summaryrefslogtreecommitdiffstats
path: root/main/linux-grsec
diff options
context:
space:
mode:
Diffstat (limited to 'main/linux-grsec')
-rw-r--r--main/linux-grsec/APKBUILD33
-rw-r--r--main/linux-grsec/CVE-2013-2851.patch60
-rw-r--r--main/linux-grsec/grsecurity-2.9.1-3.9.7-201306231443.patch (renamed from main/linux-grsec/grsecurity-2.9.1-3.9.6-201306171904.patch)1479
-rw-r--r--main/linux-grsec/kernelconfig.x864
-rw-r--r--main/linux-grsec/kernelconfig.x86_644
5 files changed, 1042 insertions, 538 deletions
diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD
index cd5bb1737..1b93d5b90 100644
--- a/main/linux-grsec/APKBUILD
+++ b/main/linux-grsec/APKBUILD
@@ -2,7 +2,7 @@
_flavor=grsec
pkgname=linux-${_flavor}
-pkgver=3.9.6
+pkgver=3.9.7
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
@@ -17,7 +17,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-2.9.1-3.9.6-201306171904.patch
+ grsecurity-2.9.1-3.9.7-201306231443.patch
0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
@@ -26,8 +26,6 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
- CVE-2013-2851.patch
-
kernelconfig.x86
kernelconfig.x86_64
"
@@ -151,38 +149,35 @@ dev() {
}
md5sums="4348c9b6b2eb3144d601e87c19d5d909 linux-3.9.tar.xz
-897cffc5167a561b38c6748e7f0a4215 patch-3.9.6.xz
-8c9e11d9121958fa866b330ed3dbe4bd grsecurity-2.9.1-3.9.6-201306171904.patch
+74005c469fbd309ab631d981e2d3a6e7 patch-3.9.7.xz
+a5db3ef848185c32ad4b0bbfe19106aa grsecurity-2.9.1-3.9.7-201306231443.patch
a16f11b12381efb3bec79b9bfb329836 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
656ae7b10dd2f18dbfa1011041d08d60 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
2a12a3717052e878c0cd42aa935bfcf4 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
6ce5fed63aad3f1a1ff1b9ba7b741822 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
-eca3b4897b2a2191576ba719609cc654 CVE-2013-2851.patch
-3e219a1f25136b204d00865939532fe9 kernelconfig.x86
-1d057c89927a68e5f44896887ad3e379 kernelconfig.x86_64"
+bfb5ddcfbc1c9f30253de200ec2a0eb0 kernelconfig.x86
+0b6534366d8abbd36c40744163c81e5a kernelconfig.x86_64"
sha256sums="60bc3e64ee5dc778de2cd7cd7640abf518a4c9d4f31b8ed624e16fad53f54541 linux-3.9.tar.xz
-13296dad939ef4e05adba87b9d0476aa8e2ccf92866f14835327dae8a1402fc3 patch-3.9.6.xz
-a14302153a717e8cf8346c44ed4ac620b87a38795afa72c3f61797eab221290d grsecurity-2.9.1-3.9.6-201306171904.patch
+23db9de5ffa2f8f36d61da85ee46656a3373f8868415c1f3c77c51c41fabfda8 patch-3.9.7.xz
+0aa3ec9d60640ee06ca6c6aed877ce2ee99c2b8a2ee8be50ad92c43ed6570617 grsecurity-2.9.1-3.9.7-201306231443.patch
6af3757ac36a6cd3cda7b0a71b08143726383b19261294a569ad7f4042c72df3 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
dc8e82108615657f1fb9d641efd42255a5761c06edde1b00a41ae0d314d548f0 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
0985caa0f3ee8ed0959aeaa4214f5f8057ae8e61d50dcae39194912d31e14892 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
260fd1807838b68305a96992bf7d3302a2a8ef3a3b08fe079ba9a07e6422f736 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
-461d159751095d3624d74867dc8b3e3865e3a67c4b3cd48188f5ae2f1f1f66cb CVE-2013-2851.patch
-cc3bd3d23f6a73ea6488c158de9d195ad5e3d87859ce02d92a04f0e08c9503d3 kernelconfig.x86
-b780ef646b3b30a5b0307102367e17d45bb3a0ab7e37cf92a1ce783c3149243a kernelconfig.x86_64"
+c017c0a47fa0dfdefe148aa73e8a19fabb1957dc699de0f94d8d4d9a45bf5abe kernelconfig.x86
+aafae208fc72eaad9d09fcd8220e0d70379d8c7c7f658c10aa96990dc0b36207 kernelconfig.x86_64"
sha512sums="77fa521f42380409f8ab400c26f7b00e225cb075ef40834bb263325cfdcc3e65aef8511ec2fc2b50bbf4f50e226fb5ab07d7a479aaf09162adbbf318325d0790 linux-3.9.tar.xz
-6c79bde85d86c7e7dca160d5bdd5826ae05ed41cb372d0a94e4f9840413351a8bc1fec50159d59dbac462345bd13c31c6c4d8c47187ee6d87b4d71c8560093da patch-3.9.6.xz
-fe8a4fffb18b6ef88951e97cd20e464674e10d2a6a76a0b17d4922b87b24c6653a81d798f0b93dfb7545da011a29d73dfafd73b258f528bbe81984ef24c137ac grsecurity-2.9.1-3.9.6-201306171904.patch
+dcf38bca1ee1b90bffd97c74c00720613dbab9183aa600401a821fe20ea665629bc43544053bd2ffe18ebfe1ee2d72d139f22d2f070374f5e231831ed6c89251 patch-3.9.7.xz
+73f819bd44c724bbdc2e01ed4154c9fd53d0a8d1099ffabf56e995d82a9dbcb03c742e1c048cae9b0052d43dbda4d1c2150f6c14a1b958c25eef8b5571047f80 grsecurity-2.9.1-3.9.7-201306231443.patch
81e78593288e8b0fd2c03ea9fc1450323887707f087e911f172450a122bc9b591ee83394836789730d951aeec13d0b75a64e1c05f04364abf8f80d883ddc4a02 0001-net-inform-NETDEV_CHANGE-callbacks-which-flags-were-.patch
51ecb15b669f6a82940a13a38939116e003bf5dfd24496771c8279e907b72adcc63d607f0340a2940d757e12ddadb7d45c7af78ae311d284935a6296dbcac00c 0002-arp-flush-arp-cache-on-IFF_NOARP-change.patch
57d0a8bd35d19cf657ded58efe24517d2252aec6984040713ba173a34edb5887ececaa2985076bc6a149eaa57639fd98a042c1c2d226ed4ad8dd5ed0e230717e 0003-ipv4-properly-refresh-rtable-entries-on-pmtu-redirec.patch
d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d711e3486628ed56ab996484e219d79ac4b0c0ec684ebd380aa 0004-ipv4-rate-limit-updating-of-next-hop-exceptions-with.patch
28a33e644bf2faf99c8dd6dbccfe14e140dfdd8824a8fb2d58aa7deb9e572f130d92b6b35ee181084050d82166bdf2e498a451a2a538a67b7ab84204405d2d87 0005-ipv4-use-separate-genid-for-next-hop-exceptions.patch
249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch
-5e5c9ac96b87efc811bd612774934a5fb8635a34d7fbe13ea80f5a8da19efa2a71f0bcab08a85224612f332d7485cea1d6cbd4d64644d90a3dd576f3458e5a99 CVE-2013-2851.patch
-00fd8694455935f96e46b6624388b8c04af27ce4295040362da78c34bf9f08382bc69c1b8b273145573a59e3b4eecfa251119560da19ab390f171a8a6da18298 kernelconfig.x86
-6276f503f9dd7ea228b1661f9a36edcf18d2c4cfb6d9c4e3e1496a4f70709cc693fc8498186d86dd3f303c909c50e478cb95e08a05f50bda77c9cf165aca1ba1 kernelconfig.x86_64"
+bcf675bafd3aac174195a2d38571b9b54f4b6e0635ab3363699ae8845794dc44bcfe952585fae881d81065d4a25333a3e033808c99c977aa4a797b81e5a36c3f kernelconfig.x86
+a8bf4cc1cdb4d1bde9fe4cd4040a596a52a24817fad15b29785ba10ab1d80fd4ae9589ac92f98c8b6b3b5e5510f01b9c9b96b11a2cf05c9684eb0bd62ee6676e kernelconfig.x86_64"
diff --git a/main/linux-grsec/CVE-2013-2851.patch b/main/linux-grsec/CVE-2013-2851.patch
deleted file mode 100644
index 3407731c7..000000000
--- a/main/linux-grsec/CVE-2013-2851.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-Subject: [PATCH 1/8] block: do not pass disk names as format strings
-
-Disk names may contain arbitrary strings, so they must not be interpreted
-as format strings. It seems that only md allows arbitrary strings to be
-used for disk names, but this could allow for a local memory corruption
-from uid 0 into ring 0.
-
-CVE-2013-2851
-
-Signed-off-by: Kees Cook <keescook@chromium.org>
-Cc: stable@vger.kernel.org
-Cc: Jens Axboe <axboe@kernel.dk>
----
- block/genhd.c | 2 +-
- drivers/block/nbd.c | 3 ++-
- drivers/scsi/osd/osd_uld.c | 2 +-
- 3 files changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/block/genhd.c b/block/genhd.c
-index 20625ee..cdeb527 100644
---- a/block/genhd.c
-+++ b/block/genhd.c
-@@ -512,7 +512,7 @@ static void register_disk(struct gendisk *disk)
-
- ddev->parent = disk->driverfs_dev;
-
-- dev_set_name(ddev, disk->disk_name);
-+ dev_set_name(ddev, "%s", disk->disk_name);
-
- /* delay uevents, until we scanned partition table */
- dev_set_uevent_suppress(ddev, 1);
-diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
-index 037288e..46b35f7 100644
---- a/drivers/block/nbd.c
-+++ b/drivers/block/nbd.c
-@@ -714,7 +714,8 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *nbd,
- else
- blk_queue_flush(nbd->disk->queue, 0);
-
-- thread = kthread_create(nbd_thread, nbd, nbd->disk->disk_name);
-+ thread = kthread_create(nbd_thread, nbd, "%s",
-+ nbd->disk->disk_name);
- if (IS_ERR(thread)) {
- mutex_lock(&nbd->tx_lock);
- return PTR_ERR(thread);
-diff --git a/drivers/scsi/osd/osd_uld.c b/drivers/scsi/osd/osd_uld.c
-index 0fab6b5..9d86947 100644
---- a/drivers/scsi/osd/osd_uld.c
-+++ b/drivers/scsi/osd/osd_uld.c
-@@ -485,7 +485,7 @@ static int osd_probe(struct device *dev)
- oud->class_dev.class = &osd_uld_class;
- oud->class_dev.parent = dev;
- oud->class_dev.release = __remove;
-- error = dev_set_name(&oud->class_dev, disk->disk_name);
-+ error = dev_set_name(&oud->class_dev, "%s", disk->disk_name);
- if (error) {
- OSD_ERR("dev_set_name failed => %d\n", error);
- goto err_put_cdev;
---
-1.7.9.5
diff --git a/main/linux-grsec/grsecurity-2.9.1-3.9.6-201306171904.patch b/main/linux-grsec/grsecurity-2.9.1-3.9.7-201306231443.patch
index 430bb2aca..5af323247 100644
--- a/main/linux-grsec/grsecurity-2.9.1-3.9.6-201306171904.patch
+++ b/main/linux-grsec/grsecurity-2.9.1-3.9.7-201306231443.patch
@@ -1,5 +1,5 @@
diff --git a/Documentation/dontdiff b/Documentation/dontdiff
-index b89a739..b47493f 100644
+index b89a739..79768fb 100644
--- a/Documentation/dontdiff
+++ b/Documentation/dontdiff
@@ -2,9 +2,11 @@
@@ -41,7 +41,7 @@ index b89a739..b47493f 100644
.*.d
.mm
53c700_d.h
-@@ -69,6 +75,7 @@ Image
+@@ -69,9 +75,11 @@ Image
Module.markers
Module.symvers
PENDING
@@ -49,7 +49,11 @@ index b89a739..b47493f 100644
SCCS
System.map*
TAGS
-@@ -80,6 +87,7 @@ aic7*seq.h*
++TRACEEVENT-CFLAGS
+ aconf
+ af_names.h
+ aic7*reg.h*
+@@ -80,6 +88,7 @@ aic7*seq.h*
aicasm
aicdb.h*
altivec*.c
@@ -57,7 +61,7 @@ index b89a739..b47493f 100644
asm-offsets.h
asm_offsets.h
autoconf.h*
-@@ -92,19 +100,24 @@ bounds.h
+@@ -92,19 +101,24 @@ bounds.h
bsetup
btfixupprep
build
@@ -82,7 +86,7 @@ index b89a739..b47493f 100644
conmakehash
consolemap_deftbl.c*
cpustr.h
-@@ -115,9 +128,11 @@ devlist.h*
+@@ -115,9 +129,11 @@ devlist.h*
dnotify_test
docproc
dslm
@@ -94,7 +98,7 @@ index b89a739..b47493f 100644
fixdep
flask.h
fore200e_mkfirm
-@@ -125,12 +140,15 @@ fore200e_pca_fw.c*
+@@ -125,12 +141,15 @@ fore200e_pca_fw.c*
gconf
gconf.glade.h
gen-devlist
@@ -110,7 +114,7 @@ index b89a739..b47493f 100644
hpet_example
hugepage-mmap
hugepage-shm
-@@ -145,14 +163,14 @@ int32.c
+@@ -145,14 +164,14 @@ int32.c
int4.c
int8.c
kallsyms
@@ -127,7 +131,7 @@ index b89a739..b47493f 100644
logo_*.c
logo_*_clut224.c
logo_*_mono.c
-@@ -162,14 +180,15 @@ mach-types.h
+@@ -162,14 +181,15 @@ mach-types.h
machtypes.h
map
map_hugetlb
@@ -144,7 +148,7 @@ index b89a739..b47493f 100644
mkprep
mkregtable
mktables
-@@ -185,6 +204,8 @@ oui.c*
+@@ -185,6 +205,8 @@ oui.c*
page-types
parse.c
parse.h
@@ -153,7 +157,7 @@ index b89a739..b47493f 100644
patches*
pca200e.bin
pca200e_ecd.bin2
-@@ -194,6 +215,7 @@ perf-archive
+@@ -194,6 +216,7 @@ perf-archive
piggyback
piggy.gzip
piggy.S
@@ -161,7 +165,7 @@ index b89a739..b47493f 100644
pnmtologo
ppc_defs.h*
pss_boot.h
-@@ -203,7 +225,10 @@ r200_reg_safe.h
+@@ -203,7 +226,10 @@ r200_reg_safe.h
r300_reg_safe.h
r420_reg_safe.h
r600_reg_safe.h
@@ -172,7 +176,7 @@ index b89a739..b47493f 100644
relocs
rlim_names.h
rn50_reg_safe.h
-@@ -213,8 +238,12 @@ series
+@@ -213,8 +239,12 @@ series
setup
setup.bin
setup.elf
@@ -185,7 +189,7 @@ index b89a739..b47493f 100644
split-include
syscalltab.h
tables.c
-@@ -224,6 +253,7 @@ tftpboot.img
+@@ -224,6 +254,7 @@ tftpboot.img
timeconst.h
times.h*
trix_boot.h
@@ -193,7 +197,7 @@ index b89a739..b47493f 100644
utsrelease.h*
vdso-syms.lds
vdso.lds
-@@ -235,13 +265,17 @@ vdso32.lds
+@@ -235,13 +266,17 @@ vdso32.lds
vdso32.so.dbg
vdso64.lds
vdso64.so.dbg
@@ -211,7 +215,7 @@ index b89a739..b47493f 100644
vmlinuz
voffset.h
vsyscall.lds
-@@ -249,9 +283,12 @@ vsyscall_32.lds
+@@ -249,9 +284,12 @@ vsyscall_32.lds
wanxlfw.inc
uImage
unifdef
@@ -259,7 +263,7 @@ index 8ccbf27..afffeb4 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 4a40307..9ac699b 100644
+index a129b15..548231d 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -6633,7 +6637,7 @@ index ae54553..cf2184d 100644
ld r4,_DAR(r1)
bl .bad_page_fault
diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S
-index 3bbe7ed..14ec3eb 100644
+index 644378e..b6f2c26 100644
--- a/arch/powerpc/kernel/exceptions-64s.S
+++ b/arch/powerpc/kernel/exceptions-64s.S
@@ -1390,10 +1390,10 @@ handle_page_fault:
@@ -6682,7 +6686,7 @@ index 2e3200c..72095ce 100644
/* Find this entry, or if that fails, the next avail. entry */
while (entry->jump[0]) {
diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
-index 9600c36..0c156d7 100644
+index 0d86c8a..df4c5f2 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
@@ -871,8 +871,8 @@ void show_regs(struct pt_regs * regs)
@@ -6718,7 +6722,7 @@ index 9600c36..0c156d7 100644
regs->trap, (void *)regs->nip, (void *)lr);
firstframe = 1;
}
-@@ -1396,58 +1396,3 @@ void __ppc64_runlatch_off(void)
+@@ -1396,58 +1396,3 @@ void notrace __ppc64_runlatch_off(void)
mtspr(SPRN_CTRLT, ctrl);
}
#endif /* CONFIG_PPC64 */
@@ -6856,7 +6860,7 @@ index 3ce1f86..c30e629 100644
};
diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c
-index 29857c6..bd31e27 100644
+index bf33ace..e836d8b 100644
--- a/arch/powerpc/kernel/traps.c
+++ b/arch/powerpc/kernel/traps.c
@@ -142,6 +142,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs)
@@ -10062,6 +10066,20 @@ index d2b5944..bd813f2 100644
return addr;
}
if (mm->get_unmapped_area == arch_get_unmapped_area)
+diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c
+index 83d89bc..37e7bc4 100644
+--- a/arch/sparc/mm/tlb.c
++++ b/arch/sparc/mm/tlb.c
+@@ -85,8 +85,8 @@ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr,
+ }
+
+ if (!tb->active) {
+- global_flush_tlb_page(mm, vaddr);
+ flush_tsb_user_page(mm, vaddr);
++ global_flush_tlb_page(mm, vaddr);
+ goto out;
+ }
+
diff --git a/arch/tile/include/asm/atomic_64.h b/arch/tile/include/asm/atomic_64.h
index f4500c6..889656c 100644
--- a/arch/tile/include/asm/atomic_64.h
@@ -10503,7 +10521,7 @@ index 5ef205c..342191d 100644
KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__
GCOV_PROFILE := n
diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c
-index 35ee62f..b6609b6 100644
+index c205035..5853587 100644
--- a/arch/x86/boot/compressed/eboot.c
+++ b/arch/x86/boot/compressed/eboot.c
@@ -150,7 +150,6 @@ again:
@@ -10522,6 +10540,48 @@ index 35ee62f..b6609b6 100644
efi_call_phys1(sys_table->boottime->free_pool, map);
fail:
return status;
+diff --git a/arch/x86/boot/compressed/efi_stub_32.S b/arch/x86/boot/compressed/efi_stub_32.S
+index a53440e..c3dbf1e 100644
+--- a/arch/x86/boot/compressed/efi_stub_32.S
++++ b/arch/x86/boot/compressed/efi_stub_32.S
+@@ -46,16 +46,13 @@ ENTRY(efi_call_phys)
+ * parameter 2, ..., param n. To make things easy, we save the return
+ * address of efi_call_phys in a global variable.
+ */
+- popl %ecx
+- movl %ecx, saved_return_addr(%edx)
+- /* get the function pointer into ECX*/
+- popl %ecx
+- movl %ecx, efi_rt_function_ptr(%edx)
++ popl saved_return_addr(%edx)
++ popl efi_rt_function_ptr(%edx)
+
+ /*
+ * 3. Call the physical function.
+ */
+- call *%ecx
++ call *efi_rt_function_ptr(%edx)
+
+ /*
+ * 4. Balance the stack. And because EAX contain the return value,
+@@ -67,15 +64,12 @@ ENTRY(efi_call_phys)
+ 1: popl %edx
+ subl $1b, %edx
+
+- movl efi_rt_function_ptr(%edx), %ecx
+- pushl %ecx
++ pushl efi_rt_function_ptr(%edx)
+
+ /*
+ * 10. Push the saved return address onto the stack and return.
+ */
+- movl saved_return_addr(%edx), %ecx
+- pushl %ecx
+- ret
++ jmpl *saved_return_addr(%edx)
+ ENDPROC(efi_call_phys)
+ .previous
+
diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S
index 1e3184f..0d11e2e 100644
--- a/arch/x86/boot/compressed/head_32.S
@@ -17405,7 +17465,7 @@ index 7c6f7d5..8cac382 100644
};
diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
-index 7bc1263..ce2cbfb 100644
+index 7bc1263..bff5686 100644
--- a/arch/x86/kernel/cpu/mcheck/mce.c
+++ b/arch/x86/kernel/cpu/mcheck/mce.c
@@ -45,6 +45,7 @@
@@ -17456,6 +17516,15 @@ index 7bc1263..ce2cbfb 100644
return;
}
/* First print corrected ones that are still unlogged */
+@@ -353,7 +354,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp)
+ if (!fake_panic) {
+ if (panic_timeout == 0)
+ panic_timeout = mca_cfg.panic_timeout;
+- panic(msg);
++ panic("%s", msg);
+ } else
+ pr_emerg(HW_ERR "Fake kernel panic: %s\n", msg);
+ }
@@ -683,7 +684,7 @@ static int mce_timed_out(u64 *t)
* might have been modified by someone else.
*/
@@ -18171,6 +18240,21 @@ index b653675..51cc8c0 100644
+}
+EXPORT_SYMBOL(pax_check_alloca);
+#endif
+diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c
+index d32abea..74daf4f 100644
+--- a/arch/x86/kernel/e820.c
++++ b/arch/x86/kernel/e820.c
+@@ -800,8 +800,8 @@ unsigned long __init e820_end_of_low_ram_pfn(void)
+
+ static void early_panic(char *msg)
+ {
+- early_printk(msg);
+- panic(msg);
++ early_printk("%s", msg);
++ panic("%s", msg);
+ }
+
+ static int userdef __initdata;
diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_printk.c
index 9b9f18b..9fcaa04 100644
--- a/arch/x86/kernel/early_printk.c
@@ -18944,7 +19028,7 @@ index 8f3e2de..934870f 100644
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index c1d01e6..5625dce 100644
+index c1d01e6..1bef85a 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -59,6 +59,8 @@
@@ -19031,7 +19115,7 @@ index c1d01e6..5625dce 100644
#endif
-@@ -284,6 +293,282 @@ ENTRY(native_usergs_sysret64)
+@@ -284,6 +293,311 @@ ENTRY(native_usergs_sysret64)
ENDPROC(native_usergs_sysret64)
#endif /* CONFIG_PARAVIRT */
@@ -19139,7 +19223,9 @@ index c1d01e6..5625dce 100644
+#endif
+#ifdef CONFIG_PAX_RANDKSTACK
+ pushq %rax
++ pushq %r11
+ call pax_randomize_kstack
++ popq %r11
+ popq %rax
+#endif
+ .endm
@@ -19202,10 +19288,10 @@ index c1d01e6..5625dce 100644
+ENDPROC(pax_enter_kernel_user)
+
+ENTRY(pax_exit_kernel_user)
-+ push %rdi
++ pushq %rdi
++ pushq %rbx
+
+#ifdef CONFIG_PARAVIRT
-+ pushq %rbx
+ PV_SAVE_REGS(CLBR_RDI)
+#endif
+
@@ -19217,13 +19303,14 @@ index c1d01e6..5625dce 100644
+#endif
+
+ GET_CR3_INTO_RDI
-+ add $__START_KERNEL_map,%rdi
-+ sub phys_base(%rip),%rdi
++ mov %rdi,%rbx
++ add $__START_KERNEL_map,%rbx
++ sub phys_base(%rip),%rbx
+
+#ifdef CONFIG_PARAVIRT
++ pushq %rdi
+ cmpl $0, pv_info+PARAVIRT_enabled
+ jz 1f
-+ mov %rdi,%rbx
+ i = 0
+ .rept USER_PGD_PTRS
+ mov i*8(%rbx),%rsi
@@ -19232,21 +19319,23 @@ index c1d01e6..5625dce 100644
+ call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched)
+ i = i + 1
+ .endr
++ popq %rdi
++ PV_RESTORE_REGS(CLBR_RDI)
+ jmp 2f
+1:
+#endif
+
+ i = 0
+ .rept USER_PGD_PTRS
-+ movb $0x67,i*8(%rdi)
++ movb $0x67,i*8(%rbx)
+ i = i + 1
+ .endr
+
+#ifdef CONFIG_PARAVIRT
-+2: PV_RESTORE_REGS(CLBR_RDI)
-+ popq %rbx
++2:
+#endif
+
++ popq %rbx
+ popq %rdi
+ pax_force_retaddr
+ retq
@@ -19255,6 +19344,30 @@ index c1d01e6..5625dce 100644
+ENDPROC(pax_exit_kernel_user)
+#endif
+
++ .macro pax_enter_kernel_nmi
++ pax_set_fptr_mask
++
++#ifdef CONFIG_PAX_KERNEXEC
++ GET_CR0_INTO_RDI
++ bts $16,%rdi
++ SET_RDI_INTO_CR0
++ jc 110f
++ or $2,%ebx
++110:
++#endif
++ .endm
++
++ .macro pax_exit_kernel_nmi
++#ifdef CONFIG_PAX_KERNEXEC
++ test $2,%ebx
++ jz 110f
++ GET_CR0_INTO_RDI
++ btr $16,%rdi
++ SET_RDI_INTO_CR0
++110:
++#endif
++ .endm
++
+.macro pax_erase_kstack
+#ifdef CONFIG_PAX_MEMORY_STACKLEAK
+ call pax_erase_kstack
@@ -19314,7 +19427,7 @@ index c1d01e6..5625dce 100644
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -375,8 +660,8 @@ ENDPROC(native_usergs_sysret64)
+@@ -375,8 +689,8 @@ ENDPROC(native_usergs_sysret64)
.endm
.macro UNFAKE_STACK_FRAME
@@ -19325,7 +19438,7 @@ index c1d01e6..5625dce 100644
.endm
/*
-@@ -463,7 +748,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -463,7 +777,7 @@ ENDPROC(native_usergs_sysret64)
movq %rsp, %rsi
leaq -RBP(%rsp),%rdi /* arg1 for handler */
@@ -19334,7 +19447,7 @@ index c1d01e6..5625dce 100644
je 1f
SWAPGS
/*
-@@ -498,9 +783,10 @@ ENTRY(save_rest)
+@@ -498,9 +812,10 @@ ENTRY(save_rest)
movq_cfi r15, R15+16
movq %r11, 8(%rsp) /* return address */
FIXUP_TOP_OF_STACK %r11, 16
@@ -19346,7 +19459,7 @@ index c1d01e6..5625dce 100644
/* save complete stack frame */
.pushsection .kprobes.text, "ax"
-@@ -529,9 +815,10 @@ ENTRY(save_paranoid)
+@@ -529,9 +844,10 @@ ENTRY(save_paranoid)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx,%ebx
@@ -19359,7 +19472,7 @@ index c1d01e6..5625dce 100644
.popsection
/*
-@@ -553,7 +840,7 @@ ENTRY(ret_from_fork)
+@@ -553,7 +869,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -19368,7 +19481,7 @@ index c1d01e6..5625dce 100644
jz 1f
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -571,7 +858,7 @@ ENTRY(ret_from_fork)
+@@ -571,7 +887,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -19377,7 +19490,7 @@ index c1d01e6..5625dce 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -608,7 +895,7 @@ END(ret_from_fork)
+@@ -608,7 +924,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -19386,7 +19499,7 @@ index c1d01e6..5625dce 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -621,16 +908,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -621,16 +937,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -19412,7 +19525,7 @@ index c1d01e6..5625dce 100644
jnz tracesys
system_call_fastpath:
#if __SYSCALL_MASK == ~0
-@@ -640,7 +934,7 @@ system_call_fastpath:
+@@ -640,7 +963,7 @@ system_call_fastpath:
cmpl $__NR_syscall_max,%eax
#endif
ja badsys
@@ -19421,7 +19534,7 @@ index c1d01e6..5625dce 100644
call *sys_call_table(,%rax,8) # XXX: rip relative
movq %rax,RAX-ARGOFFSET(%rsp)
/*
-@@ -654,10 +948,13 @@ sysret_check:
+@@ -654,10 +977,13 @@ sysret_check:
LOCKDEP_SYS_EXIT
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -19436,7 +19549,7 @@ index c1d01e6..5625dce 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -709,14 +1006,18 @@ badsys:
+@@ -709,14 +1035,18 @@ badsys:
* jump back to the normal fast path.
*/
auditsys:
@@ -19456,7 +19569,7 @@ index c1d01e6..5625dce 100644
jmp system_call_fastpath
/*
-@@ -737,7 +1038,7 @@ sysret_audit:
+@@ -737,7 +1067,7 @@ sysret_audit:
/* Do syscall tracing */
tracesys:
#ifdef CONFIG_AUDITSYSCALL
@@ -19465,7 +19578,7 @@ index c1d01e6..5625dce 100644
jz auditsys
#endif
SAVE_REST
-@@ -745,12 +1046,16 @@ tracesys:
+@@ -745,12 +1075,16 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -19482,7 +19595,7 @@ index c1d01e6..5625dce 100644
RESTORE_REST
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
-@@ -759,7 +1064,7 @@ tracesys:
+@@ -759,7 +1093,7 @@ tracesys:
cmpl $__NR_syscall_max,%eax
#endif
ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */
@@ -19491,7 +19604,7 @@ index c1d01e6..5625dce 100644
call *sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
/* Use IRET because user could have changed frame */
-@@ -780,7 +1085,9 @@ GLOBAL(int_with_check)
+@@ -780,7 +1114,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -19502,7 +19615,7 @@ index c1d01e6..5625dce 100644
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -826,7 +1133,7 @@ int_restore_rest:
+@@ -826,7 +1162,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -19511,7 +19624,7 @@ index c1d01e6..5625dce 100644
.macro FORK_LIKE func
ENTRY(stub_\func)
-@@ -839,9 +1146,10 @@ ENTRY(stub_\func)
+@@ -839,9 +1175,10 @@ ENTRY(stub_\func)
DEFAULT_FRAME 0 8 /* offset 8: return address */
call sys_\func
RESTORE_TOP_OF_STACK %r11, 8
@@ -19523,7 +19636,7 @@ index c1d01e6..5625dce 100644
.endm
.macro FIXED_FRAME label,func
-@@ -851,9 +1159,10 @@ ENTRY(\label)
+@@ -851,9 +1188,10 @@ ENTRY(\label)
FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
call \func
RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
@@ -19535,7 +19648,7 @@ index c1d01e6..5625dce 100644
.endm
FORK_LIKE clone
-@@ -870,9 +1179,10 @@ ENTRY(ptregscall_common)
+@@ -870,9 +1208,10 @@ ENTRY(ptregscall_common)
movq_cfi_restore R12+8, r12
movq_cfi_restore RBP+8, rbp
movq_cfi_restore RBX+8, rbx
@@ -19547,7 +19660,7 @@ index c1d01e6..5625dce 100644
ENTRY(stub_execve)
CFI_STARTPROC
-@@ -885,7 +1195,7 @@ ENTRY(stub_execve)
+@@ -885,7 +1224,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -19556,7 +19669,7 @@ index c1d01e6..5625dce 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -902,7 +1212,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -902,7 +1241,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -19565,7 +19678,7 @@ index c1d01e6..5625dce 100644
#ifdef CONFIG_X86_X32_ABI
ENTRY(stub_x32_rt_sigreturn)
-@@ -916,7 +1226,7 @@ ENTRY(stub_x32_rt_sigreturn)
+@@ -916,7 +1255,7 @@ ENTRY(stub_x32_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -19574,7 +19687,7 @@ index c1d01e6..5625dce 100644
ENTRY(stub_x32_execve)
CFI_STARTPROC
-@@ -930,7 +1240,7 @@ ENTRY(stub_x32_execve)
+@@ -930,7 +1269,7 @@ ENTRY(stub_x32_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -19583,7 +19696,7 @@ index c1d01e6..5625dce 100644
#endif
-@@ -967,7 +1277,7 @@ vector=vector+1
+@@ -967,7 +1306,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -19592,7 +19705,7 @@ index c1d01e6..5625dce 100644
.previous
END(interrupt)
-@@ -987,6 +1297,16 @@ END(interrupt)
+@@ -987,6 +1326,16 @@ END(interrupt)
subq $ORIG_RAX-RBP, %rsp
CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
SAVE_ARGS_IRQ
@@ -19609,7 +19722,7 @@ index c1d01e6..5625dce 100644
call \func
.endm
-@@ -1019,7 +1339,7 @@ ret_from_intr:
+@@ -1019,7 +1368,7 @@ ret_from_intr:
exit_intr:
GET_THREAD_INFO(%rcx)
@@ -19618,7 +19731,7 @@ index c1d01e6..5625dce 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -1041,12 +1361,16 @@ retint_swapgs: /* return to user-space */
+@@ -1041,12 +1390,16 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -19635,7 +19748,7 @@ index c1d01e6..5625dce 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -1129,7 +1453,7 @@ ENTRY(retint_kernel)
+@@ -1129,7 +1482,7 @@ ENTRY(retint_kernel)
#endif
CFI_ENDPROC
@@ -19644,7 +19757,7 @@ index c1d01e6..5625dce 100644
/*
* End of kprobes section
*/
-@@ -1147,7 +1471,7 @@ ENTRY(\sym)
+@@ -1147,7 +1500,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -19653,7 +19766,7 @@ index c1d01e6..5625dce 100644
.endm
#ifdef CONFIG_SMP
-@@ -1203,12 +1527,22 @@ ENTRY(\sym)
+@@ -1203,12 +1556,22 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -19677,7 +19790,7 @@ index c1d01e6..5625dce 100644
.endm
.macro paranoidzeroentry sym do_sym
-@@ -1221,15 +1555,25 @@ ENTRY(\sym)
+@@ -1221,15 +1584,25 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -19705,7 +19818,7 @@ index c1d01e6..5625dce 100644
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1240,14 +1584,30 @@ ENTRY(\sym)
+@@ -1240,14 +1613,30 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF_DEBUG
@@ -19737,7 +19850,7 @@ index c1d01e6..5625dce 100644
.endm
.macro errorentry sym do_sym
-@@ -1259,13 +1619,23 @@ ENTRY(\sym)
+@@ -1259,13 +1648,23 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -19762,7 +19875,7 @@ index c1d01e6..5625dce 100644
.endm
/* error code is on the stack already */
-@@ -1279,13 +1649,23 @@ ENTRY(\sym)
+@@ -1279,13 +1678,23 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
@@ -19787,7 +19900,7 @@ index c1d01e6..5625dce 100644
.endm
zeroentry divide_error do_divide_error
-@@ -1315,9 +1695,10 @@ gs_change:
+@@ -1315,9 +1724,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -19799,7 +19912,7 @@ index c1d01e6..5625dce 100644
_ASM_EXTABLE(gs_change,bad_gs)
.section .fixup,"ax"
-@@ -1345,9 +1726,10 @@ ENTRY(call_softirq)
+@@ -1345,9 +1755,10 @@ ENTRY(call_softirq)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -19811,7 +19924,7 @@ index c1d01e6..5625dce 100644
#ifdef CONFIG_XEN
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1385,7 +1767,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1385,7 +1796,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -19820,7 +19933,7 @@ index c1d01e6..5625dce 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1444,7 +1826,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1444,7 +1855,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -19829,7 +19942,7 @@ index c1d01e6..5625dce 100644
apicinterrupt HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1498,16 +1880,31 @@ ENTRY(paranoid_exit)
+@@ -1498,16 +1909,31 @@ ENTRY(paranoid_exit)
TRACE_IRQS_OFF_DEBUG
testl %ebx,%ebx /* swapgs needed? */
jnz paranoid_restore
@@ -19862,7 +19975,7 @@ index c1d01e6..5625dce 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1536,7 +1933,7 @@ paranoid_schedule:
+@@ -1536,7 +1962,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -19871,7 +19984,7 @@ index c1d01e6..5625dce 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1563,12 +1960,13 @@ ENTRY(error_entry)
+@@ -1563,12 +1989,13 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -19886,7 +19999,7 @@ index c1d01e6..5625dce 100644
ret
/*
-@@ -1595,7 +1993,7 @@ bstep_iret:
+@@ -1595,7 +2022,7 @@ bstep_iret:
movq %rcx,RIP+8(%rsp)
jmp error_swapgs
CFI_ENDPROC
@@ -19895,7 +20008,7 @@ index c1d01e6..5625dce 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1615,7 +2013,7 @@ ENTRY(error_exit)
+@@ -1615,7 +2042,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
@@ -19904,7 +20017,7 @@ index c1d01e6..5625dce 100644
/*
* Test if a given stack is an NMI stack or not.
-@@ -1673,9 +2071,11 @@ ENTRY(nmi)
+@@ -1673,9 +2100,11 @@ ENTRY(nmi)
* If %cs was not the kernel segment, then the NMI triggered in user
* space, which means it is definitely not nested.
*/
@@ -19917,7 +20030,7 @@ index c1d01e6..5625dce 100644
/*
* Check the special variable on the stack to see if NMIs are
* executing.
-@@ -1709,8 +2109,7 @@ nested_nmi:
+@@ -1709,8 +2138,7 @@ nested_nmi:
1:
/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -19927,51 +20040,40 @@ index c1d01e6..5625dce 100644
CFI_ADJUST_CFA_OFFSET 1*8
leaq -10*8(%rsp), %rdx
pushq_cfi $__KERNEL_DS
-@@ -1728,6 +2127,7 @@ nested_nmi_out:
+@@ -1728,6 +2156,7 @@ nested_nmi_out:
CFI_RESTORE rdx
/* No need to check faults here */
-+ pax_force_retaddr_bts
++# pax_force_retaddr_bts
INTERRUPT_RETURN
CFI_RESTORE_STATE
-@@ -1844,6 +2244,17 @@ end_repeat_nmi:
+@@ -1844,6 +2273,8 @@ end_repeat_nmi:
*/
movq %cr2, %r12
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+ testb $3, CS(%rsp)
-+ jnz 1f
-+ pax_enter_kernel
-+ jmp 2f
-+1: pax_enter_kernel_user
-+2:
-+#else
-+ pax_enter_kernel
-+#endif
++ pax_enter_kernel_nmi
+
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
movq $-1,%rsi
-@@ -1859,23 +2270,34 @@ end_repeat_nmi:
- testl %ebx,%ebx /* swapgs needed? */
+@@ -1856,26 +2287,31 @@ end_repeat_nmi:
+ movq %r12, %cr2
+ 1:
+
+- testl %ebx,%ebx /* swapgs needed? */
++ testl $1,%ebx /* swapgs needed? */
jnz nmi_restore
nmi_swapgs:
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+ pax_exit_kernel_user
-+#else
-+ pax_exit_kernel
-+#endif
SWAPGS_UNSAFE_STACK
-+ RESTORE_ALL 6*8
-+ /* Clear the NMI executing stack variable */
-+ movq $0, 5*8(%rsp)
-+ jmp irq_return
nmi_restore:
-+ pax_exit_kernel
++ pax_exit_kernel_nmi
/* Pop the extra iret frame at once */
RESTORE_ALL 6*8
++ testb $3, 8(%rsp)
++ jnz 1f
+ pax_force_retaddr_bts
++1:
/* Clear the NMI executing stack variable */
movq $0, 5*8(%rsp)
@@ -22479,7 +22581,7 @@ index 76fa1e9..abf09ea 100644
.shutdown = native_machine_shutdown,
.emergency_restart = native_machine_emergency_restart,
diff --git a/arch/x86/kernel/relocate_kernel_64.S b/arch/x86/kernel/relocate_kernel_64.S
-index 7a6f3b3..bed145d7 100644
+index f2bb9c9..bed145d7 100644
--- a/arch/x86/kernel/relocate_kernel_64.S
+++ b/arch/x86/kernel/relocate_kernel_64.S
@@ -11,6 +11,7 @@
@@ -22490,15 +22592,7 @@ index 7a6f3b3..bed145d7 100644
/*
* Must be relocatable PIC code callable as a C function
-@@ -160,13 +161,14 @@ identity_mapped:
- xorq %rbp, %rbp
- xorq %r8, %r8
- xorq %r9, %r9
-- xorq %r10, %r9
-+ xorq %r10, %r10
- xorq %r11, %r11
- xorq %r12, %r12
- xorq %r13, %r13
+@@ -167,6 +168,7 @@ identity_mapped:
xorq %r14, %r14
xorq %r15, %r15
@@ -23547,7 +23641,7 @@ index 3dbdd9c..888b14e 100644
goto cannot_handle;
if ((segoffs >> 16) == BIOSSEG)
diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
-index 22a1530..8fbaaad 100644
+index 22a1530..5efafbf 100644
--- a/arch/x86/kernel/vmlinux.lds.S
+++ b/arch/x86/kernel/vmlinux.lds.S
@@ -26,6 +26,13 @@
@@ -23632,7 +23726,7 @@ index 22a1530..8fbaaad 100644
+ . = ALIGN(PAGE_SIZE);
+ .module.text : AT(ADDR(.module.text) - LOAD_OFFSET) {
+
-+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_MODULES)
++#ifdef CONFIG_PAX_KERNEXEC
+ MODULES_EXEC_VADDR = .;
+ BYTE(0)
+ . += (CONFIG_PAX_KERNEXEC_MODULE_TEXT * 1024 * 1024);
@@ -28089,7 +28183,7 @@ index ae1aa71..d9bea75 100644
#endif /*HAVE_ARCH_HUGETLB_UNMAPPED_AREA*/
diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c
-index 59b7fc4..b1dd75f 100644
+index 0c13708..689fe7f 100644
--- a/arch/x86/mm/init.c
+++ b/arch/x86/mm/init.c
@@ -4,6 +4,7 @@
@@ -30397,6 +30491,31 @@ index c77b24a..c979855 100644
return !(ret & 0xff00);
}
EXPORT_SYMBOL(pcibios_set_irq_routing);
+diff --git a/arch/x86/platform/efi/efi.c b/arch/x86/platform/efi/efi.c
+index 90f3a52..714e825 100644
+--- a/arch/x86/platform/efi/efi.c
++++ b/arch/x86/platform/efi/efi.c
+@@ -1059,7 +1059,10 @@ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size)
+ * that by attempting to use more space than is available.
+ */
+ unsigned long dummy_size = remaining_size + 1024;
+- void *dummy = kmalloc(dummy_size, GFP_ATOMIC);
++ void *dummy = kzalloc(dummy_size, GFP_ATOMIC);
++
++ if (!dummy)
++ return EFI_OUT_OF_RESOURCES;
+
+ status = efi.set_variable(efi_dummy_name, &EFI_DUMMY_GUID,
+ EFI_VARIABLE_NON_VOLATILE |
+@@ -1079,6 +1082,8 @@ efi_status_t efi_query_variable_store(u32 attributes, unsigned long size)
+ 0, dummy);
+ }
+
++ kfree(dummy);
++
+ /*
+ * The runtime code may now have triggered a garbage collection
+ * run, so check the variable info again
diff --git a/arch/x86/platform/efi/efi_32.c b/arch/x86/platform/efi/efi_32.c
index 40e4469..1ab536e 100644
--- a/arch/x86/platform/efi/efi_32.c
@@ -31645,6 +31764,47 @@ index 7c668c8..db3521c 100644
if (err) {
err = -EFAULT;
goto out;
+diff --git a/block/genhd.c b/block/genhd.c
+index 3c001fb..d15a9e8 100644
+--- a/block/genhd.c
++++ b/block/genhd.c
+@@ -467,21 +467,24 @@ static char *bdevt_str(dev_t devt, char *buf)
+
+ /*
+ * Register device numbers dev..(dev+range-1)
+- * range must be nonzero
++ * Noop if @range is zero.
+ * The hash chain is sorted on range, so that subranges can override.
+ */
+ void blk_register_region(dev_t devt, unsigned long range, struct module *module,
+ struct kobject *(*probe)(dev_t, int *, void *),
+ int (*lock)(dev_t, void *), void *data)
+ {
+- kobj_map(bdev_map, devt, range, module, probe, lock, data);
++ if (range)
++ kobj_map(bdev_map, devt, range, module, probe, lock, data);
+ }
+
+ EXPORT_SYMBOL(blk_register_region);
+
++/* undo blk_register_region(), noop if @range is zero */
+ void blk_unregister_region(dev_t devt, unsigned long range)
+ {
+- kobj_unmap(bdev_map, devt, range);
++ if (range)
++ kobj_unmap(bdev_map, devt, range);
+ }
+
+ EXPORT_SYMBOL(blk_unregister_region);
+@@ -512,7 +515,7 @@ static void register_disk(struct gendisk *disk)
+
+ ddev->parent = disk->driverfs_dev;
+
+- dev_set_name(ddev, disk->disk_name);
++ dev_set_name(ddev, "%s", disk->disk_name);
+
+ /* delay uevents, until we scanned partition table */
+ dev_set_uevent_suppress(ddev, 1);
diff --git a/block/partitions/efi.c b/block/partitions/efi.c
index ff5804e..a88acad 100644
--- a/block/partitions/efi.c
@@ -31725,6 +31885,19 @@ index 9a87daa..fb17486 100644
if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
goto error;
+diff --git a/crypto/algapi.c b/crypto/algapi.c
+index 6149a6e..55ed50d 100644
+--- a/crypto/algapi.c
++++ b/crypto/algapi.c
+@@ -495,7 +495,7 @@ static struct crypto_template *__crypto_lookup_template(const char *name)
+
+ struct crypto_template *crypto_lookup_template(const char *name)
+ {
+- return try_then_request_module(__crypto_lookup_template(name), name);
++ return try_then_request_module(__crypto_lookup_template(name), "%s", name);
+ }
+ EXPORT_SYMBOL_GPL(crypto_lookup_template);
+
diff --git a/crypto/cryptd.c b/crypto/cryptd.c
index 7bdd61b..afec999 100644
--- a/crypto/cryptd.c
@@ -31747,6 +31920,30 @@ index 7bdd61b..afec999 100644
static void cryptd_queue_worker(struct work_struct *work);
+diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
+index b2c99dc..476c9fb 100644
+--- a/crypto/pcrypt.c
++++ b/crypto/pcrypt.c
+@@ -440,7 +440,7 @@ static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name)
+ int ret;
+
+ pinst->kobj.kset = pcrypt_kset;
+- ret = kobject_add(&pinst->kobj, NULL, name);
++ ret = kobject_add(&pinst->kobj, NULL, "%s", name);
+ if (!ret)
+ kobject_uevent(&pinst->kobj, KOBJ_ADD);
+
+@@ -455,8 +455,8 @@ static int pcrypt_init_padata(struct padata_pcrypt *pcrypt,
+
+ get_online_cpus();
+
+- pcrypt->wq = alloc_workqueue(name,
+- WQ_MEM_RECLAIM | WQ_CPU_INTENSIVE, 1);
++ pcrypt->wq = alloc_workqueue("%s",
++ WQ_MEM_RECLAIM | WQ_CPU_INTENSIVE, 1, name);
+ if (!pcrypt->wq)
+ goto err;
+
diff --git a/drivers/acpi/apei/apei-internal.h b/drivers/acpi/apei/apei-internal.h
index f220d64..d359ad6 100644
--- a/drivers/acpi/apei/apei-internal.h
@@ -32969,6 +33166,19 @@ index 969c3c2..9b72956 100644
wake_up(&zatm_vcc->tx_wait);
}
+diff --git a/drivers/base/attribute_container.c b/drivers/base/attribute_container.c
+index d78b204..ecc1929 100644
+--- a/drivers/base/attribute_container.c
++++ b/drivers/base/attribute_container.c
+@@ -167,7 +167,7 @@ attribute_container_add_device(struct device *dev,
+ ic->classdev.parent = get_device(dev);
+ ic->classdev.class = cont->class;
+ cont->class->dev_release = attribute_container_release;
+- dev_set_name(&ic->classdev, dev_name(dev));
++ dev_set_name(&ic->classdev, "%s", dev_name(dev));
+ if (fn)
+ fn(cont, dev, &ic->classdev);
+ else
diff --git a/drivers/base/bus.c b/drivers/base/bus.c
index 519865b..e540db3 100644
--- a/drivers/base/bus.c
@@ -33054,6 +33264,19 @@ index 9a6b05a..2fc8fb9 100644
int ret = 0;
if (IS_ERR_OR_NULL(genpd))
+diff --git a/drivers/base/power/sysfs.c b/drivers/base/power/sysfs.c
+index a53ebd2..8f73eeb 100644
+--- a/drivers/base/power/sysfs.c
++++ b/drivers/base/power/sysfs.c
+@@ -185,7 +185,7 @@ static ssize_t rtpm_status_show(struct device *dev,
+ return -EIO;
+ }
+ }
+- return sprintf(buf, p);
++ return sprintf(buf, "%s", p);
+ }
+
+ static DEVICE_ATTR(runtime_status, 0444, rtpm_status_show, NULL);
diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c
index 79715e7..df06b3b 100644
--- a/drivers/base/power/wakeup.c
@@ -33116,10 +33339,10 @@ index e8d11b6..7b1b36f 100644
}
EXPORT_SYMBOL_GPL(unregister_syscore_ops);
diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c
-index 1c1b8e5..b7fc681 100644
+index dadea48..a1f3835 100644
--- a/drivers/block/cciss.c
+++ b/drivers/block/cciss.c
-@@ -1196,6 +1196,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
+@@ -1184,6 +1184,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
int err;
u32 cp;
@@ -33572,6 +33795,19 @@ index dfe7583..83768bb 100644
set_fs(old_fs);
if (likely(bw == len))
return 0;
+diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
+index 7fecc78..84d217c 100644
+--- a/drivers/block/nbd.c
++++ b/drivers/block/nbd.c
+@@ -714,7 +714,7 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *nbd,
+ else
+ blk_queue_flush(nbd->disk->queue, 0);
+
+- thread = kthread_create(nbd_thread, nbd, nbd->disk->disk_name);
++ thread = kthread_create(nbd_thread, nbd, "%s", nbd->disk->disk_name);
+ if (IS_ERR(thread)) {
+ mutex_lock(&nbd->tx_lock);
+ return PTR_ERR(thread);
diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c
index 2e7de7a..ed86dc0 100644
--- a/drivers/block/pktcdvd.c
@@ -33586,7 +33822,7 @@ index 2e7de7a..ed86dc0 100644
static DEFINE_MUTEX(pktcdvd_mutex);
static struct pktcdvd_device *pkt_devs[MAX_WRITERS];
diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
-index d620b44..e9abc80 100644
+index d620b44..d7538c2 100644
--- a/drivers/cdrom/cdrom.c
+++ b/drivers/cdrom/cdrom.c
@@ -416,7 +416,6 @@ int register_cdrom(struct cdrom_device_info *cdi)
@@ -33637,6 +33873,15 @@ index d620b44..e9abc80 100644
if (cgc->buffer == NULL)
return -ENOMEM;
+@@ -3429,7 +3430,7 @@ static int cdrom_print_info(const char *header, int val, char *info,
+ struct cdrom_device_info *cdi;
+ int ret;
+
+- ret = scnprintf(info + *pos, max_size - *pos, header);
++ ret = scnprintf(info + *pos, max_size - *pos, "%s", header);
+ if (!ret)
+ return 1;
+
diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c
index d59cdcb..11afddf 100644
--- a/drivers/cdrom/gdrom.c
@@ -33731,6 +33976,19 @@ index d784650..e8bfd69 100644
struct hpet_info *info)
{
struct hpet_timer __iomem *timer;
+diff --git a/drivers/char/hw_random/intel-rng.c b/drivers/char/hw_random/intel-rng.c
+index 86fe45c..c0ea948 100644
+--- a/drivers/char/hw_random/intel-rng.c
++++ b/drivers/char/hw_random/intel-rng.c
+@@ -314,7 +314,7 @@ PFX "RNG, try using the 'no_fwh_detect' option.\n";
+
+ if (no_fwh_detect)
+ return -ENODEV;
+- printk(warning);
++ printk("%s", warning);
+ return -EBUSY;
+ }
+
diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
index 053201b0..8335cce 100644
--- a/drivers/char/ipmi/ipmi_msghandler.c
@@ -33800,7 +34058,7 @@ index 0ac9b45..6179fb5 100644
new_smi->interrupt_disabled = 1;
atomic_set(&new_smi->stop_operation, 0);
diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 2c644af..d4d7f17 100644
+index 2c644af..4b7aede 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c
@@ -18,6 +18,7 @@
@@ -33944,6 +34202,15 @@ index 2c644af..d4d7f17 100644
};
static int memory_open(struct inode *inode, struct file *filp)
+@@ -904,7 +954,7 @@ static int __init chr_dev_init(void)
+ continue;
+
+ device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor),
+- NULL, devlist[minor].name);
++ NULL, "%s", devlist[minor].name);
+ }
+
+ return tty_init();
diff --git a/drivers/char/mwave/tp3780i.c b/drivers/char/mwave/tp3780i.c
index c689697..04e6d6a2 100644
--- a/drivers/char/mwave/tp3780i.c
@@ -34477,9 +34744,18 @@ index 428754a..8bdf9cc 100644
.name = "cpuidle",
};
diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c
-index 3b36797..289c16a 100644
+index 3b36797..db0b0c0 100644
--- a/drivers/devfreq/devfreq.c
+++ b/drivers/devfreq/devfreq.c
+@@ -477,7 +477,7 @@ struct devfreq *devfreq_add_device(struct device *dev,
+ GFP_KERNEL);
+ devfreq->last_stat_updated = jiffies;
+
+- dev_set_name(&devfreq->dev, dev_name(dev));
++ dev_set_name(&devfreq->dev, "%s", dev_name(dev));
+ err = device_register(&devfreq->dev);
+ if (err) {
+ put_device(&devfreq->dev);
@@ -588,7 +588,7 @@ int devfreq_add_governor(struct devfreq_governor *governor)
goto err_out;
}
@@ -34863,6 +35139,28 @@ index 25f91cd..a376f55 100644
++file_priv->ioctl_count;
DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n",
+diff --git a/drivers/gpu/drm/drm_encoder_slave.c b/drivers/gpu/drm/drm_encoder_slave.c
+index 48c52f7..0cfb60f 100644
+--- a/drivers/gpu/drm/drm_encoder_slave.c
++++ b/drivers/gpu/drm/drm_encoder_slave.c
+@@ -54,16 +54,12 @@ int drm_i2c_encoder_init(struct drm_device *dev,
+ struct i2c_adapter *adap,
+ const struct i2c_board_info *info)
+ {
+- char modalias[sizeof(I2C_MODULE_PREFIX)
+- + I2C_NAME_SIZE];
+ struct module *module = NULL;
+ struct i2c_client *client;
+ struct drm_i2c_encoder_driver *encoder_drv;
+ int err = 0;
+
+- snprintf(modalias, sizeof(modalias),
+- "%s%s", I2C_MODULE_PREFIX, info->type);
+- request_module(modalias);
++ request_module("%s%s", I2C_MODULE_PREFIX, info->type);
+
+ client = i2c_new_device(adap, info);
+ if (!client) {
diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
index 429e07d..e681a2c 100644
--- a/drivers/gpu/drm/drm_fops.c
@@ -35141,6 +35439,19 @@ index 7d30802..42c6cbb 100644
drm_put_dev(dev);
}
mutex_unlock(&drm_global_mutex);
+diff --git a/drivers/gpu/drm/drm_sysfs.c b/drivers/gpu/drm/drm_sysfs.c
+index 0229665..f61329c 100644
+--- a/drivers/gpu/drm/drm_sysfs.c
++++ b/drivers/gpu/drm/drm_sysfs.c
+@@ -499,7 +499,7 @@ EXPORT_SYMBOL(drm_sysfs_hotplug_event);
+ int drm_sysfs_device_add(struct drm_minor *minor)
+ {
+ int err;
+- char *minor_str;
++ const char *minor_str;
+
+ minor->kdev.parent = minor->dev->dev;
+
diff --git a/drivers/gpu/drm/i810/i810_dma.c b/drivers/gpu/drm/i810/i810_dma.c
index 004ecdf..db1f6e0 100644
--- a/drivers/gpu/drm/i810/i810_dma.c
@@ -35943,6 +36254,28 @@ index fad6633..4ff94de 100644
} else {
if (rdev->pm.max_bandwidth.full > rdev->pm.k8_bandwidth.full &&
rdev->pm.k8_bandwidth.full)
+diff --git a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c
+index dbc2def..0a9f710 100644
+--- a/drivers/gpu/drm/ttm/ttm_memory.c
++++ b/drivers/gpu/drm/ttm/ttm_memory.c
+@@ -264,7 +264,7 @@ static int ttm_mem_init_kernel_zone(struct ttm_mem_global *glob,
+ zone->glob = glob;
+ glob->zone_kernel = zone;
+ ret = kobject_init_and_add(
+- &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, zone->name);
++ &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, "%s", zone->name);
+ if (unlikely(ret != 0)) {
+ kobject_put(&zone->kobj);
+ return ret;
+@@ -347,7 +347,7 @@ static int ttm_mem_init_dma32_zone(struct ttm_mem_global *glob,
+ zone->glob = glob;
+ glob->zone_dma32 = zone;
+ ret = kobject_init_and_add(
+- &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, zone->name);
++ &zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, "%s", zone->name);
+ if (unlikely(ret != 0)) {
+ kobject_put(&zone->kobj);
+ return ret;
diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c
index bd2a3b4..122d9ad 100644
--- a/drivers/gpu/drm/ttm/ttm_page_alloc.c
@@ -37418,9 +37751,18 @@ index b972d43..8943713 100644
/**
diff --git a/drivers/iommu/irq_remapping.c b/drivers/iommu/irq_remapping.c
-index 7c11ff3..5b2d7a7 100644
+index 7c11ff3..a2a0457 100644
--- a/drivers/iommu/irq_remapping.c
+++ b/drivers/iommu/irq_remapping.c
+@@ -348,7 +348,7 @@ int setup_hpet_msi_remapped(unsigned int irq, unsigned int id)
+ void panic_if_irq_remap(const char *msg)
+ {
+ if (irq_remapping_enabled)
+- panic(msg);
++ panic("%s", msg);
+ }
+
+ static void ir_ack_apic_edge(struct irq_data *data)
@@ -369,10 +369,12 @@ static void ir_print_prefix(struct irq_data *data, struct seq_file *p)
void irq_remap_modify_chip_defaults(struct irq_chip *chip)
@@ -38225,10 +38567,10 @@ index 1cbfc6b..56e1dbb 100644
/*----------------------------------------------------------------*/
diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c
-index 6af167f..40c25a1 100644
+index 7116798..c81390c 100644
--- a/drivers/md/raid1.c
+++ b/drivers/md/raid1.c
-@@ -1826,7 +1826,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
+@@ -1836,7 +1836,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio)
if (r1_sync_page_io(rdev, sect, s,
bio->bi_io_vec[idx].bv_page,
READ) != 0)
@@ -38237,7 +38579,7 @@ index 6af167f..40c25a1 100644
}
sectors -= s;
sect += s;
-@@ -2048,7 +2048,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
+@@ -2058,7 +2058,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk,
test_bit(In_sync, &rdev->flags)) {
if (r1_sync_page_io(rdev, sect, s,
conf->tmppage, READ)) {
@@ -38247,10 +38589,10 @@ index 6af167f..40c25a1 100644
"md/raid1:%s: read error corrected "
"(%d sectors at %llu on %s)\n",
diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c
-index 46c14e5..4db5966 100644
+index e4ea992..d234520 100644
--- a/drivers/md/raid10.c
+++ b/drivers/md/raid10.c
-@@ -1932,7 +1932,7 @@ static void end_sync_read(struct bio *bio, int error)
+@@ -1942,7 +1942,7 @@ static void end_sync_read(struct bio *bio, int error)
/* The write handler will notice the lack of
* R10BIO_Uptodate and record any errors etc
*/
@@ -38259,7 +38601,7 @@ index 46c14e5..4db5966 100644
&conf->mirrors[d].rdev->corrected_errors);
/* for reconstruct, we always reschedule after a read.
-@@ -2281,7 +2281,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -2291,7 +2291,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
{
struct timespec cur_time_mon;
unsigned long hours_since_last;
@@ -38268,7 +38610,7 @@ index 46c14e5..4db5966 100644
ktime_get_ts(&cur_time_mon);
-@@ -2303,9 +2303,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
+@@ -2313,9 +2313,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev)
* overflowing the shift of read_errors by hours_since_last.
*/
if (hours_since_last >= 8 * sizeof(read_errors))
@@ -38280,7 +38622,7 @@ index 46c14e5..4db5966 100644
}
static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector,
-@@ -2359,8 +2359,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2369,8 +2369,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
return;
check_decay_read_errors(mddev, rdev);
@@ -38291,7 +38633,7 @@ index 46c14e5..4db5966 100644
char b[BDEVNAME_SIZE];
bdevname(rdev->bdev, b);
-@@ -2368,7 +2368,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2378,7 +2378,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
"md/raid10:%s: %s: Raid device exceeded "
"read_error threshold [cur %d:max %d]\n",
mdname(mddev), b,
@@ -38300,7 +38642,7 @@ index 46c14e5..4db5966 100644
printk(KERN_NOTICE
"md/raid10:%s: %s: Failing raid device\n",
mdname(mddev), b);
-@@ -2523,7 +2523,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
+@@ -2533,7 +2533,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10
sect +
choose_data_offset(r10_bio, rdev)),
bdevname(rdev->bdev, b));
@@ -38310,7 +38652,7 @@ index 46c14e5..4db5966 100644
rdev_dec_pending(rdev, mddev);
diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c
-index f4e87bf..0d4ad3f 100644
+index 251ab64..ed23a18 100644
--- a/drivers/md/raid5.c
+++ b/drivers/md/raid5.c
@@ -1763,21 +1763,21 @@ static void raid5_end_read_request(struct bio * bi, int error)
@@ -40387,19 +40729,6 @@ index 784e81c..349e01e 100644
struct ath_nf_limits {
s16 max;
-diff --git a/drivers/net/wireless/b43/main.c b/drivers/net/wireless/b43/main.c
-index 64b637a..911c4c0 100644
---- a/drivers/net/wireless/b43/main.c
-+++ b/drivers/net/wireless/b43/main.c
-@@ -2451,7 +2451,7 @@ static void b43_request_firmware(struct work_struct *work)
- for (i = 0; i < B43_NR_FWTYPES; i++) {
- errmsg = ctx->errors[i];
- if (strlen(errmsg))
-- b43err(dev->wl, errmsg);
-+ b43err(dev->wl, "%s", errmsg);
- }
- b43_print_fw_helptext(dev->wl, 1);
- goto out;
diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c
index c353b5f..62aaca2 100644
--- a/drivers/net/wireless/iwlegacy/3945-mac.c
@@ -47528,6 +47857,19 @@ index ff22871..b129bed 100644
info->var.accel_flags = (!noaccel);
+diff --git a/drivers/video/output.c b/drivers/video/output.c
+index 0d6f2cd..6285b97 100644
+--- a/drivers/video/output.c
++++ b/drivers/video/output.c
+@@ -97,7 +97,7 @@ struct output_device *video_output_register(const char *name,
+ new_dev->props = op;
+ new_dev->dev.class = &video_output_class;
+ new_dev->dev.parent = dev;
+- dev_set_name(&new_dev->dev, name);
++ dev_set_name(&new_dev->dev, "%s", name);
+ dev_set_drvdata(&new_dev->dev, devdata);
+ ret_code = device_register(&new_dev->dev);
+ if (ret_code) {
diff --git a/drivers/video/s1d13xxxfb.c b/drivers/video/s1d13xxxfb.c
index 76d9053..dec2bfd 100644
--- a/drivers/video/s1d13xxxfb.c
@@ -51224,6 +51566,19 @@ index f3190ab..84ffb21 100644
trace_ext4_mballoc_discard(sb, NULL, group, bit, pa->pa_len);
return 0;
+diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c
+index b3b1f7d..cff51d5 100644
+--- a/fs/ext4/mmp.c
++++ b/fs/ext4/mmp.c
+@@ -113,7 +113,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh,
+ void __dump_mmp_msg(struct super_block *sb, struct mmp_struct *mmp,
+ const char *function, unsigned int line, const char *msg)
+ {
+- __ext4_warning(sb, function, line, msg);
++ __ext4_warning(sb, function, line, "%s", msg);
+ __ext4_warning(sb, function, line,
+ "MMP failure info: last update time: %llu, last update "
+ "node: %s, last update device: %s\n",
diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
index 3beae6a..8cc5637 100644
--- a/fs/ext4/resize.c
@@ -51264,9 +51619,18 @@ index 3beae6a..8cc5637 100644
else if (input->reserved_blocks > input->blocks_count / 5)
ext4_warning(sb, "Reserved blocks too high (%u)",
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index febbe0e..782c4fd 100644
+index febbe0e..d0cdc02 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
+@@ -1238,7 +1238,7 @@ static ext4_fsblk_t get_sb_block(void **data)
+ }
+
+ #define DEFAULT_JOURNAL_IOPRIO (IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 3))
+-static char deprecated_msg[] = "Mount option \"%s\" will be removed by %s\n"
++static const char deprecated_msg[] = "Mount option \"%s\" will be removed by %s\n"
+ "Contact linux-ext4@vger.kernel.org if you think we should keep it.\n";
+
+ #ifdef CONFIG_QUOTA
@@ -2380,7 +2380,7 @@ struct ext4_attr {
ssize_t (*store)(struct ext4_attr *, struct ext4_sb_info *,
const char *, size_t);
@@ -53103,6 +53467,19 @@ index 9760ecb..9b838ef 100644
memcpy(c->data, &cookie, 4);
c->len=4;
+diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c
+index a2aa97d..10d6c41 100644
+--- a/fs/lockd/svc.c
++++ b/fs/lockd/svc.c
+@@ -305,7 +305,7 @@ static int lockd_start_svc(struct svc_serv *serv)
+ svc_sock_update_bufs(serv);
+ serv->sv_maxconn = nlm_max_connections;
+
+- nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, serv->sv_name);
++ nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, "%s", serv->sv_name);
+ if (IS_ERR(nlmsvc_task)) {
+ error = PTR_ERR(nlmsvc_task);
+ printk(KERN_WARNING
diff --git a/fs/locks.c b/fs/locks.c
index cb424a4..850e4dd 100644
--- a/fs/locks.c
@@ -53803,6 +54180,30 @@ index e945b81..fc018e2 100644
return -EINVAL;
get_mnt_ns(mnt_ns);
+diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c
+index 5088b57..eabd719 100644
+--- a/fs/nfs/callback.c
++++ b/fs/nfs/callback.c
+@@ -208,7 +208,6 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt,
+ struct svc_rqst *rqstp;
+ int (*callback_svc)(void *vrqstp);
+ struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion];
+- char svc_name[12];
+ int ret;
+
+ nfs_callback_bc_serv(minorversion, xprt, serv);
+@@ -232,10 +231,9 @@ static int nfs_callback_start_svc(int minorversion, struct rpc_xprt *xprt,
+
+ svc_sock_update_bufs(serv);
+
+- sprintf(svc_name, "nfsv4.%u-svc", minorversion);
+ cb_info->serv = serv;
+ cb_info->rqst = rqstp;
+- cb_info->task = kthread_run(callback_svc, cb_info->rqst, svc_name);
++ cb_info->task = kthread_run(callback_svc, cb_info->rqst, "nfsv4.%u-svc", minorversion);
+ if (IS_ERR(cb_info->task)) {
+ ret = PTR_ERR(cb_info->task);
+ svc_exit_thread(cb_info->rqst);
diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c
index 59461c9..b17c57e 100644
--- a/fs/nfs/callback_xdr.c
@@ -53840,6 +54241,19 @@ index 1f94167..79c4ce4 100644
}
void nfs_fattr_init(struct nfs_fattr *fattr)
+diff --git a/fs/nfs/nfs4state.c b/fs/nfs/nfs4state.c
+index d41a351..7899577 100644
+--- a/fs/nfs/nfs4state.c
++++ b/fs/nfs/nfs4state.c
+@@ -1182,7 +1182,7 @@ void nfs4_schedule_state_manager(struct nfs_client *clp)
+ snprintf(buf, sizeof(buf), "%s-manager",
+ rpc_peeraddr2str(clp->cl_rpcclient, RPC_DISPLAY_ADDR));
+ rcu_read_unlock();
+- task = kthread_run(nfs4_run_state_manager, clp, buf);
++ task = kthread_run(nfs4_run_state_manager, clp, "%s", buf);
+ if (IS_ERR(task)) {
+ printk(KERN_ERR "%s: kthread_run: %ld\n",
+ __func__, PTR_ERR(task));
diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c
index d401d01..10b3e62 100644
--- a/fs/nfsd/nfs4proc.c
@@ -53885,10 +54299,10 @@ index 6eb0dc5..29067a9 100644
};
diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c
-index ca05f6d..411a576 100644
+index ca05f6d..b88c3a7 100644
--- a/fs/nfsd/nfscache.c
+++ b/fs/nfsd/nfscache.c
-@@ -461,13 +461,15 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
+@@ -461,13 +461,16 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
{
struct svc_cacherep *rp = rqstp->rq_cacherep;
struct kvec *resv = &rqstp->rq_res.head[0], *cachv;
@@ -53901,7 +54315,8 @@ index ca05f6d..411a576 100644
- len = resv->iov_len - ((char*)statp - (char*)resv->iov_base);
- len >>= 2;
+ if (statp) {
-+ len = resv->iov_len - ((char*)statp - (char*)resv->iov_base);
++ len = (char*)statp - (char*)resv->iov_base;
++ len = resv->iov_len - len;
+ len >>= 2;
+ }
@@ -67692,7 +68107,7 @@ index 34025df..d94bbbc 100644
/*
* Users often need to create attribute structures for their configurable
diff --git a/include/linux/cpu.h b/include/linux/cpu.h
-index ce7a074..01ab8ac 100644
+index 714e792..e6130d9 100644
--- a/include/linux/cpu.h
+++ b/include/linux/cpu.h
@@ -115,7 +115,7 @@ enum {
@@ -72140,7 +72555,7 @@ index 6f8fbcf..8259001 100644
+ MODULE_GRSEC
diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h
-index 6071e91..ca6a489 100644
+index 6071e91..4c73b47 100644
--- a/include/linux/vmalloc.h
+++ b/include/linux/vmalloc.h
@@ -14,6 +14,11 @@ struct vm_area_struct; /* vma defining user mapping in mm_types.h */
@@ -72148,7 +72563,7 @@ index 6071e91..ca6a489 100644
#define VM_VPAGES 0x00000010 /* buffer for pages was vmalloc'ed */
#define VM_UNLIST 0x00000020 /* vm_struct is not listed in vmlist */
+
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
+#define VM_KERNEXEC 0x00000040 /* allocate from executable kernel memory range */
+#endif
+
@@ -73657,7 +74072,7 @@ index ba0a7f36..2bcf1d5 100644
{ INIT_THREAD_INFO(init_task) };
+#endif
diff --git a/init/initramfs.c b/init/initramfs.c
-index a67ef9d..3d88592 100644
+index a67ef9d..2d17ed9 100644
--- a/init/initramfs.c
+++ b/init/initramfs.c
@@ -84,7 +84,7 @@ static void __init free_hash(void)
@@ -73768,6 +74183,15 @@ index a67ef9d..3d88592 100644
state = SkipIt;
next_state = Reset;
return 0;
+@@ -583,7 +583,7 @@ static int __init populate_rootfs(void)
+ {
+ char *err = unpack_to_rootfs(__initramfs_start, __initramfs_size);
+ if (err)
+- panic(err); /* Failed to decompress INTERNAL initramfs */
++ panic("%s", err); /* Failed to decompress INTERNAL initramfs */
+ if (initrd_start) {
+ #ifdef CONFIG_BLK_DEV_RAM
+ int fd;
diff --git a/init/main.c b/init/main.c
index 63534a1..85feae2 100644
--- a/init/main.c
@@ -74184,7 +74608,7 @@ index b9bd7f0..1762b4a 100644
current->signal->rlim[RLIMIT_FSIZE].rlim_cur = flim;
set_fs(fs);
diff --git a/kernel/audit.c b/kernel/audit.c
-index d596e53..dbef3c3 100644
+index 8a667f10..7375e3f 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -116,7 +116,7 @@ u32 audit_sig_sid = 0;
@@ -77131,37 +77555,10 @@ index 98088e0..aaf95c0 100644
if (pm_wakeup_pending()) {
diff --git a/kernel/printk.c b/kernel/printk.c
-index abbdd9e..f294251 100644
+index 0e4eba6a..d58ebf0 100644
--- a/kernel/printk.c
+++ b/kernel/printk.c
-@@ -615,11 +615,17 @@ static unsigned int devkmsg_poll(struct file *file, poll_table *wait)
- return ret;
- }
-
-+static int check_syslog_permissions(int type, bool from_file);
-+
- static int devkmsg_open(struct inode *inode, struct file *file)
- {
- struct devkmsg_user *user;
- int err;
-
-+ err = check_syslog_permissions(SYSLOG_ACTION_OPEN, SYSLOG_FROM_FILE);
-+ if (err)
-+ return err;
-+
- /* write-only does not need any file context */
- if ((file->f_flags & O_ACCMODE) == O_WRONLY)
- return 0;
-@@ -828,7 +834,7 @@ static int syslog_action_restricted(int type)
- if (dmesg_restrict)
- return 1;
- /* Unless restricted, we allow "read all" and "get buffer size" for everybody */
-- return type != SYSLOG_ACTION_READ_ALL && type != SYSLOG_ACTION_SIZE_BUFFER;
-+ return type != SYSLOG_ACTION_OPEN && type != SYSLOG_ACTION_READ_ALL && type != SYSLOG_ACTION_SIZE_BUFFER;
- }
-
- static int check_syslog_permissions(int type, bool from_file)
-@@ -840,6 +846,11 @@ static int check_syslog_permissions(int type, bool from_file)
+@@ -395,6 +395,11 @@ static int check_syslog_permissions(int type, bool from_file)
if (from_file && type != SYSLOG_ACTION_OPEN)
return 0;
@@ -77549,7 +77946,7 @@ index e1f3a8c..42c94a2 100644
for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) {
per_cpu(rcu_torture_count, cpu)[i] = 0;
diff --git a/kernel/rcutree.c b/kernel/rcutree.c
-index 5b8ad82..17274d1 100644
+index 5b8ad82..59e1f64 100644
--- a/kernel/rcutree.c
+++ b/kernel/rcutree.c
@@ -353,9 +353,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval,
@@ -77803,6 +78200,15 @@ index 5b8ad82..17274d1 100644
rcu_prepare_for_idle_init(cpu);
raw_spin_unlock(&rnp->lock); /* irqs remain disabled. */
+@@ -2964,7 +2964,7 @@ static int __init rcu_spawn_gp_kthread(void)
+ struct task_struct *t;
+
+ for_each_rcu_flavor(rsp) {
+- t = kthread_run(rcu_gp_kthread, rsp, rsp->name);
++ t = kthread_run(rcu_gp_kthread, rsp, "%s", rsp->name);
+ BUG_ON(IS_ERR(t));
+ rnp = rcu_get_root(rsp);
+ raw_spin_lock_irqsave(&rnp->lock, flags);
diff --git a/kernel/rcutree.h b/kernel/rcutree.h
index c896b50..c357252 100644
--- a/kernel/rcutree.h
@@ -78571,7 +78977,7 @@ index 01d5ccb..cdcbee6 100644
return idx;
}
diff --git a/kernel/sys.c b/kernel/sys.c
-index 0da73cf..5c2af3c 100644
+index e5f0aca..8d58b1f 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -158,6 +158,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error)
@@ -78587,7 +78993,7 @@ index 0da73cf..5c2af3c 100644
no_nice = security_task_setnice(p, niceval);
if (no_nice) {
error = no_nice;
-@@ -598,6 +604,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
+@@ -621,6 +627,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid)
goto error;
}
@@ -78597,7 +79003,7 @@ index 0da73cf..5c2af3c 100644
if (rgid != (gid_t) -1 ||
(egid != (gid_t) -1 && !gid_eq(kegid, old->gid)))
new->sgid = new->egid;
-@@ -633,6 +642,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
+@@ -656,6 +665,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid)
old = current_cred();
retval = -EPERM;
@@ -78608,7 +79014,7 @@ index 0da73cf..5c2af3c 100644
if (nsown_capable(CAP_SETGID))
new->gid = new->egid = new->sgid = new->fsgid = kgid;
else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid))
-@@ -650,7 +663,7 @@ error:
+@@ -673,7 +686,7 @@ error:
/*
* change the user struct in a credentials set to match the new UID
*/
@@ -78617,7 +79023,7 @@ index 0da73cf..5c2af3c 100644
{
struct user_struct *new_user;
-@@ -730,6 +743,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
+@@ -753,6 +766,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid)
goto error;
}
@@ -78627,7 +79033,7 @@ index 0da73cf..5c2af3c 100644
if (!uid_eq(new->uid, old->uid)) {
retval = set_user(new);
if (retval < 0)
-@@ -780,6 +796,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
+@@ -803,6 +819,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid)
old = current_cred();
retval = -EPERM;
@@ -78640,7 +79046,7 @@ index 0da73cf..5c2af3c 100644
if (nsown_capable(CAP_SETUID)) {
new->suid = new->uid = kuid;
if (!uid_eq(kuid, old->uid)) {
-@@ -849,6 +871,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
+@@ -872,6 +894,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid)
goto error;
}
@@ -78650,7 +79056,7 @@ index 0da73cf..5c2af3c 100644
if (ruid != (uid_t) -1) {
new->uid = kruid;
if (!uid_eq(kruid, old->uid)) {
-@@ -931,6 +956,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
+@@ -954,6 +979,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid)
goto error;
}
@@ -78660,7 +79066,7 @@ index 0da73cf..5c2af3c 100644
if (rgid != (gid_t) -1)
new->gid = krgid;
if (egid != (gid_t) -1)
-@@ -992,12 +1020,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
+@@ -1015,12 +1043,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid)
uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) ||
nsown_capable(CAP_SETUID)) {
if (!uid_eq(kuid, old->fsuid)) {
@@ -78677,7 +79083,7 @@ index 0da73cf..5c2af3c 100644
abort_creds(new);
return old_fsuid;
-@@ -1030,12 +1062,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
+@@ -1053,12 +1085,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid)
if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) ||
gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) ||
nsown_capable(CAP_SETGID)) {
@@ -78694,7 +79100,7 @@ index 0da73cf..5c2af3c 100644
abort_creds(new);
return old_fsgid;
-@@ -1343,19 +1379,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
+@@ -1366,19 +1402,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name)
return -EFAULT;
down_read(&uts_sem);
@@ -78719,7 +79125,7 @@ index 0da73cf..5c2af3c 100644
__OLD_UTS_LEN);
error |= __put_user(0, name->machine + __OLD_UTS_LEN);
up_read(&uts_sem);
-@@ -1557,6 +1593,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource,
+@@ -1580,6 +1616,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource,
*/
new_rlim->rlim_cur = 1;
}
@@ -80094,9 +80500,18 @@ index bd2bea9..6b3c95e 100644
return false;
diff --git a/lib/kobject.c b/lib/kobject.c
-index a654866..a4fd13d 100644
+index a654866..d8bb115 100644
--- a/lib/kobject.c
+++ b/lib/kobject.c
+@@ -805,7 +805,7 @@ static struct kset *kset_create(const char *name,
+ kset = kzalloc(sizeof(*kset), GFP_KERNEL);
+ if (!kset)
+ return NULL;
+- retval = kobject_set_name(&kset->kobj, name);
++ retval = kobject_set_name(&kset->kobj, "%s", name);
+ if (retval) {
+ kfree(kset);
+ return NULL;
@@ -859,9 +859,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add);
@@ -80489,6 +80904,28 @@ index 3bea74f..e821c99 100644
select PROC_PAGE_MONITOR
config NOMMU_INITIAL_TRIM_EXCESS
+diff --git a/mm/backing-dev.c b/mm/backing-dev.c
+index 41733c5..d80d7a9 100644
+--- a/mm/backing-dev.c
++++ b/mm/backing-dev.c
+@@ -716,7 +716,6 @@ EXPORT_SYMBOL(bdi_destroy);
+ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name,
+ unsigned int cap)
+ {
+- char tmp[32];
+ int err;
+
+ bdi->name = name;
+@@ -725,8 +724,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name,
+ if (err)
+ return err;
+
+- sprintf(tmp, "%.28s%s", name, "-%d");
+- err = bdi_register(bdi, NULL, tmp, atomic_long_inc_return(&bdi_seq));
++ err = bdi_register(bdi, NULL, "%.28s-%ld", name, atomic_long_inc_return(&bdi_seq));
+ if (err) {
+ bdi_destroy(bdi);
+ return err;
diff --git a/mm/filemap.c b/mm/filemap.c
index e1979fd..dda5120 100644
--- a/mm/filemap.c
@@ -80555,7 +80992,7 @@ index b32b70c..e512eb0 100644
set_page_address(page, (void *)vaddr);
diff --git a/mm/hugetlb.c b/mm/hugetlb.c
-index 1a12f5b..a85b8fc 100644
+index ce4cb19..93899ef 100644
--- a/mm/hugetlb.c
+++ b/mm/hugetlb.c
@@ -2005,15 +2005,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy,
@@ -81722,10 +82159,10 @@ index 7431001..0f8344e 100644
capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE);
diff --git a/mm/migrate.c b/mm/migrate.c
-index 22ed5c1..87c424c 100644
+index c04d9af..0b41805 100644
--- a/mm/migrate.c
+++ b/mm/migrate.c
-@@ -1382,8 +1382,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
+@@ -1395,8 +1395,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages,
*/
tcred = __task_cred(task);
if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) &&
@@ -83456,7 +83893,7 @@ index efe6814..64b4701 100644
.next = NULL,
};
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
-index 8fcced7..ebcd481 100644
+index 0d4fef2..8870335 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -59,6 +59,7 @@
@@ -84423,7 +84860,7 @@ index eeed4a0..6ee34ec 100644
EXPORT_SYMBOL(kmem_cache_free);
diff --git a/mm/slub.c b/mm/slub.c
-index 4aec537..a64753d 100644
+index 4aec537..8043df1 100644
--- a/mm/slub.c
+++ b/mm/slub.c
@@ -197,7 +197,7 @@ struct track {
@@ -84667,6 +85104,15 @@ index 4aec537..a64753d 100644
static int sysfs_slab_add(struct kmem_cache *s)
{
int err;
+@@ -5289,7 +5371,7 @@ static int sysfs_slab_add(struct kmem_cache *s)
+ }
+
+ s->kobj.kset = slab_kset;
+- err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, name);
++ err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, "%s", name);
+ if (err) {
+ kobject_put(&s->kobj);
+ return err;
@@ -5323,6 +5405,7 @@ static void sysfs_slab_remove(struct kmem_cache *s)
kobject_del(&s->kobj);
kobject_put(&s->kobj);
@@ -84816,7 +85262,7 @@ index ab1424d..7c5bd5a 100644
mm->unmap_area = arch_unmap_area;
}
diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index 0f751f2..ef398a0 100644
+index 0f751f2..2bc3bd1 100644
--- a/mm/vmalloc.c
+++ b/mm/vmalloc.c
@@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
@@ -84826,7 +85272,7 @@ index 0f751f2..ef398a0 100644
- pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte);
- WARN_ON(!pte_none(ptent) && !pte_present(ptent));
+
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
+ if ((unsigned long)MODULES_EXEC_VADDR <= addr && addr < (unsigned long)MODULES_EXEC_END) {
+ BUG_ON(!pte_exec(*pte));
+ set_pte_at(&init_mm, addr, pte, pfn_pte(__pa(addr) >> PAGE_SHIFT, PAGE_KERNEL_EXEC));
@@ -84851,7 +85297,7 @@ index 0f751f2..ef398a0 100644
struct page *page = pages[*nr];
- if (WARN_ON(!pte_none(*pte)))
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
+ if (pgprot_val(prot) & _PAGE_NX)
+#endif
+
@@ -84891,14 +85337,7 @@ index 0f751f2..ef398a0 100644
if (!pud)
return -ENOMEM;
do {
-@@ -191,11 +215,20 @@ int is_vmalloc_or_module_addr(const void *x)
- * and fall back on vmalloc() if that fails. Others
- * just put it in the vmalloc space.
- */
--#if defined(CONFIG_MODULES) && defined(MODULES_VADDR)
-+#ifdef CONFIG_MODULES
-+#ifdef MODULES_VADDR
- unsigned long addr = (unsigned long)x;
+@@ -196,6 +220,12 @@ int is_vmalloc_or_module_addr(const void *x)
if (addr >= MODULES_VADDR && addr < MODULES_END)
return 1;
#endif
@@ -84908,12 +85347,10 @@ index 0f751f2..ef398a0 100644
+ return 1;
+#endif
+
-+#endif
-+
return is_vmalloc_addr(x);
}
-@@ -216,8 +249,14 @@ struct page *vmalloc_to_page(const void *vmalloc_addr)
+@@ -216,8 +246,14 @@ struct page *vmalloc_to_page(const void *vmalloc_addr)
if (!pgd_none(*pgd)) {
pud_t *pud = pud_offset(pgd, addr);
@@ -84928,7 +85365,7 @@ index 0f751f2..ef398a0 100644
if (!pmd_none(*pmd)) {
pte_t *ptep, pte;
-@@ -329,7 +368,7 @@ static void purge_vmap_area_lazy(void);
+@@ -329,7 +365,7 @@ static void purge_vmap_area_lazy(void);
* Allocate a region of KVA of the specified size and alignment, within the
* vstart and vend.
*/
@@ -84937,12 +85374,12 @@ index 0f751f2..ef398a0 100644
unsigned long align,
unsigned long vstart, unsigned long vend,
int node, gfp_t gfp_mask)
-@@ -1328,6 +1367,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
+@@ -1328,6 +1364,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
struct vm_struct *area;
BUG_ON(in_interrupt());
+
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
+ if (flags & VM_KERNEXEC) {
+ if (start != VMALLOC_START || end != VMALLOC_END)
+ return NULL;
@@ -84954,11 +85391,11 @@ index 0f751f2..ef398a0 100644
if (flags & VM_IOREMAP) {
int bit = fls(size);
-@@ -1569,6 +1618,11 @@ void *vmap(struct page **pages, unsigned int count,
+@@ -1569,6 +1615,11 @@ void *vmap(struct page **pages, unsigned int count,
if (count > totalram_pages)
return NULL;
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
+ if (!(pgprot_val(prot) & _PAGE_NX))
+ flags |= VM_KERNEXEC;
+#endif
@@ -84966,11 +85403,11 @@ index 0f751f2..ef398a0 100644
area = get_vm_area_caller((count << PAGE_SHIFT), flags,
__builtin_return_address(0));
if (!area)
-@@ -1670,6 +1724,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
+@@ -1670,6 +1721,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
if (!size || (size >> PAGE_SHIFT) > totalram_pages)
goto fail;
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
+ if (!(pgprot_val(prot) & _PAGE_NX))
+ area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST | VM_KERNEXEC,
+ VMALLOC_START, VMALLOC_END, node, gfp_mask, caller);
@@ -84980,7 +85417,7 @@ index 0f751f2..ef398a0 100644
area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST,
start, end, node, gfp_mask, caller);
if (!area)
-@@ -1845,10 +1906,9 @@ EXPORT_SYMBOL(vzalloc_node);
+@@ -1845,10 +1903,9 @@ EXPORT_SYMBOL(vzalloc_node);
* For tight control over page level allocator and protection flags
* use __vmalloc() instead.
*/
@@ -84992,7 +85429,7 @@ index 0f751f2..ef398a0 100644
NUMA_NO_NODE, __builtin_return_address(0));
}
-@@ -2139,6 +2199,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
+@@ -2139,6 +2196,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
unsigned long uaddr = vma->vm_start;
unsigned long usize = vma->vm_end - vma->vm_start;
@@ -85001,7 +85438,7 @@ index 0f751f2..ef398a0 100644
if ((PAGE_SIZE-1) & (unsigned long)addr)
return -EINVAL;
-@@ -2578,7 +2640,11 @@ static int s_show(struct seq_file *m, void *p)
+@@ -2578,7 +2637,11 @@ static int s_show(struct seq_file *m, void *p)
v->addr, v->addr + v->size, v->size);
if (v->caller)
@@ -85388,6 +85825,31 @@ index 50e079f..49ce2d2 100644
frag1->seqno = htons(seqno - 1);
frag2->seqno = htons(seqno);
+diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c
+index b88605f..958e3e2 100644
+--- a/net/bluetooth/hci_core.c
++++ b/net/bluetooth/hci_core.c
+@@ -1793,16 +1793,16 @@ int hci_register_dev(struct hci_dev *hdev)
+ list_add(&hdev->list, &hci_dev_list);
+ write_unlock(&hci_dev_list_lock);
+
+- hdev->workqueue = alloc_workqueue(hdev->name, WQ_HIGHPRI | WQ_UNBOUND |
+- WQ_MEM_RECLAIM, 1);
++ hdev->workqueue = alloc_workqueue("%s", WQ_HIGHPRI | WQ_UNBOUND |
++ WQ_MEM_RECLAIM, 1, hdev->name);
+ if (!hdev->workqueue) {
+ error = -ENOMEM;
+ goto err;
+ }
+
+- hdev->req_workqueue = alloc_workqueue(hdev->name,
++ hdev->req_workqueue = alloc_workqueue("%s",
+ WQ_HIGHPRI | WQ_UNBOUND |
+- WQ_MEM_RECLAIM, 1);
++ WQ_MEM_RECLAIM, 1, hdev->name);
+ if (!hdev->req_workqueue) {
+ destroy_workqueue(hdev->workqueue);
+ error = -ENOMEM;
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 6a93614..1415549 100644
--- a/net/bluetooth/hci_sock.c
@@ -85402,7 +85864,7 @@ index 6a93614..1415549 100644
err = -EFAULT;
break;
diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c
-index 7c7e932..8d23158 100644
+index c5f9cd6..8d23158 100644
--- a/net/bluetooth/l2cap_core.c
+++ b/net/bluetooth/l2cap_core.c
@@ -3395,8 +3395,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len,
@@ -85418,223 +85880,6 @@ index 7c7e932..8d23158 100644
if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
rfc.mode != chan->mode)
-@@ -3568,10 +3570,14 @@ static void l2cap_conf_rfc_get(struct l2cap_chan *chan, void *rsp, int len)
- }
-
- static inline int l2cap_command_rej(struct l2cap_conn *conn,
-- struct l2cap_cmd_hdr *cmd, u8 *data)
-+ struct l2cap_cmd_hdr *cmd, u16 cmd_len,
-+ u8 *data)
- {
- struct l2cap_cmd_rej_unk *rej = (struct l2cap_cmd_rej_unk *) data;
-
-+ if (cmd_len < sizeof(*rej))
-+ return -EPROTO;
-+
- if (rej->reason != L2CAP_REJ_NOT_UNDERSTOOD)
- return 0;
-
-@@ -3720,11 +3726,14 @@ sendresp:
- }
-
- static int l2cap_connect_req(struct l2cap_conn *conn,
-- struct l2cap_cmd_hdr *cmd, u8 *data)
-+ struct l2cap_cmd_hdr *cmd, u16 cmd_len, u8 *data)
- {
- struct hci_dev *hdev = conn->hcon->hdev;
- struct hci_conn *hcon = conn->hcon;
-
-+ if (cmd_len < sizeof(struct l2cap_conn_req))
-+ return -EPROTO;
-+
- hci_dev_lock(hdev);
- if (test_bit(HCI_MGMT, &hdev->dev_flags) &&
- !test_and_set_bit(HCI_CONN_MGMT_CONNECTED, &hcon->flags))
-@@ -3738,7 +3747,8 @@ static int l2cap_connect_req(struct l2cap_conn *conn,
- }
-
- static int l2cap_connect_create_rsp(struct l2cap_conn *conn,
-- struct l2cap_cmd_hdr *cmd, u8 *data)
-+ struct l2cap_cmd_hdr *cmd, u16 cmd_len,
-+ u8 *data)
- {
- struct l2cap_conn_rsp *rsp = (struct l2cap_conn_rsp *) data;
- u16 scid, dcid, result, status;
-@@ -3746,6 +3756,9 @@ static int l2cap_connect_create_rsp(struct l2cap_conn *conn,
- u8 req[128];
- int err;
-
-+ if (cmd_len < sizeof(*rsp))
-+ return -EPROTO;
-+
- scid = __le16_to_cpu(rsp->scid);
- dcid = __le16_to_cpu(rsp->dcid);
- result = __le16_to_cpu(rsp->result);
-@@ -3843,6 +3856,9 @@ static inline int l2cap_config_req(struct l2cap_conn *conn,
- struct l2cap_chan *chan;
- int len, err = 0;
-
-+ if (cmd_len < sizeof(*req))
-+ return -EPROTO;
-+
- dcid = __le16_to_cpu(req->dcid);
- flags = __le16_to_cpu(req->flags);
-
-@@ -3866,7 +3882,7 @@ static inline int l2cap_config_req(struct l2cap_conn *conn,
-
- /* Reject if config buffer is too small. */
- len = cmd_len - sizeof(*req);
-- if (len < 0 || chan->conf_len + len > sizeof(chan->conf_req)) {
-+ if (chan->conf_len + len > sizeof(chan->conf_req)) {
- l2cap_send_cmd(conn, cmd->ident, L2CAP_CONF_RSP,
- l2cap_build_conf_rsp(chan, rsp,
- L2CAP_CONF_REJECT, flags), rsp);
-@@ -3944,14 +3960,18 @@ unlock:
- }
-
- static inline int l2cap_config_rsp(struct l2cap_conn *conn,
-- struct l2cap_cmd_hdr *cmd, u8 *data)
-+ struct l2cap_cmd_hdr *cmd, u16 cmd_len,
-+ u8 *data)
- {
- struct l2cap_conf_rsp *rsp = (struct l2cap_conf_rsp *)data;
- u16 scid, flags, result;
- struct l2cap_chan *chan;
-- int len = le16_to_cpu(cmd->len) - sizeof(*rsp);
-+ int len = cmd_len - sizeof(*rsp);
- int err = 0;
-
-+ if (cmd_len < sizeof(*rsp))
-+ return -EPROTO;
-+
- scid = __le16_to_cpu(rsp->scid);
- flags = __le16_to_cpu(rsp->flags);
- result = __le16_to_cpu(rsp->result);
-@@ -4052,7 +4072,8 @@ done:
- }
-
- static inline int l2cap_disconnect_req(struct l2cap_conn *conn,
-- struct l2cap_cmd_hdr *cmd, u8 *data)
-+ struct l2cap_cmd_hdr *cmd, u16 cmd_len,
-+ u8 *data)
- {
- struct l2cap_disconn_req *req = (struct l2cap_disconn_req *) data;
- struct l2cap_disconn_rsp rsp;
-@@ -4060,6 +4081,9 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn,
- struct l2cap_chan *chan;
- struct sock *sk;
-
-+ if (cmd_len != sizeof(*req))
-+ return -EPROTO;
-+
- scid = __le16_to_cpu(req->scid);
- dcid = __le16_to_cpu(req->dcid);
-
-@@ -4099,12 +4123,16 @@ static inline int l2cap_disconnect_req(struct l2cap_conn *conn,
- }
-
- static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn,
-- struct l2cap_cmd_hdr *cmd, u8 *data)
-+ struct l2cap_cmd_hdr *cmd, u16 cmd_len,
-+ u8 *data)
- {
- struct l2cap_disconn_rsp *rsp = (struct l2cap_disconn_rsp *) data;
- u16 dcid, scid;
- struct l2cap_chan *chan;
-
-+ if (cmd_len != sizeof(*rsp))
-+ return -EPROTO;
-+
- scid = __le16_to_cpu(rsp->scid);
- dcid = __le16_to_cpu(rsp->dcid);
-
-@@ -4134,11 +4162,15 @@ static inline int l2cap_disconnect_rsp(struct l2cap_conn *conn,
- }
-
- static inline int l2cap_information_req(struct l2cap_conn *conn,
-- struct l2cap_cmd_hdr *cmd, u8 *data)
-+ struct l2cap_cmd_hdr *cmd, u16 cmd_len,
-+ u8 *data)
- {
- struct l2cap_info_req *req = (struct l2cap_info_req *) data;
- u16 type;
-
-+ if (cmd_len != sizeof(*req))
-+ return -EPROTO;
-+
- type = __le16_to_cpu(req->type);
-
- BT_DBG("type 0x%4.4x", type);
-@@ -4185,11 +4217,15 @@ static inline int l2cap_information_req(struct l2cap_conn *conn,
- }
-
- static inline int l2cap_information_rsp(struct l2cap_conn *conn,
-- struct l2cap_cmd_hdr *cmd, u8 *data)
-+ struct l2cap_cmd_hdr *cmd, u16 cmd_len,
-+ u8 *data)
- {
- struct l2cap_info_rsp *rsp = (struct l2cap_info_rsp *) data;
- u16 type, result;
-
-+ if (cmd_len != sizeof(*rsp))
-+ return -EPROTO;
-+
- type = __le16_to_cpu(rsp->type);
- result = __le16_to_cpu(rsp->result);
-
-@@ -5055,16 +5091,16 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
-
- switch (cmd->code) {
- case L2CAP_COMMAND_REJ:
-- l2cap_command_rej(conn, cmd, data);
-+ l2cap_command_rej(conn, cmd, cmd_len, data);
- break;
-
- case L2CAP_CONN_REQ:
-- err = l2cap_connect_req(conn, cmd, data);
-+ err = l2cap_connect_req(conn, cmd, cmd_len, data);
- break;
-
- case L2CAP_CONN_RSP:
- case L2CAP_CREATE_CHAN_RSP:
-- err = l2cap_connect_create_rsp(conn, cmd, data);
-+ err = l2cap_connect_create_rsp(conn, cmd, cmd_len, data);
- break;
-
- case L2CAP_CONF_REQ:
-@@ -5072,15 +5108,15 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
- break;
-
- case L2CAP_CONF_RSP:
-- err = l2cap_config_rsp(conn, cmd, data);
-+ err = l2cap_config_rsp(conn, cmd, cmd_len, data);
- break;
-
- case L2CAP_DISCONN_REQ:
-- err = l2cap_disconnect_req(conn, cmd, data);
-+ err = l2cap_disconnect_req(conn, cmd, cmd_len, data);
- break;
-
- case L2CAP_DISCONN_RSP:
-- err = l2cap_disconnect_rsp(conn, cmd, data);
-+ err = l2cap_disconnect_rsp(conn, cmd, cmd_len, data);
- break;
-
- case L2CAP_ECHO_REQ:
-@@ -5091,11 +5127,11 @@ static inline int l2cap_bredr_sig_cmd(struct l2cap_conn *conn,
- break;
-
- case L2CAP_INFO_REQ:
-- err = l2cap_information_req(conn, cmd, data);
-+ err = l2cap_information_req(conn, cmd, cmd_len, data);
- break;
-
- case L2CAP_INFO_RSP:
-- err = l2cap_information_rsp(conn, cmd, data);
-+ err = l2cap_information_rsp(conn, cmd, cmd_len, data);
- break;
-
- case L2CAP_CREATE_CHAN_REQ:
diff --git a/net/bluetooth/l2cap_sock.c b/net/bluetooth/l2cap_sock.c
index 1bcfb84..dad9f98 100644
--- a/net/bluetooth/l2cap_sock.c
@@ -89030,6 +89275,28 @@ index 58ab405..50eb8d3 100644
unsigned int users)
{
if (users > 0)
+diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c
+index ba65b20..2a4d937 100644
+--- a/net/netfilter/nf_conntrack_proto_dccp.c
++++ b/net/netfilter/nf_conntrack_proto_dccp.c
+@@ -456,7 +456,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
+
+ out_invalid:
+ if (LOG_INVALID(net, IPPROTO_DCCP))
+- nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, msg);
++ nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, "%s", msg);
+ return false;
+ }
+
+@@ -613,7 +613,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl,
+
+ out_invalid:
+ if (LOG_INVALID(net, IPPROTO_DCCP))
+- nf_log_packet(pf, 0, skb, NULL, NULL, NULL, msg);
++ nf_log_packet(pf, 0, skb, NULL, NULL, NULL, "%s", msg);
+ return -NF_ACCEPT;
+ }
+
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index fedee39..d62a93d 100644
--- a/net/netfilter/nf_conntrack_standalone.c
@@ -90576,9 +90843,18 @@ index 5356b12..c0f4c29 100644
#else
static inline void rpc_task_set_debuginfo(struct rpc_task *task)
diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
-index 89a588b..ba2cef8 100644
+index 89a588b..678ed90 100644
--- a/net/sunrpc/svc.c
+++ b/net/sunrpc/svc.c
+@@ -740,7 +740,7 @@ svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
+
+ __module_get(serv->sv_module);
+ task = kthread_create_on_node(serv->sv_function, rqstp,
+- node, serv->sv_name);
++ node, "%s", serv->sv_name);
+ if (IS_ERR(task)) {
+ error = PTR_ERR(task);
+ module_put(serv->sv_module);
@@ -1160,7 +1160,9 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv)
svc_putnl(resv, RPC_SUCCESS);
@@ -91681,10 +91957,10 @@ index f5eb43d..1814de8 100644
shdr = (Elf_Shdr *)((char *)ehdr + _r(&ehdr->e_shoff));
shstrtab_sec = shdr + r2(&ehdr->e_shstrndx);
diff --git a/security/Kconfig b/security/Kconfig
-index e9c6ac7..e6254cf 100644
+index e9c6ac7..66bf8e9 100644
--- a/security/Kconfig
+++ b/security/Kconfig
-@@ -4,6 +4,944 @@
+@@ -4,6 +4,945 @@
menu "Security options"
@@ -92309,15 +92585,16 @@ index e9c6ac7..e6254cf 100644
+ int "Minimum amount of memory reserved for module code"
+ default "4" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER)
+ default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP)
-+ depends on PAX_KERNEXEC && X86_32 && MODULES
++ depends on PAX_KERNEXEC && X86_32
+ help
+ Due to implementation details the kernel must reserve a fixed
-+ amount of memory for module code at compile time that cannot be
-+ changed at runtime. Here you can specify the minimum amount
-+ in MB that will be reserved. Due to the same implementation
-+ details this size will always be rounded up to the next 2/4 MB
-+ boundary (depends on PAE) so the actually available memory for
-+ module code will usually be more than this minimum.
++ amount of memory for runtime allocated code (such as modules)
++ at compile time that cannot be changed at runtime. Here you
++ can specify the minimum amount in MB that will be reserved.
++ Due to the same implementation details this size will always
++ be rounded up to the next 2/4 MB boundary (depends on PAE) so
++ the actually available memory for runtime allocated code will
++ usually be more than this minimum.
+
+ The default 4 MB should be enough for most users but if you have
+ an excessive number of modules (e.g., most distribution configs
@@ -92629,7 +92906,7 @@ index e9c6ac7..e6254cf 100644
source security/keys/Kconfig
config SECURITY_DMESG_RESTRICT
-@@ -103,7 +1041,7 @@ config INTEL_TXT
+@@ -103,7 +1042,7 @@ config INTEL_TXT
config LSM_MMAP_MIN_ADDR
int "Low address space for LSM to protect from user allocation"
depends on SECURITY && SECURITY_SELINUX
@@ -92638,6 +92915,272 @@ index e9c6ac7..e6254cf 100644
default 65536
help
This is the portion of low virtual memory which should be protected
+diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
+index 9b9013b..51ebf96 100644
+--- a/security/apparmor/Kconfig
++++ b/security/apparmor/Kconfig
+@@ -29,3 +29,12 @@ config SECURITY_APPARMOR_BOOTPARAM_VALUE
+ boot.
+
+ If you are unsure how to answer this question, answer 1.
++
++config SECURITY_APPARMOR_COMPAT_24
++ bool "Enable AppArmor 2.4 compatability"
++ depends on SECURITY_APPARMOR
++ default y
++ help
++ This option enables compatability with AppArmor 2.4. It is
++ recommended if compatability with older versions of AppArmor
++ is desired.
+diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
+index 16c15ec..42b7c9f 100644
+--- a/security/apparmor/apparmorfs.c
++++ b/security/apparmor/apparmorfs.c
+@@ -182,6 +182,234 @@ const struct file_operations aa_fs_seq_file_ops = {
+ .release = single_release,
+ };
+
++#ifdef CONFIG_SECURITY_APPARMOR_COMPAT_24
++/**
++ * __next_namespace - find the next namespace to list
++ * @root: root namespace to stop search at (NOT NULL)
++ * @ns: current ns position (NOT NULL)
++ *
++ * Find the next namespace from @ns under @root and handle all locking needed
++ * while switching current namespace.
++ *
++ * Returns: next namespace or NULL if at last namespace under @root
++ * NOTE: will not unlock root->lock
++ */
++static struct aa_namespace *__next_namespace(struct aa_namespace *root,
++ struct aa_namespace *ns)
++{
++ struct aa_namespace *parent;
++
++ /* is next namespace a child */
++ if (!list_empty(&ns->sub_ns)) {
++ struct aa_namespace *next;
++ next = list_first_entry(&ns->sub_ns, typeof(*ns), base.list);
++ read_lock(&next->lock);
++ return next;
++ }
++
++ /* check if the next ns is a sibling, parent, gp, .. */
++ parent = ns->parent;
++ while (parent) {
++ read_unlock(&ns->lock);
++ list_for_each_entry_continue(ns, &parent->sub_ns, base.list) {
++ read_lock(&ns->lock);
++ return ns;
++ }
++ if (parent == root)
++ return NULL;
++ ns = parent;
++ parent = parent->parent;
++ }
++
++ return NULL;
++}
++
++/**
++ * __first_profile - find the first profile in a namespace
++ * @root: namespace that is root of profiles being displayed (NOT NULL)
++ * @ns: namespace to start in (NOT NULL)
++ *
++ * Returns: unrefcounted profile or NULL if no profile
++ */
++static struct aa_profile *__first_profile(struct aa_namespace *root,
++ struct aa_namespace *ns)
++{
++ for ( ; ns; ns = __next_namespace(root, ns)) {
++ if (!list_empty(&ns->base.profiles))
++ return list_first_entry(&ns->base.profiles,
++ struct aa_profile, base.list);
++ }
++ return NULL;
++}
++
++/**
++ * __next_profile - step to the next profile in a profile tree
++ * @profile: current profile in tree (NOT NULL)
++ *
++ * Perform a depth first taversal on the profile tree in a namespace
++ *
++ * Returns: next profile or NULL if done
++ * Requires: profile->ns.lock to be held
++ */
++static struct aa_profile *__next_profile(struct aa_profile *p)
++{
++ struct aa_profile *parent;
++ struct aa_namespace *ns = p->ns;
++
++ /* is next profile a child */
++ if (!list_empty(&p->base.profiles))
++ return list_first_entry(&p->base.profiles, typeof(*p),
++ base.list);
++
++ /* is next profile a sibling, parent sibling, gp, subling, .. */
++ parent = p->parent;
++ while (parent) {
++ list_for_each_entry_continue(p, &parent->base.profiles,
++ base.list)
++ return p;
++ p = parent;
++ parent = parent->parent;
++ }
++
++ /* is next another profile in the namespace */
++ list_for_each_entry_continue(p, &ns->base.profiles, base.list)
++ return p;
++
++ return NULL;
++}
++
++/**
++ * next_profile - step to the next profile in where ever it may be
++ * @root: root namespace (NOT NULL)
++ * @profile: current profile (NOT NULL)
++ *
++ * Returns: next profile or NULL if there isn't one
++ */
++static struct aa_profile *next_profile(struct aa_namespace *root,
++ struct aa_profile *profile)
++{
++ struct aa_profile *next = __next_profile(profile);
++ if (next)
++ return next;
++
++ /* finished all profiles in namespace move to next namespace */
++ return __first_profile(root, __next_namespace(root, profile->ns));
++}
++
++/**
++ * p_start - start a depth first traversal of profile tree
++ * @f: seq_file to fill
++ * @pos: current position
++ *
++ * Returns: first profile under current namespace or NULL if none found
++ *
++ * acquires first ns->lock
++ */
++static void *p_start(struct seq_file *f, loff_t *pos)
++ __acquires(root->lock)
++{
++ struct aa_profile *profile = NULL;
++ struct aa_namespace *root = aa_current_profile()->ns;
++ loff_t l = *pos;
++ f->private = aa_get_namespace(root);
++
++
++ /* find the first profile */
++ read_lock(&root->lock);
++ profile = __first_profile(root, root);
++
++ /* skip to position */
++ for (; profile && l > 0; l--)
++ profile = next_profile(root, profile);
++
++ return profile;
++}
++
++/**
++ * p_next - read the next profile entry
++ * @f: seq_file to fill
++ * @p: profile previously returned
++ * @pos: current position
++ *
++ * Returns: next profile after @p or NULL if none
++ *
++ * may acquire/release locks in namespace tree as necessary
++ */
++static void *p_next(struct seq_file *f, void *p, loff_t *pos)
++{
++ struct aa_profile *profile = p;
++ struct aa_namespace *root = f->private;
++ (*pos)++;
++
++ return next_profile(root, profile);
++}
++
++/**
++ * p_stop - stop depth first traversal
++ * @f: seq_file we are filling
++ * @p: the last profile writen
++ *
++ * Release all locking done by p_start/p_next on namespace tree
++ */
++static void p_stop(struct seq_file *f, void *p)
++ __releases(root->lock)
++{
++ struct aa_profile *profile = p;
++ struct aa_namespace *root = f->private, *ns;
++
++ if (profile) {
++ for (ns = profile->ns; ns && ns != root; ns = ns->parent)
++ read_unlock(&ns->lock);
++ }
++ read_unlock(&root->lock);
++ aa_put_namespace(root);
++}
++
++/**
++ * seq_show_profile - show a profile entry
++ * @f: seq_file to file
++ * @p: current position (profile) (NOT NULL)
++ *
++ * Returns: error on failure
++ */
++static int seq_show_profile(struct seq_file *f, void *p)
++{
++ struct aa_profile *profile = (struct aa_profile *)p;
++ struct aa_namespace *root = f->private;
++
++ if (profile->ns != root)
++ seq_printf(f, ":%s://", aa_ns_name(root, profile->ns));
++ seq_printf(f, "%s (%s)\n", profile->base.hname,
++ COMPLAIN_MODE(profile) ? "complain" : "enforce");
++
++ return 0;
++}
++
++static const struct seq_operations aa_fs_profiles_op = {
++ .start = p_start,
++ .next = p_next,
++ .stop = p_stop,
++ .show = seq_show_profile,
++};
++
++static int profiles_open(struct inode *inode, struct file *file)
++{
++ return seq_open(file, &aa_fs_profiles_op);
++}
++
++static int profiles_release(struct inode *inode, struct file *file)
++{
++ return seq_release(inode, file);
++}
++
++const struct file_operations aa_fs_profiles_fops = {
++ .open = profiles_open,
++ .read = seq_read,
++ .llseek = seq_lseek,
++ .release = profiles_release,
++};
++#endif /* CONFIG_SECURITY_APPARMOR_COMPAT_24 */
++
+ /** Base file system setup **/
+
+ static struct aa_fs_entry aa_fs_entry_file[] = {
+@@ -210,6 +438,9 @@ static struct aa_fs_entry aa_fs_entry_apparmor[] = {
+ AA_FS_FILE_FOPS(".load", 0640, &aa_fs_profile_load),
+ AA_FS_FILE_FOPS(".replace", 0640, &aa_fs_profile_replace),
+ AA_FS_FILE_FOPS(".remove", 0640, &aa_fs_profile_remove),
++#ifdef CONFIG_SECURITY_APPARMOR_COMPAT_24
++ AA_FS_FILE_FOPS("profiles", 0640, &aa_fs_profiles_fops),
++#endif
+ AA_FS_DIR("features", aa_fs_entry_features),
+ { }
+ };
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index b21830e..a7d1a17 100644
--- a/security/apparmor/lsm.c
@@ -93286,6 +93829,19 @@ index 040c60e..989a19a 100644
dev->status = SNDRV_SEQ_DEVICE_FREE;
dev->driver_data = NULL;
ops->num_init_devices--;
+diff --git a/sound/core/sound.c b/sound/core/sound.c
+index 70ccdab..50f2e10 100644
+--- a/sound/core/sound.c
++++ b/sound/core/sound.c
+@@ -86,7 +86,7 @@ static void snd_request_other(int minor)
+ case SNDRV_MINOR_TIMER: str = "snd-timer"; break;
+ default: return;
+ }
+- request_module(str);
++ request_module("%s", str);
+ }
+
+ #endif /* modular kernel */
diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c
index 4e0dd22..7a1f32c 100644
--- a/sound/drivers/mts64.c
@@ -93613,6 +94169,19 @@ index 7decbd9..d17d9d0 100644
struct device_node *np = pdev->dev.of_node;
const char *p, *sprop;
const uint32_t *iprop;
+diff --git a/sound/sound_core.c b/sound/sound_core.c
+index bb23009..db346c2 100644
+--- a/sound/sound_core.c
++++ b/sound/sound_core.c
+@@ -292,7 +292,7 @@ retry:
+ }
+
+ device_create(sound_class, dev, MKDEV(SOUND_MAJOR, s->unit_minor),
+- NULL, s->name+6);
++ NULL, "%s", s->name+6);
+ return s->unit_minor;
+
+ fail:
diff --git a/tools/gcc/.gitignore b/tools/gcc/.gitignore
new file mode 100644
index 0000000..50f2f2f
diff --git a/main/linux-grsec/kernelconfig.x86 b/main/linux-grsec/kernelconfig.x86
index 5774d1f22..3f5031657 100644
--- a/main/linux-grsec/kernelconfig.x86
+++ b/main/linux-grsec/kernelconfig.x86
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.9.5 Kernel Configuration
+# Linux/x86 3.9.7 Kernel Configuration
#
# CONFIG_64BIT is not set
CONFIG_X86_32=y
@@ -2308,7 +2308,7 @@ CONFIG_ATH9K=m
CONFIG_ATH9K_PCI=y
CONFIG_ATH9K_AHB=y
# CONFIG_ATH9K_DEBUGFS is not set
-CONFIG_ATH9K_RATE_CONTROL=y
+# CONFIG_ATH9K_LEGACY_RATE_CONTROL is not set
CONFIG_ATH9K_HTC=m
# CONFIG_ATH9K_HTC_DEBUGFS is not set
CONFIG_CARL9170=m
diff --git a/main/linux-grsec/kernelconfig.x86_64 b/main/linux-grsec/kernelconfig.x86_64
index df9536d19..f338d7ad0 100644
--- a/main/linux-grsec/kernelconfig.x86_64
+++ b/main/linux-grsec/kernelconfig.x86_64
@@ -1,6 +1,6 @@
#
# Automatically generated file; DO NOT EDIT.
-# Linux/x86 3.9.5 Kernel Configuration
+# Linux/x86 3.9.7 Kernel Configuration
#
CONFIG_64BIT=y
CONFIG_X86_64=y
@@ -2282,7 +2282,7 @@ CONFIG_ATH9K=m
CONFIG_ATH9K_PCI=y
CONFIG_ATH9K_AHB=y
# CONFIG_ATH9K_DEBUGFS is not set
-CONFIG_ATH9K_RATE_CONTROL=y
+# CONFIG_ATH9K_LEGACY_RATE_CONTROL is not set
CONFIG_ATH9K_HTC=m
# CONFIG_ATH9K_HTC_DEBUGFS is not set
CONFIG_CARL9170=m