summaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2014-01-13 10:54:39 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2014-01-13 10:54:54 +0000
commitacab3f818029cc435eeb7e8515abab9bfd0ea3c2 (patch)
tree99c8bfd069b409c0e94023c71d8950d229cb2585 /main
parent475fb8e554aa7409f0b6facf164822709dddd14e (diff)
downloadaports-acab3f818029cc435eeb7e8515abab9bfd0ea3c2.tar.bz2
aports-acab3f818029cc435eeb7e8515abab9bfd0ea3c2.tar.xz
main/linux-virt-grsec: upgrade to 3.12.6
Diffstat (limited to 'main')
-rw-r--r--main/linux-virt-grsec/APKBUILD16
-rw-r--r--main/linux-virt-grsec/grsecurity-3.0-3.12.6-201312221037.patch (renamed from main/linux-virt-grsec/grsecurity-3.0-3.12.4-201312081754.patch)2525
2 files changed, 1631 insertions, 910 deletions
diff --git a/main/linux-virt-grsec/APKBUILD b/main/linux-virt-grsec/APKBUILD
index 367fae18f..ecb1a7bbd 100644
--- a/main/linux-virt-grsec/APKBUILD
+++ b/main/linux-virt-grsec/APKBUILD
@@ -3,7 +3,7 @@
_flavor=grsec
pkgname=linux-virt-${_flavor}
-pkgver=3.12.4
+pkgver=3.12.6
case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
@@ -18,7 +18,7 @@ _config=${config:-kernelconfig.${CARCH}}
install=
source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
http://ftp.kernel.org/pub/linux/kernel/v3.x/patch-$pkgver.xz
- grsecurity-3.0-$pkgver-201312081754.patch
+ grsecurity-3.0-$pkgver-201312221037.patch
fix-memory-map-for-PIE-applications.patch
kernelconfig.x86
@@ -144,20 +144,20 @@ dev() {
}
md5sums="cc6ee608854e0da4b64f6c1ff8b6398c linux-3.12.tar.xz
-511b5a2f0de55b5e91fd293766ce182b patch-3.12.4.xz
-97395c529c1dd1826fff077c1ba9814e grsecurity-3.0-3.12.4-201312081754.patch
+9e75be8b127e58f1a76c0015eabb12ae patch-3.12.6.xz
+08fb432729eecd94fbd97d2b413043a1 grsecurity-3.0-3.12.6-201312221037.patch
c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch
cc0bc34dd6d4f4396fa70ceaa5aa4a1a kernelconfig.x86
93a67bcefa885e0089247694c3e1fa25 kernelconfig.x86_64"
sha256sums="2e120ec7fde19fa51dc6b6cc11c81860a0775defcad5a5bf910ed9a50e845a02 linux-3.12.tar.xz
-b1e21b37e29c7f32f1395356958019ff1ac2f2e75bcc7dda2a60ba79cfffd845 patch-3.12.4.xz
-695fb49d9a8960f5ed8d11b24ce0286346b7dde9876d65a283210a8579b3b09e grsecurity-3.0-3.12.4-201312081754.patch
+d3f0fab91fa4f25b685ae087030252feedb0169061c2f486cdf38b399e4baf7a patch-3.12.6.xz
+3db8444dda3eb2b6d41abd8f6d280303bbe2c57f3508b2537e2d3fe24aa7346a grsecurity-3.0-3.12.6-201312221037.patch
500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch
bb7418bfdfbe45476331412b17a06abb08f8a0f44fe8ff978fd3413e8671ae66 kernelconfig.x86
4a11a2edd0dc69687f96f6c80140537b8ba74684244af59a1ffe74cd69712c6c kernelconfig.x86_64"
sha512sums="4ba5797e0772726d05c9f2eee66dc6dc2a5033c749ef44764c805a83da739ed5d0c6443b76785e38fe1ef74cc7ade787e48144faed0cfcb6f124f05248c700ff linux-3.12.tar.xz
-efbb8e2a343935651101b43e7b977dd8c69aca7871b75d221edb32f93bd8ad83c6d0ae8d6622249019f8448fee8d3d754192bf7947602b8ed435bd786f1bb241 patch-3.12.4.xz
-f9a9bfee3977624fa2e4cc047e35dad42c71fd9eaec1c73f7bd9ad951d23809cc690bb5070c6d56879db9bcf88f04ad8365aa0f8c302fb756dac2cfd720ac88d grsecurity-3.0-3.12.4-201312081754.patch
+dd386fa4ace7a2a63c788540fb4b76a621c2aa7ac874e2ebbf81014da255f6811584e93a4e92beffda88e33e848d8a69cdcb33cce81387b35c79ff49fc32563c patch-3.12.6.xz
+f98a05fffdffee62cdb6ceaea1326d6231e391ba771f69c24e5ea0b7f3b83a1346530c48170c0fce9cf7681a247786d3324d1034c3f10e0fcf2db61429a16705 grsecurity-3.0-3.12.6-201312221037.patch
4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch
b2245e3eeb020651eb36289d658b32a0ace45e00c392113e8589dbc31f5bd602fb3284b915b4924c235c7886f5e773ad731ddb392ca9e7b10528e0344bdafaef kernelconfig.x86
203ef17038ebdb92dbdd6547875816012442f6d4c3d5ea43d9f4898b4c074feda85c485c3bf2aa1b6de127985292aaeef3596e66f06282c7853f9ff7db0a5df4 kernelconfig.x86_64"
diff --git a/main/linux-virt-grsec/grsecurity-3.0-3.12.4-201312081754.patch b/main/linux-virt-grsec/grsecurity-3.0-3.12.6-201312221037.patch
index fa9c2c7fd..12c5249c4 100644
--- a/main/linux-virt-grsec/grsecurity-3.0-3.12.4-201312081754.patch
+++ b/main/linux-virt-grsec/grsecurity-3.0-3.12.6-201312221037.patch
@@ -281,7 +281,7 @@ index fcbb736..5508d8c 100644
pcd. [PARIDE]
diff --git a/Makefile b/Makefile
-index 3b7165e..9112a63 100644
+index 2b23383..a66cff0 100644
--- a/Makefile
+++ b/Makefile
@@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \
@@ -1968,7 +1968,7 @@ index 5689c18..eea12f9 100644
#define L_PTE_DIRTY_HIGH (1 << (55 - 32))
diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h
-index be956db..c8f25e2 100644
+index 1571d12..b8a9b43 100644
--- a/arch/arm/include/asm/pgtable.h
+++ b/arch/arm/include/asm/pgtable.h
@@ -33,6 +33,9 @@
@@ -2819,7 +2819,7 @@ index 07314af..c46655c 100644
flush_icache_range((uintptr_t)(addr),
(uintptr_t)(addr) + size);
diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c
-index 94f6b05..efd7312 100644
+index 92f7b15..7048500 100644
--- a/arch/arm/kernel/process.c
+++ b/arch/arm/kernel/process.c
@@ -217,6 +217,7 @@ void machine_power_off(void)
@@ -2850,7 +2850,7 @@ index 94f6b05..efd7312 100644
printk("pc : [<%08lx>] lr : [<%08lx>] psr: %08lx\n"
"sp : %08lx ip : %08lx fp : %08lx\n",
regs->ARM_pc, regs->ARM_lr, regs->ARM_cpsr,
-@@ -422,12 +423,6 @@ unsigned long get_wchan(struct task_struct *p)
+@@ -425,12 +426,6 @@ unsigned long get_wchan(struct task_struct *p)
return 0;
}
@@ -2863,7 +2863,7 @@ index 94f6b05..efd7312 100644
#ifdef CONFIG_MMU
#ifdef CONFIG_KUSER_HELPERS
/*
-@@ -443,7 +438,7 @@ static struct vm_area_struct gate_vma = {
+@@ -446,7 +441,7 @@ static struct vm_area_struct gate_vma = {
static int __init gate_vma_init(void)
{
@@ -2872,7 +2872,7 @@ index 94f6b05..efd7312 100644
return 0;
}
arch_initcall(gate_vma_init);
-@@ -469,41 +464,16 @@ int in_gate_area_no_mm(unsigned long addr)
+@@ -472,41 +467,16 @@ int in_gate_area_no_mm(unsigned long addr)
const char *arch_vma_name(struct vm_area_struct *vma)
{
@@ -3083,7 +3083,7 @@ index 72024ea..ae302dd 100644
void __init smp_set_ops(struct smp_operations *ops)
{
diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c
-index 8fcda14..4512b9d 100644
+index 65ed63f..430c478 100644
--- a/arch/arm/kernel/traps.c
+++ b/arch/arm/kernel/traps.c
@@ -55,7 +55,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long);
@@ -3114,7 +3114,7 @@ index 8fcda14..4512b9d 100644
if (signr)
do_exit(signr);
}
-@@ -628,7 +633,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
+@@ -629,7 +634,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs)
* The user helper at 0xffff0fe0 must be used instead.
* (see entry-armv.S for details)
*/
@@ -3124,7 +3124,7 @@ index 8fcda14..4512b9d 100644
}
return 0;
-@@ -885,7 +892,11 @@ void __init early_trap_init(void *vectors_base)
+@@ -886,7 +893,11 @@ void __init early_trap_init(void *vectors_base)
kuser_init(vectors_base);
flush_icache_range(vectors, vectors + PAGE_SIZE * 2);
@@ -3567,7 +3567,7 @@ index 17ca1ae..beba869 100644
struct omap_device *omap_device_alloc(struct platform_device *pdev,
struct omap_hwmod **ohs, int oh_cnt);
diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c
-index 3d5db8c..ddfa144 100644
+index 832adb1..49b62c4 100644
--- a/arch/arm/mach-omap2/omap_hwmod.c
+++ b/arch/arm/mach-omap2/omap_hwmod.c
@@ -194,10 +194,10 @@ struct omap_hwmod_soc_ops {
@@ -4123,7 +4123,7 @@ index f123d6e..04bf569 100644
return __arm_ioremap_caller(phys_addr, size, mtype,
__builtin_return_address(0));
diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c
-index 0c63562..7128a90 100644
+index 304661d..53a6b19 100644
--- a/arch/arm/mm/mmap.c
+++ b/arch/arm/mm/mmap.c
@@ -59,6 +59,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr,
@@ -7242,7 +7242,7 @@ index 2a625fb..9908930 100644
DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n",
me->arch.unwind_section, table, end, gp);
diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c
-index 5dfd248..64914ac 100644
+index 0d3a9d4..44975d0 100644
--- a/arch/parisc/kernel/sys_parisc.c
+++ b/arch/parisc/kernel/sys_parisc.c
@@ -33,9 +33,11 @@
@@ -7266,29 +7266,26 @@ index 5dfd248..64914ac 100644
return vm_unmapped_area(&info);
}
-@@ -61,10 +64,11 @@ static int get_offset(struct address_space *mapping)
- return (unsigned long) mapping >> 8;
+@@ -69,15 +72,17 @@ static unsigned long shared_align_offset(struct file *filp, unsigned long pgoff)
}
--static unsigned long get_shared_area(struct address_space *mapping,
-- unsigned long addr, unsigned long len, unsigned long pgoff)
-+static unsigned long get_shared_area(struct file *filp, struct address_space *mapping,
-+ unsigned long addr, unsigned long len, unsigned long pgoff, unsigned long flags)
+ static unsigned long get_shared_area(struct file *filp, unsigned long addr,
+- unsigned long len, unsigned long pgoff)
++ unsigned long len, unsigned long pgoff, unsigned long flags)
{
struct vm_unmapped_area_info info;
+ unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags);
info.flags = 0;
info.length = len;
-@@ -72,6 +76,7 @@ static unsigned long get_shared_area(struct address_space *mapping,
+ info.low_limit = PAGE_ALIGN(addr);
info.high_limit = TASK_SIZE;
info.align_mask = PAGE_MASK & (SHMLBA - 1);
- info.align_offset = (get_offset(mapping) + pgoff) << PAGE_SHIFT;
+ info.threadstack_offset = offset;
+ info.align_offset = shared_align_offset(filp, pgoff);
return vm_unmapped_area(&info);
}
-
-@@ -86,15 +91,22 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
+@@ -93,13 +98,20 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr,
return -EINVAL;
return addr;
}
@@ -7303,16 +7300,13 @@ index 5dfd248..64914ac 100644
+
+ }
+
- if (filp) {
-- addr = get_shared_area(filp->f_mapping, addr, len, pgoff);
-+ addr = get_shared_area(filp, filp->f_mapping, addr, len, pgoff, flags);
- } else if(flags & MAP_SHARED) {
-- addr = get_shared_area(NULL, addr, len, pgoff);
-+ addr = get_shared_area(filp, NULL, addr, len, pgoff, flags);
- } else {
+ if (filp || (flags & MAP_SHARED))
+- addr = get_shared_area(filp, addr, len, pgoff);
++ addr = get_shared_area(filp, addr, len, pgoff, flags);
+ else
- addr = get_unshared_area(addr, len);
-+ addr = get_unshared_area(filp, addr, len, flags);
- }
++ addr = get_unshared_area(addr, len, flags);
+
return addr;
}
diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c
@@ -7684,7 +7678,7 @@ index 88693ce..ac6f9ab 100644
#include <asm-generic/getorder.h>
diff --git a/arch/powerpc/include/asm/pgalloc-64.h b/arch/powerpc/include/asm/pgalloc-64.h
-index f65e27b..23ffb5b 100644
+index 256d6f8..b0166a7 100644
--- a/arch/powerpc/include/asm/pgalloc-64.h
+++ b/arch/powerpc/include/asm/pgalloc-64.h
@@ -53,6 +53,7 @@ static inline void pgd_free(struct mm_struct *mm, pgd_t *pgd)
@@ -7707,7 +7701,7 @@ index f65e27b..23ffb5b 100644
#define pmd_populate(mm, pmd, pte_page) \
pmd_populate_kernel(mm, pmd, page_address(pte_page))
#define pmd_populate_kernel(mm, pmd, pte) pmd_set(pmd, (unsigned long)(pte))
-@@ -171,6 +177,7 @@ extern void __tlb_remove_table(void *_table);
+@@ -169,6 +175,7 @@ extern void __tlb_remove_table(void *_table);
#endif
#define pud_populate(mm, pud, pmd) pud_set(pud, (unsigned long)pmd)
@@ -11748,10 +11742,10 @@ index 78d91af..8ceb94b 100644
This option helps catch unintended modifications to loadable
kernel module's text and read-only data. It also prevents execution
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
-index 41250fb..863762e 100644
+index 57d0215..b4373fb 100644
--- a/arch/x86/Makefile
+++ b/arch/x86/Makefile
-@@ -46,14 +46,12 @@ ifeq ($(CONFIG_X86_32),y)
+@@ -49,14 +49,12 @@ ifeq ($(CONFIG_X86_32),y)
# CPU-specific tuning. Anything which can be shared with UML should go here.
include $(srctree)/arch/x86/Makefile_32.cpu
KBUILD_CFLAGS += $(cflags-y)
@@ -11767,7 +11761,7 @@ index 41250fb..863762e 100644
KBUILD_AFLAGS += -m64
KBUILD_CFLAGS += -m64
-@@ -83,6 +81,9 @@ else
+@@ -89,6 +87,9 @@ else
KBUILD_CFLAGS += -maccumulate-outgoing-args
endif
@@ -11777,7 +11771,7 @@ index 41250fb..863762e 100644
ifdef CONFIG_CC_STACKPROTECTOR
cc_has_sp := $(srctree)/scripts/gcc-x86_$(BITS)-has-stack-protector.sh
ifeq ($(shell $(CONFIG_SHELL) $(cc_has_sp) $(CC) $(KBUILD_CPPFLAGS) $(biarch)),y)
-@@ -241,3 +242,12 @@ define archhelp
+@@ -247,3 +248,12 @@ define archhelp
echo ' FDINITRD=file initrd for the booted kernel'
echo ' kvmconfig - Enable additional options for guest kernel support'
endef
@@ -11791,13 +11785,13 @@ index 41250fb..863762e 100644
+archprepare:
+ $(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD)))
diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile
-index 379814b..add62ce 100644
+index 6cf0111..f2e2398 100644
--- a/arch/x86/boot/Makefile
+++ b/arch/x86/boot/Makefile
-@@ -65,6 +65,9 @@ KBUILD_CFLAGS := $(USERINCLUDE) -g -Os -D_SETUP -D__KERNEL__ \
+@@ -65,6 +65,9 @@ KBUILD_CFLAGS := $(USERINCLUDE) -m32 -g -Os -D_SETUP -D__KERNEL__ \
+ $(call cc-option, -fno-unit-at-a-time)) \
$(call cc-option, -fno-stack-protector) \
$(call cc-option, -mpreferred-stack-boundary=2)
- KBUILD_CFLAGS += $(call cc-option, -m32)
+ifdef CONSTIFY_PLUGIN
+KBUILD_CFLAGS += -fplugin-arg-constify_plugin-no-constify
+endif
@@ -11849,11 +11843,11 @@ index ef72bae..353a184 100644
return diff;
}
diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile
-index dcd90df..c830d7d 100644
+index c8a6792..2402765 100644
--- a/arch/x86/boot/compressed/Makefile
+++ b/arch/x86/boot/compressed/Makefile
-@@ -15,6 +15,9 @@ cflags-$(CONFIG_X86_64) := -mcmodel=small
- KBUILD_CFLAGS += $(cflags-y)
+@@ -16,6 +16,9 @@ KBUILD_CFLAGS += $(cflags-y)
+ KBUILD_CFLAGS += -mno-mmx -mno-sse
KBUILD_CFLAGS += $(call cc-option,-ffreestanding)
KBUILD_CFLAGS += $(call cc-option,-fno-stack-protector)
+ifdef CONSTIFY_PLUGIN
@@ -12159,7 +12153,7 @@ index 43eda28..5ab5fdb 100644
unsigned int v;
diff --git a/arch/x86/crypto/aes-x86_64-asm_64.S b/arch/x86/crypto/aes-x86_64-asm_64.S
-index 9105655..5e37f27 100644
+index 9105655..41779c1 100644
--- a/arch/x86/crypto/aes-x86_64-asm_64.S
+++ b/arch/x86/crypto/aes-x86_64-asm_64.S
@@ -8,6 +8,8 @@
@@ -12175,13 +12169,13 @@ index 9105655..5e37f27 100644
je B192; \
leaq 32(r9),r9;
-+#define ret pax_force_retaddr 0, 1; ret
++#define ret pax_force_retaddr; ret
+
#define epilogue(FUNC,r1,r2,r3,r4,r5,r6,r7,r8,r9) \
movq r1,r2; \
movq r3,r4; \
diff --git a/arch/x86/crypto/aesni-intel_asm.S b/arch/x86/crypto/aesni-intel_asm.S
-index 477e9d7..3ab339f 100644
+index 477e9d7..c92c7d8 100644
--- a/arch/x86/crypto/aesni-intel_asm.S
+++ b/arch/x86/crypto/aesni-intel_asm.S
@@ -31,6 +31,7 @@
@@ -12192,19 +12186,240 @@ index 477e9d7..3ab339f 100644
#ifdef __x86_64__
.data
-@@ -1441,6 +1442,7 @@ _return_T_done_decrypt:
+@@ -205,7 +206,7 @@ enc: .octa 0x2
+ * num_initial_blocks = b mod 4
+ * encrypt the initial num_initial_blocks blocks and apply ghash on
+ * the ciphertext
+-* %r10, %r11, %r12, %rax, %xmm5, %xmm6, %xmm7, %xmm8, %xmm9 registers
++* %r10, %r11, %r15, %rax, %xmm5, %xmm6, %xmm7, %xmm8, %xmm9 registers
+ * are clobbered
+ * arg1, %arg2, %arg3, %r14 are used as a pointer only, not modified
+ */
+@@ -214,8 +215,8 @@ enc: .octa 0x2
+ .macro INITIAL_BLOCKS_DEC num_initial_blocks TMP1 TMP2 TMP3 TMP4 TMP5 XMM0 XMM1 \
+ XMM2 XMM3 XMM4 XMMDst TMP6 TMP7 i i_seq operation
+ mov arg7, %r10 # %r10 = AAD
+- mov arg8, %r12 # %r12 = aadLen
+- mov %r12, %r11
++ mov arg8, %r15 # %r15 = aadLen
++ mov %r15, %r11
+ pxor %xmm\i, %xmm\i
+ _get_AAD_loop\num_initial_blocks\operation:
+ movd (%r10), \TMP1
+@@ -223,15 +224,15 @@ _get_AAD_loop\num_initial_blocks\operation:
+ psrldq $4, %xmm\i
+ pxor \TMP1, %xmm\i
+ add $4, %r10
+- sub $4, %r12
++ sub $4, %r15
+ jne _get_AAD_loop\num_initial_blocks\operation
+ cmp $16, %r11
+ je _get_AAD_loop2_done\num_initial_blocks\operation
+- mov $16, %r12
++ mov $16, %r15
+ _get_AAD_loop2\num_initial_blocks\operation:
+ psrldq $4, %xmm\i
+- sub $4, %r12
+- cmp %r11, %r12
++ sub $4, %r15
++ cmp %r11, %r15
+ jne _get_AAD_loop2\num_initial_blocks\operation
+ _get_AAD_loop2_done\num_initial_blocks\operation:
+ movdqa SHUF_MASK(%rip), %xmm14
+@@ -443,7 +444,7 @@ _initial_blocks_done\num_initial_blocks\operation:
+ * num_initial_blocks = b mod 4
+ * encrypt the initial num_initial_blocks blocks and apply ghash on
+ * the ciphertext
+-* %r10, %r11, %r12, %rax, %xmm5, %xmm6, %xmm7, %xmm8, %xmm9 registers
++* %r10, %r11, %r15, %rax, %xmm5, %xmm6, %xmm7, %xmm8, %xmm9 registers
+ * are clobbered
+ * arg1, %arg2, %arg3, %r14 are used as a pointer only, not modified
+ */
+@@ -452,8 +453,8 @@ _initial_blocks_done\num_initial_blocks\operation:
+ .macro INITIAL_BLOCKS_ENC num_initial_blocks TMP1 TMP2 TMP3 TMP4 TMP5 XMM0 XMM1 \
+ XMM2 XMM3 XMM4 XMMDst TMP6 TMP7 i i_seq operation
+ mov arg7, %r10 # %r10 = AAD
+- mov arg8, %r12 # %r12 = aadLen
+- mov %r12, %r11
++ mov arg8, %r15 # %r15 = aadLen
++ mov %r15, %r11
+ pxor %xmm\i, %xmm\i
+ _get_AAD_loop\num_initial_blocks\operation:
+ movd (%r10), \TMP1
+@@ -461,15 +462,15 @@ _get_AAD_loop\num_initial_blocks\operation:
+ psrldq $4, %xmm\i
+ pxor \TMP1, %xmm\i
+ add $4, %r10
+- sub $4, %r12
++ sub $4, %r15
+ jne _get_AAD_loop\num_initial_blocks\operation
+ cmp $16, %r11
+ je _get_AAD_loop2_done\num_initial_blocks\operation
+- mov $16, %r12
++ mov $16, %r15
+ _get_AAD_loop2\num_initial_blocks\operation:
+ psrldq $4, %xmm\i
+- sub $4, %r12
+- cmp %r11, %r12
++ sub $4, %r15
++ cmp %r11, %r15
+ jne _get_AAD_loop2\num_initial_blocks\operation
+ _get_AAD_loop2_done\num_initial_blocks\operation:
+ movdqa SHUF_MASK(%rip), %xmm14
+@@ -1269,7 +1270,7 @@ TMP7 XMM1 XMM2 XMM3 XMM4 XMMDst
+ *
+ *****************************************************************************/
+ ENTRY(aesni_gcm_dec)
+- push %r12
++ push %r15
+ push %r13
+ push %r14
+ mov %rsp, %r14
+@@ -1279,8 +1280,8 @@ ENTRY(aesni_gcm_dec)
+ */
+ sub $VARIABLE_OFFSET, %rsp
+ and $~63, %rsp # align rsp to 64 bytes
+- mov %arg6, %r12
+- movdqu (%r12), %xmm13 # %xmm13 = HashKey
++ mov %arg6, %r15
++ movdqu (%r15), %xmm13 # %xmm13 = HashKey
+ movdqa SHUF_MASK(%rip), %xmm2
+ PSHUFB_XMM %xmm2, %xmm13
+
+@@ -1308,10 +1309,10 @@ ENTRY(aesni_gcm_dec)
+ movdqa %xmm13, HashKey(%rsp) # store HashKey<<1 (mod poly)
+ mov %arg4, %r13 # save the number of bytes of plaintext/ciphertext
+ and $-16, %r13 # %r13 = %r13 - (%r13 mod 16)
+- mov %r13, %r12
+- and $(3<<4), %r12
++ mov %r13, %r15
++ and $(3<<4), %r15
+ jz _initial_num_blocks_is_0_decrypt
+- cmp $(2<<4), %r12
++ cmp $(2<<4), %r15
+ jb _initial_num_blocks_is_1_decrypt
+ je _initial_num_blocks_is_2_decrypt
+ _initial_num_blocks_is_3_decrypt:
+@@ -1361,16 +1362,16 @@ _zero_cipher_left_decrypt:
+ sub $16, %r11
+ add %r13, %r11
+ movdqu (%arg3,%r11,1), %xmm1 # receive the last <16 byte block
+- lea SHIFT_MASK+16(%rip), %r12
+- sub %r13, %r12
++ lea SHIFT_MASK+16(%rip), %r15
++ sub %r13, %r15
+ # adjust the shuffle mask pointer to be able to shift 16-%r13 bytes
+ # (%r13 is the number of bytes in plaintext mod 16)
+- movdqu (%r12), %xmm2 # get the appropriate shuffle mask
++ movdqu (%r15), %xmm2 # get the appropriate shuffle mask
+ PSHUFB_XMM %xmm2, %xmm1 # right shift 16-%r13 butes
+
+ movdqa %xmm1, %xmm2
+ pxor %xmm1, %xmm0 # Ciphertext XOR E(K, Yn)
+- movdqu ALL_F-SHIFT_MASK(%r12), %xmm1
++ movdqu ALL_F-SHIFT_MASK(%r15), %xmm1
+ # get the appropriate mask to mask out top 16-%r13 bytes of %xmm0
+ pand %xmm1, %xmm0 # mask out top 16-%r13 bytes of %xmm0
+ pand %xmm1, %xmm2
+@@ -1399,9 +1400,9 @@ _less_than_8_bytes_left_decrypt:
+ sub $1, %r13
+ jne _less_than_8_bytes_left_decrypt
+ _multiple_of_16_bytes_decrypt:
+- mov arg8, %r12 # %r13 = aadLen (number of bytes)
+- shl $3, %r12 # convert into number of bits
+- movd %r12d, %xmm15 # len(A) in %xmm15
++ mov arg8, %r15 # %r13 = aadLen (number of bytes)
++ shl $3, %r15 # convert into number of bits
++ movd %r15d, %xmm15 # len(A) in %xmm15
+ shl $3, %arg4 # len(C) in bits (*128)
+ MOVQ_R64_XMM %arg4, %xmm1
+ pslldq $8, %xmm15 # %xmm15 = len(A)||0x0000000000000000
+@@ -1440,7 +1441,8 @@ _return_T_done_decrypt:
+ mov %r14, %rsp
pop %r14
pop %r13
- pop %r12
-+ pax_force_retaddr 0, 1
+- pop %r12
++ pop %r15
++ pax_force_retaddr
ret
ENDPROC(aesni_gcm_dec)
-@@ -1705,6 +1707,7 @@ _return_T_done_encrypt:
+@@ -1529,7 +1531,7 @@ ENDPROC(aesni_gcm_dec)
+ * poly = x^128 + x^127 + x^126 + x^121 + 1
+ ***************************************************************************/
+ ENTRY(aesni_gcm_enc)
+- push %r12
++ push %r15
+ push %r13
+ push %r14
+ mov %rsp, %r14
+@@ -1539,8 +1541,8 @@ ENTRY(aesni_gcm_enc)
+ #
+ sub $VARIABLE_OFFSET, %rsp
+ and $~63, %rsp
+- mov %arg6, %r12
+- movdqu (%r12), %xmm13
++ mov %arg6, %r15
++ movdqu (%r15), %xmm13
+ movdqa SHUF_MASK(%rip), %xmm2
+ PSHUFB_XMM %xmm2, %xmm13
+
+@@ -1564,13 +1566,13 @@ ENTRY(aesni_gcm_enc)
+ movdqa %xmm13, HashKey(%rsp)
+ mov %arg4, %r13 # %xmm13 holds HashKey<<1 (mod poly)
+ and $-16, %r13
+- mov %r13, %r12
++ mov %r13, %r15
+
+ # Encrypt first few blocks
+
+- and $(3<<4), %r12
++ and $(3<<4), %r15
+ jz _initial_num_blocks_is_0_encrypt
+- cmp $(2<<4), %r12
++ cmp $(2<<4), %r15
+ jb _initial_num_blocks_is_1_encrypt
+ je _initial_num_blocks_is_2_encrypt
+ _initial_num_blocks_is_3_encrypt:
+@@ -1623,14 +1625,14 @@ _zero_cipher_left_encrypt:
+ sub $16, %r11
+ add %r13, %r11
+ movdqu (%arg3,%r11,1), %xmm1 # receive the last <16 byte blocks
+- lea SHIFT_MASK+16(%rip), %r12
+- sub %r13, %r12
++ lea SHIFT_MASK+16(%rip), %r15
++ sub %r13, %r15
+ # adjust the shuffle mask pointer to be able to shift 16-r13 bytes
+ # (%r13 is the number of bytes in plaintext mod 16)
+- movdqu (%r12), %xmm2 # get the appropriate shuffle mask
++ movdqu (%r15), %xmm2 # get the appropriate shuffle mask
+ PSHUFB_XMM %xmm2, %xmm1 # shift right 16-r13 byte
+ pxor %xmm1, %xmm0 # Plaintext XOR Encrypt(K, Yn)
+- movdqu ALL_F-SHIFT_MASK(%r12), %xmm1
++ movdqu ALL_F-SHIFT_MASK(%r15), %xmm1
+ # get the appropriate mask to mask out top 16-r13 bytes of xmm0
+ pand %xmm1, %xmm0 # mask out top 16-r13 bytes of xmm0
+ movdqa SHUF_MASK(%rip), %xmm10
+@@ -1663,9 +1665,9 @@ _less_than_8_bytes_left_encrypt:
+ sub $1, %r13
+ jne _less_than_8_bytes_left_encrypt
+ _multiple_of_16_bytes_encrypt:
+- mov arg8, %r12 # %r12 = addLen (number of bytes)
+- shl $3, %r12
+- movd %r12d, %xmm15 # len(A) in %xmm15
++ mov arg8, %r15 # %r15 = addLen (number of bytes)
++ shl $3, %r15
++ movd %r15d, %xmm15 # len(A) in %xmm15
+ shl $3, %arg4 # len(C) in bits (*128)
+ MOVQ_R64_XMM %arg4, %xmm1
+ pslldq $8, %xmm15 # %xmm15 = len(A)||0x0000000000000000
+@@ -1704,7 +1706,8 @@ _return_T_done_encrypt:
+ mov %r14, %rsp
pop %r14
pop %r13
- pop %r12
-+ pax_force_retaddr 0, 1
+- pop %r12
++ pop %r15
++ pax_force_retaddr
ret
ENDPROC(aesni_gcm_enc)
@@ -12212,7 +12427,7 @@ index 477e9d7..3ab339f 100644
pxor %xmm1, %xmm0
movaps %xmm0, (TKEYP)
add $0x10, TKEYP
-+ pax_force_retaddr_bts
++ pax_force_retaddr
ret
ENDPROC(_key_expansion_128)
ENDPROC(_key_expansion_256a)
@@ -12220,7 +12435,7 @@ index 477e9d7..3ab339f 100644
shufps $0b01001110, %xmm2, %xmm1
movaps %xmm1, 0x10(TKEYP)
add $0x20, TKEYP
-+ pax_force_retaddr_bts
++ pax_force_retaddr
ret
ENDPROC(_key_expansion_192a)
@@ -12228,7 +12443,7 @@ index 477e9d7..3ab339f 100644
movaps %xmm0, (TKEYP)
add $0x10, TKEYP
-+ pax_force_retaddr_bts
++ pax_force_retaddr
ret
ENDPROC(_key_expansion_192b)
@@ -12236,7 +12451,7 @@ index 477e9d7..3ab339f 100644
pxor %xmm1, %xmm2
movaps %xmm2, (TKEYP)
add $0x10, TKEYP
-+ pax_force_retaddr_bts
++ pax_force_retaddr
ret
ENDPROC(_key_expansion_256b)
@@ -12244,7 +12459,7 @@ index 477e9d7..3ab339f 100644
#ifndef __x86_64__
popl KEYP
#endif
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
ENDPROC(aesni_set_key)
@@ -12252,7 +12467,7 @@ index 477e9d7..3ab339f 100644
popl KLEN
popl KEYP
#endif
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
ENDPROC(aesni_enc)
@@ -12260,7 +12475,7 @@ index 477e9d7..3ab339f 100644
AESENC KEY STATE
movaps 0x70(TKEYP), KEY
AESENCLAST KEY STATE
-+ pax_force_retaddr_bts
++ pax_force_retaddr
ret
ENDPROC(_aesni_enc1)
@@ -12268,7 +12483,7 @@ index 477e9d7..3ab339f 100644
AESENCLAST KEY STATE2
AESENCLAST KEY STATE3
AESENCLAST KEY STATE4
-+ pax_force_retaddr_bts
++ pax_force_retaddr
ret
ENDPROC(_aesni_enc4)
@@ -12276,7 +12491,7 @@ index 477e9d7..3ab339f 100644
popl KLEN
popl KEYP
#endif
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
ENDPROC(aesni_dec)
@@ -12284,7 +12499,7 @@ index 477e9d7..3ab339f 100644
AESDEC KEY STATE
movaps 0x70(TKEYP), KEY
AESDECLAST KEY STATE
-+ pax_force_retaddr_bts
++ pax_force_retaddr
ret
ENDPROC(_aesni_dec1)
@@ -12292,7 +12507,7 @@ index 477e9d7..3ab339f 100644
AESDECLAST KEY STATE2
AESDECLAST KEY STATE3
AESDECLAST KEY STATE4
-+ pax_force_retaddr_bts
++ pax_force_retaddr
ret
ENDPROC(_aesni_dec4)
@@ -12300,7 +12515,7 @@ index 477e9d7..3ab339f 100644
popl KEYP
popl LEN
#endif
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
ENDPROC(aesni_ecb_enc)
@@ -12308,7 +12523,7 @@ index 477e9d7..3ab339f 100644
popl KEYP
popl LEN
#endif
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
ENDPROC(aesni_ecb_dec)
@@ -12316,7 +12531,7 @@ index 477e9d7..3ab339f 100644
popl LEN
popl IVP
#endif
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
ENDPROC(aesni_cbc_enc)
@@ -12324,7 +12539,7 @@ index 477e9d7..3ab339f 100644
popl LEN
popl IVP
#endif
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
ENDPROC(aesni_cbc_dec)
@@ -12332,7 +12547,7 @@ index 477e9d7..3ab339f 100644
mov $1, TCTR_LOW
MOVQ_R64_XMM TCTR_LOW INC
MOVQ_R64_XMM CTR TCTR_LOW
-+ pax_force_retaddr_bts
++ pax_force_retaddr
ret
ENDPROC(_aesni_inc_init)
@@ -12340,7 +12555,7 @@ index 477e9d7..3ab339f 100644
.Linc_low:
movaps CTR, IV
PSHUFB_XMM BSWAP_MASK IV
-+ pax_force_retaddr_bts
++ pax_force_retaddr
ret
ENDPROC(_aesni_inc)
@@ -12348,7 +12563,7 @@ index 477e9d7..3ab339f 100644
.Lctr_enc_ret:
movups IV, (IVP)
.Lctr_enc_just_ret:
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
ENDPROC(aesni_ctr_enc)
@@ -12356,12 +12571,12 @@ index 477e9d7..3ab339f 100644
pxor INC, STATE4
movdqu STATE4, 0x70(OUTP)
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
ENDPROC(aesni_xts_crypt8)
diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S
-index 246c670..4d1ed00 100644
+index 246c670..466e2d6 100644
--- a/arch/x86/crypto/blowfish-x86_64-asm_64.S
+++ b/arch/x86/crypto/blowfish-x86_64-asm_64.S
@@ -21,6 +21,7 @@
@@ -12376,11 +12591,11 @@ index 246c670..4d1ed00 100644
jnz .L__enc_xor;
write_block();
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
.L__enc_xor:
xor_block();
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(__blowfish_enc_blk)
@@ -12388,7 +12603,7 @@ index 246c670..4d1ed00 100644
movq %r11, %rbp;
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(blowfish_dec_blk)
@@ -12396,7 +12611,7 @@ index 246c670..4d1ed00 100644
popq %rbx;
popq %rbp;
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
.L__enc_xor4:
@@ -12404,7 +12619,7 @@ index 246c670..4d1ed00 100644
popq %rbx;
popq %rbp;
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(__blowfish_enc_blk_4way)
@@ -12412,11 +12627,11 @@ index 246c670..4d1ed00 100644
popq %rbx;
popq %rbp;
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(blowfish_dec_blk_4way)
diff --git a/arch/x86/crypto/camellia-aesni-avx-asm_64.S b/arch/x86/crypto/camellia-aesni-avx-asm_64.S
-index ce71f92..2dd5b1e 100644
+index ce71f92..1dce7ec 100644
--- a/arch/x86/crypto/camellia-aesni-avx-asm_64.S
+++ b/arch/x86/crypto/camellia-aesni-avx-asm_64.S
@@ -16,6 +16,7 @@
@@ -12431,7 +12646,7 @@ index ce71f92..2dd5b1e 100644
roundsm16(%xmm0, %xmm1, %xmm2, %xmm3, %xmm4, %xmm5, %xmm6, %xmm7,
%xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14, %xmm15,
%rcx, (%r9));
-+ pax_force_retaddr_bts
++ pax_force_retaddr
ret;
ENDPROC(roundsm16_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd)
@@ -12439,7 +12654,7 @@ index ce71f92..2dd5b1e 100644
roundsm16(%xmm4, %xmm5, %xmm6, %xmm7, %xmm0, %xmm1, %xmm2, %xmm3,
%xmm12, %xmm13, %xmm14, %xmm15, %xmm8, %xmm9, %xmm10, %xmm11,
%rax, (%r9));
-+ pax_force_retaddr_bts
++ pax_force_retaddr
ret;
ENDPROC(roundsm16_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab)
@@ -12447,7 +12662,7 @@ index ce71f92..2dd5b1e 100644
%xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14,
%xmm15, (key_table)(CTX, %r8, 8), (%rax), 1 * 16(%rax));
-+ pax_force_retaddr_bts
++ pax_force_retaddr
ret;
.align 8
@@ -12455,7 +12670,7 @@ index ce71f92..2dd5b1e 100644
%xmm8, %xmm9, %xmm10, %xmm11, %xmm12, %xmm13, %xmm14,
%xmm15, (key_table)(CTX), (%rax), 1 * 16(%rax));
-+ pax_force_retaddr_bts
++ pax_force_retaddr
ret;
.align 8
@@ -12463,7 +12678,7 @@ index ce71f92..2dd5b1e 100644
%xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9,
%xmm8, %rsi);
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(camellia_ecb_enc_16way)
@@ -12471,7 +12686,7 @@ index ce71f92..2dd5b1e 100644
%xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9,
%xmm8, %rsi);
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(camellia_ecb_dec_16way)
@@ -12479,7 +12694,7 @@ index ce71f92..2dd5b1e 100644
%xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9,
%xmm8, %rsi);
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(camellia_cbc_dec_16way)
@@ -12487,7 +12702,7 @@ index ce71f92..2dd5b1e 100644
%xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9,
%xmm8, %rsi);
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(camellia_ctr_16way)
@@ -12495,12 +12710,12 @@ index ce71f92..2dd5b1e 100644
%xmm15, %xmm14, %xmm13, %xmm12, %xmm11, %xmm10, %xmm9,
%xmm8, %rsi);
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(camellia_xts_crypt_16way)
diff --git a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
-index 0e0b886..8fc756a 100644
+index 0e0b886..5a3123c 100644
--- a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
+++ b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
@@ -11,6 +11,7 @@
@@ -12515,7 +12730,7 @@ index 0e0b886..8fc756a 100644
roundsm32(%ymm0, %ymm1, %ymm2, %ymm3, %ymm4, %ymm5, %ymm6, %ymm7,
%ymm8, %ymm9, %ymm10, %ymm11, %ymm12, %ymm13, %ymm14, %ymm15,
%rcx, (%r9));
-+ pax_force_retaddr_bts
++ pax_force_retaddr
ret;
ENDPROC(roundsm32_x0_x1_x2_x3_x4_x5_x6_x7_y0_y1_y2_y3_y4_y5_y6_y7_cd)
@@ -12523,7 +12738,7 @@ index 0e0b886..8fc756a 100644
roundsm32(%ymm4, %ymm5, %ymm6, %ymm7, %ymm0, %ymm1, %ymm2, %ymm3,
%ymm12, %ymm13, %ymm14, %ymm15, %ymm8, %ymm9, %ymm10, %ymm11,
%rax, (%r9));
-+ pax_force_retaddr_bts
++ pax_force_retaddr
ret;
ENDPROC(roundsm32_x4_x5_x6_x7_x0_x1_x2_x3_y4_y5_y6_y7_y0_y1_y2_y3_ab)
@@ -12531,7 +12746,7 @@ index 0e0b886..8fc756a 100644
%ymm8, %ymm9, %ymm10, %ymm11, %ymm12, %ymm13, %ymm14,
%ymm15, (key_table)(CTX, %r8, 8), (%rax), 1 * 32(%rax));
-+ pax_force_retaddr_bts
++ pax_force_retaddr
ret;
.align 8
@@ -12539,7 +12754,7 @@ index 0e0b886..8fc756a 100644
%ymm8, %ymm9, %ymm10, %ymm11, %ymm12, %ymm13, %ymm14,
%ymm15, (key_table)(CTX), (%rax), 1 * 32(%rax));
-+ pax_force_retaddr_bts
++ pax_force_retaddr
ret;
.align 8
@@ -12547,7 +12762,7 @@ index 0e0b886..8fc756a 100644
vzeroupper;
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(camellia_ecb_enc_32way)
@@ -12555,7 +12770,7 @@ index 0e0b886..8fc756a 100644
vzeroupper;
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(camellia_ecb_dec_32way)
@@ -12563,7 +12778,7 @@ index 0e0b886..8fc756a 100644
vzeroupper;
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(camellia_cbc_dec_32way)
@@ -12571,7 +12786,7 @@ index 0e0b886..8fc756a 100644
vzeroupper;
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(camellia_ctr_32way)
@@ -12579,12 +12794,12 @@ index 0e0b886..8fc756a 100644
vzeroupper;
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(camellia_xts_crypt_32way)
diff --git a/arch/x86/crypto/camellia-x86_64-asm_64.S b/arch/x86/crypto/camellia-x86_64-asm_64.S
-index 310319c..ce174a4 100644
+index 310319c..db3d7b5 100644
--- a/arch/x86/crypto/camellia-x86_64-asm_64.S
+++ b/arch/x86/crypto/camellia-x86_64-asm_64.S
@@ -21,6 +21,7 @@
@@ -12599,14 +12814,14 @@ index 310319c..ce174a4 100644
enc_outunpack(mov, RT1);
movq RRBP, %rbp;
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
.L__enc_xor:
enc_outunpack(xor, RT1);
movq RRBP, %rbp;
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(__camellia_enc_blk)
@@ -12614,7 +12829,7 @@ index 310319c..ce174a4 100644
dec_outunpack();
movq RRBP, %rbp;
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(camellia_dec_blk)
@@ -12622,7 +12837,7 @@ index 310319c..ce174a4 100644
movq RRBP, %rbp;
popq %rbx;
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
.L__enc2_xor:
@@ -12630,7 +12845,7 @@ index 310319c..ce174a4 100644
movq RRBP, %rbp;
popq %rbx;
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(__camellia_enc_blk_2way)
@@ -12638,11 +12853,11 @@ index 310319c..ce174a4 100644
movq RRBP, %rbp;
movq RXOR, %rbx;
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(camellia_dec_blk_2way)
diff --git a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S
-index c35fd5d..c1ee236 100644
+index c35fd5d..2d8c7db 100644
--- a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S
+++ b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S
@@ -24,6 +24,7 @@
@@ -12657,7 +12872,7 @@ index c35fd5d..c1ee236 100644
outunpack_blocks(RR3, RL3, RTMP, RX, RKM);
outunpack_blocks(RR4, RL4, RTMP, RX, RKM);
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(__cast5_enc_blk16)
@@ -12665,7 +12880,7 @@ index c35fd5d..c1ee236 100644
outunpack_blocks(RR3, RL3, RTMP, RX, RKM);
outunpack_blocks(RR4, RL4, RTMP, RX, RKM);
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
.L__skip_dec:
@@ -12685,23 +12900,103 @@ index c35fd5d..c1ee236 100644
ret;
ENDPROC(cast5_ecb_dec_16way)
-@@ -469,6 +474,7 @@ ENTRY(cast5_cbc_dec_16way)
+@@ -430,10 +435,10 @@ ENTRY(cast5_cbc_dec_16way)
+ * %rdx: src
+ */
- popq %r12;
+- pushq %r12;
++ pushq %r14;
+
+ movq %rsi, %r11;
+- movq %rdx, %r12;
++ movq %rdx, %r14;
+
+ vmovdqu (0*16)(%rdx), RL1;
+ vmovdqu (1*16)(%rdx), RR1;
+@@ -447,16 +452,16 @@ ENTRY(cast5_cbc_dec_16way)
+ call __cast5_dec_blk16;
+
+ /* xor with src */
+- vmovq (%r12), RX;
++ vmovq (%r14), RX;
+ vpshufd $0x4f, RX, RX;
+ vpxor RX, RR1, RR1;
+- vpxor 0*16+8(%r12), RL1, RL1;
+- vpxor 1*16+8(%r12), RR2, RR2;
+- vpxor 2*16+8(%r12), RL2, RL2;
+- vpxor 3*16+8(%r12), RR3, RR3;
+- vpxor 4*16+8(%r12), RL3, RL3;
+- vpxor 5*16+8(%r12), RR4, RR4;
+- vpxor 6*16+8(%r12), RL4, RL4;
++ vpxor 0*16+8(%r14), RL1, RL1;
++ vpxor 1*16+8(%r14), RR2, RR2;
++ vpxor 2*16+8(%r14), RL2, RL2;
++ vpxor 3*16+8(%r14), RR3, RR3;
++ vpxor 4*16+8(%r14), RL3, RL3;
++ vpxor 5*16+8(%r14), RR4, RR4;
++ vpxor 6*16+8(%r14), RL4, RL4;
+
+ vmovdqu RR1, (0*16)(%r11);
+ vmovdqu RL1, (1*16)(%r11);
+@@ -467,8 +472,9 @@ ENTRY(cast5_cbc_dec_16way)
+ vmovdqu RR4, (6*16)(%r11);
+ vmovdqu RL4, (7*16)(%r11);
+
+- popq %r12;
++ popq %r14;
+ pax_force_retaddr
ret;
ENDPROC(cast5_cbc_dec_16way)
-@@ -542,5 +548,6 @@ ENTRY(cast5_ctr_16way)
+@@ -480,10 +486,10 @@ ENTRY(cast5_ctr_16way)
+ * %rcx: iv (big endian, 64bit)
+ */
- popq %r12;
+- pushq %r12;
++ pushq %r14;
+
+ movq %rsi, %r11;
+- movq %rdx, %r12;
++ movq %rdx, %r14;
+
+ vpcmpeqd RTMP, RTMP, RTMP;
+ vpsrldq $8, RTMP, RTMP; /* low: -1, high: 0 */
+@@ -523,14 +529,14 @@ ENTRY(cast5_ctr_16way)
+ call __cast5_enc_blk16;
+
+ /* dst = src ^ iv */
+- vpxor (0*16)(%r12), RR1, RR1;
+- vpxor (1*16)(%r12), RL1, RL1;
+- vpxor (2*16)(%r12), RR2, RR2;
+- vpxor (3*16)(%r12), RL2, RL2;
+- vpxor (4*16)(%r12), RR3, RR3;
+- vpxor (5*16)(%r12), RL3, RL3;
+- vpxor (6*16)(%r12), RR4, RR4;
+- vpxor (7*16)(%r12), RL4, RL4;
++ vpxor (0*16)(%r14), RR1, RR1;
++ vpxor (1*16)(%r14), RL1, RL1;
++ vpxor (2*16)(%r14), RR2, RR2;
++ vpxor (3*16)(%r14), RL2, RL2;
++ vpxor (4*16)(%r14), RR3, RR3;
++ vpxor (5*16)(%r14), RL3, RL3;
++ vpxor (6*16)(%r14), RR4, RR4;
++ vpxor (7*16)(%r14), RL4, RL4;
+ vmovdqu RR1, (0*16)(%r11);
+ vmovdqu RL1, (1*16)(%r11);
+ vmovdqu RR2, (2*16)(%r11);
+@@ -540,7 +546,8 @@ ENTRY(cast5_ctr_16way)
+ vmovdqu RR4, (6*16)(%r11);
+ vmovdqu RL4, (7*16)(%r11);
+
+- popq %r12;
++ popq %r14;
+ pax_force_retaddr
ret;
ENDPROC(cast5_ctr_16way)
diff --git a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S
-index e3531f8..18ded3a 100644
+index e3531f8..e123f35 100644
--- a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S
+++ b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S
@@ -24,6 +24,7 @@
@@ -12716,7 +13011,7 @@ index e3531f8..18ded3a 100644
outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(__cast6_enc_blk8)
@@ -12724,7 +13019,7 @@ index e3531f8..18ded3a 100644
outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM);
outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM);
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(__cast6_dec_blk8)
@@ -12744,17 +13039,52 @@ index e3531f8..18ded3a 100644
ret;
ENDPROC(cast6_ecb_dec_8way)
-@@ -399,6 +404,7 @@ ENTRY(cast6_cbc_dec_8way)
+@@ -386,19 +391,20 @@ ENTRY(cast6_cbc_dec_8way)
+ * %rdx: src
+ */
+
+- pushq %r12;
++ pushq %r14;
- popq %r12;
+ movq %rsi, %r11;
+- movq %rdx, %r12;
++ movq %rdx, %r14;
+
+ load_8way(%rdx, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+
+ call __cast6_dec_blk8;
+
+- store_cbc_8way(%r12, %r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
++ store_cbc_8way(%r14, %r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+
+- popq %r12;
++ popq %r14;
+ pax_force_retaddr
ret;
ENDPROC(cast6_cbc_dec_8way)
-@@ -424,6 +430,7 @@ ENTRY(cast6_ctr_8way)
+@@ -410,20 +416,21 @@ ENTRY(cast6_ctr_8way)
+ * %rcx: iv (little endian, 128bit)
+ */
+
+- pushq %r12;
++ pushq %r14;
+
+ movq %rsi, %r11;
+- movq %rdx, %r12;
++ movq %rdx, %r14;
+
+ load_ctr_8way(%rcx, .Lbswap128_mask, RA1, RB1, RC1, RD1, RA2, RB2, RC2,
+ RD2, RX, RKR, RKM);
- popq %r12;
+ call __cast6_enc_blk8;
+
+- store_ctr_8way(%r12, %r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
++ store_ctr_8way(%r14, %r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+
+- popq %r12;
++ popq %r14;
+ pax_force_retaddr
ret;
@@ -12776,7 +13106,7 @@ index e3531f8..18ded3a 100644
ret;
ENDPROC(cast6_xts_dec_8way)
diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
-index dbc4339..3d868c5 100644
+index dbc4339..de6e120 100644
--- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
+++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S
@@ -45,6 +45,7 @@
@@ -12791,7 +13121,7 @@ index dbc4339..3d868c5 100644
popq %rsi
popq %rdi
popq %rbx
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
################################################################
@@ -12839,7 +13169,7 @@ index 586f41a..d02851e 100644
ret
ENDPROC(clmul_ghash_setkey)
diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S
-index 9279e0b..9270820 100644
+index 9279e0b..c4b3d2c 100644
--- a/arch/x86/crypto/salsa20-x86_64-asm_64.S
+++ b/arch/x86/crypto/salsa20-x86_64-asm_64.S
@@ -1,4 +1,5 @@
@@ -12852,7 +13182,7 @@ index 9279e0b..9270820 100644
add %r11,%rsp
mov %rdi,%rax
mov %rsi,%rdx
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
# bytesatleast65:
._bytesatleast65:
@@ -13056,7 +13386,7 @@ index acc066c..1559cc4 100644
ret;
ENDPROC(serpent_dec_blk_8way)
diff --git a/arch/x86/crypto/sha1_ssse3_asm.S b/arch/x86/crypto/sha1_ssse3_asm.S
-index a410950..3356d42 100644
+index a410950..9dfe7ad 100644
--- a/arch/x86/crypto/sha1_ssse3_asm.S
+++ b/arch/x86/crypto/sha1_ssse3_asm.S
@@ -29,6 +29,7 @@
@@ -13067,16 +13397,35 @@ index a410950..3356d42 100644
#define CTX %rdi // arg1
#define BUF %rsi // arg2
-@@ -104,6 +105,7 @@
- pop %r12
+@@ -75,9 +76,9 @@
+
+ push %rbx
+ push %rbp
+- push %r12
++ push %r14
+
+- mov %rsp, %r12
++ mov %rsp, %r14
+ sub $64, %rsp # allocate workspace
+ and $~15, %rsp # align stack
+
+@@ -99,11 +100,12 @@
+ xor %rax, %rax
+ rep stosq
+
+- mov %r12, %rsp # deallocate workspace
++ mov %r14, %rsp # deallocate workspace
+
+- pop %r12
++ pop %r14
pop %rbp
pop %rbx
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
ENDPROC(\name)
diff --git a/arch/x86/crypto/sha256-avx-asm.S b/arch/x86/crypto/sha256-avx-asm.S
-index 642f156..4ab07b9 100644
+index 642f156..51a513c 100644
--- a/arch/x86/crypto/sha256-avx-asm.S
+++ b/arch/x86/crypto/sha256-avx-asm.S
@@ -49,6 +49,7 @@
@@ -13091,12 +13440,12 @@ index 642f156..4ab07b9 100644
popq %r13
popq %rbp
popq %rbx
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
ENDPROC(sha256_transform_avx)
diff --git a/arch/x86/crypto/sha256-avx2-asm.S b/arch/x86/crypto/sha256-avx2-asm.S
-index 9e86944..2e7f95a 100644
+index 9e86944..3795e6a 100644
--- a/arch/x86/crypto/sha256-avx2-asm.S
+++ b/arch/x86/crypto/sha256-avx2-asm.S
@@ -50,6 +50,7 @@
@@ -13111,12 +13460,12 @@ index 9e86944..2e7f95a 100644
popq %r12
popq %rbp
popq %rbx
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
ENDPROC(sha256_transform_rorx)
diff --git a/arch/x86/crypto/sha256-ssse3-asm.S b/arch/x86/crypto/sha256-ssse3-asm.S
-index f833b74..c36ed14 100644
+index f833b74..8c62a9e 100644
--- a/arch/x86/crypto/sha256-ssse3-asm.S
+++ b/arch/x86/crypto/sha256-ssse3-asm.S
@@ -47,6 +47,7 @@
@@ -13131,12 +13480,12 @@ index f833b74..c36ed14 100644
popq %rbp
popq %rbx
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
ENDPROC(sha256_transform_ssse3)
diff --git a/arch/x86/crypto/sha512-avx-asm.S b/arch/x86/crypto/sha512-avx-asm.S
-index 974dde9..4533d34 100644
+index 974dde9..a823ff9 100644
--- a/arch/x86/crypto/sha512-avx-asm.S
+++ b/arch/x86/crypto/sha512-avx-asm.S
@@ -49,6 +49,7 @@
@@ -13151,12 +13500,12 @@ index 974dde9..4533d34 100644
mov frame_RSPSAVE(%rsp), %rsp
nowork:
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
ENDPROC(sha512_transform_avx)
diff --git a/arch/x86/crypto/sha512-avx2-asm.S b/arch/x86/crypto/sha512-avx2-asm.S
-index 568b961..061ef1d 100644
+index 568b961..ed20c37 100644
--- a/arch/x86/crypto/sha512-avx2-asm.S
+++ b/arch/x86/crypto/sha512-avx2-asm.S
@@ -51,6 +51,7 @@
@@ -13171,12 +13520,12 @@ index 568b961..061ef1d 100644
# Restore Stack Pointer
mov frame_RSPSAVE(%rsp), %rsp
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
ENDPROC(sha512_transform_rorx)
diff --git a/arch/x86/crypto/sha512-ssse3-asm.S b/arch/x86/crypto/sha512-ssse3-asm.S
-index fb56855..e23914f 100644
+index fb56855..6edd768 100644
--- a/arch/x86/crypto/sha512-ssse3-asm.S
+++ b/arch/x86/crypto/sha512-ssse3-asm.S
@@ -48,6 +48,7 @@
@@ -13191,12 +13540,12 @@ index fb56855..e23914f 100644
mov frame_RSPSAVE(%rsp), %rsp
nowork:
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
ENDPROC(sha512_transform_ssse3)
diff --git a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S
-index 0505813..63b1d00 100644
+index 0505813..b067311 100644
--- a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S
+++ b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S
@@ -24,6 +24,7 @@
@@ -13211,7 +13560,7 @@ index 0505813..63b1d00 100644
outunpack_blocks(RC1, RD1, RA1, RB1, RK1, RX0, RY0, RK2);
outunpack_blocks(RC2, RD2, RA2, RB2, RK1, RX0, RY0, RK2);
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(__twofish_enc_blk8)
@@ -13219,7 +13568,7 @@ index 0505813..63b1d00 100644
outunpack_blocks(RA1, RB1, RC1, RD1, RK1, RX0, RY0, RK2);
outunpack_blocks(RA2, RB2, RC2, RD2, RK1, RX0, RY0, RK2);
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(__twofish_dec_blk8)
@@ -13227,7 +13576,7 @@ index 0505813..63b1d00 100644
store_8way(%r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2);
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(twofish_ecb_enc_8way)
@@ -13235,23 +13584,58 @@ index 0505813..63b1d00 100644
store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(twofish_ecb_dec_8way)
-@@ -383,6 +388,7 @@ ENTRY(twofish_cbc_dec_8way)
+@@ -370,19 +375,20 @@ ENTRY(twofish_cbc_dec_8way)
+ * %rdx: src
+ */
- popq %r12;
+- pushq %r12;
++ pushq %r14;
-+ pax_force_retaddr 0, 1
+ movq %rsi, %r11;
+- movq %rdx, %r12;
++ movq %rdx, %r14;
+
+ load_8way(%rdx, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2);
+
+ call __twofish_dec_blk8;
+
+- store_cbc_8way(%r12, %r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
++ store_cbc_8way(%r14, %r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
+
+- popq %r12;
++ popq %r14;
+
++ pax_force_retaddr
ret;
ENDPROC(twofish_cbc_dec_8way)
-@@ -408,6 +414,7 @@ ENTRY(twofish_ctr_8way)
+@@ -394,20 +400,21 @@ ENTRY(twofish_ctr_8way)
+ * %rcx: iv (little endian, 128bit)
+ */
- popq %r12;
+- pushq %r12;
++ pushq %r14;
-+ pax_force_retaddr 0, 1
+ movq %rsi, %r11;
+- movq %rdx, %r12;
++ movq %rdx, %r14;
+
+ load_ctr_8way(%rcx, .Lbswap128_mask, RA1, RB1, RC1, RD1, RA2, RB2, RC2,
+ RD2, RX0, RX1, RY0);
+
+ call __twofish_enc_blk8;
+
+- store_ctr_8way(%r12, %r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2);
++ store_ctr_8way(%r14, %r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2);
+
+- popq %r12;
++ popq %r14;
+
++ pax_force_retaddr
ret;
ENDPROC(twofish_ctr_8way)
@@ -13259,7 +13643,7 @@ index 0505813..63b1d00 100644
/* dst <= regs xor IVs(in dst) */
store_xts_8way(%r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2);
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(twofish_xts_enc_8way)
@@ -13267,11 +13651,11 @@ index 0505813..63b1d00 100644
/* dst <= regs xor IVs(in dst) */
store_xts_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2);
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(twofish_xts_dec_8way)
diff --git a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
-index 1c3b7ce..b365c5e 100644
+index 1c3b7ce..02f578d 100644
--- a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
+++ b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
@@ -21,6 +21,7 @@
@@ -13286,7 +13670,7 @@ index 1c3b7ce..b365c5e 100644
popq %r13;
popq %r14;
popq %r15;
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
.L__enc_xor3:
@@ -13294,7 +13678,7 @@ index 1c3b7ce..b365c5e 100644
popq %r13;
popq %r14;
popq %r15;
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(__twofish_enc_blk_3way)
@@ -13302,11 +13686,11 @@ index 1c3b7ce..b365c5e 100644
popq %r13;
popq %r14;
popq %r15;
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret;
ENDPROC(twofish_dec_blk_3way)
diff --git a/arch/x86/crypto/twofish-x86_64-asm_64.S b/arch/x86/crypto/twofish-x86_64-asm_64.S
-index a039d21..29e7615 100644
+index a039d21..524b8b2 100644
--- a/arch/x86/crypto/twofish-x86_64-asm_64.S
+++ b/arch/x86/crypto/twofish-x86_64-asm_64.S
@@ -22,6 +22,7 @@
@@ -13321,7 +13705,7 @@ index a039d21..29e7615 100644
popq R1
movq $1,%rax
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
ENDPROC(twofish_enc_blk)
@@ -13329,7 +13713,7 @@ index a039d21..29e7615 100644
popq R1
movq $1,%rax
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
ENDPROC(twofish_dec_blk)
diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c
@@ -13399,7 +13783,7 @@ index 665a730..8e7a67a 100644
err |= copy_siginfo_to_user32(&frame->info, &ksig->info);
diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S
-index 4299eb0..904b82a 100644
+index 4299eb0..c0687a7 100644
--- a/arch/x86/ia32/ia32entry.S
+++ b/arch/x86/ia32/ia32entry.S
@@ -15,8 +15,10 @@
@@ -13413,6 +13797,24 @@ index 4299eb0..904b82a 100644
/* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
#include <linux/elf-em.h>
+@@ -62,12 +64,12 @@
+ */
+ .macro LOAD_ARGS32 offset, _r9=0
+ .if \_r9
+- movl \offset+16(%rsp),%r9d
++ movl \offset+R9(%rsp),%r9d
+ .endif
+- movl \offset+40(%rsp),%ecx
+- movl \offset+48(%rsp),%edx
+- movl \offset+56(%rsp),%esi
+- movl \offset+64(%rsp),%edi
++ movl \offset+RCX(%rsp),%ecx
++ movl \offset+RDX(%rsp),%edx
++ movl \offset+RSI(%rsp),%esi
++ movl \offset+RDI(%rsp),%edi
+ movl %eax,%eax /* zero extension */
+ .endm
+
@@ -96,6 +98,32 @@ ENTRY(native_irq_enable_sysexit)
ENDPROC(native_irq_enable_sysexit)
#endif
@@ -13514,7 +13916,7 @@ index 4299eb0..904b82a 100644
CFI_REMEMBER_STATE
jnz sysenter_tracesys
cmpq $(IA32_NR_syscalls-1),%rax
-@@ -162,12 +209,15 @@ sysenter_do_call:
+@@ -162,15 +209,18 @@ sysenter_do_call:
sysenter_dispatch:
call *ia32_sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
@@ -13530,8 +13932,13 @@ index 4299eb0..904b82a 100644
+ pax_erase_kstack
+ andl $~TS_COMPAT,TI_status(%r11)
/* clear IF, that popfq doesn't enable interrupts early */
- andl $~0x200,EFLAGS-R11(%rsp)
- movl RIP-R11(%rsp),%edx /* User %eip */
+- andl $~0x200,EFLAGS-R11(%rsp)
+- movl RIP-R11(%rsp),%edx /* User %eip */
++ andl $~X86_EFLAGS_IF,EFLAGS(%rsp)
++ movl RIP(%rsp),%edx /* User %eip */
+ CFI_REGISTER rip,rdx
+ RESTORE_ARGS 0,24,0,0,0,0
+ xorq %r8,%r8
@@ -193,6 +243,9 @@ sysexit_from_sys_call:
movl %eax,%esi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_I386,%edi /* 1st arg: audit arch */
@@ -13640,7 +14047,7 @@ index 4299eb0..904b82a 100644
CFI_REMEMBER_STATE
jnz cstar_tracesys
cmpq $IA32_NR_syscalls-1,%rax
-@@ -319,12 +395,15 @@ cstar_do_call:
+@@ -319,13 +395,16 @@ cstar_do_call:
cstar_dispatch:
call *ia32_sys_call_table(,%rax,8)
movq %rax,RAX-ARGOFFSET(%rsp)
@@ -13652,12 +14059,14 @@ index 4299eb0..904b82a 100644
jnz sysretl_audit
sysretl_from_sys_call:
- andl $~TS_COMPAT,TI_status+THREAD_INFO(%rsp,RIP-ARGOFFSET)
+- RESTORE_ARGS 0,-ARG_SKIP,0,0,0
+ pax_exit_kernel_user
+ pax_erase_kstack
+ andl $~TS_COMPAT,TI_status(%r11)
- RESTORE_ARGS 0,-ARG_SKIP,0,0,0
++ RESTORE_ARGS 0,-ORIG_RAX,0,0,0
movl RIP-ARGOFFSET(%rsp),%ecx
CFI_REGISTER rip,rcx
+ movl EFLAGS-ARGOFFSET(%rsp),%r11d
@@ -352,7 +431,7 @@ sysretl_audit:
cstar_tracesys:
@@ -13747,7 +14156,7 @@ index 8e0ceec..af13504 100644
SET_GID(gid, from_kgid_munged(current_user_ns(), stat->gid));
if (!access_ok(VERIFY_WRITE, ubuf, sizeof(struct stat64)) ||
diff --git a/arch/x86/include/asm/alternative-asm.h b/arch/x86/include/asm/alternative-asm.h
-index 372231c..a5aa1a1 100644
+index 372231c..51b537d 100644
--- a/arch/x86/include/asm/alternative-asm.h
+++ b/arch/x86/include/asm/alternative-asm.h
@@ -18,6 +18,45 @@
@@ -13773,13 +14182,13 @@ index 372231c..a5aa1a1 100644
+ .if \reload
+ pax_set_fptr_mask
+ .endif
-+ orq %r10,\rip(%rsp)
++ orq %r12,\rip(%rsp)
+ .endm
+ .macro pax_force_fptr ptr
-+ orq %r10,\ptr
++ orq %r12,\ptr
+ .endm
+ .macro pax_set_fptr_mask
-+ movabs $0x8000000000000000,%r10
++ movabs $0x8000000000000000,%r12
+ .endm
+#endif
+#else
@@ -13854,7 +14263,7 @@ index 20370c6..a2eb9b0 100644
"popl %%ebp\n\t"
"popl %%edi\n\t"
diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h
-index 722aa3b..3a0bb27 100644
+index 722aa3b..c392d85 100644
--- a/arch/x86/include/asm/atomic.h
+++ b/arch/x86/include/asm/atomic.h
@@ -22,7 +22,18 @@
@@ -13871,7 +14280,7 @@ index 722aa3b..3a0bb27 100644
+ *
+ * Atomically reads the value of @v.
+ */
-+static inline int atomic_read_unchecked(const atomic_unchecked_t *v)
++static inline int __intentional_overflow(-1) atomic_read_unchecked(const atomic_unchecked_t *v)
+{
+ return (*(volatile const int *)&(v)->counter);
}
@@ -14126,7 +14535,7 @@ index 722aa3b..3a0bb27 100644
return i + xadd(&v->counter, i);
}
-@@ -188,6 +362,10 @@ static inline int atomic_sub_return(int i, atomic_t *v)
+@@ -188,9 +362,18 @@ static inline int atomic_sub_return(int i, atomic_t *v)
}
#define atomic_inc_return(v) (atomic_add_return(1, v))
@@ -14136,18 +14545,17 @@ index 722aa3b..3a0bb27 100644
+}
#define atomic_dec_return(v) (atomic_sub_return(1, v))
- static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
-@@ -195,11 +373,21 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
- return cmpxchg(&v->counter, old, new);
- }
-
-+static inline int atomic_cmpxchg_unchecked(atomic_unchecked_t *v, int old, int new)
+-static inline int atomic_cmpxchg(atomic_t *v, int old, int new)
++static inline int __intentional_overflow(-1) atomic_cmpxchg(atomic_t *v, int old, int new)
+{
+ return cmpxchg(&v->counter, old, new);
+}
+
- static inline int atomic_xchg(atomic_t *v, int new)
++static inline int atomic_cmpxchg_unchecked(atomic_unchecked_t *v, int old, int new)
{
+ return cmpxchg(&v->counter, old, new);
+ }
+@@ -200,6 +383,11 @@ static inline int atomic_xchg(atomic_t *v, int new)
return xchg(&v->counter, new);
}
@@ -14159,9 +14567,12 @@ index 722aa3b..3a0bb27 100644
/**
* __atomic_add_unless - add unless the number is already a given value
* @v: pointer of type atomic_t
-@@ -211,12 +399,25 @@ static inline int atomic_xchg(atomic_t *v, int new)
+@@ -209,14 +397,27 @@ static inline int atomic_xchg(atomic_t *v, int new)
+ * Atomically adds @a to @v, so long as @v was not already @u.
+ * Returns the old value of @v.
*/
- static inline int __atomic_add_unless(atomic_t *v, int a, int u)
+-static inline int __atomic_add_unless(atomic_t *v, int a, int u)
++static inline int __intentional_overflow(-1) __atomic_add_unless(atomic_t *v, int a, int u)
{
- int c, old;
+ int c, old, new;
@@ -14284,7 +14695,7 @@ index 722aa3b..3a0bb27 100644
/* Atomic operations are already serializing on x86 */
#define smp_mb__before_atomic_dec() barrier()
diff --git a/arch/x86/include/asm/atomic64_32.h b/arch/x86/include/asm/atomic64_32.h
-index b154de7..aadebd8 100644
+index b154de7..bf18a5a 100644
--- a/arch/x86/include/asm/atomic64_32.h
+++ b/arch/x86/include/asm/atomic64_32.h
@@ -12,6 +12,14 @@ typedef struct {
@@ -14388,7 +14799,7 @@ index b154de7..aadebd8 100644
+ *
+ * Atomically reads the value of @v and returns it.
+ */
-+static inline long long atomic64_read_unchecked(atomic64_unchecked_t *v)
++static inline long long __intentional_overflow(-1) atomic64_read_unchecked(atomic64_unchecked_t *v)
+{
+ long long r;
+ alternative_atomic64(read, "=&A" (r), "c" (v) : "memory");
@@ -14459,7 +14870,7 @@ index b154de7..aadebd8 100644
* @i: integer value to subtract
* @v: pointer to type atomic64_t
diff --git a/arch/x86/include/asm/atomic64_64.h b/arch/x86/include/asm/atomic64_64.h
-index 0e1cbfc..5623683 100644
+index 0e1cbfc..a891fc7 100644
--- a/arch/x86/include/asm/atomic64_64.h
+++ b/arch/x86/include/asm/atomic64_64.h
@@ -18,7 +18,19 @@
@@ -14477,7 +14888,7 @@ index 0e1cbfc..5623683 100644
+ * Atomically reads the value of @v.
+ * Doesn't imply a read memory barrier.
+ */
-+static inline long atomic64_read_unchecked(const atomic64_unchecked_t *v)
++static inline long __intentional_overflow(-1) atomic64_read_unchecked(const atomic64_unchecked_t *v)
+{
+ return (*(volatile const long *)&(v)->counter);
}
@@ -14881,6 +15292,178 @@ index 9863ee3..4a1f8e1 100644
else if (pg_flags == _PGMT_WC)
return _PAGE_CACHE_WC;
else if (pg_flags == _PGMT_UC_MINUS)
+diff --git a/arch/x86/include/asm/calling.h b/arch/x86/include/asm/calling.h
+index 0fa6750..cb7b2c3 100644
+--- a/arch/x86/include/asm/calling.h
++++ b/arch/x86/include/asm/calling.h
+@@ -80,103 +80,113 @@ For 32-bit we have the following conventions - kernel is built with
+ #define RSP 152
+ #define SS 160
+
+-#define ARGOFFSET R11
+-#define SWFRAME ORIG_RAX
++#define ARGOFFSET R15
+
+ .macro SAVE_ARGS addskip=0, save_rcx=1, save_r891011=1
+- subq $9*8+\addskip, %rsp
+- CFI_ADJUST_CFA_OFFSET 9*8+\addskip
+- movq_cfi rdi, 8*8
+- movq_cfi rsi, 7*8
+- movq_cfi rdx, 6*8
++ subq $ORIG_RAX-ARGOFFSET+\addskip, %rsp
++ CFI_ADJUST_CFA_OFFSET ORIG_RAX-ARGOFFSET+\addskip
++ movq_cfi rdi, RDI
++ movq_cfi rsi, RSI
++ movq_cfi rdx, RDX
+
+ .if \save_rcx
+- movq_cfi rcx, 5*8
++ movq_cfi rcx, RCX
+ .endif
+
+- movq_cfi rax, 4*8
++ movq_cfi rax, RAX
+
+ .if \save_r891011
+- movq_cfi r8, 3*8
+- movq_cfi r9, 2*8
+- movq_cfi r10, 1*8
+- movq_cfi r11, 0*8
++ movq_cfi r8, R8
++ movq_cfi r9, R9
++ movq_cfi r10, R10
++ movq_cfi r11, R11
+ .endif
+
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR
++ movq_cfi r12, R12
++#endif
++
+ .endm
+
+-#define ARG_SKIP (9*8)
++#define ARG_SKIP ORIG_RAX
+
+ .macro RESTORE_ARGS rstor_rax=1, addskip=0, rstor_rcx=1, rstor_r11=1, \
+ rstor_r8910=1, rstor_rdx=1
++
++#ifdef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR
++ movq_cfi_restore R12, r12
++#endif
++
+ .if \rstor_r11
+- movq_cfi_restore 0*8, r11
++ movq_cfi_restore R11, r11
+ .endif
+
+ .if \rstor_r8910
+- movq_cfi_restore 1*8, r10
+- movq_cfi_restore 2*8, r9
+- movq_cfi_restore 3*8, r8
++ movq_cfi_restore R10, r10
++ movq_cfi_restore R9, r9
++ movq_cfi_restore R8, r8
+ .endif
+
+ .if \rstor_rax
+- movq_cfi_restore 4*8, rax
++ movq_cfi_restore RAX, rax
+ .endif
+
+ .if \rstor_rcx
+- movq_cfi_restore 5*8, rcx
++ movq_cfi_restore RCX, rcx
+ .endif
+
+ .if \rstor_rdx
+- movq_cfi_restore 6*8, rdx
++ movq_cfi_restore RDX, rdx
+ .endif
+
+- movq_cfi_restore 7*8, rsi
+- movq_cfi_restore 8*8, rdi
++ movq_cfi_restore RSI, rsi
++ movq_cfi_restore RDI, rdi
+
+- .if ARG_SKIP+\addskip > 0
+- addq $ARG_SKIP+\addskip, %rsp
+- CFI_ADJUST_CFA_OFFSET -(ARG_SKIP+\addskip)
++ .if ORIG_RAX+\addskip > 0
++ addq $ORIG_RAX+\addskip, %rsp
++ CFI_ADJUST_CFA_OFFSET -(ORIG_RAX+\addskip)
+ .endif
+ .endm
+
+- .macro LOAD_ARGS offset, skiprax=0
+- movq \offset(%rsp), %r11
+- movq \offset+8(%rsp), %r10
+- movq \offset+16(%rsp), %r9
+- movq \offset+24(%rsp), %r8
+- movq \offset+40(%rsp), %rcx
+- movq \offset+48(%rsp), %rdx
+- movq \offset+56(%rsp), %rsi
+- movq \offset+64(%rsp), %rdi
++ .macro LOAD_ARGS skiprax=0
++ movq R11(%rsp), %r11
++ movq R10(%rsp), %r10
++ movq R9(%rsp), %r9
++ movq R8(%rsp), %r8
++ movq RCX(%rsp), %rcx
++ movq RDX(%rsp), %rdx
++ movq RSI(%rsp), %rsi
++ movq RDI(%rsp), %rdi
+ .if \skiprax
+ .else
+- movq \offset+72(%rsp), %rax
++ movq RAX(%rsp), %rax
+ .endif
+ .endm
+
+-#define REST_SKIP (6*8)
+-
+ .macro SAVE_REST
+- subq $REST_SKIP, %rsp
+- CFI_ADJUST_CFA_OFFSET REST_SKIP
+- movq_cfi rbx, 5*8
+- movq_cfi rbp, 4*8
+- movq_cfi r12, 3*8
+- movq_cfi r13, 2*8
+- movq_cfi r14, 1*8
+- movq_cfi r15, 0*8
++ movq_cfi rbx, RBX
++ movq_cfi rbp, RBP
++
++#ifndef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR
++ movq_cfi r12, R12
++#endif
++
++ movq_cfi r13, R13
++ movq_cfi r14, R14
++ movq_cfi r15, R15
+ .endm
+
+ .macro RESTORE_REST
+- movq_cfi_restore 0*8, r15
+- movq_cfi_restore 1*8, r14
+- movq_cfi_restore 2*8, r13
+- movq_cfi_restore 3*8, r12
+- movq_cfi_restore 4*8, rbp
+- movq_cfi_restore 5*8, rbx
+- addq $REST_SKIP, %rsp
+- CFI_ADJUST_CFA_OFFSET -(REST_SKIP)
++ movq_cfi_restore R15, r15
++ movq_cfi_restore R14, r14
++ movq_cfi_restore R13, r13
++
++#ifndef CONFIG_PAX_KERNEXEC_PLUGIN_METHOD_OR
++ movq_cfi_restore R12, r12
++#endif
++
++ movq_cfi_restore RBP, rbp
++ movq_cfi_restore RBX, rbx
+ .endm
+
+ .macro SAVE_ALL
diff --git a/arch/x86/include/asm/checksum_32.h b/arch/x86/include/asm/checksum_32.h
index f50de69..2b0a458 100644
--- a/arch/x86/include/asm/checksum_32.h
@@ -18961,6 +19544,18 @@ index bbae024..e1528f9 100644
#define BIOS_END 0x00100000
#define BIOS_ROM_BASE 0xffe00000
+diff --git a/arch/x86/include/uapi/asm/ptrace-abi.h b/arch/x86/include/uapi/asm/ptrace-abi.h
+index 7b0a55a..ad115bf 100644
+--- a/arch/x86/include/uapi/asm/ptrace-abi.h
++++ b/arch/x86/include/uapi/asm/ptrace-abi.h
+@@ -49,7 +49,6 @@
+ #define EFLAGS 144
+ #define RSP 152
+ #define SS 160
+-#define ARGOFFSET R11
+ #endif /* __ASSEMBLY__ */
+
+ /* top of stack page */
diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile
index a5408b9..5133813 100644
--- a/arch/x86/kernel/Makefile
@@ -21406,7 +22001,7 @@ index f0dcb0c..9f39b80 100644
/*
diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index b077f4c..feb26c1 100644
+index b077f4c..8e0df9f 100644
--- a/arch/x86/kernel/entry_64.S
+++ b/arch/x86/kernel/entry_64.S
@@ -59,6 +59,8 @@
@@ -21924,27 +22519,84 @@ index b077f4c..feb26c1 100644
.macro TRACE_IRQS_IRETQ offset=ARGOFFSET
#ifdef CONFIG_TRACE_IRQFLAGS
-@@ -375,8 +808,8 @@ ENDPROC(native_usergs_sysret64)
+@@ -320,7 +753,7 @@ ENDPROC(native_usergs_sysret64)
+ .endm
+
+ .macro TRACE_IRQS_IRETQ_DEBUG offset=ARGOFFSET
+- bt $9,EFLAGS-\offset(%rsp) /* interrupts off? */
++ bt $X86_EFLAGS_IF_BIT,EFLAGS-\offset(%rsp) /* interrupts off? */
+ jnc 1f
+ TRACE_IRQS_ON_DEBUG
+ 1:
+@@ -358,27 +791,6 @@ ENDPROC(native_usergs_sysret64)
+ movq \tmp,R11+\offset(%rsp)
.endm
- .macro UNFAKE_STACK_FRAME
+- .macro FAKE_STACK_FRAME child_rip
+- /* push in order ss, rsp, eflags, cs, rip */
+- xorl %eax, %eax
+- pushq_cfi $__KERNEL_DS /* ss */
+- /*CFI_REL_OFFSET ss,0*/
+- pushq_cfi %rax /* rsp */
+- CFI_REL_OFFSET rsp,0
+- pushq_cfi $(X86_EFLAGS_IF|X86_EFLAGS_FIXED) /* eflags - interrupts on */
+- /*CFI_REL_OFFSET rflags,0*/
+- pushq_cfi $__KERNEL_CS /* cs */
+- /*CFI_REL_OFFSET cs,0*/
+- pushq_cfi \child_rip /* rip */
+- CFI_REL_OFFSET rip,0
+- pushq_cfi %rax /* orig rax */
+- .endm
+-
+- .macro UNFAKE_STACK_FRAME
- addq $8*6, %rsp
- CFI_ADJUST_CFA_OFFSET -(6*8)
-+ addq $8*6 + ARG_SKIP, %rsp
-+ CFI_ADJUST_CFA_OFFSET -(6*8 + ARG_SKIP)
- .endm
-
+- .endm
+-
/*
-@@ -463,7 +896,7 @@ ENDPROC(native_usergs_sysret64)
+ * initial frame state for interrupts (and exceptions without error code)
+ */
+@@ -445,25 +857,26 @@ ENDPROC(native_usergs_sysret64)
+ /* save partial stack frame */
+ .macro SAVE_ARGS_IRQ
+ cld
+- /* start from rbp in pt_regs and jump over */
+- movq_cfi rdi, (RDI-RBP)
+- movq_cfi rsi, (RSI-RBP)
+- movq_cfi rdx, (RDX-RBP)
+- movq_cfi rcx, (RCX-RBP)
+- movq_cfi rax, (RAX-RBP)
+- movq_cfi r8, (R8-RBP)
+- movq_cfi r9, (R9-RBP)
+- movq_cfi r10, (R10-RBP)
+- movq_cfi r11, (R11-RBP)
++ /* start from r15 in pt_regs and jump over */
++ movq_cfi rdi, RDI
++ movq_cfi rsi, RSI
++ movq_cfi rdx, RDX
++ movq_cfi rcx, RCX
++ movq_cfi rax, RAX
++ movq_cfi r8, R8
++ movq_cfi r9, R9
++ movq_cfi r10, R10
++ movq_cfi r11, R11
++ movq_cfi r12, R12
+
+ /* Save rbp so that we can unwind from get_irq_regs() */
+- movq_cfi rbp, 0
++ movq_cfi rbp, RBP
+
+ /* Save previous stack value */
movq %rsp, %rsi
- leaq -RBP(%rsp),%rdi /* arg1 for handler */
+- leaq -RBP(%rsp),%rdi /* arg1 for handler */
- testl $3, CS-RBP(%rsi)
-+ testb $3, CS-RBP(%rsi)
++ movq %rsp,%rdi /* arg1 for handler */
++ testb $3, CS(%rsi)
je 1f
SWAPGS
/*
-@@ -514,9 +947,10 @@ ENTRY(save_paranoid)
+@@ -514,9 +927,10 @@ ENTRY(save_paranoid)
js 1f /* negative -> in kernel */
SWAPGS
xorl %ebx,%ebx
@@ -21957,7 +22609,7 @@ index b077f4c..feb26c1 100644
.popsection
/*
-@@ -538,7 +972,7 @@ ENTRY(ret_from_fork)
+@@ -538,7 +952,7 @@ ENTRY(ret_from_fork)
RESTORE_REST
@@ -21966,7 +22618,15 @@ index b077f4c..feb26c1 100644
jz 1f
testl $_TIF_IA32, TI_flags(%rcx) # 32-bit compat task needs IRET
-@@ -556,7 +990,7 @@ ENTRY(ret_from_fork)
+@@ -548,15 +962,13 @@ ENTRY(ret_from_fork)
+ jmp ret_from_sys_call # go to the SYSRET fastpath
+
+ 1:
+- subq $REST_SKIP, %rsp # leave space for volatiles
+- CFI_ADJUST_CFA_OFFSET REST_SKIP
+ movq %rbp, %rdi
+ call *%rbx
+ movl $0, RAX(%rsp)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -21975,7 +22635,7 @@ index b077f4c..feb26c1 100644
/*
* System call entry. Up to 6 arguments in registers are supported.
-@@ -593,7 +1027,7 @@ END(ret_from_fork)
+@@ -593,7 +1005,7 @@ END(ret_from_fork)
ENTRY(system_call)
CFI_STARTPROC simple
CFI_SIGNAL_FRAME
@@ -21984,7 +22644,7 @@ index b077f4c..feb26c1 100644
CFI_REGISTER rip,rcx
/*CFI_REGISTER rflags,r11*/
SWAPGS_UNSAFE_STACK
-@@ -606,16 +1040,23 @@ GLOBAL(system_call_after_swapgs)
+@@ -606,16 +1018,23 @@ GLOBAL(system_call_after_swapgs)
movq %rsp,PER_CPU_VAR(old_rsp)
movq PER_CPU_VAR(kernel_stack),%rsp
@@ -22010,16 +22670,7 @@ index b077f4c..feb26c1 100644
jnz tracesys
system_call_fastpath:
#if __SYSCALL_MASK == ~0
-@@ -625,7 +1066,7 @@ system_call_fastpath:
- cmpl $__NR_syscall_max,%eax
- #endif
- ja badsys
-- movq %r10,%rcx
-+ movq R10-ARGOFFSET(%rsp),%rcx
- call *sys_call_table(,%rax,8) # XXX: rip relative
- movq %rax,RAX-ARGOFFSET(%rsp)
- /*
-@@ -639,10 +1080,13 @@ sysret_check:
+@@ -639,10 +1058,13 @@ sysret_check:
LOCKDEP_SYS_EXIT
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
@@ -22034,15 +22685,7 @@ index b077f4c..feb26c1 100644
/*
* sysretq will re-enable interrupts:
*/
-@@ -694,14 +1138,18 @@ badsys:
- * jump back to the normal fast path.
- */
- auditsys:
-- movq %r10,%r9 /* 6th arg: 4th syscall arg */
-+ movq R10-ARGOFFSET(%rsp),%r9 /* 6th arg: 4th syscall arg */
- movq %rdx,%r8 /* 5th arg: 3rd syscall arg */
- movq %rsi,%rcx /* 4th arg: 2nd syscall arg */
- movq %rdi,%rdx /* 3rd arg: 1st syscall arg */
+@@ -701,6 +1123,9 @@ auditsys:
movq %rax,%rsi /* 2nd arg: syscall number */
movl $AUDIT_ARCH_X86_64,%edi /* 1st arg: audit arch */
call __audit_syscall_entry
@@ -22050,11 +22693,9 @@ index b077f4c..feb26c1 100644
+ pax_erase_kstack
+
LOAD_ARGS 0 /* reload call-clobbered registers */
-+ pax_set_fptr_mask
jmp system_call_fastpath
- /*
-@@ -722,7 +1170,7 @@ sysret_audit:
+@@ -722,7 +1147,7 @@ sysret_audit:
/* Do syscall tracing */
tracesys:
#ifdef CONFIG_AUDITSYSCALL
@@ -22063,7 +22704,7 @@ index b077f4c..feb26c1 100644
jz auditsys
#endif
SAVE_REST
-@@ -730,12 +1178,16 @@ tracesys:
+@@ -730,12 +1155,15 @@ tracesys:
FIXUP_TOP_OF_STACK %rdi
movq %rsp,%rdi
call syscall_trace_enter
@@ -22075,21 +22716,12 @@ index b077f4c..feb26c1 100644
* We don't reload %rax because syscall_trace_enter() returned
* the value it wants us to use in the table lookup.
*/
- LOAD_ARGS ARGOFFSET, 1
-+ pax_set_fptr_mask
+- LOAD_ARGS ARGOFFSET, 1
++ LOAD_ARGS 1
RESTORE_REST
#if __SYSCALL_MASK == ~0
cmpq $__NR_syscall_max,%rax
-@@ -744,7 +1196,7 @@ tracesys:
- cmpl $__NR_syscall_max,%eax
- #endif
- ja int_ret_from_sys_call /* RAX(%rsp) set to -ENOSYS above */
-- movq %r10,%rcx /* fixup for C */
-+ movq R10-ARGOFFSET(%rsp),%rcx /* fixup for C */
- call *sys_call_table(,%rax,8)
- movq %rax,RAX-ARGOFFSET(%rsp)
- /* Use IRET because user could have changed frame */
-@@ -765,7 +1217,9 @@ GLOBAL(int_with_check)
+@@ -765,7 +1193,9 @@ GLOBAL(int_with_check)
andl %edi,%edx
jnz int_careful
andl $~TS_COMPAT,TI_status(%rcx)
@@ -22100,7 +22732,7 @@ index b077f4c..feb26c1 100644
/* Either reschedule or signal or syscall exit tracking needed. */
/* First do a reschedule test. */
-@@ -811,7 +1265,7 @@ int_restore_rest:
+@@ -811,7 +1241,7 @@ int_restore_rest:
TRACE_IRQS_OFF
jmp int_with_check
CFI_ENDPROC
@@ -22109,19 +22741,20 @@ index b077f4c..feb26c1 100644
.macro FORK_LIKE func
ENTRY(stub_\func)
-@@ -824,9 +1278,10 @@ ENTRY(stub_\func)
+@@ -824,9 +1254,10 @@ ENTRY(stub_\func)
DEFAULT_FRAME 0 8 /* offset 8: return address */
call sys_\func
RESTORE_TOP_OF_STACK %r11, 8
+- ret $REST_SKIP /* pop extended registers */
+ pax_force_retaddr
- ret $REST_SKIP /* pop extended registers */
++ ret
CFI_ENDPROC
-END(stub_\func)
+ENDPROC(stub_\func)
.endm
.macro FIXED_FRAME label,func
-@@ -836,9 +1291,10 @@ ENTRY(\label)
+@@ -836,9 +1267,10 @@ ENTRY(\label)
FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET
call \func
RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET
@@ -22133,19 +22766,27 @@ index b077f4c..feb26c1 100644
.endm
FORK_LIKE clone
-@@ -855,9 +1311,10 @@ ENTRY(ptregscall_common)
- movq_cfi_restore R12+8, r12
- movq_cfi_restore RBP+8, rbp
- movq_cfi_restore RBX+8, rbx
-+ pax_force_retaddr
- ret $REST_SKIP /* pop extended registers */
- CFI_ENDPROC
+@@ -846,19 +1278,6 @@ END(\label)
+ FORK_LIKE vfork
+ FIXED_FRAME stub_iopl, sys_iopl
+
+-ENTRY(ptregscall_common)
+- DEFAULT_FRAME 1 8 /* offset 8: return address */
+- RESTORE_TOP_OF_STACK %r11, 8
+- movq_cfi_restore R15+8, r15
+- movq_cfi_restore R14+8, r14
+- movq_cfi_restore R13+8, r13
+- movq_cfi_restore R12+8, r12
+- movq_cfi_restore RBP+8, rbp
+- movq_cfi_restore RBX+8, rbx
+- ret $REST_SKIP /* pop extended registers */
+- CFI_ENDPROC
-END(ptregscall_common)
-+ENDPROC(ptregscall_common)
-
+-
ENTRY(stub_execve)
CFI_STARTPROC
-@@ -870,7 +1327,7 @@ ENTRY(stub_execve)
+ addq $8, %rsp
+@@ -870,7 +1289,7 @@ ENTRY(stub_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -22154,7 +22795,7 @@ index b077f4c..feb26c1 100644
/*
* sigreturn is special because it needs to restore all registers on return.
-@@ -887,7 +1344,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -887,7 +1306,7 @@ ENTRY(stub_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -22163,7 +22804,7 @@ index b077f4c..feb26c1 100644
#ifdef CONFIG_X86_X32_ABI
ENTRY(stub_x32_rt_sigreturn)
-@@ -901,7 +1358,7 @@ ENTRY(stub_x32_rt_sigreturn)
+@@ -901,7 +1320,7 @@ ENTRY(stub_x32_rt_sigreturn)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -22172,7 +22813,7 @@ index b077f4c..feb26c1 100644
ENTRY(stub_x32_execve)
CFI_STARTPROC
-@@ -915,7 +1372,7 @@ ENTRY(stub_x32_execve)
+@@ -915,7 +1334,7 @@ ENTRY(stub_x32_execve)
RESTORE_REST
jmp int_ret_from_sys_call
CFI_ENDPROC
@@ -22181,7 +22822,7 @@ index b077f4c..feb26c1 100644
#endif
-@@ -952,7 +1409,7 @@ vector=vector+1
+@@ -952,7 +1371,7 @@ vector=vector+1
2: jmp common_interrupt
.endr
CFI_ENDPROC
@@ -22190,9 +22831,14 @@ index b077f4c..feb26c1 100644
.previous
END(interrupt)
-@@ -972,6 +1429,16 @@ END(interrupt)
- subq $ORIG_RAX-RBP, %rsp
- CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
+@@ -969,9 +1388,19 @@ END(interrupt)
+ /* 0(%rsp): ~(interrupt number) */
+ .macro interrupt func
+ /* reserve pt_regs for scratch regs and rbp */
+- subq $ORIG_RAX-RBP, %rsp
+- CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
++ subq $ORIG_RAX, %rsp
++ CFI_ADJUST_CFA_OFFSET ORIG_RAX
SAVE_ARGS_IRQ
+#ifdef CONFIG_PAX_MEMORY_UDEREF
+ testb $3, CS(%rdi)
@@ -22207,7 +22853,17 @@ index b077f4c..feb26c1 100644
call \func
.endm
-@@ -1004,7 +1471,7 @@ ret_from_intr:
+@@ -997,14 +1426,14 @@ ret_from_intr:
+
+ /* Restore saved previous stack */
+ popq %rsi
+- CFI_DEF_CFA rsi,SS+8-RBP /* reg/off reset after def_cfa_expr */
+- leaq ARGOFFSET-RBP(%rsi), %rsp
++ CFI_DEF_CFA rsi,SS+8 /* reg/off reset after def_cfa_expr */
++ movq %rsi, %rsp
+ CFI_DEF_CFA_REGISTER rsp
+- CFI_ADJUST_CFA_OFFSET RBP-ARGOFFSET
++ CFI_ADJUST_CFA_OFFSET -ARGOFFSET
exit_intr:
GET_THREAD_INFO(%rcx)
@@ -22216,7 +22872,7 @@ index b077f4c..feb26c1 100644
je retint_kernel
/* Interrupt came from user space */
-@@ -1026,12 +1493,16 @@ retint_swapgs: /* return to user-space */
+@@ -1026,12 +1455,16 @@ retint_swapgs: /* return to user-space */
* The iretq could re-enable interrupts:
*/
DISABLE_INTERRUPTS(CLBR_ANY)
@@ -22233,7 +22889,7 @@ index b077f4c..feb26c1 100644
/*
* The iretq could re-enable interrupts:
*/
-@@ -1114,7 +1585,7 @@ ENTRY(retint_kernel)
+@@ -1114,7 +1547,7 @@ ENTRY(retint_kernel)
#endif
CFI_ENDPROC
@@ -22242,7 +22898,7 @@ index b077f4c..feb26c1 100644
/*
* End of kprobes section
*/
-@@ -1132,7 +1603,7 @@ ENTRY(\sym)
+@@ -1132,7 +1565,7 @@ ENTRY(\sym)
interrupt \do_sym
jmp ret_from_intr
CFI_ENDPROC
@@ -22251,7 +22907,7 @@ index b077f4c..feb26c1 100644
.endm
#ifdef CONFIG_TRACING
-@@ -1215,12 +1686,22 @@ ENTRY(\sym)
+@@ -1215,12 +1648,22 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -22275,7 +22931,7 @@ index b077f4c..feb26c1 100644
.endm
.macro paranoidzeroentry sym do_sym
-@@ -1233,15 +1714,25 @@ ENTRY(\sym)
+@@ -1233,15 +1676,25 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF
@@ -22299,11 +22955,11 @@ index b077f4c..feb26c1 100644
.endm
-#define INIT_TSS_IST(x) PER_CPU_VAR(init_tss) + (TSS_ist + ((x) - 1) * 8)
-+#define INIT_TSS_IST(x) (TSS_ist + ((x) - 1) * 8)(%r12)
++#define INIT_TSS_IST(x) (TSS_ist + ((x) - 1) * 8)(%r13)
.macro paranoidzeroentry_ist sym do_sym ist
ENTRY(\sym)
INTR_FRAME
-@@ -1252,14 +1743,30 @@ ENTRY(\sym)
+@@ -1252,14 +1705,30 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call save_paranoid
TRACE_IRQS_OFF_DEBUG
@@ -22320,10 +22976,10 @@ index b077f4c..feb26c1 100644
movq %rsp,%rdi /* pt_regs pointer */
xorl %esi,%esi /* no error code */
+#ifdef CONFIG_SMP
-+ imul $TSS_size, PER_CPU_VAR(cpu_number), %r12d
-+ lea init_tss(%r12), %r12
++ imul $TSS_size, PER_CPU_VAR(cpu_number), %r13d
++ lea init_tss(%r13), %r13
+#else
-+ lea init_tss(%rip), %r12
++ lea init_tss(%rip), %r13
+#endif
subq $EXCEPTION_STKSZ, INIT_TSS_IST(\ist)
call \do_sym
@@ -22335,7 +22991,7 @@ index b077f4c..feb26c1 100644
.endm
.macro errorentry sym do_sym
-@@ -1271,13 +1778,23 @@ ENTRY(\sym)
+@@ -1271,13 +1740,23 @@ ENTRY(\sym)
CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
call error_entry
DEFAULT_FRAME 0
@@ -22360,7 +23016,7 @@ index b077f4c..feb26c1 100644
.endm
/* error code is on the stack already */
-@@ -1291,13 +1808,23 @@ ENTRY(\sym)
+@@ -1291,13 +1770,23 @@ ENTRY(\sym)
call save_paranoid
DEFAULT_FRAME 0
TRACE_IRQS_OFF
@@ -22385,7 +23041,7 @@ index b077f4c..feb26c1 100644
.endm
zeroentry divide_error do_divide_error
-@@ -1327,9 +1854,10 @@ gs_change:
+@@ -1327,9 +1816,10 @@ gs_change:
2: mfence /* workaround */
SWAPGS
popfq_cfi
@@ -22397,7 +23053,7 @@ index b077f4c..feb26c1 100644
_ASM_EXTABLE(gs_change,bad_gs)
.section .fixup,"ax"
-@@ -1357,9 +1885,10 @@ ENTRY(call_softirq)
+@@ -1357,9 +1847,10 @@ ENTRY(call_softirq)
CFI_DEF_CFA_REGISTER rsp
CFI_ADJUST_CFA_OFFSET -8
decl PER_CPU_VAR(irq_count)
@@ -22409,7 +23065,7 @@ index b077f4c..feb26c1 100644
#ifdef CONFIG_XEN
zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1397,7 +1926,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
+@@ -1397,7 +1888,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs)
decl PER_CPU_VAR(irq_count)
jmp error_exit
CFI_ENDPROC
@@ -22418,7 +23074,7 @@ index b077f4c..feb26c1 100644
/*
* Hypervisor uses this for application faults while it executes.
-@@ -1456,7 +1985,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1456,7 +1947,7 @@ ENTRY(xen_failsafe_callback)
SAVE_ALL
jmp error_exit
CFI_ENDPROC
@@ -22427,7 +23083,7 @@ index b077f4c..feb26c1 100644
apicinterrupt3 HYPERVISOR_CALLBACK_VECTOR \
xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1508,18 +2037,33 @@ ENTRY(paranoid_exit)
+@@ -1508,18 +1999,33 @@ ENTRY(paranoid_exit)
DEFAULT_FRAME
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF_DEBUG
@@ -22463,7 +23119,7 @@ index b077f4c..feb26c1 100644
jmp irq_return
paranoid_userspace:
GET_THREAD_INFO(%rcx)
-@@ -1548,7 +2092,7 @@ paranoid_schedule:
+@@ -1548,7 +2054,7 @@ paranoid_schedule:
TRACE_IRQS_OFF
jmp paranoid_userspace
CFI_ENDPROC
@@ -22472,7 +23128,7 @@ index b077f4c..feb26c1 100644
/*
* Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1575,12 +2119,13 @@ ENTRY(error_entry)
+@@ -1575,12 +2081,13 @@ ENTRY(error_entry)
movq_cfi r14, R14+8
movq_cfi r15, R15+8
xorl %ebx,%ebx
@@ -22487,7 +23143,7 @@ index b077f4c..feb26c1 100644
ret
/*
-@@ -1607,7 +2152,7 @@ bstep_iret:
+@@ -1607,7 +2114,7 @@ bstep_iret:
movq %rcx,RIP+8(%rsp)
jmp error_swapgs
CFI_ENDPROC
@@ -22496,7 +23152,7 @@ index b077f4c..feb26c1 100644
/* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1618,7 +2163,7 @@ ENTRY(error_exit)
+@@ -1618,7 +2125,7 @@ ENTRY(error_exit)
DISABLE_INTERRUPTS(CLBR_NONE)
TRACE_IRQS_OFF
GET_THREAD_INFO(%rcx)
@@ -22505,7 +23161,7 @@ index b077f4c..feb26c1 100644
jne retint_kernel
LOCKDEP_SYS_EXIT_IRQ
movl TI_flags(%rcx),%edx
-@@ -1627,7 +2172,7 @@ ENTRY(error_exit)
+@@ -1627,7 +2134,7 @@ ENTRY(error_exit)
jnz retint_careful
jmp retint_swapgs
CFI_ENDPROC
@@ -22514,7 +23170,7 @@ index b077f4c..feb26c1 100644
/*
* Test if a given stack is an NMI stack or not.
-@@ -1685,9 +2230,11 @@ ENTRY(nmi)
+@@ -1685,9 +2192,11 @@ ENTRY(nmi)
* If %cs was not the kernel segment, then the NMI triggered in user
* space, which means it is definitely not nested.
*/
@@ -22527,7 +23183,7 @@ index b077f4c..feb26c1 100644
/*
* Check the special variable on the stack to see if NMIs are
* executing.
-@@ -1721,8 +2268,7 @@ nested_nmi:
+@@ -1721,8 +2230,7 @@ nested_nmi:
1:
/* Set up the interrupted NMIs stack to jump to repeat_nmi */
@@ -22537,7 +23193,7 @@ index b077f4c..feb26c1 100644
CFI_ADJUST_CFA_OFFSET 1*8
leaq -10*8(%rsp), %rdx
pushq_cfi $__KERNEL_DS
-@@ -1740,6 +2286,7 @@ nested_nmi_out:
+@@ -1740,6 +2248,7 @@ nested_nmi_out:
CFI_RESTORE rdx
/* No need to check faults here */
@@ -22545,17 +23201,29 @@ index b077f4c..feb26c1 100644
INTERRUPT_RETURN
CFI_RESTORE_STATE
-@@ -1856,6 +2403,8 @@ end_repeat_nmi:
+@@ -1852,9 +2361,11 @@ end_repeat_nmi:
+ * NMI itself takes a page fault, the page fault that was preempted
+ * will read the information from the NMI page fault and not the
+ * origin fault. Save it off and restore it if it changes.
+- * Use the r12 callee-saved register.
++ * Use the r13 callee-saved register.
*/
- movq %cr2, %r12
-
-+ pax_enter_kernel_nmi
+- movq %cr2, %r12
++ movq %cr2, %r13
+
++ pax_enter_kernel_nmi
+
/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
movq %rsp,%rdi
- movq $-1,%rsi
-@@ -1868,26 +2417,31 @@ end_repeat_nmi:
- movq %r12, %cr2
+@@ -1863,31 +2374,36 @@ end_repeat_nmi:
+
+ /* Did the NMI take a page fault? Restore cr2 if it did */
+ movq %cr2, %rcx
+- cmpq %rcx, %r12
++ cmpq %rcx, %r13
+ je 1f
+- movq %r12, %cr2
++ movq %r13, %cr2
1:
- testl %ebx,%ebx /* swapgs needed? */
@@ -26670,7 +27338,7 @@ index b110fe6..d9c19f2 100644
out:
diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c
-index 5439117..d08f3d4 100644
+index dec48bf..f4d21f7 100644
--- a/arch/x86/kvm/lapic.c
+++ b/arch/x86/kvm/lapic.c
@@ -55,7 +55,7 @@
@@ -26883,7 +27551,7 @@ index 2b2fce1..da76be4 100644
vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
-index e5ca72a..83d5177 100644
+index eb9b9c9..0f30b12 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1779,8 +1779,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data)
@@ -26906,7 +27574,7 @@ index e5ca72a..83d5177 100644
if (copy_to_user(user_msr_list->indices, &msrs_to_save,
num_msrs_to_save * sizeof(u32)))
goto out;
-@@ -5462,7 +5464,7 @@ static struct notifier_block pvclock_gtod_notifier = {
+@@ -5461,7 +5463,7 @@ static struct notifier_block pvclock_gtod_notifier = {
};
#endif
@@ -27719,7 +28387,7 @@ index 1e572c5..2a162cd 100644
CFI_ENDPROC
diff --git a/arch/x86/lib/copy_page_64.S b/arch/x86/lib/copy_page_64.S
-index 176cca6..1166c50 100644
+index 176cca6..e0d658e 100644
--- a/arch/x86/lib/copy_page_64.S
+++ b/arch/x86/lib/copy_page_64.S
@@ -9,6 +9,7 @@ copy_page_rep:
@@ -27730,74 +28398,68 @@ index 176cca6..1166c50 100644
ret
CFI_ENDPROC
ENDPROC(copy_page_rep)
-@@ -20,12 +21,14 @@ ENDPROC(copy_page_rep)
-
- ENTRY(copy_page)
- CFI_STARTPROC
-- subq $2*8, %rsp
-- CFI_ADJUST_CFA_OFFSET 2*8
-+ subq $3*8, %rsp
-+ CFI_ADJUST_CFA_OFFSET 3*8
+@@ -24,8 +25,8 @@ ENTRY(copy_page)
+ CFI_ADJUST_CFA_OFFSET 2*8
movq %rbx, (%rsp)
CFI_REL_OFFSET rbx, 0
- movq %r12, 1*8(%rsp)
- CFI_REL_OFFSET r12, 1*8
-+ movq %r13, 2*8(%rsp)
-+ CFI_REL_OFFSET r13, 2*8
+- movq %r12, 1*8(%rsp)
+- CFI_REL_OFFSET r12, 1*8
++ movq %r13, 1*8(%rsp)
++ CFI_REL_OFFSET r13, 1*8
movl $(4096/64)-5, %ecx
.p2align 4
-@@ -36,7 +39,7 @@ ENTRY(copy_page)
- movq 0x8*2(%rsi), %rdx
- movq 0x8*3(%rsi), %r8
+@@ -38,7 +39,7 @@ ENTRY(copy_page)
movq 0x8*4(%rsi), %r9
-- movq 0x8*5(%rsi), %r10
-+ movq 0x8*5(%rsi), %r13
+ movq 0x8*5(%rsi), %r10
movq 0x8*6(%rsi), %r11
- movq 0x8*7(%rsi), %r12
+- movq 0x8*7(%rsi), %r12
++ movq 0x8*7(%rsi), %r13
+
+ prefetcht0 5*64(%rsi)
-@@ -47,7 +50,7 @@ ENTRY(copy_page)
- movq %rdx, 0x8*2(%rdi)
- movq %r8, 0x8*3(%rdi)
+@@ -49,7 +50,7 @@ ENTRY(copy_page)
movq %r9, 0x8*4(%rdi)
-- movq %r10, 0x8*5(%rdi)
-+ movq %r13, 0x8*5(%rdi)
+ movq %r10, 0x8*5(%rdi)
movq %r11, 0x8*6(%rdi)
- movq %r12, 0x8*7(%rdi)
+- movq %r12, 0x8*7(%rdi)
++ movq %r13, 0x8*7(%rdi)
-@@ -66,7 +69,7 @@ ENTRY(copy_page)
- movq 0x8*2(%rsi), %rdx
- movq 0x8*3(%rsi), %r8
+ leaq 64 (%rsi), %rsi
+ leaq 64 (%rdi), %rdi
+@@ -68,7 +69,7 @@ ENTRY(copy_page)
movq 0x8*4(%rsi), %r9
-- movq 0x8*5(%rsi), %r10
-+ movq 0x8*5(%rsi), %r13
+ movq 0x8*5(%rsi), %r10
movq 0x8*6(%rsi), %r11
- movq 0x8*7(%rsi), %r12
+- movq 0x8*7(%rsi), %r12
++ movq 0x8*7(%rsi), %r13
-@@ -75,7 +78,7 @@ ENTRY(copy_page)
- movq %rdx, 0x8*2(%rdi)
- movq %r8, 0x8*3(%rdi)
+ movq %rax, 0x8*0(%rdi)
+ movq %rbx, 0x8*1(%rdi)
+@@ -77,7 +78,7 @@ ENTRY(copy_page)
movq %r9, 0x8*4(%rdi)
-- movq %r10, 0x8*5(%rdi)
-+ movq %r13, 0x8*5(%rdi)
+ movq %r10, 0x8*5(%rdi)
movq %r11, 0x8*6(%rdi)
- movq %r12, 0x8*7(%rdi)
+- movq %r12, 0x8*7(%rdi)
++ movq %r13, 0x8*7(%rdi)
-@@ -87,8 +90,11 @@ ENTRY(copy_page)
+ leaq 64(%rdi), %rdi
+ leaq 64(%rsi), %rsi
+@@ -85,10 +86,11 @@ ENTRY(copy_page)
+
+ movq (%rsp), %rbx
CFI_RESTORE rbx
- movq 1*8(%rsp), %r12
- CFI_RESTORE r12
-- addq $2*8, %rsp
-- CFI_ADJUST_CFA_OFFSET -2*8
-+ movq 2*8(%rsp), %r13
+- movq 1*8(%rsp), %r12
+- CFI_RESTORE r12
++ movq 1*8(%rsp), %r13
+ CFI_RESTORE r13
-+ addq $3*8, %rsp
-+ CFI_ADJUST_CFA_OFFSET -3*8
+ addq $2*8, %rsp
+ CFI_ADJUST_CFA_OFFSET -2*8
+ pax_force_retaddr
ret
.Lcopy_page_end:
CFI_ENDPROC
-@@ -99,7 +105,7 @@ ENDPROC(copy_page)
+@@ -99,7 +101,7 @@ ENDPROC(copy_page)
#include <asm/cpufeature.h>
@@ -27807,7 +28469,7 @@ index 176cca6..1166c50 100644
.byte (copy_page_rep - copy_page) - (2f - 1b) /* offset */
2:
diff --git a/arch/x86/lib/copy_user_64.S b/arch/x86/lib/copy_user_64.S
-index a30ca15..6b3f4e1 100644
+index a30ca15..407412b 100644
--- a/arch/x86/lib/copy_user_64.S
+++ b/arch/x86/lib/copy_user_64.S
@@ -18,31 +18,7 @@
@@ -27904,30 +28566,6 @@ index a30ca15..6b3f4e1 100644
ASM_STAC
cmpl $8,%edx
jb 20f /* less then 8 bytes, go to byte copy loop */
-@@ -141,19 +72,19 @@ ENTRY(copy_user_generic_unrolled)
- jz 17f
- 1: movq (%rsi),%r8
- 2: movq 1*8(%rsi),%r9
--3: movq 2*8(%rsi),%r10
-+3: movq 2*8(%rsi),%rax
- 4: movq 3*8(%rsi),%r11
- 5: movq %r8,(%rdi)
- 6: movq %r9,1*8(%rdi)
--7: movq %r10,2*8(%rdi)
-+7: movq %rax,2*8(%rdi)
- 8: movq %r11,3*8(%rdi)
- 9: movq 4*8(%rsi),%r8
- 10: movq 5*8(%rsi),%r9
--11: movq 6*8(%rsi),%r10
-+11: movq 6*8(%rsi),%rax
- 12: movq 7*8(%rsi),%r11
- 13: movq %r8,4*8(%rdi)
- 14: movq %r9,5*8(%rdi)
--15: movq %r10,6*8(%rdi)
-+15: movq %rax,6*8(%rdi)
- 16: movq %r11,7*8(%rdi)
- leaq 64(%rsi),%rsi
- leaq 64(%rdi),%rdi
@@ -180,6 +111,8 @@ ENTRY(copy_user_generic_unrolled)
jnz 21b
23: xor %eax,%eax
@@ -27972,7 +28610,7 @@ index a30ca15..6b3f4e1 100644
.section .fixup,"ax"
diff --git a/arch/x86/lib/copy_user_nocache_64.S b/arch/x86/lib/copy_user_nocache_64.S
-index 6a4f43c..55d26f2 100644
+index 6a4f43c..c70fb52 100644
--- a/arch/x86/lib/copy_user_nocache_64.S
+++ b/arch/x86/lib/copy_user_nocache_64.S
@@ -8,6 +8,7 @@
@@ -28008,30 +28646,6 @@ index 6a4f43c..55d26f2 100644
ASM_STAC
cmpl $8,%edx
jb 20f /* less then 8 bytes, go to byte copy loop */
-@@ -59,19 +71,19 @@ ENTRY(__copy_user_nocache)
- jz 17f
- 1: movq (%rsi),%r8
- 2: movq 1*8(%rsi),%r9
--3: movq 2*8(%rsi),%r10
-+3: movq 2*8(%rsi),%rax
- 4: movq 3*8(%rsi),%r11
- 5: movnti %r8,(%rdi)
- 6: movnti %r9,1*8(%rdi)
--7: movnti %r10,2*8(%rdi)
-+7: movnti %rax,2*8(%rdi)
- 8: movnti %r11,3*8(%rdi)
- 9: movq 4*8(%rsi),%r8
- 10: movq 5*8(%rsi),%r9
--11: movq 6*8(%rsi),%r10
-+11: movq 6*8(%rsi),%rax
- 12: movq 7*8(%rsi),%r11
- 13: movnti %r8,4*8(%rdi)
- 14: movnti %r9,5*8(%rdi)
--15: movnti %r10,6*8(%rdi)
-+15: movnti %rax,6*8(%rdi)
- 16: movnti %r11,7*8(%rdi)
- leaq 64(%rsi),%rsi
- leaq 64(%rdi),%rdi
@@ -98,7 +110,9 @@ ENTRY(__copy_user_nocache)
jnz 21b
23: xorl %eax,%eax
@@ -28043,7 +28657,7 @@ index 6a4f43c..55d26f2 100644
.section .fixup,"ax"
diff --git a/arch/x86/lib/csum-copy_64.S b/arch/x86/lib/csum-copy_64.S
-index 2419d5f..953ee51 100644
+index 2419d5f..fe52d0e 100644
--- a/arch/x86/lib/csum-copy_64.S
+++ b/arch/x86/lib/csum-copy_64.S
@@ -9,6 +9,7 @@
@@ -28054,11 +28668,62 @@ index 2419d5f..953ee51 100644
/*
* Checksum copy with exception handling.
+@@ -56,8 +57,8 @@ ENTRY(csum_partial_copy_generic)
+ CFI_ADJUST_CFA_OFFSET 7*8
+ movq %rbx, 2*8(%rsp)
+ CFI_REL_OFFSET rbx, 2*8
+- movq %r12, 3*8(%rsp)
+- CFI_REL_OFFSET r12, 3*8
++ movq %r15, 3*8(%rsp)
++ CFI_REL_OFFSET r15, 3*8
+ movq %r14, 4*8(%rsp)
+ CFI_REL_OFFSET r14, 4*8
+ movq %r13, 5*8(%rsp)
+@@ -72,16 +73,16 @@ ENTRY(csum_partial_copy_generic)
+ movl %edx, %ecx
+
+ xorl %r9d, %r9d
+- movq %rcx, %r12
++ movq %rcx, %r15
+
+- shrq $6, %r12
++ shrq $6, %r15
+ jz .Lhandle_tail /* < 64 */
+
+ clc
+
+ /* main loop. clear in 64 byte blocks */
+ /* r9: zero, r8: temp2, rbx: temp1, rax: sum, rcx: saved length */
+- /* r11: temp3, rdx: temp4, r12 loopcnt */
++ /* r11: temp3, rdx: temp4, r15 loopcnt */
+ /* r10: temp5, rbp: temp6, r14 temp7, r13 temp8 */
+ .p2align 4
+ .Lloop:
+@@ -115,7 +116,7 @@ ENTRY(csum_partial_copy_generic)
+ adcq %r14, %rax
+ adcq %r13, %rax
+
+- decl %r12d
++ decl %r15d
+
+ dest
+ movq %rbx, (%rsi)
+@@ -210,8 +211,8 @@ ENTRY(csum_partial_copy_generic)
+ .Lende:
+ movq 2*8(%rsp), %rbx
+ CFI_RESTORE rbx
+- movq 3*8(%rsp), %r12
+- CFI_RESTORE r12
++ movq 3*8(%rsp), %r15
++ CFI_RESTORE r15
+ movq 4*8(%rsp), %r14
+ CFI_RESTORE r14
+ movq 5*8(%rsp), %r13
@@ -220,6 +221,7 @@ ENTRY(csum_partial_copy_generic)
CFI_RESTORE rbp
addq $7*8, %rsp
CFI_ADJUST_CFA_OFFSET -7*8
-+ pax_force_retaddr 0, 1
++ pax_force_retaddr
ret
CFI_RESTORE_STATE
@@ -28298,7 +28963,7 @@ index 05a95e7..326f2fa 100644
CFI_ENDPROC
ENDPROC(__iowrite32_copy)
diff --git a/arch/x86/lib/memcpy_64.S b/arch/x86/lib/memcpy_64.S
-index 56313a3..9b59269 100644
+index 56313a3..0db417e 100644
--- a/arch/x86/lib/memcpy_64.S
+++ b/arch/x86/lib/memcpy_64.S
@@ -24,7 +24,7 @@
@@ -28332,48 +28997,9 @@ index 56313a3..9b59269 100644
ret
.Lmemcpy_e_e:
.previous
-@@ -76,13 +78,13 @@ ENTRY(memcpy)
- */
- movq 0*8(%rsi), %r8
- movq 1*8(%rsi), %r9
-- movq 2*8(%rsi), %r10
-+ movq 2*8(%rsi), %rcx
- movq 3*8(%rsi), %r11
- leaq 4*8(%rsi), %rsi
-
- movq %r8, 0*8(%rdi)
+@@ -136,6 +138,7 @@ ENTRY(memcpy)
movq %r9, 1*8(%rdi)
-- movq %r10, 2*8(%rdi)
-+ movq %rcx, 2*8(%rdi)
- movq %r11, 3*8(%rdi)
- leaq 4*8(%rdi), %rdi
- jae .Lcopy_forward_loop
-@@ -105,12 +107,12 @@ ENTRY(memcpy)
- subq $0x20, %rdx
- movq -1*8(%rsi), %r8
- movq -2*8(%rsi), %r9
-- movq -3*8(%rsi), %r10
-+ movq -3*8(%rsi), %rcx
- movq -4*8(%rsi), %r11
- leaq -4*8(%rsi), %rsi
- movq %r8, -1*8(%rdi)
- movq %r9, -2*8(%rdi)
-- movq %r10, -3*8(%rdi)
-+ movq %rcx, -3*8(%rdi)
- movq %r11, -4*8(%rdi)
- leaq -4*8(%rdi), %rdi
- jae .Lcopy_backward_loop
-@@ -130,12 +132,13 @@ ENTRY(memcpy)
- */
- movq 0*8(%rsi), %r8
- movq 1*8(%rsi), %r9
-- movq -2*8(%rsi, %rdx), %r10
-+ movq -2*8(%rsi, %rdx), %rcx
- movq -1*8(%rsi, %rdx), %r11
- movq %r8, 0*8(%rdi)
- movq %r9, 1*8(%rdi)
-- movq %r10, -2*8(%rdi, %rdx)
-+ movq %rcx, -2*8(%rdi, %rdx)
+ movq %r10, -2*8(%rdi, %rdx)
movq %r11, -1*8(%rdi, %rdx)
+ pax_force_retaddr
retq
@@ -28404,121 +29030,9 @@ index 56313a3..9b59269 100644
CFI_ENDPROC
ENDPROC(memcpy)
diff --git a/arch/x86/lib/memmove_64.S b/arch/x86/lib/memmove_64.S
-index 65268a6..5aa7815 100644
+index 65268a6..dd1de11 100644
--- a/arch/x86/lib/memmove_64.S
+++ b/arch/x86/lib/memmove_64.S
-@@ -61,13 +61,13 @@ ENTRY(memmove)
- 5:
- sub $0x20, %rdx
- movq 0*8(%rsi), %r11
-- movq 1*8(%rsi), %r10
-+ movq 1*8(%rsi), %rcx
- movq 2*8(%rsi), %r9
- movq 3*8(%rsi), %r8
- leaq 4*8(%rsi), %rsi
-
- movq %r11, 0*8(%rdi)
-- movq %r10, 1*8(%rdi)
-+ movq %rcx, 1*8(%rdi)
- movq %r9, 2*8(%rdi)
- movq %r8, 3*8(%rdi)
- leaq 4*8(%rdi), %rdi
-@@ -81,10 +81,10 @@ ENTRY(memmove)
- 4:
- movq %rdx, %rcx
- movq -8(%rsi, %rdx), %r11
-- lea -8(%rdi, %rdx), %r10
-+ lea -8(%rdi, %rdx), %r9
- shrq $3, %rcx
- rep movsq
-- movq %r11, (%r10)
-+ movq %r11, (%r9)
- jmp 13f
- .Lmemmove_end_forward:
-
-@@ -95,14 +95,14 @@ ENTRY(memmove)
- 7:
- movq %rdx, %rcx
- movq (%rsi), %r11
-- movq %rdi, %r10
-+ movq %rdi, %r9
- leaq -8(%rsi, %rdx), %rsi
- leaq -8(%rdi, %rdx), %rdi
- shrq $3, %rcx
- std
- rep movsq
- cld
-- movq %r11, (%r10)
-+ movq %r11, (%r9)
- jmp 13f
-
- /*
-@@ -127,13 +127,13 @@ ENTRY(memmove)
- 8:
- subq $0x20, %rdx
- movq -1*8(%rsi), %r11
-- movq -2*8(%rsi), %r10
-+ movq -2*8(%rsi), %rcx
- movq -3*8(%rsi), %r9
- movq -4*8(%rsi), %r8
- leaq -4*8(%rsi), %rsi
-
- movq %r11, -1*8(%rdi)
-- movq %r10, -2*8(%rdi)
-+ movq %rcx, -2*8(%rdi)
- movq %r9, -3*8(%rdi)
- movq %r8, -4*8(%rdi)
- leaq -4*8(%rdi), %rdi
-@@ -151,11 +151,11 @@ ENTRY(memmove)
- * Move data from 16 bytes to 31 bytes.
- */
- movq 0*8(%rsi), %r11
-- movq 1*8(%rsi), %r10
-+ movq 1*8(%rsi), %rcx
- movq -2*8(%rsi, %rdx), %r9
- movq -1*8(%rsi, %rdx), %r8
- movq %r11, 0*8(%rdi)
-- movq %r10, 1*8(%rdi)
-+ movq %rcx, 1*8(%rdi)
- movq %r9, -2*8(%rdi, %rdx)
- movq %r8, -1*8(%rdi, %rdx)
- jmp 13f
-@@ -167,9 +167,9 @@ ENTRY(memmove)
- * Move data from 8 bytes to 15 bytes.
- */
- movq 0*8(%rsi), %r11
-- movq -1*8(%rsi, %rdx), %r10
-+ movq -1*8(%rsi, %rdx), %r9
- movq %r11, 0*8(%rdi)
-- movq %r10, -1*8(%rdi, %rdx)
-+ movq %r9, -1*8(%rdi, %rdx)
- jmp 13f
- 10:
- cmpq $4, %rdx
-@@ -178,9 +178,9 @@ ENTRY(memmove)
- * Move data from 4 bytes to 7 bytes.
- */
- movl (%rsi), %r11d
-- movl -4(%rsi, %rdx), %r10d
-+ movl -4(%rsi, %rdx), %r9d
- movl %r11d, (%rdi)
-- movl %r10d, -4(%rdi, %rdx)
-+ movl %r9d, -4(%rdi, %rdx)
- jmp 13f
- 11:
- cmp $2, %rdx
-@@ -189,9 +189,9 @@ ENTRY(memmove)
- * Move data from 2 bytes to 3 bytes.
- */
- movw (%rsi), %r11w
-- movw -2(%rsi, %rdx), %r10w
-+ movw -2(%rsi, %rdx), %r9w
- movw %r11w, (%rdi)
-- movw %r10w, -2(%rdi, %rdx)
-+ movw %r9w, -2(%rdi, %rdx)
- jmp 13f
- 12:
- cmp $1, %rdx
@@ -202,14 +202,16 @@ ENTRY(memmove)
movb (%rsi), %r11b
movb %r11b, (%rdi)
@@ -28538,7 +29052,7 @@ index 65268a6..5aa7815 100644
.Lmemmove_end_forward_efs:
.previous
diff --git a/arch/x86/lib/memset_64.S b/arch/x86/lib/memset_64.S
-index 2dcb380..50a78bc 100644
+index 2dcb380..2eb79fe 100644
--- a/arch/x86/lib/memset_64.S
+++ b/arch/x86/lib/memset_64.S
@@ -16,7 +16,7 @@
@@ -28574,21 +29088,10 @@ index 2dcb380..50a78bc 100644
ret
.Lmemset_e_e:
.previous
-@@ -59,7 +61,7 @@
- ENTRY(memset)
- ENTRY(__memset)
- CFI_STARTPROC
-- movq %rdi,%r10
-+ movq %rdi,%r11
-
- /* expand byte value */
- movzbl %sil,%ecx
-@@ -117,7 +119,8 @@ ENTRY(__memset)
- jnz .Lloop_1
+@@ -118,6 +120,7 @@ ENTRY(__memset)
.Lende:
-- movq %r10,%rax
-+ movq %r11,%rax
+ movq %r10,%rax
+ pax_force_retaddr
ret
@@ -28913,7 +29416,7 @@ index c9f2d9b..e7fd2c0 100644
from += 64;
to += 64;
diff --git a/arch/x86/lib/msr-reg.S b/arch/x86/lib/msr-reg.S
-index f6d13ee..aca5f0b 100644
+index f6d13ee..d789440 100644
--- a/arch/x86/lib/msr-reg.S
+++ b/arch/x86/lib/msr-reg.S
@@ -3,6 +3,7 @@
@@ -28924,34 +29427,8 @@ index f6d13ee..aca5f0b 100644
#ifdef CONFIG_X86_64
/*
-@@ -16,7 +17,7 @@ ENTRY(\op\()_safe_regs)
- CFI_STARTPROC
- pushq_cfi %rbx
- pushq_cfi %rbp
-- movq %rdi, %r10 /* Save pointer */
-+ movq %rdi, %r9 /* Save pointer */
- xorl %r11d, %r11d /* Return value */
- movl (%rdi), %eax
- movl 4(%rdi), %ecx
-@@ -27,16 +28,17 @@ ENTRY(\op\()_safe_regs)
- movl 28(%rdi), %edi
- CFI_REMEMBER_STATE
- 1: \op
--2: movl %eax, (%r10)
-+2: movl %eax, (%r9)
- movl %r11d, %eax /* Return value */
-- movl %ecx, 4(%r10)
-- movl %edx, 8(%r10)
-- movl %ebx, 12(%r10)
-- movl %ebp, 20(%r10)
-- movl %esi, 24(%r10)
-- movl %edi, 28(%r10)
-+ movl %ecx, 4(%r9)
-+ movl %edx, 8(%r9)
-+ movl %ebx, 12(%r9)
-+ movl %ebp, 20(%r9)
-+ movl %esi, 24(%r9)
-+ movl %edi, 28(%r9)
+@@ -37,6 +38,7 @@ ENTRY(\op\()_safe_regs)
+ movl %edi, 28(%r10)
popq_cfi %rbp
popq_cfi %rbx
+ pax_force_retaddr
@@ -29221,7 +29698,7 @@ index 5dff5f0..cadebf4 100644
CFI_ENDPROC
ENDPROC(call_rwsem_downgrade_wake)
diff --git a/arch/x86/lib/thunk_64.S b/arch/x86/lib/thunk_64.S
-index a63efd6..ccecad8 100644
+index a63efd6..8149fbe 100644
--- a/arch/x86/lib/thunk_64.S
+++ b/arch/x86/lib/thunk_64.S
@@ -8,6 +8,7 @@
@@ -29232,10 +29709,30 @@ index a63efd6..ccecad8 100644
/* rdi: arg1 ... normal C conventions. rax is saved/restored. */
.macro THUNK name, func, put_ret_addr_in_rdi=0
-@@ -41,5 +42,6 @@
- SAVE_ARGS
+@@ -15,11 +16,11 @@
+ \name:
+ CFI_STARTPROC
+
+- /* this one pushes 9 elems, the next one would be %rIP */
+- SAVE_ARGS
++ /* this one pushes 15+1 elems, the next one would be %rIP */
++ SAVE_ARGS 8
+
+ .if \put_ret_addr_in_rdi
+- movq_cfi_restore 9*8, rdi
++ movq_cfi_restore RIP, rdi
+ .endif
+
+ call \func
+@@ -38,8 +39,9 @@
+
+ /* SAVE_ARGS below is used only for the .cfi directives it contains. */
+ CFI_STARTPROC
+- SAVE_ARGS
++ SAVE_ARGS 8
restore:
- RESTORE_ARGS
+- RESTORE_ARGS
++ RESTORE_ARGS 1,8
+ pax_force_retaddr
ret
CFI_ENDPROC
@@ -30698,7 +31195,7 @@ index 3aaeffc..42ea9fb 100644
+ return ret ? -EFAULT : 0;
+}
diff --git a/arch/x86/mm/gup.c b/arch/x86/mm/gup.c
-index dd74e46..7d26398 100644
+index dd74e46..0970b01 100644
--- a/arch/x86/mm/gup.c
+++ b/arch/x86/mm/gup.c
@@ -255,7 +255,7 @@ int __get_user_pages_fast(unsigned long start, int nr_pages, int write,
@@ -30710,6 +31207,17 @@ index dd74e46..7d26398 100644
(void __user *)start, len)))
return 0;
+@@ -331,6 +331,10 @@ int get_user_pages_fast(unsigned long start, int nr_pages, int write,
+ goto slow_irqon;
+ #endif
+
++ if (unlikely(!__access_ok(write ? VERIFY_WRITE : VERIFY_READ,
++ (void __user *)start, len)))
++ return 0;
++
+ /*
+ * XXX: batch / limit 'nr', to avoid large irq off latency
+ * needs some instrumenting to determine the common sizes used by
diff --git a/arch/x86/mm/highmem_32.c b/arch/x86/mm/highmem_32.c
index 4500142..53a363c 100644
--- a/arch/x86/mm/highmem_32.c
@@ -33529,11 +34037,11 @@ index a44f457..9140171 100644
#endif
}
diff --git a/arch/x86/realmode/rm/Makefile b/arch/x86/realmode/rm/Makefile
-index 8869287..d577672 100644
+index 9cac825..4890b25 100644
--- a/arch/x86/realmode/rm/Makefile
+++ b/arch/x86/realmode/rm/Makefile
-@@ -78,5 +78,8 @@ KBUILD_CFLAGS := $(LINUXINCLUDE) -m32 -g -Os -D_SETUP -D__KERNEL__ -D_WAKEUP \
- $(call cc-option, -fno-unit-at-a-time)) \
+@@ -79,5 +79,8 @@ KBUILD_CFLAGS := $(LINUXINCLUDE) -m32 -g -Os -D_SETUP -D__KERNEL__ -D_WAKEUP \
+ $(call cc-option, -fno-unit-at-a-time)) \
$(call cc-option, -fno-stack-protector) \
$(call cc-option, -mpreferred-stack-boundary=2)
+ifdef CONSTIFY_PLUGIN
@@ -34858,10 +35366,10 @@ index 81a94a3..b711c74 100644
}
diff --git a/drivers/ata/libata-scsi.c b/drivers/ata/libata-scsi.c
-index db6dfcf..770d1f0 100644
+index ab58556..ed19dd2 100644
--- a/drivers/ata/libata-scsi.c
+++ b/drivers/ata/libata-scsi.c
-@@ -4113,7 +4113,7 @@ int ata_sas_port_init(struct ata_port *ap)
+@@ -4114,7 +4114,7 @@ int ata_sas_port_init(struct ata_port *ap)
if (rc)
return rc;
@@ -37581,7 +38089,7 @@ index f897d51..15da295 100644
if (policy->cpu != 0)
return -ENODEV;
diff --git a/drivers/cpuidle/cpuidle.c b/drivers/cpuidle/cpuidle.c
-index d75040d..4738ca5 100644
+index 22c07fb..9dff5ac 100644
--- a/drivers/cpuidle/cpuidle.c
+++ b/drivers/cpuidle/cpuidle.c
@@ -252,7 +252,7 @@ static int poll_idle(struct cpuidle_device *dev,
@@ -37981,10 +38489,10 @@ index 5145fa3..0d3babd 100644
return efivars_register(&generic_efivars, &generic_ops, efi_kobj);
}
diff --git a/drivers/firmware/efi/efivars.c b/drivers/firmware/efi/efivars.c
-index 8a7432a..28fb839 100644
+index 8c5a61a..cf07bd0 100644
--- a/drivers/firmware/efi/efivars.c
+++ b/drivers/firmware/efi/efivars.c
-@@ -452,7 +452,7 @@ efivar_create_sysfs_entry(struct efivar_entry *new_var)
+@@ -456,7 +456,7 @@ efivar_create_sysfs_entry(struct efivar_entry *new_var)
static int
create_efivars_bin_attributes(void)
{
@@ -38582,10 +39090,10 @@ index 4b91228..590c643 100644
iir = I915_READ(IIR);
diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c
-index 333aa1b..0183e38 100644
+index f535670..bde09e2 100644
--- a/drivers/gpu/drm/i915/intel_display.c
+++ b/drivers/gpu/drm/i915/intel_display.c
-@@ -9976,13 +9976,13 @@ struct intel_quirk {
+@@ -10019,13 +10019,13 @@ struct intel_quirk {
int subsystem_vendor;
int subsystem_device;
void (*hook)(struct drm_device *dev);
@@ -38601,7 +39109,7 @@ index 333aa1b..0183e38 100644
static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
{
-@@ -9990,18 +9990,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
+@@ -10033,18 +10033,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id)
return 1;
}
@@ -39600,10 +40108,10 @@ index ec0ae2d..dc0780b 100644
/* copy over all the bus versions */
if (dev->bus && dev->bus->pm) {
diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c
-index c08b5c1..6c3d50b 100644
+index aedfe50..1dc929b 100644
--- a/drivers/hid/hid-core.c
+++ b/drivers/hid/hid-core.c
-@@ -2415,7 +2415,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
+@@ -2416,7 +2416,7 @@ EXPORT_SYMBOL_GPL(hid_ignore);
int hid_add_device(struct hid_device *hdev)
{
@@ -39612,7 +40120,7 @@ index c08b5c1..6c3d50b 100644
int ret;
if (WARN_ON(hdev->status & HID_STAT_ADDED))
-@@ -2449,7 +2449,7 @@ int hid_add_device(struct hid_device *hdev)
+@@ -2450,7 +2450,7 @@ int hid_add_device(struct hid_device *hdev)
/* XXX hack, any other cleaner solution after the driver core
* is converted to allow more than 20 bytes as the device name? */
dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus,
@@ -41719,7 +42227,7 @@ index 9584443..9fc9ac9 100644
return (test_bit(DM_RAID1_FLUSH_ERROR, &(m->error_type))) ? 'F' :
diff --git a/drivers/md/dm-stats.c b/drivers/md/dm-stats.c
-index 3d404c1..b62af0e 100644
+index 28a9012..9c0f6a5 100644
--- a/drivers/md/dm-stats.c
+++ b/drivers/md/dm-stats.c
@@ -382,7 +382,7 @@ do_sync_free:
@@ -41785,10 +42293,10 @@ index 73c1712..7347292 100644
schedule_work(&sc->trigger_event);
}
diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c
-index 41d907b..34b87ee 100644
+index 20a8cc0..5447b11 100644
--- a/drivers/md/dm-table.c
+++ b/drivers/md/dm-table.c
-@@ -286,7 +286,7 @@ static struct dm_dev_internal *find_device(struct list_head *l, dev_t dev)
+@@ -291,7 +291,7 @@ static struct dm_dev_internal *find_device(struct list_head *l, dev_t dev)
static int open_dev(struct dm_dev_internal *d, dev_t dev,
struct mapped_device *md)
{
@@ -41797,7 +42305,7 @@ index 41d907b..34b87ee 100644
struct block_device *bdev;
int r;
-@@ -354,7 +354,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev,
+@@ -359,7 +359,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev,
if (!dev_size)
return 0;
@@ -41807,7 +42315,7 @@ index 41d907b..34b87ee 100644
"start=%llu, len=%llu, dev_size=%llu",
dm_device_name(ti->table->md), bdevname(bdev, b),
diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c
-index 60bce43..9b997d0 100644
+index 8a30ad5..72792d3 100644
--- a/drivers/md/dm-thin-metadata.c
+++ b/drivers/md/dm-thin-metadata.c
@@ -397,7 +397,7 @@ static void __setup_btree_details(struct dm_pool_metadata *pmd)
@@ -44617,10 +45125,10 @@ index 7aad766..06addb4 100644
data->sku_cap_band_24GHz_enable ? "" : "NOT", "enabled",
data->sku_cap_band_52GHz_enable ? "" : "NOT", "enabled",
diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c
-index c3f904d..4cadf83 100644
+index 6bc3100..dd1b80d 100644
--- a/drivers/net/wireless/iwlwifi/pcie/trans.c
+++ b/drivers/net/wireless/iwlwifi/pcie/trans.c
-@@ -1252,7 +1252,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
+@@ -1249,7 +1249,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file,
struct isr_statistics *isr_stats = &trans_pcie->isr_stats;
char buf[8];
@@ -44629,7 +45137,7 @@ index c3f904d..4cadf83 100644
u32 reset_flag;
memset(buf, 0, sizeof(buf));
-@@ -1273,7 +1273,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
+@@ -1270,7 +1270,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file,
{
struct iwl_trans *trans = file->private_data;
char buf[8];
@@ -45864,7 +46372,7 @@ index c9382d6..6619864 100644
error = bus_register(&fcoe_bus_type);
if (error)
diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c
-index df0c3c7..b00e1d0 100644
+index 3cafe0d..f1e87f8 100644
--- a/drivers/scsi/hosts.c
+++ b/drivers/scsi/hosts.c
@@ -42,7 +42,7 @@
@@ -45886,10 +46394,10 @@ index df0c3c7..b00e1d0 100644
/* These three are default values which can be overridden */
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
-index 891c86b..dd1224a0 100644
+index 0eb0940..3ca9b79 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
-@@ -578,7 +578,7 @@ static inline u32 next_command(struct ctlr_info *h, u8 q)
+@@ -579,7 +579,7 @@ static inline u32 next_command(struct ctlr_info *h, u8 q)
unsigned long flags;
if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant)))
@@ -45898,7 +46406,7 @@ index 891c86b..dd1224a0 100644
if ((rq->head[rq->current_entry] & 1) == rq->wraparound) {
a = rq->head[rq->current_entry];
-@@ -3444,7 +3444,7 @@ static void start_io(struct ctlr_info *h)
+@@ -3445,7 +3445,7 @@ static void start_io(struct ctlr_info *h)
while (!list_empty(&h->reqQ)) {
c = list_entry(h->reqQ.next, struct CommandList, list);
/* can't do anything if fifo is full */
@@ -45907,7 +46415,7 @@ index 891c86b..dd1224a0 100644
dev_warn(&h->pdev->dev, "fifo full\n");
break;
}
-@@ -3466,7 +3466,7 @@ static void start_io(struct ctlr_info *h)
+@@ -3467,7 +3467,7 @@ static void start_io(struct ctlr_info *h)
/* Tell the controller execute command */
spin_unlock_irqrestore(&h->lock, flags);
@@ -45916,7 +46424,7 @@ index 891c86b..dd1224a0 100644
spin_lock_irqsave(&h->lock, flags);
}
spin_unlock_irqrestore(&h->lock, flags);
-@@ -3474,17 +3474,17 @@ static void start_io(struct ctlr_info *h)
+@@ -3475,17 +3475,17 @@ static void start_io(struct ctlr_info *h)
static inline unsigned long get_next_completion(struct ctlr_info *h, u8 q)
{
@@ -45937,7 +46445,7 @@ index 891c86b..dd1224a0 100644
(h->interrupts_enabled == 0);
}
-@@ -4386,7 +4386,7 @@ static int hpsa_pci_init(struct ctlr_info *h)
+@@ -4387,7 +4387,7 @@ static int hpsa_pci_init(struct ctlr_info *h)
if (prod_index < 0)
return -ENODEV;
h->product_name = products[prod_index].product_name;
@@ -45946,7 +46454,7 @@ index 891c86b..dd1224a0 100644
pci_disable_link_state(h->pdev, PCIE_LINK_STATE_L0S |
PCIE_LINK_STATE_L1 | PCIE_LINK_STATE_CLKPM);
-@@ -4668,7 +4668,7 @@ static void controller_lockup_detected(struct ctlr_info *h)
+@@ -4669,7 +4669,7 @@ static void controller_lockup_detected(struct ctlr_info *h)
assert_spin_locked(&lockup_detector_lock);
remove_ctlr_from_lockup_detector_list(h);
@@ -45955,7 +46463,7 @@ index 891c86b..dd1224a0 100644
spin_lock_irqsave(&h->lock, flags);
h->lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET);
spin_unlock_irqrestore(&h->lock, flags);
-@@ -4845,7 +4845,7 @@ reinit_after_soft_reset:
+@@ -4846,7 +4846,7 @@ reinit_after_soft_reset:
}
/* make sure the board interrupts are off */
@@ -45964,7 +46472,7 @@ index 891c86b..dd1224a0 100644
if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx))
goto clean2;
-@@ -4879,7 +4879,7 @@ reinit_after_soft_reset:
+@@ -4880,7 +4880,7 @@ reinit_after_soft_reset:
* fake ones to scoop up any residual completions.
*/
spin_lock_irqsave(&h->lock, flags);
@@ -45973,7 +46481,7 @@ index 891c86b..dd1224a0 100644
spin_unlock_irqrestore(&h->lock, flags);
free_irqs(h);
rc = hpsa_request_irq(h, hpsa_msix_discard_completions,
-@@ -4898,9 +4898,9 @@ reinit_after_soft_reset:
+@@ -4899,9 +4899,9 @@ reinit_after_soft_reset:
dev_info(&h->pdev->dev, "Board READY.\n");
dev_info(&h->pdev->dev,
"Waiting for stale completions to drain.\n");
@@ -45985,7 +46493,7 @@ index 891c86b..dd1224a0 100644
rc = controller_reset_failed(h->cfgtable);
if (rc)
-@@ -4921,7 +4921,7 @@ reinit_after_soft_reset:
+@@ -4922,7 +4922,7 @@ reinit_after_soft_reset:
}
/* Turn the interrupts on so we can service requests */
@@ -45994,7 +46502,7 @@ index 891c86b..dd1224a0 100644
hpsa_hba_inquiry(h);
hpsa_register_scsi(h); /* hook ourselves into SCSI subsystem */
-@@ -4976,7 +4976,7 @@ static void hpsa_shutdown(struct pci_dev *pdev)
+@@ -4977,7 +4977,7 @@ static void hpsa_shutdown(struct pci_dev *pdev)
* To write all data in the battery backed cache to disks
*/
hpsa_flush_cache(h);
@@ -46003,7 +46511,7 @@ index 891c86b..dd1224a0 100644
hpsa_free_irqs_and_disable_msix(h);
}
-@@ -5144,7 +5144,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 use_short_tags)
+@@ -5145,7 +5145,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 use_short_tags)
return;
}
/* Change the access methods to the performant access methods */
@@ -46171,7 +46679,7 @@ index 5879929..32b241d 100644
}
EXPORT_SYMBOL(fc_exch_update_stats);
diff --git a/drivers/scsi/libsas/sas_ata.c b/drivers/scsi/libsas/sas_ata.c
-index 161c98e..6d563b3 100644
+index d289583..b745eec 100644
--- a/drivers/scsi/libsas/sas_ata.c
+++ b/drivers/scsi/libsas/sas_ata.c
@@ -554,7 +554,7 @@ static struct ata_port_operations sas_sata_ops = {
@@ -46412,7 +46920,7 @@ index 7f0af4f..193ac3e 100644
unsigned long flags;
diff --git a/drivers/scsi/pmcraid.c b/drivers/scsi/pmcraid.c
-index 1eb7b028..b2a6080 100644
+index a38f71b..f3bc572 100644
--- a/drivers/scsi/pmcraid.c
+++ b/drivers/scsi/pmcraid.c
@@ -200,8 +200,8 @@ static int pmcraid_slave_alloc(struct scsi_device *scsi_dev)
@@ -46456,7 +46964,7 @@ index 1eb7b028..b2a6080 100644
pinstance->num_hrrq;
if (request_size) {
-@@ -4483,7 +4483,7 @@ static void pmcraid_worker_function(struct work_struct *workp)
+@@ -4484,7 +4484,7 @@ static void pmcraid_worker_function(struct work_struct *workp)
pinstance = container_of(workp, struct pmcraid_instance, worker_q);
/* add resources only after host is added into system */
@@ -46465,7 +46973,7 @@ index 1eb7b028..b2a6080 100644
return;
fw_version = be16_to_cpu(pinstance->inq_data->fw_version);
-@@ -5310,8 +5310,8 @@ static int pmcraid_init_instance(struct pci_dev *pdev, struct Scsi_Host *host,
+@@ -5311,8 +5311,8 @@ static int pmcraid_init_instance(struct pci_dev *pdev, struct Scsi_Host *host,
init_waitqueue_head(&pinstance->reset_wait_q);
atomic_set(&pinstance->outstanding_cmds, 0);
@@ -46476,7 +46984,7 @@ index 1eb7b028..b2a6080 100644
INIT_LIST_HEAD(&pinstance->free_res_q);
INIT_LIST_HEAD(&pinstance->used_res_q);
-@@ -6024,7 +6024,7 @@ static int pmcraid_probe(struct pci_dev *pdev,
+@@ -6025,7 +6025,7 @@ static int pmcraid_probe(struct pci_dev *pdev,
/* Schedule worker thread to handle CCN and take care of adding and
* removing devices to OS
*/
@@ -46780,10 +47288,10 @@ index f379c7f..e8fc69c 100644
transport_setup_device(&rport->dev);
diff --git a/drivers/scsi/sd.c b/drivers/scsi/sd.c
-index 5693f6d7..b0bf05a 100644
+index 2634d69..fcf7a81 100644
--- a/drivers/scsi/sd.c
+++ b/drivers/scsi/sd.c
-@@ -2934,7 +2934,7 @@ static int sd_probe(struct device *dev)
+@@ -2940,7 +2940,7 @@ static int sd_probe(struct device *dev)
sdkp->disk = gd;
sdkp->index = index;
atomic_set(&sdkp->openers, 0);
@@ -47728,10 +48236,10 @@ index c0f76da..d974c32 100644
dlci_get(dlci->gsm->dlci[0]);
mux_get(dlci->gsm);
diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
-index ff58293..71c87bc 100644
+index 4d6f430..0810fa9 100644
--- a/drivers/tty/n_tty.c
+++ b/drivers/tty/n_tty.c
-@@ -2502,6 +2502,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
+@@ -2504,6 +2504,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
{
*ops = tty_ldisc_N_TTY;
ops->owner = NULL;
@@ -48828,7 +49336,7 @@ index 2a3bbdf..91d72cf 100644
file->f_version = event_count;
return POLLIN | POLLRDNORM;
diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c
-index 71dc5d7..6135ff2 100644
+index 71dc5d7..300db0e 100644
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -187,7 +187,7 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
@@ -48840,7 +49348,7 @@ index 71dc5d7..6135ff2 100644
loff_t pos;
int i;
-@@ -229,13 +229,13 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
+@@ -229,16 +229,16 @@ static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes,
for (i = 0; nbytes && i < dev->descriptor.bNumConfigurations; i++) {
struct usb_config_descriptor *config =
(struct usb_config_descriptor *)dev->rawdescriptors[i];
@@ -48855,7 +49363,11 @@ index 71dc5d7..6135ff2 100644
+ size_t alloclen =
le16_to_cpu(dev->config[i].desc.wTotalLength);
- len = length - (*ppos - pos);
+- len = length - (*ppos - pos);
++ len = length + pos - *ppos;
+ if (len > nbytes)
+ len = nbytes;
+
diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
index f20a044..d1059aa 100644
--- a/drivers/usb/core/hcd.c
@@ -48879,7 +49391,7 @@ index f20a044..d1059aa 100644
wake_up(&usb_kill_urb_queue);
usb_put_urb(urb);
diff --git a/drivers/usb/core/hub.c b/drivers/usb/core/hub.c
-index 243c672..8b66fbb 100644
+index c5c3667..e54e5cd 100644
--- a/drivers/usb/core/hub.c
+++ b/drivers/usb/core/hub.c
@@ -27,6 +27,7 @@
@@ -48959,7 +49471,7 @@ index 0a6ee2e..6f8d7e8 100644
INIT_LIST_HEAD(&dev->ep0.urb_list);
dev->ep0.desc.bLength = USB_DT_ENDPOINT_SIZE;
diff --git a/drivers/usb/dwc3/gadget.c b/drivers/usb/dwc3/gadget.c
-index 5452c0f..34c9145 100644
+index 02e44fc..3c4fe64 100644
--- a/drivers/usb/dwc3/gadget.c
+++ b/drivers/usb/dwc3/gadget.c
@@ -532,8 +532,6 @@ static int __dwc3_gadget_ep_enable(struct dwc3_ep *dep,
@@ -52899,7 +53411,7 @@ index 89dec7f..361b0d75 100644
fd_offset + ex.a_text);
if (error != N_DATADDR(ex)) {
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 4c94a79..f428019 100644
+index 4c94a79..228e9da 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -34,6 +34,7 @@
@@ -53068,7 +53580,7 @@ index 4c94a79..f428019 100644
}
error = load_addr;
-@@ -538,6 +569,315 @@ out:
+@@ -538,6 +569,322 @@ out:
return error;
}
@@ -53302,34 +53814,41 @@ index 4c94a79..f428019 100644
+ unsigned long pax_flags_hardmode = 0UL, pax_flags_softmode = 0UL;
+
+ xattr_size = pax_getxattr(file->f_path.dentry, xattr_value, sizeof xattr_value);
-+ if (xattr_size <= 0 || xattr_size > sizeof xattr_value)
++ switch (xattr_size) {
++ default:
+ return ~0UL;
+
-+ for (i = 0; i < xattr_size; i++)
-+ switch (xattr_value[i]) {
-+ default:
-+ return ~0UL;
-+
-+#define parse_flag(option1, option2, flag) \
-+ case option1: \
-+ if (pax_flags_hardmode & MF_PAX_##flag) \
-+ return ~0UL; \
-+ pax_flags_hardmode |= MF_PAX_##flag; \
-+ break; \
-+ case option2: \
-+ if (pax_flags_softmode & MF_PAX_##flag) \
-+ return ~0UL; \
-+ pax_flags_softmode |= MF_PAX_##flag; \
-+ break;
++ case -ENODATA:
++ break;
+
-+ parse_flag('p', 'P', PAGEEXEC);
-+ parse_flag('e', 'E', EMUTRAMP);
-+ parse_flag('m', 'M', MPROTECT);
-+ parse_flag('r', 'R', RANDMMAP);
-+ parse_flag('s', 'S', SEGMEXEC);
++ case 0 ... sizeof xattr_value:
++ for (i = 0; i < xattr_size; i++)
++ switch (xattr_value[i]) {
++ default:
++ return ~0UL;
++
++#define parse_flag(option1, option2, flag) \
++ case option1: \
++ if (pax_flags_hardmode & MF_PAX_##flag) \
++ return ~0UL; \
++ pax_flags_hardmode |= MF_PAX_##flag; \
++ break; \
++ case option2: \
++ if (pax_flags_softmode & MF_PAX_##flag) \
++ return ~0UL; \
++ pax_flags_softmode |= MF_PAX_##flag; \
++ break;
++
++ parse_flag('p', 'P', PAGEEXEC);
++ parse_flag('e', 'E', EMUTRAMP);
++ parse_flag('m', 'M', MPROTECT);
++ parse_flag('r', 'R', RANDMMAP);
++ parse_flag('s', 'S', SEGMEXEC);
+
+#undef parse_flag
-+ }
++ }
++ break;
++ }
+
+ if (pax_flags_hardmode & pax_flags_softmode)
+ return ~0UL;
@@ -53384,7 +53903,7 @@ index 4c94a79..f428019 100644
/*
* These are the functions used to load ELF style executables and shared
* libraries. There is no binary dependent code anywhere else.
-@@ -554,6 +894,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
+@@ -554,6 +901,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top)
{
unsigned int random_variable = 0;
@@ -53396,7 +53915,7 @@ index 4c94a79..f428019 100644
if ((current->flags & PF_RANDOMIZE) &&
!(current->personality & ADDR_NO_RANDOMIZE)) {
random_variable = get_random_int() & STACK_RND_MASK;
-@@ -572,7 +917,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -572,7 +924,7 @@ static int load_elf_binary(struct linux_binprm *bprm)
unsigned long load_addr = 0, load_bias = 0;
int load_addr_set = 0;
char * elf_interpreter = NULL;
@@ -53405,7 +53924,7 @@ index 4c94a79..f428019 100644
struct elf_phdr *elf_ppnt, *elf_phdata;
unsigned long elf_bss, elf_brk;
int retval, i;
-@@ -582,12 +927,12 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -582,12 +934,12 @@ static int load_elf_binary(struct linux_binprm *bprm)
unsigned long start_code, end_code, start_data, end_data;
unsigned long reloc_func_desc __maybe_unused = 0;
int executable_stack = EXSTACK_DEFAULT;
@@ -53415,15 +53934,20 @@ index 4c94a79..f428019 100644
struct elfhdr elf_ex;
struct elfhdr interp_elf_ex;
} *loc;
-+ unsigned long pax_task_size = TASK_SIZE;
++ unsigned long pax_task_size;
loc = kmalloc(sizeof(*loc), GFP_KERNEL);
if (!loc) {
-@@ -723,11 +1068,81 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -723,11 +1075,82 @@ static int load_elf_binary(struct linux_binprm *bprm)
goto out_free_dentry;
/* OK, This is the point of no return */
- current->mm->def_flags = def_flags;
++ current->mm->def_flags = 0;
+
+ /* Do this immediately, since STACK_TOP as used in setup_arg_pages
+ may depend on the personality. */
+ SET_PERSONALITY(loc->elf_ex);
+
+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
+ current->mm->pax_flags = 0UL;
@@ -53442,8 +53966,6 @@ index 4c94a79..f428019 100644
+ current->mm->delta_stack = 0UL;
+#endif
+
-+ current->mm->def_flags = 0;
-+
+#if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
+ if (0 > pax_parse_pax_flags(&loc->elf_ex, elf_phdata, bprm->file)) {
+ send_sig(SIGKILL, current, 0);
@@ -53471,19 +53993,17 @@ index 4c94a79..f428019 100644
+ current->mm->context.user_cs_limit = TASK_SIZE-SEGMEXEC_TASK_SIZE;
+ pax_task_size = SEGMEXEC_TASK_SIZE;
+ current->mm->def_flags |= VM_NOHUGEPAGE;
-+ }
++ } else
+#endif
+
++ pax_task_size = TASK_SIZE;
++
+#if defined(CONFIG_ARCH_TRACK_EXEC_LIMIT) || defined(CONFIG_PAX_SEGMEXEC)
+ if (current->mm->pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)) {
+ set_user_cs(current->mm->context.user_cs_base, current->mm->context.user_cs_limit, get_cpu());
+ put_cpu();
+ }
+#endif
-
- /* Do this immediately, since STACK_TOP as used in setup_arg_pages
- may depend on the personality. */
- SET_PERSONALITY(loc->elf_ex);
+
+#ifdef CONFIG_PAX_ASLR
+ if (current->mm->pax_flags & MF_PAX_RANDMMAP) {
@@ -53502,7 +54022,7 @@ index 4c94a79..f428019 100644
if (elf_read_implies_exec(loc->elf_ex, executable_stack))
current->personality |= READ_IMPLIES_EXEC;
-@@ -817,6 +1232,20 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -817,6 +1240,20 @@ static int load_elf_binary(struct linux_binprm *bprm)
#else
load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr);
#endif
@@ -53523,7 +54043,7 @@ index 4c94a79..f428019 100644
}
error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt,
-@@ -849,9 +1278,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -849,9 +1286,9 @@ static int load_elf_binary(struct linux_binprm *bprm)
* allowed task size. Note that p_filesz must always be
* <= p_memsz so it is only necessary to check p_memsz.
*/
@@ -53536,7 +54056,7 @@ index 4c94a79..f428019 100644
/* set_brk can never work. Avoid overflows. */
send_sig(SIGKILL, current, 0);
retval = -EINVAL;
-@@ -890,17 +1319,45 @@ static int load_elf_binary(struct linux_binprm *bprm)
+@@ -890,17 +1327,45 @@ static int load_elf_binary(struct linux_binprm *bprm)
goto out_free_dentry;
}
if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) {
@@ -53588,7 +54108,7 @@ index 4c94a79..f428019 100644
load_bias);
if (!IS_ERR((void *)elf_entry)) {
/*
-@@ -1122,7 +1579,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
+@@ -1122,7 +1587,7 @@ static bool always_dump_vma(struct vm_area_struct *vma)
* Decide what to dump of a segment, part, all or none.
*/
static unsigned long vma_dump_size(struct vm_area_struct *vma,
@@ -53597,7 +54117,7 @@ index 4c94a79..f428019 100644
{
#define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type))
-@@ -1160,7 +1617,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
+@@ -1160,7 +1625,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma,
if (vma->vm_file == NULL)
return 0;
@@ -53606,7 +54126,7 @@ index 4c94a79..f428019 100644
goto whole;
/*
-@@ -1385,9 +1842,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
+@@ -1385,9 +1850,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm)
{
elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv;
int i = 0;
@@ -53618,7 +54138,7 @@ index 4c94a79..f428019 100644
fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv);
}
-@@ -1396,7 +1853,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
+@@ -1396,7 +1861,7 @@ static void fill_siginfo_note(struct memelfnote *note, user_siginfo_t *csigdata,
{
mm_segment_t old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -53627,7 +54147,7 @@ index 4c94a79..f428019 100644
set_fs(old_fs);
fill_note(note, "CORE", NT_SIGINFO, sizeof(*csigdata), csigdata);
}
-@@ -2023,14 +2480,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
+@@ -2023,14 +2488,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum,
}
static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma,
@@ -53644,7 +54164,7 @@ index 4c94a79..f428019 100644
return size;
}
-@@ -2123,7 +2580,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2123,7 +2588,7 @@ static int elf_core_dump(struct coredump_params *cprm)
dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE);
@@ -53653,7 +54173,7 @@ index 4c94a79..f428019 100644
offset += elf_core_extra_data_size();
e_shoff = offset;
-@@ -2137,10 +2594,12 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2137,10 +2602,12 @@ static int elf_core_dump(struct coredump_params *cprm)
offset = dataoff;
size += sizeof(*elf);
@@ -53666,7 +54186,7 @@ index 4c94a79..f428019 100644
if (size > cprm->limit
|| !dump_write(cprm->file, phdr4note, sizeof(*phdr4note)))
goto end_coredump;
-@@ -2154,7 +2613,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2154,7 +2621,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_offset = offset;
phdr.p_vaddr = vma->vm_start;
phdr.p_paddr = 0;
@@ -53675,7 +54195,7 @@ index 4c94a79..f428019 100644
phdr.p_memsz = vma->vm_end - vma->vm_start;
offset += phdr.p_filesz;
phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0;
-@@ -2165,6 +2624,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2165,6 +2632,7 @@ static int elf_core_dump(struct coredump_params *cprm)
phdr.p_align = ELF_EXEC_PAGESIZE;
size += sizeof(phdr);
@@ -53683,7 +54203,7 @@ index 4c94a79..f428019 100644
if (size > cprm->limit
|| !dump_write(cprm->file, &phdr, sizeof(phdr)))
goto end_coredump;
-@@ -2189,7 +2649,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2189,7 +2657,7 @@ static int elf_core_dump(struct coredump_params *cprm)
unsigned long addr;
unsigned long end;
@@ -53692,7 +54212,7 @@ index 4c94a79..f428019 100644
for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) {
struct page *page;
-@@ -2198,6 +2658,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2198,6 +2666,7 @@ static int elf_core_dump(struct coredump_params *cprm)
page = get_dump_page(addr);
if (page) {
void *kaddr = kmap(page);
@@ -53700,7 +54220,7 @@ index 4c94a79..f428019 100644
stop = ((size += PAGE_SIZE) > cprm->limit) ||
!dump_write(cprm->file, kaddr,
PAGE_SIZE);
-@@ -2215,6 +2676,7 @@ static int elf_core_dump(struct coredump_params *cprm)
+@@ -2215,6 +2684,7 @@ static int elf_core_dump(struct coredump_params *cprm)
if (e_phnum == PN_XNUM) {
size += sizeof(*shdr4extnum);
@@ -53708,7 +54228,7 @@ index 4c94a79..f428019 100644
if (size > cprm->limit
|| !dump_write(cprm->file, shdr4extnum,
sizeof(*shdr4extnum)))
-@@ -2235,6 +2697,167 @@ out:
+@@ -2235,6 +2705,167 @@ out:
#endif /* CONFIG_ELF_CORE */
@@ -53957,7 +54477,7 @@ index 1e86823..8e34695 100644
else if (whole->bd_holder != NULL)
return false; /* is a partition of a held device */
diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c
-index 61b5bcd..7eeede8 100644
+index b544a44..f3fb987 100644
--- a/fs/btrfs/ctree.c
+++ b/fs/btrfs/ctree.c
@@ -1028,9 +1028,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans,
@@ -54030,10 +54550,10 @@ index a4b38f9..f86a509 100644
spin_lock_init(&delayed_root->lock);
init_waitqueue_head(&delayed_root->wait);
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
-index 9d46f60..a8f09eb 100644
+index 8747feb..ad1655c 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
-@@ -3464,9 +3464,12 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -3465,9 +3465,12 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
for (i = 0; i < num_types; i++) {
struct btrfs_space_info *tmp;
@@ -54046,7 +54566,7 @@ index 9d46f60..a8f09eb 100644
info = NULL;
rcu_read_lock();
list_for_each_entry_rcu(tmp, &root->fs_info->space_info,
-@@ -3488,10 +3491,7 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
+@@ -3489,10 +3492,7 @@ static long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg)
memcpy(dest, &space, sizeof(space));
dest++;
space_args.total_spaces++;
@@ -54433,6 +54953,28 @@ index c8e03f8..75362f6 100644
#endif
GLOBAL_EXTERN atomic_t smBufAllocCount;
GLOBAL_EXTERN atomic_t midCount;
+diff --git a/fs/cifs/file.c b/fs/cifs/file.c
+index 7ddddf2..2e12dbc 100644
+--- a/fs/cifs/file.c
++++ b/fs/cifs/file.c
+@@ -1900,10 +1900,14 @@ static int cifs_writepages(struct address_space *mapping,
+ index = mapping->writeback_index; /* Start from prev offset */
+ end = -1;
+ } else {
+- index = wbc->range_start >> PAGE_CACHE_SHIFT;
+- end = wbc->range_end >> PAGE_CACHE_SHIFT;
+- if (wbc->range_start == 0 && wbc->range_end == LLONG_MAX)
++ if (wbc->range_start == 0 && wbc->range_end == LLONG_MAX) {
+ range_whole = true;
++ index = 0;
++ end = ULONG_MAX;
++ } else {
++ index = wbc->range_start >> PAGE_CACHE_SHIFT;
++ end = wbc->range_end >> PAGE_CACHE_SHIFT;
++ }
+ scanned = true;
+ }
+ retry:
diff --git a/fs/cifs/link.c b/fs/cifs/link.c
index 7e36ceb..109252f 100644
--- a/fs/cifs/link.c
@@ -55069,9 +55611,18 @@ index 9bdeca1..2a9b08d 100644
EXPORT_SYMBOL(dump_write);
diff --git a/fs/dcache.c b/fs/dcache.c
-index 89f9671..5977a84 100644
+index 89f9671..d2dce57 100644
--- a/fs/dcache.c
+++ b/fs/dcache.c
+@@ -1570,7 +1570,7 @@ struct dentry *__d_alloc(struct super_block *sb, const struct qstr *name)
+ */
+ dentry->d_iname[DNAME_INLINE_LEN-1] = 0;
+ if (name->len > DNAME_INLINE_LEN-1) {
+- dname = kmalloc(name->len + 1, GFP_KERNEL);
++ dname = kmalloc(round_up(name->len + 1, sizeof(unsigned long)), GFP_KERNEL);
+ if (!dname) {
+ kmem_cache_free(dentry_cache, dentry);
+ return NULL;
@@ -2893,6 +2893,7 @@ static int prepend_path(const struct path *path,
restart:
bptr = *buffer;
@@ -56262,7 +56813,7 @@ index 999ff5c..41f4109 100644
sizeof(struct file_handle) + handle_bytes))
retval = -EFAULT;
diff --git a/fs/file.c b/fs/file.c
-index 4a78f98..9447397 100644
+index 4a78f98..f9a6d25 100644
--- a/fs/file.c
+++ b/fs/file.c
@@ -16,6 +16,7 @@
@@ -56273,6 +56824,24 @@ index 4a78f98..9447397 100644
#include <linux/fdtable.h>
#include <linux/bitops.h>
#include <linux/interrupt.h>
+@@ -141,7 +142,7 @@ out:
+ * Return <0 error code on error; 1 on successful completion.
+ * The files->file_lock should be held on entry, and will be held on exit.
+ */
+-static int expand_fdtable(struct files_struct *files, int nr)
++static int expand_fdtable(struct files_struct *files, unsigned int nr)
+ __releases(files->file_lock)
+ __acquires(files->file_lock)
+ {
+@@ -186,7 +187,7 @@ static int expand_fdtable(struct files_struct *files, int nr)
+ * expanded and execution may have blocked.
+ * The files->file_lock should be held on entry, and will be held on exit.
+ */
+-static int expand_files(struct files_struct *files, int nr)
++static int expand_files(struct files_struct *files, unsigned int nr)
+ {
+ struct fdtable *fdt;
+
@@ -828,6 +829,7 @@ int replace_fd(unsigned fd, struct file *file, unsigned flags)
if (!file)
return __close_fd(files, fd);
@@ -58813,10 +59382,10 @@ index ecc735e..79b2d31 100644
};
diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c
-index 9186c7c..3fdde3e 100644
+index b6af150..f6ec5e3 100644
--- a/fs/nfsd/nfscache.c
+++ b/fs/nfsd/nfscache.c
-@@ -540,14 +540,17 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
+@@ -547,14 +547,17 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
{
struct svc_cacherep *rp = rqstp->rq_cacherep;
struct kvec *resv = &rqstp->rq_res.head[0], *cachv;
@@ -59289,7 +59858,7 @@ index d420331..2dbb3fd 100644
}
putname(tmp);
diff --git a/fs/pipe.c b/fs/pipe.c
-index d2c45e1..009fe1c 100644
+index 0e0752e..7cfdd50 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -56,7 +56,7 @@ unsigned int pipe_min_size = PAGE_SIZE;
@@ -59370,7 +59939,16 @@ index d2c45e1..009fe1c 100644
mask |= POLLERR;
}
-@@ -734,17 +734,17 @@ pipe_release(struct inode *inode, struct file *file)
+@@ -731,7 +731,7 @@ static void put_pipe_info(struct inode *inode, struct pipe_inode_info *pipe)
+ int kill = 0;
+
+ spin_lock(&inode->i_lock);
+- if (!--pipe->files) {
++ if (atomic_dec_and_test(&pipe->files)) {
+ inode->i_pipe = NULL;
+ kill = 1;
+ }
+@@ -748,11 +748,11 @@ pipe_release(struct inode *inode, struct file *file)
__pipe_lock(pipe);
if (file->f_mode & FMODE_READ)
@@ -59385,14 +59963,7 @@ index d2c45e1..009fe1c 100644
wake_up_interruptible_sync_poll(&pipe->wait, POLLIN | POLLOUT | POLLRDNORM | POLLWRNORM | POLLERR | POLLHUP);
kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN);
kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT);
- }
- spin_lock(&inode->i_lock);
-- if (!--pipe->files) {
-+ if (atomic_dec_and_test(&pipe->files)) {
- inode->i_pipe = NULL;
- kill = 1;
- }
-@@ -811,7 +811,7 @@ void free_pipe_info(struct pipe_inode_info *pipe)
+@@ -817,7 +817,7 @@ void free_pipe_info(struct pipe_inode_info *pipe)
kfree(pipe);
}
@@ -59401,7 +59972,7 @@ index d2c45e1..009fe1c 100644
/*
* pipefs_dname() is called from d_path().
-@@ -841,8 +841,9 @@ static struct inode * get_pipe_inode(void)
+@@ -847,8 +847,9 @@ static struct inode * get_pipe_inode(void)
goto fail_iput;
inode->i_pipe = pipe;
@@ -59413,7 +59984,7 @@ index d2c45e1..009fe1c 100644
inode->i_fop = &pipefifo_fops;
/*
-@@ -1022,17 +1023,17 @@ static int fifo_open(struct inode *inode, struct file *filp)
+@@ -1027,17 +1028,17 @@ static int fifo_open(struct inode *inode, struct file *filp)
spin_lock(&inode->i_lock);
if (inode->i_pipe) {
pipe = inode->i_pipe;
@@ -59434,7 +60005,7 @@ index d2c45e1..009fe1c 100644
spin_unlock(&inode->i_lock);
free_pipe_info(pipe);
pipe = inode->i_pipe;
-@@ -1057,10 +1058,10 @@ static int fifo_open(struct inode *inode, struct file *filp)
+@@ -1062,10 +1063,10 @@ static int fifo_open(struct inode *inode, struct file *filp)
* opened, even when there is no process writing the FIFO.
*/
pipe->r_counter++;
@@ -59447,7 +60018,7 @@ index d2c45e1..009fe1c 100644
if ((filp->f_flags & O_NONBLOCK)) {
/* suppress POLLHUP until we have
* seen a writer */
-@@ -1079,14 +1080,14 @@ static int fifo_open(struct inode *inode, struct file *filp)
+@@ -1084,14 +1085,14 @@ static int fifo_open(struct inode *inode, struct file *filp)
* errno=ENXIO when there is no process reading the FIFO.
*/
ret = -ENXIO;
@@ -59465,7 +60036,7 @@ index d2c45e1..009fe1c 100644
if (wait_for_partner(pipe, &pipe->r_counter))
goto err_wr;
}
-@@ -1100,11 +1101,11 @@ static int fifo_open(struct inode *inode, struct file *filp)
+@@ -1105,11 +1106,11 @@ static int fifo_open(struct inode *inode, struct file *filp)
* the process can at least talk to itself.
*/
@@ -59480,7 +60051,7 @@ index d2c45e1..009fe1c 100644
wake_up_partner(pipe);
break;
-@@ -1118,20 +1119,20 @@ static int fifo_open(struct inode *inode, struct file *filp)
+@@ -1123,13 +1124,13 @@ static int fifo_open(struct inode *inode, struct file *filp)
return 0;
err_rd:
@@ -59496,14 +60067,6 @@ index d2c45e1..009fe1c 100644
wake_up_interruptible(&pipe->wait);
ret = -ERESTARTSYS;
goto err;
-
- err:
- spin_lock(&inode->i_lock);
-- if (!--pipe->files) {
-+ if (atomic_dec_and_test(&pipe->files)) {
- inode->i_pipe = NULL;
- kill = 1;
- }
diff --git a/fs/proc/Kconfig b/fs/proc/Kconfig
index 15af622..0e9f4467 100644
--- a/fs/proc/Kconfig
@@ -61294,7 +61857,7 @@ index 3b7ee65..87fc2e4 100644
pipe_unlock(ipipe);
diff --git a/fs/stat.c b/fs/stat.c
-index d0ea7ef..f463f9d 100644
+index ae0c3ce..9ee641c 100644
--- a/fs/stat.c
+++ b/fs/stat.c
@@ -28,8 +28,13 @@ void generic_fillattr(struct inode *inode, struct kstat *stat)
@@ -61313,9 +61876,11 @@ index d0ea7ef..f463f9d 100644
stat->ctime = inode->i_ctime;
stat->blksize = (1 << inode->i_blkbits);
stat->blocks = inode->i_blocks;
-@@ -46,8 +51,14 @@ int vfs_getattr(struct path *path, struct kstat *stat)
- if (retval)
- return retval;
+@@ -52,9 +57,16 @@ EXPORT_SYMBOL(generic_fillattr);
+ int vfs_getattr_nosec(struct path *path, struct kstat *stat)
+ {
+ struct inode *inode = path->dentry->d_inode;
++ int retval;
- if (inode->i_op->getattr)
- return inode->i_op->getattr(path->mnt, path->dentry, stat);
@@ -61670,7 +62235,7 @@ index 8f84153..7ce60d0 100644
return 0;
sfep = xfs_dir3_sf_nextentry(mp, sfp, sfep);
diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
-index 2e1e6c3..689f742 100644
+index 8c8ef24..689f742 100644
--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c
@@ -127,7 +127,7 @@ xfs_find_handle(
@@ -61682,30 +62247,6 @@ index 2e1e6c3..689f742 100644
copy_to_user(hreq->ohandlen, &hsize, sizeof(__s32)))
goto out_put;
-@@ -443,7 +443,8 @@ xfs_attrlist_by_handle(
- return -XFS_ERROR(EPERM);
- if (copy_from_user(&al_hreq, arg, sizeof(xfs_fsop_attrlist_handlereq_t)))
- return -XFS_ERROR(EFAULT);
-- if (al_hreq.buflen > XATTR_LIST_MAX)
-+ if (al_hreq.buflen < sizeof(struct attrlist) ||
-+ al_hreq.buflen > XATTR_LIST_MAX)
- return -XFS_ERROR(EINVAL);
-
- /*
-diff --git a/fs/xfs/xfs_ioctl32.c b/fs/xfs/xfs_ioctl32.c
-index f671f7e..53365c6 100644
---- a/fs/xfs/xfs_ioctl32.c
-+++ b/fs/xfs/xfs_ioctl32.c
-@@ -357,7 +357,8 @@ xfs_compat_attrlist_by_handle(
- if (copy_from_user(&al_hreq, arg,
- sizeof(compat_xfs_fsop_attrlist_handlereq_t)))
- return -XFS_ERROR(EFAULT);
-- if (al_hreq.buflen > XATTR_LIST_MAX)
-+ if (al_hreq.buflen < sizeof(struct attrlist) ||
-+ al_hreq.buflen > XATTR_LIST_MAX)
- return -XFS_ERROR(EINVAL);
-
- /*
diff --git a/fs/xfs/xfs_iops.c b/fs/xfs/xfs_iops.c
index 2b8952d..a60c6be 100644
--- a/fs/xfs/xfs_iops.c
@@ -67113,10 +67654,10 @@ index 0000000..25f54ef
+};
diff --git a/grsecurity/gracl_policy.c b/grsecurity/gracl_policy.c
new file mode 100644
-index 0000000..36e293f
+index 0000000..361a099
--- /dev/null
+++ b/grsecurity/gracl_policy.c
-@@ -0,0 +1,1777 @@
+@@ -0,0 +1,1782 @@
+#include <linux/kernel.h>
+#include <linux/module.h>
+#include <linux/sched.h>
@@ -67576,12 +68117,12 @@ index 0000000..36e293f
+ printk(KERN_ALERT "Obtained real root device=%d, inode=%lu\n", __get_dev(gr_real_root.dentry), gr_real_root.dentry->d_inode->i_ino);
+#endif
+
-+ fakefs_obj_rw = acl_alloc(sizeof(struct acl_object_label));
++ fakefs_obj_rw = kzalloc(sizeof(struct acl_object_label), GFP_KERNEL);
+ if (fakefs_obj_rw == NULL)
+ return 1;
+ fakefs_obj_rw->mode = GR_FIND | GR_READ | GR_WRITE;
+
-+ fakefs_obj_rwx = acl_alloc(sizeof(struct acl_object_label));
++ fakefs_obj_rwx = kzalloc(sizeof(struct acl_object_label), GFP_KERNEL);
+ if (fakefs_obj_rwx == NULL)
+ return 1;
+ fakefs_obj_rwx->mode = GR_FIND | GR_READ | GR_WRITE | GR_EXEC;
@@ -67659,6 +68200,11 @@ index 0000000..36e293f
+ } while_each_thread(task2, task);
+ read_unlock(&tasklist_lock);
+
++ kfree(fakefs_obj_rw);
++ fakefs_obj_rw = NULL;
++ kfree(fakefs_obj_rwx);
++ fakefs_obj_rwx = NULL;
++
+ /* release the reference to the real root dentry and vfsmount */
+ path_put(&gr_real_root);
+ memset(&gr_real_root, 0, sizeof(gr_real_root));
@@ -72519,7 +73065,7 @@ index 77ff547..181834f 100644
#define pud_none(pud) 0
#define pud_bad(pud) 0
diff --git a/include/asm-generic/atomic-long.h b/include/asm-generic/atomic-long.h
-index b7babf0..04ad282 100644
+index b7babf0..97f4c4f 100644
--- a/include/asm-generic/atomic-long.h
+++ b/include/asm-generic/atomic-long.h
@@ -22,6 +22,12 @@
@@ -72631,7 +73177,15 @@ index b7babf0..04ad282 100644
static inline int atomic_long_sub_and_test(long i, atomic_long_t *l)
{
atomic64_t *v = (atomic64_t *)l;
-@@ -101,6 +161,15 @@ static inline long atomic_long_add_return(long i, atomic_long_t *l)
+@@ -94,13 +154,22 @@ static inline int atomic_long_add_negative(long i, atomic_long_t *l)
+ return atomic64_add_negative(i, v);
+ }
+
+-static inline long atomic_long_add_return(long i, atomic_long_t *l)
++static inline long __intentional_overflow(-1) atomic_long_add_return(long i, atomic_long_t *l)
+ {
+ atomic64_t *v = (atomic64_t *)l;
+
return (long)atomic64_add_return(i, v);
}
@@ -73989,7 +74543,7 @@ index 0bc7275..4ccbf11 100644
unsigned int offset, size_t len);
diff --git a/include/linux/efi.h b/include/linux/efi.h
-index 5f8f176..62a0556 100644
+index 094ddd0..f1dfcd3 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -745,6 +745,7 @@ struct efivar_operations {
@@ -74001,7 +74555,7 @@ index 5f8f176..62a0556 100644
struct efivars {
/*
diff --git a/include/linux/elf.h b/include/linux/elf.h
-index 40a3c0e..4c45a38 100644
+index 40a3c0e0..4c45a38 100644
--- a/include/linux/elf.h
+++ b/include/linux/elf.h
@@ -24,6 +24,7 @@ extern Elf32_Dyn _DYNAMIC [];
@@ -74092,7 +74646,7 @@ index 8293262..2b3b8bd 100644
extern bool frontswap_enabled;
extern struct frontswap_ops *
diff --git a/include/linux/fs.h b/include/linux/fs.h
-index fefa7b0..5e04a8b 100644
+index 164d2a9..0ffa41d0 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1552,7 +1552,8 @@ struct file_operations {
@@ -74105,7 +74659,7 @@ index fefa7b0..5e04a8b 100644
struct inode_operations {
struct dentry * (*lookup) (struct inode *,struct dentry *, unsigned int);
-@@ -2746,4 +2747,14 @@ static inline bool dir_relax(struct inode *inode)
+@@ -2747,4 +2748,14 @@ static inline bool dir_relax(struct inode *inode)
return !IS_DEADDIR(inode);
}
@@ -77195,7 +77749,7 @@ index cc7494a..1e27036 100644
extern bool qid_valid(struct kqid qid);
diff --git a/include/linux/random.h b/include/linux/random.h
-index bf9085e..128eade 100644
+index bf9085e..1e8bbcf 100644
--- a/include/linux/random.h
+++ b/include/linux/random.h
@@ -10,9 +10,19 @@
@@ -77220,11 +77774,23 @@ index bf9085e..128eade 100644
extern void get_random_bytes(void *buf, int nbytes);
extern void get_random_bytes_arch(void *buf, int nbytes);
-@@ -33,6 +43,11 @@ void prandom_seed(u32 seed);
+@@ -23,16 +33,21 @@ extern int random_int_secret_init(void);
+ extern const struct file_operations random_fops, urandom_fops;
+ #endif
+
+-unsigned int get_random_int(void);
++unsigned int __intentional_overflow(-1) get_random_int(void);
+ unsigned long randomize_range(unsigned long start, unsigned long end, unsigned long len);
+
+-u32 prandom_u32(void);
++u32 prandom_u32(void) __intentional_overflow(-1);
+ void prandom_bytes(void *buf, int nbytes);
+ void prandom_seed(u32 seed);
+
u32 prandom_u32_state(struct rnd_state *);
void prandom_bytes_state(struct rnd_state *state, void *buf, int nbytes);
-+static inline unsigned long pax_get_random_long(void)
++static inline unsigned long __intentional_overflow(-1) pax_get_random_long(void)
+{
+ return prandom_u32() + (sizeof(long) > 4 ? (unsigned long)prandom_u32() << 32 : 0);
+}
@@ -78415,7 +78981,7 @@ index 99c1b4d..562e6f3 100644
static inline void put_unaligned_le16(u16 val, void *p)
diff --git a/include/linux/usb.h b/include/linux/usb.h
-index 39cfa0a..d45fa38 100644
+index 6b02370..2355ffa 100644
--- a/include/linux/usb.h
+++ b/include/linux/usb.h
@@ -563,7 +563,7 @@ struct usb_device {
@@ -78427,7 +78993,7 @@ index 39cfa0a..d45fa38 100644
unsigned long active_duration;
-@@ -1637,7 +1637,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in,
+@@ -1639,7 +1639,7 @@ void usb_buffer_unmap_sg(const struct usb_device *dev, int is_in,
extern int usb_control_msg(struct usb_device *dev, unsigned int pipe,
__u8 request, __u8 requesttype, __u16 value, __u16 index,
@@ -81824,7 +82390,7 @@ index 086fe73..72c1122 100644
else
new_fs = fs;
diff --git a/kernel/futex.c b/kernel/futex.c
-index c3a1a55..e32b4a98 100644
+index 221a58f..1b8cfce 100644
--- a/kernel/futex.c
+++ b/kernel/futex.c
@@ -54,6 +54,7 @@
@@ -82113,10 +82679,10 @@ index e30ac0f..3528cac 100644
/*
diff --git a/kernel/kexec.c b/kernel/kexec.c
-index 2a74f30..d139351 100644
+index ecd783d..9aa270c 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
-@@ -1041,7 +1041,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry,
+@@ -1044,7 +1044,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry,
unsigned long flags)
{
struct compat_kexec_segment in;
@@ -84918,7 +85484,7 @@ index 5ac63c9..d912786 100644
#else
static void register_sched_domain_sysctl(void)
diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c
-index 7c70201..23f52b6 100644
+index 513fc2f..906a851 100644
--- a/kernel/sched/fair.c
+++ b/kernel/sched/fair.c
@@ -869,7 +869,7 @@ void task_numa_fault(int node, int pages, bool migrated)
@@ -84930,7 +85496,7 @@ index 7c70201..23f52b6 100644
p->mm->numa_scan_offset = 0;
}
-@@ -5838,7 +5838,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
+@@ -5840,7 +5840,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { }
* run_rebalance_domains is triggered when needed from the scheduler tick.
* Also triggered for nohz idle balancing (with nohz_balancing_kick set).
*/
@@ -85664,7 +86230,7 @@ index 88c9c65..7497ebc 100644
.clock_get = alarm_clock_get,
.timer_create = alarm_timer_create,
diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c
-index 947ba25..20cbade 100644
+index 5cf6c70..ac341b0 100644
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -15,6 +15,7 @@
@@ -87232,7 +87798,7 @@ index ae4846f..b0acebe 100644
send_sig(SIGXFSZ, current, 0);
return -EFBIG;
diff --git a/mm/fremap.c b/mm/fremap.c
-index 5bff081..d8189a9 100644
+index 5bff081..bfa6e93 100644
--- a/mm/fremap.c
+++ b/mm/fremap.c
@@ -163,6 +163,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size,
@@ -87247,6 +87813,36 @@ index 5bff081..d8189a9 100644
/*
* Make sure the vma is shared, that it supports prefaulting,
* and that the remapped range is valid and fully within
+@@ -208,9 +213,10 @@ get_write_lock:
+ if (mapping_cap_account_dirty(mapping)) {
+ unsigned long addr;
+ struct file *file = get_file(vma->vm_file);
++ /* mmap_region may free vma; grab the info now */
++ vm_flags = ACCESS_ONCE(vma->vm_flags);
+
+- addr = mmap_region(file, start, size,
+- vma->vm_flags, pgoff);
++ addr = mmap_region(file, start, size, vm_flags, pgoff);
+ fput(file);
+ if (IS_ERR_VALUE(addr)) {
+ err = addr;
+@@ -218,7 +224,7 @@ get_write_lock:
+ BUG_ON(addr != start);
+ err = 0;
+ }
+- goto out;
++ goto out_freed;
+ }
+ mutex_lock(&mapping->i_mmap_mutex);
+ flush_dcache_mmap_lock(mapping);
+@@ -253,6 +259,7 @@ get_write_lock:
+ out:
+ if (vma)
+ vm_flags = vma->vm_flags;
++out_freed:
+ if (likely(!has_write_lock))
+ up_read(&mm->mmap_sem);
+ else
diff --git a/mm/highmem.c b/mm/highmem.c
index b32b70c..e512eb0 100644
--- a/mm/highmem.c
@@ -95272,7 +95868,7 @@ index 545f047..9757a9d 100644
return res;
}
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
-index 629dee7..4bdd2c8 100644
+index 9903ee5..18978be 100644
--- a/net/mac80211/cfg.c
+++ b/net/mac80211/cfg.c
@@ -826,7 +826,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy,
@@ -95284,7 +95880,7 @@ index 629dee7..4bdd2c8 100644
local->_oper_chandef = *chandef;
ieee80211_hw_config(local, 0);
}
-@@ -3125,7 +3125,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy,
+@@ -3124,7 +3124,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy,
else
local->probe_req_reg--;
@@ -95293,7 +95889,7 @@ index 629dee7..4bdd2c8 100644
break;
ieee80211_queue_work(&local->hw, &local->reconfig_filter);
-@@ -3588,8 +3588,8 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy,
+@@ -3587,8 +3587,8 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy,
if (chanctx_conf) {
*chandef = chanctx_conf->def;
ret = 0;
@@ -95402,7 +95998,7 @@ index fcecd63..a404454 100644
}
diff --git a/net/mac80211/main.c b/net/mac80211/main.c
-index 21d5d44..4fee18a 100644
+index e765f77..dfd72e7 100644
--- a/net/mac80211/main.c
+++ b/net/mac80211/main.c
@@ -172,7 +172,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed)
@@ -96851,7 +97447,7 @@ index 6b36561..4f21064 100644
table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL);
diff --git a/net/socket.c b/net/socket.c
-index e83c416..17afbfa 100644
+index e83c416..9169305 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -88,6 +88,7 @@
@@ -97053,6 +97649,15 @@ index e83c416..17afbfa 100644
/* user mode address pointers */
struct sockaddr __user *uaddr;
+@@ -2227,7 +2293,7 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
+ /* Save the user-mode address (verify_iovec will change the
+ * kernel msghdr to use the kernel address space)
+ */
+- uaddr = (__force void __user *)msg_sys->msg_name;
++ uaddr = (void __force_user *)msg_sys->msg_name;
+ uaddr_len = COMPAT_NAMELEN(msg);
+ if (MSG_CMSG_COMPAT & flags)
+ err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
@@ -2985,7 +3051,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd,
old_fs = get_fs();
set_fs(KERNEL_DS);
@@ -99592,10 +100197,10 @@ index fc3e662..7844c60 100644
lock = &avc_cache.slots_lock[hvalue];
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
-index 5b52310..da3bf8e 100644
+index d9a78fd..5038314 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
-@@ -5603,7 +5603,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
+@@ -5662,7 +5662,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
#endif
@@ -99604,7 +100209,7 @@ index 5b52310..da3bf8e 100644
.name = "selinux",
.ptrace_access_check = selinux_ptrace_access_check,
-@@ -5955,6 +5955,9 @@ static void selinux_nf_ip_exit(void)
+@@ -6014,6 +6014,9 @@ static void selinux_nf_ip_exit(void)
#ifdef CONFIG_SECURITY_SELINUX_DISABLE
static int selinux_disabled;
@@ -99614,7 +100219,7 @@ index 5b52310..da3bf8e 100644
int selinux_disable(void)
{
if (ss_initialized) {
-@@ -5972,7 +5975,9 @@ int selinux_disable(void)
+@@ -6031,7 +6034,9 @@ int selinux_disable(void)
selinux_disabled = 1;
selinux_enabled = 0;
@@ -101544,10 +102149,10 @@ index 0000000..568b360
+}
diff --git a/tools/gcc/kernexec_plugin.c b/tools/gcc/kernexec_plugin.c
new file mode 100644
-index 0000000..698da67
+index 0000000..a25306b
--- /dev/null
+++ b/tools/gcc/kernexec_plugin.c
-@@ -0,0 +1,471 @@
+@@ -0,0 +1,474 @@
+/*
+ * Copyright 2011-2013 by the PaX Team <pageexec@freemail.hu>
+ * Licensed under the GPL v2
@@ -101693,21 +102298,21 @@ index 0000000..698da67
+}
+
+/*
-+ * add special KERNEXEC instrumentation: reload %r10 after it has been clobbered
++ * add special KERNEXEC instrumentation: reload %r12 after it has been clobbered
+ */
+static void kernexec_reload_fptr_mask(gimple_stmt_iterator *gsi)
+{
+ gimple asm_movabs_stmt;
+
-+ // build asm volatile("movabs $0x8000000000000000, %%r10\n\t" : : : );
-+ asm_movabs_stmt = gimple_build_asm_vec("movabs $0x8000000000000000, %%r10\n\t", NULL, NULL, NULL, NULL);
++ // build asm volatile("movabs $0x8000000000000000, %%r12\n\t" : : : );
++ asm_movabs_stmt = gimple_build_asm_vec("movabs $0x8000000000000000, %%r12\n\t", NULL, NULL, NULL, NULL);
+ gimple_asm_set_volatile(asm_movabs_stmt, true);
+ gsi_insert_after(gsi, asm_movabs_stmt, GSI_CONTINUE_LINKING);
+ update_stmt(asm_movabs_stmt);
+}
+
+/*
-+ * find all asm() stmts that clobber r10 and add a reload of r10
++ * find all asm() stmts that clobber r12 and add a reload of r12
+ */
+static unsigned int execute_kernexec_reload(void)
+{
@@ -101718,7 +102323,7 @@ index 0000000..698da67
+ gimple_stmt_iterator gsi;
+
+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
-+ // gimple match: __asm__ ("" : : : "r10");
++ // gimple match: __asm__ ("" : : : "r12");
+ gimple asm_stmt;
+ size_t nclobbers;
+
@@ -101727,11 +102332,11 @@ index 0000000..698da67
+ if (gimple_code(asm_stmt) != GIMPLE_ASM)
+ continue;
+
-+ // ... clobbering r10
++ // ... clobbering r12
+ nclobbers = gimple_asm_nclobbers(asm_stmt);
+ while (nclobbers--) {
+ tree op = gimple_asm_clobber_op(asm_stmt, nclobbers);
-+ if (strcmp(TREE_STRING_POINTER(TREE_VALUE(op)), "r10"))
++ if (strcmp(TREE_STRING_POINTER(TREE_VALUE(op)), "r12"))
+ continue;
+ kernexec_reload_fptr_mask(&gsi);
+//print_gimple_stmt(stderr, asm_stmt, 0, TDF_LINENO);
@@ -101814,7 +102419,7 @@ index 0000000..698da67
+#endif
+ new_fptr = make_ssa_name(new_fptr, NULL);
+
-+ // build asm volatile("orq %%r10, %0\n\t" : "=r"(new_fptr) : "0"(old_fptr));
++ // build asm volatile("orq %%r12, %0\n\t" : "=r"(new_fptr) : "0"(old_fptr));
+ input = build_tree_list(NULL_TREE, build_string(1, "0"));
+ input = chainon(NULL_TREE, build_tree_list(input, old_fptr));
+ output = build_tree_list(NULL_TREE, build_string(2, "=r"));
@@ -101826,7 +102431,7 @@ index 0000000..698da67
+ vec_safe_push(inputs, input);
+ vec_safe_push(outputs, output);
+#endif
-+ asm_or_stmt = gimple_build_asm_vec("orq %%r10, %0\n\t", inputs, outputs, NULL, NULL);
++ asm_or_stmt = gimple_build_asm_vec("orq %%r12, %0\n\t", inputs, outputs, NULL, NULL);
+ SSA_NAME_DEF_STMT(new_fptr) = asm_or_stmt;
+ gimple_asm_set_volatile(asm_or_stmt, true);
+ gsi_insert_before(gsi, asm_or_stmt, GSI_SAME_STMT);
@@ -101906,19 +102511,19 @@ index 0000000..698da67
+ emit_insn_before(btsq, insn);
+}
+
-+// add special KERNEXEC instrumentation: orq %r10,(%rsp) just before retn
++// add special KERNEXEC instrumentation: orq %r12,(%rsp) just before retn
+static void kernexec_instrument_retaddr_or(rtx insn)
+{
+ rtx orq;
+ rtvec argvec, constraintvec, labelvec;
+ int line;
+
-+ // create asm volatile("orq %%r10,(%%rsp)":::)
++ // create asm volatile("orq %%r12,(%%rsp)":::)
+ argvec = rtvec_alloc(0);
+ constraintvec = rtvec_alloc(0);
+ labelvec = rtvec_alloc(0);
+ line = expand_location(RTL_LOCATION(insn)).line;
-+ orq = gen_rtx_ASM_OPERANDS(VOIDmode, "orq %%r10,(%%rsp)", empty_string, 0, argvec, constraintvec, labelvec, line);
++ orq = gen_rtx_ASM_OPERANDS(VOIDmode, "orq %%r12,(%%rsp)", empty_string, 0, argvec, constraintvec, labelvec, line);
+ MEM_VOLATILE_P(orq) = 1;
+// RTX_FRAME_RELATED_P(orq) = 1; // not for ASM_OPERANDS
+ emit_insn_before(orq, insn);
@@ -101931,6 +102536,9 @@ index 0000000..698da67
+{
+ rtx insn;
+
++// if (stack_realign_drap)
++// inform(DECL_SOURCE_LOCATION(current_function_decl), "drap detected in %s\n", IDENTIFIER_POINTER(DECL_NAME(current_function_decl)));
++
+ // 1. find function returns
+ for (insn = get_insns(); insn; insn = NEXT_INSN(insn)) {
+ // rtl match: (jump_insn 41 40 42 2 (return) fptr.c:42 634 {return_internal} (nil))
@@ -102002,7 +102610,7 @@ index 0000000..698da67
+ } else if (!strcmp(argv[i].value, "or")) {
+ kernexec_instrument_fptr = kernexec_instrument_fptr_or;
+ kernexec_instrument_retaddr = kernexec_instrument_retaddr_or;
-+ fix_register("r10", 1, 1);
++ fix_register("r12", 1, 1);
+ } else
+ error(G_("invalid option argument '-fplugin-arg-%s-%s=%s'"), plugin_name, argv[i].key, argv[i].value);
+ continue;
@@ -102362,10 +102970,10 @@ index 0000000..679b9ef
+}
diff --git a/tools/gcc/size_overflow_hash.data b/tools/gcc/size_overflow_hash.data
new file mode 100644
-index 0000000..3a5b4b5
+index 0000000..a0c9844
--- /dev/null
+++ b/tools/gcc/size_overflow_hash.data
-@@ -0,0 +1,7687 @@
+@@ -0,0 +1,7723 @@
+intel_fake_agp_alloc_by_type_1 intel_fake_agp_alloc_by_type 1 1 NULL
+ocfs2_get_refcount_tree_3 ocfs2_get_refcount_tree 0 3 NULL
+batadv_orig_node_del_if_4 batadv_orig_node_del_if 2 4 NULL
@@ -102520,6 +103128,7 @@ index 0000000..3a5b4b5
+file_read_actor_1401 file_read_actor 4 1401 NULL
+vb2_vmalloc_alloc_1402 vb2_vmalloc_alloc 2 1402 NULL
+cfs_trace_copyout_string_1416 cfs_trace_copyout_string 2 1416 NULL
++pq_init_1423 pq_init 1 1423 NULL
+init_rs_internal_1436 init_rs_internal 1 1436 NULL
+vb2_dc_get_user_pages_1442 vb2_dc_get_user_pages 1-3 1442 NULL
+stack_max_size_read_1445 stack_max_size_read 3 1445 NULL
@@ -102681,7 +103290,7 @@ index 0000000..3a5b4b5
+__swab64p_2875 __swab64p 0 2875 NULL
+nla_padlen_2883 nla_padlen 1 2883 NULL
+cmm_write_2896 cmm_write 3 2896 NULL
-+alloc_page_cgroup_2919 alloc_page_cgroup 1 2919 NULL
++alloc_page_cgroup_2919 alloc_page_cgroup 1-2 2919 NULL
+osc_import_seq_write_2923 osc_import_seq_write 3 2923 NULL
+xfs_trans_get_buf_map_2927 xfs_trans_get_buf_map 4 2927 NULL
+nes_read_indexed_2946 nes_read_indexed 0 2946 NULL
@@ -102789,7 +103398,7 @@ index 0000000..3a5b4b5
+ath6kl_disconnect_timeout_read_3650 ath6kl_disconnect_timeout_read 3 3650 NULL
+i915_compat_ioctl_3656 i915_compat_ioctl 2 3656 NULL
+replace_pin_at_irq_node_3687 replace_pin_at_irq_node 2 3687 NULL
-+ntfs_attr_make_non_resident_3694 ntfs_attr_make_non_resident 0 3694 NULL
++ntfs_attr_make_non_resident_3694 ntfs_attr_make_non_resident 0-2 3694 NULL
+snd_m3_assp_read_3703 snd_m3_assp_read 0 3703 NULL nohasharray
+create_irq_3703 create_irq 0 3703 &snd_m3_assp_read_3703
+videobuf_pages_to_sg_3708 videobuf_pages_to_sg 2 3708 NULL
@@ -103066,6 +103675,7 @@ index 0000000..3a5b4b5
+hfa384x_inw_6329 hfa384x_inw 0 6329 &SyS_mincore_6329
+fuse_get_req_for_background_6337 fuse_get_req_for_background 2 6337 NULL
+ucs2_strnlen_6342 ucs2_strnlen 0 6342 NULL
++utc2ntfs_6347 utc2ntfs 0 6347 NULL
+regcache_sync_block_raw_6350 regcache_sync_block_raw 5-4 6350 NULL
+mei_dbgfs_read_devstate_6352 mei_dbgfs_read_devstate 3 6352 NULL
+_proc_do_string_6376 _proc_do_string 2 6376 NULL
@@ -103083,6 +103693,7 @@ index 0000000..3a5b4b5
+ieee80211_if_fmt_dot11MeshMaxRetries_6476 ieee80211_if_fmt_dot11MeshMaxRetries 3 6476 NULL
+qp_memcpy_from_queue_6479 qp_memcpy_from_queue 5-4 6479 NULL
+cipso_v4_map_lvl_hton_6490 cipso_v4_map_lvl_hton 0 6490 NULL
++ntfs_cluster_free_6497 ntfs_cluster_free 0 6497 NULL
+dbg_intr_buf_6501 dbg_intr_buf 2 6501 NULL
+mei_read_6507 mei_read 3 6507 NULL
+__start_delalloc_inodes_6528 __start_delalloc_inodes 0 6528 NULL
@@ -103283,6 +103894,7 @@ index 0000000..3a5b4b5
+snd_pcm_update_state_8320 snd_pcm_update_state 0 8320 NULL
+construct_key_and_link_8321 construct_key_and_link 4 8321 NULL
+ipwireless_send_packet_8328 ipwireless_send_packet 4 8328 NULL
++cfs_cpt_spread_node_8338 cfs_cpt_spread_node 0 8338 NULL
+tracing_entries_read_8345 tracing_entries_read 3 8345 NULL
+ieee80211_if_fmt_ht_opmode_8347 ieee80211_if_fmt_ht_opmode 3 8347 NULL
+generic_write_sync_8358 generic_write_sync 0 8358 NULL
@@ -103350,6 +103962,7 @@ index 0000000..3a5b4b5
+__bitmap_weight_8796 __bitmap_weight 0-2 8796 NULL
+cpuset_common_file_read_8800 cpuset_common_file_read 5 8800 NULL
+intel_ring_begin_8808 intel_ring_begin 0 8808 NULL
++ntfs_commit_pages_after_write_8809 ntfs_commit_pages_after_write 4-3 8809 NULL
+metronomefb_write_8823 metronomefb_write 3 8823 NULL
+SyS_llistxattr_8824 SyS_llistxattr 3 8824 NULL
+get_queue_depth_8833 get_queue_depth 0 8833 NULL
@@ -103425,6 +104038,7 @@ index 0000000..3a5b4b5
+ieee80211_if_fmt_txpower_9334 ieee80211_if_fmt_txpower 3 9334 NULL
+nvme_trans_fmt_get_parm_header_9340 nvme_trans_fmt_get_parm_header 2 9340 NULL
+ocfs2_orphan_for_truncate_9342 ocfs2_orphan_for_truncate 4 9342 NULL
++__ksm_enter_9347 __ksm_enter 0 9347 NULL
+ll_direct_rw_pages_9361 ll_direct_rw_pages 0 9361 NULL
+of_node_to_nid_9367 of_node_to_nid 0 9367 NULL
+sta_beacon_loss_count_read_9370 sta_beacon_loss_count_read 3 9370 NULL
@@ -103450,7 +104064,8 @@ index 0000000..3a5b4b5
+read_file_dma_9530 read_file_dma 3 9530 NULL
+ext3_alloc_branch_9534 ext3_alloc_branch 5 9534 NULL
+iwl_dbgfs_bf_params_read_9542 iwl_dbgfs_bf_params_read 3 9542 NULL
-+il_dbgfs_missed_beacon_write_9546 il_dbgfs_missed_beacon_write 3 9546 NULL
++unmerge_ksm_pages_9546 unmerge_ksm_pages 0 9546 NULL nohasharray
++il_dbgfs_missed_beacon_write_9546 il_dbgfs_missed_beacon_write 3 9546 &unmerge_ksm_pages_9546
+compat_SyS_pwritev64_9548 compat_SyS_pwritev64 3 9548 NULL
+readl_9557 readl 0 9557 NULL
+fw_node_create_9559 fw_node_create 2 9559 NULL
@@ -103558,6 +104173,7 @@ index 0000000..3a5b4b5
+whci_add_cap_10350 whci_add_cap 0 10350 NULL
+dbAllocAny_10354 dbAllocAny 0 10354 NULL
+ath6kl_listen_int_read_10355 ath6kl_listen_int_read 3 10355 NULL
++__ntfs_cluster_free_10360 __ntfs_cluster_free 0 10360 NULL
+ms_write_multiple_pages_10362 ms_write_multiple_pages 6-5 10362 NULL
+sta_ht_capa_read_10366 sta_ht_capa_read 3 10366 NULL
+ecryptfs_decode_and_decrypt_filename_10379 ecryptfs_decode_and_decrypt_filename 5 10379 NULL
@@ -104230,7 +104846,7 @@ index 0000000..3a5b4b5
+ext4_xattr_block_get_16148 ext4_xattr_block_get 0 16148 NULL
+update_block_group_16155 update_block_group 0 16155 NULL
+optimal_reclaimed_pages_16172 optimal_reclaimed_pages 0 16172 NULL
-+mapping_level_16188 mapping_level 2 16188 NULL
++mapping_level_16188 mapping_level 2-0 16188 NULL
+i40e_allocate_virt_mem_d_16191 i40e_allocate_virt_mem_d 3 16191 NULL
+tcp_syn_options_16197 tcp_syn_options 0 16197 NULL
+ath10k_htt_rx_ring_size_16201 ath10k_htt_rx_ring_size 0 16201 NULL
@@ -104270,7 +104886,7 @@ index 0000000..3a5b4b5
+ieee80211_if_read_tsf_16420 ieee80211_if_read_tsf 3 16420 NULL
+rxrpc_server_keyring_16431 rxrpc_server_keyring 3 16431 NULL
+__bio_add_page_16435 __bio_add_page 0-4 16435 NULL
-+btrfs_truncate_inode_items_16452 btrfs_truncate_inode_items 0 16452 NULL
++btrfs_truncate_inode_items_16452 btrfs_truncate_inode_items 0-4 16452 NULL
+ocfs2_expand_refcount_tree_16455 ocfs2_expand_refcount_tree 0 16455 NULL
+netlink_change_ngroups_16457 netlink_change_ngroups 2 16457 NULL
+alloc_disk_node_16458 alloc_disk_node 2 16458 NULL
@@ -104477,7 +105093,7 @@ index 0000000..3a5b4b5
+__sysfs_add_one_18258 __sysfs_add_one 0 18258 NULL
+qdisc_class_hash_alloc_18262 qdisc_class_hash_alloc 1 18262 NULL
+gfs2_alloc_sort_buffer_18275 gfs2_alloc_sort_buffer 1 18275 NULL
-+alloc_ring_18278 alloc_ring 4-2 18278 NULL
++alloc_ring_18278 alloc_ring 4-2-8 18278 NULL
+find_dirty_idx_leb_18280 find_dirty_idx_leb 0 18280 NULL
+nouveau_subdev_create__18281 nouveau_subdev_create_ 7 18281 NULL nohasharray
+bio_phys_segments_18281 bio_phys_segments 0 18281 &nouveau_subdev_create__18281
@@ -104600,6 +105216,7 @@ index 0000000..3a5b4b5
+create_gpadl_header_19064 create_gpadl_header 2 19064 NULL
+ieee80211_key_alloc_19065 ieee80211_key_alloc 3 19065 NULL
+ceph_create_snap_context_19082 ceph_create_snap_context 1 19082 NULL
++kvm_lapic_set_vapic_addr_19083 kvm_lapic_set_vapic_addr 2 19083 NULL
+sta_last_seq_ctrl_read_19106 sta_last_seq_ctrl_read 3 19106 NULL
+cifs_readv_from_socket_19109 cifs_readv_from_socket 3 19109 NULL
+ATOMIC_SUB_RETURN_19115 ATOMIC_SUB_RETURN 2 19115 NULL
@@ -104734,6 +105351,7 @@ index 0000000..3a5b4b5
+tm6000_i2c_send_regs_20250 tm6000_i2c_send_regs 5 20250 NULL
+pcpu_alloc_20255 pcpu_alloc 1-2 20255 NULL
+resource_size_20256 resource_size 0 20256 NULL
++uv_blade_to_memory_nid_20259 uv_blade_to_memory_nid 0 20259 NULL
+r10_sync_page_io_20307 r10_sync_page_io 3 20307 NULL
+dm_get_reserved_bio_based_ios_20315 dm_get_reserved_bio_based_ios 0 20315 NULL
+tx_tx_burst_programmed_read_20320 tx_tx_burst_programmed_read 3 20320 NULL
@@ -104851,6 +105469,7 @@ index 0000000..3a5b4b5
+alloc_pg_vec_21159 alloc_pg_vec 3 21159 NULL
+btrfs_add_root_ref_21186 btrfs_add_root_ref 0 21186 NULL
+cx18_v4l2_read_21196 cx18_v4l2_read 3 21196 NULL
++get_current_ntfs_time_21198 get_current_ntfs_time 0 21198 NULL
+ipc_rcu_alloc_21208 ipc_rcu_alloc 1 21208 NULL
+scsi_execute_req_flags_21215 scsi_execute_req_flags 5 21215 NULL
+_ocfs2_free_clusters_21220 _ocfs2_free_clusters 4-0 21220 NULL
@@ -104873,6 +105492,7 @@ index 0000000..3a5b4b5
+SYSC_rt_sigpending_21379 SYSC_rt_sigpending 2 21379 NULL
+video_ioctl2_21380 video_ioctl2 2 21380 NULL
+diva_get_driver_dbg_mask_21399 diva_get_driver_dbg_mask 0 21399 NULL
++sle64_to_cpu_21400 sle64_to_cpu 0-1 21400 NULL
+snd_m3_inw_21406 snd_m3_inw 0 21406 NULL
+snapshot_read_next_21426 snapshot_read_next 0 21426 NULL
+tcp_bound_to_half_wnd_21429 tcp_bound_to_half_wnd 0-2 21429 NULL
@@ -104964,7 +105584,6 @@ index 0000000..3a5b4b5
+mem_write_22232 mem_write 3 22232 NULL
+p9_virtio_zc_request_22240 p9_virtio_zc_request 6-5 22240 NULL
+fsnotify_parent_22243 fsnotify_parent 0 22243 NULL
-+atomic64_xchg_22246 atomic64_xchg 0 22246 NULL
+compat_process_vm_rw_22254 compat_process_vm_rw 3-5 22254 NULL
+ping_common_sendmsg_22261 ping_common_sendmsg 5 22261 NULL
+add_res_tree_22263 add_res_tree 7 22263 NULL
@@ -105539,6 +106158,7 @@ index 0000000..3a5b4b5
+pcf857x_irq_domain_map_26998 pcf857x_irq_domain_map 2 26998 NULL
+i2c_smbus_xfer_27006 i2c_smbus_xfer 0 27006 NULL
+omfs_allocate_range_27034 omfs_allocate_range 3 27034 NULL
++fill_read_buf_27036 fill_read_buf 0 27036 NULL
+ufs_alloc_fragments_27059 ufs_alloc_fragments 3-0-2 27059 NULL
+__videobuf_alloc_vb_27062 __videobuf_alloc_vb 1 27062 NULL
+ext4_convert_unwritten_extents_27064 ext4_convert_unwritten_extents 4-3-0 27064 NULL
@@ -105580,7 +106200,8 @@ index 0000000..3a5b4b5
+pcbit_stat_27364 pcbit_stat 2 27364 NULL
+lz4_compress_crypto_27387 lz4_compress_crypto 3 27387 NULL
+seq_read_27411 seq_read 3 27411 NULL
-+ib_dma_map_sg_27413 ib_dma_map_sg 0 27413 NULL
++ib_dma_map_sg_27413 ib_dma_map_sg 0 27413 NULL nohasharray
++zalloc_cpumask_var_node_27413 zalloc_cpumask_var_node 3 27413 &ib_dma_map_sg_27413
+ieee80211_if_read_smps_27416 ieee80211_if_read_smps 3 27416 NULL
+ocfs2_refcount_cal_cow_clusters_27422 ocfs2_refcount_cal_cow_clusters 0-3-4 27422 NULL nohasharray
+evm_inode_init_security_27422 evm_inode_init_security 0 27422 &ocfs2_refcount_cal_cow_clusters_27422
@@ -105875,7 +106496,8 @@ index 0000000..3a5b4b5
+lov_ost_pool_extend_29914 lov_ost_pool_extend 2 29914 NULL
+write_file_queue_29922 write_file_queue 3 29922 NULL
+ext4_xattr_set_acl_29930 ext4_xattr_set_acl 4 29930 NULL
-+__btrfs_getxattr_29947 __btrfs_getxattr 0 29947 NULL
++__btrfs_getxattr_29947 __btrfs_getxattr 0 29947 NULL nohasharray
++ipv6_recv_error_29947 ipv6_recv_error 3 29947 &__btrfs_getxattr_29947
+diva_os_get_context_size_29983 diva_os_get_context_size 0 29983 NULL
+arch_setup_dmar_msi_29992 arch_setup_dmar_msi 1 29992 NULL
+vmci_host_setup_notify_30002 vmci_host_setup_notify 2 30002 NULL
@@ -106164,6 +106786,7 @@ index 0000000..3a5b4b5
+__add_missing_keys_32402 __add_missing_keys 0 32402 NULL
+vmci_qp_alloc_32405 vmci_qp_alloc 5-3 32405 NULL
+regmap_irq_map_32429 regmap_irq_map 2 32429 NULL
++break_ksm_32439 break_ksm 0 32439 NULL
+__ext4_handle_dirty_super_32458 __ext4_handle_dirty_super 0 32458 NULL
+snd_pcm_sync_ptr_32461 snd_pcm_sync_ptr 0 32461 NULL
+cache_status_32462 cache_status 5 32462 NULL
@@ -106195,6 +106818,7 @@ index 0000000..3a5b4b5
+ib_sg_dma_len_32649 ib_sg_dma_len 0 32649 NULL
+generic_readlink_32654 generic_readlink 3 32654 NULL nohasharray
+ftrace_startup_32654 ftrace_startup 0 32654 &generic_readlink_32654
++get_unaligned_be24_32667 get_unaligned_be24 0 32667 NULL
+move_addr_to_kernel_32673 move_addr_to_kernel 2 32673 NULL
+apei_res_add_32674 apei_res_add 0 32674 NULL
+jfs_readpages_32702 jfs_readpages 4 32702 NULL
@@ -106328,7 +106952,6 @@ index 0000000..3a5b4b5
+get_user_pages_33908 get_user_pages 0-3-4 33908 NULL
+ath6kl_roam_mode_write_33912 ath6kl_roam_mode_write 3 33912 NULL
+queue_logical_block_size_33918 queue_logical_block_size 0 33918 NULL
-+atomic64_add_return_33927 atomic64_add_return 0-1 33927 NULL
+sel_read_avc_cache_threshold_33942 sel_read_avc_cache_threshold 3 33942 NULL
+lpfc_idiag_ctlacc_read_33943 lpfc_idiag_ctlacc_read 3 33943 NULL
+read_file_tgt_rx_stats_33944 read_file_tgt_rx_stats 3 33944 NULL nohasharray
@@ -106464,6 +107087,7 @@ index 0000000..3a5b4b5
+brcmf_sdio_chip_writenvram_35042 brcmf_sdio_chip_writenvram 4 35042 NULL
+pwr_connection_out_of_sync_read_35061 pwr_connection_out_of_sync_read 3 35061 NULL
+ext4_split_unwritten_extents_35063 ext4_split_unwritten_extents 0 35063 NULL
++ntfs_attr_extend_initialized_35084 ntfs_attr_extend_initialized 2 35084 NULL
+store_ifalias_35088 store_ifalias 4 35088 NULL
+__kfifo_uint_must_check_helper_35097 __kfifo_uint_must_check_helper 0-1 35097 NULL
+capi_write_35104 capi_write 3 35104 NULL nohasharray
@@ -106536,6 +107160,7 @@ index 0000000..3a5b4b5
+nv50_vm_create_35643 nv50_vm_create 2-3 35643 NULL
+spi_register_board_info_35651 spi_register_board_info 2 35651 NULL
+rdmaltWithLock_35669 rdmaltWithLock 0 35669 NULL
++cpu_to_sle64_35677 cpu_to_sle64 0-1 35677 NULL
+ext3_mark_iloc_dirty_35686 ext3_mark_iloc_dirty 0 35686 NULL
+dm_table_create_35687 dm_table_create 3 35687 NULL
+SYSC_pwritev_35690 SYSC_pwritev 3 35690 NULL
@@ -106859,6 +107484,7 @@ index 0000000..3a5b4b5
+_get_val_38115 _get_val 2 38115 NULL
+vmw_kms_present_38130 vmw_kms_present 9 38130 NULL
+__ntfs_copy_from_user_iovec_inatomic_38153 __ntfs_copy_from_user_iovec_inatomic 0-4-3 38153 NULL
++btrfs_extent_same_38163 btrfs_extent_same 3-2 38163 NULL
+kvm_clear_guest_38164 kvm_clear_guest 3-2 38164 NULL
+cirrus_ttm_tt_create_38167 cirrus_ttm_tt_create 2 38167 NULL
+send_rename_38170 send_rename 0 38170 NULL
@@ -106967,7 +107593,6 @@ index 0000000..3a5b4b5
+do_write_kmem_39051 do_write_kmem 1-3-0 39051 NULL
+gen_pool_create_39064 gen_pool_create 2 39064 NULL
+ext4_init_block_bitmap_39071 ext4_init_block_bitmap 3 39071 NULL
-+atomic64_add_negative_39098 atomic64_add_negative 1 39098 NULL
+ReadHFC_39104 ReadHFC 0 39104 NULL
+tomoyo_truncate_39105 tomoyo_truncate 0 39105 NULL
+leb_write_lock_39111 leb_write_lock 0 39111 NULL
@@ -107395,7 +108020,7 @@ index 0000000..3a5b4b5
+isku_sysfs_read_info_42781 isku_sysfs_read_info 6 42781 &cryptd_hash_setkey_42781
+elfcorehdr_read_notes_42786 elfcorehdr_read_notes 2 42786 NULL
+koneplus_sysfs_read_42792 koneplus_sysfs_read 6 42792 NULL
-+ntfs_attr_extend_allocation_42796 ntfs_attr_extend_allocation 0-2 42796 NULL
++ntfs_attr_extend_allocation_42796 ntfs_attr_extend_allocation 0-2-3 42796 NULL
+fw_device_op_compat_ioctl_42804 fw_device_op_compat_ioctl 2 42804 NULL
+drm_ioctl_42813 drm_ioctl 2 42813 NULL
+iwl_dbgfs_ucode_bt_stats_read_42820 iwl_dbgfs_ucode_bt_stats_read 3 42820 NULL
@@ -107456,6 +108081,7 @@ index 0000000..3a5b4b5
+mmu_set_spte_43327 mmu_set_spte 7-6 43327 NULL
+__ext4_get_inode_loc_43332 __ext4_get_inode_loc 0 43332 NULL
+kvm_host_page_size_43348 kvm_host_page_size 2-0 43348 NULL
++activation_descriptor_init_43358 activation_descriptor_init 1 43358 NULL
+gart_free_coherent_43362 gart_free_coherent 4-2 43362 NULL
+hash_net4_expire_43378 hash_net4_expire 3 43378 NULL
+xenfb_write_43412 xenfb_write 3 43412 NULL
@@ -107484,6 +108110,7 @@ index 0000000..3a5b4b5
+proc_read_43614 proc_read 3 43614 NULL
+i915_gem_execbuffer_relocate_object_slow_43618 i915_gem_execbuffer_relocate_object_slow 0 43618 NULL nohasharray
+disable_dma_on_even_43618 disable_dma_on_even 0 43618 &i915_gem_execbuffer_relocate_object_slow_43618
++alloc_thread_groups_43625 alloc_thread_groups 2 43625 NULL
+random_write_43656 random_write 3 43656 NULL
+bio_integrity_tag_43658 bio_integrity_tag 3 43658 NULL
+ext4_acl_count_43659 ext4_acl_count 0-1 43659 NULL
@@ -107534,6 +108161,7 @@ index 0000000..3a5b4b5
+xlog_recover_add_to_cont_trans_44102 xlog_recover_add_to_cont_trans 4 44102 NULL
+skb_frag_dma_map_44112 skb_frag_dma_map 0 44112 NULL
+tracing_set_trace_read_44122 tracing_set_trace_read 3 44122 NULL
++hwif_to_node_44127 hwif_to_node 0 44127 NULL
+SyS_process_vm_writev_44129 SyS_process_vm_writev 3-5 44129 NULL
+vmw_gmr_bind_44130 vmw_gmr_bind 3 44130 NULL
+lookup_extent_data_ref_44136 lookup_extent_data_ref 0 44136 NULL
@@ -107579,7 +108207,6 @@ index 0000000..3a5b4b5
+osst_do_scsi_44410 osst_do_scsi 4 44410 NULL
+check_user_page_hwpoison_44412 check_user_page_hwpoison 1 44412 NULL
+ieee80211_if_read_rc_rateidx_mcs_mask_5ghz_44423 ieee80211_if_read_rc_rateidx_mcs_mask_5ghz 3 44423 NULL
-+prandom_u32_state_44445 prandom_u32_state 0 44445 NULL
+iwl_dbgfs_bf_params_write_44450 iwl_dbgfs_bf_params_write 3 44450 NULL
+write_file_debug_44476 write_file_debug 3 44476 NULL
+btrfs_chunk_item_size_44478 btrfs_chunk_item_size 0-1 44478 NULL
@@ -107743,6 +108370,7 @@ index 0000000..3a5b4b5
+ll_max_readahead_mb_seq_write_45815 ll_max_readahead_mb_seq_write 3 45815 NULL
+fm_v4l2_init_video_device_45821 fm_v4l2_init_video_device 2 45821 NULL
+memcg_update_cache_size_45828 memcg_update_cache_size 2 45828 NULL
++ipv6_recv_rxpmtu_45830 ipv6_recv_rxpmtu 3 45830 NULL
+task_state_char_45839 task_state_char 1 45839 NULL
+__ip_select_ident_45851 __ip_select_ident 3 45851 NULL
+x509_process_extension_45854 x509_process_extension 5 45854 NULL
@@ -107840,6 +108468,7 @@ index 0000000..3a5b4b5
+irq_domain_add_simple_46734 irq_domain_add_simple 2-3 46734 NULL
+ext4_count_free_46754 ext4_count_free 2 46754 NULL nohasharray
+pte_pfn_46754 pte_pfn 0 46754 &ext4_count_free_46754
++ntfs2utc_46762 ntfs2utc 1 46762 NULL
+hest_ghes_dev_register_46766 hest_ghes_dev_register 1 46766 NULL
+int_hw_irq_en_46776 int_hw_irq_en 3 46776 NULL
+regcache_lzo_sync_46777 regcache_lzo_sync 2 46777 NULL
@@ -107891,6 +108520,7 @@ index 0000000..3a5b4b5
+acpi_ut_initialize_buffer_47143 acpi_ut_initialize_buffer 2 47143 &ses_recv_diag_47143
+mxms_headerlen_47161 mxms_headerlen 0 47161 NULL
+rs_sta_dbgfs_rate_scale_data_read_47165 rs_sta_dbgfs_rate_scale_data_read 3 47165 NULL
++alloc_cpumask_var_node_47167 alloc_cpumask_var_node 3 47167 NULL
+bpf_alloc_binary_47170 bpf_alloc_binary 1 47170 NULL
+rts51x_ms_rw_47171 rts51x_ms_rw 3-4 47171 NULL
+btrfs_del_inode_ref_47181 btrfs_del_inode_ref 0 47181 NULL
@@ -108054,7 +108684,8 @@ index 0000000..3a5b4b5
+tun_recvmsg_48463 tun_recvmsg 4 48463 NULL
+compat_SyS_preadv64_48469 compat_SyS_preadv64 3 48469 NULL
+ipath_format_hwerrors_48487 ipath_format_hwerrors 5 48487 NULL
-+r8712_usbctrl_vendorreq_48489 r8712_usbctrl_vendorreq 6 48489 NULL
++init_section_page_cgroup_48489 init_section_page_cgroup 2 48489 NULL nohasharray
++r8712_usbctrl_vendorreq_48489 r8712_usbctrl_vendorreq 6 48489 &init_section_page_cgroup_48489
+ocfs2_refcount_cow_48495 ocfs2_refcount_cow 3 48495 NULL
+send_control_msg_48498 send_control_msg 6 48498 NULL
+mlx4_en_create_tx_ring_48501 mlx4_en_create_tx_ring 4 48501 NULL
@@ -108095,6 +108726,7 @@ index 0000000..3a5b4b5
+suspend_dtim_interval_write_48854 suspend_dtim_interval_write 3 48854 NULL
+C_SYSC_pwritev64_48864 C_SYSC_pwritev64 3 48864 NULL nohasharray
+viafb_dvp1_proc_write_48864 viafb_dvp1_proc_write 3 48864 &C_SYSC_pwritev64_48864
++ide_port_alloc_devices_48866 ide_port_alloc_devices 2 48866 NULL
+__ffs_ep0_read_events_48868 __ffs_ep0_read_events 3 48868 NULL
+ext2_alloc_branch_48889 ext2_alloc_branch 4 48889 NULL
+crypto_cipher_ctxsize_48890 crypto_cipher_ctxsize 0 48890 NULL
@@ -108355,6 +108987,7 @@ index 0000000..3a5b4b5
+btrfs_search_slot_for_read_50843 btrfs_search_slot_for_read 0 50843 NULL
+self_check_write_50856 self_check_write 0-5 50856 NULL
+carl9170_debugfs_write_50857 carl9170_debugfs_write 3 50857 NULL
++alloc_masks_50861 alloc_masks 3 50861 NULL
+__percpu_counter_init_50878 __percpu_counter_init 0 50878 NULL
+btrfs_insert_inode_ref_50884 btrfs_insert_inode_ref 0 50884 NULL
+SyS_lgetxattr_50889 SyS_lgetxattr 4 50889 NULL
@@ -108451,7 +109084,7 @@ index 0000000..3a5b4b5
+get_new_cssid_51665 get_new_cssid 2 51665 NULL
+ps_upsd_utilization_read_51669 ps_upsd_utilization_read 3 51669 NULL
+sctp_setsockopt_associnfo_51684 sctp_setsockopt_associnfo 3 51684 NULL
-+host_mapping_level_51696 host_mapping_level 2 51696 NULL
++host_mapping_level_51696 host_mapping_level 2-0 51696 NULL
+sel_write_access_51704 sel_write_access 3 51704 NULL
+tty_cdev_add_51714 tty_cdev_add 2-4 51714 NULL
+v9fs_alloc_rdir_buf_51716 v9fs_alloc_rdir_buf 2 51716 NULL
@@ -108481,6 +109114,7 @@ index 0000000..3a5b4b5
+SyS_mq_timedsend_51896 SyS_mq_timedsend 3 51896 NULL nohasharray
+virt_to_phys_51896 virt_to_phys 0 51896 &SyS_mq_timedsend_51896
+commit_fs_roots_51898 commit_fs_roots 0 51898 NULL
++uvhub_to_first_node_51916 uvhub_to_first_node 0 51916 NULL
+wmi_set_ie_51919 wmi_set_ie 3 51919 NULL
+dbg_status_buf_51930 dbg_status_buf 2 51930 NULL
+__tcp_mtu_to_mss_51938 __tcp_mtu_to_mss 0-2 51938 NULL
@@ -108494,6 +109128,7 @@ index 0000000..3a5b4b5
+get_zone_51981 get_zone 0-1 51981 NULL
+ath6kl_sdio_alloc_prep_scat_req_51986 ath6kl_sdio_alloc_prep_scat_req 2 51986 NULL
+_c4iw_write_mem_dma_51991 _c4iw_write_mem_dma 3 51991 NULL
++ntfs_attr_size_51994 ntfs_attr_size 0 51994 NULL
+dwc3_mode_write_51997 dwc3_mode_write 3 51997 NULL
+skb_copy_datagram_from_iovec_52014 skb_copy_datagram_from_iovec 4-2-5 52014 NULL
+rdmalt_52022 rdmalt 0 52022 NULL
@@ -108791,7 +109426,8 @@ index 0000000..3a5b4b5
+setsockopt_54539 setsockopt 5 54539 NULL
+i915_reset_gen7_sol_offsets_54547 i915_reset_gen7_sol_offsets 0 54547 NULL
+lbs_lowsnr_write_54549 lbs_lowsnr_write 3 54549 NULL
-+i915_gem_get_seqno_54555 i915_gem_get_seqno 0 54555 NULL
++ntfs_commit_pages_after_non_resident_write_54555 ntfs_commit_pages_after_non_resident_write 4-3 54555 NULL nohasharray
++i915_gem_get_seqno_54555 i915_gem_get_seqno 0 54555 &ntfs_commit_pages_after_non_resident_write_54555
+btrfs_update_inode_item_54561 btrfs_update_inode_item 0 54561 NULL nohasharray
+SYSC_setsockopt_54561 SYSC_setsockopt 5 54561 &btrfs_update_inode_item_54561
+nfsd_vfs_write_54577 nfsd_vfs_write 6 54577 NULL
@@ -108804,6 +109440,7 @@ index 0000000..3a5b4b5
+dns_resolver_read_54658 dns_resolver_read 3 54658 NULL
+twl6030_interrupt_mask_54659 twl6030_interrupt_mask 2 54659 NULL
+kvm_read_cr3_54662 kvm_read_cr3 0 54662 NULL
++tdp_page_fault_54663 tdp_page_fault 2 54663 NULL
+bus_add_device_54665 bus_add_device 0 54665 NULL
+cw1200_queue_stats_init_54670 cw1200_queue_stats_init 2 54670 NULL
+bio_kmalloc_54672 bio_kmalloc 2 54672 NULL
@@ -108969,6 +109606,7 @@ index 0000000..3a5b4b5
+ceph_get_direct_page_vector_55956 ceph_get_direct_page_vector 2 55956 NULL
+simple_read_from_buffer_55957 simple_read_from_buffer 5-2 55957 NULL
+tx_tx_imm_resp_read_55964 tx_tx_imm_resp_read 3 55964 NULL
++btrfs_clone_55977 btrfs_clone 5-3 55977 NULL
+wa_xfer_create_subset_sg_55992 wa_xfer_create_subset_sg 2-3 55992 NULL
+nvme_alloc_iod_56027 nvme_alloc_iod 1-2 56027 NULL
+dccp_sendmsg_56058 dccp_sendmsg 4 56058 NULL
@@ -109272,6 +109910,7 @@ index 0000000..3a5b4b5
+xfs_iomap_write_delay_58616 xfs_iomap_write_delay 2 58616 NULL
+skb_copy_to_page_nocache_58624 skb_copy_to_page_nocache 6 58624 NULL
+filemap_fdatawrite_range_58630 filemap_fdatawrite_range 0 58630 NULL
++vb2_qbuf_58631 vb2_qbuf 0 58631 NULL
+module_alloc_update_bounds_rx_58634 module_alloc_update_bounds_rx 1 58634 NULL
+tx_tx_start_fw_gen_read_58648 tx_tx_start_fw_gen_read 3 58648 NULL
+ocfs2_block_to_cluster_start_58653 ocfs2_block_to_cluster_start 2 58653 NULL
@@ -109662,6 +110301,7 @@ index 0000000..3a5b4b5
+ipath_user_sdma_pin_pages_62100 ipath_user_sdma_pin_pages 3-5-4 62100 NULL
+jffs2_security_setxattr_62107 jffs2_security_setxattr 4 62107 NULL
+btrfs_direct_IO_62114 btrfs_direct_IO 4 62114 NULL
++ip_recv_error_62117 ip_recv_error 3 62117 NULL
+generic_block_fiemap_62122 generic_block_fiemap 4 62122 NULL
+llc_ui_header_len_62131 llc_ui_header_len 0 62131 NULL
+qib_diag_write_62133 qib_diag_write 3 62133 NULL nohasharray
@@ -109697,6 +110337,7 @@ index 0000000..3a5b4b5
+set_ssp_62411 set_ssp 4 62411 NULL
+mlx4_en_create_rx_ring_62498 mlx4_en_create_rx_ring 3 62498 NULL
+ext_rts51x_sd_execute_read_data_62501 ext_rts51x_sd_execute_read_data 9 62501 NULL
++mtip_get_next_rr_node_62502 mtip_get_next_rr_node 0 62502 NULL
+ocfs2_path_bh_journal_access_62504 ocfs2_path_bh_journal_access 0 62504 NULL
+pep_sendmsg_62524 pep_sendmsg 4 62524 NULL
+test_iso_queue_62534 test_iso_queue 5 62534 NULL nohasharray
@@ -109753,6 +110394,7 @@ index 0000000..3a5b4b5
+agp_create_user_memory_62955 agp_create_user_memory 1 62955 NULL
+send_write_62969 send_write 0-3 62969 NULL
+__ext3_journal_stop_63017 __ext3_journal_stop 0 63017 NULL
++alloc_mem_cgroup_per_zone_info_63024 alloc_mem_cgroup_per_zone_info 2 63024 NULL
+kstrtoull_from_user_63026 kstrtoull_from_user 2 63026 NULL
+PTR_ERR_63033 PTR_ERR 0 63033 NULL nohasharray
+__vb2_perform_fileio_63033 __vb2_perform_fileio 3 63033 &PTR_ERR_63033
@@ -110050,15 +110692,17 @@ index 0000000..3a5b4b5
+il_dbgfs_wd_timeout_write_65464 il_dbgfs_wd_timeout_write 3 65464 NULL
+ext4_es_zeroout_65465 ext4_es_zeroout 0 65465 NULL
+clear_user_65470 clear_user 2 65470 NULL
-+dpcm_state_read_file_65489 dpcm_state_read_file 3 65489 NULL
++__pcibus_to_node_65489 __pcibus_to_node 0 65489 NULL nohasharray
++dpcm_state_read_file_65489 dpcm_state_read_file 3 65489 &__pcibus_to_node_65489
+lookup_inline_extent_backref_65493 lookup_inline_extent_backref 9-0 65493 NULL
++qib_create_ctxtdata_65497 qib_create_ctxtdata 3 65497 NULL
+nvme_trans_standard_inquiry_page_65526 nvme_trans_standard_inquiry_page 4 65526 NULL
diff --git a/tools/gcc/size_overflow_plugin.c b/tools/gcc/size_overflow_plugin.c
new file mode 100644
-index 0000000..a3f9702
+index 0000000..5515dcb
--- /dev/null
+++ b/tools/gcc/size_overflow_plugin.c
-@@ -0,0 +1,3870 @@
+@@ -0,0 +1,3927 @@
+/*
+ * Copyright 2011, 2012, 2013 by Emese Revfy <re.emese@gmail.com>
+ * Licensed under the GPL v2, or (at your option) v3
@@ -110119,6 +110763,10 @@ index 0000000..a3f9702
+#define MIN_CHECK true
+#define MAX_CHECK false
+
++#define TURN_OFF_ASM_STR "# size_overflow MARK_TURN_OFF\n\t"
++#define YES_ASM_STR "# size_overflow MARK_YES\n\t"
++#define OK_ASM_STR "# size_overflow\n\t"
++
+#if BUILDING_GCC_VERSION == 4005
+#define DECL_CHAIN(NODE) (TREE_CHAIN(DECL_MINIMAL_CHECK(NODE)))
+#endif
@@ -110184,7 +110832,7 @@ index 0000000..a3f9702
+static tree dup_assign(struct pointer_set_t *visited, gimple oldstmt, const_tree node, tree rhs1, tree rhs2, tree __unused rhs3);
+
+static struct plugin_info size_overflow_plugin_info = {
-+ .version = "20131203beta",
++ .version = "20131214beta",
+ .help = "no-size-overflow\tturn off size overflow checking\n",
+};
+
@@ -111398,11 +112046,16 @@ index 0000000..a3f9702
+
+ cast_rhs_type = TREE_TYPE(cast_rhs);
+ type_max_type = TREE_TYPE(type_max);
-+ type_min_type = TREE_TYPE(type_min);
+ gcc_assert(types_compatible_p(cast_rhs_type, type_max_type));
-+ gcc_assert(types_compatible_p(type_max_type, type_min_type));
+
+ insert_check_size_overflow(caller_node, stmt, GT_EXPR, cast_rhs, type_max, before, MAX_CHECK);
++
++ // special case: get_size_overflow_type(), 32, u64->s
++ if (LONG_TYPE_SIZE == GET_MODE_BITSIZE(SImode) && TYPE_UNSIGNED(size_overflow_type) && !TYPE_UNSIGNED(rhs_type))
++ return;
++
++ type_min_type = TREE_TYPE(type_min);
++ gcc_assert(types_compatible_p(type_max_type, type_min_type));
+ insert_check_size_overflow(caller_node, stmt, LT_EXPR, cast_rhs, type_min, before, MIN_CHECK);
+}
+
@@ -111670,7 +112323,7 @@ index 0000000..a3f9702
+ break;
+ case DImode:
+ if (LONG_TYPE_SIZE == GET_MODE_BITSIZE(SImode))
-+ new_type = intDI_type_node;
++ new_type = TYPE_UNSIGNED(type) ? unsigned_intDI_type_node : intDI_type_node;
+ else
+ new_type = intTI_type_node;
+ break;
@@ -112252,36 +112905,43 @@ index 0000000..a3f9702
+ return false;
+}
+
++static const char *get_asm_string(const_gimple stmt)
++{
++ if (!stmt)
++ return NULL;
++ if (gimple_code(stmt) != GIMPLE_ASM)
++ return NULL;
++
++ return gimple_asm_string(stmt);
++}
++
+static bool is_size_overflow_intentional_asm_turn_off(const_gimple stmt)
+{
+ const char *str;
+
-+ if (!stmt)
++ str = get_asm_string(stmt);
++ if (!str)
+ return false;
-+
-+ str = gimple_asm_string(stmt);
-+ return !strcmp(str, "# size_overflow MARK_TURN_OFF\n\t");
++ return !strcmp(str, TURN_OFF_ASM_STR);
+}
+
+static bool is_size_overflow_intentional_asm_yes(const_gimple stmt)
+{
+ const char *str;
+
-+ if (!stmt)
++ str = get_asm_string(stmt);
++ if (!str)
+ return false;
-+
-+ str = gimple_asm_string(stmt);
-+ return !strcmp(str, "# size_overflow MARK_YES\n\t");
++ return !strcmp(str, YES_ASM_STR);
+}
+
+static bool is_size_overflow_asm(const_gimple stmt)
+{
+ const char *str;
+
-+ if (!stmt)
++ str = get_asm_string(stmt);
++ if (!str)
+ return false;
-+
-+ str = gimple_asm_string(stmt);
+ return !strncmp(str, "# size_overflow", 15);
+}
+
@@ -112370,8 +113030,6 @@ index 0000000..a3f9702
+ */
+static bool is_intentional_attribute_from_gimple(struct interesting_node *cur_node)
+{
-+ const_tree input, output;
-+
+ if (!cur_node->intentional_mark_from_gimple)
+ return false;
+
@@ -112383,10 +113041,6 @@ index 0000000..a3f9702
+ // skip param decls
+ if (gimple_asm_noutputs(cur_node->intentional_mark_from_gimple) == 0)
+ return true;
-+ input = gimple_asm_input_op(cur_node->intentional_mark_from_gimple, 0);
-+ output = gimple_asm_output_op(cur_node->intentional_mark_from_gimple, 0);
-+
-+ replace_size_overflow_asm_with_assign(cur_node->intentional_mark_from_gimple, TREE_VALUE(output), TREE_VALUE(input));
+ return true;
+}
+
@@ -112399,6 +113053,9 @@ index 0000000..a3f9702
+{
+ const_tree fndecl;
+
++ if (is_intentional_attribute_from_gimple(cur_node))
++ return;
++
+ if (is_turn_off_intentional_attr(DECL_ORIGIN(current_function_decl))) {
+ cur_node->intentional_attr_cur_fndecl = MARK_TURN_OFF;
+ return;
@@ -112423,9 +113080,6 @@ index 0000000..a3f9702
+ else if (is_yes_intentional_attr(fndecl, cur_node->num))
+ cur_node->intentional_attr_decl = MARK_YES;
+
-+ if (is_intentional_attribute_from_gimple(cur_node))
-+ return;
-+
+ cur_node->intentional_attr_cur_fndecl = search_last_nodes_intentional(cur_node);
+ print_missing_intentional(cur_node->intentional_attr_decl, cur_node->intentional_attr_cur_fndecl, cur_node->fndecl, cur_node->num);
+}
@@ -112511,13 +113165,8 @@ index 0000000..a3f9702
+// a size_overflow asm stmt in the control flow doesn't stop the recursion
+static void handle_asm_stmt(struct pointer_set_t *visited, struct interesting_node *cur_node, tree lhs, const_gimple stmt)
+{
-+ const_tree asm_lhs;
-+
+ if (!is_size_overflow_asm(stmt))
-+ return walk_use_def(visited, cur_node, SSA_NAME_VAR(lhs));
-+
-+ asm_lhs = gimple_asm_input_op(stmt, 0);
-+ walk_use_def(visited, cur_node, TREE_VALUE(asm_lhs));
++ walk_use_def(visited, cur_node, SSA_NAME_VAR(lhs));
+}
+
+/* collect the parm_decls and fndecls (for checking a missing size_overflow attribute (ret or arg) or intentional_overflow)
@@ -112578,39 +113227,58 @@ index 0000000..a3f9702
+ pointer_set_destroy(visited);
+}
+
-+/* This function calls the main recursion function (expand) that duplicates the stmts. Before that it checks the intentional_overflow attribute and asm stmts,
-+ * it decides whether the duplication is necessary or not and it searches for missing size_overflow attributes. After expand() it changes the orig node to the duplicated node
-+ * in the original stmt (first stmt) and it inserts the overflow check for the arg of the callee or for the return value.
-+ * If there is a mark_turn_off intentional attribute on the caller or the callee then there is no duplication and missing size_overflow attribute check anywhere.
++enum precond {
++ NO_ATTRIBUTE_SEARCH, NO_CHECK_INSERT, NONE
++};
++
++/* If there is a mark_turn_off intentional attribute on the caller or the callee then there is no duplication and missing size_overflow attribute check anywhere.
+ * There is only missing size_overflow attribute checking if the intentional_overflow attribute is the mark_no type.
+ * Stmt duplication is unnecessary if there are no binary/ternary assignements or if the unary assignment isn't a cast.
+ * It skips the possible error codes too. If the def_stmts trace back to a constant and there are no binary/ternary assigments then we assume that it is some kind of error code.
+ */
-+static struct next_cgraph_node *handle_interesting_stmt(struct next_cgraph_node *cnodes, struct interesting_node *cur_node, struct cgraph_node *caller_node)
++static enum precond check_preconditions(struct interesting_node *cur_node)
+{
-+ struct pointer_set_t *visited;
+ bool interesting_conditions[3] = {false, false, false};
-+ tree new_node, orig_node = cur_node->node;
+
+ set_last_nodes(cur_node);
+
+ check_intentional_attribute_ipa(cur_node);
+ if (cur_node->intentional_attr_decl == MARK_TURN_OFF || cur_node->intentional_attr_cur_fndecl == MARK_TURN_OFF)
-+ return cnodes;
++ return NO_ATTRIBUTE_SEARCH;
+
+ search_interesting_conditions(cur_node, interesting_conditions);
+
+ // error code
+ if (interesting_conditions[CAST] && interesting_conditions[FROM_CONST] && !interesting_conditions[NOT_UNARY])
-+ return cnodes;
++ return NO_ATTRIBUTE_SEARCH;
+
-+ cnodes = search_overflow_attribute(cnodes, cur_node);
++ // unnecessary overflow check
++ if (!interesting_conditions[CAST] && !interesting_conditions[NOT_UNARY])
++ return NO_CHECK_INSERT;
+
+ if (cur_node->intentional_attr_cur_fndecl != MARK_NO)
++ return NO_CHECK_INSERT;
++
++ return NONE;
++}
++
++/* This function calls the main recursion function (expand) that duplicates the stmts. Before that it checks the intentional_overflow attribute and asm stmts,
++ * it decides whether the duplication is necessary or not and it searches for missing size_overflow attributes. After expand() it changes the orig node to the duplicated node
++ * in the original stmt (first stmt) and it inserts the overflow check for the arg of the callee or for the return value.
++ */
++static struct next_cgraph_node *handle_interesting_stmt(struct next_cgraph_node *cnodes, struct interesting_node *cur_node, struct cgraph_node *caller_node)
++{
++ enum precond ret;
++ struct pointer_set_t *visited;
++ tree new_node, orig_node = cur_node->node;
++
++ ret = check_preconditions(cur_node);
++ if (ret == NO_ATTRIBUTE_SEARCH)
+ return cnodes;
+
-+ // unnecessary overflow check
-+ if (!interesting_conditions[CAST] && !interesting_conditions[NOT_UNARY])
++ cnodes = search_overflow_attribute(cnodes, cur_node);
++
++ if (ret == NO_CHECK_INSERT)
+ return cnodes;
+
+ visited = pointer_set_create();
@@ -112822,9 +113490,6 @@ index 0000000..a3f9702
+ imm_use_iterator imm_iter;
+ unsigned int argnum;
+
-+ if (is_size_overflow_intentional_asm_turn_off(intentional_asm))
-+ return head;
-+
+ gcc_assert(TREE_CODE(node) == SSA_NAME);
+
+ if (pointer_set_insert(visited, node))
@@ -112879,8 +113544,6 @@ index 0000000..a3f9702
+ gimple_stmt_iterator gsi;
+ tree input, output;
+
-+ if (gimple_code(stmt) != GIMPLE_ASM)
-+ return;
+ if (!is_size_overflow_asm(stmt))
+ return;
+
@@ -112913,13 +113576,19 @@ index 0000000..a3f9702
+
+ gcc_assert(gimple_asm_ninputs(stmt) == 1);
+
++ if (gimple_asm_noutputs(stmt) == 0 && is_size_overflow_intentional_asm_turn_off(stmt))
++ return head;
++
+ if (gimple_asm_noutputs(stmt) == 0) {
-+ const_tree input = gimple_asm_input_op(stmt, 0);
++ const_tree input;
++
++ if (!is_size_overflow_intentional_asm_turn_off(stmt))
++ return head;
+
++ input = gimple_asm_input_op(stmt, 0);
+ remove_size_overflow_asm(stmt);
+ if (is_gimple_constant(TREE_VALUE(input)))
+ return head;
-+
+ visited = pointer_set_create();
+ head = get_interesting_ret_or_call(visited, head, TREE_VALUE(input), intentional_asm);
+ pointer_set_destroy(visited);
@@ -113326,6 +113995,9 @@ index 0000000..a3f9702
+ case GIMPLE_NOP:
+ return search_intentional(visited, SSA_NAME_VAR(lhs));
+ case GIMPLE_ASM:
++ if (is_size_overflow_intentional_asm_turn_off(def_stmt))
++ return MARK_TURN_OFF;
++ return MARK_NO;
+ case GIMPLE_CALL:
+ return MARK_NO;
+ case GIMPLE_PHI:
@@ -113347,10 +114019,9 @@ index 0000000..a3f9702
+}
+
+// Check the intentional_overflow attribute and create the asm comment string for the size_overflow asm stmt.
-+static const char *check_intentional_attribute_gimple(const_tree arg, const_gimple stmt, unsigned int argnum)
++static enum mark check_intentional_attribute_gimple(const_tree arg, const_gimple stmt, unsigned int argnum)
+{
+ const_tree fndecl;
-+ const char *asm_str;
+ struct pointer_set_t *visited;
+ enum mark cur_fndecl_attr, decl_attr = MARK_NO;
+
@@ -113360,7 +114031,7 @@ index 0000000..a3f9702
+ else if (is_yes_intentional_attr(fndecl, argnum))
+ decl_attr = MARK_YES;
+ else if (is_turn_off_intentional_attr(fndecl) || is_turn_off_intentional_attr(DECL_ORIGIN(current_function_decl))) {
-+ return "# size_overflow MARK_TURN_OFF\n\t";
++ return MARK_TURN_OFF;
+ }
+
+ visited = pointer_set_create();
@@ -113369,18 +114040,13 @@ index 0000000..a3f9702
+
+ switch (cur_fndecl_attr) {
+ case MARK_NO:
-+ asm_str = "# size_overflow\n\t";
-+ break;
++ return MARK_NO;
+ case MARK_TURN_OFF:
-+ asm_str = "# size_overflow MARK_TURN_OFF\n\t";
-+ break;
++ return MARK_TURN_OFF;
+ default:
-+ asm_str = "# size_overflow MARK_YES\n\t";
+ print_missing_intentional(decl_attr, cur_fndecl_attr, fndecl, argnum);
-+ break;
++ return MARK_YES;
+ }
-+
-+ return asm_str;
+}
+
+static void check_missing_size_overflow_attribute(tree var)
@@ -113516,6 +114182,21 @@ index 0000000..a3f9702
+ update_stmt(stmt);
+}
+
++static const char *convert_mark_to_str(enum mark mark)
++{
++ switch (mark) {
++ case MARK_NO:
++ return OK_ASM_STR;
++ case MARK_YES:
++ case MARK_NOT_INTENTIONAL:
++ return YES_ASM_STR;
++ case MARK_TURN_OFF:
++ return TURN_OFF_ASM_STR;
++ }
++
++ gcc_unreachable();
++}
++
+/* Create the input of the size_overflow asm stmt.
+ * When the arg of the callee function is a parm_decl it creates this kind of size_overflow asm stmt:
+ * __asm__("# size_overflow MARK_YES" : : "rm" size_1(D));
@@ -113529,6 +114210,8 @@ index 0000000..a3f9702
+ return;
+ }
+
++ gcc_assert(!is_size_overflow_intentional_asm_turn_off(asm_data->def_stmt));
++
+ asm_data->input = create_new_var(TREE_TYPE(asm_data->output));
+ asm_data->input = make_ssa_name(asm_data->input, asm_data->def_stmt);
+
@@ -113541,7 +114224,11 @@ index 0000000..a3f9702
+ create_output_from_phi(stmt, argnum, asm_data);
+ break;
+ case GIMPLE_NOP: {
-+ const char *str = check_intentional_attribute_gimple(asm_data->output, stmt, argnum);
++ enum mark mark;
++ const char *str;
++
++ mark = check_intentional_attribute_gimple(asm_data->output, stmt, argnum);
++ str = convert_mark_to_str(mark);
+
+ asm_data->input = asm_data->output;
+ asm_data->output = NULL;
@@ -113571,19 +114258,24 @@ index 0000000..a3f9702
+{
+ struct asm_data asm_data;
+ const char *str;
++ enum mark mark;
+
+ if (is_gimple_constant(output_node))
+ return;
+
++ asm_data.output = output_node;
++ mark = check_intentional_attribute_gimple(asm_data.output, stmt, argnum);
++ if (mark == MARK_TURN_OFF)
++ return;
++
+ search_missing_size_overflow_attribute_gimple(stmt, argnum);
+
-+ asm_data.output = output_node;
+ asm_data.def_stmt = get_def_stmt(asm_data.output);
+ create_asm_input(stmt, argnum, &asm_data);
+ if (asm_data.input == NULL_TREE)
+ return;
+
-+ str = check_intentional_attribute_gimple(asm_data.output, stmt, argnum);
++ str = convert_mark_to_str(mark);
+ create_asm_stmt(str, build_string(1, "0"), build_string(3, "=rm"), &asm_data);
+}
+
@@ -113680,16 +114372,22 @@ index 0000000..a3f9702
+ if (mark != MARK_TURN_OFF)
+ return false;
+
-+ asm_data.input = gimple_call_lhs(stmt);
-+ if (asm_data.input == NULL_TREE) {
++ asm_data.def_stmt = stmt;
++ asm_data.output = gimple_call_lhs(stmt);
++
++ if (asm_data.output == NULL_TREE) {
+ asm_data.input = gimple_call_arg(stmt, 0);
+ if (is_gimple_constant(asm_data.input))
+ return false;
++ asm_data.output = NULL;
++ create_asm_stmt(TURN_OFF_ASM_STR, build_string(2, "rm"), NULL, &asm_data);
++ return true;
+ }
+
-+ asm_data.output = NULL;
-+ asm_data.def_stmt = stmt;
-+ create_asm_stmt("# size_overflow MARK_TURN_OFF\n\t", build_string(2, "rm"), NULL, &asm_data);
++ create_asm_input(stmt, 0, &asm_data);
++ gcc_assert(asm_data.input != NULL_TREE);
++
++ create_asm_stmt(TURN_OFF_ASM_STR, build_string(1, "0"), build_string(3, "=rm"), &asm_data);
+ return true;
+}
+
@@ -113739,6 +114437,9 @@ index 0000000..a3f9702
+ for (gsi = gsi_start_bb(bb); !gsi_end_p(gsi); gsi_next(&gsi)) {
+ gimple stmt = gsi_stmt(gsi);
+
++ if (is_size_overflow_asm(stmt))
++ continue;
++
+ if (is_gimple_call(stmt))
+ handle_interesting_function(stmt);
+ else if (gimple_code(stmt) == GIMPLE_RETURN)
@@ -114588,7 +115289,7 @@ index 96b919d..c49bb74 100644
+
#endif
diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c
-index 1cf9ccb..b9236e2 100644
+index aac732d..bc87a5d 100644
--- a/virt/kvm/kvm_main.c
+++ b/virt/kvm/kvm_main.c
@@ -75,12 +75,17 @@ LIST_HEAD(vm_list);
@@ -114620,7 +115321,27 @@ index 1cf9ccb..b9236e2 100644
(void __user *)(unsigned long)mem->userspace_addr,
mem->memory_size)))
goto out;
-@@ -1867,7 +1872,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
+@@ -1613,8 +1618,17 @@ EXPORT_SYMBOL_GPL(kvm_read_guest_cached);
+
+ int kvm_clear_guest_page(struct kvm *kvm, gfn_t gfn, int offset, int len)
+ {
+- return kvm_write_guest_page(kvm, gfn, (const void *) empty_zero_page,
+- offset, len);
++ int r;
++ unsigned long addr;
++
++ addr = gfn_to_hva(kvm, gfn);
++ if (kvm_is_error_hva(addr))
++ return -EFAULT;
++ r = __clear_user((void __user *)addr + offset, len);
++ if (r)
++ return -EFAULT;
++ mark_page_dirty(kvm, gfn);
++ return 0;
+ }
+ EXPORT_SYMBOL_GPL(kvm_clear_guest_page);
+
+@@ -1867,7 +1881,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp)
return 0;
}
@@ -114629,7 +115350,7 @@ index 1cf9ccb..b9236e2 100644
.release = kvm_vcpu_release,
.unlocked_ioctl = kvm_vcpu_ioctl,
#ifdef CONFIG_COMPAT
-@@ -2550,7 +2555,7 @@ static int kvm_vm_mmap(struct file *file, struct vm_area_struct *vma)
+@@ -2553,7 +2567,7 @@ static int kvm_vm_mmap(struct file *file, struct vm_area_struct *vma)
return 0;
}
@@ -114638,7 +115359,7 @@ index 1cf9ccb..b9236e2 100644
.release = kvm_vm_release,
.unlocked_ioctl = kvm_vm_ioctl,
#ifdef CONFIG_COMPAT
-@@ -2651,7 +2656,7 @@ out:
+@@ -2654,7 +2668,7 @@ out:
return r;
}
@@ -114647,7 +115368,7 @@ index 1cf9ccb..b9236e2 100644
.unlocked_ioctl = kvm_dev_ioctl,
.compat_ioctl = kvm_dev_ioctl,
.llseek = noop_llseek,
-@@ -2677,7 +2682,7 @@ static void hardware_enable_nolock(void *junk)
+@@ -2680,7 +2694,7 @@ static void hardware_enable_nolock(void *junk)
if (r) {
cpumask_clear_cpu(cpu, cpus_hardware_enabled);
@@ -114656,7 +115377,7 @@ index 1cf9ccb..b9236e2 100644
printk(KERN_INFO "kvm: enabling virtualization on "
"CPU%d failed\n", cpu);
}
-@@ -2731,10 +2736,10 @@ static int hardware_enable_all(void)
+@@ -2734,10 +2748,10 @@ static int hardware_enable_all(void)
kvm_usage_count++;
if (kvm_usage_count == 1) {
@@ -114669,7 +115390,7 @@ index 1cf9ccb..b9236e2 100644
hardware_disable_all_nolock();
r = -EBUSY;
}
-@@ -3168,7 +3173,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
+@@ -3171,7 +3185,7 @@ static void kvm_sched_out(struct preempt_notifier *pn,
kvm_arch_vcpu_put(vcpu);
}
@@ -114678,7 +115399,7 @@ index 1cf9ccb..b9236e2 100644
struct module *module)
{
int r;
-@@ -3215,7 +3220,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3218,7 +3232,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (!vcpu_align)
vcpu_align = __alignof__(struct kvm_vcpu);
kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align,
@@ -114687,7 +115408,7 @@ index 1cf9ccb..b9236e2 100644
if (!kvm_vcpu_cache) {
r = -ENOMEM;
goto out_free_3;
-@@ -3225,9 +3230,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3228,9 +3242,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
if (r)
goto out_free;
@@ -114699,7 +115420,7 @@ index 1cf9ccb..b9236e2 100644
r = misc_register(&kvm_dev);
if (r) {
-@@ -3237,9 +3244,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
+@@ -3240,9 +3256,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align,
register_syscore_ops(&kvm_syscore_ops);