Grsec/PaX: 2.9.1-{3.2.47,3.9.7}-20130623144320130623

author: Anthony G. Basile <blueness@gentoo.org> 2013-06-24 08:03:43 -0400
committer: Anthony G. Basile <blueness@gentoo.org> 2013-06-24 08:03:43 -0400
commit: 74cd2f49da1b5d3cb08a010a3d1151e2936abf8f (patch)
tree: 9fd4008ee0a8806f120e2b4b4cc939bd85974bfc /3.2.47
parent: Grsec/PaX: 2.9.1-{2.6.32.61,3.2.47,3.9.6}-201306182033 (diff)
download: hardened-patchset-20130623.tar.gz
hardened-patchset-20130623.tar.bz2
hardened-patchset-20130623.zip
2 files changed, 822 insertions, 160 deletions
diff --git a/3.2.47/0000_README b/3.2.47/0000_README
index 2a74306..b9aefff 100644
--- a/3.2.47/0000_README
+++ b/3.2.47/0000_README
@@ -106,7 +106,7 @@ Patch:	1046_linux-3.2.47.patch
 From:	http://www.kernel.org
 Desc:	Linux 3.2.47
 
-Patch:	4420_grsecurity-2.9.1-3.2.47-201306191807.patch
+Patch:	4420_grsecurity-2.9.1-3.2.47-201306231441.patch
 From:	http://www.grsecurity.net
 Desc:	hardened-sources base patch from upstream grsecurity
 
diff --git a/3.2.47/4420_grsecurity-2.9.1-3.2.47-201306191807.patch b/3.2.47/4420_grsecurity-2.9.1-3.2.47-201306231441.patch
index 579f1c1..548030a 100644
--- a/3.2.47/4420_grsecurity-2.9.1-3.2.47-201306191807.patch
+++ b/3.2.47/4420_grsecurity-2.9.1-3.2.47-201306231441.patch
@@ -1,5 +1,5 @@
 diff --git a/Documentation/dontdiff b/Documentation/dontdiff
-index dfa6fc6..fad9813 100644
+index dfa6fc6..be27ac3 100644
 --- a/Documentation/dontdiff
 +++ b/Documentation/dontdiff
 @@ -2,9 +2,11 @@
@@ -41,7 +41,7 @@ index dfa6fc6..fad9813 100644
  .*.d
  .mm
  53c700_d.h
-@@ -70,6 +76,7 @@ Kerntypes
+@@ -70,9 +76,11 @@ Kerntypes
  Module.markers
  Module.symvers
  PENDING
@@ -49,7 +49,11 @@ index dfa6fc6..fad9813 100644
  SCCS
  System.map*
  TAGS
-@@ -81,6 +88,7 @@ aic7*seq.h*
++TRACEEVENT-CFLAGS
+ aconf
+ af_names.h
+ aic7*reg.h*
+@@ -81,6 +89,7 @@ aic7*seq.h*
  aicasm
  aicdb.h*
  altivec*.c
@@ -57,7 +61,7 @@ index dfa6fc6..fad9813 100644
  asm-offsets.h
  asm_offsets.h
  autoconf.h*
-@@ -93,19 +101,24 @@ bounds.h
+@@ -93,19 +102,24 @@ bounds.h
  bsetup
  btfixupprep
  build
@@ -82,7 +86,7 @@ index dfa6fc6..fad9813 100644
  conmakehash
  consolemap_deftbl.c*
  cpustr.h
-@@ -116,9 +129,11 @@ devlist.h*
+@@ -116,9 +130,11 @@ devlist.h*
  dnotify_test
  docproc
  dslm
@@ -94,7 +98,7 @@ index dfa6fc6..fad9813 100644
  fixdep
  flask.h
  fore200e_mkfirm
-@@ -126,12 +141,15 @@ fore200e_pca_fw.c*
+@@ -126,12 +142,15 @@ fore200e_pca_fw.c*
  gconf
  gconf.glade.h
  gen-devlist
@@ -110,7 +114,7 @@ index dfa6fc6..fad9813 100644
  hpet_example
  hugepage-mmap
  hugepage-shm
-@@ -146,7 +164,7 @@ int32.c
+@@ -146,7 +165,7 @@ int32.c
  int4.c
  int8.c
  kallsyms
@@ -119,7 +123,7 @@ index dfa6fc6..fad9813 100644
  keywords.c
  ksym.c*
  ksym.h*
-@@ -154,7 +172,7 @@ kxgettext
+@@ -154,7 +173,7 @@ kxgettext
  lkc_defs.h
  lex.c
  lex.*.c
@@ -128,7 +132,7 @@ index dfa6fc6..fad9813 100644
  logo_*.c
  logo_*_clut224.c
  logo_*_mono.c
-@@ -166,14 +184,15 @@ machtypes.h
+@@ -166,14 +185,15 @@ machtypes.h
  map
  map_hugetlb
  maui_boot.h
@@ -145,7 +149,7 @@ index dfa6fc6..fad9813 100644
  mkprep
  mkregtable
  mktables
-@@ -209,6 +228,7 @@ r300_reg_safe.h
+@@ -209,6 +229,7 @@ r300_reg_safe.h
  r420_reg_safe.h
  r600_reg_safe.h
  recordmcount
@@ -153,7 +157,7 @@ index dfa6fc6..fad9813 100644
  relocs
  rlim_names.h
  rn50_reg_safe.h
-@@ -218,7 +238,10 @@ series
+@@ -218,7 +239,10 @@ series
  setup
  setup.bin
  setup.elf
@@ -164,7 +168,7 @@ index dfa6fc6..fad9813 100644
  sm_tbl*
  split-include
  syscalltab.h
-@@ -229,6 +252,7 @@ tftpboot.img
+@@ -229,6 +253,7 @@ tftpboot.img
  timeconst.h
  times.h*
  trix_boot.h
@@ -172,7 +176,7 @@ index dfa6fc6..fad9813 100644
  utsrelease.h*
  vdso-syms.lds
  vdso.lds
-@@ -246,7 +270,9 @@ vmlinux
+@@ -246,7 +271,9 @@ vmlinux
  vmlinux-*
  vmlinux.aout
  vmlinux.bin.all
@@ -182,7 +186,7 @@ index dfa6fc6..fad9813 100644
  vmlinuz
  voffset.h
  vsyscall.lds
-@@ -254,9 +280,12 @@ vsyscall_32.lds
+@@ -254,9 +281,12 @@ vsyscall_32.lds
  wanxlfw.inc
  uImage
  unifdef
@@ -15634,7 +15638,7 @@ index 0e89635..f0a7525 100644
  };
  
 diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c
-index 3b67877..bf490b9 100644
+index 3b67877..77e760c 100644
 --- a/arch/x86/kernel/cpu/mcheck/mce.c
 +++ b/arch/x86/kernel/cpu/mcheck/mce.c
 @@ -42,6 +42,7 @@
@@ -15685,6 +15689,15 @@ index 3b67877..bf490b9 100644
  			return;
  	}
  	/* First print corrected ones that are still unlogged */
+@@ -307,7 +308,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp)
+ 	if (!fake_panic) {
+ 		if (panic_timeout == 0)
+ 			panic_timeout = mce_panic_timeout;
+-		panic(msg);
++		panic("%s", msg);
+ 	} else
+ 		pr_emerg(HW_ERR "Fake kernel panic: %s\n", msg);
+ }
 @@ -616,7 +617,7 @@ static int mce_timed_out(u64 *t)
  	 * might have been modified by someone else.
  	 */
@@ -15901,6 +15914,19 @@ index 13ad899..f642b9a 100644
  		crash_fixup_ss_esp(&fixed_regs, regs);
  		regs = &fixed_regs;
  	}
+diff --git a/arch/x86/kernel/crash_dump_64.c b/arch/x86/kernel/crash_dump_64.c
+index afa64ad..dce67dd 100644
+--- a/arch/x86/kernel/crash_dump_64.c
++++ b/arch/x86/kernel/crash_dump_64.c
+@@ -36,7 +36,7 @@ ssize_t copy_oldmem_page(unsigned long pfn, char *buf,
+ 		return -ENOMEM;
+ 
+ 	if (userbuf) {
+-		if (copy_to_user(buf, vaddr + offset, csize)) {
++		if (copy_to_user((char __force_user *)buf, vaddr + offset, csize)) {
+ 			iounmap(vaddr);
+ 			return -EFAULT;
+ 		}
 diff --git a/arch/x86/kernel/doublefault_32.c b/arch/x86/kernel/doublefault_32.c
 index 37250fe..bf2ec74 100644
 --- a/arch/x86/kernel/doublefault_32.c
@@ -16291,6 +16317,21 @@ index 6d728d9..80f1867 100644
 +}
 +EXPORT_SYMBOL(pax_check_alloca);
 +#endif
+diff --git a/arch/x86/kernel/e820.c b/arch/x86/kernel/e820.c
+index 303a0e4..0aad351 100644
+--- a/arch/x86/kernel/e820.c
++++ b/arch/x86/kernel/e820.c
+@@ -829,8 +829,8 @@ unsigned long __init e820_end_of_low_ram_pfn(void)
+ 
+ static void early_panic(char *msg)
+ {
+-	early_printk(msg);
+-	panic(msg);
++	early_printk("%s", msg);
++	panic("%s", msg);
+ }
+ 
+ static int userdef __initdata;
 diff --git a/arch/x86/kernel/early_printk.c b/arch/x86/kernel/early_printk.c
 index cd28a35..c72ed9a 100644
 --- a/arch/x86/kernel/early_printk.c
@@ -17115,7 +17156,7 @@ index d2d488b8..a4f589f 100644
  
  /*
 diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S
-index 6274f5f..7342ebb 100644
+index 6274f5f..7157a62 100644
 --- a/arch/x86/kernel/entry_64.S
 +++ b/arch/x86/kernel/entry_64.S
 @@ -55,6 +55,8 @@
@@ -17191,7 +17232,7 @@ index 6274f5f..7342ebb 100644
  	jmp *%rdi
  #endif
  
-@@ -178,6 +186,282 @@ ENTRY(native_usergs_sysret64)
+@@ -178,6 +186,311 @@ ENTRY(native_usergs_sysret64)
  ENDPROC(native_usergs_sysret64)
  #endif /* CONFIG_PARAVIRT */
  
@@ -17299,7 +17340,9 @@ index 6274f5f..7342ebb 100644
 +#endif
 +#ifdef CONFIG_PAX_RANDKSTACK
 +	pushq %rax
++	pushq %r11
 +	call pax_randomize_kstack
++	popq %r11
 +	popq %rax
 +#endif
 +	.endm
@@ -17362,10 +17405,10 @@ index 6274f5f..7342ebb 100644
 +ENDPROC(pax_enter_kernel_user)
 +
 +ENTRY(pax_exit_kernel_user)
-+	push %rdi
++	pushq %rdi
++	pushq %rbx
 +
 +#ifdef CONFIG_PARAVIRT
-+	pushq %rbx
 +	PV_SAVE_REGS(CLBR_RDI)
 +#endif
 +
@@ -17377,13 +17420,14 @@ index 6274f5f..7342ebb 100644
 +#endif
 +
 +	GET_CR3_INTO_RDI
-+	add $__START_KERNEL_map,%rdi
-+	sub phys_base(%rip),%rdi
++	mov %rdi,%rbx
++	add $__START_KERNEL_map,%rbx
++	sub phys_base(%rip),%rbx
 +
 +#ifdef CONFIG_PARAVIRT
++	pushq %rdi
 +	cmpl $0, pv_info+PARAVIRT_enabled
 +	jz 1f
-+	mov %rdi,%rbx
 +	i = 0
 +	.rept USER_PGD_PTRS
 +	mov i*8(%rbx),%rsi
@@ -17392,21 +17436,23 @@ index 6274f5f..7342ebb 100644
 +	call PARA_INDIRECT(pv_mmu_ops+PV_MMU_set_pgd_batched)
 +	i = i + 1
 +	.endr
++	popq %rdi
++	PV_RESTORE_REGS(CLBR_RDI)
 +	jmp 2f
 +1:
 +#endif
 +
 +	i = 0
 +	.rept USER_PGD_PTRS
-+	movb $0x67,i*8(%rdi)
++	movb $0x67,i*8(%rbx)
 +	i = i + 1
 +	.endr
 +
 +#ifdef CONFIG_PARAVIRT
-+2:	PV_RESTORE_REGS(CLBR_RDI)
-+	popq %rbx
++2:
 +#endif
 +
++	popq %rbx
 +	popq %rdi
 +	pax_force_retaddr
 +	retq
@@ -17415,6 +17461,30 @@ index 6274f5f..7342ebb 100644
 +ENDPROC(pax_exit_kernel_user)
 +#endif
 +
++	.macro pax_enter_kernel_nmi
++	pax_set_fptr_mask
++
++#ifdef CONFIG_PAX_KERNEXEC
++	GET_CR0_INTO_RDI
++	bts $16,%rdi
++	SET_RDI_INTO_CR0
++	jc 110f
++	or $2,%ebx
++110:
++#endif
++	.endm
++
++	.macro pax_exit_kernel_nmi
++#ifdef CONFIG_PAX_KERNEXEC
++	test $2,%ebx
++	jz 110f
++	GET_CR0_INTO_RDI
++	btr $16,%rdi
++	SET_RDI_INTO_CR0
++110:
++#endif
++	.endm
++
 +.macro pax_erase_kstack
 +#ifdef CONFIG_PAX_MEMORY_STACKLEAK
 +	call pax_erase_kstack
@@ -17474,7 +17544,7 @@ index 6274f5f..7342ebb 100644
  
  .macro TRACE_IRQS_IRETQ offset=ARGOFFSET
  #ifdef CONFIG_TRACE_IRQFLAGS
-@@ -231,8 +515,8 @@ ENDPROC(native_usergs_sysret64)
+@@ -231,8 +544,8 @@ ENDPROC(native_usergs_sysret64)
  	.endm
  
  	.macro UNFAKE_STACK_FRAME
@@ -17485,7 +17555,7 @@ index 6274f5f..7342ebb 100644
  	.endm
  
  /*
-@@ -319,7 +603,7 @@ ENDPROC(native_usergs_sysret64)
+@@ -319,7 +632,7 @@ ENDPROC(native_usergs_sysret64)
  	movq %rsp, %rsi
  
  	leaq -RBP(%rsp),%rdi	/* arg1 for handler */
@@ -17494,7 +17564,7 @@ index 6274f5f..7342ebb 100644
  	je 1f
  	SWAPGS
  	/*
-@@ -355,9 +639,10 @@ ENTRY(save_rest)
+@@ -355,9 +668,10 @@ ENTRY(save_rest)
  	movq_cfi r15, R15+16
  	movq %r11, 8(%rsp)	/* return address */
  	FIXUP_TOP_OF_STACK %r11, 16
@@ -17506,7 +17576,7 @@ index 6274f5f..7342ebb 100644
  
  /* save complete stack frame */
  	.pushsection .kprobes.text, "ax"
-@@ -386,9 +671,10 @@ ENTRY(save_paranoid)
+@@ -386,9 +700,10 @@ ENTRY(save_paranoid)
  	js 1f	/* negative -> in kernel */
  	SWAPGS
  	xorl %ebx,%ebx
@@ -17519,7 +17589,7 @@ index 6274f5f..7342ebb 100644
  	.popsection
  
  /*
-@@ -410,7 +696,7 @@ ENTRY(ret_from_fork)
+@@ -410,7 +725,7 @@ ENTRY(ret_from_fork)
  
  	RESTORE_REST
  
@@ -17528,7 +17598,7 @@ index 6274f5f..7342ebb 100644
  	je   int_ret_from_sys_call
  
  	testl $_TIF_IA32, TI_flags(%rcx)	# 32-bit compat task needs IRET
-@@ -420,7 +706,7 @@ ENTRY(ret_from_fork)
+@@ -420,7 +735,7 @@ ENTRY(ret_from_fork)
  	jmp ret_from_sys_call			# go to the SYSRET fastpath
  
  	CFI_ENDPROC
@@ -17537,7 +17607,7 @@ index 6274f5f..7342ebb 100644
  
  /*
   * System call entry. Up to 6 arguments in registers are supported.
-@@ -456,7 +742,7 @@ END(ret_from_fork)
+@@ -456,7 +771,7 @@ END(ret_from_fork)
  ENTRY(system_call)
  	CFI_STARTPROC	simple
  	CFI_SIGNAL_FRAME
@@ -17546,7 +17616,7 @@ index 6274f5f..7342ebb 100644
  	CFI_REGISTER	rip,rcx
  	/*CFI_REGISTER	rflags,r11*/
  	SWAPGS_UNSAFE_STACK
-@@ -469,12 +755,18 @@ ENTRY(system_call_after_swapgs)
+@@ -469,12 +784,18 @@ ENTRY(system_call_after_swapgs)
  
  	movq	%rsp,PER_CPU_VAR(old_rsp)
  	movq	PER_CPU_VAR(kernel_stack),%rsp
@@ -17566,7 +17636,7 @@ index 6274f5f..7342ebb 100644
  	movq  %rax,ORIG_RAX-ARGOFFSET(%rsp)
  	movq  %rcx,RIP-ARGOFFSET(%rsp)
  	CFI_REL_OFFSET rip,RIP-ARGOFFSET
-@@ -484,7 +776,7 @@ ENTRY(system_call_after_swapgs)
+@@ -484,7 +805,7 @@ ENTRY(system_call_after_swapgs)
  system_call_fastpath:
  	cmpq $__NR_syscall_max,%rax
  	ja badsys
@@ -17575,7 +17645,7 @@ index 6274f5f..7342ebb 100644
  	call *sys_call_table(,%rax,8)  # XXX:	 rip relative
  	movq %rax,RAX-ARGOFFSET(%rsp)
  /*
-@@ -503,6 +795,8 @@ sysret_check:
+@@ -503,6 +824,8 @@ sysret_check:
  	andl %edi,%edx
  	jnz  sysret_careful
  	CFI_REMEMBER_STATE
@@ -17584,7 +17654,7 @@ index 6274f5f..7342ebb 100644
  	/*
  	 * sysretq will re-enable interrupts:
  	 */
-@@ -554,14 +848,18 @@ badsys:
+@@ -554,14 +877,18 @@ badsys:
  	 * jump back to the normal fast path.
  	 */
  auditsys:
@@ -17604,7 +17674,7 @@ index 6274f5f..7342ebb 100644
  	jmp system_call_fastpath
  
  	/*
-@@ -591,16 +889,20 @@ tracesys:
+@@ -591,16 +918,20 @@ tracesys:
  	FIXUP_TOP_OF_STACK %rdi
  	movq %rsp,%rdi
  	call syscall_trace_enter
@@ -17626,7 +17696,7 @@ index 6274f5f..7342ebb 100644
  	call *sys_call_table(,%rax,8)
  	movq %rax,RAX-ARGOFFSET(%rsp)
  	/* Use IRET because user could have changed frame */
-@@ -612,7 +914,7 @@ tracesys:
+@@ -612,7 +943,7 @@ tracesys:
  GLOBAL(int_ret_from_sys_call)
  	DISABLE_INTERRUPTS(CLBR_NONE)
  	TRACE_IRQS_OFF
@@ -17635,7 +17705,7 @@ index 6274f5f..7342ebb 100644
  	je retint_restore_args
  	movl $_TIF_ALLWORK_MASK,%edi
  	/* edi:	mask to check */
-@@ -623,7 +925,9 @@ GLOBAL(int_with_check)
+@@ -623,7 +954,9 @@ GLOBAL(int_with_check)
  	andl %edi,%edx
  	jnz   int_careful
  	andl    $~TS_COMPAT,TI_status(%rcx)
@@ -17646,7 +17716,7 @@ index 6274f5f..7342ebb 100644
  
  	/* Either reschedule or signal or syscall exit tracking needed. */
  	/* First do a reschedule test. */
-@@ -669,7 +973,7 @@ int_restore_rest:
+@@ -669,7 +1002,7 @@ int_restore_rest:
  	TRACE_IRQS_OFF
  	jmp int_with_check
  	CFI_ENDPROC
@@ -17655,7 +17725,7 @@ index 6274f5f..7342ebb 100644
  
  /*
   * Certain special system calls that need to save a complete full stack frame.
-@@ -685,7 +989,7 @@ ENTRY(\label)
+@@ -685,7 +1018,7 @@ ENTRY(\label)
  	call \func
  	jmp ptregscall_common
  	CFI_ENDPROC
@@ -17664,7 +17734,7 @@ index 6274f5f..7342ebb 100644
  	.endm
  
  	PTREGSCALL stub_clone, sys_clone, %r8
-@@ -703,9 +1007,10 @@ ENTRY(ptregscall_common)
+@@ -703,9 +1036,10 @@ ENTRY(ptregscall_common)
  	movq_cfi_restore R12+8, r12
  	movq_cfi_restore RBP+8, rbp
  	movq_cfi_restore RBX+8, rbx
@@ -17676,7 +17746,7 @@ index 6274f5f..7342ebb 100644
  
  ENTRY(stub_execve)
  	CFI_STARTPROC
-@@ -720,7 +1025,7 @@ ENTRY(stub_execve)
+@@ -720,7 +1054,7 @@ ENTRY(stub_execve)
  	RESTORE_REST
  	jmp int_ret_from_sys_call
  	CFI_ENDPROC
@@ -17685,7 +17755,7 @@ index 6274f5f..7342ebb 100644
  
  /*
   * sigreturn is special because it needs to restore all registers on return.
-@@ -738,7 +1043,7 @@ ENTRY(stub_rt_sigreturn)
+@@ -738,7 +1072,7 @@ ENTRY(stub_rt_sigreturn)
  	RESTORE_REST
  	jmp int_ret_from_sys_call
  	CFI_ENDPROC
@@ -17694,7 +17764,7 @@ index 6274f5f..7342ebb 100644
  
  /*
   * Build the entry stubs and pointer table with some assembler magic.
-@@ -773,7 +1078,7 @@ vector=vector+1
+@@ -773,7 +1107,7 @@ vector=vector+1
  2:	jmp common_interrupt
  .endr
  	CFI_ENDPROC
@@ -17703,7 +17773,7 @@ index 6274f5f..7342ebb 100644
  
  .previous
  END(interrupt)
-@@ -793,6 +1098,16 @@ END(interrupt)
+@@ -793,6 +1127,16 @@ END(interrupt)
  	subq $ORIG_RAX-RBP, %rsp
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP
  	SAVE_ARGS_IRQ
@@ -17720,7 +17790,7 @@ index 6274f5f..7342ebb 100644
  	call \func
  	.endm
  
-@@ -824,7 +1139,7 @@ ret_from_intr:
+@@ -824,7 +1168,7 @@ ret_from_intr:
  
  exit_intr:
  	GET_THREAD_INFO(%rcx)
@@ -17729,7 +17799,7 @@ index 6274f5f..7342ebb 100644
  	je retint_kernel
  
  	/* Interrupt came from user space */
-@@ -846,12 +1161,16 @@ retint_swapgs:		/* return to user-space */
+@@ -846,12 +1190,16 @@ retint_swapgs:		/* return to user-space */
  	 * The iretq could re-enable interrupts:
  	 */
  	DISABLE_INTERRUPTS(CLBR_ANY)
@@ -17746,7 +17816,7 @@ index 6274f5f..7342ebb 100644
  	/*
  	 * The iretq could re-enable interrupts:
  	 */
-@@ -940,7 +1259,7 @@ ENTRY(retint_kernel)
+@@ -940,7 +1288,7 @@ ENTRY(retint_kernel)
  #endif
  
  	CFI_ENDPROC
@@ -17755,7 +17825,7 @@ index 6274f5f..7342ebb 100644
  /*
   * End of kprobes section
   */
-@@ -956,7 +1275,7 @@ ENTRY(\sym)
+@@ -956,7 +1304,7 @@ ENTRY(\sym)
  	interrupt \do_sym
  	jmp ret_from_intr
  	CFI_ENDPROC
@@ -17764,7 +17834,7 @@ index 6274f5f..7342ebb 100644
  .endm
  
  #ifdef CONFIG_SMP
-@@ -1021,12 +1340,22 @@ ENTRY(\sym)
+@@ -1021,12 +1369,22 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call error_entry
  	DEFAULT_FRAME 0
@@ -17788,7 +17858,7 @@ index 6274f5f..7342ebb 100644
  .endm
  
  .macro paranoidzeroentry sym do_sym
-@@ -1038,15 +1367,25 @@ ENTRY(\sym)
+@@ -1038,15 +1396,25 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call save_paranoid
  	TRACE_IRQS_OFF
@@ -17816,7 +17886,7 @@ index 6274f5f..7342ebb 100644
  .macro paranoidzeroentry_ist sym do_sym ist
  ENTRY(\sym)
  	INTR_FRAME
-@@ -1056,14 +1395,30 @@ ENTRY(\sym)
+@@ -1056,14 +1424,30 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call save_paranoid
  	TRACE_IRQS_OFF
@@ -17848,7 +17918,7 @@ index 6274f5f..7342ebb 100644
  .endm
  
  .macro errorentry sym do_sym
-@@ -1074,13 +1429,23 @@ ENTRY(\sym)
+@@ -1074,13 +1458,23 @@ ENTRY(\sym)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call error_entry
  	DEFAULT_FRAME 0
@@ -17873,7 +17943,7 @@ index 6274f5f..7342ebb 100644
  .endm
  
  	/* error code is on the stack already */
-@@ -1093,13 +1458,23 @@ ENTRY(\sym)
+@@ -1093,13 +1487,23 @@ ENTRY(\sym)
  	call save_paranoid
  	DEFAULT_FRAME 0
  	TRACE_IRQS_OFF
@@ -17898,7 +17968,7 @@ index 6274f5f..7342ebb 100644
  .endm
  
  zeroentry divide_error do_divide_error
-@@ -1129,9 +1504,10 @@ gs_change:
+@@ -1129,9 +1533,10 @@ gs_change:
  2:	mfence		/* workaround */
  	SWAPGS
  	popfq_cfi
@@ -17910,7 +17980,7 @@ index 6274f5f..7342ebb 100644
  
  	.section __ex_table,"a"
  	.align 8
-@@ -1153,13 +1529,14 @@ ENTRY(kernel_thread_helper)
+@@ -1153,13 +1558,14 @@ ENTRY(kernel_thread_helper)
  	 * Here we are in the child and the registers are set as they were
  	 * at kernel_thread() invocation in the parent.
  	 */
@@ -17926,7 +17996,7 @@ index 6274f5f..7342ebb 100644
  
  /*
   * execve(). This function needs to use IRET, not SYSRET, to set up all state properly.
-@@ -1186,11 +1563,11 @@ ENTRY(kernel_execve)
+@@ -1186,11 +1592,11 @@ ENTRY(kernel_execve)
  	RESTORE_REST
  	testq %rax,%rax
  	je int_ret_from_sys_call
@@ -17940,7 +18010,7 @@ index 6274f5f..7342ebb 100644
  
  /* Call softirq on interrupt stack. Interrupts are off. */
  ENTRY(call_softirq)
-@@ -1208,9 +1585,10 @@ ENTRY(call_softirq)
+@@ -1208,9 +1614,10 @@ ENTRY(call_softirq)
  	CFI_DEF_CFA_REGISTER	rsp
  	CFI_ADJUST_CFA_OFFSET   -8
  	decl PER_CPU_VAR(irq_count)
@@ -17952,7 +18022,7 @@ index 6274f5f..7342ebb 100644
  
  #ifdef CONFIG_XEN
  zeroentry xen_hypervisor_callback xen_do_hypervisor_callback
-@@ -1248,7 +1626,7 @@ ENTRY(xen_do_hypervisor_callback)   # do_hypervisor_callback(struct *pt_regs)
+@@ -1248,7 +1655,7 @@ ENTRY(xen_do_hypervisor_callback)   # do_hypervisor_callback(struct *pt_regs)
  	decl PER_CPU_VAR(irq_count)
  	jmp  error_exit
  	CFI_ENDPROC
@@ -17961,7 +18031,7 @@ index 6274f5f..7342ebb 100644
  
  /*
   * Hypervisor uses this for application faults while it executes.
-@@ -1307,7 +1685,7 @@ ENTRY(xen_failsafe_callback)
+@@ -1307,7 +1714,7 @@ ENTRY(xen_failsafe_callback)
  	SAVE_ALL
  	jmp error_exit
  	CFI_ENDPROC
@@ -17970,7 +18040,7 @@ index 6274f5f..7342ebb 100644
  
  apicinterrupt XEN_HVM_EVTCHN_CALLBACK \
  	xen_hvm_callback_vector xen_evtchn_do_upcall
-@@ -1356,16 +1734,31 @@ ENTRY(paranoid_exit)
+@@ -1356,16 +1763,31 @@ ENTRY(paranoid_exit)
  	TRACE_IRQS_OFF
  	testl %ebx,%ebx				/* swapgs needed? */
  	jnz paranoid_restore
@@ -18003,7 +18073,7 @@ index 6274f5f..7342ebb 100644
  	jmp irq_return
  paranoid_userspace:
  	GET_THREAD_INFO(%rcx)
-@@ -1394,7 +1787,7 @@ paranoid_schedule:
+@@ -1394,7 +1816,7 @@ paranoid_schedule:
  	TRACE_IRQS_OFF
  	jmp paranoid_userspace
  	CFI_ENDPROC
@@ -18012,7 +18082,7 @@ index 6274f5f..7342ebb 100644
  
  /*
   * Exception entry point. This expects an error code/orig_rax on the stack.
-@@ -1421,12 +1814,13 @@ ENTRY(error_entry)
+@@ -1421,12 +1843,13 @@ ENTRY(error_entry)
  	movq_cfi r14, R14+8
  	movq_cfi r15, R15+8
  	xorl %ebx,%ebx
@@ -18027,7 +18097,7 @@ index 6274f5f..7342ebb 100644
  	ret
  
  /*
-@@ -1453,7 +1847,7 @@ bstep_iret:
+@@ -1453,7 +1876,7 @@ bstep_iret:
  	movq %rcx,RIP+8(%rsp)
  	jmp error_swapgs
  	CFI_ENDPROC
@@ -18036,7 +18106,7 @@ index 6274f5f..7342ebb 100644
  
  
  /* ebx:	no swapgs flag (1: don't need swapgs, 0: need it) */
-@@ -1473,7 +1867,7 @@ ENTRY(error_exit)
+@@ -1473,7 +1896,7 @@ ENTRY(error_exit)
  	jnz retint_careful
  	jmp retint_swapgs
  	CFI_ENDPROC
@@ -18045,54 +18115,38 @@ index 6274f5f..7342ebb 100644
  
  
  	/* runs on exception stack */
-@@ -1485,6 +1879,16 @@ ENTRY(nmi)
+@@ -1485,6 +1908,8 @@ ENTRY(nmi)
  	CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15
  	call save_paranoid
  	DEFAULT_FRAME 0
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	testb $3, CS(%rsp)
-+	jnz 1f
-+	pax_enter_kernel
-+	jmp 2f
-+1:	pax_enter_kernel_user
-+2:
-+#else
-+	pax_enter_kernel
-+#endif
++	pax_enter_kernel_nmi
++
  	/* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */
  	movq %rsp,%rdi
  	movq $-1,%rsi
-@@ -1495,12 +1899,28 @@ ENTRY(nmi)
+@@ -1493,15 +1918,19 @@ ENTRY(nmi)
+ 	/* paranoidexit; without TRACE_IRQS_OFF */
+ 	/* ebx:	no swapgs flag */
  	DISABLE_INTERRUPTS(CLBR_NONE)
- 	testl %ebx,%ebx				/* swapgs needed? */
+-	testl %ebx,%ebx				/* swapgs needed? */
++	testl $1,%ebx				/* swapgs needed? */
  	jnz nmi_restore
--	testl $3,CS(%rsp)
-+	testb $3,CS(%rsp)
+ 	testl $3,CS(%rsp)
  	jnz nmi_userspace
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	pax_exit_kernel
-+	SWAPGS_UNSAFE_STACK
-+	RESTORE_ALL 8
-+	pax_force_retaddr_bts
-+	jmp irq_return
-+#endif
  nmi_swapgs:
-+#ifdef CONFIG_PAX_MEMORY_UDEREF
-+	pax_exit_kernel_user
-+#else
-+	pax_exit_kernel
-+#endif
  	SWAPGS_UNSAFE_STACK
-+	RESTORE_ALL 8
-+	jmp irq_return
  nmi_restore:
-+	pax_exit_kernel
++	pax_exit_kernel_nmi
  	RESTORE_ALL 8
+-	jmp irq_return
++	testb $3, 8(%rsp)
++	jnz 1f
 +	pax_force_retaddr_bts
- 	jmp irq_return
++1:	jmp irq_return
  nmi_userspace:
  	GET_THREAD_INFO(%rcx)
-@@ -1529,14 +1949,14 @@ nmi_schedule:
+ 	movl TI_flags(%rcx),%ebx
+@@ -1529,14 +1958,14 @@ nmi_schedule:
  	jmp paranoid_exit
  	CFI_ENDPROC
  #endif
@@ -21872,7 +21926,7 @@ index 04b8726..0c35b29 100644
  		goto cannot_handle;
  	if ((segoffs >> 16) == BIOSSEG)
 diff --git a/arch/x86/kernel/vmlinux.lds.S b/arch/x86/kernel/vmlinux.lds.S
-index 0f703f1..3b426f3 100644
+index 0f703f1..cd7e91b 100644
 --- a/arch/x86/kernel/vmlinux.lds.S
 +++ b/arch/x86/kernel/vmlinux.lds.S
 @@ -26,6 +26,13 @@
@@ -21957,7 +22011,7 @@ index 0f703f1..3b426f3 100644
 +	. = ALIGN(PAGE_SIZE);
 +	.module.text : AT(ADDR(.module.text) - LOAD_OFFSET) {
 +
-+#if defined(CONFIG_PAX_KERNEXEC) && defined(CONFIG_MODULES)
++#ifdef CONFIG_PAX_KERNEXEC
 +		MODULES_EXEC_VADDR = .;
 +		BYTE(0)
 +		. += (CONFIG_PAX_KERNEXEC_MODULE_TEXT * 1024 * 1024);
@@ -29985,6 +30039,47 @@ index 7b72502..646105c 100644
  		if (err) {
  			err = -EFAULT;
  			goto out;
+diff --git a/block/genhd.c b/block/genhd.c
+index 6edf228..078f68b9 100644
+--- a/block/genhd.c
++++ b/block/genhd.c
+@@ -474,21 +474,24 @@ static char *bdevt_str(dev_t devt, char *buf)
+ 
+ /*
+  * Register device numbers dev..(dev+range-1)
+- * range must be nonzero
++ * Noop if @range is zero.
+  * The hash chain is sorted on range, so that subranges can override.
+  */
+ void blk_register_region(dev_t devt, unsigned long range, struct module *module,
+ 			 struct kobject *(*probe)(dev_t, int *, void *),
+ 			 int (*lock)(dev_t, void *), void *data)
+ {
+-	kobj_map(bdev_map, devt, range, module, probe, lock, data);
++	if (range)
++		kobj_map(bdev_map, devt, range, module, probe, lock, data);
+ }
+ 
+ EXPORT_SYMBOL(blk_register_region);
+ 
++/* undo blk_register_region(), noop if @range is zero */
+ void blk_unregister_region(dev_t devt, unsigned long range)
+ {
+-	kobj_unmap(bdev_map, devt, range);
++	if (range)
++		kobj_unmap(bdev_map, devt, range);
+ }
+ 
+ EXPORT_SYMBOL(blk_unregister_region);
+@@ -519,7 +522,7 @@ void register_disk(struct gendisk *disk)
+ 
+ 	ddev->parent = disk->driverfs_dev;
+ 
+-	dev_set_name(ddev, disk->disk_name);
++	dev_set_name(ddev, "%s", disk->disk_name);
+ 
+ 	/* delay uevents, until we scanned partition table */
+ 	dev_set_uevent_suppress(ddev, 1);
 diff --git a/block/scsi_ioctl.c b/block/scsi_ioctl.c
 index 9e76a32..48d7145 100644
 --- a/block/scsi_ioctl.c
@@ -30040,6 +30135,19 @@ index 9e76a32..48d7145 100644
  	if (in_len && copy_from_user(buffer, sic->data + cmdlen, in_len))
  		goto error;
  
+diff --git a/crypto/algapi.c b/crypto/algapi.c
+index 54dd4e3..27ea1b0 100644
+--- a/crypto/algapi.c
++++ b/crypto/algapi.c
+@@ -477,7 +477,7 @@ static struct crypto_template *__crypto_lookup_template(const char *name)
+ 
+ struct crypto_template *crypto_lookup_template(const char *name)
+ {
+-	return try_then_request_module(__crypto_lookup_template(name), name);
++	return try_then_request_module(__crypto_lookup_template(name), "%s", name);
+ }
+ EXPORT_SYMBOL_GPL(crypto_lookup_template);
+ 
 diff --git a/crypto/cryptd.c b/crypto/cryptd.c
 index 7bdd61b..afec999 100644
 --- a/crypto/cryptd.c
@@ -30117,6 +30225,19 @@ index 5b63b8d..6f46ba0 100644
  	if (strlen(p->cru_driver_name))
  		exact = 1;
  
+diff --git a/crypto/pcrypt.c b/crypto/pcrypt.c
+index 29a89da..7e23990 100644
+--- a/crypto/pcrypt.c
++++ b/crypto/pcrypt.c
+@@ -440,7 +440,7 @@ static int pcrypt_sysfs_add(struct padata_instance *pinst, const char *name)
+ 	int ret;
+ 
+ 	pinst->kobj.kset = pcrypt_kset;
+-	ret = kobject_add(&pinst->kobj, NULL, name);
++	ret = kobject_add(&pinst->kobj, NULL, "%s", name);
+ 	if (!ret)
+ 		kobject_uevent(&pinst->kobj, KOBJ_ADD);
+ 
 diff --git a/drivers/acpi/apei/apei-internal.h b/drivers/acpi/apei/apei-internal.h
 index f57050e..7ccfc74 100644
 --- a/drivers/acpi/apei/apei-internal.h
@@ -31369,8 +31490,21 @@ index d889f56..17eb71e 100644
  	wake_up(&zatm_vcc->tx_wait);
  }
  
+diff --git a/drivers/base/attribute_container.c b/drivers/base/attribute_container.c
+index 8fc200b..32763bb 100644
+--- a/drivers/base/attribute_container.c
++++ b/drivers/base/attribute_container.c
+@@ -167,7 +167,7 @@ attribute_container_add_device(struct device *dev,
+ 		ic->classdev.parent = get_device(dev);
+ 		ic->classdev.class = cont->class;
+ 		cont->class->dev_release = attribute_container_release;
+-		dev_set_name(&ic->classdev, dev_name(dev));
++		dev_set_name(&ic->classdev, "%s", dev_name(dev));
+ 		if (fn)
+ 			fn(cont, dev, &ic->classdev);
+ 		else
 diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c
-index a4760e0..51283cf 100644
+index a4760e0..ea524a0 100644
 --- a/drivers/base/devtmpfs.c
 +++ b/drivers/base/devtmpfs.c
 @@ -368,7 +368,7 @@ int devtmpfs_mount(const char *mntdir)
@@ -31382,6 +31516,21 @@ index a4760e0..51283cf 100644
  	if (err)
  		printk(KERN_INFO "devtmpfs: error mounting %i\n", err);
  	else
+@@ -393,11 +393,11 @@ static int devtmpfsd(void *p)
+ 	*err = sys_unshare(CLONE_NEWNS);
+ 	if (*err)
+ 		goto out;
+-	*err = sys_mount("devtmpfs", "/", "devtmpfs", MS_SILENT, options);
++	*err = sys_mount((char __force_user *)"devtmpfs", (char __force_user *)"/", (char __force_user *)"devtmpfs", MS_SILENT, (char __force_user *)options);
+ 	if (*err)
+ 		goto out;
+-	sys_chdir("/.."); /* will traverse into overmounted root */
+-	sys_chroot(".");
++	sys_chdir((char __force_user *)"/.."); /* will traverse into overmounted root */
++	sys_chroot((char __force_user *)".");
+ 	complete(&setup_done);
+ 	while (1) {
+ 		spin_lock(&req_lock);
 diff --git a/drivers/base/node.c b/drivers/base/node.c
 index 5693ece..e39a621 100644
 --- a/drivers/base/node.c
@@ -31409,6 +31558,19 @@ index 5693ece..e39a621 100644
  
  static ssize_t show_node_state(struct sysdev_class *class,
  			       struct sysdev_class_attribute *attr, char *buf)
+diff --git a/drivers/base/power/sysfs.c b/drivers/base/power/sysfs.c
+index adf41be0..b044daf 100644
+--- a/drivers/base/power/sysfs.c
++++ b/drivers/base/power/sysfs.c
+@@ -184,7 +184,7 @@ static ssize_t rtpm_status_show(struct device *dev,
+ 			return -EIO;
+ 		}
+ 	}
+-	return sprintf(buf, p);
++	return sprintf(buf, "%s", p);
+ }
+ 
+ static DEVICE_ATTR(runtime_status, 0444, rtpm_status_show, NULL);
 diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c
 index caf995f..6f76697 100644
 --- a/drivers/base/power/wakeup.c
@@ -32024,6 +32186,19 @@ index a365562..933bbbd 100644
  	set_fs(old_fs);
  	if (likely(bw == len))
  		return 0;
+diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
+index 40a0fcb..556767c 100644
+--- a/drivers/block/nbd.c
++++ b/drivers/block/nbd.c
+@@ -675,7 +675,7 @@ static int __nbd_ioctl(struct block_device *bdev, struct nbd_device *lo,
+ 
+ 		mutex_unlock(&lo->tx_lock);
+ 
+-		thread = kthread_create(nbd_thread, lo, lo->disk->disk_name);
++		thread = kthread_create(nbd_thread, lo, "%s", lo->disk->disk_name);
+ 		if (IS_ERR(thread)) {
+ 			mutex_lock(&lo->tx_lock);
+ 			return PTR_ERR(thread);
 diff --git a/drivers/block/pktcdvd.c b/drivers/block/pktcdvd.c
 index a63b0a2..30228d1 100644
 --- a/drivers/block/pktcdvd.c
@@ -32038,7 +32213,7 @@ index a63b0a2..30228d1 100644
  static DEFINE_MUTEX(pktcdvd_mutex);
  static struct pktcdvd_device *pkt_devs[MAX_WRITERS];
 diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
-index 2678b6f..d82ca54 100644
+index 2678b6f..a691234 100644
 --- a/drivers/cdrom/cdrom.c
 +++ b/drivers/cdrom/cdrom.c
 @@ -419,7 +419,6 @@ int register_cdrom(struct cdrom_device_info *cdi)
@@ -32089,6 +32264,15 @@ index 2678b6f..d82ca54 100644
  	if (cgc->buffer == NULL)
  		return -ENOMEM;
  
+@@ -3432,7 +3433,7 @@ static int cdrom_print_info(const char *header, int val, char *info,
+ 	struct cdrom_device_info *cdi;
+ 	int ret;
+ 
+-	ret = scnprintf(info + *pos, max_size - *pos, header);
++	ret = scnprintf(info + *pos, max_size - *pos, "%s", header);
+ 	if (!ret)
+ 		return 1;
+ 
 diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c
 index 3ceaf00..e3c3d38 100644
 --- a/drivers/cdrom/gdrom.c
@@ -32123,8 +32307,21 @@ index 4364303..9adf4ee 100644
  	default y
  
  source "drivers/s390/char/Kconfig"
+diff --git a/drivers/char/agp/compat_ioctl.c b/drivers/char/agp/compat_ioctl.c
+index a48e05b..6bac831 100644
+--- a/drivers/char/agp/compat_ioctl.c
++++ b/drivers/char/agp/compat_ioctl.c
+@@ -108,7 +108,7 @@ static int compat_agpioc_reserve_wrap(struct agp_file_private *priv, void __user
+ 			return -ENOMEM;
+ 		}
+ 
+-		if (copy_from_user(usegment, (void __user *) ureserve.seg_list,
++		if (copy_from_user(usegment, (void __force_user *) ureserve.seg_list,
+ 				   sizeof(*usegment) * ureserve.seg_count)) {
+ 			kfree(usegment);
+ 			kfree(ksegment);
 diff --git a/drivers/char/agp/frontend.c b/drivers/char/agp/frontend.c
-index 2e04433..22afc64 100644
+index 2e04433..771f2cc 100644
 --- a/drivers/char/agp/frontend.c
 +++ b/drivers/char/agp/frontend.c
 @@ -817,7 +817,7 @@ static int agpioc_reserve_wrap(struct agp_file_private *priv, void __user *arg)
@@ -32136,6 +32333,15 @@ index 2e04433..22afc64 100644
  		return -EFAULT;
  
  	client = agp_find_client_by_pid(reserve.pid);
+@@ -847,7 +847,7 @@ static int agpioc_reserve_wrap(struct agp_file_private *priv, void __user *arg)
+ 		if (segment == NULL)
+ 			return -ENOMEM;
+ 
+-		if (copy_from_user(segment, (void __user *) reserve.seg_list,
++		if (copy_from_user(segment, (void __force_user *) reserve.seg_list,
+ 				   sizeof(struct agp_segment) * reserve.seg_count)) {
+ 			kfree(segment);
+ 			return -EFAULT;
 diff --git a/drivers/char/briq_panel.c b/drivers/char/briq_panel.c
 index 095ab90..afad0a4 100644
 --- a/drivers/char/briq_panel.c
@@ -32206,6 +32412,19 @@ index 14d49e4..d331fd8 100644
  		  struct hpet_info *info)
  {
  	struct hpet_timer __iomem *timer;
+diff --git a/drivers/char/hw_random/intel-rng.c b/drivers/char/hw_random/intel-rng.c
+index 86fe45c..c0ea948 100644
+--- a/drivers/char/hw_random/intel-rng.c
++++ b/drivers/char/hw_random/intel-rng.c
+@@ -314,7 +314,7 @@ PFX "RNG, try using the 'no_fwh_detect' option.\n";
+ 
+ 		if (no_fwh_detect)
+ 			return -ENODEV;
+-		printk(warning);
++		printk("%s", warning);
+ 		return -EBUSY;
+ 	}
+ 
 diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c
 index 58c0e63..46c16bf 100644
 --- a/drivers/char/ipmi/ipmi_msghandler.c
@@ -32288,7 +32507,7 @@ index 1aeaaba..e018570 100644
  	 .part_num = MBCS_PART_NUM,
  	 .mfg_num = MBCS_MFG_NUM,
 diff --git a/drivers/char/mem.c b/drivers/char/mem.c
-index 1451790..d42d89d 100644
+index 1451790..046b083 100644
 --- a/drivers/char/mem.c
 +++ b/drivers/char/mem.c
 @@ -18,6 +18,7 @@
@@ -32369,6 +32588,15 @@ index 1451790..d42d89d 100644
  		unxlate_dev_mem_ptr(p, ptr);
  		if (remaining)
  			return -EFAULT;
+@@ -376,7 +407,7 @@ static ssize_t read_oldmem(struct file *file, char __user *buf,
+ 		else
+ 			csize = count;
+ 
+-		rc = copy_oldmem_page(pfn, buf, csize, offset, 1);
++		rc = copy_oldmem_page(pfn, (char __force_kernel *)buf, csize, offset, 1);
+ 		if (rc < 0)
+ 			return rc;
+ 		buf += csize;
 @@ -396,9 +427,8 @@ static ssize_t read_kmem(struct file *file, char __user *buf,
  			 size_t count, loff_t *ppos)
  {
@@ -32435,6 +32663,15 @@ index 1451790..d42d89d 100644
  };
  
  static int memory_open(struct inode *inode, struct file *filp)
+@@ -931,7 +986,7 @@ static int __init chr_dev_init(void)
+ 		if (!devlist[minor].name)
+ 			continue;
+ 		device_create(mem_class, NULL, MKDEV(MEM_MAJOR, minor),
+-			      NULL, devlist[minor].name);
++			      NULL, "%s", devlist[minor].name);
+ 	}
+ 
+ 	return tty_init();
 diff --git a/drivers/char/mwave/tp3780i.c b/drivers/char/mwave/tp3780i.c
 index c689697..04e6d6a2 100644
 --- a/drivers/char/mwave/tp3780i.c
@@ -32937,6 +33174,19 @@ index 1e756e1..6f7ead5 100644
  	.attrs = cpuclass_default_attrs,
  	.name = "cpuidle",
  };
+diff --git a/drivers/devfreq/devfreq.c b/drivers/devfreq/devfreq.c
+index 59d24e9..0d20240 100644
+--- a/drivers/devfreq/devfreq.c
++++ b/drivers/devfreq/devfreq.c
+@@ -372,7 +372,7 @@ struct devfreq *devfreq_add_device(struct device *dev,
+ 			      = msecs_to_jiffies(devfreq->profile->polling_ms);
+ 	devfreq->nb.notifier_call = devfreq_notifier_call;
+ 
+-	dev_set_name(&devfreq->dev, dev_name(dev));
++	dev_set_name(&devfreq->dev, "%s", dev_name(dev));
+ 	err = device_register(&devfreq->dev);
+ 	if (err) {
+ 		put_device(&devfreq->dev);
 diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c
 index eb1d864..39ee5a7 100644
 --- a/drivers/dma/dmatest.c
@@ -33598,6 +33848,28 @@ index 40c187c..59da444 100644
  	++file_priv->ioctl_count;
  
  	DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n",
+diff --git a/drivers/gpu/drm/drm_encoder_slave.c b/drivers/gpu/drm/drm_encoder_slave.c
+index fb94355..e1fcec5 100644
+--- a/drivers/gpu/drm/drm_encoder_slave.c
++++ b/drivers/gpu/drm/drm_encoder_slave.c
+@@ -54,16 +54,12 @@ int drm_i2c_encoder_init(struct drm_device *dev,
+ 			 struct i2c_adapter *adap,
+ 			 const struct i2c_board_info *info)
+ {
+-	char modalias[sizeof(I2C_MODULE_PREFIX)
+-		      + I2C_NAME_SIZE];
+ 	struct module *module = NULL;
+ 	struct i2c_client *client;
+ 	struct drm_i2c_encoder_driver *encoder_drv;
+ 	int err = 0;
+ 
+-	snprintf(modalias, sizeof(modalias),
+-		 "%s%s", I2C_MODULE_PREFIX, info->type);
+-	request_module(modalias);
++	request_module("%s%s", I2C_MODULE_PREFIX, info->type);
+ 
+ 	client = i2c_new_device(adap, info);
+ 	if (!client) {
 diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c
 index 020b103..68ae292 100644
 --- a/drivers/gpu/drm/drm_fops.c
@@ -33847,6 +34119,19 @@ index 632ae24..244cf4a 100644
  
  	if (drm_lock_free(&master->lock, lock->context)) {
  		/* FIXME: Should really bail out here. */
+diff --git a/drivers/gpu/drm/drm_sysfs.c b/drivers/gpu/drm/drm_sysfs.c
+index 0f9ef9b..48bd695 100644
+--- a/drivers/gpu/drm/drm_sysfs.c
++++ b/drivers/gpu/drm/drm_sysfs.c
+@@ -495,7 +495,7 @@ EXPORT_SYMBOL(drm_sysfs_hotplug_event);
+ int drm_sysfs_device_add(struct drm_minor *minor)
+ {
+ 	int err;
+-	char *minor_str;
++	const char *minor_str;
+ 
+ 	minor->kdev.parent = minor->dev->dev;
+ 
 diff --git a/drivers/gpu/drm/i810/i810_dma.c b/drivers/gpu/drm/i810/i810_dma.c
 index 8f371e8..9f85d52 100644
 --- a/drivers/gpu/drm/i810/i810_dma.c
@@ -34939,6 +35224,28 @@ index 63db75d..999004d 100644
  		dev_warn(rdev->dev, "failed blitter (%d) falling back to memcpy\n", r);
  	}
  
+diff --git a/drivers/gpu/drm/ttm/ttm_memory.c b/drivers/gpu/drm/ttm/ttm_memory.c
+index e70ddd8..ddfa1cd 100644
+--- a/drivers/gpu/drm/ttm/ttm_memory.c
++++ b/drivers/gpu/drm/ttm/ttm_memory.c
+@@ -263,7 +263,7 @@ static int ttm_mem_init_kernel_zone(struct ttm_mem_global *glob,
+ 	zone->glob = glob;
+ 	glob->zone_kernel = zone;
+ 	ret = kobject_init_and_add(
+-		&zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, zone->name);
++		&zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, "%s", zone->name);
+ 	if (unlikely(ret != 0)) {
+ 		kobject_put(&zone->kobj);
+ 		return ret;
+@@ -346,7 +346,7 @@ static int ttm_mem_init_dma32_zone(struct ttm_mem_global *glob,
+ 	zone->glob = glob;
+ 	glob->zone_dma32 = zone;
+ 	ret = kobject_init_and_add(
+-		&zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, zone->name);
++		&zone->kobj, &ttm_mem_zone_kobj_type, &glob->kobj, "%s", zone->name);
+ 	if (unlikely(ret != 0)) {
+ 		kobject_put(&zone->kobj);
+ 		return ret;
 diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc.c b/drivers/gpu/drm/ttm/ttm_page_alloc.c
 index 9e4313e..46fad36 100644
 --- a/drivers/gpu/drm/ttm/ttm_page_alloc.c
@@ -35104,6 +35411,28 @@ index a0c2f12..68ae6cb 100644
  	} while (*seqno == 0);
  
  	if (!(fifo_state->capabilities & SVGA_FIFO_CAP_FENCE)) {
+diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c b/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c
+index 66917c6..2dcc8ae 100644
+--- a/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c
++++ b/drivers/gpu/drm/vmwgfx/vmwgfx_ioctl.c
+@@ -135,7 +135,7 @@ int vmw_present_ioctl(struct drm_device *dev, void *data,
+ 	int ret;
+ 
+ 	num_clips = arg->num_clips;
+-	clips_ptr = (struct drm_vmw_rect *)(unsigned long)arg->clips_ptr;
++	clips_ptr = (struct drm_vmw_rect __user *)(unsigned long)arg->clips_ptr;
+ 
+ 	if (unlikely(num_clips == 0))
+ 		return 0;
+@@ -221,7 +221,7 @@ int vmw_present_readback_ioctl(struct drm_device *dev, void *data,
+ 	int ret;
+ 
+ 	num_clips = arg->num_clips;
+-	clips_ptr = (struct drm_vmw_rect *)(unsigned long)arg->clips_ptr;
++	clips_ptr = (struct drm_vmw_rect __user *)(unsigned long)arg->clips_ptr;
+ 
+ 	if (unlikely(num_clips == 0))
+ 		return 0;
 diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c b/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c
 index cabc95f..14b3d77 100644
 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_irq.c
@@ -35443,6 +35772,19 @@ index 29015eb..af2d8e9 100644
  
  /* Wrapper access functions for multiplexed SMBus */
  static DEFINE_MUTEX(nforce2_lock);
+diff --git a/drivers/i2c/i2c-dev.c b/drivers/i2c/i2c-dev.c
+index 57a45ce8..51bd6c1 100644
+--- a/drivers/i2c/i2c-dev.c
++++ b/drivers/i2c/i2c-dev.c
+@@ -276,7 +276,7 @@ static noinline int i2cdev_ioctl_rdrw(struct i2c_client *client,
+ 			res = -EINVAL;
+ 			break;
+ 		}
+-		data_ptrs[i] = (u8 __user *)rdwr_pa[i].buf;
++		data_ptrs[i] = (u8 __force_user *)rdwr_pa[i].buf;
+ 		rdwr_pa[i].buf = memdup_user(data_ptrs[i], rdwr_pa[i].len);
+ 		if (IS_ERR(rdwr_pa[i].buf)) {
+ 			res = PTR_ERR(rdwr_pa[i].buf);
 diff --git a/drivers/ide/aec62xx.c b/drivers/ide/aec62xx.c
 index 57d00ca..0145194 100644
 --- a/drivers/ide/aec62xx.c
@@ -38106,6 +38448,59 @@ index a0895bf..b451f5b 100644
  	.owner		= THIS_MODULE,
  	.open		= timblogiw_open,
  	.release	= timblogiw_close,
+diff --git a/drivers/media/video/v4l2-compat-ioctl32.c b/drivers/media/video/v4l2-compat-ioctl32.c
+index c68531b..82a9ea0 100644
+--- a/drivers/media/video/v4l2-compat-ioctl32.c
++++ b/drivers/media/video/v4l2-compat-ioctl32.c
+@@ -332,7 +332,7 @@ struct v4l2_buffer32 {
+ 	__u32			reserved;
+ };
+ 
+-static int get_v4l2_plane32(struct v4l2_plane *up, struct v4l2_plane32 *up32,
++static int get_v4l2_plane32(struct v4l2_plane __user *up, struct v4l2_plane32 __user *up32,
+ 				enum v4l2_memory memory)
+ {
+ 	void __user *up_pln;
+@@ -358,7 +358,7 @@ static int get_v4l2_plane32(struct v4l2_plane *up, struct v4l2_plane32 *up32,
+ 	return 0;
+ }
+ 
+-static int put_v4l2_plane32(struct v4l2_plane *up, struct v4l2_plane32 *up32,
++static int put_v4l2_plane32(struct v4l2_plane __user *up, struct v4l2_plane32 __user *up32,
+ 				enum v4l2_memory memory)
+ {
+ 	if (copy_in_user(up32, up, 2 * sizeof(__u32)) ||
+diff --git a/drivers/media/video/v4l2-ioctl.c b/drivers/media/video/v4l2-ioctl.c
+index 639abee..e2336f4 100644
+--- a/drivers/media/video/v4l2-ioctl.c
++++ b/drivers/media/video/v4l2-ioctl.c
+@@ -2197,7 +2197,7 @@ static unsigned long cmd_input_size(unsigned int cmd)
+ }
+ 
+ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size,
+-			    void * __user *user_ptr, void ***kernel_ptr)
++			    void __user **user_ptr, void ***kernel_ptr)
+ {
+ 	int ret = 0;
+ 
+@@ -2212,7 +2212,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size,
+ 				ret = -EINVAL;
+ 				break;
+ 			}
+-			*user_ptr = (void __user *)buf->m.planes;
++			*user_ptr = (void __force_user *)buf->m.planes;
+ 			*kernel_ptr = (void *)&buf->m.planes;
+ 			*array_size = sizeof(struct v4l2_plane) * buf->length;
+ 			ret = 1;
+@@ -2230,7 +2230,7 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size,
+ 				ret = -EINVAL;
+ 				break;
+ 			}
+-			*user_ptr = (void __user *)ctrls->controls;
++			*user_ptr = (void __force_user *)ctrls->controls;
+ 			*kernel_ptr = (void *)&ctrls->controls;
+ 			*array_size = sizeof(struct v4l2_ext_control)
+ 				    * ctrls->count;
 diff --git a/drivers/memstick/host/r592.c b/drivers/memstick/host/r592.c
 index 668f5c6..65df5f2 100644
 --- a/drivers/memstick/host/r592.c
@@ -46886,6 +47281,19 @@ index 081dc47..6e20d0b 100644
  
  	info->var.accel_flags = (!noaccel);
  
+diff --git a/drivers/video/output.c b/drivers/video/output.c
+index 0d6f2cd..6285b97 100644
+--- a/drivers/video/output.c
++++ b/drivers/video/output.c
+@@ -97,7 +97,7 @@ struct output_device *video_output_register(const char *name,
+ 	new_dev->props = op;
+ 	new_dev->dev.class = &video_output_class;
+ 	new_dev->dev.parent = dev;
+-	dev_set_name(&new_dev->dev, name);
++	dev_set_name(&new_dev->dev, "%s", name);
+ 	dev_set_drvdata(&new_dev->dev, devdata);
+ 	ret_code = device_register(&new_dev->dev);
+ 	if (ret_code) {
 diff --git a/drivers/video/s1d13xxxfb.c b/drivers/video/s1d13xxxfb.c
 index 28b1c6c..b9939d9 100644
 --- a/drivers/video/s1d13xxxfb.c
@@ -47311,6 +47719,19 @@ index fef20db..d28b1ab 100644
  	if (!file->private_data)
  		return -ENOMEM;
  	return 0;
+diff --git a/fs/9p/vfs_addr.c b/fs/9p/vfs_addr.c
+index 2524e4c..2962cc6a 100644
+--- a/fs/9p/vfs_addr.c
++++ b/fs/9p/vfs_addr.c
+@@ -185,7 +185,7 @@ static int v9fs_vfs_writepage_locked(struct page *page)
+ 
+ 	retval = v9fs_file_write_internal(inode,
+ 					  v9inode->writeback_fid,
+-					  (__force const char __user *)buffer,
++					  (const char __force_user *)buffer,
+ 					  len, &offset, 0);
+ 	if (retval > 0)
+ 		retval = 0;
 diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c
 index 879ed88..bc03a01 100644
 --- a/fs/9p/vfs_inode.c
@@ -47649,7 +48070,7 @@ index a6395bd..f1e376a 100644
  		(unsigned long) create_aout_tables((char __user *) bprm->p, bprm);
  #ifdef __alpha__
 diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
-index 8dd615c..315240a 100644
+index 8dd615c..ff7ac04 100644
 --- a/fs/binfmt_elf.c
 +++ b/fs/binfmt_elf.c
 @@ -32,6 +32,7 @@
@@ -47884,7 +48305,7 @@ index 8dd615c..315240a 100644
 +#endif
 +
 +#ifdef CONFIG_PAX_EMUTRAMP
-+	if (pax_flags_softmode & MF_PAX_EMUTRAMP)
++	if ((pax_flags_softmode & MF_PAX_EMUTRAMP) && (pax_flags & (MF_PAX_PAGEEXEC | MF_PAX_SEGMEXEC)))
 +		pax_flags |= MF_PAX_EMUTRAMP;
 +#endif
 +
@@ -49414,7 +49835,7 @@ index 112e45a..b59845b 100644
  
  /*
 diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c
-index f854cf9..93292ff 100644
+index f854cf9..d513829 100644
 --- a/fs/compat_ioctl.c
 +++ b/fs/compat_ioctl.c
 @@ -623,7 +623,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd,
@@ -49426,6 +49847,17 @@ index f854cf9..93292ff 100644
                  if (__get_user(ss.iomem_reg_shift, &ss32->iomem_reg_shift) ||
  		    __get_user(ss.port_high, &ss32->port_high))
  			return -EFAULT;
+@@ -704,8 +704,8 @@ static int do_i2c_rdwr_ioctl(unsigned int fd, unsigned int cmd,
+ 	for (i = 0; i < nmsgs; i++) {
+ 		if (copy_in_user(&tmsgs[i].addr, &umsgs[i].addr, 3*sizeof(u16)))
+ 			return -EFAULT;
+-		if (get_user(datap, &umsgs[i].buf) ||
+-		    put_user(compat_ptr(datap), &tmsgs[i].buf))
++		if (get_user(datap, (u8 __user * __user *)&umsgs[i].buf) ||
++		    put_user(compat_ptr(datap), (u8 __user * __user *)&tmsgs[i].buf))
+ 			return -EFAULT;
+ 	}
+ 	return sys_ioctl(fd, cmd, (unsigned long)tdata);
 @@ -798,7 +798,7 @@ static int compat_ioctl_preallocate(struct file *file,
  	    copy_in_user(&p->l_len,	&p32->l_len,	sizeof(s64)) ||
  	    copy_in_user(&p->l_sysid,	&p32->l_sysid,	sizeof(s32)) ||
@@ -49670,7 +50102,7 @@ index 451b9b8..12e5a03 100644
  
  out_free_fd:
 diff --git a/fs/exec.c b/fs/exec.c
-index 312e297..4c133f2 100644
+index 312e297..699f362 100644
 --- a/fs/exec.c
 +++ b/fs/exec.c
 @@ -55,12 +55,35 @@
@@ -49864,7 +50296,7 @@ index 312e297..4c133f2 100644
  	mm_segment_t oldfs = get_fs();
  	struct user_arg_ptr argv = {
 -		.ptr.native = (const char __user *const  __user *)__argv,
-+		.ptr.native = (const char __force_user *const  __force_user *)__argv,
++		.ptr.native = (const char __force_user * const __force_user *)__argv,
  	};
  
  	set_fs(KERNEL_DS);
@@ -50897,8 +51329,21 @@ index 9243103..750691a 100644
  	trace_ext4_mballoc_discard(sb, NULL, group, bit, pa->pa_len);
  
  	return 0;
+diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c
+index f3358ab..fbb1d90 100644
+--- a/fs/ext4/mmp.c
++++ b/fs/ext4/mmp.c
+@@ -73,7 +73,7 @@ static int read_mmp_block(struct super_block *sb, struct buffer_head **bh,
+ void __dump_mmp_msg(struct super_block *sb, struct mmp_struct *mmp,
+ 		    const char *function, unsigned int line, const char *msg)
+ {
+-	__ext4_warning(sb, function, line, msg);
++	__ext4_warning(sb, function, line, "%s", msg);
+ 	__ext4_warning(sb, function, line,
+ 		       "MMP failure info: last update time: %llu, last update "
+ 		       "node: %s, last update device: %s\n",
 diff --git a/fs/ext4/super.c b/fs/ext4/super.c
-index 259e950..ee9c9f3 100644
+index 259e950..2d40e76 100644
 --- a/fs/ext4/super.c
 +++ b/fs/ext4/super.c
 @@ -92,6 +92,8 @@ static struct file_system_type ext2_fs_type = {
@@ -50919,6 +51364,15 @@ index 259e950..ee9c9f3 100644
  #define IS_EXT3_SB(sb) ((sb)->s_bdev->bd_holder == &ext3_fs_type)
  #else
  #define IS_EXT3_SB(sb) (0)
+@@ -1438,7 +1442,7 @@ static ext4_fsblk_t get_sb_block(void **data)
+ }
+ 
+ #define DEFAULT_JOURNAL_IOPRIO (IOPRIO_PRIO_VALUE(IOPRIO_CLASS_BE, 3))
+-static char deprecated_msg[] = "Mount option \"%s\" will be removed by %s\n"
++static const char deprecated_msg[] = "Mount option \"%s\" will be removed by %s\n"
+ 	"Contact linux-ext4@vger.kernel.org if you think we should keep it.\n";
+ 
+ #ifdef CONFIG_QUOTA
 @@ -2469,7 +2473,7 @@ struct ext4_attr {
  	ssize_t (*store)(struct ext4_attr *, struct ext4_sb_info *,
  			 const char *, size_t);
@@ -52976,6 +53430,19 @@ index 8392cb8..80d6193 100644
  
  	memcpy(c->data, &cookie, 4);
  	c->len=4;
+diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c
+index 2444780..2544030 100644
+--- a/fs/lockd/svc.c
++++ b/fs/lockd/svc.c
+@@ -295,7 +295,7 @@ int lockd_up(void)
+ 	svc_sock_update_bufs(serv);
+ 	serv->sv_maxconn = nlm_max_connections;
+ 
+-	nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, serv->sv_name);
++	nlmsvc_task = kthread_run(lockd, nlmsvc_rqst, "%s", serv->sv_name);
+ 	if (IS_ERR(nlmsvc_task)) {
+ 		error = PTR_ERR(nlmsvc_task);
+ 		svc_exit_thread(nlmsvc_rqst);
 diff --git a/fs/locks.c b/fs/locks.c
 index fcc50ab..c3dacf26 100644
 --- a/fs/locks.c
@@ -53617,7 +54084,7 @@ index 9680cef..36c9152 100644
  out:
  	return len;
 diff --git a/fs/namespace.c b/fs/namespace.c
-index ca4913a..8d4cf9e 100644
+index ca4913a..4d493ac 100644
 --- a/fs/namespace.c
 +++ b/fs/namespace.c
 @@ -1327,6 +1327,9 @@ static int do_umount(struct vfsmount *mnt, int flags)
@@ -53640,6 +54107,24 @@ index ca4913a..8d4cf9e 100644
  	return retval;
  }
  
+@@ -1357,7 +1363,7 @@ static int do_umount(struct vfsmount *mnt, int flags)
+  * unixes. Our API is identical to OSF/1 to avoid making a mess of AMD
+  */
+ 
+-SYSCALL_DEFINE2(umount, char __user *, name, int, flags)
++SYSCALL_DEFINE2(umount, const char __user *, name, int, flags)
+ {
+ 	struct path path;
+ 	int retval;
+@@ -1396,7 +1402,7 @@ out:
+ /*
+  *	The 2.0 compatible umount. No flags.
+  */
+-SYSCALL_DEFINE1(oldumount, char __user *, name)
++SYSCALL_DEFINE1(oldumount, const char __user *, name)
+ {
+ 	return sys_umount(name, 0);
+ }
 @@ -2337,6 +2343,16 @@ long do_mount(char *dev_name, char *dir_name, char *type_page,
  		   MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT |
  		   MS_STRICTATIME);
@@ -53667,6 +54152,17 @@ index ca4913a..8d4cf9e 100644
  	return retval;
  }
  
+@@ -2518,8 +2537,8 @@ struct dentry *mount_subtree(struct vfsmount *mnt, const char *name)
+ }
+ EXPORT_SYMBOL(mount_subtree);
+ 
+-SYSCALL_DEFINE5(mount, char __user *, dev_name, char __user *, dir_name,
+-		char __user *, type, unsigned long, flags, void __user *, data)
++SYSCALL_DEFINE5(mount, const char __user *, dev_name, const char __user *, dir_name,
++		const char __user *, type, unsigned long, flags, void __user *, data)
+ {
+ 	int ret;
+ 	char *kernel_type;
 @@ -2606,6 +2625,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root,
  	if (error)
  		goto out2;
@@ -53691,6 +54187,30 @@ index cbd1a61..b43f68b 100644
  
  static int __init init_ncp_fs(void)
  {
+diff --git a/fs/nfs/callback.c b/fs/nfs/callback.c
+index 516f337..82a82df 100644
+--- a/fs/nfs/callback.c
++++ b/fs/nfs/callback.c
+@@ -250,7 +250,6 @@ int nfs_callback_up(u32 minorversion, struct rpc_xprt *xprt)
+ 	struct svc_rqst *rqstp;
+ 	int (*callback_svc)(void *vrqstp);
+ 	struct nfs_callback_data *cb_info = &nfs_callback_info[minorversion];
+-	char svc_name[12];
+ 	int ret = 0;
+ 	int minorversion_setup;
+ 
+@@ -280,10 +279,9 @@ int nfs_callback_up(u32 minorversion, struct rpc_xprt *xprt)
+ 
+ 	svc_sock_update_bufs(serv);
+ 
+-	sprintf(svc_name, "nfsv4.%u-svc", minorversion);
+ 	cb_info->serv = serv;
+ 	cb_info->rqst = rqstp;
+-	cb_info->task = kthread_run(callback_svc, cb_info->rqst, svc_name);
++	cb_info->task = kthread_run(callback_svc, cb_info->rqst, "nfsv4.%u-svc", minorversion);
+ 	if (IS_ERR(cb_info->task)) {
+ 		ret = PTR_ERR(cb_info->task);
+ 		svc_exit_thread(cb_info->rqst);
 diff --git a/fs/nfs/callback_xdr.c b/fs/nfs/callback_xdr.c
 index 168cb93..20486571 100644
 --- a/fs/nfs/callback_xdr.c
@@ -53846,10 +54366,10 @@ index ade5316..f1a6152 100644
  };
  
 diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c
-index 2cbac34..06593b2 100644
+index 2cbac34..21c9120 100644
 --- a/fs/nfsd/nfscache.c
 +++ b/fs/nfsd/nfscache.c
-@@ -259,13 +259,15 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
+@@ -259,13 +259,16 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp)
  {
  	struct svc_cacherep *rp;
  	struct kvec	*resv = &rqstp->rq_res.head[0], *cachv;
@@ -53862,7 +54382,8 @@ index 2cbac34..06593b2 100644
 -	len = resv->iov_len - ((char*)statp - (char*)resv->iov_base);
 -	len >>= 2;
 +	if (statp) {
-+		len = resv->iov_len - ((char*)statp - (char*)resv->iov_base);
++		len = (char*)statp - (char*)resv->iov_base;
++		len = resv->iov_len - len;
 +		len >>= 2;
 +	}
  
@@ -55943,6 +56464,36 @@ index 980de54..78b2faa 100644
  	if (!mm || IS_ERR(mm)) {
  		put_task_struct(priv->task);
  		priv->task = NULL;
+diff --git a/fs/proc/vmcore.c b/fs/proc/vmcore.c
+index b0f450a..8ba3e5d 100644
+--- a/fs/proc/vmcore.c
++++ b/fs/proc/vmcore.c
+@@ -97,9 +97,13 @@ static ssize_t read_from_oldmem(char *buf, size_t count,
+ 			nr_bytes = count;
+ 
+ 		/* If pfn is not ram, return zeros for sparse dump files */
+-		if (pfn_is_ram(pfn) == 0)
+-			memset(buf, 0, nr_bytes);
+-		else {
++		if (pfn_is_ram(pfn) == 0) {
++			if (userbuf) {
++				if (clear_user((char __force_user *)buf, nr_bytes))
++					return -EFAULT;
++			} else
++				memset(buf, 0, nr_bytes);
++		} else {
+ 			tmp = copy_oldmem_page(pfn, buf, nr_bytes,
+ 						offset, userbuf);
+ 			if (tmp < 0)
+@@ -184,7 +188,7 @@ static ssize_t read_vmcore(struct file *file, char __user *buffer,
+ 		tsz = nr_bytes;
+ 
+ 	while (buflen) {
+-		tmp = read_from_oldmem(buffer, tsz, &start, 1);
++		tmp = read_from_oldmem((char __force_kernel *)buffer, tsz, &start, 1);
+ 		if (tmp < 0)
+ 			return tmp;
+ 		buflen -= tsz;
 diff --git a/fs/qnx4/inode.c b/fs/qnx4/inode.c
 index 3bdd214..e570832 100644
 --- a/fs/qnx4/inode.c
@@ -72401,9 +72952,25 @@ index ea0c02f..0eed39d 100644
  #ifdef __arch_swab64
  	return __arch_swab64(val);
 diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
-index 86a24b1..5991c65 100644
+index 86a24b1..58153f1 100644
 --- a/include/linux/syscalls.h
 +++ b/include/linux/syscalls.h
+@@ -392,11 +392,11 @@ asmlinkage long sys_sync(void);
+ asmlinkage long sys_fsync(unsigned int fd);
+ asmlinkage long sys_fdatasync(unsigned int fd);
+ asmlinkage long sys_bdflush(int func, long data);
+-asmlinkage long sys_mount(char __user *dev_name, char __user *dir_name,
+-				char __user *type, unsigned long flags,
++asmlinkage long sys_mount(const char __user *dev_name, const char __user *dir_name,
++				const char __user *type, unsigned long flags,
+ 				void __user *data);
+-asmlinkage long sys_umount(char __user *name, int flags);
+-asmlinkage long sys_oldumount(char __user *name);
++asmlinkage long sys_umount(const char __user *name, int flags);
++asmlinkage long sys_oldumount(const char __user *name);
+ asmlinkage long sys_truncate(const char __user *path, long length);
+ asmlinkage long sys_ftruncate(unsigned int fd, unsigned long length);
+ asmlinkage long sys_stat(const char __user *filename,
 @@ -608,7 +608,7 @@ asmlinkage long sys_getsockname(int, struct sockaddr __user *, int __user *);
  asmlinkage long sys_getpeername(int, struct sockaddr __user *, int __user *);
  asmlinkage long sys_send(int, void __user *, size_t, unsigned);
@@ -72829,7 +73396,7 @@ index 6f8fbcf..8259001 100644
 +	MODULE_GRSEC
  
 diff --git a/include/linux/vmalloc.h b/include/linux/vmalloc.h
-index 4bde182..86b5ac7 100644
+index 4bde182..dff01df 100644
 --- a/include/linux/vmalloc.h
 +++ b/include/linux/vmalloc.h
 @@ -14,6 +14,11 @@ struct vm_area_struct;		/* vma defining user mapping in mm_types.h */
@@ -72837,7 +73404,7 @@ index 4bde182..86b5ac7 100644
  #define VM_VPAGES	0x00000010	/* buffer for pages was vmalloc'ed */
  #define VM_UNLIST	0x00000020	/* vm_struct is not listed in vmlist */
 +
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
 +#define VM_KERNEXEC	0x00000040	/* allocate from executable kernel memory range */
 +#endif
 +
@@ -74055,7 +74622,7 @@ index 32c4799..c27ee74 100644
  		sys_ioctl(fd, RAID_AUTORUN, raid_autopart);
  		sys_close(fd);
 diff --git a/init/initramfs.c b/init/initramfs.c
-index 2531811..040d4d4 100644
+index 2531811..4f036c4 100644
 --- a/init/initramfs.c
 +++ b/init/initramfs.c
 @@ -74,7 +74,7 @@ static void __init free_hash(void)
@@ -74166,6 +74733,15 @@ index 2531811..040d4d4 100644
  	state = SkipIt;
  	next_state = Reset;
  	return 0;
+@@ -573,7 +573,7 @@ static int __init populate_rootfs(void)
+ {
+ 	char *err = unpack_to_rootfs(__initramfs_start, __initramfs_size);
+ 	if (err)
+-		panic(err);	/* Failed to decompress INTERNAL initramfs */
++		panic("%s", err);	/* Failed to decompress INTERNAL initramfs */
+ 	if (initrd_start) {
+ #ifdef CONFIG_BLK_DEV_RAM
+ 		int fd;
 diff --git a/init/main.c b/init/main.c
 index 5d0eb1d..19ff85b 100644
 --- a/init/main.c
@@ -80553,9 +81129,18 @@ index bd2bea9..6b3c95e 100644
  		return false;
  
 diff --git a/lib/kobject.c b/lib/kobject.c
-index 83bd5b3..a0de35f 100644
+index 83bd5b3..8a0c75f 100644
 --- a/lib/kobject.c
 +++ b/lib/kobject.c
+@@ -844,7 +844,7 @@ static struct kset *kset_create(const char *name,
+ 	kset = kzalloc(sizeof(*kset), GFP_KERNEL);
+ 	if (!kset)
+ 		return NULL;
+-	retval = kobject_set_name(&kset->kobj, name);
++	retval = kobject_set_name(&kset->kobj, "%s", name);
+ 	if (retval) {
+ 		kfree(kset);
+ 		return NULL;
 @@ -898,9 +898,9 @@ EXPORT_SYMBOL_GPL(kset_create_and_add);
  
  
@@ -80926,6 +81511,28 @@ index 011b110..fad8776 100644
  	select PROC_PAGE_MONITOR
  
  config NOMMU_INITIAL_TRIM_EXCESS
+diff --git a/mm/backing-dev.c b/mm/backing-dev.c
+index 2b49dd2..00bdcdb 100644
+--- a/mm/backing-dev.c
++++ b/mm/backing-dev.c
+@@ -759,7 +759,6 @@ EXPORT_SYMBOL(bdi_destroy);
+ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name,
+ 			   unsigned int cap)
+ {
+-	char tmp[32];
+ 	int err;
+ 
+ 	bdi->name = name;
+@@ -768,8 +767,7 @@ int bdi_setup_and_register(struct backing_dev_info *bdi, char *name,
+ 	if (err)
+ 		return err;
+ 
+-	sprintf(tmp, "%.28s%s", name, "-%d");
+-	err = bdi_register(bdi, NULL, tmp, atomic_long_inc_return(&bdi_seq));
++	err = bdi_register(bdi, NULL, "%.28s-%ld", name, atomic_long_inc_return(&bdi_seq));
+ 	if (err) {
+ 		bdi_destroy(bdi);
+ 		return err;
 diff --git a/mm/filemap.c b/mm/filemap.c
 index 556858c..ec09758 100644
 --- a/mm/filemap.c
@@ -85105,7 +85712,7 @@ index 8105be4..e1af823 100644
  EXPORT_SYMBOL(kmem_cache_free);
  
 diff --git a/mm/slub.c b/mm/slub.c
-index 5710788..431fdf8 100644
+index 5710788..12ea6c9 100644
 --- a/mm/slub.c
 +++ b/mm/slub.c
 @@ -186,7 +186,7 @@ static enum {
@@ -85395,6 +86002,15 @@ index 5710788..431fdf8 100644
  static int sysfs_slab_add(struct kmem_cache *s)
  {
  	int err;
+@@ -5265,7 +5348,7 @@ static int sysfs_slab_add(struct kmem_cache *s)
+ 	}
+ 
+ 	s->kobj.kset = slab_kset;
+-	err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, name);
++	err = kobject_init_and_add(&s->kobj, &slab_ktype, NULL, "%s", name);
+ 	if (err) {
+ 		kobject_put(&s->kobj);
+ 		return err;
 @@ -5299,6 +5382,7 @@ static void sysfs_slab_remove(struct kmem_cache *s)
  	kobject_del(&s->kobj);
  	kobject_put(&s->kobj);
@@ -85531,7 +86147,7 @@ index 136ac4f..f917fa9 100644
  	mm->unmap_area = arch_unmap_area;
  }
 diff --git a/mm/vmalloc.c b/mm/vmalloc.c
-index eeba3bb..8555cab 100644
+index eeba3bb..5ebaf67 100644
 --- a/mm/vmalloc.c
 +++ b/mm/vmalloc.c
 @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end)
@@ -85541,7 +86157,7 @@ index eeba3bb..8555cab 100644
 -		pte_t ptent = ptep_get_and_clear(&init_mm, addr, pte);
 -		WARN_ON(!pte_none(ptent) && !pte_present(ptent));
 +
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
 +		if ((unsigned long)MODULES_EXEC_VADDR <= addr && addr < (unsigned long)MODULES_EXEC_END) {
 +			BUG_ON(!pte_exec(*pte));
 +			set_pte_at(&init_mm, addr, pte, pfn_pte(__pa(addr) >> PAGE_SHIFT, PAGE_KERNEL_EXEC));
@@ -85566,7 +86182,7 @@ index eeba3bb..8555cab 100644
  		struct page *page = pages[*nr];
  
 -		if (WARN_ON(!pte_none(*pte)))
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC)
 +		if (pgprot_val(prot) & _PAGE_NX)
 +#endif
 +
@@ -85606,14 +86222,7 @@ index eeba3bb..8555cab 100644
  	if (!pud)
  		return -ENOMEM;
  	do {
-@@ -191,11 +215,20 @@ int is_vmalloc_or_module_addr(const void *x)
- 	 * and fall back on vmalloc() if that fails. Others
- 	 * just put it in the vmalloc space.
- 	 */
--#if defined(CONFIG_MODULES) && defined(MODULES_VADDR)
-+#ifdef CONFIG_MODULES
-+#ifdef MODULES_VADDR
- 	unsigned long addr = (unsigned long)x;
+@@ -196,6 +220,12 @@ int is_vmalloc_or_module_addr(const void *x)
  	if (addr >= MODULES_VADDR && addr < MODULES_END)
  		return 1;
  #endif
@@ -85623,12 +86232,10 @@ index eeba3bb..8555cab 100644
 +		return 1;
 +#endif
 +
-+#endif
-+
  	return is_vmalloc_addr(x);
  }
  
-@@ -216,8 +249,14 @@ struct page *vmalloc_to_page(const void *vmalloc_addr)
+@@ -216,8 +246,14 @@ struct page *vmalloc_to_page(const void *vmalloc_addr)
  
  	if (!pgd_none(*pgd)) {
  		pud_t *pud = pud_offset(pgd, addr);
@@ -85643,7 +86250,7 @@ index eeba3bb..8555cab 100644
  			if (!pmd_none(*pmd)) {
  				pte_t *ptep, pte;
  
-@@ -329,7 +368,7 @@ static void purge_vmap_area_lazy(void);
+@@ -329,7 +365,7 @@ static void purge_vmap_area_lazy(void);
   * Allocate a region of KVA of the specified size and alignment, within the
   * vstart and vend.
   */
@@ -85652,12 +86259,12 @@ index eeba3bb..8555cab 100644
  				unsigned long align,
  				unsigned long vstart, unsigned long vend,
  				int node, gfp_t gfp_mask)
-@@ -1295,6 +1334,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
+@@ -1295,6 +1331,16 @@ static struct vm_struct *__get_vm_area_node(unsigned long size,
  	struct vm_struct *area;
  
  	BUG_ON(in_interrupt());
 +
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
 +	if (flags & VM_KERNEXEC) {
 +		if (start != VMALLOC_START || end != VMALLOC_END)
 +			return NULL;
@@ -85669,11 +86276,11 @@ index eeba3bb..8555cab 100644
  	if (flags & VM_IOREMAP) {
  		int bit = fls(size);
  
-@@ -1527,6 +1576,11 @@ void *vmap(struct page **pages, unsigned int count,
+@@ -1527,6 +1573,11 @@ void *vmap(struct page **pages, unsigned int count,
  	if (count > totalram_pages)
  		return NULL;
  
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
 +	if (!(pgprot_val(prot) & _PAGE_NX))
 +		flags |= VM_KERNEXEC;
 +#endif
@@ -85681,11 +86288,11 @@ index eeba3bb..8555cab 100644
  	area = get_vm_area_caller((count << PAGE_SHIFT), flags,
  					__builtin_return_address(0));
  	if (!area)
-@@ -1628,6 +1682,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
+@@ -1628,6 +1679,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align,
  	if (!size || (size >> PAGE_SHIFT) > totalram_pages)
  		goto fail;
  
-+#if defined(CONFIG_MODULES) && defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
++#if defined(CONFIG_X86) && defined(CONFIG_PAX_KERNEXEC)
 +	if (!(pgprot_val(prot) & _PAGE_NX))
 +		area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST | VM_KERNEXEC,
 +					  VMALLOC_START, VMALLOC_END, node, gfp_mask, caller);
@@ -85695,7 +86302,7 @@ index eeba3bb..8555cab 100644
  	area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST,
  				  start, end, node, gfp_mask, caller);
  	if (!area)
-@@ -1801,10 +1862,9 @@ EXPORT_SYMBOL(vzalloc_node);
+@@ -1801,10 +1859,9 @@ EXPORT_SYMBOL(vzalloc_node);
   *	For tight control over page level allocator and protection flags
   *	use __vmalloc() instead.
   */
@@ -85707,7 +86314,7 @@ index eeba3bb..8555cab 100644
  			      -1, __builtin_return_address(0));
  }
  
-@@ -2099,6 +2159,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
+@@ -2099,6 +2156,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr,
  	unsigned long uaddr = vma->vm_start;
  	unsigned long usize = vma->vm_end - vma->vm_start;
  
@@ -85716,7 +86323,7 @@ index eeba3bb..8555cab 100644
  	if ((PAGE_SIZE-1) & (unsigned long)addr)
  		return -EINVAL;
  
-@@ -2351,8 +2413,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets,
+@@ -2351,8 +2410,8 @@ struct vm_struct **pcpu_get_vm_areas(const unsigned long *offsets,
  		return NULL;
  	}
  
@@ -85727,7 +86334,7 @@ index eeba3bb..8555cab 100644
  	if (!vas || !vms)
  		goto err_free;
  
-@@ -2536,11 +2598,15 @@ static int s_show(struct seq_file *m, void *p)
+@@ -2536,11 +2595,15 @@ static int s_show(struct seq_file *m, void *p)
  {
  	struct vm_struct *v = p;
  
@@ -89859,7 +90466,7 @@ index 14af632..9914188 100644
  	table = kmemdup(event_sysctl_table, sizeof(event_sysctl_table),
  			GFP_KERNEL);
 diff --git a/net/netfilter/nf_conntrack_proto_dccp.c b/net/netfilter/nf_conntrack_proto_dccp.c
-index 2e664a6..0c3e635 100644
+index 2e664a6..4264602 100644
 --- a/net/netfilter/nf_conntrack_proto_dccp.c
 +++ b/net/netfilter/nf_conntrack_proto_dccp.c
 @@ -391,7 +391,7 @@ struct dccp_net {
@@ -89871,6 +90478,24 @@ index 2e664a6..0c3e635 100644
  #endif
  };
  
+@@ -459,7 +459,7 @@ static bool dccp_new(struct nf_conn *ct, const struct sk_buff *skb,
+ 
+ out_invalid:
+ 	if (LOG_INVALID(net, IPPROTO_DCCP))
+-		nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, msg);
++		nf_log_packet(nf_ct_l3num(ct), 0, skb, NULL, NULL, NULL, "%s", msg);
+ 	return false;
+ }
+ 
+@@ -612,7 +612,7 @@ static int dccp_error(struct net *net, struct nf_conn *tmpl,
+ 
+ out_invalid:
+ 	if (LOG_INVALID(net, IPPROTO_DCCP))
+-		nf_log_packet(pf, 0, skb, NULL, NULL, NULL, msg);
++		nf_log_packet(pf, 0, skb, NULL, NULL, NULL, "%s", msg);
+ 	return -NF_ACCEPT;
+ }
+ 
 diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
 index 05e9feb..3b519f3 100644
 --- a/net/netfilter/nf_conntrack_standalone.c
@@ -91415,9 +92040,18 @@ index 206c61e..e3641fb 100644
  #else
  static inline void rpc_task_set_debuginfo(struct rpc_task *task)
 diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c
-index c80c162..8bf128b 100644
+index c80c162..83a1e28 100644
 --- a/net/sunrpc/svc.c
 +++ b/net/sunrpc/svc.c
+@@ -732,7 +732,7 @@ svc_set_num_threads(struct svc_serv *serv, struct svc_pool *pool, int nrservs)
+ 
+ 		__module_get(serv->sv_module);
+ 		task = kthread_create_on_node(serv->sv_function, rqstp,
+-					      node, serv->sv_name);
++					      node, "%s", serv->sv_name);
+ 		if (IS_ERR(task)) {
+ 			error = PTR_ERR(task);
+ 			module_put(serv->sv_module);
 @@ -1145,7 +1145,9 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv)
  	svc_putnl(resv, RPC_SUCCESS);
  
@@ -92597,10 +93231,10 @@ index 38f6617..e70b72b 100755
  
  exuberant()
 diff --git a/security/Kconfig b/security/Kconfig
-index 51bd5a0..7b71be9 100644
+index 51bd5a0..999fbad 100644
 --- a/security/Kconfig
 +++ b/security/Kconfig
-@@ -4,6 +4,944 @@
+@@ -4,6 +4,945 @@
  
  menu "Security options"
  
@@ -93224,15 +93858,16 @@ index 51bd5a0..7b71be9 100644
 +	int "Minimum amount of memory reserved for module code"
 +	default "4" if (!GRKERNSEC_CONFIG_AUTO || GRKERNSEC_CONFIG_SERVER)
 +	default "12" if (GRKERNSEC_CONFIG_AUTO && GRKERNSEC_CONFIG_DESKTOP)
-+	depends on PAX_KERNEXEC && X86_32 && MODULES
++	depends on PAX_KERNEXEC && X86_32
 +	help
 +	  Due to implementation details the kernel must reserve a fixed
-+	  amount of memory for module code at compile time that cannot be
-+	  changed at runtime.  Here you can specify the minimum amount
-+	  in MB that will be reserved.  Due to the same implementation
-+	  details this size will always be rounded up to the next 2/4 MB
-+	  boundary (depends on PAE) so the actually available memory for
-+	  module code will usually be more than this minimum.
++	  amount of memory for runtime allocated code (such as modules)
++	  at compile time that cannot be changed at runtime.  Here you
++	  can specify the minimum amount in MB that will be reserved.
++	  Due to the same implementation details this size will always
++	  be rounded up to the next 2/4 MB boundary (depends on PAE) so
++	  the actually available memory for runtime allocated code will
++	  usually be more than this minimum.
 +
 +	  The default 4 MB should be enough for most users but if you have
 +	  an excessive number of modules (e.g., most distribution configs
@@ -93545,7 +94180,7 @@ index 51bd5a0..7b71be9 100644
  config KEYS
  	bool "Enable access key retention support"
  	help
-@@ -169,7 +1107,7 @@ config INTEL_TXT
+@@ -169,7 +1108,7 @@ config INTEL_TXT
  config LSM_MMAP_MIN_ADDR
  	int "Low address space for LSM to protect from user allocation"
  	depends on SECURITY && SECURITY_SELINUX
@@ -95099,6 +95734,19 @@ index 5cf8d65..912a79c 100644
  		dev->status = SNDRV_SEQ_DEVICE_FREE;
  		dev->driver_data = NULL;
  		ops->num_init_devices--;
+diff --git a/sound/core/sound.c b/sound/core/sound.c
+index 8e17b4d..6819e80 100644
+--- a/sound/core/sound.c
++++ b/sound/core/sound.c
+@@ -87,7 +87,7 @@ static void snd_request_other(int minor)
+ 	case SNDRV_MINOR_TIMER:		str = "snd-timer";	break;
+ 	default:			return;
+ 	}
+-	request_module(str);
++	request_module("%s", str);
+ }
+ 
+ #endif	/* modular kernel */
 diff --git a/sound/drivers/mts64.c b/sound/drivers/mts64.c
 index f24bf9a..1f7b67c 100644
 --- a/sound/drivers/mts64.c
@@ -95407,6 +96055,19 @@ index ee15337..ab0ec34 100644
  	}
  
  	if (playback)
+diff --git a/sound/sound_core.c b/sound/sound_core.c
+index 6ce2778..f25c378 100644
+--- a/sound/sound_core.c
++++ b/sound/sound_core.c
+@@ -293,7 +293,7 @@ retry:
+ 	}
+ 
+ 	device_create(sound_class, dev, MKDEV(SOUND_MAJOR, s->unit_minor),
+-		      NULL, s->name+6);
++		      NULL, "%s", s->name+6);
+ 	return s->unit_minor;
+ 
+ fail:
 diff --git a/sound/usb/card.h b/sound/usb/card.h
 index 0a7ca6c..f4b948c 100644
 --- a/sound/usb/card.h
@@ -95488,10 +96149,10 @@ index 0000000..144dbee
 +targets += size_overflow_hash.h
 diff --git a/tools/gcc/checker_plugin.c b/tools/gcc/checker_plugin.c
 new file mode 100644
-index 0000000..d41b5af
+index 0000000..22f03c0
 --- /dev/null
 +++ b/tools/gcc/checker_plugin.c
-@@ -0,0 +1,171 @@
+@@ -0,0 +1,172 @@
 +/*
 + * Copyright 2011 by the PaX Team <pageexec@freemail.hu>
 + * Licensed under the GPL v2
@@ -95545,6 +96206,7 @@ index 0000000..d41b5af
 +
 +static struct plugin_info checker_plugin_info = {
 +	.version	= "201111150100",
++	.help		= NULL,
 +};
 +
 +#define ADDR_SPACE_KERNEL		0
author	Anthony G. Basile <blueness@gentoo.org>	2013-06-24 08:03:43 -0400
committer	Anthony G. Basile <blueness@gentoo.org>	2013-06-24 08:03:43 -0400
commit	74cd2f49da1b5d3cb08a010a3d1151e2936abf8f (patch)
tree	9fd4008ee0a8806f120e2b4b4cc939bd85974bfc /3.2.47
parent	Grsec/PaX: 2.9.1-{2.6.32.61,3.2.47,3.9.6}-201306182033 (diff)
download	hardened-patchset-20130623.tar.gz hardened-patchset-20130623.tar.bz2 hardened-patchset-20130623.zip