)) + return size; @@ -13454,10 +15843,9 @@ index d8def8b..6052b20 100644 + return size; + } + -+ if (!__builtin_constant_p(size)) { -+ check_object_size(src, size, true); + if (!__builtin_constant_p(size)) +- return copy_user_generic((__force void *)dst, src, size); + return copy_user_generic((__force_kernel void *)____m(dst), src, size); -+ } switch (size) { - case 1:__put_user_asm(*(u8 *)src, (u8 __user *)dst, + case 1:__put_user_asm(*(const u8 *)src, (u8 __user *)dst, @@ -13535,7 +15923,7 @@ index d8def8b..6052b20 100644 ret, "b", "b", "=q", 1); if (likely(!ret)) __put_user_asm(tmp, (u8 __user *)dst, -@@ -185,7 +251,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -185,7 +250,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 2: { u16 tmp; @@ -13544,7 +15932,7 @@ index d8def8b..6052b20 100644 ret, "w", "w", "=r", 2); if (likely(!ret)) __put_user_asm(tmp, (u16 __user *)dst, -@@ -195,7 +261,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -195,7 +260,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) case 4: { u32 tmp; @@ -13553,7 +15941,7 @@ index d8def8b..6052b20 100644 ret, "l", "k", "=r", 4); if (likely(!ret)) __put_user_asm(tmp, (u32 __user *)dst, -@@ -204,7 +270,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -204,7 +269,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 8: { u64 tmp; @@ -13562,7 +15950,7 @@ index d8def8b..6052b20 100644 ret, "q", "", "=r", 8); if (likely(!ret)) __put_user_asm(tmp, (u64 __user *)dst, -@@ -212,44 +278,65 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -212,41 +277,72 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) return ret; } default: @@ -13573,11 +15961,6 @@ index d8def8b..6052b20 100644 } } --__must_check unsigned long clear_user(void __user *mem, unsigned long len); --__must_check unsigned long __clear_user(void __user *mem, unsigned long len); -+__must_check unsigned long clear_user(void __user *mem, unsigned long len) __size_overflow(2); -+__must_check unsigned long __clear_user(void __user *mem, unsigned long len) __size_overflow(2); - static __must_check __always_inline int -__copy_from_user_inatomic(void *dst, const void __user *src, unsigned size) +__copy_from_user_inatomic(void *dst, const void __user *src, unsigned long size) @@ -13586,6 +15969,11 @@ index d8def8b..6052b20 100644 + if (size > INT_MAX) + return size; + ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ if (!__access_ok(VERIFY_READ, src, size)) ++ return size; ++#endif ++ + return copy_user_generic(dst, (__force_kernel const void *)____m(src), size); } @@ -13598,6 +15986,11 @@ index d8def8b..6052b20 100644 + if (size > INT_MAX) + return size; + ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ if (!__access_ok(VERIFY_WRITE, dst, size)) ++ return size; ++#endif ++ + return copy_user_generic((__force_kernel void *)____m(dst), src, size); } @@ -13646,19 +16039,6 @@ index d8def8b..6052b20 100644 +copy_user_handle_tail(char __user *to, char __user *from, unsigned long len, unsigned zerorest) __size_overflow(3); #endif /* _ASM_X86_UACCESS_64_H */ -diff --git a/arch/x86/include/asm/vdso.h b/arch/x86/include/asm/vdso.h -index bb05228..d763d5b 100644 ---- a/arch/x86/include/asm/vdso.h -+++ b/arch/x86/include/asm/vdso.h -@@ -11,7 +11,7 @@ extern const char VDSO32_PRELINK[]; - #define VDSO32_SYMBOL(base, name) \ - ({ \ - extern const char VDSO32_##name[]; \ -- (void *)(VDSO32_##name - VDSO32_PRELINK + (unsigned long)(base)); \ -+ (void __user *)(VDSO32_##name - VDSO32_PRELINK + (unsigned long)(base)); \ - }) - #endif - diff --git a/arch/x86/include/asm/word-at-a-time.h b/arch/x86/include/asm/word-at-a-time.h index 5b238981..77fdd78 100644 --- a/arch/x86/include/asm/word-at-a-time.h @@ -13673,91 +16053,10 @@ index 5b238981..77fdd78 100644 #define WORD_AT_A_TIME_CONSTANTS { REPEAT_BYTE(0x01), REPEAT_BYTE(0x80) } diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h -index 38155f6..e4184ba 100644 +index 5769349..a3d3e2a 100644 --- a/arch/x86/include/asm/x86_init.h +++ b/arch/x86/include/asm/x86_init.h -@@ -29,7 +29,7 @@ struct x86_init_mpparse { - void (*mpc_oem_bus_info)(struct mpc_bus *m, char *name); - void (*find_smp_config)(void); - void (*get_smp_config)(unsigned int early); --}; -+} __no_const; - - /** - * struct x86_init_resources - platform specific resource related ops -@@ -43,7 +43,7 @@ struct x86_init_resources { - void (*probe_roms)(void); - void (*reserve_resources)(void); - char *(*memory_setup)(void); --}; -+} __no_const; - - /** - * struct x86_init_irqs - platform specific interrupt setup -@@ -56,7 +56,7 @@ struct x86_init_irqs { - void (*pre_vector_init)(void); - void (*intr_init)(void); - void (*trap_init)(void); --}; -+} __no_const; - - /** - * struct x86_init_oem - oem platform specific customizing functions -@@ -66,7 +66,7 @@ struct x86_init_irqs { - struct x86_init_oem { - void (*arch_setup)(void); - void (*banner)(void); --}; -+} __no_const; - - /** - * struct x86_init_mapping - platform specific initial kernel pagetable setup -@@ -77,7 +77,7 @@ struct x86_init_oem { - */ - struct x86_init_mapping { - void (*pagetable_reserve)(u64 start, u64 end); --}; -+} __no_const; - - /** - * struct x86_init_paging - platform specific paging functions -@@ -87,7 +87,7 @@ struct x86_init_mapping { - struct x86_init_paging { - void (*pagetable_setup_start)(pgd_t *base); - void (*pagetable_setup_done)(pgd_t *base); --}; -+} __no_const; - - /** - * struct x86_init_timers - platform specific timer setup -@@ -102,7 +102,7 @@ struct x86_init_timers { - void (*tsc_pre_init)(void); - void (*timer_init)(void); - void (*wallclock_init)(void); --}; -+} __no_const; - - /** - * struct x86_init_iommu - platform specific iommu setup -@@ -110,7 +110,7 @@ struct x86_init_timers { - */ - struct x86_init_iommu { - int (*iommu_init)(void); --}; -+} __no_const; - - /** - * struct x86_init_pci - platform specific pci init functions -@@ -124,7 +124,7 @@ struct x86_init_pci { - int (*init)(void); - void (*init_irq)(void); - void (*fixup_irqs)(void); --}; -+} __no_const; - - /** - * struct x86_init_ops - functions for platform specific setup -@@ -140,7 +140,7 @@ struct x86_init_ops { +@@ -141,7 +141,7 @@ struct x86_init_ops { struct x86_init_timers timers; struct x86_init_iommu iommu; struct x86_init_pci pci; @@ -13766,7 +16065,7 @@ index 38155f6..e4184ba 100644 /** * struct x86_cpuinit_ops - platform specific cpu hotplug setups -@@ -151,7 +151,7 @@ struct x86_cpuinit_ops { +@@ -152,7 +152,7 @@ struct x86_cpuinit_ops { void (*setup_percpu_clockev)(void); void (*early_percpu_clock_init)(void); void (*fixup_cpu_id)(struct cpuinfo_x86 *c, int node); @@ -13775,7 +16074,7 @@ index 38155f6..e4184ba 100644 /** * struct x86_platform_ops - platform specific runtime functions -@@ -177,7 +177,7 @@ struct x86_platform_ops { +@@ -178,7 +178,7 @@ struct x86_platform_ops { void (*save_sched_clock_state)(void); void (*restore_sched_clock_state)(void); void (*apic_post_init)(void); @@ -13784,7 +16083,7 @@ index 38155f6..e4184ba 100644 struct pci_dev; -@@ -186,14 +186,14 @@ struct x86_msi_ops { +@@ -187,14 +187,14 @@ struct x86_msi_ops { void (*teardown_msi_irq)(unsigned int irq); void (*teardown_msi_irqs)(struct pci_dev *dev); void (*restore_msi_irqs)(struct pci_dev *dev, int irq); @@ -13802,50 +16101,90 @@ index 38155f6..e4184ba 100644 extern struct x86_init_ops x86_init; extern struct x86_cpuinit_ops x86_cpuinit; diff --git a/arch/x86/include/asm/xsave.h b/arch/x86/include/asm/xsave.h -index 8a1b6f9..d47ba6d 100644 +index 0415cda..b43d877 100644 --- a/arch/x86/include/asm/xsave.h +++ b/arch/x86/include/asm/xsave.h -@@ -65,6 +65,8 @@ static inline int xsave_user(struct xsave_struct __user *buf) - { - int err; - -+ buf = (struct xsave_struct __user *)____m(buf); -+ - /* - * Clear the xsave header first, so that reserved fields are - * initialized to zero. -@@ -74,7 +76,9 @@ static inline int xsave_user(struct xsave_struct __user *buf) - if (unlikely(err)) +@@ -71,7 +71,9 @@ static inline int xsave_user(struct xsave_struct __user *buf) return -EFAULT; -- __asm__ __volatile__("1: .byte " REX_PREFIX "0x0f,0xae,0x27\n" -+ __asm__ __volatile__("1:" + __asm__ __volatile__(ASM_STAC "\n" +- "1: .byte " REX_PREFIX "0x0f,0xae,0x27\n" ++ "1:" + __copyuser_seg + ".byte " REX_PREFIX "0x0f,0xae,0x27\n" - "2:\n" + "2: " ASM_CLAC "\n" ".section .fixup,\"ax\"\n" "3: movl $-1,%[err]\n" -@@ -93,11 +97,13 @@ static inline int xsave_user(struct xsave_struct __user *buf) +@@ -87,12 +89,14 @@ static inline int xsave_user(struct xsave_struct __user *buf) static inline int xrestore_user(struct xsave_struct __user *buf, u64 mask) { int err; - struct xsave_struct *xstate = ((__force struct xsave_struct *)buf); -+ struct xsave_struct *xstate = ((__force_kernel struct xsave_struct *)____m(buf)); ++ struct xsave_struct *xstate = ((__force_kernel struct xsave_struct *)buf); u32 lmask = mask; u32 hmask = mask >> 32; -- __asm__ __volatile__("1: .byte " REX_PREFIX "0x0f,0xae,0x2f\n" -+ __asm__ __volatile__("1:" + __asm__ __volatile__(ASM_STAC "\n" +- "1: .byte " REX_PREFIX "0x0f,0xae,0x2f\n" ++ "1:" + __copyuser_seg + ".byte " REX_PREFIX "0x0f,0xae,0x2f\n" - "2:\n" + "2: " ASM_CLAC "\n" ".section .fixup,\"ax\"\n" "3: movl $-1,%[err]\n" +diff --git a/arch/x86/include/uapi/asm/e820.h b/arch/x86/include/uapi/asm/e820.h +index bbae024..e1528f9 100644 +--- a/arch/x86/include/uapi/asm/e820.h ++++ b/arch/x86/include/uapi/asm/e820.h +@@ -63,7 +63,7 @@ struct e820map { + #define ISA_START_ADDRESS 0xa0000 + #define ISA_END_ADDRESS 0x100000 + +-#define BIOS_BEGIN 0x000a0000 ++#define BIOS_BEGIN 0x000c0000 + #define BIOS_END 0x00100000 + + #define BIOS_ROM_BASE 0xffe00000 +diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile +index 34e923a..0c6bb6e 100644 +--- a/arch/x86/kernel/Makefile ++++ b/arch/x86/kernel/Makefile +@@ -22,7 +22,7 @@ obj-y += time.o ioport.o ldt.o dumpstack.o nmi.o + obj-y += setup.o x86_init.o i8259.o irqinit.o jump_label.o + obj-$(CONFIG_IRQ_WORK) += irq_work.o + obj-y += probe_roms.o +-obj-$(CONFIG_X86_32) += i386_ksyms_32.o ++obj-$(CONFIG_X86_32) += sys_i386_32.o i386_ksyms_32.o + obj-$(CONFIG_X86_64) += sys_x86_64.o x8664_ksyms_64.o + obj-y += syscall_$(BITS).o + obj-$(CONFIG_X86_64) += vsyscall_64.o +diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c +index bacf4b0..4ede72e 100644 +--- a/arch/x86/kernel/acpi/boot.c ++++ b/arch/x86/kernel/acpi/boot.c +@@ -1358,7 +1358,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d) + * If your system is blacklisted here, but you find that acpi=force + * works for you, please contact linux-acpi@vger.kernel.org + */ +-static struct dmi_system_id __initdata acpi_dmi_table[] = { ++static const struct dmi_system_id __initconst acpi_dmi_table[] = { + /* + * Boxes that need ACPI disabled + */ +@@ -1433,7 +1433,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = { + }; + + /* second table for DMI checks that should run after early-quirks */ +-static struct dmi_system_id __initdata acpi_dmi_table_late[] = { ++static const struct dmi_system_id __initconst acpi_dmi_table_late[] = { + /* + * HP laptops which use a DSDT reporting as HP/SB400/10000, + * which includes some code which overrides all temperature diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c -index 1b8e5a0..354fd59 100644 +index d5e0d71..6533e08 100644 --- a/arch/x86/kernel/acpi/sleep.c +++ b/arch/x86/kernel/acpi/sleep.c -@@ -69,8 +69,12 @@ int acpi_suspend_lowlevel(void) +@@ -74,8 +74,12 @@ int acpi_suspend_lowlevel(void) #else /* CONFIG_64BIT */ #ifdef CONFIG_SMP stack_start = (unsigned long)temp_stack + sizeof(temp_stack); @@ -13879,10 +16218,10 @@ index 13ab720..95d5442 100644 bogus_magic: jmp bogus_magic diff --git a/arch/x86/kernel/alternative.c b/arch/x86/kernel/alternative.c -index ced4534..3e75d69 100644 +index ef5ccca..bd83949 100644 --- a/arch/x86/kernel/alternative.c +++ b/arch/x86/kernel/alternative.c -@@ -281,6 +281,13 @@ void __init_or_module apply_alternatives(struct alt_instr *start, +@@ -268,6 +268,13 @@ void __init_or_module apply_alternatives(struct alt_instr *start, */ for (a = start; a < end; a++) { instr = (u8 *)&a->instr_offset + a->instr_offset; @@ -13896,7 +16235,7 @@ index ced4534..3e75d69 100644 replacement = (u8 *)&a->repl_offset + a->repl_offset; BUG_ON(a->replacementlen > a->instrlen); BUG_ON(a->instrlen > sizeof(insnbuf)); -@@ -312,10 +319,16 @@ static void alternatives_smp_lock(const s32 *start, const s32 *end, +@@ -299,10 +306,16 @@ static void alternatives_smp_lock(const s32 *start, const s32 *end, for (poff = start; poff < end; poff++) { u8 *ptr = (u8 *)poff + *poff; @@ -13912,9 +16251,9 @@ index ced4534..3e75d69 100644 - if (*ptr == 0x3e) + if (*ktla_ktva(ptr) == 0x3e) text_poke(ptr, ((unsigned char []){0xf0}), 1); - }; + } mutex_unlock(&text_mutex); -@@ -333,10 +346,16 @@ static void alternatives_smp_unlock(const s32 *start, const s32 *end, +@@ -317,10 +330,16 @@ static void alternatives_smp_unlock(const s32 *start, const s32 *end, for (poff = start; poff < end; poff++) { u8 *ptr = (u8 *)poff + *poff; @@ -13930,9 +16269,9 @@ index ced4534..3e75d69 100644 - if (*ptr == 0xf0) + if (*ktla_ktva(ptr) == 0xf0) text_poke(ptr, ((unsigned char []){0x3E}), 1); - }; + } mutex_unlock(&text_mutex); -@@ -505,7 +524,7 @@ void __init_or_module apply_paravirt(struct paravirt_patch_site *start, +@@ -468,7 +487,7 @@ void __init_or_module apply_paravirt(struct paravirt_patch_site *start, BUG_ON(p->len > MAX_PATCH_LEN); /* prep the buffer with the original instructions */ @@ -13941,16 +16280,16 @@ index ced4534..3e75d69 100644 used = pv_init_ops.patch(p->instrtype, p->clobbers, insnbuf, (unsigned long)p->instr, p->len); -@@ -573,7 +592,7 @@ void __init alternative_instructions(void) - if (smp_alt_once) +@@ -515,7 +534,7 @@ void __init alternative_instructions(void) + if (!uniproc_patched || num_possible_cpus() == 1) free_init_pages("SMP alternatives", (unsigned long)__smp_locks, - (unsigned long)__smp_locks_end); + PAGE_ALIGN((unsigned long)__smp_locks_end)); + #endif - restart_nmi(); - } -@@ -590,13 +609,17 @@ void __init alternative_instructions(void) + apply_paravirt(__parainstructions, __parainstructions_end); +@@ -535,13 +554,17 @@ void __init alternative_instructions(void) * instructions. And on the local CPU you need to be protected again NMI or MCE * handlers seeing an inconsistent instruction while you patch. */ @@ -13970,7 +16309,7 @@ index ced4534..3e75d69 100644 local_irq_restore(flags); /* Could also do a CLFLUSH here to speed up CPU recovery; but that causes hangs on some VIA CPUs. */ -@@ -618,36 +641,22 @@ void *__init_or_module text_poke_early(void *addr, const void *opcode, +@@ -563,36 +586,22 @@ void *__init_or_module text_poke_early(void *addr, const void *opcode, */ void *__kprobes text_poke(void *addr, const void *opcode, size_t len) { @@ -14016,10 +16355,10 @@ index ced4534..3e75d69 100644 } diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c -index 24deb30..94a3426 100644 +index cbf5121..812b537 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c -@@ -185,7 +185,7 @@ int first_system_vector = 0xfe; +@@ -189,7 +189,7 @@ int first_system_vector = 0xfe; /* * Debug level, exported for io_apic.c */ @@ -14028,7 +16367,7 @@ index 24deb30..94a3426 100644 int pic_mode; -@@ -1923,7 +1923,7 @@ void smp_error_interrupt(struct pt_regs *regs) +@@ -1956,7 +1956,7 @@ void smp_error_interrupt(struct pt_regs *regs) apic_write(APIC_ESR, 0); v1 = apic_read(APIC_ESR); ack_APIC_irq(); @@ -14037,19 +16376,79 @@ index 24deb30..94a3426 100644 apic_printk(APIC_DEBUG, KERN_DEBUG "APIC error on CPU%d: %02x(%02x)", smp_processor_id(), v0 , v1); -@@ -2155,7 +2155,9 @@ void __init apic_set_eoi_write(void (*eoi_write)(u32 reg, u32 v)) - for (drv = __apicdrivers; drv < __apicdrivers_end; drv++) { - /* Should happen once for each apic */ - WARN_ON((*drv)->eoi_write == eoi_write); -- (*drv)->eoi_write = eoi_write; -+ pax_open_kernel(); -+ *(void **)&(*drv)->eoi_write = eoi_write; -+ pax_close_kernel(); - } +diff --git a/arch/x86/kernel/apic/apic_flat_64.c b/arch/x86/kernel/apic/apic_flat_64.c +index 00c77cf..2dc6a2d 100644 +--- a/arch/x86/kernel/apic/apic_flat_64.c ++++ b/arch/x86/kernel/apic/apic_flat_64.c +@@ -157,7 +157,7 @@ static int flat_probe(void) + return 1; } +-static struct apic apic_flat = { ++static struct apic apic_flat __read_only = { + .name = "flat", + .probe = flat_probe, + .acpi_madt_oem_check = flat_acpi_madt_oem_check, +@@ -271,7 +271,7 @@ static int physflat_probe(void) + return 0; + } + +-static struct apic apic_physflat = { ++static struct apic apic_physflat __read_only = { + + .name = "physical flat", + .probe = physflat_probe, +diff --git a/arch/x86/kernel/apic/apic_noop.c b/arch/x86/kernel/apic/apic_noop.c +index e145f28..2752888 100644 +--- a/arch/x86/kernel/apic/apic_noop.c ++++ b/arch/x86/kernel/apic/apic_noop.c +@@ -119,7 +119,7 @@ static void noop_apic_write(u32 reg, u32 v) + WARN_ON_ONCE(cpu_has_apic && !disable_apic); + } + +-struct apic apic_noop = { ++struct apic apic_noop __read_only = { + .name = "noop", + .probe = noop_probe, + .acpi_madt_oem_check = NULL, +diff --git a/arch/x86/kernel/apic/bigsmp_32.c b/arch/x86/kernel/apic/bigsmp_32.c +index d50e364..543bee3 100644 +--- a/arch/x86/kernel/apic/bigsmp_32.c ++++ b/arch/x86/kernel/apic/bigsmp_32.c +@@ -152,7 +152,7 @@ static int probe_bigsmp(void) + return dmi_bigsmp; + } + +-static struct apic apic_bigsmp = { ++static struct apic apic_bigsmp __read_only = { + + .name = "bigsmp", + .probe = probe_bigsmp, +diff --git a/arch/x86/kernel/apic/es7000_32.c b/arch/x86/kernel/apic/es7000_32.c +index 0874799..a7a7892 100644 +--- a/arch/x86/kernel/apic/es7000_32.c ++++ b/arch/x86/kernel/apic/es7000_32.c +@@ -608,8 +608,7 @@ static int es7000_mps_oem_check_cluster(struct mpc_table *mpc, char *oem, + return ret && es7000_apic_is_cluster(); + } + +-/* We've been warned by a false positive warning.Use __refdata to keep calm. */ +-static struct apic __refdata apic_es7000_cluster = { ++static struct apic apic_es7000_cluster __read_only = { + + .name = "es7000", + .probe = probe_es7000, +@@ -675,7 +674,7 @@ static struct apic __refdata apic_es7000_cluster = { + .x86_32_early_logical_apicid = es7000_early_logical_apicid, + }; + +-static struct apic __refdata apic_es7000 = { ++static struct apic apic_es7000 __read_only = { + + .name = "es7000", + .probe = probe_es7000, diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c -index c265593..137c4ac 100644 +index b739d39..aebc14c 100644 --- a/arch/x86/kernel/apic/io_apic.c +++ b/arch/x86/kernel/apic/io_apic.c @@ -1084,7 +1084,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin, @@ -14070,7 +16469,7 @@ index c265593..137c4ac 100644 { raw_spin_unlock(&vector_lock); } -@@ -2408,7 +2408,7 @@ static void ack_apic_edge(struct irq_data *data) +@@ -2399,7 +2399,7 @@ static void ack_apic_edge(struct irq_data *data) ack_APIC_irq(); } @@ -14079,7 +16478,7 @@ index c265593..137c4ac 100644 #ifdef CONFIG_GENERIC_PENDING_IRQ static bool io_apic_level_ack_pending(struct irq_cfg *cfg) -@@ -2549,7 +2549,7 @@ static void ack_apic_level(struct irq_data *data) +@@ -2540,7 +2540,7 @@ static void ack_apic_level(struct irq_data *data) * at the cpu. */ if (!(v & (1 << (i & 0x1f)))) { @@ -14088,6 +16487,112 @@ index c265593..137c4ac 100644 eoi_ioapic_irq(irq, cfg); } +@@ -2567,11 +2567,13 @@ static void ir_print_prefix(struct irq_data *data, struct seq_file *p) + + static void irq_remap_modify_chip_defaults(struct irq_chip *chip) + { +- chip->irq_print_chip = ir_print_prefix; +- chip->irq_ack = ir_ack_apic_edge; +- chip->irq_eoi = ir_ack_apic_level; ++ pax_open_kernel(); ++ *(void **)&chip->irq_print_chip = ir_print_prefix; ++ *(void **)&chip->irq_ack = ir_ack_apic_edge; ++ *(void **)&chip->irq_eoi = ir_ack_apic_level; + +- chip->irq_set_affinity = set_remapped_irq_affinity; ++ *(void **)&chip->irq_set_affinity = set_remapped_irq_affinity; ++ pax_close_kernel(); + } + #endif /* CONFIG_IRQ_REMAP */ + +diff --git a/arch/x86/kernel/apic/numaq_32.c b/arch/x86/kernel/apic/numaq_32.c +index d661ee9..791fd33 100644 +--- a/arch/x86/kernel/apic/numaq_32.c ++++ b/arch/x86/kernel/apic/numaq_32.c +@@ -455,8 +455,7 @@ static void numaq_setup_portio_remap(void) + (u_long) xquad_portio, (u_long) num_quads*XQUAD_PORTIO_QUAD); + } + +-/* Use __refdata to keep false positive warning calm. */ +-static struct apic __refdata apic_numaq = { ++static struct apic apic_numaq __read_only = { + + .name = "NUMAQ", + .probe = probe_numaq, +diff --git a/arch/x86/kernel/apic/probe_32.c b/arch/x86/kernel/apic/probe_32.c +index eb35ef9..f184a21 100644 +--- a/arch/x86/kernel/apic/probe_32.c ++++ b/arch/x86/kernel/apic/probe_32.c +@@ -72,7 +72,7 @@ static int probe_default(void) + return 1; + } + +-static struct apic apic_default = { ++static struct apic apic_default __read_only = { + + .name = "default", + .probe = probe_default, +diff --git a/arch/x86/kernel/apic/summit_32.c b/arch/x86/kernel/apic/summit_32.c +index 77c95c0..434f8a4 100644 +--- a/arch/x86/kernel/apic/summit_32.c ++++ b/arch/x86/kernel/apic/summit_32.c +@@ -486,7 +486,7 @@ void setup_summit(void) + } + #endif + +-static struct apic apic_summit = { ++static struct apic apic_summit __read_only = { + + .name = "summit", + .probe = probe_summit, +diff --git a/arch/x86/kernel/apic/x2apic_cluster.c b/arch/x86/kernel/apic/x2apic_cluster.c +index c88baa4..757aee1 100644 +--- a/arch/x86/kernel/apic/x2apic_cluster.c ++++ b/arch/x86/kernel/apic/x2apic_cluster.c +@@ -183,7 +183,7 @@ update_clusterinfo(struct notifier_block *nfb, unsigned long action, void *hcpu) + return notifier_from_errno(err); + } + +-static struct notifier_block __refdata x2apic_cpu_notifier = { ++static struct notifier_block x2apic_cpu_notifier = { + .notifier_call = update_clusterinfo, + }; + +@@ -235,7 +235,7 @@ static void cluster_vector_allocation_domain(int cpu, struct cpumask *retmask, + cpumask_and(retmask, mask, per_cpu(cpus_in_cluster, cpu)); + } + +-static struct apic apic_x2apic_cluster = { ++static struct apic apic_x2apic_cluster __read_only = { + + .name = "cluster x2apic", + .probe = x2apic_cluster_probe, +diff --git a/arch/x86/kernel/apic/x2apic_phys.c b/arch/x86/kernel/apic/x2apic_phys.c +index 562a76d..a003c0f 100644 +--- a/arch/x86/kernel/apic/x2apic_phys.c ++++ b/arch/x86/kernel/apic/x2apic_phys.c +@@ -89,7 +89,7 @@ static int x2apic_phys_probe(void) + return apic == &apic_x2apic_phys; + } + +-static struct apic apic_x2apic_phys = { ++static struct apic apic_x2apic_phys __read_only = { + + .name = "physical x2apic", + .probe = x2apic_phys_probe, +diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c +index 8cfade9..b9d04fc 100644 +--- a/arch/x86/kernel/apic/x2apic_uv_x.c ++++ b/arch/x86/kernel/apic/x2apic_uv_x.c +@@ -333,7 +333,7 @@ static int uv_probe(void) + return apic == &apic_x2apic_uv_x; + } + +-static struct apic __refdata apic_x2apic_uv_x = { ++static struct apic apic_x2apic_uv_x __read_only = { + + .name = "UV large system", + .probe = uv_probe, diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c index d65464e..1035d31 100644 --- a/arch/x86/kernel/apm_32.c @@ -14164,7 +16669,7 @@ index d65464e..1035d31 100644 proc_create("apm", 0, NULL, &apm_file_ops); diff --git a/arch/x86/kernel/asm-offsets.c b/arch/x86/kernel/asm-offsets.c -index 68de2dc..1f3c720 100644 +index 2861082..6d4718e 100644 --- a/arch/x86/kernel/asm-offsets.c +++ b/arch/x86/kernel/asm-offsets.c @@ -33,6 +33,8 @@ void common(void) { @@ -14183,16 +16688,16 @@ index 68de2dc..1f3c720 100644 + +#ifdef CONFIG_PAX_KERNEXEC + OFFSET(PV_CPU_write_cr0, pv_cpu_ops, write_cr0); -+#endif -+ + #endif + +#ifdef CONFIG_PAX_MEMORY_UDEREF + OFFSET(PV_MMU_read_cr3, pv_mmu_ops, read_cr3); + OFFSET(PV_MMU_write_cr3, pv_mmu_ops, write_cr3); +#ifdef CONFIG_X86_64 + OFFSET(PV_MMU_set_pgd_batched, pv_mmu_ops, set_pgd_batched); +#endif - #endif - ++#endif ++ +#endif + + BLANK(); @@ -14216,7 +16721,7 @@ index 1b4754f..fbb4227 100644 BLANK(); diff --git a/arch/x86/kernel/cpu/Makefile b/arch/x86/kernel/cpu/Makefile -index d30a6a9..79becab 100644 +index a0e067d..9c7db16 100644 --- a/arch/x86/kernel/cpu/Makefile +++ b/arch/x86/kernel/cpu/Makefile @@ -8,10 +8,6 @@ CFLAGS_REMOVE_common.o = -pg @@ -14231,10 +16736,10 @@ index d30a6a9..79becab 100644 obj-y += proc.o capflags.o powerflags.o common.o obj-y += vmware.o hypervisor.o mshyperv.o diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c -index e4da438..8b1c97c 100644 +index 15239ff..e23e04e 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c -@@ -738,7 +738,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, +@@ -733,7 +733,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, unsigned int size) { /* AMD errata T13 (order #21922) */ @@ -14244,7 +16749,7 @@ index e4da438..8b1c97c 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index a5fbc3c..2254849 100644 +index 9c3ab43..51e6366 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -86,60 +86,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { @@ -14308,7 +16813,7 @@ index a5fbc3c..2254849 100644 static int __init x86_xsave_setup(char *s) { setup_clear_cpu_cap(X86_FEATURE_XSAVE); -@@ -376,7 +322,7 @@ void switch_to_new_gdt(int cpu) +@@ -389,7 +335,7 @@ void switch_to_new_gdt(int cpu) { struct desc_ptr gdt_descr; @@ -14317,7 +16822,7 @@ index a5fbc3c..2254849 100644 gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); /* Reload the per-cpu base */ -@@ -872,6 +818,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) +@@ -885,6 +831,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) /* Filter out anything that depends on CPUID levels we don't have */ filter_cpuid_features(c, true); @@ -14328,7 +16833,7 @@ index a5fbc3c..2254849 100644 /* If the model name is still unset, do table lookup. */ if (!c->x86_model_id[0]) { const char *p; -@@ -1054,10 +1004,12 @@ static __init int setup_disablecpuid(char *arg) +@@ -1068,10 +1018,12 @@ static __init int setup_disablecpuid(char *arg) } __setup("clearcpuid=", setup_disablecpuid); @@ -14343,7 +16848,7 @@ index a5fbc3c..2254849 100644 DEFINE_PER_CPU_FIRST(union irq_stack_union, irq_stack_union) __aligned(PAGE_SIZE); -@@ -1071,7 +1023,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = +@@ -1085,7 +1037,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = EXPORT_PER_CPU_SYMBOL(current_task); DEFINE_PER_CPU(unsigned long, kernel_stack) = @@ -14352,16 +16857,7 @@ index a5fbc3c..2254849 100644 EXPORT_PER_CPU_SYMBOL(kernel_stack); DEFINE_PER_CPU(char *, irq_stack_ptr) = -@@ -1165,7 +1117,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs) - { - memset(regs, 0, sizeof(struct pt_regs)); - regs->fs = __KERNEL_PERCPU; -- regs->gs = __KERNEL_STACK_CANARY; -+ savesegment(gs, regs->gs); - - return regs; - } -@@ -1220,7 +1172,7 @@ void __cpuinit cpu_init(void) +@@ -1224,7 +1176,7 @@ void __cpuinit cpu_init(void) int i; cpu = stack_smp_processor_id(); @@ -14370,7 +16866,7 @@ index a5fbc3c..2254849 100644 oist = &per_cpu(orig_ist, cpu); #ifdef CONFIG_NUMA -@@ -1246,7 +1198,7 @@ void __cpuinit cpu_init(void) +@@ -1250,7 +1202,7 @@ void __cpuinit cpu_init(void) switch_to_new_gdt(cpu); loadsegment(fs, 0); @@ -14379,14 +16875,14 @@ index a5fbc3c..2254849 100644 memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8); syscall_init(); -@@ -1255,7 +1207,6 @@ void __cpuinit cpu_init(void) +@@ -1259,7 +1211,6 @@ void __cpuinit cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); - x86_configure_nx(); - if (cpu != 0) - enable_x2apic(); + enable_x2apic(); + /* @@ -1311,7 +1262,7 @@ void __cpuinit cpu_init(void) { int cpu = smp_processor_id(); @@ -14397,7 +16893,7 @@ index a5fbc3c..2254849 100644 if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) { diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c -index 0a4ce29..f211176 100644 +index fcaabd0..7b55a26 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -174,7 +174,7 @@ static void __cpuinit trap_init_f00f_bug(void) @@ -14409,8 +16905,108 @@ index 0a4ce29..f211176 100644 load_idt(&idt_descr); } #endif +diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c +index 84c1309..39b7224 100644 +--- a/arch/x86/kernel/cpu/intel_cacheinfo.c ++++ b/arch/x86/kernel/cpu/intel_cacheinfo.c +@@ -1017,6 +1017,22 @@ static struct attribute *default_attrs[] = { + }; + + #ifdef CONFIG_AMD_NB ++static struct attribute *default_attrs_amd_nb[] = { ++ &type.attr, ++ &level.attr, ++ &coherency_line_size.attr, ++ &physical_line_partition.attr, ++ &ways_of_associativity.attr, ++ &number_of_sets.attr, ++ &size.attr, ++ &shared_cpu_map.attr, ++ &shared_cpu_list.attr, ++ NULL, ++ NULL, ++ NULL, ++ NULL ++}; ++ + static struct attribute ** __cpuinit amd_l3_attrs(void) + { + static struct attribute **attrs; +@@ -1027,18 +1043,7 @@ static struct attribute ** __cpuinit amd_l3_attrs(void) + + n = ARRAY_SIZE(default_attrs); + +- if (amd_nb_has_feature(AMD_NB_L3_INDEX_DISABLE)) +- n += 2; +- +- if (amd_nb_has_feature(AMD_NB_L3_PARTITIONING)) +- n += 1; +- +- attrs = kzalloc(n * sizeof (struct attribute *), GFP_KERNEL); +- if (attrs == NULL) +- return attrs = default_attrs; +- +- for (n = 0; default_attrs[n]; n++) +- attrs[n] = default_attrs[n]; ++ attrs = default_attrs_amd_nb; + + if (amd_nb_has_feature(AMD_NB_L3_INDEX_DISABLE)) { + attrs[n++] = &cache_disable_0.attr; +@@ -1089,6 +1094,13 @@ static struct kobj_type ktype_cache = { + .default_attrs = default_attrs, + }; + ++#ifdef CONFIG_AMD_NB ++static struct kobj_type ktype_cache_amd_nb = { ++ .sysfs_ops = &sysfs_ops, ++ .default_attrs = default_attrs_amd_nb, ++}; ++#endif ++ + static struct kobj_type ktype_percpu_entry = { + .sysfs_ops = &sysfs_ops, + }; +@@ -1154,20 +1166,26 @@ static int __cpuinit cache_add_dev(struct device *dev) + return retval; + } + ++#ifdef CONFIG_AMD_NB ++ amd_l3_attrs(); ++#endif ++ + for (i = 0; i < num_cache_leaves; i++) { ++ struct kobj_type *ktype; ++ + this_object = INDEX_KOBJECT_PTR(cpu, i); + this_object->cpu = cpu; + this_object->index = i; + + this_leaf = CPUID4_INFO_IDX(cpu, i); + +- ktype_cache.default_attrs = default_attrs; ++ ktype = &ktype_cache; + #ifdef CONFIG_AMD_NB + if (this_leaf->base.nb) +- ktype_cache.default_attrs = amd_l3_attrs(); ++ ktype = &ktype_cache_amd_nb; + #endif + retval = kobject_init_and_add(&(this_object->kobj), +- &ktype_cache, ++ ktype, + per_cpu(ici_cache_kobject, cpu), + "index%1lu", i); + if (unlikely(retval)) { +@@ -1222,7 +1240,7 @@ static int __cpuinit cacheinfo_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata cacheinfo_cpu_notifier = { ++static struct notifier_block cacheinfo_cpu_notifier = { + .notifier_call = cacheinfo_cpu_callback, + }; + diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c -index 292d025..b520c94 100644 +index 80dbda8..be16652 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -45,6 +45,7 @@ @@ -14421,7 +17017,7 @@ index 292d025..b520c94 100644 #include "mce-internal.h" -@@ -253,7 +254,7 @@ static void print_mce(struct mce *m) +@@ -246,7 +247,7 @@ static void print_mce(struct mce *m) !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "", m->cs, m->ip); @@ -14430,7 +17026,7 @@ index 292d025..b520c94 100644 print_symbol("{%s}", m->ip); pr_cont("\n"); } -@@ -286,10 +287,10 @@ static void print_mce(struct mce *m) +@@ -279,10 +280,10 @@ static void print_mce(struct mce *m) #define PANIC_TIMEOUT 5 /* 5 seconds */ @@ -14443,7 +17039,7 @@ index 292d025..b520c94 100644 /* Panic in progress. Enable interrupts and wait for final IPI */ static void wait_for_panic(void) -@@ -313,7 +314,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) +@@ -306,7 +307,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) /* * Make sure only one CPU runs in machine check panic */ @@ -14452,7 +17048,7 @@ index 292d025..b520c94 100644 wait_for_panic(); barrier(); -@@ -321,7 +322,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) +@@ -314,7 +315,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) console_verbose(); } else { /* Don't log too much for fake panic */ @@ -14461,16 +17057,16 @@ index 292d025..b520c94 100644 return; } /* First print corrected ones that are still unlogged */ -@@ -693,7 +694,7 @@ static int mce_timed_out(u64 *t) +@@ -686,7 +687,7 @@ static int mce_timed_out(u64 *t) * might have been modified by someone else. */ rmb(); - if (atomic_read(&mce_paniced)) + if (atomic_read_unchecked(&mce_paniced)) wait_for_panic(); - if (!monarch_timeout) + if (!mca_cfg.monarch_timeout) goto out; -@@ -1619,7 +1620,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) +@@ -1662,7 +1663,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) } /* Call the installed machine check handler for this CPU setup. */ @@ -14479,7 +17075,7 @@ index 292d025..b520c94 100644 unexpected_machine_check; /* -@@ -1642,7 +1643,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1685,7 +1686,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) return; } @@ -14489,7 +17085,7 @@ index 292d025..b520c94 100644 __mcheck_cpu_init_generic(); __mcheck_cpu_init_vendor(c); -@@ -1656,7 +1659,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1699,7 +1702,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) */ static DEFINE_SPINLOCK(mce_chrdev_state_lock); @@ -14498,7 +17094,7 @@ index 292d025..b520c94 100644 static int mce_chrdev_open_exclu; /* already open exclusive? */ static int mce_chrdev_open(struct inode *inode, struct file *file) -@@ -1664,7 +1667,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1707,7 +1710,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) spin_lock(&mce_chrdev_state_lock); if (mce_chrdev_open_exclu || @@ -14507,7 +17103,7 @@ index 292d025..b520c94 100644 spin_unlock(&mce_chrdev_state_lock); return -EBUSY; -@@ -1672,7 +1675,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1715,7 +1718,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) if (file->f_flags & O_EXCL) mce_chrdev_open_exclu = 1; @@ -14516,7 +17112,7 @@ index 292d025..b520c94 100644 spin_unlock(&mce_chrdev_state_lock); -@@ -1683,7 +1686,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) +@@ -1726,7 +1729,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) { spin_lock(&mce_chrdev_state_lock); @@ -14525,7 +17121,25 @@ index 292d025..b520c94 100644 mce_chrdev_open_exclu = 0; spin_unlock(&mce_chrdev_state_lock); -@@ -2407,7 +2410,7 @@ struct dentry *mce_get_debugfs_dir(void) +@@ -2372,7 +2375,7 @@ mce_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu) + return NOTIFY_OK; + } + +-static struct notifier_block mce_cpu_notifier __cpuinitdata = { ++static struct notifier_block mce_cpu_notifier = { + .notifier_call = mce_cpu_callback, + }; + +@@ -2382,7 +2385,7 @@ static __init void mce_init_banks(void) + + for (i = 0; i < mca_cfg.banks; i++) { + struct mce_bank *b = &mce_banks[i]; +- struct device_attribute *a = &b->attr; ++ device_attribute_no_const *a = &b->attr; + + sysfs_attr_init(&a->attr); + a->attr.name = b->attrname; +@@ -2450,7 +2453,7 @@ struct dentry *mce_get_debugfs_dir(void) static void mce_reset(void) { cpu_missing = 0; @@ -14556,6 +17170,19 @@ index 2d5454c..51987eb 100644 /* Make sure the vector pointer is visible before we enable MCEs: */ wmb(); +diff --git a/arch/x86/kernel/cpu/mcheck/therm_throt.c b/arch/x86/kernel/cpu/mcheck/therm_throt.c +index 47a1870..8c019a7 100644 +--- a/arch/x86/kernel/cpu/mcheck/therm_throt.c ++++ b/arch/x86/kernel/cpu/mcheck/therm_throt.c +@@ -288,7 +288,7 @@ thermal_throttle_cpu_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block thermal_throttle_cpu_notifier __cpuinitdata = ++static struct notifier_block thermal_throttle_cpu_notifier = + { + .notifier_call = thermal_throttle_cpu_callback, + }; diff --git a/arch/x86/kernel/cpu/mcheck/winchip.c b/arch/x86/kernel/cpu/mcheck/winchip.c index 2d7998f..17c9de1 100644 --- a/arch/x86/kernel/cpu/mcheck/winchip.c @@ -14579,7 +17206,7 @@ index 2d7998f..17c9de1 100644 wmb(); diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c -index 6b96110..0da73eb 100644 +index 726bf96..81f0526 100644 --- a/arch/x86/kernel/cpu/mtrr/main.c +++ b/arch/x86/kernel/cpu/mtrr/main.c @@ -62,7 +62,7 @@ static DEFINE_MUTEX(mtrr_mutex); @@ -14605,10 +17232,37 @@ index df5e41f..816c719 100644 extern int generic_get_free_region(unsigned long base, unsigned long size, int replace_reg); diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c -index 915b876..171f845 100644 +index 6774c17..72c1b22 100644 --- a/arch/x86/kernel/cpu/perf_event.c +++ b/arch/x86/kernel/cpu/perf_event.c -@@ -1757,7 +1757,7 @@ static unsigned long get_segment_base(unsigned int segment) +@@ -1305,7 +1305,7 @@ static void __init pmu_check_apic(void) + pr_info("no hardware sampling interrupt available.\n"); + } + +-static struct attribute_group x86_pmu_format_group = { ++static attribute_group_no_const x86_pmu_format_group = { + .name = "format", + .attrs = NULL, + }; +@@ -1313,7 +1313,7 @@ static struct attribute_group x86_pmu_format_group = { + struct perf_pmu_events_attr { + struct device_attribute attr; + u64 id; +-}; ++} __do_const; + + /* + * Remove all undefined events (x86_pmu.event_map(id) == 0) +@@ -1381,7 +1381,7 @@ static struct attribute *events_attr[] = { + NULL, + }; + +-static struct attribute_group x86_pmu_events_group = { ++static attribute_group_no_const x86_pmu_events_group = { + .name = "events", + .attrs = events_attr, + }; +@@ -1880,7 +1880,7 @@ static unsigned long get_segment_base(unsigned int segment) if (idx > GDT_ENTRIES) return 0; @@ -14617,7 +17271,7 @@ index 915b876..171f845 100644 } return get_desc_base(desc + idx); -@@ -1847,7 +1847,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) +@@ -1970,7 +1970,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) break; perf_callchain_store(entry, frame.return_address); @@ -14627,10 +17281,10 @@ index 915b876..171f845 100644 } diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c -index 6bca492..36e4496 100644 +index 4914e94..60b06e3 100644 --- a/arch/x86/kernel/cpu/perf_event_intel.c +++ b/arch/x86/kernel/cpu/perf_event_intel.c -@@ -1947,10 +1947,10 @@ __init int intel_pmu_init(void) +@@ -1958,10 +1958,10 @@ __init int intel_pmu_init(void) * v2 and above have a perf capabilities MSR */ if (version > 1) { @@ -14644,11 +17298,59 @@ index 6bca492..36e4496 100644 } intel_ds_init(); +diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c +index b43200d..7fdcdbb 100644 +--- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c ++++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c +@@ -2428,7 +2428,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types) + static int __init uncore_type_init(struct intel_uncore_type *type) + { + struct intel_uncore_pmu *pmus; +- struct attribute_group *events_group; ++ attribute_group_no_const *events_group; + struct attribute **attrs; + int i, j; + +@@ -2826,7 +2826,7 @@ static int + return NOTIFY_OK; + } + +-static struct notifier_block uncore_cpu_nb __cpuinitdata = { ++static struct notifier_block uncore_cpu_nb = { + .notifier_call = uncore_cpu_notifier, + /* + * to migrate uncore events, our notifier should be executed +diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.h b/arch/x86/kernel/cpu/perf_event_intel_uncore.h +index e68a455..975a932 100644 +--- a/arch/x86/kernel/cpu/perf_event_intel_uncore.h ++++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.h +@@ -428,7 +428,7 @@ struct intel_uncore_box { + struct uncore_event_desc { + struct kobj_attribute attr; + const char *config; +-}; ++} __do_const; + + #define INTEL_UNCORE_EVENT_DESC(_name, _config) \ + { \ +diff --git a/arch/x86/kernel/cpuid.c b/arch/x86/kernel/cpuid.c +index 60c7891..9e911d3 100644 +--- a/arch/x86/kernel/cpuid.c ++++ b/arch/x86/kernel/cpuid.c +@@ -171,7 +171,7 @@ static int __cpuinit cpuid_class_cpu_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block __refdata cpuid_class_cpu_notifier = ++static struct notifier_block cpuid_class_cpu_notifier = + { + .notifier_call = cpuid_class_cpu_callback, + }; diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c -index 13ad899..f642b9a 100644 +index 74467fe..18793d5 100644 --- a/arch/x86/kernel/crash.c +++ b/arch/x86/kernel/crash.c -@@ -36,10 +36,8 @@ static void kdump_nmi_callback(int cpu, struct pt_regs *regs) +@@ -58,10 +58,8 @@ static void kdump_nmi_callback(int cpu, struct pt_regs *regs) { #ifdef CONFIG_X86_32 struct pt_regs fixed_regs; @@ -15079,10 +17781,10 @@ index 9b9f18b..9fcaa04 100644 #include <asm/processor.h> #include <asm/fcntl.h> diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index 2a6919e..844eba9 100644 +index 6ed91d9..6cc365b 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S -@@ -176,13 +176,153 @@ +@@ -177,13 +177,153 @@ /*CFI_REL_OFFSET gs, PT_GS*/ .endm .macro SET_KERNEL_GS reg @@ -15237,7 +17939,7 @@ index 2a6919e..844eba9 100644 cld PUSH_GS pushl_cfi %fs -@@ -205,7 +345,7 @@ +@@ -206,7 +346,7 @@ CFI_REL_OFFSET ecx, 0 pushl_cfi %ebx CFI_REL_OFFSET ebx, 0 @@ -15246,7 +17948,7 @@ index 2a6919e..844eba9 100644 movl %edx, %ds movl %edx, %es movl $(__KERNEL_PERCPU), %edx -@@ -213,6 +353,15 @@ +@@ -214,6 +354,15 @@ SET_KERNEL_GS %edx .endm @@ -15262,16 +17964,16 @@ index 2a6919e..844eba9 100644 .macro RESTORE_INT_REGS popl_cfi %ebx CFI_RESTORE ebx -@@ -296,7 +445,7 @@ ENTRY(ret_from_fork) +@@ -297,7 +446,7 @@ ENTRY(ret_from_fork) popfl_cfi jmp syscall_exit CFI_ENDPROC -END(ret_from_fork) +ENDPROC(ret_from_fork) - /* - * Interrupt exit functions should be protected against kprobes -@@ -329,7 +478,15 @@ ret_from_intr: + ENTRY(ret_from_kernel_thread) + CFI_STARTPROC +@@ -344,7 +493,15 @@ ret_from_intr: andl $SEGMENT_RPL_MASK, %eax #endif cmpl $USER_RPL, %eax @@ -15287,7 +17989,7 @@ index 2a6919e..844eba9 100644 ENTRY(resume_userspace) LOCKDEP_SYS_EXIT -@@ -341,8 +498,8 @@ ENTRY(resume_userspace) +@@ -356,8 +513,8 @@ ENTRY(resume_userspace) andl $_TIF_WORK_MASK, %ecx # is there any work to be done on # int/exception return? jne work_pending @@ -15298,7 +18000,7 @@ index 2a6919e..844eba9 100644 #ifdef CONFIG_PREEMPT ENTRY(resume_kernel) -@@ -357,7 +514,7 @@ need_resched: +@@ -372,7 +529,7 @@ need_resched: jz restore_all call preempt_schedule_irq jmp need_resched @@ -15307,7 +18009,7 @@ index 2a6919e..844eba9 100644 #endif CFI_ENDPROC /* -@@ -391,28 +548,43 @@ sysenter_past_esp: +@@ -406,30 +563,45 @@ sysenter_past_esp: /*CFI_REL_OFFSET cs, 0*/ /* * Push current_thread_info()->sysenter_return to the stack. @@ -15339,7 +18041,9 @@ index 2a6919e..844eba9 100644 +#else cmpl $__PAGE_OFFSET-3,%ebp jae syscall_fault + ASM_STAC 1: movl (%ebp),%ebp + ASM_CLAC +#endif + movl %ebp,PT_EBP(%esp) @@ -15354,7 +18058,7 @@ index 2a6919e..844eba9 100644 testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp) jnz sysenter_audit sysenter_do_call: -@@ -427,12 +599,24 @@ sysenter_do_call: +@@ -444,12 +616,24 @@ sysenter_do_call: testl $_TIF_ALLWORK_MASK, %ecx jne sysexit_audit sysenter_exit: @@ -15379,7 +18083,7 @@ index 2a6919e..844eba9 100644 PTGS_TO_GS ENABLE_INTERRUPTS_SYSEXIT -@@ -449,6 +633,9 @@ sysenter_audit: +@@ -466,6 +650,9 @@ sysenter_audit: movl %eax,%edx /* 2nd arg: syscall number */ movl $AUDIT_ARCH_I386,%eax /* 1st arg: audit arch */ call __audit_syscall_entry @@ -15389,7 +18093,7 @@ index 2a6919e..844eba9 100644 pushl_cfi %ebx movl PT_EAX(%esp),%eax /* reload syscall number */ jmp sysenter_do_call -@@ -474,10 +661,16 @@ sysexit_audit: +@@ -491,10 +678,16 @@ sysexit_audit: CFI_ENDPROC .pushsection .fixup,"ax" @@ -15408,7 +18112,7 @@ index 2a6919e..844eba9 100644 PTGS_TO_GS_EX ENDPROC(ia32_sysenter_target) -@@ -491,6 +684,11 @@ ENTRY(system_call) +@@ -509,6 +702,11 @@ ENTRY(system_call) pushl_cfi %eax # save orig_eax SAVE_ALL GET_THREAD_INFO(%ebp) @@ -15420,7 +18124,7 @@ index 2a6919e..844eba9 100644 # system call tracing in operation / emulation testl $_TIF_WORK_SYSCALL_ENTRY,TI_flags(%ebp) jnz syscall_trace_entry -@@ -509,6 +707,15 @@ syscall_exit: +@@ -527,6 +725,15 @@ syscall_exit: testl $_TIF_ALLWORK_MASK, %ecx # current->work jne syscall_exit_work @@ -15436,7 +18140,7 @@ index 2a6919e..844eba9 100644 restore_all: TRACE_IRQS_IRET restore_all_notrace: -@@ -565,14 +772,34 @@ ldt_ss: +@@ -583,14 +790,34 @@ ldt_ss: * compensating for the offset by changing to the ESPFIX segment with * a base address that matches for the difference. */ @@ -15474,7 +18178,7 @@ index 2a6919e..844eba9 100644 pushl_cfi $__ESPFIX_SS pushl_cfi %eax /* new kernel esp */ /* Disable interrupts, but do not irqtrace this section: we -@@ -601,35 +828,23 @@ work_resched: +@@ -619,20 +846,18 @@ work_resched: movl TI_flags(%ebp), %ecx andl $_TIF_WORK_MASK, %ecx # is there any work to be done other # than syscall tracing? @@ -15489,41 +18193,24 @@ index 2a6919e..844eba9 100644 #ifdef CONFIG_VM86 testl $X86_EFLAGS_VM, PT_EFLAGS(%esp) - movl %esp, %eax -- jne work_notifysig_v86 # returning to kernel-space or -+ jz 1f # returning to kernel-space or + jne work_notifysig_v86 # returning to kernel-space or # vm86-space -- TRACE_IRQS_ON -- ENABLE_INTERRUPTS(CLBR_NONE) -- movb PT_CS(%esp), %bl -- andb $SEGMENT_RPL_MASK, %bl -- cmpb $USER_RPL, %bl -- jb resume_kernel -- xorl %edx, %edx -- call do_notify_resume -- jmp resume_userspace - -- ALIGN --work_notifysig_v86: - pushl_cfi %ecx # save ti_flags for do_notify_resume - call save_v86_state # %eax contains pt_regs pointer - popl_cfi %ecx - movl %eax, %esp + 1: -#else - movl %esp, %eax -+1: #endif TRACE_IRQS_ON ENABLE_INTERRUPTS(CLBR_NONE) -@@ -640,7 +855,7 @@ work_notifysig_v86: - xorl %edx, %edx - call do_notify_resume - jmp resume_userspace +@@ -653,7 +878,7 @@ work_notifysig_v86: + movl %eax, %esp + jmp 1b + #endif -END(work_pending) +ENDPROC(work_pending) # perform syscall exit tracing ALIGN -@@ -648,11 +863,14 @@ syscall_trace_entry: +@@ -661,11 +886,14 @@ syscall_trace_entry: movl $-ENOSYS,PT_EAX(%esp) movl %esp, %eax call syscall_trace_enter @@ -15539,7 +18226,7 @@ index 2a6919e..844eba9 100644 # perform syscall exit tracing ALIGN -@@ -665,20 +883,24 @@ syscall_exit_work: +@@ -678,21 +906,25 @@ syscall_exit_work: movl %esp, %eax call syscall_trace_leave jmp resume_userspace @@ -15553,6 +18240,7 @@ index 2a6919e..844eba9 100644 + push %ss + pop %ds +#endif + ASM_CLAC GET_THREAD_INFO(%ebp) movl $-EFAULT,PT_EAX(%esp) jmp resume_userspace @@ -15567,44 +18255,7 @@ index 2a6919e..844eba9 100644 CFI_ENDPROC /* * End of kprobes section -@@ -750,6 +972,36 @@ ENTRY(ptregs_clone) - CFI_ENDPROC - ENDPROC(ptregs_clone) - -+ ALIGN; -+ENTRY(kernel_execve) -+ CFI_STARTPROC -+ pushl_cfi %ebp -+ sub $PT_OLDSS+4,%esp -+ pushl_cfi %edi -+ pushl_cfi %ecx -+ pushl_cfi %eax -+ lea 3*4(%esp),%edi -+ mov $PT_OLDSS/4+1,%ecx -+ xorl %eax,%eax -+ rep stosl -+ popl_cfi %eax -+ popl_cfi %ecx -+ popl_cfi %edi -+ movl $X86_EFLAGS_IF,PT_EFLAGS(%esp) -+ pushl_cfi %esp -+ call sys_execve -+ add $4,%esp -+ CFI_ADJUST_CFA_OFFSET -4 -+ GET_THREAD_INFO(%ebp) -+ test %eax,%eax -+ jz syscall_exit -+ add $PT_OLDSS+4,%esp -+ CFI_ADJUST_CFA_OFFSET -PT_OLDSS-4 -+ popl_cfi %ebp -+ ret -+ CFI_ENDPROC -+ENDPROC(kernel_execve) -+ - .macro FIXUP_ESPFIX_STACK - /* - * Switch back for ESPFIX stack to the normal zerobased stack -@@ -759,8 +1011,15 @@ ENDPROC(ptregs_clone) +@@ -753,8 +985,15 @@ PTREGSCALL1(vm86old) * normal stack and adjusts ESP with the matching offset. */ /* fixup the stack */ @@ -15622,7 +18273,7 @@ index 2a6919e..844eba9 100644 shl $16, %eax addl %esp, %eax /* the adjusted stack pointer */ pushl_cfi $__KERNEL_DS -@@ -813,7 +1072,7 @@ vector=vector+1 +@@ -807,7 +1046,7 @@ vector=vector+1 .endr 2: jmp common_interrupt .endr @@ -15631,7 +18282,7 @@ index 2a6919e..844eba9 100644 .previous END(interrupt) -@@ -861,7 +1120,7 @@ ENTRY(coprocessor_error) +@@ -858,7 +1097,7 @@ ENTRY(coprocessor_error) pushl_cfi $do_coprocessor_error jmp error_code CFI_ENDPROC @@ -15640,7 +18291,7 @@ index 2a6919e..844eba9 100644 ENTRY(simd_coprocessor_error) RING0_INT_FRAME -@@ -882,7 +1141,7 @@ ENTRY(simd_coprocessor_error) +@@ -880,7 +1119,7 @@ ENTRY(simd_coprocessor_error) #endif jmp error_code CFI_ENDPROC @@ -15649,7 +18300,7 @@ index 2a6919e..844eba9 100644 ENTRY(device_not_available) RING0_INT_FRAME -@@ -890,18 +1149,18 @@ ENTRY(device_not_available) +@@ -889,18 +1128,18 @@ ENTRY(device_not_available) pushl_cfi $do_device_not_available jmp error_code CFI_ENDPROC @@ -15671,7 +18322,7 @@ index 2a6919e..844eba9 100644 #endif ENTRY(overflow) -@@ -910,7 +1169,7 @@ ENTRY(overflow) +@@ -910,7 +1149,7 @@ ENTRY(overflow) pushl_cfi $do_overflow jmp error_code CFI_ENDPROC @@ -15680,7 +18331,7 @@ index 2a6919e..844eba9 100644 ENTRY(bounds) RING0_INT_FRAME -@@ -918,7 +1177,7 @@ ENTRY(bounds) +@@ -919,7 +1158,7 @@ ENTRY(bounds) pushl_cfi $do_bounds jmp error_code CFI_ENDPROC @@ -15689,7 +18340,7 @@ index 2a6919e..844eba9 100644 ENTRY(invalid_op) RING0_INT_FRAME -@@ -926,7 +1185,7 @@ ENTRY(invalid_op) +@@ -928,7 +1167,7 @@ ENTRY(invalid_op) pushl_cfi $do_invalid_op jmp error_code CFI_ENDPROC @@ -15698,7 +18349,7 @@ index 2a6919e..844eba9 100644 ENTRY(coprocessor_segment_overrun) RING0_INT_FRAME -@@ -934,35 +1193,35 @@ ENTRY(coprocessor_segment_overrun) +@@ -937,7 +1176,7 @@ ENTRY(coprocessor_segment_overrun) pushl_cfi $do_coprocessor_segment_overrun jmp error_code CFI_ENDPROC @@ -15707,6 +18358,7 @@ index 2a6919e..844eba9 100644 ENTRY(invalid_TSS) RING0_EC_FRAME +@@ -945,7 +1184,7 @@ ENTRY(invalid_TSS) pushl_cfi $do_invalid_TSS jmp error_code CFI_ENDPROC @@ -15715,6 +18367,7 @@ index 2a6919e..844eba9 100644 ENTRY(segment_not_present) RING0_EC_FRAME +@@ -953,7 +1192,7 @@ ENTRY(segment_not_present) pushl_cfi $do_segment_not_present jmp error_code CFI_ENDPROC @@ -15723,6 +18376,7 @@ index 2a6919e..844eba9 100644 ENTRY(stack_segment) RING0_EC_FRAME +@@ -961,7 +1200,7 @@ ENTRY(stack_segment) pushl_cfi $do_stack_segment jmp error_code CFI_ENDPROC @@ -15731,6 +18385,7 @@ index 2a6919e..844eba9 100644 ENTRY(alignment_check) RING0_EC_FRAME +@@ -969,7 +1208,7 @@ ENTRY(alignment_check) pushl_cfi $do_alignment_check jmp error_code CFI_ENDPROC @@ -15739,7 +18394,7 @@ index 2a6919e..844eba9 100644 ENTRY(divide_error) RING0_INT_FRAME -@@ -970,7 +1229,7 @@ ENTRY(divide_error) +@@ -978,7 +1217,7 @@ ENTRY(divide_error) pushl_cfi $do_divide_error jmp error_code CFI_ENDPROC @@ -15748,7 +18403,7 @@ index 2a6919e..844eba9 100644 #ifdef CONFIG_X86_MCE ENTRY(machine_check) -@@ -979,7 +1238,7 @@ ENTRY(machine_check) +@@ -988,7 +1227,7 @@ ENTRY(machine_check) pushl_cfi machine_check_vector jmp error_code CFI_ENDPROC @@ -15757,7 +18412,7 @@ index 2a6919e..844eba9 100644 #endif ENTRY(spurious_interrupt_bug) -@@ -988,7 +1247,7 @@ ENTRY(spurious_interrupt_bug) +@@ -998,7 +1237,7 @@ ENTRY(spurious_interrupt_bug) pushl_cfi $do_spurious_interrupt_bug jmp error_code CFI_ENDPROC @@ -15766,7 +18421,7 @@ index 2a6919e..844eba9 100644 /* * End of kprobes section */ -@@ -1101,7 +1360,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, +@@ -1101,7 +1340,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, ENTRY(mcount) ret @@ -15775,16 +18430,16 @@ index 2a6919e..844eba9 100644 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -1130,7 +1389,7 @@ ftrace_graph_call: +@@ -1134,7 +1373,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret -END(ftrace_caller) +ENDPROC(ftrace_caller) - #else /* ! CONFIG_DYNAMIC_FTRACE */ - -@@ -1166,7 +1425,7 @@ trace: + ENTRY(ftrace_regs_caller) + pushf /* push flags before compare (in cs location) */ +@@ -1235,7 +1474,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -15793,7 +18448,7 @@ index 2a6919e..844eba9 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -1187,7 +1446,7 @@ ENTRY(ftrace_graph_caller) +@@ -1253,7 +1492,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -15802,7 +18457,7 @@ index 2a6919e..844eba9 100644 .globl return_to_handler return_to_handler: -@@ -1242,15 +1501,18 @@ error_code: +@@ -1309,15 +1548,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -15823,7 +18478,7 @@ index 2a6919e..844eba9 100644 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1292,7 +1554,7 @@ debug_stack_correct: +@@ -1360,7 +1602,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -15832,7 +18487,7 @@ index 2a6919e..844eba9 100644 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1329,6 +1591,9 @@ nmi_stack_correct: +@@ -1398,6 +1640,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -15842,7 +18497,7 @@ index 2a6919e..844eba9 100644 jmp restore_all_notrace CFI_ENDPROC -@@ -1365,12 +1630,15 @@ nmi_espfix_stack: +@@ -1434,12 +1679,15 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx,%edx # zero error code call do_nmi @@ -15859,7 +18514,7 @@ index 2a6919e..844eba9 100644 ENTRY(int3) RING0_INT_FRAME -@@ -1382,14 +1650,14 @@ ENTRY(int3) +@@ -1452,14 +1700,14 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -15876,7 +18531,7 @@ index 2a6919e..844eba9 100644 #ifdef CONFIG_KVM_GUEST ENTRY(async_page_fault) -@@ -1397,7 +1665,7 @@ ENTRY(async_page_fault) +@@ -1468,7 +1716,7 @@ ENTRY(async_page_fault) pushl_cfi $do_async_page_fault jmp error_code CFI_ENDPROC @@ -15886,30 +18541,30 @@ index 2a6919e..844eba9 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index dcdd0ea..a520f76 100644 +index cb3c591..bc63707 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S -@@ -57,6 +57,8 @@ - #include <asm/percpu.h> - #include <asm/asm.h> +@@ -59,6 +59,8 @@ + #include <asm/context_tracking.h> + #include <asm/smap.h> #include <linux/err.h> +#include <asm/pgtable.h> +#include <asm/alternative-asm.h> /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */ #include <linux/elf-em.h> -@@ -70,8 +72,9 @@ - #ifdef CONFIG_FUNCTION_TRACER +@@ -80,8 +82,9 @@ #ifdef CONFIG_DYNAMIC_FTRACE - ENTRY(mcount) + + ENTRY(function_hook) + pax_force_retaddr retq --END(mcount) -+ENDPROC(mcount) +-END(function_hook) ++ENDPROC(function_hook) - ENTRY(ftrace_caller) - cmpl $0, function_trace_stop -@@ -94,8 +97,9 @@ GLOBAL(ftrace_graph_call) + /* skip is set if stack has been adjusted */ + .macro ftrace_caller_setup skip=0 +@@ -122,8 +125,9 @@ GLOBAL(ftrace_graph_call) #endif GLOBAL(ftrace_stub) @@ -15918,9 +18573,18 @@ index dcdd0ea..a520f76 100644 -END(ftrace_caller) +ENDPROC(ftrace_caller) + ENTRY(ftrace_regs_caller) + /* Save the current flags before compare (in SS location)*/ +@@ -191,7 +195,7 @@ ftrace_restore_flags: + popfq + jmp ftrace_stub + +-END(ftrace_regs_caller) ++ENDPROC(ftrace_regs_caller) + + #else /* ! CONFIG_DYNAMIC_FTRACE */ - ENTRY(mcount) -@@ -114,6 +118,7 @@ ENTRY(mcount) +@@ -212,6 +216,7 @@ ENTRY(function_hook) #endif GLOBAL(ftrace_stub) @@ -15928,8 +18592,8 @@ index dcdd0ea..a520f76 100644 retq trace: -@@ -123,12 +128,13 @@ trace: - movq 8(%rbp), %rsi +@@ -225,12 +230,13 @@ trace: + #endif subq $MCOUNT_INSN_SIZE, %rdi + pax_force_fptr ftrace_trace_function @@ -15938,12 +18602,12 @@ index dcdd0ea..a520f76 100644 MCOUNT_RESTORE_FRAME jmp ftrace_stub --END(mcount) -+ENDPROC(mcount) +-END(function_hook) ++ENDPROC(function_hook) #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -148,8 +154,9 @@ ENTRY(ftrace_graph_caller) +@@ -252,8 +258,9 @@ ENTRY(ftrace_graph_caller) MCOUNT_RESTORE_FRAME @@ -15954,15 +18618,17 @@ index dcdd0ea..a520f76 100644 GLOBAL(return_to_handler) subq $24, %rsp -@@ -165,6 +172,7 @@ GLOBAL(return_to_handler) +@@ -269,7 +276,9 @@ GLOBAL(return_to_handler) movq 8(%rsp), %rdx movq (%rsp), %rax addq $24, %rsp + pax_force_fptr %rdi jmp *%rdi ++ENDPROC(return_to_handler) #endif -@@ -180,6 +188,273 @@ ENTRY(native_usergs_sysret64) + +@@ -284,6 +293,273 @@ ENTRY(native_usergs_sysret64) ENDPROC(native_usergs_sysret64) #endif /* CONFIG_PARAVIRT */ @@ -16236,7 +18902,7 @@ index dcdd0ea..a520f76 100644 .macro TRACE_IRQS_IRETQ offset=ARGOFFSET #ifdef CONFIG_TRACE_IRQFLAGS -@@ -271,8 +546,8 @@ ENDPROC(native_usergs_sysret64) +@@ -375,8 +651,8 @@ ENDPROC(native_usergs_sysret64) .endm .macro UNFAKE_STACK_FRAME @@ -16247,7 +18913,7 @@ index dcdd0ea..a520f76 100644 .endm /* -@@ -359,7 +634,7 @@ ENDPROC(native_usergs_sysret64) +@@ -463,7 +739,7 @@ ENDPROC(native_usergs_sysret64) movq %rsp, %rsi leaq -RBP(%rsp),%rdi /* arg1 for handler */ @@ -16256,7 +18922,7 @@ index dcdd0ea..a520f76 100644 je 1f SWAPGS /* -@@ -394,9 +669,10 @@ ENTRY(save_rest) +@@ -498,9 +774,10 @@ ENTRY(save_rest) movq_cfi r15, R15+16 movq %r11, 8(%rsp) /* return address */ FIXUP_TOP_OF_STACK %r11, 16 @@ -16268,7 +18934,7 @@ index dcdd0ea..a520f76 100644 /* save complete stack frame */ .pushsection .kprobes.text, "ax" -@@ -425,9 +701,10 @@ ENTRY(save_paranoid) +@@ -529,9 +806,10 @@ ENTRY(save_paranoid) js 1f /* negative -> in kernel */ SWAPGS xorl %ebx,%ebx @@ -16281,25 +18947,25 @@ index dcdd0ea..a520f76 100644 .popsection /* -@@ -449,7 +726,7 @@ ENTRY(ret_from_fork) +@@ -553,7 +831,7 @@ ENTRY(ret_from_fork) RESTORE_REST - testl $3, CS-ARGOFFSET(%rsp) # from kernel_thread? + testb $3, CS-ARGOFFSET(%rsp) # from kernel_thread? - jz retint_restore_args + jz 1f testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET -@@ -459,7 +736,7 @@ ENTRY(ret_from_fork) - jmp ret_from_sys_call # go to the SYSRET fastpath - +@@ -571,7 +849,7 @@ ENTRY(ret_from_fork) + RESTORE_REST + jmp int_ret_from_sys_call CFI_ENDPROC -END(ret_from_fork) +ENDPROC(ret_from_fork) /* * System call entry. Up to 6 arguments in registers are supported. -@@ -495,7 +772,7 @@ END(ret_from_fork) +@@ -608,7 +886,7 @@ END(ret_from_fork) ENTRY(system_call) CFI_STARTPROC simple CFI_SIGNAL_FRAME @@ -16308,7 +18974,7 @@ index dcdd0ea..a520f76 100644 CFI_REGISTER rip,rcx /*CFI_REGISTER rflags,r11*/ SWAPGS_UNSAFE_STACK -@@ -508,16 +785,23 @@ GLOBAL(system_call_after_swapgs) +@@ -621,16 +899,23 @@ GLOBAL(system_call_after_swapgs) movq %rsp,PER_CPU_VAR(old_rsp) movq PER_CPU_VAR(kernel_stack),%rsp @@ -16334,7 +19000,7 @@ index dcdd0ea..a520f76 100644 jnz tracesys system_call_fastpath: #if __SYSCALL_MASK == ~0 -@@ -527,7 +811,7 @@ system_call_fastpath: +@@ -640,7 +925,7 @@ system_call_fastpath: cmpl $__NR_syscall_max,%eax #endif ja badsys @@ -16343,7 +19009,7 @@ index dcdd0ea..a520f76 100644 call *sys_call_table(,%rax,8) # XXX: rip relative movq %rax,RAX-ARGOFFSET(%rsp) /* -@@ -541,10 +825,13 @@ sysret_check: +@@ -654,10 +939,13 @@ sysret_check: LOCKDEP_SYS_EXIT DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF @@ -16358,7 +19024,7 @@ index dcdd0ea..a520f76 100644 /* * sysretq will re-enable interrupts: */ -@@ -596,14 +883,18 @@ badsys: +@@ -709,14 +997,18 @@ badsys: * jump back to the normal fast path. */ auditsys: @@ -16378,7 +19044,7 @@ index dcdd0ea..a520f76 100644 jmp system_call_fastpath /* -@@ -624,7 +915,7 @@ sysret_audit: +@@ -737,7 +1029,7 @@ sysret_audit: /* Do syscall tracing */ tracesys: #ifdef CONFIG_AUDITSYSCALL @@ -16387,7 +19053,7 @@ index dcdd0ea..a520f76 100644 jz auditsys #endif SAVE_REST -@@ -632,12 +923,16 @@ tracesys: +@@ -745,12 +1037,16 @@ tracesys: FIXUP_TOP_OF_STACK %rdi movq %rsp,%rdi call syscall_trace_enter @@ -16404,7 +19070,7 @@ index dcdd0ea..a520f76 100644 RESTORE_REST #if __SYSCALL_MASK == ~0 cmpq $__NR_syscall_max,%rax -@@ -646,7 +941,7 @@ tracesys: +@@ -759,7 +1055,7 @@ tracesys: cmpl $__NR_syscall_max,%eax #endif ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */ @@ -16413,7 +19079,7 @@ index dcdd0ea..a520f76 100644 call *sys_call_table(,%rax,8) movq %rax,RAX-ARGOFFSET(%rsp) /* Use IRET because user could have changed frame */ -@@ -667,7 +962,9 @@ GLOBAL(int_with_check) +@@ -780,7 +1076,9 @@ GLOBAL(int_with_check) andl %edi,%edx jnz int_careful andl $~TS_COMPAT,TI_status(%rcx) @@ -16424,7 +19090,7 @@ index dcdd0ea..a520f76 100644 /* Either reschedule or signal or syscall exit tracking needed. */ /* First do a reschedule test. */ -@@ -713,7 +1010,7 @@ int_restore_rest: +@@ -826,7 +1124,7 @@ int_restore_rest: TRACE_IRQS_OFF jmp int_with_check CFI_ENDPROC @@ -16433,7 +19099,7 @@ index dcdd0ea..a520f76 100644 /* * Certain special system calls that need to save a complete full stack frame. -@@ -729,7 +1026,7 @@ ENTRY(\label) +@@ -842,7 +1140,7 @@ ENTRY(\label) call \func jmp ptregscall_common CFI_ENDPROC @@ -16441,8 +19107,20 @@ index dcdd0ea..a520f76 100644 +ENDPROC(\label) .endm - PTREGSCALL stub_clone, sys_clone, %r8 -@@ -747,9 +1044,10 @@ ENTRY(ptregscall_common) + .macro FORK_LIKE func +@@ -856,9 +1154,10 @@ ENTRY(stub_\func) + DEFAULT_FRAME 0 8 /* offset 8: return address */ + call sys_\func + RESTORE_TOP_OF_STACK %r11, 8 ++ pax_force_retaddr + ret $REST_SKIP /* pop extended registers */ + CFI_ENDPROC +-END(stub_\func) ++ENDPROC(stub_\func) + .endm + + FORK_LIKE clone +@@ -875,9 +1174,10 @@ ENTRY(ptregscall_common) movq_cfi_restore R12+8, r12 movq_cfi_restore RBP+8, rbp movq_cfi_restore RBX+8, rbx @@ -16454,7 +19132,7 @@ index dcdd0ea..a520f76 100644 ENTRY(stub_execve) CFI_STARTPROC -@@ -764,7 +1062,7 @@ ENTRY(stub_execve) +@@ -891,7 +1191,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -16463,7 +19141,7 @@ index dcdd0ea..a520f76 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -782,7 +1080,7 @@ ENTRY(stub_rt_sigreturn) +@@ -909,7 +1209,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -16471,8 +19149,8 @@ index dcdd0ea..a520f76 100644 +ENDPROC(stub_rt_sigreturn) #ifdef CONFIG_X86_X32_ABI - PTREGSCALL stub_x32_sigaltstack, sys32_sigaltstack, %rdx -@@ -851,7 +1149,7 @@ vector=vector+1 + ENTRY(stub_x32_rt_sigreturn) +@@ -975,7 +1275,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -16481,7 +19159,7 @@ index dcdd0ea..a520f76 100644 .previous END(interrupt) -@@ -871,6 +1169,16 @@ END(interrupt) +@@ -995,6 +1295,16 @@ END(interrupt) subq $ORIG_RAX-RBP, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP SAVE_ARGS_IRQ @@ -16498,7 +19176,7 @@ index dcdd0ea..a520f76 100644 call \func .endm -@@ -902,7 +1210,7 @@ ret_from_intr: +@@ -1027,7 +1337,7 @@ ret_from_intr: exit_intr: GET_THREAD_INFO(%rcx) @@ -16507,7 +19185,7 @@ index dcdd0ea..a520f76 100644 je retint_kernel /* Interrupt came from user space */ -@@ -924,12 +1232,16 @@ retint_swapgs: /* return to user-space */ +@@ -1049,12 +1359,16 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -16524,7 +19202,7 @@ index dcdd0ea..a520f76 100644 /* * The iretq could re-enable interrupts: */ -@@ -1012,7 +1324,7 @@ ENTRY(retint_kernel) +@@ -1137,7 +1451,7 @@ ENTRY(retint_kernel) #endif CFI_ENDPROC @@ -16533,7 +19211,7 @@ index dcdd0ea..a520f76 100644 /* * End of kprobes section */ -@@ -1029,7 +1341,7 @@ ENTRY(\sym) +@@ -1155,7 +1469,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -16542,7 +19220,7 @@ index dcdd0ea..a520f76 100644 .endm #ifdef CONFIG_SMP -@@ -1084,12 +1396,22 @@ ENTRY(\sym) +@@ -1211,12 +1525,22 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -16566,7 +19244,7 @@ index dcdd0ea..a520f76 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1101,15 +1423,25 @@ ENTRY(\sym) +@@ -1229,15 +1553,25 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -16594,7 +19272,7 @@ index dcdd0ea..a520f76 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1119,14 +1451,30 @@ ENTRY(\sym) +@@ -1248,14 +1582,30 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF_DEBUG @@ -16626,7 +19304,7 @@ index dcdd0ea..a520f76 100644 .endm .macro errorentry sym do_sym -@@ -1137,13 +1485,23 @@ ENTRY(\sym) +@@ -1267,13 +1617,23 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -16651,7 +19329,7 @@ index dcdd0ea..a520f76 100644 .endm /* error code is on the stack already */ -@@ -1156,13 +1514,23 @@ ENTRY(\sym) +@@ -1287,13 +1647,23 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -16676,7 +19354,7 @@ index dcdd0ea..a520f76 100644 .endm zeroentry divide_error do_divide_error -@@ -1192,9 +1560,10 @@ gs_change: +@@ -1323,9 +1693,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -16688,37 +19366,7 @@ index dcdd0ea..a520f76 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1213,13 +1582,14 @@ ENTRY(kernel_thread_helper) - * Here we are in the child and the registers are set as they were - * at kernel_thread() invocation in the parent. - */ -+ pax_force_fptr %rsi - call *%rsi - # exit - mov %eax, %edi - call do_exit - ud2 # padding for call trace - CFI_ENDPROC --END(kernel_thread_helper) -+ENDPROC(kernel_thread_helper) - - /* - * execve(). This function needs to use IRET, not SYSRET, to set up all state properly. -@@ -1246,11 +1616,11 @@ ENTRY(kernel_execve) - RESTORE_REST - testq %rax,%rax - je int_ret_from_sys_call -- RESTORE_ARGS - UNFAKE_STACK_FRAME -+ pax_force_retaddr - ret - CFI_ENDPROC --END(kernel_execve) -+ENDPROC(kernel_execve) - - /* Call softirq on interrupt stack. Interrupts are off. */ - ENTRY(call_softirq) -@@ -1268,9 +1638,10 @@ ENTRY(call_softirq) +@@ -1353,9 +1724,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -16730,7 +19378,7 @@ index dcdd0ea..a520f76 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1308,7 +1679,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1393,7 +1765,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -16739,7 +19387,7 @@ index dcdd0ea..a520f76 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1367,7 +1738,7 @@ ENTRY(xen_failsafe_callback) +@@ -1452,7 +1824,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -16748,7 +19396,7 @@ index dcdd0ea..a520f76 100644 apicinterrupt XEN_HVM_EVTCHN_CALLBACK \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1416,16 +1787,31 @@ ENTRY(paranoid_exit) +@@ -1501,16 +1873,31 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF_DEBUG testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -16781,7 +19429,7 @@ index dcdd0ea..a520f76 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1454,7 +1840,7 @@ paranoid_schedule: +@@ -1539,7 +1926,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -16790,7 +19438,7 @@ index dcdd0ea..a520f76 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1481,12 +1867,13 @@ ENTRY(error_entry) +@@ -1566,12 +1953,13 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -16805,7 +19453,7 @@ index dcdd0ea..a520f76 100644 ret /* -@@ -1513,7 +1900,7 @@ bstep_iret: +@@ -1598,7 +1986,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -16814,7 +19462,7 @@ index dcdd0ea..a520f76 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1533,7 +1920,7 @@ ENTRY(error_exit) +@@ -1618,7 +2006,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -16823,7 +19471,7 @@ index dcdd0ea..a520f76 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1591,9 +1978,11 @@ ENTRY(nmi) +@@ -1676,9 +2064,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -16836,7 +19484,7 @@ index dcdd0ea..a520f76 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1752,6 +2141,17 @@ end_repeat_nmi: +@@ -1847,6 +2237,17 @@ end_repeat_nmi: */ movq %cr2, %r12 @@ -16854,7 +19502,7 @@ index dcdd0ea..a520f76 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1767,21 +2167,32 @@ end_repeat_nmi: +@@ -1862,23 +2263,34 @@ end_repeat_nmi: testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore nmi_swapgs: @@ -16864,16 +19512,18 @@ index dcdd0ea..a520f76 100644 + pax_exit_kernel +#endif SWAPGS_UNSAFE_STACK -+ RESTORE_ALL 8 ++ RESTORE_ALL 6*8 + /* Clear the NMI executing stack variable */ -+ movq $0, 10*8(%rsp) ++ movq $0, 5*8(%rsp) + jmp irq_return nmi_restore: + pax_exit_kernel - RESTORE_ALL 8 + /* Pop the extra iret frame at once */ + RESTORE_ALL 6*8 + pax_force_retaddr_bts + /* Clear the NMI executing stack variable */ - movq $0, 10*8(%rsp) + movq $0, 5*8(%rsp) jmp irq_return CFI_ENDPROC -END(nmi) @@ -16890,7 +19540,7 @@ index dcdd0ea..a520f76 100644 /* * End of kprobes section diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c -index c3a7cb4..55f78fc 100644 +index 1d41402..af9a46a 100644 --- a/arch/x86/kernel/ftrace.c +++ b/arch/x86/kernel/ftrace.c @@ -105,6 +105,8 @@ ftrace_modify_code_direct(unsigned long ip, unsigned const char *old_code, @@ -16902,16 +19552,25 @@ index c3a7cb4..55f78fc 100644 /* * Note: Due to modules and __init, code can * disappear and change, we need to protect against faulting -@@ -212,7 +214,7 @@ int ftrace_update_ftrace_func(ftrace_func_t func) +@@ -227,7 +229,7 @@ int ftrace_update_ftrace_func(ftrace_func_t func) unsigned char old[MCOUNT_INSN_SIZE], *new; int ret; - memcpy(old, &ftrace_call, MCOUNT_INSN_SIZE); -+ memcpy(old, ktla_ktva((void *)ftrace_call), MCOUNT_INSN_SIZE); ++ memcpy(old, (void *)ktla_ktva((unsigned long)ftrace_call), MCOUNT_INSN_SIZE); new = ftrace_call_replace(ip, (unsigned long)func); /* See comment above by declaration of modifying_ftrace_code */ -@@ -256,7 +258,7 @@ static int ftrace_write(unsigned long ip, const char *val, int size) +@@ -238,7 +240,7 @@ int ftrace_update_ftrace_func(ftrace_func_t func) + /* Also update the regs callback function */ + if (!ret) { + ip = (unsigned long)(&ftrace_regs_call); +- memcpy(old, &ftrace_regs_call, MCOUNT_INSN_SIZE); ++ memcpy(old, ktla_ktva((void *)&ftrace_regs_call), MCOUNT_INSN_SIZE); + new = ftrace_call_replace(ip, (unsigned long)func); + ret = ftrace_modify_code(ip, old, new); + } +@@ -279,7 +281,7 @@ static int ftrace_write(unsigned long ip, const char *val, int size) * kernel identity mapping to modify code. */ if (within(ip, (unsigned long)_text, (unsigned long)_etext)) @@ -16920,7 +19579,7 @@ index c3a7cb4..55f78fc 100644 return probe_kernel_write((void *)ip, val, size); } -@@ -266,7 +268,7 @@ static int add_break(unsigned long ip, const char *old) +@@ -289,7 +291,7 @@ static int add_break(unsigned long ip, const char *old) unsigned char replaced[MCOUNT_INSN_SIZE]; unsigned char brk = BREAKPOINT_INSTRUCTION; @@ -16929,7 +19588,7 @@ index c3a7cb4..55f78fc 100644 return -EFAULT; /* Make sure it is what we expect it to be */ -@@ -572,7 +574,7 @@ ftrace_modify_code(unsigned long ip, unsigned const char *old_code, +@@ -637,7 +639,7 @@ ftrace_modify_code(unsigned long ip, unsigned const char *old_code, return ret; fail_update: @@ -16938,7 +19597,7 @@ index c3a7cb4..55f78fc 100644 goto out; } -@@ -605,6 +607,8 @@ static int ftrace_mod_jmp(unsigned long ip, +@@ -670,6 +672,8 @@ static int ftrace_mod_jmp(unsigned long ip, { unsigned char code[MCOUNT_INSN_SIZE]; @@ -16970,7 +19629,7 @@ index c18f59d..9c0c9f6 100644 #ifdef CONFIG_BLK_DEV_INITRD /* Reserve INITRD */ diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S -index d42ab17..87b9555 100644 +index c8932c7..d56b622 100644 --- a/arch/x86/kernel/head_32.S +++ b/arch/x86/kernel/head_32.S @@ -26,6 +26,12 @@ @@ -17140,15 +19799,15 @@ index d42ab17..87b9555 100644 num_subarch_entries = (. - subarch_entries) / 4 .previous #else -@@ -310,6 +382,7 @@ default_entry: - orl %edx,%eax +@@ -335,6 +407,7 @@ default_entry: + movl pa(mmu_cr4_features),%eax movl %eax,%cr4 +#ifdef CONFIG_X86_PAE testb $X86_CR4_PAE, %al # check if PAE is enabled jz 6f -@@ -338,6 +411,9 @@ default_entry: +@@ -363,6 +436,9 @@ default_entry: /* Make changes effective */ wrmsr @@ -17158,7 +19817,7 @@ index d42ab17..87b9555 100644 6: /* -@@ -436,14 +512,20 @@ is386: movl $2,%ecx # set MP +@@ -460,14 +536,20 @@ is386: movl $2,%ecx # set MP 1: movl $(__KERNEL_DS),%eax # reload all the segment registers movl %eax,%ss # after changing gdt. @@ -17180,7 +19839,7 @@ index d42ab17..87b9555 100644 movl %eax,%gs xorl %eax,%eax # Clear LDT -@@ -520,8 +602,11 @@ setup_once: +@@ -544,8 +626,11 @@ setup_once: * relocation. Manually set base address in stack canary * segment descriptor. */ @@ -17193,7 +19852,7 @@ index d42ab17..87b9555 100644 movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax) shrl $16, %ecx movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax) -@@ -552,7 +637,7 @@ ENDPROC(early_idt_handlers) +@@ -576,7 +661,7 @@ ENDPROC(early_idt_handlers) /* This is global to keep gas from relaxing the jumps */ ENTRY(early_idt_handler) cld @@ -17202,7 +19861,7 @@ index d42ab17..87b9555 100644 je hlt_loop incl %ss:early_recursion_flag -@@ -590,8 +675,8 @@ ENTRY(early_idt_handler) +@@ -614,8 +699,8 @@ ENTRY(early_idt_handler) pushl (20+6*4)(%esp) /* trapno */ pushl $fault_msg call printk @@ -17212,7 +19871,7 @@ index d42ab17..87b9555 100644 hlt_loop: hlt jmp hlt_loop -@@ -610,8 +695,11 @@ ENDPROC(early_idt_handler) +@@ -634,8 +719,11 @@ ENDPROC(early_idt_handler) /* This is the default interrupt "handler" :-) */ ALIGN ignore_int: @@ -17225,7 +19884,7 @@ index d42ab17..87b9555 100644 pushl %eax pushl %ecx pushl %edx -@@ -620,9 +708,6 @@ ignore_int: +@@ -644,9 +732,6 @@ ignore_int: movl $(__KERNEL_DS),%eax movl %eax,%ds movl %eax,%es @@ -17235,7 +19894,7 @@ index d42ab17..87b9555 100644 pushl 16(%esp) pushl 24(%esp) pushl 32(%esp) -@@ -656,29 +741,43 @@ ENTRY(setup_once_ref) +@@ -680,29 +765,43 @@ ENTRY(setup_once_ref) /* * BSS section */ @@ -17284,7 +19943,7 @@ index d42ab17..87b9555 100644 ENTRY(initial_page_table) .long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */ # if KPMDS == 3 -@@ -697,12 +796,20 @@ ENTRY(initial_page_table) +@@ -721,12 +820,20 @@ ENTRY(initial_page_table) # error "Kernel PMDs should be 1, 2 or 3" # endif .align PAGE_SIZE /* needs to be page-sized too */ @@ -17306,7 +19965,7 @@ index d42ab17..87b9555 100644 __INITRODATA int_msg: -@@ -730,7 +837,7 @@ fault_msg: +@@ -754,7 +861,7 @@ fault_msg: * segment size, and 32-bit linear address value: */ @@ -17315,7 +19974,7 @@ index d42ab17..87b9555 100644 .globl boot_gdt_descr .globl idt_descr -@@ -739,7 +846,7 @@ fault_msg: +@@ -763,7 +870,7 @@ fault_msg: .word 0 # 32 bit align gdt_desc.address boot_gdt_descr: .word __BOOT_DS+7 @@ -17324,7 +19983,7 @@ index d42ab17..87b9555 100644 .word 0 # 32-bit align idt_desc.address idt_descr: -@@ -750,7 +857,7 @@ idt_descr: +@@ -774,7 +881,7 @@ idt_descr: .word 0 # 32 bit align gdt_desc.address ENTRY(early_gdt_descr) .word GDT_ENTRIES*8-1 @@ -17333,7 +19992,7 @@ index d42ab17..87b9555 100644 /* * The boot_gdt must mirror the equivalent in setup.S and is -@@ -759,5 +866,65 @@ ENTRY(early_gdt_descr) +@@ -783,5 +890,65 @@ ENTRY(early_gdt_descr) .align L1_CACHE_BYTES ENTRY(boot_gdt) .fill GDT_ENTRY_BOOT_CS,8,0 @@ -17402,7 +20061,7 @@ index d42ab17..87b9555 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index 94bf9cc..400455a 100644 +index 980053c..74d3b44 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -20,6 +20,8 @@ @@ -17443,8 +20102,12 @@ index 94bf9cc..400455a 100644 - addq %rbp, level3_kernel_pgt + (510*8)(%rip) - addq %rbp, level3_kernel_pgt + (511*8)(%rip) -- -- addq %rbp, level2_fixmap_pgt + (506*8)(%rip) ++ addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip) ++ ++ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip) ++ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8+8)(%rip) + + addq %rbp, level2_fixmap_pgt + (506*8)(%rip) - - /* Add an Identity mapping if I am above 1G */ - leaq _text(%rip), %rdi @@ -17454,14 +20117,11 @@ index 94bf9cc..400455a 100644 - shrq $PUD_SHIFT, %rax - andq $(PTRS_PER_PUD - 1), %rax - jz ident_complete -+ addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip) - +- - leaq (level2_spare_pgt - __START_KERNEL_map + _KERNPG_TABLE)(%rbp), %rdx - leaq level3_ident_pgt(%rip), %rbx - movq %rdx, 0(%rbx, %rax, 8) -+ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip) -+ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8+8)(%rip) - +- - movq %rdi, %rax - shrq $PMD_SHIFT, %rax - andq $(PTRS_PER_PMD - 1), %rax @@ -17469,7 +20129,6 @@ index 94bf9cc..400455a 100644 - leaq level2_spare_pgt(%rip), %rbx - movq %rdx, 0(%rbx, %rax, 8) -ident_complete: -+ addq %rbp, level2_fixmap_pgt + (506*8)(%rip) + addq %rbp, level2_fixmap_pgt + (507*8)(%rip) /* @@ -17512,7 +20171,7 @@ index 94bf9cc..400455a 100644 movq initial_code(%rip),%rax pushq $0 # fake return address to stop unwinder pushq $__KERNEL_CS # set correct cs -@@ -268,7 +273,7 @@ ENTRY(secondary_startup_64) +@@ -284,7 +289,7 @@ ENDPROC(start_cpu0) bad_address: jmp bad_address @@ -17521,7 +20180,16 @@ index 94bf9cc..400455a 100644 .globl early_idt_handlers early_idt_handlers: # 104(%rsp) %rflags -@@ -347,11 +352,15 @@ ENTRY(early_idt_handler) +@@ -343,7 +348,7 @@ ENTRY(early_idt_handler) + call dump_stack + #ifdef CONFIG_KALLSYMS + leaq early_idt_ripmsg(%rip),%rdi +- movq 40(%rsp),%rsi # %rip again ++ movq 88(%rsp),%rsi # %rip again + call __print_symbol + #endif + #endif /* EARLY_PRINTK */ +@@ -363,11 +368,15 @@ ENTRY(early_idt_handler) addq $16,%rsp # drop vector number and error code decl early_recursion_flag(%rip) INTERRUPT_RETURN @@ -17537,7 +20205,7 @@ index 94bf9cc..400455a 100644 #ifdef CONFIG_EARLY_PRINTK early_idt_msg: .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n" -@@ -360,6 +369,7 @@ early_idt_ripmsg: +@@ -376,6 +385,7 @@ early_idt_ripmsg: #endif /* CONFIG_EARLY_PRINTK */ .previous @@ -17545,7 +20213,7 @@ index 94bf9cc..400455a 100644 #define NEXT_PAGE(name) \ .balign PAGE_SIZE; \ ENTRY(name) -@@ -372,7 +382,6 @@ ENTRY(name) +@@ -388,7 +398,6 @@ ENTRY(name) i = i + 1 ; \ .endr @@ -17553,7 +20221,7 @@ index 94bf9cc..400455a 100644 /* * This default setting generates an ident mapping at address 0x100000 * and a mapping for the kernel that precisely maps virtual address -@@ -383,13 +392,41 @@ NEXT_PAGE(init_level4_pgt) +@@ -399,13 +408,41 @@ NEXT_PAGE(init_level4_pgt) .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE .org init_level4_pgt + L4_PAGE_OFFSET*8, 0 .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE @@ -17595,7 +20263,7 @@ index 94bf9cc..400455a 100644 NEXT_PAGE(level3_kernel_pgt) .fill L3_START_KERNEL,8,0 -@@ -397,20 +434,23 @@ NEXT_PAGE(level3_kernel_pgt) +@@ -413,20 +450,23 @@ NEXT_PAGE(level3_kernel_pgt) .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -17627,7 +20295,7 @@ index 94bf9cc..400455a 100644 NEXT_PAGE(level2_kernel_pgt) /* -@@ -423,37 +463,59 @@ NEXT_PAGE(level2_kernel_pgt) +@@ -439,37 +479,59 @@ NEXT_PAGE(level2_kernel_pgt) * If you want to increase this then increase MODULES_VADDR * too.) */ @@ -17724,10 +20392,10 @@ index 9c3bd4a..e1d9b35 100644 +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR); +#endif diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c -index f250431..54097e7 100644 +index 245a71d..89d9ce4 100644 --- a/arch/x86/kernel/i387.c +++ b/arch/x86/kernel/i387.c -@@ -59,7 +59,7 @@ static inline bool interrupted_kernel_fpu_idle(void) +@@ -55,7 +55,7 @@ static inline bool interrupted_kernel_fpu_idle(void) static inline bool interrupted_user_mode(void) { struct pt_regs *regs = get_irq_regs(); @@ -17737,7 +20405,7 @@ index f250431..54097e7 100644 /* diff --git a/arch/x86/kernel/i8259.c b/arch/x86/kernel/i8259.c -index 36d1853..bf25736 100644 +index 9a5c460..b332a4b 100644 --- a/arch/x86/kernel/i8259.c +++ b/arch/x86/kernel/i8259.c @@ -209,7 +209,7 @@ spurious_8259A_irq: @@ -17749,6 +20417,38 @@ index 36d1853..bf25736 100644 /* * Theoretically we do not have to handle this IRQ, * but in Linux this does not cause problems and is +@@ -333,14 +333,16 @@ static void init_8259A(int auto_eoi) + /* (slave's support for AEOI in flat mode is to be investigated) */ + outb_pic(SLAVE_ICW4_DEFAULT, PIC_SLAVE_IMR); + ++ pax_open_kernel(); + if (auto_eoi) + /* + * In AEOI mode we just have to mask the interrupt + * when acking. + */ +- i8259A_chip.irq_mask_ack = disable_8259A_irq; ++ *(void **)&i8259A_chip.irq_mask_ack = disable_8259A_irq; + else +- i8259A_chip.irq_mask_ack = mask_and_ack_8259A; ++ *(void **)&i8259A_chip.irq_mask_ack = mask_and_ack_8259A; ++ pax_close_kernel(); + + udelay(100); /* wait for 8259A to initialize */ + +diff --git a/arch/x86/kernel/io_delay.c b/arch/x86/kernel/io_delay.c +index a979b5b..1d6db75 100644 +--- a/arch/x86/kernel/io_delay.c ++++ b/arch/x86/kernel/io_delay.c +@@ -58,7 +58,7 @@ static int __init dmi_io_delay_0xed_port(const struct dmi_system_id *id) + * Quirk table for systems that misbehave (lock up, etc.) if port + * 0x80 is used: + */ +-static struct dmi_system_id __initdata io_delay_0xed_port_dmi_table[] = { ++static const struct dmi_system_id __initconst io_delay_0xed_port_dmi_table[] = { + { + .callback = dmi_io_delay_0xed_port, + .ident = "Compaq Presario V6000", diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c index 8c96897..be66bfa 100644 --- a/arch/x86/kernel/ioport.c @@ -17797,7 +20497,7 @@ index 8c96897..be66bfa 100644 return -EPERM; } diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c -index d44f782..31ab01e 100644 +index e4595f1..ee3bfb8 100644 --- a/arch/x86/kernel/irq.c +++ b/arch/x86/kernel/irq.c @@ -18,7 +18,7 @@ @@ -17809,7 +20509,7 @@ index d44f782..31ab01e 100644 /* Function pointer for generic interrupt vector handling */ void (*x86_platform_ipi_callback)(void) = NULL; -@@ -121,9 +121,9 @@ int arch_show_interrupts(struct seq_file *p, int prec) +@@ -122,9 +122,9 @@ int arch_show_interrupts(struct seq_file *p, int prec) seq_printf(p, "%10u ", per_cpu(mce_poll_count, j)); seq_printf(p, " Machine check polls\n"); #endif @@ -18011,7 +20711,7 @@ index dc1404b..bbc43e7 100644 { struct setup_data_node *node = file->private_data; diff --git a/arch/x86/kernel/kgdb.c b/arch/x86/kernel/kgdb.c -index 3f61904..d26ea52 100644 +index 836f832..a8bda67 100644 --- a/arch/x86/kernel/kgdb.c +++ b/arch/x86/kernel/kgdb.c @@ -127,11 +127,11 @@ char *dbg_get_reg(int regno, void *mem, struct pt_regs *regs) @@ -18064,8 +20764,8 @@ index 3f61904..d26ea52 100644 if (user_mode(regs)) return single_step_cont(regs, args); break; -@@ -749,11 +752,11 @@ int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt) - char opc[BREAK_INSTR_SIZE]; +@@ -751,11 +754,11 @@ int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt) + #endif /* CONFIG_DEBUG_RODATA */ bpt->type = BP_BREAKPOINT; - err = probe_kernel_read(bpt->saved_instr, (char *)bpt->bpt_addr, @@ -18078,7 +20778,7 @@ index 3f61904..d26ea52 100644 arch_kgdb_ops.gdb_bpt_instr, BREAK_INSTR_SIZE); #ifdef CONFIG_DEBUG_RODATA if (!err) -@@ -766,7 +769,7 @@ int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt) +@@ -768,7 +771,7 @@ int kgdb_arch_set_breakpoint(struct kgdb_bkpt *bpt) return -EBUSY; text_poke((void *)bpt->bpt_addr, arch_kgdb_ops.gdb_bpt_instr, BREAK_INSTR_SIZE); @@ -18087,7 +20787,7 @@ index 3f61904..d26ea52 100644 if (err) return err; if (memcmp(opc, arch_kgdb_ops.gdb_bpt_instr, BREAK_INSTR_SIZE)) -@@ -791,13 +794,13 @@ int kgdb_arch_remove_breakpoint(struct kgdb_bkpt *bpt) +@@ -793,13 +796,13 @@ int kgdb_arch_remove_breakpoint(struct kgdb_bkpt *bpt) if (mutex_is_locked(&text_mutex)) goto knl_write; text_poke((void *)bpt->bpt_addr, bpt->saved_instr, BREAK_INSTR_SIZE); @@ -18155,7 +20855,7 @@ index c5e410e..ed5a7f0 100644 reset_current_kprobe(); preempt_enable_no_resched(); diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c -index e2f751e..5aac82f 100644 +index 57916c0..9e0b9d0 100644 --- a/arch/x86/kernel/kprobes.c +++ b/arch/x86/kernel/kprobes.c @@ -119,9 +119,12 @@ static void __kprobes __synthesize_relative_insn(void *from, void *to, u8 op) @@ -18234,7 +20934,7 @@ index e2f751e..5aac82f 100644 } /* -@@ -583,7 +590,7 @@ static int __kprobes kprobe_handler(struct pt_regs *regs) +@@ -600,7 +607,7 @@ static int __kprobes kprobe_handler(struct pt_regs *regs) setup_singlestep(p, regs, kcb, 0); return 1; } @@ -18243,7 +20943,7 @@ index e2f751e..5aac82f 100644 /* * The breakpoint instruction was removed right * after we hit it. Another cpu has removed -@@ -628,6 +635,9 @@ static void __used __kprobes kretprobe_trampoline_holder(void) +@@ -651,6 +658,9 @@ static void __used __kprobes kretprobe_trampoline_holder(void) " movq %rax, 152(%rsp)\n" RESTORE_REGS_STRING " popfq\n" @@ -18253,7 +20953,7 @@ index e2f751e..5aac82f 100644 #else " pushf\n" SAVE_REGS_STRING -@@ -765,7 +775,7 @@ static void __kprobes +@@ -788,7 +798,7 @@ static void __kprobes resume_execution(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *kcb) { unsigned long *tos = stack_addr(regs); @@ -18262,7 +20962,7 @@ index e2f751e..5aac82f 100644 unsigned long orig_ip = (unsigned long)p->addr; kprobe_opcode_t *insn = p->ainsn.insn; -@@ -947,7 +957,7 @@ kprobe_exceptions_notify(struct notifier_block *self, unsigned long val, void *d +@@ -970,7 +980,7 @@ kprobe_exceptions_notify(struct notifier_block *self, unsigned long val, void *d struct die_args *args = data; int ret = NOTIFY_DONE; @@ -18271,6 +20971,19 @@ index e2f751e..5aac82f 100644 return ret; switch (val) { +diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c +index 9c2bd8b..bb1131c 100644 +--- a/arch/x86/kernel/kvm.c ++++ b/arch/x86/kernel/kvm.c +@@ -452,7 +452,7 @@ static int __cpuinit kvm_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata kvm_cpu_notifier = { ++static struct notifier_block kvm_cpu_notifier = { + .notifier_call = kvm_cpu_notify, + }; + #endif diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c index ebc9873..1b9724b 100644 --- a/arch/x86/kernel/ldt.c @@ -18370,11 +21083,24 @@ index 5b19e4d..6476a76 100644 relocate_kernel_ptr = control_page; page_list[PA_CONTROL_PAGE] = __pa(control_page); +diff --git a/arch/x86/kernel/microcode_core.c b/arch/x86/kernel/microcode_core.c +index 3a04b22..1d2eb09 100644 +--- a/arch/x86/kernel/microcode_core.c ++++ b/arch/x86/kernel/microcode_core.c +@@ -512,7 +512,7 @@ mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu) + return NOTIFY_OK; + } + +-static struct notifier_block __refdata mc_cpu_notifier = { ++static struct notifier_block mc_cpu_notifier = { + .notifier_call = mc_cpu_callback, + }; + diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/microcode_intel.c -index 0327e2b..e43737b 100644 +index 3544aed..01ddc1c 100644 --- a/arch/x86/kernel/microcode_intel.c +++ b/arch/x86/kernel/microcode_intel.c -@@ -430,13 +430,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device) +@@ -431,13 +431,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device, static int get_ucode_user(void *to, const void *from, size_t n) { @@ -18391,7 +21117,7 @@ index 0327e2b..e43737b 100644 static void microcode_fini_cpu(int cpu) diff --git a/arch/x86/kernel/module.c b/arch/x86/kernel/module.c -index 216a4d7..b328f09 100644 +index 216a4d7..228255a 100644 --- a/arch/x86/kernel/module.c +++ b/arch/x86/kernel/module.c @@ -43,15 +43,60 @@ do { \ @@ -18402,7 +21128,7 @@ index 216a4d7..b328f09 100644 +static inline void *__module_alloc(unsigned long size, pgprot_t prot) { - if (PAGE_ALIGN(size) > MODULES_LEN) -+ if (size == 0 || PAGE_ALIGN(size) > MODULES_LEN) ++ if (!size || PAGE_ALIGN(size) > MODULES_LEN) return NULL; return __vmalloc_node_range(size, 1, MODULES_VADDR, MODULES_END, - GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC, @@ -18527,10 +21253,53 @@ index 216a4d7..b328f09 100644 #if 0 if ((s64)val != *(s32 *)loc) goto overflow; +diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c +index 4929502..686c291 100644 +--- a/arch/x86/kernel/msr.c ++++ b/arch/x86/kernel/msr.c +@@ -234,7 +234,7 @@ static int __cpuinit msr_class_cpu_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block __refdata msr_class_cpu_notifier = { ++static struct notifier_block msr_class_cpu_notifier = { + .notifier_call = msr_class_cpu_callback, + }; + diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c -index f84f5c5..e27e54b 100644 +index f84f5c5..f404e81 100644 --- a/arch/x86/kernel/nmi.c +++ b/arch/x86/kernel/nmi.c +@@ -105,7 +105,7 @@ static int __kprobes nmi_handle(unsigned int type, struct pt_regs *regs, bool b2 + return handled; + } + +-int __register_nmi_handler(unsigned int type, struct nmiaction *action) ++int __register_nmi_handler(unsigned int type, const struct nmiaction *action) + { + struct nmi_desc *desc = nmi_to_desc(type); + unsigned long flags; +@@ -129,9 +129,9 @@ int __register_nmi_handler(unsigned int type, struct nmiaction *action) + * event confuses some handlers (kdump uses this flag) + */ + if (action->flags & NMI_FLAG_FIRST) +- list_add_rcu(&action->list, &desc->head); ++ pax_list_add_rcu((struct list_head *)&action->list, &desc->head); + else +- list_add_tail_rcu(&action->list, &desc->head); ++ pax_list_add_tail_rcu((struct list_head *)&action->list, &desc->head); + + spin_unlock_irqrestore(&desc->lock, flags); + return 0; +@@ -154,7 +154,7 @@ void unregister_nmi_handler(unsigned int type, const char *name) + if (!strcmp(n->name, name)) { + WARN(in_nmi(), + "Trying to free NMI (%s) from NMI context!\n", n->name); +- list_del_rcu(&n->list); ++ pax_list_del_rcu((struct list_head *)&n->list); + break; + } + } @@ -479,6 +479,17 @@ static inline void nmi_nesting_postprocess(void) dotraplinkage notrace __kprobes void do_nmi(struct pt_regs *regs, long error_code) @@ -18549,6 +21318,28 @@ index f84f5c5..e27e54b 100644 nmi_nesting_preprocess(regs); nmi_enter(); +diff --git a/arch/x86/kernel/nmi_selftest.c b/arch/x86/kernel/nmi_selftest.c +index 6d9582e..f746287 100644 +--- a/arch/x86/kernel/nmi_selftest.c ++++ b/arch/x86/kernel/nmi_selftest.c +@@ -43,7 +43,7 @@ static void __init init_nmi_testsuite(void) + { + /* trap all the unknown NMIs we may generate */ + register_nmi_handler(NMI_UNKNOWN, nmi_unk_cb, 0, "nmi_selftest_unk", +- __initdata); ++ __initconst); + } + + static void __init cleanup_nmi_testsuite(void) +@@ -66,7 +66,7 @@ static void __init test_nmi_ipi(struct cpumask *mask) + unsigned long timeout; + + if (register_nmi_handler(NMI_LOCAL, test_nmi_ipi_callback, +- NMI_FLAG_FIRST, "nmi_selftest", __initdata)) { ++ NMI_FLAG_FIRST, "nmi_selftest", __initconst)) { + nmi_fail = FAILURE; + return; + } diff --git a/arch/x86/kernel/paravirt-spinlocks.c b/arch/x86/kernel/paravirt-spinlocks.c index 676b8c7..870ba04 100644 --- a/arch/x86/kernel/paravirt-spinlocks.c @@ -18563,7 +21354,7 @@ index 676b8c7..870ba04 100644 .spin_is_locked = __ticket_spin_is_locked, .spin_is_contended = __ticket_spin_is_contended, diff --git a/arch/x86/kernel/paravirt.c b/arch/x86/kernel/paravirt.c -index 17fff18..7bb2088 100644 +index 17fff18..5cfa0f4 100644 --- a/arch/x86/kernel/paravirt.c +++ b/arch/x86/kernel/paravirt.c @@ -55,6 +55,9 @@ u64 _paravirt_ident_64(u64 x) @@ -18591,10 +21382,10 @@ index 17fff18..7bb2088 100644 ret = paravirt_patch_ident_32(insnbuf, len); - else if (opfunc == _paravirt_ident_64) + else if (opfunc == (void *)_paravirt_ident_64) -+ ret = paravirt_patch_ident_64(insnbuf, len); + ret = paravirt_patch_ident_64(insnbuf, len); +#if defined(CONFIG_X86_32) && defined(CONFIG_X86_PAE) + else if (opfunc == (void *)__raw_callee_save__paravirt_ident_64) - ret = paravirt_patch_ident_64(insnbuf, len); ++ ret = paravirt_patch_ident_64(insnbuf, len); +#endif else if (type == PARAVIRT_PATCH(pv_cpu_ops.iret) || @@ -18651,7 +21442,7 @@ index 17fff18..7bb2088 100644 }; -struct pv_apic_ops pv_apic_ops = { -+struct pv_apic_ops pv_apic_ops __read_only = { ++struct pv_apic_ops pv_apic_ops __read_only= { #ifdef CONFIG_X86_LOCAL_APIC .startup_ipi_hook = paravirt_nop, #endif @@ -18710,8 +21501,21 @@ index 35ccf75..7a15747 100644 #define DEBUG 1 +diff --git a/arch/x86/kernel/pci-swiotlb.c b/arch/x86/kernel/pci-swiotlb.c +index 6c483ba..d10ce2f 100644 +--- a/arch/x86/kernel/pci-swiotlb.c ++++ b/arch/x86/kernel/pci-swiotlb.c +@@ -32,7 +32,7 @@ static void x86_swiotlb_free_coherent(struct device *dev, size_t size, + void *vaddr, dma_addr_t dma_addr, + struct dma_attrs *attrs) + { +- swiotlb_free_coherent(dev, size, vaddr, dma_addr); ++ swiotlb_free_coherent(dev, size, vaddr, dma_addr, attrs); + } + + static struct dma_map_ops swiotlb_dma_ops = { diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index ef6a845..8028ed3 100644 +index 2ed787f..f70c9f6 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -36,7 +36,8 @@ @@ -18724,7 +21528,7 @@ index ef6a845..8028ed3 100644 #ifdef CONFIG_X86_64 static DEFINE_PER_CPU(unsigned char, is_idle); -@@ -94,7 +95,7 @@ void arch_task_cache_init(void) +@@ -92,7 +93,7 @@ void arch_task_cache_init(void) task_xstate_cachep = kmem_cache_create("task_xstate", xstate_size, __alignof__(union thread_xstate), @@ -18732,8 +21536,8 @@ index ef6a845..8028ed3 100644 + SLAB_PANIC | SLAB_NOTRACK | SLAB_USERCOPY, NULL); } - static inline void drop_fpu(struct task_struct *tsk) -@@ -117,7 +118,7 @@ void exit_thread(void) + /* +@@ -105,7 +106,7 @@ void exit_thread(void) unsigned long *bp = t->io_bitmap_ptr; if (bp) { @@ -18742,7 +21546,7 @@ index ef6a845..8028ed3 100644 t->io_bitmap_ptr = NULL; clear_thread_flag(TIF_IO_BITMAP); -@@ -148,7 +149,7 @@ void show_regs_common(void) +@@ -136,7 +137,7 @@ void show_regs_common(void) board = dmi_get_system_info(DMI_BOARD_NAME); printk(KERN_DEFAULT "Pid: %d, comm: %.20s %s %s %.*s %s %s%s%s\n", @@ -18751,7 +21555,7 @@ index ef6a845..8028ed3 100644 init_utsname()->release, (int)strcspn(init_utsname()->version, " "), init_utsname()->version, -@@ -161,6 +162,9 @@ void flush_thread(void) +@@ -149,6 +150,9 @@ void flush_thread(void) { struct task_struct *tsk = current; @@ -18760,22 +21564,8 @@ index ef6a845..8028ed3 100644 +#endif flush_ptrace_hw_breakpoint(tsk); memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array)); - drop_fpu(tsk); -@@ -318,10 +322,10 @@ int kernel_thread(int (*fn)(void *), void *arg, unsigned long flags) - regs.di = (unsigned long) arg; - - #ifdef CONFIG_X86_32 -- regs.ds = __USER_DS; -- regs.es = __USER_DS; -+ regs.ds = __KERNEL_DS; -+ regs.es = __KERNEL_DS; - regs.fs = __KERNEL_PERCPU; -- regs.gs = __KERNEL_STACK_CANARY; -+ savesegment(gs, regs.gs); - #else - regs.ss = __KERNEL_DS; - #endif -@@ -407,7 +411,7 @@ static void __exit_idle(void) + drop_init_fpu(tsk); +@@ -301,7 +305,7 @@ static void __exit_idle(void) void exit_idle(void) { /* idle loop has pid 0 */ @@ -18784,7 +21574,7 @@ index ef6a845..8028ed3 100644 return; __exit_idle(); } -@@ -516,7 +520,7 @@ bool set_pm_idle_to_default(void) +@@ -404,7 +408,7 @@ bool set_pm_idle_to_default(void) return ret; } @@ -18793,7 +21583,7 @@ index ef6a845..8028ed3 100644 { local_irq_disable(); /* -@@ -744,16 +748,37 @@ static int __init idle_setup(char *str) +@@ -632,16 +636,37 @@ static int __init idle_setup(char *str) } early_param("idle", idle_setup); @@ -18818,9 +21608,9 @@ index ef6a845..8028ed3 100644 + + if (v8086_mode(regs)) + return; -+ -+ rdtscl(time); ++ rdtscl(time); ++ + /* P4 seems to return a 0 LSB, ignore it */ +#ifdef CONFIG_MPENTIUM4 + time &= 0x3EUL; @@ -18842,10 +21632,10 @@ index ef6a845..8028ed3 100644 +} +#endif diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c -index 516fa18..d3a7099 100644 +index b5a8905..d9cacac 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c -@@ -64,6 +64,7 @@ asmlinkage void ret_from_fork(void) __asm__("ret_from_fork"); +@@ -65,6 +65,7 @@ asmlinkage void ret_from_kernel_thread(void) __asm__("ret_from_kernel_thread"); unsigned long thread_saved_pc(struct task_struct *tsk) { return ((unsigned long *)tsk->thread.sp)[3]; @@ -18853,7 +21643,7 @@ index 516fa18..d3a7099 100644 } void __show_regs(struct pt_regs *regs, int all) -@@ -73,21 +74,20 @@ void __show_regs(struct pt_regs *regs, int all) +@@ -74,21 +75,20 @@ void __show_regs(struct pt_regs *regs, int all) unsigned long sp; unsigned short ss, gs; @@ -18878,23 +21668,33 @@ index 516fa18..d3a7099 100644 print_symbol("EIP is at %s\n", regs->ip); printk(KERN_DEFAULT "EAX: %08lx EBX: %08lx ECX: %08lx EDX: %08lx\n", -@@ -134,13 +134,14 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -130,20 +130,21 @@ void release_thread(struct task_struct *dead_task) + int copy_thread(unsigned long clone_flags, unsigned long sp, + unsigned long arg, struct task_struct *p) + { +- struct pt_regs *childregs = task_pt_regs(p); ++ struct pt_regs *childregs = task_stack_page(p) + THREAD_SIZE - sizeof(struct pt_regs) - 8; struct task_struct *tsk; int err; -- childregs = task_pt_regs(p); -+ childregs = task_stack_page(p) + THREAD_SIZE - sizeof(struct pt_regs) - 8; - *childregs = *regs; - childregs->ax = 0; - childregs->sp = sp; - p->thread.sp = (unsigned long) childregs; p->thread.sp0 = (unsigned long) (childregs+1); + p->tinfo.lowest_stack = (unsigned long)task_stack_page(p); - p->thread.ip = (unsigned long) ret_from_fork; - -@@ -231,7 +232,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) + if (unlikely(p->flags & PF_KTHREAD)) { + /* kernel thread */ + memset(childregs, 0, sizeof(struct pt_regs)); + p->thread.ip = (unsigned long) ret_from_kernel_thread; +- task_user_gs(p) = __KERNEL_STACK_CANARY; +- childregs->ds = __USER_DS; +- childregs->es = __USER_DS; ++ savesegment(gs, childregs->gs); ++ childregs->ds = __KERNEL_DS; ++ childregs->es = __KERNEL_DS; + childregs->fs = __KERNEL_PERCPU; + childregs->bx = sp; /* function */ + childregs->bp = arg; +@@ -250,7 +251,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) struct thread_struct *prev = &prev_p->thread, *next = &next_p->thread; int cpu = smp_processor_id(); @@ -18903,7 +21703,7 @@ index 516fa18..d3a7099 100644 fpu_switch_t fpu; /* never put a printk in __switch_to... printk() calls wake_up*() indirectly */ -@@ -255,6 +256,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -274,6 +275,10 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) */ lazy_save_gs(prev->gs); @@ -18914,7 +21714,7 @@ index 516fa18..d3a7099 100644 /* * Load the per-thread Thread-Local Storage descriptor. */ -@@ -285,6 +290,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -304,6 +309,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) */ arch_end_context_switch(next_p); @@ -18924,7 +21724,7 @@ index 516fa18..d3a7099 100644 /* * Restore %gs if needed (which is common) */ -@@ -293,8 +301,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -312,8 +320,6 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) switch_fpu_finish(next_p, fpu); @@ -18933,34 +21733,29 @@ index 516fa18..d3a7099 100644 return prev_p; } -@@ -324,4 +330,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -343,4 +349,3 @@ unsigned long get_wchan(struct task_struct *p) } while (count++ < 16); return 0; } - diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c -index 0a980c9..1d0e689 100644 +index 6e68a61..955a9a5 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c -@@ -153,8 +153,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -152,10 +152,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, struct pt_regs *childregs; struct task_struct *me = current; -- childregs = ((struct pt_regs *) -- (THREAD_SIZE + task_stack_page(p))) - 1; -+ childregs = task_stack_page(p) + THREAD_SIZE - sizeof(struct pt_regs) - 16; - *childregs = *regs; - - childregs->ax = 0; -@@ -166,6 +165,7 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +- p->thread.sp0 = (unsigned long)task_stack_page(p) + THREAD_SIZE; ++ p->thread.sp0 = (unsigned long)task_stack_page(p) + THREAD_SIZE - 16; + childregs = task_pt_regs(p); p->thread.sp = (unsigned long) childregs; - p->thread.sp0 = (unsigned long) (childregs+1); p->thread.usersp = me->thread.usersp; + p->tinfo.lowest_stack = (unsigned long)task_stack_page(p); - set_tsk_thread_flag(p, TIF_FORK); - -@@ -271,7 +271,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) + p->fpu_counter = 0; + p->thread.io_bitmap_ptr = NULL; +@@ -274,7 +275,7 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) struct thread_struct *prev = &prev_p->thread; struct thread_struct *next = &next_p->thread; int cpu = smp_processor_id(); @@ -18969,7 +21764,7 @@ index 0a980c9..1d0e689 100644 unsigned fsindex, gsindex; fpu_switch_t fpu; -@@ -353,10 +353,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) +@@ -356,10 +357,9 @@ __switch_to(struct task_struct *prev_p, struct task_struct *next_p) prev->usersp = this_cpu_read(old_rsp); this_cpu_write(old_rsp, next->usersp); this_cpu_write(current_task, next_p); @@ -18982,7 +21777,7 @@ index 0a980c9..1d0e689 100644 /* * Now maybe reload the debug registers and handle I/O bitmaps -@@ -425,12 +424,11 @@ unsigned long get_wchan(struct task_struct *p) +@@ -428,12 +428,11 @@ unsigned long get_wchan(struct task_struct *p) if (!p || p == current || p->state == TASK_RUNNING) return 0; stack = (unsigned long)task_stack_page(p); @@ -18998,10 +21793,10 @@ index 0a980c9..1d0e689 100644 ip = *(u64 *)(fp+8); if (!in_sched_functions(ip)) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c -index 9ee1787..33228a7 100644 +index b629bbe..0fa615a 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c -@@ -182,14 +182,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs) +@@ -184,14 +184,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs) { unsigned long context = (unsigned long)regs & ~(THREAD_SIZE - 1); unsigned long sp = (unsigned long)®s->sp; @@ -19020,7 +21815,16 @@ index 9ee1787..33228a7 100644 return (unsigned long)regs; } -@@ -854,7 +853,7 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -588,7 +587,7 @@ static void ptrace_triggered(struct perf_event *bp, + static unsigned long ptrace_get_dr7(struct perf_event *bp[]) + { + int i; +- int dr7 = 0; ++ unsigned long dr7 = 0; + struct arch_hw_breakpoint *info; + + for (i = 0; i < HBP_NUM; i++) { +@@ -856,7 +855,7 @@ long arch_ptrace(struct task_struct *child, long request, unsigned long addr, unsigned long data) { int ret; @@ -19029,7 +21833,7 @@ index 9ee1787..33228a7 100644 switch (request) { /* read the word at location addr in the USER area. */ -@@ -939,14 +938,14 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -941,14 +940,14 @@ long arch_ptrace(struct task_struct *child, long request, if ((int) addr < 0) return -EIO; ret = do_get_thread_area(child, addr, @@ -19046,7 +21850,34 @@ index 9ee1787..33228a7 100644 break; #endif -@@ -1456,7 +1455,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, +@@ -1326,7 +1325,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request, + + #ifdef CONFIG_X86_64 + +-static struct user_regset x86_64_regsets[] __read_mostly = { ++static user_regset_no_const x86_64_regsets[] __read_only = { + [REGSET_GENERAL] = { + .core_note_type = NT_PRSTATUS, + .n = sizeof(struct user_regs_struct) / sizeof(long), +@@ -1367,7 +1366,7 @@ static const struct user_regset_view user_x86_64_view = { + #endif /* CONFIG_X86_64 */ + + #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION +-static struct user_regset x86_32_regsets[] __read_mostly = { ++static user_regset_no_const x86_32_regsets[] __read_only = { + [REGSET_GENERAL] = { + .core_note_type = NT_PRSTATUS, + .n = sizeof(struct user_regs_struct32) / sizeof(u32), +@@ -1420,7 +1419,7 @@ static const struct user_regset_view user_x86_32_view = { + */ + u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS]; + +-void update_regset_xstate_info(unsigned int size, u64 xstate_mask) ++void __init update_regset_xstate_info(unsigned int size, u64 xstate_mask) + { + #ifdef CONFIG_X86_64 + x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64); +@@ -1455,7 +1454,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, memset(info, 0, sizeof(*info)); info->si_signo = SIGTRAP; info->si_code = si_code; @@ -19055,7 +21886,7 @@ index 9ee1787..33228a7 100644 } void user_single_step_siginfo(struct task_struct *tsk, -@@ -1485,6 +1484,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, +@@ -1484,6 +1483,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, # define IS_IA32 0 #endif @@ -19066,35 +21897,35 @@ index 9ee1787..33228a7 100644 /* * We must return the syscall number to actually look up in the table. * This can be -1L to skip running any syscall at all. -@@ -1493,6 +1496,11 @@ long syscall_trace_enter(struct pt_regs *regs) - { - long ret = 0; +@@ -1494,6 +1497,11 @@ long syscall_trace_enter(struct pt_regs *regs) + + user_exit(); +#ifdef CONFIG_GRKERNSEC_SETXID + if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) -+ gr_delayed_cred_worker(); -+#endif ++ gr_delayed_cred_worker(); ++#endif + /* * If we stepped into a sysenter/syscall insn, it trapped in * kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP. -@@ -1541,6 +1549,11 @@ void syscall_trace_leave(struct pt_regs *regs) - { - bool step; +@@ -1549,6 +1557,11 @@ void syscall_trace_leave(struct pt_regs *regs) + */ + user_exit(); +#ifdef CONFIG_GRKERNSEC_SETXID + if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) -+ gr_delayed_cred_worker(); -+#endif ++ gr_delayed_cred_worker(); ++#endif + audit_syscall_exit(regs); if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/x86/kernel/pvclock.c b/arch/x86/kernel/pvclock.c -index 42eb330..139955c 100644 +index 85c3959..76b89f9 100644 --- a/arch/x86/kernel/pvclock.c +++ b/arch/x86/kernel/pvclock.c -@@ -81,11 +81,11 @@ unsigned long pvclock_tsc_khz(struct pvclock_vcpu_time_info *src) +@@ -43,11 +43,11 @@ unsigned long pvclock_tsc_khz(struct pvclock_vcpu_time_info *src) return pv_tsc_khz; } @@ -19107,8 +21938,8 @@ index 42eb330..139955c 100644 + atomic64_set_unchecked(&last_value, 0); } - cycle_t pvclock_clocksource_read(struct pvclock_vcpu_time_info *src) -@@ -121,11 +121,11 @@ cycle_t pvclock_clocksource_read(struct pvclock_vcpu_time_info *src) + u8 pvclock_read_flags(struct pvclock_vcpu_time_info *src) +@@ -92,11 +92,11 @@ cycle_t pvclock_clocksource_read(struct pvclock_vcpu_time_info *src) * updating at the same time, and one of them could be slightly behind, * making the assumption that last_value always go forward fail to hold. */ @@ -19123,7 +21954,7 @@ index 42eb330..139955c 100644 return ret; diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c -index 3f20ab4..95b8bf4 100644 +index 76fa1e9..abf09ea 100644 --- a/arch/x86/kernel/reboot.c +++ b/arch/x86/kernel/reboot.c @@ -36,7 +36,7 @@ void (*pm_power_off)(void); @@ -19178,7 +22009,7 @@ index 3f20ab4..95b8bf4 100644 "rm" (real_mode_header->machine_real_restart_asm), "a" (type)); #else -@@ -539,7 +566,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) +@@ -531,7 +558,7 @@ void __attribute__((weak)) mach_reboot_fixups(void) * try to force a triple fault and then cycle between hitting the keyboard * controller and doing that */ @@ -19187,7 +22018,7 @@ index 3f20ab4..95b8bf4 100644 { int i; int attempt = 0; -@@ -662,13 +689,13 @@ void native_machine_shutdown(void) +@@ -654,13 +681,13 @@ void native_machine_shutdown(void) #endif } @@ -19203,7 +22034,7 @@ index 3f20ab4..95b8bf4 100644 { pr_notice("machine restart\n"); -@@ -677,7 +704,7 @@ static void native_machine_restart(char *__unused) +@@ -669,7 +696,7 @@ static void native_machine_restart(char *__unused) __machine_emergency_restart(0); } @@ -19212,7 +22043,7 @@ index 3f20ab4..95b8bf4 100644 { /* Stop other cpus and apics */ machine_shutdown(); -@@ -687,7 +714,7 @@ static void native_machine_halt(void) +@@ -679,7 +706,7 @@ static void native_machine_halt(void) stop_this_cpu(NULL); } @@ -19221,14 +22052,18 @@ index 3f20ab4..95b8bf4 100644 { if (pm_power_off) { if (!reboot_force) -@@ -696,6 +723,7 @@ static void native_machine_power_off(void) +@@ -688,9 +715,10 @@ static void native_machine_power_off(void) } /* A fallback in case there is no PM info available */ tboot_shutdown(TB_SHUTDOWN_HALT); + unreachable(); } - struct machine_ops machine_ops = { +-struct machine_ops machine_ops = { ++struct machine_ops machine_ops __read_only = { + .power_off = native_machine_power_off, + .shutdown = native_machine_shutdown, + .emergency_restart = native_machine_emergency_restart, diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S index 7a6f3b3..bed145d7 100644 --- a/arch/x86/kernel/relocate_kernel_64.S @@ -19258,10 +22093,10 @@ index 7a6f3b3..bed145d7 100644 1: diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 771ff4d..4f9a14d 100644 +index 8b24289..d37b58b 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -440,7 +440,7 @@ static void __init parse_setup_data(void) +@@ -437,7 +437,7 @@ static void __init parse_setup_data(void) switch (data->type) { case SETUP_E820_EXT: @@ -19270,7 +22105,7 @@ index 771ff4d..4f9a14d 100644 break; case SETUP_DTB: add_dtb(pa_data); -@@ -709,7 +709,7 @@ static void __init trim_bios_range(void) +@@ -706,7 +706,7 @@ static void __init trim_bios_range(void) * area (640->1Mb) as ram even though it is not. * take them out. */ @@ -19279,7 +22114,7 @@ index 771ff4d..4f9a14d 100644 sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map); } -@@ -833,14 +833,14 @@ void __init setup_arch(char **cmdline_p) +@@ -830,14 +830,14 @@ void __init setup_arch(char **cmdline_p) if (!boot_params.hdr.root_flags) root_mountflags &= ~MS_RDONLY; @@ -19367,10 +22202,10 @@ index 5cdff03..5810740 100644 * Up to this point, the boot CPU has been using .init.data * area. Reload any changed state for the boot CPU. diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c -index b280908..6de349e 100644 +index d6bf1f3..3ffce5a 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c -@@ -194,7 +194,7 @@ static unsigned long align_sigframe(unsigned long sp) +@@ -196,7 +196,7 @@ static unsigned long align_sigframe(unsigned long sp) * Align the stack pointer according to the i386 ABI, * i.e. so that on function entry ((sp + 4) & 15) == 0. */ @@ -19379,20 +22214,6 @@ index b280908..6de349e 100644 #else /* !CONFIG_X86_32 */ sp = round_down(sp, 16) - 8; #endif -@@ -245,11 +245,11 @@ get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, size_t frame_size, - * Return an always-bogus address instead so we will die with SIGSEGV. - */ - if (onsigstack && !likely(on_sig_stack(sp))) -- return (void __user *)-1L; -+ return (__force void __user *)-1L; - - /* save i387 state */ - if (used_math() && save_i387_xstate(*fpstate) < 0) -- return (void __user *)-1L; -+ return (__force void __user *)-1L; - - return (void __user *)sp; - } @@ -304,9 +304,9 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, } @@ -19414,8 +22235,8 @@ index b280908..6de349e 100644 if (err) return -EFAULT; -@@ -374,7 +374,10 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, - err |= __copy_to_user(&frame->uc.uc_sigmask, set, sizeof(*set)); +@@ -367,7 +367,10 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, + err |= __save_altstack(&frame->uc.uc_stack, regs->sp); /* Set up to return from userspace. */ - restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn); @@ -19426,20 +22247,33 @@ index b280908..6de349e 100644 if (ka->sa.sa_flags & SA_RESTORER) restorer = ka->sa.sa_restorer; put_user_ex(restorer, &frame->pretcode); -@@ -386,7 +389,7 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -379,7 +382,7 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, * reasons and because gdb uses it as a signature to notice * signal handler stack frames. */ - put_user_ex(*((u64 *)&rt_retcode), (u64 *)frame->retcode); + put_user_ex(*((u64 *)&rt_retcode), (u64 __user *)frame->retcode); } put_user_catch(err); - - if (err) + + err |= copy_siginfo_to_user(&frame->info, info); +diff --git a/arch/x86/kernel/smp.c b/arch/x86/kernel/smp.c +index 48d2b7d..90d328a 100644 +--- a/arch/x86/kernel/smp.c ++++ b/arch/x86/kernel/smp.c +@@ -285,7 +285,7 @@ static int __init nonmi_ipi_setup(char *str) + + __setup("nonmi_ipi", nonmi_ipi_setup); + +-struct smp_ops smp_ops = { ++struct smp_ops smp_ops __read_only = { + .smp_prepare_boot_cpu = native_smp_prepare_boot_cpu, + .smp_prepare_cpus = native_smp_prepare_cpus, + .smp_cpus_done = native_smp_cpus_done, diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index 23c39cf..52ed8d9 100644 +index ed0fe38..87fc692 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c -@@ -672,6 +672,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -748,6 +748,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) idle->thread.sp = (unsigned long) (((struct pt_regs *) (THREAD_SIZE + task_stack_page(idle))) - 1); per_cpu(current_task, cpu) = idle; @@ -19447,7 +22281,7 @@ index 23c39cf..52ed8d9 100644 #ifdef CONFIG_X86_32 /* Stack for startup_32 can be just as for start_secondary onwards */ -@@ -679,11 +680,13 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -755,11 +756,13 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) #else clear_tsk_thread_flag(idle, TIF_FORK); initial_gs = per_cpu_offset(cpu); @@ -19464,7 +22298,7 @@ index 23c39cf..52ed8d9 100644 initial_code = (unsigned long)start_secondary; stack_start = idle->thread.sp; -@@ -822,6 +825,15 @@ int __cpuinit native_cpu_up(unsigned int cpu, struct task_struct *tidle) +@@ -908,6 +911,15 @@ int __cpuinit native_cpu_up(unsigned int cpu, struct task_struct *tidle) /* the FPU context is blank, nobody can own it */ __cpu_disable_lazy_restore(cpu); @@ -19481,7 +22315,7 @@ index 23c39cf..52ed8d9 100644 if (err) { pr_debug("do_boot_cpu failed %d\n", err); diff --git a/arch/x86/kernel/step.c b/arch/x86/kernel/step.c -index c346d11..d43b163 100644 +index 9b4d51d..5d28b58 100644 --- a/arch/x86/kernel/step.c +++ b/arch/x86/kernel/step.c @@ -27,10 +27,10 @@ unsigned long convert_ip_to_linear(struct task_struct *child, struct pt_regs *re @@ -19518,20 +22352,37 @@ index c346d11..d43b163 100644 for (i = 0; i < copied; i++) { switch (opcode[i]) { diff --git a/arch/x86/kernel/sys_i386_32.c b/arch/x86/kernel/sys_i386_32.c -index 0b0cb5f..db6b9ed 100644 ---- a/arch/x86/kernel/sys_i386_32.c +new file mode 100644 +index 0000000..207bec6 +--- /dev/null +++ b/arch/x86/kernel/sys_i386_32.c -@@ -24,17 +24,224 @@ - - #include <asm/syscalls.h> - --/* -- * Do a system call from kernel instead of calling sys_execve so we -- * end up with proper pt_regs. -- */ --int kernel_execve(const char *filename, -- const char *const argv[], -- const char *const envp[]) +@@ -0,0 +1,250 @@ ++/* ++ * This file contains various random system calls that ++ * have a non-standard calling sequence on the Linux/i386 ++ * platform. ++ */ ++ ++#include <linux/errno.h> ++#include <linux/sched.h> ++#include <linux/mm.h> ++#include <linux/fs.h> ++#include <linux/smp.h> ++#include <linux/sem.h> ++#include <linux/msg.h> ++#include <linux/shm.h> ++#include <linux/stat.h> ++#include <linux/syscalls.h> ++#include <linux/mman.h> ++#include <linux/file.h> ++#include <linux/utsname.h> ++#include <linux/ipc.h> ++ ++#include <linux/uaccess.h> ++#include <linux/unistd.h> ++ ++#include <asm/syscalls.h> ++ +int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags) +{ + unsigned long pax_task_size = TASK_SIZE; @@ -19541,8 +22392,9 @@ index 0b0cb5f..db6b9ed 100644 + pax_task_size = SEGMEXEC_TASK_SIZE; +#endif + -+ if (len > pax_task_size || addr > pax_task_size - len) -+ return -EINVAL; ++ if (flags & MAP_FIXED) ++ if (len > pax_task_size || addr > pax_task_size - len) ++ return -EINVAL; + + return 0; +} @@ -19554,6 +22406,7 @@ index 0b0cb5f..db6b9ed 100644 + struct mm_struct *mm = current->mm; + struct vm_area_struct *vma; + unsigned long start_addr, pax_task_size = TASK_SIZE; ++ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + +#ifdef CONFIG_PAX_SEGMEXEC + if (mm->pax_flags & MF_PAX_SEGMEXEC) @@ -19576,7 +22429,7 @@ index 0b0cb5f..db6b9ed 100644 + addr = PAGE_ALIGN(addr); + if (pax_task_size - len >= addr) { + vma = find_vma(mm, addr); -+ if (check_heap_stack_gap(vma, addr, len)) ++ if (check_heap_stack_gap(vma, addr, len, offset)) + return addr; + } + } @@ -19618,7 +22471,7 @@ index 0b0cb5f..db6b9ed 100644 + } + return -ENOMEM; + } -+ if (check_heap_stack_gap(vma, addr, len)) ++ if (check_heap_stack_gap(vma, addr, len, offset)) + break; + if (addr + mm->cached_hole_size < vma->vm_start) + mm->cached_hole_size = vma->vm_start - addr; @@ -19641,15 +22494,11 @@ index 0b0cb5f..db6b9ed 100644 +arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + const unsigned long len, const unsigned long pgoff, + const unsigned long flags) - { -- long __res; -- asm volatile ("int $0x80" -- : "=a" (__res) -- : "0" (__NR_execve), "b" (filename), "c" (argv), "d" (envp) : "memory"); -- return __res; ++{ + struct vm_area_struct *vma; + struct mm_struct *mm = current->mm; + unsigned long base = mm->mmap_base, addr = addr0, pax_task_size = TASK_SIZE; ++ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + +#ifdef CONFIG_PAX_SEGMEXEC + if (mm->pax_flags & MF_PAX_SEGMEXEC) @@ -19679,7 +22528,7 @@ index 0b0cb5f..db6b9ed 100644 + addr = PAGE_ALIGN(addr); + if (pax_task_size - len >= addr) { + vma = find_vma(mm, addr); -+ if (check_heap_stack_gap(vma, addr, len)) ++ if (check_heap_stack_gap(vma, addr, len, offset)) + return addr; + } + } @@ -19696,7 +22545,7 @@ index 0b0cb5f..db6b9ed 100644 + /* make sure it can fit in the remaining address space */ + if (addr > len) { + vma = find_vma(mm, addr-len); -+ if (check_heap_stack_gap(vma, addr - len, len)) ++ if (check_heap_stack_gap(vma, addr - len, len, offset)) + /* remember the address as a hint for next time */ + return (mm->free_area_cache = addr-len); + } @@ -19713,7 +22562,7 @@ index 0b0cb5f..db6b9ed 100644 + * return with success: + */ + vma = find_vma(mm, addr); -+ if (check_heap_stack_gap(vma, addr, len)) ++ if (check_heap_stack_gap(vma, addr, len, offset)) + /* remember the address as a hint for next time */ + return (mm->free_area_cache = addr); + @@ -19722,7 +22571,7 @@ index 0b0cb5f..db6b9ed 100644 + mm->cached_hole_size = vma->vm_start - addr; + + /* try just below the current vma->vm_start */ -+ addr = skip_heap_stack_gap(vma, len); ++ addr = skip_heap_stack_gap(vma, len, offset); + } while (!IS_ERR_VALUE(addr)); + +bottomup: @@ -19757,12 +22606,12 @@ index 0b0cb5f..db6b9ed 100644 + mm->cached_hole_size = ~0UL; + + return addr; - } ++} diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c -index b4d3c39..82bb73b 100644 +index 97ef74b..57a1882 100644 --- a/arch/x86/kernel/sys_x86_64.c +++ b/arch/x86/kernel/sys_x86_64.c -@@ -95,8 +95,8 @@ out: +@@ -81,8 +81,8 @@ out: return error; } @@ -19773,7 +22622,7 @@ index b4d3c39..82bb73b 100644 { if (!test_thread_flag(TIF_ADDR32) && (flags & MAP_32BIT)) { unsigned long new_begin; -@@ -115,7 +115,7 @@ static void find_start_end(unsigned long flags, unsigned long *begin, +@@ -101,7 +101,7 @@ static void find_start_end(unsigned long flags, unsigned long *begin, *begin = new_begin; } } else { @@ -19782,7 +22631,12 @@ index b4d3c39..82bb73b 100644 *end = TASK_SIZE; } } -@@ -132,16 +132,19 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -114,20 +114,24 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, + struct vm_area_struct *vma; + struct vm_unmapped_area_info info; + unsigned long begin, end; ++ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + if (flags & MAP_FIXED) return addr; @@ -19801,29 +22655,11 @@ index b4d3c39..82bb73b 100644 vma = find_vma(mm, addr); - if (end - len >= addr && - (!vma || addr + len <= vma->vm_start)) -+ if (end - len >= addr && check_heap_stack_gap(vma, addr, len)) ++ if (end - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) return addr; } - if (((flags & MAP_32BIT) || test_thread_flag(TIF_ADDR32)) -@@ -172,7 +175,7 @@ full_search: - } - return -ENOMEM; - } -- if (!vma || addr + len <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr, len)) { - /* - * Remember the place where we stopped the search: - */ -@@ -195,7 +198,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - { - struct vm_area_struct *vma; - struct mm_struct *mm = current->mm; -- unsigned long addr = addr0, start_addr; -+ unsigned long base = mm->mmap_base, addr = addr0, start_addr; - /* requested length too big for entire address space */ - if (len > TASK_SIZE) -@@ -208,13 +211,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -161,6 +165,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (!test_thread_flag(TIF_ADDR32) && (flags & MAP_32BIT)) goto bottomup; @@ -19834,64 +22670,8 @@ index b4d3c39..82bb73b 100644 /* requesting a specific address */ if (addr) { addr = PAGE_ALIGN(addr); -- vma = find_vma(mm, addr); -- if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -- return addr; -+ if (TASK_SIZE - len >= addr) { -+ vma = find_vma(mm, addr); -+ if (check_heap_stack_gap(vma, addr, len)) -+ return addr; -+ } - } - - /* check if free_area_cache is useful for us */ -@@ -240,7 +248,7 @@ try_again: - * return with success: - */ - vma = find_vma(mm, addr); -- if (!vma || addr+len <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr, len)) - /* remember the address as a hint for next time */ - return mm->free_area_cache = addr; - -@@ -249,8 +257,8 @@ try_again: - mm->cached_hole_size = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = vma->vm_start-len; -- } while (len < vma->vm_start); -+ addr = skip_heap_stack_gap(vma, len); -+ } while (!IS_ERR_VALUE(addr)); - - fail: - /* -@@ -270,13 +278,21 @@ bottomup: - * can happen with large stack limits and large mmap() - * allocations. - */ -+ mm->mmap_base = TASK_UNMAPPED_BASE; -+ -+#ifdef CONFIG_PAX_RANDMMAP -+ if (mm->pax_flags & MF_PAX_RANDMMAP) -+ mm->mmap_base += mm->delta_mmap; -+#endif -+ -+ mm->free_area_cache = mm->mmap_base; - mm->cached_hole_size = ~0UL; -- mm->free_area_cache = TASK_UNMAPPED_BASE; - addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags); - /* - * Restore the topdown base: - */ -- mm->free_area_cache = mm->mmap_base; -+ mm->mmap_base = base; -+ mm->free_area_cache = base; - mm->cached_hole_size = ~0UL; - - return addr; diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c -index f84fe00..93fe08f 100644 +index f84fe00..f41d9f1 100644 --- a/arch/x86/kernel/tboot.c +++ b/arch/x86/kernel/tboot.c @@ -220,7 +220,7 @@ static int tboot_setup_sleep(void) @@ -19921,7 +22701,7 @@ index f84fe00..93fe08f 100644 static int tboot_wait_for_aps(int num_aps) { -@@ -324,9 +324,9 @@ static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb, +@@ -324,16 +324,16 @@ static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb, { switch (action) { case CPU_DYING: @@ -19933,6 +22713,14 @@ index f84fe00..93fe08f 100644 return NOTIFY_BAD; break; } + return NOTIFY_OK; + } + +-static struct notifier_block tboot_cpu_notifier __cpuinitdata = ++static struct notifier_block tboot_cpu_notifier = + { + .notifier_call = tboot_cpu_callback, + }; @@ -345,7 +345,7 @@ static __init int tboot_late_init(void) tboot_create_trampoline(); @@ -20002,13 +22790,13 @@ index 9d9d2f9..cad418a 100644 else info = infobuf; diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index b481341..5918bbe 100644 +index ecffca1..95c4d13 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c -@@ -70,12 +70,6 @@ asmlinkage int system_call(void); +@@ -68,12 +68,6 @@ + #include <asm/setup.h> - /* Do we ignore FPU interrupts ? */ - char ignore_fpu_irq; + asmlinkage int system_call(void); - -/* - * The IDT has to be page-aligned to simplify the Pentium @@ -20018,32 +22806,56 @@ index b481341..5918bbe 100644 #endif DECLARE_BITMAP(used_vectors, NR_VECTORS); -@@ -108,13 +102,13 @@ static inline void preempt_conditional_cli(struct pt_regs *regs) +@@ -106,11 +100,11 @@ static inline void preempt_conditional_cli(struct pt_regs *regs) } - static void __kprobes --do_trap(int trapnr, int signr, char *str, struct pt_regs *regs, -+do_trap(int trapnr, int signr, const char *str, struct pt_regs *regs, - long error_code, siginfo_t *info) + static int __kprobes +-do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str, ++do_trap_no_signal(struct task_struct *tsk, int trapnr, const char *str, + struct pt_regs *regs, long error_code) { - struct task_struct *tsk = current; - #ifdef CONFIG_X86_32 - if (regs->flags & X86_VM_MASK) { + if (v8086_mode(regs)) { /* - * traps 0, 1, 3, 4, and 5 should be forwarded to vm86. + * Traps 0, 1, 3, 4, and 5 should be forwarded to vm86. * On nmi (interrupt 2), do_trap should not be called. -@@ -125,7 +119,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs, +@@ -123,12 +117,24 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str, + return -1; } #endif +- if (!user_mode(regs)) { ++ if (!user_mode_novm(regs)) { + if (!fixup_exception(regs)) { + tsk->thread.error_code = error_code; + tsk->thread.trap_nr = trapnr; ++ ++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) ++ if (trapnr == 12 && ((regs->cs & 0xFFFF) == __KERNEL_CS || (regs->cs & 0xFFFF) == __KERNEXEC_KERNEL_CS)) ++ str = "PAX: suspicious stack segment fault"; ++#endif ++ + die(str, regs, error_code); + } ++ ++#ifdef CONFIG_PAX_REFCOUNT ++ if (trapnr == 4) ++ pax_report_refcount_overflow(regs); ++#endif ++ + return 0; + } -- if (!user_mode(regs)) -+ if (!user_mode_novm(regs)) - goto kernel_trap; +@@ -136,7 +142,7 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str, + } - #ifdef CONFIG_X86_32 -@@ -147,7 +141,7 @@ trap_signal: + static void __kprobes +-do_trap(int trapnr, int signr, char *str, struct pt_regs *regs, ++do_trap(int trapnr, int signr, const char *str, struct pt_regs *regs, + long error_code, siginfo_t *info) + { + struct task_struct *tsk = current; +@@ -160,7 +166,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs, if (show_unhandled_signals && unhandled_signal(tsk, signr) && printk_ratelimit()) { pr_info("%s[%d] trap %s ip:%lx sp:%lx error:%lx", @@ -20052,40 +22864,40 @@ index b481341..5918bbe 100644 regs->ip, regs->sp, error_code); print_vma_addr(" in ", regs->ip); pr_cont("\n"); -@@ -164,8 +158,20 @@ kernel_trap: - if (!fixup_exception(regs)) { - tsk->thread.error_code = error_code; - tsk->thread.trap_nr = trapnr; -+ -+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) -+ if (trapnr == 12 && ((regs->cs & 0xFFFF) == __KERNEL_CS || (regs->cs & 0xFFFF) == __KERNEXEC_KERNEL_CS)) -+ str = "PAX: suspicious stack segment fault"; -+#endif -+ - die(str, regs, error_code); - } -+ -+#ifdef CONFIG_PAX_REFCOUNT -+ if (trapnr == 4) -+ pax_report_refcount_overflow(regs); -+#endif -+ - return; - - #ifdef CONFIG_X86_32 -@@ -258,14 +264,30 @@ do_general_protection(struct pt_regs *regs, long error_code) +@@ -266,7 +272,7 @@ do_general_protection(struct pt_regs *regs, long error_code) conditional_sti(regs); #ifdef CONFIG_X86_32 -- if (regs->flags & X86_VM_MASK) -+ if (v8086_mode(regs)) - goto gp_in_vm86; +- if (regs->flags & X86_VM_MASK) { ++ if (v8086_mode(regs)) { + local_irq_enable(); + handle_vm86_fault((struct kernel_vm86_regs *) regs, error_code); + goto exit; +@@ -274,18 +280,42 @@ do_general_protection(struct pt_regs *regs, long error_code) #endif tsk = current; -- if (!user_mode(regs)) -+ if (!user_mode_novm(regs)) - goto gp_in_kernel; +- if (!user_mode(regs)) { ++ if (!user_mode_novm(regs)) { + if (fixup_exception(regs)) + goto exit; + + tsk->thread.error_code = error_code; + tsk->thread.trap_nr = X86_TRAP_GP; + if (notify_die(DIE_GPF, "general protection fault", regs, error_code, +- X86_TRAP_GP, SIGSEGV) != NOTIFY_STOP) ++ X86_TRAP_GP, SIGSEGV) != NOTIFY_STOP) { ++ ++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) ++ if ((regs->cs & 0xFFFF) == __KERNEL_CS || (regs->cs & 0xFFFF) == __KERNEXEC_KERNEL_CS) ++ die("PAX: suspicious general protection fault", regs, error_code); ++ else ++#endif ++ + die("general protection fault", regs, error_code); ++ } + goto exit; + } +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_PAGEEXEC) + if (!(__supported_pte_mask & _PAGE_NX) && tsk->mm && (tsk->mm->pax_flags & MF_PAX_PAGEEXEC)) { @@ -20106,21 +22918,7 @@ index b481341..5918bbe 100644 tsk->thread.error_code = error_code; tsk->thread.trap_nr = X86_TRAP_GP; -@@ -297,6 +319,13 @@ gp_in_kernel: - if (notify_die(DIE_GPF, "general protection fault", regs, error_code, - X86_TRAP_GP, SIGSEGV) == NOTIFY_STOP) - return; -+ -+#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) -+ if ((regs->cs & 0xFFFF) == __KERNEL_CS || (regs->cs & 0xFFFF) == __KERNEXEC_KERNEL_CS) -+ die("PAX: suspicious general protection fault", regs, error_code); -+ else -+#endif -+ - die("general protection fault", regs, error_code); - } - -@@ -432,7 +461,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -440,7 +470,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) /* It's safe to allow irq's after DR6 has been saved */ preempt_conditional_sti(regs); @@ -20129,7 +22927,7 @@ index b481341..5918bbe 100644 handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code, X86_TRAP_DB); preempt_conditional_cli(regs); -@@ -447,7 +476,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -455,7 +485,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) * We already checked v86 mode above, so we can check for kernel mode * by just checking the CPL of CS. */ @@ -20138,7 +22936,7 @@ index b481341..5918bbe 100644 tsk->thread.debugreg6 &= ~DR_STEP; set_tsk_thread_flag(tsk, TIF_SINGLESTEP); regs->flags &= ~X86_EFLAGS_TF; -@@ -478,7 +507,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) +@@ -487,7 +517,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) return; conditional_sti(regs); @@ -20148,10 +22946,10 @@ index b481341..5918bbe 100644 if (!fixup_exception(regs)) { task->thread.error_code = error_code; diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c -index 36fd420..7e5892d 100644 +index c71025b..b117501 100644 --- a/arch/x86/kernel/uprobes.c +++ b/arch/x86/kernel/uprobes.c -@@ -607,7 +607,7 @@ int arch_uprobe_exception_notify(struct notifier_block *self, unsigned long val, +@@ -629,7 +629,7 @@ int arch_uprobe_exception_notify(struct notifier_block *self, unsigned long val, int ret = NOTIFY_DONE; /* We are only interested in userspace traps */ @@ -20173,7 +22971,7 @@ index b9242ba..50c5edd 100644 * verify_cpu, returns the status of longmode and SSE in register %eax. * 0: Success 1: Failure diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c -index 54abcc0..eb6c848 100644 +index 1dfe69c..a3df6f6 100644 --- a/arch/x86/kernel/vm86_32.c +++ b/arch/x86/kernel/vm86_32.c @@ -43,6 +43,7 @@ @@ -20505,23 +23303,8 @@ index 22a1530..8fbaaad 100644 "kernel image bigger than KERNEL_IMAGE_SIZE"); #ifdef CONFIG_SMP -diff --git a/arch/x86/kernel/vsmp_64.c b/arch/x86/kernel/vsmp_64.c -index 992f890..fc38904 100644 ---- a/arch/x86/kernel/vsmp_64.c -+++ b/arch/x86/kernel/vsmp_64.c -@@ -217,8 +217,8 @@ static void fill_vector_allocation_domain(int cpu, struct cpumask *retmask, - static void vsmp_apic_post_init(void) - { - /* need to update phys_pkg_id */ -- apic->phys_pkg_id = apicid_phys_pkg_id; -- apic->vector_allocation_domain = fill_vector_allocation_domain; -+ *(void **)&apic->phys_pkg_id = apicid_phys_pkg_id; -+ *(void **)&apic->vector_allocation_domain = fill_vector_allocation_domain; - } - - void __init vsmp_init(void) diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c -index 8d141b3..40a0fe4 100644 +index 9a907a6..f83f921 100644 --- a/arch/x86/kernel/vsyscall_64.c +++ b/arch/x86/kernel/vsyscall_64.c @@ -56,15 +56,13 @@ @@ -20541,7 +23324,7 @@ index 8d141b3..40a0fe4 100644 else if (!strcmp("none", str)) vsyscall_mode = NONE; else -@@ -306,8 +304,7 @@ done: +@@ -323,8 +321,7 @@ do_ret: return true; sigsegv: @@ -20551,7 +23334,7 @@ index 8d141b3..40a0fe4 100644 } /* -@@ -360,10 +357,7 @@ void __init map_vsyscall(void) +@@ -377,10 +374,7 @@ void __init map_vsyscall(void) extern char __vvar_page; unsigned long physaddr_vvar_page = __pa_symbol(&__vvar_page); @@ -20564,10 +23347,10 @@ index 8d141b3..40a0fe4 100644 (unsigned long)VSYSCALL_START); diff --git a/arch/x86/kernel/x8664_ksyms_64.c b/arch/x86/kernel/x8664_ksyms_64.c -index 6020f6f..bedd6e3 100644 +index 1330dd1..d220b99 100644 --- a/arch/x86/kernel/x8664_ksyms_64.c +++ b/arch/x86/kernel/x8664_ksyms_64.c -@@ -30,8 +30,6 @@ EXPORT_SYMBOL(copy_user_generic_string); +@@ -34,8 +34,6 @@ EXPORT_SYMBOL(copy_user_generic_string); EXPORT_SYMBOL(copy_user_generic_unrolled); EXPORT_SYMBOL(copy_user_enhanced_fast_string); EXPORT_SYMBOL(__copy_user_nocache); @@ -20576,40 +23359,67 @@ index 6020f6f..bedd6e3 100644 EXPORT_SYMBOL(copy_page); EXPORT_SYMBOL(clear_page); +diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c +index 7a3d075..6cb373d 100644 +--- a/arch/x86/kernel/x86_init.c ++++ b/arch/x86/kernel/x86_init.c +@@ -88,7 +88,7 @@ struct x86_init_ops x86_init __initdata = { + }, + }; + +-struct x86_cpuinit_ops x86_cpuinit __cpuinitdata = { ++struct x86_cpuinit_ops x86_cpuinit __cpuinitconst = { + .early_percpu_clock_init = x86_init_noop, + .setup_percpu_clockev = setup_secondary_APIC_clock, + }; +@@ -96,7 +96,7 @@ struct x86_cpuinit_ops x86_cpuinit __cpuinitdata = { + static void default_nmi_init(void) { }; + static int default_i8042_detect(void) { return 1; }; + +-struct x86_platform_ops x86_platform = { ++struct x86_platform_ops x86_platform __read_only = { + .calibrate_tsc = native_calibrate_tsc, + .get_wallclock = mach_get_cmos_time, + .set_wallclock = mach_set_rtc_mmss, +@@ -110,14 +110,14 @@ struct x86_platform_ops x86_platform = { + }; + + EXPORT_SYMBOL_GPL(x86_platform); +-struct x86_msi_ops x86_msi = { ++struct x86_msi_ops x86_msi __read_only = { + .setup_msi_irqs = native_setup_msi_irqs, + .teardown_msi_irq = native_teardown_msi_irq, + .teardown_msi_irqs = default_teardown_msi_irqs, + .restore_msi_irqs = default_restore_msi_irqs, + }; + +-struct x86_io_apic_ops x86_io_apic_ops = { ++struct x86_io_apic_ops x86_io_apic_ops __read_only = { + .init = native_io_apic_init_mappings, + .read = native_io_apic_read, + .write = native_io_apic_write, diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c -index 3d3e207..316a7e0 100644 +index ada87a3..afea76d 100644 --- a/arch/x86/kernel/xsave.c +++ b/arch/x86/kernel/xsave.c -@@ -132,7 +132,7 @@ int check_for_xstate(struct i387_fxsave_struct __user *buf, - fx_sw_user->xstate_size > fx_sw_user->extended_size) - return -EINVAL; - -- err = __get_user(magic2, (__u32 *) (((void *)fpstate) + -+ err = __get_user(magic2, (__u32 __user *) (((void __user *)fpstate) + - fx_sw_user->extended_size - - FP_XSTATE_MAGIC2_SIZE)); - if (err) -@@ -268,7 +268,7 @@ fx_only: - * the other extended state. - */ - xrstor_state(init_xstate_buf, pcntxt_mask & ~XSTATE_FPSSE); -- return fxrstor_checking((__force struct i387_fxsave_struct *)buf); -+ return fxrstor_checking((struct i387_fxsave_struct __user *)buf); - } +@@ -199,6 +199,7 @@ static inline int save_user_xstate(struct xsave_struct __user *buf) + { + int err; - /* -@@ -297,8 +297,7 @@ int restore_i387_xstate(void __user *buf) ++ buf = (struct xsave_struct __user *)____m(buf); if (use_xsave()) - err = restore_user_xstate(buf); - else -- err = fxrstor_checking((__force struct i387_fxsave_struct *) -- buf); -+ err = fxrstor_checking((struct i387_fxsave_struct __user *)buf); - if (unlikely(err)) { - /* - * Encountered an error while doing the restore from the + err = xsave_user(buf); + else if (use_fxsr()) +@@ -311,6 +312,7 @@ sanitize_restored_xstate(struct task_struct *tsk, + */ + static inline int restore_user_xstate(void __user *buf, u64 xbv, int fx_only) + { ++ buf = (void __user *)____m(buf); + if (use_xsave()) { + if ((unsigned long)buf % 64 || fx_only) { + u64 init_bv = pcntxt_mask & ~XSTATE_FPSSE; diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c -index 0595f13..b544fa3 100644 +index a20ecb5..d0e2194 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -124,15 +124,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu, @@ -20660,10 +23470,10 @@ index 0595f13..b544fa3 100644 out: diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index a3b57a2..e8f3324 100644 +index a27e763..54bfe43 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c -@@ -256,6 +256,7 @@ struct gprefix { +@@ -292,6 +292,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) #define ____emulate_2op(ctxt, _op, _x, _y, _suffix, _dsttype) \ do { \ @@ -20671,7 +23481,7 @@ index a3b57a2..e8f3324 100644 __asm__ __volatile__ ( \ _PRE_EFLAGS("0", "4", "2") \ _op _suffix " %"_x"3,%1; " \ -@@ -270,8 +271,6 @@ struct gprefix { +@@ -306,8 +307,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) /* Raw emulation: instruction has two explicit operands. */ #define __emulate_2op_nobyte(ctxt,_op,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ @@ -20680,7 +23490,7 @@ index a3b57a2..e8f3324 100644 switch ((ctxt)->dst.bytes) { \ case 2: \ ____emulate_2op(ctxt,_op,_wx,_wy,"w",u16); \ -@@ -287,7 +286,6 @@ struct gprefix { +@@ -323,7 +322,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) #define __emulate_2op(ctxt,_op,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ @@ -20688,21 +23498,11 @@ index a3b57a2..e8f3324 100644 switch ((ctxt)->dst.bytes) { \ case 1: \ ____emulate_2op(ctxt,_op,_bx,_by,"b",u8); \ -@@ -390,8 +388,7 @@ struct gprefix { - _ASM_EXTABLE(1b, 3b) \ - : "=m" ((ctxt)->eflags), "=&r" (_tmp), \ - "+a" (*rax), "+d" (*rdx), "+qm"(_ex) \ -- : "i" (EFLAGS_MASK), "m" ((ctxt)->src.val), \ -- "a" (*rax), "d" (*rdx)); \ -+ : "i" (EFLAGS_MASK), "m" ((ctxt)->src.val)); \ - } while (0) - - /* instruction has only one source operand, destination is implicit (e.g. mul, div, imul, idiv) */ diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index ce87878..ab48aa3 100644 +index 9392f52..0e56d77 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c -@@ -54,7 +54,7 @@ +@@ -55,7 +55,7 @@ #define APIC_BUS_CYCLE_NS 1 /* #define apic_debug(fmt,arg...) printk(KERN_WARNING fmt,##arg) */ @@ -20712,10 +23512,10 @@ index ce87878..ab48aa3 100644 #define APIC_LVT_NUM 6 /* 14 is the version for Xeon and Pentium 8.4.8*/ diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h -index bb7cf01..0348a05 100644 +index 891eb6d..e027900 100644 --- a/arch/x86/kvm/paging_tmpl.h +++ b/arch/x86/kvm/paging_tmpl.h -@@ -196,7 +196,7 @@ retry_walk: +@@ -208,7 +208,7 @@ retry_walk: if (unlikely(kvm_is_error_hva(host_addr))) goto error; @@ -20723,12 +23523,12 @@ index bb7cf01..0348a05 100644 + ptep_user = (pt_element_t __force_user *)((void *)host_addr + offset); if (unlikely(__copy_from_user(&pte, ptep_user, sizeof(pte)))) goto error; - + walker->ptep_user[walker->level - 1] = ptep_user; diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index baead95..90feeb4 100644 +index d29d3cd..ec9d522 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -3516,7 +3516,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) +@@ -3507,7 +3507,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); @@ -20740,7 +23540,7 @@ index baead95..90feeb4 100644 load_TR_desc(); } -@@ -3894,6 +3898,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) +@@ -3881,6 +3885,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) #endif #endif @@ -20752,10 +23552,10 @@ index baead95..90feeb4 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index ff66a3b..48ad872 100644 +index 9120ae1..238abc0 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c -@@ -1331,7 +1331,11 @@ static void reload_tss(void) +@@ -1370,7 +1370,11 @@ static void reload_tss(void) struct desc_struct *descs; descs = (void *)gdt->address; @@ -20767,7 +23567,7 @@ index ff66a3b..48ad872 100644 load_TR_desc(); } -@@ -1541,6 +1545,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) +@@ -1594,6 +1598,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */ vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */ @@ -20778,7 +23578,7 @@ index ff66a3b..48ad872 100644 rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp); vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */ vmx->loaded_vmcs->cpu = cpu; -@@ -2674,8 +2682,11 @@ static __init int hardware_setup(void) +@@ -2738,8 +2746,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -20792,9 +23592,9 @@ index ff66a3b..48ad872 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3745,7 +3756,10 @@ static void vmx_set_constant_host_state(void) +@@ -3782,7 +3793,10 @@ static void vmx_set_constant_host_state(void) - vmcs_writel(HOST_CR0, read_cr0() | X86_CR0_TS); /* 22.2.3 */ + vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */ vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ + +#ifndef CONFIG_PAX_PER_CPU_PGD @@ -20803,29 +23603,29 @@ index ff66a3b..48ad872 100644 vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */ #ifdef CONFIG_X86_64 -@@ -3767,7 +3781,7 @@ static void vmx_set_constant_host_state(void) +@@ -3803,7 +3817,7 @@ static void vmx_set_constant_host_state(void) + native_store_idt(&dt); vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ - asm("mov $.Lkvm_vmx_return, %0" : "=r"(tmpl)); -- vmcs_writel(HOST_RIP, tmpl); /* 22.2.5 */ -+ vmcs_writel(HOST_RIP, ktla_ktva(tmpl)); /* 22.2.5 */ +- vmcs_writel(HOST_RIP, vmx_return); /* 22.2.5 */ ++ vmcs_writel(HOST_RIP, ktla_ktva(vmx_return)); /* 22.2.5 */ rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -6321,6 +6335,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) - "jmp .Lkvm_vmx_return \n\t" - ".Llaunched: " __ex(ASM_VMX_VMRESUME) "\n\t" - ".Lkvm_vmx_return: " +@@ -6355,6 +6369,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) + "jmp 2f \n\t" + "1: " __ex(ASM_VMX_VMRESUME) "\n\t" + "2: " + +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) -+ "ljmp %[cs],$.Lkvm_vmx_return2\n\t" -+ ".Lkvm_vmx_return2: " ++ "ljmp %[cs],$3f\n\t" ++ "3: " +#endif + /* Save guest registers, load host registers, keep flags */ - "mov %0, %c[wordsize](%%"R"sp) \n\t" + "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t" "pop %0 \n\t" -@@ -6369,6 +6389,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6407,6 +6427,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -20835,18 +23635,18 @@ index ff66a3b..48ad872 100644 +#endif + : "cc", "memory" - , R"ax", R"bx", R"di", R"si" #ifdef CONFIG_X86_64 -@@ -6376,7 +6401,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) - #endif - ); + , "rax", "rbx", "rdi", "rsi" +@@ -6420,7 +6445,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) + if (debugctlmsr) + update_debugctlmsr(debugctlmsr); -#ifndef CONFIG_X86_64 +#ifdef CONFIG_X86_32 /* * The sysexit path does not restore ds/es, so we must set them to * a reasonable value ourselves. -@@ -6385,8 +6410,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6429,8 +6454,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) * may be executed in interrupt context, which saves and restore segments * around it, nullifying its effect. */ @@ -20868,10 +23668,10 @@ index ff66a3b..48ad872 100644 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index a201790..9ac0c3c 100644 +index c243b81..9eb193f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -1379,8 +1379,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) +@@ -1692,8 +1692,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); @@ -20882,7 +23682,7 @@ index a201790..9ac0c3c 100644 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; -@@ -2243,6 +2243,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2571,6 +2571,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; @@ -20891,18 +23691,18 @@ index a201790..9ac0c3c 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -2368,7 +2370,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, +@@ -2700,7 +2702,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu, struct kvm_interrupt *irq) { -- if (irq->irq < 0 || irq->irq >= 256) -+ if (irq->irq >= 256) +- if (irq->irq < 0 || irq->irq >= KVM_NR_INTERRUPTS) ++ if (irq->irq >= KVM_NR_INTERRUPTS) return -EINVAL; if (irqchip_in_kernel(vcpu->kvm)) return -ENXIO; -@@ -4889,7 +4891,7 @@ static void kvm_set_mmio_spte_mask(void) - kvm_mmu_set_mmio_spte_mask(mask); - } +@@ -5213,7 +5215,7 @@ static struct notifier_block pvclock_gtod_notifier = { + }; + #endif -int kvm_arch_init(void *opaque) +int kvm_arch_init(const void *opaque) @@ -20910,28 +23710,9 @@ index a201790..9ac0c3c 100644 int r; struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque; diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c -index 642d880..cc9ebac 100644 +index df4176c..23ce092 100644 --- a/arch/x86/lguest/boot.c +++ b/arch/x86/lguest/boot.c -@@ -1116,12 +1116,12 @@ static u32 lguest_apic_safe_wait_icr_idle(void) - - static void set_lguest_basic_apic_ops(void) - { -- apic->read = lguest_apic_read; -- apic->write = lguest_apic_write; -- apic->icr_read = lguest_apic_icr_read; -- apic->icr_write = lguest_apic_icr_write; -- apic->wait_icr_idle = lguest_apic_wait_icr_idle; -- apic->safe_wait_icr_idle = lguest_apic_safe_wait_icr_idle; -+ *(void **)&apic->read = lguest_apic_read; -+ *(void **)&apic->write = lguest_apic_write; -+ *(void **)&apic->icr_read = lguest_apic_icr_read; -+ *(void **)&apic->icr_write = lguest_apic_icr_write; -+ *(void **)&apic->wait_icr_idle = lguest_apic_wait_icr_idle; -+ *(void **)&apic->safe_wait_icr_idle = lguest_apic_safe_wait_icr_idle; - }; - #endif - @@ -1200,9 +1200,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count) * Rebooting also tells the Host we're finished, but the RESTART flag tells the * Launcher to reboot us. @@ -21732,106 +24513,106 @@ index 1e572c5..2a162cd 100644 CFI_ENDPROC diff --git a/arch/x86/lib/copy_page_64.S b/arch/x86/lib/copy_page_64.S -index 6b34d04..dccb07f 100644 +index 176cca6..1166c50 100644 --- a/arch/x86/lib/copy_page_64.S +++ b/arch/x86/lib/copy_page_64.S -@@ -9,6 +9,7 @@ copy_page_c: +@@ -9,6 +9,7 @@ copy_page_rep: CFI_STARTPROC - movl $4096/8,%ecx - rep movsq + movl $4096/8, %ecx + rep movsq + pax_force_retaddr ret CFI_ENDPROC - ENDPROC(copy_page_c) -@@ -20,12 +21,14 @@ ENDPROC(copy_page_c) + ENDPROC(copy_page_rep) +@@ -20,12 +21,14 @@ ENDPROC(copy_page_rep) ENTRY(copy_page) CFI_STARTPROC -- subq $2*8,%rsp +- subq $2*8, %rsp - CFI_ADJUST_CFA_OFFSET 2*8 -+ subq $3*8,%rsp ++ subq $3*8, %rsp + CFI_ADJUST_CFA_OFFSET 3*8 - movq %rbx,(%rsp) + movq %rbx, (%rsp) CFI_REL_OFFSET rbx, 0 - movq %r12,1*8(%rsp) + movq %r12, 1*8(%rsp) CFI_REL_OFFSET r12, 1*8 -+ movq %r13,2*8(%rsp) ++ movq %r13, 2*8(%rsp) + CFI_REL_OFFSET r13, 2*8 - movl $(4096/64)-5,%ecx + movl $(4096/64)-5, %ecx .p2align 4 -@@ -37,7 +40,7 @@ ENTRY(copy_page) - movq 16 (%rsi), %rdx - movq 24 (%rsi), %r8 - movq 32 (%rsi), %r9 -- movq 40 (%rsi), %r10 -+ movq 40 (%rsi), %r13 - movq 48 (%rsi), %r11 - movq 56 (%rsi), %r12 - -@@ -48,7 +51,7 @@ ENTRY(copy_page) - movq %rdx, 16 (%rdi) - movq %r8, 24 (%rdi) - movq %r9, 32 (%rdi) -- movq %r10, 40 (%rdi) -+ movq %r13, 40 (%rdi) - movq %r11, 48 (%rdi) - movq %r12, 56 (%rdi) - -@@ -67,7 +70,7 @@ ENTRY(copy_page) - movq 16 (%rsi), %rdx - movq 24 (%rsi), %r8 - movq 32 (%rsi), %r9 -- movq 40 (%rsi), %r10 -+ movq 40 (%rsi), %r13 - movq 48 (%rsi), %r11 - movq 56 (%rsi), %r12 - -@@ -76,7 +79,7 @@ ENTRY(copy_page) - movq %rdx, 16 (%rdi) - movq %r8, 24 (%rdi) - movq %r9, 32 (%rdi) -- movq %r10, 40 (%rdi) -+ movq %r13, 40 (%rdi) - movq %r11, 48 (%rdi) - movq %r12, 56 (%rdi) - -@@ -89,8 +92,11 @@ ENTRY(copy_page) +@@ -36,7 +39,7 @@ ENTRY(copy_page) + movq 0x8*2(%rsi), %rdx + movq 0x8*3(%rsi), %r8 + movq 0x8*4(%rsi), %r9 +- movq 0x8*5(%rsi), %r10 ++ movq 0x8*5(%rsi), %r13 + movq 0x8*6(%rsi), %r11 + movq 0x8*7(%rsi), %r12 + +@@ -47,7 +50,7 @@ ENTRY(copy_page) + movq %rdx, 0x8*2(%rdi) + movq %r8, 0x8*3(%rdi) + movq %r9, 0x8*4(%rdi) +- movq %r10, 0x8*5(%rdi) ++ movq %r13, 0x8*5(%rdi) + movq %r11, 0x8*6(%rdi) + movq %r12, 0x8*7(%rdi) + +@@ -66,7 +69,7 @@ ENTRY(copy_page) + movq 0x8*2(%rsi), %rdx + movq 0x8*3(%rsi), %r8 + movq 0x8*4(%rsi), %r9 +- movq 0x8*5(%rsi), %r10 ++ movq 0x8*5(%rsi), %r13 + movq 0x8*6(%rsi), %r11 + movq 0x8*7(%rsi), %r12 + +@@ -75,7 +78,7 @@ ENTRY(copy_page) + movq %rdx, 0x8*2(%rdi) + movq %r8, 0x8*3(%rdi) + movq %r9, 0x8*4(%rdi) +- movq %r10, 0x8*5(%rdi) ++ movq %r13, 0x8*5(%rdi) + movq %r11, 0x8*6(%rdi) + movq %r12, 0x8*7(%rdi) + +@@ -87,8 +90,11 @@ ENTRY(copy_page) CFI_RESTORE rbx - movq 1*8(%rsp),%r12 + movq 1*8(%rsp), %r12 CFI_RESTORE r12 -- addq $2*8,%rsp +- addq $2*8, %rsp - CFI_ADJUST_CFA_OFFSET -2*8 -+ movq 2*8(%rsp),%r13 ++ movq 2*8(%rsp), %r13 + CFI_RESTORE r13 -+ addq $3*8,%rsp ++ addq $3*8, %rsp + CFI_ADJUST_CFA_OFFSET -3*8 + pax_force_retaddr ret .Lcopy_page_end: CFI_ENDPROC -@@ -101,7 +107,7 @@ ENDPROC(copy_page) +@@ -99,7 +105,7 @@ ENDPROC(copy_page) #include <asm/cpufeature.h> - .section .altinstr_replacement,"ax" + .section .altinstr_replacement,"a" 1: .byte 0xeb /* jmp <disp8> */ - .byte (copy_page_c - copy_page) - (2f - 1b) /* offset */ + .byte (copy_page_rep - copy_page) - (2f - 1b) /* offset */ 2: diff --git a/arch/x86/lib/copy_user_64.S b/arch/x86/lib/copy_user_64.S -index 5b2995f..78e7644 100644 +index a30ca15..d25fab6 100644 --- a/arch/x86/lib/copy_user_64.S +++ b/arch/x86/lib/copy_user_64.S -@@ -17,6 +17,7 @@ - #include <asm/cpufeature.h> +@@ -18,6 +18,7 @@ #include <asm/alternative-asm.h> #include <asm/asm.h> + #include <asm/smap.h> +#include <asm/pgtable.h> /* * By placing feature2 after feature1 in altinstructions section, we logically -@@ -30,7 +31,7 @@ +@@ -31,7 +32,7 @@ .byte 0xe9 /* 32bit jump */ .long \orig-1f /* by default jump to orig */ 1: @@ -21840,7 +24621,7 @@ index 5b2995f..78e7644 100644 2: .byte 0xe9 /* near jump with 32bit immediate */ .long \alt1-1b /* offset */ /* or alternatively to alt1 */ 3: .byte 0xe9 /* near jump with 32bit immediate */ -@@ -69,47 +70,20 @@ +@@ -70,47 +71,20 @@ #endif .endm @@ -21891,7 +24672,7 @@ index 5b2995f..78e7644 100644 ret CFI_ENDPROC ENDPROC(bad_from_user) -@@ -139,19 +113,19 @@ ENTRY(copy_user_generic_unrolled) +@@ -141,19 +115,19 @@ ENTRY(copy_user_generic_unrolled) jz 17f 1: movq (%rsi),%r8 2: movq 1*8(%rsi),%r9 @@ -21915,32 +24696,32 @@ index 5b2995f..78e7644 100644 16: movq %r11,7*8(%rdi) leaq 64(%rsi),%rsi leaq 64(%rdi),%rdi -@@ -177,6 +151,7 @@ ENTRY(copy_user_generic_unrolled) - decl %ecx +@@ -180,6 +154,7 @@ ENTRY(copy_user_generic_unrolled) jnz 21b 23: xor %eax,%eax + ASM_CLAC + pax_force_retaddr ret .section .fixup,"ax" -@@ -246,6 +221,7 @@ ENTRY(copy_user_generic_string) - 3: rep +@@ -251,6 +226,7 @@ ENTRY(copy_user_generic_string) movsb 4: xorl %eax,%eax + ASM_CLAC + pax_force_retaddr ret .section .fixup,"ax" -@@ -279,6 +255,7 @@ ENTRY(copy_user_enhanced_fast_string) - 1: rep +@@ -286,6 +262,7 @@ ENTRY(copy_user_enhanced_fast_string) movsb 2: xorl %eax,%eax + ASM_CLAC + pax_force_retaddr ret .section .fixup,"ax" diff --git a/arch/x86/lib/copy_user_nocache_64.S b/arch/x86/lib/copy_user_nocache_64.S -index cacddc7..09d49e4 100644 +index 6a4f43c..f5f9e26 100644 --- a/arch/x86/lib/copy_user_nocache_64.S +++ b/arch/x86/lib/copy_user_nocache_64.S @@ -8,6 +8,7 @@ @@ -21951,15 +24732,15 @@ index cacddc7..09d49e4 100644 #define FIX_ALIGNMENT 1 -@@ -15,6 +16,7 @@ - #include <asm/asm-offsets.h> +@@ -16,6 +17,7 @@ #include <asm/thread_info.h> #include <asm/asm.h> + #include <asm/smap.h> +#include <asm/pgtable.h> .macro ALIGN_DESTINATION #ifdef FIX_ALIGNMENT -@@ -48,6 +50,15 @@ +@@ -49,6 +51,15 @@ */ ENTRY(__copy_user_nocache) CFI_STARTPROC @@ -21972,10 +24753,10 @@ index cacddc7..09d49e4 100644 +1: +#endif + + ASM_STAC cmpl $8,%edx jb 20f /* less then 8 bytes, go to byte copy loop */ - ALIGN_DESTINATION -@@ -57,19 +68,19 @@ ENTRY(__copy_user_nocache) +@@ -59,19 +70,19 @@ ENTRY(__copy_user_nocache) jz 17f 1: movq (%rsi),%r8 2: movq 1*8(%rsi),%r9 @@ -21999,9 +24780,9 @@ index cacddc7..09d49e4 100644 16: movnti %r11,7*8(%rdi) leaq 64(%rsi),%rsi leaq 64(%rdi),%rdi -@@ -96,6 +107,7 @@ ENTRY(__copy_user_nocache) - jnz 21b +@@ -99,6 +110,7 @@ ENTRY(__copy_user_nocache) 23: xorl %eax,%eax + ASM_CLAC sfence + pax_force_retaddr ret @@ -22050,13 +24831,13 @@ index 25b7ae8..169fafc 100644 } EXPORT_SYMBOL(csum_partial_copy_to_user); diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S -index b33b1fb..219f389 100644 +index 156b9c8..b144132 100644 --- a/arch/x86/lib/getuser.S +++ b/arch/x86/lib/getuser.S -@@ -33,15 +33,38 @@ - #include <asm/asm-offsets.h> +@@ -34,17 +34,40 @@ #include <asm/thread_info.h> #include <asm/asm.h> + #include <asm/smap.h> +#include <asm/segment.h> +#include <asm/pgtable.h> +#include <asm/alternative-asm.h> @@ -22075,6 +24856,7 @@ index b33b1fb..219f389 100644 GET_THREAD_INFO(%_ASM_DX) cmp TI_addr_limit(%_ASM_DX),%_ASM_AX jae bad_get_user + ASM_STAC -1: movzb (%_ASM_AX),%edx + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -22089,11 +24871,12 @@ index b33b1fb..219f389 100644 + +1: __copyuser_seg movzb (%_ASM_AX),%edx xor %eax,%eax + ASM_CLAC + pax_force_retaddr ret CFI_ENDPROC ENDPROC(__get_user_1) -@@ -49,12 +72,26 @@ ENDPROC(__get_user_1) +@@ -52,14 +75,28 @@ ENDPROC(__get_user_1) ENTRY(__get_user_2) CFI_STARTPROC add $1,%_ASM_AX @@ -22103,6 +24886,7 @@ index b33b1fb..219f389 100644 GET_THREAD_INFO(%_ASM_DX) cmp TI_addr_limit(%_ASM_DX),%_ASM_AX jae bad_get_user + ASM_STAC -2: movzwl -1(%_ASM_AX),%edx + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -22117,11 +24901,12 @@ index b33b1fb..219f389 100644 + +2: __copyuser_seg movzwl -1(%_ASM_AX),%edx xor %eax,%eax + ASM_CLAC + pax_force_retaddr ret CFI_ENDPROC ENDPROC(__get_user_2) -@@ -62,12 +99,26 @@ ENDPROC(__get_user_2) +@@ -67,14 +104,28 @@ ENDPROC(__get_user_2) ENTRY(__get_user_4) CFI_STARTPROC add $3,%_ASM_AX @@ -22131,6 +24916,7 @@ index b33b1fb..219f389 100644 GET_THREAD_INFO(%_ASM_DX) cmp TI_addr_limit(%_ASM_DX),%_ASM_AX jae bad_get_user + ASM_STAC -3: mov -3(%_ASM_AX),%edx + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -22145,11 +24931,12 @@ index b33b1fb..219f389 100644 + +3: __copyuser_seg mov -3(%_ASM_AX),%edx xor %eax,%eax + ASM_CLAC + pax_force_retaddr ret CFI_ENDPROC ENDPROC(__get_user_4) -@@ -80,8 +131,18 @@ ENTRY(__get_user_8) +@@ -87,10 +138,20 @@ ENTRY(__get_user_8) GET_THREAD_INFO(%_ASM_DX) cmp TI_addr_limit(%_ASM_DX),%_ASM_AX jae bad_get_user @@ -22162,37 +24949,38 @@ index b33b1fb..219f389 100644 +1234: +#endif + + ASM_STAC 4: movq -7(%_ASM_AX),%_ASM_DX xor %eax,%eax + ASM_CLAC + pax_force_retaddr ret CFI_ENDPROC ENDPROC(__get_user_8) -@@ -91,6 +152,7 @@ bad_get_user: - CFI_STARTPROC +@@ -101,6 +162,7 @@ bad_get_user: xor %edx,%edx mov $(-EFAULT),%_ASM_AX + ASM_CLAC + pax_force_retaddr ret CFI_ENDPROC END(bad_get_user) diff --git a/arch/x86/lib/insn.c b/arch/x86/lib/insn.c -index b1e6c4b..21ae8fc 100644 +index 54fcffe..7be149e 100644 --- a/arch/x86/lib/insn.c +++ b/arch/x86/lib/insn.c -@@ -21,6 +21,11 @@ +@@ -20,8 +20,10 @@ + + #ifdef __KERNEL__ #include <linux/string.h> - #include <asm/inat.h> - #include <asm/insn.h> -+#ifdef __KERNEL__ +#include <asm/pgtable_types.h> -+#else + #else + #include <string.h> +#define ktla_ktva(addr) addr -+#endif - - /* Verify next sizeof(t) bytes can be on the same instruction */ - #define validate_next(t, insn, n) \ -@@ -49,8 +54,8 @@ + #endif + #include <asm/inat.h> + #include <asm/insn.h> +@@ -53,8 +55,8 @@ void insn_init(struct insn *insn, const void *kaddr, int x86_64) { memset(insn, 0, sizeof(*insn)); @@ -22851,13 +25639,13 @@ index f6d13ee..aca5f0b 100644 3: CFI_RESTORE_STATE diff --git a/arch/x86/lib/putuser.S b/arch/x86/lib/putuser.S -index 7f951c8..ebd573a 100644 +index fc6ba17..04471c5 100644 --- a/arch/x86/lib/putuser.S +++ b/arch/x86/lib/putuser.S -@@ -15,7 +15,9 @@ - #include <asm/thread_info.h> +@@ -16,7 +16,9 @@ #include <asm/errno.h> #include <asm/asm.h> + #include <asm/smap.h> - +#include <asm/segment.h> +#include <asm/pgtable.h> @@ -22865,15 +25653,18 @@ index 7f951c8..ebd573a 100644 /* * __put_user_X -@@ -29,52 +31,119 @@ +@@ -30,57 +32,125 @@ * as they get called from within inline assembly. */ -#define ENTER CFI_STARTPROC ; \ - GET_THREAD_INFO(%_ASM_BX) --#define EXIT ret ; \ +-#define EXIT ASM_CLAC ; \ +- ret ; \ +#define ENTER CFI_STARTPROC -+#define EXIT pax_force_retaddr; ret ; \ ++#define EXIT ASM_CLAC ; \ ++ pax_force_retaddr ; \ ++ ret ; \ CFI_ENDPROC +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -22896,6 +25687,7 @@ index 7f951c8..ebd573a 100644 + GET_THREAD_INFO(%_ASM_BX) cmp TI_addr_limit(%_ASM_BX),%_ASM_CX jae bad_put_user + ASM_STAC -1: movb %al,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -22922,6 +25714,7 @@ index 7f951c8..ebd573a 100644 sub $1,%_ASM_BX cmp %_ASM_BX,%_ASM_CX jae bad_put_user + ASM_STAC -2: movw %ax,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -22948,6 +25741,7 @@ index 7f951c8..ebd573a 100644 sub $3,%_ASM_BX cmp %_ASM_BX,%_ASM_CX jae bad_put_user + ASM_STAC -3: movl %eax,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -22974,6 +25768,7 @@ index 7f951c8..ebd573a 100644 sub $7,%_ASM_BX cmp %_ASM_BX,%_ASM_CX jae bad_put_user + ASM_STAC -4: mov %_ASM_AX,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -23125,23 +25920,24 @@ index a63efd6..ccecad8 100644 ret CFI_ENDPROC diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c -index 1781b2f..90368dd 100644 +index f0312d7..9c39d63 100644 --- a/arch/x86/lib/usercopy_32.c +++ b/arch/x86/lib/usercopy_32.c -@@ -42,10 +42,12 @@ do { \ +@@ -42,11 +42,13 @@ do { \ int __d0; \ might_fault(); \ __asm__ __volatile__( \ + __COPYUSER_SET_ES \ + ASM_STAC "\n" \ "0: rep; stosl\n" \ " movl %2,%0\n" \ "1: rep; stosb\n" \ - "2:\n" \ + "2: " ASM_CLAC "\n" \ + __COPYUSER_RESTORE_ES \ ".section .fixup,\"ax\"\n" \ "3: lea 0(%2,%0,4),%0\n" \ " jmp 2b\n" \ -@@ -97,7 +99,7 @@ EXPORT_SYMBOL(__clear_user); +@@ -98,7 +100,7 @@ EXPORT_SYMBOL(__clear_user); #ifdef CONFIG_X86_INTEL_USERCOPY static unsigned long @@ -23150,7 +25946,7 @@ index 1781b2f..90368dd 100644 { int d0, d1; __asm__ __volatile__( -@@ -109,36 +111,36 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) +@@ -110,36 +112,36 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) " .align 2,0x90\n" "3: movl 0(%4), %%eax\n" "4: movl 4(%4), %%edx\n" @@ -23203,7 +25999,7 @@ index 1781b2f..90368dd 100644 " addl $-64, %0\n" " addl $64, %4\n" " addl $64, %3\n" -@@ -148,10 +150,12 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) +@@ -149,10 +151,12 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -23216,7 +26012,7 @@ index 1781b2f..90368dd 100644 ".section .fixup,\"ax\"\n" "101: lea 0(%%eax,%0,4),%0\n" " jmp 100b\n" -@@ -201,46 +205,150 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) +@@ -202,46 +206,150 @@ __copy_user_intel(void __user *to, const void *from, unsigned long size) } static unsigned long @@ -23385,7 +26181,7 @@ index 1781b2f..90368dd 100644 " movl %%eax, 56(%3)\n" " movl %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -252,9 +360,9 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) +@@ -253,9 +361,9 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -23397,7 +26193,7 @@ index 1781b2f..90368dd 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -297,48 +405,48 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) +@@ -298,48 +406,48 @@ __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size) * hyoshiok@miraclelinux.com */ @@ -23465,7 +26261,7 @@ index 1781b2f..90368dd 100644 " movnti %%eax, 56(%3)\n" " movnti %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -351,9 +459,9 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, +@@ -352,9 +460,9 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -23477,7 +26273,7 @@ index 1781b2f..90368dd 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -391,48 +499,48 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, +@@ -392,48 +500,48 @@ static unsigned long __copy_user_zeroing_intel_nocache(void *to, return size; } @@ -23545,7 +26341,7 @@ index 1781b2f..90368dd 100644 " movnti %%eax, 56(%3)\n" " movnti %%edx, 60(%3)\n" " addl $-64, %0\n" -@@ -445,9 +553,9 @@ static unsigned long __copy_user_intel_nocache(void *to, +@@ -446,9 +554,9 @@ static unsigned long __copy_user_intel_nocache(void *to, " shrl $2, %0\n" " andl $3, %%eax\n" " cld\n" @@ -23557,7 +26353,7 @@ index 1781b2f..90368dd 100644 "8:\n" ".section .fixup,\"ax\"\n" "9: lea 0(%%eax,%0,4),%0\n" -@@ -487,32 +595,36 @@ static unsigned long __copy_user_intel_nocache(void *to, +@@ -488,32 +596,36 @@ static unsigned long __copy_user_intel_nocache(void *to, */ unsigned long __copy_user_zeroing_intel(void *to, const void __user *from, unsigned long size); @@ -23599,7 +26395,7 @@ index 1781b2f..90368dd 100644 ".section .fixup,\"ax\"\n" \ "5: addl %3,%0\n" \ " jmp 2b\n" \ -@@ -537,14 +649,14 @@ do { \ +@@ -538,14 +650,14 @@ do { \ " negl %0\n" \ " andl $7,%0\n" \ " subl %0,%3\n" \ @@ -23617,21 +26413,21 @@ index 1781b2f..90368dd 100644 "2:\n" \ ".section .fixup,\"ax\"\n" \ "5: addl %3,%0\n" \ -@@ -627,9 +739,9 @@ survive: - } - #endif +@@ -572,9 +684,9 @@ unsigned long __copy_to_user_ll(void __user *to, const void *from, + { + stac(); if (movsl_is_ok(to, from, n)) - __copy_user(to, from, n); + __copy_user(to, from, n, "", __COPYUSER_SET_ES, __COPYUSER_RESTORE_ES); else - n = __copy_user_intel(to, from, n); + n = __generic_copy_to_user_intel(to, from, n); + clac(); return n; } - EXPORT_SYMBOL(__copy_to_user_ll); -@@ -649,10 +761,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from, - unsigned long n) +@@ -598,10 +710,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from, { + stac(); if (movsl_is_ok(to, from, n)) - __copy_user(to, from, n); + __copy_user(to, from, n, __copyuser_seg, "", ""); @@ -23639,10 +26435,10 @@ index 1781b2f..90368dd 100644 - n = __copy_user_intel((void __user *)to, - (const void *)from, n); + n = __generic_copy_from_user_intel(to, from, n); + clac(); return n; } - EXPORT_SYMBOL(__copy_from_user_ll_nozero); -@@ -679,65 +790,50 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr +@@ -632,66 +743,51 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr if (n > 64 && cpu_has_xmm2) n = __copy_user_intel_nocache(to, from, n); else @@ -23652,6 +26448,7 @@ index 1781b2f..90368dd 100644 - __copy_user(to, from, n); + __copy_user(to, from, n, __copyuser_seg, "", ""); #endif + clac(); return n; } EXPORT_SYMBOL(__copy_from_user_ll_nocache_nozero); @@ -23671,16 +26468,13 @@ index 1781b2f..90368dd 100644 - */ -unsigned long -copy_to_user(void __user *to, const void *from, unsigned long n) -+void copy_from_user_overflow(void) - { +-{ - if (access_ok(VERIFY_WRITE, to, n)) - n = __copy_to_user(to, from, n); - return n; -+ WARN(1, "Buffer overflow detected!\n"); - } +-} -EXPORT_SYMBOL(copy_to_user); -+EXPORT_SYMBOL(copy_from_user_overflow); - +- -/** - * copy_from_user: - Copy a block of data from user space. - * @to: Destination address, in kernel space. @@ -23699,23 +26493,30 @@ index 1781b2f..90368dd 100644 - */ -unsigned long -_copy_from_user(void *to, const void __user *from, unsigned long n) -+void copy_to_user_overflow(void) - { +-{ - if (access_ok(VERIFY_READ, from, n)) - n = __copy_from_user(to, from, n); - else - memset(to, 0, n); - return n; -+ WARN(1, "Buffer overflow detected!\n"); - } +-} -EXPORT_SYMBOL(_copy_from_user); +- + void copy_from_user_overflow(void) + { + WARN(1, "Buffer overflow detected!\n"); + } + EXPORT_SYMBOL(copy_from_user_overflow); ++ ++void copy_to_user_overflow(void) ++{ ++ WARN(1, "Buffer overflow detected!\n"); ++} +EXPORT_SYMBOL(copy_to_user_overflow); - --void copy_from_user_overflow(void) ++ +#ifdef CONFIG_PAX_MEMORY_UDEREF +void __set_fs(mm_segment_t x) - { -- WARN(1, "Buffer overflow detected!\n"); ++{ + switch (x.seg) { + case 0: + loadsegment(gs, 0); @@ -23730,8 +26531,7 @@ index 1781b2f..90368dd 100644 + BUG(); + } + return; - } --EXPORT_SYMBOL(copy_from_user_overflow); ++} +EXPORT_SYMBOL(__set_fs); + +void set_fs(mm_segment_t x) @@ -23742,19 +26542,19 @@ index 1781b2f..90368dd 100644 +EXPORT_SYMBOL(set_fs); +#endif diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c -index e5b130b..7d33980 100644 +index 05928aa..b33dea1 100644 --- a/arch/x86/lib/usercopy_64.c +++ b/arch/x86/lib/usercopy_64.c -@@ -38,7 +38,7 @@ unsigned long __clear_user(void __user *addr, unsigned long size) +@@ -39,7 +39,7 @@ unsigned long __clear_user(void __user *addr, unsigned long size) _ASM_EXTABLE(0b,3b) _ASM_EXTABLE(1b,2b) : [size8] "=&c"(size), [dst] "=&D" (__d0) - : [size1] "r"(size & 7), "[size8]" (size / 8), "[dst]"(addr), + : [size1] "r"(size & 7), "[size8]" (size / 8), "[dst]"(____m(addr)), [zero] "r" (0UL), [eight] "r" (8UL)); + clac(); return size; - } -@@ -52,12 +52,11 @@ unsigned long clear_user(void __user *to, unsigned long n) +@@ -54,12 +54,11 @@ unsigned long clear_user(void __user *to, unsigned long n) } EXPORT_SYMBOL(clear_user); @@ -23771,7 +26571,7 @@ index e5b130b..7d33980 100644 } EXPORT_SYMBOL(copy_in_user); -@@ -67,7 +66,7 @@ EXPORT_SYMBOL(copy_in_user); +@@ -69,7 +68,7 @@ EXPORT_SYMBOL(copy_in_user); * it is not necessary to optimize tail handling. */ unsigned long @@ -23780,8 +26580,8 @@ index e5b130b..7d33980 100644 { char c; unsigned zero_len; -@@ -84,3 +83,15 @@ copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest) - break; +@@ -87,3 +86,15 @@ copy_user_handle_tail(char *to, char *from, unsigned len, unsigned zerorest) + clac(); return len; } + @@ -23851,10 +26651,10 @@ index 903ec1e..c4166b2 100644 } diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index c6b10e2..808360d 100644 +index fb674fd..272f369 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c -@@ -13,11 +13,18 @@ +@@ -13,12 +13,19 @@ #include <linux/perf_event.h> /* perf_sw_event */ #include <linux/hugetlb.h> /* hstate_index_to_shift */ #include <linux/prefetch.h> /* prefetchw */ @@ -23865,6 +26665,7 @@ index c6b10e2..808360d 100644 #include <asm/pgalloc.h> /* pgd_*(), ... */ #include <asm/kmemcheck.h> /* kmemcheck_*(), ... */ #include <asm/fixmap.h> /* VSYSCALL_START */ + #include <asm/context_tracking.h> /* exception_enter(), ... */ +#include <asm/tlbflush.h> + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -23873,7 +26674,7 @@ index c6b10e2..808360d 100644 /* * Page fault error code bits: -@@ -55,7 +62,7 @@ static inline int __kprobes notify_page_fault(struct pt_regs *regs) +@@ -56,7 +63,7 @@ static inline int __kprobes notify_page_fault(struct pt_regs *regs) int ret = 0; /* kprobe_running() needs smp_processor_id() */ @@ -23882,7 +26683,7 @@ index c6b10e2..808360d 100644 preempt_disable(); if (kprobe_running() && kprobe_fault_handler(regs, 14)) ret = 1; -@@ -116,7 +123,10 @@ check_prefetch_opcode(struct pt_regs *regs, unsigned char *instr, +@@ -117,7 +124,10 @@ check_prefetch_opcode(struct pt_regs *regs, unsigned char *instr, return !instr_lo || (instr_lo>>1) == 1; case 0x00: /* Prefetch instruction is 0x0F0D or 0x0F18 */ @@ -23894,7 +26695,7 @@ index c6b10e2..808360d 100644 return 0; *prefetch = (instr_lo == 0xF) && -@@ -150,7 +160,10 @@ is_prefetch(struct pt_regs *regs, unsigned long error_code, unsigned long addr) +@@ -151,7 +161,10 @@ is_prefetch(struct pt_regs *regs, unsigned long error_code, unsigned long addr) while (instr < max_instr) { unsigned char opcode; @@ -23906,7 +26707,7 @@ index c6b10e2..808360d 100644 break; instr++; -@@ -181,6 +194,34 @@ force_sig_info_fault(int si_signo, int si_code, unsigned long address, +@@ -182,6 +195,34 @@ force_sig_info_fault(int si_signo, int si_code, unsigned long address, force_sig_info(si_signo, &info, tsk); } @@ -23941,7 +26742,7 @@ index c6b10e2..808360d 100644 DEFINE_SPINLOCK(pgd_lock); LIST_HEAD(pgd_list); -@@ -231,10 +272,22 @@ void vmalloc_sync_all(void) +@@ -232,10 +273,22 @@ void vmalloc_sync_all(void) for (address = VMALLOC_START & PMD_MASK; address >= TASK_SIZE && address < FIXADDR_TOP; address += PMD_SIZE) { @@ -23964,7 +26765,7 @@ index c6b10e2..808360d 100644 spinlock_t *pgt_lock; pmd_t *ret; -@@ -242,8 +295,13 @@ void vmalloc_sync_all(void) +@@ -243,8 +296,13 @@ void vmalloc_sync_all(void) pgt_lock = &pgd_page_get_mm(page)->page_table_lock; spin_lock(pgt_lock); @@ -23979,7 +26780,7 @@ index c6b10e2..808360d 100644 if (!ret) break; -@@ -277,6 +335,11 @@ static noinline __kprobes int vmalloc_fault(unsigned long address) +@@ -278,6 +336,11 @@ static noinline __kprobes int vmalloc_fault(unsigned long address) * an interrupt in the middle of a task switch.. */ pgd_paddr = read_cr3(); @@ -23991,7 +26792,7 @@ index c6b10e2..808360d 100644 pmd_k = vmalloc_sync_one(__va(pgd_paddr), address); if (!pmd_k) return -1; -@@ -372,7 +435,14 @@ static noinline __kprobes int vmalloc_fault(unsigned long address) +@@ -373,7 +436,14 @@ static noinline __kprobes int vmalloc_fault(unsigned long address) * happen within a race in page table update. In the later * case just flush: */ @@ -24006,7 +26807,7 @@ index c6b10e2..808360d 100644 pgd_ref = pgd_offset_k(address); if (pgd_none(*pgd_ref)) return -1; -@@ -540,7 +610,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address) +@@ -541,7 +611,7 @@ static int is_errata93(struct pt_regs *regs, unsigned long address) static int is_errata100(struct pt_regs *regs, unsigned long address) { #ifdef CONFIG_X86_64 @@ -24015,7 +26816,7 @@ index c6b10e2..808360d 100644 return 1; #endif return 0; -@@ -567,7 +637,7 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address) +@@ -568,7 +638,7 @@ static int is_f00f_bug(struct pt_regs *regs, unsigned long address) } static const char nx_warning[] = KERN_CRIT @@ -24024,7 +26825,7 @@ index c6b10e2..808360d 100644 static void show_fault_oops(struct pt_regs *regs, unsigned long error_code, -@@ -576,15 +646,26 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, +@@ -577,15 +647,27 @@ show_fault_oops(struct pt_regs *regs, unsigned long error_code, if (!oops_may_print()) return; @@ -24043,20 +26844,22 @@ index c6b10e2..808360d 100644 + if (init_mm.start_code <= address && address < init_mm.end_code) { + if (current->signal->curr_ip) + printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", -+ ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid()); ++ ¤t->signal->curr_ip, current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid())); + else -+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", -+ current->comm, task_pid_nr(current), current_uid(), current_euid()); ++ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid())); + } +#endif + printk(KERN_ALERT "BUG: unable to handle kernel "); if (address < PAGE_SIZE) printk(KERN_CONT "NULL pointer dereference"); -@@ -751,6 +832,21 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, - if (address >= TASK_SIZE) - error_code |= PF_PROT; - +@@ -748,6 +830,22 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, + return; + } + #endif ++ +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) + if (pax_is_fetch_fault(regs, error_code, address)) { + @@ -24072,10 +26875,10 @@ index c6b10e2..808360d 100644 + } +#endif + - if (likely(show_unhandled_signals)) - show_signal_msg(regs, error_code, address, tsk); - -@@ -846,7 +942,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, + /* Kernel addresses are always protection faults: */ + if (address >= TASK_SIZE) + error_code |= PF_PROT; +@@ -833,7 +931,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) { printk(KERN_ERR "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n", @@ -24084,7 +26887,7 @@ index c6b10e2..808360d 100644 code = BUS_MCEERR_AR; } #endif -@@ -902,6 +998,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) +@@ -896,6 +994,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) return 1; } @@ -24184,7 +26987,7 @@ index c6b10e2..808360d 100644 /* * Handle a spurious fault caused by a stale TLB entry. * -@@ -974,6 +1163,9 @@ int show_unhandled_signals = 1; +@@ -968,6 +1159,9 @@ int show_unhandled_signals = 1; static inline int access_error(unsigned long error_code, struct vm_area_struct *vma) { @@ -24194,7 +26997,16 @@ index c6b10e2..808360d 100644 if (error_code & PF_WRITE) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -1007,19 +1199,34 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -996,7 +1190,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) + if (error_code & PF_USER) + return false; + +- if (!user_mode_vm(regs) && (regs->flags & X86_EFLAGS_AC)) ++ if (!user_mode(regs) && (regs->flags & X86_EFLAGS_AC)) + return false; + + return true; +@@ -1012,18 +1206,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) { struct vm_area_struct *vma; struct task_struct *tsk; @@ -24205,7 +27017,11 @@ index c6b10e2..808360d 100644 unsigned int flags = FAULT_FLAG_ALLOW_RETRY | FAULT_FLAG_KILLABLE | (write ? FAULT_FLAG_WRITE : 0); -+ /* Get the faulting address: */ +- tsk = current; +- mm = tsk->mm; +- + /* Get the faulting address: */ +- address = read_cr2(); + unsigned long address = read_cr2(); + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -24224,16 +27040,12 @@ index c6b10e2..808360d 100644 + } +#endif + - tsk = current; - mm = tsk->mm; ++ tsk = current; ++ mm = tsk->mm; -- /* Get the faulting address: */ -- address = read_cr2(); -- /* * Detect and handle instructions that would cause a page fault for - * both a tracked kernel page and a userspace page. -@@ -1079,7 +1286,7 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1084,7 +1293,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) * User-mode registers count as a user access even for any * potential system fault or CPU buglet: */ @@ -24242,7 +27054,7 @@ index c6b10e2..808360d 100644 local_irq_enable(); error_code |= PF_USER; } else { -@@ -1134,6 +1341,11 @@ retry: +@@ -1146,6 +1355,11 @@ retry: might_sleep(); } @@ -24254,7 +27066,7 @@ index c6b10e2..808360d 100644 vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1145,18 +1357,24 @@ retry: +@@ -1157,18 +1371,24 @@ retry: bad_area(regs, error_code, address); return; } @@ -24290,9 +27102,9 @@ index c6b10e2..808360d 100644 if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1211,3 +1429,292 @@ good_area: - - up_read(&mm->mmap_sem); +@@ -1232,3 +1452,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) + __do_page_fault(regs, error_code); + exception_exit(regs); } + +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) @@ -24613,174 +27425,41 @@ index 6f31ee5..8ee4164 100644 return (void *)vaddr; diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c -index b91e485..d00e7c9 100644 +index ae1aa71..56316db 100644 --- a/arch/x86/mm/hugetlbpage.c +++ b/arch/x86/mm/hugetlbpage.c -@@ -277,13 +277,20 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, - struct hstate *h = hstate_file(file); - struct mm_struct *mm = current->mm; - struct vm_area_struct *vma; -- unsigned long start_addr; -+ unsigned long start_addr, pax_task_size = TASK_SIZE; -+ -+#ifdef CONFIG_PAX_SEGMEXEC -+ if (mm->pax_flags & MF_PAX_SEGMEXEC) -+ pax_task_size = SEGMEXEC_TASK_SIZE; -+#endif -+ -+ pax_task_size -= PAGE_SIZE; - - if (len > mm->cached_hole_size) { -- start_addr = mm->free_area_cache; -+ start_addr = mm->free_area_cache; - } else { -- start_addr = TASK_UNMAPPED_BASE; -- mm->cached_hole_size = 0; -+ start_addr = mm->mmap_base; -+ mm->cached_hole_size = 0; - } - - full_search: -@@ -291,26 +298,27 @@ full_search: - - for (vma = find_vma(mm, addr); ; vma = vma->vm_next) { - /* At this point: (!vma || addr < vma->vm_end). */ -- if (TASK_SIZE - len < addr) { -+ if (pax_task_size - len < addr) { - /* - * Start a new search - just in case we missed - * some holes. - */ -- if (start_addr != TASK_UNMAPPED_BASE) { -- start_addr = TASK_UNMAPPED_BASE; -+ if (start_addr != mm->mmap_base) { -+ start_addr = mm->mmap_base; - mm->cached_hole_size = 0; - goto full_search; - } - return -ENOMEM; - } -- if (!vma || addr + len <= vma->vm_start) { -- mm->free_area_cache = addr + len; -- return addr; -- } -+ if (check_heap_stack_gap(vma, addr, len)) -+ break; - if (addr + mm->cached_hole_size < vma->vm_start) - mm->cached_hole_size = vma->vm_start - addr; - addr = ALIGN(vma->vm_end, huge_page_size(h)); - } +@@ -279,6 +279,12 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, + info.flags = 0; + info.length = len; + info.low_limit = TASK_UNMAPPED_BASE; + -+ mm->free_area_cache = addr + len; -+ return addr; - } - - static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, -@@ -321,9 +329,8 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, - struct mm_struct *mm = current->mm; - struct vm_area_struct *vma; - unsigned long base = mm->mmap_base; -- unsigned long addr = addr0; -+ unsigned long addr; - unsigned long largest_hole = mm->cached_hole_size; -- unsigned long start_addr; - - /* don't allow allocations above current base */ - if (mm->free_area_cache > base) -@@ -333,16 +340,15 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, - largest_hole = 0; - mm->free_area_cache = base; - } --try_again: -- start_addr = mm->free_area_cache; - - /* make sure it can fit in the remaining address space */ - if (mm->free_area_cache < len) - goto fail; - - /* either no address requested or can't fit in requested address hole */ -- addr = (mm->free_area_cache - len) & huge_page_mask(h); -+ addr = mm->free_area_cache - len; - do { -+ addr &= huge_page_mask(h); - /* - * Lookup failure means no vma is above this address, - * i.e. return with success: -@@ -351,10 +357,10 @@ try_again: - if (!vma) - return addr; - -- if (addr + len <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr, len)) { - /* remember the address as a hint for next time */ -- mm->cached_hole_size = largest_hole; -- return (mm->free_area_cache = addr); -+ mm->cached_hole_size = largest_hole; -+ return (mm->free_area_cache = addr); - } else if (mm->free_area_cache == vma->vm_end) { - /* pull free_area_cache down to the first hole */ - mm->free_area_cache = vma->vm_start; -@@ -363,29 +369,34 @@ try_again: - - /* remember the largest hole we saw so far */ - if (addr + largest_hole < vma->vm_start) -- largest_hole = vma->vm_start - addr; -+ largest_hole = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = (vma->vm_start - len) & huge_page_mask(h); -- } while (len <= vma->vm_start); -+ addr = skip_heap_stack_gap(vma, len); -+ } while (!IS_ERR_VALUE(addr)); - - fail: - /* -- * if hint left us with no space for the requested -- * mapping then try again: -- */ -- if (start_addr != base) { -- mm->free_area_cache = base; -- largest_hole = 0; -- goto try_again; -- } -- /* - * A failed mmap() very likely causes application failure, - * so fall back to the bottom-up function here. This scenario - * can happen with large stack limits and large mmap() - * allocations. - */ -- mm->free_area_cache = TASK_UNMAPPED_BASE; -+ -+#ifdef CONFIG_PAX_SEGMEXEC -+ if (mm->pax_flags & MF_PAX_SEGMEXEC) -+ mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE; -+ else ++#ifdef CONFIG_PAX_RANDMMAP ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += current->mm->delta_mmap; +#endif + -+ mm->mmap_base = TASK_UNMAPPED_BASE; + info.high_limit = TASK_SIZE; + info.align_mask = PAGE_MASK & ~huge_page_mask(h); + info.align_offset = 0; +@@ -311,6 +317,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = TASK_UNMAPPED_BASE; + +#ifdef CONFIG_PAX_RANDMMAP -+ if (mm->pax_flags & MF_PAX_RANDMMAP) -+ mm->mmap_base += mm->delta_mmap; ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += current->mm->delta_mmap; +#endif + -+ mm->free_area_cache = mm->mmap_base; - mm->cached_hole_size = ~0UL; - addr = hugetlb_get_unmapped_area_bottomup(file, addr0, - len, pgoff, flags); -@@ -393,6 +404,7 @@ fail: - /* - * Restore the topdown base: - */ -+ mm->mmap_base = base; - mm->free_area_cache = base; - mm->cached_hole_size = ~0UL; - -@@ -406,10 +418,19 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, + info.high_limit = TASK_SIZE; + addr = vm_unmapped_area(&info); + } +@@ -325,10 +337,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, struct hstate *h = hstate_file(file); struct mm_struct *mm = current->mm; struct vm_area_struct *vma; + unsigned long pax_task_size = TASK_SIZE; ++ unsigned long offset = gr_rand_threadstack_offset(mm, file, flags); if (len & ~huge_page_mask(h)) return -EINVAL; @@ -24797,13 +27476,20 @@ index b91e485..d00e7c9 100644 return -ENOMEM; if (flags & MAP_FIXED) { -@@ -421,8 +442,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -337,11 +359,14 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, + return addr; + } + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ if (addr) { addr = ALIGN(addr, huge_page_size(h)); vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vma->vm_start)) -+ if (pax_task_size - len >= addr && check_heap_stack_gap(vma, addr, len)) ++ if (pax_task_size - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) return addr; } if (mm->get_unmapped_area == arch_get_unmapped_area) @@ -24853,7 +27539,7 @@ index d7aea41..0fc945b 100644 +#ifdef CONFIG_GRKERNSEC_KMEM + /* allow BDA */ + if (!pagenr) -+ return 1; + return 1; + /* allow EBDA */ + if (pagenr >= ebda_start && pagenr < ebda_end) + return 1; @@ -24862,7 +27548,7 @@ index d7aea41..0fc945b 100644 + return 1; +#else + if (!pagenr) - return 1; ++ return 1; +#ifdef CONFIG_VM86 + if (pagenr < (ISA_START_ADDRESS >> PAGE_SHIFT)) + return 1; @@ -24998,7 +27684,7 @@ index d7aea41..0fc945b 100644 (unsigned long)(&__init_begin), (unsigned long)(&__init_end)); diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c -index 575d86f..4987469 100644 +index 745d66b..56bf568 100644 --- a/arch/x86/mm/init_32.c +++ b/arch/x86/mm/init_32.c @@ -73,36 +73,6 @@ static __init void *alloc_low_page(void) @@ -25191,7 +27877,7 @@ index 575d86f..4987469 100644 prot = PAGE_KERNEL_EXEC; pages_4k++; -@@ -465,7 +466,7 @@ void __init native_pagetable_setup_start(pgd_t *base) +@@ -465,7 +466,7 @@ void __init native_pagetable_init(void) pud = pud_offset(pgd, va); pmd = pmd_offset(pud, va); @@ -25200,7 +27886,7 @@ index 575d86f..4987469 100644 break; pte = pte_offset_kernel(pmd, va); -@@ -517,12 +518,10 @@ void __init early_ioremap_page_table_range_init(void) +@@ -514,12 +515,10 @@ void __init early_ioremap_page_table_range_init(void) static void __init pagetable_init(void) { @@ -25215,7 +27901,7 @@ index 575d86f..4987469 100644 EXPORT_SYMBOL_GPL(__supported_pte_mask); /* user-defined highmem size */ -@@ -734,6 +733,12 @@ void __init mem_init(void) +@@ -728,6 +727,12 @@ void __init mem_init(void) pci_iommu_alloc(); @@ -25228,7 +27914,7 @@ index 575d86f..4987469 100644 #ifdef CONFIG_FLATMEM BUG_ON(!mem_map); #endif -@@ -760,7 +765,7 @@ void __init mem_init(void) +@@ -754,7 +759,7 @@ void __init mem_init(void) reservedpages++; codesize = (unsigned long) &_etext - (unsigned long) &_text; @@ -25237,7 +27923,7 @@ index 575d86f..4987469 100644 initsize = (unsigned long) &__init_end - (unsigned long) &__init_begin; printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, " -@@ -801,10 +806,10 @@ void __init mem_init(void) +@@ -795,10 +800,10 @@ void __init mem_init(void) ((unsigned long)&__init_end - (unsigned long)&__init_begin) >> 10, @@ -25251,7 +27937,7 @@ index 575d86f..4987469 100644 ((unsigned long)&_etext - (unsigned long)&_text) >> 10); /* -@@ -882,6 +887,7 @@ void set_kernel_text_rw(void) +@@ -876,6 +881,7 @@ void set_kernel_text_rw(void) if (!kernel_set_to_readonly) return; @@ -25259,7 +27945,7 @@ index 575d86f..4987469 100644 pr_debug("Set kernel text: %lx - %lx for read write\n", start, start+size); -@@ -896,6 +902,7 @@ void set_kernel_text_ro(void) +@@ -890,6 +896,7 @@ void set_kernel_text_ro(void) if (!kernel_set_to_readonly) return; @@ -25267,7 +27953,7 @@ index 575d86f..4987469 100644 pr_debug("Set kernel text: %lx - %lx for read only\n", start, start+size); -@@ -924,6 +931,7 @@ void mark_rodata_ro(void) +@@ -918,6 +925,7 @@ void mark_rodata_ro(void) unsigned long start = PFN_ALIGN(_text); unsigned long size = PFN_ALIGN(_etext) - start; @@ -25276,7 +27962,7 @@ index 575d86f..4987469 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index ce42da7..678a54e 100644 +index 75c9a6a..498d677 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -74,7 +74,7 @@ early_param("gbpages", parse_direct_gbpages_on); @@ -25411,7 +28097,7 @@ index ce42da7..678a54e 100644 spin_unlock(&init_mm.page_table_lock); pgd_changed = true; } -@@ -691,6 +705,12 @@ void __init mem_init(void) +@@ -693,6 +707,12 @@ void __init mem_init(void) pci_iommu_alloc(); @@ -25424,7 +28110,7 @@ index ce42da7..678a54e 100644 /* clear_bss() already clear the empty_zero_page */ reservedpages = 0; -@@ -854,8 +874,8 @@ int kern_addr_valid(unsigned long addr) +@@ -856,8 +876,8 @@ int kern_addr_valid(unsigned long addr) static struct vm_area_struct gate_vma = { .vm_start = VSYSCALL_START, .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE), @@ -25435,7 +28121,7 @@ index ce42da7..678a54e 100644 }; struct vm_area_struct *get_gate_vma(struct mm_struct *mm) -@@ -889,7 +909,7 @@ int in_gate_area_no_mm(unsigned long addr) +@@ -891,7 +911,7 @@ int in_gate_area_no_mm(unsigned long addr) const char *arch_vma_name(struct vm_area_struct *vma) { @@ -25461,7 +28147,7 @@ index 7b179b4..6bd1777 100644 return (void *)vaddr; diff --git a/arch/x86/mm/ioremap.c b/arch/x86/mm/ioremap.c -index 78fe3f1..8293b6f 100644 +index 78fe3f1..2f9433c 100644 --- a/arch/x86/mm/ioremap.c +++ b/arch/x86/mm/ioremap.c @@ -97,7 +97,7 @@ static void __iomem *__ioremap_caller(resource_size_t phys_addr, @@ -25473,6 +28159,15 @@ index 78fe3f1..8293b6f 100644 return NULL; WARN_ON_ONCE(is_ram); } +@@ -256,7 +256,7 @@ EXPORT_SYMBOL(ioremap_prot); + * + * Caller must ensure there is only one unmapping for the same pointer. + */ +-void iounmap(volatile void __iomem *addr) ++void iounmap(const volatile void __iomem *addr) + { + struct vm_struct *p, *o; + @@ -315,6 +315,9 @@ void *xlate_dev_mem_ptr(unsigned long phys) /* If page is RAM, we can use __va. Otherwise ioremap and unmap. */ @@ -25604,7 +28299,7 @@ index 845df68..1d8d29f 100644 mm->unmap_area = arch_unmap_area_topdown; } diff --git a/arch/x86/mm/mmio-mod.c b/arch/x86/mm/mmio-mod.c -index dc0b727..dc9d71a 100644 +index dc0b727..f612039 100644 --- a/arch/x86/mm/mmio-mod.c +++ b/arch/x86/mm/mmio-mod.c @@ -194,7 +194,7 @@ static void pre(struct kmmio_probe *p, struct pt_regs *regs, @@ -25634,6 +28329,24 @@ index dc0b727..dc9d71a 100644 }; map.map_id = trace->id; +@@ -290,7 +290,7 @@ void mmiotrace_ioremap(resource_size_t offset, unsigned long size, + ioremap_trace_core(offset, size, addr); + } + +-static void iounmap_trace_core(volatile void __iomem *addr) ++static void iounmap_trace_core(const volatile void __iomem *addr) + { + struct mmiotrace_map map = { + .phys = 0, +@@ -328,7 +328,7 @@ not_enabled: + } + } + +-void mmiotrace_iounmap(volatile void __iomem *addr) ++void mmiotrace_iounmap(const volatile void __iomem *addr) + { + might_sleep(); + if (is_enabled()) /* recheck and proper locking in *_core() */ diff --git a/arch/x86/mm/pageattr-test.c b/arch/x86/mm/pageattr-test.c index b008656..773eac2 100644 --- a/arch/x86/mm/pageattr-test.c @@ -25736,7 +28449,7 @@ index a718e0d..77419bc 100644 static int diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c -index 3d68ef6..7f69136 100644 +index 0eb572e..92f5c1e 100644 --- a/arch/x86/mm/pat.c +++ b/arch/x86/mm/pat.c @@ -376,7 +376,7 @@ int free_memtype(u64 start, u64 end) @@ -25836,7 +28549,7 @@ index 9f0614d..92ae64a 100644 p += get_opcode(p, &opcode); for (i = 0; i < ARRAY_SIZE(imm_wop); i++) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c -index 8573b83..4f3ed7e 100644 +index e27fbf8..8b56dc9 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -84,10 +84,64 @@ static inline void pgd_list_del(pgd_t *pgd) @@ -25851,7 +28564,7 @@ index 8573b83..4f3ed7e 100644 +void __shadow_user_pgds(pgd_t *dst, const pgd_t *src) +{ + unsigned int count = USER_PGD_PTRS; -+ + + while (count--) + *dst++ = __pgd((pgd_val(*src++) | (_PAGE_NX & __supported_pte_mask)) & ~_PAGE_USER); +} @@ -25874,7 +28587,7 @@ index 8573b83..4f3ed7e 100644 +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) + pgd = __pgd(pgd_val(pgd) & clone_pgd_mask); +#endif - ++ + *dst++ = pgd; + } + @@ -25915,7 +28628,7 @@ index 8573b83..4f3ed7e 100644 /* * List of all pgd's needed for non-PAE so it can invalidate entries @@ -140,7 +195,7 @@ static void pgd_dtor(pgd_t *pgd) - * -- wli + * -- nyc */ -#ifdef CONFIG_X86_PAE @@ -26148,7 +28861,7 @@ index 410531d..0f16030 100644 } diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c -index 613cd83..3a21f1c 100644 +index 13a6b29..c2fff23 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -48,7 +48,11 @@ void leave_mm(int cpu) @@ -26277,18 +28990,18 @@ index 877b9a1..a8ecf42 100644 + pax_force_retaddr ret diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index 33643a8..f6211a0 100644 +index d11a470..3f9adff3 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c -@@ -11,6 +11,7 @@ - #include <asm/cacheflush.h> +@@ -12,6 +12,7 @@ #include <linux/netdevice.h> #include <linux/filter.h> + #include <linux/if_vlan.h> +#include <linux/random.h> /* * Conventions : -@@ -48,13 +49,87 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len) +@@ -49,13 +50,87 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len) return ptr + len; } @@ -26376,7 +29089,7 @@ index 33643a8..f6211a0 100644 #define CLEAR_A() EMIT2(0x31, 0xc0) /* xor %eax,%eax */ #define CLEAR_X() EMIT2(0x31, 0xdb) /* xor %ebx,%ebx */ -@@ -89,6 +164,24 @@ do { \ +@@ -90,6 +165,24 @@ do { \ #define X86_JBE 0x76 #define X86_JA 0x77 @@ -26401,7 +29114,7 @@ index 33643a8..f6211a0 100644 #define EMIT_COND_JMP(op, offset) \ do { \ if (is_near(offset)) \ -@@ -96,6 +189,7 @@ do { \ +@@ -97,6 +190,7 @@ do { \ else { \ EMIT2(0x0f, op + 0x10); \ EMIT(offset, 4); /* jxx .+off32 */ \ @@ -26409,7 +29122,7 @@ index 33643a8..f6211a0 100644 } \ } while (0) -@@ -120,12 +214,17 @@ static inline void bpf_flush_icache(void *start, void *end) +@@ -121,12 +215,17 @@ static inline void bpf_flush_icache(void *start, void *end) set_fs(old_fs); } @@ -26428,7 +29141,7 @@ index 33643a8..f6211a0 100644 u8 *prog; unsigned int proglen, oldproglen = 0; int ilen, i; -@@ -138,6 +237,9 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -139,6 +238,9 @@ void bpf_jit_compile(struct sk_filter *fp) unsigned int *addrs; const struct sock_filter *filter = fp->insns; int flen = fp->len; @@ -26438,7 +29151,7 @@ index 33643a8..f6211a0 100644 if (!bpf_jit_enable) return; -@@ -146,11 +248,19 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -147,11 +249,19 @@ void bpf_jit_compile(struct sk_filter *fp) if (addrs == NULL) return; @@ -26460,7 +29173,7 @@ index 33643a8..f6211a0 100644 addrs[i] = proglen; } cleanup_addr = proglen; /* epilogue address */ -@@ -258,10 +368,8 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -261,10 +371,8 @@ void bpf_jit_compile(struct sk_filter *fp) case BPF_S_ALU_MUL_K: /* A *= K */ if (is_imm8(K)) EMIT3(0x6b, 0xc0, K); /* imul imm8,%eax,%eax */ @@ -26473,8 +29186,17 @@ index 33643a8..f6211a0 100644 break; case BPF_S_ALU_DIV_X: /* A /= X; */ seen |= SEEN_XREG; -@@ -281,8 +389,14 @@ void bpf_jit_compile(struct sk_filter *fp) - EMIT4(0x31, 0xd2, 0xf7, 0xf3); /* xor %edx,%edx; div %ebx */ +@@ -304,13 +412,23 @@ void bpf_jit_compile(struct sk_filter *fp) + break; + case BPF_S_ALU_MOD_K: /* A %= K; */ + EMIT2(0x31, 0xd2); /* xor %edx,%edx */ ++#ifdef CONFIG_GRKERNSEC_JIT_HARDEN ++ DILUTE_CONST_SEQUENCE(K, randkey); ++#else + EMIT1(0xb9);EMIT(K, 4); /* mov imm32,%ecx */ ++#endif + EMIT2(0xf7, 0xf1); /* div %ecx */ + EMIT2(0x89, 0xd0); /* mov %edx,%eax */ break; case BPF_S_ALU_DIV_K: /* A = reciprocal_divide(A, K); */ +#ifdef CONFIG_GRKERNSEC_JIT_HARDEN @@ -26488,7 +29210,7 @@ index 33643a8..f6211a0 100644 EMIT4(0x48, 0xc1, 0xe8, 0x20); /* shr $0x20,%rax */ break; case BPF_S_ALU_AND_X: -@@ -509,8 +623,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG; +@@ -564,8 +682,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG; if (is_imm8(K)) { EMIT3(0x8d, 0x73, K); /* lea imm8(%rbx), %esi */ } else { @@ -26498,7 +29220,7 @@ index 33643a8..f6211a0 100644 } } else { EMIT2(0x89,0xde); /* mov %ebx,%esi */ -@@ -593,17 +706,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -648,17 +765,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; break; default: /* hmm, too complex filter, give up with jit compiler */ @@ -26521,7 +29243,7 @@ index 33643a8..f6211a0 100644 } proglen += ilen; addrs[i] = proglen; -@@ -624,11 +738,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -679,11 +797,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; break; } if (proglen == oldproglen) { @@ -26535,7 +29257,7 @@ index 33643a8..f6211a0 100644 } oldproglen = proglen; } -@@ -644,7 +756,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -699,7 +815,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; bpf_flush_icache(image, image + proglen); fp->bpf_func = (void *)image; @@ -26547,7 +29269,7 @@ index 33643a8..f6211a0 100644 out: kfree(addrs); return; -@@ -652,18 +767,20 @@ out: +@@ -707,18 +826,20 @@ out: static void jit_free_defer(struct work_struct *arg) { @@ -26607,8 +29329,144 @@ index d6aa6e8..266395a 100644 unsigned long stack = kernel_stack_pointer(regs); if (depth) dump_trace(NULL, regs, (unsigned long *)stack, 0, +diff --git a/arch/x86/oprofile/nmi_int.c b/arch/x86/oprofile/nmi_int.c +index 48768df..ba9143c 100644 +--- a/arch/x86/oprofile/nmi_int.c ++++ b/arch/x86/oprofile/nmi_int.c +@@ -23,6 +23,7 @@ + #include <asm/nmi.h> + #include <asm/msr.h> + #include <asm/apic.h> ++#include <asm/pgtable.h> + + #include "op_counter.h" + #include "op_x86_model.h" +@@ -774,8 +775,11 @@ int __init op_nmi_init(struct oprofile_operations *ops) + if (ret) + return ret; + +- if (!model->num_virt_counters) +- model->num_virt_counters = model->num_counters; ++ if (!model->num_virt_counters) { ++ pax_open_kernel(); ++ *(unsigned int *)&model->num_virt_counters = model->num_counters; ++ pax_close_kernel(); ++ } + + mux_init(ops); + +diff --git a/arch/x86/oprofile/op_model_amd.c b/arch/x86/oprofile/op_model_amd.c +index b2b9443..be58856 100644 +--- a/arch/x86/oprofile/op_model_amd.c ++++ b/arch/x86/oprofile/op_model_amd.c +@@ -519,9 +519,11 @@ static int op_amd_init(struct oprofile_operations *ops) + num_counters = AMD64_NUM_COUNTERS; + } + +- op_amd_spec.num_counters = num_counters; +- op_amd_spec.num_controls = num_counters; +- op_amd_spec.num_virt_counters = max(num_counters, NUM_VIRT_COUNTERS); ++ pax_open_kernel(); ++ *(unsigned int *)&op_amd_spec.num_counters = num_counters; ++ *(unsigned int *)&op_amd_spec.num_controls = num_counters; ++ *(unsigned int *)&op_amd_spec.num_virt_counters = max(num_counters, NUM_VIRT_COUNTERS); ++ pax_close_kernel(); + + return 0; + } +diff --git a/arch/x86/oprofile/op_model_ppro.c b/arch/x86/oprofile/op_model_ppro.c +index d90528e..0127e2b 100644 +--- a/arch/x86/oprofile/op_model_ppro.c ++++ b/arch/x86/oprofile/op_model_ppro.c +@@ -19,6 +19,7 @@ + #include <asm/msr.h> + #include <asm/apic.h> + #include <asm/nmi.h> ++#include <asm/pgtable.h> + + #include "op_x86_model.h" + #include "op_counter.h" +@@ -221,8 +222,10 @@ static void arch_perfmon_setup_counters(void) + + num_counters = min((int)eax.split.num_counters, OP_MAX_COUNTER); + +- op_arch_perfmon_spec.num_counters = num_counters; +- op_arch_perfmon_spec.num_controls = num_counters; ++ pax_open_kernel(); ++ *(unsigned int *)&op_arch_perfmon_spec.num_counters = num_counters; ++ *(unsigned int *)&op_arch_perfmon_spec.num_controls = num_counters; ++ pax_close_kernel(); + } + + static int arch_perfmon_init(struct oprofile_operations *ignore) +diff --git a/arch/x86/oprofile/op_x86_model.h b/arch/x86/oprofile/op_x86_model.h +index 71e8a67..6a313bb 100644 +--- a/arch/x86/oprofile/op_x86_model.h ++++ b/arch/x86/oprofile/op_x86_model.h +@@ -52,7 +52,7 @@ struct op_x86_model_spec { + void (*switch_ctrl)(struct op_x86_model_spec const *model, + struct op_msrs const * const msrs); + #endif +-}; ++} __do_const; + + struct op_counter_config; + +diff --git a/arch/x86/pci/amd_bus.c b/arch/x86/pci/amd_bus.c +index e9e6ed5..e47ae67 100644 +--- a/arch/x86/pci/amd_bus.c ++++ b/arch/x86/pci/amd_bus.c +@@ -337,7 +337,7 @@ static int __cpuinit amd_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata amd_cpu_notifier = { ++static struct notifier_block amd_cpu_notifier = { + .notifier_call = amd_cpu_notify, + }; + +diff --git a/arch/x86/pci/irq.c b/arch/x86/pci/irq.c +index 372e9b8..e775a6c 100644 +--- a/arch/x86/pci/irq.c ++++ b/arch/x86/pci/irq.c +@@ -50,7 +50,7 @@ struct irq_router { + struct irq_router_handler { + u16 vendor; + int (*probe)(struct irq_router *r, struct pci_dev *router, u16 device); +-}; ++} __do_const; + + int (*pcibios_enable_irq)(struct pci_dev *dev) = pirq_enable_irq; + void (*pcibios_disable_irq)(struct pci_dev *dev) = NULL; +@@ -794,7 +794,7 @@ static __init int pico_router_probe(struct irq_router *r, struct pci_dev *router + return 0; + } + +-static __initdata struct irq_router_handler pirq_routers[] = { ++static __initconst const struct irq_router_handler pirq_routers[] = { + { PCI_VENDOR_ID_INTEL, intel_router_probe }, + { PCI_VENDOR_ID_AL, ali_router_probe }, + { PCI_VENDOR_ID_ITE, ite_router_probe }, +@@ -821,7 +821,7 @@ static struct pci_dev *pirq_router_dev; + static void __init pirq_find_router(struct irq_router *r) + { + struct irq_routing_table *rt = pirq_table; +- struct irq_router_handler *h; ++ const struct irq_router_handler *h; + + #ifdef CONFIG_PCI_BIOS + if (!rt->signature) { +@@ -1094,7 +1094,7 @@ static int __init fix_acer_tm360_irqrouting(const struct dmi_system_id *d) + return 0; + } + +-static struct dmi_system_id __initdata pciirq_dmi_table[] = { ++static const struct dmi_system_id __initconst pciirq_dmi_table[] = { + { + .callback = fix_broken_hp_bios_irq9, + .ident = "HP Pavilion N5400 Series Laptop", diff --git a/arch/x86/pci/mrst.c b/arch/x86/pci/mrst.c -index e14a2ff..3fd6b58 100644 +index 6eb18c4..20d83de 100644 --- a/arch/x86/pci/mrst.c +++ b/arch/x86/pci/mrst.c @@ -238,7 +238,9 @@ int __init pci_mrst_init(void) @@ -26623,10 +29481,10 @@ index e14a2ff..3fd6b58 100644 /* Continue with standard init */ return 1; diff --git a/arch/x86/pci/pcbios.c b/arch/x86/pci/pcbios.c -index da8fe05..7ee6704 100644 +index c77b24a..c979855 100644 --- a/arch/x86/pci/pcbios.c +++ b/arch/x86/pci/pcbios.c -@@ -79,50 +79,93 @@ union bios32 { +@@ -79,7 +79,7 @@ union bios32 { static struct { unsigned long address; unsigned short segment; @@ -26635,13 +29493,7 @@ index da8fe05..7ee6704 100644 /* * Returns the entry point for the given service, NULL on error - */ - --static unsigned long bios32_service(unsigned long service) -+static unsigned long __devinit bios32_service(unsigned long service) - { - unsigned char return_code; /* %al */ - unsigned long address; /* %ebx */ +@@ -92,37 +92,80 @@ static unsigned long bios32_service(unsigned long service) unsigned long length; /* %ecx */ unsigned long entry; /* %edx */ unsigned long flags; @@ -26732,9 +29584,9 @@ index da8fe05..7ee6704 100644 -static int pci_bios_present; +static int pci_bios_present __read_only; - static int __devinit check_pcibios(void) + static int check_pcibios(void) { -@@ -131,11 +174,13 @@ static int __devinit check_pcibios(void) +@@ -131,11 +174,13 @@ static int check_pcibios(void) unsigned long flags, pcibios_entry; if ((pcibios_entry = bios32_service(PCI_SERVICE))) { @@ -26751,7 +29603,7 @@ index da8fe05..7ee6704 100644 "jc 1f\n\t" "xor %%ah, %%ah\n" "1:" -@@ -144,7 +189,8 @@ static int __devinit check_pcibios(void) +@@ -144,7 +189,8 @@ static int check_pcibios(void) "=b" (ebx), "=c" (ecx) : "1" (PCIBIOS_PCI_BIOS_PRESENT), @@ -27169,7 +30021,7 @@ index 4c07cca..2c8427d 100644 ret ENDPROC(efi_call6) diff --git a/arch/x86/platform/mrst/mrst.c b/arch/x86/platform/mrst/mrst.c -index fd41a92..9c33628 100644 +index e31bcd8..f12dc46 100644 --- a/arch/x86/platform/mrst/mrst.c +++ b/arch/x86/platform/mrst/mrst.c @@ -78,13 +78,15 @@ struct sfi_rtc_table_entry sfi_mrtc_array[SFI_MRTC_MAX]; @@ -27190,11 +30042,24 @@ index fd41a92..9c33628 100644 } /* parse all the mtimer info to a static mtimer array */ +diff --git a/arch/x86/platform/olpc/olpc_dt.c b/arch/x86/platform/olpc/olpc_dt.c +index d6ee929..3637cb5 100644 +--- a/arch/x86/platform/olpc/olpc_dt.c ++++ b/arch/x86/platform/olpc/olpc_dt.c +@@ -156,7 +156,7 @@ void * __init prom_early_alloc(unsigned long size) + return res; + } + +-static struct of_pdt_ops prom_olpc_ops __initdata = { ++static struct of_pdt_ops prom_olpc_ops __initconst = { + .nextprop = olpc_dt_nextprop, + .getproplen = olpc_dt_getproplen, + .getproperty = olpc_dt_getproperty, diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c -index 218cdb1..c1178eb 100644 +index 120cee1..b2db75a 100644 --- a/arch/x86/power/cpu.c +++ b/arch/x86/power/cpu.c -@@ -132,7 +132,7 @@ static void do_fpu_end(void) +@@ -133,7 +133,7 @@ static void do_fpu_end(void) static void fix_processor_context(void) { int cpu = smp_processor_id(); @@ -27203,7 +30068,7 @@ index 218cdb1..c1178eb 100644 set_tss_desc(cpu, t); /* * This just modifies memory; should not be -@@ -142,8 +142,6 @@ static void fix_processor_context(void) +@@ -143,8 +143,6 @@ static void fix_processor_context(void) */ #ifdef CONFIG_X86_64 @@ -27317,7 +30182,7 @@ index bb360dc..3e5945f 100644 /* diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c -index 5a1847d..deccb30 100644 +index 79d67bd..c7e1b90 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c @@ -12,10 +12,13 @@ @@ -27526,7 +30391,7 @@ index 5a1847d..deccb30 100644 + read_relocs(fp, use_real_mode); if (show_absolute_syms) { print_absolute_symbols(); - return 0; + goto out; diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile index fd14be1..e3c79c0 100644 --- a/arch/x86/vdso/Makefile @@ -27627,7 +30492,7 @@ index 0faad64..39ef157 100644 return NULL; } diff --git a/arch/x86/vdso/vma.c b/arch/x86/vdso/vma.c -index 00aaf04..4a26505 100644 +index 431e875..cbb23f3 100644 --- a/arch/x86/vdso/vma.c +++ b/arch/x86/vdso/vma.c @@ -16,8 +16,6 @@ @@ -27643,7 +30508,7 @@ index 00aaf04..4a26505 100644 * unaligned here as a result of stack start randomization. */ addr = PAGE_ALIGN(addr); -- addr = align_addr(addr, NULL, ALIGN_VDSO); +- addr = align_vdso_addr(addr); return addr; } @@ -27665,7 +30530,7 @@ index 00aaf04..4a26505 100644 +#endif + addr = vdso_addr(mm->start_stack, size); -+ addr = align_addr(addr, NULL, ALIGN_VDSO); ++ addr = align_vdso_addr(addr); addr = get_unmapped_area(NULL, addr, size, 0, 0); if (IS_ERR_VALUE(addr)) { ret = addr; @@ -27700,10 +30565,10 @@ index 00aaf04..4a26505 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index c1461de..355f120 100644 +index e014092..c76ab69 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c -@@ -98,8 +98,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); +@@ -99,8 +99,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); struct shared_info xen_dummy_shared_info; @@ -27712,42 +30577,36 @@ index c1461de..355f120 100644 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE); __read_mostly int xen_have_vector_callback; EXPORT_SYMBOL_GPL(xen_have_vector_callback); -@@ -917,21 +915,21 @@ static u32 xen_safe_apic_wait_icr_idle(void) - - static void set_xen_basic_apic_ops(void) - { -- apic->read = xen_apic_read; -- apic->write = xen_apic_write; -- apic->icr_read = xen_apic_icr_read; -- apic->icr_write = xen_apic_icr_write; -- apic->wait_icr_idle = xen_apic_wait_icr_idle; -- apic->safe_wait_icr_idle = xen_safe_apic_wait_icr_idle; -- apic->set_apic_id = xen_set_apic_id; -- apic->get_apic_id = xen_get_apic_id; -+ *(void **)&apic->read = xen_apic_read; -+ *(void **)&apic->write = xen_apic_write; -+ *(void **)&apic->icr_read = xen_apic_icr_read; -+ *(void **)&apic->icr_write = xen_apic_icr_write; -+ *(void **)&apic->wait_icr_idle = xen_apic_wait_icr_idle; -+ *(void **)&apic->safe_wait_icr_idle = xen_safe_apic_wait_icr_idle; -+ *(void **)&apic->set_apic_id = xen_set_apic_id; -+ *(void **)&apic->get_apic_id = xen_get_apic_id; +@@ -495,8 +493,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr) + { + unsigned long va = dtr->address; + unsigned int size = dtr->size + 1; +- unsigned pages = (size + PAGE_SIZE - 1) / PAGE_SIZE; +- unsigned long frames[pages]; ++ unsigned long frames[65536 / PAGE_SIZE]; + int f; - #ifdef CONFIG_SMP -- apic->send_IPI_allbutself = xen_send_IPI_allbutself; -- apic->send_IPI_mask_allbutself = xen_send_IPI_mask_allbutself; -- apic->send_IPI_mask = xen_send_IPI_mask; -- apic->send_IPI_all = xen_send_IPI_all; -- apic->send_IPI_self = xen_send_IPI_self; -+ *(void **)&apic->send_IPI_allbutself = xen_send_IPI_allbutself; -+ *(void **)&apic->send_IPI_mask_allbutself = xen_send_IPI_mask_allbutself; -+ *(void **)&apic->send_IPI_mask = xen_send_IPI_mask; -+ *(void **)&apic->send_IPI_all = xen_send_IPI_all; -+ *(void **)&apic->send_IPI_self = xen_send_IPI_self; - #endif + /* +@@ -544,8 +541,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr) + { + unsigned long va = dtr->address; + unsigned int size = dtr->size + 1; +- unsigned pages = (size + PAGE_SIZE - 1) / PAGE_SIZE; +- unsigned long frames[pages]; ++ unsigned long frames[65536 / PAGE_SIZE]; + int f; + + /* +@@ -938,7 +934,7 @@ static u32 xen_safe_apic_wait_icr_idle(void) + return 0; } -@@ -1221,30 +1219,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { +-static void set_xen_basic_apic_ops(void) ++static void __init set_xen_basic_apic_ops(void) + { + apic->read = xen_apic_read; + apic->write = xen_apic_write; +@@ -1244,30 +1240,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { #endif }; @@ -27785,7 +30644,7 @@ index c1461de..355f120 100644 { if (pm_power_off) pm_power_off(); -@@ -1347,7 +1345,17 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1369,7 +1365,17 @@ asmlinkage void __init xen_start_kernel(void) __userpte_alloc_gfp &= ~__GFP_HIGHMEM; /* Work out if we support NX */ @@ -27804,35 +30663,46 @@ index c1461de..355f120 100644 xen_setup_features(); -@@ -1378,13 +1386,6 @@ asmlinkage void __init xen_start_kernel(void) - - machine_ops = xen_machine_ops; +@@ -1398,14 +1404,7 @@ asmlinkage void __init xen_start_kernel(void) + pv_mmu_ops.ptep_modify_prot_commit = xen_ptep_modify_prot_commit; + } +- machine_ops = xen_machine_ops; +- - /* - * The only reliable way to retain the initial address of the - * percpu gdt_page is to remember it here, so we can go and - * mark it RW later, when the initial percpu area is freed. - */ - xen_initial_gdt = &per_cpu(gdt_page, 0); -- ++ memcpy((void *)&machine_ops, &xen_machine_ops, sizeof machine_ops); + xen_smp_init(); - #ifdef CONFIG_ACPI_NUMA +@@ -1590,7 +1589,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block xen_hvm_cpu_notifier __cpuinitdata = { ++static struct notifier_block xen_hvm_cpu_notifier = { + .notifier_call = xen_hvm_cpu_notify, + }; + diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index dde1a3f..6b663e6 100644 +index 01de35c..0bda07b 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c -@@ -1784,6 +1784,9 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, - convert_pfn_mfn(init_level4_pgt); - convert_pfn_mfn(level3_ident_pgt); +@@ -1881,6 +1881,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) + /* L3_k[510] -> level2_kernel_pgt + * L3_i[511] -> level2_fixmap_pgt */ convert_pfn_mfn(level3_kernel_pgt); + convert_pfn_mfn(level3_vmalloc_start_pgt); + convert_pfn_mfn(level3_vmalloc_end_pgt); + convert_pfn_mfn(level3_vmemmap_pgt); + /* We get [511][511] and have Xen's version of level2_kernel_pgt */ l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd); - l2 = m2v(l3[pud_index(__START_KERNEL_map)].pud); -@@ -1802,7 +1805,11 @@ pgd_t * __init xen_setup_kernel_pagetable(pgd_t *pgd, +@@ -1910,8 +1913,12 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) set_page_prot(init_level4_pgt, PAGE_KERNEL_RO); set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO); set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO); @@ -27840,11 +30710,12 @@ index dde1a3f..6b663e6 100644 + set_page_prot(level3_vmalloc_end_pgt, PAGE_KERNEL_RO); + set_page_prot(level3_vmemmap_pgt, PAGE_KERNEL_RO); set_page_prot(level3_user_vsyscall, PAGE_KERNEL_RO); + set_page_prot(level2_ident_pgt, PAGE_KERNEL_RO); + set_page_prot(level2_vmemmap_pgt, PAGE_KERNEL_RO); set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); -@@ -1986,6 +1993,7 @@ static void __init xen_post_allocator_init(void) +@@ -2097,6 +2104,7 @@ static void __init xen_post_allocator_init(void) pv_mmu_ops.set_pud = xen_set_pud; #if PAGETABLE_LEVELS == 4 pv_mmu_ops.set_pgd = xen_set_pgd; @@ -27852,7 +30723,7 @@ index dde1a3f..6b663e6 100644 #endif /* This will work as long as patching hasn't happened yet -@@ -2067,6 +2075,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { +@@ -2178,6 +2186,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { .pud_val = PV_CALLEE_SAVE(xen_pud_val), .make_pud = PV_CALLEE_SAVE(xen_make_pud), .set_pgd = xen_set_pgd_hyper, @@ -27861,7 +30732,7 @@ index dde1a3f..6b663e6 100644 .alloc_pud = xen_alloc_pmd_init, .release_pud = xen_release_pmd_init, diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c -index f58dca7..ad21f52 100644 +index 34bc4ce..c34aa24 100644 --- a/arch/x86/xen/smp.c +++ b/arch/x86/xen/smp.c @@ -229,11 +229,6 @@ static void __init xen_smp_prepare_boot_cpu(void) @@ -27908,6 +30779,15 @@ index f58dca7..ad21f52 100644 #endif xen_setup_runstate_info(cpu); xen_setup_timer(cpu); +@@ -630,7 +624,7 @@ static const struct smp_ops xen_smp_ops __initconst = { + + void __init xen_smp_init(void) + { +- smp_ops = xen_smp_ops; ++ memcpy((void *)&smp_ops, &xen_smp_ops, sizeof smp_ops); + xen_fill_possible_map(); + xen_init_spinlocks(); + } diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S index 33ca6e4..0ded929 100644 --- a/arch/x86/xen/xen-asm_32.S @@ -27934,7 +30814,7 @@ index 33ca6e4..0ded929 100644 movl %ss:xen_vcpu, %eax #endif diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S -index aaa7291..3f77960 100644 +index 7faed58..ba4427c 100644 --- a/arch/x86/xen/xen-head.S +++ b/arch/x86/xen/xen-head.S @@ -19,6 +19,17 @@ ENTRY(startup_xen) @@ -27956,7 +30836,7 @@ index aaa7291..3f77960 100644 mov %rsi,xen_start_info mov $init_thread_union+THREAD_SIZE,%rsp diff --git a/arch/x86/xen/xen-ops.h b/arch/x86/xen/xen-ops.h -index 202d4c1..99b072a 100644 +index a95b417..b6dbd0b 100644 --- a/arch/x86/xen/xen-ops.h +++ b/arch/x86/xen/xen-ops.h @@ -10,8 +10,6 @@ @@ -28030,7 +30910,7 @@ index af00795..2bb8105 100644 #define XCHAL_ICACHE_SIZE 32768 /* I-cache size in bytes or 0 */ #define XCHAL_DCACHE_SIZE 32768 /* D-cache size in bytes or 0 */ diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c -index 58916af..9cb880b 100644 +index 58916af..eb9dbcf6 100644 --- a/block/blk-iopoll.c +++ b/block/blk-iopoll.c @@ -77,7 +77,7 @@ void blk_iopoll_complete(struct blk_iopoll *iopoll) @@ -28042,6 +30922,15 @@ index 58916af..9cb880b 100644 { struct list_head *list = &__get_cpu_var(blk_cpu_iopoll); int rearm = 0, budget = blk_iopoll_budget; +@@ -209,7 +209,7 @@ static int __cpuinit blk_iopoll_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata blk_iopoll_cpu_notifier = { ++static struct notifier_block blk_iopoll_cpu_notifier = { + .notifier_call = blk_iopoll_cpu_notify, + }; + diff --git a/block/blk-map.c b/block/blk-map.c index 623e1cd..ca1e109 100644 --- a/block/blk-map.c @@ -28056,7 +30945,7 @@ index 623e1cd..ca1e109 100644 bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading); else diff --git a/block/blk-softirq.c b/block/blk-softirq.c -index 467c8de..4bddc6d 100644 +index 467c8de..f3628c5 100644 --- a/block/blk-softirq.c +++ b/block/blk-softirq.c @@ -18,7 +18,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done); @@ -28068,6 +30957,15 @@ index 467c8de..4bddc6d 100644 { struct list_head *cpu_list, local_list; +@@ -98,7 +98,7 @@ static int __cpuinit blk_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata blk_cpu_notifier = { ++static struct notifier_block blk_cpu_notifier = { + .notifier_call = blk_cpu_notify, + }; + diff --git a/block/bsg.c b/block/bsg.c index ff64ae3..593560c 100644 --- a/block/bsg.c @@ -28113,25 +31011,27 @@ index 7c668c8..db3521c 100644 err = -EFAULT; goto out; diff --git a/block/partitions/efi.c b/block/partitions/efi.c -index 6296b40..417c00f 100644 +index b62fb88..bdab4c4 100644 --- a/block/partitions/efi.c +++ b/block/partitions/efi.c @@ -234,14 +234,14 @@ static gpt_entry *alloc_read_gpt_entries(struct parsed_partitions *state, if (!gpt) return NULL; -- count = le32_to_cpu(gpt->num_partition_entries) * -- le32_to_cpu(gpt->sizeof_partition_entry); -- if (!count) + if (!le32_to_cpu(gpt->num_partition_entries)) - return NULL; -- pte = kzalloc(count, GFP_KERNEL); ++ return NULL; + pte = kcalloc(le32_to_cpu(gpt->num_partition_entries), le32_to_cpu(gpt->sizeof_partition_entry), GFP_KERNEL); - if (!pte) - return NULL; - -+ count = le32_to_cpu(gpt->num_partition_entries) * -+ le32_to_cpu(gpt->sizeof_partition_entry); ++ if (!pte) ++ return NULL; ++ + count = le32_to_cpu(gpt->num_partition_entries) * + le32_to_cpu(gpt->sizeof_partition_entry); +- if (!count) +- return NULL; +- pte = kzalloc(count, GFP_KERNEL); +- if (!pte) +- return NULL; +- if (read_lba(state, le64_to_cpu(gpt->partition_entry_lba), (u8 *) pte, count) < count) { @@ -28190,6 +31090,93 @@ index 9a87daa..fb17486 100644 if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len)) goto error; +diff --git a/crypto/ablkcipher.c b/crypto/ablkcipher.c +index 533de95..7d4a8d2 100644 +--- a/crypto/ablkcipher.c ++++ b/crypto/ablkcipher.c +@@ -388,9 +388,9 @@ static int crypto_ablkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_blkcipher rblkcipher; + +- snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "ablkcipher"); +- snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, "%s", +- alg->cra_ablkcipher.geniv ?: "<default>"); ++ strncpy(rblkcipher.type, "ablkcipher", sizeof(rblkcipher.type)); ++ strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<default>", ++ sizeof(rblkcipher.geniv)); + + rblkcipher.blocksize = alg->cra_blocksize; + rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; +@@ -469,9 +469,9 @@ static int crypto_givcipher_report(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_blkcipher rblkcipher; + +- snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "givcipher"); +- snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, "%s", +- alg->cra_ablkcipher.geniv ?: "<built-in>"); ++ strncpy(rblkcipher.type, "givcipher", sizeof(rblkcipher.type)); ++ strncpy(rblkcipher.geniv, alg->cra_ablkcipher.geniv ?: "<built-in>", ++ sizeof(rblkcipher.geniv)); + + rblkcipher.blocksize = alg->cra_blocksize; + rblkcipher.min_keysize = alg->cra_ablkcipher.min_keysize; +diff --git a/crypto/aead.c b/crypto/aead.c +index 0b8121e..27bc487 100644 +--- a/crypto/aead.c ++++ b/crypto/aead.c +@@ -117,9 +117,8 @@ static int crypto_aead_report(struct sk_buff *skb, struct crypto_alg *alg) + struct crypto_report_aead raead; + struct aead_alg *aead = &alg->cra_aead; + +- snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "aead"); +- snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s", +- aead->geniv ?: "<built-in>"); ++ strncpy(raead.type, "aead", sizeof(raead.type)); ++ strncpy(raead.geniv, aead->geniv ?: "<built-in>", sizeof(raead.geniv)); + + raead.blocksize = alg->cra_blocksize; + raead.maxauthsize = aead->maxauthsize; +@@ -203,8 +202,8 @@ static int crypto_nivaead_report(struct sk_buff *skb, struct crypto_alg *alg) + struct crypto_report_aead raead; + struct aead_alg *aead = &alg->cra_aead; + +- snprintf(raead.type, CRYPTO_MAX_ALG_NAME, "%s", "nivaead"); +- snprintf(raead.geniv, CRYPTO_MAX_ALG_NAME, "%s", aead->geniv); ++ strncpy(raead.type, "nivaead", sizeof(raead.type)); ++ strncpy(raead.geniv, aead->geniv, sizeof(raead.geniv)); + + raead.blocksize = alg->cra_blocksize; + raead.maxauthsize = aead->maxauthsize; +diff --git a/crypto/ahash.c b/crypto/ahash.c +index 3887856..793a27f 100644 +--- a/crypto/ahash.c ++++ b/crypto/ahash.c +@@ -404,7 +404,7 @@ static int crypto_ahash_report(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_hash rhash; + +- snprintf(rhash.type, CRYPTO_MAX_ALG_NAME, "%s", "ahash"); ++ strncpy(rhash.type, "ahash", sizeof(rhash.type)); + + rhash.blocksize = alg->cra_blocksize; + rhash.digestsize = __crypto_hash_alg_common(alg)->digestsize; +diff --git a/crypto/blkcipher.c b/crypto/blkcipher.c +index a8d85a1..c44e014 100644 +--- a/crypto/blkcipher.c ++++ b/crypto/blkcipher.c +@@ -499,9 +499,9 @@ static int crypto_blkcipher_report(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_blkcipher rblkcipher; + +- snprintf(rblkcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "blkcipher"); +- snprintf(rblkcipher.geniv, CRYPTO_MAX_ALG_NAME, "%s", +- alg->cra_blkcipher.geniv ?: "<default>"); ++ strncpy(rblkcipher.type, "blkcipher", sizeof(rblkcipher.type)); ++ strncpy(rblkcipher.geniv, alg->cra_blkcipher.geniv ?: "<default>", ++ sizeof(rblkcipher.geniv)); + + rblkcipher.blocksize = alg->cra_blocksize; + rblkcipher.min_keysize = alg->cra_blkcipher.min_keysize; diff --git a/crypto/cryptd.c b/crypto/cryptd.c index 7bdd61b..afec999 100644 --- a/crypto/cryptd.c @@ -28212,6 +31199,164 @@ index 7bdd61b..afec999 100644 static void cryptd_queue_worker(struct work_struct *work); +diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c +index 35d700a..dfd511f 100644 +--- a/crypto/crypto_user.c ++++ b/crypto/crypto_user.c +@@ -30,6 +30,8 @@ + + #include "internal.h" + ++#define null_terminated(x) (strnlen(x, sizeof(x)) < sizeof(x)) ++ + static DEFINE_MUTEX(crypto_cfg_mutex); + + /* The crypto netlink socket */ +@@ -75,7 +77,7 @@ static int crypto_report_cipher(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_cipher rcipher; + +- snprintf(rcipher.type, CRYPTO_MAX_ALG_NAME, "%s", "cipher"); ++ strncpy(rcipher.type, "cipher", sizeof(rcipher.type)); + + rcipher.blocksize = alg->cra_blocksize; + rcipher.min_keysize = alg->cra_cipher.cia_min_keysize; +@@ -94,8 +96,7 @@ static int crypto_report_comp(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_comp rcomp; + +- snprintf(rcomp.type, CRYPTO_MAX_ALG_NAME, "%s", "compression"); +- ++ strncpy(rcomp.type, "compression", sizeof(rcomp.type)); + if (nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS, + sizeof(struct crypto_report_comp), &rcomp)) + goto nla_put_failure; +@@ -108,12 +109,14 @@ nla_put_failure: + static int crypto_report_one(struct crypto_alg *alg, + struct crypto_user_alg *ualg, struct sk_buff *skb) + { +- memcpy(&ualg->cru_name, &alg->cra_name, sizeof(ualg->cru_name)); +- memcpy(&ualg->cru_driver_name, &alg->cra_driver_name, +- sizeof(ualg->cru_driver_name)); +- memcpy(&ualg->cru_module_name, module_name(alg->cra_module), +- CRYPTO_MAX_ALG_NAME); ++ strncpy(ualg->cru_name, alg->cra_name, sizeof(ualg->cru_name)); ++ strncpy(ualg->cru_driver_name, alg->cra_driver_name, ++ sizeof(ualg->cru_driver_name)); ++ strncpy(ualg->cru_module_name, module_name(alg->cra_module), ++ sizeof(ualg->cru_module_name)); + ++ ualg->cru_type = 0; ++ ualg->cru_mask = 0; + ualg->cru_flags = alg->cra_flags; + ualg->cru_refcnt = atomic_read(&alg->cra_refcnt); + +@@ -122,8 +125,7 @@ static int crypto_report_one(struct crypto_alg *alg, + if (alg->cra_flags & CRYPTO_ALG_LARVAL) { + struct crypto_report_larval rl; + +- snprintf(rl.type, CRYPTO_MAX_ALG_NAME, "%s", "larval"); +- ++ strncpy(rl.type, "larval", sizeof(rl.type)); + if (nla_put(skb, CRYPTOCFGA_REPORT_LARVAL, + sizeof(struct crypto_report_larval), &rl)) + goto nla_put_failure; +@@ -196,7 +198,10 @@ static int crypto_report(struct sk_buff *in_skb, struct nlmsghdr *in_nlh, + struct crypto_dump_info info; + int err; + +- if (!p->cru_driver_name) ++ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) ++ return -EINVAL; ++ ++ if (!p->cru_driver_name[0]) + return -EINVAL; + + alg = crypto_alg_match(p, 1); +@@ -260,6 +265,9 @@ static int crypto_update_alg(struct sk_buff *skb, struct nlmsghdr *nlh, + struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL]; + LIST_HEAD(list); + ++ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) ++ return -EINVAL; ++ + if (priority && !strlen(p->cru_driver_name)) + return -EINVAL; + +@@ -287,6 +295,9 @@ static int crypto_del_alg(struct sk_buff *skb, struct nlmsghdr *nlh, + struct crypto_alg *alg; + struct crypto_user_alg *p = nlmsg_data(nlh); + ++ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) ++ return -EINVAL; ++ + alg = crypto_alg_match(p, 1); + if (!alg) + return -ENOENT; +@@ -368,6 +379,9 @@ static int crypto_add_alg(struct sk_buff *skb, struct nlmsghdr *nlh, + struct crypto_user_alg *p = nlmsg_data(nlh); + struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL]; + ++ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) ++ return -EINVAL; ++ + if (strlen(p->cru_driver_name)) + exact = 1; + +diff --git a/crypto/pcompress.c b/crypto/pcompress.c +index 04e083f..7140fe7 100644 +--- a/crypto/pcompress.c ++++ b/crypto/pcompress.c +@@ -53,8 +53,7 @@ static int crypto_pcomp_report(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_comp rpcomp; + +- snprintf(rpcomp.type, CRYPTO_MAX_ALG_NAME, "%s", "pcomp"); +- ++ strncpy(rpcomp.type, "pcomp", sizeof(rpcomp.type)); + if (nla_put(skb, CRYPTOCFGA_REPORT_COMPRESS, + sizeof(struct crypto_report_comp), &rpcomp)) + goto nla_put_failure; +diff --git a/crypto/rng.c b/crypto/rng.c +index f3b7894..e0a25c2 100644 +--- a/crypto/rng.c ++++ b/crypto/rng.c +@@ -65,7 +65,7 @@ static int crypto_rng_report(struct sk_buff *skb, struct crypto_alg *alg) + { + struct crypto_report_rng rrng; + +- snprintf(rrng.type, CRYPTO_MAX_ALG_NAME, "%s", "rng"); ++ strncpy(rrng.type, "rng", sizeof(rrng.type)); + + rrng.seedsize = alg->cra_rng.seedsize; + +diff --git a/crypto/shash.c b/crypto/shash.c +index f426330f..929058a 100644 +--- a/crypto/shash.c ++++ b/crypto/shash.c +@@ -530,7 +530,8 @@ static int crypto_shash_report(struct sk_buff *skb, struct crypto_alg *alg) + struct crypto_report_hash rhash; + struct shash_alg *salg = __crypto_shash_alg(alg); + +- snprintf(rhash.type, CRYPTO_MAX_ALG_NAME, "%s", "shash"); ++ strncpy(rhash.type, "shash", sizeof(rhash.type)); ++ + rhash.blocksize = alg->cra_blocksize; + rhash.digestsize = salg->digestsize; + +diff --git a/drivers/acpi/apei/apei-internal.h b/drivers/acpi/apei/apei-internal.h +index f220d64..d359ad6 100644 +--- a/drivers/acpi/apei/apei-internal.h ++++ b/drivers/acpi/apei/apei-internal.h +@@ -20,7 +20,7 @@ typedef int (*apei_exec_ins_func_t)(struct apei_exec_context *ctx, + struct apei_exec_ins_type { + u32 flags; + apei_exec_ins_func_t run; +-}; ++} __do_const; + + struct apei_exec_context { + u32 ip; diff --git a/drivers/acpi/apei/cper.c b/drivers/acpi/apei/cper.c index e6defd8..c26a225 100644 --- a/drivers/acpi/apei/cper.c @@ -28233,6 +31378,45 @@ index e6defd8..c26a225 100644 } EXPORT_SYMBOL_GPL(cper_next_record_id); +diff --git a/drivers/acpi/bgrt.c b/drivers/acpi/bgrt.c +index be60399..778b33e8 100644 +--- a/drivers/acpi/bgrt.c ++++ b/drivers/acpi/bgrt.c +@@ -87,8 +87,10 @@ static int __init bgrt_init(void) + return -ENODEV; + + sysfs_bin_attr_init(&image_attr); +- image_attr.private = bgrt_image; +- image_attr.size = bgrt_image_size; ++ pax_open_kernel(); ++ *(void **)&image_attr.private = bgrt_image; ++ *(size_t *)&image_attr.size = bgrt_image_size; ++ pax_close_kernel(); + + bgrt_kobj = kobject_create_and_add("bgrt", acpi_kobj); + if (!bgrt_kobj) +diff --git a/drivers/acpi/blacklist.c b/drivers/acpi/blacklist.c +index cb96296..b81293b 100644 +--- a/drivers/acpi/blacklist.c ++++ b/drivers/acpi/blacklist.c +@@ -52,7 +52,7 @@ struct acpi_blacklist_item { + u32 is_critical_error; + }; + +-static struct dmi_system_id acpi_osi_dmi_table[] __initdata; ++static const struct dmi_system_id acpi_osi_dmi_table[] __initconst; + + /* + * POLICY: If *anything* doesn't work, put it on the blacklist. +@@ -193,7 +193,7 @@ static int __init dmi_disable_osi_win7(const struct dmi_system_id *d) + return 0; + } + +-static struct dmi_system_id acpi_osi_dmi_table[] __initdata = { ++static const struct dmi_system_id acpi_osi_dmi_table[] __initconst = { + { + .callback = dmi_disable_osi_vista, + .ident = "Fujitsu Siemens", diff --git a/drivers/acpi/ec_sys.c b/drivers/acpi/ec_sys.c index 7586544..636a2f0 100644 --- a/drivers/acpi/ec_sys.c @@ -28286,49 +31470,11 @@ index 7586544..636a2f0 100644 err = ec_write(*off, byte_write); if (err) return err; -diff --git a/drivers/acpi/proc.c b/drivers/acpi/proc.c -index 251c7b62..000462d 100644 ---- a/drivers/acpi/proc.c -+++ b/drivers/acpi/proc.c -@@ -343,19 +343,13 @@ acpi_system_write_wakeup_device(struct file *file, - size_t count, loff_t * ppos) - { - struct list_head *node, *next; -- char strbuf[5]; -- char str[5] = ""; -- unsigned int len = count; -+ char strbuf[5] = {0}; - -- if (len > 4) -- len = 4; -- if (len < 0) -+ if (count > 4) -+ count = 4; -+ if (copy_from_user(strbuf, buffer, count)) - return -EFAULT; -- -- if (copy_from_user(strbuf, buffer, len)) -- return -EFAULT; -- strbuf[len] = '\0'; -- sscanf(strbuf, "%s", str); -+ strbuf[count] = '\0'; - - mutex_lock(&acpi_device_lock); - list_for_each_safe(node, next, &acpi_wakeup_device_list) { -@@ -364,7 +358,7 @@ acpi_system_write_wakeup_device(struct file *file, - if (!dev->wakeup.flags.valid) - continue; - -- if (!strncmp(dev->pnp.bus_id, str, 4)) { -+ if (!strncmp(dev->pnp.bus_id, strbuf, 4)) { - if (device_can_wakeup(&dev->dev)) { - bool enable = !device_may_wakeup(&dev->dev); - device_set_wakeup_enable(&dev->dev, enable); diff --git a/drivers/acpi/processor_driver.c b/drivers/acpi/processor_driver.c -index bebe17f..3d0c1d8 100644 +index e83311b..142b5cc 100644 --- a/drivers/acpi/processor_driver.c +++ b/drivers/acpi/processor_driver.c -@@ -552,7 +552,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device) +@@ -558,7 +558,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device) return 0; #endif @@ -28337,11 +31483,42 @@ index bebe17f..3d0c1d8 100644 /* * Buggy BIOS check +diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c +index ed9a1cc..f4a354c 100644 +--- a/drivers/acpi/processor_idle.c ++++ b/drivers/acpi/processor_idle.c +@@ -1005,7 +1005,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr) + { + int i, count = CPUIDLE_DRIVER_STATE_START; + struct acpi_processor_cx *cx; +- struct cpuidle_state *state; ++ cpuidle_state_no_const *state; + struct cpuidle_driver *drv = &acpi_idle_driver; + + if (!pr->flags.power_setup_done) +diff --git a/drivers/acpi/sysfs.c b/drivers/acpi/sysfs.c +index ea61ca9..3fdd70d 100644 +--- a/drivers/acpi/sysfs.c ++++ b/drivers/acpi/sysfs.c +@@ -420,11 +420,11 @@ static u32 num_counters; + static struct attribute **all_attrs; + static u32 acpi_gpe_count; + +-static struct attribute_group interrupt_stats_attr_group = { ++static attribute_group_no_const interrupt_stats_attr_group = { + .name = "interrupts", + }; + +-static struct kobj_attribute *counter_attrs; ++static kobj_attribute_no_const *counter_attrs; + + static void delete_gpe_attr_array(void) + { diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 8789aef..ffb3ec7 100644 +index 46cd3f4..0871ad0 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c -@@ -4751,7 +4751,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4780,7 +4780,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -28350,7 +31527,7 @@ index 8789aef..ffb3ec7 100644 ap = qc->ap; qc->flags = 0; -@@ -4767,7 +4767,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4796,7 +4796,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -28359,7 +31536,7 @@ index 8789aef..ffb3ec7 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5829,6 +5829,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5892,6 +5892,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -28367,7 +31544,7 @@ index 8789aef..ffb3ec7 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5842,8 +5843,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5905,8 +5906,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -28379,10 +31556,10 @@ index 8789aef..ffb3ec7 100644 } diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c -index bfaa5cb..3ba1cc3 100644 +index 405022d..fb70e53 100644 --- a/drivers/ata/pata_arasan_cf.c +++ b/drivers/ata/pata_arasan_cf.c -@@ -854,7 +854,9 @@ static int __devinit arasan_cf_probe(struct platform_device *pdev) +@@ -864,7 +864,9 @@ static int arasan_cf_probe(struct platform_device *pdev) /* Handle platform specific quirks */ if (pdata->quirk) { if (pdata->quirk & CF_BROKEN_PIO) { @@ -28407,7 +31584,7 @@ index f9b983a..887b9d8 100644 return 0; } diff --git a/drivers/atm/ambassador.c b/drivers/atm/ambassador.c -index 89b30f3..7964211d4 100644 +index 77a7480..05cde58 100644 --- a/drivers/atm/ambassador.c +++ b/drivers/atm/ambassador.c @@ -454,7 +454,7 @@ static void tx_complete (amb_dev * dev, tx_out * tx) { @@ -28500,7 +31677,7 @@ index b22d71c..d6e1049 100644 if (vcc->pop) vcc->pop(vcc,skb); else dev_kfree_skb(skb); diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c -index 2059ee4..faf51c7 100644 +index c1eb6fa..4c71be9 100644 --- a/drivers/atm/eni.c +++ b/drivers/atm/eni.c @@ -522,7 +522,7 @@ static int rx_aal0(struct atm_vcc *vcc) @@ -28548,17 +31725,8 @@ index 2059ee4..faf51c7 100644 wake_up(&eni_dev->tx_wait); dma_complete++; } -@@ -1567,7 +1567,7 @@ tx_complete++; - /*--------------------------------- entries ---------------------------------*/ - - --static const char *media_name[] __devinitdata = { -+static const char *media_name[] __devinitconst = { - "MMF", "SMF", "MMF", "03?", /* 0- 3 */ - "UTP", "05?", "06?", "07?", /* 4- 7 */ - "TAXI","09?", "10?", "11?", /* 8-11 */ diff --git a/drivers/atm/firestream.c b/drivers/atm/firestream.c -index 86fed1b..6dc4721 100644 +index b41c948..a002b17 100644 --- a/drivers/atm/firestream.c +++ b/drivers/atm/firestream.c @@ -749,7 +749,7 @@ static void process_txdone_queue (struct fs_dev *dev, struct queue *q) @@ -28595,10 +31763,10 @@ index 86fed1b..6dc4721 100644 default: /* Hmm. Haven't written the code to handle the others yet... -- REW */ printk (KERN_WARNING "Don't know what to do with RX status %x: %s.\n", diff --git a/drivers/atm/fore200e.c b/drivers/atm/fore200e.c -index 361f5ae..7fc552d 100644 +index 204814e..cede831 100644 --- a/drivers/atm/fore200e.c +++ b/drivers/atm/fore200e.c -@@ -933,9 +933,9 @@ fore200e_tx_irq(struct fore200e* fore200e) +@@ -931,9 +931,9 @@ fore200e_tx_irq(struct fore200e* fore200e) #endif /* check error condition */ if (*entry->status & STATUS_ERROR) @@ -28610,7 +31778,7 @@ index 361f5ae..7fc552d 100644 } } -@@ -1084,7 +1084,7 @@ fore200e_push_rpd(struct fore200e* fore200e, struct atm_vcc* vcc, struct rpd* rp +@@ -1082,7 +1082,7 @@ fore200e_push_rpd(struct fore200e* fore200e, struct atm_vcc* vcc, struct rpd* rp if (skb == NULL) { DPRINTK(2, "unable to alloc new skb, rx PDU length = %d\n", pdu_len); @@ -28619,7 +31787,7 @@ index 361f5ae..7fc552d 100644 return -ENOMEM; } -@@ -1127,14 +1127,14 @@ fore200e_push_rpd(struct fore200e* fore200e, struct atm_vcc* vcc, struct rpd* rp +@@ -1125,14 +1125,14 @@ fore200e_push_rpd(struct fore200e* fore200e, struct atm_vcc* vcc, struct rpd* rp dev_kfree_skb_any(skb); @@ -28636,7 +31804,7 @@ index 361f5ae..7fc552d 100644 ASSERT(atomic_read(&sk_atm(vcc)->sk_wmem_alloc) >= 0); -@@ -1212,7 +1212,7 @@ fore200e_rx_irq(struct fore200e* fore200e) +@@ -1210,7 +1210,7 @@ fore200e_rx_irq(struct fore200e* fore200e) DPRINTK(2, "damaged PDU on %d.%d.%d\n", fore200e->atm_dev->number, entry->rpd->atm_header.vpi, entry->rpd->atm_header.vci); @@ -28645,7 +31813,7 @@ index 361f5ae..7fc552d 100644 } } -@@ -1657,7 +1657,7 @@ fore200e_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -1655,7 +1655,7 @@ fore200e_send(struct atm_vcc *vcc, struct sk_buff *skb) goto retry_here; } @@ -28655,10 +31823,10 @@ index 361f5ae..7fc552d 100644 fore200e->tx_sat++; DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n", diff --git a/drivers/atm/he.c b/drivers/atm/he.c -index b182c2f..1c6fa8a 100644 +index 72b6960..cf9167a 100644 --- a/drivers/atm/he.c +++ b/drivers/atm/he.c -@@ -1709,7 +1709,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) +@@ -1699,7 +1699,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) if (RBRQ_HBUF_ERR(he_dev->rbrq_head)) { hprintk("HBUF_ERR! (cid 0x%x)\n", cid); @@ -28667,7 +31835,7 @@ index b182c2f..1c6fa8a 100644 goto return_host_buffers; } -@@ -1736,7 +1736,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) +@@ -1726,7 +1726,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) RBRQ_LEN_ERR(he_dev->rbrq_head) ? "LEN_ERR" : "", vcc->vpi, vcc->vci); @@ -28676,7 +31844,7 @@ index b182c2f..1c6fa8a 100644 goto return_host_buffers; } -@@ -1788,7 +1788,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) +@@ -1778,7 +1778,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) vcc->push(vcc, skb); spin_lock(&he_dev->global_lock); @@ -28685,7 +31853,7 @@ index b182c2f..1c6fa8a 100644 return_host_buffers: ++pdus_assembled; -@@ -2114,7 +2114,7 @@ __enqueue_tpd(struct he_dev *he_dev, struct he_tpd *tpd, unsigned cid) +@@ -2104,7 +2104,7 @@ __enqueue_tpd(struct he_dev *he_dev, struct he_tpd *tpd, unsigned cid) tpd->vcc->pop(tpd->vcc, tpd->skb); else dev_kfree_skb_any(tpd->skb); @@ -28694,7 +31862,7 @@ index b182c2f..1c6fa8a 100644 } pci_pool_free(he_dev->tpd_pool, tpd, TPD_ADDR(tpd->status)); return; -@@ -2526,7 +2526,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2516,7 +2516,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -28703,7 +31871,7 @@ index b182c2f..1c6fa8a 100644 return -EINVAL; } -@@ -2537,7 +2537,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2527,7 +2527,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -28712,7 +31880,7 @@ index b182c2f..1c6fa8a 100644 return -EINVAL; } #endif -@@ -2549,7 +2549,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2539,7 +2539,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -28721,7 +31889,7 @@ index b182c2f..1c6fa8a 100644 spin_unlock_irqrestore(&he_dev->global_lock, flags); return -ENOMEM; } -@@ -2591,7 +2591,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2581,7 +2581,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -28730,7 +31898,7 @@ index b182c2f..1c6fa8a 100644 spin_unlock_irqrestore(&he_dev->global_lock, flags); return -ENOMEM; } -@@ -2622,7 +2622,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2612,7 +2612,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) __enqueue_tpd(he_dev, tpd, cid); spin_unlock_irqrestore(&he_dev->global_lock, flags); @@ -28740,7 +31908,7 @@ index b182c2f..1c6fa8a 100644 return 0; } diff --git a/drivers/atm/horizon.c b/drivers/atm/horizon.c -index 7d01c2a..4e3ac01 100644 +index 1dc0519..1aadaf7 100644 --- a/drivers/atm/horizon.c +++ b/drivers/atm/horizon.c @@ -1034,7 +1034,7 @@ static void rx_schedule (hrz_dev * dev, int irq) { @@ -28762,7 +31930,7 @@ index 7d01c2a..4e3ac01 100644 // free the skb hrz_kfree_skb (skb); diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c -index 8974bd2..b856f85 100644 +index 272f009..a18ba55 100644 --- a/drivers/atm/idt77252.c +++ b/drivers/atm/idt77252.c @@ -812,7 +812,7 @@ drain_scq(struct idt77252_dev *card, struct vc_map *vc) @@ -28920,7 +32088,7 @@ index 8974bd2..b856f85 100644 } atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc); diff --git a/drivers/atm/iphase.c b/drivers/atm/iphase.c -index 96cce6d..62c3ec5 100644 +index 4217f29..88f547a 100644 --- a/drivers/atm/iphase.c +++ b/drivers/atm/iphase.c @@ -1145,7 +1145,7 @@ static int rx_pkt(struct atm_dev *dev) @@ -29020,7 +32188,7 @@ index 96cce6d..62c3ec5 100644 vcc->tx_quota = vcc->tx_quota * 3 / 4; printk("Tx1: vcc->tx_quota = %d \n", (u32)vcc->tx_quota ); diff --git a/drivers/atm/lanai.c b/drivers/atm/lanai.c -index 68c7588..7036683 100644 +index fa7d701..1e404c7 100644 --- a/drivers/atm/lanai.c +++ b/drivers/atm/lanai.c @@ -1303,7 +1303,7 @@ static void lanai_send_one_aal5(struct lanai_dev *lanai, @@ -29078,7 +32246,7 @@ index 68c7588..7036683 100644 lvcc->rx.buf.ptr = &lvcc->rx.buf.start[SERVICE_GET_END(s) * 4]; cardvcc_write(lvcc, SERVICE_GET_END(s), vcc_rxreadptr); diff --git a/drivers/atm/nicstar.c b/drivers/atm/nicstar.c -index 1c70c45..300718d 100644 +index ed1d2b7..8cffc1f 100644 --- a/drivers/atm/nicstar.c +++ b/drivers/atm/nicstar.c @@ -1654,7 +1654,7 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb) @@ -29283,10 +32451,10 @@ index 1c70c45..300718d 100644 } diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c -index 1853a45..cf2426d 100644 +index 0474a89..06ea4a1 100644 --- a/drivers/atm/solos-pci.c +++ b/drivers/atm/solos-pci.c -@@ -714,7 +714,7 @@ void solos_bh(unsigned long card_arg) +@@ -838,7 +838,7 @@ void solos_bh(unsigned long card_arg) } atm_charge(vcc, skb->truesize); vcc->push(vcc, skb); @@ -29295,14 +32463,14 @@ index 1853a45..cf2426d 100644 break; case PKT_STATUS: -@@ -1010,7 +1010,7 @@ static uint32_t fpga_tx(struct solos_card *card) +@@ -1117,7 +1117,7 @@ static uint32_t fpga_tx(struct solos_card *card) vcc = SKB_CB(oldskb)->vcc; if (vcc) { - atomic_inc(&vcc->stats->tx); + atomic_inc_unchecked(&vcc->stats->tx); solos_pop(vcc, oldskb); - } else + } else { dev_kfree_skb_irq(oldskb); diff --git a/drivers/atm/suni.c b/drivers/atm/suni.c index 0215934..ce9f5b1 100644 @@ -29368,7 +32536,7 @@ index 5120a96..e2572bd 100644 } diff --git a/drivers/atm/zatm.c b/drivers/atm/zatm.c -index abe4e20..83c4727 100644 +index 969c3c2..9b72956 100644 --- a/drivers/atm/zatm.c +++ b/drivers/atm/zatm.c @@ -459,7 +459,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy[0],dummy[1]); @@ -29398,8 +32566,30 @@ index abe4e20..83c4727 100644 wake_up(&zatm_vcc->tx_wait); } +diff --git a/drivers/base/bus.c b/drivers/base/bus.c +index 6856303..0602d70 100644 +--- a/drivers/base/bus.c ++++ b/drivers/base/bus.c +@@ -1163,7 +1163,7 @@ int subsys_interface_register(struct subsys_interface *sif) + return -EINVAL; + + mutex_lock(&subsys->p->mutex); +- list_add_tail(&sif->node, &subsys->p->interfaces); ++ pax_list_add_tail((struct list_head *)&sif->node, &subsys->p->interfaces); + if (sif->add_dev) { + subsys_dev_iter_init(&iter, subsys, NULL, NULL); + while ((dev = subsys_dev_iter_next(&iter))) +@@ -1188,7 +1188,7 @@ void subsys_interface_unregister(struct subsys_interface *sif) + subsys = sif->subsys; + + mutex_lock(&subsys->p->mutex); +- list_del_init(&sif->node); ++ pax_list_del_init((struct list_head *)&sif->node); + if (sif->remove_dev) { + subsys_dev_iter_init(&iter, subsys, NULL, NULL); + while ((dev = subsys_dev_iter_next(&iter))) diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c -index deb4a45..211eff2 100644 +index 17cf7ca..7e553e1 100644 --- a/drivers/base/devtmpfs.c +++ b/drivers/base/devtmpfs.c @@ -347,7 +347,7 @@ int devtmpfs_mount(const char *mntdir) @@ -29411,8 +32601,43 @@ index deb4a45..211eff2 100644 if (err) printk(KERN_INFO "devtmpfs: error mounting %i\n", err); else +diff --git a/drivers/base/node.c b/drivers/base/node.c +index fac124a..66bd4ab 100644 +--- a/drivers/base/node.c ++++ b/drivers/base/node.c +@@ -625,7 +625,7 @@ static ssize_t print_nodes_state(enum node_states state, char *buf) + struct node_attr { + struct device_attribute attr; + enum node_states state; +-}; ++} __do_const; + + static ssize_t show_node_state(struct device *dev, + struct device_attribute *attr, char *buf) +diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c +index acc3a8d..981c236 100644 +--- a/drivers/base/power/domain.c ++++ b/drivers/base/power/domain.c +@@ -1851,7 +1851,7 @@ int pm_genpd_attach_cpuidle(struct generic_pm_domain *genpd, int state) + { + struct cpuidle_driver *cpuidle_drv; + struct gpd_cpu_data *cpu_data; +- struct cpuidle_state *idle_state; ++ cpuidle_state_no_const *idle_state; + int ret = 0; + + if (IS_ERR_OR_NULL(genpd) || state < 0) +@@ -1919,7 +1919,7 @@ int pm_genpd_name_attach_cpuidle(const char *name, int state) + int pm_genpd_detach_cpuidle(struct generic_pm_domain *genpd) + { + struct gpd_cpu_data *cpu_data; +- struct cpuidle_state *idle_state; ++ cpuidle_state_no_const *idle_state; + int ret = 0; + + if (IS_ERR_OR_NULL(genpd)) diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c -index cbb463b..babe2cf 100644 +index e6ee5e8..98ad7fc 100644 --- a/drivers/base/power/wakeup.c +++ b/drivers/base/power/wakeup.c @@ -29,14 +29,14 @@ bool events_check_enabled __read_mostly; @@ -29432,7 +32657,7 @@ index cbb463b..babe2cf 100644 *cnt = (comb >> IN_PROGRESS_BITS); *inpr = comb & MAX_IN_PROGRESS; -@@ -385,7 +385,7 @@ static void wakeup_source_activate(struct wakeup_source *ws) +@@ -389,7 +389,7 @@ static void wakeup_source_activate(struct wakeup_source *ws) ws->start_prevent_time = ws->last_time; /* Increment the counter of events in progress. */ @@ -29441,7 +32666,7 @@ index cbb463b..babe2cf 100644 trace_wakeup_source_activate(ws->name, cec); } -@@ -511,7 +511,7 @@ static void wakeup_source_deactivate(struct wakeup_source *ws) +@@ -515,7 +515,7 @@ static void wakeup_source_deactivate(struct wakeup_source *ws) * Increment the counter of registered wakeup events and decrement the * couter of wakeup events in progress simultaneously. */ @@ -29450,11 +32675,33 @@ index cbb463b..babe2cf 100644 trace_wakeup_source_deactivate(ws->name, cec); split_counters(&cnt, &inpr); +diff --git a/drivers/base/syscore.c b/drivers/base/syscore.c +index e8d11b6..7b1b36f 100644 +--- a/drivers/base/syscore.c ++++ b/drivers/base/syscore.c +@@ -21,7 +21,7 @@ static DEFINE_MUTEX(syscore_ops_lock); + void register_syscore_ops(struct syscore_ops *ops) + { + mutex_lock(&syscore_ops_lock); +- list_add_tail(&ops->node, &syscore_ops_list); ++ pax_list_add_tail((struct list_head *)&ops->node, &syscore_ops_list); + mutex_unlock(&syscore_ops_lock); + } + EXPORT_SYMBOL_GPL(register_syscore_ops); +@@ -33,7 +33,7 @@ EXPORT_SYMBOL_GPL(register_syscore_ops); + void unregister_syscore_ops(struct syscore_ops *ops) + { + mutex_lock(&syscore_ops_lock); +- list_del(&ops->node); ++ pax_list_del((struct list_head *)&ops->node); + mutex_unlock(&syscore_ops_lock); + } + EXPORT_SYMBOL_GPL(unregister_syscore_ops); diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c -index b0f553b..77b928b 100644 +index ade58bc..867143d 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c -@@ -1198,6 +1198,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, +@@ -1196,6 +1196,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, int err; u32 cp; @@ -29463,7 +32710,7 @@ index b0f553b..77b928b 100644 err = 0; err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info, -@@ -3007,7 +3009,7 @@ static void start_io(ctlr_info_t *h) +@@ -3005,7 +3007,7 @@ static void start_io(ctlr_info_t *h) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, CommandList_struct, list); /* can't do anything if fifo is full */ @@ -29472,7 +32719,7 @@ index b0f553b..77b928b 100644 dev_warn(&h->pdev->dev, "fifo full\n"); break; } -@@ -3017,7 +3019,7 @@ static void start_io(ctlr_info_t *h) +@@ -3015,7 +3017,7 @@ static void start_io(ctlr_info_t *h) h->Qdepth--; /* Tell the controller execute command */ @@ -29481,7 +32728,7 @@ index b0f553b..77b928b 100644 /* Put job onto the completed Q */ addQ(&h->cmpQ, c); -@@ -3443,17 +3445,17 @@ startio: +@@ -3441,17 +3443,17 @@ startio: static inline unsigned long get_next_completion(ctlr_info_t *h) { @@ -29502,7 +32749,7 @@ index b0f553b..77b928b 100644 (h->interrupts_enabled == 0)); } -@@ -3486,7 +3488,7 @@ static inline u32 next_command(ctlr_info_t *h) +@@ -3484,7 +3486,7 @@ static inline u32 next_command(ctlr_info_t *h) u32 a; if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant))) @@ -29511,7 +32758,7 @@ index b0f553b..77b928b 100644 if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) { a = *(h->reply_pool_head); /* Next cmd in ring buffer */ -@@ -4044,7 +4046,7 @@ static void __devinit cciss_put_controller_into_performant_mode(ctlr_info_t *h) +@@ -4041,7 +4043,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h) trans_support & CFGTBL_Trans_use_short_tags); /* Change the access methods to the performant access methods */ @@ -29520,7 +32767,7 @@ index b0f553b..77b928b 100644 h->transMethod = CFGTBL_Trans_Performant; return; -@@ -4316,7 +4318,7 @@ static int __devinit cciss_pci_init(ctlr_info_t *h) +@@ -4310,7 +4312,7 @@ static int cciss_pci_init(ctlr_info_t *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -29529,7 +32776,7 @@ index b0f553b..77b928b 100644 if (cciss_board_disabled(h)) { dev_warn(&h->pdev->dev, "controller appears to be disabled\n"); -@@ -5041,7 +5043,7 @@ reinit_after_soft_reset: +@@ -5032,7 +5034,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -29538,7 +32785,7 @@ index b0f553b..77b928b 100644 rc = cciss_request_irq(h, do_cciss_msix_intr, do_cciss_intx); if (rc) goto clean2; -@@ -5093,7 +5095,7 @@ reinit_after_soft_reset: +@@ -5082,7 +5084,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -29547,7 +32794,7 @@ index b0f553b..77b928b 100644 spin_unlock_irqrestore(&h->lock, flags); free_irq(h->intr[h->intr_mode], h); rc = cciss_request_irq(h, cciss_msix_discard_completions, -@@ -5113,9 +5115,9 @@ reinit_after_soft_reset: +@@ -5102,9 +5104,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -29559,7 +32806,7 @@ index b0f553b..77b928b 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -5138,7 +5140,7 @@ reinit_after_soft_reset: +@@ -5127,7 +5129,7 @@ reinit_after_soft_reset: cciss_scsi_setup(h); /* Turn the interrupts on so we can service requests */ @@ -29568,7 +32815,7 @@ index b0f553b..77b928b 100644 /* Get the firmware version */ inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL); -@@ -5211,7 +5213,7 @@ static void cciss_shutdown(struct pci_dev *pdev) +@@ -5199,7 +5201,7 @@ static void cciss_shutdown(struct pci_dev *pdev) kfree(flush_buf); if (return_code != IO_OK) dev_warn(&h->pdev->dev, "Error flushing cache\n"); @@ -29591,10 +32838,10 @@ index 7fda30e..eb5dfe0 100644 /* queue and queue Info */ struct list_head reqQ; diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c -index 9125bbe..eede5c8 100644 +index 3f08713..56a586a 100644 --- a/drivers/block/cpqarray.c +++ b/drivers/block/cpqarray.c -@@ -404,7 +404,7 @@ static int __devinit cpqarray_register_ctlr( int i, struct pci_dev *pdev) +@@ -404,7 +404,7 @@ static int cpqarray_register_ctlr(int i, struct pci_dev *pdev) if (register_blkdev(COMPAQ_SMART2_MAJOR+i, hba[i]->devname)) { goto Enomem4; } @@ -29603,7 +32850,7 @@ index 9125bbe..eede5c8 100644 if (request_irq(hba[i]->intr, do_ida_intr, IRQF_DISABLED|IRQF_SHARED, hba[i]->devname, hba[i])) { -@@ -459,7 +459,7 @@ static int __devinit cpqarray_register_ctlr( int i, struct pci_dev *pdev) +@@ -459,7 +459,7 @@ static int cpqarray_register_ctlr(int i, struct pci_dev *pdev) add_timer(&hba[i]->timer); /* Enable IRQ now that spinlock and rate limit timer are set up */ @@ -29621,7 +32868,7 @@ index 9125bbe..eede5c8 100644 break; } } -@@ -792,7 +792,7 @@ static int __devinit cpqarray_eisa_detect(void) +@@ -792,7 +792,7 @@ static int cpqarray_eisa_detect(void) hba[ctlr]->intr = intr; sprintf(hba[ctlr]->devname, "ida%d", nr_ctlr); hba[ctlr]->product_name = products[j].product_name; @@ -29724,11 +32971,11 @@ index be73e9d..7fbf140 100644 cmdlist_t *reqQ; cmdlist_t *cmpQ; diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h -index b953cc7..e3dc580 100644 +index 6b51afa..17e1191 100644 --- a/drivers/block/drbd/drbd_int.h +++ b/drivers/block/drbd/drbd_int.h -@@ -735,7 +735,7 @@ struct drbd_request; - struct drbd_epoch { +@@ -582,7 +582,7 @@ struct drbd_epoch { + struct drbd_tconn *tconn; struct list_head list; unsigned int barrier_nr; - atomic_t epoch_size; /* increased on every request added. */ @@ -29736,159 +32983,71 @@ index b953cc7..e3dc580 100644 atomic_t active; /* increased on every req. added, and dec on every finished. */ unsigned long flags; }; -@@ -1116,7 +1116,7 @@ struct drbd_conf { - void *int_dig_in; - void *int_dig_vv; +@@ -1011,7 +1011,7 @@ struct drbd_conf { + int al_tr_cycle; + int al_tr_pos; /* position of the next transaction in the journal */ wait_queue_head_t seq_wait; - atomic_t packet_seq; + atomic_unchecked_t packet_seq; unsigned int peer_seq; spinlock_t peer_seq_lock; unsigned int minor; -@@ -1658,30 +1658,30 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname, - - static inline void drbd_tcp_cork(struct socket *sock) - { -- int __user val = 1; -+ int val = 1; - (void) drbd_setsockopt(sock, SOL_TCP, TCP_CORK, -- (char __user *)&val, sizeof(val)); -+ (char __force_user *)&val, sizeof(val)); - } - - static inline void drbd_tcp_uncork(struct socket *sock) - { -- int __user val = 0; -+ int val = 0; - (void) drbd_setsockopt(sock, SOL_TCP, TCP_CORK, -- (char __user *)&val, sizeof(val)); -+ (char __force_user *)&val, sizeof(val)); - } - - static inline void drbd_tcp_nodelay(struct socket *sock) - { -- int __user val = 1; -+ int val = 1; - (void) drbd_setsockopt(sock, SOL_TCP, TCP_NODELAY, -- (char __user *)&val, sizeof(val)); -+ (char __force_user *)&val, sizeof(val)); - } +@@ -1527,7 +1527,7 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname, + char __user *uoptval; + int err; - static inline void drbd_tcp_quickack(struct socket *sock) - { -- int __user val = 2; -+ int val = 2; - (void) drbd_setsockopt(sock, SOL_TCP, TCP_QUICKACK, -- (char __user *)&val, sizeof(val)); -+ (char __force_user *)&val, sizeof(val)); - } +- uoptval = (char __user __force *)optval; ++ uoptval = (char __force_user *)optval; - void drbd_bump_write_ordering(struct drbd_conf *mdev, enum write_ordering_e wo); + set_fs(KERNEL_DS); + if (level == SOL_SOCKET) diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c -index f93a032..71c87bf 100644 +index 8c13eeb..217adee 100644 --- a/drivers/block/drbd/drbd_main.c +++ b/drivers/block/drbd/drbd_main.c -@@ -2567,7 +2567,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packets cmd, - p.sector = sector; - p.block_id = block_id; - p.blksize = blksize; -- p.seq_num = cpu_to_be32(atomic_add_return(1, &mdev->packet_seq)); -+ p.seq_num = cpu_to_be32(atomic_add_return_unchecked(1, &mdev->packet_seq)); - - if (!mdev->meta.socket || mdev->state.conn < C_CONNECTED) - return false; -@@ -2865,7 +2865,7 @@ int drbd_send_dblock(struct drbd_conf *mdev, struct drbd_request *req) - - p.sector = cpu_to_be64(req->sector); - p.block_id = (unsigned long)req; -- p.seq_num = cpu_to_be32(atomic_add_return(1, &mdev->packet_seq)); -+ p.seq_num = cpu_to_be32(atomic_add_return_unchecked(1, &mdev->packet_seq)); +@@ -1317,7 +1317,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packet cmd, + p->sector = sector; + p->block_id = block_id; + p->blksize = blksize; +- p->seq_num = cpu_to_be32(atomic_inc_return(&mdev->packet_seq)); ++ p->seq_num = cpu_to_be32(atomic_inc_return_unchecked(&mdev->packet_seq)); + return drbd_send_command(mdev, sock, cmd, sizeof(*p), NULL, 0); + } +@@ -1619,7 +1619,7 @@ int drbd_send_dblock(struct drbd_conf *mdev, struct drbd_request *req) + return -EIO; + p->sector = cpu_to_be64(req->i.sector); + p->block_id = (unsigned long)req; +- p->seq_num = cpu_to_be32(atomic_inc_return(&mdev->packet_seq)); ++ p->seq_num = cpu_to_be32(atomic_inc_return_unchecked(&mdev->packet_seq)); dp_flags = bio_flags_to_wire(mdev, req->master_bio->bi_rw); + if (mdev->state.conn >= C_SYNC_SOURCE && + mdev->state.conn <= C_PAUSED_SYNC_T) +@@ -2574,8 +2574,8 @@ void conn_destroy(struct kref *kref) + { + struct drbd_tconn *tconn = container_of(kref, struct drbd_tconn, kref); -@@ -3150,7 +3150,7 @@ void drbd_init_set_defaults(struct drbd_conf *mdev) - atomic_set(&mdev->unacked_cnt, 0); - atomic_set(&mdev->local_cnt, 0); - atomic_set(&mdev->net_cnt, 0); -- atomic_set(&mdev->packet_seq, 0); -+ atomic_set_unchecked(&mdev->packet_seq, 0); - atomic_set(&mdev->pp_in_use, 0); - atomic_set(&mdev->pp_in_use_by_net, 0); - atomic_set(&mdev->rs_sect_in, 0); -@@ -3232,8 +3232,8 @@ void drbd_mdev_cleanup(struct drbd_conf *mdev) - mdev->receiver.t_state); - - /* no need to lock it, I'm the only thread alive */ -- if (atomic_read(&mdev->current_epoch->epoch_size) != 0) -- dev_err(DEV, "epoch_size:%d\n", atomic_read(&mdev->current_epoch->epoch_size)); -+ if (atomic_read_unchecked(&mdev->current_epoch->epoch_size) != 0) -+ dev_err(DEV, "epoch_size:%d\n", atomic_read_unchecked(&mdev->current_epoch->epoch_size)); - mdev->al_writ_cnt = - mdev->bm_writ_cnt = - mdev->read_cnt = -diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c -index edb490a..ecd69da 100644 ---- a/drivers/block/drbd/drbd_nl.c -+++ b/drivers/block/drbd/drbd_nl.c -@@ -2407,7 +2407,7 @@ static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms - module_put(THIS_MODULE); - } - --static atomic_t drbd_nl_seq = ATOMIC_INIT(2); /* two. */ -+static atomic_unchecked_t drbd_nl_seq = ATOMIC_INIT(2); /* two. */ - - static unsigned short * - __tl_add_blob(unsigned short *tl, enum drbd_tags tag, const void *data, -@@ -2478,7 +2478,7 @@ void drbd_bcast_state(struct drbd_conf *mdev, union drbd_state state) - cn_reply->id.idx = CN_IDX_DRBD; - cn_reply->id.val = CN_VAL_DRBD; - -- cn_reply->seq = atomic_add_return(1, &drbd_nl_seq); -+ cn_reply->seq = atomic_add_return_unchecked(1, &drbd_nl_seq); - cn_reply->ack = 0; /* not used here. */ - cn_reply->len = sizeof(struct drbd_nl_cfg_reply) + - (int)((char *)tl - (char *)reply->tag_list); -@@ -2510,7 +2510,7 @@ void drbd_bcast_ev_helper(struct drbd_conf *mdev, char *helper_name) - cn_reply->id.idx = CN_IDX_DRBD; - cn_reply->id.val = CN_VAL_DRBD; - -- cn_reply->seq = atomic_add_return(1, &drbd_nl_seq); -+ cn_reply->seq = atomic_add_return_unchecked(1, &drbd_nl_seq); - cn_reply->ack = 0; /* not used here. */ - cn_reply->len = sizeof(struct drbd_nl_cfg_reply) + - (int)((char *)tl - (char *)reply->tag_list); -@@ -2588,7 +2588,7 @@ void drbd_bcast_ee(struct drbd_conf *mdev, - cn_reply->id.idx = CN_IDX_DRBD; - cn_reply->id.val = CN_VAL_DRBD; - -- cn_reply->seq = atomic_add_return(1,&drbd_nl_seq); -+ cn_reply->seq = atomic_add_return_unchecked(1,&drbd_nl_seq); - cn_reply->ack = 0; // not used here. - cn_reply->len = sizeof(struct drbd_nl_cfg_reply) + - (int)((char*)tl - (char*)reply->tag_list); -@@ -2627,7 +2627,7 @@ void drbd_bcast_sync_progress(struct drbd_conf *mdev) - cn_reply->id.idx = CN_IDX_DRBD; - cn_reply->id.val = CN_VAL_DRBD; - -- cn_reply->seq = atomic_add_return(1, &drbd_nl_seq); -+ cn_reply->seq = atomic_add_return_unchecked(1, &drbd_nl_seq); - cn_reply->ack = 0; /* not used here. */ - cn_reply->len = sizeof(struct drbd_nl_cfg_reply) + - (int)((char *)tl - (char *)reply->tag_list); +- if (atomic_read(&tconn->current_epoch->epoch_size) != 0) +- conn_err(tconn, "epoch_size:%d\n", atomic_read(&tconn->current_epoch->epoch_size)); ++ if (atomic_read_unchecked(&tconn->current_epoch->epoch_size) != 0) ++ conn_err(tconn, "epoch_size:%d\n", atomic_read_unchecked(&tconn->current_epoch->epoch_size)); + kfree(tconn->current_epoch); + + idr_destroy(&tconn->volumes); diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c -index c74ca2d..860c819 100644 +index a9eccfc..f5efe87 100644 --- a/drivers/block/drbd/drbd_receiver.c +++ b/drivers/block/drbd/drbd_receiver.c -@@ -898,7 +898,7 @@ retry: - sock->sk->sk_sndtimeo = mdev->net_conf->timeout*HZ/10; - sock->sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT; +@@ -833,7 +833,7 @@ int drbd_connected(struct drbd_conf *mdev) + { + int err; - atomic_set(&mdev->packet_seq, 0); + atomic_set_unchecked(&mdev->packet_seq, 0); mdev->peer_seq = 0; - if (drbd_send_protocol(mdev) == -1) -@@ -999,7 +999,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_conf *mdev, + mdev->state_mutex = mdev->tconn->agreed_pro_version < 100 ? +@@ -1191,7 +1191,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_tconn *tconn, do { next_epoch = NULL; @@ -29897,7 +33056,7 @@ index c74ca2d..860c819 100644 switch (ev & ~EV_CLEANUP) { case EV_PUT: -@@ -1035,7 +1035,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_conf *mdev, +@@ -1231,7 +1231,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_tconn *tconn, rv = FE_DESTROYED; } else { epoch->flags = 0; @@ -29906,24 +33065,16 @@ index c74ca2d..860c819 100644 /* atomic_set(&epoch->active, 0); is already zero */ if (rv == FE_STILL_LIVE) rv = FE_RECYCLED; -@@ -1210,14 +1210,14 @@ static int receive_Barrier(struct drbd_conf *mdev, enum drbd_packets cmd, unsign - drbd_wait_ee_list_empty(mdev, &mdev->active_ee); - drbd_flush(mdev); +@@ -1449,7 +1449,7 @@ static int receive_Barrier(struct drbd_tconn *tconn, struct packet_info *pi) + conn_wait_active_ee_empty(tconn); + drbd_flush(tconn); -- if (atomic_read(&mdev->current_epoch->epoch_size)) { -+ if (atomic_read_unchecked(&mdev->current_epoch->epoch_size)) { +- if (atomic_read(&tconn->current_epoch->epoch_size)) { ++ if (atomic_read_unchecked(&tconn->current_epoch->epoch_size)) { epoch = kmalloc(sizeof(struct drbd_epoch), GFP_NOIO); if (epoch) break; - } - - epoch = mdev->current_epoch; -- wait_event(mdev->ee_wait, atomic_read(&epoch->epoch_size) == 0); -+ wait_event(mdev->ee_wait, atomic_read_unchecked(&epoch->epoch_size) == 0); - - D_ASSERT(atomic_read(&epoch->active) == 0); - D_ASSERT(epoch->flags == 0); -@@ -1229,11 +1229,11 @@ static int receive_Barrier(struct drbd_conf *mdev, enum drbd_packets cmd, unsign +@@ -1462,11 +1462,11 @@ static int receive_Barrier(struct drbd_tconn *tconn, struct packet_info *pi) } epoch->flags = 0; @@ -29931,41 +33082,59 @@ index c74ca2d..860c819 100644 + atomic_set_unchecked(&epoch->epoch_size, 0); atomic_set(&epoch->active, 0); - spin_lock(&mdev->epoch_lock); -- if (atomic_read(&mdev->current_epoch->epoch_size)) { -+ if (atomic_read_unchecked(&mdev->current_epoch->epoch_size)) { - list_add(&epoch->list, &mdev->current_epoch->list); - mdev->current_epoch = epoch; - mdev->epochs++; -@@ -1702,7 +1702,7 @@ static int receive_Data(struct drbd_conf *mdev, enum drbd_packets cmd, unsigned - spin_unlock(&mdev->peer_seq_lock); - - drbd_send_ack_dp(mdev, P_NEG_ACK, p, data_size); -- atomic_inc(&mdev->current_epoch->epoch_size); -+ atomic_inc_unchecked(&mdev->current_epoch->epoch_size); - return drbd_drain_block(mdev, data_size); - } - -@@ -1732,7 +1732,7 @@ static int receive_Data(struct drbd_conf *mdev, enum drbd_packets cmd, unsigned - - spin_lock(&mdev->epoch_lock); - e->epoch = mdev->current_epoch; -- atomic_inc(&e->epoch->epoch_size); -+ atomic_inc_unchecked(&e->epoch->epoch_size); - atomic_inc(&e->epoch->active); - spin_unlock(&mdev->epoch_lock); - -@@ -3954,7 +3954,7 @@ static void drbd_disconnect(struct drbd_conf *mdev) - D_ASSERT(list_empty(&mdev->done_ee)); + spin_lock(&tconn->epoch_lock); +- if (atomic_read(&tconn->current_epoch->epoch_size)) { ++ if (atomic_read_unchecked(&tconn->current_epoch->epoch_size)) { + list_add(&epoch->list, &tconn->current_epoch->list); + tconn->current_epoch = epoch; + tconn->epochs++; +@@ -2170,7 +2170,7 @@ static int receive_Data(struct drbd_tconn *tconn, struct packet_info *pi) + + err = wait_for_and_update_peer_seq(mdev, peer_seq); + drbd_send_ack_dp(mdev, P_NEG_ACK, p, pi->size); +- atomic_inc(&tconn->current_epoch->epoch_size); ++ atomic_inc_unchecked(&tconn->current_epoch->epoch_size); + err2 = drbd_drain_block(mdev, pi->size); + if (!err) + err = err2; +@@ -2204,7 +2204,7 @@ static int receive_Data(struct drbd_tconn *tconn, struct packet_info *pi) + + spin_lock(&tconn->epoch_lock); + peer_req->epoch = tconn->current_epoch; +- atomic_inc(&peer_req->epoch->epoch_size); ++ atomic_inc_unchecked(&peer_req->epoch->epoch_size); + atomic_inc(&peer_req->epoch->active); + spin_unlock(&tconn->epoch_lock); + +@@ -4346,7 +4346,7 @@ struct data_cmd { + int expect_payload; + size_t pkt_size; + int (*fn)(struct drbd_tconn *, struct packet_info *); +-}; ++} __do_const; + static struct data_cmd drbd_cmd_handler[] = { + [P_DATA] = { 1, sizeof(struct p_data), receive_Data }, +@@ -4466,7 +4466,7 @@ static void conn_disconnect(struct drbd_tconn *tconn) + if (!list_empty(&tconn->current_epoch->list)) + conn_err(tconn, "ASSERTION FAILED: tconn->current_epoch->list not empty\n"); /* ok, no more ee's on the fly, it is safe to reset the epoch_size */ -- atomic_set(&mdev->current_epoch->epoch_size, 0); -+ atomic_set_unchecked(&mdev->current_epoch->epoch_size, 0); - D_ASSERT(list_empty(&mdev->current_epoch->list)); - } +- atomic_set(&tconn->current_epoch->epoch_size, 0); ++ atomic_set_unchecked(&tconn->current_epoch->epoch_size, 0); + tconn->send.seen_any_write_yet = false; + + conn_info(tconn, "Connection closed\n"); +@@ -5222,7 +5222,7 @@ static int tconn_finish_peer_reqs(struct drbd_tconn *tconn) + struct asender_cmd { + size_t pkt_size; + int (*fn)(struct drbd_tconn *tconn, struct packet_info *); +-}; ++} __do_const; + static struct asender_cmd asender_tbl[] = { + [P_PING] = { 0, got_Ping }, diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index 3bba655..6151b66 100644 +index ae12512..37fa397 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -226,7 +226,7 @@ static int __do_lo_send_write(struct file *file, @@ -29977,8 +33146,54 @@ index 3bba655..6151b66 100644 set_fs(old_fs); if (likely(bw == len)) return 0; +diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c +index d620b44..587561e 100644 +--- a/drivers/cdrom/cdrom.c ++++ b/drivers/cdrom/cdrom.c +@@ -416,7 +416,6 @@ int register_cdrom(struct cdrom_device_info *cdi) + ENSURE(reset, CDC_RESET); + ENSURE(generic_packet, CDC_GENERIC_PACKET); + cdi->mc_flags = 0; +- cdo->n_minors = 0; + cdi->options = CDO_USE_FFLAGS; + + if (autoclose==1 && CDROM_CAN(CDC_CLOSE_TRAY)) +@@ -436,8 +435,11 @@ int register_cdrom(struct cdrom_device_info *cdi) + else + cdi->cdda_method = CDDA_OLD; + +- if (!cdo->generic_packet) +- cdo->generic_packet = cdrom_dummy_generic_packet; ++ if (!cdo->generic_packet) { ++ pax_open_kernel(); ++ *(void **)&cdo->generic_packet = cdrom_dummy_generic_packet; ++ pax_close_kernel(); ++ } + + cdinfo(CD_REG_UNREG, "drive \"/dev/%s\" registered\n", cdi->name); + mutex_lock(&cdrom_mutex); +@@ -458,7 +460,6 @@ void unregister_cdrom(struct cdrom_device_info *cdi) + if (cdi->exit) + cdi->exit(cdi); + +- cdi->ops->n_minors--; + cdinfo(CD_REG_UNREG, "drive \"/dev/%s\" unregistered\n", cdi->name); + } + +diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c +index d59cdcb..11afddf 100644 +--- a/drivers/cdrom/gdrom.c ++++ b/drivers/cdrom/gdrom.c +@@ -491,7 +491,6 @@ static struct cdrom_device_ops gdrom_ops = { + .audio_ioctl = gdrom_audio_ioctl, + .capability = CDC_MULTI_SESSION | CDC_MEDIA_CHANGED | + CDC_RESET | CDC_DRIVE_STATUS | CDC_CD_R, +- .n_minors = 1, + }; + + static int gdrom_bdops_open(struct block_device *bdev, fmode_t mode) diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig -index ea6f632..eafb192 100644 +index 72bedad..8181ce1 100644 --- a/drivers/char/Kconfig +++ b/drivers/char/Kconfig @@ -8,7 +8,8 @@ source "drivers/tty/Kconfig" @@ -30025,7 +33240,7 @@ index 21cb980..f15107c 100644 return -EINVAL; else diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c -index dfd7876..c0b0885 100644 +index fe6d4be..89f32100 100644 --- a/drivers/char/hpet.c +++ b/drivers/char/hpet.c @@ -571,7 +571,7 @@ static inline unsigned long hpet_time_div(struct hpets *hpets, @@ -30038,7 +33253,7 @@ index dfd7876..c0b0885 100644 { struct hpet_timer __iomem *timer; diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c -index 2c29942..604c5ba 100644 +index 053201b0..8335cce 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c +++ b/drivers/char/ipmi/ipmi_msghandler.c @@ -420,7 +420,7 @@ struct ipmi_smi { @@ -30072,7 +33287,7 @@ index 2c29942..604c5ba 100644 intf->proc_dir = NULL; diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c -index 83f85cf..279e63f 100644 +index 1c7fdcd..4899100 100644 --- a/drivers/char/ipmi/ipmi_si_intf.c +++ b/drivers/char/ipmi/ipmi_si_intf.c @@ -275,7 +275,7 @@ struct smi_info { @@ -30096,7 +33311,7 @@ index 83f85cf..279e63f 100644 #define SI_MAX_PARMS 4 -@@ -3193,7 +3193,7 @@ static int try_smi_init(struct smi_info *new_smi) +@@ -3225,7 +3225,7 @@ static int try_smi_init(struct smi_info *new_smi) atomic_set(&new_smi->req_events, 0); new_smi->run_to_completion = 0; for (i = 0; i < SI_NUM_STATS; i++) @@ -30105,21 +33320,8 @@ index 83f85cf..279e63f 100644 new_smi->interrupt_disabled = 1; atomic_set(&new_smi->stop_operation, 0); -diff --git a/drivers/char/mbcs.c b/drivers/char/mbcs.c -index 47ff7e4..0c7d340 100644 ---- a/drivers/char/mbcs.c -+++ b/drivers/char/mbcs.c -@@ -799,7 +799,7 @@ static int mbcs_remove(struct cx_dev *dev) - return 0; - } - --static const struct cx_device_id __devinitdata mbcs_id_table[] = { -+static const struct cx_device_id __devinitconst mbcs_id_table[] = { - { - .part_num = MBCS_PART_NUM, - .mfg_num = MBCS_MFG_NUM, diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index e5eedfa..fcab50ea 100644 +index c6fa3bc..4ca3e42 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -18,6 +18,7 @@ @@ -30268,10 +33470,10 @@ index 9df78e2..01ba9ae 100644 *ppos = i; diff --git a/drivers/char/pcmcia/synclink_cs.c b/drivers/char/pcmcia/synclink_cs.c -index 0a484b4..f48ccd1 100644 +index b66eaa0..2619d1b 100644 --- a/drivers/char/pcmcia/synclink_cs.c +++ b/drivers/char/pcmcia/synclink_cs.c -@@ -2340,9 +2340,9 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) +@@ -2348,9 +2348,9 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgslpc_close(%s) entry, count=%d\n", @@ -30283,7 +33485,7 @@ index 0a484b4..f48ccd1 100644 if (tty_port_close_start(port, tty, filp) == 0) goto cleanup; -@@ -2360,7 +2360,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) +@@ -2368,7 +2368,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) cleanup: if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgslpc_close(%s) exit, count=%d\n", __FILE__,__LINE__, @@ -30292,7 +33494,7 @@ index 0a484b4..f48ccd1 100644 } /* Wait until the transmitter is empty. -@@ -2502,7 +2502,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) +@@ -2510,7 +2510,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgslpc_open(%s), old ref count = %d\n", @@ -30301,7 +33503,7 @@ index 0a484b4..f48ccd1 100644 /* If port is closing, signal caller to try again */ if (tty_hung_up_p(filp) || port->flags & ASYNC_CLOSING){ -@@ -2522,11 +2522,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) +@@ -2530,11 +2530,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) goto cleanup; } spin_lock(&port->lock); @@ -30315,7 +33517,7 @@ index 0a484b4..f48ccd1 100644 /* 1st open on this device, init hardware */ retval = startup(info, tty); if (retval < 0) -@@ -3891,7 +3891,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, +@@ -3889,7 +3889,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, unsigned short new_crctype; /* return error if TTY interface open */ @@ -30324,7 +33526,7 @@ index 0a484b4..f48ccd1 100644 return -EBUSY; switch (encoding) -@@ -3994,7 +3994,7 @@ static int hdlcdev_open(struct net_device *dev) +@@ -3992,7 +3992,7 @@ static int hdlcdev_open(struct net_device *dev) /* arbitrate between network and tty opens */ spin_lock_irqsave(&info->netlock, flags); @@ -30333,7 +33535,7 @@ index 0a484b4..f48ccd1 100644 printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name); spin_unlock_irqrestore(&info->netlock, flags); return -EBUSY; -@@ -4083,7 +4083,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) +@@ -4081,7 +4081,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name); /* return error if TTY interface open */ @@ -30343,7 +33545,7 @@ index 0a484b4..f48ccd1 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/char/random.c b/drivers/char/random.c -index b86eae9..4192a7a 100644 +index 85e81ec..a129a39 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -272,8 +272,13 @@ @@ -30378,7 +33580,7 @@ index b86eae9..4192a7a 100644 #if 0 /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */ { 2048, 1638, 1231, 819, 411, 1 }, -@@ -527,8 +539,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in, +@@ -524,8 +536,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in, input_rotate += i ? 7 : 14; } @@ -30389,25 +33591,7 @@ index b86eae9..4192a7a 100644 smp_wmb(); if (out) -@@ -799,6 +811,17 @@ void add_disk_randomness(struct gendisk *disk) - } - #endif - -+#ifdef CONFIG_PAX_LATENT_ENTROPY -+u64 latent_entropy; -+ -+__init void transfer_latent_entropy(void) -+{ -+ mix_pool_bytes(&input_pool, &latent_entropy, sizeof(latent_entropy), NULL); -+ mix_pool_bytes(&nonblocking_pool, &latent_entropy, sizeof(latent_entropy), NULL); -+// printk(KERN_INFO "PAX: transferring latent entropy: %16llx\n", latent_entropy); -+} -+#endif -+ - /********************************************************************* - * - * Entropy extraction routines -@@ -1008,7 +1031,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, +@@ -1020,7 +1032,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, extract_buf(r, tmp); i = min_t(int, nbytes, EXTRACT_SIZE); @@ -30416,7 +33600,7 @@ index b86eae9..4192a7a 100644 ret = -EFAULT; break; } -@@ -1342,7 +1365,7 @@ EXPORT_SYMBOL(generate_random_uuid); +@@ -1356,7 +1368,7 @@ EXPORT_SYMBOL(generate_random_uuid); #include <linux/sysctl.h> static int min_read_thresh = 8, min_write_thresh; @@ -30425,8 +33609,17 @@ index b86eae9..4192a7a 100644 static int max_write_thresh = INPUT_POOL_WORDS * 32; static char sysctl_bootid[16]; +@@ -1372,7 +1384,7 @@ static char sysctl_bootid[16]; + static int proc_do_uuid(ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) + { +- ctl_table fake_table; ++ ctl_table_no_const fake_table; + unsigned char buf[64], tmp_uuid[16], *uuid; + + uuid = table->data; diff --git a/drivers/char/sonypi.c b/drivers/char/sonypi.c -index f877805..403375a 100644 +index d780295..b29f3a8 100644 --- a/drivers/char/sonypi.c +++ b/drivers/char/sonypi.c @@ -54,6 +54,7 @@ @@ -30468,10 +33661,10 @@ index f877805..403375a 100644 return 0; diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c -index 4dc8024..90108d1 100644 +index 93211df..c7805f7 100644 --- a/drivers/char/tpm/tpm.c +++ b/drivers/char/tpm/tpm.c -@@ -415,7 +415,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf, +@@ -410,7 +410,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf, chip->vendor.req_complete_val) goto out_recv; @@ -30480,11 +33673,29 @@ index 4dc8024..90108d1 100644 dev_err(chip->dev, "Operation Canceled\n"); rc = -ECANCELED; goto out; -diff --git a/drivers/char/tpm/tpm_bios.c b/drivers/char/tpm/tpm_bios.c -index 0636520..169c1d0 100644 ---- a/drivers/char/tpm/tpm_bios.c -+++ b/drivers/char/tpm/tpm_bios.c -@@ -173,7 +173,7 @@ static void *tpm_bios_measurements_start(struct seq_file *m, loff_t *pos) +diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c +index 56051d0..11cf3b7 100644 +--- a/drivers/char/tpm/tpm_acpi.c ++++ b/drivers/char/tpm/tpm_acpi.c +@@ -98,11 +98,12 @@ int read_log(struct tpm_bios_log *log) + virt = acpi_os_map_memory(start, len); + if (!virt) { + kfree(log->bios_event_log); ++ log->bios_event_log = NULL; + printk("%s: ERROR - Unable to map memory\n", __func__); + return -EIO; + } + +- memcpy_fromio(log->bios_event_log, virt, len); ++ memcpy_fromio(log->bios_event_log, (const char __force_kernel *)virt, len); + + acpi_os_unmap_memory(virt, len); + return 0; +diff --git a/drivers/char/tpm/tpm_eventlog.c b/drivers/char/tpm/tpm_eventlog.c +index 84ddc55..1d32f1e 100644 +--- a/drivers/char/tpm/tpm_eventlog.c ++++ b/drivers/char/tpm/tpm_eventlog.c +@@ -95,7 +95,7 @@ static void *tpm_bios_measurements_start(struct seq_file *m, loff_t *pos) event = addr; if ((event->event_type == 0 && event->event_size == 0) || @@ -30493,7 +33704,7 @@ index 0636520..169c1d0 100644 return NULL; return addr; -@@ -198,7 +198,7 @@ static void *tpm_bios_measurements_next(struct seq_file *m, void *v, +@@ -120,7 +120,7 @@ static void *tpm_bios_measurements_next(struct seq_file *m, void *v, return NULL; if ((event->event_type == 0 && event->event_size == 0) || @@ -30502,7 +33713,7 @@ index 0636520..169c1d0 100644 return NULL; (*pos)++; -@@ -291,7 +291,8 @@ static int tpm_binary_bios_measurements_show(struct seq_file *m, void *v) +@@ -213,7 +213,8 @@ static int tpm_binary_bios_measurements_show(struct seq_file *m, void *v) int i; for (i = 0; i < sizeof(struct tcpa_event) + event->event_size; i++) @@ -30512,26 +33723,11 @@ index 0636520..169c1d0 100644 return 0; } -@@ -410,8 +411,13 @@ static int read_log(struct tpm_bios_log *log) - log->bios_event_log_end = log->bios_event_log + len; - - virt = acpi_os_map_memory(start, len); -+ if (!virt) { -+ kfree(log->bios_event_log); -+ log->bios_event_log = NULL; -+ return -EFAULT; -+ } - -- memcpy(log->bios_event_log, virt, len); -+ memcpy(log->bios_event_log, (const char __force_kernel *)virt, len); - - acpi_os_unmap_memory(virt, len); - return 0; diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c -index f77e341..b4fc350 100644 +index ee4dbea..69c817b 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c -@@ -563,7 +563,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, +@@ -681,7 +681,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, if (to_user) { ssize_t ret; @@ -30540,7 +33736,7 @@ index f77e341..b4fc350 100644 if (ret) return -EFAULT; } else { -@@ -662,7 +662,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf, +@@ -780,7 +780,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf, if (!port_has_data(port) && !port->host_connected) return 0; @@ -30548,9 +33744,339 @@ index f77e341..b4fc350 100644 + return fill_readbuf(port, (char __force_kernel *)ubuf, count, true); } - static ssize_t port_fops_write(struct file *filp, const char __user *ubuf, + static int wait_port_writable(struct port *port, bool nonblock) +diff --git a/drivers/clocksource/arm_generic.c b/drivers/clocksource/arm_generic.c +index 8ae1a61..9c00613 100644 +--- a/drivers/clocksource/arm_generic.c ++++ b/drivers/clocksource/arm_generic.c +@@ -181,7 +181,7 @@ static int __cpuinit arch_timer_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata arch_timer_cpu_nb = { ++static struct notifier_block arch_timer_cpu_nb = { + .notifier_call = arch_timer_cpu_notify, + }; + +diff --git a/drivers/connector/cn_proc.c b/drivers/connector/cn_proc.c +index fce2000..1110478 100644 +--- a/drivers/connector/cn_proc.c ++++ b/drivers/connector/cn_proc.c +@@ -313,6 +313,12 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg, + (task_active_pid_ns(current) != &init_pid_ns)) + return; + ++ /* Can only change if privileged. */ ++ if (!capable(CAP_NET_ADMIN)) { ++ err = EPERM; ++ goto out; ++ } ++ + mc_op = (enum proc_cn_mcast_op *)msg->data; + switch (*mc_op) { + case PROC_CN_MCAST_LISTEN: +@@ -325,6 +331,8 @@ static void cn_proc_mcast_ctl(struct cn_msg *msg, + err = EINVAL; + break; + } ++ ++out: + cn_proc_ack(err, msg->seq, msg->ack); + } + +diff --git a/drivers/cpufreq/acpi-cpufreq.c b/drivers/cpufreq/acpi-cpufreq.c +index 7b0d49d..134fac9 100644 +--- a/drivers/cpufreq/acpi-cpufreq.c ++++ b/drivers/cpufreq/acpi-cpufreq.c +@@ -172,7 +172,7 @@ static ssize_t show_global_boost(struct kobject *kobj, + return sprintf(buf, "%u\n", boost_enabled); + } + +-static struct global_attr global_boost = __ATTR(boost, 0644, ++static global_attr_no_const global_boost = __ATTR(boost, 0644, + show_global_boost, + store_global_boost); + +@@ -712,8 +712,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy) + data->acpi_data = per_cpu_ptr(acpi_perf_data, cpu); + per_cpu(acfreq_data, cpu) = data; + +- if (cpu_has(c, X86_FEATURE_CONSTANT_TSC)) +- acpi_cpufreq_driver.flags |= CPUFREQ_CONST_LOOPS; ++ if (cpu_has(c, X86_FEATURE_CONSTANT_TSC)) { ++ pax_open_kernel(); ++ *(u8 *)&acpi_cpufreq_driver.flags |= CPUFREQ_CONST_LOOPS; ++ pax_close_kernel(); ++ } + + result = acpi_processor_register_performance(data->acpi_data, cpu); + if (result) +@@ -835,7 +838,9 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy) + policy->cur = acpi_cpufreq_guess_freq(data, policy->cpu); + break; + case ACPI_ADR_SPACE_FIXED_HARDWARE: +- acpi_cpufreq_driver.get = get_cur_freq_on_cpu; ++ pax_open_kernel(); ++ *(void **)&acpi_cpufreq_driver.get = get_cur_freq_on_cpu; ++ pax_close_kernel(); + policy->cur = get_cur_freq_on_cpu(cpu); + break; + default: +@@ -846,8 +851,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy) + acpi_processor_notify_smm(THIS_MODULE); + + /* Check for APERF/MPERF support in hardware */ +- if (boot_cpu_has(X86_FEATURE_APERFMPERF)) +- acpi_cpufreq_driver.getavg = cpufreq_get_measured_perf; ++ if (boot_cpu_has(X86_FEATURE_APERFMPERF)) { ++ pax_open_kernel(); ++ *(void **)&acpi_cpufreq_driver.getavg = cpufreq_get_measured_perf; ++ pax_close_kernel(); ++ } + + pr_debug("CPU%u - ACPI performance management activated.\n", cpu); + for (i = 0; i < perf->state_count; i++) +diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c +index 1f93dbd..305cef1 100644 +--- a/drivers/cpufreq/cpufreq.c ++++ b/drivers/cpufreq/cpufreq.c +@@ -1843,7 +1843,7 @@ static int __cpuinit cpufreq_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata cpufreq_cpu_notifier = { ++static struct notifier_block cpufreq_cpu_notifier = { + .notifier_call = cpufreq_cpu_callback, + }; + +@@ -1875,8 +1875,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) + + pr_debug("trying to register driver %s\n", driver_data->name); + +- if (driver_data->setpolicy) +- driver_data->flags |= CPUFREQ_CONST_LOOPS; ++ if (driver_data->setpolicy) { ++ pax_open_kernel(); ++ *(u8 *)&driver_data->flags |= CPUFREQ_CONST_LOOPS; ++ pax_close_kernel(); ++ } + + spin_lock_irqsave(&cpufreq_driver_lock, flags); + if (cpufreq_driver) { +diff --git a/drivers/cpufreq/cpufreq_governor.c b/drivers/cpufreq/cpufreq_governor.c +index 6c5f1d3..c7e2f35e 100644 +--- a/drivers/cpufreq/cpufreq_governor.c ++++ b/drivers/cpufreq/cpufreq_governor.c +@@ -243,7 +243,7 @@ int cpufreq_governor_dbs(struct dbs_data *dbs_data, + * governor, thus we are bound to jiffes/HZ + */ + if (dbs_data->governor == GOV_CONSERVATIVE) { +- struct cs_ops *ops = dbs_data->gov_ops; ++ const struct cs_ops *ops = dbs_data->gov_ops; + + cpufreq_register_notifier(ops->notifier_block, + CPUFREQ_TRANSITION_NOTIFIER); +@@ -251,7 +251,7 @@ int cpufreq_governor_dbs(struct dbs_data *dbs_data, + dbs_data->min_sampling_rate = MIN_SAMPLING_RATE_RATIO * + jiffies_to_usecs(10); + } else { +- struct od_ops *ops = dbs_data->gov_ops; ++ const struct od_ops *ops = dbs_data->gov_ops; + + od_tuners->io_is_busy = ops->io_busy(); + } +@@ -268,7 +268,7 @@ second_time: + cs_dbs_info->enable = 1; + cs_dbs_info->requested_freq = policy->cur; + } else { +- struct od_ops *ops = dbs_data->gov_ops; ++ const struct od_ops *ops = dbs_data->gov_ops; + od_dbs_info->rate_mult = 1; + od_dbs_info->sample_type = OD_NORMAL_SAMPLE; + ops->powersave_bias_init_cpu(cpu); +@@ -289,7 +289,7 @@ second_time: + mutex_destroy(&cpu_cdbs->timer_mutex); + dbs_data->enable--; + if (!dbs_data->enable) { +- struct cs_ops *ops = dbs_data->gov_ops; ++ const struct cs_ops *ops = dbs_data->gov_ops; + + sysfs_remove_group(cpufreq_global_kobject, + dbs_data->attr_group); +diff --git a/drivers/cpufreq/cpufreq_governor.h b/drivers/cpufreq/cpufreq_governor.h +index f661654..6c8e638 100644 +--- a/drivers/cpufreq/cpufreq_governor.h ++++ b/drivers/cpufreq/cpufreq_governor.h +@@ -142,7 +142,7 @@ struct dbs_data { + void (*gov_check_cpu)(int cpu, unsigned int load); + + /* Governor specific ops, see below */ +- void *gov_ops; ++ const void *gov_ops; + }; + + /* Governor specific ops, will be passed to dbs_data->gov_ops */ +diff --git a/drivers/cpufreq/cpufreq_stats.c b/drivers/cpufreq/cpufreq_stats.c +index 9d7732b..0b1a793 100644 +--- a/drivers/cpufreq/cpufreq_stats.c ++++ b/drivers/cpufreq/cpufreq_stats.c +@@ -340,7 +340,7 @@ static int __cpuinit cpufreq_stat_cpu_callback(struct notifier_block *nfb, + } + + /* priority=1 so this will get called before cpufreq_remove_dev */ +-static struct notifier_block cpufreq_stat_cpu_notifier __refdata = { ++static struct notifier_block cpufreq_stat_cpu_notifier = { + .notifier_call = cpufreq_stat_cpu_callback, + .priority = 1, + }; +diff --git a/drivers/cpufreq/p4-clockmod.c b/drivers/cpufreq/p4-clockmod.c +index 827629c9..0bc6a03 100644 +--- a/drivers/cpufreq/p4-clockmod.c ++++ b/drivers/cpufreq/p4-clockmod.c +@@ -167,10 +167,14 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c) + case 0x0F: /* Core Duo */ + case 0x16: /* Celeron Core */ + case 0x1C: /* Atom */ +- p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS; ++ pax_open_kernel(); ++ *(u8 *)&p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS; ++ pax_close_kernel(); + return speedstep_get_frequency(SPEEDSTEP_CPU_PCORE); + case 0x0D: /* Pentium M (Dothan) */ +- p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS; ++ pax_open_kernel(); ++ *(u8 *)&p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS; ++ pax_close_kernel(); + /* fall through */ + case 0x09: /* Pentium M (Banias) */ + return speedstep_get_frequency(SPEEDSTEP_CPU_PM); +@@ -182,7 +186,9 @@ static unsigned int cpufreq_p4_get_frequency(struct cpuinfo_x86 *c) + + /* on P-4s, the TSC runs with constant frequency independent whether + * throttling is active or not. */ +- p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS; ++ pax_open_kernel(); ++ *(u8 *)&p4clockmod_driver.flags |= CPUFREQ_CONST_LOOPS; ++ pax_close_kernel(); + + if (speedstep_detect_processor() == SPEEDSTEP_CPU_P4M) { + printk(KERN_WARNING PFX "Warning: Pentium 4-M detected. " +diff --git a/drivers/cpufreq/speedstep-centrino.c b/drivers/cpufreq/speedstep-centrino.c +index 3a953d5..f5993f6 100644 +--- a/drivers/cpufreq/speedstep-centrino.c ++++ b/drivers/cpufreq/speedstep-centrino.c +@@ -353,8 +353,11 @@ static int centrino_cpu_init(struct cpufreq_policy *policy) + !cpu_has(cpu, X86_FEATURE_EST)) + return -ENODEV; + +- if (cpu_has(cpu, X86_FEATURE_CONSTANT_TSC)) +- centrino_driver.flags |= CPUFREQ_CONST_LOOPS; ++ if (cpu_has(cpu, X86_FEATURE_CONSTANT_TSC)) { ++ pax_open_kernel(); ++ *(u8 *)¢rino_driver.flags |= CPUFREQ_CONST_LOOPS; ++ pax_close_kernel(); ++ } + + if (policy->cpu != 0) + return -ENODEV; +diff --git a/drivers/cpuidle/cpuidle.c b/drivers/cpuidle/cpuidle.c +index e1f6860..f8de20b 100644 +--- a/drivers/cpuidle/cpuidle.c ++++ b/drivers/cpuidle/cpuidle.c +@@ -279,7 +279,7 @@ static int poll_idle(struct cpuidle_device *dev, + + static void poll_idle_init(struct cpuidle_driver *drv) + { +- struct cpuidle_state *state = &drv->states[0]; ++ cpuidle_state_no_const *state = &drv->states[0]; + + snprintf(state->name, CPUIDLE_NAME_LEN, "POLL"); + snprintf(state->desc, CPUIDLE_DESC_LEN, "CPUIDLE CORE POLL IDLE"); +diff --git a/drivers/cpuidle/governor.c b/drivers/cpuidle/governor.c +index ea2f8e7..70ac501 100644 +--- a/drivers/cpuidle/governor.c ++++ b/drivers/cpuidle/governor.c +@@ -87,7 +87,7 @@ int cpuidle_register_governor(struct cpuidle_governor *gov) + mutex_lock(&cpuidle_lock); + if (__cpuidle_find_governor(gov->name) == NULL) { + ret = 0; +- list_add_tail(&gov->governor_list, &cpuidle_governors); ++ pax_list_add_tail((struct list_head *)&gov->governor_list, &cpuidle_governors); + if (!cpuidle_curr_governor || + cpuidle_curr_governor->rating < gov->rating) + cpuidle_switch_governor(gov); +@@ -135,7 +135,7 @@ void cpuidle_unregister_governor(struct cpuidle_governor *gov) + new_gov = cpuidle_replace_governor(gov->rating); + cpuidle_switch_governor(new_gov); + } +- list_del(&gov->governor_list); ++ pax_list_del((struct list_head *)&gov->governor_list); + mutex_unlock(&cpuidle_lock); + } + +diff --git a/drivers/cpuidle/sysfs.c b/drivers/cpuidle/sysfs.c +index 428754a..8bdf9cc 100644 +--- a/drivers/cpuidle/sysfs.c ++++ b/drivers/cpuidle/sysfs.c +@@ -131,7 +131,7 @@ static struct attribute *cpuidle_switch_attrs[] = { + NULL + }; + +-static struct attribute_group cpuidle_attr_group = { ++static attribute_group_no_const cpuidle_attr_group = { + .attrs = cpuidle_default_attrs, + .name = "cpuidle", + }; +diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c +index 3b36797..289c16a 100644 +--- a/drivers/devfreq/devfreq.c ++++ b/drivers/devfreq/devfreq.c +@@ -588,7 +588,7 @@ int devfreq_add_governor(struct devfreq_governor *governor) + goto err_out; + } + +- list_add(&governor->node, &devfreq_governor_list); ++ pax_list_add((struct list_head *)&governor->node, &devfreq_governor_list); + + list_for_each_entry(devfreq, &devfreq_list, node) { + int ret = 0; +@@ -676,7 +676,7 @@ int devfreq_remove_governor(struct devfreq_governor *governor) + } + } + +- list_del(&governor->node); ++ pax_list_del((struct list_head *)&governor->node); + err_out: + mutex_unlock(&devfreq_list_lock); + +diff --git a/drivers/dma/sh/shdma.c b/drivers/dma/sh/shdma.c +index b70709b..1d8d02a 100644 +--- a/drivers/dma/sh/shdma.c ++++ b/drivers/dma/sh/shdma.c +@@ -476,7 +476,7 @@ static int sh_dmae_nmi_handler(struct notifier_block *self, + return ret; + } + +-static struct notifier_block sh_dmae_nmi_notifier __read_mostly = { ++static struct notifier_block sh_dmae_nmi_notifier = { + .notifier_call = sh_dmae_nmi_handler, + + /* Run before NMI debug handler and KGDB */ +diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c +index 0ca1ca7..6e6f454 100644 +--- a/drivers/edac/edac_mc_sysfs.c ++++ b/drivers/edac/edac_mc_sysfs.c +@@ -148,7 +148,7 @@ static const char *edac_caps[] = { + struct dev_ch_attribute { + struct device_attribute attr; + int channel; +-}; ++} __do_const; + + #define DEVICE_CHANNEL(_name, _mode, _show, _store, _var) \ + struct dev_ch_attribute dev_attr_legacy_##_name = \ diff --git a/drivers/edac/edac_pci_sysfs.c b/drivers/edac/edac_pci_sysfs.c -index 1bfb207..0d059c2 100644 +index 0056c4d..23b54d9 100644 --- a/drivers/edac/edac_pci_sysfs.c +++ b/drivers/edac/edac_pci_sysfs.c @@ -26,8 +26,8 @@ static int edac_pci_log_pe = 1; /* log PCI parity errors */ @@ -30564,6 +34090,15 @@ index 1bfb207..0d059c2 100644 static struct kobject *edac_pci_top_main_kobj; static atomic_t edac_pci_sysfs_refcount = ATOMIC_INIT(0); +@@ -235,7 +235,7 @@ struct edac_pci_dev_attribute { + void *value; + ssize_t(*show) (void *, char *); + ssize_t(*store) (void *, const char *, size_t); +-}; ++} __do_const; + + /* Set of show/store abstract level functions for PCI Parity object */ + static ssize_t edac_pci_dev_show(struct kobject *kobj, struct attribute *attr, @@ -579,7 +579,7 @@ static void edac_pci_dev_parity_test(struct pci_dev *dev) edac_printk(KERN_CRIT, EDAC_PCI, "Signaled System Error on %s\n", @@ -30618,7 +34153,7 @@ index 1bfb207..0d059c2 100644 } } } -@@ -676,7 +676,7 @@ void edac_pci_do_parity_check(void) +@@ -672,7 +672,7 @@ void edac_pci_do_parity_check(void) if (!check_pci_errors) return; @@ -30627,7 +34162,7 @@ index 1bfb207..0d059c2 100644 /* scan all PCI devices looking for a Parity Error on devices and * bridges. -@@ -688,7 +688,7 @@ void edac_pci_do_parity_check(void) +@@ -684,7 +684,7 @@ void edac_pci_do_parity_check(void) /* Only if operator has selected panic on PCI Error */ if (edac_pci_get_panic_on_pe()) { /* If the count is different 'after' from 'before' */ @@ -30637,13 +34172,13 @@ index 1bfb207..0d059c2 100644 } } diff --git a/drivers/edac/mce_amd.h b/drivers/edac/mce_amd.h -index 8c87a5e..a19cbd7 100644 +index 6796799..99e8377 100644 --- a/drivers/edac/mce_amd.h +++ b/drivers/edac/mce_amd.h -@@ -80,7 +80,7 @@ extern const char * const ii_msgs[]; +@@ -78,7 +78,7 @@ extern const char * const ii_msgs[]; struct amd_decoder_ops { - bool (*dc_mce)(u16, u8); - bool (*ic_mce)(u16, u8); + bool (*mc0_mce)(u16, u8); + bool (*mc1_mce)(u16, u8); -}; +} __no_const; @@ -30676,11 +34211,24 @@ index f8d2287..5aaf4db 100644 return -EINVAL; r = kmalloc(sizeof(*r), GFP_KERNEL); +diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c +index af3e8aa..eb2f227 100644 +--- a/drivers/firewire/core-device.c ++++ b/drivers/firewire/core-device.c +@@ -232,7 +232,7 @@ EXPORT_SYMBOL(fw_device_enable_phys_dma); + struct config_rom_attribute { + struct device_attribute attr; + u32 key; +-}; ++} __do_const; + + static ssize_t show_immediate(struct device *dev, + struct device_attribute *dattr, char *buf) diff --git a/drivers/firewire/core-transaction.c b/drivers/firewire/core-transaction.c -index 87d6f2d..5bf9d90 100644 +index 28a94c7..58da63a 100644 --- a/drivers/firewire/core-transaction.c +++ b/drivers/firewire/core-transaction.c -@@ -37,6 +37,7 @@ +@@ -38,6 +38,7 @@ #include <linux/timer.h> #include <linux/types.h> #include <linux/workqueue.h> @@ -30700,6 +34248,19 @@ index 515a42c..5ecf3ba 100644 void fw_card_initialize(struct fw_card *card, const struct fw_card_driver *driver, struct device *device); +diff --git a/drivers/firmware/dmi-id.c b/drivers/firmware/dmi-id.c +index 94a58a0..f5eba42 100644 +--- a/drivers/firmware/dmi-id.c ++++ b/drivers/firmware/dmi-id.c +@@ -16,7 +16,7 @@ + struct dmi_device_attribute{ + struct device_attribute dev_attr; + int field; +-}; ++} __do_const; + #define to_dmi_dev_attr(_dev_attr) \ + container_of(_dev_attr, struct dmi_device_attribute, dev_attr) + diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c index 982f1f5..d21e5da 100644 --- a/drivers/firmware/dmi_scan.c @@ -30725,8 +34286,58 @@ index 982f1f5..d21e5da 100644 iounmap(buf); return 0; +diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c +index bcb201c..4fd34dd 100644 +--- a/drivers/firmware/efivars.c ++++ b/drivers/firmware/efivars.c +@@ -133,7 +133,7 @@ struct efivar_attribute { + }; + + static struct efivars __efivars; +-static struct efivar_operations ops; ++static efivar_operations_no_const ops __read_only; + + #define PSTORE_EFI_ATTRIBUTES \ + (EFI_VARIABLE_NON_VOLATILE | \ +@@ -1734,7 +1734,7 @@ efivar_create_sysfs_entry(struct efivars *efivars, + static int + create_efivars_bin_attributes(struct efivars *efivars) + { +- struct bin_attribute *attr; ++ bin_attribute_no_const *attr; + int error; + + /* new_var */ +diff --git a/drivers/firmware/google/memconsole.c b/drivers/firmware/google/memconsole.c +index 2a90ba6..07f3733 100644 +--- a/drivers/firmware/google/memconsole.c ++++ b/drivers/firmware/google/memconsole.c +@@ -147,7 +147,9 @@ static int __init memconsole_init(void) + if (!found_memconsole()) + return -ENODEV; + +- memconsole_bin_attr.size = memconsole_length; ++ pax_open_kernel(); ++ *(size_t *)&memconsole_bin_attr.size = memconsole_length; ++ pax_close_kernel(); + + ret = sysfs_create_bin_file(firmware_kobj, &memconsole_bin_attr); + +diff --git a/drivers/gpio/gpio-ich.c b/drivers/gpio/gpio-ich.c +index 6f2306d..af9476a 100644 +--- a/drivers/gpio/gpio-ich.c ++++ b/drivers/gpio/gpio-ich.c +@@ -69,7 +69,7 @@ struct ichx_desc { + /* Some chipsets have quirks, let these use their own request/get */ + int (*request)(struct gpio_chip *chip, unsigned offset); + int (*get)(struct gpio_chip *chip, unsigned offset); +-}; ++} __do_const; + + static struct { + spinlock_t lock; diff --git a/drivers/gpio/gpio-vr41xx.c b/drivers/gpio/gpio-vr41xx.c -index 82d5c20..44a7177 100644 +index 9902732..64b62dd 100644 --- a/drivers/gpio/gpio-vr41xx.c +++ b/drivers/gpio/gpio-vr41xx.c @@ -204,7 +204,7 @@ static int giu_get_irq(unsigned int irq) @@ -30739,10 +34350,10 @@ index 82d5c20..44a7177 100644 return -EINVAL; } diff --git a/drivers/gpu/drm/drm_crtc_helper.c b/drivers/gpu/drm/drm_crtc_helper.c -index 3252e70..b5314ace 100644 +index 7b2d378..cc947ea 100644 --- a/drivers/gpu/drm/drm_crtc_helper.c +++ b/drivers/gpu/drm/drm_crtc_helper.c -@@ -286,7 +286,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder, +@@ -319,7 +319,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder, struct drm_crtc *tmp; int crtc_mask = 1; @@ -30752,7 +34363,7 @@ index 3252e70..b5314ace 100644 dev = crtc->dev; diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c -index 9238de4..a27c72a 100644 +index be174ca..7f38143 100644 --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c @@ -307,7 +307,7 @@ module_exit(drm_core_exit); @@ -30764,6 +34375,15 @@ index 9238de4..a27c72a 100644 { int len; +@@ -377,7 +377,7 @@ long drm_ioctl(struct file *filp, + struct drm_file *file_priv = filp->private_data; + struct drm_device *dev; + struct drm_ioctl_desc *ioctl; +- drm_ioctl_t *func; ++ drm_ioctl_no_const_t func; + unsigned int nr = DRM_IOCTL_NR(cmd); + int retcode = -EINVAL; + char stack_kdata[128]; @@ -390,7 +390,7 @@ long drm_ioctl(struct file *filp, return -ENODEV; @@ -30774,7 +34394,7 @@ index 9238de4..a27c72a 100644 DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n", diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c -index 7aff5c7..bee6c27 100644 +index 133b413..fd68225 100644 --- a/drivers/gpu/drm/drm_fops.c +++ b/drivers/gpu/drm/drm_fops.c @@ -71,7 +71,7 @@ static int drm_setup(struct drm_device * dev) @@ -30835,7 +34455,7 @@ index 7aff5c7..bee6c27 100644 /* Release any auth tokens that might point to this file_priv, (do that under the drm_global_mutex) */ -@@ -546,8 +546,8 @@ int drm_release(struct inode *inode, struct file *filp) +@@ -547,8 +547,8 @@ int drm_release(struct inode *inode, struct file *filp) * End inline drm_release */ @@ -30847,7 +34467,7 @@ index 7aff5c7..bee6c27 100644 DRM_ERROR("Device busy: %d\n", atomic_read(&dev->ioctl_count)); diff --git a/drivers/gpu/drm/drm_global.c b/drivers/gpu/drm/drm_global.c -index c87dc96..326055d 100644 +index f731116..629842c 100644 --- a/drivers/gpu/drm/drm_global.c +++ b/drivers/gpu/drm/drm_global.c @@ -36,7 +36,7 @@ @@ -30908,7 +34528,7 @@ index c87dc96..326055d 100644 item->object = NULL; } diff --git a/drivers/gpu/drm/drm_info.c b/drivers/gpu/drm/drm_info.c -index 8928edb..0c79258 100644 +index d4b20ce..77a8d41 100644 --- a/drivers/gpu/drm/drm_info.c +++ b/drivers/gpu/drm/drm_info.c @@ -75,10 +75,14 @@ int drm_vm_info(struct seq_file *m, void *data) @@ -30939,7 +34559,7 @@ index 8928edb..0c79258 100644 type = "??"; else type = types[map->type]; -@@ -254,7 +258,11 @@ int drm_vma_info(struct seq_file *m, void *data) +@@ -253,7 +257,11 @@ int drm_vma_info(struct seq_file *m, void *data) vma->vm_flags & VM_MAYSHARE ? 's' : 'p', vma->vm_flags & VM_LOCKED ? 'l' : '-', vma->vm_flags & VM_IO ? 'i' : '-', @@ -30952,7 +34572,7 @@ index 8928edb..0c79258 100644 #if defined(__i386__) pgprot = pgprot_val(vma->vm_page_prot); diff --git a/drivers/gpu/drm/drm_ioc32.c b/drivers/gpu/drm/drm_ioc32.c -index 637fcc3..e890b33 100644 +index 2f4c434..dd12cd2 100644 --- a/drivers/gpu/drm/drm_ioc32.c +++ b/drivers/gpu/drm/drm_ioc32.c @@ -457,7 +457,7 @@ static int compat_drm_infobufs(struct file *file, unsigned int cmd, @@ -30973,8 +34593,38 @@ index 637fcc3..e890b33 100644 if (__put_user(count, &request->count) || __put_user(list, &request->list)) +@@ -1016,7 +1016,7 @@ static int compat_drm_wait_vblank(struct file *file, unsigned int cmd, + return 0; + } + +-drm_ioctl_compat_t *drm_compat_ioctls[] = { ++drm_ioctl_compat_t drm_compat_ioctls[] = { + [DRM_IOCTL_NR(DRM_IOCTL_VERSION32)] = compat_drm_version, + [DRM_IOCTL_NR(DRM_IOCTL_GET_UNIQUE32)] = compat_drm_getunique, + [DRM_IOCTL_NR(DRM_IOCTL_GET_MAP32)] = compat_drm_getmap, +@@ -1062,7 +1062,6 @@ drm_ioctl_compat_t *drm_compat_ioctls[] = { + long drm_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) + { + unsigned int nr = DRM_IOCTL_NR(cmd); +- drm_ioctl_compat_t *fn; + int ret; + + /* Assume that ioctls without an explicit compat routine will just +@@ -1072,10 +1071,8 @@ long drm_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) + if (nr >= ARRAY_SIZE(drm_compat_ioctls)) + return drm_ioctl(filp, cmd, arg); + +- fn = drm_compat_ioctls[nr]; +- +- if (fn != NULL) +- ret = (*fn) (filp, cmd, arg); ++ if (drm_compat_ioctls[nr] != NULL) ++ ret = (*drm_compat_ioctls[nr]) (filp, cmd, arg); + else + ret = drm_ioctl(filp, cmd, arg); + diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c -index 64a62c6..ceab35e 100644 +index e77bd8b..1571b85 100644 --- a/drivers/gpu/drm/drm_ioctl.c +++ b/drivers/gpu/drm/drm_ioctl.c @@ -252,7 +252,7 @@ int drm_getstats(struct drm_device *dev, void *data, @@ -30987,7 +34637,7 @@ index 64a62c6..ceab35e 100644 } diff --git a/drivers/gpu/drm/drm_lock.c b/drivers/gpu/drm/drm_lock.c -index 3203955..c8090af 100644 +index d752c96..fe08455 100644 --- a/drivers/gpu/drm/drm_lock.c +++ b/drivers/gpu/drm/drm_lock.c @@ -86,7 +86,7 @@ int drm_lock(struct drm_device *dev, void *data, struct drm_file *file_priv) @@ -31009,10 +34659,10 @@ index 3203955..c8090af 100644 if (drm_lock_free(&master->lock, lock->context)) { /* FIXME: Should really bail out here. */ diff --git a/drivers/gpu/drm/drm_stub.c b/drivers/gpu/drm/drm_stub.c -index 21bcd4a..8e074e0 100644 +index 200e104..59facda 100644 --- a/drivers/gpu/drm/drm_stub.c +++ b/drivers/gpu/drm/drm_stub.c -@@ -511,7 +511,7 @@ void drm_unplug_dev(struct drm_device *dev) +@@ -516,7 +516,7 @@ void drm_unplug_dev(struct drm_device *dev) drm_device_set_unplugged(dev); @@ -31022,10 +34672,10 @@ index 21bcd4a..8e074e0 100644 } mutex_unlock(&drm_global_mutex); diff --git a/drivers/gpu/drm/i810/i810_dma.c b/drivers/gpu/drm/i810/i810_dma.c -index 463ec68..f5bd2b5 100644 +index 004ecdf..db1f6e0 100644 --- a/drivers/gpu/drm/i810/i810_dma.c +++ b/drivers/gpu/drm/i810/i810_dma.c -@@ -946,8 +946,8 @@ static int i810_dma_vertex(struct drm_device *dev, void *data, +@@ -945,8 +945,8 @@ static int i810_dma_vertex(struct drm_device *dev, void *data, dma->buflist[vertex->idx], vertex->discard, vertex->used); @@ -31036,7 +34686,7 @@ index 463ec68..f5bd2b5 100644 sarea_priv->last_enqueue = dev_priv->counter - 1; sarea_priv->last_dispatch = (int)hw_status[5]; -@@ -1107,8 +1107,8 @@ static int i810_dma_mc(struct drm_device *dev, void *data, +@@ -1106,8 +1106,8 @@ static int i810_dma_mc(struct drm_device *dev, void *data, i810_dma_dispatch_mc(dev, dma->buflist[mc->idx], mc->used, mc->last_render); @@ -31063,23 +34713,23 @@ index 6e0acad..93c8289 100644 int front_offset; } drm_i810_private_t; diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c -index 359f6e8..ada68fd 100644 +index 8a7c48b..72effc2 100644 --- a/drivers/gpu/drm/i915/i915_debugfs.c +++ b/drivers/gpu/drm/i915/i915_debugfs.c -@@ -518,7 +518,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data) +@@ -496,7 +496,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data) I915_READ(GTIMR)); } seq_printf(m, "Interrupts received: %d\n", - atomic_read(&dev_priv->irq_received)); + atomic_read_unchecked(&dev_priv->irq_received)); - for (i = 0; i < I915_NUM_RINGS; i++) { + for_each_ring(ring, dev_priv, i) { if (IS_GEN6(dev) || IS_GEN7(dev)) { - seq_printf(m, "Graphics Interrupt mask (%s): %08x\n", + seq_printf(m, diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c -index 0969a7c..b9ffa45 100644 +index 99daa89..84ebd44 100644 --- a/drivers/gpu/drm/i915/i915_dma.c +++ b/drivers/gpu/drm/i915/i915_dma.c -@@ -1269,7 +1269,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) +@@ -1253,7 +1253,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -31089,43 +34739,28 @@ index 0969a7c..b9ffa45 100644 return can_switch; } diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h -index 627fe35..c9a7346 100644 +index 7339a4b..445aaba 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h -@@ -272,12 +272,12 @@ struct drm_i915_display_funcs { - /* render clock increase/decrease */ - /* display clock increase/decrease */ - /* pll clock increase/decrease */ --}; -+} __no_const; - - struct drm_i915_gt_funcs { - void (*force_wake_get)(struct drm_i915_private *dev_priv); - void (*force_wake_put)(struct drm_i915_private *dev_priv); --}; -+} __no_const; - - struct intel_device_info { - u8 gen; -@@ -408,7 +408,7 @@ typedef struct drm_i915_private { - int current_page; - int page_flipping; +@@ -656,7 +656,7 @@ typedef struct drm_i915_private { + drm_dma_handle_t *status_page_dmah; + struct resource mch_res; - atomic_t irq_received; + atomic_unchecked_t irq_received; /* protects the irq masks */ spinlock_t irq_lock; -@@ -1014,7 +1014,7 @@ struct drm_i915_gem_object { +@@ -1102,7 +1102,7 @@ struct drm_i915_gem_object { * will be page flipped away on the next vblank. When it * reaches 0, dev_priv->pending_flip_queue will be woken up. */ - atomic_t pending_flip; + atomic_unchecked_t pending_flip; }; + #define to_gem_object(obj) (&((struct drm_i915_gem_object *)(obj))->base) - #define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base) -@@ -1482,7 +1482,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter( +@@ -1633,7 +1633,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter( struct drm_i915_private *dev_priv, unsigned port); extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed); extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit); @@ -31135,19 +34770,19 @@ index 627fe35..c9a7346 100644 return container_of(adapter, struct intel_gmbus, adapter)->force_bit; } diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index d8bb392..124fd07 100644 +index 26d08bb..fccb984 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -@@ -189,7 +189,7 @@ i915_gem_object_set_to_gpu_domain(struct drm_i915_gem_object *obj, - i915_gem_clflush_object(obj); +@@ -672,7 +672,7 @@ i915_gem_execbuffer_move_to_gpu(struct intel_ring_buffer *ring, + i915_gem_clflush_object(obj); - if (obj->base.pending_write_domain) -- cd->flips |= atomic_read(&obj->pending_flip); -+ cd->flips |= atomic_read_unchecked(&obj->pending_flip); + if (obj->base.pending_write_domain) +- flips |= atomic_read(&obj->pending_flip); ++ flips |= atomic_read_unchecked(&obj->pending_flip); - /* The actual obj->write_domain will be updated with - * pending_write_domain after we emit the accumulated flush for all -@@ -928,9 +928,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) + flush_domains |= obj->base.write_domain; + } +@@ -703,9 +703,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) static int validate_exec_list(struct drm_i915_gem_exec_object2 *exec, @@ -31159,11 +34794,46 @@ index d8bb392..124fd07 100644 for (i = 0; i < count; i++) { char __user *ptr = (char __user *)(uintptr_t)exec[i].relocs_ptr; +diff --git a/drivers/gpu/drm/i915/i915_ioc32.c b/drivers/gpu/drm/i915/i915_ioc32.c +index 3c59584..500f2e9 100644 +--- a/drivers/gpu/drm/i915/i915_ioc32.c ++++ b/drivers/gpu/drm/i915/i915_ioc32.c +@@ -181,7 +181,7 @@ static int compat_i915_alloc(struct file *file, unsigned int cmd, + (unsigned long)request); + } + +-static drm_ioctl_compat_t *i915_compat_ioctls[] = { ++static drm_ioctl_compat_t i915_compat_ioctls[] = { + [DRM_I915_BATCHBUFFER] = compat_i915_batchbuffer, + [DRM_I915_CMDBUFFER] = compat_i915_cmdbuffer, + [DRM_I915_GETPARAM] = compat_i915_getparam, +@@ -202,18 +202,15 @@ static drm_ioctl_compat_t *i915_compat_ioctls[] = { + long i915_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) + { + unsigned int nr = DRM_IOCTL_NR(cmd); +- drm_ioctl_compat_t *fn = NULL; + int ret; + + if (nr < DRM_COMMAND_BASE) + return drm_compat_ioctl(filp, cmd, arg); + +- if (nr < DRM_COMMAND_BASE + DRM_ARRAY_SIZE(i915_compat_ioctls)) +- fn = i915_compat_ioctls[nr - DRM_COMMAND_BASE]; +- +- if (fn != NULL) ++ if (nr < DRM_COMMAND_BASE + DRM_ARRAY_SIZE(i915_compat_ioctls)) { ++ drm_ioctl_compat_t fn = i915_compat_ioctls[nr - DRM_COMMAND_BASE]; + ret = (*fn) (filp, cmd, arg); +- else ++ } else + ret = drm_ioctl(filp, cmd, arg); + + return ret; diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index 73fa3e1..ab2e9b9 100644 +index fe84338..a863190 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c -@@ -514,7 +514,7 @@ static irqreturn_t valleyview_irq_handler(DRM_IRQ_ARGS) +@@ -535,7 +535,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg) u32 pipe_stats[I915_MAX_PIPES]; bool blc_event; @@ -31172,7 +34842,7 @@ index 73fa3e1..ab2e9b9 100644 while (true) { iir = I915_READ(VLV_IIR); -@@ -661,7 +661,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS) +@@ -688,7 +688,7 @@ static irqreturn_t ivybridge_irq_handler(int irq, void *arg) irqreturn_t ret = IRQ_NONE; int i; @@ -31181,16 +34851,16 @@ index 73fa3e1..ab2e9b9 100644 /* disable master interrupt before clearing iir */ de_ier = I915_READ(DEIER); -@@ -736,7 +736,7 @@ static irqreturn_t ironlake_irq_handler(DRM_IRQ_ARGS) +@@ -760,7 +760,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg) + int ret = IRQ_NONE; u32 de_iir, gt_iir, de_ier, pch_iir, pm_iir; - u32 hotplug_mask; - atomic_inc(&dev_priv->irq_received); + atomic_inc_unchecked(&dev_priv->irq_received); /* disable master interrupt before clearing iir */ de_ier = I915_READ(DEIER); -@@ -1717,7 +1717,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) +@@ -1787,7 +1787,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) { drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; @@ -31199,7 +34869,7 @@ index 73fa3e1..ab2e9b9 100644 I915_WRITE(HWSTAM, 0xeffe); -@@ -1743,7 +1743,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev) +@@ -1813,7 +1813,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -31208,7 +34878,7 @@ index 73fa3e1..ab2e9b9 100644 /* VLV magic */ I915_WRITE(VLV_IMR, 0); -@@ -2048,7 +2048,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev) +@@ -2108,7 +2108,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -31217,7 +34887,7 @@ index 73fa3e1..ab2e9b9 100644 for_each_pipe(pipe) I915_WRITE(PIPESTAT(pipe), 0); -@@ -2099,7 +2099,7 @@ static irqreturn_t i8xx_irq_handler(DRM_IRQ_ARGS) +@@ -2159,7 +2159,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg) I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT | I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT; @@ -31226,7 +34896,7 @@ index 73fa3e1..ab2e9b9 100644 iir = I915_READ16(IIR); if (iir == 0) -@@ -2184,7 +2184,7 @@ static void i915_irq_preinstall(struct drm_device * dev) +@@ -2244,7 +2244,7 @@ static void i915_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -31235,7 +34905,7 @@ index 73fa3e1..ab2e9b9 100644 if (I915_HAS_HOTPLUG(dev)) { I915_WRITE(PORT_HOTPLUG_EN, 0); -@@ -2279,7 +2279,7 @@ static irqreturn_t i915_irq_handler(DRM_IRQ_ARGS) +@@ -2339,7 +2339,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg) }; int pipe, ret = IRQ_NONE; @@ -31244,7 +34914,7 @@ index 73fa3e1..ab2e9b9 100644 iir = I915_READ(IIR); do { -@@ -2405,7 +2405,7 @@ static void i965_irq_preinstall(struct drm_device * dev) +@@ -2465,7 +2465,7 @@ static void i965_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -31253,7 +34923,7 @@ index 73fa3e1..ab2e9b9 100644 I915_WRITE(PORT_HOTPLUG_EN, 0); I915_WRITE(PORT_HOTPLUG_STAT, I915_READ(PORT_HOTPLUG_STAT)); -@@ -2512,7 +2512,7 @@ static irqreturn_t i965_irq_handler(DRM_IRQ_ARGS) +@@ -2572,7 +2572,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg) int irq_received; int ret = IRQ_NONE, pipe; @@ -31263,10 +34933,10 @@ index 73fa3e1..ab2e9b9 100644 iir = I915_READ(IIR); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 3098027..06bef07 100644 +index 80aa1fc..85cfce3 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -2182,7 +2182,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) +@@ -2255,7 +2255,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) wait_event(dev_priv->pending_flip_queue, atomic_read(&dev_priv->mm.wedged) || @@ -31275,34 +34945,81 @@ index 3098027..06bef07 100644 /* Big Hammer, we also need to ensure that any pending * MI_WAIT_FOR_EVENT inside a user batch buffer on the -@@ -6160,8 +6160,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, +@@ -7122,8 +7122,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, obj = work->old_fb_obj; - atomic_clear_mask(1 << intel_crtc->plane, - &obj->pending_flip.counter); + atomic_clear_mask_unchecked(1 << intel_crtc->plane, &obj->pending_flip); - wake_up(&dev_priv->pending_flip_queue); - schedule_work(&work->work); -@@ -6507,7 +6506,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, + + queue_work(dev_priv->wq, &work->work); +@@ -7490,7 +7489,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, /* Block clients from rendering to the new back buffer until * the flip occurs and the object is no longer visible. */ - atomic_add(1 << intel_crtc->plane, &work->old_fb_obj->pending_flip); + atomic_add_unchecked(1 << intel_crtc->plane, &work->old_fb_obj->pending_flip); + atomic_inc(&intel_crtc->unpin_work_count); ret = dev_priv->display.queue_flip(dev, crtc, fb, obj); - if (ret) -@@ -6522,7 +6521,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, - return 0; +@@ -7507,7 +7506,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, cleanup_pending: + atomic_dec(&intel_crtc->unpin_work_count); - atomic_sub(1 << intel_crtc->plane, &work->old_fb_obj->pending_flip); + atomic_sub_unchecked(1 << intel_crtc->plane, &work->old_fb_obj->pending_flip); drm_gem_object_unreference(&work->old_fb_obj->base); drm_gem_object_unreference(&obj->base); mutex_unlock(&dev->struct_mutex); +@@ -8849,13 +8848,13 @@ struct intel_quirk { + int subsystem_vendor; + int subsystem_device; + void (*hook)(struct drm_device *dev); +-}; ++} __do_const; + + /* For systems that don't have a meaningful PCI subdevice/subvendor ID */ + struct intel_dmi_quirk { + void (*hook)(struct drm_device *dev); + const struct dmi_system_id (*dmi_id_list)[]; +-}; ++} __do_const; + + static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) + { +@@ -8863,18 +8862,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) + return 1; + } + ++static const struct dmi_system_id intel_dmi_quirks_table[] = { ++ { ++ .callback = intel_dmi_reverse_brightness, ++ .ident = "NCR Corporation", ++ .matches = {DMI_MATCH(DMI_SYS_VENDOR, "NCR Corporation"), ++ DMI_MATCH(DMI_PRODUCT_NAME, ""), ++ }, ++ }, ++ { } /* terminating entry */ ++}; ++ + static const struct intel_dmi_quirk intel_dmi_quirks[] = { + { +- .dmi_id_list = &(const struct dmi_system_id[]) { +- { +- .callback = intel_dmi_reverse_brightness, +- .ident = "NCR Corporation", +- .matches = {DMI_MATCH(DMI_SYS_VENDOR, "NCR Corporation"), +- DMI_MATCH(DMI_PRODUCT_NAME, ""), +- }, +- }, +- { } /* terminating entry */ +- }, ++ .dmi_id_list = &intel_dmi_quirks_table, + .hook = quirk_invert_brightness, + }, + }; diff --git a/drivers/gpu/drm/mga/mga_drv.h b/drivers/gpu/drm/mga/mga_drv.h index 54558a0..2d97005 100644 --- a/drivers/gpu/drm/mga/mga_drv.h @@ -31319,11 +35036,46 @@ index 54558a0..2d97005 100644 u32 next_fence_to_post; unsigned int fb_cpp; +diff --git a/drivers/gpu/drm/mga/mga_ioc32.c b/drivers/gpu/drm/mga/mga_ioc32.c +index 709e90d..89a1c0d 100644 +--- a/drivers/gpu/drm/mga/mga_ioc32.c ++++ b/drivers/gpu/drm/mga/mga_ioc32.c +@@ -189,7 +189,7 @@ static int compat_mga_dma_bootstrap(struct file *file, unsigned int cmd, + return 0; + } + +-drm_ioctl_compat_t *mga_compat_ioctls[] = { ++drm_ioctl_compat_t mga_compat_ioctls[] = { + [DRM_MGA_INIT] = compat_mga_init, + [DRM_MGA_GETPARAM] = compat_mga_getparam, + [DRM_MGA_DMA_BOOTSTRAP] = compat_mga_dma_bootstrap, +@@ -207,18 +207,15 @@ drm_ioctl_compat_t *mga_compat_ioctls[] = { + long mga_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) + { + unsigned int nr = DRM_IOCTL_NR(cmd); +- drm_ioctl_compat_t *fn = NULL; + int ret; + + if (nr < DRM_COMMAND_BASE) + return drm_compat_ioctl(filp, cmd, arg); + +- if (nr < DRM_COMMAND_BASE + DRM_ARRAY_SIZE(mga_compat_ioctls)) +- fn = mga_compat_ioctls[nr - DRM_COMMAND_BASE]; +- +- if (fn != NULL) ++ if (nr < DRM_COMMAND_BASE + DRM_ARRAY_SIZE(mga_compat_ioctls)) { ++ drm_ioctl_compat_t fn = mga_compat_ioctls[nr - DRM_COMMAND_BASE]; + ret = (*fn) (filp, cmd, arg); +- else ++ } else + ret = drm_ioctl(filp, cmd, arg); + + return ret; diff --git a/drivers/gpu/drm/mga/mga_irq.c b/drivers/gpu/drm/mga/mga_irq.c -index 2581202..f230a8d9 100644 +index 598c281..60d590e 100644 --- a/drivers/gpu/drm/mga/mga_irq.c +++ b/drivers/gpu/drm/mga/mga_irq.c -@@ -44,7 +44,7 @@ u32 mga_get_vblank_counter(struct drm_device *dev, int crtc) +@@ -43,7 +43,7 @@ u32 mga_get_vblank_counter(struct drm_device *dev, int crtc) if (crtc != 0) return 0; @@ -31332,7 +35084,7 @@ index 2581202..f230a8d9 100644 } -@@ -60,7 +60,7 @@ irqreturn_t mga_driver_irq_handler(DRM_IRQ_ARGS) +@@ -59,7 +59,7 @@ irqreturn_t mga_driver_irq_handler(DRM_IRQ_ARGS) /* VBLANK interrupt */ if (status & MGA_VLINEPEN) { MGA_WRITE(MGA_ICLEAR, MGA_VLINEICLR); @@ -31341,7 +35093,7 @@ index 2581202..f230a8d9 100644 drm_handle_vblank(dev, 0); handled = 1; } -@@ -79,7 +79,7 @@ irqreturn_t mga_driver_irq_handler(DRM_IRQ_ARGS) +@@ -78,7 +78,7 @@ irqreturn_t mga_driver_irq_handler(DRM_IRQ_ARGS) if ((prim_start & ~0x03) != (prim_end & ~0x03)) MGA_WRITE(MGA_PRIMEND, prim_end); @@ -31350,7 +35102,7 @@ index 2581202..f230a8d9 100644 DRM_WAKEUP(&dev_priv->fence_queue); handled = 1; } -@@ -130,7 +130,7 @@ int mga_driver_fence_wait(struct drm_device *dev, unsigned int *sequence) +@@ -129,7 +129,7 @@ int mga_driver_fence_wait(struct drm_device *dev, unsigned int *sequence) * using fences. */ DRM_WAIT_ON(ret, dev_priv->fence_queue, 3 * DRM_HZ, @@ -31360,10 +35112,10 @@ index 2581202..f230a8d9 100644 *sequence = cur_fence; diff --git a/drivers/gpu/drm/nouveau/nouveau_bios.c b/drivers/gpu/drm/nouveau/nouveau_bios.c -index a0a3fe3..209bf10 100644 +index 865eddf..62c4cc3 100644 --- a/drivers/gpu/drm/nouveau/nouveau_bios.c +++ b/drivers/gpu/drm/nouveau/nouveau_bios.c -@@ -5340,7 +5340,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, struct nvbios *bios, +@@ -1015,7 +1015,7 @@ static int parse_bit_tmds_tbl_entry(struct drm_device *dev, struct nvbios *bios, struct bit_table { const char id; int (* const parse_fn)(struct drm_device *, struct nvbios *, struct bit_entry *); @@ -31372,45 +35124,11 @@ index a0a3fe3..209bf10 100644 #define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry }) -diff --git a/drivers/gpu/drm/nouveau/nouveau_drv.h b/drivers/gpu/drm/nouveau/nouveau_drv.h -index 4f2cc95..9c6c510 100644 ---- a/drivers/gpu/drm/nouveau/nouveau_drv.h -+++ b/drivers/gpu/drm/nouveau/nouveau_drv.h -@@ -302,7 +302,7 @@ struct nouveau_exec_engine { - u32 handle, u16 class); - void (*set_tile_region)(struct drm_device *dev, int i); - void (*tlb_flush)(struct drm_device *, int engine); --}; -+} __no_const; - - struct nouveau_instmem_engine { - void *priv; -@@ -324,13 +324,13 @@ struct nouveau_instmem_engine { - struct nouveau_mc_engine { - int (*init)(struct drm_device *dev); - void (*takedown)(struct drm_device *dev); --}; -+} __no_const; - - struct nouveau_timer_engine { - int (*init)(struct drm_device *dev); - void (*takedown)(struct drm_device *dev); - uint64_t (*read)(struct drm_device *dev); --}; -+} __no_const; - - struct nouveau_fb_engine { - int num_tiles; -@@ -547,7 +547,7 @@ struct nouveau_vram_engine { - void (*put)(struct drm_device *, struct nouveau_mem **); - - bool (*flags_valid)(struct drm_device *, u32 tile_flags); --}; -+} __no_const; - - struct nouveau_engine { - struct nouveau_instmem_engine instmem; -@@ -693,7 +693,7 @@ struct drm_nouveau_private { +diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.h b/drivers/gpu/drm/nouveau/nouveau_drm.h +index aa89eb9..d45d38b 100644 +--- a/drivers/gpu/drm/nouveau/nouveau_drm.h ++++ b/drivers/gpu/drm/nouveau/nouveau_drm.h +@@ -80,7 +80,7 @@ struct nouveau_drm { struct drm_global_reference mem_global_ref; struct ttm_bo_global_ref bo_global_ref; struct ttm_bo_device bdev; @@ -31419,24 +35137,50 @@ index 4f2cc95..9c6c510 100644 int (*move)(struct nouveau_channel *, struct ttm_buffer_object *, struct ttm_mem_reg *, struct ttm_mem_reg *); +diff --git a/drivers/gpu/drm/nouveau/nouveau_fence.h b/drivers/gpu/drm/nouveau/nouveau_fence.h +index cdb83ac..27f0a16 100644 +--- a/drivers/gpu/drm/nouveau/nouveau_fence.h ++++ b/drivers/gpu/drm/nouveau/nouveau_fence.h +@@ -43,7 +43,7 @@ struct nouveau_fence_priv { + int (*sync)(struct nouveau_fence *, struct nouveau_channel *, + struct nouveau_channel *); + u32 (*read)(struct nouveau_channel *); +-}; ++} __no_const; + + #define nouveau_fence(drm) ((struct nouveau_fence_priv *)(drm)->fence) + diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c -index af7cfb8..aadc2a3 100644 +index 8bf695c..9fbc90a 100644 --- a/drivers/gpu/drm/nouveau/nouveau_gem.c +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c -@@ -318,7 +318,7 @@ validate_init(struct nouveau_channel *chan, struct drm_file *file_priv, +@@ -321,7 +321,7 @@ validate_init(struct nouveau_channel *chan, struct drm_file *file_priv, int trycnt = 0; int ret, i; -- sequence = atomic_add_return(1, &dev_priv->ttm.validate_sequence); -+ sequence = atomic_add_return_unchecked(1, &dev_priv->ttm.validate_sequence); +- sequence = atomic_add_return(1, &drm->ttm.validate_sequence); ++ sequence = atomic_add_return_unchecked(1, &drm->ttm.validate_sequence); retry: if (++trycnt > 100000) { - NV_ERROR(dev, "%s failed and gave up.\n", __func__); -diff --git a/drivers/gpu/drm/nouveau/nouveau_state.c b/drivers/gpu/drm/nouveau/nouveau_state.c -index f5e9584..05934ba 100644 ---- a/drivers/gpu/drm/nouveau/nouveau_state.c -+++ b/drivers/gpu/drm/nouveau/nouveau_state.c -@@ -492,7 +492,7 @@ static bool nouveau_switcheroo_can_switch(struct pci_dev *pdev) + NV_ERROR(drm, "%s failed and gave up.\n", __func__); +diff --git a/drivers/gpu/drm/nouveau/nouveau_ioc32.c b/drivers/gpu/drm/nouveau/nouveau_ioc32.c +index 08214bc..9208577 100644 +--- a/drivers/gpu/drm/nouveau/nouveau_ioc32.c ++++ b/drivers/gpu/drm/nouveau/nouveau_ioc32.c +@@ -50,7 +50,7 @@ long nouveau_compat_ioctl(struct file *filp, unsigned int cmd, + unsigned long arg) + { + unsigned int nr = DRM_IOCTL_NR(cmd); +- drm_ioctl_compat_t *fn = NULL; ++ drm_ioctl_compat_t fn = NULL; + int ret; + + if (nr < DRM_COMMAND_BASE) +diff --git a/drivers/gpu/drm/nouveau/nouveau_vga.c b/drivers/gpu/drm/nouveau/nouveau_vga.c +index 25d3495..d81aaf6 100644 +--- a/drivers/gpu/drm/nouveau/nouveau_vga.c ++++ b/drivers/gpu/drm/nouveau/nouveau_vga.c +@@ -62,7 +62,7 @@ nouveau_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -31445,37 +35189,11 @@ index f5e9584..05934ba 100644 spin_unlock(&dev->count_lock); return can_switch; } -diff --git a/drivers/gpu/drm/nouveau/nv50_sor.c b/drivers/gpu/drm/nouveau/nv50_sor.c -index 93240bd..c490f60 100644 ---- a/drivers/gpu/drm/nouveau/nv50_sor.c -+++ b/drivers/gpu/drm/nouveau/nv50_sor.c -@@ -304,7 +304,7 @@ nv50_sor_dpms(struct drm_encoder *encoder, int mode) - } - - if (nv_encoder->dcb->type == OUTPUT_DP) { -- struct dp_train_func func = { -+ static struct dp_train_func func = { - .link_set = nv50_sor_dp_link_set, - .train_set = nv50_sor_dp_train_set, - .train_adj = nv50_sor_dp_train_adj -diff --git a/drivers/gpu/drm/nouveau/nvd0_display.c b/drivers/gpu/drm/nouveau/nvd0_display.c -index 8a2fc89..3a5cf40 100644 ---- a/drivers/gpu/drm/nouveau/nvd0_display.c -+++ b/drivers/gpu/drm/nouveau/nvd0_display.c -@@ -1367,7 +1367,7 @@ nvd0_sor_dpms(struct drm_encoder *encoder, int mode) - nv_wait(dev, 0x61c030 + (or * 0x0800), 0x10000000, 0x00000000); - - if (nv_encoder->dcb->type == OUTPUT_DP) { -- struct dp_train_func func = { -+ static struct dp_train_func func = { - .link_set = nvd0_sor_dp_link_set, - .train_set = nvd0_sor_dp_train_set, - .train_adj = nvd0_sor_dp_train_adj diff --git a/drivers/gpu/drm/r128/r128_cce.c b/drivers/gpu/drm/r128/r128_cce.c -index bcac90b..53bfc76 100644 +index d4660cf..70dbe65 100644 --- a/drivers/gpu/drm/r128/r128_cce.c +++ b/drivers/gpu/drm/r128/r128_cce.c -@@ -378,7 +378,7 @@ static int r128_do_init_cce(struct drm_device *dev, drm_r128_init_t *init) +@@ -377,7 +377,7 @@ static int r128_do_init_cce(struct drm_device *dev, drm_r128_init_t *init) /* GH: Simple idle check. */ @@ -31505,11 +35223,46 @@ index 930c71b..499aded 100644 u32 color_fmt; unsigned int front_offset; +diff --git a/drivers/gpu/drm/r128/r128_ioc32.c b/drivers/gpu/drm/r128/r128_ioc32.c +index a954c54..9cc595c 100644 +--- a/drivers/gpu/drm/r128/r128_ioc32.c ++++ b/drivers/gpu/drm/r128/r128_ioc32.c +@@ -177,7 +177,7 @@ static int compat_r128_getparam(struct file *file, unsigned int cmd, + return drm_ioctl(file, DRM_IOCTL_R128_GETPARAM, (unsigned long)getparam); + } + +-drm_ioctl_compat_t *r128_compat_ioctls[] = { ++drm_ioctl_compat_t r128_compat_ioctls[] = { + [DRM_R128_INIT] = compat_r128_init, + [DRM_R128_DEPTH] = compat_r128_depth, + [DRM_R128_STIPPLE] = compat_r128_stipple, +@@ -196,18 +196,15 @@ drm_ioctl_compat_t *r128_compat_ioctls[] = { + long r128_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) + { + unsigned int nr = DRM_IOCTL_NR(cmd); +- drm_ioctl_compat_t *fn = NULL; + int ret; + + if (nr < DRM_COMMAND_BASE) + return drm_compat_ioctl(filp, cmd, arg); + +- if (nr < DRM_COMMAND_BASE + DRM_ARRAY_SIZE(r128_compat_ioctls)) +- fn = r128_compat_ioctls[nr - DRM_COMMAND_BASE]; +- +- if (fn != NULL) ++ if (nr < DRM_COMMAND_BASE + DRM_ARRAY_SIZE(r128_compat_ioctls)) { ++ drm_ioctl_compat_t fn = r128_compat_ioctls[nr - DRM_COMMAND_BASE]; + ret = (*fn) (filp, cmd, arg); +- else ++ } else + ret = drm_ioctl(filp, cmd, arg); + + return ret; diff --git a/drivers/gpu/drm/r128/r128_irq.c b/drivers/gpu/drm/r128/r128_irq.c -index 429d5a0..7e899ed 100644 +index 2ea4f09..d391371 100644 --- a/drivers/gpu/drm/r128/r128_irq.c +++ b/drivers/gpu/drm/r128/r128_irq.c -@@ -42,7 +42,7 @@ u32 r128_get_vblank_counter(struct drm_device *dev, int crtc) +@@ -41,7 +41,7 @@ u32 r128_get_vblank_counter(struct drm_device *dev, int crtc) if (crtc != 0) return 0; @@ -31518,7 +35271,7 @@ index 429d5a0..7e899ed 100644 } irqreturn_t r128_driver_irq_handler(DRM_IRQ_ARGS) -@@ -56,7 +56,7 @@ irqreturn_t r128_driver_irq_handler(DRM_IRQ_ARGS) +@@ -55,7 +55,7 @@ irqreturn_t r128_driver_irq_handler(DRM_IRQ_ARGS) /* VBLANK interrupt */ if (status & R128_CRTC_VBLANK_INT) { R128_WRITE(R128_GEN_INT_STATUS, R128_CRTC_VBLANK_INT_AK); @@ -31528,10 +35281,10 @@ index 429d5a0..7e899ed 100644 return IRQ_HANDLED; } diff --git a/drivers/gpu/drm/r128/r128_state.c b/drivers/gpu/drm/r128/r128_state.c -index a9e33ce..09edd4b 100644 +index 19bb7e6..de7e2a2 100644 --- a/drivers/gpu/drm/r128/r128_state.c +++ b/drivers/gpu/drm/r128/r128_state.c -@@ -321,10 +321,10 @@ static void r128_clear_box(drm_r128_private_t *dev_priv, +@@ -320,10 +320,10 @@ static void r128_clear_box(drm_r128_private_t *dev_priv, static void r128_cce_performance_boxes(drm_r128_private_t *dev_priv) { @@ -31565,33 +35318,11 @@ index 5a82b6b..9e69c73 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { -diff --git a/drivers/gpu/drm/radeon/radeon.h b/drivers/gpu/drm/radeon/radeon.h -index 59a1531..3bab49b 100644 ---- a/drivers/gpu/drm/radeon/radeon.h -+++ b/drivers/gpu/drm/radeon/radeon.h -@@ -711,7 +711,7 @@ struct r600_blit_cp_primitives { - int x2, int y2); - void (*draw_auto)(struct radeon_device *rdev); - void (*set_default_state)(struct radeon_device *rdev); --}; -+} __no_const; - - struct r600_blit { - struct radeon_bo *shader_obj; -@@ -1216,7 +1216,7 @@ struct radeon_asic { - u32 (*page_flip)(struct radeon_device *rdev, int crtc, u64 crtc_base); - void (*post_page_flip)(struct radeon_device *rdev, int crtc); - } pflip; --}; -+} __no_const; - - /* - * Asic structures diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 9d9bf5f..fa6c66b 100644 +index 0d6562b..a154330 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c -@@ -953,7 +953,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) +@@ -969,7 +969,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -31601,7 +35332,7 @@ index 9d9bf5f..fa6c66b 100644 return can_switch; } diff --git a/drivers/gpu/drm/radeon/radeon_drv.h b/drivers/gpu/drm/radeon/radeon_drv.h -index a1b59ca..86f2d44 100644 +index e7fdf16..f4f6490 100644 --- a/drivers/gpu/drm/radeon/radeon_drv.h +++ b/drivers/gpu/drm/radeon/radeon_drv.h @@ -255,7 +255,7 @@ typedef struct drm_radeon_private { @@ -31614,10 +35345,10 @@ index a1b59ca..86f2d44 100644 uint32_t irq_enable_reg; uint32_t r500_disp_irq_reg; diff --git a/drivers/gpu/drm/radeon/radeon_ioc32.c b/drivers/gpu/drm/radeon/radeon_ioc32.c -index 48b7cea..342236f 100644 +index c180df8..5fd8186 100644 --- a/drivers/gpu/drm/radeon/radeon_ioc32.c +++ b/drivers/gpu/drm/radeon/radeon_ioc32.c -@@ -359,7 +359,7 @@ static int compat_radeon_cp_setparam(struct file *file, unsigned int cmd, +@@ -358,7 +358,7 @@ static int compat_radeon_cp_setparam(struct file *file, unsigned int cmd, request = compat_alloc_user_space(sizeof(*request)); if (!access_ok(VERIFY_WRITE, request, sizeof(*request)) || __put_user(req32.param, &request->param) @@ -31626,11 +35357,42 @@ index 48b7cea..342236f 100644 &request->value)) return -EFAULT; +@@ -368,7 +368,7 @@ static int compat_radeon_cp_setparam(struct file *file, unsigned int cmd, + #define compat_radeon_cp_setparam NULL + #endif /* X86_64 || IA64 */ + +-static drm_ioctl_compat_t *radeon_compat_ioctls[] = { ++static drm_ioctl_compat_t radeon_compat_ioctls[] = { + [DRM_RADEON_CP_INIT] = compat_radeon_cp_init, + [DRM_RADEON_CLEAR] = compat_radeon_cp_clear, + [DRM_RADEON_STIPPLE] = compat_radeon_cp_stipple, +@@ -393,18 +393,15 @@ static drm_ioctl_compat_t *radeon_compat_ioctls[] = { + long radeon_compat_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) + { + unsigned int nr = DRM_IOCTL_NR(cmd); +- drm_ioctl_compat_t *fn = NULL; + int ret; + + if (nr < DRM_COMMAND_BASE) + return drm_compat_ioctl(filp, cmd, arg); + +- if (nr < DRM_COMMAND_BASE + DRM_ARRAY_SIZE(radeon_compat_ioctls)) +- fn = radeon_compat_ioctls[nr - DRM_COMMAND_BASE]; +- +- if (fn != NULL) ++ if (nr < DRM_COMMAND_BASE + DRM_ARRAY_SIZE(radeon_compat_ioctls)) { ++ drm_ioctl_compat_t fn = radeon_compat_ioctls[nr - DRM_COMMAND_BASE]; + ret = (*fn) (filp, cmd, arg); +- else ++ } else + ret = drm_ioctl(filp, cmd, arg); + + return ret; diff --git a/drivers/gpu/drm/radeon/radeon_irq.c b/drivers/gpu/drm/radeon/radeon_irq.c -index 00da384..32f972d 100644 +index e771033..a0bc6b3 100644 --- a/drivers/gpu/drm/radeon/radeon_irq.c +++ b/drivers/gpu/drm/radeon/radeon_irq.c -@@ -225,8 +225,8 @@ static int radeon_emit_irq(struct drm_device * dev) +@@ -224,8 +224,8 @@ static int radeon_emit_irq(struct drm_device * dev) unsigned int ret; RING_LOCALS; @@ -31641,7 +35403,7 @@ index 00da384..32f972d 100644 BEGIN_RING(4); OUT_RING_REG(RADEON_LAST_SWI_REG, ret); -@@ -352,7 +352,7 @@ int radeon_driver_irq_postinstall(struct drm_device *dev) +@@ -351,7 +351,7 @@ int radeon_driver_irq_postinstall(struct drm_device *dev) drm_radeon_private_t *dev_priv = (drm_radeon_private_t *) dev->dev_private; @@ -31651,10 +35413,10 @@ index 00da384..32f972d 100644 dev->max_vblank_count = 0x001fffff; diff --git a/drivers/gpu/drm/radeon/radeon_state.c b/drivers/gpu/drm/radeon/radeon_state.c -index e8422ae..d22d4a8 100644 +index 8e9057b..af6dacb 100644 --- a/drivers/gpu/drm/radeon/radeon_state.c +++ b/drivers/gpu/drm/radeon/radeon_state.c -@@ -2168,7 +2168,7 @@ static int radeon_cp_clear(struct drm_device *dev, void *data, struct drm_file * +@@ -2166,7 +2166,7 @@ static int radeon_cp_clear(struct drm_device *dev, void *data, struct drm_file * if (sarea_priv->nbox > RADEON_NR_SAREA_CLIPRECTS) sarea_priv->nbox = RADEON_NR_SAREA_CLIPRECTS; @@ -31663,7 +35425,7 @@ index e8422ae..d22d4a8 100644 sarea_priv->nbox * sizeof(depth_boxes[0]))) return -EFAULT; -@@ -3031,7 +3031,7 @@ static int radeon_cp_getparam(struct drm_device *dev, void *data, struct drm_fil +@@ -3029,7 +3029,7 @@ static int radeon_cp_getparam(struct drm_device *dev, void *data, struct drm_fil { drm_radeon_private_t *dev_priv = dev->dev_private; drm_radeon_getparam_t *param = data; @@ -31673,27 +35435,82 @@ index e8422ae..d22d4a8 100644 DRM_DEBUG("pid=%d\n", DRM_CURRENTPID); diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c -index 5b71c71..650f9e4 100644 +index 93f760e..8088227 100644 --- a/drivers/gpu/drm/radeon/radeon_ttm.c +++ b/drivers/gpu/drm/radeon/radeon_ttm.c -@@ -822,8 +822,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) +@@ -782,7 +782,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size) + man->size = size >> PAGE_SHIFT; + } + +-static struct vm_operations_struct radeon_ttm_vm_ops; ++static vm_operations_struct_no_const radeon_ttm_vm_ops __read_only; + static const struct vm_operations_struct *ttm_vm_ops = NULL; + + static int radeon_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf) +@@ -823,8 +823,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) } if (unlikely(ttm_vm_ops == NULL)) { ttm_vm_ops = vma->vm_ops; -- radeon_ttm_vm_ops = *ttm_vm_ops; -- radeon_ttm_vm_ops.fault = &radeon_ttm_fault; + pax_open_kernel(); -+ memcpy((void *)&radeon_ttm_vm_ops, ttm_vm_ops, sizeof(radeon_ttm_vm_ops)); -+ *(void **)&radeon_ttm_vm_ops.fault = &radeon_ttm_fault; + radeon_ttm_vm_ops = *ttm_vm_ops; + radeon_ttm_vm_ops.fault = &radeon_ttm_fault; + pax_close_kernel(); } vma->vm_ops = &radeon_ttm_vm_ops; return 0; +@@ -862,28 +864,33 @@ static int radeon_ttm_debugfs_init(struct radeon_device *rdev) + sprintf(radeon_mem_types_names[i], "radeon_vram_mm"); + else + sprintf(radeon_mem_types_names[i], "radeon_gtt_mm"); +- radeon_mem_types_list[i].name = radeon_mem_types_names[i]; +- radeon_mem_types_list[i].show = &radeon_mm_dump_table; +- radeon_mem_types_list[i].driver_features = 0; ++ pax_open_kernel(); ++ *(const char **)&radeon_mem_types_list[i].name = radeon_mem_types_names[i]; ++ *(void **)&radeon_mem_types_list[i].show = &radeon_mm_dump_table; ++ *(u32 *)&radeon_mem_types_list[i].driver_features = 0; + if (i == 0) +- radeon_mem_types_list[i].data = rdev->mman.bdev.man[TTM_PL_VRAM].priv; ++ *(void **)&radeon_mem_types_list[i].data = rdev->mman.bdev.man[TTM_PL_VRAM].priv; + else +- radeon_mem_types_list[i].data = rdev->mman.bdev.man[TTM_PL_TT].priv; +- ++ *(void **)&radeon_mem_types_list[i].data = rdev->mman.bdev.man[TTM_PL_TT].priv; ++ pax_close_kernel(); + } + /* Add ttm page pool to debugfs */ + sprintf(radeon_mem_types_names[i], "ttm_page_pool"); +- radeon_mem_types_list[i].name = radeon_mem_types_names[i]; +- radeon_mem_types_list[i].show = &ttm_page_alloc_debugfs; +- radeon_mem_types_list[i].driver_features = 0; +- radeon_mem_types_list[i++].data = NULL; ++ pax_open_kernel(); ++ *(const char **)&radeon_mem_types_list[i].name = radeon_mem_types_names[i]; ++ *(void **)&radeon_mem_types_list[i].show = &ttm_page_alloc_debugfs; ++ *(u32 *)&radeon_mem_types_list[i].driver_features = 0; ++ *(void **)&radeon_mem_types_list[i++].data = NULL; ++ pax_close_kernel(); + #ifdef CONFIG_SWIOTLB + if (swiotlb_nr_tbl()) { + sprintf(radeon_mem_types_names[i], "ttm_dma_page_pool"); +- radeon_mem_types_list[i].name = radeon_mem_types_names[i]; +- radeon_mem_types_list[i].show = &ttm_dma_page_alloc_debugfs; +- radeon_mem_types_list[i].driver_features = 0; +- radeon_mem_types_list[i++].data = NULL; ++ pax_open_kernel(); ++ *(const char **)&radeon_mem_types_list[i].name = radeon_mem_types_names[i]; ++ *(void **)&radeon_mem_types_list[i].show = &ttm_dma_page_alloc_debugfs; ++ *(u32 *)&radeon_mem_types_list[i].driver_features = 0; ++ *(void **)&radeon_mem_types_list[i++].data = NULL; ++ pax_close_kernel(); + } + #endif + return radeon_debugfs_add_files(rdev, radeon_mem_types_list, i); diff --git a/drivers/gpu/drm/radeon/rs690.c b/drivers/gpu/drm/radeon/rs690.c -index 3b663fc..57850f4 100644 +index 5706d2a..17aedaa 100644 --- a/drivers/gpu/drm/radeon/rs690.c +++ b/drivers/gpu/drm/radeon/rs690.c -@@ -304,9 +304,11 @@ void rs690_crtc_bandwidth_compute(struct radeon_device *rdev, +@@ -304,9 +304,11 @@ static void rs690_crtc_bandwidth_compute(struct radeon_device *rdev, if (rdev->pm.max_bandwidth.full > rdev->pm.sideport_bandwidth.full && rdev->pm.sideport_bandwidth.full) rdev->pm.max_bandwidth = rdev->pm.sideport_bandwidth; @@ -31707,7 +35524,7 @@ index 3b663fc..57850f4 100644 if (rdev->pm.max_bandwidth.full > rdev->pm.k8_bandwidth.full && rdev->pm.k8_bandwidth.full) diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c -index 578207e..1073f25 100644 +index bd2a3b4..122d9ad 100644 --- a/drivers/gpu/drm/ttm/ttm_page_alloc.c +++ b/drivers/gpu/drm/ttm/ttm_page_alloc.c @@ -394,9 +394,9 @@ static int ttm_pool_get_num_unused_pages(void) @@ -31722,8 +35539,20 @@ index 578207e..1073f25 100644 struct ttm_page_pool *pool; int shrink_pages = sc->nr_to_scan; +diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c +index 1eb060c..188b1fc 100644 +--- a/drivers/gpu/drm/udl/udl_fb.c ++++ b/drivers/gpu/drm/udl/udl_fb.c +@@ -367,7 +367,6 @@ static int udl_fb_release(struct fb_info *info, int user) + fb_deferred_io_cleanup(info); + kfree(info->fbdefio); + info->fbdefio = NULL; +- info->fbops->fb_mmap = udl_fb_mmap; + } + + pr_warn("released /dev/fb%d user=%d count=%d\n", diff --git a/drivers/gpu/drm/via/via_drv.h b/drivers/gpu/drm/via/via_drv.h -index 88edacc..1e5412b 100644 +index 893a650..6190d3b 100644 --- a/drivers/gpu/drm/via/via_drv.h +++ b/drivers/gpu/drm/via/via_drv.h @@ -51,7 +51,7 @@ typedef struct drm_via_ring_buffer { @@ -31745,10 +35574,10 @@ index 88edacc..1e5412b 100644 char pci_buf[VIA_PCI_BUF_SIZE]; const uint32_t *fire_offsets[VIA_FIRE_BUF_SIZE]; diff --git a/drivers/gpu/drm/via/via_irq.c b/drivers/gpu/drm/via/via_irq.c -index d391f48..10c8ca3 100644 +index ac98964..5dbf512 100644 --- a/drivers/gpu/drm/via/via_irq.c +++ b/drivers/gpu/drm/via/via_irq.c -@@ -102,7 +102,7 @@ u32 via_get_vblank_counter(struct drm_device *dev, int crtc) +@@ -101,7 +101,7 @@ u32 via_get_vblank_counter(struct drm_device *dev, int crtc) if (crtc != 0) return 0; @@ -31757,7 +35586,7 @@ index d391f48..10c8ca3 100644 } irqreturn_t via_driver_irq_handler(DRM_IRQ_ARGS) -@@ -117,8 +117,8 @@ irqreturn_t via_driver_irq_handler(DRM_IRQ_ARGS) +@@ -116,8 +116,8 @@ irqreturn_t via_driver_irq_handler(DRM_IRQ_ARGS) status = VIA_READ(VIA_REG_INTERRUPT); if (status & VIA_IRQ_VBLANK_PENDING) { @@ -31768,7 +35597,7 @@ index d391f48..10c8ca3 100644 do_gettimeofday(&cur_vblank); if (dev_priv->last_vblank_valid) { dev_priv->usec_per_vblank = -@@ -128,7 +128,7 @@ irqreturn_t via_driver_irq_handler(DRM_IRQ_ARGS) +@@ -127,7 +127,7 @@ irqreturn_t via_driver_irq_handler(DRM_IRQ_ARGS) dev_priv->last_vblank = cur_vblank; dev_priv->last_vblank_valid = 1; } @@ -31777,7 +35606,7 @@ index d391f48..10c8ca3 100644 DRM_DEBUG("US per vblank is: %u\n", dev_priv->usec_per_vblank); } -@@ -138,7 +138,7 @@ irqreturn_t via_driver_irq_handler(DRM_IRQ_ARGS) +@@ -137,7 +137,7 @@ irqreturn_t via_driver_irq_handler(DRM_IRQ_ARGS) for (i = 0; i < dev_priv->num_irqs; ++i) { if (status & cur_irq->pending_mask) { @@ -31786,7 +35615,7 @@ index d391f48..10c8ca3 100644 DRM_WAKEUP(&cur_irq->irq_queue); handled = 1; if (dev_priv->irq_map[drm_via_irq_dma0_td] == i) -@@ -243,11 +243,11 @@ via_driver_irq_wait(struct drm_device *dev, unsigned int irq, int force_sequence +@@ -242,11 +242,11 @@ via_driver_irq_wait(struct drm_device *dev, unsigned int irq, int force_sequence DRM_WAIT_ON(ret, cur_irq->irq_queue, 3 * DRM_HZ, ((VIA_READ(masks[irq][2]) & masks[irq][3]) == masks[irq][4])); @@ -31800,7 +35629,7 @@ index d391f48..10c8ca3 100644 *sequence) <= (1 << 23))); } *sequence = cur_irq_sequence; -@@ -285,7 +285,7 @@ void via_driver_irq_preinstall(struct drm_device *dev) +@@ -284,7 +284,7 @@ void via_driver_irq_preinstall(struct drm_device *dev) } for (i = 0; i < dev_priv->num_irqs; ++i) { @@ -31809,7 +35638,7 @@ index d391f48..10c8ca3 100644 cur_irq->enable_mask = dev_priv->irq_masks[i][0]; cur_irq->pending_mask = dev_priv->irq_masks[i][1]; DRM_INIT_WAITQUEUE(&cur_irq->irq_queue); -@@ -367,7 +367,7 @@ int via_wait_irq(struct drm_device *dev, void *data, struct drm_file *file_priv) +@@ -366,7 +366,7 @@ int via_wait_irq(struct drm_device *dev, void *data, struct drm_file *file_priv) switch (irqwait->request.type & ~VIA_IRQ_FLAGS_MASK) { case VIA_IRQ_RELATIVE: irqwait->request.sequence += @@ -31819,10 +35648,10 @@ index d391f48..10c8ca3 100644 case VIA_IRQ_ABSOLUTE: break; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h -index 29c984f..4084f1a 100644 +index 13aeda7..4a952d1 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h -@@ -263,7 +263,7 @@ struct vmw_private { +@@ -290,7 +290,7 @@ struct vmw_private { * Fencing and IRQs. */ @@ -31832,7 +35661,7 @@ index 29c984f..4084f1a 100644 wait_queue_head_t fifo_queue; int fence_queue_waiters; /* Protected by hw_mutex */ diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c b/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c -index a0c2f12..68ae6cb 100644 +index 3eb1486..0a47ee9 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_fifo.c @@ -137,7 +137,7 @@ int vmw_fifo_init(struct vmw_private *dev_priv, struct vmw_fifo_state *fifo) @@ -31872,7 +35701,7 @@ index a0c2f12..68ae6cb 100644 if (!(fifo_state->capabilities & SVGA_FIFO_CAP_FENCE)) { diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c b/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c -index cabc95f..14b3d77 100644 +index 4640adb..e1384ed 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c @@ -107,7 +107,7 @@ bool vmw_seqno_passed(struct vmw_private *dev_priv, @@ -31907,10 +35736,10 @@ index 8a8725c..afed796 100644 marker = list_first_entry(&queue->head, struct vmw_marker, head); diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index 545eab4..b7d5269 100644 +index ceb3040..6160c5c 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -2179,7 +2179,7 @@ static bool hid_ignore(struct hid_device *hdev) +@@ -2242,7 +2242,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); int hid_add_device(struct hid_device *hdev) { @@ -31919,7 +35748,7 @@ index 545eab4..b7d5269 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2214,7 +2214,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2276,7 +2276,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -31941,24 +35770,11 @@ index eec3291..8ed706b 100644 return -EFAULT; *off += size; -diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c -index 14599e2..711c965 100644 ---- a/drivers/hid/usbhid/hiddev.c -+++ b/drivers/hid/usbhid/hiddev.c -@@ -625,7 +625,7 @@ static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) - break; - - case HIDIOCAPPLICATION: -- if (arg < 0 || arg >= hid->maxapplication) -+ if (arg >= hid->maxapplication) - break; - - for (i = 0; i < hid->maxcollection; i++) diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c -index f4c3d28..82f45a9 100644 +index 773a2f2..7ce08bc 100644 --- a/drivers/hv/channel.c +++ b/drivers/hv/channel.c -@@ -402,8 +402,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer, +@@ -394,8 +394,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer, int ret = 0; int t; @@ -31970,10 +35786,10 @@ index f4c3d28..82f45a9 100644 ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount); if (ret) diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c -index 86f8885..ab9cb2b 100644 +index 3648f8f..30ef30d 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c -@@ -132,7 +132,7 @@ static u64 do_hypercall(u64 control, void *input, void *output) +@@ -111,7 +111,7 @@ static u64 do_hypercall(u64 control, void *input, void *output) u64 output_address = (output) ? virt_to_phys(output) : 0; u32 output_address_hi = output_address >> 32; u32 output_address_lo = output_address & 0xFFFFFFFF; @@ -31983,10 +35799,10 @@ index 86f8885..ab9cb2b 100644 __asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi), "=a"(hv_status_lo) : "d" (control_hi), diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h -index 0614ff3..f0b2b5c 100644 +index d8d1fad..b91caf7 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h -@@ -555,7 +555,7 @@ enum vmbus_connect_state { +@@ -594,7 +594,7 @@ enum vmbus_connect_state { struct vmbus_connection { enum vmbus_connect_state conn_state; @@ -31996,10 +35812,10 @@ index 0614ff3..f0b2b5c 100644 /* * Represents channel interrupts. Each bit position represents a diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c -index 4748086..3abf845 100644 +index 8e1a9ec..4687821 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c -@@ -662,10 +662,10 @@ int vmbus_device_register(struct hv_device *child_device_obj) +@@ -629,10 +629,10 @@ int vmbus_device_register(struct hv_device *child_device_obj) { int ret = 0; @@ -32012,11 +35828,113 @@ index 4748086..3abf845 100644 child_device_obj->device.bus = &hv_bus; child_device_obj->device.parent = &hv_acpi_dev->dev; +diff --git a/drivers/hwmon/acpi_power_meter.c b/drivers/hwmon/acpi_power_meter.c +index 1672e2a..4a6297c 100644 +--- a/drivers/hwmon/acpi_power_meter.c ++++ b/drivers/hwmon/acpi_power_meter.c +@@ -117,7 +117,7 @@ struct sensor_template { + struct device_attribute *devattr, + const char *buf, size_t count); + int index; +-}; ++} __do_const; + + /* Averaging interval */ + static int update_avg_interval(struct acpi_power_meter_resource *resource) +@@ -629,7 +629,7 @@ static int register_attrs(struct acpi_power_meter_resource *resource, + struct sensor_template *attrs) + { + struct device *dev = &resource->acpi_dev->dev; +- struct sensor_device_attribute *sensors = ++ sensor_device_attribute_no_const *sensors = + &resource->sensors[resource->num_sensors]; + int res = 0; + +diff --git a/drivers/hwmon/applesmc.c b/drivers/hwmon/applesmc.c +index b41baff..4953e4d 100644 +--- a/drivers/hwmon/applesmc.c ++++ b/drivers/hwmon/applesmc.c +@@ -1084,7 +1084,7 @@ static int applesmc_create_nodes(struct applesmc_node_group *groups, int num) + { + struct applesmc_node_group *grp; + struct applesmc_dev_attr *node; +- struct attribute *attr; ++ attribute_no_const *attr; + int ret, i; + + for (grp = groups; grp->format; grp++) { +diff --git a/drivers/hwmon/asus_atk0110.c b/drivers/hwmon/asus_atk0110.c +index 56dbcfb..9874bf1 100644 +--- a/drivers/hwmon/asus_atk0110.c ++++ b/drivers/hwmon/asus_atk0110.c +@@ -152,10 +152,10 @@ MODULE_DEVICE_TABLE(acpi, atk_ids); + struct atk_sensor_data { + struct list_head list; + struct atk_data *data; +- struct device_attribute label_attr; +- struct device_attribute input_attr; +- struct device_attribute limit1_attr; +- struct device_attribute limit2_attr; ++ device_attribute_no_const label_attr; ++ device_attribute_no_const input_attr; ++ device_attribute_no_const limit1_attr; ++ device_attribute_no_const limit2_attr; + char label_attr_name[ATTR_NAME_SIZE]; + char input_attr_name[ATTR_NAME_SIZE]; + char limit1_attr_name[ATTR_NAME_SIZE]; +@@ -275,7 +275,7 @@ static ssize_t atk_name_show(struct device *dev, + static struct device_attribute atk_name_attr = + __ATTR(name, 0444, atk_name_show, NULL); + +-static void atk_init_attribute(struct device_attribute *attr, char *name, ++static void atk_init_attribute(device_attribute_no_const *attr, char *name, + sysfs_show_func show) + { + sysfs_attr_init(&attr->attr); +diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c +index d64923d..72591e8 100644 +--- a/drivers/hwmon/coretemp.c ++++ b/drivers/hwmon/coretemp.c +@@ -790,7 +790,7 @@ static int __cpuinit coretemp_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block coretemp_cpu_notifier __refdata = { ++static struct notifier_block coretemp_cpu_notifier = { + .notifier_call = coretemp_cpu_callback, + }; + +diff --git a/drivers/hwmon/ibmaem.c b/drivers/hwmon/ibmaem.c +index a14f634..2916ee2 100644 +--- a/drivers/hwmon/ibmaem.c ++++ b/drivers/hwmon/ibmaem.c +@@ -925,7 +925,7 @@ static int aem_register_sensors(struct aem_data *data, + struct aem_rw_sensor_template *rw) + { + struct device *dev = &data->pdev->dev; +- struct sensor_device_attribute *sensors = data->sensors; ++ sensor_device_attribute_no_const *sensors = data->sensors; + int err; + + /* Set up read-only sensors */ +diff --git a/drivers/hwmon/pmbus/pmbus_core.c b/drivers/hwmon/pmbus/pmbus_core.c +index 7d19b1b..8fdaaac 100644 +--- a/drivers/hwmon/pmbus/pmbus_core.c ++++ b/drivers/hwmon/pmbus/pmbus_core.c +@@ -811,7 +811,7 @@ static ssize_t pmbus_show_label(struct device *dev, + + #define PMBUS_ADD_ATTR(data, _name, _idx, _mode, _type, _show, _set) \ + do { \ +- struct sensor_device_attribute *a \ ++ sensor_device_attribute_no_const *a \ + = &data->_type##s[data->num_##_type##s].attribute; \ + BUG_ON(data->num_attributes >= data->max_attributes); \ + sysfs_attr_init(&a->dev_attr.attr); \ diff --git a/drivers/hwmon/sht15.c b/drivers/hwmon/sht15.c -index 8b011d0..3de24a1 100644 +index 1c85d39..55ed3cf 100644 --- a/drivers/hwmon/sht15.c +++ b/drivers/hwmon/sht15.c -@@ -166,7 +166,7 @@ struct sht15_data { +@@ -169,7 +169,7 @@ struct sht15_data { int supply_uV; bool supply_uV_valid; struct work_struct update_supply_work; @@ -32025,7 +35943,7 @@ index 8b011d0..3de24a1 100644 }; /** -@@ -509,13 +509,13 @@ static int sht15_measurement(struct sht15_data *data, +@@ -512,13 +512,13 @@ static int sht15_measurement(struct sht15_data *data, return ret; gpio_direction_input(data->pdata->gpio_data); @@ -32041,7 +35959,7 @@ index 8b011d0..3de24a1 100644 schedule_work(&data->read_work); } ret = wait_event_timeout(data->wait_queue, -@@ -782,7 +782,7 @@ static irqreturn_t sht15_interrupt_fired(int irq, void *d) +@@ -785,7 +785,7 @@ static irqreturn_t sht15_interrupt_fired(int irq, void *d) /* First disable the interrupt */ disable_irq_nosync(irq); @@ -32050,7 +35968,7 @@ index 8b011d0..3de24a1 100644 /* Then schedule a reading work struct */ if (data->state != SHT15_READING_NOTHING) schedule_work(&data->read_work); -@@ -804,11 +804,11 @@ static void sht15_bh_read_data(struct work_struct *work_s) +@@ -807,11 +807,11 @@ static void sht15_bh_read_data(struct work_struct *work_s) * If not, then start the interrupt again - care here as could * have gone low in meantime so verify it hasn't! */ @@ -32064,6 +35982,19 @@ index 8b011d0..3de24a1 100644 return; } +diff --git a/drivers/hwmon/via-cputemp.c b/drivers/hwmon/via-cputemp.c +index 76f157b..9c0db1b 100644 +--- a/drivers/hwmon/via-cputemp.c ++++ b/drivers/hwmon/via-cputemp.c +@@ -296,7 +296,7 @@ static int __cpuinit via_cputemp_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block via_cputemp_cpu_notifier __refdata = { ++static struct notifier_block via_cputemp_cpu_notifier = { + .notifier_call = via_cputemp_cpu_callback, + }; + diff --git a/drivers/i2c/busses/i2c-amd756-s4882.c b/drivers/i2c/busses/i2c-amd756-s4882.c index 378fcb5..5e91fa8 100644 --- a/drivers/i2c/busses/i2c-amd756-s4882.c @@ -32090,248 +36021,6 @@ index 29015eb..af2d8e9 100644 /* Wrapper access functions for multiplexed SMBus */ static DEFINE_MUTEX(nforce2_lock); -diff --git a/drivers/i2c/i2c-mux.c b/drivers/i2c/i2c-mux.c -index 1038c38..eb92f51 100644 ---- a/drivers/i2c/i2c-mux.c -+++ b/drivers/i2c/i2c-mux.c -@@ -30,7 +30,7 @@ - /* multiplexer per channel data */ - struct i2c_mux_priv { - struct i2c_adapter adap; -- struct i2c_algorithm algo; -+ i2c_algorithm_no_const algo; - - struct i2c_adapter *parent; - void *mux_priv; /* the mux chip/device */ -diff --git a/drivers/ide/aec62xx.c b/drivers/ide/aec62xx.c -index 57d00ca..0145194 100644 ---- a/drivers/ide/aec62xx.c -+++ b/drivers/ide/aec62xx.c -@@ -181,7 +181,7 @@ static const struct ide_port_ops atp86x_port_ops = { - .cable_detect = atp86x_cable_detect, - }; - --static const struct ide_port_info aec62xx_chipsets[] __devinitdata = { -+static const struct ide_port_info aec62xx_chipsets[] __devinitconst = { - { /* 0: AEC6210 */ - .name = DRV_NAME, - .init_chipset = init_chipset_aec62xx, -diff --git a/drivers/ide/alim15x3.c b/drivers/ide/alim15x3.c -index 2c8016a..911a27c 100644 ---- a/drivers/ide/alim15x3.c -+++ b/drivers/ide/alim15x3.c -@@ -512,7 +512,7 @@ static const struct ide_dma_ops ali_dma_ops = { - .dma_sff_read_status = ide_dma_sff_read_status, - }; - --static const struct ide_port_info ali15x3_chipset __devinitdata = { -+static const struct ide_port_info ali15x3_chipset __devinitconst = { - .name = DRV_NAME, - .init_chipset = init_chipset_ali15x3, - .init_hwif = init_hwif_ali15x3, -diff --git a/drivers/ide/amd74xx.c b/drivers/ide/amd74xx.c -index 3747b25..56fc995 100644 ---- a/drivers/ide/amd74xx.c -+++ b/drivers/ide/amd74xx.c -@@ -223,7 +223,7 @@ static const struct ide_port_ops amd_port_ops = { - .udma_mask = udma, \ - } - --static const struct ide_port_info amd74xx_chipsets[] __devinitdata = { -+static const struct ide_port_info amd74xx_chipsets[] __devinitconst = { - /* 0: AMD7401 */ DECLARE_AMD_DEV(0x00, ATA_UDMA2), - /* 1: AMD7409 */ DECLARE_AMD_DEV(ATA_SWDMA2, ATA_UDMA4), - /* 2: AMD7411/7441 */ DECLARE_AMD_DEV(ATA_SWDMA2, ATA_UDMA5), -diff --git a/drivers/ide/atiixp.c b/drivers/ide/atiixp.c -index 15f0ead..cb43480 100644 ---- a/drivers/ide/atiixp.c -+++ b/drivers/ide/atiixp.c -@@ -139,7 +139,7 @@ static const struct ide_port_ops atiixp_port_ops = { - .cable_detect = atiixp_cable_detect, - }; - --static const struct ide_port_info atiixp_pci_info[] __devinitdata = { -+static const struct ide_port_info atiixp_pci_info[] __devinitconst = { - { /* 0: IXP200/300/400/700 */ - .name = DRV_NAME, - .enablebits = {{0x48,0x01,0x00}, {0x48,0x08,0x00}}, -diff --git a/drivers/ide/cmd64x.c b/drivers/ide/cmd64x.c -index 5f80312..d1fc438 100644 ---- a/drivers/ide/cmd64x.c -+++ b/drivers/ide/cmd64x.c -@@ -327,7 +327,7 @@ static const struct ide_dma_ops cmd646_rev1_dma_ops = { - .dma_sff_read_status = ide_dma_sff_read_status, - }; - --static const struct ide_port_info cmd64x_chipsets[] __devinitdata = { -+static const struct ide_port_info cmd64x_chipsets[] __devinitconst = { - { /* 0: CMD643 */ - .name = DRV_NAME, - .init_chipset = init_chipset_cmd64x, -diff --git a/drivers/ide/cs5520.c b/drivers/ide/cs5520.c -index 2c1e5f7..1444762 100644 ---- a/drivers/ide/cs5520.c -+++ b/drivers/ide/cs5520.c -@@ -94,7 +94,7 @@ static const struct ide_port_ops cs5520_port_ops = { - .set_dma_mode = cs5520_set_dma_mode, - }; - --static const struct ide_port_info cyrix_chipset __devinitdata = { -+static const struct ide_port_info cyrix_chipset __devinitconst = { - .name = DRV_NAME, - .enablebits = { { 0x60, 0x01, 0x01 }, { 0x60, 0x02, 0x02 } }, - .port_ops = &cs5520_port_ops, -diff --git a/drivers/ide/cs5530.c b/drivers/ide/cs5530.c -index 4dc4eb9..49b40ad 100644 ---- a/drivers/ide/cs5530.c -+++ b/drivers/ide/cs5530.c -@@ -245,7 +245,7 @@ static const struct ide_port_ops cs5530_port_ops = { - .udma_filter = cs5530_udma_filter, - }; - --static const struct ide_port_info cs5530_chipset __devinitdata = { -+static const struct ide_port_info cs5530_chipset __devinitconst = { - .name = DRV_NAME, - .init_chipset = init_chipset_cs5530, - .init_hwif = init_hwif_cs5530, -diff --git a/drivers/ide/cs5535.c b/drivers/ide/cs5535.c -index 5059faf..18d4c85 100644 ---- a/drivers/ide/cs5535.c -+++ b/drivers/ide/cs5535.c -@@ -170,7 +170,7 @@ static const struct ide_port_ops cs5535_port_ops = { - .cable_detect = cs5535_cable_detect, - }; - --static const struct ide_port_info cs5535_chipset __devinitdata = { -+static const struct ide_port_info cs5535_chipset __devinitconst = { - .name = DRV_NAME, - .port_ops = &cs5535_port_ops, - .host_flags = IDE_HFLAG_SINGLE | IDE_HFLAG_POST_SET_MODE, -diff --git a/drivers/ide/cy82c693.c b/drivers/ide/cy82c693.c -index 847553f..3ffb49d 100644 ---- a/drivers/ide/cy82c693.c -+++ b/drivers/ide/cy82c693.c -@@ -163,7 +163,7 @@ static const struct ide_port_ops cy82c693_port_ops = { - .set_dma_mode = cy82c693_set_dma_mode, - }; - --static const struct ide_port_info cy82c693_chipset __devinitdata = { -+static const struct ide_port_info cy82c693_chipset __devinitconst = { - .name = DRV_NAME, - .init_iops = init_iops_cy82c693, - .port_ops = &cy82c693_port_ops, -diff --git a/drivers/ide/hpt366.c b/drivers/ide/hpt366.c -index 58c51cd..4aec3b8 100644 ---- a/drivers/ide/hpt366.c -+++ b/drivers/ide/hpt366.c -@@ -443,7 +443,7 @@ static struct hpt_timings hpt37x_timings = { - } - }; - --static const struct hpt_info hpt36x __devinitdata = { -+static const struct hpt_info hpt36x __devinitconst = { - .chip_name = "HPT36x", - .chip_type = HPT36x, - .udma_mask = HPT366_ALLOW_ATA66_3 ? (HPT366_ALLOW_ATA66_4 ? ATA_UDMA4 : ATA_UDMA3) : ATA_UDMA2, -@@ -451,7 +451,7 @@ static const struct hpt_info hpt36x __devinitdata = { - .timings = &hpt36x_timings - }; - --static const struct hpt_info hpt370 __devinitdata = { -+static const struct hpt_info hpt370 __devinitconst = { - .chip_name = "HPT370", - .chip_type = HPT370, - .udma_mask = HPT370_ALLOW_ATA100_5 ? ATA_UDMA5 : ATA_UDMA4, -@@ -459,7 +459,7 @@ static const struct hpt_info hpt370 __devinitdata = { - .timings = &hpt37x_timings - }; - --static const struct hpt_info hpt370a __devinitdata = { -+static const struct hpt_info hpt370a __devinitconst = { - .chip_name = "HPT370A", - .chip_type = HPT370A, - .udma_mask = HPT370_ALLOW_ATA100_5 ? ATA_UDMA5 : ATA_UDMA4, -@@ -467,7 +467,7 @@ static const struct hpt_info hpt370a __devinitdata = { - .timings = &hpt37x_timings - }; - --static const struct hpt_info hpt374 __devinitdata = { -+static const struct hpt_info hpt374 __devinitconst = { - .chip_name = "HPT374", - .chip_type = HPT374, - .udma_mask = ATA_UDMA5, -@@ -475,7 +475,7 @@ static const struct hpt_info hpt374 __devinitdata = { - .timings = &hpt37x_timings - }; - --static const struct hpt_info hpt372 __devinitdata = { -+static const struct hpt_info hpt372 __devinitconst = { - .chip_name = "HPT372", - .chip_type = HPT372, - .udma_mask = HPT372_ALLOW_ATA133_6 ? ATA_UDMA6 : ATA_UDMA5, -@@ -483,7 +483,7 @@ static const struct hpt_info hpt372 __devinitdata = { - .timings = &hpt37x_timings - }; - --static const struct hpt_info hpt372a __devinitdata = { -+static const struct hpt_info hpt372a __devinitconst = { - .chip_name = "HPT372A", - .chip_type = HPT372A, - .udma_mask = HPT372_ALLOW_ATA133_6 ? ATA_UDMA6 : ATA_UDMA5, -@@ -491,7 +491,7 @@ static const struct hpt_info hpt372a __devinitdata = { - .timings = &hpt37x_timings - }; - --static const struct hpt_info hpt302 __devinitdata = { -+static const struct hpt_info hpt302 __devinitconst = { - .chip_name = "HPT302", - .chip_type = HPT302, - .udma_mask = HPT302_ALLOW_ATA133_6 ? ATA_UDMA6 : ATA_UDMA5, -@@ -499,7 +499,7 @@ static const struct hpt_info hpt302 __devinitdata = { - .timings = &hpt37x_timings - }; - --static const struct hpt_info hpt371 __devinitdata = { -+static const struct hpt_info hpt371 __devinitconst = { - .chip_name = "HPT371", - .chip_type = HPT371, - .udma_mask = HPT371_ALLOW_ATA133_6 ? ATA_UDMA6 : ATA_UDMA5, -@@ -507,7 +507,7 @@ static const struct hpt_info hpt371 __devinitdata = { - .timings = &hpt37x_timings - }; - --static const struct hpt_info hpt372n __devinitdata = { -+static const struct hpt_info hpt372n __devinitconst = { - .chip_name = "HPT372N", - .chip_type = HPT372N, - .udma_mask = HPT372_ALLOW_ATA133_6 ? ATA_UDMA6 : ATA_UDMA5, -@@ -515,7 +515,7 @@ static const struct hpt_info hpt372n __devinitdata = { - .timings = &hpt37x_timings - }; - --static const struct hpt_info hpt302n __devinitdata = { -+static const struct hpt_info hpt302n __devinitconst = { - .chip_name = "HPT302N", - .chip_type = HPT302N, - .udma_mask = HPT302_ALLOW_ATA133_6 ? ATA_UDMA6 : ATA_UDMA5, -@@ -523,7 +523,7 @@ static const struct hpt_info hpt302n __devinitdata = { - .timings = &hpt37x_timings - }; - --static const struct hpt_info hpt371n __devinitdata = { -+static const struct hpt_info hpt371n __devinitconst = { - .chip_name = "HPT371N", - .chip_type = HPT371N, - .udma_mask = HPT371_ALLOW_ATA133_6 ? ATA_UDMA6 : ATA_UDMA5, -@@ -1361,7 +1361,7 @@ static const struct ide_dma_ops hpt36x_dma_ops = { - .dma_sff_read_status = ide_dma_sff_read_status, - }; - --static const struct ide_port_info hpt366_chipsets[] __devinitdata = { -+static const struct ide_port_info hpt366_chipsets[] __devinitconst = { - { /* 0: HPT36x */ - .name = DRV_NAME, - .init_chipset = init_chipset_hpt366, diff --git a/drivers/ide/ide-cd.c b/drivers/ide/ide-cd.c index 8126824..55a2798 100644 --- a/drivers/ide/ide-cd.c @@ -32345,307 +36034,21 @@ index 8126824..55a2798 100644 drive->dma = 0; } } -diff --git a/drivers/ide/ide-pci-generic.c b/drivers/ide/ide-pci-generic.c -index 7f56b73..dab5b67 100644 ---- a/drivers/ide/ide-pci-generic.c -+++ b/drivers/ide/ide-pci-generic.c -@@ -53,7 +53,7 @@ static const struct ide_port_ops netcell_port_ops = { - .udma_mask = ATA_UDMA6, \ - } - --static const struct ide_port_info generic_chipsets[] __devinitdata = { -+static const struct ide_port_info generic_chipsets[] __devinitconst = { - /* 0: Unknown */ - DECLARE_GENERIC_PCI_DEV(0), - -diff --git a/drivers/ide/it8172.c b/drivers/ide/it8172.c -index 560e66d..d5dd180 100644 ---- a/drivers/ide/it8172.c -+++ b/drivers/ide/it8172.c -@@ -115,7 +115,7 @@ static const struct ide_port_ops it8172_port_ops = { - .set_dma_mode = it8172_set_dma_mode, - }; - --static const struct ide_port_info it8172_port_info __devinitdata = { -+static const struct ide_port_info it8172_port_info __devinitconst = { - .name = DRV_NAME, - .port_ops = &it8172_port_ops, - .enablebits = { {0x41, 0x80, 0x80}, {0x00, 0x00, 0x00} }, -diff --git a/drivers/ide/it8213.c b/drivers/ide/it8213.c -index 46816ba..1847aeb 100644 ---- a/drivers/ide/it8213.c -+++ b/drivers/ide/it8213.c -@@ -156,7 +156,7 @@ static const struct ide_port_ops it8213_port_ops = { - .cable_detect = it8213_cable_detect, - }; - --static const struct ide_port_info it8213_chipset __devinitdata = { -+static const struct ide_port_info it8213_chipset __devinitconst = { - .name = DRV_NAME, - .enablebits = { {0x41, 0x80, 0x80} }, - .port_ops = &it8213_port_ops, -diff --git a/drivers/ide/it821x.c b/drivers/ide/it821x.c -index 2e3169f..c5611db 100644 ---- a/drivers/ide/it821x.c -+++ b/drivers/ide/it821x.c -@@ -630,7 +630,7 @@ static const struct ide_port_ops it821x_port_ops = { - .cable_detect = it821x_cable_detect, - }; - --static const struct ide_port_info it821x_chipset __devinitdata = { -+static const struct ide_port_info it821x_chipset __devinitconst = { - .name = DRV_NAME, - .init_chipset = init_chipset_it821x, - .init_hwif = init_hwif_it821x, -diff --git a/drivers/ide/jmicron.c b/drivers/ide/jmicron.c -index 74c2c4a..efddd7d 100644 ---- a/drivers/ide/jmicron.c -+++ b/drivers/ide/jmicron.c -@@ -102,7 +102,7 @@ static const struct ide_port_ops jmicron_port_ops = { - .cable_detect = jmicron_cable_detect, - }; - --static const struct ide_port_info jmicron_chipset __devinitdata = { -+static const struct ide_port_info jmicron_chipset __devinitconst = { - .name = DRV_NAME, - .enablebits = { { 0x40, 0x01, 0x01 }, { 0x40, 0x10, 0x10 } }, - .port_ops = &jmicron_port_ops, -diff --git a/drivers/ide/ns87415.c b/drivers/ide/ns87415.c -index 95327a2..73f78d8 100644 ---- a/drivers/ide/ns87415.c -+++ b/drivers/ide/ns87415.c -@@ -293,7 +293,7 @@ static const struct ide_dma_ops ns87415_dma_ops = { - .dma_sff_read_status = superio_dma_sff_read_status, - }; - --static const struct ide_port_info ns87415_chipset __devinitdata = { -+static const struct ide_port_info ns87415_chipset __devinitconst = { - .name = DRV_NAME, - .init_hwif = init_hwif_ns87415, - .tp_ops = &ns87415_tp_ops, -diff --git a/drivers/ide/opti621.c b/drivers/ide/opti621.c -index 1a53a4c..39edc66 100644 ---- a/drivers/ide/opti621.c -+++ b/drivers/ide/opti621.c -@@ -131,7 +131,7 @@ static const struct ide_port_ops opti621_port_ops = { - .set_pio_mode = opti621_set_pio_mode, - }; - --static const struct ide_port_info opti621_chipset __devinitdata = { -+static const struct ide_port_info opti621_chipset __devinitconst = { - .name = DRV_NAME, - .enablebits = { {0x45, 0x80, 0x00}, {0x40, 0x08, 0x00} }, - .port_ops = &opti621_port_ops, -diff --git a/drivers/ide/pdc202xx_new.c b/drivers/ide/pdc202xx_new.c -index 9546fe2..2e5ceb6 100644 ---- a/drivers/ide/pdc202xx_new.c -+++ b/drivers/ide/pdc202xx_new.c -@@ -465,7 +465,7 @@ static const struct ide_port_ops pdcnew_port_ops = { - .udma_mask = udma, \ - } - --static const struct ide_port_info pdcnew_chipsets[] __devinitdata = { -+static const struct ide_port_info pdcnew_chipsets[] __devinitconst = { - /* 0: PDC202{68,70} */ DECLARE_PDCNEW_DEV(ATA_UDMA5), - /* 1: PDC202{69,71,75,76,77} */ DECLARE_PDCNEW_DEV(ATA_UDMA6), - }; -diff --git a/drivers/ide/pdc202xx_old.c b/drivers/ide/pdc202xx_old.c -index 3a35ec6..5634510 100644 ---- a/drivers/ide/pdc202xx_old.c -+++ b/drivers/ide/pdc202xx_old.c -@@ -270,7 +270,7 @@ static const struct ide_dma_ops pdc2026x_dma_ops = { - .max_sectors = sectors, \ - } - --static const struct ide_port_info pdc202xx_chipsets[] __devinitdata = { -+static const struct ide_port_info pdc202xx_chipsets[] __devinitconst = { - { /* 0: PDC20246 */ - .name = DRV_NAME, - .init_chipset = init_chipset_pdc202xx, -diff --git a/drivers/ide/piix.c b/drivers/ide/piix.c -index 1892e81..fe0fd60 100644 ---- a/drivers/ide/piix.c -+++ b/drivers/ide/piix.c -@@ -344,7 +344,7 @@ static const struct ide_port_ops ich_port_ops = { - .udma_mask = udma, \ - } - --static const struct ide_port_info piix_pci_info[] __devinitdata = { -+static const struct ide_port_info piix_pci_info[] __devinitconst = { - /* 0: MPIIX */ - { /* - * MPIIX actually has only a single IDE channel mapped to -diff --git a/drivers/ide/rz1000.c b/drivers/ide/rz1000.c -index a6414a8..c04173e 100644 ---- a/drivers/ide/rz1000.c -+++ b/drivers/ide/rz1000.c -@@ -38,7 +38,7 @@ static int __devinit rz1000_disable_readahead(struct pci_dev *dev) - } - } - --static const struct ide_port_info rz1000_chipset __devinitdata = { -+static const struct ide_port_info rz1000_chipset __devinitconst = { - .name = DRV_NAME, - .host_flags = IDE_HFLAG_NO_DMA, - }; -diff --git a/drivers/ide/sc1200.c b/drivers/ide/sc1200.c -index 356b9b5..d4758eb 100644 ---- a/drivers/ide/sc1200.c -+++ b/drivers/ide/sc1200.c -@@ -291,7 +291,7 @@ static const struct ide_dma_ops sc1200_dma_ops = { - .dma_sff_read_status = ide_dma_sff_read_status, - }; - --static const struct ide_port_info sc1200_chipset __devinitdata = { -+static const struct ide_port_info sc1200_chipset __devinitconst = { - .name = DRV_NAME, - .port_ops = &sc1200_port_ops, - .dma_ops = &sc1200_dma_ops, -diff --git a/drivers/ide/scc_pata.c b/drivers/ide/scc_pata.c -index b7f5b0c..9701038 100644 ---- a/drivers/ide/scc_pata.c -+++ b/drivers/ide/scc_pata.c -@@ -811,7 +811,7 @@ static const struct ide_dma_ops scc_dma_ops = { - .dma_sff_read_status = scc_dma_sff_read_status, - }; - --static const struct ide_port_info scc_chipset __devinitdata = { -+static const struct ide_port_info scc_chipset __devinitconst = { - .name = "sccIDE", - .init_iops = init_iops_scc, - .init_dma = scc_init_dma, -diff --git a/drivers/ide/serverworks.c b/drivers/ide/serverworks.c -index 35fb8da..24d72ef 100644 ---- a/drivers/ide/serverworks.c -+++ b/drivers/ide/serverworks.c -@@ -337,7 +337,7 @@ static const struct ide_port_ops svwks_port_ops = { - .cable_detect = svwks_cable_detect, - }; - --static const struct ide_port_info serverworks_chipsets[] __devinitdata = { -+static const struct ide_port_info serverworks_chipsets[] __devinitconst = { - { /* 0: OSB4 */ - .name = DRV_NAME, - .init_chipset = init_chipset_svwks, -diff --git a/drivers/ide/siimage.c b/drivers/ide/siimage.c -index ddeda44..46f7e30 100644 ---- a/drivers/ide/siimage.c -+++ b/drivers/ide/siimage.c -@@ -719,7 +719,7 @@ static const struct ide_dma_ops sil_dma_ops = { - .udma_mask = ATA_UDMA6, \ - } - --static const struct ide_port_info siimage_chipsets[] __devinitdata = { -+static const struct ide_port_info siimage_chipsets[] __devinitconst = { - /* 0: SiI680 */ DECLARE_SII_DEV(&sil_pata_port_ops), - /* 1: SiI3112 */ DECLARE_SII_DEV(&sil_sata_port_ops) - }; -diff --git a/drivers/ide/sis5513.c b/drivers/ide/sis5513.c -index 4a00225..09e61b4 100644 ---- a/drivers/ide/sis5513.c -+++ b/drivers/ide/sis5513.c -@@ -563,7 +563,7 @@ static const struct ide_port_ops sis_ata133_port_ops = { - .cable_detect = sis_cable_detect, - }; - --static const struct ide_port_info sis5513_chipset __devinitdata = { -+static const struct ide_port_info sis5513_chipset __devinitconst = { - .name = DRV_NAME, - .init_chipset = init_chipset_sis5513, - .enablebits = { {0x4a, 0x02, 0x02}, {0x4a, 0x04, 0x04} }, -diff --git a/drivers/ide/sl82c105.c b/drivers/ide/sl82c105.c -index f21dc2a..d051cd2 100644 ---- a/drivers/ide/sl82c105.c -+++ b/drivers/ide/sl82c105.c -@@ -299,7 +299,7 @@ static const struct ide_dma_ops sl82c105_dma_ops = { - .dma_sff_read_status = ide_dma_sff_read_status, - }; - --static const struct ide_port_info sl82c105_chipset __devinitdata = { -+static const struct ide_port_info sl82c105_chipset __devinitconst = { - .name = DRV_NAME, - .init_chipset = init_chipset_sl82c105, - .enablebits = {{0x40,0x01,0x01}, {0x40,0x10,0x10}}, -diff --git a/drivers/ide/slc90e66.c b/drivers/ide/slc90e66.c -index 864ffe0..863a5e9 100644 ---- a/drivers/ide/slc90e66.c -+++ b/drivers/ide/slc90e66.c -@@ -132,7 +132,7 @@ static const struct ide_port_ops slc90e66_port_ops = { - .cable_detect = slc90e66_cable_detect, - }; - --static const struct ide_port_info slc90e66_chipset __devinitdata = { -+static const struct ide_port_info slc90e66_chipset __devinitconst = { - .name = DRV_NAME, - .enablebits = { {0x41, 0x80, 0x80}, {0x43, 0x80, 0x80} }, - .port_ops = &slc90e66_port_ops, -diff --git a/drivers/ide/tc86c001.c b/drivers/ide/tc86c001.c -index 4799d5c..1794678 100644 ---- a/drivers/ide/tc86c001.c -+++ b/drivers/ide/tc86c001.c -@@ -192,7 +192,7 @@ static const struct ide_dma_ops tc86c001_dma_ops = { - .dma_sff_read_status = ide_dma_sff_read_status, - }; - --static const struct ide_port_info tc86c001_chipset __devinitdata = { -+static const struct ide_port_info tc86c001_chipset __devinitconst = { - .name = DRV_NAME, - .init_hwif = init_hwif_tc86c001, - .port_ops = &tc86c001_port_ops, -diff --git a/drivers/ide/triflex.c b/drivers/ide/triflex.c -index 281c914..55ce1b8 100644 ---- a/drivers/ide/triflex.c -+++ b/drivers/ide/triflex.c -@@ -92,7 +92,7 @@ static const struct ide_port_ops triflex_port_ops = { - .set_dma_mode = triflex_set_mode, - }; - --static const struct ide_port_info triflex_device __devinitdata = { -+static const struct ide_port_info triflex_device __devinitconst = { - .name = DRV_NAME, - .enablebits = {{0x80, 0x01, 0x01}, {0x80, 0x02, 0x02}}, - .port_ops = &triflex_port_ops, -diff --git a/drivers/ide/trm290.c b/drivers/ide/trm290.c -index 4b42ca0..e494a98 100644 ---- a/drivers/ide/trm290.c -+++ b/drivers/ide/trm290.c -@@ -324,7 +324,7 @@ static struct ide_dma_ops trm290_dma_ops = { - .dma_check = trm290_dma_check, - }; - --static const struct ide_port_info trm290_chipset __devinitdata = { -+static const struct ide_port_info trm290_chipset __devinitconst = { - .name = DRV_NAME, - .init_hwif = init_hwif_trm290, - .tp_ops = &trm290_tp_ops, -diff --git a/drivers/ide/via82cxxx.c b/drivers/ide/via82cxxx.c -index f46f49c..eb77678 100644 ---- a/drivers/ide/via82cxxx.c -+++ b/drivers/ide/via82cxxx.c -@@ -403,7 +403,7 @@ static const struct ide_port_ops via_port_ops = { - .cable_detect = via82cxxx_cable_detect, - }; - --static const struct ide_port_info via82cxxx_chipset __devinitdata = { -+static const struct ide_port_info via82cxxx_chipset __devinitconst = { - .name = DRV_NAME, - .init_chipset = init_chipset_via82cxxx, - .enablebits = { { 0x40, 0x02, 0x02 }, { 0x40, 0x01, 0x01 } }, -diff --git a/drivers/ieee802154/fakehard.c b/drivers/ieee802154/fakehard.c -index 73d4531..c90cd2d 100644 ---- a/drivers/ieee802154/fakehard.c -+++ b/drivers/ieee802154/fakehard.c -@@ -386,7 +386,7 @@ static int __devinit ieee802154fake_probe(struct platform_device *pdev) - phy->transmit_power = 0xbf; - - dev->netdev_ops = &fake_ops; -- dev->ml_priv = &fake_mlme; -+ dev->ml_priv = (void *)&fake_mlme; +diff --git a/drivers/iio/industrialio-core.c b/drivers/iio/industrialio-core.c +index 8848f16..f8e6dd8 100644 +--- a/drivers/iio/industrialio-core.c ++++ b/drivers/iio/industrialio-core.c +@@ -506,7 +506,7 @@ static ssize_t iio_write_channel_info(struct device *dev, + } - priv = netdev_priv(dev); - priv->phy = phy; + static +-int __iio_device_attr_init(struct device_attribute *dev_attr, ++int __iio_device_attr_init(device_attribute_no_const *dev_attr, + const char *postfix, + struct iio_chan_spec const *chan, + ssize_t (*readfunc)(struct device *dev, diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c -index d67999f..4c5d083 100644 +index 394fea2..c833880 100644 --- a/drivers/infiniband/core/cm.c +++ b/drivers/infiniband/core/cm.c @@ -114,7 +114,7 @@ static char const counter_group_names[CM_COUNTER_GROUPS] @@ -32859,7 +36262,7 @@ index 176c8f9..2627b62 100644 } } diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c -index 57e07c6..56d09d4 100644 +index afd8179..598063f 100644 --- a/drivers/infiniband/hw/cxgb4/mem.c +++ b/drivers/infiniband/hw/cxgb4/mem.c @@ -122,7 +122,7 @@ static int write_tpt_entry(struct c4iw_rdev *rdev, u32 reset_tpt_entry, @@ -32935,10 +36338,10 @@ index 1f95bba..9530f87 100644 sdata, wqe->wr.wr.atomic.swap); goto send_comp; diff --git a/drivers/infiniband/hw/nes/nes.c b/drivers/infiniband/hw/nes/nes.c -index 7140199..da60063 100644 +index 5b152a3..c1f3e83 100644 --- a/drivers/infiniband/hw/nes/nes.c +++ b/drivers/infiniband/hw/nes/nes.c -@@ -103,7 +103,7 @@ MODULE_PARM_DESC(limit_maxrdreqsz, "Limit max read request size to 256 Bytes"); +@@ -98,7 +98,7 @@ MODULE_PARM_DESC(limit_maxrdreqsz, "Limit max read request size to 256 Bytes"); LIST_HEAD(nes_adapter_list); static LIST_HEAD(nes_dev_list); @@ -32947,7 +36350,7 @@ index 7140199..da60063 100644 static unsigned int ee_flsh_adapter; static unsigned int sysfs_nonidx_addr; -@@ -272,7 +272,7 @@ static void nes_cqp_rem_ref_callback(struct nes_device *nesdev, struct nes_cqp_r +@@ -267,7 +267,7 @@ static void nes_cqp_rem_ref_callback(struct nes_device *nesdev, struct nes_cqp_r struct nes_qp *nesqp = cqp_request->cqp_callback_pointer; struct nes_adapter *nesadapter = nesdev->nesadapter; @@ -32957,10 +36360,10 @@ index 7140199..da60063 100644 /* Free the control structures */ diff --git a/drivers/infiniband/hw/nes/nes.h b/drivers/infiniband/hw/nes/nes.h -index 3f41d9f..69cfea7 100644 +index 33cc589..3bd6538 100644 --- a/drivers/infiniband/hw/nes/nes.h +++ b/drivers/infiniband/hw/nes/nes.h -@@ -178,17 +178,17 @@ extern unsigned int nes_debug_level; +@@ -177,17 +177,17 @@ extern unsigned int nes_debug_level; extern unsigned int wqm_quanta; extern struct list_head nes_adapter_list; @@ -32989,7 +36392,7 @@ index 3f41d9f..69cfea7 100644 extern u32 mh_detected; extern u32 mh_pauses_sent; extern u32 cm_packets_sent; -@@ -197,16 +197,16 @@ extern u32 cm_packets_created; +@@ -196,16 +196,16 @@ extern u32 cm_packets_created; extern u32 cm_packets_received; extern u32 cm_packets_dropped; extern u32 cm_packets_retrans; @@ -33016,7 +36419,7 @@ index 3f41d9f..69cfea7 100644 extern u32 int_mod_timer_init; extern u32 int_mod_cq_depth_256; diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c -index 020e95c..fbb3450 100644 +index 22ea67e..dcbe3bc 100644 --- a/drivers/infiniband/hw/nes/nes_cm.c +++ b/drivers/infiniband/hw/nes/nes_cm.c @@ -68,14 +68,14 @@ u32 cm_packets_dropped; @@ -33062,7 +36465,7 @@ index 020e95c..fbb3450 100644 int nes_add_ref_cm_node(struct nes_cm_node *cm_node) { -@@ -1279,7 +1279,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core, +@@ -1272,7 +1272,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core, kfree(listener); listener = NULL; ret = 0; @@ -33071,7 +36474,7 @@ index 020e95c..fbb3450 100644 } else { spin_unlock_irqrestore(&cm_core->listen_list_lock, flags); } -@@ -1482,7 +1482,7 @@ static struct nes_cm_node *make_cm_node(struct nes_cm_core *cm_core, +@@ -1466,7 +1466,7 @@ static struct nes_cm_node *make_cm_node(struct nes_cm_core *cm_core, cm_node->rem_mac); add_hte_node(cm_core, cm_node); @@ -33080,7 +36483,7 @@ index 020e95c..fbb3450 100644 return cm_node; } -@@ -1540,7 +1540,7 @@ static int rem_ref_cm_node(struct nes_cm_core *cm_core, +@@ -1524,7 +1524,7 @@ static int rem_ref_cm_node(struct nes_cm_core *cm_core, } atomic_dec(&cm_core->node_cnt); @@ -33089,7 +36492,7 @@ index 020e95c..fbb3450 100644 nesqp = cm_node->nesqp; if (nesqp) { nesqp->cm_node = NULL; -@@ -1604,7 +1604,7 @@ static int process_options(struct nes_cm_node *cm_node, u8 *optionsloc, +@@ -1588,7 +1588,7 @@ static int process_options(struct nes_cm_node *cm_node, u8 *optionsloc, static void drop_packet(struct sk_buff *skb) { @@ -33098,7 +36501,7 @@ index 020e95c..fbb3450 100644 dev_kfree_skb_any(skb); } -@@ -1667,7 +1667,7 @@ static void handle_rst_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb, +@@ -1651,7 +1651,7 @@ static void handle_rst_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb, { int reset = 0; /* whether to send reset in case of err.. */ @@ -33107,7 +36510,7 @@ index 020e95c..fbb3450 100644 nes_debug(NES_DBG_CM, "Received Reset, cm_node = %p, state = %u." " refcnt=%d\n", cm_node, cm_node->state, atomic_read(&cm_node->ref_count)); -@@ -2308,7 +2308,7 @@ static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *cm_core, +@@ -2292,7 +2292,7 @@ static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *cm_core, rem_ref_cm_node(cm_node->cm_core, cm_node); return NULL; } @@ -33116,7 +36519,7 @@ index 020e95c..fbb3450 100644 loopbackremotenode->loopbackpartner = cm_node; loopbackremotenode->tcp_cntxt.rcv_wscale = NES_CM_DEFAULT_RCV_WND_SCALE; -@@ -2583,7 +2583,7 @@ static int mini_cm_recv_pkt(struct nes_cm_core *cm_core, +@@ -2567,7 +2567,7 @@ static int mini_cm_recv_pkt(struct nes_cm_core *cm_core, nes_queue_mgt_skbs(skb, nesvnic, cm_node->nesqp); else { rem_ref_cm_node(cm_core, cm_node); @@ -33125,7 +36528,7 @@ index 020e95c..fbb3450 100644 dev_kfree_skb_any(skb); } break; -@@ -2891,7 +2891,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) +@@ -2875,7 +2875,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) if ((cm_id) && (cm_id->event_handler)) { if (issue_disconn) { @@ -33134,7 +36537,7 @@ index 020e95c..fbb3450 100644 cm_event.event = IW_CM_EVENT_DISCONNECT; cm_event.status = disconn_status; cm_event.local_addr = cm_id->local_addr; -@@ -2913,7 +2913,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) +@@ -2897,7 +2897,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) } if (issue_close) { @@ -33143,7 +36546,7 @@ index 020e95c..fbb3450 100644 nes_disconnect(nesqp, 1); cm_id->provider_data = nesqp; -@@ -3049,7 +3049,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) +@@ -3033,7 +3033,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) nes_debug(NES_DBG_CM, "QP%u, cm_node=%p, jiffies = %lu listener = %p\n", nesqp->hwqp.qp_id, cm_node, jiffies, cm_node->listener); @@ -33152,7 +36555,7 @@ index 020e95c..fbb3450 100644 nes_debug(NES_DBG_CM, "netdev refcnt = %u.\n", netdev_refcnt_read(nesvnic->netdev)); -@@ -3251,7 +3251,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) +@@ -3228,7 +3228,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) struct nes_cm_core *cm_core; u8 *start_buff; @@ -33161,7 +36564,7 @@ index 020e95c..fbb3450 100644 cm_node = (struct nes_cm_node *)cm_id->provider_data; loopback = cm_node->loopbackpartner; cm_core = cm_node->cm_core; -@@ -3311,7 +3311,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) +@@ -3288,7 +3288,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) ntohl(cm_id->local_addr.sin_addr.s_addr), ntohs(cm_id->local_addr.sin_port)); @@ -33170,7 +36573,7 @@ index 020e95c..fbb3450 100644 nesqp->active_conn = 1; /* cache the cm_id in the qp */ -@@ -3421,7 +3421,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog) +@@ -3398,7 +3398,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog) g_cm_core->api->stop_listener(g_cm_core, (void *)cm_node); return err; } @@ -33179,7 +36582,7 @@ index 020e95c..fbb3450 100644 } cm_id->add_ref(cm_id); -@@ -3522,7 +3522,7 @@ static void cm_event_connected(struct nes_cm_event *event) +@@ -3499,7 +3499,7 @@ static void cm_event_connected(struct nes_cm_event *event) if (nesqp->destroyed) return; @@ -33188,7 +36591,7 @@ index 020e95c..fbb3450 100644 nes_debug(NES_DBG_CM, "QP%u attempting to connect to 0x%08X:0x%04X on" " local port 0x%04X. jiffies = %lu.\n", nesqp->hwqp.qp_id, -@@ -3709,7 +3709,7 @@ static void cm_event_reset(struct nes_cm_event *event) +@@ -3679,7 +3679,7 @@ static void cm_event_reset(struct nes_cm_event *event) cm_id->add_ref(cm_id); ret = cm_id->event_handler(cm_id, &cm_event); @@ -33197,7 +36600,7 @@ index 020e95c..fbb3450 100644 cm_event.event = IW_CM_EVENT_CLOSE; cm_event.status = 0; cm_event.provider_data = cm_id->provider_data; -@@ -3745,7 +3745,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event) +@@ -3715,7 +3715,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event) return; cm_id = cm_node->cm_id; @@ -33206,7 +36609,7 @@ index 020e95c..fbb3450 100644 nes_debug(NES_DBG_CM, "cm_node = %p - cm_id = %p, jiffies = %lu\n", cm_node, cm_id, jiffies); -@@ -3785,7 +3785,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event) +@@ -3755,7 +3755,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event) return; cm_id = cm_node->cm_id; @@ -33216,7 +36619,7 @@ index 020e95c..fbb3450 100644 cm_node, cm_id, jiffies); diff --git a/drivers/infiniband/hw/nes/nes_mgt.c b/drivers/infiniband/hw/nes/nes_mgt.c -index 3ba7be3..c81f6ff 100644 +index 4166452..fc952c3 100644 --- a/drivers/infiniband/hw/nes/nes_mgt.c +++ b/drivers/infiniband/hw/nes/nes_mgt.c @@ -40,8 +40,8 @@ @@ -33239,7 +36642,7 @@ index 3ba7be3..c81f6ff 100644 /* Free packets that have not yet been forwarded */ /* Lock is acquired by skb_dequeue when removing the skb */ -@@ -812,7 +812,7 @@ static void nes_mgt_ce_handler(struct nes_device *nesdev, struct nes_hw_nic_cq * +@@ -810,7 +810,7 @@ static void nes_mgt_ce_handler(struct nes_device *nesdev, struct nes_hw_nic_cq * cq->cq_vbase[head].cqe_words[NES_NIC_CQE_HASH_RCVNXT]); skb_queue_head_init(&nesqp->pau_list); spin_lock_init(&nesqp->pau_lock); @@ -33249,10 +36652,10 @@ index 3ba7be3..c81f6ff 100644 } diff --git a/drivers/infiniband/hw/nes/nes_nic.c b/drivers/infiniband/hw/nes/nes_nic.c -index f3a3ecf..57d311d 100644 +index 9542e16..a008c40 100644 --- a/drivers/infiniband/hw/nes/nes_nic.c +++ b/drivers/infiniband/hw/nes/nes_nic.c -@@ -1277,39 +1277,39 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev, +@@ -1273,39 +1273,39 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev, target_stat_values[++index] = mh_detected; target_stat_values[++index] = mh_pauses_sent; target_stat_values[++index] = nesvnic->endnode_ipv4_tcp_retransmits; @@ -33313,7 +36716,7 @@ index f3a3ecf..57d311d 100644 /** diff --git a/drivers/infiniband/hw/nes/nes_verbs.c b/drivers/infiniband/hw/nes/nes_verbs.c -index da84ea3..f159bbe 100644 +index 07e4fba..685f041 100644 --- a/drivers/infiniband/hw/nes/nes_verbs.c +++ b/drivers/infiniband/hw/nes/nes_verbs.c @@ -46,9 +46,9 @@ @@ -33348,7 +36751,7 @@ index da84ea3..f159bbe 100644 /* Blow away the connection if it exists. */ diff --git a/drivers/infiniband/hw/qib/qib.h b/drivers/infiniband/hw/qib/qib.h -index 7b1b8669..4b69f85 100644 +index 4d11575..3e890e5 100644 --- a/drivers/infiniband/hw/qib/qib.h +++ b/drivers/infiniband/hw/qib/qib.h @@ -51,6 +51,7 @@ @@ -33381,19 +36784,19 @@ index da739d9..da1c7f4 100644 gameport->dev.release = gameport_release_port; if (gameport->parent) diff --git a/drivers/input/input.c b/drivers/input/input.c -index 8921c61..f5cd63d 100644 +index c044699..174d71a 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c -@@ -1814,7 +1814,7 @@ static void input_cleanse_bitmasks(struct input_dev *dev) +@@ -2019,7 +2019,7 @@ static void devm_input_device_unregister(struct device *dev, void *res) */ int input_register_device(struct input_dev *dev) { - static atomic_t input_no = ATOMIC_INIT(0); + static atomic_unchecked_t input_no = ATOMIC_INIT(0); + struct input_devres *devres = NULL; struct input_handler *handler; - const char *path; - int error; -@@ -1851,7 +1851,7 @@ int input_register_device(struct input_dev *dev) + unsigned int packet_size; +@@ -2074,7 +2074,7 @@ int input_register_device(struct input_dev *dev) dev->setkeycode = input_default_setkeycode; dev_set_name(&dev->dev, "input%ld", @@ -33415,10 +36818,10 @@ index 04c69af..5f92d00 100644 #include <linux/input.h> #include <linux/gameport.h> diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c -index 83811e4..0822b90 100644 +index d6cbfe9..6225402 100644 --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c -@@ -726,7 +726,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, +@@ -735,7 +735,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, static int xpad_led_probe(struct usb_xpad *xpad) { @@ -33427,7 +36830,7 @@ index 83811e4..0822b90 100644 long led_no; struct xpad_led *led; struct led_classdev *led_cdev; -@@ -739,7 +739,7 @@ static int xpad_led_probe(struct usb_xpad *xpad) +@@ -748,7 +748,7 @@ static int xpad_led_probe(struct usb_xpad *xpad) if (!led) return -ENOMEM; @@ -33436,11 +36839,24 @@ index 83811e4..0822b90 100644 snprintf(led->name, sizeof(led->name), "xpad%ld", led_no); led->xpad = xpad; +diff --git a/drivers/input/mouse/psmouse.h b/drivers/input/mouse/psmouse.h +index fe1df23..5b710f3 100644 +--- a/drivers/input/mouse/psmouse.h ++++ b/drivers/input/mouse/psmouse.h +@@ -115,7 +115,7 @@ struct psmouse_attribute { + ssize_t (*set)(struct psmouse *psmouse, void *data, + const char *buf, size_t count); + bool protect; +-}; ++} __do_const; + #define to_psmouse_attr(a) container_of((a), struct psmouse_attribute, dattr) + + ssize_t psmouse_attr_show_helper(struct device *dev, struct device_attribute *attr, diff --git a/drivers/input/mousedev.c b/drivers/input/mousedev.c -index 0110b5a..d3ad144 100644 +index 4c842c3..590b0bf 100644 --- a/drivers/input/mousedev.c +++ b/drivers/input/mousedev.c -@@ -763,7 +763,7 @@ static ssize_t mousedev_read(struct file *file, char __user *buffer, +@@ -738,7 +738,7 @@ static ssize_t mousedev_read(struct file *file, char __user *buffer, spin_unlock_irq(&client->packet_lock); @@ -33450,7 +36866,7 @@ index 0110b5a..d3ad144 100644 return count; diff --git a/drivers/input/serio/serio.c b/drivers/input/serio/serio.c -index d0f7533..fb8215b 100644 +index 25fc597..558bf3b 100644 --- a/drivers/input/serio/serio.c +++ b/drivers/input/serio/serio.c @@ -496,7 +496,7 @@ static void serio_release_port(struct device *dev) @@ -33471,11 +36887,24 @@ index d0f7533..fb8215b 100644 serio->dev.bus = &serio_bus; serio->dev.release = serio_release_port; serio->dev.groups = serio_device_attr_groups; +diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c +index ddbdaca..be18a78 100644 +--- a/drivers/iommu/iommu.c ++++ b/drivers/iommu/iommu.c +@@ -554,7 +554,7 @@ static struct notifier_block iommu_bus_nb = { + static void iommu_bus_init(struct bus_type *bus, struct iommu_ops *ops) + { + bus_register_notifier(bus, &iommu_bus_nb); +- bus_for_each_dev(bus, NULL, ops, add_iommu_group); ++ bus_for_each_dev(bus, NULL, (void *)ops, add_iommu_group); + } + + /** diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c -index 38c4bd8..58965d9 100644 +index 89562a8..218999b 100644 --- a/drivers/isdn/capi/capi.c +++ b/drivers/isdn/capi/capi.c -@@ -83,8 +83,8 @@ struct capiminor { +@@ -81,8 +81,8 @@ struct capiminor { struct capi20_appl *ap; u32 ncci; @@ -33486,7 +36915,7 @@ index 38c4bd8..58965d9 100644 struct tty_port port; int ttyinstop; -@@ -392,7 +392,7 @@ gen_data_b3_resp_for(struct capiminor *mp, struct sk_buff *skb) +@@ -391,7 +391,7 @@ gen_data_b3_resp_for(struct capiminor *mp, struct sk_buff *skb) capimsg_setu16(s, 2, mp->ap->applid); capimsg_setu8 (s, 4, CAPI_DATA_B3); capimsg_setu8 (s, 5, CAPI_RESP); @@ -33495,7 +36924,7 @@ index 38c4bd8..58965d9 100644 capimsg_setu32(s, 8, mp->ncci); capimsg_setu16(s, 12, datahandle); } -@@ -513,14 +513,14 @@ static void handle_minor_send(struct capiminor *mp) +@@ -512,14 +512,14 @@ static void handle_minor_send(struct capiminor *mp) mp->outbytes -= len; spin_unlock_bh(&mp->outlock); @@ -33513,7 +36942,7 @@ index 38c4bd8..58965d9 100644 capimsg_setu32(skb->data, 12, (u32)(long)skb->data);/* Data32 */ capimsg_setu16(skb->data, 16, len); /* Data length */ diff --git a/drivers/isdn/gigaset/interface.c b/drivers/isdn/gigaset/interface.c -index a6d9fd2..afdb8a3 100644 +index 67abf3f..076b3a6 100644 --- a/drivers/isdn/gigaset/interface.c +++ b/drivers/isdn/gigaset/interface.c @@ -160,9 +160,9 @@ static int if_open(struct tty_struct *tty, struct file *filp) @@ -33562,49 +36991,23 @@ index 821f7ac..28d4030 100644 return -EFAULT; } else { memcpy(buf, dp, left); -diff --git a/drivers/isdn/hardware/eicon/divasync.h b/drivers/isdn/hardware/eicon/divasync.h -index dd6b53a..19d9ee6 100644 ---- a/drivers/isdn/hardware/eicon/divasync.h -+++ b/drivers/isdn/hardware/eicon/divasync.h -@@ -146,7 +146,7 @@ typedef struct _diva_didd_add_adapter { - } diva_didd_add_adapter_t; - typedef struct _diva_didd_remove_adapter { - IDI_CALL p_request; --} diva_didd_remove_adapter_t; -+} __no_const diva_didd_remove_adapter_t; - typedef struct _diva_didd_read_adapter_array { - void *buffer; - dword length; -diff --git a/drivers/isdn/hardware/eicon/xdi_adapter.h b/drivers/isdn/hardware/eicon/xdi_adapter.h -index d303e65..28bcb7b 100644 ---- a/drivers/isdn/hardware/eicon/xdi_adapter.h -+++ b/drivers/isdn/hardware/eicon/xdi_adapter.h -@@ -44,7 +44,7 @@ typedef struct _xdi_mbox_t { - typedef struct _diva_os_idi_adapter_interface { - diva_init_card_proc_t cleanup_adapter_proc; - diva_cmd_card_proc_t cmd_proc; --} diva_os_idi_adapter_interface_t; -+} __no_const diva_os_idi_adapter_interface_t; - - typedef struct _diva_os_xdi_adapter { - struct list_head link; diff --git a/drivers/isdn/i4l/isdn_tty.c b/drivers/isdn/i4l/isdn_tty.c -index 7bc5067..fd36232 100644 +index e09dc8a..15e2efb 100644 --- a/drivers/isdn/i4l/isdn_tty.c +++ b/drivers/isdn/i4l/isdn_tty.c -@@ -1505,9 +1505,9 @@ isdn_tty_open(struct tty_struct *tty, struct file *filp) - port = &info->port; +@@ -1513,9 +1513,9 @@ isdn_tty_open(struct tty_struct *tty, struct file *filp) + #ifdef ISDN_DEBUG_MODEM_OPEN printk(KERN_DEBUG "isdn_tty_open %s, count = %d\n", tty->name, - port->count); -+ atomic_read(&port->count)) ++ atomic_read(&port->count)); #endif - port->count++; + atomic_inc(&port->count); - tty->driver_data = info; port->tty = tty; - tty->port = port; -@@ -1553,7 +1553,7 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp) + /* + * Start up serial port +@@ -1559,7 +1559,7 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp) #endif return; } @@ -33613,7 +37016,7 @@ index 7bc5067..fd36232 100644 /* * Uh, oh. tty->count is 1, which means that the tty * structure will be freed. Info->count should always -@@ -1562,15 +1562,15 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp) +@@ -1568,15 +1568,15 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp) * serial port won't be shutdown. */ printk(KERN_ERR "isdn_tty_close: bad port count; tty->count is 1, " @@ -33635,7 +37038,7 @@ index 7bc5067..fd36232 100644 #ifdef ISDN_DEBUG_MODEM_OPEN printk(KERN_DEBUG "isdn_tty_close after info->count != 0\n"); #endif -@@ -1624,7 +1624,7 @@ isdn_tty_hangup(struct tty_struct *tty) +@@ -1630,7 +1630,7 @@ isdn_tty_hangup(struct tty_struct *tty) if (isdn_tty_paranoia_check(info, tty->name, "isdn_tty_hangup")) return; isdn_tty_shutdown(info); @@ -33644,7 +37047,7 @@ index 7bc5067..fd36232 100644 port->flags &= ~ASYNC_NORMAL_ACTIVE; port->tty = NULL; wake_up_interruptible(&port->open_wait); -@@ -1964,7 +1964,7 @@ isdn_tty_find_icall(int di, int ch, setup_parm *setup) +@@ -1975,7 +1975,7 @@ isdn_tty_find_icall(int di, int ch, setup_parm *setup) for (i = 0; i < ISDN_MAX_CHANNELS; i++) { modem_info *info = &dev->mdm.info[i]; @@ -33666,8 +37069,34 @@ index e74df7c..03a03ba 100644 return -EFAULT; } else memcpy(msg, buf, count); +diff --git a/drivers/leds/leds-clevo-mail.c b/drivers/leds/leds-clevo-mail.c +index 6a8405d..0bd1c7e 100644 +--- a/drivers/leds/leds-clevo-mail.c ++++ b/drivers/leds/leds-clevo-mail.c +@@ -40,7 +40,7 @@ static int __init clevo_mail_led_dmi_callback(const struct dmi_system_id *id) + * detected as working, but in reality it is not) as low as + * possible. + */ +-static struct dmi_system_id __initdata clevo_mail_led_dmi_table[] = { ++static const struct dmi_system_id __initconst clevo_mail_led_dmi_table[] = { + { + .callback = clevo_mail_led_dmi_callback, + .ident = "Clevo D410J", +diff --git a/drivers/leds/leds-ss4200.c b/drivers/leds/leds-ss4200.c +index ec9b287..65c9bf4 100644 +--- a/drivers/leds/leds-ss4200.c ++++ b/drivers/leds/leds-ss4200.c +@@ -92,7 +92,7 @@ MODULE_PARM_DESC(nodetect, "Skip DMI-based hardware detection"); + * detected as working, but in reality it is not) as low as + * possible. + */ +-static struct dmi_system_id __initdata nas_led_whitelist[] = { ++static const struct dmi_system_id __initconst nas_led_whitelist[] = { + { + .callback = ss4200_led_dmi_callback, + .ident = "Intel SS4200-E", diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c -index b5fdcb7..5b6c59f 100644 +index a5ebc00..982886f 100644 --- a/drivers/lguest/core.c +++ b/drivers/lguest/core.c @@ -92,9 +92,17 @@ static __init int map_switcher(void) @@ -33698,7 +37127,7 @@ index b5fdcb7..5b6c59f 100644 printk(KERN_INFO "lguest: mapped switcher at %p\n", diff --git a/drivers/lguest/x86/core.c b/drivers/lguest/x86/core.c -index 39809035..ce25c5e 100644 +index 4af12e1..0e89afe 100644 --- a/drivers/lguest/x86/core.c +++ b/drivers/lguest/x86/core.c @@ -59,7 +59,7 @@ static struct { @@ -33724,7 +37153,7 @@ index 39809035..ce25c5e 100644 /* * Set up the Guest's page tables to see this CPU's pages (and no * other CPU's pages). -@@ -472,7 +478,7 @@ void __init lguest_arch_host_init(void) +@@ -476,7 +482,7 @@ void __init lguest_arch_host_init(void) * compiled-in switcher code and the high-mapped copy we just made. */ for (i = 0; i < IDT_ENTRIES; i++) @@ -33733,7 +37162,7 @@ index 39809035..ce25c5e 100644 /* * Set up the Switcher's per-cpu areas. -@@ -555,7 +561,7 @@ void __init lguest_arch_host_init(void) +@@ -559,7 +565,7 @@ void __init lguest_arch_host_init(void) * it will be undisturbed when we switch. To change %cs and jump we * need this structure to feed to Intel's "lcall" instruction. */ @@ -33804,24 +37233,11 @@ index 40634b0..4f5855e 100644 // Every interrupt can come to us here // But we must truly tell each apart. -diff --git a/drivers/macintosh/macio_asic.c b/drivers/macintosh/macio_asic.c -index 20e5c2c..9e849a9 100644 ---- a/drivers/macintosh/macio_asic.c -+++ b/drivers/macintosh/macio_asic.c -@@ -748,7 +748,7 @@ static void __devexit macio_pci_remove(struct pci_dev* pdev) - * MacIO is matched against any Apple ID, it's probe() function - * will then decide wether it applies or not - */ --static const struct pci_device_id __devinitdata pci_ids [] = { { -+static const struct pci_device_id __devinitconst pci_ids [] = { { - .vendor = PCI_VENDOR_ID_APPLE, - .device = PCI_ANY_ID, - .subvendor = PCI_ANY_ID, diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c -index 94e7f6b..2f4a0d8 100644 +index 7155945..4bcc562 100644 --- a/drivers/md/bitmap.c +++ b/drivers/md/bitmap.c -@@ -1786,7 +1786,7 @@ void bitmap_status(struct seq_file *seq, struct bitmap *bitmap) +@@ -1779,7 +1779,7 @@ void bitmap_status(struct seq_file *seq, struct bitmap *bitmap) chunk_kb ? "KB" : "B"); if (bitmap->storage.file) { seq_printf(seq, ", file: "); @@ -33831,10 +37247,10 @@ index 94e7f6b..2f4a0d8 100644 seq_printf(seq, "\n"); diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c -index a651d52..82f8a95 100644 +index 0666b5d..ed82cb4 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c -@@ -1601,7 +1601,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param) +@@ -1628,7 +1628,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param) cmd == DM_LIST_VERSIONS_CMD) return 0; @@ -33844,7 +37260,7 @@ index a651d52..82f8a95 100644 DMWARN("name not supplied when creating device"); return -EINVAL; diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c -index bc5ddba8..b961159 100644 +index fa51918..c26253c 100644 --- a/drivers/md/dm-raid1.c +++ b/drivers/md/dm-raid1.c @@ -40,7 +40,7 @@ enum dm_raid1_error { @@ -33856,7 +37272,7 @@ index bc5ddba8..b961159 100644 unsigned long error_type; struct dm_dev *dev; sector_t offset; -@@ -185,7 +185,7 @@ static struct mirror *get_valid_mirror(struct mirror_set *ms) +@@ -183,7 +183,7 @@ static struct mirror *get_valid_mirror(struct mirror_set *ms) struct mirror *m; for (m = ms->mirror; m < ms->mirror + ms->nr_mirrors; m++) @@ -33865,7 +37281,7 @@ index bc5ddba8..b961159 100644 return m; return NULL; -@@ -217,7 +217,7 @@ static void fail_mirror(struct mirror *m, enum dm_raid1_error error_type) +@@ -215,7 +215,7 @@ static void fail_mirror(struct mirror *m, enum dm_raid1_error error_type) * simple way to tell if a device has encountered * errors. */ @@ -33874,7 +37290,7 @@ index bc5ddba8..b961159 100644 if (test_and_set_bit(error_type, &m->error_type)) return; -@@ -408,7 +408,7 @@ static struct mirror *choose_mirror(struct mirror_set *ms, sector_t sector) +@@ -406,7 +406,7 @@ static struct mirror *choose_mirror(struct mirror_set *ms, sector_t sector) struct mirror *m = get_default_mirror(ms); do { @@ -33883,7 +37299,7 @@ index bc5ddba8..b961159 100644 return m; if (m-- == ms->mirror) -@@ -422,7 +422,7 @@ static int default_ok(struct mirror *m) +@@ -420,7 +420,7 @@ static int default_ok(struct mirror *m) { struct mirror *default_mirror = get_default_mirror(m->ms); @@ -33892,7 +37308,7 @@ index bc5ddba8..b961159 100644 } static int mirror_available(struct mirror_set *ms, struct bio *bio) -@@ -559,7 +559,7 @@ static void do_reads(struct mirror_set *ms, struct bio_list *reads) +@@ -557,7 +557,7 @@ static void do_reads(struct mirror_set *ms, struct bio_list *reads) */ if (likely(region_in_sync(ms, region, 1))) m = choose_mirror(ms, bio->bi_sector); @@ -33901,7 +37317,7 @@ index bc5ddba8..b961159 100644 m = NULL; if (likely(m)) -@@ -938,7 +938,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti, +@@ -924,7 +924,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti, } ms->mirror[mirror].ms = ms; @@ -33910,7 +37326,7 @@ index bc5ddba8..b961159 100644 ms->mirror[mirror].error_type = 0; ms->mirror[mirror].offset = offset; -@@ -1356,7 +1356,7 @@ static void mirror_resume(struct dm_target *ti) +@@ -1337,7 +1337,7 @@ static void mirror_resume(struct dm_target *ti) */ static char device_status_char(struct mirror *m) { @@ -33920,7 +37336,7 @@ index bc5ddba8..b961159 100644 return (test_bit(DM_RAID1_FLUSH_ERROR, &(m->error_type))) ? 'F' : diff --git a/drivers/md/dm-stripe.c b/drivers/md/dm-stripe.c -index a087bf2..4c94786 100644 +index c89cde8..9d184cf 100644 --- a/drivers/md/dm-stripe.c +++ b/drivers/md/dm-stripe.c @@ -20,7 +20,7 @@ struct stripe { @@ -33932,7 +37348,7 @@ index a087bf2..4c94786 100644 }; struct stripe_c { -@@ -183,7 +183,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv) +@@ -184,7 +184,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv) kfree(sc); return r; } @@ -33941,7 +37357,7 @@ index a087bf2..4c94786 100644 } ti->private = sc; -@@ -324,7 +324,7 @@ static int stripe_status(struct dm_target *ti, status_type_t type, +@@ -325,7 +325,7 @@ static int stripe_status(struct dm_target *ti, status_type_t type, DMEMIT("%d ", sc->stripes); for (i = 0; i < sc->stripes; i++) { DMEMIT("%s ", sc->stripe[i].dev->name); @@ -33950,7 +37366,7 @@ index a087bf2..4c94786 100644 'D' : 'A'; } buffer[i] = '\0'; -@@ -371,8 +371,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio, +@@ -371,8 +371,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio, int error) */ for (i = 0; i < sc->stripes; i++) if (!strcmp(sc->stripe[i].dev->name, major_minor)) { @@ -33962,7 +37378,7 @@ index a087bf2..4c94786 100644 schedule_work(&sc->trigger_event); } diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c -index 100368e..64262ce 100644 +index daf25d0..d74f49f 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -390,7 +390,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev, @@ -33975,7 +37391,7 @@ index 100368e..64262ce 100644 "start=%llu, len=%llu, dev_size=%llu", dm_device_name(ti->table->md), bdevname(bdev, b), diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c -index 693e149..b7e0fde 100644 +index 4d6e853..a234157 100644 --- a/drivers/md/dm-thin-metadata.c +++ b/drivers/md/dm-thin-metadata.c @@ -397,7 +397,7 @@ static void __setup_btree_details(struct dm_pool_metadata *pmd) @@ -33997,10 +37413,10 @@ index 693e149..b7e0fde 100644 pmd->bl_info.value_type.inc = data_block_inc; pmd->bl_info.value_type.dec = data_block_dec; diff --git a/drivers/md/dm.c b/drivers/md/dm.c -index 4256200..154b975 100644 +index 314a0e2..1376406 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c -@@ -176,9 +176,9 @@ struct mapped_device { +@@ -170,9 +170,9 @@ struct mapped_device { /* * Event handling. */ @@ -34012,7 +37428,7 @@ index 4256200..154b975 100644 struct list_head uevent_list; spinlock_t uevent_lock; /* Protect access to uevent_list */ -@@ -1893,8 +1893,8 @@ static struct mapped_device *alloc_dev(int minor) +@@ -1872,8 +1872,8 @@ static struct mapped_device *alloc_dev(int minor) rwlock_init(&md->map_lock); atomic_set(&md->holders, 1); atomic_set(&md->open_count, 0); @@ -34023,7 +37439,7 @@ index 4256200..154b975 100644 INIT_LIST_HEAD(&md->uevent_list); spin_lock_init(&md->uevent_lock); -@@ -2028,7 +2028,7 @@ static void event_callback(void *context) +@@ -2014,7 +2014,7 @@ static void event_callback(void *context) dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj); @@ -34032,7 +37448,7 @@ index 4256200..154b975 100644 wake_up(&md->eventq); } -@@ -2683,18 +2683,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, +@@ -2669,18 +2669,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, uint32_t dm_next_uevent_seq(struct mapped_device *md) { @@ -34055,10 +37471,10 @@ index 4256200..154b975 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index c7b000f..15a8b22 100644 +index 3db3d1b..9487468 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c -@@ -277,10 +277,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); +@@ -240,10 +240,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); * start build, activate spare */ static DECLARE_WAIT_QUEUE_HEAD(md_event_waiters); @@ -34071,7 +37487,7 @@ index c7b000f..15a8b22 100644 wake_up(&md_event_waiters); } EXPORT_SYMBOL_GPL(md_new_event); -@@ -290,7 +290,7 @@ EXPORT_SYMBOL_GPL(md_new_event); +@@ -253,7 +253,7 @@ EXPORT_SYMBOL_GPL(md_new_event); */ static void md_new_event_inintr(struct mddev *mddev) { @@ -34080,7 +37496,7 @@ index c7b000f..15a8b22 100644 wake_up(&md_event_waiters); } -@@ -1519,7 +1519,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ +@@ -1503,7 +1503,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ if ((le32_to_cpu(sb->feature_map) & MD_FEATURE_RESHAPE_ACTIVE) && (le32_to_cpu(sb->feature_map) & MD_FEATURE_NEW_OFFSET)) rdev->new_data_offset += (s32)le32_to_cpu(sb->new_offset); @@ -34089,7 +37505,7 @@ index c7b000f..15a8b22 100644 rdev->sb_size = le32_to_cpu(sb->max_dev) * 2 + 256; bmask = queue_logical_block_size(rdev->bdev->bd_disk->queue)-1; -@@ -1763,7 +1763,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev) +@@ -1747,7 +1747,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev) else sb->resync_offset = cpu_to_le64(0); @@ -34098,7 +37514,7 @@ index c7b000f..15a8b22 100644 sb->raid_disks = cpu_to_le32(mddev->raid_disks); sb->size = cpu_to_le64(mddev->dev_sectors); -@@ -2757,7 +2757,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store); +@@ -2747,7 +2747,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store); static ssize_t errors_show(struct md_rdev *rdev, char *page) { @@ -34107,7 +37523,7 @@ index c7b000f..15a8b22 100644 } static ssize_t -@@ -2766,7 +2766,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len) +@@ -2756,7 +2756,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len) char *e; unsigned long n = simple_strtoul(buf, &e, 10); if (*buf && (*e == 0 || *e == '\n')) { @@ -34116,7 +37532,7 @@ index c7b000f..15a8b22 100644 return len; } return -EINVAL; -@@ -3213,8 +3213,8 @@ int md_rdev_init(struct md_rdev *rdev) +@@ -3203,8 +3203,8 @@ int md_rdev_init(struct md_rdev *rdev) rdev->sb_loaded = 0; rdev->bb_page = NULL; atomic_set(&rdev->nr_pending, 0); @@ -34127,7 +37543,7 @@ index c7b000f..15a8b22 100644 INIT_LIST_HEAD(&rdev->same_set); init_waitqueue_head(&rdev->blocked_wait); -@@ -6947,7 +6947,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -6980,7 +6980,7 @@ static int md_seq_show(struct seq_file *seq, void *v) spin_unlock(&pers_lock); seq_printf(seq, "\n"); @@ -34136,7 +37552,7 @@ index c7b000f..15a8b22 100644 return 0; } if (v == (void*)2) { -@@ -7050,7 +7050,7 @@ static int md_seq_open(struct inode *inode, struct file *file) +@@ -7083,7 +7083,7 @@ static int md_seq_open(struct inode *inode, struct file *file) return error; seq = file->private_data; @@ -34145,7 +37561,7 @@ index c7b000f..15a8b22 100644 return error; } -@@ -7064,7 +7064,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) +@@ -7097,7 +7097,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) /* always allow read */ mask = POLLIN | POLLRDNORM; @@ -34154,7 +37570,7 @@ index c7b000f..15a8b22 100644 mask |= POLLERR | POLLPRI; return mask; } -@@ -7108,7 +7108,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) +@@ -7141,7 +7141,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) struct gendisk *disk = rdev->bdev->bd_contains->bd_disk; curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + (int)part_stat_read(&disk->part0, sectors[1]) - @@ -34164,7 +37580,7 @@ index c7b000f..15a8b22 100644 * as sync_io is counted when a request starts, and * disk_stats is counted when it completes. diff --git a/drivers/md/md.h b/drivers/md/md.h -index f385b03..b600be8 100644 +index eca59c3..7c42285 100644 --- a/drivers/md/md.h +++ b/drivers/md/md.h @@ -94,13 +94,13 @@ struct md_rdev { @@ -34183,7 +37599,7 @@ index f385b03..b600be8 100644 * for reporting to userspace and storing * in superblock. */ -@@ -432,7 +432,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev) +@@ -434,7 +434,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev) static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors) { @@ -34192,32 +37608,6 @@ index f385b03..b600be8 100644 } struct md_personality -diff --git a/drivers/md/persistent-data/dm-space-map-disk.c b/drivers/md/persistent-data/dm-space-map-disk.c -index f6d29e6..7917f5e 100644 ---- a/drivers/md/persistent-data/dm-space-map-disk.c -+++ b/drivers/md/persistent-data/dm-space-map-disk.c -@@ -22,7 +22,7 @@ - * Space map interface. - */ - struct sm_disk { -- struct dm_space_map sm; -+ dm_space_map_no_const sm; - - struct ll_disk ll; - struct ll_disk old_ll; -diff --git a/drivers/md/persistent-data/dm-space-map-metadata.c b/drivers/md/persistent-data/dm-space-map-metadata.c -index e89ae5e..062e4c2 100644 ---- a/drivers/md/persistent-data/dm-space-map-metadata.c -+++ b/drivers/md/persistent-data/dm-space-map-metadata.c -@@ -43,7 +43,7 @@ struct block_op { - }; - - struct sm_metadata { -- struct dm_space_map sm; -+ dm_space_map_no_const sm; - - struct ll_disk ll; - struct ll_disk old_ll; diff --git a/drivers/md/persistent-data/dm-space-map.h b/drivers/md/persistent-data/dm-space-map.h index 1cbfc6b..56e1dbb 100644 --- a/drivers/md/persistent-data/dm-space-map.h @@ -34231,10 +37621,10 @@ index 1cbfc6b..56e1dbb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index 7077dcf..facc1e9 100644 +index d5bddfc..b079b4b 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c -@@ -1810,7 +1810,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) +@@ -1818,7 +1818,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) if (r1_sync_page_io(rdev, sect, s, bio->bi_io_vec[idx].bv_page, READ) != 0) @@ -34243,7 +37633,7 @@ index 7077dcf..facc1e9 100644 } sectors -= s; sect += s; -@@ -2032,7 +2032,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, +@@ -2040,7 +2040,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, test_bit(In_sync, &rdev->flags)) { if (r1_sync_page_io(rdev, sect, s, conf->tmppage, READ)) { @@ -34253,10 +37643,10 @@ index 7077dcf..facc1e9 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index c52d893..69c5d80 100644 +index 64d4824..8b9ea57 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c -@@ -1814,7 +1814,7 @@ static void end_sync_read(struct bio *bio, int error) +@@ -1877,7 +1877,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc */ @@ -34265,7 +37655,7 @@ index c52d893..69c5d80 100644 &conf->mirrors[d].rdev->corrected_errors); /* for reconstruct, we always reschedule after a read. -@@ -2163,7 +2163,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2226,7 +2226,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) { struct timespec cur_time_mon; unsigned long hours_since_last; @@ -34274,7 +37664,7 @@ index c52d893..69c5d80 100644 ktime_get_ts(&cur_time_mon); -@@ -2185,9 +2185,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2248,9 +2248,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) * overflowing the shift of read_errors by hours_since_last. */ if (hours_since_last >= 8 * sizeof(read_errors)) @@ -34286,7 +37676,7 @@ index c52d893..69c5d80 100644 } static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector, -@@ -2241,8 +2241,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2304,8 +2304,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 return; check_decay_read_errors(mddev, rdev); @@ -34297,7 +37687,7 @@ index c52d893..69c5d80 100644 char b[BDEVNAME_SIZE]; bdevname(rdev->bdev, b); -@@ -2250,7 +2250,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2313,7 +2313,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 "md/raid10:%s: %s: Raid device exceeded " "read_error threshold [cur %d:max %d]\n", mdname(mddev), b, @@ -34306,7 +37696,7 @@ index c52d893..69c5d80 100644 printk(KERN_NOTICE "md/raid10:%s: %s: Failing raid device\n", mdname(mddev), b); -@@ -2405,7 +2405,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2468,7 +2468,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 sect + choose_data_offset(r10_bio, rdev)), bdevname(rdev->bdev, b)); @@ -34316,10 +37706,10 @@ index c52d893..69c5d80 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 0689173..35df76c 100644 +index 19d77a0..56051b92 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c -@@ -1756,21 +1756,21 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1797,21 +1797,21 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), STRIPE_SECTORS, (unsigned long long)s, bdevname(rdev->bdev, b)); @@ -34345,7 +37735,7 @@ index 0689173..35df76c 100644 if (test_bit(R5_ReadRepl, &sh->dev[i].flags)) printk_ratelimited( KERN_WARNING -@@ -1798,7 +1798,7 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1839,7 +1839,7 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), (unsigned long long)s, bdn); @@ -34354,36 +37744,10 @@ index 0689173..35df76c 100644 > conf->max_nr_stripes) printk(KERN_WARNING "md/raid:%s: Too many read errors, failing device %s.\n", -diff --git a/drivers/media/dvb/ddbridge/ddbridge-core.c b/drivers/media/dvb/ddbridge/ddbridge-core.c -index ebf3f05..b1f3e77 100644 ---- a/drivers/media/dvb/ddbridge/ddbridge-core.c -+++ b/drivers/media/dvb/ddbridge/ddbridge-core.c -@@ -1679,7 +1679,7 @@ static struct ddb_info ddb_v6 = { - .subvendor = _subvend, .subdevice = _subdev, \ - .driver_data = (unsigned long)&_driverdata } - --static const struct pci_device_id ddb_id_tbl[] __devinitdata = { -+static const struct pci_device_id ddb_id_tbl[] __devinitconst = { - DDB_ID(DDVID, 0x0002, DDVID, 0x0001, ddb_octopus), - DDB_ID(DDVID, 0x0003, DDVID, 0x0001, ddb_octopus), - DDB_ID(DDVID, 0x0003, DDVID, 0x0002, ddb_octopus_le), -diff --git a/drivers/media/dvb/dvb-core/dvb_demux.h b/drivers/media/dvb/dvb-core/dvb_demux.h -index fa7188a..04a045e 100644 ---- a/drivers/media/dvb/dvb-core/dvb_demux.h -+++ b/drivers/media/dvb/dvb-core/dvb_demux.h -@@ -73,7 +73,7 @@ struct dvb_demux_feed { - union { - dmx_ts_cb ts; - dmx_section_cb sec; -- } cb; -+ } __no_const cb; - - struct dvb_demux *demux; - void *priv; -diff --git a/drivers/media/dvb/dvb-core/dvbdev.c b/drivers/media/dvb/dvb-core/dvbdev.c -index 39eab73..60033e7 100644 ---- a/drivers/media/dvb/dvb-core/dvbdev.c -+++ b/drivers/media/dvb/dvb-core/dvbdev.c +diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c +index d33101a..6b13069 100644 +--- a/drivers/media/dvb-core/dvbdev.c ++++ b/drivers/media/dvb-core/dvbdev.c @@ -192,7 +192,7 @@ int dvb_register_device(struct dvb_adapter *adap, struct dvb_device **pdvbdev, const struct dvb_device *template, void *priv, int type) { @@ -34393,36 +37757,10 @@ index 39eab73..60033e7 100644 struct device *clsdev; int minor; int id; -diff --git a/drivers/media/dvb/dvb-usb/cxusb.c b/drivers/media/dvb/dvb-usb/cxusb.c -index 3940bb0..fb3952a 100644 ---- a/drivers/media/dvb/dvb-usb/cxusb.c -+++ b/drivers/media/dvb/dvb-usb/cxusb.c -@@ -1068,7 +1068,7 @@ static struct dib0070_config dib7070p_dib0070_config = { - - struct dib0700_adapter_state { - int (*set_param_save) (struct dvb_frontend *); --}; -+} __no_const; - - static int dib7070_set_param_override(struct dvb_frontend *fe) - { -diff --git a/drivers/media/dvb/dvb-usb/dw2102.c b/drivers/media/dvb/dvb-usb/dw2102.c -index 9382895..ac8093c 100644 ---- a/drivers/media/dvb/dvb-usb/dw2102.c -+++ b/drivers/media/dvb/dvb-usb/dw2102.c -@@ -95,7 +95,7 @@ struct su3000_state { - - struct s6x0_state { - int (*old_set_voltage)(struct dvb_frontend *f, fe_sec_voltage_t v); --}; -+} __no_const; - - /* debug */ - static int dvb_usb_dw2102_debug; -diff --git a/drivers/media/dvb/frontends/dib3000.h b/drivers/media/dvb/frontends/dib3000.h +diff --git a/drivers/media/dvb-frontends/dib3000.h b/drivers/media/dvb-frontends/dib3000.h index 404f63a..4796533 100644 ---- a/drivers/media/dvb/frontends/dib3000.h -+++ b/drivers/media/dvb/frontends/dib3000.h +--- a/drivers/media/dvb-frontends/dib3000.h ++++ b/drivers/media/dvb-frontends/dib3000.h @@ -39,7 +39,7 @@ struct dib_fe_xfer_ops int (*fifo_ctrl)(struct dvb_frontend *fe, int onoff); int (*pid_ctrl)(struct dvb_frontend *fe, int index, int pid, int onoff); @@ -34432,85 +37770,11 @@ index 404f63a..4796533 100644 #if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODULE) && defined(MODULE)) extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config, -diff --git a/drivers/media/dvb/ngene/ngene-cards.c b/drivers/media/dvb/ngene/ngene-cards.c -index 72ee8de..eae0c80 100644 ---- a/drivers/media/dvb/ngene/ngene-cards.c -+++ b/drivers/media/dvb/ngene/ngene-cards.c -@@ -479,7 +479,7 @@ static struct ngene_info ngene_info_m780 = { - - /****************************************************************************/ - --static const struct pci_device_id ngene_id_tbl[] __devinitdata = { -+static const struct pci_device_id ngene_id_tbl[] __devinitconst = { - NGENE_ID(0x18c3, 0xabc3, ngene_info_cineS2), - NGENE_ID(0x18c3, 0xabc4, ngene_info_cineS2), - NGENE_ID(0x18c3, 0xdb01, ngene_info_satixS2), -diff --git a/drivers/media/radio/radio-cadet.c b/drivers/media/radio/radio-cadet.c -index 697a421..16c5a5f 100644 ---- a/drivers/media/radio/radio-cadet.c -+++ b/drivers/media/radio/radio-cadet.c -@@ -302,6 +302,8 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo - unsigned char readbuf[RDS_BUFFER]; - int i = 0; - -+ if (count > RDS_BUFFER) -+ return -EFAULT; - mutex_lock(&dev->lock); - if (dev->rdsstat == 0) - cadet_start_rds(dev); -@@ -317,7 +319,7 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo - while (i < count && dev->rdsin != dev->rdsout) - readbuf[i++] = dev->rdsbuf[dev->rdsout++]; - -- if (i && copy_to_user(data, readbuf, i)) -+ if (i > sizeof(readbuf) || copy_to_user(data, readbuf, i)) - i = -EFAULT; - unlock: - mutex_unlock(&dev->lock); -diff --git a/drivers/media/radio/radio-tea5777.h b/drivers/media/radio/radio-tea5777.h -index 55cbd78..428b0da 100644 ---- a/drivers/media/radio/radio-tea5777.h -+++ b/drivers/media/radio/radio-tea5777.h -@@ -63,7 +63,7 @@ struct radio_tea5777_ops { - - struct radio_tea5777 { - struct v4l2_device *v4l2_dev; -- struct v4l2_file_operations fops; -+ v4l2_file_operations_no_const fops; - struct video_device vd; /* video device */ - bool has_am; /* Device can tune to AM freqs */ - bool write_before_read; /* must write before read quirk */ -diff --git a/drivers/media/video/au0828/au0828.h b/drivers/media/video/au0828/au0828.h -index 9cde353..8c6a1c3 100644 ---- a/drivers/media/video/au0828/au0828.h -+++ b/drivers/media/video/au0828/au0828.h -@@ -191,7 +191,7 @@ struct au0828_dev { - - /* I2C */ - struct i2c_adapter i2c_adap; -- struct i2c_algorithm i2c_algo; -+ i2c_algorithm_no_const i2c_algo; - struct i2c_client i2c_client; - u32 i2c_rc; - -diff --git a/drivers/media/video/cx88/cx88-alsa.c b/drivers/media/video/cx88/cx88-alsa.c -index dfac6e3..c26de31 100644 ---- a/drivers/media/video/cx88/cx88-alsa.c -+++ b/drivers/media/video/cx88/cx88-alsa.c -@@ -749,7 +749,7 @@ static struct snd_kcontrol_new snd_cx88_alc_switch = { - * Only boards with eeprom and byte 1 at eeprom=1 have it - */ - --static const struct pci_device_id const cx88_audio_pci_tbl[] __devinitdata = { -+static const struct pci_device_id const cx88_audio_pci_tbl[] __devinitconst = { - {0x14f1,0x8801,PCI_ANY_ID,PCI_ANY_ID,0,0,0}, - {0x14f1,0x8811,PCI_ANY_ID,PCI_ANY_ID,0,0,0}, - {0, } -diff --git a/drivers/media/video/omap/omap_vout.c b/drivers/media/video/omap/omap_vout.c -index 88cf9d9..bbc4b2c 100644 ---- a/drivers/media/video/omap/omap_vout.c -+++ b/drivers/media/video/omap/omap_vout.c -@@ -64,7 +64,6 @@ enum omap_vout_channels { +diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c +index 8e9a668..78d6310 100644 +--- a/drivers/media/platform/omap/omap_vout.c ++++ b/drivers/media/platform/omap/omap_vout.c +@@ -63,7 +63,6 @@ enum omap_vout_channels { OMAP_VIDEO2, }; @@ -34518,7 +37782,7 @@ index 88cf9d9..bbc4b2c 100644 /* Variables configurable through module params*/ static u32 video1_numbuffers = 3; static u32 video2_numbuffers = 3; -@@ -1000,6 +999,12 @@ static int omap_vout_open(struct file *file) +@@ -1012,6 +1011,12 @@ static int omap_vout_open(struct file *file) { struct videobuf_queue *q; struct omap_vout_device *vout = NULL; @@ -34531,7 +37795,7 @@ index 88cf9d9..bbc4b2c 100644 vout = video_drvdata(file); v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__); -@@ -1017,10 +1022,6 @@ static int omap_vout_open(struct file *file) +@@ -1029,10 +1034,6 @@ static int omap_vout_open(struct file *file) vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT; q = &vout->vbq; @@ -34542,46 +37806,255 @@ index 88cf9d9..bbc4b2c 100644 spin_lock_init(&vout->vbq_lock); videobuf_queue_dma_contig_init(q, &video_vbq_ops, q->dev, -diff --git a/drivers/media/video/pvrusb2/pvrusb2-hdw-internal.h b/drivers/media/video/pvrusb2/pvrusb2-hdw-internal.h -index 036952f..80d356d 100644 ---- a/drivers/media/video/pvrusb2/pvrusb2-hdw-internal.h -+++ b/drivers/media/video/pvrusb2/pvrusb2-hdw-internal.h -@@ -196,7 +196,7 @@ struct pvr2_hdw { - - /* I2C stuff */ - struct i2c_adapter i2c_adap; -- struct i2c_algorithm i2c_algo; -+ i2c_algorithm_no_const i2c_algo; - pvr2_i2c_func i2c_func[PVR2_I2C_FUNC_CNT]; - int i2c_cx25840_hack_state; - int i2c_linked; -diff --git a/drivers/media/video/timblogiw.c b/drivers/media/video/timblogiw.c -index 02194c0..091733b 100644 ---- a/drivers/media/video/timblogiw.c -+++ b/drivers/media/video/timblogiw.c -@@ -745,7 +745,7 @@ static int timblogiw_mmap(struct file *file, struct vm_area_struct *vma) - - /* Platform device functions */ - --static __devinitconst struct v4l2_ioctl_ops timblogiw_ioctl_ops = { -+static __devinitconst v4l2_ioctl_ops_no_const timblogiw_ioctl_ops = { - .vidioc_querycap = timblogiw_querycap, - .vidioc_enum_fmt_vid_cap = timblogiw_enum_fmt, - .vidioc_g_fmt_vid_cap = timblogiw_g_fmt, -@@ -767,7 +767,7 @@ static __devinitconst struct v4l2_ioctl_ops timblogiw_ioctl_ops = { - .vidioc_enum_framesizes = timblogiw_enum_framesizes, - }; +diff --git a/drivers/media/platform/s5p-tv/mixer.h b/drivers/media/platform/s5p-tv/mixer.h +index b671e20..34088b7 100644 +--- a/drivers/media/platform/s5p-tv/mixer.h ++++ b/drivers/media/platform/s5p-tv/mixer.h +@@ -155,7 +155,7 @@ struct mxr_layer { + /** layer index (unique identifier) */ + int idx; + /** callbacks for layer methods */ +- struct mxr_layer_ops ops; ++ struct mxr_layer_ops *ops; + /** format array */ + const struct mxr_format **fmt_array; + /** size of format array */ +diff --git a/drivers/media/platform/s5p-tv/mixer_grp_layer.c b/drivers/media/platform/s5p-tv/mixer_grp_layer.c +index b93a21f..2535195 100644 +--- a/drivers/media/platform/s5p-tv/mixer_grp_layer.c ++++ b/drivers/media/platform/s5p-tv/mixer_grp_layer.c +@@ -235,7 +235,7 @@ struct mxr_layer *mxr_graph_layer_create(struct mxr_device *mdev, int idx) + { + struct mxr_layer *layer; + int ret; +- struct mxr_layer_ops ops = { ++ static struct mxr_layer_ops ops = { + .release = mxr_graph_layer_release, + .buffer_set = mxr_graph_buffer_set, + .stream_set = mxr_graph_stream_set, +diff --git a/drivers/media/platform/s5p-tv/mixer_reg.c b/drivers/media/platform/s5p-tv/mixer_reg.c +index 3b1670a..595c939 100644 +--- a/drivers/media/platform/s5p-tv/mixer_reg.c ++++ b/drivers/media/platform/s5p-tv/mixer_reg.c +@@ -276,7 +276,7 @@ static void mxr_irq_layer_handle(struct mxr_layer *layer) + layer->update_buf = next; + } + +- layer->ops.buffer_set(layer, layer->update_buf); ++ layer->ops->buffer_set(layer, layer->update_buf); + + if (done && done != layer->shadow_buf) + vb2_buffer_done(&done->vb, VB2_BUF_STATE_DONE); +diff --git a/drivers/media/platform/s5p-tv/mixer_video.c b/drivers/media/platform/s5p-tv/mixer_video.c +index 1f3b743..e839271 100644 +--- a/drivers/media/platform/s5p-tv/mixer_video.c ++++ b/drivers/media/platform/s5p-tv/mixer_video.c +@@ -208,7 +208,7 @@ static void mxr_layer_default_geo(struct mxr_layer *layer) + layer->geo.src.height = layer->geo.src.full_height; + + mxr_geometry_dump(mdev, &layer->geo); +- layer->ops.fix_geometry(layer, MXR_GEOMETRY_SINK, 0); ++ layer->ops->fix_geometry(layer, MXR_GEOMETRY_SINK, 0); + mxr_geometry_dump(mdev, &layer->geo); + } + +@@ -226,7 +226,7 @@ static void mxr_layer_update_output(struct mxr_layer *layer) + layer->geo.dst.full_width = mbus_fmt.width; + layer->geo.dst.full_height = mbus_fmt.height; + layer->geo.dst.field = mbus_fmt.field; +- layer->ops.fix_geometry(layer, MXR_GEOMETRY_SINK, 0); ++ layer->ops->fix_geometry(layer, MXR_GEOMETRY_SINK, 0); + + mxr_geometry_dump(mdev, &layer->geo); + } +@@ -332,7 +332,7 @@ static int mxr_s_fmt(struct file *file, void *priv, + /* set source size to highest accepted value */ + geo->src.full_width = max(geo->dst.full_width, pix->width); + geo->src.full_height = max(geo->dst.full_height, pix->height); +- layer->ops.fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0); ++ layer->ops->fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0); + mxr_geometry_dump(mdev, &layer->geo); + /* set cropping to total visible screen */ + geo->src.width = pix->width; +@@ -340,12 +340,12 @@ static int mxr_s_fmt(struct file *file, void *priv, + geo->src.x_offset = 0; + geo->src.y_offset = 0; + /* assure consistency of geometry */ +- layer->ops.fix_geometry(layer, MXR_GEOMETRY_CROP, MXR_NO_OFFSET); ++ layer->ops->fix_geometry(layer, MXR_GEOMETRY_CROP, MXR_NO_OFFSET); + mxr_geometry_dump(mdev, &layer->geo); + /* set full size to lowest possible value */ + geo->src.full_width = 0; + geo->src.full_height = 0; +- layer->ops.fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0); ++ layer->ops->fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0); + mxr_geometry_dump(mdev, &layer->geo); + + /* returning results */ +@@ -472,7 +472,7 @@ static int mxr_s_selection(struct file *file, void *fh, + target->width = s->r.width; + target->height = s->r.height; + +- layer->ops.fix_geometry(layer, stage, s->flags); ++ layer->ops->fix_geometry(layer, stage, s->flags); + + /* retrieve update selection rectangle */ + res.left = target->x_offset; +@@ -937,13 +937,13 @@ static int start_streaming(struct vb2_queue *vq, unsigned int count) + mxr_output_get(mdev); + + mxr_layer_update_output(layer); +- layer->ops.format_set(layer); ++ layer->ops->format_set(layer); + /* enabling layer in hardware */ + spin_lock_irqsave(&layer->enq_slock, flags); + layer->state = MXR_LAYER_STREAMING; + spin_unlock_irqrestore(&layer->enq_slock, flags); + +- layer->ops.stream_set(layer, MXR_ENABLE); ++ layer->ops->stream_set(layer, MXR_ENABLE); + mxr_streamer_get(mdev); + + return 0; +@@ -1013,7 +1013,7 @@ static int stop_streaming(struct vb2_queue *vq) + spin_unlock_irqrestore(&layer->enq_slock, flags); + + /* disabling layer in hardware */ +- layer->ops.stream_set(layer, MXR_DISABLE); ++ layer->ops->stream_set(layer, MXR_DISABLE); + /* remove one streamer */ + mxr_streamer_put(mdev); + /* allow changes in output configuration */ +@@ -1052,8 +1052,8 @@ void mxr_base_layer_unregister(struct mxr_layer *layer) + + void mxr_layer_release(struct mxr_layer *layer) + { +- if (layer->ops.release) +- layer->ops.release(layer); ++ if (layer->ops->release) ++ layer->ops->release(layer); + } + + void mxr_base_layer_release(struct mxr_layer *layer) +@@ -1079,7 +1079,7 @@ struct mxr_layer *mxr_base_layer_create(struct mxr_device *mdev, + + layer->mdev = mdev; + layer->idx = idx; +- layer->ops = *ops; ++ layer->ops = ops; + + spin_lock_init(&layer->enq_slock); + INIT_LIST_HEAD(&layer->enq_list); +diff --git a/drivers/media/platform/s5p-tv/mixer_vp_layer.c b/drivers/media/platform/s5p-tv/mixer_vp_layer.c +index 3d13a63..da31bf1 100644 +--- a/drivers/media/platform/s5p-tv/mixer_vp_layer.c ++++ b/drivers/media/platform/s5p-tv/mixer_vp_layer.c +@@ -206,7 +206,7 @@ struct mxr_layer *mxr_vp_layer_create(struct mxr_device *mdev, int idx) + { + struct mxr_layer *layer; + int ret; +- struct mxr_layer_ops ops = { ++ static struct mxr_layer_ops ops = { + .release = mxr_vp_layer_release, + .buffer_set = mxr_vp_buffer_set, + .stream_set = mxr_vp_stream_set, +diff --git a/drivers/media/radio/radio-cadet.c b/drivers/media/radio/radio-cadet.c +index 643d80a..56bb96b 100644 +--- a/drivers/media/radio/radio-cadet.c ++++ b/drivers/media/radio/radio-cadet.c +@@ -302,6 +302,8 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo + unsigned char readbuf[RDS_BUFFER]; + int i = 0; + ++ if (count > RDS_BUFFER) ++ return -EFAULT; + mutex_lock(&dev->lock); + if (dev->rdsstat == 0) + cadet_start_rds(dev); +@@ -317,7 +319,7 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo + while (i < count && dev->rdsin != dev->rdsout) + readbuf[i++] = dev->rdsbuf[dev->rdsout++]; + +- if (i && copy_to_user(data, readbuf, i)) ++ if (i > sizeof(readbuf) || copy_to_user(data, readbuf, i)) + i = -EFAULT; + unlock: + mutex_unlock(&dev->lock); +diff --git a/drivers/media/usb/dvb-usb/cxusb.c b/drivers/media/usb/dvb-usb/cxusb.c +index 3940bb0..fb3952a 100644 +--- a/drivers/media/usb/dvb-usb/cxusb.c ++++ b/drivers/media/usb/dvb-usb/cxusb.c +@@ -1068,7 +1068,7 @@ static struct dib0070_config dib7070p_dib0070_config = { + + struct dib0700_adapter_state { + int (*set_param_save) (struct dvb_frontend *); +-}; ++} __no_const; + + static int dib7070_set_param_override(struct dvb_frontend *fe) + { +diff --git a/drivers/media/usb/dvb-usb/dw2102.c b/drivers/media/usb/dvb-usb/dw2102.c +index 9382895..ac8093c 100644 +--- a/drivers/media/usb/dvb-usb/dw2102.c ++++ b/drivers/media/usb/dvb-usb/dw2102.c +@@ -95,7 +95,7 @@ struct su3000_state { + + struct s6x0_state { + int (*old_set_voltage)(struct dvb_frontend *f, fe_sec_voltage_t v); +-}; ++} __no_const; + + /* debug */ + static int dvb_usb_dw2102_debug; +diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c +index aa6e7c7..4cd8061 100644 +--- a/drivers/media/v4l2-core/v4l2-ioctl.c ++++ b/drivers/media/v4l2-core/v4l2-ioctl.c +@@ -1923,7 +1923,8 @@ struct v4l2_ioctl_info { + struct file *file, void *fh, void *p); + } u; + void (*debug)(const void *arg, bool write_only); +-}; ++} __do_const; ++typedef struct v4l2_ioctl_info __no_const v4l2_ioctl_info_no_const; + + /* This control needs a priority check */ + #define INFO_FL_PRIO (1 << 0) +@@ -2108,7 +2109,7 @@ static long __video_do_ioctl(struct file *file, + struct video_device *vfd = video_devdata(file); + const struct v4l2_ioctl_ops *ops = vfd->ioctl_ops; + bool write_only = false; +- struct v4l2_ioctl_info default_info; ++ v4l2_ioctl_info_no_const default_info; + const struct v4l2_ioctl_info *info; + void *fh = file->private_data; + struct v4l2_fh *vfh = NULL; +diff --git a/drivers/memstick/host/r592.c b/drivers/memstick/host/r592.c +index 29b2172..a7c5b31 100644 +--- a/drivers/memstick/host/r592.c ++++ b/drivers/memstick/host/r592.c +@@ -454,7 +454,7 @@ static int r592_transfer_fifo_pio(struct r592_device *dev) + /* Executes one TPC (data is read/written from small or large fifo) */ + static void r592_execute_tpc(struct r592_device *dev) + { +- bool is_write = dev->req->tpc >= MS_TPC_SET_RW_REG_ADRS; ++ bool is_write; + int len, error; + u32 status, reg; + +@@ -463,6 +463,7 @@ static void r592_execute_tpc(struct r592_device *dev) + return; + } + ++ is_write = dev->req->tpc >= MS_TPC_SET_RW_REG_ADRS; + len = dev->req->long_data ? + dev->req->sg.length : dev->req->data_len; --static __devinitconst struct v4l2_file_operations timblogiw_fops = { -+static __devinitconst v4l2_file_operations_no_const timblogiw_fops = { - .owner = THIS_MODULE, - .open = timblogiw_open, - .release = timblogiw_close, diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c -index d99db56..a16b959 100644 +index fb69baa..cf7ad22 100644 --- a/drivers/message/fusion/mptbase.c +++ b/drivers/message/fusion/mptbase.c -@@ -6751,8 +6751,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v) +@@ -6755,8 +6755,13 @@ static int mpt_iocinfo_proc_show(struct seq_file *m, void *v) seq_printf(m, " MaxChainDepth = 0x%02x frames\n", ioc->facts.MaxChainDepth); seq_printf(m, " MinBlockSize = 0x%02x bytes\n", 4*ioc->facts.BlockSize); @@ -34596,7 +38069,7 @@ index d99db56..a16b959 100644 * Rounding UP to nearest 4-kB boundary here... */ diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c -index 551262e..7551198 100644 +index fa43c39..daeb158 100644 --- a/drivers/message/fusion/mptsas.c +++ b/drivers/message/fusion/mptsas.c @@ -446,6 +446,23 @@ mptsas_is_end_device(struct mptsas_devinfo * attached) @@ -34648,10 +38121,10 @@ index 551262e..7551198 100644 mptsas_get_port(struct mptsas_phyinfo *phy_info) { diff --git a/drivers/message/fusion/mptscsih.c b/drivers/message/fusion/mptscsih.c -index 0c3ced7..1fe34ec 100644 +index 164afa7..b6b2e74 100644 --- a/drivers/message/fusion/mptscsih.c +++ b/drivers/message/fusion/mptscsih.c -@@ -1270,15 +1270,16 @@ mptscsih_info(struct Scsi_Host *SChost) +@@ -1271,15 +1271,16 @@ mptscsih_info(struct Scsi_Host *SChost) h = shost_priv(SChost); @@ -34835,21 +38308,8 @@ index a8c08f3..155fe3d 100644 INIT_LIST_HEAD(&c->context_list); #endif -diff --git a/drivers/mfd/abx500-core.c b/drivers/mfd/abx500-core.c -index 7ce65f4..e66e9bc 100644 ---- a/drivers/mfd/abx500-core.c -+++ b/drivers/mfd/abx500-core.c -@@ -15,7 +15,7 @@ static LIST_HEAD(abx500_list); - - struct abx500_device_entry { - struct list_head list; -- struct abx500_ops ops; -+ abx500_ops_no_const ops; - struct device *dev; - }; - diff --git a/drivers/mfd/janz-cmodio.c b/drivers/mfd/janz-cmodio.c -index 965c480..71f2db9 100644 +index 45ece11..8efa218 100644 --- a/drivers/mfd/janz-cmodio.c +++ b/drivers/mfd/janz-cmodio.c @@ -13,6 +13,7 @@ @@ -34860,6 +38320,70 @@ index 965c480..71f2db9 100644 #include <linux/init.h> #include <linux/pci.h> #include <linux/interrupt.h> +diff --git a/drivers/mfd/twl4030-irq.c b/drivers/mfd/twl4030-irq.c +index a5f9888..1c0ed56 100644 +--- a/drivers/mfd/twl4030-irq.c ++++ b/drivers/mfd/twl4030-irq.c +@@ -35,6 +35,7 @@ + #include <linux/of.h> + #include <linux/irqdomain.h> + #include <linux/i2c/twl.h> ++#include <asm/pgtable.h> + + #include "twl-core.h" + +@@ -728,10 +729,12 @@ int twl4030_init_irq(struct device *dev, int irq_num) + * Install an irq handler for each of the SIH modules; + * clone dummy irq_chip since PIH can't *do* anything + */ +- twl4030_irq_chip = dummy_irq_chip; +- twl4030_irq_chip.name = "twl4030"; ++ pax_open_kernel(); ++ memcpy((void *)&twl4030_irq_chip, &dummy_irq_chip, sizeof twl4030_irq_chip); ++ *(const char **)&twl4030_irq_chip.name = "twl4030"; + +- twl4030_sih_irq_chip.irq_ack = dummy_irq_chip.irq_ack; ++ *(void **)&twl4030_sih_irq_chip.irq_ack = dummy_irq_chip.irq_ack; ++ pax_close_kernel(); + + for (i = irq_base; i < irq_end; i++) { + irq_set_chip_and_handler(i, &twl4030_irq_chip, +diff --git a/drivers/mfd/twl6030-irq.c b/drivers/mfd/twl6030-irq.c +index 277a8db..0e0b754 100644 +--- a/drivers/mfd/twl6030-irq.c ++++ b/drivers/mfd/twl6030-irq.c +@@ -387,10 +387,12 @@ int twl6030_init_irq(struct device *dev, int irq_num) + * install an irq handler for each of the modules; + * clone dummy irq_chip since PIH can't *do* anything + */ +- twl6030_irq_chip = dummy_irq_chip; +- twl6030_irq_chip.name = "twl6030"; +- twl6030_irq_chip.irq_set_type = NULL; +- twl6030_irq_chip.irq_set_wake = twl6030_irq_set_wake; ++ pax_open_kernel(); ++ memcpy((void *)&twl6030_irq_chip, &dummy_irq_chip, sizeof twl6030_irq_chip); ++ *(const char **)&twl6030_irq_chip.name = "twl6030"; ++ *(void **)&twl6030_irq_chip.irq_set_type = NULL; ++ *(void **)&twl6030_irq_chip.irq_set_wake = twl6030_irq_set_wake; ++ pax_close_kernel(); + + for (i = irq_base; i < irq_end; i++) { + irq_set_chip_and_handler(i, &twl6030_irq_chip, +diff --git a/drivers/misc/c2port/core.c b/drivers/misc/c2port/core.c +index f428d86..274c368 100644 +--- a/drivers/misc/c2port/core.c ++++ b/drivers/misc/c2port/core.c +@@ -924,7 +924,9 @@ struct c2port_device *c2port_device_register(char *name, + mutex_init(&c2dev->mutex); + + /* Create binary file */ +- c2port_bin_attrs.size = ops->blocks_num * ops->block_size; ++ pax_open_kernel(); ++ *(size_t *)&c2port_bin_attrs.size = ops->blocks_num * ops->block_size; ++ pax_close_kernel(); + ret = device_create_bin_file(c2dev->dev, &c2port_bin_attrs); + if (unlikely(ret)) + goto error_device_create_bin_file; diff --git a/drivers/misc/kgdbts.c b/drivers/misc/kgdbts.c index 3aa9a96..59cf685 100644 --- a/drivers/misc/kgdbts.c @@ -34883,10 +38407,10 @@ index 3aa9a96..59cf685 100644 if (memcmp(before, after, BREAK_INSTR_SIZE)) { printk(KERN_CRIT "kgdbts: ERROR kgdb corrupted memory\n"); diff --git a/drivers/misc/lis3lv02d/lis3lv02d.c b/drivers/misc/lis3lv02d/lis3lv02d.c -index a981e2a..5ca0c8b 100644 +index 4a87e5c..76bdf5c 100644 --- a/drivers/misc/lis3lv02d/lis3lv02d.c +++ b/drivers/misc/lis3lv02d/lis3lv02d.c -@@ -466,7 +466,7 @@ static irqreturn_t lis302dl_interrupt(int irq, void *data) +@@ -498,7 +498,7 @@ static irqreturn_t lis302dl_interrupt(int irq, void *data) * the lid is closed. This leads to interrupts as soon as a little move * is done. */ @@ -34895,7 +38419,7 @@ index a981e2a..5ca0c8b 100644 wake_up_interruptible(&lis3->misc_wait); kill_fasync(&lis3->async_queue, SIGIO, POLL_IN); -@@ -552,7 +552,7 @@ static int lis3lv02d_misc_open(struct inode *inode, struct file *file) +@@ -584,7 +584,7 @@ static int lis3lv02d_misc_open(struct inode *inode, struct file *file) if (lis3->pm_dev) pm_runtime_get_sync(lis3->pm_dev); @@ -34904,7 +38428,7 @@ index a981e2a..5ca0c8b 100644 return 0; } -@@ -585,7 +585,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file, char __user *buf, +@@ -617,7 +617,7 @@ static ssize_t lis3lv02d_misc_read(struct file *file, char __user *buf, add_wait_queue(&lis3->misc_wait, &wait); while (true) { set_current_state(TASK_INTERRUPTIBLE); @@ -34913,7 +38437,7 @@ index a981e2a..5ca0c8b 100644 if (data) break; -@@ -626,7 +626,7 @@ static unsigned int lis3lv02d_misc_poll(struct file *file, poll_table *wait) +@@ -658,7 +658,7 @@ static unsigned int lis3lv02d_misc_poll(struct file *file, poll_table *wait) struct lis3lv02d, miscdev); poll_wait(file, &lis3->misc_wait, wait); @@ -34923,10 +38447,10 @@ index a981e2a..5ca0c8b 100644 return 0; } diff --git a/drivers/misc/lis3lv02d/lis3lv02d.h b/drivers/misc/lis3lv02d/lis3lv02d.h -index 2b1482a..5d33616 100644 +index c439c82..1f20f57 100644 --- a/drivers/misc/lis3lv02d/lis3lv02d.h +++ b/drivers/misc/lis3lv02d/lis3lv02d.h -@@ -266,7 +266,7 @@ struct lis3lv02d { +@@ -297,7 +297,7 @@ struct lis3lv02d { struct input_polled_dev *idev; /* input device */ struct platform_device *pdev; /* platform device */ struct regulator_bulk_data regulators[2]; @@ -35036,31 +38560,6 @@ index 5c3ce24..4915ccb 100644 - atomic_long_t flush_tlb_gru; - atomic_long_t flush_tlb_gru_tgh; - atomic_long_t flush_tlb_gru_zero_asid; -- -- atomic_long_t copy_gpa; -- atomic_long_t read_gpa; -- -- atomic_long_t mesq_receive; -- atomic_long_t mesq_receive_none; -- atomic_long_t mesq_send; -- atomic_long_t mesq_send_failed; -- atomic_long_t mesq_noop; -- atomic_long_t mesq_send_unexpected_error; -- atomic_long_t mesq_send_lb_overflow; -- atomic_long_t mesq_send_qlimit_reached; -- atomic_long_t mesq_send_amo_nacked; -- atomic_long_t mesq_send_put_nacked; -- atomic_long_t mesq_page_overflow; -- atomic_long_t mesq_qf_locked; -- atomic_long_t mesq_qf_noop_not_full; -- atomic_long_t mesq_qf_switch_head_failed; -- atomic_long_t mesq_qf_unexpected_error; -- atomic_long_t mesq_noop_unexpected_error; -- atomic_long_t mesq_noop_lb_overflow; -- atomic_long_t mesq_noop_qlimit_reached; -- atomic_long_t mesq_noop_amo_nacked; -- atomic_long_t mesq_noop_put_nacked; -- atomic_long_t mesq_noop_page_overflow; + atomic_long_unchecked_t vdata_alloc; + atomic_long_unchecked_t vdata_free; + atomic_long_unchecked_t gts_alloc; @@ -35112,10 +38611,33 @@ index 5c3ce24..4915ccb 100644 + atomic_long_unchecked_t flush_tlb_gru; + atomic_long_unchecked_t flush_tlb_gru_tgh; + atomic_long_unchecked_t flush_tlb_gru_zero_asid; -+ + +- atomic_long_t copy_gpa; +- atomic_long_t read_gpa; + atomic_long_unchecked_t copy_gpa; + atomic_long_unchecked_t read_gpa; -+ + +- atomic_long_t mesq_receive; +- atomic_long_t mesq_receive_none; +- atomic_long_t mesq_send; +- atomic_long_t mesq_send_failed; +- atomic_long_t mesq_noop; +- atomic_long_t mesq_send_unexpected_error; +- atomic_long_t mesq_send_lb_overflow; +- atomic_long_t mesq_send_qlimit_reached; +- atomic_long_t mesq_send_amo_nacked; +- atomic_long_t mesq_send_put_nacked; +- atomic_long_t mesq_page_overflow; +- atomic_long_t mesq_qf_locked; +- atomic_long_t mesq_qf_noop_not_full; +- atomic_long_t mesq_qf_switch_head_failed; +- atomic_long_t mesq_qf_unexpected_error; +- atomic_long_t mesq_noop_unexpected_error; +- atomic_long_t mesq_noop_lb_overflow; +- atomic_long_t mesq_noop_qlimit_reached; +- atomic_long_t mesq_noop_amo_nacked; +- atomic_long_t mesq_noop_put_nacked; +- atomic_long_t mesq_noop_page_overflow; + atomic_long_unchecked_t mesq_receive; + atomic_long_unchecked_t mesq_receive_none; + atomic_long_unchecked_t mesq_send; @@ -35195,7 +38717,7 @@ index b94d5f7..7f494c5 100644 extern int xpc_disengage_timedout; extern int xpc_activate_IRQ_rcvd; diff --git a/drivers/misc/sgi-xp/xpc_main.c b/drivers/misc/sgi-xp/xpc_main.c -index d971817..3805cce 100644 +index d971817..33bdca5 100644 --- a/drivers/misc/sgi-xp/xpc_main.c +++ b/drivers/misc/sgi-xp/xpc_main.c @@ -166,7 +166,7 @@ static struct notifier_block xpc_die_notifier = { @@ -35207,19 +38729,58 @@ index d971817..3805cce 100644 /* * Timer function to enforce the timelimit on the partition disengage. -diff --git a/drivers/mmc/host/sdhci-pci.c b/drivers/mmc/host/sdhci-pci.c -index 504da71..9722d43 100644 ---- a/drivers/mmc/host/sdhci-pci.c -+++ b/drivers/mmc/host/sdhci-pci.c -@@ -653,7 +653,7 @@ static const struct sdhci_pci_fixes sdhci_via = { - .probe = via_probe, - }; +@@ -1210,7 +1210,7 @@ xpc_system_die(struct notifier_block *nb, unsigned long event, void *_die_args) --static const struct pci_device_id pci_ids[] __devinitdata = { -+static const struct pci_device_id pci_ids[] __devinitconst = { - { - .vendor = PCI_VENDOR_ID_RICOH, - .device = PCI_DEVICE_ID_RICOH_R5C822, + if (((die_args->trapnr == X86_TRAP_MF) || + (die_args->trapnr == X86_TRAP_XF)) && +- !user_mode_vm(die_args->regs)) ++ !user_mode(die_args->regs)) + xpc_die_deactivate(); + + break; +diff --git a/drivers/mmc/core/mmc_ops.c b/drivers/mmc/core/mmc_ops.c +index 6d8f701..35b6369 100644 +--- a/drivers/mmc/core/mmc_ops.c ++++ b/drivers/mmc/core/mmc_ops.c +@@ -247,7 +247,7 @@ mmc_send_cxd_data(struct mmc_card *card, struct mmc_host *host, + void *data_buf; + int is_on_stack; + +- is_on_stack = object_is_on_stack(buf); ++ is_on_stack = object_starts_on_stack(buf); + if (is_on_stack) { + /* + * dma onto stack is unsafe/nonportable, but callers to this +diff --git a/drivers/mmc/host/dw_mmc.h b/drivers/mmc/host/dw_mmc.h +index 53b8fd9..615b462 100644 +--- a/drivers/mmc/host/dw_mmc.h ++++ b/drivers/mmc/host/dw_mmc.h +@@ -205,5 +205,5 @@ struct dw_mci_drv_data { + int (*parse_dt)(struct dw_mci *host); + int (*setup_bus)(struct dw_mci *host, + struct device_node *slot_np, u8 bus_width); +-}; ++} __do_const; + #endif /* _DW_MMC_H_ */ +diff --git a/drivers/mmc/host/sdhci-s3c.c b/drivers/mmc/host/sdhci-s3c.c +index 82a8de1..3c56ccb 100644 +--- a/drivers/mmc/host/sdhci-s3c.c ++++ b/drivers/mmc/host/sdhci-s3c.c +@@ -721,9 +721,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev) + * we can use overriding functions instead of default. + */ + if (host->quirks & SDHCI_QUIRK_NONSTANDARD_CLOCK) { +- sdhci_s3c_ops.set_clock = sdhci_cmu_set_clock; +- sdhci_s3c_ops.get_min_clock = sdhci_cmu_get_min_clock; +- sdhci_s3c_ops.get_max_clock = sdhci_cmu_get_max_clock; ++ pax_open_kernel(); ++ *(void **)&sdhci_s3c_ops.set_clock = sdhci_cmu_set_clock; ++ *(void **)&sdhci_s3c_ops.get_min_clock = sdhci_cmu_get_min_clock; ++ *(void **)&sdhci_s3c_ops.get_max_clock = sdhci_cmu_get_max_clock; ++ pax_close_kernel(); + } + + /* It supports additional host capabilities if needed */ diff --git a/drivers/mtd/devices/doc2000.c b/drivers/mtd/devices/doc2000.c index a4eb8b5..8c0628f 100644 --- a/drivers/mtd/devices/doc2000.c @@ -35234,11 +38795,11 @@ index a4eb8b5..8c0628f 100644 "ECC needs a full sector write (adr: %lx size %lx)\n", (long) to, (long) len); diff --git a/drivers/mtd/nand/denali.c b/drivers/mtd/nand/denali.c -index 0650aaf..7718762 100644 +index 0c8bb6b..6f35deb 100644 --- a/drivers/mtd/nand/denali.c +++ b/drivers/mtd/nand/denali.c -@@ -26,6 +26,7 @@ - #include <linux/pci.h> +@@ -24,6 +24,7 @@ + #include <linux/slab.h> #include <linux/mtd/mtd.h> #include <linux/module.h> +#include <linux/slab.h> @@ -35257,75 +38818,106 @@ index 51b9d6a..52af9a7 100644 #include <linux/mtd/mtd.h> #include <linux/mtd/nand.h> #include <linux/mtd/nftl.h> -diff --git a/drivers/net/bonding/bond_sysfs.c b/drivers/net/bonding/bond_sysfs.c -index 21609f9..ba4f95b 100644 ---- a/drivers/net/bonding/bond_sysfs.c -+++ b/drivers/net/bonding/bond_sysfs.c -@@ -1060,7 +1060,7 @@ static ssize_t bonding_store_primary(struct device *d, - goto out; - } - -- sscanf(buf, "%16s", ifname); /* IFNAMSIZ */ -+ sscanf(buf, "%15s", ifname); /* IFNAMSIZ */ +diff --git a/drivers/mtd/sm_ftl.c b/drivers/mtd/sm_ftl.c +index 8dd6ba5..419cc1d 100644 +--- a/drivers/mtd/sm_ftl.c ++++ b/drivers/mtd/sm_ftl.c +@@ -56,7 +56,7 @@ ssize_t sm_attr_show(struct device *dev, struct device_attribute *attr, + #define SM_CIS_VENDOR_OFFSET 0x59 + struct attribute_group *sm_create_sysfs_attributes(struct sm_ftl *ftl) + { +- struct attribute_group *attr_group; ++ attribute_group_no_const *attr_group; + struct attribute **attributes; + struct sm_sysfs_attribute *vendor_attribute; + +diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c +index b7d45f3..b5c89d9 100644 +--- a/drivers/net/bonding/bond_main.c ++++ b/drivers/net/bonding/bond_main.c +@@ -4861,7 +4861,7 @@ static unsigned int bond_get_num_tx_queues(void) + return tx_queues; + } + +-static struct rtnl_link_ops bond_link_ops __read_mostly = { ++static struct rtnl_link_ops bond_link_ops = { + .kind = "bond", + .priv_size = sizeof(struct bonding), + .setup = bond_setup, +diff --git a/drivers/net/ethernet/8390/ax88796.c b/drivers/net/ethernet/8390/ax88796.c +index 70dba5d..11a0919 100644 +--- a/drivers/net/ethernet/8390/ax88796.c ++++ b/drivers/net/ethernet/8390/ax88796.c +@@ -872,9 +872,11 @@ static int ax_probe(struct platform_device *pdev) + if (ax->plat->reg_offsets) + ei_local->reg_offset = ax->plat->reg_offsets; + else { ++ resource_size_t _mem_size = mem_size; ++ do_div(_mem_size, 0x18); + ei_local->reg_offset = ax->reg_offsets; + for (ret = 0; ret < 0x18; ret++) +- ax->reg_offsets[ret] = (mem_size / 0x18) * ret; ++ ax->reg_offsets[ret] = _mem_size * ret; + } + + if (!request_mem_region(mem->start, mem_size, pdev->name)) { +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h +index 0991534..8098e92 100644 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h +@@ -1094,7 +1094,7 @@ static inline u8 bnx2x_get_path_func_num(struct bnx2x *bp) + static inline void bnx2x_init_bp_objs(struct bnx2x *bp) + { + /* RX_MODE controlling object */ +- bnx2x_init_rx_mode_obj(bp, &bp->rx_mode_obj); ++ bnx2x_init_rx_mode_obj(bp); + + /* multicast configuration controlling object */ + bnx2x_init_mcast_obj(bp, &bp->mcast_obj, bp->fp->cl_id, bp->fp->cid, +diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c +index 09b625e..15b16fe 100644 +--- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c ++++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c +@@ -2375,15 +2375,14 @@ int bnx2x_config_rx_mode(struct bnx2x *bp, + return rc; + } - /* check to see if we are clearing primary */ - if (!strlen(ifname) || buf[0] == '\n') { -@@ -1237,7 +1237,7 @@ static ssize_t bonding_store_active_slave(struct device *d, - goto out; +-void bnx2x_init_rx_mode_obj(struct bnx2x *bp, +- struct bnx2x_rx_mode_obj *o) ++void bnx2x_init_rx_mode_obj(struct bnx2x *bp) + { + if (CHIP_IS_E1x(bp)) { +- o->wait_comp = bnx2x_empty_rx_mode_wait; +- o->config_rx_mode = bnx2x_set_rx_mode_e1x; ++ bp->rx_mode_obj.wait_comp = bnx2x_empty_rx_mode_wait; ++ bp->rx_mode_obj.config_rx_mode = bnx2x_set_rx_mode_e1x; + } else { +- o->wait_comp = bnx2x_wait_rx_mode_comp_e2; +- o->config_rx_mode = bnx2x_set_rx_mode_e2; ++ bp->rx_mode_obj.wait_comp = bnx2x_wait_rx_mode_comp_e2; ++ bp->rx_mode_obj.config_rx_mode = bnx2x_set_rx_mode_e2; } + } -- sscanf(buf, "%16s", ifname); /* IFNAMSIZ */ -+ sscanf(buf, "%15s", ifname); /* IFNAMSIZ */ - - /* check to see if we are clearing active */ - if (!strlen(ifname) || buf[0] == '\n') { -diff --git a/drivers/net/ethernet/atheros/atlx/atl2.c b/drivers/net/ethernet/atheros/atlx/atl2.c -index 57d64b8..623dd86 100644 ---- a/drivers/net/ethernet/atheros/atlx/atl2.c -+++ b/drivers/net/ethernet/atheros/atlx/atl2.c -@@ -2845,7 +2845,7 @@ static void atl2_force_ps(struct atl2_hw *hw) - */ - - #define ATL2_PARAM(X, desc) \ -- static const int __devinitdata X[ATL2_MAX_NIC + 1] = ATL2_PARAM_INIT; \ -+ static const int __devinitconst X[ATL2_MAX_NIC + 1] = ATL2_PARAM_INIT; \ - MODULE_PARM(X, "1-" __MODULE_STRING(ATL2_MAX_NIC) "i"); \ - MODULE_PARM_DESC(X, desc); - #else -diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c -index b028b5e..2ef481f 100644 ---- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c -+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c -@@ -3051,9 +3051,8 @@ static void bnx2x_drv_info_ether_stat(struct bnx2x *bp) - struct eth_stats_info *ether_stat = - &bp->slowpath->drv_info_to_mcp.ether_stat; - -- /* leave last char as NULL */ -- memcpy(ether_stat->version, DRV_MODULE_VERSION, -- ETH_STAT_INFO_VERSION_LEN - 1); -+ strlcpy(ether_stat->version, DRV_MODULE_VERSION, -+ ETH_STAT_INFO_VERSION_LEN); - - bp->sp_objs[0].mac_obj.get_n_elements(bp, &bp->sp_objs[0].mac_obj, - DRV_INFO_ETH_STAT_NUM_MACS_REQUIRED, diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -index f83e033..8b4f43a 100644 +index adbd91b..58ec94a 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -@@ -486,7 +486,7 @@ struct bnx2x_rx_mode_obj { +@@ -1293,8 +1293,7 @@ int bnx2x_vlan_mac_move(struct bnx2x *bp, - int (*wait_comp)(struct bnx2x *bp, - struct bnx2x_rx_mode_ramrod_params *p); --}; -+} __no_const; + /********************* RX MODE ****************/ - /********************** Set multicast group ***********************************/ +-void bnx2x_init_rx_mode_obj(struct bnx2x *bp, +- struct bnx2x_rx_mode_obj *o); ++void bnx2x_init_rx_mode_obj(struct bnx2x *bp); + /** + * bnx2x_config_rx_mode - Send and RX_MODE ramrod according to the provided parameters. diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h -index 6d52cb2..bc95640 100644 +index d330e81..ce1fb9a 100644 --- a/drivers/net/ethernet/broadcom/tg3.h +++ b/drivers/net/ethernet/broadcom/tg3.h -@@ -140,6 +140,7 @@ +@@ -146,6 +146,7 @@ #define CHIPREV_ID_5750_A0 0x4000 #define CHIPREV_ID_5750_A1 0x4001 #define CHIPREV_ID_5750_A3 0x4003 @@ -35347,7 +38939,7 @@ index 8cffcdf..aadf043 100644 #define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb) diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethernet/dec/tulip/de4x5.c -index f879e92..726f20f 100644 +index 4c83003..2a2a5b9 100644 --- a/drivers/net/ethernet/dec/tulip/de4x5.c +++ b/drivers/net/ethernet/dec/tulip/de4x5.c @@ -5388,7 +5388,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) @@ -35368,63 +38960,11 @@ index f879e92..726f20f 100644 return -EFAULT; break; } -diff --git a/drivers/net/ethernet/dec/tulip/eeprom.c b/drivers/net/ethernet/dec/tulip/eeprom.c -index ed7d1dc..d426748 100644 ---- a/drivers/net/ethernet/dec/tulip/eeprom.c -+++ b/drivers/net/ethernet/dec/tulip/eeprom.c -@@ -79,7 +79,7 @@ static struct eeprom_fixup eeprom_fixups[] __devinitdata = { - {NULL}}; - - --static const char *block_name[] __devinitdata = { -+static const char *block_name[] __devinitconst = { - "21140 non-MII", - "21140 MII PHY", - "21142 Serial PHY", -diff --git a/drivers/net/ethernet/dec/tulip/uli526x.c b/drivers/net/ethernet/dec/tulip/uli526x.c -index 75d45f8..3d9c55b 100644 ---- a/drivers/net/ethernet/dec/tulip/uli526x.c -+++ b/drivers/net/ethernet/dec/tulip/uli526x.c -@@ -129,7 +129,7 @@ struct uli526x_board_info { - struct uli_phy_ops { - void (*write)(struct uli526x_board_info *, u8, u8, u16); - u16 (*read)(struct uli526x_board_info *, u8, u8); -- } phy; -+ } __no_const phy; - struct net_device *next_dev; /* next device */ - struct pci_dev *pdev; /* PCI device */ - spinlock_t lock; -diff --git a/drivers/net/ethernet/dec/tulip/winbond-840.c b/drivers/net/ethernet/dec/tulip/winbond-840.c -index 4d1ffca..7c1ec4d 100644 ---- a/drivers/net/ethernet/dec/tulip/winbond-840.c -+++ b/drivers/net/ethernet/dec/tulip/winbond-840.c -@@ -236,7 +236,7 @@ struct pci_id_info { - int drv_flags; /* Driver use, intended as capability flags. */ - }; - --static const struct pci_id_info pci_id_tbl[] __devinitdata = { -+static const struct pci_id_info pci_id_tbl[] __devinitconst = { - { /* Sometime a Level-One switch card. */ - "Winbond W89c840", CanHaveMII | HasBrokenTx | FDXOnNoMII}, - { "Winbond W89c840", CanHaveMII | HasBrokenTx}, -diff --git a/drivers/net/ethernet/dlink/sundance.c b/drivers/net/ethernet/dlink/sundance.c -index d7bb52a..3b83588 100644 ---- a/drivers/net/ethernet/dlink/sundance.c -+++ b/drivers/net/ethernet/dlink/sundance.c -@@ -218,7 +218,7 @@ enum { - struct pci_id_info { - const char *name; - }; --static const struct pci_id_info pci_id_tbl[] __devinitdata = { -+static const struct pci_id_info pci_id_tbl[] __devinitconst = { - {"D-Link DFE-550TX FAST Ethernet Adapter"}, - {"D-Link DFE-550FX 100Mbps Fiber-optics Adapter"}, - {"D-Link DFE-580TX 4 port Server Adapter"}, diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c -index 78b8aa8..dd6323a 100644 +index 4d6f3c5..6169e60 100644 --- a/drivers/net/ethernet/emulex/benet/be_main.c +++ b/drivers/net/ethernet/emulex/benet/be_main.c -@@ -403,7 +403,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) +@@ -455,7 +455,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) if (wrapped) newacc += 65536; @@ -35459,336 +38999,49 @@ index b901a01..1ff32ee 100644 #include "ftmac100.h" -diff --git a/drivers/net/ethernet/fealnx.c b/drivers/net/ethernet/fealnx.c -index 9d71c9c..0e4a0ac 100644 ---- a/drivers/net/ethernet/fealnx.c -+++ b/drivers/net/ethernet/fealnx.c -@@ -150,7 +150,7 @@ struct chip_info { - int flags; - }; - --static const struct chip_info skel_netdrv_tbl[] __devinitdata = { -+static const struct chip_info skel_netdrv_tbl[] __devinitconst = { - { "100/10M Ethernet PCI Adapter", HAS_MII_XCVR }, - { "100/10M Ethernet PCI Adapter", HAS_CHIP_XCVR }, - { "1000/100/10M Ethernet PCI Adapter", HAS_MII_XCVR }, -diff --git a/drivers/net/ethernet/intel/e1000e/hw.h b/drivers/net/ethernet/intel/e1000e/hw.h -index ed5b409..ec37828 100644 ---- a/drivers/net/ethernet/intel/e1000e/hw.h -+++ b/drivers/net/ethernet/intel/e1000e/hw.h -@@ -797,6 +797,7 @@ struct e1000_mac_operations { - void (*rar_set)(struct e1000_hw *, u8 *, u32); - s32 (*read_mac_addr)(struct e1000_hw *); - }; -+typedef struct e1000_mac_operations __no_const e1000_mac_operations_no_const; - - /* - * When to use various PHY register access functions: -@@ -837,6 +838,7 @@ struct e1000_phy_operations { - void (*power_up)(struct e1000_hw *); - void (*power_down)(struct e1000_hw *); - }; -+typedef struct e1000_phy_operations __no_const e1000_phy_operations_no_const; - - /* Function pointers for the NVM. */ - struct e1000_nvm_operations { -@@ -849,9 +851,10 @@ struct e1000_nvm_operations { - s32 (*validate)(struct e1000_hw *); - s32 (*write)(struct e1000_hw *, u16, u16, u16 *); - }; -+typedef struct e1000_nvm_operations __no_const e1000_nvm_operations_no_const; - - struct e1000_mac_info { -- struct e1000_mac_operations ops; -+ e1000_mac_operations_no_const ops; - u8 addr[ETH_ALEN]; - u8 perm_addr[ETH_ALEN]; - -@@ -892,7 +895,7 @@ struct e1000_mac_info { - }; - - struct e1000_phy_info { -- struct e1000_phy_operations ops; -+ e1000_phy_operations_no_const ops; - - enum e1000_phy_type type; - -@@ -926,7 +929,7 @@ struct e1000_phy_info { - }; - - struct e1000_nvm_info { -- struct e1000_nvm_operations ops; -+ e1000_nvm_operations_no_const ops; - - enum e1000_nvm_type type; - enum e1000_nvm_override override; -diff --git a/drivers/net/ethernet/intel/igb/e1000_hw.h b/drivers/net/ethernet/intel/igb/e1000_hw.h -index c2a51dc..c2bd262 100644 ---- a/drivers/net/ethernet/intel/igb/e1000_hw.h -+++ b/drivers/net/ethernet/intel/igb/e1000_hw.h -@@ -327,6 +327,7 @@ struct e1000_mac_operations { - void (*release_swfw_sync)(struct e1000_hw *, u16); - - }; -+typedef struct e1000_mac_operations __no_const e1000_mac_operations_no_const; - - struct e1000_phy_operations { - s32 (*acquire)(struct e1000_hw *); -@@ -343,6 +344,7 @@ struct e1000_phy_operations { - s32 (*set_d3_lplu_state)(struct e1000_hw *, bool); - s32 (*write_reg)(struct e1000_hw *, u32, u16); - }; -+typedef struct e1000_phy_operations __no_const e1000_phy_operations_no_const; - - struct e1000_nvm_operations { - s32 (*acquire)(struct e1000_hw *); -@@ -353,6 +355,7 @@ struct e1000_nvm_operations { - s32 (*validate)(struct e1000_hw *); - s32 (*valid_led_default)(struct e1000_hw *, u16 *); - }; -+typedef struct e1000_nvm_operations __no_const e1000_nvm_operations_no_const; - - struct e1000_info { - s32 (*get_invariants)(struct e1000_hw *); -@@ -364,7 +367,7 @@ struct e1000_info { - extern const struct e1000_info e1000_82575_info; - - struct e1000_mac_info { -- struct e1000_mac_operations ops; -+ e1000_mac_operations_no_const ops; - - u8 addr[6]; - u8 perm_addr[6]; -@@ -402,7 +405,7 @@ struct e1000_mac_info { - }; - - struct e1000_phy_info { -- struct e1000_phy_operations ops; -+ e1000_phy_operations_no_const ops; - - enum e1000_phy_type type; - -@@ -437,7 +440,7 @@ struct e1000_phy_info { - }; - - struct e1000_nvm_info { -- struct e1000_nvm_operations ops; -+ e1000_nvm_operations_no_const ops; - enum e1000_nvm_type type; - enum e1000_nvm_override override; - -@@ -482,6 +485,7 @@ struct e1000_mbx_operations { - s32 (*check_for_ack)(struct e1000_hw *, u16); - s32 (*check_for_rst)(struct e1000_hw *, u16); - }; -+typedef struct e1000_mbx_operations __no_const e1000_mbx_operations_no_const; - - struct e1000_mbx_stats { - u32 msgs_tx; -@@ -493,7 +497,7 @@ struct e1000_mbx_stats { - }; - - struct e1000_mbx_info { -- struct e1000_mbx_operations ops; -+ e1000_mbx_operations_no_const ops; - struct e1000_mbx_stats stats; - u32 timeout; - u32 usec_delay; -diff --git a/drivers/net/ethernet/intel/igbvf/vf.h b/drivers/net/ethernet/intel/igbvf/vf.h -index 57db3c6..aa825fc 100644 ---- a/drivers/net/ethernet/intel/igbvf/vf.h -+++ b/drivers/net/ethernet/intel/igbvf/vf.h -@@ -189,9 +189,10 @@ struct e1000_mac_operations { - s32 (*read_mac_addr)(struct e1000_hw *); - s32 (*set_vfta)(struct e1000_hw *, u16, bool); - }; -+typedef struct e1000_mac_operations __no_const e1000_mac_operations_no_const; - - struct e1000_mac_info { -- struct e1000_mac_operations ops; -+ e1000_mac_operations_no_const ops; - u8 addr[6]; - u8 perm_addr[6]; - -@@ -213,6 +214,7 @@ struct e1000_mbx_operations { - s32 (*check_for_ack)(struct e1000_hw *); - s32 (*check_for_rst)(struct e1000_hw *); - }; -+typedef struct e1000_mbx_operations __no_const e1000_mbx_operations_no_const; - - struct e1000_mbx_stats { - u32 msgs_tx; -@@ -224,7 +226,7 @@ struct e1000_mbx_stats { - }; - - struct e1000_mbx_info { -- struct e1000_mbx_operations ops; -+ e1000_mbx_operations_no_const ops; - struct e1000_mbx_stats stats; - u32 timeout; - u32 usec_delay; diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c -index 3456d56..b688d81 100644 +index bb9256a..56d8752 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c -@@ -884,7 +884,7 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter) - /* store the new cycle speed */ - adapter->cycle_speed = cycle_speed; +@@ -806,7 +806,7 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter) + } + /* update the base incval used to calculate frequency adjustment */ - ACCESS_ONCE(adapter->base_incval) = incval; + ACCESS_ONCE_RW(adapter->base_incval) = incval; smp_mb(); - /* grab the ptp lock */ -diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h -index 0722f33..771758a 100644 ---- a/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h -+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_type.h -@@ -2800,6 +2800,7 @@ struct ixgbe_eeprom_operations { - s32 (*update_checksum)(struct ixgbe_hw *); - u16 (*calc_checksum)(struct ixgbe_hw *); - }; -+typedef struct ixgbe_eeprom_operations __no_const ixgbe_eeprom_operations_no_const; - - struct ixgbe_mac_operations { - s32 (*init_hw)(struct ixgbe_hw *); -@@ -2866,6 +2867,7 @@ struct ixgbe_mac_operations { - s32 (*get_thermal_sensor_data)(struct ixgbe_hw *); - s32 (*init_thermal_sensor_thresh)(struct ixgbe_hw *hw); - }; -+typedef struct ixgbe_mac_operations __no_const ixgbe_mac_operations_no_const; - - struct ixgbe_phy_operations { - s32 (*identify)(struct ixgbe_hw *); -@@ -2885,9 +2887,10 @@ struct ixgbe_phy_operations { - s32 (*write_i2c_eeprom)(struct ixgbe_hw *, u8, u8); - s32 (*check_overtemp)(struct ixgbe_hw *); - }; -+typedef struct ixgbe_phy_operations __no_const ixgbe_phy_operations_no_const; - - struct ixgbe_eeprom_info { -- struct ixgbe_eeprom_operations ops; -+ ixgbe_eeprom_operations_no_const ops; - enum ixgbe_eeprom_type type; - u32 semaphore_delay; - u16 word_size; -@@ -2897,7 +2900,7 @@ struct ixgbe_eeprom_info { - - #define IXGBE_FLAGS_DOUBLE_RESET_REQUIRED 0x01 - struct ixgbe_mac_info { -- struct ixgbe_mac_operations ops; -+ ixgbe_mac_operations_no_const ops; - enum ixgbe_mac_type type; - u8 addr[ETH_ALEN]; - u8 perm_addr[ETH_ALEN]; -@@ -2927,7 +2930,7 @@ struct ixgbe_mac_info { - }; - - struct ixgbe_phy_info { -- struct ixgbe_phy_operations ops; -+ ixgbe_phy_operations_no_const ops; - struct mdio_if_info mdio; - enum ixgbe_phy_type type; - u32 id; -@@ -2955,6 +2958,7 @@ struct ixgbe_mbx_operations { - s32 (*check_for_ack)(struct ixgbe_hw *, u16); - s32 (*check_for_rst)(struct ixgbe_hw *, u16); - }; -+typedef struct ixgbe_mbx_operations __no_const ixgbe_mbx_operations_no_const; - - struct ixgbe_mbx_stats { - u32 msgs_tx; -@@ -2966,7 +2970,7 @@ struct ixgbe_mbx_stats { - }; - - struct ixgbe_mbx_info { -- struct ixgbe_mbx_operations ops; -+ ixgbe_mbx_operations_no_const ops; - struct ixgbe_mbx_stats stats; - u32 timeout; - u32 usec_delay; -diff --git a/drivers/net/ethernet/intel/ixgbevf/vf.h b/drivers/net/ethernet/intel/ixgbevf/vf.h -index 25c951d..cc7cf33 100644 ---- a/drivers/net/ethernet/intel/ixgbevf/vf.h -+++ b/drivers/net/ethernet/intel/ixgbevf/vf.h -@@ -70,6 +70,7 @@ struct ixgbe_mac_operations { - s32 (*clear_vfta)(struct ixgbe_hw *); - s32 (*set_vfta)(struct ixgbe_hw *, u32, u32, bool); - }; -+typedef struct ixgbe_mac_operations __no_const ixgbe_mac_operations_no_const; - - enum ixgbe_mac_type { - ixgbe_mac_unknown = 0, -@@ -79,7 +80,7 @@ enum ixgbe_mac_type { - }; - - struct ixgbe_mac_info { -- struct ixgbe_mac_operations ops; -+ ixgbe_mac_operations_no_const ops; - u8 addr[6]; - u8 perm_addr[6]; - -@@ -103,6 +104,7 @@ struct ixgbe_mbx_operations { - s32 (*check_for_ack)(struct ixgbe_hw *); - s32 (*check_for_rst)(struct ixgbe_hw *); - }; -+typedef struct ixgbe_mbx_operations __no_const ixgbe_mbx_operations_no_const; - - struct ixgbe_mbx_stats { - u32 msgs_tx; -@@ -114,7 +116,7 @@ struct ixgbe_mbx_stats { - }; - - struct ixgbe_mbx_info { -- struct ixgbe_mbx_operations ops; -+ ixgbe_mbx_operations_no_const ops; - struct ixgbe_mbx_stats stats; - u32 timeout; - u32 udelay; -diff --git a/drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c b/drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c -index 5d367958..b799ab12 100644 ---- a/drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c -+++ b/drivers/net/ethernet/mellanox/mlx4/en_dcb_nl.c -@@ -237,7 +237,7 @@ static int mlx4_en_dcbnl_ieee_setmaxrate(struct net_device *dev, - if (err) - return err; - -- memcpy(priv->maxrate, tmp, sizeof(*priv->maxrate)); -+ memcpy(priv->maxrate, tmp, sizeof(priv->maxrate)); - - return 0; - } -diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.h b/drivers/net/ethernet/neterion/vxge/vxge-config.h -index 9e0c1ee..8471f77 100644 ---- a/drivers/net/ethernet/neterion/vxge/vxge-config.h -+++ b/drivers/net/ethernet/neterion/vxge/vxge-config.h -@@ -514,7 +514,7 @@ struct vxge_hw_uld_cbs { - void (*link_down)(struct __vxge_hw_device *devh); - void (*crit_err)(struct __vxge_hw_device *devh, - enum vxge_hw_event type, u64 ext_data); --}; -+} __no_const; + /* need lock to prevent incorrect read while modifying cyclecounter */ +diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.c b/drivers/net/ethernet/neterion/vxge/vxge-config.c +index fbe5363..266b4e3 100644 +--- a/drivers/net/ethernet/neterion/vxge/vxge-config.c ++++ b/drivers/net/ethernet/neterion/vxge/vxge-config.c +@@ -3461,7 +3461,10 @@ __vxge_hw_fifo_create(struct __vxge_hw_vpath_handle *vp, + struct __vxge_hw_fifo *fifo; + struct vxge_hw_fifo_config *config; + u32 txdl_size, txdl_per_memblock; +- struct vxge_hw_mempool_cbs fifo_mp_callback; ++ static struct vxge_hw_mempool_cbs fifo_mp_callback = { ++ .item_func_alloc = __vxge_hw_fifo_mempool_item_alloc, ++ }; ++ + struct __vxge_hw_virtualpath *vpath; - /* - * struct __vxge_hw_blockpool_entry - Block private data structure -diff --git a/drivers/net/ethernet/neterion/vxge/vxge-traffic.h b/drivers/net/ethernet/neterion/vxge/vxge-traffic.h -index 4a518a3..936b334 100644 ---- a/drivers/net/ethernet/neterion/vxge/vxge-traffic.h -+++ b/drivers/net/ethernet/neterion/vxge/vxge-traffic.h -@@ -2088,7 +2088,7 @@ struct vxge_hw_mempool_cbs { - struct vxge_hw_mempool_dma *dma_object, - u32 index, - u32 is_last); --}; -+} __no_const; + if ((vp == NULL) || (attr == NULL)) { +@@ -3544,8 +3547,6 @@ __vxge_hw_fifo_create(struct __vxge_hw_vpath_handle *vp, + goto exit; + } - #define VXGE_HW_VIRTUAL_PATH_HANDLE(vpath) \ - ((struct __vxge_hw_vpath_handle *)(vpath)->vpath_handles.next) +- fifo_mp_callback.item_func_alloc = __vxge_hw_fifo_mempool_item_alloc; +- + fifo->mempool = + __vxge_hw_mempool_create(vpath->hldev, + fifo->config->memblock_size, diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index 6c1c396..b904826 100644 +index 998974f..ecd26db 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c -@@ -745,22 +745,22 @@ struct rtl8169_private { +@@ -741,22 +741,22 @@ struct rtl8169_private { struct mdio_ops { void (*write)(struct rtl8169_private *, int, int); int (*read)(struct rtl8169_private *, int); @@ -35815,19 +39068,19 @@ index 6c1c396..b904826 100644 int (*set_speed)(struct net_device *, u8 aneg, u16 sp, u8 dpx, u32 adv); int (*get_settings)(struct net_device *, struct ethtool_cmd *); -diff --git a/drivers/net/ethernet/sis/sis190.c b/drivers/net/ethernet/sis/sis190.c -index 4613591..d816601 100644 ---- a/drivers/net/ethernet/sis/sis190.c -+++ b/drivers/net/ethernet/sis/sis190.c -@@ -1618,7 +1618,7 @@ static int __devinit sis190_get_mac_addr_from_eeprom(struct pci_dev *pdev, - static int __devinit sis190_get_mac_addr_from_apc(struct pci_dev *pdev, - struct net_device *dev) - { -- static const u16 __devinitdata ids[] = { 0x0965, 0x0966, 0x0968 }; -+ static const u16 __devinitconst ids[] = { 0x0965, 0x0966, 0x0968 }; - struct sis190_private *tp = netdev_priv(dev); - struct pci_dev *isa_bridge; - u8 reg, tmp8; +diff --git a/drivers/net/ethernet/sfc/ptp.c b/drivers/net/ethernet/sfc/ptp.c +index 0767043f..08c2553 100644 +--- a/drivers/net/ethernet/sfc/ptp.c ++++ b/drivers/net/ethernet/sfc/ptp.c +@@ -553,7 +553,7 @@ static int efx_ptp_synchronize(struct efx_nic *efx, unsigned int num_readings) + (u32)((u64)ptp->start.dma_addr >> 32)); + + /* Clear flag that signals MC ready */ +- ACCESS_ONCE(*start) = 0; ++ ACCESS_ONCE_RW(*start) = 0; + efx_mcdi_rpc_start(efx, MC_CMD_PTP, synch_buf, + MC_CMD_PTP_IN_SYNCHRONIZE_LEN); + diff --git a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c index 0c74a70..3bc6f68 100644 --- a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c @@ -35844,10 +39097,10 @@ index 0c74a70..3bc6f68 100644 /* To mask all all interrupts.*/ diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h -index 95ceb35..318fc12 100644 +index e6fe0d8..2b7d752 100644 --- a/drivers/net/hyperv/hyperv_net.h +++ b/drivers/net/hyperv/hyperv_net.h -@@ -99,7 +99,7 @@ struct rndis_device { +@@ -101,7 +101,7 @@ struct rndis_device { enum rndis_device_state state; bool link_state; @@ -35857,10 +39110,10 @@ index 95ceb35..318fc12 100644 spinlock_t request_lock; struct list_head req_list; diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c -index 1e88a10..1b01736 100644 +index 2b657d4..9903bc0 100644 --- a/drivers/net/hyperv/rndis_filter.c +++ b/drivers/net/hyperv/rndis_filter.c -@@ -99,7 +99,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev, +@@ -107,7 +107,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev, * template */ set = &rndis_msg->msg.set_req; @@ -35869,7 +39122,7 @@ index 1e88a10..1b01736 100644 /* Add to the request list */ spin_lock_irqsave(&dev->request_lock, flags); -@@ -730,7 +730,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev) +@@ -758,7 +758,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev) /* Setup the rndis set */ halt = &request->request_msg.msg.halt_req; @@ -35878,6 +39131,68 @@ index 1e88a10..1b01736 100644 /* Ignore return since this msg is optional. */ rndis_filter_send_request(dev, request); +diff --git a/drivers/net/ieee802154/fakehard.c b/drivers/net/ieee802154/fakehard.c +index 1e9cb0b..7839125 100644 +--- a/drivers/net/ieee802154/fakehard.c ++++ b/drivers/net/ieee802154/fakehard.c +@@ -386,7 +386,7 @@ static int ieee802154fake_probe(struct platform_device *pdev) + phy->transmit_power = 0xbf; + + dev->netdev_ops = &fake_ops; +- dev->ml_priv = &fake_mlme; ++ dev->ml_priv = (void *)&fake_mlme; + + priv = netdev_priv(dev); + priv->phy = phy; +diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c +index d3fb97d..19520c7 100644 +--- a/drivers/net/macvlan.c ++++ b/drivers/net/macvlan.c +@@ -851,13 +851,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { + int macvlan_link_register(struct rtnl_link_ops *ops) + { + /* common fields */ +- ops->priv_size = sizeof(struct macvlan_dev); +- ops->validate = macvlan_validate; +- ops->maxtype = IFLA_MACVLAN_MAX; +- ops->policy = macvlan_policy; +- ops->changelink = macvlan_changelink; +- ops->get_size = macvlan_get_size; +- ops->fill_info = macvlan_fill_info; ++ pax_open_kernel(); ++ *(size_t *)&ops->priv_size = sizeof(struct macvlan_dev); ++ *(void **)&ops->validate = macvlan_validate; ++ *(int *)&ops->maxtype = IFLA_MACVLAN_MAX; ++ *(const void **)&ops->policy = macvlan_policy; ++ *(void **)&ops->changelink = macvlan_changelink; ++ *(void **)&ops->get_size = macvlan_get_size; ++ *(void **)&ops->fill_info = macvlan_fill_info; ++ pax_close_kernel(); + + return rtnl_link_register(ops); + }; +@@ -913,7 +915,7 @@ static int macvlan_device_event(struct notifier_block *unused, + return NOTIFY_DONE; + } + +-static struct notifier_block macvlan_notifier_block __read_mostly = { ++static struct notifier_block macvlan_notifier_block = { + .notifier_call = macvlan_device_event, + }; + +diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c +index 0f0f9ce..0ca5819 100644 +--- a/drivers/net/macvtap.c ++++ b/drivers/net/macvtap.c +@@ -1100,7 +1100,7 @@ static int macvtap_device_event(struct notifier_block *unused, + return NOTIFY_DONE; + } + +-static struct notifier_block macvtap_notifier_block __read_mostly = { ++static struct notifier_block macvtap_notifier_block = { + .notifier_call = macvtap_device_event, + }; + diff --git a/drivers/net/phy/mdio-bitbang.c b/drivers/net/phy/mdio-bitbang.c index daec9b0..6428fcb 100644 --- a/drivers/net/phy/mdio-bitbang.c @@ -35891,10 +39206,10 @@ index daec9b0..6428fcb 100644 } EXPORT_SYMBOL(free_mdio_bitbang); diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c -index 5c05572..389610b 100644 +index 508570e..f706dc7 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c -@@ -986,7 +986,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) +@@ -999,7 +999,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) void __user *addr = (void __user *) ifr->ifr_ifru.ifru_data; struct ppp_stats stats; struct ppp_comp_stats cstats; @@ -35902,7 +39217,7 @@ index 5c05572..389610b 100644 switch (cmd) { case SIOCGPPPSTATS: -@@ -1008,8 +1007,7 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) +@@ -1021,8 +1020,7 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) break; case SIOCGPPPVER: @@ -35912,11 +39227,24 @@ index 5c05572..389610b 100644 break; err = 0; break; +diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c +index ad86660..9fd0884 100644 +--- a/drivers/net/team/team.c ++++ b/drivers/net/team/team.c +@@ -2601,7 +2601,7 @@ static int team_device_event(struct notifier_block *unused, + return NOTIFY_DONE; + } + +-static struct notifier_block team_notifier_block __read_mostly = { ++static struct notifier_block team_notifier_block = { + .notifier_call = team_device_event, + }; + diff --git a/drivers/net/tun.c b/drivers/net/tun.c -index 3a16d4f..a311cec 100644 +index 2917a86..edd463f 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c -@@ -1367,7 +1367,7 @@ static int set_offload(struct tun_struct *tun, unsigned long arg) +@@ -1836,7 +1836,7 @@ unlock: } static long __tun_chr_ioctl(struct file *file, unsigned int cmd, @@ -35925,18 +39253,18 @@ index 3a16d4f..a311cec 100644 { struct tun_file *tfile = file->private_data; struct tun_struct *tun; -@@ -1378,6 +1378,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, +@@ -1848,6 +1848,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, int vnet_hdr_sz; int ret; + if (ifreq_len > sizeof ifr) + return -EFAULT; + - if (cmd == TUNSETIFF || _IOC_TYPE(cmd) == 0x89) { + if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == 0x89) { if (copy_from_user(&ifr, argp, ifreq_len)) return -EFAULT; diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c -index 62f30b4..ff99dfd 100644 +index cd8ccb2..cff5144 100644 --- a/drivers/net/usb/hso.c +++ b/drivers/net/usb/hso.c @@ -71,7 +71,7 @@ @@ -35948,7 +39276,7 @@ index 62f30b4..ff99dfd 100644 #define MOD_AUTHOR "Option Wireless" #define MOD_DESCRIPTION "USB High Speed Option driver" -@@ -1182,7 +1182,7 @@ static void put_rxbuf_data_and_resubmit_ctrl_urb(struct hso_serial *serial) +@@ -1180,7 +1180,7 @@ static void put_rxbuf_data_and_resubmit_ctrl_urb(struct hso_serial *serial) struct urb *urb; urb = serial->rx_urb[0]; @@ -35957,7 +39285,7 @@ index 62f30b4..ff99dfd 100644 count = put_rxbuf_data(urb, serial); if (count == -1) return; -@@ -1218,7 +1218,7 @@ static void hso_std_serial_read_bulk_callback(struct urb *urb) +@@ -1216,7 +1216,7 @@ static void hso_std_serial_read_bulk_callback(struct urb *urb) DUMP1(urb->transfer_buffer, urb->actual_length); /* Anyone listening? */ @@ -35966,7 +39294,7 @@ index 62f30b4..ff99dfd 100644 return; if (status == 0) { -@@ -1300,8 +1300,7 @@ static int hso_serial_open(struct tty_struct *tty, struct file *filp) +@@ -1298,8 +1298,7 @@ static int hso_serial_open(struct tty_struct *tty, struct file *filp) tty_port_tty_set(&serial->port, tty); /* check for port already opened, if not set the termios */ @@ -35976,7 +39304,7 @@ index 62f30b4..ff99dfd 100644 serial->rx_state = RX_IDLE; /* Force default termio settings */ _hso_serial_set_termios(tty, NULL); -@@ -1313,7 +1312,7 @@ static int hso_serial_open(struct tty_struct *tty, struct file *filp) +@@ -1311,7 +1310,7 @@ static int hso_serial_open(struct tty_struct *tty, struct file *filp) result = hso_start_serial_device(serial->parent, GFP_KERNEL); if (result) { hso_stop_serial_device(serial->parent); @@ -35985,7 +39313,7 @@ index 62f30b4..ff99dfd 100644 kref_put(&serial->parent->ref, hso_serial_ref_free); } } else { -@@ -1350,10 +1349,10 @@ static void hso_serial_close(struct tty_struct *tty, struct file *filp) +@@ -1348,10 +1347,10 @@ static void hso_serial_close(struct tty_struct *tty, struct file *filp) /* reset the rts and dtr */ /* do the actual close */ @@ -35999,7 +39327,7 @@ index 62f30b4..ff99dfd 100644 tty_port_tty_set(&serial->port, NULL); if (!usb_gone) hso_stop_serial_device(serial->parent); -@@ -1429,7 +1428,7 @@ static void hso_serial_set_termios(struct tty_struct *tty, struct ktermios *old) +@@ -1427,7 +1426,7 @@ static void hso_serial_set_termios(struct tty_struct *tty, struct ktermios *old) /* the actual setup */ spin_lock_irqsave(&serial->serial_lock, flags); @@ -36007,8 +39335,8 @@ index 62f30b4..ff99dfd 100644 + if (atomic_read(&serial->port.count)) _hso_serial_set_termios(tty, old); else - tty->termios = old; -@@ -1888,7 +1887,7 @@ static void intr_callback(struct urb *urb) + tty->termios = *old; +@@ -1886,7 +1885,7 @@ static void intr_callback(struct urb *urb) D1("Pending read interrupt on port %d\n", i); spin_lock(&serial->serial_lock); if (serial->rx_state == RX_IDLE && @@ -36026,39 +39354,19 @@ index 62f30b4..ff99dfd 100644 result = hso_start_serial_device(serial_table[i], GFP_NOIO); hso_kick_transmit(dev2ser(serial_table[i])); -diff --git a/drivers/net/wireless/ath/ath.h b/drivers/net/wireless/ath/ath.h -index 6169fbd..40e8422 100644 ---- a/drivers/net/wireless/ath/ath.h -+++ b/drivers/net/wireless/ath/ath.h -@@ -119,6 +119,7 @@ struct ath_ops { - void (*write_flush) (void *); - u32 (*rmw)(void *, u32 reg_offset, u32 set, u32 clr); - }; -+typedef struct ath_ops __no_const ath_ops_no_const; - - struct ath_common; - struct ath_bus_ops; -diff --git a/drivers/net/wireless/ath/ath5k/base.c b/drivers/net/wireless/ath/ath5k/base.c -index 68a4046..c12f4f3 100644 ---- a/drivers/net/wireless/ath/ath5k/base.c -+++ b/drivers/net/wireless/ath/ath5k/base.c -@@ -1803,7 +1803,7 @@ ath5k_beacon_update(struct ieee80211_hw *hw, struct ieee80211_vif *vif) - { - int ret; - struct ath5k_hw *ah = hw->priv; -- struct ath5k_vif *avf = (void *)vif->drv_priv; -+ struct ath5k_vif *avf; - struct sk_buff *skb; - - if (WARN_ON(!vif)) { -@@ -1818,6 +1818,7 @@ ath5k_beacon_update(struct ieee80211_hw *hw, struct ieee80211_vif *vif) - goto out; - } - -+ avf = (void *)vif->drv_priv; - ath5k_txbuf_free_skb(ah, avf->bbuf); - avf->bbuf->skb = skb; - ret = ath5k_beacon_setup(ah, avf->bbuf); +diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c +index 656230e..15525a8 100644 +--- a/drivers/net/vxlan.c ++++ b/drivers/net/vxlan.c +@@ -1428,7 +1428,7 @@ nla_put_failure: + return -EMSGSIZE; + } + +-static struct rtnl_link_ops vxlan_link_ops __read_mostly = { ++static struct rtnl_link_ops vxlan_link_ops = { + .kind = "vxlan", + .maxtype = IFLA_VXLAN_MAX, + .policy = vxlan_policy, diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/wireless/ath/ath9k/ar9002_mac.c index 8d78253..bebbb68 100644 --- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c @@ -36143,7 +39451,7 @@ index 8d78253..bebbb68 100644 | set11nRateFlags(i->rates, 2) | set11nRateFlags(i->rates, 3) diff --git a/drivers/net/wireless/ath/ath9k/ar9003_mac.c b/drivers/net/wireless/ath/ath9k/ar9003_mac.c -index 78816b8..1fcdfae 100644 +index 301bf72..3f5654f 100644 --- a/drivers/net/wireless/ath/ath9k/ar9003_mac.c +++ b/drivers/net/wireless/ath/ath9k/ar9003_mac.c @@ -39,47 +39,47 @@ ar9003_set_txdesc(struct ath_hw *ah, void *ds, struct ath_tx_info *i) @@ -36265,10 +39573,10 @@ index 78816b8..1fcdfae 100644 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h -index c59edc7..7818de5 100644 +index 9d26fc5..60d9f14 100644 --- a/drivers/net/wireless/ath/ath9k/hw.h +++ b/drivers/net/wireless/ath/ath9k/hw.h -@@ -656,7 +656,7 @@ struct ath_hw_private_ops { +@@ -658,7 +658,7 @@ struct ath_hw_private_ops { /* ANI */ void (*ani_cache_ini_regs)(struct ath_hw *ah); @@ -36277,42 +39585,20 @@ index c59edc7..7818de5 100644 /** * struct ath_hw_ops - callbacks used by hardware code and driver code -@@ -686,7 +686,7 @@ struct ath_hw_ops { +@@ -688,7 +688,7 @@ struct ath_hw_ops { void (*antdiv_comb_conf_set)(struct ath_hw *ah, struct ath_hw_antcomb_conf *antconf); - + void (*antctrl_shared_chain_lnadiv)(struct ath_hw *hw, bool enable); -}; +} __no_const; struct ath_nf_limits { s16 max; -@@ -706,7 +706,7 @@ enum ath_cal_list { - #define AH_FASTCC 0x4 - - struct ath_hw { -- struct ath_ops reg_ops; -+ ath_ops_no_const reg_ops; - - struct ieee80211_hw *hw; - struct ath_common common; -diff --git a/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h b/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h -index af00e2c..ab04d34 100644 ---- a/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h -+++ b/drivers/net/wireless/brcm80211/brcmsmac/phy/phy_int.h -@@ -545,7 +545,7 @@ struct phy_func_ptr { - void (*carrsuppr)(struct brcms_phy *); - s32 (*rxsigpwr)(struct brcms_phy *, s32); - void (*detach)(struct brcms_phy *); --}; -+} __no_const; - - struct brcms_phy { - struct brcms_phy_pub pubpi_ro; diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c -index faec404..a5277f1 100644 +index 3726cd6..b655808 100644 --- a/drivers/net/wireless/iwlegacy/3945-mac.c +++ b/drivers/net/wireless/iwlegacy/3945-mac.c -@@ -3611,7 +3611,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) +@@ -3615,7 +3615,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) */ if (il3945_mod_params.disable_hw_scan) { D_INFO("Disabling hw_scan\n"); @@ -36324,7 +39610,7 @@ index faec404..a5277f1 100644 D_INFO("*** LOAD DRIVER ***\n"); diff --git a/drivers/net/wireless/iwlwifi/dvm/debugfs.c b/drivers/net/wireless/iwlwifi/dvm/debugfs.c -index a47b306..297daf2 100644 +index 5b9533e..7733880 100644 --- a/drivers/net/wireless/iwlwifi/dvm/debugfs.c +++ b/drivers/net/wireless/iwlwifi/dvm/debugfs.c @@ -203,7 +203,7 @@ static ssize_t iwl_dbgfs_sram_write(struct file *file, @@ -36445,10 +39731,10 @@ index a47b306..297daf2 100644 memset(buf, 0, sizeof(buf)); buf_size = min(count, sizeof(buf) - 1); diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c -index dbeebef..b45a152 100644 +index 35708b9..31f7754 100644 --- a/drivers/net/wireless/iwlwifi/pcie/trans.c +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c -@@ -1944,7 +1944,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, +@@ -1100,7 +1100,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, struct isr_statistics *isr_stats = &trans_pcie->isr_stats; char buf[8]; @@ -36457,7 +39743,7 @@ index dbeebef..b45a152 100644 u32 reset_flag; memset(buf, 0, sizeof(buf)); -@@ -1965,7 +1965,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, +@@ -1121,7 +1121,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, { struct iwl_trans *trans = file->private_data; char buf[8]; @@ -36467,42 +39753,53 @@ index dbeebef..b45a152 100644 memset(buf, 0, sizeof(buf)); diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c -index 0083839..fcb7225 100644 +index ff90855..e46d223 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c -@@ -1748,9 +1748,11 @@ static int __init init_mac80211_hwsim(void) - return -EINVAL; +@@ -2062,25 +2062,19 @@ static int __init init_mac80211_hwsim(void) - if (fake_hw_scan) { + if (channels > 1) { + hwsim_if_comb.num_different_channels = channels; - mac80211_hwsim_ops.hw_scan = mac80211_hwsim_hw_scan; +- mac80211_hwsim_ops.cancel_hw_scan = +- mac80211_hwsim_cancel_hw_scan; - mac80211_hwsim_ops.sw_scan_start = NULL; - mac80211_hwsim_ops.sw_scan_complete = NULL; +- mac80211_hwsim_ops.remain_on_channel = +- mac80211_hwsim_roc; +- mac80211_hwsim_ops.cancel_remain_on_channel = +- mac80211_hwsim_croc; +- mac80211_hwsim_ops.add_chanctx = +- mac80211_hwsim_add_chanctx; +- mac80211_hwsim_ops.remove_chanctx = +- mac80211_hwsim_remove_chanctx; +- mac80211_hwsim_ops.change_chanctx = +- mac80211_hwsim_change_chanctx; +- mac80211_hwsim_ops.assign_vif_chanctx = +- mac80211_hwsim_assign_vif_chanctx; +- mac80211_hwsim_ops.unassign_vif_chanctx = +- mac80211_hwsim_unassign_vif_chanctx; + pax_open_kernel(); + *(void **)&mac80211_hwsim_ops.hw_scan = mac80211_hwsim_hw_scan; ++ *(void **)&mac80211_hwsim_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan; + *(void **)&mac80211_hwsim_ops.sw_scan_start = NULL; + *(void **)&mac80211_hwsim_ops.sw_scan_complete = NULL; ++ *(void **)&mac80211_hwsim_ops.remain_on_channel = mac80211_hwsim_roc; ++ *(void **)&mac80211_hwsim_ops.cancel_remain_on_channel = mac80211_hwsim_croc; ++ *(void **)&mac80211_hwsim_ops.add_chanctx = mac80211_hwsim_add_chanctx; ++ *(void **)&mac80211_hwsim_ops.remove_chanctx = mac80211_hwsim_remove_chanctx; ++ *(void **)&mac80211_hwsim_ops.change_chanctx = mac80211_hwsim_change_chanctx; ++ *(void **)&mac80211_hwsim_ops.assign_vif_chanctx = mac80211_hwsim_assign_vif_chanctx; ++ *(void **)&mac80211_hwsim_ops.unassign_vif_chanctx = mac80211_hwsim_unassign_vif_chanctx; + pax_close_kernel(); } spin_lock_init(&hwsim_radio_lock); -diff --git a/drivers/net/wireless/mwifiex/main.h b/drivers/net/wireless/mwifiex/main.h -index e7c2a82..582e228 100644 ---- a/drivers/net/wireless/mwifiex/main.h -+++ b/drivers/net/wireless/mwifiex/main.h -@@ -571,7 +571,7 @@ struct mwifiex_if_ops { - int (*event_complete) (struct mwifiex_adapter *, struct sk_buff *); - int (*data_complete) (struct mwifiex_adapter *, struct sk_buff *); - int (*dnld_fw) (struct mwifiex_adapter *, struct mwifiex_fw_image *); --}; -+} __no_const; - - struct mwifiex_adapter { - u8 iface_type; diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c -index 7a4ae9e..56e00bd 100644 +index abe1d03..fb02c22 100644 --- a/drivers/net/wireless/rndis_wlan.c +++ b/drivers/net/wireless/rndis_wlan.c -@@ -1235,7 +1235,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold) +@@ -1238,7 +1238,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold) netdev_dbg(usbdev->net, "%s(): %i\n", __func__, rts_threshold); @@ -36512,10 +39809,10 @@ index 7a4ae9e..56e00bd 100644 tmp = cpu_to_le32(rts_threshold); diff --git a/drivers/net/wireless/rt2x00/rt2x00.h b/drivers/net/wireless/rt2x00/rt2x00.h -index 8afb546..0c0dc5c 100644 +index 0751b35..246ba3e 100644 --- a/drivers/net/wireless/rt2x00/rt2x00.h +++ b/drivers/net/wireless/rt2x00/rt2x00.h -@@ -397,7 +397,7 @@ struct rt2x00_intf { +@@ -398,7 +398,7 @@ struct rt2x00_intf { * for hardware which doesn't support hardware * sequence counting. */ @@ -36525,7 +39822,7 @@ index 8afb546..0c0dc5c 100644 static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif) diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c -index f7e74a0..da71431 100644 +index e488b94..14b6a0c 100644 --- a/drivers/net/wireless/rt2x00/rt2x00queue.c +++ b/drivers/net/wireless/rt2x00/rt2x00queue.c @@ -240,9 +240,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, @@ -36540,37 +39837,80 @@ index f7e74a0..da71431 100644 hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG); hdr->seq_ctrl |= cpu_to_le16(seqno); -diff --git a/drivers/net/wireless/ti/wl1251/wl1251.h b/drivers/net/wireless/ti/wl1251/wl1251.h -index fd02060..74ee481 100644 ---- a/drivers/net/wireless/ti/wl1251/wl1251.h -+++ b/drivers/net/wireless/ti/wl1251/wl1251.h -@@ -266,7 +266,7 @@ struct wl1251_if_operations { - void (*reset)(struct wl1251 *wl); - void (*enable_irq)(struct wl1251 *wl); - void (*disable_irq)(struct wl1251 *wl); --}; -+} __no_const; +diff --git a/drivers/net/wireless/ti/wl1251/sdio.c b/drivers/net/wireless/ti/wl1251/sdio.c +index e57ee48..541cf6c 100644 +--- a/drivers/net/wireless/ti/wl1251/sdio.c ++++ b/drivers/net/wireless/ti/wl1251/sdio.c +@@ -269,13 +269,17 @@ static int wl1251_sdio_probe(struct sdio_func *func, - struct wl1251 { - struct ieee80211_hw *hw; -diff --git a/drivers/net/wireless/ti/wlcore/wlcore.h b/drivers/net/wireless/ti/wlcore/wlcore.h -index 0ce7a8e..56a0ccf 100644 ---- a/drivers/net/wireless/ti/wlcore/wlcore.h -+++ b/drivers/net/wireless/ti/wlcore/wlcore.h -@@ -81,7 +81,7 @@ struct wlcore_ops { - struct ieee80211_sta *sta, - struct ieee80211_key_conf *key_conf); - u32 (*pre_pkt_send)(struct wl1271 *wl, u32 buf_offset, u32 last_len); --}; -+} __no_const; + irq_set_irq_type(wl->irq, IRQ_TYPE_EDGE_RISING); + +- wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq; +- wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq; ++ pax_open_kernel(); ++ *(void **)&wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq; ++ *(void **)&wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq; ++ pax_close_kernel(); + + wl1251_info("using dedicated interrupt line"); + } else { +- wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq; +- wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq; ++ pax_open_kernel(); ++ *(void **)&wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq; ++ *(void **)&wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq; ++ pax_close_kernel(); + + wl1251_info("using SDIO interrupt"); + } +diff --git a/drivers/net/wireless/ti/wl12xx/main.c b/drivers/net/wireless/ti/wl12xx/main.c +index e5f5f8f..fdf15b7 100644 +--- a/drivers/net/wireless/ti/wl12xx/main.c ++++ b/drivers/net/wireless/ti/wl12xx/main.c +@@ -644,7 +644,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl) + sizeof(wl->conf.mem)); - enum wlcore_partitions { - PART_DOWN, + /* read data preparation is only needed by wl127x */ +- wl->ops->prepare_read = wl127x_prepare_read; ++ pax_open_kernel(); ++ *(void **)&wl->ops->prepare_read = wl127x_prepare_read; ++ pax_close_kernel(); + + wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER, WL127X_IFTYPE_VER, + WL127X_MAJOR_VER, WL127X_SUBTYPE_VER, +@@ -665,7 +667,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl) + sizeof(wl->conf.mem)); + + /* read data preparation is only needed by wl127x */ +- wl->ops->prepare_read = wl127x_prepare_read; ++ pax_open_kernel(); ++ *(void **)&wl->ops->prepare_read = wl127x_prepare_read; ++ pax_close_kernel(); + + wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER, WL127X_IFTYPE_VER, + WL127X_MAJOR_VER, WL127X_SUBTYPE_VER, +diff --git a/drivers/net/wireless/ti/wl18xx/main.c b/drivers/net/wireless/ti/wl18xx/main.c +index 8d8c1f8..e754844 100644 +--- a/drivers/net/wireless/ti/wl18xx/main.c ++++ b/drivers/net/wireless/ti/wl18xx/main.c +@@ -1489,8 +1489,10 @@ static int wl18xx_setup(struct wl1271 *wl) + } + + if (!checksum_param) { +- wl18xx_ops.set_rx_csum = NULL; +- wl18xx_ops.init_vif = NULL; ++ pax_open_kernel(); ++ *(void **)&wl18xx_ops.set_rx_csum = NULL; ++ *(void **)&wl18xx_ops.init_vif = NULL; ++ pax_close_kernel(); + } + + /* Enable 11a Band only if we have 5G antennas */ diff --git a/drivers/oprofile/buffer_sync.c b/drivers/oprofile/buffer_sync.c -index f34b5b2..b5abb9f 100644 +index d93b2b6..ae50401 100644 --- a/drivers/oprofile/buffer_sync.c +++ b/drivers/oprofile/buffer_sync.c -@@ -343,7 +343,7 @@ static void add_data(struct op_entry *entry, struct mm_struct *mm) +@@ -332,7 +332,7 @@ static void add_data(struct op_entry *entry, struct mm_struct *mm) if (cookie == NO_COOKIE) offset = pc; if (cookie == INVALID_COOKIE) { @@ -36579,7 +39919,7 @@ index f34b5b2..b5abb9f 100644 offset = pc; } if (cookie != last_cookie) { -@@ -387,14 +387,14 @@ add_sample(struct mm_struct *mm, struct op_sample *s, int in_kernel) +@@ -376,14 +376,14 @@ add_sample(struct mm_struct *mm, struct op_sample *s, int in_kernel) /* add userspace sample */ if (!mm) { @@ -36596,7 +39936,7 @@ index f34b5b2..b5abb9f 100644 return 0; } -@@ -563,7 +563,7 @@ void sync_buffer(int cpu) +@@ -552,7 +552,7 @@ void sync_buffer(int cpu) /* ignore backtraces if failed to add a sample */ if (state == sb_bt_start) { state = sb_bt_ignore; @@ -36686,6 +40026,19 @@ index 849357c..b83c1e0 100644 { return __oprofilefs_create_file(sb, root, name, &atomic_ro_fops, 0444, val); +diff --git a/drivers/oprofile/timer_int.c b/drivers/oprofile/timer_int.c +index 93404f7..4a313d8 100644 +--- a/drivers/oprofile/timer_int.c ++++ b/drivers/oprofile/timer_int.c +@@ -93,7 +93,7 @@ static int __cpuinit oprofile_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata oprofile_cpu_notifier = { ++static struct notifier_block oprofile_cpu_notifier = { + .notifier_call = oprofile_cpu_notify, + }; + diff --git a/drivers/parport/procfs.c b/drivers/parport/procfs.c index 3f56bc0..707d642 100644 --- a/drivers/parport/procfs.c @@ -36708,19 +40061,97 @@ index 3f56bc0..707d642 100644 } #endif /* IEEE1284.3 support. */ -diff --git a/drivers/pci/hotplug/cpci_hotplug.h b/drivers/pci/hotplug/cpci_hotplug.h -index 9fff878..ad0ad53 100644 ---- a/drivers/pci/hotplug/cpci_hotplug.h -+++ b/drivers/pci/hotplug/cpci_hotplug.h -@@ -59,7 +59,7 @@ struct cpci_hp_controller_ops { - int (*hardware_test) (struct slot* slot, u32 value); - u8 (*get_power) (struct slot* slot); - int (*set_power) (struct slot* slot, int value); --}; -+} __no_const; +diff --git a/drivers/pci/hotplug/acpiphp_ibm.c b/drivers/pci/hotplug/acpiphp_ibm.c +index c35e8ad..fc33beb 100644 +--- a/drivers/pci/hotplug/acpiphp_ibm.c ++++ b/drivers/pci/hotplug/acpiphp_ibm.c +@@ -464,7 +464,9 @@ static int __init ibm_acpiphp_init(void) + goto init_cleanup; + } + +- ibm_apci_table_attr.size = ibm_get_table_from_acpi(NULL); ++ pax_open_kernel(); ++ *(size_t *)&ibm_apci_table_attr.size = ibm_get_table_from_acpi(NULL); ++ pax_close_kernel(); + retval = sysfs_create_bin_file(sysdir, &ibm_apci_table_attr); - struct cpci_hp_controller { - unsigned int irq; + return retval; +diff --git a/drivers/pci/hotplug/cpcihp_generic.c b/drivers/pci/hotplug/cpcihp_generic.c +index a6a71c4..c91097b 100644 +--- a/drivers/pci/hotplug/cpcihp_generic.c ++++ b/drivers/pci/hotplug/cpcihp_generic.c +@@ -73,7 +73,6 @@ static u16 port; + static unsigned int enum_bit; + static u8 enum_mask; + +-static struct cpci_hp_controller_ops generic_hpc_ops; + static struct cpci_hp_controller generic_hpc; + + static int __init validate_parameters(void) +@@ -139,6 +138,10 @@ static int query_enum(void) + return ((value & enum_mask) == enum_mask); + } + ++static struct cpci_hp_controller_ops generic_hpc_ops = { ++ .query_enum = query_enum, ++}; ++ + static int __init cpcihp_generic_init(void) + { + int status; +@@ -165,7 +168,6 @@ static int __init cpcihp_generic_init(void) + pci_dev_put(dev); + + memset(&generic_hpc, 0, sizeof (struct cpci_hp_controller)); +- generic_hpc_ops.query_enum = query_enum; + generic_hpc.ops = &generic_hpc_ops; + + status = cpci_hp_register_controller(&generic_hpc); +diff --git a/drivers/pci/hotplug/cpcihp_zt5550.c b/drivers/pci/hotplug/cpcihp_zt5550.c +index 449b4bb..257e2e8 100644 +--- a/drivers/pci/hotplug/cpcihp_zt5550.c ++++ b/drivers/pci/hotplug/cpcihp_zt5550.c +@@ -59,7 +59,6 @@ + /* local variables */ + static bool debug; + static bool poll; +-static struct cpci_hp_controller_ops zt5550_hpc_ops; + static struct cpci_hp_controller zt5550_hpc; + + /* Primary cPCI bus bridge device */ +@@ -205,6 +204,10 @@ static int zt5550_hc_disable_irq(void) + return 0; + } + ++static struct cpci_hp_controller_ops zt5550_hpc_ops = { ++ .query_enum = zt5550_hc_query_enum, ++}; ++ + static int zt5550_hc_init_one (struct pci_dev *pdev, const struct pci_device_id *ent) + { + int status; +@@ -216,16 +219,17 @@ static int zt5550_hc_init_one (struct pci_dev *pdev, const struct pci_device_id + dbg("returned from zt5550_hc_config"); + + memset(&zt5550_hpc, 0, sizeof (struct cpci_hp_controller)); +- zt5550_hpc_ops.query_enum = zt5550_hc_query_enum; + zt5550_hpc.ops = &zt5550_hpc_ops; + if(!poll) { + zt5550_hpc.irq = hc_dev->irq; + zt5550_hpc.irq_flags = IRQF_SHARED; + zt5550_hpc.dev_id = hc_dev; + +- zt5550_hpc_ops.enable_irq = zt5550_hc_enable_irq; +- zt5550_hpc_ops.disable_irq = zt5550_hc_disable_irq; +- zt5550_hpc_ops.check_irq = zt5550_hc_check_irq; ++ pax_open_kernel(); ++ *(void **)&zt5550_hpc_ops.enable_irq = zt5550_hc_enable_irq; ++ *(void **)&zt5550_hpc_ops.disable_irq = zt5550_hc_disable_irq; ++ *(void **)&zt5550_hpc_ops.check_irq = zt5550_hc_check_irq; ++ pax_open_kernel(); + } else { + info("using ENUM# polling mode"); + } diff --git a/drivers/pci/hotplug/cpqphp_nvram.c b/drivers/pci/hotplug/cpqphp_nvram.c index 76ba8a1..20ca857 100644 --- a/drivers/pci/hotplug/cpqphp_nvram.c @@ -36739,8 +40170,82 @@ index 76ba8a1..20ca857 100644 dbg("int15 entry = %p\n", compaq_int15_entry_point); /* initialize our int15 lock */ +diff --git a/drivers/pci/hotplug/pci_hotplug_core.c b/drivers/pci/hotplug/pci_hotplug_core.c +index 202f4a9..8ee47d0 100644 +--- a/drivers/pci/hotplug/pci_hotplug_core.c ++++ b/drivers/pci/hotplug/pci_hotplug_core.c +@@ -448,8 +448,10 @@ int __pci_hp_register(struct hotplug_slot *slot, struct pci_bus *bus, + return -EINVAL; + } + +- slot->ops->owner = owner; +- slot->ops->mod_name = mod_name; ++ pax_open_kernel(); ++ *(struct module **)&slot->ops->owner = owner; ++ *(const char **)&slot->ops->mod_name = mod_name; ++ pax_close_kernel(); + + mutex_lock(&pci_hp_mutex); + /* +diff --git a/drivers/pci/hotplug/pciehp_core.c b/drivers/pci/hotplug/pciehp_core.c +index 939bd1d..a1459c9 100644 +--- a/drivers/pci/hotplug/pciehp_core.c ++++ b/drivers/pci/hotplug/pciehp_core.c +@@ -91,7 +91,7 @@ static int init_slot(struct controller *ctrl) + struct slot *slot = ctrl->slot; + struct hotplug_slot *hotplug = NULL; + struct hotplug_slot_info *info = NULL; +- struct hotplug_slot_ops *ops = NULL; ++ hotplug_slot_ops_no_const *ops = NULL; + char name[SLOT_NAME_SIZE]; + int retval = -ENOMEM; + +diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c +index 9c6e9bb..2916736 100644 +--- a/drivers/pci/pci-sysfs.c ++++ b/drivers/pci/pci-sysfs.c +@@ -1071,7 +1071,7 @@ static int pci_create_attr(struct pci_dev *pdev, int num, int write_combine) + { + /* allocate attribute structure, piggyback attribute name */ + int name_len = write_combine ? 13 : 10; +- struct bin_attribute *res_attr; ++ bin_attribute_no_const *res_attr; + int retval; + + res_attr = kzalloc(sizeof(*res_attr) + name_len, GFP_ATOMIC); +@@ -1256,7 +1256,7 @@ static struct device_attribute reset_attr = __ATTR(reset, 0200, NULL, reset_stor + static int pci_create_capabilities_sysfs(struct pci_dev *dev) + { + int retval; +- struct bin_attribute *attr; ++ bin_attribute_no_const *attr; + + /* If the device has VPD, try to expose it in sysfs. */ + if (dev->vpd) { +@@ -1303,7 +1303,7 @@ int __must_check pci_create_sysfs_dev_files (struct pci_dev *pdev) + { + int retval; + int rom_size = 0; +- struct bin_attribute *attr; ++ bin_attribute_no_const *attr; + + if (!sysfs_initialized) + return -EACCES; +diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h +index e851829..a1a7196 100644 +--- a/drivers/pci/pci.h ++++ b/drivers/pci/pci.h +@@ -98,7 +98,7 @@ struct pci_vpd_ops { + struct pci_vpd { + unsigned int len; + const struct pci_vpd_ops *ops; +- struct bin_attribute *attr; /* descriptor for sysfs VPD entry */ ++ bin_attribute_no_const *attr; /* descriptor for sysfs VPD entry */ + }; + + extern int pci_vpd_pci22_init(struct pci_dev *dev); diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c -index 474f22f..1eb3ca3 100644 +index 8474b6a..ee81993 100644 --- a/drivers/pci/pcie/aspm.c +++ b/drivers/pci/pcie/aspm.c @@ -27,9 +27,9 @@ @@ -36757,7 +40262,7 @@ index 474f22f..1eb3ca3 100644 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index 61859d0..124539e 100644 +index 6186f03..1a78714 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -173,7 +173,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, @@ -36770,10 +40275,10 @@ index 61859d0..124539e 100644 /* No printks while decoding is disabled! */ if (!dev->mmio_always_on) { diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c -index af028c7..654cdfc 100644 +index 9b8505c..f00870a 100644 --- a/drivers/pci/proc.c +++ b/drivers/pci/proc.c -@@ -484,7 +484,16 @@ static const struct file_operations proc_bus_pci_dev_operations = { +@@ -465,7 +465,16 @@ static const struct file_operations proc_bus_pci_dev_operations = { static int __init pci_proc_init(void) { struct pci_dev *dev = NULL; @@ -36790,8 +40295,46 @@ index af028c7..654cdfc 100644 proc_create("devices", 0, proc_bus_pci_dir, &proc_bus_pci_dev_operations); proc_initialized = 1; +diff --git a/drivers/platform/x86/msi-laptop.c b/drivers/platform/x86/msi-laptop.c +index 2111dbb..79e434b 100644 +--- a/drivers/platform/x86/msi-laptop.c ++++ b/drivers/platform/x86/msi-laptop.c +@@ -820,12 +820,14 @@ static int __init load_scm_model_init(struct platform_device *sdev) + int result; + + /* allow userland write sysfs file */ +- dev_attr_bluetooth.store = store_bluetooth; +- dev_attr_wlan.store = store_wlan; +- dev_attr_threeg.store = store_threeg; +- dev_attr_bluetooth.attr.mode |= S_IWUSR; +- dev_attr_wlan.attr.mode |= S_IWUSR; +- dev_attr_threeg.attr.mode |= S_IWUSR; ++ pax_open_kernel(); ++ *(void **)&dev_attr_bluetooth.store = store_bluetooth; ++ *(void **)&dev_attr_wlan.store = store_wlan; ++ *(void **)&dev_attr_threeg.store = store_threeg; ++ *(umode_t *)&dev_attr_bluetooth.attr.mode |= S_IWUSR; ++ *(umode_t *)&dev_attr_wlan.attr.mode |= S_IWUSR; ++ *(umode_t *)&dev_attr_threeg.attr.mode |= S_IWUSR; ++ pax_close_kernel(); + + /* disable hardware control by fn key */ + result = ec_read(MSI_STANDARD_EC_SCM_LOAD_ADDRESS, &data); +diff --git a/drivers/platform/x86/sony-laptop.c b/drivers/platform/x86/sony-laptop.c +index b8ad71f..3ec9bb4 100644 +--- a/drivers/platform/x86/sony-laptop.c ++++ b/drivers/platform/x86/sony-laptop.c +@@ -2356,7 +2356,7 @@ static void sony_nc_lid_resume_cleanup(struct platform_device *pd) + } + + /* High speed charging function */ +-static struct device_attribute *hsc_handle; ++static device_attribute_no_const *hsc_handle; + + static ssize_t sony_nc_highspeed_charging_store(struct device *dev, + struct device_attribute *attr, diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c -index 52daaa8..d6b81eb 100644 +index f946ca7..f25c833 100644 --- a/drivers/platform/x86/thinkpad_acpi.c +++ b/drivers/platform/x86/thinkpad_acpi.c @@ -2097,7 +2097,7 @@ static int hotkey_mask_get(void) @@ -36983,7 +40526,7 @@ index 769d265..a3a05ca 100644 + pax_close_kernel(); } diff --git a/drivers/pnp/resource.c b/drivers/pnp/resource.c -index b0ecacb..7c9da2e 100644 +index 3e6db1c..1fbbdae 100644 --- a/drivers/pnp/resource.c +++ b/drivers/pnp/resource.c @@ -360,7 +360,7 @@ int pnp_check_irq(struct pnp_dev *dev, struct resource *res) @@ -37004,24 +40547,103 @@ index b0ecacb..7c9da2e 100644 return 0; /* check if the resource is reserved */ -diff --git a/drivers/power/bq27x00_battery.c b/drivers/power/bq27x00_battery.c -index 181ddec..774b6da 100644 ---- a/drivers/power/bq27x00_battery.c -+++ b/drivers/power/bq27x00_battery.c -@@ -80,7 +80,7 @@ - struct bq27x00_device_info; - struct bq27x00_access_methods { - int (*read)(struct bq27x00_device_info *di, u8 reg, bool single); --}; -+} __no_const; +diff --git a/drivers/power/pda_power.c b/drivers/power/pda_power.c +index 7df7c5f..bd48c47 100644 +--- a/drivers/power/pda_power.c ++++ b/drivers/power/pda_power.c +@@ -37,7 +37,11 @@ static int polling; + + #ifdef CONFIG_USB_OTG_UTILS + static struct usb_phy *transceiver; +-static struct notifier_block otg_nb; ++static int otg_handle_notification(struct notifier_block *nb, ++ unsigned long event, void *unused); ++static struct notifier_block otg_nb = { ++ .notifier_call = otg_handle_notification ++}; + #endif + + static struct regulator *ac_draw; +@@ -369,7 +373,6 @@ static int pda_power_probe(struct platform_device *pdev) + + #ifdef CONFIG_USB_OTG_UTILS + if (!IS_ERR_OR_NULL(transceiver) && pdata->use_otg_notifier) { +- otg_nb.notifier_call = otg_handle_notification; + ret = usb_register_notifier(transceiver, &otg_nb); + if (ret) { + dev_err(dev, "failure to register otg notifier\n"); +diff --git a/drivers/power/power_supply.h b/drivers/power/power_supply.h +index cc439fd..8fa30df 100644 +--- a/drivers/power/power_supply.h ++++ b/drivers/power/power_supply.h +@@ -16,12 +16,12 @@ struct power_supply; + + #ifdef CONFIG_SYSFS - enum bq27x00_chip { BQ27000, BQ27500, BQ27425}; +-extern void power_supply_init_attrs(struct device_type *dev_type); ++extern void power_supply_init_attrs(void); + extern int power_supply_uevent(struct device *dev, struct kobj_uevent_env *env); + + #else + +-static inline void power_supply_init_attrs(struct device_type *dev_type) {} ++static inline void power_supply_init_attrs(void) {} + #define power_supply_uevent NULL + + #endif /* CONFIG_SYSFS */ +diff --git a/drivers/power/power_supply_core.c b/drivers/power/power_supply_core.c +index 8a7cfb3..493e0a2 100644 +--- a/drivers/power/power_supply_core.c ++++ b/drivers/power/power_supply_core.c +@@ -24,7 +24,10 @@ + struct class *power_supply_class; + EXPORT_SYMBOL_GPL(power_supply_class); + +-static struct device_type power_supply_dev_type; ++extern const struct attribute_group *power_supply_attr_groups[]; ++static struct device_type power_supply_dev_type = { ++ .groups = power_supply_attr_groups, ++}; + + static int __power_supply_changed_work(struct device *dev, void *data) + { +@@ -393,7 +396,6 @@ static int __init power_supply_class_init(void) + return PTR_ERR(power_supply_class); + + power_supply_class->dev_uevent = power_supply_uevent; +- power_supply_init_attrs(&power_supply_dev_type); + + return 0; + } +diff --git a/drivers/power/power_supply_sysfs.c b/drivers/power/power_supply_sysfs.c +index 40fa3b7..d9c2e0e 100644 +--- a/drivers/power/power_supply_sysfs.c ++++ b/drivers/power/power_supply_sysfs.c +@@ -229,17 +229,15 @@ static struct attribute_group power_supply_attr_group = { + .is_visible = power_supply_attr_is_visible, + }; +-static const struct attribute_group *power_supply_attr_groups[] = { ++const struct attribute_group *power_supply_attr_groups[] = { + &power_supply_attr_group, + NULL, + }; + +-void power_supply_init_attrs(struct device_type *dev_type) ++void power_supply_init_attrs(void) + { + int i; + +- dev_type->groups = power_supply_attr_groups; +- + for (i = 0; i < ARRAY_SIZE(power_supply_attrs); i++) + __power_supply_attrs[i] = &power_supply_attrs[i].attr; + } diff --git a/drivers/regulator/max8660.c b/drivers/regulator/max8660.c -index 8d53174..04c65de 100644 +index 4d7c635..9860196 100644 --- a/drivers/regulator/max8660.c +++ b/drivers/regulator/max8660.c -@@ -333,8 +333,10 @@ static int __devinit max8660_probe(struct i2c_client *client, +@@ -333,8 +333,10 @@ static int max8660_probe(struct i2c_client *client, max8660->shadow_regs[MAX8660_OVER1] = 5; } else { /* Otherwise devices can be toggled via software */ @@ -37034,11 +40656,30 @@ index 8d53174..04c65de 100644 } /* +diff --git a/drivers/regulator/max8973-regulator.c b/drivers/regulator/max8973-regulator.c +index 9a8ea91..c483dd9 100644 +--- a/drivers/regulator/max8973-regulator.c ++++ b/drivers/regulator/max8973-regulator.c +@@ -401,9 +401,11 @@ static int max8973_probe(struct i2c_client *client, + if (!pdata->enable_ext_control) { + max->desc.enable_reg = MAX8973_VOUT; + max->desc.enable_mask = MAX8973_VOUT_ENABLE; +- max8973_dcdc_ops.enable = regulator_enable_regmap; +- max8973_dcdc_ops.disable = regulator_disable_regmap; +- max8973_dcdc_ops.is_enabled = regulator_is_enabled_regmap; ++ pax_open_kernel(); ++ *(void **)&max8973_dcdc_ops.enable = regulator_enable_regmap; ++ *(void **)&max8973_dcdc_ops.disable = regulator_disable_regmap; ++ *(void **)&max8973_dcdc_ops.is_enabled = regulator_is_enabled_regmap; ++ pax_close_kernel(); + } + + max->enable_external_control = pdata->enable_ext_control; diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c -index b388b74..ed82573 100644 +index 0d84b1f..c2da6ac 100644 --- a/drivers/regulator/mc13892-regulator.c +++ b/drivers/regulator/mc13892-regulator.c -@@ -565,10 +565,12 @@ static int __devinit mc13892_regulator_probe(struct platform_device *pdev) +@@ -540,10 +540,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev) } mc13xxx_unlock(mc13892); @@ -37053,8 +40694,23 @@ index b388b74..ed82573 100644 mc13xxx_data = mc13xxx_parse_regulators_dt(pdev, mc13892_regulators, ARRAY_SIZE(mc13892_regulators)); +diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c +index 16630aa..6afc992 100644 +--- a/drivers/rtc/rtc-cmos.c ++++ b/drivers/rtc/rtc-cmos.c +@@ -724,7 +724,9 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq) + hpet_rtc_timer_init(); + + /* export at least the first block of NVRAM */ +- nvram.size = address_space - NVRAM_OFFSET; ++ pax_open_kernel(); ++ *(size_t *)&nvram.size = address_space - NVRAM_OFFSET; ++ pax_close_kernel(); + retval = sysfs_create_bin_file(&dev->kobj, &nvram); + if (retval < 0) { + dev_dbg(dev, "can't create nvram file? %d\n", retval); diff --git a/drivers/rtc/rtc-dev.c b/drivers/rtc/rtc-dev.c -index cace6d3..f623fda 100644 +index 9a86b4b..3a383dc 100644 --- a/drivers/rtc/rtc-dev.c +++ b/drivers/rtc/rtc-dev.c @@ -14,6 +14,7 @@ @@ -37074,103 +40730,49 @@ index cace6d3..f623fda 100644 return rtc_set_time(rtc, &tm); case RTC_PIE_ON: -diff --git a/drivers/scsi/aacraid/aacraid.h b/drivers/scsi/aacraid/aacraid.h -index 9e933a8..4f969f7 100644 ---- a/drivers/scsi/aacraid/aacraid.h -+++ b/drivers/scsi/aacraid/aacraid.h -@@ -503,7 +503,7 @@ struct adapter_ops - int (*adapter_scsi)(struct fib * fib, struct scsi_cmnd * cmd); - /* Administrative operations */ - int (*adapter_comm)(struct aac_dev * dev, int comm); --}; -+} __no_const; +diff --git a/drivers/rtc/rtc-ds1307.c b/drivers/rtc/rtc-ds1307.c +index e0d0ba4..3c65868 100644 +--- a/drivers/rtc/rtc-ds1307.c ++++ b/drivers/rtc/rtc-ds1307.c +@@ -106,7 +106,7 @@ struct ds1307 { + u8 offset; /* register's offset */ + u8 regs[11]; + u16 nvram_offset; +- struct bin_attribute *nvram; ++ bin_attribute_no_const *nvram; + enum ds_type type; + unsigned long flags; + #define HAS_NVRAM 0 /* bit 0 == sysfs file active */ +diff --git a/drivers/rtc/rtc-m48t59.c b/drivers/rtc/rtc-m48t59.c +index 130f29a..6179d03 100644 +--- a/drivers/rtc/rtc-m48t59.c ++++ b/drivers/rtc/rtc-m48t59.c +@@ -482,7 +482,9 @@ static int m48t59_rtc_probe(struct platform_device *pdev) + goto out; + } - /* - * Define which interrupt handler needs to be installed -diff --git a/drivers/scsi/aacraid/linit.c b/drivers/scsi/aacraid/linit.c -index 7199534..cb7f158 100644 ---- a/drivers/scsi/aacraid/linit.c -+++ b/drivers/scsi/aacraid/linit.c -@@ -93,7 +93,7 @@ static DECLARE_PCI_DEVICE_TABLE(aac_pci_tbl) = { - #elif defined(__devinitconst) - static const struct pci_device_id aac_pci_tbl[] __devinitconst = { - #else --static const struct pci_device_id aac_pci_tbl[] __devinitdata = { -+static const struct pci_device_id aac_pci_tbl[] __devinitconst = { - #endif - { 0x1028, 0x0001, 0x1028, 0x0001, 0, 0, 0 }, /* PERC 2/Si (Iguana/PERC2Si) */ - { 0x1028, 0x0002, 0x1028, 0x0002, 0, 0, 1 }, /* PERC 3/Di (Opal/PERC3Di) */ -diff --git a/drivers/scsi/aic94xx/aic94xx_init.c b/drivers/scsi/aic94xx/aic94xx_init.c -index ff80552..1c4120c 100644 ---- a/drivers/scsi/aic94xx/aic94xx_init.c -+++ b/drivers/scsi/aic94xx/aic94xx_init.c -@@ -1012,7 +1012,7 @@ static struct sas_domain_function_template aic94xx_transport_functions = { - .lldd_ata_set_dmamode = asd_set_dmamode, - }; +- m48t59_nvram_attr.size = pdata->offset; ++ pax_open_kernel(); ++ *(size_t *)&m48t59_nvram_attr.size = pdata->offset; ++ pax_close_kernel(); --static const struct pci_device_id aic94xx_pci_table[] __devinitdata = { -+static const struct pci_device_id aic94xx_pci_table[] __devinitconst = { - {PCI_DEVICE(PCI_VENDOR_ID_ADAPTEC2, 0x410),0, 0, 1}, - {PCI_DEVICE(PCI_VENDOR_ID_ADAPTEC2, 0x412),0, 0, 1}, - {PCI_DEVICE(PCI_VENDOR_ID_ADAPTEC2, 0x416),0, 0, 1}, -diff --git a/drivers/scsi/bfa/bfa.h b/drivers/scsi/bfa/bfa.h -index 4ad7e36..d004679 100644 ---- a/drivers/scsi/bfa/bfa.h -+++ b/drivers/scsi/bfa/bfa.h -@@ -196,7 +196,7 @@ struct bfa_hwif_s { - u32 *end); - int cpe_vec_q0; - int rme_vec_q0; --}; -+} __no_const; - typedef void (*bfa_cb_iocfc_t) (void *cbarg, enum bfa_status status); - - struct bfa_faa_cbfn_s { -diff --git a/drivers/scsi/bfa/bfa_fcpim.c b/drivers/scsi/bfa/bfa_fcpim.c -index f0f80e2..8ec946b 100644 ---- a/drivers/scsi/bfa/bfa_fcpim.c -+++ b/drivers/scsi/bfa/bfa_fcpim.c -@@ -3715,7 +3715,7 @@ bfa_fcp_attach(struct bfa_s *bfa, void *bfad, struct bfa_iocfc_cfg_s *cfg, - - bfa_iotag_attach(fcp); - -- fcp->itn_arr = (struct bfa_itn_s *) bfa_mem_kva_curp(fcp); -+ fcp->itn_arr = (bfa_itn_s_no_const *) bfa_mem_kva_curp(fcp); - bfa_mem_kva_curp(fcp) = (u8 *)fcp->itn_arr + - (fcp->num_itns * sizeof(struct bfa_itn_s)); - memset(fcp->itn_arr, 0, -@@ -3773,7 +3773,7 @@ bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport, - void (*isr)(struct bfa_s *bfa, struct bfi_msg_s *m)) - { - struct bfa_fcp_mod_s *fcp = BFA_FCP_MOD(bfa); -- struct bfa_itn_s *itn; -+ bfa_itn_s_no_const *itn; - - itn = BFA_ITN_FROM_TAG(fcp, rport->rport_tag); - itn->isr = isr; + ret = sysfs_create_bin_file(&pdev->dev.kobj, &m48t59_nvram_attr); + if (ret) { diff --git a/drivers/scsi/bfa/bfa_fcpim.h b/drivers/scsi/bfa/bfa_fcpim.h -index 36f26da..38a34a8 100644 +index e693af6..2e525b6 100644 --- a/drivers/scsi/bfa/bfa_fcpim.h +++ b/drivers/scsi/bfa/bfa_fcpim.h -@@ -37,6 +37,7 @@ struct bfa_iotag_s { +@@ -36,7 +36,7 @@ struct bfa_iotag_s { + struct bfa_itn_s { bfa_isr_func_t isr; - }; -+typedef struct bfa_itn_s __no_const bfa_itn_s_no_const; +-}; ++} __no_const; void bfa_itn_create(struct bfa_s *bfa, struct bfa_rport_s *rport, void (*isr)(struct bfa_s *bfa, struct bfi_msg_s *m)); -@@ -147,7 +148,7 @@ struct bfa_fcp_mod_s { - struct list_head iotag_tio_free_q; /* free IO resources */ - struct list_head iotag_unused_q; /* unused IO resources*/ - struct bfa_iotag_s *iotag_arr; -- struct bfa_itn_s *itn_arr; -+ bfa_itn_s_no_const *itn_arr; - int num_ioim_reqs; - int num_fwtio_reqs; - int num_itns; diff --git a/drivers/scsi/bfa/bfa_ioc.h b/drivers/scsi/bfa/bfa_ioc.h -index 1a99d4b..e85d64b 100644 +index 23a90e7..9cf04ee 100644 --- a/drivers/scsi/bfa/bfa_ioc.h +++ b/drivers/scsi/bfa/bfa_ioc.h @@ -258,7 +258,7 @@ struct bfa_ioc_cbfn_s { @@ -37214,10 +40816,10 @@ index 593085a..47aa999 100644 /* These three are default values which can be overridden */ diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c -index f9823f2..7bc3e81 100644 +index 4f33806..afd6f60 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c -@@ -536,7 +536,7 @@ static inline u32 next_command(struct ctlr_info *h, u8 q) +@@ -554,7 +554,7 @@ static inline u32 next_command(struct ctlr_info *h, u8 q) unsigned long flags; if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant))) @@ -37226,7 +40828,7 @@ index f9823f2..7bc3e81 100644 if ((rq->head[rq->current_entry] & 1) == rq->wraparound) { a = rq->head[rq->current_entry]; -@@ -3355,7 +3355,7 @@ static void start_io(struct ctlr_info *h) +@@ -3374,7 +3374,7 @@ static void start_io(struct ctlr_info *h) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, struct CommandList, list); /* can't do anything if fifo is full */ @@ -37235,7 +40837,7 @@ index f9823f2..7bc3e81 100644 dev_warn(&h->pdev->dev, "fifo full\n"); break; } -@@ -3377,7 +3377,7 @@ static void start_io(struct ctlr_info *h) +@@ -3396,7 +3396,7 @@ static void start_io(struct ctlr_info *h) /* Tell the controller execute command */ spin_unlock_irqrestore(&h->lock, flags); @@ -37244,7 +40846,7 @@ index f9823f2..7bc3e81 100644 spin_lock_irqsave(&h->lock, flags); } spin_unlock_irqrestore(&h->lock, flags); -@@ -3385,17 +3385,17 @@ static void start_io(struct ctlr_info *h) +@@ -3404,17 +3404,17 @@ static void start_io(struct ctlr_info *h) static inline unsigned long get_next_completion(struct ctlr_info *h, u8 q) { @@ -37265,7 +40867,7 @@ index f9823f2..7bc3e81 100644 (h->interrupts_enabled == 0); } -@@ -4299,7 +4299,7 @@ static int __devinit hpsa_pci_init(struct ctlr_info *h) +@@ -4316,7 +4316,7 @@ static int hpsa_pci_init(struct ctlr_info *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -37274,7 +40876,7 @@ index f9823f2..7bc3e81 100644 pci_disable_link_state(h->pdev, PCIE_LINK_STATE_L0S | PCIE_LINK_STATE_L1 | PCIE_LINK_STATE_CLKPM); -@@ -4581,7 +4581,7 @@ static void controller_lockup_detected(struct ctlr_info *h) +@@ -4598,7 +4598,7 @@ static void controller_lockup_detected(struct ctlr_info *h) assert_spin_locked(&lockup_detector_lock); remove_ctlr_from_lockup_detector_list(h); @@ -37283,7 +40885,7 @@ index f9823f2..7bc3e81 100644 spin_lock_irqsave(&h->lock, flags); h->lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET); spin_unlock_irqrestore(&h->lock, flags); -@@ -4759,7 +4759,7 @@ reinit_after_soft_reset: +@@ -4775,7 +4775,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -37292,7 +40894,7 @@ index f9823f2..7bc3e81 100644 if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx)) goto clean2; -@@ -4793,7 +4793,7 @@ reinit_after_soft_reset: +@@ -4809,7 +4809,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -37301,7 +40903,7 @@ index f9823f2..7bc3e81 100644 spin_unlock_irqrestore(&h->lock, flags); free_irqs(h); rc = hpsa_request_irq(h, hpsa_msix_discard_completions, -@@ -4812,9 +4812,9 @@ reinit_after_soft_reset: +@@ -4828,9 +4828,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -37313,7 +40915,7 @@ index f9823f2..7bc3e81 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -4835,7 +4835,7 @@ reinit_after_soft_reset: +@@ -4851,7 +4851,7 @@ reinit_after_soft_reset: } /* Turn the interrupts on so we can service requests */ @@ -37322,7 +40924,7 @@ index f9823f2..7bc3e81 100644 hpsa_hba_inquiry(h); hpsa_register_scsi(h); /* hook ourselves into SCSI subsystem */ -@@ -4887,7 +4887,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) +@@ -4903,7 +4903,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) * To write all data in the battery backed cache to disks */ hpsa_flush_cache(h); @@ -37331,7 +40933,7 @@ index f9823f2..7bc3e81 100644 hpsa_free_irqs_and_disable_msix(h); } -@@ -5056,7 +5056,7 @@ static __devinit void hpsa_enter_performant_mode(struct ctlr_info *h, +@@ -5071,7 +5071,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 use_short_tags) return; } /* Change the access methods to the performant access methods */ @@ -37353,19 +40955,6 @@ index 9816479..c5d4e97 100644 /* queue and queue Info */ struct list_head reqQ; -diff --git a/drivers/scsi/ips.h b/drivers/scsi/ips.h -index f2df059..a3a9930 100644 ---- a/drivers/scsi/ips.h -+++ b/drivers/scsi/ips.h -@@ -1027,7 +1027,7 @@ typedef struct { - int (*intr)(struct ips_ha *); - void (*enableint)(struct ips_ha *); - uint32_t (*statupd)(struct ips_ha *); --} ips_hw_func_t; -+} __no_const ips_hw_func_t; - - typedef struct ips_ha { - uint8_t ha_id[IPS_MAX_CHANNELS+1]; diff --git a/drivers/scsi/libfc/fc_exch.c b/drivers/scsi/libfc/fc_exch.c index c772d8d..35c362c 100644 --- a/drivers/scsi/libfc/fc_exch.c @@ -37512,7 +41101,7 @@ index c772d8d..35c362c 100644 } EXPORT_SYMBOL(fc_exch_update_stats); diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c -index a59fcdc..abe55f3 100644 +index bdb81cd..d3c7c2c 100644 --- a/drivers/scsi/libsas/sas_ata.c +++ b/drivers/scsi/libsas/sas_ata.c @@ -554,7 +554,7 @@ static struct ata_port_operations sas_sata_ops = { @@ -37525,10 +41114,10 @@ index a59fcdc..abe55f3 100644 .qc_issue = sas_ata_qc_issue, .qc_fill_rtf = sas_ata_qc_fill_rtf, diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h -index a65c05a..a39e402 100644 +index df4c13a..a51e90c 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h -@@ -420,7 +420,7 @@ struct lpfc_vport { +@@ -424,7 +424,7 @@ struct lpfc_vport { struct dentry *debug_nodelist; struct dentry *vport_debugfs_root; struct lpfc_debugfs_trc *disc_trc; @@ -37537,7 +41126,7 @@ index a65c05a..a39e402 100644 #endif uint8_t stat_data_enabled; uint8_t stat_data_blocked; -@@ -834,8 +834,8 @@ struct lpfc_hba { +@@ -842,8 +842,8 @@ struct lpfc_hba { struct timer_list fabric_block_timer; unsigned long bit_flags; #define FABRIC_COMANDS_BLOCKED 0 @@ -37548,7 +41137,7 @@ index a65c05a..a39e402 100644 unsigned long last_rsrc_error_time; unsigned long last_ramp_down_time; unsigned long last_ramp_up_time; -@@ -871,7 +871,7 @@ struct lpfc_hba { +@@ -879,7 +879,7 @@ struct lpfc_hba { struct dentry *debug_slow_ring_trc; struct lpfc_debugfs_trc *slow_ring_trc; @@ -37558,7 +41147,7 @@ index a65c05a..a39e402 100644 struct dentry *idiag_root; struct dentry *idiag_pci_cfg; diff --git a/drivers/scsi/lpfc/lpfc_debugfs.c b/drivers/scsi/lpfc/lpfc_debugfs.c -index 3217d63..c417981 100644 +index f63f5ff..de29189 100644 --- a/drivers/scsi/lpfc/lpfc_debugfs.c +++ b/drivers/scsi/lpfc/lpfc_debugfs.c @@ -106,7 +106,7 @@ MODULE_PARM_DESC(lpfc_debugfs_mask_disc_trc, @@ -37588,7 +41177,7 @@ index 3217d63..c417981 100644 (lpfc_debugfs_max_slow_ring_trc - 1); for (i = index; i < lpfc_debugfs_max_slow_ring_trc; i++) { dtp = phba->slow_ring_trc + i; -@@ -636,14 +636,14 @@ lpfc_debugfs_disc_trc(struct lpfc_vport *vport, int mask, char *fmt, +@@ -646,14 +646,14 @@ lpfc_debugfs_disc_trc(struct lpfc_vport *vport, int mask, char *fmt, !vport || !vport->disc_trc) return; @@ -37605,7 +41194,7 @@ index 3217d63..c417981 100644 dtp->jif = jiffies; #endif return; -@@ -674,14 +674,14 @@ lpfc_debugfs_slow_ring_trc(struct lpfc_hba *phba, char *fmt, +@@ -684,14 +684,14 @@ lpfc_debugfs_slow_ring_trc(struct lpfc_hba *phba, char *fmt, !phba || !phba->slow_ring_trc) return; @@ -37622,7 +41211,7 @@ index 3217d63..c417981 100644 dtp->jif = jiffies; #endif return; -@@ -4090,7 +4090,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) +@@ -4182,7 +4182,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) "slow_ring buffer\n"); goto debug_failed; } @@ -37631,7 +41220,7 @@ index 3217d63..c417981 100644 memset(phba->slow_ring_trc, 0, (sizeof(struct lpfc_debugfs_trc) * lpfc_debugfs_max_slow_ring_trc)); -@@ -4136,7 +4136,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) +@@ -4228,7 +4228,7 @@ lpfc_debugfs_initialize(struct lpfc_vport *vport) "buffer\n"); goto debug_failed; } @@ -37641,10 +41230,10 @@ index 3217d63..c417981 100644 snprintf(name, sizeof(name), "discovery_trace"); vport->debug_disc_trc = diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c -index 45c1520..35ba744 100644 +index 89ad558..76956c4 100644 --- a/drivers/scsi/lpfc/lpfc_init.c +++ b/drivers/scsi/lpfc/lpfc_init.c -@@ -10478,8 +10478,10 @@ lpfc_init(void) +@@ -10618,8 +10618,10 @@ lpfc_init(void) "misc_register returned with status %d", error); if (lpfc_enable_npiv) { @@ -37658,10 +41247,10 @@ index 45c1520..35ba744 100644 lpfc_transport_template = fc_attach_transport(&lpfc_transport_functions); diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c -index 925975d..0f1fc07 100644 +index 60e5a17..ff7a793 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c -@@ -311,7 +311,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba) +@@ -305,7 +305,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba) uint32_t evt_posted; spin_lock_irqsave(&phba->hbalock, flags); @@ -37670,7 +41259,7 @@ index 925975d..0f1fc07 100644 phba->last_rsrc_error_time = jiffies; if ((phba->last_ramp_down_time + QUEUE_RAMP_DOWN_INTERVAL) > jiffies) { -@@ -352,7 +352,7 @@ lpfc_rampup_queue_depth(struct lpfc_vport *vport, +@@ -346,7 +346,7 @@ lpfc_rampup_queue_depth(struct lpfc_vport *vport, unsigned long flags; struct lpfc_hba *phba = vport->phba; uint32_t evt_posted; @@ -37679,7 +41268,7 @@ index 925975d..0f1fc07 100644 if (vport->cfg_lun_queue_depth <= queue_depth) return; -@@ -396,8 +396,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) +@@ -390,8 +390,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) unsigned long num_rsrc_err, num_cmd_success; int i; @@ -37690,7 +41279,7 @@ index 925975d..0f1fc07 100644 /* * The error and success command counters are global per -@@ -425,8 +425,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) +@@ -419,8 +419,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) } } lpfc_destroy_vport_work_array(phba, vports); @@ -37701,7 +41290,7 @@ index 925975d..0f1fc07 100644 } /** -@@ -460,8 +460,8 @@ lpfc_ramp_up_queue_handler(struct lpfc_hba *phba) +@@ -454,8 +454,8 @@ lpfc_ramp_up_queue_handler(struct lpfc_hba *phba) } } lpfc_destroy_vport_work_array(phba, vports); @@ -37713,7 +41302,7 @@ index 925975d..0f1fc07 100644 /** diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c -index ea8a0b4..812a124 100644 +index b46f5e9..c4c4ccb 100644 --- a/drivers/scsi/pmcraid.c +++ b/drivers/scsi/pmcraid.c @@ -200,8 +200,8 @@ static int pmcraid_slave_alloc(struct scsi_device *scsi_dev) @@ -37766,7 +41355,7 @@ index ea8a0b4..812a124 100644 return; fw_version = be16_to_cpu(pinstance->inq_data->fw_version); -@@ -5331,8 +5331,8 @@ static int __devinit pmcraid_init_instance( +@@ -5324,8 +5324,8 @@ static int pmcraid_init_instance(struct pci_dev *pdev, struct Scsi_Host *host, init_waitqueue_head(&pinstance->reset_wait_q); atomic_set(&pinstance->outstanding_cmds, 0); @@ -37777,7 +41366,7 @@ index ea8a0b4..812a124 100644 INIT_LIST_HEAD(&pinstance->free_res_q); INIT_LIST_HEAD(&pinstance->used_res_q); -@@ -6047,7 +6047,7 @@ static int __devinit pmcraid_probe( +@@ -6038,7 +6038,7 @@ static int pmcraid_probe(struct pci_dev *pdev, /* Schedule worker thread to handle CCN and take care of adding and * removing devices to OS */ @@ -37820,10 +41409,10 @@ index e1d150f..6c6df44 100644 /* To indicate add/delete/modify during CCN */ u8 change_detected; diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c -index 5ab9530..2dd80f7 100644 +index 83d7984..a27d947 100644 --- a/drivers/scsi/qla2xxx/qla_attr.c +++ b/drivers/scsi/qla2xxx/qla_attr.c -@@ -1855,7 +1855,7 @@ qla24xx_vport_disable(struct fc_vport *fc_vport, bool disable) +@@ -1969,7 +1969,7 @@ qla24xx_vport_disable(struct fc_vport *fc_vport, bool disable) return 0; } @@ -37832,7 +41421,7 @@ index 5ab9530..2dd80f7 100644 .show_host_node_name = 1, .show_host_port_name = 1, -@@ -1902,7 +1902,7 @@ struct fc_function_template qla2xxx_transport_functions = { +@@ -2016,7 +2016,7 @@ struct fc_function_template qla2xxx_transport_functions = { .bsg_timeout = qla24xx_bsg_timeout, }; @@ -37841,24 +41430,11 @@ index 5ab9530..2dd80f7 100644 .show_host_node_name = 1, .show_host_port_name = 1, -diff --git a/drivers/scsi/qla2xxx/qla_def.h b/drivers/scsi/qla2xxx/qla_def.h -index 39007f5..7fafc64 100644 ---- a/drivers/scsi/qla2xxx/qla_def.h -+++ b/drivers/scsi/qla2xxx/qla_def.h -@@ -2284,7 +2284,7 @@ struct isp_operations { - int (*start_scsi) (srb_t *); - int (*abort_isp) (struct scsi_qla_host *); - int (*iospace_config)(struct qla_hw_data*); --}; -+} __no_const; - - /* MSI-X Support *************************************************************/ - diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h -index 9eacd2d..d79629c 100644 +index 2411d1a..4673766 100644 --- a/drivers/scsi/qla2xxx/qla_gbl.h +++ b/drivers/scsi/qla2xxx/qla_gbl.h -@@ -484,8 +484,8 @@ extern void qla2x00_get_sym_node_name(scsi_qla_host_t *, uint8_t *); +@@ -515,8 +515,8 @@ extern void qla2x00_get_sym_node_name(scsi_qla_host_t *, uint8_t *); struct device_attribute; extern struct device_attribute *qla2x00_host_attrs[]; struct fc_function_template; @@ -37869,11 +41445,28 @@ index 9eacd2d..d79629c 100644 extern void qla2x00_alloc_sysfs_attr(scsi_qla_host_t *); extern void qla2x00_free_sysfs_attr(scsi_qla_host_t *); extern void qla2x00_init_host_attr(scsi_qla_host_t *); +diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c +index 10d23f8..a7d5d4c 100644 +--- a/drivers/scsi/qla2xxx/qla_os.c ++++ b/drivers/scsi/qla2xxx/qla_os.c +@@ -1472,8 +1472,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha) + !pci_set_consistent_dma_mask(ha->pdev, DMA_BIT_MASK(64))) { + /* Ok, a 64bit DMA mask is applicable. */ + ha->flags.enable_64bit_addressing = 1; +- ha->isp_ops->calc_req_entries = qla2x00_calc_iocbs_64; +- ha->isp_ops->build_iocbs = qla2x00_build_scsi_iocbs_64; ++ pax_open_kernel(); ++ *(void **)&ha->isp_ops->calc_req_entries = qla2x00_calc_iocbs_64; ++ *(void **)&ha->isp_ops->build_iocbs = qla2x00_build_scsi_iocbs_64; ++ pax_close_kernel(); + return; + } + } diff --git a/drivers/scsi/qla4xxx/ql4_def.h b/drivers/scsi/qla4xxx/ql4_def.h -index 7fdba7f..1b4b2c2 100644 +index 329d553..f20d31d 100644 --- a/drivers/scsi/qla4xxx/ql4_def.h +++ b/drivers/scsi/qla4xxx/ql4_def.h -@@ -268,7 +268,7 @@ struct ddb_entry { +@@ -273,7 +273,7 @@ struct ddb_entry { * (4000 only) */ atomic_t relogin_timer; /* Max Time to wait for * relogin to complete */ @@ -37883,10 +41476,10 @@ index 7fdba7f..1b4b2c2 100644 uint32_t default_time2wait; /* Default Min time between * relogins (+aens) */ diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c -index 9da4266..377b3b6 100644 +index 4cec123..7c1329f 100644 --- a/drivers/scsi/qla4xxx/ql4_os.c +++ b/drivers/scsi/qla4xxx/ql4_os.c -@@ -2615,12 +2615,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess) +@@ -2621,12 +2621,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess) */ if (!iscsi_is_session_online(cls_sess)) { /* Reset retry relogin timer */ @@ -37901,7 +41494,7 @@ index 9da4266..377b3b6 100644 ddb_entry->default_time2wait + 4)); set_bit(DPC_RELOGIN_DEVICE, &ha->dpc_flags); atomic_set(&ddb_entry->retry_relogin_timer, -@@ -4635,7 +4635,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha, +@@ -4738,7 +4738,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha, atomic_set(&ddb_entry->retry_relogin_timer, INVALID_ENTRY); atomic_set(&ddb_entry->relogin_timer, 0); @@ -37911,10 +41504,10 @@ index 9da4266..377b3b6 100644 ddb_entry->default_relogin_timeout = (def_timeout > LOGIN_TOV) && (def_timeout < LOGIN_TOV * 10) ? diff --git a/drivers/scsi/scsi.c b/drivers/scsi/scsi.c -index 2936b44..546ecdb 100644 +index 2c0d0ec..4e8681a 100644 --- a/drivers/scsi/scsi.c +++ b/drivers/scsi/scsi.c -@@ -660,7 +660,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) +@@ -661,7 +661,7 @@ int scsi_dispatch_cmd(struct scsi_cmnd *cmd) unsigned long timeout; int rtn = 0; @@ -37924,10 +41517,10 @@ index 2936b44..546ecdb 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index faa790f..7e351ddd 100644 +index f1bf5af..f67e943 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -1442,7 +1442,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) +@@ -1454,7 +1454,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) shost = sdev->host; scsi_init_cmd_errh(cmd); cmd->result = DID_NO_CONNECT << 16; @@ -37936,7 +41529,7 @@ index faa790f..7e351ddd 100644 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1468,9 +1468,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1480,9 +1480,9 @@ static void scsi_softirq_done(struct request *rq) INIT_LIST_HEAD(&cmd->eh_entry); @@ -38015,7 +41608,7 @@ index e894ca7..de9d7660 100644 /* * Check for overflow; dev_loss_tmo is u32 diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c -index fa1dfaa..4bb620c 100644 +index 31969f2..2b348f0 100644 --- a/drivers/scsi/scsi_transport_iscsi.c +++ b/drivers/scsi/scsi_transport_iscsi.c @@ -79,7 +79,7 @@ struct iscsi_internal { @@ -38046,7 +41639,7 @@ index fa1dfaa..4bb620c 100644 err = class_register(&iscsi_transport_class); if (err) diff --git a/drivers/scsi/scsi_transport_srp.c b/drivers/scsi/scsi_transport_srp.c -index 21a045e..ec89e03 100644 +index f379c7f..e8fc69c 100644 --- a/drivers/scsi/scsi_transport_srp.c +++ b/drivers/scsi/scsi_transport_srp.c @@ -33,7 +33,7 @@ @@ -38058,7 +41651,7 @@ index 21a045e..ec89e03 100644 }; #define to_srp_host_attrs(host) ((struct srp_host_attrs *)(host)->shost_data) -@@ -62,7 +62,7 @@ static int srp_host_setup(struct transport_container *tc, struct device *dev, +@@ -61,7 +61,7 @@ static int srp_host_setup(struct transport_container *tc, struct device *dev, struct Scsi_Host *shost = dev_to_shost(dev); struct srp_host_attrs *srp_host = to_srp_host_attrs(shost); @@ -38067,7 +41660,7 @@ index 21a045e..ec89e03 100644 return 0; } -@@ -211,7 +211,7 @@ struct srp_rport *srp_rport_add(struct Scsi_Host *shost, +@@ -210,7 +210,7 @@ struct srp_rport *srp_rport_add(struct Scsi_Host *shost, memcpy(rport->port_id, ids->port_id, sizeof(rport->port_id)); rport->roles = ids->roles; @@ -38077,10 +41670,10 @@ index 21a045e..ec89e03 100644 transport_setup_device(&rport->dev); diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 8afedd6..0981401 100644 +index 7992635..609faf8 100644 --- a/drivers/scsi/sd.c +++ b/drivers/scsi/sd.c -@@ -2709,7 +2709,7 @@ static int sd_probe(struct device *dev) +@@ -2909,7 +2909,7 @@ static int sd_probe(struct device *dev) sdkp->disk = gd; sdkp->index = index; atomic_set(&sdkp->openers, 0); @@ -38090,7 +41683,7 @@ index 8afedd6..0981401 100644 if (!sdp->request_queue->rq_timeout) { if (sdp->type != TYPE_MOD) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c -index 9c5c5f2..8414557 100644 +index be2c9a6..275525c 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -1101,7 +1101,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) @@ -38103,10 +41696,10 @@ index 9c5c5f2..8414557 100644 return blk_trace_startstop(sdp->device->request_queue, 1); case BLKTRACESTOP: diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c -index 84c2861..ece0a31 100644 +index 19ee901..6e8c2ef 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c -@@ -1453,7 +1453,7 @@ int spi_bus_unlock(struct spi_master *master) +@@ -1616,7 +1616,7 @@ int spi_bus_unlock(struct spi_master *master) EXPORT_SYMBOL_GPL(spi_bus_unlock); /* portable code must never pass more than 32 bytes */ @@ -38115,6 +41708,19 @@ index 84c2861..ece0a31 100644 static u8 *buf; +diff --git a/drivers/staging/iio/iio_hwmon.c b/drivers/staging/iio/iio_hwmon.c +index c7a5f97..71ecd35 100644 +--- a/drivers/staging/iio/iio_hwmon.c ++++ b/drivers/staging/iio/iio_hwmon.c +@@ -72,7 +72,7 @@ static void iio_hwmon_free_attrs(struct iio_hwmon_state *st) + static int iio_hwmon_probe(struct platform_device *pdev) + { + struct iio_hwmon_state *st; +- struct sensor_device_attribute *a; ++ sensor_device_attribute_no_const *a; + int ret, i; + int in_i = 1, temp_i = 1, curr_i = 1; + enum iio_chan_type type; diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c index 34afc16..ffe44dd 100644 --- a/drivers/staging/octeon/ethernet-rx.c @@ -38148,7 +41754,7 @@ index 34afc16..ffe44dd 100644 dev_kfree_skb_irq(skb); } diff --git a/drivers/staging/octeon/ethernet.c b/drivers/staging/octeon/ethernet.c -index 683bedc..86dba9a 100644 +index ef32dc1..a159d68 100644 --- a/drivers/staging/octeon/ethernet.c +++ b/drivers/staging/octeon/ethernet.c @@ -252,11 +252,11 @@ static struct net_device_stats *cvm_oct_common_get_stats(struct net_device *dev) @@ -38167,18 +41773,227 @@ index 683bedc..86dba9a 100644 #endif } -diff --git a/drivers/staging/omapdrm/omap_drv.c b/drivers/staging/omapdrm/omap_drv.c -index 4beab94..44149ee 100644 ---- a/drivers/staging/omapdrm/omap_drv.c -+++ b/drivers/staging/omapdrm/omap_drv.c -@@ -761,7 +761,6 @@ static struct drm_driver omap_drm_driver = { - .irq_postinstall = dev_irq_postinstall, - .irq_uninstall = dev_irq_uninstall, - .irq_handler = dev_irq_handler, -- .reclaim_buffers = drm_core_reclaim_buffers, - #ifdef CONFIG_DEBUG_FS - .debugfs_init = omap_debugfs_init, - .debugfs_cleanup = omap_debugfs_cleanup, +diff --git a/drivers/staging/ramster/tmem.c b/drivers/staging/ramster/tmem.c +index a2b7e03..aaf3630 100644 +--- a/drivers/staging/ramster/tmem.c ++++ b/drivers/staging/ramster/tmem.c +@@ -50,25 +50,25 @@ + * A tmem host implementation must use this function to register callbacks + * for memory allocation. + */ +-static struct tmem_hostops tmem_hostops; ++static struct tmem_hostops *tmem_hostops; + + static void tmem_objnode_tree_init(void); + + void tmem_register_hostops(struct tmem_hostops *m) + { + tmem_objnode_tree_init(); +- tmem_hostops = *m; ++ tmem_hostops = m; + } + + /* + * A tmem host implementation must use this function to register + * callbacks for a page-accessible memory (PAM) implementation. + */ +-static struct tmem_pamops tmem_pamops; ++static struct tmem_pamops *tmem_pamops; + + void tmem_register_pamops(struct tmem_pamops *m) + { +- tmem_pamops = *m; ++ tmem_pamops = m; + } + + /* +@@ -174,7 +174,7 @@ static void tmem_obj_init(struct tmem_obj *obj, struct tmem_hashbucket *hb, + obj->pampd_count = 0; + #ifdef CONFIG_RAMSTER + if (tmem_pamops.new_obj != NULL) +- (*tmem_pamops.new_obj)(obj); ++ (tmem_pamops->new_obj)(obj); + #endif + SET_SENTINEL(obj, OBJ); + +@@ -210,7 +210,7 @@ static void tmem_pool_flush(struct tmem_pool *pool, bool destroy) + rbnode = rb_next(rbnode); + tmem_pampd_destroy_all_in_obj(obj, true); + tmem_obj_free(obj, hb); +- (*tmem_hostops.obj_free)(obj, pool); ++ (tmem_hostops->obj_free)(obj, pool); + } + spin_unlock(&hb->lock); + } +@@ -261,7 +261,7 @@ static struct tmem_objnode *tmem_objnode_alloc(struct tmem_obj *obj) + ASSERT_SENTINEL(obj, OBJ); + BUG_ON(obj->pool == NULL); + ASSERT_SENTINEL(obj->pool, POOL); +- objnode = (*tmem_hostops.objnode_alloc)(obj->pool); ++ objnode = (tmem_hostops->objnode_alloc)(obj->pool); + if (unlikely(objnode == NULL)) + goto out; + objnode->obj = obj; +@@ -290,7 +290,7 @@ static void tmem_objnode_free(struct tmem_objnode *objnode) + ASSERT_SENTINEL(pool, POOL); + objnode->obj->objnode_count--; + objnode->obj = NULL; +- (*tmem_hostops.objnode_free)(objnode, pool); ++ (tmem_hostops->objnode_free)(objnode, pool); + } + + /* +@@ -348,7 +348,7 @@ static void *tmem_pampd_replace_in_obj(struct tmem_obj *obj, uint32_t index, + void *old_pampd = *(void **)slot; + *(void **)slot = new_pampd; + if (!no_free) +- (*tmem_pamops.free)(old_pampd, obj->pool, ++ (tmem_pamops->free)(old_pampd, obj->pool, + NULL, 0, false); + ret = new_pampd; + } +@@ -505,7 +505,7 @@ static void tmem_objnode_node_destroy(struct tmem_obj *obj, + if (objnode->slots[i]) { + if (ht == 1) { + obj->pampd_count--; +- (*tmem_pamops.free)(objnode->slots[i], ++ (tmem_pamops->free)(objnode->slots[i], + obj->pool, NULL, 0, true); + objnode->slots[i] = NULL; + continue; +@@ -524,7 +524,7 @@ static void tmem_pampd_destroy_all_in_obj(struct tmem_obj *obj, + return; + if (obj->objnode_tree_height == 0) { + obj->pampd_count--; +- (*tmem_pamops.free)(obj->objnode_tree_root, ++ (tmem_pamops->free)(obj->objnode_tree_root, + obj->pool, NULL, 0, true); + } else { + tmem_objnode_node_destroy(obj, obj->objnode_tree_root, +@@ -535,7 +535,7 @@ static void tmem_pampd_destroy_all_in_obj(struct tmem_obj *obj, + obj->objnode_tree_root = NULL; + #ifdef CONFIG_RAMSTER + if (tmem_pamops.free_obj != NULL) +- (*tmem_pamops.free_obj)(obj->pool, obj, pool_destroy); ++ (tmem_pamops->free_obj)(obj->pool, obj, pool_destroy); + #endif + } + +@@ -574,7 +574,7 @@ int tmem_put(struct tmem_pool *pool, struct tmem_oid *oidp, uint32_t index, + /* if found, is a dup put, flush the old one */ + pampd_del = tmem_pampd_delete_from_obj(obj, index); + BUG_ON(pampd_del != pampd); +- (*tmem_pamops.free)(pampd, pool, oidp, index, true); ++ (tmem_pamops->free)(pampd, pool, oidp, index, true); + if (obj->pampd_count == 0) { + objnew = obj; + objfound = NULL; +@@ -582,7 +582,7 @@ int tmem_put(struct tmem_pool *pool, struct tmem_oid *oidp, uint32_t index, + pampd = NULL; + } + } else { +- obj = objnew = (*tmem_hostops.obj_alloc)(pool); ++ obj = objnew = (tmem_hostops->obj_alloc)(pool); + if (unlikely(obj == NULL)) { + ret = -ENOMEM; + goto out; +@@ -597,16 +597,16 @@ int tmem_put(struct tmem_pool *pool, struct tmem_oid *oidp, uint32_t index, + if (unlikely(ret == -ENOMEM)) + /* may have partially built objnode tree ("stump") */ + goto delete_and_free; +- (*tmem_pamops.create_finish)(pampd, is_ephemeral(pool)); ++ (tmem_pamops->create_finish)(pampd, is_ephemeral(pool)); + goto out; + + delete_and_free: + (void)tmem_pampd_delete_from_obj(obj, index); + if (pampd) +- (*tmem_pamops.free)(pampd, pool, NULL, 0, true); ++ (tmem_pamops->free)(pampd, pool, NULL, 0, true); + if (objnew) { + tmem_obj_free(objnew, hb); +- (*tmem_hostops.obj_free)(objnew, pool); ++ (tmem_hostops->obj_free)(objnew, pool); + } + out: + spin_unlock(&hb->lock); +@@ -651,7 +651,7 @@ void tmem_localify_finish(struct tmem_obj *obj, uint32_t index, + if (pampd != NULL) { + BUG_ON(obj == NULL); + (void)tmem_pampd_replace_in_obj(obj, index, pampd, 1); +- (*tmem_pamops.create_finish)(pampd, is_ephemeral(obj->pool)); ++ (tmem_pamops->create_finish)(pampd, is_ephemeral(obj->pool)); + } else if (delete) { + BUG_ON(obj == NULL); + (void)tmem_pampd_delete_from_obj(obj, index); +@@ -671,7 +671,7 @@ static int tmem_repatriate(void **ppampd, struct tmem_hashbucket *hb, + int ret = 0; + + if (!is_ephemeral(pool)) +- new_pampd = (*tmem_pamops.repatriate_preload)( ++ new_pampd = (tmem_pamops->repatriate_preload)( + old_pampd, pool, oidp, index, &intransit); + if (intransit) + ret = -EAGAIN; +@@ -680,7 +680,7 @@ static int tmem_repatriate(void **ppampd, struct tmem_hashbucket *hb, + /* must release the hb->lock else repatriate can't sleep */ + spin_unlock(&hb->lock); + if (!intransit) +- ret = (*tmem_pamops.repatriate)(old_pampd, new_pampd, pool, ++ ret = (tmem_pamops->repatriate)(old_pampd, new_pampd, pool, + oidp, index, free, data); + if (ret == -EAGAIN) { + /* rare I think, but should cond_resched()??? */ +@@ -714,7 +714,7 @@ int tmem_replace(struct tmem_pool *pool, struct tmem_oid *oidp, + new_pampd = tmem_pampd_replace_in_obj(obj, index, new_pampd, 0); + /* if we bug here, pamops wasn't properly set up for ramster */ + BUG_ON(tmem_pamops.replace_in_obj == NULL); +- ret = (*tmem_pamops.replace_in_obj)(new_pampd, obj); ++ ret = (tmem_pamops->replace_in_obj)(new_pampd, obj); + out: + spin_unlock(&hb->lock); + return ret; +@@ -776,15 +776,15 @@ int tmem_get(struct tmem_pool *pool, struct tmem_oid *oidp, uint32_t index, + if (free) { + if (obj->pampd_count == 0) { + tmem_obj_free(obj, hb); +- (*tmem_hostops.obj_free)(obj, pool); ++ (tmem_hostops->obj_free)(obj, pool); + obj = NULL; + } + } + if (free) +- ret = (*tmem_pamops.get_data_and_free)( ++ ret = (tmem_pamops->get_data_and_free)( + data, sizep, raw, pampd, pool, oidp, index); + else +- ret = (*tmem_pamops.get_data)( ++ ret = (tmem_pamops->get_data)( + data, sizep, raw, pampd, pool, oidp, index); + if (ret < 0) + goto out; +@@ -816,10 +816,10 @@ int tmem_flush_page(struct tmem_pool *pool, + pampd = tmem_pampd_delete_from_obj(obj, index); + if (pampd == NULL) + goto out; +- (*tmem_pamops.free)(pampd, pool, oidp, index, true); ++ (tmem_pamops->free)(pampd, pool, oidp, index, true); + if (obj->pampd_count == 0) { + tmem_obj_free(obj, hb); +- (*tmem_hostops.obj_free)(obj, pool); ++ (tmem_hostops->obj_free)(obj, pool); + } + ret = 0; + +@@ -844,7 +844,7 @@ int tmem_flush_object(struct tmem_pool *pool, struct tmem_oid *oidp) + goto out; + tmem_pampd_destroy_all_in_obj(obj, false); + tmem_obj_free(obj, hb); +- (*tmem_hostops.obj_free)(obj, pool); ++ (tmem_hostops->obj_free)(obj, pool); + ret = 0; + + out: diff --git a/drivers/staging/rtl8712/rtl871x_io.h b/drivers/staging/rtl8712/rtl871x_io.h index dc23395..cf7e9b1 100644 --- a/drivers/staging/rtl8712/rtl871x_io.h @@ -38193,10 +42008,10 @@ index dc23395..cf7e9b1 100644 struct io_req { struct list_head list; diff --git a/drivers/staging/sbe-2t3e3/netdev.c b/drivers/staging/sbe-2t3e3/netdev.c -index c7b5e8b..783d6cb 100644 +index 1f5088b..0e59820 100644 --- a/drivers/staging/sbe-2t3e3/netdev.c +++ b/drivers/staging/sbe-2t3e3/netdev.c -@@ -51,7 +51,7 @@ int t3e3_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) +@@ -51,7 +51,7 @@ static int t3e3_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) t3e3_if_config(sc, cmd_2t3e3, (char *)¶m, &resp, &rlen); if (rlen) @@ -38205,21 +42020,8 @@ index c7b5e8b..783d6cb 100644 return -EFAULT; return 0; -diff --git a/drivers/staging/usbip/usbip_common.h b/drivers/staging/usbip/usbip_common.h -index 5d89c0f..9261317 100644 ---- a/drivers/staging/usbip/usbip_common.h -+++ b/drivers/staging/usbip/usbip_common.h -@@ -289,7 +289,7 @@ struct usbip_device { - void (*shutdown)(struct usbip_device *); - void (*reset)(struct usbip_device *); - void (*unusable)(struct usbip_device *); -- } eh_ops; -+ } __no_const eh_ops; - }; - - #define kthread_get_run(threadfn, data, namefmt, ...) \ diff --git a/drivers/staging/usbip/vhci.h b/drivers/staging/usbip/vhci.h -index c66b8b3..a4a035b 100644 +index 5dddc4d..34fcb2f 100644 --- a/drivers/staging/usbip/vhci.h +++ b/drivers/staging/usbip/vhci.h @@ -83,7 +83,7 @@ struct vhci_hcd { @@ -38232,10 +42034,10 @@ index c66b8b3..a4a035b 100644 /* * NOTE: diff --git a/drivers/staging/usbip/vhci_hcd.c b/drivers/staging/usbip/vhci_hcd.c -index 12a9a5f..afd8295 100644 +index c3aa219..bf8b3de 100644 --- a/drivers/staging/usbip/vhci_hcd.c +++ b/drivers/staging/usbip/vhci_hcd.c -@@ -471,7 +471,7 @@ static void vhci_tx_urb(struct urb *urb) +@@ -451,7 +451,7 @@ static void vhci_tx_urb(struct urb *urb) return; } @@ -38244,7 +42046,7 @@ index 12a9a5f..afd8295 100644 if (priv->seqnum == 0xffff) dev_info(&urb->dev->dev, "seqnum max\n"); -@@ -723,7 +723,7 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) +@@ -703,7 +703,7 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) return -ENOMEM; } @@ -38253,7 +42055,7 @@ index 12a9a5f..afd8295 100644 if (unlink->seqnum == 0xffff) pr_info("seqnum max\n"); -@@ -911,7 +911,7 @@ static int vhci_start(struct usb_hcd *hcd) +@@ -907,7 +907,7 @@ static int vhci_start(struct usb_hcd *hcd) vdev->rhport = rhport; } @@ -38263,7 +42065,7 @@ index 12a9a5f..afd8295 100644 hcd->power_budget = 0; /* no limit */ diff --git a/drivers/staging/usbip/vhci_rx.c b/drivers/staging/usbip/vhci_rx.c -index f0eaf04..5a82e06 100644 +index ba5f1c0..11d8122 100644 --- a/drivers/staging/usbip/vhci_rx.c +++ b/drivers/staging/usbip/vhci_rx.c @@ -77,7 +77,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, @@ -38276,7 +42078,7 @@ index f0eaf04..5a82e06 100644 return; } diff --git a/drivers/staging/vt6655/hostap.c b/drivers/staging/vt6655/hostap.c -index 6ac6f45..1b208ba 100644 +index 5f13890..36a044b 100644 --- a/drivers/staging/vt6655/hostap.c +++ b/drivers/staging/vt6655/hostap.c @@ -73,14 +73,13 @@ static int msglevel =MSG_LEVEL_INFO; @@ -38306,7 +42108,7 @@ index 6ac6f45..1b208ba 100644 pDevice->apdev->type = ARPHRD_IEEE80211; diff --git a/drivers/staging/vt6656/hostap.c b/drivers/staging/vt6656/hostap.c -index 682002a..35ed5cf 100644 +index 26a7d0e..897b083 100644 --- a/drivers/staging/vt6656/hostap.c +++ b/drivers/staging/vt6656/hostap.c @@ -60,14 +60,13 @@ static int msglevel =MSG_LEVEL_INFO; @@ -38335,21 +42137,8 @@ index 682002a..35ed5cf 100644 pDevice->apdev->netdev_ops = &apdev_netdev_ops; pDevice->apdev->type = ARPHRD_IEEE80211; -diff --git a/drivers/staging/wlan-ng/hfa384x_usb.c b/drivers/staging/wlan-ng/hfa384x_usb.c -index 7843dfd..3db105f 100644 ---- a/drivers/staging/wlan-ng/hfa384x_usb.c -+++ b/drivers/staging/wlan-ng/hfa384x_usb.c -@@ -204,7 +204,7 @@ static void unlocked_usbctlx_complete(hfa384x_t *hw, hfa384x_usbctlx_t *ctlx); - - struct usbctlx_completor { - int (*complete) (struct usbctlx_completor *); --}; -+} __no_const; - - static int - hfa384x_usbctlx_complete_sync(hfa384x_t *hw, diff --git a/drivers/staging/zcache/tmem.c b/drivers/staging/zcache/tmem.c -index eaa9021..43f023b 100644 +index 56c8e60..1920c63 100644 --- a/drivers/staging/zcache/tmem.c +++ b/drivers/staging/zcache/tmem.c @@ -39,7 +39,7 @@ @@ -38390,30 +42179,34 @@ index 0d4aa82..f7832d4 100644 extern void tmem_register_hostops(struct tmem_hostops *m); /* core tmem accessor functions */ -diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index 65e6320..80a3f3a 100644 ---- a/drivers/target/target_core_transport.c -+++ b/drivers/target/target_core_transport.c -@@ -1099,7 +1099,7 @@ struct se_device *transport_add_device_to_core_hba( +diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c +index 96f4981..4daaa7e 100644 +--- a/drivers/target/target_core_device.c ++++ b/drivers/target/target_core_device.c +@@ -1370,7 +1370,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) spin_lock_init(&dev->se_port_lock); spin_lock_init(&dev->se_tmr_lock); spin_lock_init(&dev->qf_cmd_lock); - atomic_set(&dev->dev_ordered_id, 0); + atomic_set_unchecked(&dev->dev_ordered_id, 0); - - se_dev_set_default_attribs(dev, dev_limits); - -@@ -1289,7 +1289,7 @@ static int transport_check_alloc_task_attr(struct se_cmd *cmd) + INIT_LIST_HEAD(&dev->t10_wwn.t10_vpd_list); + spin_lock_init(&dev->t10_wwn.t10_vpd_lock); + INIT_LIST_HEAD(&dev->t10_pr.registration_list); +diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c +index bd587b7..173daf3 100644 +--- a/drivers/target/target_core_transport.c ++++ b/drivers/target/target_core_transport.c +@@ -1077,7 +1077,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) * Used to determine when ORDERED commands should go from * Dormant to Active status. */ -- cmd->se_ordered_id = atomic_inc_return(&cmd->se_dev->dev_ordered_id); -+ cmd->se_ordered_id = atomic_inc_return_unchecked(&cmd->se_dev->dev_ordered_id); +- cmd->se_ordered_id = atomic_inc_return(&dev->dev_ordered_id); ++ cmd->se_ordered_id = atomic_inc_return_unchecked(&dev->dev_ordered_id); smp_mb__after_atomic_inc(); pr_debug("Allocated se_ordered_id: %u for Task Attr: 0x%02x on %s\n", cmd->se_ordered_id, cmd->sam_task_attr, diff --git a/drivers/tty/cyclades.c b/drivers/tty/cyclades.c -index e61cabd..7617d26 100644 +index b09c8d1f..c4225c0 100644 --- a/drivers/tty/cyclades.c +++ b/drivers/tty/cyclades.c @@ -1589,10 +1589,10 @@ static int cy_open(struct tty_struct *tty, struct file *filp) @@ -38429,7 +42222,7 @@ index e61cabd..7617d26 100644 #endif /* -@@ -3987,7 +3987,7 @@ static int cyclades_proc_show(struct seq_file *m, void *v) +@@ -3991,7 +3991,7 @@ static int cyclades_proc_show(struct seq_file *m, void *v) for (j = 0; j < cy_card[i].nports; j++) { info = &cy_card[i].ports[j]; @@ -38439,10 +42232,10 @@ index e61cabd..7617d26 100644 struct tty_struct *tty; struct tty_ldisc *ld; diff --git a/drivers/tty/hvc/hvc_console.c b/drivers/tty/hvc/hvc_console.c -index 2d691eb..be02ebd 100644 +index 13ee53b..418d164 100644 --- a/drivers/tty/hvc/hvc_console.c +++ b/drivers/tty/hvc/hvc_console.c -@@ -315,7 +315,7 @@ static int hvc_open(struct tty_struct *tty, struct file * filp) +@@ -338,7 +338,7 @@ static int hvc_open(struct tty_struct *tty, struct file * filp) spin_lock_irqsave(&hp->port.lock, flags); /* Check and then increment for fast path open. */ @@ -38451,7 +42244,7 @@ index 2d691eb..be02ebd 100644 spin_unlock_irqrestore(&hp->port.lock, flags); hvc_kick(); return 0; -@@ -366,7 +366,7 @@ static void hvc_close(struct tty_struct *tty, struct file * filp) +@@ -388,7 +388,7 @@ static void hvc_close(struct tty_struct *tty, struct file * filp) spin_lock_irqsave(&hp->port.lock, flags); @@ -38460,7 +42253,7 @@ index 2d691eb..be02ebd 100644 spin_unlock_irqrestore(&hp->port.lock, flags); /* We are done with the tty pointer now. */ tty_port_tty_set(&hp->port, NULL); -@@ -384,9 +384,9 @@ static void hvc_close(struct tty_struct *tty, struct file * filp) +@@ -406,9 +406,9 @@ static void hvc_close(struct tty_struct *tty, struct file * filp) */ tty_wait_until_sent_from_close(tty, HVC_CLOSE_WAIT); } else { @@ -38471,8 +42264,8 @@ index 2d691eb..be02ebd 100644 + hp->vtermno, atomic_read(&hp->port.count)); spin_unlock_irqrestore(&hp->port.lock, flags); } - -@@ -412,13 +412,13 @@ static void hvc_hangup(struct tty_struct *tty) + } +@@ -438,12 +438,12 @@ static void hvc_hangup(struct tty_struct *tty) * open->hangup case this can be called after the final close so prevent * that from happening for now. */ @@ -38482,14 +42275,12 @@ index 2d691eb..be02ebd 100644 return; } -- temp_open_count = hp->port.count; - hp->port.count = 0; -+ temp_open_count = atomic_read(&hp->port.count); + atomic_set(&hp->port.count, 0); spin_unlock_irqrestore(&hp->port.lock, flags); tty_port_tty_set(&hp->port, NULL); -@@ -471,7 +471,7 @@ static int hvc_write(struct tty_struct *tty, const unsigned char *buf, int count +@@ -491,7 +491,7 @@ static int hvc_write(struct tty_struct *tty, const unsigned char *buf, int count return -EPIPE; /* FIXME what's this (unprotected) check for? */ @@ -38499,7 +42290,7 @@ index 2d691eb..be02ebd 100644 spin_lock_irqsave(&hp->lock, flags); diff --git a/drivers/tty/hvc/hvcs.c b/drivers/tty/hvc/hvcs.c -index d56788c..12d8f85 100644 +index 8776357..b2d4afd 100644 --- a/drivers/tty/hvc/hvcs.c +++ b/drivers/tty/hvc/hvcs.c @@ -83,6 +83,7 @@ @@ -38519,25 +42310,25 @@ index d56788c..12d8f85 100644 spin_unlock_irqrestore(&hvcsd->lock, flags); printk(KERN_INFO "HVCS: vterm state unchanged. " "The hvcs device node is still in use.\n"); -@@ -1134,7 +1135,7 @@ static int hvcs_open(struct tty_struct *tty, struct file *filp) - if ((retval = hvcs_partner_connect(hvcsd))) - goto error_release; +@@ -1132,7 +1133,7 @@ static int hvcs_install(struct tty_driver *driver, struct tty_struct *tty) + } + } -- hvcsd->port.count = 1; -+ atomic_set(&hvcsd->port.count, 1); +- hvcsd->port.count = 0; ++ atomic_set(&hvcsd->port.count, 0); hvcsd->port.tty = tty; tty->driver_data = hvcsd; -@@ -1168,7 +1169,7 @@ fast_open: +@@ -1185,7 +1186,7 @@ static int hvcs_open(struct tty_struct *tty, struct file *filp) + unsigned long flags; spin_lock_irqsave(&hvcsd->lock, flags); - tty_port_get(&hvcsd->port); - hvcsd->port.count++; + atomic_inc(&hvcsd->port.count); hvcsd->todo_mask |= HVCS_SCHED_READ; spin_unlock_irqrestore(&hvcsd->lock, flags); -@@ -1212,7 +1213,7 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp) +@@ -1221,7 +1222,7 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp) hvcsd = tty->driver_data; spin_lock_irqsave(&hvcsd->lock, flags); @@ -38546,9 +42337,9 @@ index d56788c..12d8f85 100644 vio_disable_interrupts(hvcsd->vdev); -@@ -1238,10 +1239,10 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp) +@@ -1246,10 +1247,10 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp) + free_irq(irq, hvcsd); - tty_port_put(&hvcsd->port); return; - } else if (hvcsd->port.count < 0) { + } else if (atomic_read(&hvcsd->port.count) < 0) { @@ -38559,7 +42350,7 @@ index d56788c..12d8f85 100644 } spin_unlock_irqrestore(&hvcsd->lock, flags); -@@ -1257,7 +1258,7 @@ static void hvcs_hangup(struct tty_struct * tty) +@@ -1271,7 +1272,7 @@ static void hvcs_hangup(struct tty_struct * tty) spin_lock_irqsave(&hvcsd->lock, flags); /* Preserve this so that we know how many kref refs to put */ @@ -38568,7 +42359,7 @@ index d56788c..12d8f85 100644 /* * Don't kref put inside the spinlock because the destruction -@@ -1272,7 +1273,7 @@ static void hvcs_hangup(struct tty_struct * tty) +@@ -1286,7 +1287,7 @@ static void hvcs_hangup(struct tty_struct * tty) tty->driver_data = NULL; hvcsd->port.tty = NULL; @@ -38577,7 +42368,7 @@ index d56788c..12d8f85 100644 /* This will drop any buffered data on the floor which is OK in a hangup * scenario. */ -@@ -1343,7 +1344,7 @@ static int hvcs_write(struct tty_struct *tty, +@@ -1357,7 +1358,7 @@ static int hvcs_write(struct tty_struct *tty, * the middle of a write operation? This is a crummy place to do this * but we want to keep it all in the spinlock. */ @@ -38586,7 +42377,7 @@ index d56788c..12d8f85 100644 spin_unlock_irqrestore(&hvcsd->lock, flags); return -ENODEV; } -@@ -1417,7 +1418,7 @@ static int hvcs_write_room(struct tty_struct *tty) +@@ -1431,7 +1432,7 @@ static int hvcs_write_room(struct tty_struct *tty) { struct hvcs_struct *hvcsd = tty->driver_data; @@ -38596,7 +42387,7 @@ index d56788c..12d8f85 100644 return HVCS_BUFF_LEN - hvcsd->chars_in_buffer; diff --git a/drivers/tty/ipwireless/tty.c b/drivers/tty/ipwireless/tty.c -index f8b5fa0..4ba9f89 100644 +index 2cde13d..645d78f 100644 --- a/drivers/tty/ipwireless/tty.c +++ b/drivers/tty/ipwireless/tty.c @@ -29,6 +29,7 @@ @@ -38713,10 +42504,10 @@ index f8b5fa0..4ba9f89 100644 ipwireless_disassociate_network_ttys(network, ttyj->channel_idx); diff --git a/drivers/tty/moxa.c b/drivers/tty/moxa.c -index 324467d..504cc25 100644 +index f9d2850..b006f04 100644 --- a/drivers/tty/moxa.c +++ b/drivers/tty/moxa.c -@@ -1172,7 +1172,7 @@ static int moxa_open(struct tty_struct *tty, struct file *filp) +@@ -1193,7 +1193,7 @@ static int moxa_open(struct tty_struct *tty, struct file *filp) } ch = &brd->ports[port % MAX_PORTS_PER_BOARD]; @@ -38726,11 +42517,11 @@ index 324467d..504cc25 100644 tty_port_tty_set(&ch->port, tty); mutex_lock(&ch->port.mutex); diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c -index 4a418e4..8968f84 100644 +index bfd6771..e0d93c4 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c -@@ -1639,7 +1639,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) - kref_init(&dlci->ref); +@@ -1636,7 +1636,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) + spin_lock_init(&dlci->lock); mutex_init(&dlci->mutex); dlci->fifo = &dlci->_fifo; - if (kfifo_alloc(&dlci->_fifo, 4096, GFP_KERNEL) < 0) { @@ -38738,20 +42529,20 @@ index 4a418e4..8968f84 100644 kfree(dlci); return NULL; } -@@ -2921,7 +2921,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp) - if (dlci == NULL) - return -ENOMEM; - port = &dlci->port; +@@ -2936,7 +2936,7 @@ static int gsmtty_open(struct tty_struct *tty, struct file *filp) + struct gsm_dlci *dlci = tty->driver_data; + struct tty_port *port = &dlci->port; + - port->count++; + atomic_inc(&port->count); - tty->driver_data = dlci; dlci_get(dlci); dlci_get(dlci->gsm->dlci[0]); + mux_get(dlci->gsm); diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index 26f0d0e..b7c4273 100644 +index 19083ef..6e34e97 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c -@@ -2124,6 +2124,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) +@@ -2196,6 +2196,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) { *ops = tty_ldisc_N_TTY; ops->owner = NULL; @@ -38761,10 +42552,10 @@ index 26f0d0e..b7c4273 100644 } EXPORT_SYMBOL_GPL(n_tty_inherit_ops); diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index 5505ffc..7affff9 100644 +index 79ff3a5..1fe9399 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c -@@ -718,8 +718,10 @@ static void __init unix98_pty_init(void) +@@ -791,8 +791,10 @@ static void __init unix98_pty_init(void) panic("Couldn't register Unix98 pts driver"); /* Now create the /dev/ptmx special device */ @@ -38777,10 +42568,10 @@ index 5505ffc..7affff9 100644 cdev_init(&ptmx_cdev, &ptmx_fops); if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) || diff --git a/drivers/tty/rocket.c b/drivers/tty/rocket.c -index 777d5f9..56d67ca 100644 +index e42009a..566a036 100644 --- a/drivers/tty/rocket.c +++ b/drivers/tty/rocket.c -@@ -924,7 +924,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp) +@@ -925,7 +925,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp) tty->driver_data = info; tty_port_tty_set(port, tty); @@ -38789,7 +42580,7 @@ index 777d5f9..56d67ca 100644 atomic_inc(&rp_num_ports_open); #ifdef ROCKET_DEBUG_OPEN -@@ -933,7 +933,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp) +@@ -934,7 +934,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp) #endif } #ifdef ROCKET_DEBUG_OPEN @@ -38798,7 +42589,7 @@ index 777d5f9..56d67ca 100644 #endif /* -@@ -1528,7 +1528,7 @@ static void rp_hangup(struct tty_struct *tty) +@@ -1529,7 +1529,7 @@ static void rp_hangup(struct tty_struct *tty) spin_unlock_irqrestore(&info->port.lock, flags); return; } @@ -38808,7 +42599,7 @@ index 777d5f9..56d67ca 100644 clear_bit((info->aiop * 8) + info->chan, (void *) &xmit_flags[info->board]); spin_unlock_irqrestore(&info->port.lock, flags); diff --git a/drivers/tty/serial/kgdboc.c b/drivers/tty/serial/kgdboc.c -index 2b42a01..32a2ed3 100644 +index 1002054..dd644a8 100644 --- a/drivers/tty/serial/kgdboc.c +++ b/drivers/tty/serial/kgdboc.c @@ -24,8 +24,9 @@ @@ -38822,7 +42613,7 @@ index 2b42a01..32a2ed3 100644 static int configured = -1; static char config[MAX_CONFIG_LEN]; -@@ -148,6 +149,8 @@ static void cleanup_kgdboc(void) +@@ -151,6 +152,8 @@ static void cleanup_kgdboc(void) kgdboc_unregister_kbd(); if (configured == 1) kgdb_unregister_io_module(&kgdboc_io_ops); @@ -38831,7 +42622,7 @@ index 2b42a01..32a2ed3 100644 } static int configure_kgdboc(void) -@@ -157,13 +160,13 @@ static int configure_kgdboc(void) +@@ -160,13 +163,13 @@ static int configure_kgdboc(void) int err; char *cptr = config; struct console *cons; @@ -38846,7 +42637,7 @@ index 2b42a01..32a2ed3 100644 kgdb_tty_driver = NULL; kgdboc_use_kms = 0; -@@ -184,7 +187,7 @@ static int configure_kgdboc(void) +@@ -187,7 +190,7 @@ static int configure_kgdboc(void) int idx; if (cons->device && cons->device(cons, &idx) == p && idx == tty_line) { @@ -38855,7 +42646,7 @@ index 2b42a01..32a2ed3 100644 break; } cons = cons->next; -@@ -194,12 +197,16 @@ static int configure_kgdboc(void) +@@ -197,7 +200,13 @@ static int configure_kgdboc(void) kgdb_tty_line = tty_line; do_register: @@ -38870,12 +42661,16 @@ index 2b42a01..32a2ed3 100644 if (err) goto noconfig; +@@ -205,8 +214,6 @@ do_register: + if (err) + goto nmi_con_failed; + - configured = 1; - return 0; - noconfig: -@@ -213,7 +220,7 @@ noconfig: + nmi_con_failed: +@@ -223,7 +230,7 @@ noconfig: static int __init init_kgdboc(void) { /* Already configured? */ @@ -38884,7 +42679,7 @@ index 2b42a01..32a2ed3 100644 return 0; return configure_kgdboc(); -@@ -262,7 +269,7 @@ static int param_set_kgdboc_var(const char *kmessage, struct kernel_param *kp) +@@ -272,7 +279,7 @@ static int param_set_kgdboc_var(const char *kmessage, struct kernel_param *kp) if (config[len - 1] == '\n') config[len - 1] = '\0'; @@ -38893,7 +42688,7 @@ index 2b42a01..32a2ed3 100644 cleanup_kgdboc(); /* Go and configure with the new params. */ -@@ -302,6 +309,15 @@ static struct kgdb_io kgdboc_io_ops = { +@@ -312,6 +319,15 @@ static struct kgdb_io kgdboc_io_ops = { .post_exception = kgdboc_post_exp_handler, }; @@ -38909,11 +42704,43 @@ index 2b42a01..32a2ed3 100644 #ifdef CONFIG_KGDB_SERIAL_CONSOLE /* This is only available if kgdboc is a built in for early debugging */ static int __init kgdboc_early_init(char *opt) +diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c +index e514b3a..c73d614 100644 +--- a/drivers/tty/serial/samsung.c ++++ b/drivers/tty/serial/samsung.c +@@ -453,11 +453,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port) + } + } + ++static int s3c64xx_serial_startup(struct uart_port *port); + static int s3c24xx_serial_startup(struct uart_port *port) + { + struct s3c24xx_uart_port *ourport = to_ourport(port); + int ret; + ++ /* Startup sequence is different for s3c64xx and higher SoC's */ ++ if (s3c24xx_serial_has_interrupt_mask(port)) ++ return s3c64xx_serial_startup(port); ++ + dbg("s3c24xx_serial_startup: port=%p (%08lx,%p)\n", + port->mapbase, port->membase); + +@@ -1122,10 +1127,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport, + /* setup info for port */ + port->dev = &platdev->dev; + +- /* Startup sequence is different for s3c64xx and higher SoC's */ +- if (s3c24xx_serial_has_interrupt_mask(port)) +- s3c24xx_serial_ops.startup = s3c64xx_serial_startup; +- + port->uartclk = 1; + + if (cfg->uart_flags & UPF_CONS_FLOW) { diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c -index a21dc8e..fe43e9e 100644 +index 2c7230a..2104f16 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c -@@ -1392,7 +1392,7 @@ static void uart_hangup(struct tty_struct *tty) +@@ -1455,7 +1455,7 @@ static void uart_hangup(struct tty_struct *tty) uart_flush_buffer(tty); uart_shutdown(tty, state); spin_lock_irqsave(&port->lock, flags); @@ -38922,7 +42749,7 @@ index a21dc8e..fe43e9e 100644 clear_bit(ASYNCB_NORMAL_ACTIVE, &port->flags); spin_unlock_irqrestore(&port->lock, flags); tty_port_tty_set(port, NULL); -@@ -1488,7 +1488,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1551,7 +1551,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) goto end; } @@ -38931,7 +42758,7 @@ index a21dc8e..fe43e9e 100644 if (!state->uart_port || state->uart_port->flags & UPF_DEAD) { retval = -ENXIO; goto err_dec_count; -@@ -1515,7 +1515,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1578,7 +1578,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) /* * Make sure the device is in D0 state. */ @@ -38940,7 +42767,7 @@ index a21dc8e..fe43e9e 100644 uart_change_pm(state, 0); /* -@@ -1533,7 +1533,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1596,7 +1596,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) end: return retval; err_dec_count: @@ -38950,7 +42777,7 @@ index a21dc8e..fe43e9e 100644 goto end; } diff --git a/drivers/tty/synclink.c b/drivers/tty/synclink.c -index 593d40a..bdc61f3 100644 +index 9e071f6..f30ae69 100644 --- a/drivers/tty/synclink.c +++ b/drivers/tty/synclink.c @@ -3095,7 +3095,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp) @@ -39004,7 +42831,7 @@ index 593d40a..bdc61f3 100644 - __FILE__,__LINE__, tty->driver->name, port->count ); + __FILE__,__LINE__, tty->driver->name, atomic_read(&port->count)); - tty_unlock(); + tty_unlock(tty); schedule(); @@ -3348,12 +3348,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, @@ -39021,7 +42848,7 @@ index 593d40a..bdc61f3 100644 if (!retval) port->flags |= ASYNC_NORMAL_ACTIVE; -@@ -3398,7 +3398,7 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp) +@@ -3405,7 +3405,7 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgsl_open(%s), old ref count = %d\n", @@ -39030,7 +42857,7 @@ index 593d40a..bdc61f3 100644 /* If port is closing, signal caller to try again */ if (tty_hung_up_p(filp) || info->port.flags & ASYNC_CLOSING){ -@@ -3417,10 +3417,10 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp) +@@ -3424,10 +3424,10 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp) spin_unlock_irqrestore(&info->netlock, flags); goto cleanup; } @@ -39043,7 +42870,7 @@ index 593d40a..bdc61f3 100644 /* 1st open on this device, init hardware */ retval = startup(info); if (retval < 0) -@@ -3444,8 +3444,8 @@ cleanup: +@@ -3451,8 +3451,8 @@ cleanup: if (retval) { if (tty->count == 1) info->port.tty = NULL; /* tty layer will release tty struct */ @@ -39054,7 +42881,7 @@ index 593d40a..bdc61f3 100644 } return retval; -@@ -7653,7 +7653,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, +@@ -7662,7 +7662,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, unsigned short new_crctype; /* return error if TTY interface open */ @@ -39063,7 +42890,7 @@ index 593d40a..bdc61f3 100644 return -EBUSY; switch (encoding) -@@ -7748,7 +7748,7 @@ static int hdlcdev_open(struct net_device *dev) +@@ -7757,7 +7757,7 @@ static int hdlcdev_open(struct net_device *dev) /* arbitrate between network and tty opens */ spin_lock_irqsave(&info->netlock, flags); @@ -39072,7 +42899,7 @@ index 593d40a..bdc61f3 100644 printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name); spin_unlock_irqrestore(&info->netlock, flags); return -EBUSY; -@@ -7834,7 +7834,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) +@@ -7843,7 +7843,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name); /* return error if TTY interface open */ @@ -39082,7 +42909,7 @@ index 593d40a..bdc61f3 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/tty/synclink_gt.c b/drivers/tty/synclink_gt.c -index aa1debf..9297a16 100644 +index aba1e59..877ac33 100644 --- a/drivers/tty/synclink_gt.c +++ b/drivers/tty/synclink_gt.c @@ -671,7 +671,7 @@ static int open(struct tty_struct *tty, struct file *filp) @@ -39200,10 +43027,10 @@ index aa1debf..9297a16 100644 if (!retval) diff --git a/drivers/tty/synclinkmp.c b/drivers/tty/synclinkmp.c -index a3dddc1..8905ab2 100644 +index fd43fb6..34704ad 100644 --- a/drivers/tty/synclinkmp.c +++ b/drivers/tty/synclinkmp.c -@@ -742,7 +742,7 @@ static int open(struct tty_struct *tty, struct file *filp) +@@ -751,7 +751,7 @@ static int open(struct tty_struct *tty, struct file *filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):%s open(), old ref count = %d\n", @@ -39212,7 +43039,7 @@ index a3dddc1..8905ab2 100644 /* If port is closing, signal caller to try again */ if (tty_hung_up_p(filp) || info->port.flags & ASYNC_CLOSING){ -@@ -761,10 +761,10 @@ static int open(struct tty_struct *tty, struct file *filp) +@@ -770,10 +770,10 @@ static int open(struct tty_struct *tty, struct file *filp) spin_unlock_irqrestore(&info->netlock, flags); goto cleanup; } @@ -39225,7 +43052,7 @@ index a3dddc1..8905ab2 100644 /* 1st open on this device, init hardware */ retval = startup(info); if (retval < 0) -@@ -788,8 +788,8 @@ cleanup: +@@ -797,8 +797,8 @@ cleanup: if (retval) { if (tty->count == 1) info->port.tty = NULL; /* tty layer will release tty struct */ @@ -39236,7 +43063,7 @@ index a3dddc1..8905ab2 100644 } return retval; -@@ -807,7 +807,7 @@ static void close(struct tty_struct *tty, struct file *filp) +@@ -816,7 +816,7 @@ static void close(struct tty_struct *tty, struct file *filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):%s close() entry, count=%d\n", @@ -39245,7 +43072,7 @@ index a3dddc1..8905ab2 100644 if (tty_port_close_start(&info->port, tty, filp) == 0) goto cleanup; -@@ -826,7 +826,7 @@ static void close(struct tty_struct *tty, struct file *filp) +@@ -835,7 +835,7 @@ static void close(struct tty_struct *tty, struct file *filp) cleanup: if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):%s close() exit, count=%d\n", __FILE__,__LINE__, @@ -39254,7 +43081,7 @@ index a3dddc1..8905ab2 100644 } /* Called by tty_hangup() when a hangup is signaled. -@@ -849,7 +849,7 @@ static void hangup(struct tty_struct *tty) +@@ -858,7 +858,7 @@ static void hangup(struct tty_struct *tty) shutdown(info); spin_lock_irqsave(&info->port.lock, flags); @@ -39263,7 +43090,7 @@ index a3dddc1..8905ab2 100644 info->port.flags &= ~ASYNC_NORMAL_ACTIVE; info->port.tty = NULL; spin_unlock_irqrestore(&info->port.lock, flags); -@@ -1557,7 +1557,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, +@@ -1566,7 +1566,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, unsigned short new_crctype; /* return error if TTY interface open */ @@ -39272,7 +43099,7 @@ index a3dddc1..8905ab2 100644 return -EBUSY; switch (encoding) -@@ -1652,7 +1652,7 @@ static int hdlcdev_open(struct net_device *dev) +@@ -1661,7 +1661,7 @@ static int hdlcdev_open(struct net_device *dev) /* arbitrate between network and tty opens */ spin_lock_irqsave(&info->netlock, flags); @@ -39281,7 +43108,7 @@ index a3dddc1..8905ab2 100644 printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name); spin_unlock_irqrestore(&info->netlock, flags); return -EBUSY; -@@ -1738,7 +1738,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) +@@ -1747,7 +1747,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name); /* return error if TTY interface open */ @@ -39290,7 +43117,7 @@ index a3dddc1..8905ab2 100644 return -EBUSY; if (cmd != SIOCWANDEV) -@@ -2623,7 +2623,7 @@ static irqreturn_t synclinkmp_interrupt(int dummy, void *dev_id) +@@ -2632,7 +2632,7 @@ static irqreturn_t synclinkmp_interrupt(int dummy, void *dev_id) * do not request bottom half processing if the * device is not open in a normal mode. */ @@ -39299,7 +43126,7 @@ index a3dddc1..8905ab2 100644 port->pending_bh && !port->bh_running && !port->bh_requested ) { if ( debug_level >= DEBUG_LEVEL_ISR ) -@@ -3321,12 +3321,12 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, +@@ -3330,12 +3330,12 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):%s block_til_ready() before block, count=%d\n", @@ -39314,16 +43141,16 @@ index a3dddc1..8905ab2 100644 } spin_unlock_irqrestore(&info->lock, flags); port->blocked_open++; -@@ -3355,7 +3355,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, +@@ -3364,7 +3364,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):%s block_til_ready() count=%d\n", - __FILE__,__LINE__, tty->driver->name, port->count ); + __FILE__,__LINE__, tty->driver->name, atomic_read(&port->count)); - tty_unlock(); + tty_unlock(tty); schedule(); -@@ -3366,12 +3366,12 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, +@@ -3375,12 +3375,12 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, remove_wait_queue(&port->open_wait, &wait); if (extra_count) @@ -39339,10 +43166,10 @@ index a3dddc1..8905ab2 100644 if (!retval) port->flags |= ASYNC_NORMAL_ACTIVE; diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c -index 05728894..b9d44c6 100644 +index b3c4a25..723916f 100644 --- a/drivers/tty/sysrq.c +++ b/drivers/tty/sysrq.c -@@ -865,7 +865,7 @@ EXPORT_SYMBOL(unregister_sysrq_key); +@@ -867,7 +867,7 @@ EXPORT_SYMBOL(unregister_sysrq_key); static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { @@ -39352,10 +43179,10 @@ index 05728894..b9d44c6 100644 if (get_user(c, buf)) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index b425c79..08a3f06 100644 +index da9fde8..c07975f 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c -@@ -3283,7 +3283,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); +@@ -3391,7 +3391,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); void tty_default_fops(struct file_operations *fops) { @@ -39365,31 +43192,31 @@ index b425c79..08a3f06 100644 /* diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c -index 6f99c99..8947bc4 100644 +index c578229..45aa9ee 100644 --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c @@ -56,7 +56,7 @@ static void put_ldisc(struct tty_ldisc *ld) - if (atomic_dec_and_lock(&ld->users, &tty_ldisc_lock)) { + if (atomic_dec_and_test(&ld->users)) { struct tty_ldisc_ops *ldo = ld->ops; - ldo->refcount--; + atomic_dec(&ldo->refcount); module_put(ldo->owner); - spin_unlock_irqrestore(&tty_ldisc_lock, flags); + raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags); @@ -91,7 +91,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc) - spin_lock_irqsave(&tty_ldisc_lock, flags); + raw_spin_lock_irqsave(&tty_ldisc_lock, flags); tty_ldiscs[disc] = new_ldisc; new_ldisc->num = disc; - new_ldisc->refcount = 0; + atomic_set(&new_ldisc->refcount, 0); - spin_unlock_irqrestore(&tty_ldisc_lock, flags); + raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags); return ret; @@ -119,7 +119,7 @@ int tty_unregister_ldisc(int disc) return -EINVAL; - spin_lock_irqsave(&tty_ldisc_lock, flags); + raw_spin_lock_irqsave(&tty_ldisc_lock, flags); - if (tty_ldiscs[disc]->refcount) + if (atomic_read(&tty_ldiscs[disc]->refcount)) ret = -EBUSY; @@ -39407,17 +43234,17 @@ index 6f99c99..8947bc4 100644 @@ -153,7 +153,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops) unsigned long flags; - spin_lock_irqsave(&tty_ldisc_lock, flags); + raw_spin_lock_irqsave(&tty_ldisc_lock, flags); - ldops->refcount--; + atomic_dec(&ldops->refcount); module_put(ldops->owner); - spin_unlock_irqrestore(&tty_ldisc_lock, flags); + raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags); } diff --git a/drivers/tty/tty_port.c b/drivers/tty/tty_port.c -index bf6e238..d401c04 100644 +index b7ff59d..7c6105e 100644 --- a/drivers/tty/tty_port.c +++ b/drivers/tty/tty_port.c -@@ -138,7 +138,7 @@ void tty_port_hangup(struct tty_port *port) +@@ -218,7 +218,7 @@ void tty_port_hangup(struct tty_port *port) unsigned long flags; spin_lock_irqsave(&port->lock, flags); @@ -39426,7 +43253,7 @@ index bf6e238..d401c04 100644 port->flags &= ~ASYNC_NORMAL_ACTIVE; if (port->tty) { set_bit(TTY_IO_ERROR, &port->tty->flags); -@@ -264,7 +264,7 @@ int tty_port_block_til_ready(struct tty_port *port, +@@ -344,7 +344,7 @@ int tty_port_block_til_ready(struct tty_port *port, /* The port lock protects the port counts */ spin_lock_irqsave(&port->lock, flags); if (!tty_hung_up_p(filp)) @@ -39435,7 +43262,7 @@ index bf6e238..d401c04 100644 port->blocked_open++; spin_unlock_irqrestore(&port->lock, flags); -@@ -306,7 +306,7 @@ int tty_port_block_til_ready(struct tty_port *port, +@@ -386,7 +386,7 @@ int tty_port_block_til_ready(struct tty_port *port, we must not mess that up further */ spin_lock_irqsave(&port->lock, flags); if (!tty_hung_up_p(filp)) @@ -39444,7 +43271,7 @@ index bf6e238..d401c04 100644 port->blocked_open--; if (retval == 0) port->flags |= ASYNC_NORMAL_ACTIVE; -@@ -326,19 +326,19 @@ int tty_port_close_start(struct tty_port *port, +@@ -406,19 +406,19 @@ int tty_port_close_start(struct tty_port *port, return 0; } @@ -39471,7 +43298,7 @@ index bf6e238..d401c04 100644 spin_unlock_irqrestore(&port->lock, flags); if (port->ops->drop) port->ops->drop(port); -@@ -418,7 +418,7 @@ int tty_port_open(struct tty_port *port, struct tty_struct *tty, +@@ -516,7 +516,7 @@ int tty_port_open(struct tty_port *port, struct tty_struct *tty, { spin_lock_irq(&port->lock); if (!tty_hung_up_p(filp)) @@ -39481,10 +43308,10 @@ index bf6e238..d401c04 100644 tty_port_tty_set(port, tty); diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c -index 770a854..e5d3db3 100644 +index 681765b..d3ccdf2 100644 --- a/drivers/tty/vt/keyboard.c +++ b/drivers/tty/vt/keyboard.c -@@ -659,6 +659,16 @@ static void k_spec(struct vc_data *vc, unsigned char value, char up_flag) +@@ -660,6 +660,16 @@ static void k_spec(struct vc_data *vc, unsigned char value, char up_flag) kbd->kbdmode == VC_OFF) && value != KVAL(K_SAK)) return; /* SAK is allowed even in raw mode */ @@ -39501,7 +43328,7 @@ index 770a854..e5d3db3 100644 fn_handler[value](vc); } -@@ -1805,9 +1815,6 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, +@@ -1808,9 +1818,6 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry))) return -EFAULT; @@ -39511,7 +43338,7 @@ index 770a854..e5d3db3 100644 switch (cmd) { case KDGKBENT: /* Ensure another thread doesn't free it under us */ -@@ -1822,6 +1829,9 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, +@@ -1825,6 +1832,9 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, spin_unlock_irqrestore(&kbd_event_lock, flags); return put_user(val, &user_kbe->kb_value); case KDSKBENT: @@ -39521,7 +43348,7 @@ index 770a854..e5d3db3 100644 if (!perm) return -EPERM; if (!i && v == K_NOSUCHMAP) { -@@ -1912,9 +1922,6 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) +@@ -1915,9 +1925,6 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) int i, j, k; int ret; @@ -39531,7 +43358,7 @@ index 770a854..e5d3db3 100644 kbs = kmalloc(sizeof(*kbs), GFP_KERNEL); if (!kbs) { ret = -ENOMEM; -@@ -1948,6 +1955,9 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) +@@ -1951,6 +1958,9 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) kfree(kbs); return ((p && *p) ? -EOVERFLOW : 0); case KDSKBSENT: @@ -39542,7 +43369,7 @@ index 770a854..e5d3db3 100644 ret = -EPERM; goto reterr; diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c -index a783d53..cb30d94 100644 +index 5110f36..8dc0a74 100644 --- a/drivers/uio/uio.c +++ b/drivers/uio/uio.c @@ -25,6 +25,7 @@ @@ -39627,7 +43454,7 @@ index a783d53..cb30d94 100644 } static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf) -@@ -821,7 +822,7 @@ int __uio_register_device(struct module *owner, +@@ -819,7 +820,7 @@ int __uio_register_device(struct module *owner, idev->owner = owner; idev->info = info; init_waitqueue_head(&idev->wait); @@ -39650,7 +43477,7 @@ index b7eb86a..36d28af 100644 pos += tmp; diff --git a/drivers/usb/atm/usbatm.c b/drivers/usb/atm/usbatm.c -index ee62b35..b663594 100644 +index 35f10bf..6a38a0b 100644 --- a/drivers/usb/atm/usbatm.c +++ b/drivers/usb/atm/usbatm.c @@ -333,7 +333,7 @@ static void usbatm_extract_one_cell(struct usbatm_data *instance, unsigned char @@ -39688,7 +43515,7 @@ index ee62b35..b663594 100644 goto out; } -@@ -387,7 +387,7 @@ static void usbatm_extract_one_cell(struct usbatm_data *instance, unsigned char +@@ -389,7 +389,7 @@ static void usbatm_extract_one_cell(struct usbatm_data *instance, unsigned char if (printk_ratelimit()) atm_err(instance, "%s: no memory for skb (length: %u)!\n", __func__, length); @@ -39697,7 +43524,7 @@ index ee62b35..b663594 100644 goto out; } -@@ -412,7 +412,7 @@ static void usbatm_extract_one_cell(struct usbatm_data *instance, unsigned char +@@ -417,7 +417,7 @@ static void usbatm_extract_one_cell(struct usbatm_data *instance, unsigned char vcc->push(vcc, skb); @@ -39706,7 +43533,7 @@ index ee62b35..b663594 100644 out: skb_trim(sarb, 0); } -@@ -615,7 +615,7 @@ static void usbatm_tx_process(unsigned long data) +@@ -623,7 +623,7 @@ static void usbatm_tx_process(unsigned long data) struct atm_vcc *vcc = UDSL_SKB(skb)->atm.vcc; usbatm_pop(vcc, skb); @@ -39715,7 +43542,7 @@ index ee62b35..b663594 100644 skb = skb_dequeue(&instance->sndqueue); } -@@ -770,11 +770,11 @@ static int usbatm_atm_proc_read(struct atm_dev *atm_dev, loff_t * pos, char *pag +@@ -779,11 +779,11 @@ static int usbatm_atm_proc_read(struct atm_dev *atm_dev, loff_t * pos, char *pag if (!left--) return sprintf(page, "AAL5: tx %d ( %d err ), rx %d ( %d err, %d drop )\n", @@ -39733,7 +43560,7 @@ index ee62b35..b663594 100644 if (!left--) { if (instance->disconnected) diff --git a/drivers/usb/core/devices.c b/drivers/usb/core/devices.c -index 3440812..2a4ef1f 100644 +index cbacea9..246cccd 100644 --- a/drivers/usb/core/devices.c +++ b/drivers/usb/core/devices.c @@ -126,7 +126,7 @@ static const char format_endpt[] = @@ -39754,7 +43581,7 @@ index 3440812..2a4ef1f 100644 wake_up(&device_event.wait); } -@@ -648,7 +648,7 @@ static unsigned int usb_device_poll(struct file *file, +@@ -645,7 +645,7 @@ static unsigned int usb_device_poll(struct file *file, poll_wait(file, &device_event.wait, wait); @@ -39764,10 +43591,10 @@ index 3440812..2a4ef1f 100644 file->f_version = event_count; return POLLIN | POLLRDNORM; diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c -index 75ba209..08bf89e 100644 +index 8e64adf..9a33a3c 100644 --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c -@@ -1478,7 +1478,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) +@@ -1522,7 +1522,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) */ usb_get_urb(urb); atomic_inc(&urb->use_count); @@ -39776,7 +43603,7 @@ index 75ba209..08bf89e 100644 usbmon_urb_submit(&hcd->self, urb); /* NOTE requirements on root-hub callers (usbfs and the hub -@@ -1505,7 +1505,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) +@@ -1549,7 +1549,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) urb->hcpriv = NULL; INIT_LIST_HEAD(&urb->urb_list); atomic_dec(&urb->use_count); @@ -39786,7 +43613,7 @@ index 75ba209..08bf89e 100644 wake_up(&usb_kill_urb_queue); usb_put_urb(urb); diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c -index 682e825..06d4f69 100644 +index 818e4a0..0fc9589 100644 --- a/drivers/usb/core/sysfs.c +++ b/drivers/usb/core/sysfs.c @@ -226,7 +226,7 @@ show_urbnum(struct device *dev, struct device_attribute *attr, char *buf) @@ -39799,10 +43626,10 @@ index 682e825..06d4f69 100644 static DEVICE_ATTR(urbnum, S_IRUGO, show_urbnum, NULL); diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c -index cd8fb44..17fbe0c 100644 +index f81b925..78d22ec 100644 --- a/drivers/usb/core/usb.c +++ b/drivers/usb/core/usb.c -@@ -397,7 +397,7 @@ struct usb_device *usb_alloc_dev(struct usb_device *parent, +@@ -388,7 +388,7 @@ struct usb_device *usb_alloc_dev(struct usb_device *parent, set_dev_node(&dev->dev, dev_to_node(bus->controller)); dev->state = USB_STATE_ATTACHED; dev->lpm_disable_count = 1; @@ -39812,10 +43639,10 @@ index cd8fb44..17fbe0c 100644 INIT_LIST_HEAD(&dev->ep0.urb_list); dev->ep0.desc.bLength = USB_DT_ENDPOINT_SIZE; diff --git a/drivers/usb/early/ehci-dbgp.c b/drivers/usb/early/ehci-dbgp.c -index 89dcf15..481800b 100644 +index 5e29dde..eca992f 100644 --- a/drivers/usb/early/ehci-dbgp.c +++ b/drivers/usb/early/ehci-dbgp.c -@@ -97,7 +97,8 @@ static inline u32 dbgp_len_update(u32 x, u32 len) +@@ -98,7 +98,8 @@ static inline u32 dbgp_len_update(u32 x, u32 len) #ifdef CONFIG_KGDB static struct kgdb_io kgdbdbgp_io_ops; @@ -39825,7 +43652,7 @@ index 89dcf15..481800b 100644 #else #define dbgp_kgdb_mode (0) #endif -@@ -1035,6 +1036,13 @@ static struct kgdb_io kgdbdbgp_io_ops = { +@@ -1047,6 +1048,13 @@ static struct kgdb_io kgdbdbgp_io_ops = { .write_char = kgdbdbgp_write_char, }; @@ -39839,7 +43666,7 @@ index 89dcf15..481800b 100644 static int kgdbdbgp_wait_time; static int __init kgdbdbgp_parse_config(char *str) -@@ -1050,8 +1058,10 @@ static int __init kgdbdbgp_parse_config(char *str) +@@ -1062,8 +1070,10 @@ static int __init kgdbdbgp_parse_config(char *str) ptr++; kgdbdbgp_wait_time = simple_strtoul(ptr, &ptr, 10); } @@ -39853,7 +43680,7 @@ index 89dcf15..481800b 100644 return 0; } diff --git a/drivers/usb/gadget/u_serial.c b/drivers/usb/gadget/u_serial.c -index da6d479..80ed10b 100644 +index 598dcc1..032dd4f 100644 --- a/drivers/usb/gadget/u_serial.c +++ b/drivers/usb/gadget/u_serial.c @@ -735,9 +735,9 @@ static int gs_open(struct tty_struct *tty, struct file *file) @@ -39901,7 +43728,7 @@ index da6d479..80ed10b 100644 gser = port->port_usb; if (gser && gser->disconnect) -@@ -1156,7 +1156,7 @@ static int gs_closed(struct gs_port *port) +@@ -1159,7 +1159,7 @@ static int gs_closed(struct gs_port *port) int cond; spin_lock_irq(&port->port_lock); @@ -39910,7 +43737,7 @@ index da6d479..80ed10b 100644 spin_unlock_irq(&port->port_lock); return cond; } -@@ -1269,7 +1269,7 @@ int gserial_connect(struct gserial *gser, u8 port_num) +@@ -1273,7 +1273,7 @@ int gserial_connect(struct gserial *gser, u8 port_num) /* if it's already open, start I/O ... and notify the serial * protocol about open/close status (connect/disconnect). */ @@ -39919,7 +43746,7 @@ index da6d479..80ed10b 100644 pr_debug("gserial_connect: start ttyGS%d\n", port->port_num); gs_start_io(port); if (gser->connect) -@@ -1316,7 +1316,7 @@ void gserial_disconnect(struct gserial *gser) +@@ -1320,7 +1320,7 @@ void gserial_disconnect(struct gserial *gser) port->port_usb = NULL; gser->ioport = NULL; @@ -39928,7 +43755,7 @@ index da6d479..80ed10b 100644 wake_up_interruptible(&port->drain_wait); if (port->port.tty) tty_hangup(port->port.tty); -@@ -1332,7 +1332,7 @@ void gserial_disconnect(struct gserial *gser) +@@ -1336,7 +1336,7 @@ void gserial_disconnect(struct gserial *gser) /* finally, free any unused/unusable I/O buffers */ spin_lock_irqsave(&port->port_lock, flags); @@ -39938,10 +43765,10 @@ index da6d479..80ed10b 100644 gs_free_requests(gser->out, &port->read_pool, NULL); gs_free_requests(gser->out, &port->read_queue, NULL); diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c -index b9cca6d..75c75df 100644 +index 5f3bcd3..bfca43f 100644 --- a/drivers/usb/serial/console.c +++ b/drivers/usb/serial/console.c -@@ -127,7 +127,7 @@ static int usb_console_setup(struct console *co, char *options) +@@ -124,7 +124,7 @@ static int usb_console_setup(struct console *co, char *options) info->port = port; @@ -39950,7 +43777,7 @@ index b9cca6d..75c75df 100644 if (!test_bit(ASYNCB_INITIALIZED, &port->port.flags)) { if (serial->type->set_termios) { /* -@@ -177,7 +177,7 @@ static int usb_console_setup(struct console *co, char *options) +@@ -174,7 +174,7 @@ static int usb_console_setup(struct console *co, char *options) } /* Now that any required fake tty operations are completed restore * the tty port count */ @@ -39959,7 +43786,7 @@ index b9cca6d..75c75df 100644 /* The console is special in terms of closing the device so * indicate this port is now acting as a system console. */ port->port.console = 1; -@@ -190,7 +190,7 @@ static int usb_console_setup(struct console *co, char *options) +@@ -187,7 +187,7 @@ static int usb_console_setup(struct console *co, char *options) free_tty: kfree(tty); reset_open_count: @@ -39968,6 +43795,19 @@ index b9cca6d..75c75df 100644 usb_autopm_put_interface(serial->interface); error_get_interface: usb_serial_put(serial); +diff --git a/drivers/usb/storage/usb.h b/drivers/usb/storage/usb.h +index 75f70f0..d467e1a 100644 +--- a/drivers/usb/storage/usb.h ++++ b/drivers/usb/storage/usb.h +@@ -63,7 +63,7 @@ struct us_unusual_dev { + __u8 useProtocol; + __u8 useTransport; + int (*initFunction)(struct us_data *); +-}; ++} __do_const; + + + /* Dynamic bitflag definitions (us->dflags): used in set_bit() etc. */ diff --git a/drivers/usb/wusbcore/wa-hc.h b/drivers/usb/wusbcore/wa-hc.h index d6bea3e..60b250e 100644 --- a/drivers/usb/wusbcore/wa-hc.h @@ -40003,32 +43843,100 @@ index 57c01ab..8a05959 100644 } /* -diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c -index fd38945..78a026b 100644 ---- a/drivers/vhost/vhost.c -+++ b/drivers/vhost/vhost.c -@@ -634,7 +634,7 @@ static long vhost_set_memory(struct vhost_dev *d, struct vhost_memory __user *m) - return 0; - } - --static long vhost_set_vring(struct vhost_dev *d, int ioctl, void __user *argp) -+static long vhost_set_vring(struct vhost_dev *d, unsigned int ioctl, void __user *argp) - { - struct file *eventfp, *filep = NULL, - *pollstart = NULL, *pollstop = NULL; diff --git a/drivers/video/aty/aty128fb.c b/drivers/video/aty/aty128fb.c -index 747442d..7c0c434 100644 +index 8c55011..eed4ae1a 100644 --- a/drivers/video/aty/aty128fb.c +++ b/drivers/video/aty/aty128fb.c @@ -149,7 +149,7 @@ enum { }; /* Must match above enum */ --static const char *r128_family[] __devinitdata = { -+static const char *r128_family[] __devinitconst = { +-static char * const r128_family[] = { ++static const char * const r128_family[] = { "AGP", "PCI", "PRO AGP", +diff --git a/drivers/video/aty/atyfb_base.c b/drivers/video/aty/atyfb_base.c +index 4f27fdc..d3537e6 100644 +--- a/drivers/video/aty/atyfb_base.c ++++ b/drivers/video/aty/atyfb_base.c +@@ -1325,10 +1325,14 @@ static int atyfb_set_par(struct fb_info *info) + par->accel_flags = var->accel_flags; /* hack */ + + if (var->accel_flags) { +- info->fbops->fb_sync = atyfb_sync; ++ pax_open_kernel(); ++ *(void **)&info->fbops->fb_sync = atyfb_sync; ++ pax_close_kernel(); + info->flags &= ~FBINFO_HWACCEL_DISABLED; + } else { +- info->fbops->fb_sync = NULL; ++ pax_open_kernel(); ++ *(void **)&info->fbops->fb_sync = NULL; ++ pax_close_kernel(); + info->flags |= FBINFO_HWACCEL_DISABLED; + } + +diff --git a/drivers/video/aty/mach64_cursor.c b/drivers/video/aty/mach64_cursor.c +index 95ec042..e6affdd 100644 +--- a/drivers/video/aty/mach64_cursor.c ++++ b/drivers/video/aty/mach64_cursor.c +@@ -7,6 +7,7 @@ + #include <linux/string.h> + + #include <asm/io.h> ++#include <asm/pgtable.h> + + #ifdef __sparc__ + #include <asm/fbio.h> +@@ -208,7 +209,9 @@ int aty_init_cursor(struct fb_info *info) + info->sprite.buf_align = 16; /* and 64 lines tall. */ + info->sprite.flags = FB_PIXMAP_IO; + +- info->fbops->fb_cursor = atyfb_cursor; ++ pax_open_kernel(); ++ *(void **)&info->fbops->fb_cursor = atyfb_cursor; ++ pax_close_kernel(); + + return 0; + } +diff --git a/drivers/video/backlight/kb3886_bl.c b/drivers/video/backlight/kb3886_bl.c +index 6c5ed6b..b727c88 100644 +--- a/drivers/video/backlight/kb3886_bl.c ++++ b/drivers/video/backlight/kb3886_bl.c +@@ -78,7 +78,7 @@ static struct kb3886bl_machinfo *bl_machinfo; + static unsigned long kb3886bl_flags; + #define KB3886BL_SUSPENDED 0x01 + +-static struct dmi_system_id __initdata kb3886bl_device_table[] = { ++static const struct dmi_system_id __initconst kb3886bl_device_table[] = { + { + .ident = "Sahara Touch-iT", + .matches = { +diff --git a/drivers/video/fb_defio.c b/drivers/video/fb_defio.c +index 88cad6b..dd746c7 100644 +--- a/drivers/video/fb_defio.c ++++ b/drivers/video/fb_defio.c +@@ -206,7 +206,9 @@ void fb_deferred_io_init(struct fb_info *info) + + BUG_ON(!fbdefio); + mutex_init(&fbdefio->lock); +- info->fbops->fb_mmap = fb_deferred_io_mmap; ++ pax_open_kernel(); ++ *(void **)&info->fbops->fb_mmap = fb_deferred_io_mmap; ++ pax_close_kernel(); + INIT_DELAYED_WORK(&info->deferred_work, fb_deferred_io_work); + INIT_LIST_HEAD(&fbdefio->pagelist); + if (fbdefio->delay == 0) /* set a default of 1 s */ +@@ -237,7 +239,7 @@ void fb_deferred_io_cleanup(struct fb_info *info) + page->mapping = NULL; + } + +- info->fbops->fb_mmap = NULL; ++ *(void **)&info->fbops->fb_mmap = NULL; + mutex_destroy(&fbdefio->lock); + } + EXPORT_SYMBOL_GPL(fb_deferred_io_cleanup); diff --git a/drivers/video/fbcmap.c b/drivers/video/fbcmap.c index 5c3960d..15cf8fc 100644 --- a/drivers/video/fbcmap.c @@ -40044,7 +43952,7 @@ index 5c3960d..15cf8fc 100644 goto out1; } diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c -index afa804f..293a360 100644 +index dc61c12..e29796e 100644 --- a/drivers/video/fbmem.c +++ b/drivers/video/fbmem.c @@ -428,7 +428,7 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image, @@ -40074,41 +43982,6 @@ index afa804f..293a360 100644 return -EINVAL; if (!registered_fb[con2fb.framebuffer]) request_module("fb%d", con2fb.framebuffer); -diff --git a/drivers/video/geode/gx1fb_core.c b/drivers/video/geode/gx1fb_core.c -index 5a5d092..265c5ed 100644 ---- a/drivers/video/geode/gx1fb_core.c -+++ b/drivers/video/geode/gx1fb_core.c -@@ -29,7 +29,7 @@ static int crt_option = 1; - static char panel_option[32] = ""; - - /* Modes relevant to the GX1 (taken from modedb.c) */ --static const struct fb_videomode __devinitdata gx1_modedb[] = { -+static const struct fb_videomode __devinitconst gx1_modedb[] = { - /* 640x480-60 VESA */ - { NULL, 60, 640, 480, 39682, 48, 16, 33, 10, 96, 2, - 0, FB_VMODE_NONINTERLACED, FB_MODE_IS_VESA }, -diff --git a/drivers/video/gxt4500.c b/drivers/video/gxt4500.c -index 0fad23f..0e9afa4 100644 ---- a/drivers/video/gxt4500.c -+++ b/drivers/video/gxt4500.c -@@ -156,7 +156,7 @@ struct gxt4500_par { - static char *mode_option; - - /* default mode: 1280x1024 @ 60 Hz, 8 bpp */ --static const struct fb_videomode defaultmode __devinitdata = { -+static const struct fb_videomode defaultmode __devinitconst = { - .refresh = 60, - .xres = 1280, - .yres = 1024, -@@ -581,7 +581,7 @@ static int gxt4500_blank(int blank, struct fb_info *info) - return 0; - } - --static const struct fb_fix_screeninfo gxt4500_fix __devinitdata = { -+static const struct fb_fix_screeninfo gxt4500_fix __devinitconst = { - .id = "IBM GXT4500P", - .type = FB_TYPE_PACKED_PIXELS, - .visual = FB_VISUAL_PSEUDOCOLOR, diff --git a/drivers/video/i810/i810_accel.c b/drivers/video/i810/i810_accel.c index 7672d2e..b56437f 100644 --- a/drivers/video/i810/i810_accel.c @@ -40121,32 +43994,6 @@ index 7672d2e..b56437f 100644 i810_report_error(mmio); par->dev_flags |= LOCKUP; info->pixmap.scan_align = 1; -diff --git a/drivers/video/i810/i810_main.c b/drivers/video/i810/i810_main.c -index b83f361..2b05a91 100644 ---- a/drivers/video/i810/i810_main.c -+++ b/drivers/video/i810/i810_main.c -@@ -97,7 +97,7 @@ static int i810fb_blank (int blank_mode, struct fb_info *info); - static void i810fb_release_resource (struct fb_info *info, struct i810fb_par *par); - - /* PCI */ --static const char *i810_pci_list[] __devinitdata = { -+static const char *i810_pci_list[] __devinitconst = { - "Intel(R) 810 Framebuffer Device" , - "Intel(R) 810-DC100 Framebuffer Device" , - "Intel(R) 810E Framebuffer Device" , -diff --git a/drivers/video/jz4740_fb.c b/drivers/video/jz4740_fb.c -index de36693..3c63fc2 100644 ---- a/drivers/video/jz4740_fb.c -+++ b/drivers/video/jz4740_fb.c -@@ -136,7 +136,7 @@ struct jzfb { - uint32_t pseudo_palette[16]; - }; - --static const struct fb_fix_screeninfo jzfb_fix __devinitdata = { -+static const struct fb_fix_screeninfo jzfb_fix __devinitconst = { - .id = "JZ4740 FB", - .type = FB_TYPE_PACKED_PIXELS, - .visual = FB_VISUAL_TRUECOLOR, diff --git a/drivers/video/logo/logo_linux_clut224.ppm b/drivers/video/logo/logo_linux_clut224.ppm index 3c14e43..eafa544 100644 --- a/drivers/video/logo/logo_linux_clut224.ppm @@ -42876,11 +46723,122 @@ index 3c14e43..eafa544 100644 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 +4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 4 +4 4 4 4 4 4 +diff --git a/drivers/video/mb862xx/mb862xxfb_accel.c b/drivers/video/mb862xx/mb862xxfb_accel.c +index fe92eed..106e085 100644 +--- a/drivers/video/mb862xx/mb862xxfb_accel.c ++++ b/drivers/video/mb862xx/mb862xxfb_accel.c +@@ -312,14 +312,18 @@ void mb862xxfb_init_accel(struct fb_info *info, int xres) + struct mb862xxfb_par *par = info->par; + + if (info->var.bits_per_pixel == 32) { +- info->fbops->fb_fillrect = cfb_fillrect; +- info->fbops->fb_copyarea = cfb_copyarea; +- info->fbops->fb_imageblit = cfb_imageblit; ++ pax_open_kernel(); ++ *(void **)&info->fbops->fb_fillrect = cfb_fillrect; ++ *(void **)&info->fbops->fb_copyarea = cfb_copyarea; ++ *(void **)&info->fbops->fb_imageblit = cfb_imageblit; ++ pax_close_kernel(); + } else { + outreg(disp, GC_L0EM, 3); +- info->fbops->fb_fillrect = mb86290fb_fillrect; +- info->fbops->fb_copyarea = mb86290fb_copyarea; +- info->fbops->fb_imageblit = mb86290fb_imageblit; ++ pax_open_kernel(); ++ *(void **)&info->fbops->fb_fillrect = mb86290fb_fillrect; ++ *(void **)&info->fbops->fb_copyarea = mb86290fb_copyarea; ++ *(void **)&info->fbops->fb_imageblit = mb86290fb_imageblit; ++ pax_close_kernel(); + } + outreg(draw, GDC_REG_DRAW_BASE, 0); + outreg(draw, GDC_REG_MODE_MISC, 0x8000); +diff --git a/drivers/video/nvidia/nvidia.c b/drivers/video/nvidia/nvidia.c +index ff22871..b129bed 100644 +--- a/drivers/video/nvidia/nvidia.c ++++ b/drivers/video/nvidia/nvidia.c +@@ -669,19 +669,23 @@ static int nvidiafb_set_par(struct fb_info *info) + info->fix.line_length = (info->var.xres_virtual * + info->var.bits_per_pixel) >> 3; + if (info->var.accel_flags) { +- info->fbops->fb_imageblit = nvidiafb_imageblit; +- info->fbops->fb_fillrect = nvidiafb_fillrect; +- info->fbops->fb_copyarea = nvidiafb_copyarea; +- info->fbops->fb_sync = nvidiafb_sync; ++ pax_open_kernel(); ++ *(void **)&info->fbops->fb_imageblit = nvidiafb_imageblit; ++ *(void **)&info->fbops->fb_fillrect = nvidiafb_fillrect; ++ *(void **)&info->fbops->fb_copyarea = nvidiafb_copyarea; ++ *(void **)&info->fbops->fb_sync = nvidiafb_sync; ++ pax_close_kernel(); + info->pixmap.scan_align = 4; + info->flags &= ~FBINFO_HWACCEL_DISABLED; + info->flags |= FBINFO_READS_FAST; + NVResetGraphics(info); + } else { +- info->fbops->fb_imageblit = cfb_imageblit; +- info->fbops->fb_fillrect = cfb_fillrect; +- info->fbops->fb_copyarea = cfb_copyarea; +- info->fbops->fb_sync = NULL; ++ pax_open_kernel(); ++ *(void **)&info->fbops->fb_imageblit = cfb_imageblit; ++ *(void **)&info->fbops->fb_fillrect = cfb_fillrect; ++ *(void **)&info->fbops->fb_copyarea = cfb_copyarea; ++ *(void **)&info->fbops->fb_sync = NULL; ++ pax_close_kernel(); + info->pixmap.scan_align = 1; + info->flags |= FBINFO_HWACCEL_DISABLED; + info->flags &= ~FBINFO_READS_FAST; +@@ -1173,8 +1177,11 @@ static int nvidia_set_fbinfo(struct fb_info *info) + info->pixmap.size = 8 * 1024; + info->pixmap.flags = FB_PIXMAP_SYSTEM; + +- if (!hwcur) +- info->fbops->fb_cursor = NULL; ++ if (!hwcur) { ++ pax_open_kernel(); ++ *(void **)&info->fbops->fb_cursor = NULL; ++ pax_close_kernel(); ++ } + + info->var.accel_flags = (!noaccel); + +diff --git a/drivers/video/s1d13xxxfb.c b/drivers/video/s1d13xxxfb.c +index 76d9053..dec2bfd 100644 +--- a/drivers/video/s1d13xxxfb.c ++++ b/drivers/video/s1d13xxxfb.c +@@ -881,8 +881,10 @@ static int s1d13xxxfb_probe(struct platform_device *pdev) + + switch(prod_id) { + case S1D13506_PROD_ID: /* activate acceleration */ +- s1d13xxxfb_fbops.fb_fillrect = s1d13xxxfb_bitblt_solidfill; +- s1d13xxxfb_fbops.fb_copyarea = s1d13xxxfb_bitblt_copyarea; ++ pax_open_kernel(); ++ *(void **)&s1d13xxxfb_fbops.fb_fillrect = s1d13xxxfb_bitblt_solidfill; ++ *(void **)&s1d13xxxfb_fbops.fb_copyarea = s1d13xxxfb_bitblt_copyarea; ++ pax_close_kernel(); + info->flags = FBINFO_DEFAULT | FBINFO_HWACCEL_YPAN | + FBINFO_HWACCEL_FILLRECT | FBINFO_HWACCEL_COPYAREA; + break; +diff --git a/drivers/video/smscufx.c b/drivers/video/smscufx.c +index 97bd662..39fab85 100644 +--- a/drivers/video/smscufx.c ++++ b/drivers/video/smscufx.c +@@ -1171,7 +1171,9 @@ static int ufx_ops_release(struct fb_info *info, int user) + fb_deferred_io_cleanup(info); + kfree(info->fbdefio); + info->fbdefio = NULL; +- info->fbops->fb_mmap = ufx_ops_mmap; ++ pax_open_kernel(); ++ *(void **)&info->fbops->fb_mmap = ufx_ops_mmap; ++ pax_close_kernel(); + } + + pr_debug("released /dev/fb%d user=%d count=%d", diff --git a/drivers/video/udlfb.c b/drivers/video/udlfb.c -index 38fcfff..0072dcd 100644 +index 86d449e..8e04dc5 100644 --- a/drivers/video/udlfb.c +++ b/drivers/video/udlfb.c -@@ -620,11 +620,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int x, int y, +@@ -619,11 +619,11 @@ int dlfb_handle_damage(struct dlfb_data *dev, int x, int y, dlfb_urb_completion(urb); error: @@ -42896,7 +46854,7 @@ index 38fcfff..0072dcd 100644 >> 10)), /* Kcycles */ &dev->cpu_kcycles_used); -@@ -745,11 +745,11 @@ static void dlfb_dpy_deferred_io(struct fb_info *info, +@@ -744,11 +744,11 @@ static void dlfb_dpy_deferred_io(struct fb_info *info, dlfb_urb_completion(urb); error: @@ -42912,7 +46870,18 @@ index 38fcfff..0072dcd 100644 >> 10)), /* Kcycles */ &dev->cpu_kcycles_used); } -@@ -1373,7 +1373,7 @@ static ssize_t metrics_bytes_rendered_show(struct device *fbdev, +@@ -989,7 +989,9 @@ static int dlfb_ops_release(struct fb_info *info, int user) + fb_deferred_io_cleanup(info); + kfree(info->fbdefio); + info->fbdefio = NULL; +- info->fbops->fb_mmap = dlfb_ops_mmap; ++ pax_open_kernel(); ++ *(void **)&info->fbops->fb_mmap = dlfb_ops_mmap; ++ pax_close_kernel(); + } + + pr_warn("released /dev/fb%d user=%d count=%d\n", +@@ -1372,7 +1374,7 @@ static ssize_t metrics_bytes_rendered_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -42921,7 +46890,7 @@ index 38fcfff..0072dcd 100644 } static ssize_t metrics_bytes_identical_show(struct device *fbdev, -@@ -1381,7 +1381,7 @@ static ssize_t metrics_bytes_identical_show(struct device *fbdev, +@@ -1380,7 +1382,7 @@ static ssize_t metrics_bytes_identical_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -42930,7 +46899,7 @@ index 38fcfff..0072dcd 100644 } static ssize_t metrics_bytes_sent_show(struct device *fbdev, -@@ -1389,7 +1389,7 @@ static ssize_t metrics_bytes_sent_show(struct device *fbdev, +@@ -1388,7 +1390,7 @@ static ssize_t metrics_bytes_sent_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -42939,7 +46908,7 @@ index 38fcfff..0072dcd 100644 } static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev, -@@ -1397,7 +1397,7 @@ static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev, +@@ -1396,7 +1398,7 @@ static ssize_t metrics_cpu_kcycles_used_show(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; return snprintf(buf, PAGE_SIZE, "%u\n", @@ -42948,7 +46917,7 @@ index 38fcfff..0072dcd 100644 } static ssize_t edid_show( -@@ -1457,10 +1457,10 @@ static ssize_t metrics_reset_store(struct device *fbdev, +@@ -1456,10 +1458,10 @@ static ssize_t metrics_reset_store(struct device *fbdev, struct fb_info *fb_info = dev_get_drvdata(fbdev); struct dlfb_data *dev = fb_info->par; @@ -42964,7 +46933,7 @@ index 38fcfff..0072dcd 100644 return count; } diff --git a/drivers/video/uvesafb.c b/drivers/video/uvesafb.c -index b0e2a42..e2df3ad 100644 +index b75db01..ad2f34a 100644 --- a/drivers/video/uvesafb.c +++ b/drivers/video/uvesafb.c @@ -19,6 +19,7 @@ @@ -42975,7 +46944,7 @@ index b0e2a42..e2df3ad 100644 #include <video/edid.h> #include <video/uvesafb.h> #ifdef CONFIG_X86 -@@ -569,10 +570,32 @@ static int __devinit uvesafb_vbe_getpmi(struct uvesafb_ktask *task, +@@ -569,10 +570,32 @@ static int uvesafb_vbe_getpmi(struct uvesafb_ktask *task, if ((task->t.regs.eax & 0xffff) != 0x4f || task->t.regs.es < 0xc000) { par->pmi_setpal = par->ypan = 0; } else { @@ -43008,7 +46977,7 @@ index b0e2a42..e2df3ad 100644 printk(KERN_INFO "uvesafb: protected mode interface info at " "%04x:%04x\n", (u16)task->t.regs.es, (u16)task->t.regs.edi); -@@ -816,13 +839,14 @@ static int __devinit uvesafb_vbe_init(struct fb_info *info) +@@ -817,13 +840,14 @@ static int uvesafb_vbe_init(struct fb_info *info) par->ypan = ypan; if (par->pmi_setpal || par->ypan) { @@ -43025,7 +46994,35 @@ index b0e2a42..e2df3ad 100644 } #else /* The protected mode interface is not available on non-x86. */ -@@ -1836,6 +1860,11 @@ out: +@@ -1457,8 +1481,11 @@ static void uvesafb_init_info(struct fb_info *info, struct vbe_mode_ib *mode) + info->fix.ywrapstep = (par->ypan > 1) ? 1 : 0; + + /* Disable blanking if the user requested so. */ +- if (!blank) +- info->fbops->fb_blank = NULL; ++ if (!blank) { ++ pax_open_kernel(); ++ *(void **)&info->fbops->fb_blank = NULL; ++ pax_close_kernel(); ++ } + + /* + * Find out how much IO memory is required for the mode with +@@ -1534,8 +1561,11 @@ static void uvesafb_init_info(struct fb_info *info, struct vbe_mode_ib *mode) + info->flags = FBINFO_FLAG_DEFAULT | + (par->ypan ? FBINFO_HWACCEL_YPAN : 0); + +- if (!par->ypan) +- info->fbops->fb_pan_display = NULL; ++ if (!par->ypan) { ++ pax_open_kernel(); ++ *(void **)&info->fbops->fb_pan_display = NULL; ++ pax_close_kernel(); ++ } + } + + static void uvesafb_init_mtrr(struct fb_info *info) +@@ -1836,6 +1866,11 @@ out: if (par->vbe_modes) kfree(par->vbe_modes); @@ -43037,7 +47034,7 @@ index b0e2a42..e2df3ad 100644 framebuffer_release(info); return err; } -@@ -1862,6 +1891,12 @@ static int uvesafb_remove(struct platform_device *dev) +@@ -1862,6 +1897,12 @@ static int uvesafb_remove(struct platform_device *dev) kfree(par->vbe_state_orig); if (par->vbe_state_saved) kfree(par->vbe_state_saved); @@ -43051,7 +47048,7 @@ index b0e2a42..e2df3ad 100644 framebuffer_release(info); diff --git a/drivers/video/vesafb.c b/drivers/video/vesafb.c -index 501b340..86bd4cf 100644 +index 501b340..d80aa17 100644 --- a/drivers/video/vesafb.c +++ b/drivers/video/vesafb.c @@ -9,6 +9,7 @@ @@ -43144,7 +47141,21 @@ index 501b340..86bd4cf 100644 printk(KERN_INFO "vesafb: pmi: set display start = %p, set palette = %p\n",pmi_start,pmi_pal); if (pmi_base[3]) { printk(KERN_INFO "vesafb: pmi: ports = "); -@@ -488,6 +514,11 @@ static int __init vesafb_probe(struct platform_device *dev) +@@ -472,8 +498,11 @@ static int __init vesafb_probe(struct platform_device *dev) + info->flags = FBINFO_FLAG_DEFAULT | FBINFO_MISC_FIRMWARE | + (ypan ? FBINFO_HWACCEL_YPAN : 0); + +- if (!ypan) +- info->fbops->fb_pan_display = NULL; ++ if (!ypan) { ++ pax_open_kernel(); ++ *(void **)&info->fbops->fb_pan_display = NULL; ++ pax_close_kernel(); ++ } + + if (fb_alloc_cmap(&info->cmap, 256, 0) < 0) { + err = -ENOMEM; +@@ -488,6 +517,11 @@ static int __init vesafb_probe(struct platform_device *dev) info->node, info->fix.id); return 0; err: @@ -43169,55 +47180,6 @@ index 88714ae..16c2e11 100644 static inline u32 get_pll_internal_frequency(u32 ref_freq, -diff --git a/drivers/virtio/virtio_mmio.c b/drivers/virtio/virtio_mmio.c -index 453db0c..604973e 100644 ---- a/drivers/virtio/virtio_mmio.c -+++ b/drivers/virtio/virtio_mmio.c -@@ -521,7 +521,7 @@ static int vm_cmdline_set(const char *device, - - resources[0].end = memparse(device, &str) - 1; - -- processed = sscanf(str, "@%lli:%u%n:%d%n", -+ processed = sscanf(str, "@%lli:%llu%n:%d%n", - &base, &resources[1].start, &consumed, - &vm_cmdline_id, &consumed); - -diff --git a/drivers/xen/xen-pciback/conf_space.h b/drivers/xen/xen-pciback/conf_space.h -index e56c934..fc22f4b 100644 ---- a/drivers/xen/xen-pciback/conf_space.h -+++ b/drivers/xen/xen-pciback/conf_space.h -@@ -44,15 +44,15 @@ struct config_field { - struct { - conf_dword_write write; - conf_dword_read read; -- } dw; -+ } __no_const dw; - struct { - conf_word_write write; - conf_word_read read; -- } w; -+ } __no_const w; - struct { - conf_byte_write write; - conf_byte_read read; -- } b; -+ } __no_const b; - } u; - struct list_head list; - }; -diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c -index 89f7625..ac72702 100644 ---- a/drivers/xen/xenbus/xenbus_dev_frontend.c -+++ b/drivers/xen/xenbus/xenbus_dev_frontend.c -@@ -458,7 +458,7 @@ static ssize_t xenbus_file_write(struct file *filp, - goto out; - - /* Can't write a xenbus message larger we can buffer */ -- if ((len + u->len) > sizeof(u->u.buffer)) { -+ if (len > sizeof(u->u.buffer) - u->len) { - /* On error, dump existing buffer */ - u->len = 0; - rc = -EINVAL; diff --git a/drivers/xen/xenfs/xenstored.c b/drivers/xen/xenfs/xenstored.c index fef20db..d28b1ab 100644 --- a/drivers/xen/xenfs/xenstored.c @@ -43236,7 +47198,7 @@ index fef20db..d28b1ab 100644 return -ENOMEM; return 0; diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c -index cbf9dbb..35c3af7 100644 +index 890bed5..17ae73e 100644 --- a/fs/9p/vfs_inode.c +++ b/fs/9p/vfs_inode.c @@ -1329,7 +1329,7 @@ static void *v9fs_vfs_follow_link(struct dentry *dentry, struct nameidata *nd) @@ -43249,7 +47211,7 @@ index cbf9dbb..35c3af7 100644 p9_debug(P9_DEBUG_VFS, " %s %s\n", dentry->d_name.name, IS_ERR(s) ? "<error>" : s); diff --git a/fs/Kconfig.binfmt b/fs/Kconfig.binfmt -index 0225742..1cd4732 100644 +index 0efd152..b5802ad 100644 --- a/fs/Kconfig.binfmt +++ b/fs/Kconfig.binfmt @@ -89,7 +89,7 @@ config HAVE_AOUT @@ -43308,10 +47270,10 @@ index 71f613c..9d01f1f 100644 kiocb->ki_cur_seg = 0; /* ki_nbytes/left now reflect bytes instead of segs */ diff --git a/fs/attr.c b/fs/attr.c -index 29e38a1..2bc037b 100644 +index 1449adb..a2038c2 100644 --- a/fs/attr.c +++ b/fs/attr.c -@@ -99,6 +99,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset) +@@ -102,6 +102,7 @@ int inode_newsize_ok(const struct inode *inode, loff_t offset) unsigned long limit; limit = rlimit(RLIMIT_FSIZE); @@ -43320,7 +47282,7 @@ index 29e38a1..2bc037b 100644 goto out_sig; if (offset > inode->i_sb->s_maxbytes) diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c -index da8876d..4456166 100644 +index 03bc1d3..6205356 100644 --- a/fs/autofs4/waitq.c +++ b/fs/autofs4/waitq.c @@ -61,7 +61,7 @@ static int autofs4_write(struct autofs_sb_info *sbi, @@ -43349,7 +47311,7 @@ index da8876d..4456166 100644 if (IS_ROOT(dentry) && autofs_type_trigger(sbi->type)) +#ifdef CONFIG_GRKERNSEC_HIDESYM + /* this name does get written to userland via autofs4_write() */ -+ qstr.len = sprintf(name, "%08lx", atomic_inc_return_unchecked(&autofs_dummy_name_id)); ++ qstr.len = sprintf(name, "%08x", atomic_inc_return_unchecked(&autofs_dummy_name_id)); +#else qstr.len = sprintf(name, "%p", dentry); +#endif @@ -43357,10 +47319,10 @@ index da8876d..4456166 100644 qstr.len = autofs4_getpath(sbi, dentry, &name); if (!qstr.len) { diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c -index cf7f3c6..f61080d 100644 +index 2b3bda8..6a2d4be 100644 --- a/fs/befs/linuxvfs.c +++ b/fs/befs/linuxvfs.c -@@ -502,7 +502,7 @@ static void befs_put_link(struct dentry *dentry, struct nameidata *nd, void *p) +@@ -510,7 +510,7 @@ static void befs_put_link(struct dentry *dentry, struct nameidata *nd, void *p) { befs_inode_info *befs_ino = BEFS_I(dentry->d_inode); if (befs_ino->i_flags & BEFS_LONG_SYMLINK) { @@ -43370,7 +47332,7 @@ index cf7f3c6..f61080d 100644 kfree(link); } diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c -index d146e18..12d1bd1 100644 +index 6043567..16a9239 100644 --- a/fs/binfmt_aout.c +++ b/fs/binfmt_aout.c @@ -16,6 +16,7 @@ @@ -43381,7 +47343,7 @@ index d146e18..12d1bd1 100644 #include <linux/stat.h> #include <linux/fcntl.h> #include <linux/ptrace.h> -@@ -83,6 +84,8 @@ static int aout_core_dump(struct coredump_params *cprm) +@@ -59,6 +60,8 @@ static int aout_core_dump(struct coredump_params *cprm) #endif # define START_STACK(u) ((void __user *)u.start_stack) @@ -43390,7 +47352,7 @@ index d146e18..12d1bd1 100644 fs = get_fs(); set_fs(KERNEL_DS); has_dumped = 1; -@@ -94,10 +97,12 @@ static int aout_core_dump(struct coredump_params *cprm) +@@ -70,10 +73,12 @@ static int aout_core_dump(struct coredump_params *cprm) /* If the size of the dump file exceeds the rlimit, then see what would happen if we wrote the stack, but not the data area. */ @@ -43403,7 +47365,7 @@ index d146e18..12d1bd1 100644 if ((dump.u_ssize + 1) * PAGE_SIZE > cprm->limit) dump.u_ssize = 0; -@@ -231,6 +236,8 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) +@@ -234,6 +239,8 @@ static int load_aout_binary(struct linux_binprm * bprm) rlim = rlimit(RLIMIT_DATA); if (rlim >= RLIM_INFINITY) rlim = ~0; @@ -43412,7 +47374,7 @@ index d146e18..12d1bd1 100644 if (ex.a_data + ex.a_bss > rlim) return -ENOMEM; -@@ -265,6 +272,27 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) +@@ -268,6 +275,27 @@ static int load_aout_binary(struct linux_binprm * bprm) install_exec_creds(bprm); @@ -43440,7 +47402,7 @@ index d146e18..12d1bd1 100644 if (N_MAGIC(ex) == OMAGIC) { unsigned long text_addr, map_size; loff_t pos; -@@ -330,7 +358,7 @@ static int load_aout_binary(struct linux_binprm * bprm, struct pt_regs * regs) +@@ -333,7 +361,7 @@ static int load_aout_binary(struct linux_binprm * bprm) } error = vm_mmap(bprm->file, N_DATADDR(ex), ex.a_data, @@ -43450,10 +47412,10 @@ index d146e18..12d1bd1 100644 fd_offset + ex.a_text); if (error != N_DATADDR(ex)) { diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 0225fdd..0c0d35d 100644 +index 0c42cdb..9551bb8 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c -@@ -32,6 +32,7 @@ +@@ -33,6 +33,7 @@ #include <linux/elf.h> #include <linux/utsname.h> #include <linux/coredump.h> @@ -43461,7 +47423,7 @@ index 0225fdd..0c0d35d 100644 #include <asm/uaccess.h> #include <asm/param.h> #include <asm/page.h> -@@ -52,6 +53,10 @@ static int elf_core_dump(struct coredump_params *cprm); +@@ -59,6 +60,10 @@ static int elf_core_dump(struct coredump_params *cprm); #define elf_core_dump NULL #endif @@ -43472,7 +47434,7 @@ index 0225fdd..0c0d35d 100644 #if ELF_EXEC_PAGESIZE > PAGE_SIZE #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE #else -@@ -71,6 +76,11 @@ static struct linux_binfmt elf_format = { +@@ -78,6 +83,11 @@ static struct linux_binfmt elf_format = { .load_binary = load_elf_binary, .load_shlib = load_elf_library, .core_dump = elf_core_dump, @@ -43484,7 +47446,7 @@ index 0225fdd..0c0d35d 100644 .min_coredump = ELF_EXEC_PAGESIZE, }; -@@ -78,6 +88,8 @@ static struct linux_binfmt elf_format = { +@@ -85,6 +95,8 @@ static struct linux_binfmt elf_format = { static int set_brk(unsigned long start, unsigned long end) { @@ -43493,7 +47455,7 @@ index 0225fdd..0c0d35d 100644 start = ELF_PAGEALIGN(start); end = ELF_PAGEALIGN(end); if (end > start) { -@@ -86,7 +98,7 @@ static int set_brk(unsigned long start, unsigned long end) +@@ -93,7 +105,7 @@ static int set_brk(unsigned long start, unsigned long end) if (BAD_ADDR(addr)) return addr; } @@ -43502,7 +47464,7 @@ index 0225fdd..0c0d35d 100644 return 0; } -@@ -147,12 +159,13 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, +@@ -154,12 +166,13 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, elf_addr_t __user *u_rand_bytes; const char *k_platform = ELF_PLATFORM; const char *k_base_platform = ELF_BASE_PLATFORM; @@ -43517,7 +47479,7 @@ index 0225fdd..0c0d35d 100644 /* * In some cases (e.g. Hyper-Threading), we want to avoid L1 -@@ -194,8 +207,12 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, +@@ -201,8 +214,12 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, * Generate 16 random bytes for userspace PRNG seeding. */ get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes)); @@ -43532,7 +47494,7 @@ index 0225fdd..0c0d35d 100644 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes))) return -EFAULT; -@@ -307,9 +324,11 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, +@@ -314,9 +331,11 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, return -EFAULT; current->mm->env_end = p; @@ -43545,7 +47507,7 @@ index 0225fdd..0c0d35d 100644 return -EFAULT; return 0; } -@@ -373,15 +392,14 @@ static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr) +@@ -380,15 +399,14 @@ static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr) an ELF header */ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, @@ -43564,7 +47526,7 @@ index 0225fdd..0c0d35d 100644 unsigned long total_size; int retval, i, size; -@@ -427,6 +445,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, +@@ -434,6 +452,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, goto out_close; } @@ -43576,7 +47538,7 @@ index 0225fdd..0c0d35d 100644 eppnt = elf_phdata; for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { if (eppnt->p_type == PT_LOAD) { -@@ -450,8 +473,6 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, +@@ -457,8 +480,6 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, map_addr = elf_map(interpreter, load_addr + vaddr, eppnt, elf_prot, elf_type, total_size); total_size = 0; @@ -43585,7 +47547,7 @@ index 0225fdd..0c0d35d 100644 error = map_addr; if (BAD_ADDR(map_addr)) goto out_close; -@@ -470,8 +491,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, +@@ -477,8 +498,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, k = load_addr + eppnt->p_vaddr; if (BAD_ADDR(k) || eppnt->p_filesz > eppnt->p_memsz || @@ -43596,7 +47558,7 @@ index 0225fdd..0c0d35d 100644 error = -ENOMEM; goto out_close; } -@@ -523,6 +544,315 @@ out: +@@ -530,6 +551,315 @@ out: return error; } @@ -43912,19 +47874,19 @@ index 0225fdd..0c0d35d 100644 /* * These are the functions used to load ELF style executables and shared * libraries. There is no binary dependent code anywhere else. -@@ -539,6 +869,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) +@@ -546,6 +876,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) { unsigned int random_variable = 0; +#ifdef CONFIG_PAX_RANDUSTACK -+ if (randomize_va_space) ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) + return stack_top - current->mm->delta_stack; +#endif + if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { random_variable = get_random_int() & STACK_RND_MASK; -@@ -557,7 +892,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -564,7 +899,7 @@ static int load_elf_binary(struct linux_binprm *bprm) unsigned long load_addr = 0, load_bias = 0; int load_addr_set = 0; char * elf_interpreter = NULL; @@ -43933,11 +47895,12 @@ index 0225fdd..0c0d35d 100644 struct elf_phdr *elf_ppnt, *elf_phdata; unsigned long elf_bss, elf_brk; int retval, i; -@@ -567,11 +902,11 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -574,12 +909,12 @@ static int load_elf_binary(struct linux_binprm *bprm) unsigned long start_code, end_code, start_data, end_data; unsigned long reloc_func_desc __maybe_unused = 0; int executable_stack = EXSTACK_DEFAULT; - unsigned long def_flags = 0; + struct pt_regs *regs = current_pt_regs(); struct { struct elfhdr elf_ex; struct elfhdr interp_elf_ex; @@ -43946,7 +47909,7 @@ index 0225fdd..0c0d35d 100644 loc = kmalloc(sizeof(*loc), GFP_KERNEL); if (!loc) { -@@ -707,11 +1042,81 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -715,11 +1050,82 @@ static int load_elf_binary(struct linux_binprm *bprm) goto out_free_dentry; /* OK, This is the point of no return */ @@ -43967,6 +47930,7 @@ index 0225fdd..0c0d35d 100644 +#ifdef CONFIG_PAX_ASLR + current->mm->delta_mmap = 0UL; + current->mm->delta_stack = 0UL; ++ current->mm->aslr_gap = 0UL; +#endif + + current->mm->def_flags = 0; @@ -44029,7 +47993,7 @@ index 0225fdd..0c0d35d 100644 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -802,6 +1207,20 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -810,6 +1216,20 @@ static int load_elf_binary(struct linux_binprm *bprm) #else load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif @@ -44050,7 +48014,7 @@ index 0225fdd..0c0d35d 100644 } error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -834,9 +1253,9 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -842,9 +1262,9 @@ static int load_elf_binary(struct linux_binprm *bprm) * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -44063,7 +48027,7 @@ index 0225fdd..0c0d35d 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -875,17 +1294,44 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) +@@ -883,17 +1303,44 @@ static int load_elf_binary(struct linux_binprm *bprm) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -44077,8 +48041,6 @@ index 0225fdd..0c0d35d 100644 + */ } -- if (elf_interpreter) { -- unsigned long uninitialized_var(interp_map_addr); +#ifdef CONFIG_PAX_RANDMMAP + if (current->mm->pax_flags & MF_PAX_RANDMMAP) { + unsigned long start, size; @@ -44091,7 +48053,7 @@ index 0225fdd..0c0d35d 100644 + unsigned long prot = PROT_NONE; + + up_read(¤t->mm->mmap_sem); -+ current->mm->brk_gap = PAGE_ALIGN(size) >> PAGE_SHIFT; ++ current->mm->aslr_gap += PAGE_ALIGN(size) >> PAGE_SHIFT; +// if (current->personality & ADDR_NO_RANDOMIZE) +// prot = PROT_READ; + start = vm_mmap(NULL, start, size, prot, MAP_ANONYMOUS | MAP_FIXED | MAP_PRIVATE, 0); @@ -44106,15 +48068,17 @@ index 0225fdd..0c0d35d 100644 + } + } +#endif - -+ if (elf_interpreter) { ++ + if (elf_interpreter) { +- unsigned long interp_map_addr = 0; +- elf_entry = load_elf_interp(&loc->interp_elf_ex, interpreter, - &interp_map_addr, load_bias); if (!IS_ERR((void *)elf_entry)) { /* -@@ -1107,7 +1553,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) +@@ -1115,7 +1562,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -44123,7 +48087,7 @@ index 0225fdd..0c0d35d 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1144,7 +1590,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1152,7 +1599,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -44132,7 +48096,7 @@ index 0225fdd..0c0d35d 100644 goto whole; /* -@@ -1366,9 +1812,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1374,9 +1821,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -44144,7 +48108,7 @@ index 0225fdd..0c0d35d 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -1879,14 +2325,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -2006,14 +2453,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -44157,11 +48121,11 @@ index 0225fdd..0c0d35d 100644 for (vma = first_vma(current, gate_vma); vma != NULL; vma = next_vma(vma, gate_vma)) - size += vma_dump_size(vma, mm_flags); -+ size += vma_dump_size(vma, cprm->mm_flags, cprm->signr); ++ size += vma_dump_size(vma, cprm->mm_flags, cprm->siginfo->si_signo); return size; } -@@ -1980,7 +2426,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2107,7 +2554,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -44170,7 +48134,7 @@ index 0225fdd..0c0d35d 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -1994,10 +2440,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2121,10 +2568,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -44183,16 +48147,16 @@ index 0225fdd..0c0d35d 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -2011,7 +2459,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2138,7 +2587,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; - phdr.p_filesz = vma_dump_size(vma, cprm->mm_flags); -+ phdr.p_filesz = vma_dump_size(vma, cprm->mm_flags, cprm->signr); ++ phdr.p_filesz = vma_dump_size(vma, cprm->mm_flags, cprm->siginfo->si_signo); phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2022,6 +2470,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2149,6 +2598,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -44200,16 +48164,16 @@ index 0225fdd..0c0d35d 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2046,7 +2495,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2173,7 +2623,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; - end = vma->vm_start + vma_dump_size(vma, cprm->mm_flags); -+ end = vma->vm_start + vma_dump_size(vma, cprm->mm_flags, cprm->signr); ++ end = vma->vm_start + vma_dump_size(vma, cprm->mm_flags, cprm->siginfo->si_signo); for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2055,6 +2504,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2182,6 +2632,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -44217,7 +48181,7 @@ index 0225fdd..0c0d35d 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2072,6 +2522,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2199,6 +2650,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -44225,7 +48189,7 @@ index 0225fdd..0c0d35d 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2092,6 +2543,97 @@ out: +@@ -2219,6 +2671,97 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -44324,7 +48288,7 @@ index 0225fdd..0c0d35d 100644 { register_binfmt(&elf_format); diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c -index 178cb70..8972997 100644 +index b563719..3868998 100644 --- a/fs/binfmt_flat.c +++ b/fs/binfmt_flat.c @@ -562,7 +562,9 @@ static int load_flat_file(struct linux_binprm * bprm, @@ -44360,10 +48324,10 @@ index 178cb70..8972997 100644 goto err; } diff --git a/fs/bio.c b/fs/bio.c -index 71072ab..439851b 100644 +index b96fc6c..431d628 100644 --- a/fs/bio.c +++ b/fs/bio.c -@@ -842,7 +842,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, +@@ -818,7 +818,7 @@ struct bio *bio_copy_user_iov(struct request_queue *q, /* * Overflow, abort */ @@ -44372,7 +48336,7 @@ index 71072ab..439851b 100644 return ERR_PTR(-EINVAL); nr_pages += end - start; -@@ -976,7 +976,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, +@@ -952,7 +952,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, /* * Overflow, abort */ @@ -44381,7 +48345,7 @@ index 71072ab..439851b 100644 return ERR_PTR(-EINVAL); nr_pages += end - start; -@@ -1238,7 +1238,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) +@@ -1214,7 +1214,7 @@ static void bio_copy_kern_endio(struct bio *bio, int err) const int read = bio_data_dir(bio) == READ; struct bio_map_data *bmd = bio->bi_private; int i; @@ -44391,10 +48355,10 @@ index 71072ab..439851b 100644 __bio_for_each_segment(bvec, bio, i, 0) { char *addr = page_address(bvec->bv_page); diff --git a/fs/block_dev.c b/fs/block_dev.c -index 2577cf4..96b2248 100644 +index 78333a3..23dcb4d 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c -@@ -704,7 +704,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole, +@@ -651,7 +651,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole, else if (bdev->bd_contains == bdev) return true; /* is a whole device which isn't held */ @@ -44403,24 +48367,11 @@ index 2577cf4..96b2248 100644 return true; /* is a partition of a device that is being partitioned */ else if (whole->bd_holder != NULL) return false; /* is a partition of a held device */ -diff --git a/fs/btrfs/check-integrity.c b/fs/btrfs/check-integrity.c -index 9197e2e..7f731f8 100644 ---- a/fs/btrfs/check-integrity.c -+++ b/fs/btrfs/check-integrity.c -@@ -155,7 +155,7 @@ struct btrfsic_block { - union { - bio_end_io_t *bio; - bh_end_io_t *bh; -- } orig_bio_bh_end_io; -+ } __no_const orig_bio_bh_end_io; - int submit_bio_bh_rw; - u64 flush_gen; /* only valid if !never_written */ - }; diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index 6d183f6..f47cc7a 100644 +index eea5da7..88fead70 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c -@@ -1037,9 +1037,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, +@@ -1033,9 +1033,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, free_extent_buffer(buf); add_root_to_dirty_list(root); } else { @@ -44437,10 +48388,10 @@ index 6d183f6..f47cc7a 100644 WARN_ON(trans->transid != btrfs_header_generation(parent)); diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index ec154f9..bf617a7 100644 +index cc93b23..f3c42bf 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c -@@ -7126,7 +7126,7 @@ fail: +@@ -7296,7 +7296,7 @@ fail: return -ENOMEM; } @@ -44449,7 +48400,7 @@ index ec154f9..bf617a7 100644 struct dentry *dentry, struct kstat *stat) { struct inode *inode = dentry->d_inode; -@@ -7140,6 +7140,14 @@ static int btrfs_getattr(struct vfsmount *mnt, +@@ -7310,6 +7310,14 @@ static int btrfs_getattr(struct vfsmount *mnt, return 0; } @@ -44465,10 +48416,10 @@ index ec154f9..bf617a7 100644 * If a file is moved, it will inherit the cow and compression flags of the new * directory. diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c -index 9df50fa..6cd20d0 100644 +index 338f259..b657640 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c -@@ -2942,9 +2942,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) +@@ -3033,9 +3033,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) for (i = 0; i < num_types; i++) { struct btrfs_space_info *tmp; @@ -44481,7 +48432,7 @@ index 9df50fa..6cd20d0 100644 info = NULL; rcu_read_lock(); list_for_each_entry_rcu(tmp, &root->fs_info->space_info, -@@ -2966,10 +2969,7 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) +@@ -3057,10 +3060,7 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) memcpy(dest, &space, sizeof(space)); dest++; space_args.total_spaces++; @@ -44493,7 +48444,7 @@ index 9df50fa..6cd20d0 100644 up_read(&info->groups_sem); } diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c -index 4da0865..01c4778 100644 +index 300e09a..9fe4539 100644 --- a/fs/btrfs/relocation.c +++ b/fs/btrfs/relocation.c @@ -1269,7 +1269,7 @@ static int __update_reloc_root(struct btrfs_root *root, int del) @@ -44505,6 +48456,19 @@ index 4da0865..01c4778 100644 if (!del) { spin_lock(&rc->reloc_root_tree.lock); +diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c +index d8982e9..29a85fa 100644 +--- a/fs/btrfs/super.c ++++ b/fs/btrfs/super.c +@@ -267,7 +267,7 @@ void __btrfs_abort_transaction(struct btrfs_trans_handle *trans, + function, line, errstr); + return; + } +- ACCESS_ONCE(trans->transaction->aborted) = errno; ++ ACCESS_ONCE_RW(trans->transaction->aborted) = errno; + __btrfs_std_error(root->fs_info, function, line, errno, NULL); + } + /* diff --git a/fs/cachefiles/bind.c b/fs/cachefiles/bind.c index 622f469..e8d2d55 100644 --- a/fs/cachefiles/bind.c @@ -44566,10 +48530,10 @@ index 0a1467b..6a53245 100644 cache->bstop_percent = bstop; diff --git a/fs/cachefiles/internal.h b/fs/cachefiles/internal.h -index bd6bc1b..b627b53 100644 +index 4938251..7e01445 100644 --- a/fs/cachefiles/internal.h +++ b/fs/cachefiles/internal.h -@@ -57,7 +57,7 @@ struct cachefiles_cache { +@@ -59,7 +59,7 @@ struct cachefiles_cache { wait_queue_head_t daemon_pollwq; /* poll waitqueue for daemon */ struct rb_root active_nodes; /* active nodes (can't be culled) */ rwlock_t active_lock; /* lock for active_nodes */ @@ -44578,7 +48542,7 @@ index bd6bc1b..b627b53 100644 unsigned frun_percent; /* when to stop culling (% files) */ unsigned fcull_percent; /* when to start culling (% files) */ unsigned fstop_percent; /* when to stop allocating (% files) */ -@@ -169,19 +169,19 @@ extern int cachefiles_check_in_use(struct cachefiles_cache *cache, +@@ -171,19 +171,19 @@ extern int cachefiles_check_in_use(struct cachefiles_cache *cache, * proc.c */ #ifdef CONFIG_CACHEFILES_HISTOGRAM @@ -44604,10 +48568,10 @@ index bd6bc1b..b627b53 100644 #else diff --git a/fs/cachefiles/namei.c b/fs/cachefiles/namei.c -index b0b5f7c..039bb26 100644 +index 8c01c5fc..15f982e 100644 --- a/fs/cachefiles/namei.c +++ b/fs/cachefiles/namei.c -@@ -318,7 +318,7 @@ try_again: +@@ -317,7 +317,7 @@ try_again: /* first step is to make up a grave dentry in the graveyard */ sprintf(nbuffer, "%08x%08x", (uint32_t) get_seconds(), @@ -44647,10 +48611,10 @@ index eccd339..4c1d995 100644 return 0; diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c -index c994691..2a1537f 100644 +index 4809922..aab2c39 100644 --- a/fs/cachefiles/rdwr.c +++ b/fs/cachefiles/rdwr.c -@@ -945,7 +945,7 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page) +@@ -965,7 +965,7 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page) old_fs = get_fs(); set_fs(KERNEL_DS); ret = file->f_op->write( @@ -44660,7 +48624,7 @@ index c994691..2a1537f 100644 kunmap(page); if (ret != len) diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c -index e5b7731..b9c59fb 100644 +index 8c1aabe..bbf856a 100644 --- a/fs/ceph/dir.c +++ b/fs/ceph/dir.c @@ -243,7 +243,7 @@ static int ceph_readdir(struct file *filp, void *dirent, filldir_t filldir) @@ -44717,10 +48681,10 @@ index d9ea6ed..1e6c8ac 100644 server->ops->print_stats(m, tcon); } diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c -index db8a404..c712e2e 100644 +index de7f916..6cb22a9 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c -@@ -1003,7 +1003,7 @@ cifs_init_request_bufs(void) +@@ -997,7 +997,7 @@ cifs_init_request_bufs(void) /* cERROR(1, "CIFSMaxBufSize %d 0x%x",CIFSMaxBufSize,CIFSMaxBufSize); */ cifs_req_cachep = kmem_cache_create("cifs_request", CIFSMaxBufSize + max_hdr_size, 0, @@ -44729,7 +48693,7 @@ index db8a404..c712e2e 100644 if (cifs_req_cachep == NULL) return -ENOMEM; -@@ -1030,7 +1030,7 @@ cifs_init_request_bufs(void) +@@ -1024,7 +1024,7 @@ cifs_init_request_bufs(void) efficient to alloc 1 per page off the slab compared to 17K (5page) alloc of large cifs buffers even when page debugging is on */ cifs_sm_req_cachep = kmem_cache_create("cifs_small_rq", @@ -44738,7 +48702,7 @@ index db8a404..c712e2e 100644 NULL); if (cifs_sm_req_cachep == NULL) { mempool_destroy(cifs_req_poolp); -@@ -1115,8 +1115,8 @@ init_cifs(void) +@@ -1109,8 +1109,8 @@ init_cifs(void) atomic_set(&bufAllocCount, 0); atomic_set(&smBufAllocCount, 0); #ifdef CONFIG_CIFS_STATS2 @@ -44750,10 +48714,10 @@ index db8a404..c712e2e 100644 atomic_set(&midCount, 0); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h -index 977dc0e..ba48ab9 100644 +index e6899ce..d6b2920 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h -@@ -590,35 +590,35 @@ struct cifs_tcon { +@@ -751,35 +751,35 @@ struct cifs_tcon { __u16 Flags; /* optional support bits */ enum statusEnum tidStatus; #ifdef CONFIG_CIFS_STATS @@ -44813,7 +48777,7 @@ index 977dc0e..ba48ab9 100644 } smb2_stats; #endif /* CONFIG_CIFS_SMB2 */ } stats; -@@ -862,7 +862,7 @@ build_path_to_root(struct smb_vol *vol, struct cifs_sb_info *cifs_sb, +@@ -1080,7 +1080,7 @@ convert_delimiter(char *path, char delim) } #ifdef CONFIG_CIFS_STATS @@ -44822,7 +48786,7 @@ index 977dc0e..ba48ab9 100644 static inline void cifs_stats_bytes_written(struct cifs_tcon *tcon, unsigned int bytes) -@@ -1227,8 +1227,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; +@@ -1445,8 +1445,8 @@ GLOBAL_EXTERN atomic_t tconInfoReconnectCount; /* Various Debug counters */ GLOBAL_EXTERN atomic_t bufAllocCount; /* current number allocated */ #ifdef CONFIG_CIFS_STATS2 @@ -44834,10 +48798,10 @@ index 977dc0e..ba48ab9 100644 GLOBAL_EXTERN atomic_t smBufAllocCount; GLOBAL_EXTERN atomic_t midCount; diff --git a/fs/cifs/link.c b/fs/cifs/link.c -index e6ce3b1..adc21fd 100644 +index 51dc2fb..1e12a33 100644 --- a/fs/cifs/link.c +++ b/fs/cifs/link.c -@@ -602,7 +602,7 @@ symlink_exit: +@@ -616,7 +616,7 @@ symlink_exit: void cifs_put_link(struct dentry *direntry, struct nameidata *nd, void *cookie) { @@ -44847,7 +48811,7 @@ index e6ce3b1..adc21fd 100644 kfree(p); } diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c -index ce41fee..ac0d27a 100644 +index 3a00c0d..42d901c 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -169,7 +169,7 @@ cifs_buf_get(void) @@ -44868,34 +48832,11 @@ index ce41fee..ac0d27a 100644 #endif /* CONFIG_CIFS_STATS2 */ } -diff --git a/fs/cifs/readdir.c b/fs/cifs/readdir.c -index d87f826..1bab9d4 100644 ---- a/fs/cifs/readdir.c -+++ b/fs/cifs/readdir.c -@@ -86,14 +86,17 @@ cifs_readdir_lookup(struct dentry *parent, struct qstr *name, - - dentry = d_lookup(parent, name); - if (dentry) { -+ int err; - inode = dentry->d_inode; - /* update inode in place if i_ino didn't change */ - if (inode && CIFS_I(inode)->uniqueid == fattr->cf_uniqueid) { - cifs_fattr_to_inode(inode, fattr); - return dentry; - } -- d_drop(dentry); -+ err = d_invalidate(dentry); - dput(dentry); -+ if (err) -+ return NULL; - } - - dentry = d_alloc(parent, name); diff --git a/fs/cifs/smb1ops.c b/fs/cifs/smb1ops.c -index 3129ac7..cc4a948 100644 +index 47bc5a8..10decbe 100644 --- a/fs/cifs/smb1ops.c +++ b/fs/cifs/smb1ops.c -@@ -524,27 +524,27 @@ static void +@@ -586,27 +586,27 @@ static void cifs_clear_stats(struct cifs_tcon *tcon) { #ifdef CONFIG_CIFS_STATS @@ -44944,7 +48885,7 @@ index 3129ac7..cc4a948 100644 #endif } -@@ -553,36 +553,36 @@ cifs_print_stats(struct seq_file *m, struct cifs_tcon *tcon) +@@ -615,36 +615,36 @@ cifs_print_stats(struct seq_file *m, struct cifs_tcon *tcon) { #ifdef CONFIG_CIFS_STATS seq_printf(m, " Oplocks breaks: %d", @@ -45001,10 +48942,10 @@ index 3129ac7..cc4a948 100644 } diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c -index 826209b..fa460f4 100644 +index c9c7aa7..065056a 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c -@@ -219,8 +219,8 @@ smb2_clear_stats(struct cifs_tcon *tcon) +@@ -274,8 +274,8 @@ smb2_clear_stats(struct cifs_tcon *tcon) #ifdef CONFIG_CIFS_STATS int i; for (i = 0; i < NUMBER_OF_SMB2_COMMANDS; i++) { @@ -45015,7 +48956,7 @@ index 826209b..fa460f4 100644 } #endif } -@@ -229,66 +229,66 @@ static void +@@ -284,66 +284,66 @@ static void smb2_print_stats(struct seq_file *m, struct cifs_tcon *tcon) { #ifdef CONFIG_CIFS_STATS @@ -45122,6 +49063,20 @@ index 826209b..fa460f4 100644 #endif } +diff --git a/fs/cifs/smb2pdu.c b/fs/cifs/smb2pdu.c +index 41d9d07..dbb4772 100644 +--- a/fs/cifs/smb2pdu.c ++++ b/fs/cifs/smb2pdu.c +@@ -1761,8 +1761,7 @@ SMB2_query_directory(const unsigned int xid, struct cifs_tcon *tcon, + default: + cERROR(1, "info level %u isn't supported", + srch_inf->info_level); +- rc = -EINVAL; +- goto qdir_exit; ++ return -EINVAL; + } + + req->FileIndex = cpu_to_le32(index); diff --git a/fs/coda/cache.c b/fs/coda/cache.c index 958ae0e..505c9d0 100644 --- a/fs/coda/cache.c @@ -45171,9 +49126,18 @@ index 958ae0e..505c9d0 100644 return hit; diff --git a/fs/compat.c b/fs/compat.c -index 1bdb350..9f28287 100644 +index 015e1e1..b8966ac 100644 --- a/fs/compat.c +++ b/fs/compat.c +@@ -54,7 +54,7 @@ + #include <asm/ioctls.h> + #include "internal.h" + +-int compat_log = 1; ++int compat_log = 0; + + int compat_printk(const char *fmt, ...) + { @@ -490,7 +490,7 @@ compat_sys_io_setup(unsigned nr_reqs, u32 __user *ctx32p) set_fs(KERNEL_DS); @@ -45211,15 +49175,15 @@ index 1bdb350..9f28287 100644 buf->result++; dirent = buf->dirent; if (!access_ok(VERIFY_WRITE, dirent, -@@ -880,6 +885,7 @@ asmlinkage long compat_sys_old_readdir(unsigned int fd, +@@ -878,6 +883,7 @@ asmlinkage long compat_sys_old_readdir(unsigned int fd, buf.result = 0; buf.dirent = dirent; -+ buf.file = file; ++ buf.file = f.file; - error = vfs_readdir(file, compat_fillonedir, &buf); + error = vfs_readdir(f.file, compat_fillonedir, &buf); if (buf.result) -@@ -899,6 +905,7 @@ struct compat_linux_dirent { +@@ -897,6 +903,7 @@ struct compat_linux_dirent { struct compat_getdents_callback { struct compat_linux_dirent __user *current_dir; struct compat_linux_dirent __user *previous; @@ -45227,7 +49191,7 @@ index 1bdb350..9f28287 100644 int count; int error; }; -@@ -920,6 +927,10 @@ static int compat_filldir(void *__buf, const char *name, int namlen, +@@ -918,6 +925,10 @@ static int compat_filldir(void *__buf, const char *name, int namlen, buf->error = -EOVERFLOW; return -EOVERFLOW; } @@ -45238,15 +49202,15 @@ index 1bdb350..9f28287 100644 dirent = buf->previous; if (dirent) { if (__put_user(offset, &dirent->d_off)) -@@ -966,6 +977,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd, +@@ -963,6 +974,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd, buf.previous = NULL; buf.count = count; buf.error = 0; -+ buf.file = file; ++ buf.file = f.file; - error = vfs_readdir(file, compat_filldir, &buf); + error = vfs_readdir(f.file, compat_filldir, &buf); if (error >= 0) -@@ -986,6 +998,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd, +@@ -983,6 +995,7 @@ asmlinkage long compat_sys_getdents(unsigned int fd, struct compat_getdents_callback64 { struct linux_dirent64 __user *current_dir; struct linux_dirent64 __user *previous; @@ -45254,7 +49218,7 @@ index 1bdb350..9f28287 100644 int count; int error; }; -@@ -1002,6 +1015,10 @@ static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t +@@ -999,6 +1012,10 @@ static int compat_filldir64(void * __buf, const char * name, int namlen, loff_t buf->error = -EINVAL; /* only used if we fail.. */ if (reclen > buf->count) return -EINVAL; @@ -45265,24 +49229,24 @@ index 1bdb350..9f28287 100644 dirent = buf->previous; if (dirent) { -@@ -1052,13 +1069,14 @@ asmlinkage long compat_sys_getdents64(unsigned int fd, +@@ -1048,13 +1065,14 @@ asmlinkage long compat_sys_getdents64(unsigned int fd, buf.previous = NULL; buf.count = count; buf.error = 0; -+ buf.file = file; ++ buf.file = f.file; - error = vfs_readdir(file, compat_filldir64, &buf); + error = vfs_readdir(f.file, compat_filldir64, &buf); if (error >= 0) error = buf.error; lastdirent = buf.previous; if (lastdirent) { -- typeof(lastdirent->d_off) d_off = file->f_pos; -+ typeof(((struct linux_dirent64 *)0)->d_off) d_off = file->f_pos; +- typeof(lastdirent->d_off) d_off = f.file->f_pos; ++ typeof(((struct linux_dirent64 *)0)->d_off) d_off = f.file->f_pos; if (__put_user_unaligned(d_off, &lastdirent->d_off)) error = -EFAULT; else diff --git a/fs/compat_binfmt_elf.c b/fs/compat_binfmt_elf.c -index 112e45a..b59845b 100644 +index a81147e..20bf2b5 100644 --- a/fs/compat_binfmt_elf.c +++ b/fs/compat_binfmt_elf.c @@ -30,11 +30,13 @@ @@ -45300,7 +49264,7 @@ index 112e45a..b59845b 100644 /* diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c -index 5d2069f..75d31d4 100644 +index e2f57a0..3c78771 100644 --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c @@ -623,7 +623,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd, @@ -45321,7 +49285,7 @@ index 5d2069f..75d31d4 100644 return -EFAULT; return ioctl_preallocate(file, p); -@@ -1612,8 +1612,8 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd, +@@ -1620,8 +1620,8 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd, static int __init init_sys32_ioctl_cmp(const void *p, const void *q) { unsigned int a, b; @@ -45333,10 +49297,24 @@ index 5d2069f..75d31d4 100644 return 1; if (a < b) diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c -index 7414ae2..d98ad6d 100644 +index 712b10f..c33c4ca 100644 --- a/fs/configfs/dir.c +++ b/fs/configfs/dir.c -@@ -1564,7 +1564,8 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir +@@ -1037,10 +1037,11 @@ static int configfs_dump(struct configfs_dirent *sd, int level) + static int configfs_depend_prep(struct dentry *origin, + struct config_item *target) + { +- struct configfs_dirent *child_sd, *sd = origin->d_fsdata; ++ struct configfs_dirent *child_sd, *sd; + int ret = 0; + +- BUG_ON(!origin || !sd); ++ BUG_ON(!origin || !origin->d_fsdata); ++ sd = origin->d_fsdata; + + if (sd->s_element == target) /* Boo-yah */ + goto out; +@@ -1564,7 +1565,8 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir } for (p=q->next; p!= &parent_sd->s_children; p=p->next) { struct configfs_dirent *next; @@ -45346,7 +49324,7 @@ index 7414ae2..d98ad6d 100644 int len; struct inode *inode = NULL; -@@ -1574,7 +1575,12 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir +@@ -1574,7 +1576,12 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir continue; name = configfs_get_name(next); @@ -45360,11 +49338,132 @@ index 7414ae2..d98ad6d 100644 /* * We'll have a dentry and an inode for +diff --git a/fs/coredump.c b/fs/coredump.c +index 1774932..5812106 100644 +--- a/fs/coredump.c ++++ b/fs/coredump.c +@@ -52,7 +52,7 @@ struct core_name { + char *corename; + int used, size; + }; +-static atomic_t call_count = ATOMIC_INIT(1); ++static atomic_unchecked_t call_count = ATOMIC_INIT(1); + + /* The maximal length of core_pattern is also specified in sysctl.c */ + +@@ -60,7 +60,7 @@ static int expand_corename(struct core_name *cn) + { + char *old_corename = cn->corename; + +- cn->size = CORENAME_MAX_SIZE * atomic_inc_return(&call_count); ++ cn->size = CORENAME_MAX_SIZE * atomic_inc_return_unchecked(&call_count); + cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL); + + if (!cn->corename) { +@@ -157,7 +157,7 @@ static int format_corename(struct core_name *cn, struct coredump_params *cprm) + int pid_in_pattern = 0; + int err = 0; + +- cn->size = CORENAME_MAX_SIZE * atomic_read(&call_count); ++ cn->size = CORENAME_MAX_SIZE * atomic_read_unchecked(&call_count); + cn->corename = kmalloc(cn->size, GFP_KERNEL); + cn->used = 0; + +@@ -414,17 +414,17 @@ static void wait_for_dump_helpers(struct file *file) + pipe = file->f_path.dentry->d_inode->i_pipe; + + pipe_lock(pipe); +- pipe->readers++; +- pipe->writers--; ++ atomic_inc(&pipe->readers); ++ atomic_dec(&pipe->writers); + +- while ((pipe->readers > 1) && (!signal_pending(current))) { ++ while ((atomic_read(&pipe->readers) > 1) && (!signal_pending(current))) { + wake_up_interruptible_sync(&pipe->wait); + kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); + pipe_wait(pipe); + } + +- pipe->readers--; +- pipe->writers++; ++ atomic_dec(&pipe->readers); ++ atomic_inc(&pipe->writers); + pipe_unlock(pipe); + + } +@@ -471,7 +471,8 @@ void do_coredump(siginfo_t *siginfo) + int ispipe; + struct files_struct *displaced; + bool need_nonrelative = false; +- static atomic_t core_dump_count = ATOMIC_INIT(0); ++ static atomic_unchecked_t core_dump_count = ATOMIC_INIT(0); ++ long signr = siginfo->si_signo; + struct coredump_params cprm = { + .siginfo = siginfo, + .regs = signal_pt_regs(), +@@ -484,7 +485,10 @@ void do_coredump(siginfo_t *siginfo) + .mm_flags = mm->flags, + }; + +- audit_core_dumps(siginfo->si_signo); ++ audit_core_dumps(signr); ++ ++ if (signr == SIGSEGV || signr == SIGBUS || signr == SIGKILL || signr == SIGILL) ++ gr_handle_brute_attach(cprm.mm_flags); + + binfmt = mm->binfmt; + if (!binfmt || !binfmt->core_dump) +@@ -508,7 +512,7 @@ void do_coredump(siginfo_t *siginfo) + need_nonrelative = true; + } + +- retval = coredump_wait(siginfo->si_signo, &core_state); ++ retval = coredump_wait(signr, &core_state); + if (retval < 0) + goto fail_creds; + +@@ -556,7 +560,7 @@ void do_coredump(siginfo_t *siginfo) + } + cprm.limit = RLIM_INFINITY; + +- dump_count = atomic_inc_return(&core_dump_count); ++ dump_count = atomic_inc_return_unchecked(&core_dump_count); + if (core_pipe_limit && (core_pipe_limit < dump_count)) { + printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", + task_tgid_vnr(current), current->comm); +@@ -583,6 +587,8 @@ void do_coredump(siginfo_t *siginfo) + } else { + struct inode *inode; + ++ gr_learn_resource(current, RLIMIT_CORE, binfmt->min_coredump, 1); ++ + if (cprm.limit < binfmt->min_coredump) + goto fail_unlock; + +@@ -640,7 +646,7 @@ close_fail: + filp_close(cprm.file, NULL); + fail_dropcount: + if (ispipe) +- atomic_dec(&core_dump_count); ++ atomic_dec_unchecked(&core_dump_count); + fail_unlock: + kfree(cn.corename); + fail_corename: +@@ -659,7 +665,7 @@ fail: + */ + int dump_write(struct file *file, const void *addr, int nr) + { +- return access_ok(VERIFY_READ, addr, nr) && file->f_op->write(file, addr, nr, &file->f_pos) == nr; ++ return access_ok(VERIFY_READ, addr, nr) && file->f_op->write(file, (const char __force_user *)addr, nr, &file->f_pos) == nr; + } + EXPORT_SYMBOL(dump_write); + diff --git a/fs/dcache.c b/fs/dcache.c -index 693f95b..95f1223 100644 +index 19153a0..428c2f5 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -3164,7 +3164,7 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3133,7 +3133,7 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -45374,10 +49473,10 @@ index 693f95b..95f1223 100644 dcache_init(); inode_init(); diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c -index 4733eab..71ef6fa 100644 +index a5f12b7..4ee8a6f 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c -@@ -406,7 +406,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); +@@ -415,7 +415,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); */ struct dentry *debugfs_create_dir(const char *name, struct dentry *parent) { @@ -45447,15 +49546,17 @@ index b2a34a1..162fa69 100644 return rc; } diff --git a/fs/exec.c b/fs/exec.c -index 59896ae..03bc1d7 100644 +index 20df02c..81c9e78 100644 --- a/fs/exec.c +++ b/fs/exec.c -@@ -55,6 +55,15 @@ +@@ -55,6 +55,17 @@ #include <linux/pipe_fs_i.h> #include <linux/oom.h> #include <linux/compat.h> +#include <linux/random.h> +#include <linux/seq_file.h> ++#include <linux/coredump.h> ++#include <linux/mman.h> + +#ifdef CONFIG_PAX_REFCOUNT +#include <linux/kallsyms.h> @@ -45466,7 +49567,7 @@ index 59896ae..03bc1d7 100644 #include <asm/uaccess.h> #include <asm/mmu_context.h> -@@ -66,6 +75,18 @@ +@@ -66,6 +77,18 @@ #include <trace/events/sched.h> @@ -45482,19 +49583,30 @@ index 59896ae..03bc1d7 100644 +EXPORT_SYMBOL(pax_set_initial_flags_func); +#endif + - int core_uses_pid; - char core_pattern[CORENAME_MAX_SIZE] = "core"; - unsigned int core_pipe_limit; -@@ -75,7 +96,7 @@ struct core_name { - char *corename; - int used, size; - }; --static atomic_t call_count = ATOMIC_INIT(1); -+static atomic_unchecked_t call_count = ATOMIC_INIT(1); + int suid_dumpable = 0; - /* The maximal length of core_pattern is also specified in sysctl.c */ + static LIST_HEAD(formats); +@@ -75,8 +98,8 @@ void __register_binfmt(struct linux_binfmt * fmt, int insert) + { + BUG_ON(!fmt); + write_lock(&binfmt_lock); +- insert ? list_add(&fmt->lh, &formats) : +- list_add_tail(&fmt->lh, &formats); ++ insert ? pax_list_add((struct list_head *)&fmt->lh, &formats) : ++ pax_list_add_tail((struct list_head *)&fmt->lh, &formats); + write_unlock(&binfmt_lock); + } + +@@ -85,7 +108,7 @@ EXPORT_SYMBOL(__register_binfmt); + void unregister_binfmt(struct linux_binfmt * fmt) + { + write_lock(&binfmt_lock); +- list_del(&fmt->lh); ++ pax_list_del((struct list_head *)&fmt->lh); + write_unlock(&binfmt_lock); + } -@@ -191,18 +212,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -180,18 +203,10 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, int write) { struct page *page; @@ -45516,15 +49628,15 @@ index 59896ae..03bc1d7 100644 return NULL; if (write) { -@@ -218,6 +231,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, +@@ -207,6 +222,17 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos, if (size <= ARG_MAX) return page; +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP + // only allow 512KB for argv+env on suid/sgid binaries + // to prevent easy ASLR exhaustion -+ if (((bprm->cred->euid != current_euid()) || -+ (bprm->cred->egid != current_egid())) && ++ if (((!uid_eq(bprm->cred->euid, current_euid())) || ++ (!gid_eq(bprm->cred->egid, current_egid()))) && + (size > (512 * 1024))) { + put_page(page); + return NULL; @@ -45534,7 +49646,7 @@ index 59896ae..03bc1d7 100644 /* * Limit to 1/4-th the stack size for the argv+env strings. * This ensures that: -@@ -277,6 +301,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -266,6 +292,11 @@ static int __bprm_mm_init(struct linux_binprm *bprm) vma->vm_end = STACK_TOP_MAX; vma->vm_start = vma->vm_end - PAGE_SIZE; vma->vm_flags = VM_STACK_FLAGS | VM_STACK_INCOMPLETE_SETUP; @@ -45546,7 +49658,7 @@ index 59896ae..03bc1d7 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); INIT_LIST_HEAD(&vma->anon_vma_chain); -@@ -287,6 +316,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) +@@ -276,6 +307,12 @@ static int __bprm_mm_init(struct linux_binprm *bprm) mm->stack_vm = mm->total_vm = 1; up_write(&mm->mmap_sem); bprm->p = vma->vm_end - sizeof(void *); @@ -45559,7 +49671,7 @@ index 59896ae..03bc1d7 100644 return 0; err: up_write(&mm->mmap_sem); -@@ -395,19 +430,7 @@ err: +@@ -384,19 +421,7 @@ err: return err; } @@ -45570,7 +49682,7 @@ index 59896ae..03bc1d7 100644 - union { - const char __user *const __user *native; -#ifdef CONFIG_COMPAT -- compat_uptr_t __user *compat; +- const compat_uptr_t __user *compat; -#endif - } ptr; -}; @@ -45580,7 +49692,7 @@ index 59896ae..03bc1d7 100644 { const char __user *native; -@@ -416,14 +439,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) +@@ -405,14 +430,14 @@ static const char __user *get_user_arg_ptr(struct user_arg_ptr argv, int nr) compat_uptr_t compat; if (get_user(compat, argv.ptr.compat + nr)) @@ -45597,7 +49709,7 @@ index 59896ae..03bc1d7 100644 return native; } -@@ -442,7 +465,7 @@ static int count(struct user_arg_ptr argv, int max) +@@ -431,7 +456,7 @@ static int count(struct user_arg_ptr argv, int max) if (!p) break; @@ -45605,8 +49717,8 @@ index 59896ae..03bc1d7 100644 + if (IS_ERR((const char __force_kernel *)p)) return -EFAULT; - if (i++ >= max) -@@ -476,7 +499,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, + if (i >= max) +@@ -466,7 +491,7 @@ static int copy_strings(int argc, struct user_arg_ptr argv, ret = -EFAULT; str = get_user_arg_ptr(argv, argc); @@ -45615,7 +49727,7 @@ index 59896ae..03bc1d7 100644 goto out; len = strnlen_user(str, MAX_ARG_STRLEN); -@@ -558,7 +581,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, +@@ -548,7 +573,7 @@ int copy_strings_kernel(int argc, const char *const *__argv, int r; mm_segment_t oldfs = get_fs(); struct user_arg_ptr argv = { @@ -45624,7 +49736,7 @@ index 59896ae..03bc1d7 100644 }; set_fs(KERNEL_DS); -@@ -593,7 +616,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -583,7 +608,8 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) unsigned long new_end = old_end - shift; struct mmu_gather tlb; @@ -45634,7 +49746,7 @@ index 59896ae..03bc1d7 100644 /* * ensure there are no vmas between where we want to go -@@ -602,6 +626,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) +@@ -592,6 +618,10 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) if (vma != find_vma(mm, new_start)) return -EFAULT; @@ -45645,7 +49757,7 @@ index 59896ae..03bc1d7 100644 /* * cover the whole range: [new_start, old_end) */ -@@ -682,10 +710,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -672,10 +702,6 @@ int setup_arg_pages(struct linux_binprm *bprm, stack_top = arch_align_stack(stack_top); stack_top = PAGE_ALIGN(stack_top); @@ -45656,7 +49768,7 @@ index 59896ae..03bc1d7 100644 stack_shift = vma->vm_end - stack_top; bprm->p -= stack_shift; -@@ -697,8 +721,28 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -687,8 +713,28 @@ int setup_arg_pages(struct linux_binprm *bprm, bprm->exec -= stack_shift; down_write(&mm->mmap_sem); @@ -45685,7 +49797,7 @@ index 59896ae..03bc1d7 100644 /* * Adjust stack execute permissions; explicitly enable for * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone -@@ -717,13 +761,6 @@ int setup_arg_pages(struct linux_binprm *bprm, +@@ -707,13 +753,6 @@ int setup_arg_pages(struct linux_binprm *bprm, goto out_unlock; BUG_ON(prev != vma); @@ -45699,7 +49811,38 @@ index 59896ae..03bc1d7 100644 /* mprotect_fixup is overkill to remove the temporary stack flags */ vma->vm_flags &= ~VM_STACK_INCOMPLETE_SETUP; -@@ -781,6 +818,8 @@ struct file *open_exec(const char *name) +@@ -737,6 +776,30 @@ int setup_arg_pages(struct linux_binprm *bprm, + #endif + current->mm->start_stack = bprm->p; + ret = expand_stack(vma, stack_base); ++ ++#if !defined(CONFIG_STACK_GROWSUP) && defined(CONFIG_PAX_ASLR) ++ if (!ret && (mm->pax_flags & MF_PAX_RANDMMAP) && STACK_TOP <= 0xFFFFFFFFU && STACK_TOP > vma->vm_end) { ++ unsigned long size, flags, vm_flags; ++ ++ size = STACK_TOP - vma->vm_end; ++ flags = MAP_FIXED | MAP_PRIVATE; ++ vm_flags = VM_NONE | VM_DONTEXPAND | VM_DONTDUMP; ++ ++ ret = vma->vm_end != mmap_region(NULL, vma->vm_end, size, flags, vm_flags, 0); ++ ++#ifdef CONFIG_X86 ++ if (!ret) { ++ current->mm->aslr_gap += size >> PAGE_SHIFT; ++ size = mmap_min_addr + ((mm->delta_mmap ^ mm->delta_stack) & (0xFFUL << PAGE_SHIFT)); ++ ret = 0 != mmap_region(NULL, 0, size, flags, vm_flags, 0); ++ if (!ret) ++ current->mm->aslr_gap += size >> PAGE_SHIFT; ++ } ++#endif ++ ++ } ++#endif ++ + if (ret) + ret = -EFAULT; + +@@ -772,6 +835,8 @@ struct file *open_exec(const char *name) fsnotify_open(file); @@ -45708,7 +49851,7 @@ index 59896ae..03bc1d7 100644 err = deny_write_access(file); if (err) goto exit; -@@ -804,7 +843,7 @@ int kernel_read(struct file *file, loff_t offset, +@@ -795,7 +860,7 @@ int kernel_read(struct file *file, loff_t offset, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -45717,7 +49860,7 @@ index 59896ae..03bc1d7 100644 set_fs(old_fs); return result; } -@@ -1273,7 +1312,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) +@@ -1247,7 +1312,7 @@ static int check_unsafe_exec(struct linux_binprm *bprm) } rcu_read_unlock(); @@ -45726,7 +49869,7 @@ index 59896ae..03bc1d7 100644 bprm->unsafe |= LSM_UNSAFE_SHARE; } else { res = -EAGAIN; -@@ -1476,6 +1515,28 @@ int search_binary_handler(struct linux_binprm *bprm,struct pt_regs *regs) +@@ -1447,6 +1512,28 @@ int search_binary_handler(struct linux_binprm *bprm) EXPORT_SYMBOL(search_binary_handler); @@ -45755,9 +49898,9 @@ index 59896ae..03bc1d7 100644 /* * sys_execve() executes a new program. */ -@@ -1484,6 +1545,11 @@ static int do_execve_common(const char *filename, - struct user_arg_ptr envp, - struct pt_regs *regs) +@@ -1454,6 +1541,11 @@ static int do_execve_common(const char *filename, + struct user_arg_ptr argv, + struct user_arg_ptr envp) { +#ifdef CONFIG_GRKERNSEC + struct file *old_exec_file; @@ -45767,7 +49910,7 @@ index 59896ae..03bc1d7 100644 struct linux_binprm *bprm; struct file *file; struct files_struct *displaced; -@@ -1491,6 +1557,8 @@ static int do_execve_common(const char *filename, +@@ -1461,6 +1553,8 @@ static int do_execve_common(const char *filename, int retval; const struct cred *cred = current_cred(); @@ -45776,7 +49919,7 @@ index 59896ae..03bc1d7 100644 /* * We move the actual failure in case of RLIMIT_NPROC excess from * set*uid() to execve() because too many poorly written programs -@@ -1531,12 +1599,27 @@ static int do_execve_common(const char *filename, +@@ -1501,12 +1595,27 @@ static int do_execve_common(const char *filename, if (IS_ERR(file)) goto out_unmark; @@ -45804,7 +49947,7 @@ index 59896ae..03bc1d7 100644 retval = bprm_mm_init(bprm); if (retval) goto out_file; -@@ -1553,24 +1636,65 @@ static int do_execve_common(const char *filename, +@@ -1523,24 +1632,65 @@ static int do_execve_common(const char *filename, if (retval < 0) goto out; @@ -45817,9 +49960,9 @@ index 59896ae..03bc1d7 100644 +#endif +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP + /* limit suid stack to 8MB -+ we saved the old limits above and will restore them if this exec fails -+ */ -+ if (((bprm->cred->euid != current_euid()) || (bprm->cred->egid != current_egid())) && ++ * we saved the old limits above and will restore them if this exec fails ++ */ ++ if (((!uid_eq(bprm->cred->euid, current_euid())) || (!gid_eq(bprm->cred->egid, current_egid()))) && + (old_rlim[RLIMIT_STACK].rlim_cur > (8 * 1024 * 1024))) + current->signal->rlim[RLIMIT_STACK].rlim_cur = 8 * 1024 * 1024; +#endif @@ -45859,7 +50002,7 @@ index 59896ae..03bc1d7 100644 + + gr_handle_exec_args(bprm, argv); - retval = search_binary_handler(bprm,regs); + retval = search_binary_handler(bprm); if (retval < 0) - goto out; + goto out_fail; @@ -45874,7 +50017,7 @@ index 59896ae..03bc1d7 100644 current->fs->in_exec = 0; current->in_execve = 0; acct_update_integrals(current); -@@ -1579,6 +1703,14 @@ static int do_execve_common(const char *filename, +@@ -1549,6 +1699,14 @@ static int do_execve_common(const char *filename, put_files_struct(displaced); return retval; @@ -45889,28 +50032,11 @@ index 59896ae..03bc1d7 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1652,7 +1784,7 @@ static int expand_corename(struct core_name *cn) - { - char *old_corename = cn->corename; - -- cn->size = CORENAME_MAX_SIZE * atomic_inc_return(&call_count); -+ cn->size = CORENAME_MAX_SIZE * atomic_inc_return_unchecked(&call_count); - cn->corename = krealloc(old_corename, cn->size, GFP_KERNEL); - - if (!cn->corename) { -@@ -1749,7 +1881,7 @@ static int format_corename(struct core_name *cn, long signr) - int pid_in_pattern = 0; - int err = 0; - -- cn->size = CORENAME_MAX_SIZE * atomic_read(&call_count); -+ cn->size = CORENAME_MAX_SIZE * atomic_read_unchecked(&call_count); - cn->corename = kmalloc(cn->size, GFP_KERNEL); - cn->used = 0; - -@@ -1846,6 +1978,250 @@ out: - return ispipe; +@@ -1697,3 +1855,253 @@ asmlinkage long compat_sys_execve(const char __user * filename, + return error; } - + #endif ++ +int pax_check_flags(unsigned long *flags) +{ + int retval = 0; @@ -45919,7 +50045,7 @@ index 59896ae..03bc1d7 100644 + if (*flags & MF_PAX_SEGMEXEC) + { + *flags &= ~MF_PAX_SEGMEXEC; -+ retval = -EINVAL; ++ retval = -EINVAL; + } +#endif + @@ -45944,7 +50070,7 @@ index 59896ae..03bc1d7 100644 + ) + { + *flags &= ~MF_PAX_MPROTECT; -+ retval = -EINVAL; ++ retval = -EINVAL; + } + + if ((*flags & MF_PAX_EMUTRAMP) @@ -45974,6 +50100,7 @@ index 59896ae..03bc1d7 100644 + char *path_exec = NULL; + char *path_fault = NULL; + unsigned long start = 0UL, end = 0UL, offset = 0UL; ++ siginfo_t info = { }; + + if (buffer_exec && buffer_fault) { + struct vm_area_struct *vma, *vma_exec = NULL, *vma_fault = NULL; @@ -45981,7 +50108,7 @@ index 59896ae..03bc1d7 100644 + down_read(&mm->mmap_sem); + vma = mm->mmap; + while (vma && (!vma_exec || !vma_fault)) { -+ if ((vma->vm_flags & VM_EXECUTABLE) && vma->vm_file) ++ if (vma->vm_file && mm->exe_file == vma->vm_file && (vma->vm_flags & VM_EXEC)) + vma_exec = vma; + if (vma->vm_start <= (unsigned long)pc && (unsigned long)pc < vma->vm_end) + vma_fault = vma; @@ -46025,13 +50152,17 @@ index 59896ae..03bc1d7 100644 + printk(KERN_ERR "PAX: From %pI4: execution attempt in: %s, %08lx-%08lx %08lx\n", &tsk->signal->curr_ip, path_fault, start, end, offset); + else + printk(KERN_ERR "PAX: execution attempt in: %s, %08lx-%08lx %08lx\n", path_fault, start, end, offset); -+ printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, " -+ "PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk), -+ task_uid(tsk), task_euid(tsk), pc, sp); ++ printk(KERN_ERR "PAX: terminating task: %s(%s):%d, uid/euid: %u/%u, PC: %p, SP: %p\n", path_exec, tsk->comm, task_pid_nr(tsk), ++ from_kuid(&init_user_ns, task_uid(tsk)), from_kuid(&init_user_ns, task_euid(tsk)), pc, sp); + free_page((unsigned long)buffer_exec); + free_page((unsigned long)buffer_fault); + pax_report_insns(regs, pc, sp); -+ do_coredump(SIGKILL, SIGKILL, regs); ++ info.si_signo = SIGKILL; ++ info.si_errno = 0; ++ info.si_code = SI_KERNEL; ++ info.si_pid = 0; ++ info.si_uid = 0; ++ do_coredump(&info); +} +#endif + @@ -46040,10 +50171,11 @@ index 59896ae..03bc1d7 100644 +{ + if (current->signal->curr_ip) + printk(KERN_ERR "PAX: From %pI4: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", -+ ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid()); ++ ¤t->signal->curr_ip, current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid())); + else -+ printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", -+ current->comm, task_pid_nr(current), current_uid(), current_euid()); ++ printk(KERN_ERR "PAX: refcount overflow detected in: %s:%d, uid/euid: %u/%u\n", current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid())); + print_symbol(KERN_ERR "PAX: refcount overflow occured at: %s\n", instruction_pointer(regs)); + show_regs(regs); + force_sig_info(SIGKILL, SEND_SIG_FORCED, current); @@ -46112,7 +50244,7 @@ index 59896ae..03bc1d7 100644 +} +#endif + -+void check_object_size(const void *ptr, unsigned long n, bool to) ++void __check_object_size(const void *ptr, unsigned long n, bool to) +{ + +#ifdef CONFIG_PAX_USERCOPY @@ -46121,7 +50253,7 @@ index 59896ae..03bc1d7 100644 + if (!n) + return; + -+ type = check_heap_object(ptr, n, to); ++ type = check_heap_object(ptr, n); + if (!type) { + if (check_stack_object(ptr, n) != -1) + return; @@ -46132,7 +50264,7 @@ index 59896ae..03bc1d7 100644 +#endif + +} -+EXPORT_SYMBOL(check_object_size); ++EXPORT_SYMBOL(__check_object_size); + +#ifdef CONFIG_PAX_MEMORY_STACKLEAK +void pax_track_stack(void) @@ -46154,90 +50286,8 @@ index 59896ae..03bc1d7 100644 +} +EXPORT_SYMBOL(report_size_overflow); +#endif -+ - static int zap_process(struct task_struct *start, int exit_code) - { - struct task_struct *t; -@@ -2056,17 +2432,17 @@ static void wait_for_dump_helpers(struct file *file) - pipe = file->f_path.dentry->d_inode->i_pipe; - - pipe_lock(pipe); -- pipe->readers++; -- pipe->writers--; -+ atomic_inc(&pipe->readers); -+ atomic_dec(&pipe->writers); - -- while ((pipe->readers > 1) && (!signal_pending(current))) { -+ while ((atomic_read(&pipe->readers) > 1) && (!signal_pending(current))) { - wake_up_interruptible_sync(&pipe->wait); - kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); - pipe_wait(pipe); - } - -- pipe->readers--; -- pipe->writers++; -+ atomic_dec(&pipe->readers); -+ atomic_inc(&pipe->writers); - pipe_unlock(pipe); - - } -@@ -2121,7 +2497,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) - int flag = 0; - int ispipe; - bool need_nonrelative = false; -- static atomic_t core_dump_count = ATOMIC_INIT(0); -+ static atomic_unchecked_t core_dump_count = ATOMIC_INIT(0); - struct coredump_params cprm = { - .signr = signr, - .regs = regs, -@@ -2136,6 +2512,9 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) - - audit_core_dumps(signr); - -+ if (signr == SIGSEGV || signr == SIGBUS || signr == SIGKILL || signr == SIGILL) -+ gr_handle_brute_attach(cprm.mm_flags); -+ - binfmt = mm->binfmt; - if (!binfmt || !binfmt->core_dump) - goto fail; -@@ -2206,7 +2585,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) - } - cprm.limit = RLIM_INFINITY; - -- dump_count = atomic_inc_return(&core_dump_count); -+ dump_count = atomic_inc_return_unchecked(&core_dump_count); - if (core_pipe_limit && (core_pipe_limit < dump_count)) { - printk(KERN_WARNING "Pid %d(%s) over core_pipe_limit\n", - task_tgid_vnr(current), current->comm); -@@ -2233,6 +2612,8 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) - } else { - struct inode *inode; - -+ gr_learn_resource(current, RLIMIT_CORE, binfmt->min_coredump, 1); -+ - if (cprm.limit < binfmt->min_coredump) - goto fail_unlock; - -@@ -2284,7 +2665,7 @@ close_fail: - filp_close(cprm.file, NULL); - fail_dropcount: - if (ispipe) -- atomic_dec(&core_dump_count); -+ atomic_dec_unchecked(&core_dump_count); - fail_unlock: - kfree(cn.corename); - fail_corename: -@@ -2303,7 +2684,7 @@ fail: - */ - int dump_write(struct file *file, const void *addr, int nr) - { -- return access_ok(VERIFY_READ, addr, nr) && file->f_op->write(file, addr, nr, &file->f_pos) == nr; -+ return access_ok(VERIFY_READ, addr, nr) && file->f_op->write(file, (const char __force_user *)addr, nr, &file->f_pos) == nr; - } - EXPORT_SYMBOL(dump_write); - diff --git a/fs/ext2/balloc.c b/fs/ext2/balloc.c -index 376aa77..59a129c 100644 +index 2616d0e..2ffdec9 100644 --- a/fs/ext2/balloc.c +++ b/fs/ext2/balloc.c @@ -1190,10 +1190,10 @@ static int ext2_has_free_blocks(struct ext2_sb_info *sbi) @@ -46254,7 +50304,7 @@ index 376aa77..59a129c 100644 } return 1; diff --git a/fs/ext3/balloc.c b/fs/ext3/balloc.c -index 90d901f..159975f 100644 +index 22548f5..41521d8 100644 --- a/fs/ext3/balloc.c +++ b/fs/ext3/balloc.c @@ -1438,10 +1438,10 @@ static int ext3_has_free_blocks(struct ext3_sb_info *sbi, int use_reservation) @@ -46286,10 +50336,10 @@ index 2f2e0da..89b113a 100644 if (free_clusters >= (nclusters + dirty_clusters)) return 1; diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index b686b43..4b46d01 100644 +index 8462eb3..4a71af6 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h -@@ -1248,19 +1248,19 @@ struct ext4_sb_info { +@@ -1265,19 +1265,19 @@ struct ext4_sb_info { unsigned long s_mb_last_start; /* stats for buddy allocator */ @@ -46320,10 +50370,10 @@ index b686b43..4b46d01 100644 /* locality groups */ diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index 24e5c78..a9e7619 100644 +index 061727a..7622abf 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c -@@ -1746,7 +1746,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, +@@ -1747,7 +1747,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len); if (EXT4_SB(sb)->s_mb_stats) @@ -46332,7 +50382,7 @@ index 24e5c78..a9e7619 100644 break; } -@@ -2040,7 +2040,7 @@ repeat: +@@ -2044,7 +2044,7 @@ repeat: ac->ac_status = AC_STATUS_CONTINUE; ac->ac_flags |= EXT4_MB_HINT_FIRST; cr = 3; @@ -46341,7 +50391,7 @@ index 24e5c78..a9e7619 100644 goto repeat; } } -@@ -2551,25 +2551,25 @@ int ext4_mb_release(struct super_block *sb) +@@ -2552,25 +2552,25 @@ int ext4_mb_release(struct super_block *sb) if (sbi->s_mb_stats) { ext4_msg(sb, KERN_INFO, "mballoc: %u blocks %u reqs (%u success)", @@ -46377,7 +50427,7 @@ index 24e5c78..a9e7619 100644 } free_percpu(sbi->s_locality_groups); -@@ -3051,16 +3051,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) +@@ -3060,16 +3060,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb); if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) { @@ -46400,7 +50450,7 @@ index 24e5c78..a9e7619 100644 } if (ac->ac_op == EXT4_MB_HISTORY_ALLOC) -@@ -3460,7 +3460,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) +@@ -3469,7 +3469,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_inode_pa(ac, pa); ext4_mb_use_inode_pa(ac, pa); @@ -46409,7 +50459,7 @@ index 24e5c78..a9e7619 100644 ei = EXT4_I(ac->ac_inode); grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3520,7 +3520,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) +@@ -3529,7 +3529,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_group_pa(ac, pa); ext4_mb_use_group_pa(ac, pa); @@ -46418,7 +50468,7 @@ index 24e5c78..a9e7619 100644 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg = ac->ac_lg; -@@ -3609,7 +3609,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, +@@ -3618,7 +3618,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, * from the bitmap and continue. */ } @@ -46427,7 +50477,7 @@ index 24e5c78..a9e7619 100644 return err; } -@@ -3627,7 +3627,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, +@@ -3636,7 +3636,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group != e4b->bd_group && pa->pa_len != 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -46436,11 +50486,24 @@ index 24e5c78..a9e7619 100644 trace_ext4_mballoc_discard(sb, NULL, group, bit, pa->pa_len); return 0; +diff --git a/fs/ext4/super.c b/fs/ext4/super.c +index 0465f36..99a003a 100644 +--- a/fs/ext4/super.c ++++ b/fs/ext4/super.c +@@ -2429,7 +2429,7 @@ struct ext4_attr { + ssize_t (*store)(struct ext4_attr *, struct ext4_sb_info *, + const char *, size_t); + int offset; +-}; ++} __do_const; + + static int parse_strtoul(const char *buf, + unsigned long max, unsigned long *value) diff --git a/fs/fcntl.c b/fs/fcntl.c -index 887b5ba..0e3f2c3 100644 +index 71a600a..20d87b1 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c -@@ -225,6 +225,11 @@ int __f_setown(struct file *filp, struct pid *pid, enum pid_type type, +@@ -107,6 +107,11 @@ int __f_setown(struct file *filp, struct pid *pid, enum pid_type type, if (err) return err; @@ -46452,32 +50515,20 @@ index 887b5ba..0e3f2c3 100644 f_modown(filp, pid, type, force); return 0; } -@@ -267,7 +272,7 @@ pid_t f_getown(struct file *filp) - - static int f_setown_ex(struct file *filp, unsigned long arg) - { -- struct f_owner_ex * __user owner_p = (void * __user)arg; -+ struct f_owner_ex __user *owner_p = (void __user *)arg; - struct f_owner_ex owner; - struct pid *pid; - int type; -@@ -307,7 +312,7 @@ static int f_setown_ex(struct file *filp, unsigned long arg) - - static int f_getown_ex(struct file *filp, unsigned long arg) - { -- struct f_owner_ex * __user owner_p = (void * __user)arg; -+ struct f_owner_ex __user *owner_p = (void __user *)arg; - struct f_owner_ex owner; - int ret = 0; - -@@ -374,6 +379,7 @@ static long do_fcntl(int fd, unsigned int cmd, unsigned long arg, - switch (cmd) { - case F_DUPFD: - case F_DUPFD_CLOEXEC: -+ gr_learn_resource(current, RLIMIT_NOFILE, arg, 0); - if (arg >= rlimit(RLIMIT_NOFILE)) - break; - err = alloc_fd(arg, cmd == F_DUPFD_CLOEXEC ? O_CLOEXEC : 0); +diff --git a/fs/fhandle.c b/fs/fhandle.c +index 999ff5c..41f4109 100644 +--- a/fs/fhandle.c ++++ b/fs/fhandle.c +@@ -67,8 +67,7 @@ static long do_sys_name_to_handle(struct path *path, + } else + retval = 0; + /* copy the mount id */ +- if (copy_to_user(mnt_id, &real_mount(path->mnt)->mnt_id, +- sizeof(*mnt_id)) || ++ if (put_user(real_mount(path->mnt)->mnt_id, mnt_id) || + copy_to_user(ufh, handle, + sizeof(struct file_handle) + handle_bytes)) + retval = -EFAULT; diff --git a/fs/fifo.c b/fs/fifo.c index cf6f434..3d7942c 100644 --- a/fs/fifo.c @@ -46553,10 +50604,10 @@ index cf6f434..3d7942c 100644 err_nocleanup: diff --git a/fs/file.c b/fs/file.c -index ba3f605..fade102 100644 +index 2b3570b..c57924b 100644 --- a/fs/file.c +++ b/fs/file.c -@@ -15,6 +15,7 @@ +@@ -16,6 +16,7 @@ #include <linux/slab.h> #include <linux/vmalloc.h> #include <linux/file.h> @@ -46564,16 +50615,32 @@ index ba3f605..fade102 100644 #include <linux/fdtable.h> #include <linux/bitops.h> #include <linux/interrupt.h> -@@ -255,6 +256,7 @@ int expand_files(struct files_struct *files, int nr) - * N.B. For clone tasks sharing a files structure, this test - * will limit the total number of files that can be opened. - */ -+ gr_learn_resource(current, RLIMIT_NOFILE, nr, 0); - if (nr >= rlimit(RLIMIT_NOFILE)) - return -EMFILE; +@@ -892,6 +893,7 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags) + if (!file) + return __close_fd(files, fd); + ++ gr_learn_resource(current, RLIMIT_NOFILE, fd, 0); + if (fd >= rlimit(RLIMIT_NOFILE)) + return -EBADF; + +@@ -918,6 +920,7 @@ SYSCALL_DEFINE3(dup3, unsigned int, oldfd, unsigned int, newfd, int, flags) + if (unlikely(oldfd == newfd)) + return -EINVAL; ++ gr_learn_resource(current, RLIMIT_NOFILE, newfd, 0); + if (newfd >= rlimit(RLIMIT_NOFILE)) + return -EBADF; + +@@ -973,6 +976,7 @@ SYSCALL_DEFINE1(dup, unsigned int, fildes) + int f_dupfd(unsigned int from, struct file *file, unsigned flags) + { + int err; ++ gr_learn_resource(current, RLIMIT_NOFILE, from, 0); + if (from >= rlimit(RLIMIT_NOFILE)) + return -EINVAL; + err = alloc_fd(from, flags); diff --git a/fs/filesystems.c b/fs/filesystems.c -index 96f2428..f5eeb8e 100644 +index da165f6..3671bdb 100644 --- a/fs/filesystems.c +++ b/fs/filesystems.c @@ -273,7 +273,12 @@ struct file_system_type *get_fs_type(const char *name) @@ -46590,7 +50657,7 @@ index 96f2428..f5eeb8e 100644 if (dot && fs && !(fs->fs_flags & FS_HAS_SUBTYPE)) { diff --git a/fs/fs_struct.c b/fs/fs_struct.c -index 5df4775..f656176 100644 +index fe6ca58..65318cf 100644 --- a/fs/fs_struct.c +++ b/fs/fs_struct.c @@ -4,6 +4,7 @@ @@ -46640,14 +50707,7 @@ index 5df4775..f656176 100644 hits += replace_path(&fs->pwd, old_root, new_root); write_seqcount_end(&fs->seq); while (hits--) { -@@ -94,12 +111,15 @@ void exit_fs(struct task_struct *tsk) - { - struct fs_struct *fs = tsk->fs; - -+ gr_put_exec_file(tsk); -+ - if (fs) { - int kill; +@@ -99,7 +116,8 @@ void exit_fs(struct task_struct *tsk) task_lock(tsk); spin_lock(&fs->lock); tsk->fs = NULL; @@ -46657,7 +50717,7 @@ index 5df4775..f656176 100644 spin_unlock(&fs->lock); task_unlock(tsk); if (kill) -@@ -112,7 +132,7 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) +@@ -112,7 +130,7 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL); /* We don't need to lock fs - think why ;-) */ if (fs) { @@ -46666,7 +50726,7 @@ index 5df4775..f656176 100644 fs->in_exec = 0; spin_lock_init(&fs->lock); seqcount_init(&fs->seq); -@@ -121,6 +141,9 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) +@@ -121,6 +139,9 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) spin_lock(&old->lock); fs->root = old->root; path_get(&fs->root); @@ -46676,7 +50736,7 @@ index 5df4775..f656176 100644 fs->pwd = old->pwd; path_get(&fs->pwd); spin_unlock(&old->lock); -@@ -139,8 +162,9 @@ int unshare_fs_struct(void) +@@ -139,8 +160,9 @@ int unshare_fs_struct(void) task_lock(current); spin_lock(&fs->lock); @@ -46687,7 +50747,7 @@ index 5df4775..f656176 100644 spin_unlock(&fs->lock); task_unlock(current); -@@ -153,13 +177,13 @@ EXPORT_SYMBOL_GPL(unshare_fs_struct); +@@ -153,13 +175,13 @@ EXPORT_SYMBOL_GPL(unshare_fs_struct); int current_umask(void) { @@ -46703,32 +50763,8 @@ index 5df4775..f656176 100644 .lock = __SPIN_LOCK_UNLOCKED(init_fs.lock), .seq = SEQCNT_ZERO, .umask = 0022, -@@ -169,18 +193,21 @@ void daemonize_fs_struct(void) - { - struct fs_struct *fs = current->fs; - -+ gr_put_exec_file(current); -+ - if (fs) { - int kill; - - task_lock(current); - - spin_lock(&init_fs.lock); -- init_fs.users++; -+ atomic_inc(&init_fs.users); - spin_unlock(&init_fs.lock); - - spin_lock(&fs->lock); - current->fs = &init_fs; -- kill = !--fs->users; -+ gr_set_chroot_entries(current, ¤t->fs->root); -+ kill = !atomic_dec_return(&fs->users); - spin_unlock(&fs->lock); - - task_unlock(current); diff --git a/fs/fscache/cookie.c b/fs/fscache/cookie.c -index 9905350..02eaec4 100644 +index 8dcb114..b1072e2 100644 --- a/fs/fscache/cookie.c +++ b/fs/fscache/cookie.c @@ -68,11 +68,11 @@ struct fscache_cookie *__fscache_acquire_cookie( @@ -46811,7 +50847,16 @@ index 9905350..02eaec4 100644 object->debug_id = atomic_inc_return(&fscache_object_debug_id); -@@ -377,10 +377,10 @@ void __fscache_update_cookie(struct fscache_cookie *cookie) +@@ -378,7 +378,7 @@ void __fscache_invalidate(struct fscache_cookie *cookie) + + _enter("{%s}", cookie->def->name); + +- fscache_stat(&fscache_n_invalidates); ++ fscache_stat_unchecked(&fscache_n_invalidates); + + /* Only permit invalidation of data files. Invalidating an index will + * require the caller to release all its attachments to the tree rooted +@@ -437,10 +437,10 @@ void __fscache_update_cookie(struct fscache_cookie *cookie) struct fscache_object *object; struct hlist_node *_p; @@ -46824,7 +50869,7 @@ index 9905350..02eaec4 100644 _leave(" [no cookie]"); return; } -@@ -414,12 +414,12 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire) +@@ -474,12 +474,12 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire) struct fscache_object *object; unsigned long event; @@ -46840,7 +50885,7 @@ index 9905350..02eaec4 100644 _leave(" [no cookie]"); return; } -@@ -435,7 +435,7 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire) +@@ -495,7 +495,7 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire) /* wait for the cookie to finish being instantiated (or to fail) */ if (test_bit(FSCACHE_COOKIE_CREATING, &cookie->flags)) { @@ -46850,12 +50895,17 @@ index 9905350..02eaec4 100644 fscache_wait_bit, TASK_UNINTERRUPTIBLE); } diff --git a/fs/fscache/internal.h b/fs/fscache/internal.h -index f6aad48..88dcf26 100644 +index ee38fef..0a326d4 100644 --- a/fs/fscache/internal.h +++ b/fs/fscache/internal.h -@@ -144,94 +144,94 @@ extern void fscache_proc_cleanup(void); - extern atomic_t fscache_n_ops_processed[FSCACHE_MAX_THREADS]; - extern atomic_t fscache_n_objs_processed[FSCACHE_MAX_THREADS]; +@@ -148,101 +148,101 @@ extern void fscache_proc_cleanup(void); + * stats.c + */ + #ifdef CONFIG_FSCACHE_STATS +-extern atomic_t fscache_n_ops_processed[FSCACHE_MAX_THREADS]; +-extern atomic_t fscache_n_objs_processed[FSCACHE_MAX_THREADS]; ++extern atomic_unchecked_t fscache_n_ops_processed[FSCACHE_MAX_THREADS]; ++extern atomic_unchecked_t fscache_n_objs_processed[FSCACHE_MAX_THREADS]; -extern atomic_t fscache_n_op_pend; -extern atomic_t fscache_n_op_run; @@ -46865,13 +50915,26 @@ index f6aad48..88dcf26 100644 -extern atomic_t fscache_n_op_gc; -extern atomic_t fscache_n_op_cancelled; -extern atomic_t fscache_n_op_rejected; -- ++extern atomic_unchecked_t fscache_n_op_pend; ++extern atomic_unchecked_t fscache_n_op_run; ++extern atomic_unchecked_t fscache_n_op_enqueue; ++extern atomic_unchecked_t fscache_n_op_deferred_release; ++extern atomic_unchecked_t fscache_n_op_release; ++extern atomic_unchecked_t fscache_n_op_gc; ++extern atomic_unchecked_t fscache_n_op_cancelled; ++extern atomic_unchecked_t fscache_n_op_rejected; + -extern atomic_t fscache_n_attr_changed; -extern atomic_t fscache_n_attr_changed_ok; -extern atomic_t fscache_n_attr_changed_nobufs; -extern atomic_t fscache_n_attr_changed_nomem; -extern atomic_t fscache_n_attr_changed_calls; -- ++extern atomic_unchecked_t fscache_n_attr_changed; ++extern atomic_unchecked_t fscache_n_attr_changed_ok; ++extern atomic_unchecked_t fscache_n_attr_changed_nobufs; ++extern atomic_unchecked_t fscache_n_attr_changed_nomem; ++extern atomic_unchecked_t fscache_n_attr_changed_calls; + -extern atomic_t fscache_n_allocs; -extern atomic_t fscache_n_allocs_ok; -extern atomic_t fscache_n_allocs_wait; @@ -46880,7 +50943,15 @@ index f6aad48..88dcf26 100644 -extern atomic_t fscache_n_allocs_object_dead; -extern atomic_t fscache_n_alloc_ops; -extern atomic_t fscache_n_alloc_op_waits; -- ++extern atomic_unchecked_t fscache_n_allocs; ++extern atomic_unchecked_t fscache_n_allocs_ok; ++extern atomic_unchecked_t fscache_n_allocs_wait; ++extern atomic_unchecked_t fscache_n_allocs_nobufs; ++extern atomic_unchecked_t fscache_n_allocs_intr; ++extern atomic_unchecked_t fscache_n_allocs_object_dead; ++extern atomic_unchecked_t fscache_n_alloc_ops; ++extern atomic_unchecked_t fscache_n_alloc_op_waits; + -extern atomic_t fscache_n_retrievals; -extern atomic_t fscache_n_retrievals_ok; -extern atomic_t fscache_n_retrievals_wait; @@ -46891,84 +50962,6 @@ index f6aad48..88dcf26 100644 -extern atomic_t fscache_n_retrievals_object_dead; -extern atomic_t fscache_n_retrieval_ops; -extern atomic_t fscache_n_retrieval_op_waits; -- --extern atomic_t fscache_n_stores; --extern atomic_t fscache_n_stores_ok; --extern atomic_t fscache_n_stores_again; --extern atomic_t fscache_n_stores_nobufs; --extern atomic_t fscache_n_stores_oom; --extern atomic_t fscache_n_store_ops; --extern atomic_t fscache_n_store_calls; --extern atomic_t fscache_n_store_pages; --extern atomic_t fscache_n_store_radix_deletes; --extern atomic_t fscache_n_store_pages_over_limit; -- --extern atomic_t fscache_n_store_vmscan_not_storing; --extern atomic_t fscache_n_store_vmscan_gone; --extern atomic_t fscache_n_store_vmscan_busy; --extern atomic_t fscache_n_store_vmscan_cancelled; -- --extern atomic_t fscache_n_marks; --extern atomic_t fscache_n_uncaches; -- --extern atomic_t fscache_n_acquires; --extern atomic_t fscache_n_acquires_null; --extern atomic_t fscache_n_acquires_no_cache; --extern atomic_t fscache_n_acquires_ok; --extern atomic_t fscache_n_acquires_nobufs; --extern atomic_t fscache_n_acquires_oom; -- --extern atomic_t fscache_n_updates; --extern atomic_t fscache_n_updates_null; --extern atomic_t fscache_n_updates_run; -- --extern atomic_t fscache_n_relinquishes; --extern atomic_t fscache_n_relinquishes_null; --extern atomic_t fscache_n_relinquishes_waitcrt; --extern atomic_t fscache_n_relinquishes_retire; -- --extern atomic_t fscache_n_cookie_index; --extern atomic_t fscache_n_cookie_data; --extern atomic_t fscache_n_cookie_special; -- --extern atomic_t fscache_n_object_alloc; --extern atomic_t fscache_n_object_no_alloc; --extern atomic_t fscache_n_object_lookups; --extern atomic_t fscache_n_object_lookups_negative; --extern atomic_t fscache_n_object_lookups_positive; --extern atomic_t fscache_n_object_lookups_timed_out; --extern atomic_t fscache_n_object_created; --extern atomic_t fscache_n_object_avail; --extern atomic_t fscache_n_object_dead; -- --extern atomic_t fscache_n_checkaux_none; --extern atomic_t fscache_n_checkaux_okay; --extern atomic_t fscache_n_checkaux_update; --extern atomic_t fscache_n_checkaux_obsolete; -+extern atomic_unchecked_t fscache_n_op_pend; -+extern atomic_unchecked_t fscache_n_op_run; -+extern atomic_unchecked_t fscache_n_op_enqueue; -+extern atomic_unchecked_t fscache_n_op_deferred_release; -+extern atomic_unchecked_t fscache_n_op_release; -+extern atomic_unchecked_t fscache_n_op_gc; -+extern atomic_unchecked_t fscache_n_op_cancelled; -+extern atomic_unchecked_t fscache_n_op_rejected; -+ -+extern atomic_unchecked_t fscache_n_attr_changed; -+extern atomic_unchecked_t fscache_n_attr_changed_ok; -+extern atomic_unchecked_t fscache_n_attr_changed_nobufs; -+extern atomic_unchecked_t fscache_n_attr_changed_nomem; -+extern atomic_unchecked_t fscache_n_attr_changed_calls; -+ -+extern atomic_unchecked_t fscache_n_allocs; -+extern atomic_unchecked_t fscache_n_allocs_ok; -+extern atomic_unchecked_t fscache_n_allocs_wait; -+extern atomic_unchecked_t fscache_n_allocs_nobufs; -+extern atomic_unchecked_t fscache_n_allocs_intr; -+extern atomic_unchecked_t fscache_n_allocs_object_dead; -+extern atomic_unchecked_t fscache_n_alloc_ops; -+extern atomic_unchecked_t fscache_n_alloc_op_waits; -+ +extern atomic_unchecked_t fscache_n_retrievals; +extern atomic_unchecked_t fscache_n_retrievals_ok; +extern atomic_unchecked_t fscache_n_retrievals_wait; @@ -46979,7 +50972,17 @@ index f6aad48..88dcf26 100644 +extern atomic_unchecked_t fscache_n_retrievals_object_dead; +extern atomic_unchecked_t fscache_n_retrieval_ops; +extern atomic_unchecked_t fscache_n_retrieval_op_waits; -+ + +-extern atomic_t fscache_n_stores; +-extern atomic_t fscache_n_stores_ok; +-extern atomic_t fscache_n_stores_again; +-extern atomic_t fscache_n_stores_nobufs; +-extern atomic_t fscache_n_stores_oom; +-extern atomic_t fscache_n_store_ops; +-extern atomic_t fscache_n_store_calls; +-extern atomic_t fscache_n_store_pages; +-extern atomic_t fscache_n_store_radix_deletes; +-extern atomic_t fscache_n_store_pages_over_limit; +extern atomic_unchecked_t fscache_n_stores; +extern atomic_unchecked_t fscache_n_stores_ok; +extern atomic_unchecked_t fscache_n_stores_again; @@ -46990,35 +50993,73 @@ index f6aad48..88dcf26 100644 +extern atomic_unchecked_t fscache_n_store_pages; +extern atomic_unchecked_t fscache_n_store_radix_deletes; +extern atomic_unchecked_t fscache_n_store_pages_over_limit; -+ + +-extern atomic_t fscache_n_store_vmscan_not_storing; +-extern atomic_t fscache_n_store_vmscan_gone; +-extern atomic_t fscache_n_store_vmscan_busy; +-extern atomic_t fscache_n_store_vmscan_cancelled; +-extern atomic_t fscache_n_store_vmscan_wait; +extern atomic_unchecked_t fscache_n_store_vmscan_not_storing; +extern atomic_unchecked_t fscache_n_store_vmscan_gone; +extern atomic_unchecked_t fscache_n_store_vmscan_busy; +extern atomic_unchecked_t fscache_n_store_vmscan_cancelled; -+ ++extern atomic_unchecked_t fscache_n_store_vmscan_wait; + +-extern atomic_t fscache_n_marks; +-extern atomic_t fscache_n_uncaches; +extern atomic_unchecked_t fscache_n_marks; +extern atomic_unchecked_t fscache_n_uncaches; -+ + +-extern atomic_t fscache_n_acquires; +-extern atomic_t fscache_n_acquires_null; +-extern atomic_t fscache_n_acquires_no_cache; +-extern atomic_t fscache_n_acquires_ok; +-extern atomic_t fscache_n_acquires_nobufs; +-extern atomic_t fscache_n_acquires_oom; +extern atomic_unchecked_t fscache_n_acquires; +extern atomic_unchecked_t fscache_n_acquires_null; +extern atomic_unchecked_t fscache_n_acquires_no_cache; +extern atomic_unchecked_t fscache_n_acquires_ok; +extern atomic_unchecked_t fscache_n_acquires_nobufs; +extern atomic_unchecked_t fscache_n_acquires_oom; -+ + +-extern atomic_t fscache_n_invalidates; +-extern atomic_t fscache_n_invalidates_run; ++extern atomic_unchecked_t fscache_n_invalidates; ++extern atomic_unchecked_t fscache_n_invalidates_run; + +-extern atomic_t fscache_n_updates; +-extern atomic_t fscache_n_updates_null; +-extern atomic_t fscache_n_updates_run; +extern atomic_unchecked_t fscache_n_updates; +extern atomic_unchecked_t fscache_n_updates_null; +extern atomic_unchecked_t fscache_n_updates_run; -+ + +-extern atomic_t fscache_n_relinquishes; +-extern atomic_t fscache_n_relinquishes_null; +-extern atomic_t fscache_n_relinquishes_waitcrt; +-extern atomic_t fscache_n_relinquishes_retire; +extern atomic_unchecked_t fscache_n_relinquishes; +extern atomic_unchecked_t fscache_n_relinquishes_null; +extern atomic_unchecked_t fscache_n_relinquishes_waitcrt; +extern atomic_unchecked_t fscache_n_relinquishes_retire; -+ + +-extern atomic_t fscache_n_cookie_index; +-extern atomic_t fscache_n_cookie_data; +-extern atomic_t fscache_n_cookie_special; +extern atomic_unchecked_t fscache_n_cookie_index; +extern atomic_unchecked_t fscache_n_cookie_data; +extern atomic_unchecked_t fscache_n_cookie_special; -+ + +-extern atomic_t fscache_n_object_alloc; +-extern atomic_t fscache_n_object_no_alloc; +-extern atomic_t fscache_n_object_lookups; +-extern atomic_t fscache_n_object_lookups_negative; +-extern atomic_t fscache_n_object_lookups_positive; +-extern atomic_t fscache_n_object_lookups_timed_out; +-extern atomic_t fscache_n_object_created; +-extern atomic_t fscache_n_object_avail; +-extern atomic_t fscache_n_object_dead; +extern atomic_unchecked_t fscache_n_object_alloc; +extern atomic_unchecked_t fscache_n_object_no_alloc; +extern atomic_unchecked_t fscache_n_object_lookups; @@ -47028,7 +51069,11 @@ index f6aad48..88dcf26 100644 +extern atomic_unchecked_t fscache_n_object_created; +extern atomic_unchecked_t fscache_n_object_avail; +extern atomic_unchecked_t fscache_n_object_dead; -+ + +-extern atomic_t fscache_n_checkaux_none; +-extern atomic_t fscache_n_checkaux_okay; +-extern atomic_t fscache_n_checkaux_update; +-extern atomic_t fscache_n_checkaux_obsolete; +extern atomic_unchecked_t fscache_n_checkaux_none; +extern atomic_unchecked_t fscache_n_checkaux_okay; +extern atomic_unchecked_t fscache_n_checkaux_update; @@ -47036,7 +51081,7 @@ index f6aad48..88dcf26 100644 extern atomic_t fscache_n_cop_alloc_object; extern atomic_t fscache_n_cop_lookup_object; -@@ -255,6 +255,11 @@ static inline void fscache_stat(atomic_t *stat) +@@ -267,6 +267,11 @@ static inline void fscache_stat(atomic_t *stat) atomic_inc(stat); } @@ -47048,7 +51093,7 @@ index f6aad48..88dcf26 100644 static inline void fscache_stat_d(atomic_t *stat) { atomic_dec(stat); -@@ -267,6 +272,7 @@ extern const struct file_operations fscache_stats_fops; +@@ -279,6 +284,7 @@ extern const struct file_operations fscache_stats_fops; #define __fscache_stat(stat) (NULL) #define fscache_stat(stat) do {} while (0) @@ -47057,10 +51102,19 @@ index f6aad48..88dcf26 100644 #endif diff --git a/fs/fscache/object.c b/fs/fscache/object.c -index b6b897c..0ffff9c 100644 +index 50d41c1..10ee117 100644 --- a/fs/fscache/object.c +++ b/fs/fscache/object.c -@@ -128,7 +128,7 @@ static void fscache_object_state_machine(struct fscache_object *object) +@@ -143,7 +143,7 @@ static void fscache_object_state_machine(struct fscache_object *object) + /* Invalidate an object on disk */ + case FSCACHE_OBJECT_INVALIDATING: + clear_bit(FSCACHE_OBJECT_EV_INVALIDATE, &object->events); +- fscache_stat(&fscache_n_invalidates_run); ++ fscache_stat_unchecked(&fscache_n_invalidates_run); + fscache_stat(&fscache_n_cop_invalidate_object); + fscache_invalidate_object(object); + fscache_stat_d(&fscache_n_cop_invalidate_object); +@@ -153,7 +153,7 @@ static void fscache_object_state_machine(struct fscache_object *object) /* update the object metadata on disk */ case FSCACHE_OBJECT_UPDATING: clear_bit(FSCACHE_OBJECT_EV_UPDATE, &object->events); @@ -47069,7 +51123,7 @@ index b6b897c..0ffff9c 100644 fscache_stat(&fscache_n_cop_update_object); object->cache->ops->update_object(object); fscache_stat_d(&fscache_n_cop_update_object); -@@ -217,7 +217,7 @@ static void fscache_object_state_machine(struct fscache_object *object) +@@ -242,7 +242,7 @@ static void fscache_object_state_machine(struct fscache_object *object) spin_lock(&object->lock); object->state = FSCACHE_OBJECT_DEAD; spin_unlock(&object->lock); @@ -47078,7 +51132,7 @@ index b6b897c..0ffff9c 100644 goto terminal_transit; /* handle the parent cache of this object being withdrawn from -@@ -232,7 +232,7 @@ static void fscache_object_state_machine(struct fscache_object *object) +@@ -257,7 +257,7 @@ static void fscache_object_state_machine(struct fscache_object *object) spin_lock(&object->lock); object->state = FSCACHE_OBJECT_DEAD; spin_unlock(&object->lock); @@ -47087,7 +51141,7 @@ index b6b897c..0ffff9c 100644 goto terminal_transit; /* complain about the object being woken up once it is -@@ -461,7 +461,7 @@ static void fscache_lookup_object(struct fscache_object *object) +@@ -495,7 +495,7 @@ static void fscache_lookup_object(struct fscache_object *object) parent->cookie->def->name, cookie->def->name, object->cache->tag->name); @@ -47096,7 +51150,7 @@ index b6b897c..0ffff9c 100644 fscache_stat(&fscache_n_cop_lookup_object); ret = object->cache->ops->lookup_object(object); fscache_stat_d(&fscache_n_cop_lookup_object); -@@ -472,7 +472,7 @@ static void fscache_lookup_object(struct fscache_object *object) +@@ -506,7 +506,7 @@ static void fscache_lookup_object(struct fscache_object *object) if (ret == -ETIMEDOUT) { /* probably stuck behind another object, so move this one to * the back of the queue */ @@ -47105,7 +51159,7 @@ index b6b897c..0ffff9c 100644 set_bit(FSCACHE_OBJECT_EV_REQUEUE, &object->events); } -@@ -495,7 +495,7 @@ void fscache_object_lookup_negative(struct fscache_object *object) +@@ -529,7 +529,7 @@ void fscache_object_lookup_negative(struct fscache_object *object) spin_lock(&object->lock); if (object->state == FSCACHE_OBJECT_LOOKING_UP) { @@ -47114,7 +51168,7 @@ index b6b897c..0ffff9c 100644 /* transit here to allow write requests to begin stacking up * and read requests to begin returning ENODATA */ -@@ -541,7 +541,7 @@ void fscache_obtained_object(struct fscache_object *object) +@@ -575,7 +575,7 @@ void fscache_obtained_object(struct fscache_object *object) * result, in which case there may be data available */ spin_lock(&object->lock); if (object->state == FSCACHE_OBJECT_LOOKING_UP) { @@ -47123,7 +51177,7 @@ index b6b897c..0ffff9c 100644 clear_bit(FSCACHE_COOKIE_NO_DATA_YET, &cookie->flags); -@@ -555,7 +555,7 @@ void fscache_obtained_object(struct fscache_object *object) +@@ -589,7 +589,7 @@ void fscache_obtained_object(struct fscache_object *object) set_bit(FSCACHE_OBJECT_EV_REQUEUE, &object->events); } else { ASSERTCMP(object->state, ==, FSCACHE_OBJECT_CREATING); @@ -47132,7 +51186,7 @@ index b6b897c..0ffff9c 100644 object->state = FSCACHE_OBJECT_AVAILABLE; spin_unlock(&object->lock); -@@ -602,7 +602,7 @@ static void fscache_object_available(struct fscache_object *object) +@@ -634,7 +634,7 @@ static void fscache_object_available(struct fscache_object *object) fscache_enqueue_dependents(object); fscache_hist(fscache_obj_instantiate_histogram, object->lookup_jif); @@ -47141,7 +51195,7 @@ index b6b897c..0ffff9c 100644 _leave(""); } -@@ -861,7 +861,7 @@ enum fscache_checkaux fscache_check_aux(struct fscache_object *object, +@@ -894,7 +894,7 @@ enum fscache_checkaux fscache_check_aux(struct fscache_object *object, enum fscache_checkaux result; if (!object->cookie->def->check_aux) { @@ -47150,7 +51204,7 @@ index b6b897c..0ffff9c 100644 return FSCACHE_CHECKAUX_OKAY; } -@@ -870,17 +870,17 @@ enum fscache_checkaux fscache_check_aux(struct fscache_object *object, +@@ -903,17 +903,17 @@ enum fscache_checkaux fscache_check_aux(struct fscache_object *object, switch (result) { /* entry okay as is */ case FSCACHE_CHECKAUX_OKAY: @@ -47172,7 +51226,7 @@ index b6b897c..0ffff9c 100644 default: diff --git a/fs/fscache/operation.c b/fs/fscache/operation.c -index 30afdfa..2256596 100644 +index 762a9ec..2023284 100644 --- a/fs/fscache/operation.c +++ b/fs/fscache/operation.c @@ -17,7 +17,7 @@ @@ -47184,16 +51238,16 @@ index 30afdfa..2256596 100644 EXPORT_SYMBOL(fscache_op_debug_id); /** -@@ -38,7 +38,7 @@ void fscache_enqueue_operation(struct fscache_operation *op) - ASSERTCMP(op->object->state, >=, FSCACHE_OBJECT_AVAILABLE); +@@ -39,7 +39,7 @@ void fscache_enqueue_operation(struct fscache_operation *op) ASSERTCMP(atomic_read(&op->usage), >, 0); + ASSERTCMP(op->state, ==, FSCACHE_OP_ST_IN_PROGRESS); - fscache_stat(&fscache_n_op_enqueue); + fscache_stat_unchecked(&fscache_n_op_enqueue); switch (op->flags & FSCACHE_OP_TYPE) { case FSCACHE_OP_ASYNC: _debug("queue async"); -@@ -69,7 +69,7 @@ static void fscache_run_op(struct fscache_object *object, +@@ -73,7 +73,7 @@ static void fscache_run_op(struct fscache_object *object, wake_up_bit(&op->flags, FSCACHE_OP_WAITING); if (op->processor) fscache_enqueue_operation(op); @@ -47202,8 +51256,8 @@ index 30afdfa..2256596 100644 } /* -@@ -98,11 +98,11 @@ int fscache_submit_exclusive_op(struct fscache_object *object, - if (object->n_ops > 1) { +@@ -105,11 +105,11 @@ int fscache_submit_exclusive_op(struct fscache_object *object, + if (object->n_in_progress > 0) { atomic_inc(&op->usage); list_add_tail(&op->pend_link, &object->pending_ops); - fscache_stat(&fscache_n_op_pend); @@ -47216,7 +51270,7 @@ index 30afdfa..2256596 100644 fscache_start_operations(object); } else { ASSERTCMP(object->n_in_progress, ==, 0); -@@ -118,7 +118,7 @@ int fscache_submit_exclusive_op(struct fscache_object *object, +@@ -125,7 +125,7 @@ int fscache_submit_exclusive_op(struct fscache_object *object, object->n_exclusive++; /* reads and writes must wait */ atomic_inc(&op->usage); list_add_tail(&op->pend_link, &object->pending_ops); @@ -47224,8 +51278,8 @@ index 30afdfa..2256596 100644 + fscache_stat_unchecked(&fscache_n_op_pend); ret = 0; } else { - /* not allowed to submit ops in any other state */ -@@ -203,11 +203,11 @@ int fscache_submit_op(struct fscache_object *object, + /* If we're in any other state, there must have been an I/O +@@ -215,11 +215,11 @@ int fscache_submit_op(struct fscache_object *object, if (object->n_exclusive > 0) { atomic_inc(&op->usage); list_add_tail(&op->pend_link, &object->pending_ops); @@ -47239,7 +51293,7 @@ index 30afdfa..2256596 100644 fscache_start_operations(object); } else { ASSERTCMP(object->n_exclusive, ==, 0); -@@ -219,12 +219,12 @@ int fscache_submit_op(struct fscache_object *object, +@@ -231,12 +231,12 @@ int fscache_submit_op(struct fscache_object *object, object->n_ops++; atomic_inc(&op->usage); list_add_tail(&op->pend_link, &object->pending_ops); @@ -47251,28 +51305,37 @@ index 30afdfa..2256596 100644 object->state == FSCACHE_OBJECT_WITHDRAWING) { - fscache_stat(&fscache_n_op_rejected); + fscache_stat_unchecked(&fscache_n_op_rejected); + op->state = FSCACHE_OP_ST_CANCELLED; ret = -ENOBUFS; } else if (!test_bit(FSCACHE_IOERROR, &object->cache->flags)) { - fscache_report_unexpected_submission(object, op, ostate); -@@ -294,7 +294,7 @@ int fscache_cancel_op(struct fscache_operation *op) - +@@ -315,7 +315,7 @@ int fscache_cancel_op(struct fscache_operation *op, ret = -EBUSY; - if (!list_empty(&op->pend_link)) { + if (op->state == FSCACHE_OP_ST_PENDING) { + ASSERT(!list_empty(&op->pend_link)); - fscache_stat(&fscache_n_op_cancelled); + fscache_stat_unchecked(&fscache_n_op_cancelled); list_del_init(&op->pend_link); - object->n_ops--; - if (test_bit(FSCACHE_OP_EXCLUSIVE, &op->flags)) -@@ -331,7 +331,7 @@ void fscache_put_operation(struct fscache_operation *op) - if (test_and_set_bit(FSCACHE_OP_DEAD, &op->flags)) - BUG(); + if (do_cancel) + do_cancel(op); +@@ -347,7 +347,7 @@ void fscache_cancel_all_ops(struct fscache_object *object) + while (!list_empty(&object->pending_ops)) { + op = list_entry(object->pending_ops.next, + struct fscache_operation, pend_link); +- fscache_stat(&fscache_n_op_cancelled); ++ fscache_stat_unchecked(&fscache_n_op_cancelled); + list_del_init(&op->pend_link); + + ASSERTCMP(op->state, ==, FSCACHE_OP_ST_PENDING); +@@ -419,7 +419,7 @@ void fscache_put_operation(struct fscache_operation *op) + op->state, ==, FSCACHE_OP_ST_CANCELLED); + op->state = FSCACHE_OP_ST_DEAD; - fscache_stat(&fscache_n_op_release); + fscache_stat_unchecked(&fscache_n_op_release); if (op->release) { op->release(op); -@@ -348,7 +348,7 @@ void fscache_put_operation(struct fscache_operation *op) +@@ -442,7 +442,7 @@ void fscache_put_operation(struct fscache_operation *op) * lock, and defer it otherwise */ if (!spin_trylock(&object->lock)) { _debug("defer put"); @@ -47281,7 +51344,7 @@ index 30afdfa..2256596 100644 cache = object->cache; spin_lock(&cache->op_gc_list_lock); -@@ -410,7 +410,7 @@ void fscache_operation_gc(struct work_struct *work) +@@ -495,7 +495,7 @@ void fscache_operation_gc(struct work_struct *work) _debug("GC DEFERRED REL OBJ%x OP%x", object->debug_id, op->debug_id); @@ -47289,12 +51352,12 @@ index 30afdfa..2256596 100644 + fscache_stat_unchecked(&fscache_n_op_gc); ASSERTCMP(atomic_read(&op->usage), ==, 0); - + ASSERTCMP(op->state, ==, FSCACHE_OP_ST_DEAD); diff --git a/fs/fscache/page.c b/fs/fscache/page.c -index 3f7a59b..cf196cc 100644 +index ff000e5..c44ec6d 100644 --- a/fs/fscache/page.c +++ b/fs/fscache/page.c -@@ -60,7 +60,7 @@ bool __fscache_maybe_release_page(struct fscache_cookie *cookie, +@@ -61,7 +61,7 @@ try_again: val = radix_tree_lookup(&cookie->stores, page->index); if (!val) { rcu_read_unlock(); @@ -47303,7 +51366,7 @@ index 3f7a59b..cf196cc 100644 __fscache_uncache_page(cookie, page); return true; } -@@ -90,11 +90,11 @@ bool __fscache_maybe_release_page(struct fscache_cookie *cookie, +@@ -91,11 +91,11 @@ try_again: spin_unlock(&cookie->stores_lock); if (xpage) { @@ -47318,16 +51381,21 @@ index 3f7a59b..cf196cc 100644 } wake_up_bit(&cookie->flags, 0); -@@ -107,7 +107,7 @@ page_busy: - /* we might want to wait here, but that could deadlock the allocator as - * the work threads writing to the cache may all end up sleeping - * on memory allocation */ -- fscache_stat(&fscache_n_store_vmscan_busy); -+ fscache_stat_unchecked(&fscache_n_store_vmscan_busy); - return false; - } - EXPORT_SYMBOL(__fscache_maybe_release_page); -@@ -131,7 +131,7 @@ static void fscache_end_page_write(struct fscache_object *object, +@@ -110,11 +110,11 @@ page_busy: + * sleeping on memory allocation, so we may need to impose a timeout + * too. */ + if (!(gfp & __GFP_WAIT)) { +- fscache_stat(&fscache_n_store_vmscan_busy); ++ fscache_stat_unchecked(&fscache_n_store_vmscan_busy); + return false; + } + +- fscache_stat(&fscache_n_store_vmscan_wait); ++ fscache_stat_unchecked(&fscache_n_store_vmscan_wait); + __fscache_wait_on_page_write(cookie, page); + gfp &= ~__GFP_WAIT; + goto try_again; +@@ -140,7 +140,7 @@ static void fscache_end_page_write(struct fscache_object *object, FSCACHE_COOKIE_STORING_TAG); if (!radix_tree_tag_get(&cookie->stores, page->index, FSCACHE_COOKIE_PENDING_TAG)) { @@ -47336,7 +51404,7 @@ index 3f7a59b..cf196cc 100644 xpage = radix_tree_delete(&cookie->stores, page->index); } spin_unlock(&cookie->stores_lock); -@@ -152,7 +152,7 @@ static void fscache_attr_changed_op(struct fscache_operation *op) +@@ -161,7 +161,7 @@ static void fscache_attr_changed_op(struct fscache_operation *op) _enter("{OBJ%x OP%x}", object->debug_id, op->debug_id); @@ -47345,7 +51413,7 @@ index 3f7a59b..cf196cc 100644 if (fscache_object_is_active(object)) { fscache_stat(&fscache_n_cop_attr_changed); -@@ -177,11 +177,11 @@ int __fscache_attr_changed(struct fscache_cookie *cookie) +@@ -187,11 +187,11 @@ int __fscache_attr_changed(struct fscache_cookie *cookie) ASSERTCMP(cookie->def->type, !=, FSCACHE_COOKIE_TYPE_INDEX); @@ -47359,7 +51427,7 @@ index 3f7a59b..cf196cc 100644 _leave(" = -ENOMEM"); return -ENOMEM; } -@@ -199,7 +199,7 @@ int __fscache_attr_changed(struct fscache_cookie *cookie) +@@ -209,7 +209,7 @@ int __fscache_attr_changed(struct fscache_cookie *cookie) if (fscache_submit_exclusive_op(object, op) < 0) goto nobufs; spin_unlock(&cookie->lock); @@ -47368,7 +51436,7 @@ index 3f7a59b..cf196cc 100644 fscache_put_operation(op); _leave(" = 0"); return 0; -@@ -207,7 +207,7 @@ int __fscache_attr_changed(struct fscache_cookie *cookie) +@@ -217,7 +217,7 @@ int __fscache_attr_changed(struct fscache_cookie *cookie) nobufs: spin_unlock(&cookie->lock); kfree(op); @@ -47377,7 +51445,7 @@ index 3f7a59b..cf196cc 100644 _leave(" = %d", -ENOBUFS); return -ENOBUFS; } -@@ -243,7 +243,7 @@ static struct fscache_retrieval *fscache_alloc_retrieval( +@@ -255,7 +255,7 @@ static struct fscache_retrieval *fscache_alloc_retrieval( /* allocate a retrieval operation and attempt to submit it */ op = kzalloc(sizeof(*op), GFP_NOIO); if (!op) { @@ -47386,7 +51454,7 @@ index 3f7a59b..cf196cc 100644 return NULL; } -@@ -271,13 +271,13 @@ static int fscache_wait_for_deferred_lookup(struct fscache_cookie *cookie) +@@ -283,13 +283,13 @@ static int fscache_wait_for_deferred_lookup(struct fscache_cookie *cookie) return 0; } @@ -47402,7 +51470,7 @@ index 3f7a59b..cf196cc 100644 _leave(" = -ERESTARTSYS"); return -ERESTARTSYS; } -@@ -295,8 +295,8 @@ static int fscache_wait_for_deferred_lookup(struct fscache_cookie *cookie) +@@ -318,8 +318,8 @@ static void fscache_do_cancel_retrieval(struct fscache_operation *_op) */ static int fscache_wait_for_retrieval_activation(struct fscache_object *object, struct fscache_retrieval *op, @@ -47413,7 +51481,7 @@ index 3f7a59b..cf196cc 100644 { int ret; -@@ -304,7 +304,7 @@ static int fscache_wait_for_retrieval_activation(struct fscache_object *object, +@@ -327,7 +327,7 @@ static int fscache_wait_for_retrieval_activation(struct fscache_object *object, goto check_if_dead; _debug(">>> WT"); @@ -47421,17 +51489,25 @@ index 3f7a59b..cf196cc 100644 + fscache_stat_unchecked(stat_op_waits); if (wait_on_bit(&op->op.flags, FSCACHE_OP_WAITING, fscache_wait_bit_interruptible, - TASK_INTERRUPTIBLE) < 0) { -@@ -321,7 +321,7 @@ static int fscache_wait_for_retrieval_activation(struct fscache_object *object, + TASK_INTERRUPTIBLE) != 0) { +@@ -344,14 +344,14 @@ static int fscache_wait_for_retrieval_activation(struct fscache_object *object, check_if_dead: + if (op->op.state == FSCACHE_OP_ST_CANCELLED) { +- fscache_stat(stat_object_dead); ++ fscache_stat_unchecked(stat_object_dead); + _leave(" = -ENOBUFS [cancelled]"); + return -ENOBUFS; + } if (unlikely(fscache_object_is_dead(object))) { + pr_err("%s() = -ENOBUFS [obj dead %d]\n", __func__, op->op.state); + fscache_cancel_op(&op->op, fscache_do_cancel_retrieval); - fscache_stat(stat_object_dead); + fscache_stat_unchecked(stat_object_dead); return -ENOBUFS; } return 0; -@@ -348,7 +348,7 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie, +@@ -378,7 +378,7 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie, _enter("%p,%p,,,", cookie, page); @@ -47440,8 +51516,8 @@ index 3f7a59b..cf196cc 100644 if (hlist_empty(&cookie->backing_objects)) goto nobufs; -@@ -381,7 +381,7 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie, - goto nobufs_unlock; +@@ -417,7 +417,7 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie, + goto nobufs_unlock_dec; spin_unlock(&cookie->lock); - fscache_stat(&fscache_n_retrieval_ops); @@ -47449,7 +51525,7 @@ index 3f7a59b..cf196cc 100644 /* pin the netfs read context in case we need to do the actual netfs * read because we've encountered a cache read failure */ -@@ -411,15 +411,15 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie, +@@ -447,15 +447,15 @@ int __fscache_read_or_alloc_page(struct fscache_cookie *cookie, error: if (ret == -ENOMEM) @@ -47470,7 +51546,7 @@ index 3f7a59b..cf196cc 100644 fscache_put_retrieval(op); _leave(" = %d", ret); -@@ -429,7 +429,7 @@ nobufs_unlock: +@@ -467,7 +467,7 @@ nobufs_unlock: spin_unlock(&cookie->lock); kfree(op); nobufs: @@ -47479,7 +51555,7 @@ index 3f7a59b..cf196cc 100644 _leave(" = -ENOBUFS"); return -ENOBUFS; } -@@ -467,7 +467,7 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie, +@@ -505,7 +505,7 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie, _enter("%p,,%d,,,", cookie, *nr_pages); @@ -47488,8 +51564,8 @@ index 3f7a59b..cf196cc 100644 if (hlist_empty(&cookie->backing_objects)) goto nobufs; -@@ -497,7 +497,7 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie, - goto nobufs_unlock; +@@ -541,7 +541,7 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie, + goto nobufs_unlock_dec; spin_unlock(&cookie->lock); - fscache_stat(&fscache_n_retrieval_ops); @@ -47497,7 +51573,7 @@ index 3f7a59b..cf196cc 100644 /* pin the netfs read context in case we need to do the actual netfs * read because we've encountered a cache read failure */ -@@ -527,15 +527,15 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie, +@@ -571,15 +571,15 @@ int __fscache_read_or_alloc_pages(struct fscache_cookie *cookie, error: if (ret == -ENOMEM) @@ -47518,7 +51594,7 @@ index 3f7a59b..cf196cc 100644 fscache_put_retrieval(op); _leave(" = %d", ret); -@@ -545,7 +545,7 @@ nobufs_unlock: +@@ -591,7 +591,7 @@ nobufs_unlock: spin_unlock(&cookie->lock); kfree(op); nobufs: @@ -47527,7 +51603,7 @@ index 3f7a59b..cf196cc 100644 _leave(" = -ENOBUFS"); return -ENOBUFS; } -@@ -569,7 +569,7 @@ int __fscache_alloc_page(struct fscache_cookie *cookie, +@@ -615,7 +615,7 @@ int __fscache_alloc_page(struct fscache_cookie *cookie, _enter("%p,%p,,,", cookie, page); @@ -47536,7 +51612,7 @@ index 3f7a59b..cf196cc 100644 if (hlist_empty(&cookie->backing_objects)) goto nobufs; -@@ -595,7 +595,7 @@ int __fscache_alloc_page(struct fscache_cookie *cookie, +@@ -647,7 +647,7 @@ int __fscache_alloc_page(struct fscache_cookie *cookie, goto nobufs_unlock; spin_unlock(&cookie->lock); @@ -47545,7 +51621,7 @@ index 3f7a59b..cf196cc 100644 ret = fscache_wait_for_retrieval_activation( object, op, -@@ -611,11 +611,11 @@ int __fscache_alloc_page(struct fscache_cookie *cookie, +@@ -663,11 +663,11 @@ int __fscache_alloc_page(struct fscache_cookie *cookie, error: if (ret == -ERESTARTSYS) @@ -47560,7 +51636,7 @@ index 3f7a59b..cf196cc 100644 fscache_put_retrieval(op); _leave(" = %d", ret); -@@ -625,7 +625,7 @@ nobufs_unlock: +@@ -677,7 +677,7 @@ nobufs_unlock: spin_unlock(&cookie->lock); kfree(op); nobufs: @@ -47569,7 +51645,7 @@ index 3f7a59b..cf196cc 100644 _leave(" = -ENOBUFS"); return -ENOBUFS; } -@@ -666,7 +666,7 @@ static void fscache_write_op(struct fscache_operation *_op) +@@ -736,7 +736,7 @@ static void fscache_write_op(struct fscache_operation *_op) spin_lock(&cookie->stores_lock); @@ -47578,7 +51654,7 @@ index 3f7a59b..cf196cc 100644 /* find a page to store */ page = NULL; -@@ -677,7 +677,7 @@ static void fscache_write_op(struct fscache_operation *_op) +@@ -747,7 +747,7 @@ static void fscache_write_op(struct fscache_operation *_op) page = results[0]; _debug("gang %d [%lx]", n, page->index); if (page->index > op->store_limit) { @@ -47587,7 +51663,7 @@ index 3f7a59b..cf196cc 100644 goto superseded; } -@@ -689,7 +689,7 @@ static void fscache_write_op(struct fscache_operation *_op) +@@ -759,7 +759,7 @@ static void fscache_write_op(struct fscache_operation *_op) spin_unlock(&cookie->stores_lock); spin_unlock(&object->lock); @@ -47596,16 +51672,16 @@ index 3f7a59b..cf196cc 100644 fscache_stat(&fscache_n_cop_write_page); ret = object->cache->ops->write_page(op, page); fscache_stat_d(&fscache_n_cop_write_page); -@@ -757,7 +757,7 @@ int __fscache_write_page(struct fscache_cookie *cookie, +@@ -860,7 +860,7 @@ int __fscache_write_page(struct fscache_cookie *cookie, ASSERTCMP(cookie->def->type, !=, FSCACHE_COOKIE_TYPE_INDEX); ASSERT(PageFsCache(page)); - fscache_stat(&fscache_n_stores); + fscache_stat_unchecked(&fscache_n_stores); - op = kzalloc(sizeof(*op), GFP_NOIO); - if (!op) -@@ -808,7 +808,7 @@ int __fscache_write_page(struct fscache_cookie *cookie, + if (test_bit(FSCACHE_COOKIE_INVALIDATING, &cookie->flags)) { + _leave(" = -ENOBUFS [invalidating]"); +@@ -916,7 +916,7 @@ int __fscache_write_page(struct fscache_cookie *cookie, spin_unlock(&cookie->stores_lock); spin_unlock(&object->lock); @@ -47614,7 +51690,7 @@ index 3f7a59b..cf196cc 100644 op->store_limit = object->store_limit; if (fscache_submit_op(object, &op->op) < 0) -@@ -816,8 +816,8 @@ int __fscache_write_page(struct fscache_cookie *cookie, +@@ -924,8 +924,8 @@ int __fscache_write_page(struct fscache_cookie *cookie, spin_unlock(&cookie->lock); radix_tree_preload_end(); @@ -47625,7 +51701,7 @@ index 3f7a59b..cf196cc 100644 /* the work queue now carries its own ref on the object */ fscache_put_operation(&op->op); -@@ -825,14 +825,14 @@ int __fscache_write_page(struct fscache_cookie *cookie, +@@ -933,14 +933,14 @@ int __fscache_write_page(struct fscache_cookie *cookie, return 0; already_queued: @@ -47642,7 +51718,7 @@ index 3f7a59b..cf196cc 100644 _leave(" = 0"); return 0; -@@ -851,14 +851,14 @@ nobufs: +@@ -959,14 +959,14 @@ nobufs: spin_unlock(&cookie->lock); radix_tree_preload_end(); kfree(op); @@ -47659,7 +51735,7 @@ index 3f7a59b..cf196cc 100644 _leave(" = -ENOMEM"); return -ENOMEM; } -@@ -876,7 +876,7 @@ void __fscache_uncache_page(struct fscache_cookie *cookie, struct page *page) +@@ -984,7 +984,7 @@ void __fscache_uncache_page(struct fscache_cookie *cookie, struct page *page) ASSERTCMP(cookie->def->type, !=, FSCACHE_COOKIE_TYPE_INDEX); ASSERTCMP(page, !=, NULL); @@ -47668,20 +51744,20 @@ index 3f7a59b..cf196cc 100644 /* cache withdrawal may beat us to it */ if (!PageFsCache(page)) -@@ -929,7 +929,7 @@ void fscache_mark_pages_cached(struct fscache_retrieval *op, - unsigned long loop; +@@ -1035,7 +1035,7 @@ void fscache_mark_page_cached(struct fscache_retrieval *op, struct page *page) + struct fscache_cookie *cookie = op->op.object->cookie; #ifdef CONFIG_FSCACHE_STATS -- atomic_add(pagevec->nr, &fscache_n_marks); -+ atomic_add_unchecked(pagevec->nr, &fscache_n_marks); +- atomic_inc(&fscache_n_marks); ++ atomic_inc_unchecked(&fscache_n_marks); #endif - for (loop = 0; loop < pagevec->nr; loop++) { + _debug("- mark %p{%lx}", page, page->index); diff --git a/fs/fscache/stats.c b/fs/fscache/stats.c -index 4765190..2a067f2 100644 +index 8179e8b..5072cc7 100644 --- a/fs/fscache/stats.c +++ b/fs/fscache/stats.c -@@ -18,95 +18,95 @@ +@@ -18,99 +18,99 @@ /* * operation counters */ @@ -47694,13 +51770,27 @@ index 4765190..2a067f2 100644 -atomic_t fscache_n_op_gc; -atomic_t fscache_n_op_cancelled; -atomic_t fscache_n_op_rejected; -- ++atomic_unchecked_t fscache_n_op_pend; ++atomic_unchecked_t fscache_n_op_run; ++atomic_unchecked_t fscache_n_op_enqueue; ++atomic_unchecked_t fscache_n_op_requeue; ++atomic_unchecked_t fscache_n_op_deferred_release; ++atomic_unchecked_t fscache_n_op_release; ++atomic_unchecked_t fscache_n_op_gc; ++atomic_unchecked_t fscache_n_op_cancelled; ++atomic_unchecked_t fscache_n_op_rejected; + -atomic_t fscache_n_attr_changed; -atomic_t fscache_n_attr_changed_ok; -atomic_t fscache_n_attr_changed_nobufs; -atomic_t fscache_n_attr_changed_nomem; -atomic_t fscache_n_attr_changed_calls; -- ++atomic_unchecked_t fscache_n_attr_changed; ++atomic_unchecked_t fscache_n_attr_changed_ok; ++atomic_unchecked_t fscache_n_attr_changed_nobufs; ++atomic_unchecked_t fscache_n_attr_changed_nomem; ++atomic_unchecked_t fscache_n_attr_changed_calls; + -atomic_t fscache_n_allocs; -atomic_t fscache_n_allocs_ok; -atomic_t fscache_n_allocs_wait; @@ -47709,7 +51799,15 @@ index 4765190..2a067f2 100644 -atomic_t fscache_n_allocs_object_dead; -atomic_t fscache_n_alloc_ops; -atomic_t fscache_n_alloc_op_waits; -- ++atomic_unchecked_t fscache_n_allocs; ++atomic_unchecked_t fscache_n_allocs_ok; ++atomic_unchecked_t fscache_n_allocs_wait; ++atomic_unchecked_t fscache_n_allocs_nobufs; ++atomic_unchecked_t fscache_n_allocs_intr; ++atomic_unchecked_t fscache_n_allocs_object_dead; ++atomic_unchecked_t fscache_n_alloc_ops; ++atomic_unchecked_t fscache_n_alloc_op_waits; + -atomic_t fscache_n_retrievals; -atomic_t fscache_n_retrievals_ok; -atomic_t fscache_n_retrievals_wait; @@ -47720,85 +51818,6 @@ index 4765190..2a067f2 100644 -atomic_t fscache_n_retrievals_object_dead; -atomic_t fscache_n_retrieval_ops; -atomic_t fscache_n_retrieval_op_waits; -- --atomic_t fscache_n_stores; --atomic_t fscache_n_stores_ok; --atomic_t fscache_n_stores_again; --atomic_t fscache_n_stores_nobufs; --atomic_t fscache_n_stores_oom; --atomic_t fscache_n_store_ops; --atomic_t fscache_n_store_calls; --atomic_t fscache_n_store_pages; --atomic_t fscache_n_store_radix_deletes; --atomic_t fscache_n_store_pages_over_limit; -- --atomic_t fscache_n_store_vmscan_not_storing; --atomic_t fscache_n_store_vmscan_gone; --atomic_t fscache_n_store_vmscan_busy; --atomic_t fscache_n_store_vmscan_cancelled; -- --atomic_t fscache_n_marks; --atomic_t fscache_n_uncaches; -- --atomic_t fscache_n_acquires; --atomic_t fscache_n_acquires_null; --atomic_t fscache_n_acquires_no_cache; --atomic_t fscache_n_acquires_ok; --atomic_t fscache_n_acquires_nobufs; --atomic_t fscache_n_acquires_oom; -- --atomic_t fscache_n_updates; --atomic_t fscache_n_updates_null; --atomic_t fscache_n_updates_run; -- --atomic_t fscache_n_relinquishes; --atomic_t fscache_n_relinquishes_null; --atomic_t fscache_n_relinquishes_waitcrt; --atomic_t fscache_n_relinquishes_retire; -- --atomic_t fscache_n_cookie_index; --atomic_t fscache_n_cookie_data; --atomic_t fscache_n_cookie_special; -- --atomic_t fscache_n_object_alloc; --atomic_t fscache_n_object_no_alloc; --atomic_t fscache_n_object_lookups; --atomic_t fscache_n_object_lookups_negative; --atomic_t fscache_n_object_lookups_positive; --atomic_t fscache_n_object_lookups_timed_out; --atomic_t fscache_n_object_created; --atomic_t fscache_n_object_avail; --atomic_t fscache_n_object_dead; -- --atomic_t fscache_n_checkaux_none; --atomic_t fscache_n_checkaux_okay; --atomic_t fscache_n_checkaux_update; --atomic_t fscache_n_checkaux_obsolete; -+atomic_unchecked_t fscache_n_op_pend; -+atomic_unchecked_t fscache_n_op_run; -+atomic_unchecked_t fscache_n_op_enqueue; -+atomic_unchecked_t fscache_n_op_requeue; -+atomic_unchecked_t fscache_n_op_deferred_release; -+atomic_unchecked_t fscache_n_op_release; -+atomic_unchecked_t fscache_n_op_gc; -+atomic_unchecked_t fscache_n_op_cancelled; -+atomic_unchecked_t fscache_n_op_rejected; -+ -+atomic_unchecked_t fscache_n_attr_changed; -+atomic_unchecked_t fscache_n_attr_changed_ok; -+atomic_unchecked_t fscache_n_attr_changed_nobufs; -+atomic_unchecked_t fscache_n_attr_changed_nomem; -+atomic_unchecked_t fscache_n_attr_changed_calls; -+ -+atomic_unchecked_t fscache_n_allocs; -+atomic_unchecked_t fscache_n_allocs_ok; -+atomic_unchecked_t fscache_n_allocs_wait; -+atomic_unchecked_t fscache_n_allocs_nobufs; -+atomic_unchecked_t fscache_n_allocs_intr; -+atomic_unchecked_t fscache_n_allocs_object_dead; -+atomic_unchecked_t fscache_n_alloc_ops; -+atomic_unchecked_t fscache_n_alloc_op_waits; -+ +atomic_unchecked_t fscache_n_retrievals; +atomic_unchecked_t fscache_n_retrievals_ok; +atomic_unchecked_t fscache_n_retrievals_wait; @@ -47809,7 +51828,17 @@ index 4765190..2a067f2 100644 +atomic_unchecked_t fscache_n_retrievals_object_dead; +atomic_unchecked_t fscache_n_retrieval_ops; +atomic_unchecked_t fscache_n_retrieval_op_waits; -+ + +-atomic_t fscache_n_stores; +-atomic_t fscache_n_stores_ok; +-atomic_t fscache_n_stores_again; +-atomic_t fscache_n_stores_nobufs; +-atomic_t fscache_n_stores_oom; +-atomic_t fscache_n_store_ops; +-atomic_t fscache_n_store_calls; +-atomic_t fscache_n_store_pages; +-atomic_t fscache_n_store_radix_deletes; +-atomic_t fscache_n_store_pages_over_limit; +atomic_unchecked_t fscache_n_stores; +atomic_unchecked_t fscache_n_stores_ok; +atomic_unchecked_t fscache_n_stores_again; @@ -47820,35 +51849,73 @@ index 4765190..2a067f2 100644 +atomic_unchecked_t fscache_n_store_pages; +atomic_unchecked_t fscache_n_store_radix_deletes; +atomic_unchecked_t fscache_n_store_pages_over_limit; -+ + +-atomic_t fscache_n_store_vmscan_not_storing; +-atomic_t fscache_n_store_vmscan_gone; +-atomic_t fscache_n_store_vmscan_busy; +-atomic_t fscache_n_store_vmscan_cancelled; +-atomic_t fscache_n_store_vmscan_wait; +atomic_unchecked_t fscache_n_store_vmscan_not_storing; +atomic_unchecked_t fscache_n_store_vmscan_gone; +atomic_unchecked_t fscache_n_store_vmscan_busy; +atomic_unchecked_t fscache_n_store_vmscan_cancelled; -+ ++atomic_unchecked_t fscache_n_store_vmscan_wait; + +-atomic_t fscache_n_marks; +-atomic_t fscache_n_uncaches; +atomic_unchecked_t fscache_n_marks; +atomic_unchecked_t fscache_n_uncaches; -+ + +-atomic_t fscache_n_acquires; +-atomic_t fscache_n_acquires_null; +-atomic_t fscache_n_acquires_no_cache; +-atomic_t fscache_n_acquires_ok; +-atomic_t fscache_n_acquires_nobufs; +-atomic_t fscache_n_acquires_oom; +atomic_unchecked_t fscache_n_acquires; +atomic_unchecked_t fscache_n_acquires_null; +atomic_unchecked_t fscache_n_acquires_no_cache; +atomic_unchecked_t fscache_n_acquires_ok; +atomic_unchecked_t fscache_n_acquires_nobufs; +atomic_unchecked_t fscache_n_acquires_oom; -+ + +-atomic_t fscache_n_invalidates; +-atomic_t fscache_n_invalidates_run; ++atomic_unchecked_t fscache_n_invalidates; ++atomic_unchecked_t fscache_n_invalidates_run; + +-atomic_t fscache_n_updates; +-atomic_t fscache_n_updates_null; +-atomic_t fscache_n_updates_run; +atomic_unchecked_t fscache_n_updates; +atomic_unchecked_t fscache_n_updates_null; +atomic_unchecked_t fscache_n_updates_run; -+ + +-atomic_t fscache_n_relinquishes; +-atomic_t fscache_n_relinquishes_null; +-atomic_t fscache_n_relinquishes_waitcrt; +-atomic_t fscache_n_relinquishes_retire; +atomic_unchecked_t fscache_n_relinquishes; +atomic_unchecked_t fscache_n_relinquishes_null; +atomic_unchecked_t fscache_n_relinquishes_waitcrt; +atomic_unchecked_t fscache_n_relinquishes_retire; -+ + +-atomic_t fscache_n_cookie_index; +-atomic_t fscache_n_cookie_data; +-atomic_t fscache_n_cookie_special; +atomic_unchecked_t fscache_n_cookie_index; +atomic_unchecked_t fscache_n_cookie_data; +atomic_unchecked_t fscache_n_cookie_special; -+ + +-atomic_t fscache_n_object_alloc; +-atomic_t fscache_n_object_no_alloc; +-atomic_t fscache_n_object_lookups; +-atomic_t fscache_n_object_lookups_negative; +-atomic_t fscache_n_object_lookups_positive; +-atomic_t fscache_n_object_lookups_timed_out; +-atomic_t fscache_n_object_created; +-atomic_t fscache_n_object_avail; +-atomic_t fscache_n_object_dead; +atomic_unchecked_t fscache_n_object_alloc; +atomic_unchecked_t fscache_n_object_no_alloc; +atomic_unchecked_t fscache_n_object_lookups; @@ -47858,7 +51925,11 @@ index 4765190..2a067f2 100644 +atomic_unchecked_t fscache_n_object_created; +atomic_unchecked_t fscache_n_object_avail; +atomic_unchecked_t fscache_n_object_dead; -+ + +-atomic_t fscache_n_checkaux_none; +-atomic_t fscache_n_checkaux_okay; +-atomic_t fscache_n_checkaux_update; +-atomic_t fscache_n_checkaux_obsolete; +atomic_unchecked_t fscache_n_checkaux_none; +atomic_unchecked_t fscache_n_checkaux_okay; +atomic_unchecked_t fscache_n_checkaux_update; @@ -47866,7 +51937,7 @@ index 4765190..2a067f2 100644 atomic_t fscache_n_cop_alloc_object; atomic_t fscache_n_cop_lookup_object; -@@ -133,113 +133,113 @@ static int fscache_stats_show(struct seq_file *m, void *v) +@@ -138,118 +138,118 @@ static int fscache_stats_show(struct seq_file *m, void *v) seq_puts(m, "FS-Cache statistics\n"); seq_printf(m, "Cookies: idx=%u dat=%u spc=%u\n", @@ -47929,6 +52000,12 @@ index 4765190..2a067f2 100644 + atomic_read_unchecked(&fscache_n_object_created), + atomic_read_unchecked(&fscache_n_object_lookups_timed_out)); + seq_printf(m, "Invals : n=%u run=%u\n", +- atomic_read(&fscache_n_invalidates), +- atomic_read(&fscache_n_invalidates_run)); ++ atomic_read_unchecked(&fscache_n_invalidates), ++ atomic_read_unchecked(&fscache_n_invalidates_run)); + seq_printf(m, "Updates: n=%u nul=%u run=%u\n", - atomic_read(&fscache_n_updates), - atomic_read(&fscache_n_updates_null), @@ -48025,15 +52102,17 @@ index 4765190..2a067f2 100644 + atomic_read_unchecked(&fscache_n_store_radix_deletes), + atomic_read_unchecked(&fscache_n_store_pages_over_limit)); - seq_printf(m, "VmScan : nos=%u gon=%u bsy=%u can=%u\n", + seq_printf(m, "VmScan : nos=%u gon=%u bsy=%u can=%u wt=%u\n", - atomic_read(&fscache_n_store_vmscan_not_storing), - atomic_read(&fscache_n_store_vmscan_gone), - atomic_read(&fscache_n_store_vmscan_busy), -- atomic_read(&fscache_n_store_vmscan_cancelled)); +- atomic_read(&fscache_n_store_vmscan_cancelled), +- atomic_read(&fscache_n_store_vmscan_wait)); + atomic_read_unchecked(&fscache_n_store_vmscan_not_storing), + atomic_read_unchecked(&fscache_n_store_vmscan_gone), + atomic_read_unchecked(&fscache_n_store_vmscan_busy), -+ atomic_read_unchecked(&fscache_n_store_vmscan_cancelled)); ++ atomic_read_unchecked(&fscache_n_store_vmscan_cancelled), ++ atomic_read_unchecked(&fscache_n_store_vmscan_wait)); seq_printf(m, "Ops : pend=%u run=%u enq=%u can=%u rej=%u\n", - atomic_read(&fscache_n_op_pend), @@ -48057,10 +52136,10 @@ index 4765190..2a067f2 100644 seq_printf(m, "CacheOp: alo=%d luo=%d luc=%d gro=%d\n", atomic_read(&fscache_n_cop_alloc_object), diff --git a/fs/fuse/cuse.c b/fs/fuse/cuse.c -index ee8d550..7189d8c 100644 +index e397b67..b0d8709 100644 --- a/fs/fuse/cuse.c +++ b/fs/fuse/cuse.c -@@ -585,10 +585,12 @@ static int __init cuse_init(void) +@@ -593,10 +593,12 @@ static int __init cuse_init(void) INIT_LIST_HEAD(&cuse_conntbl[i]); /* inherit and extend fuse_dev_operations */ @@ -48078,10 +52157,10 @@ index ee8d550..7189d8c 100644 cuse_class = class_create(THIS_MODULE, "cuse"); if (IS_ERR(cuse_class)) diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c -index f4246cf..b4aed1d 100644 +index e83351a..41e3c9c 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c -@@ -1242,7 +1242,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos, +@@ -1236,7 +1236,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos, ret = 0; pipe_lock(pipe); @@ -48091,7 +52170,7 @@ index f4246cf..b4aed1d 100644 if (!ret) ret = -EPIPE; diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c -index 68cc9ef..ce0f6c0 100644 +index 315e1f8..91f890c 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c @@ -1233,7 +1233,7 @@ static char *read_link(struct dentry *dentry) @@ -48104,10 +52183,10 @@ index 68cc9ef..ce0f6c0 100644 if (!IS_ERR(link)) free_page((unsigned long) link); diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c -index 753af3d..f7b021a 100644 +index 2b6f569..fcb4d1f 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c -@@ -1498,7 +1498,7 @@ out: +@@ -1499,7 +1499,7 @@ out: static void gfs2_put_link(struct dentry *dentry, struct nameidata *nd, void *p) { @@ -48116,69 +52195,58 @@ index 753af3d..f7b021a 100644 if (!IS_ERR(s)) kfree(s); } -diff --git a/fs/gfs2/quota.c b/fs/gfs2/quota.c -index a3bde91..2524579 100644 ---- a/fs/gfs2/quota.c -+++ b/fs/gfs2/quota.c -@@ -497,8 +497,11 @@ int gfs2_quota_hold(struct gfs2_inode *ip, u32 uid, u32 gid) - struct gfs2_quota_data **qd; - int error; - -- if (ip->i_res == NULL) -- gfs2_rs_alloc(ip); -+ if (ip->i_res == NULL) { -+ error = gfs2_rs_alloc(ip); -+ if (error) -+ return error; -+ } - - qd = ip->i_res->rs_qa_qd; - -diff --git a/fs/gfs2/rgrp.c b/fs/gfs2/rgrp.c -index c9ed814..4a45d5f 100644 ---- a/fs/gfs2/rgrp.c -+++ b/fs/gfs2/rgrp.c -@@ -477,7 +477,6 @@ void gfs2_free_clones(struct gfs2_rgrpd *rgd) - */ - int gfs2_rs_alloc(struct gfs2_inode *ip) - { -- int error = 0; - struct gfs2_blkreserv *res; - - if (ip->i_res) -@@ -485,7 +484,7 @@ int gfs2_rs_alloc(struct gfs2_inode *ip) - - res = kmem_cache_zalloc(gfs2_rsrv_cachep, GFP_NOFS); - if (!res) -- error = -ENOMEM; -+ return -ENOMEM; - - down_write(&ip->i_rw_mutex); - if (ip->i_res) -@@ -493,7 +492,7 @@ int gfs2_rs_alloc(struct gfs2_inode *ip) - else - ip->i_res = res; - up_write(&ip->i_rw_mutex); -- return error; -+ return 0; - } - - static void dump_rs(struct seq_file *seq, struct gfs2_blkreserv *rs) diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c -index 8349a89..51a0254 100644 +index 78bde32..767e906 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c -@@ -920,7 +920,7 @@ static struct file_system_type hugetlbfs_fs_type = { +@@ -152,6 +152,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, + struct mm_struct *mm = current->mm; + struct vm_area_struct *vma; + struct hstate *h = hstate_file(file); ++ unsigned long offset = gr_rand_threadstack_offset(mm, file, flags); + struct vm_unmapped_area_info info; + + if (len & ~huge_page_mask(h)) +@@ -165,17 +166,26 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, + return addr; + } + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ + if (addr) { + addr = ALIGN(addr, huge_page_size(h)); + vma = find_vma(mm, addr); +- if (TASK_SIZE - len >= addr && +- (!vma || addr + len <= vma->vm_start)) ++ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) + return addr; + } + + info.flags = 0; + info.length = len; + info.low_limit = TASK_UNMAPPED_BASE; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = TASK_SIZE; + info.align_mask = PAGE_MASK & ~huge_page_mask(h); + info.align_offset = 0; +@@ -897,7 +907,7 @@ static struct file_system_type hugetlbfs_fs_type = { .kill_sb = kill_litter_super, }; --static struct vfsmount *hugetlbfs_vfsmount; -+struct vfsmount *hugetlbfs_vfsmount; +-static struct vfsmount *hugetlbfs_vfsmount[HUGE_MAX_HSTATE]; ++struct vfsmount *hugetlbfs_vfsmount[HUGE_MAX_HSTATE]; static int can_do_hugetlb_shm(void) { diff --git a/fs/inode.c b/fs/inode.c -index 7c14897..d40169e 100644 +index 14084b7..29af1d9 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -880,8 +880,8 @@ unsigned int get_next_ino(void) @@ -48221,10 +52289,28 @@ index a6597d6..41b30ec 100644 /* diff --git a/fs/jfs/super.c b/fs/jfs/super.c -index c55c745..f67ee56 100644 +index 1a543be..a4e1363 100644 --- a/fs/jfs/super.c +++ b/fs/jfs/super.c -@@ -806,7 +806,7 @@ static int __init init_jfs_fs(void) +@@ -225,7 +225,7 @@ static const match_table_t tokens = { + static int parse_options(char *options, struct super_block *sb, s64 *newLVSize, + int *flag) + { +- void *nls_map = (void *)-1; /* -1: no change; NULL: none */ ++ const void *nls_map = (const void *)-1; /* -1: no change; NULL: none */ + char *p; + struct jfs_sb_info *sbi = JFS_SBI(sb); + +@@ -253,7 +253,7 @@ static int parse_options(char *options, struct super_block *sb, s64 *newLVSize, + /* Don't do anything ;-) */ + break; + case Opt_iocharset: +- if (nls_map && nls_map != (void *) -1) ++ if (nls_map && nls_map != (const void *) -1) + unload_nls(nls_map); + if (!strcmp(args[0].from, "none")) + nls_map = NULL; +@@ -855,7 +855,7 @@ static int __init init_jfs_fs(void) jfs_inode_cachep = kmem_cache_create("jfs_ip", sizeof(struct jfs_inode_info), 0, @@ -48234,7 +52320,7 @@ index c55c745..f67ee56 100644 if (jfs_inode_cachep == NULL) return -ENOMEM; diff --git a/fs/libfs.c b/fs/libfs.c -index a74cb17..37fcbe4 100644 +index 916da8c..1588998 100644 --- a/fs/libfs.c +++ b/fs/libfs.c @@ -165,6 +165,9 @@ int dcache_readdir(struct file * filp, void * dirent, filldir_t filldir) @@ -48262,7 +52348,7 @@ index a74cb17..37fcbe4 100644 next->d_inode->i_ino, dt_type(next->d_inode)) < 0) diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c -index a5657ff..fc58725 100644 +index 52e5120..808936e 100644 --- a/fs/lockd/clntproc.c +++ b/fs/lockd/clntproc.c @@ -36,11 +36,11 @@ static const struct rpc_call_ops nlmclnt_cancel_ops; @@ -48280,10 +52366,10 @@ index a5657ff..fc58725 100644 memcpy(c->data, &cookie, 4); c->len=4; diff --git a/fs/locks.c b/fs/locks.c -index 7e81bfc..c3649aa 100644 +index a94e331..060bce3 100644 --- a/fs/locks.c +++ b/fs/locks.c -@@ -2066,16 +2066,16 @@ void locks_remove_flock(struct file *filp) +@@ -2064,16 +2064,16 @@ void locks_remove_flock(struct file *filp) return; if (filp->f_op && filp->f_op->flock) { @@ -48305,10 +52391,10 @@ index 7e81bfc..c3649aa 100644 lock_flocks(); diff --git a/fs/namei.c b/fs/namei.c -index 091c4b7..eb220a4 100644 +index 43a97ee..4e585fd 100644 --- a/fs/namei.c +++ b/fs/namei.c -@@ -265,16 +265,32 @@ int generic_permission(struct inode *inode, int mask) +@@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask) if (ret != -EACCES) return ret; @@ -48344,7 +52430,7 @@ index 091c4b7..eb220a4 100644 * Read/write DACs are always overridable. * Executable DACs are overridable when there is * at least one exec bit set. -@@ -283,14 +299,6 @@ int generic_permission(struct inode *inode, int mask) +@@ -337,14 +353,6 @@ int generic_permission(struct inode *inode, int mask) if (inode_capable(inode, CAP_DAC_OVERRIDE)) return 0; @@ -48359,7 +52445,7 @@ index 091c4b7..eb220a4 100644 return -EACCES; } -@@ -772,7 +780,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p) +@@ -826,7 +834,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p) { struct dentry *dentry = link->dentry; int error; @@ -48368,7 +52454,7 @@ index 091c4b7..eb220a4 100644 BUG_ON(nd->flags & LOOKUP_RCU); -@@ -793,6 +801,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p) +@@ -847,6 +855,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p) if (error) goto out_put_nd_path; @@ -48381,7 +52467,7 @@ index 091c4b7..eb220a4 100644 nd->last_type = LAST_BIND; *p = dentry->d_inode->i_op->follow_link(dentry, nd); error = PTR_ERR(*p); -@@ -1550,6 +1564,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) +@@ -1596,6 +1610,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) break; res = walk_component(nd, path, &nd->last, nd->last_type, LOOKUP_FOLLOW); @@ -48390,7 +52476,7 @@ index 091c4b7..eb220a4 100644 put_link(nd, &link, cookie); } while (res > 0); -@@ -1648,7 +1664,7 @@ EXPORT_SYMBOL(full_name_hash); +@@ -1694,7 +1710,7 @@ EXPORT_SYMBOL(full_name_hash); static inline unsigned long hash_name(const char *name, unsigned int *hashp) { unsigned long a, b, adata, bdata, mask, hash, len; @@ -48399,7 +52485,7 @@ index 091c4b7..eb220a4 100644 hash = a = 0; len = -sizeof(unsigned long); -@@ -1943,6 +1959,8 @@ static int path_lookupat(int dfd, const char *name, +@@ -1979,6 +1995,8 @@ static int path_lookupat(int dfd, const char *name, if (err) break; err = lookup_last(nd, &path); @@ -48408,21 +52494,19 @@ index 091c4b7..eb220a4 100644 put_link(nd, &link, cookie); } } -@@ -1950,6 +1968,21 @@ static int path_lookupat(int dfd, const char *name, +@@ -1986,6 +2004,19 @@ static int path_lookupat(int dfd, const char *name, if (!err) err = complete_walk(nd); -+ if (!(nd->flags & LOOKUP_PARENT)) { ++ if (!err && !(nd->flags & LOOKUP_PARENT)) { +#ifdef CONFIG_GRKERNSEC + if (flags & LOOKUP_RCU) { -+ if (!err) -+ path_put(&nd->path); ++ path_put(&nd->path); + err = -ECHILD; + } else +#endif + if (!gr_acl_handle_hidden_file(nd->path.dentry, nd->path.mnt)) { -+ if (!err) -+ path_put(&nd->path); ++ path_put(&nd->path); + err = -ENOENT; + } + } @@ -48430,11 +52514,13 @@ index 091c4b7..eb220a4 100644 if (!err && nd->flags & LOOKUP_DIRECTORY) { if (!nd->inode->i_op->lookup) { path_put(&nd->path); -@@ -1977,6 +2010,15 @@ static int do_path_lookup(int dfd, const char *name, - retval = path_lookupat(dfd, name, flags | LOOKUP_REVAL, nd); +@@ -2013,8 +2044,17 @@ static int filename_lookup(int dfd, struct filename *name, + retval = path_lookupat(dfd, name->name, + flags | LOOKUP_REVAL, nd); - if (likely(!retval)) { -+ if (*name != '/' && nd->path.dentry && nd->inode) { +- if (likely(!retval)) ++ if (likely(!retval)) { ++ if (name->name[0] != '/' && nd->path.dentry && nd->inode) { +#ifdef CONFIG_GRKERNSEC + if (flags & LOOKUP_RCU) + return -ECHILD; @@ -48442,23 +52528,12 @@ index 091c4b7..eb220a4 100644 + if (!gr_chroot_fchdir(nd->path.dentry, nd->path.mnt)) + return -ENOENT; + } -+ - if (unlikely(!audit_dummy_context())) { - if (nd->path.dentry && nd->inode) - audit_inode(name, nd->path.dentry); -@@ -2076,6 +2118,11 @@ struct dentry *lookup_one_len(const char *name, struct dentry *base, int len) - if (!len) - return ERR_PTR(-EACCES); - -+ if (unlikely(name[0] == '.')) { -+ if (len < 2 || (len == 2 && name[1] == '.')) -+ return ERR_PTR(-EACCES); + audit_inode(name, nd->path.dentry, flags & LOOKUP_PARENT); + } -+ - while (len--) { - c = *(const unsigned char *)name++; - if (c == '/' || c == '\0') -@@ -2336,6 +2383,13 @@ static int may_open(struct path *path, int acc_mode, int flag) + return retval; + } + +@@ -2392,6 +2432,13 @@ static int may_open(struct path *path, int acc_mode, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; @@ -48472,7 +52547,7 @@ index 091c4b7..eb220a4 100644 return 0; } -@@ -2557,7 +2611,7 @@ looked_up: +@@ -2613,7 +2660,7 @@ looked_up: * cleared otherwise prior to returning. */ static int lookup_open(struct nameidata *nd, struct path *path, @@ -48481,7 +52556,7 @@ index 091c4b7..eb220a4 100644 const struct open_flags *op, bool got_write, int *opened) { -@@ -2592,6 +2646,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2648,6 +2695,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode && (op->open_flag & O_CREAT)) { umode_t mode = op->mode; @@ -48499,7 +52574,7 @@ index 091c4b7..eb220a4 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2613,6 +2678,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2669,6 +2727,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, nd->flags & LOOKUP_EXCL); if (error) goto out_dput; @@ -48508,16 +52583,16 @@ index 091c4b7..eb220a4 100644 } out_no_open: path->dentry = dentry; -@@ -2627,7 +2694,7 @@ out_dput: +@@ -2683,7 +2743,7 @@ out_dput: /* * Handle the last step of open() */ -static int do_last(struct nameidata *nd, struct path *path, +static int do_last(struct nameidata *nd, struct path *path, struct path *link, struct file *file, const struct open_flags *op, - int *opened, const char *pathname) + int *opened, struct filename *name) { -@@ -2656,16 +2723,44 @@ static int do_last(struct nameidata *nd, struct path *path, +@@ -2712,16 +2772,44 @@ static int do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return error; @@ -48531,7 +52606,7 @@ index 091c4b7..eb220a4 100644 + error = -ENOENT; + goto out; + } - audit_inode(pathname, nd->path.dentry); + audit_inode(name, nd->path.dentry, 0); if (open_flag & O_CREAT) { error = -EISDIR; goto out; @@ -48559,10 +52634,10 @@ index 091c4b7..eb220a4 100644 + error = -EACCES; + goto out; + } - audit_inode(pathname, dir); + audit_inode(name, dir, 0); goto finish_open; } -@@ -2714,7 +2809,7 @@ retry_lookup: +@@ -2770,7 +2858,7 @@ retry_lookup: */ } mutex_lock(&dir->d_inode->i_mutex); @@ -48571,7 +52646,7 @@ index 091c4b7..eb220a4 100644 mutex_unlock(&dir->d_inode->i_mutex); if (error <= 0) { -@@ -2738,11 +2833,28 @@ retry_lookup: +@@ -2794,11 +2882,28 @@ retry_lookup: goto finish_open_created; } @@ -48596,12 +52671,12 @@ index 091c4b7..eb220a4 100644 + goto exit_dput; + } + - audit_inode(pathname, path->dentry); + audit_inode(name, path->dentry, 0); + } /* * If atomic_open() acquired write access it is dropped now due to -@@ -2783,6 +2895,11 @@ finish_lookup: +@@ -2839,6 +2944,11 @@ finish_lookup: } } BUG_ON(inode != path->dentry->d_inode); @@ -48613,7 +52688,7 @@ index 091c4b7..eb220a4 100644 return 1; } -@@ -2792,7 +2909,6 @@ finish_lookup: +@@ -2848,7 +2958,6 @@ finish_lookup: save_parent.dentry = nd->path.dentry; save_parent.mnt = mntget(path->mnt); nd->path.dentry = path->dentry; @@ -48621,7 +52696,7 @@ index 091c4b7..eb220a4 100644 } nd->inode = inode; /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ -@@ -2801,6 +2917,22 @@ finish_lookup: +@@ -2857,6 +2966,22 @@ finish_lookup: path_put(&save_parent); return error; } @@ -48644,7 +52719,7 @@ index 091c4b7..eb220a4 100644 error = -EISDIR; if ((open_flag & O_CREAT) && S_ISDIR(nd->inode->i_mode)) goto out; -@@ -2899,7 +3031,7 @@ static struct file *path_openat(int dfd, const char *pathname, +@@ -2955,7 +3080,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, if (unlikely(error)) goto out; @@ -48653,7 +52728,7 @@ index 091c4b7..eb220a4 100644 while (unlikely(error > 0)) { /* trailing symlink */ struct path link = path; void *cookie; -@@ -2917,7 +3049,7 @@ static struct file *path_openat(int dfd, const char *pathname, +@@ -2973,7 +3098,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) break; @@ -48662,7 +52737,7 @@ index 091c4b7..eb220a4 100644 put_link(nd, &link, cookie); } out: -@@ -3006,8 +3138,12 @@ struct dentry *kern_path_create(int dfd, const char *pathname, struct path *path +@@ -3073,8 +3198,12 @@ struct dentry *kern_path_create(int dfd, const char *pathname, goto unlock; error = -EEXIST; @@ -48676,17 +52751,17 @@ index 091c4b7..eb220a4 100644 /* * Special case - lookup gave negative, but... we had foo/bar/ * From the vfs_mknod() POV we just have a negative dentry - -@@ -3058,6 +3194,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, struct pat +@@ -3126,6 +3255,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); -+static struct dentry *user_path_create_with_name(int dfd, const char __user *pathname, struct path *path, char **to, int is_dir) ++static struct dentry *user_path_create_with_name(int dfd, const char __user *pathname, struct path *path, struct filename **to, unsigned int lookup_flags) +{ -+ char *tmp = getname(pathname); ++ struct filename *tmp = getname(pathname); + struct dentry *res; + if (IS_ERR(tmp)) + return ERR_CAST(tmp); -+ res = kern_path_create(dfd, tmp, path, is_dir); ++ res = kern_path_create(dfd, tmp->name, path, lookup_flags); + if (IS_ERR(res)) + putname(tmp); + else @@ -48697,7 +52772,7 @@ index 091c4b7..eb220a4 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -3119,6 +3269,17 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode, +@@ -3188,6 +3331,17 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -48715,25 +52790,23 @@ index 091c4b7..eb220a4 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out; -@@ -3135,6 +3296,8 @@ SYSCALL_DEFINE4(mknodat, int, dfd, const char __user *, filename, umode_t, mode, +@@ -3204,6 +3358,8 @@ retry: break; } out: + if (!error) + gr_handle_create(dentry, path.mnt); done_path_create(&path, dentry); - return error; - } -@@ -3181,9 +3344,18 @@ SYSCALL_DEFINE3(mkdirat, int, dfd, const char __user *, pathname, umode_t, mode) + if (retry_estale(error, lookup_flags)) { + lookup_flags |= LOOKUP_REVAL; +@@ -3256,9 +3412,16 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); -+ + if (!gr_acl_handle_mkdir(dentry, path.dentry, path.mnt)) { + error = -EACCES; + goto out; + } -+ error = security_path_mkdir(&path, dentry, mode); if (!error) error = vfs_mkdir(path.dentry->d_inode, dentry, mode); @@ -48741,18 +52814,18 @@ index 091c4b7..eb220a4 100644 + gr_handle_create(dentry, path.mnt); +out: done_path_create(&path, dentry); - return error; - } -@@ -3260,6 +3432,8 @@ static long do_rmdir(int dfd, const char __user *pathname) - char * name; + if (retry_estale(error, lookup_flags)) { + lookup_flags |= LOOKUP_REVAL; +@@ -3339,6 +3502,8 @@ static long do_rmdir(int dfd, const char __user *pathname) + struct filename *name; struct dentry *dentry; struct nameidata nd; + ino_t saved_ino = 0; + dev_t saved_dev = 0; - - error = user_path_parent(dfd, pathname, &nd, &name); - if (error) -@@ -3291,10 +3465,21 @@ static long do_rmdir(int dfd, const char __user *pathname) + unsigned int lookup_flags = 0; + retry: + name = user_path_parent(dfd, pathname, &nd, lookup_flags); +@@ -3371,10 +3536,21 @@ retry: error = -ENOENT; goto exit3; } @@ -48774,16 +52847,16 @@ index 091c4b7..eb220a4 100644 exit3: dput(dentry); exit2: -@@ -3356,6 +3541,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -3440,6 +3616,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct dentry *dentry; struct nameidata nd; struct inode *inode = NULL; + ino_t saved_ino = 0; + dev_t saved_dev = 0; - - error = user_path_parent(dfd, pathname, &nd, &name); - if (error) -@@ -3381,10 +3568,22 @@ static long do_unlinkat(int dfd, const char __user *pathname) + unsigned int lookup_flags = 0; + retry: + name = user_path_parent(dfd, pathname, &nd, lookup_flags); +@@ -3466,10 +3644,22 @@ retry: if (!inode) goto slashes; ihold(inode); @@ -48806,7 +52879,7 @@ index 091c4b7..eb220a4 100644 exit2: dput(dentry); } -@@ -3456,9 +3655,17 @@ SYSCALL_DEFINE3(symlinkat, const char __user *, oldname, +@@ -3547,9 +3737,17 @@ retry: if (IS_ERR(dentry)) goto out_putname; @@ -48815,33 +52888,33 @@ index 091c4b7..eb220a4 100644 + goto out; + } + - error = security_path_symlink(&path, dentry, from); + error = security_path_symlink(&path, dentry, from->name); if (!error) - error = vfs_symlink(path.dentry->d_inode, dentry, from); + error = vfs_symlink(path.dentry->d_inode, dentry, from->name); + if (!error) + gr_handle_create(dentry, path.mnt); +out: done_path_create(&path, dentry); - out_putname: - putname(from); -@@ -3528,6 +3735,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, + if (retry_estale(error, lookup_flags)) { + lookup_flags |= LOOKUP_REVAL; +@@ -3623,6 +3821,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, { struct dentry *new_dentry; struct path old_path, new_path; -+ char *to = NULL; ++ struct filename *to = NULL; int how = 0; int error; -@@ -3551,7 +3759,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3646,7 +3845,7 @@ retry: if (error) return error; -- new_dentry = user_path_create(newdfd, newname, &new_path, 0); -+ new_dentry = user_path_create_with_name(newdfd, newname, &new_path, &to, 0); +- new_dentry = user_path_create(newdfd, newname, &new_path, ++ new_dentry = user_path_create_with_name(newdfd, newname, &new_path, &to, + (how & LOOKUP_REVAL)); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) - goto out; -@@ -3562,11 +3770,28 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3658,11 +3857,28 @@ retry: error = may_linkat(&old_path); if (unlikely(error)) goto out_dput; @@ -48868,9 +52941,9 @@ index 091c4b7..eb220a4 100644 out_dput: + putname(to); done_path_create(&new_path, new_dentry); - out: - path_put(&old_path); -@@ -3802,12 +4027,21 @@ SYSCALL_DEFINE4(renameat, int, olddfd, const char __user *, oldname, + if (retry_estale(error, how)) { + how |= LOOKUP_REVAL; +@@ -3908,12 +4124,21 @@ retry: if (new_dentry == trap) goto exit5; @@ -48892,7 +52965,7 @@ index 091c4b7..eb220a4 100644 exit5: dput(new_dentry); exit4: -@@ -3832,6 +4066,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -3945,6 +4170,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -48901,7 +52974,7 @@ index 091c4b7..eb220a4 100644 int len; len = PTR_ERR(link); -@@ -3841,7 +4077,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -3954,7 +4181,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -48918,10 +52991,10 @@ index 091c4b7..eb220a4 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index 7bdf790..eb79c4b 100644 +index a51054f..f9b53e5 100644 --- a/fs/namespace.c +++ b/fs/namespace.c -@@ -1212,6 +1212,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1215,6 +1215,9 @@ static int do_umount(struct mount *mnt, int flags) if (!(sb->s_flags & MS_RDONLY)) retval = do_remount_sb(sb, MS_RDONLY, NULL, 0); up_write(&sb->s_umount); @@ -48931,7 +53004,7 @@ index 7bdf790..eb79c4b 100644 return retval; } -@@ -1231,6 +1234,9 @@ static int do_umount(struct mount *mnt, int flags) +@@ -1234,6 +1237,9 @@ static int do_umount(struct mount *mnt, int flags) br_write_unlock(&vfsmount_lock); up_write(&namespace_sem); release_mounts(&umount_list); @@ -48941,7 +53014,7 @@ index 7bdf790..eb79c4b 100644 return retval; } -@@ -2244,6 +2250,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, +@@ -2287,6 +2293,16 @@ long do_mount(const char *dev_name, const char *dir_name, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -48958,7 +53031,7 @@ index 7bdf790..eb79c4b 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2258,6 +2274,9 @@ long do_mount(char *dev_name, char *dir_name, char *type_page, +@@ -2301,6 +2317,9 @@ long do_mount(const char *dev_name, const char *dir_name, dev_name, data_page); dput_out: path_put(&path); @@ -48968,7 +53041,7 @@ index 7bdf790..eb79c4b 100644 return retval; } -@@ -2516,6 +2535,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2587,6 +2606,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -48980,43 +53053,33 @@ index 7bdf790..eb79c4b 100644 get_fs_root(current->fs, &root); error = lock_mount(&old); if (error) -diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c -index e210a66..8b2d07c 100644 ---- a/fs/nfs/dir.c -+++ b/fs/nfs/dir.c -@@ -450,7 +450,8 @@ void nfs_prime_dcache(struct dentry *parent, struct nfs_entry *entry) - nfs_refresh_inode(dentry->d_inode, entry->fattr); - goto out; - } else { -- d_drop(dentry); -+ if (d_invalidate(dentry) != 0) -+ goto out; - dput(dentry); - } - } -@@ -1100,6 +1101,8 @@ out_set_verifier: - out_zap_parent: - nfs_zap_caches(dir); - out_bad: -+ nfs_free_fattr(fattr); -+ nfs_free_fhandle(fhandle); - nfs_mark_for_revalidate(dir); - if (inode && S_ISDIR(inode->i_mode)) { - /* Purge readdir caches. */ -@@ -1112,8 +1115,6 @@ out_zap_parent: - shrink_dcache_parent(dentry); - } - d_drop(dentry); -- nfs_free_fattr(fattr); -- nfs_free_fhandle(fhandle); - dput(parent); - dfprintk(LOOKUPCACHE, "NFS: %s(%s/%s) is invalid\n", - __func__, dentry->d_parent->d_name.name, +@@ -2790,7 +2814,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) + !nsown_capable(CAP_SYS_ADMIN)) + return -EPERM; + +- if (fs->users != 1) ++ if (atomic_read(&fs->users) != 1) + return -EINVAL; + + get_mnt_ns(mnt_ns); +diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c +index 59461c9..b17c57e 100644 +--- a/fs/nfs/callback_xdr.c ++++ b/fs/nfs/callback_xdr.c +@@ -51,7 +51,7 @@ struct callback_op { + callback_decode_arg_t decode_args; + callback_encode_res_t encode_res; + long res_maxsize; +-}; ++} __do_const; + + static struct callback_op callback_ops[]; + diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c -index 9b47610..066975e 100644 +index ebeb94c..ff35337 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c -@@ -1026,16 +1026,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt +@@ -1042,16 +1042,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt return nfs_size_to_loff_t(fattr->size) > i_size_read(inode); } @@ -49036,11 +53099,55 @@ index 9b47610..066975e 100644 } void nfs_fattr_init(struct nfs_fattr *fattr) +diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c +index 9d1c5db..1e13db8 100644 +--- a/fs/nfsd/nfs4proc.c ++++ b/fs/nfsd/nfs4proc.c +@@ -1097,7 +1097,7 @@ struct nfsd4_operation { + nfsd4op_rsize op_rsize_bop; + stateid_getter op_get_currentstateid; + stateid_setter op_set_currentstateid; +-}; ++} __do_const; + + static struct nfsd4_operation nfsd4_ops[]; + +diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c +index 0dc1158..ccf0338 100644 +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -1456,7 +1456,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) + + typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *); + +-static nfsd4_dec nfsd4_dec_ops[] = { ++static const nfsd4_dec nfsd4_dec_ops[] = { + [OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access, + [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close, + [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit, +@@ -1496,7 +1496,7 @@ static nfsd4_dec nfsd4_dec_ops[] = { + [OP_RELEASE_LOCKOWNER] = (nfsd4_dec)nfsd4_decode_release_lockowner, + }; + +-static nfsd4_dec nfsd41_dec_ops[] = { ++static const nfsd4_dec nfsd41_dec_ops[] = { + [OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access, + [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close, + [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit, +@@ -1558,7 +1558,7 @@ static nfsd4_dec nfsd41_dec_ops[] = { + }; + + struct nfsd4_minorversion_ops { +- nfsd4_dec *decoders; ++ const nfsd4_dec *decoders; + int nops; + }; + diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c -index e1b40c7..8c5b97b 100644 +index d586117..143d568 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c -@@ -941,7 +941,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, +@@ -939,7 +939,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, } else { oldfs = get_fs(); set_fs(KERNEL_DS); @@ -49049,7 +53156,7 @@ index e1b40c7..8c5b97b 100644 set_fs(oldfs); } -@@ -1045,7 +1045,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, +@@ -1025,7 +1025,7 @@ nfsd_vfs_write(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, /* Write the data. */ oldfs = get_fs(); set_fs(KERNEL_DS); @@ -49058,31 +53165,115 @@ index e1b40c7..8c5b97b 100644 set_fs(oldfs); if (host_err < 0) goto out_nfserr; -@@ -1587,7 +1587,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) +@@ -1571,7 +1571,7 @@ nfsd_readlink(struct svc_rqst *rqstp, struct svc_fh *fhp, char *buf, int *lenp) */ oldfs = get_fs(); set_fs(KERNEL_DS); -- host_err = inode->i_op->readlink(path.dentry, buf, *lenp); +- host_err = inode->i_op->readlink(path.dentry, (char __user *)buf, *lenp); + host_err = inode->i_op->readlink(path.dentry, (char __force_user *)buf, *lenp); set_fs(oldfs); if (host_err < 0) +diff --git a/fs/nls/nls_base.c b/fs/nls/nls_base.c +index fea6bd5..8ee9d81 100644 +--- a/fs/nls/nls_base.c ++++ b/fs/nls/nls_base.c +@@ -234,20 +234,22 @@ EXPORT_SYMBOL(utf16s_to_utf8s); + + int register_nls(struct nls_table * nls) + { +- struct nls_table ** tmp = &tables; ++ struct nls_table *tmp = tables; + + if (nls->next) + return -EBUSY; + + spin_lock(&nls_lock); +- while (*tmp) { +- if (nls == *tmp) { ++ while (tmp) { ++ if (nls == tmp) { + spin_unlock(&nls_lock); + return -EBUSY; + } +- tmp = &(*tmp)->next; ++ tmp = tmp->next; + } +- nls->next = tables; ++ pax_open_kernel(); ++ *(struct nls_table **)&nls->next = tables; ++ pax_close_kernel(); + tables = nls; + spin_unlock(&nls_lock); + return 0; +@@ -255,12 +257,14 @@ int register_nls(struct nls_table * nls) + + int unregister_nls(struct nls_table * nls) + { +- struct nls_table ** tmp = &tables; ++ struct nls_table * const * tmp = &tables; + + spin_lock(&nls_lock); + while (*tmp) { + if (nls == *tmp) { +- *tmp = nls->next; ++ pax_open_kernel(); ++ *(struct nls_table **)tmp = nls->next; ++ pax_close_kernel(); + spin_unlock(&nls_lock); + return 0; + } +diff --git a/fs/nls/nls_euc-jp.c b/fs/nls/nls_euc-jp.c +index 7424929..35f6be5 100644 +--- a/fs/nls/nls_euc-jp.c ++++ b/fs/nls/nls_euc-jp.c +@@ -561,8 +561,10 @@ static int __init init_nls_euc_jp(void) + p_nls = load_nls("cp932"); + + if (p_nls) { +- table.charset2upper = p_nls->charset2upper; +- table.charset2lower = p_nls->charset2lower; ++ pax_open_kernel(); ++ *(const unsigned char **)&table.charset2upper = p_nls->charset2upper; ++ *(const unsigned char **)&table.charset2lower = p_nls->charset2lower; ++ pax_close_kernel(); + return register_nls(&table); + } + +diff --git a/fs/nls/nls_koi8-ru.c b/fs/nls/nls_koi8-ru.c +index e7bc1d7..06bd4bb 100644 +--- a/fs/nls/nls_koi8-ru.c ++++ b/fs/nls/nls_koi8-ru.c +@@ -63,8 +63,10 @@ static int __init init_nls_koi8_ru(void) + p_nls = load_nls("koi8-u"); + + if (p_nls) { +- table.charset2upper = p_nls->charset2upper; +- table.charset2lower = p_nls->charset2lower; ++ pax_open_kernel(); ++ *(const unsigned char **)&table.charset2upper = p_nls->charset2upper; ++ *(const unsigned char **)&table.charset2lower = p_nls->charset2lower; ++ pax_close_kernel(); + return register_nls(&table); + } + diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c -index d438036..0ecadde 100644 +index 9ff4a5e..deb1f0f 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c -@@ -274,7 +274,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, - goto out_close_fd; +@@ -251,8 +251,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, + fd = fanotify_event_metadata.fd; ret = -EFAULT; - if (copy_to_user(buf, &fanotify_event_metadata, +- fanotify_event_metadata.event_len)) + if (fanotify_event_metadata.event_len > sizeof fanotify_event_metadata || -+ copy_to_user(buf, &fanotify_event_metadata, - fanotify_event_metadata.event_len)) - goto out_kill_access_response; ++ copy_to_user(buf, &fanotify_event_metadata, fanotify_event_metadata.event_len)) + goto out_close_fd; + ret = prepare_for_access_response(group, event, fd); diff --git a/fs/notify/notification.c b/fs/notify/notification.c -index c887b13..0fdf472 100644 +index 7b51b05..5ea5ef6 100644 --- a/fs/notify/notification.c +++ b/fs/notify/notification.c @@ -57,7 +57,7 @@ static struct kmem_cache *fsnotify_event_holder_cachep; @@ -49117,10 +53308,10 @@ index 99e3610..02c1068 100644 "inode 0x%lx or driver bug.", vdir->i_ino); goto err_out; diff --git a/fs/ntfs/file.c b/fs/ntfs/file.c -index 1ecf464..e1ff8bf 100644 +index 5b2d4f0..c6de396 100644 --- a/fs/ntfs/file.c +++ b/fs/ntfs/file.c -@@ -2232,6 +2232,6 @@ const struct inode_operations ntfs_file_inode_ops = { +@@ -2242,6 +2242,6 @@ const struct inode_operations ntfs_file_inode_ops = { #endif /* NTFS_RW */ }; @@ -49222,7 +53413,7 @@ index b7e74b5..19c6536 100644 } } diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c -index 68f4541..89cfe6a 100644 +index 0e91ec2..f4b3fc6 100644 --- a/fs/ocfs2/super.c +++ b/fs/ocfs2/super.c @@ -301,11 +301,11 @@ static int ocfs2_osb_dump(struct ocfs2_super *osb, char *buf, int len) @@ -49242,7 +53433,7 @@ index 68f4541..89cfe6a 100644 out += snprintf(buf + out, len - out, "%10s => State: %u Descriptor: %llu Size: %u bits " -@@ -2116,11 +2116,11 @@ static int ocfs2_initialize_super(struct super_block *sb, +@@ -2121,11 +2121,11 @@ static int ocfs2_initialize_super(struct super_block *sb, spin_lock_init(&osb->osb_xattr_lock); ocfs2_init_steal_slots(osb); @@ -49260,7 +53451,7 @@ index 68f4541..89cfe6a 100644 /* Copy the blockcheck stats from the superblock probe */ osb->osb_ecc_stats = *stats; diff --git a/fs/open.c b/fs/open.c -index e1f2cdb..3bd5f39 100644 +index 9b33c0c..2ffcca2 100644 --- a/fs/open.c +++ b/fs/open.c @@ -31,6 +31,8 @@ @@ -49272,18 +53463,25 @@ index e1f2cdb..3bd5f39 100644 #include "internal.h" int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, -@@ -112,6 +114,10 @@ static long do_sys_truncate(const char __user *pathname, loff_t length) +@@ -101,6 +103,8 @@ long vfs_truncate(struct path *path, loff_t length) error = locks_verify_truncate(inode, NULL, length); if (!error) - error = security_path_truncate(&path); -+ -+ if (!error && !gr_acl_handle_truncate(path.dentry, path.mnt)) + error = security_path_truncate(path); ++ if (!error && !gr_acl_handle_truncate(path->dentry, path->mnt)) + error = -EACCES; -+ if (!error) - error = do_truncate(path.dentry, length, 0, NULL); + error = do_truncate(path->dentry, length, 0, NULL); -@@ -364,6 +370,9 @@ SYSCALL_DEFINE3(faccessat, int, dfd, const char __user *, filename, int, mode) +@@ -178,6 +182,8 @@ static long do_sys_ftruncate(unsigned int fd, loff_t length, int small) + error = locks_verify_truncate(inode, f.file, length); + if (!error) + error = security_path_truncate(&f.file->f_path); ++ if (!error && !gr_acl_handle_truncate(f.file->f_path.dentry, f.file->f_path.mnt)) ++ error = -EACCES; + if (!error) + error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, f.file); + sb_end_write(inode->i_sb); +@@ -373,6 +379,9 @@ retry: if (__mnt_is_readonly(path.mnt)) res = -EROFS; @@ -49292,8 +53490,8 @@ index e1f2cdb..3bd5f39 100644 + out_path_release: path_put(&path); - out: -@@ -390,6 +399,8 @@ SYSCALL_DEFINE1(chdir, const char __user *, filename) + if (retry_estale(res, lookup_flags)) { +@@ -404,6 +413,8 @@ retry: if (error) goto dput_and_out; @@ -49302,21 +53500,21 @@ index e1f2cdb..3bd5f39 100644 set_fs_pwd(current->fs, &path); dput_and_out: -@@ -416,6 +427,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) +@@ -433,6 +444,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) goto out_putf; error = inode_permission(inode, MAY_EXEC | MAY_CHDIR); + -+ if (!error && !gr_chroot_fchdir(file->f_path.dentry, file->f_path.mnt)) ++ if (!error && !gr_chroot_fchdir(f.file->f_path.dentry, f.file->f_path.mnt)) + error = -EPERM; + + if (!error) -+ gr_log_chdir(file->f_path.dentry, file->f_path.mnt); ++ gr_log_chdir(f.file->f_path.dentry, f.file->f_path.mnt); + if (!error) - set_fs_pwd(current->fs, &file->f_path); + set_fs_pwd(current->fs, &f.file->f_path); out_putf: -@@ -444,7 +462,13 @@ SYSCALL_DEFINE1(chroot, const char __user *, filename) +@@ -462,7 +480,13 @@ retry: if (error) goto dput_and_out; @@ -49330,7 +53528,7 @@ index e1f2cdb..3bd5f39 100644 error = 0; dput_and_out: path_put(&path); -@@ -462,6 +486,16 @@ static int chmod_common(struct path *path, umode_t mode) +@@ -484,6 +508,16 @@ static int chmod_common(struct path *path, umode_t mode) if (error) return error; mutex_lock(&inode->i_mutex); @@ -49347,7 +53545,7 @@ index e1f2cdb..3bd5f39 100644 error = security_path_chmod(path, mode); if (error) goto out_unlock; -@@ -517,6 +551,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group) +@@ -544,6 +578,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group) uid = make_kuid(current_user_ns(), user); gid = make_kgid(current_user_ns(), group); @@ -49357,16 +53555,16 @@ index e1f2cdb..3bd5f39 100644 newattrs.ia_valid = ATTR_CTIME; if (user != (uid_t) -1) { if (!uid_valid(uid)) -@@ -958,6 +995,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) +@@ -960,6 +997,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) } else { fsnotify_open(f); fd_install(fd, f); -+ trace_do_sys_open(tmp, flags, mode); ++ trace_do_sys_open(tmp->name, flags, mode); } } putname(tmp); diff --git a/fs/pipe.c b/fs/pipe.c -index 8d85d70..581036b 100644 +index bd3479d..fb92c4d 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -438,9 +438,9 @@ redo: @@ -49524,7 +53722,7 @@ index 15af622..0e9f4467 100644 help Various /proc files exist to monitor process memory utilization: diff --git a/fs/proc/array.c b/fs/proc/array.c -index c1c207c..01ce725 100644 +index 6a91e6f..e54dbc14 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -60,6 +60,7 @@ @@ -49535,7 +53733,7 @@ index c1c207c..01ce725 100644 #include <linux/proc_fs.h> #include <linux/ioport.h> #include <linux/uaccess.h> -@@ -346,6 +347,21 @@ static void task_cpus_allowed(struct seq_file *m, struct task_struct *task) +@@ -362,6 +363,21 @@ static void task_cpus_allowed(struct seq_file *m, struct task_struct *task) seq_putc(m, '\n'); } @@ -49557,7 +53755,7 @@ index c1c207c..01ce725 100644 int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { -@@ -363,9 +379,24 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, +@@ -380,9 +396,24 @@ int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, task_cpus_allowed(m, task); cpuset_task_status_allowed(m, task); task_context_switch_counts(m, task); @@ -49582,7 +53780,7 @@ index c1c207c..01ce725 100644 static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task, int whole) { -@@ -387,6 +418,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -404,6 +435,13 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, char tcomm[sizeof(task->comm)]; unsigned long flags; @@ -49596,7 +53794,7 @@ index c1c207c..01ce725 100644 state = *get_task_state(task); vsize = eip = esp = 0; permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT); -@@ -458,6 +496,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -475,6 +513,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, gtime = task->gtime; } @@ -49616,7 +53814,7 @@ index c1c207c..01ce725 100644 /* scale priority and nice values from timeslices to -20..20 */ /* to make it look like a "normal" Unix priority/nice value */ priority = task_prio(task); -@@ -494,9 +545,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -511,9 +562,15 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, ' ', vsize); seq_put_decimal_ull(m, ' ', mm ? get_mm_rss(mm) : 0); seq_put_decimal_ull(m, ' ', rsslim); @@ -49632,7 +53830,7 @@ index c1c207c..01ce725 100644 seq_put_decimal_ull(m, ' ', esp); seq_put_decimal_ull(m, ' ', eip); /* The signal information here is obsolete. -@@ -518,7 +575,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, +@@ -535,7 +592,11 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, seq_put_decimal_ull(m, ' ', cputime_to_clock_t(gtime)); seq_put_decimal_ll(m, ' ', cputime_to_clock_t(cgtime)); @@ -49645,7 +53843,7 @@ index c1c207c..01ce725 100644 seq_put_decimal_ull(m, ' ', mm->start_data); seq_put_decimal_ull(m, ' ', mm->end_data); seq_put_decimal_ull(m, ' ', mm->start_brk); -@@ -556,8 +617,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -573,8 +634,15 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task) { unsigned long size = 0, resident = 0, shared = 0, text = 0, data = 0; @@ -49662,7 +53860,7 @@ index c1c207c..01ce725 100644 if (mm) { size = task_statm(mm, &shared, &text, &data, &resident); mmput(mm); -@@ -580,6 +648,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, +@@ -597,6 +665,13 @@ int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, return 0; } @@ -49677,10 +53875,10 @@ index c1c207c..01ce725 100644 static struct pid * get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) diff --git a/fs/proc/base.c b/fs/proc/base.c -index 1b6c84c..66b738b 100644 +index 9b43ff77..ba3e990 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c -@@ -110,6 +110,14 @@ struct pid_entry { +@@ -111,6 +111,14 @@ struct pid_entry { union proc_op op; }; @@ -49695,7 +53893,7 @@ index 1b6c84c..66b738b 100644 #define NOD(NAME, MODE, IOP, FOP, OP) { \ .name = (NAME), \ .len = sizeof(NAME) - 1, \ -@@ -209,6 +217,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer) +@@ -208,6 +216,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer) if (!mm->arg_end) goto out_mm; /* Shh! No looking before we're done */ @@ -49705,7 +53903,7 @@ index 1b6c84c..66b738b 100644 len = mm->arg_end - mm->arg_start; if (len > PAGE_SIZE) -@@ -236,12 +247,28 @@ out: +@@ -235,12 +246,28 @@ out: return res; } @@ -49734,7 +53932,7 @@ index 1b6c84c..66b738b 100644 do { nwords += 2; } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */ -@@ -255,7 +282,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer) +@@ -254,7 +281,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer) } @@ -49743,7 +53941,7 @@ index 1b6c84c..66b738b 100644 /* * Provides a wchan file via kallsyms in a proper one-value-per-file format. * Returns the resolved symbol. If that fails, simply return the address. -@@ -294,7 +321,7 @@ static void unlock_trace(struct task_struct *task) +@@ -293,7 +320,7 @@ static void unlock_trace(struct task_struct *task) mutex_unlock(&task->signal->cred_guard_mutex); } @@ -49752,7 +53950,7 @@ index 1b6c84c..66b738b 100644 #define MAX_STACK_TRACE_DEPTH 64 -@@ -486,7 +513,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer) +@@ -485,7 +512,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer) return count; } @@ -49761,7 +53959,7 @@ index 1b6c84c..66b738b 100644 static int proc_pid_syscall(struct task_struct *task, char *buffer) { long nr; -@@ -515,7 +542,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer) +@@ -514,7 +541,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer) /************************************************************************/ /* permission checks */ @@ -49770,7 +53968,7 @@ index 1b6c84c..66b738b 100644 { struct task_struct *task; int allowed = 0; -@@ -525,7 +552,10 @@ static int proc_fd_access_allowed(struct inode *inode) +@@ -524,7 +551,10 @@ static int proc_fd_access_allowed(struct inode *inode) */ task = get_proc_task(inode); if (task) { @@ -49782,7 +53980,7 @@ index 1b6c84c..66b738b 100644 put_task_struct(task); } return allowed; -@@ -563,10 +593,35 @@ static bool has_pid_permissions(struct pid_namespace *pid, +@@ -555,10 +585,35 @@ static bool has_pid_permissions(struct pid_namespace *pid, struct task_struct *task, int hide_pid_min) { @@ -49795,7 +53993,7 @@ index 1b6c84c..66b738b 100644 + const struct cred *tmpcred = current_cred(); + const struct cred *cred = __task_cred(task); + -+ if (!tmpcred->uid || (tmpcred->uid == cred->uid) ++ if (uid_eq(tmpcred->uid, GLOBAL_ROOT_UID) || uid_eq(tmpcred->uid, cred->uid) +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP + || in_group_p(grsec_proc_gid) +#endif @@ -49818,7 +54016,7 @@ index 1b6c84c..66b738b 100644 return ptrace_may_access(task, PTRACE_MODE_READ); } -@@ -584,7 +639,11 @@ static int proc_pid_permission(struct inode *inode, int mask) +@@ -576,7 +631,11 @@ static int proc_pid_permission(struct inode *inode, int mask) put_task_struct(task); if (!has_perms) { @@ -49830,7 +54028,7 @@ index 1b6c84c..66b738b 100644 /* * Let's make getdents(), stat(), and open() * consistent with each other. If a process -@@ -682,6 +741,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) +@@ -674,6 +733,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) if (!task) return -ESRCH; @@ -49842,7 +54040,7 @@ index 1b6c84c..66b738b 100644 mm = mm_access(task, mode); put_task_struct(task); -@@ -697,6 +761,10 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) +@@ -689,6 +753,10 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) file->private_data = mm; @@ -49853,7 +54051,7 @@ index 1b6c84c..66b738b 100644 return 0; } -@@ -718,6 +786,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, +@@ -710,6 +778,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, ssize_t copied; char *page; @@ -49871,7 +54069,7 @@ index 1b6c84c..66b738b 100644 if (!mm) return 0; -@@ -822,6 +901,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, +@@ -814,6 +893,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, if (!mm) return 0; @@ -49885,7 +54083,7 @@ index 1b6c84c..66b738b 100644 page = (char *)__get_free_page(GFP_TEMPORARY); if (!page) return -ENOMEM; -@@ -1435,7 +1521,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -1429,7 +1515,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) int error = -EACCES; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -49894,7 +54092,7 @@ index 1b6c84c..66b738b 100644 goto out; error = PROC_I(inode)->op.proc_get_link(dentry, &path); -@@ -1479,8 +1565,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b +@@ -1473,8 +1559,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b struct path path; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -49915,7 +54113,7 @@ index 1b6c84c..66b738b 100644 error = PROC_I(inode)->op.proc_get_link(dentry, &path); if (error) -@@ -1545,7 +1641,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t +@@ -1524,7 +1620,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t rcu_read_lock(); cred = __task_cred(task); inode->i_uid = cred->euid; @@ -49927,7 +54125,7 @@ index 1b6c84c..66b738b 100644 rcu_read_unlock(); } security_task_to_inode(task, inode); -@@ -1581,10 +1681,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) +@@ -1560,10 +1660,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) return -ENOENT; } if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -49947,7 +54145,7 @@ index 1b6c84c..66b738b 100644 } } rcu_read_unlock(); -@@ -1622,11 +1731,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags) +@@ -1601,11 +1710,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags) if (task) { if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -49968,41 +54166,7 @@ index 1b6c84c..66b738b 100644 rcu_read_unlock(); } else { inode->i_uid = GLOBAL_ROOT_UID; -@@ -1744,7 +1862,8 @@ static int proc_fd_info(struct inode *inode, struct path *path, char *info) - int fd = proc_fd(inode); - - if (task) { -- files = get_files_struct(task); -+ if (!gr_acl_handle_procpidmem(task)) -+ files = get_files_struct(task); - put_task_struct(task); - } - if (files) { -@@ -2343,11 +2462,21 @@ static const struct file_operations proc_map_files_operations = { - */ - static int proc_fd_permission(struct inode *inode, int mask) - { -+ struct task_struct *task; - int rv = generic_permission(inode, mask); -- if (rv == 0) -- return 0; -+ - if (task_pid(current) == proc_pid(inode)) - rv = 0; -+ -+ task = get_proc_task(inode); -+ if (task == NULL) -+ return rv; -+ -+ if (gr_acl_handle_procpidmem(task)) -+ rv = -EACCES; -+ -+ put_task_struct(task); -+ - return rv; - } - -@@ -2457,6 +2586,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, +@@ -2058,6 +2176,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, if (!task) goto out_no_task; @@ -50012,7 +54176,7 @@ index 1b6c84c..66b738b 100644 /* * Yes, it does not scale. And it should not. Don't add * new entries into /proc/<tgid>/ without very good reasons. -@@ -2501,6 +2633,9 @@ static int proc_pident_readdir(struct file *filp, +@@ -2102,6 +2223,9 @@ static int proc_pident_readdir(struct file *filp, if (!task) goto out_no_task; @@ -50022,16 +54186,7 @@ index 1b6c84c..66b738b 100644 ret = 0; i = filp->f_pos; switch (i) { -@@ -2771,7 +2906,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd) - static void proc_self_put_link(struct dentry *dentry, struct nameidata *nd, - void *cookie) - { -- char *s = nd_get_link(nd); -+ const char *s = nd_get_link(nd); - if (!IS_ERR(s)) - __putname(s); - } -@@ -3040,7 +3175,7 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2515,7 +2639,7 @@ static const struct pid_entry tgid_base_stuff[] = { REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -50040,7 +54195,7 @@ index 1b6c84c..66b738b 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -3065,10 +3200,10 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2540,10 +2664,10 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -50053,7 +54208,7 @@ index 1b6c84c..66b738b 100644 ONE("stack", S_IRUGO, proc_pid_stack), #endif #ifdef CONFIG_SCHEDSTATS -@@ -3102,6 +3237,9 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2577,6 +2701,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_HARDWALL INF("hardwall", S_IRUGO, proc_pid_hardwall), #endif @@ -50063,7 +54218,7 @@ index 1b6c84c..66b738b 100644 #ifdef CONFIG_USER_NS REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), -@@ -3233,7 +3371,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, +@@ -2705,7 +2832,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, if (!inode) goto out; @@ -50078,7 +54233,7 @@ index 1b6c84c..66b738b 100644 inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; -@@ -3275,7 +3420,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign +@@ -2743,7 +2877,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign if (!task) goto out; @@ -50090,7 +54245,7 @@ index 1b6c84c..66b738b 100644 put_task_struct(task); out: return result; -@@ -3338,6 +3487,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi +@@ -2806,6 +2944,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi static int fake_filldir(void *buf, const char *name, int namelen, loff_t offset, u64 ino, unsigned d_type) { @@ -50099,7 +54254,7 @@ index 1b6c84c..66b738b 100644 return 0; } -@@ -3404,7 +3555,7 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -2857,7 +2997,7 @@ static const struct pid_entry tid_base_stuff[] = { REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -50108,7 +54263,7 @@ index 1b6c84c..66b738b 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -3431,10 +3582,10 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -2884,10 +3024,10 @@ static const struct pid_entry tid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -50153,8 +54308,46 @@ index b143471..bb105e5 100644 return 0; } module_init(proc_devices_init); +diff --git a/fs/proc/fd.c b/fs/proc/fd.c +index d7a4a28..0201742 100644 +--- a/fs/proc/fd.c ++++ b/fs/proc/fd.c +@@ -25,7 +25,8 @@ static int seq_show(struct seq_file *m, void *v) + if (!task) + return -ENOENT; + +- files = get_files_struct(task); ++ if (!gr_acl_handle_procpidmem(task)) ++ files = get_files_struct(task); + put_task_struct(task); + + if (files) { +@@ -302,11 +303,21 @@ static struct dentry *proc_lookupfd(struct inode *dir, struct dentry *dentry, + */ + int proc_fd_permission(struct inode *inode, int mask) + { ++ struct task_struct *task; + int rv = generic_permission(inode, mask); +- if (rv == 0) +- return 0; ++ + if (task_pid(current) == proc_pid(inode)) + rv = 0; ++ ++ task = get_proc_task(inode); ++ if (task == NULL) ++ return rv; ++ ++ if (gr_acl_handle_procpidmem(task)) ++ rv = -EACCES; ++ ++ put_task_struct(task); ++ + return rv; + } + diff --git a/fs/proc/inode.c b/fs/proc/inode.c -index 7ac817b..c5c9eb0 100644 +index 439ae688..c21ac36 100644 --- a/fs/proc/inode.c +++ b/fs/proc/inode.c @@ -21,11 +21,17 @@ @@ -50175,10 +54368,10 @@ index 7ac817b..c5c9eb0 100644 static void proc_evict_inode(struct inode *inode) { struct proc_dir_entry *de; -@@ -51,6 +57,13 @@ static void proc_evict_inode(struct inode *inode) - ns_ops = PROC_I(inode)->ns_ops; - if (ns_ops && ns_ops->put) - ns_ops->put(PROC_I(inode)->ns); +@@ -53,6 +59,13 @@ static void proc_evict_inode(struct inode *inode) + ns = PROC_I(inode)->ns; + if (ns_ops && ns) + ns_ops->put(ns); + +#ifdef CONFIG_PROC_SYSCTL + if (inode->i_op == &proc_sys_inode_operations || @@ -50189,7 +54382,7 @@ index 7ac817b..c5c9eb0 100644 } static struct kmem_cache * proc_inode_cachep; -@@ -456,7 +469,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) +@@ -457,7 +470,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) if (de->mode) { inode->i_mode = de->mode; inode->i_uid = de->uid; @@ -50202,10 +54395,10 @@ index 7ac817b..c5c9eb0 100644 if (de->size) inode->i_size = de->size; diff --git a/fs/proc/internal.h b/fs/proc/internal.h -index e1167a1..bd24f20 100644 +index 252544c..04395b9 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h -@@ -52,6 +52,9 @@ extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, +@@ -55,6 +55,9 @@ extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); extern int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); @@ -50216,7 +54409,7 @@ index e1167a1..bd24f20 100644 extern const struct file_operations proc_tid_children_operations; diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c -index 86c67ee..cdca321 100644 +index e96d4f1..8b116ed 100644 --- a/fs/proc/kcore.c +++ b/fs/proc/kcore.c @@ -480,9 +480,10 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) @@ -50237,7 +54430,9 @@ index 86c67ee..cdca321 100644 } else { if (kern_addr_valid(start)) { - unsigned long n; -- ++ char *elf_buf; ++ mm_segment_t oldfs; + - n = copy_to_user(buffer, (char *)start, tsz); - /* - * We cannot distinguish between fault on source @@ -50248,9 +54443,6 @@ index 86c67ee..cdca321 100644 - if (n) { - if (clear_user(buffer + tsz - n, - n)) -+ char *elf_buf; -+ mm_segment_t oldfs; -+ + elf_buf = kmalloc(tsz, GFP_KERNEL); + if (!elf_buf) + return -ENOMEM; @@ -50305,7 +54497,7 @@ index b1822dd..df622cb 100644 seq_putc(m, '\n'); diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c -index fe72cd0..cb9b67d 100644 +index fe72cd0..21b52ff 100644 --- a/fs/proc/proc_net.c +++ b/fs/proc/proc_net.c @@ -23,6 +23,7 @@ @@ -50325,17 +54517,17 @@ index fe72cd0..cb9b67d 100644 +#endif + +#ifdef CONFIG_GRKERNSEC_PROC_USER -+ if (cred->fsuid) ++ if (!uid_eq(cred->fsuid, GLOBAL_ROOT_UID)) + return net; +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) -+ if (cred->fsuid && !in_group_p(grsec_proc_gid)) ++ if (!uid_eq(cred->fsuid, GLOBAL_ROOT_UID) && !in_group_p(grsec_proc_gid)) + return net; +#endif rcu_read_lock(); task = pid_task(proc_pid(dir), PIDTYPE_PID); diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c -index eb7cc91..7327a46 100644 +index 1827d88..43b0279 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -12,11 +12,15 @@ @@ -50356,7 +54548,7 @@ index eb7cc91..7327a46 100644 void proc_sys_poll_notify(struct ctl_table_poll *poll) { -@@ -467,6 +471,9 @@ static struct dentry *proc_sys_lookup(struct inode *dir, struct dentry *dentry, +@@ -466,6 +470,9 @@ static struct dentry *proc_sys_lookup(struct inode *dir, struct dentry *dentry, err = NULL; d_set_d_op(dentry, &proc_sys_dentry_operations); @@ -50366,7 +54558,7 @@ index eb7cc91..7327a46 100644 d_add(dentry, inode); out: -@@ -482,18 +489,20 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf, +@@ -481,6 +488,7 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf, struct inode *inode = filp->f_path.dentry->d_inode; struct ctl_table_header *head = grab_header(inode); struct ctl_table *table = PROC_I(inode)->sysctl_entry; @@ -50374,21 +54566,16 @@ index eb7cc91..7327a46 100644 ssize_t error; size_t res; - if (IS_ERR(head)) - return PTR_ERR(head); - -+ - /* - * At this point we know that the sysctl was not unregistered +@@ -492,7 +500,7 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf, * and won't be until we finish. */ error = -EPERM; -- if (sysctl_perm(head->root, table, write ? MAY_WRITE : MAY_READ)) -+ if (sysctl_perm(head->root, table, op)) +- if (sysctl_perm(head, table, write ? MAY_WRITE : MAY_READ)) ++ if (sysctl_perm(head, table, op)) goto out; /* if that can happen at all, it should be -EINVAL, not -EISDIR */ -@@ -501,6 +510,22 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf, +@@ -500,6 +508,22 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf, if (!table->proc_handler) goto out; @@ -50411,7 +54598,7 @@ index eb7cc91..7327a46 100644 /* careful: calling conventions are nasty here */ res = count; error = table->proc_handler(table, write, buf, &res, ppos); -@@ -598,6 +623,9 @@ static int proc_sys_fill_cache(struct file *filp, void *dirent, +@@ -597,6 +621,9 @@ static int proc_sys_fill_cache(struct file *filp, void *dirent, return -ENOMEM; } else { d_set_d_op(child, &proc_sys_dentry_operations); @@ -50421,7 +54608,7 @@ index eb7cc91..7327a46 100644 d_add(child, inode); } } else { -@@ -641,6 +669,9 @@ static int scan(struct ctl_table_header *head, ctl_table *table, +@@ -640,6 +667,9 @@ static int scan(struct ctl_table_header *head, ctl_table *table, if ((*pos)++ < file->f_pos) return 0; @@ -50431,7 +54618,7 @@ index eb7cc91..7327a46 100644 if (unlikely(S_ISLNK(table->mode))) res = proc_sys_link_fill_cache(file, dirent, filldir, head, table); else -@@ -758,6 +789,9 @@ static int proc_sys_getattr(struct vfsmount *mnt, struct dentry *dentry, struct +@@ -750,6 +780,9 @@ static int proc_sys_getattr(struct vfsmount *mnt, struct dentry *dentry, struct if (IS_ERR(head)) return PTR_ERR(head); @@ -50441,7 +54628,7 @@ index eb7cc91..7327a46 100644 generic_fillattr(inode, stat); if (table) stat->mode = (stat->mode & S_IFMT) | table->mode; -@@ -780,13 +814,13 @@ static const struct file_operations proc_sys_dir_file_operations = { +@@ -772,13 +805,13 @@ static const struct file_operations proc_sys_dir_file_operations = { .llseek = generic_file_llseek, }; @@ -50457,11 +54644,80 @@ index eb7cc91..7327a46 100644 .lookup = proc_sys_lookup, .permission = proc_sys_permission, .setattr = proc_sys_setattr, +@@ -854,7 +887,7 @@ static struct ctl_dir *find_subdir(struct ctl_dir *dir, + static struct ctl_dir *new_dir(struct ctl_table_set *set, + const char *name, int namelen) + { +- struct ctl_table *table; ++ ctl_table_no_const *table; + struct ctl_dir *new; + struct ctl_node *node; + char *new_name; +@@ -866,7 +899,7 @@ static struct ctl_dir *new_dir(struct ctl_table_set *set, + return NULL; + + node = (struct ctl_node *)(new + 1); +- table = (struct ctl_table *)(node + 1); ++ table = (ctl_table_no_const *)(node + 1); + new_name = (char *)(table + 2); + memcpy(new_name, name, namelen); + new_name[namelen] = '\0'; +@@ -1035,7 +1068,8 @@ static int sysctl_check_table(const char *path, struct ctl_table *table) + static struct ctl_table_header *new_links(struct ctl_dir *dir, struct ctl_table *table, + struct ctl_table_root *link_root) + { +- struct ctl_table *link_table, *entry, *link; ++ ctl_table_no_const *link_table, *link; ++ struct ctl_table *entry; + struct ctl_table_header *links; + struct ctl_node *node; + char *link_name; +@@ -1058,7 +1092,7 @@ static struct ctl_table_header *new_links(struct ctl_dir *dir, struct ctl_table + return NULL; + + node = (struct ctl_node *)(links + 1); +- link_table = (struct ctl_table *)(node + nr_entries); ++ link_table = (ctl_table_no_const *)(node + nr_entries); + link_name = (char *)&link_table[nr_entries + 1]; + + for (link = link_table, entry = table; entry->procname; link++, entry++) { +@@ -1306,8 +1340,8 @@ static int register_leaf_sysctl_tables(const char *path, char *pos, + struct ctl_table_header ***subheader, struct ctl_table_set *set, + struct ctl_table *table) + { +- struct ctl_table *ctl_table_arg = NULL; +- struct ctl_table *entry, *files; ++ ctl_table_no_const *ctl_table_arg = NULL, *files = NULL; ++ struct ctl_table *entry; + int nr_files = 0; + int nr_dirs = 0; + int err = -ENOMEM; +@@ -1319,10 +1353,9 @@ static int register_leaf_sysctl_tables(const char *path, char *pos, + nr_files++; + } + +- files = table; + /* If there are mixed files and directories we need a new table */ + if (nr_dirs && nr_files) { +- struct ctl_table *new; ++ ctl_table_no_const *new; + files = kzalloc(sizeof(struct ctl_table) * (nr_files + 1), + GFP_KERNEL); + if (!files) +@@ -1340,7 +1373,7 @@ static int register_leaf_sysctl_tables(const char *path, char *pos, + /* Register everything except a directory full of subdirectories */ + if (nr_files || !nr_dirs) { + struct ctl_table_header *header; +- header = __register_sysctl_table(set, path, files); ++ header = __register_sysctl_table(set, path, files ? files : table); + if (!header) { + kfree(ctl_table_arg); + goto out; diff --git a/fs/proc/root.c b/fs/proc/root.c -index 9a2d9fd..ddfc92a 100644 +index c6e9fac..a740964 100644 --- a/fs/proc/root.c +++ b/fs/proc/root.c -@@ -187,7 +187,15 @@ void __init proc_root_init(void) +@@ -176,7 +176,15 @@ void __init proc_root_init(void) #ifdef CONFIG_PROC_DEVICETREE proc_device_tree_init(); #endif @@ -50477,8 +54733,21 @@ index 9a2d9fd..ddfc92a 100644 proc_sys_init(); } +diff --git a/fs/proc/self.c b/fs/proc/self.c +index aa5cc3b..c91a5d0 100644 +--- a/fs/proc/self.c ++++ b/fs/proc/self.c +@@ -37,7 +37,7 @@ static void *proc_self_follow_link(struct dentry *dentry, struct nameidata *nd) + static void proc_self_put_link(struct dentry *dentry, struct nameidata *nd, + void *cookie) + { +- char *s = nd_get_link(nd); ++ const char *s = nd_get_link(nd); + if (!IS_ERR(s)) + kfree(s); + } diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index 4540b8f..1b9772f 100644 +index ca5ce7f..02c1cf0 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -11,12 +11,19 @@ @@ -50514,7 +54783,7 @@ index 4540b8f..1b9772f 100644 +#endif + + ,hiwater_vm << (PAGE_SHIFT-10), - (total_vm - mm->reserved_vm) << (PAGE_SHIFT-10), + total_vm << (PAGE_SHIFT-10), mm->locked_vm << (PAGE_SHIFT-10), mm->pinned_vm << (PAGE_SHIFT-10), @@ -62,7 +74,19 @@ void task_mem(struct seq_file *m, struct mm_struct *mm) @@ -50538,7 +54807,7 @@ index 4540b8f..1b9772f 100644 } unsigned long task_vsize(struct mm_struct *mm) -@@ -231,13 +255,13 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) +@@ -277,13 +301,13 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) pgoff = ((loff_t)vma->vm_pgoff) << PAGE_SHIFT; } @@ -50557,7 +54826,7 @@ index 4540b8f..1b9772f 100644 seq_printf(m, "%08lx-%08lx %c%c%c%c %08llx %02x:%02x %lu %n", start, -@@ -246,7 +270,11 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) +@@ -292,7 +316,11 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) flags & VM_WRITE ? 'w' : '-', flags & VM_EXEC ? 'x' : '-', flags & VM_MAYSHARE ? 's' : 'p', @@ -50569,7 +54838,7 @@ index 4540b8f..1b9772f 100644 MAJOR(dev), MINOR(dev), ino, &len); /* -@@ -255,7 +283,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) +@@ -301,7 +329,7 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) */ if (file) { pad_len_spaces(m, len); @@ -50578,7 +54847,7 @@ index 4540b8f..1b9772f 100644 goto done; } -@@ -281,8 +309,9 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) +@@ -327,8 +355,9 @@ show_map_vma(struct seq_file *m, struct vm_area_struct *vma, int is_pid) * Thread stack in /proc/PID/task/TID/maps or * the main process stack. */ @@ -50590,7 +54859,7 @@ index 4540b8f..1b9772f 100644 name = "[stack]"; } else { /* Thread stack in /proc/PID/maps */ -@@ -306,6 +335,13 @@ static int show_map(struct seq_file *m, void *v, int is_pid) +@@ -352,6 +381,13 @@ static int show_map(struct seq_file *m, void *v, int is_pid) struct proc_maps_private *priv = m->private; struct task_struct *task = priv->task; @@ -50604,7 +54873,7 @@ index 4540b8f..1b9772f 100644 show_map_vma(m, vma, is_pid); if (m->count < m->size) /* vma is copied successfully */ -@@ -492,12 +528,23 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) +@@ -589,12 +625,23 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) .private = &mss, }; @@ -50633,7 +54902,7 @@ index 4540b8f..1b9772f 100644 show_map_vma(m, vma, is_pid); seq_printf(m, -@@ -515,7 +562,11 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) +@@ -612,7 +659,11 @@ static int show_smap(struct seq_file *m, void *v, int is_pid) "KernelPageSize: %8lu kB\n" "MMUPageSize: %8lu kB\n" "Locked: %8lu kB\n", @@ -50645,7 +54914,7 @@ index 4540b8f..1b9772f 100644 mss.resident >> 10, (unsigned long)(mss.pss >> (10 + PSS_SHIFT)), mss.shared_clean >> 10, -@@ -1164,6 +1215,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) +@@ -1264,6 +1315,13 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) int n; char buffer[50]; @@ -50659,8 +54928,8 @@ index 4540b8f..1b9772f 100644 if (!mm) return 0; -@@ -1181,11 +1239,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) - mpol_to_str(buffer, sizeof(buffer), pol, 0); +@@ -1281,11 +1339,15 @@ static int show_numa_map(struct seq_file *m, void *v, int is_pid) + mpol_to_str(buffer, sizeof(buffer), pol); mpol_cond_put(pol); +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP @@ -50699,11 +54968,11 @@ index 1ccfa53..0848f95 100644 pid_t tid = vm_is_stack(priv->task, vma, is_pid); diff --git a/fs/quota/netlink.c b/fs/quota/netlink.c -index d67908b..d13f6a6 100644 +index 16e8abb..2dcf914 100644 --- a/fs/quota/netlink.c +++ b/fs/quota/netlink.c @@ -33,7 +33,7 @@ static struct genl_family quota_genl_family = { - void quota_send_warning(short type, unsigned int id, dev_t dev, + void quota_send_warning(struct kqid qid, dev_t dev, const char warntype) { - static atomic_t seq; @@ -50711,7 +54980,7 @@ index d67908b..d13f6a6 100644 struct sk_buff *skb; void *msg_head; int ret; -@@ -49,7 +49,7 @@ void quota_send_warning(short type, unsigned int id, dev_t dev, +@@ -49,7 +49,7 @@ void quota_send_warning(struct kqid qid, dev_t dev, "VFS: Not enough memory to send quota warning.\n"); return; } @@ -50721,7 +54990,7 @@ index d67908b..d13f6a6 100644 if (!msg_head) { printk(KERN_ERR diff --git a/fs/readdir.c b/fs/readdir.c -index 39e3370..20d446d 100644 +index 5e69ef5..e5d9099 100644 --- a/fs/readdir.c +++ b/fs/readdir.c @@ -17,6 +17,7 @@ @@ -50751,15 +55020,15 @@ index 39e3370..20d446d 100644 buf->result++; dirent = buf->dirent; if (!access_ok(VERIFY_WRITE, dirent, -@@ -116,6 +122,7 @@ SYSCALL_DEFINE3(old_readdir, unsigned int, fd, +@@ -114,6 +120,7 @@ SYSCALL_DEFINE3(old_readdir, unsigned int, fd, buf.result = 0; buf.dirent = dirent; -+ buf.file = file; ++ buf.file = f.file; - error = vfs_readdir(file, fillonedir, &buf); + error = vfs_readdir(f.file, fillonedir, &buf); if (buf.result) -@@ -141,6 +148,7 @@ struct linux_dirent { +@@ -139,6 +146,7 @@ struct linux_dirent { struct getdents_callback { struct linux_dirent __user * current_dir; struct linux_dirent __user * previous; @@ -50767,7 +55036,7 @@ index 39e3370..20d446d 100644 int count; int error; }; -@@ -162,6 +170,10 @@ static int filldir(void * __buf, const char * name, int namlen, loff_t offset, +@@ -160,6 +168,10 @@ static int filldir(void * __buf, const char * name, int namlen, loff_t offset, buf->error = -EOVERFLOW; return -EOVERFLOW; } @@ -50778,15 +55047,15 @@ index 39e3370..20d446d 100644 dirent = buf->previous; if (dirent) { if (__put_user(offset, &dirent->d_off)) -@@ -208,6 +220,7 @@ SYSCALL_DEFINE3(getdents, unsigned int, fd, +@@ -205,6 +217,7 @@ SYSCALL_DEFINE3(getdents, unsigned int, fd, buf.previous = NULL; buf.count = count; buf.error = 0; -+ buf.file = file; ++ buf.file = f.file; - error = vfs_readdir(file, filldir, &buf); + error = vfs_readdir(f.file, filldir, &buf); if (error >= 0) -@@ -226,6 +239,7 @@ SYSCALL_DEFINE3(getdents, unsigned int, fd, +@@ -223,6 +236,7 @@ SYSCALL_DEFINE3(getdents, unsigned int, fd, struct getdents_callback64 { struct linux_dirent64 __user * current_dir; struct linux_dirent64 __user * previous; @@ -50794,7 +55063,7 @@ index 39e3370..20d446d 100644 int count; int error; }; -@@ -241,6 +255,10 @@ static int filldir64(void * __buf, const char * name, int namlen, loff_t offset, +@@ -238,6 +252,10 @@ static int filldir64(void * __buf, const char * name, int namlen, loff_t offset, buf->error = -EINVAL; /* only used if we fail.. */ if (reclen > buf->count) return -EINVAL; @@ -50805,20 +55074,20 @@ index 39e3370..20d446d 100644 dirent = buf->previous; if (dirent) { if (__put_user(offset, &dirent->d_off)) -@@ -287,6 +305,7 @@ SYSCALL_DEFINE3(getdents64, unsigned int, fd, +@@ -283,6 +301,7 @@ SYSCALL_DEFINE3(getdents64, unsigned int, fd, buf.current_dir = dirent; buf.previous = NULL; -+ buf.file = file; ++ buf.file = f.file; buf.count = count; buf.error = 0; -@@ -295,7 +314,7 @@ SYSCALL_DEFINE3(getdents64, unsigned int, fd, +@@ -291,7 +310,7 @@ SYSCALL_DEFINE3(getdents64, unsigned int, fd, error = buf.error; lastdirent = buf.previous; if (lastdirent) { -- typeof(lastdirent->d_off) d_off = file->f_pos; -+ typeof(((struct linux_dirent64 *)0)->d_off) d_off = file->f_pos; +- typeof(lastdirent->d_off) d_off = f.file->f_pos; ++ typeof(((struct linux_dirent64 *)0)->d_off) d_off = f.file->f_pos; if (__put_user(d_off, &lastdirent->d_off)) error = -EFAULT; else @@ -50849,7 +55118,7 @@ index e60e870..f40ac16 100644 SF(s_do_balance), SF(s_unneeded_left_neighbor), SF(s_good_search_by_key_reada), SF(s_bmaps), diff --git a/fs/reiserfs/reiserfs.h b/fs/reiserfs/reiserfs.h -index 33215f5..c5d427a 100644 +index 157e474..65a6114 100644 --- a/fs/reiserfs/reiserfs.h +++ b/fs/reiserfs/reiserfs.h @@ -453,7 +453,7 @@ struct reiserfs_sb_info { @@ -50871,7 +55140,7 @@ index 33215f5..c5d427a 100644 #define __fs_changed(gen,s) (gen != get_generation (s)) #define fs_changed(gen,s) \ diff --git a/fs/select.c b/fs/select.c -index db14c78..3aae1bd 100644 +index 2ef72d9..f213b17 100644 --- a/fs/select.c +++ b/fs/select.c @@ -20,6 +20,7 @@ @@ -50882,7 +55151,7 @@ index db14c78..3aae1bd 100644 #include <linux/personality.h> /* for STICKY_TIMEOUTS */ #include <linux/file.h> #include <linux/fdtable.h> -@@ -831,6 +832,7 @@ int do_sys_poll(struct pollfd __user *ufds, unsigned int nfds, +@@ -826,6 +827,7 @@ int do_sys_poll(struct pollfd __user *ufds, unsigned int nfds, struct poll_list *walk = head; unsigned long todo = nfds; @@ -50891,28 +55160,28 @@ index db14c78..3aae1bd 100644 return -EINVAL; diff --git a/fs/seq_file.c b/fs/seq_file.c -index 14cf9de..adc4d5b 100644 +index f2bc3df..239d4f6 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c -@@ -9,6 +9,7 @@ - #include <linux/export.h> +@@ -10,6 +10,7 @@ #include <linux/seq_file.h> #include <linux/slab.h> + #include <linux/cred.h> +#include <linux/sched.h> #include <asm/uaccess.h> #include <asm/page.h> -@@ -56,6 +57,9 @@ int seq_open(struct file *file, const struct seq_operations *op) - memset(p, 0, sizeof(*p)); - mutex_init(&p->lock); - p->op = op; +@@ -60,6 +61,9 @@ int seq_open(struct file *file, const struct seq_operations *op) + #ifdef CONFIG_USER_NS + p->user_ns = file->f_cred->user_ns; + #endif +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP + p->exec_id = current->exec_id; +#endif /* * Wrappers around seq_open(e.g. swaps_open) need to be -@@ -92,7 +96,7 @@ static int traverse(struct seq_file *m, loff_t offset) +@@ -96,7 +100,7 @@ static int traverse(struct seq_file *m, loff_t offset) return 0; } if (!m->buf) { @@ -50921,7 +55190,7 @@ index 14cf9de..adc4d5b 100644 if (!m->buf) return -ENOMEM; } -@@ -132,7 +136,7 @@ static int traverse(struct seq_file *m, loff_t offset) +@@ -136,7 +140,7 @@ static int traverse(struct seq_file *m, loff_t offset) Eoverflow: m->op->stop(m, p); kfree(m->buf); @@ -50930,7 +55199,7 @@ index 14cf9de..adc4d5b 100644 return !m->buf ? -ENOMEM : -EAGAIN; } -@@ -187,7 +191,7 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos) +@@ -191,7 +195,7 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos) /* grab buffer if we didn't have one */ if (!m->buf) { @@ -50939,7 +55208,7 @@ index 14cf9de..adc4d5b 100644 if (!m->buf) goto Enomem; } -@@ -228,7 +232,7 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos) +@@ -232,7 +236,7 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos) goto Fill; m->op->stop(m, p); kfree(m->buf); @@ -50948,17 +55217,17 @@ index 14cf9de..adc4d5b 100644 if (!m->buf) goto Enomem; m->count = 0; -@@ -577,7 +581,7 @@ static void single_stop(struct seq_file *p, void *v) +@@ -581,7 +585,7 @@ static void single_stop(struct seq_file *p, void *v) int single_open(struct file *file, int (*show)(struct seq_file *, void *), void *data) { - struct seq_operations *op = kmalloc(sizeof(*op), GFP_KERNEL); -+ seq_operations_no_const *op = kmalloc(sizeof(*op), GFP_KERNEL); ++ seq_operations_no_const *op = kzalloc(sizeof(*op), GFP_KERNEL); int res = -ENOMEM; if (op) { diff --git a/fs/splice.c b/fs/splice.c -index c69fbb7..c273b76 100644 +index 6909d89..5b2e8f9 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -194,7 +194,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, @@ -51022,7 +55291,7 @@ index c69fbb7..c273b76 100644 return 0; if (sd->flags & SPLICE_F_NONBLOCK) -@@ -1192,7 +1192,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, +@@ -1189,7 +1189,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, * out of the pipe right after the splice_to_pipe(). So set * PIPE_READERS appropriately. */ @@ -51031,7 +55300,7 @@ index c69fbb7..c273b76 100644 current->splice_pipe = pipe; } -@@ -1745,9 +1745,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1738,9 +1738,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -51043,7 +55312,7 @@ index c69fbb7..c273b76 100644 if (flags & SPLICE_F_NONBLOCK) { ret = -EAGAIN; break; -@@ -1779,7 +1779,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1772,7 +1772,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) pipe_lock(pipe); while (pipe->nrbufs >= pipe->buffers) { @@ -51052,7 +55321,7 @@ index c69fbb7..c273b76 100644 send_sig(SIGPIPE, current, 0); ret = -EPIPE; break; -@@ -1792,9 +1792,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1785,9 +1785,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -51064,7 +55333,7 @@ index c69fbb7..c273b76 100644 } pipe_unlock(pipe); -@@ -1830,14 +1830,14 @@ retry: +@@ -1823,14 +1823,14 @@ retry: pipe_double_lock(ipipe, opipe); do { @@ -51081,7 +55350,7 @@ index c69fbb7..c273b76 100644 break; /* -@@ -1934,7 +1934,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1927,7 +1927,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, pipe_double_lock(ipipe, opipe); do { @@ -51090,7 +55359,7 @@ index c69fbb7..c273b76 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -1979,7 +1979,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1972,7 +1972,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, * return EAGAIN if we have the potential of some data in the * future, otherwise just return 0 */ @@ -51099,6 +55368,43 @@ index c69fbb7..c273b76 100644 ret = -EAGAIN; pipe_unlock(ipipe); +diff --git a/fs/stat.c b/fs/stat.c +index 14f4545..9b7f55b 100644 +--- a/fs/stat.c ++++ b/fs/stat.c +@@ -28,8 +28,13 @@ void generic_fillattr(struct inode *inode, struct kstat *stat) + stat->gid = inode->i_gid; + stat->rdev = inode->i_rdev; + stat->size = i_size_read(inode); +- stat->atime = inode->i_atime; +- stat->mtime = inode->i_mtime; ++ if (is_sidechannel_device(inode) && !capable_nolog(CAP_MKNOD)) { ++ stat->atime = inode->i_ctime; ++ stat->mtime = inode->i_ctime; ++ } else { ++ stat->atime = inode->i_atime; ++ stat->mtime = inode->i_mtime; ++ } + stat->ctime = inode->i_ctime; + stat->blksize = (1 << inode->i_blkbits); + stat->blocks = inode->i_blocks; +@@ -46,8 +51,14 @@ int vfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) + if (retval) + return retval; + +- if (inode->i_op->getattr) +- return inode->i_op->getattr(mnt, dentry, stat); ++ if (inode->i_op->getattr) { ++ retval = inode->i_op->getattr(mnt, dentry, stat); ++ if (!retval && is_sidechannel_device(inode) && !capable_nolog(CAP_MKNOD)) { ++ stat->atime = stat->ctime; ++ stat->mtime = stat->ctime; ++ } ++ return retval; ++ } + + generic_fillattr(inode, stat); + return 0; diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c index 2fbdff6..5530a61 100644 --- a/fs/sysfs/dir.c @@ -51123,7 +55429,7 @@ index 2fbdff6..5530a61 100644 sd = sysfs_new_dirent(name, mode, SYSFS_DIR); if (!sd) diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c -index 00012e3..8392349 100644 +index 602f56d..6853db8 100644 --- a/fs/sysfs/file.c +++ b/fs/sysfs/file.c @@ -37,7 +37,7 @@ static DEFINE_SPINLOCK(sysfs_open_dirent_lock); @@ -51172,7 +55478,7 @@ index 00012e3..8392349 100644 } diff --git a/fs/sysfs/symlink.c b/fs/sysfs/symlink.c -index a7ac78f..02158e1 100644 +index 3c9eb56..9dea5be 100644 --- a/fs/sysfs/symlink.c +++ b/fs/sysfs/symlink.c @@ -286,7 +286,7 @@ static void *sysfs_follow_link(struct dentry *dentry, struct nameidata *nd) @@ -51198,7 +55504,7 @@ index c175b4d..8f36a16 100644 int i; for (i = 0; i < sizeof(struct tag); ++i) diff --git a/fs/utimes.c b/fs/utimes.c -index fa4dbe4..e12d1b9 100644 +index f4fb7ec..3fe03c0 100644 --- a/fs/utimes.c +++ b/fs/utimes.c @@ -1,6 +1,7 @@ @@ -51223,10 +55529,10 @@ index fa4dbe4..e12d1b9 100644 error = notify_change(path->dentry, &newattrs); mutex_unlock(&inode->i_mutex); diff --git a/fs/xattr.c b/fs/xattr.c -index 4d45b71..2ec08e10 100644 +index 3377dff..4feded6 100644 --- a/fs/xattr.c +++ b/fs/xattr.c -@@ -316,7 +316,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr); +@@ -319,7 +319,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr); * Extended attribute SET operations */ static long @@ -51235,8 +55541,8 @@ index 4d45b71..2ec08e10 100644 size_t size, int flags) { int error; -@@ -349,7 +349,12 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value, - } +@@ -355,7 +355,12 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value, + posix_acl_fix_xattr_from_user(kvalue, size); } - error = vfs_setxattr(d, kname, kvalue, size, flags); @@ -51249,7 +55555,7 @@ index 4d45b71..2ec08e10 100644 out: if (vvalue) vfree(vvalue); -@@ -370,7 +375,7 @@ SYSCALL_DEFINE5(setxattr, const char __user *, pathname, +@@ -377,7 +382,7 @@ retry: return error; error = mnt_want_write(path.mnt); if (!error) { @@ -51258,7 +55564,7 @@ index 4d45b71..2ec08e10 100644 mnt_drop_write(path.mnt); } path_put(&path); -@@ -389,7 +394,7 @@ SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, +@@ -401,7 +406,7 @@ retry: return error; error = mnt_want_write(path.mnt); if (!error) { @@ -51267,33 +55573,32 @@ index 4d45b71..2ec08e10 100644 mnt_drop_write(path.mnt); } path_put(&path); -@@ -401,17 +406,15 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, +@@ -416,16 +421,14 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, + const void __user *,value, size_t, size, int, flags) { - int fput_needed; - struct file *f; + struct fd f = fdget(fd); - struct dentry *dentry; int error = -EBADF; - f = fget_light(fd, &fput_needed); - if (!f) + if (!f.file) return error; -- dentry = f->f_path.dentry; -- audit_inode(NULL, dentry); -+ audit_inode(NULL, f->f_path.dentry); - error = mnt_want_write_file(f); +- dentry = f.file->f_path.dentry; +- audit_inode(NULL, dentry, 0); ++ audit_inode(NULL, f.file->f_path.dentry, 0); + error = mnt_want_write_file(f.file); if (!error) { - error = setxattr(dentry, name, value, size, flags); -+ error = setxattr(&f->f_path, name, value, size, flags); - mnt_drop_write_file(f); ++ error = setxattr(&f.file->f_path, name, value, size, flags); + mnt_drop_write_file(f.file); } - fput_light(f, fput_needed); + fdput(f); diff --git a/fs/xattr_acl.c b/fs/xattr_acl.c -index 69d06b0..c0996e5 100644 +index 9fbea87..6b19972 100644 --- a/fs/xattr_acl.c +++ b/fs/xattr_acl.c -@@ -17,8 +17,8 @@ - struct posix_acl * - posix_acl_from_xattr(const void *value, size_t size) +@@ -76,8 +76,8 @@ struct posix_acl * + posix_acl_from_xattr(struct user_namespace *user_ns, + const void *value, size_t size) { - posix_acl_xattr_header *header = (posix_acl_xattr_header *)value; - posix_acl_xattr_entry *entry = (posix_acl_xattr_entry *)(header+1), *end; @@ -51303,10 +55608,10 @@ index 69d06b0..c0996e5 100644 struct posix_acl *acl; struct posix_acl_entry *acl_e; diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c -index 848ffa7..1f249bf 100644 +index 572a858..12a9b0d 100644 --- a/fs/xfs/xfs_bmap.c +++ b/fs/xfs/xfs_bmap.c -@@ -189,7 +189,7 @@ xfs_bmap_validate_ret( +@@ -192,7 +192,7 @@ xfs_bmap_validate_ret( int nmap, int ret_nmap); #else @@ -51337,10 +55642,10 @@ index 1b9fc3e..e1bdde0 100644 *offset = off & 0x7fffffff; return 0; diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c -index 0e0232c..fa5c3fe 100644 +index c1c3ef8..0952438 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c -@@ -126,7 +126,7 @@ xfs_find_handle( +@@ -127,7 +127,7 @@ xfs_find_handle( } error = -EFAULT; @@ -51350,10 +55655,10 @@ index 0e0232c..fa5c3fe 100644 goto out_put; diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c -index 4e00cf0..3374374 100644 +index d82efaa..0904a8e 100644 --- a/fs/xfs/xfs_iops.c +++ b/fs/xfs/xfs_iops.c -@@ -394,7 +394,7 @@ xfs_vn_put_link( +@@ -395,7 +395,7 @@ xfs_vn_put_link( struct nameidata *nd, void *p) { @@ -51364,10 +55669,10 @@ index 4e00cf0..3374374 100644 kfree(s); diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..10c36fb +index 0000000..92247e4 --- /dev/null +++ b/grsecurity/Kconfig -@@ -0,0 +1,964 @@ +@@ -0,0 +1,1021 @@ +# +# grecurity configuration +# @@ -51381,18 +55686,24 @@ index 0000000..10c36fb + help + If you say Y here, /dev/kmem and /dev/mem won't be allowed to + be written to or read from to modify or leak the contents of the running -+ kernel. /dev/port will also not be allowed to be opened. If you have module -+ support disabled, enabling this will close up four ways that are ++ kernel. /dev/port will also not be allowed to be opened and support ++ for /dev/cpu/*/msr will be removed. If you have module ++ support disabled, enabling this will close up five ways that are + currently used to insert malicious code into the running kernel. ++ + Even with all these features enabled, we still highly recommend that + you use the RBAC system, as it is still possible for an attacker to + modify the running kernel through privileged I/O granted by ioperm/iopl. ++ + If you are not using XFree86, you may be able to stop this additional + case by enabling the 'Disable privileged I/O' option. Though nothing + legitimately writes to /dev/kmem, XFree86 does need to write to /dev/mem, + but only to video memory, which is the only writing we allow in this + case. If /dev/kmem or /dev/mem are mmaped without PROT_WRITE, they will + not be allowed to mprotect it with PROT_WRITE later. ++ Enabling this feature will prevent the "cpupower" and "powertop" tools ++ from working. ++ + It is highly recommended that you say Y here if you meet all the + conditions above. + @@ -51447,6 +55758,26 @@ index 0000000..10c36fb + If you're using KERNEXEC, it's recommended that you enable this option + to supplement the hardening of the kernel. + ++config GRKERNSEC_RAND_THREADSTACK ++ bool "Insert random gaps between thread stacks" ++ default y if GRKERNSEC_CONFIG_AUTO ++ depends on PAX_RANDMMAP && !PPC ++ help ++ If you say Y here, a random-sized gap will be enforced between allocated ++ thread stacks. Glibc's NPTL and other threading libraries that ++ pass MAP_STACK to the kernel for thread stack allocation are supported. ++ The implementation currently provides 8 bits of entropy for the gap. ++ ++ Many distributions do not compile threaded remote services with the ++ -fstack-check argument to GCC, causing the variable-sized stack-based ++ allocator, alloca(), to not probe the stack on allocation. This ++ permits an unbounded alloca() to skip over any guard page and potentially ++ modify another thread's stack reliably. An enforced random gap ++ reduces the reliability of such an attack and increases the chance ++ that such a read/write to another thread's stack instead lands in ++ an unmapped area, causing a crash and triggering grsecurity's ++ anti-bruteforcing logic. ++ +config GRKERNSEC_PROC_MEMMAP + bool "Harden ASLR against information leaks and entropy reduction" + default y if (GRKERNSEC_CONFIG_AUTO || PAX_NOEXEC || PAX_ASLR) @@ -51729,6 +56060,19 @@ index 0000000..10c36fb + behavior if this option is enabled in an init script on a read-only + filesystem. This feature is mainly intended for secure embedded systems. + ++config GRKERNSEC_DEVICE_SIDECHANNEL ++ bool "Eliminate stat/notify-based device sidechannels" ++ default y if GRKERNSEC_CONFIG_AUTO ++ help ++ If you say Y here, timing analyses on block or character ++ devices like /dev/ptmx using stat or inotify/dnotify/fanotify ++ will be thwarted for unprivileged users. If a process without ++ CAP_MKNOD stats such a device, the last access and last modify times ++ will match the device's create time. No access or modify events ++ will be triggered through inotify/dnotify/fanotify for such devices. ++ This feature will prevent attacks that may at a minimum ++ allow an attacker to determine the administrator's password length. ++ +config GRKERNSEC_CHROOT + bool "Chroot jail restrictions" + default y if GRKERNSEC_CONFIG_AUTO @@ -51900,11 +56244,11 @@ index 0000000..10c36fb +config GRKERNSEC_AUDIT_GROUP + bool "Single group for auditing" + help -+ If you say Y here, the exec, chdir, and (un)mount logging features -+ will only operate on a group you specify. This option is recommended -+ if you only want to watch certain users instead of having a large -+ amount of logs from the entire system. If the sysctl option is enabled, -+ a sysctl option with name "audit_group" is created. ++ If you say Y here, the exec and chdir logging features will only operate ++ on a group you specify. This option is recommended if you only want to ++ watch certain users instead of having a large amount of logs from the ++ entire system. If the sysctl option is enabled, a sysctl option with ++ name "audit_group" is created. + +config GRKERNSEC_AUDIT_GID + int "GID for auditing" @@ -52033,7 +56377,7 @@ index 0000000..10c36fb + default y if GRKERNSEC_CONFIG_AUTO + help + If you say Y here, non-root users will not be able to use dmesg(8) -+ to view up to the last 4kb of messages in the kernel's log buffer. ++ to view the contents of the kernel's circular log buffer. + The kernel's log buffer often contains kernel addresses and other + identifying information useful to an attacker in fingerprinting a + system for a targeted exploit. @@ -52192,6 +56536,24 @@ index 0000000..10c36fb + prevents a socket from lasting more than 45 seconds in LAST_ACK + state. + ++config GRKERNSEC_NO_SIMULT_CONNECT ++ bool "Disable TCP Simultaneous Connect" ++ default y if GRKERNSEC_CONFIG_AUTO ++ depends on NET ++ help ++ If you say Y here, a feature by Willy Tarreau will be enabled that ++ removes a weakness in Linux's strict implementation of TCP that ++ allows two clients to connect to each other without either entering ++ a listening state. The weakness allows an attacker to easily prevent ++ a client from connecting to a known server provided the source port ++ for the connection is guessed correctly. ++ ++ As the weakness could be used to prevent an antivirus or IPS from ++ fetching updates, or prevent an SSL gateway from fetching a CRL, ++ it should be eliminated by enabling this option. Though Linux is ++ one of few operating systems supporting simultaneous connect, it ++ has no legitimate use in practice and is rarely supported by firewalls. ++ +config GRKERNSEC_SOCKET + bool "Socket restrictions" + depends on NET @@ -52378,10 +56740,10 @@ index 0000000..1b9afa9 +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..4428c82 +index 0000000..0767b2e --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,4056 @@ +@@ -0,0 +1,4067 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -52408,6 +56770,7 @@ index 0000000..4428c82 +#include <linux/fdtable.h> +#include <linux/percpu.h> +#include <linux/lglock.h> ++#include <linux/hugetlb.h> +#include "../fs/mount.h" + +#include <asm/uaccess.h> @@ -52445,11 +56808,6 @@ index 0000000..4428c82 +extern int chkpw(struct gr_arg *entry, unsigned char *salt, unsigned char *sum); +extern void gr_clear_learn_entries(void); + -+#ifdef CONFIG_GRKERNSEC_RESLOG -+extern void gr_log_resource(const struct task_struct *task, -+ const int res, const unsigned long wanted, const int gt); -+#endif -+ +unsigned char *gr_system_salt; +unsigned char *gr_system_sum; + @@ -52467,8 +56825,9 @@ index 0000000..4428c82 + +extern struct vfsmount *pipe_mnt; +extern struct vfsmount *shm_mnt; ++ +#ifdef CONFIG_HUGETLBFS -+extern struct vfsmount *hugetlbfs_vfsmount; ++extern struct vfsmount *hugetlbfs_vfsmount[HUGE_MAX_HSTATE]; +#endif + +static struct acl_object_label *fakefs_obj_rw; @@ -52771,7 +57130,7 @@ index 0000000..4428c82 +struct acl_subject_label * +lookup_subject_map(const struct acl_subject_label *userp) +{ -+ unsigned int index = shash(userp, subj_map_set.s_size); ++ unsigned int index = gr_shash(userp, subj_map_set.s_size); + struct subject_map *match; + + match = subj_map_set.s_hash[index]; @@ -52788,7 +57147,7 @@ index 0000000..4428c82 +static void +insert_subj_map_entry(struct subject_map *subjmap) +{ -+ unsigned int index = shash(subjmap->user, subj_map_set.s_size); ++ unsigned int index = gr_shash(subjmap->user, subj_map_set.s_size); + struct subject_map **curr; + + subjmap->prev = NULL; @@ -52807,7 +57166,7 @@ index 0000000..4428c82 +lookup_acl_role_label(const struct task_struct *task, const uid_t uid, + const gid_t gid) +{ -+ unsigned int index = rhash(uid, GR_ROLE_USER, acl_role_set.r_size); ++ unsigned int index = gr_rhash(uid, GR_ROLE_USER, acl_role_set.r_size); + struct acl_role_label *match; + struct role_allowed_ip *ipp; + unsigned int x; @@ -52830,7 +57189,7 @@ index 0000000..4428c82 +found: + if (match == NULL) { + try_group: -+ index = rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size); ++ index = gr_rhash(gid, GR_ROLE_GROUP, acl_role_set.r_size); + match = acl_role_set.r_hash[index]; + + while (match) { @@ -52876,7 +57235,7 @@ index 0000000..4428c82 +lookup_acl_subj_label(const ino_t ino, const dev_t dev, + const struct acl_role_label *role) +{ -+ unsigned int index = fhash(ino, dev, role->subj_hash_size); ++ unsigned int index = gr_fhash(ino, dev, role->subj_hash_size); + struct acl_subject_label *match; + + match = role->subj_hash[index]; @@ -52896,7 +57255,7 @@ index 0000000..4428c82 +lookup_acl_subj_label_deleted(const ino_t ino, const dev_t dev, + const struct acl_role_label *role) +{ -+ unsigned int index = fhash(ino, dev, role->subj_hash_size); ++ unsigned int index = gr_fhash(ino, dev, role->subj_hash_size); + struct acl_subject_label *match; + + match = role->subj_hash[index]; @@ -52916,7 +57275,7 @@ index 0000000..4428c82 +lookup_acl_obj_label(const ino_t ino, const dev_t dev, + const struct acl_subject_label *subj) +{ -+ unsigned int index = fhash(ino, dev, subj->obj_hash_size); ++ unsigned int index = gr_fhash(ino, dev, subj->obj_hash_size); + struct acl_object_label *match; + + match = subj->obj_hash[index]; @@ -52936,7 +57295,7 @@ index 0000000..4428c82 +lookup_acl_obj_label_create(const ino_t ino, const dev_t dev, + const struct acl_subject_label *subj) +{ -+ unsigned int index = fhash(ino, dev, subj->obj_hash_size); ++ unsigned int index = gr_fhash(ino, dev, subj->obj_hash_size); + struct acl_object_label *match; + + match = subj->obj_hash[index]; @@ -53010,7 +57369,7 @@ index 0000000..4428c82 +static struct inodev_entry * +lookup_inodev_entry(const ino_t ino, const dev_t dev) +{ -+ unsigned int index = fhash(ino, dev, inodev_set.i_size); ++ unsigned int index = gr_fhash(ino, dev, inodev_set.i_size); + struct inodev_entry *match; + + match = inodev_set.i_hash[index]; @@ -53024,7 +57383,7 @@ index 0000000..4428c82 +static void +insert_inodev_entry(struct inodev_entry *entry) +{ -+ unsigned int index = fhash(entry->nentry->inode, entry->nentry->device, ++ unsigned int index = gr_fhash(entry->nentry->inode, entry->nentry->device, + inodev_set.i_size); + struct inodev_entry **curr; + @@ -53044,7 +57403,7 @@ index 0000000..4428c82 +__insert_acl_role_label(struct acl_role_label *role, uid_t uidgid) +{ + unsigned int index = -+ rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size); ++ gr_rhash(uidgid, role->roletype & (GR_ROLE_USER | GR_ROLE_GROUP), acl_role_set.r_size); + struct acl_role_label **curr; + struct acl_role_label *tmp, *tmp2; + @@ -53177,7 +57536,7 @@ index 0000000..4428c82 + struct acl_subject_label *subj) +{ + unsigned int index = -+ fhash(obj->inode, obj->device, subj->obj_hash_size); ++ gr_fhash(obj->inode, obj->device, subj->obj_hash_size); + struct acl_object_label **curr; + + @@ -53197,7 +57556,7 @@ index 0000000..4428c82 +insert_acl_subj_label(struct acl_subject_label *obj, + struct acl_role_label *role) +{ -+ unsigned int index = fhash(obj->inode, obj->device, role->subj_hash_size); ++ unsigned int index = gr_fhash(obj->inode, obj->device, role->subj_hash_size); + struct acl_subject_label **curr; + + obj->prev = NULL; @@ -53562,14 +57921,6 @@ index 0000000..4428c82 + break; + + userp = s_tmp.prev; -+ /* do not count nested subjects against this count, since -+ they are not included in the hash table, but are -+ attached to objects. We have already counted -+ the subjects in userspace for the allocation -+ stack -+ */ -+ if (!(s_tmp.mode & GR_NESTED)) -+ num++; + } + + return num; @@ -53847,15 +58198,6 @@ index 0000000..4428c82 + sizeof (struct acl_subject_label))) + return -EFAULT; + -+ /* do not add nested subjects here, add -+ while parsing objects -+ */ -+ -+ if (s_pre.mode & GR_NESTED) { -+ userp = s_pre.prev; -+ continue; -+ } -+ + ret = do_copy_user_subj(userp, role, NULL); + + err = PTR_ERR(ret); @@ -54260,6 +58602,20 @@ index 0000000..4428c82 + return __full_lookup(orig_dentry, orig_mnt, inode, device, subj, path, newglob); +} + ++#ifdef CONFIG_HUGETLBFS ++static inline bool ++is_hugetlbfs_mnt(const struct vfsmount *mnt) ++{ ++ int i; ++ for (i = 0; i < HUGE_MAX_HSTATE; i++) { ++ if (unlikely(hugetlbfs_vfsmount[i] == mnt)) ++ return true; ++ } ++ ++ return false; ++} ++#endif ++ +static struct acl_object_label * +__chk_obj_label(const struct dentry *l_dentry, const struct vfsmount *l_mnt, + const struct acl_subject_label *subj, char *path, const int checkglob) @@ -54278,7 +58634,7 @@ index 0000000..4428c82 + mnt == sock_mnt || +#endif +#ifdef CONFIG_HUGETLBFS -+ (mnt == hugetlbfs_vfsmount && dentry->d_inode->i_nlink == 0) || ++ (is_hugetlbfs_mnt(mnt) && dentry->d_inode->i_nlink == 0) || +#endif + /* ignore Eric Biederman */ + IS_PRIVATE(l_dentry->d_inode))) { @@ -54429,7 +58785,7 @@ index 0000000..4428c82 + const struct cred *cred = current_cred(); + + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, task->role->roletype, -+ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry, ++ GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry, + task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename, + 1UL, 1UL, gr_to_filename(dentry, mnt), (unsigned long) mode, &task->signal->saved_ip); + @@ -54437,16 +58793,29 @@ index 0000000..4428c82 +} + +static void -+gr_log_learn_id_change(const char type, const unsigned int real, -+ const unsigned int effective, const unsigned int fs) ++gr_log_learn_uid_change(const kuid_t real, const kuid_t effective, const kuid_t fs) ++{ ++ struct task_struct *task = current; ++ const struct cred *cred = current_cred(); ++ ++ security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype, ++ GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry, ++ task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename, ++ 'u', GR_GLOBAL_UID(real), GR_GLOBAL_UID(effective), GR_GLOBAL_UID(fs), &task->signal->saved_ip); ++ ++ return; ++} ++ ++static void ++gr_log_learn_gid_change(const kgid_t real, const kgid_t effective, const kgid_t fs) +{ + struct task_struct *task = current; + const struct cred *cred = current_cred(); + + security_learn(GR_ID_LEARN_MSG, task->role->rolename, task->role->roletype, -+ cred->uid, cred->gid, task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry, ++ GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), task->exec_file ? gr_to_filename1(task->exec_file->f_path.dentry, + task->exec_file->f_path.mnt) : task->acl->filename, task->acl->filename, -+ type, real, effective, fs, &task->signal->saved_ip); ++ 'g', GR_GLOBAL_GID(real), GR_GLOBAL_GID(effective), GR_GLOBAL_GID(fs), &task->signal->saved_ip); + + return; +} @@ -54719,23 +59088,28 @@ index 0000000..4428c82 +extern int __gr_process_user_ban(struct user_struct *user); + +int -+gr_check_user_change(int real, int effective, int fs) ++gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs) +{ + unsigned int i; + __u16 num; + uid_t *uidlist; -+ int curuid; ++ uid_t curuid; + int realok = 0; + int effectiveok = 0; + int fsok = 0; ++ uid_t globalreal, globaleffective, globalfs; + +#if defined(CONFIG_GRKERNSEC_KERN_LOCKOUT) || defined(CONFIG_GRKERNSEC_BRUTE) + struct user_struct *user; + -+ if (real == -1) ++ if (!uid_valid(real)) + goto skipit; + -+ user = find_user(real); ++ /* find user based on global namespace */ ++ ++ globalreal = GR_GLOBAL_UID(real); ++ ++ user = find_user(make_kuid(&init_user_ns, globalreal)); + if (user == NULL) + goto skipit; + @@ -54755,7 +59129,7 @@ index 0000000..4428c82 + return 0; + + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) -+ gr_log_learn_id_change('u', real, effective, fs); ++ gr_log_learn_uid_change(real, effective, fs); + + num = current->acl->user_trans_num; + uidlist = current->acl->user_transitions; @@ -54763,31 +59137,43 @@ index 0000000..4428c82 + if (uidlist == NULL) + return 0; + -+ if (real == -1) ++ if (!uid_valid(real)) { + realok = 1; -+ if (effective == -1) ++ globalreal = (uid_t)-1; ++ } else { ++ globalreal = GR_GLOBAL_UID(real); ++ } ++ if (!uid_valid(effective)) { + effectiveok = 1; -+ if (fs == -1) ++ globaleffective = (uid_t)-1; ++ } else { ++ globaleffective = GR_GLOBAL_UID(effective); ++ } ++ if (!uid_valid(fs)) { + fsok = 1; ++ globalfs = (uid_t)-1; ++ } else { ++ globalfs = GR_GLOBAL_UID(fs); ++ } + + if (current->acl->user_trans_type & GR_ID_ALLOW) { + for (i = 0; i < num; i++) { -+ curuid = (int)uidlist[i]; -+ if (real == curuid) ++ curuid = uidlist[i]; ++ if (globalreal == curuid) + realok = 1; -+ if (effective == curuid) ++ if (globaleffective == curuid) + effectiveok = 1; -+ if (fs == curuid) ++ if (globalfs == curuid) + fsok = 1; + } + } else if (current->acl->user_trans_type & GR_ID_DENY) { + for (i = 0; i < num; i++) { -+ curuid = (int)uidlist[i]; -+ if (real == curuid) ++ curuid = uidlist[i]; ++ if (globalreal == curuid) + break; -+ if (effective == curuid) ++ if (globaleffective == curuid) + break; -+ if (fs == curuid) ++ if (globalfs == curuid) + break; + } + /* not in deny list */ @@ -54801,27 +59187,28 @@ index 0000000..4428c82 + if (realok && effectiveok && fsok) + return 0; + else { -+ gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real); ++ gr_log_int(GR_DONT_AUDIT, GR_USRCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : globalfs) : globaleffective) : globalreal); + return 1; + } +} + +int -+gr_check_group_change(int real, int effective, int fs) ++gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs) +{ + unsigned int i; + __u16 num; + gid_t *gidlist; -+ int curgid; ++ gid_t curgid; + int realok = 0; + int effectiveok = 0; + int fsok = 0; ++ gid_t globalreal, globaleffective, globalfs; + + if (unlikely(!(gr_status & GR_READY))) + return 0; + + if (current->acl->mode & (GR_LEARN | GR_INHERITLEARN)) -+ gr_log_learn_id_change('g', real, effective, fs); ++ gr_log_learn_gid_change(real, effective, fs); + + num = current->acl->group_trans_num; + gidlist = current->acl->group_transitions; @@ -54829,31 +59216,43 @@ index 0000000..4428c82 + if (gidlist == NULL) + return 0; + -+ if (real == -1) ++ if (!gid_valid(real)) { + realok = 1; -+ if (effective == -1) ++ globalreal = (gid_t)-1; ++ } else { ++ globalreal = GR_GLOBAL_GID(real); ++ } ++ if (!gid_valid(effective)) { + effectiveok = 1; -+ if (fs == -1) ++ globaleffective = (gid_t)-1; ++ } else { ++ globaleffective = GR_GLOBAL_GID(effective); ++ } ++ if (!gid_valid(fs)) { + fsok = 1; ++ globalfs = (gid_t)-1; ++ } else { ++ globalfs = GR_GLOBAL_GID(fs); ++ } + + if (current->acl->group_trans_type & GR_ID_ALLOW) { + for (i = 0; i < num; i++) { -+ curgid = (int)gidlist[i]; -+ if (real == curgid) ++ curgid = gidlist[i]; ++ if (globalreal == curgid) + realok = 1; -+ if (effective == curgid) ++ if (globaleffective == curgid) + effectiveok = 1; -+ if (fs == curgid) ++ if (globalfs == curgid) + fsok = 1; + } + } else if (current->acl->group_trans_type & GR_ID_DENY) { + for (i = 0; i < num; i++) { -+ curgid = (int)gidlist[i]; -+ if (real == curgid) ++ curgid = gidlist[i]; ++ if (globalreal == curgid) + break; -+ if (effective == curgid) ++ if (globaleffective == curgid) + break; -+ if (fs == curgid) ++ if (globalfs == curgid) + break; + } + /* not in deny list */ @@ -54867,7 +59266,7 @@ index 0000000..4428c82 + if (realok && effectiveok && fsok) + return 0; + else { -+ gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : fs) : effective) : real); ++ gr_log_int(GR_DONT_AUDIT, GR_GRPCHANGE_ACL_MSG, realok ? (effectiveok ? (fsok ? 0 : globalfs) : globaleffective) : globalreal); + return 1; + } +} @@ -54875,16 +59274,21 @@ index 0000000..4428c82 +extern int gr_acl_is_capable(const int cap); + +void -+gr_set_role_label(struct task_struct *task, const uid_t uid, const uid_t gid) ++gr_set_role_label(struct task_struct *task, const kuid_t kuid, const kgid_t kgid) +{ + struct acl_role_label *role = task->role; + struct acl_subject_label *subj = NULL; + struct acl_object_label *obj; + struct file *filp; ++ uid_t uid; ++ gid_t gid; + + if (unlikely(!(gr_status & GR_READY))) + return; + ++ uid = GR_GLOBAL_UID(kuid); ++ gid = GR_GLOBAL_GID(kgid); ++ + filp = task->exec_file; + + /* kernel process, we'll give them the kernel role */ @@ -54930,7 +59334,7 @@ index 0000000..4428c82 + task->is_writable = 1; + +#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG -+ printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename); ++ printk(KERN_ALERT "Set role label for (%s:%d): role:%s, subject:%s\n", task->comm, task_pid_nr(task), task->role->rolename, task->acl->filename); +#endif + + gr_set_proc_res(task); @@ -55005,7 +59409,7 @@ index 0000000..4428c82 + gr_set_proc_res(task); + +#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG -+ printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename); ++ printk(KERN_ALERT "Set subject label for (%s:%d): role:%s, subject:%s\n", task->comm, task_pid_nr(task), task->role->rolename, task->acl->filename); +#endif + return 0; +} @@ -55061,7 +59465,7 @@ index 0000000..4428c82 + const ino_t newinode, const dev_t newdevice, + struct acl_subject_label *subj) +{ -+ unsigned int index = fhash(oldinode, olddevice, subj->obj_hash_size); ++ unsigned int index = gr_fhash(oldinode, olddevice, subj->obj_hash_size); + struct acl_object_label *match; + + match = subj->obj_hash[index]; @@ -55100,7 +59504,7 @@ index 0000000..4428c82 + const ino_t newinode, const dev_t newdevice, + struct acl_role_label *role) +{ -+ unsigned int index = fhash(oldinode, olddevice, role->subj_hash_size); ++ unsigned int index = gr_fhash(oldinode, olddevice, role->subj_hash_size); + struct acl_subject_label *match; + + match = role->subj_hash[index]; @@ -55138,7 +59542,7 @@ index 0000000..4428c82 +update_inodev_entry(const ino_t oldinode, const dev_t olddevice, + const ino_t newinode, const dev_t newdevice) +{ -+ unsigned int index = fhash(oldinode, olddevice, inodev_set.i_size); ++ unsigned int index = gr_fhash(oldinode, olddevice, inodev_set.i_size); + struct inodev_entry *match; + + match = inodev_set.i_hash[index]; @@ -55419,7 +59823,7 @@ index 0000000..4428c82 + tsk->is_writable = 1; + +#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG -+ printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename, tsk->acl->filename, tsk->comm, tsk->pid); ++ printk(KERN_ALERT "Assigning special role:%s subject:%s to process (%s:%d)\n", tsk->role->rolename, tsk->acl->filename, tsk->comm, task_pid_nr(tsk)); +#endif + +out_unlock: @@ -55473,7 +59877,7 @@ index 0000000..4428c82 + if (file && S_ISCHR(file->f_path.dentry->d_inode->i_mode) && + file->f_path.dentry->d_inode->i_rdev == our_file->f_path.dentry->d_inode->i_rdev) { + p3 = task; -+ while (p3->pid > 0) { ++ while (task_pid_nr(p3) > 0) { + if (p3 == p) + break; + p3 = p3->real_parent; @@ -55564,7 +59968,7 @@ index 0000000..4428c82 + + if (gr_usermode->mode != GR_SPROLE && gr_usermode->mode != GR_STATUS && + gr_usermode->mode != GR_UNSPROLE && gr_usermode->mode != GR_SPROLEPAM && -+ !uid_eq(current_uid(), GLOBAL_ROOT_UID)) { ++ gr_is_global_nonroot(current_uid())) { + error = -EPERM; + goto out; + } @@ -55803,7 +60207,7 @@ index 0000000..4428c82 + gr_set_proc_res(task); + +#ifdef CONFIG_GRKERNSEC_RBAC_DEBUG -+ printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task->pid, task->role->rolename, task->acl->filename); ++ printk(KERN_ALERT "gr_set_acls for (%s:%d): role:%s, subject:%s\n", task->comm, task_pid_nr(task), task->role->rolename, task->acl->filename); +#endif + } else { + return 1; @@ -55838,13 +60242,13 @@ index 0000000..4428c82 + + if (task->exec_file) { + cred = __task_cred(task); -+ task->role = lookup_acl_role_label(task, cred->uid, cred->gid); ++ task->role = lookup_acl_role_label(task, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid)); + ret = gr_apply_subject_to_task(task); + if (ret) { + read_unlock(&grsec_exec_file_lock); + read_unlock(&tasklist_lock); + rcu_read_unlock(); -+ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_DEFACL_MSG, task->comm, task->pid); ++ gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_DEFACL_MSG, task->comm, task_pid_nr(task)); + return ret; + } + } else { @@ -55863,6 +60267,26 @@ index 0000000..4428c82 + return 0; +} + ++#if defined(CONFIG_GRKERNSEC_RESLOG) || !defined(CONFIG_GRKERNSEC_NO_RBAC) ++static const unsigned long res_learn_bumps[GR_NLIMITS] = { ++ [RLIMIT_CPU] = GR_RLIM_CPU_BUMP, ++ [RLIMIT_FSIZE] = GR_RLIM_FSIZE_BUMP, ++ [RLIMIT_DATA] = GR_RLIM_DATA_BUMP, ++ [RLIMIT_STACK] = GR_RLIM_STACK_BUMP, ++ [RLIMIT_CORE] = GR_RLIM_CORE_BUMP, ++ [RLIMIT_RSS] = GR_RLIM_RSS_BUMP, ++ [RLIMIT_NPROC] = GR_RLIM_NPROC_BUMP, ++ [RLIMIT_NOFILE] = GR_RLIM_NOFILE_BUMP, ++ [RLIMIT_MEMLOCK] = GR_RLIM_MEMLOCK_BUMP, ++ [RLIMIT_AS] = GR_RLIM_AS_BUMP, ++ [RLIMIT_LOCKS] = GR_RLIM_LOCKS_BUMP, ++ [RLIMIT_SIGPENDING] = GR_RLIM_SIGPENDING_BUMP, ++ [RLIMIT_MSGQUEUE] = GR_RLIM_MSGQUEUE_BUMP, ++ [RLIMIT_NICE] = GR_RLIM_NICE_BUMP, ++ [RLIMIT_RTPRIO] = GR_RLIM_RTPRIO_BUMP, ++ [RLIMIT_RTTIME] = GR_RLIM_RTTIME_BUMP ++}; ++ +void +gr_learn_resource(const struct task_struct *task, + const int res, const unsigned long wanted, const int gt) @@ -55874,10 +60298,8 @@ index 0000000..4428c82 + task->acl && (task->acl->mode & (GR_LEARN | GR_INHERITLEARN)))) + goto skip_reslog; + -+#ifdef CONFIG_GRKERNSEC_RESLOG + gr_log_resource(task, res, wanted, gt); -+#endif -+ skip_reslog: ++skip_reslog: + + if (unlikely(!(gr_status & GR_READY) || !wanted || res >= GR_NLIMITS)) + return; @@ -55891,57 +60313,7 @@ index 0000000..4428c82 + if (wanted >= acl->res[res].rlim_cur) { + unsigned long res_add; + -+ res_add = wanted; -+ switch (res) { -+ case RLIMIT_CPU: -+ res_add += GR_RLIM_CPU_BUMP; -+ break; -+ case RLIMIT_FSIZE: -+ res_add += GR_RLIM_FSIZE_BUMP; -+ break; -+ case RLIMIT_DATA: -+ res_add += GR_RLIM_DATA_BUMP; -+ break; -+ case RLIMIT_STACK: -+ res_add += GR_RLIM_STACK_BUMP; -+ break; -+ case RLIMIT_CORE: -+ res_add += GR_RLIM_CORE_BUMP; -+ break; -+ case RLIMIT_RSS: -+ res_add += GR_RLIM_RSS_BUMP; -+ break; -+ case RLIMIT_NPROC: -+ res_add += GR_RLIM_NPROC_BUMP; -+ break; -+ case RLIMIT_NOFILE: -+ res_add += GR_RLIM_NOFILE_BUMP; -+ break; -+ case RLIMIT_MEMLOCK: -+ res_add += GR_RLIM_MEMLOCK_BUMP; -+ break; -+ case RLIMIT_AS: -+ res_add += GR_RLIM_AS_BUMP; -+ break; -+ case RLIMIT_LOCKS: -+ res_add += GR_RLIM_LOCKS_BUMP; -+ break; -+ case RLIMIT_SIGPENDING: -+ res_add += GR_RLIM_SIGPENDING_BUMP; -+ break; -+ case RLIMIT_MSGQUEUE: -+ res_add += GR_RLIM_MSGQUEUE_BUMP; -+ break; -+ case RLIMIT_NICE: -+ res_add += GR_RLIM_NICE_BUMP; -+ break; -+ case RLIMIT_RTPRIO: -+ res_add += GR_RLIM_RTPRIO_BUMP; -+ break; -+ case RLIMIT_RTTIME: -+ res_add += GR_RLIM_RTTIME_BUMP; -+ break; -+ } ++ res_add = wanted + res_learn_bumps[res]; + + acl->res[res].rlim_cur = res_add; + @@ -55953,7 +60325,7 @@ index 0000000..4428c82 + rcu_read_lock(); + cred = __task_cred(task); + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, -+ task->role->roletype, cred->uid, cred->gid, acl->filename, ++ task->role->roletype, GR_GLOBAL_UID(cred->uid), GR_GLOBAL_GID(cred->gid), acl->filename, + acl->filename, acl->res[res].rlim_cur, acl->res[res].rlim_max, + "", (unsigned long) res, &task->signal->saved_ip); + rcu_read_unlock(); @@ -55961,6 +60333,8 @@ index 0000000..4428c82 + + return; +} ++EXPORT_SYMBOL(gr_learn_resource); ++#endif + +#if defined(CONFIG_PAX_HAVE_ACL_FLAGS) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)) +void @@ -56022,13 +60396,13 @@ index 0000000..4428c82 + read_lock(&grsec_exec_file_lock); + filp = task->exec_file; + -+ while (tmp->pid > 0) { ++ while (task_pid_nr(tmp) > 0) { + if (tmp == curtemp) + break; + tmp = tmp->real_parent; + } + -+ if (!filp || (tmp->pid == 0 && ((grsec_enable_harden_ptrace && !uid_eq(current_uid(), GLOBAL_ROOT_UID) && !(gr_status & GR_READY)) || ++ if (!filp || (task_pid_nr(tmp) == 0 && ((grsec_enable_harden_ptrace && gr_is_global_nonroot(current_uid()) && !(gr_status & GR_READY)) || + ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE))))) { + read_unlock(&grsec_exec_file_lock); + read_unlock(&tasklist_lock); @@ -56052,7 +60426,7 @@ index 0000000..4428c82 + + if (!(current->acl->mode & GR_POVERRIDE) && !(current->role->roletype & GR_ROLE_GOD) + && (current->acl != task->acl || (current->acl != current->role->root_label -+ && current->pid != task->pid))) ++ && task_pid_nr(current) != task_pid_nr(task)))) + return 1; + + return 0; @@ -56084,13 +60458,13 @@ index 0000000..4428c82 +#endif + if (request == PTRACE_ATTACH || request == PTRACE_SEIZE) { + read_lock(&tasklist_lock); -+ while (tmp->pid > 0) { ++ while (task_pid_nr(tmp) > 0) { + if (tmp == curtemp) + break; + tmp = tmp->real_parent; + } + -+ if (tmp->pid == 0 && ((grsec_enable_harden_ptrace && !uid_eq(current_uid(), GLOBAL_ROOT_UID) && !(gr_status & GR_READY)) || ++ if (task_pid_nr(tmp) == 0 && ((grsec_enable_harden_ptrace && gr_is_global_nonroot(current_uid()) && !(gr_status & GR_READY)) || + ((gr_status & GR_READY) && !(current->acl->mode & GR_RELAXPTRACE)))) { + read_unlock(&tasklist_lock); + gr_log_ptrace(GR_DONT_AUDIT, GR_PTRACE_ACL_MSG, task); @@ -56302,10 +60676,10 @@ index 0000000..4428c82 +#if defined(CONFIG_GRKERNSEC_PROC_USER) || defined(CONFIG_GRKERNSEC_PROC_USERGROUP) + cred = __task_cred(task); +#ifdef CONFIG_GRKERNSEC_PROC_USER -+ if (!uid_eq(cred->uid, GLOBAL_ROOT_UID)) ++ if (gr_is_global_nonroot(cred->uid)) + ret = -EACCES; +#elif defined(CONFIG_GRKERNSEC_PROC_USERGROUP) -+ if (!uid_eq(cred->uid, GLOBAL_ROOT_UID) && !groups_search(cred->group_info, grsec_proc_gid)) ++ if (gr_is_global_nonroot(cred->uid) && !groups_search(cred->group_info, grsec_proc_gid)) + ret = -EACCES; +#endif +#endif @@ -56431,7 +60805,6 @@ index 0000000..4428c82 +#ifdef CONFIG_NETFILTER_XT_MATCH_GRADM_MODULE +EXPORT_SYMBOL(gr_acl_is_enabled); +#endif -+EXPORT_SYMBOL(gr_learn_resource); +EXPORT_SYMBOL(gr_set_kernel_label); +#ifdef CONFIG_SECURITY +EXPORT_SYMBOL(gr_check_user_change); @@ -56551,7 +60924,7 @@ index 0000000..34fefda +} diff --git a/grsecurity/gracl_cap.c b/grsecurity/gracl_cap.c new file mode 100644 -index 0000000..6d21049 +index 0000000..bdd51ea --- /dev/null +++ b/grsecurity/gracl_cap.c @@ -0,0 +1,110 @@ @@ -56606,8 +60979,8 @@ index 0000000..6d21049 + if ((curracl->mode & (GR_LEARN | GR_INHERITLEARN)) + && cap_raised(cred->cap_effective, cap)) { + security_learn(GR_LEARN_AUDIT_MSG, task->role->rolename, -+ task->role->roletype, cred->uid, -+ cred->gid, task->exec_file ? ++ task->role->roletype, GR_GLOBAL_UID(cred->uid), ++ GR_GLOBAL_GID(cred->gid), task->exec_file ? + gr_to_filename(task->exec_file->f_path.dentry, + task->exec_file->f_path.mnt) : curracl->filename, + curracl->filename, 0UL, @@ -56667,10 +61040,10 @@ index 0000000..6d21049 + diff --git a/grsecurity/gracl_fs.c b/grsecurity/gracl_fs.c new file mode 100644 -index 0000000..d28e241 +index 0000000..a340c17 --- /dev/null +++ b/grsecurity/gracl_fs.c -@@ -0,0 +1,437 @@ +@@ -0,0 +1,431 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/types.h> @@ -56933,7 +61306,7 @@ index 0000000..d28e241 + const struct dentry * parent_dentry, + const struct vfsmount * parent_mnt, + const struct dentry * old_dentry, -+ const struct vfsmount * old_mnt, const char *to) ++ const struct vfsmount * old_mnt, const struct filename *to) +{ + __u32 mode; + __u32 needmode = GR_CREATE | GR_LINK; @@ -56944,10 +61317,10 @@ index 0000000..d28e241 + old_mnt); + + if (unlikely(((mode & needmode) == needmode) && (mode & needaudit))) { -+ gr_log_fs_rbac_str(GR_DO_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to); ++ gr_log_fs_rbac_str(GR_DO_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to->name); + return mode; + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) { -+ gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to); ++ gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_LINK_ACL_MSG, old_dentry, old_mnt, to->name); + return 0; + } else if (unlikely((mode & needmode) != needmode)) + return 0; @@ -56958,7 +61331,7 @@ index 0000000..d28e241 +__u32 +gr_acl_handle_symlink(const struct dentry * new_dentry, + const struct dentry * parent_dentry, -+ const struct vfsmount * parent_mnt, const char *from) ++ const struct vfsmount * parent_mnt, const struct filename *from) +{ + __u32 needmode = GR_WRITE | GR_CREATE; + __u32 mode; @@ -56969,10 +61342,10 @@ index 0000000..d28e241 + GR_WRITE | GR_AUDIT_WRITE | GR_SUPPRESS); + + if (unlikely(mode & GR_WRITE && mode & GR_AUDITS)) { -+ gr_log_fs_str_rbac(GR_DO_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt); ++ gr_log_fs_str_rbac(GR_DO_AUDIT, GR_SYMLINK_ACL_MSG, from->name, new_dentry, parent_mnt); + return mode; + } else if (unlikely(((mode & needmode) != needmode) && !(mode & GR_SUPPRESS))) { -+ gr_log_fs_str_rbac(GR_DONT_AUDIT, GR_SYMLINK_ACL_MSG, from, new_dentry, parent_mnt); ++ gr_log_fs_str_rbac(GR_DONT_AUDIT, GR_SYMLINK_ACL_MSG, from->name, new_dentry, parent_mnt); + return 0; + } else if (unlikely((mode & needmode) != needmode)) + return 0; @@ -57031,7 +61404,7 @@ index 0000000..d28e241 + const struct vfsmount *parent_mnt, + struct dentry *old_dentry, + struct inode *old_parent_inode, -+ struct vfsmount *old_mnt, const char *newname) ++ struct vfsmount *old_mnt, const struct filename *newname) +{ + __u32 comp1, comp2; + int error = 0; @@ -57062,10 +61435,10 @@ index 0000000..d28e241 + + if (RENAME_CHECK_SUCCESS(comp1, comp2) && + ((comp1 & GR_AUDITS) || (comp2 & GR_AUDITS))) -+ gr_log_fs_rbac_str(GR_DO_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname); ++ gr_log_fs_rbac_str(GR_DO_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname->name); + else if (!RENAME_CHECK_SUCCESS(comp1, comp2) && !(comp1 & GR_SUPPRESS) + && !(comp2 & GR_SUPPRESS)) { -+ gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname); ++ gr_log_fs_rbac_str(GR_DONT_AUDIT, GR_RENAME_ACL_MSG, old_dentry, old_mnt, newname->name); + error = -EACCES; + } else if (unlikely(!RENAME_CHECK_SUCCESS(comp1, comp2))) + error = -EACCES; @@ -57078,7 +61451,6 @@ index 0000000..d28e241 +{ + u16 id; + char *rolename; -+ struct file *exec_file; + + if (unlikely(current->acl_sp_role && gr_acl_is_enabled() && + !(current->role->roletype & GR_ROLE_PERSIST))) { @@ -57088,13 +61460,8 @@ index 0000000..d28e241 + gr_log_str_int(GR_DONT_AUDIT_GOOD, GR_SPROLEL_ACL_MSG, rolename, id); + } + -+ write_lock(&grsec_exec_file_lock); -+ exec_file = current->exec_file; -+ current->exec_file = NULL; -+ write_unlock(&grsec_exec_file_lock); -+ -+ if (exec_file) -+ fput(exec_file); ++ gr_put_exec_file(current); ++ return; +} + +int @@ -57110,7 +61477,7 @@ index 0000000..d28e241 +} diff --git a/grsecurity/gracl_ip.c b/grsecurity/gracl_ip.c new file mode 100644 -index 0000000..58800a7 +index 0000000..4699807 --- /dev/null +++ b/grsecurity/gracl_ip.c @@ -0,0 +1,384 @@ @@ -57230,8 +61597,8 @@ index 0000000..58800a7 + if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) { + __u32 fakeip = 0; + security_learn(GR_IP_LEARN_MSG, current->role->rolename, -+ current->role->roletype, cred->uid, -+ cred->gid, current->exec_file ? ++ current->role->roletype, GR_GLOBAL_UID(cred->uid), ++ GR_GLOBAL_GID(cred->gid), current->exec_file ? + gr_to_filename(current->exec_file->f_path.dentry, + current->exec_file->f_path.mnt) : + curr->filename, curr->filename, @@ -57258,8 +61625,8 @@ index 0000000..58800a7 + if (type == SOCK_RAW || type == SOCK_PACKET) { + __u32 fakeip = 0; + security_learn(GR_IP_LEARN_MSG, current->role->rolename, -+ current->role->roletype, cred->uid, -+ cred->gid, current->exec_file ? ++ current->role->roletype, GR_GLOBAL_UID(cred->uid), ++ GR_GLOBAL_GID(cred->gid), current->exec_file ? + gr_to_filename(current->exec_file->f_path.dentry, + current->exec_file->f_path.mnt) : + curr->filename, curr->filename, @@ -57268,8 +61635,8 @@ index 0000000..58800a7 + } else if ((type == SOCK_DGRAM) && (protocol == IPPROTO_IP)) { + __u32 fakeip = 0; + security_learn(GR_IP_LEARN_MSG, current->role->rolename, -+ current->role->roletype, cred->uid, -+ cred->gid, current->exec_file ? ++ current->role->roletype, GR_GLOBAL_UID(cred->uid), ++ GR_GLOBAL_GID(cred->gid), current->exec_file ? + gr_to_filename(current->exec_file->f_path.dentry, + current->exec_file->f_path.mnt) : + curr->filename, curr->filename, @@ -57365,8 +61732,8 @@ index 0000000..58800a7 + + if (curr->mode & (GR_LEARN | GR_INHERITLEARN)) { + security_learn(GR_IP_LEARN_MSG, current->role->rolename, -+ current->role->roletype, cred->uid, -+ cred->gid, current->exec_file ? ++ current->role->roletype, GR_GLOBAL_UID(cred->uid), ++ GR_GLOBAL_GID(cred->gid), current->exec_file ? + gr_to_filename(current->exec_file->f_path.dentry, + current->exec_file->f_path.mnt) : + curr->filename, curr->filename, @@ -57787,10 +62154,10 @@ index 0000000..39645c9 +} diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c new file mode 100644 -index 0000000..25197e9 +index 0000000..8c8fc9d --- /dev/null +++ b/grsecurity/gracl_segv.c -@@ -0,0 +1,299 @@ +@@ -0,0 +1,303 @@ +#include <linux/kernel.h> +#include <linux/mm.h> +#include <asm/uaccess.h> @@ -57892,9 +62259,10 @@ index 0000000..25197e9 +} + +static __inline__ void -+gr_insert_uid(const uid_t uid, const unsigned long expires) ++gr_insert_uid(const kuid_t kuid, const unsigned long expires) +{ + int loc; ++ uid_t uid = GR_GLOBAL_UID(kuid); + + if (uid_used == GR_UIDTABLE_MAX) + return; @@ -57929,14 +62297,17 @@ index 0000000..25197e9 +} + +int -+gr_check_crash_uid(const uid_t uid) ++gr_check_crash_uid(const kuid_t kuid) +{ + int loc; + int ret = 0; ++ uid_t uid; + + if (unlikely(!gr_acl_is_enabled())) + return 0; + ++ uid = GR_GLOBAL_UID(kuid); ++ + spin_lock(&gr_uid_lock); + loc = gr_find_uid(uid); + @@ -57959,8 +62330,8 @@ index 0000000..25197e9 + if (!uid_eq(cred->uid, cred->euid) || !uid_eq(cred->uid, cred->suid) || + !uid_eq(cred->uid, cred->fsuid)) + return 1; -+ if (!uid_eq(cred->gid, cred->egid) || !uid_eq(cred->gid, cred->sgid) || -+ !uid_eq(cred->gid, cred->fsgid)) ++ if (!gid_eq(cred->gid, cred->egid) || !gid_eq(cred->gid, cred->sgid) || ++ !gid_eq(cred->gid, cred->fsgid)) + return 1; + + return 0; @@ -58001,7 +62372,7 @@ index 0000000..25197e9 + time_after(curr->expires, get_seconds())) { + rcu_read_lock(); + cred = __task_cred(task); -+ if (!uid_eq(cred->uid, GLOBAL_ROOT_UID) && proc_is_setxid(cred)) { ++ if (gr_is_global_nonroot(cred->uid) && proc_is_setxid(cred)) { + gr_log_crash1(GR_DONT_AUDIT, GR_SEGVSTART_ACL_MSG, task, curr->res[GR_CRASH_RES].rlim_max); + spin_lock(&gr_uid_lock); + gr_insert_uid(cred->uid, curr->expires); @@ -58092,7 +62463,7 @@ index 0000000..25197e9 +} diff --git a/grsecurity/gracl_shm.c b/grsecurity/gracl_shm.c new file mode 100644 -index 0000000..9d83a69 +index 0000000..98011b0 --- /dev/null +++ b/grsecurity/gracl_shm.c @@ -0,0 +1,40 @@ @@ -58107,7 +62478,7 @@ index 0000000..9d83a69 + +int +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid, -+ const time_t shm_createtime, const uid_t cuid, const int shmid) ++ const time_t shm_createtime, const kuid_t cuid, const int shmid) +{ + struct task_struct *task; + @@ -58123,12 +62494,12 @@ index 0000000..9d83a69 + task = find_task_by_vpid(shm_lapid); + + if (unlikely(task && (time_before_eq((unsigned long)task->start_time.tv_sec, (unsigned long)shm_createtime) || -+ (task->pid == shm_lapid)) && ++ (task_pid_nr(task) == shm_lapid)) && + (task->acl->mode & GR_PROTSHM) && + (task->acl != current->acl))) { + read_unlock(&tasklist_lock); + rcu_read_unlock(); -+ gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, cuid, shm_cprid, shmid); ++ gr_log_int3(GR_DONT_AUDIT, GR_SHMAT_ACL_MSG, GR_GLOBAL_UID(cuid), shm_cprid, shmid); + return 0; + } + read_unlock(&tasklist_lock); @@ -58163,10 +62534,10 @@ index 0000000..bc0be01 +} diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c new file mode 100644 -index 0000000..9807ee2 +index 0000000..6d2de57 --- /dev/null +++ b/grsecurity/grsec_chroot.c -@@ -0,0 +1,368 @@ +@@ -0,0 +1,357 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -58181,7 +62552,7 @@ index 0000000..9807ee2 +void gr_set_chroot_entries(struct task_struct *task, struct path *path) +{ +#ifdef CONFIG_GRKERNSEC -+ if (task->pid > 1 && path->dentry != init_task.fs->root.dentry && ++ if (task_pid_nr(task) > 1 && path->dentry != init_task.fs->root.dentry && + path->dentry != task->nsproxy->mnt_ns->root->mnt.mnt_root) + task->gr_is_chrooted = 1; + else @@ -58246,7 +62617,7 @@ index 0000000..9807ee2 +#ifdef CONFIG_GRKERNSEC_CHROOT_NICE + if (grsec_enable_chroot_nice && (niceval < task_nice(p)) + && proc_is_chrooted(current)) { -+ gr_log_str_int(GR_DONT_AUDIT, GR_PRIORITY_CHROOT_MSG, p->comm, p->pid); ++ gr_log_str_int(GR_DONT_AUDIT, GR_PRIORITY_CHROOT_MSG, p->comm, task_pid_nr(p)); + return -EACCES; + } +#endif @@ -58254,17 +62625,6 @@ index 0000000..9807ee2 +} + +int -+gr_handle_chroot_rawio(const struct inode *inode) -+{ -+#ifdef CONFIG_GRKERNSEC_CHROOT_CAPS -+ if (grsec_enable_chroot_caps && proc_is_chrooted(current) && -+ inode && S_ISBLK(inode->i_mode) && !capable(CAP_SYS_RAWIO)) -+ return 1; -+#endif -+ return 0; -+} -+ -+int +gr_handle_chroot_fowner(struct pid *pid, enum pid_type type) +{ +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK @@ -58537,10 +62897,10 @@ index 0000000..9807ee2 +} diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c new file mode 100644 -index 0000000..b79fe50 +index 0000000..207d409 --- /dev/null +++ b/grsecurity/grsec_disabled.c -@@ -0,0 +1,442 @@ +@@ -0,0 +1,434 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -58612,13 +62972,6 @@ index 0000000..b79fe50 + return 0; +} + -+void -+gr_learn_resource(const struct task_struct *task, -+ const int res, const unsigned long wanted, const int gt) -+{ -+ return; -+} -+ +int +gr_set_acls(const int type) +{ @@ -58687,7 +63040,7 @@ index 0000000..b79fe50 +} + +int -+gr_check_crash_uid(const uid_t uid) ++gr_check_crash_uid(const kuid_t uid) +{ + return 0; +} @@ -58829,7 +63182,7 @@ index 0000000..b79fe50 +__u32 +gr_acl_handle_symlink(const struct dentry * new_dentry, + const struct dentry * parent_dentry, -+ const struct vfsmount * parent_mnt, const char *from) ++ const struct vfsmount * parent_mnt, const struct filename *from) +{ + return 1; +} @@ -58839,7 +63192,7 @@ index 0000000..b79fe50 + const struct dentry * parent_dentry, + const struct vfsmount * parent_mnt, + const struct dentry * old_dentry, -+ const struct vfsmount * old_mnt, const char *to) ++ const struct vfsmount * old_mnt, const struct filename *to) +{ + return 1; +} @@ -58850,7 +63203,7 @@ index 0000000..b79fe50 + const struct vfsmount *parent_mnt, + const struct dentry *old_dentry, + const struct inode *old_parent_inode, -+ const struct vfsmount *old_mnt, const char *newname) ++ const struct vfsmount *old_mnt, const struct filename *newname) +{ + return 0; +} @@ -58864,7 +63217,7 @@ index 0000000..b79fe50 + +int +gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid, -+ const time_t shm_createtime, const uid_t cuid, const int shmid) ++ const time_t shm_createtime, const kuid_t cuid, const int shmid) +{ + return 1; +} @@ -58921,7 +63274,7 @@ index 0000000..b79fe50 +} + +void -+gr_set_role_label(const uid_t uid, const gid_t gid) ++gr_set_role_label(const kuid_t uid, const kgid_t gid) +{ + return; +} @@ -58951,13 +63304,13 @@ index 0000000..b79fe50 +} + +int -+gr_check_user_change(int real, int effective, int fs) ++gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs) +{ + return 0; +} + +int -+gr_check_group_change(int real, int effective, int fs) ++gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs) +{ + return 0; +} @@ -58977,7 +63330,6 @@ index 0000000..b79fe50 + return; +} + -+EXPORT_SYMBOL(gr_learn_resource); +EXPORT_SYMBOL(gr_set_kernel_label); +#ifdef CONFIG_SECURITY +EXPORT_SYMBOL(gr_check_user_change); @@ -59165,7 +63517,7 @@ index 0000000..abfa971 +EXPORT_SYMBOL(gr_task_is_capable_nolog); diff --git a/grsecurity/grsec_fifo.c b/grsecurity/grsec_fifo.c new file mode 100644 -index 0000000..d3ee748 +index 0000000..06cc6ea --- /dev/null +++ b/grsecurity/grsec_fifo.c @@ -0,0 +1,24 @@ @@ -59184,10 +63536,10 @@ index 0000000..d3ee748 + + if (grsec_enable_fifo && S_ISFIFO(dentry->d_inode->i_mode) && + !(flag & O_EXCL) && (dir->d_inode->i_mode & S_ISVTX) && -+ (dentry->d_inode->i_uid != dir->d_inode->i_uid) && -+ (cred->fsuid != dentry->d_inode->i_uid)) { ++ !uid_eq(dentry->d_inode->i_uid, dir->d_inode->i_uid) && ++ !uid_eq(cred->fsuid, dentry->d_inode->i_uid)) { + if (!inode_permission(dentry->d_inode, acc_mode)) -+ gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, dentry->d_inode->i_uid, dentry->d_inode->i_gid); ++ gr_log_fs_int2(GR_DONT_AUDIT, GR_FIFO_MSG, dentry, mnt, GR_GLOBAL_UID(dentry->d_inode->i_uid), GR_GLOBAL_GID(dentry->d_inode->i_gid)); + return -EACCES; + } +#endif @@ -59224,7 +63576,7 @@ index 0000000..8ca18bf +} diff --git a/grsecurity/grsec_init.c b/grsecurity/grsec_init.c new file mode 100644 -index 0000000..05a6015 +index 0000000..a862e9f --- /dev/null +++ b/grsecurity/grsec_init.c @@ -0,0 +1,283 @@ @@ -59240,7 +63592,7 @@ index 0000000..05a6015 +int grsec_enable_ptrace_readexec; +int grsec_enable_setxid; +int grsec_enable_symlinkown; -+int grsec_symlinkown_gid; ++kgid_t grsec_symlinkown_gid; +int grsec_enable_brute; +int grsec_enable_link; +int grsec_enable_dmesg; @@ -59253,7 +63605,7 @@ index 0000000..05a6015 +int grsec_enable_time; +int grsec_enable_audit_textrel; +int grsec_enable_group; -+int grsec_audit_gid; ++kgid_t grsec_audit_gid; +int grsec_enable_chdir; +int grsec_enable_mount; +int grsec_enable_rofs; @@ -59272,7 +63624,7 @@ index 0000000..05a6015 +int grsec_enable_chroot_sysctl; +int grsec_enable_chroot_unix; +int grsec_enable_tpe; -+int grsec_tpe_gid; ++kgid_t grsec_tpe_gid; +int grsec_enable_blackhole; +#ifdef CONFIG_IPV6_MODULE +EXPORT_SYMBOL(grsec_enable_blackhole); @@ -59281,11 +63633,11 @@ index 0000000..05a6015 +int grsec_enable_tpe_all; +int grsec_enable_tpe_invert; +int grsec_enable_socket_all; -+int grsec_socket_all_gid; ++kgid_t grsec_socket_all_gid; +int grsec_enable_socket_client; -+int grsec_socket_client_gid; ++kgid_t grsec_socket_client_gid; +int grsec_enable_socket_server; -+int grsec_socket_server_gid; ++kgid_t grsec_socket_server_gid; +int grsec_resource_logging; +int grsec_disable_privio; +int grsec_enable_log_rwxmaps; @@ -59391,7 +63743,7 @@ index 0000000..05a6015 +#endif +#ifdef CONFIG_GRKERNSEC_AUDIT_GROUP + grsec_enable_group = 1; -+ grsec_audit_gid = CONFIG_GRKERNSEC_AUDIT_GID; ++ grsec_audit_gid = KGIDT_INIT(CONFIG_GRKERNSEC_AUDIT_GID); +#endif +#ifdef CONFIG_GRKERNSEC_PTRACE_READEXEC + grsec_enable_ptrace_readexec = 1; @@ -59486,26 +63838,26 @@ index 0000000..05a6015 +#endif +#ifdef CONFIG_GRKERNSEC_SYMLINKOWN + grsec_enable_symlinkown = 1; -+ grsec_symlinkown_gid = CONFIG_GRKERNSEC_SYMLINKOWN_GID; ++ grsec_symlinkown_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SYMLINKOWN_GID); +#endif +#ifdef CONFIG_GRKERNSEC_TPE + grsec_enable_tpe = 1; -+ grsec_tpe_gid = CONFIG_GRKERNSEC_TPE_GID; ++ grsec_tpe_gid = KGIDT_INIT(CONFIG_GRKERNSEC_TPE_GID); +#ifdef CONFIG_GRKERNSEC_TPE_ALL + grsec_enable_tpe_all = 1; +#endif +#endif +#ifdef CONFIG_GRKERNSEC_SOCKET_ALL + grsec_enable_socket_all = 1; -+ grsec_socket_all_gid = CONFIG_GRKERNSEC_SOCKET_ALL_GID; ++ grsec_socket_all_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SOCKET_ALL_GID); +#endif +#ifdef CONFIG_GRKERNSEC_SOCKET_CLIENT + grsec_enable_socket_client = 1; -+ grsec_socket_client_gid = CONFIG_GRKERNSEC_SOCKET_CLIENT_GID; ++ grsec_socket_client_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SOCKET_CLIENT_GID); +#endif +#ifdef CONFIG_GRKERNSEC_SOCKET_SERVER + grsec_enable_socket_server = 1; -+ grsec_socket_server_gid = CONFIG_GRKERNSEC_SOCKET_SERVER_GID; ++ grsec_socket_server_gid = KGIDT_INIT(CONFIG_GRKERNSEC_SOCKET_SERVER_GID); +#endif +#endif + @@ -59513,7 +63865,7 @@ index 0000000..05a6015 +} diff --git a/grsecurity/grsec_link.c b/grsecurity/grsec_link.c new file mode 100644 -index 0000000..589481f +index 0000000..5e05e20 --- /dev/null +++ b/grsecurity/grsec_link.c @@ -0,0 +1,58 @@ @@ -59530,7 +63882,7 @@ index 0000000..589481f + + if (grsec_enable_symlinkown && in_group_p(grsec_symlinkown_gid) && + /* ignore root-owned links, e.g. /proc/self */ -+ !uid_eq(link_inode->i_uid, GLOBAL_ROOT_UID) && target && ++ gr_is_global_nonroot(link_inode->i_uid) && target && + !uid_eq(link_inode->i_uid, target->i_uid)) { + gr_log_fs_int2(GR_DONT_AUDIT, GR_SYMLINKOWNER_MSG, link->dentry, link->mnt, link_inode->i_uid, target->i_uid); + return 1; @@ -59560,7 +63912,7 @@ index 0000000..589481f +int +gr_handle_hardlink(const struct dentry *dentry, + const struct vfsmount *mnt, -+ struct inode *inode, const int mode, const char *to) ++ struct inode *inode, const int mode, const struct filename *to) +{ +#ifdef CONFIG_GRKERNSEC_LINK + const struct cred *cred = current_cred(); @@ -59568,8 +63920,8 @@ index 0000000..589481f + if (grsec_enable_link && !uid_eq(cred->fsuid, inode->i_uid) && + (!S_ISREG(mode) || is_privileged_binary(dentry) || + (inode_permission(inode, MAY_READ | MAY_WRITE))) && -+ !capable(CAP_FOWNER) && !uid_eq(cred->uid, GLOBAL_ROOT_UID)) { -+ gr_log_fs_int2_str(GR_DONT_AUDIT, GR_HARDLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid, to); ++ !capable(CAP_FOWNER) && gr_is_global_nonroot(cred->uid)) { ++ gr_log_fs_int2_str(GR_DONT_AUDIT, GR_HARDLINK_MSG, dentry, mnt, inode->i_uid, inode->i_gid, to->name); + return -EPERM; + } +#endif @@ -59577,10 +63929,10 @@ index 0000000..589481f +} diff --git a/grsecurity/grsec_log.c b/grsecurity/grsec_log.c new file mode 100644 -index 0000000..a45d2e9 +index 0000000..7c06085 --- /dev/null +++ b/grsecurity/grsec_log.c -@@ -0,0 +1,322 @@ +@@ -0,0 +1,326 @@ +#include <linux/kernel.h> +#include <linux/sched.h> +#include <linux/file.h> @@ -59705,10 +64057,14 @@ index 0000000..a45d2e9 +static void gr_log_end(int audit, int append_default) +{ + char *buf = (audit == GR_DO_AUDIT) ? gr_audit_log_buf : gr_alert_log_buf; -+ + if (append_default) { ++ struct task_struct *task = current; ++ struct task_struct *parent = task->real_parent; ++ const struct cred *cred = __task_cred(task); ++ const struct cred *pcred = __task_cred(parent); + unsigned int len = strlen(buf); -+ snprintf(buf + len, PAGE_SIZE - len - 1, DEFAULTSECMSG, DEFAULTSECARGS(current, current_cred(), __task_cred(current->real_parent))); ++ ++ snprintf(buf + len, PAGE_SIZE - len - 1, DEFAULTSECMSG, gr_task_fullpath(task), task->comm, task_pid_nr(task), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), gr_parent_task_fullpath(task), parent->comm, task_pid_nr(task->real_parent), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid)); + } + + printk("%s\n", buf); @@ -59741,7 +64097,7 @@ index 0000000..a45d2e9 + switch (argtypes) { + case GR_TTYSNIFF: + task = va_arg(ap, struct task_struct *); -+ gr_log_middle_varargs(audit, msg, &task->signal->curr_ip, gr_task_fullpath0(task), task->comm, task->pid, gr_parent_task_fullpath0(task), task->real_parent->comm, task->real_parent->pid); ++ gr_log_middle_varargs(audit, msg, &task->signal->curr_ip, gr_task_fullpath0(task), task->comm, task_pid_nr(task), gr_parent_task_fullpath0(task), task->real_parent->comm, task_pid_nr(task->real_parent)); + break; + case GR_SYSCTL_HIDDEN: + str1 = va_arg(ap, char *); @@ -59819,7 +64175,7 @@ index 0000000..a45d2e9 + break; + case GR_PTRACE: + task = va_arg(ap, struct task_struct *); -+ gr_log_middle_varargs(audit, msg, task->exec_file ? gr_to_filename(task->exec_file->f_path.dentry, task->exec_file->f_path.mnt) : "(none)", task->comm, task->pid); ++ gr_log_middle_varargs(audit, msg, task->exec_file ? gr_to_filename(task->exec_file->f_path.dentry, task->exec_file->f_path.mnt) : "(none)", task->comm, task_pid_nr(task)); + break; + case GR_RESOURCE: + task = va_arg(ap, struct task_struct *); @@ -59828,14 +64184,14 @@ index 0000000..a45d2e9 + ulong1 = va_arg(ap, unsigned long); + str1 = va_arg(ap, char *); + ulong2 = va_arg(ap, unsigned long); -+ gr_log_middle_varargs(audit, msg, ulong1, str1, ulong2, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->real_parent->comm, task->real_parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid); ++ gr_log_middle_varargs(audit, msg, ulong1, str1, ulong2, gr_task_fullpath(task), task->comm, task_pid_nr(task), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), gr_parent_task_fullpath(task), task->real_parent->comm, task_pid_nr(task->real_parent), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid)); + break; + case GR_CAP: + task = va_arg(ap, struct task_struct *); + cred = __task_cred(task); + pcred = __task_cred(task->real_parent); + str1 = va_arg(ap, char *); -+ gr_log_middle_varargs(audit, msg, str1, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->real_parent->comm, task->real_parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid); ++ gr_log_middle_varargs(audit, msg, str1, gr_task_fullpath(task), task->comm, task_pid_nr(task), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), gr_parent_task_fullpath(task), task->real_parent->comm, task_pid_nr(task->real_parent), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid)); + break; + case GR_SIG: + str1 = va_arg(ap, char *); @@ -59847,21 +64203,21 @@ index 0000000..a45d2e9 + cred = __task_cred(task); + pcred = __task_cred(task->real_parent); + num1 = va_arg(ap, int); -+ gr_log_middle_varargs(audit, msg, num1, gr_task_fullpath0(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath0(task), task->real_parent->comm, task->real_parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid); ++ gr_log_middle_varargs(audit, msg, num1, gr_task_fullpath0(task), task->comm, task_pid_nr(task), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), gr_parent_task_fullpath0(task), task->real_parent->comm, task_pid_nr(task->real_parent), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid)); + break; + case GR_CRASH1: + task = va_arg(ap, struct task_struct *); + cred = __task_cred(task); + pcred = __task_cred(task->real_parent); + ulong1 = va_arg(ap, unsigned long); -+ gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->real_parent->comm, task->real_parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid, cred->uid, ulong1); ++ gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task_pid_nr(task), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), gr_parent_task_fullpath(task), task->real_parent->comm, task_pid_nr(task->real_parent), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid), GR_GLOBAL_UID(cred->uid), ulong1); + break; + case GR_CRASH2: + task = va_arg(ap, struct task_struct *); + cred = __task_cred(task); + pcred = __task_cred(task->real_parent); + ulong1 = va_arg(ap, unsigned long); -+ gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, cred->uid, cred->euid, cred->gid, cred->egid, gr_parent_task_fullpath(task), task->real_parent->comm, task->real_parent->pid, pcred->uid, pcred->euid, pcred->gid, pcred->egid, ulong1); ++ gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task_pid_nr(task), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), gr_parent_task_fullpath(task), task->real_parent->comm, task_pid_nr(task->real_parent), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid), ulong1); + break; + case GR_RWXMAP: + file = va_arg(ap, struct file *); @@ -59889,7 +64245,7 @@ index 0000000..a45d2e9 + cred = __task_cred(task); + pcred = __task_cred(task->real_parent); + -+ gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task->pid, &task->signal->curr_ip, tty_name(task->signal->tty, cur_tty), cred->uid, cred->euid, cred->gid, cred->egid, wday, whr, wmin, wsec, cday, chr, cmin, csec, (task->flags & PF_SIGNALED) ? "killed by signal" : "exited", ulong1, gr_parent_task_fullpath(task), task->real_parent->comm, task->real_parent->pid, &task->real_parent->signal->curr_ip, tty_name(task->real_parent->signal->tty, parent_tty), pcred->uid, pcred->euid, pcred->gid, pcred->egid); ++ gr_log_middle_varargs(audit, msg, gr_task_fullpath(task), task->comm, task_pid_nr(task), &task->signal->curr_ip, tty_name(task->signal->tty, cur_tty), GR_GLOBAL_UID(cred->uid), GR_GLOBAL_UID(cred->euid), GR_GLOBAL_GID(cred->gid), GR_GLOBAL_GID(cred->egid), wday, whr, wmin, wsec, cday, chr, cmin, csec, (task->flags & PF_SIGNALED) ? "killed by signal" : "exited", ulong1, gr_parent_task_fullpath(task), task->real_parent->comm, task_pid_nr(task->real_parent), &task->real_parent->signal->curr_ip, tty_name(task->real_parent->signal->tty, parent_tty), GR_GLOBAL_UID(pcred->uid), GR_GLOBAL_UID(pcred->euid), GR_GLOBAL_GID(pcred->gid), GR_GLOBAL_GID(pcred->egid)); + } + break; + default: @@ -60097,7 +64453,7 @@ index 0000000..f7f29aa +} diff --git a/grsecurity/grsec_sig.c b/grsecurity/grsec_sig.c new file mode 100644 -index 0000000..5c00416 +index 0000000..e09715a --- /dev/null +++ b/grsecurity/grsec_sig.c @@ -0,0 +1,222 @@ @@ -60121,7 +64477,7 @@ index 0000000..5c00416 +#ifdef CONFIG_GRKERNSEC_SIGNAL + if (grsec_enable_signal && ((sig == SIGSEGV) || (sig == SIGILL) || + (sig == SIGABRT) || (sig == SIGBUS))) { -+ if (t->pid == current->pid) { ++ if (task_pid_nr(t) == task_pid_nr(current)) { + gr_log_sig_addr(GR_DONT_AUDIT_GOOD, GR_UNISIGLOG_MSG, signames[sig], addr); + } else { + gr_log_sig_task(GR_DONT_AUDIT_GOOD, GR_DUALSIGLOG_MSG, t, sig); @@ -60136,7 +64492,7 @@ index 0000000..5c00416 +{ +#ifdef CONFIG_GRKERNSEC + /* ignore the 0 signal for protected task checks */ -+ if (current->pid > 1 && sig && gr_check_protected_task(p)) { ++ if (task_pid_nr(current) > 1 && sig && gr_check_protected_task(p)) { + gr_log_sig_task(GR_DONT_AUDIT, GR_SIG_ACL_MSG, p, sig); + return -EPERM; + } else if (gr_pid_is_chrooted((struct task_struct *)p)) { @@ -60210,7 +64566,7 @@ index 0000000..5c00416 + const struct cred *cred = __task_cred(p), *cred2; + struct task_struct *tsk, *tsk2; + -+ if (!__get_dumpable(mm_flags) && !uid_eq(cred->uid, GLOBAL_ROOT_UID)) { ++ if (!__get_dumpable(mm_flags) && gr_is_global_nonroot(cred->uid)) { + struct user_struct *user; + + uid = cred->uid; @@ -60236,9 +64592,9 @@ index 0000000..5c00416 + read_unlock(&tasklist_lock); + rcu_read_unlock(); + -+ if (!uid_eq(uid, GLOBAL_ROOT_UID)) ++ if (gr_is_global_nonroot(uid)) + printk(KERN_ALERT "grsec: bruteforce prevention initiated against uid %u, banning for %d minutes\n", -+ from_kuid_munged(&init_user_ns, uid), GR_USER_BAN_TIME / 60); ++ GR_GLOBAL_UID(uid), GR_USER_BAN_TIME / 60); + else if (daemon) + gr_log_noargs(GR_DONT_AUDIT, GR_BRUTE_DAEMON_MSG); + @@ -60274,7 +64630,7 @@ index 0000000..5c00416 + + uid = current_uid(); + -+ if (uid_eq(uid, GLOBAL_ROOT_UID)) ++ if (gr_is_global_root(uid)) + panic("grsec: halting the system due to suspicious kernel crash caused by root"); + else { + /* kill all the processes of this user, hold a reference @@ -60282,7 +64638,7 @@ index 0000000..5c00416 + another process until system reset + */ + printk(KERN_ALERT "grsec: banning user with uid %u until system restart for suspicious kernel crash\n", -+ from_kuid_munged(&init_user_ns, uid)); ++ GR_GLOBAL_UID(uid)); + /* we intentionally leak this ref */ + user = get_uid(current->cred->user); + if (user) { @@ -61072,7 +65428,7 @@ index 0000000..0dc13c3 +EXPORT_SYMBOL(gr_log_timechange); diff --git a/grsecurity/grsec_tpe.c b/grsecurity/grsec_tpe.c new file mode 100644 -index 0000000..07e0dc0 +index 0000000..ee57dcf --- /dev/null +++ b/grsecurity/grsec_tpe.c @@ -0,0 +1,73 @@ @@ -61094,7 +65450,7 @@ index 0000000..07e0dc0 + char *msg2 = NULL; + + // never restrict root -+ if (!cred->uid) ++ if (gr_is_global_root(cred->uid)) + return 1; + + if (grsec_enable_tpe) { @@ -61115,7 +65471,7 @@ index 0000000..07e0dc0 + if (!msg) + goto next_check; + -+ if (inode->i_uid) ++ if (gr_is_global_nonroot(inode->i_uid)) + msg2 = "file in non-root-owned directory"; + else if (inode->i_mode & S_IWOTH) + msg2 = "file in world-writable directory"; @@ -61134,7 +65490,7 @@ index 0000000..07e0dc0 + if (!grsec_enable_tpe || !grsec_enable_tpe_all) + return 1; + -+ if (inode->i_uid && (inode->i_uid != cred->uid)) ++ if (gr_is_global_nonroot(inode->i_uid) && !uid_eq(inode->i_uid, cred->uid)) + msg = "directory not owned by user"; + else if (inode->i_mode & S_IWOTH) + msg = "file in world-writable directory"; @@ -61216,19 +65572,6 @@ index 0000000..9f7b1ac + + return retval; +} -diff --git a/include/acpi/acpi_bus.h b/include/acpi/acpi_bus.h -index bde976e..a1cc32a 100644 ---- a/include/acpi/acpi_bus.h -+++ b/include/acpi/acpi_bus.h -@@ -136,7 +136,7 @@ struct acpi_device_ops { - acpi_op_bind bind; - acpi_op_unbind unbind; - acpi_op_notify notify; --}; -+} __no_const; - - #define ACPI_DRIVER_ALL_NOTIFY_EVENTS 0x1 /* system AND device events */ - diff --git a/include/asm-generic/4level-fixup.h b/include/asm-generic/4level-fixup.h index 77ff547..181834f 100644 --- a/include/asm-generic/4level-fixup.h @@ -61798,12 +66141,12 @@ index 810431d..0ec4804f 100644 * (puds are folded into pgds so this doesn't get actually called, * but the define is needed for a generic inline function.) diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h -index ff4947b..f48183f 100644 +index 5cf680a..4b74d62 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h -@@ -530,6 +530,14 @@ static inline int pmd_trans_unstable(pmd_t *pmd) - #endif +@@ -688,6 +688,14 @@ static inline pmd_t pmd_mknuma(pmd_t pmd) } + #endif /* CONFIG_NUMA_BALANCING */ +#ifndef __HAVE_ARCH_PAX_OPEN_KERNEL +static inline unsigned long pax_open_kernel(void) { return 0; } @@ -61817,7 +66160,7 @@ index ff4947b..f48183f 100644 #endif /* !__ASSEMBLY__ */ diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h -index 4e2e1cc..12c266b 100644 +index d1ea7ce..b1ebf2a 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h @@ -218,6 +218,7 @@ @@ -61828,7 +66171,7 @@ index 4e2e1cc..12c266b 100644 *(__vermagic) /* Kernel version magic */ \ . = ALIGN(8); \ VMLINUX_SYMBOL(__start___tracepoints_ptrs) = .; \ -@@ -716,17 +717,18 @@ +@@ -725,17 +726,18 @@ * section in the linker script will go there too. @phdr should have * a leading colon. * @@ -61851,8 +66194,21 @@ index 4e2e1cc..12c266b 100644 /** * PERCPU_SECTION - define output section for percpu area, simple version +diff --git a/include/crypto/algapi.h b/include/crypto/algapi.h +index 418d270..bfd2794 100644 +--- a/include/crypto/algapi.h ++++ b/include/crypto/algapi.h +@@ -34,7 +34,7 @@ struct crypto_type { + unsigned int maskclear; + unsigned int maskset; + unsigned int tfmsize; +-}; ++} __do_const; + + struct crypto_instance { + struct crypto_alg alg; diff --git a/include/drm/drmP.h b/include/drm/drmP.h -index d6b67bb..a272c29 100644 +index fad21c9..ab858bc 100644 --- a/include/drm/drmP.h +++ b/include/drm/drmP.h @@ -72,6 +72,7 @@ @@ -61860,10 +66216,46 @@ index d6b67bb..a272c29 100644 #include <linux/poll.h> #include <asm/pgalloc.h> +#include <asm/local.h> - #include "drm.h" + #include <drm/drm.h> + #include <drm/drm_sarea.h> - #include <linux/idr.h> -@@ -1067,7 +1068,7 @@ struct drm_device { +@@ -293,10 +294,12 @@ do { \ + * \param cmd command. + * \param arg argument. + */ +-typedef int drm_ioctl_t(struct drm_device *dev, void *data, ++typedef int (* const drm_ioctl_t)(struct drm_device *dev, void *data, ++ struct drm_file *file_priv); ++typedef int (* drm_ioctl_no_const_t)(struct drm_device *dev, void *data, + struct drm_file *file_priv); + +-typedef int drm_ioctl_compat_t(struct file *filp, unsigned int cmd, ++typedef int (* const drm_ioctl_compat_t)(struct file *filp, unsigned int cmd, + unsigned long arg); + + #define DRM_IOCTL_NR(n) _IOC_NR(n) +@@ -311,9 +314,9 @@ typedef int drm_ioctl_compat_t(struct file *filp, unsigned int cmd, + struct drm_ioctl_desc { + unsigned int cmd; + int flags; +- drm_ioctl_t *func; ++ drm_ioctl_t func; + unsigned int cmd_drv; +-}; ++} __do_const; + + /** + * Creates a driver or general drm_ioctl_desc array entry for the given +@@ -995,7 +998,7 @@ struct drm_info_list { + int (*show)(struct seq_file*, void*); /** show callback */ + u32 driver_features; /**< Required driver features for this entry */ + void *data; +-}; ++} __do_const; + + /** + * debugfs node structure. This structure represents a debugfs file. +@@ -1068,7 +1071,7 @@ struct drm_device { /** \name Usage Counters */ /*@{ */ @@ -61872,7 +66264,7 @@ index d6b67bb..a272c29 100644 atomic_t ioctl_count; /**< Outstanding IOCTLs pending */ atomic_t vma_count; /**< Outstanding vma areas open */ int buf_use; /**< Buffers in use -- cannot alloc */ -@@ -1078,7 +1079,7 @@ struct drm_device { +@@ -1079,7 +1082,7 @@ struct drm_device { /*@{ */ unsigned long counters; enum drm_stat_type types[15]; @@ -61882,18 +66274,9 @@ index d6b67bb..a272c29 100644 struct list_head filelist; diff --git a/include/drm/drm_crtc_helper.h b/include/drm/drm_crtc_helper.h -index e01cc80..319855d 100644 +index f43d556..94d9343 100644 --- a/include/drm/drm_crtc_helper.h +++ b/include/drm/drm_crtc_helper.h -@@ -81,7 +81,7 @@ struct drm_crtc_helper_funcs { - - /* disable crtc when not in use - more explicit than dpms off */ - void (*disable)(struct drm_crtc *crtc); --}; -+} __no_const; - - /** - * drm_encoder_helper_funcs - helper operations for encoders @@ -109,7 +109,7 @@ struct drm_encoder_helper_funcs { struct drm_connector *connector); /* disable encoder when not in use - more explicit than dpms off */ @@ -61904,7 +66287,7 @@ index e01cc80..319855d 100644 /** * drm_connector_helper_funcs - helper operations for connectors diff --git a/include/drm/ttm/ttm_memory.h b/include/drm/ttm/ttm_memory.h -index d6d1da4..fdd1ac5 100644 +index 72dcbe8..8db58d7 100644 --- a/include/drm/ttm/ttm_memory.h +++ b/include/drm/ttm/ttm_memory.h @@ -48,7 +48,7 @@ @@ -61916,30 +66299,24 @@ index d6d1da4..fdd1ac5 100644 /** * struct ttm_mem_global - Global memory accounting structure. -diff --git a/include/linux/a.out.h b/include/linux/a.out.h -index e86dfca..40cc55f 100644 ---- a/include/linux/a.out.h -+++ b/include/linux/a.out.h -@@ -39,6 +39,14 @@ enum machine_type { - M_MIPS2 = 152 /* MIPS R6000/R4000 binary */ - }; +diff --git a/include/keys/asymmetric-subtype.h b/include/keys/asymmetric-subtype.h +index 4b840e8..155d235 100644 +--- a/include/keys/asymmetric-subtype.h ++++ b/include/keys/asymmetric-subtype.h +@@ -37,7 +37,7 @@ struct asymmetric_key_subtype { + /* Verify the signature on a key of this subtype (optional) */ + int (*verify_signature)(const struct key *key, + const struct public_key_signature *sig); +-}; ++} __do_const; -+/* Constants for the N_FLAGS field */ -+#define F_PAX_PAGEEXEC 1 /* Paging based non-executable pages */ -+#define F_PAX_EMUTRAMP 2 /* Emulate trampolines */ -+#define F_PAX_MPROTECT 4 /* Restrict mprotect() */ -+#define F_PAX_RANDMMAP 8 /* Randomize mmap() base */ -+/*#define F_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */ -+#define F_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */ -+ - #if !defined (N_MAGIC) - #define N_MAGIC(exec) ((exec).a_info & 0xffff) - #endif + /** + * asymmetric_key_subtype - Get the subtype from an asymmetric key diff --git a/include/linux/atmdev.h b/include/linux/atmdev.h -index 06fd4bb..1caec0d 100644 +index c1da539..1dcec55 100644 --- a/include/linux/atmdev.h +++ b/include/linux/atmdev.h -@@ -237,7 +237,7 @@ struct compat_atm_iobuf { +@@ -28,7 +28,7 @@ struct compat_atm_iobuf { #endif struct k_atm_aal_stats { @@ -61948,23 +66325,35 @@ index 06fd4bb..1caec0d 100644 __AAL_STAT_ITEMS #undef __HANDLE_ITEM }; +@@ -200,7 +200,7 @@ struct atmdev_ops { /* only send is required */ + int (*change_qos)(struct atm_vcc *vcc,struct atm_qos *qos,int flags); + int (*proc_read)(struct atm_dev *dev,loff_t *pos,char *page); + struct module *owner; +-}; ++} __do_const ; + + struct atmphy_ops { + int (*start)(struct atm_dev *dev); diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h -index eb53e15..660c63b 100644 +index 0530b98..96a8ac0 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h -@@ -89,6 +89,7 @@ struct linux_binfmt { - int (*load_binary)(struct linux_binprm *, struct pt_regs * regs); +@@ -73,8 +73,9 @@ struct linux_binfmt { + int (*load_binary)(struct linux_binprm *); int (*load_shlib)(struct file *); int (*core_dump)(struct coredump_params *cprm); + void (*handle_mprotect)(struct vm_area_struct *vma, unsigned long newflags); unsigned long min_coredump; /* minimal dump size */ - }; +-}; ++} __do_const; + + extern void __register_binfmt(struct linux_binfmt *fmt, int insert); diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h -index 4a2ab7c..a2de7a8 100644 +index f94bc83..62b9cfe 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h -@@ -1420,7 +1420,7 @@ struct block_device_operations { +@@ -1498,7 +1498,7 @@ struct block_device_operations { /* this callback is with swap_lock and sometimes page table lock held */ void (*swap_slot_free_notify) (struct block_device *, unsigned long); struct module *owner; @@ -61974,10 +66363,10 @@ index 4a2ab7c..a2de7a8 100644 extern int __blkdev_driver_ioctl(struct block_device *, fmode_t, unsigned int, unsigned long); diff --git a/include/linux/blktrace_api.h b/include/linux/blktrace_api.h -index 4d1a074..88f929a 100644 +index 7c2e030..b72475d 100644 --- a/include/linux/blktrace_api.h +++ b/include/linux/blktrace_api.h -@@ -162,7 +162,7 @@ struct blk_trace { +@@ -23,7 +23,7 @@ struct blk_trace { struct dentry *dir; struct dentry *dropped_file; struct dentry *msg_file; @@ -61986,74 +66375,6 @@ index 4d1a074..88f929a 100644 }; extern int blk_trace_ioctl(struct block_device *, unsigned, char __user *); -diff --git a/include/linux/byteorder/little_endian.h b/include/linux/byteorder/little_endian.h -index 83195fb..0b0f77d 100644 ---- a/include/linux/byteorder/little_endian.h -+++ b/include/linux/byteorder/little_endian.h -@@ -42,51 +42,51 @@ - - static inline __le64 __cpu_to_le64p(const __u64 *p) - { -- return (__force __le64)*p; -+ return (__force const __le64)*p; - } - static inline __u64 __le64_to_cpup(const __le64 *p) - { -- return (__force __u64)*p; -+ return (__force const __u64)*p; - } - static inline __le32 __cpu_to_le32p(const __u32 *p) - { -- return (__force __le32)*p; -+ return (__force const __le32)*p; - } - static inline __u32 __le32_to_cpup(const __le32 *p) - { -- return (__force __u32)*p; -+ return (__force const __u32)*p; - } - static inline __le16 __cpu_to_le16p(const __u16 *p) - { -- return (__force __le16)*p; -+ return (__force const __le16)*p; - } - static inline __u16 __le16_to_cpup(const __le16 *p) - { -- return (__force __u16)*p; -+ return (__force const __u16)*p; - } - static inline __be64 __cpu_to_be64p(const __u64 *p) - { -- return (__force __be64)__swab64p(p); -+ return (__force const __be64)__swab64p(p); - } - static inline __u64 __be64_to_cpup(const __be64 *p) - { -- return __swab64p((__u64 *)p); -+ return __swab64p((const __u64 *)p); - } - static inline __be32 __cpu_to_be32p(const __u32 *p) - { -- return (__force __be32)__swab32p(p); -+ return (__force const __be32)__swab32p(p); - } - static inline __u32 __be32_to_cpup(const __be32 *p) - { -- return __swab32p((__u32 *)p); -+ return __swab32p((const __u32 *)p); - } - static inline __be16 __cpu_to_be16p(const __u16 *p) - { -- return (__force __be16)__swab16p(p); -+ return (__force const __be16)__swab16p(p); - } - static inline __u16 __be16_to_cpup(const __be16 *p) - { -- return __swab16p((__u16 *)p); -+ return __swab16p((const __u16 *)p); - } - #define __cpu_to_le64s(x) do { (void)(x); } while (0) - #define __le64_to_cpus(x) do { (void)(x); } while (0) diff --git a/include/linux/cache.h b/include/linux/cache.h index 4c57065..4307975 100644 --- a/include/linux/cache.h @@ -62070,10 +66391,10 @@ index 4c57065..4307975 100644 #define ____cacheline_aligned __attribute__((__aligned__(SMP_CACHE_BYTES))) #endif diff --git a/include/linux/capability.h b/include/linux/capability.h -index d10b7ed..0288b79 100644 +index 98503b7..cc36d18 100644 --- a/include/linux/capability.h +++ b/include/linux/capability.h -@@ -553,10 +553,15 @@ extern bool capable(int cap); +@@ -211,8 +211,13 @@ extern bool capable(int cap); extern bool ns_capable(struct user_namespace *ns, int cap); extern bool nsown_capable(int cap); extern bool inode_capable(const struct inode *inode, int cap); @@ -62086,9 +66407,19 @@ index d10b7ed..0288b79 100644 +extern int is_privileged_binary(const struct dentry *dentry); + - #endif /* __KERNEL__ */ - #endif /* !_LINUX_CAPABILITY_H */ +diff --git a/include/linux/cdrom.h b/include/linux/cdrom.h +index 8609d57..86e4d79 100644 +--- a/include/linux/cdrom.h ++++ b/include/linux/cdrom.h +@@ -87,7 +87,6 @@ struct cdrom_device_ops { + + /* driver specifications */ + const int capability; /* capability flags */ +- int n_minors; /* number of active minor devices */ + /* handle uniform packets for scsi type devices (scsi,atapi) */ + int (*generic_packet) (struct cdrom_device_info *, + struct packet_command *); diff --git a/include/linux/cleancache.h b/include/linux/cleancache.h index 42e55de..1cd0e66 100644 --- a/include/linux/cleancache.h @@ -62102,24 +66433,12 @@ index 42e55de..1cd0e66 100644 extern struct cleancache_ops cleancache_register_ops(struct cleancache_ops *ops); -diff --git a/include/linux/clk-provider.h b/include/linux/clk-provider.h -index 77335fa..6cbe7dd 100644 ---- a/include/linux/clk-provider.h -+++ b/include/linux/clk-provider.h -@@ -111,6 +111,7 @@ struct clk_ops { - unsigned long); - void (*init)(struct clk_hw *hw); - }; -+typedef struct clk_ops __no_const clk_ops_no_const; - - /** - * struct clk_init_data - holds init data that's common to all clocks and is diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h -index 934bc34..1b47129 100644 +index 662fd1b..e801992 100644 --- a/include/linux/compiler-gcc4.h +++ b/include/linux/compiler-gcc4.h -@@ -32,6 +32,21 @@ - #define __linktime_error(message) __attribute__((__error__(message))) +@@ -34,6 +34,21 @@ + #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__) #if __GNUC_MINOR__ >= 5 + @@ -62140,7 +66459,7 @@ index 934bc34..1b47129 100644 /* * Mark a position in code as unreachable. This can be used to * suppress control flow warnings after asm blocks that transfer -@@ -47,6 +62,11 @@ +@@ -49,6 +64,11 @@ #define __noclone __attribute__((__noclone__)) #endif @@ -62153,10 +66472,10 @@ index 934bc34..1b47129 100644 #if __GNUC_MINOR__ >= 6 diff --git a/include/linux/compiler.h b/include/linux/compiler.h -index f430e41..38be90f 100644 +index dd852b7..72924c0 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h -@@ -5,31 +5,62 @@ +@@ -5,11 +5,14 @@ #ifdef __CHECKER__ # define __user __attribute__((noderef, address_space(1))) @@ -62168,9 +66487,10 @@ index f430e41..38be90f 100644 # define __nocast __attribute__((nocast)) # define __iomem __attribute__((noderef, address_space(2))) +# define __force_iomem __force __iomem + # define __must_hold(x) __attribute__((context(x,1,1))) # define __acquires(x) __attribute__((context(x,0,1))) # define __releases(x) __attribute__((context(x,1,0))) - # define __acquire(x) __context__(x,1) +@@ -17,20 +20,48 @@ # define __release(x) __context__(x,-1) # define __cond_lock(x,c) ((c) ? ({ __acquire(x); 1; }) : 0) # define __percpu __attribute__((noderef, address_space(3))) @@ -62219,7 +66539,7 @@ index f430e41..38be90f 100644 # define __chk_user_ptr(x) (void)0 # define __chk_io_ptr(x) (void)0 # define __builtin_warning(x, y...) (1) -@@ -39,7 +70,9 @@ extern void __chk_io_ptr(const volatile void __iomem *); +@@ -41,7 +72,9 @@ extern void __chk_io_ptr(const volatile void __iomem *); # define __release(x) (void)0 # define __cond_lock(x,c) (c) # define __percpu @@ -62228,8 +66548,8 @@ index f430e41..38be90f 100644 +# define __force_rcu #endif - #ifdef __KERNEL__ -@@ -264,6 +297,26 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); + /* Indirect macros required for expanded argument pasting, eg. __LINE__. */ +@@ -275,6 +308,26 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); # define __attribute_const__ /* unimplemented */ #endif @@ -62256,7 +66576,7 @@ index f430e41..38be90f 100644 /* * Tell gcc if a function is cold. The compiler will assume any path * directly leading to the call is unlikely. -@@ -273,6 +326,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); +@@ -284,6 +337,22 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); #define __cold #endif @@ -62279,7 +66599,7 @@ index f430e41..38be90f 100644 /* Simple shorthand for a section definition */ #ifndef __section # define __section(S) __attribute__ ((__section__(#S))) -@@ -312,6 +381,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); +@@ -323,6 +392,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); * use is to mediate communication between process-level code and irq/NMI * handlers, all running on the same CPU. */ @@ -62288,11 +66608,81 @@ index f430e41..38be90f 100644 +#define ACCESS_ONCE_RW(x) (*(volatile typeof(x) *)&(x)) #endif /* __LINUX_COMPILER_H */ +diff --git a/include/linux/configfs.h b/include/linux/configfs.h +index 34025df..d94bbbc 100644 +--- a/include/linux/configfs.h ++++ b/include/linux/configfs.h +@@ -125,7 +125,7 @@ struct configfs_attribute { + const char *ca_name; + struct module *ca_owner; + umode_t ca_mode; +-}; ++} __do_const; + + /* + * Users often need to create attribute structures for their configurable +diff --git a/include/linux/cpu.h b/include/linux/cpu.h +index ce7a074..01ab8ac 100644 +--- a/include/linux/cpu.h ++++ b/include/linux/cpu.h +@@ -115,7 +115,7 @@ enum { + /* Need to know about CPUs going up/down? */ + #if defined(CONFIG_HOTPLUG_CPU) || !defined(MODULE) + #define cpu_notifier(fn, pri) { \ +- static struct notifier_block fn##_nb __cpuinitdata = \ ++ static struct notifier_block fn##_nb = \ + { .notifier_call = fn, .priority = pri }; \ + register_cpu_notifier(&fn##_nb); \ + } +diff --git a/include/linux/cpufreq.h b/include/linux/cpufreq.h +index a55b88e..fba90c5 100644 +--- a/include/linux/cpufreq.h ++++ b/include/linux/cpufreq.h +@@ -240,7 +240,7 @@ struct cpufreq_driver { + int (*suspend) (struct cpufreq_policy *policy); + int (*resume) (struct cpufreq_policy *policy); + struct freq_attr **attr; +-}; ++} __do_const; + + /* flags */ + +@@ -299,6 +299,7 @@ struct global_attr { + ssize_t (*store)(struct kobject *a, struct attribute *b, + const char *c, size_t count); + }; ++typedef struct global_attr __no_const global_attr_no_const; + + #define define_one_global_ro(_name) \ + static struct global_attr _name = \ +diff --git a/include/linux/cpuidle.h b/include/linux/cpuidle.h +index 24cd1037..20a63aae 100644 +--- a/include/linux/cpuidle.h ++++ b/include/linux/cpuidle.h +@@ -54,7 +54,8 @@ struct cpuidle_state { + int index); + + int (*enter_dead) (struct cpuidle_device *dev, int index); +-}; ++} __do_const; ++typedef struct cpuidle_state __no_const cpuidle_state_no_const; + + /* Idle State Flags */ + #define CPUIDLE_FLAG_TIME_VALID (0x01) /* is residency time measurable? */ +@@ -216,7 +217,7 @@ struct cpuidle_governor { + void (*reflect) (struct cpuidle_device *dev, int index); + + struct module *owner; +-}; ++} __do_const; + + #ifdef CONFIG_CPU_IDLE + diff --git a/include/linux/cred.h b/include/linux/cred.h -index ebbed2c..908cc2c 100644 +index 04421e8..6bce4ef 100644 --- a/include/linux/cred.h +++ b/include/linux/cred.h -@@ -208,6 +208,9 @@ static inline void validate_creds_for_do_exit(struct task_struct *tsk) +@@ -194,6 +194,9 @@ static inline void validate_creds_for_do_exit(struct task_struct *tsk) static inline void validate_process_creds(void) { } @@ -62344,6 +66734,55 @@ index 7925bf0..d5143d2 100644 #define free(a) kfree(a) #define large_malloc(a) vmalloc(a) +diff --git a/include/linux/devfreq.h b/include/linux/devfreq.h +index e83ef39..33e0eb3 100644 +--- a/include/linux/devfreq.h ++++ b/include/linux/devfreq.h +@@ -114,7 +114,7 @@ struct devfreq_governor { + int (*get_target_freq)(struct devfreq *this, unsigned long *freq); + int (*event_handler)(struct devfreq *devfreq, + unsigned int event, void *data); +-}; ++} __do_const; + + /** + * struct devfreq - Device devfreq structure +diff --git a/include/linux/device.h b/include/linux/device.h +index 43dcda9..7a1fb65 100644 +--- a/include/linux/device.h ++++ b/include/linux/device.h +@@ -294,7 +294,7 @@ struct subsys_interface { + struct list_head node; + int (*add_dev)(struct device *dev, struct subsys_interface *sif); + int (*remove_dev)(struct device *dev, struct subsys_interface *sif); +-}; ++} __do_const; + + int subsys_interface_register(struct subsys_interface *sif); + void subsys_interface_unregister(struct subsys_interface *sif); +@@ -474,7 +474,7 @@ struct device_type { + void (*release)(struct device *dev); + + const struct dev_pm_ops *pm; +-}; ++} __do_const; + + /* interface for exporting device attributes */ + struct device_attribute { +@@ -484,11 +484,12 @@ struct device_attribute { + ssize_t (*store)(struct device *dev, struct device_attribute *attr, + const char *buf, size_t count); + }; ++typedef struct device_attribute __no_const device_attribute_no_const; + + struct dev_ext_attribute { + struct device_attribute attr; + void *var; +-}; ++} __do_const; + + ssize_t device_show_ulong(struct device *dev, struct device_attribute *attr, + char *buf); diff --git a/include/linux/dma-mapping.h b/include/linux/dma-mapping.h index 94af418..b1ca7a2 100644 --- a/include/linux/dma-mapping.h @@ -62358,10 +66797,10 @@ index 94af418..b1ca7a2 100644 #define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1)) diff --git a/include/linux/dmaengine.h b/include/linux/dmaengine.h -index 9c02a45..89fdd73 100644 +index d3201e4..8281e63 100644 --- a/include/linux/dmaengine.h +++ b/include/linux/dmaengine.h -@@ -1017,9 +1017,9 @@ struct dma_pinned_list { +@@ -1018,9 +1018,9 @@ struct dma_pinned_list { struct dma_pinned_list *dma_pin_iovec_pages(struct iovec *iov, size_t len); void dma_unpin_iovec_pages(struct dma_pinned_list* pinned_list); @@ -62374,79 +66813,22 @@ index 9c02a45..89fdd73 100644 unsigned int offset, size_t len); diff --git a/include/linux/efi.h b/include/linux/efi.h -index eee8b0b..a4d9088 100644 +index 7a9498a..155713d 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -652,7 +652,7 @@ struct efivar_operations { - efi_get_variable_t *get_variable; - efi_get_next_variable_t *get_next_variable; +@@ -733,6 +733,7 @@ struct efivar_operations { efi_set_variable_t *set_variable; --}; -+} __no_const; + efi_query_variable_info_t *query_variable_info; + }; ++typedef struct efivar_operations __no_const efivar_operations_no_const; struct efivars { /* diff --git a/include/linux/elf.h b/include/linux/elf.h -index 999b4f5..57753b4 100644 +index 8c9048e..16a4665 100644 --- a/include/linux/elf.h +++ b/include/linux/elf.h -@@ -40,6 +40,17 @@ typedef __s64 Elf64_Sxword; - #define PT_GNU_EH_FRAME 0x6474e550 - - #define PT_GNU_STACK (PT_LOOS + 0x474e551) -+#define PT_GNU_RELRO (PT_LOOS + 0x474e552) -+ -+#define PT_PAX_FLAGS (PT_LOOS + 0x5041580) -+ -+/* Constants for the e_flags field */ -+#define EF_PAX_PAGEEXEC 1 /* Paging based non-executable pages */ -+#define EF_PAX_EMUTRAMP 2 /* Emulate trampolines */ -+#define EF_PAX_MPROTECT 4 /* Restrict mprotect() */ -+#define EF_PAX_RANDMMAP 8 /* Randomize mmap() base */ -+/*#define EF_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */ -+#define EF_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */ - - /* - * Extended Numbering -@@ -97,6 +108,8 @@ typedef __s64 Elf64_Sxword; - #define DT_DEBUG 21 - #define DT_TEXTREL 22 - #define DT_JMPREL 23 -+#define DT_FLAGS 30 -+ #define DF_TEXTREL 0x00000004 - #define DT_ENCODING 32 - #define OLD_DT_LOOS 0x60000000 - #define DT_LOOS 0x6000000d -@@ -243,6 +256,19 @@ typedef struct elf64_hdr { - #define PF_W 0x2 - #define PF_X 0x1 - -+#define PF_PAGEEXEC (1U << 4) /* Enable PAGEEXEC */ -+#define PF_NOPAGEEXEC (1U << 5) /* Disable PAGEEXEC */ -+#define PF_SEGMEXEC (1U << 6) /* Enable SEGMEXEC */ -+#define PF_NOSEGMEXEC (1U << 7) /* Disable SEGMEXEC */ -+#define PF_MPROTECT (1U << 8) /* Enable MPROTECT */ -+#define PF_NOMPROTECT (1U << 9) /* Disable MPROTECT */ -+/*#define PF_RANDEXEC (1U << 10)*/ /* Enable RANDEXEC */ -+/*#define PF_NORANDEXEC (1U << 11)*/ /* Disable RANDEXEC */ -+#define PF_EMUTRAMP (1U << 12) /* Enable EMUTRAMP */ -+#define PF_NOEMUTRAMP (1U << 13) /* Disable EMUTRAMP */ -+#define PF_RANDMMAP (1U << 14) /* Enable RANDMMAP */ -+#define PF_NORANDMMAP (1U << 15) /* Disable RANDMMAP */ -+ - typedef struct elf32_phdr{ - Elf32_Word p_type; - Elf32_Off p_offset; -@@ -335,6 +361,8 @@ typedef struct elf64_shdr { - #define EI_OSABI 7 - #define EI_PAD 8 - -+#define EI_PAX 14 -+ - #define ELFMAG0 0x7f /* EI_MAG */ - #define ELFMAG1 'E' - #define ELFMAG2 'L' -@@ -421,6 +449,7 @@ extern Elf32_Dyn _DYNAMIC []; +@@ -20,6 +20,7 @@ extern Elf32_Dyn _DYNAMIC []; #define elf_note elf32_note #define elf_addr_t Elf32_Off #define Elf_Half Elf32_Half @@ -62454,7 +66836,7 @@ index 999b4f5..57753b4 100644 #else -@@ -431,6 +460,7 @@ extern Elf64_Dyn _DYNAMIC []; +@@ -30,6 +31,7 @@ extern Elf64_Dyn _DYNAMIC []; #define elf_note elf64_note #define elf_addr_t Elf64_Off #define Elf_Half Elf64_Half @@ -62462,11 +66844,37 @@ index 999b4f5..57753b4 100644 #endif +diff --git a/include/linux/extcon.h b/include/linux/extcon.h +index fcb51c8..bdafcf6 100644 +--- a/include/linux/extcon.h ++++ b/include/linux/extcon.h +@@ -134,7 +134,7 @@ struct extcon_dev { + /* /sys/class/extcon/.../mutually_exclusive/... */ + struct attribute_group attr_g_muex; + struct attribute **attrs_muex; +- struct device_attribute *d_attrs_muex; ++ device_attribute_no_const *d_attrs_muex; + }; + + /** +diff --git a/include/linux/fb.h b/include/linux/fb.h +index c7a9571..02eeffe 100644 +--- a/include/linux/fb.h ++++ b/include/linux/fb.h +@@ -302,7 +302,7 @@ struct fb_ops { + /* called at KDB enter and leave time to prepare the console */ + int (*fb_debug_enter)(struct fb_info *info); + int (*fb_debug_leave)(struct fb_info *info); +-}; ++} __do_const; + + #ifdef CONFIG_FB_TILEBLITTING + #define FB_TILE_CURSOR_NONE 0 diff --git a/include/linux/filter.h b/include/linux/filter.h -index 82b0135..917914d 100644 +index c45eabc..baa0be5 100644 --- a/include/linux/filter.h +++ b/include/linux/filter.h -@@ -146,6 +146,7 @@ struct compat_sock_fprog { +@@ -20,6 +20,7 @@ struct compat_sock_fprog { struct sk_buff; struct sock; @@ -62474,7 +66882,7 @@ index 82b0135..917914d 100644 struct sk_filter { -@@ -153,6 +154,9 @@ struct sk_filter +@@ -27,6 +28,9 @@ struct sk_filter unsigned int len; /* Number of filter blocks */ unsigned int (*bpf_func)(const struct sk_buff *skb, const struct sock_filter *filter); @@ -62484,21 +66892,8 @@ index 82b0135..917914d 100644 struct rcu_head rcu; struct sock_filter insns[0]; }; -diff --git a/include/linux/firewire.h b/include/linux/firewire.h -index db04ec5..f6ed627 100644 ---- a/include/linux/firewire.h -+++ b/include/linux/firewire.h -@@ -430,7 +430,7 @@ struct fw_iso_context { - union { - fw_iso_callback_t sc; - fw_iso_mc_callback_t mc; -- } callback; -+ } __no_const callback; - void *callback_data; - }; - diff --git a/include/linux/frontswap.h b/include/linux/frontswap.h -index 0e4e2ee..4ff4312 100644 +index 3044254..9767f41 100644 --- a/include/linux/frontswap.h +++ b/include/linux/frontswap.h @@ -11,7 +11,7 @@ struct frontswap_ops { @@ -62511,21 +66906,36 @@ index 0e4e2ee..4ff4312 100644 extern bool frontswap_enabled; extern struct frontswap_ops diff --git a/include/linux/fs.h b/include/linux/fs.h -index aa11047..7d046d0 100644 +index 7617ee0..b575199 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h -@@ -1802,7 +1802,8 @@ struct file_operations { - int (*setlease)(struct file *, long, struct file_lock **); +@@ -1541,7 +1541,8 @@ struct file_operations { long (*fallocate)(struct file *file, int mode, loff_t offset, loff_t len); + int (*show_fdinfo)(struct seq_file *m, struct file *f); -}; +} __do_const; +typedef struct file_operations __no_const file_operations_no_const; struct inode_operations { struct dentry * (*lookup) (struct inode *,struct dentry *, unsigned int); +@@ -2665,4 +2666,14 @@ static inline void inode_has_no_xattr(struct inode *inode) + inode->i_flags |= S_NOSEC; + } + ++static inline bool is_sidechannel_device(const struct inode *inode) ++{ ++#ifdef CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL ++ umode_t mode = inode->i_mode; ++ return ((S_ISCHR(mode) || S_ISBLK(mode)) && (mode & (S_IROTH | S_IWOTH))); ++#else ++ return false; ++#endif ++} ++ + #endif /* _LINUX_FS_H */ diff --git a/include/linux/fs_struct.h b/include/linux/fs_struct.h -index 003dc0f..3c4ea97 100644 +index d0ae3a8..0244b34 100644 --- a/include/linux/fs_struct.h +++ b/include/linux/fs_struct.h @@ -6,7 +6,7 @@ @@ -62538,10 +66948,10 @@ index 003dc0f..3c4ea97 100644 seqcount_t seq; int umask; diff --git a/include/linux/fscache-cache.h b/include/linux/fscache-cache.h -index ce31408..b1ad003 100644 +index 5dfa0aa..6acf322 100644 --- a/include/linux/fscache-cache.h +++ b/include/linux/fscache-cache.h -@@ -102,7 +102,7 @@ struct fscache_operation { +@@ -112,7 +112,7 @@ struct fscache_operation { fscache_operation_release_t release; }; @@ -62550,20 +66960,53 @@ index ce31408..b1ad003 100644 extern void fscache_op_work_func(struct work_struct *work); extern void fscache_enqueue_operation(struct fscache_operation *); -@@ -122,7 +122,7 @@ static inline void fscache_operation_init(struct fscache_operation *op, - { +@@ -134,7 +134,7 @@ static inline void fscache_operation_init(struct fscache_operation *op, INIT_WORK(&op->work, fscache_op_work_func); atomic_set(&op->usage, 1); + op->state = FSCACHE_OP_ST_INITIALISED; - op->debug_id = atomic_inc_return(&fscache_op_debug_id); + op->debug_id = atomic_inc_return_unchecked(&fscache_op_debug_id); op->processor = processor; op->release = release; INIT_LIST_HEAD(&op->pend_link); +diff --git a/include/linux/fscache.h b/include/linux/fscache.h +index 7a08623..4c07b0f 100644 +--- a/include/linux/fscache.h ++++ b/include/linux/fscache.h +@@ -152,7 +152,7 @@ struct fscache_cookie_def { + * - this is mandatory for any object that may have data + */ + void (*now_uncached)(void *cookie_netfs_data); +-}; ++} __do_const; + + /* + * fscache cached network filesystem type diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h -index a6dfe69..569586df 100644 +index 0fbfb46..508eb0d 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h -@@ -315,7 +315,7 @@ static inline void fsnotify_change(struct dentry *dentry, unsigned int ia_valid) +@@ -195,6 +195,9 @@ static inline void fsnotify_access(struct file *file) + struct inode *inode = path->dentry->d_inode; + __u32 mask = FS_ACCESS; + ++ if (is_sidechannel_device(inode)) ++ return; ++ + if (S_ISDIR(inode->i_mode)) + mask |= FS_ISDIR; + +@@ -213,6 +216,9 @@ static inline void fsnotify_modify(struct file *file) + struct inode *inode = path->dentry->d_inode; + __u32 mask = FS_MODIFY; + ++ if (is_sidechannel_device(inode)) ++ return; ++ + if (S_ISDIR(inode->i_mode)) + mask |= FS_ISDIR; + +@@ -315,7 +321,7 @@ static inline void fsnotify_change(struct dentry *dentry, unsigned int ia_valid) */ static inline const unsigned char *fsnotify_oldname_init(const unsigned char *name) { @@ -62572,32 +67015,11 @@ index a6dfe69..569586df 100644 } /* -diff --git a/include/linux/fsnotify_backend.h b/include/linux/fsnotify_backend.h -index 63d966d..cdcb717 100644 ---- a/include/linux/fsnotify_backend.h -+++ b/include/linux/fsnotify_backend.h -@@ -105,6 +105,7 @@ struct fsnotify_ops { - void (*freeing_mark)(struct fsnotify_mark *mark, struct fsnotify_group *group); - void (*free_event_priv)(struct fsnotify_event_private_data *priv); - }; -+typedef struct fsnotify_ops __no_const fsnotify_ops_no_const; - - /* - * A group is a "thing" that wants to receive notification about filesystem diff --git a/include/linux/ftrace_event.h b/include/linux/ftrace_event.h -index 642928c..e6c83a7 100644 +index a3d4895..ddd2a50 100644 --- a/include/linux/ftrace_event.h +++ b/include/linux/ftrace_event.h -@@ -97,7 +97,7 @@ struct trace_event_functions { - trace_print_func raw; - trace_print_func hex; - trace_print_func binary; --}; -+} __no_const; - - struct trace_event { - struct hlist_node node; -@@ -266,7 +266,7 @@ extern int trace_define_field(struct ftrace_event_call *call, const char *type, +@@ -272,7 +272,7 @@ extern int trace_define_field(struct ftrace_event_call *call, const char *type, extern int trace_add_event_call(struct ftrace_event_call *call); extern void trace_remove_event_call(struct ftrace_event_call *call); @@ -62607,10 +67029,10 @@ index 642928c..e6c83a7 100644 int trace_set_clr_event(const char *system, const char *event, int set); diff --git a/include/linux/genhd.h b/include/linux/genhd.h -index 4f440b3..342233a 100644 +index 79b8bba..86b539e 100644 --- a/include/linux/genhd.h +++ b/include/linux/genhd.h -@@ -190,7 +190,7 @@ struct gendisk { +@@ -194,7 +194,7 @@ struct gendisk { struct kobject *slave_dir; struct timer_rand_state *random; @@ -62619,32 +67041,46 @@ index 4f440b3..342233a 100644 struct disk_events *ev; #ifdef CONFIG_BLK_DEV_INTEGRITY struct blk_integrity *integrity; +diff --git a/include/linux/genl_magic_func.h b/include/linux/genl_magic_func.h +index 023bc34..b02b46a 100644 +--- a/include/linux/genl_magic_func.h ++++ b/include/linux/genl_magic_func.h +@@ -246,7 +246,7 @@ const char *CONCAT_(GENL_MAGIC_FAMILY, _genl_cmd_to_str)(__u8 cmd) + }, + + #define ZZZ_genl_ops CONCAT_(GENL_MAGIC_FAMILY, _genl_ops) +-static struct genl_ops ZZZ_genl_ops[] __read_mostly = { ++static struct genl_ops ZZZ_genl_ops[] = { + #include GENL_MAGIC_INCLUDE_FILE + }; + diff --git a/include/linux/gfp.h b/include/linux/gfp.h -index 4883f39..26688a8 100644 +index 0f615eb..5c3832f 100644 --- a/include/linux/gfp.h +++ b/include/linux/gfp.h -@@ -39,6 +39,12 @@ struct vm_area_struct; +@@ -35,6 +35,13 @@ struct vm_area_struct; + #define ___GFP_NO_KSWAPD 0x400000u #define ___GFP_OTHER_NODE 0x800000u #define ___GFP_WRITE 0x1000000u - ++ +#ifdef CONFIG_PAX_USERCOPY_SLABS +#define ___GFP_USERCOPY 0x2000000u +#else +#define ___GFP_USERCOPY 0 +#endif + + /* If the above are modified, __GFP_BITS_SHIFT may need updating */ + /* - * GFP bitmasks.. - * -@@ -93,6 +99,7 @@ struct vm_area_struct; - #define __GFP_NO_KSWAPD ((__force gfp_t)___GFP_NO_KSWAPD) +@@ -92,6 +99,7 @@ struct vm_area_struct; #define __GFP_OTHER_NODE ((__force gfp_t)___GFP_OTHER_NODE) /* On behalf of other node */ + #define __GFP_KMEMCG ((__force gfp_t)___GFP_KMEMCG) /* Allocation comes from a memcg-accounted resource */ #define __GFP_WRITE ((__force gfp_t)___GFP_WRITE) /* Allocator intends to dirty page */ +#define __GFP_USERCOPY ((__force gfp_t)___GFP_USERCOPY)/* Allocator intends to copy page to/from userland */ /* * This may seem redundant, but it's a way of annotating false positives vs. -@@ -100,7 +107,7 @@ struct vm_area_struct; +@@ -99,7 +107,7 @@ struct vm_area_struct; */ #define __GFP_NOTRACK_FALSE_POSITIVE (__GFP_NOTRACK) @@ -62653,7 +67089,7 @@ index 4883f39..26688a8 100644 #define __GFP_BITS_MASK ((__force gfp_t)((1 << __GFP_BITS_SHIFT) - 1)) /* This equals 0, but use constants in case they ever change */ -@@ -154,6 +161,8 @@ struct vm_area_struct; +@@ -153,6 +161,8 @@ struct vm_area_struct; /* 4GB DMA on some platforms */ #define GFP_DMA32 __GFP_DMA32 @@ -62664,7 +67100,7 @@ index 4883f39..26688a8 100644 { diff --git a/include/linux/gracl.h b/include/linux/gracl.h new file mode 100644 -index 0000000..c938b1f +index 0000000..ebe6d72 --- /dev/null +++ b/include/linux/gracl.h @@ -0,0 +1,319 @@ @@ -62928,25 +67364,25 @@ index 0000000..c938b1f + Shift/add algorithm with modulus of table size and an XOR*/ + +static __inline__ unsigned int -+rhash(const uid_t uid, const __u16 type, const unsigned int sz) ++gr_rhash(const uid_t uid, const __u16 type, const unsigned int sz) +{ + return ((((uid + type) << (16 + type)) ^ uid) % sz); +} + + static __inline__ unsigned int -+shash(const struct acl_subject_label *userp, const unsigned int sz) ++gr_shash(const struct acl_subject_label *userp, const unsigned int sz) +{ + return ((const unsigned long)userp % sz); +} + +static __inline__ unsigned int -+fhash(const ino_t ino, const dev_t dev, const unsigned int sz) ++gr_fhash(const ino_t ino, const dev_t dev, const unsigned int sz) +{ + return (((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9))) % sz); +} + +static __inline__ unsigned int -+nhash(const char *name, const __u16 len, const unsigned int sz) ++gr_nhash(const char *name, const __u16 len, const unsigned int sz) +{ + return full_name_hash((const unsigned char *)name, len) % sz; +} @@ -63004,7 +67440,7 @@ index 0000000..323ecf2 +#endif diff --git a/include/linux/grdefs.h b/include/linux/grdefs.h new file mode 100644 -index 0000000..b30e9bc +index 0000000..be66033 --- /dev/null +++ b/include/linux/grdefs.h @@ -0,0 +1,140 @@ @@ -63092,7 +67528,7 @@ index 0000000..b30e9bc + GR_PROTPROCFD = 0x00000400, + GR_PROCACCT = 0x00000800, + GR_RELAXPTRACE = 0x00001000, -+ GR_NESTED = 0x00002000, ++ //GR_NESTED = 0x00002000, + GR_INHERITLEARN = 0x00004000, + GR_PROCFIND = 0x00008000, + GR_POVERRIDE = 0x00010000, @@ -63150,10 +67586,10 @@ index 0000000..b30e9bc +#endif diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h new file mode 100644 -index 0000000..c9292f7 +index 0000000..9bb6662 --- /dev/null +++ b/include/linux/grinternal.h -@@ -0,0 +1,223 @@ +@@ -0,0 +1,215 @@ +#ifndef __GRINTERNAL_H +#define __GRINTERNAL_H + @@ -63216,18 +67652,18 @@ index 0000000..c9292f7 +extern int grsec_enable_chroot_sysctl; +extern int grsec_enable_chroot_unix; +extern int grsec_enable_symlinkown; -+extern int grsec_symlinkown_gid; ++extern kgid_t grsec_symlinkown_gid; +extern int grsec_enable_tpe; -+extern int grsec_tpe_gid; ++extern kgid_t grsec_tpe_gid; +extern int grsec_enable_tpe_all; +extern int grsec_enable_tpe_invert; +extern int grsec_enable_socket_all; -+extern int grsec_socket_all_gid; ++extern kgid_t grsec_socket_all_gid; +extern int grsec_enable_socket_client; -+extern int grsec_socket_client_gid; ++extern kgid_t grsec_socket_client_gid; +extern int grsec_enable_socket_server; -+extern int grsec_socket_server_gid; -+extern int grsec_audit_gid; ++extern kgid_t grsec_socket_server_gid; ++extern kgid_t grsec_audit_gid; +extern int grsec_enable_group; +extern int grsec_enable_audit_textrel; +extern int grsec_enable_log_rwxmaps; @@ -63267,14 +67703,6 @@ index 0000000..c9292f7 + +#define have_same_root(tsk_a,tsk_b) ((tsk_a)->gr_chroot_dentry == (tsk_b)->gr_chroot_dentry) + -+#define DEFAULTSECARGS(task, cred, pcred) gr_task_fullpath(task), (task)->comm, \ -+ (task)->pid, (cred)->uid, \ -+ (cred)->euid, (cred)->gid, (cred)->egid, \ -+ gr_parent_task_fullpath(task), \ -+ (task)->real_parent->comm, (task)->real_parent->pid, \ -+ (pcred)->uid, (pcred)->euid, \ -+ (pcred)->gid, (pcred)->egid -+ +#define GR_CHROOT_CAPS {{ \ + CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \ + CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \ @@ -63496,10 +67924,10 @@ index 0000000..2bd4c8d +#define GR_BRUTE_DAEMON_MSG "bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds. Please investigate the crash report for " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..28d8b19 +index 0000000..1ae241a --- /dev/null +++ b/include/linux/grsecurity.h -@@ -0,0 +1,239 @@ +@@ -0,0 +1,257 @@ +#ifndef GR_SECURITY_H +#define GR_SECURITY_H +#include <linux/fs.h> @@ -63530,7 +67958,7 @@ index 0000000..28d8b19 + union { + const char __user *const __user *native; +#ifdef CONFIG_COMPAT -+ compat_uptr_t __user *compat; ++ const compat_uptr_t __user *compat; +#endif + } ptr; +}; @@ -63544,8 +67972,8 @@ index 0000000..28d8b19 + +int gr_acl_enable_at_secure(void); + -+int gr_check_user_change(int real, int effective, int fs); -+int gr_check_group_change(int real, int effective, int fs); ++int gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs); ++int gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs); + +void gr_del_task_from_ip_table(struct task_struct *p); + @@ -63607,19 +68035,17 @@ index 0000000..28d8b19 +int gr_handle_hardlink(const struct dentry *dentry, + const struct vfsmount *mnt, + struct inode *inode, -+ const int mode, const char *to); ++ const int mode, const struct filename *to); + +int gr_is_capable(const int cap); +int gr_is_capable_nolog(const int cap); +int gr_task_is_capable(const struct task_struct *task, const struct cred *cred, const int cap); +int gr_task_is_capable_nolog(const struct task_struct *task, const int cap); + -+void gr_learn_resource(const struct task_struct *task, const int limit, -+ const unsigned long wanted, const int gt); +void gr_copy_label(struct task_struct *tsk); +void gr_handle_crash(struct task_struct *task, const int sig); +int gr_handle_signal(const struct task_struct *p, const int sig); -+int gr_check_crash_uid(const uid_t uid); ++int gr_check_crash_uid(const kuid_t uid); +int gr_check_protected_task(const struct task_struct *task); +int gr_check_protected_task_fowner(struct pid *pid, enum pid_type type); +int gr_acl_handle_mmap(const struct file *file, @@ -63646,8 +68072,8 @@ index 0000000..28d8b19 +int gr_check_crash_exec(const struct file *filp); +int gr_acl_is_enabled(void); +void gr_set_kernel_label(struct task_struct *task); -+void gr_set_role_label(struct task_struct *task, const uid_t uid, -+ const gid_t gid); ++void gr_set_role_label(struct task_struct *task, const kuid_t uid, ++ const kgid_t gid); +int gr_set_proc_label(const struct dentry *dentry, + const struct vfsmount *mnt, + const int unsafe_flags); @@ -63678,19 +68104,19 @@ index 0000000..28d8b19 +__u32 gr_acl_handle_symlink(const struct dentry *new_dentry, + const struct dentry *parent_dentry, + const struct vfsmount *parent_mnt, -+ const char *from); ++ const struct filename *from); +__u32 gr_acl_handle_link(const struct dentry *new_dentry, + const struct dentry *parent_dentry, + const struct vfsmount *parent_mnt, + const struct dentry *old_dentry, -+ const struct vfsmount *old_mnt, const char *to); ++ const struct vfsmount *old_mnt, const struct filename *to); +int gr_handle_symlink_owner(const struct path *link, const struct inode *target); +int gr_acl_handle_rename(struct dentry *new_dentry, + struct dentry *parent_dentry, + const struct vfsmount *parent_mnt, + struct dentry *old_dentry, + struct inode *old_parent_inode, -+ struct vfsmount *old_mnt, const char *newname); ++ struct vfsmount *old_mnt, const struct filename *newname); +void gr_handle_rename(struct inode *old_dir, struct inode *new_dir, + struct dentry *old_dentry, + struct dentry *new_dentry, @@ -63716,6 +68142,26 @@ index 0000000..28d8b19 + +int gr_ptrace_readexec(struct file *file, int unsafe_flags); + ++#if defined(CONFIG_GRKERNSEC) && (defined(CONFIG_GRKERNSEC_RESLOG) || !defined(CONFIG_GRKERNSEC_NO_RBAC)) ++extern void gr_learn_resource(const struct task_struct *task, const int res, ++ const unsigned long wanted, const int gt); ++#else ++static inline void gr_learn_resource(const struct task_struct *task, const int res, ++ const unsigned long wanted, const int gt) ++{ ++} ++#endif ++ ++#ifdef CONFIG_GRKERNSEC_RESLOG ++extern void gr_log_resource(const struct task_struct *task, const int res, ++ const unsigned long wanted, const int gt); ++#else ++static inline void gr_log_resource(const struct task_struct *task, const int res, ++ const unsigned long wanted, const int gt) ++{ ++} ++#endif ++ +#ifdef CONFIG_GRKERNSEC +void task_grsec_rbac(struct seq_file *m, struct task_struct *p); +void gr_handle_vm86(void); @@ -63727,7 +68173,7 @@ index 0000000..28d8b19 +extern int grsec_disable_privio; + +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP -+extern int grsec_proc_gid; ++extern kgid_t grsec_proc_gid; +#endif + +#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK @@ -63764,19 +68210,6 @@ index 0000000..e7ffaaf + const int protocol); + +#endif -diff --git a/include/linux/hid.h b/include/linux/hid.h -index 42970de..5db3c92 100644 ---- a/include/linux/hid.h -+++ b/include/linux/hid.h -@@ -705,7 +705,7 @@ struct hid_ll_driver { - unsigned int code, int value); - - int (*parse)(struct hid_device *hdev); --}; -+} __no_const; - - #define PM_HINT_FULLON 1<<5 - #define PM_HINT_NORMAL 1<<1 diff --git a/include/linux/highmem.h b/include/linux/highmem.h index ef788b5..ac41b7b 100644 --- a/include/linux/highmem.h @@ -63800,8 +68233,31 @@ index ef788b5..ac41b7b 100644 static inline void zero_user_segments(struct page *page, unsigned start1, unsigned end1, unsigned start2, unsigned end2) +diff --git a/include/linux/hwmon-sysfs.h b/include/linux/hwmon-sysfs.h +index 1c7b89a..7f52502 100644 +--- a/include/linux/hwmon-sysfs.h ++++ b/include/linux/hwmon-sysfs.h +@@ -25,7 +25,8 @@ + struct sensor_device_attribute{ + struct device_attribute dev_attr; + int index; +-}; ++} __do_const; ++typedef struct sensor_device_attribute __no_const sensor_device_attribute_no_const; + #define to_sensor_dev_attr(_dev_attr) \ + container_of(_dev_attr, struct sensor_device_attribute, dev_attr) + +@@ -41,7 +42,7 @@ struct sensor_device_attribute_2 { + struct device_attribute dev_attr; + u8 index; + u8 nr; +-}; ++} __do_const; + #define to_sensor_dev_attr_2(_dev_attr) \ + container_of(_dev_attr, struct sensor_device_attribute_2, dev_attr) + diff --git a/include/linux/i2c.h b/include/linux/i2c.h -index 5970266..1c48c3b 100644 +index d0c4db7..61b3577 100644 --- a/include/linux/i2c.h +++ b/include/linux/i2c.h @@ -369,6 +369,7 @@ struct i2c_algorithm { @@ -63825,29 +68281,21 @@ index d23c3c2..eb63c81 100644 struct list_head context_list; /* list of context id's and pointers */ #endif -diff --git a/include/linux/if_team.h b/include/linux/if_team.h -index aa2e167..84024ce 100644 ---- a/include/linux/if_team.h -+++ b/include/linux/if_team.h -@@ -109,6 +109,7 @@ struct team_mode_ops { - void (*port_enabled)(struct team *team, struct team_port *port); - void (*port_disabled)(struct team *team, struct team_port *port); - }; -+typedef struct team_mode_ops __no_const team_mode_ops_no_const; - - enum team_option_type { - TEAM_OPTION_TYPE_U32, -@@ -181,7 +182,7 @@ struct team { - struct list_head option_inst_list; /* list of option instances */ - - const struct team_mode *mode; -- struct team_mode_ops ops; -+ team_mode_ops_no_const ops; - long mode_priv[TEAM_MODE_PRIV_LONGS]; - }; +diff --git a/include/linux/if_pppox.h b/include/linux/if_pppox.h +index aff7ad8..3942bbd 100644 +--- a/include/linux/if_pppox.h ++++ b/include/linux/if_pppox.h +@@ -76,7 +76,7 @@ struct pppox_proto { + int (*ioctl)(struct socket *sock, unsigned int cmd, + unsigned long arg); + struct module *owner; +-}; ++} __do_const; + extern int register_pppox_proto(int proto_num, const struct pppox_proto *pp); + extern void unregister_pppox_proto(int proto_num); diff --git a/include/linux/init.h b/include/linux/init.h -index 5e664f6..ba694f0 100644 +index 10ed4f4..8e8490d 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -39,9 +39,36 @@ @@ -63886,37 +68334,28 @@ index 5e664f6..ba694f0 100644 -#define __init __section(.init.text) __cold notrace +#define __init __section(.init.text) __cold notrace add_init_latent_entropy #define __initdata __section(.init.data) - #define __initconst __section(.init.rodata) + #define __initconst __constsection(.init.rodata) #define __exitdata __section(.exit.data) -@@ -83,7 +110,7 @@ +@@ -94,7 +121,7 @@ #define __exit __section(.exit.text) __exitused __cold notrace - /* Used for HOTPLUG */ --#define __devinit __section(.devinit.text) __cold notrace -+#define __devinit __section(.devinit.text) __cold notrace add_devinit_latent_entropy - #define __devinitdata __section(.devinit.data) - #define __devinitconst __section(.devinit.rodata) - #define __devexit __section(.devexit.text) __exitused __cold notrace -@@ -91,7 +118,7 @@ - #define __devexitconst __section(.devexit.rodata) - /* Used for HOTPLUG_CPU */ -#define __cpuinit __section(.cpuinit.text) __cold notrace +#define __cpuinit __section(.cpuinit.text) __cold notrace add_cpuinit_latent_entropy #define __cpuinitdata __section(.cpuinit.data) - #define __cpuinitconst __section(.cpuinit.rodata) + #define __cpuinitconst __constsection(.cpuinit.rodata) #define __cpuexit __section(.cpuexit.text) __exitused __cold notrace -@@ -99,7 +126,7 @@ - #define __cpuexitconst __section(.cpuexit.rodata) +@@ -102,7 +129,7 @@ + #define __cpuexitconst __constsection(.cpuexit.rodata) /* Used for MEMORY_HOTPLUG */ -#define __meminit __section(.meminit.text) __cold notrace +#define __meminit __section(.meminit.text) __cold notrace add_meminit_latent_entropy #define __meminitdata __section(.meminit.data) - #define __meminitconst __section(.meminit.rodata) + #define __meminitconst __constsection(.meminit.rodata) #define __memexit __section(.memexit.text) __exitused __cold notrace diff --git a/include/linux/init_task.h b/include/linux/init_task.h -index 89f1cb1..7986c0f 100644 +index 6d087c5..401cab8 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h @@ -143,6 +143,12 @@ extern struct task_group root_task_group; @@ -63940,24 +68379,11 @@ index 89f1cb1..7986c0f 100644 .fs = &init_fs, \ .files = &init_files, \ .signal = &init_signals, \ -diff --git a/include/linux/intel-iommu.h b/include/linux/intel-iommu.h -index 78e2ada..745564d 100644 ---- a/include/linux/intel-iommu.h -+++ b/include/linux/intel-iommu.h -@@ -296,7 +296,7 @@ struct iommu_flush { - u8 fm, u64 type); - void (*flush_iotlb)(struct intel_iommu *iommu, u16 did, u64 addr, - unsigned int size_order, u64 type); --}; -+} __no_const; - - enum { - SR_DMAR_FECTL_REG, diff --git a/include/linux/interrupt.h b/include/linux/interrupt.h -index c5f856a..d29c117 100644 +index 5fa5afe..ac55b25 100644 --- a/include/linux/interrupt.h +++ b/include/linux/interrupt.h -@@ -433,7 +433,7 @@ enum +@@ -430,7 +430,7 @@ enum /* map softirq index to softirq name. update 'softirq_to_name' in * kernel/softirq.c when adding a new softirq. */ @@ -63966,13 +68392,14 @@ index c5f856a..d29c117 100644 /* softirq mask and active fields moved to irq_cpustat_t in * asm/hardirq.h to get better cache usage. KAO -@@ -441,12 +441,12 @@ extern char *softirq_to_name[NR_SOFTIRQS]; +@@ -438,12 +438,12 @@ extern char *softirq_to_name[NR_SOFTIRQS]; struct softirq_action { - void (*action)(struct softirq_action *); +-}; + void (*action)(void); - }; ++} __no_const; asmlinkage void do_softirq(void); asmlinkage void __do_softirq(void); @@ -63981,6 +68408,33 @@ index c5f856a..d29c117 100644 extern void softirq_init(void); extern void __raise_softirq_irqoff(unsigned int nr); +diff --git a/include/linux/iommu.h b/include/linux/iommu.h +index f3b99e1..9b73cee 100644 +--- a/include/linux/iommu.h ++++ b/include/linux/iommu.h +@@ -101,7 +101,7 @@ struct iommu_ops { + int (*domain_set_attr)(struct iommu_domain *domain, + enum iommu_attr attr, void *data); + unsigned long pgsize_bitmap; +-}; ++} __do_const; + + #define IOMMU_GROUP_NOTIFY_ADD_DEVICE 1 /* Device added */ + #define IOMMU_GROUP_NOTIFY_DEL_DEVICE 2 /* Pre Device removed */ +diff --git a/include/linux/irq.h b/include/linux/irq.h +index fdf2c4a..5332486 100644 +--- a/include/linux/irq.h ++++ b/include/linux/irq.h +@@ -328,7 +328,8 @@ struct irq_chip { + void (*irq_print_chip)(struct irq_data *data, struct seq_file *p); + + unsigned long flags; +-}; ++} __do_const; ++typedef struct irq_chip __no_const irq_chip_no_const; + + /* + * irq_chip specific flags diff --git a/include/linux/kallsyms.h b/include/linux/kallsyms.h index 6883e19..06992b1 100644 --- a/include/linux/kallsyms.h @@ -64013,8 +68467,21 @@ index 6883e19..06992b1 100644 /* This macro allows us to keep printk typechecking */ static __printf(1, 2) +diff --git a/include/linux/key-type.h b/include/linux/key-type.h +index 518a53a..5e28358 100644 +--- a/include/linux/key-type.h ++++ b/include/linux/key-type.h +@@ -125,7 +125,7 @@ struct key_type { + /* internal fields */ + struct list_head link; /* link in types list */ + struct lock_class_key lock_class; /* key->sem lock class */ +-}; ++} __do_const; + + extern struct key_type key_type_keyring; + diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h -index c4d2fc1..5df9c19 100644 +index 4dff0c6..1ca9b72 100644 --- a/include/linux/kgdb.h +++ b/include/linux/kgdb.h @@ -53,7 +53,7 @@ extern int kgdb_connected; @@ -64026,16 +68493,16 @@ index c4d2fc1..5df9c19 100644 extern struct task_struct *kgdb_usethread; extern struct task_struct *kgdb_contthread; -@@ -252,7 +252,7 @@ struct kgdb_arch { - void (*disable_hw_break)(struct pt_regs *regs); - void (*remove_all_hw_break)(void); +@@ -255,7 +255,7 @@ struct kgdb_arch { void (*correct_hw_break)(void); + + void (*enable_nmi)(bool on); -}; +} __do_const; /** * struct kgdb_io - Describe the interface for an I/O driver to talk with KGDB. -@@ -277,7 +277,7 @@ struct kgdb_io { +@@ -280,7 +280,7 @@ struct kgdb_io { void (*pre_exception) (void); void (*post_exception) (void); int is_console; @@ -64057,8 +68524,42 @@ index 5398d58..5883a34 100644 #define request_module(mod...) __request_module(true, mod) #define request_module_nowait(mod...) __request_module(false, mod) #define try_then_request_module(x, mod...) \ +diff --git a/include/linux/kobject.h b/include/linux/kobject.h +index 939b112..ed6ed51 100644 +--- a/include/linux/kobject.h ++++ b/include/linux/kobject.h +@@ -111,7 +111,7 @@ struct kobj_type { + struct attribute **default_attrs; + const struct kobj_ns_type_operations *(*child_ns_type)(struct kobject *kobj); + const void *(*namespace)(struct kobject *kobj); +-}; ++} __do_const; + + struct kobj_uevent_env { + char *envp[UEVENT_NUM_ENVP]; +@@ -134,6 +134,7 @@ struct kobj_attribute { + ssize_t (*store)(struct kobject *kobj, struct kobj_attribute *attr, + const char *buf, size_t count); + }; ++typedef struct kobj_attribute __no_const kobj_attribute_no_const; + + extern const struct sysfs_ops kobj_sysfs_ops; + +diff --git a/include/linux/kobject_ns.h b/include/linux/kobject_ns.h +index f66b065..c2c29b4 100644 +--- a/include/linux/kobject_ns.h ++++ b/include/linux/kobject_ns.h +@@ -43,7 +43,7 @@ struct kobj_ns_type_operations { + const void *(*netlink_ns)(struct sock *sk); + const void *(*initial_ns)(void); + void (*drop_ns)(void *); +-}; ++} __do_const; + + int kobj_ns_type_register(const struct kobj_ns_type_operations *ops); + int kobj_ns_type_registered(enum kobj_ns_type type); diff --git a/include/linux/kref.h b/include/linux/kref.h -index 65af688..0592677 100644 +index 4972e6e..de4d19b 100644 --- a/include/linux/kref.h +++ b/include/linux/kref.h @@ -64,7 +64,7 @@ static inline void kref_get(struct kref *kref) @@ -64071,11 +68572,11 @@ index 65af688..0592677 100644 if (atomic_sub_and_test((int) count, &kref->refcount)) { release(kref); diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index b70b48b..0d7153b 100644 +index 2c497ab..afe32f5 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h -@@ -351,7 +351,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); - void vcpu_load(struct kvm_vcpu *vcpu); +@@ -418,7 +418,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); + int __must_check vcpu_load(struct kvm_vcpu *vcpu); void vcpu_put(struct kvm_vcpu *vcpu); -int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, @@ -64083,7 +68584,7 @@ index b70b48b..0d7153b 100644 struct module *module); void kvm_exit(void); -@@ -517,7 +517,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, +@@ -574,7 +574,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg); int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run); @@ -64093,10 +68594,10 @@ index b70b48b..0d7153b 100644 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); diff --git a/include/linux/libata.h b/include/linux/libata.h -index 64f90e1..32b945b 100644 +index 649e5f8..ead5194 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h -@@ -909,7 +909,7 @@ struct ata_port_operations { +@@ -915,7 +915,7 @@ struct ata_port_operations { * fields must be pointers. */ const struct ata_port_operations *inherits; @@ -64105,64 +68606,64 @@ index 64f90e1..32b945b 100644 struct ata_port_info { unsigned long flags; -diff --git a/include/linux/memory.h b/include/linux/memory.h -index ff9a9f8..c715deb 100644 ---- a/include/linux/memory.h -+++ b/include/linux/memory.h -@@ -143,7 +143,7 @@ struct memory_accessor { - size_t count); - ssize_t (*write)(struct memory_accessor *, const char *buf, - off_t offset, size_t count); --}; -+} __no_const; +diff --git a/include/linux/list.h b/include/linux/list.h +index cc6d2aa..c10ee83 100644 +--- a/include/linux/list.h ++++ b/include/linux/list.h +@@ -112,6 +112,19 @@ extern void __list_del_entry(struct list_head *entry); + extern void list_del(struct list_head *entry); + #endif - /* - * Kernel text modification mutex, used for code patching. Users of this lock -diff --git a/include/linux/mfd/abx500.h b/include/linux/mfd/abx500.h -index 1318ca6..7521340 100644 ---- a/include/linux/mfd/abx500.h -+++ b/include/linux/mfd/abx500.h -@@ -452,6 +452,7 @@ struct abx500_ops { - int (*event_registers_startup_state_get) (struct device *, u8 *); - int (*startup_irq_enabled) (struct device *, unsigned int); - }; -+typedef struct abx500_ops __no_const abx500_ops_no_const; - - int abx500_register_ops(struct device *core_dev, struct abx500_ops *ops); - void abx500_remove_ops(struct device *dev); -diff --git a/include/linux/mfd/abx500/ux500_chargalg.h b/include/linux/mfd/abx500/ux500_chargalg.h -index 9b07725..3d55001 100644 ---- a/include/linux/mfd/abx500/ux500_chargalg.h -+++ b/include/linux/mfd/abx500/ux500_chargalg.h -@@ -19,7 +19,7 @@ struct ux500_charger_ops { - int (*enable) (struct ux500_charger *, int, int, int); - int (*kick_wd) (struct ux500_charger *); - int (*update_curr) (struct ux500_charger *, int); --}; -+} __no_const; ++extern void __pax_list_add(struct list_head *new, ++ struct list_head *prev, ++ struct list_head *next); ++static inline void pax_list_add(struct list_head *new, struct list_head *head) ++{ ++ __pax_list_add(new, head, head->next); ++} ++static inline void pax_list_add_tail(struct list_head *new, struct list_head *head) ++{ ++ __pax_list_add(new, head->prev, head); ++} ++extern void pax_list_del(struct list_head *entry); ++ + /** + * list_replace - replace old entry by new one + * @old : the element to be replaced +@@ -145,6 +158,8 @@ static inline void list_del_init(struct list_head *entry) + INIT_LIST_HEAD(entry); + } ++extern void pax_list_del_init(struct list_head *entry); ++ /** - * struct ux500_charger - power supply ux500 charger sub class + * list_move - delete from one list and add as another's head + * @list: the entry to move diff --git a/include/linux/mm.h b/include/linux/mm.h -index 311be90..5f1638c 100644 +index 66e2f7c..ea88001 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h -@@ -116,7 +116,14 @@ extern unsigned int kobjsize(const void *objp); - - #define VM_CAN_NONLINEAR 0x08000000 /* Has ->fault & does nonlinear pages */ - #define VM_MIXEDMAP 0x10000000 /* Can contain "struct page" and pure PFN pages */ +@@ -101,6 +101,11 @@ extern unsigned int kobjsize(const void *objp); + #define VM_HUGETLB 0x00400000 /* Huge TLB Page VM */ + #define VM_NONLINEAR 0x00800000 /* Is non-linear (remap_file_pages) */ + #define VM_ARCH_1 0x01000000 /* Architecture-specific flag */ + +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32) -+#define VM_SAO 0x00000000 /* Strong Access Ordering (powerpc) */ -+#define VM_PAGEEXEC 0x20000000 /* vma->vm_page_prot needs special handling */ -+#else - #define VM_SAO 0x20000000 /* Strong Access Ordering (powerpc) */ ++#define VM_PAGEEXEC 0x02000000 /* vma->vm_page_prot needs special handling */ +#endif + - #define VM_PFN_AT_MMAP 0x40000000 /* PFNMAP vma that is fully mapped at mmap time */ - #define VM_MERGEABLE 0x80000000 /* KSM may merge identical pages */ + #define VM_DONTDUMP 0x04000000 /* Do not include in the core dump */ -@@ -1038,34 +1045,6 @@ int set_page_dirty(struct page *page); + #define VM_MIXEDMAP 0x10000000 /* Can contain "struct page" and pure PFN pages */ +@@ -231,6 +236,7 @@ struct vm_operations_struct { + int (*remap_pages)(struct vm_area_struct *vma, unsigned long addr, + unsigned long size, pgoff_t pgoff); + }; ++typedef struct vm_operations_struct __no_const vm_operations_struct_no_const; + + struct mmu_gather; + struct inode; +@@ -1068,34 +1074,6 @@ int set_page_dirty(struct page *page); int set_page_dirty_lock(struct page *page); int clear_page_dirty_for_io(struct page *page); @@ -64197,7 +68698,7 @@ index 311be90..5f1638c 100644 extern pid_t vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group); -@@ -1164,6 +1143,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) +@@ -1198,6 +1176,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) } #endif @@ -64213,7 +68714,7 @@ index 311be90..5f1638c 100644 int vma_wants_writenotify(struct vm_area_struct *vma); extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, -@@ -1182,8 +1170,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, +@@ -1216,8 +1203,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, { return 0; } @@ -64229,7 +68730,7 @@ index 311be90..5f1638c 100644 #endif #ifdef __PAGETABLE_PMD_FOLDED -@@ -1192,8 +1187,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, +@@ -1226,8 +1220,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, { return 0; } @@ -64245,7 +68746,7 @@ index 311be90..5f1638c 100644 #endif int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, -@@ -1211,11 +1213,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a +@@ -1245,11 +1246,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a NULL: pud_offset(pgd, address); } @@ -64269,7 +68770,7 @@ index 311be90..5f1638c 100644 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ #if USE_SPLIT_PTLOCKS -@@ -1426,6 +1440,7 @@ extern unsigned long do_mmap_pgoff(struct file *, unsigned long, +@@ -1479,6 +1492,7 @@ extern unsigned long do_mmap_pgoff(struct file *, unsigned long, unsigned long, unsigned long, unsigned long, unsigned long); extern int do_munmap(struct mm_struct *, unsigned long, size_t); @@ -64277,7 +68778,7 @@ index 311be90..5f1638c 100644 /* These take the mm semaphore themselves */ extern unsigned long vm_brk(unsigned long, unsigned long); -@@ -1489,6 +1504,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add +@@ -1573,6 +1587,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -64288,7 +68789,7 @@ index 311be90..5f1638c 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1517,15 +1536,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, +@@ -1601,15 +1619,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, return vma; } @@ -64301,10 +68802,10 @@ index 311be90..5f1638c 100644 -} -#endif - - struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr); - int remap_pfn_range(struct vm_area_struct *, unsigned long addr, - unsigned long pfn, unsigned long size, pgprot_t); -@@ -1631,7 +1641,7 @@ extern int unpoison_memory(unsigned long pfn); + #ifdef CONFIG_ARCH_USES_NUMA_PROT_NONE + unsigned long change_prot_numa(struct vm_area_struct *vma, + unsigned long start, unsigned long end); +@@ -1721,7 +1730,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -64313,7 +68814,7 @@ index 311be90..5f1638c 100644 extern int soft_offline_page(struct page *page, int flags); extern void dump_page(struct page *page); -@@ -1662,5 +1672,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; } +@@ -1752,5 +1761,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; } static inline bool page_is_guard(struct page *page) { return false; } #endif /* CONFIG_DEBUG_PAGEALLOC */ @@ -64326,10 +68827,10 @@ index 311be90..5f1638c 100644 #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h -index bf78672..debc693 100644 +index f8f5162..a039af9 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h -@@ -279,6 +279,8 @@ struct vm_area_struct { +@@ -288,6 +288,8 @@ struct vm_area_struct { #ifdef CONFIG_NUMA struct mempolicy *vm_policy; /* NUMA policy for the VMA */ #endif @@ -64338,17 +68839,17 @@ index bf78672..debc693 100644 }; struct core_thread { -@@ -353,7 +355,7 @@ struct mm_struct { +@@ -362,7 +364,7 @@ struct mm_struct { unsigned long def_flags; unsigned long nr_ptes; /* Page table pages */ unsigned long start_code, end_code, start_data, end_data; - unsigned long start_brk, brk, start_stack; -+ unsigned long brk_gap, start_brk, brk, start_stack; ++ unsigned long aslr_gap, start_brk, brk, start_stack; unsigned long arg_start, arg_end, env_start, env_end; unsigned long saved_auxv[AT_VECTOR_SIZE]; /* for /proc/PID/auxv */ -@@ -405,6 +407,24 @@ struct mm_struct { - struct cpumask cpumask_allocation; +@@ -436,6 +438,24 @@ struct mm_struct { + int first_nid; #endif struct uprobes_state uprobes_state; + @@ -64371,32 +68872,34 @@ index bf78672..debc693 100644 + }; - static inline void mm_init_cpumask(struct mm_struct *mm) -diff --git a/include/linux/mmu_notifier.h b/include/linux/mmu_notifier.h -index ee2baf0..e24a58c 100644 ---- a/include/linux/mmu_notifier.h -+++ b/include/linux/mmu_notifier.h -@@ -256,12 +256,12 @@ static inline void mmu_notifier_mm_destroy(struct mm_struct *mm) - */ - #define ptep_clear_flush_notify(__vma, __address, __ptep) \ - ({ \ -- pte_t __pte; \ -+ pte_t ___pte; \ - struct vm_area_struct *___vma = __vma; \ - unsigned long ___address = __address; \ -- __pte = ptep_clear_flush(___vma, ___address, __ptep); \ -+ ___pte = ptep_clear_flush(___vma, ___address, __ptep); \ - mmu_notifier_invalidate_page(___vma->vm_mm, ___address); \ -- __pte; \ -+ ___pte; \ - }) + /* first nid will either be a valid NID or one of these values */ +diff --git a/include/linux/mmiotrace.h b/include/linux/mmiotrace.h +index c5d5278..f0b68c8 100644 +--- a/include/linux/mmiotrace.h ++++ b/include/linux/mmiotrace.h +@@ -46,7 +46,7 @@ extern int kmmio_handler(struct pt_regs *regs, unsigned long addr); + /* Called from ioremap.c */ + extern void mmiotrace_ioremap(resource_size_t offset, unsigned long size, + void __iomem *addr); +-extern void mmiotrace_iounmap(volatile void __iomem *addr); ++extern void mmiotrace_iounmap(const volatile void __iomem *addr); + + /* For anyone to insert markers. Remember trailing newline. */ + extern __printf(1, 2) int mmiotrace_printk(const char *fmt, ...); +@@ -66,7 +66,7 @@ static inline void mmiotrace_ioremap(resource_size_t offset, + { + } + +-static inline void mmiotrace_iounmap(volatile void __iomem *addr) ++static inline void mmiotrace_iounmap(const volatile void __iomem *addr) + { + } - #define pmdp_clear_flush_notify(__vma, __address, __pmdp) \ diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h -index a16d929..860ae00 100644 +index 73b64a3..6562925 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h -@@ -414,7 +414,7 @@ struct zone { +@@ -412,7 +412,7 @@ struct zone { unsigned long flags; /* zone flags, see below */ /* Zone statistics */ @@ -64406,7 +68909,7 @@ index a16d929..860ae00 100644 /* * The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h -index 6955045..ebdb7cd 100644 +index fed3def..c933f99 100644 --- a/include/linux/mod_devicetable.h +++ b/include/linux/mod_devicetable.h @@ -12,7 +12,7 @@ @@ -64427,11 +68930,20 @@ index 6955045..ebdb7cd 100644 #define HID_BUS_ANY 0xffff #define HID_GROUP_ANY 0x0000 +@@ -498,7 +498,7 @@ struct dmi_system_id { + const char *ident; + struct dmi_strmatch matches[4]; + void *driver_data; +-}; ++} __do_const; + /* + * struct dmi_device_id appears during expansion of + * "MODULE_DEVICE_TABLE(dmi, x)". Compiler doesn't look inside it diff --git a/include/linux/module.h b/include/linux/module.h -index fbcafe2..e5d9587 100644 +index 1375ee3..ced8177 100644 --- a/include/linux/module.h +++ b/include/linux/module.h -@@ -17,6 +17,7 @@ +@@ -17,9 +17,11 @@ #include <linux/moduleparam.h> #include <linux/tracepoint.h> #include <linux/export.h> @@ -64439,7 +68951,35 @@ index fbcafe2..e5d9587 100644 #include <linux/percpu.h> #include <asm/module.h> -@@ -273,19 +274,16 @@ struct module ++#include <asm/pgtable.h> + + /* In stripped ARM and x86-64 modules, ~ is surprisingly rare. */ + #define MODULE_SIG_STRING "~Module signature appended~\n" +@@ -54,12 +56,13 @@ struct module_attribute { + int (*test)(struct module *); + void (*free)(struct module *); + }; ++typedef struct module_attribute __no_const module_attribute_no_const; + + struct module_version_attribute { + struct module_attribute mattr; + const char *module_name; + const char *version; +-} __attribute__ ((__aligned__(sizeof(void *)))); ++} __do_const __attribute__ ((__aligned__(sizeof(void *)))); + + extern ssize_t __modver_version_show(struct module_attribute *, + struct module_kobject *, char *); +@@ -232,7 +235,7 @@ struct module + + /* Sysfs stuff. */ + struct module_kobject mkobj; +- struct module_attribute *modinfo_attrs; ++ module_attribute_no_const *modinfo_attrs; + const char *version; + const char *srcversion; + struct kobject *holders_dir; +@@ -281,19 +284,16 @@ struct module int (*init)(void); /* If this is non-NULL, vfree after init() returns */ @@ -64463,7 +69003,7 @@ index fbcafe2..e5d9587 100644 /* Arch-specific module values */ struct mod_arch_specific arch; -@@ -341,6 +339,10 @@ struct module +@@ -349,6 +349,10 @@ struct module #ifdef CONFIG_EVENT_TRACING struct ftrace_event_call **trace_events; unsigned int num_trace_events; @@ -64474,7 +69014,7 @@ index fbcafe2..e5d9587 100644 #endif #ifdef CONFIG_FTRACE_MCOUNT_RECORD unsigned int num_ftrace_callsites; -@@ -388,16 +390,46 @@ bool is_module_address(unsigned long addr); +@@ -396,16 +400,46 @@ bool is_module_address(unsigned long addr); bool is_module_percpu_address(unsigned long addr); bool is_module_text_address(unsigned long addr); @@ -64526,7 +69066,7 @@ index fbcafe2..e5d9587 100644 /* Search for module by name: must hold module_mutex. */ diff --git a/include/linux/moduleloader.h b/include/linux/moduleloader.h -index b2be02e..72d2f78 100644 +index 560ca53..5ee8d73 100644 --- a/include/linux/moduleloader.h +++ b/include/linux/moduleloader.h @@ -23,11 +23,23 @@ unsigned int arch_mod_section_prepend(struct module *mod, unsigned int section); @@ -64551,14 +69091,34 @@ index b2be02e..72d2f78 100644 +#define module_free_exec(x, y) module_free((x), (y)) +#endif + - /* Apply the given relocation to the (simplified) ELF. Return -error - or 0. */ - int apply_relocate(Elf_Shdr *sechdrs, + /* + * Apply the given relocation to the (simplified) ELF. Return -error + * or 0. +@@ -45,7 +57,9 @@ static inline int apply_relocate(Elf_Shdr *sechdrs, + unsigned int relsec, + struct module *me) + { ++#ifdef CONFIG_MODULES + printk(KERN_ERR "module %s: REL relocation unsupported\n", me->name); ++#endif + return -ENOEXEC; + } + #endif +@@ -67,7 +81,9 @@ static inline int apply_relocate_add(Elf_Shdr *sechdrs, + unsigned int relsec, + struct module *me) + { ++#ifdef CONFIG_MODULES + printk(KERN_ERR "module %s: REL relocation unsupported\n", me->name); ++#endif + return -ENOEXEC; + } + #endif diff --git a/include/linux/moduleparam.h b/include/linux/moduleparam.h -index d6a5806..7c13347 100644 +index 137b419..fe663ec 100644 --- a/include/linux/moduleparam.h +++ b/include/linux/moduleparam.h -@@ -286,7 +286,7 @@ static inline void __kernel_param_unlock(void) +@@ -284,7 +284,7 @@ static inline void __kernel_param_unlock(void) * @len is usually just sizeof(string). */ #define module_param_string(name, string, len, perm) \ @@ -64567,7 +69127,7 @@ index d6a5806..7c13347 100644 = { len, string }; \ __module_param_call(MODULE_PARAM_PREFIX, name, \ ¶m_ops_string, \ -@@ -425,7 +425,7 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp); +@@ -423,7 +423,7 @@ extern int param_set_bint(const char *val, const struct kernel_param *kp); */ #define module_param_array_named(name, array, type, nump, perm) \ param_check_##type(name, &(array)[0]); \ @@ -64577,10 +69137,10 @@ index d6a5806..7c13347 100644 .ops = ¶m_ops_##type, \ .elemsize = sizeof(array[0]), .elem = array }; \ diff --git a/include/linux/namei.h b/include/linux/namei.h -index 4bf19d8..5268cea 100644 +index 5a5ff57..5ae5070 100644 --- a/include/linux/namei.h +++ b/include/linux/namei.h -@@ -18,7 +18,7 @@ struct nameidata { +@@ -19,7 +19,7 @@ struct nameidata { unsigned seq; int last_type; unsigned depth; @@ -64589,7 +69149,7 @@ index 4bf19d8..5268cea 100644 }; /* -@@ -83,12 +83,12 @@ extern void unlock_rename(struct dentry *, struct dentry *); +@@ -84,12 +84,12 @@ extern void unlock_rename(struct dentry *, struct dentry *); extern void nd_jump_link(struct nameidata *nd, struct path *path); @@ -64604,19 +69164,32 @@ index 4bf19d8..5268cea 100644 { return nd->saved_names[nd->depth]; } +diff --git a/include/linux/net.h b/include/linux/net.h +index aa16731..514b875 100644 +--- a/include/linux/net.h ++++ b/include/linux/net.h +@@ -183,7 +183,7 @@ struct net_proto_family { + int (*create)(struct net *net, struct socket *sock, + int protocol, int kern); + struct module *owner; +-}; ++} __do_const; + + struct iovec; + struct kvec; diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index 59dc05f3..c905a34 100644 +index 9ef07d0..130a5d9 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -1027,6 +1027,7 @@ struct net_device_ops { - struct net_device *dev, - int idx); +@@ -1012,6 +1012,7 @@ struct net_device_ops { + u32 pid, u32 seq, + struct net_device *dev); }; +typedef struct net_device_ops __no_const net_device_ops_no_const; /* * The DEVICE structure. -@@ -1087,7 +1088,7 @@ struct net_device { +@@ -1078,7 +1079,7 @@ struct net_device { int iflink; struct net_device_stats stats; @@ -64625,6 +69198,45 @@ index 59dc05f3..c905a34 100644 * Do not use this in drivers. */ +diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h +index ee14284..bc65d63 100644 +--- a/include/linux/netfilter.h ++++ b/include/linux/netfilter.h +@@ -82,7 +82,7 @@ struct nf_sockopt_ops { + #endif + /* Use the module struct to lock set/get code in place */ + struct module *owner; +-}; ++} __do_const; + + /* Function to register/unregister hook points. */ + int nf_register_hook(struct nf_hook_ops *reg); +diff --git a/include/linux/netfilter/ipset/ip_set.h b/include/linux/netfilter/ipset/ip_set.h +index 7958e84..ed74d7a 100644 +--- a/include/linux/netfilter/ipset/ip_set.h ++++ b/include/linux/netfilter/ipset/ip_set.h +@@ -98,7 +98,7 @@ struct ip_set_type_variant { + /* Return true if "b" set is the same as "a" + * according to the create set parameters */ + bool (*same_set)(const struct ip_set *a, const struct ip_set *b); +-}; ++} __do_const; + + /* The core set type structure */ + struct ip_set_type { +diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h +index 4966dde..7d8ce06 100644 +--- a/include/linux/netfilter/nfnetlink.h ++++ b/include/linux/netfilter/nfnetlink.h +@@ -16,7 +16,7 @@ struct nfnl_callback { + const struct nlattr * const cda[]); + const struct nla_policy *policy; /* netlink attribute policy */ + const u_int16_t attr_count; /* number of nlattr's */ +-}; ++} __do_const; + + struct nfnetlink_subsystem { + const char *name; diff --git a/include/linux/netfilter/xt_gradm.h b/include/linux/netfilter/xt_gradm.h new file mode 100644 index 0000000..33f4af8 @@ -64640,19 +69252,33 @@ index 0000000..33f4af8 +}; + +#endif -diff --git a/include/linux/of_pdt.h b/include/linux/of_pdt.h -index c65a18a..0c05f3a 100644 ---- a/include/linux/of_pdt.h -+++ b/include/linux/of_pdt.h -@@ -32,7 +32,7 @@ struct of_pdt_ops { - - /* return 0 on success; fill in 'len' with number of bytes in path */ - int (*pkg2path)(phandle node, char *buf, const int buflen, int *len); +diff --git a/include/linux/nls.h b/include/linux/nls.h +index 5dc635f..35f5e11 100644 +--- a/include/linux/nls.h ++++ b/include/linux/nls.h +@@ -31,7 +31,7 @@ struct nls_table { + const unsigned char *charset2upper; + struct module *owner; + struct nls_table *next; -}; -+} __no_const; ++} __do_const; - extern void *prom_early_alloc(unsigned long size); + /* this value hold the maximum octet of charset */ + #define NLS_MAX_CHARSET_SIZE 6 /* for UTF-8 */ +diff --git a/include/linux/notifier.h b/include/linux/notifier.h +index d65746e..62e72c2 100644 +--- a/include/linux/notifier.h ++++ b/include/linux/notifier.h +@@ -51,7 +51,8 @@ struct notifier_block { + int (*notifier_call)(struct notifier_block *, unsigned long, void *); + struct notifier_block __rcu *next; + int priority; +-}; ++} __do_const; ++typedef struct notifier_block __no_const notifier_block_no_const; + struct atomic_notifier_head { + spinlock_t lock; diff --git a/include/linux/oprofile.h b/include/linux/oprofile.h index a4c5624..79d6d88 100644 --- a/include/linux/oprofile.h @@ -64669,11 +69295,25 @@ index a4c5624..79d6d88 100644 /** create a directory */ struct dentry * oprofilefs_mkdir(struct super_block * sb, struct dentry * root, +diff --git a/include/linux/pci_hotplug.h b/include/linux/pci_hotplug.h +index 45fc162..01a4068 100644 +--- a/include/linux/pci_hotplug.h ++++ b/include/linux/pci_hotplug.h +@@ -80,7 +80,8 @@ struct hotplug_slot_ops { + int (*get_attention_status) (struct hotplug_slot *slot, u8 *value); + int (*get_latch_status) (struct hotplug_slot *slot, u8 *value); + int (*get_adapter_status) (struct hotplug_slot *slot, u8 *value); +-}; ++} __do_const; ++typedef struct hotplug_slot_ops __no_const hotplug_slot_ops_no_const; + + /** + * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h -index bdb4161..f373d41 100644 +index 6bfb2faa..e5bc5e5 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h -@@ -882,8 +882,8 @@ struct perf_event { +@@ -328,8 +328,8 @@ struct perf_event { enum perf_event_active_state state; unsigned int attach_state; @@ -64684,7 +69324,7 @@ index bdb4161..f373d41 100644 /* * These are the total time in nanoseconds that the event -@@ -934,8 +934,8 @@ struct perf_event { +@@ -380,8 +380,8 @@ struct perf_event { * These accumulate total time (in nanoseconds) that children * events have been enabled and running, respectively. */ @@ -64695,18 +69335,15 @@ index bdb4161..f373d41 100644 /* * Protect attach/detach and child_list: -diff --git a/include/linux/personality.h b/include/linux/personality.h -index 8fc7dd1a..c19d89e 100644 ---- a/include/linux/personality.h -+++ b/include/linux/personality.h -@@ -44,6 +44,7 @@ enum { - #define PER_CLEAR_ON_SETID (READ_IMPLIES_EXEC | \ - ADDR_NO_RANDOMIZE | \ - ADDR_COMPAT_LAYOUT | \ -+ ADDR_LIMIT_3GB | \ - MMAP_PAGE_ZERO) - - /* +@@ -801,7 +801,7 @@ static inline void perf_event_task_tick(void) { } + */ + #define perf_cpu_notifier(fn) \ + do { \ +- static struct notifier_block fn##_nb __cpuinitdata = \ ++ static struct notifier_block fn##_nb = \ + { .notifier_call = fn, .priority = CPU_PRI_PERF }; \ + unsigned long cpu = smp_processor_id(); \ + unsigned long flags; \ diff --git a/include/linux/pipe_fs_i.h b/include/linux/pipe_fs_i.h index ad1a427..6419649 100644 --- a/include/linux/pipe_fs_i.h @@ -64724,6 +69361,45 @@ index ad1a427..6419649 100644 unsigned int r_counter; unsigned int w_counter; struct page *tmp_page; +diff --git a/include/linux/platform_data/usb-ehci-s5p.h b/include/linux/platform_data/usb-ehci-s5p.h +index 5f28cae..3d23723 100644 +--- a/include/linux/platform_data/usb-ehci-s5p.h ++++ b/include/linux/platform_data/usb-ehci-s5p.h +@@ -14,7 +14,7 @@ + struct s5p_ehci_platdata { + int (*phy_init)(struct platform_device *pdev, int type); + int (*phy_exit)(struct platform_device *pdev, int type); +-}; ++} __no_const; + + extern void s5p_ehci_set_platdata(struct s5p_ehci_platdata *pd); + +diff --git a/include/linux/platform_data/usb-exynos.h b/include/linux/platform_data/usb-exynos.h +index c256c59..8ea94c7 100644 +--- a/include/linux/platform_data/usb-exynos.h ++++ b/include/linux/platform_data/usb-exynos.h +@@ -14,7 +14,7 @@ + struct exynos4_ohci_platdata { + int (*phy_init)(struct platform_device *pdev, int type); + int (*phy_exit)(struct platform_device *pdev, int type); +-}; ++} __no_const; + + extern void exynos4_ohci_set_platdata(struct exynos4_ohci_platdata *pd); + +diff --git a/include/linux/pm_domain.h b/include/linux/pm_domain.h +index 7c1d252..c5c773e 100644 +--- a/include/linux/pm_domain.h ++++ b/include/linux/pm_domain.h +@@ -48,7 +48,7 @@ struct gpd_dev_ops { + + struct gpd_cpu_data { + unsigned int saved_exit_latency; +- struct cpuidle_state *idle_state; ++ cpuidle_state_no_const *idle_state; + }; + + struct generic_pm_domain { diff --git a/include/linux/pm_runtime.h b/include/linux/pm_runtime.h index f271860..6b3bec5 100644 --- a/include/linux/pm_runtime.h @@ -64737,6 +69413,19 @@ index f271860..6b3bec5 100644 } #else /* !CONFIG_PM_RUNTIME */ +diff --git a/include/linux/pnp.h b/include/linux/pnp.h +index 195aafc..49a7bc2 100644 +--- a/include/linux/pnp.h ++++ b/include/linux/pnp.h +@@ -297,7 +297,7 @@ static inline void pnp_set_drvdata(struct pnp_dev *pdev, void *data) + struct pnp_fixup { + char id[7]; + void (*quirk_function) (struct pnp_dev * dev); /* fixup function */ +-}; ++} __do_const; + + /* config parameters */ + #define PNP_CONFIG_NORMAL 0x0001 diff --git a/include/linux/poison.h b/include/linux/poison.h index 2110a81..13a11bb 100644 --- a/include/linux/poison.h @@ -64752,19 +69441,32 @@ index 2110a81..13a11bb 100644 /********** include/linux/timer.h **********/ /* -diff --git a/include/linux/preempt.h b/include/linux/preempt.h -index 5a710b9..0b0dab9 100644 ---- a/include/linux/preempt.h -+++ b/include/linux/preempt.h -@@ -126,7 +126,7 @@ struct preempt_ops { - void (*sched_in)(struct preempt_notifier *notifier, int cpu); - void (*sched_out)(struct preempt_notifier *notifier, - struct task_struct *next); +diff --git a/include/linux/power/smartreflex.h b/include/linux/power/smartreflex.h +index c0f44c2..1572583 100644 +--- a/include/linux/power/smartreflex.h ++++ b/include/linux/power/smartreflex.h +@@ -238,7 +238,7 @@ struct omap_sr_class_data { + int (*notify)(struct omap_sr *sr, u32 status); + u8 notify_flags; + u8 class_type; -}; -+} __no_const; ++} __do_const; /** - * preempt_notifier - key for installing preemption notifiers + * struct omap_sr_nvalue_table - Smartreflex n-target value info +diff --git a/include/linux/ppp-comp.h b/include/linux/ppp-comp.h +index 4ea1d37..80f4b33 100644 +--- a/include/linux/ppp-comp.h ++++ b/include/linux/ppp-comp.h +@@ -84,7 +84,7 @@ struct compressor { + struct module *owner; + /* Extra skb space needed by the compressor algorithm */ + unsigned int comp_extra; +-}; ++} __do_const; + + /* + * The return value from decompress routine is the length of the diff --git a/include/linux/printk.h b/include/linux/printk.h index 9afc01e..92c32e8 100644 --- a/include/linux/printk.h @@ -64787,10 +69489,10 @@ index 9afc01e..92c32e8 100644 void log_buf_kexec_setup(void); void __init setup_log_buf(int early); diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h -index 3fd2e87..d93a721 100644 +index 32676b3..8f7a182 100644 --- a/include/linux/proc_fs.h +++ b/include/linux/proc_fs.h -@@ -155,6 +155,18 @@ static inline struct proc_dir_entry *proc_create(const char *name, umode_t mode, +@@ -159,6 +159,18 @@ static inline struct proc_dir_entry *proc_create(const char *name, umode_t mode, return proc_create_data(name, mode, parent, proc_fops, NULL); } @@ -64809,54 +69511,75 @@ index 3fd2e87..d93a721 100644 static inline struct proc_dir_entry *create_proc_read_entry(const char *name, umode_t mode, struct proc_dir_entry *base, read_proc_t *read_proc, void * data) -@@ -258,7 +270,7 @@ union proc_op { - int (*proc_show)(struct seq_file *m, - struct pid_namespace *ns, struct pid *pid, - struct task_struct *task); --}; -+} __no_const; - - struct ctl_table_header; - struct ctl_table; diff --git a/include/linux/random.h b/include/linux/random.h -index ac621ce..c1215f3 100644 +index d984608..d6f0042 100644 --- a/include/linux/random.h +++ b/include/linux/random.h -@@ -53,6 +53,10 @@ extern void add_input_randomness(unsigned int type, unsigned int code, - unsigned int value); - extern void add_interrupt_randomness(int irq, int irq_flags); - -+#ifdef CONFIG_PAX_LATENT_ENTROPY -+extern void transfer_latent_entropy(void); -+#endif -+ - extern void get_random_bytes(void *buf, int nbytes); - extern void get_random_bytes_arch(void *buf, int nbytes); - void generate_random_uuid(unsigned char uuid_out[16]); -@@ -69,12 +73,17 @@ void srandom32(u32 seed); - - u32 prandom32(struct rnd_state *); +@@ -39,6 +39,11 @@ void prandom_seed(u32 seed); + u32 prandom_u32_state(struct rnd_state *); + void prandom_bytes_state(struct rnd_state *state, void *buf, int nbytes); +static inline unsigned long pax_get_random_long(void) +{ -+ return random32() + (sizeof(long) > 4 ? (unsigned long)random32() << 32 : 0); ++ return prandom_u32() + (sizeof(long) > 4 ? (unsigned long)prandom_u32() << 32 : 0); +} + /* * Handle minimum values for seeds */ - static inline u32 __seed(u32 x, u32 m) - { -- return (x < m) ? x + m : x; -+ return (x <= m) ? x + m + 1 : x; +diff --git a/include/linux/rculist.h b/include/linux/rculist.h +index c92dd28..08f4eab 100644 +--- a/include/linux/rculist.h ++++ b/include/linux/rculist.h +@@ -44,6 +44,9 @@ extern void __list_add_rcu(struct list_head *new, + struct list_head *prev, struct list_head *next); + #endif + ++extern void __pax_list_add_rcu(struct list_head *new, ++ struct list_head *prev, struct list_head *next); ++ + /** + * list_add_rcu - add a new entry to rcu-protected list + * @new: new entry to be added +@@ -65,6 +68,11 @@ static inline void list_add_rcu(struct list_head *new, struct list_head *head) + __list_add_rcu(new, head, head->next); + } + ++static inline void pax_list_add_rcu(struct list_head *new, struct list_head *head) ++{ ++ __pax_list_add_rcu(new, head, head->next); ++} ++ + /** + * list_add_tail_rcu - add a new entry to rcu-protected list + * @new: new entry to be added +@@ -87,6 +95,12 @@ static inline void list_add_tail_rcu(struct list_head *new, + __list_add_rcu(new, head->prev, head); } ++static inline void pax_list_add_tail_rcu(struct list_head *new, ++ struct list_head *head) ++{ ++ __pax_list_add_rcu(new, head->prev, head); ++} ++ /** + * list_del_rcu - deletes entry from list without re-initialization + * @entry: the element to delete from the list. +@@ -117,6 +131,8 @@ static inline void list_del_rcu(struct list_head *entry) + entry->prev = LIST_POISON2; + } + ++extern void pax_list_del_rcu(struct list_head *entry); ++ + /** + * hlist_del_init_rcu - deletes entry from hash list with re-initialization + * @n: the element to delete from the hash list. diff --git a/include/linux/reboot.h b/include/linux/reboot.h -index e0879a7..a12f962 100644 +index 23b3630..e1bc12b 100644 --- a/include/linux/reboot.h +++ b/include/linux/reboot.h -@@ -52,9 +52,9 @@ extern int unregister_reboot_notifier(struct notifier_block *); +@@ -18,9 +18,9 @@ extern int unregister_reboot_notifier(struct notifier_block *); * Architecture-specific implementations of sys_reboot commands. */ @@ -64869,7 +69592,7 @@ index e0879a7..a12f962 100644 extern void machine_shutdown(void); struct pt_regs; -@@ -65,9 +65,9 @@ extern void machine_crash_shutdown(struct pt_regs *); +@@ -31,9 +31,9 @@ extern void machine_crash_shutdown(struct pt_regs *); */ extern void kernel_restart_prepare(char *cmd); @@ -64882,7 +69605,7 @@ index e0879a7..a12f962 100644 extern int C_A_D; /* for sysctl */ void ctrl_alt_del(void); -@@ -81,7 +81,7 @@ extern int orderly_poweroff(bool force); +@@ -47,7 +47,7 @@ extern int orderly_poweroff(bool force); * Emergency restart, callable from an interrupt handler. */ @@ -64890,7 +69613,21 @@ index e0879a7..a12f962 100644 +extern void emergency_restart(void) __noreturn; #include <asm/emergency-restart.h> - #endif + #endif /* _LINUX_REBOOT_H */ +diff --git a/include/linux/regset.h b/include/linux/regset.h +index 8e0c9fe..ac4d221 100644 +--- a/include/linux/regset.h ++++ b/include/linux/regset.h +@@ -161,7 +161,8 @@ struct user_regset { + unsigned int align; + unsigned int bias; + unsigned int core_note_type; +-}; ++} __do_const; ++typedef struct user_regset __no_const user_regset_no_const; + + /** + * struct user_regset_view - available regsets diff --git a/include/linux/relay.h b/include/linux/relay.h index 91cacc3..b55ff74 100644 --- a/include/linux/relay.h @@ -64904,52 +69641,39 @@ index 91cacc3..b55ff74 100644 /* * CONFIG_RELAY kernel API, kernel/relay.c -diff --git a/include/linux/rfkill.h b/include/linux/rfkill.h -index 6fdf027..ff72610 100644 ---- a/include/linux/rfkill.h -+++ b/include/linux/rfkill.h -@@ -147,6 +147,7 @@ struct rfkill_ops { - void (*query)(struct rfkill *rfkill, void *data); - int (*set_block)(void *data, bool blocked); - }; -+typedef struct rfkill_ops __no_const rfkill_ops_no_const; - - #if defined(CONFIG_RFKILL) || defined(CONFIG_RFKILL_MODULE) - /** diff --git a/include/linux/rio.h b/include/linux/rio.h -index a90ebad..fd87b5d 100644 +index a3e7842..d973ca6 100644 --- a/include/linux/rio.h +++ b/include/linux/rio.h -@@ -321,7 +321,7 @@ struct rio_ops { - int mbox, void *buffer, size_t len); - int (*add_inb_buffer)(struct rio_mport *mport, int mbox, void *buf); - void *(*get_inb_message)(struct rio_mport *mport, int mbox); +@@ -339,7 +339,7 @@ struct rio_ops { + int (*map_inb)(struct rio_mport *mport, dma_addr_t lstart, + u64 rstart, u32 size, u32 flags); + void (*unmap_inb)(struct rio_mport *mport, dma_addr_t lstart); -}; +} __no_const; #define RIO_RESOURCE_MEM 0x00000100 #define RIO_RESOURCE_DOORBELL 0x00000200 diff --git a/include/linux/rmap.h b/include/linux/rmap.h -index 3fce545..b4fed6e 100644 +index c20635c..2f5def4 100644 --- a/include/linux/rmap.h +++ b/include/linux/rmap.h -@@ -119,9 +119,9 @@ static inline void anon_vma_unlock(struct anon_vma *anon_vma) +@@ -145,8 +145,8 @@ static inline void anon_vma_unlock_read(struct anon_vma *anon_vma) void anon_vma_init(void); /* create anon_vma_cachep */ int anon_vma_prepare(struct vm_area_struct *); void unlink_anon_vmas(struct vm_area_struct *); -int anon_vma_clone(struct vm_area_struct *, struct vm_area_struct *); -+int anon_vma_clone(struct vm_area_struct *, const struct vm_area_struct *); - void anon_vma_moveto_tail(struct vm_area_struct *); -int anon_vma_fork(struct vm_area_struct *, struct vm_area_struct *); ++int anon_vma_clone(struct vm_area_struct *, const struct vm_area_struct *); +int anon_vma_fork(struct vm_area_struct *, const struct vm_area_struct *); static inline void anon_vma_merge(struct vm_area_struct *vma, struct vm_area_struct *next) diff --git a/include/linux/sched.h b/include/linux/sched.h -index d2bbc12..b1d1f0a 100644 +index d211247..a5cbf38b 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h -@@ -101,6 +101,7 @@ struct bio_list; +@@ -61,6 +61,7 @@ struct bio_list; struct fs_struct; struct perf_event_context; struct blk_plug; @@ -64957,7 +69681,7 @@ index d2bbc12..b1d1f0a 100644 /* * List of flags we want to share for kernel threads, -@@ -384,10 +385,13 @@ struct user_namespace; +@@ -354,10 +355,23 @@ struct user_namespace; #define DEFAULT_MAX_MAP_COUNT (USHRT_MAX - MAPCOUNT_ELF_CORE_MARGIN) extern int sysctl_max_map_count; @@ -64966,12 +69690,22 @@ index d2bbc12..b1d1f0a 100644 #include <linux/aio.h> #ifdef CONFIG_MMU -+extern bool check_heap_stack_gap(const struct vm_area_struct *vma, unsigned long addr, unsigned long len); -+extern unsigned long skip_heap_stack_gap(const struct vm_area_struct *vma, unsigned long len); ++ ++#ifdef CONFIG_GRKERNSEC_RAND_THREADSTACK ++extern unsigned long gr_rand_threadstack_offset(const struct mm_struct *mm, const struct file *filp, unsigned long flags); ++#else ++static inline unsigned long gr_rand_threadstack_offset(const struct mm_struct *mm, const struct file *filp, unsigned long flags) ++{ ++ return 0; ++} ++#endif ++ ++extern bool check_heap_stack_gap(const struct vm_area_struct *vma, unsigned long addr, unsigned long len, unsigned long offset); ++extern unsigned long skip_heap_stack_gap(const struct vm_area_struct *vma, unsigned long len, unsigned long offset); extern void arch_pick_mmap_layout(struct mm_struct *mm); extern unsigned long arch_get_unmapped_area(struct file *, unsigned long, unsigned long, -@@ -651,6 +655,17 @@ struct signal_struct { +@@ -639,6 +653,17 @@ struct signal_struct { #ifdef CONFIG_TASKSTATS struct taskstats *stats; #endif @@ -64989,7 +69723,7 @@ index d2bbc12..b1d1f0a 100644 #ifdef CONFIG_AUDIT unsigned audit_tty; struct tty_audit_buf *tty_audit_buf; -@@ -734,6 +749,11 @@ struct user_struct { +@@ -717,6 +742,11 @@ struct user_struct { struct key *session_keyring; /* UID's default session keyring */ #endif @@ -65001,7 +69735,16 @@ index d2bbc12..b1d1f0a 100644 /* Hash table maintenance information */ struct hlist_node uidhash_node; kuid_t uid; -@@ -1356,8 +1376,8 @@ struct task_struct { +@@ -1116,7 +1146,7 @@ struct sched_class { + #ifdef CONFIG_FAIR_GROUP_SCHED + void (*task_move_group) (struct task_struct *p, int on_rq); + #endif +-}; ++} __do_const; + + struct load_weight { + unsigned long weight, inv_weight; +@@ -1360,8 +1390,8 @@ struct task_struct { struct list_head thread_group; struct completion *vfork_done; /* for vfork() */ @@ -65012,7 +69755,7 @@ index d2bbc12..b1d1f0a 100644 cputime_t utime, stime, utimescaled, stimescaled; cputime_t gtime; -@@ -1373,11 +1393,6 @@ struct task_struct { +@@ -1377,11 +1407,6 @@ struct task_struct { struct task_cputime cputime_expires; struct list_head cpu_timers[3]; @@ -65024,7 +69767,7 @@ index d2bbc12..b1d1f0a 100644 char comm[TASK_COMM_LEN]; /* executable name excluding path - access with [gs]et_task_comm (which lock it with task_lock()) -@@ -1394,6 +1409,10 @@ struct task_struct { +@@ -1398,6 +1423,10 @@ struct task_struct { #endif /* CPU-specific state of this task */ struct thread_struct thread; @@ -65035,7 +69778,7 @@ index d2bbc12..b1d1f0a 100644 /* filesystem information */ struct fs_struct *fs; /* open file information */ -@@ -1467,6 +1486,10 @@ struct task_struct { +@@ -1471,6 +1500,10 @@ struct task_struct { gfp_t lockdep_reclaim_gfp; #endif @@ -65046,7 +69789,7 @@ index d2bbc12..b1d1f0a 100644 /* journalling filesystem info */ void *journal_info; -@@ -1505,6 +1528,10 @@ struct task_struct { +@@ -1509,6 +1542,10 @@ struct task_struct { /* cg_list protected by css_set_lock and tsk->alloc_lock */ struct list_head cg_list; #endif @@ -65057,7 +69800,7 @@ index d2bbc12..b1d1f0a 100644 #ifdef CONFIG_FUTEX struct robust_list_head __user *robust_list; #ifdef CONFIG_COMPAT -@@ -1589,8 +1616,75 @@ struct task_struct { +@@ -1605,8 +1642,74 @@ struct task_struct { #ifdef CONFIG_UPROBES struct uprobe_task *utask; #endif @@ -65128,12 +69871,20 @@ index d2bbc12..b1d1f0a 100644 +extern void pax_report_fault(struct pt_regs *regs, void *pc, void *sp); +extern void pax_report_insns(struct pt_regs *regs, void *pc, void *sp); +extern void pax_report_refcount_overflow(struct pt_regs *regs); -+extern void check_object_size(const void *ptr, unsigned long n, bool to); + /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) -@@ -2125,7 +2219,9 @@ void yield(void); +@@ -1696,7 +1799,7 @@ struct pid_namespace; + pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type, + struct pid_namespace *ns); + +-static inline pid_t task_pid_nr(struct task_struct *tsk) ++static inline pid_t task_pid_nr(const struct task_struct *tsk) + { + return tsk->pid; + } +@@ -2155,7 +2258,9 @@ void yield(void); extern struct exec_domain default_exec_domain; union thread_union { @@ -65143,7 +69894,7 @@ index d2bbc12..b1d1f0a 100644 unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -2158,6 +2254,7 @@ extern struct pid_namespace init_pid_ns; +@@ -2188,6 +2293,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -65151,16 +69902,16 @@ index d2bbc12..b1d1f0a 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2314,7 +2411,7 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2344,7 +2450,7 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); -extern void do_group_exit(int); +extern __noreturn void do_group_exit(int); - extern void daemonize(const char *, ...); extern int allow_signal(int); -@@ -2515,9 +2612,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) + extern int disallow_signal(int); +@@ -2545,9 +2651,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) #endif @@ -65172,22 +69923,8 @@ index d2bbc12..b1d1f0a 100644 return (obj >= stack) && (obj < (stack + THREAD_SIZE)); } -diff --git a/include/linux/screen_info.h b/include/linux/screen_info.h -index 899fbb4..1cb4138 100644 ---- a/include/linux/screen_info.h -+++ b/include/linux/screen_info.h -@@ -43,7 +43,8 @@ struct screen_info { - __u16 pages; /* 0x32 */ - __u16 vesa_attributes; /* 0x34 */ - __u32 capabilities; /* 0x36 */ -- __u8 _reserved[6]; /* 0x3a */ -+ __u16 vesapm_size; /* 0x3a */ -+ __u8 _reserved[4]; /* 0x3c */ - } __attribute__((packed)); - - #define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */ diff --git a/include/linux/security.h b/include/linux/security.h -index d143b8e..9f27b95 100644 +index eee7478..290f7ba 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -26,6 +26,7 @@ @@ -65199,20 +69936,20 @@ index d143b8e..9f27b95 100644 struct linux_binprm; struct cred; diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h -index 83c44ee..e8a9eba 100644 +index 68a04a3..866e6a1 100644 --- a/include/linux/seq_file.h +++ b/include/linux/seq_file.h -@@ -25,6 +25,9 @@ struct seq_file { +@@ -26,6 +26,9 @@ struct seq_file { struct mutex lock; const struct seq_operations *op; int poll_event; +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP + u64 exec_id; +#endif - void *private; - }; - -@@ -34,6 +37,7 @@ struct seq_operations { + #ifdef CONFIG_USER_NS + struct user_namespace *user_ns; + #endif +@@ -38,6 +41,7 @@ struct seq_operations { void * (*next) (struct seq_file *m, void *v, loff_t *pos); int (*show) (struct seq_file *m, void *v); }; @@ -65221,10 +69958,10 @@ index 83c44ee..e8a9eba 100644 #define SEQ_SKIP 1 diff --git a/include/linux/shm.h b/include/linux/shm.h -index edd0868..f98feee 100644 +index 429c199..4d42e38 100644 --- a/include/linux/shm.h +++ b/include/linux/shm.h -@@ -98,6 +98,10 @@ struct shmid_kernel /* private to the kernel */ +@@ -21,6 +21,10 @@ struct shmid_kernel /* private to the kernel */ /* The task created the shm object. NULL if the task is dead. */ struct task_struct *shm_creator; @@ -65236,10 +69973,10 @@ index edd0868..f98feee 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index f3165d2..2cb3cb7 100644 +index 320e976..fd52553 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -577,7 +577,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, +@@ -590,7 +590,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, extern struct sk_buff *__alloc_skb(unsigned int size, gfp_t priority, int flags, int node); extern struct sk_buff *build_skb(void *data, unsigned int frag_size); @@ -65248,7 +69985,7 @@ index f3165d2..2cb3cb7 100644 gfp_t priority) { return __alloc_skb(size, priority, 0, NUMA_NO_NODE); -@@ -687,7 +687,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb) +@@ -700,7 +700,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb) */ static inline int skb_queue_empty(const struct sk_buff_head *list) { @@ -65257,7 +69994,7 @@ index f3165d2..2cb3cb7 100644 } /** -@@ -700,7 +700,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list) +@@ -713,7 +713,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list) static inline bool skb_queue_is_last(const struct sk_buff_head *list, const struct sk_buff *skb) { @@ -65266,7 +70003,7 @@ index f3165d2..2cb3cb7 100644 } /** -@@ -713,7 +713,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list, +@@ -726,7 +726,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list, static inline bool skb_queue_is_first(const struct sk_buff_head *list, const struct sk_buff *skb) { @@ -65275,7 +70012,7 @@ index f3165d2..2cb3cb7 100644 } /** -@@ -1623,7 +1623,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) +@@ -1722,7 +1722,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) */ #ifndef NET_SKB_PAD @@ -65284,7 +70021,7 @@ index f3165d2..2cb3cb7 100644 #endif extern int ___pskb_trim(struct sk_buff *skb, unsigned int len); -@@ -2201,7 +2201,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, +@@ -2300,7 +2300,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, int noblock, int *err); extern unsigned int datagram_poll(struct file *file, struct socket *sock, struct poll_table_struct *wait); @@ -65294,13 +70031,14 @@ index f3165d2..2cb3cb7 100644 int size); extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, diff --git a/include/linux/slab.h b/include/linux/slab.h -index 0dd2dfa..2b8677c 100644 +index 5d168d7..720bff3 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h -@@ -11,12 +11,20 @@ - +@@ -12,13 +12,20 @@ #include <linux/gfp.h> #include <linux/types.h> + #include <linux/workqueue.h> +- +#include <linux/err.h> /* @@ -65318,7 +70056,7 @@ index 0dd2dfa..2b8677c 100644 #define SLAB_RED_ZONE 0x00000400UL /* DEBUG: Red zone objs in a cache */ #define SLAB_POISON 0x00000800UL /* DEBUG: Poison objects */ #define SLAB_HWCACHE_ALIGN 0x00002000UL /* Align objs on cache lines */ -@@ -87,10 +95,13 @@ +@@ -89,10 +96,13 @@ * ZERO_SIZE_PTR can be passed to kfree though in the same way that NULL can. * Both make kfree a no-op. */ @@ -65335,38 +70073,64 @@ index 0dd2dfa..2b8677c 100644 /* * Common fields provided in kmem_cache by all slab allocators -@@ -185,6 +196,8 @@ void * __must_check krealloc(const void *, size_t, gfp_t); +@@ -112,7 +122,7 @@ struct kmem_cache { + unsigned int align; /* Alignment as calculated */ + unsigned long flags; /* Active flags on the slab */ + const char *name; /* Slab name for sysfs */ +- int refcount; /* Use counter */ ++ atomic_t refcount; /* Use counter */ + void (*ctor)(void *); /* Called on object slot creation */ + struct list_head list; /* List of all slab caches on the system */ + }; +@@ -232,6 +242,8 @@ void * __must_check krealloc(const void *, size_t, gfp_t); void kfree(const void *); void kzfree(const void *); size_t ksize(const void *); -+const char *check_heap_object(const void *ptr, unsigned long n, bool to); ++const char *check_heap_object(const void *ptr, unsigned long n); +bool is_usercopy_object(const void *ptr); /* * Allocator specific definitions. These are mainly used to establish optimized -@@ -322,7 +335,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, +@@ -311,6 +323,7 @@ size_t ksize(const void *); + * for general use, and so are not documented here. For a full list of + * potential flags, always refer to linux/gfp.h. */ ++ + static inline void *kmalloc_array(size_t n, size_t size, gfp_t flags) + { + if (size != 0 && n > SIZE_MAX / size) +@@ -370,7 +383,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ - (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) + (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) || \ + (defined(CONFIG_SLOB) && defined(CONFIG_TRACING)) -extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); +extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long) __size_overflow(1); #define kmalloc_track_caller(size, flags) \ __kmalloc_track_caller(size, flags, _RET_IP_) #else -@@ -341,7 +354,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); - */ +@@ -390,7 +403,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ - (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) + (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) || \ + (defined(CONFIG_SLOB) && defined(CONFIG_TRACING)) -extern void *__kmalloc_node_track_caller(size_t, gfp_t, int, unsigned long); +extern void *__kmalloc_node_track_caller(size_t, gfp_t, int, unsigned long) __size_overflow(1); #define kmalloc_node_track_caller(size, flags, node) \ __kmalloc_node_track_caller(size, flags, node, \ _RET_IP_) diff --git a/include/linux/slab_def.h b/include/linux/slab_def.h -index 0c634fa..8616300 100644 +index 8bb6e0e..8eb0dbe 100644 --- a/include/linux/slab_def.h +++ b/include/linux/slab_def.h -@@ -69,10 +69,10 @@ struct kmem_cache { +@@ -52,7 +52,7 @@ struct kmem_cache { + /* 4) cache creation/removal */ + const char *name; + struct list_head list; +- int refcount; ++ atomic_t refcount; + int object_size; + int align; + +@@ -68,10 +68,10 @@ struct kmem_cache { unsigned long node_allocs; unsigned long node_frees; unsigned long node_overflow; @@ -65381,7 +70145,7 @@ index 0c634fa..8616300 100644 /* * If debugging is enabled, then the allocator can add additional -@@ -105,11 +105,16 @@ struct cache_sizes { +@@ -111,11 +111,16 @@ struct cache_sizes { #ifdef CONFIG_ZONE_DMA struct kmem_cache *cs_dmacachep; #endif @@ -65398,7 +70162,7 @@ index 0c634fa..8616300 100644 +void *__kmalloc(size_t size, gfp_t flags) __size_overflow(1); #ifdef CONFIG_TRACING - extern void *kmem_cache_alloc_trace(size_t size, + extern void *kmem_cache_alloc_trace(struct kmem_cache *, gfp_t, size_t); @@ -152,6 +157,13 @@ found: cachep = malloc_sizes[i].cs_dmacachep; else @@ -65412,7 +70176,7 @@ index 0c634fa..8616300 100644 + cachep = malloc_sizes[i].cs_cachep; - ret = kmem_cache_alloc_trace(size, cachep, flags); + ret = kmem_cache_alloc_trace(cachep, flags, size); @@ -162,7 +174,7 @@ found: } @@ -65435,13 +70199,13 @@ index 0c634fa..8616300 100644 + cachep = malloc_sizes[i].cs_cachep; - return kmem_cache_alloc_node_trace(size, cachep, flags, node); + return kmem_cache_alloc_node_trace(cachep, flags, node, size); diff --git a/include/linux/slob_def.h b/include/linux/slob_def.h -index 0ec00b3..22b4715 100644 +index f28e14a..7831211 100644 --- a/include/linux/slob_def.h +++ b/include/linux/slob_def.h -@@ -9,7 +9,7 @@ static __always_inline void *kmem_cache_alloc(struct kmem_cache *cachep, - return kmem_cache_alloc_node(cachep, flags, -1); +@@ -11,7 +11,7 @@ static __always_inline void *kmem_cache_alloc(struct kmem_cache *cachep, + return kmem_cache_alloc_node(cachep, flags, NUMA_NO_NODE); } -void *__kmalloc_node(size_t size, gfp_t flags, int node); @@ -65449,8 +70213,8 @@ index 0ec00b3..22b4715 100644 static __always_inline void *kmalloc_node(size_t size, gfp_t flags, int node) { -@@ -29,7 +29,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) - return __kmalloc_node(size, flags, -1); +@@ -31,7 +31,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) + return __kmalloc_node(size, flags, NUMA_NO_NODE); } -static __always_inline void *__kmalloc(size_t size, gfp_t flags) @@ -65459,7 +70223,7 @@ index 0ec00b3..22b4715 100644 return kmalloc(size, flags); } diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h -index df448ad..b99e7f6 100644 +index 9db4825..ed42fb5 100644 --- a/include/linux/slub_def.h +++ b/include/linux/slub_def.h @@ -91,7 +91,7 @@ struct kmem_cache { @@ -65471,7 +70235,7 @@ index df448ad..b99e7f6 100644 void (*ctor)(void *); int inuse; /* Offset to metadata */ int align; /* Alignment */ -@@ -152,7 +152,7 @@ extern struct kmem_cache *kmalloc_caches[SLUB_PAGE_SHIFT]; +@@ -156,7 +156,7 @@ extern struct kmem_cache *kmalloc_caches[SLUB_PAGE_SHIFT]; * Sorry that the following has to be that ugly but some versions of GCC * have trouble with constant propagation and loops. */ @@ -65480,7 +70244,7 @@ index df448ad..b99e7f6 100644 { if (!size) return 0; -@@ -217,7 +217,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size) +@@ -221,7 +221,7 @@ static __always_inline struct kmem_cache *kmalloc_slab(size_t size) } void *kmem_cache_alloc(struct kmem_cache *, gfp_t); @@ -65489,7 +70253,7 @@ index df448ad..b99e7f6 100644 static __always_inline void * kmalloc_order(size_t size, gfp_t flags, unsigned int order) -@@ -258,7 +258,7 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) +@@ -265,7 +265,7 @@ kmalloc_order_trace(size_t size, gfp_t flags, unsigned int order) } #endif @@ -65498,7 +70262,7 @@ index df448ad..b99e7f6 100644 { unsigned int order = get_order(size); return kmalloc_order_trace(size, flags, order); -@@ -283,7 +283,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) +@@ -290,7 +290,7 @@ static __always_inline void *kmalloc(size_t size, gfp_t flags) } #ifdef CONFIG_NUMA @@ -65507,12 +70271,25 @@ index df448ad..b99e7f6 100644 void *kmem_cache_alloc_node(struct kmem_cache *, gfp_t flags, int node); #ifdef CONFIG_TRACING +diff --git a/include/linux/sock_diag.h b/include/linux/sock_diag.h +index e8d702e..0a56eb4 100644 +--- a/include/linux/sock_diag.h ++++ b/include/linux/sock_diag.h +@@ -10,7 +10,7 @@ struct sock; + struct sock_diag_handler { + __u8 family; + int (*dump)(struct sk_buff *skb, struct nlmsghdr *nlh); +-}; ++} __do_const; + + int sock_diag_register(const struct sock_diag_handler *h); + void sock_diag_unregister(const struct sock_diag_handler *h); diff --git a/include/linux/sonet.h b/include/linux/sonet.h -index de8832d..0147b46 100644 +index 680f9a3..f13aeb0 100644 --- a/include/linux/sonet.h +++ b/include/linux/sonet.h -@@ -61,7 +61,7 @@ struct sonet_stats { - #include <linux/atomic.h> +@@ -7,7 +7,7 @@ + #include <uapi/linux/sonet.h> struct k_sonet_stats { -#define __HANDLE_ITEM(i) atomic_t i @@ -65521,10 +70298,19 @@ index de8832d..0147b46 100644 #undef __HANDLE_ITEM }; diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h -index 523547e..2cb7140 100644 +index 34206b8..3db7f1c 100644 --- a/include/linux/sunrpc/clnt.h +++ b/include/linux/sunrpc/clnt.h -@@ -174,9 +174,9 @@ static inline unsigned short rpc_get_port(const struct sockaddr *sap) +@@ -96,7 +96,7 @@ struct rpc_procinfo { + unsigned int p_timer; /* Which RTT timer to use */ + u32 p_statidx; /* Which procedure to account */ + const char * p_name; /* name of procedure */ +-}; ++} __do_const; + + #ifdef __KERNEL__ + +@@ -176,9 +176,9 @@ static inline unsigned short rpc_get_port(const struct sockaddr *sap) { switch (sap->sa_family) { case AF_INET: @@ -65536,7 +70322,7 @@ index 523547e..2cb7140 100644 } return 0; } -@@ -209,7 +209,7 @@ static inline bool __rpc_cmp_addr4(const struct sockaddr *sap1, +@@ -211,7 +211,7 @@ static inline bool __rpc_cmp_addr4(const struct sockaddr *sap1, static inline bool __rpc_copy_addr4(struct sockaddr *dst, const struct sockaddr *src) { @@ -65545,7 +70331,7 @@ index 523547e..2cb7140 100644 struct sockaddr_in *dsin = (struct sockaddr_in *) dst; dsin->sin_family = ssin->sin_family; -@@ -312,7 +312,7 @@ static inline u32 rpc_get_scope_id(const struct sockaddr *sa) +@@ -314,7 +314,7 @@ static inline u32 rpc_get_scope_id(const struct sockaddr *sa) if (sa->sa_family != AF_INET6) return 0; @@ -65554,18 +70340,19 @@ index 523547e..2cb7140 100644 } #endif /* __KERNEL__ */ -diff --git a/include/linux/sunrpc/sched.h b/include/linux/sunrpc/sched.h -index dc0c3cc..8503fb6 100644 ---- a/include/linux/sunrpc/sched.h -+++ b/include/linux/sunrpc/sched.h -@@ -106,6 +106,7 @@ struct rpc_call_ops { - void (*rpc_count_stats)(struct rpc_task *, void *); - void (*rpc_release)(void *); - }; -+typedef struct rpc_call_ops __no_const rpc_call_ops_no_const; +diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h +index 676ddf5..4c519a1 100644 +--- a/include/linux/sunrpc/svc.h ++++ b/include/linux/sunrpc/svc.h +@@ -410,7 +410,7 @@ struct svc_procedure { + unsigned int pc_count; /* call count */ + unsigned int pc_cachetype; /* cache info (NFS) */ + unsigned int pc_xdrressize; /* maximum size of XDR reply */ +-}; ++} __do_const; - struct rpc_task_setup { - struct rpc_task *task; + /* + * Function prototypes. diff --git a/include/linux/sunrpc/svc_rdma.h b/include/linux/sunrpc/svc_rdma.h index 0b8e3e6..33e0a01 100644 --- a/include/linux/sunrpc/svc_rdma.h @@ -65595,24 +70382,58 @@ index 0b8e3e6..33e0a01 100644 #define RPCRDMA_VERSION 1 +diff --git a/include/linux/sunrpc/svcauth.h b/include/linux/sunrpc/svcauth.h +index dd74084a..7f509d5 100644 +--- a/include/linux/sunrpc/svcauth.h ++++ b/include/linux/sunrpc/svcauth.h +@@ -109,7 +109,7 @@ struct auth_ops { + int (*release)(struct svc_rqst *rq); + void (*domain_release)(struct auth_domain *); + int (*set_client)(struct svc_rqst *rq); +-}; ++} __do_const; + + #define SVC_GARBAGE 1 + #define SVC_SYSERR 2 +diff --git a/include/linux/swiotlb.h b/include/linux/swiotlb.h +index 071d62c..4ccc7ac 100644 +--- a/include/linux/swiotlb.h ++++ b/include/linux/swiotlb.h +@@ -59,7 +59,8 @@ extern void + + extern void + swiotlb_free_coherent(struct device *hwdev, size_t size, +- void *vaddr, dma_addr_t dma_handle); ++ void *vaddr, dma_addr_t dma_handle, ++ struct dma_attrs *attrs); + + extern dma_addr_t swiotlb_map_page(struct device *dev, struct page *page, + unsigned long offset, size_t size, +diff --git a/include/linux/syscore_ops.h b/include/linux/syscore_ops.h +index 27b3b0b..e093dd9 100644 +--- a/include/linux/syscore_ops.h ++++ b/include/linux/syscore_ops.h +@@ -16,7 +16,7 @@ struct syscore_ops { + int (*suspend)(void); + void (*resume)(void); + void (*shutdown)(void); +-}; ++} __do_const; + + extern void register_syscore_ops(struct syscore_ops *ops); + extern void unregister_syscore_ops(struct syscore_ops *ops); diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h -index c34b4c8..a65b67d 100644 +index 14a8ff2..af52bad 100644 --- a/include/linux/sysctl.h +++ b/include/linux/sysctl.h -@@ -155,7 +155,11 @@ enum - KERN_PANIC_ON_NMI=76, /* int: whether we will panic on an unrecovered */ - }; +@@ -34,13 +34,13 @@ struct ctl_table_root; + struct ctl_table_header; + struct ctl_dir; +-typedef struct ctl_table ctl_table; - -+#ifdef CONFIG_PAX_SOFTMODE -+enum { -+ PAX_SOFTMODE=1 /* PaX: disable/enable soft mode */ -+}; -+#endif - - /* CTL_VM names: */ - enum -@@ -948,6 +952,8 @@ typedef int proc_handler (struct ctl_table *ctl, int write, + typedef int proc_handler (struct ctl_table *ctl, int write, + void __user *buffer, size_t *lenp, loff_t *ppos); extern int proc_dostring(struct ctl_table *, int, void __user *, size_t *, loff_t *); @@ -65621,11 +70442,100 @@ index c34b4c8..a65b67d 100644 extern int proc_dointvec(struct ctl_table *, int, void __user *, size_t *, loff_t *); extern int proc_dointvec_minmax(struct ctl_table *, int, +@@ -115,7 +115,9 @@ struct ctl_table + struct ctl_table_poll *poll; + void *extra1; + void *extra2; +-}; ++} __do_const; ++typedef struct ctl_table __no_const ctl_table_no_const; ++typedef struct ctl_table ctl_table; + + struct ctl_node { + struct rb_node node; +diff --git a/include/linux/sysfs.h b/include/linux/sysfs.h +index 381f06d..dc16cc7 100644 +--- a/include/linux/sysfs.h ++++ b/include/linux/sysfs.h +@@ -31,7 +31,8 @@ struct attribute { + struct lock_class_key *key; + struct lock_class_key skey; + #endif +-}; ++} __do_const; ++typedef struct attribute __no_const attribute_no_const; + + /** + * sysfs_attr_init - initialize a dynamically allocated sysfs attribute +@@ -59,8 +60,8 @@ struct attribute_group { + umode_t (*is_visible)(struct kobject *, + struct attribute *, int); + struct attribute **attrs; +-}; +- ++} __do_const; ++typedef struct attribute_group __no_const attribute_group_no_const; + + + /** +@@ -107,7 +108,8 @@ struct bin_attribute { + char *, loff_t, size_t); + int (*mmap)(struct file *, struct kobject *, struct bin_attribute *attr, + struct vm_area_struct *vma); +-}; ++} __do_const; ++typedef struct bin_attribute __no_const bin_attribute_no_const; + + /** + * sysfs_bin_attr_init - initialize a dynamically allocated bin_attribute +diff --git a/include/linux/sysrq.h b/include/linux/sysrq.h +index 7faf933..4657127 100644 +--- a/include/linux/sysrq.h ++++ b/include/linux/sysrq.h +@@ -15,7 +15,9 @@ + #define _LINUX_SYSRQ_H + + #include <linux/errno.h> ++#include <linux/compiler.h> + #include <linux/types.h> ++#include <linux/compiler.h> + + /* Enable/disable SYSRQ support by default (0==no, 1==yes). */ + #define SYSRQ_DEFAULT_ENABLE 1 +@@ -36,7 +38,7 @@ struct sysrq_key_op { + char *help_msg; + char *action_msg; + int enable_mask; +-}; ++} __do_const; + + #ifdef CONFIG_MAGIC_SYSRQ + +diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h +index e7e0473..39b7b52 100644 +--- a/include/linux/thread_info.h ++++ b/include/linux/thread_info.h +@@ -148,6 +148,15 @@ static inline bool test_and_clear_restore_sigmask(void) + #error "no set_restore_sigmask() provided and default one won't work" + #endif + ++extern void __check_object_size(const void *ptr, unsigned long n, bool to); ++static inline void check_object_size(const void *ptr, unsigned long n, bool to) ++{ ++#ifndef CONFIG_PAX_USERCOPY_DEBUG ++ if (!__builtin_constant_p(n)) ++#endif ++ __check_object_size(ptr, n, to); ++} ++ + #endif /* __KERNEL__ */ + + #endif /* _LINUX_THREAD_INFO_H */ diff --git a/include/linux/tty.h b/include/linux/tty.h -index 9f47ab5..73da944 100644 +index 8db1b56..c16a040 100644 --- a/include/linux/tty.h +++ b/include/linux/tty.h -@@ -225,7 +225,7 @@ struct tty_port { +@@ -194,7 +194,7 @@ struct tty_port { const struct tty_port_operations *ops; /* Port operations */ spinlock_t lock; /* Lock protecting tty field */ int blocked_open; /* Waiting to open */ @@ -65634,7 +70544,7 @@ index 9f47ab5..73da944 100644 wait_queue_head_t open_wait; /* Open waiters */ wait_queue_head_t close_wait; /* Close waiters */ wait_queue_head_t delta_msr_wait; /* Modem status change */ -@@ -525,7 +525,7 @@ extern int tty_port_open(struct tty_port *port, +@@ -490,7 +490,7 @@ extern int tty_port_open(struct tty_port *port, struct tty_struct *tty, struct file *filp); static inline int tty_port_users(struct tty_port *port) { @@ -65643,6 +70553,19 @@ index 9f47ab5..73da944 100644 } extern int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc); +diff --git a/include/linux/tty_driver.h b/include/linux/tty_driver.h +index dd976cf..e272742 100644 +--- a/include/linux/tty_driver.h ++++ b/include/linux/tty_driver.h +@@ -284,7 +284,7 @@ struct tty_operations { + void (*poll_put_char)(struct tty_driver *driver, int line, char ch); + #endif + const struct file_operations *proc_fops; +-}; ++} __do_const; + + struct tty_driver { + int magic; /* magic number for this structure */ diff --git a/include/linux/tty_ldisc.h b/include/linux/tty_ldisc.h index fb79dd8d..07d4773 100644 --- a/include/linux/tty_ldisc.h @@ -65657,10 +70580,10 @@ index fb79dd8d..07d4773 100644 struct tty_ldisc { diff --git a/include/linux/types.h b/include/linux/types.h -index bf0dd75..a1f23aaa 100644 +index 4d118ba..c3ee9bf 100644 --- a/include/linux/types.h +++ b/include/linux/types.h -@@ -220,10 +220,26 @@ typedef struct { +@@ -176,10 +176,26 @@ typedef struct { int counter; } atomic_t; @@ -65706,6 +70629,20 @@ index 5ca0951..ab496a5 100644 ret; \ }) +diff --git a/include/linux/uidgid.h b/include/linux/uidgid.h +index 8e522cbc..aa8572d 100644 +--- a/include/linux/uidgid.h ++++ b/include/linux/uidgid.h +@@ -197,4 +197,9 @@ static inline bool kgid_has_mapping(struct user_namespace *ns, kgid_t gid) + + #endif /* CONFIG_USER_NS */ + ++#define GR_GLOBAL_UID(x) from_kuid_munged(&init_user_ns, (x)) ++#define GR_GLOBAL_GID(x) from_kgid_munged(&init_user_ns, (x)) ++#define gr_is_global_root(x) uid_eq((x), GLOBAL_ROOT_UID) ++#define gr_is_global_nonroot(x) (!uid_eq((x), GLOBAL_ROOT_UID)) ++ + #endif /* _LINUX_UIDGID_H */ diff --git a/include/linux/unaligned/access_ok.h b/include/linux/unaligned/access_ok.h index 99c1b4d..bb94261 100644 --- a/include/linux/unaligned/access_ok.h @@ -65750,11 +70687,11 @@ index 99c1b4d..bb94261 100644 static inline void put_unaligned_le16(u16 val, void *p) diff --git a/include/linux/usb.h b/include/linux/usb.h -index 30d1ae3..aecd07e 100644 +index 4d22d0f..ac43c2f 100644 --- a/include/linux/usb.h +++ b/include/linux/usb.h -@@ -546,7 +546,7 @@ struct usb_device { - struct usb_device **children; +@@ -554,7 +554,7 @@ struct usb_device { + int maxchild; u32 quirks; - atomic_t urbnum; @@ -65763,7 +70700,7 @@ index 30d1ae3..aecd07e 100644 unsigned long active_duration; diff --git a/include/linux/usb/renesas_usbhs.h b/include/linux/usb/renesas_usbhs.h -index c5d36c6..8478c90 100644 +index c5d36c6..108f4f9 100644 --- a/include/linux/usb/renesas_usbhs.h +++ b/include/linux/usb/renesas_usbhs.h @@ -39,7 +39,7 @@ enum { @@ -65775,15 +70712,42 @@ index c5d36c6..8478c90 100644 /* * callback functions for platform -@@ -97,7 +97,7 @@ struct renesas_usbhs_platform_callback { - * VBUS control is needed for Host - */ - int (*set_vbus)(struct platform_device *pdev, int enable); --}; -+} __no_const; - - /* - * parameters for renesas usbhs +diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h +index b9bd2e6..4ce0093 100644 +--- a/include/linux/user_namespace.h ++++ b/include/linux/user_namespace.h +@@ -21,7 +21,7 @@ struct user_namespace { + struct uid_gid_map uid_map; + struct uid_gid_map gid_map; + struct uid_gid_map projid_map; +- struct kref kref; ++ atomic_t count; + struct user_namespace *parent; + kuid_t owner; + kgid_t group; +@@ -35,18 +35,18 @@ extern struct user_namespace init_user_ns; + static inline struct user_namespace *get_user_ns(struct user_namespace *ns) + { + if (ns) +- kref_get(&ns->kref); ++ atomic_inc(&ns->count); + return ns; + } + + extern int create_user_ns(struct cred *new); + extern int unshare_userns(unsigned long unshare_flags, struct cred **new_cred); +-extern void free_user_ns(struct kref *kref); ++extern void free_user_ns(struct user_namespace *ns); + + static inline void put_user_ns(struct user_namespace *ns) + { +- if (ns) +- kref_put(&ns->kref, free_user_ns); ++ if (ns && atomic_dec_and_test(&ns->count)) ++ free_user_ns(ns); + } + + struct seq_operations; diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h index 6f8fbcf..8259001 100644 --- a/include/linux/vermagic.h @@ -65862,10 +70826,10 @@ index 6071e91..ca6a489 100644 /* * Internals. Dont't use.. diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h -index ad2cfd5..74c94ad 100644 +index a13291f..af51fa3 100644 --- a/include/linux/vmstat.h +++ b/include/linux/vmstat.h -@@ -87,18 +87,18 @@ static inline void vm_events_fold_cpu(int cpu) +@@ -95,18 +95,18 @@ static inline void vm_events_fold_cpu(int cpu) /* * Zone based page accounting with per cpu differentials. */ @@ -65888,7 +70852,7 @@ index ad2cfd5..74c94ad 100644 #ifdef CONFIG_SMP if (x < 0) x = 0; -@@ -109,7 +109,7 @@ static inline unsigned long global_page_state(enum zone_stat_item item) +@@ -117,7 +117,7 @@ static inline unsigned long global_page_state(enum zone_stat_item item) static inline unsigned long zone_page_state(struct zone *zone, enum zone_stat_item item) { @@ -65897,7 +70861,7 @@ index ad2cfd5..74c94ad 100644 #ifdef CONFIG_SMP if (x < 0) x = 0; -@@ -126,7 +126,7 @@ static inline unsigned long zone_page_state(struct zone *zone, +@@ -134,7 +134,7 @@ static inline unsigned long zone_page_state(struct zone *zone, static inline unsigned long zone_page_state_snapshot(struct zone *zone, enum zone_stat_item item) { @@ -65906,7 +70870,7 @@ index ad2cfd5..74c94ad 100644 #ifdef CONFIG_SMP int cpu; -@@ -216,8 +216,8 @@ static inline void __mod_zone_page_state(struct zone *zone, +@@ -226,8 +226,8 @@ static inline void __mod_zone_page_state(struct zone *zone, static inline void __inc_zone_state(struct zone *zone, enum zone_stat_item item) { @@ -65917,7 +70881,7 @@ index ad2cfd5..74c94ad 100644 } static inline void __inc_zone_page_state(struct page *page, -@@ -228,8 +228,8 @@ static inline void __inc_zone_page_state(struct page *page, +@@ -238,8 +238,8 @@ static inline void __inc_zone_page_state(struct page *page, static inline void __dec_zone_state(struct zone *zone, enum zone_stat_item item) { @@ -65929,76 +70893,69 @@ index ad2cfd5..74c94ad 100644 static inline void __dec_zone_page_state(struct page *page, diff --git a/include/linux/xattr.h b/include/linux/xattr.h -index e5d1220..ef6e406 100644 +index fdbafc6..b7ffd47 100644 --- a/include/linux/xattr.h +++ b/include/linux/xattr.h -@@ -57,6 +57,11 @@ - #define XATTR_POSIX_ACL_DEFAULT "posix_acl_default" - #define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_DEFAULT - -+/* User namespace */ -+#define XATTR_PAX_PREFIX XATTR_USER_PREFIX "pax." -+#define XATTR_PAX_FLAGS_SUFFIX "flags" -+#define XATTR_NAME_PAX_FLAGS XATTR_PAX_PREFIX XATTR_PAX_FLAGS_SUFFIX -+ - #ifdef __KERNEL__ - - #include <linux/types.h> -diff --git a/include/media/saa7146_vv.h b/include/media/saa7146_vv.h -index 944ecdf..a3994fc 100644 ---- a/include/media/saa7146_vv.h -+++ b/include/media/saa7146_vv.h -@@ -161,8 +161,8 @@ struct saa7146_ext_vv - int (*std_callback)(struct saa7146_dev*, struct saa7146_standard *); - - /* the extension can override this */ -- struct v4l2_ioctl_ops vid_ops; -- struct v4l2_ioctl_ops vbi_ops; -+ v4l2_ioctl_ops_no_const vid_ops; -+ v4l2_ioctl_ops_no_const vbi_ops; - /* pointer to the saa7146 core ops */ - const struct v4l2_ioctl_ops *core_ops; +@@ -28,7 +28,7 @@ struct xattr_handler { + size_t size, int handler_flags); + int (*set)(struct dentry *dentry, const char *name, const void *buffer, + size_t size, int flags, int handler_flags); +-}; ++} __do_const; + struct xattr { + char *name; diff --git a/include/media/v4l2-dev.h b/include/media/v4l2-dev.h -index 5c416cd..20021aa 100644 +index 95d1c91..6798cca 100644 --- a/include/media/v4l2-dev.h +++ b/include/media/v4l2-dev.h -@@ -73,7 +73,8 @@ struct v4l2_file_operations { +@@ -76,7 +76,7 @@ struct v4l2_file_operations { int (*mmap) (struct file *, struct vm_area_struct *); int (*open) (struct file *); int (*release) (struct file *); -}; +} __do_const; -+typedef struct v4l2_file_operations __no_const v4l2_file_operations_no_const; /* * Newer version of video_device, handled by videodev2.c diff --git a/include/media/v4l2-ioctl.h b/include/media/v4l2-ioctl.h -index e614c9c..20602b7 100644 +index 4118ad1..cb7e25f 100644 --- a/include/media/v4l2-ioctl.h +++ b/include/media/v4l2-ioctl.h -@@ -289,7 +289,7 @@ struct v4l2_ioctl_ops { - long (*vidioc_default) (struct file *file, void *fh, +@@ -284,7 +284,6 @@ struct v4l2_ioctl_ops { bool valid_prio, int cmd, void *arg); }; -- -+typedef struct v4l2_ioctl_ops __no_const v4l2_ioctl_ops_no_const; +- /* v4l debugging and diagnostics */ -diff --git a/include/net/caif/caif_hsi.h b/include/net/caif/caif_hsi.h -index bcb9cc3..f4ec722e 100644 ---- a/include/net/caif/caif_hsi.h -+++ b/include/net/caif/caif_hsi.h -@@ -98,7 +98,7 @@ struct cfhsi_cb_ops { - void (*rx_done_cb) (struct cfhsi_cb_ops *drv); - void (*wake_up_cb) (struct cfhsi_cb_ops *drv); - void (*wake_down_cb) (struct cfhsi_cb_ops *drv); + /* Debug bitmask flags to be used on V4L2 */ +diff --git a/include/net/9p/transport.h b/include/net/9p/transport.h +index adcbb20..62c2559 100644 +--- a/include/net/9p/transport.h ++++ b/include/net/9p/transport.h +@@ -57,7 +57,7 @@ struct p9_trans_module { + int (*cancel) (struct p9_client *, struct p9_req_t *req); + int (*zc_request)(struct p9_client *, struct p9_req_t *, + char *, char *, int , int, int, int); -}; -+} __no_const; ++} __do_const; + + void v9fs_register_trans(struct p9_trans_module *m); + void v9fs_unregister_trans(struct p9_trans_module *m); +diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h +index 7588ef4..e62d35f 100644 +--- a/include/net/bluetooth/l2cap.h ++++ b/include/net/bluetooth/l2cap.h +@@ -552,7 +552,7 @@ struct l2cap_ops { + void (*defer) (struct l2cap_chan *chan); + struct sk_buff *(*alloc_skb) (struct l2cap_chan *chan, + unsigned long len, int nb); +-}; ++} __do_const; - /* Structure implemented by HSI device. */ - struct cfhsi_ops { + struct l2cap_conn { + struct hci_conn *hcon; diff --git a/include/net/caif/cfctrl.h b/include/net/caif/cfctrl.h index 9e5425b..8136ffc 100644 --- a/include/net/caif/cfctrl.h @@ -66035,6 +70992,56 @@ index 628e11b..4c475df 100644 +extern atomic_unchecked_t flow_cache_genid; #endif +diff --git a/include/net/genetlink.h b/include/net/genetlink.h +index bdfbe68..4402ebe 100644 +--- a/include/net/genetlink.h ++++ b/include/net/genetlink.h +@@ -118,7 +118,7 @@ struct genl_ops { + struct netlink_callback *cb); + int (*done)(struct netlink_callback *cb); + struct list_head ops_list; +-}; ++} __do_const; + + extern int genl_register_family(struct genl_family *family); + extern int genl_register_family_with_ops(struct genl_family *family, +diff --git a/include/net/gro_cells.h b/include/net/gro_cells.h +index e5062c9..48a9a4b 100644 +--- a/include/net/gro_cells.h ++++ b/include/net/gro_cells.h +@@ -29,7 +29,7 @@ static inline void gro_cells_receive(struct gro_cells *gcells, struct sk_buff *s + cell += skb_get_rx_queue(skb) & gcells->gro_cells_mask; + + if (skb_queue_len(&cell->napi_skbs) > netdev_max_backlog) { +- atomic_long_inc(&dev->rx_dropped); ++ atomic_long_inc_unchecked(&dev->rx_dropped); + kfree_skb(skb); + return; + } +@@ -73,8 +73,8 @@ static inline int gro_cells_init(struct gro_cells *gcells, struct net_device *de + int i; + + gcells->gro_cells_mask = roundup_pow_of_two(netif_get_num_default_rss_queues()) - 1; +- gcells->cells = kcalloc(sizeof(struct gro_cell), +- gcells->gro_cells_mask + 1, ++ gcells->cells = kcalloc(gcells->gro_cells_mask + 1, ++ sizeof(struct gro_cell), + GFP_KERNEL); + if (!gcells->cells) + return -ENOMEM; +diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h +index 1832927..ce39aea 100644 +--- a/include/net/inet_connection_sock.h ++++ b/include/net/inet_connection_sock.h +@@ -62,7 +62,7 @@ struct inet_connection_sock_af_ops { + void (*addr2sockaddr)(struct sock *sk, struct sockaddr *); + int (*bind_conflict)(const struct sock *sk, + const struct inet_bind_bucket *tb, bool relax); +-}; ++} __do_const; + + /** inet_connection_sock - INET connection oriented sock + * diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h index 53f464d..ba76aaa 100644 --- a/include/net/inetpeer.h @@ -66064,6 +71071,19 @@ index 53f464d..ba76aaa 100644 return new; } +diff --git a/include/net/ip.h b/include/net/ip.h +index a68f838..74518ab 100644 +--- a/include/net/ip.h ++++ b/include/net/ip.h +@@ -202,7 +202,7 @@ extern struct local_ports { + } sysctl_local_ports; + extern void inet_get_local_port_range(int *low, int *high); + +-extern unsigned long *sysctl_local_reserved_ports; ++extern unsigned long sysctl_local_reserved_ports[65536 / 8 / sizeof(unsigned long)]; + static inline int inet_is_reserved_local_port(int port) + { + return test_bit(port, sysctl_local_reserved_ports); diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h index 9497be1..5a4fafe 100644 --- a/include/net/ip_fib.h @@ -66078,10 +71098,10 @@ index 9497be1..5a4fafe 100644 fib_info_update_nh_saddr((net), &FIB_RES_NH(res))) #define FIB_RES_GW(res) (FIB_RES_NH(res).nh_gw) diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h -index 95374d1..2300e36 100644 +index 68c69d5..bdab192 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h -@@ -510,7 +510,7 @@ struct ip_vs_conn { +@@ -599,7 +599,7 @@ struct ip_vs_conn { struct ip_vs_conn *control; /* Master control connection */ atomic_t n_control; /* Number of controlled ones */ struct ip_vs_dest *dest; /* real server */ @@ -66090,7 +71110,7 @@ index 95374d1..2300e36 100644 /* packet transmitter for different forwarding methods. If it mangles the packet, it must return NF_DROP or better NF_STOLEN, -@@ -648,7 +648,7 @@ struct ip_vs_dest { +@@ -737,7 +737,7 @@ struct ip_vs_dest { __be16 port; /* port number of the server */ union nf_inet_addr addr; /* IP address of the server */ volatile unsigned int flags; /* dest status flags */ @@ -66099,21 +71119,22 @@ index 95374d1..2300e36 100644 atomic_t weight; /* server weight */ atomic_t refcnt; /* reference counter */ -diff --git a/include/net/irda/ircomm_core.h b/include/net/irda/ircomm_core.h -index 69b610a..fe3962c 100644 ---- a/include/net/irda/ircomm_core.h -+++ b/include/net/irda/ircomm_core.h -@@ -51,7 +51,7 @@ typedef struct { - int (*connect_response)(struct ircomm_cb *, struct sk_buff *); - int (*disconnect_request)(struct ircomm_cb *, struct sk_buff *, - struct ircomm_info *); --} call_t; -+} __no_const call_t; - - struct ircomm_cb { - irda_queue_t queue; +@@ -980,11 +980,11 @@ struct netns_ipvs { + /* ip_vs_lblc */ + int sysctl_lblc_expiration; + struct ctl_table_header *lblc_ctl_header; +- struct ctl_table *lblc_ctl_table; ++ ctl_table_no_const *lblc_ctl_table; + /* ip_vs_lblcr */ + int sysctl_lblcr_expiration; + struct ctl_table_header *lblcr_ctl_header; +- struct ctl_table *lblcr_ctl_table; ++ ctl_table_no_const *lblcr_ctl_table; + /* ip_vs_est */ + struct list_head est_list; /* estimator list */ + spinlock_t est_lock; diff --git a/include/net/irda/ircomm_tty.h b/include/net/irda/ircomm_tty.h -index 59ba38bc..d515662 100644 +index 80ffde3..968b0f4 100644 --- a/include/net/irda/ircomm_tty.h +++ b/include/net/irda/ircomm_tty.h @@ -35,6 +35,7 @@ @@ -66124,17 +71145,6 @@ index 59ba38bc..d515662 100644 #include <net/irda/irias_object.h> #include <net/irda/ircomm_core.h> -@@ -105,8 +106,8 @@ struct ircomm_tty_cb { - unsigned short close_delay; - unsigned short closing_wait; /* time to wait before closing */ - -- int open_count; -- int blocked_open; /* # of blocked opens */ -+ local_t open_count; -+ local_t blocked_open; /* # of blocked opens */ - - /* Protect concurent access to : - * o self->open_count diff --git a/include/net/iucv/af_iucv.h b/include/net/iucv/af_iucv.h index cc7c197..9f2da2a 100644 --- a/include/net/iucv/af_iucv.h @@ -66148,8 +71158,88 @@ index cc7c197..9f2da2a 100644 }; unsigned int iucv_sock_poll(struct file *file, struct socket *sock, +diff --git a/include/net/llc_c_ac.h b/include/net/llc_c_ac.h +index df83f69..9b640b8 100644 +--- a/include/net/llc_c_ac.h ++++ b/include/net/llc_c_ac.h +@@ -87,7 +87,7 @@ + #define LLC_CONN_AC_STOP_SENDACK_TMR 70 + #define LLC_CONN_AC_START_SENDACK_TMR_IF_NOT_RUNNING 71 + +-typedef int (*llc_conn_action_t)(struct sock *sk, struct sk_buff *skb); ++typedef int (* const llc_conn_action_t)(struct sock *sk, struct sk_buff *skb); + + extern int llc_conn_ac_clear_remote_busy(struct sock *sk, struct sk_buff *skb); + extern int llc_conn_ac_conn_ind(struct sock *sk, struct sk_buff *skb); +diff --git a/include/net/llc_c_ev.h b/include/net/llc_c_ev.h +index 6ca3113..f8026dd 100644 +--- a/include/net/llc_c_ev.h ++++ b/include/net/llc_c_ev.h +@@ -125,8 +125,8 @@ static __inline__ struct llc_conn_state_ev *llc_conn_ev(struct sk_buff *skb) + return (struct llc_conn_state_ev *)skb->cb; + } + +-typedef int (*llc_conn_ev_t)(struct sock *sk, struct sk_buff *skb); +-typedef int (*llc_conn_ev_qfyr_t)(struct sock *sk, struct sk_buff *skb); ++typedef int (* const llc_conn_ev_t)(struct sock *sk, struct sk_buff *skb); ++typedef int (* const llc_conn_ev_qfyr_t)(struct sock *sk, struct sk_buff *skb); + + extern int llc_conn_ev_conn_req(struct sock *sk, struct sk_buff *skb); + extern int llc_conn_ev_data_req(struct sock *sk, struct sk_buff *skb); +diff --git a/include/net/llc_c_st.h b/include/net/llc_c_st.h +index 0e79cfb..f46db31 100644 +--- a/include/net/llc_c_st.h ++++ b/include/net/llc_c_st.h +@@ -37,7 +37,7 @@ struct llc_conn_state_trans { + u8 next_state; + llc_conn_ev_qfyr_t *ev_qualifiers; + llc_conn_action_t *ev_actions; +-}; ++} __do_const; + + struct llc_conn_state { + u8 current_state; +diff --git a/include/net/llc_s_ac.h b/include/net/llc_s_ac.h +index 37a3bbd..55a4241 100644 +--- a/include/net/llc_s_ac.h ++++ b/include/net/llc_s_ac.h +@@ -23,7 +23,7 @@ + #define SAP_ACT_TEST_IND 9 + + /* All action functions must look like this */ +-typedef int (*llc_sap_action_t)(struct llc_sap *sap, struct sk_buff *skb); ++typedef int (* const llc_sap_action_t)(struct llc_sap *sap, struct sk_buff *skb); + + extern int llc_sap_action_unitdata_ind(struct llc_sap *sap, + struct sk_buff *skb); +diff --git a/include/net/llc_s_st.h b/include/net/llc_s_st.h +index 567c681..cd73ac0 100644 +--- a/include/net/llc_s_st.h ++++ b/include/net/llc_s_st.h +@@ -20,7 +20,7 @@ struct llc_sap_state_trans { + llc_sap_ev_t ev; + u8 next_state; + llc_sap_action_t *ev_actions; +-}; ++} __do_const; + + struct llc_sap_state { + u8 curr_state; +diff --git a/include/net/mac80211.h b/include/net/mac80211.h +index ee50c5e..1bc3b1a 100644 +--- a/include/net/mac80211.h ++++ b/include/net/mac80211.h +@@ -3996,7 +3996,7 @@ struct rate_control_ops { + void (*add_sta_debugfs)(void *priv, void *priv_sta, + struct dentry *dir); + void (*remove_sta_debugfs)(void *priv, void *priv_sta); +-}; ++} __do_const; + + static inline int rate_supported(struct ieee80211_sta *sta, + enum ieee80211_band band, diff --git a/include/net/neighbour.h b/include/net/neighbour.h -index 344d898..2ae1302 100644 +index 0dab173..1b76af0 100644 --- a/include/net/neighbour.h +++ b/include/net/neighbour.h @@ -123,7 +123,7 @@ struct neigh_ops { @@ -66162,10 +71252,10 @@ index 344d898..2ae1302 100644 struct pneigh_entry { struct pneigh_entry *next; diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h -index fd87963..312a11f 100644 +index de644bc..351fd4e 100644 --- a/include/net/net_namespace.h +++ b/include/net/net_namespace.h -@@ -102,7 +102,7 @@ struct net { +@@ -115,7 +115,7 @@ struct net { #endif struct netns_ipvs *ipvs; struct sock *diag_nlsk; @@ -66173,8 +71263,17 @@ index fd87963..312a11f 100644 + atomic_unchecked_t rt_genid; }; + /* +@@ -282,7 +282,7 @@ struct pernet_operations { + void (*exit_batch)(struct list_head *net_exit_list); + int *id; + size_t size; +-}; ++} __do_const; -@@ -303,12 +303,12 @@ static inline void unregister_net_sysctl_table(struct ctl_table_header *header) + /* + * Use these carefully. If you implement a network device and it +@@ -330,12 +330,12 @@ static inline void unregister_net_sysctl_table(struct ctl_table_header *header) static inline int rt_genid(struct net *net) { @@ -66203,10 +71302,10 @@ index 8ba8ce2..99b7fff 100644 size_t len, struct dma_pinned_list *pinned_list); diff --git a/include/net/netlink.h b/include/net/netlink.h -index 785f37a..c81dc0c 100644 +index 9690b0f..87aded7 100644 --- a/include/net/netlink.h +++ b/include/net/netlink.h -@@ -520,7 +520,7 @@ static inline void *nlmsg_get_pos(struct sk_buff *skb) +@@ -534,7 +534,7 @@ static inline void *nlmsg_get_pos(struct sk_buff *skb) static inline void nlmsg_trim(struct sk_buff *skb, const void *mark) { if (mark) @@ -66215,12 +71314,38 @@ index 785f37a..c81dc0c 100644 } /** +diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h +index 923cb20..deae816 100644 +--- a/include/net/netns/conntrack.h ++++ b/include/net/netns/conntrack.h +@@ -12,10 +12,10 @@ struct nf_conntrack_ecache; + struct nf_proto_net { + #ifdef CONFIG_SYSCTL + struct ctl_table_header *ctl_table_header; +- struct ctl_table *ctl_table; ++ ctl_table_no_const *ctl_table; + #ifdef CONFIG_NF_CONNTRACK_PROC_COMPAT + struct ctl_table_header *ctl_compat_header; +- struct ctl_table *ctl_compat_table; ++ ctl_table_no_const *ctl_compat_table; + #endif + #endif + unsigned int users; +@@ -58,7 +58,7 @@ struct nf_ip_net { + struct nf_icmp_net icmpv6; + #if defined(CONFIG_SYSCTL) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT) + struct ctl_table_header *ctl_table_header; +- struct ctl_table *ctl_table; ++ ctl_table_no_const *ctl_table; + #endif + }; + diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h -index eb24dbc..567d6ed 100644 +index 2ae2b83..dbdc85e 100644 --- a/include/net/netns/ipv4.h +++ b/include/net/netns/ipv4.h -@@ -65,7 +65,7 @@ struct netns_ipv4 { - unsigned int sysctl_ping_group_range[2]; +@@ -64,7 +64,7 @@ struct netns_ipv4 { + kgid_t sysctl_ping_group_range[2]; long sysctl_tcp_mem[3]; - atomic_t dev_addr_genid; @@ -66228,11 +71353,46 @@ index eb24dbc..567d6ed 100644 #ifdef CONFIG_IP_MROUTE #ifndef CONFIG_IP_MROUTE_MULTIPLE_TABLES +diff --git a/include/net/protocol.h b/include/net/protocol.h +index 047c047..b9dad15 100644 +--- a/include/net/protocol.h ++++ b/include/net/protocol.h +@@ -44,7 +44,7 @@ struct net_protocol { + void (*err_handler)(struct sk_buff *skb, u32 info); + unsigned int no_policy:1, + netns_ok:1; +-}; ++} __do_const; + + #if IS_ENABLED(CONFIG_IPV6) + struct inet6_protocol { +@@ -57,7 +57,7 @@ struct inet6_protocol { + u8 type, u8 code, int offset, + __be32 info); + unsigned int flags; /* INET6_PROTO_xxx */ +-}; ++} __do_const; + + #define INET6_PROTO_NOPOLICY 0x1 + #define INET6_PROTO_FINAL 0x2 +diff --git a/include/net/rtnetlink.h b/include/net/rtnetlink.h +index 5a15fab..d799ea7 100644 +--- a/include/net/rtnetlink.h ++++ b/include/net/rtnetlink.h +@@ -81,7 +81,7 @@ struct rtnl_link_ops { + const struct net_device *dev); + unsigned int (*get_num_tx_queues)(void); + unsigned int (*get_num_rx_queues)(void); +-}; ++} __do_const; + + extern int __rtnl_link_register(struct rtnl_link_ops *ops); + extern void __rtnl_link_unregister(struct rtnl_link_ops *ops); diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h -index ff49964..1411fee 100644 +index 7fdf298..197e9f7 100644 --- a/include/net/sctp/sctp.h +++ b/include/net/sctp/sctp.h -@@ -320,9 +320,9 @@ do { \ +@@ -330,9 +330,9 @@ do { \ #else /* SCTP_DEBUG */ @@ -66245,11 +71405,46 @@ index ff49964..1411fee 100644 #define SCTP_ENABLE_DEBUG #define SCTP_DISABLE_DEBUG #define SCTP_ASSERT(expr, str, func) +diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h +index 2a82d13..62a31c2 100644 +--- a/include/net/sctp/sm.h ++++ b/include/net/sctp/sm.h +@@ -87,7 +87,7 @@ typedef void (sctp_timer_event_t) (unsigned long); + typedef struct { + sctp_state_fn_t *fn; + const char *name; +-} sctp_sm_table_entry_t; ++} __do_const sctp_sm_table_entry_t; + + /* A naming convention of "sctp_sf_xxx" applies to all the state functions + * currently in use. +@@ -299,7 +299,7 @@ __u32 sctp_generate_tag(const struct sctp_endpoint *); + __u32 sctp_generate_tsn(const struct sctp_endpoint *); + + /* Extern declarations for major data structures. */ +-extern sctp_timer_event_t *sctp_timer_events[SCTP_NUM_TIMEOUT_TYPES]; ++extern sctp_timer_event_t * const sctp_timer_events[SCTP_NUM_TIMEOUT_TYPES]; + + + /* Get the size of a DATA chunk payload. */ +diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h +index fdeb85a..1329d95 100644 +--- a/include/net/sctp/structs.h ++++ b/include/net/sctp/structs.h +@@ -517,7 +517,7 @@ struct sctp_pf { + struct sctp_association *asoc); + void (*addr_v4map) (struct sctp_sock *, union sctp_addr *); + struct sctp_af *af; +-}; ++} __do_const; + + + /* Structure to track chunk fragments that have been acked, but peer diff --git a/include/net/sock.h b/include/net/sock.h -index 450a2af..7692614 100644 +index 25afaa0..8bb0070 100644 --- a/include/net/sock.h +++ b/include/net/sock.h -@@ -305,7 +305,7 @@ struct sock { +@@ -322,7 +322,7 @@ struct sock { #ifdef CONFIG_RPS __u32 sk_rxhash; #endif @@ -66258,7 +71453,7 @@ index 450a2af..7692614 100644 int sk_rcvbuf; struct sk_filter __rcu *sk_filter; -@@ -1764,7 +1764,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) +@@ -1781,7 +1781,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) } static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb, @@ -66267,20 +71462,20 @@ index 450a2af..7692614 100644 int copy, int offset) { if (skb->ip_summed == CHECKSUM_NONE) { -@@ -2023,7 +2023,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) +@@ -2040,7 +2040,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) } } -struct sk_buff *sk_stream_alloc_skb(struct sock *sk, int size, gfp_t gfp); +struct sk_buff * __intentional_overflow(0) sk_stream_alloc_skb(struct sock *sk, int size, gfp_t gfp); - static inline struct page *sk_stream_alloc_page(struct sock *sk) - { + /** + * sk_page_frag - return an appropriate page_frag diff --git a/include/net/tcp.h b/include/net/tcp.h -index 1f000ff..e5a8dfb 100644 +index aed42c7..43890c6 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h -@@ -508,7 +508,7 @@ extern void tcp_retransmit_timer(struct sock *sk); +@@ -530,7 +530,7 @@ extern void tcp_retransmit_timer(struct sock *sk); extern void tcp_xmit_retransmit_queue(struct sock *); extern void tcp_simple_retransmit(struct sock *); extern int tcp_trim_head(struct sock *, struct sk_buff *, u32); @@ -66289,7 +71484,7 @@ index 1f000ff..e5a8dfb 100644 extern void tcp_send_probe0(struct sock *); extern void tcp_send_partial(struct sock *); -@@ -677,8 +677,8 @@ struct tcp_skb_cb { +@@ -701,8 +701,8 @@ struct tcp_skb_cb { struct inet6_skb_parm h6; #endif } header; /* For incoming frames */ @@ -66300,7 +71495,7 @@ index 1f000ff..e5a8dfb 100644 __u32 when; /* used to compute rtt's */ __u8 tcp_flags; /* TCP header flags. (tcp[13]) */ -@@ -692,7 +692,7 @@ struct tcp_skb_cb { +@@ -716,7 +716,7 @@ struct tcp_skb_cb { __u8 ip_dsfield; /* IPv4 tos or IPv6 dsfield */ /* 1 byte hole */ @@ -66309,32 +71504,37 @@ index 1f000ff..e5a8dfb 100644 }; #define TCP_SKB_CB(__skb) ((struct tcp_skb_cb *)&((__skb)->cb[0])) -@@ -1502,7 +1502,7 @@ struct tcp_seq_afinfo { - char *name; - sa_family_t family; - const struct file_operations *seq_fops; -- struct seq_operations seq_ops; -+ seq_operations_no_const seq_ops; - }; - - struct tcp_iter_state { -diff --git a/include/net/udp.h b/include/net/udp.h -index 065f379..b661b40 100644 ---- a/include/net/udp.h -+++ b/include/net/udp.h -@@ -244,7 +244,7 @@ struct udp_seq_afinfo { - sa_family_t family; - struct udp_table *udp_table; - const struct file_operations *seq_fops; -- struct seq_operations seq_ops; -+ seq_operations_no_const seq_ops; - }; - - struct udp_iter_state { diff --git a/include/net/xfrm.h b/include/net/xfrm.h -index 639dd13..15b206c 100644 +index 63445ed..d6fc34f 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h +@@ -304,7 +304,7 @@ struct xfrm_policy_afinfo { + struct net_device *dev, + const struct flowi *fl); + struct dst_entry *(*blackhole_route)(struct net *net, struct dst_entry *orig); +-}; ++} __do_const; + + extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo); + extern int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo); +@@ -340,7 +340,7 @@ struct xfrm_state_afinfo { + struct sk_buff *skb); + int (*transport_finish)(struct sk_buff *skb, + int async); +-}; ++} __do_const; + + extern int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo); + extern int xfrm_state_unregister_afinfo(struct xfrm_state_afinfo *afinfo); +@@ -423,7 +423,7 @@ struct xfrm_mode { + struct module *owner; + unsigned int encap; + int flags; +-}; ++} __do_const; + + /* Flags for xfrm_mode. */ + enum { @@ -514,7 +514,7 @@ struct xfrm_policy { struct timer_list timer; @@ -66379,10 +71579,10 @@ index 399162b..b337f1a 100644 u8 qfull; enum fc_lport_state state; diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h -index 9895f69..f1418f0 100644 +index e65c62e..aa2e5a2 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h -@@ -166,9 +166,9 @@ struct scsi_device { +@@ -170,9 +170,9 @@ struct scsi_device { unsigned int max_device_blocked; /* what device_blocked counts down from */ #define SCSI_DEFAULT_DEVICE_BLOCKED 3 @@ -66409,75 +71609,20 @@ index b797e8f..8e2c3aa 100644 /** -diff --git a/include/sound/ak4xxx-adda.h b/include/sound/ak4xxx-adda.h -index 030b87c..98a6954 100644 ---- a/include/sound/ak4xxx-adda.h -+++ b/include/sound/ak4xxx-adda.h -@@ -35,7 +35,7 @@ struct snd_ak4xxx_ops { - void (*write)(struct snd_akm4xxx *ak, int chip, unsigned char reg, - unsigned char val); - void (*set_rate_val)(struct snd_akm4xxx *ak, unsigned int rate); --}; -+} __no_const; - - #define AK4XXX_IMAGE_SIZE (AK4XXX_MAX_CHIPS * 16) /* 64 bytes */ - -diff --git a/include/sound/hwdep.h b/include/sound/hwdep.h -index 8c05e47..2b5df97 100644 ---- a/include/sound/hwdep.h -+++ b/include/sound/hwdep.h -@@ -49,7 +49,7 @@ struct snd_hwdep_ops { - struct snd_hwdep_dsp_status *status); - int (*dsp_load)(struct snd_hwdep *hw, - struct snd_hwdep_dsp_image *image); --}; -+} __no_const; - - struct snd_hwdep { - struct snd_card *card; -diff --git a/include/sound/info.h b/include/sound/info.h -index 9ca1a49..aba1728 100644 ---- a/include/sound/info.h -+++ b/include/sound/info.h -@@ -44,7 +44,7 @@ struct snd_info_entry_text { - struct snd_info_buffer *buffer); - void (*write)(struct snd_info_entry *entry, - struct snd_info_buffer *buffer); --}; -+} __no_const; - - struct snd_info_entry_ops { - int (*open)(struct snd_info_entry *entry, -diff --git a/include/sound/pcm.h b/include/sound/pcm.h -index cdca2ab..10bbe05 100644 ---- a/include/sound/pcm.h -+++ b/include/sound/pcm.h -@@ -81,6 +81,7 @@ struct snd_pcm_ops { - int (*mmap)(struct snd_pcm_substream *substream, struct vm_area_struct *vma); - int (*ack)(struct snd_pcm_substream *substream); - }; -+typedef struct snd_pcm_ops __no_const snd_pcm_ops_no_const; - - /* - * -diff --git a/include/sound/sb16_csp.h b/include/sound/sb16_csp.h -index af1b49e..a5d55a5 100644 ---- a/include/sound/sb16_csp.h -+++ b/include/sound/sb16_csp.h -@@ -146,7 +146,7 @@ struct snd_sb_csp_ops { - int (*csp_start) (struct snd_sb_csp * p, int sample_width, int channels); - int (*csp_stop) (struct snd_sb_csp * p); - int (*csp_qsound_transfer) (struct snd_sb_csp * p); --}; -+} __no_const; - - /* - * CSP private data diff --git a/include/sound/soc.h b/include/sound/soc.h -index e063380..e8077d5 100644 +index bc56738..a4be132 100644 --- a/include/sound/soc.h +++ b/include/sound/soc.h -@@ -801,7 +801,7 @@ struct snd_soc_platform_driver { +@@ -771,7 +771,7 @@ struct snd_soc_codec_driver { + /* probe ordering - for components with runtime dependencies */ + int probe_order; + int remove_order; +-}; ++} __do_const; + + /* SoC platform interface */ + struct snd_soc_platform_driver { +@@ -817,7 +817,7 @@ struct snd_soc_platform_driver { unsigned int (*read)(struct snd_soc_platform *, unsigned int); int (*write)(struct snd_soc_platform *, unsigned int, unsigned int); int (*bespoke_trigger)(struct snd_pcm_substream *, int); @@ -66486,42 +71631,11 @@ index e063380..e8077d5 100644 struct snd_soc_platform { const char *name; -@@ -1016,7 +1016,7 @@ struct snd_soc_pcm_runtime { - struct snd_soc_dai_link *dai_link; - struct mutex pcm_mutex; - enum snd_soc_pcm_subclass pcm_subclass; -- struct snd_pcm_ops ops; -+ snd_pcm_ops_no_const ops; - - unsigned int dev_registered:1; - -diff --git a/include/sound/tea575x-tuner.h b/include/sound/tea575x-tuner.h -index fe8590c..aaed363 100644 ---- a/include/sound/tea575x-tuner.h -+++ b/include/sound/tea575x-tuner.h -@@ -48,7 +48,7 @@ struct snd_tea575x_ops { - - struct snd_tea575x { - struct v4l2_device *v4l2_dev; -- struct v4l2_file_operations fops; -+ v4l2_file_operations_no_const fops; - struct video_device vd; /* video device */ - int radio_nr; /* radio_nr */ - bool tea5759; /* 5759 chip is present */ diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h -index fca8bbe..2a10de2 100644 +index 663e34a..91b306a 100644 --- a/include/target/target_core_base.h +++ b/include/target/target_core_base.h -@@ -434,7 +434,7 @@ struct t10_reservation_ops { - int (*t10_seq_non_holder)(struct se_cmd *, unsigned char *, u32); - int (*t10_pr_register)(struct se_cmd *); - int (*t10_pr_clear)(struct se_cmd *); --}; -+} __no_const; - - struct t10_reservation { - /* Reservation effects all target ports */ -@@ -760,7 +760,7 @@ struct se_device { +@@ -654,7 +654,7 @@ struct se_device { spinlock_t stats_lock; /* Active commands on this virtual SE device */ atomic_t simple_cmds; @@ -66529,10 +71643,10 @@ index fca8bbe..2a10de2 100644 + atomic_unchecked_t dev_ordered_id; atomic_t dev_ordered_sync; atomic_t dev_qf_count; - struct se_obj dev_obj; + int export_count; diff --git a/include/trace/events/fs.h b/include/trace/events/fs.h new file mode 100644 -index 0000000..2efe49d +index 0000000..fb634b7 --- /dev/null +++ b/include/trace/events/fs.h @@ -0,0 +1,53 @@ @@ -66547,7 +71661,7 @@ index 0000000..2efe49d + +TRACE_EVENT(do_sys_open, + -+ TP_PROTO(char *filename, int flags, int mode), ++ TP_PROTO(const char *filename, int flags, int mode), + + TP_ARGS(filename, flags, mode), + @@ -66611,6 +71725,210 @@ index 1c09820..7f5ec79 100644 TP_ARGS(irq, action, ret), +diff --git a/include/uapi/linux/a.out.h b/include/uapi/linux/a.out.h +index 7caf44c..23c6f27 100644 +--- a/include/uapi/linux/a.out.h ++++ b/include/uapi/linux/a.out.h +@@ -39,6 +39,14 @@ enum machine_type { + M_MIPS2 = 152 /* MIPS R6000/R4000 binary */ + }; + ++/* Constants for the N_FLAGS field */ ++#define F_PAX_PAGEEXEC 1 /* Paging based non-executable pages */ ++#define F_PAX_EMUTRAMP 2 /* Emulate trampolines */ ++#define F_PAX_MPROTECT 4 /* Restrict mprotect() */ ++#define F_PAX_RANDMMAP 8 /* Randomize mmap() base */ ++/*#define F_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */ ++#define F_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */ ++ + #if !defined (N_MAGIC) + #define N_MAGIC(exec) ((exec).a_info & 0xffff) + #endif +diff --git a/include/uapi/linux/byteorder/little_endian.h b/include/uapi/linux/byteorder/little_endian.h +index d876736..b36014e 100644 +--- a/include/uapi/linux/byteorder/little_endian.h ++++ b/include/uapi/linux/byteorder/little_endian.h +@@ -42,51 +42,51 @@ + + static inline __le64 __cpu_to_le64p(const __u64 *p) + { +- return (__force __le64)*p; ++ return (__force const __le64)*p; + } + static inline __u64 __le64_to_cpup(const __le64 *p) + { +- return (__force __u64)*p; ++ return (__force const __u64)*p; + } + static inline __le32 __cpu_to_le32p(const __u32 *p) + { +- return (__force __le32)*p; ++ return (__force const __le32)*p; + } + static inline __u32 __le32_to_cpup(const __le32 *p) + { +- return (__force __u32)*p; ++ return (__force const __u32)*p; + } + static inline __le16 __cpu_to_le16p(const __u16 *p) + { +- return (__force __le16)*p; ++ return (__force const __le16)*p; + } + static inline __u16 __le16_to_cpup(const __le16 *p) + { +- return (__force __u16)*p; ++ return (__force const __u16)*p; + } + static inline __be64 __cpu_to_be64p(const __u64 *p) + { +- return (__force __be64)__swab64p(p); ++ return (__force const __be64)__swab64p(p); + } + static inline __u64 __be64_to_cpup(const __be64 *p) + { +- return __swab64p((__u64 *)p); ++ return __swab64p((const __u64 *)p); + } + static inline __be32 __cpu_to_be32p(const __u32 *p) + { +- return (__force __be32)__swab32p(p); ++ return (__force const __be32)__swab32p(p); + } + static inline __u32 __be32_to_cpup(const __be32 *p) + { +- return __swab32p((__u32 *)p); ++ return __swab32p((const __u32 *)p); + } + static inline __be16 __cpu_to_be16p(const __u16 *p) + { +- return (__force __be16)__swab16p(p); ++ return (__force const __be16)__swab16p(p); + } + static inline __u16 __be16_to_cpup(const __be16 *p) + { +- return __swab16p((__u16 *)p); ++ return __swab16p((const __u16 *)p); + } + #define __cpu_to_le64s(x) do { (void)(x); } while (0) + #define __le64_to_cpus(x) do { (void)(x); } while (0) +diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h +index 126a817..d522bd1 100644 +--- a/include/uapi/linux/elf.h ++++ b/include/uapi/linux/elf.h +@@ -37,6 +37,17 @@ typedef __s64 Elf64_Sxword; + #define PT_GNU_EH_FRAME 0x6474e550 + + #define PT_GNU_STACK (PT_LOOS + 0x474e551) ++#define PT_GNU_RELRO (PT_LOOS + 0x474e552) ++ ++#define PT_PAX_FLAGS (PT_LOOS + 0x5041580) ++ ++/* Constants for the e_flags field */ ++#define EF_PAX_PAGEEXEC 1 /* Paging based non-executable pages */ ++#define EF_PAX_EMUTRAMP 2 /* Emulate trampolines */ ++#define EF_PAX_MPROTECT 4 /* Restrict mprotect() */ ++#define EF_PAX_RANDMMAP 8 /* Randomize mmap() base */ ++/*#define EF_PAX_RANDEXEC 16*/ /* Randomize ET_EXEC base */ ++#define EF_PAX_SEGMEXEC 32 /* Segmentation based non-executable pages */ + + /* + * Extended Numbering +@@ -94,6 +105,8 @@ typedef __s64 Elf64_Sxword; + #define DT_DEBUG 21 + #define DT_TEXTREL 22 + #define DT_JMPREL 23 ++#define DT_FLAGS 30 ++ #define DF_TEXTREL 0x00000004 + #define DT_ENCODING 32 + #define OLD_DT_LOOS 0x60000000 + #define DT_LOOS 0x6000000d +@@ -240,6 +253,19 @@ typedef struct elf64_hdr { + #define PF_W 0x2 + #define PF_X 0x1 + ++#define PF_PAGEEXEC (1U << 4) /* Enable PAGEEXEC */ ++#define PF_NOPAGEEXEC (1U << 5) /* Disable PAGEEXEC */ ++#define PF_SEGMEXEC (1U << 6) /* Enable SEGMEXEC */ ++#define PF_NOSEGMEXEC (1U << 7) /* Disable SEGMEXEC */ ++#define PF_MPROTECT (1U << 8) /* Enable MPROTECT */ ++#define PF_NOMPROTECT (1U << 9) /* Disable MPROTECT */ ++/*#define PF_RANDEXEC (1U << 10)*/ /* Enable RANDEXEC */ ++/*#define PF_NORANDEXEC (1U << 11)*/ /* Disable RANDEXEC */ ++#define PF_EMUTRAMP (1U << 12) /* Enable EMUTRAMP */ ++#define PF_NOEMUTRAMP (1U << 13) /* Disable EMUTRAMP */ ++#define PF_RANDMMAP (1U << 14) /* Enable RANDMMAP */ ++#define PF_NORANDMMAP (1U << 15) /* Disable RANDMMAP */ ++ + typedef struct elf32_phdr{ + Elf32_Word p_type; + Elf32_Off p_offset; +@@ -332,6 +358,8 @@ typedef struct elf64_shdr { + #define EI_OSABI 7 + #define EI_PAD 8 + ++#define EI_PAX 14 ++ + #define ELFMAG0 0x7f /* EI_MAG */ + #define ELFMAG1 'E' + #define ELFMAG2 'L' +diff --git a/include/uapi/linux/personality.h b/include/uapi/linux/personality.h +index aa169c4..6a2771d 100644 +--- a/include/uapi/linux/personality.h ++++ b/include/uapi/linux/personality.h +@@ -30,6 +30,7 @@ enum { + #define PER_CLEAR_ON_SETID (READ_IMPLIES_EXEC | \ + ADDR_NO_RANDOMIZE | \ + ADDR_COMPAT_LAYOUT | \ ++ ADDR_LIMIT_3GB | \ + MMAP_PAGE_ZERO) + + /* +diff --git a/include/uapi/linux/screen_info.h b/include/uapi/linux/screen_info.h +index 7530e74..e714828 100644 +--- a/include/uapi/linux/screen_info.h ++++ b/include/uapi/linux/screen_info.h +@@ -43,7 +43,8 @@ struct screen_info { + __u16 pages; /* 0x32 */ + __u16 vesa_attributes; /* 0x34 */ + __u32 capabilities; /* 0x36 */ +- __u8 _reserved[6]; /* 0x3a */ ++ __u16 vesapm_size; /* 0x3a */ ++ __u8 _reserved[4]; /* 0x3c */ + } __attribute__((packed)); + + #define VIDEO_TYPE_MDA 0x10 /* Monochrome Text Display */ +diff --git a/include/uapi/linux/sysctl.h b/include/uapi/linux/sysctl.h +index 6d67213..8dab561 100644 +--- a/include/uapi/linux/sysctl.h ++++ b/include/uapi/linux/sysctl.h +@@ -155,7 +155,11 @@ enum + KERN_PANIC_ON_NMI=76, /* int: whether we will panic on an unrecovered */ + }; + +- ++#ifdef CONFIG_PAX_SOFTMODE ++enum { ++ PAX_SOFTMODE=1 /* PaX: disable/enable soft mode */ ++}; ++#endif + + /* CTL_VM names: */ + enum +diff --git a/include/uapi/linux/xattr.h b/include/uapi/linux/xattr.h +index 26607bd..588b65f 100644 +--- a/include/uapi/linux/xattr.h ++++ b/include/uapi/linux/xattr.h +@@ -60,5 +60,9 @@ + #define XATTR_POSIX_ACL_DEFAULT "posix_acl_default" + #define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_DEFAULT + ++/* User namespace */ ++#define XATTR_PAX_PREFIX XATTR_USER_PREFIX "pax." ++#define XATTR_PAX_FLAGS_SUFFIX "flags" ++#define XATTR_NAME_PAX_FLAGS XATTR_PAX_PREFIX XATTR_PAX_FLAGS_SUFFIX + + #endif /* _UAPI_LINUX_XATTR_H */ diff --git a/include/video/udlfb.h b/include/video/udlfb.h index f9466fa..f4e2b81 100644 --- a/include/video/udlfb.h @@ -66643,10 +71961,10 @@ index 0993a22..32ba2fe 100644 void *pmi_pal; u8 *vbe_state_orig; /* diff --git a/init/Kconfig b/init/Kconfig -index af6c7f8..5c188f8 100644 +index be8b7f5..1eeca9b 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -850,6 +850,7 @@ endif # CGROUPS +@@ -990,6 +990,7 @@ endif # CGROUPS config CHECKPOINT_RESTORE bool "Checkpoint/restore support" if EXPERT @@ -66654,15 +71972,7 @@ index af6c7f8..5c188f8 100644 default n help Enables additional kernel features in a sake of checkpoint/restore. -@@ -1029,6 +1030,7 @@ config UIDGID_CONVERTED - # Security modules - depends on SECURITY_TOMOYO = n - depends on SECURITY_APPARMOR = n -+ depends on GRKERNSEC = n - - config UIDGID_STRICT_TYPE_CHECKS - bool "Require conversions between uid/gids and their internal representation" -@@ -1416,7 +1418,7 @@ config SLUB_DEBUG +@@ -1468,7 +1469,7 @@ config SLUB_DEBUG config COMPAT_BRK bool "Disable heap randomization" @@ -66671,7 +71981,7 @@ index af6c7f8..5c188f8 100644 help Randomizing heap placement makes heap exploits harder, but it also breaks ancient binaries (including anything libc5 based). -@@ -1599,7 +1601,7 @@ config INIT_ALL_POSSIBLE +@@ -1711,7 +1712,7 @@ config INIT_ALL_POSSIBLE config STOP_MACHINE bool default y @@ -66695,10 +72005,10 @@ index 7bc47ee..6da2dc7 100644 ifneq ($(CONFIG_BLK_DEV_INITRD),y) obj-y += noinitramfs.o diff --git a/init/do_mounts.c b/init/do_mounts.c -index d3f0aee..c9322f5 100644 +index 1d1b634..a1c810f 100644 --- a/init/do_mounts.c +++ b/init/do_mounts.c -@@ -336,11 +336,11 @@ static void __init get_fs_names(char *page) +@@ -355,11 +355,11 @@ static void __init get_fs_names(char *page) static int __init do_mount_root(char *name, char *fs, int flags, void *data) { struct super_block *s; @@ -66712,7 +72022,7 @@ index d3f0aee..c9322f5 100644 s = current->fs->pwd.dentry->d_sb; ROOT_DEV = s->s_dev; printk(KERN_INFO -@@ -460,18 +460,18 @@ void __init change_floppy(char *fmt, ...) +@@ -480,18 +480,18 @@ void __init change_floppy(char *fmt, ...) va_start(args, fmt); vsprintf(buf, fmt, args); va_end(args); @@ -66734,7 +72044,7 @@ index d3f0aee..c9322f5 100644 termios.c_lflag |= ICANON; sys_ioctl(fd, TCSETSF, (long)&termios); sys_close(fd); -@@ -565,6 +565,6 @@ void __init prepare_namespace(void) +@@ -585,6 +585,6 @@ void __init prepare_namespace(void) mount_root(); out: devtmpfs_mount("dev"); @@ -66776,41 +72086,29 @@ index f5b978a..69dbfe8 100644 if (!S_ISBLK(stat.st_mode)) return 0; diff --git a/init/do_mounts_initrd.c b/init/do_mounts_initrd.c -index 135959a2..28a3f43 100644 +index f9acf71..1e19144 100644 --- a/init/do_mounts_initrd.c +++ b/init/do_mounts_initrd.c -@@ -53,13 +53,13 @@ static void __init handle_initrd(void) +@@ -58,8 +58,8 @@ static void __init handle_initrd(void) create_dev("/dev/root.old", Root_RAM0); /* mount initrd on rootfs' /root */ mount_block_root("/dev/root.old", root_mountflags & ~MS_RDONLY); - sys_mkdir("/old", 0700); -- root_fd = sys_open("/", 0, 0); -- old_fd = sys_open("/old", 0, 0); +- sys_chdir("/old"); + sys_mkdir((const char __force_user *)"/old", 0700); -+ root_fd = sys_open((const char __force_user *)"/", 0, 0); -+ old_fd = sys_open((const char __force_user *)"/old", 0, 0); - /* move initrd over / and chdir/chroot in initrd root */ -- sys_chdir("/root"); -- sys_mount(".", "/", NULL, MS_MOVE, NULL); -- sys_chroot("."); -+ sys_chdir((const char __force_user *)"/root"); -+ sys_mount((char __force_user *)".", (char __force_user *)"/", NULL, MS_MOVE, NULL); -+ sys_chroot((const char __force_user *)"."); ++ sys_chdir((const char __force_user *)"/old"); /* * In case that a resume from disk is carried out by linuxrc or one of -@@ -76,15 +76,15 @@ static void __init handle_initrd(void) +@@ -73,31 +73,31 @@ static void __init handle_initrd(void) + current->flags &= ~PF_FREEZER_SKIP; /* move initrd to rootfs' /old */ - sys_fchdir(old_fd); -- sys_mount("/", ".", NULL, MS_MOVE, NULL); -+ sys_mount((char __force_user *)"/", (char __force_user *)".", NULL, MS_MOVE, NULL); +- sys_mount("..", ".", NULL, MS_MOVE, NULL); ++ sys_mount((char __force_user *)"..", (char __force_user *)".", NULL, MS_MOVE, NULL); /* switch root and cwd back to / of rootfs */ - sys_fchdir(root_fd); -- sys_chroot("."); -+ sys_chroot((const char __force_user *)"."); - sys_close(old_fd); - sys_close(root_fd); +- sys_chroot(".."); ++ sys_chroot((const char __force_user *)".."); if (new_decode_dev(real_root_dev) == Root_RAM0) { - sys_chdir("/old"); @@ -66818,7 +72116,9 @@ index 135959a2..28a3f43 100644 return; } -@@ -92,17 +92,17 @@ static void __init handle_initrd(void) +- sys_chdir("/"); ++ sys_chdir((const char __force_user *)"/"); + ROOT_DEV = new_decode_dev(real_root_dev); mount_root(); printk(KERN_NOTICE "Trying to move old root to /initrd ... "); @@ -66839,7 +72139,7 @@ index 135959a2..28a3f43 100644 printk(KERN_NOTICE "Trying to free ramdisk memory ... "); if (fd < 0) { error = fd; -@@ -125,11 +125,11 @@ int __init initrd_load(void) +@@ -120,11 +120,11 @@ int __init initrd_load(void) * mounted in the normal path. */ if (rd_load_image("/initrd.image") && ROOT_DEV != Root_RAM0) { @@ -67011,7 +72311,7 @@ index 84c6bf1..8899338 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index 5973f47..02f3fcd 100644 +index cee4b5c..6a3402b 100644 --- a/init/main.c +++ b/init/main.c @@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { } @@ -67028,10 +72328,10 @@ index 5973f47..02f3fcd 100644 __setup("reset_devices", set_reset_devices); +#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP -+int grsec_proc_gid = CONFIG_GRKERNSEC_PROC_GID; ++kgid_t grsec_proc_gid = KGIDT_INIT(CONFIG_GRKERNSEC_PROC_GID); +static int __init setup_grsec_proc_gid(char *str) +{ -+ grsec_proc_gid = (int)simple_strtol(str, NULL, 0); ++ grsec_proc_gid = KGIDT_INIT(simple_strtol(str, NULL, 0)); + return 1; +} +__setup("grsec_proc_gid=", setup_grsec_proc_gid); @@ -67085,7 +72385,7 @@ index 5973f47..02f3fcd 100644 static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; static const char *panic_later, *panic_param; -@@ -678,6 +735,7 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -681,6 +738,7 @@ int __init_or_module do_one_initcall(initcall_t fn) { int count = preempt_count(); int ret; @@ -67093,7 +72393,7 @@ index 5973f47..02f3fcd 100644 if (initcall_debug) ret = do_one_initcall_debug(fn); -@@ -690,15 +748,15 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -693,15 +751,15 @@ int __init_or_module do_one_initcall(initcall_t fn) sprintf(msgbuf, "error code %d ", ret); if (preempt_count() != count) { @@ -67113,7 +72413,7 @@ index 5973f47..02f3fcd 100644 } return ret; -@@ -752,8 +810,14 @@ static void __init do_initcall_level(int level) +@@ -755,8 +813,14 @@ static void __init do_initcall_level(int level) level, level, &repair_env_string); @@ -67122,14 +72422,14 @@ index 5973f47..02f3fcd 100644 do_one_initcall(*fn); + +#ifdef CONFIG_PAX_LATENT_ENTROPY -+ transfer_latent_entropy(); ++ add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy)); +#endif + + } } static void __init do_initcalls(void) -@@ -787,8 +851,14 @@ static void __init do_pre_smp_initcalls(void) +@@ -790,8 +854,14 @@ static void __init do_pre_smp_initcalls(void) { initcall_t *fn; @@ -67138,14 +72438,14 @@ index 5973f47..02f3fcd 100644 do_one_initcall(*fn); + +#ifdef CONFIG_PAX_LATENT_ENTROPY -+ transfer_latent_entropy(); ++ add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy)); +#endif + + } } - static void run_init_process(const char *init_filename) -@@ -870,7 +940,7 @@ static int __init kernel_init(void * unused) + static int run_init_process(const char *init_filename) +@@ -877,7 +947,7 @@ static noinline void __init kernel_init_freeable(void) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -67154,7 +72454,7 @@ index 5973f47..02f3fcd 100644 printk(KERN_WARNING "Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -883,11 +953,13 @@ static int __init kernel_init(void * unused) +@@ -890,11 +960,13 @@ static noinline void __init kernel_init_freeable(void) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -67169,11 +72469,73 @@ index 5973f47..02f3fcd 100644 /* * Ok, we have completed the initial bootup, and * we're essentially up and running. Get rid of the +diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c +index 130dfec..cc88451 100644 +--- a/ipc/ipc_sysctl.c ++++ b/ipc/ipc_sysctl.c +@@ -30,7 +30,7 @@ static void *get_ipc(ctl_table *table) + static int proc_ipc_dointvec(ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) + { +- struct ctl_table ipc_table; ++ ctl_table_no_const ipc_table; + + memcpy(&ipc_table, table, sizeof(ipc_table)); + ipc_table.data = get_ipc(table); +@@ -41,7 +41,7 @@ static int proc_ipc_dointvec(ctl_table *table, int write, + static int proc_ipc_dointvec_minmax(ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) + { +- struct ctl_table ipc_table; ++ ctl_table_no_const ipc_table; + + memcpy(&ipc_table, table, sizeof(ipc_table)); + ipc_table.data = get_ipc(table); +@@ -65,7 +65,7 @@ static int proc_ipc_dointvec_minmax_orphans(ctl_table *table, int write, + static int proc_ipc_callback_dointvec(ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) + { +- struct ctl_table ipc_table; ++ ctl_table_no_const ipc_table; + size_t lenp_bef = *lenp; + int rc; + +@@ -88,7 +88,7 @@ static int proc_ipc_callback_dointvec(ctl_table *table, int write, + static int proc_ipc_doulongvec_minmax(ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) + { +- struct ctl_table ipc_table; ++ ctl_table_no_const ipc_table; + memcpy(&ipc_table, table, sizeof(ipc_table)); + ipc_table.data = get_ipc(table); + +@@ -122,7 +122,7 @@ static void ipc_auto_callback(int val) + static int proc_ipcauto_dointvec_minmax(ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) + { +- struct ctl_table ipc_table; ++ ctl_table_no_const ipc_table; + size_t lenp_bef = *lenp; + int oldval; + int rc; +diff --git a/ipc/mq_sysctl.c b/ipc/mq_sysctl.c +index 383d638..943fdbb 100644 +--- a/ipc/mq_sysctl.c ++++ b/ipc/mq_sysctl.c +@@ -25,7 +25,7 @@ static void *get_mq(ctl_table *table) + static int proc_mq_dointvec_minmax(ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) + { +- struct ctl_table mq_table; ++ ctl_table_no_const mq_table; + memcpy(&mq_table, table, sizeof(mq_table)); + mq_table.data = get_mq(table); + diff --git a/ipc/mqueue.c b/ipc/mqueue.c -index 9a08acc..e65ebe7 100644 +index 71a3ca1..cc330ee 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c -@@ -279,6 +279,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb, +@@ -278,6 +278,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb, mq_bytes = mq_treesize + (info->attr.mq_maxmsg * info->attr.mq_msgsize); @@ -67182,7 +72544,7 @@ index 9a08acc..e65ebe7 100644 if (u->mq_bytes + mq_bytes < u->mq_bytes || u->mq_bytes + mq_bytes > rlimit(RLIMIT_MSGQUEUE)) { diff --git a/ipc/msg.c b/ipc/msg.c -index 7385de2..a8180e0 100644 +index 950572f..362ea07 100644 --- a/ipc/msg.c +++ b/ipc/msg.c @@ -309,18 +309,19 @@ static inline int msg_security(struct kern_ipc_perm *ipcp, int msgflg) @@ -67210,8 +72572,42 @@ index 7385de2..a8180e0 100644 msg_params.key = key; msg_params.flg = msgflg; +@@ -820,15 +821,17 @@ long do_msgrcv(int msqid, void __user *buf, size_t bufsz, long msgtyp, + struct msg_msg *copy = NULL; + unsigned long copy_number = 0; + ++ ns = current->nsproxy->ipc_ns; ++ + if (msqid < 0 || (long) bufsz < 0) + return -EINVAL; + if (msgflg & MSG_COPY) { +- copy = prepare_copy(buf, bufsz, msgflg, &msgtyp, ©_number); ++ copy = prepare_copy(buf, min_t(size_t, bufsz, ns->msg_ctlmax), ++ msgflg, &msgtyp, ©_number); + if (IS_ERR(copy)) + return PTR_ERR(copy); + } + mode = convert_mode(&msgtyp, msgflg); +- ns = current->nsproxy->ipc_ns; + + msq = msg_lock_check(ns, msqid); + if (IS_ERR(msq)) { +diff --git a/ipc/msgutil.c b/ipc/msgutil.c +index ebfcbfa..5df8e4b 100644 +--- a/ipc/msgutil.c ++++ b/ipc/msgutil.c +@@ -117,9 +117,6 @@ struct msg_msg *copy_msg(struct msg_msg *src, struct msg_msg *dst) + if (alen > DATALEN_MSG) + alen = DATALEN_MSG; + +- dst->next = NULL; +- dst->security = NULL; +- + memcpy(dst + 1, src + 1, alen); + + len -= alen; diff --git a/ipc/sem.c b/ipc/sem.c -index 5215a81..cfc0cac 100644 +index 58d31f1..cce7a55 100644 --- a/ipc/sem.c +++ b/ipc/sem.c @@ -364,10 +364,15 @@ static inline int sem_more_checks(struct kern_ipc_perm *ipcp, @@ -67243,7 +72639,7 @@ index 5215a81..cfc0cac 100644 sem_params.flg = semflg; sem_params.u.nsems = nsems; diff --git a/ipc/shm.c b/ipc/shm.c -index 00faa05..7040960 100644 +index 4fa6d8f..55cff14 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -69,6 +69,14 @@ static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp); @@ -67252,7 +72648,7 @@ index 00faa05..7040960 100644 +#ifdef CONFIG_GRKERNSEC +extern int gr_handle_shmat(const pid_t shm_cprid, const pid_t shm_lapid, -+ const time_t shm_createtime, const uid_t cuid, ++ const time_t shm_createtime, const kuid_t cuid, + const int shmid); +extern int gr_chroot_shmat(const pid_t shm_cprid, const pid_t shm_lapid, + const time_t shm_createtime); @@ -67261,7 +72657,7 @@ index 00faa05..7040960 100644 void shm_init_ns(struct ipc_namespace *ns) { ns->shm_ctlmax = SHMMAX; -@@ -520,6 +528,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) +@@ -521,6 +529,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) shp->shm_lprid = 0; shp->shm_atim = shp->shm_dtim = 0; shp->shm_ctim = get_seconds(); @@ -67276,7 +72672,7 @@ index 00faa05..7040960 100644 shp->shm_segsz = size; shp->shm_nattch = 0; shp->shm_file = file; -@@ -571,18 +587,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp, +@@ -572,18 +588,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp, return 0; } @@ -67301,7 +72697,7 @@ index 00faa05..7040960 100644 shm_params.key = key; shm_params.flg = shmflg; shm_params.u.size = size; -@@ -1001,6 +1018,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, +@@ -1004,6 +1021,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, f_mode = FMODE_READ | FMODE_WRITE; } if (shmflg & SHM_EXEC) { @@ -67314,7 +72710,7 @@ index 00faa05..7040960 100644 prot |= PROT_EXEC; acc_mode |= S_IXUGO; } -@@ -1024,9 +1047,21 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, +@@ -1027,9 +1050,21 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, if (err) goto out_unlock; @@ -67337,7 +72733,7 @@ index 00faa05..7040960 100644 shm_unlock(shp); diff --git a/kernel/acct.c b/kernel/acct.c -index 02e6167..54824f7 100644 +index 051e071..15e0920 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -550,7 +550,7 @@ static void do_acct_process(struct bsd_acct_struct *acct, @@ -67350,10 +72746,10 @@ index 02e6167..54824f7 100644 current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim; set_fs(fs); diff --git a/kernel/audit.c b/kernel/audit.c -index a8c84be..8bd034c 100644 +index d596e53..dbef3c3 100644 --- a/kernel/audit.c +++ b/kernel/audit.c -@@ -115,7 +115,7 @@ u32 audit_sig_sid = 0; +@@ -116,7 +116,7 @@ u32 audit_sig_sid = 0; 3) suppressed due to audit_rate_limit 4) suppressed due to audit_backlog_limit */ @@ -67362,7 +72758,7 @@ index a8c84be..8bd034c 100644 /* The netlink socket. */ static struct sock *audit_sock; -@@ -237,7 +237,7 @@ void audit_log_lost(const char *message) +@@ -238,7 +238,7 @@ void audit_log_lost(const char *message) unsigned long now; int print; @@ -67371,7 +72767,7 @@ index a8c84be..8bd034c 100644 print = (audit_failure == AUDIT_FAIL_PANIC || !audit_rate_limit); -@@ -256,7 +256,7 @@ void audit_log_lost(const char *message) +@@ -257,7 +257,7 @@ void audit_log_lost(const char *message) printk(KERN_WARNING "audit: audit_lost=%d audit_rate_limit=%d " "audit_backlog_limit=%d\n", @@ -67380,20 +72776,20 @@ index a8c84be..8bd034c 100644 audit_rate_limit, audit_backlog_limit); audit_panic(message); -@@ -690,7 +690,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) +@@ -681,7 +681,7 @@ static int audit_receive_msg(struct sk_buff *skb, struct nlmsghdr *nlh) status_set.pid = audit_pid; status_set.rate_limit = audit_rate_limit; status_set.backlog_limit = audit_backlog_limit; - status_set.lost = atomic_read(&audit_lost); + status_set.lost = atomic_read_unchecked(&audit_lost); status_set.backlog = skb_queue_len(&audit_skb_queue); - audit_send_reply(NETLINK_CB(skb).pid, seq, AUDIT_GET, 0, 0, + audit_send_reply(NETLINK_CB(skb).portid, seq, AUDIT_GET, 0, 0, &status_set, sizeof(status_set)); diff --git a/kernel/auditsc.c b/kernel/auditsc.c -index 4b96415..d8c16ee 100644 +index a371f85..da826c1 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c -@@ -2289,7 +2289,7 @@ int auditsc_get_stamp(struct audit_context *ctx, +@@ -2292,7 +2292,7 @@ int auditsc_get_stamp(struct audit_context *ctx, } /* global counter which is incremented every time something logs in */ @@ -67402,7 +72798,7 @@ index 4b96415..d8c16ee 100644 /** * audit_set_loginuid - set current task's audit_context loginuid -@@ -2313,7 +2313,7 @@ int audit_set_loginuid(uid_t loginuid) +@@ -2316,7 +2316,7 @@ int audit_set_loginuid(kuid_t loginuid) return -EPERM; #endif /* CONFIG_AUDIT_LOGINUID_IMMUTABLE */ @@ -67412,7 +72808,7 @@ index 4b96415..d8c16ee 100644 struct audit_buffer *ab; diff --git a/kernel/capability.c b/kernel/capability.c -index 493d972..ea17248 100644 +index 493d972..f87dfbd 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -202,6 +202,9 @@ SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t, dataptr) @@ -67468,11 +72864,11 @@ index 493d972..ea17248 100644 +bool ns_capable_nolog(struct user_namespace *ns, int cap) +{ + if (unlikely(!cap_valid(cap))) { -+ printk(KERN_CRIT "capable() called with invalid cap=%u\n", cap); ++ printk(KERN_CRIT "capable_nolog() called with invalid cap=%u\n", cap); + BUG(); + } + -+ if (security_capable(current_cred(), ns, cap) == 0 && gr_is_capable_nolog(cap)) { ++ if (security_capable_noaudit(current_cred(), ns, cap) == 0 && gr_is_capable_nolog(cap)) { + current->flags |= PF_SUPERPRIV; + return true; + } @@ -67508,10 +72904,10 @@ index 493d972..ea17248 100644 + return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid); +} diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index 2cd3492..bda346c 100644 +index 1e23664..570a83d 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c -@@ -5396,7 +5396,7 @@ static int cgroup_css_links_read(struct cgroup *cont, +@@ -5543,7 +5543,7 @@ static int cgroup_css_links_read(struct cgroup *cont, struct css_set *cg = link->cg; struct task_struct *task; int count = 0; @@ -67521,7 +72917,7 @@ index 2cd3492..bda346c 100644 if (count++ > MAX_TASKS_SHOWN_PER_CSS) { seq_puts(seq, " ...\n"); diff --git a/kernel/compat.c b/kernel/compat.c -index c28a306..b4d0cf3 100644 +index 36700e9..73d770c 100644 --- a/kernel/compat.c +++ b/kernel/compat.c @@ -13,6 +13,7 @@ @@ -67577,7 +72973,7 @@ index c28a306..b4d0cf3 100644 set_fs(old_fs); if (ret) -@@ -550,8 +551,8 @@ compat_sys_wait4(compat_pid_t pid, compat_uint_t __user *stat_addr, int options, +@@ -552,8 +553,8 @@ COMPAT_SYSCALL_DEFINE4(wait4, set_fs (KERNEL_DS); ret = sys_wait4(pid, (stat_addr ? @@ -67588,7 +72984,7 @@ index c28a306..b4d0cf3 100644 set_fs (old_fs); if (ret > 0) { -@@ -576,8 +577,8 @@ asmlinkage long compat_sys_waitid(int which, compat_pid_t pid, +@@ -579,8 +580,8 @@ COMPAT_SYSCALL_DEFINE5(waitid, memset(&info, 0, sizeof(info)); set_fs(KERNEL_DS); @@ -67599,7 +72995,7 @@ index c28a306..b4d0cf3 100644 set_fs(old_fs); if ((ret < 0) || (info.si_signo == 0)) -@@ -707,8 +708,8 @@ long compat_sys_timer_settime(timer_t timer_id, int flags, +@@ -714,8 +715,8 @@ long compat_sys_timer_settime(timer_t timer_id, int flags, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_timer_settime(timer_id, flags, @@ -67610,7 +73006,7 @@ index c28a306..b4d0cf3 100644 set_fs(oldfs); if (!err && old && put_compat_itimerspec(old, &oldts)) return -EFAULT; -@@ -725,7 +726,7 @@ long compat_sys_timer_gettime(timer_t timer_id, +@@ -732,7 +733,7 @@ long compat_sys_timer_gettime(timer_t timer_id, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_timer_gettime(timer_id, @@ -67619,7 +73015,7 @@ index c28a306..b4d0cf3 100644 set_fs(oldfs); if (!err && put_compat_itimerspec(setting, &ts)) return -EFAULT; -@@ -744,7 +745,7 @@ long compat_sys_clock_settime(clockid_t which_clock, +@@ -751,7 +752,7 @@ long compat_sys_clock_settime(clockid_t which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_settime(which_clock, @@ -67628,7 +73024,7 @@ index c28a306..b4d0cf3 100644 set_fs(oldfs); return err; } -@@ -759,7 +760,7 @@ long compat_sys_clock_gettime(clockid_t which_clock, +@@ -766,7 +767,7 @@ long compat_sys_clock_gettime(clockid_t which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_gettime(which_clock, @@ -67637,7 +73033,7 @@ index c28a306..b4d0cf3 100644 set_fs(oldfs); if (!err && put_compat_timespec(&ts, tp)) return -EFAULT; -@@ -779,7 +780,7 @@ long compat_sys_clock_adjtime(clockid_t which_clock, +@@ -786,7 +787,7 @@ long compat_sys_clock_adjtime(clockid_t which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); @@ -67646,7 +73042,7 @@ index c28a306..b4d0cf3 100644 set_fs(oldfs); err = compat_put_timex(utp, &txc); -@@ -799,7 +800,7 @@ long compat_sys_clock_getres(clockid_t which_clock, +@@ -806,7 +807,7 @@ long compat_sys_clock_getres(clockid_t which_clock, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_getres(which_clock, @@ -67655,7 +73051,7 @@ index c28a306..b4d0cf3 100644 set_fs(oldfs); if (!err && tp && put_compat_timespec(&ts, tp)) return -EFAULT; -@@ -811,9 +812,9 @@ static long compat_clock_nanosleep_restart(struct restart_block *restart) +@@ -818,9 +819,9 @@ static long compat_clock_nanosleep_restart(struct restart_block *restart) long err; mm_segment_t oldfs; struct timespec tu; @@ -67667,7 +73063,7 @@ index c28a306..b4d0cf3 100644 oldfs = get_fs(); set_fs(KERNEL_DS); err = clock_nanosleep_restart(restart); -@@ -845,8 +846,8 @@ long compat_sys_clock_nanosleep(clockid_t which_clock, int flags, +@@ -852,8 +853,8 @@ long compat_sys_clock_nanosleep(clockid_t which_clock, int flags, oldfs = get_fs(); set_fs(KERNEL_DS); err = sys_clock_nanosleep(which_clock, flags, @@ -67703,10 +73099,10 @@ index 42e8fa0..9e7406b 100644 return -ENOMEM; diff --git a/kernel/cred.c b/kernel/cred.c -index de728ac..e3c267c 100644 +index e0573a4..3874e41 100644 --- a/kernel/cred.c +++ b/kernel/cred.c -@@ -207,6 +207,16 @@ void exit_creds(struct task_struct *tsk) +@@ -164,6 +164,16 @@ void exit_creds(struct task_struct *tsk) validate_creds(cred); alter_cred_subscribers(cred, -1); put_cred(cred); @@ -67723,7 +73119,7 @@ index de728ac..e3c267c 100644 } /** -@@ -469,7 +479,7 @@ error_put: +@@ -411,7 +421,7 @@ static bool cred_cap_issubset(const struct cred *set, const struct cred *subset) * Always returns 0 thus allowing this function to be tail-called at the end * of, say, sys_setgid(). */ @@ -67732,7 +73128,7 @@ index de728ac..e3c267c 100644 { struct task_struct *task = current; const struct cred *old = task->real_cred; -@@ -488,6 +498,8 @@ int commit_creds(struct cred *new) +@@ -430,6 +440,8 @@ int commit_creds(struct cred *new) get_cred(new); /* we will require a ref for the subj creds too */ @@ -67741,7 +73137,7 @@ index de728ac..e3c267c 100644 /* dumpability changes */ if (!uid_eq(old->euid, new->euid) || !gid_eq(old->egid, new->egid) || -@@ -537,6 +549,101 @@ int commit_creds(struct cred *new) +@@ -479,6 +491,102 @@ int commit_creds(struct cred *new) put_cred(old); return 0; } @@ -67755,7 +73151,7 @@ index de728ac..e3c267c 100644 + + current->delayed_cred = NULL; + -+ if (current_uid() && new != NULL) { ++ if (!uid_eq(current_uid(), GLOBAL_ROOT_UID) && new != NULL) { + // from doing get_cred on it when queueing this + put_cred(new); + return; @@ -67816,7 +73212,8 @@ index de728ac..e3c267c 100644 + init_cred + */ + if (grsec_enable_setxid && !current_is_single_threaded() && -+ !current_uid() && new->uid) { ++ uid_eq(current_uid(), GLOBAL_ROOT_UID) && ++ !uid_eq(new->uid, GLOBAL_ROOT_UID)) { + schedule_it = 1; + } + ret = __commit_creds(new); @@ -67844,7 +73241,7 @@ index de728ac..e3c267c 100644 /** diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c -index 0557f24..1a00d9a 100644 +index 9a61738..c5c8f3a 100644 --- a/kernel/debug/debug_core.c +++ b/kernel/debug/debug_core.c @@ -122,7 +122,7 @@ static DEFINE_RAW_SPINLOCK(dbg_slave_lock); @@ -67885,7 +73282,7 @@ index 0557f24..1a00d9a 100644 if (kgdb_info[sstep_cpu].task) kgdb_sstep_pid = kgdb_info[sstep_cpu].task->pid; else -@@ -861,18 +861,18 @@ static void kgdb_unregister_callbacks(void) +@@ -887,18 +887,18 @@ static void kgdb_unregister_callbacks(void) static void kgdb_tasklet_bpt(unsigned long ing) { kgdb_breakpoint(); @@ -67908,11 +73305,11 @@ index 0557f24..1a00d9a 100644 } EXPORT_SYMBOL_GPL(kgdb_schedule_breakpoint); diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c -index 31df170..bc98840 100644 +index 8875254..7cf4928 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c -@@ -1971,7 +1971,7 @@ static int kdb_lsmod(int argc, const char **argv) - list_for_each_entry(mod, kdb_modules, list) { +@@ -1974,7 +1974,7 @@ static int kdb_lsmod(int argc, const char **argv) + continue; kdb_printf("%-20s%8u 0x%p ", mod->name, - mod->core_size, (void *)mod); @@ -67920,7 +73317,7 @@ index 31df170..bc98840 100644 #ifdef CONFIG_MODULE_UNLOAD kdb_printf("%4ld ", module_refcount(mod)); #endif -@@ -1981,7 +1981,7 @@ static int kdb_lsmod(int argc, const char **argv) +@@ -1984,7 +1984,7 @@ static int kdb_lsmod(int argc, const char **argv) kdb_printf(" (Loading)"); else kdb_printf(" (Live)"); @@ -67930,10 +73327,10 @@ index 31df170..bc98840 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index 7fee567..8affa2c 100644 +index 7b6646a..3cb1135 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c -@@ -181,7 +181,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write, +@@ -182,7 +182,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write, return 0; } @@ -67942,7 +73339,7 @@ index 7fee567..8affa2c 100644 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, enum event_type_t event_type); -@@ -2665,7 +2665,7 @@ static void __perf_event_read(void *info) +@@ -2677,7 +2677,7 @@ static void __perf_event_read(void *info) static inline u64 perf_event_count(struct perf_event *event) { @@ -67951,7 +73348,7 @@ index 7fee567..8affa2c 100644 } static u64 perf_event_read(struct perf_event *event) -@@ -2995,9 +2995,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) +@@ -3007,9 +3007,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) mutex_lock(&event->child_mutex); total += perf_event_read(event); *enabled += event->total_time_enabled + @@ -67963,7 +73360,7 @@ index 7fee567..8affa2c 100644 list_for_each_entry(child, &event->child_list, child_list) { total += perf_event_read(child); -@@ -3406,10 +3406,10 @@ void perf_event_update_userpage(struct perf_event *event) +@@ -3412,10 +3412,10 @@ void perf_event_update_userpage(struct perf_event *event) userpg->offset -= local64_read(&event->hw.prev_count); userpg->time_enabled = enabled + @@ -67976,7 +73373,7 @@ index 7fee567..8affa2c 100644 arch_perf_update_userpage(userpg, now); -@@ -3842,11 +3842,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, +@@ -3974,11 +3974,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, values[n++] = perf_event_count(event); if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { values[n++] = enabled + @@ -67990,7 +73387,7 @@ index 7fee567..8affa2c 100644 } if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(event); -@@ -4524,12 +4524,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) +@@ -4721,12 +4721,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) * need to add enough zero bytes after the string to handle * the 64bit alignment we do later. */ @@ -68005,16 +73402,16 @@ index 7fee567..8affa2c 100644 if (IS_ERR(name)) { name = strncpy(tmp, "//toolong", sizeof(tmp)); goto got_name; -@@ -5968,7 +5968,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, +@@ -6165,7 +6165,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, event->parent = parent_event; - event->ns = get_pid_ns(current->nsproxy->pid_ns); + event->ns = get_pid_ns(task_active_pid_ns(current)); - event->id = atomic64_inc_return(&perf_event_id); + event->id = atomic64_inc_return_unchecked(&perf_event_id); event->state = PERF_EVENT_STATE_INACTIVE; -@@ -6567,10 +6567,10 @@ static void sync_child_event(struct perf_event *child_event, +@@ -6790,10 +6790,10 @@ static void sync_child_event(struct perf_event *child_event, /* * Add back the child's count to the parent's count: */ @@ -68029,10 +73426,10 @@ index 7fee567..8affa2c 100644 /* diff --git a/kernel/exit.c b/kernel/exit.c -index f65345f9..1423231 100644 +index b4df219..f13c02d 100644 --- a/kernel/exit.c +++ b/kernel/exit.c -@@ -182,6 +182,10 @@ void release_task(struct task_struct * p) +@@ -170,6 +170,10 @@ void release_task(struct task_struct * p) struct task_struct *leader; int zap_leader; repeat: @@ -68043,7 +73440,7 @@ index f65345f9..1423231 100644 /* don't need to get the RCU readlock here - the process is dead and * can't be modifying its own credentials. But shut RCU-lockdep up */ rcu_read_lock(); -@@ -394,7 +398,7 @@ int allow_signal(int sig) +@@ -338,7 +342,7 @@ int allow_signal(int sig) * know it'll be handled, so that they don't get converted to * SIGKILL or just silently dropped. */ @@ -68052,16 +73449,7 @@ index f65345f9..1423231 100644 recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); return 0; -@@ -430,6 +434,8 @@ void daemonize(const char *name, ...) - vsnprintf(current->comm, sizeof(current->comm), name, args); - va_end(args); - -+ gr_set_kernel_label(current); -+ - /* - * If we were started as result of loading a module, close all of the - * user space pages. We don't need them, and if we didn't close them -@@ -907,6 +913,8 @@ void do_exit(long code) +@@ -708,6 +712,8 @@ void do_exit(long code) struct task_struct *tsk = current; int group_dead; @@ -68070,7 +73458,7 @@ index f65345f9..1423231 100644 profile_task_exit(tsk); WARN_ON(blk_needs_flush_plug(tsk)); -@@ -923,7 +931,6 @@ void do_exit(long code) +@@ -724,7 +730,6 @@ void do_exit(long code) * mm_release()->clear_child_tid() from writing to a user-controlled * kernel address. */ @@ -68078,7 +73466,7 @@ index f65345f9..1423231 100644 ptrace_event(PTRACE_EVENT_EXIT, code); -@@ -982,6 +989,9 @@ void do_exit(long code) +@@ -783,6 +788,9 @@ void do_exit(long code) tsk->exit_code = code; taskstats_exit(tsk, group_dead); @@ -68088,7 +73476,7 @@ index f65345f9..1423231 100644 exit_mm(tsk); if (group_dead) -@@ -1099,7 +1109,7 @@ SYSCALL_DEFINE1(exit, int, error_code) +@@ -903,7 +911,7 @@ SYSCALL_DEFINE1(exit, int, error_code) * Take down every thread in the group. This is called by fatal signals * as well as by sys_exit_group (below). */ @@ -68098,7 +73486,7 @@ index f65345f9..1423231 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index 2c8857e..288c9c7 100644 +index c535f33..1d768f9 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -318,7 +318,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) @@ -68110,7 +73498,7 @@ index 2c8857e..288c9c7 100644 #endif /* -@@ -343,13 +343,78 @@ free_tsk: +@@ -344,13 +344,81 @@ free_tsk: } #ifdef CONFIG_MMU @@ -68157,7 +73545,10 @@ index 2c8857e..288c9c7 100644 + mapping->i_mmap_writable++; + flush_dcache_mmap_lock(mapping); + /* insert tmp into the share list, just after mpnt */ -+ vma_prio_tree_add(tmp, mpnt); ++ if (unlikely(tmp->vm_flags & VM_NONLINEAR)) ++ vma_nonlinear_insert(tmp, &mapping->i_mmap_nonlinear); ++ else ++ vma_interval_tree_insert_after(tmp, mpnt, &mapping->i_mmap); + flush_dcache_mmap_unlock(mapping); + mutex_unlock(&mapping->i_mmap_mutex); + } @@ -68189,9 +73580,9 @@ index 2c8857e..288c9c7 100644 - unsigned long charge; - struct mempolicy *pol; + uprobe_start_dup_mmap(); down_write(&oldmm->mmap_sem); - flush_cache_dup_mm(oldmm); -@@ -361,8 +426,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -364,8 +432,8 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) mm->locked_vm = 0; mm->mmap = NULL; mm->mmap_cache = NULL; @@ -68202,7 +73593,7 @@ index 2c8857e..288c9c7 100644 mm->map_count = 0; cpumask_clear(mm_cpumask(mm)); mm->mm_rb = RB_ROOT; -@@ -378,52 +443,15 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -381,57 +449,15 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) prev = NULL; for (mpnt = oldmm->mmap; mpnt; mpnt = mpnt->vm_next) { @@ -68249,7 +73640,12 @@ index 2c8857e..288c9c7 100644 - mapping->i_mmap_writable++; - flush_dcache_mmap_lock(mapping); - /* insert tmp into the share list, just after mpnt */ -- vma_prio_tree_add(tmp, mpnt); +- if (unlikely(tmp->vm_flags & VM_NONLINEAR)) +- vma_nonlinear_insert(tmp, +- &mapping->i_mmap_nonlinear); +- else +- vma_interval_tree_insert_after(tmp, mpnt, +- &mapping->i_mmap); - flush_dcache_mmap_unlock(mapping); - mutex_unlock(&mapping->i_mmap_mutex); + tmp = dup_vma(mm, oldmm, mpnt); @@ -68259,13 +73655,9 @@ index 2c8857e..288c9c7 100644 } /* -@@ -455,9 +483,34 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) +@@ -463,6 +489,31 @@ static int dup_mmap(struct mm_struct *mm, struct mm_struct *oldmm) if (retval) goto out; - -- if (file) -+ if (tmp->vm_file) - uprobe_mmap(tmp); } + +#ifdef CONFIG_PAX_SEGMEXEC @@ -68295,9 +73687,9 @@ index 2c8857e..288c9c7 100644 /* a new mm has just been created */ arch_dup_mmap(oldmm, mm); retval = 0; -@@ -466,14 +519,6 @@ out: - flush_tlb_mm(oldmm); +@@ -472,14 +523,6 @@ out: up_write(&oldmm->mmap_sem); + uprobe_end_dup_mmap(); return retval; -fail_nomem_anon_vma_fork: - mpol_put(pol); @@ -68310,7 +73702,7 @@ index 2c8857e..288c9c7 100644 } static inline int mm_alloc_pgd(struct mm_struct *mm) -@@ -710,8 +755,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) +@@ -694,8 +737,8 @@ struct mm_struct *mm_access(struct task_struct *task, unsigned int mode) return ERR_PTR(err); mm = get_task_mm(task); @@ -68321,7 +73713,7 @@ index 2c8857e..288c9c7 100644 mmput(mm); mm = ERR_PTR(-EACCES); } -@@ -932,13 +977,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) +@@ -917,13 +960,20 @@ static int copy_fs(unsigned long clone_flags, struct task_struct *tsk) spin_unlock(&fs->lock); return -EAGAIN; } @@ -68343,7 +73735,7 @@ index 2c8857e..288c9c7 100644 return 0; } -@@ -1205,6 +1257,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1193,6 +1243,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, DEBUG_LOCKS_WARN_ON(!p->softirqs_enabled); #endif retval = -EAGAIN; @@ -68353,17 +73745,19 @@ index 2c8857e..288c9c7 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && -@@ -1427,6 +1482,9 @@ static struct task_struct *copy_process(unsigned long clone_flags, - /* Need tasklist lock for parent etc handling! */ - write_lock_irq(&tasklist_lock); +@@ -1432,6 +1485,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, + goto bad_fork_free_pid; + } -+ /* synchronizes with gr_set_acls() */ ++ /* synchronizes with gr_set_acls() ++ we need to call this past the point of no return for fork() ++ */ + gr_copy_label(p); + - /* CLONE_PARENT re-uses the old parent */ - if (clone_flags & (CLONE_PARENT|CLONE_THREAD)) { - p->real_parent = current->real_parent; -@@ -1537,6 +1595,8 @@ bad_fork_cleanup_count: + if (clone_flags & CLONE_THREAD) { + current->signal->nr_threads++; + atomic_inc(¤t->signal->live); +@@ -1515,6 +1573,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -68372,7 +73766,31 @@ index 2c8857e..288c9c7 100644 return ERR_PTR(retval); } -@@ -1637,6 +1697,8 @@ long do_fork(unsigned long clone_flags, +@@ -1565,6 +1625,23 @@ long do_fork(unsigned long clone_flags, + return -EINVAL; + } + ++#ifdef CONFIG_GRKERNSEC ++ if (clone_flags & CLONE_NEWUSER) { ++ /* ++ * This doesn't really inspire confidence: ++ * http://marc.info/?l=linux-kernel&m=135543612731939&w=2 ++ * http://marc.info/?l=linux-kernel&m=135545831607095&w=2 ++ * Increases kernel attack surface in areas developers ++ * previously cared little about ("low importance due ++ * to requiring "root" capability") ++ * To be removed when this code receives *proper* review ++ */ ++ if (!capable(CAP_SYS_ADMIN) || !capable(CAP_SETUID) || ++ !capable(CAP_SETGID)) ++ return -EPERM; ++ } ++#endif ++ + /* + * Determine whether and which event to report to ptracer. When + * called from kernel_thread or CLONE_UNTRACED is explicitly +@@ -1599,6 +1676,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -68381,7 +73799,7 @@ index 2c8857e..288c9c7 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1735,7 +1797,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1752,7 +1831,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -68390,7 +73808,7 @@ index 2c8857e..288c9c7 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1824,7 +1886,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1866,7 +1945,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -68470,7 +73888,7 @@ index 9b22d03..6295b62 100644 prev->next = info->next; else diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index cdd5607..8078b66 100644 +index cdd5607..c3fc919 100644 --- a/kernel/hrtimer.c +++ b/kernel/hrtimer.c @@ -1407,7 +1407,7 @@ void hrtimer_peek_ahead_timers(void) @@ -68482,8 +73900,17 @@ index cdd5607..8078b66 100644 { struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases); +@@ -1751,7 +1751,7 @@ static int __cpuinit hrtimer_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata hrtimers_nb = { ++static struct notifier_block hrtimers_nb = { + .notifier_call = hrtimer_cpu_notify, + }; + diff --git a/kernel/jump_label.c b/kernel/jump_label.c -index 4304919..408c4c0 100644 +index 60f48fa..7f3a770 100644 --- a/kernel/jump_label.c +++ b/kernel/jump_label.c @@ -13,6 +13,7 @@ @@ -68504,7 +73931,7 @@ index 4304919..408c4c0 100644 } static void jump_label_update(struct static_key *key, int enable); -@@ -356,10 +359,12 @@ static void jump_label_invalidate_module_init(struct module *mod) +@@ -357,10 +360,12 @@ static void jump_label_invalidate_module_init(struct module *mod) struct jump_entry *iter_stop = iter_start + mod->num_jump_entries; struct jump_entry *iter; @@ -68518,7 +73945,7 @@ index 4304919..408c4c0 100644 static int diff --git a/kernel/kallsyms.c b/kernel/kallsyms.c -index 2169fee..45c017a 100644 +index 2169fee..706ccca 100644 --- a/kernel/kallsyms.c +++ b/kernel/kallsyms.c @@ -11,6 +11,9 @@ @@ -68607,7 +74034,7 @@ index 2169fee..45c017a 100644 struct kallsym_iter *iter = m->private; +#ifdef CONFIG_GRKERNSEC_HIDESYM -+ if (current_uid()) ++ if (!uid_eq(current_uid(), GLOBAL_ROOT_UID)) + return 0; +#endif + @@ -68632,10 +74059,10 @@ index 2169fee..45c017a 100644 return -ENOMEM; reset_iter(iter, 0); diff --git a/kernel/kcmp.c b/kernel/kcmp.c -index 30b7b22..c726387 100644 +index e30ac0f..3528cac 100644 --- a/kernel/kcmp.c +++ b/kernel/kcmp.c -@@ -98,6 +98,10 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type, +@@ -99,6 +99,10 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type, struct task_struct *task1, *task2; int ret; @@ -68647,10 +74074,10 @@ index 30b7b22..c726387 100644 /* diff --git a/kernel/kexec.c b/kernel/kexec.c -index 0668d58..591b6fc 100644 +index 5e4bd78..00c5b91 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c -@@ -1046,7 +1046,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry, +@@ -1045,7 +1045,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry, unsigned long flags) { struct compat_kexec_segment in; @@ -68661,10 +74088,10 @@ index 0668d58..591b6fc 100644 /* Don't allow clients that don't understand the native diff --git a/kernel/kmod.c b/kernel/kmod.c -index 6f99aea..eb6e3a0 100644 +index 0023a87..9c0c068 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c -@@ -73,7 +73,7 @@ static void free_modprobe_argv(struct subprocess_info *info) +@@ -74,7 +74,7 @@ static void free_modprobe_argv(struct subprocess_info *info) kfree(info->argv); } @@ -68673,7 +74100,7 @@ index 6f99aea..eb6e3a0 100644 { static char *envp[] = { "HOME=/", -@@ -82,7 +82,7 @@ static int call_modprobe(char *module_name, int wait) +@@ -83,7 +83,7 @@ static int call_modprobe(char *module_name, int wait) NULL }; @@ -68682,7 +74109,7 @@ index 6f99aea..eb6e3a0 100644 if (!argv) goto out; -@@ -94,7 +94,8 @@ static int call_modprobe(char *module_name, int wait) +@@ -95,7 +95,8 @@ static int call_modprobe(char *module_name, int wait) argv[1] = "-q"; argv[2] = "--"; argv[3] = module_name; /* check free_modprobe_argv() */ @@ -68692,7 +74119,7 @@ index 6f99aea..eb6e3a0 100644 return call_usermodehelper_fns(modprobe_path, argv, envp, wait | UMH_KILLABLE, NULL, free_modprobe_argv, NULL); -@@ -119,9 +120,8 @@ out: +@@ -120,9 +121,8 @@ out: * If module auto-loading support is disabled then this function * becomes a no-operation. */ @@ -68703,7 +74130,7 @@ index 6f99aea..eb6e3a0 100644 char module_name[MODULE_NAME_LEN]; unsigned int max_modprobes; int ret; -@@ -129,9 +129,7 @@ int __request_module(bool wait, const char *fmt, ...) +@@ -130,9 +130,7 @@ int __request_module(bool wait, const char *fmt, ...) #define MAX_KMOD_CONCURRENT 50 /* Completely arbitrary value - KAO */ static int kmod_loop_msg; @@ -68714,12 +74141,12 @@ index 6f99aea..eb6e3a0 100644 if (ret >= MODULE_NAME_LEN) return -ENAMETOOLONG; -@@ -139,6 +137,20 @@ int __request_module(bool wait, const char *fmt, ...) +@@ -140,6 +138,20 @@ int __request_module(bool wait, const char *fmt, ...) if (ret) return ret; +#ifdef CONFIG_GRKERNSEC_MODHARDEN -+ if (!current_uid()) { ++ if (uid_eq(current_uid(), GLOBAL_ROOT_UID)) { + /* hack to workaround consolekit/udisks stupidity */ + read_lock(&tasklist_lock); + if (!strcmp(current->comm, "mount") && @@ -68735,7 +74162,7 @@ index 6f99aea..eb6e3a0 100644 /* If modprobe needs a service that is in a module, we get a recursive * loop. Limit the number of running kmod threads to max_threads/2 or * MAX_KMOD_CONCURRENT, whichever is the smaller. A cleaner method -@@ -167,11 +179,52 @@ int __request_module(bool wait, const char *fmt, ...) +@@ -168,11 +180,52 @@ int __request_module(bool wait, const char *fmt, ...) trace_module_request(module_name, wait, _RET_IP_); @@ -68764,12 +74191,12 @@ index 6f99aea..eb6e3a0 100644 + int ret; + +#ifdef CONFIG_GRKERNSEC_MODHARDEN -+ if (current_uid()) { ++ if (!uid_eq(current_uid(), GLOBAL_ROOT_UID)) { + char module_param[MODULE_NAME_LEN]; + + memset(module_param, 0, sizeof(module_param)); + -+ snprintf(module_param, sizeof(module_param) - 1, "grsec_modharden_normal%u_", current_uid()); ++ snprintf(module_param, sizeof(module_param) - 1, "grsec_modharden_normal%u_", GR_GLOBAL_UID(current_uid())); + + va_start(args, fmt); + ret = ____request_module(wait, module_param, fmt, args); @@ -68789,7 +74216,7 @@ index 6f99aea..eb6e3a0 100644 EXPORT_SYMBOL(__request_module); #endif /* CONFIG_MODULES */ -@@ -280,7 +333,7 @@ static int wait_for_helper(void *data) +@@ -283,7 +336,7 @@ static int wait_for_helper(void *data) * * Thus the __user pointer cast is valid here. */ @@ -68798,8 +74225,17 @@ index 6f99aea..eb6e3a0 100644 /* * If ret is 0, either ____call_usermodehelper failed and the +@@ -635,7 +688,7 @@ EXPORT_SYMBOL(call_usermodehelper_fns); + static int proc_cap_handler(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) + { +- struct ctl_table t; ++ ctl_table_no_const t; + unsigned long cap_array[_KERNEL_CAPABILITY_U32S]; + kernel_cap_t new_cap; + int err, i; diff --git a/kernel/kprobes.c b/kernel/kprobes.c -index c62b854..6fc810d 100644 +index 098f396..fe85ff1 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -185,7 +185,7 @@ static kprobe_opcode_t __kprobes *__get_insn_slot(struct kprobe_insn_cache *c) @@ -68820,7 +74256,7 @@ index c62b854..6fc810d 100644 kfree(kip); } return 1; -@@ -1955,7 +1955,7 @@ static int __init init_kprobes(void) +@@ -2063,7 +2063,7 @@ static int __init init_kprobes(void) { int i, err = 0; unsigned long offset = 0, size = 0; @@ -68829,7 +74265,7 @@ index c62b854..6fc810d 100644 const char *symbol_name; void *addr; struct kprobe_blackpoint *kb; -@@ -2040,11 +2040,11 @@ static void __kprobes report_probe(struct seq_file *pi, struct kprobe *p, +@@ -2148,11 +2148,11 @@ static void __kprobes report_probe(struct seq_file *pi, struct kprobe *p, kprobe_type = "k"; if (sym) @@ -68843,7 +74279,7 @@ index c62b854..6fc810d 100644 p->addr, kprobe_type, p->addr); if (!pp) -@@ -2081,7 +2081,7 @@ static int __kprobes show_kprobe_addr(struct seq_file *pi, void *v) +@@ -2190,7 +2190,7 @@ static int __kprobes show_kprobe_addr(struct seq_file *pi, void *v) const char *sym = NULL; unsigned int i = *(loff_t *) v; unsigned long offset = 0; @@ -68853,10 +74289,10 @@ index c62b854..6fc810d 100644 head = &kprobe_table[i]; preempt_disable(); diff --git a/kernel/ksysfs.c b/kernel/ksysfs.c -index 4e316e1..5501eef 100644 +index 6ada93c..dce7d5d 100644 --- a/kernel/ksysfs.c +++ b/kernel/ksysfs.c -@@ -47,6 +47,8 @@ static ssize_t uevent_helper_store(struct kobject *kobj, +@@ -46,6 +46,8 @@ static ssize_t uevent_helper_store(struct kobject *kobj, { if (count+1 > UEVENT_HELPER_PATH_LEN) return -ENOENT; @@ -68865,8 +74301,17 @@ index 4e316e1..5501eef 100644 memcpy(uevent_helper, buf, count); uevent_helper[count] = '\0'; if (count && uevent_helper[count-1] == '\n') +@@ -172,7 +174,7 @@ static ssize_t notes_read(struct file *filp, struct kobject *kobj, + return count; + } + +-static struct bin_attribute notes_attr = { ++static bin_attribute_no_const notes_attr __read_only = { + .attr = { + .name = "notes", + .mode = S_IRUGO, diff --git a/kernel/lockdep.c b/kernel/lockdep.c -index ea9ee45..67ebc8f 100644 +index 7981e5b..7f2105c 100644 --- a/kernel/lockdep.c +++ b/kernel/lockdep.c @@ -590,6 +590,10 @@ static int static_obj(void *obj) @@ -68888,7 +74333,7 @@ index ea9ee45..67ebc8f 100644 printk("the code is fine but needs lockdep annotation.\n"); printk("turning off the locking correctness validator.\n"); dump_stack(); -@@ -3042,7 +3047,7 @@ static int __lock_acquire(struct lockdep_map *lock, unsigned int subclass, +@@ -3078,7 +3083,7 @@ static int __lock_acquire(struct lockdep_map *lock, unsigned int subclass, if (!class) return 0; } @@ -68898,18 +74343,9 @@ index ea9ee45..67ebc8f 100644 printk("\nacquire class [%p] %s", class->key, class->name); if (class->name_version > 1) diff --git a/kernel/lockdep_proc.c b/kernel/lockdep_proc.c -index 91c32a0..7b88d63 100644 +index b2c71c5..7b88d63 100644 --- a/kernel/lockdep_proc.c +++ b/kernel/lockdep_proc.c -@@ -39,7 +39,7 @@ static void l_stop(struct seq_file *m, void *v) - - static void print_name(struct seq_file *m, struct lock_class *class) - { -- char str[128]; -+ char str[KSYM_NAME_LEN]; - const char *name = class->name; - - if (!name) { @@ -65,7 +65,7 @@ static int l_show(struct seq_file *m, void *v) return 0; } @@ -68956,18 +74392,18 @@ index 91c32a0..7b88d63 100644 seq_printf(m, "%40s %14lu %29s %pS\n", name, stats->contending_point[i], diff --git a/kernel/module.c b/kernel/module.c -index 2a15c59..731c128 100644 +index eab0827..f488603 100644 --- a/kernel/module.c +++ b/kernel/module.c -@@ -58,6 +58,7 @@ - #include <linux/jump_label.h> +@@ -61,6 +61,7 @@ #include <linux/pfn.h> #include <linux/bsearch.h> + #include <linux/fips.h> +#include <linux/grsecurity.h> + #include <uapi/linux/module.h> + #include "module-internal.h" - #define CREATE_TRACE_POINTS - #include <trace/events/module.h> -@@ -114,7 +115,8 @@ static BLOCKING_NOTIFIER_HEAD(module_notify_list); +@@ -156,7 +157,8 @@ static BLOCKING_NOTIFIER_HEAD(module_notify_list); /* Bounds of module allocation, for speeding __module_address. * Protected by module_mutex. */ @@ -68977,7 +74413,7 @@ index 2a15c59..731c128 100644 int register_module_notifier(struct notifier_block * nb) { -@@ -278,7 +280,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, +@@ -322,7 +324,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, return true; list_for_each_entry_rcu(mod, &modules, list) { @@ -68986,16 +74422,16 @@ index 2a15c59..731c128 100644 { mod->syms, mod->syms + mod->num_syms, mod->crcs, NOT_GPL_ONLY, false }, { mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms, -@@ -300,7 +302,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, - #endif - }; +@@ -347,7 +349,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, + if (mod->state == MODULE_STATE_UNFORMED) + continue; - if (each_symbol_in_section(arr, ARRAY_SIZE(arr), mod, fn, data)) + if (each_symbol_in_section(modarr, ARRAY_SIZE(modarr), mod, fn, data)) return true; } return false; -@@ -432,7 +434,7 @@ static inline void __percpu *mod_percpu(struct module *mod) +@@ -484,7 +486,7 @@ static inline void __percpu *mod_percpu(struct module *mod) static int percpu_modalloc(struct module *mod, unsigned long size, unsigned long align) { @@ -69004,7 +74440,7 @@ index 2a15c59..731c128 100644 printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n", mod->name, align, PAGE_SIZE); align = PAGE_SIZE; -@@ -1032,7 +1034,7 @@ struct module_attribute module_uevent = +@@ -1088,7 +1090,7 @@ struct module_attribute module_uevent = static ssize_t show_coresize(struct module_attribute *mattr, struct module_kobject *mk, char *buffer) { @@ -69013,7 +74449,7 @@ index 2a15c59..731c128 100644 } static struct module_attribute modinfo_coresize = -@@ -1041,7 +1043,7 @@ static struct module_attribute modinfo_coresize = +@@ -1097,7 +1099,7 @@ static struct module_attribute modinfo_coresize = static ssize_t show_initsize(struct module_attribute *mattr, struct module_kobject *mk, char *buffer) { @@ -69022,7 +74458,7 @@ index 2a15c59..731c128 100644 } static struct module_attribute modinfo_initsize = -@@ -1255,7 +1257,7 @@ resolve_symbol_wait(struct module *mod, +@@ -1311,7 +1313,7 @@ resolve_symbol_wait(struct module *mod, */ #ifdef CONFIG_SYSFS @@ -69031,7 +74467,25 @@ index 2a15c59..731c128 100644 static inline bool sect_empty(const Elf_Shdr *sect) { return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0; -@@ -1721,21 +1723,21 @@ static void set_section_ro_nx(void *base, +@@ -1451,7 +1453,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info) + { + unsigned int notes, loaded, i; + struct module_notes_attrs *notes_attrs; +- struct bin_attribute *nattr; ++ bin_attribute_no_const *nattr; + + /* failed to create section attributes, so can't create notes */ + if (!mod->sect_attrs) +@@ -1563,7 +1565,7 @@ static void del_usage_links(struct module *mod) + static int module_add_modinfo_attrs(struct module *mod) + { + struct module_attribute *attr; +- struct module_attribute *temp_attr; ++ module_attribute_no_const *temp_attr; + int error = 0; + int i; + +@@ -1777,21 +1779,21 @@ static void set_section_ro_nx(void *base, static void unset_module_core_ro_nx(struct module *mod) { @@ -69061,10 +74515,10 @@ index 2a15c59..731c128 100644 set_memory_rw); } -@@ -1746,14 +1748,14 @@ void set_all_modules_text_rw(void) - - mutex_lock(&module_mutex); +@@ -1804,14 +1806,14 @@ void set_all_modules_text_rw(void) list_for_each_entry_rcu(mod, &modules, list) { + if (mod->state == MODULE_STATE_UNFORMED) + continue; - if ((mod->module_core) && (mod->core_text_size)) { - set_page_attributes(mod->module_core, - mod->module_core + mod->core_text_size, @@ -69082,10 +74536,10 @@ index 2a15c59..731c128 100644 set_memory_rw); } } -@@ -1767,14 +1769,14 @@ void set_all_modules_text_ro(void) - - mutex_lock(&module_mutex); +@@ -1827,14 +1829,14 @@ void set_all_modules_text_ro(void) list_for_each_entry_rcu(mod, &modules, list) { + if (mod->state == MODULE_STATE_UNFORMED) + continue; - if ((mod->module_core) && (mod->core_text_size)) { - set_page_attributes(mod->module_core, - mod->module_core + mod->core_text_size, @@ -69103,7 +74557,7 @@ index 2a15c59..731c128 100644 set_memory_ro); } } -@@ -1820,16 +1822,19 @@ static void free_module(struct module *mod) +@@ -1880,16 +1882,19 @@ static void free_module(struct module *mod) /* This may be NULL, but that's OK */ unset_module_init_ro_nx(mod); @@ -69126,7 +74580,7 @@ index 2a15c59..731c128 100644 #ifdef CONFIG_MPU update_protections(current->mm); -@@ -1899,9 +1904,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1959,9 +1964,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) int ret = 0; const struct kernel_symbol *ksym; @@ -69158,7 +74612,7 @@ index 2a15c59..731c128 100644 switch (sym[i].st_shndx) { case SHN_COMMON: /* We compiled with -fno-common. These are not -@@ -1922,7 +1949,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1982,7 +2009,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) ksym = resolve_symbol_wait(mod, info, name); /* Ok if resolved. */ if (ksym && !IS_ERR(ksym)) { @@ -69168,7 +74622,7 @@ index 2a15c59..731c128 100644 break; } -@@ -1941,11 +1970,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -2001,11 +2030,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) secbase = (unsigned long)mod_percpu(mod); else secbase = info->sechdrs[sym[i].st_shndx].sh_addr; @@ -69189,7 +74643,7 @@ index 2a15c59..731c128 100644 return ret; } -@@ -2049,22 +2087,12 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2089,22 +2127,12 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || strstarts(sname, ".init")) continue; @@ -69216,7 +74670,7 @@ index 2a15c59..731c128 100644 } pr_debug("Init section allocation order:\n"); -@@ -2078,23 +2106,13 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2118,23 +2146,13 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || !strstarts(sname, ".init")) continue; @@ -69245,7 +74699,7 @@ index 2a15c59..731c128 100644 } } -@@ -2266,7 +2284,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2306,7 +2324,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) /* Put symbol section at end of init part of module. */ symsect->sh_flags |= SHF_ALLOC; @@ -69254,7 +74708,7 @@ index 2a15c59..731c128 100644 info->index.sym) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + symsect->sh_name); -@@ -2286,13 +2304,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2323,13 +2341,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) } /* Append room for core symbols at end of core part. */ @@ -69272,7 +74726,7 @@ index 2a15c59..731c128 100644 info->index.str) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + strsect->sh_name); } -@@ -2310,12 +2328,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2347,12 +2365,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) /* Make sure we get permanent strtab: don't use info->strtab. */ mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr; @@ -69287,9 +74741,9 @@ index 2a15c59..731c128 100644 + mod->core_symtab = dst = mod->module_core_rx + info->symoffs; + mod->core_strtab = s = mod->module_core_rx + info->stroffs; src = mod->symtab; - *s++ = 0; for (ndst = i = 0; i < mod->num_symtab; i++) { -@@ -2328,6 +2348,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) + if (i == 0 || +@@ -2364,6 +2384,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) } } mod->core_num_syms = ndst; @@ -69298,8 +74752,8 @@ index 2a15c59..731c128 100644 } #else static inline void layout_symtab(struct module *mod, struct load_info *info) -@@ -2361,17 +2383,33 @@ void * __weak module_alloc(unsigned long size) - return size == 0 ? NULL : vmalloc_exec(size); +@@ -2397,17 +2419,33 @@ void * __weak module_alloc(unsigned long size) + return vmalloc_exec(size); } -static void *module_alloc_update_bounds(unsigned long size) @@ -69337,8 +74791,8 @@ index 2a15c59..731c128 100644 mutex_unlock(&module_mutex); } return ret; -@@ -2549,8 +2587,14 @@ static struct module *setup_load_info(struct load_info *info) - static int check_modinfo(struct module *mod, struct load_info *info) +@@ -2683,8 +2721,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) + static int check_modinfo(struct module *mod, struct load_info *info, int flags) { const char *modmagic = get_modinfo(info, "vermagic"); + const char *license = get_modinfo(info, "license"); @@ -69349,10 +74803,10 @@ index 2a15c59..731c128 100644 + return -ENOEXEC; +#endif + - /* This is allowed: modprobe --force will invalidate it. */ - if (!modmagic) { - err = try_to_force_load(mod, "bad vermagic"); -@@ -2573,7 +2617,7 @@ static int check_modinfo(struct module *mod, struct load_info *info) + if (flags & MODULE_INIT_IGNORE_VERMAGIC) + modmagic = NULL; + +@@ -2710,7 +2754,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) } /* Set up license info based on the info section */ @@ -69361,7 +74815,7 @@ index 2a15c59..731c128 100644 return 0; } -@@ -2667,7 +2711,7 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2804,7 +2848,7 @@ static int move_module(struct module *mod, struct load_info *info) void *ptr; /* Do the allocs. */ @@ -69370,7 +74824,7 @@ index 2a15c59..731c128 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2677,23 +2721,50 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2814,11 +2858,11 @@ static int move_module(struct module *mod, struct load_info *info) if (!ptr) return -ENOMEM; @@ -69379,29 +74833,34 @@ index 2a15c59..731c128 100644 + memset(ptr, 0, mod->core_size_rw); + mod->module_core_rw = ptr; -- ptr = module_alloc_update_bounds(mod->init_size); -+ ptr = module_alloc_update_bounds_rw(mod->init_size_rw); - /* - * The pointer to this block is stored in the module structure - * which is inside the block. This block doesn't need to be - * scanned as it contains data and code that will be freed - * after the module is initialized. - */ -- kmemleak_ignore(ptr); -- if (!ptr && mod->init_size) { -- module_free(mod, mod->module_core); -+ kmemleak_not_leak(ptr); -+ if (!ptr && mod->init_size_rw) { -+ module_free(mod, mod->module_core_rw); -+ return -ENOMEM; -+ } -+ memset(ptr, 0, mod->init_size_rw); -+ mod->module_init_rw = ptr; +- if (mod->init_size) { +- ptr = module_alloc_update_bounds(mod->init_size); ++ if (mod->init_size_rw) { ++ ptr = module_alloc_update_bounds_rw(mod->init_size_rw); + /* + * The pointer to this block is stored in the module structure + * which is inside the block. This block doesn't need to be +@@ -2827,13 +2871,45 @@ static int move_module(struct module *mod, struct load_info *info) + */ + kmemleak_ignore(ptr); + if (!ptr) { +- module_free(mod, mod->module_core); ++ module_free(mod, mod->module_core_rw); + return -ENOMEM; + } +- memset(ptr, 0, mod->init_size); +- mod->module_init = ptr; ++ memset(ptr, 0, mod->init_size_rw); ++ mod->module_init_rw = ptr; + } else +- mod->module_init = NULL; ++ mod->module_init_rw = NULL; + + ptr = module_alloc_update_bounds_rx(mod->core_size_rx); + kmemleak_not_leak(ptr); + if (!ptr) { -+ module_free(mod, mod->module_init_rw); ++ if (mod->module_init_rw) ++ module_free(mod, mod->module_init_rw); + module_free(mod, mod->module_core_rw); + return -ENOMEM; + } @@ -69411,25 +74870,27 @@ index 2a15c59..731c128 100644 + pax_close_kernel(); + mod->module_core_rx = ptr; + -+ ptr = module_alloc_update_bounds_rx(mod->init_size_rx); -+ kmemleak_not_leak(ptr); -+ if (!ptr && mod->init_size_rx) { -+ module_free_exec(mod, mod->module_core_rx); -+ module_free(mod, mod->module_init_rw); -+ module_free(mod, mod->module_core_rw); - return -ENOMEM; - } -- memset(ptr, 0, mod->init_size); -- mod->module_init = ptr; ++ if (mod->init_size_rx) { ++ ptr = module_alloc_update_bounds_rx(mod->init_size_rx); ++ kmemleak_ignore(ptr); ++ if (!ptr && mod->init_size_rx) { ++ module_free_exec(mod, mod->module_core_rx); ++ if (mod->module_init_rw) ++ module_free(mod, mod->module_init_rw); ++ module_free(mod, mod->module_core_rw); ++ return -ENOMEM; ++ } + -+ pax_open_kernel(); -+ memset(ptr, 0, mod->init_size_rx); -+ pax_close_kernel(); -+ mod->module_init_rx = ptr; ++ pax_open_kernel(); ++ memset(ptr, 0, mod->init_size_rx); ++ pax_close_kernel(); ++ mod->module_init_rx = ptr; ++ } else ++ mod->module_init_rx = NULL; /* Transfer each section which specifies SHF_ALLOC */ pr_debug("final section addresses:\n"); -@@ -2704,16 +2775,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2844,16 +2920,45 @@ static int move_module(struct module *mod, struct load_info *info) if (!(shdr->sh_flags & SHF_ALLOC)) continue; @@ -69482,7 +74943,7 @@ index 2a15c59..731c128 100644 pr_debug("\t0x%lx %s\n", (long)shdr->sh_addr, info->secstrings + shdr->sh_name); } -@@ -2768,12 +2868,12 @@ static void flush_module_icache(const struct module *mod) +@@ -2908,12 +3013,12 @@ static void flush_module_icache(const struct module *mod) * Do it before processing of module parameters, so the module * can provide parameter accessor functions of its own. */ @@ -69501,7 +74962,7 @@ index 2a15c59..731c128 100644 set_fs(old_fs); } -@@ -2843,8 +2943,10 @@ out: +@@ -2983,8 +3088,10 @@ out: static void module_deallocate(struct module *mod, struct load_info *info) { percpu_modfree(mod); @@ -69514,7 +74975,7 @@ index 2a15c59..731c128 100644 } int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -2857,7 +2959,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, +@@ -2997,7 +3104,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, static int post_relocation(struct module *mod, const struct load_info *info) { /* Sort exception table now relocations are done. */ @@ -69524,7 +74985,50 @@ index 2a15c59..731c128 100644 /* Copy relocated percpu area over. */ percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr, -@@ -2908,9 +3012,38 @@ static struct module *load_module(void __user *umod, +@@ -3051,16 +3160,16 @@ static int do_init_module(struct module *mod) + MODULE_STATE_COMING, mod); + + /* Set RO and NX regions for core */ +- set_section_ro_nx(mod->module_core, +- mod->core_text_size, +- mod->core_ro_size, +- mod->core_size); ++ set_section_ro_nx(mod->module_core_rx, ++ mod->core_size_rx, ++ mod->core_size_rx, ++ mod->core_size_rx); + + /* Set RO and NX regions for init */ +- set_section_ro_nx(mod->module_init, +- mod->init_text_size, +- mod->init_ro_size, +- mod->init_size); ++ set_section_ro_nx(mod->module_init_rx, ++ mod->init_size_rx, ++ mod->init_size_rx, ++ mod->init_size_rx); + + do_mod_ctors(mod); + /* Start the module */ +@@ -3122,11 +3231,12 @@ static int do_init_module(struct module *mod) + mod->strtab = mod->core_strtab; + #endif + unset_module_init_ro_nx(mod); +- module_free(mod, mod->module_init); +- mod->module_init = NULL; +- mod->init_size = 0; +- mod->init_ro_size = 0; +- mod->init_text_size = 0; ++ module_free(mod, mod->module_init_rw); ++ module_free_exec(mod, mod->module_init_rx); ++ mod->module_init_rw = NULL; ++ mod->module_init_rx = NULL; ++ mod->init_size_rw = 0; ++ mod->init_size_rx = 0; + mutex_unlock(&module_mutex); + wake_up_all(&module_wq); + +@@ -3209,9 +3319,38 @@ again: if (err) goto free_unload; @@ -69536,7 +75040,7 @@ index 2a15c59..731c128 100644 + } + /* Set up MODINFO_ATTR fields */ - setup_modinfo(mod, &info); + setup_modinfo(mod, info); +#ifdef CONFIG_GRKERNSEC_MODHARDEN + { @@ -69561,9 +75065,9 @@ index 2a15c59..731c128 100644 +#endif + /* Fix up syms, so that st_value is a pointer to location. */ - err = simplify_symbols(mod, &info); + err = simplify_symbols(mod, info); if (err < 0) -@@ -2926,13 +3059,6 @@ static struct module *load_module(void __user *umod, +@@ -3227,13 +3366,6 @@ again: flush_module_icache(mod); @@ -69574,12 +75078,12 @@ index 2a15c59..731c128 100644 - goto free_arch_cleanup; - } - - /* Mark state as coming so strong_try_module_get() ignores us. */ - mod->state = MODULE_STATE_COMING; + dynamic_debug_setup(info->debug, info->num_debug); -@@ -2990,11 +3116,10 @@ static struct module *load_module(void __user *umod, - unlock: + mutex_lock(&module_mutex); +@@ -3278,11 +3410,10 @@ again: mutex_unlock(&module_mutex); + dynamic_debug_remove(info->debug); synchronize_sched(); - kfree(mod->args); - free_arch_cleanup: @@ -69589,51 +75093,8 @@ index 2a15c59..731c128 100644 + kfree(mod->args); free_unload: module_unload_free(mod); - free_module: -@@ -3035,16 +3160,16 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, - MODULE_STATE_COMING, mod); - - /* Set RO and NX regions for core */ -- set_section_ro_nx(mod->module_core, -- mod->core_text_size, -- mod->core_ro_size, -- mod->core_size); -+ set_section_ro_nx(mod->module_core_rx, -+ mod->core_size_rx, -+ mod->core_size_rx, -+ mod->core_size_rx); - - /* Set RO and NX regions for init */ -- set_section_ro_nx(mod->module_init, -- mod->init_text_size, -- mod->init_ro_size, -- mod->init_size); -+ set_section_ro_nx(mod->module_init_rx, -+ mod->init_size_rx, -+ mod->init_size_rx, -+ mod->init_size_rx); - - do_mod_ctors(mod); - /* Start the module */ -@@ -3090,11 +3215,12 @@ SYSCALL_DEFINE3(init_module, void __user *, umod, - mod->strtab = mod->core_strtab; - #endif - unset_module_init_ro_nx(mod); -- module_free(mod, mod->module_init); -- mod->module_init = NULL; -- mod->init_size = 0; -- mod->init_ro_size = 0; -- mod->init_text_size = 0; -+ module_free(mod, mod->module_init_rw); -+ module_free_exec(mod, mod->module_init_rx); -+ mod->module_init_rw = NULL; -+ mod->module_init_rx = NULL; -+ mod->init_size_rw = 0; -+ mod->init_size_rx = 0; - mutex_unlock(&module_mutex); - - return 0; -@@ -3125,10 +3251,16 @@ static const char *get_ksymbol(struct module *mod, + unlink_mod: +@@ -3365,10 +3496,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -69653,8 +75114,8 @@ index 2a15c59..731c128 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3363,7 +3495,7 @@ static int m_show(struct seq_file *m, void *p) - char buf[8]; +@@ -3621,7 +3758,7 @@ static int m_show(struct seq_file *m, void *p) + return 0; seq_printf(m, "%s %u", - mod->name, mod->init_size + mod->core_size); @@ -69662,7 +75123,7 @@ index 2a15c59..731c128 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3372,7 +3504,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3630,7 +3767,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading": "Live"); /* Used by oprofile and other similar tools. */ @@ -69671,7 +75132,7 @@ index 2a15c59..731c128 100644 /* Taints info */ if (mod->taints) -@@ -3408,7 +3540,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3666,7 +3803,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -69689,7 +75150,7 @@ index 2a15c59..731c128 100644 return 0; } module_init(proc_modules_init); -@@ -3467,12 +3609,12 @@ struct module *__module_address(unsigned long addr) +@@ -3727,14 +3874,14 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -69698,14 +75159,16 @@ index 2a15c59..731c128 100644 + (addr < module_addr_min_rw || addr > module_addr_max_rw)) return NULL; - list_for_each_entry_rcu(mod, &modules, list) + list_for_each_entry_rcu(mod, &modules, list) { + if (mod->state == MODULE_STATE_UNFORMED) + continue; - if (within_module_core(addr, mod) - || within_module_init(addr, mod)) + if (within_module_init(addr, mod) || within_module_core(addr, mod)) return mod; + } return NULL; - } -@@ -3506,11 +3648,20 @@ bool is_module_text_address(unsigned long addr) +@@ -3769,11 +3916,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -69809,6 +75272,62 @@ index a307cc9..27fd2e9 100644 mutex_set_owner(lock); /* set it to 0 if there are no waiters left: */ +diff --git a/kernel/notifier.c b/kernel/notifier.c +index 2d5cc4c..d9ea600 100644 +--- a/kernel/notifier.c ++++ b/kernel/notifier.c +@@ -5,6 +5,7 @@ + #include <linux/rcupdate.h> + #include <linux/vmalloc.h> + #include <linux/reboot.h> ++#include <linux/mm.h> + + /* + * Notifier list for kernel code which wants to be called +@@ -24,10 +25,12 @@ static int notifier_chain_register(struct notifier_block **nl, + while ((*nl) != NULL) { + if (n->priority > (*nl)->priority) + break; +- nl = &((*nl)->next); ++ nl = (struct notifier_block **)&((*nl)->next); + } +- n->next = *nl; ++ pax_open_kernel(); ++ *(const void **)&n->next = *nl; + rcu_assign_pointer(*nl, n); ++ pax_close_kernel(); + return 0; + } + +@@ -39,10 +42,12 @@ static int notifier_chain_cond_register(struct notifier_block **nl, + return 0; + if (n->priority > (*nl)->priority) + break; +- nl = &((*nl)->next); ++ nl = (struct notifier_block **)&((*nl)->next); + } +- n->next = *nl; ++ pax_open_kernel(); ++ *(const void **)&n->next = *nl; + rcu_assign_pointer(*nl, n); ++ pax_close_kernel(); + return 0; + } + +@@ -51,10 +56,12 @@ static int notifier_chain_unregister(struct notifier_block **nl, + { + while ((*nl) != NULL) { + if ((*nl) == n) { ++ pax_open_kernel(); + rcu_assign_pointer(*nl, n->next); ++ pax_close_kernel(); + return 0; + } +- nl = &((*nl)->next); ++ nl = (struct notifier_block **)&((*nl)->next); + } + return -ENOENT; + } diff --git a/kernel/panic.c b/kernel/panic.c index e1b2822..5edc1d9 100644 --- a/kernel/panic.c @@ -69833,7 +75352,7 @@ index e1b2822..5edc1d9 100644 } EXPORT_SYMBOL(__stack_chk_fail); diff --git a/kernel/pid.c b/kernel/pid.c -index e86b291a..e8b0fb5 100644 +index f2c6a68..4922d97 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -33,6 +33,7 @@ @@ -69844,7 +75363,7 @@ index e86b291a..e8b0fb5 100644 #include <linux/pid_namespace.h> #include <linux/init_task.h> #include <linux/syscalls.h> -@@ -45,7 +46,7 @@ struct pid init_struct_pid = INIT_STRUCT_PID; +@@ -46,7 +47,7 @@ struct pid init_struct_pid = INIT_STRUCT_PID; int pid_max = PID_MAX_DEFAULT; @@ -69853,7 +75372,7 @@ index e86b291a..e8b0fb5 100644 int pid_max_min = RESERVED_PIDS + 1; int pid_max_max = PID_MAX_LIMIT; -@@ -420,10 +421,18 @@ EXPORT_SYMBOL(pid_task); +@@ -441,10 +442,18 @@ EXPORT_SYMBOL(pid_task); */ struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns) { @@ -69873,8 +75392,8 @@ index e86b291a..e8b0fb5 100644 } struct task_struct *find_task_by_vpid(pid_t vnr) -@@ -431,6 +440,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr) - return find_task_by_pid_ns(vnr, current->nsproxy->pid_ns); +@@ -452,6 +461,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr) + return find_task_by_pid_ns(vnr, task_active_pid_ns(current)); } +struct task_struct *find_task_by_vpid_unrestricted(pid_t vnr) @@ -69882,25 +75401,30 @@ index e86b291a..e8b0fb5 100644 + rcu_lockdep_assert(rcu_read_lock_held(), + "find_task_by_pid_ns() needs rcu_read_lock()" + " protection"); -+ return pid_task(find_pid_ns(vnr, current->nsproxy->pid_ns), PIDTYPE_PID); ++ return pid_task(find_pid_ns(vnr, task_active_pid_ns(current)), PIDTYPE_PID); +} + struct pid *get_task_pid(struct task_struct *task, enum pid_type type) { struct pid *pid; +diff --git a/kernel/pid_namespace.c b/kernel/pid_namespace.c +index c1c3dc1..bbeaf31 100644 +--- a/kernel/pid_namespace.c ++++ b/kernel/pid_namespace.c +@@ -248,7 +248,7 @@ static int pid_ns_ctl_handler(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) + { + struct pid_namespace *pid_ns = task_active_pid_ns(current); +- struct ctl_table tmp = *table; ++ ctl_table_no_const tmp = *table; + + if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN)) + return -EPERM; diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c -index acbb79c..8d1adc5 100644 +index 942ca27..111e609 100644 --- a/kernel/posix-cpu-timers.c +++ b/kernel/posix-cpu-timers.c -@@ -6,6 +6,7 @@ - #include <linux/posix-timers.h> - #include <linux/errno.h> - #include <linux/math64.h> -+#include <linux/security.h> - #include <asm/uaccess.h> - #include <linux/kernel_stat.h> - #include <trace/events/timer.h> -@@ -1597,14 +1598,14 @@ struct k_clock clock_posix_cpu = { +@@ -1576,14 +1576,14 @@ struct k_clock clock_posix_cpu = { static __init int init_posix_cpu_timers(void) { @@ -70015,21 +75539,8 @@ index e885be1..380fe76 100644 return kc->clock_set(which_clock, &new_tp); } -diff --git a/kernel/power/poweroff.c b/kernel/power/poweroff.c -index d523593..68197a4 100644 ---- a/kernel/power/poweroff.c -+++ b/kernel/power/poweroff.c -@@ -37,7 +37,7 @@ static struct sysrq_key_op sysrq_poweroff_op = { - .enable_mask = SYSRQ_ENABLE_BOOT, - }; - --static int pm_sysrq_init(void) -+static int __init pm_sysrq_init(void) - { - register_sysrq_key('o', &sysrq_poweroff_op); - return 0; diff --git a/kernel/power/process.c b/kernel/power/process.c -index 19db29f..33b52b6 100644 +index d5a258b..4271191 100644 --- a/kernel/power/process.c +++ b/kernel/power/process.c @@ -33,6 +33,7 @@ static int try_to_freeze_tasks(bool user_only) @@ -70040,7 +75551,7 @@ index 19db29f..33b52b6 100644 do_gettimeofday(&start); -@@ -43,6 +44,8 @@ static int try_to_freeze_tasks(bool user_only) +@@ -43,13 +44,20 @@ static int try_to_freeze_tasks(bool user_only) while (true) { todo = 0; @@ -70049,13 +75560,10 @@ index 19db29f..33b52b6 100644 read_lock(&tasklist_lock); do_each_thread(g, p) { if (p == current || !freeze_task(p)) -@@ -58,9 +61,13 @@ static int try_to_freeze_tasks(bool user_only) - * guaranteed that TASK_STOPPED/TRACED -> TASK_RUNNING - * transition can't race with task state testing here. - */ -- if (!task_is_stopped_or_traced(p) && -- !freezer_should_skip(p)) -+ if (!task_is_stopped_or_traced(p) && !freezer_should_skip(p)) { + continue; + +- if (!freezer_should_skip(p)) ++ if (!freezer_should_skip(p)) { todo++; + if (timedout) { + printk(KERN_ERR "Task refusing to freeze:\n"); @@ -70065,7 +75573,7 @@ index 19db29f..33b52b6 100644 } while_each_thread(g, p); read_unlock(&tasklist_lock); -@@ -69,7 +76,7 @@ static int try_to_freeze_tasks(bool user_only) +@@ -58,7 +66,7 @@ static int try_to_freeze_tasks(bool user_only) todo += wq_busy; } @@ -70075,10 +75583,37 @@ index 19db29f..33b52b6 100644 if (pm_wakeup_pending()) { diff --git a/kernel/printk.c b/kernel/printk.c -index 66a2ea3..10f3a01 100644 +index 267ce78..2487112 100644 --- a/kernel/printk.c +++ b/kernel/printk.c -@@ -817,6 +817,11 @@ static int check_syslog_permissions(int type, bool from_file) +@@ -609,11 +609,17 @@ static unsigned int devkmsg_poll(struct file *file, poll_table *wait) + return ret; + } + ++static int check_syslog_permissions(int type, bool from_file); ++ + static int devkmsg_open(struct inode *inode, struct file *file) + { + struct devkmsg_user *user; + int err; + ++ err = check_syslog_permissions(SYSLOG_ACTION_OPEN, SYSLOG_FROM_FILE); ++ if (err) ++ return err; ++ + /* write-only does not need any file context */ + if ((file->f_flags & O_ACCMODE) == O_WRONLY) + return 0; +@@ -822,7 +828,7 @@ static int syslog_action_restricted(int type) + if (dmesg_restrict) + return 1; + /* Unless restricted, we allow "read all" and "get buffer size" for everybody */ +- return type != SYSLOG_ACTION_READ_ALL && type != SYSLOG_ACTION_SIZE_BUFFER; ++ return type != SYSLOG_ACTION_OPEN && type != SYSLOG_ACTION_READ_ALL && type != SYSLOG_ACTION_SIZE_BUFFER; + } + + static int check_syslog_permissions(int type, bool from_file) +@@ -834,6 +840,11 @@ static int check_syslog_permissions(int type, bool from_file) if (from_file && type != SYSLOG_ACTION_OPEN) return 0; @@ -70091,10 +75626,10 @@ index 66a2ea3..10f3a01 100644 if (capable(CAP_SYSLOG)) return 0; diff --git a/kernel/profile.c b/kernel/profile.c -index 76b8e77..a2930e8 100644 +index 1f39181..86093471 100644 --- a/kernel/profile.c +++ b/kernel/profile.c -@@ -39,7 +39,7 @@ struct profile_hit { +@@ -40,7 +40,7 @@ struct profile_hit { /* Oprofile timer tick hook */ static int (*timer_hook)(struct pt_regs *) __read_mostly; @@ -70103,7 +75638,7 @@ index 76b8e77..a2930e8 100644 static unsigned long prof_len, prof_shift; int prof_on __read_mostly; -@@ -281,7 +281,7 @@ static void profile_flip_buffers(void) +@@ -282,7 +282,7 @@ static void profile_flip_buffers(void) hits[i].pc = 0; continue; } @@ -70112,7 +75647,7 @@ index 76b8e77..a2930e8 100644 hits[i].hits = hits[i].pc = 0; } } -@@ -342,9 +342,9 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits) +@@ -343,9 +343,9 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits) * Add the current hit(s) and flush the write-queue out * to the global buffer: */ @@ -70124,7 +75659,7 @@ index 76b8e77..a2930e8 100644 hits[i].pc = hits[i].hits = 0; } out: -@@ -419,7 +419,7 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits) +@@ -420,7 +420,7 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits) { unsigned long pc; pc = ((unsigned long)__pc - (unsigned long)_stext) >> prof_shift; @@ -70133,7 +75668,7 @@ index 76b8e77..a2930e8 100644 } #endif /* !CONFIG_SMP */ -@@ -517,7 +517,7 @@ read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos) +@@ -518,7 +518,7 @@ read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos) return -EFAULT; buf++; p++; count--; read++; } @@ -70142,7 +75677,7 @@ index 76b8e77..a2930e8 100644 if (copy_to_user(buf, (void *)pnt, count)) return -EFAULT; read += count; -@@ -548,7 +548,7 @@ static ssize_t write_profile(struct file *file, const char __user *buf, +@@ -549,7 +549,7 @@ static ssize_t write_profile(struct file *file, const char __user *buf, } #endif profile_discard_flip_buffers(); @@ -70152,19 +75687,19 @@ index 76b8e77..a2930e8 100644 } diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index b96de86b4..31b8fb3 100644 +index 6cbeaae..363c48a 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -318,7 +318,7 @@ static int ptrace_attach(struct task_struct *task, long request, - +@@ -324,7 +324,7 @@ static int ptrace_attach(struct task_struct *task, long request, if (seize) flags |= PT_SEIZED; -- if (ns_capable(task_user_ns(task), CAP_SYS_PTRACE)) -+ if (ns_capable_nolog(task_user_ns(task), CAP_SYS_PTRACE)) + rcu_read_lock(); +- if (ns_capable(__task_cred(task)->user_ns, CAP_SYS_PTRACE)) ++ if (ns_capable_nolog(__task_cred(task)->user_ns, CAP_SYS_PTRACE)) flags |= PT_PTRACE_CAP; + rcu_read_unlock(); task->ptrace = flags; - -@@ -525,7 +525,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst +@@ -535,7 +535,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst break; return -EIO; } @@ -70173,7 +75708,7 @@ index b96de86b4..31b8fb3 100644 return -EFAULT; copied += retval; src += retval; -@@ -710,7 +710,7 @@ int ptrace_request(struct task_struct *child, long request, +@@ -720,7 +720,7 @@ int ptrace_request(struct task_struct *child, long request, bool seized = child->ptrace & PT_SEIZED; int ret = -EIO; siginfo_t siginfo, *si; @@ -70182,7 +75717,7 @@ index b96de86b4..31b8fb3 100644 unsigned long __user *datalp = datavp; unsigned long flags; -@@ -912,14 +912,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, +@@ -922,14 +922,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, goto out; } @@ -70205,7 +75740,7 @@ index b96de86b4..31b8fb3 100644 goto out_put_task_struct; } -@@ -947,7 +954,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, +@@ -957,7 +964,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0); if (copied != sizeof(tmp)) return -EIO; @@ -70214,7 +75749,7 @@ index b96de86b4..31b8fb3 100644 } int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, -@@ -1057,14 +1064,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, +@@ -1067,14 +1074,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, goto out; } @@ -70238,7 +75773,7 @@ index b96de86b4..31b8fb3 100644 } diff --git a/kernel/rcutiny.c b/kernel/rcutiny.c -index 547b1fe..65e874e 100644 +index e7dce58..ad0d7b7 100644 --- a/kernel/rcutiny.c +++ b/kernel/rcutiny.c @@ -46,7 +46,7 @@ @@ -70250,7 +75785,7 @@ index 547b1fe..65e874e 100644 static void __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu), struct rcu_ctrlblk *rcp); -@@ -307,7 +307,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp) +@@ -310,7 +310,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp) rcu_is_callbacks_kthread())); } @@ -70260,10 +75795,10 @@ index 547b1fe..65e874e 100644 __rcu_process_callbacks(&rcu_sched_ctrlblk); __rcu_process_callbacks(&rcu_bh_ctrlblk); diff --git a/kernel/rcutiny_plugin.h b/kernel/rcutiny_plugin.h -index 918fd1e..85089bb 100644 +index f85016a..91cb03b 100644 --- a/kernel/rcutiny_plugin.h +++ b/kernel/rcutiny_plugin.h -@@ -893,7 +893,7 @@ static int rcu_kthread(void *arg) +@@ -896,7 +896,7 @@ static int rcu_kthread(void *arg) have_rcu_kthread_work = morework; local_irq_restore(flags); if (work) @@ -70273,10 +75808,10 @@ index 918fd1e..85089bb 100644 } diff --git a/kernel/rcutorture.c b/kernel/rcutorture.c -index 25b1503..1988a74 100644 +index 31dea01..ad91ffb 100644 --- a/kernel/rcutorture.c +++ b/kernel/rcutorture.c -@@ -162,12 +162,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_count) = +@@ -163,12 +163,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_count) = { 0 }; static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_batch) = { 0 }; @@ -70295,7 +75830,7 @@ index 25b1503..1988a74 100644 static long n_rcu_torture_barrier_error; static long n_rcu_torture_boost_ktrerror; static long n_rcu_torture_boost_rterror; -@@ -265,11 +265,11 @@ rcu_torture_alloc(void) +@@ -272,11 +272,11 @@ rcu_torture_alloc(void) spin_lock_bh(&rcu_torture_lock); if (list_empty(&rcu_torture_freelist)) { @@ -70309,7 +75844,7 @@ index 25b1503..1988a74 100644 p = rcu_torture_freelist.next; list_del_init(p); spin_unlock_bh(&rcu_torture_lock); -@@ -282,7 +282,7 @@ rcu_torture_alloc(void) +@@ -289,7 +289,7 @@ rcu_torture_alloc(void) static void rcu_torture_free(struct rcu_torture *p) { @@ -70318,7 +75853,7 @@ index 25b1503..1988a74 100644 spin_lock_bh(&rcu_torture_lock); list_add_tail(&p->rtort_free, &rcu_torture_freelist); spin_unlock_bh(&rcu_torture_lock); -@@ -403,7 +403,7 @@ rcu_torture_cb(struct rcu_head *p) +@@ -409,7 +409,7 @@ rcu_torture_cb(struct rcu_head *p) i = rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i = RCU_TORTURE_PIPE_LEN; @@ -70327,7 +75862,7 @@ index 25b1503..1988a74 100644 if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) { rp->rtort_mbtest = 0; rcu_torture_free(rp); -@@ -452,7 +452,7 @@ static void rcu_sync_torture_deferred_free(struct rcu_torture *p) +@@ -457,7 +457,7 @@ static void rcu_sync_torture_deferred_free(struct rcu_torture *p) i = rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i = RCU_TORTURE_PIPE_LEN; @@ -70336,7 +75871,7 @@ index 25b1503..1988a74 100644 if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) { rp->rtort_mbtest = 0; list_del(&rp->rtort_free); -@@ -995,7 +995,7 @@ rcu_torture_writer(void *arg) +@@ -975,7 +975,7 @@ rcu_torture_writer(void *arg) i = old_rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i = RCU_TORTURE_PIPE_LEN; @@ -70345,7 +75880,7 @@ index 25b1503..1988a74 100644 old_rp->rtort_pipe_count++; cur_ops->deferred_free(old_rp); } -@@ -1080,7 +1080,7 @@ static void rcu_torture_timer(unsigned long unused) +@@ -1060,7 +1060,7 @@ static void rcu_torture_timer(unsigned long unused) } do_trace_rcu_torture_read(cur_ops->name, &p->rtort_rcu); if (p->rtort_mbtest == 0) @@ -70354,7 +75889,7 @@ index 25b1503..1988a74 100644 spin_lock(&rand_lock); cur_ops->read_delay(&rand); n_rcu_torture_timers++; -@@ -1144,7 +1144,7 @@ rcu_torture_reader(void *arg) +@@ -1124,7 +1124,7 @@ rcu_torture_reader(void *arg) } do_trace_rcu_torture_read(cur_ops->name, &p->rtort_rcu); if (p->rtort_mbtest == 0) @@ -70363,7 +75898,7 @@ index 25b1503..1988a74 100644 cur_ops->read_delay(&rand); preempt_disable(); pipe_count = p->rtort_pipe_count; -@@ -1203,11 +1203,11 @@ rcu_torture_printk(char *page) +@@ -1183,11 +1183,11 @@ rcu_torture_printk(char *page) rcu_torture_current, rcu_torture_current_version, list_empty(&rcu_torture_freelist), @@ -70379,7 +75914,7 @@ index 25b1503..1988a74 100644 n_rcu_torture_boost_ktrerror, n_rcu_torture_boost_rterror); cnt += sprintf(&page[cnt], "rtbf: %ld rtb: %ld nt: %ld ", -@@ -1224,14 +1224,14 @@ rcu_torture_printk(char *page) +@@ -1206,14 +1206,14 @@ rcu_torture_printk(char *page) n_barrier_attempts, n_rcu_torture_barrier_error); cnt += sprintf(&page[cnt], "\n%s%s ", torture_type, TORTURE_FLAG); @@ -70396,7 +75931,7 @@ index 25b1503..1988a74 100644 WARN_ON_ONCE(1); } cnt += sprintf(&page[cnt], "Reader Pipe: "); -@@ -1245,7 +1245,7 @@ rcu_torture_printk(char *page) +@@ -1227,7 +1227,7 @@ rcu_torture_printk(char *page) cnt += sprintf(&page[cnt], "Free-Block Circulation: "); for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { cnt += sprintf(&page[cnt], " %d", @@ -70405,16 +75940,16 @@ index 25b1503..1988a74 100644 } cnt += sprintf(&page[cnt], "\n"); if (cur_ops->stats) -@@ -1905,7 +1905,7 @@ rcu_torture_cleanup(void) +@@ -1920,7 +1920,7 @@ rcu_torture_cleanup(void) + + rcu_torture_stats_print(); /* -After- the stats thread is stopped! */ - if (cur_ops->cleanup) - cur_ops->cleanup(); - if (atomic_read(&n_rcu_torture_error) || n_rcu_torture_barrier_error) + if (atomic_read_unchecked(&n_rcu_torture_error) || n_rcu_torture_barrier_error) rcu_torture_print_module_parms(cur_ops, "End of test: FAILURE"); else if (n_online_successes != n_online_attempts || n_offline_successes != n_offline_attempts) -@@ -1974,18 +1974,18 @@ rcu_torture_init(void) +@@ -1989,18 +1989,18 @@ rcu_torture_init(void) rcu_torture_current = NULL; rcu_torture_current_version = 0; @@ -70440,10 +75975,10 @@ index 25b1503..1988a74 100644 for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { per_cpu(rcu_torture_count, cpu)[i] = 0; diff --git a/kernel/rcutree.c b/kernel/rcutree.c -index c283938..009f46a 100644 +index e441b77..dd54f17 100644 --- a/kernel/rcutree.c +++ b/kernel/rcutree.c -@@ -369,9 +369,9 @@ static void rcu_idle_enter_common(struct rcu_dynticks *rdtp, long long oldval) +@@ -349,9 +349,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval, rcu_prepare_for_idle(smp_processor_id()); /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */ smp_mb__before_atomic_inc(); /* See above. */ @@ -70454,9 +75989,9 @@ index c283938..009f46a 100644 + WARN_ON_ONCE(atomic_read_unchecked(&rdtp->dynticks) & 0x1); /* - * The idle task is not permitted to enter the idle loop while -@@ -460,10 +460,10 @@ void rcu_irq_exit(void) - static void rcu_idle_exit_common(struct rcu_dynticks *rdtp, long long oldval) + * It is illegal to enter an extended quiescent state while +@@ -487,10 +487,10 @@ static void rcu_eqs_exit_common(struct rcu_dynticks *rdtp, long long oldval, + int user) { smp_mb__before_atomic_inc(); /* Force ordering w/previous sojourn. */ - atomic_inc(&rdtp->dynticks); @@ -70467,8 +76002,8 @@ index c283938..009f46a 100644 + WARN_ON_ONCE(!(atomic_read_unchecked(&rdtp->dynticks) & 0x1)); rcu_cleanup_after_idle(smp_processor_id()); trace_rcu_dyntick("End", oldval, rdtp->dynticks_nesting); - if (!is_idle_task(current)) { -@@ -557,14 +557,14 @@ void rcu_nmi_enter(void) + if (!user && !is_idle_task(current)) { +@@ -629,14 +629,14 @@ void rcu_nmi_enter(void) struct rcu_dynticks *rdtp = &__get_cpu_var(rcu_dynticks); if (rdtp->dynticks_nmi_nesting == 0 && @@ -70486,7 +76021,7 @@ index c283938..009f46a 100644 } /** -@@ -583,9 +583,9 @@ void rcu_nmi_exit(void) +@@ -655,9 +655,9 @@ void rcu_nmi_exit(void) return; /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */ smp_mb__before_atomic_inc(); /* See above. */ @@ -70498,7 +76033,7 @@ index c283938..009f46a 100644 } /** -@@ -599,7 +599,7 @@ int rcu_is_cpu_idle(void) +@@ -671,7 +671,7 @@ int rcu_is_cpu_idle(void) int ret; preempt_disable(); @@ -70507,7 +76042,7 @@ index c283938..009f46a 100644 preempt_enable(); return ret; } -@@ -667,7 +667,7 @@ int rcu_is_cpu_rrupt_from_idle(void) +@@ -739,7 +739,7 @@ int rcu_is_cpu_rrupt_from_idle(void) */ static int dyntick_save_progress_counter(struct rcu_data *rdp) { @@ -70516,7 +76051,7 @@ index c283938..009f46a 100644 return (rdp->dynticks_snap & 0x1) == 0; } -@@ -682,7 +682,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp) +@@ -754,7 +754,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp) unsigned int curr; unsigned int snap; @@ -70525,7 +76060,7 @@ index c283938..009f46a 100644 snap = (unsigned int)rdp->dynticks_snap; /* -@@ -712,10 +712,10 @@ static int jiffies_till_stall_check(void) +@@ -802,10 +802,10 @@ static int jiffies_till_stall_check(void) * for CONFIG_RCU_CPU_STALL_TIMEOUT. */ if (till_stall_check < 3) { @@ -70538,7 +76073,7 @@ index c283938..009f46a 100644 till_stall_check = 300; } return till_stall_check * HZ + RCU_STALL_DELAY_DELTA; -@@ -1351,7 +1351,7 @@ rcu_send_cbs_to_orphanage(int cpu, struct rcu_state *rsp, +@@ -1592,7 +1592,7 @@ rcu_send_cbs_to_orphanage(int cpu, struct rcu_state *rsp, rsp->qlen += rdp->qlen; rdp->n_cbs_orphaned += rdp->qlen; rdp->qlen_lazy = 0; @@ -70547,7 +76082,7 @@ index c283938..009f46a 100644 } /* -@@ -1605,7 +1605,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp) +@@ -1838,7 +1838,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp) } smp_mb(); /* List handling before counting for rcu_barrier(). */ rdp->qlen_lazy -= count_lazy; @@ -70556,7 +76091,7 @@ index c283938..009f46a 100644 rdp->n_cbs_invoked += count; /* Reinstate batch limit if we have worked down the excess. */ -@@ -1837,7 +1837,7 @@ __rcu_process_callbacks(struct rcu_state *rsp) +@@ -2031,7 +2031,7 @@ __rcu_process_callbacks(struct rcu_state *rsp) /* * Do RCU core processing for the current CPU. */ @@ -70565,69 +76100,107 @@ index c283938..009f46a 100644 { struct rcu_state *rsp; -@@ -1944,7 +1944,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu), - rdp = this_cpu_ptr(rsp->rda); - - /* Add the callback to our list. */ +@@ -2154,7 +2154,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu), + local_irq_restore(flags); + return; + } - ACCESS_ONCE(rdp->qlen)++; + ACCESS_ONCE_RW(rdp->qlen)++; if (lazy) rdp->qlen_lazy++; else -@@ -2058,8 +2058,8 @@ void synchronize_rcu_bh(void) - } - EXPORT_SYMBOL_GPL(synchronize_rcu_bh); - --static atomic_t sync_sched_expedited_started = ATOMIC_INIT(0); --static atomic_t sync_sched_expedited_done = ATOMIC_INIT(0); -+static atomic_unchecked_t sync_sched_expedited_started = ATOMIC_INIT(0); -+static atomic_unchecked_t sync_sched_expedited_done = ATOMIC_INIT(0); - - static int synchronize_sched_expedited_cpu_stop(void *data) - { -@@ -2120,7 +2120,7 @@ void synchronize_sched_expedited(void) - int firstsnap, s, snap, trycount = 0; +@@ -2363,11 +2363,11 @@ void synchronize_sched_expedited(void) + * counter wrap on a 32-bit system. Quite a few more CPUs would of + * course be required on a 64-bit system. + */ +- if (ULONG_CMP_GE((ulong)atomic_long_read(&rsp->expedited_start), ++ if (ULONG_CMP_GE((ulong)atomic_long_read_unchecked(&rsp->expedited_start), + (ulong)atomic_long_read(&rsp->expedited_done) + + ULONG_MAX / 8)) { + synchronize_sched(); +- atomic_long_inc(&rsp->expedited_wrap); ++ atomic_long_inc_unchecked(&rsp->expedited_wrap); + return; + } - /* Note that atomic_inc_return() implies full memory barrier. */ -- firstsnap = snap = atomic_inc_return(&sync_sched_expedited_started); -+ firstsnap = snap = atomic_inc_return_unchecked(&sync_sched_expedited_started); +@@ -2375,7 +2375,7 @@ void synchronize_sched_expedited(void) + * Take a ticket. Note that atomic_inc_return() implies a + * full memory barrier. + */ +- snap = atomic_long_inc_return(&rsp->expedited_start); ++ snap = atomic_long_inc_return_unchecked(&rsp->expedited_start); + firstsnap = snap; get_online_cpus(); WARN_ON_ONCE(cpu_is_offline(raw_smp_processor_id())); +@@ -2388,14 +2388,14 @@ void synchronize_sched_expedited(void) + synchronize_sched_expedited_cpu_stop, + NULL) == -EAGAIN) { + put_online_cpus(); +- atomic_long_inc(&rsp->expedited_tryfail); ++ atomic_long_inc_unchecked(&rsp->expedited_tryfail); -@@ -2142,7 +2142,7 @@ void synchronize_sched_expedited(void) + /* Check to see if someone else did our work for us. */ + s = atomic_long_read(&rsp->expedited_done); + if (ULONG_CMP_GE((ulong)s, (ulong)firstsnap)) { + /* ensure test happens before caller kfree */ + smp_mb__before_atomic_inc(); /* ^^^ */ +- atomic_long_inc(&rsp->expedited_workdone1); ++ atomic_long_inc_unchecked(&rsp->expedited_workdone1); + return; } - /* Check to see if someone else did our work for us. */ -- s = atomic_read(&sync_sched_expedited_done); -+ s = atomic_read_unchecked(&sync_sched_expedited_done); - if (UINT_CMP_GE((unsigned)s, (unsigned)firstsnap)) { - smp_mb(); /* ensure test happens before caller kfree */ +@@ -2404,7 +2404,7 @@ void synchronize_sched_expedited(void) + udelay(trycount * num_online_cpus()); + } else { + wait_rcu_gp(call_rcu_sched); +- atomic_long_inc(&rsp->expedited_normal); ++ atomic_long_inc_unchecked(&rsp->expedited_normal); return; -@@ -2157,7 +2157,7 @@ void synchronize_sched_expedited(void) - * grace period works for us. + } + +@@ -2413,7 +2413,7 @@ void synchronize_sched_expedited(void) + if (ULONG_CMP_GE((ulong)s, (ulong)firstsnap)) { + /* ensure test happens before caller kfree */ + smp_mb__before_atomic_inc(); /* ^^^ */ +- atomic_long_inc(&rsp->expedited_workdone2); ++ atomic_long_inc_unchecked(&rsp->expedited_workdone2); + return; + } + +@@ -2425,10 +2425,10 @@ void synchronize_sched_expedited(void) + * period works for us. */ get_online_cpus(); -- snap = atomic_read(&sync_sched_expedited_started); -+ snap = atomic_read_unchecked(&sync_sched_expedited_started); +- snap = atomic_long_read(&rsp->expedited_start); ++ snap = atomic_long_read_unchecked(&rsp->expedited_start); smp_mb(); /* ensure read is before try_stop_cpus(). */ } +- atomic_long_inc(&rsp->expedited_stoppedcpus); ++ atomic_long_inc_unchecked(&rsp->expedited_stoppedcpus); -@@ -2168,12 +2168,12 @@ void synchronize_sched_expedited(void) - * than we did beat us to the punch. + /* + * Everyone up to our most recent fetch is covered by our grace +@@ -2437,16 +2437,16 @@ void synchronize_sched_expedited(void) + * than we did already did their update. */ do { -- s = atomic_read(&sync_sched_expedited_done); -+ s = atomic_read_unchecked(&sync_sched_expedited_done); - if (UINT_CMP_GE((unsigned)s, (unsigned)snap)) { - smp_mb(); /* ensure test happens before caller kfree */ +- atomic_long_inc(&rsp->expedited_done_tries); ++ atomic_long_inc_unchecked(&rsp->expedited_done_tries); + s = atomic_long_read(&rsp->expedited_done); + if (ULONG_CMP_GE((ulong)s, (ulong)snap)) { + /* ensure test happens before caller kfree */ + smp_mb__before_atomic_inc(); /* ^^^ */ +- atomic_long_inc(&rsp->expedited_done_lost); ++ atomic_long_inc_unchecked(&rsp->expedited_done_lost); break; } -- } while (atomic_cmpxchg(&sync_sched_expedited_done, s, snap) != s); -+ } while (atomic_cmpxchg_unchecked(&sync_sched_expedited_done, s, snap) != s); + } while (atomic_long_cmpxchg(&rsp->expedited_done, s, snap) != s); +- atomic_long_inc(&rsp->expedited_done_exit); ++ atomic_long_inc_unchecked(&rsp->expedited_done_exit); put_online_cpus(); } -@@ -2367,7 +2367,7 @@ static void _rcu_barrier(struct rcu_state *rsp) +@@ -2620,7 +2620,7 @@ static void _rcu_barrier(struct rcu_state *rsp) * ACCESS_ONCE() to prevent the compiler from speculating * the increment to precede the early-exit check. */ @@ -70636,7 +76209,7 @@ index c283938..009f46a 100644 WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 1); _rcu_barrier_trace(rsp, "Inc1", -1, rsp->n_barrier_done); smp_mb(); /* Order ->n_barrier_done increment with below mechanism. */ -@@ -2449,7 +2449,7 @@ static void _rcu_barrier(struct rcu_state *rsp) +@@ -2670,7 +2670,7 @@ static void _rcu_barrier(struct rcu_state *rsp) /* Increment ->n_barrier_done to prevent duplicate work. */ smp_mb(); /* Keep increment after above mechanism. */ @@ -70645,7 +76218,7 @@ index c283938..009f46a 100644 WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 0); _rcu_barrier_trace(rsp, "Inc2", -1, rsp->n_barrier_done); smp_mb(); /* Keep increment before caller's subsequent code. */ -@@ -2496,10 +2496,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp) +@@ -2715,10 +2715,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp) rdp->grpmask = 1UL << (cpu - rdp->mynode->grplo); init_callback_list(rdp); rdp->qlen_lazy = 0; @@ -70655,12 +76228,12 @@ index c283938..009f46a 100644 WARN_ON_ONCE(rdp->dynticks->dynticks_nesting != DYNTICK_TASK_EXIT_IDLE); - WARN_ON_ONCE(atomic_read(&rdp->dynticks->dynticks) != 1); + WARN_ON_ONCE(atomic_read_unchecked(&rdp->dynticks->dynticks) != 1); - rdp->cpu = cpu; - rdp->rsp = rsp; - raw_spin_unlock_irqrestore(&rnp->lock, flags); -@@ -2527,8 +2527,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible) - rdp->n_force_qs_snap = rsp->n_force_qs; + #ifdef CONFIG_RCU_USER_QS + WARN_ON_ONCE(rdp->dynticks->in_user); + #endif +@@ -2754,8 +2754,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible) rdp->blimit = blimit; + init_callback_list(rdp); /* Re-enable callbacks on this CPU. */ rdp->dynticks->dynticks_nesting = DYNTICK_TASK_EXIT_IDLE; - atomic_set(&rdp->dynticks->dynticks, - (atomic_read(&rdp->dynticks->dynticks) & ~0x1) + 1); @@ -70670,7 +76243,7 @@ index c283938..009f46a 100644 raw_spin_unlock(&rnp->lock); /* irqs remain disabled. */ diff --git a/kernel/rcutree.h b/kernel/rcutree.h -index 4d29169..d104a3c 100644 +index 4b69291..704c92e 100644 --- a/kernel/rcutree.h +++ b/kernel/rcutree.h @@ -86,7 +86,7 @@ struct rcu_dynticks { @@ -70682,11 +76255,40 @@ index 4d29169..d104a3c 100644 #ifdef CONFIG_RCU_FAST_NO_HZ int dyntick_drain; /* Prepare-for-idle state variable. */ unsigned long dyntick_holdoff; +@@ -423,17 +423,17 @@ struct rcu_state { + /* _rcu_barrier(). */ + /* End of fields guarded by barrier_mutex. */ + +- atomic_long_t expedited_start; /* Starting ticket. */ +- atomic_long_t expedited_done; /* Done ticket. */ +- atomic_long_t expedited_wrap; /* # near-wrap incidents. */ +- atomic_long_t expedited_tryfail; /* # acquisition failures. */ +- atomic_long_t expedited_workdone1; /* # done by others #1. */ +- atomic_long_t expedited_workdone2; /* # done by others #2. */ +- atomic_long_t expedited_normal; /* # fallbacks to normal. */ +- atomic_long_t expedited_stoppedcpus; /* # successful stop_cpus. */ +- atomic_long_t expedited_done_tries; /* # tries to update _done. */ +- atomic_long_t expedited_done_lost; /* # times beaten to _done. */ +- atomic_long_t expedited_done_exit; /* # times exited _done loop. */ ++ atomic_long_unchecked_t expedited_start; /* Starting ticket. */ ++ atomic_long_t expedited_done; /* Done ticket. */ ++ atomic_long_unchecked_t expedited_wrap; /* # near-wrap incidents. */ ++ atomic_long_unchecked_t expedited_tryfail; /* # acquisition failures. */ ++ atomic_long_unchecked_t expedited_workdone1; /* # done by others #1. */ ++ atomic_long_unchecked_t expedited_workdone2; /* # done by others #2. */ ++ atomic_long_unchecked_t expedited_normal; /* # fallbacks to normal. */ ++ atomic_long_unchecked_t expedited_stoppedcpus; /* # successful stop_cpus. */ ++ atomic_long_unchecked_t expedited_done_tries; /* # tries to update _done. */ ++ atomic_long_unchecked_t expedited_done_lost; /* # times beaten to _done. */ ++ atomic_long_unchecked_t expedited_done_exit; /* # times exited _done loop. */ + + unsigned long jiffies_force_qs; /* Time at which to invoke */ + /* force_quiescent_state(). */ diff --git a/kernel/rcutree_plugin.h b/kernel/rcutree_plugin.h -index 7f3244c..79bd587 100644 +index c1cc7e1..f62e436 100644 --- a/kernel/rcutree_plugin.h +++ b/kernel/rcutree_plugin.h -@@ -843,7 +843,7 @@ void synchronize_rcu_expedited(void) +@@ -892,7 +892,7 @@ void synchronize_rcu_expedited(void) /* Clean up and exit. */ smp_mb(); /* ensure expedited GP seen before counter increment. */ @@ -70695,7 +76297,16 @@ index 7f3244c..79bd587 100644 unlock_mb_ret: mutex_unlock(&sync_rcu_preempt_exp_mutex); mb_ret: -@@ -2174,7 +2174,7 @@ static void print_cpu_stall_info(struct rcu_state *rsp, int cpu) +@@ -1440,7 +1440,7 @@ static void rcu_boost_kthread_setaffinity(struct rcu_node *rnp, int outgoingcpu) + free_cpumask_var(cm); + } + +-static struct smp_hotplug_thread rcu_cpu_thread_spec = { ++static struct smp_hotplug_thread rcu_cpu_thread_spec __read_only = { + .store = &rcu_cpu_kthread_task, + .thread_should_run = rcu_cpu_kthread_should_run, + .thread_fn = rcu_cpu_kthread, +@@ -2072,7 +2072,7 @@ static void print_cpu_stall_info(struct rcu_state *rsp, int cpu) print_cpu_stall_fast_no_hz(fast_no_hz, cpu); printk(KERN_ERR "\t%d: (%lu %s) idle=%03x/%llx/%d %s\n", cpu, ticks_value, ticks_title, @@ -70704,28 +76315,92 @@ index 7f3244c..79bd587 100644 rdtp->dynticks_nesting, rdtp->dynticks_nmi_nesting, fast_no_hz); } +@@ -2192,7 +2192,7 @@ static void __call_rcu_nocb_enqueue(struct rcu_data *rdp, + + /* Enqueue the callback on the nocb list and update counts. */ + old_rhpp = xchg(&rdp->nocb_tail, rhtp); +- ACCESS_ONCE(*old_rhpp) = rhp; ++ ACCESS_ONCE_RW(*old_rhpp) = rhp; + atomic_long_add(rhcount, &rdp->nocb_q_count); + atomic_long_add(rhcount_lazy, &rdp->nocb_q_count_lazy); + +@@ -2384,12 +2384,12 @@ static int rcu_nocb_kthread(void *arg) + * Extract queued callbacks, update counts, and wait + * for a grace period to elapse. + */ +- ACCESS_ONCE(rdp->nocb_head) = NULL; ++ ACCESS_ONCE_RW(rdp->nocb_head) = NULL; + tail = xchg(&rdp->nocb_tail, &rdp->nocb_head); + c = atomic_long_xchg(&rdp->nocb_q_count, 0); + cl = atomic_long_xchg(&rdp->nocb_q_count_lazy, 0); +- ACCESS_ONCE(rdp->nocb_p_count) += c; +- ACCESS_ONCE(rdp->nocb_p_count_lazy) += cl; ++ ACCESS_ONCE_RW(rdp->nocb_p_count) += c; ++ ACCESS_ONCE_RW(rdp->nocb_p_count_lazy) += cl; + wait_rcu_gp(rdp->rsp->call_remote); + + /* Each pass through the following loop invokes a callback. */ +@@ -2411,8 +2411,8 @@ static int rcu_nocb_kthread(void *arg) + list = next; + } + trace_rcu_batch_end(rdp->rsp->name, c, !!list, 0, 0, 1); +- ACCESS_ONCE(rdp->nocb_p_count) -= c; +- ACCESS_ONCE(rdp->nocb_p_count_lazy) -= cl; ++ ACCESS_ONCE_RW(rdp->nocb_p_count) -= c; ++ ACCESS_ONCE_RW(rdp->nocb_p_count_lazy) -= cl; + rdp->n_nocbs_invoked += c; + } + return 0; +@@ -2438,7 +2438,7 @@ static void __init rcu_spawn_nocb_kthreads(struct rcu_state *rsp) + rdp = per_cpu_ptr(rsp->rda, cpu); + t = kthread_run(rcu_nocb_kthread, rdp, "rcuo%d", cpu); + BUG_ON(IS_ERR(t)); +- ACCESS_ONCE(rdp->nocb_kthread) = t; ++ ACCESS_ONCE_RW(rdp->nocb_kthread) = t; + } + } + diff --git a/kernel/rcutree_trace.c b/kernel/rcutree_trace.c -index abffb48..cbfa6d3 100644 +index 0d095dc..1985b19 100644 --- a/kernel/rcutree_trace.c +++ b/kernel/rcutree_trace.c -@@ -93,7 +93,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp) - rdp->passed_quiesce, rdp->passed_quiesce_gpnum, - rdp->qs_pending); +@@ -123,7 +123,7 @@ static void print_one_rcu_data(struct seq_file *m, struct rcu_data *rdp) + ulong2long(rdp->completed), ulong2long(rdp->gpnum), + rdp->passed_quiesce, rdp->qs_pending); seq_printf(m, " dt=%d/%llx/%d df=%lu", - atomic_read(&rdp->dynticks->dynticks), + atomic_read_unchecked(&rdp->dynticks->dynticks), rdp->dynticks->dynticks_nesting, rdp->dynticks->dynticks_nmi_nesting, rdp->dynticks_fqs); -@@ -157,7 +157,7 @@ static void print_one_rcu_data_csv(struct seq_file *m, struct rcu_data *rdp) - rdp->passed_quiesce, rdp->passed_quiesce_gpnum, - rdp->qs_pending); - seq_printf(m, ",%d,%llx,%d,%lu", -- atomic_read(&rdp->dynticks->dynticks), -+ atomic_read_unchecked(&rdp->dynticks->dynticks), - rdp->dynticks->dynticks_nesting, - rdp->dynticks->dynticks_nmi_nesting, - rdp->dynticks_fqs); +@@ -184,17 +184,17 @@ static int show_rcuexp(struct seq_file *m, void *v) + struct rcu_state *rsp = (struct rcu_state *)m->private; + + seq_printf(m, "s=%lu d=%lu w=%lu tf=%lu wd1=%lu wd2=%lu n=%lu sc=%lu dt=%lu dl=%lu dx=%lu\n", +- atomic_long_read(&rsp->expedited_start), ++ atomic_long_read_unchecked(&rsp->expedited_start), + atomic_long_read(&rsp->expedited_done), +- atomic_long_read(&rsp->expedited_wrap), +- atomic_long_read(&rsp->expedited_tryfail), +- atomic_long_read(&rsp->expedited_workdone1), +- atomic_long_read(&rsp->expedited_workdone2), +- atomic_long_read(&rsp->expedited_normal), +- atomic_long_read(&rsp->expedited_stoppedcpus), +- atomic_long_read(&rsp->expedited_done_tries), +- atomic_long_read(&rsp->expedited_done_lost), +- atomic_long_read(&rsp->expedited_done_exit)); ++ atomic_long_read_unchecked(&rsp->expedited_wrap), ++ atomic_long_read_unchecked(&rsp->expedited_tryfail), ++ atomic_long_read_unchecked(&rsp->expedited_workdone1), ++ atomic_long_read_unchecked(&rsp->expedited_workdone2), ++ atomic_long_read_unchecked(&rsp->expedited_normal), ++ atomic_long_read_unchecked(&rsp->expedited_stoppedcpus), ++ atomic_long_read_unchecked(&rsp->expedited_done_tries), ++ atomic_long_read_unchecked(&rsp->expedited_done_lost), ++ atomic_long_read_unchecked(&rsp->expedited_done_exit)); + return 0; + } + diff --git a/kernel/resource.c b/kernel/resource.c index 73f35d4..4684fc4 100644 --- a/kernel/resource.c @@ -70844,7 +76519,7 @@ index 98ec494..4241d6d 100644 default: diff --git a/kernel/sched/auto_group.c b/kernel/sched/auto_group.c -index 15f60d0..7e50319 100644 +index 0984a21..939f183 100644 --- a/kernel/sched/auto_group.c +++ b/kernel/sched/auto_group.c @@ -11,7 +11,7 @@ @@ -70866,10 +76541,10 @@ index 15f60d0..7e50319 100644 #ifdef CONFIG_RT_GROUP_SCHED /* diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 5eb6c96..c203a0b 100644 +index 26058d0..f9d3c76 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c -@@ -4104,6 +4104,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -3631,6 +3631,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = 20 - nice; @@ -70878,7 +76553,7 @@ index 5eb6c96..c203a0b 100644 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -4137,7 +4139,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -3664,7 +3666,8 @@ SYSCALL_DEFINE1(nice, int, increment) if (nice > 19) nice = 19; @@ -70888,7 +76563,7 @@ index 5eb6c96..c203a0b 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -4291,6 +4294,7 @@ recheck: +@@ -3818,6 +3821,7 @@ recheck: unsigned long rlim_rtprio = task_rlimit(p, RLIMIT_RTPRIO); @@ -70896,11 +76571,184 @@ index 5eb6c96..c203a0b 100644 /* can't set/change the rt policy */ if (policy != p->policy && !rlim_rtprio) return -EPERM; +@@ -4901,7 +4905,7 @@ static void migrate_tasks(unsigned int dead_cpu) + + #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL) + +-static struct ctl_table sd_ctl_dir[] = { ++static ctl_table_no_const sd_ctl_dir[] __read_only = { + { + .procname = "sched_domain", + .mode = 0555, +@@ -4918,17 +4922,17 @@ static struct ctl_table sd_ctl_root[] = { + {} + }; + +-static struct ctl_table *sd_alloc_ctl_entry(int n) ++static ctl_table_no_const *sd_alloc_ctl_entry(int n) + { +- struct ctl_table *entry = ++ ctl_table_no_const *entry = + kcalloc(n, sizeof(struct ctl_table), GFP_KERNEL); + + return entry; + } + +-static void sd_free_ctl_entry(struct ctl_table **tablep) ++static void sd_free_ctl_entry(ctl_table_no_const *tablep) + { +- struct ctl_table *entry; ++ ctl_table_no_const *entry; + + /* + * In the intermediate directories, both the child directory and +@@ -4936,22 +4940,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) + * will always be set. In the lowest directory the names are + * static strings and all have proc handlers. + */ +- for (entry = *tablep; entry->mode; entry++) { +- if (entry->child) +- sd_free_ctl_entry(&entry->child); ++ for (entry = tablep; entry->mode; entry++) { ++ if (entry->child) { ++ sd_free_ctl_entry(entry->child); ++ pax_open_kernel(); ++ entry->child = NULL; ++ pax_close_kernel(); ++ } + if (entry->proc_handler == NULL) + kfree(entry->procname); + } + +- kfree(*tablep); +- *tablep = NULL; ++ kfree(tablep); + } + + static int min_load_idx = 0; + static int max_load_idx = CPU_LOAD_IDX_MAX; + + static void +-set_table_entry(struct ctl_table *entry, ++set_table_entry(ctl_table_no_const *entry, + const char *procname, void *data, int maxlen, + umode_t mode, proc_handler *proc_handler, + bool load_idx) +@@ -4971,7 +4978,7 @@ set_table_entry(struct ctl_table *entry, + static struct ctl_table * + sd_alloc_ctl_domain_table(struct sched_domain *sd) + { +- struct ctl_table *table = sd_alloc_ctl_entry(13); ++ ctl_table_no_const *table = sd_alloc_ctl_entry(13); + + if (table == NULL) + return NULL; +@@ -5006,9 +5013,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) + return table; + } + +-static ctl_table *sd_alloc_ctl_cpu_table(int cpu) ++static ctl_table_no_const *sd_alloc_ctl_cpu_table(int cpu) + { +- struct ctl_table *entry, *table; ++ ctl_table_no_const *entry, *table; + struct sched_domain *sd; + int domain_num = 0, i; + char buf[32]; +@@ -5035,11 +5042,13 @@ static struct ctl_table_header *sd_sysctl_header; + static void register_sched_domain_sysctl(void) + { + int i, cpu_num = num_possible_cpus(); +- struct ctl_table *entry = sd_alloc_ctl_entry(cpu_num + 1); ++ ctl_table_no_const *entry = sd_alloc_ctl_entry(cpu_num + 1); + char buf[32]; + + WARN_ON(sd_ctl_dir[0].child); ++ pax_open_kernel(); + sd_ctl_dir[0].child = entry; ++ pax_close_kernel(); + + if (entry == NULL) + return; +@@ -5062,8 +5071,12 @@ static void unregister_sched_domain_sysctl(void) + if (sd_sysctl_header) + unregister_sysctl_table(sd_sysctl_header); + sd_sysctl_header = NULL; +- if (sd_ctl_dir[0].child) +- sd_free_ctl_entry(&sd_ctl_dir[0].child); ++ if (sd_ctl_dir[0].child) { ++ sd_free_ctl_entry(sd_ctl_dir[0].child); ++ pax_open_kernel(); ++ sd_ctl_dir[0].child = NULL; ++ pax_close_kernel(); ++ } + } + #else + static void register_sched_domain_sysctl(void) +@@ -5162,7 +5175,7 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu) + * happens before everything else. This has to be lower priority than + * the notifier in the perf_event subsystem, though. + */ +-static struct notifier_block __cpuinitdata migration_notifier = { ++static struct notifier_block migration_notifier = { + .notifier_call = migration_call, + .priority = CPU_PRI_MIGRATION, + }; diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c -index 96e2b18..bb31eec 100644 +index 81fa536..6ccf96a 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c -@@ -4923,7 +4923,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } +@@ -830,7 +830,7 @@ void task_numa_fault(int node, int pages, bool migrated) + + static void reset_ptenuma_scan(struct task_struct *p) + { +- ACCESS_ONCE(p->mm->numa_scan_seq)++; ++ ACCESS_ONCE_RW(p->mm->numa_scan_seq)++; + p->mm->numa_scan_offset = 0; + } + +@@ -3254,25 +3254,18 @@ find_idlest_cpu(struct sched_group *group, struct task_struct *p, int this_cpu) + */ + static int select_idle_sibling(struct task_struct *p, int target) + { +- int cpu = smp_processor_id(); +- int prev_cpu = task_cpu(p); + struct sched_domain *sd; + struct sched_group *sg; +- int i; ++ int i = task_cpu(p); + +- /* +- * If the task is going to be woken-up on this cpu and if it is +- * already idle, then it is the right target. +- */ +- if (target == cpu && idle_cpu(cpu)) +- return cpu; ++ if (idle_cpu(target)) ++ return target; + + /* +- * If the task is going to be woken-up on the cpu where it previously +- * ran and if it is currently idle, then it the right target. ++ * If the prevous cpu is cache affine and idle, don't be stupid. + */ +- if (target == prev_cpu && idle_cpu(prev_cpu)) +- return prev_cpu; ++ if (i != target && cpus_share_cache(i, target) && idle_cpu(i)) ++ return i; + + /* + * Otherwise, iterate the domains and find an elegible idle cpu. +@@ -3286,7 +3279,7 @@ static int select_idle_sibling(struct task_struct *p, int target) + goto next; + + for_each_cpu(i, sched_group_cpus(sg)) { +- if (!idle_cpu(i)) ++ if (i == target || !idle_cpu(i)) + goto next; + } + +@@ -5663,7 +5656,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } * run_rebalance_domains is triggered when needed from the scheduler tick. * Also triggered for nohz idle balancing (with nohz_balancing_kick set). */ @@ -70910,10 +76758,10 @@ index 96e2b18..bb31eec 100644 int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); diff --git a/kernel/signal.c b/kernel/signal.c -index 67b64be..7b8b43c 100644 +index 3d09cf6..a67d2c6 100644 --- a/kernel/signal.c +++ b/kernel/signal.c -@@ -48,12 +48,12 @@ static struct kmem_cache *sigqueue_cachep; +@@ -50,12 +50,12 @@ static struct kmem_cache *sigqueue_cachep; int print_fatal_signals __read_mostly; @@ -70928,7 +76776,7 @@ index 67b64be..7b8b43c 100644 { /* Is it explicitly or implicitly ignored? */ return handler == SIG_IGN || -@@ -62,7 +62,7 @@ static int sig_handler_ignored(void __user *handler, int sig) +@@ -64,7 +64,7 @@ static int sig_handler_ignored(void __user *handler, int sig) static int sig_task_ignored(struct task_struct *t, int sig, bool force) { @@ -70937,7 +76785,7 @@ index 67b64be..7b8b43c 100644 handler = sig_handler(t, sig); -@@ -366,6 +366,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi +@@ -368,6 +368,9 @@ __sigqueue_alloc(int sig, struct task_struct *t, gfp_t flags, int override_rlimi atomic_inc(&user->sigpending); rcu_read_unlock(); @@ -70947,7 +76795,7 @@ index 67b64be..7b8b43c 100644 if (override_rlimit || atomic_read(&user->sigpending) <= task_rlimit(t, RLIMIT_SIGPENDING)) { -@@ -490,7 +493,7 @@ flush_signal_handlers(struct task_struct *t, int force_default) +@@ -492,7 +495,7 @@ flush_signal_handlers(struct task_struct *t, int force_default) int unhandled_signal(struct task_struct *tsk, int sig) { @@ -70956,7 +76804,7 @@ index 67b64be..7b8b43c 100644 if (is_global_init(tsk)) return 1; if (handler != SIG_IGN && handler != SIG_DFL) -@@ -810,6 +813,13 @@ static int check_kill_permission(int sig, struct siginfo *info, +@@ -812,6 +815,13 @@ static int check_kill_permission(int sig, struct siginfo *info, } } @@ -70970,7 +76818,7 @@ index 67b64be..7b8b43c 100644 return security_task_kill(t, info, sig, 0); } -@@ -1191,7 +1201,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) +@@ -1194,7 +1204,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) return send_signal(sig, info, p, 1); } @@ -70979,7 +76827,7 @@ index 67b64be..7b8b43c 100644 specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t) { return send_signal(sig, info, t, 0); -@@ -1228,6 +1238,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) +@@ -1231,6 +1241,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) unsigned long int flags; int ret, blocked, ignored; struct k_sigaction *action; @@ -70987,7 +76835,7 @@ index 67b64be..7b8b43c 100644 spin_lock_irqsave(&t->sighand->siglock, flags); action = &t->sighand->action[sig-1]; -@@ -1242,9 +1253,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) +@@ -1245,9 +1256,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) } if (action->sa.sa_handler == SIG_DFL) t->signal->flags &= ~SIGNAL_UNKILLABLE; @@ -71006,7 +76854,7 @@ index 67b64be..7b8b43c 100644 return ret; } -@@ -1311,8 +1331,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) +@@ -1314,8 +1334,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) ret = check_kill_permission(sig, info, p); rcu_read_unlock(); @@ -71019,7 +76867,7 @@ index 67b64be..7b8b43c 100644 return ret; } -@@ -2872,7 +2895,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) +@@ -2852,7 +2875,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) int error = -ESRCH; rcu_read_lock(); @@ -71036,11 +76884,62 @@ index 67b64be..7b8b43c 100644 if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) { error = check_kill_permission(sig, info, p); /* +@@ -3135,8 +3166,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack, + } + seg = get_fs(); + set_fs(KERNEL_DS); +- ret = do_sigaltstack((stack_t __force __user *) (uss_ptr ? &uss : NULL), +- (stack_t __force __user *) &uoss, ++ ret = do_sigaltstack((stack_t __force_user *) (uss_ptr ? &uss : NULL), ++ (stack_t __force_user *) &uoss, + compat_user_stack_pointer()); + set_fs(seg); + if (ret >= 0 && uoss_ptr) { +diff --git a/kernel/smp.c b/kernel/smp.c +index 69f38bd..77bbf12 100644 +--- a/kernel/smp.c ++++ b/kernel/smp.c +@@ -77,7 +77,7 @@ hotplug_cfd(struct notifier_block *nfb, unsigned long action, void *hcpu) + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata hotplug_cfd_notifier = { ++static struct notifier_block hotplug_cfd_notifier = { + .notifier_call = hotplug_cfd, + }; + +diff --git a/kernel/smpboot.c b/kernel/smpboot.c +index d6c5fc0..530560c 100644 +--- a/kernel/smpboot.c ++++ b/kernel/smpboot.c +@@ -275,7 +275,7 @@ int smpboot_register_percpu_thread(struct smp_hotplug_thread *plug_thread) + } + smpboot_unpark_thread(plug_thread, cpu); + } +- list_add(&plug_thread->list, &hotplug_threads); ++ pax_list_add(&plug_thread->list, &hotplug_threads); + out: + mutex_unlock(&smpboot_threads_lock); + return ret; +@@ -292,7 +292,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread) + { + get_online_cpus(); + mutex_lock(&smpboot_threads_lock); +- list_del(&plug_thread->list); ++ pax_list_del(&plug_thread->list); + smpboot_destroy_threads(plug_thread); + mutex_unlock(&smpboot_threads_lock); + put_online_cpus(); diff --git a/kernel/softirq.c b/kernel/softirq.c -index b73e681..645ab62 100644 +index ed567ba..e71dabf 100644 --- a/kernel/softirq.c +++ b/kernel/softirq.c -@@ -56,7 +56,7 @@ static struct softirq_action softirq_vec[NR_SOFTIRQS] __cacheline_aligned_in_smp +@@ -53,11 +53,11 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned; + EXPORT_SYMBOL(irq_stat); + #endif + +-static struct softirq_action softirq_vec[NR_SOFTIRQS] __cacheline_aligned_in_smp; ++static struct softirq_action softirq_vec[NR_SOFTIRQS] __read_only __aligned(PAGE_SIZE); DEFINE_PER_CPU(struct task_struct *, ksoftirqd); @@ -71049,7 +76948,7 @@ index b73e681..645ab62 100644 "HI", "TIMER", "NET_TX", "NET_RX", "BLOCK", "BLOCK_IOPOLL", "TASKLET", "SCHED", "HRTIMER", "RCU" }; -@@ -243,7 +243,7 @@ restart: +@@ -244,7 +244,7 @@ restart: kstat_incr_softirqs_this_cpu(vec_nr); trace_softirq_entry(vec_nr); @@ -71058,21 +76957,16 @@ index b73e681..645ab62 100644 trace_softirq_exit(vec_nr); if (unlikely(prev_count != preempt_count())) { printk(KERN_ERR "huh, entered softirq %u %s %p" -@@ -390,9 +390,11 @@ void __raise_softirq_irqoff(unsigned int nr) +@@ -391,7 +391,7 @@ void __raise_softirq_irqoff(unsigned int nr) or_softirq_pending(1UL << nr); } -void open_softirq(int nr, void (*action)(struct softirq_action *)) -+void open_softirq(int nr, void (*action)(void)) ++void __init open_softirq(int nr, void (*action)(void)) { -- softirq_vec[nr].action = action; -+ pax_open_kernel(); -+ *(void **)&softirq_vec[nr].action = action; -+ pax_close_kernel(); + softirq_vec[nr].action = action; } - - /* -@@ -446,7 +448,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t) +@@ -447,7 +447,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t) EXPORT_SYMBOL(__tasklet_hi_schedule_first); @@ -71081,7 +76975,7 @@ index b73e681..645ab62 100644 { struct tasklet_struct *list; -@@ -481,7 +483,7 @@ static void tasklet_action(struct softirq_action *a) +@@ -482,7 +482,7 @@ static void tasklet_action(struct softirq_action *a) } } @@ -71090,11 +76984,34 @@ index b73e681..645ab62 100644 { struct tasklet_struct *list; +@@ -718,7 +718,7 @@ static int __cpuinit remote_softirq_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata remote_softirq_cpu_notifier = { ++static struct notifier_block remote_softirq_cpu_notifier = { + .notifier_call = remote_softirq_cpu_notify, + }; + +@@ -835,11 +835,11 @@ static int __cpuinit cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata cpu_nfb = { ++static struct notifier_block cpu_nfb = { + .notifier_call = cpu_callback + }; + +-static struct smp_hotplug_thread softirq_threads = { ++static struct smp_hotplug_thread softirq_threads __read_only = { + .store = &ksoftirqd, + .thread_should_run = ksoftirqd_should_run, + .thread_fn = run_ksoftirqd, diff --git a/kernel/srcu.c b/kernel/srcu.c -index 2095be3..9a5b89d 100644 +index 2b85982..d52ab26 100644 --- a/kernel/srcu.c +++ b/kernel/srcu.c -@@ -302,9 +302,9 @@ int __srcu_read_lock(struct srcu_struct *sp) +@@ -305,9 +305,9 @@ int __srcu_read_lock(struct srcu_struct *sp) preempt_disable(); idx = rcu_dereference_index_check(sp->completed, rcu_read_lock_sched_held()) & 0x1; @@ -71106,7 +77023,7 @@ index 2095be3..9a5b89d 100644 preempt_enable(); return idx; } -@@ -320,7 +320,7 @@ void __srcu_read_unlock(struct srcu_struct *sp, int idx) +@@ -323,7 +323,7 @@ void __srcu_read_unlock(struct srcu_struct *sp, int idx) { preempt_disable(); smp_mb(); /* C */ /* Avoid leaking the critical section. */ @@ -71115,8 +77032,21 @@ index 2095be3..9a5b89d 100644 preempt_enable(); } EXPORT_SYMBOL_GPL(__srcu_read_unlock); +diff --git a/kernel/stop_machine.c b/kernel/stop_machine.c +index 2f194e9..2c05ea9 100644 +--- a/kernel/stop_machine.c ++++ b/kernel/stop_machine.c +@@ -362,7 +362,7 @@ static int __cpuinit cpu_stop_cpu_callback(struct notifier_block *nfb, + * cpu notifiers. It currently shares the same priority as sched + * migration_notifier. + */ +-static struct notifier_block __cpuinitdata cpu_stop_cpu_notifier = { ++static struct notifier_block cpu_stop_cpu_notifier = { + .notifier_call = cpu_stop_cpu_callback, + .priority = 10, + }; diff --git a/kernel/sys.c b/kernel/sys.c -index 909148a..cd51acf 100644 +index 265b376..4e42ef5 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -157,6 +157,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) @@ -71136,7 +77066,7 @@ index 909148a..cd51acf 100644 goto error; } -+ if (gr_check_group_change(new->gid, new->egid, -1)) ++ if (gr_check_group_change(new->gid, new->egid, INVALID_GID)) + goto error; + if (rgid != (gid_t) -1 || @@ -71166,7 +77096,7 @@ index 909148a..cd51acf 100644 goto error; } -+ if (gr_check_user_change(new->uid, new->euid, -1)) ++ if (gr_check_user_change(new->uid, new->euid, INVALID_UID)) + goto error; + if (!uid_eq(new->uid, old->uid)) { @@ -71189,7 +77119,7 @@ index 909148a..cd51acf 100644 goto error; } -+ if (gr_check_user_change(kruid, keuid, -1)) ++ if (gr_check_user_change(kruid, keuid, INVALID_UID)) + goto error; + if (ruid != (uid_t) -1) { @@ -71199,7 +77129,7 @@ index 909148a..cd51acf 100644 goto error; } -+ if (gr_check_group_change(krgid, kegid, -1)) ++ if (gr_check_group_change(krgid, kegid, INVALID_GID)) + goto error; + if (rgid != (gid_t) -1) @@ -71209,7 +77139,7 @@ index 909148a..cd51acf 100644 if (!uid_valid(kuid)) return old_fsuid; -+ if (gr_check_user_change(-1, -1, kuid)) ++ if (gr_check_user_change(INVALID_UID, INVALID_UID, kuid)) + goto error; + new = prepare_creds(); @@ -71227,7 +77157,7 @@ index 909148a..cd51acf 100644 if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) || gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) || nsown_capable(CAP_SETGID)) { -+ if (gr_check_group_change(-1, -1, kgid)) ++ if (gr_check_group_change(INVALID_GID, INVALID_GID, kgid)) + goto error; + if (!gid_eq(kgid, old->fsgid)) { @@ -71275,7 +77205,7 @@ index 909148a..cd51acf 100644 break; } diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index 87174ef..68cbb82 100644 +index c88878d..e4fa5d1 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -92,7 +92,6 @@ @@ -71286,7 +77216,7 @@ index 87174ef..68cbb82 100644 /* External variables not in a header file. */ extern int sysctl_overcommit_memory; extern int sysctl_overcommit_ratio; -@@ -170,10 +169,8 @@ static int proc_taint(struct ctl_table *table, int write, +@@ -172,10 +171,8 @@ static int proc_taint(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); #endif @@ -71297,7 +77227,7 @@ index 87174ef..68cbb82 100644 static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); -@@ -202,6 +199,8 @@ static int sysrq_sysctl_handler(ctl_table *table, int write, +@@ -206,6 +203,8 @@ static int sysrq_sysctl_handler(ctl_table *table, int write, #endif @@ -71306,7 +77236,7 @@ index 87174ef..68cbb82 100644 static struct ctl_table kern_table[]; static struct ctl_table vm_table[]; static struct ctl_table fs_table[]; -@@ -216,6 +215,20 @@ extern struct ctl_table epoll_table[]; +@@ -220,6 +219,20 @@ extern struct ctl_table epoll_table[]; int sysctl_legacy_va_layout; #endif @@ -71327,7 +77257,7 @@ index 87174ef..68cbb82 100644 /* The default sysctl tables: */ static struct ctl_table sysctl_base_table[] = { -@@ -262,6 +275,22 @@ static int max_extfrag_threshold = 1000; +@@ -268,6 +281,22 @@ static int max_extfrag_threshold = 1000; #endif static struct ctl_table kern_table[] = { @@ -71350,7 +77280,7 @@ index 87174ef..68cbb82 100644 { .procname = "sched_child_runs_first", .data = &sysctl_sched_child_runs_first, -@@ -546,7 +575,7 @@ static struct ctl_table kern_table[] = { +@@ -593,7 +622,7 @@ static struct ctl_table kern_table[] = { .data = &modprobe_path, .maxlen = KMOD_PATH_LEN, .mode = 0644, @@ -71359,7 +77289,7 @@ index 87174ef..68cbb82 100644 }, { .procname = "modules_disabled", -@@ -713,16 +742,20 @@ static struct ctl_table kern_table[] = { +@@ -760,16 +789,20 @@ static struct ctl_table kern_table[] = { .extra1 = &zero, .extra2 = &one, }, @@ -71381,7 +77311,7 @@ index 87174ef..68cbb82 100644 { .procname = "ngroups_max", .data = &ngroups_max, -@@ -1219,6 +1252,13 @@ static struct ctl_table vm_table[] = { +@@ -1266,6 +1299,13 @@ static struct ctl_table vm_table[] = { .proc_handler = proc_dointvec_minmax, .extra1 = &zero, }, @@ -71395,7 +77325,7 @@ index 87174ef..68cbb82 100644 #else { .procname = "nr_trim_pages", -@@ -1670,6 +1710,16 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -1716,6 +1756,16 @@ int proc_dostring(struct ctl_table *table, int write, buffer, lenp, ppos); } @@ -71412,7 +77342,7 @@ index 87174ef..68cbb82 100644 static size_t proc_skip_spaces(char **buf) { size_t ret; -@@ -1775,6 +1825,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, +@@ -1821,6 +1871,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, len = strlen(tmp); if (len > *size) len = *size; @@ -71421,7 +77351,16 @@ index 87174ef..68cbb82 100644 if (copy_to_user(*buf, tmp, len)) return -EFAULT; *size -= len; -@@ -1967,7 +2019,6 @@ static int proc_taint(struct ctl_table *table, int write, +@@ -1985,7 +2037,7 @@ int proc_dointvec(struct ctl_table *table, int write, + static int proc_taint(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) + { +- struct ctl_table t; ++ ctl_table_no_const t; + unsigned long tmptaint = get_taint(); + int err; + +@@ -2013,7 +2065,6 @@ static int proc_taint(struct ctl_table *table, int write, return err; } @@ -71429,7 +77368,7 @@ index 87174ef..68cbb82 100644 static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -1976,7 +2027,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, +@@ -2022,7 +2073,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, return proc_dointvec_minmax(table, write, buffer, lenp, ppos); } @@ -71437,7 +77376,7 @@ index 87174ef..68cbb82 100644 struct do_proc_dointvec_minmax_conv_param { int *min; -@@ -2119,8 +2169,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int +@@ -2169,8 +2219,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int *i = val; } else { val = convdiv * (*i) / convmul; @@ -71450,7 +77389,7 @@ index 87174ef..68cbb82 100644 err = proc_put_long(&buffer, &left, val, false); if (err) break; -@@ -2512,6 +2565,12 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -2562,6 +2615,12 @@ int proc_dostring(struct ctl_table *table, int write, return -ENOSYS; } @@ -71463,7 +77402,7 @@ index 87174ef..68cbb82 100644 int proc_dointvec(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -2568,5 +2627,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax); +@@ -2618,5 +2677,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax); EXPORT_SYMBOL(proc_dointvec_userhz_jiffies); EXPORT_SYMBOL(proc_dointvec_ms_jiffies); EXPORT_SYMBOL(proc_dostring); @@ -71471,7 +77410,7 @@ index 87174ef..68cbb82 100644 EXPORT_SYMBOL(proc_doulongvec_minmax); EXPORT_SYMBOL(proc_doulongvec_ms_jiffies_minmax); diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c -index c2f6d47..26517d3 100644 +index 0ddf3a0..a199f50 100644 --- a/kernel/sysctl_binary.c +++ b/kernel/sysctl_binary.c @@ -989,7 +989,7 @@ static ssize_t bin_intvec(struct file *file, @@ -71538,13 +77477,13 @@ index c2f6d47..26517d3 100644 if (result < 0) goto out; diff --git a/kernel/taskstats.c b/kernel/taskstats.c -index d0a3279..db0ad99 100644 +index 145bb4d..b2aa969 100644 --- a/kernel/taskstats.c +++ b/kernel/taskstats.c -@@ -27,9 +27,12 @@ - #include <linux/cgroup.h> +@@ -28,9 +28,12 @@ #include <linux/fs.h> #include <linux/file.h> + #include <linux/pid_namespace.h> +#include <linux/grsecurity.h> #include <net/genetlink.h> #include <linux/atomic.h> @@ -71554,7 +77493,7 @@ index d0a3279..db0ad99 100644 /* * Maximum length of a cpumask that can be specified in * the TASKSTATS_CMD_ATTR_REGISTER/DEREGISTER_CPUMASK attribute -@@ -561,6 +564,9 @@ err: +@@ -570,6 +573,9 @@ err: static int taskstats_user_cmd(struct sk_buff *skb, struct genl_info *info) { @@ -71565,7 +77504,7 @@ index d0a3279..db0ad99 100644 return cmd_attr_register_cpumask(info); else if (info->attrs[TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK]) diff --git a/kernel/time.c b/kernel/time.c -index ba744cf..267b7c5 100644 +index d226c6a..c7c0960 100644 --- a/kernel/time.c +++ b/kernel/time.c @@ -163,6 +163,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz) @@ -71581,10 +77520,10 @@ index ba744cf..267b7c5 100644 update_vsyscall_tz(); if (firsttime) { diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c -index aa27d39..34d221c 100644 +index f11d83b..d016d91 100644 --- a/kernel/time/alarmtimer.c +++ b/kernel/time/alarmtimer.c -@@ -779,7 +779,7 @@ static int __init alarmtimer_init(void) +@@ -750,7 +750,7 @@ static int __init alarmtimer_init(void) struct platform_device *pdev; int error = 0; int i; @@ -71607,10 +77546,10 @@ index f113755..ec24223 100644 cpumask_clear_cpu(cpu, tick_get_broadcast_mask()); tick_broadcast_clear_oneshot(cpu); diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c -index f791637..00051de 100644 +index cbc6acb..3a77191 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c -@@ -14,6 +14,7 @@ +@@ -15,6 +15,7 @@ #include <linux/init.h> #include <linux/mm.h> #include <linux/sched.h> @@ -71618,7 +77557,7 @@ index f791637..00051de 100644 #include <linux/syscore_ops.h> #include <linux/clocksource.h> #include <linux/jiffies.h> -@@ -434,6 +435,8 @@ int do_settimeofday(const struct timespec *tv) +@@ -412,6 +413,8 @@ int do_settimeofday(const struct timespec *tv) if (!timespec_valid_strict(tv)) return -EINVAL; @@ -71746,10 +77685,10 @@ index 0b537f2..40d6c20 100644 return -ENOMEM; return 0; diff --git a/kernel/timer.c b/kernel/timer.c -index 46ef2b1..ad081f144 100644 +index 367d008..1ee9ed9 100644 --- a/kernel/timer.c +++ b/kernel/timer.c -@@ -1377,7 +1377,7 @@ void update_process_times(int user_tick) +@@ -1363,7 +1363,7 @@ void update_process_times(int user_tick) /* * This function runs timers and the timer-tq in bottom half context. */ @@ -71758,6 +77697,15 @@ index 46ef2b1..ad081f144 100644 { struct tvec_base *base = __this_cpu_read(tvec_bases); +@@ -1772,7 +1772,7 @@ static int __cpuinit timer_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata timers_nb = { ++static struct notifier_block timers_nb = { + .notifier_call = timer_cpu_notify, + }; + diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c index c0bd030..62a1927 100644 --- a/kernel/trace/blktrace.c @@ -71790,10 +77738,10 @@ index c0bd030..62a1927 100644 ret = -EIO; bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt, diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index 384699f..73238cb 100644 +index 43defd1..76da436 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c -@@ -1785,12 +1785,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) +@@ -1874,12 +1874,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) if (unlikely(ftrace_disabled)) return 0; @@ -71813,7 +77761,7 @@ index 384699f..73238cb 100644 } /* -@@ -2885,7 +2890,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp) +@@ -2965,7 +2970,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp) int register_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops, @@ -71822,7 +77770,7 @@ index 384699f..73238cb 100644 { struct ftrace_func_probe *entry; struct ftrace_page *pg; -@@ -3697,8 +3702,10 @@ static int ftrace_process_locs(struct module *mod, +@@ -3832,8 +3837,10 @@ static int ftrace_process_locs(struct module *mod, if (!count) return 0; @@ -71833,8 +77781,36 @@ index 384699f..73238cb 100644 start_pg = ftrace_allocate_pages(count); if (!start_pg) +@@ -4559,8 +4566,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write, + #ifdef CONFIG_FUNCTION_GRAPH_TRACER + + static int ftrace_graph_active; +-static struct notifier_block ftrace_suspend_notifier; +- + int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace) + { + return 0; +@@ -4704,6 +4709,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state, + return NOTIFY_DONE; + } + ++static struct notifier_block ftrace_suspend_notifier = { ++ .notifier_call = ftrace_suspend_notifier_call ++}; ++ + int register_ftrace_graph(trace_func_graph_ret_t retfunc, + trace_func_graph_ent_t entryfunc) + { +@@ -4717,7 +4726,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc, + goto out; + } + +- ftrace_suspend_notifier.notifier_call = ftrace_suspend_notifier_call; + register_pm_notifier(&ftrace_suspend_notifier); + + ftrace_graph_active++; diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index 89fdeee..df8fed4 100644 +index ce8514f..8233573 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c @@ -346,9 +346,9 @@ struct buffer_data_page { @@ -71849,18 +77825,18 @@ index 89fdeee..df8fed4 100644 unsigned long real_end; /* real end of data */ struct buffer_data_page *page; /* Actual data page */ }; -@@ -460,8 +460,8 @@ struct ring_buffer_per_cpu { - unsigned long lost_events; +@@ -461,8 +461,8 @@ struct ring_buffer_per_cpu { unsigned long last_overrun; local_t entries_bytes; -- local_t commit_overrun; + local_t entries; - local_t overrun; -+ local_unchecked_t commit_overrun; +- local_t commit_overrun; + local_unchecked_t overrun; - local_t entries; ++ local_unchecked_t commit_overrun; + local_t dropped_events; local_t committing; local_t commits; -@@ -860,8 +860,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -861,8 +861,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * * We add a counter to the write field to denote this. */ @@ -71871,7 +77847,7 @@ index 89fdeee..df8fed4 100644 /* * Just make sure we have seen our old_write and synchronize -@@ -889,8 +889,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -890,8 +890,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * cmpxchg to only update if an interrupt did not already * do it for us. If the cmpxchg fails, we don't care. */ @@ -71882,7 +77858,7 @@ index 89fdeee..df8fed4 100644 /* * No need to worry about races with clearing out the commit. -@@ -1249,12 +1249,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); +@@ -1250,12 +1250,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); static inline unsigned long rb_page_entries(struct buffer_page *bpage) { @@ -71897,7 +77873,7 @@ index 89fdeee..df8fed4 100644 } static int -@@ -1349,7 +1349,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) +@@ -1350,7 +1350,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) * bytes consumed in ring buffer from here. * Increment overrun to account for the lost events. */ @@ -71906,7 +77882,7 @@ index 89fdeee..df8fed4 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); } -@@ -1905,7 +1905,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, +@@ -1906,7 +1906,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, * it is our responsibility to update * the counters. */ @@ -71915,7 +77891,7 @@ index 89fdeee..df8fed4 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); /* -@@ -2055,7 +2055,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2056,7 +2056,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, if (tail == BUF_PAGE_SIZE) tail_page->real_end = 0; @@ -71924,7 +77900,7 @@ index 89fdeee..df8fed4 100644 return; } -@@ -2090,7 +2090,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2091,7 +2091,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, rb_event_set_padding(event); /* Set the write back to the previous setting */ @@ -71933,7 +77909,7 @@ index 89fdeee..df8fed4 100644 return; } -@@ -2102,7 +2102,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2103,7 +2103,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, /* Set write to end of buffer */ length = (tail + length) - BUF_PAGE_SIZE; @@ -71942,7 +77918,7 @@ index 89fdeee..df8fed4 100644 } /* -@@ -2128,7 +2128,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2129,7 +2129,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, * about it. */ if (unlikely(next_page == commit_page)) { @@ -71951,7 +77927,7 @@ index 89fdeee..df8fed4 100644 goto out_reset; } -@@ -2182,7 +2182,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2185,7 +2185,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, cpu_buffer->tail_page) && (cpu_buffer->commit_page == cpu_buffer->reader_page))) { @@ -71960,7 +77936,7 @@ index 89fdeee..df8fed4 100644 goto out_reset; } } -@@ -2230,7 +2230,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2233,7 +2233,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, length += RB_LEN_TIME_EXTEND; tail_page = cpu_buffer->tail_page; @@ -71969,7 +77945,7 @@ index 89fdeee..df8fed4 100644 /* set write to only the index of the write */ write &= RB_WRITE_MASK; -@@ -2247,7 +2247,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2250,7 +2250,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, kmemcheck_annotate_bitfield(event, bitfield); rb_update_event(cpu_buffer, event, length, add_timestamp, delta); @@ -71978,7 +77954,7 @@ index 89fdeee..df8fed4 100644 /* * If this is the first commit on the page, then update -@@ -2280,7 +2280,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2283,7 +2283,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) { unsigned long write_mask = @@ -71987,7 +77963,7 @@ index 89fdeee..df8fed4 100644 unsigned long event_length = rb_event_length(event); /* * This is on the tail page. It is possible that -@@ -2290,7 +2290,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2293,7 +2293,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, */ old_index += write_mask; new_index += write_mask; @@ -71996,7 +77972,7 @@ index 89fdeee..df8fed4 100644 if (index == old_index) { /* update counters */ local_sub(event_length, &cpu_buffer->entries_bytes); -@@ -2629,7 +2629,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2632,7 +2632,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, /* Do the likely case first */ if (likely(bpage->page == (void *)addr)) { @@ -72005,7 +77981,7 @@ index 89fdeee..df8fed4 100644 return; } -@@ -2641,7 +2641,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2644,7 +2644,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, start = bpage; do { if (bpage->page == (void *)addr) { @@ -72014,7 +77990,7 @@ index 89fdeee..df8fed4 100644 return; } rb_inc_page(cpu_buffer, &bpage); -@@ -2923,7 +2923,7 @@ static inline unsigned long +@@ -2926,7 +2926,7 @@ static inline unsigned long rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer) { return local_read(&cpu_buffer->entries) - @@ -72023,7 +77999,7 @@ index 89fdeee..df8fed4 100644 } /** -@@ -3011,7 +3011,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3015,7 +3015,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -72032,7 +78008,7 @@ index 89fdeee..df8fed4 100644 return ret; } -@@ -3032,7 +3032,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3038,7 +3038,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -72041,7 +78017,7 @@ index 89fdeee..df8fed4 100644 return ret; } -@@ -3077,7 +3077,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) +@@ -3105,7 +3105,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) /* if you care about this being correct, lock the buffer */ for_each_buffer_cpu(buffer, cpu) { cpu_buffer = buffer->buffers[cpu]; @@ -72050,7 +78026,7 @@ index 89fdeee..df8fed4 100644 } return overruns; -@@ -3253,8 +3253,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3281,8 +3281,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) /* * Reset the reader page to size zero. */ @@ -72061,7 +78037,7 @@ index 89fdeee..df8fed4 100644 local_set(&cpu_buffer->reader_page->page->commit, 0); cpu_buffer->reader_page->real_end = 0; -@@ -3288,7 +3288,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3316,7 +3316,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) * want to compare with the last_overrun. */ smp_mb(); @@ -72070,7 +78046,7 @@ index 89fdeee..df8fed4 100644 /* * Here's the tricky part. -@@ -3858,8 +3858,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3886,8 +3886,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->head_page = list_entry(cpu_buffer->pages, struct buffer_page, list); @@ -72081,7 +78057,7 @@ index 89fdeee..df8fed4 100644 local_set(&cpu_buffer->head_page->page->commit, 0); cpu_buffer->head_page->read = 0; -@@ -3869,14 +3869,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3897,14 +3897,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) INIT_LIST_HEAD(&cpu_buffer->reader_page->list); INIT_LIST_HEAD(&cpu_buffer->new_pages); @@ -72092,15 +78068,15 @@ index 89fdeee..df8fed4 100644 local_set(&cpu_buffer->reader_page->page->commit, 0); cpu_buffer->reader_page->read = 0; -- local_set(&cpu_buffer->commit_overrun, 0); -+ local_set_unchecked(&cpu_buffer->commit_overrun, 0); local_set(&cpu_buffer->entries_bytes, 0); - local_set(&cpu_buffer->overrun, 0); +- local_set(&cpu_buffer->commit_overrun, 0); + local_set_unchecked(&cpu_buffer->overrun, 0); ++ local_set_unchecked(&cpu_buffer->commit_overrun, 0); + local_set(&cpu_buffer->dropped_events, 0); local_set(&cpu_buffer->entries, 0); local_set(&cpu_buffer->committing, 0); - local_set(&cpu_buffer->commits, 0); -@@ -4279,8 +4279,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, +@@ -4308,8 +4308,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, rb_init_page(bpage); bpage = reader->page; reader->page = *data_page; @@ -72112,10 +78088,10 @@ index 89fdeee..df8fed4 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 5c38c81..88012af 100644 +index 3c13e46..883d039 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c -@@ -4437,10 +4437,9 @@ static const struct file_operations tracing_dyn_info_fops = { +@@ -4465,10 +4465,9 @@ static const struct file_operations tracing_dyn_info_fops = { }; #endif @@ -72127,7 +78103,7 @@ index 5c38c81..88012af 100644 static int once; if (d_tracer) -@@ -4460,10 +4459,9 @@ struct dentry *tracing_init_dentry(void) +@@ -4488,10 +4487,9 @@ struct dentry *tracing_init_dentry(void) return d_tracer; } @@ -72140,10 +78116,10 @@ index 5c38c81..88012af 100644 struct dentry *d_tracer; diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c -index 29111da..d190fe2 100644 +index 880073d..42db7c3 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c -@@ -1308,10 +1308,6 @@ static LIST_HEAD(ftrace_module_file_list); +@@ -1330,10 +1330,6 @@ static LIST_HEAD(ftrace_module_file_list); struct ftrace_module_file_ops { struct list_head list; struct module *mod; @@ -72154,7 +78130,7 @@ index 29111da..d190fe2 100644 }; static struct ftrace_module_file_ops * -@@ -1332,17 +1328,12 @@ trace_create_file_ops(struct module *mod) +@@ -1354,17 +1350,12 @@ trace_create_file_ops(struct module *mod) file_ops->mod = mod; @@ -72170,15 +78146,15 @@ index 29111da..d190fe2 100644 - file_ops->format = ftrace_event_format_fops; - file_ops->format.owner = mod; + pax_open_kernel(); -+ *(void **)&mod->trace_id.owner = mod; -+ *(void **)&mod->trace_enable.owner = mod; -+ *(void **)&mod->trace_filter.owner = mod; -+ *(void **)&mod->trace_format.owner = mod; ++ mod->trace_id.owner = mod; ++ mod->trace_enable.owner = mod; ++ mod->trace_filter.owner = mod; ++ mod->trace_format.owner = mod; + pax_close_kernel(); list_add(&file_ops->list, &ftrace_module_file_list); -@@ -1366,8 +1357,8 @@ static void trace_module_add_events(struct module *mod) +@@ -1388,8 +1379,8 @@ static void trace_module_add_events(struct module *mod) for_each_event(call, start, end) { __trace_add_event_call(*call, mod, @@ -72230,7 +78206,7 @@ index fd3c8aa..5f324a6 100644 } entry = ring_buffer_event_data(event); diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c -index 123b189..97b81f5 100644 +index 194d796..76edb8f 100644 --- a/kernel/trace/trace_output.c +++ b/kernel/trace/trace_output.c @@ -278,7 +278,7 @@ int trace_seq_path(struct trace_seq *s, const struct path *path) @@ -72242,11 +78218,32 @@ index 123b189..97b81f5 100644 if (p) { s->len = p - s->buffer; return 1; +@@ -852,14 +852,16 @@ int register_ftrace_event(struct trace_event *event) + goto out; + } + ++ pax_open_kernel(); + if (event->funcs->trace == NULL) +- event->funcs->trace = trace_nop_print; ++ *(void **)&event->funcs->trace = trace_nop_print; + if (event->funcs->raw == NULL) +- event->funcs->raw = trace_nop_print; ++ *(void **)&event->funcs->raw = trace_nop_print; + if (event->funcs->hex == NULL) +- event->funcs->hex = trace_nop_print; ++ *(void **)&event->funcs->hex = trace_nop_print; + if (event->funcs->binary == NULL) +- event->funcs->binary = trace_nop_print; ++ *(void **)&event->funcs->binary = trace_nop_print; ++ pax_close_kernel(); + + key = event->type & (EVENT_HASHSIZE - 1); + diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c -index d4545f4..a9010a1 100644 +index 42ca822..cdcacc6 100644 --- a/kernel/trace/trace_stack.c +++ b/kernel/trace/trace_stack.c -@@ -53,7 +53,7 @@ static inline void check_stack(void) +@@ -52,7 +52,7 @@ static inline void check_stack(void) return; /* we do not handle interrupt stacks yet */ @@ -72255,33 +78252,116 @@ index d4545f4..a9010a1 100644 return; local_irq_save(flags); -diff --git a/kernel/workqueue.c b/kernel/workqueue.c -index 0352a81..fa619c6 100644 ---- a/kernel/workqueue.c -+++ b/kernel/workqueue.c -@@ -1422,7 +1422,7 @@ retry: - /* morph UNBOUND to REBIND atomically */ - worker_flags &= ~WORKER_UNBOUND; - worker_flags |= WORKER_REBIND; -- ACCESS_ONCE(worker->flags) = worker_flags; -+ ACCESS_ONCE_RW(worker->flags) = worker_flags; - - idle_rebind.cnt++; - worker->idle_rebind = &idle_rebind; -@@ -1448,7 +1448,7 @@ retry: - /* morph UNBOUND to REBIND atomically */ - worker_flags &= ~WORKER_UNBOUND; - worker_flags |= WORKER_REBIND; -- ACCESS_ONCE(worker->flags) = worker_flags; -+ ACCESS_ONCE_RW(worker->flags) = worker_flags; - - if (test_and_set_bit(WORK_STRUCT_PENDING_BIT, - work_data_bits(rebind_work))) +diff --git a/kernel/user.c b/kernel/user.c +index 33acb5e..57ebfd4 100644 +--- a/kernel/user.c ++++ b/kernel/user.c +@@ -47,9 +47,7 @@ struct user_namespace init_user_ns = { + .count = 4294967295U, + }, + }, +- .kref = { +- .refcount = ATOMIC_INIT(3), +- }, ++ .count = ATOMIC_INIT(3), + .owner = GLOBAL_ROOT_UID, + .group = GLOBAL_ROOT_GID, + .proc_inum = PROC_USER_INIT_INO, +diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c +index 2b042c4..24f8ec3 100644 +--- a/kernel/user_namespace.c ++++ b/kernel/user_namespace.c +@@ -78,7 +78,7 @@ int create_user_ns(struct cred *new) + return ret; + } + +- kref_init(&ns->kref); ++ atomic_set(&ns->count, 1); + /* Leave the new->user_ns reference with the new user namespace. */ + ns->parent = parent_ns; + ns->owner = owner; +@@ -104,15 +104,16 @@ int unshare_userns(unsigned long unshare_flags, struct cred **new_cred) + return create_user_ns(cred); + } + +-void free_user_ns(struct kref *kref) ++void free_user_ns(struct user_namespace *ns) + { +- struct user_namespace *parent, *ns = +- container_of(kref, struct user_namespace, kref); ++ struct user_namespace *parent; + +- parent = ns->parent; +- proc_free_inum(ns->proc_inum); +- kmem_cache_free(user_ns_cachep, ns); +- put_user_ns(parent); ++ do { ++ parent = ns->parent; ++ proc_free_inum(ns->proc_inum); ++ kmem_cache_free(user_ns_cachep, ns); ++ ns = parent; ++ } while (atomic_dec_and_test(&parent->count)); + } + EXPORT_SYMBOL(free_user_ns); + +diff --git a/kernel/utsname_sysctl.c b/kernel/utsname_sysctl.c +index 63da38c..639904e 100644 +--- a/kernel/utsname_sysctl.c ++++ b/kernel/utsname_sysctl.c +@@ -46,7 +46,7 @@ static void put_uts(ctl_table *table, int write, void *which) + static int proc_do_uts_string(ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) + { +- struct ctl_table uts_table; ++ ctl_table_no_const uts_table; + int r; + memcpy(&uts_table, table, sizeof(uts_table)); + uts_table.data = get_uts(table, write); +diff --git a/kernel/watchdog.c b/kernel/watchdog.c +index 75a2ab3..5961da7 100644 +--- a/kernel/watchdog.c ++++ b/kernel/watchdog.c +@@ -527,7 +527,7 @@ int proc_dowatchdog(struct ctl_table *table, int write, + } + #endif /* CONFIG_SYSCTL */ + +-static struct smp_hotplug_thread watchdog_threads = { ++static struct smp_hotplug_thread watchdog_threads __read_only = { + .store = &softlockup_watchdog, + .thread_should_run = watchdog_should_run, + .thread_fn = watchdog, diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug -index 2403a63..5c4be4c 100644 +index 67604e5..fe94fb1 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug -@@ -1252,6 +1252,7 @@ config LATENCYTOP +@@ -550,7 +550,7 @@ config DEBUG_MUTEXES + + config DEBUG_LOCK_ALLOC + bool "Lock debugging: detect incorrect freeing of live locks" +- depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT ++ depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT && !PAX_CONSTIFY_PLUGIN + select DEBUG_SPINLOCK + select DEBUG_MUTEXES + select LOCKDEP +@@ -564,7 +564,7 @@ config DEBUG_LOCK_ALLOC + + config PROVE_LOCKING + bool "Lock debugging: prove locking correctness" +- depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT ++ depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT && !PAX_CONSTIFY_PLUGIN + select LOCKDEP + select DEBUG_SPINLOCK + select DEBUG_MUTEXES +@@ -670,7 +670,7 @@ config LOCKDEP + + config LOCK_STAT + bool "Lock usage statistics" +- depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT ++ depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT && !PAX_CONSTIFY_PLUGIN + select LOCKDEP + select DEBUG_SPINLOCK + select DEBUG_MUTEXES +@@ -1278,6 +1278,7 @@ config LATENCYTOP depends on DEBUG_KERNEL depends on STACKTRACE_SUPPORT depends on PROC_FS @@ -72289,7 +78369,7 @@ index 2403a63..5c4be4c 100644 select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM_UNWIND select KALLSYMS select KALLSYMS_ALL -@@ -1267,7 +1268,7 @@ source kernel/trace/Kconfig +@@ -1306,7 +1307,7 @@ config INTERVAL_TREE_TEST config PROVIDE_OHCI1394_DMA_INIT bool "Remote debugging over FireWire early on boot" @@ -72298,7 +78378,7 @@ index 2403a63..5c4be4c 100644 help If you want to debug problems which hang or crash the kernel early on boot and the crashing machine has a FireWire port, you can use -@@ -1296,7 +1297,7 @@ config PROVIDE_OHCI1394_DMA_INIT +@@ -1335,7 +1336,7 @@ config PROVIDE_OHCI1394_DMA_INIT config FIREWIRE_OHCI_REMOTE_DMA bool "Remote debugging over FireWire with firewire-ohci" @@ -72307,8 +78387,21 @@ index 2403a63..5c4be4c 100644 help This option lets you use the FireWire bus for remote debugging with help of the firewire-ohci driver. It enables unfiltered +diff --git a/lib/Makefile b/lib/Makefile +index 02ed6c0..bd243da 100644 +--- a/lib/Makefile ++++ b/lib/Makefile +@@ -47,7 +47,7 @@ obj-$(CONFIG_GENERIC_HWEIGHT) += hweight.o + + obj-$(CONFIG_BTREE) += btree.o + obj-$(CONFIG_DEBUG_PREEMPT) += smp_processor_id.o +-obj-$(CONFIG_DEBUG_LIST) += list_debug.o ++obj-y += list_debug.o + obj-$(CONFIG_DEBUG_OBJECTS) += debugobjects.o + + ifneq ($(CONFIG_HAVE_DEC_LOCK),y) diff --git a/lib/bitmap.c b/lib/bitmap.c -index 06fdfa1..97c5c7d 100644 +index 06f7e4f..f3cf2b0 100644 --- a/lib/bitmap.c +++ b/lib/bitmap.c @@ -422,7 +422,7 @@ int __bitmap_parse(const char *buf, unsigned int buflen, @@ -72348,10 +78441,10 @@ index 06fdfa1..97c5c7d 100644 } EXPORT_SYMBOL(bitmap_parselist_user); diff --git a/lib/bug.c b/lib/bug.c -index a28c141..2bd3d95 100644 +index d0cdf14..4d07bd2 100644 --- a/lib/bug.c +++ b/lib/bug.c -@@ -133,6 +133,8 @@ enum bug_trap_type report_bug(unsigned long bugaddr, struct pt_regs *regs) +@@ -134,6 +134,8 @@ enum bug_trap_type report_bug(unsigned long bugaddr, struct pt_regs *regs) return BUG_TRAP_TYPE_NONE; bug = find_bug(bugaddr); @@ -72396,10 +78489,19 @@ index 80b9c76..9e32279 100644 EXPORT_SYMBOL(devm_ioport_unmap); diff --git a/lib/dma-debug.c b/lib/dma-debug.c -index 66ce414..6f0a0dd 100644 +index 5e396ac..58d5de1 100644 --- a/lib/dma-debug.c +++ b/lib/dma-debug.c -@@ -924,7 +924,7 @@ out: +@@ -768,7 +768,7 @@ static int dma_debug_device_change(struct notifier_block *nb, unsigned long acti + + void dma_debug_add_bus(struct bus_type *bus) + { +- struct notifier_block *nb; ++ notifier_block_no_const *nb; + + if (global_disable) + return; +@@ -942,7 +942,7 @@ out: static void check_for_stack(struct device *dev, void *addr) { @@ -72457,13 +78559,46 @@ index bd2bea9..6b3c95e 100644 if (atomic_read(&task->signal->live) != 1) return false; +diff --git a/lib/kobject.c b/lib/kobject.c +index e07ee1f..998489d 100644 +--- a/lib/kobject.c ++++ b/lib/kobject.c +@@ -852,9 +852,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add); + + + static DEFINE_SPINLOCK(kobj_ns_type_lock); +-static const struct kobj_ns_type_operations *kobj_ns_ops_tbl[KOBJ_NS_TYPES]; ++static const struct kobj_ns_type_operations *kobj_ns_ops_tbl[KOBJ_NS_TYPES] __read_only; + +-int kobj_ns_type_register(const struct kobj_ns_type_operations *ops) ++int __init kobj_ns_type_register(const struct kobj_ns_type_operations *ops) + { + enum kobj_ns_type type = ops->type; + int error; diff --git a/lib/list_debug.c b/lib/list_debug.c -index c24c2f7..bef49ee 100644 +index c24c2f7..0475b78 100644 --- a/lib/list_debug.c +++ b/lib/list_debug.c -@@ -23,17 +23,19 @@ void __list_add(struct list_head *new, - struct list_head *prev, - struct list_head *next) +@@ -11,7 +11,9 @@ + #include <linux/bug.h> + #include <linux/kernel.h> + #include <linux/rculist.h> ++#include <linux/mm.h> + ++#ifdef CONFIG_DEBUG_LIST + /* + * Insert a new entry between two known consecutive entries. + * +@@ -19,21 +21,32 @@ + * the prev/next entries already! + */ + +-void __list_add(struct list_head *new, +- struct list_head *prev, +- struct list_head *next) ++static bool __list_add_debug(struct list_head *new, ++ struct list_head *prev, ++ struct list_head *next) { - WARN(next->prev != prev, + if (WARN(next->prev != prev, @@ -72482,30 +78617,139 @@ index c24c2f7..bef49ee 100644 "list_add double add: new=%p, prev=%p, next=%p.\n", - new, prev, next); + new, prev, next)) ++ return false; ++ return true; ++} ++ ++void __list_add(struct list_head *new, ++ struct list_head *prev, ++ struct list_head *next) ++{ ++ if (!__list_add_debug(new, prev, next)) + return; + next->prev = new; new->next = next; new->prev = prev; -@@ -86,12 +88,14 @@ EXPORT_SYMBOL(list_del); +@@ -41,7 +54,7 @@ void __list_add(struct list_head *new, + } + EXPORT_SYMBOL(__list_add); + +-void __list_del_entry(struct list_head *entry) ++static bool __list_del_entry_debug(struct list_head *entry) + { + struct list_head *prev, *next; + +@@ -60,9 +73,16 @@ void __list_del_entry(struct list_head *entry) + WARN(next->prev != entry, + "list_del corruption. next->prev should be %p, " + "but was %p\n", entry, next->prev)) ++ return false; ++ return true; ++} ++ ++void __list_del_entry(struct list_head *entry) ++{ ++ if (!__list_del_entry_debug(entry)) + return; + +- __list_del(prev, next); ++ __list_del(entry->prev, entry->next); + } + EXPORT_SYMBOL(__list_del_entry); + +@@ -86,15 +106,85 @@ EXPORT_SYMBOL(list_del); void __list_add_rcu(struct list_head *new, struct list_head *prev, struct list_head *next) { - WARN(next->prev != prev, -+ if (WARN(next->prev != prev, - "list_add_rcu corruption. next->prev should be prev (%p), but was %p. (next=%p).\n", +- "list_add_rcu corruption. next->prev should be prev (%p), but was %p. (next=%p).\n", - prev, next->prev, next); - WARN(prev->next != next, -+ prev, next->prev, next) || -+ WARN(prev->next != next, - "list_add_rcu corruption. prev->next should be next (%p), but was %p. (prev=%p).\n", +- "list_add_rcu corruption. prev->next should be next (%p), but was %p. (prev=%p).\n", - next, prev->next, prev); -+ next, prev->next, prev)) ++ if (!__list_add_debug(new, prev, next)) + return; + new->next = next; new->prev = prev; rcu_assign_pointer(list_next_rcu(prev), new); + next->prev = new; + } + EXPORT_SYMBOL(__list_add_rcu); ++#endif ++ ++void __pax_list_add(struct list_head *new, struct list_head *prev, struct list_head *next) ++{ ++#ifdef CONFIG_DEBUG_LIST ++ if (!__list_add_debug(new, prev, next)) ++ return; ++#endif ++ ++ pax_open_kernel(); ++ next->prev = new; ++ new->next = next; ++ new->prev = prev; ++ prev->next = new; ++ pax_close_kernel(); ++} ++EXPORT_SYMBOL(__pax_list_add); ++ ++void pax_list_del(struct list_head *entry) ++{ ++#ifdef CONFIG_DEBUG_LIST ++ if (!__list_del_entry_debug(entry)) ++ return; ++#endif ++ ++ pax_open_kernel(); ++ __list_del(entry->prev, entry->next); ++ entry->next = LIST_POISON1; ++ entry->prev = LIST_POISON2; ++ pax_close_kernel(); ++} ++EXPORT_SYMBOL(pax_list_del); ++ ++void pax_list_del_init(struct list_head *entry) ++{ ++ pax_open_kernel(); ++ __list_del(entry->prev, entry->next); ++ INIT_LIST_HEAD(entry); ++ pax_close_kernel(); ++} ++EXPORT_SYMBOL(pax_list_del_init); ++ ++void __pax_list_add_rcu(struct list_head *new, ++ struct list_head *prev, struct list_head *next) ++{ ++#ifdef CONFIG_DEBUG_LIST ++ if (!__list_add_debug(new, prev, next)) ++ return; ++#endif ++ ++ pax_open_kernel(); ++ new->next = next; ++ new->prev = prev; ++ rcu_assign_pointer(list_next_rcu(prev), new); ++ next->prev = new; ++ pax_close_kernel(); ++} ++EXPORT_SYMBOL(__pax_list_add_rcu); ++ ++void pax_list_del_rcu(struct list_head *entry) ++{ ++#ifdef CONFIG_DEBUG_LIST ++ if (!__list_del_entry_debug(entry)) ++ return; ++#endif ++ ++ pax_open_kernel(); ++ __list_del(entry->prev, entry->next); ++ entry->next = LIST_POISON1; ++ entry->prev = LIST_POISON2; ++ pax_close_kernel(); ++} ++EXPORT_SYMBOL(pax_list_del_rcu); diff --git a/lib/radix-tree.c b/lib/radix-tree.c index e796429..6e38f9f 100644 --- a/lib/radix-tree.c @@ -72545,8 +78789,21 @@ index a28df52..3d55877 100644 long align, res = 0; unsigned long c; +diff --git a/lib/swiotlb.c b/lib/swiotlb.c +index 196b069..358f342 100644 +--- a/lib/swiotlb.c ++++ b/lib/swiotlb.c +@@ -642,7 +642,7 @@ EXPORT_SYMBOL(swiotlb_alloc_coherent); + + void + swiotlb_free_coherent(struct device *hwdev, size_t size, void *vaddr, +- dma_addr_t dev_addr) ++ dma_addr_t dev_addr, struct dma_attrs *attrs) + { + phys_addr_t paddr = dma_to_phys(hwdev, dev_addr); + diff --git a/lib/vsprintf.c b/lib/vsprintf.c -index 0e33754..50a0e63 100644 +index fab33a9..3b5fe68 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -16,6 +16,9 @@ @@ -72559,7 +78816,7 @@ index 0e33754..50a0e63 100644 #include <stdarg.h> #include <linux/module.h> /* for KSYM_SYMBOL_LEN */ #include <linux/types.h> -@@ -536,7 +539,7 @@ char *symbol_string(char *buf, char *end, void *ptr, +@@ -541,7 +544,7 @@ char *symbol_string(char *buf, char *end, void *ptr, char sym[KSYM_SYMBOL_LEN]; if (ext == 'B') sprint_backtrace(sym, value); @@ -72568,7 +78825,7 @@ index 0e33754..50a0e63 100644 sprint_symbol(sym, value); else sprint_symbol_no_offset(sym, value); -@@ -969,7 +972,11 @@ char *netdev_feature_string(char *buf, char *end, const u8 *addr, +@@ -974,7 +977,11 @@ char *netdev_feature_string(char *buf, char *end, const u8 *addr, return number(buf, end, *(const netdev_features_t *)addr, spec); } @@ -72580,7 +78837,7 @@ index 0e33754..50a0e63 100644 /* * Show a '%p' thing. A kernel extension is that the '%p' is followed -@@ -983,6 +990,8 @@ int kptr_restrict __read_mostly; +@@ -988,6 +995,8 @@ int kptr_restrict __read_mostly; * - 'S' For symbolic direct pointers with offset * - 's' For symbolic direct pointers without offset * - 'B' For backtraced symbolic direct pointers with offset @@ -72589,7 +78846,7 @@ index 0e33754..50a0e63 100644 * - 'R' For decoded struct resource, e.g., [mem 0x0-0x1f 64bit pref] * - 'r' For raw struct resource, e.g., [mem 0x0-0x1f flags 0x201] * - 'M' For a 6-byte MAC address, it prints the address in the -@@ -1038,12 +1047,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -1043,12 +1052,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, if (!ptr && *fmt != 'K') { /* @@ -72604,7 +78861,7 @@ index 0e33754..50a0e63 100644 } switch (*fmt) { -@@ -1053,6 +1062,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -1058,6 +1067,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, /* Fallthrough */ case 'S': case 's': @@ -72618,7 +78875,7 @@ index 0e33754..50a0e63 100644 case 'B': return symbol_string(buf, end, ptr, spec, *fmt); case 'R': -@@ -1093,6 +1109,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -1098,6 +1114,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, va_end(va); return buf; } @@ -72627,7 +78884,7 @@ index 0e33754..50a0e63 100644 case 'K': /* * %pK cannot be used in IRQ context because its test -@@ -1116,6 +1134,21 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -1121,6 +1139,21 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, } break; } @@ -72639,7 +78896,7 @@ index 0e33754..50a0e63 100644 + Also ignore 'K' pointers, since we force their NULLing for non-root users + above + */ -+ if (ptr > TASK_SIZE && *fmt != 'P' && *fmt != 'K' && is_usercopy_object(buf)) { ++ if ((unsigned long)ptr > TASK_SIZE && *fmt != 'P' && *fmt != 'K' && is_usercopy_object(buf)) { + printk(KERN_ALERT "grsec: kernel infoleak detected! Please report this log to spender@grsecurity.net.\n"); + dump_stack(); + ptr = NULL; @@ -72649,7 +78906,7 @@ index 0e33754..50a0e63 100644 spec.flags |= SMALL; if (spec.field_width == -1) { spec.field_width = default_width; -@@ -1831,11 +1864,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) +@@ -1842,11 +1875,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) typeof(type) value; \ if (sizeof(type) == 8) { \ args = PTR_ALIGN(args, sizeof(u32)); \ @@ -72664,7 +78921,7 @@ index 0e33754..50a0e63 100644 } \ args += sizeof(type); \ value; \ -@@ -1898,7 +1931,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) +@@ -1909,7 +1942,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) case FORMAT_TYPE_STR: { const char *str_arg = args; args += strlen(str_arg) + 1; @@ -72681,10 +78938,10 @@ index 0000000..7cd6065 @@ -0,0 +1 @@ +-grsec diff --git a/mm/Kconfig b/mm/Kconfig -index d5c8019..f513038 100644 +index 278e3ab..87c384d 100644 --- a/mm/Kconfig +++ b/mm/Kconfig -@@ -251,10 +251,10 @@ config KSM +@@ -286,10 +286,10 @@ config KSM root has set /sys/kernel/mm/ksm/run to 1 (if CONFIG_SYSFS is set). config DEFAULT_MMAP_MIN_ADDR @@ -72698,7 +78955,7 @@ index d5c8019..f513038 100644 This is the portion of low virtual memory which should be protected from userspace allocation. Keeping a user from writing to low pages can help reduce the impact of kernel NULL pointer bugs. -@@ -285,7 +285,7 @@ config MEMORY_FAILURE +@@ -320,7 +320,7 @@ config MEMORY_FAILURE config HWPOISON_INJECT tristate "HWPoison pages injector" @@ -72708,10 +78965,10 @@ index d5c8019..f513038 100644 config NOMMU_INITIAL_TRIM_EXCESS diff --git a/mm/filemap.c b/mm/filemap.c -index 3843445..4fe6833 100644 +index 83efee7..3f99381 100644 --- a/mm/filemap.c +++ b/mm/filemap.c -@@ -1746,7 +1746,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) +@@ -1747,7 +1747,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) struct address_space *mapping = file->f_mapping; if (!mapping->a_ops->readpage) @@ -72719,7 +78976,7 @@ index 3843445..4fe6833 100644 + return -ENODEV; file_accessed(file); vma->vm_ops = &generic_file_vm_ops; - vma->vm_flags |= VM_CAN_NONLINEAR; + return 0; @@ -2087,6 +2087,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i *pos = i_size_read(inode); @@ -72729,10 +78986,10 @@ index 3843445..4fe6833 100644 send_sig(SIGXFSZ, current, 0); return -EFBIG; diff --git a/mm/fremap.c b/mm/fremap.c -index 9ed4fd4..c42648d 100644 +index a0aaf0e..20325c3 100644 --- a/mm/fremap.c +++ b/mm/fremap.c -@@ -155,6 +155,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, +@@ -157,6 +157,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, retry: vma = find_vma(mm, start); @@ -72745,25 +79002,15 @@ index 9ed4fd4..c42648d 100644 * Make sure the vma is shared, that it supports prefaulting, * and that the remapped range is valid and fully within diff --git a/mm/highmem.c b/mm/highmem.c -index d517cd1..9568fec 100644 +index b32b70c..e512eb0 100644 --- a/mm/highmem.c +++ b/mm/highmem.c -@@ -98,7 +98,7 @@ struct page *kmap_to_page(void *vaddr) - { - unsigned long addr = (unsigned long)vaddr; - -- if (addr >= PKMAP_ADDR(0) && addr <= PKMAP_ADDR(LAST_PKMAP)) { -+ if (addr >= PKMAP_ADDR(0) && addr < PKMAP_ADDR(LAST_PKMAP)) { - int i = (addr - PKMAP_ADDR(0)) >> PAGE_SHIFT; - return pte_page(pkmap_page_table[i]); - } -@@ -137,9 +137,10 @@ static void flush_all_zero_pkmaps(void) +@@ -138,8 +138,9 @@ static void flush_all_zero_pkmaps(void) * So no dangers, even with speculative execution. */ page = pte_page(pkmap_page_table[i]); + pax_open_kernel(); - pte_clear(&init_mm, (unsigned long)page_address(page), - &pkmap_page_table[i]); + pte_clear(&init_mm, PKMAP_ADDR(i), &pkmap_page_table[i]); - + pax_close_kernel(); set_page_address(page, NULL); @@ -72782,24 +79029,53 @@ index d517cd1..9568fec 100644 pkmap_count[last_pkmap_nr] = 1; set_page_address(page, (void *)vaddr); -diff --git a/mm/huge_memory.c b/mm/huge_memory.c -index 141dbb6..ebff057 100644 ---- a/mm/huge_memory.c -+++ b/mm/huge_memory.c -@@ -735,7 +735,7 @@ out: - * run pte_offset_map on the pmd, if an huge pmd could - * materialize from under us from a different thread. - */ -- if (unlikely(__pte_alloc(mm, vma, pmd, address))) -+ if (unlikely(pmd_none(*pmd) && __pte_alloc(mm, vma, pmd, address))) - return VM_FAULT_OOM; - /* if an huge pmd materialized from under us just retry later */ - if (unlikely(pmd_trans_huge(*pmd))) diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 3adceaf..dccfea3 100644 +index 546db81..34830af 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -2512,6 +2512,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2008,15 +2008,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, + struct hstate *h = &default_hstate; + unsigned long tmp; + int ret; ++ ctl_table_no_const hugetlb_table; + + tmp = h->max_huge_pages; + + if (write && h->order >= MAX_ORDER) + return -EINVAL; + +- table->data = &tmp; +- table->maxlen = sizeof(unsigned long); +- ret = proc_doulongvec_minmax(table, write, buffer, length, ppos); ++ hugetlb_table = *table; ++ hugetlb_table.data = &tmp; ++ hugetlb_table.maxlen = sizeof(unsigned long); ++ ret = proc_doulongvec_minmax(&hugetlb_table, write, buffer, length, ppos); + if (ret) + goto out; + +@@ -2073,15 +2075,17 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, + struct hstate *h = &default_hstate; + unsigned long tmp; + int ret; ++ ctl_table_no_const hugetlb_table; + + tmp = h->nr_overcommit_huge_pages; + + if (write && h->order >= MAX_ORDER) + return -EINVAL; + +- table->data = &tmp; +- table->maxlen = sizeof(unsigned long); +- ret = proc_doulongvec_minmax(table, write, buffer, length, ppos); ++ hugetlb_table = *table; ++ hugetlb_table.data = &tmp; ++ hugetlb_table.maxlen = sizeof(unsigned long); ++ ret = proc_doulongvec_minmax(&hugetlb_table, write, buffer, length, ppos); + if (ret) + goto out; + +@@ -2511,6 +2515,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -72827,7 +79103,7 @@ index 3adceaf..dccfea3 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. * Called with hugetlb_instantiation_mutex held and pte_page locked so we -@@ -2628,6 +2649,11 @@ retry_avoidcopy: +@@ -2629,6 +2654,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -72838,8 +79114,8 @@ index 3adceaf..dccfea3 100644 + /* Make the old page be freed below */ new_page = old_page; - mmu_notifier_invalidate_range_end(mm, -@@ -2786,6 +2812,10 @@ retry: + } +@@ -2788,6 +2818,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -72850,7 +79126,7 @@ index 3adceaf..dccfea3 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page); -@@ -2815,6 +2845,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2817,6 +2851,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -72861,7 +79137,7 @@ index 3adceaf..dccfea3 100644 address &= huge_page_mask(h); ptep = huge_pte_offset(mm, address); -@@ -2828,6 +2862,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2830,6 +2868,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(hstate_index(h)); } @@ -72889,10 +79165,10 @@ index 3adceaf..dccfea3 100644 if (!ptep) return VM_FAULT_OOM; diff --git a/mm/internal.h b/mm/internal.h -index b8c91b3..93e95a3 100644 +index 9ba2110..eaf0674 100644 --- a/mm/internal.h +++ b/mm/internal.h -@@ -95,6 +95,7 @@ extern void putback_lru_page(struct page *page); +@@ -100,6 +100,7 @@ extern pmd_t *mm_find_pmd(struct mm_struct *mm, unsigned long address); * in mm/page_alloc.c */ extern void __free_pages_bootmem(struct page *page, unsigned int order); @@ -72901,7 +79177,7 @@ index b8c91b3..93e95a3 100644 #ifdef CONFIG_MEMORY_FAILURE extern bool is_free_buddy_page(struct page *page); diff --git a/mm/kmemleak.c b/mm/kmemleak.c -index 45eb621..6ccd8ea 100644 +index 752a705..6c3102e 100644 --- a/mm/kmemleak.c +++ b/mm/kmemleak.c @@ -363,7 +363,7 @@ static void print_unreferenced(struct seq_file *seq, @@ -72909,10 +79185,19 @@ index 45eb621..6ccd8ea 100644 for (i = 0; i < object->trace_len; i++) { void *ptr = (void *)object->trace[i]; - seq_printf(seq, " [<%p>] %pS\n", ptr, ptr); -+ seq_printf(seq, " [<%p>] %pA\n", ptr, ptr); ++ seq_printf(seq, " [<%pP>] %pA\n", ptr, ptr); } } +@@ -1853,7 +1853,7 @@ static int __init kmemleak_late_init(void) + return -ENOMEM; + } + +- dentry = debugfs_create_file("kmemleak", S_IRUGO, NULL, NULL, ++ dentry = debugfs_create_file("kmemleak", S_IRUSR, NULL, NULL, + &kmemleak_fops); + if (!dentry) + pr_warning("Failed to create the debugfs kmemleak file\n"); diff --git a/mm/maccess.c b/mm/maccess.c index d53adf9..03a24bf 100644 --- a/mm/maccess.c @@ -72936,7 +79221,7 @@ index d53adf9..03a24bf 100644 set_fs(old_fs); diff --git a/mm/madvise.c b/mm/madvise.c -index 14d260f..b2a80fd 100644 +index 03dfa5c..b032917 100644 --- a/mm/madvise.c +++ b/mm/madvise.c @@ -48,6 +48,10 @@ static long madvise_behavior(struct vm_area_struct * vma, @@ -72950,7 +79235,7 @@ index 14d260f..b2a80fd 100644 switch (behavior) { case MADV_NORMAL: new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ; -@@ -119,6 +123,13 @@ success: +@@ -123,6 +127,13 @@ success: /* * vm_flags is protected by the mmap_sem held in write mode. */ @@ -72964,7 +79249,7 @@ index 14d260f..b2a80fd 100644 vma->vm_flags = new_flags; out: -@@ -177,6 +188,11 @@ static long madvise_dontneed(struct vm_area_struct * vma, +@@ -181,6 +192,11 @@ static long madvise_dontneed(struct vm_area_struct * vma, struct vm_area_struct ** prev, unsigned long start, unsigned long end) { @@ -72976,7 +79261,7 @@ index 14d260f..b2a80fd 100644 *prev = vma; if (vma->vm_flags & (VM_LOCKED|VM_HUGETLB|VM_PFNMAP)) return -EINVAL; -@@ -189,6 +205,21 @@ static long madvise_dontneed(struct vm_area_struct * vma, +@@ -193,6 +209,21 @@ static long madvise_dontneed(struct vm_area_struct * vma, zap_page_range(vma, start, end - start, &details); } else zap_page_range(vma, start, end - start, NULL); @@ -72998,7 +79283,7 @@ index 14d260f..b2a80fd 100644 return 0; } -@@ -393,6 +424,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior) +@@ -397,6 +428,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior) if (end < start) goto out; @@ -73016,7 +79301,7 @@ index 14d260f..b2a80fd 100644 if (end == start) goto out; diff --git a/mm/memory-failure.c b/mm/memory-failure.c -index 3dd21e2..0e32042 100644 +index c6e4dd3..1f41988 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; @@ -73037,7 +79322,16 @@ index 3dd21e2..0e32042 100644 #ifdef __ARCH_SI_TRAPNO si.si_trapno = trapno; #endif -@@ -1038,7 +1038,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) +@@ -760,7 +760,7 @@ static struct page_state { + unsigned long res; + char *msg; + int (*action)(struct page *p, unsigned long pfn); +-} error_states[] = { ++} __do_const error_states[] = { + { reserved, reserved, "reserved kernel", me_kernel }, + /* + * free pages are specially detected outside this table: +@@ -1040,7 +1040,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) } nr_pages = 1 << compound_trans_order(hpage); @@ -73046,7 +79340,7 @@ index 3dd21e2..0e32042 100644 /* * We need/can do nothing about count=0 pages. -@@ -1068,7 +1068,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1070,7 +1070,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) if (!PageHWPoison(hpage) || (hwpoison_filter(p) && TestClearPageHWPoison(p)) || (p != hpage && TestSetPageHWPoison(hpage))) { @@ -73055,7 +79349,7 @@ index 3dd21e2..0e32042 100644 return 0; } set_page_hwpoison_huge_page(hpage); -@@ -1126,7 +1126,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1128,7 +1128,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) } if (hwpoison_filter(p)) { if (TestClearPageHWPoison(p)) @@ -73064,7 +79358,7 @@ index 3dd21e2..0e32042 100644 unlock_page(hpage); put_page(hpage); return 0; -@@ -1321,7 +1321,7 @@ int unpoison_memory(unsigned long pfn) +@@ -1323,7 +1323,7 @@ int unpoison_memory(unsigned long pfn) return 0; } if (TestClearPageHWPoison(p)) @@ -73073,7 +79367,7 @@ index 3dd21e2..0e32042 100644 pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn); return 0; } -@@ -1335,7 +1335,7 @@ int unpoison_memory(unsigned long pfn) +@@ -1337,7 +1337,7 @@ int unpoison_memory(unsigned long pfn) */ if (TestClearPageHWPoison(page)) { pr_info("MCE: Software-unpoisoned page %#lx\n", pfn); @@ -73082,7 +79376,7 @@ index 3dd21e2..0e32042 100644 freeit = 1; if (PageHuge(page)) clear_page_hwpoison_huge_page(page); -@@ -1440,7 +1440,7 @@ static int soft_offline_huge_page(struct page *page, int flags) +@@ -1442,7 +1442,7 @@ static int soft_offline_huge_page(struct page *page, int flags) } done: if (!PageHWPoison(hpage)) @@ -73091,7 +79385,7 @@ index 3dd21e2..0e32042 100644 &mce_bad_pages); set_page_hwpoison_huge_page(hpage); dequeue_hwpoisoned_huge_page(hpage); -@@ -1580,7 +1580,7 @@ int soft_offline_page(struct page *page, int flags) +@@ -1583,7 +1583,7 @@ int soft_offline_page(struct page *page, int flags) return ret; done: @@ -73101,10 +79395,10 @@ index 3dd21e2..0e32042 100644 /* keep elevated page count for bad page */ return ret; diff --git a/mm/memory.c b/mm/memory.c -index 29ffb5c..6540b13 100644 +index bb1369f..efb96b5 100644 --- a/mm/memory.c +++ b/mm/memory.c -@@ -431,6 +431,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, +@@ -433,6 +433,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, free_pte_range(tlb, pmd, addr); } while (pmd++, addr = next, addr != end); @@ -73112,7 +79406,7 @@ index 29ffb5c..6540b13 100644 start &= PUD_MASK; if (start < floor) return; -@@ -445,6 +446,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, +@@ -447,6 +448,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, pmd = pmd_offset(pud, start); pud_clear(pud); pmd_free_tlb(tlb, pmd, start); @@ -73121,7 +79415,7 @@ index 29ffb5c..6540b13 100644 } static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, -@@ -464,6 +467,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, +@@ -466,6 +469,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, free_pmd_range(tlb, pud, addr, next, floor, ceiling); } while (pud++, addr = next, addr != end); @@ -73129,7 +79423,7 @@ index 29ffb5c..6540b13 100644 start &= PGDIR_MASK; if (start < floor) return; -@@ -478,6 +482,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, +@@ -480,6 +484,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, pud = pud_offset(pgd, start); pgd_clear(pgd); pud_free_tlb(tlb, pud, start); @@ -73138,7 +79432,7 @@ index 29ffb5c..6540b13 100644 } /* -@@ -1619,12 +1625,6 @@ no_page_table: +@@ -1618,12 +1624,6 @@ no_page_table: return page; } @@ -73151,8 +79445,8 @@ index 29ffb5c..6540b13 100644 /** * __get_user_pages() - pin user pages in memory * @tsk: task_struct of target task -@@ -1697,10 +1697,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, - (VM_MAYREAD | VM_MAYWRITE) : (VM_READ | VM_WRITE); +@@ -1709,10 +1709,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, + i = 0; - do { @@ -73164,7 +79458,7 @@ index 29ffb5c..6540b13 100644 if (!vma && in_gate_area(mm, start)) { unsigned long pg = start & PAGE_MASK; pgd_t *pgd; -@@ -1748,7 +1748,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1760,7 +1760,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, goto next_page; } @@ -73173,7 +79467,7 @@ index 29ffb5c..6540b13 100644 (vma->vm_flags & (VM_IO | VM_PFNMAP)) || !(vm_flags & vma->vm_flags)) return i ? : -EFAULT; -@@ -1775,11 +1775,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1787,11 +1787,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, int ret; unsigned int fault_flags = 0; @@ -73185,7 +79479,7 @@ index 29ffb5c..6540b13 100644 if (foll_flags & FOLL_WRITE) fault_flags |= FAULT_FLAG_WRITE; if (nonblocking) -@@ -1853,7 +1848,7 @@ next_page: +@@ -1865,7 +1860,7 @@ next_page: start += PAGE_SIZE; nr_pages--; } while (nr_pages && start < vma->vm_end); @@ -73194,7 +79488,7 @@ index 29ffb5c..6540b13 100644 return i; } EXPORT_SYMBOL(__get_user_pages); -@@ -2060,6 +2055,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, +@@ -2072,6 +2067,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, page_add_file_rmap(page); set_pte_at(mm, addr, pte, mk_pte(page, prot)); @@ -73205,30 +79499,29 @@ index 29ffb5c..6540b13 100644 retval = 0; pte_unmap_unlock(pte, ptl); return retval; -@@ -2094,10 +2093,22 @@ out: - int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, - struct page *page) - { +@@ -2116,9 +2115,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, + if (!page_count(page)) + return -EINVAL; + if (!(vma->vm_flags & VM_MIXEDMAP)) { + +#ifdef CONFIG_PAX_SEGMEXEC -+ struct vm_area_struct *vma_m; ++ struct vm_area_struct *vma_m; +#endif + - if (addr < vma->vm_start || addr >= vma->vm_end) - return -EFAULT; - if (!page_count(page)) - return -EINVAL; + BUG_ON(down_read_trylock(&vma->vm_mm->mmap_sem)); + BUG_ON(vma->vm_flags & VM_PFNMAP); + vma->vm_flags |= VM_MIXEDMAP; + +#ifdef CONFIG_PAX_SEGMEXEC -+ vma_m = pax_find_mirror_vma(vma); -+ if (vma_m) -+ vma_m->vm_flags |= VM_INSERTPAGE; ++ vma_m = pax_find_mirror_vma(vma); ++ if (vma_m) ++ vma_m->vm_flags |= VM_MIXEDMAP; +#endif + - vma->vm_flags |= VM_INSERTPAGE; + } return insert_page(vma, addr, page, vma->vm_page_prot); } -@@ -2183,6 +2194,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, +@@ -2201,6 +2212,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, unsigned long pfn) { BUG_ON(!(vma->vm_flags & VM_MIXEDMAP)); @@ -73236,7 +79529,7 @@ index 29ffb5c..6540b13 100644 if (addr < vma->vm_start || addr >= vma->vm_end) return -EFAULT; -@@ -2390,7 +2402,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, +@@ -2401,7 +2413,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, BUG_ON(pud_huge(*pud)); @@ -73247,7 +79540,7 @@ index 29ffb5c..6540b13 100644 if (!pmd) return -ENOMEM; do { -@@ -2410,7 +2424,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, +@@ -2421,7 +2435,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, unsigned long next; int err; @@ -73258,7 +79551,7 @@ index 29ffb5c..6540b13 100644 if (!pud) return -ENOMEM; do { -@@ -2498,6 +2514,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo +@@ -2509,6 +2525,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo copy_user_highpage(dst, src, va, vma); } @@ -73445,7 +79738,7 @@ index 29ffb5c..6540b13 100644 /* * This routine handles present pages, when users try to write * to a shared page. It is done by copying the page to a new address -@@ -2708,6 +2904,12 @@ gotten: +@@ -2725,6 +2921,12 @@ gotten: */ page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { @@ -73458,7 +79751,7 @@ index 29ffb5c..6540b13 100644 if (old_page) { if (!PageAnon(old_page)) { dec_mm_counter_fast(mm, MM_FILEPAGES); -@@ -2759,6 +2961,10 @@ gotten: +@@ -2776,6 +2978,10 @@ gotten: page_remove_rmap(old_page); } @@ -73469,7 +79762,7 @@ index 29ffb5c..6540b13 100644 /* Free the old page.. */ new_page = old_page; ret |= VM_FAULT_WRITE; -@@ -3038,6 +3244,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3051,6 +3257,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, swap_free(entry); if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) try_to_free_swap(page); @@ -73481,7 +79774,7 @@ index 29ffb5c..6540b13 100644 unlock_page(page); if (swapcache) { /* -@@ -3061,6 +3272,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3074,6 +3285,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -73493,7 +79786,7 @@ index 29ffb5c..6540b13 100644 unlock: pte_unmap_unlock(page_table, ptl); out: -@@ -3080,40 +3296,6 @@ out_release: +@@ -3093,40 +3309,6 @@ out_release: } /* @@ -73534,7 +79827,7 @@ index 29ffb5c..6540b13 100644 * We enter with non-exclusive mmap_sem (to exclude vma changes, * but allow concurrent faults), and pte mapped but not yet locked. * We return with mmap_sem still held, but pte unmapped and unlocked. -@@ -3122,27 +3304,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3135,27 +3317,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *page_table, pmd_t *pmd, unsigned int flags) { @@ -73567,7 +79860,7 @@ index 29ffb5c..6540b13 100644 if (unlikely(anon_vma_prepare(vma))) goto oom; page = alloc_zeroed_user_highpage_movable(vma, address); -@@ -3161,6 +3339,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3174,6 +3352,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, if (!pte_none(*page_table)) goto release; @@ -73579,7 +79872,7 @@ index 29ffb5c..6540b13 100644 inc_mm_counter_fast(mm, MM_ANONPAGES); page_add_new_anon_rmap(page, vma, address); setpte: -@@ -3168,6 +3351,12 @@ setpte: +@@ -3181,6 +3364,12 @@ setpte: /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -73592,7 +79885,7 @@ index 29ffb5c..6540b13 100644 unlock: pte_unmap_unlock(page_table, ptl); return 0; -@@ -3311,6 +3500,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3324,6 +3513,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, */ /* Only go through if we didn't race with anybody else... */ if (likely(pte_same(*page_table, orig_pte))) { @@ -73605,7 +79898,7 @@ index 29ffb5c..6540b13 100644 flush_icache_page(vma, page); entry = mk_pte(page, vma->vm_page_prot); if (flags & FAULT_FLAG_WRITE) -@@ -3330,6 +3525,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3343,6 +3538,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, /* no need to invalidate: a not-present page won't be cached */ update_mmu_cache(vma, address, page_table); @@ -73620,7 +79913,7 @@ index 29ffb5c..6540b13 100644 } else { if (cow_page) mem_cgroup_uncharge_page(cow_page); -@@ -3484,6 +3687,12 @@ int handle_pte_fault(struct mm_struct *mm, +@@ -3664,6 +3867,12 @@ int handle_pte_fault(struct mm_struct *mm, if (flags & FAULT_FLAG_WRITE) flush_tlb_fix_spurious_fault(vma, address); } @@ -73633,7 +79926,7 @@ index 29ffb5c..6540b13 100644 unlock: pte_unmap_unlock(pte, ptl); return 0; -@@ -3500,6 +3709,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3680,6 +3889,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, pmd_t *pmd; pte_t *pte; @@ -73644,7 +79937,7 @@ index 29ffb5c..6540b13 100644 __set_current_state(TASK_RUNNING); count_vm_event(PGFAULT); -@@ -3511,6 +3724,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3691,6 +3904,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, if (unlikely(is_vm_hugetlb_page(vma))) return hugetlb_fault(mm, vma, address, flags); @@ -73679,16 +79972,7 @@ index 29ffb5c..6540b13 100644 retry: pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); -@@ -3552,7 +3793,7 @@ retry: - * run pte_offset_map on the pmd, if an huge pmd could - * materialize from under us from a different thread. - */ -- if (unlikely(pmd_none(*pmd)) && __pte_alloc(mm, vma, pmd, address)) -+ if (unlikely(pmd_none(*pmd) && __pte_alloc(mm, vma, pmd, address))) - return VM_FAULT_OOM; - /* if an huge pmd materialized from under us just retry later */ - if (unlikely(pmd_trans_huge(*pmd))) -@@ -3589,6 +3830,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) +@@ -3789,6 +4030,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -73712,7 +79996,7 @@ index 29ffb5c..6540b13 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -3619,6 +3877,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -3819,6 +4077,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -73743,7 +80027,7 @@ index 29ffb5c..6540b13 100644 #endif /* __PAGETABLE_PMD_FOLDED */ int make_pages_present(unsigned long addr, unsigned long end) -@@ -3656,7 +3938,7 @@ static int __init gate_vma_init(void) +@@ -3856,7 +4138,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -73753,10 +80037,10 @@ index 29ffb5c..6540b13 100644 return 0; } diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 5e0fea1..839c240 100644 +index e2df1c1..1e31d57 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c -@@ -655,6 +655,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, +@@ -721,6 +721,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, unsigned long vmstart; unsigned long vmend; @@ -73767,7 +80051,7 @@ index 5e0fea1..839c240 100644 vma = find_vma(mm, start); if (!vma || vma->vm_start > start) return -EFAULT; -@@ -691,9 +695,20 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, +@@ -757,9 +761,20 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, if (err) goto out; } @@ -73788,7 +80072,7 @@ index 5e0fea1..839c240 100644 } out: -@@ -1147,6 +1162,17 @@ static long do_mbind(unsigned long start, unsigned long len, +@@ -1216,6 +1231,17 @@ static long do_mbind(unsigned long start, unsigned long len, if (end < start) return -EINVAL; @@ -73806,7 +80090,7 @@ index 5e0fea1..839c240 100644 if (end == start) return 0; -@@ -1370,8 +1396,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1445,8 +1471,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -73816,7 +80100,7 @@ index 5e0fea1..839c240 100644 rcu_read_unlock(); err = -EPERM; goto out_put; -@@ -1402,6 +1427,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1477,6 +1502,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, goto out; } @@ -73833,10 +80117,10 @@ index 5e0fea1..839c240 100644 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); diff --git a/mm/migrate.c b/mm/migrate.c -index 77ed2d7..317d528 100644 +index 2fd8b4a..d70358f 100644 --- a/mm/migrate.c +++ b/mm/migrate.c -@@ -1350,8 +1350,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, +@@ -1401,8 +1401,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -73847,7 +80131,7 @@ index 77ed2d7..317d528 100644 err = -EPERM; goto out; diff --git a/mm/mlock.c b/mm/mlock.c -index ef726e8..cd7f1ec 100644 +index c9bd528..da8d069 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -13,6 +13,7 @@ @@ -73858,7 +80142,7 @@ index ef726e8..cd7f1ec 100644 #include <linux/sched.h> #include <linux/export.h> #include <linux/rmap.h> -@@ -376,7 +377,7 @@ static int do_mlock(unsigned long start, size_t len, int on) +@@ -369,7 +370,7 @@ static int do_mlock(unsigned long start, size_t len, int on) { unsigned long nstart, end, tmp; struct vm_area_struct * vma, * prev; @@ -73867,7 +80151,7 @@ index ef726e8..cd7f1ec 100644 VM_BUG_ON(start & ~PAGE_MASK); VM_BUG_ON(len != PAGE_ALIGN(len)); -@@ -385,6 +386,9 @@ static int do_mlock(unsigned long start, size_t len, int on) +@@ -378,6 +379,9 @@ static int do_mlock(unsigned long start, size_t len, int on) return -EINVAL; if (end == start) return 0; @@ -73877,7 +80161,7 @@ index ef726e8..cd7f1ec 100644 vma = find_vma(current->mm, start); if (!vma || vma->vm_start > start) return -ENOMEM; -@@ -396,6 +400,11 @@ static int do_mlock(unsigned long start, size_t len, int on) +@@ -389,6 +393,11 @@ static int do_mlock(unsigned long start, size_t len, int on) for (nstart = start ; ; ) { vm_flags_t newflags; @@ -73889,7 +80173,7 @@ index ef726e8..cd7f1ec 100644 /* Here we know that vma->vm_start <= nstart < vma->vm_end. */ newflags = vma->vm_flags | VM_LOCKED; -@@ -501,6 +510,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len) +@@ -494,6 +503,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len) lock_limit >>= PAGE_SHIFT; /* check against resource limits */ @@ -73897,21 +80181,7 @@ index ef726e8..cd7f1ec 100644 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK)) error = do_mlock(start, len, 1); up_write(¤t->mm->mmap_sem); -@@ -524,17 +534,23 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len) - static int do_mlockall(int flags) - { - struct vm_area_struct * vma, * prev = NULL; -- unsigned int def_flags = 0; - - if (flags & MCL_FUTURE) -- def_flags = VM_LOCKED; -- current->mm->def_flags = def_flags; -+ current->mm->def_flags |= VM_LOCKED; -+ else -+ current->mm->def_flags &= ~VM_LOCKED; - if (flags == MCL_FUTURE) - goto out; - +@@ -528,6 +538,12 @@ static int do_mlockall(int flags) for (vma = current->mm->mmap; vma ; vma = prev->vm_next) { vm_flags_t newflags; @@ -73924,7 +80194,7 @@ index ef726e8..cd7f1ec 100644 newflags = vma->vm_flags | VM_LOCKED; if (!(flags & MCL_CURRENT)) newflags &= ~VM_LOCKED; -@@ -567,6 +583,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) +@@ -560,6 +576,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) lock_limit >>= PAGE_SHIFT; ret = -ENOMEM; @@ -73933,10 +80203,18 @@ index ef726e8..cd7f1ec 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index ae18a48..86cf99e 100644 +index 8832b87..20500c1 100644 --- a/mm/mmap.c +++ b/mm/mmap.c -@@ -47,6 +47,16 @@ +@@ -32,6 +32,7 @@ + #include <linux/khugepaged.h> + #include <linux/uprobes.h> + #include <linux/rbtree_augmented.h> ++#include <linux/random.h> + + #include <asm/uaccess.h> + #include <asm/cacheflush.h> +@@ -48,6 +49,16 @@ #define arch_rebalance_pgtables(addr, len) (addr) #endif @@ -73953,7 +80231,7 @@ index ae18a48..86cf99e 100644 static void unmap_region(struct mm_struct *mm, struct vm_area_struct *vma, struct vm_area_struct *prev, unsigned long start, unsigned long end); -@@ -72,22 +82,32 @@ static void unmap_region(struct mm_struct *mm, +@@ -67,22 +78,32 @@ static void unmap_region(struct mm_struct *mm, * x: (no) no x: (no) yes x: (no) yes x: (yes) yes * */ @@ -73989,15 +80267,15 @@ index ae18a48..86cf99e 100644 /* * Make sure vm_committed_as in one cacheline and not cacheline shared with * other variables. It can be updated by several CPUs frequently. -@@ -229,6 +249,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) +@@ -238,6 +259,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) struct vm_area_struct *next = vma->vm_next; might_sleep(); + BUG_ON(vma->vm_mirror); if (vma->vm_ops && vma->vm_ops->close) vma->vm_ops->close(vma); - if (vma->vm_file) { -@@ -275,6 +296,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) + if (vma->vm_file) +@@ -281,6 +303,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) * not page aligned -Ram Gupta */ rlim = rlimit(RLIMIT_DATA); @@ -74005,7 +80283,7 @@ index ae18a48..86cf99e 100644 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) + (mm->end_data - mm->start_data) > rlim) goto out; -@@ -708,6 +730,12 @@ static int +@@ -888,6 +911,12 @@ static int can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -74018,7 +80296,7 @@ index ae18a48..86cf99e 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { if (vma->vm_pgoff == vm_pgoff) -@@ -727,6 +755,12 @@ static int +@@ -907,6 +936,12 @@ static int can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -74031,7 +80309,7 @@ index ae18a48..86cf99e 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { pgoff_t vm_pglen; -@@ -769,13 +803,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, +@@ -949,13 +984,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct vm_area_struct *vma_merge(struct mm_struct *mm, struct vm_area_struct *prev, unsigned long addr, unsigned long end, unsigned long vm_flags, @@ -74053,7 +80331,7 @@ index ae18a48..86cf99e 100644 /* * We later require that vma->vm_flags == vm_flags, * so this tests vma->vm_flags & VM_SPECIAL, too. -@@ -791,6 +832,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -971,6 +1013,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, if (next && next->vm_end == end) /* cases 6, 7, 8 */ next = next->vm_next; @@ -74069,7 +80347,7 @@ index ae18a48..86cf99e 100644 /* * Can it merge with the predecessor? */ -@@ -810,9 +860,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -990,9 +1041,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, /* cases 1, 6 */ err = vma_adjust(prev, prev->vm_start, next->vm_end, prev->vm_pgoff, NULL); @@ -74095,7 +80373,7 @@ index ae18a48..86cf99e 100644 if (err) return NULL; khugepaged_enter_vma_merge(prev); -@@ -826,12 +891,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1006,12 +1072,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, mpol_equal(policy, vma_policy(next)) && can_vma_merge_before(next, vm_flags, anon_vma, file, pgoff+pglen)) { @@ -74125,7 +80403,7 @@ index ae18a48..86cf99e 100644 if (err) return NULL; khugepaged_enter_vma_merge(area); -@@ -940,16 +1020,13 @@ none: +@@ -1120,16 +1201,13 @@ none: void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -74141,9 +80419,9 @@ index ae18a48..86cf99e 100644 - } else if (flags & stack_flags) + } else if (flags & (VM_GROWSUP|VM_GROWSDOWN)) mm->stack_vm += pages; - if (flags & (VM_RESERVED|VM_IO)) - mm->reserved_vm += pages; -@@ -987,7 +1064,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, + } + #endif /* CONFIG_PROC_FS */ +@@ -1165,7 +1243,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, * (the exception is when the underlying filesystem is noexec * mounted, in which case we dont add PROT_EXEC.) */ @@ -74152,7 +80430,7 @@ index ae18a48..86cf99e 100644 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC))) prot |= PROT_EXEC; -@@ -1013,7 +1090,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1191,7 +1269,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, /* Obtain the address to map to. we verify (or select) it and ensure * that it represents a valid section of the address space. */ @@ -74161,7 +80439,7 @@ index ae18a48..86cf99e 100644 if (addr & ~PAGE_MASK) return addr; -@@ -1024,6 +1101,36 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1202,6 +1280,36 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; @@ -74198,7 +80476,7 @@ index ae18a48..86cf99e 100644 if (flags & MAP_LOCKED) if (!can_do_mlock()) return -EPERM; -@@ -1035,6 +1142,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1213,6 +1321,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; @@ -74206,7 +80484,7 @@ index ae18a48..86cf99e 100644 if (locked > lock_limit && !capable(CAP_IPC_LOCK)) return -EAGAIN; } -@@ -1101,6 +1209,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1279,6 +1388,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, } } @@ -74216,7 +80494,7 @@ index ae18a48..86cf99e 100644 return mmap_region(file, addr, len, flags, vm_flags, pgoff); } -@@ -1177,7 +1288,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) +@@ -1356,7 +1468,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) vm_flags_t vm_flags = vma->vm_flags; /* If it was private or non-writable, the write bit is already clear */ @@ -74225,7 +80503,7 @@ index ae18a48..86cf99e 100644 return 0; /* The backer wishes to know when pages are first written to? */ -@@ -1226,14 +1337,24 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1405,13 +1517,22 @@ unsigned long mmap_region(struct file *file, unsigned long addr, unsigned long charged = 0; struct inode *inode = file ? file->f_path.dentry->d_inode : NULL; @@ -74242,17 +80520,15 @@ index ae18a48..86cf99e 100644 /* Clear old maps */ error = -ENOMEM; -munmap_back: - vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent); - if (vma && vma->vm_start < addr + len) { + if (find_vma_links(mm, addr, addr + len, &prev, &rb_link, &rb_parent)) { if (do_munmap(mm, addr, len)) return -ENOMEM; - goto munmap_back; -+ vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent); -+ BUG_ON(vma && vma->vm_start < addr + len); ++ BUG_ON(find_vma_links(mm, addr, addr + len, &prev, &rb_link, &rb_parent)); } /* Check against address space limit. */ -@@ -1282,6 +1403,16 @@ munmap_back: +@@ -1460,6 +1581,16 @@ munmap_back: goto unacct_error; } @@ -74269,16 +80545,10 @@ index ae18a48..86cf99e 100644 vma->vm_mm = mm; vma->vm_start = addr; vma->vm_end = addr + len; -@@ -1306,6 +1437,19 @@ munmap_back: - error = file->f_op->mmap(file, vma); +@@ -1484,6 +1615,13 @@ munmap_back: if (error) goto unmap_and_free_vma; -+ -+#ifdef CONFIG_PAX_SEGMEXEC -+ if (vma_m && (vm_flags & VM_EXECUTABLE)) -+ added_exe_file_vma(mm); -+#endif -+ + +#if defined(CONFIG_PAX_PAGEEXEC) && defined(CONFIG_X86_32) + if ((mm->pax_flags & MF_PAX_PAGEEXEC) && !(vma->vm_flags & VM_SPECIAL)) { + vma->vm_flags |= VM_PAGEEXEC; @@ -74286,10 +80556,10 @@ index ae18a48..86cf99e 100644 + } +#endif + - if (vm_flags & VM_EXECUTABLE) - added_exe_file_vma(mm); - -@@ -1343,6 +1487,11 @@ munmap_back: + /* Can addr have changed?? + * + * Answer: Yes, several device drivers can do it in their +@@ -1522,6 +1660,11 @@ munmap_back: vma_link(mm, vma, prev, rb_link, rb_parent); file = vma->vm_file; @@ -74301,7 +80571,7 @@ index ae18a48..86cf99e 100644 /* Once vma denies write, undo our temporary denial count */ if (correct_wcount) atomic_inc(&inode->i_writecount); -@@ -1350,6 +1499,7 @@ out: +@@ -1529,6 +1672,7 @@ out: perf_event_mmap(vma); vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); @@ -74309,7 +80579,7 @@ index ae18a48..86cf99e 100644 if (vm_flags & VM_LOCKED) { if (!mlock_vma_pages_range(vma, addr, addr + len)) mm->locked_vm += (len >> PAGE_SHIFT); -@@ -1371,6 +1521,12 @@ unmap_and_free_vma: +@@ -1550,6 +1694,12 @@ unmap_and_free_vma: unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); charged = 0; free_vma: @@ -74322,11 +80592,21 @@ index ae18a48..86cf99e 100644 kmem_cache_free(vm_area_cachep, vma); unacct_error: if (charged) -@@ -1378,6 +1534,44 @@ unacct_error: +@@ -1557,6 +1707,62 @@ unacct_error: return error; } -+bool check_heap_stack_gap(const struct vm_area_struct *vma, unsigned long addr, unsigned long len) ++#ifdef CONFIG_GRKERNSEC_RAND_THREADSTACK ++unsigned long gr_rand_threadstack_offset(const struct mm_struct *mm, const struct file *filp, unsigned long flags) ++{ ++ if ((mm->pax_flags & MF_PAX_RANDMMAP) && !filp && (flags & MAP_STACK)) ++ return (random32() & 0xFF) << PAGE_SHIFT; ++ ++ return 0; ++} ++#endif ++ ++bool check_heap_stack_gap(const struct vm_area_struct *vma, unsigned long addr, unsigned long len, unsigned long offset) +{ + if (!vma) { +#ifdef CONFIG_STACK_GROWSUP @@ -74349,25 +80629,41 @@ index ae18a48..86cf99e 100644 + else if (vma->vm_prev && (vma->vm_prev->vm_flags & VM_GROWSUP)) + return addr - vma->vm_prev->vm_end <= sysctl_heap_stack_gap; +#endif ++ else if (offset) ++ return offset <= vma->vm_start - addr - len; + + return true; +} + -+unsigned long skip_heap_stack_gap(const struct vm_area_struct *vma, unsigned long len) ++unsigned long skip_heap_stack_gap(const struct vm_area_struct *vma, unsigned long len, unsigned long offset) +{ + if (vma->vm_start < len) + return -ENOMEM; -+ if (!(vma->vm_flags & VM_GROWSDOWN)) -+ return vma->vm_start - len; ++ ++ if (!(vma->vm_flags & VM_GROWSDOWN)) { ++ if (offset <= vma->vm_start - len) ++ return vma->vm_start - len - offset; ++ else ++ return -ENOMEM; ++ } ++ + if (sysctl_heap_stack_gap <= vma->vm_start - len) + return vma->vm_start - len - sysctl_heap_stack_gap; + return -ENOMEM; +} + - /* Get an address range which is currently unmapped. - * For shmat() with addr=0. - * -@@ -1404,18 +1598,23 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, + unsigned long unmapped_area(struct vm_unmapped_area_info *info) + { + /* +@@ -1776,6 +1982,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, + struct mm_struct *mm = current->mm; + struct vm_area_struct *vma; + struct vm_unmapped_area_info info; ++ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + + if (len > TASK_SIZE) + return -ENOMEM; +@@ -1783,17 +1990,26 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (flags & MAP_FIXED) return addr; @@ -74377,62 +80673,26 @@ index ae18a48..86cf99e 100644 + if (addr) { addr = PAGE_ALIGN(addr); -- vma = find_vma(mm, addr); + vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vma->vm_start)) -- return addr; -+ if (TASK_SIZE - len >= addr) { -+ vma = find_vma(mm, addr); -+ if (check_heap_stack_gap(vma, addr, len)) -+ return addr; -+ } - } - if (len > mm->cached_hole_size) { -- start_addr = addr = mm->free_area_cache; -+ start_addr = addr = mm->free_area_cache; - } else { -- start_addr = addr = TASK_UNMAPPED_BASE; -- mm->cached_hole_size = 0; -+ start_addr = addr = mm->mmap_base; -+ mm->cached_hole_size = 0; ++ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) + return addr; } - full_search: -@@ -1426,34 +1625,40 @@ full_search: - * Start a new search - just in case we missed - * some holes. - */ -- if (start_addr != TASK_UNMAPPED_BASE) { -- addr = TASK_UNMAPPED_BASE; -- start_addr = addr; -+ if (start_addr != mm->mmap_base) { -+ start_addr = addr = mm->mmap_base; - mm->cached_hole_size = 0; - goto full_search; - } - return -ENOMEM; - } -- if (!vma || addr + len <= vma->vm_start) { -- /* -- * Remember the place where we stopped the search: -- */ -- mm->free_area_cache = addr + len; -- return addr; -- } -+ if (check_heap_stack_gap(vma, addr, len)) -+ break; - if (addr + mm->cached_hole_size < vma->vm_start) - mm->cached_hole_size = vma->vm_start - addr; - addr = vma->vm_end; - } + info.flags = 0; + info.length = len; + info.low_limit = TASK_UNMAPPED_BASE; + -+ /* -+ * Remember the place where we stopped the search: -+ */ -+ mm->free_area_cache = addr + len; -+ return addr; - } - #endif ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = TASK_SIZE; + info.align_mask = 0; + return vm_unmapped_area(&info); +@@ -1802,10 +2018,16 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, void arch_unmap_area(struct mm_struct *mm, unsigned long addr) { @@ -74450,16 +80710,15 @@ index ae18a48..86cf99e 100644 mm->free_area_cache = addr; } -@@ -1469,7 +1674,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - { - struct vm_area_struct *vma; +@@ -1823,6 +2045,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, struct mm_struct *mm = current->mm; -- unsigned long addr = addr0, start_addr; -+ unsigned long base = mm->mmap_base, addr = addr0, start_addr; + unsigned long addr = addr0; + struct vm_unmapped_area_info info; ++ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); /* requested length too big for entire address space */ if (len > TASK_SIZE) -@@ -1478,13 +1683,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1831,12 +2054,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (flags & MAP_FIXED) return addr; @@ -74470,63 +80729,27 @@ index ae18a48..86cf99e 100644 /* requesting a specific address */ if (addr) { addr = PAGE_ALIGN(addr); -- vma = find_vma(mm, addr); + vma = find_vma(mm, addr); - if (TASK_SIZE - len >= addr && - (!vma || addr + len <= vma->vm_start)) -- return addr; -+ if (TASK_SIZE - len >= addr) { -+ vma = find_vma(mm, addr); -+ if (check_heap_stack_gap(vma, addr, len)) -+ return addr; -+ } ++ if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) + return addr; } - /* check if free_area_cache is useful for us */ -@@ -1508,7 +1718,7 @@ try_again: - * return with success: - */ - vma = find_vma(mm, addr); -- if (!vma || addr+len <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr, len)) - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr); - -@@ -1517,8 +1727,8 @@ try_again: - mm->cached_hole_size = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = vma->vm_start-len; -- } while (len < vma->vm_start); -+ addr = skip_heap_stack_gap(vma, len); -+ } while (!IS_ERR_VALUE(addr)); - - fail: - /* -@@ -1541,13 +1751,21 @@ fail: - * can happen with large stack limits and large mmap() - * allocations. - */ -+ mm->mmap_base = TASK_UNMAPPED_BASE; +@@ -1857,6 +2083,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = TASK_UNMAPPED_BASE; + +#ifdef CONFIG_PAX_RANDMMAP -+ if (mm->pax_flags & MF_PAX_RANDMMAP) -+ mm->mmap_base += mm->delta_mmap; ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; +#endif + -+ mm->free_area_cache = mm->mmap_base; - mm->cached_hole_size = ~0UL; -- mm->free_area_cache = TASK_UNMAPPED_BASE; - addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags); - /* - * Restore the topdown base: - */ -- mm->free_area_cache = mm->mmap_base; -+ mm->mmap_base = base; -+ mm->free_area_cache = base; - mm->cached_hole_size = ~0UL; - - return addr; -@@ -1556,6 +1774,12 @@ fail: + info.high_limit = TASK_SIZE; + addr = vm_unmapped_area(&info); + } +@@ -1867,6 +2099,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) { @@ -74539,7 +80762,7 @@ index ae18a48..86cf99e 100644 /* * Is this a new hole at the highest possible address? */ -@@ -1563,8 +1787,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) +@@ -1874,8 +2112,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) mm->free_area_cache = addr; /* dont allow allocations above current base */ @@ -74551,7 +80774,7 @@ index ae18a48..86cf99e 100644 } unsigned long -@@ -1663,6 +1889,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, +@@ -1974,6 +2214,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, return vma; } @@ -74572,7 +80795,7 @@ index ae18a48..86cf99e 100644 + BUG_ON(vma->vm_end - vma->vm_start != vma_m->vm_end - vma_m->vm_start); + BUG_ON(vma->vm_pgoff != vma_m->vm_pgoff); + BUG_ON(vma->anon_vma != vma_m->anon_vma && vma->anon_vma->root != vma_m->anon_vma->root); -+ BUG_ON((vma->vm_flags ^ vma_m->vm_flags) & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED | VM_RESERVED)); ++ BUG_ON((vma->vm_flags ^ vma_m->vm_flags) & ~(VM_WRITE | VM_MAYWRITE | VM_ACCOUNT | VM_LOCKED)); + return vma_m; +} +#endif @@ -74580,7 +80803,7 @@ index ae18a48..86cf99e 100644 /* * Verify that the stack growth is acceptable and * update accounting. This is shared with both the -@@ -1679,6 +1927,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -1990,6 +2252,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns return -ENOMEM; /* Stack limit test */ @@ -74588,7 +80811,7 @@ index ae18a48..86cf99e 100644 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) return -ENOMEM; -@@ -1689,6 +1938,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2000,6 +2263,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns locked = mm->locked_vm + grow; limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); limit >>= PAGE_SHIFT; @@ -74596,7 +80819,7 @@ index ae18a48..86cf99e 100644 if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -1718,37 +1968,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2029,37 +2293,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -74654,7 +80877,7 @@ index ae18a48..86cf99e 100644 unsigned long size, grow; size = address - vma->vm_start; -@@ -1763,6 +2024,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) +@@ -2094,6 +2369,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) } } } @@ -74662,8 +80885,8 @@ index ae18a48..86cf99e 100644 + vma_unlock_anon_vma(vma->vm_next); vma_unlock_anon_vma(vma); khugepaged_enter_vma_merge(vma); - return error; -@@ -1776,6 +2039,8 @@ int expand_downwards(struct vm_area_struct *vma, + validate_mm(vma->vm_mm); +@@ -2108,6 +2385,8 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address) { int error; @@ -74672,7 +80895,7 @@ index ae18a48..86cf99e 100644 /* * We must make sure the anon_vma is allocated -@@ -1789,6 +2054,15 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2121,6 +2400,15 @@ int expand_downwards(struct vm_area_struct *vma, if (error) return error; @@ -74688,7 +80911,7 @@ index ae18a48..86cf99e 100644 vma_lock_anon_vma(vma); /* -@@ -1798,9 +2072,17 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2130,9 +2418,17 @@ int expand_downwards(struct vm_area_struct *vma, */ /* Somebody else might have raced and expanded it already */ @@ -74707,30 +80930,26 @@ index ae18a48..86cf99e 100644 size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -1810,11 +2092,22 @@ int expand_downwards(struct vm_area_struct *vma, - if (!error) { - vma->vm_start = address; +@@ -2157,6 +2453,18 @@ int expand_downwards(struct vm_area_struct *vma, vma->vm_pgoff -= grow; + anon_vma_interval_tree_post_update_vma(vma); + vma_gap_update(vma); + track_exec_limit(vma->vm_mm, vma->vm_start, vma->vm_end, vma->vm_flags); + +#ifdef CONFIG_PAX_SEGMEXEC + if (vma_m) { ++ anon_vma_interval_tree_pre_update_vma(vma_m); + vma_m->vm_start -= grow << PAGE_SHIFT; + vma_m->vm_pgoff -= grow; ++ anon_vma_interval_tree_post_update_vma(vma_m); ++ vma_gap_update(vma_m); + } +#endif + + spin_unlock(&vma->vm_mm->page_table_lock); + perf_event_mmap(vma); - } - } - } - vma_unlock_anon_vma(vma); -+ if (lockprev) -+ vma_unlock_anon_vma(prev); - khugepaged_enter_vma_merge(vma); - return error; - } -@@ -1886,6 +2179,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2263,6 +2571,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) do { long nrpages = vma_pages(vma); @@ -74744,7 +80963,7 @@ index ae18a48..86cf99e 100644 if (vma->vm_flags & VM_ACCOUNT) nr_accounted += nrpages; vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); -@@ -1931,6 +2231,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2308,6 +2623,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -74758,10 +80977,10 @@ index ae18a48..86cf99e 100644 + } +#endif + - rb_erase(&vma->vm_rb, &mm->mm_rb); + vma_rb_erase(vma, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -1959,14 +2269,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2339,14 +2664,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct *new; int err = -ENOMEM; @@ -74795,7 +81014,7 @@ index ae18a48..86cf99e 100644 /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -1979,6 +2308,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2359,6 +2703,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -74818,7 +81037,7 @@ index ae18a48..86cf99e 100644 pol = mpol_dup(vma_policy(vma)); if (IS_ERR(pol)) { err = PTR_ERR(pol); -@@ -2004,6 +2349,42 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2381,6 +2741,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, else err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -74830,11 +81049,8 @@ index ae18a48..86cf99e 100644 + mpol_get(pol); + vma_set_policy(new_m, pol); + -+ if (new_m->vm_file) { ++ if (new_m->vm_file) + get_file(new_m->vm_file); -+ if (vma_m->vm_flags & VM_EXECUTABLE) -+ added_exe_file_vma(mm); -+ } + + if (new_m->vm_ops && new_m->vm_ops->open) + new_m->vm_ops->open(new_m); @@ -74848,11 +81064,8 @@ index ae18a48..86cf99e 100644 + if (err) { + if (new_m->vm_ops && new_m->vm_ops->close) + new_m->vm_ops->close(new_m); -+ if (new_m->vm_file) { -+ if (vma_m->vm_flags & VM_EXECUTABLE) -+ removed_exe_file_vma(mm); ++ if (new_m->vm_file) + fput(new_m->vm_file); -+ } + mpol_put(pol); + } + } @@ -74861,10 +81074,10 @@ index ae18a48..86cf99e 100644 /* Success. */ if (!err) return 0; -@@ -2016,10 +2397,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, - removed_exe_file_vma(mm); +@@ -2390,10 +2780,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, + new->vm_ops->close(new); + if (new->vm_file) fput(new->vm_file); - } - unlink_anon_vmas(new); out_free_mpol: mpol_put(pol); @@ -74881,7 +81094,7 @@ index ae18a48..86cf99e 100644 kmem_cache_free(vm_area_cachep, new); out_err: return err; -@@ -2032,6 +2421,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2406,6 +2804,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, int new_below) { @@ -74897,7 +81110,7 @@ index ae18a48..86cf99e 100644 if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -2043,11 +2441,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2417,11 +2824,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, * work. This now handles partial unmappings. * Jeremy Fitzhardinge <jeremy@goop.org> */ @@ -74928,7 +81141,7 @@ index ae18a48..86cf99e 100644 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -2122,6 +2539,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +@@ -2496,6 +2922,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -74937,7 +81150,7 @@ index ae18a48..86cf99e 100644 return 0; } -@@ -2130,6 +2549,13 @@ int vm_munmap(unsigned long start, size_t len) +@@ -2504,6 +2932,13 @@ int vm_munmap(unsigned long start, size_t len) int ret; struct mm_struct *mm = current->mm; @@ -74951,7 +81164,7 @@ index ae18a48..86cf99e 100644 down_write(&mm->mmap_sem); ret = do_munmap(mm, start, len); up_write(&mm->mmap_sem); -@@ -2143,16 +2569,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) +@@ -2517,16 +2952,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) return vm_munmap(addr, len); } @@ -74968,7 +81181,7 @@ index ae18a48..86cf99e 100644 /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -2166,6 +2582,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2540,6 +2965,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -74976,7 +81189,7 @@ index ae18a48..86cf99e 100644 len = PAGE_ALIGN(len); if (!len) -@@ -2173,16 +2590,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2547,16 +2973,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -75008,20 +81221,17 @@ index ae18a48..86cf99e 100644 locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; -@@ -2199,22 +2630,22 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2573,21 +3013,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) /* * Clear old maps. this also does some error checking for us */ - munmap_back: - vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent); - if (vma && vma->vm_start < addr + len) { + if (find_vma_links(mm, addr, addr + len, &prev, &rb_link, &rb_parent)) { if (do_munmap(mm, addr, len)) return -ENOMEM; - goto munmap_back; -- } -+ vma = find_vma_prepare(mm, addr, &prev, &rb_link, &rb_parent); -+ BUG_ON(vma && vma->vm_start < addr + len); -+ } ++ BUG_ON(find_vma_links(mm, addr, addr + len, &prev, &rb_link, &rb_parent)); + } /* Check against address space limits *after* clearing old maps... */ - if (!may_expand_vm(mm, len >> PAGE_SHIFT)) @@ -75036,7 +81246,7 @@ index ae18a48..86cf99e 100644 return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2228,7 +2659,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2601,7 +3040,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -75045,7 +81255,7 @@ index ae18a48..86cf99e 100644 return -ENOMEM; } -@@ -2242,11 +2673,12 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2615,11 +3054,12 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) vma_link(mm, vma, prev, rb_link, rb_parent); out: perf_event_mmap(vma); @@ -75060,7 +81270,7 @@ index ae18a48..86cf99e 100644 return addr; } -@@ -2304,6 +2736,7 @@ void exit_mmap(struct mm_struct *mm) +@@ -2677,6 +3117,7 @@ void exit_mmap(struct mm_struct *mm) while (vma) { if (vma->vm_flags & VM_ACCOUNT) nr_accounted += vma_pages(vma); @@ -75068,9 +81278,9 @@ index ae18a48..86cf99e 100644 vma = remove_vma(vma); } vm_unacct_memory(nr_accounted); -@@ -2320,6 +2753,13 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) - struct vm_area_struct * __vma, * prev; - struct rb_node ** rb_link, * rb_parent; +@@ -2693,6 +3134,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) + struct vm_area_struct *prev; + struct rb_node **rb_link, *rb_parent; +#ifdef CONFIG_PAX_SEGMEXEC + struct vm_area_struct *vma_m = NULL; @@ -75082,7 +81292,7 @@ index ae18a48..86cf99e 100644 /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2343,7 +2783,21 @@ int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) +@@ -2716,7 +3164,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -75104,7 +81314,7 @@ index ae18a48..86cf99e 100644 return 0; } -@@ -2362,6 +2816,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2736,6 +3198,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, struct mempolicy *pol; bool faulted_in_anon_vma = true; @@ -75113,7 +81323,7 @@ index ae18a48..86cf99e 100644 /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2430,6 +2886,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2802,6 +3266,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, return NULL; } @@ -75142,7 +81352,7 @@ index ae18a48..86cf99e 100644 + get_file(vma_m->vm_file); + if (vma_m->vm_ops && vma_m->vm_ops->open) + vma_m->vm_ops->open(vma_m); -+ find_vma_prepare(vma->vm_mm, vma_m->vm_start, &prev_m, &rb_link_m, &rb_parent_m); ++ BUG_ON(find_vma_links(vma->vm_mm, vma_m->vm_start, vma_m->vm_end, &prev_m, &rb_link_m, &rb_parent_m)); + vma_link(vma->vm_mm, vma_m, prev_m, rb_link_m, rb_parent_m); + vma_m->vm_mirror = vma; + vma->vm_mirror = vma_m; @@ -75153,20 +81363,20 @@ index ae18a48..86cf99e 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2441,6 +2930,12 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -2813,6 +3310,12 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; +#ifdef CONFIG_PAX_RANDMMAP + if (mm->pax_flags & MF_PAX_RANDMMAP) -+ cur -= mm->brk_gap; ++ cur -= mm->aslr_gap; +#endif + + gr_learn_resource(current, RLIMIT_AS, (cur + npages) << PAGE_SHIFT, 1); if (cur + npages > lim) return 0; return 1; -@@ -2511,6 +3006,22 @@ int install_special_mapping(struct mm_struct *mm, +@@ -2883,6 +3386,22 @@ int install_special_mapping(struct mm_struct *mm, vma->vm_start = addr; vma->vm_end = addr + len; @@ -75190,7 +81400,7 @@ index ae18a48..86cf99e 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); diff --git a/mm/mprotect.c b/mm/mprotect.c -index a409926..8b32e6d 100644 +index 94722a4..9837984 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -23,10 +23,17 @@ @@ -75211,8 +81421,8 @@ index a409926..8b32e6d 100644 #ifndef pgprot_modify static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot) -@@ -141,6 +148,48 @@ static void change_protection(struct vm_area_struct *vma, - flush_tlb_range(vma, start, end); +@@ -233,6 +240,48 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start, + return pages; } +#ifdef CONFIG_ARCH_TRACK_EXEC_LIMIT @@ -75252,7 +81462,7 @@ index a409926..8b32e6d 100644 + if (is_vm_hugetlb_page(vma)) + hugetlb_change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot); + else -+ change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot, vma_wants_writenotify(vma)); ++ change_protection(vma, vma->vm_start, vma->vm_end, vma->vm_page_prot, vma_wants_writenotify(vma), 0); + } +} +#endif @@ -75260,7 +81470,7 @@ index a409926..8b32e6d 100644 int mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, unsigned long start, unsigned long end, unsigned long newflags) -@@ -153,11 +202,29 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, +@@ -245,11 +294,29 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, int error; int dirty_accountable = 0; @@ -75290,7 +81500,7 @@ index a409926..8b32e6d 100644 /* * If we make a private mapping writable we increase our commit; * but (without finer accounting) cannot reduce our commit if we -@@ -174,6 +241,42 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, +@@ -266,6 +333,42 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, } } @@ -75333,7 +81543,7 @@ index a409926..8b32e6d 100644 /* * First try to merge with previous and/or next vma. */ -@@ -204,9 +307,21 @@ success: +@@ -296,9 +399,21 @@ success: * vm_flags and vm_page_prot are protected by the mmap_sem * held in write mode. */ @@ -75356,7 +81566,7 @@ index a409926..8b32e6d 100644 if (vma_wants_writenotify(vma)) { vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED); -@@ -248,6 +363,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -337,6 +452,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, end = start + len; if (end <= start) return -ENOMEM; @@ -75374,7 +81584,7 @@ index a409926..8b32e6d 100644 if (!arch_validate_prot(prot)) return -EINVAL; -@@ -255,7 +381,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -344,7 +470,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, /* * Does the application expect PROT_READ to imply PROT_EXEC: */ @@ -75383,7 +81593,7 @@ index a409926..8b32e6d 100644 prot |= PROT_EXEC; vm_flags = calc_vm_prot_bits(prot); -@@ -288,6 +414,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -376,6 +502,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, if (start > vma->vm_start) prev = vma; @@ -75395,7 +81605,7 @@ index a409926..8b32e6d 100644 for (nstart = start ; ; ) { unsigned long newflags; -@@ -297,6 +428,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -386,6 +517,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, /* newflags >> 4 shift VM_MAY% in place of VM_% */ if ((newflags & ~(newflags >> 4)) & (VM_READ | VM_WRITE | VM_EXEC)) { @@ -75410,7 +81620,7 @@ index a409926..8b32e6d 100644 error = -EACCES; goto out; } -@@ -311,6 +450,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -400,6 +539,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, error = mprotect_fixup(vma, &prev, nstart, tmp, newflags); if (error) goto out; @@ -75421,10 +81631,10 @@ index a409926..8b32e6d 100644 if (nstart < prev->vm_end) diff --git a/mm/mremap.c b/mm/mremap.c -index cc06d0e..40b5d18 100644 +index e1031e1..1f2a0a1 100644 --- a/mm/mremap.c +++ b/mm/mremap.c -@@ -106,6 +106,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, +@@ -125,6 +125,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, continue; pte = ptep_get_and_clear(mm, old_addr, old_pte); pte = move_pte(pte, new_vma->vm_page_prot, old_addr, new_addr); @@ -75437,7 +81647,7 @@ index cc06d0e..40b5d18 100644 set_pte_at(mm, new_addr, new_pte, pte); } -@@ -298,6 +304,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, +@@ -319,6 +325,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, if (is_vm_hugetlb_page(vma)) goto Einval; @@ -75449,7 +81659,7 @@ index cc06d0e..40b5d18 100644 /* We can't remap across vm area boundaries */ if (old_len > vma->vm_end - addr) goto Efault; -@@ -354,20 +365,25 @@ static unsigned long mremap_to(unsigned long addr, +@@ -375,20 +386,25 @@ static unsigned long mremap_to(unsigned long addr, unsigned long ret = -EINVAL; unsigned long charged = 0; unsigned long map_flags; @@ -75480,7 +81690,7 @@ index cc06d0e..40b5d18 100644 goto out; ret = do_munmap(mm, new_addr, new_len); -@@ -435,6 +451,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, +@@ -456,6 +472,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, struct vm_area_struct *vma; unsigned long ret = -EINVAL; unsigned long charged = 0; @@ -75488,7 +81698,7 @@ index cc06d0e..40b5d18 100644 down_write(¤t->mm->mmap_sem); -@@ -455,6 +472,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, +@@ -476,6 +493,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, if (!new_len) goto out; @@ -75506,7 +81716,7 @@ index cc06d0e..40b5d18 100644 if (flags & MREMAP_FIXED) { if (flags & MREMAP_MAYMOVE) ret = mremap_to(addr, old_len, new_addr, new_len); -@@ -503,6 +531,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, +@@ -524,6 +552,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, addr + new_len); } ret = addr; @@ -75514,7 +81724,7 @@ index cc06d0e..40b5d18 100644 goto out; } } -@@ -526,7 +555,12 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, +@@ -547,7 +576,12 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, goto out; } @@ -75528,7 +81738,7 @@ index cc06d0e..40b5d18 100644 out: if (ret & ~PAGE_MASK) diff --git a/mm/nommu.c b/mm/nommu.c -index d4b0c10..ed421b5 100644 +index 79c3cac..4d357e0 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -62,7 +62,6 @@ int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */ @@ -75539,7 +81749,7 @@ index d4b0c10..ed421b5 100644 atomic_long_t mmap_pages_allocated; -@@ -827,15 +826,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) +@@ -839,15 +838,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) EXPORT_SYMBOL(find_vma); /* @@ -75555,7 +81765,7 @@ index d4b0c10..ed421b5 100644 * expand a stack to a given address * - not supported under NOMMU conditions */ -@@ -1551,6 +1541,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -1555,6 +1545,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, /* most fields are the same, copy all, and then fixup */ *new = *vma; @@ -75563,11 +81773,32 @@ index d4b0c10..ed421b5 100644 *region = *vma->vm_region; new->vm_region = region; +diff --git a/mm/page-writeback.c b/mm/page-writeback.c +index 0713bfb..e3774e0 100644 +--- a/mm/page-writeback.c ++++ b/mm/page-writeback.c +@@ -1630,7 +1630,7 @@ ratelimit_handler(struct notifier_block *self, unsigned long action, + } + } + +-static struct notifier_block __cpuinitdata ratelimit_nb = { ++static struct notifier_block ratelimit_nb = { + .notifier_call = ratelimit_handler, + .next = NULL, + }; diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index fa27e78..0501543 100644 +index 6a83cd3..3ab04ef 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c -@@ -340,7 +340,7 @@ out: +@@ -58,6 +58,7 @@ + #include <linux/prefetch.h> + #include <linux/migrate.h> + #include <linux/page-debug-flags.h> ++#include <linux/random.h> + + #include <asm/tlbflush.h> + #include <asm/div64.h> +@@ -338,7 +339,7 @@ out: * This usage means that zero-order pages may not be compound. */ @@ -75576,7 +81807,7 @@ index fa27e78..0501543 100644 { __free_pages_ok(page, compound_order(page)); } -@@ -697,6 +697,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -693,6 +694,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) int i; int bad = 0; @@ -75587,7 +81818,7 @@ index fa27e78..0501543 100644 trace_mm_page_free(page, order); kmemcheck_free_shadow(page, order); -@@ -712,6 +716,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -708,6 +713,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) debug_check_no_obj_freed(page_address(page), PAGE_SIZE << order); } @@ -75600,7 +81831,47 @@ index fa27e78..0501543 100644 arch_free_page(page, order); kernel_map_pages(page, 1 << order, 0); -@@ -853,8 +863,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) +@@ -730,6 +741,19 @@ static void __free_pages_ok(struct page *page, unsigned int order) + local_irq_restore(flags); + } + ++#ifdef CONFIG_PAX_LATENT_ENTROPY ++bool __meminitdata extra_latent_entropy; ++ ++static int __init setup_pax_extra_latent_entropy(char *str) ++{ ++ extra_latent_entropy = true; ++ return 0; ++} ++early_param("pax_extra_latent_entropy", setup_pax_extra_latent_entropy); ++ ++volatile u64 latent_entropy; ++#endif ++ + /* + * Read access to zone->managed_pages is safe because it's unsigned long, + * but we still need to serialize writers. Currently all callers of +@@ -752,6 +776,19 @@ void __meminit __free_pages_bootmem(struct page *page, unsigned int order) + set_page_count(p, 0); + } + ++#ifdef CONFIG_PAX_LATENT_ENTROPY ++ if (extra_latent_entropy && !PageHighMem(page) && page_to_pfn(page) < 0x100000) { ++ u64 hash = 0; ++ size_t index, end = PAGE_SIZE * nr_pages / sizeof hash; ++ const u64 *data = lowmem_page_address(page); ++ ++ for (index = 0; index < end; index++) ++ hash ^= hash + data[index]; ++ latent_entropy ^= hash; ++ add_device_randomness((const void *)&latent_entropy, sizeof(latent_entropy)); ++ } ++#endif ++ + page_zone(page)->managed_pages += 1 << order; + set_page_refcounted(page); + __free_pages(page, order); +@@ -861,8 +898,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) arch_alloc_page(page, order); kernel_map_pages(page, 1 << order, 1); @@ -75611,7 +81882,7 @@ index fa27e78..0501543 100644 if (order && (gfp_flags & __GFP_COMP)) prep_compound_page(page, order); -@@ -3648,7 +3660,13 @@ static int pageblock_is_reserved(unsigned long start_pfn, unsigned long end_pfn) +@@ -3752,7 +3791,13 @@ static int pageblock_is_reserved(unsigned long start_pfn, unsigned long end_pfn) unsigned long pfn; for (pfn = start_pfn; pfn < end_pfn; pfn++) { @@ -75626,7 +81897,7 @@ index fa27e78..0501543 100644 } return 0; diff --git a/mm/percpu.c b/mm/percpu.c -index bb4be74..a43ea85 100644 +index 8c8e08f..73a5cda 100644 --- a/mm/percpu.c +++ b/mm/percpu.c @@ -122,7 +122,7 @@ static unsigned int pcpu_low_unit_cpu __read_mostly; @@ -75690,10 +81961,10 @@ index 926b466..b23df53 100644 if (!mm || IS_ERR(mm)) { rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; diff --git a/mm/rmap.c b/mm/rmap.c -index aa95e59..b681a63 100644 +index 2c78f8c..9e9c624 100644 --- a/mm/rmap.c +++ b/mm/rmap.c -@@ -168,6 +168,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) +@@ -163,6 +163,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) struct anon_vma *anon_vma = vma->anon_vma; struct anon_vma_chain *avc; @@ -75704,7 +81975,7 @@ index aa95e59..b681a63 100644 might_sleep(); if (unlikely(!anon_vma)) { struct mm_struct *mm = vma->vm_mm; -@@ -177,6 +181,12 @@ int anon_vma_prepare(struct vm_area_struct *vma) +@@ -172,6 +176,12 @@ int anon_vma_prepare(struct vm_area_struct *vma) if (!avc) goto out_enomem; @@ -75717,7 +81988,7 @@ index aa95e59..b681a63 100644 anon_vma = find_mergeable_anon_vma(vma); allocated = NULL; if (!anon_vma) { -@@ -190,6 +200,18 @@ int anon_vma_prepare(struct vm_area_struct *vma) +@@ -185,6 +195,18 @@ int anon_vma_prepare(struct vm_area_struct *vma) /* page_table_lock to protect against threads */ spin_lock(&mm->page_table_lock); if (likely(!vma->anon_vma)) { @@ -75736,7 +82007,7 @@ index aa95e59..b681a63 100644 vma->anon_vma = anon_vma; anon_vma_chain_link(vma, avc, anon_vma); allocated = NULL; -@@ -200,12 +222,24 @@ int anon_vma_prepare(struct vm_area_struct *vma) +@@ -195,12 +217,24 @@ int anon_vma_prepare(struct vm_area_struct *vma) if (unlikely(allocated)) put_anon_vma(allocated); @@ -75761,7 +82032,7 @@ index aa95e59..b681a63 100644 anon_vma_chain_free(avc); out_enomem: return -ENOMEM; -@@ -241,7 +275,7 @@ static inline void unlock_anon_vma_root(struct anon_vma *root) +@@ -236,7 +270,7 @@ static inline void unlock_anon_vma_root(struct anon_vma *root) * Attach the anon_vmas from src to dst. * Returns 0 on success, -ENOMEM on failure. */ @@ -75770,7 +82041,7 @@ index aa95e59..b681a63 100644 { struct anon_vma_chain *avc, *pavc; struct anon_vma *root = NULL; -@@ -319,7 +353,7 @@ void anon_vma_moveto_tail(struct vm_area_struct *dst) +@@ -269,7 +303,7 @@ int anon_vma_clone(struct vm_area_struct *dst, struct vm_area_struct *src) * the corresponding VMA in the parent process is attached to. * Returns 0 on success, non-zero on failure. */ @@ -75780,7 +82051,7 @@ index aa95e59..b681a63 100644 struct anon_vma_chain *avc; struct anon_vma *anon_vma; diff --git a/mm/shmem.c b/mm/shmem.c -index 1a497d1..a681961 100644 +index efd0b3a..994b702 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -31,7 +31,7 @@ @@ -75799,9 +82070,9 @@ index 1a497d1..a681961 100644 -#define SHORT_SYMLINK_LEN 128 +#define SHORT_SYMLINK_LEN 64 - struct shmem_xattr { - struct list_head list; /* anchored by shmem_inode_info->xattr_list */ -@@ -2225,6 +2225,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { + /* + * shmem_fallocate and shmem_writepage communicate via inode->i_private +@@ -2202,6 +2202,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { static int shmem_xattr_validate(const char *name) { struct { const char *prefix; size_t len; } arr[] = { @@ -75813,7 +82084,7 @@ index 1a497d1..a681961 100644 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } }; -@@ -2278,6 +2283,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, +@@ -2257,6 +2262,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, if (err) return err; @@ -75826,10 +82097,10 @@ index 1a497d1..a681961 100644 + } +#endif + - if (size == 0) - value = ""; /* empty EA, do not remove */ + return simple_xattr_set(&info->xattrs, name, value, size, flags); + } -@@ -2618,8 +2632,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) +@@ -2562,8 +2576,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) int err = -ENOMEM; /* Round up to L1_CACHE_BYTES to resist false sharing */ @@ -75840,28 +82111,10 @@ index 1a497d1..a681961 100644 return -ENOMEM; diff --git a/mm/slab.c b/mm/slab.c -index d066037..4f4ebf5 100644 +index e7667a3..b62c169 100644 --- a/mm/slab.c +++ b/mm/slab.c -@@ -164,7 +164,7 @@ static bool pfmemalloc_active __read_mostly; - - /* Legal flag mask for kmem_cache_create(). */ - #if DEBUG --# define CREATE_MASK (SLAB_RED_ZONE | \ -+# define CREATE_MASK (SLAB_USERCOPY | SLAB_RED_ZONE | \ - SLAB_POISON | SLAB_HWCACHE_ALIGN | \ - SLAB_CACHE_DMA | \ - SLAB_STORE_USER | \ -@@ -172,7 +172,7 @@ static bool pfmemalloc_active __read_mostly; - SLAB_DESTROY_BY_RCU | SLAB_MEM_SPREAD | \ - SLAB_DEBUG_OBJECTS | SLAB_NOLEAKTRACE | SLAB_NOTRACK) - #else --# define CREATE_MASK (SLAB_HWCACHE_ALIGN | \ -+# define CREATE_MASK (SLAB_USERCOPY | SLAB_HWCACHE_ALIGN | \ - SLAB_CACHE_DMA | \ - SLAB_RECLAIM_ACCOUNT | SLAB_PANIC | \ - SLAB_DESTROY_BY_RCU | SLAB_MEM_SPREAD | \ -@@ -322,7 +322,7 @@ struct kmem_list3 { +@@ -306,7 +306,7 @@ struct kmem_list3 { * Need this for bootstrapping a per node allocator. */ #define NUM_INIT_LISTS (3 * MAX_NUMNODES) @@ -75870,7 +82123,7 @@ index d066037..4f4ebf5 100644 #define CACHE_CACHE 0 #define SIZE_AC MAX_NUMNODES #define SIZE_L3 (2 * MAX_NUMNODES) -@@ -423,10 +423,10 @@ static void kmem_list3_init(struct kmem_list3 *parent) +@@ -407,10 +407,10 @@ static void kmem_list3_init(struct kmem_list3 *parent) if ((x)->max_freeable < i) \ (x)->max_freeable = i; \ } while (0) @@ -75885,7 +82138,7 @@ index d066037..4f4ebf5 100644 #else #define STATS_INC_ACTIVE(x) do { } while (0) #define STATS_DEC_ACTIVE(x) do { } while (0) -@@ -549,7 +549,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct slab *slab, +@@ -518,7 +518,7 @@ static inline void *index_to_obj(struct kmem_cache *cache, struct slab *slab, * reciprocal_divide(offset, cache->reciprocal_buffer_size) */ static inline unsigned int obj_to_index(const struct kmem_cache *cache, @@ -75894,7 +82147,7 @@ index d066037..4f4ebf5 100644 { u32 offset = (obj - slab->s_mem); return reciprocal_divide(offset, cache->reciprocal_buffer_size); -@@ -570,12 +570,13 @@ EXPORT_SYMBOL(malloc_sizes); +@@ -539,12 +539,13 @@ EXPORT_SYMBOL(malloc_sizes); struct cache_names { char *name; char *name_dma; @@ -75910,7 +82163,7 @@ index d066037..4f4ebf5 100644 #undef CACHE }; -@@ -736,6 +737,12 @@ static inline struct kmem_cache *__find_general_cachep(size_t size, +@@ -729,6 +730,12 @@ static inline struct kmem_cache *__find_general_cachep(size_t size, if (unlikely(gfpflags & GFP_DMA)) return csizep->cs_dmacachep; #endif @@ -75923,51 +82176,53 @@ index d066037..4f4ebf5 100644 return csizep->cs_cachep; } -@@ -1684,7 +1691,7 @@ void __init kmem_cache_init(void) - sizes[INDEX_AC].cs_cachep = __kmem_cache_create(names[INDEX_AC].name, - sizes[INDEX_AC].cs_size, - ARCH_KMALLOC_MINALIGN, -- ARCH_KMALLOC_FLAGS|SLAB_PANIC, -+ ARCH_KMALLOC_FLAGS|SLAB_PANIC|SLAB_USERCOPY, - NULL); - - if (INDEX_AC != INDEX_L3) { -@@ -1692,7 +1699,7 @@ void __init kmem_cache_init(void) - __kmem_cache_create(names[INDEX_L3].name, - sizes[INDEX_L3].cs_size, - ARCH_KMALLOC_MINALIGN, -- ARCH_KMALLOC_FLAGS|SLAB_PANIC, -+ ARCH_KMALLOC_FLAGS|SLAB_PANIC|SLAB_USERCOPY, - NULL); - } - -@@ -1710,7 +1717,7 @@ void __init kmem_cache_init(void) - sizes->cs_cachep = __kmem_cache_create(names->name, - sizes->cs_size, - ARCH_KMALLOC_MINALIGN, -- ARCH_KMALLOC_FLAGS|SLAB_PANIC, -+ ARCH_KMALLOC_FLAGS|SLAB_PANIC|SLAB_USERCOPY, - NULL); - } +@@ -1482,7 +1489,7 @@ static int __cpuinit cpuup_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block __cpuinitdata cpucache_notifier = { ++static struct notifier_block cpucache_notifier = { + &cpuup_callback, NULL, 0 + }; + +@@ -1667,12 +1674,12 @@ void __init kmem_cache_init(void) + */ + + sizes[INDEX_AC].cs_cachep = create_kmalloc_cache(names[INDEX_AC].name, +- sizes[INDEX_AC].cs_size, ARCH_KMALLOC_FLAGS); ++ sizes[INDEX_AC].cs_size, ARCH_KMALLOC_FLAGS|SLAB_USERCOPY); + + if (INDEX_AC != INDEX_L3) + sizes[INDEX_L3].cs_cachep = + create_kmalloc_cache(names[INDEX_L3].name, +- sizes[INDEX_L3].cs_size, ARCH_KMALLOC_FLAGS); ++ sizes[INDEX_L3].cs_size, ARCH_KMALLOC_FLAGS|SLAB_USERCOPY); + + slab_early_init = 0; + +@@ -1686,13 +1693,20 @@ void __init kmem_cache_init(void) + */ + if (!sizes->cs_cachep) + sizes->cs_cachep = create_kmalloc_cache(names->name, +- sizes->cs_size, ARCH_KMALLOC_FLAGS); ++ sizes->cs_size, ARCH_KMALLOC_FLAGS|SLAB_USERCOPY); + #ifdef CONFIG_ZONE_DMA -@@ -1722,6 +1729,16 @@ void __init kmem_cache_init(void) - SLAB_PANIC, - NULL); + sizes->cs_dmacachep = create_kmalloc_cache( + names->name_dma, sizes->cs_size, + SLAB_CACHE_DMA|ARCH_KMALLOC_FLAGS); #endif + +#ifdef CONFIG_PAX_USERCOPY_SLABS -+ sizes->cs_usercopycachep = kmem_cache_create( -+ names->name_usercopy, -+ sizes->cs_size, -+ ARCH_KMALLOC_MINALIGN, -+ ARCH_KMALLOC_FLAGS|SLAB_PANIC|SLAB_USERCOPY, -+ NULL); ++ sizes->cs_usercopycachep = create_kmalloc_cache( ++ names->name_usercopy, sizes->cs_size, ++ ARCH_KMALLOC_FLAGS|SLAB_USERCOPY); +#endif + sizes++; names++; } -@@ -4467,10 +4484,10 @@ static int s_show(struct seq_file *m, void *p) +@@ -4365,10 +4379,10 @@ void slabinfo_show_stats(struct seq_file *m, struct kmem_cache *cachep) } /* cpu stats */ { @@ -75982,9 +82237,9 @@ index d066037..4f4ebf5 100644 seq_printf(m, " : cpustat %6lu %6lu %6lu %6lu", allochit, allocmiss, freehit, freemiss); -@@ -4729,13 +4746,71 @@ static int __init slab_proc_init(void) +@@ -4600,13 +4614,71 @@ static const struct file_operations proc_slabstats_operations = { + static int __init slab_proc_init(void) { - proc_create("slabinfo",S_IWUSR|S_IRUSR,NULL,&proc_slabinfo_operations); #ifdef CONFIG_DEBUG_SLAB_LEAK - proc_create("slab_allocators", 0, NULL, &proc_slabstats_operations); + proc_create("slab_allocators", S_IRUSR, NULL, &proc_slabstats_operations); @@ -76018,7 +82273,7 @@ index d066037..4f4ebf5 100644 +} + +#ifdef CONFIG_PAX_USERCOPY -+const char *check_heap_object(const void *ptr, unsigned long n, bool to) ++const char *check_heap_object(const void *ptr, unsigned long n) +{ + struct page *page; + struct kmem_cache *cachep; @@ -76055,11 +82310,84 @@ index d066037..4f4ebf5 100644 /** * ksize - get the actual amount of memory allocated for a given object * @objp: Pointer to the object +diff --git a/mm/slab.h b/mm/slab.h +index 34a98d6..73633d1 100644 +--- a/mm/slab.h ++++ b/mm/slab.h +@@ -58,7 +58,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, + + /* Legal flag mask for kmem_cache_create(), for various configurations */ + #define SLAB_CORE_FLAGS (SLAB_HWCACHE_ALIGN | SLAB_CACHE_DMA | SLAB_PANIC | \ +- SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS ) ++ SLAB_DESTROY_BY_RCU | SLAB_DEBUG_OBJECTS | SLAB_USERCOPY) + + #if defined(CONFIG_DEBUG_SLAB) + #define SLAB_DEBUG_FLAGS (SLAB_RED_ZONE | SLAB_POISON | SLAB_STORE_USER) +@@ -220,6 +220,9 @@ static inline struct kmem_cache *cache_from_obj(struct kmem_cache *s, void *x) + return s; + + page = virt_to_head_page(x); ++ ++ BUG_ON(!PageSlab(page)); ++ + cachep = page->slab_cache; + if (slab_equal_or_root(cachep, s)) + return cachep; +diff --git a/mm/slab_common.c b/mm/slab_common.c +index 3f3cd97..93b0236 100644 +--- a/mm/slab_common.c ++++ b/mm/slab_common.c +@@ -22,7 +22,7 @@ + + #include "slab.h" + +-enum slab_state slab_state; ++enum slab_state slab_state __read_only; + LIST_HEAD(slab_caches); + DEFINE_MUTEX(slab_mutex); + struct kmem_cache *kmem_cache; +@@ -209,7 +209,7 @@ kmem_cache_create_memcg(struct mem_cgroup *memcg, const char *name, size_t size, + + err = __kmem_cache_create(s, flags); + if (!err) { +- s->refcount = 1; ++ atomic_set(&s->refcount, 1); + list_add(&s->list, &slab_caches); + memcg_cache_list_add(memcg, s); + } else { +@@ -255,8 +255,7 @@ void kmem_cache_destroy(struct kmem_cache *s) + + get_online_cpus(); + mutex_lock(&slab_mutex); +- s->refcount--; +- if (!s->refcount) { ++ if (atomic_dec_and_test(&s->refcount)) { + list_del(&s->list); + + if (!__kmem_cache_shutdown(s)) { +@@ -302,7 +301,7 @@ void __init create_boot_cache(struct kmem_cache *s, const char *name, size_t siz + panic("Creation of kmalloc slab %s size=%zd failed. Reason %d\n", + name, size, err); + +- s->refcount = -1; /* Exempt from merging for now */ ++ atomic_set(&s->refcount, -1); /* Exempt from merging for now */ + } + + struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size, +@@ -315,7 +314,7 @@ struct kmem_cache *__init create_kmalloc_cache(const char *name, size_t size, + + create_boot_cache(s, name, size, flags); + list_add(&s->list, &slab_caches); +- s->refcount = 1; ++ atomic_set(&s->refcount, 1); + return s; + } + diff --git a/mm/slob.c b/mm/slob.c -index 45d4ca7..88943c1 100644 +index a99fdf7..f5b6577 100644 --- a/mm/slob.c +++ b/mm/slob.c -@@ -159,7 +159,7 @@ static void set_slob(slob_t *s, slobidx_t size, slob_t *next) +@@ -157,7 +157,7 @@ static void set_slob(slob_t *s, slobidx_t size, slob_t *next) /* * Return the size of a slob block. */ @@ -76068,7 +82396,7 @@ index 45d4ca7..88943c1 100644 { if (s->units > 0) return s->units; -@@ -169,7 +169,7 @@ static slobidx_t slob_units(slob_t *s) +@@ -167,7 +167,7 @@ static slobidx_t slob_units(slob_t *s) /* * Return the next free slob block pointer after this one. */ @@ -76077,7 +82405,7 @@ index 45d4ca7..88943c1 100644 { slob_t *base = (slob_t *)((unsigned long)s & PAGE_MASK); slobidx_t next; -@@ -184,14 +184,14 @@ static slob_t *slob_next(slob_t *s) +@@ -182,14 +182,14 @@ static slob_t *slob_next(slob_t *s) /* * Returns true if s is the last free block in its page. */ @@ -76094,8 +82422,8 @@ index 45d4ca7..88943c1 100644 + struct page *page; #ifdef CONFIG_NUMA - if (node != -1) -@@ -203,14 +203,18 @@ static void *slob_new_pages(gfp_t gfp, int order, int node) + if (node != NUMA_NO_NODE) +@@ -201,14 +201,18 @@ static void *slob_new_pages(gfp_t gfp, int order, int node) if (!page) return NULL; @@ -76117,7 +82445,7 @@ index 45d4ca7..88943c1 100644 } /* -@@ -315,15 +319,15 @@ static void *slob_alloc(size_t size, gfp_t gfp, int align, int node) +@@ -313,15 +317,15 @@ static void *slob_alloc(size_t size, gfp_t gfp, int align, int node) /* Not enough space: must allocate a new page */ if (!b) { @@ -76137,7 +82465,7 @@ index 45d4ca7..88943c1 100644 INIT_LIST_HEAD(&sp->list); set_slob(b, SLOB_UNITS(PAGE_SIZE), b + SLOB_UNITS(PAGE_SIZE)); set_slob_page_free(sp, slob_list); -@@ -361,9 +365,7 @@ static void slob_free(void *block, int size) +@@ -359,9 +363,7 @@ static void slob_free(void *block, int size) if (slob_page_free(sp)) clear_slob_page_free(sp); spin_unlock_irqrestore(&slob_lock, flags); @@ -76148,22 +82476,22 @@ index 45d4ca7..88943c1 100644 return; } -@@ -425,11 +427,10 @@ out: - * End of slob allocator proper. Begin kmem_cache_alloc and kmalloc frontend. +@@ -424,11 +426,10 @@ out: */ --void *__kmalloc_node(size_t size, gfp_t gfp, int node) -+static void *__kmalloc_node_align(size_t size, gfp_t gfp, int node, int align) + static __always_inline void * +-__do_kmalloc_node(size_t size, gfp_t gfp, int node, unsigned long caller) ++__do_kmalloc_node_align(size_t size, gfp_t gfp, int node, unsigned long caller, int align) { - unsigned int *m; -- int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); +- int align = max_t(size_t, ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); - void *ret; + slob_t *m; + void *ret = NULL; gfp &= gfp_allowed_mask; -@@ -443,20 +444,23 @@ void *__kmalloc_node(size_t size, gfp_t gfp, int node) +@@ -442,23 +443,41 @@ __do_kmalloc_node(size_t size, gfp_t gfp, int node, unsigned long caller) if (!m) return NULL; @@ -76174,7 +82502,7 @@ index 45d4ca7..88943c1 100644 + m[1].units = align; ret = (void *)m + align; - trace_kmalloc_node(_RET_IP_, ret, + trace_kmalloc_node(caller, ret, size, size + align, gfp, node); } else { unsigned int order = get_order(size); @@ -76183,16 +82511,13 @@ index 45d4ca7..88943c1 100644 if (likely(order)) gfp |= __GFP_COMP; - ret = slob_new_pages(gfp, order, node); -- if (ret) { -- struct page *page; -- page = virt_to_page(ret); + page = slob_new_pages(gfp, order, node); + if (page) { + ret = page_address(page); - page->private = size; - } ++ page->private = size; ++ } -@@ -464,7 +468,16 @@ void *__kmalloc_node(size_t size, gfp_t gfp, int node) + trace_kmalloc_node(caller, ret, size, PAGE_SIZE << order, gfp, node); } @@ -76200,24 +82525,25 @@ index 45d4ca7..88943c1 100644 + return ret; +} + -+void *__kmalloc_node(size_t size, gfp_t gfp, int node) ++static __always_inline void * ++__do_kmalloc_node(size_t size, gfp_t gfp, int node, unsigned long caller) +{ + int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); -+ void *ret = __kmalloc_node_align(size, gfp, node, align); ++ void *ret = __do_kmalloc_node_align(size, gfp, node, caller, align); + + if (!ZERO_OR_NULL_PTR(ret)) + kmemleak_alloc(ret, size, 1, gfp); return ret; } - EXPORT_SYMBOL(__kmalloc_node); -@@ -480,15 +493,91 @@ void kfree(const void *block) + +@@ -494,33 +513,110 @@ void kfree(const void *block) kmemleak_free(block); sp = virt_to_page(block); - if (PageSlab(sp)) { + VM_BUG_ON(!PageSlab(sp)); + if (!sp->private) { - int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); + int align = max_t(size_t, ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); - unsigned int *m = (unsigned int *)(block - align); - slob_free(m, *m + align); - } else @@ -76227,7 +82553,7 @@ index 45d4ca7..88943c1 100644 + __ClearPageSlab(sp); + reset_page_mapcount(sp); + sp->private = 0; - put_page(sp); + __free_pages(sp, compound_order(sp)); + } } EXPORT_SYMBOL(kfree); @@ -76243,7 +82569,7 @@ index 45d4ca7..88943c1 100644 +} + +#ifdef CONFIG_PAX_USERCOPY -+const char *check_heap_object(const void *ptr, unsigned long n, bool to) ++const char *check_heap_object(const void *ptr, unsigned long n) +{ + struct page *page; + const slob_t *free; @@ -76306,36 +82632,31 @@ index 45d4ca7..88943c1 100644 /* can't use ksize for kmem_cache_alloc memory, only kmalloc */ size_t ksize(const void *block) { -@@ -499,10 +588,11 @@ size_t ksize(const void *block) + struct page *sp; + int align; +- unsigned int *m; ++ slob_t *m; + + BUG_ON(!block); + if (unlikely(block == ZERO_SIZE_PTR)) return 0; sp = virt_to_page(block); -- if (PageSlab(sp)) { +- if (unlikely(!PageSlab(sp))) +- return PAGE_SIZE << compound_order(sp); + VM_BUG_ON(!PageSlab(sp)); -+ if (!sp->private) { - int align = max(ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); -- unsigned int *m = (unsigned int *)(block - align); -- return SLOB_UNITS(*m) * SLOB_UNIT; -+ slob_t *m = (slob_t *)(block - align); -+ return SLOB_UNITS(m[0].units) * SLOB_UNIT; - } else - return sp->private; - } -@@ -513,8 +603,13 @@ struct kmem_cache *__kmem_cache_create(const char *name, size_t size, - { - struct kmem_cache *c; ++ if (sp->private) ++ return sp->private; -+#ifdef CONFIG_PAX_USERCOPY_SLABS -+ c = __kmalloc_node_align(sizeof(struct kmem_cache), -+ GFP_KERNEL, -1, ARCH_KMALLOC_MINALIGN); -+#else - c = slob_alloc(sizeof(struct kmem_cache), - GFP_KERNEL, ARCH_KMALLOC_MINALIGN, -1); -+#endif + align = max_t(size_t, ARCH_KMALLOC_MINALIGN, ARCH_SLAB_MINALIGN); +- m = (unsigned int *)(block - align); +- return SLOB_UNITS(*m) * SLOB_UNIT; ++ m = (slob_t *)(block - align); ++ return SLOB_UNITS(m[0].units) * SLOB_UNIT; + } + EXPORT_SYMBOL(ksize); - if (c) { - c->name = name; -@@ -549,23 +644,33 @@ EXPORT_SYMBOL(kmem_cache_destroy); +@@ -536,23 +632,33 @@ int __kmem_cache_create(struct kmem_cache *c, unsigned long flags) void *kmem_cache_alloc_node(struct kmem_cache *c, gfp_t flags, int node) { @@ -76347,11 +82668,11 @@ index 45d4ca7..88943c1 100644 lockdep_trace_alloc(flags); +#ifdef CONFIG_PAX_USERCOPY_SLABS -+ b = __kmalloc_node_align(c->size, flags, node, c->align); ++ b = __do_kmalloc_node_align(c->size, flags, node, _RET_IP_, c->align); +#else if (c->size < PAGE_SIZE) { b = slob_alloc(c->size, flags, c->align, node); - trace_kmem_cache_alloc_node(_RET_IP_, b, c->size, + trace_kmem_cache_alloc_node(_RET_IP_, b, c->object_size, SLOB_UNITS(c->size) * SLOB_UNIT, flags, node); } else { @@ -76363,7 +82684,7 @@ index 45d4ca7..88943c1 100644 + b = page_address(sp); + sp->private = c->size; + } - trace_kmem_cache_alloc_node(_RET_IP_, b, c->size, + trace_kmem_cache_alloc_node(_RET_IP_, b, c->object_size, PAGE_SIZE << get_order(c->size), flags, node); } @@ -76371,7 +82692,7 @@ index 45d4ca7..88943c1 100644 if (c->ctor) c->ctor(b); -@@ -577,10 +682,14 @@ EXPORT_SYMBOL(kmem_cache_alloc_node); +@@ -564,10 +670,14 @@ EXPORT_SYMBOL(kmem_cache_alloc_node); static void __kmem_cache_free(void *b, int size) { @@ -76388,7 +82709,7 @@ index 45d4ca7..88943c1 100644 } static void kmem_rcu_free(struct rcu_head *head) -@@ -593,17 +702,31 @@ static void kmem_rcu_free(struct rcu_head *head) +@@ -580,17 +690,31 @@ static void kmem_rcu_free(struct rcu_head *head) void kmem_cache_free(struct kmem_cache *c, void *b) { @@ -76424,10 +82745,10 @@ index 45d4ca7..88943c1 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index 2fdd96f..1e2f893 100644 +index ba2ca53..00b1f4e 100644 --- a/mm/slub.c +++ b/mm/slub.c -@@ -201,7 +201,7 @@ struct track { +@@ -197,7 +197,7 @@ struct track { enum track_item { TRACK_ALLOC, TRACK_FREE }; @@ -76436,7 +82757,7 @@ index 2fdd96f..1e2f893 100644 static int sysfs_slab_add(struct kmem_cache *); static int sysfs_slab_alias(struct kmem_cache *, const char *); static void sysfs_slab_remove(struct kmem_cache *); -@@ -525,7 +525,7 @@ static void print_track(const char *s, struct track *t) +@@ -518,7 +518,7 @@ static void print_track(const char *s, struct track *t) if (!t->addr) return; @@ -76445,16 +82766,7 @@ index 2fdd96f..1e2f893 100644 s, (void *)t->addr, jiffies - t->when, t->cpu, t->pid); #ifdef CONFIG_STACKTRACE { -@@ -2612,6 +2612,8 @@ void kmem_cache_free(struct kmem_cache *s, void *x) - - page = virt_to_head_page(x); - -+ BUG_ON(!PageSlab(page)); -+ - slab_free(s, page, x, _RET_IP_); - - trace_kmem_cache_free(_RET_IP_, x); -@@ -2645,7 +2647,7 @@ static int slub_min_objects; +@@ -2653,7 +2653,7 @@ static int slub_min_objects; * Merge control. If this is set then no merging of slab caches will occur. * (Could be removed. This was introduced to pacify the merge skeptics.) */ @@ -76463,26 +82775,7 @@ index 2fdd96f..1e2f893 100644 /* * Calculate the order of allocation given an slab object size. -@@ -3098,7 +3100,7 @@ static int kmem_cache_open(struct kmem_cache *s, - else - s->cpu_partial = 30; - -- s->refcount = 1; -+ atomic_set(&s->refcount, 1); - #ifdef CONFIG_NUMA - s->remote_node_defrag_ratio = 1000; - #endif -@@ -3202,8 +3204,7 @@ static inline int kmem_cache_close(struct kmem_cache *s) - void kmem_cache_destroy(struct kmem_cache *s) - { - mutex_lock(&slab_mutex); -- s->refcount--; -- if (!s->refcount) { -+ if (atomic_dec_and_test(&s->refcount)) { - list_del(&s->list); - mutex_unlock(&slab_mutex); - if (kmem_cache_close(s)) { -@@ -3232,6 +3233,10 @@ static struct kmem_cache *kmem_cache; +@@ -3181,6 +3181,10 @@ EXPORT_SYMBOL(kmalloc_caches); static struct kmem_cache *kmalloc_dma_caches[SLUB_PAGE_SHIFT]; #endif @@ -76493,7 +82786,7 @@ index 2fdd96f..1e2f893 100644 static int __init setup_slub_min_order(char *str) { get_option(&str, &slub_min_order); -@@ -3346,6 +3351,13 @@ static struct kmem_cache *get_slab(size_t size, gfp_t flags) +@@ -3272,6 +3276,13 @@ static struct kmem_cache *get_slab(size_t size, gfp_t flags) return kmalloc_dma_caches[index]; #endif @@ -76507,7 +82800,7 @@ index 2fdd96f..1e2f893 100644 return kmalloc_caches[index]; } -@@ -3414,6 +3426,59 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) +@@ -3340,6 +3351,59 @@ void *__kmalloc_node(size_t size, gfp_t flags, int node) EXPORT_SYMBOL(__kmalloc_node); #endif @@ -76530,12 +82823,12 @@ index 2fdd96f..1e2f893 100644 + if (!PageSlab(page)) + return false; + -+ s = page->slab; ++ s = page->slab_cache; + return s->flags & SLAB_USERCOPY; +} + +#ifdef CONFIG_PAX_USERCOPY -+const char *check_heap_object(const void *ptr, unsigned long n, bool to) ++const char *check_heap_object(const void *ptr, unsigned long n) +{ + struct page *page; + struct kmem_cache *s; @@ -76552,7 +82845,7 @@ index 2fdd96f..1e2f893 100644 + if (!PageSlab(page)) + return NULL; + -+ s = page->slab; ++ s = page->slab_cache; + if (!(s->flags & SLAB_USERCOPY)) + return s->name; + @@ -76567,16 +82860,7 @@ index 2fdd96f..1e2f893 100644 size_t ksize(const void *object) { struct page *page; -@@ -3688,7 +3753,7 @@ static void __init kmem_cache_bootstrap_fixup(struct kmem_cache *s) - int node; - - list_add(&s->list, &slab_caches); -- s->refcount = -1; -+ atomic_set(&s->refcount, -1); - - for_each_node_state(node, N_NORMAL_MEMORY) { - struct kmem_cache_node *n = get_node(s, node); -@@ -3808,17 +3873,17 @@ void __init kmem_cache_init(void) +@@ -3712,17 +3776,17 @@ void __init kmem_cache_init(void) /* Caches that are not of the two-to-the-power-of size */ if (KMALLOC_MIN_SIZE <= 32) { @@ -76597,7 +82881,7 @@ index 2fdd96f..1e2f893 100644 caches++; } -@@ -3860,6 +3925,22 @@ void __init kmem_cache_init(void) +@@ -3764,6 +3828,22 @@ void __init kmem_cache_init(void) } } #endif @@ -76620,7 +82904,7 @@ index 2fdd96f..1e2f893 100644 printk(KERN_INFO "SLUB: Genslabs=%d, HWalign=%d, Order=%d-%d, MinObjects=%d," " CPUs=%d, Nodes=%d\n", -@@ -3886,7 +3967,7 @@ static int slab_unmergeable(struct kmem_cache *s) +@@ -3790,7 +3870,7 @@ static int slab_unmergeable(struct kmem_cache *s) /* * We may have set a slab to be unmergeable during bootstrap. */ @@ -76629,25 +82913,34 @@ index 2fdd96f..1e2f893 100644 return 1; return 0; -@@ -3941,7 +4022,7 @@ struct kmem_cache *__kmem_cache_create(const char *name, size_t size, +@@ -3848,7 +3928,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, - s = find_mergeable(size, align, flags, name, ctor); + s = find_mergeable(memcg, size, align, flags, name, ctor); if (s) { - s->refcount++; + atomic_inc(&s->refcount); /* * Adjust the object sizes so that we clear * the complete object on kzalloc. -@@ -3950,7 +4031,7 @@ struct kmem_cache *__kmem_cache_create(const char *name, size_t size, +@@ -3857,7 +3937,7 @@ __kmem_cache_alias(struct mem_cgroup *memcg, const char *name, size_t size, s->inuse = max_t(int, s->inuse, ALIGN(size, sizeof(void *))); if (sysfs_slab_alias(s, name)) { - s->refcount--; + atomic_dec(&s->refcount); - return NULL; + s = NULL; } - return s; -@@ -4072,7 +4153,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, + } +@@ -3919,7 +3999,7 @@ static int __cpuinit slab_cpuup_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata slab_notifier = { ++static struct notifier_block slab_notifier = { + .notifier_call = slab_cpuup_callback + }; + +@@ -3977,7 +4057,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, } #endif @@ -76656,7 +82949,7 @@ index 2fdd96f..1e2f893 100644 static int count_inuse(struct page *page) { return page->inuse; -@@ -4459,12 +4540,12 @@ static void resiliency_test(void) +@@ -4364,12 +4444,12 @@ static void resiliency_test(void) validate_slab_cache(kmalloc_caches[9]); } #else @@ -76671,7 +82964,7 @@ index 2fdd96f..1e2f893 100644 enum slab_stat_type { SL_ALL, /* All slabs */ SL_PARTIAL, /* Only partially allocated slabs */ -@@ -4708,7 +4789,7 @@ SLAB_ATTR_RO(ctor); +@@ -4613,7 +4693,7 @@ SLAB_ATTR_RO(ctor); static ssize_t aliases_show(struct kmem_cache *s, char *buf) { @@ -76680,7 +82973,7 @@ index 2fdd96f..1e2f893 100644 } SLAB_ATTR_RO(aliases); -@@ -5279,6 +5360,7 @@ static char *create_unique_id(struct kmem_cache *s) +@@ -5266,6 +5346,7 @@ static char *create_unique_id(struct kmem_cache *s) return name; } @@ -76688,7 +82981,7 @@ index 2fdd96f..1e2f893 100644 static int sysfs_slab_add(struct kmem_cache *s) { int err; -@@ -5341,6 +5423,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) +@@ -5323,6 +5404,7 @@ static void sysfs_slab_remove(struct kmem_cache *s) kobject_del(&s->kobj); kobject_put(&s->kobj); } @@ -76696,7 +82989,7 @@ index 2fdd96f..1e2f893 100644 /* * Need to buffer aliases during bootup until sysfs becomes -@@ -5354,6 +5437,7 @@ struct saved_alias { +@@ -5336,6 +5418,7 @@ struct saved_alias { static struct saved_alias *alias_list; @@ -76704,7 +82997,7 @@ index 2fdd96f..1e2f893 100644 static int sysfs_slab_alias(struct kmem_cache *s, const char *name) { struct saved_alias *al; -@@ -5376,6 +5460,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) +@@ -5358,6 +5441,7 @@ static int sysfs_slab_alias(struct kmem_cache *s, const char *name) alias_list = al; return 0; } @@ -76734,8 +83027,21 @@ index 1b7e22a..3fcd4f3 100644 } return pgd; } +diff --git a/mm/sparse.c b/mm/sparse.c +index 6b5fb76..db0c190 100644 +--- a/mm/sparse.c ++++ b/mm/sparse.c +@@ -782,7 +782,7 @@ static void clear_hwpoisoned_pages(struct page *memmap, int nr_pages) + + for (i = 0; i < PAGES_PER_SECTION; i++) { + if (PageHWPoison(&memmap[i])) { +- atomic_long_sub(1, &mce_bad_pages); ++ atomic_long_sub_unchecked(1, &mce_bad_pages); + ClearPageHWPoison(&memmap[i]); + } + } diff --git a/mm/swap.c b/mm/swap.c -index 7782588..228c784 100644 +index 6310dc2..3662b3f 100644 --- a/mm/swap.c +++ b/mm/swap.c @@ -30,6 +30,7 @@ @@ -76756,7 +83062,7 @@ index 7782588..228c784 100644 } diff --git a/mm/swapfile.c b/mm/swapfile.c -index 14e254c..a6af32c 100644 +index e97a0e5..b50e796 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c @@ -64,7 +64,7 @@ static DEFINE_MUTEX(swapon_mutex); @@ -76768,7 +83074,7 @@ index 14e254c..a6af32c 100644 static inline unsigned char swap_count(unsigned char ent) { -@@ -1603,7 +1603,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) +@@ -1608,7 +1608,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) } filp_close(swap_file, NULL); err = 0; @@ -76777,7 +83083,7 @@ index 14e254c..a6af32c 100644 wake_up_interruptible(&proc_poll_wait); out_dput: -@@ -1619,8 +1619,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) +@@ -1625,8 +1625,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) poll_wait(file, &proc_poll_wait, wait); @@ -76788,7 +83094,7 @@ index 14e254c..a6af32c 100644 return POLLIN | POLLRDNORM | POLLERR | POLLPRI; } -@@ -1718,7 +1718,7 @@ static int swaps_open(struct inode *inode, struct file *file) +@@ -1724,7 +1724,7 @@ static int swaps_open(struct inode *inode, struct file *file) return ret; seq = file->private_data; @@ -76797,7 +83103,7 @@ index 14e254c..a6af32c 100644 return 0; } -@@ -2060,7 +2060,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) +@@ -2066,7 +2066,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) (frontswap_map) ? "FS" : ""); mutex_unlock(&swapon_mutex); @@ -76807,10 +83113,10 @@ index 14e254c..a6af32c 100644 if (S_ISREG(inode->i_mode)) diff --git a/mm/util.c b/mm/util.c -index 8c7265a..c96d884 100644 +index c55e26b..3f913a9 100644 --- a/mm/util.c +++ b/mm/util.c -@@ -285,6 +285,12 @@ done: +@@ -292,6 +292,12 @@ done: void arch_pick_mmap_layout(struct mm_struct *mm) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -76824,7 +83130,7 @@ index 8c7265a..c96d884 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 2bb90b1..3795e47 100644 +index 5123a16..f234a48 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -77009,17 +83315,20 @@ index 2bb90b1..3795e47 100644 if ((PAGE_SIZE-1) & (unsigned long)addr) return -EINVAL; -@@ -2572,7 +2634,7 @@ static int s_show(struct seq_file *m, void *p) - { - struct vm_struct *v = p; - -- seq_printf(m, "0x%p-0x%p %7ld", -+ seq_printf(m, "0x%pK-0x%pK %7ld", +@@ -2575,7 +2637,11 @@ static int s_show(struct seq_file *m, void *p) v->addr, v->addr + v->size, v->size); if (v->caller) ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ seq_printf(m, " %pK", v->caller); ++#else + seq_printf(m, " %pS", v->caller); ++#endif + + if (v->nr_pages) + seq_printf(m, " pages=%d", v->nr_pages); diff --git a/mm/vmstat.c b/mm/vmstat.c -index df7a674..8b4a4f3 100644 +index 9800306..76b4b27 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c @@ -78,7 +78,7 @@ void vm_events_fold_cpu(int cpu) @@ -77048,8 +83357,28 @@ index df7a674..8b4a4f3 100644 + atomic_long_add_unchecked(global_diff[i], &vm_stat[i]); } + void drain_zonestat(struct zone *zone, struct per_cpu_pageset *pset) +@@ -503,8 +503,8 @@ void drain_zonestat(struct zone *zone, struct per_cpu_pageset *pset) + if (pset->vm_stat_diff[i]) { + int v = pset->vm_stat_diff[i]; + pset->vm_stat_diff[i] = 0; +- atomic_long_add(v, &zone->vm_stat[i]); +- atomic_long_add(v, &vm_stat[i]); ++ atomic_long_add_unchecked(v, &zone->vm_stat[i]); ++ atomic_long_add_unchecked(v, &vm_stat[i]); + } + } + #endif +@@ -1223,7 +1223,7 @@ static int __cpuinit vmstat_cpuup_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata vmstat_notifier = ++static struct notifier_block vmstat_notifier = + { &vmstat_cpuup_callback, NULL, 0 }; #endif -@@ -1212,10 +1212,20 @@ static int __init setup_vmstat(void) + +@@ -1238,10 +1238,20 @@ static int __init setup_vmstat(void) start_cpu_timer(cpu); #endif #ifdef CONFIG_PROC_FS @@ -77075,12 +83404,21 @@ index df7a674..8b4a4f3 100644 return 0; } diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c -index 9096bcb..43ed7bb 100644 +index a292e80..785ee68 100644 --- a/net/8021q/vlan.c +++ b/net/8021q/vlan.c -@@ -557,8 +557,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) +@@ -485,7 +485,7 @@ out: + return NOTIFY_DONE; + } + +-static struct notifier_block vlan_notifier_block __read_mostly = { ++static struct notifier_block vlan_notifier_block = { + .notifier_call = vlan_device_event, + }; + +@@ -560,8 +560,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) err = -EPERM; - if (!capable(CAP_NET_ADMIN)) + if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) break; - if ((args.u.name_type >= 0) && - (args.u.name_type < VLAN_NAME_TYPE_HIGHEST)) { @@ -77088,8 +83426,30 @@ index 9096bcb..43ed7bb 100644 struct vlan_net *vn; vn = net_generic(net, vlan_net_id); +diff --git a/net/9p/mod.c b/net/9p/mod.c +index 6ab36ae..6f1841b 100644 +--- a/net/9p/mod.c ++++ b/net/9p/mod.c +@@ -84,7 +84,7 @@ static LIST_HEAD(v9fs_trans_list); + void v9fs_register_trans(struct p9_trans_module *m) + { + spin_lock(&v9fs_trans_lock); +- list_add_tail(&m->list, &v9fs_trans_list); ++ pax_list_add_tail((struct list_head *)&m->list, &v9fs_trans_list); + spin_unlock(&v9fs_trans_lock); + } + EXPORT_SYMBOL(v9fs_register_trans); +@@ -97,7 +97,7 @@ EXPORT_SYMBOL(v9fs_register_trans); + void v9fs_unregister_trans(struct p9_trans_module *m) + { + spin_lock(&v9fs_trans_lock); +- list_del_init(&m->list); ++ pax_list_del_init((struct list_head *)&m->list); + spin_unlock(&v9fs_trans_lock); + } + EXPORT_SYMBOL(v9fs_unregister_trans); diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c -index 6449bae..8c1f454 100644 +index 02efb25..41541a9 100644 --- a/net/9p/trans_fd.c +++ b/net/9p/trans_fd.c @@ -425,7 +425,7 @@ static int p9_fd_write(struct p9_client *client, void *v, int len) @@ -77154,19 +83514,6 @@ index a86aff9..3a0d6f6 100644 /* * ATM LAN Emulation supports both LLC & Dix Ethernet EtherType -diff --git a/net/atm/mpc.h b/net/atm/mpc.h -index 0919a88..a23d54e 100644 ---- a/net/atm/mpc.h -+++ b/net/atm/mpc.h -@@ -33,7 +33,7 @@ struct mpoa_client { - struct mpc_parameters parameters; /* parameters for this client */ - - const struct net_device_ops *old_ops; -- struct net_device_ops new_ops; -+ net_device_ops_no_const new_ops; - }; - - diff --git a/net/atm/proc.c b/net/atm/proc.c index 0d020de..011c7bb 100644 --- a/net/atm/proc.c @@ -77185,7 +83532,7 @@ index 0d020de..011c7bb 100644 static void atm_dev_info(struct seq_file *seq, const struct atm_dev *dev) diff --git a/net/atm/resources.c b/net/atm/resources.c -index 23f45ce..c748f1a 100644 +index 0447d5d..3cf4728 100644 --- a/net/atm/resources.c +++ b/net/atm/resources.c @@ -160,7 +160,7 @@ EXPORT_SYMBOL(atm_dev_deregister); @@ -77206,44 +83553,58 @@ index 23f45ce..c748f1a 100644 __AAL_STAT_ITEMS #undef __HANDLE_ITEM } +diff --git a/net/ax25/sysctl_net_ax25.c b/net/ax25/sysctl_net_ax25.c +index d5744b7..506bae3 100644 +--- a/net/ax25/sysctl_net_ax25.c ++++ b/net/ax25/sysctl_net_ax25.c +@@ -152,7 +152,7 @@ int ax25_register_dev_sysctl(ax25_dev *ax25_dev) + { + char path[sizeof("net/ax25/") + IFNAMSIZ]; + int k; +- struct ctl_table *table; ++ ctl_table_no_const *table; + + table = kmemdup(ax25_param_table, sizeof(ax25_param_table), GFP_KERNEL); + if (!table) diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c -index 1476f26..ff09c69 100644 +index 7d02ebd..4d4cc01 100644 --- a/net/batman-adv/bat_iv_ogm.c +++ b/net/batman-adv/bat_iv_ogm.c -@@ -62,7 +62,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface) +@@ -63,7 +63,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface) /* randomize initial seqno to avoid collision */ get_random_bytes(&random_seqno, sizeof(random_seqno)); -- atomic_set(&hard_iface->seqno, random_seqno); -+ atomic_set_unchecked(&hard_iface->seqno, random_seqno); +- atomic_set(&hard_iface->bat_iv.ogm_seqno, random_seqno); ++ atomic_set_unchecked(&hard_iface->bat_iv.ogm_seqno, random_seqno); - hard_iface->packet_len = BATADV_OGM_HLEN; - hard_iface->packet_buff = kmalloc(hard_iface->packet_len, GFP_ATOMIC); -@@ -600,8 +600,8 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface) + hard_iface->bat_iv.ogm_buff_len = BATADV_OGM_HLEN; + ogm_buff = kmalloc(hard_iface->bat_iv.ogm_buff_len, GFP_ATOMIC); +@@ -615,9 +615,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface) + batadv_ogm_packet = (struct batadv_ogm_packet *)(*ogm_buff); /* change sequence number to network order */ - batadv_ogm_packet->seqno = -- htonl((uint32_t)atomic_read(&hard_iface->seqno)); -- atomic_inc(&hard_iface->seqno); -+ htonl((uint32_t)atomic_read_unchecked(&hard_iface->seqno)); -+ atomic_inc_unchecked(&hard_iface->seqno); - - batadv_ogm_packet->ttvn = atomic_read(&bat_priv->ttvn); - batadv_ogm_packet->tt_crc = htons(bat_priv->tt_crc); -@@ -1001,7 +1001,7 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr, +- seqno = (uint32_t)atomic_read(&hard_iface->bat_iv.ogm_seqno); ++ seqno = (uint32_t)atomic_read_unchecked(&hard_iface->bat_iv.ogm_seqno); + batadv_ogm_packet->seqno = htonl(seqno); +- atomic_inc(&hard_iface->bat_iv.ogm_seqno); ++ atomic_inc_unchecked(&hard_iface->bat_iv.ogm_seqno); + + batadv_ogm_packet->ttvn = atomic_read(&bat_priv->tt.vn); + batadv_ogm_packet->tt_crc = htons(bat_priv->tt.local_crc); +@@ -1022,7 +1022,7 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr, return; /* could be changed by schedule_own_packet() */ -- if_incoming_seqno = atomic_read(&if_incoming->seqno); -+ if_incoming_seqno = atomic_read_unchecked(&if_incoming->seqno); +- if_incoming_seqno = atomic_read(&if_incoming->bat_iv.ogm_seqno); ++ if_incoming_seqno = atomic_read_unchecked(&if_incoming->bat_iv.ogm_seqno); if (batadv_ogm_packet->flags & BATADV_DIRECTLINK) has_directlink_flag = 1; diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c -index 282bf6e..4b2603d 100644 +index f1d37cd..4190879 100644 --- a/net/batman-adv/hard-interface.c +++ b/net/batman-adv/hard-interface.c -@@ -320,7 +320,7 @@ int batadv_hardif_enable_interface(struct batadv_hard_iface *hard_iface, +@@ -370,7 +370,7 @@ int batadv_hardif_enable_interface(struct batadv_hard_iface *hard_iface, hard_iface->batman_adv_ptype.dev = hard_iface->net_dev; dev_add_pack(&hard_iface->batman_adv_ptype); @@ -77252,53 +83613,60 @@ index 282bf6e..4b2603d 100644 batadv_info(hard_iface->soft_iface, "Adding interface: %s\n", hard_iface->net_dev->name); -@@ -443,7 +443,7 @@ batadv_hardif_add_interface(struct net_device *net_dev) +@@ -493,7 +493,7 @@ batadv_hardif_add_interface(struct net_device *net_dev) /* This can't be called via a bat_priv callback because * we have no bat_priv yet. */ -- atomic_set(&hard_iface->seqno, 1); -+ atomic_set_unchecked(&hard_iface->seqno, 1); - hard_iface->packet_buff = NULL; +- atomic_set(&hard_iface->bat_iv.ogm_seqno, 1); ++ atomic_set_unchecked(&hard_iface->bat_iv.ogm_seqno, 1); + hard_iface->bat_iv.ogm_buff = NULL; return hard_iface; diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c -index 21c5357..768be1a 100644 +index 6b548fd..fc32c8d 100644 --- a/net/batman-adv/soft-interface.c +++ b/net/batman-adv/soft-interface.c -@@ -227,7 +227,7 @@ static int batadv_interface_tx(struct sk_buff *skb, +@@ -252,7 +252,7 @@ static int batadv_interface_tx(struct sk_buff *skb, + primary_if->net_dev->dev_addr, ETH_ALEN); /* set broadcast sequence number */ - bcast_packet->seqno = -- htonl(atomic_inc_return(&bat_priv->bcast_seqno)); -+ htonl(atomic_inc_return_unchecked(&bat_priv->bcast_seqno)); +- seqno = atomic_inc_return(&bat_priv->bcast_seqno); ++ seqno = atomic_inc_return_unchecked(&bat_priv->bcast_seqno); + bcast_packet->seqno = htonl(seqno); - batadv_add_bcast_packet_to_list(bat_priv, skb, 1); - -@@ -407,7 +407,7 @@ struct net_device *batadv_softif_create(const char *name) + batadv_add_bcast_packet_to_list(bat_priv, skb, brd_delay); +@@ -497,7 +497,7 @@ struct net_device *batadv_softif_create(const char *name) atomic_set(&bat_priv->batman_queue_left, BATADV_BATMAN_QUEUE_LEN); atomic_set(&bat_priv->mesh_state, BATADV_MESH_INACTIVE); - atomic_set(&bat_priv->bcast_seqno, 1); + atomic_set_unchecked(&bat_priv->bcast_seqno, 1); - atomic_set(&bat_priv->ttvn, 0); - atomic_set(&bat_priv->tt_local_changes, 0); - atomic_set(&bat_priv->tt_ogm_append_cnt, 0); + atomic_set(&bat_priv->tt.vn, 0); + atomic_set(&bat_priv->tt.local_changes, 0); + atomic_set(&bat_priv->tt.ogm_append_cnt, 0); diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h -index 12635fd..d99d837 100644 +index ae9ac9a..11e0fe7 100644 --- a/net/batman-adv/types.h +++ b/net/batman-adv/types.h -@@ -33,8 +33,8 @@ struct batadv_hard_iface { +@@ -48,7 +48,7 @@ + struct batadv_hard_iface_bat_iv { + unsigned char *ogm_buff; + int ogm_buff_len; +- atomic_t ogm_seqno; ++ atomic_unchecked_t ogm_seqno; + }; + + struct batadv_hard_iface { +@@ -56,7 +56,7 @@ struct batadv_hard_iface { int16_t if_num; char if_status; struct net_device *net_dev; -- atomic_t seqno; - atomic_t frag_seqno; -+ atomic_unchecked_t seqno; + atomic_unchecked_t frag_seqno; - unsigned char *packet_buff; - int packet_len; struct kobject *hardif_obj; -@@ -176,7 +176,7 @@ struct batadv_priv { + atomic_t refcount; + struct packet_type batman_adv_ptype; +@@ -284,7 +284,7 @@ struct batadv_priv { atomic_t orig_interval; /* uint */ atomic_t hop_penalty; /* uint */ atomic_t log_level; /* uint */ @@ -77306,12 +83674,12 @@ index 12635fd..d99d837 100644 + atomic_unchecked_t bcast_seqno; atomic_t bcast_queue_left; atomic_t batman_queue_left; - atomic_t ttvn; /* translation table version number */ + char num_ifaces; diff --git a/net/batman-adv/unicast.c b/net/batman-adv/unicast.c -index 0016464..0ef3e53 100644 +index 10aff49..ea8e021 100644 --- a/net/batman-adv/unicast.c +++ b/net/batman-adv/unicast.c -@@ -269,7 +269,7 @@ int batadv_frag_send_skb(struct sk_buff *skb, struct batadv_priv *bat_priv, +@@ -272,7 +272,7 @@ int batadv_frag_send_skb(struct sk_buff *skb, struct batadv_priv *bat_priv, frag1->flags = BATADV_UNI_FRAG_HEAD | large_tail; frag2->flags = large_tail; @@ -77321,7 +83689,7 @@ index 0016464..0ef3e53 100644 frag2->seqno = htons(seqno); diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c -index d5ace1e..231c4bf 100644 +index 07f0739..3c42e34 100644 --- a/net/bluetooth/hci_sock.c +++ b/net/bluetooth/hci_sock.c @@ -934,7 +934,7 @@ static int hci_sock_setsockopt(struct socket *sock, int level, int optname, @@ -77334,10 +83702,10 @@ index d5ace1e..231c4bf 100644 err = -EFAULT; break; diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c -index 38c00f1..e9d566e 100644 +index 22e6583..426e2f3 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c -@@ -3165,8 +3165,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, voi +@@ -3400,8 +3400,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, break; case L2CAP_CONF_RFC: @@ -77349,12 +83717,12 @@ index 38c00f1..e9d566e 100644 + memcpy(&rfc, (void *)val, olen); if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) && - rfc.mode != chan->mode) + rfc.mode != chan->mode) diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c -index 34bbe1c..451c19b 100644 +index 1bcfb84..dad9f98 100644 --- a/net/bluetooth/l2cap_sock.c +++ b/net/bluetooth/l2cap_sock.c -@@ -467,7 +467,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us +@@ -479,7 +479,8 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, struct sock *sk = sock->sk; struct l2cap_chan *chan = l2cap_pi(sk)->chan; struct l2cap_options opts; @@ -77364,7 +83732,7 @@ index 34bbe1c..451c19b 100644 u32 opt; BT_DBG("sk %p", sk); -@@ -489,7 +490,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, char __us +@@ -501,7 +502,7 @@ static int l2cap_sock_setsockopt_old(struct socket *sock, int optname, opts.max_tx = chan->max_tx; opts.txwin_size = chan->tx_win; @@ -77373,7 +83741,7 @@ index 34bbe1c..451c19b 100644 if (copy_from_user((char *) &opts, optval, len)) { err = -EFAULT; break; -@@ -567,7 +568,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch +@@ -581,7 +582,8 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, struct bt_security sec; struct bt_power pwr; struct l2cap_conn *conn; @@ -77383,7 +83751,7 @@ index 34bbe1c..451c19b 100644 u32 opt; BT_DBG("sk %p", sk); -@@ -590,7 +592,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch +@@ -604,7 +606,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, sec.level = BT_SECURITY_LOW; @@ -77392,7 +83760,7 @@ index 34bbe1c..451c19b 100644 if (copy_from_user((char *) &sec, optval, len)) { err = -EFAULT; break; -@@ -687,7 +689,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, ch +@@ -701,7 +703,7 @@ static int l2cap_sock_setsockopt(struct socket *sock, int level, int optname, pwr.force_active = BT_POWER_FORCE_ACTIVE_ON; @@ -77402,7 +83770,7 @@ index 34bbe1c..451c19b 100644 err = -EFAULT; break; diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c -index 32893a0..3aabfdd 100644 +index ce3f665..2c7d08f 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c @@ -667,7 +667,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c @@ -77424,7 +83792,7 @@ index 32893a0..3aabfdd 100644 err = -EFAULT; break; diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c -index 56f1823..da44330 100644 +index bd6fd0f..6492cba 100644 --- a/net/bluetooth/rfcomm/tty.c +++ b/net/bluetooth/rfcomm/tty.c @@ -309,7 +309,7 @@ static void rfcomm_dev_del(struct rfcomm_dev *dev) @@ -77439,9 +83807,9 @@ index 56f1823..da44330 100644 @@ -664,10 +664,10 @@ static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) return -ENODEV; - BT_DBG("dev %p dst %s channel %d opened %d", dev, batostr(&dev->dst), -- dev->channel, dev->port.count); -+ dev->channel, atomic_read(&dev->port.count)); + BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst, +- dev->channel, dev->port.count); ++ dev->channel, atomic_read(&dev->port.count)); spin_lock_irqsave(&dev->port.lock, flags); - if (++dev->port.count > 1) { @@ -77462,6 +83830,42 @@ index 56f1823..da44330 100644 spin_unlock_irqrestore(&dev->port.lock, flags); if (dev->tty_dev->parent) device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST); +diff --git a/net/bridge/br_mdb.c b/net/bridge/br_mdb.c +index acc9f4c..2897e40 100644 +--- a/net/bridge/br_mdb.c ++++ b/net/bridge/br_mdb.c +@@ -82,6 +82,7 @@ static int br_mdb_fill_info(struct sk_buff *skb, struct netlink_callback *cb, + port = p->port; + if (port) { + struct br_mdb_entry e; ++ memset(&e, 0, sizeof(e)); + e.ifindex = port->dev->ifindex; + e.state = p->state; + if (p->addr.proto == htons(ETH_P_IP)) +@@ -138,6 +139,7 @@ static int br_mdb_dump(struct sk_buff *skb, struct netlink_callback *cb) + break; + + bpm = nlmsg_data(nlh); ++ memset(bpm, 0, sizeof(*bpm)); + bpm->ifindex = dev->ifindex; + if (br_mdb_fill_info(skb, cb, dev) < 0) + goto out; +@@ -173,6 +175,7 @@ static int nlmsg_populate_mdb_fill(struct sk_buff *skb, + return -EMSGSIZE; + + bpm = nlmsg_data(nlh); ++ memset(bpm, 0, sizeof(*bpm)); + bpm->family = AF_BRIDGE; + bpm->ifindex = dev->ifindex; + nest = nla_nest_start(skb, MDBA_MDB); +@@ -230,6 +233,7 @@ void br_mdb_notify(struct net_device *dev, struct net_bridge_port *port, + { + struct br_mdb_entry entry; + ++ memset(&entry, 0, sizeof(entry)); + entry.ifindex = port->dev->ifindex; + entry.addr.proto = group->proto; + entry.addr.u.ip4 = group->u.ip4; diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 5fe2ff3..121d696 100644 --- a/net/bridge/netfilter/ebtables.c @@ -77494,7 +83898,7 @@ index 5fe2ff3..121d696 100644 break; } diff --git a/net/caif/cfctrl.c b/net/caif/cfctrl.c -index 44f270f..1f5602d 100644 +index a376ec1..1fbd6be 100644 --- a/net/caif/cfctrl.c +++ b/net/caif/cfctrl.c @@ -10,6 +10,7 @@ @@ -77536,21 +83940,52 @@ index 44f270f..1f5602d 100644 p->sequence_no); list_del(&p->list); goto out; +diff --git a/net/can/af_can.c b/net/can/af_can.c +index ddac1ee..3ee0a78 100644 +--- a/net/can/af_can.c ++++ b/net/can/af_can.c +@@ -872,7 +872,7 @@ static const struct net_proto_family can_family_ops = { + }; + + /* notifier block for netdevice event */ +-static struct notifier_block can_netdev_notifier __read_mostly = { ++static struct notifier_block can_netdev_notifier = { + .notifier_call = can_notifier, + }; + diff --git a/net/can/gw.c b/net/can/gw.c -index b54d5e6..91c3b25 100644 +index 574dda78e..3d2b3da 100644 --- a/net/can/gw.c +++ b/net/can/gw.c -@@ -96,7 +96,7 @@ struct cf_mod { - struct { - void (*xor)(struct can_frame *cf, struct cgw_csum_xor *xor); - void (*crc8)(struct can_frame *cf, struct cgw_csum_crc8 *crc8); -- } csumfunc; -+ } __no_const csumfunc; - }; +@@ -67,7 +67,6 @@ MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@volkswagen.de>"); + MODULE_ALIAS("can-gw"); + static HLIST_HEAD(cgw_list); +-static struct notifier_block notifier; + static struct kmem_cache *cgw_cache __read_mostly; + +@@ -893,6 +892,10 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) + return err; + } + ++static struct notifier_block notifier = { ++ .notifier_call = cgw_notifier ++}; ++ + static __init int cgw_module_init(void) + { + printk(banner); +@@ -904,7 +907,6 @@ static __init int cgw_module_init(void) + return -ENOMEM; + + /* set notifier */ +- notifier.notifier_call = cgw_notifier; + register_netdevice_notifier(¬ifier); + + if (__rtnl_register(PF_CAN, RTM_GETROUTE, NULL, cgw_dump_jobs, NULL)) { diff --git a/net/compat.c b/net/compat.c -index 74ed1d7..3695bd9 100644 +index 79ae884..17c5c09 100644 --- a/net/compat.c +++ b/net/compat.c @@ -71,9 +71,9 @@ int get_compat_msghdr(struct msghdr *kmsg, struct compat_msghdr __user *umsg) @@ -77626,7 +84061,7 @@ index 74ed1d7..3695bd9 100644 int fdmax = (kmsg->msg_controllen - sizeof(struct compat_cmsghdr)) / sizeof(int); int fdnum = scm->fp->count; struct file **fp = scm->fp->fp; -@@ -364,7 +364,7 @@ static int do_set_sock_timeout(struct socket *sock, int level, +@@ -363,7 +363,7 @@ static int do_set_sock_timeout(struct socket *sock, int level, return -EFAULT; old_fs = get_fs(); set_fs(KERNEL_DS); @@ -77635,7 +84070,7 @@ index 74ed1d7..3695bd9 100644 set_fs(old_fs); return err; -@@ -425,7 +425,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname, +@@ -424,7 +424,7 @@ static int do_get_sock_timeout(struct socket *sock, int level, int optname, len = sizeof(ktime); old_fs = get_fs(); set_fs(KERNEL_DS); @@ -77644,7 +84079,7 @@ index 74ed1d7..3695bd9 100644 set_fs(old_fs); if (!err) { -@@ -568,7 +568,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, +@@ -567,7 +567,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, case MCAST_JOIN_GROUP: case MCAST_LEAVE_GROUP: { @@ -77653,7 +84088,7 @@ index 74ed1d7..3695bd9 100644 struct group_req __user *kgr = compat_alloc_user_space(sizeof(struct group_req)); u32 interface; -@@ -589,7 +589,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, +@@ -588,7 +588,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, case MCAST_BLOCK_SOURCE: case MCAST_UNBLOCK_SOURCE: { @@ -77662,7 +84097,7 @@ index 74ed1d7..3695bd9 100644 struct group_source_req __user *kgsr = compat_alloc_user_space( sizeof(struct group_source_req)); u32 interface; -@@ -610,7 +610,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, +@@ -609,7 +609,7 @@ int compat_mc_setsockopt(struct sock *sock, int level, int optname, } case MCAST_MSFILTER: { @@ -77671,7 +84106,7 @@ index 74ed1d7..3695bd9 100644 struct group_filter __user *kgf; u32 interface, fmode, numsrc; -@@ -648,7 +648,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname, +@@ -647,7 +647,7 @@ int compat_mc_getsockopt(struct sock *sock, int level, int optname, char __user *optval, int __user *optlen, int (*getsockopt)(struct sock *, int, int, char __user *, int __user *)) { @@ -77680,7 +84115,7 @@ index 74ed1d7..3695bd9 100644 struct group_filter __user *kgf; int __user *koptlen; u32 interface, fmode, numsrc; -@@ -797,7 +797,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) +@@ -796,7 +796,7 @@ asmlinkage long compat_sys_socketcall(int call, u32 __user *args) if (call < SYS_SOCKET || call > SYS_SENDMMSG) return -EINVAL; @@ -77703,10 +84138,10 @@ index 368f9c3..f82d4a3 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 1dce5b5..363a522 100644 +index f64e439..8f959e6 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -1138,9 +1138,13 @@ void dev_load(struct net *net, const char *name) +@@ -1250,9 +1250,13 @@ void dev_load(struct net *net, const char *name) if (no_module && capable(CAP_NET_ADMIN)) no_module = request_module("netdev-%s", name); if (no_module && capable(CAP_SYS_MODULE)) { @@ -77720,7 +84155,7 @@ index 1dce5b5..363a522 100644 } } EXPORT_SYMBOL(dev_load); -@@ -1605,7 +1609,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) +@@ -1715,7 +1719,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) { if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) { if (skb_copy_ubufs(skb, GFP_ATOMIC)) { @@ -77729,7 +84164,7 @@ index 1dce5b5..363a522 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -1615,7 +1619,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) +@@ -1725,7 +1729,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) nf_reset(skb); if (unlikely(!is_skb_forwardable(dev, skb))) { @@ -77738,7 +84173,7 @@ index 1dce5b5..363a522 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -2071,7 +2075,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) +@@ -2180,7 +2184,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) struct dev_gso_cb { void (*destructor)(struct sk_buff *skb); @@ -77747,7 +84182,7 @@ index 1dce5b5..363a522 100644 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) -@@ -2930,7 +2934,7 @@ enqueue: +@@ -3053,7 +3057,7 @@ enqueue: local_irq_restore(flags); @@ -77756,7 +84191,7 @@ index 1dce5b5..363a522 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -3002,7 +3006,7 @@ int netif_rx_ni(struct sk_buff *skb) +@@ -3125,7 +3129,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -77765,7 +84200,7 @@ index 1dce5b5..363a522 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); -@@ -3333,7 +3337,7 @@ ncls: +@@ -3456,7 +3460,7 @@ ncls: ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); } else { drop: @@ -77774,7 +84209,7 @@ index 1dce5b5..363a522 100644 kfree_skb(skb); /* Jamal, now you will not able to escape explaining * me how you were going to use this. :-) -@@ -3900,7 +3904,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -4039,7 +4043,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); @@ -77783,7 +84218,7 @@ index 1dce5b5..363a522 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; -@@ -4370,8 +4374,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v) +@@ -4523,8 +4527,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v) else seq_printf(seq, "%04x", ntohs(pt->type)); @@ -77797,7 +84232,7 @@ index 1dce5b5..363a522 100644 } return 0; -@@ -5924,7 +5933,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, +@@ -6096,7 +6105,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, } else { netdev_stats_to_stats64(storage, &dev->stats); } @@ -77807,7 +84242,7 @@ index 1dce5b5..363a522 100644 } EXPORT_SYMBOL(dev_get_stats); diff --git a/net/core/flow.c b/net/core/flow.c -index e318c7e..168b1d0 100644 +index b0901ee..7d3c2ca 100644 --- a/net/core/flow.c +++ b/net/core/flow.c @@ -61,7 +61,7 @@ struct flow_cache { @@ -77868,8 +84303,74 @@ index 7e7aeb0..2a998cb 100644 return -EFAULT; m->msg_iov = iov; +diff --git a/net/core/neighbour.c b/net/core/neighbour.c +index c815f28..e6403f2 100644 +--- a/net/core/neighbour.c ++++ b/net/core/neighbour.c +@@ -2776,7 +2776,7 @@ static int proc_unres_qlen(ctl_table *ctl, int write, void __user *buffer, + size_t *lenp, loff_t *ppos) + { + int size, ret; +- ctl_table tmp = *ctl; ++ ctl_table_no_const tmp = *ctl; + + tmp.extra1 = &zero; + tmp.extra2 = &unres_qlen_max; +diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c +index 28c5f5a..7edf2e2 100644 +--- a/net/core/net-sysfs.c ++++ b/net/core/net-sysfs.c +@@ -1455,7 +1455,7 @@ void netdev_class_remove_file(struct class_attribute *class_attr) + } + EXPORT_SYMBOL(netdev_class_remove_file); + +-int netdev_kobject_init(void) ++int __init netdev_kobject_init(void) + { + kobj_ns_type_register(&net_ns_type_operations); + return class_register(&net_class); +diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c +index 8acce01..2e306bb 100644 +--- a/net/core/net_namespace.c ++++ b/net/core/net_namespace.c +@@ -442,7 +442,7 @@ static int __register_pernet_operations(struct list_head *list, + int error; + LIST_HEAD(net_exit_list); + +- list_add_tail(&ops->list, list); ++ pax_list_add_tail((struct list_head *)&ops->list, list); + if (ops->init || (ops->id && ops->size)) { + for_each_net(net) { + error = ops_init(ops, net); +@@ -455,7 +455,7 @@ static int __register_pernet_operations(struct list_head *list, + + out_undo: + /* If I have an error cleanup all namespaces I initialized */ +- list_del(&ops->list); ++ pax_list_del((struct list_head *)&ops->list); + ops_exit_list(ops, &net_exit_list); + ops_free_list(ops, &net_exit_list); + return error; +@@ -466,7 +466,7 @@ static void __unregister_pernet_operations(struct pernet_operations *ops) + struct net *net; + LIST_HEAD(net_exit_list); + +- list_del(&ops->list); ++ pax_list_del((struct list_head *)&ops->list); + for_each_net(net) + list_add_tail(&net->exit_list, &net_exit_list); + ops_exit_list(ops, &net_exit_list); +@@ -600,7 +600,7 @@ int register_pernet_device(struct pernet_operations *ops) + mutex_lock(&net_mutex); + error = register_pernet_operations(&pernet_list, ops); + if (!error && (first_device == &pernet_list)) +- first_device = &ops->list; ++ first_device = (struct list_head *)&ops->list; + mutex_unlock(&net_mutex); + return error; + } diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 2c5a0a0..a45f90c 100644 +index 1868625..e2261f5 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -77881,11 +84382,45 @@ index 2c5a0a0..a45f90c 100644 static DEFINE_MUTEX(rtnl_mutex); +@@ -299,10 +299,13 @@ int __rtnl_link_register(struct rtnl_link_ops *ops) + if (rtnl_link_ops_get(ops->kind)) + return -EEXIST; + +- if (!ops->dellink) +- ops->dellink = unregister_netdevice_queue; ++ if (!ops->dellink) { ++ pax_open_kernel(); ++ *(void **)&ops->dellink = unregister_netdevice_queue; ++ pax_close_kernel(); ++ } + +- list_add_tail(&ops->list, &link_ops); ++ pax_list_add_tail((struct list_head *)&ops->list, &link_ops); + return 0; + } + EXPORT_SYMBOL_GPL(__rtnl_link_register); +@@ -349,7 +352,7 @@ void __rtnl_link_unregister(struct rtnl_link_ops *ops) + for_each_net(net) { + __rtnl_kill_links(net, ops); + } +- list_del(&ops->list); ++ pax_list_del((struct list_head *)&ops->list); + } + EXPORT_SYMBOL_GPL(__rtnl_link_unregister); + +@@ -976,6 +979,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev, + * report anything. + */ + ivi.spoofchk = -1; ++ memset(ivi.mac, 0, sizeof(ivi.mac)); + if (dev->netdev_ops->ndo_get_vf_config(dev, i, &ivi)) + break; + vf_mac.vf = diff --git a/net/core/scm.c b/net/core/scm.c -index 040cebe..5b1e312 100644 +index 905dcc6..14ee2d6 100644 --- a/net/core/scm.c +++ b/net/core/scm.c -@@ -203,7 +203,7 @@ EXPORT_SYMBOL(__scm_send); +@@ -224,7 +224,7 @@ EXPORT_SYMBOL(__scm_send); int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) { struct cmsghdr __user *cm @@ -77894,7 +84429,7 @@ index 040cebe..5b1e312 100644 struct cmsghdr cmhdr; int cmlen = CMSG_LEN(len); int err; -@@ -226,7 +226,7 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) +@@ -247,7 +247,7 @@ int put_cmsg(struct msghdr * msg, int level, int type, int len, void *data) err = -EFAULT; if (copy_to_user(cm, &cmhdr, sizeof cmhdr)) goto out; @@ -77903,7 +84438,7 @@ index 040cebe..5b1e312 100644 goto out; cmlen = CMSG_SPACE(len); if (msg->msg_controllen < cmlen) -@@ -242,7 +242,7 @@ EXPORT_SYMBOL(put_cmsg); +@@ -263,7 +263,7 @@ EXPORT_SYMBOL(put_cmsg); void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) { struct cmsghdr __user *cm @@ -77912,7 +84447,7 @@ index 040cebe..5b1e312 100644 int fdmax = 0; int fdnum = scm->fp->count; -@@ -262,7 +262,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) +@@ -283,7 +283,7 @@ void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm) if (fdnum < fdmax) fdmax = fdnum; @@ -77922,10 +84457,10 @@ index 040cebe..5b1e312 100644 { struct socket *sock; diff --git a/net/core/sock.c b/net/core/sock.c -index a6000fb..d4aee72 100644 +index bc131d4..029e378 100644 --- a/net/core/sock.c +++ b/net/core/sock.c -@@ -399,7 +399,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -388,7 +388,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) struct sk_buff_head *list = &sk->sk_receive_queue; if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) { @@ -77934,7 +84469,7 @@ index a6000fb..d4aee72 100644 trace_sock_rcvqueue_full(sk, skb); return -ENOMEM; } -@@ -409,7 +409,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -398,7 +398,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) return err; if (!sk_rmem_schedule(sk, skb, skb->truesize)) { @@ -77943,7 +84478,7 @@ index a6000fb..d4aee72 100644 return -ENOBUFS; } -@@ -429,7 +429,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -418,7 +418,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) skb_dst_force(skb); spin_lock_irqsave(&list->lock, flags); @@ -77952,7 +84487,7 @@ index a6000fb..d4aee72 100644 __skb_queue_tail(list, skb); spin_unlock_irqrestore(&list->lock, flags); -@@ -449,7 +449,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) +@@ -438,7 +438,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) skb->dev = NULL; if (sk_rcvqueues_full(sk, skb, sk->sk_rcvbuf)) { @@ -77961,7 +84496,7 @@ index a6000fb..d4aee72 100644 goto discard_and_relse; } if (nested) -@@ -467,7 +467,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) +@@ -456,7 +456,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) mutex_release(&sk->sk_lock.dep_map, 1, _RET_IP_); } else if (sk_add_backlog(sk, skb, sk->sk_rcvbuf)) { bh_unlock_sock(sk); @@ -77970,7 +84505,7 @@ index a6000fb..d4aee72 100644 goto discard_and_relse; } -@@ -886,12 +886,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -930,12 +930,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname, struct timeval tm; } v; @@ -77986,7 +84521,7 @@ index a6000fb..d4aee72 100644 return -EINVAL; memset(&v, 0, sizeof(v)); -@@ -1039,11 +1039,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -1083,11 +1083,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname, case SO_PEERNAME: { @@ -78000,7 +84535,7 @@ index a6000fb..d4aee72 100644 return -EINVAL; if (copy_to_user(optval, address, len)) return -EFAULT; -@@ -1091,7 +1091,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -1146,7 +1146,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, if (len > lv) len = lv; @@ -78009,7 +84544,7 @@ index a6000fb..d4aee72 100644 return -EFAULT; lenout: if (put_user(len, optlen)) -@@ -2193,7 +2193,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) +@@ -2276,7 +2276,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) */ smp_wmb(); atomic_set(&sk->sk_refcnt, 1); @@ -78019,10 +84554,17 @@ index a6000fb..d4aee72 100644 EXPORT_SYMBOL(sock_init_data); diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c -index a2ad320..fb2ce4d 100644 +index 750f44f..922399c 100644 --- a/net/core/sock_diag.c +++ b/net/core/sock_diag.c -@@ -15,20 +15,27 @@ static DEFINE_MUTEX(sock_diag_table_mutex); +@@ -9,26 +9,33 @@ + #include <linux/inet_diag.h> + #include <linux/sock_diag.h> + +-static const struct sock_diag_handler *sock_diag_handlers[AF_MAX]; ++static const struct sock_diag_handler *sock_diag_handlers[AF_MAX] __read_only; + static int (*inet_rcv_compat)(struct sk_buff *skb, struct nlmsghdr *nlh); + static DEFINE_MUTEX(sock_diag_table_mutex); int sock_diag_check_cookie(void *sk, __u32 *cookie) { @@ -78050,6 +84592,207 @@ index a2ad320..fb2ce4d 100644 } EXPORT_SYMBOL_GPL(sock_diag_save_cookie); +@@ -75,8 +82,11 @@ int sock_diag_register(const struct sock_diag_handler *hndl) + mutex_lock(&sock_diag_table_mutex); + if (sock_diag_handlers[hndl->family]) + err = -EBUSY; +- else ++ else { ++ pax_open_kernel(); + sock_diag_handlers[hndl->family] = hndl; ++ pax_close_kernel(); ++ } + mutex_unlock(&sock_diag_table_mutex); + + return err; +@@ -92,26 +102,13 @@ void sock_diag_unregister(const struct sock_diag_handler *hnld) + + mutex_lock(&sock_diag_table_mutex); + BUG_ON(sock_diag_handlers[family] != hnld); ++ pax_open_kernel(); + sock_diag_handlers[family] = NULL; ++ pax_close_kernel(); + mutex_unlock(&sock_diag_table_mutex); + } + EXPORT_SYMBOL_GPL(sock_diag_unregister); + +-static const inline struct sock_diag_handler *sock_diag_lock_handler(int family) +-{ +- if (sock_diag_handlers[family] == NULL) +- request_module("net-pf-%d-proto-%d-type-%d", PF_NETLINK, +- NETLINK_SOCK_DIAG, family); +- +- mutex_lock(&sock_diag_table_mutex); +- return sock_diag_handlers[family]; +-} +- +-static inline void sock_diag_unlock_handler(const struct sock_diag_handler *h) +-{ +- mutex_unlock(&sock_diag_table_mutex); +-} +- + static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) + { + int err; +@@ -124,12 +121,17 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) + if (req->sdiag_family >= AF_MAX) + return -EINVAL; + +- hndl = sock_diag_lock_handler(req->sdiag_family); ++ if (sock_diag_handlers[req->sdiag_family] == NULL) ++ request_module("net-pf-%d-proto-%d-type-%d", PF_NETLINK, ++ NETLINK_SOCK_DIAG, req->sdiag_family); ++ ++ mutex_lock(&sock_diag_table_mutex); ++ hndl = sock_diag_handlers[req->sdiag_family]; + if (hndl == NULL) + err = -ENOENT; + else + err = hndl->dump(skb, nlh); +- sock_diag_unlock_handler(hndl); ++ mutex_unlock(&sock_diag_table_mutex); + + return err; + } +diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c +index d1b0804..4aed0a5 100644 +--- a/net/core/sysctl_net_core.c ++++ b/net/core/sysctl_net_core.c +@@ -26,7 +26,7 @@ static int rps_sock_flow_sysctl(ctl_table *table, int write, + { + unsigned int orig_size, size; + int ret, i; +- ctl_table tmp = { ++ ctl_table_no_const tmp = { + .data = &size, + .maxlen = sizeof(size), + .mode = table->mode +@@ -205,13 +205,12 @@ static struct ctl_table netns_core_table[] = { + + static __net_init int sysctl_core_net_init(struct net *net) + { +- struct ctl_table *tbl; ++ ctl_table_no_const *tbl = NULL; + + net->core.sysctl_somaxconn = SOMAXCONN; + +- tbl = netns_core_table; + if (!net_eq(net, &init_net)) { +- tbl = kmemdup(tbl, sizeof(netns_core_table), GFP_KERNEL); ++ tbl = kmemdup(netns_core_table, sizeof(netns_core_table), GFP_KERNEL); + if (tbl == NULL) + goto err_dup; + +@@ -221,16 +220,16 @@ static __net_init int sysctl_core_net_init(struct net *net) + if (net->user_ns != &init_user_ns) { + tbl[0].procname = NULL; + } +- } +- +- net->core.sysctl_hdr = register_net_sysctl(net, "net/core", tbl); ++ net->core.sysctl_hdr = register_net_sysctl(net, "net/core", tbl); ++ } else ++ net->core.sysctl_hdr = register_net_sysctl(net, "net/core", netns_core_table); + if (net->core.sysctl_hdr == NULL) + goto err_reg; + + return 0; + + err_reg: +- if (tbl != netns_core_table) ++ if (tbl) + kfree(tbl); + err_dup: + return -ENOMEM; +@@ -246,7 +245,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net) + kfree(tbl); + } + +-static __net_initdata struct pernet_operations sysctl_core_ops = { ++static __net_initconst struct pernet_operations sysctl_core_ops = { + .init = sysctl_core_net_init, + .exit = sysctl_core_net_exit, + }; +diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c +index 1b588e2..21291f1 100644 +--- a/net/dcb/dcbnl.c ++++ b/net/dcb/dcbnl.c +@@ -284,6 +284,7 @@ static int dcbnl_getperm_hwaddr(struct net_device *netdev, struct nlmsghdr *nlh, + if (!netdev->dcbnl_ops->getpermhwaddr) + return -EOPNOTSUPP; + ++ memset(perm_addr, 0, sizeof(perm_addr)); + netdev->dcbnl_ops->getpermhwaddr(netdev, perm_addr); + + return nla_put(skb, DCB_ATTR_PERM_HWADDR, sizeof(perm_addr), perm_addr); +@@ -1042,6 +1043,7 @@ static int dcbnl_ieee_fill(struct sk_buff *skb, struct net_device *netdev) + + if (ops->ieee_getets) { + struct ieee_ets ets; ++ memset(&ets, 0, sizeof(ets)); + err = ops->ieee_getets(netdev, &ets); + if (!err && + nla_put(skb, DCB_ATTR_IEEE_ETS, sizeof(ets), &ets)) +@@ -1050,6 +1052,7 @@ static int dcbnl_ieee_fill(struct sk_buff *skb, struct net_device *netdev) + + if (ops->ieee_getmaxrate) { + struct ieee_maxrate maxrate; ++ memset(&maxrate, 0, sizeof(maxrate)); + err = ops->ieee_getmaxrate(netdev, &maxrate); + if (!err) { + err = nla_put(skb, DCB_ATTR_IEEE_MAXRATE, +@@ -1061,6 +1064,7 @@ static int dcbnl_ieee_fill(struct sk_buff *skb, struct net_device *netdev) + + if (ops->ieee_getpfc) { + struct ieee_pfc pfc; ++ memset(&pfc, 0, sizeof(pfc)); + err = ops->ieee_getpfc(netdev, &pfc); + if (!err && + nla_put(skb, DCB_ATTR_IEEE_PFC, sizeof(pfc), &pfc)) +@@ -1094,6 +1098,7 @@ static int dcbnl_ieee_fill(struct sk_buff *skb, struct net_device *netdev) + /* get peer info if available */ + if (ops->ieee_peer_getets) { + struct ieee_ets ets; ++ memset(&ets, 0, sizeof(ets)); + err = ops->ieee_peer_getets(netdev, &ets); + if (!err && + nla_put(skb, DCB_ATTR_IEEE_PEER_ETS, sizeof(ets), &ets)) +@@ -1102,6 +1107,7 @@ static int dcbnl_ieee_fill(struct sk_buff *skb, struct net_device *netdev) + + if (ops->ieee_peer_getpfc) { + struct ieee_pfc pfc; ++ memset(&pfc, 0, sizeof(pfc)); + err = ops->ieee_peer_getpfc(netdev, &pfc); + if (!err && + nla_put(skb, DCB_ATTR_IEEE_PEER_PFC, sizeof(pfc), &pfc)) +@@ -1280,6 +1286,7 @@ static int dcbnl_cee_fill(struct sk_buff *skb, struct net_device *netdev) + /* peer info if available */ + if (ops->cee_peer_getpg) { + struct cee_pg pg; ++ memset(&pg, 0, sizeof(pg)); + err = ops->cee_peer_getpg(netdev, &pg); + if (!err && + nla_put(skb, DCB_ATTR_CEE_PEER_PG, sizeof(pg), &pg)) +@@ -1288,6 +1295,7 @@ static int dcbnl_cee_fill(struct sk_buff *skb, struct net_device *netdev) + + if (ops->cee_peer_getpfc) { + struct cee_pfc pfc; ++ memset(&pfc, 0, sizeof(pfc)); + err = ops->cee_peer_getpfc(netdev, &pfc); + if (!err && + nla_put(skb, DCB_ATTR_CEE_PEER_PFC, sizeof(pfc), &pfc)) +diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c +index 307c322..78a4c6f 100644 +--- a/net/decnet/af_decnet.c ++++ b/net/decnet/af_decnet.c +@@ -468,6 +468,7 @@ static struct proto dn_proto = { + .sysctl_rmem = sysctl_decnet_rmem, + .max_header = DN_MAX_NSP_DATA_HEADER + 64, + .obj_size = sizeof(struct dn_sock), ++ .slab_flags = SLAB_USERCOPY, + }; + + static struct sock *dn_alloc_sock(struct net *net, struct socket *sock, gfp_t gfp) diff --git a/net/decnet/sysctl_net_decnet.c b/net/decnet/sysctl_net_decnet.c index a55eecc..dd8428c 100644 --- a/net/decnet/sysctl_net_decnet.c @@ -78072,8 +84815,115 @@ index a55eecc..dd8428c 100644 return -EFAULT; *lenp = len; +diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c +index fcf104e..95552d4 100644 +--- a/net/ipv4/af_inet.c ++++ b/net/ipv4/af_inet.c +@@ -1717,13 +1717,9 @@ static int __init inet_init(void) + + BUILD_BUG_ON(sizeof(struct inet_skb_parm) > sizeof(dummy_skb->cb)); + +- sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL); +- if (!sysctl_local_reserved_ports) +- goto out; +- + rc = proto_register(&tcp_prot, 1); + if (rc) +- goto out_free_reserved_ports; ++ goto out; + + rc = proto_register(&udp_prot, 1); + if (rc) +@@ -1832,8 +1828,6 @@ out_unregister_udp_proto: + proto_unregister(&udp_prot); + out_unregister_tcp_proto: + proto_unregister(&tcp_prot); +-out_free_reserved_ports: +- kfree(sysctl_local_reserved_ports); + goto out; + } + +diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c +index a69b4e4..dbccba5 100644 +--- a/net/ipv4/ah4.c ++++ b/net/ipv4/ah4.c +@@ -421,7 +421,7 @@ static void ah4_err(struct sk_buff *skb, u32 info) + return; + + if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) { +- atomic_inc(&flow_cache_genid); ++ atomic_inc_unchecked(&flow_cache_genid); + rt_genid_bump(net); + + ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_AH, 0); +diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c +index a8e4f26..25e5f40 100644 +--- a/net/ipv4/devinet.c ++++ b/net/ipv4/devinet.c +@@ -1763,7 +1763,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write, + #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \ + DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush) + +-static struct devinet_sysctl_table { ++static const struct devinet_sysctl_table { + struct ctl_table_header *sysctl_header; + struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX]; + } devinet_sysctl = { +@@ -1881,7 +1881,7 @@ static __net_init int devinet_init_net(struct net *net) + int err; + struct ipv4_devconf *all, *dflt; + #ifdef CONFIG_SYSCTL +- struct ctl_table *tbl = ctl_forward_entry; ++ ctl_table_no_const *tbl = NULL; + struct ctl_table_header *forw_hdr; + #endif + +@@ -1899,7 +1899,7 @@ static __net_init int devinet_init_net(struct net *net) + goto err_alloc_dflt; + + #ifdef CONFIG_SYSCTL +- tbl = kmemdup(tbl, sizeof(ctl_forward_entry), GFP_KERNEL); ++ tbl = kmemdup(ctl_forward_entry, sizeof(ctl_forward_entry), GFP_KERNEL); + if (tbl == NULL) + goto err_alloc_ctl; + +@@ -1919,7 +1919,10 @@ static __net_init int devinet_init_net(struct net *net) + goto err_reg_dflt; + + err = -ENOMEM; +- forw_hdr = register_net_sysctl(net, "net/ipv4", tbl); ++ if (!net_eq(net, &init_net)) ++ forw_hdr = register_net_sysctl(net, "net/ipv4", tbl); ++ else ++ forw_hdr = register_net_sysctl(net, "net/ipv4", ctl_forward_entry); + if (forw_hdr == NULL) + goto err_reg_ctl; + net->ipv4.forw_hdr = forw_hdr; +@@ -1935,8 +1938,7 @@ err_reg_ctl: + err_reg_dflt: + __devinet_sysctl_unregister(all); + err_reg_all: +- if (tbl != ctl_forward_entry) +- kfree(tbl); ++ kfree(tbl); + err_alloc_ctl: + #endif + if (dflt != &ipv4_devconf_dflt) +diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c +index 3b4f0cd..8cb864c 100644 +--- a/net/ipv4/esp4.c ++++ b/net/ipv4/esp4.c +@@ -503,7 +503,7 @@ static void esp4_err(struct sk_buff *skb, u32 info) + return; + + if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) { +- atomic_inc(&flow_cache_genid); ++ atomic_inc_unchecked(&flow_cache_genid); + rt_genid_bump(net); + + ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_ESP, 0); diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c -index f444ac7..b7bdda9 100644 +index 5cd75e2..f57ef39 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -1020,12 +1020,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event, @@ -78091,17 +84941,17 @@ index f444ac7..b7bdda9 100644 if (ifa->ifa_dev->ifa_list == NULL) { /* Last address was deleted from this interface. * Disable IP. -@@ -1062,7 +1062,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo +@@ -1061,7 +1061,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo #ifdef CONFIG_IP_ROUTE_MULTIPATH fib_sync_up(dev); #endif - atomic_inc(&net->ipv4.dev_addr_genid); + atomic_inc_unchecked(&net->ipv4.dev_addr_genid); - rt_cache_flush(dev_net(dev)); + rt_cache_flush(net); break; case NETDEV_DOWN: diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c -index 9633661..4e0bc08 100644 +index 4797a80..2bd54e9 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c @@ -767,7 +767,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh) @@ -78113,8 +84963,21 @@ index 9633661..4e0bc08 100644 return nh->nh_saddr; } +diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c +index d0670f0..744ac80 100644 +--- a/net/ipv4/inet_connection_sock.c ++++ b/net/ipv4/inet_connection_sock.c +@@ -37,7 +37,7 @@ struct local_ports sysctl_local_ports __read_mostly = { + .range = { 32768, 61000 }, + }; + +-unsigned long *sysctl_local_reserved_ports; ++unsigned long sysctl_local_reserved_ports[65536 / 8 / sizeof(unsigned long)]; + EXPORT_SYMBOL(sysctl_local_reserved_ports); + + void inet_get_local_port_range(int *low, int *high) diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c -index 7880af9..70f92a3 100644 +index fa3ae81..0dbe6b8 100644 --- a/net/ipv4/inet_hashtables.c +++ b/net/ipv4/inet_hashtables.c @@ -18,12 +18,15 @@ @@ -78133,7 +84996,7 @@ index 7880af9..70f92a3 100644 /* * Allocate and initialize a new local port bind bucket. * The bindhash mutex for snum's hash chain must be held here. -@@ -530,6 +533,8 @@ ok: +@@ -540,6 +543,8 @@ ok: twrefcnt += inet_twsk_bind_unhash(tw, hinfo); spin_unlock(&head->lock); @@ -78143,7 +85006,7 @@ index 7880af9..70f92a3 100644 inet_twsk_deschedule(tw, death_row); while (twrefcnt) { diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c -index c7527f6..d8bba61 100644 +index 000e3d2..5472da3 100644 --- a/net/ipv4/inetpeer.c +++ b/net/ipv4/inetpeer.c @@ -503,8 +503,8 @@ relookup: @@ -78158,7 +85021,7 @@ index c7527f6..d8bba61 100644 secure_ip_id(daddr->addr.a4) : secure_ipv6_id(daddr->addr.a6)); diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c -index cea1859..b664f7e 100644 +index eb9d63a..31c5372 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c @@ -322,7 +322,7 @@ static inline int ip_frag_too_far(struct ipq *qp) @@ -78170,11 +85033,80 @@ index cea1859..b664f7e 100644 qp->rid = end; rc = qp->q.fragments && (end - start) > max; +@@ -789,12 +789,11 @@ static struct ctl_table ip4_frags_ctl_table[] = { + + static int __net_init ip4_frags_ns_ctl_register(struct net *net) + { +- struct ctl_table *table; ++ ctl_table_no_const *table = NULL; + struct ctl_table_header *hdr; + +- table = ip4_frags_ns_ctl_table; + if (!net_eq(net, &init_net)) { +- table = kmemdup(table, sizeof(ip4_frags_ns_ctl_table), GFP_KERNEL); ++ table = kmemdup(ip4_frags_ns_ctl_table, sizeof(ip4_frags_ns_ctl_table), GFP_KERNEL); + if (table == NULL) + goto err_alloc; + +@@ -805,9 +804,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) + /* Don't export sysctls to unprivileged users */ + if (net->user_ns != &init_user_ns) + table[0].procname = NULL; +- } ++ hdr = register_net_sysctl(net, "net/ipv4", table); ++ } else ++ hdr = register_net_sysctl(net, "net/ipv4", ip4_frags_ns_ctl_table); + +- hdr = register_net_sysctl(net, "net/ipv4", table); + if (hdr == NULL) + goto err_reg; + +@@ -815,8 +815,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) + return 0; + + err_reg: +- if (!net_eq(net, &init_net)) +- kfree(table); ++ kfree(table); + err_alloc: + return -ENOMEM; + } +diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c +index e81b1ca..6f3b5b9 100644 +--- a/net/ipv4/ip_gre.c ++++ b/net/ipv4/ip_gre.c +@@ -124,7 +124,7 @@ static bool log_ecn_error = true; + module_param(log_ecn_error, bool, 0644); + MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN"); + +-static struct rtnl_link_ops ipgre_link_ops __read_mostly; ++static struct rtnl_link_ops ipgre_link_ops; + static int ipgre_tunnel_init(struct net_device *dev); + static void ipgre_tunnel_setup(struct net_device *dev); + static int ipgre_tunnel_bind_dev(struct net_device *dev); +@@ -1756,7 +1756,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = { + [IFLA_GRE_PMTUDISC] = { .type = NLA_U8 }, + }; + +-static struct rtnl_link_ops ipgre_link_ops __read_mostly = { ++static struct rtnl_link_ops ipgre_link_ops = { + .kind = "gre", + .maxtype = IFLA_GRE_MAX, + .policy = ipgre_policy, +@@ -1769,7 +1769,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = { + .fill_info = ipgre_fill_info, + }; + +-static struct rtnl_link_ops ipgre_tap_ops __read_mostly = { ++static struct rtnl_link_ops ipgre_tap_ops = { + .kind = "gretap", + .maxtype = IFLA_GRE_MAX, + .policy = ipgre_policy, diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c -index e95d72b..5268ac0 100644 +index d9c4f11..02b82db 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c -@@ -1151,7 +1151,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, +@@ -1152,7 +1152,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, len = min_t(unsigned int, len, opt->optlen); if (put_user(len, optlen)) return -EFAULT; @@ -78184,7 +85116,7 @@ index e95d72b..5268ac0 100644 return -EFAULT; return 0; } -@@ -1282,7 +1283,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, +@@ -1283,7 +1284,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, if (sk->sk_type != SOCK_STREAM) return -ENOPROTOOPT; @@ -78193,11 +85125,46 @@ index e95d72b..5268ac0 100644 msg.msg_controllen = len; msg.msg_flags = flags; +diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c +index c3a4233..1412161 100644 +--- a/net/ipv4/ip_vti.c ++++ b/net/ipv4/ip_vti.c +@@ -47,7 +47,7 @@ + #define HASH_SIZE 16 + #define HASH(addr) (((__force u32)addr^((__force u32)addr>>4))&(HASH_SIZE-1)) + +-static struct rtnl_link_ops vti_link_ops __read_mostly; ++static struct rtnl_link_ops vti_link_ops; + + static int vti_net_id __read_mostly; + struct vti_net { +@@ -886,7 +886,7 @@ static const struct nla_policy vti_policy[IFLA_VTI_MAX + 1] = { + [IFLA_VTI_REMOTE] = { .len = FIELD_SIZEOF(struct iphdr, daddr) }, + }; + +-static struct rtnl_link_ops vti_link_ops __read_mostly = { ++static struct rtnl_link_ops vti_link_ops = { + .kind = "vti", + .maxtype = IFLA_VTI_MAX, + .policy = vti_policy, +diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c +index 9a46dae..5f793a0 100644 +--- a/net/ipv4/ipcomp.c ++++ b/net/ipv4/ipcomp.c +@@ -48,7 +48,7 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info) + return; + + if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) { +- atomic_inc(&flow_cache_genid); ++ atomic_inc_unchecked(&flow_cache_genid); + rt_genid_bump(net); + + ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_COMP, 0); diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c -index 67e8a6b..386764d 100644 +index a2e50ae..e152b7c 100644 --- a/net/ipv4/ipconfig.c +++ b/net/ipv4/ipconfig.c -@@ -321,7 +321,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg) +@@ -323,7 +323,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg) mm_segment_t oldfs = get_fs(); set_fs(get_ds()); @@ -78206,7 +85173,7 @@ index 67e8a6b..386764d 100644 set_fs(oldfs); return res; } -@@ -332,7 +332,7 @@ static int __init ic_dev_ioctl(unsigned int cmd, struct ifreq *arg) +@@ -334,7 +334,7 @@ static int __init ic_dev_ioctl(unsigned int cmd, struct ifreq *arg) mm_segment_t oldfs = get_fs(); set_fs(get_ds()); @@ -78215,7 +85182,7 @@ index 67e8a6b..386764d 100644 set_fs(oldfs); return res; } -@@ -343,7 +343,7 @@ static int __init ic_route_ioctl(unsigned int cmd, struct rtentry *arg) +@@ -345,7 +345,7 @@ static int __init ic_route_ioctl(unsigned int cmd, struct rtentry *arg) mm_segment_t oldfs = get_fs(); set_fs(get_ds()); @@ -78224,23 +85191,30 @@ index 67e8a6b..386764d 100644 set_fs(oldfs); return res; } -diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c -index ebdf06f..f797f59 100644 ---- a/net/ipv4/ipmr.c -+++ b/net/ipv4/ipmr.c -@@ -1318,6 +1318,10 @@ int ip_mroute_setsockopt(struct sock *sk, int optname, char __user *optval, unsi - if (get_user(v, (u32 __user *)optval)) - return -EFAULT; +diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c +index 191fc24..1b3b804 100644 +--- a/net/ipv4/ipip.c ++++ b/net/ipv4/ipip.c +@@ -138,7 +138,7 @@ struct ipip_net { + static int ipip_tunnel_init(struct net_device *dev); + static void ipip_tunnel_setup(struct net_device *dev); + static void ipip_dev_free(struct net_device *dev); +-static struct rtnl_link_ops ipip_link_ops __read_mostly; ++static struct rtnl_link_ops ipip_link_ops; + + static struct rtnl_link_stats64 *ipip_get_stats64(struct net_device *dev, + struct rtnl_link_stats64 *tot) +@@ -972,7 +972,7 @@ static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = { + [IFLA_IPTUN_PMTUDISC] = { .type = NLA_U8 }, + }; -+ /* "pimreg%u" should not exceed 16 bytes (IFNAMSIZ) */ -+ if (v != RT_TABLE_DEFAULT && v >= 1000000000) -+ return -EINVAL; -+ - rtnl_lock(); - ret = 0; - if (sk == rtnl_dereference(mrt->mroute_sk)) { +-static struct rtnl_link_ops ipip_link_ops __read_mostly = { ++static struct rtnl_link_ops ipip_link_ops = { + .kind = "ipip", + .maxtype = IFLA_IPTUN_MAX, + .policy = ipip_policy, diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c -index 97e61ea..cac1bbb 100644 +index 3ea4127..849297b 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -879,14 +879,14 @@ static int compat_table_info(const struct xt_table_info *info, @@ -78289,7 +85263,7 @@ index 97e61ea..cac1bbb 100644 case ARPT_SO_GET_ENTRIES: diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c -index 170b1fd..6105b91 100644 +index 17c5e06..1b91206 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -1068,14 +1068,14 @@ static int compat_table_info(const struct xt_table_info *info, @@ -78338,12 +85312,12 @@ index 170b1fd..6105b91 100644 case IPT_SO_GET_ENTRIES: diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index 920cb0b..b4c6477 100644 +index dc454cc..5bb917f 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c -@@ -847,7 +847,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f, - sk_rmem_alloc_get(sp), - 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), +@@ -844,7 +844,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f, + from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), + 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, - atomic_read(&sp->sk_drops), len); + atomic_read_unchecked(&sp->sk_drops), len); @@ -78351,7 +85325,7 @@ index 920cb0b..b4c6477 100644 static int ping_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c -index d23c657..cb69cc2 100644 +index 6f08991..55867ad 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c @@ -311,7 +311,7 @@ static int raw_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -78396,26 +85370,63 @@ index d23c657..cb69cc2 100644 goto out; ret = 0; out: return ret; -@@ -995,7 +999,13 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) - sk_wmem_alloc_get(sp), - sk_rmem_alloc_get(sp), - 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), +@@ -998,7 +1002,7 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) + 0, 0L, 0, + from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)), + 0, sock_i_ino(sp), - atomic_read(&sp->sk_refcnt), sp, atomic_read(&sp->sk_drops)); -+ atomic_read(&sp->sk_refcnt), -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ NULL, -+#else -+ sp, -+#endif -+ atomic_read_unchecked(&sp->sk_drops)); ++ atomic_read(&sp->sk_refcnt), sp, atomic_read_unchecked(&sp->sk_drops)); } static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index 285a18f..9b79d92 100644 +index a0fcc47..32e2c89 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c -@@ -2529,7 +2529,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { +@@ -2552,34 +2552,34 @@ static struct ctl_table ipv4_route_flush_table[] = { + .maxlen = sizeof(int), + .mode = 0200, + .proc_handler = ipv4_sysctl_rtcache_flush, ++ .extra1 = &init_net, + }, + { }, + }; + + static __net_init int sysctl_route_net_init(struct net *net) + { +- struct ctl_table *tbl; ++ ctl_table_no_const *tbl = NULL; + +- tbl = ipv4_route_flush_table; + if (!net_eq(net, &init_net)) { +- tbl = kmemdup(tbl, sizeof(ipv4_route_flush_table), GFP_KERNEL); ++ tbl = kmemdup(ipv4_route_flush_table, sizeof(ipv4_route_flush_table), GFP_KERNEL); + if (tbl == NULL) + goto err_dup; + + /* Don't export sysctls to unprivileged users */ + if (net->user_ns != &init_user_ns) + tbl[0].procname = NULL; +- } +- tbl[0].extra1 = net; ++ tbl[0].extra1 = net; ++ net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", tbl); ++ } else ++ net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", ipv4_route_flush_table); + +- net->ipv4.route_hdr = register_net_sysctl(net, "net/ipv4/route", tbl); + if (net->ipv4.route_hdr == NULL) + goto err_reg; + return 0; + + err_reg: +- if (tbl != ipv4_route_flush_table) +- kfree(tbl); ++ kfree(tbl); + err_dup: + return -ENOMEM; + } +@@ -2602,7 +2602,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { static __net_init int rt_genid_init(struct net *net) { @@ -78424,11 +85435,151 @@ index 285a18f..9b79d92 100644 get_random_bytes(&net->ipv4.dev_addr_genid, sizeof(net->ipv4.dev_addr_genid)); return 0; +diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c +index d84400b..62e066e 100644 +--- a/net/ipv4/sysctl_net_ipv4.c ++++ b/net/ipv4/sysctl_net_ipv4.c +@@ -54,7 +54,7 @@ static int ipv4_local_port_range(ctl_table *table, int write, + { + int ret; + int range[2]; +- ctl_table tmp = { ++ ctl_table_no_const tmp = { + .data = &range, + .maxlen = sizeof(range), + .mode = table->mode, +@@ -107,7 +107,7 @@ static int ipv4_ping_group_range(ctl_table *table, int write, + int ret; + gid_t urange[2]; + kgid_t low, high; +- ctl_table tmp = { ++ ctl_table_no_const tmp = { + .data = &urange, + .maxlen = sizeof(urange), + .mode = table->mode, +@@ -138,7 +138,7 @@ static int proc_tcp_congestion_control(ctl_table *ctl, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) + { + char val[TCP_CA_NAME_MAX]; +- ctl_table tbl = { ++ ctl_table_no_const tbl = { + .data = val, + .maxlen = TCP_CA_NAME_MAX, + }; +@@ -157,7 +157,7 @@ static int proc_tcp_available_congestion_control(ctl_table *ctl, + void __user *buffer, size_t *lenp, + loff_t *ppos) + { +- ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, }; ++ ctl_table_no_const tbl = { .maxlen = TCP_CA_BUF_MAX, }; + int ret; + + tbl.data = kmalloc(tbl.maxlen, GFP_USER); +@@ -174,7 +174,7 @@ static int proc_allowed_congestion_control(ctl_table *ctl, + void __user *buffer, size_t *lenp, + loff_t *ppos) + { +- ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX }; ++ ctl_table_no_const tbl = { .maxlen = TCP_CA_BUF_MAX }; + int ret; + + tbl.data = kmalloc(tbl.maxlen, GFP_USER); +@@ -200,15 +200,17 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write, + struct mem_cgroup *memcg; + #endif + +- ctl_table tmp = { ++ ctl_table_no_const tmp = { + .data = &vec, + .maxlen = sizeof(vec), + .mode = ctl->mode, + }; + + if (!write) { +- ctl->data = &net->ipv4.sysctl_tcp_mem; +- return proc_doulongvec_minmax(ctl, write, buffer, lenp, ppos); ++ ctl_table_no_const tcp_mem = *ctl; ++ ++ tcp_mem.data = &net->ipv4.sysctl_tcp_mem; ++ return proc_doulongvec_minmax(&tcp_mem, write, buffer, lenp, ppos); + } + + ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos); +@@ -235,7 +237,7 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write, + int proc_tcp_fastopen_key(ctl_table *ctl, int write, void __user *buffer, + size_t *lenp, loff_t *ppos) + { +- ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) }; ++ ctl_table_no_const tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) }; + struct tcp_fastopen_context *ctxt; + int ret; + u32 user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */ +@@ -476,7 +478,7 @@ static struct ctl_table ipv4_table[] = { + }, + { + .procname = "ip_local_reserved_ports", +- .data = NULL, /* initialized in sysctl_ipv4_init */ ++ .data = sysctl_local_reserved_ports, + .maxlen = 65536, + .mode = 0644, + .proc_handler = proc_do_large_bitmap, +@@ -860,11 +862,10 @@ static struct ctl_table ipv4_net_table[] = { + + static __net_init int ipv4_sysctl_init_net(struct net *net) + { +- struct ctl_table *table; ++ ctl_table_no_const *table = NULL; + +- table = ipv4_net_table; + if (!net_eq(net, &init_net)) { +- table = kmemdup(table, sizeof(ipv4_net_table), GFP_KERNEL); ++ table = kmemdup(ipv4_net_table, sizeof(ipv4_net_table), GFP_KERNEL); + if (table == NULL) + goto err_alloc; + +@@ -897,15 +898,17 @@ static __net_init int ipv4_sysctl_init_net(struct net *net) + + tcp_init_mem(net); + +- net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table); ++ if (!net_eq(net, &init_net)) ++ net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table); ++ else ++ net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", ipv4_net_table); + if (net->ipv4.ipv4_hdr == NULL) + goto err_reg; + + return 0; + + err_reg: +- if (!net_eq(net, &init_net)) +- kfree(table); ++ kfree(table); + err_alloc: + return -ENOMEM; + } +@@ -927,16 +930,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = { + static __init int sysctl_ipv4_init(void) + { + struct ctl_table_header *hdr; +- struct ctl_table *i; +- +- for (i = ipv4_table; i->procname; i++) { +- if (strcmp(i->procname, "ip_local_reserved_ports") == 0) { +- i->data = sysctl_local_reserved_ports; +- break; +- } +- } +- if (!i->procname) +- return -EINVAL; + + hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); + if (hdr == NULL) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index 8d02e34..3180ce7 100644 +index ad70a96..50cb55b 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c -@@ -4760,7 +4760,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, +@@ -4733,7 +4733,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, * simplifies code) */ static void @@ -78437,8 +85588,33 @@ index 8d02e34..3180ce7 100644 struct sk_buff *head, struct sk_buff *tail, u32 start, u32 end) { +@@ -5850,6 +5850,7 @@ discard: + tcp_paws_reject(&tp->rx_opt, 0)) + goto discard_and_undo; + ++#ifndef CONFIG_GRKERNSEC_NO_SIMULT_CONNECT + if (th->syn) { + /* We see SYN without ACK. It is attempt of + * simultaneous connect with crossed SYNs. +@@ -5900,6 +5901,7 @@ discard: + goto discard; + #endif + } ++#endif + /* "fifth, if neither of the SYN or RST bits is set then + * drop the segment and return." + */ +@@ -5944,7 +5946,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, + goto discard; + + if (th->syn) { +- if (th->fin) ++ if (th->fin || th->urg || th->psh) + goto discard; + if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) + return 1; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index 4705caf..993a27e 100644 +index eadb693..e8f7251 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -90,6 +90,10 @@ int sysctl_tcp_low_latency __read_mostly; @@ -78452,7 +85628,7 @@ index 4705caf..993a27e 100644 #ifdef CONFIG_TCP_MD5SIG static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, __be32 daddr, __be32 saddr, const struct tcphdr *th); -@@ -1662,6 +1666,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1895,6 +1899,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -78462,7 +85638,7 @@ index 4705caf..993a27e 100644 tcp_v4_send_reset(rsk, skb); discard: kfree_skb(skb); -@@ -1762,12 +1769,19 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1994,12 +2001,19 @@ int tcp_v4_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -78485,7 +85661,7 @@ index 4705caf..993a27e 100644 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1818,6 +1832,10 @@ no_tcp_socket: +@@ -2050,6 +2064,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -78496,49 +85672,8 @@ index 4705caf..993a27e 100644 tcp_v4_send_reset(NULL, skb); } -@@ -2413,7 +2431,11 @@ static void get_openreq4(const struct sock *sk, const struct request_sock *req, - 0, /* non standard timer */ - 0, /* open_requests have no inode */ - atomic_read(&sk->sk_refcnt), -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ NULL, -+#else - req, -+#endif - len); - } - -@@ -2463,7 +2485,12 @@ static void get_tcp4_sock(struct sock *sk, struct seq_file *f, int i, int *len) - sock_i_uid(sk), - icsk->icsk_probes_out, - sock_i_ino(sk), -- atomic_read(&sk->sk_refcnt), sk, -+ atomic_read(&sk->sk_refcnt), -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ NULL, -+#else -+ sk, -+#endif - jiffies_to_clock_t(icsk->icsk_rto), - jiffies_to_clock_t(icsk->icsk_ack.ato), - (icsk->icsk_ack.quick << 1) | icsk->icsk_ack.pingpong, -@@ -2491,7 +2518,13 @@ static void get_timewait4_sock(const struct inet_timewait_sock *tw, - " %02X %08X:%08X %02X:%08lX %08X %5d %8d %d %d %pK%n", - i, src, srcp, dest, destp, tw->tw_substate, 0, 0, - 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, -- atomic_read(&tw->tw_refcnt), tw, len); -+ atomic_read(&tw->tw_refcnt), -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ NULL, -+#else -+ tw, -+#endif -+ len); - } - - #define TMPSZ 150 diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c -index 6ff7f10..38de56e 100644 +index f35f2df..ccb5ca6 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -27,6 +27,10 @@ @@ -78552,17 +85687,18 @@ index 6ff7f10..38de56e 100644 int sysctl_tcp_syncookies __read_mostly = 1; EXPORT_SYMBOL(sysctl_tcp_syncookies); -@@ -707,6 +711,10 @@ listen_overflow: - - embryonic_reset: - NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_EMBRYONICRSTS); -+ +@@ -742,7 +746,10 @@ embryonic_reset: + * avoid becoming vulnerable to outside attack aiming at + * resetting legit local connections. + */ +- req->rsk_ops->send_reset(sk, skb); +#ifdef CONFIG_GRKERNSEC_BLACKHOLE -+ if (!grsec_enable_blackhole) ++ if (!grsec_enable_blackhole) +#endif - if (!(flg & TCP_FLAG_RST)) - req->rsk_ops->send_reset(sk, skb); - ++ req->rsk_ops->send_reset(sk, skb); + } else if (fastopen) { /* received a valid RST pkt */ + reqsk_fastopen_remove(sk, req, true); + tcp_reset(sk); diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c index 4526fe6..1a34e43 100644 --- a/net/ipv4/tcp_probe.c @@ -78577,7 +85713,7 @@ index 4526fe6..1a34e43 100644 cnt += width; } diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c -index b774a03..3873efe 100644 +index b78aac3..e18230b 100644 --- a/net/ipv4/tcp_timer.c +++ b/net/ipv4/tcp_timer.c @@ -22,6 +22,10 @@ @@ -78606,7 +85742,7 @@ index b774a03..3873efe 100644 syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) { /* Has it gone just too far? */ diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c -index 2814f66..fa2b223 100644 +index 1f4d405..3524677 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -87,6 +87,7 @@ @@ -78714,27 +85850,20 @@ index 2814f66..fa2b223 100644 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); /* -@@ -2116,8 +2140,13 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f, - sk_wmem_alloc_get(sp), - sk_rmem_alloc_get(sp), - 0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp), -- atomic_read(&sp->sk_refcnt), sp, +@@ -2120,7 +2144,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f, + from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), + 0, sock_i_ino(sp), + atomic_read(&sp->sk_refcnt), sp, - atomic_read(&sp->sk_drops), len); -+ atomic_read(&sp->sk_refcnt), -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ NULL, -+#else -+ sp, -+#endif + atomic_read_unchecked(&sp->sk_drops), len); } int udp4_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index fd82a30..4593865 100644 +index 1b5d8cb..ffb0833 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c -@@ -2144,7 +2144,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) +@@ -2272,7 +2272,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) p.iph.ihl = 5; p.iph.protocol = IPPROTO_IPV6; p.iph.ttl = 64; @@ -78743,11 +85872,104 @@ index fd82a30..4593865 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); +@@ -4388,7 +4388,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write, + int *valp = ctl->data; + int val = *valp; + loff_t pos = *ppos; +- ctl_table lctl; ++ ctl_table_no_const lctl; + int ret; + + /* +@@ -4470,7 +4470,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write, + int *valp = ctl->data; + int val = *valp; + loff_t pos = *ppos; +- ctl_table lctl; ++ ctl_table_no_const lctl; + int ret; + + /* +diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c +index fff5bdd..15194fb 100644 +--- a/net/ipv6/icmp.c ++++ b/net/ipv6/icmp.c +@@ -973,7 +973,7 @@ ctl_table ipv6_icmp_table_template[] = { + + struct ctl_table * __net_init ipv6_icmp_sysctl_init(struct net *net) + { +- struct ctl_table *table; ++ ctl_table_no_const *table; + + table = kmemdup(ipv6_icmp_table_template, + sizeof(ipv6_icmp_table_template), +diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c +index 131dd09..f7ed64f 100644 +--- a/net/ipv6/ip6_gre.c ++++ b/net/ipv6/ip6_gre.c +@@ -73,7 +73,7 @@ struct ip6gre_net { + struct net_device *fb_tunnel_dev; + }; + +-static struct rtnl_link_ops ip6gre_link_ops __read_mostly; ++static struct rtnl_link_ops ip6gre_link_ops; + static int ip6gre_tunnel_init(struct net_device *dev); + static void ip6gre_tunnel_setup(struct net_device *dev); + static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t); +@@ -1337,7 +1337,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev) + } + + +-static struct inet6_protocol ip6gre_protocol __read_mostly = { ++static struct inet6_protocol ip6gre_protocol = { + .handler = ip6gre_rcv, + .err_handler = ip6gre_err, + .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, +@@ -1671,7 +1671,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = { + [IFLA_GRE_FLAGS] = { .type = NLA_U32 }, + }; + +-static struct rtnl_link_ops ip6gre_link_ops __read_mostly = { ++static struct rtnl_link_ops ip6gre_link_ops = { + .kind = "ip6gre", + .maxtype = IFLA_GRE_MAX, + .policy = ip6gre_policy, +@@ -1684,7 +1684,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = { + .fill_info = ip6gre_fill_info, + }; + +-static struct rtnl_link_ops ip6gre_tap_ops __read_mostly = { ++static struct rtnl_link_ops ip6gre_tap_ops = { + .kind = "ip6gretap", + .maxtype = IFLA_GRE_MAX, + .policy = ip6gre_policy, +diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c +index a14f28b..b4b8956 100644 +--- a/net/ipv6/ip6_tunnel.c ++++ b/net/ipv6/ip6_tunnel.c +@@ -87,7 +87,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) + + static int ip6_tnl_dev_init(struct net_device *dev); + static void ip6_tnl_dev_setup(struct net_device *dev); +-static struct rtnl_link_ops ip6_link_ops __read_mostly; ++static struct rtnl_link_ops ip6_link_ops; + + static int ip6_tnl_net_id __read_mostly; + struct ip6_tnl_net { +@@ -1686,7 +1686,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = { + [IFLA_IPTUN_PROTO] = { .type = NLA_U8 }, + }; + +-static struct rtnl_link_ops ip6_link_ops __read_mostly = { ++static struct rtnl_link_ops ip6_link_ops = { + .kind = "ip6tnl", + .maxtype = IFLA_IPTUN_MAX, + .policy = ip6_tnl_policy, diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c -index e02faed..9780f28 100644 +index d1e2e8e..51c19ae 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c -@@ -990,7 +990,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, +@@ -991,7 +991,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname, if (sk->sk_type != SOCK_STREAM) return -ENOPROTOOPT; @@ -78757,10 +85979,10 @@ index e02faed..9780f28 100644 msg.msg_flags = flags; diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c -index d7cb045..8c0ded6 100644 +index 125a90d..2a11f36 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c -@@ -1078,14 +1078,14 @@ static int compat_table_info(const struct xt_table_info *info, +@@ -1076,14 +1076,14 @@ static int compat_table_info(const struct xt_table_info *info, #endif static int get_info(struct net *net, void __user *user, @@ -78778,7 +86000,7 @@ index d7cb045..8c0ded6 100644 sizeof(struct ip6t_getinfo)); return -EINVAL; } -@@ -1122,7 +1122,7 @@ static int get_info(struct net *net, void __user *user, +@@ -1120,7 +1120,7 @@ static int get_info(struct net *net, void __user *user, info.size = private->size; strcpy(info.name, name); @@ -78787,7 +86009,7 @@ index d7cb045..8c0ded6 100644 ret = -EFAULT; else ret = 0; -@@ -1976,7 +1976,7 @@ compat_do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) +@@ -1974,7 +1974,7 @@ compat_do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) switch (cmd) { case IP6T_SO_GET_INFO: @@ -78796,7 +86018,7 @@ index d7cb045..8c0ded6 100644 break; case IP6T_SO_GET_ENTRIES: ret = compat_get_entries(sock_net(sk), user, len); -@@ -2023,7 +2023,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) +@@ -2021,7 +2021,7 @@ do_ip6t_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) switch (cmd) { case IP6T_SO_GET_INFO: @@ -78805,8 +86027,50 @@ index d7cb045..8c0ded6 100644 break; case IP6T_SO_GET_ENTRIES: +diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c +index 3dacecc..2939087 100644 +--- a/net/ipv6/netfilter/nf_conntrack_reasm.c ++++ b/net/ipv6/netfilter/nf_conntrack_reasm.c +@@ -87,12 +87,11 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = { + + static int nf_ct_frag6_sysctl_register(struct net *net) + { +- struct ctl_table *table; ++ ctl_table_no_const *table = NULL; + struct ctl_table_header *hdr; + +- table = nf_ct_frag6_sysctl_table; + if (!net_eq(net, &init_net)) { +- table = kmemdup(table, sizeof(nf_ct_frag6_sysctl_table), ++ table = kmemdup(nf_ct_frag6_sysctl_table, sizeof(nf_ct_frag6_sysctl_table), + GFP_KERNEL); + if (table == NULL) + goto err_alloc; +@@ -100,9 +99,9 @@ static int nf_ct_frag6_sysctl_register(struct net *net) + table[0].data = &net->ipv6.frags.high_thresh; + table[1].data = &net->ipv6.frags.low_thresh; + table[2].data = &net->ipv6.frags.timeout; +- } +- +- hdr = register_net_sysctl(net, "net/netfilter", table); ++ hdr = register_net_sysctl(net, "net/netfilter", table); ++ } else ++ hdr = register_net_sysctl(net, "net/netfilter", nf_ct_frag6_sysctl_table); + if (hdr == NULL) + goto err_reg; + +@@ -110,8 +109,7 @@ static int nf_ct_frag6_sysctl_register(struct net *net) + return 0; + + err_reg: +- if (!net_eq(net, &init_net)) +- kfree(table); ++ kfree(table); + err_alloc: + return -ENOMEM; + } diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c -index 4a5f78b..3f22ebe 100644 +index 70fa814..d70c28c 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c @@ -379,7 +379,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb) @@ -78880,26 +86144,110 @@ index 4a5f78b..3f22ebe 100644 return -EFAULT; return 0; default: -@@ -1252,7 +1257,13 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) - 0, 0L, 0, - sock_i_uid(sp), 0, +@@ -1253,7 +1258,7 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) + from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)), + 0, sock_i_ino(sp), - atomic_read(&sp->sk_refcnt), sp, atomic_read(&sp->sk_drops)); -+ atomic_read(&sp->sk_refcnt), -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ NULL, -+#else -+ sp, -+#endif -+ atomic_read_unchecked(&sp->sk_drops)); ++ atomic_read(&sp->sk_refcnt), sp, atomic_read_unchecked(&sp->sk_drops)); } static int raw6_seq_show(struct seq_file *seq, void *v) +diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c +index e5253ec..0410257 100644 +--- a/net/ipv6/reassembly.c ++++ b/net/ipv6/reassembly.c +@@ -604,12 +604,11 @@ static struct ctl_table ip6_frags_ctl_table[] = { + + static int __net_init ip6_frags_ns_sysctl_register(struct net *net) + { +- struct ctl_table *table; ++ ctl_table_no_const *table = NULL; + struct ctl_table_header *hdr; + +- table = ip6_frags_ns_ctl_table; + if (!net_eq(net, &init_net)) { +- table = kmemdup(table, sizeof(ip6_frags_ns_ctl_table), GFP_KERNEL); ++ table = kmemdup(ip6_frags_ns_ctl_table, sizeof(ip6_frags_ns_ctl_table), GFP_KERNEL); + if (table == NULL) + goto err_alloc; + +@@ -620,9 +619,10 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) + /* Don't export sysctls to unprivileged users */ + if (net->user_ns != &init_user_ns) + table[0].procname = NULL; +- } ++ hdr = register_net_sysctl(net, "net/ipv6", table); ++ } else ++ hdr = register_net_sysctl(net, "net/ipv6", ip6_frags_ns_ctl_table); + +- hdr = register_net_sysctl(net, "net/ipv6", table); + if (hdr == NULL) + goto err_reg; + +@@ -630,8 +630,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) + return 0; + + err_reg: +- if (!net_eq(net, &init_net)) +- kfree(table); ++ kfree(table); + err_alloc: + return -ENOMEM; + } +diff --git a/net/ipv6/route.c b/net/ipv6/route.c +index 6f9f7b6..2306d63 100644 +--- a/net/ipv6/route.c ++++ b/net/ipv6/route.c +@@ -2965,7 +2965,7 @@ ctl_table ipv6_route_table_template[] = { + + struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) + { +- struct ctl_table *table; ++ ctl_table_no_const *table; + + table = kmemdup(ipv6_route_table_template, + sizeof(ipv6_route_table_template), +diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c +index cfba99b..20ca511 100644 +--- a/net/ipv6/sit.c ++++ b/net/ipv6/sit.c +@@ -72,7 +72,7 @@ MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN"); + static int ipip6_tunnel_init(struct net_device *dev); + static void ipip6_tunnel_setup(struct net_device *dev); + static void ipip6_dev_free(struct net_device *dev); +-static struct rtnl_link_ops sit_link_ops __read_mostly; ++static struct rtnl_link_ops sit_link_ops; + + static int sit_net_id __read_mostly; + struct sit_net { +@@ -1463,7 +1463,7 @@ static const struct nla_policy ipip6_policy[IFLA_IPTUN_MAX + 1] = { + #endif + }; + +-static struct rtnl_link_ops sit_link_ops __read_mostly = { ++static struct rtnl_link_ops sit_link_ops = { + .kind = "sit", + .maxtype = IFLA_IPTUN_MAX, + .policy = ipip6_policy, +diff --git a/net/ipv6/sysctl_net_ipv6.c b/net/ipv6/sysctl_net_ipv6.c +index e85c48b..b8268d3 100644 +--- a/net/ipv6/sysctl_net_ipv6.c ++++ b/net/ipv6/sysctl_net_ipv6.c +@@ -40,7 +40,7 @@ static ctl_table ipv6_rotable[] = { + + static int __net_init ipv6_sysctl_net_init(struct net *net) + { +- struct ctl_table *ipv6_table; ++ ctl_table_no_const *ipv6_table; + struct ctl_table *ipv6_route_table; + struct ctl_table *ipv6_icmp_table; + int err; diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 8b45fb4..fcabd55 100644 +index 4f435371..5de9da7 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c -@@ -106,6 +106,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) +@@ -103,6 +103,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) inet6_sk(sk)->rx_dst_cookie = rt->rt6i_node->fn_sernum; } @@ -78910,7 +86258,7 @@ index 8b45fb4..fcabd55 100644 static void tcp_v6_hash(struct sock *sk) { if (sk->sk_state != TCP_CLOSE) { -@@ -1512,6 +1516,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1433,6 +1437,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -78920,7 +86268,7 @@ index 8b45fb4..fcabd55 100644 tcp_v6_send_reset(sk, skb); discard: if (opt_skb) -@@ -1593,12 +1600,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) +@@ -1514,12 +1521,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -78943,7 +86291,7 @@ index 8b45fb4..fcabd55 100644 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1647,6 +1662,10 @@ no_tcp_socket: +@@ -1568,6 +1583,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -78954,52 +86302,8 @@ index 8b45fb4..fcabd55 100644 tcp_v6_send_reset(NULL, skb); } -@@ -1858,7 +1877,13 @@ static void get_openreq6(struct seq_file *seq, - uid, - 0, /* non standard timer */ - 0, /* open_requests have no inode */ -- 0, req); -+ 0, -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ NULL -+#else -+ req -+#endif -+ ); - } - - static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) -@@ -1908,7 +1933,12 @@ static void get_tcp6_sock(struct seq_file *seq, struct sock *sp, int i) - sock_i_uid(sp), - icsk->icsk_probes_out, - sock_i_ino(sp), -- atomic_read(&sp->sk_refcnt), sp, -+ atomic_read(&sp->sk_refcnt), -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ NULL, -+#else -+ sp, -+#endif - jiffies_to_clock_t(icsk->icsk_rto), - jiffies_to_clock_t(icsk->icsk_ack.ato), - (icsk->icsk_ack.quick << 1 ) | icsk->icsk_ack.pingpong, -@@ -1943,7 +1973,13 @@ static void get_timewait6_sock(struct seq_file *seq, - dest->s6_addr32[2], dest->s6_addr32[3], destp, - tw->tw_substate, 0, 0, - 3, jiffies_to_clock_t(ttd), 0, 0, 0, 0, -- atomic_read(&tw->tw_refcnt), tw); -+ atomic_read(&tw->tw_refcnt), -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ NULL -+#else -+ tw -+#endif -+ ); - } - - static int tcp6_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c -index 07e2bfe..328dae8 100644 +index fb08329..2d6919e 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -51,6 +51,10 @@ @@ -79050,160 +86354,110 @@ index 07e2bfe..328dae8 100644 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0); kfree_skb(skb); -@@ -1471,8 +1478,13 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket - 0, 0L, 0, - sock_i_uid(sp), 0, +@@ -1379,7 +1386,7 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket + 0, sock_i_ino(sp), -- atomic_read(&sp->sk_refcnt), sp, + atomic_read(&sp->sk_refcnt), sp, - atomic_read(&sp->sk_drops)); -+ atomic_read(&sp->sk_refcnt), -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ NULL, -+#else -+ sp, -+#endif + atomic_read_unchecked(&sp->sk_drops)); } int udp6_seq_show(struct seq_file *seq, void *v) diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c -index 6b9d5a0..4dffaf1 100644 +index a68c88c..d55b0c5 100644 --- a/net/irda/ircomm/ircomm_tty.c +++ b/net/irda/ircomm/ircomm_tty.c -@@ -281,16 +281,16 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, - add_wait_queue(&self->open_wait, &wait); +@@ -312,12 +312,12 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, + add_wait_queue(&port->open_wait, &wait); IRDA_DEBUG(2, "%s(%d):block_til_ready before block on %s open_count=%d\n", -- __FILE__,__LINE__, tty->driver->name, self->open_count ); -+ __FILE__,__LINE__, tty->driver->name, local_read(&self->open_count) ); +- __FILE__, __LINE__, tty->driver->name, port->count); ++ __FILE__, __LINE__, tty->driver->name, atomic_read(&port->count)); - /* As far as I can see, we protect open_count - Jean II */ - spin_lock_irqsave(&self->spinlock, flags); + spin_lock_irqsave(&port->lock, flags); if (!tty_hung_up_p(filp)) { extra_count = 1; -- self->open_count--; -+ local_dec(&self->open_count); +- port->count--; ++ atomic_dec(&port->count); } - spin_unlock_irqrestore(&self->spinlock, flags); -- self->blocked_open++; -+ local_inc(&self->blocked_open); - - while (1) { - if (tty->termios->c_cflag & CBAUD) { -@@ -330,7 +330,7 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, + spin_unlock_irqrestore(&port->lock, flags); + port->blocked_open++; +@@ -353,7 +353,7 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, } IRDA_DEBUG(1, "%s(%d):block_til_ready blocking on %s open_count=%d\n", -- __FILE__,__LINE__, tty->driver->name, self->open_count ); -+ __FILE__,__LINE__, tty->driver->name, local_read(&self->open_count) ); +- __FILE__, __LINE__, tty->driver->name, port->count); ++ __FILE__, __LINE__, tty->driver->name, atomic_read(&port->count)); schedule(); } -@@ -341,13 +341,13 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, +@@ -364,13 +364,13 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, if (extra_count) { /* ++ is not atomic, so this should be protected - Jean II */ - spin_lock_irqsave(&self->spinlock, flags); -- self->open_count++; -+ local_inc(&self->open_count); - spin_unlock_irqrestore(&self->spinlock, flags); + spin_lock_irqsave(&port->lock, flags); +- port->count++; ++ atomic_inc(&port->count); + spin_unlock_irqrestore(&port->lock, flags); } -- self->blocked_open--; -+ local_dec(&self->blocked_open); + port->blocked_open--; IRDA_DEBUG(1, "%s(%d):block_til_ready after blocking on %s open_count=%d\n", -- __FILE__,__LINE__, tty->driver->name, self->open_count); -+ __FILE__,__LINE__, tty->driver->name, local_read(&self->open_count)); +- __FILE__, __LINE__, tty->driver->name, port->count); ++ __FILE__, __LINE__, tty->driver->name, atomic_read(&port->count)); if (!retval) - self->flags |= ASYNC_NORMAL_ACTIVE; -@@ -412,14 +412,14 @@ static int ircomm_tty_open(struct tty_struct *tty, struct file *filp) - } - /* ++ is not atomic, so this should be protected - Jean II */ - spin_lock_irqsave(&self->spinlock, flags); -- self->open_count++; -+ local_inc(&self->open_count); + port->flags |= ASYNC_NORMAL_ACTIVE; +@@ -444,12 +444,12 @@ static int ircomm_tty_open(struct tty_struct *tty, struct file *filp) - tty->driver_data = self; - self->tty = tty; - spin_unlock_irqrestore(&self->spinlock, flags); + /* ++ is not atomic, so this should be protected - Jean II */ + spin_lock_irqsave(&self->port.lock, flags); +- self->port.count++; ++ atomic_inc(&self->port.count); + spin_unlock_irqrestore(&self->port.lock, flags); + tty_port_tty_set(&self->port, tty); IRDA_DEBUG(1, "%s(), %s%d, count = %d\n", __func__ , tty->driver->name, -- self->line, self->open_count); -+ self->line, local_read(&self->open_count)); +- self->line, self->port.count); ++ self->line, atomic_read(&self->port.count)); /* Not really used by us, but lets do it anyway */ - self->tty->low_latency = (self->flags & ASYNC_LOW_LATENCY) ? 1 : 0; -@@ -505,7 +505,7 @@ static void ircomm_tty_close(struct tty_struct *tty, struct file *filp) - return; + tty->low_latency = (self->port.flags & ASYNC_LOW_LATENCY) ? 1 : 0; +@@ -986,7 +986,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty) + tty_kref_put(port->tty); } + port->tty = NULL; +- port->count = 0; ++ atomic_set(&port->count, 0); + spin_unlock_irqrestore(&port->lock, flags); -- if ((tty->count == 1) && (self->open_count != 1)) { -+ if ((tty->count == 1) && (local_read(&self->open_count) != 1)) { - /* - * Uh, oh. tty->count is 1, which means that the tty - * structure will be freed. state->count should always -@@ -515,16 +515,16 @@ static void ircomm_tty_close(struct tty_struct *tty, struct file *filp) - */ - IRDA_DEBUG(0, "%s(), bad serial port count; " - "tty->count is 1, state->count is %d\n", __func__ , -- self->open_count); -- self->open_count = 1; -+ local_read(&self->open_count)); -+ local_set(&self->open_count, 1); - } - -- if (--self->open_count < 0) { -+ if (local_dec_return(&self->open_count) < 0) { - IRDA_ERROR("%s(), bad serial port count for ttys%d: %d\n", -- __func__, self->line, self->open_count); -- self->open_count = 0; -+ __func__, self->line, local_read(&self->open_count)); -+ local_set(&self->open_count, 0); - } -- if (self->open_count) { -+ if (local_read(&self->open_count)) { - spin_unlock_irqrestore(&self->spinlock, flags); - - IRDA_DEBUG(0, "%s(), open count > 0\n", __func__ ); -@@ -556,7 +556,7 @@ static void ircomm_tty_close(struct tty_struct *tty, struct file *filp) - tty->closing = 0; - self->tty = NULL; - -- if (self->blocked_open) { -+ if (local_read(&self->blocked_open)) { - if (self->close_delay) - schedule_timeout_interruptible(self->close_delay); - wake_up_interruptible(&self->open_wait); -@@ -1008,7 +1008,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty) - spin_lock_irqsave(&self->spinlock, flags); - self->flags &= ~ASYNC_NORMAL_ACTIVE; - self->tty = NULL; -- self->open_count = 0; -+ local_set(&self->open_count, 0); - spin_unlock_irqrestore(&self->spinlock, flags); - - wake_up_interruptible(&self->open_wait); -@@ -1355,7 +1355,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m) + wake_up_interruptible(&port->open_wait); +@@ -1343,7 +1343,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m) seq_putc(m, '\n'); seq_printf(m, "Role: %s\n", self->client ? "client" : "server"); -- seq_printf(m, "Open count: %d\n", self->open_count); -+ seq_printf(m, "Open count: %d\n", local_read(&self->open_count)); +- seq_printf(m, "Open count: %d\n", self->port.count); ++ seq_printf(m, "Open count: %d\n", atomic_read(&self->port.count)); seq_printf(m, "Max data size: %d\n", self->max_data_size); seq_printf(m, "Max header size: %d\n", self->max_header_size); -diff --git a/net/irda/irttp.c b/net/irda/irttp.c -index 5c93f29..71498f0 100644 ---- a/net/irda/irttp.c -+++ b/net/irda/irttp.c -@@ -441,6 +441,7 @@ struct tsap_cb *irttp_open_tsap(__u8 stsap_sel, int credit, notify_t *notify) - lsap = irlmp_open_lsap(stsap_sel, &ttp_notify, 0); - if (lsap == NULL) { - IRDA_WARNING("%s: unable to allocate LSAP!!\n", __func__); -+ __irttp_close_tsap(self); - return NULL; - } - +diff --git a/net/irda/iriap.c b/net/irda/iriap.c +index e71e85b..29340a9 100644 +--- a/net/irda/iriap.c ++++ b/net/irda/iriap.c +@@ -495,8 +495,11 @@ static void iriap_getvaluebyclass_confirm(struct iriap_cb *self, + /* case CS_ISO_8859_9: */ + /* case CS_UNICODE: */ + default: +- IRDA_DEBUG(0, "%s(), charset %s, not supported\n", +- __func__, ias_charset_types[charset]); ++ IRDA_DEBUG(0, "%s(), charset [%d] %s, not supported\n", ++ __func__, charset, ++ charset < ARRAY_SIZE(ias_charset_types) ? ++ ias_charset_types[charset] : ++ "(unknown)"); + + /* Aborting, close connection! */ + iriap_disconnect_request(self); diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c index cd6f7a9..e63fe89 100644 --- a/net/iucv/af_iucv.c @@ -79221,11 +86475,24 @@ index cd6f7a9..e63fe89 100644 } write_unlock_bh(&iucv_sk_list.lock); +diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c +index df08250..02021fe 100644 +--- a/net/iucv/iucv.c ++++ b/net/iucv/iucv.c +@@ -690,7 +690,7 @@ static int __cpuinit iucv_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata iucv_cpu_notifier = { ++static struct notifier_block iucv_cpu_notifier = { + .notifier_call = iucv_cpu_notify, + }; + diff --git a/net/key/af_key.c b/net/key/af_key.c -index 34e4185..8823368 100644 +index 5b426a6..970032b 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c -@@ -3016,10 +3016,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc +@@ -3019,10 +3019,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc static u32 get_acqseq(void) { u32 res; @@ -79238,8 +86505,42 @@ index 34e4185..8823368 100644 } while (!res); return res; } +diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c +index 716605c..044e9e1 100644 +--- a/net/l2tp/l2tp_ppp.c ++++ b/net/l2tp/l2tp_ppp.c +@@ -355,6 +355,7 @@ static int pppol2tp_sendmsg(struct kiocb *iocb, struct socket *sock, struct msgh + l2tp_xmit_skb(session, skb, session->hdr_len); + + sock_put(ps->tunnel_sock); ++ sock_put(sk); + + return error; + +diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c +index 0479c64..d031db6 100644 +--- a/net/mac80211/cfg.c ++++ b/net/mac80211/cfg.c +@@ -790,7 +790,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy, + ret = ieee80211_vif_use_channel(sdata, chandef, + IEEE80211_CHANCTX_EXCLUSIVE); + } +- } else if (local->open_count == local->monitors) { ++ } else if (local_read(&local->open_count) == local->monitors) { + local->_oper_channel = chandef->chan; + local->_oper_channel_type = cfg80211_get_chandef_type(chandef); + ieee80211_hw_config(local, 0); +@@ -2716,7 +2716,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy, + else + local->probe_req_reg--; + +- if (!local->open_count) ++ if (!local_read(&local->open_count)) + break; + + ieee80211_queue_work(&local->hw, &local->reconfig_filter); diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h -index fcab057..9383b42 100644 +index 2ed065c..948177f 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -28,6 +28,7 @@ @@ -79250,7 +86551,7 @@ index fcab057..9383b42 100644 #include "key.h" #include "sta_info.h" #include "debug.h" -@@ -840,7 +841,7 @@ struct ieee80211_local { +@@ -909,7 +910,7 @@ struct ieee80211_local { /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */ spinlock_t queue_stop_reason_lock; @@ -79260,10 +86561,10 @@ index fcab057..9383b42 100644 /* number of interfaces with corresponding FIF_ flags */ int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll, diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c -index c93d395..a305570 100644 +index 8be854e..ad72a69 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c -@@ -454,7 +454,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) +@@ -546,7 +546,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) break; } @@ -79272,7 +86573,7 @@ index c93d395..a305570 100644 res = drv_start(local); if (res) goto err_del_bss; -@@ -497,7 +497,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) +@@ -591,7 +591,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) break; } @@ -79281,7 +86582,7 @@ index c93d395..a305570 100644 res = ieee80211_add_virtual_monitor(local); if (res) goto err_stop; -@@ -594,7 +594,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) +@@ -699,7 +699,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) mutex_unlock(&local->mtx); if (coming_up) @@ -79290,7 +86591,7 @@ index c93d395..a305570 100644 if (hw_reconf_flags) ieee80211_hw_config(local, hw_reconf_flags); -@@ -607,7 +607,7 @@ static int ieee80211_do_open(struct net_device *dev, bool coming_up) +@@ -713,7 +713,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) err_del_interface: drv_remove_interface(local, sdata); err_stop: @@ -79299,7 +86600,7 @@ index c93d395..a305570 100644 drv_stop(local); err_del_bss: sdata->bss = NULL; -@@ -736,7 +736,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -827,7 +827,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, } if (going_down) @@ -79308,7 +86609,7 @@ index c93d395..a305570 100644 switch (sdata->vif.type) { case NL80211_IFTYPE_AP_VLAN: -@@ -796,7 +796,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -884,7 +884,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, ieee80211_recalc_ps(local, -1); @@ -79317,7 +86618,7 @@ index c93d395..a305570 100644 if (local->ops->napi_poll) napi_disable(&local->napi); ieee80211_clear_tx_pending(local); -@@ -828,7 +828,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -910,7 +910,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, } spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); @@ -79327,12 +86628,12 @@ index c93d395..a305570 100644 } diff --git a/net/mac80211/main.c b/net/mac80211/main.c -index c26e231..8916637 100644 +index 1b087ff..bf600e9 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c -@@ -166,7 +166,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) - local->hw.conf.power_level = power; - } +@@ -181,7 +181,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) + changed &= ~(IEEE80211_CONF_CHANGE_CHANNEL | + IEEE80211_CONF_CHANGE_POWER); - if (changed && local->open_count) { + if (changed && local_read(&local->open_count)) { @@ -79340,19 +86641,19 @@ index c26e231..8916637 100644 /* * Goal: diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c -index 5c572e7..ecf75ce 100644 +index 79a48f3..5e185c9 100644 --- a/net/mac80211/pm.c +++ b/net/mac80211/pm.c -@@ -34,7 +34,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) - struct ieee80211_sub_if_data *sdata; +@@ -35,7 +35,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) struct sta_info *sta; + struct ieee80211_chanctx *ctx; - if (!local->open_count) + if (!local_read(&local->open_count)) goto suspend; ieee80211_scan_cancel(local); -@@ -72,7 +72,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) +@@ -73,7 +73,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) cancel_work_sync(&local->dynamic_ps_enable_work); del_timer_sync(&local->dynamic_ps_timer); @@ -79361,8 +86662,8 @@ index 5c572e7..ecf75ce 100644 if (local->wowlan) { int err = drv_suspend(local, wowlan); if (err < 0) { -@@ -143,7 +143,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) - drv_remove_interface(local, sdata); +@@ -187,7 +187,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) + mutex_unlock(&local->chanctx_mtx); /* stop hardware - this must stop RX */ - if (local->open_count) @@ -79371,10 +86672,10 @@ index 5c572e7..ecf75ce 100644 suspend: diff --git a/net/mac80211/rate.c b/net/mac80211/rate.c -index 3313c11..bec9f17 100644 +index dd88381..eef4dd6 100644 --- a/net/mac80211/rate.c +++ b/net/mac80211/rate.c -@@ -494,7 +494,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, +@@ -493,7 +493,7 @@ int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local, ASSERT_RTNL(); @@ -79397,10 +86698,10 @@ index c97a065..ff61928 100644 return p; diff --git a/net/mac80211/util.c b/net/mac80211/util.c -index 7883449..17c6a9a 100644 +index f11e8c5..08d0013 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c -@@ -1279,7 +1279,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) +@@ -1380,7 +1380,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) } #endif /* everything else happens only if HW was up & running */ @@ -79410,10 +86711,10 @@ index 7883449..17c6a9a 100644 /* diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig -index c19b214..471fad1 100644 +index 49e96df..63a51c3 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig -@@ -872,6 +872,16 @@ config NETFILTER_XT_MATCH_ESP +@@ -936,6 +936,16 @@ config NETFILTER_XT_MATCH_ESP To compile it as a module, choose M here. If unsure, say N. @@ -79431,10 +86732,10 @@ index c19b214..471fad1 100644 tristate '"hashlimit" match support' depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n) diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile -index 1c5160f..145ae21 100644 +index 3259697..54d5393 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile -@@ -90,6 +90,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o +@@ -109,6 +109,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o obj-$(CONFIG_NETFILTER_XT_MATCH_DSCP) += xt_dscp.o obj-$(CONFIG_NETFILTER_XT_MATCH_ECN) += xt_ecn.o obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o @@ -79442,24 +86743,24 @@ index 1c5160f..145ae21 100644 obj-$(CONFIG_NETFILTER_XT_MATCH_HASHLIMIT) += xt_hashlimit.o obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o -diff --git a/net/netfilter/ipset/ip_set_hash_netiface.c b/net/netfilter/ipset/ip_set_hash_netiface.c -index d5d3607..1b6fa7b 100644 ---- a/net/netfilter/ipset/ip_set_hash_netiface.c -+++ b/net/netfilter/ipset/ip_set_hash_netiface.c -@@ -791,7 +791,7 @@ static struct ip_set_type hash_netiface_type __read_mostly = { - [IPSET_ATTR_IP] = { .type = NLA_NESTED }, - [IPSET_ATTR_IP_TO] = { .type = NLA_NESTED }, - [IPSET_ATTR_IFACE] = { .type = NLA_NUL_STRING, -- .len = IPSET_MAXNAMELEN - 1 }, -+ .len = IFNAMSIZ - 1 }, - [IPSET_ATTR_CADT_FLAGS] = { .type = NLA_U32 }, - [IPSET_ATTR_CIDR] = { .type = NLA_U8 }, - [IPSET_ATTR_TIMEOUT] = { .type = NLA_U32 }, +diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c +index 6d6d8f2..a676749 100644 +--- a/net/netfilter/ipset/ip_set_core.c ++++ b/net/netfilter/ipset/ip_set_core.c +@@ -1800,7 +1800,7 @@ done: + return ret; + } + +-static struct nf_sockopt_ops so_set __read_mostly = { ++static struct nf_sockopt_ops so_set = { + .pf = PF_INET, + .get_optmin = SO_IP_SET, + .get_optmax = SO_IP_SET + 1, diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c -index 1548df9..98ad9b4 100644 +index 30e764a..c3b6a9d 100644 --- a/net/netfilter/ipvs/ip_vs_conn.c +++ b/net/netfilter/ipvs/ip_vs_conn.c -@@ -557,7 +557,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest) +@@ -554,7 +554,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest) /* Increase the refcnt counter of the dest */ atomic_inc(&dest->refcnt); @@ -79468,7 +86769,7 @@ index 1548df9..98ad9b4 100644 if (cp->protocol != IPPROTO_UDP) conn_flags &= ~IP_VS_CONN_F_ONE_PACKET; flags = cp->flags; -@@ -902,7 +902,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p, +@@ -899,7 +899,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p, atomic_set(&cp->refcnt, 1); atomic_set(&cp->n_control, 0); @@ -79477,7 +86778,7 @@ index 1548df9..98ad9b4 100644 atomic_inc(&ipvs->conn_count); if (flags & IP_VS_CONN_F_NO_CPORT) -@@ -1183,7 +1183,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp) +@@ -1180,7 +1180,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp) /* Don't drop the entry if its number of incoming packets is not located in [0, 8] */ @@ -79487,11 +86788,11 @@ index 1548df9..98ad9b4 100644 if (!todrop_rate[i]) return 0; diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c -index b54ecce..fc5f6cf 100644 +index 47edf5a..235b07d 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c -@@ -562,7 +562,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, - ret = cp->packet_xmit(skb, cp, pd->pp); +@@ -559,7 +559,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, + ret = cp->packet_xmit(skb, cp, pd->pp, iph); /* do not touch skb anymore */ - atomic_inc(&cp->in_pkts); @@ -79499,7 +86800,7 @@ index b54ecce..fc5f6cf 100644 ip_vs_conn_put(cp); return ret; } -@@ -1611,7 +1611,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af) +@@ -1691,7 +1691,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af) if (cp->flags & IP_VS_CONN_F_ONE_PACKET) pkts = sysctl_sync_threshold(ipvs); else @@ -79509,10 +86810,10 @@ index b54ecce..fc5f6cf 100644 if (ipvs->sync_state & IP_VS_STATE_MASTER) ip_vs_sync_conn(net, cp, pkts); diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c -index f51013c..c99ee52 100644 +index ec664cb..7f34a77 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c -@@ -788,7 +788,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest, +@@ -787,7 +787,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest, ip_vs_rs_hash(ipvs, dest); write_unlock_bh(&ipvs->rs_lock); } @@ -79521,7 +86822,16 @@ index f51013c..c99ee52 100644 /* bind the service */ if (!dest->svc) { -@@ -2076,7 +2076,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) +@@ -1688,7 +1688,7 @@ proc_do_sync_ports(ctl_table *table, int write, + * align with netns init in ip_vs_control_net_init() + */ + +-static struct ctl_table vs_vars[] = { ++static ctl_table_no_const vs_vars[] __read_only = { + { + .procname = "amemthresh", + .maxlen = sizeof(int), +@@ -2081,7 +2081,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) " %-7s %-6d %-10d %-10d\n", &dest->addr.in6, ntohs(dest->port), @@ -79530,7 +86840,7 @@ index f51013c..c99ee52 100644 atomic_read(&dest->weight), atomic_read(&dest->activeconns), atomic_read(&dest->inactconns)); -@@ -2087,7 +2087,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) +@@ -2092,7 +2092,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) "%-7s %-6d %-10d %-10d\n", ntohl(dest->addr.ip), ntohs(dest->port), @@ -79539,7 +86849,7 @@ index f51013c..c99ee52 100644 atomic_read(&dest->weight), atomic_read(&dest->activeconns), atomic_read(&dest->inactconns)); -@@ -2557,7 +2557,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, +@@ -2562,7 +2562,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, entry.addr = dest->addr.ip; entry.port = dest->port; @@ -79548,7 +86858,7 @@ index f51013c..c99ee52 100644 entry.weight = atomic_read(&dest->weight); entry.u_threshold = dest->u_threshold; entry.l_threshold = dest->l_threshold; -@@ -3092,7 +3092,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) +@@ -3098,7 +3098,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) if (nla_put(skb, IPVS_DEST_ATTR_ADDR, sizeof(dest->addr), &dest->addr) || nla_put_u16(skb, IPVS_DEST_ATTR_PORT, dest->port) || nla_put_u32(skb, IPVS_DEST_ATTR_FWD_METHOD, @@ -79557,8 +86867,43 @@ index f51013c..c99ee52 100644 IP_VS_CONN_F_FWD_MASK)) || nla_put_u32(skb, IPVS_DEST_ATTR_WEIGHT, atomic_read(&dest->weight)) || +@@ -3688,7 +3688,7 @@ static int __net_init ip_vs_control_net_init_sysctl(struct net *net) + { + int idx; + struct netns_ipvs *ipvs = net_ipvs(net); +- struct ctl_table *tbl; ++ ctl_table_no_const *tbl; + + atomic_set(&ipvs->dropentry, 0); + spin_lock_init(&ipvs->dropentry_lock); +diff --git a/net/netfilter/ipvs/ip_vs_lblc.c b/net/netfilter/ipvs/ip_vs_lblc.c +index fdd89b9..bd96aa9 100644 +--- a/net/netfilter/ipvs/ip_vs_lblc.c ++++ b/net/netfilter/ipvs/ip_vs_lblc.c +@@ -115,7 +115,7 @@ struct ip_vs_lblc_table { + * IPVS LBLC sysctl table + */ + #ifdef CONFIG_SYSCTL +-static ctl_table vs_vars_table[] = { ++static ctl_table_no_const vs_vars_table[] __read_only = { + { + .procname = "lblc_expiration", + .data = NULL, +diff --git a/net/netfilter/ipvs/ip_vs_lblcr.c b/net/netfilter/ipvs/ip_vs_lblcr.c +index c03b6a3..8ce3681 100644 +--- a/net/netfilter/ipvs/ip_vs_lblcr.c ++++ b/net/netfilter/ipvs/ip_vs_lblcr.c +@@ -288,7 +288,7 @@ struct ip_vs_lblcr_table { + * IPVS LBLCR sysctl table + */ + +-static ctl_table vs_vars_table[] = { ++static ctl_table_no_const vs_vars_table[] __read_only = { + { + .procname = "lblcr_expiration", + .data = NULL, diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c -index effa10c..9058928 100644 +index 44fd10c..2a163b3 100644 --- a/net/netfilter/ipvs/ip_vs_sync.c +++ b/net/netfilter/ipvs/ip_vs_sync.c @@ -596,7 +596,7 @@ static void ip_vs_sync_conn_v0(struct net *net, struct ip_vs_conn *cp, @@ -79589,10 +86934,10 @@ index effa10c..9058928 100644 cp->old_state = cp->state; /* diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c -index c3c6291..3376d73 100644 +index ee6b7a9..f9a89f6 100644 --- a/net/netfilter/ipvs/ip_vs_xmit.c +++ b/net/netfilter/ipvs/ip_vs_xmit.c -@@ -1157,7 +1157,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, +@@ -1210,7 +1210,7 @@ ip_vs_icmp_xmit(struct sk_buff *skb, struct ip_vs_conn *cp, else rc = NF_ACCEPT; /* do not touch skb anymore */ @@ -79601,7 +86946,7 @@ index c3c6291..3376d73 100644 goto out; } -@@ -1278,7 +1278,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, +@@ -1332,7 +1332,7 @@ ip_vs_icmp_xmit_v6(struct sk_buff *skb, struct ip_vs_conn *cp, else rc = NF_ACCEPT; /* do not touch skb anymore */ @@ -79610,13 +86955,26 @@ index c3c6291..3376d73 100644 goto out; } +diff --git a/net/netfilter/nf_conntrack_acct.c b/net/netfilter/nf_conntrack_acct.c +index 7df424e..a527b02 100644 +--- a/net/netfilter/nf_conntrack_acct.c ++++ b/net/netfilter/nf_conntrack_acct.c +@@ -60,7 +60,7 @@ static struct nf_ct_ext_type acct_extend __read_mostly = { + #ifdef CONFIG_SYSCTL + static int nf_conntrack_acct_init_sysctl(struct net *net) + { +- struct ctl_table *table; ++ ctl_table_no_const *table; + + table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table), + GFP_KERNEL); diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c -index 2ceec64..a5b8a61 100644 +index e4a0c4f..c263f28 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -1529,6 +1529,10 @@ err_extend: - #define UNCONFIRMED_NULLS_VAL ((1<<30)+0) #define DYING_NULLS_VAL ((1<<30)+1) + #define TEMPLATE_NULLS_VAL ((1<<30)+2) +#ifdef CONFIG_GRKERNSEC_HIDESYM +static atomic_unchecked_t conntrack_cache_id = ATOMIC_INIT(0); @@ -79625,7 +86983,7 @@ index 2ceec64..a5b8a61 100644 static int nf_conntrack_init_net(struct net *net) { int ret; -@@ -1542,7 +1546,11 @@ static int nf_conntrack_init_net(struct net *net) +@@ -1543,7 +1547,11 @@ static int nf_conntrack_init_net(struct net *net) goto err_stat; } @@ -79637,11 +86995,131 @@ index 2ceec64..a5b8a61 100644 if (!net->ct.slabname) { ret = -ENOMEM; goto err_slabname; +diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c +index faa978f..1afb18f 100644 +--- a/net/netfilter/nf_conntrack_ecache.c ++++ b/net/netfilter/nf_conntrack_ecache.c +@@ -186,7 +186,7 @@ static struct nf_ct_ext_type event_extend __read_mostly = { + #ifdef CONFIG_SYSCTL + static int nf_conntrack_event_init_sysctl(struct net *net) + { +- struct ctl_table *table; ++ ctl_table_no_const *table; + + table = kmemdup(event_sysctl_table, sizeof(event_sysctl_table), + GFP_KERNEL); +diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c +index 884f2b3..d53b33a 100644 +--- a/net/netfilter/nf_conntrack_helper.c ++++ b/net/netfilter/nf_conntrack_helper.c +@@ -55,7 +55,7 @@ static struct ctl_table helper_sysctl_table[] = { + + static int nf_conntrack_helper_init_sysctl(struct net *net) + { +- struct ctl_table *table; ++ ctl_table_no_const *table; + + table = kmemdup(helper_sysctl_table, sizeof(helper_sysctl_table), + GFP_KERNEL); +diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c +index 51e928d..72a413a 100644 +--- a/net/netfilter/nf_conntrack_proto.c ++++ b/net/netfilter/nf_conntrack_proto.c +@@ -51,7 +51,7 @@ nf_ct_register_sysctl(struct net *net, + + static void + nf_ct_unregister_sysctl(struct ctl_table_header **header, +- struct ctl_table **table, ++ ctl_table_no_const **table, + unsigned int users) + { + if (users > 0) +diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c +index e7185c6..4ad6c9c 100644 +--- a/net/netfilter/nf_conntrack_standalone.c ++++ b/net/netfilter/nf_conntrack_standalone.c +@@ -470,7 +470,7 @@ static ctl_table nf_ct_netfilter_table[] = { + + static int nf_conntrack_standalone_init_sysctl(struct net *net) + { +- struct ctl_table *table; ++ ctl_table_no_const *table; + + if (net_eq(net, &init_net)) { + nf_ct_netfilter_header = +diff --git a/net/netfilter/nf_conntrack_timestamp.c b/net/netfilter/nf_conntrack_timestamp.c +index 7ea8026..bc9512d 100644 +--- a/net/netfilter/nf_conntrack_timestamp.c ++++ b/net/netfilter/nf_conntrack_timestamp.c +@@ -42,7 +42,7 @@ static struct nf_ct_ext_type tstamp_extend __read_mostly = { + #ifdef CONFIG_SYSCTL + static int nf_conntrack_tstamp_init_sysctl(struct net *net) + { +- struct ctl_table *table; ++ ctl_table_no_const *table; + + table = kmemdup(tstamp_sysctl_table, sizeof(tstamp_sysctl_table), + GFP_KERNEL); +diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c +index 9e31269..bc4c1b7 100644 +--- a/net/netfilter/nf_log.c ++++ b/net/netfilter/nf_log.c +@@ -215,7 +215,7 @@ static const struct file_operations nflog_file_ops = { + + #ifdef CONFIG_SYSCTL + static char nf_log_sysctl_fnames[NFPROTO_NUMPROTO-NFPROTO_UNSPEC][3]; +-static struct ctl_table nf_log_sysctl_table[NFPROTO_NUMPROTO+1]; ++static ctl_table_no_const nf_log_sysctl_table[NFPROTO_NUMPROTO+1] __read_only; + static struct ctl_table_header *nf_log_dir_header; + + static int nf_log_proc_dostring(ctl_table *table, int write, +@@ -246,14 +246,16 @@ static int nf_log_proc_dostring(ctl_table *table, int write, + rcu_assign_pointer(nf_loggers[tindex], logger); + mutex_unlock(&nf_log_mutex); + } else { ++ ctl_table_no_const nf_log_table = *table; ++ + mutex_lock(&nf_log_mutex); + logger = rcu_dereference_protected(nf_loggers[tindex], + lockdep_is_held(&nf_log_mutex)); + if (!logger) +- table->data = "NONE"; ++ nf_log_table.data = "NONE"; + else +- table->data = logger->name; +- r = proc_dostring(table, write, buffer, lenp, ppos); ++ nf_log_table.data = logger->name; ++ r = proc_dostring(&nf_log_table, write, buffer, lenp, ppos); + mutex_unlock(&nf_log_mutex); + } + +diff --git a/net/netfilter/nf_sockopt.c b/net/netfilter/nf_sockopt.c +index f042ae5..30ea486 100644 +--- a/net/netfilter/nf_sockopt.c ++++ b/net/netfilter/nf_sockopt.c +@@ -45,7 +45,7 @@ int nf_register_sockopt(struct nf_sockopt_ops *reg) + } + } + +- list_add(®->list, &nf_sockopts); ++ pax_list_add((struct list_head *)®->list, &nf_sockopts); + out: + mutex_unlock(&nf_sockopt_mutex); + return ret; +@@ -55,7 +55,7 @@ EXPORT_SYMBOL(nf_register_sockopt); + void nf_unregister_sockopt(struct nf_sockopt_ops *reg) + { + mutex_lock(&nf_sockopt_mutex); +- list_del(®->list); ++ pax_list_del((struct list_head *)®->list); + mutex_unlock(&nf_sockopt_mutex); + } + EXPORT_SYMBOL(nf_unregister_sockopt); diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c -index 5cfb5be..217c6d8 100644 +index 92fd8ec..3f6ea4b 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c -@@ -70,7 +70,7 @@ struct nfulnl_instance { +@@ -72,7 +72,7 @@ struct nfulnl_instance { }; static DEFINE_SPINLOCK(instances_lock); @@ -79650,7 +87128,7 @@ index 5cfb5be..217c6d8 100644 #define INSTANCE_BUCKETS 16 static struct hlist_head instance_table[INSTANCE_BUCKETS]; -@@ -523,7 +523,7 @@ __build_packet_message(struct nfulnl_instance *inst, +@@ -537,7 +537,7 @@ __build_packet_message(struct nfulnl_instance *inst, /* global sequence number */ if ((inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) && nla_put_be32(inst->skb, NFULA_SEQ_GLOBAL, @@ -79751,10 +87229,10 @@ index 4fe4fb4..87a89e5 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index 0426b67..d6ddaca 100644 +index c0353d5..fcb0270 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c -@@ -780,7 +780,7 @@ static void netlink_overrun(struct sock *sk) +@@ -785,7 +785,7 @@ static void netlink_overrun(struct sock *sk) sk->sk_error_report(sk); } } @@ -79762,8 +87240,8 @@ index 0426b67..d6ddaca 100644 + atomic_inc_unchecked(&sk->sk_drops); } - static struct sock *netlink_getsockbypid(struct sock *ssk, u32 pid) -@@ -2070,7 +2070,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) + static struct sock *netlink_getsockbyportid(struct sock *ssk, u32 portid) +@@ -2071,7 +2071,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) sk_wmem_alloc_get(s), nlk->cb, atomic_read(&s->sk_refcnt), @@ -79772,6 +87250,48 @@ index 0426b67..d6ddaca 100644 sock_i_ino(s) ); +diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c +index f2aabb6..2e5e66e 100644 +--- a/net/netlink/genetlink.c ++++ b/net/netlink/genetlink.c +@@ -295,18 +295,20 @@ int genl_register_ops(struct genl_family *family, struct genl_ops *ops) + goto errout; + } + ++ pax_open_kernel(); + if (ops->dumpit) +- ops->flags |= GENL_CMD_CAP_DUMP; ++ *(unsigned int *)&ops->flags |= GENL_CMD_CAP_DUMP; + if (ops->doit) +- ops->flags |= GENL_CMD_CAP_DO; ++ *(unsigned int *)&ops->flags |= GENL_CMD_CAP_DO; + if (ops->policy) +- ops->flags |= GENL_CMD_CAP_HASPOL; ++ *(unsigned int *)&ops->flags |= GENL_CMD_CAP_HASPOL; ++ pax_close_kernel(); + + genl_lock(); +- list_add_tail(&ops->ops_list, &family->ops_list); ++ pax_list_add_tail((struct list_head *)&ops->ops_list, &family->ops_list); + genl_unlock(); + +- genl_ctrl_event(CTRL_CMD_NEWOPS, ops); ++ genl_ctrl_event(CTRL_CMD_NEWOPS, (void *)ops); + err = 0; + errout: + return err; +@@ -336,9 +338,9 @@ int genl_unregister_ops(struct genl_family *family, struct genl_ops *ops) + genl_lock(); + list_for_each_entry(rc, &family->ops_list, ops_list) { + if (rc == ops) { +- list_del(&ops->ops_list); ++ pax_list_del((struct list_head *)&ops->ops_list); + genl_unlock(); +- genl_ctrl_event(CTRL_CMD_DELOPS, ops); ++ genl_ctrl_event(CTRL_CMD_DELOPS, (void *)ops); + return 0; + } + } diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c index 7261eb8..44e8ac6 100644 --- a/net/netrom/af_netrom.c @@ -79792,33 +87312,11 @@ index 7261eb8..44e8ac6 100644 sax->fsa_ax25.sax25_call = nr->source_addr; *uaddr_len = sizeof(struct sockaddr_ax25); } -diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c -index ddeb9aa..e18fffd 100644 ---- a/net/nfc/llcp/sock.c -+++ b/net/nfc/llcp/sock.c -@@ -443,15 +443,11 @@ static int llcp_sock_connect(struct socket *sock, struct sockaddr *_addr, - pr_debug("sock %p sk %p flags 0x%x\n", sock, sk, flags); - - if (!addr || len < sizeof(struct sockaddr_nfc) || -- addr->sa_family != AF_NFC) { -- pr_err("Invalid socket\n"); -+ addr->sa_family != AF_NFC) - return -EINVAL; -- } - -- if (addr->service_name_len == 0 && addr->dsap == 0) { -- pr_err("Missing service name or dsap\n"); -+ if (addr->service_name_len == 0 && addr->dsap == 0) - return -EINVAL; -- } - - pr_debug("addr dev_idx=%u target_idx=%u protocol=%u\n", addr->dev_idx, - addr->target_idx, addr->nfc_protocol); diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index 70f7e18..704ff38 100644 +index c111bd0..7788ff7 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c -@@ -1689,7 +1689,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1578,7 +1578,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, spin_lock(&sk->sk_receive_queue.lock); po->stats.tp_packets++; @@ -79827,7 +87325,7 @@ index 70f7e18..704ff38 100644 __skb_queue_tail(&sk->sk_receive_queue, skb); spin_unlock(&sk->sk_receive_queue.lock); sk->sk_data_ready(sk, skb->len); -@@ -1698,7 +1698,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, +@@ -1587,7 +1587,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, drop_n_acct: spin_lock(&sk->sk_receive_queue.lock); po->stats.tp_drops++; @@ -79836,7 +87334,7 @@ index 70f7e18..704ff38 100644 spin_unlock(&sk->sk_receive_queue.lock); drop_n_restore: -@@ -2644,6 +2644,7 @@ out: +@@ -2565,6 +2565,7 @@ out: static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) { @@ -79844,7 +87342,7 @@ index 70f7e18..704ff38 100644 struct sock_exterr_skb *serr; struct sk_buff *skb, *skb2; int copied, err; -@@ -2665,8 +2666,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) +@@ -2586,8 +2587,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) sock_recv_timestamp(msg, sk, skb); serr = SKB_EXT_ERR(skb); @@ -79855,7 +87353,7 @@ index 70f7e18..704ff38 100644 msg->msg_flags |= MSG_ERRQUEUE; err = copied; -@@ -3278,7 +3280,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3212,7 +3214,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, case PACKET_HDRLEN: if (len > sizeof(int)) len = sizeof(int); @@ -79864,7 +87362,7 @@ index 70f7e18..704ff38 100644 return -EFAULT; switch (val) { case TPACKET_V1: -@@ -3317,7 +3319,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3254,7 +3256,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, len = lv; if (put_user(len, optlen)) return -EFAULT; @@ -79927,25 +87425,31 @@ index 576f22c..bc7a71b 100644 break; } diff --git a/net/phonet/socket.c b/net/phonet/socket.c -index 0acc943..c727611 100644 +index b7e9827..c264c85 100644 --- a/net/phonet/socket.c +++ b/net/phonet/socket.c -@@ -613,8 +613,13 @@ static int pn_sock_seq_show(struct seq_file *seq, void *v) - pn->resource, sk->sk_state, - sk_wmem_alloc_get(sk), sk_rmem_alloc_get(sk), - sock_i_uid(sk), sock_i_ino(sk), -- atomic_read(&sk->sk_refcnt), sk, +@@ -615,7 +615,7 @@ static int pn_sock_seq_show(struct seq_file *seq, void *v) + from_kuid_munged(seq_user_ns(seq), sock_i_uid(sk)), + sock_i_ino(sk), + atomic_read(&sk->sk_refcnt), sk, - atomic_read(&sk->sk_drops), &len); -+ atomic_read(&sk->sk_refcnt), -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ NULL, -+#else -+ sk, -+#endif + atomic_read_unchecked(&sk->sk_drops), &len); } seq_printf(seq, "%*s\n", 127 - len, ""); return 0; +diff --git a/net/phonet/sysctl.c b/net/phonet/sysctl.c +index d6bbbbd..61561e4 100644 +--- a/net/phonet/sysctl.c ++++ b/net/phonet/sysctl.c +@@ -67,7 +67,7 @@ static int proc_local_port_range(ctl_table *table, int write, + { + int ret; + int range[2] = {local_port_range[0], local_port_range[1]}; +- ctl_table tmp = { ++ ctl_table_no_const tmp = { + .data = &range, + .maxlen = sizeof(range), + .mode = table->mode, diff --git a/net/rds/cong.c b/net/rds/cong.c index e5b65ac..f3b6fb7 100644 --- a/net/rds/cong.c @@ -79978,7 +87482,7 @@ index e5b65ac..f3b6fb7 100644 if (likely(*recent == gen)) return 0; diff --git a/net/rds/ib.h b/net/rds/ib.h -index 8d2b3d5..227ec5b 100644 +index 7280ab8..e04f4ea 100644 --- a/net/rds/ib.h +++ b/net/rds/ib.h @@ -128,7 +128,7 @@ struct rds_ib_connection { @@ -79991,10 +87495,10 @@ index 8d2b3d5..227ec5b 100644 spinlock_t i_ack_lock; /* protect i_ack_next */ u64 i_ack_next; /* next ACK to send */ diff --git a/net/rds/ib_cm.c b/net/rds/ib_cm.c -index a1e1162..265e129 100644 +index 31b74f5..dc1fbfa 100644 --- a/net/rds/ib_cm.c +++ b/net/rds/ib_cm.c -@@ -718,7 +718,7 @@ void rds_ib_conn_shutdown(struct rds_connection *conn) +@@ -717,7 +717,7 @@ void rds_ib_conn_shutdown(struct rds_connection *conn) /* Clear the ACK state */ clear_bit(IB_ACK_IN_FLIGHT, &ic->i_ack_flags); #ifdef KERNEL_HAS_ATOMIC64 @@ -80004,10 +87508,10 @@ index a1e1162..265e129 100644 ic->i_ack_next = 0; #endif diff --git a/net/rds/ib_recv.c b/net/rds/ib_recv.c -index 8d19491..05a3e65 100644 +index 8eb9501..0c386ff 100644 --- a/net/rds/ib_recv.c +++ b/net/rds/ib_recv.c -@@ -592,7 +592,7 @@ static u64 rds_ib_get_ack(struct rds_ib_connection *ic) +@@ -597,7 +597,7 @@ static u64 rds_ib_get_ack(struct rds_ib_connection *ic) static void rds_ib_set_ack(struct rds_ib_connection *ic, u64 seq, int ack_required) { @@ -80016,7 +87520,7 @@ index 8d19491..05a3e65 100644 if (ack_required) { smp_mb__before_clear_bit(); set_bit(IB_ACK_REQUESTED, &ic->i_ack_flags); -@@ -604,7 +604,7 @@ static u64 rds_ib_get_ack(struct rds_ib_connection *ic) +@@ -609,7 +609,7 @@ static u64 rds_ib_get_ack(struct rds_ib_connection *ic) clear_bit(IB_ACK_REQUESTED, &ic->i_ack_flags); smp_mb__after_clear_bit(); @@ -80073,6 +87577,33 @@ index 4503335..db566b4 100644 } #endif +diff --git a/net/rds/message.c b/net/rds/message.c +index f0a4658..aff589c 100644 +--- a/net/rds/message.c ++++ b/net/rds/message.c +@@ -197,6 +197,9 @@ struct rds_message *rds_message_alloc(unsigned int extra_len, gfp_t gfp) + { + struct rds_message *rm; + ++ if (extra_len > KMALLOC_MAX_SIZE - sizeof(struct rds_message)) ++ return NULL; ++ + rm = kzalloc(sizeof(struct rds_message) + extra_len, gfp); + if (!rm) + goto out; +diff --git a/net/rds/rds.h b/net/rds/rds.h +index ec1d731..90a3a8d 100644 +--- a/net/rds/rds.h ++++ b/net/rds/rds.h +@@ -449,7 +449,7 @@ struct rds_transport { + void (*sync_mr)(void *trans_private, int direction); + void (*free_mr)(void *trans_private, int invalidate); + void (*flush_mrs)(void); +-}; ++} __do_const; + + struct rds_sock { + struct sock rs_sk; diff --git a/net/rds/tcp.c b/net/rds/tcp.c index edac9ef..16bcb98 100644 --- a/net/rds/tcp.c @@ -80087,7 +87618,7 @@ index edac9ef..16bcb98 100644 set_fs(oldfs); } diff --git a/net/rds/tcp_send.c b/net/rds/tcp_send.c -index 1b4fd68..2234175 100644 +index 81cf5a4..b5826ff 100644 --- a/net/rds/tcp_send.c +++ b/net/rds/tcp_send.c @@ -43,7 +43,7 @@ static void rds_tcp_cork(struct socket *sock, int val) @@ -80359,11 +87890,42 @@ index f226709..0e735a8 100644 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); +diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c +index 391a245..296b3d7 100644 +--- a/net/sctp/ipv6.c ++++ b/net/sctp/ipv6.c +@@ -981,7 +981,7 @@ static const struct inet6_protocol sctpv6_protocol = { + .flags = INET6_PROTO_NOPOLICY | INET6_PROTO_FINAL, + }; + +-static struct sctp_af sctp_af_inet6 = { ++static struct sctp_af sctp_af_inet6 __read_only = { + .sa_family = AF_INET6, + .sctp_xmit = sctp_v6_xmit, + .setsockopt = ipv6_setsockopt, +@@ -1013,7 +1013,7 @@ static struct sctp_af sctp_af_inet6 = { + #endif + }; + +-static struct sctp_pf sctp_pf_inet6 = { ++static struct sctp_pf sctp_pf_inet6 __read_only = { + .event_msgname = sctp_inet6_event_msgname, + .skb_msgname = sctp_inet6_skb_msgname, + .af_supported = sctp_inet6_af_supported, +@@ -1038,7 +1038,7 @@ void sctp_v6_pf_init(void) + + void sctp_v6_pf_exit(void) + { +- list_del(&sctp_af_inet6.list); ++ pax_list_del(&sctp_af_inet6.list); + } + + /* Initialize IPv6 support and register with socket layer. */ diff --git a/net/sctp/proc.c b/net/sctp/proc.c -index 1e2eee8..ce3967e 100644 +index 8c19e97..16264b8 100644 --- a/net/sctp/proc.c +++ b/net/sctp/proc.c -@@ -319,7 +319,8 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v) +@@ -338,7 +338,8 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v) seq_printf(seq, "%8pK %8pK %-3d %-3d %-2d %-4d " "%4d %8d %8d %7d %5lu %-5d %5d ", @@ -80373,11 +87935,67 @@ index 1e2eee8..ce3967e 100644 assoc->state, hash, assoc->assoc_id, assoc->sndbuf_used, +diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c +index f898b1c..a2d0fe8 100644 +--- a/net/sctp/protocol.c ++++ b/net/sctp/protocol.c +@@ -834,8 +834,10 @@ int sctp_register_af(struct sctp_af *af) + return 0; + } + ++ pax_open_kernel(); + INIT_LIST_HEAD(&af->list); +- list_add_tail(&af->list, &sctp_address_families); ++ pax_close_kernel(); ++ pax_list_add_tail(&af->list, &sctp_address_families); + return 1; + } + +@@ -966,7 +968,7 @@ static inline int sctp_v4_xmit(struct sk_buff *skb, + + static struct sctp_af sctp_af_inet; + +-static struct sctp_pf sctp_pf_inet = { ++static struct sctp_pf sctp_pf_inet __read_only = { + .event_msgname = sctp_inet_event_msgname, + .skb_msgname = sctp_inet_skb_msgname, + .af_supported = sctp_inet_af_supported, +@@ -1037,7 +1039,7 @@ static const struct net_protocol sctp_protocol = { + }; + + /* IPv4 address related functions. */ +-static struct sctp_af sctp_af_inet = { ++static struct sctp_af sctp_af_inet __read_only = { + .sa_family = AF_INET, + .sctp_xmit = sctp_v4_xmit, + .setsockopt = ip_setsockopt, +@@ -1122,7 +1124,7 @@ static void sctp_v4_pf_init(void) + + static void sctp_v4_pf_exit(void) + { +- list_del(&sctp_af_inet.list); ++ pax_list_del(&sctp_af_inet.list); + } + + static int sctp_v4_protosw_init(void) +diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c +index c957775..6d4593a 100644 +--- a/net/sctp/sm_sideeffect.c ++++ b/net/sctp/sm_sideeffect.c +@@ -447,7 +447,7 @@ static void sctp_generate_sack_event(unsigned long data) + sctp_generate_timeout_event(asoc, SCTP_EVENT_TIMEOUT_SACK); + } + +-sctp_timer_event_t *sctp_timer_events[SCTP_NUM_TIMEOUT_TYPES] = { ++sctp_timer_event_t * const sctp_timer_events[SCTP_NUM_TIMEOUT_TYPES] = { + NULL, + sctp_generate_t1_cookie_event, + sctp_generate_t1_init_event, diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index d32d86d..ea3b353 100644 +index cedd9bf..d577d71 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c -@@ -4630,6 +4630,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, +@@ -4665,6 +4665,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; if (space_left < addrlen) return -ENOMEM; @@ -80386,32 +88004,101 @@ index d32d86d..ea3b353 100644 if (copy_to_user(to, &temp, addrlen)) return -EFAULT; to += addrlen; -diff --git a/net/sctp/transport.c b/net/sctp/transport.c -index c97472b..3f7c94b 100644 ---- a/net/sctp/transport.c -+++ b/net/sctp/transport.c -@@ -328,7 +328,7 @@ void sctp_transport_update_rto(struct sctp_transport *tp, __u32 rtt) - * 1/8, rto_alpha would be expressed as 3. - */ - tp->rttvar = tp->rttvar - (tp->rttvar >> sctp_rto_beta) -- + ((abs(tp->srtt - rtt)) >> sctp_rto_beta); -+ + (((__u32)abs64((__s64)tp->srtt - (__s64)rtt)) >> sctp_rto_beta); - tp->srtt = tp->srtt - (tp->srtt >> sctp_rto_alpha) - + (rtt >> sctp_rto_alpha); - } else { +@@ -5653,6 +5655,9 @@ static int sctp_getsockopt_assoc_stats(struct sock *sk, int len, + if (len < sizeof(sctp_assoc_t)) + return -EINVAL; + ++ /* Allow the struct to grow and fill in as much as possible */ ++ len = min_t(size_t, len, sizeof(sas)); ++ + if (copy_from_user(&sas, optval, len)) + return -EFAULT; + +@@ -5686,9 +5691,6 @@ static int sctp_getsockopt_assoc_stats(struct sock *sk, int len, + /* Mark beginning of a new observation period */ + asoc->stats.max_obs_rto = asoc->rto_min; + +- /* Allow the struct to grow and fill in as much as possible */ +- len = min_t(size_t, len, sizeof(sas)); +- + if (put_user(len, optlen)) + return -EFAULT; + +diff --git a/net/sctp/ssnmap.c b/net/sctp/ssnmap.c +index 442ad4e..825ea94 100644 +--- a/net/sctp/ssnmap.c ++++ b/net/sctp/ssnmap.c +@@ -41,8 +41,6 @@ + #include <net/sctp/sctp.h> + #include <net/sctp/sm.h> + +-#define MAX_KMALLOC_SIZE 131072 +- + static struct sctp_ssnmap *sctp_ssnmap_init(struct sctp_ssnmap *map, __u16 in, + __u16 out); + +@@ -65,7 +63,7 @@ struct sctp_ssnmap *sctp_ssnmap_new(__u16 in, __u16 out, + int size; + + size = sctp_ssnmap_size(in, out); +- if (size <= MAX_KMALLOC_SIZE) ++ if (size <= KMALLOC_MAX_SIZE) + retval = kmalloc(size, gfp); + else + retval = (struct sctp_ssnmap *) +@@ -82,7 +80,7 @@ struct sctp_ssnmap *sctp_ssnmap_new(__u16 in, __u16 out, + return retval; + + fail_map: +- if (size <= MAX_KMALLOC_SIZE) ++ if (size <= KMALLOC_MAX_SIZE) + kfree(retval); + else + free_pages((unsigned long)retval, get_order(size)); +@@ -124,7 +122,7 @@ void sctp_ssnmap_free(struct sctp_ssnmap *map) + int size; + + size = sctp_ssnmap_size(map->in.len, map->out.len); +- if (size <= MAX_KMALLOC_SIZE) ++ if (size <= KMALLOC_MAX_SIZE) + kfree(map); + else + free_pages((unsigned long)map, get_order(size)); +diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c +index bf3c6e8..376d8d0 100644 +--- a/net/sctp/sysctl.c ++++ b/net/sctp/sysctl.c +@@ -307,7 +307,7 @@ static int proc_sctp_do_hmac_alg(ctl_table *ctl, + { + struct net *net = current->nsproxy->net_ns; + char tmp[8]; +- ctl_table tbl; ++ ctl_table_no_const tbl; + int ret; + int changed = 0; + char *none = "none"; +@@ -350,7 +350,7 @@ static int proc_sctp_do_hmac_alg(ctl_table *ctl, + + int sctp_sysctl_net_register(struct net *net) + { +- struct ctl_table *table; ++ ctl_table_no_const *table; + int i; + + table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); diff --git a/net/socket.c b/net/socket.c -index edc3c4a..4b4e4a8 100644 +index 2ca51c7..45d0b31 100644 --- a/net/socket.c +++ b/net/socket.c -@@ -88,6 +88,7 @@ - #include <linux/nsproxy.h> +@@ -89,6 +89,7 @@ #include <linux/magic.h> #include <linux/slab.h> + #include <linux/xattr.h> +#include <linux/in.h> #include <asm/uaccess.h> #include <asm/unistd.h> -@@ -105,6 +106,8 @@ +@@ -106,6 +107,8 @@ #include <linux/sockios.h> #include <linux/atalk.h> @@ -80420,7 +88107,7 @@ index edc3c4a..4b4e4a8 100644 static int sock_no_open(struct inode *irrelevant, struct file *dontcare); static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos); -@@ -321,7 +324,7 @@ static struct dentry *sockfs_mount(struct file_system_type *fs_type, +@@ -322,7 +325,7 @@ static struct dentry *sockfs_mount(struct file_system_type *fs_type, &sockfs_dentry_operations, SOCKFS_MAGIC); } @@ -80429,7 +88116,7 @@ index edc3c4a..4b4e4a8 100644 static struct file_system_type sock_fs_type = { .name = "sockfs", -@@ -1209,6 +1212,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, +@@ -1270,6 +1273,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, return -EAFNOSUPPORT; if (type < 0 || type >= SOCK_MAX) return -EINVAL; @@ -80438,7 +88125,7 @@ index edc3c4a..4b4e4a8 100644 /* Compatibility. -@@ -1340,6 +1345,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol) +@@ -1401,6 +1406,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol) if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK)) flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK; @@ -80455,7 +88142,7 @@ index edc3c4a..4b4e4a8 100644 retval = sock_create(family, type, protocol, &sock); if (retval < 0) goto out; -@@ -1452,6 +1467,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1528,6 +1543,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) if (sock) { err = move_addr_to_kernel(umyaddr, addrlen, &address); if (err >= 0) { @@ -80470,7 +88157,7 @@ index edc3c4a..4b4e4a8 100644 err = security_socket_bind(sock, (struct sockaddr *)&address, addrlen); -@@ -1460,6 +1483,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1536,6 +1559,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) (struct sockaddr *) &address, addrlen); } @@ -80478,7 +88165,7 @@ index edc3c4a..4b4e4a8 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1483,10 +1507,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) +@@ -1559,10 +1583,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) if ((unsigned int)backlog > somaxconn) backlog = somaxconn; @@ -80499,7 +88186,7 @@ index edc3c4a..4b4e4a8 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1530,6 +1564,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1606,6 +1640,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, newsock->type = sock->type; newsock->ops = sock->ops; @@ -80518,7 +88205,7 @@ index edc3c4a..4b4e4a8 100644 /* * We don't need try_module_get here, as the listening socket (sock) * has the protocol module (sock->ops->owner) held. -@@ -1568,6 +1614,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1651,6 +1697,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, fd_install(newfd, newfile); err = newfd; @@ -80527,7 +88214,7 @@ index edc3c4a..4b4e4a8 100644 out_put: fput_light(sock->file, fput_needed); out: -@@ -1600,6 +1648,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1683,6 +1731,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, int, addrlen) { struct socket *sock; @@ -80535,7 +88222,7 @@ index edc3c4a..4b4e4a8 100644 struct sockaddr_storage address; int err, fput_needed; -@@ -1610,6 +1659,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1693,6 +1742,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, if (err < 0) goto out_put; @@ -80553,7 +88240,7 @@ index edc3c4a..4b4e4a8 100644 err = security_socket_connect(sock, (struct sockaddr *)&address, addrlen); if (err) -@@ -1964,7 +2024,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2047,7 +2107,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -80562,7 +88249,7 @@ index edc3c4a..4b4e4a8 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2132,7 +2192,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2215,7 +2275,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, * kernel msghdr to use the kernel address space) */ @@ -80571,7 +88258,7 @@ index edc3c4a..4b4e4a8 100644 uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) { err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); -@@ -2761,7 +2821,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2838,7 +2898,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) } ifr = compat_alloc_user_space(buf_size); @@ -80580,7 +88267,7 @@ index edc3c4a..4b4e4a8 100644 if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ)) return -EFAULT; -@@ -2785,12 +2845,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2862,12 +2922,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) offsetof(struct ethtool_rxnfc, fs.ring_cookie)); if (copy_in_user(rxnfc, compat_rxnfc, @@ -80597,7 +88284,7 @@ index edc3c4a..4b4e4a8 100644 copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt, sizeof(rxnfc->rule_cnt))) return -EFAULT; -@@ -2802,12 +2862,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) +@@ -2879,12 +2939,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) if (convert_out) { if (copy_in_user(compat_rxnfc, rxnfc, @@ -80614,7 +88301,7 @@ index edc3c4a..4b4e4a8 100644 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt, sizeof(rxnfc->rule_cnt))) return -EFAULT; -@@ -2877,7 +2937,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -2954,7 +3014,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -80623,7 +88310,7 @@ index edc3c4a..4b4e4a8 100644 set_fs(old_fs); return err; -@@ -2986,7 +3046,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -3063,7 +3123,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -80632,7 +88319,7 @@ index edc3c4a..4b4e4a8 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3091,7 +3151,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3168,7 +3228,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= __get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -80641,7 +88328,7 @@ index edc3c4a..4b4e4a8 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3317,8 +3377,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3394,8 +3454,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -80652,7 +88339,7 @@ index edc3c4a..4b4e4a8 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3338,7 +3398,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3415,7 +3475,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -80661,11 +88348,26 @@ index edc3c4a..4b4e4a8 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) +diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c +index 507b5e8..049e64a 100644 +--- a/net/sunrpc/clnt.c ++++ b/net/sunrpc/clnt.c +@@ -1272,7 +1272,9 @@ call_start(struct rpc_task *task) + (RPC_IS_ASYNC(task) ? "async" : "sync")); + + /* Increment call count */ +- task->tk_msg.rpc_proc->p_count++; ++ pax_open_kernel(); ++ (*(unsigned int *)&task->tk_msg.rpc_proc->p_count)++; ++ pax_close_kernel(); + clnt->cl_stats->rpccnt++; + task->tk_action = call_reserve; + } diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c -index 7fc5846..284efce 100644 +index fb20f25..e3ba316 100644 --- a/net/sunrpc/sched.c +++ b/net/sunrpc/sched.c -@@ -240,9 +240,9 @@ static int rpc_wait_bit_killable(void *word) +@@ -259,9 +259,9 @@ static int rpc_wait_bit_killable(void *word) #ifdef RPC_DEBUG static void rpc_task_set_debuginfo(struct rpc_task *task) { @@ -80677,6 +88379,21 @@ index 7fc5846..284efce 100644 } #else static inline void rpc_task_set_debuginfo(struct rpc_task *task) +diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c +index 2d34b6b..e2d584d 100644 +--- a/net/sunrpc/svc.c ++++ b/net/sunrpc/svc.c +@@ -1156,7 +1156,9 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv) + svc_putnl(resv, RPC_SUCCESS); + + /* Bump per-procedure stats counter */ +- procp->pc_count++; ++ pax_open_kernel(); ++ (*(unsigned int *)&procp->pc_count)++; ++ pax_close_kernel(); + + /* Initialize storage for argp and resp */ + memset(rqstp->rq_argp, 0, procp->pc_argsize); diff --git a/net/sunrpc/xprtrdma/svc_rdma.c b/net/sunrpc/xprtrdma/svc_rdma.c index 8343737..677025e 100644 --- a/net/sunrpc/xprtrdma/svc_rdma.c @@ -80789,7 +88506,7 @@ index 8343737..677025e 100644 .proc_handler = read_reset_stat, }, diff --git a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c -index 41cb63b..c4a1489 100644 +index 0ce7552..d074459 100644 --- a/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c +++ b/net/sunrpc/xprtrdma/svc_rdma_recvfrom.c @@ -501,7 +501,7 @@ next_sge: @@ -80820,7 +88537,7 @@ index 41cb63b..c4a1489 100644 /* Build up the XDR from the receive buffers. */ rdma_build_arg_xdr(rqstp, ctxt, ctxt->byte_len); diff --git a/net/sunrpc/xprtrdma/svc_rdma_sendto.c b/net/sunrpc/xprtrdma/svc_rdma_sendto.c -index 42eb7ba..c887c45 100644 +index c1d124d..acfc59e 100644 --- a/net/sunrpc/xprtrdma/svc_rdma_sendto.c +++ b/net/sunrpc/xprtrdma/svc_rdma_sendto.c @@ -362,7 +362,7 @@ static int send_write(struct svcxprt_rdma *xprt, struct svc_rqst *rqstp, @@ -80833,7 +88550,7 @@ index 42eb7ba..c887c45 100644 goto err; return 0; diff --git a/net/sunrpc/xprtrdma/svc_rdma_transport.c b/net/sunrpc/xprtrdma/svc_rdma_transport.c -index 73b428b..5f3f8f3 100644 +index 62e4f9b..dd3f2d7 100644 --- a/net/sunrpc/xprtrdma/svc_rdma_transport.c +++ b/net/sunrpc/xprtrdma/svc_rdma_transport.c @@ -292,7 +292,7 @@ static void rq_cq_reap(struct svcxprt_rdma *xprt) @@ -80872,7 +88589,7 @@ index 73b428b..5f3f8f3 100644 } static void sq_comp_handler(struct ib_cq *cq, void *cq_context) -@@ -1266,7 +1266,7 @@ int svc_rdma_send(struct svcxprt_rdma *xprt, struct ib_send_wr *wr) +@@ -1262,7 +1262,7 @@ int svc_rdma_send(struct svcxprt_rdma *xprt, struct ib_send_wr *wr) spin_lock_bh(&xprt->sc_lock); if (xprt->sc_sq_depth < atomic_read(&xprt->sc_sq_count) + wr_count) { spin_unlock_bh(&xprt->sc_lock); @@ -80882,23 +88599,23 @@ index 73b428b..5f3f8f3 100644 /* See if we can opportunistically reap SQ WR to make room */ sq_cq_reap(xprt); diff --git a/net/sysctl_net.c b/net/sysctl_net.c -index e3a6e37..be2ea77 100644 +index 9bc6db0..47ac8c0 100644 --- a/net/sysctl_net.c +++ b/net/sysctl_net.c -@@ -43,7 +43,7 @@ static int net_ctl_permissions(struct ctl_table_root *root, - struct ctl_table *table) - { +@@ -46,7 +46,7 @@ static int net_ctl_permissions(struct ctl_table_header *head, + kgid_t root_gid = make_kgid(net->user_ns, 0); + /* Allow network administrator to have same access as root. */ -- if (capable(CAP_NET_ADMIN)) { -+ if (capable_nolog(CAP_NET_ADMIN)) { +- if (ns_capable(net->user_ns, CAP_NET_ADMIN) || ++ if (ns_capable_nolog(net->user_ns, CAP_NET_ADMIN) || + uid_eq(root_uid, current_uid())) { int mode = (table->mode >> 6) & 7; return (mode << 6) | (mode << 3) | mode; - } diff --git a/net/tipc/link.c b/net/tipc/link.c -index 1c1e615..113e0ae 100644 +index daa6080..02d357f 100644 --- a/net/tipc/link.c +++ b/net/tipc/link.c -@@ -1171,7 +1171,7 @@ static int link_send_sections_long(struct tipc_port *sender, +@@ -1201,7 +1201,7 @@ static int link_send_sections_long(struct tipc_port *sender, struct tipc_msg fragm_hdr; struct sk_buff *buf, *buf_chain, *prev; u32 fragm_crs, fragm_rest, hsz, sect_rest; @@ -80907,7 +88624,7 @@ index 1c1e615..113e0ae 100644 int curr_sect; u32 fragm_no; -@@ -1212,7 +1212,7 @@ again: +@@ -1242,7 +1242,7 @@ again: if (!sect_rest) { sect_rest = msg_sect[++curr_sect].iov_len; @@ -80916,7 +88633,7 @@ index 1c1e615..113e0ae 100644 } if (sect_rest < fragm_rest) -@@ -1231,7 +1231,7 @@ error: +@@ -1261,7 +1261,7 @@ error: } } else skb_copy_to_linear_data_offset(buf, fragm_crs, @@ -80939,7 +88656,7 @@ index f2db8a8..9245aa4 100644 pos += msg_sect[cnt].iov_len; } diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c -index 5ed5965..90abe34 100644 +index 6b42d47..2ac24d5 100644 --- a/net/tipc/subscr.c +++ b/net/tipc/subscr.c @@ -96,7 +96,7 @@ static void subscr_send_event(struct tipc_subscription *sub, @@ -80952,10 +88669,10 @@ index 5ed5965..90abe34 100644 sub->evt.event = htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index c5ee4ff..e905948 100644 +index 5b5c876..3127bf7 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c -@@ -789,6 +789,12 @@ static struct sock *unix_find_other(struct net *net, +@@ -786,6 +786,12 @@ static struct sock *unix_find_other(struct net *net, err = -ECONNREFUSED; if (!S_ISSOCK(inode->i_mode)) goto put_fail; @@ -80968,7 +88685,7 @@ index c5ee4ff..e905948 100644 u = unix_find_socket_byinode(inode); if (!u) goto put_fail; -@@ -809,6 +815,13 @@ static struct sock *unix_find_other(struct net *net, +@@ -806,6 +812,13 @@ static struct sock *unix_find_other(struct net *net, if (u) { struct dentry *dentry; dentry = unix_sk(u)->path.dentry; @@ -80982,7 +88699,7 @@ index c5ee4ff..e905948 100644 if (dentry) touch_atime(&unix_sk(u)->path); } else -@@ -842,12 +855,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res) +@@ -839,12 +852,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res) */ err = security_path_mknod(&path, dentry, mode, 0); if (!err) { @@ -81001,21 +88718,21 @@ index c5ee4ff..e905948 100644 done_path_create(&path, dentry); return err; } -diff --git a/net/wireless/core.h b/net/wireless/core.h -index bc7430b..35349de 100644 ---- a/net/wireless/core.h -+++ b/net/wireless/core.h -@@ -28,7 +28,7 @@ struct cfg80211_registered_device { - struct mutex mtx; +diff --git a/net/unix/sysctl_net_unix.c b/net/unix/sysctl_net_unix.c +index 8800604..0526440 100644 +--- a/net/unix/sysctl_net_unix.c ++++ b/net/unix/sysctl_net_unix.c +@@ -28,7 +28,7 @@ static ctl_table unix_table[] = { - /* rfkill support */ -- struct rfkill_ops rfkill_ops; -+ rfkill_ops_no_const rfkill_ops; - struct rfkill *rfkill; - struct work_struct rfkill_sync; + int __net_init unix_sysctl_register(struct net *net) + { +- struct ctl_table *table; ++ ctl_table_no_const *table; + table = kmemdup(unix_table, sizeof(unix_table), GFP_KERNEL); + if (table == NULL) diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c -index b0eb7aa..7d73e82 100644 +index c8717c1..08539f5 100644 --- a/net/wireless/wext-core.c +++ b/net/wireless/wext-core.c @@ -748,8 +748,7 @@ static int ioctl_standard_iw_point(struct iw_point *iwp, unsigned int cmd, @@ -81052,10 +88769,10 @@ index b0eb7aa..7d73e82 100644 iwp->length += essid_compat; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 387848e..a6667a2 100644 +index 07c5857..fde4018 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c -@@ -300,7 +300,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) +@@ -317,7 +317,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) { policy->walk.dead = 1; @@ -81064,7 +88781,7 @@ index 387848e..a6667a2 100644 if (del_timer(&policy->timer)) xfrm_pol_put(policy); -@@ -584,7 +584,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) +@@ -601,7 +601,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) hlist_add_head(&policy->bydst, chain); xfrm_pol_hold(policy); net->xfrm.policy_count[dir]++; @@ -81073,7 +88790,7 @@ index 387848e..a6667a2 100644 rt_genid_bump(net); if (delpol) __xfrm_policy_unlink(delpol, dir); -@@ -1533,7 +1533,7 @@ free_dst: +@@ -1550,7 +1550,7 @@ free_dst: goto out; } @@ -81082,7 +88799,7 @@ index 387848e..a6667a2 100644 xfrm_dst_alloc_copy(void **target, const void *src, int size) { if (!*target) { -@@ -1545,7 +1545,7 @@ xfrm_dst_alloc_copy(void **target, const void *src, int size) +@@ -1562,7 +1562,7 @@ xfrm_dst_alloc_copy(void **target, const void *src, int size) return 0; } @@ -81091,7 +88808,7 @@ index 387848e..a6667a2 100644 xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel) { #ifdef CONFIG_XFRM_SUB_POLICY -@@ -1557,7 +1557,7 @@ xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel) +@@ -1574,7 +1574,7 @@ xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel) #endif } @@ -81100,7 +88817,7 @@ index 387848e..a6667a2 100644 xfrm_dst_update_origin(struct dst_entry *dst, const struct flowi *fl) { #ifdef CONFIG_XFRM_SUB_POLICY -@@ -1651,7 +1651,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, +@@ -1668,7 +1668,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, xdst->num_pols = num_pols; memcpy(xdst->pols, pols, sizeof(struct xfrm_policy*) * num_pols); @@ -81109,7 +88826,7 @@ index 387848e..a6667a2 100644 return xdst; } -@@ -2352,7 +2352,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) +@@ -2369,7 +2369,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) if (xdst->xfrm_genid != dst->xfrm->genid) return 0; if (xdst->num_pols > 0 && @@ -81118,7 +88835,32 @@ index 387848e..a6667a2 100644 return 0; mtu = dst_mtu(dst->child); -@@ -2891,7 +2891,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, +@@ -2457,8 +2457,11 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) + dst_ops->link_failure = xfrm_link_failure; + if (likely(dst_ops->neigh_lookup == NULL)) + dst_ops->neigh_lookup = xfrm_neigh_lookup; +- if (likely(afinfo->garbage_collect == NULL)) +- afinfo->garbage_collect = xfrm_garbage_collect_deferred; ++ if (likely(afinfo->garbage_collect == NULL)) { ++ pax_open_kernel(); ++ *(void **)&afinfo->garbage_collect = xfrm_garbage_collect_deferred; ++ pax_close_kernel(); ++ } + rcu_assign_pointer(xfrm_policy_afinfo[afinfo->family], afinfo); + } + spin_unlock(&xfrm_policy_afinfo_lock); +@@ -2512,7 +2515,9 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo) + dst_ops->check = NULL; + dst_ops->negative_advice = NULL; + dst_ops->link_failure = NULL; +- afinfo->garbage_collect = NULL; ++ pax_open_kernel(); ++ *(void **)&afinfo->garbage_collect = NULL; ++ pax_close_kernel(); + } + return err; + } +@@ -2896,7 +2901,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, sizeof(pol->xfrm_vec[i].saddr)); pol->xfrm_vec[i].encap_family = mp->new_family; /* flush bundles */ @@ -81127,8 +88869,113 @@ index 387848e..a6667a2 100644 } } +diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c +index 3459692..e7cdb1a 100644 +--- a/net/xfrm/xfrm_state.c ++++ b/net/xfrm/xfrm_state.c +@@ -194,11 +194,13 @@ int xfrm_register_type(const struct xfrm_type *type, unsigned short family) + + if (unlikely(afinfo == NULL)) + return -EAFNOSUPPORT; +- typemap = afinfo->type_map; ++ typemap = (const struct xfrm_type **)afinfo->type_map; + +- if (likely(typemap[type->proto] == NULL)) ++ if (likely(typemap[type->proto] == NULL)) { ++ pax_open_kernel(); + typemap[type->proto] = type; +- else ++ pax_close_kernel(); ++ } else + err = -EEXIST; + xfrm_state_unlock_afinfo(afinfo); + return err; +@@ -213,12 +215,15 @@ int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family) + + if (unlikely(afinfo == NULL)) + return -EAFNOSUPPORT; +- typemap = afinfo->type_map; ++ typemap = (const struct xfrm_type **)afinfo->type_map; + + if (unlikely(typemap[type->proto] != type)) + err = -ENOENT; +- else ++ else { ++ pax_open_kernel(); + typemap[type->proto] = NULL; ++ pax_close_kernel(); ++ } + xfrm_state_unlock_afinfo(afinfo); + return err; + } +@@ -227,7 +232,6 @@ EXPORT_SYMBOL(xfrm_unregister_type); + static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family) + { + struct xfrm_state_afinfo *afinfo; +- const struct xfrm_type **typemap; + const struct xfrm_type *type; + int modload_attempted = 0; + +@@ -235,9 +239,8 @@ retry: + afinfo = xfrm_state_get_afinfo(family); + if (unlikely(afinfo == NULL)) + return NULL; +- typemap = afinfo->type_map; + +- type = typemap[proto]; ++ type = afinfo->type_map[proto]; + if (unlikely(type && !try_module_get(type->owner))) + type = NULL; + if (!type && !modload_attempted) { +@@ -270,7 +273,7 @@ int xfrm_register_mode(struct xfrm_mode *mode, int family) + return -EAFNOSUPPORT; + + err = -EEXIST; +- modemap = afinfo->mode_map; ++ modemap = (struct xfrm_mode **)afinfo->mode_map; + if (modemap[mode->encap]) + goto out; + +@@ -278,8 +281,10 @@ int xfrm_register_mode(struct xfrm_mode *mode, int family) + if (!try_module_get(afinfo->owner)) + goto out; + +- mode->afinfo = afinfo; ++ pax_open_kernel(); ++ *(const void **)&mode->afinfo = afinfo; + modemap[mode->encap] = mode; ++ pax_close_kernel(); + err = 0; + + out: +@@ -302,9 +307,11 @@ int xfrm_unregister_mode(struct xfrm_mode *mode, int family) + return -EAFNOSUPPORT; + + err = -ENOENT; +- modemap = afinfo->mode_map; ++ modemap = (struct xfrm_mode **)afinfo->mode_map; + if (likely(modemap[mode->encap] == mode)) { ++ pax_open_kernel(); + modemap[mode->encap] = NULL; ++ pax_close_kernel(); + module_put(mode->afinfo->owner); + err = 0; + } +diff --git a/net/xfrm/xfrm_sysctl.c b/net/xfrm/xfrm_sysctl.c +index 05a6e3d..6716ec9 100644 +--- a/net/xfrm/xfrm_sysctl.c ++++ b/net/xfrm/xfrm_sysctl.c +@@ -42,7 +42,7 @@ static struct ctl_table xfrm_table[] = { + + int __net_init xfrm_sysctl_init(struct net *net) + { +- struct ctl_table *table; ++ ctl_table_no_const *table; + + __xfrm_sysctl_init(net); + diff --git a/scripts/Makefile.build b/scripts/Makefile.build -index ff1720d..ed8475e 100644 +index 0e801c3..5c8ad3b 100644 --- a/scripts/Makefile.build +++ b/scripts/Makefile.build @@ -111,7 +111,7 @@ endif @@ -81274,12 +89121,12 @@ index cb1f50c..cef2a7c 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..008ac1a +index 0000000..5e0222d --- /dev/null +++ b/scripts/gcc-plugin.sh @@ -0,0 +1,17 @@ +#!/bin/bash -+plugincc=`$1 -x c -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF ++plugincc=`$1 -E -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF +#include "gcc-plugin.h" +#include "tree.h" +#include "tm.h" @@ -81309,7 +89156,7 @@ index b3d907e..a4782ab 100644 kallsymso="" kallsyms_vmlinux="" diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c -index 7ed6864..b6e90e6 100644 +index df4fc23..0ea719d 100644 --- a/scripts/mod/file2alias.c +++ b/scripts/mod/file2alias.c @@ -128,7 +128,7 @@ static void device_id_check(const char *modname, const char *device_id, @@ -81376,10 +89223,10 @@ index 7ed6864..b6e90e6 100644 sprintf(alias, "dmi*"); diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index 68e9f5e..ac7759b 100644 +index ff36c50..7ab4fa9 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c -@@ -930,6 +930,7 @@ enum mismatch { +@@ -929,6 +929,7 @@ enum mismatch { ANY_INIT_TO_ANY_EXIT, ANY_EXIT_TO_ANY_INIT, EXPORT_TO_INIT_EXIT, @@ -81387,7 +89234,7 @@ index 68e9f5e..ac7759b 100644 }; struct sectioncheck { -@@ -1044,6 +1045,12 @@ const struct sectioncheck sectioncheck[] = { +@@ -1043,6 +1044,12 @@ const struct sectioncheck sectioncheck[] = { .tosec = { INIT_SECTIONS, EXIT_SECTIONS, NULL }, .mismatch = EXPORT_TO_INIT_EXIT, .symbol_white_list = { DEFAULT_SYMBOL_WHITE_LIST, NULL }, @@ -81400,7 +89247,7 @@ index 68e9f5e..ac7759b 100644 } }; -@@ -1166,10 +1173,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, +@@ -1165,10 +1172,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, continue; if (ELF_ST_TYPE(sym->st_info) == STT_SECTION) continue; @@ -81413,7 +89260,7 @@ index 68e9f5e..ac7759b 100644 if (d < 0) d = addr - sym->st_value; if (d < distance) { -@@ -1448,6 +1455,14 @@ static void report_sec_mismatch(const char *modname, +@@ -1447,6 +1454,14 @@ static void report_sec_mismatch(const char *modname, tosym, prl_to, prl_to, tosym); free(prl_to); break; @@ -81428,7 +89275,7 @@ index 68e9f5e..ac7759b 100644 } fprintf(stderr, "\n"); } -@@ -1682,7 +1697,7 @@ static void section_rel(const char *modname, struct elf_info *elf, +@@ -1681,7 +1696,7 @@ static void section_rel(const char *modname, struct elf_info *elf, static void check_sec_ref(struct module *mod, const char *modname, struct elf_info *elf) { @@ -81437,7 +89284,7 @@ index 68e9f5e..ac7759b 100644 Elf_Shdr *sechdrs = elf->sechdrs; /* Walk through all sections */ -@@ -1780,7 +1795,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf, +@@ -1779,7 +1794,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf, va_end(ap); } @@ -81446,7 +89293,7 @@ index 68e9f5e..ac7759b 100644 { if (buf->size - buf->pos < len) { buf->size += len + SZ; -@@ -1998,7 +2013,7 @@ static void write_if_changed(struct buffer *b, const char *fname) +@@ -1997,7 +2012,7 @@ static void write_if_changed(struct buffer *b, const char *fname) if (fstat(fileno(file), &st) < 0) goto close_write; @@ -81492,10 +89339,10 @@ index 9dfcd6d..099068e 100644 filename, strerror(errno)); goto out; diff --git a/scripts/pnmtologo.c b/scripts/pnmtologo.c -index 5c11312..72742b5 100644 +index 68bb4ef..2f419e1 100644 --- a/scripts/pnmtologo.c +++ b/scripts/pnmtologo.c -@@ -237,14 +237,14 @@ static void write_header(void) +@@ -244,14 +244,14 @@ static void write_header(void) fprintf(out, " * Linux logo %s\n", logoname); fputs(" */\n\n", out); fputs("#include <linux/linux_logo.h>\n\n", out); @@ -81512,7 +89359,7 @@ index 5c11312..72742b5 100644 fprintf(out, "\t.type\t\t= %s,\n", logo_types[logo_type]); fprintf(out, "\t.width\t\t= %d,\n", logo_width); fprintf(out, "\t.height\t\t= %d,\n", logo_height); -@@ -374,7 +374,7 @@ static void write_logo_clut224(void) +@@ -381,7 +381,7 @@ static void write_logo_clut224(void) fputs("\n};\n\n", out); /* write logo clut */ @@ -81521,11 +89368,28 @@ index 5c11312..72742b5 100644 logoname); write_hex_cnt = 0; for (i = 0; i < logo_clutsize; i++) { +diff --git a/scripts/sortextable.h b/scripts/sortextable.h +index e4fd45b..2eeb5c4 100644 +--- a/scripts/sortextable.h ++++ b/scripts/sortextable.h +@@ -106,9 +106,9 @@ do_func(Elf_Ehdr *ehdr, char const *const fname, table_sort_t custom_sort) + const char *secstrtab; + const char *strtab; + char *extab_image; +- int extab_index = 0; +- int i; +- int idx; ++ unsigned int extab_index = 0; ++ unsigned int i; ++ unsigned int idx; + + shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff)); + shstrtab_sec = shdr + r2(&ehdr->e_shstrndx); diff --git a/security/Kconfig b/security/Kconfig -index e9c6ac7..152c2e3 100644 +index e9c6ac7..952353c 100644 --- a/security/Kconfig +++ b/security/Kconfig -@@ -4,6 +4,896 @@ +@@ -4,6 +4,925 @@ menu "Security options" @@ -82103,7 +89967,7 @@ index e9c6ac7..152c2e3 100644 +config PAX_KERNEXEC + bool "Enforce non-executable kernel pages" + default y if GRKERNSEC_CONFIG_AUTO && (GRKERNSEC_CONFIG_VIRT_NONE || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_GUEST) || (GRKERNSEC_CONFIG_VIRT_EPT && GRKERNSEC_CONFIG_VIRT_KVM)) -+ depends on X86 && (!X86_32 || X86_WP_WORKS_OK) && !XEN ++ depends on ((X86 && (!X86_32 || X86_WP_WORKS_OK)) || (ARM && (CPU_V6 || CPU_V7) && !(ARM_LPAE && MODULES))) && !XEN + select PAX_PER_CPU_PGD if X86_64 || (X86_32 && X86_PAE) + select PAX_KERNEXEC_PLUGIN if X86_64 + help @@ -82305,8 +90169,8 @@ index e9c6ac7..152c2e3 100644 + +config PAX_MEMORY_UDEREF + bool "Prevent invalid userland pointer dereference" -+ default y if GRKERNSEC_CONFIG_AUTO && (X86_32 || (X86_64 && GRKERNSEC_CONFIG_PRIORITY_SECURITY)) && (GRKERNSEC_CONFIG_VIRT_NONE || GRKERNSEC_CONFIG_VIRT_EPT) -+ depends on X86 && !UML_X86 && !XEN ++ default y if GRKERNSEC_CONFIG_AUTO && !(X86_64 && GRKERNSEC_CONFIG_PRIORITY_PERF) && (GRKERNSEC_CONFIG_VIRT_NONE || GRKERNSEC_CONFIG_VIRT_EPT) ++ depends on (X86 || (ARM && (CPU_V6 || CPU_V7) && !ARM_LPAE)) && !UML_X86 && !XEN + select PAX_PER_CPU_PGD if X86_64 + help + By saying Y here the kernel will be prevented from dereferencing @@ -82343,10 +90207,28 @@ index e9c6ac7..152c2e3 100644 + Since this has a negligible performance impact, you should enable + this feature. + ++config PAX_CONSTIFY_PLUGIN ++ bool "Automatically constify eligible structures" ++ default y ++ depends on !UML ++ help ++ By saying Y here the compiler will automatically constify a class ++ of types that contain only function pointers. This reduces the ++ kernel's attack surface and also produces a better memory layout. ++ ++ Note that the implementation requires a gcc with plugin support, ++ i.e., gcc 4.5 or newer. You may need to install the supporting ++ headers explicitly in addition to the normal gcc package. ++ ++ Note that if some code really has to modify constified variables ++ then the source code will have to be patched to allow it. Examples ++ can be found in PaX itself (the no_const attribute) and for some ++ out-of-tree modules at http://www.grsecurity.net/~paxguy1/ . ++ +config PAX_USERCOPY + bool "Harden heap object copies between kernel and userland" + default y if GRKERNSEC_CONFIG_AUTO -+ depends on X86 || PPC || SPARC || ARM ++ depends on ARM || IA64 || PPC || SPARC || X86 + depends on GRKERNSEC && (SLAB || SLUB || SLOB) + select PAX_USERCOPY_SLABS + help @@ -82374,6 +90256,12 @@ index e9c6ac7..152c2e3 100644 + Since this has a negligible performance impact, you should enable + this feature. + ++ ++config PAX_USERCOPY_DEBUG ++ bool ++ depends on X86 && PAX_USERCOPY ++ default n ++ +config PAX_SIZE_OVERFLOW + bool "Prevent various integer overflows in function size parameters" + default y if GRKERNSEC_CONFIG_AUTO @@ -82402,6 +90290,11 @@ index e9c6ac7..152c2e3 100644 + there is little 'natural' source of entropy normally. The cost + is some slowdown of the boot process. + ++ When pax_extra_latent_entropy is passed on the kernel command line, ++ entropy will be extracted from up to the first 4GB of RAM while the ++ runtime memory allocator is being initialized. This costs even more ++ slowdown of the boot process. ++ + Note that the implementation requires a gcc with plugin support, + i.e., gcc 4.5 or newer. You may need to install the supporting + headers explicitly in addition to the normal gcc package. @@ -82422,7 +90315,7 @@ index e9c6ac7..152c2e3 100644 source security/keys/Kconfig config SECURITY_DMESG_RESTRICT -@@ -103,7 +993,7 @@ config INTEL_TXT +@@ -103,7 +1022,7 @@ config INTEL_TXT config LSM_MMAP_MIN_ADDR int "Low address space for LSM to protect from user allocation" depends on SECURITY && SECURITY_SELINUX @@ -82432,7 +90325,7 @@ index e9c6ac7..152c2e3 100644 help This is the portion of low virtual memory which should be protected diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c -index 8ea39aa..8569ac5e 100644 +index 8c2a7f6..b133ac9 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -614,7 +614,7 @@ static int apparmor_task_setrlimit(struct task_struct *task, @@ -82445,10 +90338,10 @@ index 8ea39aa..8569ac5e 100644 .ptrace_access_check = apparmor_ptrace_access_check, diff --git a/security/commoncap.c b/security/commoncap.c -index 6dbae46..d5611fd 100644 +index 7ee08c7..8d1a9d6 100644 --- a/security/commoncap.c +++ b/security/commoncap.c -@@ -415,6 +415,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data +@@ -424,6 +424,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data return 0; } @@ -82481,7 +90374,7 @@ index 6dbae46..d5611fd 100644 /* * Attempt to get the on-exec apply capability sets for an executable file from * its xattrs and, if present, apply them to the proposed credentials being -@@ -583,6 +609,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) +@@ -592,6 +618,9 @@ int cap_bprm_secureexec(struct linux_binprm *bprm) const struct cred *cred = current_cred(); kuid_t root_uid = make_kuid(cred->user_ns, 0); @@ -82492,10 +90385,10 @@ index 6dbae46..d5611fd 100644 if (bprm->cap_effective) return 1; diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h -index e7c99fd..5b2fa24 100644 +index 079a85d..12e93f8 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h -@@ -95,8 +95,8 @@ void ima_add_violation(struct inode *inode, const unsigned char *filename, +@@ -96,8 +96,8 @@ void ima_add_violation(struct inode *inode, const unsigned char *filename, extern spinlock_t ima_queue_lock; struct ima_h_table { @@ -82507,10 +90400,10 @@ index e7c99fd..5b2fa24 100644 }; extern struct ima_h_table ima_htable; diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c -index 032ff03..c428a74 100644 +index 0cea3db..2f0ef77 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c -@@ -75,7 +75,7 @@ void ima_add_violation(struct inode *inode, const unsigned char *filename, +@@ -79,7 +79,7 @@ void ima_add_violation(struct inode *inode, const unsigned char *filename, int result; /* can overflow, only indicator */ @@ -82564,11 +90457,68 @@ index 1c26176..64a1ba2 100644 if (iov != iovstack) kfree(iov); +diff --git a/security/keys/key.c b/security/keys/key.c +index 8fb7c7b..ba3610d 100644 +--- a/security/keys/key.c ++++ b/security/keys/key.c +@@ -284,7 +284,7 @@ struct key *key_alloc(struct key_type *type, const char *desc, + + atomic_set(&key->usage, 1); + init_rwsem(&key->sem); +- lockdep_set_class(&key->sem, &type->lock_class); ++ lockdep_set_class(&key->sem, (struct lock_class_key *)&type->lock_class); + key->type = type; + key->user = user; + key->quotalen = quotalen; +@@ -1032,7 +1032,9 @@ int register_key_type(struct key_type *ktype) + struct key_type *p; + int ret; + +- memset(&ktype->lock_class, 0, sizeof(ktype->lock_class)); ++ pax_open_kernel(); ++ memset((void *)&ktype->lock_class, 0, sizeof(ktype->lock_class)); ++ pax_close_kernel(); + + ret = -EEXIST; + down_write(&key_types_sem); +@@ -1044,7 +1046,7 @@ int register_key_type(struct key_type *ktype) + } + + /* store the type */ +- list_add(&ktype->link, &key_types_list); ++ pax_list_add((struct list_head *)&ktype->link, &key_types_list); + + pr_notice("Key type %s registered\n", ktype->name); + ret = 0; +@@ -1066,7 +1068,7 @@ EXPORT_SYMBOL(register_key_type); + void unregister_key_type(struct key_type *ktype) + { + down_write(&key_types_sem); +- list_del_init(&ktype->link); ++ pax_list_del_init((struct list_head *)&ktype->link); + downgrade_write(&key_types_sem); + key_gc_keytype(ktype); + pr_notice("Key type %s unregistered\n", ktype->name); +@@ -1084,10 +1086,10 @@ void __init key_init(void) + 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL); + + /* add the special key types */ +- list_add_tail(&key_type_keyring.link, &key_types_list); +- list_add_tail(&key_type_dead.link, &key_types_list); +- list_add_tail(&key_type_user.link, &key_types_list); +- list_add_tail(&key_type_logon.link, &key_types_list); ++ pax_list_add_tail((struct list_head *)&key_type_keyring.link, &key_types_list); ++ pax_list_add_tail((struct list_head *)&key_type_dead.link, &key_types_list); ++ pax_list_add_tail((struct list_head *)&key_type_user.link, &key_types_list); ++ pax_list_add_tail((struct list_head *)&key_type_logon.link, &key_types_list); + + /* record the root user tracking */ + rb_link_node(&root_key_user.node, diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c -index 3364fbf..1f10f31 100644 +index 4b5c948..2054dc1 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c -@@ -966,7 +966,7 @@ static int keyctl_change_reqkey_auth(struct key *key) +@@ -986,7 +986,7 @@ static int keyctl_change_reqkey_auth(struct key *key) /* * Copy the iovec data from userspace */ @@ -82577,7 +90527,7 @@ index 3364fbf..1f10f31 100644 unsigned ioc) { for (; ioc > 0; ioc--) { -@@ -988,7 +988,7 @@ static long copy_from_user_iovec(void *buffer, const struct iovec *iov, +@@ -1008,7 +1008,7 @@ static long copy_from_user_iovec(void *buffer, const struct iovec *iov, * If successful, 0 will be returned. */ long keyctl_instantiate_key_common(key_serial_t id, @@ -82586,7 +90536,7 @@ index 3364fbf..1f10f31 100644 unsigned ioc, size_t plen, key_serial_t ringid) -@@ -1083,7 +1083,7 @@ long keyctl_instantiate_key(key_serial_t id, +@@ -1103,7 +1103,7 @@ long keyctl_instantiate_key(key_serial_t id, [0].iov_len = plen }; @@ -82595,17 +90545,17 @@ index 3364fbf..1f10f31 100644 } return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); -@@ -1116,7 +1116,7 @@ long keyctl_instantiate_key_iov(key_serial_t id, +@@ -1136,7 +1136,7 @@ long keyctl_instantiate_key_iov(key_serial_t id, if (ret == 0) goto no_payload_free; - ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid); + ret = keyctl_instantiate_key_common(id, (const struct iovec __force_user *)iov, ioc, ret, ringid); - + err: if (iov != iovstack) kfree(iov); diff --git a/security/keys/keyring.c b/security/keys/keyring.c -index 81e7852..2b2ecc3 100644 +index 6ece7f2..ecdb55c 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c @@ -227,16 +227,16 @@ static long keyring_read(const struct key *keyring, @@ -82628,6 +90578,19 @@ index 81e7852..2b2ecc3 100644 goto error; buflen -= tmp; +diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c +index 58dfe08..c5ec083 100644 +--- a/security/keys/process_keys.c ++++ b/security/keys/process_keys.c +@@ -57,7 +57,7 @@ int install_user_keyrings(void) + + kenter("%p{%u}", user, uid); + +- if (user->uid_keyring) { ++ if (user->uid_keyring && user->session_keyring) { + kleave(" = 0 [exist]"); + return 0; + } diff --git a/security/min_addr.c b/security/min_addr.c index f728728..6457a0c 100644 --- a/security/min_addr.c @@ -82649,7 +90612,7 @@ index f728728..6457a0c 100644 /* diff --git a/security/security.c b/security/security.c -index 860aeb3..45765c0 100644 +index 7b88c6a..1e3ea8f 100644 --- a/security/security.c +++ b/security/security.c @@ -20,6 +20,7 @@ @@ -82682,7 +90645,7 @@ index 860aeb3..45765c0 100644 /* Save user chosen LSM */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index 6c77f63..7496c76 100644 +index ef26e96..642fb78 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -95,8 +95,6 @@ @@ -82694,7 +90657,7 @@ index 6c77f63..7496c76 100644 /* SECMARK reference count */ static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); -@@ -5511,7 +5509,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) +@@ -5501,7 +5499,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif @@ -82717,10 +90680,10 @@ index 65f67cb..3f141ef 100644 } #else diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index 8221514..5c4775f 100644 +index 38be92c..21f49ee 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c -@@ -3429,7 +3429,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +@@ -3398,7 +3398,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) return 0; } @@ -82729,11 +90692,26 @@ index 8221514..5c4775f 100644 .name = "smack", .ptrace_access_check = smack_ptrace_access_check, +diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c +index 390c646..f2f8db3 100644 +--- a/security/tomoyo/mount.c ++++ b/security/tomoyo/mount.c +@@ -118,6 +118,10 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, + type == tomoyo_mounts[TOMOYO_MOUNT_MOVE]) { + need_dev = -1; /* dev_name is a directory */ + } else { ++ if (!capable(CAP_SYS_ADMIN)) { ++ error = -EPERM; ++ goto out; ++ } + fstype = get_fs_type(type); + if (!fstype) { + error = -ENODEV; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c -index c2d04a5..e6a1aeb 100644 +index a2ee362..5754f34 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c -@@ -501,7 +501,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, +@@ -503,7 +503,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg, * tomoyo_security_ops is a "struct security_operations" which is used for * registering TOMOYO. */ @@ -82743,7 +90721,7 @@ index c2d04a5..e6a1aeb 100644 .cred_alloc_blank = tomoyo_cred_alloc_blank, .cred_prepare = tomoyo_cred_prepare, diff --git a/security/yama/Kconfig b/security/yama/Kconfig -index 51d6709..1f3dbe2 100644 +index 20ef514..4182bed 100644 --- a/security/yama/Kconfig +++ b/security/yama/Kconfig @@ -1,6 +1,6 @@ @@ -82754,6 +90732,56 @@ index 51d6709..1f3dbe2 100644 select SECURITYFS select SECURITY_PATH default n +diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c +index 23414b9..b92b314 100644 +--- a/security/yama/yama_lsm.c ++++ b/security/yama/yama_lsm.c +@@ -367,7 +367,7 @@ int yama_ptrace_traceme(struct task_struct *parent) + } + + #ifndef CONFIG_SECURITY_YAMA_STACKED +-static struct security_operations yama_ops = { ++static struct security_operations yama_ops __read_only = { + .name = "yama", + + .ptrace_access_check = yama_ptrace_access_check, +@@ -378,28 +378,24 @@ static struct security_operations yama_ops = { + #endif + + #ifdef CONFIG_SYSCTL ++static int zero __read_only; ++static int max_scope __read_only = YAMA_SCOPE_NO_ATTACH; ++ + static int yama_dointvec_minmax(struct ctl_table *table, int write, + void __user *buffer, size_t *lenp, loff_t *ppos) + { +- int rc; ++ ctl_table_no_const yama_table; + + if (write && !capable(CAP_SYS_PTRACE)) + return -EPERM; + +- rc = proc_dointvec_minmax(table, write, buffer, lenp, ppos); +- if (rc) +- return rc; +- ++ yama_table = *table; + /* Lock the max value if it ever gets set. */ +- if (write && *(int *)table->data == *(int *)table->extra2) +- table->extra1 = table->extra2; +- +- return rc; ++ if (ptrace_scope == max_scope) ++ yama_table.extra1 = &max_scope; ++ return proc_dointvec_minmax(&yama_table, write, buffer, lenp, ppos); + } + +-static int zero; +-static int max_scope = YAMA_SCOPE_NO_ATTACH; +- + struct ctl_path yama_sysctl_path[] = { + { .procname = "kernel", }, + { .procname = "yama", }, diff --git a/sound/aoa/codecs/onyx.c b/sound/aoa/codecs/onyx.c index 4cedc69..e59d8a3 100644 --- a/sound/aoa/codecs/onyx.c @@ -82874,7 +90902,7 @@ index 4c1cc51..16040040 100644 } } else if (runtime->access == SNDRV_PCM_ACCESS_RW_NONINTERLEAVED) { diff --git a/sound/core/pcm_compat.c b/sound/core/pcm_compat.c -index 91cdf94..4085161 100644 +index af49721..e85058e 100644 --- a/sound/core/pcm_compat.c +++ b/sound/core/pcm_compat.c @@ -31,7 +31,7 @@ static int snd_pcm_ioctl_delay_compat(struct snd_pcm_substream *substream, @@ -82887,10 +90915,10 @@ index 91cdf94..4085161 100644 if (err < 0) return err; diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c -index bf3bf43..3826cbc 100644 +index 09b4286..8620fac 100644 --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c -@@ -2803,11 +2803,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, +@@ -2806,11 +2806,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, switch (substream->stream) { case SNDRV_PCM_STREAM_PLAYBACK: result = snd_pcm_playback_ioctl1(NULL, substream, cmd, @@ -82905,7 +90933,7 @@ index bf3bf43..3826cbc 100644 default: result = -EINVAL; diff --git a/sound/core/seq/seq_device.c b/sound/core/seq/seq_device.c -index 5cf8d65..912a79c 100644 +index 040c60e..989a19a 100644 --- a/sound/core/seq/seq_device.c +++ b/sound/core/seq/seq_device.c @@ -64,7 +64,7 @@ struct ops_list { @@ -82915,7 +90943,7 @@ index 5cf8d65..912a79c 100644 - struct snd_seq_dev_ops ops; + struct snd_seq_dev_ops *ops; - /* registred devices */ + /* registered devices */ struct list_head dev_list; /* list of devices */ @@ -333,7 +333,7 @@ int snd_seq_device_register_driver(char *id, struct snd_seq_dev_ops *entry, @@ -82945,7 +90973,7 @@ index 5cf8d65..912a79c 100644 dev->driver_data = NULL; ops->num_init_devices--; diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c -index 2d5514b..3afae9c 100644 +index 4e0dd22..7a1f32c 100644 --- a/sound/drivers/mts64.c +++ b/sound/drivers/mts64.c @@ -29,6 +29,7 @@ @@ -83018,7 +91046,7 @@ index b953fb4..1999c01 100644 int timeout = 10; while ((inb(opl4->fm_port) & OPL4_STATUS_BUSY) && --timeout > 0) diff --git a/sound/drivers/portman2x4.c b/sound/drivers/portman2x4.c -index 8364855..59f2e2b 100644 +index 991018d..8984740 100644 --- a/sound/drivers/portman2x4.c +++ b/sound/drivers/portman2x4.c @@ -48,6 +48,7 @@ @@ -83117,24 +91145,44 @@ index d428ffe..751ef78 100644 break; default: return -EINVAL; -diff --git a/sound/isa/cmi8330.c b/sound/isa/cmi8330.c -index 7bd5e33..1fcab12 100644 ---- a/sound/isa/cmi8330.c -+++ b/sound/isa/cmi8330.c -@@ -172,7 +172,7 @@ struct snd_cmi8330 { - - struct snd_pcm *pcm; - struct snd_cmi8330_stream { -- struct snd_pcm_ops ops; -+ snd_pcm_ops_no_const ops; - snd_pcm_open_callback_t open; - void *private_data; /* sb or wss */ - } streams[2]; +diff --git a/sound/firewire/scs1x.c b/sound/firewire/scs1x.c +index 844a555..985ab83 100644 +--- a/sound/firewire/scs1x.c ++++ b/sound/firewire/scs1x.c +@@ -74,7 +74,7 @@ static void scs_output_trigger(struct snd_rawmidi_substream *stream, int up) + { + struct scs *scs = stream->rmidi->private_data; + +- ACCESS_ONCE(scs->output) = up ? stream : NULL; ++ ACCESS_ONCE_RW(scs->output) = up ? stream : NULL; + if (up) { + scs->output_idle = false; + tasklet_schedule(&scs->tasklet); +@@ -257,7 +257,7 @@ static void scs_input_trigger(struct snd_rawmidi_substream *stream, int up) + { + struct scs *scs = stream->rmidi->private_data; + +- ACCESS_ONCE(scs->input) = up ? stream : NULL; ++ ACCESS_ONCE_RW(scs->input) = up ? stream : NULL; + } + + static void scs_input_escaped_byte(struct snd_rawmidi_substream *stream, +@@ -457,8 +457,8 @@ static int scs_remove(struct device *dev) + + snd_card_disconnect(scs->card); + +- ACCESS_ONCE(scs->output) = NULL; +- ACCESS_ONCE(scs->input) = NULL; ++ ACCESS_ONCE_RW(scs->output) = NULL; ++ ACCESS_ONCE_RW(scs->input) = NULL; + + wait_event(scs->idle_wait, scs->output_idle); + diff --git a/sound/oss/sb_audio.c b/sound/oss/sb_audio.c -index b2b3c01..e1c1e1f 100644 +index 048439a..3be9f6f 100644 --- a/sound/oss/sb_audio.c +++ b/sound/oss/sb_audio.c -@@ -903,7 +903,7 @@ sb16_copy_from_user(int dev, +@@ -904,7 +904,7 @@ sb16_copy_from_user(int dev, buf16 = (signed short *)(localbuf + localoffs); while (c) { @@ -83181,69 +91229,8 @@ index 7d8803a..559f8d0 100644 list_add(&s->list, &cs4297a_devs); -diff --git a/sound/pci/hda/hda_codec.h b/sound/pci/hda/hda_codec.h -index e5a7e19..4049063 100644 ---- a/sound/pci/hda/hda_codec.h -+++ b/sound/pci/hda/hda_codec.h -@@ -614,7 +614,7 @@ struct hda_bus_ops { - /* notify power-up/down from codec to controller */ - void (*pm_notify)(struct hda_bus *bus); - #endif --}; -+} __no_const; - - /* template to pass to the bus constructor */ - struct hda_bus_template { -@@ -714,6 +714,7 @@ struct hda_codec_ops { - #endif - void (*reboot_notify)(struct hda_codec *codec); - }; -+typedef struct hda_codec_ops __no_const hda_codec_ops_no_const; - - /* record for amp information cache */ - struct hda_cache_head { -@@ -744,7 +745,7 @@ struct hda_pcm_ops { - struct snd_pcm_substream *substream); - int (*cleanup)(struct hda_pcm_stream *info, struct hda_codec *codec, - struct snd_pcm_substream *substream); --}; -+} __no_const; - - /* PCM information for each substream */ - struct hda_pcm_stream { -@@ -802,7 +803,7 @@ struct hda_codec { - const char *modelname; /* model name for preset */ - - /* set by patch */ -- struct hda_codec_ops patch_ops; -+ hda_codec_ops_no_const patch_ops; - - /* PCM to create, set by patch_ops.build_pcms callback */ - unsigned int num_pcms; -diff --git a/sound/pci/ice1712/ice1712.h b/sound/pci/ice1712/ice1712.h -index 0da778a..bc38b84 100644 ---- a/sound/pci/ice1712/ice1712.h -+++ b/sound/pci/ice1712/ice1712.h -@@ -269,7 +269,7 @@ struct snd_ak4xxx_private { - unsigned int mask_flags; /* total mask bits */ - struct snd_akm4xxx_ops { - void (*set_rate_val)(struct snd_akm4xxx *ak, unsigned int rate); -- } ops; -+ } __no_const ops; - }; - - struct snd_ice1712_spdif { -@@ -285,7 +285,7 @@ struct snd_ice1712_spdif { - int (*default_put)(struct snd_ice1712 *, struct snd_ctl_elem_value *ucontrol); - void (*stream_get)(struct snd_ice1712 *, struct snd_ctl_elem_value *ucontrol); - int (*stream_put)(struct snd_ice1712 *, struct snd_ctl_elem_value *ucontrol); -- } ops; -+ } __no_const ops; - }; - - diff --git a/sound/pci/ymfpci/ymfpci.h b/sound/pci/ymfpci/ymfpci.h -index bddc405..2c0733c 100644 +index 4631a23..001ae57 100644 --- a/sound/pci/ymfpci/ymfpci.h +++ b/sound/pci/ymfpci/ymfpci.h @@ -358,7 +358,7 @@ struct snd_ymfpci { @@ -83256,10 +91243,10 @@ index bddc405..2c0733c 100644 const struct firmware *dsp_microcode; const struct firmware *controller_microcode; diff --git a/sound/pci/ymfpci/ymfpci_main.c b/sound/pci/ymfpci/ymfpci_main.c -index 62b2363..ee77972 100644 +index 22056c5..25d3244 100644 --- a/sound/pci/ymfpci/ymfpci_main.c +++ b/sound/pci/ymfpci/ymfpci_main.c -@@ -203,8 +203,8 @@ static void snd_ymfpci_hw_stop(struct snd_ymfpci *chip) +@@ -202,8 +202,8 @@ static void snd_ymfpci_hw_stop(struct snd_ymfpci *chip) if ((snd_ymfpci_readl(chip, YDSXGR_STATUS) & 2) == 0) break; } @@ -83270,7 +91257,7 @@ index 62b2363..ee77972 100644 wake_up(&chip->interrupt_sleep); } __end: -@@ -788,7 +788,7 @@ static void snd_ymfpci_irq_wait(struct snd_ymfpci *chip) +@@ -787,7 +787,7 @@ static void snd_ymfpci_irq_wait(struct snd_ymfpci *chip) continue; init_waitqueue_entry(&wait, current); add_wait_queue(&chip->interrupt_sleep, &wait); @@ -83279,7 +91266,7 @@ index 62b2363..ee77972 100644 schedule_timeout_uninterruptible(msecs_to_jiffies(50)); remove_wait_queue(&chip->interrupt_sleep, &wait); } -@@ -826,8 +826,8 @@ static irqreturn_t snd_ymfpci_interrupt(int irq, void *dev_id) +@@ -825,8 +825,8 @@ static irqreturn_t snd_ymfpci_interrupt(int irq, void *dev_id) snd_ymfpci_writel(chip, YDSXGR_MODE, mode); spin_unlock(&chip->reg_lock); @@ -83290,7 +91277,7 @@ index 62b2363..ee77972 100644 wake_up(&chip->interrupt_sleep); } } -@@ -2402,7 +2402,7 @@ int __devinit snd_ymfpci_create(struct snd_card *card, +@@ -2421,7 +2421,7 @@ int snd_ymfpci_create(struct snd_card *card, spin_lock_init(&chip->reg_lock); spin_lock_init(&chip->voice_lock); init_waitqueue_head(&chip->interrupt_sleep); @@ -83308,7 +91295,7 @@ index 0000000..50f2f2f +size_overflow_hash.h diff --git a/tools/gcc/Makefile b/tools/gcc/Makefile new file mode 100644 -index 0000000..1d09b7e +index 0000000..6920fb3 --- /dev/null +++ b/tools/gcc/Makefile @@ -0,0 +1,43 @@ @@ -83320,10 +91307,10 @@ index 0000000..1d09b7e + +ifeq ($(PLUGINCC),$(HOSTCC)) +HOSTLIBS := hostlibs -+HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(GCCPLUGINS_DIR)/include/c-family -std=gnu99 -ggdb ++HOST_EXTRACFLAGS += -I$(GCCPLUGINS_DIR)/include -std=gnu99 -ggdb +else +HOSTLIBS := hostcxxlibs -+HOST_EXTRACXXFLAGS += -I$(GCCPLUGINS_DIR)/include -I$(GCCPLUGINS_DIR)/include/c-family -std=gnu++98 -ggdb -Wno-unused-parameter ++HOST_EXTRACXXFLAGS += -I$(GCCPLUGINS_DIR)/include -std=gnu++98 -ggdb -Wno-unused-parameter +endif + +$(HOSTLIBS)-y := constify_plugin.so @@ -83534,12 +91521,12 @@ index 0000000..d41b5af +} diff --git a/tools/gcc/colorize_plugin.c b/tools/gcc/colorize_plugin.c new file mode 100644 -index 0000000..846aeb0 +index 0000000..414fe5e --- /dev/null +++ b/tools/gcc/colorize_plugin.c -@@ -0,0 +1,148 @@ +@@ -0,0 +1,151 @@ +/* -+ * Copyright 2012 by PaX Team <pageexec@freemail.hu> ++ * Copyright 2012-2013 by PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 + * + * Note: the choice of the license means that the compilation process is @@ -83568,7 +91555,7 @@ index 0000000..846aeb0 +int plugin_is_GPL_compatible; + +static struct plugin_info colorize_plugin_info = { -+ .version = "201203092200", ++ .version = "201302112000", + .help = NULL, +}; + @@ -83647,6 +91634,9 @@ index 0000000..846aeb0 + .pass = { + .type = SIMPLE_IPA_PASS, + .name = "colorize_rearm", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = NULL, + .execute = execute_colorize_rearm, + .sub = NULL, @@ -83688,13 +91678,13 @@ index 0000000..846aeb0 +} diff --git a/tools/gcc/constify_plugin.c b/tools/gcc/constify_plugin.c new file mode 100644 -index 0000000..92ed719 +index 0000000..43e86d6 --- /dev/null +++ b/tools/gcc/constify_plugin.c -@@ -0,0 +1,331 @@ +@@ -0,0 +1,512 @@ +/* + * Copyright 2011 by Emese Revfy <re.emese@gmail.com> -+ * Copyright 2011 by PaX Team <pageexec@freemail.hu> ++ * Copyright 2011-2013 by PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2, or (at your option) v3 + * + * This gcc plugin constifies all structures which contain only function pointers or are explicitly marked for constification. @@ -83726,34 +91716,145 @@ index 0000000..92ed719 +#include "rtl.h" +#include "emit-rtl.h" +#include "tree-flow.h" ++#include "target.h" + ++// should come from c-tree.h if only it were installed for gcc 4.5... +#define C_TYPE_FIELDS_READONLY(TYPE) TREE_LANG_FLAG_1(TYPE) + ++// unused type flag in all versions 4.5-4.8 ++#define TYPE_CONSTIFY_VISITED(TYPE) TYPE_LANG_FLAG_4(TYPE) ++ +int plugin_is_GPL_compatible; + +static struct plugin_info const_plugin_info = { -+ .version = "201205300030", ++ .version = "201303070020", + .help = "no-constify\tturn off constification\n", +}; + ++typedef struct { ++ bool has_fptr_field; ++ bool has_writable_field; ++ bool has_do_const_field; ++ bool has_no_const_field; ++} constify_info; ++ ++static const_tree get_field_type(const_tree field) ++{ ++ return strip_array_types(TREE_TYPE(field)); ++} ++ ++static bool is_fptr(const_tree field) ++{ ++ const_tree ptr = get_field_type(field); ++ ++ if (TREE_CODE(ptr) != POINTER_TYPE) ++ return false; ++ ++ return TREE_CODE(TREE_TYPE(ptr)) == FUNCTION_TYPE; ++} ++ ++/* ++ * determine whether the given structure type meets the requirements for automatic constification, ++ * including the constification attributes on nested structure types ++ */ ++static void constifiable(const_tree node, constify_info *cinfo) ++{ ++ const_tree field; ++ ++ gcc_assert(TREE_CODE(node) == RECORD_TYPE || TREE_CODE(node) == UNION_TYPE); ++ ++ // e.g., pointer to structure fields while still constructing the structure type ++ if (TYPE_FIELDS(node) == NULL_TREE) ++ return; ++ ++ for (field = TYPE_FIELDS(node); field; field = TREE_CHAIN(field)) { ++ const_tree type = get_field_type(field); ++ enum tree_code code = TREE_CODE(type); ++ ++ if (node == type) ++ continue; ++ ++ if (is_fptr(field)) ++ cinfo->has_fptr_field = true; ++ else if (!TREE_READONLY(field)) ++ cinfo->has_writable_field = true; ++ ++ if (code == RECORD_TYPE || code == UNION_TYPE) { ++ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) ++ cinfo->has_do_const_field = true; ++ else if (lookup_attribute("no_const", TYPE_ATTRIBUTES(type))) ++ cinfo->has_no_const_field = true; ++ else ++ constifiable(type, cinfo); ++ } ++ } ++} ++ ++static bool constified(const_tree node) ++{ ++ constify_info cinfo = { ++ .has_fptr_field = false, ++ .has_writable_field = false, ++ .has_do_const_field = false, ++ .has_no_const_field = false ++ }; ++ ++ gcc_assert(TREE_CODE(node) == RECORD_TYPE || TREE_CODE(node) == UNION_TYPE); ++ ++ if (lookup_attribute("no_const", TYPE_ATTRIBUTES(node))) { ++ gcc_assert(!TYPE_READONLY(node)); ++ return false; ++ } ++ ++ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(node))) { ++ gcc_assert(TYPE_READONLY(node)); ++ return true; ++ } ++ ++ constifiable(node, &cinfo); ++ if ((!cinfo.has_fptr_field || cinfo.has_writable_field) && !cinfo.has_do_const_field) ++ return false; ++ ++ return TYPE_READONLY(node); ++} ++ +static void deconstify_tree(tree node); + +static void deconstify_type(tree type) +{ + tree field; + ++ gcc_assert(TREE_CODE(type) == RECORD_TYPE || TREE_CODE(type) == UNION_TYPE); ++ + for (field = TYPE_FIELDS(type); field; field = TREE_CHAIN(field)) { -+ tree type = TREE_TYPE(field); ++ const_tree fieldtype = get_field_type(field); + -+ if (TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE) ++ // special case handling of simple ptr-to-same-array-type members ++ if (TREE_CODE(TREE_TYPE(field)) == POINTER_TYPE) { ++ const_tree ptrtype = TREE_TYPE(TREE_TYPE(field)); ++ ++ if (TREE_CODE(ptrtype) != RECORD_TYPE && TREE_CODE(ptrtype) != UNION_TYPE) ++ continue; ++ if (TREE_TYPE(TREE_TYPE(field)) == type) ++ continue; ++ if (TYPE_MAIN_VARIANT(ptrtype) == TYPE_MAIN_VARIANT(type)) { ++ TREE_TYPE(field) = copy_node(TREE_TYPE(field)); ++ TREE_TYPE(TREE_TYPE(field)) = type; ++ } ++ continue; ++ } ++ if (TREE_CODE(fieldtype) != RECORD_TYPE && TREE_CODE(fieldtype) != UNION_TYPE) + continue; -+ if (!TYPE_READONLY(type)) ++ if (!constified(fieldtype)) + continue; + + deconstify_tree(field); ++ TREE_READONLY(field) = 0; + } + TYPE_READONLY(type) = 0; + C_TYPE_FIELDS_READONLY(type) = 0; ++ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) ++ TYPE_ATTRIBUTES(type) = remove_attribute("do_const", TYPE_ATTRIBUTES(type)); +} + +static void deconstify_tree(tree node) @@ -83761,7 +91862,12 @@ index 0000000..92ed719 + tree old_type, new_type, field; + + old_type = TREE_TYPE(node); ++ while (TREE_CODE(old_type) == ARRAY_TYPE && TREE_CODE(TREE_TYPE(old_type)) != ARRAY_TYPE) { ++ node = TREE_TYPE(node) = copy_node(old_type); ++ old_type = TREE_TYPE(old_type); ++ } + ++ gcc_assert(TREE_CODE(old_type) == RECORD_TYPE || TREE_CODE(old_type) == UNION_TYPE); + gcc_assert(TYPE_READONLY(old_type) && (TYPE_QUALS(old_type) & TYPE_QUAL_CONST)); + + new_type = build_qualified_type(old_type, TYPE_QUALS(old_type) & ~TYPE_QUAL_CONST); @@ -83771,13 +91877,18 @@ index 0000000..92ed719 + + deconstify_type(new_type); + -+ TREE_READONLY(node) = 0; + TREE_TYPE(node) = new_type; +} + +static tree handle_no_const_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs) +{ + tree type; ++ constify_info cinfo = { ++ .has_fptr_field = false, ++ .has_writable_field = false, ++ .has_do_const_field = false, ++ .has_no_const_field = false ++ }; + + *no_add_attrs = true; + if (TREE_CODE(*node) == FUNCTION_DECL) { @@ -83785,21 +91896,24 @@ index 0000000..92ed719 + return NULL_TREE; + } + ++ if (TREE_CODE(*node) == PARM_DECL) { ++ error("%qE attribute does not apply to function parameters", name); ++ return NULL_TREE; ++ } ++ + if (TREE_CODE(*node) == VAR_DECL) { + error("%qE attribute does not apply to variables", name); + return NULL_TREE; + } + + if (TYPE_P(*node)) { -+ if (TREE_CODE(*node) == RECORD_TYPE || TREE_CODE(*node) == UNION_TYPE) -+ *no_add_attrs = false; -+ else -+ error("%qE attribute applies to struct and union types only", name); -+ return NULL_TREE; ++ *no_add_attrs = false; ++ type = *node; ++ } else { ++ gcc_assert(TREE_CODE(*node) == TYPE_DECL); ++ type = TREE_TYPE(*node); + } + -+ type = TREE_TYPE(*node); -+ + if (TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE) { + error("%qE attribute applies to struct and union types only", name); + return NULL_TREE; @@ -83810,16 +91924,20 @@ index 0000000..92ed719 + return NULL_TREE; + } + -+ if (TREE_CODE(*node) == TYPE_DECL && !TYPE_READONLY(type)) { -+ error("%qE attribute used on type that is not constified", name); ++ if (TYPE_P(*node)) { ++ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) ++ error("%qE attribute is incompatible with 'do_const'", name); + return NULL_TREE; + } + -+ if (TREE_CODE(*node) == TYPE_DECL) { ++ constifiable(type, &cinfo); ++ if ((cinfo.has_fptr_field && !cinfo.has_writable_field) || lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) { + deconstify_tree(*node); ++ TYPE_CONSTIFY_VISITED(TREE_TYPE(*node)) = 1; + return NULL_TREE; + } + ++ error("%qE attribute used on type that is not constified", name); + return NULL_TREE; +} + @@ -83827,6 +91945,8 @@ index 0000000..92ed719 +{ + TYPE_READONLY(type) = 1; + C_TYPE_FIELDS_READONLY(type) = 1; ++ TYPE_CONSTIFY_VISITED(type) = 1; ++// TYPE_ATTRIBUTES(type) = tree_cons(get_identifier("do_const"), NULL_TREE, TYPE_ATTRIBUTES(type)); +} + +static tree handle_do_const_attribute(tree *node, tree name, tree args, int flags, bool *no_add_attrs) @@ -83842,8 +91962,17 @@ index 0000000..92ed719 + return NULL_TREE; + } + ++ if (lookup_attribute(IDENTIFIER_POINTER(name), TYPE_ATTRIBUTES(*node))) { ++ error("%qE attribute is already applied to the type", name); ++ return NULL_TREE; ++ } ++ ++ if (lookup_attribute("no_const", TYPE_ATTRIBUTES(*node))) { ++ error("%qE attribute is incompatible with 'no_const'", name); ++ return NULL_TREE; ++ } ++ + *no_add_attrs = false; -+ constify_type(*node); + return NULL_TREE; +} + @@ -83879,64 +92008,101 @@ index 0000000..92ed719 + register_attribute(&do_const_attr); +} + -+static bool is_fptr(tree field) ++static void finish_type(void *event_data, void *data) +{ -+ tree ptr = TREE_TYPE(field); ++ tree type = (tree)event_data; ++ constify_info cinfo = { ++ .has_fptr_field = false, ++ .has_writable_field = false, ++ .has_do_const_field = false, ++ .has_no_const_field = false ++ }; + -+ if (TREE_CODE(ptr) != POINTER_TYPE) -+ return false; ++ if (type == NULL_TREE || type == error_mark_node) ++ return; + -+ return TREE_CODE(TREE_TYPE(ptr)) == FUNCTION_TYPE; -+} ++ if (TYPE_FIELDS(type) == NULL_TREE || TYPE_CONSTIFY_VISITED(type)) ++ return; + -+static bool walk_struct(tree node) -+{ -+ tree field; ++ constifiable(type, &cinfo); + -+ if (TYPE_FIELDS(node) == NULL_TREE) -+ return false; ++ if (TYPE_READONLY(type) && C_TYPE_FIELDS_READONLY(type)) { ++ if (!lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) ++ return; ++ if (cinfo.has_writable_field) ++ return; ++ error("'do_const' attribute used on type that is%sconstified", cinfo.has_fptr_field ? " " : " not "); ++ return; ++ } + -+ if (lookup_attribute("no_const", TYPE_ATTRIBUTES(node))) { -+ gcc_assert(!TYPE_READONLY(node)); -+ deconstify_type(node); -+ return false; ++ if (lookup_attribute("no_const", TYPE_ATTRIBUTES(type))) { ++ if ((cinfo.has_fptr_field && !cinfo.has_writable_field) || cinfo.has_do_const_field) { ++ deconstify_type(type); ++ TYPE_CONSTIFY_VISITED(type) = 1; ++ } else ++ error("'no_const' attribute used on type that is not constified"); ++ return; + } + -+ for (field = TYPE_FIELDS(node); field; field = TREE_CHAIN(field)) { -+ tree type = TREE_TYPE(field); -+ enum tree_code code = TREE_CODE(type); ++ if (lookup_attribute("do_const", TYPE_ATTRIBUTES(type))) { ++ constify_type(type); ++ return; ++ } + -+ if (node == type) -+ return false; -+ if (code == RECORD_TYPE || code == UNION_TYPE) { -+ if (!(walk_struct(type))) -+ return false; -+ } else if (!is_fptr(field) && !TREE_READONLY(field)) -+ return false; ++ if (cinfo.has_fptr_field && !cinfo.has_writable_field) { ++ constify_type(type); ++ return; + } -+ return true; ++ ++ deconstify_type(type); ++ TYPE_CONSTIFY_VISITED(type) = 1; +} + -+static void finish_type(void *event_data, void *data) ++static unsigned int check_local_variables(void) +{ -+ tree type = (tree)event_data; ++ unsigned int ret = 0; ++ tree var; + -+ if (type == NULL_TREE || type == error_mark_node) -+ return; ++#if BUILDING_GCC_VERSION == 4005 ++ tree vars; ++#else ++ unsigned int i; ++#endif + -+ if (TYPE_READONLY(type)) -+ return; ++#if BUILDING_GCC_VERSION == 4005 ++ for (vars = cfun->local_decls; vars; vars = TREE_CHAIN(vars)) { ++ var = TREE_VALUE(vars); ++#else ++ FOR_EACH_LOCAL_DECL(cfun, i, var) { ++#endif ++ tree type = TREE_TYPE(var); + -+ if (walk_struct(type)) -+ constify_type(type); -+} ++ gcc_assert(DECL_P(var)); ++ if (is_global_var(var)) ++ continue; ++ ++ if (TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE) ++ continue; + -+static unsigned int check_local_variables(void); ++ if (!TYPE_READONLY(type) || !C_TYPE_FIELDS_READONLY(type)) ++ continue; + -+struct gimple_opt_pass pass_local_variable = { ++ if (!TYPE_CONSTIFY_VISITED(type)) ++ continue; ++ ++ error_at(DECL_SOURCE_LOCATION(var), "constified variable %qE cannot be local", var); ++ ret = 1; ++ } ++ return ret; ++} ++ ++static struct gimple_opt_pass pass_local_variable = { + { + .type = GIMPLE_PASS, + .name = "check_local_variables", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = NULL, + .execute = check_local_variables, + .sub = NULL, @@ -83951,39 +92117,43 @@ index 0000000..92ed719 + } +}; + -+static unsigned int check_local_variables(void) -+{ -+ tree var; -+ referenced_var_iterator rvi; -+ -+#if BUILDING_GCC_VERSION == 4005 -+ FOR_EACH_REFERENCED_VAR(var, rvi) { -+#else -+ FOR_EACH_REFERENCED_VAR(cfun, var, rvi) { -+#endif -+ tree type = TREE_TYPE(var); ++static struct { ++ const char *name; ++ const char *asm_op; ++} sections[] = { ++ {".init.rodata", "\t.section\t.init.rodata,\"a\""}, ++ {".ref.rodata", "\t.section\t.ref.rodata,\"a\""}, ++ {".devinit.rodata", "\t.section\t.devinit.rodata,\"a\""}, ++ {".devexit.rodata", "\t.section\t.devexit.rodata,\"a\""}, ++ {".cpuinit.rodata", "\t.section\t.cpuinit.rodata,\"a\""}, ++ {".cpuexit.rodata", "\t.section\t.cpuexit.rodata,\"a\""}, ++ {".meminit.rodata", "\t.section\t.meminit.rodata,\"a\""}, ++ {".memexit.rodata", "\t.section\t.memexit.rodata,\"a\""}, ++ {".data..read_only", "\t.section\t.data..read_only,\"a\""}, ++}; + -+ if (!DECL_P(var) || TREE_STATIC(var) || DECL_EXTERNAL(var)) -+ continue; ++static unsigned int (*old_section_type_flags)(tree decl, const char *name, int reloc); + -+ if (TREE_CODE(type) != RECORD_TYPE && TREE_CODE(type) != UNION_TYPE) -+ continue; ++static unsigned int constify_section_type_flags(tree decl, const char *name, int reloc) ++{ ++ size_t i; + -+ if (!TYPE_READONLY(type)) -+ continue; ++ for (i = 0; i < ARRAY_SIZE(sections); i++) ++ if (!strcmp(sections[i].name, name)) ++ return 0; ++ return old_section_type_flags(decl, name, reloc); ++} + -+// if (lookup_attribute("no_const", DECL_ATTRIBUTES(var))) -+// continue; ++static void constify_start_unit(void *gcc_data, void *user_data) ++{ ++// size_t i; + -+// if (lookup_attribute("no_const", TYPE_ATTRIBUTES(type))) -+// continue; ++// for (i = 0; i < ARRAY_SIZE(sections); i++) ++// sections[i].section = get_unnamed_section(0, output_section_asm_op, sections[i].asm_op); ++// sections[i].section = get_section(sections[i].name, 0, NULL); + -+ if (walk_struct(type)) { -+ error_at(DECL_SOURCE_LOCATION(var), "constified variable %qE cannot be local", var); -+ return 1; -+ } -+ } -+ return 0; ++ old_section_type_flags = targetm.section_type_flags; ++ targetm.section_type_flags = constify_section_type_flags; +} + +int plugin_init(struct plugin_name_args *plugin_info, struct plugin_gcc_version *version) @@ -83996,9 +92166,9 @@ index 0000000..92ed719 + + struct register_pass_info local_variable_pass_info = { + .pass = &pass_local_variable.pass, -+ .reference_pass_name = "*referenced_vars", ++ .reference_pass_name = "ssa", + .ref_pass_instance_number = 1, -+ .pos_op = PASS_POS_INSERT_AFTER ++ .pos_op = PASS_POS_INSERT_BEFORE + }; + + if (!plugin_default_version_check(version, &gcc_version)) { @@ -84018,13 +92188,14 @@ index 0000000..92ed719 + if (constify) { + register_callback(plugin_name, PLUGIN_FINISH_TYPE, finish_type, NULL); + register_callback(plugin_name, PLUGIN_PASS_MANAGER_SETUP, NULL, &local_variable_pass_info); ++ register_callback(plugin_name, PLUGIN_START_UNIT, constify_start_unit, NULL); + } + register_callback(plugin_name, PLUGIN_ATTRIBUTES, register_attributes, NULL); + + return 0; +} diff --git a/tools/gcc/generate_size_overflow_hash.sh b/tools/gcc/generate_size_overflow_hash.sh -new file mode 100755 +new file mode 100644 index 0000000..e518932 --- /dev/null +++ b/tools/gcc/generate_size_overflow_hash.sh @@ -84125,12 +92296,12 @@ index 0000000..e518932 +exit 0 diff --git a/tools/gcc/kallocstat_plugin.c b/tools/gcc/kallocstat_plugin.c new file mode 100644 -index 0000000..a86e422 +index 0000000..568b360 --- /dev/null +++ b/tools/gcc/kallocstat_plugin.c -@@ -0,0 +1,167 @@ +@@ -0,0 +1,170 @@ +/* -+ * Copyright 2011 by the PaX Team <pageexec@freemail.hu> ++ * Copyright 2011-2013 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 + * + * Note: the choice of the license means that the compilation process is @@ -84182,7 +92353,7 @@ index 0000000..a86e422 +}; + +static struct plugin_info kallocstat_plugin_info = { -+ .version = "201111150100", ++ .version = "201302112000", +}; + +static unsigned int execute_kallocstat(void); @@ -84191,6 +92362,9 @@ index 0000000..a86e422 + .pass = { + .type = GIMPLE_PASS, + .name = "kallocstat", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = NULL, + .execute = execute_kallocstat, + .sub = NULL, @@ -84298,12 +92472,12 @@ index 0000000..a86e422 +} diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c new file mode 100644 -index 0000000..8856202 +index 0000000..0408e06 --- /dev/null +++ b/tools/gcc/kernexec_plugin.c -@@ -0,0 +1,432 @@ +@@ -0,0 +1,465 @@ +/* -+ * Copyright 2011 by the PaX Team <pageexec@freemail.hu> ++ * Copyright 2011-2013 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 + * + * Note: the choice of the license means that the compilation process is @@ -84346,10 +92520,14 @@ index 0000000..8856202 +#define ANY_RETURN_P(rtx) (GET_CODE(rtx) == RETURN) +#endif + ++#if BUILDING_GCC_VERSION >= 4008 ++#define TODO_dump_func 0 ++#endif ++ +int plugin_is_GPL_compatible; + +static struct plugin_info kernexec_plugin_info = { -+ .version = "201111291120", ++ .version = "201302112000", + .help = "method=[bts|or]\tinstrumentation method\n" +}; + @@ -84365,6 +92543,9 @@ index 0000000..8856202 + .pass = { + .type = GIMPLE_PASS, + .name = "kernexec_reload", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = kernexec_cmodel_check, + .execute = execute_kernexec_reload, + .sub = NULL, @@ -84383,6 +92564,9 @@ index 0000000..8856202 + .pass = { + .type = GIMPLE_PASS, + .name = "kernexec_fptr", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = kernexec_cmodel_check, + .execute = execute_kernexec_fptr, + .sub = NULL, @@ -84401,6 +92585,9 @@ index 0000000..8856202 + .pass = { + .type = RTL_PASS, + .name = "kernexec_retaddr", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = kernexec_cmodel_check, + .execute = execute_kernexec_retaddr, + .sub = NULL, @@ -84498,8 +92685,10 @@ index 0000000..8856202 + + // create temporary unsigned long variable used for bitops and cast fptr to it + intptr = create_tmp_var(long_unsigned_type_node, "kernexec_bts"); ++#if BUILDING_GCC_VERSION <= 4007 + add_referenced_var(intptr); + mark_sym_for_renaming(intptr); ++#endif + assign_intptr = gimple_build_assign(intptr, fold_convert(long_unsigned_type_node, old_fptr)); + gsi_insert_before(gsi, assign_intptr, GSI_SAME_STMT); + update_stmt(assign_intptr); @@ -84513,8 +92702,10 @@ index 0000000..8856202 + + // cast temporary unsigned long back to a temporary fptr variable + new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec_fptr"); ++#if BUILDING_GCC_VERSION <= 4007 + add_referenced_var(new_fptr); + mark_sym_for_renaming(new_fptr); ++#endif + assign_new_fptr = gimple_build_assign(new_fptr, fold_convert(TREE_TYPE(old_fptr), intptr)); + gsi_insert_before(gsi, assign_new_fptr, GSI_SAME_STMT); + update_stmt(assign_new_fptr); @@ -84528,24 +92719,36 @@ index 0000000..8856202 +{ + gimple asm_or_stmt, call_stmt; + tree old_fptr, new_fptr, input, output; ++#if BUILDING_GCC_VERSION <= 4007 + VEC(tree, gc) *inputs = NULL; + VEC(tree, gc) *outputs = NULL; ++#else ++ vec<tree, va_gc> *inputs = NULL; ++ vec<tree, va_gc> *outputs = NULL; ++#endif + + call_stmt = gsi_stmt(*gsi); + old_fptr = gimple_call_fn(call_stmt); + + // create temporary fptr variable + new_fptr = create_tmp_var(TREE_TYPE(old_fptr), "kernexec_or"); ++#if BUILDING_GCC_VERSION <= 4007 + add_referenced_var(new_fptr); + mark_sym_for_renaming(new_fptr); ++#endif + + // build asm volatile("orq %%r10, %0\n\t" : "=r"(new_fptr) : "0"(old_fptr)); + input = build_tree_list(NULL_TREE, build_string(2, "0")); + input = chainon(NULL_TREE, build_tree_list(input, old_fptr)); + output = build_tree_list(NULL_TREE, build_string(3, "=r")); + output = chainon(NULL_TREE, build_tree_list(output, new_fptr)); ++#if BUILDING_GCC_VERSION <= 4007 + VEC_safe_push(tree, gc, inputs, input); + VEC_safe_push(tree, gc, outputs, output); ++#else ++ vec_safe_push(inputs, input); ++ vec_safe_push(outputs, output); ++#endif + asm_or_stmt = gimple_build_asm_vec("orq %%r10, %0\n\t", inputs, outputs, NULL, NULL); + gimple_asm_set_volatile(asm_or_stmt, true); + gsi_insert_before(gsi, asm_or_stmt, GSI_SAME_STMT); @@ -84583,9 +92786,13 @@ index 0000000..8856202 + gcc_unreachable(); + + // ... through a function pointer -+ fn = SSA_NAME_VAR(fn); -+ if (TREE_CODE(fn) != VAR_DECL && TREE_CODE(fn) != PARM_DECL) -+ continue; ++ if (SSA_NAME_VAR(fn) != NULL_TREE) { ++ fn = SSA_NAME_VAR(fn); ++ if (TREE_CODE(fn) != VAR_DECL && TREE_CODE(fn) != PARM_DECL) { ++ debug_tree(fn); ++ gcc_unreachable(); ++ } ++ } + fn = TREE_TYPE(fn); + if (TREE_CODE(fn) != POINTER_TYPE) + continue; @@ -84736,12 +92943,12 @@ index 0000000..8856202 +} diff --git a/tools/gcc/latent_entropy_plugin.c b/tools/gcc/latent_entropy_plugin.c new file mode 100644 -index 0000000..b8008f7 +index 0000000..b5395ba --- /dev/null +++ b/tools/gcc/latent_entropy_plugin.c -@@ -0,0 +1,295 @@ +@@ -0,0 +1,327 @@ +/* -+ * Copyright 2012 by the PaX Team <pageexec@freemail.hu> ++ * Copyright 2012-2013 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 + * + * Note: the choice of the license means that the compilation process is @@ -84780,13 +92987,18 @@ index 0000000..b8008f7 +#include "rtl.h" +#include "emit-rtl.h" +#include "tree-flow.h" ++#include "langhooks.h" ++ ++#if BUILDING_GCC_VERSION >= 4008 ++#define TODO_dump_func 0 ++#endif + +int plugin_is_GPL_compatible; + +static tree latent_entropy_decl; + +static struct plugin_info latent_entropy_plugin_info = { -+ .version = "201207271820", ++ .version = "201303102320", + .help = NULL +}; + @@ -84797,6 +93009,9 @@ index 0000000..b8008f7 + .pass = { + .type = GIMPLE_PASS, + .name = "latent_entropy", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = gate_latent_entropy, + .execute = execute_latent_entropy, + .sub = NULL, @@ -84892,7 +93107,9 @@ index 0000000..b8008f7 + op = get_op(&rhs); + addxorrol = fold_build2_loc(UNKNOWN_LOCATION, op, unsigned_intDI_type_node, local_entropy, rhs); + assign = gimple_build_assign(local_entropy, addxorrol); ++#if BUILDING_GCC_VERSION <= 4007 + find_referenced_vars_in(assign); ++#endif +//debug_bb(bb); + gsi = gsi_after_labels(bb); + gsi_insert_before(&gsi, assign, GSI_NEW_STMT); @@ -84907,12 +93124,16 @@ index 0000000..b8008f7 + + // 1. create temporary copy of latent_entropy + temp = create_tmp_var(unsigned_intDI_type_node, "temp_latent_entropy"); ++#if BUILDING_GCC_VERSION <= 4007 + add_referenced_var(temp); + mark_sym_for_renaming(temp); ++#endif + + // 2. read... + assign = gimple_build_assign(temp, latent_entropy_decl); ++#if BUILDING_GCC_VERSION <= 4007 + find_referenced_vars_in(assign); ++#endif + gsi = gsi_after_labels(bb); + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); + update_stmt(assign); @@ -84920,13 +93141,17 @@ index 0000000..b8008f7 + // 3. ...modify... + addxorrol = fold_build2_loc(UNKNOWN_LOCATION, get_op(NULL), unsigned_intDI_type_node, temp, rhs); + assign = gimple_build_assign(temp, addxorrol); ++#if BUILDING_GCC_VERSION <= 4007 + find_referenced_vars_in(assign); ++#endif + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); + update_stmt(assign); + + // 4. ...write latent_entropy + assign = gimple_build_assign(latent_entropy_decl, temp); ++#if BUILDING_GCC_VERSION <= 4007 + find_referenced_vars_in(assign); ++#endif + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); + update_stmt(assign); +} @@ -84941,8 +93166,13 @@ index 0000000..b8008f7 + if (!latent_entropy_decl) { + struct varpool_node *node; + ++#if BUILDING_GCC_VERSION <= 4007 + for (node = varpool_nodes; node; node = node->next) { + tree var = node->decl; ++#else ++ FOR_EACH_VARIABLE(node) { ++ tree var = node->symbol.decl; ++#endif + if (strcmp(IDENTIFIER_POINTER(DECL_NAME(var)), "latent_entropy")) + continue; + latent_entropy_decl = var; @@ -84959,8 +93189,10 @@ index 0000000..b8008f7 + + // 1. create local entropy variable + local_entropy = create_tmp_var(unsigned_intDI_type_node, "local_entropy"); ++#if BUILDING_GCC_VERSION <= 4007 + add_referenced_var(local_entropy); + mark_sym_for_renaming(local_entropy); ++#endif + + // 2. initialize local entropy variable + bb = split_block_after_labels(ENTRY_BLOCK_PTR)->dest; @@ -84970,7 +93202,9 @@ index 0000000..b8008f7 + + assign = gimple_build_assign(local_entropy, build_int_cstu(unsigned_intDI_type_node, get_random_const())); +// gimple_set_location(assign, loc); ++#if BUILDING_GCC_VERSION <= 4007 + find_referenced_vars_in(assign); ++#endif + gsi_insert_after(&gsi, assign, GSI_NEW_STMT); + update_stmt(assign); + bb = bb->next_bb; @@ -84988,6 +93222,8 @@ index 0000000..b8008f7 + +static void start_unit_callback(void *gcc_data, void *user_data) +{ ++ tree latent_entropy_type; ++ +#if BUILDING_GCC_VERSION >= 4007 + seed = get_random_seed(false); +#else @@ -84998,16 +93234,19 @@ index 0000000..b8008f7 + if (in_lto_p) + return; + -+ // extern u64 latent_entropy -+ latent_entropy_decl = build_decl(UNKNOWN_LOCATION, VAR_DECL, get_identifier("latent_entropy"), unsigned_intDI_type_node); ++ // extern volatile u64 latent_entropy ++ gcc_assert(TYPE_PRECISION(long_long_unsigned_type_node) == 64); ++ latent_entropy_type = build_qualified_type(long_long_unsigned_type_node, TYPE_QUALS(long_long_unsigned_type_node) | TYPE_QUAL_VOLATILE); ++ latent_entropy_decl = build_decl(UNKNOWN_LOCATION, VAR_DECL, get_identifier("latent_entropy"), latent_entropy_type); + + TREE_STATIC(latent_entropy_decl) = 1; + TREE_PUBLIC(latent_entropy_decl) = 1; + TREE_USED(latent_entropy_decl) = 1; + TREE_THIS_VOLATILE(latent_entropy_decl) = 1; + DECL_EXTERNAL(latent_entropy_decl) = 1; -+ DECL_ARTIFICIAL(latent_entropy_decl) = 0; ++ DECL_ARTIFICIAL(latent_entropy_decl) = 1; + DECL_INITIAL(latent_entropy_decl) = NULL; ++ lang_hooks.decls.pushdecl(latent_entropy_decl); +// DECL_ASSEMBLER_NAME(latent_entropy_decl); +// varpool_finalize_decl(latent_entropy_decl); +// varpool_mark_needed_node(latent_entropy_decl); @@ -85037,15 +93276,14 @@ index 0000000..b8008f7 +} diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data new file mode 100644 -index 0000000..909d902 +index 0000000..5921fd7 --- /dev/null +++ b/tools/gcc/size_overflow_hash.data -@@ -0,0 +1,3621 @@ +@@ -0,0 +1,3713 @@ +intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL +ipwireless_tty_received_49154 ipwireless_tty_received 3 49154 NULL +batadv_orig_node_del_if_4 batadv_orig_node_del_if 2 4 NULL +ipw_queue_tx_init_49161 ipw_queue_tx_init 3 49161 NULL -+scsi_nl_send_vendor_msg_16394 scsi_nl_send_vendor_msg 5 16394 NULL +xfs_efd_init_5463 xfs_efd_init 3 5463 NULL +recent_mt_proc_write_8206 recent_mt_proc_write 3 8206 NULL +sctp_tsnmap_grow_32784 sctp_tsnmap_grow 2 32784 NULL @@ -85056,9 +93294,9 @@ index 0000000..909d902 +ad7879_spi_multi_read_8218 ad7879_spi_multi_read 3 8218 NULL +carl9170_alloc_27 carl9170_alloc 1 27 NULL +dvb_dvr_ioctl_49182 dvb_dvr_ioctl 2 49182 NULL -+il_dbgfs_fh_reg_read_40993 il_dbgfs_fh_reg_read 3 40993 NULL ++create_log_8225 create_log 2 8225 NULL +ieee80211_if_read_tsf_16420 ieee80211_if_read_tsf 3 16420 NULL -+vmap_15025 vmap 2 15025 NULL ++rproc_name_read_32805 rproc_name_read 3 32805 NULL +rxrpc_server_keyring_16431 rxrpc_server_keyring 3 16431 NULL +mac80211_format_buffer_41010 mac80211_format_buffer 2 41010 NULL +il4965_rs_sta_dbgfs_stats_table_read_49206 il4965_rs_sta_dbgfs_stats_table_read 3 49206 NULL @@ -85068,25 +93306,25 @@ index 0000000..909d902 +alloc_wr_24635 alloc_wr 1-2 24635 NULL +read_file_blob_57406 read_file_blob 3 57406 NULL +add_rx_skb_8257 add_rx_skb 3 8257 NULL -+xprt_rdma_allocate_31372 xprt_rdma_allocate 2 31372 NULL +enclosure_register_57412 enclosure_register 3 57412 NULL -+context_alloc_24645 context_alloc 3 24645 NULL ++t3_init_l2t_8261 t3_init_l2t 1 8261 NULL +_req_append_segment_41031 _req_append_segment 2 41031 NULL ++gre_manip_pkt_57416 gre_manip_pkt 4 57416 NULL +netlink_change_ngroups_16457 netlink_change_ngroups 2 16457 NULL +mISDN_sock_sendmsg_41035 mISDN_sock_sendmsg 4 41035 NULL -+prison_create_43623 prison_create 1 43623 NULL +DepcaSignature_80 DepcaSignature 2 80 NULL nohasharray +crypto_authenc_setkey_80 crypto_authenc_setkey 3 80 &DepcaSignature_80 +init_cdev_8274 init_cdev 1 8274 NULL +shmem_pread_fast_34147 shmem_pread_fast 3 34147 NULL +compat_keyctl_instantiate_key_iov_57431 compat_keyctl_instantiate_key_iov 3 57431 NULL nohasharray +alloc_ftrace_hash_57431 alloc_ftrace_hash 1 57431 &compat_keyctl_instantiate_key_iov_57431 -+sock_wmalloc_16472 sock_wmalloc 2 16472 NULL ++copy_to_user_fromio_57432 copy_to_user_fromio 3 57432 NULL ++rproc_recovery_write_8281 rproc_recovery_write 3 8281 NULL +snd_korg1212_copy_to_92 snd_korg1212_copy_to 6 92 NULL +load_msg_95 load_msg 2 95 NULL +rds_sendmsg_40976 rds_sendmsg 4 40976 NULL +new_tape_buffer_32866 new_tape_buffer 2 32866 NULL -+ubi_leb_write_5478 ubi_leb_write 4-5 5478 NULL ++acpi_tb_check_xsdt_21862 acpi_tb_check_xsdt 1 21862 NULL +sys_pselect6_57449 sys_pselect6 1 57449 NULL +biovec_create_pools_9575 biovec_create_pools 2 9575 NULL +ieee80211_if_read_rssi_threshold_49260 ieee80211_if_read_rssi_threshold 3 49260 NULL @@ -85095,9 +93333,10 @@ index 0000000..909d902 +cifs_writedata_alloc_32880 cifs_writedata_alloc 1 32880 &ath6kl_usb_submit_ctrl_in_32880 +cfg80211_inform_bss_frame_41078 cfg80211_inform_bss_frame 4 41078 NULL +send_midi_async_57463 send_midi_async 3 57463 NULL -+sisusb_clear_vram_57466 sisusb_clear_vram 2-3 57466 NULL ++sisusb_clear_vram_57466 sisusb_clear_vram 3-2 57466 NULL +ath6kl_usb_post_recv_transfers_32892 ath6kl_usb_post_recv_transfers 2 32892 NULL -+osd_req_add_get_attr_list_49278 osd_req_add_get_attr_list 3 49278 NULL ++ieee80211_if_read_flags_57470 ieee80211_if_read_flags 3 57470 NULL nohasharray ++sep_lock_user_pages_57470 sep_lock_user_pages 2-3 57470 &ieee80211_if_read_flags_57470 +rx_filter_beacon_filter_read_49279 rx_filter_beacon_filter_read 3 49279 NULL +construct_key_and_link_8321 construct_key_and_link 4 8321 NULL +ath6kl_set_ap_probe_resp_ies_50539 ath6kl_set_ap_probe_resp_ies 3 50539 NULL @@ -85110,19 +93349,18 @@ index 0000000..909d902 +il_dbgfs_tx_stats_read_32913 il_dbgfs_tx_stats_read 3 32913 NULL +uio_read_49300 uio_read 3 49300 NULL +f_audio_buffer_alloc_41110 f_audio_buffer_alloc 1 41110 NULL -+tracing_entries_read_8345 tracing_entries_read 3 8345 NULL ++tracing_trace_options_write_153 tracing_trace_options_write 3 153 NULL +bnad_debugfs_write_regwr_57500 bnad_debugfs_write_regwr 3 57500 NULL +firmwareUpload_32794 firmwareUpload 3 32794 NULL -+copy_in_user_57502 copy_in_user 3 57502 NULL +simple_attr_read_24738 simple_attr_read 3 24738 NULL +play_iframe_8219 play_iframe 3 8219 NULL +qla2x00_change_queue_depth_24742 qla2x00_change_queue_depth 2 24742 NULL -+ping_getfrag_8360 ping_getfrag 3-4 8360 NULL ++ping_getfrag_8360 ping_getfrag 4-3 8360 NULL +ath_rxbuf_alloc_24745 ath_rxbuf_alloc 2 24745 NULL +nvme_create_queue_170 nvme_create_queue 3 170 NULL +init_tag_map_57515 init_tag_map 3 57515 NULL +il_dbgfs_force_reset_read_57517 il_dbgfs_force_reset_read 3 57517 NULL -+srpt_alloc_ioctx_ring_49330 srpt_alloc_ioctx_ring 2-4-3 49330 NULL ++srpt_alloc_ioctx_ring_49330 srpt_alloc_ioctx_ring 2-3-4 49330 NULL +kgdb_hex2mem_24755 kgdb_hex2mem 3 24755 NULL +lpfc_debugfs_read_16566 lpfc_debugfs_read 3 16566 NULL +xfs_buf_item_get_format_189 xfs_buf_item_get_format 2 189 NULL @@ -85131,13 +93369,16 @@ index 0000000..909d902 +agp_allocate_memory_wrap_16576 agp_allocate_memory_wrap 1 16576 NULL +mI_alloc_skb_24770 mI_alloc_skb 1 24770 NULL +iscsi_session_setup_196 iscsi_session_setup 4-5 196 NULL -+create_log_8225 create_log 2 8225 NULL ++virtblk_add_req_197 virtblk_add_req 2-3 197 NULL ++il_dbgfs_fh_reg_read_40993 il_dbgfs_fh_reg_read 3 40993 NULL ++rds_tcp_data_recv_53476 rds_tcp_data_recv 3 53476 NULL +xdi_copy_from_user_8395 xdi_copy_from_user 4 8395 NULL -+joydev_ioctl_common_49359 joydev_ioctl_common 2 49359 NULL ++skb_make_writable_24783 skb_make_writable 2 24783 NULL +datablob_hmac_verify_24786 datablob_hmac_verify 4 24786 NULL +dvb_ca_write_41171 dvb_ca_write 3 41171 NULL +cache_read_24790 cache_read 3 24790 NULL +px_raw_event_49371 px_raw_event 4 49371 NULL ++tty_register_device_attr_57381 tty_register_device_attr 2 57381 NULL +compat_filldir_32999 compat_filldir 3 32999 NULL +hci_si_event_1404 hci_si_event 3 1404 NULL +compat_sys_process_vm_writev_41194 compat_sys_process_vm_writev 3-5 41194 NULL @@ -85151,22 +93392,22 @@ index 0000000..909d902 +tnode_alloc_49407 tnode_alloc 1 49407 NULL +tun_alloc_skb_41216 tun_alloc_skb 2-4-3 41216 NULL +proc_scsi_write_proc_267 proc_scsi_write_proc 3 267 NULL -+iscsi_tcp_conn_setup_16376 iscsi_tcp_conn_setup 2 16376 NULL ++__alloc_objio_seg_7203 __alloc_objio_seg 1 7203 NULL +sk_stream_alloc_skb_57622 sk_stream_alloc_skb 2 57622 NULL +tx_tx_retry_template_read_57623 tx_tx_retry_template_read 3 57623 NULL +iwl_dbgfs_ucode_general_stats_read_49199 iwl_dbgfs_ucode_general_stats_read 3 49199 NULL +mfd_add_devices_16668 mfd_add_devices 4 16668 NULL +packet_recv_error_16669 packet_recv_error 3 16669 NULL -+bitmap_resize_33054 bitmap_resize 2 33054 NULL ++osdmap_set_max_osd_57630 osdmap_set_max_osd 2 57630 NULL nohasharray ++sisusbcon_putcs_57630 sisusbcon_putcs 3 57630 &osdmap_set_max_osd_57630 +mem_read_57631 mem_read 3 57631 NULL +afs_cell_lookup_8482 afs_cell_lookup 2 8482 NULL -+nvme_alloc_iod_56027 nvme_alloc_iod 1 56027 NULL ++ieee80211_if_read_uapsd_max_sp_len_15067 ieee80211_if_read_uapsd_max_sp_len 3 15067 NULL +read_file_war_stats_292 read_file_war_stats 3 292 NULL +pnp_alloc_24869 pnp_alloc 1 24869 NULL nohasharray -+l2cap_create_basic_pdu_24869 l2cap_create_basic_pdu 3 24869 &pnp_alloc_24869 nohasharray -+put_data_to_circ_buf_24869 put_data_to_circ_buf 3 24869 &l2cap_create_basic_pdu_24869 ++l2cap_create_basic_pdu_24869 l2cap_create_basic_pdu 3 24869 &pnp_alloc_24869 +hiddev_compat_ioctl_41255 hiddev_compat_ioctl 2 41255 NULL -+bnx2fc_cmd_mgr_alloc_24873 bnx2fc_cmd_mgr_alloc 2-3 24873 NULL ++stats_dot11RTSSuccessCount_read_33065 stats_dot11RTSSuccessCount_read 3 33065 NULL +sel_read_checkreqprot_33068 sel_read_checkreqprot 3 33068 NULL +queues_read_24877 queues_read 3 24877 NULL +__fprog_create_41263 __fprog_create 2 41263 NULL @@ -85174,44 +93415,44 @@ index 0000000..909d902 +platform_device_add_data_310 platform_device_add_data 3 310 NULL +agp_3_5_isochronous_node_enable_49465 agp_3_5_isochronous_node_enable 3 49465 NULL +dn_setsockopt_314 dn_setsockopt 5 314 NULL -+read_buf_20469 read_buf 2 20469 NULL +sys_mq_timedsend_57661 sys_mq_timedsend 3 57661 NULL +r3964_write_57662 r3964_write 4 57662 NULL +xfs_iformat_local_49472 xfs_iformat_local 4 49472 NULL +savu_sysfs_read_49473 savu_sysfs_read 6 49473 NULL -+dn_nsp_do_disc_49474 dn_nsp_do_disc 2-6 49474 NULL ++dn_nsp_do_disc_49474 dn_nsp_do_disc 6-2 49474 NULL +alloc_context_41283 alloc_context 1 41283 NULL +__lgwrite_57669 __lgwrite 4 57669 NULL +ath9k_wmi_cmd_327 ath9k_wmi_cmd 4 327 NULL +codec_list_read_file_24910 codec_list_read_file 3 24910 NULL +isr_decrypt_done_read_49490 isr_decrypt_done_read 3 49490 NULL +alloc_pg_vec_8533 alloc_pg_vec 2 8533 NULL -+amd_create_gatt_pages_20537 amd_create_gatt_pages 1 20537 NULL ++pwr_missing_bcns_cnt_read_45113 pwr_missing_bcns_cnt_read 3 45113 NULL +ieee80211_fragment_33112 ieee80211_fragment 4 33112 NULL +arch_gnttab_map_shared_41306 arch_gnttab_map_shared 3 41306 NULL +v4l2_ctrl_new_24927 v4l2_ctrl_new 7 24927 NULL +write_node_33121 write_node 4 33121 NULL -+fb_sys_write_33130 fb_sys_write 3 33130 NULL ++vring_new_virtqueue_54673 vring_new_virtqueue 2 54673 NULL ++i2400m_rx_stats_read_57706 i2400m_rx_stats_read 3 57706 NULL +profile_remove_8556 profile_remove 3 8556 NULL -+evm_read_key_54674 evm_read_key 3 54674 NULL ++rx_filter_data_filter_read_30098 rx_filter_data_filter_read 3 30098 NULL +iscsi_recv_pdu_16755 iscsi_recv_pdu 4 16755 NULL -+user_update_41332 user_update 3 41332 NULL -+batadv_interface_rx_8568 batadv_interface_rx 4 8568 NULL ++arcmsr_adjust_disk_queue_depth_16756 arcmsr_adjust_disk_queue_depth 2 16756 NULL ++cmtp_send_interopmsg_376 cmtp_send_interopmsg 7 376 NULL +ieee80211_if_read_dot11MeshHWMPconfirmationInterval_57722 ieee80211_if_read_dot11MeshHWMPconfirmationInterval 3 57722 NULL +mga_ioremap_8571 mga_ioremap 1-2 8571 NULL +isr_dma0_done_read_8574 isr_dma0_done_read 3 8574 NULL +sys_rt_sigpending_24961 sys_rt_sigpending 2 24961 NULL -+blk_rq_map_user_iov_16772 blk_rq_map_user_iov 5 16772 NULL ++tower_write_8580 tower_write 3 8580 NULL +cnic_init_id_tbl_41354 cnic_init_id_tbl 2 41354 NULL +compat_sys_set_mempolicy_57742 compat_sys_set_mempolicy 3 57742 NULL nohasharray +pppol2tp_recvmsg_57742 pppol2tp_recvmsg 4 57742 &compat_sys_set_mempolicy_57742 +jbd2_alloc_41359 jbd2_alloc 1 41359 NULL +debug_debug6_read_33168 debug_debug6_read 3 33168 NULL -+sctp_make_op_error_space_5528 sctp_make_op_error_space 3 5528 NULL ++nf_nat_sdp_port_24977 nf_nat_sdp_port 7 24977 NULL +smk_write_access_49561 smk_write_access 3 49561 NULL +llc_ui_sendmsg_24987 llc_ui_sendmsg 4 24987 NULL +kmp_init_41373 kmp_init 2 41373 NULL -+t3_init_l2t_8261 t3_init_l2t 1 8261 NULL ++context_alloc_24645 context_alloc 3 24645 NULL +lbs_rdmac_read_418 lbs_rdmac_read 3 418 NULL +get_server_iovec_16804 get_server_iovec 2 16804 NULL +alloc_chunk_49575 alloc_chunk 1 49575 NULL @@ -85225,13 +93466,14 @@ index 0000000..909d902 +isr_commands_read_41398 isr_commands_read 3 41398 NULL +pp_read_33210 pp_read 3 33210 NULL +sys_flistxattr_41407 sys_flistxattr 3 41407 NULL -+nf_nat_mangle_tcp_packet_8643 nf_nat_mangle_tcp_packet 5-7 8643 NULL ++scsi_mode_sense_16835 scsi_mode_sense 5 16835 NULL +ivtv_read_57796 ivtv_read 3 57796 NULL +isr_wakeups_read_49607 isr_wakeups_read 3 49607 NULL +nfs_dns_resolve_name_25036 nfs_dns_resolve_name 3 25036 NULL +xfs_iext_add_41422 xfs_iext_add 3 41422 NULL +heap_init_49617 heap_init 2 49617 NULL +xfs_file_aio_write_33234 xfs_file_aio_write 4 33234 NULL ++ieee80211_send_probe_req_38307 ieee80211_send_probe_req 6-4 38307 NULL +isdn_ppp_fill_rq_41428 isdn_ppp_fill_rq 2 41428 NULL +smk_write_doi_49621 smk_write_doi 3 49621 NULL +_alloc_get_attr_desc_470 _alloc_get_attr_desc 2 470 NULL @@ -85239,10 +93481,12 @@ index 0000000..909d902 +btrfsic_cmp_log_and_dev_bytenr_49628 btrfsic_cmp_log_and_dev_bytenr 2 49628 NULL +iio_device_alloc_41440 iio_device_alloc 1 41440 NULL +ntfs_file_buffered_write_41442 ntfs_file_buffered_write 4-6 41442 NULL -+pcpu_build_alloc_info_41443 pcpu_build_alloc_info 1-3-2 41443 NULL ++pcpu_build_alloc_info_41443 pcpu_build_alloc_info 1-2-3 41443 NULL ++dio_bio_alloc_8677 dio_bio_alloc 5 8677 NULL +bfad_debugfs_read_regrd_57830 bfad_debugfs_read_regrd 3 57830 NULL +st_write_16874 st_write 3 16874 NULL +copy_to_user_57835 copy_to_user 3 57835 NULL ++rproc_trace_read_8686 rproc_trace_read 3 8686 NULL +pidlist_resize_496 pidlist_resize 2 496 NULL +flash_read_57843 flash_read 3 57843 NULL +read_vbt_r0_503 read_vbt_r0 1 503 NULL @@ -85256,14 +93500,12 @@ index 0000000..909d902 +rfcomm_sock_sendmsg_37661 rfcomm_sock_sendmsg 4 37661 NULL nohasharray +vmw_framebuffer_dmabuf_dirty_37661 vmw_framebuffer_dmabuf_dirty 6 37661 &rfcomm_sock_sendmsg_37661 +HDLC_irq_8709 HDLC_irq 2 8709 NULL -+stats_read_ul_32751 stats_read_ul 3 32751 NULL +ctrl_out_8712 ctrl_out 3-5 8712 NULL +cxio_hal_init_rhdl_resource_25104 cxio_hal_init_rhdl_resource 1 25104 NULL -+copy_to_user_fromio_57432 copy_to_user_fromio 3 57432 NULL ++sock_wmalloc_16472 sock_wmalloc 2 16472 NULL +snd_rawmidi_kernel_write_25106 snd_rawmidi_kernel_write 3 25106 NULL -+aa_simple_write_to_buffer_49683 aa_simple_write_to_buffer 4-3 49683 NULL ++aa_simple_write_to_buffer_49683 aa_simple_write_to_buffer 3-4 49683 NULL +wep_interrupt_read_41492 wep_interrupt_read 3 41492 NULL -+trim_bitmaps_24158 trim_bitmaps 3 24158 NULL +hpfs_translate_name_41497 hpfs_translate_name 3 41497 NULL +mcs7830_get_reg_33308 mcs7830_get_reg 3 33308 NULL +psb_unlocked_ioctl_16926 psb_unlocked_ioctl 2 16926 NULL nohasharray @@ -85271,25 +93513,23 @@ index 0000000..909d902 +iwl_dbgfs_reply_tx_error_read_19205 iwl_dbgfs_reply_tx_error_read 3 19205 NULL +sys_gethostname_49698 sys_gethostname 2 49698 NULL +cx2341x_ctrl_new_menu_49700 cx2341x_ctrl_new_menu 3 49700 NULL -+vhci_read_47878 vhci_read 3 47878 NULL ++ieee80211_rx_mgmt_probe_resp_6918 ieee80211_rx_mgmt_probe_resp 3 6918 NULL +devres_alloc_551 devres_alloc 2 551 NULL -+TSS_authhmac_12839 TSS_authhmac 3 12839 NULL +ldisc_receive_41516 ldisc_receive 4 41516 NULL +tx_tx_exch_expiry_read_8749 tx_tx_exch_expiry_read 3 8749 NULL +ip_append_data_16942 ip_append_data 5-6 16942 NULL +xt_alloc_table_info_57903 xt_alloc_table_info 1 57903 NULL -+_sp2d_alloc_16944 _sp2d_alloc 1-3-2 16944 NULL ++_sp2d_alloc_16944 _sp2d_alloc 1-2-3 16944 NULL +squashfs_read_table_16945 squashfs_read_table 3 16945 NULL +emi26_writememory_57908 emi26_writememory 4 57908 NULL +start_isoc_chain_565 start_isoc_chain 2 565 NULL +iio_read_first_n_kfifo_57910 iio_read_first_n_kfifo 2 57910 NULL +gsm_mux_rx_netchar_33336 gsm_mux_rx_netchar 3 33336 NULL -+audit_unpack_string_13748 audit_unpack_string 3 13748 NULL ++brcmu_pkt_buf_get_skb_5556 brcmu_pkt_buf_get_skb 1 5556 NULL +joydev_compat_ioctl_8765 joydev_compat_ioctl 2 8765 NULL +sys_prctl_8766 sys_prctl 4 8766 NULL +joydev_ioctl_33343 joydev_ioctl 2 33343 NULL +sep_create_dcb_dmatables_context_kernel_49728 sep_create_dcb_dmatables_context_kernel 6 49728 NULL -+insert_one_name_61668 insert_one_name 7 61668 NULL +compat_sys_preadv_583 compat_sys_preadv 3 583 NULL +sys_fsetxattr_49736 sys_fsetxattr 4 49736 NULL +keyctl_instantiate_key_iov_16969 keyctl_instantiate_key_iov 3 16969 NULL @@ -85301,56 +93541,60 @@ index 0000000..909d902 +zd_usb_iowrite16v_49744 zd_usb_iowrite16v 3 49744 NULL +tx_tx_frame_checksum_read_41553 tx_tx_frame_checksum_read 3 41553 NULL +ath6kl_endpoint_stats_read_41554 ath6kl_endpoint_stats_read 3 41554 NULL -+i2cdev_write_23310 i2cdev_write 3 23310 NULL ++ath6kl_buf_alloc_57304 ath6kl_buf_alloc 1 57304 NULL ++cache_do_downcall_6926 cache_do_downcall 3 6926 NULL ++gserial_setup_41558 gserial_setup 2 41558 NULL +rx_rx_checksum_result_read_50617 rx_rx_checksum_result_read 3 50617 NULL +rx_57944 rx 4 57944 NULL +sctp_getsockopt_local_addrs_25178 sctp_getsockopt_local_addrs 2 25178 NULL +nci_skb_alloc_49757 nci_skb_alloc 2 49757 NULL +key_conf_keylen_read_49758 key_conf_keylen_read 3 49758 NULL +cpuset_common_file_read_8800 cpuset_common_file_read 5 8800 NULL -+ip_set_alloc_57953 ip_set_alloc 1 57953 NULL ++sctp_ulpevent_new_33377 sctp_ulpevent_new 1 33377 NULL +fuse_conn_waiting_read_49762 fuse_conn_waiting_read 3 49762 NULL +mempool_create_slab_pool_62907 mempool_create_slab_pool 1 62907 NULL -+fast_rx_path_59214 fast_rx_path 3 59214 NULL +isku_sysfs_write_49767 isku_sysfs_write 6 49767 NULL +i915_cache_sharing_write_57961 i915_cache_sharing_write 3 57961 NULL +batadv_receive_client_update_packet_41578 batadv_receive_client_update_packet 3 41578 NULL +ceph_read_dir_17005 ceph_read_dir 3 17005 NULL +handle_response_icmp_39574 handle_response_icmp 7 39574 NULL -+iwl_dbgfs_nvm_read_23845 iwl_dbgfs_nvm_read 3 23845 NULL ++wbcir_tx_19219 wbcir_tx 3 19219 NULL +hfc_empty_fifo_57972 hfc_empty_fifo 2 57972 NULL ++ceph_dns_resolve_name_62488 ceph_dns_resolve_name 2 62488 NULL +metronomefb_write_8823 metronomefb_write 3 8823 NULL ++icmpv6_manip_pkt_8833 icmpv6_manip_pkt 4 8833 NULL +copy_counters_to_user_17027 copy_counters_to_user 5 17027 NULL -+unlink_queued_645 unlink_queued 3-4 645 NULL -+_add_sg_continuation_descriptor_54721 _add_sg_continuation_descriptor 3 54721 NULL ++read_file_rx_chainmask_41605 read_file_rx_chainmask 3 41605 NULL ++vmw_du_crtc_cursor_set_28479 vmw_du_crtc_cursor_set 4-5 28479 NULL +_osd_req_list_objects_4204 _osd_req_list_objects 6 4204 NULL +nfs4_acl_new_49806 nfs4_acl_new 1 49806 NULL +a2mp_send_41615 a2mp_send 4 41615 NULL -+ceph_copy_user_to_page_vector_656 ceph_copy_user_to_page_vector 3-4 656 NULL ++ceph_copy_user_to_page_vector_656 ceph_copy_user_to_page_vector 4-3 656 NULL +rx_reset_counter_read_58001 rx_reset_counter_read 3 58001 NULL +arch_gnttab_map_status_49812 arch_gnttab_map_status 3 49812 NULL +mon_stat_read_25238 mon_stat_read 3 25238 NULL +jffs2_trusted_setxattr_17048 jffs2_trusted_setxattr 4 17048 NULL -+regcache_rbtree_insert_to_block_58009 regcache_rbtree_insert_to_block 5 58009 NULL ++tcf_csum_ipv6_udp_25241 tcf_csum_ipv6_udp 4 25241 NULL +wa_nep_queue_8858 wa_nep_queue 2 8858 NULL +macvtap_alloc_skb_50629 macvtap_alloc_skb 2-4-3 50629 NULL +mem_rx_free_mem_blks_read_675 mem_rx_free_mem_blks_read 3 675 NULL +ntfs_copy_from_user_iovec_49829 ntfs_copy_from_user_iovec 3-6 49829 NULL +add_uuid_49831 add_uuid 4 49831 NULL ++send_pages_8872 send_pages 3 8872 NULL +ath6kl_fwlog_block_read_49836 ath6kl_fwlog_block_read 3 49836 NULL +__btrfs_map_block_49839 __btrfs_map_block 3 49839 NULL +dvb_dvr_read_17073 dvb_dvr_read 3 17073 NULL +mempool_create_kmalloc_pool_41650 mempool_create_kmalloc_pool 1 41650 NULL +simple_transaction_read_17076 simple_transaction_read 3 17076 NULL +rx_rx_pre_complt_read_41653 rx_rx_pre_complt_read 3 41653 NULL -+scsi_dispatch_cmd_entry_49848 scsi_dispatch_cmd_entry 3 49848 NULL ++__kmalloc_reserve_17080 __kmalloc_reserve 1 17080 NULL +timeradd_entry_49850 timeradd_entry 3 49850 NULL +crypto_alloc_instance2_25277 crypto_alloc_instance2 3 25277 NULL +vfs_writev_25278 vfs_writev 3 25278 NULL +rtl8169_try_rx_copy_705 rtl8169_try_rx_copy 3 705 NULL +alloc_async_14208 alloc_async 1 14208 NULL +ovs_vport_alloc_33475 ovs_vport_alloc 1 33475 NULL -+persistent_ram_vmap_709 persistent_ram_vmap 1-2 709 NULL ++persistent_ram_vmap_709 persistent_ram_vmap 2-1 709 NULL +l2tp_session_create_25286 l2tp_session_create 1 25286 NULL +create_entry_33479 create_entry 2 33479 NULL +mce_async_out_58056 mce_async_out 3 58056 NULL @@ -85365,7 +93609,8 @@ index 0000000..909d902 +sctp_setsockopt_peer_addr_params_734 sctp_setsockopt_peer_addr_params 3 734 NULL +cm4040_write_58079 cm4040_write 3 58079 NULL +fb_read_33506 fb_read 3 33506 NULL -+ath9k_debugfs_read_buf_25316 ath9k_debugfs_read_buf 3 25316 NULL ++help_25316 help 5 25316 NULL nohasharray ++ath9k_debugfs_read_buf_25316 ath9k_debugfs_read_buf 3 25316 &help_25316 +rfcomm_wmalloc_58090 rfcomm_wmalloc 2 58090 NULL +mwifiex_get_common_rates_17131 mwifiex_get_common_rates 3 17131 NULL +musb_test_mode_write_33518 musb_test_mode_write 3 33518 NULL @@ -85374,10 +93619,10 @@ index 0000000..909d902 +ahash_setkey_unaligned_33521 ahash_setkey_unaligned 3 33521 NULL +dvb_video_write_754 dvb_video_write 3 754 NULL +nes_alloc_fast_reg_page_list_33523 nes_alloc_fast_reg_page_list 2 33523 NULL -+ieee80211_if_read_flags_57470 ieee80211_if_read_flags 3 57470 NULL nohasharray -+sep_lock_user_pages_57470 sep_lock_user_pages 2-3 57470 &ieee80211_if_read_flags_57470 ++osd_req_add_get_attr_list_49278 osd_req_add_get_attr_list 3 49278 NULL +aggr_size_rx_size_read_33526 aggr_size_rx_size_read 3 33526 NULL +bdx_tx_db_init_41719 bdx_tx_db_init 2 41719 NULL ++nouveau_instobj_create__17144 nouveau_instobj_create_ 4 17144 NULL +udi_log_event_58105 udi_log_event 3 58105 NULL +sys_pwritev_41722 sys_pwritev 3 41722 NULL +l2cap_sock_alloc_skb_cb_33532 l2cap_sock_alloc_skb_cb 2 33532 NULL @@ -85389,24 +93634,30 @@ index 0000000..909d902 +usb_allocate_stream_buffers_8964 usb_allocate_stream_buffers 3 8964 NULL +tcm_loop_change_queue_depth_42454 tcm_loop_change_queue_depth 2 42454 NULL +venus_mkdir_8967 venus_mkdir 4 8967 NULL -+seq_open_net_8968 seq_open_net 4 8968 NULL nohasharray -+vol_cdev_read_8968 vol_cdev_read 3 8968 &seq_open_net_8968 ++vol_cdev_read_8968 vol_cdev_read 3 8968 NULL nohasharray ++seq_open_net_8968 seq_open_net 4 8968 &vol_cdev_read_8968 +sep_read_17161 sep_read 3 17161 NULL +befs_nls2utf_17163 befs_nls2utf 3 17163 NULL +tx_tx_start_templates_read_17164 tx_tx_start_templates_read 3 17164 NULL +dup_array_33551 dup_array 3 33551 NULL ++vxge_device_register_7752 vxge_device_register 4 7752 NULL +solo_enc_read_33553 solo_enc_read 3 33553 NULL +fillonedir_41746 fillonedir 3 41746 NULL ++init_bch_64130 init_bch 1-2 64130 NULL +ipv6_flowlabel_opt_58135 ipv6_flowlabel_opt 3 58135 NULL nohasharray +slhc_init_58135 slhc_init 1-2 58135 &ipv6_flowlabel_opt_58135 +sel_read_mls_25369 sel_read_mls 3 25369 NULL +btrfs_alloc_free_block_8986 btrfs_alloc_free_block 3 8986 NULL ++savemem_58129 savemem 3 58129 NULL +batadv_tt_realloc_packet_buff_49960 batadv_tt_realloc_packet_buff 4 49960 NULL ++rx_defrag_tkip_called_read_21031 rx_defrag_tkip_called_read 3 21031 NULL +driver_state_read_17194 driver_state_read 3 17194 NULL nohasharray +iscsit_find_cmd_from_itt_or_dump_17194 iscsit_find_cmd_from_itt_or_dump 3 17194 &driver_state_read_17194 ++dispatch_ioctl_32357 dispatch_ioctl 2 32357 NULL +if_writecmd_815 if_writecmd 2 815 NULL +aac_change_queue_depth_825 aac_change_queue_depth 2 825 NULL +read_fifo_826 read_fifo 3 826 NULL ++keyctl_describe_key_36853 keyctl_describe_key 3 36853 NULL +scsi_execute_33596 scsi_execute 5 33596 NULL +dn_recvmsg_17213 dn_recvmsg 4 17213 NULL +ms_rw_17220 ms_rw 3-4 17220 NULL @@ -85420,6 +93671,7 @@ index 0000000..909d902 +um_idi_read_850 um_idi_read 3 850 NULL +__module_alloc_50004 __module_alloc 1 50004 NULL +sco_send_frame_41815 sco_send_frame 3 41815 NULL ++ts_read_44687 ts_read 3 44687 NULL +nci_send_cmd_58206 nci_send_cmd 3 58206 NULL +snd_emu10k1_synth_copy_from_user_9061 snd_emu10k1_synth_copy_from_user 3-5 9061 NULL +snd_gus_dram_peek_9062 snd_gus_dram_peek 4 9062 NULL @@ -85440,12 +93692,11 @@ index 0000000..909d902 +irq_blk_threshold_read_33666 irq_blk_threshold_read 3 33666 NULL +neigh_hash_grow_17283 neigh_hash_grow 2 17283 NULL +btrfsic_create_link_to_next_block_58246 btrfsic_create_link_to_next_block 4 58246 NULL -+sctp_sf_abort_violation_38380 sctp_sf_abort_violation 6 38380 NULL +minstrel_stats_read_17290 minstrel_stats_read 3 17290 NULL +rbd_alloc_coll_33678 rbd_alloc_coll 1 33678 NULL +read_file_debug_58256 read_file_debug 3 58256 NULL -+caif_stream_sendmsg_9110 caif_stream_sendmsg 4 9110 NULL -+tracing_trace_options_write_153 tracing_trace_options_write 3 153 NULL ++skb_pad_17302 skb_pad 2 17302 NULL ++tracing_entries_read_8345 tracing_entries_read 3 8345 NULL +btmrvl_hsstate_read_920 btmrvl_hsstate_read 3 920 NULL +profile_load_58267 profile_load 3 58267 NULL +pmcraid_change_queue_depth_9116 pmcraid_change_queue_depth 2 9116 NULL @@ -85455,7 +93706,6 @@ index 0000000..909d902 +dev_set_alias_50084 dev_set_alias 3 50084 NULL +pcpu_get_vm_areas_50085 pcpu_get_vm_areas 3 50085 NULL +sock_setsockopt_50088 sock_setsockopt 5 50088 NULL -+oom_adjust_write_41116 oom_adjust_write 3 41116 NULL +altera_swap_dr_50090 altera_swap_dr 2 50090 NULL +sys_keyctl_33708 sys_keyctl 4 33708 NULL nohasharray +netlink_sendmsg_33708 netlink_sendmsg 4 33708 &sys_keyctl_33708 @@ -85467,16 +93717,17 @@ index 0000000..909d902 +get_fdb_entries_41916 get_fdb_entries 3 41916 NULL +ceph_get_direct_page_vector_41917 ceph_get_direct_page_vector 2 41917 NULL +read_file_slot_50111 read_file_slot 3 50111 NULL -+iwl_dbgfs_rxon_filter_flags_read_28832 iwl_dbgfs_rxon_filter_flags_read 3 28832 NULL ++netlink_recvmsg_61600 netlink_recvmsg 4 61600 NULL +ieee80211_if_read_dot11MeshHWMPperrMinInterval_17346 ieee80211_if_read_dot11MeshHWMPperrMinInterval 3 17346 NULL +ath6kl_wmi_send_mgmt_cmd_17347 ath6kl_wmi_send_mgmt_cmd 7 17347 NULL +serverworks_create_gatt_pages_46582 serverworks_create_gatt_pages 1 46582 NULL +ieee80211_if_read_path_refresh_time_25545 ieee80211_if_read_path_refresh_time 3 25545 NULL +tx_tx_start_int_templates_read_58324 tx_tx_start_int_templates_read 3 58324 NULL +copy_items_50140 copy_items 6 50140 NULL -+isr_irqs_read_9181 isr_irqs_read 3 9181 NULL ++omfs_readpages_42490 omfs_readpages 4 42490 NULL +pcim_iomap_58334 pcim_iomap 3 58334 NULL +diva_init_dma_map_58336 diva_init_dma_map 3 58336 NULL ++map_addr_56144 map_addr 7 56144 NULL +vifs_state_read_33762 vifs_state_read 3 33762 NULL +btmrvl_psstate_read_50683 btmrvl_psstate_read 3 50683 NULL +hdlcdev_rx_997 hdlcdev_rx 3 997 NULL @@ -85493,12 +93744,13 @@ index 0000000..909d902 +ubi_resize_volume_50172 ubi_resize_volume 2 50172 NULL +smk_write_cipso2_1021 smk_write_cipso2 3 1021 NULL +__devres_alloc_25598 __devres_alloc 2 25598 NULL -+brcmf_debugfs_sdio_counter_read_58369 brcmf_debugfs_sdio_counter_read 3 58369 NULL ++snd_compr_write_data_46592 snd_compr_write_data 3 46592 NULL +netpoll_send_udp_58955 netpoll_send_udp 3 58955 NULL +tx_tx_prepared_descs_read_9221 tx_tx_prepared_descs_read 3 9221 NULL +ib_send_cm_drep_50186 ib_send_cm_drep 3 50186 NULL +do_write_orph_node_64343 do_write_orph_node 2 64343 NULL -+sctp_getsockopt_delayed_ack_9232 sctp_getsockopt_delayed_ack 2 9232 NULL ++qla4xxx_post_aen_work_46953 qla4xxx_post_aen_work 3 46953 NULL ++lpfc_debugfs_dif_err_write_17424 lpfc_debugfs_dif_err_write 3 17424 NULL +il_dbgfs_status_read_58388 il_dbgfs_status_read 3 58388 NULL +cfg80211_roamed_bss_50198 cfg80211_roamed_bss 4-6 50198 NULL +lguest_map_42008 lguest_map 1-2 42008 NULL @@ -85510,7 +93762,8 @@ index 0000000..909d902 +ieee80211_skb_resize_50211 ieee80211_skb_resize 3 50211 NULL +gigaset_initdriver_1060 gigaset_initdriver 2 1060 NULL +sep_create_msgarea_context_33829 sep_create_msgarea_context 4 33829 NULL -+vp_request_msix_vectors_28849 vp_request_msix_vectors 2 28849 NULL ++skb_do_copy_data_nocache_12465 skb_do_copy_data_nocache 5 12465 NULL ++udplite_manip_pkt_33832 udplite_manip_pkt 4 33832 NULL +tcf_csum_ipv4_icmp_9258 tcf_csum_ipv4_icmp 3 9258 NULL +acpi_ut_create_buffer_object_42030 acpi_ut_create_buffer_object 1 42030 NULL +mce_request_packet_1073 mce_request_packet 3 1073 NULL @@ -85528,9 +93781,11 @@ index 0000000..909d902 +llcp_sock_sendmsg_1092 llcp_sock_sendmsg 4 1092 NULL +probe_kernel_write_17481 probe_kernel_write 3 17481 NULL +InterfaceTransmitPacket_42058 InterfaceTransmitPacket 3 42058 NULL -+kvm_write_guest_cached_11106 kvm_write_guest_cached 4 11106 NULL ++__alloc_session_17485 __alloc_session 2-1 17485 NULL +TSS_rawhmac_17486 TSS_rawhmac 3 17486 NULL ++pm860x_bulk_write_43875 pm860x_bulk_write 3 43875 NULL +afs_extract_data_50261 afs_extract_data 5 50261 NULL ++config_proc_write_33878 config_proc_write 3 33878 NULL +capabilities_read_58457 capabilities_read 3 58457 NULL +sta_inactive_ms_read_25690 sta_inactive_ms_read 3 25690 NULL +iwl_dbgfs_stations_read_9309 iwl_dbgfs_stations_read 3 9309 NULL @@ -85538,7 +93793,6 @@ index 0000000..909d902 +compat_do_ipt_set_ctl_58466 compat_do_ipt_set_ctl 4 58466 &lpfc_idiag_baracc_read_58466 +scsi_execute_req_42088 scsi_execute_req 5 42088 NULL +hcd_buffer_alloc_27495 hcd_buffer_alloc 2 27495 NULL -+key_algorithm_read_57946 key_algorithm_read 3 57946 NULL +rxrpc_setsockopt_50286 rxrpc_setsockopt 5 50286 NULL +sk_chk_filter_42095 sk_chk_filter 2 42095 NULL +rx_filter_mc_filter_read_25712 rx_filter_mc_filter_read 3 25712 NULL @@ -85551,24 +93805,22 @@ index 0000000..909d902 +sel_write_context_25726 sel_write_context 3 25726 NULL nohasharray +__alloc_bootmem_low_node_25726 __alloc_bootmem_low_node 2 25726 &sel_write_context_25726 +sysfs_read_file_42113 sysfs_read_file 3 42113 NULL -+compat_mpctl_ioctl_45671 compat_mpctl_ioctl 2 45671 NULL +mcs_unwrap_fir_25733 mcs_unwrap_fir 3 25733 NULL ++vme_user_write_15587 vme_user_write 3 15587 NULL +xlog_do_log_recovery_17550 xlog_do_log_recovery 3 17550 NULL +__copy_to_user_17551 __copy_to_user 3 17551 NULL +cxgbi_device_portmap_create_25747 cxgbi_device_portmap_create 3 25747 NULL +sel_read_avc_cache_threshold_33942 sel_read_avc_cache_threshold 3 33942 NULL -+copy_from_user_17559 copy_from_user 3 17559 NULL ++lpfc_idiag_ctlacc_read_33943 lpfc_idiag_ctlacc_read 3 33943 NULL +read_file_tgt_rx_stats_33944 read_file_tgt_rx_stats 3 33944 NULL -+iwl_dbgfs_ucode_tracing_read_47983 iwl_dbgfs_ucode_tracing_read 3 47983 NULL nohasharray -+mempool_resize_47983 mempool_resize 2 47983 &iwl_dbgfs_ucode_tracing_read_47983 ++nouveau_engine_create__50331 nouveau_engine_create_ 7 50331 NULL +lpfc_idiag_pcicfg_read_50334 lpfc_idiag_pcicfg_read 3 50334 NULL +v9fs_alloc_rdir_buf_42150 v9fs_alloc_rdir_buf 2 42150 NULL +roccat_common2_send_with_status_50343 roccat_common2_send_with_status 4 50343 NULL +ipc_alloc_1192 ipc_alloc 1 1192 NULL -+x25_sendmsg_12487 x25_sendmsg 4 12487 NULL ++mwifiex_info_read_53447 mwifiex_info_read 3 53447 NULL +ib_create_send_mad_1196 ib_create_send_mad 5 1196 NULL +rndis_add_response_58544 rndis_add_response 2 58544 NULL -+efx_tsoh_heap_alloc_58545 efx_tsoh_heap_alloc 2 58545 NULL +isdn_ppp_read_50356 isdn_ppp_read 4 50356 NULL +read_9397 read 3 9397 NULL +i2cdev_read_1206 i2cdev_read 3 1206 NULL @@ -85579,20 +93831,20 @@ index 0000000..909d902 +rts51x_write_mem_17598 rts51x_write_mem 4 17598 NULL +vga_switcheroo_debugfs_write_33984 vga_switcheroo_debugfs_write 3 33984 NULL +roccat_common2_receive_50369 roccat_common2_receive 4 50369 NULL -+blk_init_tags_30592 blk_init_tags 1 30592 NULL +oprofilefs_str_to_user_42182 oprofilefs_str_to_user 3 42182 NULL +osst_execute_17607 osst_execute 7-6 17607 NULL ++nf_nat_sip_expect_9418 nf_nat_sip_expect 8 9418 NULL +sl_alloc_bufs_50380 sl_alloc_bufs 2 50380 NULL +ipw_packet_received_skb_1230 ipw_packet_received_skb 2 1230 NULL +ieee80211_if_read_dot11MeshHWMPactivePathToRootTimeout_17618 ieee80211_if_read_dot11MeshHWMPactivePathToRootTimeout 3 17618 NULL +rx_rx_frame_checksum_read_40140 rx_rx_frame_checksum_read 3 40140 NULL +sys32_rt_sigpending_25814 sys32_rt_sigpending 2 25814 NULL +bm_realloc_pages_9431 bm_realloc_pages 2 9431 NULL -+realloc_buffer_25816 realloc_buffer 2 25816 NULL -+skb_make_writable_24783 skb_make_writable 2 24783 NULL ++acpi_battery_write_alarm_1240 acpi_battery_write_alarm 3 1240 NULL ++joydev_ioctl_common_49359 joydev_ioctl_common 2 49359 NULL +ffs_ep0_write_9438 ffs_ep0_write 3 9438 NULL +xip_file_read_58592 xip_file_read 3 58592 NULL -+tty_buffer_request_room_23228 tty_buffer_request_room 2 23228 NULL ++iwl_dbgfs_ucode_tx_stats_read_31611 iwl_dbgfs_ucode_tx_stats_read 3 31611 NULL +kmalloc_array_9444 kmalloc_array 1-2 9444 NULL +__ntfs_malloc_34022 __ntfs_malloc 1 34022 NULL +l2tp_ip_sendmsg_50411 l2tp_ip_sendmsg 4 50411 NULL @@ -85602,10 +93854,10 @@ index 0000000..909d902 +iscsi_create_conn_50425 iscsi_create_conn 2 50425 NULL +tty_insert_flip_string_34042 tty_insert_flip_string 3 34042 NULL +packet_setsockopt_17662 packet_setsockopt 5 17662 NULL -+skb_copy_to_page_nocache_58624 skb_copy_to_page_nocache 6 58624 NULL -+uf_ap_process_data_pdu_25860 uf_ap_process_data_pdu 7 25860 NULL -+module_alloc_update_bounds_rx_58634 module_alloc_update_bounds_rx 1 58634 NULL -+kimage_normal_alloc_31140 kimage_normal_alloc 3 31140 NULL ++batadv_tt_prepare_packet_buff_1280 batadv_tt_prepare_packet_buff 4 1280 NULL ++do_arpt_set_ctl_51053 do_arpt_set_ctl 4 51053 NULL ++module_alloc_update_bounds_rx_58634 module_alloc_update_bounds_rx 1 58634 NULL nohasharray ++efi_ioremap_58634 efi_ioremap 1-2 58634 &module_alloc_update_bounds_rx_58634 +btmrvl_hsmode_write_42252 btmrvl_hsmode_write 3 42252 NULL +rx_defrag_need_decrypt_read_42253 rx_defrag_need_decrypt_read 3 42253 NULL +dsp_tone_hw_message_17678 dsp_tone_hw_message 3 17678 NULL @@ -85614,14 +93866,15 @@ index 0000000..909d902 +__alloc_preds_9492 __alloc_preds 2 9492 NULL +pgctrl_write_50453 pgctrl_write 3 50453 NULL +pwr_enable_ps_read_17686 pwr_enable_ps_read 3 17686 NULL ++read_file_ant_diversity_34071 read_file_ant_diversity 3 34071 NULL +tx_tx_start_fw_gen_read_58648 tx_tx_start_fw_gen_read 3 58648 NULL +ath6kl_regread_read_25884 ath6kl_regread_read 3 25884 NULL -+ib_copy_to_udata_27525 ib_copy_to_udata 3 27525 NULL ++tm6000_i2c_recv_regs16_2949 tm6000_i2c_recv_regs16 5 2949 NULL +savu_sysfs_write_42273 savu_sysfs_write 6 42273 NULL +uvc_v4l2_ioctl_8411 uvc_v4l2_ioctl 2 8411 NULL +lp_write_9511 lp_write 3 9511 NULL +__einj_error_trigger_17707 __einj_error_trigger 1 17707 NULL nohasharray -+venus_rename_17707 venus_rename 4-5 17707 &__einj_error_trigger_17707 ++venus_rename_17707 venus_rename 5-4 17707 &__einj_error_trigger_17707 +cdrom_read_cdda_50478 cdrom_read_cdda 4 50478 NULL +nfs_readdir_make_qstr_12509 nfs_readdir_make_qstr 3 12509 NULL +lpfc_change_queue_depth_25905 lpfc_change_queue_depth 2 25905 NULL @@ -85635,6 +93888,7 @@ index 0000000..909d902 +ulong_read_file_42304 ulong_read_file 3 42304 &sctp_setsockopt_del_key_42304 +tps6586x_writes_58689 tps6586x_writes 3 58689 NULL +il_dbgfs_rx_stats_read_15243 il_dbgfs_rx_stats_read 3 15243 NULL ++xfs_vm_readpages_42308 xfs_vm_readpages 4 42308 NULL +exofs_read_lookup_dev_table_17733 exofs_read_lookup_dev_table 3 17733 NULL +pwr_rcvd_awake_beacons_read_50505 pwr_rcvd_awake_beacons_read 3 50505 NULL +snd_es1938_capture_copy_25930 snd_es1938_capture_copy 5 25930 NULL @@ -85647,15 +93901,16 @@ index 0000000..909d902 +pipeline_dec_packet_in_fifo_full_read_33052 pipeline_dec_packet_in_fifo_full_read 3 33052 NULL +fw_node_create_9559 fw_node_create 2 9559 NULL +fw_stats_raw_read_1369 fw_stats_raw_read 3 1369 NULL -+mid_get_vbt_data_r1_26170 mid_get_vbt_data_r1 2 26170 NULL ++ixgbe_dbg_netdev_ops_write_34141 ixgbe_dbg_netdev_ops_write 3 34141 NULL +kobj_map_9566 kobj_map 2-3 9566 NULL +snd_pcm_plug_alloc_42339 snd_pcm_plug_alloc 2 42339 NULL +acpi_map_58725 acpi_map 1-2 58725 NULL ++brcmf_usb_attach_17766 brcmf_usb_attach 2-3 17766 NULL +sctp_setsockopt_initmsg_1383 sctp_setsockopt_initmsg 3 1383 NULL +fwnet_receive_packet_50537 fwnet_receive_packet 9 50537 NULL +do_msgsnd_1387 do_msgsnd 4 1387 NULL +ieee80211_tdls_mgmt_9581 ieee80211_tdls_mgmt 8 9581 NULL -+l2tp_xmit_skb_42672 l2tp_xmit_skb 3 42672 NULL ++snd_rawmidi_kernel_read_4328 snd_rawmidi_kernel_read 3 4328 NULL +ide_raw_taskfile_42355 ide_raw_taskfile 4 42355 NULL +udp_recvmsg_42558 udp_recvmsg 4 42558 NULL +file_read_actor_1401 file_read_actor 4 1401 NULL @@ -85668,13 +93923,13 @@ index 0000000..909d902 +scsi_host_alloc_63041 scsi_host_alloc 2 63041 NULL +agp_allocate_memory_58761 agp_allocate_memory 2 58761 NULL +__do_config_autodelink_58763 __do_config_autodelink 3 58763 NULL -+skb_copy_expand_7685 skb_copy_expand 2-3 7685 NULL nohasharray -+acpi_ex_allocate_name_string_7685 acpi_ex_allocate_name_string 2-1 7685 &skb_copy_expand_7685 ++sctp_sf_abort_violation_1420 sctp_sf_abort_violation 7 1420 NULL +afs_cell_alloc_24052 afs_cell_alloc 2 24052 NULL +il_dbgfs_disable_ht40_read_42386 il_dbgfs_disable_ht40_read 3 42386 NULL +lpfc_sli_probe_sriov_nr_virtfn_26004 lpfc_sli_probe_sriov_nr_virtfn 2 26004 NULL -+osd_req_write_kern_53486 osd_req_write_kern 5 53486 NULL -+pep_reply_50582 pep_reply 5 50582 NULL ++qib_alloc_fast_reg_mr_12526 qib_alloc_fast_reg_mr 2 12526 NULL ++fat_readpages_50582 fat_readpages 4 50582 NULL nohasharray ++pep_reply_50582 pep_reply 5 50582 &fat_readpages_50582 +iwl_dbgfs_missed_beacon_read_50584 iwl_dbgfs_missed_beacon_read 3 50584 NULL +saa7164_buffer_alloc_user_9627 saa7164_buffer_alloc_user 2 9627 NULL +_snd_pcm_lib_alloc_vmalloc_buffer_17820 _snd_pcm_lib_alloc_vmalloc_buffer 2 17820 NULL @@ -85683,7 +93938,6 @@ index 0000000..909d902 +stack_max_size_read_1445 stack_max_size_read 3 1445 NULL +compat_sys_keyctl_9639 compat_sys_keyctl 4 9639 NULL +skb_padto_50759 skb_padto 2 50759 NULL -+irq_domain_add_linear_29236 irq_domain_add_linear 2 29236 NULL +raw_send_hdrinc_58803 raw_send_hdrinc 4 58803 NULL +mptscsih_change_queue_depth_26036 mptscsih_change_queue_depth 2 26036 NULL +selinux_inode_post_setxattr_26037 selinux_inode_post_setxattr 4 26037 NULL @@ -85695,7 +93949,7 @@ index 0000000..909d902 +xprt_alloc_1475 xprt_alloc 2 1475 NULL +gsm_data_alloc_42437 gsm_data_alloc 3 42437 NULL +snd_opl4_mem_proc_write_9670 snd_opl4_mem_proc_write 5 9670 NULL -+vring_new_virtqueue_9671 vring_new_virtqueue 1 9671 NULL ++pci_enable_sriov_35745 pci_enable_sriov 2 35745 NULL +sisusb_send_bulk_msg_17864 sisusb_send_bulk_msg 3 17864 NULL +simple_transaction_get_50633 simple_transaction_get 3 50633 NULL +key_conf_keyidx_read_42443 key_conf_keyidx_read 3 42443 NULL @@ -85703,15 +93957,16 @@ index 0000000..909d902 +keyctl_update_key_26061 keyctl_update_key 3 26061 NULL +sta_num_ps_buf_frames_read_1488 sta_num_ps_buf_frames_read 3 1488 NULL +ray_cs_essid_proc_write_17875 ray_cs_essid_proc_write 3 17875 NULL -+ocfs2_debug_read_14507 ocfs2_debug_read 3 14507 NULL +orinoco_set_key_17878 orinoco_set_key 5-7 17878 NULL +bl_pipe_downcall_34264 bl_pipe_downcall 3 34264 NULL +command_write_58841 command_write 3 58841 NULL ++short_retry_limit_read_4687 short_retry_limit_read 3 4687 NULL ++dev_config_8506 dev_config 3 8506 NULL +compat_sys_pwritev_17886 compat_sys_pwritev 3 17886 NULL +sys_readv_50664 sys_readv 3 50664 NULL +bnad_debugfs_read_50665 bnad_debugfs_read 3 50665 NULL ++__simple_xattr_set_42474 __simple_xattr_set 4 42474 NULL +ath6kl_wmi_send_action_cmd_58860 ath6kl_wmi_send_action_cmd 7 58860 NULL -+usbvision_v4l2_read_34386 usbvision_v4l2_read 3 34386 NULL +rx_rx_wa_density_dropped_frame_read_26095 rx_rx_wa_density_dropped_frame_read 3 26095 NULL +recover_head_17904 recover_head 3 17904 NULL +dccp_feat_register_sp_17914 dccp_feat_register_sp 5 17914 NULL @@ -85722,7 +93977,6 @@ index 0000000..909d902 +pvr2_v4l2_read_18006 pvr2_v4l2_read 3 18006 NULL +cs553x_init_one_58886 cs553x_init_one 3 58886 NULL +ddb_input_read_9743 ddb_input_read 3 9743 NULL -+user_instantiate_26131 user_instantiate 3 26131 NULL +skb_cow_26138 skb_cow 2 26138 NULL +smk_write_netlbladdr_42525 smk_write_netlbladdr 3 42525 NULL +snd_emux_create_port_42533 snd_emux_create_port 3 42533 NULL @@ -85735,20 +93989,22 @@ index 0000000..909d902 +i915_ring_stop_read_42549 i915_ring_stop_read 3 42549 NULL nohasharray +ath6kl_wmi_proc_events_vif_42549 ath6kl_wmi_proc_events_vif 5 42549 &i915_ring_stop_read_42549 +ath6kl_roam_table_read_26166 ath6kl_roam_table_read 3 26166 NULL -+vmalloc_32_1135 vmalloc_32 1 1135 NULL +snd_mem_proc_write_9786 snd_mem_proc_write 3 9786 NULL +fc_frame_alloc_1596 fc_frame_alloc 2 1596 NULL +rngapi_reset_34366 rngapi_reset 3 34366 NULL nohasharray +p54_alloc_skb_34366 p54_alloc_skb 3 34366 &rngapi_reset_34366 -+alloc_rx_desc_ring_18016 alloc_rx_desc_ring 2 18016 NULL ++iwl_calib_set_34400 iwl_calib_set 3 34400 NULL nohasharray ++ivtv_read_pos_34400 ivtv_read_pos 3 34400 &iwl_calib_set_34400 ++solo_v4l2_read_59247 solo_v4l2_read 3 59247 NULL +smk_write_cipso_17989 smk_write_cipso 3 17989 NULL +packet_buffer_init_1607 packet_buffer_init 2 1607 NULL +reiserfs_resize_34377 reiserfs_resize 2 34377 NULL +get_registers_26187 get_registers 3 26187 NULL ++cgroup_setxattr_26188 cgroup_setxattr 4 26188 NULL +ttm_bo_fbdev_io_9805 ttm_bo_fbdev_io 4 9805 NULL +btmrvl_hscmd_read_1614 btmrvl_hscmd_read 3 1614 NULL +av7110_vbi_write_34384 av7110_vbi_write 3 34384 NULL -+udp_manip_pkt_50770 udp_manip_pkt 2 50770 NULL ++usbvision_v4l2_read_34386 usbvision_v4l2_read 3 34386 NULL +snd_pcm_oss_write2_27332 snd_pcm_oss_write2 3 27332 NULL +udpv6_recvmsg_9813 udpv6_recvmsg 4 9813 NULL nohasharray +ieee80211_if_read_state_9813 ieee80211_if_read_state 3 9813 &udpv6_recvmsg_9813 @@ -85758,13 +94014,9 @@ index 0000000..909d902 +mce_write_26201 mce_write 3 26201 NULL +iwch_alloc_fastreg_pbl_40153 iwch_alloc_fastreg_pbl 2 40153 NULL +bio_alloc_map_data_50782 bio_alloc_map_data 1-2 50782 NULL -+carl9170_debugfs_write_50857 carl9170_debugfs_write 3 50857 NULL -+iwl_calib_set_34400 iwl_calib_set 3 34400 NULL nohasharray -+ivtv_read_pos_34400 ivtv_read_pos 3 34400 &iwl_calib_set_34400 -+max3107_handlerx_58978 max3107_handlerx 2 58978 NULL ++alloc_rx_desc_ring_18016 alloc_rx_desc_ring 2 18016 NULL ++oom_score_adj_write_42594 oom_score_adj_write 3 42594 NULL +smk_write_load2_52155 smk_write_load2 3 52155 NULL -+process_vm_rw_single_vec_26213 process_vm_rw_single_vec 1-2 26213 NULL -+pci_enable_sriov_35745 pci_enable_sriov 2 35745 NULL +__pskb_pull_42602 __pskb_pull 2 42602 NULL +sctp_make_heartbeat_ack_34411 sctp_make_heartbeat_ack 4 34411 NULL +tpm_write_50798 tpm_write 3 50798 NULL @@ -85775,17 +94027,17 @@ index 0000000..909d902 +_scsih_change_queue_depth_26230 _scsih_change_queue_depth 2 26230 NULL +rxrpc_recvmsg_26233 rxrpc_recvmsg 4 26233 NULL +ikconfig_read_current_1658 ikconfig_read_current 3 1658 NULL -+posix_acl_alloc_48063 posix_acl_alloc 1 48063 NULL +dvb_play_50814 dvb_play 3 50814 NULL +cryptd_alloc_instance_18048 cryptd_alloc_instance 2-3 18048 NULL +sys_move_pages_42626 sys_move_pages 2 42626 NULL +ddebug_proc_write_18055 ddebug_proc_write 3 18055 NULL +pmcraid_alloc_sglist_9864 pmcraid_alloc_sglist 1 9864 NULL +btrfs_free_reserved_extent_9867 btrfs_free_reserved_extent 2 9867 NULL -+pstore_mkfile_50830 pstore_mkfile 5 50830 NULL ++usbtest_alloc_urb_34446 usbtest_alloc_urb 3-5 34446 NULL +dma_attach_50831 dma_attach 6-7 50831 NULL +scsi_activate_tcq_42640 scsi_activate_tcq 2 42640 NULL +br_mdb_rehash_42643 br_mdb_rehash 2 42643 NULL ++vhci_put_user_12604 vhci_put_user 4 12604 NULL +packet_came_18072 packet_came 3 18072 NULL +init_pci_cap_msi_perm_59033 init_pci_cap_msi_perm 2 59033 NULL +kvm_read_guest_page_18074 kvm_read_guest_page 5 18074 NULL @@ -85797,39 +94049,37 @@ index 0000000..909d902 +bm_register_write_9893 bm_register_write 3 9893 NULL nohasharray +snd_midi_event_new_9893 snd_midi_event_new 1 9893 &bm_register_write_9893 +self_check_write_50856 self_check_write 5 50856 NULL -+regmap_bulk_write_59049 regmap_bulk_write 4 59049 NULL ++line6_dumpreq_init_34473 line6_dumpreq_init 3 34473 NULL +i2o_parm_field_get_34477 i2o_parm_field_get 5 34477 NULL +mpi_alloc_18094 mpi_alloc 1 18094 NULL +coda_psdev_write_1711 coda_psdev_write 3 1711 NULL -+receive_DataRequest_9904 receive_DataRequest 3 9904 NULL -+get_packet_5747 get_packet 3 5747 NULL -+osdmap_set_max_osd_57630 osdmap_set_max_osd 2 57630 NULL nohasharray -+sisusbcon_putcs_57630 sisusbcon_putcs 3 57630 &osdmap_set_max_osd_57630 -+udf_alloc_i_data_35786 udf_alloc_i_data 2 35786 NULL ++l2tp_xmit_skb_42672 l2tp_xmit_skb 3 42672 NULL ++bitmap_resize_33054 bitmap_resize 2 33054 NULL ++mga_compat_ioctl_52170 mga_compat_ioctl 2 52170 NULL ++mgmt_pending_add_46976 mgmt_pending_add 5 46976 NULL ++sis190_try_rx_copy_57069 sis190_try_rx_copy 3 57069 NULL +dfs_file_read_18116 dfs_file_read 3 18116 NULL +request_key_and_link_42693 request_key_and_link 4 42693 NULL +vb2_read_42703 vb2_read 3 42703 NULL +pwr_wake_on_host_read_26321 pwr_wake_on_host_read 3 26321 NULL -+dm_write_2513 dm_write 3 2513 NULL +hvc_alloc_12579 hvc_alloc 4 12579 NULL +tx_frag_called_read_1748 tx_frag_called_read 3 1748 NULL -+irda_sendmsg_4388 irda_sendmsg 4 4388 NULL -+osd_req_write_sg_50908 osd_req_write_sg 5 50908 NULL ++snd_pcm_plugin_alloc_12580 snd_pcm_plugin_alloc 2 12580 NULL ++pstore_ftrace_knob_read_9947 pstore_ftrace_knob_read 3 9947 NULL ++read_file_misc_9948 read_file_misc 3 9948 NULL +xfs_iext_remove_50909 xfs_iext_remove 3 50909 NULL +set_rxd_buffer_pointer_9950 set_rxd_buffer_pointer 8 9950 NULL -+erst_dbg_write_46715 erst_dbg_write 3 46715 NULL +selinux_inode_setsecurity_18148 selinux_inode_setsecurity 4 18148 NULL +csum_partial_copy_fromiovecend_9957 csum_partial_copy_fromiovecend 3-4 9957 NULL +tracing_stats_read_34537 tracing_stats_read 3 34537 NULL +hash_recvmsg_50924 hash_recvmsg 4 50924 NULL +dvb_demux_ioctl_42733 dvb_demux_ioctl 2 42733 NULL -+chd_dec_fetch_cdata_50926 chd_dec_fetch_cdata 3 50926 NULL -+update_macheader_1775 update_macheader 7 1775 NULL ++cosa_write_1774 cosa_write 3 1774 NULL +set_aoe_iflist_42737 set_aoe_iflist 2 42737 NULL +hugetlbfs_read_actor_34547 hugetlbfs_read_actor 2-5-4 34547 NULL +ax25_setsockopt_42740 ax25_setsockopt 5 42740 NULL +btrfs_add_link_9973 btrfs_add_link 5 9973 NULL -+stats_dot11RTSSuccessCount_read_33065 stats_dot11RTSSuccessCount_read 3 33065 NULL ++bnx2fc_cmd_mgr_alloc_24873 bnx2fc_cmd_mgr_alloc 3-2 24873 NULL +cifs_readdata_alloc_26360 cifs_readdata_alloc 1 26360 NULL +ath6kl_usb_submit_ctrl_out_9978 ath6kl_usb_submit_ctrl_out 6 9978 NULL +dup_to_netobj_26363 dup_to_netobj 3 26363 NULL @@ -85838,52 +94088,51 @@ index 0000000..909d902 +fcoe_ctlr_device_add_1793 fcoe_ctlr_device_add 3 1793 NULL +alloc_ieee80211_rsl_34564 alloc_ieee80211_rsl 1 34564 NULL +mld_newpack_50950 mld_newpack 2 50950 NULL -+iscsi_pool_init_54913 iscsi_pool_init 2-4 54913 NULL +framebuffer_alloc_59145 framebuffer_alloc 1 59145 NULL +i915_ring_stop_write_59010 i915_ring_stop_write 3 59010 NULL +radeon_compat_ioctl_59150 radeon_compat_ioctl 2 59150 NULL +cfpkt_create_18197 cfpkt_create 1 18197 NULL +velocity_rx_copy_34583 velocity_rx_copy 2 34583 NULL -+error_error_frame_read_39947 error_error_frame_read 3 39947 NULL nohasharray -+fwnet_pd_new_39947 fwnet_pd_new 4 39947 &error_error_frame_read_39947 +x25_recvmsg_42777 x25_recvmsg 4 42777 NULL +init_send_hfcd_34586 init_send_hfcd 1 34586 NULL -+proc_pid_readlink_52186 proc_pid_readlink 3 52186 NULL ++tty_insert_flip_string_fixed_flag_37428 tty_insert_flip_string_fixed_flag 4 37428 NULL ++xfrm_dst_alloc_copy_3034 xfrm_dst_alloc_copy 3 3034 NULL +orinoco_add_extscan_result_18207 orinoco_add_extscan_result 3 18207 NULL +gsm_control_message_18209 gsm_control_message 4 18209 NULL +do_ipv6_setsockopt_18215 do_ipv6_setsockopt 5 18215 NULL -+koneplus_sysfs_read_42792 koneplus_sysfs_read 6 42792 NULL -+setup_window_59178 setup_window 2-7-5-4 59178 NULL ++handle_request_10024 handle_request 9 10024 NULL ++__tty_alloc_driver_53799 __tty_alloc_driver 1 53799 NULL ++setup_window_59178 setup_window 4-2-5-7 59178 NULL +timeout_write_50991 timeout_write 3 50991 NULL +batadv_orig_hash_add_if_10033 batadv_orig_hash_add_if 2 10033 NULL +fw_device_op_compat_ioctl_42804 fw_device_op_compat_ioctl 2 42804 NULL -+RESIZE_IF_NEEDED_56286 RESIZE_IF_NEEDED 2 56286 NULL ++ip_vs_create_timeout_table_64478 ip_vs_create_timeout_table 2 64478 NULL +proc_write_51003 proc_write 3 51003 NULL +drm_ioctl_42813 drm_ioctl 2 42813 NULL +gnttab_alloc_grant_references_18240 gnttab_alloc_grant_references 1 18240 NULL +iwl_dbgfs_ucode_bt_stats_read_42820 iwl_dbgfs_ucode_bt_stats_read 3 42820 NULL +set_arg_42824 set_arg 3 42824 NULL +xfs_iext_realloc_indirect_59211 xfs_iext_realloc_indirect 2 59211 NULL -+brcmf_alloc_wdev_60347 brcmf_alloc_wdev 1 60347 NULL -+rfcomm_sock_setsockopt_18254 rfcomm_sock_setsockopt 5 18254 NULL ++fast_rx_path_59214 fast_rx_path 3 59214 NULL +lbs_dev_info_51023 lbs_dev_info 3 51023 NULL +cnic_alloc_dma_34641 cnic_alloc_dma 3 34641 NULL ++audit_log_n_string_31705 audit_log_n_string 3 31705 NULL +fuse_conn_congestion_threshold_read_51028 fuse_conn_congestion_threshold_read 3 51028 NULL -+usbtest_alloc_urb_34446 usbtest_alloc_urb 3-5 34446 NULL ++pstore_mkfile_50830 pstore_mkfile 5 50830 NULL +qdisc_class_hash_alloc_18262 qdisc_class_hash_alloc 1 18262 NULL +hidp_queue_report_1881 hidp_queue_report 3 1881 NULL +dt3155_read_59226 dt3155_read 3 59226 NULL +xfs_buf_read_uncached_42844 xfs_buf_read_uncached 3 42844 NULL -+dev_config_8506 dev_config 3 8506 NULL ++ieee80211_set_probe_resp_10077 ieee80211_set_probe_resp 3 10077 NULL +dump_midi_51040 dump_midi 3 51040 NULL +srpt_alloc_ioctx_51042 srpt_alloc_ioctx 2-3 51042 NULL +gfs2_alloc_sort_buffer_18275 gfs2_alloc_sort_buffer 1 18275 NULL -+skb_copy_datagram_const_iovec_48102 skb_copy_datagram_const_iovec 2-5-4 48102 NULL ++nf_nat_mangle_udp_packet_34661 nf_nat_mangle_udp_packet 8-6 34661 NULL +alloc_ring_18278 alloc_ring 2-4 18278 NULL +tty_prepare_flip_string_flags_59240 tty_prepare_flip_string_flags 4 59240 NULL -+cxacru_cm_get_array_4412 cxacru_cm_get_array 4 4412 NULL -+nfs_parse_server_name_1899 nfs_parse_server_name 2 1899 NULL -+do_arpt_set_ctl_51053 do_arpt_set_ctl 4 51053 NULL ++nouveau_subdev_create__18281 nouveau_subdev_create_ 7 18281 NULL ++ext4_readpages_18283 ext4_readpages 4 18283 NULL ++mmc_send_bus_test_18285 mmc_send_bus_test 4 18285 NULL +em28xx_v4l2_read_16701 em28xx_v4l2_read 3 16701 NULL +configfs_read_file_1683 configfs_read_file 3 1683 NULL +ulong_write_file_26485 ulong_write_file 3 26485 NULL @@ -85898,16 +94147,17 @@ index 0000000..909d902 +garp_attr_create_3883 garp_attr_create 3 3883 NULL +tipc_port_recv_sections_42890 tipc_port_recv_sections 4 42890 NULL +vfio_pci_set_msi_trigger_26507 vfio_pci_set_msi_trigger 3-4 26507 NULL -+alloc_skb_55439 alloc_skb 1 55439 NULL +xpc_kmalloc_cacheline_aligned_42895 xpc_kmalloc_cacheline_aligned 1 42895 NULL +jbd2_journal_init_revoke_51088 jbd2_journal_init_revoke 2 51088 NULL +ecryptfs_send_message_18322 ecryptfs_send_message 2 18322 NULL +cyttsp_probe_1940 cyttsp_probe 4 1940 NULL +SendTxCommandPacket_42901 SendTxCommandPacket 3 42901 NULL +btmrvl_hscfgcmd_read_56303 btmrvl_hscfgcmd_read 3 56303 NULL -+ima_show_measurements_count_23536 ima_show_measurements_count 3 23536 NULL ++W6692_empty_Bfifo_47804 W6692_empty_Bfifo 2 47804 NULL ++ath6kl_wmi_send_probe_response_cmd_31728 ath6kl_wmi_send_probe_response_cmd 6 31728 NULL +ieee80211_if_read_num_sta_ps_34722 ieee80211_if_read_num_sta_ps 3 34722 NULL -+alloc_ring_15345 alloc_ring 2-4 15345 NULL ++exofs_read_kern_39921 exofs_read_kern 6 39921 NULL nohasharray ++oom_score_adj_read_39921 oom_score_adj_read 3 39921 &exofs_read_kern_39921 +btrfs_insert_dir_item_59304 btrfs_insert_dir_item 4 59304 NULL +aes_decrypt_packets_read_10155 aes_decrypt_packets_read 3 10155 NULL +rds_message_inc_copy_to_user_26540 rds_message_inc_copy_to_user 3 26540 NULL @@ -85924,7 +94174,9 @@ index 0000000..909d902 +proc_pid_attr_read_10173 proc_pid_attr_read 3 10173 NULL +read_9287_modal_eeprom_59327 read_9287_modal_eeprom 3 59327 NULL +sel_read_avc_hash_stats_1984 sel_read_avc_hash_stats 3 1984 NULL ++diva_alloc_dma_map_23798 diva_alloc_dma_map 2 23798 NULL +solos_param_store_34755 solos_param_store 4 34755 NULL ++simple_xattr_set_51140 simple_xattr_set 4 51140 NULL +jffs2_user_setxattr_10182 jffs2_user_setxattr 4 10182 NULL +__alloc_bootmem_node_1992 __alloc_bootmem_node 2 1992 NULL +rx_defrag_in_process_called_read_59338 rx_defrag_in_process_called_read 3 59338 NULL @@ -85934,27 +94186,28 @@ index 0000000..909d902 +rts51x_read_mem_26577 rts51x_read_mem 4 26577 NULL nohasharray +batadv_receive_server_sync_packet_26577 batadv_receive_server_sync_packet 3 26577 &rts51x_read_mem_26577 +xfs_attrmulti_attr_set_59346 xfs_attrmulti_attr_set 4 59346 NULL -+set_registers_53582 set_registers 3 53582 NULL ++vcc_recvmsg_37198 vcc_recvmsg 4 37198 NULL +batadv_tt_commit_changes_2008 batadv_tt_commit_changes 4 2008 NULL +sep_prepare_input_dma_table_2009 sep_prepare_input_dma_table 2-3 2009 NULL +qib_cdev_init_34778 qib_cdev_init 1 34778 NULL -+read_flush_procfs_27642 read_flush_procfs 3 27642 NULL ++ubifs_write_node_11258 ubifs_write_node 5-3 11258 NULL +reada_tree_block_flagged_18402 reada_tree_block_flagged 3 18402 NULL -+add_new_gdb_27643 add_new_gdb 3 27643 NULL ++iscsi_if_send_reply_52219 iscsi_if_send_reply 7 52219 NULL +write_flush_pipefs_2021 write_flush_pipefs 3 2021 NULL +__copy_in_user_34790 __copy_in_user 3 34790 NULL +crystalhd_user_data_18407 crystalhd_user_data 3 18407 NULL -+nfs_idmap_get_desc_42990 nfs_idmap_get_desc 2-4 42990 NULL ++nfs_idmap_get_desc_42990 nfs_idmap_get_desc 4-2 42990 NULL +mwifiex_regrdwr_read_34472 mwifiex_regrdwr_read 3 34472 NULL +BcmCopySection_2035 BcmCopySection 5 2035 NULL +devm_ioremap_nocache_2036 devm_ioremap_nocache 2-3 2036 NULL -+line6_dumpreq_init_34473 line6_dumpreq_init 3 34473 NULL ++carl9170_debugfs_write_50857 carl9170_debugfs_write 3 50857 NULL +hdlc_rpr_irq_10240 hdlc_rpr_irq 2 10240 NULL +batadv_orig_node_add_if_18433 batadv_orig_node_add_if 2 18433 NULL +ath6kl_fwlog_mask_read_2050 ath6kl_fwlog_mask_read 3 2050 NULL +pwr_fix_tsf_ps_read_26627 pwr_fix_tsf_ps_read 3 26627 NULL +nfc_alloc_recv_skb_10244 nfc_alloc_recv_skb 1 10244 NULL +pm8001_store_update_fw_55716 pm8001_store_update_fw 4 55716 NULL ++mangle_sdp_packet_30381 mangle_sdp_packet 10 30381 NULL +isr_rx_mem_overflow_read_43025 isr_rx_mem_overflow_read 3 43025 NULL +cciss_proc_write_10259 cciss_proc_write 3 10259 NULL +hest_ghes_dev_register_46766 hest_ghes_dev_register 1 46766 NULL @@ -85964,7 +94217,7 @@ index 0000000..909d902 +irq_alloc_generic_chip_26650 irq_alloc_generic_chip 2 26650 NULL +regset_tls_set_18459 regset_tls_set 4 18459 NULL +nf_ct_ext_create_51232 nf_ct_ext_create 3 51232 NULL -+iwl_dbgfs_current_sleep_command_read_2081 iwl_dbgfs_current_sleep_command_read 3 2081 NULL ++receive_DataRequest_9904 receive_DataRequest 3 9904 NULL +acpi_system_write_wakeup_device_34853 acpi_system_write_wakeup_device 3 34853 NULL +tipc_send_51238 tipc_send 4 51238 NULL +drm_property_create_51239 drm_property_create 4 51239 NULL @@ -85975,11 +94228,11 @@ index 0000000..909d902 +st_read_51251 st_read 3 51251 NULL +fs_path_ensure_buf_59445 fs_path_ensure_buf 2 59445 NULL +udpv6_setsockopt_18487 udpv6_setsockopt 5 18487 NULL -+restore_i387_fxsave_17528 restore_i387_fxsave 2 17528 NULL +iwl_dbgfs_log_event_read_2107 iwl_dbgfs_log_event_read 3 2107 NULL +ecryptfs_encrypt_and_encode_filename_2109 ecryptfs_encrypt_and_encode_filename 6 2109 NULL +compat_dccp_setsockopt_51263 compat_dccp_setsockopt 5 51263 NULL -+rtsx_read_cfg_seq_48139 rtsx_read_cfg_seq 3-5 48139 NULL ++nouveau_gpuobj_create__43072 nouveau_gpuobj_create_ 9 43072 NULL ++rtsx_read_cfg_seq_48139 rtsx_read_cfg_seq 5-3 48139 NULL +__find_xattr_2117 __find_xattr 6 2117 NULL nohasharray +enable_read_2117 enable_read 3 2117 &__find_xattr_2117 +dvb_audio_write_51275 dvb_audio_write 3 51275 NULL @@ -85987,40 +94240,40 @@ index 0000000..909d902 +ipwireless_network_packet_received_51277 ipwireless_network_packet_received 4 51277 NULL +ieee80211_if_write_34894 ieee80211_if_write 3 34894 NULL +c4_add_card_54968 c4_add_card 3 54968 NULL -+pkt_add_39897 pkt_add 3 39897 NULL +rtllib_authentication_req_26713 rtllib_authentication_req 3 26713 NULL +snd_gus_dram_poke_18525 snd_gus_dram_poke 4 18525 NULL +check_load_and_stores_2143 check_load_and_stores 2 2143 NULL +fd_do_readv_51297 fd_do_readv 3 51297 NULL -+__btrfs_direct_write_22273 __btrfs_direct_write 4 22273 NULL -+mlx4_init_icm_table_2151 mlx4_init_icm_table 4-5 2151 NULL ++nouveau_fifo_channel_create__18530 nouveau_fifo_channel_create_ 5-6-9 18530 NULL ++nfc_hci_send_cmd_async_26723 nfc_hci_send_cmd_async 5 26723 NULL ++mlx4_init_icm_table_2151 mlx4_init_icm_table 5-4 2151 NULL +bnad_debugfs_read_regrd_51308 bnad_debugfs_read_regrd 3 51308 NULL +ufx_alloc_urb_list_10349 ufx_alloc_urb_list 3 10349 NULL +ib_copy_from_udata_59502 ib_copy_from_udata 3 59502 NULL +seq_copy_in_user_18543 seq_copy_in_user 3 18543 NULL ++sctp_setsockopt_connectx_6073 sctp_setsockopt_connectx 3 6073 NULL +ath6kl_listen_int_read_10355 ath6kl_listen_int_read 3 10355 NULL -+_ore_get_io_state_2166 _ore_get_io_state 3-5-4 2166 NULL ++_ore_get_io_state_2166 _ore_get_io_state 3-4-5 2166 NULL +nr_recvmsg_12649 nr_recvmsg 4 12649 NULL +alloc_hippi_dev_51320 alloc_hippi_dev 1 51320 NULL +pipeline_tcp_rx_stat_fifo_int_read_26745 pipeline_tcp_rx_stat_fifo_int_read 3 26745 NULL -+ms_write_multiple_pages_10362 ms_write_multiple_pages 5-6 10362 NULL ++ms_write_multiple_pages_10362 ms_write_multiple_pages 6-5 10362 NULL +sas_change_queue_depth_18555 sas_change_queue_depth 2 18555 NULL -+i2400m_rx_stats_read_57706 i2400m_rx_stats_read 3 57706 NULL ++fb_sys_write_33130 fb_sys_write 3 33130 NULL +sta_ht_capa_read_10366 sta_ht_capa_read 3 10366 NULL -+refill_pool_19477 refill_pool 2 19477 NULL ++set_bypass_pwoff_pfs_27669 set_bypass_pwoff_pfs 3 27669 NULL +smk_write_rules_list_18565 smk_write_rules_list 3 18565 NULL +srp_ring_alloc_26760 srp_ring_alloc 2 26760 NULL +read_file_dfs_43145 read_file_dfs 3 43145 NULL +ecryptfs_decode_and_decrypt_filename_10379 ecryptfs_decode_and_decrypt_filename 5 10379 NULL -+__proc_file_read_54978 __proc_file_read 3 54978 NULL ++ntfs_malloc_nofs_nofail_63631 ntfs_malloc_nofs_nofail 1 63631 NULL ++cosa_net_setup_rx_38594 cosa_net_setup_rx 2 38594 NULL +skb_gro_header_slow_34958 skb_gro_header_slow 2 34958 NULL +debug_output_18575 debug_output 3 18575 NULL -+btrfs_map_block_64379 btrfs_map_block 3 64379 NULL +Realloc_34961 Realloc 2 34961 NULL -+journal_init_revoke_56933 journal_init_revoke 2 56933 NULL +il_dbgfs_power_save_status_read_43165 il_dbgfs_power_save_status_read 3 43165 NULL +do_compat_pselect_10398 do_compat_pselect 1 10398 NULL -+rx_path_reset_read_23801 rx_path_reset_read 3 23801 NULL ++_rtl92s_firmware_downloadcode_14021 _rtl92s_firmware_downloadcode 3 14021 NULL +__netdev_alloc_skb_18595 __netdev_alloc_skb 2 18595 NULL +slabinfo_write_18600 slabinfo_write 3 18600 NULL +ssb_bus_ssbbus_register_2217 ssb_bus_ssbbus_register 2 2217 NULL @@ -86030,9 +94283,9 @@ index 0000000..909d902 +ath6kl_set_assoc_req_ies_43185 ath6kl_set_assoc_req_ies 3 43185 NULL +acpi_os_ioremap_49523 acpi_os_ioremap 1-2 49523 NULL +rb_alloc_3102 rb_alloc 1 3102 NULL -+arcmsr_adjust_disk_queue_depth_16756 arcmsr_adjust_disk_queue_depth 2 16756 NULL ++uf_create_device_nodes_24948 uf_create_device_nodes 2 24948 NULL +rx_rx_hdr_overflow_read_35002 rx_rx_hdr_overflow_read 3 35002 NULL -+l2cap_skbuff_fromiovec_35003 l2cap_skbuff_fromiovec 3-4 35003 NULL ++l2cap_skbuff_fromiovec_35003 l2cap_skbuff_fromiovec 4-3 35003 NULL +write_pbl_59583 write_pbl 4 59583 NULL +from_buffer_18625 from_buffer 3 18625 NULL +uio_write_43202 uio_write 3 43202 NULL @@ -86042,7 +94295,6 @@ index 0000000..909d902 +ieee80211_if_read_dot11MeshHWMPRannInterval_2249 ieee80211_if_read_dot11MeshHWMPRannInterval 3 2249 NULL +smk_write_load_26829 smk_write_load 3 26829 NULL +sel_write_avc_cache_threshold_2256 sel_write_avc_cache_threshold 3 2256 NULL -+cmtp_send_interopmsg_376 cmtp_send_interopmsg 7 376 NULL +do_update_counters_2259 do_update_counters 4 2259 NULL +coda_psdev_read_35029 coda_psdev_read 3 35029 NULL +cache_slow_downcall_8570 cache_slow_downcall 2 8570 NULL @@ -86063,6 +94315,7 @@ index 0000000..909d902 +twl_change_queue_depth_41342 twl_change_queue_depth 2 41342 NULL +fixup_leb_43256 fixup_leb 3 43256 NULL +dvb_usercopy_14036 dvb_usercopy 2 14036 NULL ++ubifs_recover_log_leb_12079 ubifs_recover_log_leb 3 12079 NULL +ubifs_setxattr_59650 ubifs_setxattr 4 59650 NULL nohasharray +hidraw_read_59650 hidraw_read 3 59650 &ubifs_setxattr_59650 +kvm_clear_guest_page_2308 kvm_clear_guest_page 4 2308 NULL @@ -86078,14 +94331,14 @@ index 0000000..909d902 +iwl_dbgfs_rx_handlers_read_18708 iwl_dbgfs_rx_handlers_read 3 18708 NULL +rds_message_alloc_10517 rds_message_alloc 1 10517 NULL +ceph_alloc_page_vector_18710 ceph_alloc_page_vector 1 18710 NULL -+tower_write_8580 tower_write 3 8580 NULL ++blk_rq_map_user_iov_16772 blk_rq_map_user_iov 5 16772 NULL +get_vm_area_caller_10527 get_vm_area_caller 1 10527 NULL +capi_write_35104 capi_write 3 35104 NULL nohasharray +tx_tx_done_template_read_35104 tx_tx_done_template_read 3 35104 &capi_write_35104 -+_xfs_buf_get_pages_46811 _xfs_buf_get_pages 2 46811 NULL ++mpage_alloc_43299 mpage_alloc 3 43299 NULL +sys_semtimedop_4486 sys_semtimedop 3 4486 NULL +ide_settings_proc_write_35110 ide_settings_proc_write 3 35110 NULL -+read_file_misc_9948 read_file_misc 3 9948 NULL ++osd_req_write_sg_50908 osd_req_write_sg 5 50908 NULL +x25_asy_change_mtu_26928 x25_asy_change_mtu 2 26928 NULL +zr364xx_read_2354 zr364xx_read 3 2354 NULL +mic_calc_failure_read_59700 mic_calc_failure_read 3 59700 NULL @@ -86103,21 +94356,25 @@ index 0000000..909d902 +il_dbgfs_sensitivity_read_2370 il_dbgfs_sensitivity_read 3 2370 NULL +ieee80211_if_write_uapsd_queues_51526 ieee80211_if_write_uapsd_queues 3 51526 NULL +do_trimming_26952 do_trimming 3 26952 NULL -+udp_sendmsg_4492 udp_sendmsg 4 4492 NULL ++ath6kl_wmi_set_ie_cmd_37260 ath6kl_wmi_set_ie_cmd 6 37260 NULL +read_file_dump_nfcal_18766 read_file_dump_nfcal 3 18766 NULL +prism2_info_scanresults_59729 prism2_info_scanresults 3 59729 NULL -+ffs_epfile_read_18775 ffs_epfile_read 3 18775 NULL ++iscsi_conn_setup_35159 iscsi_conn_setup 2 35159 NULL +alloc_buf_34532 alloc_buf 1 34532 NULL -+alloc_fcdev_18780 alloc_fcdev 1 18780 NULL ++sock_rmalloc_59740 sock_rmalloc 2 59740 NULL nohasharray ++ieee80211_if_read_fwded_unicast_59740 ieee80211_if_read_fwded_unicast 3 59740 &sock_rmalloc_59740 +__alloc_eip_netdev_51549 __alloc_eip_netdev 1 51549 NULL +icn_writecmd_38629 icn_writecmd 2 38629 NULL -+otp_read_10594 otp_read 2-5-4 10594 NULL ++otp_read_10594 otp_read 2-4-5 10594 NULL +rxpipe_rx_prep_beacon_drop_read_2403 rxpipe_rx_prep_beacon_drop_read 3 2403 NULL ++sctp_manip_pkt_59749 sctp_manip_pkt 4 59749 NULL ++icmp_manip_pkt_51560 icmp_manip_pkt 4 51560 NULL ++brcmf_sdbrcm_read_control_22721 brcmf_sdbrcm_read_control 3 22721 NULL +supply_map_read_file_10608 supply_map_read_file 3 10608 NULL +isdn_v110_open_2418 isdn_v110_open 3 2418 NULL +roccat_common2_send_2422 roccat_common2_send 4 2422 NULL +ieee80211_auth_challenge_18810 ieee80211_auth_challenge 3 18810 NULL -+hfcpci_empty_fifo_2427 hfcpci_empty_fifo 4 2427 NULL ++ima_show_htable_violations_10619 ima_show_htable_violations 3 10619 NULL +cxgb3_get_cpl_reply_skb_10620 cxgb3_get_cpl_reply_skb 2 10620 NULL +xfs_iroot_realloc_46826 xfs_iroot_realloc 2 46826 NULL +venus_remove_59781 venus_remove 4 59781 NULL @@ -86129,7 +94386,7 @@ index 0000000..909d902 +aac_convert_sgraw2_51598 aac_convert_sgraw2 4 51598 NULL +rfcomm_tty_write_51603 rfcomm_tty_write 3 51603 NULL +xenfb_write_43412 xenfb_write 3 43412 NULL -+cosa_write_1774 cosa_write 3 1774 NULL ++chd_dec_fetch_cdata_50926 chd_dec_fetch_cdata 3 50926 NULL +nfs4_alloc_slots_2454 nfs4_alloc_slots 1 2454 NULL nohasharray +ath6kl_usb_bmi_write_2454 ath6kl_usb_bmi_write 3 2454 &nfs4_alloc_slots_2454 +rx_rx_cmplt_task_read_35226 rx_rx_cmplt_task_read 3 35226 NULL @@ -86137,7 +94394,8 @@ index 0000000..909d902 +__alloc_bootmem_low_43423 __alloc_bootmem_low 1 43423 NULL nohasharray +gdm_wimax_netif_rx_43423 gdm_wimax_netif_rx 3 43423 &__alloc_bootmem_low_43423 +rtllib_wx_set_gen_ie_59808 rtllib_wx_set_gen_ie 3 59808 NULL -+sisusb_send_packet_20891 sisusb_send_packet 2 20891 NULL ++error_error_null_Frame_tx_start_read_55024 error_error_null_Frame_tx_start_read 3 55024 NULL ++udp_manip_pkt_45467 udp_manip_pkt 4 45467 NULL +nfs_idmap_lookup_id_10660 nfs_idmap_lookup_id 2 10660 NULL +xlog_recover_add_to_cont_trans_44102 xlog_recover_add_to_cont_trans 4 44102 NULL +ni65_alloc_mem_10664 ni65_alloc_mem 3 10664 NULL @@ -86149,25 +94407,25 @@ index 0000000..909d902 +ath6kl_wmi_roam_tbl_event_rx_43440 ath6kl_wmi_roam_tbl_event_rx 3 43440 NULL +set_fd_set_35249 set_fd_set 1 35249 NULL +wiphy_new_2482 wiphy_new 2 2482 NULL ++bio_alloc_bioset_2484 bio_alloc_bioset 2 2484 NULL +ieee80211_if_read_dot11MeshHWMPmaxPREQretries_59829 ieee80211_if_read_dot11MeshHWMPmaxPREQretries 3 59829 NULL +__videobuf_alloc_vb_27062 __videobuf_alloc_vb 1 27062 NULL +ioapic_setup_resources_35255 ioapic_setup_resources 1 35255 NULL +tcp_push_10680 tcp_push 3 10680 NULL +sctp_auth_create_key_51641 sctp_auth_create_key 1 51641 NULL -+key_icverrors_read_20895 key_icverrors_read 3 20895 NULL ++c101_run_37279 c101_run 2 37279 NULL +iscsi_create_session_51647 iscsi_create_session 3 51647 NULL +dma_show_regs_35266 dma_show_regs 3 35266 NULL +tun_put_user_59849 tun_put_user 4 59849 NULL +squashfs_read_fragment_index_table_2506 squashfs_read_fragment_index_table 4 2506 NULL +alloc_fdmem_27083 alloc_fdmem 1 27083 NULL +irda_recvmsg_stream_35280 irda_recvmsg_stream 4 35280 NULL -+get_new_cssid_51665 get_new_cssid 2 51665 NULL ++dm_write_2513 dm_write 3 2513 NULL +v9fs_cached_file_read_2514 v9fs_cached_file_read 3 2514 NULL +isr_rx_rdys_read_35283 isr_rx_rdys_read 3 35283 NULL +selinux_inode_setxattr_10708 selinux_inode_setxattr 4 10708 NULL +ps_upsd_utilization_read_51669 ps_upsd_utilization_read 3 51669 NULL +ntfs_malloc_nofs_49572 ntfs_malloc_nofs 1 49572 NULL -+brcmf_sdio_dump_console_37455 brcmf_sdio_dump_console 4 37455 NULL +nfc_llcp_send_i_frame_59130 nfc_llcp_send_i_frame 3 59130 NULL +pvr2_ioread_read_10720 pvr2_ioread_read 3 10720 NULL nohasharray +shash_async_setkey_10720 shash_async_setkey 3 10720 &pvr2_ioread_read_10720 @@ -86177,6 +94435,7 @@ index 0000000..909d902 +sfi_sysfs_install_table_51688 sfi_sysfs_install_table 1 51688 NULL +tx_tx_data_prepared_read_43497 tx_tx_data_prepared_read 3 43497 NULL +pvr2_ioread_set_sync_key_59882 pvr2_ioread_set_sync_key 3 59882 NULL ++__btrfs_direct_write_22273 __btrfs_direct_write 4 22273 NULL +l2cap_sock_recvmsg_59886 l2cap_sock_recvmsg 4 59886 NULL +brcmf_sdio_forensic_read_35311 brcmf_sdio_forensic_read 3 35311 NULL nohasharray +__btrfs_buffered_write_35311 __btrfs_buffered_write 3 35311 &brcmf_sdio_forensic_read_35311 @@ -86189,17 +94448,18 @@ index 0000000..909d902 +alloc_one_pg_vec_page_10747 alloc_one_pg_vec_page 1 10747 NULL +new_bind_ctl_35324 new_bind_ctl 2 35324 NULL +do_readlink_43518 do_readlink 2 43518 NULL ++tty_cdev_add_51714 tty_cdev_add 2-4 51714 NULL +gem_alloc_skb_51715 gem_alloc_skb 2 51715 NULL +fallback_on_nodma_alloc_35332 fallback_on_nodma_alloc 2 35332 NULL -+i915_max_freq_write_11350 i915_max_freq_write 3 11350 NULL ++read_file_reset_52310 read_file_reset 3 52310 NULL ++pms_capture_27142 pms_capture 4 27142 NULL +btmrvl_hscfgcmd_write_27143 btmrvl_hscfgcmd_write 3 27143 NULL +vhost_add_used_n_10760 vhost_add_used_n 3 10760 NULL +gspca_dev_probe_2570 gspca_dev_probe 4 2570 NULL +sg_read_oxfer_51724 sg_read_oxfer 3 51724 NULL -+kvm_read_guest_atomic_10765 kvm_read_guest_atomic 4 10765 NULL ++msg_set_51725 msg_set 3 51725 NULL +cachefiles_daemon_write_43535 cachefiles_daemon_write 3 43535 NULL +tx_frag_failed_read_43540 tx_frag_failed_read 3 43540 NULL -+__finish_unordered_dir_33198 __finish_unordered_dir 4 33198 NULL +hpi_alloc_control_cache_35351 hpi_alloc_control_cache 1 35351 NULL +hid_parse_report_51737 hid_parse_report 3 51737 NULL +compat_filldir64_35354 compat_filldir64 3 35354 NULL @@ -86213,31 +94473,30 @@ index 0000000..909d902 +sys_bind_10799 sys_bind 3 10799 NULL +_fc_frame_alloc_43568 _fc_frame_alloc 1 43568 NULL +nfcwilink_send_bts_cmd_10802 nfcwilink_send_bts_cmd 3 10802 NULL -+il_dbgfs_missed_beacon_read_59956 il_dbgfs_missed_beacon_read 3 59956 NULL ++ioremap_prot_51764 ioremap_prot 1-2 51764 NULL +rpc_malloc_43573 rpc_malloc 2 43573 NULL -+dataflash_read_fact_otp_33204 dataflash_read_fact_otp 3-2 33204 NULL ++dataflash_read_fact_otp_33204 dataflash_read_fact_otp 2-3 33204 NULL +smk_write_logging_2618 smk_write_logging 3 2618 NULL -+nfc_alloc_send_skb_3167 nfc_alloc_send_skb 4 3167 NULL -+__vxge_hw_channel_allocate_55462 __vxge_hw_channel_allocate 3 55462 NULL -+batadv_skb_head_push_11360 batadv_skb_head_push 2 11360 NULL ++rx_defrag_init_called_read_35935 rx_defrag_init_called_read 3 35935 NULL +drm_vblank_init_11362 drm_vblank_init 2 11362 NULL +send_command_10832 send_command 4 10832 NULL +lro_gen_skb_2644 lro_gen_skb 6 2644 NULL +osd_req_read_kern_59990 osd_req_read_kern 5 59990 NULL +lbs_sleepparams_read_10840 lbs_sleepparams_read 3 10840 NULL -+__i2400mu_send_barker_23652 __i2400mu_send_barker 3 23652 NULL ++pppol2tp_sendmsg_56420 pppol2tp_sendmsg 4 56420 NULL +proc_read_43614 proc_read 3 43614 NULL +rawv6_send_hdrinc_35425 rawv6_send_hdrinc 3 35425 NULL -+revalidate_19043 revalidate 2 19043 NULL ++rxrpc_request_key_27235 rxrpc_request_key 3 27235 NULL +drm_fb_helper_init_19044 drm_fb_helper_init 3-4 19044 NULL +fuse_conn_max_background_read_10855 fuse_conn_max_background_read 3 10855 NULL +xlbd_reserve_minors_18365 xlbd_reserve_minors 1-2 18365 NULL +rawsock_sendmsg_60010 rawsock_sendmsg 4 60010 NULL +mthca_init_cq_60011 mthca_init_cq 2 60011 NULL ++rx_rx_tkip_replays_read_60193 rx_rx_tkip_replays_read 3 60193 NULL +buffer_to_user_35439 buffer_to_user 3 35439 NULL ++lpfc_idiag_drbacc_read_15948 lpfc_idiag_drbacc_read 3 15948 NULL +vmalloc_15464 vmalloc 1 15464 NULL -+batadv_check_unicast_packet_10866 batadv_check_unicast_packet 2 10866 NULL -+do_kimage_alloc_64827 do_kimage_alloc 3 64827 NULL ++buffer_from_user_51826 buffer_from_user 3 51826 NULL +snd_pcm_oss_write1_10872 snd_pcm_oss_write1 3 10872 NULL +ieee80211_key_alloc_19065 ieee80211_key_alloc 3 19065 NULL +osd_req_list_dev_partitions_60027 osd_req_list_dev_partitions 4 60027 NULL @@ -86248,7 +94507,7 @@ index 0000000..909d902 +do_ip6t_set_ctl_60040 do_ip6t_set_ctl 4 60040 NULL +do_readv_writev_51849 do_readv_writev 4 51849 NULL +adu_write_30487 adu_write 3 30487 NULL -+test_unaligned_bulk_52333 test_unaligned_bulk 3 52333 NULL ++ieee80211_if_read_tkip_mic_test_19565 ieee80211_if_read_tkip_mic_test 3 19565 NULL +get_scq_10897 get_scq 2 10897 NULL +sys_process_vm_readv_19090 sys_process_vm_readv 3-5 19090 NULL nohasharray +brcmf_usbdev_qinit_19090 brcmf_usbdev_qinit 2 19090 &sys_process_vm_readv_19090 @@ -86256,30 +94515,34 @@ index 0000000..909d902 +cgroup_write_string_10900 cgroup_write_string 5 10900 NULL +pointer_size_read_51863 pointer_size_read 3 51863 NULL +load_module_60056 load_module 2 60056 NULL nohasharray -+gru_alloc_gts_60056 gru_alloc_gts 2-3 60056 &load_module_60056 -+videobuf_vmalloc_to_sg_4548 videobuf_vmalloc_to_sg 2 4548 NULL ++gru_alloc_gts_60056 gru_alloc_gts 3-2 60056 &load_module_60056 ++__videobuf_alloc_cached_12740 __videobuf_alloc_cached 1 12740 NULL +get_indirect_ea_51869 get_indirect_ea 4 51869 NULL +dmam_declare_coherent_memory_43679 dmam_declare_coherent_memory 4-2 43679 NULL -+nfsd_read_19568 nfsd_read 5 19568 NULL ++ieee80211_build_probe_req_60064 ieee80211_build_probe_req 8-6 60064 NULL ++compat_do_ip6t_set_ctl_3184 compat_do_ip6t_set_ctl 4 3184 NULL +sta_last_seq_ctrl_read_19106 sta_last_seq_ctrl_read 3 19106 NULL -+iscsit_dump_data_payload_38683 iscsit_dump_data_payload 2 38683 NULL ++__netdev_alloc_skb_ip_align_55067 __netdev_alloc_skb_ip_align 2 55067 NULL ++read_file_regidx_33370 read_file_regidx 3 33370 NULL +cifs_readv_from_socket_19109 cifs_readv_from_socket 3 19109 NULL +__copy_from_user_10918 __copy_from_user 3 10918 NULL +user_read_51881 user_read 3 51881 NULL -+copy_from_buf_27308 copy_from_buf 2-4 27308 NULL -+__xip_file_write_2733 __xip_file_write 3-4 2733 NULL ++copy_from_buf_27308 copy_from_buf 4-2 27308 NULL ++__xip_file_write_2733 __xip_file_write 4-3 2733 NULL +cryptd_hash_setkey_42781 cryptd_hash_setkey 3 42781 NULL +ath6kl_wmi_test_cmd_27312 ath6kl_wmi_test_cmd 3 27312 NULL ++max77693_bulk_write_43698 max77693_bulk_write 3 43698 NULL +rxrpc_kernel_send_data_60083 rxrpc_kernel_send_data 3 60083 NULL +hidp_send_ctrl_message_43702 hidp_send_ctrl_message 4 43702 NULL +async_setkey_35521 async_setkey 3 35521 NULL +set_dev_class_39645 set_dev_class 4 39645 NULL nohasharray +dm_exception_table_init_39645 dm_exception_table_init 2 39645 &set_dev_class_39645 -+send_msg_37323 send_msg 4 37323 NULL ++cxgb4_pktgl_to_skb_61899 cxgb4_pktgl_to_skb 2 61899 NULL +alloc_irdadev_19140 alloc_irdadev 1 19140 NULL +iio_read_first_n_sw_rb_51911 iio_read_first_n_sw_rb 2 51911 NULL +hid_report_raw_event_2762 hid_report_raw_event 4 2762 NULL -+l2cap_create_iframe_pdu_40055 l2cap_create_iframe_pdu 3 40055 NULL ++add_tty_40055 add_tty 1 40055 NULL nohasharray ++l2cap_create_iframe_pdu_40055 l2cap_create_iframe_pdu 3 40055 &add_tty_40055 +iwl_dbgfs_bt_traffic_read_35534 iwl_dbgfs_bt_traffic_read 3 35534 NULL +rxpipe_tx_xfr_host_int_trig_rx_data_read_35538 rxpipe_tx_xfr_host_int_trig_rx_data_read 3 35538 NULL +mon_bin_ioctl_2771 mon_bin_ioctl 3 2771 NULL @@ -86296,9 +94559,10 @@ index 0000000..909d902 +gigaset_initcs_43753 gigaset_initcs 2 43753 NULL +sctp_setsockopt_active_key_43755 sctp_setsockopt_active_key 3 43755 NULL +scsi_get_vpd_page_51951 scsi_get_vpd_page 4 51951 NULL -+handle_request_10024 handle_request 9 10024 NULL ++koneplus_sysfs_read_42792 koneplus_sysfs_read 6 42792 NULL ++scsi_init_shared_tag_map_59812 scsi_init_shared_tag_map 2 59812 NULL +xfrm_hash_alloc_10997 xfrm_hash_alloc 1 10997 NULL -+altera_set_ir_post_20948 altera_set_ir_post 2 20948 NULL ++ieee80211_if_read_dot11MeshMaxRetries_12756 ieee80211_if_read_dot11MeshMaxRetries 3 12756 NULL +rx_filter_accum_arp_pend_requests_read_11003 rx_filter_accum_arp_pend_requests_read 3 11003 NULL +init_state_60165 init_state 2 60165 NULL +udpv6_sendmsg_22316 udpv6_sendmsg 4 22316 NULL @@ -86308,27 +94572,33 @@ index 0000000..909d902 +ath6kl_sdio_alloc_prep_scat_req_51986 ath6kl_sdio_alloc_prep_scat_req 2 51986 NULL +sg_build_sgat_60179 sg_build_sgat 3 60179 NULL nohasharray +jffs2_alloc_full_dirent_60179 jffs2_alloc_full_dirent 1 60179 &sg_build_sgat_60179 -+read_dma_55086 read_dma 3 55086 NULL ++ps_poll_ps_poll_timeouts_read_5934 ps_poll_ps_poll_timeouts_read 3 5934 NULL +ieee80211_if_read_smps_27416 ieee80211_if_read_smps 3 27416 NULL +calc_hmac_32010 calc_hmac 3 32010 NULL ++ixgbe_dbg_reg_ops_write_46895 ixgbe_dbg_reg_ops_write 3 46895 NULL +dwc3_mode_write_51997 dwc3_mode_write 3 51997 NULL -+btrfs_copy_from_user_43806 btrfs_copy_from_user 1-3 43806 NULL -+rx_rx_tkip_replays_read_60193 rx_rx_tkip_replays_read 3 60193 NULL ++btrfs_copy_from_user_43806 btrfs_copy_from_user 3-1 43806 NULL ++kernel_readv_35617 kernel_readv 3 35617 NULL +hci_send_cmd_43810 hci_send_cmd 3 43810 NULL -+reshape_ring_29147 reshape_ring 2 29147 NULL -+ceph_buffer_new_35974 ceph_buffer_new 1 35974 NULL ++sys_lgetxattr_45531 sys_lgetxattr 4 45531 NULL ++dev_irnet_write_11398 dev_irnet_write 3 11398 NULL ++bio_alloc_mddev_19238 bio_alloc_mddev 2 19238 NULL ++nouveau_gpio_create__11048 nouveau_gpio_create_ 4 11048 NULL ++dccp_manip_pkt_476 dccp_manip_pkt 4 476 NULL +tda10048_writeregbulk_11050 tda10048_writeregbulk 4 11050 NULL ++set_tap_pfs_60203 set_tap_pfs 3 60203 NULL +sfq_alloc_2861 sfq_alloc 1 2861 NULL -+skb_copy_datagram_from_iovec_52014 skb_copy_datagram_from_iovec 2-5-4 52014 NULL ++skb_copy_datagram_from_iovec_52014 skb_copy_datagram_from_iovec 4-2-5 52014 NULL +carl9170_handle_mpdu_11056 carl9170_handle_mpdu 3 11056 NULL +move_addr_to_user_2868 move_addr_to_user 2 2868 NULL +ieee80211_alloc_hw_43829 ieee80211_alloc_hw 1 43829 NULL +vxge_rx_alloc_52024 vxge_rx_alloc 3 52024 NULL -+override_release_52032 override_release 2 52032 NULL ++ValidateDSDParamsChecksum_63654 ValidateDSDParamsChecksum 3 63654 NULL ++__ip_append_data_16864 __ip_append_data 8-9 16864 NULL +p54_download_eeprom_43842 p54_download_eeprom 4 43842 NULL +spi_register_board_info_35651 spi_register_board_info 2 35651 NULL +store_debug_level_35652 store_debug_level 3 35652 NULL -+filldir64_46469 filldir64 3 46469 NULL ++l2tp_ip6_sendmsg_7461 l2tp_ip6_sendmsg 4 7461 NULL +read_flush_43851 read_flush 3 43851 NULL +dma_rx_errors_read_52045 dma_rx_errors_read 3 52045 NULL +cmm_write_2896 cmm_write 3 2896 NULL @@ -86336,10 +94606,10 @@ index 0000000..909d902 +io_mapping_map_wc_19284 io_mapping_map_wc 2 19284 NULL +tunables_write_59563 tunables_write 3 59563 NULL +compat_sys_kexec_load_35674 compat_sys_kexec_load 2 35674 NULL -+copy_entries_to_user_52367 copy_entries_to_user 1 52367 NULL -+rtsx_write_cfg_seq_27485 rtsx_write_cfg_seq 3-5 27485 NULL -+qc_capture_19298 qc_capture 3 19298 NULL -+pm860x_bulk_write_43875 pm860x_bulk_write 3 43875 NULL ++rtsx_write_cfg_seq_27485 rtsx_write_cfg_seq 5-3 27485 NULL ++v4l2_ctrl_new_std_menu_items_27487 v4l2_ctrl_new_std_menu_items 4 27487 NULL ++kvm_write_guest_cached_11106 kvm_write_guest_cached 4 11106 NULL ++isofs_readpages_52067 isofs_readpages 4 52067 NULL +lbs_bcnmiss_read_8678 lbs_bcnmiss_read 3 8678 NULL +dm_table_create_35687 dm_table_create 3 35687 NULL +qib_create_cq_27497 qib_create_cq 2 27497 NULL @@ -86352,60 +94622,58 @@ index 0000000..909d902 +alloc_alien_cache_11127 alloc_alien_cache 2 11127 NULL +nsm_get_handle_52089 nsm_get_handle 4 52089 NULL +debug_read_19322 debug_read 3 19322 NULL -+snd_rme9652_playback_copy_20970 snd_rme9652_playback_copy 5 20970 NULL ++v9fs_direct_read_45546 v9fs_direct_read 3 45546 NULL +__pskb_pull_tail_60287 __pskb_pull_tail 2 60287 NULL +gs_buf_alloc_25067 gs_buf_alloc 2 25067 NULL +cfg80211_inform_bss_19332 cfg80211_inform_bss 8 19332 NULL -+tm6000_i2c_recv_regs16_2949 tm6000_i2c_recv_regs16 5 2949 NULL ++ib_copy_to_udata_27525 ib_copy_to_udata 3 27525 NULL +dn_nsp_return_disc_60296 dn_nsp_return_disc 2 60296 NULL +o2net_debug_read_52105 o2net_debug_read 3 52105 NULL -+tx_tx_exch_pending_read_53018 tx_tx_exch_pending_read 3 53018 NULL +prism2_sta_send_mgmt_43916 prism2_sta_send_mgmt 5 43916 NULL +mgmt_device_found_14146 mgmt_device_found 10 14146 NULL ++snd_seq_oss_readq_new_14283 snd_seq_oss_readq_new 2 14283 NULL ++doc_probe_23285 doc_probe 1 23285 NULL +ppp_cp_event_2965 ppp_cp_event 6 2965 NULL ++SendString_43928 SendString 3 43928 NULL +acpi_os_map_memory_11161 acpi_os_map_memory 1-2 11161 NULL +ceph_parse_server_name_60318 ceph_parse_server_name 2 60318 NULL +retry_count_read_52129 retry_count_read 3 52129 NULL -+trace_options_read_11419 trace_options_read 3 11419 NULL ++xlog_recover_add_to_trans_62839 xlog_recover_add_to_trans 4 62839 NULL +ioat2_alloc_ring_11172 ioat2_alloc_ring 2 11172 NULL +read_zero_19366 read_zero 3 19366 NULL +bch_alloc_4593 bch_alloc 1 4593 NULL -+pkt_bio_alloc_48284 pkt_bio_alloc 1 48284 NULL +stats_dot11RTSFailureCount_read_43948 stats_dot11RTSFailureCount_read 3 43948 NULL +iwl_dbgfs_disable_ht40_read_35761 iwl_dbgfs_disable_ht40_read 3 35761 NULL -+libipw_alloc_txb_27579 libipw_alloc_txb 1-3-2 27579 NULL ++libipw_alloc_txb_27579 libipw_alloc_txb 1-2-3 27579 NULL +raid5_resize_63306 raid5_resize 2 63306 NULL +interpret_user_input_19393 interpret_user_input 2 19393 NULL -+kimage_crash_alloc_3233 kimage_crash_alloc 3 3233 NULL ++handle_eviocgbit_44193 handle_eviocgbit 3 44193 NULL +ieee80211_if_read_dot11MeshRetryTimeout_52168 ieee80211_if_read_dot11MeshRetryTimeout 3 52168 NULL +do_dmabuf_dirty_sou_3017 do_dmabuf_dirty_sou 7 3017 NULL -+mga_compat_ioctl_52170 mga_compat_ioctl 2 52170 NULL ++udf_alloc_i_data_35786 udf_alloc_i_data 2 35786 NULL +depth_write_3021 depth_write 3 3021 NULL +dccp_setsockopt_60367 dccp_setsockopt 5 60367 NULL +read_file_stations_35795 read_file_stations 3 35795 NULL +il_dbgfs_rx_queue_read_11221 il_dbgfs_rx_queue_read 3 11221 NULL +tipc_cfg_reply_alloc_27606 tipc_cfg_reply_alloc 1 27606 NULL +bcm_recvmsg_43992 bcm_recvmsg 4 43992 NULL -+xfrm_dst_alloc_copy_3034 xfrm_dst_alloc_copy 3 3034 NULL ++proc_pid_readlink_52186 proc_pid_readlink 3 52186 NULL +ubi_eba_atomic_leb_change_60379 ubi_eba_atomic_leb_change 5 60379 NULL +iwl_dbgfs_sleep_level_override_read_3038 iwl_dbgfs_sleep_level_override_read 3 3038 NULL +dvbdmx_write_19423 dvbdmx_write 3 19423 NULL +il3945_ucode_rx_stats_read_3048 il3945_ucode_rx_stats_read 3 3048 NULL -+venus_rmdir_45564 venus_rmdir 4 45564 NULL ++il4965_ucode_rx_stats_read_61948 il4965_ucode_rx_stats_read 3 61948 NULL +mthca_alloc_resize_buf_60394 mthca_alloc_resize_buf 3 60394 NULL +write_flush_procfs_44011 write_flush_procfs 3 44011 NULL +driver_names_read_60399 driver_names_read 3 60399 NULL -+isdn_read_50021 isdn_read 3 50021 NULL -+ubifs_write_node_11258 ubifs_write_node 3-5 11258 NULL -+iscsi_if_send_reply_52219 iscsi_if_send_reply 7 52219 NULL ++read_flush_procfs_27642 read_flush_procfs 3 27642 NULL ++add_new_gdb_27643 add_new_gdb 3 27643 NULL +dac960_user_command_proc_write_3071 dac960_user_command_proc_write 3 3071 NULL +hugetlbfs_read_11268 hugetlbfs_read 3 11268 NULL -+cru_detect_11272 cru_detect 1 11272 NULL -+excessive_retries_read_60425 excessive_retries_read 3 60425 NULL -+ieee80211_build_probe_req_27660 ieee80211_build_probe_req 7-5 27660 NULL ++_alloc_mISDN_skb_52232 _alloc_mISDN_skb 3 52232 NULL ++qnx6_readpages_27657 qnx6_readpages 4 27657 NULL +tx_tx_cmplt_read_35854 tx_tx_cmplt_read 3 35854 NULL -+tstats_write_60432 tstats_write 3 60432 NULL nohasharray -+kmalloc_60432 kmalloc 1 60432 &tstats_write_60432 ++cdrom_read_cdda_old_27664 cdrom_read_cdda_old 4 27664 NULL +do_dmabuf_dirty_ldu_52241 do_dmabuf_dirty_ldu 6 52241 NULL +mthca_buf_alloc_35861 mthca_buf_alloc 2 35861 NULL +rx_data_60442 rx_data 4 60442 NULL @@ -86415,8 +94683,8 @@ index 0000000..909d902 +mdiobus_alloc_size_52259 mdiobus_alloc_size 1 52259 NULL +rt2x00debug_write_csr_64753 rt2x00debug_write_csr 3 64753 NULL +sisusbcon_do_font_op_52271 sisusbcon_do_font_op 9 52271 NULL -+simple_write_to_buffer_3122 simple_write_to_buffer 2-5 3122 NULL -+uwb_rc_cmd_done_35892 uwb_rc_cmd_done 4 35892 NULL ++simple_write_to_buffer_3122 simple_write_to_buffer 5-2 3122 NULL ++__tty_buffer_request_room_27700 __tty_buffer_request_room 2 27700 NULL +ext4_add_new_descs_19509 ext4_add_new_descs 3 19509 NULL +fs_path_add_from_extent_buffer_27702 fs_path_add_from_extent_buffer 4 27702 NULL +tcp_mark_head_lost_35895 tcp_mark_head_lost 2 35895 NULL @@ -86424,7 +94692,7 @@ index 0000000..909d902 +atm_alloc_charge_19517 atm_alloc_charge 2 19517 NULL nohasharray +dev_alloc_skb_19517 dev_alloc_skb 1 19517 &atm_alloc_charge_19517 +construct_key_11329 construct_key 3 11329 NULL -+crypto_shash_setkey_60483 crypto_shash_setkey 3 60483 NULL ++evm_write_key_27715 evm_write_key 3 27715 NULL +persistent_ram_buffer_map_11332 persistent_ram_buffer_map 1-2 11332 NULL +fill_write_buffer_3142 fill_write_buffer 3 3142 NULL +filldir_55137 filldir 3 55137 NULL @@ -86433,21 +94701,22 @@ index 0000000..909d902 +reg_w_buf_27724 reg_w_buf 3 27724 NULL +nfc_llcp_build_tlv_19536 nfc_llcp_build_tlv 3 19536 NULL +compat_sys_migrate_pages_3157 compat_sys_migrate_pages 2 3157 NULL -+read_file_reset_52310 read_file_reset 3 52310 NULL ++a4t_cs_init_27734 a4t_cs_init 3 27734 NULL +sel_write_create_11353 sel_write_create 3 11353 NULL +tracing_set_trace_read_44122 tracing_set_trace_read 3 44122 NULL ++request_asymmetric_key_52317 request_asymmetric_key 2-4 52317 NULL +hwflags_read_52318 hwflags_read 3 52318 NULL -+rx_defrag_init_called_read_35935 rx_defrag_init_called_read 3 35935 NULL -+encrypted_instantiate_3168 encrypted_instantiate 3 3168 NULL ++nfc_alloc_send_skb_3167 nfc_alloc_send_skb 4 3167 NULL ++batadv_skb_head_push_11360 batadv_skb_head_push 2 11360 NULL +put_cmsg_compat_35937 put_cmsg_compat 4 35937 NULL +vmw_gmr_bind_44130 vmw_gmr_bind 3 44130 NULL +ath_tx_init_60515 ath_tx_init 2 60515 NULL -+xfs_inumbers_fmt_12817 xfs_inumbers_fmt 3 12817 NULL ++drm_property_create_enum_29201 drm_property_create_enum 5 29201 NULL +ntfs_rl_split_52328 ntfs_rl_split 2-4 52328 NULL +qib_get_base_info_11369 qib_get_base_info 3 11369 NULL +ocfs2_control_message_19564 ocfs2_control_message 3 19564 NULL -+ieee80211_if_read_tkip_mic_test_19565 ieee80211_if_read_tkip_mic_test 3 19565 NULL -+compat_do_ip6t_set_ctl_3184 compat_do_ip6t_set_ctl 4 3184 NULL ++test_unaligned_bulk_52333 test_unaligned_bulk 3 52333 NULL ++nfsd_read_19568 nfsd_read 5 19568 NULL +cgroup_read_s64_19570 cgroup_read_s64 5 19570 NULL +hysdn_sched_rx_60533 hysdn_sched_rx 3 60533 NULL +mempool_create_node_3191 mempool_create_node 1 3191 NULL @@ -86455,27 +94724,30 @@ index 0000000..909d902 +shmem_pread_slow_3198 shmem_pread_slow 3 3198 NULL +bm_status_read_19583 bm_status_read 3 19583 NULL +v9fs_fid_readn_60544 v9fs_fid_readn 4 60544 NULL -+dev_irnet_write_11398 dev_irnet_write 3 11398 NULL ++zd_mac_rx_38296 zd_mac_rx 3 38296 NULL ++nfs_parse_server_name_1899 nfs_parse_server_name 2 1899 NULL ++ceph_buffer_new_35974 ceph_buffer_new 1 35974 NULL +acl_alloc_35979 acl_alloc 1 35979 NULL -+mmc_send_bus_test_18285 mmc_send_bus_test 4 18285 NULL ++copy_entries_to_user_52367 copy_entries_to_user 1 52367 NULL +___alloc_bootmem_11410 ___alloc_bootmem 1 11410 NULL +str_to_user_11411 str_to_user 2 11411 NULL +mem_fw_gen_free_mem_blks_read_11413 mem_fw_gen_free_mem_blks_read 3 11413 NULL +koneplus_sysfs_write_35993 koneplus_sysfs_write 6 35993 NULL -+solo_v4l2_read_59247 solo_v4l2_read 3 59247 NULL ++trace_options_read_11419 trace_options_read 3 11419 NULL +ttm_object_file_init_27804 ttm_object_file_init 2 27804 NULL +mpihelp_mul_27805 mpihelp_mul 5-3 27805 NULL -+xd_read_multiple_pages_11422 xd_read_multiple_pages 4-5 11422 NULL ++xd_read_multiple_pages_11422 xd_read_multiple_pages 5-4 11422 NULL +isdn_writebuf_stub_52383 isdn_writebuf_stub 4 52383 NULL -+handle_eviocgbit_44193 handle_eviocgbit 3 44193 NULL ++kimage_crash_alloc_3233 kimage_crash_alloc 3 3233 NULL +write_adapter_mem_3234 write_adapter_mem 3 3234 NULL ++iwl_dbgfs_tx_queue_read_4635 iwl_dbgfs_tx_queue_read 3 4635 NULL +do_read_log_to_user_3236 do_read_log_to_user 4 3236 NULL +console_store_36007 console_store 4 36007 NULL +bttv_read_11432 bttv_read 3 11432 NULL +key_key_read_3241 key_key_read 3 3241 NULL +aer_inject_write_52399 aer_inject_write 3 52399 NULL +il3945_ucode_tx_stats_read_36016 il3945_ucode_tx_stats_read 3 36016 NULL -+ipath_cdev_init_37752 ipath_cdev_init 1 37752 NULL ++__feat_register_sp_64712 __feat_register_sp 6 64712 NULL +ib_alloc_device_26483 ib_alloc_device 1 26483 NULL +check_vendor_extension_3254 check_vendor_extension 1 3254 NULL +ieee80211_amsdu_to_8023s_15561 ieee80211_amsdu_to_8023s 5 15561 NULL @@ -86496,35 +94768,36 @@ index 0000000..909d902 +enlarge_skb_44248 enlarge_skb 2 44248 NULL nohasharray +xfs_buf_readahead_map_44248 xfs_buf_readahead_map 3 44248 &enlarge_skb_44248 +scsi_track_queue_full_44239 scsi_track_queue_full 2 44239 NULL -+rbd_snap_add_19678 rbd_snap_add 4 19678 NULL ++refill_pool_19477 refill_pool 2 19477 NULL +ubifs_recover_leb_60639 ubifs_recover_leb 3 60639 NULL +ieee80211_if_read_dot11MeshHWMProotInterval_27873 ieee80211_if_read_dot11MeshHWMProotInterval 3 27873 NULL -+btmrvl_psmode_read_22395 btmrvl_psmode_read 3 22395 NULL ++iwl_dbgfs_thermal_throttling_read_38779 iwl_dbgfs_thermal_throttling_read 3 38779 NULL +xfs_file_buffered_aio_write_11492 xfs_file_buffered_aio_write 4 11492 NULL ++__btrfs_free_reserved_extent_31207 __btrfs_free_reserved_extent 2 31207 NULL +tcp_sacktag_walk_49703 tcp_sacktag_walk 6 49703 NULL +ieee80211_if_write_tsf_36077 ieee80211_if_write_tsf 3 36077 NULL +arvo_sysfs_write_3311 arvo_sysfs_write 6 3311 NULL +sd_do_mode_sense_11507 sd_do_mode_sense 5 11507 NULL -+snd_seq_device_new_31753 snd_seq_device_new 4 31753 NULL +unix_seqpacket_sendmsg_27893 unix_seqpacket_sendmsg 4 27893 NULL +kmem_zalloc_11510 kmem_zalloc 1 11510 NULL +hidraw_get_report_45609 hidraw_get_report 3 45609 NULL ++dbDiscardAG_3322 dbDiscardAG 3 3322 NULL +ieee80211_alloc_txb_52477 ieee80211_alloc_txb 1-2 52477 NULL +ieee80211_if_read_dot11MeshConfirmTimeout_60670 ieee80211_if_read_dot11MeshConfirmTimeout 3 60670 NULL -+snd_gus_dram_write_38784 snd_gus_dram_write 4 38784 NULL ++blk_init_tags_30592 blk_init_tags 1 30592 NULL +venus_symlink_23570 venus_symlink 4-6 23570 NULL +storvsc_connect_to_vsp_22 storvsc_connect_to_vsp 2 22 NULL +aac_rkt_ioremap_3333 aac_rkt_ioremap 2 3333 NULL +sctp_make_init_ack_3335 sctp_make_init_ack 4 3335 NULL +read_from_oldmem_3337 read_from_oldmem 2 3337 NULL -+ps_upsd_max_sptime_read_63362 ps_upsd_max_sptime_read 3 63362 NULL -+wm8350_block_write_19727 wm8350_block_write 3 19727 NULL ++tty_port_register_device_attr_3341 tty_port_register_device_attr 3 3341 NULL ++ath6kl_keepalive_read_44303 ath6kl_keepalive_read 3 44303 NULL +vga_arb_write_36112 vga_arb_write 3 36112 NULL -+mangle_packet_27864 mangle_packet 6-8 27864 NULL +int_tasklet_entry_52500 int_tasklet_entry 3 52500 NULL -+spidev_ioctl_12846 spidev_ioctl 2 12846 NULL ++acpi_os_allocate_zeroed_37422 acpi_os_allocate_zeroed 1 37422 NULL ++simple_xattr_alloc_36118 simple_xattr_alloc 2 36118 NULL +il_dbgfs_interrupt_read_3351 il_dbgfs_interrupt_read 3 3351 NULL -+memcpy_toiovecend_19736 memcpy_toiovecend 3-4 19736 NULL ++memcpy_toiovecend_19736 memcpy_toiovecend 4-3 19736 NULL +gsm_control_rls_3353 gsm_control_rls 3 3353 NULL +ath6kl_usb_ctrl_msg_exchange_33327 ath6kl_usb_ctrl_msg_exchange 4 33327 NULL +dispatch_proc_write_44320 dispatch_proc_write 3 44320 NULL @@ -86536,27 +94809,26 @@ index 0000000..909d902 +p9_client_read_19750 p9_client_read 5 19750 NULL +skb_cow_data_11565 skb_cow_data 2 11565 NULL +pnpbios_proc_write_19758 pnpbios_proc_write 3 19758 NULL ++ocfs2_readpages_19759 ocfs2_readpages 4 19759 NULL ++ext3_readpages_36144 ext3_readpages 4 36144 NULL +mlx4_init_cmpt_table_11569 mlx4_init_cmpt_table 3 11569 NULL +iwl_trans_txq_alloc_36147 iwl_trans_txq_alloc 3 36147 NULL +alloc_vm_area_36149 alloc_vm_area 1 36149 NULL -+sctp_make_abort_violation_27959 sctp_make_abort_violation 4 27959 NULL ++ubi_eba_write_leb_st_44343 ubi_eba_write_leb_st 5 44343 NULL +tracing_clock_write_27961 tracing_clock_write 3 27961 NULL -+usbduxfast_attach_common_52538 usbduxfast_attach_common 4 52538 NULL +b1_alloc_card_36155 b1_alloc_card 1 36155 NULL +oprofilefs_ulong_to_user_11582 oprofilefs_ulong_to_user 3 11582 NULL +mtdchar_writeoob_3393 mtdchar_writeoob 4 3393 NULL +nfs_fscache_get_super_cookie_44355 nfs_fscache_get_super_cookie 3 44355 NULL nohasharray +blk_queue_init_tags_44355 blk_queue_init_tags 2 44355 &nfs_fscache_get_super_cookie_44355 -+mic_rx_pkts_read_27972 mic_rx_pkts_read 3 27972 NULL ++saa7146_vmalloc_build_pgtable_19780 saa7146_vmalloc_build_pgtable 2 19780 NULL +send_stream_3397 send_stream 4 3397 NULL -+cdrom_read_cdda_old_27664 cdrom_read_cdda_old 4 27664 NULL +snd_korg1212_copy_from_36169 snd_korg1212_copy_from 6 36169 NULL +fw_device_op_ioctl_11595 fw_device_op_ioctl 2 11595 NULL +ipx_recvmsg_44366 ipx_recvmsg 4 44366 NULL +hycapi_rx_capipkt_11602 hycapi_rx_capipkt 3 11602 NULL +msix_map_region_3411 msix_map_region 3 3411 NULL +sys_kexec_load_14222 sys_kexec_load 2 14222 NULL -+__ip_append_data_36191 __ip_append_data 7-8 36191 NULL +rts_threshold_read_44384 rts_threshold_read 3 44384 NULL +iwl_dbgfs_rf_reset_read_26512 iwl_dbgfs_rf_reset_read 3 26512 NULL +pci_add_cap_save_buffer_3426 pci_add_cap_save_buffer 3 3426 NULL @@ -86568,40 +94840,41 @@ index 0000000..909d902 +aoedev_flush_44398 aoedev_flush 2 44398 NULL +irda_setsockopt_19824 irda_setsockopt 5 19824 NULL +drm_buffer_alloc_44405 drm_buffer_alloc 2 44405 NULL -+get_packet_pg_28023 get_packet_pg 4 28023 NULL ++pipe_iov_copy_to_user_3447 pipe_iov_copy_to_user 3 3447 NULL ++vip_read_19832 vip_read 3 19832 NULL +osst_do_scsi_44410 osst_do_scsi 4 44410 NULL ++llc_shdlc_alloc_skb_11645 llc_shdlc_alloc_skb 2 11645 NULL +security_context_to_sid_19839 security_context_to_sid 2 19839 NULL +sisusb_send_bridge_packet_11649 sisusb_send_bridge_packet 2 11649 NULL +nfqnl_mangle_36226 nfqnl_mangle 4-2 36226 NULL +atomic_stats_read_36228 atomic_stats_read 3 36228 NULL ++crypt_alloc_buffer_19846 crypt_alloc_buffer 2 19846 NULL +ieee80211_if_read_rc_rateidx_mcs_mask_5ghz_44423 ieee80211_if_read_rc_rateidx_mcs_mask_5ghz 3 44423 NULL +sctp_setsockopt_maxburst_28041 sctp_setsockopt_maxburst 3 28041 NULL +alloc_skb_fclone_3467 alloc_skb_fclone 1 3467 NULL +cfg80211_mlme_register_mgmt_19852 cfg80211_mlme_register_mgmt 5 19852 NULL +viafb_iga1_odev_proc_write_36241 viafb_iga1_odev_proc_write 3 36241 NULL -+cx231xx_init_vbi_isoc_28053 cx231xx_init_vbi_isoc 2-3 28053 NULL ++cx231xx_init_vbi_isoc_28053 cx231xx_init_vbi_isoc 3-2 28053 NULL +ide_queue_pc_tail_11673 ide_queue_pc_tail 5 11673 NULL +llcp_allocate_pdu_19866 llcp_allocate_pdu 3 19866 NULL +lpfc_idiag_mbxacc_read_28061 lpfc_idiag_mbxacc_read 3 28061 NULL +btrfs_alloc_delayed_item_11678 btrfs_alloc_delayed_item 1 11678 NULL +compat_sys_mbind_36256 compat_sys_mbind 5 36256 NULL -+security_context_to_sid_default_3492 security_context_to_sid_default 2 3492 NULL nohasharray -+efi_ioremap_3492 efi_ioremap 1-2 3492 &security_context_to_sid_default_3492 ++security_context_to_sid_default_3492 security_context_to_sid_default 2 3492 NULL +sctp_setsockopt_hmac_ident_11687 sctp_setsockopt_hmac_ident 3 11687 NULL -+edac_pci_alloc_ctl_info_63388 edac_pci_alloc_ctl_info 1 63388 NULL ++blk_rq_map_kern_47004 blk_rq_map_kern 4 47004 NULL +split_11691 split 2 11691 NULL +brcmf_sdio_assert_info_52653 brcmf_sdio_assert_info 4 52653 NULL +snd_ctl_elem_user_tlv_11695 snd_ctl_elem_user_tlv 3 11695 NULL +pwr_tx_with_ps_read_60851 pwr_tx_with_ps_read 3 60851 NULL +usb_buffer_alloc_36276 usb_buffer_alloc 2 36276 NULL +__kfifo_alloc_22173 __kfifo_alloc 2-3 22173 NULL -+mangle_sdp_packet_36279 mangle_sdp_packet 9 36279 NULL +codec_reg_read_file_36280 codec_reg_read_file 3 36280 NULL +gdth_init_isa_28091 gdth_init_isa 1 28091 NULL +readahead_tree_block_36285 readahead_tree_block 3 36285 NULL +mem_tx_free_mem_blks_read_3521 mem_tx_free_mem_blks_read 3 3521 NULL nohasharray +ieee80211_wx_set_gen_ie_rsl_3521 ieee80211_wx_set_gen_ie_rsl 3 3521 &mem_tx_free_mem_blks_read_3521 -+diva_alloc_dma_map_23798 diva_alloc_dma_map 2 23798 NULL ++nouveau_cli_create_36293 nouveau_cli_create 3 36293 NULL +vmw_unlocked_ioctl_19212 vmw_unlocked_ioctl 2 19212 NULL +ps_upsd_max_apturn_read_19918 ps_upsd_max_apturn_read 3 19918 NULL +lpfc_debugfs_dif_err_read_36303 lpfc_debugfs_dif_err_read 3 36303 NULL @@ -86614,10 +94887,11 @@ index 0000000..909d902 +vgacon_adjust_height_28124 vgacon_adjust_height 2 28124 NULL +spidev_write_44510 spidev_write 3 44510 NULL +macvtap_sendmsg_30629 macvtap_sendmsg 4 30629 NULL -+iscsi_host_alloc_36671 iscsi_host_alloc 2 36671 NULL ++dm_bio_prison_create_11749 dm_bio_prison_create 1 11749 NULL +iwl_dbgfs_rx_queue_read_19943 iwl_dbgfs_rx_queue_read 3 19943 NULL +fat_compat_ioctl_filldir_36328 fat_compat_ioctl_filldir 3 36328 NULL +iwl_dbgfs_qos_read_11753 iwl_dbgfs_qos_read 3 11753 NULL ++nouveau_client_create__52715 nouveau_client_create_ 5 52715 NULL +iio_debugfs_read_reg_60908 iio_debugfs_read_reg 3 60908 NULL +kone_receive_4690 kone_receive 4 4690 NULL +alloc_smp_resp_3566 alloc_smp_resp 1 3566 NULL @@ -86625,14 +94899,14 @@ index 0000000..909d902 +evtchn_read_3569 evtchn_read 3 3569 NULL +video_read_28148 video_read 3 28148 NULL +compat_sys_setsockopt_3326 compat_sys_setsockopt 5 3326 NULL -+snd_midi_channel_alloc_set_28153 snd_midi_channel_alloc_set 1 28153 NULL ++sys_msgsnd_44537 sys_msgsnd 3 44537 NULL nohasharray ++comm_write_44537 comm_write 3 44537 &sys_msgsnd_44537 +stats_dot11FCSErrorCount_read_28154 stats_dot11FCSErrorCount_read 3 28154 NULL +ax25_send_frame_19964 ax25_send_frame 2 19964 NULL +blkcipher_next_slow_52733 blkcipher_next_slow 3-4 52733 NULL +relay_alloc_page_array_52735 relay_alloc_page_array 1 52735 NULL +ps_pspoll_timeouts_read_11776 ps_pspoll_timeouts_read 3 11776 NULL -+v9fs_file_readn_36353 v9fs_file_readn 4 36353 NULL nohasharray -+xz_dec_lzma2_create_36353 xz_dec_lzma2_create 2 36353 &v9fs_file_readn_36353 ++vc_resize_3585 vc_resize 2-3 3585 NULL +gluebi_write_27905 gluebi_write 3 27905 NULL +ivtv_v4l2_read_1964 ivtv_v4l2_read 3 1964 NULL +c4iw_reject_cr_28174 c4iw_reject_cr 3 28174 NULL @@ -86642,15 +94916,16 @@ index 0000000..909d902 +sctp_getsockopt_events_3607 sctp_getsockopt_events 2 3607 NULL +macvtap_get_user_28185 macvtap_get_user 4 28185 NULL +edac_mc_alloc_3611 edac_mc_alloc 4 3611 NULL -+read_file_regidx_33370 read_file_regidx 3 33370 NULL ++key_algorithm_read_57946 key_algorithm_read 3 57946 NULL +pti_char_write_60960 pti_char_write 3 60960 NULL +tx_tx_starts_read_3617 tx_tx_starts_read 3 3617 NULL -+proc_fdinfo_read_62043 proc_fdinfo_read 3 62043 NULL ++nouveau_mxm_create__28200 nouveau_mxm_create_ 4 28200 NULL +pcpu_fc_alloc_11818 pcpu_fc_alloc 2 11818 NULL +read_vbt_r10_60679 read_vbt_r10 1 60679 NULL +aligned_kmalloc_3628 aligned_kmalloc 1 3628 NULL +afs_alloc_flat_call_36399 afs_alloc_flat_call 2-3 36399 NULL -+skb_cow_head_52495 skb_cow_head 2 52495 NULL ++error_error_frame_read_39947 error_error_frame_read 3 39947 NULL nohasharray ++fwnet_pd_new_39947 fwnet_pd_new 4 39947 &error_error_frame_read_39947 +snd_pcm_alloc_vmalloc_buffer_44595 snd_pcm_alloc_vmalloc_buffer 2 44595 NULL +zerocopy_sg_from_iovec_11828 zerocopy_sg_from_iovec 3 11828 NULL +sctp_setsockopt_maxseg_11829 sctp_setsockopt_maxseg 3 11829 NULL @@ -86660,15 +94935,16 @@ index 0000000..909d902 +hsc_msg_alloc_60990 hsc_msg_alloc 1 60990 NULL +cm_copy_private_data_3649 cm_copy_private_data 2 3649 NULL +ath6kl_disconnect_timeout_read_3650 ath6kl_disconnect_timeout_read 3 3650 NULL -+shmem_xattr_set_11843 shmem_xattr_set 4 11843 NULL -+sctp_ulpevent_new_33377 sctp_ulpevent_new 1 33377 NULL ++ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 NULL nohasharray ++mthca_alloc_icm_table_38268 mthca_alloc_icm_table 4-3 38268 &ieee80211_if_read_auto_open_plinks_38268 ++ip_set_alloc_57953 ip_set_alloc 1 57953 NULL +i915_compat_ioctl_3656 i915_compat_ioctl 2 3656 NULL +mb_cache_create_17307 mb_cache_create 2 17307 NULL +ni_gpct_device_construct_610 ni_gpct_device_construct 5 610 NULL +cfpkt_add_body_44630 cfpkt_add_body 3 44630 NULL -+handle_received_packet_22457 handle_received_packet 3 22457 NULL ++nf_nat_sdp_media_11863 nf_nat_sdp_media 9 11863 NULL +alloc_extent_buffer_52824 alloc_extent_buffer 3 52824 NULL -+ath6kl_keepalive_read_44303 ath6kl_keepalive_read 3 44303 NULL ++skb_cow_head_52495 skb_cow_head 2 52495 NULL +ecryptfs_copy_filename_11868 ecryptfs_copy_filename 4 11868 NULL +sctp_tsnmap_init_36446 sctp_tsnmap_init 2 36446 NULL +alloc_ieee80211_20063 alloc_ieee80211 1 20063 NULL @@ -86680,28 +94956,29 @@ index 0000000..909d902 +fuse_conn_limit_read_20084 fuse_conn_limit_read 3 20084 NULL +btmrvl_psmode_write_3703 btmrvl_psmode_write 3 3703 NULL +symtab_init_61050 symtab_init 2 61050 NULL -+alloc_ctrl_packet_44667 alloc_ctrl_packet 1 44667 NULL ++team_options_register_20091 team_options_register 3 20091 NULL +videobuf_pages_to_sg_3708 videobuf_pages_to_sg 2 3708 NULL +mon_bin_get_event_52863 mon_bin_get_event 4 52863 NULL ++oom_adj_read_21847 oom_adj_read 3 21847 NULL +b43_nphy_load_samples_36481 b43_nphy_load_samples 3 36481 NULL +mpi_resize_44674 mpi_resize 2 44674 NULL +ip6_append_data_36490 ip6_append_data 4-5 36490 NULL nohasharray +tx_tx_checksum_result_read_36490 tx_tx_checksum_result_read 3 36490 &ip6_append_data_36490 +kmalloc_slab_11917 kmalloc_slab 1 11917 NULL -+interfaces_38859 interfaces 2 38859 NULL +rng_dev_read_41581 rng_dev_read 3 41581 NULL +nouveau_compat_ioctl_28305 nouveau_compat_ioctl 2 28305 NULL +cache_read_procfs_52882 cache_read_procfs 3 52882 NULL +fs_devrw_entry_11924 fs_devrw_entry 3 11924 NULL +hptiop_adjust_disk_queue_depth_20122 hptiop_adjust_disk_queue_depth 2 20122 NULL -+dgram_sendmsg_45679 dgram_sendmsg 4 45679 NULL ++xfs_trans_read_buf_map_37487 xfs_trans_read_buf_map 5 37487 NULL +ci_ll_write_3740 ci_ll_write 4 3740 NULL +snd_pcm_oss_read_28317 snd_pcm_oss_read 3 28317 NULL +kvm_kvzalloc_52894 kvm_kvzalloc 1 52894 NULL ++ima_show_htable_value_57136 ima_show_htable_value 2 57136 NULL +mcam_v4l_read_36513 mcam_v4l_read 3 36513 NULL +dccp_feat_clone_sp_val_11942 dccp_feat_clone_sp_val 3 11942 NULL ++pms_read_53873 pms_read 3 53873 NULL +ieee80211_if_read_fwded_frames_36520 ieee80211_if_read_fwded_frames 3 36520 NULL -+uf_create_device_nodes_24948 uf_create_device_nodes 2 24948 NULL +get_derived_key_61100 get_derived_key 4 61100 NULL +bm_entry_write_28338 bm_entry_write 3 28338 NULL +_zd_iowrite32v_locked_44725 _zd_iowrite32v_locked 3 44725 NULL @@ -86713,9 +94990,9 @@ index 0000000..909d902 +nfsctl_transaction_write_64800 nfsctl_transaction_write 3 64800 NULL +kone_send_63435 kone_send 4 63435 NULL +alloc_rtllib_51136 alloc_rtllib 1 51136 NULL -+vmemmap_alloc_block_buf_61126 vmemmap_alloc_block_buf 1 61126 NULL ++key_tx_rx_count_read_44742 key_tx_rx_count_read 3 44742 NULL +tomoyo_commit_ok_20167 tomoyo_commit_ok 2 20167 NULL -+ip_nat_sdp_port_52938 ip_nat_sdp_port 6 52938 NULL ++iblock_get_bio_52936 iblock_get_bio 3 52936 NULL +__kfifo_to_user_36555 __kfifo_to_user 3 36555 NULL nohasharray +macvtap_do_read_36555 macvtap_do_read 4 36555 &__kfifo_to_user_36555 +wep_addr_key_count_read_20174 wep_addr_key_count_read 3 20174 NULL @@ -86725,14 +95002,15 @@ index 0000000..909d902 +tnode_new_44757 tnode_new 3 44757 NULL nohasharray +pty_write_44757 pty_write 3 44757 &tnode_new_44757 +ath6kl_send_go_probe_resp_21113 ath6kl_send_go_probe_resp 3 21113 NULL -+l2tp_ip6_sendmsg_7461 l2tp_ip6_sendmsg 4 7461 NULL -+sys_writev_28384 sys_writev 3 28384 NULL ++kvm_read_guest_atomic_10765 kvm_read_guest_atomic 4 10765 NULL ++iwl_dbgfs_nvm_read_23845 iwl_dbgfs_nvm_read 3 23845 NULL ++send_packet_52960 send_packet 4 52960 NULL +dlmfs_file_read_28385 dlmfs_file_read 3 28385 NULL +ssb_bus_scan_36578 ssb_bus_scan 2 36578 NULL +ncp_file_write_3813 ncp_file_write 3 3813 NULL -+batadv_tt_prepare_packet_buff_1280 batadv_tt_prepare_packet_buff 4 1280 NULL +tipc_port_reject_sections_55229 tipc_port_reject_sections 5 55229 NULL +tx_frag_cache_miss_read_28394 tx_frag_cache_miss_read 3 28394 NULL ++set_bypass_pfs_28395 set_bypass_pfs 3 28395 NULL +put_cmsg_36589 put_cmsg 4 36589 NULL +__vmalloc_61168 __vmalloc 1 61168 NULL +llc_ui_recvmsg_3826 llc_ui_recvmsg 4 3826 NULL @@ -86746,17 +95024,19 @@ index 0000000..909d902 +nfs4_alloc_pages_48426 nfs4_alloc_pages 1 48426 NULL +rx_dropped_read_44799 rx_dropped_read 3 44799 NULL +batadv_check_management_packet_52993 batadv_check_management_packet 3 52993 NULL -+shmem_xattr_alloc_61190 shmem_xattr_alloc 2 61190 NULL +tpci200_slot_map_space_3848 tpci200_slot_map_space 2 3848 NULL ++regmap_bulk_write_59049 regmap_bulk_write 4 59049 NULL ++create_one_cdev_3852 create_one_cdev 2 3852 NULL +fat_ioctl_filldir_36621 fat_ioctl_filldir 3 36621 NULL +smk_read_onlycap_3855 smk_read_onlycap 3 3855 NULL ++mpage_readpages_28436 mpage_readpages 3 28436 NULL +cfpkt_append_61206 cfpkt_append 3 61206 NULL +btrfs_free_and_pin_reserved_extent_53016 btrfs_free_and_pin_reserved_extent 2 53016 NULL +rose_sendmsg_20249 rose_sendmsg 4 20249 NULL +get_fd_set_3866 get_fd_set 1 3866 NULL -+garp_request_join_7471 garp_request_join 4 7471 NULL ++megaraid_change_queue_depth_64815 megaraid_change_queue_depth 2 64815 NULL +rx_rx_defrag_read_2010 rx_rx_defrag_read 3 2010 NULL -+read_file_rx_chainmask_41605 read_file_rx_chainmask 3 41605 NULL ++unlink_queued_645 unlink_queued 3-4 645 NULL +il4965_ucode_tx_stats_read_12064 il4965_ucode_tx_stats_read 3 12064 NULL +sisusb_write_44834 sisusb_write 3 44834 NULL +smk_read_ambient_61220 smk_read_ambient 3 61220 NULL @@ -86769,14 +95049,12 @@ index 0000000..909d902 +nvram_write_3894 nvram_write 3 3894 NULL +osd_req_list_collection_objects_36664 osd_req_list_collection_objects 5 36664 NULL +pipeline_pre_proc_swi_read_3898 pipeline_pre_proc_swi_read 3 3898 NULL -+vmw_du_crtc_cursor_set_28479 vmw_du_crtc_cursor_set 4-5 28479 NULL -+linear_conf_23485 linear_conf 2 23485 NULL nohasharray -+divasa_remap_pci_bar_23485 divasa_remap_pci_bar 3-4 23485 &linear_conf_23485 ++iscsi_host_alloc_36671 iscsi_host_alloc 2 36671 NULL +vcs_write_3910 vcs_write 3 3910 NULL -+ubi_eba_write_leb_st_44343 ubi_eba_write_leb_st 5 44343 NULL ++sctp_make_abort_violation_27959 sctp_make_abort_violation 4 27959 NULL +mwifiex_debug_read_53074 mwifiex_debug_read 3 53074 NULL +dtim_interval_read_654 dtim_interval_read 3 654 NULL -+_alloc_mISDN_skb_52232 _alloc_mISDN_skb 3 52232 NULL ++btrfs_bio_alloc_61270 btrfs_bio_alloc 3 61270 NULL +packet_sendmsg_24954 packet_sendmsg 4 24954 NULL +alloc_bulk_urbs_generic_12127 alloc_bulk_urbs_generic 5 12127 NULL +do_tty_write_44896 do_tty_write 5 44896 NULL @@ -86785,7 +95063,7 @@ index 0000000..909d902 +snd_cs4281_BA1_read_20323 snd_cs4281_BA1_read 5 20323 NULL +nfs_writedata_alloc_12133 nfs_writedata_alloc 2 12133 NULL +ramoops_init_prz_12134 ramoops_init_prz 5 12134 NULL -+xfs_handle_to_dentry_12135 xfs_handle_to_dentry 3 12135 NULL ++ps_poll_upsd_utilization_read_28519 ps_poll_upsd_utilization_read 3 28519 NULL +hdlc_irq_one_3944 hdlc_irq_one 2 3944 NULL +rawv6_seticmpfilter_12137 rawv6_seticmpfilter 5 12137 NULL +vmw_fifo_reserve_12141 vmw_fifo_reserve 2 12141 NULL @@ -86805,11 +95083,11 @@ index 0000000..909d902 +debug_debug1_read_8856 debug_debug1_read 3 8856 NULL +ddp_make_gl_12179 ddp_make_gl 1 12179 NULL +ps_poll_ps_poll_max_ap_turn_read_53140 ps_poll_ps_poll_max_ap_turn_read 3 53140 NULL -+dbgfs_state_38894 dbgfs_state 3 38894 NULL -+tcf_csum_ipv6_udp_25241 tcf_csum_ipv6_udp 4 25241 NULL ++scsi_deactivate_tcq_47086 scsi_deactivate_tcq 2 47086 NULL ++regcache_rbtree_insert_to_block_58009 regcache_rbtree_insert_to_block 5 58009 NULL +do_add_counters_3992 do_add_counters 3 3992 NULL -+saa7146_vmalloc_build_pgtable_19780 saa7146_vmalloc_build_pgtable 2 19780 NULL -+ip_generic_getfrag_12187 ip_generic_getfrag 3-4 12187 NULL ++mic_rx_pkts_read_27972 mic_rx_pkts_read 3 27972 NULL ++smk_set_cipso_20379 smk_set_cipso 3 20379 NULL +st5481_setup_isocpipes_61340 st5481_setup_isocpipes 6-4 61340 NULL +rx_rx_wa_ba_not_expected_read_61341 rx_rx_wa_ba_not_expected_read 3 61341 NULL +dccpprobe_read_52549 dccpprobe_read 3 52549 NULL @@ -86818,13 +95096,12 @@ index 0000000..909d902 +snd_hdsp_capture_copy_4011 snd_hdsp_capture_copy 5 4011 NULL +ptp_filter_init_36780 ptp_filter_init 2 36780 NULL +__kfifo_from_user_20399 __kfifo_from_user 3 20399 NULL -+batadv_add_packet_12136 batadv_add_packet 3 12136 NULL +tx_queue_status_read_44978 tx_queue_status_read 3 44978 NULL +debug_debug4_read_61367 debug_debug4_read 3 61367 NULL +receive_copy_12216 receive_copy 3 12216 NULL +aat2870_reg_read_file_12221 aat2870_reg_read_file 3 12221 NULL +proc_fault_inject_read_36802 proc_fault_inject_read 3 36802 NULL -+ath6kl_mgmt_tx_21153 ath6kl_mgmt_tx 9 21153 NULL ++bcsp_prepare_pkt_12961 bcsp_prepare_pkt 3 12961 NULL +ftdi_process_packet_45005 ftdi_process_packet 5 45005 NULL +change_xattr_61390 change_xattr 5 61390 NULL +find_skb_20431 find_skb 2 20431 NULL @@ -86837,7 +95114,7 @@ index 0000000..909d902 +sys_sethostname_42962 sys_sethostname 2 42962 NULL +int_hardware_entry_36833 int_hardware_entry 3 36833 NULL +tx_tx_start_data_read_53219 tx_tx_start_data_read 3 53219 NULL -+snd_cs46xx_io_read_45734 snd_cs46xx_io_read 5 45734 NULL ++pwr_rcvd_bcns_cnt_read_4774 pwr_rcvd_bcns_cnt_read 3 4774 NULL +fc_change_queue_depth_36841 fc_change_queue_depth 2 36841 NULL +shash_compat_setkey_12267 shash_compat_setkey 3 12267 NULL +add_sctp_bind_addr_12269 add_sctp_bind_addr 3 12269 NULL @@ -86845,7 +95122,7 @@ index 0000000..909d902 +vhci_get_user_45039 vhci_get_user 3 45039 NULL +ip_vs_icmp_xmit_v6_20464 ip_vs_icmp_xmit_v6 4 20464 NULL +compat_ipv6_setsockopt_20468 compat_ipv6_setsockopt 5 20468 NULL -+keyctl_describe_key_36853 keyctl_describe_key 3 36853 NULL ++read_buf_20469 read_buf 2 20469 NULL +cm_write_36858 cm_write 3 36858 NULL +note_last_dentry_12285 note_last_dentry 3 12285 NULL +blk_queue_resize_tags_28670 blk_queue_resize_tags 2 28670 NULL @@ -86862,7 +95139,7 @@ index 0000000..909d902 +hidraw_report_event_20503 hidraw_report_event 3 20503 NULL +bt_sock_recvmsg_12316 bt_sock_recvmsg 4 12316 NULL +selinux_inode_notifysecctx_36896 selinux_inode_notifysecctx 3 36896 NULL -+lirc_buffer_init_53282 lirc_buffer_init 2-3 53282 NULL ++lirc_buffer_init_53282 lirc_buffer_init 3-2 53282 NULL +tipc_msg_build_12326 tipc_msg_build 4 12326 NULL +xfs_iext_realloc_direct_20521 xfs_iext_realloc_direct 2 20521 NULL +drbd_bm_resize_20522 drbd_bm_resize 2 20522 NULL @@ -86870,17 +95147,18 @@ index 0000000..909d902 +OS_kmalloc_36909 OS_kmalloc 1 36909 NULL +osst_read_40237 osst_read 3 40237 NULL +tm6000_read_4151 tm6000_read 3 4151 NULL -+pwr_missing_bcns_cnt_read_45113 pwr_missing_bcns_cnt_read 3 45113 NULL ++amd_create_gatt_pages_20537 amd_create_gatt_pages 1 20537 NULL +usbdev_read_45114 usbdev_read 3 45114 NULL +drm_plane_init_28731 drm_plane_init 6 28731 NULL +spi_execute_28736 spi_execute 5 28736 NULL +snd_pcm_aio_write_28738 snd_pcm_aio_write 3 28738 NULL +mptctl_ioctl_12355 mptctl_ioctl 2 12355 NULL +get_alua_req_4166 get_alua_req 3 4166 NULL ++scsi_report_opcode_20551 scsi_report_opcode 3 20551 NULL +blk_dropped_read_4168 blk_dropped_read 3 4168 NULL +venus_create_20555 venus_create 4 20555 NULL +__nf_ct_ext_add_length_12364 __nf_ct_ext_add_length 3 12364 NULL -+edt_ft5x06_debugfs_raw_data_read_28002 edt_ft5x06_debugfs_raw_data_read 3 28002 NULL ++batadv_interface_rx_53325 batadv_interface_rx 4 53325 NULL +receive_packet_12367 receive_packet 2 12367 NULL +squashfs_cache_init_41656 squashfs_cache_init 2 41656 NULL +mem_write_22232 mem_write 3 22232 NULL @@ -86892,10 +95170,11 @@ index 0000000..909d902 +xfs_iext_inline_to_direct_12384 xfs_iext_inline_to_direct 2 12384 NULL +device_write_45156 device_write 3 45156 NULL +i915_max_freq_read_20581 i915_max_freq_read 3 20581 NULL -+bnx2i_send_nl_mesg_53353 bnx2i_send_nl_mesg 4 53353 NULL ++tomoyo_write_self_45161 tomoyo_write_self 3 45161 NULL +sparse_early_mem_maps_alloc_node_36971 sparse_early_mem_maps_alloc_node 4 36971 NULL +batadv_tt_append_diff_20588 batadv_tt_append_diff 4 20588 NULL +dvb_net_sec_callback_28786 dvb_net_sec_callback 2 28786 NULL ++excessive_retries_read_60425 excessive_retries_read 3 60425 NULL +isp1760_register_628 isp1760_register 1-2 628 NULL +dvb_net_ioctl_61559 dvb_net_ioctl 2 61559 NULL +lirc_write_20604 lirc_write 3 20604 NULL @@ -86903,33 +95182,35 @@ index 0000000..909d902 +ieee80211_if_read_rc_rateidx_mask_2ghz_61570 ieee80211_if_read_rc_rateidx_mask_2ghz 3 61570 NULL +ieee80211_if_read_num_mcast_sta_12419 ieee80211_if_read_num_mcast_sta 3 12419 NULL +cgroup_file_read_28804 cgroup_file_read 3 28804 NULL ++sys_msgrcv_959 sys_msgrcv 3 959 NULL +snd_sb_csp_load_user_45190 snd_sb_csp_load_user 3 45190 NULL ++pskb_network_may_pull_35336 pskb_network_may_pull 2 35336 NULL +auok190xfb_write_37001 auok190xfb_write 3 37001 NULL ++ext4_kvzalloc_47605 ext4_kvzalloc 1 47605 NULL +setxattr_37006 setxattr 4 37006 NULL +add_child_45201 add_child 4 45201 NULL +seq_open_private_61589 seq_open_private 3 61589 NULL +iso_alloc_urb_45206 iso_alloc_urb 4-5 45206 NULL +__get_vm_area_61599 __get_vm_area 1 61599 NULL -+netlink_recvmsg_61600 netlink_recvmsg 4 61600 NULL -+wep_default_key_count_read_43035 wep_default_key_count_read 3 43035 NULL ++iwl_dbgfs_rxon_filter_flags_read_28832 iwl_dbgfs_rxon_filter_flags_read 3 28832 NULL ++nl_portid_hash_zalloc_34843 nl_portid_hash_zalloc 1 34843 NULL +kfifo_copy_to_user_20646 kfifo_copy_to_user 3 20646 NULL +spi_alloc_master_45223 spi_alloc_master 2 45223 NULL +ieee80211_if_read_dropped_frames_congestion_32603 ieee80211_if_read_dropped_frames_congestion 3 32603 NULL -+oz_add_farewell_20652 oz_add_farewell 5 20652 NULL -+skb_do_copy_data_nocache_12465 skb_do_copy_data_nocache 5 12465 NULL ++vp_request_msix_vectors_28849 vp_request_msix_vectors 2 28849 NULL +oz_cdev_read_20659 oz_cdev_read 3 20659 NULL +configfs_write_file_61621 configfs_write_file 3 61621 NULL +ieee80211_if_read_drop_unencrypted_37053 ieee80211_if_read_drop_unencrypted 3 37053 NULL +ieee80211_rx_bss_info_61630 ieee80211_rx_bss_info 3 61630 NULL +isr_cmd_cmplt_read_53439 isr_cmd_cmplt_read 3 53439 NULL -+ablkcipher_next_slow_47274 ablkcipher_next_slow 3-4 47274 NULL -+ipv6_renew_options_28867 ipv6_renew_options 5 28867 NULL ++ablkcipher_next_slow_47274 ablkcipher_next_slow 4-3 47274 NULL ++i2o_parm_table_get_61635 i2o_parm_table_get 6 61635 NULL +snd_hdsp_playback_copy_20676 snd_hdsp_playback_copy 5 20676 NULL -+mwifiex_info_read_53447 mwifiex_info_read 3 53447 NULL ++x25_sendmsg_12487 x25_sendmsg 4 12487 NULL +dvb_dmxdev_buffer_read_20682 dvb_dmxdev_buffer_read 4 20682 NULL -+pipe_iov_copy_to_user_3447 pipe_iov_copy_to_user 3 3447 NULL ++get_packet_pg_28023 get_packet_pg 4 28023 NULL +rtllib_auth_challenge_12493 rtllib_auth_challenge 3 12493 NULL -+dvb_ringbuffer_pkt_read_user_4303 dvb_ringbuffer_pkt_read_user 2-5-3 4303 NULL ++acpi_tb_parse_root_table_53455 acpi_tb_parse_root_table 1 53455 NULL +resize_stripes_61650 resize_stripes 2 61650 NULL +n2_run_53459 n2_run 3 53459 NULL +packet_sendmsg_spkt_28885 packet_sendmsg_spkt 4 28885 NULL @@ -86937,13 +95218,14 @@ index 0000000..909d902 +read_file_tgt_int_stats_20697 read_file_tgt_int_stats 3 20697 NULL +alloc_ts_config_45775 alloc_ts_config 1 45775 NULL +ttm_page_pool_free_61661 ttm_page_pool_free 2 61661 NULL ++input_mt_init_slots_45279 input_mt_init_slots 2 45279 NULL +pipeline_cs_rx_packet_in_read_37089 pipeline_cs_rx_packet_in_read 3 37089 NULL +bt_sock_stream_recvmsg_52518 bt_sock_stream_recvmsg 4 52518 NULL -+rds_tcp_data_recv_53476 rds_tcp_data_recv 3 53476 NULL -+diva_xdi_write_63975 diva_xdi_write 4 63975 NULL -+snd_rawmidi_kernel_read_4328 snd_rawmidi_kernel_read 3 4328 NULL ++insert_one_name_61668 insert_one_name 7 61668 NULL ++nouveau_fifo_create__4327 nouveau_fifo_create_ 5-6 4327 NULL ++pcpu_page_first_chunk_20712 pcpu_page_first_chunk 1 20712 NULL +iowarrior_read_53483 iowarrior_read 3 53483 NULL -+qib_alloc_fast_reg_mr_12526 qib_alloc_fast_reg_mr 2 12526 NULL ++osd_req_write_kern_53486 osd_req_write_kern 5 53486 NULL +lock_loop_61681 lock_loop 1 61681 NULL +snd_pcm_oss_sync1_45298 snd_pcm_oss_sync1 2 45298 NULL +security_context_to_sid_force_20724 security_context_to_sid_force 2 20724 NULL @@ -86957,32 +95239,39 @@ index 0000000..909d902 +sys_setdomainname_4373 sys_setdomainname 2 4373 NULL +fragmentation_threshold_read_61718 fragmentation_threshold_read 3 61718 NULL +copy_vm86_regs_from_user_45340 copy_vm86_regs_from_user 3 45340 NULL ++nouveau_dmaobj_create__61730 nouveau_dmaobj_create_ 6 61730 NULL +btrfs_trim_block_group_28963 btrfs_trim_block_group 3 28963 NULL -+snd_pcm_plugin_alloc_12580 snd_pcm_plugin_alloc 2 12580 NULL ++irda_sendmsg_4388 irda_sendmsg 4 4388 NULL ++aac_srcv_ioremap_6659 aac_srcv_ioremap 2 6659 NULL +ubi_leb_change_10289 ubi_leb_change 4 10289 NULL ++read_file_credit_dist_stats_54367 read_file_credit_dist_stats 3 54367 NULL +alloc_sched_domains_28972 alloc_sched_domains 1 28972 NULL +pcpu_extend_area_map_12589 pcpu_extend_area_map 2 12589 NULL +read_file_interrupt_61742 read_file_interrupt 3 61742 NULL nohasharray +read_file_regval_61742 read_file_regval 3 61742 &read_file_interrupt_61742 ++btmrvl_hscmd_write_27089 btmrvl_hscmd_write 3 27089 NULL +fb_alloc_cmap_gfp_20792 fb_alloc_cmap_gfp 2 20792 NULL +iwl_dbgfs_rxon_flags_read_20795 iwl_dbgfs_rxon_flags_read 3 20795 NULL -+vhci_put_user_12604 vhci_put_user 4 12604 NULL ++cxacru_cm_get_array_4412 cxacru_cm_get_array 4 4412 NULL +libfc_vport_create_4415 libfc_vport_create 2 4415 NULL +hci_sock_setsockopt_28993 hci_sock_setsockopt 5 28993 NULL -+pskb_network_may_pull_35336 pskb_network_may_pull 2 35336 NULL ++tstats_write_60432 tstats_write 3 60432 NULL nohasharray ++kmalloc_60432 kmalloc 1 60432 &tstats_write_60432 +bin_uuid_28999 bin_uuid 3 28999 NULL +sys_sendto_20809 sys_sendto 6 20809 NULL -+vcc_recvmsg_37198 vcc_recvmsg 4 37198 NULL ++alloc_page_cgroup_2919 alloc_page_cgroup 1 2919 NULL ++set_registers_53582 set_registers 3 53582 NULL +fc_fcp_frame_alloc_12624 fc_fcp_frame_alloc 2 12624 NULL +do_pages_stat_4437 do_pages_stat 2 4437 NULL +lane2_associate_req_45398 lane2_associate_req 4 45398 NULL -+ath6kl_regdump_read_14393 ath6kl_regdump_read 3 14393 NULL ++tcf_csum_ipv4_udp_30777 tcf_csum_ipv4_udp 4 30777 NULL +pwr_rcvd_awake_bcns_cnt_read_12632 pwr_rcvd_awake_bcns_cnt_read 3 12632 NULL +bchannel_get_rxbuf_37213 bchannel_get_rxbuf 2 37213 NULL +keymap_store_45406 keymap_store 4 45406 NULL +pn_sendmsg_12640 pn_sendmsg 4 12640 NULL +dwc3_link_state_write_12641 dwc3_link_state_write 3 12641 NULL +wl1271_format_buffer_20834 wl1271_format_buffer 2 20834 NULL ++il4965_rs_sta_dbgfs_rate_scale_data_read_37792 il4965_rs_sta_dbgfs_rate_scale_data_read 3 37792 NULL +pfkey_recvmsg_53604 pfkey_recvmsg 4 53604 NULL +xz_dec_init_29029 xz_dec_init 2 29029 NULL +regmap_access_read_file_37223 regmap_access_read_file 3 37223 NULL @@ -86992,21 +95281,19 @@ index 0000000..909d902 +ieee80211_if_read_ht_opmode_29044 ieee80211_if_read_ht_opmode 3 29044 NULL +rx_filter_dup_filter_read_37238 rx_filter_dup_filter_read 3 37238 NULL +at76_set_card_command_4471 at76_set_card_command 4 4471 NULL -+trusted_update_12664 trusted_update 3 12664 NULL +rxrpc_sendmsg_29049 rxrpc_sendmsg 4 29049 NULL +tso_fragment_29050 tso_fragment 3 29050 NULL +__alloc_pred_stack_26687 __alloc_pred_stack 2 26687 NULL +sel_read_class_12669 sel_read_class 3 12669 NULL nohasharray +sparse_mem_maps_populate_node_12669 sparse_mem_maps_populate_node 4 12669 &sel_read_class_12669 -+__tty_buffer_request_room_27700 __tty_buffer_request_room 2 27700 NULL -+xd_write_multiple_pages_53633 xd_write_multiple_pages 5-6 53633 NULL ++rproc_recovery_read_36245 rproc_recovery_read 3 36245 NULL ++xd_write_multiple_pages_53633 xd_write_multiple_pages 6-5 53633 NULL +ccid_getsockopt_builtin_ccids_53634 ccid_getsockopt_builtin_ccids 2 53634 NULL -+kvm_read_guest_page_mmu_37611 kvm_read_guest_page_mmu 6 37611 NULL ++__iio_allocate_sw_ring_buffer_4843 __iio_allocate_sw_ring_buffer 3 4843 NULL +init_per_cpu_17880 init_per_cpu 1 17880 NULL +iso_packets_buffer_init_29061 iso_packets_buffer_init 3-4 29061 NULL +intel_render_ring_init_dri_45446 intel_render_ring_init_dri 2-3 45446 NULL -+isr_dma1_done_read_48159 isr_dma1_done_read 3 48159 NULL -+ath6kl_wmi_set_ie_cmd_37260 ath6kl_wmi_set_ie_cmd 6 37260 NULL ++udp_sendmsg_4492 udp_sendmsg 4 4492 NULL +ieee80211_probereq_get_29069 ieee80211_probereq_get 4-6 29069 NULL +vmbus_establish_gpadl_4495 vmbus_establish_gpadl 3 4495 NULL +bfad_debugfs_write_regwr_61841 bfad_debugfs_write_regwr 3 61841 NULL @@ -87016,12 +95303,13 @@ index 0000000..909d902 +l1oip_socket_parse_4507 l1oip_socket_parse 4 4507 NULL +tracing_read_dyn_info_45468 tracing_read_dyn_info 3 45468 NULL +fs_path_prepare_for_add_61854 fs_path_prepare_for_add 2 61854 NULL -+c101_run_37279 c101_run 2 37279 NULL ++key_icverrors_read_20895 key_icverrors_read 3 20895 NULL +srp_target_alloc_37288 srp_target_alloc 3 37288 NULL -+ieee80211_if_read_ave_beacon_64924 ieee80211_if_read_ave_beacon 3 64924 NULL ++mmio_read_40348 mmio_read 4 40348 NULL +vfio_msi_enable_20906 vfio_msi_enable 2 20906 NULL +ieee80211_if_read_num_buffered_multicast_12716 ieee80211_if_read_num_buffered_multicast 3 12716 NULL +compat_sys_readv_20911 compat_sys_readv 3 20911 NULL ++ivtv_write_12721 ivtv_write 3 12721 NULL +fuse_fill_write_pages_53682 fuse_fill_write_pages 4 53682 NULL +islpci_mgt_transaction_23610 islpci_mgt_transaction 5 23610 NULL +sys_llistxattr_4532 sys_llistxattr 3 4532 NULL @@ -87031,66 +95319,64 @@ index 0000000..909d902 +jffs2_write_dirent_37311 jffs2_write_dirent 5 37311 NULL +key_rx_spec_read_12736 key_rx_spec_read 3 12736 NULL +tx_frag_bad_mblk_num_read_28064 tx_frag_bad_mblk_num_read 3 28064 NULL -+__videobuf_alloc_cached_12740 __videobuf_alloc_cached 1 12740 NULL -+nfc_shdlc_alloc_skb_12741 nfc_shdlc_alloc_skb 2 12741 NULL ++videobuf_vmalloc_to_sg_4548 videobuf_vmalloc_to_sg 2 4548 NULL +rds_message_copy_from_user_45510 rds_message_copy_from_user 3 45510 NULL +ieee80211_rtl_auth_challenge_61897 ieee80211_rtl_auth_challenge 3 61897 NULL -+cxgb4_pktgl_to_skb_61899 cxgb4_pktgl_to_skb 2 61899 NULL ++send_msg_37323 send_msg 4 37323 NULL +brcmf_sdbrcm_membytes_37324 brcmf_sdbrcm_membytes 3-5 37324 NULL +l2cap_create_connless_pdu_37327 l2cap_create_connless_pdu 3 37327 NULL +clear_refs_write_61904 clear_refs_write 3 61904 NULL +scsi_mode_select_37330 scsi_mode_select 6 37330 NULL +rxrpc_server_sendmsg_37331 rxrpc_server_sendmsg 4 37331 NULL -+ieee80211_if_read_dot11MeshMaxRetries_12756 ieee80211_if_read_dot11MeshMaxRetries 3 12756 NULL ++altera_set_ir_post_20948 altera_set_ir_post 2 20948 NULL +virtqueue_add_buf_59470 virtqueue_add_buf 3-4 59470 NULL +proc_scsi_write_29142 proc_scsi_write 3 29142 NULL -+tomoyo_write_self_45161 tomoyo_write_self 3 45161 NULL +dsp_buffer_alloc_11684 dsp_buffer_alloc 2 11684 NULL +rx_filter_arp_filter_read_61914 rx_filter_arp_filter_read 3 61914 NULL -+sys_lgetxattr_45531 sys_lgetxattr 4 45531 NULL ++reshape_ring_29147 reshape_ring 2 29147 NULL +cgroup_read_u64_45532 cgroup_read_u64 5 45532 NULL -+au0828_init_isoc_61917 au0828_init_isoc 2-3 61917 NULL ++au0828_init_isoc_61917 au0828_init_isoc 3-2 61917 NULL +copy_macs_45534 copy_macs 4 45534 NULL +sctp_sendmsg_61919 sctp_sendmsg 4 61919 NULL +listxattr_12769 listxattr 3 12769 NULL +xfs_buf_get_maps_4581 xfs_buf_get_maps 2 4581 NULL +wdm_write_53735 wdm_write 3 53735 NULL -+v9fs_direct_read_45546 v9fs_direct_read 3 45546 NULL ++snd_rme9652_playback_copy_20970 snd_rme9652_playback_copy 5 20970 NULL +send_bulk_static_data_61932 send_bulk_static_data 3 61932 NULL +cx18_copy_mdl_to_user_45549 cx18_copy_mdl_to_user 4 45549 NULL -+sock_kmalloc_62205 sock_kmalloc 2 62205 NULL ++mempool_create_29437 mempool_create 1 29437 NULL +platform_create_bundle_12785 platform_create_bundle 4-6 12785 NULL +brcmf_tx_frame_20978 brcmf_tx_frame 3 20978 NULL +sock_alloc_send_pskb_21246 sock_alloc_send_pskb 2 21246 NULL +stats_dot11ACKFailureCount_read_45558 stats_dot11ACKFailureCount_read 3 45558 NULL +alg_setsockopt_20985 alg_setsockopt 5 20985 NULL -+il4965_ucode_rx_stats_read_61948 il4965_ucode_rx_stats_read 3 61948 NULL -+c4iw_id_table_alloc_48163 c4iw_id_table_alloc 3 48163 NULL ++venus_rmdir_45564 venus_rmdir 4 45564 NULL +scsi_adjust_queue_depth_12802 scsi_adjust_queue_depth 3 12802 NULL ++rsa_extract_mpi_6973 rsa_extract_mpi 5 6973 NULL +squashfs_read_id_index_table_61961 squashfs_read_id_index_table 4 61961 NULL +mgmt_event_12810 mgmt_event 4 12810 NULL +ntfs_rl_realloc_nofail_32173 ntfs_rl_realloc_nofail 3 32173 NULL -+drm_property_create_enum_29201 drm_property_create_enum 5 29201 NULL ++xfs_inumbers_fmt_12817 xfs_inumbers_fmt 3 12817 NULL +ipath_create_cq_45586 ipath_create_cq 2 45586 NULL -+wusb_prf_256_29203 wusb_prf_256 7 29203 NULL ++wusb_prf_256_29203 wusb_prf_256 7 29203 NULL nohasharray ++alloc_group_attrs_29203 alloc_group_attrs 3 29203 &wusb_prf_256_29203 +comedi_alloc_subdevices_29207 comedi_alloc_subdevices 2 29207 NULL +rdma_set_ib_paths_45592 rdma_set_ib_paths 3 45592 NULL -+iwl_dbgfs_tx_queue_read_4635 iwl_dbgfs_tx_queue_read 3 4635 NULL ++compat_udpv6_setsockopt_42981 compat_udpv6_setsockopt 5 42981 NULL +rds_iw_inc_copy_to_user_29214 rds_iw_inc_copy_to_user 3 29214 NULL -+rx_defrag_tkip_called_read_21031 rx_defrag_tkip_called_read 3 21031 NULL ++zd_usb_iowrite16v_async_23984 zd_usb_iowrite16v_async 3 23984 NULL ++TSS_authhmac_12839 TSS_authhmac 3 12839 NULL +iwl_dbgfs_temperature_read_29224 iwl_dbgfs_temperature_read 3 29224 NULL +virtnet_send_command_61993 virtnet_send_command 5-6 61993 NULL +sys_getxattr_37418 sys_getxattr 4 37418 NULL +regmap_raw_write_53803 regmap_raw_write 4 53803 NULL +hci_sock_sendmsg_37420 hci_sock_sendmsg 4 37420 NULL -+acpi_os_allocate_zeroed_37422 acpi_os_allocate_zeroed 1 37422 NULL ++spidev_ioctl_12846 spidev_ioctl 2 12846 NULL +t4vf_pktgl_to_skb_39005 t4vf_pktgl_to_skb 2 39005 NULL +audit_log_n_hex_45617 audit_log_n_hex 3 45617 NULL +devm_ioremap_29235 devm_ioremap 2-3 29235 NULL -+tty_insert_flip_string_fixed_flag_37428 tty_insert_flip_string_fixed_flag 4 37428 NULL ++irq_domain_add_linear_29236 irq_domain_add_linear 2 29236 NULL +recover_peb_29238 recover_peb 6-7 29238 NULL -+map_addr_4666 map_addr 6 4666 NULL -+kernel_readv_35617 kernel_readv 3 35617 NULL +security_context_to_sid_core_29248 security_context_to_sid_core 2 29248 NULL +proc_fault_inject_write_21058 proc_fault_inject_write 3 21058 NULL +i915_gem_execbuffer_relocate_slow_25355 i915_gem_execbuffer_relocate_slow 7 25355 NULL @@ -87098,52 +95384,56 @@ index 0000000..909d902 +tun_sendmsg_10337 tun_sendmsg 4 10337 NULL +skb_add_data_nocache_4682 skb_add_data_nocache 4 4682 NULL +cx18_read_pos_4683 cx18_read_pos 3 4683 NULL -+short_retry_limit_read_4687 short_retry_limit_read 3 4687 NULL ++brcmf_sdio_dump_console_37455 brcmf_sdio_dump_console 4 37455 NULL +pmcraid_build_passthrough_ioadls_62034 pmcraid_build_passthrough_ioadls 2 62034 NULL +event_calibration_read_21083 event_calibration_read 3 21083 NULL +ppp_tx_cp_62044 ppp_tx_cp 5 62044 NULL +prism2_set_genericelement_29277 prism2_set_genericelement 3 29277 NULL +sctp_user_addto_chunk_62047 sctp_user_addto_chunk 2-3 62047 NULL -+nfsd_symlink_63442 nfsd_symlink 6 63442 NULL +cxgbi_alloc_big_mem_4707 cxgbi_alloc_big_mem 1 4707 NULL -+trusted_instantiate_4710 trusted_instantiate 3 4710 NULL -+savemem_58129 savemem 3 58129 NULL ++compat_mpctl_ioctl_45671 compat_mpctl_ioctl 2 45671 NULL +do_pselect_62061 do_pselect 1 62061 NULL +btmrvl_gpiogap_read_4718 btmrvl_gpiogap_read 3 4718 NULL -+xfs_trans_read_buf_map_37487 xfs_trans_read_buf_map 5 37487 NULL ++dgram_sendmsg_45679 dgram_sendmsg 4 45679 NULL +kmem_realloc_37489 kmem_realloc 2 37489 NULL +ati_create_gatt_pages_4722 ati_create_gatt_pages 1 4722 NULL nohasharray +show_header_4722 show_header 3 4722 &ati_create_gatt_pages_4722 -+groups_alloc_7614 groups_alloc 1 7614 NULL ++ip_options_get_from_user_64958 ip_options_get_from_user 4 64958 NULL +sn9c102_read_29305 sn9c102_read 3 29305 NULL +pcpu_alloc_bootmem_62074 pcpu_alloc_bootmem 2 62074 NULL +smk_write_ambient_45691 smk_write_ambient 3 45691 NULL -+ip_nat_sip_expect_45693 ip_nat_sip_expect 7 45693 NULL +sg_read_25799 sg_read 3 25799 NULL ++uwb_rc_cmd_done_35892 uwb_rc_cmd_done 4 35892 NULL +ci_ll_init_12930 ci_ll_init 3 12930 NULL +unix_dgram_sendmsg_45699 unix_dgram_sendmsg 4 45699 NULL ++nouveau_namedb_create__26732 nouveau_namedb_create_ 7 26732 NULL ++pwr_disable_ps_read_13176 pwr_disable_ps_read 3 13176 NULL +vmalloc_32_user_37519 vmalloc_32_user 1 37519 NULL +fd_do_writev_29329 fd_do_writev 3 29329 NULL +hugetlb_cgroup_read_49259 hugetlb_cgroup_read 5 49259 NULL ++do_ip_vs_set_ctl_48641 do_ip_vs_set_ctl 4 48641 NULL ++ecryptfs_send_message_locked_31801 ecryptfs_send_message_locked 2 31801 NULL +dvb_ca_en50221_init_45718 dvb_ca_en50221_init 4 45718 NULL +__alloc_ei_netdev_29338 __alloc_ei_netdev 1 29338 NULL +jffs2_security_setxattr_62107 jffs2_security_setxattr 4 62107 NULL +new_skb_21148 new_skb 1 21148 NULL -+bcsp_prepare_pkt_12961 bcsp_prepare_pkt 3 12961 NULL ++ath6kl_mgmt_tx_21153 ath6kl_mgmt_tx 9 21153 NULL +l2cap_sock_setsockopt_old_29346 l2cap_sock_setsockopt_old 4 29346 NULL +bm_status_write_12964 bm_status_write 3 12964 NULL -+mmc_test_alloc_mem_28102 mmc_test_alloc_mem 2-3 28102 NULL -+pwr_rcvd_bcns_cnt_read_4774 pwr_rcvd_bcns_cnt_read 3 4774 NULL -+cxgb_alloc_mem_24007 cxgb_alloc_mem 1 24007 NULL -+ip6_ufo_append_data_4780 ip6_ufo_append_data 5-7-6 4780 NULL -+sep_create_dcb_dmatables_context_37551 sep_create_dcb_dmatables_context 6 37551 NULL ++mmc_test_alloc_mem_28102 mmc_test_alloc_mem 3-2 28102 NULL ++snd_cs46xx_io_read_45734 snd_cs46xx_io_read 5 45734 NULL ++wusb_ccm_mac_32199 wusb_ccm_mac 7 32199 NULL ++ip6_ufo_append_data_4780 ip6_ufo_append_data 5-6-7 4780 NULL ++sep_create_dcb_dmatables_context_37551 sep_create_dcb_dmatables_context 6 37551 NULL nohasharray ++nf_nat_mangle_tcp_packet_37551 nf_nat_mangle_tcp_packet 6-8 37551 &sep_create_dcb_dmatables_context_37551 ++bnad_debugfs_write_regrd_6706 bnad_debugfs_write_regrd 3 6706 NULL +rw_copy_check_uvector_45748 rw_copy_check_uvector 3 45748 NULL nohasharray +v4l2_ctrl_new_std_45748 v4l2_ctrl_new_std 5 45748 &rw_copy_check_uvector_45748 +qib_diag_write_62133 qib_diag_write 3 62133 NULL +gnttab_expand_15817 gnttab_expand 1 15817 NULL +lkdtm_debugfs_read_45752 lkdtm_debugfs_read 3 45752 NULL +sctp_make_chunk_12986 sctp_make_chunk 4 12986 NULL -+acpi_tb_install_table_12988 acpi_tb_install_table 1 12988 NULL ++sisusb_send_packet_20891 sisusb_send_packet 2 20891 NULL +TransmitTcb_12989 TransmitTcb 4 12989 NULL +mthca_setup_cmd_doorbells_53954 mthca_setup_cmd_doorbells 2 53954 NULL +ncp__vol2io_4804 ncp__vol2io 5 4804 NULL @@ -87152,19 +95442,19 @@ index 0000000..909d902 +repair_io_failure_4815 repair_io_failure 4 4815 NULL +xhci_alloc_streams_37586 xhci_alloc_streams 5 37586 NULL +p9_client_zc_rpc_14345 p9_client_zc_rpc 7 14345 NULL ++bnx2i_send_nl_mesg_53353 bnx2i_send_nl_mesg 4 53353 NULL +ipc_rcu_alloc_21208 ipc_rcu_alloc 1 21208 NULL +___alloc_bootmem_nopanic_53626 ___alloc_bootmem_nopanic 1 53626 NULL +subsystem_filter_write_13022 subsystem_filter_write 3 13022 NULL +tracing_max_lat_read_8890 tracing_max_lat_read 3 8890 NULL +raw_setsockopt_45800 raw_setsockopt 5 45800 NULL +alloc_upcall_62186 alloc_upcall 2 62186 NULL -+__iio_allocate_sw_ring_buffer_4843 __iio_allocate_sw_ring_buffer 3 4843 NULL ++kvm_read_guest_page_mmu_37611 kvm_read_guest_page_mmu 6 37611 NULL ++drm_compat_ioctl_51717 drm_compat_ioctl 2 51717 NULL +lbs_rdbbp_read_45805 lbs_rdbbp_read 3 45805 NULL -+ide_driver_proc_write_32493 ide_driver_proc_write 3 32493 NULL -+ixgbe_alloc_q_vector_24439 ixgbe_alloc_q_vector 4-6 24439 NULL +pcpu_alloc_alloc_info_45813 pcpu_alloc_alloc_info 1-2 45813 NULL +input_ff_create_21240 input_ff_create 2 21240 NULL -+mempool_create_29437 mempool_create 1 29437 NULL ++sock_kmalloc_62205 sock_kmalloc 2 62205 NULL +key_tx_spec_read_4862 key_tx_spec_read 3 4862 NULL +__dn_setsockopt_13060 __dn_setsockopt 5 13060 NULL +amthi_read_45831 amthi_read 4 45831 NULL @@ -87175,10 +95465,12 @@ index 0000000..909d902 +sys_ipc_4889 sys_ipc 3 4889 NULL +bio_copy_user_iov_37660 bio_copy_user_iov 4 37660 NULL +smp_build_cmd_45853 smp_build_cmd 3 45853 NULL ++x509_process_extension_45854 x509_process_extension 5 45854 NULL +nfsd_read_file_62241 nfsd_read_file 6 62241 NULL +pipeline_dec_packet_out_read_54052 pipeline_dec_packet_out_read 3 54052 NULL +do_register_entry_29478 do_register_entry 4 29478 NULL +isdn_write_45863 isdn_write 3 45863 NULL ++rproc_state_read_54057 rproc_state_read 3 54057 NULL +ieee80211_if_read_rc_rateidx_mcs_mask_2ghz_37675 ieee80211_if_read_rc_rateidx_mcs_mask_2ghz 3 37675 NULL +regmap_map_read_file_37685 regmap_map_read_file 3 37685 NULL +alloc_smp_req_51337 alloc_smp_req 1 51337 NULL @@ -87187,8 +95479,7 @@ index 0000000..909d902 +_malloc_54077 _malloc 1 54077 NULL +add_res_range_21310 add_res_range 4 21310 NULL +bfad_debugfs_read_13119 bfad_debugfs_read 3 13119 NULL -+btmrvl_pscmd_write_29504 btmrvl_pscmd_write 3 29504 NULL -+evm_write_key_27715 evm_write_key 3 27715 NULL ++sys_process_vm_writev_4928 sys_process_vm_writev 3-5 4928 NULL +ntfs_rl_insert_4931 ntfs_rl_insert 2-4 4931 NULL +ip_make_skb_13129 ip_make_skb 5-6 13129 NULL +snd_rme96_playback_copy_13111 snd_rme96_playback_copy 5 13111 NULL @@ -87204,7 +95495,6 @@ index 0000000..909d902 +devm_kzalloc_4966 devm_kzalloc 2 4966 NULL +compat_rawv6_setsockopt_4967 compat_rawv6_setsockopt 5 4967 NULL +udf_sb_alloc_partition_maps_62313 udf_sb_alloc_partition_maps 2 62313 NULL -+crypto_authenc_esn_setkey_6985 crypto_authenc_esn_setkey 3 6985 NULL +alloc_mr_45935 alloc_mr 1 45935 NULL +read_enabled_file_bool_37744 read_enabled_file_bool 3 37744 NULL +isku_receive_54130 isku_receive 4 54130 NULL @@ -87212,15 +95502,18 @@ index 0000000..909d902 +caif_stream_recvmsg_13173 caif_stream_recvmsg 4 13173 NULL +ocfs2_control_cfu_37750 ocfs2_control_cfu 2 37750 NULL +Wb35Reg_BurstWrite_62327 Wb35Reg_BurstWrite 4 62327 NULL -+isr_host_acknowledges_read_54136 isr_host_acknowledges_read 3 54136 NULL ++ipath_cdev_init_37752 ipath_cdev_init 1 37752 NULL +idetape_queue_rw_tail_29562 idetape_queue_rw_tail 3 29562 NULL +alloc_orinocodev_21371 alloc_orinocodev 1 21371 NULL ++i915_max_freq_write_11350 i915_max_freq_write 3 11350 NULL +leaf_dealloc_29566 leaf_dealloc 3 29566 NULL ++dgrp_net_ioctl_13183 dgrp_net_ioctl 2 13183 NULL +create_trace_uprobe_13184 create_trace_uprobe 1 13184 NULL -+sys_process_vm_writev_4928 sys_process_vm_writev 3-5 4928 NULL ++btmrvl_pscmd_write_29504 btmrvl_pscmd_write 3 29504 NULL +lbs_lowsnr_read_29571 lbs_lowsnr_read 3 29571 NULL +video_ioctl2_21380 video_ioctl2 2 21380 NULL +dccp_setsockopt_cscov_37766 dccp_setsockopt_cscov 2 37766 NULL ++alloc_ldt_21972 alloc_ldt 2 21972 NULL +ipath_resize_cq_712 ipath_resize_cq 2 712 NULL +comedi_read_13199 comedi_read 3 13199 NULL +flash_write_62354 flash_write 3 62354 NULL @@ -87228,19 +95521,22 @@ index 0000000..909d902 +mmc_ext_csd_read_13205 mmc_ext_csd_read 3 13205 NULL +i2400m_zrealloc_2x_54166 i2400m_zrealloc_2x 3 54166 NULL nohasharray +memcpy_toiovec_54166 memcpy_toiovec 3 54166 &i2400m_zrealloc_2x_54166 ++l2tp_ip_recvmsg_22681 l2tp_ip_recvmsg 4 22681 NULL +proc_file_read_53905 proc_file_read 3 53905 NULL +mtd_device_parse_register_5024 mtd_device_parse_register 5 5024 NULL ++acpi_tb_install_table_12988 acpi_tb_install_table 1 12988 NULL ++set_wd_exp_mode_pfs_62372 set_wd_exp_mode_pfs 3 62372 NULL ++reiserfs_readpages_35629 reiserfs_readpages 4 35629 NULL +acpi_os_read_memory_54186 acpi_os_read_memory 1-3 54186 NULL -+__kmalloc_reserve_17080 __kmalloc_reserve 1 17080 NULL +smk_read_logging_37804 smk_read_logging 3 37804 NULL +rx_rx_timeout_read_62389 rx_rx_timeout_read 3 62389 NULL +mgt_set_varlen_60916 mgt_set_varlen 4 60916 NULL -+tracing_saved_cmdlines_read_21434 tracing_saved_cmdlines_read 3 21434 NULL ++cru_detect_11272 cru_detect 1 11272 NULL +altera_irscan_62396 altera_irscan 2 62396 NULL +alloc_perm_bits_1532 alloc_perm_bits 2 1532 NULL +aggr_size_tx_agg_vs_rate_read_21438 aggr_size_tx_agg_vs_rate_read 3 21438 NULL +fw_download_code_13249 fw_download_code 3 13249 NULL -+init_tid_tabs_13252 init_tid_tabs 2-4-3 13252 NULL ++init_tid_tabs_13252 init_tid_tabs 2-3-4 13252 NULL +tx_frag_cache_hit_read_29639 tx_frag_cache_hit_read 3 29639 NULL +set_ssp_62411 set_ssp 4 62411 NULL +nfc_hci_send_event_21452 nfc_hci_send_event 5 21452 NULL @@ -87248,13 +95544,11 @@ index 0000000..909d902 +get_free_entries_46030 get_free_entries 1 46030 NULL +__register_chrdev_54223 __register_chrdev 2-3 54223 NULL +sctp_make_abort_user_29654 sctp_make_abort_user 3 29654 NULL -+sys_msgsnd_44537 sys_msgsnd 3 44537 NULL nohasharray -+comm_write_44537 comm_write 3 44537 &sys_msgsnd_44537 ++snd_midi_channel_alloc_set_28153 snd_midi_channel_alloc_set 1 28153 NULL +carl9170_rx_13272 carl9170_rx 3 13272 NULL +snd_mixart_BA1_read_5082 snd_mixart_BA1_read 5 5082 NULL +il_dbgfs_qos_read_33615 il_dbgfs_qos_read 3 33615 NULL -+msg_set_51725 msg_set 3 51725 NULL -+udplite_manip_pkt_62433 udplite_manip_pkt 2 62433 NULL ++sel_write_enforce_48998 sel_write_enforce 3 48998 NULL +kfifo_copy_from_user_5091 kfifo_copy_from_user 3 5091 NULL +netdev_alloc_skb_62437 netdev_alloc_skb 2 62437 NULL +dma_memcpy_pg_to_iovec_1725 dma_memcpy_pg_to_iovec 6 1725 NULL @@ -87264,6 +95558,7 @@ index 0000000..909d902 +read_file_xmit_21487 read_file_xmit 3 21487 NULL +e1000_check_copybreak_62448 e1000_check_copybreak 3 62448 NULL +ceph_msgpool_get_54258 ceph_msgpool_get 2 54258 NULL ++irda_recvmsg_dgram_32631 irda_recvmsg_dgram 4 32631 NULL +wusb_prf_54261 wusb_prf 7 54261 NULL nohasharray +audio_write_54261 audio_write 4 54261 &wusb_prf_54261 +sys_setxattr_37880 sys_setxattr 4 37880 NULL @@ -87272,8 +95567,8 @@ index 0000000..909d902 +isr_tx_procs_read_23084 isr_tx_procs_read 3 23084 NULL +mmc_alloc_sg_21504 mmc_alloc_sg 1 21504 NULL +qlcnic_alloc_sds_rings_26795 qlcnic_alloc_sds_rings 2 26795 NULL -+vc_resize_3585 vc_resize 2-3 3585 NULL -+nf_nat_mangle_udp_packet_13321 nf_nat_mangle_udp_packet 5-7 13321 NULL ++v9fs_file_readn_36353 v9fs_file_readn 4 36353 NULL nohasharray ++xz_dec_lzma2_create_36353 xz_dec_lzma2_create 2 36353 &v9fs_file_readn_36353 +vfio_config_do_rw_46091 vfio_config_do_rw 3 46091 NULL +dma_skb_copy_datagram_iovec_21516 dma_skb_copy_datagram_iovec 3-5 21516 NULL +ata_host_alloc_46094 ata_host_alloc 2 46094 NULL @@ -87281,14 +95576,15 @@ index 0000000..909d902 +btrfs_file_aio_write_21520 btrfs_file_aio_write 4 21520 NULL +us122l_ctl_msg_13330 us122l_ctl_msg 8 13330 NULL +altera_set_dr_post_54291 altera_set_dr_post 2 54291 NULL -+ceph_dns_resolve_name_62488 ceph_dns_resolve_name 2 62488 NULL ++dlm_alloc_pagevec_54296 dlm_alloc_pagevec 1 54296 NULL +kvm_read_nested_guest_page_13337 kvm_read_nested_guest_page 5 13337 NULL +il_dbgfs_stations_read_21532 il_dbgfs_stations_read 3 21532 NULL +il3945_ucode_general_stats_read_46111 il3945_ucode_general_stats_read 3 46111 NULL +tipc_link_send_sections_fast_37920 tipc_link_send_sections_fast 4 37920 NULL +mlx4_en_create_rx_ring_62498 mlx4_en_create_rx_ring 3 62498 NULL +emi62_writememory_29731 emi62_writememory 4 29731 NULL -+read_cis_cache_29735 read_cis_cache 4 29735 NULL ++iwl_dbgfs_current_sleep_command_read_2081 iwl_dbgfs_current_sleep_command_read 3 2081 NULL ++mlx4_ib_alloc_fast_reg_page_list_46119 mlx4_ib_alloc_fast_reg_page_list 2 46119 NULL +pkt_alloc_packet_data_37928 pkt_alloc_packet_data 1 37928 NULL +hscx_empty_fifo_13360 hscx_empty_fifo 2 13360 NULL +rxrpc_send_data_21553 rxrpc_send_data 5 21553 NULL @@ -87296,14 +95592,14 @@ index 0000000..909d902 +hfcsusb_rx_frame_52745 hfcsusb_rx_frame 3 52745 NULL +pn_raw_send_54330 pn_raw_send 2 54330 NULL +pep_sendmsg_62524 pep_sendmsg 4 62524 NULL -+insert_dent_65034 insert_dent 7 65034 NULL ++tomoyo_update_policy_40458 tomoyo_update_policy 2 40458 NULL +sfi_map_memory_5183 sfi_map_memory 1-2 5183 NULL +iso_sched_alloc_13377 iso_sched_alloc 1 13377 NULL nohasharray +wep_key_not_found_read_13377 wep_key_not_found_read 3 13377 &iso_sched_alloc_13377 +test_iso_queue_62534 test_iso_queue 5 62534 NULL +__alloc_dev_table_54343 __alloc_dev_table 2 54343 NULL +ddp_clear_map_46152 ddp_clear_map 4 46152 NULL -+cxio_hal_init_resource_29771 cxio_hal_init_resource 2-7-6 29771 NULL nohasharray ++cxio_hal_init_resource_29771 cxio_hal_init_resource 2-6-7 29771 NULL nohasharray +ip_vs_conn_fill_param_sync_29771 ip_vs_conn_fill_param_sync 6 29771 &cxio_hal_init_resource_29771 +__netlink_change_ngroups_46156 __netlink_change_ngroups 2 46156 NULL +sco_sock_sendmsg_62542 sco_sock_sendmsg 4 62542 NULL @@ -87311,39 +95607,40 @@ index 0000000..909d902 +pipe_set_size_5204 pipe_set_size 2 5204 NULL +tcf_hash_create_54360 tcf_hash_create 4 54360 NULL +ppp_cp_parse_cr_5214 ppp_cp_parse_cr 4 5214 NULL -+read_file_credit_dist_stats_54367 read_file_credit_dist_stats 3 54367 NULL ++isdn_read_50021 isdn_read 3 50021 NULL +vfs_readlink_54368 vfs_readlink 3 54368 NULL +pep_recvmsg_19402 pep_recvmsg 4 19402 NULL +ocfs2_acl_from_xattr_21604 ocfs2_acl_from_xattr 2 21604 NULL +subsystem_filter_read_62310 subsystem_filter_read 3 62310 NULL -+encrypted_update_13414 encrypted_update 3 13414 NULL -+vxge_os_dma_malloc_46184 vxge_os_dma_malloc 2 46184 NULL -+do_dccp_setsockopt_54377 do_dccp_setsockopt 5 54377 NULL nohasharray -+intel_sdvo_write_cmd_54377 intel_sdvo_write_cmd 4 54377 &do_dccp_setsockopt_54377 -+ah_alloc_tmp_54378 ah_alloc_tmp 2-3 54378 NULL ++ath6kl_debug_roam_tbl_event_5224 ath6kl_debug_roam_tbl_event 3 5224 NULL ++netxen_alloc_sds_rings_13417 netxen_alloc_sds_rings 2 13417 NULL ++ah_alloc_tmp_54378 ah_alloc_tmp 3-2 54378 NULL +ssb_ioremap_5228 ssb_ioremap 2 5228 NULL +xfrm_user_policy_62573 xfrm_user_policy 4 62573 NULL +xlog_do_recovery_pass_21618 xlog_do_recovery_pass 3 21618 NULL +isdn_ppp_skb_push_5236 isdn_ppp_skb_push 2 5236 NULL +get_subdir_62581 get_subdir 3 62581 NULL +iwl_dbgfs_power_save_status_read_54392 iwl_dbgfs_power_save_status_read 3 54392 NULL ++sctp_abort_pkt_new_5241 sctp_abort_pkt_new 6 5241 NULL +vfs_readv_38011 vfs_readv 3 38011 NULL +keyring_read_13438 keyring_read 3 13438 NULL -+sctp_setsockopt_peer_primary_addr_13440 sctp_setsockopt_peer_primary_addr 3 13440 NULL -+ath6kl_cfg80211_connect_event_13443 ath6kl_cfg80211_connect_event 7-9-8 13443 NULL ++sctp_setsockopt_peer_primary_addr_13440 sctp_setsockopt_peer_primary_addr 3 13440 NULL nohasharray ++set_tap_pwup_pfs_13440 set_tap_pwup_pfs 3 13440 &sctp_setsockopt_peer_primary_addr_13440 ++ath6kl_cfg80211_connect_event_13443 ath6kl_cfg80211_connect_event 7-8-9 13443 NULL ++crypto_shash_setkey_60483 crypto_shash_setkey 3 60483 NULL +tm6000_i2c_recv_regs_46215 tm6000_i2c_recv_regs 5 46215 NULL -+dsp_write_46218 dsp_write 2 46218 NULL ++packet_alloc_skb_62602 packet_alloc_skb 2-5-4 62602 NULL +prism2_send_mgmt_62605 prism2_send_mgmt 4 62605 NULL nohasharray +nfsd_vfs_read_62605 nfsd_vfs_read 6 62605 &prism2_send_mgmt_62605 +__probe_kernel_write_29842 __probe_kernel_write 3 29842 NULL +aggr_recv_addba_req_evt_38037 aggr_recv_addba_req_evt 4 38037 NULL -+carl9170_rx_copy_data_21656 carl9170_rx_copy_data 2 21656 NULL ++kvm_read_hva_atomic_29848 kvm_read_hva_atomic 3 29848 NULL +ftrace_write_29551 ftrace_write 3 29551 NULL +il_dbgfs_chain_noise_read_38044 il_dbgfs_chain_noise_read 3 38044 NULL +iscsi_post_host_event_13473 iscsi_post_host_event 4 13473 NULL +ems_pcmcia_add_card_62627 ems_pcmcia_add_card 2 62627 NULL -+sm501_create_subdev_48668 sm501_create_subdev 3-4 48668 NULL nohasharray -+sys_setgroups_48668 sys_setgroups 1 48668 &sm501_create_subdev_48668 ++mpi_read_raw_data_46248 mpi_read_raw_data 2 46248 NULL ++dev_write_7708 dev_write 3 7708 NULL +_xfs_buf_alloc_38058 _xfs_buf_alloc 3 38058 NULL +nsm_create_handle_38060 nsm_create_handle 4 38060 NULL +atalk_sendmsg_21677 atalk_sendmsg 4 21677 NULL @@ -87351,39 +95648,44 @@ index 0000000..909d902 +sisusb_copy_memory_35016 sisusb_copy_memory 4 35016 NULL +lpfc_sli4_queue_alloc_62646 lpfc_sli4_queue_alloc 3 62646 NULL +alloc_ltalkdev_38071 alloc_ltalkdev 1 38071 NULL ++nf_nat_ftp_46265 nf_nat_ftp 6 46265 NULL +nfc_targets_found_29886 nfc_targets_found 3 29886 NULL +mwifiex_alloc_sdio_mpa_buffers_60961 mwifiex_alloc_sdio_mpa_buffers 2-3 60961 NULL +evdev_ioctl_handler_21705 evdev_ioctl_handler 2 21705 NULL +request_key_auth_new_38092 request_key_auth_new 3 38092 NULL +proc_self_readlink_38094 proc_self_readlink 3 38094 NULL +smk_write_mapped_13519 smk_write_mapped 3 13519 NULL -+pwr_disable_ps_read_13176 pwr_disable_ps_read 3 13176 NULL ++isr_host_acknowledges_read_54136 isr_host_acknowledges_read 3 54136 NULL +bm_init_13529 bm_init 2 13529 NULL +check586_29914 check586 2 29914 NULL +snd_pcm_oss_write_38108 snd_pcm_oss_write 3 38108 NULL -+printer_req_alloc_62687 printer_req_alloc 2 62687 NULL -+squashfs_read_inode_lookup_table_64739 squashfs_read_inode_lookup_table 4 64739 NULL ++pep_alloc_skb_46303 pep_alloc_skb 3 46303 NULL +reiserfs_allocate_list_bitmaps_21732 reiserfs_allocate_list_bitmaps 3 21732 NULL +ioremap_wc_62695 ioremap_wc 1-2 62695 NULL +pg_read_17276 pg_read 3 17276 NULL -+__alloc_extent_buffer_15093 __alloc_extent_buffer 3 15093 NULL ++edt_ft5x06_debugfs_raw_data_read_28002 edt_ft5x06_debugfs_raw_data_read 3 28002 NULL ++ep0_read_38095 ep0_read 3 38095 NULL +batadv_iv_ogm_queue_add_46319 batadv_iv_ogm_queue_add 3 46319 NULL ++__nf_nat_mangle_tcp_packet_21744 __nf_nat_mangle_tcp_packet 8-6 21744 NULL +ps_pspoll_utilization_read_5361 ps_pspoll_utilization_read 3 5361 NULL +cgroup_write_X64_54514 cgroup_write_X64 5 54514 NULL -+llcp_sock_recvmsg_13556 llcp_sock_recvmsg 4 13556 NULL ++bioset_integrity_create_62708 bioset_integrity_create 2 62708 NULL +rfc4106_set_key_54519 rfc4106_set_key 3 54519 NULL -+cciss_allocate_sg_chain_blocks_5368 cciss_allocate_sg_chain_blocks 2-3 5368 NULL ++cciss_allocate_sg_chain_blocks_5368 cciss_allocate_sg_chain_blocks 3-2 5368 NULL +mthca_alloc_init_21754 mthca_alloc_init 2 21754 NULL +l2down_create_21755 l2down_create 4 21755 NULL ++alloc_tio_13564 alloc_tio 3 13564 NULL +viacam_read_54526 viacam_read 3 54526 NULL +btrfs_mksubvol_58240 btrfs_mksubvol 3 58240 NULL +tunables_read_36385 tunables_read 3 36385 NULL ++opera1_usb_i2c_msgxfer_64521 opera1_usb_i2c_msgxfer 4 64521 NULL +iio_debugfs_write_reg_22742 iio_debugfs_write_reg 3 22742 NULL +read_file_antenna_13574 read_file_antenna 3 13574 NULL +__ntfs_copy_from_user_iovec_inatomic_38153 __ntfs_copy_from_user_iovec_inatomic 3-4 38153 NULL +setsockopt_54539 setsockopt 5 54539 NULL +gen_pool_add_21776 gen_pool_add 3 21776 NULL +iwl_dbgfs_chain_noise_read_46355 iwl_dbgfs_chain_noise_read 3 46355 NULL ++tty_register_device_4544 tty_register_device 2 4544 NULL +cache_write_13589 cache_write 3 13589 NULL +mpt_lan_receive_post_turbo_13592 mpt_lan_receive_post_turbo 2 13592 NULL +xfs_da_grow_inode_int_21785 xfs_da_grow_inode_int 3 21785 NULL @@ -87417,22 +95719,27 @@ index 0000000..909d902 +blk_msg_write_13655 blk_msg_write 3 13655 NULL +scsi_vpd_inquiry_30040 scsi_vpd_inquiry 4 30040 NULL +fwSendNullPacket_54618 fwSendNullPacket 2 54618 NULL ++drp_wmove_30043 drp_wmove 4 30043 NULL +tracing_total_entries_read_62817 tracing_total_entries_read 3 62817 NULL +cache_downcall_13666 cache_downcall 3 13666 NULL +xfs_efi_init_5476 xfs_efi_init 2 5476 NULL -+acpi_tb_check_xsdt_21862 acpi_tb_check_xsdt 1 21862 NULL ++ubi_leb_write_5478 ubi_leb_write 4-5 5478 NULL +cifs_security_flags_proc_write_5484 cifs_security_flags_proc_write 3 5484 NULL +cp210x_set_config_46447 cp210x_set_config 4 46447 NULL -+sisusbcon_bmove_21873 sisusbcon_bmove 5-7-6 21873 NULL ++sisusbcon_bmove_21873 sisusbcon_bmove 6-5-7 21873 NULL ++debug_debug3_read_56894 debug_debug3_read 3 56894 NULL +tty_write_5494 tty_write 3 5494 NULL -+xlog_recover_add_to_trans_62839 xlog_recover_add_to_trans 4 62839 NULL ++iscsi_ping_comp_event_38263 iscsi_ping_comp_event 5 38263 NULL +tomoyo_update_domain_5498 tomoyo_update_domain 2 5498 NULL +rx_fcs_err_read_62844 rx_fcs_err_read 3 62844 NULL +irq_timeout_read_54653 irq_timeout_read 3 54653 NULL ++teiup_create_43201 teiup_create 3 43201 NULL +dns_resolver_read_54658 dns_resolver_read 3 54658 NULL -+skb_pad_17302 skb_pad 2 17302 NULL -+line6_alloc_sysex_buffer_28225 line6_alloc_sysex_buffer 4 28225 NULL ++filldir64_46469 filldir64 3 46469 NULL ++line6_alloc_sysex_buffer_28225 line6_alloc_sysex_buffer 4 28225 NULL nohasharray ++set_dis_disc_pfs_28225 set_dis_disc_pfs 3 28225 &line6_alloc_sysex_buffer_28225 +fw_iso_buffer_alloc_13704 fw_iso_buffer_alloc 2 13704 NULL ++ablkcipher_copy_iv_64140 ablkcipher_copy_iv 3 64140 NULL +cxgbi_ddp_reserve_30091 cxgbi_ddp_reserve 4 30091 NULL +snd_midi_channel_init_set_30092 snd_midi_channel_init_set 1 30092 NULL +tg3_run_loopback_30093 tg3_run_loopback 2 30093 NULL @@ -87440,22 +95747,21 @@ index 0000000..909d902 +vmemmap_alloc_block_43245 vmemmap_alloc_block 1 43245 NULL +bio_kmalloc_54672 bio_kmalloc 2 54672 NULL +ezusb_writememory_45976 ezusb_writememory 4 45976 NULL -+rx_filter_data_filter_read_30098 rx_filter_data_filter_read 3 30098 NULL -+zd_mac_rx_38296 zd_mac_rx 3 38296 NULL ++evm_read_key_54674 evm_read_key 3 54674 NULL ++sctp_make_op_error_space_5528 sctp_make_op_error_space 3 5528 NULL +l2tp_ip6_recvmsg_62874 l2tp_ip6_recvmsg 4 62874 NULL +qsfp_1_read_21915 qsfp_1_read 3 21915 NULL +do_proc_readlink_14096 do_proc_readlink 3 14096 NULL -+aoechr_write_62883 aoechr_write 3 62883 NULL nohasharray -+em28xx_init_isoc_62883 em28xx_init_isoc 4 62883 &aoechr_write_62883 ++em28xx_init_isoc_62883 em28xx_init_isoc 4 62883 NULL nohasharray ++aoechr_write_62883 aoechr_write 3 62883 &em28xx_init_isoc_62883 +resize_info_buffer_62889 resize_info_buffer 2 62889 NULL +if_spi_host_to_card_62890 if_spi_host_to_card 4 62890 NULL +u32_array_read_2219 u32_array_read 3 2219 NULL +pin_code_reply_46510 pin_code_reply 4 46510 NULL -+addtgt_54703 addtgt 3 54703 NULL +mthca_alloc_cq_buf_46512 mthca_alloc_cq_buf 3 46512 NULL -+vxge_device_register_7752 vxge_device_register 4 7752 NULL ++sys_add_key_61288 sys_add_key 4 61288 NULL +kmsg_read_46514 kmsg_read 3 46514 NULL -+brcmu_pkt_buf_get_skb_5556 brcmu_pkt_buf_get_skb 1 5556 NULL ++audit_unpack_string_13748 audit_unpack_string 3 13748 NULL +isr_rx_headers_read_38325 isr_rx_headers_read 3 38325 NULL +rfkill_fop_read_54711 rfkill_fop_read 3 54711 NULL +recv_stream_30138 recv_stream 4 30138 NULL @@ -87463,9 +95769,11 @@ index 0000000..909d902 +getdqbuf_62908 getdqbuf 1 62908 NULL +bdx_rxdb_create_46525 bdx_rxdb_create 1 46525 NULL +pwr_connection_out_of_sync_read_35061 pwr_connection_out_of_sync_read 3 35061 NULL -+il4965_rs_sta_dbgfs_rate_scale_data_read_37792 il4965_rs_sta_dbgfs_rate_scale_data_read 3 37792 NULL ++_add_sg_continuation_descriptor_54721 _add_sg_continuation_descriptor 3 54721 NULL ++fc_frame_alloc_fill_59394 fc_frame_alloc_fill 2 59394 NULL +fir16_create_5574 fir16_create 3 5574 NULL +ieee802154_alloc_device_13767 ieee802154_alloc_device 1 13767 NULL ++pt_write_40159 pt_write 3 40159 NULL +bioset_create_5580 bioset_create 1 5580 NULL +ocfs2_control_write_54737 ocfs2_control_write 3 54737 NULL +fb_sys_read_13778 fb_sys_read 3 13778 NULL @@ -87496,7 +95804,6 @@ index 0000000..909d902 +ti_recv_22027 ti_recv 4 22027 NULL +ttm_dma_page_pool_free_34135 ttm_dma_page_pool_free 2 34135 NULL +ieee80211_if_read_dtim_count_38419 ieee80211_if_read_dtim_count 3 38419 NULL -+dccp_manip_pkt_30229 dccp_manip_pkt 2 30229 NULL +nfsd_write_54809 nfsd_write 6 54809 NULL +evdev_ioctl_compat_13851 evdev_ioctl_compat 2 13851 NULL +pcnet32_realloc_tx_ring_38428 pcnet32_realloc_tx_ring 3 38428 NULL @@ -87511,6 +95818,7 @@ index 0000000..909d902 +aircable_process_packet_46639 aircable_process_packet 5 46639 NULL +generic_perform_write_54832 generic_perform_write 3 54832 NULL +write_rio_54837 write_rio 3 54837 NULL ++nouveau_engctx_create__54839 nouveau_engctx_create_ 8 54839 NULL +__vb2_perform_fileio_63033 __vb2_perform_fileio 3 63033 NULL +pipeline_defrag_to_csum_swi_read_63037 pipeline_defrag_to_csum_swi_read 3 63037 NULL +get_arg_5694 get_arg 3 5694 NULL @@ -87527,6 +95835,7 @@ index 0000000..909d902 +unlink1_63059 unlink1 3 63059 NULL +picolcd_fb_write_2318 picolcd_fb_write 3 2318 NULL +pipeline_sec_frag_swi_read_30294 pipeline_sec_frag_swi_read 3 30294 NULL ++__do_krealloc_54389 __do_krealloc 2 54389 NULL +tcp_sendmsg_30296 tcp_sendmsg 4 30296 NULL +tcf_csum_ipv6_tcp_54877 tcf_csum_ipv6_tcp 4 54877 NULL +vmw_kms_readback_5727 vmw_kms_readback 6 5727 NULL @@ -87534,38 +95843,37 @@ index 0000000..909d902 +rts51x_transfer_data_partial_5735 rts51x_transfer_data_partial 6 5735 NULL +rx_decrypt_key_not_found_read_37820 rx_decrypt_key_not_found_read 3 37820 NULL +alloc_data_packet_46698 alloc_data_packet 1 46698 NULL -+wlcore_alloc_hw_7785 wlcore_alloc_hw 1 7785 NULL +dev_names_read_38509 dev_names_read 3 38509 NULL +iscsi_create_iface_38510 iscsi_create_iface 5 38510 NULL +sep_prepare_input_output_dma_table_in_dcb_63087 sep_prepare_input_output_dma_table_in_dcb 4-5-2-3 63087 NULL -+alloc_page_cgroup_2919 alloc_page_cgroup 1 2919 NULL ++get_packet_5747 get_packet 3 5747 NULL +ieee80211_if_read_dot11MeshForwarding_13940 ieee80211_if_read_dot11MeshForwarding 3 13940 NULL +drm_malloc_ab_16831 drm_malloc_ab 1-2 16831 NULL +event_rx_mismatch_read_38518 event_rx_mismatch_read 3 38518 NULL +iwl_dbgfs_protection_mode_read_13943 iwl_dbgfs_protection_mode_read 3 13943 NULL +ieee80211_if_read_min_discovery_timeout_13946 ieee80211_if_read_min_discovery_timeout 3 13946 NULL -+sys_msgrcv_959 sys_msgrcv 3 959 NULL ++erst_dbg_write_46715 erst_dbg_write 3 46715 NULL +ath6kl_lrssi_roam_read_61022 ath6kl_lrssi_roam_read 3 61022 NULL +lpfc_idiag_queacc_read_13950 lpfc_idiag_queacc_read 3 13950 NULL +xfs_buf_get_uncached_51477 xfs_buf_get_uncached 2 51477 NULL -+wl1271_rx_filter_alloc_field_46721 wl1271_rx_filter_alloc_field 5 46721 NULL ++iscsi_pool_init_54913 iscsi_pool_init 2-4 54913 NULL +_l2_alloc_skb_11883 _l2_alloc_skb 1 11883 NULL +resource_from_user_30341 resource_from_user 3 30341 NULL ++scsi_dispatch_cmd_entry_49848 scsi_dispatch_cmd_entry 3 49848 NULL +sound_write_5102 sound_write 3 5102 NULL +pn533_dep_link_up_22154 pn533_dep_link_up 5 22154 NULL -+brcmf_alloc_pkt_and_read_63116 brcmf_alloc_pkt_and_read 2 63116 NULL nohasharray -+iwl_dbgfs_sensitivity_read_63116 iwl_dbgfs_sensitivity_read 3 63116 &brcmf_alloc_pkt_and_read_63116 ++iwl_dbgfs_sensitivity_read_63116 iwl_dbgfs_sensitivity_read 3 63116 NULL +irq_domain_add_simple_46734 irq_domain_add_simple 2 46734 NULL +sctp_setsockopt_autoclose_5775 sctp_setsockopt_autoclose 3 5775 NULL +__vmalloc_node_flags_30352 __vmalloc_node_flags 1 30352 NULL +btrfs_discard_extent_38547 btrfs_discard_extent 2 38547 NULL -+bnx2_nvram_write_7790 bnx2_nvram_write 2-4 7790 NULL ++tx_frag_init_called_read_48377 tx_frag_init_called_read 3 48377 NULL +com90xx_found_13974 com90xx_found 3 13974 NULL +compat_sys_writev_5784 compat_sys_writev 3 5784 NULL +qcam_read_13977 qcam_read 3 13977 NULL +__vxge_hw_blockpool_malloc_5786 __vxge_hw_blockpool_malloc 2 5786 NULL +dvb_demux_read_13981 dvb_demux_read 3 13981 NULL -+brcmf_usb_attach_44656 brcmf_usb_attach 1-2 44656 NULL ++virtblk_add_buf_wait_54943 virtblk_add_buf_wait 3-4 54943 NULL +wl12xx_cmd_build_probe_req_54946 wl12xx_cmd_build_probe_req 6-8 54946 NULL +irda_sendmsg_dgram_38563 irda_sendmsg_dgram 4 38563 NULL +il4965_rs_sta_dbgfs_scale_table_read_38564 il4965_rs_sta_dbgfs_scale_table_read 3 38564 NULL @@ -87574,13 +95882,14 @@ index 0000000..909d902 +sys_get_mempolicy_30379 sys_get_mempolicy 3 30379 NULL +iwl_dbgfs_ucode_rx_stats_read_58023 iwl_dbgfs_ucode_rx_stats_read 3 58023 NULL +skb_copy_datagram_iovec_5806 skb_copy_datagram_iovec 2-4 5806 NULL -+setkey_unaligned_39474 setkey_unaligned 3 39474 NULL -+l2up_create_6430 l2up_create 3 6430 NULL ++wacom_set_device_mode_26280 wacom_set_device_mode 3 26280 NULL ++trace_options_core_read_47390 trace_options_core_read 3 47390 NULL +int_hw_irq_en_46776 int_hw_irq_en 3 46776 NULL +c4iw_init_resource_30393 c4iw_init_resource 2-3 30393 NULL -+cosa_net_setup_rx_38594 cosa_net_setup_rx 2 38594 NULL ++__alloc_bootmem_node_nopanic_6432 __alloc_bootmem_node_nopanic 2 6432 NULL ++__proc_file_read_54978 __proc_file_read 3 54978 NULL +concat_writev_21451 concat_writev 3 21451 NULL -+_rtl92s_firmware_downloadcode_14021 _rtl92s_firmware_downloadcode 3 14021 NULL ++smk_write_revoke_subj_63173 smk_write_revoke_subj 3 63173 NULL +_queue_data_54983 _queue_data 4 54983 NULL +_sys_packet_req_46793 _sys_packet_req 4 46793 NULL +pfkey_sendmsg_47394 pfkey_sendmsg 4 47394 NULL @@ -87593,15 +95902,13 @@ index 0000000..909d902 +read_def_modal_eeprom_14041 read_def_modal_eeprom 3 14041 NULL +rx_filter_max_arp_queue_dep_read_5851 rx_filter_max_arp_queue_dep_read 3 5851 NULL +rds_ib_inc_copy_to_user_55007 rds_ib_inc_copy_to_user 3 55007 NULL -+team_options_register_20091 team_options_register 3 20091 NULL ++alloc_ctrl_packet_44667 alloc_ctrl_packet 1 44667 NULL +rbd_create_rw_ops_55297 rbd_create_rw_ops 1 55297 NULL +compat_sys_move_pages_5861 compat_sys_move_pages 2 5861 NULL +cx231xx_v4l2_read_55014 cx231xx_v4l2_read 3 55014 NULL +sta_agg_status_read_14058 sta_agg_status_read 3 14058 NULL -+scsi_mode_sense_16835 scsi_mode_sense 5 16835 NULL -+ieee80211_if_read_auto_open_plinks_38268 ieee80211_if_read_auto_open_plinks 3 38268 NULL nohasharray -+mthca_alloc_icm_table_38268 mthca_alloc_icm_table 3-4 38268 &ieee80211_if_read_auto_open_plinks_38268 -+error_error_null_Frame_tx_start_read_55024 error_error_null_Frame_tx_start_read 3 55024 NULL ++compat_process_vm_rw_22254 compat_process_vm_rw 3-5 22254 NULL ++ext2_readpages_38640 ext2_readpages 4 38640 NULL +cma_create_area_38642 cma_create_area 2 38642 NULL +audit_init_entry_38644 audit_init_entry 1 38644 NULL +sriov_enable_59689 sriov_enable 2 59689 NULL @@ -87610,15 +95917,18 @@ index 0000000..909d902 +tx_tx_template_programmed_read_30461 tx_tx_template_programmed_read 3 30461 NULL +mmc_send_cxd_data_38655 mmc_send_cxd_data 5 38655 NULL +zoran_ioctl_30465 zoran_ioctl 2 30465 NULL ++tcp_manip_pkt_16563 tcp_manip_pkt 4 16563 NULL +qla2x00_adjust_sdev_qdepth_up_20097 qla2x00_adjust_sdev_qdepth_up 2 20097 NULL ++nouveau_instmem_create__38664 nouveau_instmem_create_ 4 38664 NULL +ieee80211_mgmt_tx_46860 ieee80211_mgmt_tx 9 46860 NULL +port_show_regs_5904 port_show_regs 3 5904 NULL +nvme_alloc_queue_46865 nvme_alloc_queue 3 46865 NULL +ptp_read_63251 ptp_read 4 63251 NULL +uhci_debug_read_5911 uhci_debug_read 3 5911 NULL +compat_sys_pselect6_14105 compat_sys_pselect6 1 14105 NULL -+__netdev_alloc_skb_ip_align_55067 __netdev_alloc_skb_ip_align 2 55067 NULL ++iscsit_dump_data_payload_38683 iscsit_dump_data_payload 2 38683 NULL +__tun_chr_ioctl_22300 __tun_chr_ioctl 4 22300 NULL ++stk_allocate_buffers_16291 stk_allocate_buffers 2 16291 NULL +mesh_table_alloc_22305 mesh_table_alloc 1 22305 NULL +ttm_bo_kmap_ttm_5922 ttm_bo_kmap_ttm 3 5922 NULL +o2hb_debug_read_37851 o2hb_debug_read 3 37851 NULL @@ -87626,13 +95936,13 @@ index 0000000..909d902 +iscsi_iser_recv_41948 iscsi_iser_recv 4 41948 NULL +lbs_highsnr_read_5931 lbs_highsnr_read 3 5931 NULL +em28xx_alloc_isoc_46892 em28xx_alloc_isoc 4 46892 NULL -+ps_poll_ps_poll_timeouts_read_5934 ps_poll_ps_poll_timeouts_read 3 5934 NULL ++read_dma_55086 read_dma 3 55086 NULL ++isr_irqs_read_9181 isr_irqs_read 3 9181 NULL +dwc3_testmode_write_30516 dwc3_testmode_write 3 30516 NULL +edac_device_alloc_ctl_info_5941 edac_device_alloc_ctl_info 1 5941 NULL -+sisusbcon_scroll_area_25899 sisusbcon_scroll_area 3-4 25899 NULL +ntfs_rl_replace_14136 ntfs_rl_replace 2-4 14136 NULL +ip_send_unicast_reply_38714 ip_send_unicast_reply 6 38714 NULL -+tcp_collapse_63294 tcp_collapse 5-6 63294 NULL ++tcp_collapse_63294 tcp_collapse 6-5 63294 NULL +alloc_trace_probe_38720 alloc_trace_probe 6 38720 NULL +isdn_ppp_ccp_xmit_reset_63297 isdn_ppp_ccp_xmit_reset 6 63297 NULL +rxpipe_beacon_buffer_thres_host_int_trig_rx_data_read_55106 rxpipe_beacon_buffer_thres_host_int_trig_rx_data_read 3 55106 NULL @@ -87641,28 +95951,24 @@ index 0000000..909d902 +tracing_ctrl_read_46922 tracing_ctrl_read 3 46922 NULL +gsm_dlci_data_14155 gsm_dlci_data 3 14155 NULL +fb_write_46924 fb_write 3 46924 NULL -+dns_resolver_instantiate_63314 dns_resolver_instantiate 3 63314 NULL +btmrvl_curpsmode_read_46939 btmrvl_curpsmode_read 3 46939 NULL ++wlcore_alloc_hw_22365 wlcore_alloc_hw 1 22365 NULL +crypto_ahash_setkey_55134 crypto_ahash_setkey 3 55134 NULL +br_send_bpdu_29669 br_send_bpdu 3 29669 NULL +disk_expand_part_tbl_30561 disk_expand_part_tbl 2 30561 NULL +evdev_ioctl_22371 evdev_ioctl 2 22371 NULL +__sctp_setsockopt_connectx_46949 __sctp_setsockopt_connectx 3 46949 NULL -+qla4xxx_post_aen_work_46953 qla4xxx_post_aen_work 3 46953 NULL ++udf_readpages_38761 udf_readpages 4 38761 NULL +reada_add_block_54247 reada_add_block 2 54247 NULL +ieee80211_if_read_uapsd_queues_55150 ieee80211_if_read_uapsd_queues 3 55150 NULL +proc_info_read_63344 proc_info_read 3 63344 NULL -+jffs2_do_link_42048 jffs2_do_link 6 42048 NULL +pep_indicate_38611 pep_indicate 5 38611 NULL +set_le_30581 set_le 4 30581 NULL -+write_62671 write 3 62671 NULL +alloc_large_system_hash_22391 alloc_large_system_hash 2 22391 NULL -+tcp_manip_pkt_14202 tcp_manip_pkt 2 14202 NULL -+iwl_dbgfs_thermal_throttling_read_38779 iwl_dbgfs_thermal_throttling_read 3 38779 NULL ++btmrvl_psmode_read_22395 btmrvl_psmode_read 3 22395 NULL +alloc_private_22399 alloc_private 2 22399 NULL -+mgmt_pending_add_46976 mgmt_pending_add 5 46976 NULL -+gre_manip_pkt_38785 gre_manip_pkt 2 38785 NULL -+fc_frame_alloc_fill_59394 fc_frame_alloc_fill 2 59394 NULL ++snd_gus_dram_write_38784 snd_gus_dram_write 4 38784 NULL ++ps_upsd_max_sptime_read_63362 ps_upsd_max_sptime_read 3 63362 NULL +zoran_write_22404 zoran_write 3 22404 NULL +dma_tx_errors_read_46060 dma_tx_errors_read 3 46060 NULL +idmouse_read_63374 idmouse_read 3 63374 NULL @@ -87674,7 +95980,7 @@ index 0000000..909d902 +ttm_bo_io_47000 ttm_bo_io 5 47000 NULL +ieee80211_if_write_uapsd_max_sp_len_14233 ieee80211_if_write_uapsd_max_sp_len 3 14233 NULL +sel_write_relabel_55195 sel_write_relabel 3 55195 NULL -+blk_rq_map_kern_47004 blk_rq_map_kern 4 47004 NULL ++edac_pci_alloc_ctl_info_63388 edac_pci_alloc_ctl_info 1 63388 NULL +ipv6_renew_option_38813 ipv6_renew_option 3 38813 NULL +sched_feat_write_55202 sched_feat_write 3 55202 NULL +dma_declare_coherent_memory_14244 dma_declare_coherent_memory 4-2 14244 NULL @@ -87685,17 +95991,16 @@ index 0000000..909d902 +sys_select_38827 sys_select 1 38827 NULL +rxpipe_missed_beacon_host_int_trig_rx_data_read_63405 rxpipe_missed_beacon_host_int_trig_rx_data_read 3 63405 NULL +do_raw_setsockopt_55215 do_raw_setsockopt 5 55215 NULL -+cx231xx_init_bulk_47024 cx231xx_init_bulk 2-3 47024 NULL -+sctp_abort_pkt_new_55218 sctp_abort_pkt_new 5 55218 NULL -+oom_score_adj_write_42594 oom_score_adj_write 3 42594 NULL ++cx231xx_init_bulk_47024 cx231xx_init_bulk 3-2 47024 NULL +direct_entry_38836 direct_entry 3 38836 NULL +__hwahc_op_set_ptk_36510 __hwahc_op_set_ptk 5 36510 NULL +gntdev_alloc_map_35145 gntdev_alloc_map 2 35145 NULL +compat_udp_setsockopt_38840 compat_udp_setsockopt 5 38840 NULL -+sctp_setsockopt_connectx_6073 sctp_setsockopt_connectx 3 6073 NULL -+ath6kl_connect_event_14267 ath6kl_connect_event 7-9-8 14267 NULL ++handle_received_packet_22457 handle_received_packet 3 22457 NULL ++ath6kl_connect_event_14267 ath6kl_connect_event 7-8-9 14267 NULL +write_head_30481 write_head 4 30481 NULL +mem_cgroup_read_22461 mem_cgroup_read 5 22461 NULL ++set_dis_bypass_pfs_47038 set_dis_bypass_pfs 3 47038 NULL +add_numbered_child_14273 add_numbered_child 5 14273 NULL +l2cap_sock_sendmsg_63427 l2cap_sock_sendmsg 4 63427 NULL +OS_mem_token_alloc_14276 OS_mem_token_alloc 1 14276 NULL @@ -87703,28 +96008,31 @@ index 0000000..909d902 +register_unifi_sdio_55239 register_unifi_sdio 2 55239 NULL +ath6kl_wmi_get_new_buf_52304 ath6kl_wmi_get_new_buf 1 52304 NULL +agp_remap_30665 agp_remap 2 30665 NULL -+snd_seq_oss_readq_new_14283 snd_seq_oss_readq_new 2 14283 NULL ++interfaces_38859 interfaces 2 38859 NULL +memcpy_fromiovec_55247 memcpy_fromiovec 3 55247 NULL -+alloc_ldt_21972 alloc_ldt 2 21972 NULL ++nfsd_symlink_63442 nfsd_symlink 6 63442 NULL ++ieee80211_if_read_dot11MeshHWMPpreqMinInterval_24208 ieee80211_if_read_dot11MeshHWMPpreqMinInterval 3 24208 NULL +cache_write_procfs_22491 cache_write_procfs 3 22491 NULL ++qc_capture_19298 qc_capture 3 19298 NULL +read_default_ldt_14302 read_default_ldt 2 14302 NULL +dfs_global_file_write_6112 dfs_global_file_write 3 6112 NULL +alloc_dca_provider_59670 alloc_dca_provider 2 59670 NULL +pipeline_dec_packet_in_read_47076 pipeline_dec_packet_in_read 3 47076 NULL +rtl_port_map_2385 rtl_port_map 1-2 2385 NULL +dccp_setsockopt_ccid_30701 dccp_setsockopt_ccid 4 30701 NULL -+scsi_deactivate_tcq_47086 scsi_deactivate_tcq 2 47086 NULL ++dbgfs_state_38894 dbgfs_state 3 38894 NULL +sel_commit_bools_write_46077 sel_commit_bools_write 3 46077 NULL +snd_info_entry_write_63474 snd_info_entry_write 3 63474 NULL ++nouveau_parent_create__6131 nouveau_parent_create_ 7 6131 NULL +process_bulk_data_command_38906 process_bulk_data_command 4 38906 NULL +rx_streaming_interval_read_55291 rx_streaming_interval_read 3 55291 NULL +reada_find_extent_63486 reada_find_extent 2 63486 NULL +read_kcore_63488 read_kcore 3 63488 NULL +lbs_debugfs_read_30721 lbs_debugfs_read 3 30721 NULL -+sel_write_load_63830 sel_write_load 3 63830 NULL ++__skb_cow_39254 __skb_cow 2 39254 NULL +gsm_control_modem_55303 gsm_control_modem 3 55303 NULL +__get_vm_area_node_55305 __get_vm_area_node 1 55305 NULL -+iscsi_conn_setup_35159 iscsi_conn_setup 2 35159 NULL ++ffs_epfile_read_18775 ffs_epfile_read 3 18775 NULL +rsc_mgr_init_16299 rsc_mgr_init 3 16299 NULL +ivtv_copy_buf_to_user_6159 ivtv_copy_buf_to_user 4 6159 NULL +pskb_may_pull_22546 pskb_may_pull 2 22546 NULL @@ -87735,35 +96043,34 @@ index 0000000..909d902 +wl1251_cmd_template_set_6172 wl1251_cmd_template_set 4 6172 NULL +ses_recv_diag_47143 ses_recv_diag 4 47143 NULL nohasharray +acpi_ut_initialize_buffer_47143 acpi_ut_initialize_buffer 2 47143 &ses_recv_diag_47143 -+sock_rmalloc_59740 sock_rmalloc 2 59740 NULL nohasharray -+ieee80211_if_read_fwded_unicast_59740 ieee80211_if_read_fwded_unicast 3 59740 &sock_rmalloc_59740 ++alloc_fcdev_18780 alloc_fcdev 1 18780 NULL +vme_user_read_55338 vme_user_read 3 55338 NULL +sctp_datamsg_from_user_55342 sctp_datamsg_from_user 4 55342 NULL +cxio_init_resource_fifo_random_47151 cxio_init_resource_fifo_random 3 47151 NULL +persistent_ram_iomap_47156 persistent_ram_iomap 1-2 47156 NULL -+tcf_csum_ipv4_udp_30777 tcf_csum_ipv4_udp 4 30777 NULL ++ath6kl_regdump_read_14393 ath6kl_regdump_read 3 14393 NULL +__ath6kl_wmi_send_mgmt_cmd_38971 __ath6kl_wmi_send_mgmt_cmd 7 38971 NULL +__hidp_send_ctrl_message_28303 __hidp_send_ctrl_message 4 28303 NULL +rs_sta_dbgfs_rate_scale_data_read_47165 rs_sta_dbgfs_rate_scale_data_read 3 47165 NULL +append_to_buffer_63550 append_to_buffer 3 63550 NULL -+r8712_usbctrl_vendorreq_48489 r8712_usbctrl_vendorreq 6 48489 NULL +smk_write_onlycap_14400 smk_write_onlycap 3 14400 NULL +acpi_system_read_event_55362 acpi_system_read_event 3 55362 NULL +dbg_leb_write_63555 dbg_leb_write 4-5 63555 NULL nohasharray +kvm_write_guest_page_63555 kvm_write_guest_page 5 63555 &dbg_leb_write_63555 +snapshot_read_22601 snapshot_read 3 22601 NULL -+OSDSetBlock_38986 OSDSetBlock 2-4 38986 NULL -+svc_pool_map_alloc_arrays_47181 svc_pool_map_alloc_arrays 2 47181 NULL ++OSDSetBlock_38986 OSDSetBlock 4-2 38986 NULL ++v4l2_ctrl_new_std_menu_6221 v4l2_ctrl_new_std_menu 4 6221 NULL +mtd_concat_create_14416 mtd_concat_create 2 14416 NULL +mqueue_read_file_6228 mqueue_read_file 3 6228 NULL +ioremap_cache_47189 ioremap_cache 1-2 47189 NULL -+easycap_alsa_vmalloc_14426 easycap_alsa_vmalloc 2 14426 NULL ++__send_to_port_55383 __send_to_port 3 55383 NULL ++rproc_alloc_63577 rproc_alloc 5 63577 NULL ++nf_nat_ipv4_manip_pkt_55387 nf_nat_ipv4_manip_pkt 2 55387 NULL +smk_read_doi_30813 smk_read_doi 3 30813 NULL +f_hidg_read_6238 f_hidg_read 3 6238 NULL +proc_pid_attr_write_63845 proc_pid_attr_write 3 63845 NULL -+lpfc_debugfs_dif_err_write_17424 lpfc_debugfs_dif_err_write 3 17424 NULL ++sctp_getsockopt_delayed_ack_9232 sctp_getsockopt_delayed_ack 2 9232 NULL +get_nodes_39012 get_nodes 3 39012 NULL -+module_alloc_update_bounds_47205 module_alloc_update_bounds 1 47205 NULL +fbcon_prepare_logo_6246 fbcon_prepare_logo 5 6246 NULL +sctp_setsockopt_connectx_old_22631 sctp_setsockopt_connectx_old 3 22631 NULL +ide_core_cp_entry_22636 ide_core_cp_entry 3 22636 NULL @@ -87780,36 +96087,37 @@ index 0000000..909d902 +xenbus_file_write_6282 xenbus_file_write 3 6282 NULL +options_write_47243 options_write 3 47243 NULL +module_alloc_63630 module_alloc 1 63630 NULL -+ntfs_malloc_nofs_nofail_63631 ntfs_malloc_nofs_nofail 1 63631 NULL -+dlm_alloc_pagevec_54296 dlm_alloc_pagevec 1 54296 NULL ++alloc_skb_55439 alloc_skb 1 55439 NULL ++nf_nat_ipv6_manip_pkt_6289 nf_nat_ipv6_manip_pkt 2 6289 NULL +portcntrs_1_read_47253 portcntrs_1_read 3 47253 NULL +ieee80211_if_read_dot11MeshGateAnnouncementProtocol_14486 ieee80211_if_read_dot11MeshGateAnnouncementProtocol 3 14486 NULL +ubifs_leb_write_22679 ubifs_leb_write 4-5 22679 NULL -+l2tp_ip_recvmsg_22681 l2tp_ip_recvmsg 4 22681 NULL ++nf_nat_sack_adjust_6297 nf_nat_sack_adjust 2 6297 NULL +proc_loginuid_write_63648 proc_loginuid_write 3 63648 NULL +mid_get_vbt_data_r10_6308 mid_get_vbt_data_r10 2 6308 NULL -+key_tx_rx_count_read_44742 key_tx_rx_count_read 3 44742 NULL -+ValidateDSDParamsChecksum_63654 ValidateDSDParamsChecksum 3 63654 NULL ++vmemmap_alloc_block_buf_61126 vmemmap_alloc_block_buf 1 61126 NULL ++__vxge_hw_channel_allocate_55462 __vxge_hw_channel_allocate 3 55462 NULL +pn_recvmsg_30887 pn_recvmsg 4 30887 NULL +rx_rx_timeout_wa_read_50204 rx_rx_timeout_wa_read 3 50204 NULL +hidraw_ioctl_63658 hidraw_ioctl 2 63658 NULL -+iscsi_ping_comp_event_38263 iscsi_ping_comp_event 5 38263 NULL ++ocfs2_debug_read_14507 ocfs2_debug_read 3 14507 NULL +lbs_threshold_read_21046 lbs_threshold_read 5 21046 NULL +tty_audit_log_47280 tty_audit_log 8 47280 NULL +alloc_libipw_22708 alloc_libipw 1 22708 NULL ++gfs2_readpages_47285 gfs2_readpages 4 47285 NULL +fc_host_post_vendor_event_30903 fc_host_post_vendor_event 3 30903 NULL +vbi_read_63673 vbi_read 3 63673 NULL +tun_get_user_39099 tun_get_user 4 39099 NULL +i2o_pool_alloc_55485 i2o_pool_alloc 4 55485 NULL -+brcmf_sdbrcm_read_control_22721 brcmf_sdbrcm_read_control 3 22721 NULL ++alloc_tty_driver_63681 alloc_tty_driver 1 63681 NULL +read_flush_pipefs_20171 read_flush_pipefs 3 20171 NULL +tx_internal_desc_overflow_read_47300 tx_internal_desc_overflow_read 3 47300 NULL +long_retry_limit_read_59766 long_retry_limit_read 3 59766 NULL +nfc_hci_hcp_message_tx_14534 nfc_hci_hcp_message_tx 6 14534 NULL +iommu_map_mmio_space_30919 iommu_map_mmio_space 1 30919 NULL +ep0_write_14536 ep0_write 3 14536 NULL nohasharray -+dataflash_read_user_otp_14536 dataflash_read_user_otp 3-2 14536 &ep0_write_14536 -+channel_type_read_47308 channel_type_read 3 47308 NULL ++dataflash_read_user_otp_14536 dataflash_read_user_otp 2-3 14536 &ep0_write_14536 ++dvb_ringbuffer_pkt_read_user_4303 dvb_ringbuffer_pkt_read_user 2-3-5 4303 NULL +cx18_copy_buf_to_user_22735 cx18_copy_buf_to_user 4 22735 NULL +ax25_output_22736 ax25_output 2 22736 NULL +__kfifo_to_user_r_39123 __kfifo_to_user_r 3 39123 NULL @@ -87819,17 +96127,17 @@ index 0000000..909d902 +cfpkt_pad_trail_55511 cfpkt_pad_trail 2 55511 NULL nohasharray +tx_tx_done_int_template_read_55511 tx_tx_done_int_template_read 3 55511 &cfpkt_pad_trail_55511 +cmtp_add_msgpart_9252 cmtp_add_msgpart 4 9252 NULL -+xfs_iext_add_indirect_multi_32400 xfs_iext_add_indirect_multi 3 32400 NULL +sctp_setsockopt_rtoinfo_30941 sctp_setsockopt_rtoinfo 3 30941 NULL -+ima_show_htable_violations_10619 ima_show_htable_violations 3 10619 NULL ++nouveau_object_create__63715 nouveau_object_create_ 5 63715 NULL +hid_input_report_32458 hid_input_report 4 32458 NULL +_proc_do_string_6376 _proc_do_string 2 6376 NULL +osd_req_read_sg_kern_6378 osd_req_read_sg_kern 5 6378 NULL -+mlx4_ib_alloc_fast_reg_page_list_46119 mlx4_ib_alloc_fast_reg_page_list 2 46119 NULL ++read_cis_cache_29735 read_cis_cache 4 29735 NULL +ieee80211_if_read_dot11MeshTTL_58307 ieee80211_if_read_dot11MeshTTL 3 58307 NULL +alloc_ring_39151 alloc_ring 2-4 39151 NULL +proc_coredump_filter_read_39153 proc_coredump_filter_read 3 39153 NULL +create_bounce_buffer_39155 create_bounce_buffer 3 39155 NULL ++tty_port_register_device_55543 tty_port_register_device 3 55543 NULL +tty_insert_flip_string_flags_30969 tty_insert_flip_string_flags 4 30969 NULL +asix_read_cmd_13245 asix_read_cmd 5 13245 NULL +ieee80211_if_read_dot11MeshHoldingTimeout_47356 ieee80211_if_read_dot11MeshHoldingTimeout 3 47356 NULL @@ -87837,20 +96145,20 @@ index 0000000..909d902 +selinux_secctx_to_secid_63744 selinux_secctx_to_secid 2 63744 NULL +isdn_add_channels_40905 isdn_add_channels 3 40905 NULL +bt_skb_alloc_6404 bt_skb_alloc 1 6404 NULL ++get_info_55681 get_info 3 55681 NULL +setkey_14987 setkey 3 14987 NULL +__bio_map_kern_47379 __bio_map_kern 3 47379 NULL +init_list_set_39188 init_list_set 2-3 39188 NULL +ubi_more_update_data_39189 ubi_more_update_data 4 39189 NULL +snd_pcm_oss_read1_63771 snd_pcm_oss_read1 3 63771 NULL -+trace_options_core_read_47390 trace_options_core_read 3 47390 NULL ++l2up_create_6430 l2up_create 3 6430 NULL +ipr_change_queue_depth_6431 ipr_change_queue_depth 2 6431 NULL -+__alloc_bootmem_node_nopanic_6432 __alloc_bootmem_node_nopanic 2 6432 NULL ++dgrp_net_write_47392 dgrp_net_write 3 47392 NULL +spidev_compat_ioctl_63778 spidev_compat_ioctl 2 63778 NULL +add_partition_55588 add_partition 2 55588 NULL +lbs_host_sleep_read_31013 lbs_host_sleep_read 3 31013 NULL +snd_pcm_aio_read_13900 snd_pcm_aio_read 3 13900 NULL +depth_read_31112 depth_read 3 31112 NULL -+sctp_manip_pkt_40620 sctp_manip_pkt 2 40620 NULL +macvtap_put_user_55609 macvtap_put_user 4 55609 NULL +ivtv_v4l2_write_39226 ivtv_v4l2_write 3 39226 NULL +selinux_setprocattr_55611 selinux_setprocattr 4 55611 NULL @@ -87858,18 +96166,20 @@ index 0000000..909d902 +vzalloc_47421 vzalloc 1 47421 NULL +mwifiex_11n_create_rx_reorder_tbl_63806 mwifiex_11n_create_rx_reorder_tbl 4 63806 NULL +agp_create_user_memory_62955 agp_create_user_memory 1 62955 NULL -+send_packet_52960 send_packet 4 52960 NULL ++sys_writev_28384 sys_writev 3 28384 NULL +batadv_tt_response_fill_table_39236 batadv_tt_response_fill_table 1 39236 NULL +read_file_rcstat_22854 read_file_rcstat 3 22854 NULL +__videobuf_copy_stream_44769 __videobuf_copy_stream 4 44769 NULL +rx_rx_beacon_early_term_read_21559 rx_rx_beacon_early_term_read 3 21559 NULL +pktgen_if_write_55628 pktgen_if_write 3 55628 NULL +create_attr_set_22861 create_attr_set 1 22861 NULL -+snd_opl4_mem_proc_read_63774 snd_opl4_mem_proc_read 5 63774 NULL ++r128_compat_ioctl_39250 r128_compat_ioctl 2 39250 NULL nohasharray ++pwr_cont_miss_bcns_spread_read_39250 pwr_cont_miss_bcns_spread_read 3 39250 &r128_compat_ioctl_39250 +compat_sys_mq_timedsend_31060 compat_sys_mq_timedsend 3 31060 NULL -+__skb_cow_39254 __skb_cow 2 39254 NULL ++sel_write_load_63830 sel_write_load 3 63830 NULL +lbs_failcount_read_31063 lbs_failcount_read 3 31063 NULL +pipeline_enc_tx_stat_fifo_int_read_14680 pipeline_enc_tx_stat_fifo_int_read 3 14680 NULL ++bnx2_nvram_write_7790 bnx2_nvram_write 4-2 7790 NULL +dvb_dmxdev_set_buffer_size_55643 dvb_dmxdev_set_buffer_size 2 55643 NULL +tsi148_master_set_14685 tsi148_master_set 4 14685 NULL +ath6kl_wmi_set_appie_cmd_39266 ath6kl_wmi_set_appie_cmd 5 39266 NULL @@ -87882,9 +96192,10 @@ index 0000000..909d902 +rx_filter_protection_filter_read_39282 rx_filter_protection_filter_read 3 39282 NULL +sctp_setsockopt_context_31091 sctp_setsockopt_context 3 31091 NULL +il_dbgfs_tx_queue_read_55668 il_dbgfs_tx_queue_read 3 55668 NULL ++SetArea_50835 SetArea 4 50835 NULL +tpm_read_50344 tpm_read 3 50344 NULL +newpart_47485 newpart 6 47485 NULL -+get_info_55681 get_info 3 55681 NULL ++jffs2_do_link_42048 jffs2_do_link 6 42048 NULL +compat_sys_get_mempolicy_31109 compat_sys_get_mempolicy 3 31109 NULL +core_sys_select_47494 core_sys_select 1 47494 NULL +read_file_disable_ani_6536 read_file_disable_ani 3 6536 NULL @@ -87895,7 +96206,8 @@ index 0000000..909d902 +unlink_simple_47506 unlink_simple 3 47506 NULL +rndis_set_oid_6547 rndis_set_oid 4 6547 NULL +wdm_read_6549 wdm_read 3 6549 NULL -+init_map_ipmac_63896 init_map_ipmac 3-4 63896 NULL ++init_map_ipmac_63896 init_map_ipmac 4-3 63896 NULL ++tipc_multicast_49144 tipc_multicast 5 49144 NULL +nfs4_realloc_slot_table_22859 nfs4_realloc_slot_table 2 22859 NULL +fb_alloc_cmap_6554 fb_alloc_cmap 2 6554 NULL +xhci_alloc_stream_info_63902 xhci_alloc_stream_info 3 63902 NULL @@ -87906,49 +96218,48 @@ index 0000000..909d902 +filter_read_61692 filter_read 3 61692 NULL +mtdswap_init_55719 mtdswap_init 2 55719 NULL +rx_rx_phy_hdr_read_20950 rx_rx_phy_hdr_read 3 20950 NULL -+a4t_cs_init_27734 a4t_cs_init 3 27734 NULL +debugfs_read_62535 debugfs_read 3 62535 NULL +w9966_v4l_read_31148 w9966_v4l_read 3 31148 NULL +process_vm_rw_47533 process_vm_rw 3-5 47533 NULL +divas_write_63901 divas_write 3 63901 NULL -+alloc_sglist_22960 alloc_sglist 1-3-2 22960 NULL ++alloc_sglist_22960 alloc_sglist 1-2-3 22960 NULL +caif_seqpkt_sendmsg_22961 caif_seqpkt_sendmsg 4 22961 NULL ++snd_compr_write_63923 snd_compr_write 3 63923 NULL +cfpkt_split_47541 cfpkt_split 2 47541 NULL +__copy_from_user_nocache_39351 __copy_from_user_nocache 3 39351 NULL +btmrvl_pscmd_read_24308 btmrvl_pscmd_read 3 24308 NULL -+__iio_allocate_kfifo_55738 __iio_allocate_kfifo 2-3 55738 NULL ++__iio_allocate_kfifo_55738 __iio_allocate_kfifo 3-2 55738 NULL +ipw_write_59807 ipw_write 3 59807 NULL +sta_dev_read_14782 sta_dev_read 3 14782 NULL +tipc_send2port_63935 tipc_send2port 5 63935 NULL +do_write_log_from_user_39362 do_write_log_from_user 3 39362 NULL +ch_do_scsi_31171 ch_do_scsi 4 31171 NULL +afs_send_simple_reply_63940 afs_send_simple_reply 3 63940 NULL -+__team_options_register_63941 __team_options_register 3 63941 NULL ++mwifiex_cfg80211_mgmt_tx_12022 mwifiex_cfg80211_mgmt_tx 9 12022 NULL +cycx_setup_47562 cycx_setup 4 47562 NULL +remote_settings_file_write_22987 remote_settings_file_write 3 22987 NULL +ext4_kvmalloc_14796 ext4_kvmalloc 1 14796 NULL +set_local_name_55757 set_local_name 4 55757 NULL -+v4l2_ctrl_new_std_menu_6221 v4l2_ctrl_new_std_menu 4 6221 NULL -+input_mt_init_slots_31183 input_mt_init_slots 2 31183 NULL ++printer_req_alloc_62687 printer_req_alloc 2 62687 NULL +btrfs_init_new_buffer_55761 btrfs_init_new_buffer 4 55761 NULL +read_ldt_47570 read_ldt 2 47570 NULL +regmap_name_read_file_39379 regmap_name_read_file 3 39379 NULL -+ps_poll_ps_poll_utilization_read_39383 ps_poll_ps_poll_utilization_read 3 39383 NULL ++pci_iomap_47575 pci_iomap 3 47575 NULL +acpi_ex_system_memory_space_handler_31192 acpi_ex_system_memory_space_handler 2 31192 NULL -+scsi_init_shared_tag_map_59812 scsi_init_shared_tag_map 2 59812 NULL ++kimage_normal_alloc_31140 kimage_normal_alloc 3 31140 NULL +module_alloc_update_bounds_rw_63233 module_alloc_update_bounds_rw 1 63233 NULL +ecryptfs_filldir_6622 ecryptfs_filldir 3 6622 NULL +drm_ht_create_18853 drm_ht_create 2 18853 NULL +mtdchar_readoob_31200 mtdchar_readoob 4 31200 NULL +qlcnic_alloc_msix_entries_46160 qlcnic_alloc_msix_entries 2 46160 NULL +ieee80211_authentication_req_63973 ieee80211_authentication_req 3 63973 NULL -+__btrfs_free_reserved_extent_31207 __btrfs_free_reserved_extent 2 31207 NULL ++dn_alloc_skb_6631 dn_alloc_skb 2 6631 NULL +conf_read_55786 conf_read 3 55786 NULL +do_tune_cpucache_14828 do_tune_cpucache 2 14828 NULL +rx_defrag_decrypt_failed_read_41411 rx_defrag_decrypt_failed_read 3 41411 NULL +viafb_dvp0_proc_write_23023 viafb_dvp0_proc_write 3 23023 NULL +virtscsi_alloc_tgt_6643 virtscsi_alloc_tgt 2 6643 NULL -+ext4_kvzalloc_47605 ext4_kvzalloc 1 47605 NULL ++atm_get_addr_31221 atm_get_addr 3 31221 NULL +user_power_read_39414 user_power_read 3 39414 NULL +uwb_rc_neh_grok_event_55799 uwb_rc_neh_grok_event 3 55799 NULL +uea_request_47613 uea_request 4 47613 NULL @@ -87962,14 +96273,14 @@ index 0000000..909d902 +_create_sg_bios_31244 _create_sg_bios 4 31244 NULL +get_user_cpu_mask_14861 get_user_cpu_mask 2 14861 NULL +kmemdup_64015 kmemdup 2 64015 NULL ++compat_sys_select_16131 compat_sys_select 1 16131 NULL +reiserfs_add_entry_23062 reiserfs_add_entry 4 23062 NULL nohasharray +unix_seqpacket_recvmsg_23062 unix_seqpacket_recvmsg 4 23062 &reiserfs_add_entry_23062 +process_rcvd_data_6679 process_rcvd_data 3 6679 NULL +tcf_csum_skb_nextlayer_64025 tcf_csum_skb_nextlayer 3 64025 NULL +oz_events_read_47535 oz_events_read 3 47535 NULL -+sb16_copy_from_user_55836 sb16_copy_from_user 10-7-6 55836 NULL -+frequency_read_64031 frequency_read 3 64031 NULL nohasharray -+resize_async_buffer_64031 resize_async_buffer 4 64031 &frequency_read_64031 ++sb16_copy_from_user_55836 sb16_copy_from_user 10-6-7 55836 NULL ++resize_async_buffer_64031 resize_async_buffer 4 64031 NULL +sys_semop_39457 sys_semop 3 39457 NULL +vm_map_ram_23078 vm_map_ram 2 23078 NULL nohasharray +raw_sendmsg_23078 raw_sendmsg 4 23078 &vm_map_ram_23078 @@ -87979,13 +96290,13 @@ index 0000000..909d902 +ps_pspoll_max_apturn_read_6699 ps_pspoll_max_apturn_read 3 6699 NULL +acpi_os_allocate_14892 acpi_os_allocate 1 14892 NULL +hysdn_rx_netpkt_16136 hysdn_rx_netpkt 3 16136 NULL -+bnad_debugfs_write_regrd_6706 bnad_debugfs_write_regrd 3 6706 NULL ++setkey_unaligned_39474 setkey_unaligned 3 39474 NULL +rt2x00debug_write_eeprom_23091 rt2x00debug_write_eeprom 3 23091 NULL +mpeg_read_6708 mpeg_read 3 6708 NULL +hcd_alloc_coherent_55862 hcd_alloc_coherent 5 55862 NULL +ntfs_ucstonls_23097 ntfs_ucstonls 3-5 23097 NULL +sky2_receive_13407 sky2_receive 2 13407 NULL -+ts_read_44687 ts_read 3 44687 NULL ++krealloc_14908 krealloc 2 14908 NULL +pipe_iov_copy_from_user_23102 pipe_iov_copy_from_user 3 23102 NULL +bt_skb_send_alloc_6581 bt_skb_send_alloc 2 6581 NULL +dgram_recvmsg_23104 dgram_recvmsg 4 23104 NULL @@ -88002,29 +96313,33 @@ index 0000000..909d902 +command_file_write_31318 command_file_write 3 31318 NULL +gspca_dev_probe2_59833 gspca_dev_probe2 4 59833 NULL +lbs_highrssi_read_64089 lbs_highrssi_read 3 64089 NULL ++wep_default_key_count_read_43035 wep_default_key_count_read 3 43035 NULL +i915_cache_sharing_read_24775 i915_cache_sharing_read 3 24775 NULL ++array_zalloc_7519 array_zalloc 1-2 7519 NULL +tx_frag_key_not_found_read_22971 tx_frag_key_not_found_read 3 22971 NULL ++ipv6_renew_options_28867 ipv6_renew_options 5 28867 NULL +unix_dgram_recvmsg_14952 unix_dgram_recvmsg 4 14952 NULL +ca91cx42_master_set_23146 ca91cx42_master_set 4 23146 NULL +videobuf_read_stream_14956 videobuf_read_stream 3 14956 NULL +ieee80211_if_read_dot11MeshHWMPnetDiameterTraversalTime_1589 ieee80211_if_read_dot11MeshHWMPnetDiameterTraversalTime 3 1589 NULL -+ath6kl_debug_roam_tbl_event_5224 ath6kl_debug_roam_tbl_event 3 5224 NULL ++sisusbcon_clear_64329 sisusbcon_clear 4-3-5 64329 NULL ++vxge_os_dma_malloc_46184 vxge_os_dma_malloc 2 46184 NULL +sfi_check_table_6772 sfi_check_table 1 6772 NULL +bits_to_user_47733 bits_to_user 2-3 47733 NULL +int_proc_write_39542 int_proc_write 3 39542 NULL -+netxen_alloc_sds_rings_13417 netxen_alloc_sds_rings 2 13417 NULL ++do_dccp_setsockopt_54377 do_dccp_setsockopt 5 54377 NULL nohasharray ++intel_sdvo_write_cmd_54377 intel_sdvo_write_cmd 4 54377 &do_dccp_setsockopt_54377 +read_file_ani_23161 read_file_ani 3 23161 NULL +carl9170_debugfs_read_47738 carl9170_debugfs_read 3 47738 NULL -+help_14971 help 4 14971 NULL +iwl_dbgfs_channels_read_6784 iwl_dbgfs_channels_read 3 6784 NULL +ieee80211_if_read_6785 ieee80211_if_read 3 6785 NULL -+init_bch_64130 init_bch 1-2 64130 NULL ++pp_write_39554 pp_write 3 39554 NULL +ioremap_23172 ioremap 1-2 23172 NULL +mvumi_alloc_mem_resource_47750 mvumi_alloc_mem_resource 3 47750 NULL +hdlcdrv_register_6792 hdlcdrv_register 2 6792 NULL +usblp_write_23178 usblp_write 3 23178 NULL +sel_read_policy_55947 sel_read_policy 3 55947 NULL -+alloc_sched_domains_47756 alloc_sched_domains 1 47756 NULL ++xprt_rdma_allocate_31372 xprt_rdma_allocate 2 31372 NULL +vb2_vmalloc_get_userptr_31374 vb2_vmalloc_get_userptr 3 31374 NULL +tx_tx_done_data_read_6799 tx_tx_done_data_read 3 6799 NULL +datablob_format_39571 datablob_format 2 39571 NULL nohasharray @@ -88032,46 +96347,46 @@ index 0000000..909d902 +fix_unclean_leb_23188 fix_unclean_leb 3 23188 NULL +simple_read_from_buffer_55957 simple_read_from_buffer 2-5 55957 NULL +dlfb_ops_write_64150 dlfb_ops_write 3 64150 NULL -+i915_wedged_write_47771 i915_wedged_write 3 47771 NULL ++vmalloc_32_1135 vmalloc_32 1 1135 NULL +tx_tx_imm_resp_read_55964 tx_tx_imm_resp_read 3 55964 NULL -+tm6000_i2c_send_regs_20250 tm6000_i2c_send_regs 5 20250 NULL ++tx_tx_exch_pending_read_53018 tx_tx_exch_pending_read 3 53018 NULL ++__team_options_register_63941 __team_options_register 3 63941 NULL +error_error_numll_frame_cts_start_read_47781 error_error_numll_frame_cts_start_read 3 47781 NULL -+ip_ufo_append_data_12775 ip_ufo_append_data 6-8-7 12775 NULL -+alloc_session_64171 alloc_session 1-2 64171 NULL ++ip_ufo_append_data_12775 ip_ufo_append_data 6-7-8 12775 NULL +rvmalloc_46873 rvmalloc 1 46873 NULL -+compat_udpv6_setsockopt_42981 compat_udpv6_setsockopt 5 42981 NULL ++vmap_15025 vmap 2 15025 NULL +key_ifindex_read_31411 key_ifindex_read 3 31411 NULL +mcs7830_set_reg_31413 mcs7830_set_reg 3 31413 NULL +mon_bin_read_6841 mon_bin_read 3 6841 NULL -+W6692_empty_Bfifo_47804 W6692_empty_Bfifo 2 47804 NULL ++tty_buffer_request_room_23228 tty_buffer_request_room 2 23228 NULL +xlog_get_bp_23229 xlog_get_bp 2 23229 NULL +snd_cs4281_BA0_read_6847 snd_cs4281_BA0_read 5 6847 NULL +nfs_idmap_get_key_39616 nfs_idmap_get_key 2 39616 NULL +rxrpc_client_sendmsg_23236 rxrpc_client_sendmsg 5 23236 NULL +TSS_checkhmac1_31429 TSS_checkhmac1 5 31429 NULL +ttm_object_device_init_10321 ttm_object_device_init 2 10321 NULL -+compat_process_vm_rw_22254 compat_process_vm_rw 3-5 22254 NULL +ping_recvmsg_25597 ping_recvmsg 4 25597 NULL +macvtap_recvmsg_63949 macvtap_recvmsg 4 63949 NULL +ceph_msgpool_init_34599 ceph_msgpool_init 4 34599 NULL +cld_pipe_downcall_15058 cld_pipe_downcall 3 15058 NULL +ssb_bus_pcmciabus_register_56020 ssb_bus_pcmciabus_register 3 56020 NULL +fm_send_cmd_39639 fm_send_cmd 5 39639 NULL -+ieee80211_if_read_uapsd_max_sp_len_15067 ieee80211_if_read_uapsd_max_sp_len 3 15067 NULL ++ip6gre_err_19869 ip6gre_err 5 19869 NULL ++nvme_alloc_iod_56027 nvme_alloc_iod 1 56027 NULL +opera1_xilinx_rw_31453 opera1_xilinx_rw 5 31453 NULL +nfs4_write_cached_acl_15070 nfs4_write_cached_acl 4 15070 NULL +ntfs_copy_from_user_15072 ntfs_copy_from_user 3-5 15072 NULL +sctp_recvmsg_23265 sctp_recvmsg 4 23265 NULL +snd_rme32_capture_copy_39653 snd_rme32_capture_copy 5 39653 NULL -+btmrvl_hscmd_write_27089 btmrvl_hscmd_write 3 27089 NULL ++get_new_cssid_51665 get_new_cssid 2 51665 NULL +raw_seticmpfilter_6888 raw_seticmpfilter 3 6888 NULL +prism2_info_hostscanresults_39657 prism2_info_hostscanresults 3 39657 NULL -+tty_prepare_flip_string_39955 tty_prepare_flip_string 3 39955 NULL ++ced_ioctl_36647 ced_ioctl 2 36647 NULL +dlmfs_file_write_6892 dlmfs_file_write 3 6892 NULL +__videobuf_alloc_vb_5665 __videobuf_alloc_vb 1 5665 NULL +kvm_read_guest_cached_39666 kvm_read_guest_cached 4 39666 NULL +redrat3_transmit_ir_64244 redrat3_transmit_ir 3 64244 NULL -+doc_probe_23285 doc_probe 1 23285 NULL ++__alloc_extent_buffer_15093 __alloc_extent_buffer 3 15093 NULL +v4l_stk_read_39672 v4l_stk_read 3 39672 NULL +dccp_sendmsg_56058 dccp_sendmsg 4 56058 NULL +alg_setkey_31485 alg_setkey 3 31485 NULL @@ -88079,15 +96394,12 @@ index 0000000..909d902 +spi_show_regs_6911 spi_show_regs 3 6911 NULL nohasharray +proc_sessionid_read_6911 proc_sessionid_read 3 6911 &spi_show_regs_6911 +qsfp_2_read_31491 qsfp_2_read 3 31491 NULL -+ieee80211_rx_mgmt_probe_resp_6918 ieee80211_rx_mgmt_probe_resp 3 6918 NULL ++vhci_read_47878 vhci_read 3 47878 NULL +__alloc_bootmem_31498 __alloc_bootmem 1 31498 NULL -+pci_iomap_47575 pci_iomap 3 47575 NULL -+ieee80211_send_probe_req_6924 ieee80211_send_probe_req 6-4 6924 NULL -+cache_do_downcall_6926 cache_do_downcall 3 6926 NULL -+qla2x00_handle_queue_full_24365 qla2x00_handle_queue_full 2 24365 NULL ++ps_poll_ps_poll_utilization_read_39383 ps_poll_ps_poll_utilization_read 3 39383 NULL ++i2cdev_write_23310 i2cdev_write 3 23310 NULL +keyctl_instantiate_key_common_47889 keyctl_instantiate_key_common 4 47889 NULL -+nl_pid_hash_zalloc_23314 nl_pid_hash_zalloc 1 23314 NULL -+ubifs_recover_log_leb_12079 ubifs_recover_log_leb 3 12079 NULL ++kvm_read_hva_44847 kvm_read_hva 3 44847 NULL +ftrace_pid_write_39710 ftrace_pid_write 3 39710 NULL +event_id_read_64288 event_id_read 3 64288 NULL nohasharray +xfs_dir_cilookup_result_64288 xfs_dir_cilookup_result 3 64288 &event_id_read_64288 @@ -88100,12 +96412,13 @@ index 0000000..909d902 +page_readlink_23346 page_readlink 3 23346 NULL +videobuf_dma_init_kernel_6963 videobuf_dma_init_kernel 3 6963 NULL +comedi_write_47926 comedi_write 3 47926 NULL -+packet_alloc_skb_62602 packet_alloc_skb 2-5-4 62602 NULL ++usb_alloc_stream_buffers_56123 usb_alloc_stream_buffers 3 56123 NULL ++dsp_write_46218 dsp_write 2 46218 NULL +kmem_zalloc_large_56128 kmem_zalloc_large 1 56128 NULL -+ath6kl_wmi_add_wow_pattern_cmd_12842 ath6kl_wmi_add_wow_pattern_cmd 4 12842 NULL -+sisusbcon_clear_64329 sisusbcon_clear 3-5-4 64329 NULL ++usbvision_read_31555 usbvision_read 3 31555 NULL ++pd_video_read_24510 pd_video_read 3 24510 NULL ++crypto_authenc_esn_setkey_6985 crypto_authenc_esn_setkey 3 6985 NULL +sel_read_handle_status_56139 sel_read_handle_status 3 56139 NULL -+nf_nat_ftp_47948 nf_nat_ftp 5 47948 NULL +request_key_async_6990 request_key_async 4 6990 NULL +ts_write_64336 ts_write 3 64336 NULL +handle_response_55951 handle_response 5 55951 NULL @@ -88113,26 +96426,29 @@ index 0000000..909d902 +tx_frag_tkip_called_read_31575 tx_frag_tkip_called_read 3 31575 NULL +r871x_set_wpa_ie_7000 r871x_set_wpa_ie 3 7000 NULL +iscsi_create_endpoint_15193 iscsi_create_endpoint 1 15193 NULL -+ip_nat_sdp_media_23386 ip_nat_sdp_media 8 23386 NULL +osst_write_31581 osst_write 3 31581 NULL +tracing_cpumask_read_7010 tracing_cpumask_read 3 7010 NULL +rawv6_setsockopt_56165 rawv6_setsockopt 5 56165 NULL -+dn_alloc_skb_6631 dn_alloc_skb 2 6631 NULL ++wm8350_block_write_19727 wm8350_block_write 3 19727 NULL ++diva_xdi_write_63975 diva_xdi_write 4 63975 NULL +llc_alloc_frame_64366 llc_alloc_frame 4 64366 NULL -+wlc_phy_loadsampletable_nphy_64367 wlc_phy_loadsampletable_nphy 3 64367 NULL ++iwl_dbgfs_ucode_tracing_read_47983 iwl_dbgfs_ucode_tracing_read 3 47983 NULL nohasharray ++mempool_resize_47983 mempool_resize 2 47983 &iwl_dbgfs_ucode_tracing_read_47983 ++mangle_packet_18920 mangle_packet 7-9 18920 NULL +bfad_debugfs_write_regrd_15218 bfad_debugfs_write_regrd 3 15218 NULL +tx_frag_need_fragmentation_read_50153 tx_frag_need_fragmentation_read 3 50153 NULL +iscsi_change_queue_depth_23416 iscsi_change_queue_depth 2 23416 NULL +ib_umad_write_47993 ib_umad_write 3 47993 NULL +ilo_write_64378 ilo_write 3 64378 NULL -+iwl_dbgfs_ucode_tx_stats_read_31611 iwl_dbgfs_ucode_tx_stats_read 3 31611 NULL ++btrfs_map_block_64379 btrfs_map_block 3 64379 NULL ++nilfs_alloc_seg_bio_64383 nilfs_alloc_seg_bio 3 64383 NULL +vzalloc_node_23424 vzalloc_node 1 23424 NULL +arvo_sysfs_read_31617 arvo_sysfs_read 6 31617 NULL +ipath_get_base_info_7043 ipath_get_base_info 3 7043 NULL +variax_alloc_sysex_buffer_15237 variax_alloc_sysex_buffer 3 15237 NULL -+lpfc_idiag_ctlacc_read_33943 lpfc_idiag_ctlacc_read 3 33943 NULL ++copy_from_user_17559 copy_from_user 3 17559 NULL +ffs_epfile_write_48014 ffs_epfile_write 3 48014 NULL -+sctp_make_op_error_7057 sctp_make_op_error 5-6 7057 NULL ++sys_migrate_pages_39825 sys_migrate_pages 2 39825 NULL +ir_lirc_transmit_ir_64403 ir_lirc_transmit_ir 3 64403 NULL +pidlist_allocate_64404 pidlist_allocate 1 64404 NULL +videobuf_read_one_31637 videobuf_read_one 3 31637 NULL @@ -88146,19 +96462,22 @@ index 0000000..909d902 +pod_alloc_sysex_buffer_31651 pod_alloc_sysex_buffer 3 31651 NULL +cp210x_get_config_56229 cp210x_get_config 4 56229 NULL +pppoe_sendmsg_48039 pppoe_sendmsg 4 48039 NULL ++udl_prime_create_57159 udl_prime_create 2 57159 NULL ++oom_adj_write_64428 oom_adj_write 3 64428 NULL +dn_nsp_send_disc_23469 dn_nsp_send_disc 2 23469 NULL +do_ipt_set_ctl_56238 do_ipt_set_ctl 4 56238 NULL +ping_sendmsg_3782 ping_sendmsg 4 3782 NULL +beacon_interval_read_7091 beacon_interval_read 3 7091 NULL +__lgread_31668 __lgread 4 31668 NULL -+scrub_setup_recheck_block_56245 scrub_setup_recheck_block 3-4 56245 NULL ++scrub_setup_recheck_block_56245 scrub_setup_recheck_block 4-3 56245 NULL +fd_copyin_56247 fd_copyin 3 56247 NULL +wpan_phy_alloc_48056 wpan_phy_alloc 1 48056 NULL +ax25_recvmsg_64441 ax25_recvmsg 4 64441 NULL +sys_connect_15291 sys_connect 3 15291 NULL nohasharray +xlate_dev_mem_ptr_15291 xlate_dev_mem_ptr 1 15291 &sys_connect_15291 -+teiup_create_43201 teiup_create 3 43201 NULL -+atm_get_addr_31221 atm_get_addr 3 31221 NULL ++linear_conf_23485 linear_conf 2 23485 NULL nohasharray ++divasa_remap_pci_bar_23485 divasa_remap_pci_bar 3-4 23485 &linear_conf_23485 ++posix_acl_alloc_48063 posix_acl_alloc 1 48063 NULL +ieee80211_if_read_element_ttl_18869 ieee80211_if_read_element_ttl 3 18869 NULL +_usb_writeN_sync_31682 _usb_writeN_sync 4 31682 NULL +pipeline_enc_rx_stat_fifo_int_read_7107 pipeline_enc_rx_stat_fifo_int_read 3 7107 NULL @@ -88169,33 +96488,32 @@ index 0000000..909d902 +pipeline_tcp_tx_stat_fifo_int_read_32589 pipeline_tcp_tx_stat_fifo_int_read 3 32589 NULL +sys_setsockopt_35320 sys_setsockopt 5 35320 NULL +il4965_ucode_general_stats_read_56277 il4965_ucode_general_stats_read 3 56277 NULL -+audit_log_n_string_31705 audit_log_n_string 3 31705 NULL -+ip_vs_create_timeout_table_64478 ip_vs_create_timeout_table 2 64478 NULL ++pkt_add_39897 pkt_add 3 39897 NULL ++RESIZE_IF_NEEDED_56286 RESIZE_IF_NEEDED 2 56286 NULL +send_mpa_reject_7135 send_mpa_reject 3 7135 NULL ++sctp_make_op_error_7057 sctp_make_op_error 5-6 7057 NULL +mmc_alloc_host_48097 mmc_alloc_host 1 48097 NULL +read_file_modal_eeprom_39909 read_file_modal_eeprom 3 39909 NULL -+ipv6_recv_rxpmtu_7142 ipv6_recv_rxpmtu 3 7142 NULL ++skb_copy_datagram_const_iovec_48102 skb_copy_datagram_const_iovec 4-2-5 48102 NULL +dvb_aplay_56296 dvb_aplay 3 56296 NULL +gen_pool_add_virt_39913 gen_pool_add_virt 4 39913 NULL +dw210x_op_rw_39915 dw210x_op_rw 6 39915 NULL +p54_parse_rssical_64493 p54_parse_rssical 3 64493 NULL +sctp_make_asconf_ack_31726 sctp_make_asconf_ack 3 31726 NULL +aes_encrypt_interrupt_read_39919 aes_encrypt_interrupt_read 3 39919 NULL -+ath6kl_wmi_send_probe_response_cmd_31728 ath6kl_wmi_send_probe_response_cmd 6 31728 NULL -+exofs_read_kern_39921 exofs_read_kern 6 39921 NULL nohasharray -+oom_score_adj_read_39921 oom_score_adj_read 3 39921 &exofs_read_kern_39921 -+btrfs_insert_delayed_dir_index_63720 btrfs_insert_delayed_dir_index 4 63720 NULL -+read_file_beacon_32595 read_file_beacon 3 32595 NULL ++ima_show_measurements_count_23536 ima_show_measurements_count 3 23536 NULL ++alloc_ring_15345 alloc_ring 2-4 15345 NULL ++alloc_cpu_rmap_65363 alloc_cpu_rmap 1 65363 NULL +remove_uuid_64505 remove_uuid 4 64505 NULL +shmem_pwrite_slow_31741 shmem_pwrite_slow 3 31741 NULL +NCR_700_change_queue_depth_31742 NCR_700_change_queue_depth 2 31742 NULL -+oom_adjust_read_25127 oom_adjust_read 3 25127 NULL ++create_table_16213 create_table 2 16213 NULL +acpi_ut_create_string_object_15360 acpi_ut_create_string_object 1 15360 NULL +pipeline_pre_to_defrag_swi_read_56321 pipeline_pre_to_defrag_swi_read 3 56321 NULL +dbg_leb_change_23555 dbg_leb_change 4 23555 NULL +vmw_framebuffer_surface_dirty_48132 vmw_framebuffer_surface_dirty 6 48132 NULL +bcm_char_read_31750 bcm_char_read 3 31750 NULL -+opera1_usb_i2c_msgxfer_64521 opera1_usb_i2c_msgxfer 4 64521 NULL ++snd_seq_device_new_31753 snd_seq_device_new 4 31753 NULL +journal_init_revoke_table_56331 journal_init_revoke_table 1 56331 NULL +set_discoverable_48141 set_discoverable 4 48141 NULL +compat_sys_process_vm_readv_15374 compat_sys_process_vm_readv 3-5 15374 NULL @@ -88203,15 +96521,14 @@ index 0000000..909d902 +tcp_match_skb_to_sack_23568 tcp_match_skb_to_sack 4 23568 NULL +snd_rawmidi_read_56337 snd_rawmidi_read 3 56337 NULL +fq_codel_zalloc_15378 fq_codel_zalloc 1 15378 NULL -+aac_srcv_ioremap_6659 aac_srcv_ioremap 2 6659 NULL ++tty_prepare_flip_string_39955 tty_prepare_flip_string 3 39955 NULL +__tcp_push_pending_frames_48148 __tcp_push_pending_frames 2 48148 NULL +iwl_dbgfs_interrupt_read_23574 iwl_dbgfs_interrupt_read 3 23574 NULL +prctl_set_mm_64538 prctl_set_mm 3 64538 NULL +ipv6_recv_error_56347 ipv6_recv_error 3 56347 NULL +vxge_os_dma_malloc_async_56348 vxge_os_dma_malloc_async 3 56348 NULL -+drm_compat_ioctl_51717 drm_compat_ioctl 2 51717 NULL -+__alloc_objio_seg_7203 __alloc_objio_seg 1 7203 NULL -+cifs_spnego_key_instantiate_23588 cifs_spnego_key_instantiate 3 23588 NULL ++isr_dma1_done_read_48159 isr_dma1_done_read 3 48159 NULL ++c4iw_id_table_alloc_48163 c4iw_id_table_alloc 3 48163 NULL +dma_push_rx_39973 dma_push_rx 2 39973 NULL +regmap_register_patch_21681 regmap_register_patch 3 21681 NULL +broadsheetfb_write_39976 broadsheetfb_write 3 39976 NULL @@ -88222,11 +96539,12 @@ index 0000000..909d902 +mthca_array_init_39987 mthca_array_init 2 39987 NULL +alloc_dummy_extent_buffer_56374 alloc_dummy_extent_buffer 2 56374 NULL +diva_os_alloc_message_buffer_64568 diva_os_alloc_message_buffer 1 64568 NULL -+ecryptfs_send_message_locked_31801 ecryptfs_send_message_locked 2 31801 NULL ++dgrp_dpa_read_1204 dgrp_dpa_read 3 1204 NULL +alloc_cc770dev_48186 alloc_cc770dev 1 48186 NULL +init_ipath_48187 init_ipath 1 48187 NULL +isr_rx_procs_read_31804 isr_rx_procs_read 3 31804 NULL +__videobuf_copy_to_user_15423 __videobuf_copy_to_user 4 15423 NULL ++tracing_saved_cmdlines_read_21434 tracing_saved_cmdlines_read 3 21434 NULL +tx_tx_burst_programmed_read_20320 tx_tx_burst_programmed_read 3 20320 NULL +sys32_ipc_7238 sys32_ipc 3 7238 NULL +sta_last_signal_read_31818 sta_last_signal_read 3 31818 NULL @@ -88234,50 +96552,55 @@ index 0000000..909d902 +dvb_ca_en50221_io_write_43533 dvb_ca_en50221_io_write 3 43533 NULL +ddp_ppod_write_idata_25610 ddp_ppod_write_idata 5 25610 NULL +ocfs2_control_read_56405 ocfs2_control_read 3 56405 NULL -+ivtvfb_write_40023 ivtvfb_write 3 40023 NULL ++nf_nat_icmpv6_reply_translation_40023 nf_nat_icmpv6_reply_translation 5 40023 NULL nohasharray ++ivtvfb_write_40023 ivtvfb_write 3 40023 &nf_nat_icmpv6_reply_translation_40023 +hpsa_change_queue_depth_15449 hpsa_change_queue_depth 2 15449 NULL +tcp_write_xmit_64602 tcp_write_xmit 2 64602 NULL +use_pool_64607 use_pool 2 64607 NULL +__get_vm_area_caller_56416 __get_vm_area_caller 1 56416 NULL nohasharray +acpi_os_write_memory_56416 acpi_os_write_memory 1-3 56416 &__get_vm_area_caller_56416 +store_msg_56417 store_msg 3 56417 NULL -+pppol2tp_sendmsg_56420 pppol2tp_sendmsg 4 56420 NULL -+sel_write_enforce_48998 sel_write_enforce 3 48998 NULL ++__i2400mu_send_barker_23652 __i2400mu_send_barker 3 23652 NULL ++nilfs_readpages_48229 nilfs_readpages 4 48229 NULL +datablob_hmac_append_40038 datablob_hmac_append 3 40038 NULL +read_file_recv_48232 read_file_recv 3 48232 NULL -+ps_poll_upsd_utilization_read_28519 ps_poll_upsd_utilization_read 3 28519 NULL -+r128_compat_ioctl_39250 r128_compat_ioctl 2 39250 NULL nohasharray -+pwr_cont_miss_bcns_spread_read_39250 pwr_cont_miss_bcns_spread_read 3 39250 &r128_compat_ioctl_39250 ++xfs_handle_to_dentry_12135 xfs_handle_to_dentry 3 12135 NULL ++set_tpl_pfs_27490 set_tpl_pfs 3 27490 NULL +fanotify_write_64623 fanotify_write 3 64623 NULL -+sys_add_key_61288 sys_add_key 4 61288 NULL ++batadv_add_packet_12136 batadv_add_packet 3 12136 NULL +rx_rate_rx_frames_per_rates_read_7282 rx_rate_rx_frames_per_rates_read 3 7282 NULL +fl_create_56435 fl_create 5 56435 NULL +gnttab_map_56439 gnttab_map 2 56439 NULL ++nouveau_devinit_create__35348 nouveau_devinit_create_ 4 35348 NULL +nfsctl_transaction_read_48250 nfsctl_transaction_read 3 48250 NULL +event_rx_pool_read_25792 event_rx_pool_read 3 25792 NULL -+cx231xx_init_isoc_56453 cx231xx_init_isoc 2-3 56453 NULL ++cx231xx_init_isoc_56453 cx231xx_init_isoc 3-2 56453 NULL +drm_mode_crtc_set_gamma_size_31881 drm_mode_crtc_set_gamma_size 2 31881 NULL +set_connectable_56458 set_connectable 4 56458 NULL +a2mp_chan_alloc_skb_cb_27159 a2mp_chan_alloc_skb_cb 2 27159 NULL -+cache_write_pipefs_48270 cache_write_pipefs 3 48270 NULL ++nfc_hci_send_response_56462 nfc_hci_send_response 5 56462 NULL +add_port_54941 add_port 2 54941 NULL +osd_req_list_partition_objects_56464 osd_req_list_partition_objects 5 56464 NULL +cx18_read_23699 cx18_read 3 23699 NULL +tlbflush_read_file_64661 tlbflush_read_file 3 64661 NULL +ieee80211_if_read_last_beacon_31257 ieee80211_if_read_last_beacon 3 31257 NULL -+manip_pkt_7741 manip_pkt 3 7741 NULL ++efx_tsoh_get_buffer_64664 efx_tsoh_get_buffer 3 64664 NULL +rx_rx_out_of_mpdu_nodes_read_64668 rx_rx_out_of_mpdu_nodes_read 3 64668 NULL +ddb_output_write_31902 ddb_output_write 3 31902 NULL ++send_set_info_48288 send_set_info 7 48288 NULL +sock_alloc_send_skb_23720 sock_alloc_send_skb 2 23720 NULL +wep_decrypt_fail_read_58567 wep_decrypt_fail_read 3 58567 NULL ++set_disc_pwup_pfs_48300 set_disc_pwup_pfs 3 48300 NULL +lpfc_idiag_extacc_read_48301 lpfc_idiag_extacc_read 3 48301 NULL +p9_check_zc_errors_15534 p9_check_zc_errors 4 15534 NULL +new_dir_31919 new_dir 3 31919 NULL +kmem_alloc_31920 kmem_alloc 1 31920 NULL +timblogiw_read_48305 timblogiw_read 3 48305 NULL ++sec_bulk_write_64691 sec_bulk_write 3 64691 NULL +mgmt_control_7349 mgmt_control 3 7349 NULL +hash_setkey_48310 hash_setkey 3 48310 NULL +ql_process_mac_rx_page_15543 ql_process_mac_rx_page 4 15543 NULL ++hfcpci_empty_fifo_2427 hfcpci_empty_fifo 4 2427 NULL +ieee80211_if_read_bssid_35161 ieee80211_if_read_bssid 3 35161 NULL +sctp_setsockopt_delayed_ack_40129 sctp_setsockopt_delayed_ack 3 40129 NULL +cfg80211_connect_result_56515 cfg80211_connect_result 4-6 56515 NULL @@ -88292,10 +96615,10 @@ index 0000000..909d902 +bnx2fc_process_unsol_compl_15576 bnx2fc_process_unsol_compl 2 15576 NULL +l1oip_socket_recv_56537 l1oip_socket_recv 6 56537 NULL +ip_options_get_56538 ip_options_get 4 56538 NULL -+ep0_read_38095 ep0_read 3 38095 NULL ++write_62671 write 3 62671 NULL +copy_from_user_toio_31966 copy_from_user_toio 3 31966 NULL -+pt_write_40159 pt_write 3 40159 NULL -+vme_user_write_15587 vme_user_write 3 15587 NULL ++tm6000_i2c_send_regs_20250 tm6000_i2c_send_regs 5 20250 NULL ++squashfs_read_inode_lookup_table_64739 squashfs_read_inode_lookup_table 4 64739 NULL +sl_change_mtu_7396 sl_change_mtu 2 7396 NULL +ceph_copy_page_vector_to_user_31270 ceph_copy_page_vector_to_user 3-4 31270 NULL +allocate_cnodes_5329 allocate_cnodes 1 5329 NULL @@ -88304,10 +96627,11 @@ index 0000000..909d902 +alloc_apertures_56561 alloc_apertures 1 56561 NULL +iscsi_complete_pdu_48372 iscsi_complete_pdu 4 48372 NULL +drm_property_create_blob_7414 drm_property_create_blob 2 7414 NULL -+tx_frag_init_called_read_48377 tx_frag_init_called_read 3 48377 NULL ++rx_path_reset_read_23801 rx_path_reset_read 3 23801 NULL +rs_sta_dbgfs_stats_table_read_56573 rs_sta_dbgfs_stats_table_read 3 56573 NULL +debug_debug2_read_30526 debug_debug2_read 3 30526 NULL +compat_fillonedir_15620 compat_fillonedir 3 15620 NULL ++set_dis_tap_pfs_15621 set_dis_tap_pfs 3 15621 NULL +ipr_alloc_ucode_buffer_40199 ipr_alloc_ucode_buffer 1 40199 NULL +dsp_cmx_send_member_15625 dsp_cmx_send_member 2 15625 NULL +portcntrs_2_read_56586 portcntrs_2_read 3 56586 NULL @@ -88316,7 +96640,7 @@ index 0000000..909d902 +sd_alloc_ctl_entry_29708 sd_alloc_ctl_entry 1 29708 NULL +proc_loginuid_read_15631 proc_loginuid_read 3 15631 NULL +__earlyonly_bootmem_alloc_23824 __earlyonly_bootmem_alloc 2 23824 NULL -+acpi_battery_write_alarm_1240 acpi_battery_write_alarm 3 1240 NULL ++realloc_buffer_25816 realloc_buffer 2 25816 NULL +isr_low_rssi_read_64789 isr_low_rssi_read 3 64789 NULL +rx_filter_ibss_filter_read_50167 rx_filter_ibss_filter_read 3 50167 NULL +ip_options_get_alloc_7448 ip_options_get_alloc 1 7448 NULL @@ -88335,18 +96659,17 @@ index 0000000..909d902 +ubi_more_leb_change_data_63534 ubi_more_leb_change_data 4 63534 NULL +vmw_cursor_update_dmabuf_32045 vmw_cursor_update_dmabuf 3-4 32045 NULL +sys_sched_setaffinity_32046 sys_sched_setaffinity 2 32046 NULL -+megaraid_change_queue_depth_64815 megaraid_change_queue_depth 2 64815 NULL ++garp_request_join_7471 garp_request_join 4 7471 NULL +ecryptfs_send_miscdev_64816 ecryptfs_send_miscdev 2 64816 NULL +copy_nodes_to_user_63807 copy_nodes_to_user 2 63807 NULL +unifi_read_14899 unifi_read 3 14899 NULL -+usbdux_attach_common_51764 usbdux_attach_common 4 51764 NULL nohasharray -+ioremap_prot_51764 ioremap_prot 1-2 51764 &usbdux_attach_common_51764 ++il_dbgfs_missed_beacon_read_59956 il_dbgfs_missed_beacon_read 3 59956 NULL +compat_sys_msgrcv_7482 compat_sys_msgrcv 2 7482 NULL -+pep_alloc_skb_46303 pep_alloc_skb 3 46303 NULL ++do_kimage_alloc_64827 do_kimage_alloc 3 64827 NULL +brcmf_usb_dl_cmd_53130 brcmf_usb_dl_cmd 4 53130 NULL +proc_scsi_devinfo_write_32064 proc_scsi_devinfo_write 3 32064 NULL +pwr_missing_bcns_read_25824 pwr_missing_bcns_read 3 25824 NULL -+evdev_do_ioctl_24459 evdev_do_ioctl 2 24459 NULL ++ipv6_recv_rxpmtu_7142 ipv6_recv_rxpmtu 3 7142 NULL +ieee80211_if_read_dot11MeshMaxPeerLinks_23878 ieee80211_if_read_dot11MeshMaxPeerLinks 3 23878 NULL +uvc_debugfs_stats_read_56651 uvc_debugfs_stats_read 3 56651 NULL +ieee80211_if_read_channel_type_23884 ieee80211_if_read_channel_type 3 23884 NULL @@ -88355,14 +96678,16 @@ index 0000000..909d902 +uf_sme_queue_message_15697 uf_sme_queue_message 3 15697 NULL +gdth_search_isa_58595 gdth_search_isa 1 58595 NULL +sdhci_alloc_host_7509 sdhci_alloc_host 2 7509 NULL ++_xfs_buf_get_pages_46811 _xfs_buf_get_pages 2 46811 NULL +rx_xfr_hint_trig_read_40283 rx_xfr_hint_trig_read 3 40283 NULL +iwch_reject_cr_23901 iwch_reject_cr 3 23901 NULL +altera_set_dr_pre_64862 altera_set_dr_pre 2 64862 NULL -+array_zalloc_7519 array_zalloc 1-2 7519 NULL ++bio_alloc_32095 bio_alloc 2 32095 NULL +shmem_setxattr_55867 shmem_setxattr 4 55867 NULL ++rfcomm_sock_setsockopt_18254 rfcomm_sock_setsockopt 5 18254 NULL +ath6kl_fwlog_read_32101 ath6kl_fwlog_read 3 32101 NULL -+krealloc_14908 krealloc 2 14908 NULL -+cifs_idmap_key_instantiate_54503 cifs_idmap_key_instantiate 3 54503 NULL ++add_new_gdb_meta_bg_23911 add_new_gdb_meta_bg 3 23911 NULL ++r8712_usbctrl_vendorreq_48489 r8712_usbctrl_vendorreq 6 48489 NULL +snd_gus_dram_read_56686 snd_gus_dram_read 4 56686 NULL +ubi_io_write_data_40305 ubi_io_write_data 4-5 40305 NULL +send_control_msg_48498 send_control_msg 6 48498 NULL @@ -88372,7 +96697,7 @@ index 0000000..909d902 +request_key_async_with_auxdata_46624 request_key_async_with_auxdata 4 46624 NULL +diva_os_copy_to_user_48508 diva_os_copy_to_user 4 48508 NULL +dvb_ringbuffer_read_user_56702 dvb_ringbuffer_read_user 3 56702 NULL -+uvc_alloc_entity_20836 uvc_alloc_entity 3-4 20836 NULL ++uvc_alloc_entity_20836 uvc_alloc_entity 4-3 20836 NULL +batadv_tt_changes_fill_buff_40323 batadv_tt_changes_fill_buff 4 40323 NULL +__alloc_skb_23940 __alloc_skb 1 23940 NULL +sta_flags_read_56710 sta_flags_read 3 56710 NULL @@ -88385,24 +96710,23 @@ index 0000000..909d902 +hsc_write_55875 hsc_write 3 55875 NULL +cifs_setxattr_23957 cifs_setxattr 4 23957 NULL +do_test_15766 do_test 1 15766 NULL -+mmio_read_40348 mmio_read 4 40348 NULL ++ieee80211_if_read_ave_beacon_64924 ieee80211_if_read_ave_beacon 3 64924 NULL +ip_recv_error_23109 ip_recv_error 3 23109 NULL +named_distribute_48544 named_distribute 4 48544 NULL -+smk_set_cipso_20379 smk_set_cipso 3 20379 NULL ++ip_generic_getfrag_12187 ip_generic_getfrag 3-4 12187 NULL +venus_link_32165 venus_link 5 32165 NULL +event_rx_mem_empty_read_40363 event_rx_mem_empty_read 3 40363 NULL +drm_agp_bind_pages_56748 drm_agp_bind_pages 3 56748 NULL +vmw_kms_present_38130 vmw_kms_present 9 38130 NULL +btrfsic_map_block_56751 btrfsic_map_block 2 56751 NULL -+zd_usb_iowrite16v_async_23984 zd_usb_iowrite16v_async 3 23984 NULL ++set_std_nic_pfs_15792 set_std_nic_pfs 3 15792 NULL +ubifs_wbuf_write_nolock_64946 ubifs_wbuf_write_nolock 3 64946 NULL +usblp_new_writeurb_22894 usblp_new_writeurb 2 22894 NULL -+bioset_integrity_create_62708 bioset_integrity_create 2 62708 NULL ++llcp_sock_recvmsg_13556 llcp_sock_recvmsg 4 13556 NULL +smk_read_direct_15803 smk_read_direct 3 15803 NULL +fwnet_incoming_packet_40380 fwnet_incoming_packet 3 40380 NULL -+pcpu_page_first_chunk_20712 pcpu_page_first_chunk 1 20712 NULL -+ip_options_get_from_user_64958 ip_options_get_from_user 4 64958 NULL -+wusb_ccm_mac_32199 wusb_ccm_mac 7 32199 NULL ++groups_alloc_7614 groups_alloc 1 7614 NULL ++cxgb_alloc_mem_24007 cxgb_alloc_mem 1 24007 NULL +traceprobe_probes_write_64969 traceprobe_probes_write 3 64969 NULL +suspend_dtim_interval_read_64971 suspend_dtim_interval_read 3 64971 NULL +ext_sd_execute_read_data_48589 ext_sd_execute_read_data 9 48589 NULL @@ -88415,24 +96739,25 @@ index 0000000..909d902 +snapshot_write_28351 snapshot_write 3 28351 NULL +event_enable_read_7074 event_enable_read 3 7074 NULL +brcmf_sdbrcm_died_dump_15841 brcmf_sdbrcm_died_dump 3 15841 NULL -+ath_descdma_setup_12257 ath_descdma_setup 5 12257 NULL +do_syslog_56807 do_syslog 3 56807 NULL ++sl_realloc_bufs_64086 sl_realloc_bufs 2 64086 NULL +pskb_pull_65005 pskb_pull 2 65005 NULL +caif_seqpkt_recvmsg_32241 caif_seqpkt_recvmsg 4 32241 NULL +lbs_lowrssi_read_32242 lbs_lowrssi_read 3 32242 NULL -+sisusbcon_scroll_31315 sisusbcon_scroll 5-3-2 31315 NULL ++sisusbcon_scroll_31315 sisusbcon_scroll 5-2-3 31315 NULL +unifi_write_65012 unifi_write 3 65012 NULL +agp_generic_alloc_user_9470 agp_generic_alloc_user 1 9470 NULL +nfs_readdata_alloc_65015 nfs_readdata_alloc 2 65015 NULL -+ubi_io_write_15870 ubi_io_write 4-5 15870 NULL nohasharray ++ubi_io_write_15870 ubi_io_write 5-4 15870 NULL nohasharray +media_entity_init_15870 media_entity_init 2-4 15870 &ubi_io_write_15870 +mtdchar_write_56831 mtdchar_write 3 56831 NULL nohasharray +ntfs_rl_realloc_56831 ntfs_rl_realloc 3 56831 &mtdchar_write_56831 -+do_ip_vs_set_ctl_48641 do_ip_vs_set_ctl 4 48641 NULL -+__mptctl_ioctl_15875 __mptctl_ioctl 2 15875 NULL -+sl_realloc_bufs_64086 sl_realloc_bufs 2 64086 NULL ++skb_copy_to_page_nocache_58624 skb_copy_to_page_nocache 6 58624 NULL ++mid_get_vbt_data_r1_26170 mid_get_vbt_data_r1 2 26170 NULL ++skb_copy_expand_7685 skb_copy_expand 2-3 7685 NULL nohasharray ++acpi_ex_allocate_name_string_7685 acpi_ex_allocate_name_string 2-1 7685 &skb_copy_expand_7685 +if_write_51756 if_write 3 51756 NULL -+tomoyo_update_policy_40458 tomoyo_update_policy 2 40458 NULL ++insert_dent_65034 insert_dent 7 65034 NULL +blkcipher_copy_iv_24075 blkcipher_copy_iv 3 24075 NULL +snd_rawmidi_kernel_write1_56847 snd_rawmidi_kernel_write1 4 56847 NULL +vb2_fop_read_24080 vb2_fop_read 3 24080 NULL @@ -88440,22 +96765,21 @@ index 0000000..909d902 +nfs_map_group_to_gid_15892 nfs_map_group_to_gid 3 15892 NULL +lc_create_48662 lc_create 3 48662 NULL +aes_encrypt_packets_read_48666 aes_encrypt_packets_read 3 48666 NULL -+dev_write_7708 dev_write 3 7708 NULL ++sm501_create_subdev_48668 sm501_create_subdev 3-4 48668 NULL nohasharray ++sys_setgroups_48668 sys_setgroups 1 48668 &sm501_create_subdev_48668 +ath9k_multi_regread_65056 ath9k_multi_regread 4 65056 NULL +brcmf_sdcard_send_buf_7713 brcmf_sdcard_send_buf 6 7713 NULL +l2cap_build_cmd_48676 l2cap_build_cmd 4 48676 NULL -+ieee80211_set_probe_resp_10077 ieee80211_set_probe_resp 3 10077 NULL +batadv_hash_new_40491 batadv_hash_new 1 40491 NULL +pipeline_post_proc_swi_read_24108 pipeline_post_proc_swi_read 3 24108 NULL +request_key_auth_read_24109 request_key_auth_read 3 24109 NULL +bnx2fc_process_l2_frame_compl_65072 bnx2fc_process_l2_frame_compl 3 65072 NULL +__alloc_bootmem_node_high_65076 __alloc_bootmem_node_high 2 65076 NULL +persistent_ram_new_40501 persistent_ram_new 1-2 40501 NULL -+__feat_register_sp_64712 __feat_register_sp 6 64712 NULL +ieee80211_send_auth_24121 ieee80211_send_auth 5 24121 NULL +altera_drscan_48698 altera_drscan 2 48698 NULL +tx_frag_in_process_called_read_1290 tx_frag_in_process_called_read 3 1290 NULL -+debug_debug3_read_56894 debug_debug3_read 3 56894 NULL ++set_bypass_pwup_pfs_7742 set_bypass_pwup_pfs 3 7742 NULL +kvm_set_irq_routing_48704 kvm_set_irq_routing 3 48704 NULL +power_read_15939 power_read 3 15939 NULL +recv_msg_48709 recv_msg 4 48709 NULL @@ -88464,23 +96788,23 @@ index 0000000..909d902 +TSS_checkhmac2_40520 TSS_checkhmac2 5-7 40520 NULL +btrfs_error_discard_extent_50444 btrfs_error_discard_extent 2 50444 NULL +irnet_ctrl_write_24139 irnet_ctrl_write 3 24139 NULL -+lpfc_idiag_drbacc_read_15948 lpfc_idiag_drbacc_read 3 15948 NULL -+process_vm_rw_pages_15954 process_vm_rw_pages 5-6 15954 NULL -+rxrpc_request_key_27235 rxrpc_request_key 3 27235 NULL ++nouveau_bar_create__32332 nouveau_bar_create_ 4 32332 NULL ++process_vm_rw_pages_15954 process_vm_rw_pages 6-5 15954 NULL ++revalidate_19043 revalidate 2 19043 NULL +t4_alloc_mem_32342 t4_alloc_mem 1 32342 NULL +aes_decrypt_fail_read_54815 aes_decrypt_fail_read 3 54815 NULL -+remap_pci_mem_15966 remap_pci_mem 1-2 15966 NULL ++trim_bitmaps_24158 trim_bitmaps 3 24158 NULL +alloc_candev_7776 alloc_candev 1-2 7776 NULL +check_header_56930 check_header 2 56930 NULL +ima_write_policy_40548 ima_write_policy 3 40548 NULL -+dispatch_ioctl_32357 dispatch_ioctl 2 32357 NULL -+i2o_parm_table_get_61635 i2o_parm_table_get 6 61635 NULL ++journal_init_revoke_56933 journal_init_revoke 2 56933 NULL +__wa_xfer_setup_segs_56725 __wa_xfer_setup_segs 2 56725 NULL +ath6kl_usb_bmi_read_48745 ath6kl_usb_bmi_read 3 48745 NULL +sel_read_initcon_32362 sel_read_initcon 3 32362 NULL +ath6kl_regwrite_read_48747 ath6kl_regwrite_read 3 48747 NULL +frame_alloc_15981 frame_alloc 4 15981 NULL -+esp_alloc_tmp_40558 esp_alloc_tmp 2-3 40558 NULL ++esp_alloc_tmp_40558 esp_alloc_tmp 3-2 40558 NULL ++nf_nat_seq_adjust_44989 nf_nat_seq_adjust 4 44989 NULL +diva_os_copy_from_user_7792 diva_os_copy_from_user 4 7792 NULL +adu_read_24177 adu_read 3 24177 NULL +alloc_fddidev_15382 alloc_fddidev 1 15382 NULL @@ -88488,25 +96812,28 @@ index 0000000..909d902 +alloc_vm_area_15989 alloc_vm_area 1 15989 NULL +variax_set_raw2_32374 variax_set_raw2 4 32374 NULL +vfd_write_14717 vfd_write 3 14717 NULL ++carl9170_rx_copy_data_21656 carl9170_rx_copy_data 2 21656 NULL +usbtmc_read_32377 usbtmc_read 3 32377 NULL +qib_alloc_devdata_51819 qib_alloc_devdata 2 51819 NULL +l2cap_segment_sdu_48772 l2cap_segment_sdu 4 48772 NULL ++dvb_generic_ioctl_21810 dvb_generic_ioctl 2 21810 NULL ++cache_write_pipefs_48270 cache_write_pipefs 3 48270 NULL +rx_defrag_called_read_1897 rx_defrag_called_read 3 1897 NULL -+ieee80211_if_read_dot11MeshHWMPpreqMinInterval_24208 ieee80211_if_read_dot11MeshHWMPpreqMinInterval 3 24208 NULL ++xfs_iext_add_indirect_multi_32400 xfs_iext_add_indirect_multi 3 32400 NULL +viafb_vt1636_proc_write_16018 viafb_vt1636_proc_write 3 16018 NULL +__cxio_init_resource_fifo_23447 __cxio_init_resource_fifo 3 23447 NULL +skge_rx_get_40598 skge_rx_get 3 40598 NULL ++nouveau_device_create__56984 nouveau_device_create_ 6 56984 NULL +register_device_60015 register_device 2-3 60015 NULL +got_frame_16028 got_frame 2 16028 NULL +ssb_bus_register_65183 ssb_bus_register 3 65183 NULL -+pcpu_embed_first_chunk_24224 pcpu_embed_first_chunk 1-3-2 24224 NULL -+icmp_manip_pkt_48801 icmp_manip_pkt 2 48801 NULL ++pcpu_embed_first_chunk_24224 pcpu_embed_first_chunk 1-2-3 24224 NULL +il3945_sta_dbgfs_stats_table_read_48802 il3945_sta_dbgfs_stats_table_read 3 48802 NULL +scsi_register_49094 scsi_register 2 49094 NULL +twa_change_queue_depth_48808 twa_change_queue_depth 2 48808 NULL +vlsi_alloc_ring_57003 vlsi_alloc_ring 3-4 57003 NULL +sel_read_bool_24236 sel_read_bool 3 24236 NULL -+buffer_from_user_51826 buffer_from_user 3 51826 NULL ++batadv_check_unicast_packet_10866 batadv_check_unicast_packet 2 10866 NULL +tcp_push_one_48816 tcp_push_one 2 48816 NULL +nfulnl_alloc_skb_65207 nfulnl_alloc_skb 2 65207 NULL +dccp_recvmsg_16056 dccp_recvmsg 4 16056 NULL @@ -88514,38 +96841,42 @@ index 0000000..909d902 +atomic_counters_read_48827 atomic_counters_read 3 48827 NULL +rx_rx_done_read_65217 rx_rx_done_read 3 65217 NULL +vc_do_resize_48842 vc_do_resize 3-4 48842 NULL -+acpi_tb_parse_root_table_53455 acpi_tb_parse_root_table 1 53455 NULL ++svc_pool_map_alloc_arrays_47181 svc_pool_map_alloc_arrays 2 47181 NULL +create_gpadl_header_19064 create_gpadl_header 2 19064 NULL +dvb_dmxdev_read_sec_7892 dvb_dmxdev_read_sec 4 7892 NULL ++snd_opl4_mem_proc_read_63774 snd_opl4_mem_proc_read 5 63774 NULL +xfs_trans_get_efi_7898 xfs_trans_get_efi 2 7898 NULL +compat_sys_preadv64_24283 compat_sys_preadv64 3 24283 NULL +pipeline_rx_complete_stat_fifo_int_read_40671 pipeline_rx_complete_stat_fifo_int_read 3 40671 NULL +viafb_dvp1_proc_write_48864 viafb_dvp1_proc_write 3 48864 NULL ++wlc_phy_loadsampletable_nphy_64367 wlc_phy_loadsampletable_nphy 3 64367 NULL +__ffs_ep0_read_events_48868 __ffs_ep0_read_events 3 48868 NULL +cx2341x_ctrl_new_std_57061 cx2341x_ctrl_new_std 4 57061 NULL +isr_tx_exch_complete_read_16103 isr_tx_exch_complete_read 3 16103 NULL +sca3000_read_data_57064 sca3000_read_data 4 57064 NULL +mid_get_vbt_data_r0_10876 mid_get_vbt_data_r0 2 10876 NULL +pcmcia_replace_cis_57066 pcmcia_replace_cis 3 57066 NULL -+sis190_try_rx_copy_57069 sis190_try_rx_copy 3 57069 NULL ++ide_driver_proc_write_32493 ide_driver_proc_write 3 32493 NULL +dma_tx_requested_read_16110 dma_tx_requested_read 3 16110 NULL nohasharray +isr_hw_pm_mode_changes_read_16110 isr_hw_pm_mode_changes_read 3 16110 &dma_tx_requested_read_16110 +sys_setgroups16_48882 sys_setgroups16 1 48882 NULL -+kmem_zalloc_greedy_65268 kmem_zalloc_greedy 2-3 65268 NULL ++kmem_zalloc_greedy_65268 kmem_zalloc_greedy 3-2 65268 NULL +nfc_hci_set_param_40697 nfc_hci_set_param 5 40697 NULL +f_hidg_write_7932 f_hidg_write 3 7932 NULL +ath6kl_add_bss_if_needed_24317 ath6kl_add_bss_if_needed 6 24317 NULL +kmalloc_parameter_65279 kmalloc_parameter 1 65279 NULL +mce_flush_rx_buffer_14976 mce_flush_rx_buffer 2 14976 NULL +mac_drv_rx_init_48898 mac_drv_rx_init 2 48898 NULL -+compat_sys_select_16131 compat_sys_select 1 16131 NULL ++sisusbcon_scroll_area_25899 sisusbcon_scroll_area 4-3 25899 NULL +xdi_copy_to_user_48900 xdi_copy_to_user 4 48900 NULL +compat_core_sys_select_65285 compat_core_sys_select 1 65285 NULL +fsm_init_16134 fsm_init 2 16134 NULL ++ext_sd_execute_write_data_8175 ext_sd_execute_write_data 9 8175 NULL +tracing_set_trace_write_57096 tracing_set_trace_write 3 57096 NULL +disconnect_32521 disconnect 4 32521 NULL +__seq_open_private_40715 __seq_open_private 3 40715 NULL -+pp_write_39554 pp_write 3 39554 NULL ++tifm_alloc_adapter_10903 tifm_alloc_adapter 1 10903 NULL ++ath6kl_wmi_add_wow_pattern_cmd_12842 ath6kl_wmi_add_wow_pattern_cmd 4 12842 NULL +mpi_set_buffer_65294 mpi_set_buffer 3 65294 NULL +redirected_tty_write_65297 redirected_tty_write 3 65297 NULL +ilo_read_32531 ilo_read 3 32531 NULL @@ -88555,13 +96886,15 @@ index 0000000..909d902 +sysfs_write_file_57116 sysfs_write_file 3 57116 NULL +gdth_isa_probe_one_48925 gdth_isa_probe_one 1 48925 NULL +kzalloc_node_24352 kzalloc_node 1 24352 NULL ++nfc_hci_execute_cmd_async_65314 nfc_hci_execute_cmd_async 5 65314 NULL +msnd_fifo_alloc_23179 msnd_fifo_alloc 2 23179 NULL +format_devstat_counter_32550 format_devstat_counter 3 32550 NULL +nfcwilink_skb_alloc_16167 nfcwilink_skb_alloc 1 16167 NULL +xfs_iext_remove_direct_40744 xfs_iext_remove_direct 3 40744 NULL -+dvb_generic_ioctl_21810 dvb_generic_ioctl 2 21810 NULL ++remap_pci_mem_15966 remap_pci_mem 1-2 15966 NULL ++qla2x00_handle_queue_full_24365 qla2x00_handle_queue_full 2 24365 NULL +cfi_read_pri_24366 cfi_read_pri 3 24366 NULL -+ima_show_htable_value_57136 ima_show_htable_value 2 57136 NULL ++btrfs_insert_delayed_dir_index_63720 btrfs_insert_delayed_dir_index 4 63720 NULL +aes_encrypt_fail_read_32562 aes_encrypt_fail_read 3 32562 NULL +card_send_command_40757 card_send_command 3 40757 NULL +sys_mbind_7990 sys_mbind 5 7990 NULL @@ -88569,9 +96902,11 @@ index 0000000..909d902 +pg_write_40766 pg_write 3 40766 NULL +event_heart_beat_read_48961 event_heart_beat_read 3 48961 NULL +uea_idma_write_64139 uea_idma_write 3 64139 NULL ++brcmf_debugfs_sdio_counter_read_58369 brcmf_debugfs_sdio_counter_read 3 58369 NULL +carl9170_rx_stream_1334 carl9170_rx_stream 3 1334 NULL -+udl_prime_create_57159 udl_prime_create 2 57159 NULL -+ablkcipher_copy_iv_64140 ablkcipher_copy_iv 3 64140 NULL ++nand_ecc_test_run_48966 nand_ecc_test_run 1 48966 NULL ++ath_descdma_setup_12257 ath_descdma_setup 5 12257 NULL ++alloc_sched_domains_47756 alloc_sched_domains 1 47756 NULL +dma_rx_requested_read_65354 dma_rx_requested_read 3 65354 NULL +batadv_orig_hash_del_if_48972 batadv_orig_hash_del_if 2 48972 NULL +tt3650_ci_msg_locked_8013 tt3650_ci_msg_locked 4 8013 NULL @@ -88579,8 +96914,8 @@ index 0000000..909d902 +getxattr_24398 getxattr 4 24398 &pvr2_v4l2_ioctl_24398 +stk_prepare_sio_buffers_57168 stk_prepare_sio_buffers 2 57168 NULL +vcs_read_8017 vcs_read 3 8017 NULL -+alloc_cpu_rmap_65363 alloc_cpu_rmap 1 65363 NULL -+create_table_16213 create_table 2 16213 NULL ++read_file_beacon_32595 read_file_beacon 3 32595 NULL ++gss_pipe_downcall_23182 gss_pipe_downcall 3 23182 NULL +rx_hw_stuck_read_57179 rx_hw_stuck_read 3 57179 NULL +iwl_dbgfs_wowlan_sram_read_540 iwl_dbgfs_wowlan_sram_read 3 540 NULL +_alloc_set_attr_list_48991 _alloc_set_attr_list 4 48991 NULL @@ -88594,32 +96929,33 @@ index 0000000..909d902 +ieee80211_rx_mgmt_beacon_24430 ieee80211_rx_mgmt_beacon 3 24430 NULL +iser_rcv_completion_8048 iser_rcv_completion 2 8048 NULL +trace_parser_get_init_31379 trace_parser_get_init 2 31379 NULL -+ms_read_multiple_pages_8052 ms_read_multiple_pages 4-5 8052 NULL ++ms_read_multiple_pages_8052 ms_read_multiple_pages 5-4 8052 NULL +__alloc_bootmem_nopanic_65397 __alloc_bootmem_nopanic 1 65397 NULL +trace_seq_to_user_65398 trace_seq_to_user 3 65398 NULL -+irda_recvmsg_dgram_32631 irda_recvmsg_dgram 4 32631 NULL ++ixgbe_alloc_q_vector_24439 ixgbe_alloc_q_vector 4-6 24439 NULL +smk_user_access_24440 smk_user_access 3 24440 NULL +xd_rw_49020 xd_rw 3-4 49020 NULL -+gss_pipe_downcall_23182 gss_pipe_downcall 3 23182 NULL ++dgrp_mon_read_8065 dgrp_mon_read 3 8065 NULL +tt3650_ci_msg_57219 tt3650_ci_msg 4 57219 NULL +mpi_alloc_limb_space_23190 mpi_alloc_limb_space 1 23190 NULL +kvmalloc_32646 kvmalloc 1 32646 NULL +alloc_targets_8074 alloc_targets 2 8074 NULL nohasharray +qla4xxx_post_ping_evt_work_8074 qla4xxx_post_ping_evt_work 4 8074 &alloc_targets_8074 -+tifm_alloc_adapter_10903 tifm_alloc_adapter 1 10903 NULL ++evdev_do_ioctl_24459 evdev_do_ioctl 2 24459 NULL +drm_calloc_large_65421 drm_calloc_large 1-2 65421 NULL -+nfc_hci_send_response_56462 nfc_hci_send_response 5 56462 NULL -+usbduxsigma_attach_common_40847 usbduxsigma_attach_common 4 40847 NULL ++set_disc_pfs_16270 set_disc_pfs 3 16270 NULL +skb_copy_and_csum_datagram_iovec_24466 skb_copy_and_csum_datagram_iovec 2 24466 NULL -+rbd_add_16366 rbd_add 3 16366 NULL ++__mxt_write_reg_57326 __mxt_write_reg 3 57326 NULL ++caif_stream_sendmsg_9110 caif_stream_sendmsg 4 9110 NULL +drbd_setsockopt_16280 drbd_setsockopt 5 16280 NULL nohasharray -+nand_bch_init_16280 nand_bch_init 2-3 16280 &drbd_setsockopt_16280 ++nand_bch_init_16280 nand_bch_init 3-2 16280 &drbd_setsockopt_16280 +xpc_kzalloc_cacheline_aligned_65433 xpc_kzalloc_cacheline_aligned 1 65433 NULL +v9fs_file_read_40858 v9fs_file_read 3 40858 NULL +fbcon_do_set_font_4079 fbcon_do_set_font 2-3 4079 NULL +pn533_init_target_frame_65438 pn533_init_target_frame 3 65438 NULL ++__mptctl_ioctl_15875 __mptctl_ioctl 2 15875 NULL +move_addr_to_kernel_32673 move_addr_to_kernel 2 32673 NULL -+stk_allocate_buffers_16291 stk_allocate_buffers 2 16291 NULL ++i915_wedged_write_47771 i915_wedged_write 3 47771 NULL +usb_alloc_coherent_65444 usb_alloc_coherent 2 65444 NULL +aes_decrypt_interrupt_read_19910 aes_decrypt_interrupt_read 3 19910 NULL +l2cap_bredr_sig_cmd_49065 l2cap_bredr_sig_cmd 3 49065 NULL @@ -88628,7 +96964,7 @@ index 0000000..909d902 +venus_lookup_8121 venus_lookup 4 8121 NULL +compat_writev_60063 compat_writev 3 60063 NULL +io_mapping_create_wc_1354 io_mapping_create_wc 1-2 1354 NULL -+pd_video_read_24510 pd_video_read 3 24510 NULL ++jfs_readpages_32702 jfs_readpages 4 32702 NULL +read_file_queue_40895 read_file_queue 3 40895 NULL +request_key_with_auxdata_24515 request_key_with_auxdata 4 24515 NULL +waiters_read_40902 waiters_read 3 40902 NULL @@ -88643,31 +96979,26 @@ index 0000000..909d902 +named_prepare_buf_24532 named_prepare_buf 2 24532 NULL +hdpvr_read_9273 hdpvr_read 3 9273 NULL +alloc_dr_65495 alloc_dr 2 65495 NULL -+ath6kl_buf_alloc_57304 ath6kl_buf_alloc 1 57304 NULL ++do_mpage_readpage_24536 do_mpage_readpage 3 24536 NULL +rs_sta_dbgfs_scale_table_read_40262 rs_sta_dbgfs_scale_table_read 3 40262 NULL +ftdi_elan_write_57309 ftdi_elan_write 3 57309 NULL -+sys_migrate_pages_39825 sys_migrate_pages 2 39825 NULL +megasas_change_queue_depth_32747 megasas_change_queue_depth 2 32747 NULL +total_ps_buffered_read_16365 total_ps_buffered_read 3 16365 NULL -+__mxt_write_reg_57326 __mxt_write_reg 3 57326 NULL -+ext_sd_execute_write_data_8175 ext_sd_execute_write_data 9 8175 NULL ++rbd_add_16366 rbd_add 3 16366 NULL ++stats_read_ul_32751 stats_read_ul 3 32751 NULL +pt_read_49136 pt_read 3 49136 NULL +tsi148_alloc_resource_24563 tsi148_alloc_resource 2 24563 NULL +snd_vx_create_40948 snd_vx_create 4 40948 NULL -+__nf_nat_mangle_tcp_packet_8190 __nf_nat_mangle_tcp_packet 5-7 8190 NULL -+tipc_multicast_49144 tipc_multicast 5 49144 NULL ++iscsi_tcp_conn_setup_16376 iscsi_tcp_conn_setup 2 16376 NULL +check_mirror_57342 check_mirror 1-2 57342 NULL nohasharray +usblp_read_57342 usblp_read 3 57342 &check_mirror_57342 +atyfb_setup_generic_49151 atyfb_setup_generic 3 49151 NULL -+_003897_hash acl_alloc 1 35979 _003897_hash NULL -+_003898_hash acl_alloc_stack_init 1 60630 _003898_hash NULL -+_003899_hash create_table 2 16213 _003899_hash NULL diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c new file mode 100644 -index 0000000..6387ddc +index 0000000..838ea58 --- /dev/null +++ b/tools/gcc/size_overflow_plugin.c -@@ -0,0 +1,1918 @@ +@@ -0,0 +1,1936 @@ +/* + * Copyright 2011, 2012 by Emese Revfy <re.emese@gmail.com> + * Licensed under the GPL v2, or (at your option) v3 @@ -88698,14 +97029,13 @@ index 0000000..6387ddc +#include "tree-flow.h" +#include "plugin.h" +#include "gimple.h" -+#include "c-common.h" +#include "diagnostic.h" +#include "cfgloop.h" + -+#if BUILDING_GCC_VERSION >= 4007 -+#include "c-tree.h" -+#else -+#define C_DECL_IMPLICIT(EXP) DECL_LANG_FLAG_2 (EXP) ++#define C_DECL_IMPLICIT(EXP) DECL_LANG_FLAG_2(EXP) ++ ++#if BUILDING_GCC_VERSION >= 4008 ++#define TODO_dump_func 0 +#endif + +struct size_overflow_hash { @@ -88720,6 +97050,8 @@ index 0000000..6387ddc + MARKED_NO, MARKED_YES, MARKED_NOT_INTENTIONAL +}; + ++static unsigned int call_count = 0; ++ +#define __unused __attribute__((__unused__)) +#define NAME(node) IDENTIFIER_POINTER(DECL_NAME(node)) +#define NAME_LEN(node) IDENTIFIER_LENGTH(DECL_NAME(node)) @@ -88747,10 +97079,8 @@ index 0000000..6387ddc +static tree get_size_overflow_type(gimple stmt, const_tree node); +static tree dup_assign(struct pointer_set_t *visited, gimple oldstmt, const_tree node, tree rhs1, tree rhs2, tree __unused rhs3); + -+static unsigned int call_count=0; -+ +static struct plugin_info size_overflow_plugin_info = { -+ .version = "20121212beta", ++ .version = "20130109beta", + .help = "no-size-overflow\tturn off size overflow checking\n", +}; + @@ -89037,7 +97367,7 @@ index 0000000..6387ddc + (code == POINTER_TYPE && TREE_CODE(TREE_TYPE(type)) == INTEGER_TYPE)); +} + -+static int find_arg_number(const_tree arg, tree func) ++static unsigned int find_arg_number(const_tree arg, tree func) +{ + tree var; + unsigned int argnum = 1; @@ -89060,8 +97390,10 @@ index 0000000..6387ddc +{ + tree new_var = create_tmp_var(type, "cicus"); + ++#if BUILDING_GCC_VERSION <= 4007 + add_referenced_var(new_var); + mark_sym_for_renaming(new_var); ++#endif + return new_var; +} + @@ -89281,11 +97613,13 @@ index 0000000..6387ddc + basic_block bb; + gimple phi; + gimple_stmt_iterator gsi = gsi_for_stmt(oldstmt); ++ gimple_seq seq; + + bb = gsi_bb(gsi); + + phi = create_phi_node(result, bb); -+ gsi = gsi_last(phi_nodes(bb)); ++ seq = phi_nodes(bb); ++ gsi = gsi_last(seq); + gsi_remove(&gsi, false); + + gsi = gsi_for_stmt(oldstmt); @@ -89300,8 +97634,8 @@ index 0000000..6387ddc + basic_block first_bb; + + first_bb = split_block_after_labels(ENTRY_BLOCK_PTR)->dest; -+ if (dom_info_available_p(CDI_DOMINATORS)) -+ set_immediate_dominator(CDI_DOMINATORS, first_bb, ENTRY_BLOCK_PTR); ++ gcc_assert(dom_info_available_p(CDI_DOMINATORS)); ++ set_immediate_dominator(CDI_DOMINATORS, first_bb, ENTRY_BLOCK_PTR); + return first_bb; +} + @@ -89447,6 +97781,10 @@ index 0000000..6387ddc + if (rhs_mode == SImode && lhs_mode == DImode && (TYPE_UNSIGNED(rhs_type) || !TYPE_UNSIGNED(lhs_type))) + return false; + ++ // skip lhs check on signed SI -> HI cast or signed SI -> QI cast ++ if (rhs_mode == SImode && !TYPE_UNSIGNED(rhs_type) && (lhs_mode == HImode || lhs_mode == QImode)) ++ return false; ++ + return true; +} + @@ -89491,21 +97829,37 @@ index 0000000..6387ddc + return true; +} + ++static tree create_cast_assign(struct pointer_set_t *visited, gimple stmt) ++{ ++ tree rhs1 = gimple_assign_rhs1(stmt); ++ tree lhs = gimple_get_lhs(stmt); ++ const_tree rhs1_type = TREE_TYPE(rhs1); ++ const_tree lhs_type = TREE_TYPE(lhs); ++ ++ if (TYPE_UNSIGNED(rhs1_type) == TYPE_UNSIGNED(lhs_type)) ++ return create_assign(visited, stmt, lhs, AFTER_STMT); ++ ++ return create_assign(visited, stmt, rhs1, AFTER_STMT); ++} ++ +static tree handle_unary_rhs(struct pointer_set_t *visited, gimple stmt) +{ -+ gimple def_stmt; + tree size_overflow_type, lhs = gimple_get_lhs(stmt); -+ tree new_rhs1, rhs1 = gimple_assign_rhs1(stmt); ++ tree new_rhs1 = NULL_TREE; ++ tree rhs1 = gimple_assign_rhs1(stmt); + const_tree rhs1_type = TREE_TYPE(rhs1); + const_tree lhs_type = TREE_TYPE(lhs); + -+ new_rhs1 = expand(visited, rhs1); ++ if (gimple_plf(stmt, MY_STMT)) ++ return lhs; + -+ if (new_rhs1 == NULL_TREE || TREE_CODE(rhs1_type) == POINTER_TYPE) ++ if (TREE_CODE(rhs1_type) == POINTER_TYPE) + return create_assign(visited, stmt, lhs, AFTER_STMT); + -+ if (gimple_plf(stmt, MY_STMT)) -+ return lhs; ++ new_rhs1 = expand(visited, rhs1); ++ ++ if (new_rhs1 == NULL_TREE) ++ return create_cast_assign(visited, stmt); + + if (gimple_plf(stmt, NO_CAST_CHECK)) + return dup_assign(visited, stmt, lhs, new_rhs1, NULL_TREE, NULL_TREE); @@ -89520,18 +97874,14 @@ index 0000000..6387ddc + if (!gimple_assign_cast_p(stmt) || check_undefined_integer_operation(stmt)) + return dup_assign(visited, stmt, lhs, new_rhs1, NULL_TREE, NULL_TREE); + ++ if (TYPE_UNSIGNED(rhs1_type) != TYPE_UNSIGNED(lhs_type)) ++ return dup_assign(visited, stmt, lhs, new_rhs1, NULL_TREE, NULL_TREE); ++ + size_overflow_type = get_size_overflow_type(stmt, rhs1); + new_rhs1 = cast_to_new_size_overflow_type(stmt, new_rhs1, size_overflow_type, BEFORE_STMT); + + check_size_overflow(stmt, size_overflow_type, new_rhs1, rhs1, BEFORE_STMT); + -+ rhs1 = gimple_assign_rhs1(stmt); -+ rhs1_type = TREE_TYPE(rhs1); -+ if (TYPE_UNSIGNED(rhs1_type) != TYPE_UNSIGNED(lhs_type)) { -+ def_stmt = get_def_stmt(new_rhs1); -+ rhs1 = gimple_assign_rhs1(def_stmt); -+ return create_assign(visited, stmt, rhs1, AFTER_STMT); -+ } + change_rhs1(stmt, new_rhs1); + + if (!check_mode_type(stmt)) @@ -89680,10 +98030,9 @@ index 0000000..6387ddc + make_edge(cond_bb, join_bb, EDGE_FALSE_VALUE); + make_edge(bb_true, join_bb, EDGE_FALLTHRU); + -+ if (dom_info_available_p(CDI_DOMINATORS)) { -+ set_immediate_dominator(CDI_DOMINATORS, bb_true, cond_bb); -+ set_immediate_dominator(CDI_DOMINATORS, join_bb, cond_bb); -+ } ++ gcc_assert(dom_info_available_p(CDI_DOMINATORS)); ++ set_immediate_dominator(CDI_DOMINATORS, bb_true, cond_bb); ++ set_immediate_dominator(CDI_DOMINATORS, join_bb, cond_bb); + + if (current_loops != NULL) { + gcc_assert(cond_bb->loop_father == join_bb->loop_father); @@ -89708,9 +98057,11 @@ index 0000000..6387ddc + gcc_assert(TREE_CODE(rhs_type) == INTEGER_TYPE || TREE_CODE(rhs_type) == BOOLEAN_TYPE || TREE_CODE(rhs_type) == ENUMERAL_TYPE); + + type_max = cast_a_tree(size_overflow_type, TYPE_MAX_VALUE(rhs_type)); -+ type_min = cast_a_tree(size_overflow_type, TYPE_MIN_VALUE(rhs_type)); ++ // typemax (-1) < typemin (0) ++ if (TREE_OVERFLOW(type_max)) ++ return; + -+ gcc_assert(!TREE_OVERFLOW(type_max)); ++ type_min = cast_a_tree(size_overflow_type, TYPE_MIN_VALUE(rhs_type)); + + cast_rhs_type = TREE_TYPE(cast_rhs); + type_max_type = TREE_TYPE(type_max); @@ -89810,7 +98161,6 @@ index 0000000..6387ddc + + rhs1 = gimple_assign_rhs1(def_stmt); + rhs1_def_stmt = get_def_stmt(rhs1); -+ gcc_assert(gimple_code(rhs1_def_stmt) != GIMPLE_NOP); + if (!gimple_assign_cast_p(rhs1_def_stmt)) + return rhs1; + @@ -90004,19 +98354,19 @@ index 0000000..6387ddc + + switch (TYPE_MODE(type)) { + case QImode: -+ new_type = (TYPE_UNSIGNED(type)) ? unsigned_intHI_type_node : intHI_type_node; ++ new_type = intHI_type_node; + break; + case HImode: -+ new_type = (TYPE_UNSIGNED(type)) ? unsigned_intSI_type_node : intSI_type_node; ++ new_type = intSI_type_node; + break; + case SImode: -+ new_type = (TYPE_UNSIGNED(type)) ? unsigned_intDI_type_node : intDI_type_node; ++ new_type = intDI_type_node; + break; + case DImode: + if (LONG_TYPE_SIZE == GET_MODE_BITSIZE(SImode)) -+ new_type = (TYPE_UNSIGNED(type)) ? unsigned_intDI_type_node : intDI_type_node; ++ new_type = intDI_type_node; + else -+ new_type = (TYPE_UNSIGNED(type)) ? unsigned_intTI_type_node : intTI_type_node; ++ new_type = intTI_type_node; + break; + default: + debug_tree((tree)node); @@ -90075,10 +98425,6 @@ index 0000000..6387ddc + if (gimple_plf(def_stmt, MY_STMT)) + return lhs; + -+ // skip char type, except PHI (FIXME: only kernel) -+ if (TYPE_MODE(TREE_TYPE(lhs)) == QImode && gimple_code(def_stmt) != GIMPLE_PHI) -+ return create_assign(visited, def_stmt, lhs, AFTER_STMT); -+ + if (pointer_set_contains(visited, def_stmt)) + return expand_visited(def_stmt); + @@ -90513,13 +98859,16 @@ index 0000000..6387ddc + .pass = { + .type = GIMPLE_PASS, + .name = "size_overflow", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = NULL, + .execute = handle_function, + .sub = NULL, + .next = NULL, + .static_pass_number = 0, + .tv_id = TV_NONE, -+ .properties_required = PROP_cfg | PROP_referenced_vars, ++ .properties_required = PROP_cfg, + .properties_provided = 0, + .properties_destroyed = 0, + .todo_flags_start = 0, @@ -90588,12 +98937,12 @@ index 0000000..6387ddc +} diff --git a/tools/gcc/stackleak_plugin.c b/tools/gcc/stackleak_plugin.c new file mode 100644 -index 0000000..38d2014 +index 0000000..ac2901e --- /dev/null +++ b/tools/gcc/stackleak_plugin.c -@@ -0,0 +1,313 @@ +@@ -0,0 +1,327 @@ +/* -+ * Copyright 2011 by the PaX Team <pageexec@freemail.hu> ++ * Copyright 2011-2013 by the PaX Team <pageexec@freemail.hu> + * Licensed under the GPL v2 + * + * Note: the choice of the license means that the compilation process is @@ -90631,6 +98980,10 @@ index 0000000..38d2014 +#include "rtl.h" +#include "emit-rtl.h" + ++#if BUILDING_GCC_VERSION >= 4008 ++#define TODO_dump_func 0 ++#endif ++ +extern void print_gimple_stmt(FILE *, gimple, int, int); + +int plugin_is_GPL_compatible; @@ -90641,7 +98994,7 @@ index 0000000..38d2014 +static bool init_locals; + +static struct plugin_info stackleak_plugin_info = { -+ .version = "201203140940", ++ .version = "201302112000", + .help = "track-lowest-sp=nn\ttrack sp in functions whose frame size is at least nn bytes\n" +// "initialize-locals\t\tforcibly initialize all stack frames\n" +}; @@ -90654,6 +99007,9 @@ index 0000000..38d2014 + .pass = { + .type = GIMPLE_PASS, + .name = "stackleak_tree_instrument", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = gate_stackleak_track_stack, + .execute = execute_stackleak_tree_instrument, + .sub = NULL, @@ -90672,6 +99028,9 @@ index 0000000..38d2014 + .pass = { + .type = RTL_PASS, + .name = "stackleak_final", ++#if BUILDING_GCC_VERSION >= 4008 ++ .optinfo_flags = OPTGROUP_NONE, ++#endif + .gate = gate_stackleak_track_stack, + .execute = execute_stackleak_final, + .sub = NULL, @@ -90808,7 +99167,7 @@ index 0000000..38d2014 + +static unsigned int execute_stackleak_final(void) +{ -+ rtx insn; ++ rtx insn, next; + + if (cfun->calls_alloca) + return 0; @@ -90818,10 +99177,11 @@ index 0000000..38d2014 + return 0; + + // 1. find pax_track_stack calls -+ for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) { ++ for (insn = get_insns(); insn; insn = next) { + // rtl match: (call_insn 8 7 9 3 (call (mem (symbol_ref ("pax_track_stack") [flags 0x41] <function_decl 0xb7470e80 pax_track_stack>) [0 S1 A8]) (4)) -1 (nil) (nil)) + rtx body; + ++ next = NEXT_INSN(insn); + if (!CALL_P(insn)) + continue; + body = PATTERN(insn); @@ -90837,10 +99197,13 @@ index 0000000..38d2014 + continue; +// warning(0, "track_frame_size: %d %ld %d", cfun->calls_alloca, get_frame_size(), track_frame_size); + // 2. delete call -+ insn = delete_insn_and_edges(insn); ++ delete_insn_and_edges(insn); +#if BUILDING_GCC_VERSION >= 4007 -+ if (GET_CODE(insn) == NOTE && NOTE_KIND(insn) == NOTE_INSN_CALL_ARG_LOCATION) -+ insn = delete_insn_and_edges(insn); ++ if (GET_CODE(next) == NOTE && NOTE_KIND(next) == NOTE_INSN_CALL_ARG_LOCATION) { ++ insn = next; ++ next = NEXT_INSN(insn); ++ delete_insn_and_edges(insn); ++ } +#endif + } + @@ -90918,10 +99281,10 @@ index 6789d78..4afd019e 100644 + #endif diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index cd197be..86ccd16 100644 +index 1cd693a..f4a7b20 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c -@@ -75,7 +75,7 @@ LIST_HEAD(vm_list); +@@ -75,12 +75,17 @@ LIST_HEAD(vm_list); static cpumask_var_t cpus_hardware_enabled; static int kvm_usage_count = 0; @@ -90930,7 +99293,18 @@ index cd197be..86ccd16 100644 struct kmem_cache *kvm_vcpu_cache; EXPORT_SYMBOL_GPL(kvm_vcpu_cache); -@@ -714,7 +714,7 @@ int __kvm_set_memory_region(struct kvm *kvm, + +-static __read_mostly struct preempt_ops kvm_preempt_ops; ++static void kvm_sched_in(struct preempt_notifier *pn, int cpu); ++static void kvm_sched_out(struct preempt_notifier *pn, struct task_struct *next); ++static struct preempt_ops kvm_preempt_ops = { ++ .sched_in = kvm_sched_in, ++ .sched_out = kvm_sched_out, ++}; + + struct dentry *kvm_debugfs_dir; + +@@ -731,7 +736,7 @@ int __kvm_set_memory_region(struct kvm *kvm, /* We can read the guest memory with __xxx_user() later on. */ if (user_alloc && ((mem->userspace_addr & (PAGE_SIZE - 1)) || @@ -90939,7 +99313,34 @@ index cd197be..86ccd16 100644 (void __user *)(unsigned long)mem->userspace_addr, mem->memory_size))) goto out; -@@ -2301,7 +2301,7 @@ static void hardware_enable_nolock(void *junk) +@@ -1783,7 +1788,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp) + return 0; + } + +-static struct file_operations kvm_vcpu_fops = { ++static file_operations_no_const kvm_vcpu_fops __read_only = { + .release = kvm_vcpu_release, + .unlocked_ioctl = kvm_vcpu_ioctl, + #ifdef CONFIG_COMPAT +@@ -2304,7 +2309,7 @@ static int kvm_vm_mmap(struct file *file, struct vm_area_struct *vma) + return 0; + } + +-static struct file_operations kvm_vm_fops = { ++static file_operations_no_const kvm_vm_fops __read_only = { + .release = kvm_vm_release, + .unlocked_ioctl = kvm_vm_ioctl, + #ifdef CONFIG_COMPAT +@@ -2402,7 +2407,7 @@ out: + return r; + } + +-static struct file_operations kvm_chardev_ops = { ++static file_operations_no_const kvm_chardev_ops __read_only = { + .unlocked_ioctl = kvm_dev_ioctl, + .compat_ioctl = kvm_dev_ioctl, + .llseek = noop_llseek, +@@ -2428,7 +2433,7 @@ static void hardware_enable_nolock(void *junk) if (r) { cpumask_clear_cpu(cpu, cpus_hardware_enabled); @@ -90948,7 +99349,7 @@ index cd197be..86ccd16 100644 printk(KERN_INFO "kvm: enabling virtualization on " "CPU%d failed\n", cpu); } -@@ -2355,10 +2355,10 @@ static int hardware_enable_all(void) +@@ -2482,10 +2487,10 @@ static int hardware_enable_all(void) kvm_usage_count++; if (kvm_usage_count == 1) { @@ -90961,7 +99362,7 @@ index cd197be..86ccd16 100644 hardware_disable_all_nolock(); r = -EBUSY; } -@@ -2719,7 +2719,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, +@@ -2843,7 +2848,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, kvm_arch_vcpu_put(vcpu); } @@ -90970,7 +99371,7 @@ index cd197be..86ccd16 100644 struct module *module) { int r; -@@ -2782,7 +2782,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2879,7 +2884,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (!vcpu_align) vcpu_align = __alignof__(struct kvm_vcpu); kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align, @@ -90979,18 +99380,25 @@ index cd197be..86ccd16 100644 if (!kvm_vcpu_cache) { r = -ENOMEM; goto out_free_3; -@@ -2792,9 +2792,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2889,9 +2894,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (r) goto out_free; -- kvm_chardev_ops.owner = module; -- kvm_vm_fops.owner = module; -- kvm_vcpu_fops.owner = module; + pax_open_kernel(); -+ *(void **)&kvm_chardev_ops.owner = module; -+ *(void **)&kvm_vm_fops.owner = module; -+ *(void **)&kvm_vcpu_fops.owner = module; + kvm_chardev_ops.owner = module; + kvm_vm_fops.owner = module; + kvm_vcpu_fops.owner = module; + pax_close_kernel(); r = misc_register(&kvm_dev); if (r) { +@@ -2901,9 +2908,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, + + register_syscore_ops(&kvm_syscore_ops); + +- kvm_preempt_ops.sched_in = kvm_sched_in; +- kvm_preempt_ops.sched_out = kvm_sched_out; +- + r = kvm_init_debug(); + if (r) { + printk(KERN_ERR "kvm: create debugfs files failed\n"); diff --git a/main/linux-grsec/ipv4-remove-output-route-check-in-ipv4_mtu.patch b/main/linux-grsec/ipv4-remove-output-route-check-in-ipv4_mtu.patch deleted file mode 100644 index 241f9b3527..0000000000 --- a/main/linux-grsec/ipv4-remove-output-route-check-in-ipv4_mtu.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 38d523e2948162776903349c89d65f7b9370dadb Mon Sep 17 00:00:00 2001 -From: Steffen Klassert <steffen.klassert@secunet.com> -Date: Wed, 16 Jan 2013 20:55:01 +0000 -Subject: [PATCH] ipv4: Remove output route check in ipv4_mtu -MIME-Version: 1.0 -Content-Type: text/plain; charset=utf8 -Content-Transfer-Encoding: 8bit - -The output route check was introduced with git commit 261663b0 -(ipv4: Don't use the cached pmtu informations for input routes) -during times when we cached the pmtu informations on the -inetpeer. Now the pmtu informations are back in the routes, -so this check is obsolete. It also had some unwanted side effects, -as reported by Timo Teras and Lukas Tribus. - -Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> -Acked-by: Timo Teräs <timo.teras@iki.fi> -Signed-off-by: David S. Miller <davem@davemloft.net> ---- - net/ipv4/route.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index 844a9ef..6e4a89c 100644 ---- a/net/ipv4/route.c -+++ b/net/ipv4/route.c -@@ -1120,7 +1120,7 @@ static unsigned int ipv4_mtu(const struct dst_entry *dst) - if (!mtu || time_after_eq(jiffies, rt->dst.expires)) - mtu = dst_metric_raw(dst, RTAX_MTU); - -- if (mtu && rt_is_output_route(rt)) -+ if (mtu) - return mtu; - - mtu = dst->dev->mtu; --- -1.7.6.5 - diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86 index 648495afc6..cd2cd898e5 100644 --- a/main/linux-grsec/kernelconfig.x86 +++ b/main/linux-grsec/kernelconfig.x86 @@ -1,10 +1,9 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/i386 3.6.9 Kernel Configuration +# Linux/i386 3.8.2 Kernel Configuration # # CONFIG_64BIT is not set CONFIG_X86_32=y -# CONFIG_X86_64 is not set CONFIG_X86=y CONFIG_INSTRUCTION_DECODER=y CONFIG_OUTPUT_FORMAT="elf32-i386" @@ -20,7 +19,6 @@ CONFIG_GENERIC_BUG=y CONFIG_GENERIC_HWEIGHT=y CONFIG_GENERIC_GPIO=y CONFIG_ARCH_MAY_HAVE_PC_FDC=y -# CONFIG_RWSEM_GENERIC_SPINLOCK is not set CONFIG_RWSEM_XCHGADD_ALGORITHM=y CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_ARCH_HAS_CPU_RELAX=y @@ -70,13 +68,7 @@ CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y # CONFIG_POSIX_MQUEUE is not set -CONFIG_BSD_PROCESS_ACCT=y -CONFIG_BSD_PROCESS_ACCT_V3=y # CONFIG_FHANDLE is not set -CONFIG_TASKSTATS=y -CONFIG_TASK_DELAY_ACCT=y -CONFIG_TASK_XACCT=y -CONFIG_TASK_IO_ACCOUNTING=y # CONFIG_AUDIT is not set CONFIG_HAVE_GENERIC_HARDIRQS=y @@ -108,6 +100,18 @@ CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y # +# CPU/Task time and stats accounting +# +# CONFIG_TICK_CPU_ACCOUNTING is not set +CONFIG_IRQ_TIME_ACCOUNTING=y +CONFIG_BSD_PROCESS_ACCT=y +CONFIG_BSD_PROCESS_ACCT_V3=y +CONFIG_TASKSTATS=y +CONFIG_TASK_DELAY_ACCT=y +CONFIG_TASK_XACCT=y +CONFIG_TASK_IO_ACCOUNTING=y + +# # RCU Subsystem # CONFIG_TREE_RCU=y @@ -117,10 +121,13 @@ CONFIG_RCU_FANOUT_LEAF=16 # CONFIG_RCU_FANOUT_EXACT is not set CONFIG_RCU_FAST_NO_HZ=y # CONFIG_TREE_RCU_TRACE is not set +# CONFIG_RCU_NOCB_CPU is not set CONFIG_IKCONFIG=m CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_WANTS_PROT_NUMA_PROT_NONE=y CONFIG_CGROUPS=y # CONFIG_CGROUP_DEBUG is not set CONFIG_CGROUP_FREEZER=y @@ -154,8 +161,10 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y CONFIG_ANON_INODES=y CONFIG_EXPERT=y +CONFIG_HAVE_UID16=y CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_ALL=y CONFIG_HOTPLUG=y @@ -213,6 +222,8 @@ CONFIG_HAVE_HW_BREAKPOINT=y CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y CONFIG_HAVE_USER_RETURN_NOTIFIER=y CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y CONFIG_HAVE_ARCH_JUMP_LABEL=y CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y @@ -220,6 +231,12 @@ CONFIG_HAVE_CMPXCHG_LOCAL=y CONFIG_HAVE_CMPXCHG_DOUBLE=y CONFIG_ARCH_WANT_IPC_PARSE_VERSION=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP_FILTER=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_MODULES_USE_ELF_REL=y +CONFIG_GENERIC_SIGALTSTACK=y +CONFIG_CLONE_BACKWARDS=y # # GCOV-based kernel profiling @@ -234,6 +251,7 @@ CONFIG_MODULE_UNLOAD=y # CONFIG_MODULE_FORCE_UNLOAD is not set CONFIG_MODVERSIONS=y # CONFIG_MODULE_SRCVERSION_ALL is not set +# CONFIG_MODULE_SIG is not set CONFIG_STOP_MACHINE=y CONFIG_BLOCK=y CONFIG_LBDAF=y @@ -276,33 +294,12 @@ CONFIG_DEFAULT_CFQ=y CONFIG_DEFAULT_IOSCHED="cfq" CONFIG_PREEMPT_NOTIFIERS=y CONFIG_PADATA=y -# CONFIG_INLINE_SPIN_TRYLOCK is not set -# CONFIG_INLINE_SPIN_TRYLOCK_BH is not set -# CONFIG_INLINE_SPIN_LOCK is not set -# CONFIG_INLINE_SPIN_LOCK_BH is not set -# CONFIG_INLINE_SPIN_LOCK_IRQ is not set -# CONFIG_INLINE_SPIN_LOCK_IRQSAVE is not set -# CONFIG_INLINE_SPIN_UNLOCK_BH is not set +CONFIG_ASN1=m CONFIG_INLINE_SPIN_UNLOCK_IRQ=y -# CONFIG_INLINE_SPIN_UNLOCK_IRQRESTORE is not set -# CONFIG_INLINE_READ_TRYLOCK is not set -# CONFIG_INLINE_READ_LOCK is not set -# CONFIG_INLINE_READ_LOCK_BH is not set -# CONFIG_INLINE_READ_LOCK_IRQ is not set -# CONFIG_INLINE_READ_LOCK_IRQSAVE is not set CONFIG_INLINE_READ_UNLOCK=y -# CONFIG_INLINE_READ_UNLOCK_BH is not set CONFIG_INLINE_READ_UNLOCK_IRQ=y -# CONFIG_INLINE_READ_UNLOCK_IRQRESTORE is not set -# CONFIG_INLINE_WRITE_TRYLOCK is not set -# CONFIG_INLINE_WRITE_LOCK is not set -# CONFIG_INLINE_WRITE_LOCK_BH is not set -# CONFIG_INLINE_WRITE_LOCK_IRQ is not set -# CONFIG_INLINE_WRITE_LOCK_IRQSAVE is not set CONFIG_INLINE_WRITE_UNLOCK=y -# CONFIG_INLINE_WRITE_UNLOCK_BH is not set CONFIG_INLINE_WRITE_UNLOCK_IRQ=y -# CONFIG_INLINE_WRITE_UNLOCK_IRQRESTORE is not set CONFIG_MUTEX_SPIN_ON_OWNER=y CONFIG_FREEZER=y @@ -323,7 +320,6 @@ CONFIG_SCHED_OMIT_FRAME_POINTER=y CONFIG_PARAVIRT_GUEST=y # CONFIG_PARAVIRT_TIME_ACCOUNTING is not set # CONFIG_XEN_PRIVILEGED_GUEST is not set -CONFIG_KVM_CLOCK=y CONFIG_KVM_GUEST=y # CONFIG_LGUEST_GUEST is not set CONFIG_PARAVIRT=y @@ -332,7 +328,6 @@ CONFIG_PARAVIRT_CLOCK=y # CONFIG_PARAVIRT_DEBUG is not set CONFIG_NO_BOOTMEM=y # CONFIG_MEMTEST is not set -# CONFIG_M386 is not set # CONFIG_M486 is not set CONFIG_M586=y # CONFIG_M586TSC is not set @@ -359,15 +354,9 @@ CONFIG_M586=y # CONFIG_MATOM is not set CONFIG_X86_GENERIC=y CONFIG_X86_INTERNODE_CACHE_SHIFT=6 -CONFIG_X86_CMPXCHG=y CONFIG_X86_L1_CACHE_SHIFT=6 -CONFIG_X86_XADD=y # CONFIG_X86_PPRO_FENCE is not set CONFIG_X86_F00F_BUG=y -CONFIG_X86_WP_WORKS_OK=y -CONFIG_X86_INVLPG=y -CONFIG_X86_BSWAP=y -CONFIG_X86_POPAD_OK=y CONFIG_X86_ALIGNMENT_16=y CONFIG_X86_INTEL_USERCOPY=y CONFIG_X86_MINIMUM_CPU_FAMILY=4 @@ -381,11 +370,9 @@ CONFIG_CPU_SUP_UMC_32=y CONFIG_HPET_TIMER=y CONFIG_HPET_EMULATE_RTC=y CONFIG_DMI=y -# CONFIG_IOMMU_HELPER is not set CONFIG_NR_CPUS=32 CONFIG_SCHED_SMT=y CONFIG_SCHED_MC=y -CONFIG_IRQ_TIME_ACCOUNTING=y # CONFIG_PREEMPT_NONE is not set CONFIG_PREEMPT_VOLUNTARY=y # CONFIG_PREEMPT is not set @@ -401,7 +388,6 @@ CONFIG_MICROCODE=m CONFIG_MICROCODE_INTEL=y CONFIG_MICROCODE_AMD=y CONFIG_MICROCODE_OLD_INTERFACE=y -# CONFIG_X86_MSR is not set CONFIG_X86_CPUID=m # CONFIG_NOHIGHMEM is not set CONFIG_HIGHMEM4G=y @@ -413,8 +399,6 @@ CONFIG_VMSPLIT_3G=y # CONFIG_VMSPLIT_1G is not set CONFIG_PAGE_OFFSET=0xC0000000 CONFIG_HIGHMEM=y -# CONFIG_ARCH_PHYS_ADDR_T_64BIT is not set -# CONFIG_ARCH_DMA_ADDR_T_64BIT is not set CONFIG_ARCH_FLATMEM_ENABLE=y CONFIG_ARCH_SPARSEMEM_ENABLE=y CONFIG_ARCH_SELECT_MEMORY_MODEL=y @@ -430,6 +414,7 @@ CONFIG_HAVE_MEMBLOCK_NODE_MAP=y CONFIG_ARCH_DISCARD_MEMBLOCK=y CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_BALLOON_COMPACTION=y CONFIG_COMPACTION=y CONFIG_MIGRATION=y # CONFIG_PHYS_ADDR_T_64BIT is not set @@ -456,6 +441,7 @@ CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 CONFIG_X86_PAT=y CONFIG_ARCH_USES_PG_UNCACHED=y CONFIG_ARCH_RANDOM=y +CONFIG_X86_SMAP=y # CONFIG_EFI is not set CONFIG_SECCOMP=y # CONFIG_HZ_100 is not set @@ -470,6 +456,8 @@ CONFIG_PHYSICAL_START=0x1000000 # CONFIG_RELOCATABLE is not set CONFIG_PHYSICAL_ALIGN=0x1000000 CONFIG_HOTPLUG_CPU=y +# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set +# CONFIG_DEBUG_HOTPLUG_CPU0 is not set # CONFIG_CMDLINE_BOOL is not set CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y @@ -498,12 +486,14 @@ CONFIG_ACPI_BUTTON=m CONFIG_ACPI_VIDEO=m CONFIG_ACPI_FAN=m CONFIG_ACPI_DOCK=y +CONFIG_ACPI_I2C=m CONFIG_ACPI_PROCESSOR=m CONFIG_ACPI_IPMI=m CONFIG_ACPI_HOTPLUG_CPU=y # CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set CONFIG_ACPI_THERMAL=m # CONFIG_ACPI_CUSTOM_DSDT is not set +# CONFIG_ACPI_INITRD_TABLE_OVERRIDE is not set CONFIG_ACPI_BLACKLIST_YEAR=0 # CONFIG_ACPI_DEBUG is not set CONFIG_ACPI_PCI_SLOT=m @@ -512,7 +502,6 @@ CONFIG_ACPI_CONTAINER=m CONFIG_ACPI_SBS=m CONFIG_ACPI_HED=m # CONFIG_ACPI_CUSTOM_METHOD is not set -CONFIG_ACPI_BGRT=m CONFIG_ACPI_APEI=y # CONFIG_ACPI_APEI_GHES is not set CONFIG_ACPI_APEI_EINJ=m @@ -525,6 +514,7 @@ CONFIG_ACPI_APEI_ERST_DEBUG=y # CONFIG_CPU_FREQ=y CONFIG_CPU_FREQ_TABLE=m +CONFIG_CPU_FREQ_GOV_COMMON=y CONFIG_CPU_FREQ_STAT=m # CONFIG_CPU_FREQ_STAT_DETAILS is not set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y @@ -543,6 +533,7 @@ CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m # CONFIG_X86_PCC_CPUFREQ=m CONFIG_X86_ACPI_CPUFREQ=m +# CONFIG_X86_ACPI_CPUFREQ_CPB is not set # CONFIG_X86_POWERNOW_K6 is not set # CONFIG_X86_POWERNOW_K7 is not set CONFIG_X86_POWERNOW_K8=m @@ -562,6 +553,7 @@ CONFIG_X86_E_POWERSAVER=m # CONFIG_X86_SPEEDSTEP_LIB=m CONFIG_CPU_IDLE=y +# CONFIG_CPU_IDLE_MULTIPLE_DRIVERS is not set CONFIG_CPU_IDLE_GOV_LADDER=y CONFIG_CPU_IDLE_GOV_MENU=y # CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set @@ -627,7 +619,6 @@ CONFIG_PD6729=m CONFIG_I82092=m CONFIG_PCCARD_NONSTATIC=y CONFIG_HOTPLUG_PCI=m -CONFIG_HOTPLUG_PCI_FAKE=m # CONFIG_HOTPLUG_PCI_COMPAQ is not set # CONFIG_HOTPLUG_PCI_IBM is not set CONFIG_HOTPLUG_PCI_ACPI=m @@ -646,6 +637,7 @@ CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE=y # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set CONFIG_HAVE_AOUT=y CONFIG_BINFMT_MISC=m +CONFIG_COREDUMP=y CONFIG_HAVE_ATOMIC_IOMAP=y CONFIG_HAVE_TEXT_POKE_SMP=y CONFIG_NET=y @@ -654,6 +646,7 @@ CONFIG_NET=y # Networking options # CONFIG_PACKET=m +CONFIG_PACKET_DIAG=m CONFIG_UNIX=y CONFIG_UNIX_DIAG=m CONFIG_XFRM=y @@ -736,6 +729,7 @@ CONFIG_IPV6_SIT=m CONFIG_IPV6_SIT_6RD=y CONFIG_IPV6_NDISC_NODETYPE=y CONFIG_IPV6_TUNNEL=m +CONFIG_IPV6_GRE=m CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_IPV6_SUBTREES=y CONFIG_IPV6_MROUTE=y @@ -781,6 +775,16 @@ CONFIG_NF_CONNTRACK_TFTP=m CONFIG_NF_CT_NETLINK=m CONFIG_NF_CT_NETLINK_TIMEOUT=m # CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set +CONFIG_NF_NAT=m +CONFIG_NF_NAT_NEEDED=y +CONFIG_NF_NAT_PROTO_DCCP=m +CONFIG_NF_NAT_PROTO_UDPLITE=m +CONFIG_NF_NAT_PROTO_SCTP=m +CONFIG_NF_NAT_AMANDA=m +CONFIG_NF_NAT_FTP=m +CONFIG_NF_NAT_IRC=m +CONFIG_NF_NAT_SIP=m +CONFIG_NF_NAT_TFTP=m CONFIG_NETFILTER_TPROXY=m CONFIG_NETFILTER_XTABLES=m @@ -806,10 +810,12 @@ CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m CONFIG_NETFILTER_XT_TARGET_MARK=m +CONFIG_NETFILTER_XT_TARGET_NETMAP=m CONFIG_NETFILTER_XT_TARGET_NFLOG=m CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m CONFIG_NETFILTER_XT_TARGET_NOTRACK=m CONFIG_NETFILTER_XT_TARGET_RATEEST=m +CONFIG_NETFILTER_XT_TARGET_REDIRECT=m CONFIG_NETFILTER_XT_TARGET_TEE=m CONFIG_NETFILTER_XT_TARGET_TPROXY=m CONFIG_NETFILTER_XT_TARGET_TRACE=m @@ -930,23 +936,14 @@ CONFIG_IP_NF_MATCH_TTL=m CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m CONFIG_IP_NF_TARGET_ULOG=m -CONFIG_NF_NAT=m -CONFIG_NF_NAT_NEEDED=y +CONFIG_NF_NAT_IPV4=m CONFIG_IP_NF_TARGET_MASQUERADE=m CONFIG_IP_NF_TARGET_NETMAP=m CONFIG_IP_NF_TARGET_REDIRECT=m CONFIG_NF_NAT_SNMP_BASIC=m -CONFIG_NF_NAT_PROTO_DCCP=m CONFIG_NF_NAT_PROTO_GRE=m -CONFIG_NF_NAT_PROTO_UDPLITE=m -CONFIG_NF_NAT_PROTO_SCTP=m -CONFIG_NF_NAT_FTP=m -CONFIG_NF_NAT_IRC=m -CONFIG_NF_NAT_TFTP=m -CONFIG_NF_NAT_AMANDA=m CONFIG_NF_NAT_PPTP=m CONFIG_NF_NAT_H323=m -CONFIG_NF_NAT_SIP=m CONFIG_IP_NF_MANGLE=m CONFIG_IP_NF_TARGET_CLUSTERIP=m CONFIG_IP_NF_TARGET_ECN=m @@ -976,6 +973,9 @@ CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_REJECT=m CONFIG_IP6_NF_MANGLE=m CONFIG_IP6_NF_RAW=m +CONFIG_NF_NAT_IPV6=m +CONFIG_IP6_NF_TARGET_MASQUERADE=m +CONFIG_IP6_NF_TARGET_NPT=m # # DECnet: Netfilter Configuration @@ -1023,15 +1023,17 @@ CONFIG_IP_SCTP=m CONFIG_NET_SCTPPROBE=m # CONFIG_SCTP_DBG_MSG is not set # CONFIG_SCTP_DBG_OBJCNT is not set -# CONFIG_SCTP_HMAC_NONE is not set -CONFIG_SCTP_HMAC_SHA1=y -# CONFIG_SCTP_HMAC_MD5 is not set +CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y +# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1 is not set +# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_NONE is not set +CONFIG_SCTP_COOKIE_HMAC_MD5=y +CONFIG_SCTP_COOKIE_HMAC_SHA1=y CONFIG_RDS=m # CONFIG_RDS_RDMA is not set # CONFIG_RDS_TCP is not set # CONFIG_RDS_DEBUG is not set CONFIG_TIPC=m -# CONFIG_TIPC_ADVANCED is not set +CONFIG_TIPC_PORTS=8191 CONFIG_ATM=m CONFIG_ATM_CLIP=m # CONFIG_ATM_CLIP_NO_ICMP is not set @@ -1047,7 +1049,11 @@ CONFIG_L2TP_ETH=m CONFIG_STP=m CONFIG_BRIDGE=m CONFIG_BRIDGE_IGMP_SNOOPING=y -# CONFIG_NET_DSA is not set +CONFIG_HAVE_NET_DSA=y +CONFIG_NET_DSA=m +CONFIG_NET_DSA_TAG_DSA=y +CONFIG_NET_DSA_TAG_EDSA=y +CONFIG_NET_DSA_TAG_TRAILER=y CONFIG_VLAN_8021Q=m # CONFIG_VLAN_8021Q_GVRP is not set CONFIG_DECNET=m @@ -1311,8 +1317,13 @@ CONFIG_DEBUG_DEVRES=y CONFIG_REGMAP=y CONFIG_REGMAP_I2C=m CONFIG_REGMAP_SPI=m +CONFIG_REGMAP_MMIO=m CONFIG_DMA_SHARED_BUFFER=y # CONFIG_CMA is not set + +# +# Bus devices +# CONFIG_CONNECTOR=m CONFIG_MTD=m CONFIG_MTD_TESTS=m @@ -1426,12 +1437,11 @@ CONFIG_MTD_DOCPROBE_ADDRESS=0x0000 CONFIG_MTD_NAND_ECC=m CONFIG_MTD_NAND_ECC_SMC=y CONFIG_MTD_NAND=m -# CONFIG_MTD_NAND_VERIFY_WRITE is not set # CONFIG_MTD_NAND_ECC_BCH is not set CONFIG_MTD_SM_COMMON=m # CONFIG_MTD_NAND_MUSEUM_IDS is not set CONFIG_MTD_NAND_DENALI=m -CONFIG_MTD_NAND_DENALI_SCRATCH_REG_ADDR=0xFF108018 +# CONFIG_MTD_NAND_DENALI_PCI is not set CONFIG_MTD_NAND_IDS=m CONFIG_MTD_NAND_RICOH=m CONFIG_MTD_NAND_DISKONCHIP=m @@ -1458,7 +1468,8 @@ CONFIG_MTD_LPDDR=m CONFIG_MTD_QINFO_PROBE=m CONFIG_MTD_UBI=m CONFIG_MTD_UBI_WL_THRESHOLD=4096 -CONFIG_MTD_UBI_BEB_RESERVE=1 +CONFIG_MTD_UBI_BEB_LIMIT=20 +# CONFIG_MTD_UBI_FASTMAP is not set # CONFIG_MTD_UBI_GLUEBI is not set CONFIG_PARPORT=m CONFIG_PARPORT_PC=m @@ -1496,7 +1507,6 @@ CONFIG_BLK_DEV_NBD=m CONFIG_BLK_DEV_NVME=m CONFIG_BLK_DEV_OSD=m CONFIG_BLK_DEV_SX8=m -CONFIG_BLK_DEV_UB=m CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM_COUNT=16 CONFIG_BLK_DEV_RAM_SIZE=4096 @@ -1659,6 +1669,9 @@ CONFIG_MEGARAID_SAS=m CONFIG_SCSI_MPT2SAS=m CONFIG_SCSI_MPT2SAS_MAX_SGE=128 # CONFIG_SCSI_MPT2SAS_LOGGING is not set +CONFIG_SCSI_MPT3SAS=m +CONFIG_SCSI_MPT3SAS_MAX_SGE=128 +# CONFIG_SCSI_MPT3SAS_LOGGING is not set CONFIG_SCSI_UFSHCD=m CONFIG_SCSI_HPTIOP=m CONFIG_SCSI_BUSLOGIC=m @@ -1706,6 +1719,7 @@ CONFIG_SCSI_PM8001=m CONFIG_SCSI_SRP=m # CONFIG_SCSI_BFA_FC is not set CONFIG_SCSI_VIRTIO=m +# CONFIG_SCSI_CHELSIO_FCOE is not set # CONFIG_SCSI_LOWLEVEL_PCMCIA is not set CONFIG_SCSI_DH=m CONFIG_SCSI_DH_RDAC=m @@ -1744,6 +1758,7 @@ CONFIG_ATA_BMDMA=y # SATA SFF controllers with BMDMA # CONFIG_ATA_PIIX=m +CONFIG_SATA_HIGHBANK=m CONFIG_SATA_MV=m CONFIG_SATA_NV=m CONFIG_SATA_PROMISE=m @@ -1829,6 +1844,7 @@ CONFIG_MD_FAULTY=m CONFIG_BLK_DEV_DM=m # CONFIG_DM_DEBUG is not set CONFIG_DM_BUFIO=m +CONFIG_DM_BIO_PRISON=m CONFIG_DM_PERSISTENT_DATA=m CONFIG_DM_CRYPT=m CONFIG_DM_SNAPSHOT=m @@ -1886,10 +1902,6 @@ CONFIG_DUMMY=m CONFIG_EQUALIZER=m # CONFIG_NET_FC is not set CONFIG_MII=m -CONFIG_IEEE802154_DRIVERS=m -CONFIG_IEEE802154_FAKEHARD=m -CONFIG_IEEE802154_FAKELB=m -# CONFIG_IEEE802154_AT86RF230 is not set CONFIG_IFB=m CONFIG_NET_TEAM=m CONFIG_NET_TEAM_MODE_BROADCAST=m @@ -1898,6 +1910,7 @@ CONFIG_NET_TEAM_MODE_ACTIVEBACKUP=m CONFIG_NET_TEAM_MODE_LOADBALANCE=m CONFIG_MACVLAN=m CONFIG_MACVTAP=m +CONFIG_VXLAN=m CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y @@ -1952,6 +1965,15 @@ CONFIG_ATM_SOLOS=m # # CAIF transport drivers # + +# +# Distributed Switch Architecture drivers +# +CONFIG_NET_DSA_MV88E6XXX=m +CONFIG_NET_DSA_MV88E6060=m +CONFIG_NET_DSA_MV88E6XXX_NEED_PPU=y +CONFIG_NET_DSA_MV88E6131=m +CONFIG_NET_DSA_MV88E6123_61_65=m CONFIG_ETHERNET=y CONFIG_MDIO=m CONFIG_NET_VENDOR_3COM=y @@ -1973,6 +1995,9 @@ CONFIG_ATL2=m CONFIG_ATL1=m CONFIG_ATL1E=m CONFIG_ATL1C=m +CONFIG_NET_CADENCE=y +# CONFIG_ARM_AT91_ETHER is not set +# CONFIG_MACB is not set CONFIG_NET_VENDOR_BROADCOM=y CONFIG_B44=m CONFIG_B44_PCI_AUTOSELECT=y @@ -2029,19 +2054,18 @@ CONFIG_E1000=m CONFIG_E1000E=m CONFIG_IGB=m CONFIG_IGB_DCA=y -# CONFIG_IGB_PTP is not set CONFIG_IGBVF=m CONFIG_IXGB=m CONFIG_IXGBE=m CONFIG_IXGBE_HWMON=y CONFIG_IXGBE_DCA=y -# CONFIG_IXGBE_PTP is not set # CONFIG_IXGBEVF is not set CONFIG_NET_VENDOR_I825XX=y # CONFIG_ZNET is not set CONFIG_IP1000=m CONFIG_JME=m CONFIG_NET_VENDOR_MARVELL=y +# CONFIG_MVMDIO is not set CONFIG_SKGE=m # CONFIG_SKGE_DEBUG is not set CONFIG_SKGE_GENESIS=y @@ -2151,6 +2175,7 @@ CONFIG_PHYLIB=m # # MII PHY device drivers # +# CONFIG_AT803X_PHY is not set CONFIG_AMD_PHY=m CONFIG_MARVELL_PHY=m CONFIG_DAVICOM_PHY=m @@ -2201,6 +2226,7 @@ CONFIG_USB_NET_AX8817X=m CONFIG_USB_NET_CDCETHER=m CONFIG_USB_NET_CDC_EEM=m CONFIG_USB_NET_CDC_NCM=m +# CONFIG_USB_NET_CDC_MBIM is not set CONFIG_USB_NET_DM9601=m CONFIG_USB_NET_SMSC75XX=m CONFIG_USB_NET_SMSC95XX=m @@ -2248,6 +2274,7 @@ CONFIG_ADM8211=m CONFIG_MAC80211_HWSIM=m CONFIG_MWL8K=m CONFIG_ATH_COMMON=m +CONFIG_ATH_CARDS=m # CONFIG_ATH_DEBUG is not set CONFIG_ATH5K=m # CONFIG_ATH5K_DEBUG is not set @@ -2270,6 +2297,9 @@ CONFIG_ATH6KL=m CONFIG_ATH6KL_SDIO=m CONFIG_ATH6KL_USB=m CONFIG_ATH6KL_DEBUG=y +CONFIG_AR5523=m +CONFIG_WIL6210=m +CONFIG_WIL6210_ISR_COR=y CONFIG_B43=m CONFIG_B43_SSB=y CONFIG_B43_PCI_AUTOSELECT=y @@ -2320,7 +2350,6 @@ CONFIG_IWLDVM=m # # CONFIG_IWLWIFI_DEBUG is not set # CONFIG_IWLWIFI_P2P is not set -# CONFIG_IWLWIFI_EXPERIMENTAL_MFP is not set CONFIG_IWLEGACY=m CONFIG_IWL4965=m CONFIG_IWL3945=m @@ -2378,6 +2407,7 @@ CONFIG_RT2X00_LIB_LEDS=y CONFIG_RTL8192CE=m CONFIG_RTL8192SE=m CONFIG_RTL8192DE=m +CONFIG_RTL8723AE=m CONFIG_RTL8192CU=m CONFIG_RTLWIFI=m # CONFIG_RTLWIFI_DEBUG is not set @@ -2431,6 +2461,11 @@ CONFIG_LAPBETHER=m CONFIG_X25_ASY=m CONFIG_SBNI=m CONFIG_SBNI_MULTILINE=y +CONFIG_IEEE802154_DRIVERS=m +CONFIG_IEEE802154_FAKEHARD=m +CONFIG_IEEE802154_FAKELB=m +# CONFIG_IEEE802154_AT86RF230 is not set +CONFIG_IEEE802154_MRF24J40=m CONFIG_VMXNET3=m CONFIG_HYPERV_NET=m CONFIG_ISDN=y @@ -2528,7 +2563,6 @@ CONFIG_KEYBOARD_ATKBD=y # CONFIG_KEYBOARD_OPENCORES is not set # CONFIG_KEYBOARD_STOWAWAY is not set # CONFIG_KEYBOARD_SUNKBD is not set -# CONFIG_KEYBOARD_OMAP4 is not set # CONFIG_KEYBOARD_XTKBD is not set CONFIG_INPUT_MOUSE=y CONFIG_MOUSE_PS2=m @@ -2563,7 +2597,6 @@ CONFIG_TOUCHSCREEN_CY8CTMG110=m CONFIG_TOUCHSCREEN_DYNAPRO=m CONFIG_TOUCHSCREEN_HAMPSHIRE=m CONFIG_TOUCHSCREEN_EETI=m -CONFIG_TOUCHSCREEN_EGALAX=m CONFIG_TOUCHSCREEN_FUJITSU=m # CONFIG_TOUCHSCREEN_ILI210X is not set CONFIG_TOUCHSCREEN_GUNZE=m @@ -2634,6 +2667,7 @@ CONFIG_INPUT_CM109=m CONFIG_INPUT_UINPUT=m CONFIG_INPUT_PCF50633_PMU=m CONFIG_INPUT_PCF8574=m +# CONFIG_INPUT_PWM_BEEPER is not set CONFIG_INPUT_GPIO_ROTARY_ENCODER=m CONFIG_INPUT_ADXL34X=m CONFIG_INPUT_ADXL34X_I2C=m @@ -2654,6 +2688,7 @@ CONFIG_SERIO_LIBPS2=y CONFIG_SERIO_RAW=m CONFIG_SERIO_ALTERA_PS2=m CONFIG_SERIO_PS2MULT=m +# CONFIG_SERIO_ARC_PS2 is not set # CONFIG_GAMEPORT is not set # @@ -2688,10 +2723,10 @@ CONFIG_STALDRV=y # Serial drivers # CONFIG_SERIAL_8250=y +CONFIG_SERIAL_8250_PNP=y CONFIG_SERIAL_8250_CONSOLE=y CONFIG_FIX_EARLYCON_MEM=y CONFIG_SERIAL_8250_PCI=y -CONFIG_SERIAL_8250_PNP=y CONFIG_SERIAL_8250_CS=m CONFIG_SERIAL_8250_NR_UARTS=16 CONFIG_SERIAL_8250_RUNTIME_UARTS=4 @@ -2705,13 +2740,14 @@ CONFIG_SERIAL_8250_RSA=y # Non-8250 serial port support # CONFIG_SERIAL_MAX3100=m -CONFIG_SERIAL_MAX3107=m +# CONFIG_SERIAL_MAX310X is not set CONFIG_SERIAL_MRST_MAX3110=m CONFIG_SERIAL_MFD_HSU=m CONFIG_SERIAL_UARTLITE=m CONFIG_SERIAL_CORE=y CONFIG_SERIAL_CORE_CONSOLE=y CONFIG_SERIAL_JSM=m +# CONFIG_SERIAL_SCCNXP is not set CONFIG_SERIAL_TIMBERDALE=m CONFIG_SERIAL_ALTERA_JTAGUART=m CONFIG_SERIAL_ALTERA_UART=m @@ -2719,7 +2755,8 @@ CONFIG_SERIAL_ALTERA_UART_MAXPORTS=4 CONFIG_SERIAL_ALTERA_UART_BAUDRATE=115200 CONFIG_SERIAL_IFX6X60=m CONFIG_SERIAL_PCH_UART=m -# CONFIG_SERIAL_XILINX_PS_UART is not set +CONFIG_SERIAL_ARC=m +CONFIG_SERIAL_ARC_NR_PORTS=1 # CONFIG_TTY_PRINTK is not set CONFIG_PRINTER=m # CONFIG_LP_CONSOLE is not set @@ -2739,6 +2776,7 @@ CONFIG_HW_RANDOM_AMD=m CONFIG_HW_RANDOM_GEODE=m CONFIG_HW_RANDOM_VIA=m CONFIG_HW_RANDOM_VIRTIO=m +CONFIG_HW_RANDOM_TPM=m CONFIG_NVRAM=m CONFIG_R3964=m CONFIG_APPLICOM=m @@ -2762,6 +2800,7 @@ CONFIG_HPET_MMAP=y CONFIG_HANGCHECK_TIMER=m CONFIG_TCG_TPM=m CONFIG_TCG_TIS=m +# CONFIG_TCG_TIS_I2C_INFINEON is not set CONFIG_TCG_NSC=m CONFIG_TCG_ATMEL=m CONFIG_TCG_INFINEON=m @@ -2815,6 +2854,7 @@ CONFIG_I2C_SCMI=m # # I2C system bus drivers (mostly embedded / system-on-chip) # +# CONFIG_I2C_CBUS_GPIO is not set # CONFIG_I2C_DESIGNWARE_PCI is not set CONFIG_I2C_EG20T=m CONFIG_I2C_GPIO=m @@ -2837,8 +2877,8 @@ CONFIG_I2C_TINY_USB=m # # Other I2C/SMBus bus drivers # -CONFIG_I2C_STUB=m # CONFIG_SCx200_ACB is not set +CONFIG_I2C_STUB=m # CONFIG_I2C_DEBUG_CORE is not set # CONFIG_I2C_DEBUG_ALGO is not set # CONFIG_I2C_DEBUG_BUS is not set @@ -2857,6 +2897,7 @@ CONFIG_SPI_LM70_LLP=m # CONFIG_SPI_OC_TINY is not set CONFIG_SPI_PXA2XX=m CONFIG_SPI_PXA2XX_PCI=y +# CONFIG_SPI_SC18IS602 is not set CONFIG_SPI_TOPCLIFF_PCH=m CONFIG_SPI_XCOMM=m # CONFIG_SPI_XILINX is not set @@ -2891,9 +2932,12 @@ CONFIG_PPS_CLIENT_LDISC=m # # PTP clock support # -# CONFIG_PTP_1588_CLOCK is not set +CONFIG_PTP_1588_CLOCK=m +# CONFIG_DP83640_PHY is not set +CONFIG_PTP_1588_CLOCK_PCH=m CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y CONFIG_GPIOLIB=y +CONFIG_GPIO_ACPI=y # CONFIG_DEBUG_GPIO is not set CONFIG_GPIO_SYSFS=y CONFIG_GPIO_MAX730X=m @@ -2903,6 +2947,7 @@ CONFIG_GPIO_MAX730X=m # # CONFIG_GPIO_GENERIC_PLATFORM is not set CONFIG_GPIO_IT8761E=m +# CONFIG_GPIO_TS5500 is not set CONFIG_GPIO_SCH=m CONFIG_GPIO_ICH=m CONFIG_GPIO_VX855=m @@ -2944,6 +2989,10 @@ CONFIG_GPIO_74X164=m # MODULbus GPIO expanders: # CONFIG_GPIO_JANZ_TTL=m + +# +# USB GPIO expanders: +# # CONFIG_W1 is not set CONFIG_POWER_SUPPLY=y # CONFIG_POWER_SUPPLY_DEBUG is not set @@ -2961,7 +3010,9 @@ CONFIG_POWER_SUPPLY=y # CONFIG_CHARGER_MAX8903 is not set # CONFIG_CHARGER_LP8727 is not set # CONFIG_CHARGER_GPIO is not set +# CONFIG_CHARGER_BQ2415X is not set # CONFIG_CHARGER_SMB347 is not set +# CONFIG_POWER_RESET is not set # CONFIG_POWER_AVS is not set CONFIG_HWMON=m CONFIG_HWMON_VID=m @@ -2982,6 +3033,7 @@ CONFIG_SENSORS_ADM1026=m CONFIG_SENSORS_ADM1029=m CONFIG_SENSORS_ADM1031=m CONFIG_SENSORS_ADM9240=m +# CONFIG_SENSORS_ADT7410 is not set CONFIG_SENSORS_ADT7411=m CONFIG_SENSORS_ADT7462=m CONFIG_SENSORS_ADT7470=m @@ -3033,6 +3085,7 @@ CONFIG_SENSORS_MAX1111=m CONFIG_SENSORS_MAX16065=m CONFIG_SENSORS_MAX1619=m CONFIG_SENSORS_MAX1668=m +# CONFIG_SENSORS_MAX197 is not set CONFIG_SENSORS_MAX6639=m CONFIG_SENSORS_MAX6642=m CONFIG_SENSORS_MAX6650=m @@ -3097,6 +3150,13 @@ CONFIG_SENSORS_APPLESMC=m CONFIG_SENSORS_ACPI_POWER=m CONFIG_SENSORS_ATK0110=m CONFIG_THERMAL=y +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_FAIR_SHARE is not set +CONFIG_STEP_WISE=y +# CONFIG_USER_SPACE is not set +# CONFIG_CPU_THERMAL is not set CONFIG_WATCHDOG=y CONFIG_WATCHDOG_CORE=y # CONFIG_WATCHDOG_NOWAYOUT is not set @@ -3173,6 +3233,7 @@ CONFIG_SSB_SDIOHOST=y # CONFIG_SSB_DEBUG is not set CONFIG_SSB_DRIVER_PCICORE_POSSIBLE=y CONFIG_SSB_DRIVER_PCICORE=y +# CONFIG_SSB_DRIVER_GPIO is not set CONFIG_BCMA_POSSIBLE=y # @@ -3186,6 +3247,8 @@ CONFIG_BCMA_POSSIBLE=y CONFIG_MFD_CORE=m CONFIG_MFD_SM501=m # CONFIG_MFD_SM501_GPIO is not set +# CONFIG_MFD_RTSX_PCI is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set CONFIG_HTC_PASIC3=m CONFIG_UCB1400_CORE=m # CONFIG_MFD_LM3533 is not set @@ -3215,6 +3278,8 @@ CONFIG_MFD_RDC321X=m CONFIG_MFD_JANZ_CMODIO=m CONFIG_MFD_VX855=m CONFIG_MFD_WL1273_CORE=m +# CONFIG_MFD_VIPERBOARD is not set +# CONFIG_MFD_RETU is not set # CONFIG_REGULATOR is not set CONFIG_MEDIA_SUPPORT=m @@ -3228,16 +3293,28 @@ CONFIG_MEDIA_DIGITAL_TV_SUPPORT=y CONFIG_MEDIA_RC_SUPPORT=y CONFIG_MEDIA_CONTROLLER=y CONFIG_VIDEO_DEV=m -CONFIG_VIDEO_V4L2_COMMON=m CONFIG_VIDEO_V4L2_SUBDEV_API=y +CONFIG_VIDEO_V4L2=m +# CONFIG_VIDEO_ADV_DEBUG is not set +# CONFIG_VIDEO_FIXED_MINOR_RANGES is not set +CONFIG_VIDEO_TUNER=m +CONFIG_V4L2_MEM2MEM_DEV=m +CONFIG_VIDEOBUF_GEN=m +CONFIG_VIDEOBUF_DMA_SG=m +CONFIG_VIDEOBUF_VMALLOC=m +CONFIG_VIDEOBUF_DVB=m +CONFIG_VIDEOBUF2_CORE=m +CONFIG_VIDEOBUF2_MEMOPS=m +CONFIG_VIDEOBUF2_DMA_CONTIG=m +CONFIG_VIDEOBUF2_VMALLOC=m CONFIG_DVB_CORE=m CONFIG_DVB_NET=y +CONFIG_DVB_MAX_ADAPTERS=8 +# CONFIG_DVB_DYNAMIC_MINORS is not set # # Media drivers # -CONFIG_VIDEO_SAA7146=m -CONFIG_VIDEO_SAA7146_VV=m CONFIG_RC_CORE=m CONFIG_RC_MAP=m CONFIG_RC_DECODERS=y @@ -3262,153 +3339,10 @@ CONFIG_IR_REDRAT3=m CONFIG_IR_STREAMZAP=m CONFIG_IR_WINBOND_CIR=m CONFIG_IR_IGUANA=m +# CONFIG_IR_TTUSBIR is not set CONFIG_RC_LOOPBACK=m CONFIG_IR_GPIO_CIR=m -CONFIG_MEDIA_ATTACH=y -CONFIG_MEDIA_TUNER=m -# CONFIG_MEDIA_TUNER_CUSTOMISE is not set -CONFIG_MEDIA_TUNER_SIMPLE=m -CONFIG_MEDIA_TUNER_TDA8290=m -CONFIG_MEDIA_TUNER_TDA827X=m -CONFIG_MEDIA_TUNER_TDA18271=m -CONFIG_MEDIA_TUNER_TDA9887=m -CONFIG_MEDIA_TUNER_MT20XX=m -CONFIG_MEDIA_TUNER_MT2060=m -CONFIG_MEDIA_TUNER_MT2063=m -CONFIG_MEDIA_TUNER_MT2266=m -CONFIG_MEDIA_TUNER_MT2131=m -CONFIG_MEDIA_TUNER_QT1010=m -CONFIG_MEDIA_TUNER_XC2028=m -CONFIG_MEDIA_TUNER_XC5000=m -CONFIG_MEDIA_TUNER_XC4000=m -CONFIG_MEDIA_TUNER_MXL5005S=m -CONFIG_MEDIA_TUNER_MXL5007T=m -CONFIG_MEDIA_TUNER_MC44S803=m -CONFIG_MEDIA_TUNER_MAX2165=m -CONFIG_MEDIA_TUNER_TDA18218=m -CONFIG_MEDIA_TUNER_FC0011=m -CONFIG_MEDIA_TUNER_FC0012=m -CONFIG_MEDIA_TUNER_FC0013=m -CONFIG_MEDIA_TUNER_TDA18212=m -CONFIG_MEDIA_TUNER_TUA9001=m -CONFIG_VIDEO_V4L2=m -CONFIG_VIDEOBUF_GEN=m -CONFIG_VIDEOBUF_DMA_SG=m -CONFIG_VIDEOBUF_VMALLOC=m -CONFIG_VIDEOBUF_DVB=m -CONFIG_VIDEO_BTCX=m -CONFIG_VIDEO_TVEEPROM=m -CONFIG_VIDEO_TUNER=m -CONFIG_V4L2_MEM2MEM_DEV=m -CONFIG_VIDEOBUF2_CORE=m -CONFIG_VIDEOBUF2_MEMOPS=m -CONFIG_VIDEOBUF2_VMALLOC=m -CONFIG_VIDEO_CAPTURE_DRIVERS=y -# CONFIG_VIDEO_ADV_DEBUG is not set -# CONFIG_VIDEO_FIXED_MINOR_RANGES is not set -# CONFIG_VIDEO_HELPER_CHIPS_AUTO is not set -CONFIG_VIDEO_IR_I2C=m - -# -# Encoders, decoders, sensors and other helper chips -# - -# -# Audio decoders, processors and mixers -# -CONFIG_VIDEO_TVAUDIO=m -CONFIG_VIDEO_TDA7432=m -CONFIG_VIDEO_TDA9840=m -CONFIG_VIDEO_TEA6415C=m -CONFIG_VIDEO_TEA6420=m -CONFIG_VIDEO_MSP3400=m -CONFIG_VIDEO_CS5345=m -CONFIG_VIDEO_CS53L32A=m -CONFIG_VIDEO_TLV320AIC23B=m -CONFIG_VIDEO_WM8775=m -CONFIG_VIDEO_WM8739=m -CONFIG_VIDEO_VP27SMPX=m - -# -# RDS decoders -# -CONFIG_VIDEO_SAA6588=m - -# -# Video decoders -# -CONFIG_VIDEO_ADV7180=m -CONFIG_VIDEO_ADV7183=m -CONFIG_VIDEO_BT819=m -CONFIG_VIDEO_BT856=m -CONFIG_VIDEO_BT866=m -CONFIG_VIDEO_KS0127=m -CONFIG_VIDEO_SAA7110=m -CONFIG_VIDEO_SAA711X=m -CONFIG_VIDEO_SAA7191=m -CONFIG_VIDEO_TVP514X=m -CONFIG_VIDEO_TVP5150=m -CONFIG_VIDEO_TVP7002=m -CONFIG_VIDEO_VPX3220=m - -# -# Video and audio decoders -# -CONFIG_VIDEO_SAA717X=m -CONFIG_VIDEO_CX25840=m - -# -# MPEG video encoders -# -CONFIG_VIDEO_CX2341X=m - -# -# Video encoders -# -CONFIG_VIDEO_SAA7127=m -CONFIG_VIDEO_SAA7185=m -CONFIG_VIDEO_ADV7170=m -CONFIG_VIDEO_ADV7175=m -CONFIG_VIDEO_ADV7343=m -CONFIG_VIDEO_ADV7393=m -CONFIG_VIDEO_AK881X=m - -# -# Camera sensor devices -# -CONFIG_VIDEO_APTINA_PLL=m -CONFIG_VIDEO_OV7670=m -CONFIG_VIDEO_VS6624=m -CONFIG_VIDEO_MT9M032=m -CONFIG_VIDEO_MT9P031=m -CONFIG_VIDEO_MT9T001=m -CONFIG_VIDEO_MT9V011=m -CONFIG_VIDEO_MT9V032=m -CONFIG_VIDEO_TCM825X=m -# CONFIG_VIDEO_SR030PC30 is not set -CONFIG_VIDEO_NOON010PC30=m -# CONFIG_VIDEO_M5MOLS is not set -# CONFIG_VIDEO_S5K6AA is not set - -# -# Flash devices -# -# CONFIG_VIDEO_ADP1653 is not set -# CONFIG_VIDEO_AS3645A is not set - -# -# Video improvement chips -# -CONFIG_VIDEO_UPD64031A=m -CONFIG_VIDEO_UPD64083=m - -# -# Miscelaneous helper chips -# -CONFIG_VIDEO_THS7303=m -CONFIG_VIDEO_M52790=m -# CONFIG_VIDEO_VIVI is not set -CONFIG_V4L_USB_DRIVERS=y +CONFIG_MEDIA_USB_SUPPORT=y # # Webcam devices @@ -3470,79 +3404,29 @@ CONFIG_USB_S2255=m CONFIG_USB_SN9C102=m # -# Webcam and/or TV USB devices -# -CONFIG_VIDEO_EM28XX=m -CONFIG_VIDEO_EM28XX_ALSA=m -# CONFIG_VIDEO_EM28XX_DVB is not set -CONFIG_VIDEO_EM28XX_RC=m - -# -# TV USB devices +# Analog TV USB devices # # CONFIG_VIDEO_AU0828 is not set # CONFIG_VIDEO_PVRUSB2 is not set # CONFIG_VIDEO_HDPVR is not set # CONFIG_VIDEO_TLG2300 is not set -# CONFIG_VIDEO_CX231XX is not set -# CONFIG_VIDEO_TM6000 is not set # CONFIG_VIDEO_USBVISION is not set -CONFIG_V4L_PCI_DRIVERS=y -CONFIG_VIDEO_BT848=m -CONFIG_VIDEO_BT848_DVB=y -CONFIG_VIDEO_CX18=m -CONFIG_VIDEO_CX18_ALSA=m -CONFIG_VIDEO_CX23885=m -CONFIG_MEDIA_ALTERA_CI=m -CONFIG_VIDEO_CX25821=m -CONFIG_VIDEO_CX25821_ALSA=m -CONFIG_VIDEO_CX88=m -CONFIG_VIDEO_CX88_ALSA=m -CONFIG_VIDEO_CX88_BLACKBIRD=m -CONFIG_VIDEO_CX88_DVB=m -CONFIG_VIDEO_CX88_VP3054=m -CONFIG_VIDEO_CX88_MPEG=m -CONFIG_VIDEO_HEXIUM_GEMINI=m -CONFIG_VIDEO_HEXIUM_ORION=m -CONFIG_VIDEO_IVTV=m -CONFIG_VIDEO_FB_IVTV=m -CONFIG_VIDEO_MEYE=m -CONFIG_VIDEO_MXB=m -CONFIG_VIDEO_SAA7134=m -CONFIG_VIDEO_SAA7134_ALSA=m -CONFIG_VIDEO_SAA7134_RC=y -CONFIG_VIDEO_SAA7134_DVB=m -CONFIG_VIDEO_SAA7164=m -CONFIG_VIDEO_ZORAN=m -CONFIG_VIDEO_ZORAN_DC30=m -CONFIG_VIDEO_ZORAN_ZR36060=m -CONFIG_VIDEO_ZORAN_BUZ=m -CONFIG_VIDEO_ZORAN_DC10=m -CONFIG_VIDEO_ZORAN_LML33=m -CONFIG_VIDEO_ZORAN_LML33R10=m -CONFIG_VIDEO_ZORAN_AVS6EYES=m -# CONFIG_V4L_ISA_PARPORT_DRIVERS is not set -# CONFIG_V4L_PLATFORM_DRIVERS is not set -CONFIG_V4L_MEM2MEM_DRIVERS=y -CONFIG_VIDEO_MEM2MEM_TESTDEV=m -CONFIG_DVB_MAX_ADAPTERS=8 -# CONFIG_DVB_DYNAMIC_MINORS is not set -CONFIG_DVB_CAPTURE_DRIVERS=y +CONFIG_VIDEO_STK1160=m +CONFIG_VIDEO_STK1160_AC97=y # -# Supported SAA7146 based PCI Adapters +# Analog/digital TV USB devices # -CONFIG_TTPCI_EEPROM=m -CONFIG_DVB_AV7110=m -CONFIG_DVB_AV7110_OSD=y -CONFIG_DVB_BUDGET_CORE=m -CONFIG_DVB_BUDGET=m -CONFIG_DVB_BUDGET_CI=m -CONFIG_DVB_BUDGET_AV=m -CONFIG_DVB_BUDGET_PATCH=m +CONFIG_VIDEO_CX231XX=m +CONFIG_VIDEO_CX231XX_RC=y +CONFIG_VIDEO_CX231XX_ALSA=m +CONFIG_VIDEO_CX231XX_DVB=m +CONFIG_VIDEO_TM6000=m +CONFIG_VIDEO_TM6000_ALSA=m +CONFIG_VIDEO_TM6000_DVB=m # -# Supported USB Adapters +# Digital TV USB devices # CONFIG_DVB_USB=m # CONFIG_DVB_USB_DEBUG is not set @@ -3554,8 +3438,6 @@ CONFIG_DVB_USB_DIB0700=m CONFIG_DVB_USB_UMT_010=m CONFIG_DVB_USB_CXUSB=m CONFIG_DVB_USB_M920X=m -CONFIG_DVB_USB_GL861=m -CONFIG_DVB_USB_AU6610=m CONFIG_DVB_USB_DIGITV=m CONFIG_DVB_USB_VP7045=m CONFIG_DVB_USB_VP702X=m @@ -3569,85 +3451,238 @@ CONFIG_DVB_USB_AF9005_REMOTE=m CONFIG_DVB_USB_PCTV452E=m CONFIG_DVB_USB_DW2102=m CONFIG_DVB_USB_CINERGY_T2=m -CONFIG_DVB_USB_ANYSEE=m CONFIG_DVB_USB_DTV5100=m -CONFIG_DVB_USB_AF9015=m -CONFIG_DVB_USB_CE6230=m CONFIG_DVB_USB_FRIIO=m -CONFIG_DVB_USB_EC168=m -CONFIG_DVB_USB_AZ6007=m CONFIG_DVB_USB_AZ6027=m -CONFIG_DVB_USB_LME2510=m CONFIG_DVB_USB_TECHNISAT_USB2=m +CONFIG_DVB_USB_V2=m +CONFIG_DVB_USB_CYPRESS_FIRMWARE=m +CONFIG_DVB_USB_AF9015=m +CONFIG_DVB_USB_AF9035=m +CONFIG_DVB_USB_ANYSEE=m +CONFIG_DVB_USB_AU6610=m +CONFIG_DVB_USB_AZ6007=m +CONFIG_DVB_USB_CE6230=m +CONFIG_DVB_USB_EC168=m +CONFIG_DVB_USB_GL861=m CONFIG_DVB_USB_IT913X=m +CONFIG_DVB_USB_LME2510=m CONFIG_DVB_USB_MXL111SF=m CONFIG_DVB_USB_RTL28XXU=m -CONFIG_DVB_USB_AF9035=m CONFIG_DVB_TTUSB_BUDGET=m CONFIG_DVB_TTUSB_DEC=m -CONFIG_SMS_SIANO_MDTV=m +# CONFIG_SMS_USB_DRV is not set +CONFIG_DVB_B2C2_FLEXCOP_USB=m +# CONFIG_DVB_B2C2_FLEXCOP_USB_DEBUG is not set # -# Siano module components +# Webcam, TV (analog/digital) USB devices # -# CONFIG_SMS_USB_DRV is not set -# CONFIG_SMS_SDIO_DRV is not set +CONFIG_VIDEO_EM28XX=m +CONFIG_VIDEO_EM28XX_ALSA=m +# CONFIG_VIDEO_EM28XX_DVB is not set +CONFIG_VIDEO_EM28XX_RC=m +CONFIG_MEDIA_PCI_SUPPORT=y # -# Supported FlexCopII (B2C2) Adapters +# Media capture support # -CONFIG_DVB_B2C2_FLEXCOP=m -CONFIG_DVB_B2C2_FLEXCOP_PCI=m -CONFIG_DVB_B2C2_FLEXCOP_USB=m -# CONFIG_DVB_B2C2_FLEXCOP_DEBUG is not set +CONFIG_VIDEO_MEYE=m # -# Supported BT878 Adapters +# Media capture/analog TV support # +CONFIG_VIDEO_IVTV=m +CONFIG_VIDEO_IVTV_ALSA=m +CONFIG_VIDEO_FB_IVTV=m +CONFIG_VIDEO_ZORAN=m +CONFIG_VIDEO_ZORAN_DC30=m +CONFIG_VIDEO_ZORAN_ZR36060=m +CONFIG_VIDEO_ZORAN_BUZ=m +CONFIG_VIDEO_ZORAN_DC10=m +CONFIG_VIDEO_ZORAN_LML33=m +CONFIG_VIDEO_ZORAN_LML33R10=m +CONFIG_VIDEO_ZORAN_AVS6EYES=m +CONFIG_VIDEO_HEXIUM_GEMINI=m +CONFIG_VIDEO_HEXIUM_ORION=m +CONFIG_VIDEO_MXB=m + +# +# Media capture/analog/hybrid TV support +# +CONFIG_VIDEO_CX18=m +CONFIG_VIDEO_CX18_ALSA=m +CONFIG_VIDEO_CX23885=m +CONFIG_MEDIA_ALTERA_CI=m +CONFIG_VIDEO_CX25821=m +CONFIG_VIDEO_CX25821_ALSA=m +CONFIG_VIDEO_CX88=m +CONFIG_VIDEO_CX88_ALSA=m +CONFIG_VIDEO_CX88_BLACKBIRD=m +CONFIG_VIDEO_CX88_DVB=m +CONFIG_VIDEO_CX88_VP3054=m +CONFIG_VIDEO_CX88_MPEG=m +CONFIG_VIDEO_BT848=m CONFIG_DVB_BT8XX=m +CONFIG_VIDEO_SAA7134=m +CONFIG_VIDEO_SAA7134_ALSA=m +CONFIG_VIDEO_SAA7134_RC=y +CONFIG_VIDEO_SAA7134_DVB=m +CONFIG_VIDEO_SAA7164=m # -# Supported Pluto2 Adapters +# Media digital TV PCI Adapters # +CONFIG_TTPCI_EEPROM=m +CONFIG_DVB_AV7110=m +CONFIG_DVB_AV7110_OSD=y +CONFIG_DVB_BUDGET_CORE=m +CONFIG_DVB_BUDGET=m +CONFIG_DVB_BUDGET_CI=m +CONFIG_DVB_BUDGET_AV=m +CONFIG_DVB_BUDGET_PATCH=m +CONFIG_DVB_B2C2_FLEXCOP_PCI=m +# CONFIG_DVB_B2C2_FLEXCOP_PCI_DEBUG is not set CONFIG_DVB_PLUTO2=m +CONFIG_DVB_DM1105=m +CONFIG_DVB_PT1=m +CONFIG_MANTIS_CORE=m +CONFIG_DVB_MANTIS=m +CONFIG_DVB_HOPPER=m +CONFIG_DVB_NGENE=m +CONFIG_DVB_DDBRIDGE=m +# CONFIG_V4L_PLATFORM_DRIVERS is not set +CONFIG_V4L_MEM2MEM_DRIVERS=y +CONFIG_VIDEO_MEM2MEM_DEINTERLACE=m +# CONFIG_V4L_TEST_DRIVERS is not set # -# Supported SDMC DM1105 Adapters +# Supported MMC/SDIO adapters # -CONFIG_DVB_DM1105=m +# CONFIG_SMS_SDIO_DRV is not set +CONFIG_MEDIA_PARPORT_SUPPORT=y +# CONFIG_VIDEO_BWQCAM is not set +# CONFIG_VIDEO_CQCAM is not set # # Supported FireWire (IEEE 1394) Adapters # CONFIG_DVB_FIREDTV=m CONFIG_DVB_FIREDTV_INPUT=y +CONFIG_DVB_B2C2_FLEXCOP=m +CONFIG_VIDEO_SAA7146=m +CONFIG_VIDEO_SAA7146_VV=m +CONFIG_MEDIA_SUBDRV_AUTOSELECT=y # -# Supported Earthsoft PT1 Adapters +# Media ancillary drivers (tuners, sensors, i2c, frontends) # -CONFIG_DVB_PT1=m +CONFIG_VIDEO_BTCX=m +CONFIG_VIDEO_TVEEPROM=m +CONFIG_VIDEO_IR_I2C=m # -# Supported Mantis Adapters +# Audio decoders, processors and mixers # -CONFIG_MANTIS_CORE=m -CONFIG_DVB_MANTIS=m -CONFIG_DVB_HOPPER=m +CONFIG_VIDEO_TVAUDIO=m +CONFIG_VIDEO_TDA7432=m +CONFIG_VIDEO_TDA9840=m +CONFIG_VIDEO_TEA6415C=m +CONFIG_VIDEO_TEA6420=m +CONFIG_VIDEO_MSP3400=m +CONFIG_VIDEO_CS5345=m +CONFIG_VIDEO_CS53L32A=m +CONFIG_VIDEO_WM8775=m +CONFIG_VIDEO_WM8739=m +CONFIG_VIDEO_VP27SMPX=m # -# Supported nGene Adapters +# RDS decoders # -CONFIG_DVB_NGENE=m +CONFIG_VIDEO_SAA6588=m # -# Supported ddbridge ('Octopus') Adapters +# Video decoders # -CONFIG_DVB_DDBRIDGE=m +CONFIG_VIDEO_BT819=m +CONFIG_VIDEO_BT856=m +CONFIG_VIDEO_BT866=m +CONFIG_VIDEO_KS0127=m +CONFIG_VIDEO_SAA7110=m +CONFIG_VIDEO_SAA711X=m +CONFIG_VIDEO_TVP5150=m +CONFIG_VIDEO_VPX3220=m + +# +# Video and audio decoders +# +CONFIG_VIDEO_SAA717X=m +CONFIG_VIDEO_CX25840=m + +# +# MPEG video encoders +# +CONFIG_VIDEO_CX2341X=m + +# +# Video encoders +# +CONFIG_VIDEO_SAA7127=m +CONFIG_VIDEO_SAA7185=m +CONFIG_VIDEO_ADV7170=m +CONFIG_VIDEO_ADV7175=m # -# Supported DVB Frontends +# Camera sensor devices +# +CONFIG_VIDEO_MT9V011=m + +# +# Flash devices +# + +# +# Video improvement chips +# +CONFIG_VIDEO_UPD64031A=m +CONFIG_VIDEO_UPD64083=m + # -# CONFIG_DVB_FE_CUSTOMISE is not set +# Miscelaneous helper chips +# +CONFIG_VIDEO_M52790=m + +# +# Sensors used on soc_camera driver +# +CONFIG_MEDIA_ATTACH=y +CONFIG_MEDIA_TUNER=m +CONFIG_MEDIA_TUNER_SIMPLE=m +CONFIG_MEDIA_TUNER_TDA8290=m +CONFIG_MEDIA_TUNER_TDA827X=m +CONFIG_MEDIA_TUNER_TDA18271=m +CONFIG_MEDIA_TUNER_TDA9887=m +CONFIG_MEDIA_TUNER_MT20XX=m +CONFIG_MEDIA_TUNER_MT2060=m +CONFIG_MEDIA_TUNER_MT2063=m +CONFIG_MEDIA_TUNER_MT2266=m +CONFIG_MEDIA_TUNER_MT2131=m +CONFIG_MEDIA_TUNER_QT1010=m +CONFIG_MEDIA_TUNER_XC2028=m +CONFIG_MEDIA_TUNER_XC5000=m +CONFIG_MEDIA_TUNER_XC4000=m +CONFIG_MEDIA_TUNER_MXL5005S=m +CONFIG_MEDIA_TUNER_MXL5007T=m +CONFIG_MEDIA_TUNER_MC44S803=m +CONFIG_MEDIA_TUNER_MAX2165=m +CONFIG_MEDIA_TUNER_TDA18218=m +CONFIG_MEDIA_TUNER_FC0011=m +CONFIG_MEDIA_TUNER_FC0012=m +CONFIG_MEDIA_TUNER_FC0013=m +CONFIG_MEDIA_TUNER_TDA18212=m +CONFIG_MEDIA_TUNER_E4000=m +CONFIG_MEDIA_TUNER_FC2580=m +CONFIG_MEDIA_TUNER_TUA9001=m # # Multistandard (satellite) frontends @@ -3794,8 +3829,9 @@ CONFIG_DRM_R128=m CONFIG_DRM_RADEON=m # CONFIG_DRM_RADEON_KMS is not set CONFIG_DRM_NOUVEAU=m +CONFIG_NOUVEAU_DEBUG=5 +CONFIG_NOUVEAU_DEBUG_DEFAULT=3 CONFIG_DRM_NOUVEAU_BACKLIGHT=y -CONFIG_DRM_NOUVEAU_DEBUG=y # # I2C encoder or helper chips @@ -3944,7 +3980,6 @@ CONFIG_LCD_S6E63M0=m CONFIG_LCD_AMS369FG06=m CONFIG_BACKLIGHT_CLASS_DEVICE=m CONFIG_BACKLIGHT_GENERIC=m -CONFIG_BACKLIGHT_PROGEAR=m CONFIG_BACKLIGHT_CARILLO_RANCH=m CONFIG_BACKLIGHT_PWM=m # CONFIG_BACKLIGHT_APPLE is not set @@ -3952,6 +3987,8 @@ CONFIG_BACKLIGHT_SAHARA=m CONFIG_BACKLIGHT_ADP8860=m # CONFIG_BACKLIGHT_ADP8870 is not set CONFIG_BACKLIGHT_PCF50633=m +# CONFIG_BACKLIGHT_LM3630 is not set +# CONFIG_BACKLIGHT_LM3639 is not set # CONFIG_BACKLIGHT_LP855X is not set # CONFIG_BACKLIGHT_OT200 is not set @@ -3976,6 +4013,7 @@ CONFIG_SND_TIMER=m CONFIG_SND_PCM=m CONFIG_SND_HWDEP=m CONFIG_SND_RAWMIDI=m +CONFIG_SND_COMPRESS_OFFLOAD=m CONFIG_SND_JACK=y CONFIG_SND_SEQUENCER=m CONFIG_SND_SEQ_DUMMY=m @@ -4087,7 +4125,7 @@ CONFIG_SND_HDA_CODEC_CA0132=y CONFIG_SND_HDA_CODEC_CMEDIA=y CONFIG_SND_HDA_CODEC_SI3054=y CONFIG_SND_HDA_GENERIC=y -# CONFIG_SND_HDA_POWER_SAVE is not set +CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 CONFIG_SND_HDSP=m CONFIG_SND_HDSPM=m CONFIG_SND_ICE1712=m @@ -4127,6 +4165,7 @@ CONFIG_SND_FIREWIRE=y CONFIG_SND_FIREWIRE_LIB=m CONFIG_SND_FIREWIRE_SPEAKERS=m CONFIG_SND_ISIGHT=m +CONFIG_SND_SCS1X=m CONFIG_SND_PCMCIA=y CONFIG_SND_VXPOCKET=m CONFIG_SND_PDAUDIOCF=m @@ -4134,6 +4173,7 @@ CONFIG_SND_SOC=m CONFIG_SND_SOC_I2C_AND_SPI=m CONFIG_SND_SOC_ALL_CODECS=m CONFIG_SND_SOC_WM_HUBS=m +CONFIG_SND_SOC_WM_ADSP=m CONFIG_SND_SOC_AB8500_CODEC=m CONFIG_SND_SOC_AD1836=m CONFIG_SND_SOC_AD193X=m @@ -4158,10 +4198,12 @@ CONFIG_SND_SOC_JZ4740_CODEC=m CONFIG_SND_SOC_L3=m CONFIG_SND_SOC_DA7210=m CONFIG_SND_SOC_DA732X=m +CONFIG_SND_SOC_DA9055=m CONFIG_SND_SOC_DFBMCS320=m CONFIG_SND_SOC_ISABELLE=m CONFIG_SND_SOC_LM49453=m CONFIG_SND_SOC_MAX98088=m +CONFIG_SND_SOC_MAX98090=m CONFIG_SND_SOC_MAX98095=m CONFIG_SND_SOC_MAX9850=m CONFIG_SND_SOC_PCM3008=m @@ -4179,6 +4221,7 @@ CONFIG_SND_SOC_TLV320DAC33=m CONFIG_SND_SOC_UDA134X=m CONFIG_SND_SOC_UDA1380=m CONFIG_SND_SOC_WL1273=m +CONFIG_SND_SOC_WM0010=m CONFIG_SND_SOC_WM1250_EV1=m CONFIG_SND_SOC_WM2000=m CONFIG_SND_SOC_WM2200=m @@ -4258,6 +4301,7 @@ CONFIG_HID_KEYTOUCH=m # CONFIG_HID_UCLOGIC is not set # CONFIG_HID_WALTOP is not set # CONFIG_HID_GYRATION is not set +CONFIG_HID_ICADE=m # CONFIG_HID_TWINHAN is not set # CONFIG_HID_KENSINGTON is not set CONFIG_HID_LCPOWER=m @@ -4281,7 +4325,9 @@ CONFIG_HID_PICOLCD_FB=y CONFIG_HID_PICOLCD_BACKLIGHT=y CONFIG_HID_PICOLCD_LCD=y CONFIG_HID_PICOLCD_LEDS=y +CONFIG_HID_PICOLCD_CIR=y CONFIG_HID_PRIMAX=m +# CONFIG_HID_PS3REMOTE is not set CONFIG_HID_ROCCAT=m # CONFIG_HID_SAITEK is not set # CONFIG_HID_SAMSUNG is not set @@ -4299,6 +4345,7 @@ CONFIG_HID_WIIMOTE=m CONFIG_HID_WIIMOTE_EXT=y # CONFIG_HID_ZEROPLUS is not set CONFIG_HID_ZYDACRON=m +CONFIG_HID_SENSOR_HUB=m # # USB HID support @@ -4312,6 +4359,11 @@ CONFIG_USB_HID=m # CONFIG_USB_KBD=m CONFIG_USB_MOUSE=m + +# +# I2C HID support +# +CONFIG_I2C_HID=m CONFIG_USB_ARCH_HAS_OHCI=y CONFIG_USB_ARCH_HAS_EHCI=y CONFIG_USB_ARCH_HAS_XHCI=y @@ -4342,6 +4394,7 @@ CONFIG_USB_XHCI_HCD=m CONFIG_USB_EHCI_HCD=m # CONFIG_USB_EHCI_ROOT_HUB_TT is not set # CONFIG_USB_EHCI_TT_NEWSCHED is not set +CONFIG_USB_EHCI_PCI=m CONFIG_USB_OXU210HP_HCD=m CONFIG_USB_ISP116X_HCD=m CONFIG_USB_ISP1760_HCD=m @@ -4349,7 +4402,7 @@ CONFIG_USB_ISP1362_HCD=m CONFIG_USB_OHCI_HCD=m CONFIG_USB_OHCI_HCD_SSB=y CONFIG_USB_OHCI_HCD_PLATFORM=y -CONFIG_USB_EHCI_HCD_PLATFORM=y +CONFIG_USB_EHCI_HCD_PLATFORM=m # CONFIG_USB_OHCI_BIG_ENDIAN_DESC is not set # CONFIG_USB_OHCI_BIG_ENDIAN_MMIO is not set CONFIG_USB_OHCI_LITTLE_ENDIAN=y @@ -4394,8 +4447,6 @@ CONFIG_USB_STORAGE_ONETOUCH=m CONFIG_USB_STORAGE_KARMA=m CONFIG_USB_STORAGE_CYPRESS_ATACB=m CONFIG_USB_STORAGE_ENE_UB6250=m -CONFIG_USB_UAS=m -CONFIG_USB_LIBUSUAL=y # # USB Imaging devices @@ -4408,7 +4459,6 @@ CONFIG_USB_LIBUSUAL=y # CONFIG_USB_USS720=m CONFIG_USB_SERIAL=m -CONFIG_USB_EZUSB=y CONFIG_USB_SERIAL_GENERIC=y CONFIG_USB_SERIAL_AIRCABLE=m CONFIG_USB_SERIAL_ARK3116=m @@ -4461,6 +4511,7 @@ CONFIG_USB_SERIAL_OMNINET=m CONFIG_USB_SERIAL_OPTICON=m CONFIG_USB_SERIAL_VIVOPAY_SERIAL=m CONFIG_USB_SERIAL_ZIO=m +# CONFIG_USB_SERIAL_ZTE is not set # CONFIG_USB_SERIAL_SSU100 is not set CONFIG_USB_SERIAL_QT2=m CONFIG_USB_SERIAL_DEBUG=m @@ -4489,11 +4540,13 @@ CONFIG_USB_IOWARRIOR=m CONFIG_USB_TEST=m CONFIG_USB_ISIGHTFW=m # CONFIG_USB_YUREX is not set +CONFIG_USB_EZUSB_FX2=m # # USB Physical Layer drivers # # CONFIG_USB_ISP1301 is not set +# CONFIG_USB_RCAR_PHY is not set CONFIG_USB_ATM=m CONFIG_USB_SPEEDTOUCH=m CONFIG_USB_CXACRU=m @@ -4531,6 +4584,7 @@ CONFIG_MMC_TEST=m CONFIG_MMC_SDHCI=m CONFIG_MMC_SDHCI_PCI=m CONFIG_MMC_RICOH_MMC=y +# CONFIG_MMC_SDHCI_ACPI is not set CONFIG_MMC_SDHCI_PLTFM=m CONFIG_MMC_WBSD=m CONFIG_MMC_TIFM_SD=m @@ -4561,6 +4615,7 @@ CONFIG_LEDS_CLASS=y # LED drivers # CONFIG_LEDS_LM3530=m +# CONFIG_LEDS_LM3642 is not set CONFIG_LEDS_PCA9532=m # CONFIG_LEDS_PCA9532_GPIO is not set CONFIG_LEDS_GPIO=m @@ -4576,7 +4631,7 @@ CONFIG_LEDS_INTEL_SS4200=m CONFIG_LEDS_LT3593=m CONFIG_LEDS_DELL_NETBOOKS=m # CONFIG_LEDS_TCA6507 is not set -CONFIG_LEDS_LM3556=m +# CONFIG_LEDS_LM355x is not set # CONFIG_LEDS_OT200 is not set CONFIG_LEDS_BLINKM=m CONFIG_LEDS_TRIGGERS=y @@ -4588,6 +4643,7 @@ CONFIG_LEDS_TRIGGER_TIMER=m CONFIG_LEDS_TRIGGER_ONESHOT=m CONFIG_LEDS_TRIGGER_HEARTBEAT=m CONFIG_LEDS_TRIGGER_BACKLIGHT=m +# CONFIG_LEDS_TRIGGER_CPU is not set CONFIG_LEDS_TRIGGER_GPIO=m CONFIG_LEDS_TRIGGER_DEFAULT_ON=m @@ -4647,6 +4703,7 @@ CONFIG_RTC_DRV_RS5C372=m CONFIG_RTC_DRV_ISL1208=m # CONFIG_RTC_DRV_ISL12022 is not set CONFIG_RTC_DRV_X1205=m +CONFIG_RTC_DRV_PCF8523=m CONFIG_RTC_DRV_PCF8563=m CONFIG_RTC_DRV_PCF8583=m CONFIG_RTC_DRV_M41T80=m @@ -4688,6 +4745,7 @@ CONFIG_RTC_DRV_MSM6242=m CONFIG_RTC_DRV_BQ4802=m CONFIG_RTC_DRV_RP5C01=m CONFIG_RTC_DRV_V3020=m +CONFIG_RTC_DRV_DS2404=m CONFIG_RTC_DRV_PCF50633=m # @@ -4722,6 +4780,7 @@ CONFIG_UIO=m CONFIG_UIO_CIF=m CONFIG_UIO_PDRV=m CONFIG_UIO_PDRV_GENIRQ=m +# CONFIG_UIO_DMEM_GENIRQ is not set CONFIG_UIO_AEC=m CONFIG_UIO_SERCOS3=m CONFIG_UIO_PCI_GENERIC=m @@ -4730,7 +4789,6 @@ CONFIG_VFIO_IOMMU_TYPE1=m CONFIG_VFIO=m CONFIG_VFIO_PCI=m CONFIG_VIRTIO=m -CONFIG_VIRTIO_RING=m # # Virtio drivers @@ -4745,6 +4803,7 @@ CONFIG_VIRTIO_MMIO=m # CONFIG_HYPERV=m CONFIG_HYPERV_UTILS=m +CONFIG_HYPERV_BALLOON=m CONFIG_STAGING=y # CONFIG_ET131X is not set # CONFIG_SLICOSS is not set @@ -4766,7 +4825,6 @@ CONFIG_RTLLIB_CRYPTO_TKIP=m CONFIG_RTLLIB_CRYPTO_WEP=m # CONFIG_RTL8192E is not set # CONFIG_R8712U is not set -# CONFIG_RTS_PSTOR is not set # CONFIG_RTS5139 is not set # CONFIG_TRANZPORT is not set # CONFIG_IDE_PHISON is not set @@ -4800,9 +4858,7 @@ CONFIG_RTLLIB_CRYPTO_WEP=m # Android # # CONFIG_ANDROID is not set -# CONFIG_PHONE is not set # CONFIG_USB_WPAN_HCD is not set -# CONFIG_IPACK_BUS is not set CONFIG_WIMAX_GDM72XX=m # CONFIG_WIMAX_GDM72XX_QOS is not set # CONFIG_WIMAX_GDM72XX_K_MODE is not set @@ -4810,6 +4866,13 @@ CONFIG_WIMAX_GDM72XX=m CONFIG_WIMAX_GDM72XX_USB=y # CONFIG_WIMAX_GDM72XX_SDIO is not set # CONFIG_CSR_WIFI is not set +CONFIG_NET_VENDOR_SILICOM=y +# CONFIG_SBYPASS is not set +# CONFIG_BPCTL is not set +# CONFIG_CED1401 is not set +# CONFIG_DGRP is not set +# CONFIG_SB105X is not set +# CONFIG_FIREWIRE_SERIAL is not set CONFIG_X86_PLATFORM_DEVICES=y CONFIG_ACER_WMI=m CONFIG_ACERHDF=m @@ -4875,6 +4938,8 @@ CONFIG_INTEL_IOMMU_FLOPPY_WA=y # # Remoteproc drivers (EXPERIMENTAL) # +CONFIG_REMOTEPROC=m +CONFIG_STE_MODEM_RPROC=m # # Rpmsg drivers (EXPERIMENTAL) @@ -4891,6 +4956,7 @@ CONFIG_MEMORY=y # CONFIG_IIO is not set # CONFIG_VME_BUS is not set CONFIG_PWM=y +# CONFIG_IPACK_BUS is not set # # Firmware Drivers @@ -4920,7 +4986,6 @@ CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT3_FS_SECURITY=y CONFIG_EXT4_FS=m -CONFIG_EXT4_FS_XATTR=y CONFIG_EXT4_FS_POSIX_ACL=y CONFIG_EXT4_FS_SECURITY=y # CONFIG_EXT4_DEBUG is not set @@ -5083,6 +5148,10 @@ CONFIG_UFS_FS=m # CONFIG_UFS_DEBUG is not set CONFIG_EXOFS_FS=m # CONFIG_EXOFS_DEBUG is not set +CONFIG_F2FS_FS=m +CONFIG_F2FS_STAT_FS=y +CONFIG_F2FS_FS_XATTR=y +CONFIG_F2FS_FS_POSIX_ACL=y CONFIG_ORE=m CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=m @@ -5116,10 +5185,12 @@ CONFIG_CIFS=m # CONFIG_CIFS_UPCALL is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y +CONFIG_CIFS_ACL=y +CONFIG_CIFS_DEBUG=y # CONFIG_CIFS_DEBUG2 is not set CONFIG_CIFS_DFS_UPCALL=y +# CONFIG_CIFS_SMB2 is not set # CONFIG_CIFS_FSCACHE is not set -CONFIG_CIFS_ACL=y # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set @@ -5212,15 +5283,13 @@ CONFIG_SCHEDSTATS=y CONFIG_TIMER_STATS=y # CONFIG_DEBUG_OBJECTS is not set # CONFIG_SLUB_STATS is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y # CONFIG_DEBUG_KMEMLEAK is not set # CONFIG_DEBUG_RT_MUTEXES is not set # CONFIG_RT_MUTEX_TESTER is not set # CONFIG_DEBUG_SPINLOCK is not set # CONFIG_DEBUG_MUTEXES is not set -# CONFIG_DEBUG_LOCK_ALLOC is not set -# CONFIG_PROVE_LOCKING is not set # CONFIG_SPARSE_RCU_POINTER is not set -# CONFIG_LOCK_STAT is not set # CONFIG_DEBUG_ATOMIC_SLEEP is not set # CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set CONFIG_STACKTRACE=y @@ -5264,10 +5333,13 @@ CONFIG_HAVE_DYNAMIC_FTRACE=y CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y CONFIG_HAVE_SYSCALL_TRACEPOINTS=y CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_TRACE_CLOCK=y CONFIG_RING_BUFFER=y CONFIG_RING_BUFFER_ALLOW_SWAP=y CONFIG_TRACING_SUPPORT=y # CONFIG_FTRACE is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_INTERVAL_TREE_TEST is not set # CONFIG_DYNAMIC_DEBUG is not set # CONFIG_DMA_API_DEBUG is not set # CONFIG_ATOMIC64_SELFTEST is not set @@ -5284,7 +5356,6 @@ CONFIG_DEBUG_STACKOVERFLOW=y # CONFIG_X86_PTDUMP is not set CONFIG_DEBUG_NX_TEST=m CONFIG_DOUBLEFAULT=y -# CONFIG_DEBUG_TLBFLUSH is not set # CONFIG_IOMMU_STRESS is not set CONFIG_HAVE_MMIOTRACE_SUPPORT=y CONFIG_X86_DECODER_SELFTEST=y @@ -5346,7 +5417,6 @@ CONFIG_PAX_EMUTRAMP=y CONFIG_PAX_MPROTECT=y # CONFIG_PAX_MPROTECT_COMPAT is not set # CONFIG_PAX_ELFRELOCS is not set -# CONFIG_PAX_KERNEXEC is not set CONFIG_PAX_KERNEXEC_PLUGIN_METHOD="" # @@ -5363,6 +5433,7 @@ CONFIG_PAX_RANDMMAP=y # CONFIG_PAX_MEMORY_STACKLEAK is not set CONFIG_PAX_MEMORY_UDEREF=y CONFIG_PAX_REFCOUNT=y +CONFIG_PAX_CONSTIFY_PLUGIN=y # CONFIG_PAX_USERCOPY is not set # CONFIG_PAX_SIZE_OVERFLOW is not set # CONFIG_PAX_LATENT_ENTROPY is not set @@ -5373,6 +5444,7 @@ CONFIG_PAX_REFCOUNT=y CONFIG_GRKERNSEC_KMEM=y # CONFIG_GRKERNSEC_VM86 is not set # CONFIG_GRKERNSEC_IO is not set +CONFIG_GRKERNSEC_RAND_THREADSTACK=y CONFIG_GRKERNSEC_PROC_MEMMAP=y # CONFIG_GRKERNSEC_BRUTE is not set # CONFIG_GRKERNSEC_MODHARDEN is not set @@ -5399,6 +5471,7 @@ CONFIG_GRKERNSEC_LINK=y CONFIG_GRKERNSEC_FIFO=y CONFIG_GRKERNSEC_SYSFS_RESTRICT=y # CONFIG_GRKERNSEC_ROFS is not set +CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y CONFIG_GRKERNSEC_CHROOT=y CONFIG_GRKERNSEC_CHROOT_MOUNT=y CONFIG_GRKERNSEC_CHROOT_DOUBLE=y @@ -5445,6 +5518,7 @@ CONFIG_GRKERNSEC_SETXID=y # CONFIG_GRKERNSEC_RANDNET=y # CONFIG_GRKERNSEC_BLACKHOLE is not set +CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y # CONFIG_GRKERNSEC_SOCKET is not set # @@ -5554,7 +5628,7 @@ CONFIG_CRYPTO_WP512=m # # Ciphers # -CONFIG_CRYPTO_AES=m +CONFIG_CRYPTO_AES=y CONFIG_CRYPTO_AES_586=m CONFIG_CRYPTO_AES_NI_INTEL=m CONFIG_CRYPTO_ANUBIS=m @@ -5562,6 +5636,7 @@ CONFIG_CRYPTO_ARC4=m CONFIG_CRYPTO_BLOWFISH=m CONFIG_CRYPTO_BLOWFISH_COMMON=m CONFIG_CRYPTO_CAMELLIA=m +CONFIG_CRYPTO_CAST_COMMON=m CONFIG_CRYPTO_CAST5=m CONFIG_CRYPTO_CAST6=m CONFIG_CRYPTO_DES=m @@ -5598,6 +5673,10 @@ CONFIG_CRYPTO_DEV_PADLOCK_SHA=m CONFIG_CRYPTO_DEV_GEODE=m CONFIG_CRYPTO_DEV_HIFN_795X=m CONFIG_CRYPTO_DEV_HIFN_795X_RNG=y +CONFIG_ASYMMETRIC_KEY_TYPE=m +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m +CONFIG_PUBLIC_KEY_ALGO_RSA=m +CONFIG_X509_CERTIFICATE_PARSER=m CONFIG_HAVE_KVM=y CONFIG_HAVE_KVM_IRQCHIP=y CONFIG_HAVE_KVM_EVENTFD=y @@ -5605,6 +5684,7 @@ CONFIG_KVM_APIC_ARCHITECTURE=y CONFIG_KVM_MMIO=y CONFIG_KVM_ASYNC_PF=y CONFIG_HAVE_KVM_MSI=y +CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y CONFIG_VIRTUALIZATION=y CONFIG_KVM=m CONFIG_KVM_INTEL=m @@ -5625,6 +5705,7 @@ CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_PCI_IOMAP=y CONFIG_GENERIC_IOMAP=y CONFIG_GENERIC_IO=y +CONFIG_PERCPU_RWSEM=y CONFIG_CRC_CCITT=m CONFIG_CRC16=m CONFIG_CRC_T10DIF=m @@ -5676,6 +5757,8 @@ CONFIG_NLATTR=y CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y CONFIG_LRU_CACHE=m CONFIG_AVERAGE=y +CONFIG_CLZ_TAB=y CONFIG_CORDIC=m CONFIG_DDR=y - +CONFIG_MPILIB=m +CONFIG_OID_REGISTRY=m diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64 index fea3f8e971..05e9586c7d 100644 --- a/main/linux-grsec/kernelconfig.x86_64 +++ b/main/linux-grsec/kernelconfig.x86_64 @@ -1,9 +1,8 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 3.6.9 Kernel Configuration +# Linux/x86_64 3.8.2 Kernel Configuration # CONFIG_64BIT=y -# CONFIG_X86_32 is not set CONFIG_X86_64=y CONFIG_X86=y CONFIG_INSTRUCTION_DECODER=y @@ -21,7 +20,6 @@ CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y CONFIG_GENERIC_HWEIGHT=y CONFIG_GENERIC_GPIO=y CONFIG_ARCH_MAY_HAVE_PC_FDC=y -# CONFIG_RWSEM_GENERIC_SPINLOCK is not set CONFIG_RWSEM_XCHGADD_ALGORITHM=y CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_ARCH_HAS_CPU_RELAX=y @@ -71,13 +69,7 @@ CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y # CONFIG_POSIX_MQUEUE is not set -CONFIG_BSD_PROCESS_ACCT=y -CONFIG_BSD_PROCESS_ACCT_V3=y # CONFIG_FHANDLE is not set -CONFIG_TASKSTATS=y -CONFIG_TASK_DELAY_ACCT=y -CONFIG_TASK_XACCT=y -CONFIG_TASK_IO_ACCOUNTING=y # CONFIG_AUDIT is not set CONFIG_HAVE_GENERIC_HARDIRQS=y @@ -110,19 +102,35 @@ CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y # +# CPU/Task time and stats accounting +# +# CONFIG_TICK_CPU_ACCOUNTING is not set +CONFIG_IRQ_TIME_ACCOUNTING=y +CONFIG_BSD_PROCESS_ACCT=y +CONFIG_BSD_PROCESS_ACCT_V3=y +CONFIG_TASKSTATS=y +CONFIG_TASK_DELAY_ACCT=y +CONFIG_TASK_XACCT=y +CONFIG_TASK_IO_ACCOUNTING=y + +# # RCU Subsystem # CONFIG_TREE_RCU=y # CONFIG_PREEMPT_RCU is not set +# CONFIG_RCU_USER_QS is not set CONFIG_RCU_FANOUT=32 CONFIG_RCU_FANOUT_LEAF=16 # CONFIG_RCU_FANOUT_EXACT is not set CONFIG_RCU_FAST_NO_HZ=y # CONFIG_TREE_RCU_TRACE is not set +# CONFIG_RCU_NOCB_CPU is not set CONFIG_IKCONFIG=m CONFIG_IKCONFIG_PROC=y CONFIG_LOG_BUF_SHIFT=14 CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_WANTS_PROT_NUMA_PROT_NONE=y CONFIG_CGROUPS=y # CONFIG_CGROUP_DEBUG is not set CONFIG_CGROUP_FREEZER=y @@ -158,8 +166,10 @@ CONFIG_CC_OPTIMIZE_FOR_SIZE=y CONFIG_SYSCTL=y CONFIG_ANON_INODES=y CONFIG_EXPERT=y +CONFIG_HAVE_UID16=y CONFIG_UID16=y CONFIG_SYSCTL_SYSCALL=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y CONFIG_KALLSYMS=y CONFIG_KALLSYMS_ALL=y CONFIG_HOTPLUG=y @@ -216,6 +226,8 @@ CONFIG_HAVE_HW_BREAKPOINT=y CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y CONFIG_HAVE_USER_RETURN_NOTIFIER=y CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y CONFIG_HAVE_ARCH_JUMP_LABEL=y CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y @@ -224,6 +236,12 @@ CONFIG_HAVE_CMPXCHG_DOUBLE=y CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP_FILTER=y +CONFIG_HAVE_CONTEXT_TRACKING=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_GENERIC_SIGALTSTACK=y # # GCOV-based kernel profiling @@ -238,6 +256,7 @@ CONFIG_MODULE_UNLOAD=y # CONFIG_MODULE_FORCE_UNLOAD is not set CONFIG_MODVERSIONS=y # CONFIG_MODULE_SRCVERSION_ALL is not set +# CONFIG_MODULE_SIG is not set CONFIG_STOP_MACHINE=y CONFIG_BLOCK=y CONFIG_BLK_DEV_BSG=y @@ -280,33 +299,12 @@ CONFIG_DEFAULT_CFQ=y CONFIG_DEFAULT_IOSCHED="cfq" CONFIG_PREEMPT_NOTIFIERS=y CONFIG_PADATA=y -# CONFIG_INLINE_SPIN_TRYLOCK is not set -# CONFIG_INLINE_SPIN_TRYLOCK_BH is not set -# CONFIG_INLINE_SPIN_LOCK is not set -# CONFIG_INLINE_SPIN_LOCK_BH is not set -# CONFIG_INLINE_SPIN_LOCK_IRQ is not set -# CONFIG_INLINE_SPIN_LOCK_IRQSAVE is not set -# CONFIG_INLINE_SPIN_UNLOCK_BH is not set +CONFIG_ASN1=m CONFIG_INLINE_SPIN_UNLOCK_IRQ=y -# CONFIG_INLINE_SPIN_UNLOCK_IRQRESTORE is not set -# CONFIG_INLINE_READ_TRYLOCK is not set -# CONFIG_INLINE_READ_LOCK is not set -# CONFIG_INLINE_READ_LOCK_BH is not set -# CONFIG_INLINE_READ_LOCK_IRQ is not set -# CONFIG_INLINE_READ_LOCK_IRQSAVE is not set CONFIG_INLINE_READ_UNLOCK=y -# CONFIG_INLINE_READ_UNLOCK_BH is not set CONFIG_INLINE_READ_UNLOCK_IRQ=y -# CONFIG_INLINE_READ_UNLOCK_IRQRESTORE is not set -# CONFIG_INLINE_WRITE_TRYLOCK is not set -# CONFIG_INLINE_WRITE_LOCK is not set -# CONFIG_INLINE_WRITE_LOCK_BH is not set -# CONFIG_INLINE_WRITE_LOCK_IRQ is not set -# CONFIG_INLINE_WRITE_LOCK_IRQSAVE is not set CONFIG_INLINE_WRITE_UNLOCK=y -# CONFIG_INLINE_WRITE_UNLOCK_BH is not set CONFIG_INLINE_WRITE_UNLOCK_IRQ=y -# CONFIG_INLINE_WRITE_UNLOCK_IRQRESTORE is not set CONFIG_MUTEX_SPIN_ON_OWNER=y CONFIG_FREEZER=y @@ -329,7 +327,6 @@ CONFIG_XEN_PVHVM=y CONFIG_XEN_MAX_DOMAIN_MEMORY=500 CONFIG_XEN_SAVE_RESTORE=y # CONFIG_XEN_DEBUG_FS is not set -CONFIG_KVM_CLOCK=y CONFIG_KVM_GUEST=y CONFIG_PARAVIRT=y # CONFIG_PARAVIRT_SPINLOCKS is not set @@ -343,10 +340,7 @@ CONFIG_NO_BOOTMEM=y # CONFIG_MATOM is not set CONFIG_GENERIC_CPU=y CONFIG_X86_INTERNODE_CACHE_SHIFT=6 -CONFIG_X86_CMPXCHG=y CONFIG_X86_L1_CACHE_SHIFT=6 -CONFIG_X86_XADD=y -CONFIG_X86_WP_WORKS_OK=y CONFIG_X86_TSC=y CONFIG_X86_CMPXCHG64=y CONFIG_X86_CMOV=y @@ -367,7 +361,6 @@ CONFIG_IOMMU_HELPER=y CONFIG_NR_CPUS=32 CONFIG_SCHED_SMT=y CONFIG_SCHED_MC=y -CONFIG_IRQ_TIME_ACCOUNTING=y # CONFIG_PREEMPT_NONE is not set CONFIG_PREEMPT_VOLUNTARY=y # CONFIG_PREEMPT is not set @@ -380,7 +373,6 @@ CONFIG_MICROCODE=m CONFIG_MICROCODE_INTEL=y CONFIG_MICROCODE_AMD=y CONFIG_MICROCODE_OLD_INTERFACE=y -# CONFIG_X86_MSR is not set CONFIG_X86_CPUID=m CONFIG_ARCH_PHYS_ADDR_T_64BIT=y CONFIG_ARCH_DMA_ADDR_T_64BIT=y @@ -404,6 +396,7 @@ CONFIG_ARCH_DISCARD_MEMBLOCK=y # CONFIG_MEMORY_HOTPLUG is not set CONFIG_PAGEFLAGS_EXTENDED=y CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_BALLOON_COMPACTION=y CONFIG_COMPACTION=y CONFIG_MIGRATION=y CONFIG_PHYS_ADDR_T_64BIT=y @@ -428,6 +421,7 @@ CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 CONFIG_X86_PAT=y CONFIG_ARCH_USES_PG_UNCACHED=y CONFIG_ARCH_RANDOM=y +CONFIG_X86_SMAP=y # CONFIG_EFI is not set CONFIG_SECCOMP=y # CONFIG_CC_STACKPROTECTOR is not set @@ -443,6 +437,8 @@ CONFIG_PHYSICAL_START=0x1000000 # CONFIG_RELOCATABLE is not set CONFIG_PHYSICAL_ALIGN=0x1000000 CONFIG_HOTPLUG_CPU=y +# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set +# CONFIG_DEBUG_HOTPLUG_CPU0 is not set # CONFIG_CMDLINE_BOOL is not set CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y @@ -472,12 +468,14 @@ CONFIG_ACPI_BUTTON=m CONFIG_ACPI_VIDEO=m CONFIG_ACPI_FAN=m CONFIG_ACPI_DOCK=y +CONFIG_ACPI_I2C=m CONFIG_ACPI_PROCESSOR=m CONFIG_ACPI_IPMI=m CONFIG_ACPI_HOTPLUG_CPU=y # CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set CONFIG_ACPI_THERMAL=m # CONFIG_ACPI_CUSTOM_DSDT is not set +# CONFIG_ACPI_INITRD_TABLE_OVERRIDE is not set CONFIG_ACPI_BLACKLIST_YEAR=0 # CONFIG_ACPI_DEBUG is not set CONFIG_ACPI_PCI_SLOT=m @@ -486,7 +484,6 @@ CONFIG_ACPI_CONTAINER=m CONFIG_ACPI_SBS=m CONFIG_ACPI_HED=m # CONFIG_ACPI_CUSTOM_METHOD is not set -CONFIG_ACPI_BGRT=m CONFIG_ACPI_APEI=y # CONFIG_ACPI_APEI_GHES is not set CONFIG_ACPI_APEI_EINJ=m @@ -498,6 +495,7 @@ CONFIG_ACPI_APEI_ERST_DEBUG=y # CONFIG_CPU_FREQ=y CONFIG_CPU_FREQ_TABLE=m +CONFIG_CPU_FREQ_GOV_COMMON=y CONFIG_CPU_FREQ_STAT=m # CONFIG_CPU_FREQ_STAT_DETAILS is not set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y @@ -516,6 +514,7 @@ CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m # CONFIG_X86_PCC_CPUFREQ=m CONFIG_X86_ACPI_CPUFREQ=m +# CONFIG_X86_ACPI_CPUFREQ_CPB is not set CONFIG_X86_POWERNOW_K8=m CONFIG_X86_SPEEDSTEP_CENTRINO=m CONFIG_X86_P4_CLOCKMOD=m @@ -525,6 +524,7 @@ CONFIG_X86_P4_CLOCKMOD=m # CONFIG_X86_SPEEDSTEP_LIB=m CONFIG_CPU_IDLE=y +# CONFIG_CPU_IDLE_MULTIPLE_DRIVERS is not set CONFIG_CPU_IDLE_GOV_LADDER=y CONFIG_CPU_IDLE_GOV_MENU=y # CONFIG_ARCH_NEEDS_CPU_IDLE_COUPLED is not set @@ -586,7 +586,6 @@ CONFIG_PD6729=m CONFIG_I82092=m CONFIG_PCCARD_NONSTATIC=y CONFIG_HOTPLUG_PCI=m -CONFIG_HOTPLUG_PCI_FAKE=m CONFIG_HOTPLUG_PCI_ACPI=m CONFIG_HOTPLUG_PCI_ACPI_IBM=m CONFIG_HOTPLUG_PCI_CPCI=y @@ -604,6 +603,7 @@ CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE=y # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set # CONFIG_HAVE_AOUT is not set CONFIG_BINFMT_MISC=m +CONFIG_COREDUMP=y CONFIG_IA32_EMULATION=y # CONFIG_IA32_AOUT is not set # CONFIG_X86_X32 is not set @@ -620,6 +620,7 @@ CONFIG_COMPAT_NETLINK_MESSAGES=y # Networking options # CONFIG_PACKET=m +CONFIG_PACKET_DIAG=m CONFIG_UNIX=y CONFIG_UNIX_DIAG=m CONFIG_XFRM=y @@ -702,6 +703,7 @@ CONFIG_IPV6_SIT=m CONFIG_IPV6_SIT_6RD=y CONFIG_IPV6_NDISC_NODETYPE=y CONFIG_IPV6_TUNNEL=m +CONFIG_IPV6_GRE=m CONFIG_IPV6_MULTIPLE_TABLES=y CONFIG_IPV6_SUBTREES=y CONFIG_IPV6_MROUTE=y @@ -747,6 +749,16 @@ CONFIG_NF_CONNTRACK_TFTP=m CONFIG_NF_CT_NETLINK=m CONFIG_NF_CT_NETLINK_TIMEOUT=m # CONFIG_NETFILTER_NETLINK_QUEUE_CT is not set +CONFIG_NF_NAT=m +CONFIG_NF_NAT_NEEDED=y +CONFIG_NF_NAT_PROTO_DCCP=m +CONFIG_NF_NAT_PROTO_UDPLITE=m +CONFIG_NF_NAT_PROTO_SCTP=m +CONFIG_NF_NAT_AMANDA=m +CONFIG_NF_NAT_FTP=m +CONFIG_NF_NAT_IRC=m +CONFIG_NF_NAT_SIP=m +CONFIG_NF_NAT_TFTP=m CONFIG_NETFILTER_TPROXY=m CONFIG_NETFILTER_XTABLES=m @@ -772,10 +784,12 @@ CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m CONFIG_NETFILTER_XT_TARGET_LED=m CONFIG_NETFILTER_XT_TARGET_LOG=m CONFIG_NETFILTER_XT_TARGET_MARK=m +CONFIG_NETFILTER_XT_TARGET_NETMAP=m CONFIG_NETFILTER_XT_TARGET_NFLOG=m CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m CONFIG_NETFILTER_XT_TARGET_NOTRACK=m CONFIG_NETFILTER_XT_TARGET_RATEEST=m +CONFIG_NETFILTER_XT_TARGET_REDIRECT=m CONFIG_NETFILTER_XT_TARGET_TEE=m CONFIG_NETFILTER_XT_TARGET_TPROXY=m CONFIG_NETFILTER_XT_TARGET_TRACE=m @@ -896,23 +910,14 @@ CONFIG_IP_NF_MATCH_TTL=m CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m CONFIG_IP_NF_TARGET_ULOG=m -CONFIG_NF_NAT=m -CONFIG_NF_NAT_NEEDED=y +CONFIG_NF_NAT_IPV4=m CONFIG_IP_NF_TARGET_MASQUERADE=m CONFIG_IP_NF_TARGET_NETMAP=m CONFIG_IP_NF_TARGET_REDIRECT=m CONFIG_NF_NAT_SNMP_BASIC=m -CONFIG_NF_NAT_PROTO_DCCP=m CONFIG_NF_NAT_PROTO_GRE=m -CONFIG_NF_NAT_PROTO_UDPLITE=m -CONFIG_NF_NAT_PROTO_SCTP=m -CONFIG_NF_NAT_FTP=m -CONFIG_NF_NAT_IRC=m -CONFIG_NF_NAT_TFTP=m -CONFIG_NF_NAT_AMANDA=m CONFIG_NF_NAT_PPTP=m CONFIG_NF_NAT_H323=m -CONFIG_NF_NAT_SIP=m CONFIG_IP_NF_MANGLE=m CONFIG_IP_NF_TARGET_CLUSTERIP=m CONFIG_IP_NF_TARGET_ECN=m @@ -942,6 +947,9 @@ CONFIG_IP6_NF_FILTER=m CONFIG_IP6_NF_TARGET_REJECT=m CONFIG_IP6_NF_MANGLE=m CONFIG_IP6_NF_RAW=m +CONFIG_NF_NAT_IPV6=m +CONFIG_IP6_NF_TARGET_MASQUERADE=m +CONFIG_IP6_NF_TARGET_NPT=m # # DECnet: Netfilter Configuration @@ -989,15 +997,17 @@ CONFIG_IP_SCTP=m CONFIG_NET_SCTPPROBE=m # CONFIG_SCTP_DBG_MSG is not set # CONFIG_SCTP_DBG_OBJCNT is not set -# CONFIG_SCTP_HMAC_NONE is not set -CONFIG_SCTP_HMAC_SHA1=y -# CONFIG_SCTP_HMAC_MD5 is not set +CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y +# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1 is not set +# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_NONE is not set +CONFIG_SCTP_COOKIE_HMAC_MD5=y +CONFIG_SCTP_COOKIE_HMAC_SHA1=y CONFIG_RDS=m # CONFIG_RDS_RDMA is not set # CONFIG_RDS_TCP is not set # CONFIG_RDS_DEBUG is not set CONFIG_TIPC=m -# CONFIG_TIPC_ADVANCED is not set +CONFIG_TIPC_PORTS=8191 CONFIG_ATM=m CONFIG_ATM_CLIP=m # CONFIG_ATM_CLIP_NO_ICMP is not set @@ -1013,7 +1023,11 @@ CONFIG_L2TP_ETH=m CONFIG_STP=m CONFIG_BRIDGE=m CONFIG_BRIDGE_IGMP_SNOOPING=y -# CONFIG_NET_DSA is not set +CONFIG_HAVE_NET_DSA=y +CONFIG_NET_DSA=m +CONFIG_NET_DSA_TAG_DSA=y +CONFIG_NET_DSA_TAG_EDSA=y +CONFIG_NET_DSA_TAG_TRAILER=y CONFIG_VLAN_8021Q=m # CONFIG_VLAN_8021Q_GVRP is not set CONFIG_DECNET=m @@ -1279,7 +1293,12 @@ CONFIG_SYS_HYPERVISOR=y CONFIG_REGMAP=y CONFIG_REGMAP_I2C=m CONFIG_REGMAP_SPI=m +CONFIG_REGMAP_MMIO=m CONFIG_DMA_SHARED_BUFFER=y + +# +# Bus devices +# CONFIG_CONNECTOR=m CONFIG_MTD=m CONFIG_MTD_TESTS=m @@ -1392,12 +1411,11 @@ CONFIG_MTD_DOCPROBE_ADDRESS=0x0000 CONFIG_MTD_NAND_ECC=m CONFIG_MTD_NAND_ECC_SMC=y CONFIG_MTD_NAND=m -# CONFIG_MTD_NAND_VERIFY_WRITE is not set # CONFIG_MTD_NAND_ECC_BCH is not set CONFIG_MTD_SM_COMMON=m # CONFIG_MTD_NAND_MUSEUM_IDS is not set CONFIG_MTD_NAND_DENALI=m -CONFIG_MTD_NAND_DENALI_SCRATCH_REG_ADDR=0xFF108018 +# CONFIG_MTD_NAND_DENALI_PCI is not set CONFIG_MTD_NAND_IDS=m CONFIG_MTD_NAND_RICOH=m CONFIG_MTD_NAND_DISKONCHIP=m @@ -1423,7 +1441,8 @@ CONFIG_MTD_LPDDR=m CONFIG_MTD_QINFO_PROBE=m CONFIG_MTD_UBI=m CONFIG_MTD_UBI_WL_THRESHOLD=4096 -CONFIG_MTD_UBI_BEB_RESERVE=1 +CONFIG_MTD_UBI_BEB_LIMIT=20 +# CONFIG_MTD_UBI_FASTMAP is not set # CONFIG_MTD_UBI_GLUEBI is not set CONFIG_PARPORT=m CONFIG_PARPORT_PC=m @@ -1461,7 +1480,6 @@ CONFIG_BLK_DEV_NBD=m CONFIG_BLK_DEV_NVME=m CONFIG_BLK_DEV_OSD=m CONFIG_BLK_DEV_SX8=m -CONFIG_BLK_DEV_UB=m CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM_COUNT=16 CONFIG_BLK_DEV_RAM_SIZE=4096 @@ -1535,7 +1553,7 @@ CONFIG_SENSORS_LIS3_I2C=m # # Altera FPGA firmware download module # -# CONFIG_ALTERA_STAPL is not set +CONFIG_ALTERA_STAPL=m # CONFIG_INTEL_MEI is not set CONFIG_HAVE_IDE=y # CONFIG_IDE is not set @@ -1626,6 +1644,9 @@ CONFIG_MEGARAID_SAS=m CONFIG_SCSI_MPT2SAS=m CONFIG_SCSI_MPT2SAS_MAX_SGE=128 # CONFIG_SCSI_MPT2SAS_LOGGING is not set +CONFIG_SCSI_MPT3SAS=m +CONFIG_SCSI_MPT3SAS_MAX_SGE=128 +# CONFIG_SCSI_MPT3SAS_LOGGING is not set CONFIG_SCSI_UFSHCD=m CONFIG_SCSI_HPTIOP=m CONFIG_SCSI_BUSLOGIC=m @@ -1671,6 +1692,7 @@ CONFIG_SCSI_PM8001=m CONFIG_SCSI_SRP=m # CONFIG_SCSI_BFA_FC is not set CONFIG_SCSI_VIRTIO=m +# CONFIG_SCSI_CHELSIO_FCOE is not set # CONFIG_SCSI_LOWLEVEL_PCMCIA is not set CONFIG_SCSI_DH=m CONFIG_SCSI_DH_RDAC=m @@ -1709,6 +1731,7 @@ CONFIG_ATA_BMDMA=y # SATA SFF controllers with BMDMA # CONFIG_ATA_PIIX=m +CONFIG_SATA_HIGHBANK=m CONFIG_SATA_MV=m CONFIG_SATA_NV=m CONFIG_SATA_PROMISE=m @@ -1793,6 +1816,7 @@ CONFIG_MD_FAULTY=m CONFIG_BLK_DEV_DM=m # CONFIG_DM_DEBUG is not set CONFIG_DM_BUFIO=m +CONFIG_DM_BIO_PRISON=m CONFIG_DM_PERSISTENT_DATA=m CONFIG_DM_CRYPT=m CONFIG_DM_SNAPSHOT=m @@ -1851,10 +1875,6 @@ CONFIG_DUMMY=m CONFIG_EQUALIZER=m # CONFIG_NET_FC is not set CONFIG_MII=m -CONFIG_IEEE802154_DRIVERS=m -CONFIG_IEEE802154_FAKEHARD=m -CONFIG_IEEE802154_FAKELB=m -# CONFIG_IEEE802154_AT86RF230 is not set CONFIG_IFB=m CONFIG_NET_TEAM=m CONFIG_NET_TEAM_MODE_BROADCAST=m @@ -1863,6 +1883,7 @@ CONFIG_NET_TEAM_MODE_ACTIVEBACKUP=m CONFIG_NET_TEAM_MODE_LOADBALANCE=m CONFIG_MACVLAN=m CONFIG_MACVTAP=m +CONFIG_VXLAN=m CONFIG_NETCONSOLE=m CONFIG_NETCONSOLE_DYNAMIC=y CONFIG_NETPOLL=y @@ -1917,6 +1938,15 @@ CONFIG_ATM_SOLOS=m # # CAIF transport drivers # + +# +# Distributed Switch Architecture drivers +# +CONFIG_NET_DSA_MV88E6XXX=m +CONFIG_NET_DSA_MV88E6060=m +CONFIG_NET_DSA_MV88E6XXX_NEED_PPU=y +CONFIG_NET_DSA_MV88E6131=m +CONFIG_NET_DSA_MV88E6123_61_65=m CONFIG_ETHERNET=y CONFIG_MDIO=m CONFIG_NET_VENDOR_3COM=y @@ -1938,6 +1968,9 @@ CONFIG_ATL2=m CONFIG_ATL1=m CONFIG_ATL1E=m CONFIG_ATL1C=m +CONFIG_NET_CADENCE=y +# CONFIG_ARM_AT91_ETHER is not set +# CONFIG_MACB is not set CONFIG_NET_VENDOR_BROADCOM=y CONFIG_B44=m CONFIG_B44_PCI_AUTOSELECT=y @@ -1994,19 +2027,18 @@ CONFIG_E1000=m CONFIG_E1000E=m CONFIG_IGB=m CONFIG_IGB_DCA=y -# CONFIG_IGB_PTP is not set CONFIG_IGBVF=m CONFIG_IXGB=m CONFIG_IXGBE=m CONFIG_IXGBE_HWMON=y CONFIG_IXGBE_DCA=y -# CONFIG_IXGBE_PTP is not set # CONFIG_IXGBEVF is not set CONFIG_NET_VENDOR_I825XX=y # CONFIG_ZNET is not set CONFIG_IP1000=m CONFIG_JME=m CONFIG_NET_VENDOR_MARVELL=y +# CONFIG_MVMDIO is not set CONFIG_SKGE=m # CONFIG_SKGE_DEBUG is not set CONFIG_SKGE_GENESIS=y @@ -2116,6 +2148,7 @@ CONFIG_PHYLIB=m # # MII PHY device drivers # +# CONFIG_AT803X_PHY is not set CONFIG_AMD_PHY=m CONFIG_MARVELL_PHY=m CONFIG_DAVICOM_PHY=m @@ -2166,6 +2199,7 @@ CONFIG_USB_NET_AX8817X=m CONFIG_USB_NET_CDCETHER=m CONFIG_USB_NET_CDC_EEM=m CONFIG_USB_NET_CDC_NCM=m +# CONFIG_USB_NET_CDC_MBIM is not set CONFIG_USB_NET_DM9601=m CONFIG_USB_NET_SMSC75XX=m CONFIG_USB_NET_SMSC95XX=m @@ -2213,6 +2247,7 @@ CONFIG_ADM8211=m CONFIG_MAC80211_HWSIM=m CONFIG_MWL8K=m CONFIG_ATH_COMMON=m +CONFIG_ATH_CARDS=m # CONFIG_ATH_DEBUG is not set CONFIG_ATH5K=m # CONFIG_ATH5K_DEBUG is not set @@ -2235,6 +2270,9 @@ CONFIG_ATH6KL=m CONFIG_ATH6KL_SDIO=m CONFIG_ATH6KL_USB=m CONFIG_ATH6KL_DEBUG=y +CONFIG_AR5523=m +CONFIG_WIL6210=m +CONFIG_WIL6210_ISR_COR=y CONFIG_B43=m CONFIG_B43_SSB=y CONFIG_B43_PCI_AUTOSELECT=y @@ -2285,7 +2323,6 @@ CONFIG_IWLDVM=m # # CONFIG_IWLWIFI_DEBUG is not set # CONFIG_IWLWIFI_P2P is not set -# CONFIG_IWLWIFI_EXPERIMENTAL_MFP is not set CONFIG_IWLEGACY=m CONFIG_IWL4965=m CONFIG_IWL3945=m @@ -2343,6 +2380,7 @@ CONFIG_RT2X00_LIB_LEDS=y CONFIG_RTL8192CE=m CONFIG_RTL8192SE=m CONFIG_RTL8192DE=m +CONFIG_RTL8723AE=m CONFIG_RTL8192CU=m CONFIG_RTLWIFI=m # CONFIG_RTLWIFI_DEBUG is not set @@ -2396,6 +2434,11 @@ CONFIG_LAPBETHER=m CONFIG_X25_ASY=m CONFIG_SBNI=m CONFIG_SBNI_MULTILINE=y +CONFIG_IEEE802154_DRIVERS=m +# CONFIG_IEEE802154_FAKEHARD is not set +# CONFIG_IEEE802154_FAKELB is not set +# CONFIG_IEEE802154_AT86RF230 is not set +# CONFIG_IEEE802154_MRF24J40 is not set CONFIG_XEN_NETDEV_FRONTEND=y CONFIG_XEN_NETDEV_BACKEND=m CONFIG_VMXNET3=m @@ -2495,7 +2538,6 @@ CONFIG_KEYBOARD_ATKBD=y # CONFIG_KEYBOARD_OPENCORES is not set # CONFIG_KEYBOARD_STOWAWAY is not set # CONFIG_KEYBOARD_SUNKBD is not set -# CONFIG_KEYBOARD_OMAP4 is not set # CONFIG_KEYBOARD_XTKBD is not set CONFIG_INPUT_MOUSE=y CONFIG_MOUSE_PS2=m @@ -2530,7 +2572,6 @@ CONFIG_TOUCHSCREEN_CY8CTMG110=m CONFIG_TOUCHSCREEN_DYNAPRO=m CONFIG_TOUCHSCREEN_HAMPSHIRE=m CONFIG_TOUCHSCREEN_EETI=m -CONFIG_TOUCHSCREEN_EGALAX=m CONFIG_TOUCHSCREEN_FUJITSU=m # CONFIG_TOUCHSCREEN_ILI210X is not set CONFIG_TOUCHSCREEN_GUNZE=m @@ -2600,6 +2641,7 @@ CONFIG_INPUT_CM109=m CONFIG_INPUT_UINPUT=m CONFIG_INPUT_PCF50633_PMU=m CONFIG_INPUT_PCF8574=m +# CONFIG_INPUT_PWM_BEEPER is not set CONFIG_INPUT_GPIO_ROTARY_ENCODER=m CONFIG_INPUT_ADXL34X=m CONFIG_INPUT_ADXL34X_I2C=m @@ -2621,6 +2663,7 @@ CONFIG_SERIO_LIBPS2=y CONFIG_SERIO_RAW=m CONFIG_SERIO_ALTERA_PS2=m CONFIG_SERIO_PS2MULT=m +# CONFIG_SERIO_ARC_PS2 is not set # CONFIG_GAMEPORT is not set # @@ -2655,10 +2698,10 @@ CONFIG_STALDRV=y # Serial drivers # CONFIG_SERIAL_8250=y +CONFIG_SERIAL_8250_PNP=y CONFIG_SERIAL_8250_CONSOLE=y CONFIG_FIX_EARLYCON_MEM=y CONFIG_SERIAL_8250_PCI=y -CONFIG_SERIAL_8250_PNP=y CONFIG_SERIAL_8250_CS=m CONFIG_SERIAL_8250_NR_UARTS=16 CONFIG_SERIAL_8250_RUNTIME_UARTS=4 @@ -2672,13 +2715,14 @@ CONFIG_SERIAL_8250_RSA=y # Non-8250 serial port support # CONFIG_SERIAL_MAX3100=m -CONFIG_SERIAL_MAX3107=m +# CONFIG_SERIAL_MAX310X is not set CONFIG_SERIAL_MRST_MAX3110=m CONFIG_SERIAL_MFD_HSU=m CONFIG_SERIAL_UARTLITE=m CONFIG_SERIAL_CORE=y CONFIG_SERIAL_CORE_CONSOLE=y CONFIG_SERIAL_JSM=m +# CONFIG_SERIAL_SCCNXP is not set CONFIG_SERIAL_TIMBERDALE=m CONFIG_SERIAL_ALTERA_JTAGUART=m CONFIG_SERIAL_ALTERA_UART=m @@ -2686,7 +2730,8 @@ CONFIG_SERIAL_ALTERA_UART_MAXPORTS=4 CONFIG_SERIAL_ALTERA_UART_BAUDRATE=115200 CONFIG_SERIAL_IFX6X60=m CONFIG_SERIAL_PCH_UART=m -# CONFIG_SERIAL_XILINX_PS_UART is not set +CONFIG_SERIAL_ARC=m +CONFIG_SERIAL_ARC_NR_PORTS=1 # CONFIG_TTY_PRINTK is not set CONFIG_PRINTER=m # CONFIG_LP_CONSOLE is not set @@ -2708,6 +2753,7 @@ CONFIG_HW_RANDOM_INTEL=m CONFIG_HW_RANDOM_AMD=m CONFIG_HW_RANDOM_VIA=m CONFIG_HW_RANDOM_VIRTIO=m +CONFIG_HW_RANDOM_TPM=m CONFIG_NVRAM=m CONFIG_R3964=m CONFIG_APPLICOM=m @@ -2727,6 +2773,7 @@ CONFIG_HPET_MMAP=y CONFIG_HANGCHECK_TIMER=m CONFIG_TCG_TPM=m CONFIG_TCG_TIS=m +# CONFIG_TCG_TIS_I2C_INFINEON is not set CONFIG_TCG_NSC=m CONFIG_TCG_ATMEL=m CONFIG_TCG_INFINEON=m @@ -2780,6 +2827,7 @@ CONFIG_I2C_SCMI=m # # I2C system bus drivers (mostly embedded / system-on-chip) # +# CONFIG_I2C_CBUS_GPIO is not set # CONFIG_I2C_DESIGNWARE_PCI is not set CONFIG_I2C_EG20T=m CONFIG_I2C_GPIO=m @@ -2820,6 +2868,7 @@ CONFIG_SPI_GPIO=m CONFIG_SPI_LM70_LLP=m # CONFIG_SPI_OC_TINY is not set # CONFIG_SPI_PXA2XX_PCI is not set +# CONFIG_SPI_SC18IS602 is not set CONFIG_SPI_TOPCLIFF_PCH=m CONFIG_SPI_XCOMM=m # CONFIG_SPI_XILINX is not set @@ -2854,9 +2903,12 @@ CONFIG_PPS_CLIENT_LDISC=m # # PTP clock support # -# CONFIG_PTP_1588_CLOCK is not set +CONFIG_PTP_1588_CLOCK=m +# CONFIG_DP83640_PHY is not set +CONFIG_PTP_1588_CLOCK_PCH=m CONFIG_ARCH_WANT_OPTIONAL_GPIOLIB=y CONFIG_GPIOLIB=y +CONFIG_GPIO_ACPI=y # CONFIG_DEBUG_GPIO is not set CONFIG_GPIO_SYSFS=y CONFIG_GPIO_MAX730X=m @@ -2866,6 +2918,7 @@ CONFIG_GPIO_MAX730X=m # # CONFIG_GPIO_GENERIC_PLATFORM is not set CONFIG_GPIO_IT8761E=m +# CONFIG_GPIO_TS5500 is not set CONFIG_GPIO_SCH=m CONFIG_GPIO_ICH=m CONFIG_GPIO_VX855=m @@ -2883,7 +2936,6 @@ CONFIG_GPIO_ADP5588=m # PCI GPIO expanders: # CONFIG_GPIO_CS5535=m -CONFIG_GPIO_BT8XX=m CONFIG_GPIO_AMD8111=m # CONFIG_GPIO_LANGWELL is not set CONFIG_GPIO_PCH=m @@ -2908,6 +2960,10 @@ CONFIG_GPIO_74X164=m # MODULbus GPIO expanders: # CONFIG_GPIO_JANZ_TTL=m + +# +# USB GPIO expanders: +# # CONFIG_W1 is not set CONFIG_POWER_SUPPLY=y # CONFIG_POWER_SUPPLY_DEBUG is not set @@ -2925,7 +2981,9 @@ CONFIG_POWER_SUPPLY=y # CONFIG_CHARGER_MAX8903 is not set # CONFIG_CHARGER_LP8727 is not set # CONFIG_CHARGER_GPIO is not set +# CONFIG_CHARGER_BQ2415X is not set # CONFIG_CHARGER_SMB347 is not set +# CONFIG_POWER_RESET is not set # CONFIG_POWER_AVS is not set CONFIG_HWMON=m CONFIG_HWMON_VID=m @@ -2946,6 +3004,7 @@ CONFIG_SENSORS_ADM1026=m CONFIG_SENSORS_ADM1029=m CONFIG_SENSORS_ADM1031=m CONFIG_SENSORS_ADM9240=m +# CONFIG_SENSORS_ADT7410 is not set CONFIG_SENSORS_ADT7411=m CONFIG_SENSORS_ADT7462=m CONFIG_SENSORS_ADT7470=m @@ -2997,6 +3056,7 @@ CONFIG_SENSORS_MAX1111=m CONFIG_SENSORS_MAX16065=m CONFIG_SENSORS_MAX1619=m CONFIG_SENSORS_MAX1668=m +# CONFIG_SENSORS_MAX197 is not set CONFIG_SENSORS_MAX6639=m CONFIG_SENSORS_MAX6642=m CONFIG_SENSORS_MAX6650=m @@ -3061,6 +3121,13 @@ CONFIG_SENSORS_APPLESMC=m CONFIG_SENSORS_ACPI_POWER=m CONFIG_SENSORS_ATK0110=m CONFIG_THERMAL=y +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_FAIR_SHARE is not set +CONFIG_STEP_WISE=y +# CONFIG_USER_SPACE is not set +# CONFIG_CPU_THERMAL is not set CONFIG_WATCHDOG=y CONFIG_WATCHDOG_CORE=y # CONFIG_WATCHDOG_NOWAYOUT is not set @@ -3136,6 +3203,7 @@ CONFIG_SSB_SDIOHOST=y # CONFIG_SSB_DEBUG is not set CONFIG_SSB_DRIVER_PCICORE_POSSIBLE=y CONFIG_SSB_DRIVER_PCICORE=y +# CONFIG_SSB_DRIVER_GPIO is not set CONFIG_BCMA_POSSIBLE=y # @@ -3149,6 +3217,8 @@ CONFIG_BCMA_POSSIBLE=y CONFIG_MFD_CORE=m CONFIG_MFD_SM501=m # CONFIG_MFD_SM501_GPIO is not set +# CONFIG_MFD_RTSX_PCI is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set CONFIG_HTC_PASIC3=m CONFIG_UCB1400_CORE=m # CONFIG_MFD_LM3533 is not set @@ -3178,6 +3248,8 @@ CONFIG_MFD_RDC321X=m CONFIG_MFD_JANZ_CMODIO=m CONFIG_MFD_VX855=m CONFIG_MFD_WL1273_CORE=m +# CONFIG_MFD_VIPERBOARD is not set +# CONFIG_MFD_RETU is not set # CONFIG_REGULATOR is not set CONFIG_MEDIA_SUPPORT=m @@ -3191,16 +3263,26 @@ CONFIG_MEDIA_DIGITAL_TV_SUPPORT=y CONFIG_MEDIA_RC_SUPPORT=y CONFIG_MEDIA_CONTROLLER=y CONFIG_VIDEO_DEV=m -CONFIG_VIDEO_V4L2_COMMON=m CONFIG_VIDEO_V4L2_SUBDEV_API=y +CONFIG_VIDEO_V4L2=m +# CONFIG_VIDEO_ADV_DEBUG is not set +# CONFIG_VIDEO_FIXED_MINOR_RANGES is not set +CONFIG_VIDEO_TUNER=m +CONFIG_VIDEOBUF_GEN=m +CONFIG_VIDEOBUF_DMA_SG=m +CONFIG_VIDEOBUF_VMALLOC=m +CONFIG_VIDEOBUF_DVB=m +CONFIG_VIDEOBUF2_CORE=m +CONFIG_VIDEOBUF2_MEMOPS=m +CONFIG_VIDEOBUF2_VMALLOC=m CONFIG_DVB_CORE=m CONFIG_DVB_NET=y +CONFIG_DVB_MAX_ADAPTERS=8 +# CONFIG_DVB_DYNAMIC_MINORS is not set # # Media drivers # -CONFIG_VIDEO_SAA7146=m -CONFIG_VIDEO_SAA7146_VV=m CONFIG_RC_CORE=m CONFIG_RC_MAP=m CONFIG_RC_DECODERS=y @@ -3225,147 +3307,10 @@ CONFIG_IR_REDRAT3=m CONFIG_IR_STREAMZAP=m CONFIG_IR_WINBOND_CIR=m CONFIG_IR_IGUANA=m +# CONFIG_IR_TTUSBIR is not set CONFIG_RC_LOOPBACK=m CONFIG_IR_GPIO_CIR=m -CONFIG_MEDIA_ATTACH=y -CONFIG_MEDIA_TUNER_SIMPLE=m -CONFIG_MEDIA_TUNER_TDA827X=m -CONFIG_MEDIA_TUNER_TDA18271=m -CONFIG_MEDIA_TUNER_TDA9887=m -CONFIG_MEDIA_TUNER_MT2060=m -CONFIG_MEDIA_TUNER_MT2063=m -CONFIG_MEDIA_TUNER_MT2266=m -CONFIG_MEDIA_TUNER_MT2131=m -CONFIG_MEDIA_TUNER_QT1010=m -CONFIG_MEDIA_TUNER_XC2028=m -CONFIG_MEDIA_TUNER_XC5000=m -CONFIG_MEDIA_TUNER_XC4000=m -CONFIG_MEDIA_TUNER_MXL5005S=m -CONFIG_MEDIA_TUNER_MXL5007T=m -CONFIG_MEDIA_TUNER_MC44S803=m -CONFIG_MEDIA_TUNER_MAX2165=m -CONFIG_MEDIA_TUNER_TDA18218=m -CONFIG_MEDIA_TUNER_FC0011=m -CONFIG_MEDIA_TUNER_FC0012=m -CONFIG_MEDIA_TUNER_FC0013=m -CONFIG_MEDIA_TUNER_TDA18212=m -CONFIG_MEDIA_TUNER_TUA9001=m -CONFIG_VIDEO_V4L2=m -CONFIG_VIDEOBUF_GEN=m -CONFIG_VIDEOBUF_DMA_SG=m -CONFIG_VIDEOBUF_VMALLOC=m -CONFIG_VIDEO_TVEEPROM=m -CONFIG_VIDEO_TUNER=m -CONFIG_V4L2_MEM2MEM_DEV=m -CONFIG_VIDEOBUF2_CORE=m -CONFIG_VIDEOBUF2_MEMOPS=m -CONFIG_VIDEOBUF2_VMALLOC=m -CONFIG_VIDEO_CAPTURE_DRIVERS=y -# CONFIG_VIDEO_ADV_DEBUG is not set -# CONFIG_VIDEO_FIXED_MINOR_RANGES is not set -# CONFIG_VIDEO_HELPER_CHIPS_AUTO is not set -CONFIG_VIDEO_IR_I2C=m - -# -# Encoders, decoders, sensors and other helper chips -# - -# -# Audio decoders, processors and mixers -# -CONFIG_VIDEO_TVAUDIO=m -CONFIG_VIDEO_TDA7432=m -CONFIG_VIDEO_TDA9840=m -CONFIG_VIDEO_TEA6415C=m -CONFIG_VIDEO_TEA6420=m -CONFIG_VIDEO_MSP3400=m -CONFIG_VIDEO_CS5345=m -CONFIG_VIDEO_CS53L32A=m -CONFIG_VIDEO_TLV320AIC23B=m -CONFIG_VIDEO_WM8775=m -CONFIG_VIDEO_WM8739=m -CONFIG_VIDEO_VP27SMPX=m - -# -# RDS decoders -# -CONFIG_VIDEO_SAA6588=m - -# -# Video decoders -# -CONFIG_VIDEO_ADV7180=m -CONFIG_VIDEO_ADV7183=m -CONFIG_VIDEO_BT819=m -CONFIG_VIDEO_BT856=m -CONFIG_VIDEO_BT866=m -CONFIG_VIDEO_KS0127=m -CONFIG_VIDEO_SAA7110=m -CONFIG_VIDEO_SAA711X=m -CONFIG_VIDEO_SAA7191=m -CONFIG_VIDEO_TVP514X=m -CONFIG_VIDEO_TVP5150=m -CONFIG_VIDEO_TVP7002=m -CONFIG_VIDEO_VPX3220=m - -# -# Video and audio decoders -# -CONFIG_VIDEO_SAA717X=m -CONFIG_VIDEO_CX25840=m - -# -# MPEG video encoders -# -CONFIG_VIDEO_CX2341X=m - -# -# Video encoders -# -CONFIG_VIDEO_SAA7127=m -CONFIG_VIDEO_SAA7185=m -CONFIG_VIDEO_ADV7170=m -CONFIG_VIDEO_ADV7175=m -CONFIG_VIDEO_ADV7343=m -CONFIG_VIDEO_ADV7393=m -CONFIG_VIDEO_AK881X=m - -# -# Camera sensor devices -# -CONFIG_VIDEO_APTINA_PLL=m -CONFIG_VIDEO_OV7670=m -CONFIG_VIDEO_VS6624=m -CONFIG_VIDEO_MT9M032=m -CONFIG_VIDEO_MT9P031=m -CONFIG_VIDEO_MT9T001=m -CONFIG_VIDEO_MT9V011=m -CONFIG_VIDEO_MT9V032=m -CONFIG_VIDEO_TCM825X=m -# CONFIG_VIDEO_SR030PC30 is not set -CONFIG_VIDEO_NOON010PC30=m -# CONFIG_VIDEO_M5MOLS is not set -CONFIG_VIDEO_S5K6AA=m - -# -# Flash devices -# -# CONFIG_VIDEO_ADP1653 is not set -# CONFIG_VIDEO_AS3645A is not set - -# -# Video improvement chips -# -CONFIG_VIDEO_UPD64031A=m -CONFIG_VIDEO_UPD64083=m - -# -# Miscelaneous helper chips -# -CONFIG_VIDEO_THS7303=m -CONFIG_VIDEO_M52790=m -# CONFIG_VIDEO_VIVI is not set -CONFIG_V4L_USB_DRIVERS=y +CONFIG_MEDIA_USB_SUPPORT=y # # Webcam devices @@ -3427,34 +3372,18 @@ CONFIG_USB_S2255=m CONFIG_USB_SN9C102=m # -# Webcam and/or TV USB devices +# Analog/digital TV USB devices # -CONFIG_VIDEO_EM28XX=m -CONFIG_VIDEO_EM28XX_ALSA=m -# CONFIG_VIDEO_EM28XX_DVB is not set -CONFIG_VIDEO_EM28XX_RC=m -# CONFIG_V4L_ISA_PARPORT_DRIVERS is not set -# CONFIG_V4L_PLATFORM_DRIVERS is not set -CONFIG_V4L_MEM2MEM_DRIVERS=y -CONFIG_VIDEO_MEM2MEM_TESTDEV=m -CONFIG_DVB_MAX_ADAPTERS=8 -# CONFIG_DVB_DYNAMIC_MINORS is not set -CONFIG_DVB_CAPTURE_DRIVERS=y +CONFIG_VIDEO_CX231XX=m +CONFIG_VIDEO_CX231XX_RC=y +CONFIG_VIDEO_CX231XX_ALSA=m +CONFIG_VIDEO_CX231XX_DVB=m +CONFIG_VIDEO_TM6000=m +CONFIG_VIDEO_TM6000_ALSA=m +CONFIG_VIDEO_TM6000_DVB=m # -# Supported SAA7146 based PCI Adapters -# -CONFIG_TTPCI_EEPROM=m -CONFIG_DVB_AV7110=m -CONFIG_DVB_AV7110_OSD=y -CONFIG_DVB_BUDGET_CORE=m -CONFIG_DVB_BUDGET=m -CONFIG_DVB_BUDGET_CI=m -CONFIG_DVB_BUDGET_AV=m -CONFIG_DVB_BUDGET_PATCH=m - -# -# Supported USB Adapters +# Digital TV USB devices # CONFIG_DVB_USB=m # CONFIG_DVB_USB_DEBUG is not set @@ -3466,8 +3395,6 @@ CONFIG_DVB_USB_DIB0700=m CONFIG_DVB_USB_UMT_010=m CONFIG_DVB_USB_CXUSB=m CONFIG_DVB_USB_M920X=m -CONFIG_DVB_USB_GL861=m -CONFIG_DVB_USB_AU6610=m CONFIG_DVB_USB_DIGITV=m CONFIG_DVB_USB_VP7045=m CONFIG_DVB_USB_VP702X=m @@ -3481,84 +3408,198 @@ CONFIG_DVB_USB_AF9005_REMOTE=m CONFIG_DVB_USB_PCTV452E=m CONFIG_DVB_USB_DW2102=m CONFIG_DVB_USB_CINERGY_T2=m -CONFIG_DVB_USB_ANYSEE=m CONFIG_DVB_USB_DTV5100=m -CONFIG_DVB_USB_AF9015=m -CONFIG_DVB_USB_CE6230=m CONFIG_DVB_USB_FRIIO=m -CONFIG_DVB_USB_EC168=m -CONFIG_DVB_USB_AZ6007=m CONFIG_DVB_USB_AZ6027=m -CONFIG_DVB_USB_LME2510=m CONFIG_DVB_USB_TECHNISAT_USB2=m +CONFIG_DVB_USB_V2=m +CONFIG_DVB_USB_CYPRESS_FIRMWARE=m +CONFIG_DVB_USB_AF9015=m +CONFIG_DVB_USB_AF9035=m +CONFIG_DVB_USB_ANYSEE=m +CONFIG_DVB_USB_AU6610=m +CONFIG_DVB_USB_AZ6007=m +CONFIG_DVB_USB_CE6230=m +CONFIG_DVB_USB_EC168=m +CONFIG_DVB_USB_GL861=m CONFIG_DVB_USB_IT913X=m +CONFIG_DVB_USB_LME2510=m CONFIG_DVB_USB_MXL111SF=m CONFIG_DVB_USB_RTL28XXU=m -CONFIG_DVB_USB_AF9035=m CONFIG_DVB_TTUSB_BUDGET=m CONFIG_DVB_TTUSB_DEC=m -CONFIG_SMS_SIANO_MDTV=m +# CONFIG_SMS_USB_DRV is not set +CONFIG_DVB_B2C2_FLEXCOP_USB=m +# CONFIG_DVB_B2C2_FLEXCOP_USB_DEBUG is not set # -# Siano module components +# Webcam, TV (analog/digital) USB devices # -# CONFIG_SMS_USB_DRV is not set -# CONFIG_SMS_SDIO_DRV is not set +CONFIG_VIDEO_EM28XX=m +CONFIG_VIDEO_EM28XX_ALSA=m +# CONFIG_VIDEO_EM28XX_DVB is not set +CONFIG_VIDEO_EM28XX_RC=m +CONFIG_MEDIA_PCI_SUPPORT=y # -# Supported FlexCopII (B2C2) Adapters +# Media capture support # -CONFIG_DVB_B2C2_FLEXCOP=m -CONFIG_DVB_B2C2_FLEXCOP_PCI=m -CONFIG_DVB_B2C2_FLEXCOP_USB=m -# CONFIG_DVB_B2C2_FLEXCOP_DEBUG is not set +# CONFIG_VIDEO_MEYE is not set # -# Supported BT878 Adapters +# Media capture/analog/hybrid TV support # +CONFIG_VIDEO_CX18=m +CONFIG_VIDEO_CX18_ALSA=m +CONFIG_VIDEO_CX23885=m +CONFIG_MEDIA_ALTERA_CI=m +CONFIG_VIDEO_CX25821=m +CONFIG_VIDEO_CX25821_ALSA=m +CONFIG_VIDEO_CX88=m +CONFIG_VIDEO_CX88_ALSA=m +CONFIG_VIDEO_CX88_BLACKBIRD=m +CONFIG_VIDEO_CX88_DVB=m +CONFIG_VIDEO_CX88_VP3054=m +CONFIG_VIDEO_CX88_MPEG=m +CONFIG_VIDEO_BT848=m +CONFIG_DVB_BT8XX=m +CONFIG_VIDEO_SAA7134=m +CONFIG_VIDEO_SAA7134_ALSA=m +CONFIG_VIDEO_SAA7134_RC=y +CONFIG_VIDEO_SAA7134_DVB=m +CONFIG_VIDEO_SAA7164=m # -# Supported Pluto2 Adapters +# Media digital TV PCI Adapters # +CONFIG_TTPCI_EEPROM=m +CONFIG_DVB_AV7110=m +CONFIG_DVB_AV7110_OSD=y +CONFIG_DVB_BUDGET_CORE=m +CONFIG_DVB_BUDGET=m +CONFIG_DVB_BUDGET_CI=m +CONFIG_DVB_BUDGET_AV=m +CONFIG_DVB_BUDGET_PATCH=m +CONFIG_DVB_B2C2_FLEXCOP_PCI=m +# CONFIG_DVB_B2C2_FLEXCOP_PCI_DEBUG is not set CONFIG_DVB_PLUTO2=m +CONFIG_DVB_DM1105=m +CONFIG_DVB_PT1=m +CONFIG_MANTIS_CORE=m +CONFIG_DVB_MANTIS=m +CONFIG_DVB_HOPPER=m +CONFIG_DVB_NGENE=m +CONFIG_DVB_DDBRIDGE=m +# CONFIG_V4L_PLATFORM_DRIVERS is not set +CONFIG_V4L_MEM2MEM_DRIVERS=y +# CONFIG_VIDEO_MEM2MEM_DEINTERLACE is not set +# CONFIG_V4L_TEST_DRIVERS is not set # -# Supported SDMC DM1105 Adapters +# Supported MMC/SDIO adapters # -CONFIG_DVB_DM1105=m +# CONFIG_SMS_SDIO_DRV is not set +CONFIG_MEDIA_PARPORT_SUPPORT=y +# CONFIG_VIDEO_BWQCAM is not set +# CONFIG_VIDEO_CQCAM is not set # # Supported FireWire (IEEE 1394) Adapters # CONFIG_DVB_FIREDTV=m CONFIG_DVB_FIREDTV_INPUT=y +CONFIG_DVB_B2C2_FLEXCOP=m +CONFIG_VIDEO_SAA7146=m +CONFIG_VIDEO_SAA7146_VV=m +CONFIG_MEDIA_SUBDRV_AUTOSELECT=y # -# Supported Earthsoft PT1 Adapters +# Media ancillary drivers (tuners, sensors, i2c, frontends) # -CONFIG_DVB_PT1=m +CONFIG_VIDEO_BTCX=m +CONFIG_VIDEO_TVEEPROM=m +CONFIG_VIDEO_IR_I2C=m # -# Supported Mantis Adapters +# Audio decoders, processors and mixers # -CONFIG_MANTIS_CORE=m -CONFIG_DVB_MANTIS=m -CONFIG_DVB_HOPPER=m +CONFIG_VIDEO_TVAUDIO=m +CONFIG_VIDEO_TDA7432=m +CONFIG_VIDEO_MSP3400=m +CONFIG_VIDEO_CS5345=m +CONFIG_VIDEO_WM8775=m # -# Supported nGene Adapters +# RDS decoders # -CONFIG_DVB_NGENE=m +CONFIG_VIDEO_SAA6588=m # -# Supported ddbridge ('Octopus') Adapters +# Video decoders +# +CONFIG_VIDEO_SAA711X=m +CONFIG_VIDEO_TVP5150=m + +# +# Video and audio decoders +# +CONFIG_VIDEO_CX25840=m + +# +# MPEG video encoders +# +CONFIG_VIDEO_CX2341X=m + +# +# Video encoders +# + +# +# Camera sensor devices +# +CONFIG_VIDEO_MT9V011=m + +# +# Flash devices # -CONFIG_DVB_DDBRIDGE=m # -# Supported DVB Frontends +# Video improvement chips +# + +# +# Miscelaneous helper chips # -# CONFIG_DVB_FE_CUSTOMISE is not set + +# +# Sensors used on soc_camera driver +# +CONFIG_MEDIA_ATTACH=y +CONFIG_MEDIA_TUNER_SIMPLE=m +CONFIG_MEDIA_TUNER_TDA8290=m +CONFIG_MEDIA_TUNER_TDA827X=m +CONFIG_MEDIA_TUNER_TDA18271=m +CONFIG_MEDIA_TUNER_TDA9887=m +CONFIG_MEDIA_TUNER_MT2060=m +CONFIG_MEDIA_TUNER_MT2063=m +CONFIG_MEDIA_TUNER_MT2266=m +CONFIG_MEDIA_TUNER_MT2131=m +CONFIG_MEDIA_TUNER_QT1010=m +CONFIG_MEDIA_TUNER_XC2028=m +CONFIG_MEDIA_TUNER_XC5000=m +CONFIG_MEDIA_TUNER_XC4000=m +CONFIG_MEDIA_TUNER_MXL5005S=m +CONFIG_MEDIA_TUNER_MXL5007T=m +CONFIG_MEDIA_TUNER_MC44S803=m +CONFIG_MEDIA_TUNER_MAX2165=m +CONFIG_MEDIA_TUNER_TDA18218=m +CONFIG_MEDIA_TUNER_FC0011=m +CONFIG_MEDIA_TUNER_FC0012=m +CONFIG_MEDIA_TUNER_FC0013=m +CONFIG_MEDIA_TUNER_TDA18212=m +CONFIG_MEDIA_TUNER_E4000=m +CONFIG_MEDIA_TUNER_FC2580=m +CONFIG_MEDIA_TUNER_TUA9001=m # # Multistandard (satellite) frontends @@ -3577,8 +3618,10 @@ CONFIG_DVB_TDA18271C2DD=m # # DVB-S (satellite) frontends # +CONFIG_DVB_CX24110=m CONFIG_DVB_CX24123=m CONFIG_DVB_MT312=m +CONFIG_DVB_ZL10036=m CONFIG_DVB_ZL10039=m CONFIG_DVB_S5H1420=m CONFIG_DVB_STV0288=m @@ -3603,6 +3646,7 @@ CONFIG_DVB_MB86A16=m # DVB-T (terrestrial) frontends # CONFIG_DVB_SP8870=m +CONFIG_DVB_SP887X=m CONFIG_DVB_CX22700=m CONFIG_DVB_CX22702=m CONFIG_DVB_L64781=m @@ -3614,8 +3658,10 @@ CONFIG_DVB_DIB3000MB=m CONFIG_DVB_DIB3000MC=m CONFIG_DVB_DIB7000M=m CONFIG_DVB_DIB7000P=m +CONFIG_DVB_TDA10048=m CONFIG_DVB_AF9013=m CONFIG_DVB_EC100=m +CONFIG_DVB_STV0367=m CONFIG_DVB_CXD2820R=m CONFIG_DVB_RTL2830=m CONFIG_DVB_RTL2832=m @@ -3632,16 +3678,20 @@ CONFIG_DVB_STV0297=m # ATSC (North American/Korean Terrestrial/Cable DTV) frontends # CONFIG_DVB_NXT200X=m +CONFIG_DVB_OR51211=m +CONFIG_DVB_OR51132=m CONFIG_DVB_BCM3510=m CONFIG_DVB_LGDT330X=m CONFIG_DVB_LGDT3305=m CONFIG_DVB_LG2160=m +CONFIG_DVB_S5H1409=m CONFIG_DVB_S5H1411=m # # ISDB-T (terrestrial) frontends # CONFIG_DVB_DIB8000=m +CONFIG_DVB_MB86A20S=m # # Digital terrestrial only tuners/PLL @@ -3655,6 +3705,7 @@ CONFIG_DVB_TUNER_DIB0090=m # CONFIG_DVB_LNBP21=m CONFIG_DVB_LNBP22=m +CONFIG_DVB_ISL6405=m CONFIG_DVB_ISL6421=m CONFIG_DVB_ISL6423=m CONFIG_DVB_LGS8GXX=m @@ -3690,8 +3741,9 @@ CONFIG_DRM_R128=m CONFIG_DRM_RADEON=m # CONFIG_DRM_RADEON_KMS is not set CONFIG_DRM_NOUVEAU=m +CONFIG_NOUVEAU_DEBUG=5 +CONFIG_NOUVEAU_DEBUG_DEFAULT=3 CONFIG_DRM_NOUVEAU_BACKLIGHT=y -CONFIG_DRM_NOUVEAU_DEBUG=y # # I2C encoder or helper chips @@ -3840,7 +3892,6 @@ CONFIG_LCD_S6E63M0=m CONFIG_LCD_AMS369FG06=m CONFIG_BACKLIGHT_CLASS_DEVICE=m CONFIG_BACKLIGHT_GENERIC=m -CONFIG_BACKLIGHT_PROGEAR=m CONFIG_BACKLIGHT_CARILLO_RANCH=m CONFIG_BACKLIGHT_PWM=m # CONFIG_BACKLIGHT_APPLE is not set @@ -3848,6 +3899,8 @@ CONFIG_BACKLIGHT_SAHARA=m CONFIG_BACKLIGHT_ADP8860=m # CONFIG_BACKLIGHT_ADP8870 is not set CONFIG_BACKLIGHT_PCF50633=m +# CONFIG_BACKLIGHT_LM3630 is not set +# CONFIG_BACKLIGHT_LM3639 is not set # CONFIG_BACKLIGHT_LP855X is not set # CONFIG_BACKLIGHT_OT200 is not set @@ -3872,6 +3925,7 @@ CONFIG_SND_TIMER=m CONFIG_SND_PCM=m CONFIG_SND_HWDEP=m CONFIG_SND_RAWMIDI=m +CONFIG_SND_COMPRESS_OFFLOAD=m CONFIG_SND_JACK=y CONFIG_SND_SEQUENCER=m CONFIG_SND_SEQ_DUMMY=m @@ -3983,7 +4037,7 @@ CONFIG_SND_HDA_CODEC_CA0132=y CONFIG_SND_HDA_CODEC_CMEDIA=y CONFIG_SND_HDA_CODEC_SI3054=y CONFIG_SND_HDA_GENERIC=y -# CONFIG_SND_HDA_POWER_SAVE is not set +CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 CONFIG_SND_HDSP=m CONFIG_SND_HDSPM=m CONFIG_SND_ICE1712=m @@ -4022,6 +4076,7 @@ CONFIG_SND_FIREWIRE=y CONFIG_SND_FIREWIRE_LIB=m CONFIG_SND_FIREWIRE_SPEAKERS=m CONFIG_SND_ISIGHT=m +CONFIG_SND_SCS1X=m CONFIG_SND_PCMCIA=y CONFIG_SND_VXPOCKET=m CONFIG_SND_PDAUDIOCF=m @@ -4029,6 +4084,7 @@ CONFIG_SND_SOC=m CONFIG_SND_SOC_I2C_AND_SPI=m CONFIG_SND_SOC_ALL_CODECS=m CONFIG_SND_SOC_WM_HUBS=m +CONFIG_SND_SOC_WM_ADSP=m CONFIG_SND_SOC_AB8500_CODEC=m CONFIG_SND_SOC_AD1836=m CONFIG_SND_SOC_AD193X=m @@ -4053,10 +4109,12 @@ CONFIG_SND_SOC_JZ4740_CODEC=m CONFIG_SND_SOC_L3=m CONFIG_SND_SOC_DA7210=m CONFIG_SND_SOC_DA732X=m +CONFIG_SND_SOC_DA9055=m CONFIG_SND_SOC_DFBMCS320=m CONFIG_SND_SOC_ISABELLE=m CONFIG_SND_SOC_LM49453=m CONFIG_SND_SOC_MAX98088=m +CONFIG_SND_SOC_MAX98090=m CONFIG_SND_SOC_MAX98095=m CONFIG_SND_SOC_MAX9850=m CONFIG_SND_SOC_PCM3008=m @@ -4074,6 +4132,7 @@ CONFIG_SND_SOC_TLV320DAC33=m CONFIG_SND_SOC_UDA134X=m CONFIG_SND_SOC_UDA1380=m CONFIG_SND_SOC_WL1273=m +CONFIG_SND_SOC_WM0010=m CONFIG_SND_SOC_WM1250_EV1=m CONFIG_SND_SOC_WM2000=m CONFIG_SND_SOC_WM2200=m @@ -4153,6 +4212,7 @@ CONFIG_HID_KEYTOUCH=m # CONFIG_HID_UCLOGIC is not set # CONFIG_HID_WALTOP is not set # CONFIG_HID_GYRATION is not set +CONFIG_HID_ICADE=m # CONFIG_HID_TWINHAN is not set # CONFIG_HID_KENSINGTON is not set CONFIG_HID_LCPOWER=m @@ -4176,7 +4236,9 @@ CONFIG_HID_PICOLCD_FB=y CONFIG_HID_PICOLCD_BACKLIGHT=y CONFIG_HID_PICOLCD_LCD=y CONFIG_HID_PICOLCD_LEDS=y +CONFIG_HID_PICOLCD_CIR=y CONFIG_HID_PRIMAX=m +# CONFIG_HID_PS3REMOTE is not set CONFIG_HID_ROCCAT=m # CONFIG_HID_SAITEK is not set # CONFIG_HID_SAMSUNG is not set @@ -4194,6 +4256,7 @@ CONFIG_HID_WIIMOTE=m CONFIG_HID_WIIMOTE_EXT=y # CONFIG_HID_ZEROPLUS is not set CONFIG_HID_ZYDACRON=m +CONFIG_HID_SENSOR_HUB=m # # USB HID support @@ -4207,6 +4270,11 @@ CONFIG_USB_HID=m # CONFIG_USB_KBD=m CONFIG_USB_MOUSE=m + +# +# I2C HID support +# +CONFIG_I2C_HID=m CONFIG_USB_ARCH_HAS_OHCI=y CONFIG_USB_ARCH_HAS_EHCI=y CONFIG_USB_ARCH_HAS_XHCI=y @@ -4237,6 +4305,7 @@ CONFIG_USB_XHCI_HCD=m CONFIG_USB_EHCI_HCD=m # CONFIG_USB_EHCI_ROOT_HUB_TT is not set # CONFIG_USB_EHCI_TT_NEWSCHED is not set +CONFIG_USB_EHCI_PCI=m CONFIG_USB_OXU210HP_HCD=m CONFIG_USB_ISP116X_HCD=m CONFIG_USB_ISP1760_HCD=m @@ -4244,7 +4313,7 @@ CONFIG_USB_ISP1362_HCD=m CONFIG_USB_OHCI_HCD=m CONFIG_USB_OHCI_HCD_SSB=y CONFIG_USB_OHCI_HCD_PLATFORM=y -CONFIG_USB_EHCI_HCD_PLATFORM=y +CONFIG_USB_EHCI_HCD_PLATFORM=m # CONFIG_USB_OHCI_BIG_ENDIAN_DESC is not set # CONFIG_USB_OHCI_BIG_ENDIAN_MMIO is not set CONFIG_USB_OHCI_LITTLE_ENDIAN=y @@ -4289,8 +4358,6 @@ CONFIG_USB_STORAGE_ONETOUCH=m CONFIG_USB_STORAGE_KARMA=m CONFIG_USB_STORAGE_CYPRESS_ATACB=m CONFIG_USB_STORAGE_ENE_UB6250=m -CONFIG_USB_UAS=m -CONFIG_USB_LIBUSUAL=y # # USB Imaging devices @@ -4303,7 +4370,6 @@ CONFIG_USB_LIBUSUAL=y # CONFIG_USB_USS720=m CONFIG_USB_SERIAL=m -CONFIG_USB_EZUSB=y CONFIG_USB_SERIAL_GENERIC=y CONFIG_USB_SERIAL_AIRCABLE=m CONFIG_USB_SERIAL_ARK3116=m @@ -4356,6 +4422,7 @@ CONFIG_USB_SERIAL_OMNINET=m CONFIG_USB_SERIAL_OPTICON=m CONFIG_USB_SERIAL_VIVOPAY_SERIAL=m CONFIG_USB_SERIAL_ZIO=m +# CONFIG_USB_SERIAL_ZTE is not set # CONFIG_USB_SERIAL_SSU100 is not set CONFIG_USB_SERIAL_QT2=m CONFIG_USB_SERIAL_DEBUG=m @@ -4384,11 +4451,13 @@ CONFIG_USB_IOWARRIOR=m CONFIG_USB_TEST=m CONFIG_USB_ISIGHTFW=m # CONFIG_USB_YUREX is not set +CONFIG_USB_EZUSB_FX2=m # # USB Physical Layer drivers # # CONFIG_USB_ISP1301 is not set +# CONFIG_USB_RCAR_PHY is not set CONFIG_USB_ATM=m CONFIG_USB_SPEEDTOUCH=m CONFIG_USB_CXACRU=m @@ -4426,6 +4495,7 @@ CONFIG_MMC_TEST=m CONFIG_MMC_SDHCI=m CONFIG_MMC_SDHCI_PCI=m CONFIG_MMC_RICOH_MMC=y +# CONFIG_MMC_SDHCI_ACPI is not set CONFIG_MMC_SDHCI_PLTFM=m CONFIG_MMC_WBSD=m CONFIG_MMC_TIFM_SD=m @@ -4457,6 +4527,7 @@ CONFIG_LEDS_CLASS=y # LED drivers # CONFIG_LEDS_LM3530=m +# CONFIG_LEDS_LM3642 is not set CONFIG_LEDS_PCA9532=m # CONFIG_LEDS_PCA9532_GPIO is not set CONFIG_LEDS_GPIO=m @@ -4472,7 +4543,7 @@ CONFIG_LEDS_INTEL_SS4200=m CONFIG_LEDS_LT3593=m CONFIG_LEDS_DELL_NETBOOKS=m # CONFIG_LEDS_TCA6507 is not set -CONFIG_LEDS_LM3556=m +# CONFIG_LEDS_LM355x is not set # CONFIG_LEDS_OT200 is not set CONFIG_LEDS_BLINKM=m CONFIG_LEDS_TRIGGERS=y @@ -4484,6 +4555,7 @@ CONFIG_LEDS_TRIGGER_TIMER=m CONFIG_LEDS_TRIGGER_ONESHOT=m CONFIG_LEDS_TRIGGER_HEARTBEAT=m CONFIG_LEDS_TRIGGER_BACKLIGHT=m +# CONFIG_LEDS_TRIGGER_CPU is not set CONFIG_LEDS_TRIGGER_GPIO=m CONFIG_LEDS_TRIGGER_DEFAULT_ON=m @@ -4545,6 +4617,7 @@ CONFIG_RTC_DRV_RS5C372=m CONFIG_RTC_DRV_ISL1208=m # CONFIG_RTC_DRV_ISL12022 is not set CONFIG_RTC_DRV_X1205=m +CONFIG_RTC_DRV_PCF8523=m CONFIG_RTC_DRV_PCF8563=m CONFIG_RTC_DRV_PCF8583=m CONFIG_RTC_DRV_M41T80=m @@ -4586,6 +4659,7 @@ CONFIG_RTC_DRV_MSM6242=m CONFIG_RTC_DRV_BQ4802=m CONFIG_RTC_DRV_RP5C01=m CONFIG_RTC_DRV_V3020=m +CONFIG_RTC_DRV_DS2404=m CONFIG_RTC_DRV_PCF50633=m # @@ -4620,6 +4694,7 @@ CONFIG_UIO=m CONFIG_UIO_CIF=m CONFIG_UIO_PDRV=m CONFIG_UIO_PDRV_GENIRQ=m +# CONFIG_UIO_DMEM_GENIRQ is not set CONFIG_UIO_AEC=m CONFIG_UIO_SERCOS3=m CONFIG_UIO_PCI_GENERIC=m @@ -4628,7 +4703,6 @@ CONFIG_VFIO_IOMMU_TYPE1=m CONFIG_VFIO=m CONFIG_VFIO_PCI=m CONFIG_VIRTIO=m -CONFIG_VIRTIO_RING=m # # Virtio drivers @@ -4643,6 +4717,7 @@ CONFIG_VIRTIO_MMIO=m # CONFIG_HYPERV=m CONFIG_HYPERV_UTILS=m +CONFIG_HYPERV_BALLOON=m # # Xen driver support @@ -4661,6 +4736,7 @@ CONFIG_SWIOTLB_XEN=y CONFIG_XEN_PCIDEV_BACKEND=m CONFIG_XEN_PRIVCMD=m CONFIG_XEN_ACPI_PROCESSOR=m +CONFIG_XEN_HAVE_PVMMU=y CONFIG_STAGING=y # CONFIG_ET131X is not set # CONFIG_SLICOSS is not set @@ -4682,7 +4758,6 @@ CONFIG_RTLLIB_CRYPTO_TKIP=m CONFIG_RTLLIB_CRYPTO_WEP=m # CONFIG_RTL8192E is not set # CONFIG_R8712U is not set -# CONFIG_RTS_PSTOR is not set # CONFIG_RTS5139 is not set # CONFIG_TRANZPORT is not set # CONFIG_IDE_PHISON is not set @@ -4716,9 +4791,7 @@ CONFIG_RTLLIB_CRYPTO_WEP=m # Android # # CONFIG_ANDROID is not set -# CONFIG_PHONE is not set # CONFIG_USB_WPAN_HCD is not set -# CONFIG_IPACK_BUS is not set CONFIG_WIMAX_GDM72XX=m # CONFIG_WIMAX_GDM72XX_QOS is not set # CONFIG_WIMAX_GDM72XX_K_MODE is not set @@ -4726,6 +4799,13 @@ CONFIG_WIMAX_GDM72XX=m CONFIG_WIMAX_GDM72XX_USB=y # CONFIG_WIMAX_GDM72XX_SDIO is not set # CONFIG_CSR_WIFI is not set +CONFIG_NET_VENDOR_SILICOM=y +# CONFIG_SBYPASS is not set +# CONFIG_BPCTL is not set +# CONFIG_CED1401 is not set +# CONFIG_DGRP is not set +# CONFIG_SB105X is not set +# CONFIG_FIREWIRE_SERIAL is not set CONFIG_X86_PLATFORM_DEVICES=y CONFIG_ACER_WMI=m CONFIG_ACERHDF=m @@ -4793,6 +4873,8 @@ CONFIG_IRQ_REMAP=y # # Remoteproc drivers (EXPERIMENTAL) # +CONFIG_REMOTEPROC=m +CONFIG_STE_MODEM_RPROC=m # # Rpmsg drivers (EXPERIMENTAL) @@ -4809,6 +4891,7 @@ CONFIG_MEMORY=y # CONFIG_IIO is not set # CONFIG_VME_BUS is not set CONFIG_PWM=y +# CONFIG_IPACK_BUS is not set # # Firmware Drivers @@ -4838,7 +4921,6 @@ CONFIG_EXT3_FS_XATTR=y CONFIG_EXT3_FS_POSIX_ACL=y CONFIG_EXT3_FS_SECURITY=y CONFIG_EXT4_FS=m -CONFIG_EXT4_FS_XATTR=y CONFIG_EXT4_FS_POSIX_ACL=y CONFIG_EXT4_FS_SECURITY=y # CONFIG_EXT4_DEBUG is not set @@ -5002,6 +5084,10 @@ CONFIG_UFS_FS=m # CONFIG_UFS_DEBUG is not set CONFIG_EXOFS_FS=m # CONFIG_EXOFS_DEBUG is not set +CONFIG_F2FS_FS=m +CONFIG_F2FS_STAT_FS=y +CONFIG_F2FS_FS_XATTR=y +CONFIG_F2FS_FS_POSIX_ACL=y CONFIG_ORE=m CONFIG_NETWORK_FILESYSTEMS=y CONFIG_NFS_FS=m @@ -5035,10 +5121,12 @@ CONFIG_CIFS=m # CONFIG_CIFS_UPCALL is not set CONFIG_CIFS_XATTR=y CONFIG_CIFS_POSIX=y +CONFIG_CIFS_ACL=y +CONFIG_CIFS_DEBUG=y # CONFIG_CIFS_DEBUG2 is not set CONFIG_CIFS_DFS_UPCALL=y +# CONFIG_CIFS_SMB2 is not set # CONFIG_CIFS_FSCACHE is not set -CONFIG_CIFS_ACL=y # CONFIG_NCP_FS is not set # CONFIG_CODA_FS is not set # CONFIG_AFS_FS is not set @@ -5131,15 +5219,13 @@ CONFIG_SCHEDSTATS=y CONFIG_TIMER_STATS=y # CONFIG_DEBUG_OBJECTS is not set # CONFIG_SLUB_STATS is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y # CONFIG_DEBUG_KMEMLEAK is not set # CONFIG_DEBUG_RT_MUTEXES is not set # CONFIG_RT_MUTEX_TESTER is not set # CONFIG_DEBUG_SPINLOCK is not set # CONFIG_DEBUG_MUTEXES is not set -# CONFIG_DEBUG_LOCK_ALLOC is not set -# CONFIG_PROVE_LOCKING is not set # CONFIG_SPARSE_RCU_POINTER is not set -# CONFIG_LOCK_STAT is not set # CONFIG_DEBUG_ATOMIC_SLEEP is not set # CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set CONFIG_STACKTRACE=y @@ -5181,11 +5267,15 @@ CONFIG_HAVE_FUNCTION_TRACE_MCOUNT_TEST=y CONFIG_HAVE_DYNAMIC_FTRACE=y CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_TRACE_CLOCK=y CONFIG_RING_BUFFER=y CONFIG_RING_BUFFER_ALLOW_SWAP=y CONFIG_TRACING_SUPPORT=y # CONFIG_FTRACE is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_INTERVAL_TREE_TEST is not set # CONFIG_DYNAMIC_DEBUG is not set # CONFIG_DMA_API_DEBUG is not set # CONFIG_ATOMIC64_SELFTEST is not set @@ -5279,6 +5369,7 @@ CONFIG_PAX_RANDMMAP=y # CONFIG_PAX_MEMORY_SANITIZE is not set # CONFIG_PAX_MEMORY_STACKLEAK is not set CONFIG_PAX_REFCOUNT=y +CONFIG_PAX_CONSTIFY_PLUGIN=y # CONFIG_PAX_USERCOPY is not set # CONFIG_PAX_SIZE_OVERFLOW is not set # CONFIG_PAX_LATENT_ENTROPY is not set @@ -5289,6 +5380,7 @@ CONFIG_PAX_REFCOUNT=y CONFIG_GRKERNSEC_KMEM=y # CONFIG_GRKERNSEC_IO is not set CONFIG_GRKERNSEC_JIT_HARDEN=y +CONFIG_GRKERNSEC_RAND_THREADSTACK=y CONFIG_GRKERNSEC_PROC_MEMMAP=y # CONFIG_GRKERNSEC_BRUTE is not set # CONFIG_GRKERNSEC_MODHARDEN is not set @@ -5315,6 +5407,7 @@ CONFIG_GRKERNSEC_LINK=y CONFIG_GRKERNSEC_FIFO=y CONFIG_GRKERNSEC_SYSFS_RESTRICT=y # CONFIG_GRKERNSEC_ROFS is not set +CONFIG_GRKERNSEC_DEVICE_SIDECHANNEL=y CONFIG_GRKERNSEC_CHROOT=y CONFIG_GRKERNSEC_CHROOT_MOUNT=y CONFIG_GRKERNSEC_CHROOT_DOUBLE=y @@ -5361,6 +5454,7 @@ CONFIG_GRKERNSEC_SETXID=y # CONFIG_GRKERNSEC_RANDNET=y # CONFIG_GRKERNSEC_BLACKHOLE is not set +CONFIG_GRKERNSEC_NO_SIMULT_CONNECT=y # CONFIG_GRKERNSEC_SOCKET is not set # @@ -5452,6 +5546,7 @@ CONFIG_CRYPTO_VMAC=m # Digest # CONFIG_CRYPTO_CRC32C=m +CONFIG_CRYPTO_CRC32C_X86_64=y CONFIG_CRYPTO_CRC32C_INTEL=m CONFIG_CRYPTO_GHASH=m CONFIG_CRYPTO_MD4=m @@ -5472,7 +5567,7 @@ CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=m # # Ciphers # -CONFIG_CRYPTO_AES=m +CONFIG_CRYPTO_AES=y CONFIG_CRYPTO_AES_X86_64=m CONFIG_CRYPTO_AES_NI_INTEL=m CONFIG_CRYPTO_ANUBIS=m @@ -5482,8 +5577,12 @@ CONFIG_CRYPTO_BLOWFISH_COMMON=m CONFIG_CRYPTO_BLOWFISH_X86_64=m CONFIG_CRYPTO_CAMELLIA=m CONFIG_CRYPTO_CAMELLIA_X86_64=m +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set +CONFIG_CRYPTO_CAST_COMMON=m CONFIG_CRYPTO_CAST5=m +CONFIG_CRYPTO_CAST5_AVX_X86_64=m CONFIG_CRYPTO_CAST6=m +CONFIG_CRYPTO_CAST6_AVX_X86_64=m CONFIG_CRYPTO_DES=m CONFIG_CRYPTO_FCRYPT=m CONFIG_CRYPTO_KHAZAD=m @@ -5518,6 +5617,10 @@ CONFIG_CRYPTO_HW=y CONFIG_CRYPTO_DEV_PADLOCK=m CONFIG_CRYPTO_DEV_PADLOCK_AES=m CONFIG_CRYPTO_DEV_PADLOCK_SHA=m +CONFIG_ASYMMETRIC_KEY_TYPE=m +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=m +CONFIG_PUBLIC_KEY_ALGO_RSA=m +CONFIG_X509_CERTIFICATE_PARSER=m CONFIG_HAVE_KVM=y CONFIG_HAVE_KVM_IRQCHIP=y CONFIG_HAVE_KVM_EVENTFD=y @@ -5525,6 +5628,7 @@ CONFIG_KVM_APIC_ARCHITECTURE=y CONFIG_KVM_MMIO=y CONFIG_KVM_ASYNC_PF=y CONFIG_HAVE_KVM_MSI=y +CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y CONFIG_VIRTUALIZATION=y CONFIG_KVM=m CONFIG_KVM_INTEL=m @@ -5544,6 +5648,7 @@ CONFIG_GENERIC_FIND_FIRST_BIT=y CONFIG_GENERIC_PCI_IOMAP=y CONFIG_GENERIC_IOMAP=y CONFIG_GENERIC_IO=y +CONFIG_PERCPU_RWSEM=y CONFIG_CRC_CCITT=m CONFIG_CRC16=m CONFIG_CRC_T10DIF=m @@ -5595,5 +5700,8 @@ CONFIG_NLATTR=y CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y CONFIG_LRU_CACHE=m CONFIG_AVERAGE=y +CONFIG_CLZ_TAB=y CONFIG_CORDIC=m CONFIG_DDR=y +CONFIG_MPILIB=m +CONFIG_OID_REGISTRY=m diff --git a/main/linux-grsec/patch-3.6.11-al5.patch b/main/linux-grsec/patch-3.6.11-al5.patch deleted file mode 100644 index 87941ad573..0000000000 --- a/main/linux-grsec/patch-3.6.11-al5.patch +++ /dev/null @@ -1,17815 +0,0 @@ -diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index ad7e2e5..15199ed 100644 ---- a/Documentation/kernel-parameters.txt -+++ b/Documentation/kernel-parameters.txt -@@ -570,6 +570,8 @@ bytes respectively. Such letter suffixes can also be entirely omitted. - UART at the specified I/O port or MMIO address, - switching to the matching ttyS device later. The - options are the same as for ttyS, above. -+ hvc<n> Use the hypervisor console device <n>. This is for -+ both Xen and PowerPC hypervisors. - - If the device connected to the port is not a TTY but a braille - device, prepend "brl," before the device type, for instance -@@ -760,6 +762,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted. - - earlyprintk= [X86,SH,BLACKFIN] - earlyprintk=vga -+ earlyprintk=xen - earlyprintk=serial[,ttySn[,baudrate]] - earlyprintk=ttySn[,baudrate] - earlyprintk=dbgp[debugController#] -@@ -777,6 +780,8 @@ bytes respectively. Such letter suffixes can also be entirely omitted. - The VGA output is eventually overwritten by the real - console. - -+ The xen output can only be used by Xen PV guests. -+ - ekgdboc= [X86,KGDB] Allow early kernel console debugging - ekgdboc=kbd - -diff --git a/MAINTAINERS b/MAINTAINERS -index 9a6c4da..61ed6f7 100644 ---- a/MAINTAINERS -+++ b/MAINTAINERS -@@ -2697,7 +2697,7 @@ S: Maintained - F: drivers/net/ethernet/i825xx/eexpress.* - - ETHERNET BRIDGE --M: Stephen Hemminger <shemminger@vyatta.com> -+M: Stephen Hemminger <stephen@networkplumber.org> - L: bridge@lists.linux-foundation.org - L: netdev@vger.kernel.org - W: http://www.linuxfoundation.org/en/Net:Bridge -@@ -4420,7 +4420,7 @@ S: Maintained - - MARVELL GIGABIT ETHERNET DRIVERS (skge/sky2) - M: Mirko Lindner <mlindner@marvell.com> --M: Stephen Hemminger <shemminger@vyatta.com> -+M: Stephen Hemminger <stephen@networkplumber.org> - L: netdev@vger.kernel.org - S: Maintained - F: drivers/net/ethernet/marvell/sk* -@@ -4664,7 +4664,7 @@ S: Supported - F: drivers/infiniband/hw/nes/ - - NETEM NETWORK EMULATOR --M: Stephen Hemminger <shemminger@vyatta.com> -+M: Stephen Hemminger <stephen@networkplumber.org> - L: netem@lists.linux-foundation.org - S: Maintained - F: net/sched/sch_netem.c -diff --git a/arch/arm/kernel/sched_clock.c b/arch/arm/kernel/sched_clock.c -index f451539..63bc22c 100644 ---- a/arch/arm/kernel/sched_clock.c -+++ b/arch/arm/kernel/sched_clock.c -@@ -89,11 +89,11 @@ static void notrace update_sched_clock(void) - * detectable in cyc_to_fixed_sched_clock(). - */ - raw_local_irq_save(flags); -- cd.epoch_cyc = cyc; -+ cd.epoch_cyc_copy = cyc; - smp_wmb(); - cd.epoch_ns = ns; - smp_wmb(); -- cd.epoch_cyc_copy = cyc; -+ cd.epoch_cyc = cyc; - raw_local_irq_restore(flags); - } - -diff --git a/arch/arm/kernel/swp_emulate.c b/arch/arm/kernel/swp_emulate.c -index df74518..ab1017b 100644 ---- a/arch/arm/kernel/swp_emulate.c -+++ b/arch/arm/kernel/swp_emulate.c -@@ -109,10 +109,12 @@ static void set_segfault(struct pt_regs *regs, unsigned long addr) - { - siginfo_t info; - -+ down_read(¤t->mm->mmap_sem); - if (find_vma(current->mm, addr) == NULL) - info.si_code = SEGV_MAPERR; - else - info.si_code = SEGV_ACCERR; -+ up_read(¤t->mm->mmap_sem); - - info.si_signo = SIGSEGV; - info.si_errno = 0; -diff --git a/arch/arm/mach-at91/setup.c b/arch/arm/mach-at91/setup.c -index bd0e88c..c2ff99c 100644 ---- a/arch/arm/mach-at91/setup.c -+++ b/arch/arm/mach-at91/setup.c -@@ -104,6 +104,8 @@ static void __init soc_detect(u32 dbgu_base) - switch (socid) { - case ARCH_ID_AT91RM9200: - at91_soc_initdata.type = AT91_SOC_RM9200; -+ if (at91_soc_initdata.subtype == AT91_SOC_SUBTYPE_NONE) -+ at91_soc_initdata.subtype = AT91_SOC_RM9200_BGA; - at91_boot_soc = at91rm9200_soc; - break; - -diff --git a/arch/arm/mach-pxa/include/mach/mfp-pxa27x.h b/arch/arm/mach-pxa/include/mach/mfp-pxa27x.h -index a611ad3..b6132aa 100644 ---- a/arch/arm/mach-pxa/include/mach/mfp-pxa27x.h -+++ b/arch/arm/mach-pxa/include/mach/mfp-pxa27x.h -@@ -463,6 +463,9 @@ - GPIO76_LCD_PCLK, \ - GPIO77_LCD_BIAS - -+/* these enable a work-around for a hw bug in pxa27x during ac97 warm reset */ -+#define GPIO113_AC97_nRESET_GPIO_HIGH MFP_CFG_OUT(GPIO113, AF0, DEFAULT) -+#define GPIO95_AC97_nRESET_GPIO_HIGH MFP_CFG_OUT(GPIO95, AF0, DEFAULT) - - extern int keypad_set_wake(unsigned int on); - #endif /* __ASM_ARCH_MFP_PXA27X_H */ -diff --git a/arch/arm/mach-pxa/include/mach/smemc.h b/arch/arm/mach-pxa/include/mach/smemc.h -index b7de471..b802f28 100644 ---- a/arch/arm/mach-pxa/include/mach/smemc.h -+++ b/arch/arm/mach-pxa/include/mach/smemc.h -@@ -37,6 +37,7 @@ - #define CSADRCFG1 (SMEMC_VIRT + 0x84) /* Address Configuration Register for CS1 */ - #define CSADRCFG2 (SMEMC_VIRT + 0x88) /* Address Configuration Register for CS2 */ - #define CSADRCFG3 (SMEMC_VIRT + 0x8C) /* Address Configuration Register for CS3 */ -+#define CSMSADRCFG (SMEMC_VIRT + 0xA0) /* Chip Select Configuration Register */ - - /* - * More handy macros for PCMCIA -diff --git a/arch/arm/mach-pxa/pxa27x.c b/arch/arm/mach-pxa/pxa27x.c -index 4726c24..a2fe795 100644 ---- a/arch/arm/mach-pxa/pxa27x.c -+++ b/arch/arm/mach-pxa/pxa27x.c -@@ -47,9 +47,9 @@ void pxa27x_clear_otgph(void) - EXPORT_SYMBOL(pxa27x_clear_otgph); - - static unsigned long ac97_reset_config[] = { -- GPIO113_GPIO, -+ GPIO113_AC97_nRESET_GPIO_HIGH, - GPIO113_AC97_nRESET, -- GPIO95_GPIO, -+ GPIO95_AC97_nRESET_GPIO_HIGH, - GPIO95_AC97_nRESET, - }; - -diff --git a/arch/arm/mach-pxa/smemc.c b/arch/arm/mach-pxa/smemc.c -index 7992305..f38aa89 100644 ---- a/arch/arm/mach-pxa/smemc.c -+++ b/arch/arm/mach-pxa/smemc.c -@@ -40,6 +40,8 @@ static void pxa3xx_smemc_resume(void) - __raw_writel(csadrcfg[1], CSADRCFG1); - __raw_writel(csadrcfg[2], CSADRCFG2); - __raw_writel(csadrcfg[3], CSADRCFG3); -+ /* CSMSADRCFG wakes up in its default state (0), so we need to set it */ -+ __raw_writel(0x2, CSMSADRCFG); - } - - static struct syscore_ops smemc_syscore_ops = { -@@ -49,8 +51,19 @@ static struct syscore_ops smemc_syscore_ops = { - - static int __init smemc_init(void) - { -- if (cpu_is_pxa3xx()) -+ if (cpu_is_pxa3xx()) { -+ /* -+ * The only documentation we have on the -+ * Chip Select Configuration Register (CSMSADRCFG) is that -+ * it must be programmed to 0x2. -+ * Moreover, in the bit definitions, the second bit -+ * (CSMSADRCFG[1]) is called "SETALWAYS". -+ * Other bits are reserved in this register. -+ */ -+ __raw_writel(0x2, CSMSADRCFG); -+ - register_syscore_ops(&smemc_syscore_ops); -+ } - - return 0; - } -diff --git a/arch/arm/mach-realview/include/mach/board-eb.h b/arch/arm/mach-realview/include/mach/board-eb.h -index 124bce6..a301e61 100644 ---- a/arch/arm/mach-realview/include/mach/board-eb.h -+++ b/arch/arm/mach-realview/include/mach/board-eb.h -@@ -47,7 +47,7 @@ - #define REALVIEW_EB_USB_BASE 0x4F000000 /* USB */ - - #ifdef CONFIG_REALVIEW_EB_ARM11MP_REVB --#define REALVIEW_EB11MP_PRIV_MEM_BASE 0x1F000000 -+#define REALVIEW_EB11MP_PRIV_MEM_BASE 0x10100000 - #define REALVIEW_EB11MP_L220_BASE 0x10102000 /* L220 registers */ - #define REALVIEW_EB11MP_SYS_PLD_CTRL1 0xD8 /* Register offset for MPCore sysctl */ - #else -diff --git a/arch/arm/mach-s3c24xx/include/mach/debug-macro.S b/arch/arm/mach-s3c24xx/include/mach/debug-macro.S -index 4135de8..13ed33c 100644 ---- a/arch/arm/mach-s3c24xx/include/mach/debug-macro.S -+++ b/arch/arm/mach-s3c24xx/include/mach/debug-macro.S -@@ -40,17 +40,17 @@ - addeq \rd, \rx, #(S3C24XX_PA_GPIO - S3C24XX_PA_UART) - addne \rd, \rx, #(S3C24XX_VA_GPIO - S3C24XX_VA_UART) - bic \rd, \rd, #0xff000 -- ldr \rd, [ \rd, # S3C2410_GSTATUS1 - S3C2410_GPIOREG(0) ] -+ ldr \rd, [\rd, # S3C2410_GSTATUS1 - S3C2410_GPIOREG(0)] - and \rd, \rd, #0x00ff0000 - teq \rd, #0x00440000 @ is it 2440? - 1004: -- ldr \rd, [ \rx, # S3C2410_UFSTAT ] -+ ldr \rd, [\rx, # S3C2410_UFSTAT] - moveq \rd, \rd, lsr #SHIFT_2440TXF - tst \rd, #S3C2410_UFSTAT_TXFULL - .endm - - .macro fifo_full_s3c2410 rd, rx -- ldr \rd, [ \rx, # S3C2410_UFSTAT ] -+ ldr \rd, [\rx, # S3C2410_UFSTAT] - tst \rd, #S3C2410_UFSTAT_TXFULL - .endm - -@@ -68,18 +68,18 @@ - addeq \rd, \rx, #(S3C24XX_PA_GPIO - S3C24XX_PA_UART) - addne \rd, \rx, #(S3C24XX_VA_GPIO - S3C24XX_VA_UART) - bic \rd, \rd, #0xff000 -- ldr \rd, [ \rd, # S3C2410_GSTATUS1 - S3C2410_GPIOREG(0) ] -+ ldr \rd, [\rd, # S3C2410_GSTATUS1 - S3C2410_GPIOREG(0)] - and \rd, \rd, #0x00ff0000 - teq \rd, #0x00440000 @ is it 2440? - - 10000: -- ldr \rd, [ \rx, # S3C2410_UFSTAT ] -+ ldr \rd, [\rx, # S3C2410_UFSTAT] - andne \rd, \rd, #S3C2410_UFSTAT_TXMASK - andeq \rd, \rd, #S3C2440_UFSTAT_TXMASK - .endm - - .macro fifo_level_s3c2410 rd, rx -- ldr \rd, [ \rx, # S3C2410_UFSTAT ] -+ ldr \rd, [\rx, # S3C2410_UFSTAT] - and \rd, \rd, #S3C2410_UFSTAT_TXMASK - .endm - -diff --git a/arch/arm/mach-s3c24xx/include/mach/entry-macro.S b/arch/arm/mach-s3c24xx/include/mach/entry-macro.S -index 7615a14..6a21bee 100644 ---- a/arch/arm/mach-s3c24xx/include/mach/entry-macro.S -+++ b/arch/arm/mach-s3c24xx/include/mach/entry-macro.S -@@ -31,10 +31,10 @@ - - @@ try the interrupt offset register, since it is there - -- ldr \irqstat, [ \base, #INTPND ] -+ ldr \irqstat, [\base, #INTPND ] - teq \irqstat, #0 - beq 1002f -- ldr \irqnr, [ \base, #INTOFFSET ] -+ ldr \irqnr, [\base, #INTOFFSET ] - mov \tmp, #1 - tst \irqstat, \tmp, lsl \irqnr - bne 1001f -diff --git a/arch/arm/mach-s3c24xx/pm-h1940.S b/arch/arm/mach-s3c24xx/pm-h1940.S -index c93bf2d..6183a68 100644 ---- a/arch/arm/mach-s3c24xx/pm-h1940.S -+++ b/arch/arm/mach-s3c24xx/pm-h1940.S -@@ -30,4 +30,4 @@ - - h1940_pm_return: - mov r0, #S3C2410_PA_GPIO -- ldr pc, [ r0, #S3C2410_GSTATUS3 - S3C24XX_VA_GPIO ] -+ ldr pc, [r0, #S3C2410_GSTATUS3 - S3C24XX_VA_GPIO] -diff --git a/arch/arm/mach-s3c24xx/sleep-s3c2410.S b/arch/arm/mach-s3c24xx/sleep-s3c2410.S -index dd5b638..65200ae 100644 ---- a/arch/arm/mach-s3c24xx/sleep-s3c2410.S -+++ b/arch/arm/mach-s3c24xx/sleep-s3c2410.S -@@ -45,9 +45,9 @@ ENTRY(s3c2410_cpu_suspend) - ldr r4, =S3C2410_REFRESH - ldr r5, =S3C24XX_MISCCR - ldr r6, =S3C2410_CLKCON -- ldr r7, [ r4 ] @ get REFRESH (and ensure in TLB) -- ldr r8, [ r5 ] @ get MISCCR (and ensure in TLB) -- ldr r9, [ r6 ] @ get CLKCON (and ensure in TLB) -+ ldr r7, [r4] @ get REFRESH (and ensure in TLB) -+ ldr r8, [r5] @ get MISCCR (and ensure in TLB) -+ ldr r9, [r6] @ get CLKCON (and ensure in TLB) - - orr r7, r7, #S3C2410_REFRESH_SELF @ SDRAM sleep command - orr r8, r8, #S3C2410_MISCCR_SDSLEEP @ SDRAM power-down signals -@@ -61,8 +61,8 @@ ENTRY(s3c2410_cpu_suspend) - @@ align next bit of code to cache line - .align 5 - s3c2410_do_sleep: -- streq r7, [ r4 ] @ SDRAM sleep command -- streq r8, [ r5 ] @ SDRAM power-down config -- streq r9, [ r6 ] @ CPU sleep -+ streq r7, [r4] @ SDRAM sleep command -+ streq r8, [r5] @ SDRAM power-down config -+ streq r9, [r6] @ CPU sleep - 1: beq 1b - mov pc, r14 -diff --git a/arch/arm/mach-s3c24xx/sleep-s3c2412.S b/arch/arm/mach-s3c24xx/sleep-s3c2412.S -index c82418e..5adaceb 100644 ---- a/arch/arm/mach-s3c24xx/sleep-s3c2412.S -+++ b/arch/arm/mach-s3c24xx/sleep-s3c2412.S -@@ -57,12 +57,12 @@ s3c2412_sleep_enter1: - * retry, as simply returning causes the system to lock. - */ - -- ldrne r9, [ r1 ] -- strne r9, [ r1 ] -- ldrne r9, [ r2 ] -- strne r9, [ r2 ] -- ldrne r9, [ r3 ] -- strne r9, [ r3 ] -+ ldrne r9, [r1] -+ strne r9, [r1] -+ ldrne r9, [r2] -+ strne r9, [r2] -+ ldrne r9, [r3] -+ strne r9, [r3] - bne s3c2412_sleep_enter1 - - mov pc, r14 -diff --git a/arch/arm/mm/dma-mapping.c b/arch/arm/mm/dma-mapping.c -index 13f555d..357fc03 100644 ---- a/arch/arm/mm/dma-mapping.c -+++ b/arch/arm/mm/dma-mapping.c -@@ -729,25 +729,27 @@ static void dma_cache_maint_page(struct page *page, unsigned long offset, - size_t size, enum dma_data_direction dir, - void (*op)(const void *, size_t, int)) - { -+ unsigned long pfn; -+ size_t left = size; -+ -+ pfn = page_to_pfn(page) + offset / PAGE_SIZE; -+ offset %= PAGE_SIZE; -+ - /* - * A single sg entry may refer to multiple physically contiguous - * pages. But we still need to process highmem pages individually. - * If highmem is not configured then the bulk of this loop gets - * optimized out. - */ -- size_t left = size; - do { - size_t len = left; - void *vaddr; - -+ page = pfn_to_page(pfn); -+ - if (PageHighMem(page)) { -- if (len + offset > PAGE_SIZE) { -- if (offset >= PAGE_SIZE) { -- page += offset / PAGE_SIZE; -- offset %= PAGE_SIZE; -- } -+ if (len + offset > PAGE_SIZE) - len = PAGE_SIZE - offset; -- } - vaddr = kmap_high_get(page); - if (vaddr) { - vaddr += offset; -@@ -764,7 +766,7 @@ static void dma_cache_maint_page(struct page *page, unsigned long offset, - op(vaddr, len, dir); - } - offset = 0; -- page++; -+ pfn++; - left -= len; - } while (left); - } -diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c -index c2fa21d..b68b531 100644 ---- a/arch/arm/mm/mmu.c -+++ b/arch/arm/mm/mmu.c -@@ -498,7 +498,7 @@ static void __init build_mem_type_table(void) - #endif - - for (i = 0; i < 16; i++) { -- unsigned long v = pgprot_val(protection_map[i]); -+ pteval_t v = pgprot_val(protection_map[i]); - protection_map[i] = __pgprot(v | user_pgprot); - } - -diff --git a/arch/arm/plat-samsung/include/plat/debug-macro.S b/arch/arm/plat-samsung/include/plat/debug-macro.S -index 207e275..f3a9cff 100644 ---- a/arch/arm/plat-samsung/include/plat/debug-macro.S -+++ b/arch/arm/plat-samsung/include/plat/debug-macro.S -@@ -14,12 +14,12 @@ - /* The S5PV210/S5PC110 implementations are as belows. */ - - .macro fifo_level_s5pv210 rd, rx -- ldr \rd, [ \rx, # S3C2410_UFSTAT ] -+ ldr \rd, [\rx, # S3C2410_UFSTAT] - and \rd, \rd, #S5PV210_UFSTAT_TXMASK - .endm - - .macro fifo_full_s5pv210 rd, rx -- ldr \rd, [ \rx, # S3C2410_UFSTAT ] -+ ldr \rd, [\rx, # S3C2410_UFSTAT] - tst \rd, #S5PV210_UFSTAT_TXFULL - .endm - -@@ -27,7 +27,7 @@ - * most widely re-used */ - - .macro fifo_level_s3c2440 rd, rx -- ldr \rd, [ \rx, # S3C2410_UFSTAT ] -+ ldr \rd, [\rx, # S3C2410_UFSTAT] - and \rd, \rd, #S3C2440_UFSTAT_TXMASK - .endm - -@@ -36,7 +36,7 @@ - #endif - - .macro fifo_full_s3c2440 rd, rx -- ldr \rd, [ \rx, # S3C2410_UFSTAT ] -+ ldr \rd, [\rx, # S3C2410_UFSTAT] - tst \rd, #S3C2440_UFSTAT_TXFULL - .endm - -@@ -45,11 +45,11 @@ - #endif - - .macro senduart,rd,rx -- strb \rd, [\rx, # S3C2410_UTXH ] -+ strb \rd, [\rx, # S3C2410_UTXH] - .endm - - .macro busyuart, rd, rx -- ldr \rd, [ \rx, # S3C2410_UFCON ] -+ ldr \rd, [\rx, # S3C2410_UFCON] - tst \rd, #S3C2410_UFCON_FIFOMODE @ fifo enabled? - beq 1001f @ - @ FIFO enabled... -@@ -60,7 +60,7 @@ - - 1001: - @ busy waiting for non fifo -- ldr \rd, [ \rx, # S3C2410_UTRSTAT ] -+ ldr \rd, [\rx, # S3C2410_UTRSTAT] - tst \rd, #S3C2410_UTRSTAT_TXFE - beq 1001b - -@@ -68,7 +68,7 @@ - .endm - - .macro waituart,rd,rx -- ldr \rd, [ \rx, # S3C2410_UFCON ] -+ ldr \rd, [\rx, # S3C2410_UFCON] - tst \rd, #S3C2410_UFCON_FIFOMODE @ fifo enabled? - beq 1001f @ - @ FIFO enabled... -@@ -79,7 +79,7 @@ - b 1002f - 1001: - @ idle waiting for non fifo -- ldr \rd, [ \rx, # S3C2410_UTRSTAT ] -+ ldr \rd, [\rx, # S3C2410_UTRSTAT] - tst \rd, #S3C2410_UTRSTAT_TXFE - beq 1001b - -diff --git a/arch/arm/vfp/entry.S b/arch/arm/vfp/entry.S -index cc926c9..323ce1a 100644 ---- a/arch/arm/vfp/entry.S -+++ b/arch/arm/vfp/entry.S -@@ -22,7 +22,7 @@ - @ IRQs disabled. - @ - ENTRY(do_vfp) --#ifdef CONFIG_PREEMPT -+#ifdef CONFIG_PREEMPT_COUNT - ldr r4, [r10, #TI_PREEMPT] @ get preempt count - add r11, r4, #1 @ increment it - str r11, [r10, #TI_PREEMPT] -@@ -35,7 +35,7 @@ ENTRY(do_vfp) - ENDPROC(do_vfp) - - ENTRY(vfp_null_entry) --#ifdef CONFIG_PREEMPT -+#ifdef CONFIG_PREEMPT_COUNT - get_thread_info r10 - ldr r4, [r10, #TI_PREEMPT] @ get preempt count - sub r11, r4, #1 @ decrement it -@@ -53,7 +53,7 @@ ENDPROC(vfp_null_entry) - - __INIT - ENTRY(vfp_testing_entry) --#ifdef CONFIG_PREEMPT -+#ifdef CONFIG_PREEMPT_COUNT - get_thread_info r10 - ldr r4, [r10, #TI_PREEMPT] @ get preempt count - sub r11, r4, #1 @ decrement it -diff --git a/arch/arm/vfp/vfphw.S b/arch/arm/vfp/vfphw.S -index ea0349f..dd5e56f 100644 ---- a/arch/arm/vfp/vfphw.S -+++ b/arch/arm/vfp/vfphw.S -@@ -168,7 +168,7 @@ vfp_hw_state_valid: - @ else it's one 32-bit instruction, so - @ always subtract 4 from the following - @ instruction address. --#ifdef CONFIG_PREEMPT -+#ifdef CONFIG_PREEMPT_COUNT - get_thread_info r10 - ldr r4, [r10, #TI_PREEMPT] @ get preempt count - sub r11, r4, #1 @ decrement it -@@ -192,7 +192,7 @@ look_for_VFP_exceptions: - @ not recognised by VFP - - DBGSTR "not VFP" --#ifdef CONFIG_PREEMPT -+#ifdef CONFIG_PREEMPT_COUNT - get_thread_info r10 - ldr r4, [r10, #TI_PREEMPT] @ get preempt count - sub r11, r4, #1 @ decrement it -diff --git a/arch/cris/include/asm/io.h b/arch/cris/include/asm/io.h -index 32567bc..ac12ae2 100644 ---- a/arch/cris/include/asm/io.h -+++ b/arch/cris/include/asm/io.h -@@ -133,12 +133,39 @@ static inline void writel(unsigned int b, volatile void __iomem *addr) - #define insb(port,addr,count) (cris_iops ? cris_iops->read_io(port,addr,1,count) : 0) - #define insw(port,addr,count) (cris_iops ? cris_iops->read_io(port,addr,2,count) : 0) - #define insl(port,addr,count) (cris_iops ? cris_iops->read_io(port,addr,4,count) : 0) --#define outb(data,port) if (cris_iops) cris_iops->write_io(port,(void*)(unsigned)data,1,1) --#define outw(data,port) if (cris_iops) cris_iops->write_io(port,(void*)(unsigned)data,2,1) --#define outl(data,port) if (cris_iops) cris_iops->write_io(port,(void*)(unsigned)data,4,1) --#define outsb(port,addr,count) if(cris_iops) cris_iops->write_io(port,(void*)addr,1,count) --#define outsw(port,addr,count) if(cris_iops) cris_iops->write_io(port,(void*)addr,2,count) --#define outsl(port,addr,count) if(cris_iops) cris_iops->write_io(port,(void*)addr,3,count) -+static inline void outb(unsigned char data, unsigned int port) -+{ -+ if (cris_iops) -+ cris_iops->write_io(port, (void *) &data, 1, 1); -+} -+static inline void outw(unsigned short data, unsigned int port) -+{ -+ if (cris_iops) -+ cris_iops->write_io(port, (void *) &data, 2, 1); -+} -+static inline void outl(unsigned int data, unsigned int port) -+{ -+ if (cris_iops) -+ cris_iops->write_io(port, (void *) &data, 4, 1); -+} -+static inline void outsb(unsigned int port, const void *addr, -+ unsigned long count) -+{ -+ if (cris_iops) -+ cris_iops->write_io(port, (void *)addr, 1, count); -+} -+static inline void outsw(unsigned int port, const void *addr, -+ unsigned long count) -+{ -+ if (cris_iops) -+ cris_iops->write_io(port, (void *)addr, 2, count); -+} -+static inline void outsl(unsigned int port, const void *addr, -+ unsigned long count) -+{ -+ if (cris_iops) -+ cris_iops->write_io(port, (void *)addr, 4, count); -+} - - /* - * Convert a physical pointer to a virtual kernel pointer for /dev/mem -diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c -index e9a5fd7..69b17a9 100644 ---- a/arch/mips/kernel/process.c -+++ b/arch/mips/kernel/process.c -@@ -72,9 +72,7 @@ void __noreturn cpu_idle(void) - } - } - #ifdef CONFIG_HOTPLUG_CPU -- if (!cpu_online(cpu) && !cpu_isset(cpu, cpu_callin_map) && -- (system_state == SYSTEM_RUNNING || -- system_state == SYSTEM_BOOTING)) -+ if (!cpu_online(cpu) && !cpu_isset(cpu, cpu_callin_map)) - play_dead(); - #endif - rcu_idle_exit(); -diff --git a/arch/parisc/include/asm/pgtable.h b/arch/parisc/include/asm/pgtable.h -index ee99f23..7df49fa 100644 ---- a/arch/parisc/include/asm/pgtable.h -+++ b/arch/parisc/include/asm/pgtable.h -@@ -12,11 +12,10 @@ - - #include <linux/bitops.h> - #include <linux/spinlock.h> -+#include <linux/mm_types.h> - #include <asm/processor.h> - #include <asm/cache.h> - --struct vm_area_struct; -- - /* - * kern_addr_valid(ADDR) tests if ADDR is pointing to valid kernel - * memory. For the return value to be meaningful, ADDR must be >= -@@ -40,7 +39,14 @@ struct vm_area_struct; - do{ \ - *(pteptr) = (pteval); \ - } while(0) --#define set_pte_at(mm,addr,ptep,pteval) set_pte(ptep,pteval) -+ -+extern void purge_tlb_entries(struct mm_struct *, unsigned long); -+ -+#define set_pte_at(mm, addr, ptep, pteval) \ -+ do { \ -+ set_pte(ptep, pteval); \ -+ purge_tlb_entries(mm, addr); \ -+ } while (0) - - #endif /* !__ASSEMBLY__ */ - -@@ -466,6 +472,7 @@ static inline void ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, - old = pte_val(*ptep); - new = pte_val(pte_wrprotect(__pte (old))); - } while (cmpxchg((unsigned long *) ptep, old, new) != old); -+ purge_tlb_entries(mm, addr); - #else - pte_t old_pte = *ptep; - set_pte_at(mm, addr, ptep, pte_wrprotect(old_pte)); -diff --git a/arch/parisc/kernel/cache.c b/arch/parisc/kernel/cache.c -index 9d18189..fa21463 100644 ---- a/arch/parisc/kernel/cache.c -+++ b/arch/parisc/kernel/cache.c -@@ -420,6 +420,24 @@ void kunmap_parisc(void *addr) - EXPORT_SYMBOL(kunmap_parisc); - #endif - -+void purge_tlb_entries(struct mm_struct *mm, unsigned long addr) -+{ -+ unsigned long flags; -+ -+ /* Note: purge_tlb_entries can be called at startup with -+ no context. */ -+ -+ /* Disable preemption while we play with %sr1. */ -+ preempt_disable(); -+ mtsp(mm->context, 1); -+ purge_tlb_start(flags); -+ pdtlb(addr); -+ pitlb(addr); -+ purge_tlb_end(flags); -+ preempt_enable(); -+} -+EXPORT_SYMBOL(purge_tlb_entries); -+ - void __flush_tlb_range(unsigned long sid, unsigned long start, - unsigned long end) - { -diff --git a/arch/powerpc/kernel/head_64.S b/arch/powerpc/kernel/head_64.S -index 58bddee..9e07bd0 100644 ---- a/arch/powerpc/kernel/head_64.S -+++ b/arch/powerpc/kernel/head_64.S -@@ -422,7 +422,7 @@ _STATIC(__after_prom_start) - tovirt(r6,r6) /* on booke, we already run at PAGE_OFFSET */ - #endif - --#ifdef CONFIG_CRASH_DUMP -+#ifdef CONFIG_RELOCATABLE - /* - * Check if the kernel has to be running as relocatable kernel based on the - * variable __run_at_load, if it is set the kernel is treated as relocatable -diff --git a/arch/powerpc/kernel/machine_kexec_64.c b/arch/powerpc/kernel/machine_kexec_64.c -index d7f6090..39833e0 100644 ---- a/arch/powerpc/kernel/machine_kexec_64.c -+++ b/arch/powerpc/kernel/machine_kexec_64.c -@@ -162,6 +162,8 @@ static int kexec_all_irq_disabled = 0; - static void kexec_smp_down(void *arg) - { - local_irq_disable(); -+ hard_irq_disable(); -+ - mb(); /* make sure our irqs are disabled before we say they are */ - get_paca()->kexec_state = KEXEC_STATE_IRQS_OFF; - while(kexec_all_irq_disabled == 0) -@@ -244,6 +246,8 @@ static void kexec_prepare_cpus(void) - wake_offline_cpus(); - smp_call_function(kexec_smp_down, NULL, /* wait */0); - local_irq_disable(); -+ hard_irq_disable(); -+ - mb(); /* make sure IRQs are disabled before we say they are */ - get_paca()->kexec_state = KEXEC_STATE_IRQS_OFF; - -@@ -281,6 +285,7 @@ static void kexec_prepare_cpus(void) - if (ppc_md.kexec_cpu_down) - ppc_md.kexec_cpu_down(0, 0); - local_irq_disable(); -+ hard_irq_disable(); - } - - #endif /* SMP */ -diff --git a/arch/powerpc/kernel/time.c b/arch/powerpc/kernel/time.c -index e49e931..5395666 100644 ---- a/arch/powerpc/kernel/time.c -+++ b/arch/powerpc/kernel/time.c -@@ -759,13 +759,8 @@ void update_vsyscall(struct timespec *wall_time, struct timespec *wtm, - - void update_vsyscall_tz(void) - { -- /* Make userspace gettimeofday spin until we're done. */ -- ++vdso_data->tb_update_count; -- smp_mb(); - vdso_data->tz_minuteswest = sys_tz.tz_minuteswest; - vdso_data->tz_dsttime = sys_tz.tz_dsttime; -- smp_mb(); -- ++vdso_data->tb_update_count; - } - - static void __init clocksource_init(void) -diff --git a/arch/powerpc/kvm/44x_emulate.c b/arch/powerpc/kvm/44x_emulate.c -index c8c6157..c39cd0b 100644 ---- a/arch/powerpc/kvm/44x_emulate.c -+++ b/arch/powerpc/kvm/44x_emulate.c -@@ -76,6 +76,7 @@ int kvmppc_core_emulate_op(struct kvm_run *run, struct kvm_vcpu *vcpu, - run->dcr.dcrn = dcrn; - run->dcr.data = 0; - run->dcr.is_write = 0; -+ vcpu->arch.dcr_is_write = 0; - vcpu->arch.io_gpr = rt; - vcpu->arch.dcr_needed = 1; - kvmppc_account_exit(vcpu, DCR_EXITS); -@@ -94,6 +95,7 @@ int kvmppc_core_emulate_op(struct kvm_run *run, struct kvm_vcpu *vcpu, - run->dcr.dcrn = dcrn; - run->dcr.data = kvmppc_get_gpr(vcpu, rs); - run->dcr.is_write = 1; -+ vcpu->arch.dcr_is_write = 1; - vcpu->arch.dcr_needed = 1; - kvmppc_account_exit(vcpu, DCR_EXITS); - emulated = EMULATE_DO_DCR; -diff --git a/arch/powerpc/platforms/40x/ppc40x_simple.c b/arch/powerpc/platforms/40x/ppc40x_simple.c -index 9761206..f0eee75 100644 ---- a/arch/powerpc/platforms/40x/ppc40x_simple.c -+++ b/arch/powerpc/platforms/40x/ppc40x_simple.c -@@ -57,7 +57,8 @@ static const char *board[] __initdata = { - "amcc,makalu", - "apm,klondike", - "est,hotfoot", -- "plathome,obs600" -+ "plathome,obs600", -+ NULL - }; - - static int __init ppc40x_probe(void) -diff --git a/arch/s390/include/asm/timex.h b/arch/s390/include/asm/timex.h -index fba4d66..4c060bb 100644 ---- a/arch/s390/include/asm/timex.h -+++ b/arch/s390/include/asm/timex.h -@@ -128,4 +128,32 @@ static inline unsigned long long get_clock_monotonic(void) - return get_clock_xt() - sched_clock_base_cc; - } - -+/** -+ * tod_to_ns - convert a TOD format value to nanoseconds -+ * @todval: to be converted TOD format value -+ * Returns: number of nanoseconds that correspond to the TOD format value -+ * -+ * Converting a 64 Bit TOD format value to nanoseconds means that the value -+ * must be divided by 4.096. In order to achieve that we multiply with 125 -+ * and divide by 512: -+ * -+ * ns = (todval * 125) >> 9; -+ * -+ * In order to avoid an overflow with the multiplication we can rewrite this. -+ * With a split todval == 2^32 * th + tl (th upper 32 bits, tl lower 32 bits) -+ * we end up with -+ * -+ * ns = ((2^32 * th + tl) * 125 ) >> 9; -+ * -> ns = (2^23 * th * 125) + ((tl * 125) >> 9); -+ * -+ */ -+static inline unsigned long long tod_to_ns(unsigned long long todval) -+{ -+ unsigned long long ns; -+ -+ ns = ((todval >> 32) << 23) * 125; -+ ns += ((todval & 0xffffffff) * 125) >> 9; -+ return ns; -+} -+ - #endif -diff --git a/arch/s390/kernel/time.c b/arch/s390/kernel/time.c -index dcec960..18c39ad 100644 ---- a/arch/s390/kernel/time.c -+++ b/arch/s390/kernel/time.c -@@ -63,7 +63,7 @@ static DEFINE_PER_CPU(struct clock_event_device, comparators); - */ - unsigned long long notrace __kprobes sched_clock(void) - { -- return (get_clock_monotonic() * 125) >> 9; -+ return tod_to_ns(get_clock_monotonic()); - } - - /* -@@ -120,6 +120,9 @@ static int s390_next_ktime(ktime_t expires, - nsecs = ktime_to_ns(ktime_add(timespec_to_ktime(ts), expires)); - do_div(nsecs, 125); - S390_lowcore.clock_comparator = sched_clock_base_cc + (nsecs << 9); -+ /* Program the maximum value if we have an overflow (== year 2042) */ -+ if (unlikely(S390_lowcore.clock_comparator < sched_clock_base_cc)) -+ S390_lowcore.clock_comparator = -1ULL; - set_clock_comparator(S390_lowcore.clock_comparator); - return 0; - } -diff --git a/arch/s390/kvm/interrupt.c b/arch/s390/kvm/interrupt.c -index b7bc1aa..a80b585 100644 ---- a/arch/s390/kvm/interrupt.c -+++ b/arch/s390/kvm/interrupt.c -@@ -390,7 +390,7 @@ int kvm_s390_handle_wait(struct kvm_vcpu *vcpu) - return 0; - } - -- sltime = ((vcpu->arch.sie_block->ckc - now)*125)>>9; -+ sltime = tod_to_ns(vcpu->arch.sie_block->ckc - now); - - hrtimer_start(&vcpu->arch.ckc_timer, ktime_set (0, sltime) , HRTIMER_MODE_REL); - VCPU_EVENT(vcpu, 5, "enabled wait via clock comparator: %llx ns", sltime); -diff --git a/arch/s390/kvm/kvm-s390.c b/arch/s390/kvm/kvm-s390.c -index d470ccb..ef49b98 100644 ---- a/arch/s390/kvm/kvm-s390.c -+++ b/arch/s390/kvm/kvm-s390.c -@@ -753,6 +753,14 @@ int kvm_s390_vcpu_store_status(struct kvm_vcpu *vcpu, unsigned long addr) - } else - prefix = 0; - -+ /* -+ * The guest FPRS and ACRS are in the host FPRS/ACRS due to the lazy -+ * copying in vcpu load/put. Lets update our copies before we save -+ * it into the save area -+ */ -+ save_fp_regs(&vcpu->arch.guest_fpregs); -+ save_access_regs(vcpu->run->s.regs.acrs); -+ - if (__guestcopy(vcpu, addr + offsetof(struct save_area, fp_regs), - vcpu->arch.guest_fpregs.fprs, 128, prefix)) - return -EFAULT; -diff --git a/arch/sh/include/asm/elf.h b/arch/sh/include/asm/elf.h -index f38112b..978b7fd 100644 ---- a/arch/sh/include/asm/elf.h -+++ b/arch/sh/include/asm/elf.h -@@ -202,9 +202,9 @@ extern void __kernel_vsyscall; - if (vdso_enabled) \ - NEW_AUX_ENT(AT_SYSINFO_EHDR, VDSO_BASE); \ - else \ -- NEW_AUX_ENT(AT_IGNORE, 0); -+ NEW_AUX_ENT(AT_IGNORE, 0) - #else --#define VSYSCALL_AUX_ENT -+#define VSYSCALL_AUX_ENT NEW_AUX_ENT(AT_IGNORE, 0) - #endif /* CONFIG_VSYSCALL */ - - #ifdef CONFIG_SH_FPU -diff --git a/arch/sparc/include/asm/hugetlb.h b/arch/sparc/include/asm/hugetlb.h -index 1770610..f368cef 100644 ---- a/arch/sparc/include/asm/hugetlb.h -+++ b/arch/sparc/include/asm/hugetlb.h -@@ -58,14 +58,20 @@ static inline pte_t huge_pte_wrprotect(pte_t pte) - static inline void huge_ptep_set_wrprotect(struct mm_struct *mm, - unsigned long addr, pte_t *ptep) - { -- ptep_set_wrprotect(mm, addr, ptep); -+ pte_t old_pte = *ptep; -+ set_huge_pte_at(mm, addr, ptep, pte_wrprotect(old_pte)); - } - - static inline int huge_ptep_set_access_flags(struct vm_area_struct *vma, - unsigned long addr, pte_t *ptep, - pte_t pte, int dirty) - { -- return ptep_set_access_flags(vma, addr, ptep, pte, dirty); -+ int changed = !pte_same(*ptep, pte); -+ if (changed) { -+ set_huge_pte_at(vma->vm_mm, addr, ptep, pte); -+ flush_tlb_page(vma, addr); -+ } -+ return changed; - } - - static inline pte_t huge_ptep_get(pte_t *ptep) -diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 50a1d1f..01897ac 100644 ---- a/arch/x86/Kconfig -+++ b/arch/x86/Kconfig -@@ -1246,10 +1246,6 @@ config NODES_SHIFT - Specify the maximum number of NUMA Nodes available on the target - system. Increases memory reserved to accommodate various tables. - --config HAVE_ARCH_ALLOC_REMAP -- def_bool y -- depends on X86_32 && NUMA -- - config ARCH_HAVE_MEMORY_PRESENT - def_bool y - depends on X86_32 && DISCONTIGMEM -diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S -index 20e5f7b..f6d477a 100644 ---- a/arch/x86/ia32/ia32entry.S -+++ b/arch/x86/ia32/ia32entry.S -@@ -204,7 +204,7 @@ sysexit_from_sys_call: - testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) - jnz ia32_ret_from_sys_call - TRACE_IRQS_ON -- sti -+ ENABLE_INTERRUPTS(CLBR_NONE) - movl %eax,%esi /* second arg, syscall return value */ - cmpl $-MAX_ERRNO,%eax /* is it an error ? */ - jbe 1f -@@ -214,7 +214,7 @@ sysexit_from_sys_call: - call __audit_syscall_exit - movq RAX-ARGOFFSET(%rsp),%rax /* reload syscall return value */ - movl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),%edi -- cli -+ DISABLE_INTERRUPTS(CLBR_NONE) - TRACE_IRQS_OFF - testl %edi,TI_flags+THREAD_INFO(%rsp,RIP-ARGOFFSET) - jz \exit -diff --git a/arch/x86/include/asm/efi.h b/arch/x86/include/asm/efi.h -index 029189d..da37433 100644 ---- a/arch/x86/include/asm/efi.h -+++ b/arch/x86/include/asm/efi.h -@@ -94,6 +94,7 @@ extern void __iomem *efi_ioremap(unsigned long addr, unsigned long size, - #endif /* CONFIG_X86_32 */ - - extern int add_efi_memmap; -+extern unsigned long x86_efi_facility; - extern void efi_set_executable(efi_memory_desc_t *md, bool executable); - extern int efi_memblock_x86_reserve_range(void); - extern void efi_call_phys_prelog(void); -diff --git a/arch/x86/include/asm/mmzone_32.h b/arch/x86/include/asm/mmzone_32.h -index eb05fb3..8a9b3e2 100644 ---- a/arch/x86/include/asm/mmzone_32.h -+++ b/arch/x86/include/asm/mmzone_32.h -@@ -14,12 +14,6 @@ extern struct pglist_data *node_data[]; - - #include <asm/numaq.h> - --extern void resume_map_numa_kva(pgd_t *pgd); -- --#else /* !CONFIG_NUMA */ -- --static inline void resume_map_numa_kva(pgd_t *pgd) {} -- - #endif /* CONFIG_NUMA */ - - #ifdef CONFIG_DISCONTIGMEM -diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index c3520d7..3f3dd52 100644 ---- a/arch/x86/include/asm/pgtable.h -+++ b/arch/x86/include/asm/pgtable.h -@@ -142,6 +142,11 @@ static inline unsigned long pmd_pfn(pmd_t pmd) - return (pmd_val(pmd) & PTE_PFN_MASK) >> PAGE_SHIFT; - } - -+static inline unsigned long pud_pfn(pud_t pud) -+{ -+ return (pud_val(pud) & PTE_PFN_MASK) >> PAGE_SHIFT; -+} -+ - #define pte_page(pte) pfn_to_page(pte_pfn(pte)) - - static inline int pmd_large(pmd_t pte) -diff --git a/arch/x86/kernel/apic/x2apic_phys.c b/arch/x86/kernel/apic/x2apic_phys.c -index e03a1e1..562a76d 100644 ---- a/arch/x86/kernel/apic/x2apic_phys.c -+++ b/arch/x86/kernel/apic/x2apic_phys.c -@@ -20,18 +20,19 @@ static int set_x2apic_phys_mode(char *arg) - } - early_param("x2apic_phys", set_x2apic_phys_mode); - --static int x2apic_acpi_madt_oem_check(char *oem_id, char *oem_table_id) -+static bool x2apic_fadt_phys(void) - { -- if (x2apic_phys) -- return x2apic_enabled(); -- else if ((acpi_gbl_FADT.header.revision >= FADT2_REVISION_ID) && -- (acpi_gbl_FADT.flags & ACPI_FADT_APIC_PHYSICAL) && -- x2apic_enabled()) { -+ if ((acpi_gbl_FADT.header.revision >= FADT2_REVISION_ID) && -+ (acpi_gbl_FADT.flags & ACPI_FADT_APIC_PHYSICAL)) { - printk(KERN_DEBUG "System requires x2apic physical mode\n"); -- return 1; -+ return true; - } -- else -- return 0; -+ return false; -+} -+ -+static int x2apic_acpi_madt_oem_check(char *oem_id, char *oem_table_id) -+{ -+ return x2apic_enabled() && (x2apic_phys || x2apic_fadt_phys()); - } - - static void -@@ -82,7 +83,7 @@ static void init_x2apic_ldr(void) - - static int x2apic_phys_probe(void) - { -- if (x2apic_mode && x2apic_phys) -+ if (x2apic_mode && (x2apic_phys || x2apic_fadt_phys())) - return 1; - - return apic == &apic_x2apic_phys; -diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c -index 0a630dd..646d192 100644 ---- a/arch/x86/kernel/cpu/mshyperv.c -+++ b/arch/x86/kernel/cpu/mshyperv.c -@@ -68,7 +68,8 @@ static void __init ms_hyperv_init_platform(void) - printk(KERN_INFO "HyperV: features 0x%x, hints 0x%x\n", - ms_hyperv.features, ms_hyperv.hints); - -- clocksource_register_hz(&hyperv_cs, NSEC_PER_SEC/100); -+ if (ms_hyperv.features & HV_X64_MSR_TIME_REF_COUNT_AVAILABLE) -+ clocksource_register_hz(&hyperv_cs, NSEC_PER_SEC/100); - } - - const __refconst struct hypervisor_x86 x86_hyper_ms_hyperv = { -diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index 8f8e8ee..2a6919e 100644 ---- a/arch/x86/kernel/entry_32.S -+++ b/arch/x86/kernel/entry_32.S -@@ -1065,7 +1065,6 @@ ENTRY(xen_failsafe_callback) - lea 16(%esp),%esp - CFI_ADJUST_CFA_OFFSET -16 - jz 5f -- addl $16,%esp - jmp iret_exc - 5: pushl_cfi $-1 /* orig_ax = -1 => not a system call */ - SAVE_ALL -diff --git a/arch/x86/kernel/head.c b/arch/x86/kernel/head.c -index 48d9d4e..992f442 100644 ---- a/arch/x86/kernel/head.c -+++ b/arch/x86/kernel/head.c -@@ -5,8 +5,6 @@ - #include <asm/setup.h> - #include <asm/bios_ebda.h> - --#define BIOS_LOWMEM_KILOBYTES 0x413 -- - /* - * The BIOS places the EBDA/XBDA at the top of conventional - * memory, and usually decreases the reported amount of -@@ -16,17 +14,30 @@ - * chipset: reserve a page before VGA to prevent PCI prefetch - * into it (errata #56). Usually the page is reserved anyways, - * unless you have no PS/2 mouse plugged in. -+ * -+ * This functions is deliberately very conservative. Losing -+ * memory in the bottom megabyte is rarely a problem, as long -+ * as we have enough memory to install the trampoline. Using -+ * memory that is in use by the BIOS or by some DMA device -+ * the BIOS didn't shut down *is* a big problem. - */ -+ -+#define BIOS_LOWMEM_KILOBYTES 0x413 -+#define LOWMEM_CAP 0x9f000U /* Absolute maximum */ -+#define INSANE_CUTOFF 0x20000U /* Less than this = insane */ -+ - void __init reserve_ebda_region(void) - { - unsigned int lowmem, ebda_addr; - -- /* To determine the position of the EBDA and the */ -- /* end of conventional memory, we need to look at */ -- /* the BIOS data area. In a paravirtual environment */ -- /* that area is absent. We'll just have to assume */ -- /* that the paravirt case can handle memory setup */ -- /* correctly, without our help. */ -+ /* -+ * To determine the position of the EBDA and the -+ * end of conventional memory, we need to look at -+ * the BIOS data area. In a paravirtual environment -+ * that area is absent. We'll just have to assume -+ * that the paravirt case can handle memory setup -+ * correctly, without our help. -+ */ - if (paravirt_enabled()) - return; - -@@ -37,19 +48,23 @@ void __init reserve_ebda_region(void) - /* start of EBDA area */ - ebda_addr = get_bios_ebda(); - -- /* Fixup: bios puts an EBDA in the top 64K segment */ -- /* of conventional memory, but does not adjust lowmem. */ -- if ((lowmem - ebda_addr) <= 0x10000) -- lowmem = ebda_addr; -+ /* -+ * Note: some old Dells seem to need 4k EBDA without -+ * reporting so, so just consider the memory above 0x9f000 -+ * to be off limits (bugzilla 2990). -+ */ -+ -+ /* If the EBDA address is below 128K, assume it is bogus */ -+ if (ebda_addr < INSANE_CUTOFF) -+ ebda_addr = LOWMEM_CAP; - -- /* Fixup: bios does not report an EBDA at all. */ -- /* Some old Dells seem to need 4k anyhow (bugzilla 2990) */ -- if ((ebda_addr == 0) && (lowmem >= 0x9f000)) -- lowmem = 0x9f000; -+ /* If lowmem is less than 128K, assume it is bogus */ -+ if (lowmem < INSANE_CUTOFF) -+ lowmem = LOWMEM_CAP; - -- /* Paranoia: should never happen, but... */ -- if ((lowmem == 0) || (lowmem >= 0x100000)) -- lowmem = 0x9f000; -+ /* Use the lower of the lowmem and EBDA markers as the cutoff */ -+ lowmem = min(lowmem, ebda_addr); -+ lowmem = min(lowmem, LOWMEM_CAP); /* Absolute cap */ - - /* reserve all memory between lowmem and the 1MB mark */ - memblock_reserve(lowmem, 0x100000 - lowmem); -diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c -index eb11369..8563b64 100644 ---- a/arch/x86/kernel/msr.c -+++ b/arch/x86/kernel/msr.c -@@ -174,6 +174,9 @@ static int msr_open(struct inode *inode, struct file *file) - unsigned int cpu; - struct cpuinfo_x86 *c; - -+ if (!capable(CAP_SYS_RAWIO)) -+ return -EPERM; -+ - cpu = iminor(file->f_path.dentry->d_inode); - if (cpu >= nr_cpu_ids || !cpu_online(cpu)) - return -ENXIO; /* No such CPU */ -diff --git a/arch/x86/kernel/reboot.c b/arch/x86/kernel/reboot.c -index 52190a9..3f20ab4 100644 ---- a/arch/x86/kernel/reboot.c -+++ b/arch/x86/kernel/reboot.c -@@ -592,7 +592,7 @@ static void native_machine_emergency_restart(void) - break; - - case BOOT_EFI: -- if (efi_enabled) -+ if (efi_enabled(EFI_RUNTIME_SERVICES)) - efi.reset_system(reboot_mode ? - EFI_RESET_WARM : - EFI_RESET_COLD, -diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 5cee802..771ff4d 100644 ---- a/arch/x86/kernel/setup.c -+++ b/arch/x86/kernel/setup.c -@@ -613,6 +613,83 @@ static __init void reserve_ibft_region(void) - - static unsigned reserve_low = CONFIG_X86_RESERVE_LOW << 10; - -+static bool __init snb_gfx_workaround_needed(void) -+{ -+#ifdef CONFIG_PCI -+ int i; -+ u16 vendor, devid; -+ static const u16 snb_ids[] = { -+ 0x0102, -+ 0x0112, -+ 0x0122, -+ 0x0106, -+ 0x0116, -+ 0x0126, -+ 0x010a, -+ }; -+ -+ /* Assume no if something weird is going on with PCI */ -+ if (!early_pci_allowed()) -+ return false; -+ -+ vendor = read_pci_config_16(0, 2, 0, PCI_VENDOR_ID); -+ if (vendor != 0x8086) -+ return false; -+ -+ devid = read_pci_config_16(0, 2, 0, PCI_DEVICE_ID); -+ for (i = 0; i < ARRAY_SIZE(snb_ids); i++) -+ if (devid == snb_ids[i]) -+ return true; -+#endif -+ -+ return false; -+} -+ -+/* -+ * Sandy Bridge graphics has trouble with certain ranges, exclude -+ * them from allocation. -+ */ -+static void __init trim_snb_memory(void) -+{ -+ static const unsigned long bad_pages[] = { -+ 0x20050000, -+ 0x20110000, -+ 0x20130000, -+ 0x20138000, -+ 0x40004000, -+ }; -+ int i; -+ -+ if (!snb_gfx_workaround_needed()) -+ return; -+ -+ printk(KERN_DEBUG "reserving inaccessible SNB gfx pages\n"); -+ -+ /* -+ * Reserve all memory below the 1 MB mark that has not -+ * already been reserved. -+ */ -+ memblock_reserve(0, 1<<20); -+ -+ for (i = 0; i < ARRAY_SIZE(bad_pages); i++) { -+ if (memblock_reserve(bad_pages[i], PAGE_SIZE)) -+ printk(KERN_WARNING "failed to reserve 0x%08lx\n", -+ bad_pages[i]); -+ } -+} -+ -+/* -+ * Here we put platform-specific memory range workarounds, i.e. -+ * memory known to be corrupt or otherwise in need to be reserved on -+ * specific platforms. -+ * -+ * If this gets used more widely it could use a real dispatch mechanism. -+ */ -+static void __init trim_platform_memory_ranges(void) -+{ -+ trim_snb_memory(); -+} -+ - static void __init trim_bios_range(void) - { - /* -@@ -633,6 +710,7 @@ static void __init trim_bios_range(void) - * take them out. - */ - e820_remove_range(BIOS_BEGIN, BIOS_END - BIOS_BEGIN, E820_RAM, 1); -+ - sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map); - } - -@@ -732,15 +810,15 @@ void __init setup_arch(char **cmdline_p) - #ifdef CONFIG_EFI - if (!strncmp((char *)&boot_params.efi_info.efi_loader_signature, - "EL32", 4)) { -- efi_enabled = 1; -- efi_64bit = false; -+ set_bit(EFI_BOOT, &x86_efi_facility); - } else if (!strncmp((char *)&boot_params.efi_info.efi_loader_signature, - "EL64", 4)) { -- efi_enabled = 1; -- efi_64bit = true; -+ set_bit(EFI_BOOT, &x86_efi_facility); -+ set_bit(EFI_64BIT, &x86_efi_facility); - } -- if (efi_enabled && efi_memblock_x86_reserve_range()) -- efi_enabled = 0; -+ -+ if (efi_enabled(EFI_BOOT)) -+ efi_memblock_x86_reserve_range(); - #endif - - x86_init.oem.arch_setup(); -@@ -813,7 +891,7 @@ void __init setup_arch(char **cmdline_p) - - finish_e820_parsing(); - -- if (efi_enabled) -+ if (efi_enabled(EFI_BOOT)) - efi_init(); - - dmi_scan_machine(); -@@ -896,7 +974,7 @@ void __init setup_arch(char **cmdline_p) - * The EFI specification says that boot service code won't be called - * after ExitBootServices(). This is, in fact, a lie. - */ -- if (efi_enabled) -+ if (efi_enabled(EFI_MEMMAP)) - efi_reserve_boot_services(); - - /* preallocate 4k for mptable mpc */ -@@ -911,6 +989,8 @@ void __init setup_arch(char **cmdline_p) - - setup_real_mode(); - -+ trim_platform_memory_ranges(); -+ - init_gbpages(); - - /* max_pfn_mapped is updated here */ -@@ -1035,7 +1115,7 @@ void __init setup_arch(char **cmdline_p) - - #ifdef CONFIG_VT - #if defined(CONFIG_VGA_CONSOLE) -- if (!efi_enabled || (efi_mem_type(0xa0000) != EFI_CONVENTIONAL_MEMORY)) -+ if (!efi_enabled(EFI_BOOT) || (efi_mem_type(0xa0000) != EFI_CONVENTIONAL_MEMORY)) - conswitchp = &vga_con; - #elif defined(CONFIG_DUMMY_CONSOLE) - conswitchp = &dummy_con; -@@ -1050,14 +1130,14 @@ void __init setup_arch(char **cmdline_p) - arch_init_ideal_nops(); - - #ifdef CONFIG_EFI -- /* Once setup is done above, disable efi_enabled on mismatched -- * firmware/kernel archtectures since there is no support for -- * runtime services. -+ /* Once setup is done above, unmap the EFI memory map on -+ * mismatched firmware/kernel archtectures since there is no -+ * support for runtime services. - */ -- if (efi_enabled && IS_ENABLED(CONFIG_X86_64) != efi_64bit) { -+ if (efi_enabled(EFI_BOOT) && -+ IS_ENABLED(CONFIG_X86_64) != efi_enabled(EFI_64BIT)) { - pr_info("efi: Setup done, disabling due to 32/64-bit mismatch\n"); - efi_unmap_memmap(); -- efi_enabled = 0; - } - #endif - } -diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index 76dcd9d..c6b10e2 100644 ---- a/arch/x86/mm/fault.c -+++ b/arch/x86/mm/fault.c -@@ -747,13 +747,15 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, - return; - } - #endif -+ /* Kernel addresses are always protection faults: */ -+ if (address >= TASK_SIZE) -+ error_code |= PF_PROT; - -- if (unlikely(show_unhandled_signals)) -+ if (likely(show_unhandled_signals)) - show_signal_msg(regs, error_code, address, tsk); - -- /* Kernel addresses are always protection faults: */ - tsk->thread.cr2 = address; -- tsk->thread.error_code = error_code | (address >= TASK_SIZE); -+ tsk->thread.error_code = error_code; - tsk->thread.trap_nr = X86_TRAP_PF; - - force_sig_info_fault(SIGSEGV, si_code, address, tsk, 0); -diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index 3baff25..ce42da7 100644 ---- a/arch/x86/mm/init_64.c -+++ b/arch/x86/mm/init_64.c -@@ -829,6 +829,9 @@ int kern_addr_valid(unsigned long addr) - if (pud_none(*pud)) - return 0; - -+ if (pud_large(*pud)) -+ return pfn_valid(pud_pfn(*pud)); -+ - pmd = pmd_offset(pud, addr); - if (pmd_none(*pmd)) - return 0; -diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c -index 2d125be..8504f36 100644 ---- a/arch/x86/mm/numa.c -+++ b/arch/x86/mm/numa.c -@@ -193,7 +193,6 @@ int __init numa_add_memblk(int nid, u64 start, u64 end) - static void __init setup_node_data(int nid, u64 start, u64 end) - { - const size_t nd_size = roundup(sizeof(pg_data_t), PAGE_SIZE); -- bool remapped = false; - u64 nd_pa; - void *nd; - int tnid; -@@ -205,37 +204,28 @@ static void __init setup_node_data(int nid, u64 start, u64 end) - if (end && (end - start) < NODE_MIN_SIZE) - return; - -- /* initialize remap allocator before aligning to ZONE_ALIGN */ -- init_alloc_remap(nid, start, end); -- - start = roundup(start, ZONE_ALIGN); - - printk(KERN_INFO "Initmem setup node %d [mem %#010Lx-%#010Lx]\n", - nid, start, end - 1); - - /* -- * Allocate node data. Try remap allocator first, node-local -- * memory and then any node. Never allocate in DMA zone. -+ * Allocate node data. Try node-local memory and then any node. -+ * Never allocate in DMA zone. - */ -- nd = alloc_remap(nid, nd_size); -- if (nd) { -- nd_pa = __pa(nd); -- remapped = true; -- } else { -- nd_pa = memblock_alloc_nid(nd_size, SMP_CACHE_BYTES, nid); -- if (!nd_pa) { -- pr_err("Cannot find %zu bytes in node %d\n", -- nd_size, nid); -- return; -- } -- nd = __va(nd_pa); -+ nd_pa = memblock_alloc_nid(nd_size, SMP_CACHE_BYTES, nid); -+ if (!nd_pa) { -+ pr_err("Cannot find %zu bytes in node %d\n", -+ nd_size, nid); -+ return; - } -+ nd = __va(nd_pa); - - /* report and initialize */ -- printk(KERN_INFO " NODE_DATA [mem %#010Lx-%#010Lx]%s\n", -- nd_pa, nd_pa + nd_size - 1, remapped ? " (remapped)" : ""); -+ printk(KERN_INFO " NODE_DATA [mem %#010Lx-%#010Lx]\n", -+ nd_pa, nd_pa + nd_size - 1); - tnid = early_pfn_to_nid(nd_pa >> PAGE_SHIFT); -- if (!remapped && tnid != nid) -+ if (tnid != nid) - printk(KERN_INFO " NODE_DATA(%d) on node %d\n", nid, tnid); - - node_data[nid] = nd; -diff --git a/arch/x86/mm/numa_32.c b/arch/x86/mm/numa_32.c -index 534255a..73a6d73 100644 ---- a/arch/x86/mm/numa_32.c -+++ b/arch/x86/mm/numa_32.c -@@ -73,167 +73,6 @@ unsigned long node_memmap_size_bytes(int nid, unsigned long start_pfn, - - extern unsigned long highend_pfn, highstart_pfn; - --#define LARGE_PAGE_BYTES (PTRS_PER_PTE * PAGE_SIZE) -- --static void *node_remap_start_vaddr[MAX_NUMNODES]; --void set_pmd_pfn(unsigned long vaddr, unsigned long pfn, pgprot_t flags); -- --/* -- * Remap memory allocator -- */ --static unsigned long node_remap_start_pfn[MAX_NUMNODES]; --static void *node_remap_end_vaddr[MAX_NUMNODES]; --static void *node_remap_alloc_vaddr[MAX_NUMNODES]; -- --/** -- * alloc_remap - Allocate remapped memory -- * @nid: NUMA node to allocate memory from -- * @size: The size of allocation -- * -- * Allocate @size bytes from the remap area of NUMA node @nid. The -- * size of the remap area is predetermined by init_alloc_remap() and -- * only the callers considered there should call this function. For -- * more info, please read the comment on top of init_alloc_remap(). -- * -- * The caller must be ready to handle allocation failure from this -- * function and fall back to regular memory allocator in such cases. -- * -- * CONTEXT: -- * Single CPU early boot context. -- * -- * RETURNS: -- * Pointer to the allocated memory on success, %NULL on failure. -- */ --void *alloc_remap(int nid, unsigned long size) --{ -- void *allocation = node_remap_alloc_vaddr[nid]; -- -- size = ALIGN(size, L1_CACHE_BYTES); -- -- if (!allocation || (allocation + size) > node_remap_end_vaddr[nid]) -- return NULL; -- -- node_remap_alloc_vaddr[nid] += size; -- memset(allocation, 0, size); -- -- return allocation; --} -- --#ifdef CONFIG_HIBERNATION --/** -- * resume_map_numa_kva - add KVA mapping to the temporary page tables created -- * during resume from hibernation -- * @pgd_base - temporary resume page directory -- */ --void resume_map_numa_kva(pgd_t *pgd_base) --{ -- int node; -- -- for_each_online_node(node) { -- unsigned long start_va, start_pfn, nr_pages, pfn; -- -- start_va = (unsigned long)node_remap_start_vaddr[node]; -- start_pfn = node_remap_start_pfn[node]; -- nr_pages = (node_remap_end_vaddr[node] - -- node_remap_start_vaddr[node]) >> PAGE_SHIFT; -- -- printk(KERN_DEBUG "%s: node %d\n", __func__, node); -- -- for (pfn = 0; pfn < nr_pages; pfn += PTRS_PER_PTE) { -- unsigned long vaddr = start_va + (pfn << PAGE_SHIFT); -- pgd_t *pgd = pgd_base + pgd_index(vaddr); -- pud_t *pud = pud_offset(pgd, vaddr); -- pmd_t *pmd = pmd_offset(pud, vaddr); -- -- set_pmd(pmd, pfn_pmd(start_pfn + pfn, -- PAGE_KERNEL_LARGE_EXEC)); -- -- printk(KERN_DEBUG "%s: %08lx -> pfn %08lx\n", -- __func__, vaddr, start_pfn + pfn); -- } -- } --} --#endif -- --/** -- * init_alloc_remap - Initialize remap allocator for a NUMA node -- * @nid: NUMA node to initizlie remap allocator for -- * -- * NUMA nodes may end up without any lowmem. As allocating pgdat and -- * memmap on a different node with lowmem is inefficient, a special -- * remap allocator is implemented which can be used by alloc_remap(). -- * -- * For each node, the amount of memory which will be necessary for -- * pgdat and memmap is calculated and two memory areas of the size are -- * allocated - one in the node and the other in lowmem; then, the area -- * in the node is remapped to the lowmem area. -- * -- * As pgdat and memmap must be allocated in lowmem anyway, this -- * doesn't waste lowmem address space; however, the actual lowmem -- * which gets remapped over is wasted. The amount shouldn't be -- * problematic on machines this feature will be used. -- * -- * Initialization failure isn't fatal. alloc_remap() is used -- * opportunistically and the callers will fall back to other memory -- * allocation mechanisms on failure. -- */ --void __init init_alloc_remap(int nid, u64 start, u64 end) --{ -- unsigned long start_pfn = start >> PAGE_SHIFT; -- unsigned long end_pfn = end >> PAGE_SHIFT; -- unsigned long size, pfn; -- u64 node_pa, remap_pa; -- void *remap_va; -- -- /* -- * The acpi/srat node info can show hot-add memroy zones where -- * memory could be added but not currently present. -- */ -- printk(KERN_DEBUG "node %d pfn: [%lx - %lx]\n", -- nid, start_pfn, end_pfn); -- -- /* calculate the necessary space aligned to large page size */ -- size = node_memmap_size_bytes(nid, start_pfn, end_pfn); -- size += ALIGN(sizeof(pg_data_t), PAGE_SIZE); -- size = ALIGN(size, LARGE_PAGE_BYTES); -- -- /* allocate node memory and the lowmem remap area */ -- node_pa = memblock_find_in_range(start, end, size, LARGE_PAGE_BYTES); -- if (!node_pa) { -- pr_warning("remap_alloc: failed to allocate %lu bytes for node %d\n", -- size, nid); -- return; -- } -- memblock_reserve(node_pa, size); -- -- remap_pa = memblock_find_in_range(min_low_pfn << PAGE_SHIFT, -- max_low_pfn << PAGE_SHIFT, -- size, LARGE_PAGE_BYTES); -- if (!remap_pa) { -- pr_warning("remap_alloc: failed to allocate %lu bytes remap area for node %d\n", -- size, nid); -- memblock_free(node_pa, size); -- return; -- } -- memblock_reserve(remap_pa, size); -- remap_va = phys_to_virt(remap_pa); -- -- /* perform actual remap */ -- for (pfn = 0; pfn < size >> PAGE_SHIFT; pfn += PTRS_PER_PTE) -- set_pmd_pfn((unsigned long)remap_va + (pfn << PAGE_SHIFT), -- (node_pa >> PAGE_SHIFT) + pfn, -- PAGE_KERNEL_LARGE); -- -- /* initialize remap allocator parameters */ -- node_remap_start_pfn[nid] = node_pa >> PAGE_SHIFT; -- node_remap_start_vaddr[nid] = remap_va; -- node_remap_end_vaddr[nid] = remap_va + size; -- node_remap_alloc_vaddr[nid] = remap_va; -- -- printk(KERN_DEBUG "remap_alloc: node %d [%08llx-%08llx) -> [%p-%p)\n", -- nid, node_pa, node_pa + size, remap_va, remap_va + size); --} -- - void __init initmem_init(void) - { - x86_numa_init(); -diff --git a/arch/x86/mm/numa_internal.h b/arch/x86/mm/numa_internal.h -index 7178c3a..ad86ec9 100644 ---- a/arch/x86/mm/numa_internal.h -+++ b/arch/x86/mm/numa_internal.h -@@ -21,12 +21,6 @@ void __init numa_reset_distance(void); - - void __init x86_numa_init(void); - --#ifdef CONFIG_X86_64 --static inline void init_alloc_remap(int nid, u64 start, u64 end) { } --#else --void __init init_alloc_remap(int nid, u64 start, u64 end); --#endif -- - #ifdef CONFIG_NUMA_EMU - void __init numa_emulation(struct numa_meminfo *numa_meminfo, - int numa_dist_cnt); -diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c -index 72d8899..1e40637 100644 ---- a/arch/x86/platform/efi/efi.c -+++ b/arch/x86/platform/efi/efi.c -@@ -50,9 +50,6 @@ - - #define EFI_DEBUG 1 - --int efi_enabled; --EXPORT_SYMBOL(efi_enabled); -- - struct efi __read_mostly efi = { - .mps = EFI_INVALID_TABLE_ADDR, - .acpi = EFI_INVALID_TABLE_ADDR, -@@ -68,19 +65,29 @@ EXPORT_SYMBOL(efi); - - struct efi_memory_map memmap; - --bool efi_64bit; -- - static struct efi efi_phys __initdata; - static efi_system_table_t efi_systab __initdata; - - static inline bool efi_is_native(void) - { -- return IS_ENABLED(CONFIG_X86_64) == efi_64bit; -+ return IS_ENABLED(CONFIG_X86_64) == efi_enabled(EFI_64BIT); -+} -+ -+unsigned long x86_efi_facility; -+ -+/* -+ * Returns 1 if 'facility' is enabled, 0 otherwise. -+ */ -+int efi_enabled(int facility) -+{ -+ return test_bit(facility, &x86_efi_facility) != 0; - } -+EXPORT_SYMBOL(efi_enabled); - -+static bool disable_runtime = false; - static int __init setup_noefi(char *arg) - { -- efi_enabled = 0; -+ disable_runtime = true; - return 0; - } - early_param("noefi", setup_noefi); -@@ -425,6 +432,7 @@ void __init efi_reserve_boot_services(void) - - void __init efi_unmap_memmap(void) - { -+ clear_bit(EFI_MEMMAP, &x86_efi_facility); - if (memmap.map) { - early_iounmap(memmap.map, memmap.nr_map * memmap.desc_size); - memmap.map = NULL; -@@ -459,7 +467,7 @@ void __init efi_free_boot_services(void) - - static int __init efi_systab_init(void *phys) - { -- if (efi_64bit) { -+ if (efi_enabled(EFI_64BIT)) { - efi_system_table_64_t *systab64; - u64 tmp = 0; - -@@ -551,7 +559,7 @@ static int __init efi_config_init(u64 tables, int nr_tables) - void *config_tables, *tablep; - int i, sz; - -- if (efi_64bit) -+ if (efi_enabled(EFI_64BIT)) - sz = sizeof(efi_config_table_64_t); - else - sz = sizeof(efi_config_table_32_t); -@@ -571,7 +579,7 @@ static int __init efi_config_init(u64 tables, int nr_tables) - efi_guid_t guid; - unsigned long table; - -- if (efi_64bit) { -+ if (efi_enabled(EFI_64BIT)) { - u64 table64; - guid = ((efi_config_table_64_t *)tablep)->guid; - table64 = ((efi_config_table_64_t *)tablep)->table; -@@ -683,7 +691,6 @@ void __init efi_init(void) - if (boot_params.efi_info.efi_systab_hi || - boot_params.efi_info.efi_memmap_hi) { - pr_info("Table located above 4GB, disabling EFI.\n"); -- efi_enabled = 0; - return; - } - efi_phys.systab = (efi_system_table_t *)boot_params.efi_info.efi_systab; -@@ -693,10 +700,10 @@ void __init efi_init(void) - ((__u64)boot_params.efi_info.efi_systab_hi<<32)); - #endif - -- if (efi_systab_init(efi_phys.systab)) { -- efi_enabled = 0; -+ if (efi_systab_init(efi_phys.systab)) - return; -- } -+ -+ set_bit(EFI_SYSTEM_TABLES, &x86_efi_facility); - - /* - * Show what we know for posterity -@@ -714,10 +721,10 @@ void __init efi_init(void) - efi.systab->hdr.revision >> 16, - efi.systab->hdr.revision & 0xffff, vendor); - -- if (efi_config_init(efi.systab->tables, efi.systab->nr_tables)) { -- efi_enabled = 0; -+ if (efi_config_init(efi.systab->tables, efi.systab->nr_tables)) - return; -- } -+ -+ set_bit(EFI_CONFIG_TABLES, &x86_efi_facility); - - /* - * Note: We currently don't support runtime services on an EFI -@@ -726,15 +733,17 @@ void __init efi_init(void) - - if (!efi_is_native()) - pr_info("No EFI runtime due to 32/64-bit mismatch with kernel\n"); -- else if (efi_runtime_init()) { -- efi_enabled = 0; -- return; -+ else { -+ if (disable_runtime || efi_runtime_init()) -+ return; -+ set_bit(EFI_RUNTIME_SERVICES, &x86_efi_facility); - } - -- if (efi_memmap_init()) { -- efi_enabled = 0; -+ if (efi_memmap_init()) - return; -- } -+ -+ set_bit(EFI_MEMMAP, &x86_efi_facility); -+ - #ifdef CONFIG_X86_32 - if (efi_is_native()) { - x86_platform.get_wallclock = efi_get_time; -@@ -900,7 +909,7 @@ void __init efi_enter_virtual_mode(void) - * - * Call EFI services through wrapper functions. - */ -- efi.runtime_version = efi_systab.fw_revision; -+ efi.runtime_version = efi_systab.hdr.revision; - efi.get_time = virt_efi_get_time; - efi.set_time = virt_efi_set_time; - efi.get_wakeup_time = virt_efi_get_wakeup_time; -@@ -943,6 +952,9 @@ u64 efi_mem_attributes(unsigned long phys_addr) - efi_memory_desc_t *md; - void *p; - -+ if (!efi_enabled(EFI_MEMMAP)) -+ return 0; -+ - for (p = memmap.map; p < memmap.map_end; p += memmap.desc_size) { - md = p; - if ((md->phys_addr <= phys_addr) && -diff --git a/arch/x86/platform/efi/efi_64.c b/arch/x86/platform/efi/efi_64.c -index ac3aa54..0fba86d 100644 ---- a/arch/x86/platform/efi/efi_64.c -+++ b/arch/x86/platform/efi/efi_64.c -@@ -38,7 +38,7 @@ - #include <asm/cacheflush.h> - #include <asm/fixmap.h> - --static pgd_t save_pgd __initdata; -+static pgd_t *save_pgd __initdata; - static unsigned long efi_flags __initdata; - - static void __init early_code_mapping_set_exec(int executable) -@@ -61,12 +61,20 @@ static void __init early_code_mapping_set_exec(int executable) - void __init efi_call_phys_prelog(void) - { - unsigned long vaddress; -+ int pgd; -+ int n_pgds; - - early_code_mapping_set_exec(1); - local_irq_save(efi_flags); -- vaddress = (unsigned long)__va(0x0UL); -- save_pgd = *pgd_offset_k(0x0UL); -- set_pgd(pgd_offset_k(0x0UL), *pgd_offset_k(vaddress)); -+ -+ n_pgds = DIV_ROUND_UP((max_pfn << PAGE_SHIFT), PGDIR_SIZE); -+ save_pgd = kmalloc(n_pgds * sizeof(pgd_t), GFP_KERNEL); -+ -+ for (pgd = 0; pgd < n_pgds; pgd++) { -+ save_pgd[pgd] = *pgd_offset_k(pgd * PGDIR_SIZE); -+ vaddress = (unsigned long)__va(pgd * PGDIR_SIZE); -+ set_pgd(pgd_offset_k(pgd * PGDIR_SIZE), *pgd_offset_k(vaddress)); -+ } - __flush_tlb_all(); - } - -@@ -75,7 +83,11 @@ void __init efi_call_phys_epilog(void) - /* - * After the lock is released, the original page table is restored. - */ -- set_pgd(pgd_offset_k(0x0UL), save_pgd); -+ int pgd; -+ int n_pgds = DIV_ROUND_UP((max_pfn << PAGE_SHIFT) , PGDIR_SIZE); -+ for (pgd = 0; pgd < n_pgds; pgd++) -+ set_pgd(pgd_offset_k(pgd * PGDIR_SIZE), save_pgd[pgd]); -+ kfree(save_pgd); - __flush_tlb_all(); - local_irq_restore(efi_flags); - early_code_mapping_set_exec(0); -diff --git a/arch/x86/power/hibernate_32.c b/arch/x86/power/hibernate_32.c -index 74202c1..7d28c88 100644 ---- a/arch/x86/power/hibernate_32.c -+++ b/arch/x86/power/hibernate_32.c -@@ -129,8 +129,6 @@ static int resume_physical_mapping_init(pgd_t *pgd_base) - } - } - -- resume_map_numa_kva(pgd_base); -- - return 0; - } - -diff --git a/arch/x86/xen/spinlock.c b/arch/x86/xen/spinlock.c -index 83e866d..f7a080e 100644 ---- a/arch/x86/xen/spinlock.c -+++ b/arch/x86/xen/spinlock.c -@@ -328,7 +328,6 @@ static noinline void xen_spin_unlock_slow(struct xen_spinlock *xl) - if (per_cpu(lock_spinners, cpu) == xl) { - ADD_STATS(released_slow_kicked, 1); - xen_send_IPI_one(cpu, XEN_SPIN_UNLOCK_VECTOR); -- break; - } - } - } -diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S -index f9643fc..33ca6e4 100644 ---- a/arch/x86/xen/xen-asm_32.S -+++ b/arch/x86/xen/xen-asm_32.S -@@ -89,11 +89,11 @@ ENTRY(xen_iret) - */ - #ifdef CONFIG_SMP - GET_THREAD_INFO(%eax) -- movl TI_cpu(%eax), %eax -- movl __per_cpu_offset(,%eax,4), %eax -- mov xen_vcpu(%eax), %eax -+ movl %ss:TI_cpu(%eax), %eax -+ movl %ss:__per_cpu_offset(,%eax,4), %eax -+ mov %ss:xen_vcpu(%eax), %eax - #else -- movl xen_vcpu, %eax -+ movl %ss:xen_vcpu, %eax - #endif - - /* check IF state we're restoring */ -@@ -106,11 +106,11 @@ ENTRY(xen_iret) - * resuming the code, so we don't have to be worried about - * being preempted to another CPU. - */ -- setz XEN_vcpu_info_mask(%eax) -+ setz %ss:XEN_vcpu_info_mask(%eax) - xen_iret_start_crit: - - /* check for unmasked and pending */ -- cmpw $0x0001, XEN_vcpu_info_pending(%eax) -+ cmpw $0x0001, %ss:XEN_vcpu_info_pending(%eax) - - /* - * If there's something pending, mask events again so we can -@@ -118,7 +118,7 @@ xen_iret_start_crit: - * touch XEN_vcpu_info_mask. - */ - jne 1f -- movb $1, XEN_vcpu_info_mask(%eax) -+ movb $1, %ss:XEN_vcpu_info_mask(%eax) - - 1: popl %eax - -diff --git a/block/genhd.c b/block/genhd.c -index d839723..6c9a4e8 100644 ---- a/block/genhd.c -+++ b/block/genhd.c -@@ -25,7 +25,7 @@ static DEFINE_MUTEX(block_class_lock); - struct kobject *block_depr; - - /* for extended dynamic devt allocation, currently only one major is used */ --#define MAX_EXT_DEVT (1 << MINORBITS) -+#define NR_EXT_DEVT (1 << MINORBITS) - - /* For extended devt allocation. ext_devt_mutex prevents look up - * results from going away underneath its user. -@@ -420,17 +420,18 @@ int blk_alloc_devt(struct hd_struct *part, dev_t *devt) - do { - if (!idr_pre_get(&ext_devt_idr, GFP_KERNEL)) - return -ENOMEM; -+ mutex_lock(&ext_devt_mutex); - rc = idr_get_new(&ext_devt_idr, part, &idx); -+ if (!rc && idx >= NR_EXT_DEVT) { -+ idr_remove(&ext_devt_idr, idx); -+ rc = -EBUSY; -+ } -+ mutex_unlock(&ext_devt_mutex); - } while (rc == -EAGAIN); - - if (rc) - return rc; - -- if (idx > MAX_EXT_DEVT) { -- idr_remove(&ext_devt_idr, idx); -- return -EBUSY; -- } -- - *devt = MKDEV(BLOCK_EXT_MAJOR, blk_mangle_minor(idx)); - return 0; - } -@@ -644,7 +645,6 @@ void del_gendisk(struct gendisk *disk) - disk_part_iter_exit(&piter); - - invalidate_partition(disk, 0); -- blk_free_devt(disk_to_dev(disk)->devt); - set_capacity(disk, 0); - disk->flags &= ~GENHD_FL_UP; - -@@ -662,6 +662,7 @@ void del_gendisk(struct gendisk *disk) - if (!sysfs_deprecated) - sysfs_remove_link(block_depr, dev_name(disk_to_dev(disk))); - device_del(disk_to_dev(disk)); -+ blk_free_devt(disk_to_dev(disk)->devt); - } - EXPORT_SYMBOL(del_gendisk); - -diff --git a/block/partition-generic.c b/block/partition-generic.c -index f1d1451..1cb4dec 100644 ---- a/block/partition-generic.c -+++ b/block/partition-generic.c -@@ -249,11 +249,11 @@ void delete_partition(struct gendisk *disk, int partno) - if (!part) - return; - -- blk_free_devt(part_devt(part)); - rcu_assign_pointer(ptbl->part[partno], NULL); - rcu_assign_pointer(ptbl->last_lookup, NULL); - kobject_put(part->holder_dir); - device_del(part_to_dev(part)); -+ blk_free_devt(part_devt(part)); - - hd_struct_put(part); - } -diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c -index 9eaf708..251435a 100644 ---- a/drivers/acpi/osl.c -+++ b/drivers/acpi/osl.c -@@ -250,7 +250,7 @@ acpi_physical_address __init acpi_os_get_root_pointer(void) - return acpi_rsdp; - #endif - -- if (efi_enabled) { -+ if (efi_enabled(EFI_CONFIG_TABLES)) { - if (efi.acpi20 != EFI_INVALID_TABLE_ADDR) - return efi.acpi20; - else if (efi.acpi != EFI_INVALID_TABLE_ADDR) -diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c -index ad3730b..aac684d 100644 ---- a/drivers/acpi/processor_idle.c -+++ b/drivers/acpi/processor_idle.c -@@ -1009,6 +1009,9 @@ static int acpi_processor_setup_cpuidle_cx(struct acpi_processor *pr) - return -EINVAL; - } - -+ if (!dev) -+ return -EINVAL; -+ - dev->cpu = pr->id; - - if (max_cstate == 0) -@@ -1196,6 +1199,7 @@ int acpi_processor_cst_has_changed(struct acpi_processor *pr) - } - - /* Populate Updated C-state information */ -+ acpi_processor_get_power_info(pr); - acpi_processor_setup_cpuidle_states(pr); - - /* Enable all cpuidle devices */ -diff --git a/drivers/acpi/scan.c b/drivers/acpi/scan.c -index d1ecca2..f1fcaca 100644 ---- a/drivers/acpi/scan.c -+++ b/drivers/acpi/scan.c -@@ -807,8 +807,8 @@ acpi_bus_extract_wakeup_device_power_package(acpi_handle handle, - static void acpi_bus_set_run_wake_flags(struct acpi_device *device) - { - struct acpi_device_id button_device_ids[] = { -- {"PNP0C0D", 0}, - {"PNP0C0C", 0}, -+ {"PNP0C0D", 0}, - {"PNP0C0E", 0}, - {"", 0}, - }; -@@ -820,6 +820,11 @@ static void acpi_bus_set_run_wake_flags(struct acpi_device *device) - /* Power button, Lid switch always enable wakeup */ - if (!acpi_match_device_ids(device, button_device_ids)) { - device->wakeup.flags.run_wake = 1; -+ if (!acpi_match_device_ids(device, &button_device_ids[1])) { -+ /* Do not use Lid/sleep button for S5 wakeup */ -+ if (device->wakeup.sleep_state == ACPI_STATE_S5) -+ device->wakeup.sleep_state = ACPI_STATE_S4; -+ } - device_set_wakeup_capable(&device->dev, true); - return; - } -@@ -1175,7 +1180,7 @@ static void acpi_device_set_id(struct acpi_device *device) - acpi_add_id(device, ACPI_DOCK_HID); - else if (!acpi_ibm_smbus_match(device)) - acpi_add_id(device, ACPI_SMBUS_IBM_HID); -- else if (!acpi_device_hid(device) && -+ else if (list_empty(&device->pnp.ids) && - ACPI_IS_ROOT_DEVICE(device->parent)) { - acpi_add_id(device, ACPI_BUS_HID); /* \_SB, LNXSYBUS */ - strcpy(device->pnp.device_name, ACPI_BUS_DEVICE_NAME); -diff --git a/drivers/acpi/sleep.c b/drivers/acpi/sleep.c -index 847ed55..b38787b 100644 ---- a/drivers/acpi/sleep.c -+++ b/drivers/acpi/sleep.c -@@ -109,6 +109,188 @@ void __init acpi_old_suspend_ordering(void) - old_suspend_ordering = true; - } - -+static int __init init_old_suspend_ordering(const struct dmi_system_id *d) -+{ -+ acpi_old_suspend_ordering(); -+ return 0; -+} -+ -+static int __init init_nvs_nosave(const struct dmi_system_id *d) -+{ -+ acpi_nvs_nosave(); -+ return 0; -+} -+ -+static struct dmi_system_id __initdata acpisleep_dmi_table[] = { -+ { -+ .callback = init_old_suspend_ordering, -+ .ident = "Abit KN9 (nForce4 variant)", -+ .matches = { -+ DMI_MATCH(DMI_BOARD_VENDOR, "http://www.abit.com.tw/"), -+ DMI_MATCH(DMI_BOARD_NAME, "KN9 Series(NF-CK804)"), -+ }, -+ }, -+ { -+ .callback = init_old_suspend_ordering, -+ .ident = "HP xw4600 Workstation", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"), -+ DMI_MATCH(DMI_PRODUCT_NAME, "HP xw4600 Workstation"), -+ }, -+ }, -+ { -+ .callback = init_old_suspend_ordering, -+ .ident = "Asus Pundit P1-AH2 (M2N8L motherboard)", -+ .matches = { -+ DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTek Computer INC."), -+ DMI_MATCH(DMI_BOARD_NAME, "M2N8L"), -+ }, -+ }, -+ { -+ .callback = init_old_suspend_ordering, -+ .ident = "Panasonic CF51-2L", -+ .matches = { -+ DMI_MATCH(DMI_BOARD_VENDOR, -+ "Matsushita Electric Industrial Co.,Ltd."), -+ DMI_MATCH(DMI_BOARD_NAME, "CF51-2L"), -+ }, -+ }, -+ { -+ .callback = init_nvs_nosave, -+ .ident = "Sony Vaio VGN-FW41E_H", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -+ DMI_MATCH(DMI_PRODUCT_NAME, "VGN-FW41E_H"), -+ }, -+ }, -+ { -+ .callback = init_nvs_nosave, -+ .ident = "Sony Vaio VGN-FW21E", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -+ DMI_MATCH(DMI_PRODUCT_NAME, "VGN-FW21E"), -+ }, -+ }, -+ { -+ .callback = init_nvs_nosave, -+ .ident = "Sony Vaio VPCEB17FX", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -+ DMI_MATCH(DMI_PRODUCT_NAME, "VPCEB17FX"), -+ }, -+ }, -+ { -+ .callback = init_nvs_nosave, -+ .ident = "Sony Vaio VGN-SR11M", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -+ DMI_MATCH(DMI_PRODUCT_NAME, "VGN-SR11M"), -+ }, -+ }, -+ { -+ .callback = init_nvs_nosave, -+ .ident = "Everex StepNote Series", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "Everex Systems, Inc."), -+ DMI_MATCH(DMI_PRODUCT_NAME, "Everex StepNote Series"), -+ }, -+ }, -+ { -+ .callback = init_nvs_nosave, -+ .ident = "Sony Vaio VPCEB1Z1E", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -+ DMI_MATCH(DMI_PRODUCT_NAME, "VPCEB1Z1E"), -+ }, -+ }, -+ { -+ .callback = init_nvs_nosave, -+ .ident = "Sony Vaio VGN-NW130D", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -+ DMI_MATCH(DMI_PRODUCT_NAME, "VGN-NW130D"), -+ }, -+ }, -+ { -+ .callback = init_nvs_nosave, -+ .ident = "Sony Vaio VPCCW29FX", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -+ DMI_MATCH(DMI_PRODUCT_NAME, "VPCCW29FX"), -+ }, -+ }, -+ { -+ .callback = init_nvs_nosave, -+ .ident = "Averatec AV1020-ED2", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "AVERATEC"), -+ DMI_MATCH(DMI_PRODUCT_NAME, "1000 Series"), -+ }, -+ }, -+ { -+ .callback = init_old_suspend_ordering, -+ .ident = "Asus A8N-SLI DELUXE", -+ .matches = { -+ DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK Computer INC."), -+ DMI_MATCH(DMI_BOARD_NAME, "A8N-SLI DELUXE"), -+ }, -+ }, -+ { -+ .callback = init_old_suspend_ordering, -+ .ident = "Asus A8N-SLI Premium", -+ .matches = { -+ DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK Computer INC."), -+ DMI_MATCH(DMI_BOARD_NAME, "A8N-SLI Premium"), -+ }, -+ }, -+ { -+ .callback = init_nvs_nosave, -+ .ident = "Sony Vaio VGN-SR26GN_P", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -+ DMI_MATCH(DMI_PRODUCT_NAME, "VGN-SR26GN_P"), -+ }, -+ }, -+ { -+ .callback = init_nvs_nosave, -+ .ident = "Sony Vaio VPCEB1S1E", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -+ DMI_MATCH(DMI_PRODUCT_NAME, "VPCEB1S1E"), -+ }, -+ }, -+ { -+ .callback = init_nvs_nosave, -+ .ident = "Sony Vaio VGN-FW520F", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -+ DMI_MATCH(DMI_PRODUCT_NAME, "VGN-FW520F"), -+ }, -+ }, -+ { -+ .callback = init_nvs_nosave, -+ .ident = "Asus K54C", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK Computer Inc."), -+ DMI_MATCH(DMI_PRODUCT_NAME, "K54C"), -+ }, -+ }, -+ { -+ .callback = init_nvs_nosave, -+ .ident = "Asus K54HR", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK Computer Inc."), -+ DMI_MATCH(DMI_PRODUCT_NAME, "K54HR"), -+ }, -+ }, -+ {}, -+}; -+ -+static void acpi_sleep_dmi_check(void) -+{ -+ dmi_check_system(acpisleep_dmi_table); -+} -+ - /** - * acpi_pm_freeze - Disable the GPEs and suspend EC transactions. - */ -@@ -224,6 +406,7 @@ static void acpi_pm_end(void) - } - #else /* !CONFIG_ACPI_SLEEP */ - #define acpi_target_sleep_state ACPI_STATE_S0 -+static inline void acpi_sleep_dmi_check(void) {} - #endif /* CONFIG_ACPI_SLEEP */ - - #ifdef CONFIG_SUSPEND -@@ -382,175 +565,6 @@ static const struct platform_suspend_ops acpi_suspend_ops_old = { - .end = acpi_pm_end, - .recover = acpi_pm_finish, - }; -- --static int __init init_old_suspend_ordering(const struct dmi_system_id *d) --{ -- old_suspend_ordering = true; -- return 0; --} -- --static int __init init_nvs_nosave(const struct dmi_system_id *d) --{ -- acpi_nvs_nosave(); -- return 0; --} -- --static struct dmi_system_id __initdata acpisleep_dmi_table[] = { -- { -- .callback = init_old_suspend_ordering, -- .ident = "Abit KN9 (nForce4 variant)", -- .matches = { -- DMI_MATCH(DMI_BOARD_VENDOR, "http://www.abit.com.tw/"), -- DMI_MATCH(DMI_BOARD_NAME, "KN9 Series(NF-CK804)"), -- }, -- }, -- { -- .callback = init_old_suspend_ordering, -- .ident = "HP xw4600 Workstation", -- .matches = { -- DMI_MATCH(DMI_SYS_VENDOR, "Hewlett-Packard"), -- DMI_MATCH(DMI_PRODUCT_NAME, "HP xw4600 Workstation"), -- }, -- }, -- { -- .callback = init_old_suspend_ordering, -- .ident = "Asus Pundit P1-AH2 (M2N8L motherboard)", -- .matches = { -- DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTek Computer INC."), -- DMI_MATCH(DMI_BOARD_NAME, "M2N8L"), -- }, -- }, -- { -- .callback = init_old_suspend_ordering, -- .ident = "Panasonic CF51-2L", -- .matches = { -- DMI_MATCH(DMI_BOARD_VENDOR, -- "Matsushita Electric Industrial Co.,Ltd."), -- DMI_MATCH(DMI_BOARD_NAME, "CF51-2L"), -- }, -- }, -- { -- .callback = init_nvs_nosave, -- .ident = "Sony Vaio VGN-FW21E", -- .matches = { -- DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -- DMI_MATCH(DMI_PRODUCT_NAME, "VGN-FW21E"), -- }, -- }, -- { -- .callback = init_nvs_nosave, -- .ident = "Sony Vaio VPCEB17FX", -- .matches = { -- DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -- DMI_MATCH(DMI_PRODUCT_NAME, "VPCEB17FX"), -- }, -- }, -- { -- .callback = init_nvs_nosave, -- .ident = "Sony Vaio VGN-SR11M", -- .matches = { -- DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -- DMI_MATCH(DMI_PRODUCT_NAME, "VGN-SR11M"), -- }, -- }, -- { -- .callback = init_nvs_nosave, -- .ident = "Everex StepNote Series", -- .matches = { -- DMI_MATCH(DMI_SYS_VENDOR, "Everex Systems, Inc."), -- DMI_MATCH(DMI_PRODUCT_NAME, "Everex StepNote Series"), -- }, -- }, -- { -- .callback = init_nvs_nosave, -- .ident = "Sony Vaio VPCEB1Z1E", -- .matches = { -- DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -- DMI_MATCH(DMI_PRODUCT_NAME, "VPCEB1Z1E"), -- }, -- }, -- { -- .callback = init_nvs_nosave, -- .ident = "Sony Vaio VGN-NW130D", -- .matches = { -- DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -- DMI_MATCH(DMI_PRODUCT_NAME, "VGN-NW130D"), -- }, -- }, -- { -- .callback = init_nvs_nosave, -- .ident = "Sony Vaio VPCCW29FX", -- .matches = { -- DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -- DMI_MATCH(DMI_PRODUCT_NAME, "VPCCW29FX"), -- }, -- }, -- { -- .callback = init_nvs_nosave, -- .ident = "Averatec AV1020-ED2", -- .matches = { -- DMI_MATCH(DMI_SYS_VENDOR, "AVERATEC"), -- DMI_MATCH(DMI_PRODUCT_NAME, "1000 Series"), -- }, -- }, -- { -- .callback = init_old_suspend_ordering, -- .ident = "Asus A8N-SLI DELUXE", -- .matches = { -- DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK Computer INC."), -- DMI_MATCH(DMI_BOARD_NAME, "A8N-SLI DELUXE"), -- }, -- }, -- { -- .callback = init_old_suspend_ordering, -- .ident = "Asus A8N-SLI Premium", -- .matches = { -- DMI_MATCH(DMI_BOARD_VENDOR, "ASUSTeK Computer INC."), -- DMI_MATCH(DMI_BOARD_NAME, "A8N-SLI Premium"), -- }, -- }, -- { -- .callback = init_nvs_nosave, -- .ident = "Sony Vaio VGN-SR26GN_P", -- .matches = { -- DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -- DMI_MATCH(DMI_PRODUCT_NAME, "VGN-SR26GN_P"), -- }, -- }, -- { -- .callback = init_nvs_nosave, -- .ident = "Sony Vaio VPCEB1S1E", -- .matches = { -- DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -- DMI_MATCH(DMI_PRODUCT_NAME, "VPCEB1S1E"), -- }, -- }, -- { -- .callback = init_nvs_nosave, -- .ident = "Sony Vaio VGN-FW520F", -- .matches = { -- DMI_MATCH(DMI_SYS_VENDOR, "Sony Corporation"), -- DMI_MATCH(DMI_PRODUCT_NAME, "VGN-FW520F"), -- }, -- }, -- { -- .callback = init_nvs_nosave, -- .ident = "Asus K54C", -- .matches = { -- DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK Computer Inc."), -- DMI_MATCH(DMI_PRODUCT_NAME, "K54C"), -- }, -- }, -- { -- .callback = init_nvs_nosave, -- .ident = "Asus K54HR", -- .matches = { -- DMI_MATCH(DMI_SYS_VENDOR, "ASUSTeK Computer Inc."), -- DMI_MATCH(DMI_PRODUCT_NAME, "K54HR"), -- }, -- }, -- {}, --}; - #endif /* CONFIG_SUSPEND */ - - #ifdef CONFIG_HIBERNATION -@@ -881,13 +895,13 @@ int __init acpi_sleep_init(void) - u8 type_a, type_b; - #ifdef CONFIG_SUSPEND - int i = 0; -- -- dmi_check_system(acpisleep_dmi_table); - #endif - - if (acpi_disabled) - return 0; - -+ acpi_sleep_dmi_check(); -+ - sleep_states[ACPI_STATE_S0] = 1; - printk(KERN_INFO PREFIX "(supports S0"); - -diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c -index 7862d17..4979127 100644 ---- a/drivers/ata/ahci.c -+++ b/drivers/ata/ahci.c -@@ -53,6 +53,7 @@ - - enum { - AHCI_PCI_BAR_STA2X11 = 0, -+ AHCI_PCI_BAR_ENMOTUS = 2, - AHCI_PCI_BAR_STANDARD = 5, - }; - -@@ -410,6 +411,9 @@ static const struct pci_device_id ahci_pci_tbl[] = { - { PCI_VDEVICE(ASMEDIA, 0x0611), board_ahci }, /* ASM1061 */ - { PCI_VDEVICE(ASMEDIA, 0x0612), board_ahci }, /* ASM1062 */ - -+ /* Enmotus */ -+ { PCI_DEVICE(0x1c44, 0x8000), board_ahci }, -+ - /* Generic, PCI class code for AHCI */ - { PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, - PCI_CLASS_STORAGE_SATA_AHCI, 0xffffff, board_ahci }, -@@ -1098,9 +1102,11 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) - dev_info(&pdev->dev, - "PDC42819 can only drive SATA devices with this driver\n"); - -- /* The Connext uses non-standard BAR */ -+ /* Both Connext and Enmotus devices use non-standard BARs */ - if (pdev->vendor == PCI_VENDOR_ID_STMICRO && pdev->device == 0xCC06) - ahci_pci_bar = AHCI_PCI_BAR_STA2X11; -+ else if (pdev->vendor == 0x1c44 && pdev->device == 0x8000) -+ ahci_pci_bar = AHCI_PCI_BAR_ENMOTUS; - - /* acquire resources */ - rc = pcim_enable_device(pdev); -diff --git a/drivers/ata/ata_piix.c b/drivers/ata/ata_piix.c -index ef773e1..4cb6096 100644 ---- a/drivers/ata/ata_piix.c -+++ b/drivers/ata/ata_piix.c -@@ -339,6 +339,23 @@ static const struct pci_device_id piix_pci_tbl[] = { - { 0x8086, 0x9c09, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata }, - /* SATA Controller IDE (DH89xxCC) */ - { 0x8086, 0x2326, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata }, -+ /* SATA Controller IDE (Avoton) */ -+ { 0x8086, 0x1f20, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_sata_snb }, -+ /* SATA Controller IDE (Avoton) */ -+ { 0x8086, 0x1f21, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_sata_snb }, -+ /* SATA Controller IDE (Avoton) */ -+ { 0x8086, 0x1f30, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata }, -+ /* SATA Controller IDE (Avoton) */ -+ { 0x8086, 0x1f31, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata }, -+ /* SATA Controller IDE (Wellsburg) */ -+ { 0x8086, 0x8d00, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_sata_snb }, -+ /* SATA Controller IDE (Wellsburg) */ -+ { 0x8086, 0x8d08, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata }, -+ /* SATA Controller IDE (Wellsburg) */ -+ { 0x8086, 0x8d60, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_sata_snb }, -+ /* SATA Controller IDE (Wellsburg) */ -+ { 0x8086, 0x8d68, PCI_ANY_ID, PCI_ANY_ID, 0, 0, ich8_2port_sata }, -+ - { } /* terminate list */ - }; - -diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 8e1039c..8789aef 100644 ---- a/drivers/ata/libata-core.c -+++ b/drivers/ata/libata-core.c -@@ -2541,6 +2541,7 @@ int ata_bus_probe(struct ata_port *ap) - * bus as we may be talking too fast. - */ - dev->pio_mode = XFER_PIO_0; -+ dev->dma_mode = 0xff; - - /* If the controller has a pio mode setup function - * then use it to set the chipset to rights. Don't -diff --git a/drivers/ata/libata-eh.c b/drivers/ata/libata-eh.c -index 7d4535e..105e31f 100644 ---- a/drivers/ata/libata-eh.c -+++ b/drivers/ata/libata-eh.c -@@ -2653,6 +2653,7 @@ int ata_eh_reset(struct ata_link *link, int classify, - * bus as we may be talking too fast. - */ - dev->pio_mode = XFER_PIO_0; -+ dev->dma_mode = 0xff; - - /* If the controller has a pio mode setup function - * then use it to set the chipset to rights. Don't -diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c -index 8ec81ca..9f8b751 100644 ---- a/drivers/ata/libata-scsi.c -+++ b/drivers/ata/libata-scsi.c -@@ -309,7 +309,8 @@ ata_scsi_activity_show(struct device *dev, struct device_attribute *attr, - struct ata_port *ap = ata_shost_to_port(sdev->host); - struct ata_device *atadev = ata_scsi_find_dev(ap, sdev); - -- if (ap->ops->sw_activity_show && (ap->flags & ATA_FLAG_SW_ACTIVITY)) -+ if (atadev && ap->ops->sw_activity_show && -+ (ap->flags & ATA_FLAG_SW_ACTIVITY)) - return ap->ops->sw_activity_show(atadev, buf); - return -EINVAL; - } -@@ -324,7 +325,8 @@ ata_scsi_activity_store(struct device *dev, struct device_attribute *attr, - enum sw_activity val; - int rc; - -- if (ap->ops->sw_activity_store && (ap->flags & ATA_FLAG_SW_ACTIVITY)) { -+ if (atadev && ap->ops->sw_activity_store && -+ (ap->flags & ATA_FLAG_SW_ACTIVITY)) { - val = simple_strtoul(buf, NULL, 0); - switch (val) { - case OFF: case BLINK_ON: case BLINK_OFF: -diff --git a/drivers/ata/sata_promise.c b/drivers/ata/sata_promise.c -index 489c817..fb0dd87 100644 ---- a/drivers/ata/sata_promise.c -+++ b/drivers/ata/sata_promise.c -@@ -147,6 +147,10 @@ struct pdc_port_priv { - dma_addr_t pkt_dma; - }; - -+struct pdc_host_priv { -+ spinlock_t hard_reset_lock; -+}; -+ - static int pdc_sata_scr_read(struct ata_link *link, unsigned int sc_reg, u32 *val); - static int pdc_sata_scr_write(struct ata_link *link, unsigned int sc_reg, u32 val); - static int pdc_ata_init_one(struct pci_dev *pdev, const struct pci_device_id *ent); -@@ -801,9 +805,10 @@ static void pdc_hard_reset_port(struct ata_port *ap) - void __iomem *host_mmio = ap->host->iomap[PDC_MMIO_BAR]; - void __iomem *pcictl_b1_mmio = host_mmio + PDC_PCI_CTL + 1; - unsigned int ata_no = pdc_ata_port_to_ata_no(ap); -+ struct pdc_host_priv *hpriv = ap->host->private_data; - u8 tmp; - -- spin_lock(&ap->host->lock); -+ spin_lock(&hpriv->hard_reset_lock); - - tmp = readb(pcictl_b1_mmio); - tmp &= ~(0x10 << ata_no); -@@ -814,7 +819,7 @@ static void pdc_hard_reset_port(struct ata_port *ap) - writeb(tmp, pcictl_b1_mmio); - readb(pcictl_b1_mmio); /* flush */ - -- spin_unlock(&ap->host->lock); -+ spin_unlock(&hpriv->hard_reset_lock); - } - - static int pdc_sata_hardreset(struct ata_link *link, unsigned int *class, -@@ -1182,6 +1187,7 @@ static int pdc_ata_init_one(struct pci_dev *pdev, - const struct ata_port_info *pi = &pdc_port_info[ent->driver_data]; - const struct ata_port_info *ppi[PDC_MAX_PORTS]; - struct ata_host *host; -+ struct pdc_host_priv *hpriv; - void __iomem *host_mmio; - int n_ports, i, rc; - int is_sataii_tx4; -@@ -1218,6 +1224,11 @@ static int pdc_ata_init_one(struct pci_dev *pdev, - dev_err(&pdev->dev, "failed to allocate host\n"); - return -ENOMEM; - } -+ hpriv = devm_kzalloc(&pdev->dev, sizeof *hpriv, GFP_KERNEL); -+ if (!hpriv) -+ return -ENOMEM; -+ spin_lock_init(&hpriv->hard_reset_lock); -+ host->private_data = hpriv; - host->iomap = pcim_iomap_table(pdev); - - is_sataii_tx4 = pdc_is_sataii_tx4(pi->flags); -diff --git a/drivers/atm/iphase.h b/drivers/atm/iphase.h -index 6a0955e..53ecac5 100644 ---- a/drivers/atm/iphase.h -+++ b/drivers/atm/iphase.h -@@ -636,82 +636,82 @@ struct rx_buf_desc { - #define SEG_BASE IPHASE5575_FRAG_CONTROL_REG_BASE - #define REASS_BASE IPHASE5575_REASS_CONTROL_REG_BASE - --typedef volatile u_int freg_t; -+typedef volatile u_int ffreg_t; - typedef u_int rreg_t; - - typedef struct _ffredn_t { -- freg_t idlehead_high; /* Idle cell header (high) */ -- freg_t idlehead_low; /* Idle cell header (low) */ -- freg_t maxrate; /* Maximum rate */ -- freg_t stparms; /* Traffic Management Parameters */ -- freg_t abrubr_abr; /* ABRUBR Priority Byte 1, TCR Byte 0 */ -- freg_t rm_type; /* */ -- u_int filler5[0x17 - 0x06]; -- freg_t cmd_reg; /* Command register */ -- u_int filler18[0x20 - 0x18]; -- freg_t cbr_base; /* CBR Pointer Base */ -- freg_t vbr_base; /* VBR Pointer Base */ -- freg_t abr_base; /* ABR Pointer Base */ -- freg_t ubr_base; /* UBR Pointer Base */ -- u_int filler24; -- freg_t vbrwq_base; /* VBR Wait Queue Base */ -- freg_t abrwq_base; /* ABR Wait Queue Base */ -- freg_t ubrwq_base; /* UBR Wait Queue Base */ -- freg_t vct_base; /* Main VC Table Base */ -- freg_t vcte_base; /* Extended Main VC Table Base */ -- u_int filler2a[0x2C - 0x2A]; -- freg_t cbr_tab_beg; /* CBR Table Begin */ -- freg_t cbr_tab_end; /* CBR Table End */ -- freg_t cbr_pointer; /* CBR Pointer */ -- u_int filler2f[0x30 - 0x2F]; -- freg_t prq_st_adr; /* Packet Ready Queue Start Address */ -- freg_t prq_ed_adr; /* Packet Ready Queue End Address */ -- freg_t prq_rd_ptr; /* Packet Ready Queue read pointer */ -- freg_t prq_wr_ptr; /* Packet Ready Queue write pointer */ -- freg_t tcq_st_adr; /* Transmit Complete Queue Start Address*/ -- freg_t tcq_ed_adr; /* Transmit Complete Queue End Address */ -- freg_t tcq_rd_ptr; /* Transmit Complete Queue read pointer */ -- freg_t tcq_wr_ptr; /* Transmit Complete Queue write pointer*/ -- u_int filler38[0x40 - 0x38]; -- freg_t queue_base; /* Base address for PRQ and TCQ */ -- freg_t desc_base; /* Base address of descriptor table */ -- u_int filler42[0x45 - 0x42]; -- freg_t mode_reg_0; /* Mode register 0 */ -- freg_t mode_reg_1; /* Mode register 1 */ -- freg_t intr_status_reg;/* Interrupt Status register */ -- freg_t mask_reg; /* Mask Register */ -- freg_t cell_ctr_high1; /* Total cell transfer count (high) */ -- freg_t cell_ctr_lo1; /* Total cell transfer count (low) */ -- freg_t state_reg; /* Status register */ -- u_int filler4c[0x58 - 0x4c]; -- freg_t curr_desc_num; /* Contains the current descriptor num */ -- freg_t next_desc; /* Next descriptor */ -- freg_t next_vc; /* Next VC */ -- u_int filler5b[0x5d - 0x5b]; -- freg_t present_slot_cnt;/* Present slot count */ -- u_int filler5e[0x6a - 0x5e]; -- freg_t new_desc_num; /* New descriptor number */ -- freg_t new_vc; /* New VC */ -- freg_t sched_tbl_ptr; /* Schedule table pointer */ -- freg_t vbrwq_wptr; /* VBR wait queue write pointer */ -- freg_t vbrwq_rptr; /* VBR wait queue read pointer */ -- freg_t abrwq_wptr; /* ABR wait queue write pointer */ -- freg_t abrwq_rptr; /* ABR wait queue read pointer */ -- freg_t ubrwq_wptr; /* UBR wait queue write pointer */ -- freg_t ubrwq_rptr; /* UBR wait queue read pointer */ -- freg_t cbr_vc; /* CBR VC */ -- freg_t vbr_sb_vc; /* VBR SB VC */ -- freg_t abr_sb_vc; /* ABR SB VC */ -- freg_t ubr_sb_vc; /* UBR SB VC */ -- freg_t vbr_next_link; /* VBR next link */ -- freg_t abr_next_link; /* ABR next link */ -- freg_t ubr_next_link; /* UBR next link */ -- u_int filler7a[0x7c-0x7a]; -- freg_t out_rate_head; /* Out of rate head */ -- u_int filler7d[0xca-0x7d]; /* pad out to full address space */ -- freg_t cell_ctr_high1_nc;/* Total cell transfer count (high) */ -- freg_t cell_ctr_lo1_nc;/* Total cell transfer count (low) */ -- u_int fillercc[0x100-0xcc]; /* pad out to full address space */ -+ ffreg_t idlehead_high; /* Idle cell header (high) */ -+ ffreg_t idlehead_low; /* Idle cell header (low) */ -+ ffreg_t maxrate; /* Maximum rate */ -+ ffreg_t stparms; /* Traffic Management Parameters */ -+ ffreg_t abrubr_abr; /* ABRUBR Priority Byte 1, TCR Byte 0 */ -+ ffreg_t rm_type; /* */ -+ u_int filler5[0x17 - 0x06]; -+ ffreg_t cmd_reg; /* Command register */ -+ u_int filler18[0x20 - 0x18]; -+ ffreg_t cbr_base; /* CBR Pointer Base */ -+ ffreg_t vbr_base; /* VBR Pointer Base */ -+ ffreg_t abr_base; /* ABR Pointer Base */ -+ ffreg_t ubr_base; /* UBR Pointer Base */ -+ u_int filler24; -+ ffreg_t vbrwq_base; /* VBR Wait Queue Base */ -+ ffreg_t abrwq_base; /* ABR Wait Queue Base */ -+ ffreg_t ubrwq_base; /* UBR Wait Queue Base */ -+ ffreg_t vct_base; /* Main VC Table Base */ -+ ffreg_t vcte_base; /* Extended Main VC Table Base */ -+ u_int filler2a[0x2C - 0x2A]; -+ ffreg_t cbr_tab_beg; /* CBR Table Begin */ -+ ffreg_t cbr_tab_end; /* CBR Table End */ -+ ffreg_t cbr_pointer; /* CBR Pointer */ -+ u_int filler2f[0x30 - 0x2F]; -+ ffreg_t prq_st_adr; /* Packet Ready Queue Start Address */ -+ ffreg_t prq_ed_adr; /* Packet Ready Queue End Address */ -+ ffreg_t prq_rd_ptr; /* Packet Ready Queue read pointer */ -+ ffreg_t prq_wr_ptr; /* Packet Ready Queue write pointer */ -+ ffreg_t tcq_st_adr; /* Transmit Complete Queue Start Address*/ -+ ffreg_t tcq_ed_adr; /* Transmit Complete Queue End Address */ -+ ffreg_t tcq_rd_ptr; /* Transmit Complete Queue read pointer */ -+ ffreg_t tcq_wr_ptr; /* Transmit Complete Queue write pointer*/ -+ u_int filler38[0x40 - 0x38]; -+ ffreg_t queue_base; /* Base address for PRQ and TCQ */ -+ ffreg_t desc_base; /* Base address of descriptor table */ -+ u_int filler42[0x45 - 0x42]; -+ ffreg_t mode_reg_0; /* Mode register 0 */ -+ ffreg_t mode_reg_1; /* Mode register 1 */ -+ ffreg_t intr_status_reg;/* Interrupt Status register */ -+ ffreg_t mask_reg; /* Mask Register */ -+ ffreg_t cell_ctr_high1; /* Total cell transfer count (high) */ -+ ffreg_t cell_ctr_lo1; /* Total cell transfer count (low) */ -+ ffreg_t state_reg; /* Status register */ -+ u_int filler4c[0x58 - 0x4c]; -+ ffreg_t curr_desc_num; /* Contains the current descriptor num */ -+ ffreg_t next_desc; /* Next descriptor */ -+ ffreg_t next_vc; /* Next VC */ -+ u_int filler5b[0x5d - 0x5b]; -+ ffreg_t present_slot_cnt;/* Present slot count */ -+ u_int filler5e[0x6a - 0x5e]; -+ ffreg_t new_desc_num; /* New descriptor number */ -+ ffreg_t new_vc; /* New VC */ -+ ffreg_t sched_tbl_ptr; /* Schedule table pointer */ -+ ffreg_t vbrwq_wptr; /* VBR wait queue write pointer */ -+ ffreg_t vbrwq_rptr; /* VBR wait queue read pointer */ -+ ffreg_t abrwq_wptr; /* ABR wait queue write pointer */ -+ ffreg_t abrwq_rptr; /* ABR wait queue read pointer */ -+ ffreg_t ubrwq_wptr; /* UBR wait queue write pointer */ -+ ffreg_t ubrwq_rptr; /* UBR wait queue read pointer */ -+ ffreg_t cbr_vc; /* CBR VC */ -+ ffreg_t vbr_sb_vc; /* VBR SB VC */ -+ ffreg_t abr_sb_vc; /* ABR SB VC */ -+ ffreg_t ubr_sb_vc; /* UBR SB VC */ -+ ffreg_t vbr_next_link; /* VBR next link */ -+ ffreg_t abr_next_link; /* ABR next link */ -+ ffreg_t ubr_next_link; /* UBR next link */ -+ u_int filler7a[0x7c-0x7a]; -+ ffreg_t out_rate_head; /* Out of rate head */ -+ u_int filler7d[0xca-0x7d]; /* pad out to full address space */ -+ ffreg_t cell_ctr_high1_nc;/* Total cell transfer count (high) */ -+ ffreg_t cell_ctr_lo1_nc;/* Total cell transfer count (low) */ -+ u_int fillercc[0x100-0xcc]; /* pad out to full address space */ - } ffredn_t; - - typedef struct _rfredn_t { -diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c -index 9851093..1853a45 100644 ---- a/drivers/atm/solos-pci.c -+++ b/drivers/atm/solos-pci.c -@@ -967,10 +967,11 @@ static uint32_t fpga_tx(struct solos_card *card) - for (port = 0; tx_pending; tx_pending >>= 1, port++) { - if (tx_pending & 1) { - struct sk_buff *oldskb = card->tx_skb[port]; -- if (oldskb) -+ if (oldskb) { - pci_unmap_single(card->dev, SKB_CB(oldskb)->dma_addr, - oldskb->len, PCI_DMA_TODEVICE); -- -+ card->tx_skb[port] = NULL; -+ } - spin_lock(&card->tx_queue_lock); - skb = skb_dequeue(&card->tx_queue[port]); - if (!skb) -diff --git a/drivers/base/bus.c b/drivers/base/bus.c -index 181ed26..513a02d 100644 ---- a/drivers/base/bus.c -+++ b/drivers/base/bus.c -@@ -293,7 +293,7 @@ int bus_for_each_dev(struct bus_type *bus, struct device *start, - struct device *dev; - int error = 0; - -- if (!bus) -+ if (!bus || !bus->p) - return -EINVAL; - - klist_iter_init_node(&bus->p->klist_devices, &i, -@@ -327,7 +327,7 @@ struct device *bus_find_device(struct bus_type *bus, - struct klist_iter i; - struct device *dev; - -- if (!bus) -+ if (!bus || !bus->p) - return NULL; - - klist_iter_init_node(&bus->p->klist_devices, &i, -diff --git a/drivers/base/dd.c b/drivers/base/dd.c -index e3bbed8..61d3e1b 100644 ---- a/drivers/base/dd.c -+++ b/drivers/base/dd.c -@@ -172,6 +172,8 @@ static int deferred_probe_initcall(void) - - driver_deferred_probe_enable = true; - driver_deferred_probe_trigger(); -+ /* Sort as many dependencies as possible before exiting initcalls */ -+ flush_workqueue(deferred_wq); - return 0; - } - late_initcall(deferred_probe_initcall); -diff --git a/drivers/base/regmap/regmap-debugfs.c b/drivers/base/regmap/regmap-debugfs.c -index bb1ff17..c394041 100644 ---- a/drivers/base/regmap/regmap-debugfs.c -+++ b/drivers/base/regmap/regmap-debugfs.c -@@ -90,7 +90,7 @@ static ssize_t regmap_map_read_file(struct file *file, char __user *user_buf, - /* If we're in the region the user is trying to read */ - if (p >= *ppos) { - /* ...but not beyond it */ -- if (buf_pos >= count - 1 - tot_len) -+ if (buf_pos + 1 + tot_len >= count) - break; - - /* Format the register */ -diff --git a/drivers/bcma/driver_mips.c b/drivers/bcma/driver_mips.c -index cc65b45..b4e83b8 100644 ---- a/drivers/bcma/driver_mips.c -+++ b/drivers/bcma/driver_mips.c -@@ -115,7 +115,7 @@ static void bcma_core_mips_set_irq(struct bcma_device *dev, unsigned int irq) - bcma_read32(mdev, BCMA_MIPS_MIPS74K_INTMASK(0)) & - ~(1 << irqflag)); - else -- bcma_write32(mdev, BCMA_MIPS_MIPS74K_INTMASK(irq), 0); -+ bcma_write32(mdev, BCMA_MIPS_MIPS74K_INTMASK(oldirq), 0); - - /* assign the new one */ - if (irq == 0) { -diff --git a/drivers/block/aoe/aoe.h b/drivers/block/aoe/aoe.h -index db195ab..e49ddd0 100644 ---- a/drivers/block/aoe/aoe.h -+++ b/drivers/block/aoe/aoe.h -@@ -1,5 +1,5 @@ - /* Copyright (c) 2007 Coraid, Inc. See COPYING for GPL terms. */ --#define VERSION "47" -+#define VERSION "47q" - #define AOE_MAJOR 152 - #define DEVICE_NAME "aoe" - -diff --git a/drivers/block/aoe/aoeblk.c b/drivers/block/aoe/aoeblk.c -index 321de7b..7eca463 100644 ---- a/drivers/block/aoe/aoeblk.c -+++ b/drivers/block/aoe/aoeblk.c -@@ -276,8 +276,6 @@ aoeblk_gdalloc(void *vp) - goto err_mempool; - blk_queue_make_request(d->blkq, aoeblk_make_request); - d->blkq->backing_dev_info.name = "aoe"; -- if (bdi_init(&d->blkq->backing_dev_info)) -- goto err_blkq; - spin_lock_irqsave(&d->lock, flags); - gd->major = AOE_MAJOR; - gd->first_minor = d->sysminor * AOE_PARTITIONS; -@@ -298,9 +296,6 @@ aoeblk_gdalloc(void *vp) - aoedisk_add_sysfs(d); - return; - --err_blkq: -- blk_cleanup_queue(d->blkq); -- d->blkq = NULL; - err_mempool: - mempool_destroy(d->bufpool); - err_disk: -diff --git a/drivers/block/rbd.c b/drivers/block/rbd.c -index 54a55f0..7aac910 100644 ---- a/drivers/block/rbd.c -+++ b/drivers/block/rbd.c -@@ -69,7 +69,7 @@ - #define DEV_NAME_LEN 32 - #define MAX_INT_FORMAT_WIDTH ((5 * sizeof (int)) / 2 + 1) - --#define RBD_NOTIFY_TIMEOUT_DEFAULT 10 -+#define RBD_READ_ONLY_DEFAULT false - - /* - * block device image metadata (in-memory version) -@@ -91,7 +91,7 @@ struct rbd_image_header { - }; - - struct rbd_options { -- int notify_timeout; -+ bool read_only; - }; - - /* -@@ -177,7 +177,7 @@ struct rbd_device { - u64 snap_id; /* current snapshot id */ - /* whether the snap_id this device reads from still exists */ - bool snap_exists; -- int read_only; -+ bool read_only; - - struct list_head node; - -@@ -186,6 +186,7 @@ struct rbd_device { - - /* sysfs related */ - struct device dev; -+ unsigned long open_count; - }; - - static DEFINE_MUTEX(ctl_mutex); /* Serialize open/close/setup/teardown */ -@@ -249,8 +250,11 @@ static int rbd_open(struct block_device *bdev, fmode_t mode) - if ((mode & FMODE_WRITE) && rbd_dev->read_only) - return -EROFS; - -+ mutex_lock_nested(&ctl_mutex, SINGLE_DEPTH_NESTING); - rbd_get_dev(rbd_dev); - set_device_ro(bdev, rbd_dev->read_only); -+ rbd_dev->open_count++; -+ mutex_unlock(&ctl_mutex); - - return 0; - } -@@ -259,7 +263,11 @@ static int rbd_release(struct gendisk *disk, fmode_t mode) - { - struct rbd_device *rbd_dev = disk->private_data; - -+ mutex_lock_nested(&ctl_mutex, SINGLE_DEPTH_NESTING); -+ BUG_ON(!rbd_dev->open_count); -+ rbd_dev->open_count--; - rbd_put_dev(rbd_dev); -+ mutex_unlock(&ctl_mutex); - - return 0; - } -@@ -341,17 +349,24 @@ static struct rbd_client *__rbd_client_find(struct ceph_options *ceph_opts) - * mount options - */ - enum { -- Opt_notify_timeout, - Opt_last_int, - /* int args above */ - Opt_last_string, - /* string args above */ -+ Opt_read_only, -+ Opt_read_write, -+ /* Boolean args above */ -+ Opt_last_bool, - }; - - static match_table_t rbd_opts_tokens = { -- {Opt_notify_timeout, "notify_timeout=%d"}, - /* int args above */ - /* string args above */ -+ {Opt_read_only, "read_only"}, -+ {Opt_read_only, "ro"}, /* Alternate spelling */ -+ {Opt_read_write, "read_write"}, -+ {Opt_read_write, "rw"}, /* Alternate spelling */ -+ /* Boolean args above */ - {-1, NULL} - }; - -@@ -376,13 +391,18 @@ static int parse_rbd_opts_token(char *c, void *private) - } else if (token > Opt_last_int && token < Opt_last_string) { - dout("got string token %d val %s\n", token, - argstr[0].from); -+ } else if (token > Opt_last_string && token < Opt_last_bool) { -+ dout("got Boolean token %d\n", token); - } else { - dout("got token %d\n", token); - } - - switch (token) { -- case Opt_notify_timeout: -- rbd_opts->notify_timeout = intval; -+ case Opt_read_only: -+ rbd_opts->read_only = true; -+ break; -+ case Opt_read_write: -+ rbd_opts->read_only = false; - break; - default: - BUG_ON(token); -@@ -406,7 +426,7 @@ static struct rbd_client *rbd_get_client(const char *mon_addr, - if (!rbd_opts) - return ERR_PTR(-ENOMEM); - -- rbd_opts->notify_timeout = RBD_NOTIFY_TIMEOUT_DEFAULT; -+ rbd_opts->read_only = RBD_READ_ONLY_DEFAULT; - - ceph_opts = ceph_parse_options(options, mon_addr, - mon_addr + mon_addr_len, -@@ -606,7 +626,7 @@ static int rbd_header_set_snap(struct rbd_device *rbd_dev, u64 *size) - sizeof (RBD_SNAP_HEAD_NAME))) { - rbd_dev->snap_id = CEPH_NOSNAP; - rbd_dev->snap_exists = false; -- rbd_dev->read_only = 0; -+ rbd_dev->read_only = rbd_dev->rbd_opts.read_only; - if (size) - *size = rbd_dev->header.image_size; - } else { -@@ -618,7 +638,7 @@ static int rbd_header_set_snap(struct rbd_device *rbd_dev, u64 *size) - goto done; - rbd_dev->snap_id = snap_id; - rbd_dev->snap_exists = true; -- rbd_dev->read_only = 1; -+ rbd_dev->read_only = true; /* No choice for snapshots */ - } - - ret = 0; -@@ -938,8 +958,9 @@ static int rbd_do_request(struct request *rq, - layout->fl_stripe_count = cpu_to_le32(1); - layout->fl_object_size = cpu_to_le32(1 << RBD_MAX_OBJ_ORDER); - layout->fl_pg_pool = cpu_to_le32(rbd_dev->pool_id); -- ceph_calc_raw_layout(osdc, layout, snapid, ofs, &len, &bno, -- req, ops); -+ ret = ceph_calc_raw_layout(osdc, layout, snapid, ofs, &len, &bno, -+ req, ops); -+ rbd_assert(ret == 0); - - ceph_osdc_build_request(req, ofs, &len, - ops, -@@ -2260,8 +2281,8 @@ static void rbd_id_put(struct rbd_device *rbd_dev) - struct rbd_device *rbd_dev; - - rbd_dev = list_entry(tmp, struct rbd_device, node); -- if (rbd_id > max_id) -- max_id = rbd_id; -+ if (rbd_dev->id > max_id) -+ max_id = rbd_dev->id; - } - spin_unlock(&rbd_dev_list_lock); - -@@ -2623,6 +2644,11 @@ static ssize_t rbd_remove(struct bus_type *bus, - goto done; - } - -+ if (rbd_dev->open_count) { -+ ret = -EBUSY; -+ goto done; -+ } -+ - __rbd_remove_all_snaps(rbd_dev); - rbd_bus_del_dev(rbd_dev); - -diff --git a/drivers/block/sunvdc.c b/drivers/block/sunvdc.c -index 9dcf76a..31dd451 100644 ---- a/drivers/block/sunvdc.c -+++ b/drivers/block/sunvdc.c -@@ -461,7 +461,7 @@ static int generic_request(struct vdc_port *port, u8 op, void *buf, int len) - int op_len, err; - void *req_buf; - -- if (!(((u64)1 << ((u64)op - 1)) & port->operations)) -+ if (!(((u64)1 << (u64)op) & port->operations)) - return -EOPNOTSUPP; - - switch (op) { -diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c -index c6decb9..73d8c92 100644 ---- a/drivers/block/xen-blkback/blkback.c -+++ b/drivers/block/xen-blkback/blkback.c -@@ -623,7 +623,6 @@ static int dispatch_rw_block_io(struct xen_blkif *blkif, - goto fail_response; - } - -- preq.dev = req->u.rw.handle; - preq.sector_number = req->u.rw.sector_number; - preq.nr_sects = 0; - -diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c -index 4f66171..a155254 100644 ---- a/drivers/block/xen-blkback/xenbus.c -+++ b/drivers/block/xen-blkback/xenbus.c -@@ -367,6 +367,7 @@ static int xen_blkbk_remove(struct xenbus_device *dev) - be->blkif = NULL; - } - -+ kfree(be->mode); - kfree(be); - dev_set_drvdata(&dev->dev, NULL); - return 0; -@@ -502,6 +503,7 @@ static void backend_changed(struct xenbus_watch *watch, - = container_of(watch, struct backend_info, backend_watch); - struct xenbus_device *dev = be->dev; - int cdrom = 0; -+ unsigned long handle; - char *device_type; - - DPRINTK(""); -@@ -521,10 +523,10 @@ static void backend_changed(struct xenbus_watch *watch, - return; - } - -- if ((be->major || be->minor) && -- ((be->major != major) || (be->minor != minor))) { -- pr_warn(DRV_PFX "changing physical device (from %x:%x to %x:%x) not supported.\n", -- be->major, be->minor, major, minor); -+ if (be->major | be->minor) { -+ if (be->major != major || be->minor != minor) -+ pr_warn(DRV_PFX "changing physical device (from %x:%x to %x:%x) not supported.\n", -+ be->major, be->minor, major, minor); - return; - } - -@@ -542,36 +544,33 @@ static void backend_changed(struct xenbus_watch *watch, - kfree(device_type); - } - -- if (be->major == 0 && be->minor == 0) { -- /* Front end dir is a number, which is used as the handle. */ -- -- char *p = strrchr(dev->otherend, '/') + 1; -- long handle; -- err = strict_strtoul(p, 0, &handle); -- if (err) -- return; -+ /* Front end dir is a number, which is used as the handle. */ -+ err = strict_strtoul(strrchr(dev->otherend, '/') + 1, 0, &handle); -+ if (err) -+ return; - -- be->major = major; -- be->minor = minor; -+ be->major = major; -+ be->minor = minor; - -- err = xen_vbd_create(be->blkif, handle, major, minor, -- (NULL == strchr(be->mode, 'w')), cdrom); -- if (err) { -- be->major = 0; -- be->minor = 0; -- xenbus_dev_fatal(dev, err, "creating vbd structure"); -- return; -- } -+ err = xen_vbd_create(be->blkif, handle, major, minor, -+ !strchr(be->mode, 'w'), cdrom); - -+ if (err) -+ xenbus_dev_fatal(dev, err, "creating vbd structure"); -+ else { - err = xenvbd_sysfs_addif(dev); - if (err) { - xen_vbd_free(&be->blkif->vbd); -- be->major = 0; -- be->minor = 0; - xenbus_dev_fatal(dev, err, "creating sysfs entries"); -- return; - } -+ } - -+ if (err) { -+ kfree(be->mode); -+ be->mode = NULL; -+ be->major = 0; -+ be->minor = 0; -+ } else { - /* We're potentially connected now */ - xen_update_blkif_status(be->blkif); - } -diff --git a/drivers/bluetooth/ath3k.c b/drivers/bluetooth/ath3k.c -index fc2de55..b00000e 100644 ---- a/drivers/bluetooth/ath3k.c -+++ b/drivers/bluetooth/ath3k.c -@@ -67,6 +67,7 @@ static struct usb_device_id ath3k_table[] = { - { USB_DEVICE(0x13d3, 0x3304) }, - { USB_DEVICE(0x0930, 0x0215) }, - { USB_DEVICE(0x0489, 0xE03D) }, -+ { USB_DEVICE(0x0489, 0xE027) }, - - /* Atheros AR9285 Malbec with sflash firmware */ - { USB_DEVICE(0x03F0, 0x311D) }, -diff --git a/drivers/bluetooth/btusb.c b/drivers/bluetooth/btusb.c -index 654e248..e023c65 100644 ---- a/drivers/bluetooth/btusb.c -+++ b/drivers/bluetooth/btusb.c -@@ -123,6 +123,7 @@ static struct usb_device_id blacklist_table[] = { - { USB_DEVICE(0x13d3, 0x3304), .driver_info = BTUSB_IGNORE }, - { USB_DEVICE(0x0930, 0x0215), .driver_info = BTUSB_IGNORE }, - { USB_DEVICE(0x0489, 0xe03d), .driver_info = BTUSB_IGNORE }, -+ { USB_DEVICE(0x0489, 0xe027), .driver_info = BTUSB_IGNORE }, - - /* Atheros AR9285 Malbec with sflash firmware */ - { USB_DEVICE(0x03f0, 0x311d), .driver_info = BTUSB_IGNORE }, -diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c -index cdf2f54..f77e341 100644 ---- a/drivers/char/virtio_console.c -+++ b/drivers/char/virtio_console.c -@@ -1808,7 +1808,8 @@ static void virtcons_remove(struct virtio_device *vdev) - /* Disable interrupts for vqs */ - vdev->config->reset(vdev); - /* Finish up work that's lined up */ -- cancel_work_sync(&portdev->control_work); -+ if (use_multiport(portdev)) -+ cancel_work_sync(&portdev->control_work); - - list_for_each_entry_safe(port, port2, &portdev->ports, list) - unplug_port(port); -diff --git a/drivers/dca/dca-core.c b/drivers/dca/dca-core.c -index bc6f5fa..819dfda 100644 ---- a/drivers/dca/dca-core.c -+++ b/drivers/dca/dca-core.c -@@ -420,6 +420,11 @@ void unregister_dca_provider(struct dca_provider *dca, struct device *dev) - - raw_spin_lock_irqsave(&dca_lock, flags); - -+ if (list_empty(&dca_domains)) { -+ raw_spin_unlock_irqrestore(&dca_lock, flags); -+ return; -+ } -+ - list_del(&dca->node); - - pci_rc = dca_pci_rc_from_dev(dev); -diff --git a/drivers/dma/ioat/dma_v3.c b/drivers/dma/ioat/dma_v3.c -index f7f1dc6..ed0e8b7 100644 ---- a/drivers/dma/ioat/dma_v3.c -+++ b/drivers/dma/ioat/dma_v3.c -@@ -951,7 +951,7 @@ static int __devinit ioat_xor_val_self_test(struct ioatdma_device *device) - goto free_resources; - } - } -- dma_sync_single_for_device(dev, dest_dma, PAGE_SIZE, DMA_TO_DEVICE); -+ dma_sync_single_for_device(dev, dest_dma, PAGE_SIZE, DMA_FROM_DEVICE); - - /* skip validate if the capability is not present */ - if (!dma_has_cap(DMA_XOR_VAL, dma_chan->device->cap_mask)) -diff --git a/drivers/edac/edac_pci_sysfs.c b/drivers/edac/edac_pci_sysfs.c -index e164c55..1bfb207 100644 ---- a/drivers/edac/edac_pci_sysfs.c -+++ b/drivers/edac/edac_pci_sysfs.c -@@ -256,7 +256,7 @@ static ssize_t edac_pci_dev_store(struct kobject *kobj, - struct edac_pci_dev_attribute *edac_pci_dev; - edac_pci_dev = (struct edac_pci_dev_attribute *)attr; - -- if (edac_pci_dev->show) -+ if (edac_pci_dev->store) - return edac_pci_dev->store(edac_pci_dev->value, buffer, count); - return -EIO; - } -diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c -index 7a05fd2..841c78d 100644 ---- a/drivers/firewire/core-device.c -+++ b/drivers/firewire/core-device.c -@@ -1019,6 +1019,10 @@ static void fw_device_init(struct work_struct *work) - ret = idr_pre_get(&fw_device_idr, GFP_KERNEL) ? - idr_get_new(&fw_device_idr, device, &minor) : - -ENOMEM; -+ if (minor >= 1 << MINORBITS) { -+ idr_remove(&fw_device_idr, minor); -+ minor = -ENOSPC; -+ } - up_write(&fw_device_rwsem); - - if (ret < 0) -diff --git a/drivers/firewire/net.c b/drivers/firewire/net.c -index 08c6749..638e1f7 100644 ---- a/drivers/firewire/net.c -+++ b/drivers/firewire/net.c -@@ -861,8 +861,8 @@ static void fwnet_receive_broadcast(struct fw_iso_context *context, - if (specifier_id == IANA_SPECIFIER_ID && ver == RFC2734_SW_VERSION) { - buf_ptr += 2; - length -= IEEE1394_GASP_HDR_SIZE; -- fwnet_incoming_packet(dev, buf_ptr, length, -- source_node_id, -1, true); -+ fwnet_incoming_packet(dev, buf_ptr, length, source_node_id, -+ context->card->generation, true); - } - - packet.payload_length = dev->rcv_buffer_size; -@@ -958,7 +958,12 @@ static void fwnet_transmit_packet_done(struct fwnet_packet_task *ptask) - break; - } - -- skb_pull(skb, ptask->max_payload); -+ if (ptask->dest_node == IEEE1394_ALL_NODES) { -+ skb_pull(skb, -+ ptask->max_payload + IEEE1394_GASP_HDR_SIZE); -+ } else { -+ skb_pull(skb, ptask->max_payload); -+ } - if (ptask->outstanding_pkts > 1) { - fwnet_make_sf_hdr(&ptask->hdr, RFC2374_HDR_INTFRAG, - dg_size, fg_off, datagram_label); -@@ -1062,7 +1067,7 @@ static int fwnet_send_packet(struct fwnet_packet_task *ptask) - smp_rmb(); - node_id = dev->card->node_id; - -- p = skb_push(ptask->skb, 8); -+ p = skb_push(ptask->skb, IEEE1394_GASP_HDR_SIZE); - put_unaligned_be32(node_id << 16 | IANA_SPECIFIER_ID >> 8, p); - put_unaligned_be32((IANA_SPECIFIER_ID & 0xff) << 24 - | RFC2734_SW_VERSION, &p[4]); -diff --git a/drivers/firmware/dmi_scan.c b/drivers/firmware/dmi_scan.c -index b298158..982f1f5 100644 ---- a/drivers/firmware/dmi_scan.c -+++ b/drivers/firmware/dmi_scan.c -@@ -16,6 +16,7 @@ - */ - static char dmi_empty_string[] = " "; - -+static u16 __initdata dmi_ver; - /* - * Catch too early calls to dmi_check_system(): - */ -@@ -118,12 +119,12 @@ static int __init dmi_walk_early(void (*decode)(const struct dmi_header *, - return 0; - } - --static int __init dmi_checksum(const u8 *buf) -+static int __init dmi_checksum(const u8 *buf, u8 len) - { - u8 sum = 0; - int a; - -- for (a = 0; a < 15; a++) -+ for (a = 0; a < len; a++) - sum += buf[a]; - - return sum == 0; -@@ -161,8 +162,10 @@ static void __init dmi_save_uuid(const struct dmi_header *dm, int slot, int inde - return; - - for (i = 0; i < 16 && (is_ff || is_00); i++) { -- if(d[i] != 0x00) is_ff = 0; -- if(d[i] != 0xFF) is_00 = 0; -+ if (d[i] != 0x00) -+ is_00 = 0; -+ if (d[i] != 0xFF) -+ is_ff = 0; - } - - if (is_ff || is_00) -@@ -172,7 +175,15 @@ static void __init dmi_save_uuid(const struct dmi_header *dm, int slot, int inde - if (!s) - return; - -- sprintf(s, "%pUB", d); -+ /* -+ * As of version 2.6 of the SMBIOS specification, the first 3 fields of -+ * the UUID are supposed to be little-endian encoded. The specification -+ * says that this is the defacto standard. -+ */ -+ if (dmi_ver >= 0x0206) -+ sprintf(s, "%pUL", d); -+ else -+ sprintf(s, "%pUB", d); - - dmi_ident[slot] = s; - } -@@ -404,35 +415,63 @@ static int __init dmi_present(const char __iomem *p) - u8 buf[15]; - - memcpy_fromio(buf, p, 15); -- if ((memcmp(buf, "_DMI_", 5) == 0) && dmi_checksum(buf)) { -+ if (dmi_checksum(buf, 15)) { - dmi_num = (buf[13] << 8) | buf[12]; - dmi_len = (buf[7] << 8) | buf[6]; - dmi_base = (buf[11] << 24) | (buf[10] << 16) | - (buf[9] << 8) | buf[8]; - -- /* -- * DMI version 0.0 means that the real version is taken from -- * the SMBIOS version, which we don't know at this point. -- */ -- if (buf[14] != 0) -- printk(KERN_INFO "DMI %d.%d present.\n", -- buf[14] >> 4, buf[14] & 0xF); -- else -- printk(KERN_INFO "DMI present.\n"); - if (dmi_walk_early(dmi_decode) == 0) { -+ if (dmi_ver) -+ pr_info("SMBIOS %d.%d present.\n", -+ dmi_ver >> 8, dmi_ver & 0xFF); -+ else { -+ dmi_ver = (buf[14] & 0xF0) << 4 | -+ (buf[14] & 0x0F); -+ pr_info("Legacy DMI %d.%d present.\n", -+ dmi_ver >> 8, dmi_ver & 0xFF); -+ } - dmi_dump_ids(); - return 0; - } - } -+ dmi_ver = 0; - return 1; - } - -+static int __init smbios_present(const char __iomem *p) -+{ -+ u8 buf[32]; -+ int offset = 0; -+ -+ memcpy_fromio(buf, p, 32); -+ if ((buf[5] < 32) && dmi_checksum(buf, buf[5])) { -+ dmi_ver = (buf[6] << 8) + buf[7]; -+ -+ /* Some BIOS report weird SMBIOS version, fix that up */ -+ switch (dmi_ver) { -+ case 0x021F: -+ case 0x0221: -+ pr_debug("SMBIOS version fixup(2.%d->2.%d)\n", -+ dmi_ver & 0xFF, 3); -+ dmi_ver = 0x0203; -+ break; -+ case 0x0233: -+ pr_debug("SMBIOS version fixup(2.%d->2.%d)\n", 51, 6); -+ dmi_ver = 0x0206; -+ break; -+ } -+ offset = 16; -+ } -+ return dmi_present(buf + offset); -+} -+ - void __init dmi_scan_machine(void) - { - char __iomem *p, *q; - int rc; - -- if (efi_enabled) { -+ if (efi_enabled(EFI_CONFIG_TABLES)) { - if (efi.smbios == EFI_INVALID_TABLE_ADDR) - goto error; - -@@ -444,7 +483,7 @@ void __init dmi_scan_machine(void) - if (p == NULL) - goto error; - -- rc = dmi_present(p + 0x10); /* offset of _DMI_ string */ -+ rc = smbios_present(p); - dmi_iounmap(p, 32); - if (!rc) { - dmi_available = 1; -@@ -462,7 +501,12 @@ void __init dmi_scan_machine(void) - goto error; - - for (q = p; q < p + 0x10000; q += 16) { -- rc = dmi_present(q); -+ if (memcmp(q, "_SM_", 4) == 0 && q - p <= 0xFFE0) -+ rc = smbios_present(q); -+ else if (memcmp(q, "_DMI_", 5) == 0) -+ rc = dmi_present(q); -+ else -+ continue; - if (!rc) { - dmi_available = 1; - dmi_iounmap(p, 0x10000); -diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c -index d10c987..bfd8f43 100644 ---- a/drivers/firmware/efivars.c -+++ b/drivers/firmware/efivars.c -@@ -1224,7 +1224,7 @@ efivars_init(void) - printk(KERN_INFO "EFI Variables Facility v%s %s\n", EFIVARS_VERSION, - EFIVARS_DATE); - -- if (!efi_enabled) -+ if (!efi_enabled(EFI_RUNTIME_SERVICES)) - return 0; - - /* For now we'll register the efi directory at /sys/firmware/efi */ -@@ -1262,7 +1262,7 @@ err_put: - static void __exit - efivars_exit(void) - { -- if (efi_enabled) { -+ if (efi_enabled(EFI_RUNTIME_SERVICES)) { - unregister_efivars(&__efivars); - kobject_put(efi_kobj); - } -diff --git a/drivers/firmware/iscsi_ibft_find.c b/drivers/firmware/iscsi_ibft_find.c -index 4da4eb9..2224f1d 100644 ---- a/drivers/firmware/iscsi_ibft_find.c -+++ b/drivers/firmware/iscsi_ibft_find.c -@@ -99,7 +99,7 @@ unsigned long __init find_ibft_region(unsigned long *sizep) - /* iBFT 1.03 section 1.4.3.1 mandates that UEFI machines will - * only use ACPI for this */ - -- if (!efi_enabled) -+ if (!efi_enabled(EFI_BOOT)) - find_ibft_in_mem(); - - if (ibft_addr) { -diff --git a/drivers/gpu/drm/drm_crtc.c b/drivers/gpu/drm/drm_crtc.c -index af81f77..3859f43 100644 ---- a/drivers/gpu/drm/drm_crtc.c -+++ b/drivers/gpu/drm/drm_crtc.c -@@ -2023,7 +2023,7 @@ uint32_t drm_mode_legacy_fb_format(uint32_t bpp, uint32_t depth) - - switch (bpp) { - case 8: -- fmt = DRM_FORMAT_RGB332; -+ fmt = DRM_FORMAT_C8; - break; - case 16: - if (depth == 15) -@@ -3633,6 +3633,7 @@ void drm_fb_get_bpp_depth(uint32_t format, unsigned int *depth, - int *bpp) - { - switch (format) { -+ case DRM_FORMAT_C8: - case DRM_FORMAT_RGB332: - case DRM_FORMAT_BGR233: - *depth = 8; -diff --git a/drivers/gpu/drm/drm_edid.c b/drivers/gpu/drm/drm_edid.c -index b7ee230..7906edd 100644 ---- a/drivers/gpu/drm/drm_edid.c -+++ b/drivers/gpu/drm/drm_edid.c -@@ -1924,7 +1924,8 @@ int drm_add_edid_modes(struct drm_connector *connector, struct edid *edid) - num_modes += add_cvt_modes(connector, edid); - num_modes += add_standard_modes(connector, edid); - num_modes += add_established_modes(connector, edid); -- num_modes += add_inferred_modes(connector, edid); -+ if (edid->features & DRM_EDID_FEATURE_DEFAULT_GTF) -+ num_modes += add_inferred_modes(connector, edid); - num_modes += add_cea_modes(connector, edid); - - if (quirks & (EDID_QUIRK_PREFER_LARGE_60 | EDID_QUIRK_PREFER_LARGE_75)) -diff --git a/drivers/gpu/drm/drm_usb.c b/drivers/gpu/drm/drm_usb.c -index 37c9a52..767782a 100644 ---- a/drivers/gpu/drm/drm_usb.c -+++ b/drivers/gpu/drm/drm_usb.c -@@ -18,7 +18,7 @@ int drm_get_usb_dev(struct usb_interface *interface, - - usbdev = interface_to_usbdev(interface); - dev->usbdev = usbdev; -- dev->dev = &usbdev->dev; -+ dev->dev = &interface->dev; - - mutex_lock(&drm_global_mutex); - -diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index cdf46b5..d8bb392 100644 ---- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c -+++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -@@ -749,6 +749,8 @@ i915_gem_execbuffer_relocate_slow(struct drm_device *dev, - total = 0; - for (i = 0; i < count; i++) { - struct drm_i915_gem_relocation_entry __user *user_relocs; -+ u64 invalid_offset = (u64)-1; -+ int j; - - user_relocs = (void __user *)(uintptr_t)exec[i].relocs_ptr; - -@@ -759,6 +761,25 @@ i915_gem_execbuffer_relocate_slow(struct drm_device *dev, - goto err; - } - -+ /* As we do not update the known relocation offsets after -+ * relocating (due to the complexities in lock handling), -+ * we need to mark them as invalid now so that we force the -+ * relocation processing next time. Just in case the target -+ * object is evicted and then rebound into its old -+ * presumed_offset before the next execbuffer - if that -+ * happened we would make the mistake of assuming that the -+ * relocations were valid. -+ */ -+ for (j = 0; j < exec[i].relocation_count; j++) { -+ if (copy_to_user(&user_relocs[j].presumed_offset, -+ &invalid_offset, -+ sizeof(invalid_offset))) { -+ ret = -EFAULT; -+ mutex_lock(&dev->struct_mutex); -+ goto err; -+ } -+ } -+ - reloc_offset[i] = total; - total += exec[i].relocation_count; - } -diff --git a/drivers/gpu/drm/i915/i915_reg.h b/drivers/gpu/drm/i915/i915_reg.h -index f02cfad..380e7da 100644 ---- a/drivers/gpu/drm/i915/i915_reg.h -+++ b/drivers/gpu/drm/i915/i915_reg.h -@@ -506,6 +506,7 @@ - * the enables for writing to the corresponding low bit. - */ - #define _3D_CHICKEN 0x02084 -+#define _3D_CHICKEN_HIZ_PLANE_DISABLE_MSAA_4X_SNB (1 << 10) - #define _3D_CHICKEN2 0x0208c - /* Disables pipelining of read flushes past the SF-WIZ interface. - * Required on all Ironlake steppings according to the B-Spec, but the -@@ -3274,6 +3275,8 @@ - #define _PFA_CTL_1 0x68080 - #define _PFB_CTL_1 0x68880 - #define PF_ENABLE (1<<31) -+#define PF_PIPE_SEL_MASK_IVB (3<<29) -+#define PF_PIPE_SEL_IVB(pipe) ((pipe)<<29) - #define PF_FILTER_MASK (3<<23) - #define PF_FILTER_PROGRAMMED (0<<23) - #define PF_FILTER_MED_3x3 (1<<23) -diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 0777c79..3098027 100644 ---- a/drivers/gpu/drm/i915/intel_display.c -+++ b/drivers/gpu/drm/i915/intel_display.c -@@ -146,8 +146,8 @@ static const intel_limit_t intel_limits_i9xx_sdvo = { - .vco = { .min = 1400000, .max = 2800000 }, - .n = { .min = 1, .max = 6 }, - .m = { .min = 70, .max = 120 }, -- .m1 = { .min = 10, .max = 22 }, -- .m2 = { .min = 5, .max = 9 }, -+ .m1 = { .min = 8, .max = 18 }, -+ .m2 = { .min = 3, .max = 7 }, - .p = { .min = 5, .max = 80 }, - .p1 = { .min = 1, .max = 8 }, - .p2 = { .dot_limit = 200000, -@@ -2347,18 +2347,6 @@ static void intel_fdi_normal_train(struct drm_crtc *crtc) - FDI_FE_ERRC_ENABLE); - } - --static void cpt_phase_pointer_enable(struct drm_device *dev, int pipe) --{ -- struct drm_i915_private *dev_priv = dev->dev_private; -- u32 flags = I915_READ(SOUTH_CHICKEN1); -- -- flags |= FDI_PHASE_SYNC_OVR(pipe); -- I915_WRITE(SOUTH_CHICKEN1, flags); /* once to unlock... */ -- flags |= FDI_PHASE_SYNC_EN(pipe); -- I915_WRITE(SOUTH_CHICKEN1, flags); /* then again to enable */ -- POSTING_READ(SOUTH_CHICKEN1); --} -- - /* The FDI link training functions for ILK/Ibexpeak. */ - static void ironlake_fdi_link_train(struct drm_crtc *crtc) - { -@@ -2509,9 +2497,6 @@ static void gen6_fdi_link_train(struct drm_crtc *crtc) - POSTING_READ(reg); - udelay(150); - -- if (HAS_PCH_CPT(dev)) -- cpt_phase_pointer_enable(dev, pipe); -- - for (i = 0; i < 4; i++) { - reg = FDI_TX_CTL(pipe); - temp = I915_READ(reg); -@@ -2638,9 +2623,6 @@ static void ivb_manual_fdi_link_train(struct drm_crtc *crtc) - POSTING_READ(reg); - udelay(150); - -- if (HAS_PCH_CPT(dev)) -- cpt_phase_pointer_enable(dev, pipe); -- - for (i = 0; i < 4; i++) { - reg = FDI_TX_CTL(pipe); - temp = I915_READ(reg); -@@ -2754,17 +2736,6 @@ static void ironlake_fdi_pll_enable(struct drm_crtc *crtc) - } - } - --static void cpt_phase_pointer_disable(struct drm_device *dev, int pipe) --{ -- struct drm_i915_private *dev_priv = dev->dev_private; -- u32 flags = I915_READ(SOUTH_CHICKEN1); -- -- flags &= ~(FDI_PHASE_SYNC_EN(pipe)); -- I915_WRITE(SOUTH_CHICKEN1, flags); /* once to disable... */ -- flags &= ~(FDI_PHASE_SYNC_OVR(pipe)); -- I915_WRITE(SOUTH_CHICKEN1, flags); /* then again to lock */ -- POSTING_READ(SOUTH_CHICKEN1); --} - static void ironlake_fdi_disable(struct drm_crtc *crtc) - { - struct drm_device *dev = crtc->dev; -@@ -2794,8 +2765,6 @@ static void ironlake_fdi_disable(struct drm_crtc *crtc) - I915_WRITE(FDI_RX_CHICKEN(pipe), - I915_READ(FDI_RX_CHICKEN(pipe) & - ~FDI_RX_PHASE_SYNC_POINTER_EN)); -- } else if (HAS_PCH_CPT(dev)) { -- cpt_phase_pointer_disable(dev, pipe); - } - - /* still set train pattern 1 */ -@@ -3233,7 +3202,11 @@ static void ironlake_crtc_enable(struct drm_crtc *crtc) - * as some pre-programmed values are broken, - * e.g. x201. - */ -- I915_WRITE(PF_CTL(pipe), PF_ENABLE | PF_FILTER_MED_3x3); -+ if (IS_IVYBRIDGE(dev)) -+ I915_WRITE(PF_CTL(pipe), PF_ENABLE | PF_FILTER_MED_3x3 | -+ PF_PIPE_SEL_IVB(pipe)); -+ else -+ I915_WRITE(PF_CTL(pipe), PF_ENABLE | PF_FILTER_MED_3x3); - I915_WRITE(PF_WIN_POS(pipe), dev_priv->pch_pf_pos); - I915_WRITE(PF_WIN_SZ(pipe), dev_priv->pch_pf_size); - } -@@ -3435,6 +3408,7 @@ static void i9xx_crtc_disable(struct drm_crtc *crtc) - struct intel_crtc *intel_crtc = to_intel_crtc(crtc); - int pipe = intel_crtc->pipe; - int plane = intel_crtc->plane; -+ u32 pctl; - - if (!intel_crtc->active) - return; -@@ -3450,6 +3424,13 @@ static void i9xx_crtc_disable(struct drm_crtc *crtc) - - intel_disable_plane(dev_priv, plane, pipe); - intel_disable_pipe(dev_priv, pipe); -+ -+ /* Disable pannel fitter if it is on this pipe. */ -+ pctl = I915_READ(PFIT_CONTROL); -+ if ((pctl & PFIT_ENABLE) && -+ ((pctl & PFIT_PIPE_MASK) >> PFIT_PIPE_SHIFT) == pipe) -+ I915_WRITE(PFIT_CONTROL, 0); -+ - intel_disable_pll(dev_priv, pipe); - - intel_crtc->active = false; -diff --git a/drivers/gpu/drm/i915/intel_lvds.c b/drivers/gpu/drm/i915/intel_lvds.c -index 0c52448..2e6448c 100644 ---- a/drivers/gpu/drm/i915/intel_lvds.c -+++ b/drivers/gpu/drm/i915/intel_lvds.c -@@ -774,14 +774,6 @@ static const struct dmi_system_id intel_no_lvds[] = { - }, - { - .callback = intel_no_lvds_dmi_callback, -- .ident = "ZOTAC ZBOXSD-ID12/ID13", -- .matches = { -- DMI_MATCH(DMI_BOARD_VENDOR, "ZOTAC"), -- DMI_MATCH(DMI_BOARD_NAME, "ZBOXSD-ID12/ID13"), -- }, -- }, -- { -- .callback = intel_no_lvds_dmi_callback, - .ident = "Gigabyte GA-D525TUD", - .matches = { - DMI_MATCH(DMI_BOARD_VENDOR, "Gigabyte Technology Co., Ltd."), -diff --git a/drivers/gpu/drm/i915/intel_pm.c b/drivers/gpu/drm/i915/intel_pm.c -index c23c9ea..572b2ca 100644 ---- a/drivers/gpu/drm/i915/intel_pm.c -+++ b/drivers/gpu/drm/i915/intel_pm.c -@@ -3324,6 +3324,10 @@ static void gen6_init_clock_gating(struct drm_device *dev) - I915_READ(ILK_DISPLAY_CHICKEN2) | - ILK_ELPIN_409_SELECT); - -+ /* WaDisableHiZPlanesWhenMSAAEnabled */ -+ I915_WRITE(_3D_CHICKEN, -+ _MASKED_BIT_ENABLE(_3D_CHICKEN_HIZ_PLANE_DISABLE_MSAA_4X_SNB)); -+ - I915_WRITE(WM3_LP_ILK, 0); - I915_WRITE(WM2_LP_ILK, 0); - I915_WRITE(WM1_LP_ILK, 0); -diff --git a/drivers/gpu/drm/nouveau/nv04_dfp.c b/drivers/gpu/drm/nouveau/nv04_dfp.c -index 89640f2..2b59f41 100644 ---- a/drivers/gpu/drm/nouveau/nv04_dfp.c -+++ b/drivers/gpu/drm/nouveau/nv04_dfp.c -@@ -504,7 +504,7 @@ static void nv04_dfp_update_backlight(struct drm_encoder *encoder, int mode) - - static inline bool is_powersaving_dpms(int mode) - { -- return (mode != DRM_MODE_DPMS_ON); -+ return mode != DRM_MODE_DPMS_ON && mode != NV_DPMS_CLEARED; - } - - static void nv04_lvds_dpms(struct drm_encoder *encoder, int mode) -diff --git a/drivers/gpu/drm/radeon/atombios_crtc.c b/drivers/gpu/drm/radeon/atombios_crtc.c -index 2817101..9bd3015 100644 ---- a/drivers/gpu/drm/radeon/atombios_crtc.c -+++ b/drivers/gpu/drm/radeon/atombios_crtc.c -@@ -258,8 +258,6 @@ void atombios_crtc_dpms(struct drm_crtc *crtc, int mode) - radeon_crtc->enabled = true; - /* adjust pm to dpms changes BEFORE enabling crtcs */ - radeon_pm_compute_clocks(rdev); -- if (ASIC_IS_DCE6(rdev) && !radeon_crtc->in_mode_set) -- atombios_powergate_crtc(crtc, ATOM_DISABLE); - atombios_enable_crtc(crtc, ATOM_ENABLE); - if (ASIC_IS_DCE3(rdev) && !ASIC_IS_DCE6(rdev)) - atombios_enable_crtc_memreq(crtc, ATOM_ENABLE); -@@ -277,8 +275,6 @@ void atombios_crtc_dpms(struct drm_crtc *crtc, int mode) - atombios_enable_crtc_memreq(crtc, ATOM_DISABLE); - atombios_enable_crtc(crtc, ATOM_DISABLE); - radeon_crtc->enabled = false; -- if (ASIC_IS_DCE6(rdev) && !radeon_crtc->in_mode_set) -- atombios_powergate_crtc(crtc, ATOM_ENABLE); - /* adjust pm to dpms changes AFTER disabling crtcs */ - radeon_pm_compute_clocks(rdev); - break; -@@ -1667,6 +1663,8 @@ static void atombios_crtc_disable(struct drm_crtc *crtc) - int i; - - atombios_crtc_dpms(crtc, DRM_MODE_DPMS_OFF); -+ if (ASIC_IS_DCE6(rdev)) -+ atombios_powergate_crtc(crtc, ATOM_ENABLE); - - for (i = 0; i < rdev->num_crtc; i++) { - if (rdev->mode_info.crtcs[i] && -diff --git a/drivers/gpu/drm/radeon/atombios_encoders.c b/drivers/gpu/drm/radeon/atombios_encoders.c -index 2eb418e..e53a91b 100644 ---- a/drivers/gpu/drm/radeon/atombios_encoders.c -+++ b/drivers/gpu/drm/radeon/atombios_encoders.c -@@ -95,7 +95,7 @@ static bool radeon_atom_mode_fixup(struct drm_encoder *encoder, - ((radeon_encoder->active_device & (ATOM_DEVICE_DFP_SUPPORT | ATOM_DEVICE_LCD_SUPPORT)) || - (radeon_encoder_get_dp_bridge_encoder_id(encoder) != ENCODER_OBJECT_ID_NONE))) { - struct drm_connector *connector = radeon_get_connector_for_encoder(encoder); -- radeon_dp_set_link_config(connector, mode); -+ radeon_dp_set_link_config(connector, adjusted_mode); - } - - return true; -diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c -index 5528fea..8f0ce47 100644 ---- a/drivers/gpu/drm/radeon/evergreen.c -+++ b/drivers/gpu/drm/radeon/evergreen.c -@@ -1259,14 +1259,18 @@ void evergreen_mc_stop(struct radeon_device *rdev, struct evergreen_mc_save *sav - if (!(tmp & EVERGREEN_CRTC_BLANK_DATA_EN)) { - radeon_wait_for_vblank(rdev, i); - tmp |= EVERGREEN_CRTC_BLANK_DATA_EN; -+ WREG32(EVERGREEN_CRTC_UPDATE_LOCK + crtc_offsets[i], 1); - WREG32(EVERGREEN_CRTC_BLANK_CONTROL + crtc_offsets[i], tmp); -+ WREG32(EVERGREEN_CRTC_UPDATE_LOCK + crtc_offsets[i], 0); - } - } else { - tmp = RREG32(EVERGREEN_CRTC_CONTROL + crtc_offsets[i]); - if (!(tmp & EVERGREEN_CRTC_DISP_READ_REQUEST_DISABLE)) { - radeon_wait_for_vblank(rdev, i); - tmp |= EVERGREEN_CRTC_DISP_READ_REQUEST_DISABLE; -+ WREG32(EVERGREEN_CRTC_UPDATE_LOCK + crtc_offsets[i], 1); - WREG32(EVERGREEN_CRTC_CONTROL + crtc_offsets[i], tmp); -+ WREG32(EVERGREEN_CRTC_UPDATE_LOCK + crtc_offsets[i], 0); - } - } - /* wait for the next frame */ -@@ -1291,6 +1295,8 @@ void evergreen_mc_stop(struct radeon_device *rdev, struct evergreen_mc_save *sav - blackout &= ~BLACKOUT_MODE_MASK; - WREG32(MC_SHARED_BLACKOUT_CNTL, blackout | 1); - } -+ /* wait for the MC to settle */ -+ udelay(100); - } - - void evergreen_mc_resume(struct radeon_device *rdev, struct evergreen_mc_save *save) -@@ -1324,11 +1330,15 @@ void evergreen_mc_resume(struct radeon_device *rdev, struct evergreen_mc_save *s - if (ASIC_IS_DCE6(rdev)) { - tmp = RREG32(EVERGREEN_CRTC_BLANK_CONTROL + crtc_offsets[i]); - tmp |= EVERGREEN_CRTC_BLANK_DATA_EN; -+ WREG32(EVERGREEN_CRTC_UPDATE_LOCK + crtc_offsets[i], 1); - WREG32(EVERGREEN_CRTC_BLANK_CONTROL + crtc_offsets[i], tmp); -+ WREG32(EVERGREEN_CRTC_UPDATE_LOCK + crtc_offsets[i], 0); - } else { - tmp = RREG32(EVERGREEN_CRTC_CONTROL + crtc_offsets[i]); - tmp &= ~EVERGREEN_CRTC_DISP_READ_REQUEST_DISABLE; -+ WREG32(EVERGREEN_CRTC_UPDATE_LOCK + crtc_offsets[i], 1); - WREG32(EVERGREEN_CRTC_CONTROL + crtc_offsets[i], tmp); -+ WREG32(EVERGREEN_CRTC_UPDATE_LOCK + crtc_offsets[i], 0); - } - /* wait for the next frame */ - frame_count = radeon_get_vblank_counter(rdev, i); -diff --git a/drivers/gpu/drm/radeon/evergreen_cs.c b/drivers/gpu/drm/radeon/evergreen_cs.c -index 4a33cdc..bf849ea 100644 ---- a/drivers/gpu/drm/radeon/evergreen_cs.c -+++ b/drivers/gpu/drm/radeon/evergreen_cs.c -@@ -2724,6 +2724,7 @@ static bool evergreen_vm_reg_valid(u32 reg) - - /* check config regs */ - switch (reg) { -+ case WAIT_UNTIL: - case GRBM_GFX_INDEX: - case CP_STRMOUT_CNTL: - case CP_COHER_CNTL: -diff --git a/drivers/gpu/drm/radeon/radeon_combios.c b/drivers/gpu/drm/radeon/radeon_combios.c -index f75247d..33d3975 100644 ---- a/drivers/gpu/drm/radeon/radeon_combios.c -+++ b/drivers/gpu/drm/radeon/radeon_combios.c -@@ -2419,6 +2419,14 @@ bool radeon_get_legacy_connector_info_from_bios(struct drm_device *dev) - 1), - ATOM_DEVICE_CRT1_SUPPORT); - } -+ /* RV100 board with external TDMS bit mis-set. -+ * Actually uses internal TMDS, clear the bit. -+ */ -+ if (dev->pdev->device == 0x5159 && -+ dev->pdev->subsystem_vendor == 0x1014 && -+ dev->pdev->subsystem_device == 0x029A) { -+ tmp &= ~(1 << 4); -+ } - if ((tmp >> 4) & 0x1) { - devices |= ATOM_DEVICE_DFP2_SUPPORT; - radeon_add_legacy_encoder(dev, -diff --git a/drivers/gpu/drm/radeon/radeon_connectors.c b/drivers/gpu/drm/radeon/radeon_connectors.c -index 895e628..a7e797c 100644 ---- a/drivers/gpu/drm/radeon/radeon_connectors.c -+++ b/drivers/gpu/drm/radeon/radeon_connectors.c -@@ -745,7 +745,7 @@ radeon_vga_detect(struct drm_connector *connector, bool force) - ret = connector_status_disconnected; - - if (radeon_connector->ddc_bus) -- dret = radeon_ddc_probe(radeon_connector); -+ dret = radeon_ddc_probe(radeon_connector, false); - if (dret) { - radeon_connector->detected_by_load = false; - if (radeon_connector->edid) { -@@ -951,7 +951,7 @@ radeon_dvi_detect(struct drm_connector *connector, bool force) - return connector->status; - - if (radeon_connector->ddc_bus) -- dret = radeon_ddc_probe(radeon_connector); -+ dret = radeon_ddc_probe(radeon_connector, false); - if (dret) { - radeon_connector->detected_by_load = false; - if (radeon_connector->edid) { -@@ -1391,7 +1391,8 @@ radeon_dp_detect(struct drm_connector *connector, bool force) - if (encoder) { - /* setup ddc on the bridge */ - radeon_atom_ext_encoder_setup_ddc(encoder); -- if (radeon_ddc_probe(radeon_connector)) /* try DDC */ -+ /* bridge chips are always aux */ -+ if (radeon_ddc_probe(radeon_connector, true)) /* try DDC */ - ret = connector_status_connected; - else if (radeon_connector->dac_load_detect) { /* try load detection */ - struct drm_encoder_helper_funcs *encoder_funcs = encoder->helper_private; -@@ -1409,7 +1410,8 @@ radeon_dp_detect(struct drm_connector *connector, bool force) - if (radeon_dp_getdpcd(radeon_connector)) - ret = connector_status_connected; - } else { -- if (radeon_ddc_probe(radeon_connector)) -+ /* try non-aux ddc (DP to DVI/HMDI/etc. adapter) */ -+ if (radeon_ddc_probe(radeon_connector, false)) - ret = connector_status_connected; - } - } -diff --git a/drivers/gpu/drm/radeon/radeon_cursor.c b/drivers/gpu/drm/radeon/radeon_cursor.c -index 8794744..f1b951d 100644 ---- a/drivers/gpu/drm/radeon/radeon_cursor.c -+++ b/drivers/gpu/drm/radeon/radeon_cursor.c -@@ -240,7 +240,8 @@ int radeon_crtc_cursor_move(struct drm_crtc *crtc, - y = 0; - } - -- if (ASIC_IS_AVIVO(rdev)) { -+ /* fixed on DCE6 and newer */ -+ if (ASIC_IS_AVIVO(rdev) && !ASIC_IS_DCE6(rdev)) { - int i = 0; - struct drm_crtc *crtc_p; - -diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 7a3daeb..9d9bf5f 100644 ---- a/drivers/gpu/drm/radeon/radeon_device.c -+++ b/drivers/gpu/drm/radeon/radeon_device.c -@@ -427,7 +427,8 @@ bool radeon_card_posted(struct radeon_device *rdev) - { - uint32_t reg; - -- if (efi_enabled && rdev->pdev->subsystem_vendor == PCI_VENDOR_ID_APPLE) -+ if (efi_enabled(EFI_BOOT) && -+ rdev->pdev->subsystem_vendor == PCI_VENDOR_ID_APPLE) - return false; - - /* first check CRTCs */ -diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c -index 7ddef8f..06a31cf 100644 ---- a/drivers/gpu/drm/radeon/radeon_display.c -+++ b/drivers/gpu/drm/radeon/radeon_display.c -@@ -695,10 +695,15 @@ int radeon_ddc_get_modes(struct radeon_connector *radeon_connector) - if (radeon_connector->router.ddc_valid) - radeon_router_select_ddc_port(radeon_connector); - -- if ((radeon_connector->base.connector_type == DRM_MODE_CONNECTOR_DisplayPort) || -- (radeon_connector->base.connector_type == DRM_MODE_CONNECTOR_eDP) || -- (radeon_connector_encoder_get_dp_bridge_encoder_id(&radeon_connector->base) != -- ENCODER_OBJECT_ID_NONE)) { -+ if (radeon_connector_encoder_get_dp_bridge_encoder_id(&radeon_connector->base) != -+ ENCODER_OBJECT_ID_NONE) { -+ struct radeon_connector_atom_dig *dig = radeon_connector->con_priv; -+ -+ if (dig->dp_i2c_bus) -+ radeon_connector->edid = drm_get_edid(&radeon_connector->base, -+ &dig->dp_i2c_bus->adapter); -+ } else if ((radeon_connector->base.connector_type == DRM_MODE_CONNECTOR_DisplayPort) || -+ (radeon_connector->base.connector_type == DRM_MODE_CONNECTOR_eDP)) { - struct radeon_connector_atom_dig *dig = radeon_connector->con_priv; - - if ((dig->dp_sink_type == CONNECTOR_OBJECT_ID_DISPLAYPORT || -@@ -1106,14 +1111,16 @@ radeon_user_framebuffer_create(struct drm_device *dev, - } - - radeon_fb = kzalloc(sizeof(*radeon_fb), GFP_KERNEL); -- if (radeon_fb == NULL) -+ if (radeon_fb == NULL) { -+ drm_gem_object_unreference_unlocked(obj); - return ERR_PTR(-ENOMEM); -+ } - - ret = radeon_framebuffer_init(dev, radeon_fb, mode_cmd, obj); - if (ret) { - kfree(radeon_fb); - drm_gem_object_unreference_unlocked(obj); -- return NULL; -+ return ERR_PTR(ret); - } - - return &radeon_fb->base; -diff --git a/drivers/gpu/drm/radeon/radeon_i2c.c b/drivers/gpu/drm/radeon/radeon_i2c.c -index 3edec1c..6076e85 100644 ---- a/drivers/gpu/drm/radeon/radeon_i2c.c -+++ b/drivers/gpu/drm/radeon/radeon_i2c.c -@@ -39,7 +39,7 @@ extern u32 radeon_atom_hw_i2c_func(struct i2c_adapter *adap); - * radeon_ddc_probe - * - */ --bool radeon_ddc_probe(struct radeon_connector *radeon_connector) -+bool radeon_ddc_probe(struct radeon_connector *radeon_connector, bool use_aux) - { - u8 out = 0x0; - u8 buf[8]; -@@ -63,7 +63,13 @@ bool radeon_ddc_probe(struct radeon_connector *radeon_connector) - if (radeon_connector->router.ddc_valid) - radeon_router_select_ddc_port(radeon_connector); - -- ret = i2c_transfer(&radeon_connector->ddc_bus->adapter, msgs, 2); -+ if (use_aux) { -+ struct radeon_connector_atom_dig *dig = radeon_connector->con_priv; -+ ret = i2c_transfer(&dig->dp_i2c_bus->adapter, msgs, 2); -+ } else { -+ ret = i2c_transfer(&radeon_connector->ddc_bus->adapter, msgs, 2); -+ } -+ - if (ret != 2) - /* Couldn't find an accessible DDC on this connector */ - return false; -diff --git a/drivers/gpu/drm/radeon/radeon_legacy_encoders.c b/drivers/gpu/drm/radeon/radeon_legacy_encoders.c -index dd402bb..9633dbb 100644 ---- a/drivers/gpu/drm/radeon/radeon_legacy_encoders.c -+++ b/drivers/gpu/drm/radeon/radeon_legacy_encoders.c -@@ -618,6 +618,14 @@ static enum drm_connector_status radeon_legacy_primary_dac_detect(struct drm_enc - enum drm_connector_status found = connector_status_disconnected; - bool color = true; - -+ /* just don't bother on RN50 those chip are often connected to remoting -+ * console hw and often we get failure to load detect those. So to make -+ * everyone happy report the encoder as always connected. -+ */ -+ if (ASIC_IS_RN50(rdev)) { -+ return connector_status_connected; -+ } -+ - /* save the regs we need */ - vclk_ecp_cntl = RREG32_PLL(RADEON_VCLK_ECP_CNTL); - crtc_ext_cntl = RREG32(RADEON_CRTC_EXT_CNTL); -diff --git a/drivers/gpu/drm/radeon/radeon_mode.h b/drivers/gpu/drm/radeon/radeon_mode.h -index d569789..485d16e 100644 ---- a/drivers/gpu/drm/radeon/radeon_mode.h -+++ b/drivers/gpu/drm/radeon/radeon_mode.h -@@ -534,7 +534,7 @@ extern void radeon_i2c_put_byte(struct radeon_i2c_chan *i2c, - u8 val); - extern void radeon_router_select_ddc_port(struct radeon_connector *radeon_connector); - extern void radeon_router_select_cd_port(struct radeon_connector *radeon_connector); --extern bool radeon_ddc_probe(struct radeon_connector *radeon_connector); -+extern bool radeon_ddc_probe(struct radeon_connector *radeon_connector, bool use_aux); - extern int radeon_ddc_get_modes(struct radeon_connector *radeon_connector); - - extern struct drm_encoder *radeon_best_encoder(struct drm_connector *connector); -diff --git a/drivers/gpu/drm/radeon/radeon_ring.c b/drivers/gpu/drm/radeon/radeon_ring.c -index 43c431a..f2017fc 100644 ---- a/drivers/gpu/drm/radeon/radeon_ring.c -+++ b/drivers/gpu/drm/radeon/radeon_ring.c -@@ -361,6 +361,9 @@ int radeon_ring_alloc(struct radeon_device *rdev, struct radeon_ring *ring, unsi - { - int r; - -+ /* make sure we aren't trying to allocate more space than there is on the ring */ -+ if (ndw > (ring->ring_size / 4)) -+ return -ENOMEM; - /* Align requested size with padding so unlock_commit can - * pad safely */ - ndw = (ndw + ring->align_mask) & ~ring->align_mask; -diff --git a/drivers/gpu/drm/radeon/reg_srcs/cayman b/drivers/gpu/drm/radeon/reg_srcs/cayman -index 0f656b1..a072fa8 100644 ---- a/drivers/gpu/drm/radeon/reg_srcs/cayman -+++ b/drivers/gpu/drm/radeon/reg_srcs/cayman -@@ -1,5 +1,6 @@ - cayman 0x9400 - 0x0000802C GRBM_GFX_INDEX -+0x00008040 WAIT_UNTIL - 0x000084FC CP_STRMOUT_CNTL - 0x000085F0 CP_COHER_CNTL - 0x000085F4 CP_COHER_SIZE -diff --git a/drivers/gpu/drm/udl/udl_connector.c b/drivers/gpu/drm/udl/udl_connector.c -index 8d9dc44..3234224 100644 ---- a/drivers/gpu/drm/udl/udl_connector.c -+++ b/drivers/gpu/drm/udl/udl_connector.c -@@ -22,13 +22,17 @@ - static u8 *udl_get_edid(struct udl_device *udl) - { - u8 *block; -- char rbuf[3]; -+ char *rbuf; - int ret, i; - - block = kmalloc(EDID_LENGTH, GFP_KERNEL); - if (block == NULL) - return NULL; - -+ rbuf = kmalloc(2, GFP_KERNEL); -+ if (rbuf == NULL) -+ goto error; -+ - for (i = 0; i < EDID_LENGTH; i++) { - ret = usb_control_msg(udl->ddev->usbdev, - usb_rcvctrlpipe(udl->ddev->usbdev, 0), (0x02), -@@ -36,16 +40,17 @@ static u8 *udl_get_edid(struct udl_device *udl) - HZ); - if (ret < 1) { - DRM_ERROR("Read EDID byte %d failed err %x\n", i, ret); -- i--; - goto error; - } - block[i] = rbuf[1]; - } - -+ kfree(rbuf); - return block; - - error: - kfree(block); -+ kfree(rbuf); - return NULL; - } - -@@ -59,6 +64,14 @@ static int udl_get_modes(struct drm_connector *connector) - - connector->display_info.raw_edid = (char *)edid; - -+ /* -+ * We only read the main block, but if the monitor reports extension -+ * blocks then the drm edid code expects them to be present, so patch -+ * the extension count to 0. -+ */ -+ edid->checksum += edid->extensions; -+ edid->extensions = 0; -+ - drm_mode_connector_update_edid_property(connector, edid); - ret = drm_add_edid_modes(connector, edid); - connector->display_info.raw_edid = NULL; -diff --git a/drivers/gpu/drm/udl/udl_drv.h b/drivers/gpu/drm/udl/udl_drv.h -index 87aa5f5..cc6d90f 100644 ---- a/drivers/gpu/drm/udl/udl_drv.h -+++ b/drivers/gpu/drm/udl/udl_drv.h -@@ -75,6 +75,8 @@ struct udl_framebuffer { - struct drm_framebuffer base; - struct udl_gem_object *obj; - bool active_16; /* active on the 16-bit channel */ -+ int x1, y1, x2, y2; /* dirty rect */ -+ spinlock_t dirty_lock; - }; - - #define to_udl_fb(x) container_of(x, struct udl_framebuffer, base) -diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c -index 6f6ca50..c9df873 100644 ---- a/drivers/gpu/drm/udl/udl_fb.c -+++ b/drivers/gpu/drm/udl/udl_fb.c -@@ -22,9 +22,9 @@ - - #include "drm_fb_helper.h" - --#define DL_DEFIO_WRITE_DELAY 5 /* fb_deferred_io.delay in jiffies */ -+#define DL_DEFIO_WRITE_DELAY (HZ/20) /* fb_deferred_io.delay in jiffies */ - --static int fb_defio = 1; /* Optionally enable experimental fb_defio mmap support */ -+static int fb_defio = 0; /* Optionally enable experimental fb_defio mmap support */ - static int fb_bpp = 16; - - module_param(fb_bpp, int, S_IWUSR | S_IRUSR | S_IWGRP | S_IRGRP); -@@ -153,6 +153,9 @@ int udl_handle_damage(struct udl_framebuffer *fb, int x, int y, - struct urb *urb; - int aligned_x; - int bpp = (fb->base.bits_per_pixel / 8); -+ int x2, y2; -+ bool store_for_later = false; -+ unsigned long flags; - - if (!fb->active_16) - return 0; -@@ -169,8 +172,6 @@ int udl_handle_damage(struct udl_framebuffer *fb, int x, int y, - } - } - -- start_cycles = get_cycles(); -- - aligned_x = DL_ALIGN_DOWN(x, sizeof(unsigned long)); - width = DL_ALIGN_UP(width + (x-aligned_x), sizeof(unsigned long)); - x = aligned_x; -@@ -180,19 +181,53 @@ int udl_handle_damage(struct udl_framebuffer *fb, int x, int y, - (y + height > fb->base.height)) - return -EINVAL; - -+ /* if we are in atomic just store the info -+ can't test inside spin lock */ -+ if (in_atomic()) -+ store_for_later = true; -+ -+ x2 = x + width - 1; -+ y2 = y + height - 1; -+ -+ spin_lock_irqsave(&fb->dirty_lock, flags); -+ -+ if (fb->y1 < y) -+ y = fb->y1; -+ if (fb->y2 > y2) -+ y2 = fb->y2; -+ if (fb->x1 < x) -+ x = fb->x1; -+ if (fb->x2 > x2) -+ x2 = fb->x2; -+ -+ if (store_for_later) { -+ fb->x1 = x; -+ fb->x2 = x2; -+ fb->y1 = y; -+ fb->y2 = y2; -+ spin_unlock_irqrestore(&fb->dirty_lock, flags); -+ return 0; -+ } -+ -+ fb->x1 = fb->y1 = INT_MAX; -+ fb->x2 = fb->y2 = 0; -+ -+ spin_unlock_irqrestore(&fb->dirty_lock, flags); -+ start_cycles = get_cycles(); -+ - urb = udl_get_urb(dev); - if (!urb) - return 0; - cmd = urb->transfer_buffer; - -- for (i = y; i < y + height ; i++) { -+ for (i = y; i <= y2 ; i++) { - const int line_offset = fb->base.pitches[0] * i; - const int byte_offset = line_offset + (x * bpp); - const int dev_byte_offset = (fb->base.width * bpp * i) + (x * bpp); - if (udl_render_hline(dev, bpp, &urb, - (char *) fb->obj->vmapping, - &cmd, byte_offset, dev_byte_offset, -- width * bpp, -+ (x2 - x + 1) * bpp, - &bytes_identical, &bytes_sent)) - goto error; - } -@@ -417,6 +452,7 @@ udl_framebuffer_init(struct drm_device *dev, - { - int ret; - -+ spin_lock_init(&ufb->dirty_lock); - ufb->obj = obj; - ret = drm_framebuffer_init(dev, &ufb->base, &udlfb_funcs); - drm_helper_mode_fill_fb_struct(&ufb->base, mode_cmd); -diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index 5de3bb3..545eab4 100644 ---- a/drivers/hid/hid-core.c -+++ b/drivers/hid/hid-core.c -@@ -1528,6 +1528,7 @@ static const struct hid_device_id hid_have_special_driver[] = { - { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_ALU_WIRELESS_2009_ANSI) }, - { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_ALU_WIRELESS_2009_ISO) }, - { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_ALU_WIRELESS_2009_JIS) }, -+ { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_ALU_WIRELESS_2011_ANSI) }, - { HID_BLUETOOTH_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_ALU_WIRELESS_2011_ISO) }, - { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_FOUNTAIN_TP_ONLY) }, - { HID_USB_DEVICE(USB_VENDOR_ID_APPLE, USB_DEVICE_ID_APPLE_GEYSER1_TP_ONLY) }, -@@ -2025,6 +2026,7 @@ static const struct hid_device_id hid_ignore_list[] = { - { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_HYBRID) }, - { HID_USB_DEVICE(USB_VENDOR_ID_LD, USB_DEVICE_ID_LD_HEATCONTROL) }, - { HID_USB_DEVICE(USB_VENDOR_ID_MADCATZ, USB_DEVICE_ID_MADCATZ_BEATPAD) }, -+ { HID_USB_DEVICE(USB_VENDOR_ID_MASTERKIT, USB_DEVICE_ID_MASTERKIT_MA901RADIO) }, - { HID_USB_DEVICE(USB_VENDOR_ID_MCC, USB_DEVICE_ID_MCC_PMD1024LS) }, - { HID_USB_DEVICE(USB_VENDOR_ID_MCC, USB_DEVICE_ID_MCC_PMD1208LS) }, - { HID_USB_DEVICE(USB_VENDOR_ID_MICROCHIP, USB_DEVICE_ID_PICKIT1) }, -diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h -index ab8ce9f..1c8d114 100644 ---- a/drivers/hid/hid-ids.h -+++ b/drivers/hid/hid-ids.h -@@ -536,6 +536,9 @@ - #define USB_VENDOR_ID_MADCATZ 0x0738 - #define USB_DEVICE_ID_MADCATZ_BEATPAD 0x4540 - -+#define USB_VENDOR_ID_MASTERKIT 0x16c0 -+#define USB_DEVICE_ID_MASTERKIT_MA901RADIO 0x05df -+ - #define USB_VENDOR_ID_MCC 0x09db - #define USB_DEVICE_ID_MCC_PMD1024LS 0x0076 - #define USB_DEVICE_ID_MCC_PMD1208LS 0x007a -@@ -681,6 +684,9 @@ - #define USB_VENDOR_ID_SIGMA_MICRO 0x1c4f - #define USB_DEVICE_ID_SIGMA_MICRO_KEYBOARD 0x0002 - -+#define USB_VENDOR_ID_SIGMATEL 0x066F -+#define USB_DEVICE_ID_SIGMATEL_STMP3780 0x3780 -+ - #define USB_VENDOR_ID_SKYCABLE 0x1223 - #define USB_DEVICE_ID_SKYCABLE_WIRELESS_PRESENTER 0x3F07 - -diff --git a/drivers/hid/hid-wiimote-ext.c b/drivers/hid/hid-wiimote-ext.c -index 0a1805c..ef59c84 100644 ---- a/drivers/hid/hid-wiimote-ext.c -+++ b/drivers/hid/hid-wiimote-ext.c -@@ -378,14 +378,14 @@ static void handler_nunchuck(struct wiimote_ext *ext, const __u8 *payload) - - if (ext->motionp) { - input_report_key(ext->input, -- wiiext_keymap[WIIEXT_KEY_Z], !!(payload[5] & 0x04)); -+ wiiext_keymap[WIIEXT_KEY_Z], !(payload[5] & 0x04)); - input_report_key(ext->input, -- wiiext_keymap[WIIEXT_KEY_C], !!(payload[5] & 0x08)); -+ wiiext_keymap[WIIEXT_KEY_C], !(payload[5] & 0x08)); - } else { - input_report_key(ext->input, -- wiiext_keymap[WIIEXT_KEY_Z], !!(payload[5] & 0x01)); -+ wiiext_keymap[WIIEXT_KEY_Z], !(payload[5] & 0x01)); - input_report_key(ext->input, -- wiiext_keymap[WIIEXT_KEY_C], !!(payload[5] & 0x02)); -+ wiiext_keymap[WIIEXT_KEY_C], !(payload[5] & 0x02)); - } - - input_sync(ext->input); -diff --git a/drivers/hid/usbhid/hid-quirks.c b/drivers/hid/usbhid/hid-quirks.c -index 8865fa3..eb55cef 100644 ---- a/drivers/hid/usbhid/hid-quirks.c -+++ b/drivers/hid/usbhid/hid-quirks.c -@@ -79,6 +79,7 @@ static const struct hid_blacklist { - { USB_VENDOR_ID_QUANTA, USB_DEVICE_ID_PIXART_IMAGING_INC_OPTICAL_TOUCH_SCREEN, HID_QUIRK_NOGET }, - { USB_VENDOR_ID_QUANTA, USB_DEVICE_ID_QUANTA_OPTICAL_TOUCH_3008, HID_QUIRK_NOGET }, - { USB_VENDOR_ID_SENNHEISER, USB_DEVICE_ID_SENNHEISER_BTD500USB, HID_QUIRK_NOGET }, -+ { USB_VENDOR_ID_SIGMATEL, USB_DEVICE_ID_SIGMATEL_STMP3780, HID_QUIRK_NOGET }, - { USB_VENDOR_ID_SUN, USB_DEVICE_ID_RARITAN_KVM_DONGLE, HID_QUIRK_NOGET }, - { USB_VENDOR_ID_SYMBOL, USB_DEVICE_ID_SYMBOL_SCANNER_1, HID_QUIRK_NOGET }, - { USB_VENDOR_ID_SYMBOL, USB_DEVICE_ID_SYMBOL_SCANNER_2, HID_QUIRK_NOGET }, -diff --git a/drivers/hwmon/lm73.c b/drivers/hwmon/lm73.c -index 8fa2632..7272176 100644 ---- a/drivers/hwmon/lm73.c -+++ b/drivers/hwmon/lm73.c -@@ -49,6 +49,7 @@ static ssize_t set_temp(struct device *dev, struct device_attribute *da, - struct i2c_client *client = to_i2c_client(dev); - long temp; - short value; -+ s32 err; - - int status = kstrtol(buf, 10, &temp); - if (status < 0) -@@ -57,8 +58,8 @@ static ssize_t set_temp(struct device *dev, struct device_attribute *da, - /* Write value */ - value = (short) SENSORS_LIMIT(temp/250, (LM73_TEMP_MIN*4), - (LM73_TEMP_MAX*4)) << 5; -- i2c_smbus_write_word_swapped(client, attr->index, value); -- return count; -+ err = i2c_smbus_write_word_swapped(client, attr->index, value); -+ return (err < 0) ? err : count; - } - - static ssize_t show_temp(struct device *dev, struct device_attribute *da, -@@ -66,11 +67,16 @@ static ssize_t show_temp(struct device *dev, struct device_attribute *da, - { - struct sensor_device_attribute *attr = to_sensor_dev_attr(da); - struct i2c_client *client = to_i2c_client(dev); -+ int temp; -+ -+ s32 err = i2c_smbus_read_word_swapped(client, attr->index); -+ if (err < 0) -+ return err; -+ - /* use integer division instead of equivalent right shift to - guarantee arithmetic shift and preserve the sign */ -- int temp = ((s16) (i2c_smbus_read_word_swapped(client, -- attr->index))*250) / 32; -- return sprintf(buf, "%d\n", temp); -+ temp = (((s16) err) * 250) / 32; -+ return scnprintf(buf, PAGE_SIZE, "%d\n", temp); - } - - -diff --git a/drivers/infiniband/hw/nes/nes.h b/drivers/infiniband/hw/nes/nes.h -index c438e46..3f41d9f 100644 ---- a/drivers/infiniband/hw/nes/nes.h -+++ b/drivers/infiniband/hw/nes/nes.h -@@ -524,6 +524,7 @@ void nes_iwarp_ce_handler(struct nes_device *, struct nes_hw_cq *); - int nes_destroy_cqp(struct nes_device *); - int nes_nic_cm_xmit(struct sk_buff *, struct net_device *); - void nes_recheck_link_status(struct work_struct *work); -+void nes_terminate_timeout(unsigned long context); - - /* nes_nic.c */ - struct net_device *nes_netdev_init(struct nes_device *, void __iomem *); -diff --git a/drivers/infiniband/hw/nes/nes_hw.c b/drivers/infiniband/hw/nes/nes_hw.c -index d42c9f4..96801c3 100644 ---- a/drivers/infiniband/hw/nes/nes_hw.c -+++ b/drivers/infiniband/hw/nes/nes_hw.c -@@ -75,7 +75,6 @@ static void nes_process_iwarp_aeqe(struct nes_device *nesdev, - static void process_critical_error(struct nes_device *nesdev); - static void nes_process_mac_intr(struct nes_device *nesdev, u32 mac_number); - static unsigned int nes_reset_adapter_ne020(struct nes_device *nesdev, u8 *OneG_Mode); --static void nes_terminate_timeout(unsigned long context); - static void nes_terminate_start_timer(struct nes_qp *nesqp); - - #ifdef CONFIG_INFINIBAND_NES_DEBUG -@@ -3522,7 +3521,7 @@ static void nes_terminate_received(struct nes_device *nesdev, - } - - /* Timeout routine in case terminate fails to complete */ --static void nes_terminate_timeout(unsigned long context) -+void nes_terminate_timeout(unsigned long context) - { - struct nes_qp *nesqp = (struct nes_qp *)(unsigned long)context; - -@@ -3532,11 +3531,7 @@ static void nes_terminate_timeout(unsigned long context) - /* Set a timer in case hw cannot complete the terminate sequence */ - static void nes_terminate_start_timer(struct nes_qp *nesqp) - { -- init_timer(&nesqp->terminate_timer); -- nesqp->terminate_timer.function = nes_terminate_timeout; -- nesqp->terminate_timer.expires = jiffies + HZ; -- nesqp->terminate_timer.data = (unsigned long)nesqp; -- add_timer(&nesqp->terminate_timer); -+ mod_timer(&nesqp->terminate_timer, (jiffies + HZ)); - } - - /** -diff --git a/drivers/infiniband/hw/nes/nes_verbs.c b/drivers/infiniband/hw/nes/nes_verbs.c -index 8b8812d..da84ea3 100644 ---- a/drivers/infiniband/hw/nes/nes_verbs.c -+++ b/drivers/infiniband/hw/nes/nes_verbs.c -@@ -1404,6 +1404,9 @@ static struct ib_qp *nes_create_qp(struct ib_pd *ibpd, - } - - nesqp->sig_all = (init_attr->sq_sig_type == IB_SIGNAL_ALL_WR); -+ init_timer(&nesqp->terminate_timer); -+ nesqp->terminate_timer.function = nes_terminate_timeout; -+ nesqp->terminate_timer.data = (unsigned long)nesqp; - - /* update the QP table */ - nesdev->nesadapter->qp_table[nesqp->hwqp.qp_id-NES_FIRST_QPN] = nesqp; -@@ -1413,7 +1416,6 @@ static struct ib_qp *nes_create_qp(struct ib_pd *ibpd, - return &nesqp->ibqp; - } - -- - /** - * nes_clean_cq - */ -@@ -2559,6 +2561,11 @@ static struct ib_mr *nes_reg_user_mr(struct ib_pd *pd, u64 start, u64 length, - return ibmr; - case IWNES_MEMREG_TYPE_QP: - case IWNES_MEMREG_TYPE_CQ: -+ if (!region->length) { -+ nes_debug(NES_DBG_MR, "Unable to register zero length region for CQ\n"); -+ ib_umem_release(region); -+ return ERR_PTR(-EINVAL); -+ } - nespbl = kzalloc(sizeof(*nespbl), GFP_KERNEL); - if (!nespbl) { - nes_debug(NES_DBG_MR, "Unable to allocate PBL\n"); -diff --git a/drivers/input/joystick/walkera0701.c b/drivers/input/joystick/walkera0701.c -index 4dfa1ee..f8f892b 100644 ---- a/drivers/input/joystick/walkera0701.c -+++ b/drivers/input/joystick/walkera0701.c -@@ -196,6 +196,7 @@ static void walkera0701_close(struct input_dev *dev) - struct walkera_dev *w = input_get_drvdata(dev); - - parport_disable_irq(w->parport); -+ hrtimer_cancel(&w->timer); - } - - static int walkera0701_connect(struct walkera_dev *w, int parport) -@@ -224,6 +225,9 @@ static int walkera0701_connect(struct walkera_dev *w, int parport) - if (parport_claim(w->pardevice)) - goto init_err1; - -+ hrtimer_init(&w->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL); -+ w->timer.function = timer_handler; -+ - w->input_dev = input_allocate_device(); - if (!w->input_dev) - goto init_err2; -@@ -254,8 +258,6 @@ static int walkera0701_connect(struct walkera_dev *w, int parport) - if (err) - goto init_err3; - -- hrtimer_init(&w->timer, CLOCK_MONOTONIC, HRTIMER_MODE_REL); -- w->timer.function = timer_handler; - return 0; - - init_err3: -@@ -271,7 +273,6 @@ static int walkera0701_connect(struct walkera_dev *w, int parport) - - static void walkera0701_disconnect(struct walkera_dev *w) - { -- hrtimer_cancel(&w->timer); - input_unregister_device(w->input_dev); - parport_release(w->pardevice); - parport_unregister_device(w->pardevice); -diff --git a/drivers/input/mouse/sentelic.c b/drivers/input/mouse/sentelic.c -index a261d85..c4c9218 100644 ---- a/drivers/input/mouse/sentelic.c -+++ b/drivers/input/mouse/sentelic.c -@@ -791,7 +791,7 @@ static psmouse_ret_t fsp_process_byte(struct psmouse *psmouse) - fsp_set_slot(dev, 0, fgrs > 0, abs_x, abs_y); - fsp_set_slot(dev, 1, false, 0, 0); - } -- if (fgrs > 0) { -+ if (fgrs == 1 || (fgrs == 2 && !(packet[0] & FSP_PB0_MFMC_FGR2))) { - input_report_abs(dev, ABS_X, abs_x); - input_report_abs(dev, ABS_Y, abs_y); - } -diff --git a/drivers/input/serio/i8042-x86ia64io.h b/drivers/input/serio/i8042-x86ia64io.h -index d6cc77a..5f306f7 100644 ---- a/drivers/input/serio/i8042-x86ia64io.h -+++ b/drivers/input/serio/i8042-x86ia64io.h -@@ -921,6 +921,7 @@ static int __init i8042_platform_init(void) - int retval; - - #ifdef CONFIG_X86 -+ u8 a20_on = 0xdf; - /* Just return if pre-detection shows no i8042 controller exist */ - if (!x86_platform.i8042_detect()) - return -ENODEV; -@@ -960,6 +961,14 @@ static int __init i8042_platform_init(void) - - if (dmi_check_system(i8042_dmi_dritek_table)) - i8042_dritek = true; -+ -+ /* -+ * A20 was already enabled during early kernel init. But some buggy -+ * BIOSes (in MSI Laptops) require A20 to be enabled using 8042 to -+ * resume from S3. So we do it here and hope that nothing breaks. -+ */ -+ i8042_command(&a20_on, 0x10d1); -+ i8042_command(NULL, 0x00ff); /* Null command for SMM firmware */ - #endif /* CONFIG_X86 */ - - return retval; -diff --git a/drivers/iommu/amd_iommu_init.c b/drivers/iommu/amd_iommu_init.c -index 18a89b7..85a928a 100644 ---- a/drivers/iommu/amd_iommu_init.c -+++ b/drivers/iommu/amd_iommu_init.c -@@ -906,6 +906,38 @@ static void __init free_iommu_all(void) - } - - /* -+ * Family15h Model 10h-1fh erratum 746 (IOMMU Logging May Stall Translations) -+ * Workaround: -+ * BIOS should disable L2B micellaneous clock gating by setting -+ * L2_L2B_CK_GATE_CONTROL[CKGateL2BMiscDisable](D0F2xF4_x90[2]) = 1b -+ */ -+static void __init amd_iommu_erratum_746_workaround(struct amd_iommu *iommu) -+{ -+ u32 value; -+ -+ if ((boot_cpu_data.x86 != 0x15) || -+ (boot_cpu_data.x86_model < 0x10) || -+ (boot_cpu_data.x86_model > 0x1f)) -+ return; -+ -+ pci_write_config_dword(iommu->dev, 0xf0, 0x90); -+ pci_read_config_dword(iommu->dev, 0xf4, &value); -+ -+ if (value & BIT(2)) -+ return; -+ -+ /* Select NB indirect register 0x90 and enable writing */ -+ pci_write_config_dword(iommu->dev, 0xf0, 0x90 | (1 << 8)); -+ -+ pci_write_config_dword(iommu->dev, 0xf4, value | 0x4); -+ pr_info("AMD-Vi: Applying erratum 746 workaround for IOMMU at %s\n", -+ dev_name(&iommu->dev->dev)); -+ -+ /* Clear the enable writing bit */ -+ pci_write_config_dword(iommu->dev, 0xf0, 0x90); -+} -+ -+/* - * This function clues the initialization function for one IOMMU - * together and also allocates the command buffer and programs the - * hardware. It does NOT enable the IOMMU. This is done afterwards. -@@ -1092,6 +1124,8 @@ static int iommu_init_pci(struct amd_iommu *iommu) - iommu->stored_l2[i] = iommu_read_l2(iommu, i); - } - -+ amd_iommu_erratum_746_workaround(iommu); -+ - return pci_enable_device(iommu->dev); - } - -@@ -1580,9 +1614,6 @@ static int __init early_amd_iommu_init(void) - if (amd_iommu_pd_alloc_bitmap == NULL) - goto out; - -- /* init the device table */ -- init_device_table(); -- - /* - * let all alias entries point to itself - */ -@@ -1657,6 +1688,7 @@ static bool detect_ivrs(void) - - static int amd_iommu_init_dma(void) - { -+ struct amd_iommu *iommu; - int ret; - - if (iommu_pass_through) -@@ -1667,6 +1699,11 @@ static int amd_iommu_init_dma(void) - if (ret) - return ret; - -+ init_device_table(); -+ -+ for_each_iommu(iommu) -+ iommu_flush_all_caches(iommu); -+ - amd_iommu_init_api(); - - amd_iommu_init_notifier(); -diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c -index 554e6ac..16dc458 100644 ---- a/drivers/iommu/intel-iommu.c -+++ b/drivers/iommu/intel-iommu.c -@@ -1827,10 +1827,17 @@ static int __domain_mapping(struct dmar_domain *domain, unsigned long iov_pfn, - if (!pte) - return -ENOMEM; - /* It is large page*/ -- if (largepage_lvl > 1) -+ if (largepage_lvl > 1) { - pteval |= DMA_PTE_LARGE_PAGE; -- else -+ /* Ensure that old small page tables are removed to make room -+ for superpage, if they exist. */ -+ dma_pte_clear_range(domain, iov_pfn, -+ iov_pfn + lvl_to_nr_pages(largepage_lvl) - 1); -+ dma_pte_free_pagetable(domain, iov_pfn, -+ iov_pfn + lvl_to_nr_pages(largepage_lvl) - 1); -+ } else { - pteval &= ~(uint64_t)DMA_PTE_LARGE_PAGE; -+ } - - } - /* We don't need lock here, nobody else -@@ -2320,8 +2327,39 @@ static int domain_add_dev_info(struct dmar_domain *domain, - return 0; - } - -+static bool device_has_rmrr(struct pci_dev *dev) -+{ -+ struct dmar_rmrr_unit *rmrr; -+ int i; -+ -+ for_each_rmrr_units(rmrr) { -+ for (i = 0; i < rmrr->devices_cnt; i++) { -+ /* -+ * Return TRUE if this RMRR contains the device that -+ * is passed in. -+ */ -+ if (rmrr->devices[i] == dev) -+ return true; -+ } -+ } -+ return false; -+} -+ - static int iommu_should_identity_map(struct pci_dev *pdev, int startup) - { -+ -+ /* -+ * We want to prevent any device associated with an RMRR from -+ * getting placed into the SI Domain. This is done because -+ * problems exist when devices are moved in and out of domains -+ * and their respective RMRR info is lost. We exempt USB devices -+ * from this process due to their usage of RMRRs that are known -+ * to not be needed after BIOS hand-off to OS. -+ */ -+ if (device_has_rmrr(pdev) && -+ (pdev->class >> 8) != PCI_CLASS_SERIAL_USB) -+ return 0; -+ - if ((iommu_identity_mapping & IDENTMAP_AZALIA) && IS_AZALIA(pdev)) - return 1; - -@@ -4196,23 +4234,38 @@ static struct iommu_ops intel_iommu_ops = { - .pgsize_bitmap = INTEL_IOMMU_PGSIZES, - }; - -+static void __devinit quirk_iommu_g4x_gfx(struct pci_dev *dev) -+{ -+ /* G4x/GM45 integrated gfx dmar support is totally busted. */ -+ printk(KERN_INFO "DMAR: Disabling IOMMU for graphics on this chipset\n"); -+ dmar_map_gfx = 0; -+} -+ -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2a40, quirk_iommu_g4x_gfx); -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e00, quirk_iommu_g4x_gfx); -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e10, quirk_iommu_g4x_gfx); -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e20, quirk_iommu_g4x_gfx); -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e30, quirk_iommu_g4x_gfx); -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e40, quirk_iommu_g4x_gfx); -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e90, quirk_iommu_g4x_gfx); -+ - static void __devinit quirk_iommu_rwbf(struct pci_dev *dev) - { - /* - * Mobile 4 Series Chipset neglects to set RWBF capability, -- * but needs it: -+ * but needs it. Same seems to hold for the desktop versions. - */ - printk(KERN_INFO "DMAR: Forcing write-buffer flush capability\n"); - rwbf_quirk = 1; -- -- /* https://bugzilla.redhat.com/show_bug.cgi?id=538163 */ -- if (dev->revision == 0x07) { -- printk(KERN_INFO "DMAR: Disabling IOMMU for graphics on this chipset\n"); -- dmar_map_gfx = 0; -- } - } - - DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2a40, quirk_iommu_rwbf); -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e00, quirk_iommu_rwbf); -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e10, quirk_iommu_rwbf); -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e20, quirk_iommu_rwbf); -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e30, quirk_iommu_rwbf); -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e40, quirk_iommu_rwbf); -+DECLARE_PCI_FIXUP_HEADER(PCI_VENDOR_ID_INTEL, 0x2e90, quirk_iommu_rwbf); - - #define GGC 0x52 - #define GGC_MEMORY_SIZE_MASK (0xf << 8) -diff --git a/drivers/isdn/gigaset/capi.c b/drivers/isdn/gigaset/capi.c -index 68452b7..03a0a01 100644 ---- a/drivers/isdn/gigaset/capi.c -+++ b/drivers/isdn/gigaset/capi.c -@@ -248,6 +248,8 @@ static inline void dump_rawmsg(enum debuglevel level, const char *tag, - CAPIMSG_APPID(data), CAPIMSG_MSGID(data), l, - CAPIMSG_CONTROL(data)); - l -= 12; -+ if (l <= 0) -+ return; - dbgline = kmalloc(3 * l, GFP_ATOMIC); - if (!dbgline) - return; -diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c -index afd9598..a651d52 100644 ---- a/drivers/md/dm-ioctl.c -+++ b/drivers/md/dm-ioctl.c -@@ -1566,6 +1566,14 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl **param) - if (copy_from_user(dmi, user, tmp.data_size)) - goto bad; - -+ /* -+ * Abort if something changed the ioctl data while it was being copied. -+ */ -+ if (dmi->data_size != tmp.data_size) { -+ DMERR("rejecting ioctl: data size modified while processing parameters"); -+ goto bad; -+ } -+ - /* Wipe the user buffer so we do not return it to userspace */ - if (secure_data && clear_user(user, tmp.data_size)) - goto bad; -diff --git a/drivers/md/persistent-data/dm-btree-internal.h b/drivers/md/persistent-data/dm-btree-internal.h -index 5709bfe..accbb05 100644 ---- a/drivers/md/persistent-data/dm-btree-internal.h -+++ b/drivers/md/persistent-data/dm-btree-internal.h -@@ -36,13 +36,13 @@ struct node_header { - __le32 padding; - } __packed; - --struct node { -+struct btree_node { - struct node_header header; - __le64 keys[0]; - } __packed; - - --void inc_children(struct dm_transaction_manager *tm, struct node *n, -+void inc_children(struct dm_transaction_manager *tm, struct btree_node *n, - struct dm_btree_value_type *vt); - - int new_block(struct dm_btree_info *info, struct dm_block **result); -@@ -64,7 +64,7 @@ struct ro_spine { - void init_ro_spine(struct ro_spine *s, struct dm_btree_info *info); - int exit_ro_spine(struct ro_spine *s); - int ro_step(struct ro_spine *s, dm_block_t new_child); --struct node *ro_node(struct ro_spine *s); -+struct btree_node *ro_node(struct ro_spine *s); - - struct shadow_spine { - struct dm_btree_info *info; -@@ -98,17 +98,17 @@ int shadow_root(struct shadow_spine *s); - /* - * Some inlines. - */ --static inline __le64 *key_ptr(struct node *n, uint32_t index) -+static inline __le64 *key_ptr(struct btree_node *n, uint32_t index) - { - return n->keys + index; - } - --static inline void *value_base(struct node *n) -+static inline void *value_base(struct btree_node *n) - { - return &n->keys[le32_to_cpu(n->header.max_entries)]; - } - --static inline void *value_ptr(struct node *n, uint32_t index) -+static inline void *value_ptr(struct btree_node *n, uint32_t index) - { - uint32_t value_size = le32_to_cpu(n->header.value_size); - return value_base(n) + (value_size * index); -@@ -117,7 +117,7 @@ static inline void *value_ptr(struct node *n, uint32_t index) - /* - * Assumes the values are suitably-aligned and converts to core format. - */ --static inline uint64_t value64(struct node *n, uint32_t index) -+static inline uint64_t value64(struct btree_node *n, uint32_t index) - { - __le64 *values_le = value_base(n); - -@@ -127,7 +127,7 @@ static inline uint64_t value64(struct node *n, uint32_t index) - /* - * Searching for a key within a single node. - */ --int lower_bound(struct node *n, uint64_t key); -+int lower_bound(struct btree_node *n, uint64_t key); - - extern struct dm_block_validator btree_node_validator; - -diff --git a/drivers/md/persistent-data/dm-btree-remove.c b/drivers/md/persistent-data/dm-btree-remove.c -index aa71e23..c4f2813 100644 ---- a/drivers/md/persistent-data/dm-btree-remove.c -+++ b/drivers/md/persistent-data/dm-btree-remove.c -@@ -53,7 +53,7 @@ - /* - * Some little utilities for moving node data around. - */ --static void node_shift(struct node *n, int shift) -+static void node_shift(struct btree_node *n, int shift) - { - uint32_t nr_entries = le32_to_cpu(n->header.nr_entries); - uint32_t value_size = le32_to_cpu(n->header.value_size); -@@ -79,7 +79,7 @@ static void node_shift(struct node *n, int shift) - } - } - --static void node_copy(struct node *left, struct node *right, int shift) -+static void node_copy(struct btree_node *left, struct btree_node *right, int shift) - { - uint32_t nr_left = le32_to_cpu(left->header.nr_entries); - uint32_t value_size = le32_to_cpu(left->header.value_size); -@@ -108,7 +108,7 @@ static void node_copy(struct node *left, struct node *right, int shift) - /* - * Delete a specific entry from a leaf node. - */ --static void delete_at(struct node *n, unsigned index) -+static void delete_at(struct btree_node *n, unsigned index) - { - unsigned nr_entries = le32_to_cpu(n->header.nr_entries); - unsigned nr_to_copy = nr_entries - (index + 1); -@@ -128,7 +128,7 @@ static void delete_at(struct node *n, unsigned index) - n->header.nr_entries = cpu_to_le32(nr_entries - 1); - } - --static unsigned merge_threshold(struct node *n) -+static unsigned merge_threshold(struct btree_node *n) - { - return le32_to_cpu(n->header.max_entries) / 3; - } -@@ -136,7 +136,7 @@ static unsigned merge_threshold(struct node *n) - struct child { - unsigned index; - struct dm_block *block; -- struct node *n; -+ struct btree_node *n; - }; - - static struct dm_btree_value_type le64_type = { -@@ -147,7 +147,7 @@ static struct dm_btree_value_type le64_type = { - .equal = NULL - }; - --static int init_child(struct dm_btree_info *info, struct node *parent, -+static int init_child(struct dm_btree_info *info, struct btree_node *parent, - unsigned index, struct child *result) - { - int r, inc; -@@ -177,7 +177,7 @@ static int exit_child(struct dm_btree_info *info, struct child *c) - return dm_tm_unlock(info->tm, c->block); - } - --static void shift(struct node *left, struct node *right, int count) -+static void shift(struct btree_node *left, struct btree_node *right, int count) - { - uint32_t nr_left = le32_to_cpu(left->header.nr_entries); - uint32_t nr_right = le32_to_cpu(right->header.nr_entries); -@@ -203,11 +203,11 @@ static void shift(struct node *left, struct node *right, int count) - right->header.nr_entries = cpu_to_le32(nr_right + count); - } - --static void __rebalance2(struct dm_btree_info *info, struct node *parent, -+static void __rebalance2(struct dm_btree_info *info, struct btree_node *parent, - struct child *l, struct child *r) - { -- struct node *left = l->n; -- struct node *right = r->n; -+ struct btree_node *left = l->n; -+ struct btree_node *right = r->n; - uint32_t nr_left = le32_to_cpu(left->header.nr_entries); - uint32_t nr_right = le32_to_cpu(right->header.nr_entries); - unsigned threshold = 2 * merge_threshold(left) + 1; -@@ -239,7 +239,7 @@ static int rebalance2(struct shadow_spine *s, struct dm_btree_info *info, - unsigned left_index) - { - int r; -- struct node *parent; -+ struct btree_node *parent; - struct child left, right; - - parent = dm_block_data(shadow_current(s)); -@@ -270,9 +270,9 @@ static int rebalance2(struct shadow_spine *s, struct dm_btree_info *info, - * in right, then rebalance2. This wastes some cpu, but I want something - * simple atm. - */ --static void delete_center_node(struct dm_btree_info *info, struct node *parent, -+static void delete_center_node(struct dm_btree_info *info, struct btree_node *parent, - struct child *l, struct child *c, struct child *r, -- struct node *left, struct node *center, struct node *right, -+ struct btree_node *left, struct btree_node *center, struct btree_node *right, - uint32_t nr_left, uint32_t nr_center, uint32_t nr_right) - { - uint32_t max_entries = le32_to_cpu(left->header.max_entries); -@@ -301,9 +301,9 @@ static void delete_center_node(struct dm_btree_info *info, struct node *parent, - /* - * Redistributes entries among 3 sibling nodes. - */ --static void redistribute3(struct dm_btree_info *info, struct node *parent, -+static void redistribute3(struct dm_btree_info *info, struct btree_node *parent, - struct child *l, struct child *c, struct child *r, -- struct node *left, struct node *center, struct node *right, -+ struct btree_node *left, struct btree_node *center, struct btree_node *right, - uint32_t nr_left, uint32_t nr_center, uint32_t nr_right) - { - int s; -@@ -343,12 +343,12 @@ static void redistribute3(struct dm_btree_info *info, struct node *parent, - *key_ptr(parent, r->index) = right->keys[0]; - } - --static void __rebalance3(struct dm_btree_info *info, struct node *parent, -+static void __rebalance3(struct dm_btree_info *info, struct btree_node *parent, - struct child *l, struct child *c, struct child *r) - { -- struct node *left = l->n; -- struct node *center = c->n; -- struct node *right = r->n; -+ struct btree_node *left = l->n; -+ struct btree_node *center = c->n; -+ struct btree_node *right = r->n; - - uint32_t nr_left = le32_to_cpu(left->header.nr_entries); - uint32_t nr_center = le32_to_cpu(center->header.nr_entries); -@@ -371,7 +371,7 @@ static int rebalance3(struct shadow_spine *s, struct dm_btree_info *info, - unsigned left_index) - { - int r; -- struct node *parent = dm_block_data(shadow_current(s)); -+ struct btree_node *parent = dm_block_data(shadow_current(s)); - struct child left, center, right; - - /* -@@ -421,7 +421,7 @@ static int get_nr_entries(struct dm_transaction_manager *tm, - { - int r; - struct dm_block *block; -- struct node *n; -+ struct btree_node *n; - - r = dm_tm_read_lock(tm, b, &btree_node_validator, &block); - if (r) -@@ -438,7 +438,7 @@ static int rebalance_children(struct shadow_spine *s, - { - int i, r, has_left_sibling, has_right_sibling; - uint32_t child_entries; -- struct node *n; -+ struct btree_node *n; - - n = dm_block_data(shadow_current(s)); - -@@ -483,7 +483,7 @@ static int rebalance_children(struct shadow_spine *s, - return r; - } - --static int do_leaf(struct node *n, uint64_t key, unsigned *index) -+static int do_leaf(struct btree_node *n, uint64_t key, unsigned *index) - { - int i = lower_bound(n, key); - -@@ -506,7 +506,7 @@ static int remove_raw(struct shadow_spine *s, struct dm_btree_info *info, - uint64_t key, unsigned *index) - { - int i = *index, r; -- struct node *n; -+ struct btree_node *n; - - for (;;) { - r = shadow_step(s, root, vt); -@@ -556,7 +556,7 @@ int dm_btree_remove(struct dm_btree_info *info, dm_block_t root, - unsigned level, last_level = info->levels - 1; - int index = 0, r = 0; - struct shadow_spine spine; -- struct node *n; -+ struct btree_node *n; - - init_shadow_spine(&spine, info); - for (level = 0; level < info->levels; level++) { -diff --git a/drivers/md/persistent-data/dm-btree-spine.c b/drivers/md/persistent-data/dm-btree-spine.c -index d9a7912..2f0805c 100644 ---- a/drivers/md/persistent-data/dm-btree-spine.c -+++ b/drivers/md/persistent-data/dm-btree-spine.c -@@ -23,7 +23,7 @@ static void node_prepare_for_write(struct dm_block_validator *v, - struct dm_block *b, - size_t block_size) - { -- struct node *n = dm_block_data(b); -+ struct btree_node *n = dm_block_data(b); - struct node_header *h = &n->header; - - h->blocknr = cpu_to_le64(dm_block_location(b)); -@@ -38,7 +38,7 @@ static int node_check(struct dm_block_validator *v, - struct dm_block *b, - size_t block_size) - { -- struct node *n = dm_block_data(b); -+ struct btree_node *n = dm_block_data(b); - struct node_header *h = &n->header; - size_t value_size; - __le32 csum_disk; -@@ -164,7 +164,7 @@ int ro_step(struct ro_spine *s, dm_block_t new_child) - return r; - } - --struct node *ro_node(struct ro_spine *s) -+struct btree_node *ro_node(struct ro_spine *s) - { - struct dm_block *block; - -diff --git a/drivers/md/persistent-data/dm-btree.c b/drivers/md/persistent-data/dm-btree.c -index d12b2cc..371f3d4 100644 ---- a/drivers/md/persistent-data/dm-btree.c -+++ b/drivers/md/persistent-data/dm-btree.c -@@ -38,7 +38,7 @@ static void array_insert(void *base, size_t elt_size, unsigned nr_elts, - /*----------------------------------------------------------------*/ - - /* makes the assumption that no two keys are the same. */ --static int bsearch(struct node *n, uint64_t key, int want_hi) -+static int bsearch(struct btree_node *n, uint64_t key, int want_hi) - { - int lo = -1, hi = le32_to_cpu(n->header.nr_entries); - -@@ -58,12 +58,12 @@ static int bsearch(struct node *n, uint64_t key, int want_hi) - return want_hi ? hi : lo; - } - --int lower_bound(struct node *n, uint64_t key) -+int lower_bound(struct btree_node *n, uint64_t key) - { - return bsearch(n, key, 0); - } - --void inc_children(struct dm_transaction_manager *tm, struct node *n, -+void inc_children(struct dm_transaction_manager *tm, struct btree_node *n, - struct dm_btree_value_type *vt) - { - unsigned i; -@@ -77,7 +77,7 @@ void inc_children(struct dm_transaction_manager *tm, struct node *n, - vt->inc(vt->context, value_ptr(n, i)); - } - --static int insert_at(size_t value_size, struct node *node, unsigned index, -+static int insert_at(size_t value_size, struct btree_node *node, unsigned index, - uint64_t key, void *value) - __dm_written_to_disk(value) - { -@@ -122,7 +122,7 @@ int dm_btree_empty(struct dm_btree_info *info, dm_block_t *root) - { - int r; - struct dm_block *b; -- struct node *n; -+ struct btree_node *n; - size_t block_size; - uint32_t max_entries; - -@@ -154,7 +154,7 @@ EXPORT_SYMBOL_GPL(dm_btree_empty); - #define MAX_SPINE_DEPTH 64 - struct frame { - struct dm_block *b; -- struct node *n; -+ struct btree_node *n; - unsigned level; - unsigned nr_children; - unsigned current_child; -@@ -295,7 +295,7 @@ EXPORT_SYMBOL_GPL(dm_btree_del); - /*----------------------------------------------------------------*/ - - static int btree_lookup_raw(struct ro_spine *s, dm_block_t block, uint64_t key, -- int (*search_fn)(struct node *, uint64_t), -+ int (*search_fn)(struct btree_node *, uint64_t), - uint64_t *result_key, void *v, size_t value_size) - { - int i, r; -@@ -406,7 +406,7 @@ static int btree_split_sibling(struct shadow_spine *s, dm_block_t root, - size_t size; - unsigned nr_left, nr_right; - struct dm_block *left, *right, *parent; -- struct node *ln, *rn, *pn; -+ struct btree_node *ln, *rn, *pn; - __le64 location; - - left = shadow_current(s); -@@ -491,7 +491,7 @@ static int btree_split_beneath(struct shadow_spine *s, uint64_t key) - size_t size; - unsigned nr_left, nr_right; - struct dm_block *left, *right, *new_parent; -- struct node *pn, *ln, *rn; -+ struct btree_node *pn, *ln, *rn; - __le64 val; - - new_parent = shadow_current(s); -@@ -576,7 +576,7 @@ static int btree_insert_raw(struct shadow_spine *s, dm_block_t root, - uint64_t key, unsigned *index) - { - int r, i = *index, top = 1; -- struct node *node; -+ struct btree_node *node; - - for (;;) { - r = shadow_step(s, root, vt); -@@ -643,7 +643,7 @@ static int insert(struct dm_btree_info *info, dm_block_t root, - unsigned level, index = -1, last_level = info->levels - 1; - dm_block_t block = root; - struct shadow_spine spine; -- struct node *n; -+ struct btree_node *n; - struct dm_btree_value_type le64_type; - - le64_type.context = NULL; -diff --git a/drivers/media/rc/rc-main.c b/drivers/media/rc/rc-main.c -index cabc19c..cec1f8c 100644 ---- a/drivers/media/rc/rc-main.c -+++ b/drivers/media/rc/rc-main.c -@@ -778,8 +778,10 @@ static ssize_t show_protocols(struct device *device, - } else if (dev->raw) { - enabled = dev->raw->enabled_protocols; - allowed = ir_raw_get_allowed_protocols(); -- } else -+ } else { -+ mutex_unlock(&dev->lock); - return -ENODEV; -+ } - - IR_dprintk(1, "allowed - 0x%llx, enabled - 0x%llx\n", - (long long)allowed, -diff --git a/drivers/mfd/mfd-core.c b/drivers/mfd/mfd-core.c -index f8b7771..7604f4e 100644 ---- a/drivers/mfd/mfd-core.c -+++ b/drivers/mfd/mfd-core.c -@@ -21,6 +21,10 @@ - #include <linux/irqdomain.h> - #include <linux/of.h> - -+static struct device_type mfd_dev_type = { -+ .name = "mfd_device", -+}; -+ - int mfd_cell_enable(struct platform_device *pdev) - { - const struct mfd_cell *cell = mfd_get_cell(pdev); -@@ -91,6 +95,7 @@ static int mfd_add_device(struct device *parent, int id, - goto fail_device; - - pdev->dev.parent = parent; -+ pdev->dev.type = &mfd_dev_type; - - if (parent->of_node && cell->of_compatible) { - for_each_child_of_node(parent->of_node, np) { -@@ -204,10 +209,16 @@ EXPORT_SYMBOL(mfd_add_devices); - - static int mfd_remove_devices_fn(struct device *dev, void *c) - { -- struct platform_device *pdev = to_platform_device(dev); -- const struct mfd_cell *cell = mfd_get_cell(pdev); -+ struct platform_device *pdev; -+ const struct mfd_cell *cell; - atomic_t **usage_count = c; - -+ if (dev->type != &mfd_dev_type) -+ return 0; -+ -+ pdev = to_platform_device(dev); -+ cell = mfd_get_cell(pdev); -+ - /* find the base address of usage_count pointers (for freeing) */ - if (!*usage_count || (cell->usage_count < *usage_count)) - *usage_count = cell->usage_count; -diff --git a/drivers/mfd/wm8994-core.c b/drivers/mfd/wm8994-core.c -index 2febf88..38de846 100644 ---- a/drivers/mfd/wm8994-core.c -+++ b/drivers/mfd/wm8994-core.c -@@ -557,6 +557,7 @@ static __devinit int wm8994_device_init(struct wm8994 *wm8994, int irq) - case 1: - case 2: - case 3: -+ case 4: - regmap_patch = wm1811_reva_patch; - patch_regs = ARRAY_SIZE(wm1811_reva_patch); - break; -diff --git a/drivers/misc/sgi-xp/xpc_main.c b/drivers/misc/sgi-xp/xpc_main.c -index 8d082b4..d971817 100644 ---- a/drivers/misc/sgi-xp/xpc_main.c -+++ b/drivers/misc/sgi-xp/xpc_main.c -@@ -53,6 +53,10 @@ - #include <linux/kthread.h> - #include "xpc.h" - -+#ifdef CONFIG_X86_64 -+#include <asm/traps.h> -+#endif -+ - /* define two XPC debug device structures to be used with dev_dbg() et al */ - - struct device_driver xpc_dbg_name = { -@@ -1079,6 +1083,9 @@ xpc_system_reboot(struct notifier_block *nb, unsigned long event, void *unused) - return NOTIFY_DONE; - } - -+/* Used to only allow one cpu to complete disconnect */ -+static unsigned int xpc_die_disconnecting; -+ - /* - * Notify other partitions to deactivate from us by first disengaging from all - * references to our memory. -@@ -1092,6 +1099,9 @@ xpc_die_deactivate(void) - long keep_waiting; - long wait_to_print; - -+ if (cmpxchg(&xpc_die_disconnecting, 0, 1)) -+ return; -+ - /* keep xpc_hb_checker thread from doing anything (just in case) */ - xpc_exiting = 1; - -@@ -1159,7 +1169,7 @@ xpc_die_deactivate(void) - * about the lack of a heartbeat. - */ - static int --xpc_system_die(struct notifier_block *nb, unsigned long event, void *unused) -+xpc_system_die(struct notifier_block *nb, unsigned long event, void *_die_args) - { - #ifdef CONFIG_IA64 /* !!! temporary kludge */ - switch (event) { -@@ -1191,7 +1201,27 @@ xpc_system_die(struct notifier_block *nb, unsigned long event, void *unused) - break; - } - #else -- xpc_die_deactivate(); -+ struct die_args *die_args = _die_args; -+ -+ switch (event) { -+ case DIE_TRAP: -+ if (die_args->trapnr == X86_TRAP_DF) -+ xpc_die_deactivate(); -+ -+ if (((die_args->trapnr == X86_TRAP_MF) || -+ (die_args->trapnr == X86_TRAP_XF)) && -+ !user_mode_vm(die_args->regs)) -+ xpc_die_deactivate(); -+ -+ break; -+ case DIE_INT3: -+ case DIE_DEBUG: -+ break; -+ case DIE_OOPS: -+ case DIE_GPF: -+ default: -+ xpc_die_deactivate(); -+ } - #endif - - return NOTIFY_DONE; -diff --git a/drivers/mmc/host/sdhci-esdhc-imx.c b/drivers/mmc/host/sdhci-esdhc-imx.c -index e23f813..c80c588 100644 ---- a/drivers/mmc/host/sdhci-esdhc-imx.c -+++ b/drivers/mmc/host/sdhci-esdhc-imx.c -@@ -237,15 +237,18 @@ static void esdhc_writel_le(struct sdhci_host *host, u32 val, int reg) - - static u16 esdhc_readw_le(struct sdhci_host *host, int reg) - { -+ struct sdhci_pltfm_host *pltfm_host = sdhci_priv(host); -+ struct pltfm_imx_data *imx_data = pltfm_host->priv; -+ - if (unlikely(reg == SDHCI_HOST_VERSION)) { -- u16 val = readw(host->ioaddr + (reg ^ 2)); -- /* -- * uSDHC supports SDHCI v3.0, but it's encoded as value -- * 0x3 in host controller version register, which violates -- * SDHCI_SPEC_300 definition. Work it around here. -- */ -- if ((val & SDHCI_SPEC_VER_MASK) == 3) -- return --val; -+ reg ^= 2; -+ if (is_imx6q_usdhc(imx_data)) { -+ /* -+ * The usdhc register returns a wrong host version. -+ * Correct it here. -+ */ -+ return SDHCI_SPEC_300; -+ } - } - - return readw(host->ioaddr + reg); -diff --git a/drivers/mtd/nand/cs553x_nand.c b/drivers/mtd/nand/cs553x_nand.c -index adb6c3e..2cdeab8 100644 ---- a/drivers/mtd/nand/cs553x_nand.c -+++ b/drivers/mtd/nand/cs553x_nand.c -@@ -237,6 +237,7 @@ static int __init cs553x_init_one(int cs, int mmio, unsigned long adr) - this->ecc.hwctl = cs_enable_hwecc; - this->ecc.calculate = cs_calculate_ecc; - this->ecc.correct = nand_correct_data; -+ this->ecc.strength = 1; - - /* Enable the following for a flash based bad block table */ - this->bbt_options = NAND_BBT_USE_FLASH; -@@ -247,8 +248,6 @@ static int __init cs553x_init_one(int cs, int mmio, unsigned long adr) - goto out_ior; - } - -- this->ecc.strength = 1; -- - new_mtd->name = kasprintf(GFP_KERNEL, "cs553x_nand_cs%d", cs); - - cs553x_mtd[cs] = new_mtd; -diff --git a/drivers/mtd/nand/gpmi-nand/gpmi-lib.c b/drivers/mtd/nand/gpmi-nand/gpmi-lib.c -index a1f4332..b27e215 100644 ---- a/drivers/mtd/nand/gpmi-nand/gpmi-lib.c -+++ b/drivers/mtd/nand/gpmi-nand/gpmi-lib.c -@@ -136,6 +136,15 @@ int gpmi_init(struct gpmi_nand_data *this) - if (ret) - goto err_out; - -+ /* -+ * Reset BCH here, too. We got failures otherwise :( -+ * See later BCH reset for explanation of MX23 handling -+ */ -+ ret = gpmi_reset_block(r->bch_regs, GPMI_IS_MX23(this)); -+ if (ret) -+ goto err_out; -+ -+ - /* Choose NAND mode. */ - writel(BM_GPMI_CTRL1_GPMI_MODE, r->gpmi_regs + HW_GPMI_CTRL1_CLR); - -diff --git a/drivers/net/can/c_can/c_can.c b/drivers/net/can/c_can/c_can.c -index 4c538e3..f56a48e 100644 ---- a/drivers/net/can/c_can/c_can.c -+++ b/drivers/net/can/c_can/c_can.c -@@ -918,7 +918,7 @@ static int c_can_handle_bus_err(struct net_device *dev, - break; - case LEC_ACK_ERROR: - netdev_dbg(dev, "ack error\n"); -- cf->data[2] |= (CAN_ERR_PROT_LOC_ACK | -+ cf->data[3] |= (CAN_ERR_PROT_LOC_ACK | - CAN_ERR_PROT_LOC_ACK_DEL); - break; - case LEC_BIT1_ERROR: -@@ -931,7 +931,7 @@ static int c_can_handle_bus_err(struct net_device *dev, - break; - case LEC_CRC_ERROR: - netdev_dbg(dev, "CRC error\n"); -- cf->data[2] |= (CAN_ERR_PROT_LOC_CRC_SEQ | -+ cf->data[3] |= (CAN_ERR_PROT_LOC_CRC_SEQ | - CAN_ERR_PROT_LOC_CRC_DEL); - break; - default: -diff --git a/drivers/net/can/dev.c b/drivers/net/can/dev.c -index 963e2cc..8233e5e 100644 ---- a/drivers/net/can/dev.c -+++ b/drivers/net/can/dev.c -@@ -609,8 +609,7 @@ void close_candev(struct net_device *dev) - { - struct can_priv *priv = netdev_priv(dev); - -- if (del_timer_sync(&priv->restart_timer)) -- dev_put(dev); -+ del_timer_sync(&priv->restart_timer); - can_flush_echo_skb(dev); - } - EXPORT_SYMBOL_GPL(close_candev); -diff --git a/drivers/net/can/pch_can.c b/drivers/net/can/pch_can.c -index 48b3d62..7a43d4d 100644 ---- a/drivers/net/can/pch_can.c -+++ b/drivers/net/can/pch_can.c -@@ -560,7 +560,7 @@ static void pch_can_error(struct net_device *ndev, u32 status) - stats->rx_errors++; - break; - case PCH_CRC_ERR: -- cf->data[2] |= CAN_ERR_PROT_LOC_CRC_SEQ | -+ cf->data[3] |= CAN_ERR_PROT_LOC_CRC_SEQ | - CAN_ERR_PROT_LOC_CRC_DEL; - priv->can.can_stats.bus_error++; - stats->rx_errors++; -diff --git a/drivers/net/can/ti_hecc.c b/drivers/net/can/ti_hecc.c -index 9ded21e..44996a9 100644 ---- a/drivers/net/can/ti_hecc.c -+++ b/drivers/net/can/ti_hecc.c -@@ -746,12 +746,12 @@ static int ti_hecc_error(struct net_device *ndev, int int_status, - } - if (err_status & HECC_CANES_CRCE) { - hecc_set_bit(priv, HECC_CANES, HECC_CANES_CRCE); -- cf->data[2] |= CAN_ERR_PROT_LOC_CRC_SEQ | -+ cf->data[3] |= CAN_ERR_PROT_LOC_CRC_SEQ | - CAN_ERR_PROT_LOC_CRC_DEL; - } - if (err_status & HECC_CANES_ACKE) { - hecc_set_bit(priv, HECC_CANES, HECC_CANES_ACKE); -- cf->data[2] |= CAN_ERR_PROT_LOC_ACK | -+ cf->data[3] |= CAN_ERR_PROT_LOC_ACK | - CAN_ERR_PROT_LOC_ACK_DEL; - } - } -diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c -index 711eb14..3756278 100644 ---- a/drivers/net/ethernet/broadcom/tg3.c -+++ b/drivers/net/ethernet/broadcom/tg3.c -@@ -1245,14 +1245,26 @@ static int tg3_phy_auxctl_write(struct tg3 *tp, int reg, u32 set) - return tg3_writephy(tp, MII_TG3_AUX_CTRL, set | reg); - } - --#define TG3_PHY_AUXCTL_SMDSP_ENABLE(tp) \ -- tg3_phy_auxctl_write((tp), MII_TG3_AUXCTL_SHDWSEL_AUXCTL, \ -- MII_TG3_AUXCTL_ACTL_SMDSP_ENA | \ -- MII_TG3_AUXCTL_ACTL_TX_6DB) -+static int tg3_phy_toggle_auxctl_smdsp(struct tg3 *tp, bool enable) -+{ -+ u32 val; -+ int err; - --#define TG3_PHY_AUXCTL_SMDSP_DISABLE(tp) \ -- tg3_phy_auxctl_write((tp), MII_TG3_AUXCTL_SHDWSEL_AUXCTL, \ -- MII_TG3_AUXCTL_ACTL_TX_6DB); -+ err = tg3_phy_auxctl_read(tp, MII_TG3_AUXCTL_SHDWSEL_AUXCTL, &val); -+ -+ if (err) -+ return err; -+ if (enable) -+ -+ val |= MII_TG3_AUXCTL_ACTL_SMDSP_ENA; -+ else -+ val &= ~MII_TG3_AUXCTL_ACTL_SMDSP_ENA; -+ -+ err = tg3_phy_auxctl_write((tp), MII_TG3_AUXCTL_SHDWSEL_AUXCTL, -+ val | MII_TG3_AUXCTL_ACTL_TX_6DB); -+ -+ return err; -+} - - static int tg3_bmcr_reset(struct tg3 *tp) - { -@@ -2185,7 +2197,7 @@ static void tg3_phy_apply_otp(struct tg3 *tp) - - otp = tp->phy_otp; - -- if (TG3_PHY_AUXCTL_SMDSP_ENABLE(tp)) -+ if (tg3_phy_toggle_auxctl_smdsp(tp, true)) - return; - - phy = ((otp & TG3_OTP_AGCTGT_MASK) >> TG3_OTP_AGCTGT_SHIFT); -@@ -2210,7 +2222,7 @@ static void tg3_phy_apply_otp(struct tg3 *tp) - ((otp & TG3_OTP_RCOFF_MASK) >> TG3_OTP_RCOFF_SHIFT); - tg3_phydsp_write(tp, MII_TG3_DSP_EXP97, phy); - -- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); -+ tg3_phy_toggle_auxctl_smdsp(tp, false); - } - - static void tg3_phy_eee_adjust(struct tg3 *tp, u32 current_link_up) -@@ -2246,9 +2258,9 @@ static void tg3_phy_eee_adjust(struct tg3 *tp, u32 current_link_up) - - if (!tp->setlpicnt) { - if (current_link_up == 1 && -- !TG3_PHY_AUXCTL_SMDSP_ENABLE(tp)) { -+ !tg3_phy_toggle_auxctl_smdsp(tp, true)) { - tg3_phydsp_write(tp, MII_TG3_DSP_TAP26, 0x0000); -- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); -+ tg3_phy_toggle_auxctl_smdsp(tp, false); - } - - val = tr32(TG3_CPMU_EEE_MODE); -@@ -2264,11 +2276,11 @@ static void tg3_phy_eee_enable(struct tg3 *tp) - (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5717 || - GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5719 || - tg3_flag(tp, 57765_CLASS)) && -- !TG3_PHY_AUXCTL_SMDSP_ENABLE(tp)) { -+ !tg3_phy_toggle_auxctl_smdsp(tp, true)) { - val = MII_TG3_DSP_TAP26_ALNOKO | - MII_TG3_DSP_TAP26_RMRXSTO; - tg3_phydsp_write(tp, MII_TG3_DSP_TAP26, val); -- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); -+ tg3_phy_toggle_auxctl_smdsp(tp, false); - } - - val = tr32(TG3_CPMU_EEE_MODE); -@@ -2412,7 +2424,7 @@ static int tg3_phy_reset_5703_4_5(struct tg3 *tp) - tg3_writephy(tp, MII_CTRL1000, - CTL1000_AS_MASTER | CTL1000_ENABLE_MASTER); - -- err = TG3_PHY_AUXCTL_SMDSP_ENABLE(tp); -+ err = tg3_phy_toggle_auxctl_smdsp(tp, true); - if (err) - return err; - -@@ -2433,7 +2445,7 @@ static int tg3_phy_reset_5703_4_5(struct tg3 *tp) - tg3_writephy(tp, MII_TG3_DSP_ADDRESS, 0x8200); - tg3_writephy(tp, MII_TG3_DSP_CONTROL, 0x0000); - -- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); -+ tg3_phy_toggle_auxctl_smdsp(tp, false); - - tg3_writephy(tp, MII_CTRL1000, phy9_orig); - -@@ -2522,10 +2534,10 @@ static int tg3_phy_reset(struct tg3 *tp) - - out: - if ((tp->phy_flags & TG3_PHYFLG_ADC_BUG) && -- !TG3_PHY_AUXCTL_SMDSP_ENABLE(tp)) { -+ !tg3_phy_toggle_auxctl_smdsp(tp, true)) { - tg3_phydsp_write(tp, 0x201f, 0x2aaa); - tg3_phydsp_write(tp, 0x000a, 0x0323); -- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); -+ tg3_phy_toggle_auxctl_smdsp(tp, false); - } - - if (tp->phy_flags & TG3_PHYFLG_5704_A0_BUG) { -@@ -2534,14 +2546,14 @@ out: - } - - if (tp->phy_flags & TG3_PHYFLG_BER_BUG) { -- if (!TG3_PHY_AUXCTL_SMDSP_ENABLE(tp)) { -+ if (!tg3_phy_toggle_auxctl_smdsp(tp, true)) { - tg3_phydsp_write(tp, 0x000a, 0x310b); - tg3_phydsp_write(tp, 0x201f, 0x9506); - tg3_phydsp_write(tp, 0x401f, 0x14e2); -- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); -+ tg3_phy_toggle_auxctl_smdsp(tp, false); - } - } else if (tp->phy_flags & TG3_PHYFLG_JITTER_BUG) { -- if (!TG3_PHY_AUXCTL_SMDSP_ENABLE(tp)) { -+ if (!tg3_phy_toggle_auxctl_smdsp(tp, true)) { - tg3_writephy(tp, MII_TG3_DSP_ADDRESS, 0x000a); - if (tp->phy_flags & TG3_PHYFLG_ADJUST_TRIM) { - tg3_writephy(tp, MII_TG3_DSP_RW_PORT, 0x110b); -@@ -2550,7 +2562,7 @@ out: - } else - tg3_writephy(tp, MII_TG3_DSP_RW_PORT, 0x010b); - -- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); -+ tg3_phy_toggle_auxctl_smdsp(tp, false); - } - } - -@@ -3967,7 +3979,7 @@ static int tg3_phy_autoneg_cfg(struct tg3 *tp, u32 advertise, u32 flowctrl) - tw32(TG3_CPMU_EEE_MODE, - tr32(TG3_CPMU_EEE_MODE) & ~TG3_CPMU_EEEMD_LPI_ENABLE); - -- err = TG3_PHY_AUXCTL_SMDSP_ENABLE(tp); -+ err = tg3_phy_toggle_auxctl_smdsp(tp, true); - if (!err) { - u32 err2; - -@@ -4000,7 +4012,7 @@ static int tg3_phy_autoneg_cfg(struct tg3 *tp, u32 advertise, u32 flowctrl) - MII_TG3_DSP_CH34TP2_HIBW01); - } - -- err2 = TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); -+ err2 = tg3_phy_toggle_auxctl_smdsp(tp, false); - if (!err) - err = err2; - } -@@ -6703,6 +6715,9 @@ static void tg3_poll_controller(struct net_device *dev) - int i; - struct tg3 *tp = netdev_priv(dev); - -+ if (tg3_irq_sync(tp)) -+ return; -+ - for (i = 0; i < tp->irq_cnt; i++) - tg3_interrupt(tp->napi[i].irq_vec, &tp->napi[i]); - } -@@ -15806,6 +15821,7 @@ static int __devinit tg3_init_one(struct pci_dev *pdev, - tp->pm_cap = pm_cap; - tp->rx_mode = TG3_DEF_RX_MODE; - tp->tx_mode = TG3_DEF_TX_MODE; -+ tp->irq_sync = 1; - - if (tg3_debug > 0) - tp->msg_enable = tg3_debug; -diff --git a/drivers/net/ethernet/calxeda/xgmac.c b/drivers/net/ethernet/calxeda/xgmac.c -index 16814b3..e29c1b6 100644 ---- a/drivers/net/ethernet/calxeda/xgmac.c -+++ b/drivers/net/ethernet/calxeda/xgmac.c -@@ -546,6 +546,10 @@ static int desc_get_rx_status(struct xgmac_priv *priv, struct xgmac_dma_desc *p) - return -1; - } - -+ /* All frames should fit into a single buffer */ -+ if (!(status & RXDESC_FIRST_SEG) || !(status & RXDESC_LAST_SEG)) -+ return -1; -+ - /* Check if packet has checksum already */ - if ((status & RXDESC_FRAME_TYPE) && (status & RXDESC_EXT_STATUS) && - !(ext_status & RXDESC_IP_PAYLOAD_MASK)) -diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c -index 48cc4fb..8a747b7 100644 ---- a/drivers/net/ethernet/intel/igb/igb_main.c -+++ b/drivers/net/ethernet/intel/igb/igb_main.c -@@ -936,17 +936,18 @@ static int igb_request_msix(struct igb_adapter *adapter) - { - struct net_device *netdev = adapter->netdev; - struct e1000_hw *hw = &adapter->hw; -- int i, err = 0, vector = 0; -+ int i, err = 0, vector = 0, free_vector = 0; - - err = request_irq(adapter->msix_entries[vector].vector, - igb_msix_other, 0, netdev->name, adapter); - if (err) -- goto out; -- vector++; -+ goto err_out; - - for (i = 0; i < adapter->num_q_vectors; i++) { - struct igb_q_vector *q_vector = adapter->q_vector[i]; - -+ vector++; -+ - q_vector->itr_register = hw->hw_addr + E1000_EITR(vector); - - if (q_vector->rx.ring && q_vector->tx.ring) -@@ -965,13 +966,22 @@ static int igb_request_msix(struct igb_adapter *adapter) - igb_msix_ring, 0, q_vector->name, - q_vector); - if (err) -- goto out; -- vector++; -+ goto err_free; - } - - igb_configure_msix(adapter); - return 0; --out: -+ -+err_free: -+ /* free already assigned IRQs */ -+ free_irq(adapter->msix_entries[free_vector++].vector, adapter); -+ -+ vector--; -+ for (i = 0; i < vector; i++) { -+ free_irq(adapter->msix_entries[free_vector++].vector, -+ adapter->q_vector[i]); -+ } -+err_out: - return err; - } - -@@ -4661,11 +4671,13 @@ void igb_update_stats(struct igb_adapter *adapter, - bytes = 0; - packets = 0; - for (i = 0; i < adapter->num_rx_queues; i++) { -- u32 rqdpc_tmp = rd32(E1000_RQDPC(i)) & 0x0FFF; -+ u32 rqdpc = rd32(E1000_RQDPC(i)); - struct igb_ring *ring = adapter->rx_ring[i]; - -- ring->rx_stats.drops += rqdpc_tmp; -- net_stats->rx_fifo_errors += rqdpc_tmp; -+ if (rqdpc) { -+ ring->rx_stats.drops += rqdpc; -+ net_stats->rx_fifo_errors += rqdpc; -+ } - - do { - start = u64_stats_fetch_begin_bh(&ring->rx_syncp); -diff --git a/drivers/net/ethernet/mellanox/mlx4/en_tx.c b/drivers/net/ethernet/mellanox/mlx4/en_tx.c -index 10bba09..2af24ba 100644 ---- a/drivers/net/ethernet/mellanox/mlx4/en_tx.c -+++ b/drivers/net/ethernet/mellanox/mlx4/en_tx.c -@@ -630,10 +630,15 @@ netdev_tx_t mlx4_en_xmit(struct sk_buff *skb, struct net_device *dev) - ring->tx_csum++; - } - -- /* Copy dst mac address to wqe */ -- ethh = (struct ethhdr *)skb->data; -- tx_desc->ctrl.srcrb_flags16[0] = get_unaligned((__be16 *)ethh->h_dest); -- tx_desc->ctrl.imm = get_unaligned((__be32 *)(ethh->h_dest + 2)); -+ if (mlx4_is_mfunc(mdev->dev) || priv->validate_loopback) { -+ /* Copy dst mac address to wqe. This allows loopback in eSwitch, -+ * so that VFs and PF can communicate with each other -+ */ -+ ethh = (struct ethhdr *)skb->data; -+ tx_desc->ctrl.srcrb_flags16[0] = get_unaligned((__be16 *)ethh->h_dest); -+ tx_desc->ctrl.imm = get_unaligned((__be32 *)(ethh->h_dest + 2)); -+ } -+ - /* Handle LSO (TSO) packets */ - if (lso_header_size) { - /* Mark opcode as LSO */ -diff --git a/drivers/net/ethernet/mellanox/mlx4/main.c b/drivers/net/ethernet/mellanox/mlx4/main.c -index 2f816c6..8ca1ed8 100644 ---- a/drivers/net/ethernet/mellanox/mlx4/main.c -+++ b/drivers/net/ethernet/mellanox/mlx4/main.c -@@ -1630,15 +1630,8 @@ static void mlx4_enable_msi_x(struct mlx4_dev *dev) - int i; - - if (msi_x) { -- /* In multifunction mode each function gets 2 msi-X vectors -- * one for data path completions anf the other for asynch events -- * or command completions */ -- if (mlx4_is_mfunc(dev)) { -- nreq = 2; -- } else { -- nreq = min_t(int, dev->caps.num_eqs - -- dev->caps.reserved_eqs, nreq); -- } -+ nreq = min_t(int, dev->caps.num_eqs - dev->caps.reserved_eqs, -+ nreq); - - entries = kcalloc(nreq, sizeof *entries, GFP_KERNEL); - if (!entries) -diff --git a/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c b/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c -index bc165f4..695667d 100644 ---- a/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c -+++ b/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c -@@ -144,7 +144,7 @@ void netxen_release_tx_buffers(struct netxen_adapter *adapter) - buffrag->length, PCI_DMA_TODEVICE); - buffrag->dma = 0ULL; - } -- for (j = 0; j < cmd_buf->frag_count; j++) { -+ for (j = 1; j < cmd_buf->frag_count; j++) { - buffrag++; - if (buffrag->dma) { - pci_unmap_page(adapter->pdev, buffrag->dma, -diff --git a/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c b/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c -index a77c558..d6a8218 100644 ---- a/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c -+++ b/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c -@@ -1963,10 +1963,12 @@ unwind: - while (--i >= 0) { - nf = &pbuf->frag_array[i+1]; - pci_unmap_page(pdev, nf->dma, nf->length, PCI_DMA_TODEVICE); -+ nf->dma = 0ULL; - } - - nf = &pbuf->frag_array[0]; - pci_unmap_single(pdev, nf->dma, skb_headlen(skb), PCI_DMA_TODEVICE); -+ nf->dma = 0ULL; - - out_err: - return -ENOMEM; -diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index df7bbba..6c1c396 100644 ---- a/drivers/net/ethernet/realtek/r8169.c -+++ b/drivers/net/ethernet/realtek/r8169.c -@@ -6088,13 +6088,6 @@ process_pkt: - tp->rx_stats.bytes += pkt_size; - u64_stats_update_end(&tp->rx_stats.syncp); - } -- -- /* Work around for AMD plateform. */ -- if ((desc->opts2 & cpu_to_le32(0xfffe000)) && -- (tp->mac_version == RTL_GIGA_MAC_VER_05)) { -- desc->opts2 = 0; -- cur_rx++; -- } - } - - count = cur_rx - tp->cur_rx; -diff --git a/drivers/net/ethernet/via/via-rhine.c b/drivers/net/ethernet/via/via-rhine.c -index 0459c09..046526e0 100644 ---- a/drivers/net/ethernet/via/via-rhine.c -+++ b/drivers/net/ethernet/via/via-rhine.c -@@ -1802,7 +1802,7 @@ static void rhine_tx(struct net_device *dev) - rp->tx_skbuff[entry]->len, - PCI_DMA_TODEVICE); - } -- dev_kfree_skb_irq(rp->tx_skbuff[entry]); -+ dev_kfree_skb(rp->tx_skbuff[entry]); - rp->tx_skbuff[entry] = NULL; - entry = (++rp->dirty_tx) % TX_RING_SIZE; - } -@@ -2011,11 +2011,7 @@ static void rhine_slow_event_task(struct work_struct *work) - if (intr_status & IntrPCIErr) - netif_warn(rp, hw, dev, "PCI error\n"); - -- napi_disable(&rp->napi); -- rhine_irq_disable(rp); -- /* Slow and safe. Consider __napi_schedule as a replacement ? */ -- napi_enable(&rp->napi); -- napi_schedule(&rp->napi); -+ iowrite16(RHINE_EVENT & 0xffff, rp->base + IntrEnable); - - out_unlock: - mutex_unlock(&rp->task_lock); -diff --git a/drivers/net/loopback.c b/drivers/net/loopback.c -index e2a06fd..ba61c33 100644 ---- a/drivers/net/loopback.c -+++ b/drivers/net/loopback.c -@@ -77,6 +77,11 @@ static netdev_tx_t loopback_xmit(struct sk_buff *skb, - - skb_orphan(skb); - -+ /* Before queueing this packet to netif_rx(), -+ * make sure dst is refcounted. -+ */ -+ skb_dst_force(skb); -+ - skb->protocol = eth_type_trans(skb, dev); - - /* it's OK to use per_cpu_ptr() because BHs are off */ -diff --git a/drivers/net/wimax/i2400m/i2400m-usb.h b/drivers/net/wimax/i2400m/i2400m-usb.h -index 6650fde..9f1e947 100644 ---- a/drivers/net/wimax/i2400m/i2400m-usb.h -+++ b/drivers/net/wimax/i2400m/i2400m-usb.h -@@ -152,6 +152,9 @@ enum { - /* Device IDs */ - USB_DEVICE_ID_I6050 = 0x0186, - USB_DEVICE_ID_I6050_2 = 0x0188, -+ USB_DEVICE_ID_I6150 = 0x07d6, -+ USB_DEVICE_ID_I6150_2 = 0x07d7, -+ USB_DEVICE_ID_I6150_3 = 0x07d9, - USB_DEVICE_ID_I6250 = 0x0187, - }; - -diff --git a/drivers/net/wimax/i2400m/usb.c b/drivers/net/wimax/i2400m/usb.c -index 713d033..080f363 100644 ---- a/drivers/net/wimax/i2400m/usb.c -+++ b/drivers/net/wimax/i2400m/usb.c -@@ -510,6 +510,9 @@ int i2400mu_probe(struct usb_interface *iface, - switch (id->idProduct) { - case USB_DEVICE_ID_I6050: - case USB_DEVICE_ID_I6050_2: -+ case USB_DEVICE_ID_I6150: -+ case USB_DEVICE_ID_I6150_2: -+ case USB_DEVICE_ID_I6150_3: - case USB_DEVICE_ID_I6250: - i2400mu->i6050 = 1; - break; -@@ -759,6 +762,9 @@ static - struct usb_device_id i2400mu_id_table[] = { - { USB_DEVICE(0x8086, USB_DEVICE_ID_I6050) }, - { USB_DEVICE(0x8086, USB_DEVICE_ID_I6050_2) }, -+ { USB_DEVICE(0x8087, USB_DEVICE_ID_I6150) }, -+ { USB_DEVICE(0x8087, USB_DEVICE_ID_I6150_2) }, -+ { USB_DEVICE(0x8087, USB_DEVICE_ID_I6150_3) }, - { USB_DEVICE(0x8086, USB_DEVICE_ID_I6250) }, - { USB_DEVICE(0x8086, 0x0181) }, - { USB_DEVICE(0x8086, 0x1403) }, -diff --git a/drivers/net/wireless/ath/ath5k/base.c b/drivers/net/wireless/ath/ath5k/base.c -index 2aab20e..68a4046 100644 ---- a/drivers/net/wireless/ath/ath5k/base.c -+++ b/drivers/net/wireless/ath/ath5k/base.c -@@ -848,7 +848,7 @@ ath5k_txbuf_free_skb(struct ath5k_hw *ah, struct ath5k_buf *bf) - return; - dma_unmap_single(ah->dev, bf->skbaddr, bf->skb->len, - DMA_TO_DEVICE); -- dev_kfree_skb_any(bf->skb); -+ ieee80211_free_txskb(ah->hw, bf->skb); - bf->skb = NULL; - bf->skbaddr = 0; - bf->desc->ds_data = 0; -@@ -1575,7 +1575,7 @@ ath5k_tx_queue(struct ieee80211_hw *hw, struct sk_buff *skb, - return; - - drop_packet: -- dev_kfree_skb_any(skb); -+ ieee80211_free_txskb(hw, skb); - } - - static void -diff --git a/drivers/net/wireless/ath/ath5k/mac80211-ops.c b/drivers/net/wireless/ath/ath5k/mac80211-ops.c -index d56453e..b010a77 100644 ---- a/drivers/net/wireless/ath/ath5k/mac80211-ops.c -+++ b/drivers/net/wireless/ath/ath5k/mac80211-ops.c -@@ -61,7 +61,7 @@ ath5k_tx(struct ieee80211_hw *hw, struct sk_buff *skb) - u16 qnum = skb_get_queue_mapping(skb); - - if (WARN_ON(qnum >= ah->ah_capabilities.cap_queues.q_tx_num)) { -- dev_kfree_skb_any(skb); -+ ieee80211_free_txskb(hw, skb); - return; - } - -diff --git a/drivers/net/wireless/ath/ath9k/ar9003_2p2_initvals.h b/drivers/net/wireless/ath/ath9k/ar9003_2p2_initvals.h -index 6f7cf49..262e1e0 100644 ---- a/drivers/net/wireless/ath/ath9k/ar9003_2p2_initvals.h -+++ b/drivers/net/wireless/ath/ath9k/ar9003_2p2_initvals.h -@@ -534,98 +534,98 @@ static const u32 ar9300_2p2_baseband_core[][2] = { - - static const u32 ar9300Modes_high_power_tx_gain_table_2p2[][5] = { - /* Addr 5G_HT20 5G_HT40 2G_HT40 2G_HT20 */ -- {0x0000a2dc, 0x00033800, 0x00033800, 0x03aaa352, 0x03aaa352}, -- {0x0000a2e0, 0x0003c000, 0x0003c000, 0x03ccc584, 0x03ccc584}, -- {0x0000a2e4, 0x03fc0000, 0x03fc0000, 0x03f0f800, 0x03f0f800}, -+ {0x0000a2dc, 0x0380c7fc, 0x0380c7fc, 0x03aaa352, 0x03aaa352}, -+ {0x0000a2e0, 0x0000f800, 0x0000f800, 0x03ccc584, 0x03ccc584}, -+ {0x0000a2e4, 0x03ff0000, 0x03ff0000, 0x03f0f800, 0x03f0f800}, - {0x0000a2e8, 0x00000000, 0x00000000, 0x03ff0000, 0x03ff0000}, -- {0x0000a410, 0x000050d9, 0x000050d9, 0x000050d9, 0x000050d9}, -- {0x0000a500, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, -- {0x0000a504, 0x06000003, 0x06000003, 0x04000002, 0x04000002}, -- {0x0000a508, 0x0a000020, 0x0a000020, 0x08000004, 0x08000004}, -- {0x0000a50c, 0x10000023, 0x10000023, 0x0b000200, 0x0b000200}, -- {0x0000a510, 0x16000220, 0x16000220, 0x0f000202, 0x0f000202}, -- {0x0000a514, 0x1c000223, 0x1c000223, 0x12000400, 0x12000400}, -- {0x0000a518, 0x21002220, 0x21002220, 0x16000402, 0x16000402}, -- {0x0000a51c, 0x27002223, 0x27002223, 0x19000404, 0x19000404}, -- {0x0000a520, 0x2b022220, 0x2b022220, 0x1c000603, 0x1c000603}, -- {0x0000a524, 0x2f022222, 0x2f022222, 0x21000a02, 0x21000a02}, -- {0x0000a528, 0x34022225, 0x34022225, 0x25000a04, 0x25000a04}, -- {0x0000a52c, 0x3a02222a, 0x3a02222a, 0x28000a20, 0x28000a20}, -- {0x0000a530, 0x3e02222c, 0x3e02222c, 0x2c000e20, 0x2c000e20}, -- {0x0000a534, 0x4202242a, 0x4202242a, 0x30000e22, 0x30000e22}, -- {0x0000a538, 0x4702244a, 0x4702244a, 0x34000e24, 0x34000e24}, -- {0x0000a53c, 0x4b02244c, 0x4b02244c, 0x38001640, 0x38001640}, -- {0x0000a540, 0x4e02246c, 0x4e02246c, 0x3c001660, 0x3c001660}, -- {0x0000a544, 0x52022470, 0x52022470, 0x3f001861, 0x3f001861}, -- {0x0000a548, 0x55022490, 0x55022490, 0x43001a81, 0x43001a81}, -- {0x0000a54c, 0x59022492, 0x59022492, 0x47001a83, 0x47001a83}, -- {0x0000a550, 0x5d022692, 0x5d022692, 0x4a001c84, 0x4a001c84}, -- {0x0000a554, 0x61022892, 0x61022892, 0x4e001ce3, 0x4e001ce3}, -- {0x0000a558, 0x65024890, 0x65024890, 0x52001ce5, 0x52001ce5}, -- {0x0000a55c, 0x69024892, 0x69024892, 0x56001ce9, 0x56001ce9}, -- {0x0000a560, 0x6e024c92, 0x6e024c92, 0x5a001ceb, 0x5a001ceb}, -- {0x0000a564, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec}, -- {0x0000a568, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec}, -- {0x0000a56c, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec}, -- {0x0000a570, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec}, -- {0x0000a574, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec}, -- {0x0000a578, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec}, -- {0x0000a57c, 0x74026e92, 0x74026e92, 0x5d001eec, 0x5d001eec}, -- {0x0000a580, 0x00800000, 0x00800000, 0x00800000, 0x00800000}, -- {0x0000a584, 0x06800003, 0x06800003, 0x04800002, 0x04800002}, -- {0x0000a588, 0x0a800020, 0x0a800020, 0x08800004, 0x08800004}, -- {0x0000a58c, 0x10800023, 0x10800023, 0x0b800200, 0x0b800200}, -- {0x0000a590, 0x16800220, 0x16800220, 0x0f800202, 0x0f800202}, -- {0x0000a594, 0x1c800223, 0x1c800223, 0x12800400, 0x12800400}, -- {0x0000a598, 0x21802220, 0x21802220, 0x16800402, 0x16800402}, -- {0x0000a59c, 0x27802223, 0x27802223, 0x19800404, 0x19800404}, -- {0x0000a5a0, 0x2b822220, 0x2b822220, 0x1c800603, 0x1c800603}, -- {0x0000a5a4, 0x2f822222, 0x2f822222, 0x21800a02, 0x21800a02}, -- {0x0000a5a8, 0x34822225, 0x34822225, 0x25800a04, 0x25800a04}, -- {0x0000a5ac, 0x3a82222a, 0x3a82222a, 0x28800a20, 0x28800a20}, -- {0x0000a5b0, 0x3e82222c, 0x3e82222c, 0x2c800e20, 0x2c800e20}, -- {0x0000a5b4, 0x4282242a, 0x4282242a, 0x30800e22, 0x30800e22}, -- {0x0000a5b8, 0x4782244a, 0x4782244a, 0x34800e24, 0x34800e24}, -- {0x0000a5bc, 0x4b82244c, 0x4b82244c, 0x38801640, 0x38801640}, -- {0x0000a5c0, 0x4e82246c, 0x4e82246c, 0x3c801660, 0x3c801660}, -- {0x0000a5c4, 0x52822470, 0x52822470, 0x3f801861, 0x3f801861}, -- {0x0000a5c8, 0x55822490, 0x55822490, 0x43801a81, 0x43801a81}, -- {0x0000a5cc, 0x59822492, 0x59822492, 0x47801a83, 0x47801a83}, -- {0x0000a5d0, 0x5d822692, 0x5d822692, 0x4a801c84, 0x4a801c84}, -- {0x0000a5d4, 0x61822892, 0x61822892, 0x4e801ce3, 0x4e801ce3}, -- {0x0000a5d8, 0x65824890, 0x65824890, 0x52801ce5, 0x52801ce5}, -- {0x0000a5dc, 0x69824892, 0x69824892, 0x56801ce9, 0x56801ce9}, -- {0x0000a5e0, 0x6e824c92, 0x6e824c92, 0x5a801ceb, 0x5a801ceb}, -- {0x0000a5e4, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec}, -- {0x0000a5e8, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec}, -- {0x0000a5ec, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec}, -- {0x0000a5f0, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec}, -- {0x0000a5f4, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec}, -- {0x0000a5f8, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec}, -- {0x0000a5fc, 0x74826e92, 0x74826e92, 0x5d801eec, 0x5d801eec}, -+ {0x0000a410, 0x000050d8, 0x000050d8, 0x000050d9, 0x000050d9}, -+ {0x0000a500, 0x00002220, 0x00002220, 0x00000000, 0x00000000}, -+ {0x0000a504, 0x04002222, 0x04002222, 0x04000002, 0x04000002}, -+ {0x0000a508, 0x09002421, 0x09002421, 0x08000004, 0x08000004}, -+ {0x0000a50c, 0x0d002621, 0x0d002621, 0x0b000200, 0x0b000200}, -+ {0x0000a510, 0x13004620, 0x13004620, 0x0f000202, 0x0f000202}, -+ {0x0000a514, 0x19004a20, 0x19004a20, 0x11000400, 0x11000400}, -+ {0x0000a518, 0x1d004e20, 0x1d004e20, 0x15000402, 0x15000402}, -+ {0x0000a51c, 0x21005420, 0x21005420, 0x19000404, 0x19000404}, -+ {0x0000a520, 0x26005e20, 0x26005e20, 0x1b000603, 0x1b000603}, -+ {0x0000a524, 0x2b005e40, 0x2b005e40, 0x1f000a02, 0x1f000a02}, -+ {0x0000a528, 0x2f005e42, 0x2f005e42, 0x23000a04, 0x23000a04}, -+ {0x0000a52c, 0x33005e44, 0x33005e44, 0x26000a20, 0x26000a20}, -+ {0x0000a530, 0x38005e65, 0x38005e65, 0x2a000e20, 0x2a000e20}, -+ {0x0000a534, 0x3c005e69, 0x3c005e69, 0x2e000e22, 0x2e000e22}, -+ {0x0000a538, 0x40005e6b, 0x40005e6b, 0x31000e24, 0x31000e24}, -+ {0x0000a53c, 0x44005e6d, 0x44005e6d, 0x34001640, 0x34001640}, -+ {0x0000a540, 0x49005e72, 0x49005e72, 0x38001660, 0x38001660}, -+ {0x0000a544, 0x4e005eb2, 0x4e005eb2, 0x3b001861, 0x3b001861}, -+ {0x0000a548, 0x53005f12, 0x53005f12, 0x3e001a81, 0x3e001a81}, -+ {0x0000a54c, 0x59025eb2, 0x59025eb2, 0x42001a83, 0x42001a83}, -+ {0x0000a550, 0x5e025f12, 0x5e025f12, 0x44001c84, 0x44001c84}, -+ {0x0000a554, 0x61027f12, 0x61027f12, 0x48001ce3, 0x48001ce3}, -+ {0x0000a558, 0x6702bf12, 0x6702bf12, 0x4c001ce5, 0x4c001ce5}, -+ {0x0000a55c, 0x6b02bf14, 0x6b02bf14, 0x50001ce9, 0x50001ce9}, -+ {0x0000a560, 0x6f02bf16, 0x6f02bf16, 0x54001ceb, 0x54001ceb}, -+ {0x0000a564, 0x6f02bf16, 0x6f02bf16, 0x56001eec, 0x56001eec}, -+ {0x0000a568, 0x6f02bf16, 0x6f02bf16, 0x56001eec, 0x56001eec}, -+ {0x0000a56c, 0x6f02bf16, 0x6f02bf16, 0x56001eec, 0x56001eec}, -+ {0x0000a570, 0x6f02bf16, 0x6f02bf16, 0x56001eec, 0x56001eec}, -+ {0x0000a574, 0x6f02bf16, 0x6f02bf16, 0x56001eec, 0x56001eec}, -+ {0x0000a578, 0x6f02bf16, 0x6f02bf16, 0x56001eec, 0x56001eec}, -+ {0x0000a57c, 0x6f02bf16, 0x6f02bf16, 0x56001eec, 0x56001eec}, -+ {0x0000a580, 0x00802220, 0x00802220, 0x00800000, 0x00800000}, -+ {0x0000a584, 0x04802222, 0x04802222, 0x04800002, 0x04800002}, -+ {0x0000a588, 0x09802421, 0x09802421, 0x08800004, 0x08800004}, -+ {0x0000a58c, 0x0d802621, 0x0d802621, 0x0b800200, 0x0b800200}, -+ {0x0000a590, 0x13804620, 0x13804620, 0x0f800202, 0x0f800202}, -+ {0x0000a594, 0x19804a20, 0x19804a20, 0x11800400, 0x11800400}, -+ {0x0000a598, 0x1d804e20, 0x1d804e20, 0x15800402, 0x15800402}, -+ {0x0000a59c, 0x21805420, 0x21805420, 0x19800404, 0x19800404}, -+ {0x0000a5a0, 0x26805e20, 0x26805e20, 0x1b800603, 0x1b800603}, -+ {0x0000a5a4, 0x2b805e40, 0x2b805e40, 0x1f800a02, 0x1f800a02}, -+ {0x0000a5a8, 0x2f805e42, 0x2f805e42, 0x23800a04, 0x23800a04}, -+ {0x0000a5ac, 0x33805e44, 0x33805e44, 0x26800a20, 0x26800a20}, -+ {0x0000a5b0, 0x38805e65, 0x38805e65, 0x2a800e20, 0x2a800e20}, -+ {0x0000a5b4, 0x3c805e69, 0x3c805e69, 0x2e800e22, 0x2e800e22}, -+ {0x0000a5b8, 0x40805e6b, 0x40805e6b, 0x31800e24, 0x31800e24}, -+ {0x0000a5bc, 0x44805e6d, 0x44805e6d, 0x34801640, 0x34801640}, -+ {0x0000a5c0, 0x49805e72, 0x49805e72, 0x38801660, 0x38801660}, -+ {0x0000a5c4, 0x4e805eb2, 0x4e805eb2, 0x3b801861, 0x3b801861}, -+ {0x0000a5c8, 0x53805f12, 0x53805f12, 0x3e801a81, 0x3e801a81}, -+ {0x0000a5cc, 0x59825eb2, 0x59825eb2, 0x42801a83, 0x42801a83}, -+ {0x0000a5d0, 0x5e825f12, 0x5e825f12, 0x44801c84, 0x44801c84}, -+ {0x0000a5d4, 0x61827f12, 0x61827f12, 0x48801ce3, 0x48801ce3}, -+ {0x0000a5d8, 0x6782bf12, 0x6782bf12, 0x4c801ce5, 0x4c801ce5}, -+ {0x0000a5dc, 0x6b82bf14, 0x6b82bf14, 0x50801ce9, 0x50801ce9}, -+ {0x0000a5e0, 0x6f82bf16, 0x6f82bf16, 0x54801ceb, 0x54801ceb}, -+ {0x0000a5e4, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec}, -+ {0x0000a5e8, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec}, -+ {0x0000a5ec, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec}, -+ {0x0000a5f0, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec}, -+ {0x0000a5f4, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec}, -+ {0x0000a5f8, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec}, -+ {0x0000a5fc, 0x6f82bf16, 0x6f82bf16, 0x56801eec, 0x56801eec}, - {0x0000a600, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, - {0x0000a604, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, - {0x0000a608, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, - {0x0000a60c, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, -- {0x0000a610, 0x00000000, 0x00000000, 0x00000000, 0x00000000}, -- {0x0000a614, 0x02004000, 0x02004000, 0x01404000, 0x01404000}, -- {0x0000a618, 0x02004801, 0x02004801, 0x01404501, 0x01404501}, -- {0x0000a61c, 0x02808a02, 0x02808a02, 0x02008501, 0x02008501}, -- {0x0000a620, 0x0380ce03, 0x0380ce03, 0x0280ca03, 0x0280ca03}, -- {0x0000a624, 0x04411104, 0x04411104, 0x03010c04, 0x03010c04}, -- {0x0000a628, 0x04411104, 0x04411104, 0x04014c04, 0x04014c04}, -- {0x0000a62c, 0x04411104, 0x04411104, 0x04015005, 0x04015005}, -- {0x0000a630, 0x04411104, 0x04411104, 0x04015005, 0x04015005}, -- {0x0000a634, 0x04411104, 0x04411104, 0x04015005, 0x04015005}, -- {0x0000a638, 0x04411104, 0x04411104, 0x04015005, 0x04015005}, -- {0x0000a63c, 0x04411104, 0x04411104, 0x04015005, 0x04015005}, -- {0x0000b2dc, 0x00033800, 0x00033800, 0x03aaa352, 0x03aaa352}, -- {0x0000b2e0, 0x0003c000, 0x0003c000, 0x03ccc584, 0x03ccc584}, -- {0x0000b2e4, 0x03fc0000, 0x03fc0000, 0x03f0f800, 0x03f0f800}, -+ {0x0000a610, 0x00804000, 0x00804000, 0x00000000, 0x00000000}, -+ {0x0000a614, 0x00804201, 0x00804201, 0x01404000, 0x01404000}, -+ {0x0000a618, 0x0280c802, 0x0280c802, 0x01404501, 0x01404501}, -+ {0x0000a61c, 0x0280ca03, 0x0280ca03, 0x02008501, 0x02008501}, -+ {0x0000a620, 0x04c15104, 0x04c15104, 0x0280ca03, 0x0280ca03}, -+ {0x0000a624, 0x04c15305, 0x04c15305, 0x03010c04, 0x03010c04}, -+ {0x0000a628, 0x04c15305, 0x04c15305, 0x04014c04, 0x04014c04}, -+ {0x0000a62c, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005}, -+ {0x0000a630, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005}, -+ {0x0000a634, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005}, -+ {0x0000a638, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005}, -+ {0x0000a63c, 0x04c15305, 0x04c15305, 0x04015005, 0x04015005}, -+ {0x0000b2dc, 0x0380c7fc, 0x0380c7fc, 0x03aaa352, 0x03aaa352}, -+ {0x0000b2e0, 0x0000f800, 0x0000f800, 0x03ccc584, 0x03ccc584}, -+ {0x0000b2e4, 0x03ff0000, 0x03ff0000, 0x03f0f800, 0x03f0f800}, - {0x0000b2e8, 0x00000000, 0x00000000, 0x03ff0000, 0x03ff0000}, -- {0x0000c2dc, 0x00033800, 0x00033800, 0x03aaa352, 0x03aaa352}, -- {0x0000c2e0, 0x0003c000, 0x0003c000, 0x03ccc584, 0x03ccc584}, -- {0x0000c2e4, 0x03fc0000, 0x03fc0000, 0x03f0f800, 0x03f0f800}, -+ {0x0000c2dc, 0x0380c7fc, 0x0380c7fc, 0x03aaa352, 0x03aaa352}, -+ {0x0000c2e0, 0x0000f800, 0x0000f800, 0x03ccc584, 0x03ccc584}, -+ {0x0000c2e4, 0x03ff0000, 0x03ff0000, 0x03f0f800, 0x03f0f800}, - {0x0000c2e8, 0x00000000, 0x00000000, 0x03ff0000, 0x03ff0000}, - {0x00016044, 0x012492d4, 0x012492d4, 0x012492d4, 0x012492d4}, - {0x00016048, 0x66480001, 0x66480001, 0x66480001, 0x66480001}, -diff --git a/drivers/net/wireless/ath/ath9k/ar9003_calib.c b/drivers/net/wireless/ath/ath9k/ar9003_calib.c -index 84b558d..678854a 100644 ---- a/drivers/net/wireless/ath/ath9k/ar9003_calib.c -+++ b/drivers/net/wireless/ath/ath9k/ar9003_calib.c -@@ -903,6 +903,8 @@ static bool ar9003_hw_init_cal(struct ath_hw *ah, - AR_PHY_CL_TAB_1, - AR_PHY_CL_TAB_2 }; - -+ ar9003_hw_set_chain_masks(ah, ah->caps.rx_chainmask, ah->caps.tx_chainmask); -+ - if (rtt) { - if (!ar9003_hw_rtt_restore(ah, chan)) - run_rtt_cal = true; -diff --git a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.h b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.h -index 3a1ff55..a633aea 100644 ---- a/drivers/net/wireless/ath/ath9k/ar9003_eeprom.h -+++ b/drivers/net/wireless/ath/ath9k/ar9003_eeprom.h -@@ -68,13 +68,13 @@ - #define AR9300_BASE_ADDR 0x3ff - #define AR9300_BASE_ADDR_512 0x1ff - --#define AR9300_OTP_BASE 0x14000 --#define AR9300_OTP_STATUS 0x15f18 -+#define AR9300_OTP_BASE (AR_SREV_9340(ah) ? 0x30000 : 0x14000) -+#define AR9300_OTP_STATUS (AR_SREV_9340(ah) ? 0x30018 : 0x15f18) - #define AR9300_OTP_STATUS_TYPE 0x7 - #define AR9300_OTP_STATUS_VALID 0x4 - #define AR9300_OTP_STATUS_ACCESS_BUSY 0x2 - #define AR9300_OTP_STATUS_SM_BUSY 0x1 --#define AR9300_OTP_READ_DATA 0x15f1c -+#define AR9300_OTP_READ_DATA (AR_SREV_9340(ah) ? 0x3001c : 0x15f1c) - - enum targetPowerHTRates { - HT_TARGET_RATE_0_8_16, -diff --git a/drivers/net/wireless/ath/ath9k/ar9003_phy.c b/drivers/net/wireless/ath/ath9k/ar9003_phy.c -index e476f9f..6b23a50 100644 ---- a/drivers/net/wireless/ath/ath9k/ar9003_phy.c -+++ b/drivers/net/wireless/ath/ath9k/ar9003_phy.c -@@ -533,7 +533,7 @@ static void ar9003_hw_init_bb(struct ath_hw *ah, - ath9k_hw_synth_delay(ah, chan, synthDelay); - } - --static void ar9003_hw_set_chain_masks(struct ath_hw *ah, u8 rx, u8 tx) -+void ar9003_hw_set_chain_masks(struct ath_hw *ah, u8 rx, u8 tx) - { - switch (rx) { - case 0x5: -diff --git a/drivers/net/wireless/ath/ath9k/beacon.c b/drivers/net/wireless/ath/ath9k/beacon.c -index 1b48414..4527d0d 100644 ---- a/drivers/net/wireless/ath/ath9k/beacon.c -+++ b/drivers/net/wireless/ath/ath9k/beacon.c -@@ -147,6 +147,7 @@ static struct ath_buf *ath9k_beacon_generate(struct ieee80211_hw *hw, - skb->len, DMA_TO_DEVICE); - dev_kfree_skb_any(skb); - bf->bf_buf_addr = 0; -+ bf->bf_mpdu = NULL; - } - - skb = ieee80211_beacon_get(hw, vif); -diff --git a/drivers/net/wireless/ath/ath9k/calib.c b/drivers/net/wireless/ath/ath9k/calib.c -index e5cceb0..bbd249d 100644 ---- a/drivers/net/wireless/ath/ath9k/calib.c -+++ b/drivers/net/wireless/ath/ath9k/calib.c -@@ -69,6 +69,7 @@ s16 ath9k_hw_getchan_noise(struct ath_hw *ah, struct ath9k_channel *chan) - - if (chan && chan->noisefloor) { - s8 delta = chan->noisefloor - -+ ATH9K_NF_CAL_NOISE_THRESH - - ath9k_hw_get_default_nf(ah, chan); - if (delta > 0) - noise += delta; -diff --git a/drivers/net/wireless/ath/ath9k/calib.h b/drivers/net/wireless/ath/ath9k/calib.h -index 1060c19..60dcb6c 100644 ---- a/drivers/net/wireless/ath/ath9k/calib.h -+++ b/drivers/net/wireless/ath/ath9k/calib.h -@@ -21,6 +21,9 @@ - - #define AR_PHY_CCA_FILTERWINDOW_LENGTH 5 - -+/* Internal noise floor can vary by about 6db depending on the frequency */ -+#define ATH9K_NF_CAL_NOISE_THRESH 6 -+ - #define NUM_NF_READINGS 6 - #define ATH9K_NF_CAL_HIST_MAX 5 - -diff --git a/drivers/net/wireless/ath/ath9k/htc_hst.c b/drivers/net/wireless/ath/ath9k/htc_hst.c -index 4a9570d..aac4a40 100644 ---- a/drivers/net/wireless/ath/ath9k/htc_hst.c -+++ b/drivers/net/wireless/ath/ath9k/htc_hst.c -@@ -344,6 +344,8 @@ void ath9k_htc_txcompletion_cb(struct htc_target *htc_handle, - endpoint->ep_callbacks.tx(endpoint->ep_callbacks.priv, - skb, htc_hdr->endpoint_id, - txok); -+ } else { -+ kfree_skb(skb); - } - } - -diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h -index de6968f..c59edc7 100644 ---- a/drivers/net/wireless/ath/ath9k/hw.h -+++ b/drivers/net/wireless/ath/ath9k/hw.h -@@ -1060,6 +1060,7 @@ int ar9003_paprd_create_curve(struct ath_hw *ah, - int ar9003_paprd_setup_gain_table(struct ath_hw *ah, int chain); - int ar9003_paprd_init_table(struct ath_hw *ah); - bool ar9003_paprd_is_done(struct ath_hw *ah); -+void ar9003_hw_set_chain_masks(struct ath_hw *ah, u8 rx, u8 tx); - - /* Hardware family op attach helpers */ - void ar5008_hw_attach_phy_ops(struct ath_hw *ah); -diff --git a/drivers/net/wireless/ath/ath9k/recv.c b/drivers/net/wireless/ath/ath9k/recv.c -index 4480c0c..6b12d48 100644 ---- a/drivers/net/wireless/ath/ath9k/recv.c -+++ b/drivers/net/wireless/ath/ath9k/recv.c -@@ -744,6 +744,7 @@ static struct ath_buf *ath_get_next_rx_buf(struct ath_softc *sc, - return NULL; - } - -+ list_del(&bf->list); - if (!bf->bf_mpdu) - return bf; - -@@ -1251,14 +1252,15 @@ requeue_drop_frag: - sc->rx.frag = NULL; - } - requeue: -+ list_add_tail(&bf->list, &sc->rx.rxbuf); -+ if (flush) -+ continue; -+ - if (edma) { -- list_add_tail(&bf->list, &sc->rx.rxbuf); - ath_rx_edma_buf_link(sc, qtype); - } else { -- list_move_tail(&bf->list, &sc->rx.rxbuf); - ath_rx_buf_link(sc, bf); -- if (!flush) -- ath9k_hw_rxena(ah); -+ ath9k_hw_rxena(ah); - } - } while (1); - -diff --git a/drivers/net/wireless/b43/b43.h b/drivers/net/wireless/b43/b43.h -index 7c899fc..ac593ab 100644 ---- a/drivers/net/wireless/b43/b43.h -+++ b/drivers/net/wireless/b43/b43.h -@@ -7,6 +7,7 @@ - #include <linux/hw_random.h> - #include <linux/bcma/bcma.h> - #include <linux/ssb/ssb.h> -+#include <linux/completion.h> - #include <net/mac80211.h> - - #include "debugfs.h" -@@ -718,6 +719,10 @@ enum b43_firmware_file_type { - struct b43_request_fw_context { - /* The device we are requesting the fw for. */ - struct b43_wldev *dev; -+ /* a completion event structure needed if this call is asynchronous */ -+ struct completion fw_load_complete; -+ /* a pointer to the firmware object */ -+ const struct firmware *blob; - /* The type of firmware to request. */ - enum b43_firmware_file_type req_type; - /* Error messages for each firmware type. */ -diff --git a/drivers/net/wireless/b43/dma.c b/drivers/net/wireless/b43/dma.c -index 777cd74..38bc5a7 100644 ---- a/drivers/net/wireless/b43/dma.c -+++ b/drivers/net/wireless/b43/dma.c -@@ -409,7 +409,10 @@ static inline - struct b43_dmadesc_meta *meta) - { - if (meta->skb) { -- dev_kfree_skb_any(meta->skb); -+ if (ring->tx) -+ ieee80211_free_txskb(ring->dev->wl->hw, meta->skb); -+ else -+ dev_kfree_skb_any(meta->skb); - meta->skb = NULL; - } - } -@@ -1454,7 +1457,7 @@ int b43_dma_tx(struct b43_wldev *dev, struct sk_buff *skb) - if (unlikely(err == -ENOKEY)) { - /* Drop this packet, as we don't have the encryption key - * anymore and must not transmit it unencrypted. */ -- dev_kfree_skb_any(skb); -+ ieee80211_free_txskb(dev->wl->hw, skb); - err = 0; - goto out; - } -diff --git a/drivers/net/wireless/b43/dma.h b/drivers/net/wireless/b43/dma.h -index 315b96e..9fdd198 100644 ---- a/drivers/net/wireless/b43/dma.h -+++ b/drivers/net/wireless/b43/dma.h -@@ -169,7 +169,7 @@ struct b43_dmadesc_generic { - - /* DMA engine tuning knobs */ - #define B43_TXRING_SLOTS 256 --#define B43_RXRING_SLOTS 64 -+#define B43_RXRING_SLOTS 256 - #define B43_DMA0_RX_FW598_BUFSIZE (B43_DMA0_RX_FW598_FO + IEEE80211_MAX_FRAME_LEN) - #define B43_DMA0_RX_FW351_BUFSIZE (B43_DMA0_RX_FW351_FO + IEEE80211_MAX_FRAME_LEN) - -diff --git a/drivers/net/wireless/b43/main.c b/drivers/net/wireless/b43/main.c -index 46d9d4e..b70bc2d 100644 ---- a/drivers/net/wireless/b43/main.c -+++ b/drivers/net/wireless/b43/main.c -@@ -2088,11 +2088,18 @@ static void b43_print_fw_helptext(struct b43_wl *wl, bool error) - b43warn(wl, text); - } - -+static void b43_fw_cb(const struct firmware *firmware, void *context) -+{ -+ struct b43_request_fw_context *ctx = context; -+ -+ ctx->blob = firmware; -+ complete(&ctx->fw_load_complete); -+} -+ - int b43_do_request_fw(struct b43_request_fw_context *ctx, - const char *name, -- struct b43_firmware_file *fw) -+ struct b43_firmware_file *fw, bool async) - { -- const struct firmware *blob; - struct b43_fw_header *hdr; - u32 size; - int err; -@@ -2131,11 +2138,31 @@ int b43_do_request_fw(struct b43_request_fw_context *ctx, - B43_WARN_ON(1); - return -ENOSYS; - } -- err = request_firmware(&blob, ctx->fwname, ctx->dev->dev->dev); -+ if (async) { -+ /* do this part asynchronously */ -+ init_completion(&ctx->fw_load_complete); -+ err = request_firmware_nowait(THIS_MODULE, 1, ctx->fwname, -+ ctx->dev->dev->dev, GFP_KERNEL, -+ ctx, b43_fw_cb); -+ if (err < 0) { -+ pr_err("Unable to load firmware\n"); -+ return err; -+ } -+ /* stall here until fw ready */ -+ wait_for_completion(&ctx->fw_load_complete); -+ if (ctx->blob) -+ goto fw_ready; -+ /* On some ARM systems, the async request will fail, but the next sync -+ * request works. For this reason, we dall through here -+ */ -+ } -+ err = request_firmware(&ctx->blob, ctx->fwname, -+ ctx->dev->dev->dev); - if (err == -ENOENT) { - snprintf(ctx->errors[ctx->req_type], - sizeof(ctx->errors[ctx->req_type]), -- "Firmware file \"%s\" not found\n", ctx->fwname); -+ "Firmware file \"%s\" not found\n", -+ ctx->fwname); - return err; - } else if (err) { - snprintf(ctx->errors[ctx->req_type], -@@ -2144,14 +2171,15 @@ int b43_do_request_fw(struct b43_request_fw_context *ctx, - ctx->fwname, err); - return err; - } -- if (blob->size < sizeof(struct b43_fw_header)) -+fw_ready: -+ if (ctx->blob->size < sizeof(struct b43_fw_header)) - goto err_format; -- hdr = (struct b43_fw_header *)(blob->data); -+ hdr = (struct b43_fw_header *)(ctx->blob->data); - switch (hdr->type) { - case B43_FW_TYPE_UCODE: - case B43_FW_TYPE_PCM: - size = be32_to_cpu(hdr->size); -- if (size != blob->size - sizeof(struct b43_fw_header)) -+ if (size != ctx->blob->size - sizeof(struct b43_fw_header)) - goto err_format; - /* fallthrough */ - case B43_FW_TYPE_IV: -@@ -2162,7 +2190,7 @@ int b43_do_request_fw(struct b43_request_fw_context *ctx, - goto err_format; - } - -- fw->data = blob; -+ fw->data = ctx->blob; - fw->filename = name; - fw->type = ctx->req_type; - -@@ -2172,7 +2200,7 @@ err_format: - snprintf(ctx->errors[ctx->req_type], - sizeof(ctx->errors[ctx->req_type]), - "Firmware file \"%s\" format error.\n", ctx->fwname); -- release_firmware(blob); -+ release_firmware(ctx->blob); - - return -EPROTO; - } -@@ -2223,7 +2251,7 @@ static int b43_try_request_fw(struct b43_request_fw_context *ctx) - goto err_no_ucode; - } - } -- err = b43_do_request_fw(ctx, filename, &fw->ucode); -+ err = b43_do_request_fw(ctx, filename, &fw->ucode, true); - if (err) - goto err_load; - -@@ -2235,7 +2263,7 @@ static int b43_try_request_fw(struct b43_request_fw_context *ctx) - else - goto err_no_pcm; - fw->pcm_request_failed = false; -- err = b43_do_request_fw(ctx, filename, &fw->pcm); -+ err = b43_do_request_fw(ctx, filename, &fw->pcm, false); - if (err == -ENOENT) { - /* We did not find a PCM file? Not fatal, but - * core rev <= 10 must do without hwcrypto then. */ -@@ -2296,7 +2324,7 @@ static int b43_try_request_fw(struct b43_request_fw_context *ctx) - default: - goto err_no_initvals; - } -- err = b43_do_request_fw(ctx, filename, &fw->initvals); -+ err = b43_do_request_fw(ctx, filename, &fw->initvals, false); - if (err) - goto err_load; - -@@ -2355,7 +2383,7 @@ static int b43_try_request_fw(struct b43_request_fw_context *ctx) - default: - goto err_no_initvals; - } -- err = b43_do_request_fw(ctx, filename, &fw->initvals_band); -+ err = b43_do_request_fw(ctx, filename, &fw->initvals_band, false); - if (err) - goto err_load; - -@@ -3397,7 +3425,7 @@ static void b43_tx_work(struct work_struct *work) - break; - } - if (unlikely(err)) -- dev_kfree_skb(skb); /* Drop it */ -+ ieee80211_free_txskb(wl->hw, skb); - err = 0; - } - -@@ -3418,7 +3446,7 @@ static void b43_op_tx(struct ieee80211_hw *hw, - - if (unlikely(skb->len < 2 + 2 + 6)) { - /* Too short, this can't be a valid frame. */ -- dev_kfree_skb_any(skb); -+ ieee80211_free_txskb(hw, skb); - return; - } - B43_WARN_ON(skb_shinfo(skb)->nr_frags); -@@ -4228,8 +4256,12 @@ redo: - - /* Drain all TX queues. */ - for (queue_num = 0; queue_num < B43_QOS_QUEUE_NUM; queue_num++) { -- while (skb_queue_len(&wl->tx_queue[queue_num])) -- dev_kfree_skb(skb_dequeue(&wl->tx_queue[queue_num])); -+ while (skb_queue_len(&wl->tx_queue[queue_num])) { -+ struct sk_buff *skb; -+ -+ skb = skb_dequeue(&wl->tx_queue[queue_num]); -+ ieee80211_free_txskb(wl->hw, skb); -+ } - } - - b43_mac_suspend(dev); -diff --git a/drivers/net/wireless/b43/main.h b/drivers/net/wireless/b43/main.h -index 8c684cd..abac25e 100644 ---- a/drivers/net/wireless/b43/main.h -+++ b/drivers/net/wireless/b43/main.h -@@ -137,9 +137,8 @@ void b43_mac_phy_clock_set(struct b43_wldev *dev, bool on); - - - struct b43_request_fw_context; --int b43_do_request_fw(struct b43_request_fw_context *ctx, -- const char *name, -- struct b43_firmware_file *fw); -+int b43_do_request_fw(struct b43_request_fw_context *ctx, const char *name, -+ struct b43_firmware_file *fw, bool async); - void b43_do_release_fw(struct b43_firmware_file *fw); - - #endif /* B43_MAIN_H_ */ -diff --git a/drivers/net/wireless/b43/pio.c b/drivers/net/wireless/b43/pio.c -index 3533ab8..a73ff8c 100644 ---- a/drivers/net/wireless/b43/pio.c -+++ b/drivers/net/wireless/b43/pio.c -@@ -196,7 +196,7 @@ static void b43_pio_cancel_tx_packets(struct b43_pio_txqueue *q) - for (i = 0; i < ARRAY_SIZE(q->packets); i++) { - pack = &(q->packets[i]); - if (pack->skb) { -- dev_kfree_skb_any(pack->skb); -+ ieee80211_free_txskb(q->dev->wl->hw, pack->skb); - pack->skb = NULL; - } - } -@@ -552,7 +552,7 @@ int b43_pio_tx(struct b43_wldev *dev, struct sk_buff *skb) - if (unlikely(err == -ENOKEY)) { - /* Drop this packet, as we don't have the encryption key - * anymore and must not transmit it unencrypted. */ -- dev_kfree_skb_any(skb); -+ ieee80211_free_txskb(dev->wl->hw, skb); - err = 0; - goto out; - } -diff --git a/drivers/net/wireless/b43legacy/b43legacy.h b/drivers/net/wireless/b43legacy/b43legacy.h -index a29da67..482476f 100644 ---- a/drivers/net/wireless/b43legacy/b43legacy.h -+++ b/drivers/net/wireless/b43legacy/b43legacy.h -@@ -13,6 +13,7 @@ - - #include <linux/ssb/ssb.h> - #include <linux/ssb/ssb_driver_chipcommon.h> -+#include <linux/completion.h> - - #include <net/mac80211.h> - -@@ -733,6 +734,10 @@ struct b43legacy_wldev { - - /* Firmware data */ - struct b43legacy_firmware fw; -+ const struct firmware *fwp; /* needed to pass fw pointer */ -+ -+ /* completion struct for firmware loading */ -+ struct completion fw_load_complete; - - /* Devicelist in struct b43legacy_wl (all 802.11 cores) */ - struct list_head list; -diff --git a/drivers/net/wireless/b43legacy/main.c b/drivers/net/wireless/b43legacy/main.c -index 0ef08e0..aa87fb7 100644 ---- a/drivers/net/wireless/b43legacy/main.c -+++ b/drivers/net/wireless/b43legacy/main.c -@@ -1513,9 +1513,17 @@ static void b43legacy_print_fw_helptext(struct b43legacy_wl *wl) - "and download the correct firmware (version 3).\n"); - } - -+static void b43legacy_fw_cb(const struct firmware *firmware, void *context) -+{ -+ struct b43legacy_wldev *dev = context; -+ -+ dev->fwp = firmware; -+ complete(&dev->fw_load_complete); -+} -+ - static int do_request_fw(struct b43legacy_wldev *dev, - const char *name, -- const struct firmware **fw) -+ const struct firmware **fw, bool async) - { - char path[sizeof(modparam_fwpostfix) + 32]; - struct b43legacy_fw_header *hdr; -@@ -1528,7 +1536,24 @@ static int do_request_fw(struct b43legacy_wldev *dev, - snprintf(path, ARRAY_SIZE(path), - "b43legacy%s/%s.fw", - modparam_fwpostfix, name); -- err = request_firmware(fw, path, dev->dev->dev); -+ b43legacyinfo(dev->wl, "Loading firmware %s\n", path); -+ if (async) { -+ init_completion(&dev->fw_load_complete); -+ err = request_firmware_nowait(THIS_MODULE, 1, path, -+ dev->dev->dev, GFP_KERNEL, -+ dev, b43legacy_fw_cb); -+ if (err) { -+ b43legacyerr(dev->wl, "Unable to load firmware\n"); -+ return err; -+ } -+ /* stall here until fw ready */ -+ wait_for_completion(&dev->fw_load_complete); -+ if (!dev->fwp) -+ err = -EINVAL; -+ *fw = dev->fwp; -+ } else { -+ err = request_firmware(fw, path, dev->dev->dev); -+ } - if (err) { - b43legacyerr(dev->wl, "Firmware file \"%s\" not found " - "or load failed.\n", path); -@@ -1580,7 +1605,7 @@ static void b43legacy_request_firmware(struct work_struct *work) - filename = "ucode4"; - else - filename = "ucode5"; -- err = do_request_fw(dev, filename, &fw->ucode); -+ err = do_request_fw(dev, filename, &fw->ucode, true); - if (err) - goto err_load; - } -@@ -1589,7 +1614,7 @@ static void b43legacy_request_firmware(struct work_struct *work) - filename = "pcm4"; - else - filename = "pcm5"; -- err = do_request_fw(dev, filename, &fw->pcm); -+ err = do_request_fw(dev, filename, &fw->pcm, false); - if (err) - goto err_load; - } -@@ -1607,7 +1632,7 @@ static void b43legacy_request_firmware(struct work_struct *work) - default: - goto err_no_initvals; - } -- err = do_request_fw(dev, filename, &fw->initvals); -+ err = do_request_fw(dev, filename, &fw->initvals, false); - if (err) - goto err_load; - } -@@ -1627,7 +1652,7 @@ static void b43legacy_request_firmware(struct work_struct *work) - default: - goto err_no_initvals; - } -- err = do_request_fw(dev, filename, &fw->initvals_band); -+ err = do_request_fw(dev, filename, &fw->initvals_band, false); - if (err) - goto err_load; - } -diff --git a/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c b/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c -index a5edebe..c110674 100644 ---- a/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c -+++ b/drivers/net/wireless/brcm80211/brcmsmac/mac80211_if.c -@@ -1394,9 +1394,10 @@ void brcms_add_timer(struct brcms_timer *t, uint ms, int periodic) - #endif - t->ms = ms; - t->periodic = (bool) periodic; -- t->set = true; -- -- atomic_inc(&t->wl->callbacks); -+ if (!t->set) { -+ t->set = true; -+ atomic_inc(&t->wl->callbacks); -+ } - - ieee80211_queue_delayed_work(hw, &t->dly_wrk, msecs_to_jiffies(ms)); - } -diff --git a/drivers/net/wireless/iwlegacy/common.c b/drivers/net/wireless/iwlegacy/common.c -index 0370403..27eccd9 100644 ---- a/drivers/net/wireless/iwlegacy/common.c -+++ b/drivers/net/wireless/iwlegacy/common.c -@@ -3957,17 +3957,21 @@ il_connection_init_rx_config(struct il_priv *il) - - memset(&il->staging, 0, sizeof(il->staging)); - -- if (!il->vif) { -+ switch (il->iw_mode) { -+ case NL80211_IFTYPE_UNSPECIFIED: - il->staging.dev_type = RXON_DEV_TYPE_ESS; -- } else if (il->vif->type == NL80211_IFTYPE_STATION) { -+ break; -+ case NL80211_IFTYPE_STATION: - il->staging.dev_type = RXON_DEV_TYPE_ESS; - il->staging.filter_flags = RXON_FILTER_ACCEPT_GRP_MSK; -- } else if (il->vif->type == NL80211_IFTYPE_ADHOC) { -+ break; -+ case NL80211_IFTYPE_ADHOC: - il->staging.dev_type = RXON_DEV_TYPE_IBSS; - il->staging.flags = RXON_FLG_SHORT_PREAMBLE_MSK; - il->staging.filter_flags = - RXON_FILTER_BCON_AWARE_MSK | RXON_FILTER_ACCEPT_GRP_MSK; -- } else { -+ break; -+ default: - IL_ERR("Unsupported interface type %d\n", il->vif->type); - return; - } -@@ -4550,8 +4554,7 @@ out: - EXPORT_SYMBOL(il_mac_add_interface); - - static void --il_teardown_interface(struct il_priv *il, struct ieee80211_vif *vif, -- bool mode_change) -+il_teardown_interface(struct il_priv *il, struct ieee80211_vif *vif) - { - lockdep_assert_held(&il->mutex); - -@@ -4560,9 +4563,7 @@ il_teardown_interface(struct il_priv *il, struct ieee80211_vif *vif, - il_force_scan_end(il); - } - -- if (!mode_change) -- il_set_mode(il); -- -+ il_set_mode(il); - } - - void -@@ -4575,8 +4576,8 @@ il_mac_remove_interface(struct ieee80211_hw *hw, struct ieee80211_vif *vif) - - WARN_ON(il->vif != vif); - il->vif = NULL; -- -- il_teardown_interface(il, vif, false); -+ il->iw_mode = NL80211_IFTYPE_UNSPECIFIED; -+ il_teardown_interface(il, vif); - memset(il->bssid, 0, ETH_ALEN); - - D_MAC80211("leave\n"); -@@ -4685,18 +4686,10 @@ il_mac_change_interface(struct ieee80211_hw *hw, struct ieee80211_vif *vif, - } - - /* success */ -- il_teardown_interface(il, vif, true); - vif->type = newtype; - vif->p2p = false; -- err = il_set_mode(il); -- WARN_ON(err); -- /* -- * We've switched internally, but submitting to the -- * device may have failed for some reason. Mask this -- * error, because otherwise mac80211 will not switch -- * (and set the interface type back) and we'll be -- * out of sync with it. -- */ -+ il->iw_mode = newtype; -+ il_teardown_interface(il, vif); - err = 0; - - out: -diff --git a/drivers/net/wireless/mwifiex/pcie.c b/drivers/net/wireless/mwifiex/pcie.c -index 13fbc4e..b879e13 100644 ---- a/drivers/net/wireless/mwifiex/pcie.c -+++ b/drivers/net/wireless/mwifiex/pcie.c -@@ -161,7 +161,7 @@ static int mwifiex_pcie_suspend(struct pci_dev *pdev, pm_message_t state) - - if (pdev) { - card = (struct pcie_service_card *) pci_get_drvdata(pdev); -- if (!card || card->adapter) { -+ if (!card || !card->adapter) { - pr_err("Card or adapter structure is not valid\n"); - return 0; - } -diff --git a/drivers/net/wireless/mwifiex/sta_ioctl.c b/drivers/net/wireless/mwifiex/sta_ioctl.c -index fb21360..8951285 100644 ---- a/drivers/net/wireless/mwifiex/sta_ioctl.c -+++ b/drivers/net/wireless/mwifiex/sta_ioctl.c -@@ -53,7 +53,6 @@ int mwifiex_copy_mcast_addr(struct mwifiex_multicast_list *mlist, - */ - int mwifiex_wait_queue_complete(struct mwifiex_adapter *adapter) - { -- bool cancel_flag = false; - int status; - struct cmd_ctrl_node *cmd_queued; - -@@ -67,14 +66,11 @@ int mwifiex_wait_queue_complete(struct mwifiex_adapter *adapter) - atomic_inc(&adapter->cmd_pending); - - /* Wait for completion */ -- wait_event_interruptible(adapter->cmd_wait_q.wait, -- *(cmd_queued->condition)); -- if (!*(cmd_queued->condition)) -- cancel_flag = true; -- -- if (cancel_flag) { -- mwifiex_cancel_pending_ioctl(adapter); -- dev_dbg(adapter->dev, "cmd cancel\n"); -+ status = wait_event_interruptible(adapter->cmd_wait_q.wait, -+ *(cmd_queued->condition)); -+ if (status) { -+ dev_err(adapter->dev, "cmd_wait_q terminated: %d\n", status); -+ return status; - } - - status = adapter->cmd_wait_q.status; -@@ -427,8 +423,11 @@ int mwifiex_enable_hs(struct mwifiex_adapter *adapter) - return false; - } - -- wait_event_interruptible(adapter->hs_activate_wait_q, -- adapter->hs_activate_wait_q_woken); -+ if (wait_event_interruptible(adapter->hs_activate_wait_q, -+ adapter->hs_activate_wait_q_woken)) { -+ dev_err(adapter->dev, "hs_activate_wait_q terminated\n"); -+ return false; -+ } - - return true; - } -diff --git a/drivers/net/wireless/p54/p54usb.c b/drivers/net/wireless/p54/p54usb.c -index effb044..3d4dd4d 100644 ---- a/drivers/net/wireless/p54/p54usb.c -+++ b/drivers/net/wireless/p54/p54usb.c -@@ -47,6 +47,7 @@ static struct usb_device_id p54u_table[] = { - {USB_DEVICE(0x0411, 0x0050)}, /* Buffalo WLI2-USB2-G54 */ - {USB_DEVICE(0x045e, 0x00c2)}, /* Microsoft MN-710 */ - {USB_DEVICE(0x0506, 0x0a11)}, /* 3COM 3CRWE254G72 */ -+ {USB_DEVICE(0x0675, 0x0530)}, /* DrayTek Vigor 530 */ - {USB_DEVICE(0x06b9, 0x0120)}, /* Thomson SpeedTouch 120g */ - {USB_DEVICE(0x0707, 0xee06)}, /* SMC 2862W-G */ - {USB_DEVICE(0x07aa, 0x001c)}, /* Corega CG-WLUSB2GT */ -@@ -82,7 +83,9 @@ static struct usb_device_id p54u_table[] = { - {USB_DEVICE(0x06a9, 0x000e)}, /* Westell 802.11g USB (A90-211WG-01) */ - {USB_DEVICE(0x06b9, 0x0121)}, /* Thomson SpeedTouch 121g */ - {USB_DEVICE(0x0707, 0xee13)}, /* SMC 2862W-G version 2 */ -+ {USB_DEVICE(0x0803, 0x4310)}, /* Zoom 4410a */ - {USB_DEVICE(0x083a, 0x4521)}, /* Siemens Gigaset USB Adapter 54 version 2 */ -+ {USB_DEVICE(0x083a, 0x4531)}, /* T-Com Sinus 154 data II */ - {USB_DEVICE(0x083a, 0xc501)}, /* Zoom Wireless-G 4410 */ - {USB_DEVICE(0x083a, 0xf503)}, /* Accton FD7050E ver 1010ec */ - {USB_DEVICE(0x0846, 0x4240)}, /* Netgear WG111 (v2) */ -@@ -101,6 +104,7 @@ static struct usb_device_id p54u_table[] = { - {USB_DEVICE(0x13B1, 0x000C)}, /* Linksys WUSB54AG */ - {USB_DEVICE(0x1413, 0x5400)}, /* Telsey 802.11g USB2.0 Adapter */ - {USB_DEVICE(0x1435, 0x0427)}, /* Inventel UR054G */ -+ /* {USB_DEVICE(0x15a9, 0x0002)}, * Also SparkLAN WL-682 with 3887 */ - {USB_DEVICE(0x1668, 0x1050)}, /* Actiontec 802UIG-1 */ - {USB_DEVICE(0x1740, 0x1000)}, /* Senao NUB-350 */ - {USB_DEVICE(0x2001, 0x3704)}, /* DLink DWL-G122 rev A2 */ -diff --git a/drivers/net/wireless/rtlwifi/base.c b/drivers/net/wireless/rtlwifi/base.c -index 942e56b..a37df3a 100644 ---- a/drivers/net/wireless/rtlwifi/base.c -+++ b/drivers/net/wireless/rtlwifi/base.c -@@ -980,7 +980,8 @@ u8 rtl_is_special_data(struct ieee80211_hw *hw, struct sk_buff *skb, u8 is_tx) - is_tx ? "Tx" : "Rx"); - - if (is_tx) { -- rtl_lps_leave(hw); -+ schedule_work(&rtlpriv-> -+ works.lps_leave_work); - ppsc->last_delaylps_stamp_jiffies = - jiffies; - } -@@ -990,7 +991,7 @@ u8 rtl_is_special_data(struct ieee80211_hw *hw, struct sk_buff *skb, u8 is_tx) - } - } else if (ETH_P_ARP == ether_type) { - if (is_tx) { -- rtl_lps_leave(hw); -+ schedule_work(&rtlpriv->works.lps_leave_work); - ppsc->last_delaylps_stamp_jiffies = jiffies; - } - -@@ -1000,7 +1001,7 @@ u8 rtl_is_special_data(struct ieee80211_hw *hw, struct sk_buff *skb, u8 is_tx) - "802.1X %s EAPOL pkt!!\n", is_tx ? "Tx" : "Rx"); - - if (is_tx) { -- rtl_lps_leave(hw); -+ schedule_work(&rtlpriv->works.lps_leave_work); - ppsc->last_delaylps_stamp_jiffies = jiffies; - } - -diff --git a/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c b/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c -index b7e6607..6395412 100644 ---- a/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c -+++ b/drivers/net/wireless/rtlwifi/rtl8192cu/sw.c -@@ -285,6 +285,7 @@ static struct usb_device_id rtl8192c_usb_ids[] = { - {RTL_USB_DEVICE(USB_VENDER_ID_REALTEK, 0x817f, rtl92cu_hal_cfg)}, - /* RTL8188CUS-VL */ - {RTL_USB_DEVICE(USB_VENDER_ID_REALTEK, 0x818a, rtl92cu_hal_cfg)}, -+ {RTL_USB_DEVICE(USB_VENDER_ID_REALTEK, 0x819a, rtl92cu_hal_cfg)}, - /* 8188 Combo for BC4 */ - {RTL_USB_DEVICE(USB_VENDER_ID_REALTEK, 0x8754, rtl92cu_hal_cfg)}, - -diff --git a/drivers/net/wireless/rtlwifi/usb.c b/drivers/net/wireless/rtlwifi/usb.c -index aa970fc..6ce8484 100644 ---- a/drivers/net/wireless/rtlwifi/usb.c -+++ b/drivers/net/wireless/rtlwifi/usb.c -@@ -42,8 +42,12 @@ - - static void usbctrl_async_callback(struct urb *urb) - { -- if (urb) -- kfree(urb->context); -+ if (urb) { -+ /* free dr */ -+ kfree(urb->setup_packet); -+ /* free databuf */ -+ kfree(urb->transfer_buffer); -+ } - } - - static int _usbctrl_vendorreq_async_write(struct usb_device *udev, u8 request, -@@ -55,39 +59,47 @@ static int _usbctrl_vendorreq_async_write(struct usb_device *udev, u8 request, - u8 reqtype; - struct usb_ctrlrequest *dr; - struct urb *urb; -- struct rtl819x_async_write_data { -- u8 data[REALTEK_USB_VENQT_MAX_BUF_SIZE]; -- struct usb_ctrlrequest dr; -- } *buf; -+ const u16 databuf_maxlen = REALTEK_USB_VENQT_MAX_BUF_SIZE; -+ u8 *databuf; -+ -+ if (WARN_ON_ONCE(len > databuf_maxlen)) -+ len = databuf_maxlen; - - pipe = usb_sndctrlpipe(udev, 0); /* write_out */ - reqtype = REALTEK_USB_VENQT_WRITE; - -- buf = kmalloc(sizeof(*buf), GFP_ATOMIC); -- if (!buf) -+ dr = kmalloc(sizeof(*dr), GFP_ATOMIC); -+ if (!dr) -+ return -ENOMEM; -+ -+ databuf = kmalloc(databuf_maxlen, GFP_ATOMIC); -+ if (!databuf) { -+ kfree(dr); - return -ENOMEM; -+ } - - urb = usb_alloc_urb(0, GFP_ATOMIC); - if (!urb) { -- kfree(buf); -+ kfree(databuf); -+ kfree(dr); - return -ENOMEM; - } - -- dr = &buf->dr; -- - dr->bRequestType = reqtype; - dr->bRequest = request; - dr->wValue = cpu_to_le16(value); - dr->wIndex = cpu_to_le16(index); - dr->wLength = cpu_to_le16(len); - /* data are already in little-endian order */ -- memcpy(buf, pdata, len); -+ memcpy(databuf, pdata, len); - usb_fill_control_urb(urb, udev, pipe, -- (unsigned char *)dr, buf, len, -- usbctrl_async_callback, buf); -+ (unsigned char *)dr, databuf, len, -+ usbctrl_async_callback, NULL); - rc = usb_submit_urb(urb, GFP_ATOMIC); -- if (rc < 0) -- kfree(buf); -+ if (rc < 0) { -+ kfree(databuf); -+ kfree(dr); -+ } - usb_free_urb(urb); - return rc; - } -@@ -210,17 +222,16 @@ static void _usb_writeN_sync(struct rtl_priv *rtlpriv, u32 addr, void *data, - u16 index = REALTEK_USB_VENQT_CMD_IDX; - int pipe = usb_sndctrlpipe(udev, 0); /* write_out */ - u8 *buffer; -- dma_addr_t dma_addr; - -- wvalue = (u16)(addr&0x0000ffff); -- buffer = usb_alloc_coherent(udev, (size_t)len, GFP_ATOMIC, &dma_addr); -+ wvalue = (u16)(addr & 0x0000ffff); -+ buffer = kmalloc(len, GFP_ATOMIC); - if (!buffer) - return; - memcpy(buffer, data, len); - usb_control_msg(udev, pipe, request, reqtype, wvalue, - index, buffer, len, 50); - -- usb_free_coherent(udev, (size_t)len, buffer, dma_addr); -+ kfree(buffer); - } - - static void _rtl_usb_io_handler_init(struct device *dev, -@@ -543,8 +554,8 @@ static void _rtl_rx_pre_process(struct ieee80211_hw *hw, struct sk_buff *skb) - WARN_ON(skb_queue_empty(&rx_queue)); - while (!skb_queue_empty(&rx_queue)) { - _skb = skb_dequeue(&rx_queue); -- _rtl_usb_rx_process_agg(hw, skb); -- ieee80211_rx_irqsafe(hw, skb); -+ _rtl_usb_rx_process_agg(hw, _skb); -+ ieee80211_rx_irqsafe(hw, _skb); - } - } - -diff --git a/drivers/net/xen-netback/common.h b/drivers/net/xen-netback/common.h -index 94b79c3..9d7f172 100644 ---- a/drivers/net/xen-netback/common.h -+++ b/drivers/net/xen-netback/common.h -@@ -151,6 +151,9 @@ void xen_netbk_queue_tx_skb(struct xenvif *vif, struct sk_buff *skb); - /* Notify xenvif that ring now has space to send an skb to the frontend */ - void xenvif_notify_tx_completion(struct xenvif *vif); - -+/* Prevent the device from generating any further traffic. */ -+void xenvif_carrier_off(struct xenvif *vif); -+ - /* Returns number of ring slots required to send an skb to the frontend */ - unsigned int xen_netbk_count_skb_slots(struct xenvif *vif, struct sk_buff *skb); - -diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c -index b7d41f8..221f426 100644 ---- a/drivers/net/xen-netback/interface.c -+++ b/drivers/net/xen-netback/interface.c -@@ -132,6 +132,7 @@ static void xenvif_up(struct xenvif *vif) - static void xenvif_down(struct xenvif *vif) - { - disable_irq(vif->irq); -+ del_timer_sync(&vif->credit_timeout); - xen_netbk_deschedule_xenvif(vif); - xen_netbk_remove_xenvif(vif); - } -@@ -343,23 +344,26 @@ err: - return err; - } - --void xenvif_disconnect(struct xenvif *vif) -+void xenvif_carrier_off(struct xenvif *vif) - { - struct net_device *dev = vif->dev; -- if (netif_carrier_ok(dev)) { -- rtnl_lock(); -- netif_carrier_off(dev); /* discard queued packets */ -- if (netif_running(dev)) -- xenvif_down(vif); -- rtnl_unlock(); -- xenvif_put(vif); -- } -+ -+ rtnl_lock(); -+ netif_carrier_off(dev); /* discard queued packets */ -+ if (netif_running(dev)) -+ xenvif_down(vif); -+ rtnl_unlock(); -+ xenvif_put(vif); -+} -+ -+void xenvif_disconnect(struct xenvif *vif) -+{ -+ if (netif_carrier_ok(vif->dev)) -+ xenvif_carrier_off(vif); - - atomic_dec(&vif->refcnt); - wait_event(vif->waiting_to_free, atomic_read(&vif->refcnt) == 0); - -- del_timer_sync(&vif->credit_timeout); -- - if (vif->irq) - unbind_from_irqhandler(vif->irq, vif); - -diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c -index 682633b..6aa059e 100644 ---- a/drivers/net/xen-netback/netback.c -+++ b/drivers/net/xen-netback/netback.c -@@ -146,7 +146,8 @@ void xen_netbk_remove_xenvif(struct xenvif *vif) - atomic_dec(&netbk->netfront_count); - } - --static void xen_netbk_idx_release(struct xen_netbk *netbk, u16 pending_idx); -+static void xen_netbk_idx_release(struct xen_netbk *netbk, u16 pending_idx, -+ u8 status); - static void make_tx_response(struct xenvif *vif, - struct xen_netif_tx_request *txp, - s8 st); -@@ -850,7 +851,7 @@ static void netbk_tx_err(struct xenvif *vif, - - do { - make_tx_response(vif, txp, XEN_NETIF_RSP_ERROR); -- if (cons >= end) -+ if (cons == end) - break; - txp = RING_GET_REQUEST(&vif->tx, cons++); - } while (1); -@@ -859,6 +860,13 @@ static void netbk_tx_err(struct xenvif *vif, - xenvif_put(vif); - } - -+static void netbk_fatal_tx_err(struct xenvif *vif) -+{ -+ netdev_err(vif->dev, "fatal error; disabling device\n"); -+ xenvif_carrier_off(vif); -+ xenvif_put(vif); -+} -+ - static int netbk_count_requests(struct xenvif *vif, - struct xen_netif_tx_request *first, - struct xen_netif_tx_request *txp, -@@ -872,29 +880,33 @@ static int netbk_count_requests(struct xenvif *vif, - - do { - if (frags >= work_to_do) { -- netdev_dbg(vif->dev, "Need more frags\n"); -- return -frags; -+ netdev_err(vif->dev, "Need more frags\n"); -+ netbk_fatal_tx_err(vif); -+ return -ENODATA; - } - - if (unlikely(frags >= MAX_SKB_FRAGS)) { -- netdev_dbg(vif->dev, "Too many frags\n"); -- return -frags; -+ netdev_err(vif->dev, "Too many frags\n"); -+ netbk_fatal_tx_err(vif); -+ return -E2BIG; - } - - memcpy(txp, RING_GET_REQUEST(&vif->tx, cons + frags), - sizeof(*txp)); - if (txp->size > first->size) { -- netdev_dbg(vif->dev, "Frags galore\n"); -- return -frags; -+ netdev_err(vif->dev, "Frag is bigger than frame.\n"); -+ netbk_fatal_tx_err(vif); -+ return -EIO; - } - - first->size -= txp->size; - frags++; - - if (unlikely((txp->offset + txp->size) > PAGE_SIZE)) { -- netdev_dbg(vif->dev, "txp->offset: %x, size: %u\n", -+ netdev_err(vif->dev, "txp->offset: %x, size: %u\n", - txp->offset, txp->size); -- return -frags; -+ netbk_fatal_tx_err(vif); -+ return -EINVAL; - } - } while ((txp++)->flags & XEN_NETTXF_more_data); - return frags; -@@ -937,7 +949,7 @@ static struct gnttab_copy *xen_netbk_get_requests(struct xen_netbk *netbk, - pending_idx = netbk->pending_ring[index]; - page = xen_netbk_alloc_page(netbk, skb, pending_idx); - if (!page) -- return NULL; -+ goto err; - - gop->source.u.ref = txp->gref; - gop->source.domid = vif->domid; -@@ -959,6 +971,17 @@ static struct gnttab_copy *xen_netbk_get_requests(struct xen_netbk *netbk, - } - - return gop; -+err: -+ /* Unwind, freeing all pages and sending error responses. */ -+ while (i-- > start) { -+ xen_netbk_idx_release(netbk, frag_get_pending_idx(&frags[i]), -+ XEN_NETIF_RSP_ERROR); -+ } -+ /* The head too, if necessary. */ -+ if (start) -+ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_ERROR); -+ -+ return NULL; - } - - static int xen_netbk_tx_check_gop(struct xen_netbk *netbk, -@@ -967,30 +990,20 @@ static int xen_netbk_tx_check_gop(struct xen_netbk *netbk, - { - struct gnttab_copy *gop = *gopp; - u16 pending_idx = *((u16 *)skb->data); -- struct pending_tx_info *pending_tx_info = netbk->pending_tx_info; -- struct xenvif *vif = pending_tx_info[pending_idx].vif; -- struct xen_netif_tx_request *txp; - struct skb_shared_info *shinfo = skb_shinfo(skb); - int nr_frags = shinfo->nr_frags; - int i, err, start; - - /* Check status of header. */ - err = gop->status; -- if (unlikely(err)) { -- pending_ring_idx_t index; -- index = pending_index(netbk->pending_prod++); -- txp = &pending_tx_info[pending_idx].req; -- make_tx_response(vif, txp, XEN_NETIF_RSP_ERROR); -- netbk->pending_ring[index] = pending_idx; -- xenvif_put(vif); -- } -+ if (unlikely(err)) -+ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_ERROR); - - /* Skip first skb fragment if it is on same page as header fragment. */ - start = (frag_get_pending_idx(&shinfo->frags[0]) == pending_idx); - - for (i = start; i < nr_frags; i++) { - int j, newerr; -- pending_ring_idx_t index; - - pending_idx = frag_get_pending_idx(&shinfo->frags[i]); - -@@ -999,16 +1012,12 @@ static int xen_netbk_tx_check_gop(struct xen_netbk *netbk, - if (likely(!newerr)) { - /* Had a previous error? Invalidate this fragment. */ - if (unlikely(err)) -- xen_netbk_idx_release(netbk, pending_idx); -+ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_OKAY); - continue; - } - - /* Error on this fragment: respond to client with an error. */ -- txp = &netbk->pending_tx_info[pending_idx].req; -- make_tx_response(vif, txp, XEN_NETIF_RSP_ERROR); -- index = pending_index(netbk->pending_prod++); -- netbk->pending_ring[index] = pending_idx; -- xenvif_put(vif); -+ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_ERROR); - - /* Not the first error? Preceding frags already invalidated. */ - if (err) -@@ -1016,10 +1025,10 @@ static int xen_netbk_tx_check_gop(struct xen_netbk *netbk, - - /* First error: invalidate header and preceding fragments. */ - pending_idx = *((u16 *)skb->data); -- xen_netbk_idx_release(netbk, pending_idx); -+ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_OKAY); - for (j = start; j < i; j++) { - pending_idx = frag_get_pending_idx(&shinfo->frags[j]); -- xen_netbk_idx_release(netbk, pending_idx); -+ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_OKAY); - } - - /* Remember the error: invalidate all subsequent fragments. */ -@@ -1053,7 +1062,7 @@ static void xen_netbk_fill_frags(struct xen_netbk *netbk, struct sk_buff *skb) - - /* Take an extra reference to offset xen_netbk_idx_release */ - get_page(netbk->mmap_pages[pending_idx]); -- xen_netbk_idx_release(netbk, pending_idx); -+ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_OKAY); - } - } - -@@ -1066,7 +1075,8 @@ static int xen_netbk_get_extras(struct xenvif *vif, - - do { - if (unlikely(work_to_do-- <= 0)) { -- netdev_dbg(vif->dev, "Missing extra info\n"); -+ netdev_err(vif->dev, "Missing extra info\n"); -+ netbk_fatal_tx_err(vif); - return -EBADR; - } - -@@ -1075,8 +1085,9 @@ static int xen_netbk_get_extras(struct xenvif *vif, - if (unlikely(!extra.type || - extra.type >= XEN_NETIF_EXTRA_TYPE_MAX)) { - vif->tx.req_cons = ++cons; -- netdev_dbg(vif->dev, -+ netdev_err(vif->dev, - "Invalid extra type: %d\n", extra.type); -+ netbk_fatal_tx_err(vif); - return -EINVAL; - } - -@@ -1092,13 +1103,15 @@ static int netbk_set_skb_gso(struct xenvif *vif, - struct xen_netif_extra_info *gso) - { - if (!gso->u.gso.size) { -- netdev_dbg(vif->dev, "GSO size must not be zero.\n"); -+ netdev_err(vif->dev, "GSO size must not be zero.\n"); -+ netbk_fatal_tx_err(vif); - return -EINVAL; - } - - /* Currently only TCPv4 S.O. is supported. */ - if (gso->u.gso.type != XEN_NETIF_GSO_TYPE_TCPV4) { -- netdev_dbg(vif->dev, "Bad GSO type %d.\n", gso->u.gso.type); -+ netdev_err(vif->dev, "Bad GSO type %d.\n", gso->u.gso.type); -+ netbk_fatal_tx_err(vif); - return -EINVAL; - } - -@@ -1235,9 +1248,25 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk) - - /* Get a netif from the list with work to do. */ - vif = poll_net_schedule_list(netbk); -+ /* This can sometimes happen because the test of -+ * list_empty(net_schedule_list) at the top of the -+ * loop is unlocked. Just go back and have another -+ * look. -+ */ - if (!vif) - continue; - -+ if (vif->tx.sring->req_prod - vif->tx.req_cons > -+ XEN_NETIF_TX_RING_SIZE) { -+ netdev_err(vif->dev, -+ "Impossible number of requests. " -+ "req_prod %d, req_cons %d, size %ld\n", -+ vif->tx.sring->req_prod, vif->tx.req_cons, -+ XEN_NETIF_TX_RING_SIZE); -+ netbk_fatal_tx_err(vif); -+ continue; -+ } -+ - RING_FINAL_CHECK_FOR_REQUESTS(&vif->tx, work_to_do); - if (!work_to_do) { - xenvif_put(vif); -@@ -1265,17 +1294,14 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk) - work_to_do = xen_netbk_get_extras(vif, extras, - work_to_do); - idx = vif->tx.req_cons; -- if (unlikely(work_to_do < 0)) { -- netbk_tx_err(vif, &txreq, idx); -+ if (unlikely(work_to_do < 0)) - continue; -- } - } - - ret = netbk_count_requests(vif, &txreq, txfrags, work_to_do); -- if (unlikely(ret < 0)) { -- netbk_tx_err(vif, &txreq, idx - ret); -+ if (unlikely(ret < 0)) - continue; -- } -+ - idx += ret; - - if (unlikely(txreq.size < ETH_HLEN)) { -@@ -1287,11 +1313,11 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk) - - /* No crossing a page as the payload mustn't fragment. */ - if (unlikely((txreq.offset + txreq.size) > PAGE_SIZE)) { -- netdev_dbg(vif->dev, -+ netdev_err(vif->dev, - "txreq.offset: %x, size: %u, end: %lu\n", - txreq.offset, txreq.size, - (txreq.offset&~PAGE_MASK) + txreq.size); -- netbk_tx_err(vif, &txreq, idx); -+ netbk_fatal_tx_err(vif); - continue; - } - -@@ -1319,8 +1345,8 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk) - gso = &extras[XEN_NETIF_EXTRA_TYPE_GSO - 1]; - - if (netbk_set_skb_gso(vif, skb, gso)) { -+ /* Failure in netbk_set_skb_gso is fatal. */ - kfree_skb(skb); -- netbk_tx_err(vif, &txreq, idx); - continue; - } - } -@@ -1419,7 +1445,7 @@ static void xen_netbk_tx_submit(struct xen_netbk *netbk) - txp->size -= data_len; - } else { - /* Schedule a response immediately. */ -- xen_netbk_idx_release(netbk, pending_idx); -+ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_OKAY); - } - - if (txp->flags & XEN_NETTXF_csum_blank) -@@ -1474,7 +1500,8 @@ static void xen_netbk_tx_action(struct xen_netbk *netbk) - - } - --static void xen_netbk_idx_release(struct xen_netbk *netbk, u16 pending_idx) -+static void xen_netbk_idx_release(struct xen_netbk *netbk, u16 pending_idx, -+ u8 status) - { - struct xenvif *vif; - struct pending_tx_info *pending_tx_info; -@@ -1488,7 +1515,7 @@ static void xen_netbk_idx_release(struct xen_netbk *netbk, u16 pending_idx) - - vif = pending_tx_info->vif; - -- make_tx_response(vif, &pending_tx_info->req, XEN_NETIF_RSP_OKAY); -+ make_tx_response(vif, &pending_tx_info->req, status); - - index = pending_index(netbk->pending_prod++); - netbk->pending_ring[index] = pending_idx; -diff --git a/drivers/pci/hotplug/pciehp.h b/drivers/pci/hotplug/pciehp.h -index 26ffd3e..2c113de 100644 ---- a/drivers/pci/hotplug/pciehp.h -+++ b/drivers/pci/hotplug/pciehp.h -@@ -44,7 +44,6 @@ extern bool pciehp_poll_mode; - extern int pciehp_poll_time; - extern bool pciehp_debug; - extern bool pciehp_force; --extern struct workqueue_struct *pciehp_wq; - - #define dbg(format, arg...) \ - do { \ -@@ -78,6 +77,7 @@ struct slot { - struct hotplug_slot *hotplug_slot; - struct delayed_work work; /* work for button event */ - struct mutex lock; -+ struct workqueue_struct *wq; - }; - - struct event_info { -diff --git a/drivers/pci/hotplug/pciehp_core.c b/drivers/pci/hotplug/pciehp_core.c -index 365c6b9..9e39df9 100644 ---- a/drivers/pci/hotplug/pciehp_core.c -+++ b/drivers/pci/hotplug/pciehp_core.c -@@ -42,7 +42,6 @@ bool pciehp_debug; - bool pciehp_poll_mode; - int pciehp_poll_time; - bool pciehp_force; --struct workqueue_struct *pciehp_wq; - - #define DRIVER_VERSION "0.4" - #define DRIVER_AUTHOR "Dan Zink <dan.zink@compaq.com>, Greg Kroah-Hartman <greg@kroah.com>, Dely Sy <dely.l.sy@intel.com>" -@@ -340,18 +339,13 @@ static int __init pcied_init(void) - { - int retval = 0; - -- pciehp_wq = alloc_workqueue("pciehp", 0, 0); -- if (!pciehp_wq) -- return -ENOMEM; -- - pciehp_firmware_init(); - retval = pcie_port_service_register(&hpdriver_portdrv); - dbg("pcie_port_service_register = %d\n", retval); - info(DRIVER_DESC " version: " DRIVER_VERSION "\n"); -- if (retval) { -- destroy_workqueue(pciehp_wq); -+ if (retval) - dbg("Failure to register service\n"); -- } -+ - return retval; - } - -@@ -359,7 +353,6 @@ static void __exit pcied_cleanup(void) - { - dbg("unload_pciehpd()\n"); - pcie_port_service_unregister(&hpdriver_portdrv); -- destroy_workqueue(pciehp_wq); - info(DRIVER_DESC " version: " DRIVER_VERSION " unloaded\n"); - } - -diff --git a/drivers/pci/hotplug/pciehp_ctrl.c b/drivers/pci/hotplug/pciehp_ctrl.c -index 27f4429..38f0186 100644 ---- a/drivers/pci/hotplug/pciehp_ctrl.c -+++ b/drivers/pci/hotplug/pciehp_ctrl.c -@@ -49,7 +49,7 @@ static int queue_interrupt_event(struct slot *p_slot, u32 event_type) - info->p_slot = p_slot; - INIT_WORK(&info->work, interrupt_event_handler); - -- queue_work(pciehp_wq, &info->work); -+ queue_work(p_slot->wq, &info->work); - - return 0; - } -@@ -344,7 +344,7 @@ void pciehp_queue_pushbutton_work(struct work_struct *work) - kfree(info); - goto out; - } -- queue_work(pciehp_wq, &info->work); -+ queue_work(p_slot->wq, &info->work); - out: - mutex_unlock(&p_slot->lock); - } -@@ -377,7 +377,7 @@ static void handle_button_press_event(struct slot *p_slot) - if (ATTN_LED(ctrl)) - pciehp_set_attention_status(p_slot, 0); - -- queue_delayed_work(pciehp_wq, &p_slot->work, 5*HZ); -+ queue_delayed_work(p_slot->wq, &p_slot->work, 5*HZ); - break; - case BLINKINGOFF_STATE: - case BLINKINGON_STATE: -@@ -439,7 +439,7 @@ static void handle_surprise_event(struct slot *p_slot) - else - p_slot->state = POWERON_STATE; - -- queue_work(pciehp_wq, &info->work); -+ queue_work(p_slot->wq, &info->work); - } - - static void interrupt_event_handler(struct work_struct *work) -diff --git a/drivers/pci/hotplug/pciehp_hpc.c b/drivers/pci/hotplug/pciehp_hpc.c -index 302451e..61632c5 100644 ---- a/drivers/pci/hotplug/pciehp_hpc.c -+++ b/drivers/pci/hotplug/pciehp_hpc.c -@@ -773,23 +773,32 @@ static void pcie_shutdown_notification(struct controller *ctrl) - static int pcie_init_slot(struct controller *ctrl) - { - struct slot *slot; -+ char name[32]; - - slot = kzalloc(sizeof(*slot), GFP_KERNEL); - if (!slot) - return -ENOMEM; - -+ snprintf(name, sizeof(name), "pciehp-%u", PSN(ctrl)); -+ slot->wq = alloc_workqueue(name, 0, 0); -+ if (!slot->wq) -+ goto abort; -+ - slot->ctrl = ctrl; - mutex_init(&slot->lock); - INIT_DELAYED_WORK(&slot->work, pciehp_queue_pushbutton_work); - ctrl->slot = slot; - return 0; -+abort: -+ kfree(slot); -+ return -ENOMEM; - } - - static void pcie_cleanup_slot(struct controller *ctrl) - { - struct slot *slot = ctrl->slot; - cancel_delayed_work(&slot->work); -- flush_workqueue(pciehp_wq); -+ destroy_workqueue(slot->wq); - kfree(slot); - } - -diff --git a/drivers/pci/hotplug/shpchp.h b/drivers/pci/hotplug/shpchp.h -index ca64932..1b69d95 100644 ---- a/drivers/pci/hotplug/shpchp.h -+++ b/drivers/pci/hotplug/shpchp.h -@@ -47,7 +47,6 @@ extern bool shpchp_poll_mode; - extern int shpchp_poll_time; - extern bool shpchp_debug; - extern struct workqueue_struct *shpchp_wq; --extern struct workqueue_struct *shpchp_ordered_wq; - - #define dbg(format, arg...) \ - do { \ -diff --git a/drivers/pci/hotplug/shpchp_core.c b/drivers/pci/hotplug/shpchp_core.c -index b6de307..8c6d645 100644 ---- a/drivers/pci/hotplug/shpchp_core.c -+++ b/drivers/pci/hotplug/shpchp_core.c -@@ -40,7 +40,6 @@ bool shpchp_debug; - bool shpchp_poll_mode; - int shpchp_poll_time; - struct workqueue_struct *shpchp_wq; --struct workqueue_struct *shpchp_ordered_wq; - - #define DRIVER_VERSION "0.4" - #define DRIVER_AUTHOR "Dan Zink <dan.zink@compaq.com>, Greg Kroah-Hartman <greg@kroah.com>, Dely Sy <dely.l.sy@intel.com>" -@@ -181,7 +180,6 @@ void cleanup_slots(struct controller *ctrl) - list_del(&slot->slot_list); - cancel_delayed_work(&slot->work); - flush_workqueue(shpchp_wq); -- flush_workqueue(shpchp_ordered_wq); - pci_hp_deregister(slot->hotplug_slot); - } - } -@@ -370,17 +368,10 @@ static int __init shpcd_init(void) - if (!shpchp_wq) - return -ENOMEM; - -- shpchp_ordered_wq = alloc_ordered_workqueue("shpchp_ordered", 0); -- if (!shpchp_ordered_wq) { -- destroy_workqueue(shpchp_wq); -- return -ENOMEM; -- } -- - retval = pci_register_driver(&shpc_driver); - dbg("%s: pci_register_driver = %d\n", __func__, retval); - info(DRIVER_DESC " version: " DRIVER_VERSION "\n"); - if (retval) { -- destroy_workqueue(shpchp_ordered_wq); - destroy_workqueue(shpchp_wq); - } - return retval; -@@ -390,7 +381,6 @@ static void __exit shpcd_cleanup(void) - { - dbg("unload_shpchpd()\n"); - pci_unregister_driver(&shpc_driver); -- destroy_workqueue(shpchp_ordered_wq); - destroy_workqueue(shpchp_wq); - info(DRIVER_DESC " version: " DRIVER_VERSION " unloaded\n"); - } -diff --git a/drivers/pci/hotplug/shpchp_ctrl.c b/drivers/pci/hotplug/shpchp_ctrl.c -index f9b5a52..fd2cae9 100644 ---- a/drivers/pci/hotplug/shpchp_ctrl.c -+++ b/drivers/pci/hotplug/shpchp_ctrl.c -@@ -453,7 +453,7 @@ void shpchp_queue_pushbutton_work(struct work_struct *work) - kfree(info); - goto out; - } -- queue_work(shpchp_ordered_wq, &info->work); -+ queue_work(shpchp_wq, &info->work); - out: - mutex_unlock(&p_slot->lock); - } -diff --git a/drivers/pci/pcie/aer/aerdrv_core.c b/drivers/pci/pcie/aer/aerdrv_core.c -index 1b7d05d..b0c92a5 100644 ---- a/drivers/pci/pcie/aer/aerdrv_core.c -+++ b/drivers/pci/pcie/aer/aerdrv_core.c -@@ -649,6 +649,7 @@ static void aer_recover_work_func(struct work_struct *work) - continue; - } - do_recovery(pdev, entry.severity); -+ pci_dev_put(pdev); - } - } - #endif -diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c -index b500840..474f22f 100644 ---- a/drivers/pci/pcie/aspm.c -+++ b/drivers/pci/pcie/aspm.c -@@ -798,6 +798,9 @@ void pcie_clear_aspm(struct pci_bus *bus) - { - struct pci_dev *child; - -+ if (aspm_force) -+ return; -+ - /* - * Clear any ASPM setup that the firmware has carried out on this bus - */ -diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c -index 5155317..161e7f0 100644 ---- a/drivers/pci/quirks.c -+++ b/drivers/pci/quirks.c -@@ -2686,7 +2686,7 @@ static void ricoh_mmc_fixup_r5c832(struct pci_dev *dev) - if (PCI_FUNC(dev->devfn)) - return; - /* -- * RICOH 0xe823 SD/MMC card reader fails to recognize -+ * RICOH 0xe822 and 0xe823 SD/MMC card readers fail to recognize - * certain types of SD/MMC cards. Lowering the SD base - * clock frequency from 200Mhz to 50Mhz fixes this issue. - * -@@ -2697,7 +2697,8 @@ static void ricoh_mmc_fixup_r5c832(struct pci_dev *dev) - * 0xf9 - Key register for 0x150 - * 0xfc - key register for 0xe1 - */ -- if (dev->device == PCI_DEVICE_ID_RICOH_R5CE823) { -+ if (dev->device == PCI_DEVICE_ID_RICOH_R5CE822 || -+ dev->device == PCI_DEVICE_ID_RICOH_R5CE823) { - pci_write_config_byte(dev, 0xf9, 0xfc); - pci_write_config_byte(dev, 0x150, 0x10); - pci_write_config_byte(dev, 0xf9, 0x00); -@@ -2724,6 +2725,8 @@ static void ricoh_mmc_fixup_r5c832(struct pci_dev *dev) - } - DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_RICOH, PCI_DEVICE_ID_RICOH_R5C832, ricoh_mmc_fixup_r5c832); - DECLARE_PCI_FIXUP_RESUME_EARLY(PCI_VENDOR_ID_RICOH, PCI_DEVICE_ID_RICOH_R5C832, ricoh_mmc_fixup_r5c832); -+DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_RICOH, PCI_DEVICE_ID_RICOH_R5CE822, ricoh_mmc_fixup_r5c832); -+DECLARE_PCI_FIXUP_RESUME_EARLY(PCI_VENDOR_ID_RICOH, PCI_DEVICE_ID_RICOH_R5CE822, ricoh_mmc_fixup_r5c832); - DECLARE_PCI_FIXUP_EARLY(PCI_VENDOR_ID_RICOH, PCI_DEVICE_ID_RICOH_R5CE823, ricoh_mmc_fixup_r5c832); - DECLARE_PCI_FIXUP_RESUME_EARLY(PCI_VENDOR_ID_RICOH, PCI_DEVICE_ID_RICOH_R5CE823, ricoh_mmc_fixup_r5c832); - #endif /*CONFIG_MMC_RICOH_MMC*/ -diff --git a/drivers/pci/remove.c b/drivers/pci/remove.c -index 04a4861..073c33f 100644 ---- a/drivers/pci/remove.c -+++ b/drivers/pci/remove.c -@@ -19,6 +19,8 @@ static void pci_free_resources(struct pci_dev *dev) - - static void pci_stop_dev(struct pci_dev *dev) - { -+ pci_pme_active(dev, false); -+ - if (dev->is_added) { - pci_proc_detach_device(dev); - pci_remove_sysfs_dev_files(dev); -diff --git a/drivers/pcmcia/vrc4171_card.c b/drivers/pcmcia/vrc4171_card.c -index 86e4a1a..6bb02ab 100644 ---- a/drivers/pcmcia/vrc4171_card.c -+++ b/drivers/pcmcia/vrc4171_card.c -@@ -246,6 +246,7 @@ static int pccard_init(struct pcmcia_socket *sock) - socket = &vrc4171_sockets[slot]; - socket->csc_irq = search_nonuse_irq(); - socket->io_irq = search_nonuse_irq(); -+ spin_lock_init(&socket->lock); - - return 0; - } -diff --git a/drivers/platform/x86/ibm_rtl.c b/drivers/platform/x86/ibm_rtl.c -index 7481146..97c2be1 100644 ---- a/drivers/platform/x86/ibm_rtl.c -+++ b/drivers/platform/x86/ibm_rtl.c -@@ -244,7 +244,7 @@ static int __init ibm_rtl_init(void) { - if (force) - pr_warn("module loaded by force\n"); - /* first ensure that we are running on IBM HW */ -- else if (efi_enabled || !dmi_check_system(ibm_rtl_dmi_table)) -+ else if (efi_enabled(EFI_BOOT) || !dmi_check_system(ibm_rtl_dmi_table)) - return -ENODEV; - - /* Get the address for the Extended BIOS Data Area */ -diff --git a/drivers/platform/x86/samsung-laptop.c b/drivers/platform/x86/samsung-laptop.c -index dd90d15..d1f0300 100644 ---- a/drivers/platform/x86/samsung-laptop.c -+++ b/drivers/platform/x86/samsung-laptop.c -@@ -26,6 +26,7 @@ - #include <linux/seq_file.h> - #include <linux/debugfs.h> - #include <linux/ctype.h> -+#include <linux/efi.h> - #include <acpi/video.h> - - /* -@@ -1523,6 +1524,16 @@ static struct dmi_system_id __initdata samsung_dmi_table[] = { - }, - .driver_data = &samsung_broken_acpi_video, - }, -+ { -+ .callback = samsung_dmi_matched, -+ .ident = "N250P", -+ .matches = { -+ DMI_MATCH(DMI_SYS_VENDOR, "SAMSUNG ELECTRONICS CO., LTD."), -+ DMI_MATCH(DMI_PRODUCT_NAME, "N250P"), -+ DMI_MATCH(DMI_BOARD_NAME, "N250P"), -+ }, -+ .driver_data = &samsung_broken_acpi_video, -+ }, - { }, - }; - MODULE_DEVICE_TABLE(dmi, samsung_dmi_table); -@@ -1534,6 +1545,9 @@ static int __init samsung_init(void) - struct samsung_laptop *samsung; - int ret; - -+ if (efi_enabled(EFI_BOOT)) -+ return -ENODEV; -+ - quirks = &samsung_unknown; - if (!force && !dmi_check_system(samsung_dmi_table)) - return -ENODEV; -diff --git a/drivers/pnp/pnpacpi/core.c b/drivers/pnp/pnpacpi/core.c -index e49871d..3c5c353 100644 ---- a/drivers/pnp/pnpacpi/core.c -+++ b/drivers/pnp/pnpacpi/core.c -@@ -58,7 +58,7 @@ static inline int __init is_exclusive_device(struct acpi_device *dev) - if (!(('0' <= (c) && (c) <= '9') || ('A' <= (c) && (c) <= 'F'))) \ - return 0 - #define TEST_ALPHA(c) \ -- if (!('@' <= (c) || (c) <= 'Z')) \ -+ if (!('A' <= (c) && (c) <= 'Z')) \ - return 0 - static int __init ispnpidacpi(const char *id) - { -diff --git a/drivers/power/ab8500_btemp.c b/drivers/power/ab8500_btemp.c -index bba3cca..8e3329e 100644 ---- a/drivers/power/ab8500_btemp.c -+++ b/drivers/power/ab8500_btemp.c -@@ -1119,7 +1119,7 @@ static void __exit ab8500_btemp_exit(void) - platform_driver_unregister(&ab8500_btemp_driver); - } - --subsys_initcall_sync(ab8500_btemp_init); -+device_initcall(ab8500_btemp_init); - module_exit(ab8500_btemp_exit); - - MODULE_LICENSE("GPL v2"); -diff --git a/drivers/power/abx500_chargalg.c b/drivers/power/abx500_chargalg.c -index 804b88c..d8cd151 100644 ---- a/drivers/power/abx500_chargalg.c -+++ b/drivers/power/abx500_chargalg.c -@@ -1698,7 +1698,7 @@ static ssize_t abx500_chargalg_sysfs_charger(struct kobject *kobj, - static struct attribute abx500_chargalg_en_charger = \ - { - .name = "chargalg", -- .mode = S_IWUGO, -+ .mode = S_IWUSR, - }; - - static struct attribute *abx500_chargalg_chg[] = { -diff --git a/drivers/regulator/wm831x-dcdc.c b/drivers/regulator/wm831x-dcdc.c -index 7413885..d4b9b1e 100644 ---- a/drivers/regulator/wm831x-dcdc.c -+++ b/drivers/regulator/wm831x-dcdc.c -@@ -290,7 +290,7 @@ static int wm831x_buckv_set_voltage_sel(struct regulator_dev *rdev, - if (vsel > dcdc->dvs_vsel) { - ret = wm831x_set_bits(wm831x, dvs_reg, - WM831X_DC1_DVS_VSEL_MASK, -- dcdc->dvs_vsel); -+ vsel); - if (ret == 0) - dcdc->dvs_vsel = vsel; - else -diff --git a/drivers/rtc/rtc-isl1208.c b/drivers/rtc/rtc-isl1208.c -index dd2aeee..8f8c8ae 100644 ---- a/drivers/rtc/rtc-isl1208.c -+++ b/drivers/rtc/rtc-isl1208.c -@@ -494,6 +494,7 @@ isl1208_rtc_interrupt(int irq, void *data) - { - unsigned long timeout = jiffies + msecs_to_jiffies(1000); - struct i2c_client *client = data; -+ struct rtc_device *rtc = i2c_get_clientdata(client); - int handled = 0, sr, err; - - /* -@@ -516,6 +517,8 @@ isl1208_rtc_interrupt(int irq, void *data) - if (sr & ISL1208_REG_SR_ALM) { - dev_dbg(&client->dev, "alarm!\n"); - -+ rtc_update_irq(rtc, 1, RTC_IRQF | RTC_AF); -+ - /* Clear the alarm */ - sr &= ~ISL1208_REG_SR_ALM; - sr = i2c_smbus_write_byte_data(client, ISL1208_REG_SR, sr); -diff --git a/drivers/rtc/rtc-vt8500.c b/drivers/rtc/rtc-vt8500.c -index 9e94fb1..44878da 100644 ---- a/drivers/rtc/rtc-vt8500.c -+++ b/drivers/rtc/rtc-vt8500.c -@@ -69,7 +69,7 @@ - | ALARM_SEC_BIT) - - #define VT8500_RTC_CR_ENABLE (1 << 0) /* Enable RTC */ --#define VT8500_RTC_CR_24H (1 << 1) /* 24h time format */ -+#define VT8500_RTC_CR_12H (1 << 1) /* 12h time format */ - #define VT8500_RTC_CR_SM_ENABLE (1 << 2) /* Enable periodic irqs */ - #define VT8500_RTC_CR_SM_SEC (1 << 3) /* 0: 1Hz/60, 1: 1Hz */ - #define VT8500_RTC_CR_CALIB (1 << 4) /* Enable calibration */ -@@ -118,7 +118,7 @@ static int vt8500_rtc_read_time(struct device *dev, struct rtc_time *tm) - tm->tm_min = bcd2bin((time & TIME_MIN_MASK) >> TIME_MIN_S); - tm->tm_hour = bcd2bin((time & TIME_HOUR_MASK) >> TIME_HOUR_S); - tm->tm_mday = bcd2bin(date & DATE_DAY_MASK); -- tm->tm_mon = bcd2bin((date & DATE_MONTH_MASK) >> DATE_MONTH_S); -+ tm->tm_mon = bcd2bin((date & DATE_MONTH_MASK) >> DATE_MONTH_S) - 1; - tm->tm_year = bcd2bin((date & DATE_YEAR_MASK) >> DATE_YEAR_S) - + ((date >> DATE_CENTURY_S) & 1 ? 200 : 100); - tm->tm_wday = (time & TIME_DOW_MASK) >> TIME_DOW_S; -@@ -137,8 +137,9 @@ static int vt8500_rtc_set_time(struct device *dev, struct rtc_time *tm) - } - - writel((bin2bcd(tm->tm_year - 100) << DATE_YEAR_S) -- | (bin2bcd(tm->tm_mon) << DATE_MONTH_S) -- | (bin2bcd(tm->tm_mday)), -+ | (bin2bcd(tm->tm_mon + 1) << DATE_MONTH_S) -+ | (bin2bcd(tm->tm_mday)) -+ | ((tm->tm_year >= 200) << DATE_CENTURY_S), - vt8500_rtc->regbase + VT8500_RTC_DS); - writel((bin2bcd(tm->tm_wday) << TIME_DOW_S) - | (bin2bcd(tm->tm_hour) << TIME_HOUR_S) -@@ -248,7 +249,7 @@ static int __devinit vt8500_rtc_probe(struct platform_device *pdev) - } - - /* Enable RTC and set it to 24-hour mode */ -- writel(VT8500_RTC_CR_ENABLE | VT8500_RTC_CR_24H, -+ writel(VT8500_RTC_CR_ENABLE, - vt8500_rtc->regbase + VT8500_RTC_CR); - - vt8500_rtc->rtc = rtc_device_register("vt8500-rtc", &pdev->dev, -diff --git a/drivers/s390/cio/device_pgid.c b/drivers/s390/cio/device_pgid.c -index 368368f..908d287 100644 ---- a/drivers/s390/cio/device_pgid.c -+++ b/drivers/s390/cio/device_pgid.c -@@ -234,7 +234,7 @@ static int pgid_cmp(struct pgid *p1, struct pgid *p2) - * Determine pathgroup state from PGID data. - */ - static void pgid_analyze(struct ccw_device *cdev, struct pgid **p, -- int *mismatch, int *reserved, u8 *reset) -+ int *mismatch, u8 *reserved, u8 *reset) - { - struct pgid *pgid = &cdev->private->pgid[0]; - struct pgid *first = NULL; -@@ -248,7 +248,7 @@ static void pgid_analyze(struct ccw_device *cdev, struct pgid **p, - if ((cdev->private->pgid_valid_mask & lpm) == 0) - continue; - if (pgid->inf.ps.state2 == SNID_STATE2_RESVD_ELSE) -- *reserved = 1; -+ *reserved |= lpm; - if (pgid_is_reset(pgid)) { - *reset |= lpm; - continue; -@@ -316,14 +316,14 @@ static void snid_done(struct ccw_device *cdev, int rc) - struct subchannel *sch = to_subchannel(cdev->dev.parent); - struct pgid *pgid; - int mismatch = 0; -- int reserved = 0; -+ u8 reserved = 0; - u8 reset = 0; - u8 donepm; - - if (rc) - goto out; - pgid_analyze(cdev, &pgid, &mismatch, &reserved, &reset); -- if (reserved) -+ if (reserved == cdev->private->pgid_valid_mask) - rc = -EUSERS; - else if (mismatch) - rc = -EOPNOTSUPP; -@@ -336,7 +336,7 @@ static void snid_done(struct ccw_device *cdev, int rc) - } - out: - CIO_MSG_EVENT(2, "snid: device 0.%x.%04x: rc=%d pvm=%02x vpm=%02x " -- "todo=%02x mism=%d rsvd=%d reset=%02x\n", id->ssid, -+ "todo=%02x mism=%d rsvd=%02x reset=%02x\n", id->ssid, - id->devno, rc, cdev->private->pgid_valid_mask, sch->vpm, - cdev->private->pgid_todo_mask, mismatch, reserved, reset); - switch (rc) { -diff --git a/drivers/s390/kvm/kvm_virtio.c b/drivers/s390/kvm/kvm_virtio.c -index 47cccd5..9c77c8b 100644 ---- a/drivers/s390/kvm/kvm_virtio.c -+++ b/drivers/s390/kvm/kvm_virtio.c -@@ -419,6 +419,26 @@ static void kvm_extint_handler(struct ext_code ext_code, - } - - /* -+ * For s390-virtio, we expect a page above main storage containing -+ * the virtio configuration. Try to actually load from this area -+ * in order to figure out if the host provides this page. -+ */ -+static int __init test_devices_support(unsigned long addr) -+{ -+ int ret = -EIO; -+ -+ asm volatile( -+ "0: lura 0,%1\n" -+ "1: xgr %0,%0\n" -+ "2:\n" -+ EX_TABLE(0b,2b) -+ EX_TABLE(1b,2b) -+ : "+d" (ret) -+ : "a" (addr) -+ : "0", "cc"); -+ return ret; -+} -+/* - * Init function for virtio - * devices are in a single page above top of "normal" mem - */ -@@ -429,21 +449,23 @@ static int __init kvm_devices_init(void) - if (!MACHINE_IS_KVM) - return -ENODEV; - -+ if (test_devices_support(real_memory_size) < 0) -+ return -ENODEV; -+ -+ rc = vmem_add_mapping(real_memory_size, PAGE_SIZE); -+ if (rc) -+ return rc; -+ -+ kvm_devices = (void *) real_memory_size; -+ - kvm_root = root_device_register("kvm_s390"); - if (IS_ERR(kvm_root)) { - rc = PTR_ERR(kvm_root); - printk(KERN_ERR "Could not register kvm_s390 root device"); -+ vmem_remove_mapping(real_memory_size, PAGE_SIZE); - return rc; - } - -- rc = vmem_add_mapping(real_memory_size, PAGE_SIZE); -- if (rc) { -- root_device_unregister(kvm_root); -- return rc; -- } -- -- kvm_devices = (void *) real_memory_size; -- - INIT_WORK(&hotplug_work, hotplug_devices); - - service_subclass_irq_register(); -diff --git a/drivers/scsi/isci/init.c b/drivers/scsi/isci/init.c -index 1286a8a..1c91061 100644 ---- a/drivers/scsi/isci/init.c -+++ b/drivers/scsi/isci/init.c -@@ -633,7 +633,7 @@ static int __devinit isci_pci_probe(struct pci_dev *pdev, const struct pci_devic - return -ENOMEM; - pci_set_drvdata(pdev, pci_info); - -- if (efi_enabled) -+ if (efi_enabled(EFI_RUNTIME_SERVICES)) - orom = isci_get_efi_var(pdev); - - if (!orom) -diff --git a/drivers/scsi/mvsas/mv_94xx.h b/drivers/scsi/mvsas/mv_94xx.h -index 8f7eb4f..487aa6f 100644 ---- a/drivers/scsi/mvsas/mv_94xx.h -+++ b/drivers/scsi/mvsas/mv_94xx.h -@@ -258,21 +258,11 @@ enum sas_sata_phy_regs { - #define SPI_ADDR_VLD_94XX (1U << 1) - #define SPI_CTRL_SpiStart_94XX (1U << 0) - --#define mv_ffc(x) ffz(x) -- - static inline int - mv_ffc64(u64 v) - { -- int i; -- i = mv_ffc((u32)v); -- if (i >= 0) -- return i; -- i = mv_ffc((u32)(v>>32)); -- -- if (i != 0) -- return 32 + i; -- -- return -1; -+ u64 x = ~v; -+ return x ? __ffs64(x) : -1; - } - - #define r_reg_set_enable(i) \ -diff --git a/drivers/scsi/mvsas/mv_sas.c b/drivers/scsi/mvsas/mv_sas.c -index 4539d59..a3776d6 100644 ---- a/drivers/scsi/mvsas/mv_sas.c -+++ b/drivers/scsi/mvsas/mv_sas.c -@@ -1629,7 +1629,7 @@ int mvs_abort_task(struct sas_task *task) - mv_dprintk("mvs_abort_task() mvi=%p task=%p " - "slot=%p slot_idx=x%x\n", - mvi, task, slot, slot_idx); -- mvs_tmf_timedout((unsigned long)task); -+ task->task_state_flags |= SAS_TASK_STATE_ABORTED; - mvs_slot_task_free(mvi, task, slot, slot_idx); - rc = TMF_RESP_FUNC_COMPLETE; - goto out; -diff --git a/drivers/scsi/mvsas/mv_sas.h b/drivers/scsi/mvsas/mv_sas.h -index c04a4f5..da24955 100644 ---- a/drivers/scsi/mvsas/mv_sas.h -+++ b/drivers/scsi/mvsas/mv_sas.h -@@ -69,7 +69,7 @@ extern struct kmem_cache *mvs_task_list_cache; - #define DEV_IS_EXPANDER(type) \ - ((type == EDGE_DEV) || (type == FANOUT_DEV)) - --#define bit(n) ((u32)1 << n) -+#define bit(n) ((u64)1 << n) - - #define for_each_phy(__lseq_mask, __mc, __lseq) \ - for ((__mc) = (__lseq_mask), (__lseq) = 0; \ -diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c -index fb8cd38..0076210 100644 ---- a/drivers/scsi/qla2xxx/qla_os.c -+++ b/drivers/scsi/qla2xxx/qla_os.c -@@ -3801,9 +3801,9 @@ qla2x00_do_dpc(void *data) - "ISP abort end.\n"); - } - -- if (test_bit(FCPORT_UPDATE_NEEDED, &base_vha->dpc_flags)) { -+ if (test_and_clear_bit(FCPORT_UPDATE_NEEDED, -+ &base_vha->dpc_flags)) { - qla2x00_update_fcports(base_vha); -- clear_bit(FCPORT_UPDATE_NEEDED, &base_vha->dpc_flags); - } - - if (test_bit(SCR_PENDING, &base_vha->dpc_flags)) { -diff --git a/drivers/scsi/scsi_sysfs.c b/drivers/scsi/scsi_sysfs.c -index ce5224c..931a7d9 100644 ---- a/drivers/scsi/scsi_sysfs.c -+++ b/drivers/scsi/scsi_sysfs.c -@@ -247,11 +247,11 @@ show_shost_active_mode(struct device *dev, - - static DEVICE_ATTR(active_mode, S_IRUGO | S_IWUSR, show_shost_active_mode, NULL); - --static int check_reset_type(char *str) -+static int check_reset_type(const char *str) - { -- if (strncmp(str, "adapter", 10) == 0) -+ if (sysfs_streq(str, "adapter")) - return SCSI_ADAPTER_RESET; -- else if (strncmp(str, "firmware", 10) == 0) -+ else if (sysfs_streq(str, "firmware")) - return SCSI_FIRMWARE_RESET; - else - return 0; -@@ -264,12 +264,9 @@ store_host_reset(struct device *dev, struct device_attribute *attr, - struct Scsi_Host *shost = class_to_shost(dev); - struct scsi_host_template *sht = shost->hostt; - int ret = -EINVAL; -- char str[10]; - int type; - -- sscanf(buf, "%s", str); -- type = check_reset_type(str); -- -+ type = check_reset_type(buf); - if (!type) - goto exit_store_host_reset; - -diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c -index 4df73e5..8afedd6 100644 ---- a/drivers/scsi/sd.c -+++ b/drivers/scsi/sd.c -@@ -2926,10 +2926,6 @@ static int __init init_sd(void) - if (err) - goto err_out; - -- err = scsi_register_driver(&sd_template.gendrv); -- if (err) -- goto err_out_class; -- - sd_cdb_cache = kmem_cache_create("sd_ext_cdb", SD_EXT_CDB_SIZE, - 0, 0, NULL); - if (!sd_cdb_cache) { -@@ -2943,8 +2939,15 @@ static int __init init_sd(void) - goto err_out_cache; - } - -+ err = scsi_register_driver(&sd_template.gendrv); -+ if (err) -+ goto err_out_driver; -+ - return 0; - -+err_out_driver: -+ mempool_destroy(sd_cdb_pool); -+ - err_out_cache: - kmem_cache_destroy(sd_cdb_cache); - -@@ -2967,10 +2970,10 @@ static void __exit exit_sd(void) - - SCSI_LOG_HLQUEUE(3, printk("exit_sd: exiting sd driver\n")); - -+ scsi_unregister_driver(&sd_template.gendrv); - mempool_destroy(sd_cdb_pool); - kmem_cache_destroy(sd_cdb_cache); - -- scsi_unregister_driver(&sd_template.gendrv); - class_unregister(&sd_disk_class); - - for (i = 0; i < SD_MAJORS; i++) -diff --git a/drivers/staging/comedi/Kconfig b/drivers/staging/comedi/Kconfig -index 6cee785..2701546 100644 ---- a/drivers/staging/comedi/Kconfig -+++ b/drivers/staging/comedi/Kconfig -@@ -444,6 +444,7 @@ config COMEDI_ADQ12B - - config COMEDI_NI_AT_A2150 - tristate "NI AT-A2150 ISA card support" -+ select COMEDI_FC - depends on VIRT_TO_BUS - ---help--- - Enable support for National Instruments AT-A2150 cards -diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c -index 41dea18..2bbf288 100644 ---- a/drivers/staging/comedi/comedi_fops.c -+++ b/drivers/staging/comedi/comedi_fops.c -@@ -1545,8 +1545,16 @@ static long comedi_unlocked_ioctl(struct file *file, unsigned int cmd, - /* Device config is special, because it must work on - * an unconfigured device. */ - if (cmd == COMEDI_DEVCONFIG) { -+ if (minor >= COMEDI_NUM_BOARD_MINORS) { -+ /* Device config not appropriate on non-board minors. */ -+ rc = -ENOTTY; -+ goto done; -+ } - rc = do_devconfig_ioctl(dev, - (struct comedi_devconfig __user *)arg); -+ if (rc == 0) -+ /* Evade comedi_auto_unconfig(). */ -+ dev_file_info->hardware_device = NULL; - goto done; - } - -@@ -1769,7 +1777,7 @@ static unsigned int comedi_poll(struct file *file, poll_table *wait) - - mask = 0; - read_subdev = comedi_get_read_subdevice(dev_file_info); -- if (read_subdev) { -+ if (read_subdev && read_subdev->async) { - poll_wait(file, &read_subdev->async->wait_head, wait); - if (!read_subdev->busy - || comedi_buf_read_n_available(read_subdev->async) > 0 -@@ -1779,7 +1787,7 @@ static unsigned int comedi_poll(struct file *file, poll_table *wait) - } - } - write_subdev = comedi_get_write_subdevice(dev_file_info); -- if (write_subdev) { -+ if (write_subdev && write_subdev->async) { - poll_wait(file, &write_subdev->async->wait_head, wait); - comedi_buf_write_alloc(write_subdev->async, - write_subdev->async->prealloc_bufsz); -@@ -1821,7 +1829,7 @@ static ssize_t comedi_write(struct file *file, const char __user *buf, - } - - s = comedi_get_write_subdevice(dev_file_info); -- if (s == NULL) { -+ if (s == NULL || s->async == NULL) { - retval = -EIO; - goto done; - } -@@ -1932,7 +1940,7 @@ static ssize_t comedi_read(struct file *file, char __user *buf, size_t nbytes, - } - - s = comedi_get_read_subdevice(dev_file_info); -- if (s == NULL) { -+ if (s == NULL || s->async == NULL) { - retval = -EIO; - goto done; - } -diff --git a/drivers/staging/comedi/drivers/comedi_test.c b/drivers/staging/comedi/drivers/comedi_test.c -index 523a809..e38bd64 100644 ---- a/drivers/staging/comedi/drivers/comedi_test.c -+++ b/drivers/staging/comedi/drivers/comedi_test.c -@@ -396,7 +396,7 @@ static int waveform_ai_cancel(struct comedi_device *dev, - struct comedi_subdevice *s) - { - devpriv->timer_running = 0; -- del_timer(&devpriv->timer); -+ del_timer_sync(&devpriv->timer); - return 0; - } - -diff --git a/drivers/staging/comedi/drivers/ni_labpc.c b/drivers/staging/comedi/drivers/ni_labpc.c -index d3a1d65..ac0fbd7 100644 ---- a/drivers/staging/comedi/drivers/ni_labpc.c -+++ b/drivers/staging/comedi/drivers/ni_labpc.c -@@ -1263,7 +1263,9 @@ static int labpc_ai_cmd(struct comedi_device *dev, struct comedi_subdevice *s) - else - channel = CR_CHAN(cmd->chanlist[0]); - /* munge channel bits for differential / scan disabled mode */ -- if (labpc_ai_scan_mode(cmd) != MODE_SINGLE_CHAN && aref == AREF_DIFF) -+ if ((labpc_ai_scan_mode(cmd) == MODE_SINGLE_CHAN || -+ labpc_ai_scan_mode(cmd) == MODE_SINGLE_CHAN_INTERVAL) && -+ aref == AREF_DIFF) - channel *= 2; - devpriv->command1_bits |= ADC_CHAN_BITS(channel); - devpriv->command1_bits |= thisboard->ai_range_code[range]; -@@ -1279,21 +1281,6 @@ static int labpc_ai_cmd(struct comedi_device *dev, struct comedi_subdevice *s) - devpriv->write_byte(devpriv->command1_bits, - dev->iobase + COMMAND1_REG); - } -- /* setup any external triggering/pacing (command4 register) */ -- devpriv->command4_bits = 0; -- if (cmd->convert_src != TRIG_EXT) -- devpriv->command4_bits |= EXT_CONVERT_DISABLE_BIT; -- /* XXX should discard first scan when using interval scanning -- * since manual says it is not synced with scan clock */ -- if (labpc_use_continuous_mode(cmd) == 0) { -- devpriv->command4_bits |= INTERVAL_SCAN_EN_BIT; -- if (cmd->scan_begin_src == TRIG_EXT) -- devpriv->command4_bits |= EXT_SCAN_EN_BIT; -- } -- /* single-ended/differential */ -- if (aref == AREF_DIFF) -- devpriv->command4_bits |= ADC_DIFF_BIT; -- devpriv->write_byte(devpriv->command4_bits, dev->iobase + COMMAND4_REG); - - devpriv->write_byte(cmd->chanlist_len, - dev->iobase + INTERVAL_COUNT_REG); -@@ -1373,6 +1360,22 @@ static int labpc_ai_cmd(struct comedi_device *dev, struct comedi_subdevice *s) - devpriv->command3_bits &= ~ADC_FNE_INTR_EN_BIT; - devpriv->write_byte(devpriv->command3_bits, dev->iobase + COMMAND3_REG); - -+ /* setup any external triggering/pacing (command4 register) */ -+ devpriv->command4_bits = 0; -+ if (cmd->convert_src != TRIG_EXT) -+ devpriv->command4_bits |= EXT_CONVERT_DISABLE_BIT; -+ /* XXX should discard first scan when using interval scanning -+ * since manual says it is not synced with scan clock */ -+ if (labpc_use_continuous_mode(cmd) == 0) { -+ devpriv->command4_bits |= INTERVAL_SCAN_EN_BIT; -+ if (cmd->scan_begin_src == TRIG_EXT) -+ devpriv->command4_bits |= EXT_SCAN_EN_BIT; -+ } -+ /* single-ended/differential */ -+ if (aref == AREF_DIFF) -+ devpriv->command4_bits |= ADC_DIFF_BIT; -+ devpriv->write_byte(devpriv->command4_bits, dev->iobase + COMMAND4_REG); -+ - /* startup acquisition */ - - /* command2 reg */ -diff --git a/drivers/staging/comedi/drivers/ni_pcimio.c b/drivers/staging/comedi/drivers/ni_pcimio.c -index 89f4d43..af5007c 100644 ---- a/drivers/staging/comedi/drivers/ni_pcimio.c -+++ b/drivers/staging/comedi/drivers/ni_pcimio.c -@@ -963,7 +963,7 @@ static const struct ni_board_struct ni_boards[] = { - .ao_range_table = &range_ni_M_625x_ao, - .reg_type = ni_reg_625x, - .ao_unipolar = 0, -- .ao_speed = 357, -+ .ao_speed = 350, - .num_p0_dio_channels = 8, - .caldac = {caldac_none}, - .has_8255 = 0, -@@ -982,7 +982,7 @@ static const struct ni_board_struct ni_boards[] = { - .ao_range_table = &range_ni_M_625x_ao, - .reg_type = ni_reg_625x, - .ao_unipolar = 0, -- .ao_speed = 357, -+ .ao_speed = 350, - .num_p0_dio_channels = 8, - .caldac = {caldac_none}, - .has_8255 = 0, -@@ -1001,7 +1001,7 @@ static const struct ni_board_struct ni_boards[] = { - .ao_range_table = &range_ni_M_625x_ao, - .reg_type = ni_reg_625x, - .ao_unipolar = 0, -- .ao_speed = 357, -+ .ao_speed = 350, - .num_p0_dio_channels = 8, - .caldac = {caldac_none}, - .has_8255 = 0, -@@ -1037,7 +1037,7 @@ static const struct ni_board_struct ni_boards[] = { - .ao_range_table = &range_ni_M_625x_ao, - .reg_type = ni_reg_625x, - .ao_unipolar = 0, -- .ao_speed = 357, -+ .ao_speed = 350, - .num_p0_dio_channels = 32, - .caldac = {caldac_none}, - .has_8255 = 0, -@@ -1056,7 +1056,7 @@ static const struct ni_board_struct ni_boards[] = { - .ao_range_table = &range_ni_M_625x_ao, - .reg_type = ni_reg_625x, - .ao_unipolar = 0, -- .ao_speed = 357, -+ .ao_speed = 350, - .num_p0_dio_channels = 32, - .caldac = {caldac_none}, - .has_8255 = 0, -@@ -1092,7 +1092,7 @@ static const struct ni_board_struct ni_boards[] = { - .ao_range_table = &range_ni_M_628x_ao, - .reg_type = ni_reg_628x, - .ao_unipolar = 1, -- .ao_speed = 357, -+ .ao_speed = 350, - .num_p0_dio_channels = 8, - .caldac = {caldac_none}, - .has_8255 = 0, -@@ -1111,7 +1111,7 @@ static const struct ni_board_struct ni_boards[] = { - .ao_range_table = &range_ni_M_628x_ao, - .reg_type = ni_reg_628x, - .ao_unipolar = 1, -- .ao_speed = 357, -+ .ao_speed = 350, - .num_p0_dio_channels = 8, - .caldac = {caldac_none}, - .has_8255 = 0, -@@ -1147,7 +1147,7 @@ static const struct ni_board_struct ni_boards[] = { - .ao_range_table = &range_ni_M_628x_ao, - .reg_type = ni_reg_628x, - .ao_unipolar = 1, -- .ao_speed = 357, -+ .ao_speed = 350, - .num_p0_dio_channels = 32, - .caldac = {caldac_none}, - .has_8255 = 0, -diff --git a/drivers/staging/rtl8712/usb_intf.c b/drivers/staging/rtl8712/usb_intf.c -index c758c40..ad53781 100644 ---- a/drivers/staging/rtl8712/usb_intf.c -+++ b/drivers/staging/rtl8712/usb_intf.c -@@ -64,6 +64,8 @@ static struct usb_device_id rtl871x_usb_id_tbl[] = { - {USB_DEVICE(0x0B05, 0x1791)}, /* 11n mode disable */ - /* Belkin */ - {USB_DEVICE(0x050D, 0x945A)}, -+ /* ISY IWL - Belkin clone */ -+ {USB_DEVICE(0x050D, 0x11F1)}, - /* Corega */ - {USB_DEVICE(0x07AA, 0x0047)}, - /* D-Link */ -diff --git a/drivers/staging/speakup/synth.c b/drivers/staging/speakup/synth.c -index df95337..7616f05 100644 ---- a/drivers/staging/speakup/synth.c -+++ b/drivers/staging/speakup/synth.c -@@ -342,7 +342,7 @@ int synth_init(char *synth_name) - - mutex_lock(&spk_mutex); - /* First, check if we already have it loaded. */ -- for (i = 0; synths[i] != NULL && i < MAXSYNTHS; i++) -+ for (i = 0; i < MAXSYNTHS && synths[i] != NULL; i++) - if (strcmp(synths[i]->name, synth_name) == 0) - synth = synths[i]; - -@@ -423,7 +423,7 @@ int synth_add(struct spk_synth *in_synth) - int i; - int status = 0; - mutex_lock(&spk_mutex); -- for (i = 0; synths[i] != NULL && i < MAXSYNTHS; i++) -+ for (i = 0; i < MAXSYNTHS && synths[i] != NULL; i++) - /* synth_remove() is responsible for rotating the array down */ - if (in_synth == synths[i]) { - mutex_unlock(&spk_mutex); -diff --git a/drivers/staging/vt6656/bssdb.h b/drivers/staging/vt6656/bssdb.h -index 6b2ec39..806cbf7 100644 ---- a/drivers/staging/vt6656/bssdb.h -+++ b/drivers/staging/vt6656/bssdb.h -@@ -90,7 +90,6 @@ typedef struct tagSRSNCapObject { - } SRSNCapObject, *PSRSNCapObject; - - // BSS info(AP) --#pragma pack(1) - typedef struct tagKnownBSS { - // BSS info - BOOL bActive; -diff --git a/drivers/staging/vt6656/dpc.c b/drivers/staging/vt6656/dpc.c -index 3aa895e..a510b29 100644 ---- a/drivers/staging/vt6656/dpc.c -+++ b/drivers/staging/vt6656/dpc.c -@@ -1238,7 +1238,7 @@ static BOOL s_bHandleRxEncryption ( - - PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc - *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4)); -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %x\n", *pdwRxTSC47_16); - if (byDecMode == KEY_CTL_TKIP) { - *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); - } else { -@@ -1349,7 +1349,7 @@ static BOOL s_bHostWepRxEncryption ( - - PayloadLen -= (WLAN_HDR_ADDR3_LEN + 8 + 4); // 24 is 802.11 header, 8 is IV&ExtIV, 4 is crc - *pdwRxTSC47_16 = cpu_to_le32(*(PDWORD)(pbyIV + 4)); -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %lx\n",*pdwRxTSC47_16); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"ExtIV: %x\n", *pdwRxTSC47_16); - - if (byDecMode == KEY_CTL_TKIP) { - *pwRxTSC15_0 = cpu_to_le16(MAKEWORD(*(pbyIV+2), *pbyIV)); -diff --git a/drivers/staging/vt6656/int.h b/drivers/staging/vt6656/int.h -index 3734e2c..91ceb77 100644 ---- a/drivers/staging/vt6656/int.h -+++ b/drivers/staging/vt6656/int.h -@@ -34,7 +34,6 @@ - #include "device.h" - - /*--------------------- Export Definitions -------------------------*/ --#pragma pack(1) - typedef struct tagSINTData { - BYTE byTSR0; - BYTE byPkt0; -diff --git a/drivers/staging/vt6656/iocmd.h b/drivers/staging/vt6656/iocmd.h -index 22710ce..ae6e2d2 100644 ---- a/drivers/staging/vt6656/iocmd.h -+++ b/drivers/staging/vt6656/iocmd.h -@@ -95,13 +95,12 @@ typedef enum tagWZONETYPE { - // Ioctl interface structure - // Command structure - // --#pragma pack(1) - typedef struct tagSCmdRequest { - u8 name[16]; - void *data; - u16 wResult; - u16 wCmdCode; --} SCmdRequest, *PSCmdRequest; -+} __packed SCmdRequest, *PSCmdRequest; - - // - // Scan -@@ -111,7 +110,7 @@ typedef struct tagSCmdScan { - - u8 ssid[SSID_MAXLEN + 2]; - --} SCmdScan, *PSCmdScan; -+} __packed SCmdScan, *PSCmdScan; - - // - // BSS Join -@@ -126,7 +125,7 @@ typedef struct tagSCmdBSSJoin { - BOOL bPSEnable; - BOOL bShareKeyAuth; - --} SCmdBSSJoin, *PSCmdBSSJoin; -+} __packed SCmdBSSJoin, *PSCmdBSSJoin; - - // - // Zonetype Setting -@@ -137,7 +136,7 @@ typedef struct tagSCmdZoneTypeSet { - BOOL bWrite; - WZONETYPE ZoneType; - --} SCmdZoneTypeSet, *PSCmdZoneTypeSet; -+} __packed SCmdZoneTypeSet, *PSCmdZoneTypeSet; - - typedef struct tagSWPAResult { - char ifname[100]; -@@ -145,7 +144,7 @@ typedef struct tagSWPAResult { - u8 key_mgmt; - u8 eap_type; - BOOL authenticated; --} SWPAResult, *PSWPAResult; -+} __packed SWPAResult, *PSWPAResult; - - typedef struct tagSCmdStartAP { - -@@ -157,7 +156,7 @@ typedef struct tagSCmdStartAP { - BOOL bShareKeyAuth; - u8 byBasicRate; - --} SCmdStartAP, *PSCmdStartAP; -+} __packed SCmdStartAP, *PSCmdStartAP; - - typedef struct tagSCmdSetWEP { - -@@ -167,7 +166,7 @@ typedef struct tagSCmdSetWEP { - BOOL bWepKeyAvailable[WEP_NKEYS]; - u32 auWepKeyLength[WEP_NKEYS]; - --} SCmdSetWEP, *PSCmdSetWEP; -+} __packed SCmdSetWEP, *PSCmdSetWEP; - - typedef struct tagSBSSIDItem { - -@@ -180,14 +179,14 @@ typedef struct tagSBSSIDItem { - BOOL bWEPOn; - u32 uRSSI; - --} SBSSIDItem; -+} __packed SBSSIDItem; - - - typedef struct tagSBSSIDList { - - u32 uItem; - SBSSIDItem sBSSIDList[0]; --} SBSSIDList, *PSBSSIDList; -+} __packed SBSSIDList, *PSBSSIDList; - - - typedef struct tagSNodeItem { -@@ -208,7 +207,7 @@ typedef struct tagSNodeItem { - u32 uTxAttempts; - u16 wFailureRatio; - --} SNodeItem; -+} __packed SNodeItem; - - - typedef struct tagSNodeList { -@@ -216,7 +215,7 @@ typedef struct tagSNodeList { - u32 uItem; - SNodeItem sNodeList[0]; - --} SNodeList, *PSNodeList; -+} __packed SNodeList, *PSNodeList; - - - typedef struct tagSCmdLinkStatus { -@@ -229,7 +228,7 @@ typedef struct tagSCmdLinkStatus { - u32 uChannel; - u32 uLinkRate; - --} SCmdLinkStatus, *PSCmdLinkStatus; -+} __packed SCmdLinkStatus, *PSCmdLinkStatus; - - // - // 802.11 counter -@@ -247,7 +246,7 @@ typedef struct tagSDot11MIBCount { - u32 ReceivedFragmentCount; - u32 MulticastReceivedFrameCount; - u32 FCSErrorCount; --} SDot11MIBCount, *PSDot11MIBCount; -+} __packed SDot11MIBCount, *PSDot11MIBCount; - - - -@@ -355,13 +354,13 @@ typedef struct tagSStatMIBCount { - u32 ullTxBroadcastBytes[2]; - u32 ullTxMulticastBytes[2]; - u32 ullTxDirectedBytes[2]; --} SStatMIBCount, *PSStatMIBCount; -+} __packed SStatMIBCount, *PSStatMIBCount; - - typedef struct tagSCmdValue { - - u32 dwValue; - --} SCmdValue, *PSCmdValue; -+} __packed SCmdValue, *PSCmdValue; - - // - // hostapd & viawget ioctl related -@@ -431,7 +430,7 @@ struct viawget_hostapd_param { - u8 ssid[32]; - } scan_req; - } u; --}; -+} __packed; - - /*--------------------- Export Classes ----------------------------*/ - -diff --git a/drivers/staging/vt6656/iowpa.h b/drivers/staging/vt6656/iowpa.h -index 959c886..2522dde 100644 ---- a/drivers/staging/vt6656/iowpa.h -+++ b/drivers/staging/vt6656/iowpa.h -@@ -67,12 +67,11 @@ enum { - - - --#pragma pack(1) - typedef struct viawget_wpa_header { - u8 type; - u16 req_ie_len; - u16 resp_ie_len; --} viawget_wpa_header; -+} __packed viawget_wpa_header; - - struct viawget_wpa_param { - u32 cmd; -@@ -113,9 +112,8 @@ struct viawget_wpa_param { - u8 *buf; - } scan_results; - } u; --}; -+} __packed; - --#pragma pack(1) - struct viawget_scan_result { - u8 bssid[6]; - u8 ssid[32]; -@@ -130,7 +128,7 @@ struct viawget_scan_result { - int noise; - int level; - int maxrate; --}; -+} __packed; - - /*--------------------- Export Classes ----------------------------*/ - -diff --git a/drivers/staging/vt6656/key.c b/drivers/staging/vt6656/key.c -index ee62a06..ba3a561 100644 ---- a/drivers/staging/vt6656/key.c -+++ b/drivers/staging/vt6656/key.c -@@ -223,7 +223,7 @@ BOOL KeybSetKey( - PSKeyManagement pTable, - PBYTE pbyBSSID, - DWORD dwKeyIndex, -- unsigned long uKeyLength, -+ u32 uKeyLength, - PQWORD pKeyRSC, - PBYTE pbyKey, - BYTE byKeyDecMode -@@ -235,7 +235,8 @@ BOOL KeybSetKey( - PSKeyItem pKey; - unsigned int uKeyIdx; - -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Enter KeybSetKey: %lX\n", dwKeyIndex); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO -+ "Enter KeybSetKey: %X\n", dwKeyIndex); - - j = (MAX_KEY_TABLE-1); - for (i=0;i<(MAX_KEY_TABLE-1);i++) { -@@ -261,7 +262,9 @@ BOOL KeybSetKey( - if ((dwKeyIndex & TRANSMIT_KEY) != 0) { - // Group transmit key - pTable->KeyTable[i].dwGTKeyIndex = dwKeyIndex; -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Group transmit key(R)[%lX]: %d\n", pTable->KeyTable[i].dwGTKeyIndex, i); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO -+ "Group transmit key(R)[%X]: %d\n", -+ pTable->KeyTable[i].dwGTKeyIndex, i); - } - pTable->KeyTable[i].wKeyCtl &= 0xFF0F; // clear group key control filed - pTable->KeyTable[i].wKeyCtl |= (byKeyDecMode << 4); -@@ -302,9 +305,12 @@ BOOL KeybSetKey( - } - DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\n"); - -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey->dwTSC47_16: %lx\n ", pKey->dwTSC47_16); -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey->wTSC15_0: %x\n ", pKey->wTSC15_0); -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey->dwKeyIndex: %lx\n ", pKey->dwKeyIndex); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey->dwTSC47_16: %x\n ", -+ pKey->dwTSC47_16); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey->wTSC15_0: %x\n ", -+ pKey->wTSC15_0); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey->dwKeyIndex: %x\n ", -+ pKey->dwKeyIndex); - - return (TRUE); - } -@@ -326,7 +332,9 @@ BOOL KeybSetKey( - if ((dwKeyIndex & TRANSMIT_KEY) != 0) { - // Group transmit key - pTable->KeyTable[j].dwGTKeyIndex = dwKeyIndex; -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Group transmit key(N)[%lX]: %d\n", pTable->KeyTable[j].dwGTKeyIndex, j); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO -+ "Group transmit key(N)[%X]: %d\n", -+ pTable->KeyTable[j].dwGTKeyIndex, j); - } - pTable->KeyTable[j].wKeyCtl &= 0xFF0F; // clear group key control filed - pTable->KeyTable[j].wKeyCtl |= (byKeyDecMode << 4); -@@ -367,9 +375,11 @@ BOOL KeybSetKey( - } - DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\n"); - -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey->dwTSC47_16: %lx\n ", pKey->dwTSC47_16); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey->dwTSC47_16: %x\n ", -+ pKey->dwTSC47_16); - DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey->wTSC15_0: %x\n ", pKey->wTSC15_0); -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey->dwKeyIndex: %lx\n ", pKey->dwKeyIndex); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey->dwKeyIndex: %x\n ", -+ pKey->dwKeyIndex); - - return (TRUE); - } -@@ -597,7 +607,8 @@ BOOL KeybGetTransmitKey(PSKeyManagement pTable, PBYTE pbyBSSID, DWORD dwKeyType, - DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"%x ", pTable->KeyTable[i].abyBSSID[ii]); - } - DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\n"); -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"dwGTKeyIndex: %lX\n", pTable->KeyTable[i].dwGTKeyIndex); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"dwGTKeyIndex: %X\n", -+ pTable->KeyTable[i].dwGTKeyIndex); - - return (TRUE); - } -@@ -664,7 +675,7 @@ BOOL KeybSetDefaultKey( - void *pDeviceHandler, - PSKeyManagement pTable, - DWORD dwKeyIndex, -- unsigned long uKeyLength, -+ u32 uKeyLength, - PQWORD pKeyRSC, - PBYTE pbyKey, - BYTE byKeyDecMode -@@ -696,7 +707,10 @@ BOOL KeybSetDefaultKey( - if ((dwKeyIndex & TRANSMIT_KEY) != 0) { - // Group transmit key - pTable->KeyTable[MAX_KEY_TABLE-1].dwGTKeyIndex = dwKeyIndex; -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Group transmit key(R)[%lX]: %d\n", pTable->KeyTable[MAX_KEY_TABLE-1].dwGTKeyIndex, MAX_KEY_TABLE-1); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO -+ "Group transmit key(R)[%X]: %d\n", -+ pTable->KeyTable[MAX_KEY_TABLE-1].dwGTKeyIndex, -+ MAX_KEY_TABLE-1); - - } - pTable->KeyTable[MAX_KEY_TABLE-1].wKeyCtl &= 0x7F00; // clear all key control filed -@@ -747,9 +761,11 @@ BOOL KeybSetDefaultKey( - } - DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"\n"); - -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey->dwTSC47_16: %lx\n", pKey->dwTSC47_16); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey->dwTSC47_16: %x\n", -+ pKey->dwTSC47_16); - DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey->wTSC15_0: %x\n", pKey->wTSC15_0); -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey->dwKeyIndex: %lx\n", pKey->dwKeyIndex); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"pKey->dwKeyIndex: %x\n", -+ pKey->dwKeyIndex); - - return (TRUE); - } -@@ -775,7 +791,7 @@ BOOL KeybSetAllGroupKey( - void *pDeviceHandler, - PSKeyManagement pTable, - DWORD dwKeyIndex, -- unsigned long uKeyLength, -+ u32 uKeyLength, - PQWORD pKeyRSC, - PBYTE pbyKey, - BYTE byKeyDecMode -@@ -787,7 +803,8 @@ BOOL KeybSetAllGroupKey( - PSKeyItem pKey; - unsigned int uKeyIdx; - -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Enter KeybSetAllGroupKey: %lX\n", dwKeyIndex); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Enter KeybSetAllGroupKey: %X\n", -+ dwKeyIndex); - - - if ((dwKeyIndex & PAIRWISE_KEY) != 0) { // Pairwise key -@@ -804,7 +821,9 @@ BOOL KeybSetAllGroupKey( - if ((dwKeyIndex & TRANSMIT_KEY) != 0) { - // Group transmit key - pTable->KeyTable[i].dwGTKeyIndex = dwKeyIndex; -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Group transmit key(R)[%lX]: %d\n", pTable->KeyTable[i].dwGTKeyIndex, i); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO -+ "Group transmit key(R)[%X]: %d\n", -+ pTable->KeyTable[i].dwGTKeyIndex, i); - - } - pTable->KeyTable[i].wKeyCtl &= 0xFF0F; // clear group key control filed -diff --git a/drivers/staging/vt6656/key.h b/drivers/staging/vt6656/key.h -index f749c7a..bd35d39 100644 ---- a/drivers/staging/vt6656/key.h -+++ b/drivers/staging/vt6656/key.h -@@ -58,7 +58,7 @@ - typedef struct tagSKeyItem - { - BOOL bKeyValid; -- unsigned long uKeyLength; -+ u32 uKeyLength; - BYTE abyKey[MAX_KEY_LEN]; - QWORD KeyRSC; - DWORD dwTSC47_16; -@@ -107,7 +107,7 @@ BOOL KeybSetKey( - PSKeyManagement pTable, - PBYTE pbyBSSID, - DWORD dwKeyIndex, -- unsigned long uKeyLength, -+ u32 uKeyLength, - PQWORD pKeyRSC, - PBYTE pbyKey, - BYTE byKeyDecMode -@@ -146,7 +146,7 @@ BOOL KeybSetDefaultKey( - void *pDeviceHandler, - PSKeyManagement pTable, - DWORD dwKeyIndex, -- unsigned long uKeyLength, -+ u32 uKeyLength, - PQWORD pKeyRSC, - PBYTE pbyKey, - BYTE byKeyDecMode -@@ -156,7 +156,7 @@ BOOL KeybSetAllGroupKey( - void *pDeviceHandler, - PSKeyManagement pTable, - DWORD dwKeyIndex, -- unsigned long uKeyLength, -+ u32 uKeyLength, - PQWORD pKeyRSC, - PBYTE pbyKey, - BYTE byKeyDecMode -diff --git a/drivers/staging/vt6656/mac.c b/drivers/staging/vt6656/mac.c -index af4a29d..8fddc7b 100644 ---- a/drivers/staging/vt6656/mac.c -+++ b/drivers/staging/vt6656/mac.c -@@ -260,7 +260,8 @@ BYTE pbyData[24]; - dwData1 <<= 16; - dwData1 |= MAKEWORD(*(pbyAddr+4), *(pbyAddr+5)); - -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"1. wOffset: %d, Data: %lX, KeyCtl:%X\n", wOffset, dwData1, wKeyCtl); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"1. wOffset: %d, Data: %X,"\ -+ " KeyCtl:%X\n", wOffset, dwData1, wKeyCtl); - - //VNSvOutPortW(dwIoBase + MAC_REG_MISCFFNDEX, wOffset); - //VNSvOutPortD(dwIoBase + MAC_REG_MISCFFDATA, dwData); -@@ -277,7 +278,8 @@ BYTE pbyData[24]; - dwData2 <<= 8; - dwData2 |= *(pbyAddr+0); - -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"2. wOffset: %d, Data: %lX\n", wOffset, dwData2); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"2. wOffset: %d, Data: %X\n", -+ wOffset, dwData2); - - //VNSvOutPortW(dwIoBase + MAC_REG_MISCFFNDEX, wOffset); - //VNSvOutPortD(dwIoBase + MAC_REG_MISCFFDATA, dwData); -diff --git a/drivers/staging/vt6656/rf.c b/drivers/staging/vt6656/rf.c -index 3fd0478..8cf0881 100644 ---- a/drivers/staging/vt6656/rf.c -+++ b/drivers/staging/vt6656/rf.c -@@ -769,6 +769,9 @@ BYTE byPwr = pDevice->byCCKPwr; - return TRUE; - } - -+ if (uCH == 0) -+ return -EINVAL; -+ - switch (uRATE) { - case RATE_1M: - case RATE_2M: -diff --git a/drivers/staging/vt6656/rxtx.c b/drivers/staging/vt6656/rxtx.c -index b6e04e7..7a56929 100644 ---- a/drivers/staging/vt6656/rxtx.c -+++ b/drivers/staging/vt6656/rxtx.c -@@ -375,7 +375,8 @@ s_vFillTxKey ( - *(pbyIVHead+3) = (BYTE)(((pDevice->byKeyIndex << 6) & 0xc0) | 0x20); // 0x20 is ExtIV - // Append IV&ExtIV after Mac Header - *pdwExtIV = cpu_to_le32(pTransmitKey->dwTSC47_16); -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"vFillTxKey()---- pdwExtIV: %lx\n", *pdwExtIV); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"vFillTxKey()---- pdwExtIV: %x\n", -+ *pdwExtIV); - - } else if (pTransmitKey->byCipherSuite == KEY_CTL_CCMP) { - pTransmitKey->wTSC15_0++; -@@ -1751,7 +1752,8 @@ s_bPacketToWirelessUsb( - MIC_vAppend((PBYTE)&(psEthHeader->abyDstAddr[0]), 12); - dwMIC_Priority = 0; - MIC_vAppend((PBYTE)&dwMIC_Priority, 4); -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC KEY: %lX, %lX\n", dwMICKey0, dwMICKey1); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC KEY: %X, %X\n", -+ dwMICKey0, dwMICKey1); - - /////////////////////////////////////////////////////////////////// - -@@ -2633,7 +2635,8 @@ vDMA0_tx_80211(PSDevice pDevice, struct sk_buff *skb) { - MIC_vAppend((PBYTE)&(sEthHeader.abyDstAddr[0]), 12); - dwMIC_Priority = 0; - MIC_vAppend((PBYTE)&dwMIC_Priority, 4); -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"DMA0_tx_8021:MIC KEY: %lX, %lX\n", dwMICKey0, dwMICKey1); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"DMA0_tx_8021:MIC KEY:"\ -+ " %X, %X\n", dwMICKey0, dwMICKey1); - - uLength = cbHeaderSize + cbMacHdLen + uPadding + cbIVlen; - -@@ -2653,7 +2656,8 @@ vDMA0_tx_80211(PSDevice pDevice, struct sk_buff *skb) { - - DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"uLength: %d, %d\n", uLength, cbFrameBodySize); - DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"cbReqCount:%d, %d, %d, %d\n", cbReqCount, cbHeaderSize, uPadding, cbIVlen); -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC:%lx, %lx\n", *pdwMIC_L, *pdwMIC_R); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"MIC:%x, %x\n", -+ *pdwMIC_L, *pdwMIC_R); - - } - -@@ -3027,7 +3031,8 @@ int nsDMA_tx_packet(PSDevice pDevice, unsigned int uDMAIdx, struct sk_buff *skb) - DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"error: KEY is GTK!!~~\n"); - } - else { -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Find PTK [%lX]\n", pTransmitKey->dwKeyIndex); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Find PTK [%X]\n", -+ pTransmitKey->dwKeyIndex); - bNeedEncryption = TRUE; - } - } -@@ -3041,7 +3046,8 @@ int nsDMA_tx_packet(PSDevice pDevice, unsigned int uDMAIdx, struct sk_buff *skb) - if (pDevice->bEnableHostWEP) { - if ((uNodeIndex != 0) && - (pMgmt->sNodeDBTable[uNodeIndex].dwKeyIndex & PAIRWISE_KEY)) { -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Find PTK [%lX]\n", pTransmitKey->dwKeyIndex); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"Find PTK [%X]\n", -+ pTransmitKey->dwKeyIndex); - bNeedEncryption = TRUE; - } - } -diff --git a/drivers/staging/vt6656/ttype.h b/drivers/staging/vt6656/ttype.h -index 8e9450e..dfbf747 100644 ---- a/drivers/staging/vt6656/ttype.h -+++ b/drivers/staging/vt6656/ttype.h -@@ -29,6 +29,8 @@ - #ifndef __TTYPE_H__ - #define __TTYPE_H__ - -+#include <linux/types.h> -+ - /******* Common definitions and typedefs ***********************************/ - - typedef int BOOL; -@@ -42,17 +44,17 @@ typedef int BOOL; - - /****** Simple typedefs ***************************************************/ - --typedef unsigned char BYTE; // 8-bit --typedef unsigned short WORD; // 16-bit --typedef unsigned long DWORD; // 32-bit -+typedef u8 BYTE; -+typedef u16 WORD; -+typedef u32 DWORD; - - // QWORD is for those situation that we want - // an 8-byte-aligned 8 byte long structure - // which is NOT really a floating point number. - typedef union tagUQuadWord { - struct { -- DWORD dwLowDword; -- DWORD dwHighDword; -+ u32 dwLowDword; -+ u32 dwHighDword; - } u; - double DoNotUseThisField; - } UQuadWord; -@@ -60,8 +62,8 @@ typedef UQuadWord QWORD; // 64-bit - - /****** Common pointer types ***********************************************/ - --typedef unsigned long ULONG_PTR; // 32-bit --typedef unsigned long DWORD_PTR; // 32-bit -+typedef u32 ULONG_PTR; -+typedef u32 DWORD_PTR; - - // boolean pointer - -diff --git a/drivers/staging/vt6656/usbpipe.c b/drivers/staging/vt6656/usbpipe.c -index 609e8fa..e962eae 100644 ---- a/drivers/staging/vt6656/usbpipe.c -+++ b/drivers/staging/vt6656/usbpipe.c -@@ -165,6 +165,11 @@ int PIPEnsControlOut( - if (pDevice->Flags & fMP_CONTROL_WRITES) - return STATUS_FAILURE; - -+ if (pDevice->Flags & fMP_CONTROL_READS) -+ return STATUS_FAILURE; -+ -+ MP_SET_FLAG(pDevice, fMP_CONTROL_WRITES); -+ - pDevice->sUsbCtlRequest.bRequestType = 0x40; - pDevice->sUsbCtlRequest.bRequest = byRequest; - pDevice->sUsbCtlRequest.wValue = cpu_to_le16p(&wValue); -@@ -179,12 +184,13 @@ int PIPEnsControlOut( - - ntStatus = usb_submit_urb(pDevice->pControlURB, GFP_ATOMIC); - if (ntStatus != 0) { -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"control send request submission failed: %d\n", ntStatus); -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO -+ "control send request submission failed: %d\n", -+ ntStatus); -+ MP_CLEAR_FLAG(pDevice, fMP_CONTROL_WRITES); - return STATUS_FAILURE; - } -- else { -- MP_SET_FLAG(pDevice, fMP_CONTROL_WRITES); -- } -+ - spin_unlock_irq(&pDevice->lock); - for (ii = 0; ii <= USB_CTL_WAIT; ii ++) { - -@@ -224,6 +230,11 @@ int PIPEnsControlIn( - if (pDevice->Flags & fMP_CONTROL_READS) - return STATUS_FAILURE; - -+ if (pDevice->Flags & fMP_CONTROL_WRITES) -+ return STATUS_FAILURE; -+ -+ MP_SET_FLAG(pDevice, fMP_CONTROL_READS); -+ - pDevice->sUsbCtlRequest.bRequestType = 0xC0; - pDevice->sUsbCtlRequest.bRequest = byRequest; - pDevice->sUsbCtlRequest.wValue = cpu_to_le16p(&wValue); -@@ -237,10 +248,11 @@ int PIPEnsControlIn( - - ntStatus = usb_submit_urb(pDevice->pControlURB, GFP_ATOMIC); - if (ntStatus != 0) { -- DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO"control request submission failed: %d\n", ntStatus); -- }else { -- MP_SET_FLAG(pDevice, fMP_CONTROL_READS); -- } -+ DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO -+ "control request submission failed: %d\n", ntStatus); -+ MP_CLEAR_FLAG(pDevice, fMP_CONTROL_READS); -+ return STATUS_FAILURE; -+ } - - spin_unlock_irq(&pDevice->lock); - for (ii = 0; ii <= USB_CTL_WAIT; ii ++) { -diff --git a/drivers/staging/vt6656/wcmd.c b/drivers/staging/vt6656/wcmd.c -index 9d2caa8..2225b9e 100644 ---- a/drivers/staging/vt6656/wcmd.c -+++ b/drivers/staging/vt6656/wcmd.c -@@ -316,17 +316,19 @@ s_MgrMakeProbeRequest( - return pTxPacket; - } - --void vCommandTimerWait(void *hDeviceContext, unsigned int MSecond) -+void vCommandTimerWait(void *hDeviceContext, unsigned long MSecond) - { -- PSDevice pDevice = (PSDevice)hDeviceContext; -+ PSDevice pDevice = (PSDevice)hDeviceContext; - -- init_timer(&pDevice->sTimerCommand); -- pDevice->sTimerCommand.data = (unsigned long)pDevice; -- pDevice->sTimerCommand.function = (TimerFunction)vRunCommand; -- // RUN_AT :1 msec ~= (HZ/1024) -- pDevice->sTimerCommand.expires = (unsigned int)RUN_AT((MSecond * HZ) >> 10); -- add_timer(&pDevice->sTimerCommand); -- return; -+ init_timer(&pDevice->sTimerCommand); -+ -+ pDevice->sTimerCommand.data = (unsigned long)pDevice; -+ pDevice->sTimerCommand.function = (TimerFunction)vRunCommand; -+ pDevice->sTimerCommand.expires = RUN_AT((MSecond * HZ) / 1000); -+ -+ add_timer(&pDevice->sTimerCommand); -+ -+ return; - } - - void vRunCommand(void *hDeviceContext) -diff --git a/drivers/staging/vt6656/wpa2.h b/drivers/staging/vt6656/wpa2.h -index 46c2959..c359252 100644 ---- a/drivers/staging/vt6656/wpa2.h -+++ b/drivers/staging/vt6656/wpa2.h -@@ -45,8 +45,8 @@ typedef struct tagsPMKIDInfo { - } PMKIDInfo, *PPMKIDInfo; - - typedef struct tagSPMKIDCache { -- unsigned long BSSIDInfoCount; -- PMKIDInfo BSSIDInfo[MAX_PMKID_CACHE]; -+ u32 BSSIDInfoCount; -+ PMKIDInfo BSSIDInfo[MAX_PMKID_CACHE]; - } SPMKIDCache, *PSPMKIDCache; - - -diff --git a/drivers/staging/wlan-ng/prism2mgmt.c b/drivers/staging/wlan-ng/prism2mgmt.c -index 4efa9bc..89bfd85 100644 ---- a/drivers/staging/wlan-ng/prism2mgmt.c -+++ b/drivers/staging/wlan-ng/prism2mgmt.c -@@ -406,7 +406,7 @@ int prism2mgmt_scan_results(wlandevice_t *wlandev, void *msgp) - /* SSID */ - req->ssid.status = P80211ENUM_msgitem_status_data_ok; - req->ssid.data.len = le16_to_cpu(item->ssid.len); -- req->ssid.data.len = min_t(u16, req->ssid.data.len, WLAN_BSSID_LEN); -+ req->ssid.data.len = min_t(u16, req->ssid.data.len, WLAN_SSID_MAXLEN); - memcpy(req->ssid.data.data, item->ssid.data, req->ssid.data.len); - - /* supported rates */ -diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_target.c -index 6b6f50a..5bafd2d 100644 ---- a/drivers/target/iscsi/iscsi_target.c -+++ b/drivers/target/iscsi/iscsi_target.c -@@ -2384,7 +2384,7 @@ static void iscsit_build_conn_drop_async_message(struct iscsi_conn *conn) - if (!conn_p) - return; - -- cmd = iscsit_allocate_cmd(conn_p, GFP_KERNEL); -+ cmd = iscsit_allocate_cmd(conn_p, GFP_ATOMIC); - if (!cmd) { - iscsit_dec_conn_usage_count(conn_p); - return; -diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c -index 68d4c10..7f9136e 100644 ---- a/drivers/target/target_core_device.c -+++ b/drivers/target/target_core_device.c -@@ -1193,6 +1193,8 @@ int se_dev_set_queue_depth(struct se_device *dev, u32 queue_depth) - - int se_dev_set_fabric_max_sectors(struct se_device *dev, u32 fabric_max_sectors) - { -+ int block_size = dev->se_sub_dev->se_dev_attrib.block_size; -+ - if (atomic_read(&dev->dev_export_obj.obj_access_count)) { - pr_err("dev[%p]: Unable to change SE Device" - " fabric_max_sectors while dev_export_obj: %d count exists\n", -@@ -1230,8 +1232,12 @@ int se_dev_set_fabric_max_sectors(struct se_device *dev, u32 fabric_max_sectors) - /* - * Align max_sectors down to PAGE_SIZE to follow transport_allocate_data_tasks() - */ -+ if (!block_size) { -+ block_size = 512; -+ pr_warn("Defaulting to 512 for zero block_size\n"); -+ } - fabric_max_sectors = se_dev_align_max_sectors(fabric_max_sectors, -- dev->se_sub_dev->se_dev_attrib.block_size); -+ block_size); - - dev->se_sub_dev->se_dev_attrib.fabric_max_sectors = fabric_max_sectors; - pr_debug("dev[%p]: SE Device max_sectors changed to %u\n", -@@ -1434,24 +1440,18 @@ static struct se_lun *core_dev_get_lun(struct se_portal_group *tpg, u32 unpacked - - struct se_lun_acl *core_dev_init_initiator_node_lun_acl( - struct se_portal_group *tpg, -+ struct se_node_acl *nacl, - u32 mapped_lun, -- char *initiatorname, - int *ret) - { - struct se_lun_acl *lacl; -- struct se_node_acl *nacl; - -- if (strlen(initiatorname) >= TRANSPORT_IQN_LEN) { -+ if (strlen(nacl->initiatorname) >= TRANSPORT_IQN_LEN) { - pr_err("%s InitiatorName exceeds maximum size.\n", - tpg->se_tpg_tfo->get_fabric_name()); - *ret = -EOVERFLOW; - return NULL; - } -- nacl = core_tpg_get_initiator_node_acl(tpg, initiatorname); -- if (!nacl) { -- *ret = -EINVAL; -- return NULL; -- } - lacl = kzalloc(sizeof(struct se_lun_acl), GFP_KERNEL); - if (!lacl) { - pr_err("Unable to allocate memory for struct se_lun_acl.\n"); -@@ -1462,7 +1462,8 @@ struct se_lun_acl *core_dev_init_initiator_node_lun_acl( - INIT_LIST_HEAD(&lacl->lacl_list); - lacl->mapped_lun = mapped_lun; - lacl->se_lun_nacl = nacl; -- snprintf(lacl->initiatorname, TRANSPORT_IQN_LEN, "%s", initiatorname); -+ snprintf(lacl->initiatorname, TRANSPORT_IQN_LEN, "%s", -+ nacl->initiatorname); - - return lacl; - } -@@ -1622,6 +1623,7 @@ int core_dev_setup_virtual_lun0(void) - ret = PTR_ERR(dev); - goto out; - } -+ dev->dev_link_magic = SE_DEV_LINK_MAGIC; - se_dev->se_dev_ptr = dev; - g_lun0_dev = dev; - -diff --git a/drivers/target/target_core_fabric_configfs.c b/drivers/target/target_core_fabric_configfs.c -index ea479e5..f06b130 100644 ---- a/drivers/target/target_core_fabric_configfs.c -+++ b/drivers/target/target_core_fabric_configfs.c -@@ -72,6 +72,12 @@ static int target_fabric_mappedlun_link( - struct se_portal_group *se_tpg; - struct config_item *nacl_ci, *tpg_ci, *tpg_ci_s, *wwn_ci, *wwn_ci_s; - int ret = 0, lun_access; -+ -+ if (lun->lun_link_magic != SE_LUN_LINK_MAGIC) { -+ pr_err("Bad lun->lun_link_magic, not a valid lun_ci pointer:" -+ " %p to struct lun: %p\n", lun_ci, lun); -+ return -EFAULT; -+ } - /* - * Ensure that the source port exists - */ -@@ -350,9 +356,17 @@ static struct config_group *target_fabric_make_mappedlun( - ret = -EINVAL; - goto out; - } -+ if (mapped_lun > (TRANSPORT_MAX_LUNS_PER_TPG-1)) { -+ pr_err("Mapped LUN: %lu exceeds TRANSPORT_MAX_LUNS_PER_TPG" -+ "-1: %u for Target Portal Group: %u\n", mapped_lun, -+ TRANSPORT_MAX_LUNS_PER_TPG-1, -+ se_tpg->se_tpg_tfo->tpg_get_tag(se_tpg)); -+ ret = -EINVAL; -+ goto out; -+ } - -- lacl = core_dev_init_initiator_node_lun_acl(se_tpg, mapped_lun, -- config_item_name(acl_ci), &ret); -+ lacl = core_dev_init_initiator_node_lun_acl(se_tpg, se_nacl, -+ mapped_lun, &ret); - if (!lacl) { - ret = -EINVAL; - goto out; -@@ -763,6 +777,11 @@ static int target_fabric_port_link( - ret = -ENODEV; - goto out; - } -+ if (dev->dev_link_magic != SE_DEV_LINK_MAGIC) { -+ pr_err("Bad dev->dev_link_magic, not a valid se_dev_ci pointer:" -+ " %p to struct se_device: %p\n", se_dev_ci, dev); -+ return -EFAULT; -+ } - - lun_p = core_dev_add_lun(se_tpg, dev, lun->unpacked_lun); - if (IS_ERR(lun_p)) { -diff --git a/drivers/target/target_core_internal.h b/drivers/target/target_core_internal.h -index 0fd4282..e102488 100644 ---- a/drivers/target/target_core_internal.h -+++ b/drivers/target/target_core_internal.h -@@ -51,7 +51,7 @@ struct se_lun *core_dev_add_lun(struct se_portal_group *, struct se_device *, u3 - int core_dev_del_lun(struct se_portal_group *, u32); - struct se_lun *core_get_lun_from_tpg(struct se_portal_group *, u32); - struct se_lun_acl *core_dev_init_initiator_node_lun_acl(struct se_portal_group *, -- u32, char *, int *); -+ struct se_node_acl *, u32, int *); - int core_dev_add_initiator_node_lun_acl(struct se_portal_group *, - struct se_lun_acl *, u32, u32); - int core_dev_del_initiator_node_lun_acl(struct se_portal_group *, -diff --git a/drivers/target/target_core_tpg.c b/drivers/target/target_core_tpg.c -index b8628a5..ee5000c 100644 ---- a/drivers/target/target_core_tpg.c -+++ b/drivers/target/target_core_tpg.c -@@ -114,16 +114,10 @@ struct se_node_acl *core_tpg_get_initiator_node_acl( - struct se_node_acl *acl; - - spin_lock_irq(&tpg->acl_node_lock); -- list_for_each_entry(acl, &tpg->acl_node_list, acl_list) { -- if (!strcmp(acl->initiatorname, initiatorname) && -- !acl->dynamic_node_acl) { -- spin_unlock_irq(&tpg->acl_node_lock); -- return acl; -- } -- } -+ acl = __core_tpg_get_initiator_node_acl(tpg, initiatorname); - spin_unlock_irq(&tpg->acl_node_lock); - -- return NULL; -+ return acl; - } - - /* core_tpg_add_node_to_devs(): -@@ -672,6 +666,7 @@ int core_tpg_register( - for (i = 0; i < TRANSPORT_MAX_LUNS_PER_TPG; i++) { - lun = se_tpg->tpg_lun_list[i]; - lun->unpacked_lun = i; -+ lun->lun_link_magic = SE_LUN_LINK_MAGIC; - lun->lun_status = TRANSPORT_LUN_STATUS_FREE; - atomic_set(&lun->lun_acl_count, 0); - init_completion(&lun->lun_shutdown_comp); -diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index c87ef74..65e6320 100644 ---- a/drivers/target/target_core_transport.c -+++ b/drivers/target/target_core_transport.c -@@ -1085,6 +1085,7 @@ struct se_device *transport_add_device_to_core_hba( - dev->se_hba = hba; - dev->se_sub_dev = se_dev; - dev->transport = transport; -+ dev->dev_link_magic = SE_DEV_LINK_MAGIC; - INIT_LIST_HEAD(&dev->dev_list); - INIT_LIST_HEAD(&dev->dev_sep_list); - INIT_LIST_HEAD(&dev->dev_tmr_list); -@@ -1553,6 +1554,8 @@ static void target_complete_tmr_failure(struct work_struct *work) - - se_cmd->se_tmr_req->response = TMR_LUN_DOES_NOT_EXIST; - se_cmd->se_tfo->queue_tm_rsp(se_cmd); -+ -+ transport_cmd_check_stop_to_fabric(se_cmd); - } - - /** -diff --git a/drivers/target/tcm_fc/tfc_sess.c b/drivers/target/tcm_fc/tfc_sess.c -index 3c9e5b5..230d8ec 100644 ---- a/drivers/target/tcm_fc/tfc_sess.c -+++ b/drivers/target/tcm_fc/tfc_sess.c -@@ -356,11 +356,11 @@ static int ft_prli_locked(struct fc_rport_priv *rdata, u32 spp_len, - - tport = ft_tport_create(rdata->local_port); - if (!tport) -- return 0; /* not a target for this local port */ -+ goto not_target; /* not a target for this local port */ - - acl = ft_acl_get(tport->tpg, rdata); - if (!acl) -- return 0; -+ goto not_target; /* no target for this remote */ - - if (!rspp) - goto fill; -@@ -397,12 +397,18 @@ static int ft_prli_locked(struct fc_rport_priv *rdata, u32 spp_len, - - /* - * OR in our service parameters with other provider (initiator), if any. -- * TBD XXX - indicate RETRY capability? - */ - fill: - fcp_parm = ntohl(spp->spp_params); -+ fcp_parm &= ~FCP_SPPF_RETRY; - spp->spp_params = htonl(fcp_parm | FCP_SPPF_TARG_FCN); - return FC_SPP_RESP_ACK; -+ -+not_target: -+ fcp_parm = ntohl(spp->spp_params); -+ fcp_parm &= ~FCP_SPPF_TARG_FCN; -+ spp->spp_params = htonl(fcp_parm); -+ return 0; - } - - /** -@@ -431,7 +437,6 @@ static void ft_sess_rcu_free(struct rcu_head *rcu) - { - struct ft_sess *sess = container_of(rcu, struct ft_sess, rcu); - -- transport_deregister_session(sess->se_sess); - kfree(sess); - } - -@@ -439,6 +444,7 @@ static void ft_sess_free(struct kref *kref) - { - struct ft_sess *sess = container_of(kref, struct ft_sess, kref); - -+ transport_deregister_session(sess->se_sess); - call_rcu(&sess->rcu, ft_sess_rcu_free); - } - -diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c -index 90dff82..4a418e4 100644 ---- a/drivers/tty/n_gsm.c -+++ b/drivers/tty/n_gsm.c -@@ -1692,6 +1692,8 @@ static inline void dlci_put(struct gsm_dlci *dlci) - kref_put(&dlci->ref, gsm_dlci_free); - } - -+static void gsm_destroy_network(struct gsm_dlci *dlci); -+ - /** - * gsm_dlci_release - release DLCI - * @dlci: DLCI to destroy -@@ -1705,9 +1707,19 @@ static void gsm_dlci_release(struct gsm_dlci *dlci) - { - struct tty_struct *tty = tty_port_tty_get(&dlci->port); - if (tty) { -+ mutex_lock(&dlci->mutex); -+ gsm_destroy_network(dlci); -+ mutex_unlock(&dlci->mutex); -+ -+ /* tty_vhangup needs the tty_lock, so unlock and -+ relock after doing the hangup. */ -+ tty_unlock(); - tty_vhangup(tty); -+ tty_lock(); -+ tty_port_tty_set(&dlci->port, NULL); - tty_kref_put(tty); - } -+ dlci->state = DLCI_CLOSED; - dlci_put(dlci); - } - -@@ -2933,6 +2945,8 @@ static void gsmtty_close(struct tty_struct *tty, struct file *filp) - - if (dlci == NULL) - return; -+ if (dlci->state == DLCI_CLOSED) -+ return; - mutex_lock(&dlci->mutex); - gsm_destroy_network(dlci); - mutex_unlock(&dlci->mutex); -@@ -2951,6 +2965,8 @@ out: - static void gsmtty_hangup(struct tty_struct *tty) - { - struct gsm_dlci *dlci = tty->driver_data; -+ if (dlci->state == DLCI_CLOSED) -+ return; - tty_port_hangup(&dlci->port); - gsm_dlci_begin_close(dlci); - } -@@ -2958,9 +2974,12 @@ static void gsmtty_hangup(struct tty_struct *tty) - static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf, - int len) - { -+ int sent; - struct gsm_dlci *dlci = tty->driver_data; -+ if (dlci->state == DLCI_CLOSED) -+ return -EINVAL; - /* Stuff the bytes into the fifo queue */ -- int sent = kfifo_in_locked(dlci->fifo, buf, len, &dlci->lock); -+ sent = kfifo_in_locked(dlci->fifo, buf, len, &dlci->lock); - /* Need to kick the channel */ - gsm_dlci_data_kick(dlci); - return sent; -@@ -2969,18 +2988,24 @@ static int gsmtty_write(struct tty_struct *tty, const unsigned char *buf, - static int gsmtty_write_room(struct tty_struct *tty) - { - struct gsm_dlci *dlci = tty->driver_data; -+ if (dlci->state == DLCI_CLOSED) -+ return -EINVAL; - return TX_SIZE - kfifo_len(dlci->fifo); - } - - static int gsmtty_chars_in_buffer(struct tty_struct *tty) - { - struct gsm_dlci *dlci = tty->driver_data; -+ if (dlci->state == DLCI_CLOSED) -+ return -EINVAL; - return kfifo_len(dlci->fifo); - } - - static void gsmtty_flush_buffer(struct tty_struct *tty) - { - struct gsm_dlci *dlci = tty->driver_data; -+ if (dlci->state == DLCI_CLOSED) -+ return; - /* Caution needed: If we implement reliable transport classes - then the data being transmitted can't simply be junked once - it has first hit the stack. Until then we can just blow it -@@ -2999,6 +3024,8 @@ static void gsmtty_wait_until_sent(struct tty_struct *tty, int timeout) - static int gsmtty_tiocmget(struct tty_struct *tty) - { - struct gsm_dlci *dlci = tty->driver_data; -+ if (dlci->state == DLCI_CLOSED) -+ return -EINVAL; - return dlci->modem_rx; - } - -@@ -3008,6 +3035,8 @@ static int gsmtty_tiocmset(struct tty_struct *tty, - struct gsm_dlci *dlci = tty->driver_data; - unsigned int modem_tx = dlci->modem_tx; - -+ if (dlci->state == DLCI_CLOSED) -+ return -EINVAL; - modem_tx &= ~clear; - modem_tx |= set; - -@@ -3026,6 +3055,8 @@ static int gsmtty_ioctl(struct tty_struct *tty, - struct gsm_netconfig nc; - int index; - -+ if (dlci->state == DLCI_CLOSED) -+ return -EINVAL; - switch (cmd) { - case GSMIOC_ENABLE_NET: - if (copy_from_user(&nc, (void __user *)arg, sizeof(nc))) -@@ -3052,6 +3083,9 @@ static int gsmtty_ioctl(struct tty_struct *tty, - - static void gsmtty_set_termios(struct tty_struct *tty, struct ktermios *old) - { -+ struct gsm_dlci *dlci = tty->driver_data; -+ if (dlci->state == DLCI_CLOSED) -+ return; - /* For the moment its fixed. In actual fact the speed information - for the virtual channel can be propogated in both directions by - the RPN control message. This however rapidly gets nasty as we -@@ -3063,6 +3097,8 @@ static void gsmtty_set_termios(struct tty_struct *tty, struct ktermios *old) - static void gsmtty_throttle(struct tty_struct *tty) - { - struct gsm_dlci *dlci = tty->driver_data; -+ if (dlci->state == DLCI_CLOSED) -+ return; - if (tty->termios->c_cflag & CRTSCTS) - dlci->modem_tx &= ~TIOCM_DTR; - dlci->throttled = 1; -@@ -3073,6 +3109,8 @@ static void gsmtty_throttle(struct tty_struct *tty) - static void gsmtty_unthrottle(struct tty_struct *tty) - { - struct gsm_dlci *dlci = tty->driver_data; -+ if (dlci->state == DLCI_CLOSED) -+ return; - if (tty->termios->c_cflag & CRTSCTS) - dlci->modem_tx |= TIOCM_DTR; - dlci->throttled = 0; -@@ -3084,6 +3122,8 @@ static int gsmtty_break_ctl(struct tty_struct *tty, int state) - { - struct gsm_dlci *dlci = tty->driver_data; - int encode = 0; /* Off */ -+ if (dlci->state == DLCI_CLOSED) -+ return -EINVAL; - - if (state == -1) /* "On indefinitely" - we can't encode this - properly */ -diff --git a/drivers/tty/serial/8250/8250_dw.c b/drivers/tty/serial/8250/8250_dw.c -index f574eef..b6dc908 100644 ---- a/drivers/tty/serial/8250/8250_dw.c -+++ b/drivers/tty/serial/8250/8250_dw.c -@@ -79,7 +79,7 @@ static int dw8250_handle_irq(struct uart_port *p) - } else if ((iir & UART_IIR_BUSY) == UART_IIR_BUSY) { - /* Clear the USR and write the LCR again. */ - (void)p->serial_in(p, UART_USR); -- p->serial_out(p, d->last_lcr, UART_LCR); -+ p->serial_out(p, UART_LCR, d->last_lcr); - - return 1; - } -diff --git a/drivers/tty/serial/ifx6x60.c b/drivers/tty/serial/ifx6x60.c -index 3ad079f..f43156f 100644 ---- a/drivers/tty/serial/ifx6x60.c -+++ b/drivers/tty/serial/ifx6x60.c -@@ -552,6 +552,7 @@ static void ifx_port_shutdown(struct tty_port *port) - container_of(port, struct ifx_spi_device, tty_port); - - mrdy_set_low(ifx_dev); -+ del_timer(&ifx_dev->spi_timer); - clear_bit(IFX_SPI_STATE_TIMER_PENDING, &ifx_dev->flags); - tasklet_kill(&ifx_dev->io_work_tasklet); - } -diff --git a/drivers/tty/tty_ioctl.c b/drivers/tty/tty_ioctl.c -index a1b9a2f..f8d03da 100644 ---- a/drivers/tty/tty_ioctl.c -+++ b/drivers/tty/tty_ioctl.c -@@ -617,7 +617,7 @@ static int set_termios(struct tty_struct *tty, void __user *arg, int opt) - if (opt & TERMIOS_WAIT) { - tty_wait_until_sent(tty, 0); - if (signal_pending(current)) -- return -EINTR; -+ return -ERESTARTSYS; - } - - tty_set_termios(tty, &tmp_termios); -@@ -684,7 +684,7 @@ static int set_termiox(struct tty_struct *tty, void __user *arg, int opt) - if (opt & TERMIOS_WAIT) { - tty_wait_until_sent(tty, 0); - if (signal_pending(current)) -- return -EINTR; -+ return -ERESTARTSYS; - } - - mutex_lock(&tty->termios_mutex); -diff --git a/drivers/tty/vt/vt.c b/drivers/tty/vt/vt.c -index a13f7e1..d2f0b26 100644 ---- a/drivers/tty/vt/vt.c -+++ b/drivers/tty/vt/vt.c -@@ -656,7 +656,7 @@ static inline void save_screen(struct vc_data *vc) - * Redrawing of screen - */ - --static void clear_buffer_attributes(struct vc_data *vc) -+void clear_buffer_attributes(struct vc_data *vc) - { - unsigned short *p = (unsigned short *)vc->vc_origin; - int count = vc->vc_screenbuf_size / 2; -@@ -3017,7 +3017,7 @@ int __init vty_init(const struct file_operations *console_fops) - - static struct class *vtconsole_class; - --static int bind_con_driver(const struct consw *csw, int first, int last, -+static int do_bind_con_driver(const struct consw *csw, int first, int last, - int deflt) - { - struct module *owner = csw->owner; -@@ -3028,7 +3028,7 @@ static int bind_con_driver(const struct consw *csw, int first, int last, - if (!try_module_get(owner)) - return -ENODEV; - -- console_lock(); -+ WARN_CONSOLE_UNLOCKED(); - - /* check if driver is registered */ - for (i = 0; i < MAX_NR_CON_DRIVER; i++) { -@@ -3113,11 +3113,22 @@ static int bind_con_driver(const struct consw *csw, int first, int last, - - retval = 0; - err: -- console_unlock(); - module_put(owner); - return retval; - }; - -+ -+static int bind_con_driver(const struct consw *csw, int first, int last, -+ int deflt) -+{ -+ int ret; -+ -+ console_lock(); -+ ret = do_bind_con_driver(csw, first, last, deflt); -+ console_unlock(); -+ return ret; -+} -+ - #ifdef CONFIG_VT_HW_CONSOLE_BINDING - static int con_is_graphics(const struct consw *csw, int first, int last) - { -@@ -3154,6 +3165,18 @@ static int con_is_graphics(const struct consw *csw, int first, int last) - */ - int unbind_con_driver(const struct consw *csw, int first, int last, int deflt) - { -+ int retval; -+ -+ console_lock(); -+ retval = do_unbind_con_driver(csw, first, last, deflt); -+ console_unlock(); -+ return retval; -+} -+EXPORT_SYMBOL(unbind_con_driver); -+ -+/* unlocked version of unbind_con_driver() */ -+int do_unbind_con_driver(const struct consw *csw, int first, int last, int deflt) -+{ - struct module *owner = csw->owner; - const struct consw *defcsw = NULL; - struct con_driver *con_driver = NULL, *con_back = NULL; -@@ -3162,7 +3185,7 @@ int unbind_con_driver(const struct consw *csw, int first, int last, int deflt) - if (!try_module_get(owner)) - return -ENODEV; - -- console_lock(); -+ WARN_CONSOLE_UNLOCKED(); - - /* check if driver is registered and if it is unbindable */ - for (i = 0; i < MAX_NR_CON_DRIVER; i++) { -@@ -3175,10 +3198,8 @@ int unbind_con_driver(const struct consw *csw, int first, int last, int deflt) - } - } - -- if (retval) { -- console_unlock(); -+ if (retval) - goto err; -- } - - retval = -ENODEV; - -@@ -3194,15 +3215,11 @@ int unbind_con_driver(const struct consw *csw, int first, int last, int deflt) - } - } - -- if (retval) { -- console_unlock(); -+ if (retval) - goto err; -- } - -- if (!con_is_bound(csw)) { -- console_unlock(); -+ if (!con_is_bound(csw)) - goto err; -- } - - first = max(first, con_driver->first); - last = min(last, con_driver->last); -@@ -3229,15 +3246,14 @@ int unbind_con_driver(const struct consw *csw, int first, int last, int deflt) - if (!con_is_bound(csw)) - con_driver->flag &= ~CON_DRIVER_FLAG_INIT; - -- console_unlock(); - /* ignore return value, binding should not fail */ -- bind_con_driver(defcsw, first, last, deflt); -+ do_bind_con_driver(defcsw, first, last, deflt); - err: - module_put(owner); - return retval; - - } --EXPORT_SYMBOL(unbind_con_driver); -+EXPORT_SYMBOL_GPL(do_unbind_con_driver); - - static int vt_bind(struct con_driver *con) - { -@@ -3522,28 +3538,18 @@ int con_debug_leave(void) - } - EXPORT_SYMBOL_GPL(con_debug_leave); - --/** -- * register_con_driver - register console driver to console layer -- * @csw: console driver -- * @first: the first console to take over, minimum value is 0 -- * @last: the last console to take over, maximum value is MAX_NR_CONSOLES -1 -- * -- * DESCRIPTION: This function registers a console driver which can later -- * bind to a range of consoles specified by @first and @last. It will -- * also initialize the console driver by calling con_startup(). -- */ --int register_con_driver(const struct consw *csw, int first, int last) -+static int do_register_con_driver(const struct consw *csw, int first, int last) - { - struct module *owner = csw->owner; - struct con_driver *con_driver; - const char *desc; - int i, retval = 0; - -+ WARN_CONSOLE_UNLOCKED(); -+ - if (!try_module_get(owner)) - return -ENODEV; - -- console_lock(); -- - for (i = 0; i < MAX_NR_CON_DRIVER; i++) { - con_driver = ®istered_con_driver[i]; - -@@ -3596,10 +3602,29 @@ int register_con_driver(const struct consw *csw, int first, int last) - } - - err: -- console_unlock(); - module_put(owner); - return retval; - } -+ -+/** -+ * register_con_driver - register console driver to console layer -+ * @csw: console driver -+ * @first: the first console to take over, minimum value is 0 -+ * @last: the last console to take over, maximum value is MAX_NR_CONSOLES -1 -+ * -+ * DESCRIPTION: This function registers a console driver which can later -+ * bind to a range of consoles specified by @first and @last. It will -+ * also initialize the console driver by calling con_startup(). -+ */ -+int register_con_driver(const struct consw *csw, int first, int last) -+{ -+ int retval; -+ -+ console_lock(); -+ retval = do_register_con_driver(csw, first, last); -+ console_unlock(); -+ return retval; -+} - EXPORT_SYMBOL(register_con_driver); - - /** -@@ -3615,9 +3640,18 @@ EXPORT_SYMBOL(register_con_driver); - */ - int unregister_con_driver(const struct consw *csw) - { -- int i, retval = -ENODEV; -+ int retval; - - console_lock(); -+ retval = do_unregister_con_driver(csw); -+ console_unlock(); -+ return retval; -+} -+EXPORT_SYMBOL(unregister_con_driver); -+ -+int do_unregister_con_driver(const struct consw *csw) -+{ -+ int i, retval = -ENODEV; - - /* cannot unregister a bound driver */ - if (con_is_bound(csw)) -@@ -3643,27 +3677,53 @@ int unregister_con_driver(const struct consw *csw) - } - } - err: -- console_unlock(); - return retval; - } --EXPORT_SYMBOL(unregister_con_driver); -+EXPORT_SYMBOL_GPL(do_unregister_con_driver); - - /* - * If we support more console drivers, this function is used - * when a driver wants to take over some existing consoles - * and become default driver for newly opened ones. - * -- * take_over_console is basically a register followed by unbind -+ * take_over_console is basically a register followed by unbind -+ */ -+int do_take_over_console(const struct consw *csw, int first, int last, int deflt) -+{ -+ int err; -+ -+ err = do_register_con_driver(csw, first, last); -+ /* -+ * If we get an busy error we still want to bind the console driver -+ * and return success, as we may have unbound the console driver -+ * but not unregistered it. -+ */ -+ if (err == -EBUSY) -+ err = 0; -+ if (!err) -+ do_bind_con_driver(csw, first, last, deflt); -+ -+ return err; -+} -+EXPORT_SYMBOL_GPL(do_take_over_console); -+ -+/* -+ * If we support more console drivers, this function is used -+ * when a driver wants to take over some existing consoles -+ * and become default driver for newly opened ones. -+ * -+ * take_over_console is basically a register followed by unbind - */ - int take_over_console(const struct consw *csw, int first, int last, int deflt) - { - int err; - - err = register_con_driver(csw, first, last); -- /* if we get an busy error we still want to bind the console driver -+ /* -+ * If we get an busy error we still want to bind the console driver - * and return success, as we may have unbound the console driver -- * but not unregistered it. -- */ -+ * but not unregistered it. -+ */ - if (err == -EBUSY) - err = 0; - if (!err) -diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c -index 89c752a..d775bc9 100644 ---- a/drivers/usb/class/cdc-acm.c -+++ b/drivers/usb/class/cdc-acm.c -@@ -1602,6 +1602,9 @@ static const struct usb_device_id acm_ids[] = { - { USB_DEVICE(0x0572, 0x1340), /* Conexant CX93010-2x UCMxx */ - .driver_info = NO_UNION_NORMAL, - }, -+ { USB_DEVICE(0x05f9, 0x4002), /* PSC Scanning, Magellan 800i */ -+ .driver_info = NO_UNION_NORMAL, -+ }, - { USB_DEVICE(0x1bbb, 0x0003), /* Alcatel OT-I650 */ - .driver_info = NO_UNION_NORMAL, /* reports zero length descriptor */ - }, -diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c -index fe7faf0..2aed077 100644 ---- a/drivers/usb/core/hub.c -+++ b/drivers/usb/core/hub.c -@@ -867,6 +867,60 @@ static int hub_hub_status(struct usb_hub *hub, - return ret; - } - -+static int hub_set_port_link_state(struct usb_hub *hub, int port1, -+ unsigned int link_status) -+{ -+ return set_port_feature(hub->hdev, -+ port1 | (link_status << 3), -+ USB_PORT_FEAT_LINK_STATE); -+} -+ -+/* -+ * If USB 3.0 ports are placed into the Disabled state, they will no longer -+ * detect any device connects or disconnects. This is generally not what the -+ * USB core wants, since it expects a disabled port to produce a port status -+ * change event when a new device connects. -+ * -+ * Instead, set the link state to Disabled, wait for the link to settle into -+ * that state, clear any change bits, and then put the port into the RxDetect -+ * state. -+ */ -+static int hub_usb3_port_disable(struct usb_hub *hub, int port1) -+{ -+ int ret; -+ int total_time; -+ u16 portchange, portstatus; -+ -+ if (!hub_is_superspeed(hub->hdev)) -+ return -EINVAL; -+ -+ ret = hub_set_port_link_state(hub, port1, USB_SS_PORT_LS_SS_DISABLED); -+ if (ret) { -+ dev_err(hub->intfdev, "cannot disable port %d (err = %d)\n", -+ port1, ret); -+ return ret; -+ } -+ -+ /* Wait for the link to enter the disabled state. */ -+ for (total_time = 0; ; total_time += HUB_DEBOUNCE_STEP) { -+ ret = hub_port_status(hub, port1, &portstatus, &portchange); -+ if (ret < 0) -+ return ret; -+ -+ if ((portstatus & USB_PORT_STAT_LINK_STATE) == -+ USB_SS_PORT_LS_SS_DISABLED) -+ break; -+ if (total_time >= HUB_DEBOUNCE_TIMEOUT) -+ break; -+ msleep(HUB_DEBOUNCE_STEP); -+ } -+ if (total_time >= HUB_DEBOUNCE_TIMEOUT) -+ dev_warn(hub->intfdev, "Could not disable port %d after %d ms\n", -+ port1, total_time); -+ -+ return hub_set_port_link_state(hub, port1, USB_SS_PORT_LS_RX_DETECT); -+} -+ - static int hub_port_disable(struct usb_hub *hub, int port1, int set_state) - { - struct usb_device *hdev = hub->hdev; -@@ -875,8 +929,13 @@ static int hub_port_disable(struct usb_hub *hub, int port1, int set_state) - if (hdev->children[port1-1] && set_state) - usb_set_device_state(hdev->children[port1-1], - USB_STATE_NOTATTACHED); -- if (!hub->error && !hub_is_superspeed(hub->hdev)) -- ret = clear_port_feature(hdev, port1, USB_PORT_FEAT_ENABLE); -+ if (!hub->error) { -+ if (hub_is_superspeed(hub->hdev)) -+ ret = hub_usb3_port_disable(hub, port1); -+ else -+ ret = clear_port_feature(hdev, port1, -+ USB_PORT_FEAT_ENABLE); -+ } - if (ret) - dev_err(hub->intfdev, "cannot disable port %d (err = %d)\n", - port1, ret); -@@ -2339,7 +2398,7 @@ static unsigned hub_is_wusb(struct usb_hub *hub) - #define HUB_SHORT_RESET_TIME 10 - #define HUB_BH_RESET_TIME 50 - #define HUB_LONG_RESET_TIME 200 --#define HUB_RESET_TIMEOUT 500 -+#define HUB_RESET_TIMEOUT 800 - - static int hub_port_reset(struct usb_hub *hub, int port1, - struct usb_device *udev, unsigned int delay, bool warm); -@@ -2374,6 +2433,10 @@ static int hub_port_wait_reset(struct usb_hub *hub, int port1, - if (ret < 0) - return ret; - -+ /* The port state is unknown until the reset completes. */ -+ if ((portstatus & USB_PORT_STAT_RESET)) -+ goto delay; -+ - /* - * Some buggy devices require a warm reset to be issued even - * when the port appears not to be connected. -@@ -2419,11 +2482,7 @@ static int hub_port_wait_reset(struct usb_hub *hub, int port1, - if ((portchange & USB_PORT_STAT_C_CONNECTION)) - return -ENOTCONN; - -- /* if we`ve finished resetting, then break out of -- * the loop -- */ -- if (!(portstatus & USB_PORT_STAT_RESET) && -- (portstatus & USB_PORT_STAT_ENABLE)) { -+ if ((portstatus & USB_PORT_STAT_ENABLE)) { - if (hub_is_wusb(hub)) - udev->speed = USB_SPEED_WIRELESS; - else if (hub_is_superspeed(hub->hdev)) -@@ -2437,10 +2496,15 @@ static int hub_port_wait_reset(struct usb_hub *hub, int port1, - return 0; - } - } else { -- if (portchange & USB_PORT_STAT_C_BH_RESET) -- return 0; -+ if (!(portstatus & USB_PORT_STAT_CONNECTION) || -+ hub_port_warm_reset_required(hub, -+ portstatus)) -+ return -ENOTCONN; -+ -+ return 0; - } - -+delay: - /* switch to the long delay after two short delay failures */ - if (delay_time >= 2 * HUB_SHORT_RESET_TIME) - delay = HUB_LONG_RESET_TIME; -@@ -2464,14 +2528,11 @@ static void hub_port_finish_reset(struct usb_hub *hub, int port1, - msleep(10 + 40); - update_devnum(udev, 0); - hcd = bus_to_hcd(udev->bus); -- if (hcd->driver->reset_device) { -- *status = hcd->driver->reset_device(hcd, udev); -- if (*status < 0) { -- dev_err(&udev->dev, "Cannot reset " -- "HCD device state\n"); -- break; -- } -- } -+ /* The xHC may think the device is already reset, -+ * so ignore the status. -+ */ -+ if (hcd->driver->reset_device) -+ hcd->driver->reset_device(hcd, udev); - } - /* FALL THROUGH */ - case -ENOTCONN: -@@ -2479,16 +2540,16 @@ static void hub_port_finish_reset(struct usb_hub *hub, int port1, - clear_port_feature(hub->hdev, - port1, USB_PORT_FEAT_C_RESET); - /* FIXME need disconnect() for NOTATTACHED device */ -- if (warm) { -+ if (hub_is_superspeed(hub->hdev)) { - clear_port_feature(hub->hdev, port1, - USB_PORT_FEAT_C_BH_PORT_RESET); - clear_port_feature(hub->hdev, port1, - USB_PORT_FEAT_C_PORT_LINK_STATE); -- } else { -+ } -+ if (!warm) - usb_set_device_state(udev, *status - ? USB_STATE_NOTATTACHED - : USB_STATE_DEFAULT); -- } - break; - } - } -@@ -2676,6 +2737,23 @@ void usb_enable_ltm(struct usb_device *udev) - EXPORT_SYMBOL_GPL(usb_enable_ltm); - - #ifdef CONFIG_USB_SUSPEND -+/* -+ * usb_disable_function_remotewakeup - disable usb3.0 -+ * device's function remote wakeup -+ * @udev: target device -+ * -+ * Assume there's only one function on the USB 3.0 -+ * device and disable remote wake for the first -+ * interface. FIXME if the interface association -+ * descriptor shows there's more than one function. -+ */ -+static int usb_disable_function_remotewakeup(struct usb_device *udev) -+{ -+ return usb_control_msg(udev, usb_sndctrlpipe(udev, 0), -+ USB_REQ_CLEAR_FEATURE, USB_RECIP_INTERFACE, -+ USB_INTRF_FUNC_SUSPEND, 0, NULL, 0, -+ USB_CTRL_SET_TIMEOUT); -+} - - /* - * usb_port_suspend - suspend a usb device's upstream port -@@ -2793,12 +2871,19 @@ int usb_port_suspend(struct usb_device *udev, pm_message_t msg) - dev_dbg(hub->intfdev, "can't suspend port %d, status %d\n", - port1, status); - /* paranoia: "should not happen" */ -- if (udev->do_remote_wakeup) -- (void) usb_control_msg(udev, usb_sndctrlpipe(udev, 0), -- USB_REQ_CLEAR_FEATURE, USB_RECIP_DEVICE, -- USB_DEVICE_REMOTE_WAKEUP, 0, -- NULL, 0, -- USB_CTRL_SET_TIMEOUT); -+ if (udev->do_remote_wakeup) { -+ if (!hub_is_superspeed(hub->hdev)) { -+ (void) usb_control_msg(udev, -+ usb_sndctrlpipe(udev, 0), -+ USB_REQ_CLEAR_FEATURE, -+ USB_RECIP_DEVICE, -+ USB_DEVICE_REMOTE_WAKEUP, 0, -+ NULL, 0, -+ USB_CTRL_SET_TIMEOUT); -+ } else -+ (void) usb_disable_function_remotewakeup(udev); -+ -+ } - - /* Try to enable USB2 hardware LPM again */ - if (udev->usb2_hw_lpm_capable == 1) -@@ -2837,7 +2922,7 @@ int usb_port_suspend(struct usb_device *udev, pm_message_t msg) - static int finish_port_resume(struct usb_device *udev) - { - int status = 0; -- u16 devstatus; -+ u16 devstatus = 0; - - /* caller owns the udev device lock */ - dev_dbg(&udev->dev, "%s\n", -@@ -2882,21 +2967,37 @@ static int finish_port_resume(struct usb_device *udev) - if (status) { - dev_dbg(&udev->dev, "gone after usb resume? status %d\n", - status); -- } else if (udev->actconfig) { -- le16_to_cpus(&devstatus); -- if (devstatus & (1 << USB_DEVICE_REMOTE_WAKEUP)) { -- status = usb_control_msg(udev, -- usb_sndctrlpipe(udev, 0), -- USB_REQ_CLEAR_FEATURE, -+ /* -+ * There are a few quirky devices which violate the standard -+ * by claiming to have remote wakeup enabled after a reset, -+ * which crash if the feature is cleared, hence check for -+ * udev->reset_resume -+ */ -+ } else if (udev->actconfig && !udev->reset_resume) { -+ if (!hub_is_superspeed(udev->parent)) { -+ le16_to_cpus(&devstatus); -+ if (devstatus & (1 << USB_DEVICE_REMOTE_WAKEUP)) -+ status = usb_control_msg(udev, -+ usb_sndctrlpipe(udev, 0), -+ USB_REQ_CLEAR_FEATURE, - USB_RECIP_DEVICE, -- USB_DEVICE_REMOTE_WAKEUP, 0, -- NULL, 0, -- USB_CTRL_SET_TIMEOUT); -- if (status) -- dev_dbg(&udev->dev, -- "disable remote wakeup, status %d\n", -- status); -+ USB_DEVICE_REMOTE_WAKEUP, 0, -+ NULL, 0, -+ USB_CTRL_SET_TIMEOUT); -+ } else { -+ status = usb_get_status(udev, USB_RECIP_INTERFACE, 0, -+ &devstatus); -+ le16_to_cpus(&devstatus); -+ if (!status && devstatus & (USB_INTRF_STAT_FUNC_RW_CAP -+ | USB_INTRF_STAT_FUNC_RW)) -+ status = -+ usb_disable_function_remotewakeup(udev); - } -+ -+ if (status) -+ dev_dbg(&udev->dev, -+ "disable remote wakeup, status %d\n", -+ status); - status = 0; - } - return status; -@@ -4511,9 +4612,14 @@ static void hub_events(void) - * SS.Inactive state. - */ - if (hub_port_warm_reset_required(hub, portstatus)) { -+ int status; -+ - dev_dbg(hub_dev, "warm reset port %d\n", i); -- hub_port_reset(hub, i, NULL, -+ status = hub_port_reset(hub, i, NULL, - HUB_BH_RESET_TIME, true); -+ if (status < 0) -+ hub_port_disable(hub, i, 1); -+ connect_change = 0; - } - - if (connect_change) -diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c -index 0ab7da2..583150b 100644 ---- a/drivers/usb/core/message.c -+++ b/drivers/usb/core/message.c -@@ -1808,29 +1808,8 @@ free_interfaces: - goto free_interfaces; - } - -- ret = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), -- USB_REQ_SET_CONFIGURATION, 0, configuration, 0, -- NULL, 0, USB_CTRL_SET_TIMEOUT); -- if (ret < 0) { -- /* All the old state is gone, so what else can we do? -- * The device is probably useless now anyway. -- */ -- cp = NULL; -- } -- -- dev->actconfig = cp; -- if (!cp) { -- usb_set_device_state(dev, USB_STATE_ADDRESS); -- usb_hcd_alloc_bandwidth(dev, NULL, NULL, NULL); -- /* Leave LPM disabled while the device is unconfigured. */ -- mutex_unlock(hcd->bandwidth_mutex); -- usb_autosuspend_device(dev); -- goto free_interfaces; -- } -- mutex_unlock(hcd->bandwidth_mutex); -- usb_set_device_state(dev, USB_STATE_CONFIGURED); -- -- /* Initialize the new interface structures and the -+ /* -+ * Initialize the new interface structures and the - * hc/hcd/usbcore interface/endpoint state. - */ - for (i = 0; i < nintf; ++i) { -@@ -1874,6 +1853,35 @@ free_interfaces: - } - kfree(new_interfaces); - -+ ret = usb_control_msg(dev, usb_sndctrlpipe(dev, 0), -+ USB_REQ_SET_CONFIGURATION, 0, configuration, 0, -+ NULL, 0, USB_CTRL_SET_TIMEOUT); -+ if (ret < 0 && cp) { -+ /* -+ * All the old state is gone, so what else can we do? -+ * The device is probably useless now anyway. -+ */ -+ usb_hcd_alloc_bandwidth(dev, NULL, NULL, NULL); -+ for (i = 0; i < nintf; ++i) { -+ usb_disable_interface(dev, cp->interface[i], true); -+ put_device(&cp->interface[i]->dev); -+ cp->interface[i] = NULL; -+ } -+ cp = NULL; -+ } -+ -+ dev->actconfig = cp; -+ mutex_unlock(hcd->bandwidth_mutex); -+ -+ if (!cp) { -+ usb_set_device_state(dev, USB_STATE_ADDRESS); -+ -+ /* Leave LPM disabled while the device is unconfigured. */ -+ usb_autosuspend_device(dev); -+ return ret; -+ } -+ usb_set_device_state(dev, USB_STATE_CONFIGURED); -+ - if (cp->string == NULL && - !(dev->quirks & USB_QUIRK_CONFIG_INTF_STRINGS)) - cp->string = usb_cache_string(dev, cp->desc.iConfiguration); -diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c -index eb0fd10..b6c4084 100644 ---- a/drivers/usb/dwc3/gadget.c -+++ b/drivers/usb/dwc3/gadget.c -@@ -1619,6 +1619,7 @@ static int __devinit dwc3_gadget_init_endpoints(struct dwc3 *dwc) - - if (epnum == 0 || epnum == 1) { - dep->endpoint.maxpacket = 512; -+ dep->endpoint.maxburst = 1; - dep->endpoint.ops = &dwc3_gadget_ep0_ops; - if (!epnum) - dwc->gadget.ep0 = &dep->endpoint; -diff --git a/drivers/usb/gadget/dummy_hcd.c b/drivers/usb/gadget/dummy_hcd.c -index afdbb1c..4ad1f1c 100644 ---- a/drivers/usb/gadget/dummy_hcd.c -+++ b/drivers/usb/gadget/dummy_hcd.c -@@ -126,10 +126,7 @@ static const char ep0name[] = "ep0"; - static const char *const ep_name[] = { - ep0name, /* everyone has ep0 */ - -- /* act like a net2280: high speed, six configurable endpoints */ -- "ep-a", "ep-b", "ep-c", "ep-d", "ep-e", "ep-f", -- -- /* or like pxa250: fifteen fixed function endpoints */ -+ /* act like a pxa250: fifteen fixed function endpoints */ - "ep1in-bulk", "ep2out-bulk", "ep3in-iso", "ep4out-iso", "ep5in-int", - "ep6in-bulk", "ep7out-bulk", "ep8in-iso", "ep9out-iso", "ep10in-int", - "ep11in-bulk", "ep12out-bulk", "ep13in-iso", "ep14out-iso", -@@ -137,6 +134,10 @@ static const char *const ep_name[] = { - - /* or like sa1100: two fixed function endpoints */ - "ep1out-bulk", "ep2in-bulk", -+ -+ /* and now some generic EPs so we have enough in multi config */ -+ "ep3out", "ep4in", "ep5out", "ep6out", "ep7in", "ep8out", "ep9in", -+ "ep10out", "ep11out", "ep12in", "ep13out", "ep14in", "ep15out", - }; - #define DUMMY_ENDPOINTS ARRAY_SIZE(ep_name) - -diff --git a/drivers/usb/gadget/f_ecm.c b/drivers/usb/gadget/f_ecm.c -index 30b908f..672c66a 100644 ---- a/drivers/usb/gadget/f_ecm.c -+++ b/drivers/usb/gadget/f_ecm.c -@@ -808,9 +808,9 @@ fail: - /* we might as well release our claims on endpoints */ - if (ecm->notify) - ecm->notify->driver_data = NULL; -- if (ecm->port.out_ep->desc) -+ if (ecm->port.out_ep) - ecm->port.out_ep->driver_data = NULL; -- if (ecm->port.in_ep->desc) -+ if (ecm->port.in_ep) - ecm->port.in_ep->driver_data = NULL; - - ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); -diff --git a/drivers/usb/gadget/f_eem.c b/drivers/usb/gadget/f_eem.c -index 1a7b2dd..a9cf2052 100644 ---- a/drivers/usb/gadget/f_eem.c -+++ b/drivers/usb/gadget/f_eem.c -@@ -319,10 +319,9 @@ fail: - if (f->hs_descriptors) - usb_free_descriptors(f->hs_descriptors); - -- /* we might as well release our claims on endpoints */ -- if (eem->port.out_ep->desc) -+ if (eem->port.out_ep) - eem->port.out_ep->driver_data = NULL; -- if (eem->port.in_ep->desc) -+ if (eem->port.in_ep) - eem->port.in_ep->driver_data = NULL; - - ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); -diff --git a/drivers/usb/gadget/f_midi.c b/drivers/usb/gadget/f_midi.c -index 2f7e8f2..1bf9596 100644 ---- a/drivers/usb/gadget/f_midi.c -+++ b/drivers/usb/gadget/f_midi.c -@@ -416,6 +416,7 @@ static void f_midi_unbind(struct usb_configuration *c, struct usb_function *f) - midi->id = NULL; - - usb_free_descriptors(f->descriptors); -+ usb_free_descriptors(f->hs_descriptors); - kfree(midi); - } - -diff --git a/drivers/usb/gadget/f_ncm.c b/drivers/usb/gadget/f_ncm.c -index aab8ede..d7811ae 100644 ---- a/drivers/usb/gadget/f_ncm.c -+++ b/drivers/usb/gadget/f_ncm.c -@@ -1259,9 +1259,9 @@ fail: - /* we might as well release our claims on endpoints */ - if (ncm->notify) - ncm->notify->driver_data = NULL; -- if (ncm->port.out_ep->desc) -+ if (ncm->port.out_ep) - ncm->port.out_ep->driver_data = NULL; -- if (ncm->port.in_ep->desc) -+ if (ncm->port.in_ep) - ncm->port.in_ep->driver_data = NULL; - - ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); -diff --git a/drivers/usb/gadget/f_phonet.c b/drivers/usb/gadget/f_phonet.c -index 8ee9268..a6c19a4 100644 ---- a/drivers/usb/gadget/f_phonet.c -+++ b/drivers/usb/gadget/f_phonet.c -@@ -531,7 +531,7 @@ int pn_bind(struct usb_configuration *c, struct usb_function *f) - - req = usb_ep_alloc_request(fp->out_ep, GFP_KERNEL); - if (!req) -- goto err; -+ goto err_req; - - req->complete = pn_rx_complete; - fp->out_reqv[i] = req; -@@ -540,14 +540,18 @@ int pn_bind(struct usb_configuration *c, struct usb_function *f) - /* Outgoing USB requests */ - fp->in_req = usb_ep_alloc_request(fp->in_ep, GFP_KERNEL); - if (!fp->in_req) -- goto err; -+ goto err_req; - - INFO(cdev, "USB CDC Phonet function\n"); - INFO(cdev, "using %s, OUT %s, IN %s\n", cdev->gadget->name, - fp->out_ep->name, fp->in_ep->name); - return 0; - -+err_req: -+ for (i = 0; i < phonet_rxq_size && fp->out_reqv[i]; i++) -+ usb_ep_free_request(fp->out_ep, fp->out_reqv[i]); - err: -+ - if (fp->out_ep) - fp->out_ep->driver_data = NULL; - if (fp->in_ep) -diff --git a/drivers/usb/gadget/f_rndis.c b/drivers/usb/gadget/f_rndis.c -index b1681e4..47953fe 100644 ---- a/drivers/usb/gadget/f_rndis.c -+++ b/drivers/usb/gadget/f_rndis.c -@@ -803,9 +803,9 @@ fail: - /* we might as well release our claims on endpoints */ - if (rndis->notify) - rndis->notify->driver_data = NULL; -- if (rndis->port.out_ep->desc) -+ if (rndis->port.out_ep) - rndis->port.out_ep->driver_data = NULL; -- if (rndis->port.in_ep->desc) -+ if (rndis->port.in_ep) - rndis->port.in_ep->driver_data = NULL; - - ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); -diff --git a/drivers/usb/gadget/f_subset.c b/drivers/usb/gadget/f_subset.c -index 21ab474..e5bb966 100644 ---- a/drivers/usb/gadget/f_subset.c -+++ b/drivers/usb/gadget/f_subset.c -@@ -370,9 +370,9 @@ fail: - usb_free_descriptors(f->hs_descriptors); - - /* we might as well release our claims on endpoints */ -- if (geth->port.out_ep->desc) -+ if (geth->port.out_ep) - geth->port.out_ep->driver_data = NULL; -- if (geth->port.in_ep->desc) -+ if (geth->port.in_ep) - geth->port.in_ep->driver_data = NULL; - - ERROR(cdev, "%s: can't bind, err %d\n", f->name, status); -diff --git a/drivers/usb/gadget/f_uvc.c b/drivers/usb/gadget/f_uvc.c -index 2a8bf06..10f13c1 100644 ---- a/drivers/usb/gadget/f_uvc.c -+++ b/drivers/usb/gadget/f_uvc.c -@@ -417,7 +417,6 @@ uvc_register_video(struct uvc_device *uvc) - return -ENOMEM; - - video->parent = &cdev->gadget->dev; -- video->minor = -1; - video->fops = &uvc_v4l2_fops; - video->release = video_device_release; - strncpy(video->name, cdev->gadget->name, sizeof(video->name)); -@@ -577,23 +576,12 @@ uvc_function_unbind(struct usb_configuration *c, struct usb_function *f) - - INFO(cdev, "uvc_function_unbind\n"); - -- if (uvc->vdev) { -- if (uvc->vdev->minor == -1) -- video_device_release(uvc->vdev); -- else -- video_unregister_device(uvc->vdev); -- uvc->vdev = NULL; -- } -- -- if (uvc->control_ep) -- uvc->control_ep->driver_data = NULL; -- if (uvc->video.ep) -- uvc->video.ep->driver_data = NULL; -+ video_unregister_device(uvc->vdev); -+ uvc->control_ep->driver_data = NULL; -+ uvc->video.ep->driver_data = NULL; - -- if (uvc->control_req) { -- usb_ep_free_request(cdev->gadget->ep0, uvc->control_req); -- kfree(uvc->control_buf); -- } -+ usb_ep_free_request(cdev->gadget->ep0, uvc->control_req); -+ kfree(uvc->control_buf); - - kfree(f->descriptors); - kfree(f->hs_descriptors); -@@ -740,7 +728,22 @@ uvc_function_bind(struct usb_configuration *c, struct usb_function *f) - return 0; - - error: -- uvc_function_unbind(c, f); -+ if (uvc->vdev) -+ video_device_release(uvc->vdev); -+ -+ if (uvc->control_ep) -+ uvc->control_ep->driver_data = NULL; -+ if (uvc->video.ep) -+ uvc->video.ep->driver_data = NULL; -+ -+ if (uvc->control_req) { -+ usb_ep_free_request(cdev->gadget->ep0, uvc->control_req); -+ kfree(uvc->control_buf); -+ } -+ -+ kfree(f->descriptors); -+ kfree(f->hs_descriptors); -+ kfree(f->ss_descriptors); - return ret; - } - -diff --git a/drivers/usb/host/ehci-hub.c b/drivers/usb/host/ehci-hub.c -index c788022..a5d4c41 100644 ---- a/drivers/usb/host/ehci-hub.c -+++ b/drivers/usb/host/ehci-hub.c -@@ -623,7 +623,11 @@ ehci_hub_status_data (struct usb_hcd *hcd, char *buf) - status = STS_PCD; - } - } -- /* FIXME autosuspend idle root hubs */ -+ -+ /* If a resume is in progress, make sure it can finish */ -+ if (ehci->resuming_ports) -+ mod_timer(&hcd->rh_timer, jiffies + msecs_to_jiffies(25)); -+ - spin_unlock_irqrestore (&ehci->lock, flags); - return status ? retval : 0; - } -diff --git a/drivers/usb/host/ehci-omap.c b/drivers/usb/host/ehci-omap.c -index d7fe287..50fcc42 100644 ---- a/drivers/usb/host/ehci-omap.c -+++ b/drivers/usb/host/ehci-omap.c -@@ -374,7 +374,7 @@ static const struct hc_driver ehci_omap_hc_driver = { - .clear_tt_buffer_complete = ehci_clear_tt_buffer_complete, - }; - --MODULE_ALIAS("platform:omap-ehci"); -+MODULE_ALIAS("platform:ehci-omap"); - MODULE_AUTHOR("Texas Instruments, Inc."); - MODULE_AUTHOR("Felipe Balbi <felipe.balbi@nokia.com>"); - -diff --git a/drivers/usb/host/ehci-pci.c b/drivers/usb/host/ehci-pci.c -index 2cb7d37..f42b68e 100644 ---- a/drivers/usb/host/ehci-pci.c -+++ b/drivers/usb/host/ehci-pci.c -@@ -334,7 +334,8 @@ static bool usb_is_intel_switchable_ehci(struct pci_dev *pdev) - pdev->vendor == PCI_VENDOR_ID_INTEL && - (pdev->device == 0x1E26 || - pdev->device == 0x8C2D || -- pdev->device == 0x8C26); -+ pdev->device == 0x8C26 || -+ pdev->device == 0x9C26); - } - - static void ehci_enable_xhci_companion(void) -diff --git a/drivers/usb/host/ehci-sched.c b/drivers/usb/host/ehci-sched.c -index 528a540..838e571 100644 ---- a/drivers/usb/host/ehci-sched.c -+++ b/drivers/usb/host/ehci-sched.c -@@ -236,7 +236,7 @@ static inline unsigned char tt_start_uframe(struct ehci_hcd *ehci, __hc32 mask) - } - - static const unsigned char --max_tt_usecs[] = { 125, 125, 125, 125, 125, 125, 30, 0 }; -+max_tt_usecs[] = { 125, 125, 125, 125, 125, 125, 125, 25 }; - - /* carryover low/fullspeed bandwidth that crosses uframe boundries */ - static inline void carryover_tt_bandwidth(unsigned short tt_usecs[8]) -diff --git a/drivers/usb/host/pci-quirks.c b/drivers/usb/host/pci-quirks.c -index 39f9e4a..7893351 100644 ---- a/drivers/usb/host/pci-quirks.c -+++ b/drivers/usb/host/pci-quirks.c -@@ -723,6 +723,7 @@ static int handshake(void __iomem *ptr, u32 mask, u32 done, - } - - #define PCI_DEVICE_ID_INTEL_LYNX_POINT_XHCI 0x8C31 -+#define PCI_DEVICE_ID_INTEL_LYNX_POINT_LP_XHCI 0x9C31 - - bool usb_is_intel_ppt_switchable_xhci(struct pci_dev *pdev) - { -@@ -736,7 +737,8 @@ bool usb_is_intel_lpt_switchable_xhci(struct pci_dev *pdev) - { - return pdev->class == PCI_CLASS_SERIAL_USB_XHCI && - pdev->vendor == PCI_VENDOR_ID_INTEL && -- pdev->device == PCI_DEVICE_ID_INTEL_LYNX_POINT_XHCI; -+ (pdev->device == PCI_DEVICE_ID_INTEL_LYNX_POINT_XHCI || -+ pdev->device == PCI_DEVICE_ID_INTEL_LYNX_POINT_LP_XHCI); - } - - bool usb_is_intel_switchable_xhci(struct pci_dev *pdev) -@@ -778,6 +780,7 @@ void usb_enable_xhci_ports(struct pci_dev *xhci_pdev) - "defaulting to EHCI.\n"); - dev_warn(&xhci_pdev->dev, - "USB 3.0 devices will work at USB 2.0 speeds.\n"); -+ usb_disable_xhci_ports(xhci_pdev); - return; - } - -diff --git a/drivers/usb/host/uhci-hcd.c b/drivers/usb/host/uhci-hcd.c -index e4db350..3fe069f 100644 ---- a/drivers/usb/host/uhci-hcd.c -+++ b/drivers/usb/host/uhci-hcd.c -@@ -447,6 +447,10 @@ static irqreturn_t uhci_irq(struct usb_hcd *hcd) - return IRQ_NONE; - uhci_writew(uhci, status, USBSTS); /* Clear it */ - -+ spin_lock(&uhci->lock); -+ if (unlikely(!uhci->is_initialized)) /* not yet configured */ -+ goto done; -+ - if (status & ~(USBSTS_USBINT | USBSTS_ERROR | USBSTS_RD)) { - if (status & USBSTS_HSE) - dev_err(uhci_dev(uhci), "host system error, " -@@ -455,7 +459,6 @@ static irqreturn_t uhci_irq(struct usb_hcd *hcd) - dev_err(uhci_dev(uhci), "host controller process " - "error, something bad happened!\n"); - if (status & USBSTS_HCH) { -- spin_lock(&uhci->lock); - if (uhci->rh_state >= UHCI_RH_RUNNING) { - dev_err(uhci_dev(uhci), - "host controller halted, " -@@ -473,15 +476,15 @@ static irqreturn_t uhci_irq(struct usb_hcd *hcd) - * pending unlinks */ - mod_timer(&hcd->rh_timer, jiffies); - } -- spin_unlock(&uhci->lock); - } - } - -- if (status & USBSTS_RD) -+ if (status & USBSTS_RD) { -+ spin_unlock(&uhci->lock); - usb_hcd_poll_rh_status(hcd); -- else { -- spin_lock(&uhci->lock); -+ } else { - uhci_scan_schedule(uhci); -+ done: - spin_unlock(&uhci->lock); - } - -@@ -662,9 +665,9 @@ static int uhci_start(struct usb_hcd *hcd) - */ - mb(); - -+ spin_lock_irq(&uhci->lock); - configure_hc(uhci); - uhci->is_initialized = 1; -- spin_lock_irq(&uhci->lock); - start_rh(uhci); - spin_unlock_irq(&uhci->lock); - return 0; -diff --git a/drivers/usb/host/xhci-hub.c b/drivers/usb/host/xhci-hub.c -index d5eb357..abb9772 100644 ---- a/drivers/usb/host/xhci-hub.c -+++ b/drivers/usb/host/xhci-hub.c -@@ -762,12 +762,39 @@ int xhci_hub_control(struct usb_hcd *hcd, u16 typeReq, u16 wValue, - break; - case USB_PORT_FEAT_LINK_STATE: - temp = xhci_readl(xhci, port_array[wIndex]); -+ -+ /* Disable port */ -+ if (link_state == USB_SS_PORT_LS_SS_DISABLED) { -+ xhci_dbg(xhci, "Disable port %d\n", wIndex); -+ temp = xhci_port_state_to_neutral(temp); -+ /* -+ * Clear all change bits, so that we get a new -+ * connection event. -+ */ -+ temp |= PORT_CSC | PORT_PEC | PORT_WRC | -+ PORT_OCC | PORT_RC | PORT_PLC | -+ PORT_CEC; -+ xhci_writel(xhci, temp | PORT_PE, -+ port_array[wIndex]); -+ temp = xhci_readl(xhci, port_array[wIndex]); -+ break; -+ } -+ -+ /* Put link in RxDetect (enable port) */ -+ if (link_state == USB_SS_PORT_LS_RX_DETECT) { -+ xhci_dbg(xhci, "Enable port %d\n", wIndex); -+ xhci_set_link_state(xhci, port_array, wIndex, -+ link_state); -+ temp = xhci_readl(xhci, port_array[wIndex]); -+ break; -+ } -+ - /* Software should not attempt to set -- * port link state above '5' (Rx.Detect) and the port -+ * port link state above '3' (U3) and the port - * must be enabled. - */ - if ((temp & PORT_PE) == 0 || -- (link_state > USB_SS_PORT_LS_RX_DETECT)) { -+ (link_state > USB_SS_PORT_LS_U3)) { - xhci_warn(xhci, "Cannot set link state.\n"); - goto error; - } -@@ -938,6 +965,7 @@ int xhci_hub_status_data(struct usb_hcd *hcd, char *buf) - int max_ports; - __le32 __iomem **port_array; - struct xhci_bus_state *bus_state; -+ bool reset_change = false; - - max_ports = xhci_get_ports(hcd, &port_array); - bus_state = &xhci->bus_state[hcd_index(hcd)]; -@@ -969,6 +997,12 @@ int xhci_hub_status_data(struct usb_hcd *hcd, char *buf) - buf[(i + 1) / 8] |= 1 << (i + 1) % 8; - status = 1; - } -+ if ((temp & PORT_RC)) -+ reset_change = true; -+ } -+ if (!status && !reset_change) { -+ xhci_dbg(xhci, "%s: stopping port polling.\n", __func__); -+ clear_bit(HCD_FLAG_POLL_RH, &hcd->flags); - } - spin_unlock_irqrestore(&xhci->lock, flags); - return status ? retval : 0; -diff --git a/drivers/usb/host/xhci-mem.c b/drivers/usb/host/xhci-mem.c -index 487bc08..35616ff 100644 ---- a/drivers/usb/host/xhci-mem.c -+++ b/drivers/usb/host/xhci-mem.c -@@ -205,7 +205,12 @@ static int xhci_alloc_segments_for_ring(struct xhci_hcd *xhci, - - next = xhci_segment_alloc(xhci, cycle_state, flags); - if (!next) { -- xhci_free_segments_for_ring(xhci, *first); -+ prev = *first; -+ while (prev) { -+ next = prev->next; -+ xhci_segment_free(xhci, prev); -+ prev = next; -+ } - return -ENOMEM; - } - xhci_link_segments(xhci, prev, next, type); -@@ -258,7 +263,7 @@ static struct xhci_ring *xhci_ring_alloc(struct xhci_hcd *xhci, - return ring; - - fail: -- xhci_ring_free(xhci, ring); -+ kfree(ring); - return NULL; - } - -@@ -1245,6 +1250,8 @@ static unsigned int xhci_microframes_to_exponent(struct usb_device *udev, - static unsigned int xhci_parse_microframe_interval(struct usb_device *udev, - struct usb_host_endpoint *ep) - { -+ if (ep->desc.bInterval == 0) -+ return 0; - return xhci_microframes_to_exponent(udev, ep, - ep->desc.bInterval, 0, 15); - } -diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c -index 4f1e265..394984f7 100644 ---- a/drivers/usb/host/xhci-ring.c -+++ b/drivers/usb/host/xhci-ring.c -@@ -1698,7 +1698,7 @@ static void handle_port_status(struct xhci_hcd *xhci, - faked_port_index + 1); - if (slot_id && xhci->devs[slot_id]) - xhci_ring_device(xhci, slot_id); -- if (bus_state->port_remote_wakeup && (1 << faked_port_index)) { -+ if (bus_state->port_remote_wakeup & (1 << faked_port_index)) { - bus_state->port_remote_wakeup &= - ~(1 << faked_port_index); - xhci_test_and_clear_bit(xhci, port_array, -@@ -1725,6 +1725,15 @@ cleanup: - if (bogus_port_status) - return; - -+ /* -+ * xHCI port-status-change events occur when the "or" of all the -+ * status-change bits in the portsc register changes from 0 to 1. -+ * New status changes won't cause an event if any other change -+ * bits are still set. When an event occurs, switch over to -+ * polling to avoid losing status changes. -+ */ -+ xhci_dbg(xhci, "%s: starting port polling.\n", __func__); -+ set_bit(HCD_FLAG_POLL_RH, &hcd->flags); - spin_unlock(&xhci->lock); - /* Pass this up to the core */ - usb_hcd_poll_rh_status(hcd); -@@ -2578,6 +2587,8 @@ cleanup: - (trb_comp_code != COMP_STALL && - trb_comp_code != COMP_BABBLE)) - xhci_urb_free_priv(xhci, urb_priv); -+ else -+ kfree(urb_priv); - - usb_hcd_unlink_urb_from_ep(bus_to_hcd(urb->dev->bus), urb); - if ((urb->actual_length != urb->transfer_buffer_length && -@@ -3069,11 +3080,11 @@ static u32 xhci_td_remainder(unsigned int remainder) - } - - /* -- * For xHCI 1.0 host controllers, TD size is the number of packets remaining in -- * the TD (*not* including this TRB). -+ * For xHCI 1.0 host controllers, TD size is the number of max packet sized -+ * packets remaining in the TD (*not* including this TRB). - * - * Total TD packet count = total_packet_count = -- * roundup(TD size in bytes / wMaxPacketSize) -+ * DIV_ROUND_UP(TD size in bytes / wMaxPacketSize) - * - * Packets transferred up to and including this TRB = packets_transferred = - * rounddown(total bytes transferred including this TRB / wMaxPacketSize) -@@ -3081,24 +3092,27 @@ static u32 xhci_td_remainder(unsigned int remainder) - * TD size = total_packet_count - packets_transferred - * - * It must fit in bits 21:17, so it can't be bigger than 31. -+ * The last TRB in a TD must have the TD size set to zero. - */ -- - static u32 xhci_v1_0_td_remainder(int running_total, int trb_buff_len, -- unsigned int total_packet_count, struct urb *urb) -+ unsigned int total_packet_count, struct urb *urb, -+ unsigned int num_trbs_left) - { - int packets_transferred; - - /* One TRB with a zero-length data packet. */ -- if (running_total == 0 && trb_buff_len == 0) -+ if (num_trbs_left == 0 || (running_total == 0 && trb_buff_len == 0)) - return 0; - - /* All the TRB queueing functions don't count the current TRB in - * running_total. - */ - packets_transferred = (running_total + trb_buff_len) / -- usb_endpoint_maxp(&urb->ep->desc); -+ GET_MAX_PACKET(usb_endpoint_maxp(&urb->ep->desc)); - -- return xhci_td_remainder(total_packet_count - packets_transferred); -+ if ((total_packet_count - packets_transferred) > 31) -+ return 31 << 17; -+ return (total_packet_count - packets_transferred) << 17; - } - - static int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags, -@@ -3125,7 +3139,7 @@ static int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags, - - num_trbs = count_sg_trbs_needed(xhci, urb); - num_sgs = urb->num_mapped_sgs; -- total_packet_count = roundup(urb->transfer_buffer_length, -+ total_packet_count = DIV_ROUND_UP(urb->transfer_buffer_length, - usb_endpoint_maxp(&urb->ep->desc)); - - trb_buff_len = prepare_transfer(xhci, xhci->devs[slot_id], -@@ -3208,7 +3222,8 @@ static int queue_bulk_sg_tx(struct xhci_hcd *xhci, gfp_t mem_flags, - running_total); - } else { - remainder = xhci_v1_0_td_remainder(running_total, -- trb_buff_len, total_packet_count, urb); -+ trb_buff_len, total_packet_count, urb, -+ num_trbs - 1); - } - length_field = TRB_LEN(trb_buff_len) | - remainder | -@@ -3316,7 +3331,7 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags, - start_cycle = ep_ring->cycle_state; - - running_total = 0; -- total_packet_count = roundup(urb->transfer_buffer_length, -+ total_packet_count = DIV_ROUND_UP(urb->transfer_buffer_length, - usb_endpoint_maxp(&urb->ep->desc)); - /* How much data is in the first TRB? */ - addr = (u64) urb->transfer_dma; -@@ -3362,7 +3377,8 @@ int xhci_queue_bulk_tx(struct xhci_hcd *xhci, gfp_t mem_flags, - running_total); - } else { - remainder = xhci_v1_0_td_remainder(running_total, -- trb_buff_len, total_packet_count, urb); -+ trb_buff_len, total_packet_count, urb, -+ num_trbs - 1); - } - length_field = TRB_LEN(trb_buff_len) | - remainder | -@@ -3625,8 +3641,9 @@ static int xhci_queue_isoc_tx(struct xhci_hcd *xhci, gfp_t mem_flags, - addr = start_addr + urb->iso_frame_desc[i].offset; - td_len = urb->iso_frame_desc[i].length; - td_remain_len = td_len; -- total_packet_count = roundup(td_len, -- usb_endpoint_maxp(&urb->ep->desc)); -+ total_packet_count = DIV_ROUND_UP(td_len, -+ GET_MAX_PACKET( -+ usb_endpoint_maxp(&urb->ep->desc))); - /* A zero-length transfer still involves at least one packet. */ - if (total_packet_count == 0) - total_packet_count++; -@@ -3648,9 +3665,11 @@ static int xhci_queue_isoc_tx(struct xhci_hcd *xhci, gfp_t mem_flags, - td = urb_priv->td[i]; - for (j = 0; j < trbs_per_td; j++) { - u32 remainder = 0; -- field = TRB_TBC(burst_count) | TRB_TLBPC(residue); -+ field = 0; - - if (first_trb) { -+ field = TRB_TBC(burst_count) | -+ TRB_TLBPC(residue); - /* Queue the isoc TRB */ - field |= TRB_TYPE(TRB_ISOC); - /* Assume URB_ISO_ASAP is set */ -@@ -3704,7 +3723,8 @@ static int xhci_queue_isoc_tx(struct xhci_hcd *xhci, gfp_t mem_flags, - } else { - remainder = xhci_v1_0_td_remainder( - running_total, trb_buff_len, -- total_packet_count, urb); -+ total_packet_count, urb, -+ (trbs_per_td - j - 1)); - } - length_field = TRB_LEN(trb_buff_len) | - remainder | -diff --git a/drivers/usb/host/xhci.c b/drivers/usb/host/xhci.c -index a6e910b..b6586e3 100644 ---- a/drivers/usb/host/xhci.c -+++ b/drivers/usb/host/xhci.c -@@ -480,7 +480,7 @@ static bool compliance_mode_recovery_timer_quirk_check(void) - if (strstr(dmi_product_name, "Z420") || - strstr(dmi_product_name, "Z620") || - strstr(dmi_product_name, "Z820") || -- strstr(dmi_product_name, "Z1")) -+ strstr(dmi_product_name, "Z1 Workstation")) - return true; - - return false; -@@ -880,6 +880,11 @@ int xhci_suspend(struct xhci_hcd *xhci) - struct usb_hcd *hcd = xhci_to_hcd(xhci); - u32 command; - -+ /* Don't poll the roothubs on bus suspend. */ -+ xhci_dbg(xhci, "%s: stopping port polling.\n", __func__); -+ clear_bit(HCD_FLAG_POLL_RH, &hcd->flags); -+ del_timer_sync(&hcd->rh_timer); -+ - spin_lock_irq(&xhci->lock); - clear_bit(HCD_FLAG_HW_ACCESSIBLE, &hcd->flags); - clear_bit(HCD_FLAG_HW_ACCESSIBLE, &xhci->shared_hcd->flags); -@@ -1064,6 +1069,11 @@ int xhci_resume(struct xhci_hcd *xhci, bool hibernated) - if (xhci->quirks & XHCI_COMP_MODE_QUIRK) - compliance_mode_recovery_timer_init(xhci); - -+ /* Re-enable port polling. */ -+ xhci_dbg(xhci, "%s: starting port polling.\n", __func__); -+ set_bit(HCD_FLAG_POLL_RH, &hcd->flags); -+ usb_hcd_poll_rh_status(hcd); -+ - return retval; - } - #endif /* CONFIG_PM */ -@@ -2253,7 +2263,7 @@ static bool xhci_is_async_ep(unsigned int ep_type) - - static bool xhci_is_sync_in_ep(unsigned int ep_type) - { -- return (ep_type == ISOC_IN_EP || ep_type != INT_IN_EP); -+ return (ep_type == ISOC_IN_EP || ep_type == INT_IN_EP); - } - - static unsigned int xhci_get_ss_bw_consumed(struct xhci_bw_info *ep_bw) -diff --git a/drivers/usb/musb/cppi_dma.c b/drivers/usb/musb/cppi_dma.c -index 8637c1f..c5835e8 100644 ---- a/drivers/usb/musb/cppi_dma.c -+++ b/drivers/usb/musb/cppi_dma.c -@@ -1314,6 +1314,7 @@ irqreturn_t cppi_interrupt(int irq, void *dev_id) - - return IRQ_HANDLED; - } -+EXPORT_SYMBOL_GPL(cppi_interrupt); - - /* Instantiate a software object representing a DMA controller. */ - struct dma_controller *__init -diff --git a/drivers/usb/musb/musb_core.c b/drivers/usb/musb/musb_core.c -index 26f1bef..c5630c2 100644 ---- a/drivers/usb/musb/musb_core.c -+++ b/drivers/usb/musb/musb_core.c -@@ -2402,10 +2402,7 @@ static int __init musb_init(void) - if (usb_disabled()) - return 0; - -- pr_info("%s: version " MUSB_VERSION ", " -- "?dma?" -- ", " -- "otg (peripheral+host)", -+ pr_info("%s: version " MUSB_VERSION ", ?dma?, otg (peripheral+host)\n", - musb_driver_name); - return platform_driver_register(&musb_driver); - } -diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c -index 360bdeb..1f939cb 100644 ---- a/drivers/usb/serial/ftdi_sio.c -+++ b/drivers/usb/serial/ftdi_sio.c -@@ -590,6 +590,7 @@ static struct usb_device_id id_table_combined [] = { - /* - * ELV devices: - */ -+ { USB_DEVICE(FTDI_ELV_VID, FTDI_ELV_WS300_PID) }, - { USB_DEVICE(FTDI_VID, FTDI_ELV_USR_PID) }, - { USB_DEVICE(FTDI_VID, FTDI_ELV_MSM1_PID) }, - { USB_DEVICE(FTDI_VID, FTDI_ELV_KL100_PID) }, -@@ -676,6 +677,7 @@ static struct usb_device_id id_table_combined [] = { - { USB_DEVICE(FTDI_VID, XSENS_CONVERTER_5_PID) }, - { USB_DEVICE(FTDI_VID, XSENS_CONVERTER_6_PID) }, - { USB_DEVICE(FTDI_VID, XSENS_CONVERTER_7_PID) }, -+ { USB_DEVICE(FTDI_VID, FTDI_OMNI1509) }, - { USB_DEVICE(MOBILITY_VID, MOBILITY_USB_SERIAL_PID) }, - { USB_DEVICE(FTDI_VID, FTDI_ACTIVE_ROBOTS_PID) }, - { USB_DEVICE(FTDI_VID, FTDI_MHAM_KW_PID) }, -@@ -881,6 +883,8 @@ static struct usb_device_id id_table_combined [] = { - { USB_DEVICE(FTDI_VID, FTDI_DISTORTEC_JTAG_LOCK_PICK_PID), - .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk }, - { USB_DEVICE(FTDI_VID, FTDI_LUMEL_PD12_PID) }, -+ /* Crucible Devices */ -+ { USB_DEVICE(FTDI_VID, FTDI_CT_COMET_PID) }, - { }, /* Optional parameter entry */ - { } /* Terminating entry */ - }; -@@ -1886,24 +1890,22 @@ static void ftdi_dtr_rts(struct usb_serial_port *port, int on) - { - struct ftdi_private *priv = usb_get_serial_port_data(port); - -- mutex_lock(&port->serial->disc_mutex); -- if (!port->serial->disconnected) { -- /* Disable flow control */ -- if (!on && usb_control_msg(port->serial->dev, -+ /* Disable flow control */ -+ if (!on) { -+ if (usb_control_msg(port->serial->dev, - usb_sndctrlpipe(port->serial->dev, 0), - FTDI_SIO_SET_FLOW_CTRL_REQUEST, - FTDI_SIO_SET_FLOW_CTRL_REQUEST_TYPE, - 0, priv->interface, NULL, 0, - WDR_TIMEOUT) < 0) { -- dev_err(&port->dev, "error from flowcontrol urb\n"); -+ dev_err(&port->dev, "error from flowcontrol urb\n"); - } -- /* drop RTS and DTR */ -- if (on) -- set_mctrl(port, TIOCM_DTR | TIOCM_RTS); -- else -- clear_mctrl(port, TIOCM_DTR | TIOCM_RTS); - } -- mutex_unlock(&port->serial->disc_mutex); -+ /* drop RTS and DTR */ -+ if (on) -+ set_mctrl(port, TIOCM_DTR | TIOCM_RTS); -+ else -+ clear_mctrl(port, TIOCM_DTR | TIOCM_RTS); - } - - /* -diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h -index 049b6e7..9d359e1 100644 ---- a/drivers/usb/serial/ftdi_sio_ids.h -+++ b/drivers/usb/serial/ftdi_sio_ids.h -@@ -147,6 +147,11 @@ - #define XSENS_CONVERTER_6_PID 0xD38E - #define XSENS_CONVERTER_7_PID 0xD38F - -+/** -+ * Zolix (www.zolix.com.cb) product ids -+ */ -+#define FTDI_OMNI1509 0xD491 /* Omni1509 embedded USB-serial */ -+ - /* - * NDI (www.ndigital.com) product ids - */ -@@ -204,7 +209,7 @@ - - /* - * ELV USB devices submitted by Christian Abt of ELV (www.elv.de). -- * All of these devices use FTDI's vendor ID (0x0403). -+ * Almost all of these devices use FTDI's vendor ID (0x0403). - * Further IDs taken from ELV Windows .inf file. - * - * The previously included PID for the UO 100 module was incorrect. -@@ -212,6 +217,8 @@ - * - * Armin Laeuger originally sent the PID for the UM 100 module. - */ -+#define FTDI_ELV_VID 0x1B1F /* ELV AG */ -+#define FTDI_ELV_WS300_PID 0xC006 /* eQ3 WS 300 PC II */ - #define FTDI_ELV_USR_PID 0xE000 /* ELV Universal-Sound-Recorder */ - #define FTDI_ELV_MSM1_PID 0xE001 /* ELV Mini-Sound-Modul */ - #define FTDI_ELV_KL100_PID 0xE002 /* ELV Kfz-Leistungsmesser KL 100 */ -@@ -1259,3 +1266,9 @@ - * ATI command output: Cinterion MC55i - */ - #define FTDI_CINTERION_MC55I_PID 0xA951 -+ -+/* -+ * Product: Comet Caller ID decoder -+ * Manufacturer: Crucible Technologies -+ */ -+#define FTDI_CT_COMET_PID 0x8e08 -diff --git a/drivers/usb/serial/mct_u232.c b/drivers/usb/serial/mct_u232.c -index c088250..7e4ef87 100644 ---- a/drivers/usb/serial/mct_u232.c -+++ b/drivers/usb/serial/mct_u232.c -@@ -507,19 +507,15 @@ static void mct_u232_dtr_rts(struct usb_serial_port *port, int on) - unsigned int control_state; - struct mct_u232_private *priv = usb_get_serial_port_data(port); - -- mutex_lock(&port->serial->disc_mutex); -- if (!port->serial->disconnected) { -- /* drop DTR and RTS */ -- spin_lock_irq(&priv->lock); -- if (on) -- priv->control_state |= TIOCM_DTR | TIOCM_RTS; -- else -- priv->control_state &= ~(TIOCM_DTR | TIOCM_RTS); -- control_state = priv->control_state; -- spin_unlock_irq(&priv->lock); -- mct_u232_set_modem_ctrl(port->serial, control_state); -- } -- mutex_unlock(&port->serial->disc_mutex); -+ spin_lock_irq(&priv->lock); -+ if (on) -+ priv->control_state |= TIOCM_DTR | TIOCM_RTS; -+ else -+ priv->control_state &= ~(TIOCM_DTR | TIOCM_RTS); -+ control_state = priv->control_state; -+ spin_unlock_irq(&priv->lock); -+ -+ mct_u232_set_modem_ctrl(port, control_state); - } - - static void mct_u232_close(struct usb_serial_port *port) -diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c -index 56fed62..b8f2e3b 100644 ---- a/drivers/usb/serial/option.c -+++ b/drivers/usb/serial/option.c -@@ -243,6 +243,7 @@ static void option_instat_callback(struct urb *urb); - #define TELIT_PRODUCT_CC864_DUAL 0x1005 - #define TELIT_PRODUCT_CC864_SINGLE 0x1006 - #define TELIT_PRODUCT_DE910_DUAL 0x1010 -+#define TELIT_PRODUCT_LE920 0x1200 - - /* ZTE PRODUCTS */ - #define ZTE_VENDOR_ID 0x19d2 -@@ -289,6 +290,7 @@ static void option_instat_callback(struct urb *urb); - #define ALCATEL_VENDOR_ID 0x1bbb - #define ALCATEL_PRODUCT_X060S_X200 0x0000 - #define ALCATEL_PRODUCT_X220_X500D 0x0017 -+#define ALCATEL_PRODUCT_L100V 0x011e - - #define PIRELLI_VENDOR_ID 0x1266 - #define PIRELLI_PRODUCT_C100_1 0x1002 -@@ -430,9 +432,12 @@ static void option_instat_callback(struct urb *urb); - #define MEDIATEK_VENDOR_ID 0x0e8d - #define MEDIATEK_PRODUCT_DC_1COM 0x00a0 - #define MEDIATEK_PRODUCT_DC_4COM 0x00a5 -+#define MEDIATEK_PRODUCT_DC_4COM2 0x00a7 - #define MEDIATEK_PRODUCT_DC_5COM 0x00a4 - #define MEDIATEK_PRODUCT_7208_1COM 0x7101 - #define MEDIATEK_PRODUCT_7208_2COM 0x7102 -+#define MEDIATEK_PRODUCT_7103_2COM 0x7103 -+#define MEDIATEK_PRODUCT_7106_2COM 0x7106 - #define MEDIATEK_PRODUCT_FP_1COM 0x0003 - #define MEDIATEK_PRODUCT_FP_2COM 0x0023 - #define MEDIATEK_PRODUCT_FPDC_1COM 0x0043 -@@ -442,6 +447,18 @@ static void option_instat_callback(struct urb *urb); - #define CELLIENT_VENDOR_ID 0x2692 - #define CELLIENT_PRODUCT_MEN200 0x9005 - -+/* Hyundai Petatel Inc. products */ -+#define PETATEL_VENDOR_ID 0x1ff4 -+#define PETATEL_PRODUCT_NP10T 0x600e -+ -+/* TP-LINK Incorporated products */ -+#define TPLINK_VENDOR_ID 0x2357 -+#define TPLINK_PRODUCT_MA180 0x0201 -+ -+/* Changhong products */ -+#define CHANGHONG_VENDOR_ID 0x2077 -+#define CHANGHONG_PRODUCT_CH690 0x7001 -+ - /* some devices interfaces need special handling due to a number of reasons */ - enum option_blacklist_reason { - OPTION_BLACKLIST_NONE = 0, -@@ -463,6 +480,7 @@ static const struct option_blacklist_info four_g_w14_blacklist = { - - static const struct option_blacklist_info alcatel_x200_blacklist = { - .sendsetup = BIT(0) | BIT(1), -+ .reserved = BIT(4), - }; - - static const struct option_blacklist_info zte_0037_blacklist = { -@@ -523,6 +541,11 @@ static const struct option_blacklist_info zte_1255_blacklist = { - .reserved = BIT(3) | BIT(4), - }; - -+static const struct option_blacklist_info telit_le920_blacklist = { -+ .sendsetup = BIT(0), -+ .reserved = BIT(1) | BIT(5), -+}; -+ - static const struct usb_device_id option_ids[] = { - { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_COLT) }, - { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_RICOLA) }, -@@ -554,8 +577,14 @@ static const struct usb_device_id option_ids[] = { - { USB_DEVICE(QUANTA_VENDOR_ID, QUANTA_PRODUCT_GLX) }, - { USB_DEVICE(QUANTA_VENDOR_ID, QUANTA_PRODUCT_GKE) }, - { USB_DEVICE(QUANTA_VENDOR_ID, QUANTA_PRODUCT_GLE) }, -+ { USB_DEVICE(QUANTA_VENDOR_ID, 0xea42), -+ .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, -+ { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0x1c05, USB_CLASS_COMM, 0x02, 0xff) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0x1c23, USB_CLASS_COMM, 0x02, 0xff) }, - { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_E173, 0xff, 0xff, 0xff), - .driver_info = (kernel_ulong_t) &net_intf1_blacklist }, -+ { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0x1441, USB_CLASS_COMM, 0x02, 0xff) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, 0x1442, USB_CLASS_COMM, 0x02, 0xff) }, - { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_K4505, 0xff, 0xff, 0xff), - .driver_info = (kernel_ulong_t) &huawei_cdc12_blacklist }, - { USB_DEVICE_AND_INTERFACE_INFO(HUAWEI_VENDOR_ID, HUAWEI_PRODUCT_K3765, 0xff, 0xff, 0xff), -@@ -773,6 +802,8 @@ static const struct usb_device_id option_ids[] = { - { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_CC864_DUAL) }, - { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_CC864_SINGLE) }, - { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_DE910_DUAL) }, -+ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE920), -+ .driver_info = (kernel_ulong_t)&telit_le920_blacklist }, - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, ZTE_PRODUCT_MF622, 0xff, 0xff, 0xff) }, /* ZTE WCDMA products */ - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0002, 0xff, 0xff, 0xff), - .driver_info = (kernel_ulong_t)&net_intf1_blacklist }, -@@ -923,8 +954,10 @@ static const struct usb_device_id option_ids[] = { - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0254, 0xff, 0xff, 0xff) }, - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0257, 0xff, 0xff, 0xff), /* ZTE MF821 */ - .driver_info = (kernel_ulong_t)&net_intf3_blacklist }, -- { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0265, 0xff, 0xff, 0xff) }, -- { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0284, 0xff, 0xff, 0xff) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0265, 0xff, 0xff, 0xff), /* ONDA MT8205 */ -+ .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, -+ { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0284, 0xff, 0xff, 0xff), /* ZTE MF880 */ -+ .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0317, 0xff, 0xff, 0xff) }, - { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0326, 0xff, 0xff, 0xff), - .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, -@@ -1190,7 +1223,16 @@ static const struct usb_device_id option_ids[] = { - { USB_DEVICE(ALCATEL_VENDOR_ID, ALCATEL_PRODUCT_X060S_X200), - .driver_info = (kernel_ulong_t)&alcatel_x200_blacklist - }, -- { USB_DEVICE(ALCATEL_VENDOR_ID, ALCATEL_PRODUCT_X220_X500D) }, -+ { USB_DEVICE(ALCATEL_VENDOR_ID, ALCATEL_PRODUCT_X220_X500D), -+ .driver_info = (kernel_ulong_t)&net_intf6_blacklist }, -+ { USB_DEVICE(ALCATEL_VENDOR_ID, 0x0052), -+ .driver_info = (kernel_ulong_t)&net_intf6_blacklist }, -+ { USB_DEVICE(ALCATEL_VENDOR_ID, 0x00b6), -+ .driver_info = (kernel_ulong_t)&net_intf3_blacklist }, -+ { USB_DEVICE(ALCATEL_VENDOR_ID, 0x00b7), -+ .driver_info = (kernel_ulong_t)&net_intf5_blacklist }, -+ { USB_DEVICE(ALCATEL_VENDOR_ID, ALCATEL_PRODUCT_L100V), -+ .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, - { USB_DEVICE(AIRPLUS_VENDOR_ID, AIRPLUS_PRODUCT_MCD650) }, - { USB_DEVICE(TLAYTECH_VENDOR_ID, TLAYTECH_PRODUCT_TEU800) }, - { USB_DEVICE(LONGCHEER_VENDOR_ID, FOUR_G_SYSTEMS_PRODUCT_W14), -@@ -1295,7 +1337,15 @@ static const struct usb_device_id option_ids[] = { - { USB_DEVICE_AND_INTERFACE_INFO(MEDIATEK_VENDOR_ID, MEDIATEK_PRODUCT_FP_2COM, 0x0a, 0x00, 0x00) }, - { USB_DEVICE_AND_INTERFACE_INFO(MEDIATEK_VENDOR_ID, MEDIATEK_PRODUCT_FPDC_1COM, 0x0a, 0x00, 0x00) }, - { USB_DEVICE_AND_INTERFACE_INFO(MEDIATEK_VENDOR_ID, MEDIATEK_PRODUCT_FPDC_2COM, 0x0a, 0x00, 0x00) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(MEDIATEK_VENDOR_ID, MEDIATEK_PRODUCT_7103_2COM, 0xff, 0x00, 0x00) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(MEDIATEK_VENDOR_ID, MEDIATEK_PRODUCT_7106_2COM, 0x02, 0x02, 0x01) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(MEDIATEK_VENDOR_ID, MEDIATEK_PRODUCT_DC_4COM2, 0xff, 0x02, 0x01) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(MEDIATEK_VENDOR_ID, MEDIATEK_PRODUCT_DC_4COM2, 0xff, 0x00, 0x00) }, - { USB_DEVICE(CELLIENT_VENDOR_ID, CELLIENT_PRODUCT_MEN200) }, -+ { USB_DEVICE(PETATEL_VENDOR_ID, PETATEL_PRODUCT_NP10T) }, -+ { USB_DEVICE(TPLINK_VENDOR_ID, TPLINK_PRODUCT_MA180), -+ .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, -+ { USB_DEVICE(CHANGHONG_VENDOR_ID, CHANGHONG_PRODUCT_CH690) }, - { } /* Terminating entry */ - }; - MODULE_DEVICE_TABLE(usb, option_ids); -diff --git a/drivers/usb/serial/qcserial.c b/drivers/usb/serial/qcserial.c -index 93232ca..071b529 100644 ---- a/drivers/usb/serial/qcserial.c -+++ b/drivers/usb/serial/qcserial.c -@@ -55,6 +55,7 @@ static const struct usb_device_id id_table[] = { - {DEVICE_G1K(0x05c6, 0x9221)}, /* Generic Gobi QDL device */ - {DEVICE_G1K(0x05c6, 0x9231)}, /* Generic Gobi QDL device */ - {DEVICE_G1K(0x1f45, 0x0001)}, /* Unknown Gobi QDL device */ -+ {DEVICE_G1K(0x1bc7, 0x900e)}, /* Telit Gobi QDL device */ - - /* Gobi 2000 devices */ - {USB_DEVICE(0x1410, 0xa010)}, /* Novatel Gobi 2000 QDL device */ -diff --git a/drivers/usb/serial/quatech2.c b/drivers/usb/serial/quatech2.c -index ea69301..cf50c43 100644 ---- a/drivers/usb/serial/quatech2.c -+++ b/drivers/usb/serial/quatech2.c -@@ -949,19 +949,17 @@ static void qt2_dtr_rts(struct usb_serial_port *port, int on) - struct usb_device *dev = port->serial->dev; - struct qt2_port_private *port_priv = usb_get_serial_port_data(port); - -- mutex_lock(&port->serial->disc_mutex); -- if (!port->serial->disconnected) { -- /* Disable flow control */ -- if (!on && qt2_setregister(dev, port_priv->device_port, -+ /* Disable flow control */ -+ if (!on) { -+ if (qt2_setregister(dev, port_priv->device_port, - UART_MCR, 0) < 0) - dev_warn(&port->dev, "error from flowcontrol urb\n"); -- /* drop RTS and DTR */ -- if (on) -- update_mctrl(port_priv, TIOCM_DTR | TIOCM_RTS, 0); -- else -- update_mctrl(port_priv, 0, TIOCM_DTR | TIOCM_RTS); - } -- mutex_unlock(&port->serial->disc_mutex); -+ /* drop RTS and DTR */ -+ if (on) -+ update_mctrl(port_priv, TIOCM_DTR | TIOCM_RTS, 0); -+ else -+ update_mctrl(port_priv, 0, TIOCM_DTR | TIOCM_RTS); - } - - static void qt2_update_msr(struct usb_serial_port *port, unsigned char *ch) -diff --git a/drivers/usb/serial/sierra.c b/drivers/usb/serial/sierra.c -index cf6d149..7d43f69 100644 ---- a/drivers/usb/serial/sierra.c -+++ b/drivers/usb/serial/sierra.c -@@ -863,19 +863,13 @@ static int sierra_open(struct tty_struct *tty, struct usb_serial_port *port) - - static void sierra_dtr_rts(struct usb_serial_port *port, int on) - { -- struct usb_serial *serial = port->serial; - struct sierra_port_private *portdata; - - portdata = usb_get_serial_port_data(port); - portdata->rts_state = on; - portdata->dtr_state = on; - -- if (serial->dev) { -- mutex_lock(&serial->disc_mutex); -- if (!serial->disconnected) -- sierra_send_setup(port); -- mutex_unlock(&serial->disc_mutex); -- } -+ sierra_send_setup(port); - } - - static int sierra_startup(struct usb_serial *serial) -diff --git a/drivers/usb/serial/ssu100.c b/drivers/usb/serial/ssu100.c -index fe3a8a0..9a13ea2 100644 ---- a/drivers/usb/serial/ssu100.c -+++ b/drivers/usb/serial/ssu100.c -@@ -510,19 +510,16 @@ static void ssu100_dtr_rts(struct usb_serial_port *port, int on) - { - struct usb_device *dev = port->serial->dev; - -- mutex_lock(&port->serial->disc_mutex); -- if (!port->serial->disconnected) { -- /* Disable flow control */ -- if (!on && -- ssu100_setregister(dev, 0, UART_MCR, 0) < 0) -+ /* Disable flow control */ -+ if (!on) { -+ if (ssu100_setregister(dev, 0, UART_MCR, 0) < 0) - dev_err(&port->dev, "error from flowcontrol urb\n"); -- /* drop RTS and DTR */ -- if (on) -- set_mctrl(dev, TIOCM_DTR | TIOCM_RTS); -- else -- clear_mctrl(dev, TIOCM_DTR | TIOCM_RTS); - } -- mutex_unlock(&port->serial->disc_mutex); -+ /* drop RTS and DTR */ -+ if (on) -+ set_mctrl(dev, TIOCM_DTR | TIOCM_RTS); -+ else -+ clear_mctrl(dev, TIOCM_DTR | TIOCM_RTS); - } - - static void ssu100_update_msr(struct usb_serial_port *port, u8 msr) -diff --git a/drivers/usb/serial/usb-serial.c b/drivers/usb/serial/usb-serial.c -index 667c39c..771adbd 100644 ---- a/drivers/usb/serial/usb-serial.c -+++ b/drivers/usb/serial/usb-serial.c -@@ -688,10 +688,20 @@ static int serial_carrier_raised(struct tty_port *port) - static void serial_dtr_rts(struct tty_port *port, int on) - { - struct usb_serial_port *p = container_of(port, struct usb_serial_port, port); -- struct usb_serial_driver *drv = p->serial->type; -+ struct usb_serial *serial = p->serial; -+ struct usb_serial_driver *drv = serial->type; - -- if (drv->dtr_rts) -+ if (!drv->dtr_rts) -+ return; -+ /* -+ * Work-around bug in the tty-layer which can result in dtr_rts -+ * being called after a disconnect (and tty_unregister_device -+ * has returned). Remove once bug has been squashed. -+ */ -+ mutex_lock(&serial->disc_mutex); -+ if (!serial->disconnected) - drv->dtr_rts(p, on); -+ mutex_unlock(&serial->disc_mutex); - } - - static const struct tty_port_operations serial_port_ops = { -diff --git a/drivers/usb/serial/usb_wwan.c b/drivers/usb/serial/usb_wwan.c -index 188b5b3..e9031a4 100644 ---- a/drivers/usb/serial/usb_wwan.c -+++ b/drivers/usb/serial/usb_wwan.c -@@ -41,7 +41,6 @@ static bool debug; - - void usb_wwan_dtr_rts(struct usb_serial_port *port, int on) - { -- struct usb_serial *serial = port->serial; - struct usb_wwan_port_private *portdata; - struct usb_wwan_intf_private *intfdata; - -@@ -51,12 +50,11 @@ void usb_wwan_dtr_rts(struct usb_serial_port *port, int on) - return; - - portdata = usb_get_serial_port_data(port); -- mutex_lock(&serial->disc_mutex); -+ /* FIXME: locking */ - portdata->rts_state = on; - portdata->dtr_state = on; -- if (serial->dev) -- intfdata->send_setup(port); -- mutex_unlock(&serial->disc_mutex); -+ -+ intfdata->send_setup(port); - } - EXPORT_SYMBOL(usb_wwan_dtr_rts); - -diff --git a/drivers/usb/storage/initializers.c b/drivers/usb/storage/initializers.c -index 105d900..7ab9046 100644 ---- a/drivers/usb/storage/initializers.c -+++ b/drivers/usb/storage/initializers.c -@@ -92,8 +92,8 @@ int usb_stor_ucr61s2b_init(struct us_data *us) - return 0; - } - --/* This places the HUAWEI E220 devices in multi-port mode */ --int usb_stor_huawei_e220_init(struct us_data *us) -+/* This places the HUAWEI usb dongles in multi-port mode */ -+static int usb_stor_huawei_feature_init(struct us_data *us) - { - int result; - -@@ -104,3 +104,75 @@ int usb_stor_huawei_e220_init(struct us_data *us) - US_DEBUGP("Huawei mode set result is %d\n", result); - return 0; - } -+ -+/* -+ * It will send a scsi switch command called rewind' to huawei dongle. -+ * When the dongle receives this command at the first time, -+ * it will reboot immediately. After rebooted, it will ignore this command. -+ * So it is unnecessary to read its response. -+ */ -+static int usb_stor_huawei_scsi_init(struct us_data *us) -+{ -+ int result = 0; -+ int act_len = 0; -+ struct bulk_cb_wrap *bcbw = (struct bulk_cb_wrap *) us->iobuf; -+ char rewind_cmd[] = {0x11, 0x06, 0x20, 0x00, 0x00, 0x01, 0x01, 0x00, -+ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; -+ -+ bcbw->Signature = cpu_to_le32(US_BULK_CB_SIGN); -+ bcbw->Tag = 0; -+ bcbw->DataTransferLength = 0; -+ bcbw->Flags = bcbw->Lun = 0; -+ bcbw->Length = sizeof(rewind_cmd); -+ memset(bcbw->CDB, 0, sizeof(bcbw->CDB)); -+ memcpy(bcbw->CDB, rewind_cmd, sizeof(rewind_cmd)); -+ -+ result = usb_stor_bulk_transfer_buf(us, us->send_bulk_pipe, bcbw, -+ US_BULK_CB_WRAP_LEN, &act_len); -+ US_DEBUGP("transfer actual length=%d, result=%d\n", act_len, result); -+ return result; -+} -+ -+/* -+ * It tries to find the supported Huawei USB dongles. -+ * In Huawei, they assign the following product IDs -+ * for all of their mobile broadband dongles, -+ * including the new dongles in the future. -+ * So if the product ID is not included in this list, -+ * it means it is not Huawei's mobile broadband dongles. -+ */ -+static int usb_stor_huawei_dongles_pid(struct us_data *us) -+{ -+ struct usb_interface_descriptor *idesc; -+ int idProduct; -+ -+ idesc = &us->pusb_intf->cur_altsetting->desc; -+ idProduct = le16_to_cpu(us->pusb_dev->descriptor.idProduct); -+ /* The first port is CDROM, -+ * means the dongle in the single port mode, -+ * and a switch command is required to be sent. */ -+ if (idesc && idesc->bInterfaceNumber == 0) { -+ if ((idProduct == 0x1001) -+ || (idProduct == 0x1003) -+ || (idProduct == 0x1004) -+ || (idProduct >= 0x1401 && idProduct <= 0x1500) -+ || (idProduct >= 0x1505 && idProduct <= 0x1600) -+ || (idProduct >= 0x1c02 && idProduct <= 0x2202)) { -+ return 1; -+ } -+ } -+ return 0; -+} -+ -+int usb_stor_huawei_init(struct us_data *us) -+{ -+ int result = 0; -+ -+ if (usb_stor_huawei_dongles_pid(us)) { -+ if (le16_to_cpu(us->pusb_dev->descriptor.idProduct) >= 0x1446) -+ result = usb_stor_huawei_scsi_init(us); -+ else -+ result = usb_stor_huawei_feature_init(us); -+ } -+ return result; -+} -diff --git a/drivers/usb/storage/initializers.h b/drivers/usb/storage/initializers.h -index 529327f..5376d4f 100644 ---- a/drivers/usb/storage/initializers.h -+++ b/drivers/usb/storage/initializers.h -@@ -46,5 +46,5 @@ int usb_stor_euscsi_init(struct us_data *us); - * flash reader */ - int usb_stor_ucr61s2b_init(struct us_data *us); - --/* This places the HUAWEI E220 devices in multi-port mode */ --int usb_stor_huawei_e220_init(struct us_data *us); -+/* This places the HUAWEI usb dongles in multi-port mode */ -+int usb_stor_huawei_init(struct us_data *us); -diff --git a/drivers/usb/storage/unusual_cypress.h b/drivers/usb/storage/unusual_cypress.h -index 2c85530..65a6a75 100644 ---- a/drivers/usb/storage/unusual_cypress.h -+++ b/drivers/usb/storage/unusual_cypress.h -@@ -31,7 +31,7 @@ UNUSUAL_DEV( 0x04b4, 0x6831, 0x0000, 0x9999, - "Cypress ISD-300LP", - USB_SC_CYP_ATACB, USB_PR_DEVICE, NULL, 0), - --UNUSUAL_DEV( 0x14cd, 0x6116, 0x0000, 0x9999, -+UNUSUAL_DEV( 0x14cd, 0x6116, 0x0000, 0x0219, - "Super Top", - "USB 2.0 SATA BRIDGE", - USB_SC_CYP_ATACB, USB_PR_DEVICE, NULL, 0), -diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h -index 8f98c9a..3be55cf 100644 ---- a/drivers/usb/storage/unusual_devs.h -+++ b/drivers/usb/storage/unusual_devs.h -@@ -1527,335 +1527,10 @@ UNUSUAL_DEV( 0x1210, 0x0003, 0x0100, 0x0100, - /* Reported by fangxiaozhi <huananhu@huawei.com> - * This brings the HUAWEI data card devices into multi-port mode - */ --UNUSUAL_DEV( 0x12d1, 0x1001, 0x0000, 0x0000, -+UNUSUAL_VENDOR_INTF(0x12d1, 0x08, 0x06, 0x50, - "HUAWEI MOBILE", - "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1003, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1004, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1401, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1402, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1403, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1404, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1405, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1406, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1407, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1408, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1409, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x140A, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x140B, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x140C, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x140D, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x140E, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x140F, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1410, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1411, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1412, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1413, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1414, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1415, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1416, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1417, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1418, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1419, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x141A, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x141B, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x141C, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x141D, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x141E, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x141F, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1420, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1421, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1422, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1423, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1424, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1425, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1426, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1427, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1428, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1429, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x142A, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x142B, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x142C, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x142D, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x142E, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x142F, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1430, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1431, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1432, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1433, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1434, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1435, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1436, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1437, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1438, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x1439, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x143A, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x143B, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x143C, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x143D, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x143E, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -- 0), --UNUSUAL_DEV( 0x12d1, 0x143F, 0x0000, 0x0000, -- "HUAWEI MOBILE", -- "Mass Storage", -- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, -+ USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_init, - 0), - - /* Reported by Vilius Bilinkevicius <vilisas AT xxx DOT lt) */ -diff --git a/drivers/usb/storage/usb.c b/drivers/usb/storage/usb.c -index d012fe4..c34373e 100644 ---- a/drivers/usb/storage/usb.c -+++ b/drivers/usb/storage/usb.c -@@ -120,6 +120,17 @@ MODULE_PARM_DESC(quirks, "supplemental list of device IDs and their quirks"); - .useTransport = use_transport, \ - } - -+#define UNUSUAL_VENDOR_INTF(idVendor, cl, sc, pr, \ -+ vendor_name, product_name, use_protocol, use_transport, \ -+ init_function, Flags) \ -+{ \ -+ .vendorName = vendor_name, \ -+ .productName = product_name, \ -+ .useProtocol = use_protocol, \ -+ .useTransport = use_transport, \ -+ .initFunction = init_function, \ -+} -+ - static struct us_unusual_dev us_unusual_dev_list[] = { - # include "unusual_devs.h" - { } /* Terminating entry */ -@@ -131,6 +142,7 @@ static struct us_unusual_dev for_dynamic_ids = - #undef UNUSUAL_DEV - #undef COMPLIANT_DEV - #undef USUAL_DEV -+#undef UNUSUAL_VENDOR_INTF - - #ifdef CONFIG_LOCKDEP - -diff --git a/drivers/usb/storage/usual-tables.c b/drivers/usb/storage/usual-tables.c -index b969279..a9b5f2e 100644 ---- a/drivers/usb/storage/usual-tables.c -+++ b/drivers/usb/storage/usual-tables.c -@@ -46,6 +46,20 @@ - { USB_INTERFACE_INFO(USB_CLASS_MASS_STORAGE, useProto, useTrans), \ - .driver_info = ((useType)<<24) } - -+/* Define the device is matched with Vendor ID and interface descriptors */ -+#define UNUSUAL_VENDOR_INTF(id_vendor, cl, sc, pr, \ -+ vendorName, productName, useProtocol, useTransport, \ -+ initFunction, flags) \ -+{ \ -+ .match_flags = USB_DEVICE_ID_MATCH_INT_INFO \ -+ | USB_DEVICE_ID_MATCH_VENDOR, \ -+ .idVendor = (id_vendor), \ -+ .bInterfaceClass = (cl), \ -+ .bInterfaceSubClass = (sc), \ -+ .bInterfaceProtocol = (pr), \ -+ .driver_info = (flags) \ -+} -+ - struct usb_device_id usb_storage_usb_ids[] = { - # include "unusual_devs.h" - { } /* Terminating entry */ -@@ -57,6 +71,7 @@ MODULE_DEVICE_TABLE(usb, usb_storage_usb_ids); - #undef UNUSUAL_DEV - #undef COMPLIANT_DEV - #undef USUAL_DEV -+#undef UNUSUAL_VENDOR_INTF - - - /* -diff --git a/drivers/vhost/vhost.c b/drivers/vhost/vhost.c -index ef82a0d..fd38945 100644 ---- a/drivers/vhost/vhost.c -+++ b/drivers/vhost/vhost.c -@@ -1076,7 +1076,7 @@ static int translate_desc(struct vhost_dev *dev, u64 addr, u32 len, - } - _iov = iov + ret; - size = reg->memory_size - addr + reg->guest_phys_addr; -- _iov->iov_len = min((u64)len, size); -+ _iov->iov_len = min((u64)len - s, size); - _iov->iov_base = (void __user *)(unsigned long) - (reg->userspace_addr + addr - reg->guest_phys_addr); - s += size; -diff --git a/drivers/video/backlight/adp8860_bl.c b/drivers/video/backlight/adp8860_bl.c -index 77d1fdb..716daaa 100644 ---- a/drivers/video/backlight/adp8860_bl.c -+++ b/drivers/video/backlight/adp8860_bl.c -@@ -783,7 +783,7 @@ static int adp8860_i2c_suspend(struct i2c_client *client, pm_message_t message) - - static int adp8860_i2c_resume(struct i2c_client *client) - { -- adp8860_set_bits(client, ADP8860_MDCR, NSTBY); -+ adp8860_set_bits(client, ADP8860_MDCR, NSTBY | BLEN); - - return 0; - } -diff --git a/drivers/video/backlight/adp8870_bl.c b/drivers/video/backlight/adp8870_bl.c -index edf7f91..f58a189 100644 ---- a/drivers/video/backlight/adp8870_bl.c -+++ b/drivers/video/backlight/adp8870_bl.c -@@ -957,7 +957,7 @@ static int adp8870_i2c_suspend(struct i2c_client *client, pm_message_t message) - - static int adp8870_i2c_resume(struct i2c_client *client) - { -- adp8870_set_bits(client, ADP8870_MDCR, NSTBY); -+ adp8870_set_bits(client, ADP8870_MDCR, NSTBY | BLEN); - - return 0; - } -diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c -index fdefa8f..0d4c192 100644 ---- a/drivers/video/console/fbcon.c -+++ b/drivers/video/console/fbcon.c -@@ -529,6 +529,33 @@ static int search_for_mapped_con(void) - return retval; - } - -+static int do_fbcon_takeover(int show_logo) -+{ -+ int err, i; -+ -+ if (!num_registered_fb) -+ return -ENODEV; -+ -+ if (!show_logo) -+ logo_shown = FBCON_LOGO_DONTSHOW; -+ -+ for (i = first_fb_vc; i <= last_fb_vc; i++) -+ con2fb_map[i] = info_idx; -+ -+ err = do_take_over_console(&fb_con, first_fb_vc, last_fb_vc, -+ fbcon_is_default); -+ -+ if (err) { -+ for (i = first_fb_vc; i <= last_fb_vc; i++) -+ con2fb_map[i] = -1; -+ info_idx = -1; -+ } else { -+ fbcon_has_console_bind = 1; -+ } -+ -+ return err; -+} -+ - static int fbcon_takeover(int show_logo) - { - int err, i; -@@ -990,7 +1017,7 @@ static const char *fbcon_startup(void) - } - - /* Setup default font */ -- if (!p->fontdata) { -+ if (!p->fontdata && !vc->vc_font.data) { - if (!fontname[0] || !(font = find_font(fontname))) - font = get_default_font(info->var.xres, - info->var.yres, -@@ -1000,6 +1027,8 @@ static const char *fbcon_startup(void) - vc->vc_font.height = font->height; - vc->vc_font.data = (void *)(p->fontdata = font->data); - vc->vc_font.charcount = 256; /* FIXME Need to support more fonts */ -+ } else { -+ p->fontdata = vc->vc_font.data; - } - - cols = FBCON_SWAP(ops->rotate, info->var.xres, info->var.yres); -@@ -1159,9 +1188,9 @@ static void fbcon_init(struct vc_data *vc, int init) - ops->p = &fb_display[fg_console]; - } - --static void fbcon_free_font(struct display *p) -+static void fbcon_free_font(struct display *p, bool freefont) - { -- if (p->userfont && p->fontdata && (--REFCOUNT(p->fontdata) == 0)) -+ if (freefont && p->userfont && p->fontdata && (--REFCOUNT(p->fontdata) == 0)) - kfree(p->fontdata - FONT_EXTRA_WORDS * sizeof(int)); - p->fontdata = NULL; - p->userfont = 0; -@@ -1173,8 +1202,8 @@ static void fbcon_deinit(struct vc_data *vc) - struct fb_info *info; - struct fbcon_ops *ops; - int idx; -+ bool free_font = true; - -- fbcon_free_font(p); - idx = con2fb_map[vc->vc_num]; - - if (idx == -1) -@@ -1185,6 +1214,8 @@ static void fbcon_deinit(struct vc_data *vc) - if (!info) - goto finished; - -+ if (info->flags & FBINFO_MISC_FIRMWARE) -+ free_font = false; - ops = info->fbcon_par; - - if (!ops) -@@ -1196,6 +1227,8 @@ static void fbcon_deinit(struct vc_data *vc) - ops->flags &= ~FBCON_FLAGS_INIT; - finished: - -+ fbcon_free_font(p, free_font); -+ - if (!con_is_bound(&fb_con)) - fbcon_exit(); - -@@ -2977,7 +3010,7 @@ static int fbcon_unbind(void) - { - int ret; - -- ret = unbind_con_driver(&fb_con, first_fb_vc, last_fb_vc, -+ ret = do_unbind_con_driver(&fb_con, first_fb_vc, last_fb_vc, - fbcon_is_default); - - if (!ret) -@@ -3050,7 +3083,7 @@ static int fbcon_fb_unregistered(struct fb_info *info) - primary_device = -1; - - if (!num_registered_fb) -- unregister_con_driver(&fb_con); -+ do_unregister_con_driver(&fb_con); - - return 0; - } -@@ -3115,7 +3148,7 @@ static int fbcon_fb_registered(struct fb_info *info) - } - - if (info_idx != -1) -- ret = fbcon_takeover(1); -+ ret = do_fbcon_takeover(1); - } else { - for (i = first_fb_vc; i <= last_fb_vc; i++) { - if (con2fb_map_boot[i] == idx) -diff --git a/drivers/video/console/vgacon.c b/drivers/video/console/vgacon.c -index d449a74..5855d17 100644 ---- a/drivers/video/console/vgacon.c -+++ b/drivers/video/console/vgacon.c -@@ -1064,7 +1064,7 @@ static int vgacon_do_font_op(struct vgastate *state,char *arg,int set,int ch512) - unsigned short video_port_status = vga_video_port_reg + 6; - int font_select = 0x00, beg, i; - char *charmap; -- -+ bool clear_attribs = false; - if (vga_video_type != VIDEO_TYPE_EGAM) { - charmap = (char *) VGA_MAP_MEM(colourmap, 0); - beg = 0x0e; -@@ -1169,12 +1169,6 @@ static int vgacon_do_font_op(struct vgastate *state,char *arg,int set,int ch512) - - /* if 512 char mode is already enabled don't re-enable it. */ - if ((set) && (ch512 != vga_512_chars)) { -- /* attribute controller */ -- for (i = 0; i < MAX_NR_CONSOLES; i++) { -- struct vc_data *c = vc_cons[i].d; -- if (c && c->vc_sw == &vga_con) -- c->vc_hi_font_mask = ch512 ? 0x0800 : 0; -- } - vga_512_chars = ch512; - /* 256-char: enable intensity bit - 512-char: disable intensity bit */ -@@ -1185,8 +1179,22 @@ static int vgacon_do_font_op(struct vgastate *state,char *arg,int set,int ch512) - it means, but it works, and it appears necessary */ - inb_p(video_port_status); - vga_wattr(state->vgabase, VGA_AR_ENABLE_DISPLAY, 0); -+ clear_attribs = true; - } - raw_spin_unlock_irq(&vga_lock); -+ -+ if (clear_attribs) { -+ for (i = 0; i < MAX_NR_CONSOLES; i++) { -+ struct vc_data *c = vc_cons[i].d; -+ if (c && c->vc_sw == &vga_con) { -+ /* force hi font mask to 0, so we always clear -+ the bit on either transition */ -+ c->vc_hi_font_mask = 0x00; -+ clear_buffer_attributes(c); -+ c->vc_hi_font_mask = ch512 ? 0x0800 : 0; -+ } -+ } -+ } - return 0; - } - -diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c -index 0dff12a..afa804f 100644 ---- a/drivers/video/fbmem.c -+++ b/drivers/video/fbmem.c -@@ -1651,7 +1651,9 @@ static int do_register_framebuffer(struct fb_info *fb_info) - event.info = fb_info; - if (!lock_fb_info(fb_info)) - return -ENODEV; -+ console_lock(); - fb_notifier_call_chain(FB_EVENT_FB_REGISTERED, &event); -+ console_unlock(); - unlock_fb_info(fb_info); - return 0; - } -@@ -1667,8 +1669,10 @@ static int do_unregister_framebuffer(struct fb_info *fb_info) - - if (!lock_fb_info(fb_info)) - return -ENODEV; -+ console_lock(); - event.info = fb_info; - ret = fb_notifier_call_chain(FB_EVENT_FB_UNBIND, &event); -+ console_unlock(); - unlock_fb_info(fb_info); - - if (ret) -@@ -1683,7 +1687,9 @@ static int do_unregister_framebuffer(struct fb_info *fb_info) - num_registered_fb--; - fb_cleanup_device(fb_info); - event.info = fb_info; -+ console_lock(); - fb_notifier_call_chain(FB_EVENT_FB_UNREGISTERED, &event); -+ console_unlock(); - - /* this may free fb info */ - put_fb_info(fb_info); -@@ -1854,11 +1860,8 @@ int fb_new_modelist(struct fb_info *info) - err = 1; - - if (!list_empty(&info->modelist)) { -- if (!lock_fb_info(info)) -- return -ENODEV; - event.info = info; - err = fb_notifier_call_chain(FB_EVENT_NEW_MODELIST, &event); -- unlock_fb_info(info); - } - - return err; -diff --git a/drivers/video/fbsysfs.c b/drivers/video/fbsysfs.c -index a55e366..ef476b0 100644 ---- a/drivers/video/fbsysfs.c -+++ b/drivers/video/fbsysfs.c -@@ -177,6 +177,8 @@ static ssize_t store_modes(struct device *device, - if (i * sizeof(struct fb_videomode) != count) - return -EINVAL; - -+ if (!lock_fb_info(fb_info)) -+ return -ENODEV; - console_lock(); - list_splice(&fb_info->modelist, &old_list); - fb_videomode_to_modelist((const struct fb_videomode *)buf, i, -@@ -188,6 +190,7 @@ static ssize_t store_modes(struct device *device, - fb_destroy_modelist(&old_list); - - console_unlock(); -+ unlock_fb_info(fb_info); - - return 0; - } -diff --git a/drivers/video/fsl-diu-fb.c b/drivers/video/fsl-diu-fb.c -index 458c006..dbce2da 100644 ---- a/drivers/video/fsl-diu-fb.c -+++ b/drivers/video/fsl-diu-fb.c -@@ -922,7 +922,7 @@ static u32 fsl_diu_get_pixel_format(unsigned int bits_per_pixel) - #define PF_COMP_0_MASK 0x0000000F - #define PF_COMP_0_SHIFT 0 - --#define MAKE_PF(alpha, red, blue, green, size, c0, c1, c2, c3) \ -+#define MAKE_PF(alpha, red, green, blue, size, c0, c1, c2, c3) \ - cpu_to_le32(PF_BYTE_F | (alpha << PF_ALPHA_C_SHIFT) | \ - (blue << PF_BLUE_C_SHIFT) | (green << PF_GREEN_C_SHIFT) | \ - (red << PF_RED_C_SHIFT) | (c3 << PF_COMP_3_SHIFT) | \ -@@ -932,10 +932,10 @@ static u32 fsl_diu_get_pixel_format(unsigned int bits_per_pixel) - switch (bits_per_pixel) { - case 32: - /* 0x88883316 */ -- return MAKE_PF(3, 2, 0, 1, 3, 8, 8, 8, 8); -+ return MAKE_PF(3, 2, 1, 0, 3, 8, 8, 8, 8); - case 24: - /* 0x88082219 */ -- return MAKE_PF(4, 0, 1, 2, 2, 0, 8, 8, 8); -+ return MAKE_PF(4, 0, 1, 2, 2, 8, 8, 8, 0); - case 16: - /* 0x65053118 */ - return MAKE_PF(4, 2, 1, 0, 1, 5, 6, 5, 0); -diff --git a/drivers/video/mxsfb.c b/drivers/video/mxsfb.c -index 49619b4..f2a49ef 100644 ---- a/drivers/video/mxsfb.c -+++ b/drivers/video/mxsfb.c -@@ -369,7 +369,8 @@ static void mxsfb_disable_controller(struct fb_info *fb_info) - loop--; - } - -- writel(VDCTRL4_SYNC_SIGNALS_ON, host->base + LCDC_VDCTRL4 + REG_CLR); -+ reg = readl(host->base + LCDC_VDCTRL4); -+ writel(reg & ~VDCTRL4_SYNC_SIGNALS_ON, host->base + LCDC_VDCTRL4); - - clk_disable_unprepare(host->clk); - -diff --git a/drivers/virtio/virtio_ring.c b/drivers/virtio/virtio_ring.c -index 5aa43c3..52bfd07 100644 ---- a/drivers/virtio/virtio_ring.c -+++ b/drivers/virtio/virtio_ring.c -@@ -132,6 +132,13 @@ static int vring_add_indirect(struct vring_virtqueue *vq, - unsigned head; - int i; - -+ /* -+ * We require lowmem mappings for the descriptors because -+ * otherwise virt_to_phys will give us bogus addresses in the -+ * virtqueue. -+ */ -+ gfp &= ~(__GFP_HIGHMEM | __GFP_HIGH); -+ - desc = kmalloc((out + in) * sizeof(struct vring_desc), gfp); - if (!desc) - return -ENOMEM; -diff --git a/drivers/xen/evtchn.c b/drivers/xen/evtchn.c -index b1f60a0..b2db77e 100644 ---- a/drivers/xen/evtchn.c -+++ b/drivers/xen/evtchn.c -@@ -269,6 +269,14 @@ static int evtchn_bind_to_user(struct per_user_data *u, int port) - u->name, (void *)(unsigned long)port); - if (rc >= 0) - rc = evtchn_make_refcounted(port); -+ else { -+ /* bind failed, should close the port now */ -+ struct evtchn_close close; -+ close.port = port; -+ if (HYPERVISOR_event_channel_op(EVTCHNOP_close, &close) != 0) -+ BUG(); -+ set_port_user(port, NULL); -+ } - - return rc; - } -@@ -277,6 +285,8 @@ static void evtchn_unbind_from_user(struct per_user_data *u, int port) - { - int irq = irq_from_evtchn(port); - -+ BUG_ON(irq < 0); -+ - unbind_from_irqhandler(irq, (void *)(unsigned long)port); - - set_port_user(port, NULL); -diff --git a/drivers/xen/grant-table.c b/drivers/xen/grant-table.c -index 0067266..22be735 100644 ---- a/drivers/xen/grant-table.c -+++ b/drivers/xen/grant-table.c -@@ -54,10 +54,6 @@ - /* External tools reserve first few grant table entries. */ - #define NR_RESERVED_ENTRIES 8 - #define GNTTAB_LIST_END 0xffffffff --#define GREFS_PER_GRANT_FRAME \ --(grant_table_version == 1 ? \ --(PAGE_SIZE / sizeof(struct grant_entry_v1)) : \ --(PAGE_SIZE / sizeof(union grant_entry_v2))) - - static grant_ref_t **gnttab_list; - static unsigned int nr_grant_frames; -@@ -152,6 +148,7 @@ static struct gnttab_ops *gnttab_interface; - static grant_status_t *grstatus; - - static int grant_table_version; -+static int grefs_per_grant_frame; - - static struct gnttab_free_callback *gnttab_free_callback_list; - -@@ -766,12 +763,14 @@ static int grow_gnttab_list(unsigned int more_frames) - unsigned int new_nr_grant_frames, extra_entries, i; - unsigned int nr_glist_frames, new_nr_glist_frames; - -+ BUG_ON(grefs_per_grant_frame == 0); -+ - new_nr_grant_frames = nr_grant_frames + more_frames; -- extra_entries = more_frames * GREFS_PER_GRANT_FRAME; -+ extra_entries = more_frames * grefs_per_grant_frame; - -- nr_glist_frames = (nr_grant_frames * GREFS_PER_GRANT_FRAME + RPP - 1) / RPP; -+ nr_glist_frames = (nr_grant_frames * grefs_per_grant_frame + RPP - 1) / RPP; - new_nr_glist_frames = -- (new_nr_grant_frames * GREFS_PER_GRANT_FRAME + RPP - 1) / RPP; -+ (new_nr_grant_frames * grefs_per_grant_frame + RPP - 1) / RPP; - for (i = nr_glist_frames; i < new_nr_glist_frames; i++) { - gnttab_list[i] = (grant_ref_t *)__get_free_page(GFP_ATOMIC); - if (!gnttab_list[i]) -@@ -779,12 +778,12 @@ static int grow_gnttab_list(unsigned int more_frames) - } - - -- for (i = GREFS_PER_GRANT_FRAME * nr_grant_frames; -- i < GREFS_PER_GRANT_FRAME * new_nr_grant_frames - 1; i++) -+ for (i = grefs_per_grant_frame * nr_grant_frames; -+ i < grefs_per_grant_frame * new_nr_grant_frames - 1; i++) - gnttab_entry(i) = i + 1; - - gnttab_entry(i) = gnttab_free_head; -- gnttab_free_head = GREFS_PER_GRANT_FRAME * nr_grant_frames; -+ gnttab_free_head = grefs_per_grant_frame * nr_grant_frames; - gnttab_free_count += extra_entries; - - nr_grant_frames = new_nr_grant_frames; -@@ -904,7 +903,8 @@ EXPORT_SYMBOL_GPL(gnttab_unmap_refs); - - static unsigned nr_status_frames(unsigned nr_grant_frames) - { -- return (nr_grant_frames * GREFS_PER_GRANT_FRAME + SPP - 1) / SPP; -+ BUG_ON(grefs_per_grant_frame == 0); -+ return (nr_grant_frames * grefs_per_grant_frame + SPP - 1) / SPP; - } - - static int gnttab_map_frames_v1(unsigned long *frames, unsigned int nr_gframes) -@@ -1062,6 +1062,7 @@ static void gnttab_request_version(void) - rc = HYPERVISOR_grant_table_op(GNTTABOP_set_version, &gsv, 1); - if (rc == 0 && gsv.version == 2) { - grant_table_version = 2; -+ grefs_per_grant_frame = PAGE_SIZE / sizeof(union grant_entry_v2); - gnttab_interface = &gnttab_v2_ops; - } else if (grant_table_version == 2) { - /* -@@ -1074,17 +1075,17 @@ static void gnttab_request_version(void) - panic("we need grant tables version 2, but only version 1 is available"); - } else { - grant_table_version = 1; -+ grefs_per_grant_frame = PAGE_SIZE / sizeof(struct grant_entry_v1); - gnttab_interface = &gnttab_v1_ops; - } - printk(KERN_INFO "Grant tables using version %d layout.\n", - grant_table_version); - } - --int gnttab_resume(void) -+static int gnttab_setup(void) - { - unsigned int max_nr_gframes; - -- gnttab_request_version(); - max_nr_gframes = gnttab_max_grant_frames(); - if (max_nr_gframes < nr_grant_frames) - return -ENOSYS; -@@ -1107,6 +1108,12 @@ int gnttab_resume(void) - return 0; - } - -+int gnttab_resume(void) -+{ -+ gnttab_request_version(); -+ return gnttab_setup(); -+} -+ - int gnttab_suspend(void) - { - gnttab_interface->unmap_frames(); -@@ -1118,9 +1125,10 @@ static int gnttab_expand(unsigned int req_entries) - int rc; - unsigned int cur, extra; - -+ BUG_ON(grefs_per_grant_frame == 0); - cur = nr_grant_frames; -- extra = ((req_entries + (GREFS_PER_GRANT_FRAME-1)) / -- GREFS_PER_GRANT_FRAME); -+ extra = ((req_entries + (grefs_per_grant_frame-1)) / -+ grefs_per_grant_frame); - if (cur + extra > gnttab_max_grant_frames()) - return -ENOSPC; - -@@ -1138,21 +1146,23 @@ int gnttab_init(void) - unsigned int nr_init_grefs; - int ret; - -+ gnttab_request_version(); - nr_grant_frames = 1; - boot_max_nr_grant_frames = __max_nr_grant_frames(); - - /* Determine the maximum number of frames required for the - * grant reference free list on the current hypervisor. - */ -+ BUG_ON(grefs_per_grant_frame == 0); - max_nr_glist_frames = (boot_max_nr_grant_frames * -- GREFS_PER_GRANT_FRAME / RPP); -+ grefs_per_grant_frame / RPP); - - gnttab_list = kmalloc(max_nr_glist_frames * sizeof(grant_ref_t *), - GFP_KERNEL); - if (gnttab_list == NULL) - return -ENOMEM; - -- nr_glist_frames = (nr_grant_frames * GREFS_PER_GRANT_FRAME + RPP - 1) / RPP; -+ nr_glist_frames = (nr_grant_frames * grefs_per_grant_frame + RPP - 1) / RPP; - for (i = 0; i < nr_glist_frames; i++) { - gnttab_list[i] = (grant_ref_t *)__get_free_page(GFP_KERNEL); - if (gnttab_list[i] == NULL) { -@@ -1161,12 +1171,12 @@ int gnttab_init(void) - } - } - -- if (gnttab_resume() < 0) { -+ if (gnttab_setup() < 0) { - ret = -ENODEV; - goto ini_nomem; - } - -- nr_init_grefs = nr_grant_frames * GREFS_PER_GRANT_FRAME; -+ nr_init_grefs = nr_grant_frames * grefs_per_grant_frame; - - for (i = NR_RESERVED_ENTRIES; i < nr_init_grefs - 1; i++) - gnttab_entry(i) = i + 1; -diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c -index 790b3cd..772428d 100644 ---- a/fs/binfmt_misc.c -+++ b/fs/binfmt_misc.c -@@ -176,7 +176,10 @@ static int load_misc_binary(struct linux_binprm *bprm, struct pt_regs *regs) - goto _error; - bprm->argc ++; - -- bprm->interp = iname; /* for binfmt_script */ -+ /* Update interp in case binfmt_script needs it. */ -+ retval = bprm_change_interp(iname, bprm); -+ if (retval < 0) -+ goto _error; - - interp_file = open_exec (iname); - retval = PTR_ERR (interp_file); -diff --git a/fs/binfmt_script.c b/fs/binfmt_script.c -index d3b8c1f..df49d48 100644 ---- a/fs/binfmt_script.c -+++ b/fs/binfmt_script.c -@@ -82,7 +82,9 @@ static int load_script(struct linux_binprm *bprm,struct pt_regs *regs) - retval = copy_strings_kernel(1, &i_name, bprm); - if (retval) return retval; - bprm->argc++; -- bprm->interp = interp; -+ retval = bprm_change_interp(interp, bprm); -+ if (retval < 0) -+ return retval; - - /* - * OK, now restart the process with the interpreter's dentry. -diff --git a/fs/block_dev.c b/fs/block_dev.c -index 38e721b..2577cf4 100644 ---- a/fs/block_dev.c -+++ b/fs/block_dev.c -@@ -1047,6 +1047,7 @@ int revalidate_disk(struct gendisk *disk) - - mutex_lock(&bdev->bd_mutex); - check_disk_size_change(disk, bdev); -+ bdev->bd_invalidated = 0; - mutex_unlock(&bdev->bd_mutex); - bdput(bdev); - return ret; -diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c -index 1ced2d8..a2e0b94 100644 ---- a/fs/ceph/addr.c -+++ b/fs/ceph/addr.c -@@ -267,6 +267,14 @@ static void finish_read(struct ceph_osd_request *req, struct ceph_msg *msg) - kfree(req->r_pages); - } - -+static void ceph_unlock_page_vector(struct page **pages, int num_pages) -+{ -+ int i; -+ -+ for (i = 0; i < num_pages; i++) -+ unlock_page(pages[i]); -+} -+ - /* - * start an async read(ahead) operation. return nr_pages we submitted - * a read for on success, or negative error code. -@@ -308,8 +316,8 @@ static int start_read(struct inode *inode, struct list_head *page_list, int max) - NULL, 0, - ci->i_truncate_seq, ci->i_truncate_size, - NULL, false, 1, 0); -- if (!req) -- return -ENOMEM; -+ if (IS_ERR(req)) -+ return PTR_ERR(req); - - /* build page vector */ - nr_pages = len >> PAGE_CACHE_SHIFT; -@@ -347,6 +355,7 @@ static int start_read(struct inode *inode, struct list_head *page_list, int max) - return nr_pages; - - out_pages: -+ ceph_unlock_page_vector(pages, nr_pages); - ceph_release_page_vector(pages, nr_pages); - out: - ceph_osdc_put_request(req); -@@ -831,8 +840,8 @@ get_more_pages: - ci->i_truncate_size, - &inode->i_mtime, true, 1, 0); - -- if (!req) { -- rc = -ENOMEM; -+ if (IS_ERR(req)) { -+ rc = PTR_ERR(req); - unlock_page(page); - break; - } -diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c -index 620daad..e7d4077 100644 ---- a/fs/ceph/caps.c -+++ b/fs/ceph/caps.c -@@ -1349,11 +1349,15 @@ int __ceph_mark_dirty_caps(struct ceph_inode_info *ci, int mask) - if (!ci->i_head_snapc) - ci->i_head_snapc = ceph_get_snap_context( - ci->i_snap_realm->cached_context); -- dout(" inode %p now dirty snapc %p\n", &ci->vfs_inode, -- ci->i_head_snapc); -+ dout(" inode %p now dirty snapc %p auth cap %p\n", -+ &ci->vfs_inode, ci->i_head_snapc, ci->i_auth_cap); - BUG_ON(!list_empty(&ci->i_dirty_item)); - spin_lock(&mdsc->cap_dirty_lock); -- list_add(&ci->i_dirty_item, &mdsc->cap_dirty); -+ if (ci->i_auth_cap) -+ list_add(&ci->i_dirty_item, &mdsc->cap_dirty); -+ else -+ list_add(&ci->i_dirty_item, -+ &mdsc->cap_dirty_migrating); - spin_unlock(&mdsc->cap_dirty_lock); - if (ci->i_flushing_caps == 0) { - ihold(inode); -@@ -2388,7 +2392,7 @@ static void handle_cap_grant(struct inode *inode, struct ceph_mds_caps *grant, - &atime); - - /* max size increase? */ -- if (max_size != ci->i_max_size) { -+ if (ci->i_auth_cap == cap && max_size != ci->i_max_size) { - dout("max_size %lld -> %llu\n", ci->i_max_size, max_size); - ci->i_max_size = max_size; - if (max_size >= ci->i_wanted_max_size) { -@@ -2745,6 +2749,7 @@ static void handle_cap_import(struct ceph_mds_client *mdsc, - - /* make sure we re-request max_size, if necessary */ - spin_lock(&ci->i_ceph_lock); -+ ci->i_wanted_max_size = 0; /* reset */ - ci->i_requested_max_size = 0; - spin_unlock(&ci->i_ceph_lock); - } -@@ -2840,8 +2845,6 @@ void ceph_handle_caps(struct ceph_mds_session *session, - case CEPH_CAP_OP_IMPORT: - handle_cap_import(mdsc, inode, h, session, - snaptrace, snaptrace_len); -- ceph_check_caps(ceph_inode(inode), 0, session); -- goto done_unlocked; - } - - /* the rest require a cap */ -@@ -2858,6 +2861,7 @@ void ceph_handle_caps(struct ceph_mds_session *session, - switch (op) { - case CEPH_CAP_OP_REVOKE: - case CEPH_CAP_OP_GRANT: -+ case CEPH_CAP_OP_IMPORT: - handle_cap_grant(inode, h, session, cap, msg->middle); - goto done_unlocked; - -diff --git a/fs/ceph/file.c b/fs/ceph/file.c -index ecebbc0..5840d2a 100644 ---- a/fs/ceph/file.c -+++ b/fs/ceph/file.c -@@ -536,8 +536,8 @@ more: - do_sync, - ci->i_truncate_seq, ci->i_truncate_size, - &mtime, false, 2, page_align); -- if (!req) -- return -ENOMEM; -+ if (IS_ERR(req)) -+ return PTR_ERR(req); - - if (file->f_flags & O_DIRECT) { - pages = ceph_get_direct_page_vector(data, num_pages, false); -diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c -index 4b5762e..81613bc 100644 ---- a/fs/ceph/inode.c -+++ b/fs/ceph/inode.c -@@ -1466,7 +1466,7 @@ void __ceph_do_pending_vmtruncate(struct inode *inode) - { - struct ceph_inode_info *ci = ceph_inode(inode); - u64 to; -- int wrbuffer_refs, wake = 0; -+ int wrbuffer_refs, finish = 0; - - retry: - spin_lock(&ci->i_ceph_lock); -@@ -1498,15 +1498,18 @@ retry: - truncate_inode_pages(inode->i_mapping, to); - - spin_lock(&ci->i_ceph_lock); -- ci->i_truncate_pending--; -- if (ci->i_truncate_pending == 0) -- wake = 1; -+ if (to == ci->i_truncate_size) { -+ ci->i_truncate_pending = 0; -+ finish = 1; -+ } - spin_unlock(&ci->i_ceph_lock); -+ if (!finish) -+ goto retry; - - if (wrbuffer_refs == 0) - ceph_check_caps(ci, CHECK_CAPS_AUTHONLY, NULL); -- if (wake) -- wake_up_all(&ci->i_cap_wq); -+ -+ wake_up_all(&ci->i_cap_wq); - } - - -diff --git a/fs/ceph/mds_client.c b/fs/ceph/mds_client.c -index 1bcf712..0d9864f 100644 ---- a/fs/ceph/mds_client.c -+++ b/fs/ceph/mds_client.c -@@ -1876,9 +1876,14 @@ finish: - static void __wake_requests(struct ceph_mds_client *mdsc, - struct list_head *head) - { -- struct ceph_mds_request *req, *nreq; -+ struct ceph_mds_request *req; -+ LIST_HEAD(tmp_list); -+ -+ list_splice_init(head, &tmp_list); - -- list_for_each_entry_safe(req, nreq, head, r_wait) { -+ while (!list_empty(&tmp_list)) { -+ req = list_entry(tmp_list.next, -+ struct ceph_mds_request, r_wait); - list_del_init(&req->r_wait); - __do_request(mdsc, req); - } -diff --git a/fs/ceph/super.c b/fs/ceph/super.c -index b982239..2f6212e 100644 ---- a/fs/ceph/super.c -+++ b/fs/ceph/super.c -@@ -388,8 +388,6 @@ static int ceph_show_options(struct seq_file *m, struct dentry *root) - seq_printf(m, ",mount_timeout=%d", opt->mount_timeout); - if (opt->osd_idle_ttl != CEPH_OSD_IDLE_TTL_DEFAULT) - seq_printf(m, ",osd_idle_ttl=%d", opt->osd_idle_ttl); -- if (opt->osd_timeout != CEPH_OSD_TIMEOUT_DEFAULT) -- seq_printf(m, ",osdtimeout=%d", opt->osd_timeout); - if (opt->osd_keepalive_timeout != CEPH_OSD_KEEPALIVE_DEFAULT) - seq_printf(m, ",osdkeepalivetimeout=%d", - opt->osd_keepalive_timeout); -diff --git a/fs/cifs/cifs_dfs_ref.c b/fs/cifs/cifs_dfs_ref.c -index ce5cbd7..210fce2 100644 ---- a/fs/cifs/cifs_dfs_ref.c -+++ b/fs/cifs/cifs_dfs_ref.c -@@ -226,6 +226,8 @@ compose_mount_options_out: - compose_mount_options_err: - kfree(mountdata); - mountdata = ERR_PTR(rc); -+ kfree(*devname); -+ *devname = NULL; - goto compose_mount_options_out; - } - -diff --git a/fs/direct-io.c b/fs/direct-io.c -index f86c720..9202248 100644 ---- a/fs/direct-io.c -+++ b/fs/direct-io.c -@@ -261,9 +261,9 @@ static ssize_t dio_complete(struct dio *dio, loff_t offset, ssize_t ret, bool is - dio->end_io(dio->iocb, offset, transferred, - dio->private, ret, is_async); - } else { -+ inode_dio_done(dio->inode); - if (is_async) - aio_complete(dio->iocb, ret, 0); -- inode_dio_done(dio->inode); - } - - return ret; -diff --git a/fs/eventpoll.c b/fs/eventpoll.c -index eedec84..3b032dd 100644 ---- a/fs/eventpoll.c -+++ b/fs/eventpoll.c -@@ -1285,7 +1285,7 @@ static int ep_modify(struct eventpoll *ep, struct epitem *epi, struct epoll_even - * otherwise we might miss an event that happens between the - * f_op->poll() call and the new event set registering. - */ -- epi->event.events = event->events; -+ epi->event.events = event->events; /* need barrier below */ - pt._key = event->events; - epi->event.data = event->data; /* protected by mtx */ - if (epi->event.events & EPOLLWAKEUP) { -@@ -1296,6 +1296,26 @@ static int ep_modify(struct eventpoll *ep, struct epitem *epi, struct epoll_even - } - - /* -+ * The following barrier has two effects: -+ * -+ * 1) Flush epi changes above to other CPUs. This ensures -+ * we do not miss events from ep_poll_callback if an -+ * event occurs immediately after we call f_op->poll(). -+ * We need this because we did not take ep->lock while -+ * changing epi above (but ep_poll_callback does take -+ * ep->lock). -+ * -+ * 2) We also need to ensure we do not miss _past_ events -+ * when calling f_op->poll(). This barrier also -+ * pairs with the barrier in wq_has_sleeper (see -+ * comments for wq_has_sleeper). -+ * -+ * This barrier will now guarantee ep_poll_callback or f_op->poll -+ * (or both) will notice the readiness of an item. -+ */ -+ smp_mb(); -+ -+ /* - * Get current event bits. We can safely use the file* here because - * its usage count has been increased by the caller of this function. - */ -diff --git a/fs/exec.c b/fs/exec.c -index fab2c6d..59896ae 100644 ---- a/fs/exec.c -+++ b/fs/exec.c -@@ -1202,9 +1202,24 @@ void free_bprm(struct linux_binprm *bprm) - mutex_unlock(¤t->signal->cred_guard_mutex); - abort_creds(bprm->cred); - } -+ /* If a binfmt changed the interp, free it. */ -+ if (bprm->interp != bprm->filename) -+ kfree(bprm->interp); - kfree(bprm); - } - -+int bprm_change_interp(char *interp, struct linux_binprm *bprm) -+{ -+ /* If a binfmt changed the interp, free it first. */ -+ if (bprm->interp != bprm->filename) -+ kfree(bprm->interp); -+ bprm->interp = kstrdup(interp, GFP_KERNEL); -+ if (!bprm->interp) -+ return -ENOMEM; -+ return 0; -+} -+EXPORT_SYMBOL(bprm_change_interp); -+ - /* - * install the new credentials for this executable - */ -diff --git a/fs/ext4/acl.c b/fs/ext4/acl.c -index a5c29bb..8535c45 100644 ---- a/fs/ext4/acl.c -+++ b/fs/ext4/acl.c -@@ -410,8 +410,10 @@ ext4_xattr_set_acl(struct dentry *dentry, const char *name, const void *value, - - retry: - handle = ext4_journal_start(inode, EXT4_DATA_TRANS_BLOCKS(inode->i_sb)); -- if (IS_ERR(handle)) -- return PTR_ERR(handle); -+ if (IS_ERR(handle)) { -+ error = PTR_ERR(handle); -+ goto release_and_out; -+ } - error = ext4_set_acl(handle, inode, type, acl); - ext4_journal_stop(handle); - if (error == -ENOSPC && ext4_should_retry_alloc(inode->i_sb, &retries)) -diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c -index cf18217..2f2e0da 100644 ---- a/fs/ext4/balloc.c -+++ b/fs/ext4/balloc.c -@@ -358,7 +358,7 @@ void ext4_validate_block_bitmap(struct super_block *sb, - } - - /** -- * ext4_read_block_bitmap() -+ * ext4_read_block_bitmap_nowait() - * @sb: super block - * @block_group: given block group - * -@@ -457,6 +457,8 @@ ext4_read_block_bitmap(struct super_block *sb, ext4_group_t block_group) - struct buffer_head *bh; - - bh = ext4_read_block_bitmap_nowait(sb, block_group); -+ if (!bh) -+ return NULL; - if (ext4_wait_block_bitmap(sb, block_group, bh)) { - put_bh(bh); - return NULL; -@@ -482,11 +484,16 @@ static int ext4_has_free_clusters(struct ext4_sb_info *sbi, - - free_clusters = percpu_counter_read_positive(fcc); - dirty_clusters = percpu_counter_read_positive(dcc); -- root_clusters = EXT4_B2C(sbi, ext4_r_blocks_count(sbi->s_es)); -+ -+ /* -+ * r_blocks_count should always be multiple of the cluster ratio so -+ * we are safe to do a plane bit shift only. -+ */ -+ root_clusters = ext4_r_blocks_count(sbi->s_es) >> sbi->s_cluster_bits; - - if (free_clusters - (nclusters + root_clusters + dirty_clusters) < - EXT4_FREECLUSTERS_WATERMARK) { -- free_clusters = EXT4_C2B(sbi, percpu_counter_sum_positive(fcc)); -+ free_clusters = percpu_counter_sum_positive(fcc); - dirty_clusters = percpu_counter_sum_positive(dcc); - } - /* Check whether we have space after accounting for current -diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c -index 741bb94..31be24d 100644 ---- a/fs/ext4/extents.c -+++ b/fs/ext4/extents.c -@@ -2176,13 +2176,14 @@ ext4_ext_in_cache(struct inode *inode, ext4_lblk_t block, - * removes index from the index block. - */ - static int ext4_ext_rm_idx(handle_t *handle, struct inode *inode, -- struct ext4_ext_path *path) -+ struct ext4_ext_path *path, int depth) - { - int err; - ext4_fsblk_t leaf; - - /* free index block */ -- path--; -+ depth--; -+ path = path + depth; - leaf = ext4_idx_pblock(path->p_idx); - if (unlikely(path->p_hdr->eh_entries == 0)) { - EXT4_ERROR_INODE(inode, "path->p_hdr->eh_entries == 0"); -@@ -2207,6 +2208,19 @@ static int ext4_ext_rm_idx(handle_t *handle, struct inode *inode, - - ext4_free_blocks(handle, inode, NULL, leaf, 1, - EXT4_FREE_BLOCKS_METADATA | EXT4_FREE_BLOCKS_FORGET); -+ -+ while (--depth >= 0) { -+ if (path->p_idx != EXT_FIRST_INDEX(path->p_hdr)) -+ break; -+ path--; -+ err = ext4_ext_get_access(handle, inode, path); -+ if (err) -+ break; -+ path->p_idx->ei_block = (path+1)->p_idx->ei_block; -+ err = ext4_ext_dirty(handle, inode, path); -+ if (err) -+ break; -+ } - return err; - } - -@@ -2540,7 +2554,7 @@ ext4_ext_rm_leaf(handle_t *handle, struct inode *inode, - /* if this leaf is free, then we should - * remove it from index block above */ - if (err == 0 && eh->eh_entries == 0 && path[depth].p_bh != NULL) -- err = ext4_ext_rm_idx(handle, inode, path + depth); -+ err = ext4_ext_rm_idx(handle, inode, path, depth); - - out: - return err; -@@ -2741,7 +2755,7 @@ cont: - /* index is empty, remove it; - * handle must be already prepared by the - * truncatei_leaf() */ -- err = ext4_ext_rm_idx(handle, inode, path + i); -+ err = ext4_ext_rm_idx(handle, inode, path, i); - } - /* root level has p_bh == NULL, brelse() eats this */ - brelse(path[i].p_bh); -diff --git a/fs/ext4/ialloc.c b/fs/ext4/ialloc.c -index cc2d77c..c7c6e09 100644 ---- a/fs/ext4/ialloc.c -+++ b/fs/ext4/ialloc.c -@@ -753,7 +753,6 @@ got: - - BUFFER_TRACE(block_bitmap_bh, "dirty block bitmap"); - err = ext4_handle_dirty_metadata(handle, NULL, block_bitmap_bh); -- brelse(block_bitmap_bh); - - /* recheck and clear flag under lock if we still need to */ - ext4_lock_group(sb, group); -@@ -766,6 +765,7 @@ got: - ext4_group_desc_csum_set(sb, group, gdp); - } - ext4_unlock_group(sb, group); -+ brelse(block_bitmap_bh); - - if (err) - goto fail; -diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c -index 2ce16af..7e424eb 100644 ---- a/fs/ext4/inode.c -+++ b/fs/ext4/inode.c -@@ -1501,6 +1501,8 @@ static void ext4_da_block_invalidatepages(struct mpage_da_data *mpd) - - index = mpd->first_page; - end = mpd->next_page - 1; -+ -+ pagevec_init(&pvec, 0); - while (index <= end) { - nr_pages = pagevec_lookup(&pvec, mapping, index, PAGEVEC_SIZE); - if (nr_pages == 0) -diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index b26410c..24e5c78 100644 ---- a/fs/ext4/mballoc.c -+++ b/fs/ext4/mballoc.c -@@ -4128,7 +4128,7 @@ static void ext4_mb_add_n_trim(struct ext4_allocation_context *ac) - /* The max size of hash table is PREALLOC_TB_SIZE */ - order = PREALLOC_TB_SIZE - 1; - /* Add the prealloc space to lg */ -- rcu_read_lock(); -+ spin_lock(&lg->lg_prealloc_lock); - list_for_each_entry_rcu(tmp_pa, &lg->lg_prealloc_list[order], - pa_inode_list) { - spin_lock(&tmp_pa->pa_lock); -@@ -4152,12 +4152,12 @@ static void ext4_mb_add_n_trim(struct ext4_allocation_context *ac) - if (!added) - list_add_tail_rcu(&pa->pa_inode_list, - &lg->lg_prealloc_list[order]); -- rcu_read_unlock(); -+ spin_unlock(&lg->lg_prealloc_lock); - - /* Now trim the list to be not more than 8 elements */ - if (lg_prealloc_count > 8) { - ext4_mb_discard_lg_preallocations(sb, lg, -- order, lg_prealloc_count); -+ order, lg_prealloc_count); - return; - } - return ; -diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 2b5fb60..f4665ec 100644 ---- a/fs/ext4/super.c -+++ b/fs/ext4/super.c -@@ -1643,9 +1643,7 @@ static int parse_options(char *options, struct super_block *sb, - unsigned int *journal_ioprio, - int is_remount) - { --#ifdef CONFIG_QUOTA - struct ext4_sb_info *sbi = EXT4_SB(sb); --#endif - char *p; - substring_t args[MAX_OPT_ARGS]; - int token; -@@ -1694,6 +1692,16 @@ static int parse_options(char *options, struct super_block *sb, - } - } - #endif -+ if (test_opt(sb, DIOREAD_NOLOCK)) { -+ int blocksize = -+ BLOCK_SIZE << le32_to_cpu(sbi->s_es->s_log_block_size); -+ -+ if (blocksize < PAGE_CACHE_SIZE) { -+ ext4_msg(sb, KERN_ERR, "can't mount with " -+ "dioread_nolock if block size != PAGE_SIZE"); -+ return 0; -+ } -+ } - return 1; - } - -@@ -2184,7 +2192,9 @@ static void ext4_orphan_cleanup(struct super_block *sb, - __func__, inode->i_ino, inode->i_size); - jbd_debug(2, "truncating inode %lu to %lld bytes\n", - inode->i_ino, inode->i_size); -+ mutex_lock(&inode->i_mutex); - ext4_truncate(inode); -+ mutex_unlock(&inode->i_mutex); - nr_truncates++; - } else { - ext4_msg(sb, KERN_DEBUG, -@@ -3409,15 +3419,6 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) - clear_opt(sb, DELALLOC); - } - -- blocksize = BLOCK_SIZE << le32_to_cpu(es->s_log_block_size); -- if (test_opt(sb, DIOREAD_NOLOCK)) { -- if (blocksize < PAGE_SIZE) { -- ext4_msg(sb, KERN_ERR, "can't mount with " -- "dioread_nolock if block size != PAGE_SIZE"); -- goto failed_mount; -- } -- } -- - sb->s_flags = (sb->s_flags & ~MS_POSIXACL) | - (test_opt(sb, POSIX_ACL) ? MS_POSIXACL : 0); - -@@ -3459,6 +3460,7 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent) - if (!ext4_feature_set_ok(sb, (sb->s_flags & MS_RDONLY))) - goto failed_mount; - -+ blocksize = BLOCK_SIZE << le32_to_cpu(es->s_log_block_size); - if (blocksize < EXT4_MIN_BLOCK_SIZE || - blocksize > EXT4_MAX_BLOCK_SIZE) { - ext4_msg(sb, KERN_ERR, -@@ -4694,7 +4696,7 @@ static int ext4_remount(struct super_block *sb, int *flags, char *data) - } - - ext4_setup_system_zone(sb); -- if (sbi->s_journal == NULL) -+ if (sbi->s_journal == NULL && !(old_sb_flags & MS_RDONLY)) - ext4_commit_super(sb, 1); - - unlock_super(sb); -diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c -index 2cdb98d..f039941 100644 ---- a/fs/ext4/xattr.c -+++ b/fs/ext4/xattr.c -@@ -554,7 +554,7 @@ ext4_xattr_release_block(handle_t *handle, struct inode *inode, - error = ext4_handle_dirty_xattr_block(handle, inode, bh); - if (IS_SYNC(inode)) - ext4_handle_sync(handle); -- dquot_free_block(inode, 1); -+ dquot_free_block(inode, EXT4_C2B(EXT4_SB(inode->i_sb), 1)); - ea_bdebug(bh, "refcount now=%d; releasing", - le32_to_cpu(BHDR(bh)->h_refcount)); - } -@@ -843,7 +843,8 @@ inserted: - else { - /* The old block is released after updating - the inode. */ -- error = dquot_alloc_block(inode, 1); -+ error = dquot_alloc_block(inode, -+ EXT4_C2B(EXT4_SB(sb), 1)); - if (error) - goto cleanup; - error = ext4_journal_get_write_access(handle, -@@ -939,7 +940,7 @@ cleanup: - return error; - - cleanup_dquot: -- dquot_free_block(inode, 1); -+ dquot_free_block(inode, EXT4_C2B(EXT4_SB(sb), 1)); - goto cleanup; - - bad_block: -diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c -index 324bc08..68cc9ef 100644 ---- a/fs/fuse/dir.c -+++ b/fs/fuse/dir.c -@@ -682,7 +682,14 @@ static int fuse_unlink(struct inode *dir, struct dentry *entry) - - spin_lock(&fc->lock); - fi->attr_version = ++fc->attr_version; -- drop_nlink(inode); -+ /* -+ * If i_nlink == 0 then unlink doesn't make sense, yet this can -+ * happen if userspace filesystem is careless. It would be -+ * difficult to enforce correct nlink usage so just ignore this -+ * condition here -+ */ -+ if (inode->i_nlink > 0) -+ drop_nlink(inode); - spin_unlock(&fc->lock); - fuse_invalidate_attr(inode); - fuse_invalidate_attr(dir); -diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c -index fb1ab953..2fb20f5 100644 ---- a/fs/jbd2/transaction.c -+++ b/fs/jbd2/transaction.c -@@ -209,7 +209,8 @@ repeat: - if (!new_transaction) - goto alloc_transaction; - write_lock(&journal->j_state_lock); -- if (!journal->j_running_transaction) { -+ if (!journal->j_running_transaction && -+ !journal->j_barrier_count) { - jbd2_get_transaction(journal, new_transaction); - new_transaction = NULL; - } -diff --git a/fs/jffs2/nodemgmt.c b/fs/jffs2/nodemgmt.c -index 0c96eb5..0331072 100644 ---- a/fs/jffs2/nodemgmt.c -+++ b/fs/jffs2/nodemgmt.c -@@ -417,14 +417,16 @@ static int jffs2_do_reserve_space(struct jffs2_sb_info *c, uint32_t minsize, - spin_unlock(&c->erase_completion_lock); - - ret = jffs2_prealloc_raw_node_refs(c, jeb, 1); -- if (ret) -- return ret; -+ - /* Just lock it again and continue. Nothing much can change because - we hold c->alloc_sem anyway. In fact, it's not entirely clear why - we hold c->erase_completion_lock in the majority of this function... - but that's a question for another (more caffeine-rich) day. */ - spin_lock(&c->erase_completion_lock); - -+ if (ret) -+ return ret; -+ - waste = jeb->free_size; - jffs2_link_node_ref(c, jeb, - (jeb->offset + c->sector_size - waste) | REF_OBSOLETE, -diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c -index 05d2912..a5657ff 100644 ---- a/fs/lockd/clntproc.c -+++ b/fs/lockd/clntproc.c -@@ -551,6 +551,9 @@ again: - status = nlmclnt_block(block, req, NLMCLNT_POLL_TIMEOUT); - if (status < 0) - break; -+ /* Resend the blocking lock request after a server reboot */ -+ if (resp->status == nlm_lck_denied_grace_period) -+ continue; - if (resp->status != nlm_lck_blocked) - break; - } -diff --git a/fs/nfs/blocklayout/blocklayout.c b/fs/nfs/blocklayout/blocklayout.c -index 1093968..62f18f7 100644 ---- a/fs/nfs/blocklayout/blocklayout.c -+++ b/fs/nfs/blocklayout/blocklayout.c -@@ -1240,6 +1240,7 @@ static const struct nfs_pageio_ops bl_pg_write_ops = { - static struct pnfs_layoutdriver_type blocklayout_type = { - .id = LAYOUT_BLOCK_VOLUME, - .name = "LAYOUT_BLOCK_VOLUME", -+ .owner = THIS_MODULE, - .read_pagelist = bl_read_pagelist, - .write_pagelist = bl_write_pagelist, - .alloc_layout_hdr = bl_alloc_layout_hdr, -diff --git a/fs/nfs/client.c b/fs/nfs/client.c -index 0e7cd89..b59f1d8 100644 ---- a/fs/nfs/client.c -+++ b/fs/nfs/client.c -@@ -614,8 +614,7 @@ EXPORT_SYMBOL_GPL(nfs_create_rpc_client); - */ - static void nfs_destroy_server(struct nfs_server *server) - { -- if (!(server->flags & NFS_MOUNT_LOCAL_FLOCK) || -- !(server->flags & NFS_MOUNT_LOCAL_FCNTL)) -+ if (server->nlm_host) - nlmclnt_done(server->nlm_host); - } - -diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c -index 627f108..e210a66 100644 ---- a/fs/nfs/dir.c -+++ b/fs/nfs/dir.c -@@ -1155,11 +1155,14 @@ static int nfs_dentry_delete(const struct dentry *dentry) - - } - -+/* Ensure that we revalidate inode->i_nlink */ - static void nfs_drop_nlink(struct inode *inode) - { - spin_lock(&inode->i_lock); -- if (inode->i_nlink > 0) -- drop_nlink(inode); -+ /* drop the inode if we're reasonably sure this is the last link */ -+ if (inode->i_nlink == 1) -+ clear_nlink(inode); -+ NFS_I(inode)->cache_validity |= NFS_INO_INVALID_ATTR; - spin_unlock(&inode->i_lock); - } - -@@ -1174,8 +1177,8 @@ static void nfs_dentry_iput(struct dentry *dentry, struct inode *inode) - NFS_I(inode)->cache_validity |= NFS_INO_INVALID_DATA; - - if (dentry->d_flags & DCACHE_NFSFS_RENAMED) { -- drop_nlink(inode); - nfs_complete_unlink(dentry, inode); -+ nfs_drop_nlink(inode); - } - iput(inode); - } -@@ -1646,10 +1649,8 @@ static int nfs_safe_remove(struct dentry *dentry) - if (inode != NULL) { - NFS_PROTO(inode)->return_delegation(inode); - error = NFS_PROTO(dir)->remove(dir, &dentry->d_name); -- /* The VFS may want to delete this inode */ - if (error == 0) - nfs_drop_nlink(inode); -- nfs_mark_for_revalidate(inode); - } else - error = NFS_PROTO(dir)->remove(dir, &dentry->d_name); - if (error == -ENOENT) -diff --git a/fs/nfs/namespace.c b/fs/nfs/namespace.c -index dd057bc..fc8dc20 100644 ---- a/fs/nfs/namespace.c -+++ b/fs/nfs/namespace.c -@@ -177,11 +177,31 @@ out_nofree: - return mnt; - } - -+static int -+nfs_namespace_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) -+{ -+ if (NFS_FH(dentry->d_inode)->size != 0) -+ return nfs_getattr(mnt, dentry, stat); -+ generic_fillattr(dentry->d_inode, stat); -+ return 0; -+} -+ -+static int -+nfs_namespace_setattr(struct dentry *dentry, struct iattr *attr) -+{ -+ if (NFS_FH(dentry->d_inode)->size != 0) -+ return nfs_setattr(dentry, attr); -+ return -EACCES; -+} -+ - const struct inode_operations nfs_mountpoint_inode_operations = { - .getattr = nfs_getattr, -+ .setattr = nfs_setattr, - }; - - const struct inode_operations nfs_referral_inode_operations = { -+ .getattr = nfs_namespace_getattr, -+ .setattr = nfs_namespace_setattr, - }; - - static void nfs_expire_automounts(struct work_struct *work) -diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c -index 7bff871..5e61aac 100644 ---- a/fs/nfs/nfs4proc.c -+++ b/fs/nfs/nfs4proc.c -@@ -5999,13 +5999,26 @@ static void nfs41_sequence_prepare(struct rpc_task *task, void *data) - rpc_call_start(task); - } - -+static void nfs41_sequence_prepare_privileged(struct rpc_task *task, void *data) -+{ -+ rpc_task_set_priority(task, RPC_PRIORITY_PRIVILEGED); -+ nfs41_sequence_prepare(task, data); -+} -+ - static const struct rpc_call_ops nfs41_sequence_ops = { - .rpc_call_done = nfs41_sequence_call_done, - .rpc_call_prepare = nfs41_sequence_prepare, - .rpc_release = nfs41_sequence_release, - }; - --static struct rpc_task *_nfs41_proc_sequence(struct nfs_client *clp, struct rpc_cred *cred) -+static const struct rpc_call_ops nfs41_sequence_privileged_ops = { -+ .rpc_call_done = nfs41_sequence_call_done, -+ .rpc_call_prepare = nfs41_sequence_prepare_privileged, -+ .rpc_release = nfs41_sequence_release, -+}; -+ -+static struct rpc_task *_nfs41_proc_sequence(struct nfs_client *clp, struct rpc_cred *cred, -+ const struct rpc_call_ops *seq_ops) - { - struct nfs4_sequence_data *calldata; - struct rpc_message msg = { -@@ -6015,7 +6028,7 @@ static struct rpc_task *_nfs41_proc_sequence(struct nfs_client *clp, struct rpc_ - struct rpc_task_setup task_setup_data = { - .rpc_client = clp->cl_rpcclient, - .rpc_message = &msg, -- .callback_ops = &nfs41_sequence_ops, -+ .callback_ops = seq_ops, - .flags = RPC_TASK_ASYNC | RPC_TASK_SOFT, - }; - -@@ -6042,7 +6055,7 @@ static int nfs41_proc_async_sequence(struct nfs_client *clp, struct rpc_cred *cr - - if ((renew_flags & NFS4_RENEW_TIMEOUT) == 0) - return 0; -- task = _nfs41_proc_sequence(clp, cred); -+ task = _nfs41_proc_sequence(clp, cred, &nfs41_sequence_ops); - if (IS_ERR(task)) - ret = PTR_ERR(task); - else -@@ -6056,7 +6069,7 @@ static int nfs4_proc_sequence(struct nfs_client *clp, struct rpc_cred *cred) - struct rpc_task *task; - int ret; - -- task = _nfs41_proc_sequence(clp, cred); -+ task = _nfs41_proc_sequence(clp, cred, &nfs41_sequence_privileged_ops); - if (IS_ERR(task)) { - ret = PTR_ERR(task); - goto out; -diff --git a/fs/nfs/objlayout/objio_osd.c b/fs/nfs/objlayout/objio_osd.c -index ea6d111..75bd459 100644 ---- a/fs/nfs/objlayout/objio_osd.c -+++ b/fs/nfs/objlayout/objio_osd.c -@@ -640,6 +640,7 @@ static struct pnfs_layoutdriver_type objlayout_type = { - .flags = PNFS_LAYOUTRET_ON_SETATTR | - PNFS_LAYOUTRET_ON_ERROR, - -+ .owner = THIS_MODULE, - .alloc_layout_hdr = objlayout_alloc_layout_hdr, - .free_layout_hdr = objlayout_free_layout_hdr, - -diff --git a/fs/nfs/super.c b/fs/nfs/super.c -index d8d7396..2a31c7f 100644 ---- a/fs/nfs/super.c -+++ b/fs/nfs/super.c -@@ -1095,7 +1095,7 @@ static int nfs_get_option_str(substring_t args[], char **option) - { - kfree(*option); - *option = match_strdup(args); -- return !option; -+ return !*option; - } - - static int nfs_get_option_ul(substring_t args[], unsigned long *option) -diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c -index c9c1c0a..ac784eb 100644 ---- a/fs/nfsd/nfs4proc.c -+++ b/fs/nfsd/nfs4proc.c -@@ -194,6 +194,7 @@ static __be32 - do_open_lookup(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_open *open) - { - struct svc_fh *resfh; -+ int accmode; - __be32 status; - - resfh = kmalloc(sizeof(struct svc_fh), GFP_KERNEL); -@@ -253,9 +254,10 @@ do_open_lookup(struct svc_rqst *rqstp, struct svc_fh *current_fh, struct nfsd4_o - /* set reply cache */ - fh_copy_shallow(&open->op_openowner->oo_owner.so_replay.rp_openfh, - &resfh->fh_handle); -- if (!open->op_created) -- status = do_open_permission(rqstp, resfh, open, -- NFSD_MAY_NOP); -+ accmode = NFSD_MAY_NOP; -+ if (open->op_created) -+ accmode |= NFSD_MAY_OWNER_OVERRIDE; -+ status = do_open_permission(rqstp, resfh, open, accmode); - set_change_info(&open->op_cinfo, current_fh); - fh_dup2(current_fh, resfh); - out: -diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c -index 5b3224c..b271e9d 100644 ---- a/fs/nfsd/nfs4state.c -+++ b/fs/nfsd/nfs4state.c -@@ -1098,6 +1098,8 @@ free_client(struct nfs4_client *clp) - } - free_svc_cred(&clp->cl_cred); - kfree(clp->cl_name.data); -+ idr_remove_all(&clp->cl_stateids); -+ idr_destroy(&clp->cl_stateids); - kfree(clp); - } - -@@ -2341,7 +2343,7 @@ nfsd4_init_slabs(void) - if (openowner_slab == NULL) - goto out_nomem; - lockowner_slab = kmem_cache_create("nfsd4_lockowners", -- sizeof(struct nfs4_openowner), 0, 0, NULL); -+ sizeof(struct nfs4_lockowner), 0, 0, NULL); - if (lockowner_slab == NULL) - goto out_nomem; - file_slab = kmem_cache_create("nfsd4_files", -diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c -index 6322df3..1e83186 100644 ---- a/fs/nfsd/nfs4xdr.c -+++ b/fs/nfsd/nfs4xdr.c -@@ -2946,11 +2946,16 @@ nfsd4_encode_read(struct nfsd4_compoundres *resp, __be32 nfserr, - len = maxcount; - v = 0; - while (len > 0) { -- pn = resp->rqstp->rq_resused++; -+ pn = resp->rqstp->rq_resused; -+ if (!resp->rqstp->rq_respages[pn]) { /* ran out of pages */ -+ maxcount -= len; -+ break; -+ } - resp->rqstp->rq_vec[v].iov_base = - page_address(resp->rqstp->rq_respages[pn]); - resp->rqstp->rq_vec[v].iov_len = - len < PAGE_SIZE ? len : PAGE_SIZE; -+ resp->rqstp->rq_resused++; - v++; - len -= PAGE_SIZE; - } -@@ -2996,6 +3001,8 @@ nfsd4_encode_readlink(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd - return nfserr; - if (resp->xbuf->page_len) - return nfserr_resource; -+ if (!resp->rqstp->rq_respages[resp->rqstp->rq_resused]) -+ return nfserr_resource; - - page = page_address(resp->rqstp->rq_respages[resp->rqstp->rq_resused++]); - -@@ -3045,6 +3052,8 @@ nfsd4_encode_readdir(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4 - return nfserr; - if (resp->xbuf->page_len) - return nfserr_resource; -+ if (!resp->rqstp->rq_respages[resp->rqstp->rq_resused]) -+ return nfserr_resource; - - RESERVE_SPACE(NFS4_VERIFIER_SIZE); - savep = p; -diff --git a/fs/nfsd/nfssvc.c b/fs/nfsd/nfssvc.c -index 240473c..0d5e021 100644 ---- a/fs/nfsd/nfssvc.c -+++ b/fs/nfsd/nfssvc.c -@@ -650,7 +650,7 @@ nfsd_dispatch(struct svc_rqst *rqstp, __be32 *statp) - } - - /* Store reply in cache. */ -- nfsd_cache_update(rqstp, proc->pc_cachetype, statp + 1); -+ nfsd_cache_update(rqstp, rqstp->rq_cachetype, statp + 1); - return 1; - } - -diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c -index a9269f1..e1b40c7 100644 ---- a/fs/nfsd/vfs.c -+++ b/fs/nfsd/vfs.c -@@ -1485,13 +1485,19 @@ do_nfsd_create(struct svc_rqst *rqstp, struct svc_fh *fhp, - case NFS3_CREATE_EXCLUSIVE: - if ( dchild->d_inode->i_mtime.tv_sec == v_mtime - && dchild->d_inode->i_atime.tv_sec == v_atime -- && dchild->d_inode->i_size == 0 ) -+ && dchild->d_inode->i_size == 0 ) { -+ if (created) -+ *created = 1; - break; -+ } - case NFS4_CREATE_EXCLUSIVE4_1: - if ( dchild->d_inode->i_mtime.tv_sec == v_mtime - && dchild->d_inode->i_atime.tv_sec == v_atime -- && dchild->d_inode->i_size == 0 ) -+ && dchild->d_inode->i_size == 0 ) { -+ if (created) -+ *created = 1; - goto set_attr; -+ } - /* fallthru */ - case NFS3_CREATE_GUARDED: - err = nfserr_exist; -diff --git a/fs/nilfs2/ioctl.c b/fs/nilfs2/ioctl.c -index fdb1807..f385935 100644 ---- a/fs/nilfs2/ioctl.c -+++ b/fs/nilfs2/ioctl.c -@@ -664,8 +664,11 @@ static int nilfs_ioctl_clean_segments(struct inode *inode, struct file *filp, - if (ret < 0) - printk(KERN_ERR "NILFS: GC failed during preparation: " - "cannot read source blocks: err=%d\n", ret); -- else -+ else { -+ if (nilfs_sb_need_update(nilfs)) -+ set_nilfs_discontinued(nilfs); - ret = nilfs_clean_segments(inode->i_sb, argv, kbufs); -+ } - - nilfs_remove_all_gcinodes(nilfs); - clear_nilfs_gc_running(nilfs); -diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c -index 8445fbc..6f292dd 100644 ---- a/fs/notify/inotify/inotify_user.c -+++ b/fs/notify/inotify/inotify_user.c -@@ -579,8 +579,6 @@ static int inotify_update_existing_watch(struct fsnotify_group *group, - - /* don't allow invalid bits: we don't want flags set */ - mask = inotify_arg_to_mask(arg); -- if (unlikely(!(mask & IN_ALL_EVENTS))) -- return -EINVAL; - - fsn_mark = fsnotify_find_inode_mark(group, inode); - if (!fsn_mark) -@@ -632,8 +630,6 @@ static int inotify_new_watch(struct fsnotify_group *group, - - /* don't allow invalid bits: we don't want flags set */ - mask = inotify_arg_to_mask(arg); -- if (unlikely(!(mask & IN_ALL_EVENTS))) -- return -EINVAL; - - tmp_i_mark = kmem_cache_alloc(inotify_inode_mark_cachep, GFP_KERNEL); - if (unlikely(!tmp_i_mark)) -diff --git a/fs/ocfs2/aops.c b/fs/ocfs2/aops.c -index 6577432..340bd02 100644 ---- a/fs/ocfs2/aops.c -+++ b/fs/ocfs2/aops.c -@@ -593,9 +593,9 @@ static void ocfs2_dio_end_io(struct kiocb *iocb, - level = ocfs2_iocb_rw_locked_level(iocb); - ocfs2_rw_unlock(inode, level); - -+ inode_dio_done(inode); - if (is_async) - aio_complete(iocb, ret, 0); -- inode_dio_done(inode); - } - - /* -diff --git a/fs/ocfs2/dlmglue.c b/fs/ocfs2/dlmglue.c -index 4f7795f..88577eb 100644 ---- a/fs/ocfs2/dlmglue.c -+++ b/fs/ocfs2/dlmglue.c -@@ -2545,6 +2545,7 @@ int ocfs2_super_lock(struct ocfs2_super *osb, - * everything is up to the caller :) */ - status = ocfs2_should_refresh_lock_res(lockres); - if (status < 0) { -+ ocfs2_cluster_unlock(osb, lockres, level); - mlog_errno(status); - goto bail; - } -@@ -2553,8 +2554,10 @@ int ocfs2_super_lock(struct ocfs2_super *osb, - - ocfs2_complete_lock_res_refresh(lockres, status); - -- if (status < 0) -+ if (status < 0) { -+ ocfs2_cluster_unlock(osb, lockres, level); - mlog_errno(status); -+ } - ocfs2_track_lock_refresh(lockres); - } - bail: -diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c -index f169da4..b7e74b5 100644 ---- a/fs/ocfs2/suballoc.c -+++ b/fs/ocfs2/suballoc.c -@@ -642,7 +642,7 @@ ocfs2_block_group_alloc_discontig(handle_t *handle, - * cluster groups will be staying in cache for the duration of - * this operation. - */ -- ac->ac_allow_chain_relink = 0; -+ ac->ac_disable_chain_relink = 1; - - /* Claim the first region */ - status = ocfs2_block_group_claim_bits(osb, handle, ac, min_bits, -@@ -1823,7 +1823,7 @@ static int ocfs2_search_chain(struct ocfs2_alloc_context *ac, - * Do this *after* figuring out how many bits we're taking out - * of our target group. - */ -- if (ac->ac_allow_chain_relink && -+ if (!ac->ac_disable_chain_relink && - (prev_group_bh) && - (ocfs2_block_group_reasonably_empty(bg, res->sr_bits))) { - status = ocfs2_relink_block_group(handle, alloc_inode, -@@ -1928,7 +1928,6 @@ static int ocfs2_claim_suballoc_bits(struct ocfs2_alloc_context *ac, - - victim = ocfs2_find_victim_chain(cl); - ac->ac_chain = victim; -- ac->ac_allow_chain_relink = 1; - - status = ocfs2_search_chain(ac, handle, bits_wanted, min_bits, - res, &bits_left); -@@ -1947,7 +1946,7 @@ static int ocfs2_claim_suballoc_bits(struct ocfs2_alloc_context *ac, - * searching each chain in order. Don't allow chain relinking - * because we only calculate enough journal credits for one - * relink per alloc. */ -- ac->ac_allow_chain_relink = 0; -+ ac->ac_disable_chain_relink = 1; - for (i = 0; i < le16_to_cpu(cl->cl_next_free_rec); i ++) { - if (i == victim) - continue; -diff --git a/fs/ocfs2/suballoc.h b/fs/ocfs2/suballoc.h -index b8afabf..a36d0aa 100644 ---- a/fs/ocfs2/suballoc.h -+++ b/fs/ocfs2/suballoc.h -@@ -49,7 +49,7 @@ struct ocfs2_alloc_context { - - /* these are used by the chain search */ - u16 ac_chain; -- int ac_allow_chain_relink; -+ int ac_disable_chain_relink; - group_search_t *ac_group_search; - - u64 ac_last_group; -diff --git a/fs/ocfs2/xattr.c b/fs/ocfs2/xattr.c -index 0ba9ea1..2e3ea30 100644 ---- a/fs/ocfs2/xattr.c -+++ b/fs/ocfs2/xattr.c -@@ -7189,7 +7189,7 @@ int ocfs2_init_security_and_acl(struct inode *dir, - struct buffer_head *dir_bh = NULL; - - ret = ocfs2_init_security_get(inode, dir, qstr, NULL); -- if (!ret) { -+ if (ret) { - mlog_errno(ret); - goto leave; - } -diff --git a/fs/pstore/platform.c b/fs/pstore/platform.c -index 2d1e0f3..12da9ee 100644 ---- a/fs/pstore/platform.c -+++ b/fs/pstore/platform.c -@@ -96,6 +96,27 @@ static const char *get_reason_str(enum kmsg_dump_reason reason) - } - } - -+bool pstore_cannot_block_path(enum kmsg_dump_reason reason) -+{ -+ /* -+ * In case of NMI path, pstore shouldn't be blocked -+ * regardless of reason. -+ */ -+ if (in_nmi()) -+ return true; -+ -+ switch (reason) { -+ /* In panic case, other cpus are stopped by smp_send_stop(). */ -+ case KMSG_DUMP_PANIC: -+ /* Emergency restart shouldn't be blocked by spin lock. */ -+ case KMSG_DUMP_EMERG: -+ return true; -+ default: -+ return false; -+ } -+} -+EXPORT_SYMBOL_GPL(pstore_cannot_block_path); -+ - /* - * callback from kmsg_dump. (s2,l2) has the most recently - * written bytes, older bytes are in (s1,l1). Save as much -@@ -114,10 +135,12 @@ static void pstore_dump(struct kmsg_dumper *dumper, - - why = get_reason_str(reason); - -- if (in_nmi()) { -- is_locked = spin_trylock(&psinfo->buf_lock); -- if (!is_locked) -- pr_err("pstore dump routine blocked in NMI, may corrupt error record\n"); -+ if (pstore_cannot_block_path(reason)) { -+ is_locked = spin_trylock_irqsave(&psinfo->buf_lock, flags); -+ if (!is_locked) { -+ pr_err("pstore dump routine blocked in %s path, may corrupt error record\n" -+ , in_nmi() ? "NMI" : why); -+ } - } else - spin_lock_irqsave(&psinfo->buf_lock, flags); - oopscount++; -@@ -143,9 +166,9 @@ static void pstore_dump(struct kmsg_dumper *dumper, - total += hsize + len; - part++; - } -- if (in_nmi()) { -+ if (pstore_cannot_block_path(reason)) { - if (is_locked) -- spin_unlock(&psinfo->buf_lock); -+ spin_unlock_irqrestore(&psinfo->buf_lock, flags); - } else - spin_unlock_irqrestore(&psinfo->buf_lock, flags); - } -diff --git a/fs/splice.c b/fs/splice.c -index 41514dd..c69fbb7 100644 ---- a/fs/splice.c -+++ b/fs/splice.c -@@ -696,8 +696,10 @@ static int pipe_to_sendpage(struct pipe_inode_info *pipe, - return -EINVAL; - - more = (sd->flags & SPLICE_F_MORE) ? MSG_MORE : 0; -- if (sd->len < sd->total_len) -+ -+ if (sd->len < sd->total_len && pipe->nrbufs > 1) - more |= MSG_SENDPAGE_NOTLAST; -+ - return file->f_op->sendpage(file, buf->page, buf->offset, - sd->len, &pos, more); - } -diff --git a/fs/udf/inode.c b/fs/udf/inode.c -index aa23346..585ee1c 100644 ---- a/fs/udf/inode.c -+++ b/fs/udf/inode.c -@@ -574,6 +574,7 @@ static sector_t inode_getblk(struct inode *inode, sector_t block, - struct udf_inode_info *iinfo = UDF_I(inode); - int goal = 0, pgoal = iinfo->i_location.logicalBlockNum; - int lastblock = 0; -+ bool isBeyondEOF; - - *err = 0; - *new = 0; -@@ -653,7 +654,7 @@ static sector_t inode_getblk(struct inode *inode, sector_t block, - /* Are we beyond EOF? */ - if (etype == -1) { - int ret; -- -+ isBeyondEOF = 1; - if (count) { - if (c) - laarr[0] = laarr[1]; -@@ -696,6 +697,7 @@ static sector_t inode_getblk(struct inode *inode, sector_t block, - endnum = c + 1; - lastblock = 1; - } else { -+ isBeyondEOF = 0; - endnum = startnum = ((count > 2) ? 2 : count); - - /* if the current extent is in position 0, -@@ -738,10 +740,13 @@ static sector_t inode_getblk(struct inode *inode, sector_t block, - goal, err); - if (!newblocknum) { - brelse(prev_epos.bh); -+ brelse(cur_epos.bh); -+ brelse(next_epos.bh); - *err = -ENOSPC; - return 0; - } -- iinfo->i_lenExtents += inode->i_sb->s_blocksize; -+ if (isBeyondEOF) -+ iinfo->i_lenExtents += inode->i_sb->s_blocksize; - } - - /* if the extent the requsted block is located in contains multiple -@@ -768,6 +773,8 @@ static sector_t inode_getblk(struct inode *inode, sector_t block, - udf_update_extents(inode, laarr, startnum, endnum, &prev_epos); - - brelse(prev_epos.bh); -+ brelse(cur_epos.bh); -+ brelse(next_epos.bh); - - newblock = udf_get_pblock(inode->i_sb, newblocknum, - iinfo->i_location.partitionReferenceNum, 0); -diff --git a/fs/xfs/xfs_aops.c b/fs/xfs/xfs_aops.c -index e562dd4..1236b8c 100644 ---- a/fs/xfs/xfs_aops.c -+++ b/fs/xfs/xfs_aops.c -@@ -86,11 +86,11 @@ xfs_destroy_ioend( - } - - if (ioend->io_iocb) { -+ inode_dio_done(ioend->io_inode); - if (ioend->io_isasync) { - aio_complete(ioend->io_iocb, ioend->io_error ? - ioend->io_error : ioend->io_result, 0); - } -- inode_dio_done(ioend->io_inode); - } - - mempool_free(ioend, xfs_ioend_pool); -diff --git a/include/asm-generic/tlb.h b/include/asm-generic/tlb.h -index ed6642a..25f01d0 100644 ---- a/include/asm-generic/tlb.h -+++ b/include/asm-generic/tlb.h -@@ -78,6 +78,14 @@ struct mmu_gather_batch { - #define MAX_GATHER_BATCH \ - ((PAGE_SIZE - sizeof(struct mmu_gather_batch)) / sizeof(void *)) - -+/* -+ * Limit the maximum number of mmu_gather batches to reduce a risk of soft -+ * lockups for non-preemptible kernels on huge machines when a lot of memory -+ * is zapped during unmapping. -+ * 10K pages freed at once should be safe even without a preemption point. -+ */ -+#define MAX_GATHER_BATCH_COUNT (10000UL/MAX_GATHER_BATCH) -+ - /* struct mmu_gather is an opaque type used by the mm code for passing around - * any data needed by arch specific code for tlb_remove_page. - */ -@@ -96,6 +104,7 @@ struct mmu_gather { - struct mmu_gather_batch *active; - struct mmu_gather_batch local; - struct page *__pages[MMU_GATHER_BUNDLE]; -+ unsigned int batch_count; - }; - - #define HAVE_GENERIC_MMU_GATHER -diff --git a/include/linux/auto_fs.h b/include/linux/auto_fs.h -index da64e15..6cdabb4 100644 ---- a/include/linux/auto_fs.h -+++ b/include/linux/auto_fs.h -@@ -31,25 +31,16 @@ - #define AUTOFS_MIN_PROTO_VERSION AUTOFS_PROTO_VERSION - - /* -- * Architectures where both 32- and 64-bit binaries can be executed -- * on 64-bit kernels need this. This keeps the structure format -- * uniform, and makes sure the wait_queue_token isn't too big to be -- * passed back down to the kernel. -- * -- * This assumes that on these architectures: -- * mode 32 bit 64 bit -- * ------------------------- -- * int 32 bit 32 bit -- * long 32 bit 64 bit -- * -- * If so, 32-bit user-space code should be backwards compatible. -+ * The wait_queue_token (autofs_wqt_t) is part of a structure which is passed -+ * back to the kernel via ioctl from userspace. On architectures where 32- and -+ * 64-bit userspace binaries can be executed it's important that the size of -+ * autofs_wqt_t stays constant between 32- and 64-bit Linux kernels so that we -+ * do not break the binary ABI interface by changing the structure size. - */ -- --#if defined(__sparc__) || defined(__mips__) || defined(__x86_64__) \ -- || defined(__powerpc__) || defined(__s390__) --typedef unsigned int autofs_wqt_t; --#else -+#if defined(__ia64__) || defined(__alpha__) /* pure 64bit architectures */ - typedef unsigned long autofs_wqt_t; -+#else -+typedef unsigned int autofs_wqt_t; - #endif - - /* Packet types */ -diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h -index 366422b..eb53e15 100644 ---- a/include/linux/binfmts.h -+++ b/include/linux/binfmts.h -@@ -128,6 +128,7 @@ extern int setup_arg_pages(struct linux_binprm * bprm, - unsigned long stack_top, - int executable_stack); - extern int bprm_mm_init(struct linux_binprm *bprm); -+extern int bprm_change_interp(char *interp, struct linux_binprm *bprm); - extern int copy_strings_kernel(int argc, const char *const *argv, - struct linux_binprm *bprm); - extern int prepare_bprm_creds(struct linux_binprm *bprm); -diff --git a/include/linux/ceph/libceph.h b/include/linux/ceph/libceph.h -index 4262478..317aff8 100644 ---- a/include/linux/ceph/libceph.h -+++ b/include/linux/ceph/libceph.h -@@ -43,7 +43,6 @@ struct ceph_options { - struct ceph_entity_addr my_addr; - int mount_timeout; - int osd_idle_ttl; -- int osd_timeout; - int osd_keepalive_timeout; - - /* -@@ -63,7 +62,6 @@ struct ceph_options { - * defaults - */ - #define CEPH_MOUNT_TIMEOUT_DEFAULT 60 --#define CEPH_OSD_TIMEOUT_DEFAULT 60 /* seconds */ - #define CEPH_OSD_KEEPALIVE_DEFAULT 5 - #define CEPH_OSD_IDLE_TTL_DEFAULT 60 - -diff --git a/include/linux/console.h b/include/linux/console.h -index 7201ce4..f59e942 100644 ---- a/include/linux/console.h -+++ b/include/linux/console.h -@@ -77,7 +77,9 @@ extern const struct consw prom_con; /* SPARC PROM console */ - int con_is_bound(const struct consw *csw); - int register_con_driver(const struct consw *csw, int first, int last); - int unregister_con_driver(const struct consw *csw); -+int do_unregister_con_driver(const struct consw *csw); - int take_over_console(const struct consw *sw, int first, int last, int deflt); -+int do_take_over_console(const struct consw *sw, int first, int last, int deflt); - void give_up_console(const struct consw *sw); - #ifdef CONFIG_HW_CONSOLE - int con_debug_enter(struct vc_data *vc); -diff --git a/include/linux/efi.h b/include/linux/efi.h -index 5782114..eee8b0b 100644 ---- a/include/linux/efi.h -+++ b/include/linux/efi.h -@@ -539,18 +539,30 @@ extern int __init efi_setup_pcdp_console(char *); - #endif - - /* -- * We play games with efi_enabled so that the compiler will, if possible, remove -- * EFI-related code altogether. -+ * We play games with efi_enabled so that the compiler will, if -+ * possible, remove EFI-related code altogether. - */ -+#define EFI_BOOT 0 /* Were we booted from EFI? */ -+#define EFI_SYSTEM_TABLES 1 /* Can we use EFI system tables? */ -+#define EFI_CONFIG_TABLES 2 /* Can we use EFI config tables? */ -+#define EFI_RUNTIME_SERVICES 3 /* Can we use runtime services? */ -+#define EFI_MEMMAP 4 /* Can we use EFI memory map? */ -+#define EFI_64BIT 5 /* Is the firmware 64-bit? */ -+ - #ifdef CONFIG_EFI - # ifdef CONFIG_X86 -- extern int efi_enabled; -- extern bool efi_64bit; -+extern int efi_enabled(int facility); - # else --# define efi_enabled 1 -+static inline int efi_enabled(int facility) -+{ -+ return 1; -+} - # endif - #else --# define efi_enabled 0 -+static inline int efi_enabled(int facility) -+{ -+ return 0; -+} - #endif - - /* -diff --git a/include/linux/freezer.h b/include/linux/freezer.h -index d09af4b..ee89932 100644 ---- a/include/linux/freezer.h -+++ b/include/linux/freezer.h -@@ -75,28 +75,62 @@ static inline bool cgroup_freezing(struct task_struct *task) - */ - - --/* Tell the freezer not to count the current task as freezable. */ -+/** -+ * freezer_do_not_count - tell freezer to ignore %current -+ * -+ * Tell freezers to ignore the current task when determining whether the -+ * target frozen state is reached. IOW, the current task will be -+ * considered frozen enough by freezers. -+ * -+ * The caller shouldn't do anything which isn't allowed for a frozen task -+ * until freezer_cont() is called. Usually, freezer[_do_not]_count() pair -+ * wrap a scheduling operation and nothing much else. -+ */ - static inline void freezer_do_not_count(void) - { - current->flags |= PF_FREEZER_SKIP; - } - --/* -- * Tell the freezer to count the current task as freezable again and try to -- * freeze it. -+/** -+ * freezer_count - tell freezer to stop ignoring %current -+ * -+ * Undo freezer_do_not_count(). It tells freezers that %current should be -+ * considered again and tries to freeze if freezing condition is already in -+ * effect. - */ - static inline void freezer_count(void) - { - current->flags &= ~PF_FREEZER_SKIP; -+ /* -+ * If freezing is in progress, the following paired with smp_mb() -+ * in freezer_should_skip() ensures that either we see %true -+ * freezing() or freezer_should_skip() sees !PF_FREEZER_SKIP. -+ */ -+ smp_mb(); - try_to_freeze(); - } - --/* -- * Check if the task should be counted as freezable by the freezer -+/** -+ * freezer_should_skip - whether to skip a task when determining frozen -+ * state is reached -+ * @p: task in quesion -+ * -+ * This function is used by freezers after establishing %true freezing() to -+ * test whether a task should be skipped when determining the target frozen -+ * state is reached. IOW, if this function returns %true, @p is considered -+ * frozen enough. - */ --static inline int freezer_should_skip(struct task_struct *p) -+static inline bool freezer_should_skip(struct task_struct *p) - { -- return !!(p->flags & PF_FREEZER_SKIP); -+ /* -+ * The following smp_mb() paired with the one in freezer_count() -+ * ensures that either freezer_count() sees %true freezing() or we -+ * see cleared %PF_FREEZER_SKIP and return %false. This makes it -+ * impossible for a task to slip frozen state testing after -+ * clearing %PF_FREEZER_SKIP. -+ */ -+ smp_mb(); -+ return p->flags & PF_FREEZER_SKIP; - } - - /* -diff --git a/include/linux/if_vlan.h b/include/linux/if_vlan.h -index 561e130..9b0c614 100644 ---- a/include/linux/if_vlan.h -+++ b/include/linux/if_vlan.h -@@ -327,7 +327,7 @@ static inline void vlan_set_encap_proto(struct sk_buff *skb, - struct vlan_hdr *vhdr) - { - __be16 proto; -- unsigned char *rawp; -+ unsigned short *rawp; - - /* - * Was a VLAN packet, grab the encapsulated protocol, which the layer -@@ -340,8 +340,8 @@ static inline void vlan_set_encap_proto(struct sk_buff *skb, - return; - } - -- rawp = skb->data; -- if (*(unsigned short *) rawp == 0xFFFF) -+ rawp = (unsigned short *)(vhdr + 1); -+ if (*rawp == 0xFFFF) - /* - * This is a magic hack to spot IPX packets. Older Novell - * breaks the protocol design and runs IPX over 802.3 without -diff --git a/include/linux/mmu_notifier.h b/include/linux/mmu_notifier.h -index 1d1b1e1..ee2baf0 100644 ---- a/include/linux/mmu_notifier.h -+++ b/include/linux/mmu_notifier.h -@@ -4,6 +4,7 @@ - #include <linux/list.h> - #include <linux/spinlock.h> - #include <linux/mm_types.h> -+#include <linux/srcu.h> - - struct mmu_notifier; - struct mmu_notifier_ops; -diff --git a/include/linux/page-flags.h b/include/linux/page-flags.h -index b5d1384..70473da 100644 ---- a/include/linux/page-flags.h -+++ b/include/linux/page-flags.h -@@ -362,7 +362,7 @@ static inline void ClearPageCompound(struct page *page) - * pages on the LRU and/or pagecache. - */ - TESTPAGEFLAG(Compound, compound) --__PAGEFLAG(Head, compound) -+__SETPAGEFLAG(Head, compound) __CLEARPAGEFLAG(Head, compound) - - /* - * PG_reclaim is used in combination with PG_compound to mark the -@@ -374,8 +374,14 @@ __PAGEFLAG(Head, compound) - * PG_compound & PG_reclaim => Tail page - * PG_compound & ~PG_reclaim => Head page - */ -+#define PG_head_mask ((1L << PG_compound)) - #define PG_head_tail_mask ((1L << PG_compound) | (1L << PG_reclaim)) - -+static inline int PageHead(struct page *page) -+{ -+ return ((page->flags & PG_head_tail_mask) == PG_head_mask); -+} -+ - static inline int PageTail(struct page *page) - { - return ((page->flags & PG_head_tail_mask) == PG_head_tail_mask); -diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h -index 8d3c427..50a6cbe 100644 ---- a/include/linux/pci_ids.h -+++ b/include/linux/pci_ids.h -@@ -1566,6 +1566,7 @@ - #define PCI_DEVICE_ID_RICOH_RL5C476 0x0476 - #define PCI_DEVICE_ID_RICOH_RL5C478 0x0478 - #define PCI_DEVICE_ID_RICOH_R5C822 0x0822 -+#define PCI_DEVICE_ID_RICOH_R5CE822 0xe822 - #define PCI_DEVICE_ID_RICOH_R5CE823 0xe823 - #define PCI_DEVICE_ID_RICOH_R5C832 0x0832 - #define PCI_DEVICE_ID_RICOH_R5C843 0x0843 -diff --git a/include/linux/pstore.h b/include/linux/pstore.h -index c892587..2e24e22 100644 ---- a/include/linux/pstore.h -+++ b/include/linux/pstore.h -@@ -74,12 +74,18 @@ static inline void pstore_ftrace_call(unsigned long ip, unsigned long parent_ip) - - #ifdef CONFIG_PSTORE - extern int pstore_register(struct pstore_info *); -+extern bool pstore_cannot_block_path(enum kmsg_dump_reason reason); - #else - static inline int - pstore_register(struct pstore_info *psi) - { - return -ENODEV; - } -+static inline bool -+pstore_cannot_block_path(enum kmsg_dump_reason reason) -+{ -+ return false; -+} - #endif - - #endif /*_LINUX_PSTORE_H*/ -diff --git a/include/linux/quota.h b/include/linux/quota.h -index 524ede8..2a0327e 100644 ---- a/include/linux/quota.h -+++ b/include/linux/quota.h -@@ -417,6 +417,7 @@ struct quota_module_name { - #define INIT_QUOTA_MODULE_NAMES {\ - {QFMT_VFS_OLD, "quota_v1"},\ - {QFMT_VFS_V0, "quota_v2"},\ -+ {QFMT_VFS_V1, "quota_v2"},\ - {0, NULL}} - - #endif /* __KERNEL__ */ -diff --git a/include/linux/sched.h b/include/linux/sched.h -index 23bddac..d2bbc12 100644 ---- a/include/linux/sched.h -+++ b/include/linux/sched.h -@@ -2684,7 +2684,16 @@ static inline void thread_group_cputime_init(struct signal_struct *sig) - extern void recalc_sigpending_and_wake(struct task_struct *t); - extern void recalc_sigpending(void); - --extern void signal_wake_up(struct task_struct *t, int resume_stopped); -+extern void signal_wake_up_state(struct task_struct *t, unsigned int state); -+ -+static inline void signal_wake_up(struct task_struct *t, bool resume) -+{ -+ signal_wake_up_state(t, resume ? TASK_WAKEKILL : 0); -+} -+static inline void ptrace_signal_wake_up(struct task_struct *t, bool resume) -+{ -+ signal_wake_up_state(t, resume ? __TASK_TRACED : 0); -+} - - /* - * Wrappers for p->thread_info->cpu access. No-op on UP. -diff --git a/include/linux/usb/audio.h b/include/linux/usb/audio.h -index a54b825..6f8b026 100644 ---- a/include/linux/usb/audio.h -+++ b/include/linux/usb/audio.h -@@ -384,14 +384,16 @@ static inline __u8 uac_processing_unit_iProcessing(struct uac_processing_unit_de - int protocol) - { - __u8 control_size = uac_processing_unit_bControlSize(desc, protocol); -- return desc->baSourceID[desc->bNrInPins + control_size]; -+ return *(uac_processing_unit_bmControls(desc, protocol) -+ + control_size); - } - - static inline __u8 *uac_processing_unit_specific(struct uac_processing_unit_descriptor *desc, - int protocol) - { - __u8 control_size = uac_processing_unit_bControlSize(desc, protocol); -- return &desc->baSourceID[desc->bNrInPins + control_size + 1]; -+ return uac_processing_unit_bmControls(desc, protocol) -+ + control_size + 1; - } - - /* 4.5.2 Class-Specific AS Interface Descriptor */ -diff --git a/include/linux/usb/ch9.h b/include/linux/usb/ch9.h -index d1d732c..17de73a 100644 ---- a/include/linux/usb/ch9.h -+++ b/include/linux/usb/ch9.h -@@ -152,6 +152,12 @@ - #define USB_INTRF_FUNC_SUSPEND_LP (1 << (8 + 0)) - #define USB_INTRF_FUNC_SUSPEND_RW (1 << (8 + 1)) - -+/* -+ * Interface status, Figure 9-5 USB 3.0 spec -+ */ -+#define USB_INTRF_STAT_FUNC_RW_CAP 1 -+#define USB_INTRF_STAT_FUNC_RW 2 -+ - #define USB_ENDPOINT_HALT 0 /* IN/OUT will STALL */ - - /* Bit array elements as returned by the USB_REQ_GET_STATUS request. */ -diff --git a/include/linux/vt_kern.h b/include/linux/vt_kern.h -index 50ae7d0..e8d6571 100644 ---- a/include/linux/vt_kern.h -+++ b/include/linux/vt_kern.h -@@ -47,6 +47,7 @@ int con_set_cmap(unsigned char __user *cmap); - int con_get_cmap(unsigned char __user *cmap); - void scrollback(struct vc_data *vc, int lines); - void scrollfront(struct vc_data *vc, int lines); -+void clear_buffer_attributes(struct vc_data *vc); - void update_region(struct vc_data *vc, unsigned long start, int count); - void redraw_screen(struct vc_data *vc, int is_switch); - #define update_screen(x) redraw_screen(x, 0) -@@ -130,6 +131,8 @@ void vt_event_post(unsigned int event, unsigned int old, unsigned int new); - int vt_waitactive(int n); - void change_console(struct vc_data *new_vc); - void reset_vc(struct vc_data *vc); -+extern int do_unbind_con_driver(const struct consw *csw, int first, int last, -+ int deflt); - extern int unbind_con_driver(const struct consw *csw, int first, int last, - int deflt); - int vty_init(const struct file_operations *console_fops); -diff --git a/include/net/inet6_hashtables.h b/include/net/inet6_hashtables.h -index 9e34c87..f071f50 100644 ---- a/include/net/inet6_hashtables.h -+++ b/include/net/inet6_hashtables.h -@@ -28,16 +28,16 @@ - - struct inet_hashinfo; - --/* I have no idea if this is a good hash for v6 or not. -DaveM */ - static inline unsigned int inet6_ehashfn(struct net *net, - const struct in6_addr *laddr, const u16 lport, - const struct in6_addr *faddr, const __be16 fport) - { -- u32 ports = (lport ^ (__force u16)fport); -+ u32 ports = (((u32)lport) << 16) | (__force u32)fport; - - return jhash_3words((__force u32)laddr->s6_addr32[3], -- (__force u32)faddr->s6_addr32[3], -- ports, inet_ehash_secret + net_hash_mix(net)); -+ ipv6_addr_jhash(faddr), -+ ports, -+ inet_ehash_secret + net_hash_mix(net)); - } - - static inline int inet6_sk_ehashfn(const struct sock *sk) -diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h -index ba1d361..1832927 100644 ---- a/include/net/inet_connection_sock.h -+++ b/include/net/inet_connection_sock.h -@@ -318,6 +318,7 @@ extern void inet_csk_reqsk_queue_prune(struct sock *parent, - const unsigned long max_rto); - - extern void inet_csk_destroy_sock(struct sock *sk); -+extern void inet_csk_prepare_forced_close(struct sock *sk); - - /* - * LISTEN is a special case for poll.. -diff --git a/include/net/inet_sock.h b/include/net/inet_sock.h -index 613cfa4..8eac4a9 100644 ---- a/include/net/inet_sock.h -+++ b/include/net/inet_sock.h -@@ -203,6 +203,7 @@ static inline void inet_sk_copy_descendant(struct sock *sk_to, - extern int inet_sk_rebuild_header(struct sock *sk); - - extern u32 inet_ehash_secret; -+extern u32 ipv6_hash_secret; - extern void build_ehash_secret(void); - - static inline unsigned int inet_ehashfn(struct net *net, -diff --git a/include/net/ipv6.h b/include/net/ipv6.h -index 01c34b3..640591f 100644 ---- a/include/net/ipv6.h -+++ b/include/net/ipv6.h -@@ -15,6 +15,7 @@ - - #include <linux/ipv6.h> - #include <linux/hardirq.h> -+#include <linux/jhash.h> - #include <net/if_inet6.h> - #include <net/ndisc.h> - #include <net/flow.h> -@@ -432,6 +433,17 @@ static inline u32 ipv6_addr_hash(const struct in6_addr *a) - #endif - } - -+/* more secured version of ipv6_addr_hash() */ -+static inline u32 ipv6_addr_jhash(const struct in6_addr *a) -+{ -+ u32 v = (__force u32)a->s6_addr32[0] ^ (__force u32)a->s6_addr32[1]; -+ -+ return jhash_3words(v, -+ (__force u32)a->s6_addr32[2], -+ (__force u32)a->s6_addr32[3], -+ ipv6_hash_secret); -+} -+ - static inline bool ipv6_addr_loopback(const struct in6_addr *a) - { - return (a->s6_addr32[0] | a->s6_addr32[1] | -diff --git a/include/net/sock.h b/include/net/sock.h -index adb7da2..450a2af 100644 ---- a/include/net/sock.h -+++ b/include/net/sock.h -@@ -1012,7 +1012,7 @@ static inline void sk_refcnt_debug_dec(struct sock *sk) - sk->sk_prot->name, sk, atomic_read(&sk->sk_prot->socks)); - } - --inline void sk_refcnt_debug_release(const struct sock *sk) -+static inline void sk_refcnt_debug_release(const struct sock *sk) - { - if (atomic_read(&sk->sk_refcnt) != 1) - printk(KERN_DEBUG "Destruction of the %s socket %p delayed, refcnt=%d\n", -diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h -index 5be8937..fca8bbe 100644 ---- a/include/target/target_core_base.h -+++ b/include/target/target_core_base.h -@@ -734,6 +734,8 @@ struct se_subsystem_dev { - }; - - struct se_device { -+#define SE_DEV_LINK_MAGIC 0xfeeddeef -+ u32 dev_link_magic; - /* RELATIVE TARGET PORT IDENTIFER Counter */ - u16 dev_rpti_counter; - /* Used for SAM Task Attribute ordering */ -@@ -820,6 +822,8 @@ struct se_port_stat_grps { - }; - - struct se_lun { -+#define SE_LUN_LINK_MAGIC 0xffff7771 -+ u32 lun_link_magic; - /* See transport_lun_status_table */ - enum transport_lun_status_table lun_status; - u32 lun_access; -diff --git a/init/main.c b/init/main.c -index d61ec54..5973f47 100644 ---- a/init/main.c -+++ b/init/main.c -@@ -603,7 +603,7 @@ asmlinkage void __init start_kernel(void) - pidmap_init(); - anon_vma_init(); - #ifdef CONFIG_X86 -- if (efi_enabled) -+ if (efi_enabled(EFI_RUNTIME_SERVICES)) - efi_enter_virtual_mode(); - #endif - thread_info_cache_init(); -@@ -631,7 +631,7 @@ asmlinkage void __init start_kernel(void) - acpi_early_init(); /* before LAPIC and SMP init */ - sfi_init_late(); - -- if (efi_enabled) -+ if (efi_enabled(EFI_RUNTIME_SERVICES)) - efi_free_boot_services(); - - ftrace_init(); -diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index ff2bce5..2cd3492 100644 ---- a/kernel/cgroup.c -+++ b/kernel/cgroup.c -@@ -422,12 +422,20 @@ static void __put_css_set(struct css_set *cg, int taskexit) - struct cgroup *cgrp = link->cgrp; - list_del(&link->cg_link_list); - list_del(&link->cgrp_link_list); -+ -+ /* -+ * We may not be holding cgroup_mutex, and if cgrp->count is -+ * dropped to 0 the cgroup can be destroyed at any time, hence -+ * rcu_read_lock is used to keep it alive. -+ */ -+ rcu_read_lock(); - if (atomic_dec_and_test(&cgrp->count) && - notify_on_release(cgrp)) { - if (taskexit) - set_bit(CGRP_RELEASABLE, &cgrp->flags); - check_for_release(cgrp); - } -+ rcu_read_unlock(); - - kfree(link); - } -@@ -2635,9 +2643,7 @@ static int cgroup_create_dir(struct cgroup *cgrp, struct dentry *dentry, - dentry->d_fsdata = cgrp; - inc_nlink(parent->d_inode); - rcu_assign_pointer(cgrp->dentry, dentry); -- dget(dentry); - } -- dput(dentry); - - return error; - } -diff --git a/kernel/cpuset.c b/kernel/cpuset.c -index f33c715..01abde2 100644 ---- a/kernel/cpuset.c -+++ b/kernel/cpuset.c -@@ -2519,8 +2519,16 @@ void cpuset_print_task_mems_allowed(struct task_struct *tsk) - - dentry = task_cs(tsk)->css.cgroup->dentry; - spin_lock(&cpuset_buffer_lock); -- snprintf(cpuset_name, CPUSET_NAME_LEN, -- dentry ? (const char *)dentry->d_name.name : "/"); -+ -+ if (!dentry) { -+ strcpy(cpuset_name, "/"); -+ } else { -+ spin_lock(&dentry->d_lock); -+ strlcpy(cpuset_name, (const char *)dentry->d_name.name, -+ CPUSET_NAME_LEN); -+ spin_unlock(&dentry->d_lock); -+ } -+ - nodelist_scnprintf(cpuset_nodelist, CPUSET_NODELIST_LEN, - tsk->mems_allowed); - printk(KERN_INFO "%s cpuset=%s mems_allowed=%s\n", -diff --git a/kernel/futex.c b/kernel/futex.c -index 19eb089..8879430 100644 ---- a/kernel/futex.c -+++ b/kernel/futex.c -@@ -2471,8 +2471,6 @@ SYSCALL_DEFINE3(get_robust_list, int, pid, - if (!futex_cmpxchg_enabled) - return -ENOSYS; - -- WARN_ONCE(1, "deprecated: get_robust_list will be deleted in 2013.\n"); -- - rcu_read_lock(); - - ret = -ESRCH; -diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c -index 83e368b..a9642d5 100644 ---- a/kernel/futex_compat.c -+++ b/kernel/futex_compat.c -@@ -142,8 +142,6 @@ compat_sys_get_robust_list(int pid, compat_uptr_t __user *head_ptr, - if (!futex_cmpxchg_enabled) - return -ENOSYS; - -- WARN_ONCE(1, "deprecated: get_robust_list will be deleted in 2013.\n"); -- - rcu_read_lock(); - - ret = -ESRCH; -diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index 6db7a5e..cdd5607 100644 ---- a/kernel/hrtimer.c -+++ b/kernel/hrtimer.c -@@ -640,21 +640,9 @@ static inline void hrtimer_init_hres(struct hrtimer_cpu_base *base) - * and expiry check is done in the hrtimer_interrupt or in the softirq. - */ - static inline int hrtimer_enqueue_reprogram(struct hrtimer *timer, -- struct hrtimer_clock_base *base, -- int wakeup) -+ struct hrtimer_clock_base *base) - { -- if (base->cpu_base->hres_active && hrtimer_reprogram(timer, base)) { -- if (wakeup) { -- raw_spin_unlock(&base->cpu_base->lock); -- raise_softirq_irqoff(HRTIMER_SOFTIRQ); -- raw_spin_lock(&base->cpu_base->lock); -- } else -- __raise_softirq_irqoff(HRTIMER_SOFTIRQ); -- -- return 1; -- } -- -- return 0; -+ return base->cpu_base->hres_active && hrtimer_reprogram(timer, base); - } - - static inline ktime_t hrtimer_update_base(struct hrtimer_cpu_base *base) -@@ -735,8 +723,7 @@ static inline int hrtimer_switch_to_hres(void) { return 0; } - static inline void - hrtimer_force_reprogram(struct hrtimer_cpu_base *base, int skip_equal) { } - static inline int hrtimer_enqueue_reprogram(struct hrtimer *timer, -- struct hrtimer_clock_base *base, -- int wakeup) -+ struct hrtimer_clock_base *base) - { - return 0; - } -@@ -995,8 +982,21 @@ int __hrtimer_start_range_ns(struct hrtimer *timer, ktime_t tim, - * - * XXX send_remote_softirq() ? - */ -- if (leftmost && new_base->cpu_base == &__get_cpu_var(hrtimer_bases)) -- hrtimer_enqueue_reprogram(timer, new_base, wakeup); -+ if (leftmost && new_base->cpu_base == &__get_cpu_var(hrtimer_bases) -+ && hrtimer_enqueue_reprogram(timer, new_base)) { -+ if (wakeup) { -+ /* -+ * We need to drop cpu_base->lock to avoid a -+ * lock ordering issue vs. rq->lock. -+ */ -+ raw_spin_unlock(&new_base->cpu_base->lock); -+ raise_softirq_irqoff(HRTIMER_SOFTIRQ); -+ local_irq_restore(flags); -+ return ret; -+ } else { -+ __raise_softirq_irqoff(HRTIMER_SOFTIRQ); -+ } -+ } - - unlock_hrtimer_base(timer, &flags); - -diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c -index 4c69326..e48caf8 100644 ---- a/kernel/irq/manage.c -+++ b/kernel/irq/manage.c -@@ -716,6 +716,7 @@ static void - irq_thread_check_affinity(struct irq_desc *desc, struct irqaction *action) - { - cpumask_var_t mask; -+ bool valid = true; - - if (!test_and_clear_bit(IRQTF_AFFINITY, &action->thread_flags)) - return; -@@ -730,10 +731,18 @@ irq_thread_check_affinity(struct irq_desc *desc, struct irqaction *action) - } - - raw_spin_lock_irq(&desc->lock); -- cpumask_copy(mask, desc->irq_data.affinity); -+ /* -+ * This code is triggered unconditionally. Check the affinity -+ * mask pointer. For CPU_MASK_OFFSTACK=n this is optimized out. -+ */ -+ if (desc->irq_data.affinity) -+ cpumask_copy(mask, desc->irq_data.affinity); -+ else -+ valid = false; - raw_spin_unlock_irq(&desc->lock); - -- set_cpus_allowed_ptr(current, mask); -+ if (valid) -+ set_cpus_allowed_ptr(current, mask); - free_cpumask_var(mask); - } - #else -@@ -936,6 +945,16 @@ __setup_irq(unsigned int irq, struct irq_desc *desc, struct irqaction *new) - */ - get_task_struct(t); - new->thread = t; -+ /* -+ * Tell the thread to set its affinity. This is -+ * important for shared interrupt handlers as we do -+ * not invoke setup_affinity() for the secondary -+ * handlers as everything is already set up. Even for -+ * interrupts marked with IRQF_NO_BALANCE this is -+ * correct as we want the thread to move to the cpu(s) -+ * on which the requesting code placed the interrupt. -+ */ -+ set_bit(IRQTF_AFFINITY, &new->thread_flags); - } - - if (!alloc_cpumask_var(&mask, GFP_KERNEL)) { -diff --git a/kernel/irq/spurious.c b/kernel/irq/spurious.c -index 611cd60..7b5f012 100644 ---- a/kernel/irq/spurious.c -+++ b/kernel/irq/spurious.c -@@ -80,13 +80,11 @@ static int try_one_irq(int irq, struct irq_desc *desc, bool force) - - /* - * All handlers must agree on IRQF_SHARED, so we test just the -- * first. Check for action->next as well. -+ * first. - */ - action = desc->action; - if (!action || !(action->flags & IRQF_SHARED) || -- (action->flags & __IRQF_TIMER) || -- (action->handler(irq, action->dev_id) == IRQ_HANDLED) || -- !action->next) -+ (action->flags & __IRQF_TIMER)) - goto out; - - /* Already running on another processor */ -@@ -104,6 +102,7 @@ static int try_one_irq(int irq, struct irq_desc *desc, bool force) - do { - if (handle_irq_event(desc) == IRQ_HANDLED) - ret = IRQ_HANDLED; -+ /* Make sure that there is still a valid action */ - action = desc->action; - } while ((desc->istate & IRQS_PENDING) && action); - desc->istate &= ~IRQS_POLL_INPROGRESS; -diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c -index 125cb67..acbb79c 100644 ---- a/kernel/posix-cpu-timers.c -+++ b/kernel/posix-cpu-timers.c -@@ -1422,8 +1422,10 @@ static int do_cpu_nanosleep(const clockid_t which_clock, int flags, - while (!signal_pending(current)) { - if (timer.it.cpu.expires.sched == 0) { - /* -- * Our timer fired and was reset. -+ * Our timer fired and was reset, below -+ * deletion can not fail. - */ -+ posix_cpu_timer_del(&timer); - spin_unlock_irq(&timer.it_lock); - return 0; - } -@@ -1441,9 +1443,26 @@ static int do_cpu_nanosleep(const clockid_t which_clock, int flags, - * We were interrupted by a signal. - */ - sample_to_timespec(which_clock, timer.it.cpu.expires, rqtp); -- posix_cpu_timer_set(&timer, 0, &zero_it, it); -+ error = posix_cpu_timer_set(&timer, 0, &zero_it, it); -+ if (!error) { -+ /* -+ * Timer is now unarmed, deletion can not fail. -+ */ -+ posix_cpu_timer_del(&timer); -+ } - spin_unlock_irq(&timer.it_lock); - -+ while (error == TIMER_RETRY) { -+ /* -+ * We need to handle case when timer was or is in the -+ * middle of firing. In other cases we already freed -+ * resources. -+ */ -+ spin_lock_irq(&timer.it_lock); -+ error = posix_cpu_timer_del(&timer); -+ spin_unlock_irq(&timer.it_lock); -+ } -+ - if ((it->it_value.tv_sec | it->it_value.tv_nsec) == 0) { - /* - * It actually did fire already. -diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c -index 69185ae..e885be1 100644 ---- a/kernel/posix-timers.c -+++ b/kernel/posix-timers.c -@@ -639,6 +639,13 @@ static struct k_itimer *__lock_timer(timer_t timer_id, unsigned long *flags) - { - struct k_itimer *timr; - -+ /* -+ * timer_t could be any type >= int and we want to make sure any -+ * @timer_id outside positive int range fails lookup. -+ */ -+ if ((unsigned long long)timer_id > INT_MAX) -+ return NULL; -+ - rcu_read_lock(); - timr = idr_find(&posix_timers_id, (int)timer_id); - if (timr) { -diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index a232bb5..b96de86b4 100644 ---- a/kernel/ptrace.c -+++ b/kernel/ptrace.c -@@ -117,11 +117,45 @@ void __ptrace_unlink(struct task_struct *child) - * TASK_KILLABLE sleeps. - */ - if (child->jobctl & JOBCTL_STOP_PENDING || task_is_traced(child)) -- signal_wake_up(child, task_is_traced(child)); -+ ptrace_signal_wake_up(child, true); - - spin_unlock(&child->sighand->siglock); - } - -+/* Ensure that nothing can wake it up, even SIGKILL */ -+static bool ptrace_freeze_traced(struct task_struct *task) -+{ -+ bool ret = false; -+ -+ /* Lockless, nobody but us can set this flag */ -+ if (task->jobctl & JOBCTL_LISTENING) -+ return ret; -+ -+ spin_lock_irq(&task->sighand->siglock); -+ if (task_is_traced(task) && !__fatal_signal_pending(task)) { -+ task->state = __TASK_TRACED; -+ ret = true; -+ } -+ spin_unlock_irq(&task->sighand->siglock); -+ -+ return ret; -+} -+ -+static void ptrace_unfreeze_traced(struct task_struct *task) -+{ -+ if (task->state != __TASK_TRACED) -+ return; -+ -+ WARN_ON(!task->ptrace || task->parent != current); -+ -+ spin_lock_irq(&task->sighand->siglock); -+ if (__fatal_signal_pending(task)) -+ wake_up_state(task, __TASK_TRACED); -+ else -+ task->state = TASK_TRACED; -+ spin_unlock_irq(&task->sighand->siglock); -+} -+ - /** - * ptrace_check_attach - check whether ptracee is ready for ptrace operation - * @child: ptracee to check for -@@ -151,24 +185,29 @@ int ptrace_check_attach(struct task_struct *child, bool ignore_state) - * be changed by us so it's not changing right after this. - */ - read_lock(&tasklist_lock); -- if ((child->ptrace & PT_PTRACED) && child->parent == current) { -+ if (child->ptrace && child->parent == current) { -+ WARN_ON(child->state == __TASK_TRACED); - /* - * child->sighand can't be NULL, release_task() - * does ptrace_unlink() before __exit_signal(). - */ -- spin_lock_irq(&child->sighand->siglock); -- WARN_ON_ONCE(task_is_stopped(child)); -- if (ignore_state || (task_is_traced(child) && -- !(child->jobctl & JOBCTL_LISTENING))) -+ if (ignore_state || ptrace_freeze_traced(child)) - ret = 0; -- spin_unlock_irq(&child->sighand->siglock); - } - read_unlock(&tasklist_lock); - -- if (!ret && !ignore_state) -- ret = wait_task_inactive(child, TASK_TRACED) ? 0 : -ESRCH; -+ if (!ret && !ignore_state) { -+ if (!wait_task_inactive(child, __TASK_TRACED)) { -+ /* -+ * This can only happen if may_ptrace_stop() fails and -+ * ptrace_stop() changes ->state back to TASK_RUNNING, -+ * so we should not worry about leaking __TASK_TRACED. -+ */ -+ WARN_ON(child->state == __TASK_TRACED); -+ ret = -ESRCH; -+ } -+ } - -- /* All systems go.. */ - return ret; - } - -@@ -310,7 +349,7 @@ static int ptrace_attach(struct task_struct *task, long request, - */ - if (task_is_stopped(task) && - task_set_jobctl_pending(task, JOBCTL_TRAP_STOP | JOBCTL_TRAPPING)) -- signal_wake_up(task, 1); -+ signal_wake_up_state(task, __TASK_STOPPED); - - spin_unlock(&task->sighand->siglock); - -@@ -727,7 +766,7 @@ int ptrace_request(struct task_struct *child, long request, - * tracee into STOP. - */ - if (likely(task_set_jobctl_pending(child, JOBCTL_TRAP_STOP))) -- signal_wake_up(child, child->jobctl & JOBCTL_LISTENING); -+ ptrace_signal_wake_up(child, child->jobctl & JOBCTL_LISTENING); - - unlock_task_sighand(child, &flags); - ret = 0; -@@ -753,7 +792,7 @@ int ptrace_request(struct task_struct *child, long request, - * start of this trap and now. Trigger re-trap. - */ - if (child->jobctl & JOBCTL_TRAP_NOTIFY) -- signal_wake_up(child, true); -+ ptrace_signal_wake_up(child, true); - ret = 0; - } - unlock_task_sighand(child, &flags); -@@ -890,6 +929,8 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, - goto out_put_task_struct; - - ret = arch_ptrace(child, request, addr, data); -+ if (ret || request != PTRACE_DETACH) -+ ptrace_unfreeze_traced(child); - - out_put_task_struct: - put_task_struct(child); -@@ -1029,8 +1070,11 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, - - ret = ptrace_check_attach(child, request == PTRACE_KILL || - request == PTRACE_INTERRUPT); -- if (!ret) -+ if (!ret) { - ret = compat_arch_ptrace(child, request, addr, data); -+ if (ret || request != PTRACE_DETACH) -+ ptrace_unfreeze_traced(child); -+ } - - out_put_task_struct: - put_task_struct(child); -diff --git a/kernel/resource.c b/kernel/resource.c -index 34d4588..73f35d4 100644 ---- a/kernel/resource.c -+++ b/kernel/resource.c -@@ -763,6 +763,7 @@ static void __init __reserve_region_with_split(struct resource *root, - struct resource *parent = root; - struct resource *conflict; - struct resource *res = kzalloc(sizeof(*res), GFP_ATOMIC); -+ struct resource *next_res = NULL; - - if (!res) - return; -@@ -772,21 +773,46 @@ static void __init __reserve_region_with_split(struct resource *root, - res->end = end; - res->flags = IORESOURCE_BUSY; - -- conflict = __request_resource(parent, res); -- if (!conflict) -- return; -+ while (1) { - -- /* failed, split and try again */ -- kfree(res); -+ conflict = __request_resource(parent, res); -+ if (!conflict) { -+ if (!next_res) -+ break; -+ res = next_res; -+ next_res = NULL; -+ continue; -+ } - -- /* conflict covered whole area */ -- if (conflict->start <= start && conflict->end >= end) -- return; -+ /* conflict covered whole area */ -+ if (conflict->start <= res->start && -+ conflict->end >= res->end) { -+ kfree(res); -+ WARN_ON(next_res); -+ break; -+ } -+ -+ /* failed, split and try again */ -+ if (conflict->start > res->start) { -+ end = res->end; -+ res->end = conflict->start - 1; -+ if (conflict->end < end) { -+ next_res = kzalloc(sizeof(*next_res), -+ GFP_ATOMIC); -+ if (!next_res) { -+ kfree(res); -+ break; -+ } -+ next_res->name = name; -+ next_res->start = conflict->end + 1; -+ next_res->end = end; -+ next_res->flags = IORESOURCE_BUSY; -+ } -+ } else { -+ res->start = conflict->end + 1; -+ } -+ } - -- if (conflict->start > start) -- __reserve_region_with_split(root, start, conflict->start-1, name); -- if (conflict->end < end) -- __reserve_region_with_split(root, conflict->end+1, end, name); - } - - void __init reserve_region_with_split(struct resource *root, -diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 1a48cdb..5eb6c96 100644 ---- a/kernel/sched/core.c -+++ b/kernel/sched/core.c -@@ -1686,7 +1686,8 @@ out: - */ - int wake_up_process(struct task_struct *p) - { -- return try_to_wake_up(p, TASK_ALL, 0); -+ WARN_ON(task_is_stopped_or_traced(p)); -+ return try_to_wake_up(p, TASK_NORMAL, 0); - } - EXPORT_SYMBOL(wake_up_process); - -diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c -index e0b7ba9..71e2fcc 100644 ---- a/kernel/sched/rt.c -+++ b/kernel/sched/rt.c -@@ -566,7 +566,7 @@ static inline struct rt_bandwidth *sched_rt_bandwidth(struct rt_rq *rt_rq) - static int do_balance_runtime(struct rt_rq *rt_rq) - { - struct rt_bandwidth *rt_b = sched_rt_bandwidth(rt_rq); -- struct root_domain *rd = cpu_rq(smp_processor_id())->rd; -+ struct root_domain *rd = rq_of_rt_rq(rt_rq)->rd; - int i, weight, more = 0; - u64 rt_period; - -diff --git a/kernel/signal.c b/kernel/signal.c -index be4f856..67b64be 100644 ---- a/kernel/signal.c -+++ b/kernel/signal.c -@@ -678,23 +678,17 @@ int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info) - * No need to set need_resched since signal event passing - * goes through ->blocked - */ --void signal_wake_up(struct task_struct *t, int resume) -+void signal_wake_up_state(struct task_struct *t, unsigned int state) - { -- unsigned int mask; -- - set_tsk_thread_flag(t, TIF_SIGPENDING); -- - /* -- * For SIGKILL, we want to wake it up in the stopped/traced/killable -+ * TASK_WAKEKILL also means wake it up in the stopped/traced/killable - * case. We don't check t->state here because there is a race with it - * executing another processor and just now entering stopped state. - * By using wake_up_state, we ensure the process will wake up and - * handle its death signal. - */ -- mask = TASK_INTERRUPTIBLE; -- if (resume) -- mask |= TASK_WAKEKILL; -- if (!wake_up_state(t, mask)) -+ if (!wake_up_state(t, state | TASK_INTERRUPTIBLE)) - kick_process(t); - } - -@@ -842,7 +836,7 @@ static void ptrace_trap_notify(struct task_struct *t) - assert_spin_locked(&t->sighand->siglock); - - task_set_jobctl_pending(t, JOBCTL_TRAP_NOTIFY); -- signal_wake_up(t, t->jobctl & JOBCTL_LISTENING); -+ ptrace_signal_wake_up(t, t->jobctl & JOBCTL_LISTENING); - } - - /* -@@ -1797,6 +1791,10 @@ static inline int may_ptrace_stop(void) - * If SIGKILL was already sent before the caller unlocked - * ->siglock we must see ->core_state != NULL. Otherwise it - * is safe to enter schedule(). -+ * -+ * This is almost outdated, a task with the pending SIGKILL can't -+ * block in TASK_TRACED. But PTRACE_EVENT_EXIT can be reported -+ * after SIGKILL was already dequeued. - */ - if (unlikely(current->mm->core_state) && - unlikely(current->mm == current->parent->mm)) -@@ -1922,6 +1920,7 @@ static void ptrace_stop(int exit_code, int why, int clear_code, siginfo_t *info) - if (gstop_done) - do_notify_parent_cldstop(current, false, why); - -+ /* tasklist protects us from ptrace_freeze_traced() */ - __set_current_state(TASK_RUNNING); - if (clear_code) - current->exit_code = 0; -diff --git a/kernel/smp.c b/kernel/smp.c -index 29dd40a..69f38bd 100644 ---- a/kernel/smp.c -+++ b/kernel/smp.c -@@ -33,6 +33,7 @@ struct call_function_data { - struct call_single_data csd; - atomic_t refs; - cpumask_var_t cpumask; -+ cpumask_var_t cpumask_ipi; - }; - - static DEFINE_PER_CPU_SHARED_ALIGNED(struct call_function_data, cfd_data); -@@ -56,6 +57,9 @@ hotplug_cfd(struct notifier_block *nfb, unsigned long action, void *hcpu) - if (!zalloc_cpumask_var_node(&cfd->cpumask, GFP_KERNEL, - cpu_to_node(cpu))) - return notifier_from_errno(-ENOMEM); -+ if (!zalloc_cpumask_var_node(&cfd->cpumask_ipi, GFP_KERNEL, -+ cpu_to_node(cpu))) -+ return notifier_from_errno(-ENOMEM); - break; - - #ifdef CONFIG_HOTPLUG_CPU -@@ -65,6 +69,7 @@ hotplug_cfd(struct notifier_block *nfb, unsigned long action, void *hcpu) - case CPU_DEAD: - case CPU_DEAD_FROZEN: - free_cpumask_var(cfd->cpumask); -+ free_cpumask_var(cfd->cpumask_ipi); - break; - #endif - }; -@@ -526,6 +531,12 @@ void smp_call_function_many(const struct cpumask *mask, - return; - } - -+ /* -+ * After we put an entry into the list, data->cpumask -+ * may be cleared again when another CPU sends another IPI for -+ * a SMP function call, so data->cpumask will be zero. -+ */ -+ cpumask_copy(data->cpumask_ipi, data->cpumask); - raw_spin_lock_irqsave(&call_function.lock, flags); - /* - * Place entry at the _HEAD_ of the list, so that any cpu still -@@ -549,7 +560,7 @@ void smp_call_function_many(const struct cpumask *mask, - smp_mb(); - - /* Send a message to all CPUs in the map */ -- arch_send_call_function_ipi_mask(data->cpumask); -+ arch_send_call_function_ipi_mask(data->cpumask_ipi); - - /* Optionally wait for the CPUs to complete */ - if (wait) -diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c -index 65bdcf1..c2f6d47 100644 ---- a/kernel/sysctl_binary.c -+++ b/kernel/sysctl_binary.c -@@ -1194,9 +1194,10 @@ static ssize_t bin_dn_node_address(struct file *file, - - /* Convert the decnet address to binary */ - result = -EIO; -- nodep = strchr(buf, '.') + 1; -+ nodep = strchr(buf, '.'); - if (!nodep) - goto out; -+ ++nodep; - - area = simple_strtoul(buf, NULL, 10); - node = simple_strtoul(nodep, NULL, 10); -diff --git a/kernel/timeconst.pl b/kernel/timeconst.pl -index eb51d76..3f42652 100644 ---- a/kernel/timeconst.pl -+++ b/kernel/timeconst.pl -@@ -369,10 +369,8 @@ if ($hz eq '--can') { - die "Usage: $0 HZ\n"; - } - -- @val = @{$canned_values{$hz}}; -- if (!defined(@val)) { -- @val = compute_values($hz); -- } -+ $cv = $canned_values{$hz}; -+ @val = defined($cv) ? @$cv : compute_values($hz); - output($hz, @val); - } - exit 0; -diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index 781ecc2..384699f 100644 ---- a/kernel/trace/ftrace.c -+++ b/kernel/trace/ftrace.c -@@ -3835,35 +3835,49 @@ static void ftrace_init_module(struct module *mod, - ftrace_process_locs(mod, start, end); - } - --static int ftrace_module_notify(struct notifier_block *self, -- unsigned long val, void *data) -+static int ftrace_module_notify_enter(struct notifier_block *self, -+ unsigned long val, void *data) - { - struct module *mod = data; - -- switch (val) { -- case MODULE_STATE_COMING: -+ if (val == MODULE_STATE_COMING) - ftrace_init_module(mod, mod->ftrace_callsites, - mod->ftrace_callsites + - mod->num_ftrace_callsites); -- break; -- case MODULE_STATE_GOING: -+ return 0; -+} -+ -+static int ftrace_module_notify_exit(struct notifier_block *self, -+ unsigned long val, void *data) -+{ -+ struct module *mod = data; -+ -+ if (val == MODULE_STATE_GOING) - ftrace_release_mod(mod); -- break; -- } - - return 0; - } - #else --static int ftrace_module_notify(struct notifier_block *self, -- unsigned long val, void *data) -+static int ftrace_module_notify_enter(struct notifier_block *self, -+ unsigned long val, void *data) -+{ -+ return 0; -+} -+static int ftrace_module_notify_exit(struct notifier_block *self, -+ unsigned long val, void *data) - { - return 0; - } - #endif /* CONFIG_MODULES */ - --struct notifier_block ftrace_module_nb = { -- .notifier_call = ftrace_module_notify, -- .priority = 0, -+struct notifier_block ftrace_module_enter_nb = { -+ .notifier_call = ftrace_module_notify_enter, -+ .priority = INT_MAX, /* Run before anything that can use kprobes */ -+}; -+ -+struct notifier_block ftrace_module_exit_nb = { -+ .notifier_call = ftrace_module_notify_exit, -+ .priority = INT_MIN, /* Run after anything that can remove kprobes */ - }; - - extern unsigned long __start_mcount_loc[]; -@@ -3897,9 +3911,13 @@ void __init ftrace_init(void) - __start_mcount_loc, - __stop_mcount_loc); - -- ret = register_module_notifier(&ftrace_module_nb); -+ ret = register_module_notifier(&ftrace_module_enter_nb); -+ if (ret) -+ pr_warning("Failed to register trace ftrace module enter notifier\n"); -+ -+ ret = register_module_notifier(&ftrace_module_exit_nb); - if (ret) -- pr_warning("Failed to register trace ftrace module notifier\n"); -+ pr_warning("Failed to register trace ftrace module exit notifier\n"); - - set_ftrace_early_filters(); - -diff --git a/lib/atomic64.c b/lib/atomic64.c -index 9785378..08a4f06 100644 ---- a/lib/atomic64.c -+++ b/lib/atomic64.c -@@ -31,7 +31,11 @@ - static union { - raw_spinlock_t lock; - char pad[L1_CACHE_BYTES]; --} atomic64_lock[NR_LOCKS] __cacheline_aligned_in_smp; -+} atomic64_lock[NR_LOCKS] __cacheline_aligned_in_smp = { -+ [0 ... (NR_LOCKS - 1)] = { -+ .lock = __RAW_SPIN_LOCK_UNLOCKED(atomic64_lock.lock), -+ }, -+}; - - static inline raw_spinlock_t *lock_addr(const atomic64_t *v) - { -@@ -173,14 +177,3 @@ int atomic64_add_unless(atomic64_t *v, long long a, long long u) - return ret; - } - EXPORT_SYMBOL(atomic64_add_unless); -- --static int init_atomic64_lock(void) --{ -- int i; -- -- for (i = 0; i < NR_LOCKS; ++i) -- raw_spin_lock_init(&atomic64_lock[i].lock); -- return 0; --} -- --pure_initcall(init_atomic64_lock); -diff --git a/lib/digsig.c b/lib/digsig.c -index 8c0e629..dc2be7e 100644 ---- a/lib/digsig.c -+++ b/lib/digsig.c -@@ -162,6 +162,8 @@ static int digsig_verify_rsa(struct key *key, - memset(out1, 0, head); - memcpy(out1 + head, p, l); - -+ kfree(p); -+ - err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len); - if (err) - goto err; -diff --git a/lib/idr.c b/lib/idr.c -index 4046e29..e90d2d0 100644 ---- a/lib/idr.c -+++ b/lib/idr.c -@@ -625,7 +625,14 @@ void *idr_get_next(struct idr *idp, int *nextidp) - return p; - } - -- id += 1 << n; -+ /* -+ * Proceed to the next layer at the current level. Unlike -+ * idr_for_each(), @id isn't guaranteed to be aligned to -+ * layer boundary at this point and adding 1 << n may -+ * incorrectly skip IDs. Make sure we jump to the -+ * beginning of the next layer using round_up(). -+ */ -+ id = round_up(id + 1, 1 << n); - while (n < fls(id)) { - n += IDR_BITS; - p = *--paa; -diff --git a/mm/compaction.c b/mm/compaction.c -index 7fcd3a5..214944a 100644 ---- a/mm/compaction.c -+++ b/mm/compaction.c -@@ -956,7 +956,7 @@ static int compact_node(int nid) - } - - /* Compact all nodes in the system */ --static int compact_nodes(void) -+static void compact_nodes(void) - { - int nid; - -@@ -965,8 +965,6 @@ static int compact_nodes(void) - - for_each_online_node(nid) - compact_node(nid); -- -- return COMPACT_COMPLETE; - } - - /* The written value is actually unused, all memory is compacted */ -@@ -977,7 +975,7 @@ int sysctl_compaction_handler(struct ctl_table *table, int write, - void __user *buffer, size_t *length, loff_t *ppos) - { - if (write) -- return compact_nodes(); -+ compact_nodes(); - - return 0; - } -diff --git a/mm/fadvise.c b/mm/fadvise.c -index 9b75a04..69f317d 100644 ---- a/mm/fadvise.c -+++ b/mm/fadvise.c -@@ -17,6 +17,7 @@ - #include <linux/fadvise.h> - #include <linux/writeback.h> - #include <linux/syscalls.h> -+#include <linux/swap.h> - - #include <asm/unistd.h> - -@@ -120,9 +121,22 @@ SYSCALL_DEFINE(fadvise64_64)(int fd, loff_t offset, loff_t len, int advice) - start_index = (offset+(PAGE_CACHE_SIZE-1)) >> PAGE_CACHE_SHIFT; - end_index = (endbyte >> PAGE_CACHE_SHIFT); - -- if (end_index >= start_index) -- invalidate_mapping_pages(mapping, start_index, -+ if (end_index >= start_index) { -+ unsigned long count = invalidate_mapping_pages(mapping, -+ start_index, end_index); -+ -+ /* -+ * If fewer pages were invalidated than expected then -+ * it is possible that some of the pages were on -+ * a per-cpu pagevec for a remote CPU. Drain all -+ * pagevecs and try again. -+ */ -+ if (count < (end_index - start_index + 1)) { -+ lru_add_drain_all(); -+ invalidate_mapping_pages(mapping, start_index, - end_index); -+ } -+ } - break; - default: - ret = -EINVAL; -diff --git a/mm/memory.c b/mm/memory.c -index 5736170..29ffb5c 100644 ---- a/mm/memory.c -+++ b/mm/memory.c -@@ -182,10 +182,14 @@ static int tlb_next_batch(struct mmu_gather *tlb) - return 1; - } - -+ if (tlb->batch_count == MAX_GATHER_BATCH_COUNT) -+ return 0; -+ - batch = (void *)__get_free_pages(GFP_NOWAIT | __GFP_NOWARN, 0); - if (!batch) - return 0; - -+ tlb->batch_count++; - batch->next = NULL; - batch->nr = 0; - batch->max = MAX_GATHER_BATCH; -@@ -214,6 +218,7 @@ void tlb_gather_mmu(struct mmu_gather *tlb, struct mm_struct *mm, bool fullmm) - tlb->local.nr = 0; - tlb->local.max = ARRAY_SIZE(tlb->__pages); - tlb->active = &tlb->local; -+ tlb->batch_count = 0; - - #ifdef CONFIG_HAVE_RCU_TABLE_FREE - tlb->batch = NULL; -diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 01350d3..5e0fea1 100644 ---- a/mm/mempolicy.c -+++ b/mm/mempolicy.c -@@ -2370,8 +2370,7 @@ void numa_default_policy(void) - */ - - /* -- * "local" is pseudo-policy: MPOL_PREFERRED with MPOL_F_LOCAL flag -- * Used only for mpol_parse_str() and mpol_to_str() -+ * "local" is implemented internally by MPOL_PREFERRED with MPOL_F_LOCAL flag. - */ - #define MPOL_LOCAL MPOL_MAX - static const char * const policy_modes[] = -@@ -2386,28 +2385,21 @@ static const char * const policy_modes[] = - - #ifdef CONFIG_TMPFS - /** -- * mpol_parse_str - parse string to mempolicy -+ * mpol_parse_str - parse string to mempolicy, for tmpfs mpol mount option. - * @str: string containing mempolicy to parse - * @mpol: pointer to struct mempolicy pointer, returned on success. -- * @no_context: flag whether to "contextualize" the mempolicy -+ * @unused: redundant argument, to be removed later. - * - * Format of input: - * <mode>[=<flags>][:<nodelist>] - * -- * if @no_context is true, save the input nodemask in w.user_nodemask in -- * the returned mempolicy. This will be used to "clone" the mempolicy in -- * a specific context [cpuset] at a later time. Used to parse tmpfs mpol -- * mount option. Note that if 'static' or 'relative' mode flags were -- * specified, the input nodemask will already have been saved. Saving -- * it again is redundant, but safe. -- * - * On success, returns 0, else 1 - */ --int mpol_parse_str(char *str, struct mempolicy **mpol, int no_context) -+int mpol_parse_str(char *str, struct mempolicy **mpol, int unused) - { - struct mempolicy *new = NULL; - unsigned short mode; -- unsigned short uninitialized_var(mode_flags); -+ unsigned short mode_flags; - nodemask_t nodes; - char *nodelist = strchr(str, ':'); - char *flags = strchr(str, '='); -@@ -2495,24 +2487,23 @@ int mpol_parse_str(char *str, struct mempolicy **mpol, int no_context) - if (IS_ERR(new)) - goto out; - -- if (no_context) { -- /* save for contextualization */ -- new->w.user_nodemask = nodes; -- } else { -- int ret; -- NODEMASK_SCRATCH(scratch); -- if (scratch) { -- task_lock(current); -- ret = mpol_set_nodemask(new, &nodes, scratch); -- task_unlock(current); -- } else -- ret = -ENOMEM; -- NODEMASK_SCRATCH_FREE(scratch); -- if (ret) { -- mpol_put(new); -- goto out; -- } -- } -+ /* -+ * Save nodes for mpol_to_str() to show the tmpfs mount options -+ * for /proc/mounts, /proc/pid/mounts and /proc/pid/mountinfo. -+ */ -+ if (mode != MPOL_PREFERRED) -+ new->v.nodes = nodes; -+ else if (nodelist) -+ new->v.preferred_node = first_node(nodes); -+ else -+ new->flags |= MPOL_F_LOCAL; -+ -+ /* -+ * Save nodes for contextualization: this will be used to "clone" -+ * the mempolicy in a specific context [cpuset] at a later time. -+ */ -+ new->w.user_nodemask = nodes; -+ - err = 0; - - out: -@@ -2532,13 +2523,13 @@ out: - * @buffer: to contain formatted mempolicy string - * @maxlen: length of @buffer - * @pol: pointer to mempolicy to be formatted -- * @no_context: "context free" mempolicy - use nodemask in w.user_nodemask -+ * @unused: redundant argument, to be removed later. - * - * Convert a mempolicy into a string. - * Returns the number of characters in buffer (if positive) - * or an error (negative) - */ --int mpol_to_str(char *buffer, int maxlen, struct mempolicy *pol, int no_context) -+int mpol_to_str(char *buffer, int maxlen, struct mempolicy *pol, int unused) - { - char *p = buffer; - int l; -@@ -2564,7 +2555,7 @@ int mpol_to_str(char *buffer, int maxlen, struct mempolicy *pol, int no_context) - case MPOL_PREFERRED: - nodes_clear(nodes); - if (flags & MPOL_F_LOCAL) -- mode = MPOL_LOCAL; /* pseudo-policy */ -+ mode = MPOL_LOCAL; - else - node_set(pol->v.preferred_node, nodes); - break; -@@ -2572,10 +2563,7 @@ int mpol_to_str(char *buffer, int maxlen, struct mempolicy *pol, int no_context) - case MPOL_BIND: - /* Fall through */ - case MPOL_INTERLEAVE: -- if (no_context) -- nodes = pol->w.user_nodemask; -- else -- nodes = pol->v.nodes; -+ nodes = pol->v.nodes; - break; - - default: -diff --git a/mm/mmu_notifier.c b/mm/mmu_notifier.c -index 862b608..8d1ca2d 100644 ---- a/mm/mmu_notifier.c -+++ b/mm/mmu_notifier.c -@@ -14,10 +14,14 @@ - #include <linux/export.h> - #include <linux/mm.h> - #include <linux/err.h> -+#include <linux/srcu.h> - #include <linux/rcupdate.h> - #include <linux/sched.h> - #include <linux/slab.h> - -+/* global SRCU for all MMs */ -+static struct srcu_struct srcu; -+ - /* - * This function can't run concurrently against mmu_notifier_register - * because mm->mm_users > 0 during mmu_notifier_register and exit_mmap -@@ -25,58 +29,61 @@ - * in parallel despite there being no task using this mm any more, - * through the vmas outside of the exit_mmap context, such as with - * vmtruncate. This serializes against mmu_notifier_unregister with -- * the mmu_notifier_mm->lock in addition to RCU and it serializes -- * against the other mmu notifiers with RCU. struct mmu_notifier_mm -+ * the mmu_notifier_mm->lock in addition to SRCU and it serializes -+ * against the other mmu notifiers with SRCU. struct mmu_notifier_mm - * can't go away from under us as exit_mmap holds an mm_count pin - * itself. - */ - void __mmu_notifier_release(struct mm_struct *mm) - { - struct mmu_notifier *mn; -- struct hlist_node *n; -+ int id; - - /* -- * RCU here will block mmu_notifier_unregister until -- * ->release returns. -+ * srcu_read_lock() here will block synchronize_srcu() in -+ * mmu_notifier_unregister() until all registered -+ * ->release() callouts this function makes have -+ * returned. - */ -- rcu_read_lock(); -- hlist_for_each_entry_rcu(mn, n, &mm->mmu_notifier_mm->list, hlist) -- /* -- * if ->release runs before mmu_notifier_unregister it -- * must be handled as it's the only way for the driver -- * to flush all existing sptes and stop the driver -- * from establishing any more sptes before all the -- * pages in the mm are freed. -- */ -- if (mn->ops->release) -- mn->ops->release(mn, mm); -- rcu_read_unlock(); -- -+ id = srcu_read_lock(&srcu); - spin_lock(&mm->mmu_notifier_mm->lock); - while (unlikely(!hlist_empty(&mm->mmu_notifier_mm->list))) { - mn = hlist_entry(mm->mmu_notifier_mm->list.first, - struct mmu_notifier, - hlist); -+ - /* -- * We arrived before mmu_notifier_unregister so -- * mmu_notifier_unregister will do nothing other than -- * to wait ->release to finish and -- * mmu_notifier_unregister to return. -+ * Unlink. This will prevent mmu_notifier_unregister() -+ * from also making the ->release() callout. - */ - hlist_del_init_rcu(&mn->hlist); -+ spin_unlock(&mm->mmu_notifier_mm->lock); -+ -+ /* -+ * Clear sptes. (see 'release' description in mmu_notifier.h) -+ */ -+ if (mn->ops->release) -+ mn->ops->release(mn, mm); -+ -+ spin_lock(&mm->mmu_notifier_mm->lock); - } - spin_unlock(&mm->mmu_notifier_mm->lock); - - /* -- * synchronize_rcu here prevents mmu_notifier_release to -- * return to exit_mmap (which would proceed freeing all pages -- * in the mm) until the ->release method returns, if it was -- * invoked by mmu_notifier_unregister. -- * -- * The mmu_notifier_mm can't go away from under us because one -- * mm_count is hold by exit_mmap. -+ * All callouts to ->release() which we have done are complete. -+ * Allow synchronize_srcu() in mmu_notifier_unregister() to complete -+ */ -+ srcu_read_unlock(&srcu, id); -+ -+ /* -+ * mmu_notifier_unregister() may have unlinked a notifier and may -+ * still be calling out to it. Additionally, other notifiers -+ * may have been active via vmtruncate() et. al. Block here -+ * to ensure that all notifier callouts for this mm have been -+ * completed and the sptes are really cleaned up before returning -+ * to exit_mmap(). - */ -- synchronize_rcu(); -+ synchronize_srcu(&srcu); - } - - /* -@@ -89,14 +96,14 @@ int __mmu_notifier_clear_flush_young(struct mm_struct *mm, - { - struct mmu_notifier *mn; - struct hlist_node *n; -- int young = 0; -+ int young = 0, id; - -- rcu_read_lock(); -+ id = srcu_read_lock(&srcu); - hlist_for_each_entry_rcu(mn, n, &mm->mmu_notifier_mm->list, hlist) { - if (mn->ops->clear_flush_young) - young |= mn->ops->clear_flush_young(mn, mm, address); - } -- rcu_read_unlock(); -+ srcu_read_unlock(&srcu, id); - - return young; - } -@@ -106,9 +113,9 @@ int __mmu_notifier_test_young(struct mm_struct *mm, - { - struct mmu_notifier *mn; - struct hlist_node *n; -- int young = 0; -+ int young = 0, id; - -- rcu_read_lock(); -+ id = srcu_read_lock(&srcu); - hlist_for_each_entry_rcu(mn, n, &mm->mmu_notifier_mm->list, hlist) { - if (mn->ops->test_young) { - young = mn->ops->test_young(mn, mm, address); -@@ -116,7 +123,7 @@ int __mmu_notifier_test_young(struct mm_struct *mm, - break; - } - } -- rcu_read_unlock(); -+ srcu_read_unlock(&srcu, id); - - return young; - } -@@ -126,8 +133,9 @@ void __mmu_notifier_change_pte(struct mm_struct *mm, unsigned long address, - { - struct mmu_notifier *mn; - struct hlist_node *n; -+ int id; - -- rcu_read_lock(); -+ id = srcu_read_lock(&srcu); - hlist_for_each_entry_rcu(mn, n, &mm->mmu_notifier_mm->list, hlist) { - if (mn->ops->change_pte) - mn->ops->change_pte(mn, mm, address, pte); -@@ -138,7 +146,7 @@ void __mmu_notifier_change_pte(struct mm_struct *mm, unsigned long address, - else if (mn->ops->invalidate_page) - mn->ops->invalidate_page(mn, mm, address); - } -- rcu_read_unlock(); -+ srcu_read_unlock(&srcu, id); - } - - void __mmu_notifier_invalidate_page(struct mm_struct *mm, -@@ -146,13 +154,14 @@ void __mmu_notifier_invalidate_page(struct mm_struct *mm, - { - struct mmu_notifier *mn; - struct hlist_node *n; -+ int id; - -- rcu_read_lock(); -+ id = srcu_read_lock(&srcu); - hlist_for_each_entry_rcu(mn, n, &mm->mmu_notifier_mm->list, hlist) { - if (mn->ops->invalidate_page) - mn->ops->invalidate_page(mn, mm, address); - } -- rcu_read_unlock(); -+ srcu_read_unlock(&srcu, id); - } - - void __mmu_notifier_invalidate_range_start(struct mm_struct *mm, -@@ -160,13 +169,14 @@ void __mmu_notifier_invalidate_range_start(struct mm_struct *mm, - { - struct mmu_notifier *mn; - struct hlist_node *n; -+ int id; - -- rcu_read_lock(); -+ id = srcu_read_lock(&srcu); - hlist_for_each_entry_rcu(mn, n, &mm->mmu_notifier_mm->list, hlist) { - if (mn->ops->invalidate_range_start) - mn->ops->invalidate_range_start(mn, mm, start, end); - } -- rcu_read_unlock(); -+ srcu_read_unlock(&srcu, id); - } - - void __mmu_notifier_invalidate_range_end(struct mm_struct *mm, -@@ -174,13 +184,14 @@ void __mmu_notifier_invalidate_range_end(struct mm_struct *mm, - { - struct mmu_notifier *mn; - struct hlist_node *n; -+ int id; - -- rcu_read_lock(); -+ id = srcu_read_lock(&srcu); - hlist_for_each_entry_rcu(mn, n, &mm->mmu_notifier_mm->list, hlist) { - if (mn->ops->invalidate_range_end) - mn->ops->invalidate_range_end(mn, mm, start, end); - } -- rcu_read_unlock(); -+ srcu_read_unlock(&srcu, id); - } - - static int do_mmu_notifier_register(struct mmu_notifier *mn, -@@ -192,6 +203,12 @@ static int do_mmu_notifier_register(struct mmu_notifier *mn, - - BUG_ON(atomic_read(&mm->mm_users) <= 0); - -+ /* -+ * Verify that mmu_notifier_init() already run and the global srcu is -+ * initialized. -+ */ -+ BUG_ON(!srcu.per_cpu_ref); -+ - ret = -ENOMEM; - mmu_notifier_mm = kmalloc(sizeof(struct mmu_notifier_mm), GFP_KERNEL); - if (unlikely(!mmu_notifier_mm)) -@@ -274,8 +291,8 @@ void __mmu_notifier_mm_destroy(struct mm_struct *mm) - /* - * This releases the mm_count pin automatically and frees the mm - * structure if it was the last user of it. It serializes against -- * running mmu notifiers with RCU and against mmu_notifier_unregister -- * with the unregister lock + RCU. All sptes must be dropped before -+ * running mmu notifiers with SRCU and against mmu_notifier_unregister -+ * with the unregister lock + SRCU. All sptes must be dropped before - * calling mmu_notifier_unregister. ->release or any other notifier - * method may be invoked concurrently with mmu_notifier_unregister, - * and only after mmu_notifier_unregister returned we're guaranteed -@@ -285,35 +302,43 @@ void mmu_notifier_unregister(struct mmu_notifier *mn, struct mm_struct *mm) - { - BUG_ON(atomic_read(&mm->mm_count) <= 0); - -+ spin_lock(&mm->mmu_notifier_mm->lock); - if (!hlist_unhashed(&mn->hlist)) { -- /* -- * RCU here will force exit_mmap to wait ->release to finish -- * before freeing the pages. -- */ -- rcu_read_lock(); -+ int id; - - /* -- * exit_mmap will block in mmu_notifier_release to -- * guarantee ->release is called before freeing the -- * pages. -+ * Ensure we synchronize up with __mmu_notifier_release(). - */ -+ id = srcu_read_lock(&srcu); -+ -+ hlist_del_rcu(&mn->hlist); -+ spin_unlock(&mm->mmu_notifier_mm->lock); -+ - if (mn->ops->release) - mn->ops->release(mn, mm); -- rcu_read_unlock(); - -- spin_lock(&mm->mmu_notifier_mm->lock); -- hlist_del_rcu(&mn->hlist); -+ /* -+ * Allow __mmu_notifier_release() to complete. -+ */ -+ srcu_read_unlock(&srcu, id); -+ } else - spin_unlock(&mm->mmu_notifier_mm->lock); -- } - - /* -- * Wait any running method to finish, of course including -- * ->release if it was run by mmu_notifier_relase instead of us. -+ * Wait for any running method to finish, including ->release() if it -+ * was run by __mmu_notifier_release() instead of us. - */ -- synchronize_rcu(); -+ synchronize_srcu(&srcu); - - BUG_ON(atomic_read(&mm->mm_count) <= 0); - - mmdrop(mm); - } - EXPORT_SYMBOL_GPL(mmu_notifier_unregister); -+ -+static int __init mmu_notifier_init(void) -+{ -+ return init_srcu_struct(&srcu); -+} -+ -+module_init(mmu_notifier_init); -diff --git a/mm/page-writeback.c b/mm/page-writeback.c -index 5ad5ce2..7a5f842 100644 ---- a/mm/page-writeback.c -+++ b/mm/page-writeback.c -@@ -201,6 +201,18 @@ static unsigned long highmem_dirtyable_memory(unsigned long total) - zone_reclaimable_pages(z) - z->dirty_balance_reserve; - } - /* -+ * Unreclaimable memory (kernel memory or anonymous memory -+ * without swap) can bring down the dirtyable pages below -+ * the zone's dirty balance reserve and the above calculation -+ * will underflow. However we still want to add in nodes -+ * which are below threshold (negative values) to get a more -+ * accurate calculation but make sure that the total never -+ * underflows. -+ */ -+ if ((long)x < 0) -+ x = 0; -+ -+ /* - * Make sure that the number of highmem pages is never larger - * than the number of the total dirtyable memory. This can only - * occur in very strange VM situations but we want to make sure -@@ -222,8 +234,8 @@ static unsigned long global_dirtyable_memory(void) - { - unsigned long x; - -- x = global_page_state(NR_FREE_PAGES) + global_reclaimable_pages() - -- dirty_balance_reserve; -+ x = global_page_state(NR_FREE_PAGES) + global_reclaimable_pages(); -+ x -= min(x, dirty_balance_reserve); - - if (!vm_highmem_is_dirtyable) - x -= highmem_dirtyable_memory(x); -@@ -290,9 +302,12 @@ static unsigned long zone_dirtyable_memory(struct zone *zone) - * highmem zone can hold its share of dirty pages, so we don't - * care about vm_highmem_is_dirtyable here. - */ -- return zone_page_state(zone, NR_FREE_PAGES) + -- zone_reclaimable_pages(zone) - -- zone->dirty_balance_reserve; -+ unsigned long nr_pages = zone_page_state(zone, NR_FREE_PAGES) + -+ zone_reclaimable_pages(zone); -+ -+ /* don't allow this to underflow */ -+ nr_pages -= min(nr_pages, zone->dirty_balance_reserve); -+ return nr_pages; - } - - /** -diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index d2d8f54..fa27e78 100644 ---- a/mm/page_alloc.c -+++ b/mm/page_alloc.c -@@ -4315,10 +4315,11 @@ static void __meminit calculate_node_totalpages(struct pglist_data *pgdat, - * round what is now in bits to nearest long in bits, then return it in - * bytes. - */ --static unsigned long __init usemap_size(unsigned long zonesize) -+static unsigned long __init usemap_size(unsigned long zone_start_pfn, unsigned long zonesize) - { - unsigned long usemapsize; - -+ zonesize += zone_start_pfn & (pageblock_nr_pages-1); - usemapsize = roundup(zonesize, pageblock_nr_pages); - usemapsize = usemapsize >> pageblock_order; - usemapsize *= NR_PAGEBLOCK_BITS; -@@ -4328,17 +4329,19 @@ static unsigned long __init usemap_size(unsigned long zonesize) - } - - static void __init setup_usemap(struct pglist_data *pgdat, -- struct zone *zone, unsigned long zonesize) -+ struct zone *zone, -+ unsigned long zone_start_pfn, -+ unsigned long zonesize) - { -- unsigned long usemapsize = usemap_size(zonesize); -+ unsigned long usemapsize = usemap_size(zone_start_pfn, zonesize); - zone->pageblock_flags = NULL; - if (usemapsize) - zone->pageblock_flags = alloc_bootmem_node_nopanic(pgdat, - usemapsize); - } - #else --static inline void setup_usemap(struct pglist_data *pgdat, -- struct zone *zone, unsigned long zonesize) {} -+static inline void setup_usemap(struct pglist_data *pgdat, struct zone *zone, -+ unsigned long zone_start_pfn, unsigned long zonesize) {} - #endif /* CONFIG_SPARSEMEM */ - - #ifdef CONFIG_HUGETLB_PAGE_SIZE_VARIABLE -@@ -4461,7 +4464,7 @@ static void __paginginit free_area_init_core(struct pglist_data *pgdat, - continue; - - set_pageblock_order(); -- setup_usemap(pgdat, zone, size); -+ setup_usemap(pgdat, zone, zone_start_pfn, size); - ret = init_currently_empty_zone(zone, zone_start_pfn, - size, MEMMAP_EARLY); - BUG_ON(ret); -@@ -5455,7 +5458,7 @@ static inline int pfn_to_bitidx(struct zone *zone, unsigned long pfn) - pfn &= (PAGES_PER_SECTION-1); - return (pfn >> pageblock_order) * NR_PAGEBLOCK_BITS; - #else -- pfn = pfn - zone->zone_start_pfn; -+ pfn = pfn - round_down(zone->zone_start_pfn, pageblock_nr_pages); - return (pfn >> pageblock_order) * NR_PAGEBLOCK_BITS; - #endif /* CONFIG_SPARSEMEM */ - } -diff --git a/mm/shmem.c b/mm/shmem.c -index 6607fee..1a497d1 100644 ---- a/mm/shmem.c -+++ b/mm/shmem.c -@@ -2543,6 +2543,7 @@ static int shmem_remount_fs(struct super_block *sb, int *flags, char *data) - unsigned long inodes; - int error = -EINVAL; - -+ config.mpol = NULL; - if (shmem_parse_options(data, &config, true)) - return error; - -@@ -2567,8 +2568,13 @@ static int shmem_remount_fs(struct super_block *sb, int *flags, char *data) - sbinfo->max_inodes = config.max_inodes; - sbinfo->free_inodes = config.max_inodes - inodes; - -- mpol_put(sbinfo->mpol); -- sbinfo->mpol = config.mpol; /* transfers initial ref */ -+ /* -+ * Preserve previous mempolicy unless mpol remount option was specified. -+ */ -+ if (config.mpol) { -+ mpol_put(sbinfo->mpol); -+ sbinfo->mpol = config.mpol; /* transfers initial ref */ -+ } - out: - spin_unlock(&sbinfo->stat_lock); - return error; -diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c -index 469daab..1476f26 100644 ---- a/net/batman-adv/bat_iv_ogm.c -+++ b/net/batman-adv/bat_iv_ogm.c -@@ -119,7 +119,7 @@ batadv_iv_ogm_emit_send_time(const struct batadv_priv *bat_priv) - unsigned int msecs; - - msecs = atomic_read(&bat_priv->orig_interval) - BATADV_JITTER; -- msecs += (random32() % 2 * BATADV_JITTER); -+ msecs += random32() % (2 * BATADV_JITTER); - - return jiffies + msecs_to_jiffies(msecs); - } -diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c -index 0b997c8..aeb0962 100644 ---- a/net/bluetooth/hci_core.c -+++ b/net/bluetooth/hci_core.c -@@ -1789,6 +1789,8 @@ void hci_unregister_dev(struct hci_dev *hdev) - for (i = 0; i < NUM_REASSEMBLY; i++) - kfree_skb(hdev->reassembly[i]); - -+ cancel_work_sync(&hdev->power_on); -+ - if (!test_bit(HCI_INIT, &hdev->flags) && - !test_bit(HCI_SETUP, &hdev->dev_flags)) { - hci_dev_lock(hdev); -diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c -index 715d7e3..67d1893 100644 ---- a/net/bluetooth/hci_event.c -+++ b/net/bluetooth/hci_event.c -@@ -2387,7 +2387,7 @@ static void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *skb) - if (ev->opcode != HCI_OP_NOP) - del_timer(&hdev->cmd_timer); - -- if (ev->ncmd) { -+ if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) { - atomic_set(&hdev->cmd_cnt, 1); - if (!skb_queue_empty(&hdev->cmd_q)) - queue_work(hdev->workqueue, &hdev->cmd_work); -diff --git a/net/bluetooth/hidp/core.c b/net/bluetooth/hidp/core.c -index ccd985d..03652f3 100644 ---- a/net/bluetooth/hidp/core.c -+++ b/net/bluetooth/hidp/core.c -@@ -931,7 +931,7 @@ static int hidp_setup_hid(struct hidp_session *session, - hid->version = req->version; - hid->country = req->country; - -- strncpy(hid->name, req->name, 128); -+ strncpy(hid->name, req->name, sizeof(req->name) - 1); - strncpy(hid->phys, batostr(&bt_sk(session->ctrl_sock->sk)->src), 64); - strncpy(hid->uniq, batostr(&bt_sk(session->ctrl_sock->sk)->dst), 64); - -diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c -index 1a17850..32893a0 100644 ---- a/net/bluetooth/rfcomm/sock.c -+++ b/net/bluetooth/rfcomm/sock.c -@@ -467,7 +467,7 @@ static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int f - long timeo; - int err = 0; - -- lock_sock(sk); -+ lock_sock_nested(sk, SINGLE_DEPTH_NESTING); - - if (sk->sk_type != SOCK_STREAM) { - err = -EINVAL; -@@ -504,7 +504,7 @@ static int rfcomm_sock_accept(struct socket *sock, struct socket *newsock, int f - - release_sock(sk); - timeo = schedule_timeout(timeo); -- lock_sock(sk); -+ lock_sock_nested(sk, SINGLE_DEPTH_NESTING); - } - __set_current_state(TASK_RUNNING); - remove_wait_queue(sk_sleep(sk), &wait); -diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c -index 2ac8d50..b7320fc 100644 ---- a/net/bluetooth/smp.c -+++ b/net/bluetooth/smp.c -@@ -859,6 +859,19 @@ int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb) - - skb_pull(skb, sizeof(code)); - -+ /* -+ * The SMP context must be initialized for all other PDUs except -+ * pairing and security requests. If we get any other PDU when -+ * not initialized simply disconnect (done if this function -+ * returns an error). -+ */ -+ if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ && -+ !conn->smp_chan) { -+ BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code); -+ kfree_skb(skb); -+ return -ENOTSUPP; -+ } -+ - switch (code) { - case SMP_CMD_PAIRING_REQ: - reason = smp_cmd_pairing_req(conn, skb); -diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c -index 68e8f36..fe43bc7 100644 ---- a/net/bridge/br_netfilter.c -+++ b/net/bridge/br_netfilter.c -@@ -265,6 +265,9 @@ static int br_parse_ip_options(struct sk_buff *skb) - struct net_device *dev = skb->dev; - u32 len; - -+ if (!pskb_may_pull(skb, sizeof(struct iphdr))) -+ goto inhdr_error; -+ - iph = ip_hdr(skb); - opt = &(IPCB(skb)->opt); - -diff --git a/net/bridge/br_stp_bpdu.c b/net/bridge/br_stp_bpdu.c -index fd30a60..a8aa2d5 100644 ---- a/net/bridge/br_stp_bpdu.c -+++ b/net/bridge/br_stp_bpdu.c -@@ -16,6 +16,7 @@ - #include <linux/etherdevice.h> - #include <linux/llc.h> - #include <linux/slab.h> -+#include <linux/pkt_sched.h> - #include <net/net_namespace.h> - #include <net/llc.h> - #include <net/llc_pdu.h> -@@ -40,6 +41,7 @@ static void br_send_bpdu(struct net_bridge_port *p, - - skb->dev = p->dev; - skb->protocol = htons(ETH_P_802_2); -+ skb->priority = TC_PRIO_CONTROL; - - skb_reserve(skb, LLC_RESERVE); - memcpy(__skb_put(skb, length), data, length); -diff --git a/net/ceph/ceph_common.c b/net/ceph/ceph_common.c -index a802029..ee71ea2 100644 ---- a/net/ceph/ceph_common.c -+++ b/net/ceph/ceph_common.c -@@ -305,7 +305,6 @@ ceph_parse_options(char *options, const char *dev_name, - - /* start with defaults */ - opt->flags = CEPH_OPT_DEFAULT; -- opt->osd_timeout = CEPH_OSD_TIMEOUT_DEFAULT; - opt->osd_keepalive_timeout = CEPH_OSD_KEEPALIVE_DEFAULT; - opt->mount_timeout = CEPH_MOUNT_TIMEOUT_DEFAULT; /* seconds */ - opt->osd_idle_ttl = CEPH_OSD_IDLE_TTL_DEFAULT; /* seconds */ -@@ -391,7 +390,7 @@ ceph_parse_options(char *options, const char *dev_name, - - /* misc */ - case Opt_osdtimeout: -- opt->osd_timeout = intval; -+ pr_warning("ignoring deprecated osdtimeout option\n"); - break; - case Opt_osdkeepalivetimeout: - opt->osd_keepalive_timeout = intval; -diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c -index 3ef1759..e9f2159 100644 ---- a/net/ceph/messenger.c -+++ b/net/ceph/messenger.c -@@ -506,6 +506,7 @@ static void reset_connection(struct ceph_connection *con) - { - /* reset connection, out_queue, msg_ and connect_seq */ - /* discard existing out_queue and msg_seq */ -+ dout("reset_connection %p\n", con); - ceph_msg_remove_list(&con->out_queue); - ceph_msg_remove_list(&con->out_sent); - -@@ -561,7 +562,7 @@ void ceph_con_open(struct ceph_connection *con, - mutex_lock(&con->mutex); - dout("con_open %p %s\n", con, ceph_pr_addr(&addr->in_addr)); - -- BUG_ON(con->state != CON_STATE_CLOSED); -+ WARN_ON(con->state != CON_STATE_CLOSED); - con->state = CON_STATE_PREOPEN; - - con->peer_name.type = (__u8) entity_type; -@@ -1506,13 +1507,6 @@ static int process_banner(struct ceph_connection *con) - return 0; - } - --static void fail_protocol(struct ceph_connection *con) --{ -- reset_connection(con); -- BUG_ON(con->state != CON_STATE_NEGOTIATING); -- con->state = CON_STATE_CLOSED; --} -- - static int process_connect(struct ceph_connection *con) - { - u64 sup_feat = con->msgr->supported_features; -@@ -1530,7 +1524,7 @@ static int process_connect(struct ceph_connection *con) - ceph_pr_addr(&con->peer_addr.in_addr), - sup_feat, server_feat, server_feat & ~sup_feat); - con->error_msg = "missing required protocol features"; -- fail_protocol(con); -+ reset_connection(con); - return -1; - - case CEPH_MSGR_TAG_BADPROTOVER: -@@ -1541,7 +1535,7 @@ static int process_connect(struct ceph_connection *con) - le32_to_cpu(con->out_connect.protocol_version), - le32_to_cpu(con->in_reply.protocol_version)); - con->error_msg = "protocol version mismatch"; -- fail_protocol(con); -+ reset_connection(con); - return -1; - - case CEPH_MSGR_TAG_BADAUTHORIZER: -@@ -1631,11 +1625,11 @@ static int process_connect(struct ceph_connection *con) - ceph_pr_addr(&con->peer_addr.in_addr), - req_feat, server_feat, req_feat & ~server_feat); - con->error_msg = "missing required protocol features"; -- fail_protocol(con); -+ reset_connection(con); - return -1; - } - -- BUG_ON(con->state != CON_STATE_NEGOTIATING); -+ WARN_ON(con->state != CON_STATE_NEGOTIATING); - con->state = CON_STATE_OPEN; - - con->peer_global_seq = le32_to_cpu(con->in_reply.global_seq); -@@ -2132,7 +2126,6 @@ more: - if (ret < 0) - goto out; - -- BUG_ON(con->state != CON_STATE_CONNECTING); - con->state = CON_STATE_NEGOTIATING; - - /* -@@ -2160,7 +2153,7 @@ more: - goto more; - } - -- BUG_ON(con->state != CON_STATE_OPEN); -+ WARN_ON(con->state != CON_STATE_OPEN); - - if (con->in_base_pos < 0) { - /* -@@ -2262,6 +2255,35 @@ static void queue_con(struct ceph_connection *con) - } - } - -+static bool con_sock_closed(struct ceph_connection *con) -+{ -+ if (!test_and_clear_bit(CON_FLAG_SOCK_CLOSED, &con->flags)) -+ return false; -+ -+#define CASE(x) \ -+ case CON_STATE_ ## x: \ -+ con->error_msg = "socket closed (con state " #x ")"; \ -+ break; -+ -+ switch (con->state) { -+ CASE(CLOSED); -+ CASE(PREOPEN); -+ CASE(CONNECTING); -+ CASE(NEGOTIATING); -+ CASE(OPEN); -+ CASE(STANDBY); -+ default: -+ pr_warning("%s con %p unrecognized state %lu\n", -+ __func__, con, con->state); -+ con->error_msg = "unrecognized con state"; -+ BUG(); -+ break; -+ } -+#undef CASE -+ -+ return true; -+} -+ - /* - * Do some work on a connection. Drop a connection ref when we're done. - */ -@@ -2273,24 +2295,8 @@ static void con_work(struct work_struct *work) - - mutex_lock(&con->mutex); - restart: -- if (test_and_clear_bit(CON_FLAG_SOCK_CLOSED, &con->flags)) { -- switch (con->state) { -- case CON_STATE_CONNECTING: -- con->error_msg = "connection failed"; -- break; -- case CON_STATE_NEGOTIATING: -- con->error_msg = "negotiation failed"; -- break; -- case CON_STATE_OPEN: -- con->error_msg = "socket closed"; -- break; -- default: -- dout("unrecognized con state %d\n", (int)con->state); -- con->error_msg = "unrecognized con state"; -- BUG(); -- } -+ if (con_sock_closed(con)) - goto fault; -- } - - if (test_and_clear_bit(CON_FLAG_BACKOFF, &con->flags)) { - dout("con_work %p backing off\n", con); -@@ -2356,12 +2362,12 @@ fault: - static void ceph_fault(struct ceph_connection *con) - __releases(con->mutex) - { -- pr_err("%s%lld %s %s\n", ENTITY_NAME(con->peer_name), -+ pr_warning("%s%lld %s %s\n", ENTITY_NAME(con->peer_name), - ceph_pr_addr(&con->peer_addr.in_addr), con->error_msg); - dout("fault %p state %lu to peer %s\n", - con, con->state, ceph_pr_addr(&con->peer_addr.in_addr)); - -- BUG_ON(con->state != CON_STATE_CONNECTING && -+ WARN_ON(con->state != CON_STATE_CONNECTING && - con->state != CON_STATE_NEGOTIATING && - con->state != CON_STATE_OPEN); - -diff --git a/net/ceph/osd_client.c b/net/ceph/osd_client.c -index f7b56e2..eb9a444 100644 ---- a/net/ceph/osd_client.c -+++ b/net/ceph/osd_client.c -@@ -221,7 +221,7 @@ struct ceph_osd_request *ceph_osdc_alloc_request(struct ceph_osd_client *osdc, - kref_init(&req->r_kref); - init_completion(&req->r_completion); - init_completion(&req->r_safe_completion); -- rb_init_node(&req->r_node); -+ RB_CLEAR_NODE(&req->r_node); - INIT_LIST_HEAD(&req->r_unsafe_item); - INIT_LIST_HEAD(&req->r_linger_item); - INIT_LIST_HEAD(&req->r_linger_osd); -@@ -464,6 +464,7 @@ struct ceph_osd_request *ceph_osdc_new_request(struct ceph_osd_client *osdc, - { - struct ceph_osd_req_op ops[3]; - struct ceph_osd_request *req; -+ int r; - - ops[0].op = opcode; - ops[0].extent.truncate_seq = truncate_seq; -@@ -482,10 +483,12 @@ struct ceph_osd_request *ceph_osdc_new_request(struct ceph_osd_client *osdc, - use_mempool, - GFP_NOFS, NULL, NULL); - if (!req) -- return NULL; -+ return ERR_PTR(-ENOMEM); - - /* calculate max write size */ -- calc_layout(osdc, vino, layout, off, plen, req, ops); -+ r = calc_layout(osdc, vino, layout, off, plen, req, ops); -+ if (r < 0) -+ return ERR_PTR(r); - req->r_file_layout = *layout; /* keep a copy */ - - /* in case it differs from natural (file) alignment that -@@ -578,7 +581,7 @@ static void __kick_osd_requests(struct ceph_osd_client *osdc, - - dout("__kick_osd_requests osd%d\n", osd->o_osd); - err = __reset_osd(osdc, osd); -- if (err == -EAGAIN) -+ if (err) - return; - - list_for_each_entry(req, &osd->o_requests, r_osd_item) { -@@ -605,14 +608,6 @@ static void __kick_osd_requests(struct ceph_osd_client *osdc, - } - } - --static void kick_osd_requests(struct ceph_osd_client *osdc, -- struct ceph_osd *kickosd) --{ -- mutex_lock(&osdc->request_mutex); -- __kick_osd_requests(osdc, kickosd); -- mutex_unlock(&osdc->request_mutex); --} -- - /* - * If the osd connection drops, we need to resubmit all requests. - */ -@@ -626,7 +621,9 @@ static void osd_reset(struct ceph_connection *con) - dout("osd_reset osd%d\n", osd->o_osd); - osdc = osd->o_osdc; - down_read(&osdc->map_sem); -- kick_osd_requests(osdc, osd); -+ mutex_lock(&osdc->request_mutex); -+ __kick_osd_requests(osdc, osd); -+ mutex_unlock(&osdc->request_mutex); - send_queued(osdc); - up_read(&osdc->map_sem); - } -@@ -645,6 +642,7 @@ static struct ceph_osd *create_osd(struct ceph_osd_client *osdc, int onum) - atomic_set(&osd->o_ref, 1); - osd->o_osdc = osdc; - osd->o_osd = onum; -+ RB_CLEAR_NODE(&osd->o_node); - INIT_LIST_HEAD(&osd->o_requests); - INIT_LIST_HEAD(&osd->o_linger_requests); - INIT_LIST_HEAD(&osd->o_osd_lru); -@@ -748,6 +746,7 @@ static int __reset_osd(struct ceph_osd_client *osdc, struct ceph_osd *osd) - if (list_empty(&osd->o_requests) && - list_empty(&osd->o_linger_requests)) { - __remove_osd(osdc, osd); -+ ret = -ENODEV; - } else if (memcmp(&osdc->osdmap->osd_addr[osd->o_osd], - &osd->o_con.peer_addr, - sizeof(osd->o_con.peer_addr)) == 0 && -@@ -874,9 +873,9 @@ static void __unregister_request(struct ceph_osd_client *osdc, - req->r_osd = NULL; - } - -+ list_del_init(&req->r_req_lru_item); - ceph_osdc_put_request(req); - -- list_del_init(&req->r_req_lru_item); - if (osdc->num_requests == 0) { - dout(" no requests, canceling timeout\n"); - __cancel_osd_timeout(osdc); -@@ -908,8 +907,8 @@ static void __unregister_linger_request(struct ceph_osd_client *osdc, - struct ceph_osd_request *req) - { - dout("__unregister_linger_request %p\n", req); -+ list_del_init(&req->r_linger_item); - if (req->r_osd) { -- list_del_init(&req->r_linger_item); - list_del_init(&req->r_linger_osd); - - if (list_empty(&req->r_osd->o_requests) && -@@ -1088,12 +1087,10 @@ static void handle_timeout(struct work_struct *work) - { - struct ceph_osd_client *osdc = - container_of(work, struct ceph_osd_client, timeout_work.work); -- struct ceph_osd_request *req, *last_req = NULL; -+ struct ceph_osd_request *req; - struct ceph_osd *osd; -- unsigned long timeout = osdc->client->options->osd_timeout * HZ; - unsigned long keepalive = - osdc->client->options->osd_keepalive_timeout * HZ; -- unsigned long last_stamp = 0; - struct list_head slow_osds; - dout("timeout\n"); - down_read(&osdc->map_sem); -@@ -1103,37 +1100,6 @@ static void handle_timeout(struct work_struct *work) - mutex_lock(&osdc->request_mutex); - - /* -- * reset osds that appear to be _really_ unresponsive. this -- * is a failsafe measure.. we really shouldn't be getting to -- * this point if the system is working properly. the monitors -- * should mark the osd as failed and we should find out about -- * it from an updated osd map. -- */ -- while (timeout && !list_empty(&osdc->req_lru)) { -- req = list_entry(osdc->req_lru.next, struct ceph_osd_request, -- r_req_lru_item); -- -- /* hasn't been long enough since we sent it? */ -- if (time_before(jiffies, req->r_stamp + timeout)) -- break; -- -- /* hasn't been long enough since it was acked? */ -- if (req->r_request->ack_stamp == 0 || -- time_before(jiffies, req->r_request->ack_stamp + timeout)) -- break; -- -- BUG_ON(req == last_req && req->r_stamp == last_stamp); -- last_req = req; -- last_stamp = req->r_stamp; -- -- osd = req->r_osd; -- BUG_ON(!osd); -- pr_warning(" tid %llu timed out on osd%d, will reset osd\n", -- req->r_tid, osd->o_osd); -- __kick_osd_requests(osdc, osd); -- } -- -- /* - * ping osds that are a bit slow. this ensures that if there - * is a break in the TCP connection we will notice, and reopen - * a connection with that osd (from the fault callback). -@@ -1304,7 +1270,7 @@ static void reset_changed_osds(struct ceph_osd_client *osdc) - * Requeue requests whose mapping to an OSD has changed. If requests map to - * no osd, request a new map. - * -- * Caller should hold map_sem for read and request_mutex. -+ * Caller should hold map_sem for read. - */ - static void kick_requests(struct ceph_osd_client *osdc, int force_resend) - { -@@ -1318,6 +1284,24 @@ static void kick_requests(struct ceph_osd_client *osdc, int force_resend) - for (p = rb_first(&osdc->requests); p; ) { - req = rb_entry(p, struct ceph_osd_request, r_node); - p = rb_next(p); -+ -+ /* -+ * For linger requests that have not yet been -+ * registered, move them to the linger list; they'll -+ * be sent to the osd in the loop below. Unregister -+ * the request before re-registering it as a linger -+ * request to ensure the __map_request() below -+ * will decide it needs to be sent. -+ */ -+ if (req->r_linger && list_empty(&req->r_linger_item)) { -+ dout("%p tid %llu restart on osd%d\n", -+ req, req->r_tid, -+ req->r_osd ? req->r_osd->o_osd : -1); -+ __unregister_request(osdc, req); -+ __register_linger_request(osdc, req); -+ continue; -+ } -+ - err = __map_request(osdc, req, force_resend); - if (err < 0) - continue; /* error */ -@@ -1332,17 +1316,6 @@ static void kick_requests(struct ceph_osd_client *osdc, int force_resend) - req->r_flags |= CEPH_OSD_FLAG_RETRY; - } - } -- if (req->r_linger && list_empty(&req->r_linger_item)) { -- /* -- * register as a linger so that we will -- * re-submit below and get a new tid -- */ -- dout("%p tid %llu restart on osd%d\n", -- req, req->r_tid, -- req->r_osd ? req->r_osd->o_osd : -1); -- __register_linger_request(osdc, req); -- __unregister_request(osdc, req); -- } - } - - list_for_each_entry_safe(req, nreq, &osdc->req_linger, -@@ -1350,6 +1323,7 @@ static void kick_requests(struct ceph_osd_client *osdc, int force_resend) - dout("linger req=%p req->r_osd=%p\n", req, req->r_osd); - - err = __map_request(osdc, req, force_resend); -+ dout("__map_request returned %d\n", err); - if (err == 0) - continue; /* no change and no osd was specified */ - if (err < 0) -@@ -1362,8 +1336,8 @@ static void kick_requests(struct ceph_osd_client *osdc, int force_resend) - - dout("kicking lingering %p tid %llu osd%d\n", req, req->r_tid, - req->r_osd ? req->r_osd->o_osd : -1); -- __unregister_linger_request(osdc, req); - __register_request(osdc, req); -+ __unregister_linger_request(osdc, req); - } - mutex_unlock(&osdc->request_mutex); - -@@ -1371,6 +1345,7 @@ static void kick_requests(struct ceph_osd_client *osdc, int force_resend) - dout("%d requests for down osds, need new map\n", needmap); - ceph_monc_request_next_osdmap(&osdc->client->monc); - } -+ reset_changed_osds(osdc); - } - - -@@ -1427,7 +1402,6 @@ void ceph_osdc_handle_map(struct ceph_osd_client *osdc, struct ceph_msg *msg) - osdc->osdmap = newmap; - } - kick_requests(osdc, 0); -- reset_changed_osds(osdc); - } else { - dout("ignoring incremental map %u len %d\n", - epoch, maplen); -@@ -1597,6 +1571,7 @@ int ceph_osdc_create_event(struct ceph_osd_client *osdc, - event->data = data; - event->osdc = osdc; - INIT_LIST_HEAD(&event->osd_node); -+ RB_CLEAR_NODE(&event->node); - kref_init(&event->kref); /* one ref for us */ - kref_get(&event->kref); /* one ref for the caller */ - init_completion(&event->completion); -@@ -1928,8 +1903,8 @@ int ceph_osdc_readpages(struct ceph_osd_client *osdc, - CEPH_OSD_OP_READ, CEPH_OSD_FLAG_READ, - NULL, 0, truncate_seq, truncate_size, NULL, - false, 1, page_align); -- if (!req) -- return -ENOMEM; -+ if (IS_ERR(req)) -+ return PTR_ERR(req); - - /* it may be a short read due to an object boundary */ - req->r_pages = pages; -@@ -1971,8 +1946,8 @@ int ceph_osdc_writepages(struct ceph_osd_client *osdc, struct ceph_vino vino, - snapc, do_sync, - truncate_seq, truncate_size, mtime, - nofail, 1, page_align); -- if (!req) -- return -ENOMEM; -+ if (IS_ERR(req)) -+ return PTR_ERR(req); - - /* it may be a short write due to an object boundary */ - req->r_pages = pages; -diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c -index 5433fb0..f552aa4 100644 ---- a/net/ceph/osdmap.c -+++ b/net/ceph/osdmap.c -@@ -645,10 +645,12 @@ struct ceph_osdmap *osdmap_decode(void **p, void *end) - ceph_decode_32_safe(p, end, max, bad); - while (max--) { - ceph_decode_need(p, end, 4 + 1 + sizeof(pi->v), bad); -+ err = -ENOMEM; - pi = kzalloc(sizeof(*pi), GFP_NOFS); - if (!pi) - goto bad; - pi->id = ceph_decode_32(p); -+ err = -EINVAL; - ev = ceph_decode_8(p); /* encoding version */ - if (ev > CEPH_PG_POOL_VERSION) { - pr_warning("got unknown v %d > %d of ceph_pg_pool\n", -@@ -664,8 +666,13 @@ struct ceph_osdmap *osdmap_decode(void **p, void *end) - __insert_pg_pool(&map->pg_pools, pi); - } - -- if (version >= 5 && __decode_pool_names(p, end, map) < 0) -- goto bad; -+ if (version >= 5) { -+ err = __decode_pool_names(p, end, map); -+ if (err < 0) { -+ dout("fail to decode pool names"); -+ goto bad; -+ } -+ } - - ceph_decode_32_safe(p, end, map->pool_max, bad); - -@@ -745,7 +752,7 @@ struct ceph_osdmap *osdmap_decode(void **p, void *end) - return map; - - bad: -- dout("osdmap_decode fail\n"); -+ dout("osdmap_decode fail err %d\n", err); - ceph_osdmap_destroy(map); - return ERR_PTR(err); - } -@@ -839,6 +846,7 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end, - if (ev > CEPH_PG_POOL_VERSION) { - pr_warning("got unknown v %d > %d of ceph_pg_pool\n", - ev, CEPH_PG_POOL_VERSION); -+ err = -EINVAL; - goto bad; - } - pi = __lookup_pg_pool(&map->pg_pools, pool); -@@ -855,8 +863,11 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end, - if (err < 0) - goto bad; - } -- if (version >= 5 && __decode_pool_names(p, end, map) < 0) -- goto bad; -+ if (version >= 5) { -+ err = __decode_pool_names(p, end, map); -+ if (err < 0) -+ goto bad; -+ } - - /* old_pool */ - ceph_decode_32_safe(p, end, len, bad); -@@ -932,15 +943,13 @@ struct ceph_osdmap *osdmap_apply_incremental(void **p, void *end, - (void) __remove_pg_mapping(&map->pg_temp, pgid); - - /* insert */ -- if (pglen > (UINT_MAX - sizeof(*pg)) / sizeof(u32)) { -- err = -EINVAL; -+ err = -EINVAL; -+ if (pglen > (UINT_MAX - sizeof(*pg)) / sizeof(u32)) - goto bad; -- } -+ err = -ENOMEM; - pg = kmalloc(sizeof(*pg) + sizeof(u32)*pglen, GFP_NOFS); -- if (!pg) { -- err = -ENOMEM; -+ if (!pg) - goto bad; -- } - pg->pgid = pgid; - pg->len = pglen; - for (j = 0; j < pglen; j++) -diff --git a/net/core/datagram.c b/net/core/datagram.c -index 0337e2b..368f9c3 100644 ---- a/net/core/datagram.c -+++ b/net/core/datagram.c -@@ -187,7 +187,7 @@ struct sk_buff *__skb_recv_datagram(struct sock *sk, unsigned int flags, - skb_queue_walk(queue, skb) { - *peeked = skb->peeked; - if (flags & MSG_PEEK) { -- if (*off >= skb->len) { -+ if (*off >= skb->len && skb->len) { - *off -= skb->len; - continue; - } -diff --git a/net/core/pktgen.c b/net/core/pktgen.c -index e356b8d..d7881b2 100644 ---- a/net/core/pktgen.c -+++ b/net/core/pktgen.c -@@ -1797,10 +1797,13 @@ static ssize_t pktgen_thread_write(struct file *file, - return -EFAULT; - i += len; - mutex_lock(&pktgen_thread_lock); -- pktgen_add_device(t, f); -+ ret = pktgen_add_device(t, f); - mutex_unlock(&pktgen_thread_lock); -- ret = count; -- sprintf(pg_result, "OK: add_device=%s", f); -+ if (!ret) { -+ ret = count; -+ sprintf(pg_result, "OK: add_device=%s", f); -+ } else -+ sprintf(pg_result, "ERROR: can not add device %s", f); - goto out; - } - -diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c -index 9d8755e..a2ad320 100644 ---- a/net/core/sock_diag.c -+++ b/net/core/sock_diag.c -@@ -121,6 +121,9 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) - if (nlmsg_len(nlh) < sizeof(*req)) - return -EINVAL; - -+ if (req->sdiag_family >= AF_MAX) -+ return -EINVAL; -+ - hndl = sock_diag_lock_handler(req->sdiag_family); - if (hndl == NULL) - err = -ENOENT; -diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c -index 176ecdb..4f9f5eb 100644 ---- a/net/dccp/ipv4.c -+++ b/net/dccp/ipv4.c -@@ -439,8 +439,8 @@ exit: - NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); - return NULL; - put_and_exit: -- bh_unlock_sock(newsk); -- sock_put(newsk); -+ inet_csk_prepare_forced_close(newsk); -+ dccp_done(newsk); - goto exit; - } - -diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c -index 56840b2..6e05981 100644 ---- a/net/dccp/ipv6.c -+++ b/net/dccp/ipv6.c -@@ -585,7 +585,8 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk, - newinet->inet_rcv_saddr = LOOPBACK4_IPV6; - - if (__inet_inherit_port(sk, newsk) < 0) { -- sock_put(newsk); -+ inet_csk_prepare_forced_close(newsk); -+ dccp_done(newsk); - goto out; - } - __inet6_hash(newsk, NULL); -diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c -index fe4582c..26222ed 100644 ---- a/net/ipv4/af_inet.c -+++ b/net/ipv4/af_inet.c -@@ -228,8 +228,12 @@ EXPORT_SYMBOL(inet_listen); - u32 inet_ehash_secret __read_mostly; - EXPORT_SYMBOL(inet_ehash_secret); - -+u32 ipv6_hash_secret __read_mostly; -+EXPORT_SYMBOL(ipv6_hash_secret); -+ - /* -- * inet_ehash_secret must be set exactly once -+ * inet_ehash_secret must be set exactly once, and to a non nul value -+ * ipv6_hash_secret must be set exactly once. - */ - void build_ehash_secret(void) - { -@@ -239,7 +243,8 @@ void build_ehash_secret(void) - get_random_bytes(&rnd, sizeof(rnd)); - } while (rnd == 0); - -- cmpxchg(&inet_ehash_secret, 0, rnd); -+ if (cmpxchg(&inet_ehash_secret, 0, rnd) == 0) -+ get_random_bytes(&ipv6_hash_secret, sizeof(ipv6_hash_secret)); - } - EXPORT_SYMBOL(build_ehash_secret); - -diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c -index 0405cc8..567c31f 100644 ---- a/net/ipv4/inet_connection_sock.c -+++ b/net/ipv4/inet_connection_sock.c -@@ -679,6 +679,22 @@ void inet_csk_destroy_sock(struct sock *sk) - } - EXPORT_SYMBOL(inet_csk_destroy_sock); - -+/* This function allows to force a closure of a socket after the call to -+ * tcp/dccp_create_openreq_child(). -+ */ -+void inet_csk_prepare_forced_close(struct sock *sk) -+{ -+ /* sk_clone_lock locked the socket and set refcnt to 2 */ -+ bh_unlock_sock(sk); -+ sock_put(sk); -+ -+ /* The below has to be done to allow calling inet_csk_destroy_sock */ -+ sock_set_flag(sk, SOCK_DEAD); -+ percpu_counter_inc(sk->sk_prot->orphan_count); -+ inet_sk(sk)->inet_num = 0; -+} -+EXPORT_SYMBOL(inet_csk_prepare_forced_close); -+ - int inet_csk_listen_start(struct sock *sk, const int nr_table_entries) - { - struct inet_sock *inet = inet_sk(sk); -diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c -index 14bbfcf..e95d72b 100644 ---- a/net/ipv4/ip_sockglue.c -+++ b/net/ipv4/ip_sockglue.c -@@ -590,7 +590,7 @@ static int do_ip_setsockopt(struct sock *sk, int level, - case IP_TTL: - if (optlen < 1) - goto e_inval; -- if (val != -1 && (val < 0 || val > 255)) -+ if (val != -1 && (val < 1 || val > 255)) - goto e_inval; - inet->uc_ttl = val; - break; -diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index 6232d47..920cb0b 100644 ---- a/net/ipv4/ping.c -+++ b/net/ipv4/ping.c -@@ -328,8 +328,8 @@ void ping_err(struct sk_buff *skb, u32 info) - struct iphdr *iph = (struct iphdr *)skb->data; - struct icmphdr *icmph = (struct icmphdr *)(skb->data+(iph->ihl<<2)); - struct inet_sock *inet_sock; -- int type = icmph->type; -- int code = icmph->code; -+ int type = icmp_hdr(skb)->type; -+ int code = icmp_hdr(skb)->code; - struct net *net = dev_net(skb->dev); - struct sock *sk; - int harderr; -diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index c92c4da..8d02e34 100644 ---- a/net/ipv4/tcp_input.c -+++ b/net/ipv4/tcp_input.c -@@ -3531,6 +3531,11 @@ static bool tcp_process_frto(struct sock *sk, int flag) - } - } else { - if (!(flag & FLAG_DATA_ACKED) && (tp->frto_counter == 1)) { -+ if (!tcp_packets_in_flight(tp)) { -+ tcp_enter_frto_loss(sk, 2, flag); -+ return true; -+ } -+ - /* Prevent sending of new data. */ - tp->snd_cwnd = min(tp->snd_cwnd, - tcp_packets_in_flight(tp)); -@@ -3579,6 +3584,24 @@ static bool tcp_process_frto(struct sock *sk, int flag) - return false; - } - -+/* RFC 5961 7 [ACK Throttling] */ -+static void tcp_send_challenge_ack(struct sock *sk) -+{ -+ /* unprotected vars, we dont care of overwrites */ -+ static u32 challenge_timestamp; -+ static unsigned int challenge_count; -+ u32 now = jiffies / HZ; -+ -+ if (now != challenge_timestamp) { -+ challenge_timestamp = now; -+ challenge_count = 0; -+ } -+ if (++challenge_count <= sysctl_tcp_challenge_ack_limit) { -+ NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPCHALLENGEACK); -+ tcp_send_ack(sk); -+ } -+} -+ - /* This routine deals with incoming acks, but not outgoing ones. */ - static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) - { -@@ -3598,8 +3621,14 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) - /* If the ack is older than previous acks - * then we can probably ignore it. - */ -- if (before(ack, prior_snd_una)) -+ if (before(ack, prior_snd_una)) { -+ /* RFC 5961 5.2 [Blind Data Injection Attack].[Mitigation] */ -+ if (before(ack, prior_snd_una - tp->max_window)) { -+ tcp_send_challenge_ack(sk); -+ return -1; -+ } - goto old_ack; -+ } - - /* If the ack includes data we haven't sent yet, discard - * this segment (RFC793 Section 3.9). -@@ -5271,23 +5300,6 @@ out: - } - #endif /* CONFIG_NET_DMA */ - --static void tcp_send_challenge_ack(struct sock *sk) --{ -- /* unprotected vars, we dont care of overwrites */ -- static u32 challenge_timestamp; -- static unsigned int challenge_count; -- u32 now = jiffies / HZ; -- -- if (now != challenge_timestamp) { -- challenge_timestamp = now; -- challenge_count = 0; -- } -- if (++challenge_count <= sysctl_tcp_challenge_ack_limit) { -- NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPCHALLENGEACK); -- tcp_send_ack(sk); -- } --} -- - /* Does PAWS and seqno based validation of an incoming segment, flags will - * play significant role here. - */ -@@ -5340,11 +5352,6 @@ static bool tcp_validate_incoming(struct sock *sk, struct sk_buff *skb, - goto discard; - } - -- /* ts_recent update must be made after we are sure that the packet -- * is in window. -- */ -- tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq); -- - /* step 3: check security and precedence [ignored] */ - - /* step 4: Check for a SYN -@@ -5579,6 +5586,11 @@ step5: - if (th->ack && tcp_ack(sk, skb, FLAG_SLOWPATH) < 0) - goto discard; - -+ /* ts_recent update must be made after we are sure that the packet -+ * is in window. -+ */ -+ tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq); -+ - tcp_rcv_rtt_measure_ts(sk, skb); - - /* Process urgent data. */ -@@ -6106,6 +6118,11 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, - } else - goto discard; - -+ /* ts_recent update must be made after we are sure that the packet -+ * is in window. -+ */ -+ tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq); -+ - /* step 6: check the URG bit */ - tcp_urg(sk, skb, th); - -diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index db7bfad..4705caf 100644 ---- a/net/ipv4/tcp_ipv4.c -+++ b/net/ipv4/tcp_ipv4.c -@@ -1537,10 +1537,8 @@ exit: - NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_LISTENDROPS); - return NULL; - put_and_exit: -- tcp_clear_xmit_timers(newsk); -- tcp_cleanup_congestion_control(newsk); -- bh_unlock_sock(newsk); -- sock_put(newsk); -+ inet_csk_prepare_forced_close(newsk); -+ tcp_done(newsk); - goto exit; - } - EXPORT_SYMBOL(tcp_v4_syn_recv_sock); -diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index b10374d..fd82a30 100644 ---- a/net/ipv6/addrconf.c -+++ b/net/ipv6/addrconf.c -@@ -1736,7 +1736,7 @@ static struct rt6_info *addrconf_get_prefix_route(const struct in6_addr *pfx, - continue; - if ((rt->rt6i_flags & flags) != flags) - continue; -- if ((noflags != 0) && ((rt->rt6i_flags & flags) != 0)) -+ if ((rt->rt6i_flags & noflags) != 0) - continue; - dst_hold(&rt->dst); - break; -diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c -index 5b2d63e..3d485ec 100644 ---- a/net/ipv6/ip6_output.c -+++ b/net/ipv6/ip6_output.c -@@ -1287,10 +1287,10 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, - cork->length = 0; - sk->sk_sndmsg_page = NULL; - sk->sk_sndmsg_off = 0; -- exthdrlen = (opt ? opt->opt_flen : 0) - rt->rt6i_nfheader_len; -+ exthdrlen = (opt ? opt->opt_flen : 0); - length += exthdrlen; - transhdrlen += exthdrlen; -- dst_exthdrlen = rt->dst.header_len; -+ dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len; - } else { - rt = (struct rt6_info *)cork->dst; - fl6 = &inet->cork.fl.u.ip6; -diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index 070a3ce..2ffaa7a 100644 ---- a/net/ipv6/route.c -+++ b/net/ipv6/route.c -@@ -881,7 +881,7 @@ restart: - dst_hold(&rt->dst); - read_unlock_bh(&table->tb6_lock); - -- if (!rt->n && !(rt->rt6i_flags & RTF_NONEXTHOP)) -+ if (!rt->n && !(rt->rt6i_flags & (RTF_NONEXTHOP | RTF_LOCAL))) - nrt = rt6_alloc_cow(rt, &fl6->daddr, &fl6->saddr); - else if (!(rt->dst.flags & DST_HOST)) - nrt = rt6_alloc_clone(rt, &fl6->daddr); -diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 7e32d42..8b45fb4 100644 ---- a/net/ipv6/tcp_ipv6.c -+++ b/net/ipv6/tcp_ipv6.c -@@ -1371,7 +1371,8 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, - #endif - - if (__inet_inherit_port(sk, newsk) < 0) { -- sock_put(newsk); -+ inet_csk_prepare_forced_close(newsk); -+ tcp_done(newsk); - goto out; - } - __inet6_hash(newsk, NULL); -diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c -index a58c0b6..f985911 100644 ---- a/net/mac80211/cfg.c -+++ b/net/mac80211/cfg.c -@@ -151,7 +151,17 @@ static int ieee80211_add_key(struct wiphy *wiphy, struct net_device *dev, - sta = sta_info_get(sdata, mac_addr); - else - sta = sta_info_get_bss(sdata, mac_addr); -- if (!sta) { -+ /* -+ * The ASSOC test makes sure the driver is ready to -+ * receive the key. When wpa_supplicant has roamed -+ * using FT, it attempts to set the key before -+ * association has completed, this rejects that attempt -+ * so it will set the key again after assocation. -+ * -+ * TODO: accept the key if we have a station entry and -+ * add it to the device after the station. -+ */ -+ if (!sta || !test_sta_flag(sta, WLAN_STA_ASSOC)) { - ieee80211_key_free(sdata->local, key); - err = -ENOENT; - goto out_unlock; -diff --git a/net/mac80211/ibss.c b/net/mac80211/ibss.c -index a5894dd..c55eacc 100644 ---- a/net/mac80211/ibss.c -+++ b/net/mac80211/ibss.c -@@ -647,8 +647,8 @@ static void ieee80211_sta_merge_ibss(struct ieee80211_sub_if_data *sdata) - sdata_info(sdata, - "No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)\n"); - -- ieee80211_request_internal_scan(sdata, -- ifibss->ssid, ifibss->ssid_len, NULL); -+ ieee80211_request_ibss_scan(sdata, ifibss->ssid, ifibss->ssid_len, -+ NULL); - } - - static void ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata) -@@ -746,9 +746,8 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata) - IEEE80211_SCAN_INTERVAL)) { - sdata_info(sdata, "Trigger new scan to find an IBSS to join\n"); - -- ieee80211_request_internal_scan(sdata, -- ifibss->ssid, ifibss->ssid_len, -- ifibss->fixed_channel ? ifibss->channel : NULL); -+ ieee80211_request_ibss_scan(sdata, ifibss->ssid, -+ ifibss->ssid_len, chan); - } else { - int interval = IEEE80211_SCAN_INTERVAL; - -diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h -index 642a2a3..fcab057 100644 ---- a/net/mac80211/ieee80211_i.h -+++ b/net/mac80211/ieee80211_i.h -@@ -1239,9 +1239,9 @@ void ieee80211_mesh_rx_queued_mgmt(struct ieee80211_sub_if_data *sdata, - - /* scan/BSS handling */ - void ieee80211_scan_work(struct work_struct *work); --int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata, -- const u8 *ssid, u8 ssid_len, -- struct ieee80211_channel *chan); -+int ieee80211_request_ibss_scan(struct ieee80211_sub_if_data *sdata, -+ const u8 *ssid, u8 ssid_len, -+ struct ieee80211_channel *chan); - int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata, - struct cfg80211_scan_request *req); - void ieee80211_scan_cancel(struct ieee80211_local *local); -@@ -1267,10 +1267,8 @@ int ieee80211_request_sched_scan_stop(struct ieee80211_sub_if_data *sdata); - void ieee80211_sched_scan_stopped_work(struct work_struct *work); - - /* off-channel helpers */ --void ieee80211_offchannel_stop_vifs(struct ieee80211_local *local, -- bool offchannel_ps_enable); --void ieee80211_offchannel_return(struct ieee80211_local *local, -- bool offchannel_ps_disable); -+void ieee80211_offchannel_stop_vifs(struct ieee80211_local *local); -+void ieee80211_offchannel_return(struct ieee80211_local *local); - void ieee80211_roc_setup(struct ieee80211_local *local); - void ieee80211_start_next_roc(struct ieee80211_local *local); - void ieee80211_roc_purge(struct ieee80211_sub_if_data *sdata); -diff --git a/net/mac80211/offchannel.c b/net/mac80211/offchannel.c -index 2138dc3..37e3028 100644 ---- a/net/mac80211/offchannel.c -+++ b/net/mac80211/offchannel.c -@@ -102,8 +102,7 @@ static void ieee80211_offchannel_ps_disable(struct ieee80211_sub_if_data *sdata) - ieee80211_sta_reset_conn_monitor(sdata); - } - --void ieee80211_offchannel_stop_vifs(struct ieee80211_local *local, -- bool offchannel_ps_enable) -+void ieee80211_offchannel_stop_vifs(struct ieee80211_local *local) - { - struct ieee80211_sub_if_data *sdata; - -@@ -128,8 +127,7 @@ void ieee80211_offchannel_stop_vifs(struct ieee80211_local *local, - - if (sdata->vif.type != NL80211_IFTYPE_MONITOR) { - netif_tx_stop_all_queues(sdata->dev); -- if (offchannel_ps_enable && -- (sdata->vif.type == NL80211_IFTYPE_STATION) && -+ if (sdata->vif.type == NL80211_IFTYPE_STATION && - sdata->u.mgd.associated) - ieee80211_offchannel_ps_enable(sdata); - } -@@ -137,8 +135,7 @@ void ieee80211_offchannel_stop_vifs(struct ieee80211_local *local, - mutex_unlock(&local->iflist_mtx); - } - --void ieee80211_offchannel_return(struct ieee80211_local *local, -- bool offchannel_ps_disable) -+void ieee80211_offchannel_return(struct ieee80211_local *local) - { - struct ieee80211_sub_if_data *sdata; - -@@ -151,11 +148,9 @@ void ieee80211_offchannel_return(struct ieee80211_local *local, - continue; - - /* Tell AP we're back */ -- if (offchannel_ps_disable && -- sdata->vif.type == NL80211_IFTYPE_STATION) { -- if (sdata->u.mgd.associated) -- ieee80211_offchannel_ps_disable(sdata); -- } -+ if (sdata->vif.type == NL80211_IFTYPE_STATION && -+ sdata->u.mgd.associated) -+ ieee80211_offchannel_ps_disable(sdata); - - if (sdata->vif.type != NL80211_IFTYPE_MONITOR) { - /* -@@ -376,7 +371,7 @@ void ieee80211_sw_roc_work(struct work_struct *work) - local->tmp_channel = NULL; - ieee80211_hw_config(local, 0); - -- ieee80211_offchannel_return(local, true); -+ ieee80211_offchannel_return(local); - } - - ieee80211_recalc_idle(local); -diff --git a/net/mac80211/scan.c b/net/mac80211/scan.c -index 839dd97..8719635 100644 ---- a/net/mac80211/scan.c -+++ b/net/mac80211/scan.c -@@ -310,7 +310,7 @@ static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted, - if (!was_hw_scan) { - ieee80211_configure_filter(local); - drv_sw_scan_complete(local); -- ieee80211_offchannel_return(local, true); -+ ieee80211_offchannel_return(local); - } - - ieee80211_recalc_idle(local); -@@ -355,7 +355,7 @@ static int ieee80211_start_sw_scan(struct ieee80211_local *local) - local->next_scan_state = SCAN_DECISION; - local->scan_channel_idx = 0; - -- ieee80211_offchannel_stop_vifs(local, true); -+ ieee80211_offchannel_stop_vifs(local); - - ieee80211_configure_filter(local); - -@@ -680,12 +680,8 @@ static void ieee80211_scan_state_suspend(struct ieee80211_local *local, - local->scan_channel = NULL; - ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL); - -- /* -- * Re-enable vifs and beaconing. Leave PS -- * in off-channel state..will put that back -- * on-channel at the end of scanning. -- */ -- ieee80211_offchannel_return(local, false); -+ /* disable PS */ -+ ieee80211_offchannel_return(local); - - *next_delay = HZ / 5; - /* afterwards, resume scan & go to next channel */ -@@ -695,8 +691,7 @@ static void ieee80211_scan_state_suspend(struct ieee80211_local *local, - static void ieee80211_scan_state_resume(struct ieee80211_local *local, - unsigned long *next_delay) - { -- /* PS already is in off-channel mode */ -- ieee80211_offchannel_stop_vifs(local, false); -+ ieee80211_offchannel_stop_vifs(local); - - if (local->ops->flush) { - drv_flush(local, false); -@@ -819,9 +814,9 @@ int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata, - return res; - } - --int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata, -- const u8 *ssid, u8 ssid_len, -- struct ieee80211_channel *chan) -+int ieee80211_request_ibss_scan(struct ieee80211_sub_if_data *sdata, -+ const u8 *ssid, u8 ssid_len, -+ struct ieee80211_channel *chan) - { - struct ieee80211_local *local = sdata->local; - int ret = -EBUSY; -@@ -835,22 +830,36 @@ int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata, - - /* fill internal scan request */ - if (!chan) { -- int i, nchan = 0; -+ int i, max_n; -+ int n_ch = 0; - - for (band = 0; band < IEEE80211_NUM_BANDS; band++) { - if (!local->hw.wiphy->bands[band]) - continue; -- for (i = 0; -- i < local->hw.wiphy->bands[band]->n_channels; -- i++) { -- local->int_scan_req->channels[nchan] = -+ -+ max_n = local->hw.wiphy->bands[band]->n_channels; -+ for (i = 0; i < max_n; i++) { -+ struct ieee80211_channel *tmp_ch = - &local->hw.wiphy->bands[band]->channels[i]; -- nchan++; -+ -+ if (tmp_ch->flags & (IEEE80211_CHAN_NO_IBSS | -+ IEEE80211_CHAN_DISABLED)) -+ continue; -+ -+ local->int_scan_req->channels[n_ch] = tmp_ch; -+ n_ch++; - } - } - -- local->int_scan_req->n_channels = nchan; -+ if (WARN_ON_ONCE(n_ch == 0)) -+ goto unlock; -+ -+ local->int_scan_req->n_channels = n_ch; - } else { -+ if (WARN_ON_ONCE(chan->flags & (IEEE80211_CHAN_NO_IBSS | -+ IEEE80211_CHAN_DISABLED))) -+ goto unlock; -+ - local->int_scan_req->channels[0] = chan; - local->int_scan_req->n_channels = 1; - } -diff --git a/net/mac80211/sta_info.c b/net/mac80211/sta_info.c -index 31aa8b8..cd7ca8d 100644 ---- a/net/mac80211/sta_info.c -+++ b/net/mac80211/sta_info.c -@@ -835,7 +835,7 @@ void sta_info_init(struct ieee80211_local *local) - - void sta_info_stop(struct ieee80211_local *local) - { -- del_timer(&local->sta_cleanup); -+ del_timer_sync(&local->sta_cleanup); - sta_info_flush(local, NULL); - } - -diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index c5c9e2a..70f7e18 100644 ---- a/net/packet/af_packet.c -+++ b/net/packet/af_packet.c -@@ -2443,13 +2443,15 @@ static int packet_release(struct socket *sock) - - packet_flush_mclist(sk); - -- memset(&req_u, 0, sizeof(req_u)); -- -- if (po->rx_ring.pg_vec) -+ if (po->rx_ring.pg_vec) { -+ memset(&req_u, 0, sizeof(req_u)); - packet_set_ring(sk, &req_u, 1, 0); -+ } - -- if (po->tx_ring.pg_vec) -+ if (po->tx_ring.pg_vec) { -+ memset(&req_u, 0, sizeof(req_u)); - packet_set_ring(sk, &req_u, 1, 1); -+ } - - fanout_release(sk); - -diff --git a/net/sched/sch_htb.c b/net/sched/sch_htb.c -index 9d75b77..e9ea2f3 100644 ---- a/net/sched/sch_htb.c -+++ b/net/sched/sch_htb.c -@@ -874,7 +874,7 @@ ok: - q->now = psched_get_time(); - start_at = jiffies; - -- next_event = q->now + 5 * PSCHED_TICKS_PER_SEC; -+ next_event = q->now + 5LLU * PSCHED_TICKS_PER_SEC; - - for (level = 0; level < TC_HTB_MAXDEPTH; level++) { - /* common case optimization - skip event handler quickly */ -diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c -index 68a385d..58cd035 100644 ---- a/net/sctp/endpointola.c -+++ b/net/sctp/endpointola.c -@@ -248,6 +248,8 @@ void sctp_endpoint_free(struct sctp_endpoint *ep) - /* Final destructor for endpoint. */ - static void sctp_endpoint_destroy(struct sctp_endpoint *ep) - { -+ int i; -+ - SCTP_ASSERT(ep->base.dead, "Endpoint is not dead", return); - - /* Free up the HMAC transform. */ -@@ -270,6 +272,9 @@ static void sctp_endpoint_destroy(struct sctp_endpoint *ep) - sctp_inq_free(&ep->base.inqueue); - sctp_bind_addr_free(&ep->base.bind_addr); - -+ for (i = 0; i < SCTP_HOW_MANY_SECRETS; ++i) -+ memset(&ep->secret_key[i], 0, SCTP_SECRET_SIZE); -+ - /* Remove and free the port */ - if (sctp_sk(ep->base.sk)->bind_hash) - sctp_put_port(ep->base.sk); -diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c -index e7aa177c..e0902c9 100644 ---- a/net/sctp/outqueue.c -+++ b/net/sctp/outqueue.c -@@ -223,7 +223,7 @@ void sctp_outq_init(struct sctp_association *asoc, struct sctp_outq *q) - - /* Free the outqueue structure and any related pending chunks. - */ --void sctp_outq_teardown(struct sctp_outq *q) -+static void __sctp_outq_teardown(struct sctp_outq *q) - { - struct sctp_transport *transport; - struct list_head *lchunk, *temp; -@@ -276,8 +276,6 @@ void sctp_outq_teardown(struct sctp_outq *q) - sctp_chunk_free(chunk); - } - -- q->error = 0; -- - /* Throw away any leftover control chunks. */ - list_for_each_entry_safe(chunk, tmp, &q->control_chunk_list, list) { - list_del_init(&chunk->list); -@@ -285,11 +283,17 @@ void sctp_outq_teardown(struct sctp_outq *q) - } - } - -+void sctp_outq_teardown(struct sctp_outq *q) -+{ -+ __sctp_outq_teardown(q); -+ sctp_outq_init(q->asoc, q); -+} -+ - /* Free the outqueue structure and any related pending chunks. */ - void sctp_outq_free(struct sctp_outq *q) - { - /* Throw away leftover chunks. */ -- sctp_outq_teardown(q); -+ __sctp_outq_teardown(q); - - /* If we were kmalloc()'d, free the memory. */ - if (q->malloced) -diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index cb54123..d32d86d 100644 ---- a/net/sctp/socket.c -+++ b/net/sctp/socket.c -@@ -3375,7 +3375,7 @@ static int sctp_setsockopt_auth_key(struct sock *sk, - - ret = sctp_auth_set_key(sctp_sk(sk)->ep, asoc, authkey); - out: -- kfree(authkey); -+ kzfree(authkey); - return ret; - } - -diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c -index fa48c60..346c387 100644 ---- a/net/sunrpc/clnt.c -+++ b/net/sunrpc/clnt.c -@@ -234,7 +234,7 @@ static struct rpc_clnt *rpc_get_client_for_event(struct net *net, int event) - spin_lock(&sn->rpc_client_lock); - list_for_each_entry(clnt, &sn->all_clients, cl_clients) { - if (clnt->cl_program->pipe_dir_name == NULL) -- break; -+ continue; - if (rpc_clnt_skip_event(clnt, event)) - continue; - if (atomic_inc_not_zero(&clnt->cl_count) == 0) -diff --git a/net/sunrpc/rpc_pipe.c b/net/sunrpc/rpc_pipe.c -index 21fde99..2a419f1 100644 ---- a/net/sunrpc/rpc_pipe.c -+++ b/net/sunrpc/rpc_pipe.c -@@ -1152,14 +1152,19 @@ static void rpc_kill_sb(struct super_block *sb) - struct sunrpc_net *sn = net_generic(net, sunrpc_net_id); - - mutex_lock(&sn->pipefs_sb_lock); -+ if (sn->pipefs_sb != sb) { -+ mutex_unlock(&sn->pipefs_sb_lock); -+ goto out; -+ } - sn->pipefs_sb = NULL; - mutex_unlock(&sn->pipefs_sb_lock); -- put_net(net); - dprintk("RPC: sending pipefs UMOUNT notification for net %p%s\n", net, - NET_NAME(net)); - blocking_notifier_call_chain(&rpc_pipefs_notifier_list, - RPC_PIPEFS_UMOUNT, - sb); -+ put_net(net); -+out: - kill_litter_super(sb); - } - -diff --git a/net/sunrpc/sched.c b/net/sunrpc/sched.c -index 128494e..7fc5846 100644 ---- a/net/sunrpc/sched.c -+++ b/net/sunrpc/sched.c -@@ -919,16 +919,35 @@ struct rpc_task *rpc_new_task(const struct rpc_task_setup *setup_data) - return task; - } - -+/* -+ * rpc_free_task - release rpc task and perform cleanups -+ * -+ * Note that we free up the rpc_task _after_ rpc_release_calldata() -+ * in order to work around a workqueue dependency issue. -+ * -+ * Tejun Heo states: -+ * "Workqueue currently considers two work items to be the same if they're -+ * on the same address and won't execute them concurrently - ie. it -+ * makes a work item which is queued again while being executed wait -+ * for the previous execution to complete. -+ * -+ * If a work function frees the work item, and then waits for an event -+ * which should be performed by another work item and *that* work item -+ * recycles the freed work item, it can create a false dependency loop. -+ * There really is no reliable way to detect this short of verifying -+ * every memory free." -+ * -+ */ - static void rpc_free_task(struct rpc_task *task) - { -- const struct rpc_call_ops *tk_ops = task->tk_ops; -- void *calldata = task->tk_calldata; -+ unsigned short tk_flags = task->tk_flags; -+ -+ rpc_release_calldata(task->tk_ops, task->tk_calldata); - -- if (task->tk_flags & RPC_TASK_DYNAMIC) { -+ if (tk_flags & RPC_TASK_DYNAMIC) { - dprintk("RPC: %5u freeing task\n", task->tk_pid); - mempool_free(task, rpc_task_mempool); - } -- rpc_release_calldata(tk_ops, calldata); - } - - static void rpc_async_release(struct work_struct *work) -@@ -938,8 +957,7 @@ static void rpc_async_release(struct work_struct *work) - - static void rpc_release_resources_task(struct rpc_task *task) - { -- if (task->tk_rqstp) -- xprt_release(task); -+ xprt_release(task); - if (task->tk_msg.rpc_cred) { - put_rpccred(task->tk_msg.rpc_cred); - task->tk_msg.rpc_cred = NULL; -diff --git a/net/sunrpc/svc_xprt.c b/net/sunrpc/svc_xprt.c -index bac973a..3e74e01 100644 ---- a/net/sunrpc/svc_xprt.c -+++ b/net/sunrpc/svc_xprt.c -@@ -814,7 +814,6 @@ static void svc_age_temp_xprts(unsigned long closure) - struct svc_serv *serv = (struct svc_serv *)closure; - struct svc_xprt *xprt; - struct list_head *le, *next; -- LIST_HEAD(to_be_aged); - - dprintk("svc_age_temp_xprts\n"); - -@@ -835,25 +834,15 @@ static void svc_age_temp_xprts(unsigned long closure) - if (atomic_read(&xprt->xpt_ref.refcount) > 1 || - test_bit(XPT_BUSY, &xprt->xpt_flags)) - continue; -- svc_xprt_get(xprt); -- list_move(le, &to_be_aged); -+ list_del_init(le); - set_bit(XPT_CLOSE, &xprt->xpt_flags); - set_bit(XPT_DETACHED, &xprt->xpt_flags); -- } -- spin_unlock_bh(&serv->sv_lock); -- -- while (!list_empty(&to_be_aged)) { -- le = to_be_aged.next; -- /* fiddling the xpt_list node is safe 'cos we're XPT_DETACHED */ -- list_del_init(le); -- xprt = list_entry(le, struct svc_xprt, xpt_list); -- - dprintk("queuing xprt %p for closing\n", xprt); - - /* a thread will dequeue and close it soon */ - svc_xprt_enqueue(xprt); -- svc_xprt_put(xprt); - } -+ spin_unlock_bh(&serv->sv_lock); - - mod_timer(&serv->sv_temptimer, jiffies + svc_conn_age_period * HZ); - } -diff --git a/net/sunrpc/xprt.c b/net/sunrpc/xprt.c -index 5d7f61d..2480c01 100644 ---- a/net/sunrpc/xprt.c -+++ b/net/sunrpc/xprt.c -@@ -1139,10 +1139,18 @@ static void xprt_request_init(struct rpc_task *task, struct rpc_xprt *xprt) - void xprt_release(struct rpc_task *task) - { - struct rpc_xprt *xprt; -- struct rpc_rqst *req; -+ struct rpc_rqst *req = task->tk_rqstp; - -- if (!(req = task->tk_rqstp)) -+ if (req == NULL) { -+ if (task->tk_client) { -+ rcu_read_lock(); -+ xprt = rcu_dereference(task->tk_client->cl_xprt); -+ if (xprt->snd_task == task) -+ xprt_release_write(xprt, task); -+ rcu_read_unlock(); -+ } - return; -+ } - - xprt = req->rq_xprt; - if (task->tk_ops->rpc_count_stats != NULL) -diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c -index 49a464f..62fa2c5 100644 ---- a/security/integrity/evm/evm_crypto.c -+++ b/security/integrity/evm/evm_crypto.c -@@ -205,9 +205,9 @@ int evm_update_evmxattr(struct dentry *dentry, const char *xattr_name, - rc = __vfs_setxattr_noperm(dentry, XATTR_NAME_EVM, - &xattr_data, - sizeof(xattr_data), 0); -- } -- else if (rc == -ENODATA) -+ } else if (rc == -ENODATA && inode->i_op->removexattr) { - rc = inode->i_op->removexattr(dentry, XATTR_NAME_EVM); -+ } - return rc; - } - -diff --git a/sound/arm/pxa2xx-ac97-lib.c b/sound/arm/pxa2xx-ac97-lib.c -index 48d7c0a..bd3ba88 100644 ---- a/sound/arm/pxa2xx-ac97-lib.c -+++ b/sound/arm/pxa2xx-ac97-lib.c -@@ -18,6 +18,7 @@ - #include <linux/delay.h> - #include <linux/module.h> - #include <linux/io.h> -+#include <linux/gpio.h> - - #include <sound/ac97_codec.h> - #include <sound/pxa2xx-lib.h> -@@ -148,6 +149,8 @@ static inline void pxa_ac97_warm_pxa27x(void) - - static inline void pxa_ac97_cold_pxa27x(void) - { -+ unsigned int timeout; -+ - GCR &= GCR_COLD_RST; /* clear everything but nCRST */ - GCR &= ~GCR_COLD_RST; /* then assert nCRST */ - -@@ -157,8 +160,10 @@ static inline void pxa_ac97_cold_pxa27x(void) - clk_enable(ac97conf_clk); - udelay(5); - clk_disable(ac97conf_clk); -- GCR = GCR_COLD_RST; -- udelay(50); -+ GCR = GCR_COLD_RST | GCR_WARM_RST; -+ timeout = 100; /* wait for the codec-ready bit to be set */ -+ while (!((GSR | gsr_bits) & (GSR_PCR | GSR_SCR)) && timeout--) -+ mdelay(1); - } - #endif - -@@ -340,8 +345,21 @@ int __devinit pxa2xx_ac97_hw_probe(struct platform_device *dev) - } - - if (cpu_is_pxa27x()) { -- /* Use GPIO 113 as AC97 Reset on Bulverde */ -+ /* -+ * This gpio is needed for a work-around to a bug in the ac97 -+ * controller during warm reset. The direction and level is set -+ * here so that it is an output driven high when switching from -+ * AC97_nRESET alt function to generic gpio. -+ */ -+ ret = gpio_request_one(reset_gpio, GPIOF_OUT_INIT_HIGH, -+ "pxa27x ac97 reset"); -+ if (ret < 0) { -+ pr_err("%s: gpio_request_one() failed: %d\n", -+ __func__, ret); -+ goto err_conf; -+ } - pxa27x_assert_ac97reset(reset_gpio, 0); -+ - ac97conf_clk = clk_get(&dev->dev, "AC97CONFCLK"); - if (IS_ERR(ac97conf_clk)) { - ret = PTR_ERR(ac97conf_clk); -@@ -384,6 +402,8 @@ EXPORT_SYMBOL_GPL(pxa2xx_ac97_hw_probe); - - void pxa2xx_ac97_hw_remove(struct platform_device *dev) - { -+ if (cpu_is_pxa27x()) -+ gpio_free(reset_gpio); - GCR |= GCR_ACLINK_OFF; - free_irq(IRQ_AC97, NULL); - if (ac97conf_clk) { -diff --git a/sound/pci/ali5451/ali5451.c b/sound/pci/ali5451/ali5451.c -index ee895f3..be8c176 100644 ---- a/sound/pci/ali5451/ali5451.c -+++ b/sound/pci/ali5451/ali5451.c -@@ -1435,7 +1435,7 @@ static snd_pcm_uframes_t snd_ali_pointer(struct snd_pcm_substream *substream) - - spin_lock(&codec->reg_lock); - if (!pvoice->running) { -- spin_unlock_irq(&codec->reg_lock); -+ spin_unlock(&codec->reg_lock); - return 0; - } - outb(pvoice->number, ALI_REG(codec, ALI_GC_CIR)); -diff --git a/sound/pci/hda/patch_hdmi.c b/sound/pci/hda/patch_hdmi.c -index 8f23374..c383243 100644 ---- a/sound/pci/hda/patch_hdmi.c -+++ b/sound/pci/hda/patch_hdmi.c -@@ -924,8 +924,12 @@ static int hdmi_pcm_open(struct hda_pcm_stream *hinfo, - if (!static_hdmi_pcm && eld->eld_valid) { - snd_hdmi_eld_update_pcm_info(eld, hinfo); - if (hinfo->channels_min > hinfo->channels_max || -- !hinfo->rates || !hinfo->formats) -+ !hinfo->rates || !hinfo->formats) { -+ per_cvt->assigned = 0; -+ hinfo->nid = 0; -+ snd_hda_spdif_ctls_unassign(codec, pin_idx); - return -ENODEV; -+ } - } - - /* Store the updated parameters */ -@@ -989,6 +993,7 @@ static void hdmi_present_sense(struct hdmi_spec_per_pin *per_pin, int repoll) - "HDMI status: Codec=%d Pin=%d Presence_Detect=%d ELD_Valid=%d\n", - codec->addr, pin_nid, eld->monitor_present, eld_valid); - -+ eld->eld_valid = false; - if (eld_valid) { - if (!snd_hdmi_get_eld(eld, codec, pin_nid)) - snd_hdmi_show_eld(eld); -@@ -1245,6 +1250,9 @@ static int generic_hdmi_build_jack(struct hda_codec *codec, int pin_idx) - - if (pcmdev > 0) - sprintf(hdmi_str + strlen(hdmi_str), ",pcm=%d", pcmdev); -+ if (!is_jack_detectable(codec, per_pin->pin_nid)) -+ strncat(hdmi_str, " Phantom", -+ sizeof(hdmi_str) - strlen(hdmi_str) - 1); - - return snd_hda_jack_add_kctl(codec, per_pin->pin_nid, hdmi_str, 0); - } -diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c -index e1b7061..51bbe0d 100644 ---- a/sound/pci/hda/patch_realtek.c -+++ b/sound/pci/hda/patch_realtek.c -@@ -4719,6 +4719,7 @@ static const struct snd_pci_quirk alc880_fixup_tbl[] = { - SND_PCI_QUIRK(0x1584, 0x9077, "Uniwill P53", ALC880_FIXUP_VOL_KNOB), - SND_PCI_QUIRK(0x161f, 0x203d, "W810", ALC880_FIXUP_W810), - SND_PCI_QUIRK(0x161f, 0x205d, "Medion Rim 2150", ALC880_FIXUP_MEDION_RIM), -+ SND_PCI_QUIRK(0x1631, 0xe011, "PB 13201056", ALC880_FIXUP_6ST), - SND_PCI_QUIRK(0x1734, 0x107c, "FSC F1734", ALC880_FIXUP_F1734), - SND_PCI_QUIRK(0x1734, 0x1094, "FSC Amilo M1451G", ALC880_FIXUP_FUJITSU), - SND_PCI_QUIRK(0x1734, 0x10ac, "FSC AMILO Xi 1526", ALC880_FIXUP_F1734), -@@ -5415,6 +5416,7 @@ static const struct snd_pci_quirk alc882_fixup_tbl[] = { - SND_PCI_QUIRK(0x1043, 0x835f, "Asus Eee 1601", ALC888_FIXUP_EEE1601), - SND_PCI_QUIRK(0x104d, 0x9047, "Sony Vaio TT", ALC889_FIXUP_VAIO_TT), - SND_PCI_QUIRK(0x104d, 0x905a, "Sony Vaio Z", ALC882_FIXUP_NO_PRIMARY_HP), -+ SND_PCI_QUIRK(0x104d, 0x9043, "Sony Vaio VGC-LN51JGB", ALC882_FIXUP_NO_PRIMARY_HP), - - /* All Apple entries are in codec SSIDs */ - SND_PCI_QUIRK(0x106b, 0x00a0, "MacBookPro 3,1", ALC889_FIXUP_MBP_VREF), -@@ -6562,8 +6564,8 @@ static void alc861vd_fixup_dallas(struct hda_codec *codec, - const struct alc_fixup *fix, int action) - { - if (action == ALC_FIXUP_ACT_PRE_PROBE) { -- snd_hda_override_pin_caps(codec, 0x18, 0x00001714); -- snd_hda_override_pin_caps(codec, 0x19, 0x0000171c); -+ snd_hda_override_pin_caps(codec, 0x18, 0x00000734); -+ snd_hda_override_pin_caps(codec, 0x19, 0x0000073c); - } - } - -diff --git a/sound/pci/hda/patch_sigmatel.c b/sound/pci/hda/patch_sigmatel.c -index 3d4722f..f206117 100644 ---- a/sound/pci/hda/patch_sigmatel.c -+++ b/sound/pci/hda/patch_sigmatel.c -@@ -1698,7 +1698,7 @@ static const struct snd_pci_quirk stac92hd83xxx_cfg_tbl[] = { - SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x1658, - "HP", STAC_92HD83XXX_HP_cNB11_INTQUAD), - SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x1659, -- "HP", STAC_92HD83XXX_HP_cNB11_INTQUAD), -+ "HP Pavilion dv7", STAC_HP_DV7_4000), - SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x165A, - "HP", STAC_92HD83XXX_HP_cNB11_INTQUAD), - SND_PCI_QUIRK(PCI_VENDOR_ID_HP, 0x165B, -diff --git a/sound/pci/rme32.c b/sound/pci/rme32.c -index 46b3629..f1dec07 100644 ---- a/sound/pci/rme32.c -+++ b/sound/pci/rme32.c -@@ -1017,7 +1017,7 @@ static int snd_rme32_capture_close(struct snd_pcm_substream *substream) - spin_lock_irq(&rme32->lock); - rme32->capture_substream = NULL; - rme32->capture_periodsize = 0; -- spin_unlock(&rme32->lock); -+ spin_unlock_irq(&rme32->lock); - return 0; - } - -diff --git a/sound/soc/codecs/sigmadsp.c b/sound/soc/codecs/sigmadsp.c -index 5be42bf..4068f24 100644 ---- a/sound/soc/codecs/sigmadsp.c -+++ b/sound/soc/codecs/sigmadsp.c -@@ -225,7 +225,7 @@ EXPORT_SYMBOL(process_sigma_firmware); - static int sigma_action_write_regmap(void *control_data, - const struct sigma_action *sa, size_t len) - { -- return regmap_raw_write(control_data, le16_to_cpu(sa->addr), -+ return regmap_raw_write(control_data, be16_to_cpu(sa->addr), - sa->payload, len - 2); - } - -diff --git a/sound/soc/codecs/wm2000.c b/sound/soc/codecs/wm2000.c -index a3acb7a..6275a2b 100644 ---- a/sound/soc/codecs/wm2000.c -+++ b/sound/soc/codecs/wm2000.c -@@ -188,9 +188,9 @@ static int wm2000_power_up(struct i2c_client *i2c, int analogue) - - ret = wm2000_read(i2c, WM2000_REG_SPEECH_CLARITY); - if (wm2000->speech_clarity) -- ret &= ~WM2000_SPEECH_CLARITY; -- else - ret |= WM2000_SPEECH_CLARITY; -+ else -+ ret &= ~WM2000_SPEECH_CLARITY; - wm2000_write(i2c, WM2000_REG_SPEECH_CLARITY, ret); - - wm2000_write(i2c, WM2000_REG_SYS_START0, 0x33); -diff --git a/sound/soc/codecs/wm2200.c b/sound/soc/codecs/wm2200.c -index c8bff6d..9932aac 100644 ---- a/sound/soc/codecs/wm2200.c -+++ b/sound/soc/codecs/wm2200.c -@@ -897,8 +897,6 @@ static const char *wm2200_mixer_texts[] = { - "EQR", - "LHPF1", - "LHPF2", -- "LHPF3", -- "LHPF4", - "DSP1.1", - "DSP1.2", - "DSP1.3", -@@ -931,7 +929,6 @@ static int wm2200_mixer_values[] = { - 0x25, - 0x50, /* EQ */ - 0x51, -- 0x52, - 0x60, /* LHPF1 */ - 0x61, /* LHPF2 */ - 0x68, /* DSP1 */ -@@ -993,9 +990,9 @@ SOC_DOUBLE_R_TLV("IN3 Volume", WM2200_IN3L_CONTROL, WM2200_IN3R_CONTROL, - - SOC_DOUBLE_R("IN1 Digital Switch", WM2200_ADC_DIGITAL_VOLUME_1L, - WM2200_ADC_DIGITAL_VOLUME_1R, WM2200_IN1L_MUTE_SHIFT, 1, 1), --SOC_DOUBLE_R("IN2 Digital Switch", WM2200_ADC_DIGITAL_VOLUME_1L, -+SOC_DOUBLE_R("IN2 Digital Switch", WM2200_ADC_DIGITAL_VOLUME_2L, - WM2200_ADC_DIGITAL_VOLUME_2R, WM2200_IN2L_MUTE_SHIFT, 1, 1), --SOC_DOUBLE_R("IN3 Digital Switch", WM2200_ADC_DIGITAL_VOLUME_1L, -+SOC_DOUBLE_R("IN3 Digital Switch", WM2200_ADC_DIGITAL_VOLUME_3L, - WM2200_ADC_DIGITAL_VOLUME_3R, WM2200_IN3L_MUTE_SHIFT, 1, 1), - - SOC_DOUBLE_R_TLV("IN1 Digital Volume", WM2200_ADC_DIGITAL_VOLUME_1L, -@@ -1380,15 +1377,9 @@ static int wm2200_set_fmt(struct snd_soc_dai *dai, unsigned int fmt) - case SND_SOC_DAIFMT_DSP_A: - fmt_val = 0; - break; -- case SND_SOC_DAIFMT_DSP_B: -- fmt_val = 1; -- break; - case SND_SOC_DAIFMT_I2S: - fmt_val = 2; - break; -- case SND_SOC_DAIFMT_LEFT_J: -- fmt_val = 3; -- break; - default: - dev_err(codec->dev, "Unsupported DAI format %d\n", - fmt & SND_SOC_DAIFMT_FORMAT_MASK); -@@ -1440,7 +1431,7 @@ static int wm2200_set_fmt(struct snd_soc_dai *dai, unsigned int fmt) - WM2200_AIF1TX_LRCLK_MSTR | WM2200_AIF1TX_LRCLK_INV, - lrclk); - snd_soc_update_bits(codec, WM2200_AUDIO_IF_1_5, -- WM2200_AIF1_FMT_MASK << 1, fmt_val << 1); -+ WM2200_AIF1_FMT_MASK, fmt_val); - - return 0; - } -diff --git a/sound/soc/codecs/wm5100.c b/sound/soc/codecs/wm5100.c -index f481729..10d48cd 100644 ---- a/sound/soc/codecs/wm5100.c -+++ b/sound/soc/codecs/wm5100.c -@@ -1279,15 +1279,9 @@ static int wm5100_set_fmt(struct snd_soc_dai *dai, unsigned int fmt) - case SND_SOC_DAIFMT_DSP_A: - mask = 0; - break; -- case SND_SOC_DAIFMT_DSP_B: -- mask = 1; -- break; - case SND_SOC_DAIFMT_I2S: - mask = 2; - break; -- case SND_SOC_DAIFMT_LEFT_J: -- mask = 3; -- break; - default: - dev_err(codec->dev, "Unsupported DAI format %d\n", - fmt & SND_SOC_DAIFMT_FORMAT_MASK); -diff --git a/sound/usb/midi.c b/sound/usb/midi.c -index eeefbce..34b9bb7 100644 ---- a/sound/usb/midi.c -+++ b/sound/usb/midi.c -@@ -116,6 +116,7 @@ struct snd_usb_midi { - struct list_head list; - struct timer_list error_timer; - spinlock_t disc_lock; -+ struct rw_semaphore disc_rwsem; - struct mutex mutex; - u32 usb_id; - int next_midi_device; -@@ -125,8 +126,10 @@ struct snd_usb_midi { - struct snd_usb_midi_in_endpoint *in; - } endpoints[MIDI_MAX_ENDPOINTS]; - unsigned long input_triggered; -- unsigned int opened; -+ bool autopm_reference; -+ unsigned int opened[2]; - unsigned char disconnected; -+ unsigned char input_running; - - struct snd_kcontrol *roland_load_ctl; - }; -@@ -148,7 +151,6 @@ struct snd_usb_midi_out_endpoint { - struct snd_usb_midi_out_endpoint* ep; - struct snd_rawmidi_substream *substream; - int active; -- bool autopm_reference; - uint8_t cable; /* cable number << 4 */ - uint8_t state; - #define STATE_UNKNOWN 0 -@@ -1033,29 +1035,58 @@ static void update_roland_altsetting(struct snd_usb_midi* umidi) - snd_usbmidi_input_start(&umidi->list); - } - --static void substream_open(struct snd_rawmidi_substream *substream, int open) -+static int substream_open(struct snd_rawmidi_substream *substream, int dir, -+ int open) - { - struct snd_usb_midi* umidi = substream->rmidi->private_data; - struct snd_kcontrol *ctl; -+ int err; -+ -+ down_read(&umidi->disc_rwsem); -+ if (umidi->disconnected) { -+ up_read(&umidi->disc_rwsem); -+ return open ? -ENODEV : 0; -+ } - - mutex_lock(&umidi->mutex); - if (open) { -- if (umidi->opened++ == 0 && umidi->roland_load_ctl) { -- ctl = umidi->roland_load_ctl; -- ctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE; -- snd_ctl_notify(umidi->card, -+ if (!umidi->opened[0] && !umidi->opened[1]) { -+ err = usb_autopm_get_interface(umidi->iface); -+ umidi->autopm_reference = err >= 0; -+ if (err < 0 && err != -EACCES) { -+ mutex_unlock(&umidi->mutex); -+ up_read(&umidi->disc_rwsem); -+ return -EIO; -+ } -+ if (umidi->roland_load_ctl) { -+ ctl = umidi->roland_load_ctl; -+ ctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE; -+ snd_ctl_notify(umidi->card, - SNDRV_CTL_EVENT_MASK_INFO, &ctl->id); -- update_roland_altsetting(umidi); -+ update_roland_altsetting(umidi); -+ } - } -+ umidi->opened[dir]++; -+ if (umidi->opened[1]) -+ snd_usbmidi_input_start(&umidi->list); - } else { -- if (--umidi->opened == 0 && umidi->roland_load_ctl) { -- ctl = umidi->roland_load_ctl; -- ctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE; -- snd_ctl_notify(umidi->card, -+ umidi->opened[dir]--; -+ if (!umidi->opened[1]) -+ snd_usbmidi_input_stop(&umidi->list); -+ if (!umidi->opened[0] && !umidi->opened[1]) { -+ if (umidi->roland_load_ctl) { -+ ctl = umidi->roland_load_ctl; -+ ctl->vd[0].access &= ~SNDRV_CTL_ELEM_ACCESS_INACTIVE; -+ snd_ctl_notify(umidi->card, - SNDRV_CTL_EVENT_MASK_INFO, &ctl->id); -+ } -+ if (umidi->autopm_reference) -+ usb_autopm_put_interface(umidi->iface); - } - } - mutex_unlock(&umidi->mutex); -+ up_read(&umidi->disc_rwsem); -+ return 0; - } - - static int snd_usbmidi_output_open(struct snd_rawmidi_substream *substream) -@@ -1063,7 +1094,6 @@ static int snd_usbmidi_output_open(struct snd_rawmidi_substream *substream) - struct snd_usb_midi* umidi = substream->rmidi->private_data; - struct usbmidi_out_port* port = NULL; - int i, j; -- int err; - - for (i = 0; i < MIDI_MAX_ENDPOINTS; ++i) - if (umidi->endpoints[i].out) -@@ -1076,25 +1106,15 @@ static int snd_usbmidi_output_open(struct snd_rawmidi_substream *substream) - snd_BUG(); - return -ENXIO; - } -- err = usb_autopm_get_interface(umidi->iface); -- port->autopm_reference = err >= 0; -- if (err < 0 && err != -EACCES) -- return -EIO; -+ - substream->runtime->private_data = port; - port->state = STATE_UNKNOWN; -- substream_open(substream, 1); -- return 0; -+ return substream_open(substream, 0, 1); - } - - static int snd_usbmidi_output_close(struct snd_rawmidi_substream *substream) - { -- struct snd_usb_midi* umidi = substream->rmidi->private_data; -- struct usbmidi_out_port *port = substream->runtime->private_data; -- -- substream_open(substream, 0); -- if (port->autopm_reference) -- usb_autopm_put_interface(umidi->iface); -- return 0; -+ return substream_open(substream, 0, 0); - } - - static void snd_usbmidi_output_trigger(struct snd_rawmidi_substream *substream, int up) -@@ -1147,14 +1167,12 @@ static void snd_usbmidi_output_drain(struct snd_rawmidi_substream *substream) - - static int snd_usbmidi_input_open(struct snd_rawmidi_substream *substream) - { -- substream_open(substream, 1); -- return 0; -+ return substream_open(substream, 1, 1); - } - - static int snd_usbmidi_input_close(struct snd_rawmidi_substream *substream) - { -- substream_open(substream, 0); -- return 0; -+ return substream_open(substream, 1, 0); - } - - static void snd_usbmidi_input_trigger(struct snd_rawmidi_substream *substream, int up) -@@ -1403,9 +1421,12 @@ void snd_usbmidi_disconnect(struct list_head* p) - * a timer may submit an URB. To reliably break the cycle - * a flag under lock must be used - */ -+ down_write(&umidi->disc_rwsem); - spin_lock_irq(&umidi->disc_lock); - umidi->disconnected = 1; - spin_unlock_irq(&umidi->disc_lock); -+ up_write(&umidi->disc_rwsem); -+ - for (i = 0; i < MIDI_MAX_ENDPOINTS; ++i) { - struct snd_usb_midi_endpoint* ep = &umidi->endpoints[i]; - if (ep->out) -@@ -2060,12 +2081,15 @@ void snd_usbmidi_input_stop(struct list_head* p) - unsigned int i, j; - - umidi = list_entry(p, struct snd_usb_midi, list); -+ if (!umidi->input_running) -+ return; - for (i = 0; i < MIDI_MAX_ENDPOINTS; ++i) { - struct snd_usb_midi_endpoint* ep = &umidi->endpoints[i]; - if (ep->in) - for (j = 0; j < INPUT_URBS; ++j) - usb_kill_urb(ep->in->urbs[j]); - } -+ umidi->input_running = 0; - } - - static void snd_usbmidi_input_start_ep(struct snd_usb_midi_in_endpoint* ep) -@@ -2090,8 +2114,11 @@ void snd_usbmidi_input_start(struct list_head* p) - int i; - - umidi = list_entry(p, struct snd_usb_midi, list); -+ if (umidi->input_running || !umidi->opened[1]) -+ return; - for (i = 0; i < MIDI_MAX_ENDPOINTS; ++i) - snd_usbmidi_input_start_ep(umidi->endpoints[i].in); -+ umidi->input_running = 1; - } - - /* -@@ -2117,6 +2144,7 @@ int snd_usbmidi_create(struct snd_card *card, - umidi->usb_protocol_ops = &snd_usbmidi_standard_ops; - init_timer(&umidi->error_timer); - spin_lock_init(&umidi->disc_lock); -+ init_rwsem(&umidi->disc_rwsem); - mutex_init(&umidi->mutex); - umidi->usb_id = USB_ID(le16_to_cpu(umidi->dev->descriptor.idVendor), - le16_to_cpu(umidi->dev->descriptor.idProduct)); -@@ -2229,9 +2257,6 @@ int snd_usbmidi_create(struct snd_card *card, - } - - list_add_tail(&umidi->list, midi_list); -- -- for (i = 0; i < MIDI_MAX_ENDPOINTS; ++i) -- snd_usbmidi_input_start_ep(umidi->endpoints[i].in); - return 0; - } - -diff --git a/sound/usb/mixer.c b/sound/usb/mixer.c -index 298070e..41e8bfb 100644 ---- a/sound/usb/mixer.c -+++ b/sound/usb/mixer.c -@@ -1259,16 +1259,23 @@ static int parse_audio_feature_unit(struct mixer_build *state, int unitid, void - } - channels = (hdr->bLength - 7) / csize - 1; - bmaControls = hdr->bmaControls; -+ if (hdr->bLength < 7 + csize) { -+ snd_printk(KERN_ERR "usbaudio: unit %u: " -+ "invalid UAC_FEATURE_UNIT descriptor\n", -+ unitid); -+ return -EINVAL; -+ } - } else { - struct uac2_feature_unit_descriptor *ftr = _ftr; - csize = 4; - channels = (hdr->bLength - 6) / 4 - 1; - bmaControls = ftr->bmaControls; -- } -- -- if (hdr->bLength < 7 || !csize || hdr->bLength < 7 + csize) { -- snd_printk(KERN_ERR "usbaudio: unit %u: invalid UAC_FEATURE_UNIT descriptor\n", unitid); -- return -EINVAL; -+ if (hdr->bLength < 6 + csize) { -+ snd_printk(KERN_ERR "usbaudio: unit %u: " -+ "invalid UAC_FEATURE_UNIT descriptor\n", -+ unitid); -+ return -EINVAL; -+ } - } - - /* parse the source unit */ -diff --git a/sound/usb/quirks-table.h b/sound/usb/quirks-table.h -index d73ac9b..128eb0c 100644 ---- a/sound/usb/quirks-table.h -+++ b/sound/usb/quirks-table.h -@@ -1658,7 +1658,7 @@ YAMAHA_DEVICE(0x7010, "UB99"), - .driver_info = (unsigned long) & (const struct snd_usb_audio_quirk) { - /* .vendor_name = "Roland", */ - /* .product_name = "A-PRO", */ -- .ifnum = 1, -+ .ifnum = 0, - .type = QUIRK_MIDI_FIXED_ENDPOINT, - .data = & (const struct snd_usb_midi_endpoint_info) { - .out_cables = 0x0003, -diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c -index 0f58b4b..b8d1ad1 100644 ---- a/sound/usb/quirks.c -+++ b/sound/usb/quirks.c -@@ -387,11 +387,13 @@ static int snd_usb_fasttrackpro_boot_quirk(struct usb_device *dev) - * rules - */ - err = usb_driver_set_configuration(dev, 2); -- if (err < 0) { -+ if (err < 0) - snd_printdd("error usb_driver_set_configuration: %d\n", - err); -- return -ENODEV; -- } -+ /* Always return an error, so that we stop creating a device -+ that will just be destroyed and recreated with a new -+ configuration */ -+ return -ENODEV; - } else - snd_printk(KERN_INFO "usb-audio: Fast Track Pro config OK\n"); - -diff --git a/tools/perf/Makefile b/tools/perf/Makefile -index 3657ab0..243ae64 100644 ---- a/tools/perf/Makefile -+++ b/tools/perf/Makefile -@@ -225,13 +225,13 @@ $(OUTPUT)util/parse-events-flex.c: util/parse-events.l - $(QUIET_FLEX)$(FLEX) --header-file=$(OUTPUT)util/parse-events-flex.h $(PARSER_DEBUG_FLEX) -t util/parse-events.l > $(OUTPUT)util/parse-events-flex.c - - $(OUTPUT)util/parse-events-bison.c: util/parse-events.y -- $(QUIET_BISON)$(BISON) -v util/parse-events.y -d $(PARSER_DEBUG_BISON) -o $(OUTPUT)util/parse-events-bison.c -+ $(QUIET_BISON)$(BISON) -v util/parse-events.y -d $(PARSER_DEBUG_BISON) -o $(OUTPUT)util/parse-events-bison.c -p parse_events_ - - $(OUTPUT)util/pmu-flex.c: util/pmu.l - $(QUIET_FLEX)$(FLEX) --header-file=$(OUTPUT)util/pmu-flex.h -t util/pmu.l > $(OUTPUT)util/pmu-flex.c - - $(OUTPUT)util/pmu-bison.c: util/pmu.y -- $(QUIET_BISON)$(BISON) -v util/pmu.y -d -o $(OUTPUT)util/pmu-bison.c -+ $(QUIET_BISON)$(BISON) -v util/pmu.y -d -o $(OUTPUT)util/pmu-bison.c -p perf_pmu_ - - $(OUTPUT)util/parse-events.o: $(OUTPUT)util/parse-events-flex.c $(OUTPUT)util/parse-events-bison.c - $(OUTPUT)util/pmu.o: $(OUTPUT)util/pmu-flex.c $(OUTPUT)util/pmu-bison.c -diff --git a/tools/perf/util/parse-events.y b/tools/perf/util/parse-events.y -index 2bc5fbf..68a5f42 100644 ---- a/tools/perf/util/parse-events.y -+++ b/tools/perf/util/parse-events.y -@@ -1,5 +1,4 @@ - %pure-parser --%name-prefix "parse_events_" - %parse-param {void *_data} - %parse-param {void *scanner} - %lex-param {void* scanner} -diff --git a/tools/perf/util/pmu.y b/tools/perf/util/pmu.y -index 20ea77e..522943f 100644 ---- a/tools/perf/util/pmu.y -+++ b/tools/perf/util/pmu.y -@@ -1,5 +1,4 @@ - --%name-prefix "perf_pmu_" - %parse-param {struct list_head *format} - %parse-param {char *name} - -diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index d617f69..cd197be 100644 ---- a/virt/kvm/kvm_main.c -+++ b/virt/kvm/kvm_main.c -@@ -701,8 +701,7 @@ int __kvm_set_memory_region(struct kvm *kvm, - int r; - gfn_t base_gfn; - unsigned long npages; -- unsigned long i; -- struct kvm_memory_slot *memslot; -+ struct kvm_memory_slot *memslot, *slot; - struct kvm_memory_slot old, new; - struct kvm_memslots *slots, *old_memslots; - -@@ -749,13 +748,11 @@ int __kvm_set_memory_region(struct kvm *kvm, - - /* Check for overlaps */ - r = -EEXIST; -- for (i = 0; i < KVM_MEMORY_SLOTS; ++i) { -- struct kvm_memory_slot *s = &kvm->memslots->memslots[i]; -- -- if (s == memslot || !s->npages) -+ kvm_for_each_memslot(slot, kvm->memslots) { -+ if (slot->id >= KVM_MEMORY_SLOTS || slot == memslot) - continue; -- if (!((base_gfn + npages <= s->base_gfn) || -- (base_gfn >= s->base_gfn + s->npages))) -+ if (!((base_gfn + npages <= slot->base_gfn) || -+ (base_gfn >= slot->base_gfn + slot->npages))) - goto out_free; - } - diff --git a/main/linux-grsec/r8169-fix-vlan-tag-reordering.patch b/main/linux-grsec/r8169-fix-vlan-tag-reordering.patch deleted file mode 100644 index 474e567471..0000000000 --- a/main/linux-grsec/r8169-fix-vlan-tag-reordering.patch +++ /dev/null @@ -1,73 +0,0 @@ -From ce11ff5e5963e441feb591e76278528f876c332d Mon Sep 17 00:00:00 2001 -From: =?utf8?q?fran=C3=A7ois=20romieu?= <romieu@fr.zoreil.com> -Date: Thu, 24 Jan 2013 13:30:06 +0000 -Subject: [PATCH] r8169: fix vlan tag read ordering. - -Control of receive descriptor must not be returned to ethernet chipset -before vlan tag processing is done. - -VLAN tag receive word is now reset both in normal and error path. - -Signed-off-by: Francois Romieu <romieu@fr.zoreil.com> -Spotted-by: Timo Teras <timo.teras@iki.fi> -Cc: Hayes Wang <hayeswang@realtek.com> -Signed-off-by: David S. Miller <davem@davemloft.net> ---- - drivers/net/ethernet/realtek/r8169.c | 14 ++++++-------- - 1 files changed, 6 insertions(+), 8 deletions(-) - -diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index c28bc31..1170232 100644 ---- a/drivers/net/ethernet/realtek/r8169.c -+++ b/drivers/net/ethernet/realtek/r8169.c -@@ -1826,8 +1826,6 @@ static void rtl8169_rx_vlan_tag(struct RxDesc *desc, struct sk_buff *skb) - - if (opts2 & RxVlanTag) - __vlan_hwaccel_put_tag(skb, swab16(opts2 & 0xffff)); -- -- desc->opts2 = 0; - } - - static int rtl8169_gset_tbi(struct net_device *dev, struct ethtool_cmd *cmd) -@@ -6064,8 +6062,6 @@ static int rtl_rx(struct net_device *dev, struct rtl8169_private *tp, u32 budget - !(status & (RxRWT | RxFOVF)) && - (dev->features & NETIF_F_RXALL)) - goto process_pkt; -- -- rtl8169_mark_to_asic(desc, rx_buf_sz); - } else { - struct sk_buff *skb; - dma_addr_t addr; -@@ -6086,16 +6082,14 @@ process_pkt: - if (unlikely(rtl8169_fragmented_frame(status))) { - dev->stats.rx_dropped++; - dev->stats.rx_length_errors++; -- rtl8169_mark_to_asic(desc, rx_buf_sz); -- continue; -+ goto release_descriptor; - } - - skb = rtl8169_try_rx_copy(tp->Rx_databuff[entry], - tp, pkt_size, addr); -- rtl8169_mark_to_asic(desc, rx_buf_sz); - if (!skb) { - dev->stats.rx_dropped++; -- continue; -+ goto release_descriptor; - } - - rtl8169_rx_csum(skb, status); -@@ -6111,6 +6105,10 @@ process_pkt: - tp->rx_stats.bytes += pkt_size; - u64_stats_update_end(&tp->rx_stats.syncp); - } -+release_descriptor: -+ desc->opts2 = 0; -+ wmb(); -+ rtl8169_mark_to_asic(desc, rx_buf_sz); - } - - count = cur_rx - tp->cur_rx; --- -1.7.6.5 - diff --git a/main/linux-grsec/r8169-num-rx-desc.patch b/main/linux-grsec/r8169-num-rx-desc.patch deleted file mode 100644 index c50d963ff9..0000000000 --- a/main/linux-grsec/r8169-num-rx-desc.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index 9cc0215..19e5b4d 100644 ---- a/drivers/net/ethernet/realtek/r8169.c -+++ b/drivers/net/ethernet/realtek/r8169.c -@@ -80,7 +80,7 @@ static const int multicast_filter_limit = 32; - #define R8169_REGS_SIZE 256 - #define R8169_NAPI_WEIGHT 64 - #define NUM_TX_DESC 64 /* Number of Tx descriptor registers */ --#define NUM_RX_DESC 256 /* Number of Rx descriptor registers */ -+#define NUM_RX_DESC 512 /* Number of Rx descriptor registers */ - #define RX_BUF_SIZE 1536 /* Rx Buffer size */ - #define R8169_TX_RING_BYTES (NUM_TX_DESC * sizeof(struct TxDesc)) - #define R8169_RX_RING_BYTES (NUM_RX_DESC * sizeof(struct RxDesc)) diff --git a/main/linux-grsec/usb-ehci-revert-remove-ass-pss-polling-timeout.patch b/main/linux-grsec/usb-ehci-revert-remove-ass-pss-polling-timeout.patch new file mode 100644 index 0000000000..12adf16c4c --- /dev/null +++ b/main/linux-grsec/usb-ehci-revert-remove-ass-pss-polling-timeout.patch @@ -0,0 +1,84 @@ +From 221f8dfca89276d8aec54c6d07fbe20c281668f0 Mon Sep 17 00:00:00 2001 +From: Alan Stern <stern@rowland.harvard.edu> +Date: Tue, 26 Feb 2013 13:43:41 -0500 +Subject: USB: EHCI: revert "remove ASS/PSS polling timeout" + +From: Alan Stern <stern@rowland.harvard.edu> + +commit 221f8dfca89276d8aec54c6d07fbe20c281668f0 upstream. + +This patch (as1649) reverts commit +55bcdce8a8228223ec4d17d8ded8134ed265d2c5 (USB: EHCI: remove ASS/PSS +polling timeout). That commit was written under the assumption that +some controllers may take a very long time to turn off their async and +periodic schedules. It now appears that in fact the schedules do get +turned off reasonably quickly, but some controllers occasionally leave +the schedules' status bits turned on and consequently ehci-hcd can't +tell that the schedules are off. + +VIA controllers in particular have this problem. ehci-hcd tells the +hardware to turn off the async schedule, the schedule does get turned +off, but the status bit remains on. Since the EHCI spec requires that +the schedules not be re-enabled until the previous disable has taken +effect, with an unlimited timeout the async schedule never gets turned +back on. The resulting symptom is that the system is unable to +communicate with USB devices. + +Signed-off-by: Alan Stern <stern@rowland.harvard.edu> +Reported-and-tested-by: Ronald <ronald645@gmail.com> +Reported-and-tested-by: Paul Hartman <paul.hartman@gmail.com> +Reported-and-tested-by: Dieter Nützel <dieter@nuetzel-hh.de> +Reported-and-tested-by: Jean Delvare <khali@linux-fr.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> + +--- + drivers/usb/host/ehci-timer.c | 29 ++++++++++++++--------------- + 1 file changed, 14 insertions(+), 15 deletions(-) + +--- a/drivers/usb/host/ehci-timer.c ++++ b/drivers/usb/host/ehci-timer.c +@@ -113,15 +113,14 @@ static void ehci_poll_ASS(struct ehci_hc + + if (want != actual) { + +- /* Poll again later */ +- ehci_enable_event(ehci, EHCI_HRTIMER_POLL_ASS, true); +- ++ehci->ASS_poll_count; +- return; ++ /* Poll again later, but give up after about 20 ms */ ++ if (ehci->ASS_poll_count++ < 20) { ++ ehci_enable_event(ehci, EHCI_HRTIMER_POLL_ASS, true); ++ return; ++ } ++ ehci_dbg(ehci, "Waited too long for the async schedule status (%x/%x), giving up\n", ++ want, actual); + } +- +- if (ehci->ASS_poll_count > 20) +- ehci_dbg(ehci, "ASS poll count reached %d\n", +- ehci->ASS_poll_count); + ehci->ASS_poll_count = 0; + + /* The status is up-to-date; restart or stop the schedule as needed */ +@@ -160,14 +159,14 @@ static void ehci_poll_PSS(struct ehci_hc + + if (want != actual) { + +- /* Poll again later */ +- ehci_enable_event(ehci, EHCI_HRTIMER_POLL_PSS, true); +- return; ++ /* Poll again later, but give up after about 20 ms */ ++ if (ehci->PSS_poll_count++ < 20) { ++ ehci_enable_event(ehci, EHCI_HRTIMER_POLL_PSS, true); ++ return; ++ } ++ ehci_dbg(ehci, "Waited too long for the periodic schedule status (%x/%x), giving up\n", ++ want, actual); + } +- +- if (ehci->PSS_poll_count > 20) +- ehci_dbg(ehci, "PSS poll count reached %d\n", +- ehci->PSS_poll_count); + ehci->PSS_poll_count = 0; + + /* The status is up-to-date; restart or stop the schedule as needed */ diff --git a/main/linux-grsec/xsa43-pvops.patch b/main/linux-grsec/xsa43-pvops.patch deleted file mode 100644 index f1440315dd..0000000000 --- a/main/linux-grsec/xsa43-pvops.patch +++ /dev/null @@ -1,54 +0,0 @@ -xen-pciback: rate limit error messages from xen_pcibk_enable_msi{,x}() - -... as being guest triggerable (e.g. by invoking -XEN_PCI_OP_enable_msi{,x} on a device not being MSI/MSI-X capable). - -This is CVE-2013-0231 / XSA-43. - -Also make the two messages uniform in both their wording and severity. - -Signed-off-by: Jan Beulich <jbeulich@suse.com> -Acked-by: Ian Campbell <ian.campbell@citrix.com> -Reviewed-by: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> - ---- - drivers/xen/xen-pciback/pciback_ops.c | 14 +++++++------- - 1 file changed, 7 insertions(+), 7 deletions(-) - ---- 3.8-rc5/drivers/xen/xen-pciback/pciback_ops.c -+++ 3.8-rc5-xen-pciback-ratelimit/drivers/xen/xen-pciback/pciback_ops.c -@@ -135,7 +135,6 @@ int xen_pcibk_enable_msi(struct xen_pcib - struct pci_dev *dev, struct xen_pci_op *op) - { - struct xen_pcibk_dev_data *dev_data; -- int otherend = pdev->xdev->otherend_id; - int status; - - if (unlikely(verbose_request)) -@@ -144,8 +143,9 @@ int xen_pcibk_enable_msi(struct xen_pcib - status = pci_enable_msi(dev); - - if (status) { -- printk(KERN_ERR "error enable msi for guest %x status %x\n", -- otherend, status); -+ pr_warn_ratelimited(DRV_NAME ": %s: error enabling MSI for guest %u: err %d\n", -+ pci_name(dev), pdev->xdev->otherend_id, -+ status); - op->value = 0; - return XEN_PCI_ERR_op_failed; - } -@@ -223,10 +223,10 @@ int xen_pcibk_enable_msix(struct xen_pci - pci_name(dev), i, - op->msix_entries[i].vector); - } -- } else { -- printk(KERN_WARNING DRV_NAME ": %s: failed to enable MSI-X: err %d!\n", -- pci_name(dev), result); -- } -+ } else -+ pr_warn_ratelimited(DRV_NAME ": %s: error enabling MSI-X for guest %u: err %d!\n", -+ pci_name(dev), pdev->xdev->otherend_id, -+ result); - kfree(entries); - - op->value = result; |