diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2013-02-24 06:54:47 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2013-02-24 06:54:47 -0500 |
| commit | 6760f54871a351ed33e572e01c123f1df45c3ff4 (patch) | |
| tree | 744df5ddd533197798313618c0be300b42b2c2a4 | |
| parent | grsecurity-2.9.1-2.6.32.60-201302181144: fix check_heap_stack_gap (diff) | |
| download | hardened-patchset-6760f54871a351ed33e572e01c123f1df45c3ff4.tar.gz hardened-patchset-6760f54871a351ed33e572e01c123f1df45c3ff4.tar.bz2 hardened-patchset-6760f54871a351ed33e572e01c123f1df45c3ff4.zip | |
Grsec/PaX: 2.9.1-{2.6.32.60,3.2.39,3.8.0}-2013022220130222
| -rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302222044.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302181144.patch) | 235 | ||||
| -rw-r--r-- | 3.2.39/0000_README (renamed from 3.2.38/0000_README) | 6 | ||||
| -rw-r--r-- | 3.2.39/1021_linux-3.2.22.patch (renamed from 3.2.38/1021_linux-3.2.22.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1022_linux-3.2.23.patch (renamed from 3.2.38/1022_linux-3.2.23.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1023_linux-3.2.24.patch (renamed from 3.2.38/1023_linux-3.2.24.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1024_linux-3.2.25.patch (renamed from 3.2.38/1024_linux-3.2.25.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1025_linux-3.2.26.patch (renamed from 3.2.38/1025_linux-3.2.26.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1026_linux-3.2.27.patch (renamed from 3.2.38/1026_linux-3.2.27.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1027_linux-3.2.28.patch (renamed from 3.2.38/1027_linux-3.2.28.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1028_linux-3.2.29.patch (renamed from 3.2.38/1028_linux-3.2.29.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1029_linux-3.2.30.patch (renamed from 3.2.38/1029_linux-3.2.30.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1030_linux-3.2.31.patch (renamed from 3.2.38/1030_linux-3.2.31.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1031_linux-3.2.32.patch (renamed from 3.2.38/1031_linux-3.2.32.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1032_linux-3.2.33.patch (renamed from 3.2.38/1032_linux-3.2.33.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1033_linux-3.2.34.patch (renamed from 3.2.38/1033_linux-3.2.34.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1034_linux-3.2.35.patch (renamed from 3.2.38/1034_linux-3.2.35.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1035_linux-3.2.36.patch (renamed from 3.2.38/1035_linux-3.2.36.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1036_linux-3.2.37.patch (renamed from 3.2.38/1036_linux-3.2.37.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1037_linux-3.2.38.patch (renamed from 3.2.38/1037_linux-3.2.38.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/1039_linux-3.2.39.patch | 2660 | ||||
| -rw-r--r-- | 3.2.39/4420_grsecurity-2.9.1-3.2.39-201302222046.patch (renamed from 3.2.38/4420_grsecurity-2.9.1-3.2.38-201302171808.patch) | 1178 | ||||
| -rw-r--r-- | 3.2.39/4425_grsec_remove_EI_PAX.patch (renamed from 3.2.38/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/4430_grsec-remove-localversion-grsec.patch (renamed from 3.2.38/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/4435_grsec-mute-warnings.patch (renamed from 3.2.38/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/4440_grsec-remove-protected-paths.patch (renamed from 3.2.38/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/4450_grsec-kconfig-default-gids.patch (renamed from 3.2.38/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.2.38/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.2.39/4470_disable-compat_vdso.patch (renamed from 3.2.38/4470_disable-compat_vdso.patch) | 0 | ||||
| -rw-r--r-- | 3.8.0/0000_README (renamed from 3.7.9/0000_README) | 2 | ||||
| -rw-r--r-- | 3.8.0/4420_grsecurity-2.9.1-3.8.0-201302231124.patch (renamed from 3.7.9/4420_grsecurity-2.9.1-3.7.9-201302171808.patch) | 10150 | ||||
| -rw-r--r-- | 3.8.0/4425_grsec_remove_EI_PAX.patch (renamed from 3.7.9/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
| -rw-r--r-- | 3.8.0/4430_grsec-remove-localversion-grsec.patch (renamed from 3.7.9/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
| -rw-r--r-- | 3.8.0/4435_grsec-mute-warnings.patch (renamed from 3.7.9/4435_grsec-mute-warnings.patch) | 0 | ||||
| -rw-r--r-- | 3.8.0/4440_grsec-remove-protected-paths.patch (renamed from 3.7.9/4440_grsec-remove-protected-paths.patch) | 0 | ||||
| -rw-r--r-- | 3.8.0/4450_grsec-kconfig-default-gids.patch (renamed from 3.7.9/4450_grsec-kconfig-default-gids.patch) | 0 | ||||
| -rw-r--r-- | 3.8.0/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.7.9/4465_selinux-avc_audit-log-curr_ip.patch) | 0 | ||||
| -rw-r--r-- | 3.8.0/4470_disable-compat_vdso.patch (renamed from 3.7.9/4470_disable-compat_vdso.patch) | 0 |
37 files changed, 9252 insertions, 4979 deletions
diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302181144.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302222044.patch index 88490c1..f5ba675 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302181144.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201302222044.patch @@ -265,7 +265,7 @@ index 334258c..1e8f4ff 100644 M: Liam Girdwood <lrg@slimlogic.co.uk> M: Mark Brown <broonie@opensource.wolfsonmicro.com> diff --git a/Makefile b/Makefile -index b0e245e..e5894da 100644 +index b0e245e..1c8b6ed 100644 --- a/Makefile +++ b/Makefile @@ -221,8 +221,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -300,12 +300,16 @@ index b0e245e..e5894da 100644 include/linux/version.h headers_% \ kernelrelease kernelversion -@@ -526,6 +527,60 @@ else +@@ -526,6 +527,64 @@ else KBUILD_CFLAGS += -O2 endif +ifndef DISABLE_PAX_PLUGINS ++ifeq ($(call cc-ifversion, -ge, 0408, y), y) ++PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)") ++else +PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(HOSTCXX)" "$(CC)") ++endif +ifneq ($(PLUGINCC),) +ifndef DISABLE_PAX_CONSTIFY_PLUGIN +ifndef CONFIG_UML @@ -361,7 +365,7 @@ index b0e245e..e5894da 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -647,7 +702,7 @@ export mod_strip_cmd +@@ -647,7 +706,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -370,7 +374,7 @@ index b0e245e..e5894da 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -868,6 +923,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -868,6 +927,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -379,7 +383,7 @@ index b0e245e..e5894da 100644 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -877,7 +934,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -877,7 +938,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -388,7 +392,7 @@ index b0e245e..e5894da 100644 $(Q)$(MAKE) $(build)=$@ # Build the kernel release string -@@ -986,6 +1043,7 @@ prepare0: archprepare FORCE +@@ -986,6 +1047,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. missing-syscalls # All the preparing.. @@ -396,7 +400,7 @@ index b0e245e..e5894da 100644 prepare: prepare0 # The asm symlink changes when $(ARCH) changes. -@@ -1127,6 +1185,8 @@ all: modules +@@ -1127,6 +1189,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -405,7 +409,7 @@ index b0e245e..e5894da 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1136,7 +1196,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) +@@ -1136,7 +1200,7 @@ modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) # Target to prepare building external modules PHONY += modules_prepare @@ -414,7 +418,7 @@ index b0e245e..e5894da 100644 # Target to install modules PHONY += modules_install -@@ -1199,9 +1259,9 @@ CLEAN_FILES += vmlinux System.map \ +@@ -1199,9 +1263,9 @@ CLEAN_FILES += vmlinux System.map \ MRPROPER_DIRS += include/config include2 usr/include include/generated MRPROPER_FILES += .config .config.old include/asm .version .old_version \ include/linux/autoconf.h include/linux/version.h \ @@ -426,7 +430,7 @@ index b0e245e..e5894da 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1245,7 +1305,7 @@ distclean: mrproper +@@ -1245,7 +1309,7 @@ distclean: mrproper @find $(srctree) $(RCS_FIND_IGNORE) \ \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ @@ -435,7 +439,7 @@ index b0e245e..e5894da 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1292,6 +1352,7 @@ help: +@@ -1292,6 +1356,7 @@ help: @echo ' modules_prepare - Set up for building external modules' @echo ' tags/TAGS - Generate tags file for editors' @echo ' cscope - Generate cscope index' @@ -443,7 +447,7 @@ index b0e245e..e5894da 100644 @echo ' kernelrelease - Output the release version string' @echo ' kernelversion - Output the version stored in Makefile' @echo ' headers_install - Install sanitised kernel headers to INSTALL_HDR_PATH'; \ -@@ -1393,6 +1454,8 @@ PHONY += $(module-dirs) modules +@@ -1393,6 +1458,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -452,7 +456,7 @@ index b0e245e..e5894da 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1448,7 +1511,7 @@ endif # KBUILD_EXTMOD +@@ -1448,7 +1515,7 @@ endif # KBUILD_EXTMOD quiet_cmd_tags = GEN $@ cmd_tags = $(CONFIG_SHELL) $(srctree)/scripts/tags.sh $@ @@ -461,7 +465,7 @@ index b0e245e..e5894da 100644 $(call cmd,tags) # Scripts to check various things for consistency -@@ -1513,17 +1576,21 @@ else +@@ -1513,17 +1580,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -487,7 +491,7 @@ index b0e245e..e5894da 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1533,11 +1600,15 @@ endif +@@ -1533,11 +1604,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -13326,7 +13330,7 @@ index 33927d2..ccde329 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index af6fd36..60da657 100644 +index af6fd36..a7c3e4d 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -39,6 +39,7 @@ extern struct list_head pgd_list; @@ -13389,7 +13393,7 @@ index af6fd36..60da657 100644 static inline int pte_dirty(pte_t pte) { return pte_flags(pte) & _PAGE_DIRTY; -@@ -130,6 +170,11 @@ static inline unsigned long pmd_pfn(pmd_t pmd) +@@ -130,12 +170,16 @@ static inline unsigned long pmd_pfn(pmd_t pmd) return (pmd_val(pmd) & PTE_PFN_MASK) >> PAGE_SHIFT; } @@ -13401,7 +13405,14 @@ index af6fd36..60da657 100644 #define pte_page(pte) pfn_to_page(pte_pfn(pte)) static inline int pmd_large(pmd_t pte) -@@ -167,9 +212,29 @@ static inline pte_t pte_wrprotect(pte_t pte) + { +- return (pmd_flags(pte) & (_PAGE_PSE | _PAGE_PRESENT)) == +- (_PAGE_PSE | _PAGE_PRESENT); ++ return pmd_flags(pte) & _PAGE_PSE; + } + + static inline pte_t pte_set_flags(pte_t pte, pteval_t set) +@@ -167,9 +211,29 @@ static inline pte_t pte_wrprotect(pte_t pte) return pte_clear_flags(pte, _PAGE_RW); } @@ -13432,7 +13443,7 @@ index af6fd36..60da657 100644 } static inline pte_t pte_mkdirty(pte_t pte) -@@ -302,6 +367,15 @@ pte_t *populate_extra_pte(unsigned long vaddr); +@@ -302,6 +366,15 @@ pte_t *populate_extra_pte(unsigned long vaddr); #endif #ifndef __ASSEMBLY__ @@ -13448,7 +13459,22 @@ index af6fd36..60da657 100644 #include <linux/mm_types.h> static inline int pte_none(pte_t pte) -@@ -472,7 +546,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) +@@ -327,7 +400,13 @@ static inline int pte_hidden(pte_t pte) + + static inline int pmd_present(pmd_t pmd) + { +- return pmd_flags(pmd) & _PAGE_PRESENT; ++ /* ++ * Checking for _PAGE_PSE is needed too because ++ * split_huge_page will temporarily clear the present bit (but ++ * the _PAGE_PSE flag will remain set at all times while the ++ * _PAGE_PRESENT bit is clear). ++ */ ++ return pmd_flags(pmd) & (_PAGE_PRESENT | _PAGE_PROTNONE | _PAGE_PSE); + } + + static inline int pmd_none(pmd_t pmd) +@@ -472,7 +551,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) static inline int pgd_bad(pgd_t pgd) { @@ -13457,7 +13483,7 @@ index af6fd36..60da657 100644 } static inline int pgd_none(pgd_t pgd) -@@ -495,7 +569,12 @@ static inline int pgd_none(pgd_t pgd) +@@ -495,7 +574,12 @@ static inline int pgd_none(pgd_t pgd) * pgd_offset() returns a (pgd_t *) * pgd_index() is used get the offset into the pgd page's array of pgd_t's; */ @@ -13471,7 +13497,7 @@ index af6fd36..60da657 100644 /* * a shortcut which implies the use of the kernel's pgd, instead * of a process's -@@ -506,6 +585,20 @@ static inline int pgd_none(pgd_t pgd) +@@ -506,6 +590,20 @@ static inline int pgd_none(pgd_t pgd) #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) @@ -13492,7 +13518,7 @@ index af6fd36..60da657 100644 #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -611,11 +704,23 @@ static inline void ptep_set_wrprotect(struct mm_struct *mm, +@@ -611,11 +709,23 @@ static inline void ptep_set_wrprotect(struct mm_struct *mm, * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -13898,6 +13924,25 @@ index fa04dea..5f823fc 100644 #define KSTK_EIP(task) (task_pt_regs(task)->ip) /* Get/set a process' ability to use the timestamp counter instruction */ +diff --git a/arch/x86/include/asm/proto.h b/arch/x86/include/asm/proto.h +index 621f56d..f1094fd 100644 +--- a/arch/x86/include/asm/proto.h ++++ b/arch/x86/include/asm/proto.h +@@ -22,14 +22,4 @@ extern int reboot_force; + + long do_arch_prctl(struct task_struct *task, int code, unsigned long addr); + +-/* +- * This looks more complex than it should be. But we need to +- * get the type for the ~ right in round_down (it needs to be +- * as wide as the result!), and we want to evaluate the macro +- * arguments just once each. +- */ +-#define __round_mask(x,y) ((__typeof__(x))((y)-1)) +-#define round_up(x,y) ((((x)-1) | __round_mask(x,y))+1) +-#define round_down(x,y) ((x) & ~__round_mask(x,y)) +- + #endif /* _ASM_X86_PROTO_H */ diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h index 0f0d908..f2e3da2 100644 --- a/arch/x86/include/asm/ptrace.h @@ -98186,10 +98231,27 @@ index 7922742..27306a2 100644 /* This macro allows us to keep printk typechecking */ static void __check_printsym_format(const char *fmt, ...) diff --git a/include/linux/kernel.h b/include/linux/kernel.h -index 3526cd4..99206e2 100644 +index 3526cd4..6835d45 100644 --- a/include/linux/kernel.h +++ b/include/linux/kernel.h -@@ -163,6 +163,11 @@ extern int _cond_resched(void); +@@ -45,6 +45,16 @@ extern const char linux_proc_banner[]; + + #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr)) + ++/* ++ * This looks more complex than it should be. But we need to ++ * get the type for the ~ right in round_down (it needs to be ++ * as wide as the result!), and we want to evaluate the macro ++ * arguments just once each. ++ */ ++#define __round_mask(x, y) ((__typeof__(x))((y)-1)) ++#define round_up(x, y) ((((x)-1) | __round_mask(x, y))+1) ++#define round_down(x, y) ((x) & ~__round_mask(x, y)) ++ + #define FIELD_SIZEOF(t, f) (sizeof(((t*)0)->f)) + #define DIV_ROUND_UP(n,d) (((n) + (d) - 1) / (d)) + #define roundup(x, y) ((((x) + ((y) - 1)) / (y)) * (y)) +@@ -163,6 +173,11 @@ extern int _cond_resched(void); (__x < 0) ? -__x : __x; \ }) @@ -99897,7 +99959,7 @@ index 4e647bb..23b3911 100644 int size); extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, diff --git a/include/linux/slab.h b/include/linux/slab.h -index 2da8372..740c52f 100644 +index 2da8372..aa58826 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -11,12 +11,20 @@ @@ -99947,26 +100009,15 @@ index 2da8372..740c52f 100644 /* * Allocator specific definitions. These are mainly used to establish optimized -@@ -217,8 +230,18 @@ size_t ksize(const void *); +@@ -217,6 +230,7 @@ size_t ksize(const void *); * for general use, and so are not documented here. For a full list of * potential flags, always refer to linux/gfp.h. */ + -+extern void kcalloc_error(void) -+#if defined(CONFIG_GCOV_KERNEL) && defined(CONFIG_PAX_SIZE_OVERFLOW) -+__compiletime_warning("kcalloc called with swapped arguments?"); -+#else -+__compiletime_error("kcalloc called with swapped arguments?"); -+#endif -+ static inline void *kcalloc(size_t n, size_t size, gfp_t flags) { -+ if (__builtin_constant_p(n) && !__builtin_constant_p(size)) -+ kcalloc_error(); if (size != 0 && n > ULONG_MAX / size) - return NULL; - return __kmalloc(n * size, flags | __GFP_ZERO); -@@ -263,7 +286,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, +@@ -263,7 +277,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, * request comes from. */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) @@ -99975,7 +100026,7 @@ index 2da8372..740c52f 100644 #define kmalloc_track_caller(size, flags) \ __kmalloc_track_caller(size, flags, _RET_IP_) #else -@@ -281,7 +304,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); +@@ -281,7 +295,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); * allocation request comes from. */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) @@ -111700,7 +111751,7 @@ index 406e8d4..53970d3 100644 * - not supported under NOMMU conditions */ diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 3ecab7e..594a471 100644 +index 3ecab7e..be580fc 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -289,7 +289,7 @@ out: @@ -111768,15 +111819,60 @@ index 3ecab7e..594a471 100644 for_each_populated_zone(zone) { show_node(zone); printk("%s per-cpu:\n", zone->name); -@@ -3736,7 +3755,7 @@ static void __init setup_usemap(struct pglist_data *pgdat, +@@ -3715,10 +3734,11 @@ static void __meminit calculate_node_totalpages(struct pglist_data *pgdat, + * round what is now in bits to nearest long in bits, then return it in + * bytes. + */ +-static unsigned long __init usemap_size(unsigned long zonesize) ++static unsigned long __init usemap_size(unsigned long zone_start_pfn, unsigned long zonesize) + { + unsigned long usemapsize; + ++ zonesize += zone_start_pfn & (pageblock_nr_pages-1); + usemapsize = roundup(zonesize, pageblock_nr_pages); + usemapsize = usemapsize >> pageblock_order; + usemapsize *= NR_PAGEBLOCK_BITS; +@@ -3728,16 +3748,18 @@ static unsigned long __init usemap_size(unsigned long zonesize) + } + + static void __init setup_usemap(struct pglist_data *pgdat, +- struct zone *zone, unsigned long zonesize) ++ struct zone *zone, ++ unsigned long zone_start_pfn, ++ unsigned long zonesize) + { +- unsigned long usemapsize = usemap_size(zonesize); ++ unsigned long usemapsize = usemap_size(zone_start_pfn, zonesize); + zone->pageblock_flags = NULL; + if (usemapsize) zone->pageblock_flags = alloc_bootmem_node(pgdat, usemapsize); } #else -static void inline setup_usemap(struct pglist_data *pgdat, -+static inline void setup_usemap(struct pglist_data *pgdat, - struct zone *zone, unsigned long zonesize) {} +- struct zone *zone, unsigned long zonesize) {} ++static inline void setup_usemap(struct pglist_data *pgdat, struct zone *zone, ++ unsigned long zone_start_pfn, unsigned long zonesize) {} #endif /* CONFIG_SPARSEMEM */ + #ifdef CONFIG_HUGETLB_PAGE_SIZE_VARIABLE +@@ -3869,7 +3891,7 @@ static void __paginginit free_area_init_core(struct pglist_data *pgdat, + continue; + + set_pageblock_order(pageblock_default_order()); +- setup_usemap(pgdat, zone, size); ++ setup_usemap(pgdat, zone, zone_start_pfn, size); + ret = init_currently_empty_zone(zone, zone_start_pfn, + size, MEMMAP_EARLY); + BUG_ON(ret); +@@ -4945,7 +4967,7 @@ static inline int pfn_to_bitidx(struct zone *zone, unsigned long pfn) + pfn &= (PAGES_PER_SECTION-1); + return (pfn >> pageblock_order) * NR_PAGEBLOCK_BITS; + #else +- pfn = pfn - zone->zone_start_pfn; ++ pfn = pfn - round_down(zone->zone_start_pfn, pageblock_nr_pages); + return (pfn >> pageblock_order) * NR_PAGEBLOCK_BITS; + #endif /* CONFIG_SPARSEMEM */ + } diff --git a/mm/percpu.c b/mm/percpu.c index c90614a..5f7b7b8 100644 --- a/mm/percpu.c @@ -113913,6 +114009,47 @@ index 30e74ee..bfc6ee0 100644 kfree_skb(skb); return NET_RX_DROP; } +diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c +index 4e80f33..a815e4e 100644 +--- a/net/ipv4/arp.c ++++ b/net/ipv4/arp.c +@@ -909,23 +909,25 @@ static void parp_redo(struct sk_buff *skb) + static int arp_rcv(struct sk_buff *skb, struct net_device *dev, + struct packet_type *pt, struct net_device *orig_dev) + { +- struct arphdr *arp; ++ const struct arphdr *arp; + +- /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ +- if (!pskb_may_pull(skb, arp_hdr_len(dev))) +- goto freeskb; +- +- arp = arp_hdr(skb); +- if (arp->ar_hln != dev->addr_len || +- dev->flags & IFF_NOARP || ++ if (dev->flags & IFF_NOARP || + skb->pkt_type == PACKET_OTHERHOST || +- skb->pkt_type == PACKET_LOOPBACK || +- arp->ar_pln != 4) ++ skb->pkt_type == PACKET_LOOPBACK) + goto freeskb; + +- if ((skb = skb_share_check(skb, GFP_ATOMIC)) == NULL) ++ skb = skb_share_check(skb, GFP_ATOMIC); ++ if (!skb) + goto out_of_mem; + ++ /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ ++ if (!pskb_may_pull(skb, arp_hdr_len(dev))) ++ goto freeskb; ++ ++ arp = arp_hdr(skb); ++ if (arp->ar_hln != dev->addr_len || arp->ar_pln != 4) ++ goto freeskb; ++ + memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); + + return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, skb, dev, NULL, arp_process); diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c index dba56d2..acee5d6 100644 --- a/net/ipv4/inet_diag.c @@ -114420,7 +114557,7 @@ index 1eba160b..c35d91f 100644 } } diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index db755c4..07d671b 100644 +index db755c4..4cf3b9d 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c @@ -82,6 +82,9 @@ int sysctl_tcp_dsack __read_mostly = 1; @@ -114569,7 +114706,7 @@ index db755c4..07d671b 100644 if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb)) goto csum_error; -+ if (!th->ack) ++ if (!th->ack && !th->rst) + goto discard; + /* @@ -114635,7 +114772,7 @@ index db755c4..07d671b 100644 - res = tcp_validate_incoming(sk, skb, th, 0); - if (res <= 0) - return -res; -+ if (!th->ack) ++ if (!th->ack && !th->rst) + goto discard; + + if (!tcp_validate_incoming(sk, skb, th, 0)) @@ -118026,12 +118163,12 @@ index 6bf21f8..c0546b3 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..008ac1a +index 0000000..5e0222d --- /dev/null +++ b/scripts/gcc-plugin.sh @@ -0,0 +1,17 @@ +#!/bin/bash -+plugincc=`$1 -x c -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF ++plugincc=`$1 -E -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF +#include "gcc-plugin.h" +#include "tree.h" +#include "tm.h" diff --git a/3.2.38/0000_README b/3.2.39/0000_README index 6ecee87..4b7b629 100644 --- a/3.2.38/0000_README +++ b/3.2.39/0000_README @@ -70,7 +70,11 @@ Patch: 1037_linux-3.2.38.patch From: http://www.kernel.org Desc: Linux 3.2.38 -Patch: 4420_grsecurity-2.9.1-3.2.38-201302171808.patch +Patch: 1039_linux-3.2.39.patch +From: http://www.kernel.org +Desc: Linux 3.2.39 + +Patch: 4420_grsecurity-2.9.1-3.2.39-201302222046.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.38/1021_linux-3.2.22.patch b/3.2.39/1021_linux-3.2.22.patch index e6ad93a..e6ad93a 100644 --- a/3.2.38/1021_linux-3.2.22.patch +++ b/3.2.39/1021_linux-3.2.22.patch diff --git a/3.2.38/1022_linux-3.2.23.patch b/3.2.39/1022_linux-3.2.23.patch index 3d796d0..3d796d0 100644 --- a/3.2.38/1022_linux-3.2.23.patch +++ b/3.2.39/1022_linux-3.2.23.patch diff --git a/3.2.38/1023_linux-3.2.24.patch b/3.2.39/1023_linux-3.2.24.patch index 4692eb4..4692eb4 100644 --- a/3.2.38/1023_linux-3.2.24.patch +++ b/3.2.39/1023_linux-3.2.24.patch diff --git a/3.2.38/1024_linux-3.2.25.patch b/3.2.39/1024_linux-3.2.25.patch index e95c213..e95c213 100644 --- a/3.2.38/1024_linux-3.2.25.patch +++ b/3.2.39/1024_linux-3.2.25.patch diff --git a/3.2.38/1025_linux-3.2.26.patch b/3.2.39/1025_linux-3.2.26.patch index 44065b9..44065b9 100644 --- a/3.2.38/1025_linux-3.2.26.patch +++ b/3.2.39/1025_linux-3.2.26.patch diff --git a/3.2.38/1026_linux-3.2.27.patch b/3.2.39/1026_linux-3.2.27.patch index 5878eb4..5878eb4 100644 --- a/3.2.38/1026_linux-3.2.27.patch +++ b/3.2.39/1026_linux-3.2.27.patch diff --git a/3.2.38/1027_linux-3.2.28.patch b/3.2.39/1027_linux-3.2.28.patch index 4dbba4b..4dbba4b 100644 --- a/3.2.38/1027_linux-3.2.28.patch +++ b/3.2.39/1027_linux-3.2.28.patch diff --git a/3.2.38/1028_linux-3.2.29.patch b/3.2.39/1028_linux-3.2.29.patch index 3c65179..3c65179 100644 --- a/3.2.38/1028_linux-3.2.29.patch +++ b/3.2.39/1028_linux-3.2.29.patch diff --git a/3.2.38/1029_linux-3.2.30.patch b/3.2.39/1029_linux-3.2.30.patch index 86aea4b..86aea4b 100644 --- a/3.2.38/1029_linux-3.2.30.patch +++ b/3.2.39/1029_linux-3.2.30.patch diff --git a/3.2.38/1030_linux-3.2.31.patch b/3.2.39/1030_linux-3.2.31.patch index c6accf5..c6accf5 100644 --- a/3.2.38/1030_linux-3.2.31.patch +++ b/3.2.39/1030_linux-3.2.31.patch diff --git a/3.2.38/1031_linux-3.2.32.patch b/3.2.39/1031_linux-3.2.32.patch index 247fc0b..247fc0b 100644 --- a/3.2.38/1031_linux-3.2.32.patch +++ b/3.2.39/1031_linux-3.2.32.patch diff --git a/3.2.38/1032_linux-3.2.33.patch b/3.2.39/1032_linux-3.2.33.patch index c32fb75..c32fb75 100644 --- a/3.2.38/1032_linux-3.2.33.patch +++ b/3.2.39/1032_linux-3.2.33.patch diff --git a/3.2.38/1033_linux-3.2.34.patch b/3.2.39/1033_linux-3.2.34.patch index d647b38..d647b38 100644 --- a/3.2.38/1033_linux-3.2.34.patch +++ b/3.2.39/1033_linux-3.2.34.patch diff --git a/3.2.38/1034_linux-3.2.35.patch b/3.2.39/1034_linux-3.2.35.patch index 76a9c19..76a9c19 100644 --- a/3.2.38/1034_linux-3.2.35.patch +++ b/3.2.39/1034_linux-3.2.35.patch diff --git a/3.2.38/1035_linux-3.2.36.patch b/3.2.39/1035_linux-3.2.36.patch index 5d192a3..5d192a3 100644 --- a/3.2.38/1035_linux-3.2.36.patch +++ b/3.2.39/1035_linux-3.2.36.patch diff --git a/3.2.38/1036_linux-3.2.37.patch b/3.2.39/1036_linux-3.2.37.patch index ad13251..ad13251 100644 --- a/3.2.38/1036_linux-3.2.37.patch +++ b/3.2.39/1036_linux-3.2.37.patch diff --git a/3.2.38/1037_linux-3.2.38.patch b/3.2.39/1037_linux-3.2.38.patch index a3c106f..a3c106f 100644 --- a/3.2.38/1037_linux-3.2.38.patch +++ b/3.2.39/1037_linux-3.2.38.patch diff --git a/3.2.39/1039_linux-3.2.39.patch b/3.2.39/1039_linux-3.2.39.patch new file mode 100644 index 0000000..5639e92 --- /dev/null +++ b/3.2.39/1039_linux-3.2.39.patch @@ -0,0 +1,2660 @@ +diff --git a/MAINTAINERS b/MAINTAINERS +index 82d7fa6..83f156e 100644 +--- a/MAINTAINERS ++++ b/MAINTAINERS +@@ -2584,7 +2584,7 @@ S: Maintained + F: drivers/net/ethernet/i825xx/eexpress.* + + ETHERNET BRIDGE +-M: Stephen Hemminger <shemminger@vyatta.com> ++M: Stephen Hemminger <stephen@networkplumber.org> + L: bridge@lists.linux-foundation.org + L: netdev@vger.kernel.org + W: http://www.linuxfoundation.org/en/Net:Bridge +@@ -4475,7 +4475,7 @@ S: Supported + F: drivers/infiniband/hw/nes/ + + NETEM NETWORK EMULATOR +-M: Stephen Hemminger <shemminger@vyatta.com> ++M: Stephen Hemminger <stephen@networkplumber.org> + L: netem@lists.linux-foundation.org + S: Maintained + F: net/sched/sch_netem.c +@@ -5993,7 +5993,7 @@ S: Maintained + F: drivers/usb/misc/sisusbvga/ + + SKGE, SKY2 10/100/1000 GIGABIT ETHERNET DRIVERS +-M: Stephen Hemminger <shemminger@vyatta.com> ++M: Stephen Hemminger <stephen@networkplumber.org> + L: netdev@vger.kernel.org + S: Maintained + F: drivers/net/ethernet/marvell/sk* +diff --git a/Makefile b/Makefile +index c8c9d02..0fceb8b 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 2 +-SUBLEVEL = 38 ++SUBLEVEL = 39 + EXTRAVERSION = + NAME = Saber-toothed Squirrel + +diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S +index a6253ec..95b4eb3 100644 +--- a/arch/x86/ia32/ia32entry.S ++++ b/arch/x86/ia32/ia32entry.S +@@ -208,7 +208,7 @@ sysexit_from_sys_call: + testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r10) + jnz ia32_ret_from_sys_call + TRACE_IRQS_ON +- sti ++ ENABLE_INTERRUPTS(CLBR_NONE) + movl %eax,%esi /* second arg, syscall return value */ + cmpl $0,%eax /* is it < 0? */ + setl %al /* 1 if so, 0 if not */ +@@ -218,7 +218,7 @@ sysexit_from_sys_call: + GET_THREAD_INFO(%r10) + movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall return value */ + movl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),%edi +- cli ++ DISABLE_INTERRUPTS(CLBR_NONE) + TRACE_IRQS_OFF + testl %edi,TI_flags(%r10) + jz \exit +diff --git a/arch/x86/kernel/step.c b/arch/x86/kernel/step.c +index c346d11..d4f278e 100644 +--- a/arch/x86/kernel/step.c ++++ b/arch/x86/kernel/step.c +@@ -157,6 +157,34 @@ static int enable_single_step(struct task_struct *child) + return 1; + } + ++static void set_task_blockstep(struct task_struct *task, bool on) ++{ ++ unsigned long debugctl; ++ ++ /* ++ * Ensure irq/preemption can't change debugctl in between. ++ * Note also that both TIF_BLOCKSTEP and debugctl should ++ * be changed atomically wrt preemption. ++ * ++ * NOTE: this means that set/clear TIF_BLOCKSTEP is only safe if ++ * task is current or it can't be running, otherwise we can race ++ * with __switch_to_xtra(). We rely on ptrace_freeze_traced() but ++ * PTRACE_KILL is not safe. ++ */ ++ local_irq_disable(); ++ debugctl = get_debugctlmsr(); ++ if (on) { ++ debugctl |= DEBUGCTLMSR_BTF; ++ set_tsk_thread_flag(task, TIF_BLOCKSTEP); ++ } else { ++ debugctl &= ~DEBUGCTLMSR_BTF; ++ clear_tsk_thread_flag(task, TIF_BLOCKSTEP); ++ } ++ if (task == current) ++ update_debugctlmsr(debugctl); ++ local_irq_enable(); ++} ++ + /* + * Enable single or block step. + */ +@@ -169,19 +197,10 @@ static void enable_step(struct task_struct *child, bool block) + * So no one should try to use debugger block stepping in a program + * that uses user-mode single stepping itself. + */ +- if (enable_single_step(child) && block) { +- unsigned long debugctl = get_debugctlmsr(); +- +- debugctl |= DEBUGCTLMSR_BTF; +- update_debugctlmsr(debugctl); +- set_tsk_thread_flag(child, TIF_BLOCKSTEP); +- } else if (test_tsk_thread_flag(child, TIF_BLOCKSTEP)) { +- unsigned long debugctl = get_debugctlmsr(); +- +- debugctl &= ~DEBUGCTLMSR_BTF; +- update_debugctlmsr(debugctl); +- clear_tsk_thread_flag(child, TIF_BLOCKSTEP); +- } ++ if (enable_single_step(child) && block) ++ set_task_blockstep(child, true); ++ else if (test_tsk_thread_flag(child, TIF_BLOCKSTEP)) ++ set_task_blockstep(child, false); + } + + void user_enable_single_step(struct task_struct *child) +@@ -199,13 +218,8 @@ void user_disable_single_step(struct task_struct *child) + /* + * Make sure block stepping (BTF) is disabled. + */ +- if (test_tsk_thread_flag(child, TIF_BLOCKSTEP)) { +- unsigned long debugctl = get_debugctlmsr(); +- +- debugctl &= ~DEBUGCTLMSR_BTF; +- update_debugctlmsr(debugctl); +- clear_tsk_thread_flag(child, TIF_BLOCKSTEP); +- } ++ if (test_tsk_thread_flag(child, TIF_BLOCKSTEP)) ++ set_task_blockstep(child, false); + + /* Always clear TIF_SINGLESTEP... */ + clear_tsk_thread_flag(child, TIF_SINGLESTEP); +diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S +index b040b0e..7328f71 100644 +--- a/arch/x86/xen/xen-asm_32.S ++++ b/arch/x86/xen/xen-asm_32.S +@@ -88,11 +88,11 @@ ENTRY(xen_iret) + */ + #ifdef CONFIG_SMP + GET_THREAD_INFO(%eax) +- movl TI_cpu(%eax), %eax +- movl __per_cpu_offset(,%eax,4), %eax +- mov xen_vcpu(%eax), %eax ++ movl %ss:TI_cpu(%eax), %eax ++ movl %ss:__per_cpu_offset(,%eax,4), %eax ++ mov %ss:xen_vcpu(%eax), %eax + #else +- movl xen_vcpu, %eax ++ movl %ss:xen_vcpu, %eax + #endif + + /* check IF state we're restoring */ +@@ -105,11 +105,11 @@ ENTRY(xen_iret) + * resuming the code, so we don't have to be worried about + * being preempted to another CPU. + */ +- setz XEN_vcpu_info_mask(%eax) ++ setz %ss:XEN_vcpu_info_mask(%eax) + xen_iret_start_crit: + + /* check for unmasked and pending */ +- cmpw $0x0001, XEN_vcpu_info_pending(%eax) ++ cmpw $0x0001, %ss:XEN_vcpu_info_pending(%eax) + + /* + * If there's something pending, mask events again so we can +@@ -117,7 +117,7 @@ xen_iret_start_crit: + * touch XEN_vcpu_info_mask. + */ + jne 1f +- movb $1, XEN_vcpu_info_mask(%eax) ++ movb $1, %ss:XEN_vcpu_info_mask(%eax) + + 1: popl %eax + +diff --git a/drivers/ata/ahci.c b/drivers/ata/ahci.c +index b07edc4..62c1325 100644 +--- a/drivers/ata/ahci.c ++++ b/drivers/ata/ahci.c +@@ -52,7 +52,9 @@ + #define DRV_VERSION "3.0" + + enum { +- AHCI_PCI_BAR = 5, ++ AHCI_PCI_BAR_STA2X11 = 0, ++ AHCI_PCI_BAR_ENMOTUS = 2, ++ AHCI_PCI_BAR_STANDARD = 5, + }; + + enum board_ids { +@@ -375,6 +377,9 @@ static const struct pci_device_id ahci_pci_tbl[] = { + { PCI_VDEVICE(SI, 0x1185), board_ahci }, /* SiS 968 */ + { PCI_VDEVICE(SI, 0x0186), board_ahci }, /* SiS 968 */ + ++ /* ST Microelectronics */ ++ { PCI_VDEVICE(STMICRO, 0xCC06), board_ahci }, /* ST ConneXt */ ++ + /* Marvell */ + { PCI_VDEVICE(MARVELL, 0x6145), board_ahci_mv }, /* 6145 */ + { PCI_VDEVICE(MARVELL, 0x6121), board_ahci_mv }, /* 6121 */ +@@ -400,6 +405,9 @@ static const struct pci_device_id ahci_pci_tbl[] = { + { PCI_VDEVICE(ASMEDIA, 0x0611), board_ahci }, /* ASM1061 */ + { PCI_VDEVICE(ASMEDIA, 0x0612), board_ahci }, /* ASM1062 */ + ++ /* Enmotus */ ++ { PCI_DEVICE(0x1c44, 0x8000), board_ahci }, ++ + /* Generic, PCI class code for AHCI */ + { PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, PCI_ANY_ID, + PCI_CLASS_STORAGE_SATA_AHCI, 0xffffff, board_ahci }, +@@ -629,6 +637,13 @@ static int ahci_configure_dma_masks(struct pci_dev *pdev, int using_dac) + { + int rc; + ++ /* ++ * If the device fixup already set the dma_mask to some non-standard ++ * value, don't extend it here. This happens on STA2X11, for example. ++ */ ++ if (pdev->dma_mask && pdev->dma_mask < DMA_BIT_MASK(32)) ++ return 0; ++ + if (using_dac && + !pci_set_dma_mask(pdev, DMA_BIT_MASK(64))) { + rc = pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(64)); +@@ -1033,6 +1048,7 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) + struct ahci_host_priv *hpriv; + struct ata_host *host; + int n_ports, i, rc; ++ int ahci_pci_bar = AHCI_PCI_BAR_STANDARD; + + VPRINTK("ENTER\n"); + +@@ -1064,6 +1080,12 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) + dev_info(&pdev->dev, + "PDC42819 can only drive SATA devices with this driver\n"); + ++ /* Both Connext and Enmotus devices use non-standard BARs */ ++ if (pdev->vendor == PCI_VENDOR_ID_STMICRO && pdev->device == 0xCC06) ++ ahci_pci_bar = AHCI_PCI_BAR_STA2X11; ++ else if (pdev->vendor == 0x1c44 && pdev->device == 0x8000) ++ ahci_pci_bar = AHCI_PCI_BAR_ENMOTUS; ++ + /* acquire resources */ + rc = pcim_enable_device(pdev); + if (rc) +@@ -1072,7 +1094,7 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) + /* AHCI controllers often implement SFF compatible interface. + * Grab all PCI BARs just in case. + */ +- rc = pcim_iomap_regions_request_all(pdev, 1 << AHCI_PCI_BAR, DRV_NAME); ++ rc = pcim_iomap_regions_request_all(pdev, 1 << ahci_pci_bar, DRV_NAME); + if (rc == -EBUSY) + pcim_pin_device(pdev); + if (rc) +@@ -1115,7 +1137,7 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) + if ((hpriv->flags & AHCI_HFLAG_NO_MSI) || pci_enable_msi(pdev)) + pci_intx(pdev, 1); + +- hpriv->mmio = pcim_iomap_table(pdev)[AHCI_PCI_BAR]; ++ hpriv->mmio = pcim_iomap_table(pdev)[ahci_pci_bar]; + + /* save initial config */ + ahci_pci_save_initial_config(pdev, hpriv); +@@ -1179,8 +1201,8 @@ static int ahci_init_one(struct pci_dev *pdev, const struct pci_device_id *ent) + for (i = 0; i < host->n_ports; i++) { + struct ata_port *ap = host->ports[i]; + +- ata_port_pbar_desc(ap, AHCI_PCI_BAR, -1, "abar"); +- ata_port_pbar_desc(ap, AHCI_PCI_BAR, ++ ata_port_pbar_desc(ap, ahci_pci_bar, -1, "abar"); ++ ata_port_pbar_desc(ap, ahci_pci_bar, + 0x100 + ap->port_no * 0x80, "port"); + + /* set enclosure management message type */ +diff --git a/drivers/atm/iphase.h b/drivers/atm/iphase.h +index 6a0955e..53ecac5 100644 +--- a/drivers/atm/iphase.h ++++ b/drivers/atm/iphase.h +@@ -636,82 +636,82 @@ struct rx_buf_desc { + #define SEG_BASE IPHASE5575_FRAG_CONTROL_REG_BASE + #define REASS_BASE IPHASE5575_REASS_CONTROL_REG_BASE + +-typedef volatile u_int freg_t; ++typedef volatile u_int ffreg_t; + typedef u_int rreg_t; + + typedef struct _ffredn_t { +- freg_t idlehead_high; /* Idle cell header (high) */ +- freg_t idlehead_low; /* Idle cell header (low) */ +- freg_t maxrate; /* Maximum rate */ +- freg_t stparms; /* Traffic Management Parameters */ +- freg_t abrubr_abr; /* ABRUBR Priority Byte 1, TCR Byte 0 */ +- freg_t rm_type; /* */ +- u_int filler5[0x17 - 0x06]; +- freg_t cmd_reg; /* Command register */ +- u_int filler18[0x20 - 0x18]; +- freg_t cbr_base; /* CBR Pointer Base */ +- freg_t vbr_base; /* VBR Pointer Base */ +- freg_t abr_base; /* ABR Pointer Base */ +- freg_t ubr_base; /* UBR Pointer Base */ +- u_int filler24; +- freg_t vbrwq_base; /* VBR Wait Queue Base */ +- freg_t abrwq_base; /* ABR Wait Queue Base */ +- freg_t ubrwq_base; /* UBR Wait Queue Base */ +- freg_t vct_base; /* Main VC Table Base */ +- freg_t vcte_base; /* Extended Main VC Table Base */ +- u_int filler2a[0x2C - 0x2A]; +- freg_t cbr_tab_beg; /* CBR Table Begin */ +- freg_t cbr_tab_end; /* CBR Table End */ +- freg_t cbr_pointer; /* CBR Pointer */ +- u_int filler2f[0x30 - 0x2F]; +- freg_t prq_st_adr; /* Packet Ready Queue Start Address */ +- freg_t prq_ed_adr; /* Packet Ready Queue End Address */ +- freg_t prq_rd_ptr; /* Packet Ready Queue read pointer */ +- freg_t prq_wr_ptr; /* Packet Ready Queue write pointer */ +- freg_t tcq_st_adr; /* Transmit Complete Queue Start Address*/ +- freg_t tcq_ed_adr; /* Transmit Complete Queue End Address */ +- freg_t tcq_rd_ptr; /* Transmit Complete Queue read pointer */ +- freg_t tcq_wr_ptr; /* Transmit Complete Queue write pointer*/ +- u_int filler38[0x40 - 0x38]; +- freg_t queue_base; /* Base address for PRQ and TCQ */ +- freg_t desc_base; /* Base address of descriptor table */ +- u_int filler42[0x45 - 0x42]; +- freg_t mode_reg_0; /* Mode register 0 */ +- freg_t mode_reg_1; /* Mode register 1 */ +- freg_t intr_status_reg;/* Interrupt Status register */ +- freg_t mask_reg; /* Mask Register */ +- freg_t cell_ctr_high1; /* Total cell transfer count (high) */ +- freg_t cell_ctr_lo1; /* Total cell transfer count (low) */ +- freg_t state_reg; /* Status register */ +- u_int filler4c[0x58 - 0x4c]; +- freg_t curr_desc_num; /* Contains the current descriptor num */ +- freg_t next_desc; /* Next descriptor */ +- freg_t next_vc; /* Next VC */ +- u_int filler5b[0x5d - 0x5b]; +- freg_t present_slot_cnt;/* Present slot count */ +- u_int filler5e[0x6a - 0x5e]; +- freg_t new_desc_num; /* New descriptor number */ +- freg_t new_vc; /* New VC */ +- freg_t sched_tbl_ptr; /* Schedule table pointer */ +- freg_t vbrwq_wptr; /* VBR wait queue write pointer */ +- freg_t vbrwq_rptr; /* VBR wait queue read pointer */ +- freg_t abrwq_wptr; /* ABR wait queue write pointer */ +- freg_t abrwq_rptr; /* ABR wait queue read pointer */ +- freg_t ubrwq_wptr; /* UBR wait queue write pointer */ +- freg_t ubrwq_rptr; /* UBR wait queue read pointer */ +- freg_t cbr_vc; /* CBR VC */ +- freg_t vbr_sb_vc; /* VBR SB VC */ +- freg_t abr_sb_vc; /* ABR SB VC */ +- freg_t ubr_sb_vc; /* UBR SB VC */ +- freg_t vbr_next_link; /* VBR next link */ +- freg_t abr_next_link; /* ABR next link */ +- freg_t ubr_next_link; /* UBR next link */ +- u_int filler7a[0x7c-0x7a]; +- freg_t out_rate_head; /* Out of rate head */ +- u_int filler7d[0xca-0x7d]; /* pad out to full address space */ +- freg_t cell_ctr_high1_nc;/* Total cell transfer count (high) */ +- freg_t cell_ctr_lo1_nc;/* Total cell transfer count (low) */ +- u_int fillercc[0x100-0xcc]; /* pad out to full address space */ ++ ffreg_t idlehead_high; /* Idle cell header (high) */ ++ ffreg_t idlehead_low; /* Idle cell header (low) */ ++ ffreg_t maxrate; /* Maximum rate */ ++ ffreg_t stparms; /* Traffic Management Parameters */ ++ ffreg_t abrubr_abr; /* ABRUBR Priority Byte 1, TCR Byte 0 */ ++ ffreg_t rm_type; /* */ ++ u_int filler5[0x17 - 0x06]; ++ ffreg_t cmd_reg; /* Command register */ ++ u_int filler18[0x20 - 0x18]; ++ ffreg_t cbr_base; /* CBR Pointer Base */ ++ ffreg_t vbr_base; /* VBR Pointer Base */ ++ ffreg_t abr_base; /* ABR Pointer Base */ ++ ffreg_t ubr_base; /* UBR Pointer Base */ ++ u_int filler24; ++ ffreg_t vbrwq_base; /* VBR Wait Queue Base */ ++ ffreg_t abrwq_base; /* ABR Wait Queue Base */ ++ ffreg_t ubrwq_base; /* UBR Wait Queue Base */ ++ ffreg_t vct_base; /* Main VC Table Base */ ++ ffreg_t vcte_base; /* Extended Main VC Table Base */ ++ u_int filler2a[0x2C - 0x2A]; ++ ffreg_t cbr_tab_beg; /* CBR Table Begin */ ++ ffreg_t cbr_tab_end; /* CBR Table End */ ++ ffreg_t cbr_pointer; /* CBR Pointer */ ++ u_int filler2f[0x30 - 0x2F]; ++ ffreg_t prq_st_adr; /* Packet Ready Queue Start Address */ ++ ffreg_t prq_ed_adr; /* Packet Ready Queue End Address */ ++ ffreg_t prq_rd_ptr; /* Packet Ready Queue read pointer */ ++ ffreg_t prq_wr_ptr; /* Packet Ready Queue write pointer */ ++ ffreg_t tcq_st_adr; /* Transmit Complete Queue Start Address*/ ++ ffreg_t tcq_ed_adr; /* Transmit Complete Queue End Address */ ++ ffreg_t tcq_rd_ptr; /* Transmit Complete Queue read pointer */ ++ ffreg_t tcq_wr_ptr; /* Transmit Complete Queue write pointer*/ ++ u_int filler38[0x40 - 0x38]; ++ ffreg_t queue_base; /* Base address for PRQ and TCQ */ ++ ffreg_t desc_base; /* Base address of descriptor table */ ++ u_int filler42[0x45 - 0x42]; ++ ffreg_t mode_reg_0; /* Mode register 0 */ ++ ffreg_t mode_reg_1; /* Mode register 1 */ ++ ffreg_t intr_status_reg;/* Interrupt Status register */ ++ ffreg_t mask_reg; /* Mask Register */ ++ ffreg_t cell_ctr_high1; /* Total cell transfer count (high) */ ++ ffreg_t cell_ctr_lo1; /* Total cell transfer count (low) */ ++ ffreg_t state_reg; /* Status register */ ++ u_int filler4c[0x58 - 0x4c]; ++ ffreg_t curr_desc_num; /* Contains the current descriptor num */ ++ ffreg_t next_desc; /* Next descriptor */ ++ ffreg_t next_vc; /* Next VC */ ++ u_int filler5b[0x5d - 0x5b]; ++ ffreg_t present_slot_cnt;/* Present slot count */ ++ u_int filler5e[0x6a - 0x5e]; ++ ffreg_t new_desc_num; /* New descriptor number */ ++ ffreg_t new_vc; /* New VC */ ++ ffreg_t sched_tbl_ptr; /* Schedule table pointer */ ++ ffreg_t vbrwq_wptr; /* VBR wait queue write pointer */ ++ ffreg_t vbrwq_rptr; /* VBR wait queue read pointer */ ++ ffreg_t abrwq_wptr; /* ABR wait queue write pointer */ ++ ffreg_t abrwq_rptr; /* ABR wait queue read pointer */ ++ ffreg_t ubrwq_wptr; /* UBR wait queue write pointer */ ++ ffreg_t ubrwq_rptr; /* UBR wait queue read pointer */ ++ ffreg_t cbr_vc; /* CBR VC */ ++ ffreg_t vbr_sb_vc; /* VBR SB VC */ ++ ffreg_t abr_sb_vc; /* ABR SB VC */ ++ ffreg_t ubr_sb_vc; /* UBR SB VC */ ++ ffreg_t vbr_next_link; /* VBR next link */ ++ ffreg_t abr_next_link; /* ABR next link */ ++ ffreg_t ubr_next_link; /* UBR next link */ ++ u_int filler7a[0x7c-0x7a]; ++ ffreg_t out_rate_head; /* Out of rate head */ ++ u_int filler7d[0xca-0x7d]; /* pad out to full address space */ ++ ffreg_t cell_ctr_high1_nc;/* Total cell transfer count (high) */ ++ ffreg_t cell_ctr_lo1_nc;/* Total cell transfer count (low) */ ++ u_int fillercc[0x100-0xcc]; /* pad out to full address space */ + } ffredn_t; + + typedef struct _rfredn_t { +diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c +index 8e3c46d..7795d1e 100644 +--- a/drivers/char/virtio_console.c ++++ b/drivers/char/virtio_console.c +@@ -1789,7 +1789,8 @@ static void virtcons_remove(struct virtio_device *vdev) + /* Disable interrupts for vqs */ + vdev->config->reset(vdev); + /* Finish up work that's lined up */ +- cancel_work_sync(&portdev->control_work); ++ if (use_multiport(portdev)) ++ cancel_work_sync(&portdev->control_work); + + list_for_each_entry_safe(port, port2, &portdev->ports, list) + unplug_port(port); +diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c +index c05e825..7817429 100644 +--- a/drivers/gpu/drm/i915/intel_display.c ++++ b/drivers/gpu/drm/i915/intel_display.c +@@ -7156,8 +7156,6 @@ static int intel_gen4_queue_flip(struct drm_device *dev, + OUT_RING(pf | pipesrc); + + intel_mark_page_flip_active(intel_crtc); +- +- intel_mark_page_flip_active(intel_crtc); + ADVANCE_LP_RING(); + return 0; + +@@ -7193,6 +7191,8 @@ static int intel_gen6_queue_flip(struct drm_device *dev, + pf = I915_READ(PF_CTL(intel_crtc->pipe)) & PF_ENABLE; + pipesrc = I915_READ(PIPESRC(intel_crtc->pipe)) & 0x0fff0fff; + OUT_RING(pf | pipesrc); ++ ++ intel_mark_page_flip_active(intel_crtc); + ADVANCE_LP_RING(); + return 0; + +diff --git a/drivers/gpu/drm/radeon/radeon_combios.c b/drivers/gpu/drm/radeon/radeon_combios.c +index 1b98338..ec36dd9 100644 +--- a/drivers/gpu/drm/radeon/radeon_combios.c ++++ b/drivers/gpu/drm/radeon/radeon_combios.c +@@ -2455,6 +2455,14 @@ bool radeon_get_legacy_connector_info_from_bios(struct drm_device *dev) + 1), + ATOM_DEVICE_CRT1_SUPPORT); + } ++ /* RV100 board with external TDMS bit mis-set. ++ * Actually uses internal TMDS, clear the bit. ++ */ ++ if (dev->pdev->device == 0x5159 && ++ dev->pdev->subsystem_vendor == 0x1014 && ++ dev->pdev->subsystem_device == 0x029A) { ++ tmp &= ~(1 << 4); ++ } + if ((tmp >> 4) & 0x1) { + devices |= ATOM_DEVICE_DFP2_SUPPORT; + radeon_add_legacy_encoder(dev, +diff --git a/drivers/gpu/drm/radeon/radeon_display.c b/drivers/gpu/drm/radeon/radeon_display.c +index aec8e0c..63e7143 100644 +--- a/drivers/gpu/drm/radeon/radeon_display.c ++++ b/drivers/gpu/drm/radeon/radeon_display.c +@@ -1110,8 +1110,10 @@ radeon_user_framebuffer_create(struct drm_device *dev, + } + + radeon_fb = kzalloc(sizeof(*radeon_fb), GFP_KERNEL); +- if (radeon_fb == NULL) ++ if (radeon_fb == NULL) { ++ drm_gem_object_unreference_unlocked(obj); + return ERR_PTR(-ENOMEM); ++ } + + radeon_framebuffer_init(dev, radeon_fb, mode_cmd, obj); + +diff --git a/drivers/gpu/drm/radeon/radeon_ring.c b/drivers/gpu/drm/radeon/radeon_ring.c +index 49d5820..65be5e8 100644 +--- a/drivers/gpu/drm/radeon/radeon_ring.c ++++ b/drivers/gpu/drm/radeon/radeon_ring.c +@@ -306,6 +306,9 @@ int radeon_ring_alloc(struct radeon_device *rdev, unsigned ndw) + { + int r; + ++ /* make sure we aren't trying to allocate more space than there is on the ring */ ++ if (ndw > (rdev->cp.ring_size / 4)) ++ return -ENOMEM; + /* Align requested size with padding so unlock_commit can + * pad safely */ + ndw = (ndw + rdev->cp.align_mask) & ~rdev->cp.align_mask; +diff --git a/drivers/hid/hid-ids.h b/drivers/hid/hid-ids.h +index 2d41336..c15c38e 100644 +--- a/drivers/hid/hid-ids.h ++++ b/drivers/hid/hid-ids.h +@@ -278,6 +278,9 @@ + #define USB_VENDOR_ID_EZKEY 0x0518 + #define USB_DEVICE_ID_BTC_8193 0x0002 + ++#define USB_VENDOR_ID_FORMOSA 0x147a ++#define USB_DEVICE_ID_FORMOSA_IR_RECEIVER 0xe03e ++ + #define USB_VENDOR_ID_FREESCALE 0x15A2 + #define USB_DEVICE_ID_FREESCALE_MX28 0x004F + +diff --git a/drivers/hid/usbhid/hid-quirks.c b/drivers/hid/usbhid/hid-quirks.c +index aec3fa3..e26eddf 100644 +--- a/drivers/hid/usbhid/hid-quirks.c ++++ b/drivers/hid/usbhid/hid-quirks.c +@@ -68,6 +68,7 @@ static const struct hid_blacklist { + { USB_VENDOR_ID_CH, USB_DEVICE_ID_CH_AXIS_295, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_DMI, USB_DEVICE_ID_DMI_ENC, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_ELO, USB_DEVICE_ID_ELO_TS2700, HID_QUIRK_NOGET }, ++ { USB_VENDOR_ID_FORMOSA, USB_DEVICE_ID_FORMOSA_IR_RECEIVER, HID_QUIRK_NO_INIT_REPORTS }, + { USB_VENDOR_ID_FREESCALE, USB_DEVICE_ID_FREESCALE_MX28, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_MGE, USB_DEVICE_ID_MGE_UPS, HID_QUIRK_NOGET }, + { USB_VENDOR_ID_PIXART, USB_DEVICE_ID_PIXART_OPTICAL_TOUCH_SCREEN, HID_QUIRK_NO_INIT_REPORTS }, +diff --git a/drivers/isdn/gigaset/capi.c b/drivers/isdn/gigaset/capi.c +index fd17bb3..08c2329 100644 +--- a/drivers/isdn/gigaset/capi.c ++++ b/drivers/isdn/gigaset/capi.c +@@ -264,6 +264,8 @@ static inline void dump_rawmsg(enum debuglevel level, const char *tag, + CAPIMSG_APPID(data), CAPIMSG_MSGID(data), l, + CAPIMSG_CONTROL(data)); + l -= 12; ++ if (l <= 0) ++ return; + dbgline = kmalloc(3*l, GFP_ATOMIC); + if (!dbgline) + return; +diff --git a/drivers/media/video/gspca/kinect.c b/drivers/media/video/gspca/kinect.c +index 4fe51fd..acaef66 100644 +--- a/drivers/media/video/gspca/kinect.c ++++ b/drivers/media/video/gspca/kinect.c +@@ -390,6 +390,7 @@ static const struct sd_desc sd_desc = { + /* -- module initialisation -- */ + static const struct usb_device_id device_table[] = { + {USB_DEVICE(0x045e, 0x02ae)}, ++ {USB_DEVICE(0x045e, 0x02bf)}, + {} + }; + +diff --git a/drivers/net/can/c_can/c_can.c b/drivers/net/can/c_can/c_can.c +index 21a3d77..64647d4 100644 +--- a/drivers/net/can/c_can/c_can.c ++++ b/drivers/net/can/c_can/c_can.c +@@ -446,8 +446,12 @@ static void c_can_setup_receive_object(struct net_device *dev, int iface, + + priv->write_reg(priv, &priv->regs->ifregs[iface].mask1, + IFX_WRITE_LOW_16BIT(mask)); ++ ++ /* According to C_CAN documentation, the reserved bit ++ * in IFx_MASK2 register is fixed 1 ++ */ + priv->write_reg(priv, &priv->regs->ifregs[iface].mask2, +- IFX_WRITE_HIGH_16BIT(mask)); ++ IFX_WRITE_HIGH_16BIT(mask) | BIT(13)); + + priv->write_reg(priv, &priv->regs->ifregs[iface].arb1, + IFX_WRITE_LOW_16BIT(id)); +diff --git a/drivers/net/ethernet/broadcom/tg3.c b/drivers/net/ethernet/broadcom/tg3.c +index 01bc102..c86fa50 100644 +--- a/drivers/net/ethernet/broadcom/tg3.c ++++ b/drivers/net/ethernet/broadcom/tg3.c +@@ -1135,14 +1135,26 @@ static int tg3_phy_auxctl_write(struct tg3 *tp, int reg, u32 set) + return tg3_writephy(tp, MII_TG3_AUX_CTRL, set | reg); + } + +-#define TG3_PHY_AUXCTL_SMDSP_ENABLE(tp) \ +- tg3_phy_auxctl_write((tp), MII_TG3_AUXCTL_SHDWSEL_AUXCTL, \ +- MII_TG3_AUXCTL_ACTL_SMDSP_ENA | \ +- MII_TG3_AUXCTL_ACTL_TX_6DB) ++static int tg3_phy_toggle_auxctl_smdsp(struct tg3 *tp, bool enable) ++{ ++ u32 val; ++ int err; + +-#define TG3_PHY_AUXCTL_SMDSP_DISABLE(tp) \ +- tg3_phy_auxctl_write((tp), MII_TG3_AUXCTL_SHDWSEL_AUXCTL, \ +- MII_TG3_AUXCTL_ACTL_TX_6DB); ++ err = tg3_phy_auxctl_read(tp, MII_TG3_AUXCTL_SHDWSEL_AUXCTL, &val); ++ ++ if (err) ++ return err; ++ if (enable) ++ ++ val |= MII_TG3_AUXCTL_ACTL_SMDSP_ENA; ++ else ++ val &= ~MII_TG3_AUXCTL_ACTL_SMDSP_ENA; ++ ++ err = tg3_phy_auxctl_write((tp), MII_TG3_AUXCTL_SHDWSEL_AUXCTL, ++ val | MII_TG3_AUXCTL_ACTL_TX_6DB); ++ ++ return err; ++} + + static int tg3_bmcr_reset(struct tg3 *tp) + { +@@ -2087,7 +2099,7 @@ static void tg3_phy_apply_otp(struct tg3 *tp) + + otp = tp->phy_otp; + +- if (TG3_PHY_AUXCTL_SMDSP_ENABLE(tp)) ++ if (tg3_phy_toggle_auxctl_smdsp(tp, true)) + return; + + phy = ((otp & TG3_OTP_AGCTGT_MASK) >> TG3_OTP_AGCTGT_SHIFT); +@@ -2112,7 +2124,7 @@ static void tg3_phy_apply_otp(struct tg3 *tp) + ((otp & TG3_OTP_RCOFF_MASK) >> TG3_OTP_RCOFF_SHIFT); + tg3_phydsp_write(tp, MII_TG3_DSP_EXP97, phy); + +- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); ++ tg3_phy_toggle_auxctl_smdsp(tp, false); + } + + static void tg3_phy_eee_adjust(struct tg3 *tp, u32 current_link_up) +@@ -2148,9 +2160,9 @@ static void tg3_phy_eee_adjust(struct tg3 *tp, u32 current_link_up) + + if (!tp->setlpicnt) { + if (current_link_up == 1 && +- !TG3_PHY_AUXCTL_SMDSP_ENABLE(tp)) { ++ !tg3_phy_toggle_auxctl_smdsp(tp, true)) { + tg3_phydsp_write(tp, MII_TG3_DSP_TAP26, 0x0000); +- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); ++ tg3_phy_toggle_auxctl_smdsp(tp, false); + } + + val = tr32(TG3_CPMU_EEE_MODE); +@@ -2166,11 +2178,11 @@ static void tg3_phy_eee_enable(struct tg3 *tp) + (GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5717 || + GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_5719 || + GET_ASIC_REV(tp->pci_chip_rev_id) == ASIC_REV_57765) && +- !TG3_PHY_AUXCTL_SMDSP_ENABLE(tp)) { ++ !tg3_phy_toggle_auxctl_smdsp(tp, true)) { + val = MII_TG3_DSP_TAP26_ALNOKO | + MII_TG3_DSP_TAP26_RMRXSTO; + tg3_phydsp_write(tp, MII_TG3_DSP_TAP26, val); +- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); ++ tg3_phy_toggle_auxctl_smdsp(tp, false); + } + + val = tr32(TG3_CPMU_EEE_MODE); +@@ -2314,7 +2326,7 @@ static int tg3_phy_reset_5703_4_5(struct tg3 *tp) + tg3_writephy(tp, MII_CTRL1000, + CTL1000_AS_MASTER | CTL1000_ENABLE_MASTER); + +- err = TG3_PHY_AUXCTL_SMDSP_ENABLE(tp); ++ err = tg3_phy_toggle_auxctl_smdsp(tp, true); + if (err) + return err; + +@@ -2335,7 +2347,7 @@ static int tg3_phy_reset_5703_4_5(struct tg3 *tp) + tg3_writephy(tp, MII_TG3_DSP_ADDRESS, 0x8200); + tg3_writephy(tp, MII_TG3_DSP_CONTROL, 0x0000); + +- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); ++ tg3_phy_toggle_auxctl_smdsp(tp, false); + + tg3_writephy(tp, MII_CTRL1000, phy9_orig); + +@@ -2424,10 +2436,10 @@ static int tg3_phy_reset(struct tg3 *tp) + + out: + if ((tp->phy_flags & TG3_PHYFLG_ADC_BUG) && +- !TG3_PHY_AUXCTL_SMDSP_ENABLE(tp)) { ++ !tg3_phy_toggle_auxctl_smdsp(tp, true)) { + tg3_phydsp_write(tp, 0x201f, 0x2aaa); + tg3_phydsp_write(tp, 0x000a, 0x0323); +- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); ++ tg3_phy_toggle_auxctl_smdsp(tp, false); + } + + if (tp->phy_flags & TG3_PHYFLG_5704_A0_BUG) { +@@ -2436,14 +2448,14 @@ out: + } + + if (tp->phy_flags & TG3_PHYFLG_BER_BUG) { +- if (!TG3_PHY_AUXCTL_SMDSP_ENABLE(tp)) { ++ if (!tg3_phy_toggle_auxctl_smdsp(tp, true)) { + tg3_phydsp_write(tp, 0x000a, 0x310b); + tg3_phydsp_write(tp, 0x201f, 0x9506); + tg3_phydsp_write(tp, 0x401f, 0x14e2); +- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); ++ tg3_phy_toggle_auxctl_smdsp(tp, false); + } + } else if (tp->phy_flags & TG3_PHYFLG_JITTER_BUG) { +- if (!TG3_PHY_AUXCTL_SMDSP_ENABLE(tp)) { ++ if (!tg3_phy_toggle_auxctl_smdsp(tp, true)) { + tg3_writephy(tp, MII_TG3_DSP_ADDRESS, 0x000a); + if (tp->phy_flags & TG3_PHYFLG_ADJUST_TRIM) { + tg3_writephy(tp, MII_TG3_DSP_RW_PORT, 0x110b); +@@ -2452,7 +2464,7 @@ out: + } else + tg3_writephy(tp, MII_TG3_DSP_RW_PORT, 0x010b); + +- TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); ++ tg3_phy_toggle_auxctl_smdsp(tp, false); + } + } + +@@ -3639,7 +3651,7 @@ static int tg3_phy_autoneg_cfg(struct tg3 *tp, u32 advertise, u32 flowctrl) + tw32(TG3_CPMU_EEE_MODE, + tr32(TG3_CPMU_EEE_MODE) & ~TG3_CPMU_EEEMD_LPI_ENABLE); + +- err = TG3_PHY_AUXCTL_SMDSP_ENABLE(tp); ++ err = tg3_phy_toggle_auxctl_smdsp(tp, true); + if (!err) { + u32 err2; + +@@ -3671,7 +3683,7 @@ static int tg3_phy_autoneg_cfg(struct tg3 *tp, u32 advertise, u32 flowctrl) + MII_TG3_DSP_CH34TP2_HIBW01); + } + +- err2 = TG3_PHY_AUXCTL_SMDSP_DISABLE(tp); ++ err2 = tg3_phy_toggle_auxctl_smdsp(tp, false); + if (!err) + err = err2; + } +@@ -6353,6 +6365,9 @@ static void tg3_poll_controller(struct net_device *dev) + int i; + struct tg3 *tp = netdev_priv(dev); + ++ if (tg3_irq_sync(tp)) ++ return; ++ + for (i = 0; i < tp->irq_cnt; i++) + tg3_interrupt(tp->napi[i].irq_vec, &tp->napi[i]); + } +@@ -15388,6 +15403,7 @@ static int __devinit tg3_init_one(struct pci_dev *pdev, + tp->pm_cap = pm_cap; + tp->rx_mode = TG3_DEF_RX_MODE; + tp->tx_mode = TG3_DEF_TX_MODE; ++ tp->irq_sync = 1; + + if (tg3_debug > 0) + tp->msg_enable = tg3_debug; +diff --git a/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c b/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c +index a8259cc..5674145 100644 +--- a/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c ++++ b/drivers/net/ethernet/qlogic/netxen/netxen_nic_init.c +@@ -144,7 +144,7 @@ void netxen_release_tx_buffers(struct netxen_adapter *adapter) + buffrag->length, PCI_DMA_TODEVICE); + buffrag->dma = 0ULL; + } +- for (j = 0; j < cmd_buf->frag_count; j++) { ++ for (j = 1; j < cmd_buf->frag_count; j++) { + buffrag++; + if (buffrag->dma) { + pci_unmap_page(adapter->pdev, buffrag->dma, +diff --git a/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c b/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c +index da5204d..4a238a4 100644 +--- a/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c ++++ b/drivers/net/ethernet/qlogic/netxen/netxen_nic_main.c +@@ -1924,10 +1924,12 @@ unwind: + while (--i >= 0) { + nf = &pbuf->frag_array[i+1]; + pci_unmap_page(pdev, nf->dma, nf->length, PCI_DMA_TODEVICE); ++ nf->dma = 0ULL; + } + + nf = &pbuf->frag_array[0]; + pci_unmap_single(pdev, nf->dma, skb_headlen(skb), PCI_DMA_TODEVICE); ++ nf->dma = 0ULL; + + out_err: + return -ENOMEM; +diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c +index b8db4cd..a6153f1 100644 +--- a/drivers/net/ethernet/realtek/r8169.c ++++ b/drivers/net/ethernet/realtek/r8169.c +@@ -5829,13 +5829,6 @@ static int rtl8169_rx_interrupt(struct net_device *dev, + dev->stats.rx_bytes += pkt_size; + dev->stats.rx_packets++; + } +- +- /* Work around for AMD plateform. */ +- if ((desc->opts2 & cpu_to_le32(0xfffe000)) && +- (tp->mac_version == RTL_GIGA_MAC_VER_05)) { +- desc->opts2 = 0; +- cur_rx++; +- } + } + + count = cur_rx - tp->cur_rx; +diff --git a/drivers/net/loopback.c b/drivers/net/loopback.c +index 4ce9e5f..d0893e4 100644 +--- a/drivers/net/loopback.c ++++ b/drivers/net/loopback.c +@@ -78,6 +78,11 @@ static netdev_tx_t loopback_xmit(struct sk_buff *skb, + + skb_orphan(skb); + ++ /* Before queueing this packet to netif_rx(), ++ * make sure dst is refcounted. ++ */ ++ skb_dst_force(skb); ++ + skb->protocol = eth_type_trans(skb, dev); + + /* it's OK to use per_cpu_ptr() because BHs are off */ +diff --git a/drivers/net/wireless/mwifiex/scan.c b/drivers/net/wireless/mwifiex/scan.c +index 8d3ab37..6618dd6 100644 +--- a/drivers/net/wireless/mwifiex/scan.c ++++ b/drivers/net/wireless/mwifiex/scan.c +@@ -1594,7 +1594,7 @@ int mwifiex_ret_802_11_scan(struct mwifiex_private *priv, + dev_err(adapter->dev, "SCAN_RESP: too many AP returned (%d)\n", + scan_rsp->number_of_sets); + ret = -1; +- goto done; ++ goto check_next_scan; + } + + bytes_left = le16_to_cpu(scan_rsp->bss_descript_size); +@@ -1663,7 +1663,8 @@ int mwifiex_ret_802_11_scan(struct mwifiex_private *priv, + if (!beacon_size || beacon_size > bytes_left) { + bss_info += bytes_left; + bytes_left = 0; +- return -1; ++ ret = -1; ++ goto check_next_scan; + } + + /* Initialize the current working beacon pointer for this BSS +@@ -1716,7 +1717,7 @@ int mwifiex_ret_802_11_scan(struct mwifiex_private *priv, + dev_err(priv->adapter->dev, "%s: in processing" + " IE, bytes left < IE length\n", + __func__); +- goto done; ++ goto check_next_scan; + } + if (element_id == WLAN_EID_DS_PARAMS) { + channel = *(u8 *) (current_ptr + +@@ -1782,6 +1783,7 @@ int mwifiex_ret_802_11_scan(struct mwifiex_private *priv, + } + } + ++check_next_scan: + spin_lock_irqsave(&adapter->scan_pending_q_lock, flags); + if (list_empty(&adapter->scan_pending_q)) { + spin_unlock_irqrestore(&adapter->scan_pending_q_lock, flags); +@@ -1812,7 +1814,6 @@ int mwifiex_ret_802_11_scan(struct mwifiex_private *priv, + mwifiex_insert_cmd_to_pending_q(adapter, cmd_node, true); + } + +-done: + return ret; + } + +diff --git a/drivers/net/wireless/rt2x00/rt2500usb.c b/drivers/net/wireless/rt2x00/rt2500usb.c +index 22ed6df..2be9880 100644 +--- a/drivers/net/wireless/rt2x00/rt2500usb.c ++++ b/drivers/net/wireless/rt2x00/rt2500usb.c +@@ -1921,7 +1921,7 @@ static struct usb_device_id rt2500usb_device_table[] = { + { USB_DEVICE(0x0b05, 0x1706) }, + { USB_DEVICE(0x0b05, 0x1707) }, + /* Belkin */ +- { USB_DEVICE(0x050d, 0x7050) }, ++ { USB_DEVICE(0x050d, 0x7050) }, /* FCC ID: K7SF5D7050A ver. 2.x */ + { USB_DEVICE(0x050d, 0x7051) }, + /* Cisco Systems */ + { USB_DEVICE(0x13b1, 0x000d) }, +diff --git a/drivers/net/wireless/rt2x00/rt2800usb.c b/drivers/net/wireless/rt2x00/rt2800usb.c +index b66a61b..3d4ea1f 100644 +--- a/drivers/net/wireless/rt2x00/rt2800usb.c ++++ b/drivers/net/wireless/rt2x00/rt2800usb.c +@@ -959,6 +959,7 @@ static struct usb_device_id rt2800usb_device_table[] = { + { USB_DEVICE(0x07d1, 0x3c15) }, + { USB_DEVICE(0x07d1, 0x3c16) }, + { USB_DEVICE(0x2001, 0x3c1b) }, ++ { USB_DEVICE(0x2001, 0x3c1e) }, + /* Draytek */ + { USB_DEVICE(0x07fa, 0x7712) }, + /* DVICO */ +@@ -1090,6 +1091,7 @@ static struct usb_device_id rt2800usb_device_table[] = { + { USB_DEVICE(0x177f, 0x0153) }, + { USB_DEVICE(0x177f, 0x0302) }, + { USB_DEVICE(0x177f, 0x0313) }, ++ { USB_DEVICE(0x177f, 0x0323) }, + /* U-Media */ + { USB_DEVICE(0x157e, 0x300e) }, + { USB_DEVICE(0x157e, 0x3013) }, +diff --git a/drivers/net/wireless/rt2x00/rt73usb.c b/drivers/net/wireless/rt2x00/rt73usb.c +index 2ad468d..9e724eb 100644 +--- a/drivers/net/wireless/rt2x00/rt73usb.c ++++ b/drivers/net/wireless/rt2x00/rt73usb.c +@@ -2421,6 +2421,7 @@ static struct usb_device_id rt73usb_device_table[] = { + { USB_DEVICE(0x0b05, 0x1723) }, + { USB_DEVICE(0x0b05, 0x1724) }, + /* Belkin */ ++ { USB_DEVICE(0x050d, 0x7050) }, /* FCC ID: K7SF5D7050B ver. 3.x */ + { USB_DEVICE(0x050d, 0x705a) }, + { USB_DEVICE(0x050d, 0x905b) }, + { USB_DEVICE(0x050d, 0x905c) }, +diff --git a/drivers/net/wireless/rtlwifi/usb.c b/drivers/net/wireless/rtlwifi/usb.c +index a49e848..30dd0a9 100644 +--- a/drivers/net/wireless/rtlwifi/usb.c ++++ b/drivers/net/wireless/rtlwifi/usb.c +@@ -503,8 +503,8 @@ static void _rtl_rx_pre_process(struct ieee80211_hw *hw, struct sk_buff *skb) + WARN_ON(skb_queue_empty(&rx_queue)); + while (!skb_queue_empty(&rx_queue)) { + _skb = skb_dequeue(&rx_queue); +- _rtl_usb_rx_process_agg(hw, skb); +- ieee80211_rx_irqsafe(hw, skb); ++ _rtl_usb_rx_process_agg(hw, _skb); ++ ieee80211_rx_irqsafe(hw, _skb); + } + } + +diff --git a/drivers/net/xen-netback/common.h b/drivers/net/xen-netback/common.h +index 94b79c3..9d7f172 100644 +--- a/drivers/net/xen-netback/common.h ++++ b/drivers/net/xen-netback/common.h +@@ -151,6 +151,9 @@ void xen_netbk_queue_tx_skb(struct xenvif *vif, struct sk_buff *skb); + /* Notify xenvif that ring now has space to send an skb to the frontend */ + void xenvif_notify_tx_completion(struct xenvif *vif); + ++/* Prevent the device from generating any further traffic. */ ++void xenvif_carrier_off(struct xenvif *vif); ++ + /* Returns number of ring slots required to send an skb to the frontend */ + unsigned int xen_netbk_count_skb_slots(struct xenvif *vif, struct sk_buff *skb); + +diff --git a/drivers/net/xen-netback/interface.c b/drivers/net/xen-netback/interface.c +index 1825629..5925e0b 100644 +--- a/drivers/net/xen-netback/interface.c ++++ b/drivers/net/xen-netback/interface.c +@@ -342,17 +342,22 @@ err: + return err; + } + +-void xenvif_disconnect(struct xenvif *vif) ++void xenvif_carrier_off(struct xenvif *vif) + { + struct net_device *dev = vif->dev; +- if (netif_carrier_ok(dev)) { +- rtnl_lock(); +- netif_carrier_off(dev); /* discard queued packets */ +- if (netif_running(dev)) +- xenvif_down(vif); +- rtnl_unlock(); +- xenvif_put(vif); +- } ++ ++ rtnl_lock(); ++ netif_carrier_off(dev); /* discard queued packets */ ++ if (netif_running(dev)) ++ xenvif_down(vif); ++ rtnl_unlock(); ++ xenvif_put(vif); ++} ++ ++void xenvif_disconnect(struct xenvif *vif) ++{ ++ if (netif_carrier_ok(vif->dev)) ++ xenvif_carrier_off(vif); + + atomic_dec(&vif->refcnt); + wait_event(vif->waiting_to_free, atomic_read(&vif->refcnt) == 0); +diff --git a/drivers/net/xen-netback/netback.c b/drivers/net/xen-netback/netback.c +index 15e332d..b802bb3 100644 +--- a/drivers/net/xen-netback/netback.c ++++ b/drivers/net/xen-netback/netback.c +@@ -146,7 +146,8 @@ void xen_netbk_remove_xenvif(struct xenvif *vif) + atomic_dec(&netbk->netfront_count); + } + +-static void xen_netbk_idx_release(struct xen_netbk *netbk, u16 pending_idx); ++static void xen_netbk_idx_release(struct xen_netbk *netbk, u16 pending_idx, ++ u8 status); + static void make_tx_response(struct xenvif *vif, + struct xen_netif_tx_request *txp, + s8 st); +@@ -851,7 +852,7 @@ static void netbk_tx_err(struct xenvif *vif, + + do { + make_tx_response(vif, txp, XEN_NETIF_RSP_ERROR); +- if (cons >= end) ++ if (cons == end) + break; + txp = RING_GET_REQUEST(&vif->tx, cons++); + } while (1); +@@ -860,6 +861,13 @@ static void netbk_tx_err(struct xenvif *vif, + xenvif_put(vif); + } + ++static void netbk_fatal_tx_err(struct xenvif *vif) ++{ ++ netdev_err(vif->dev, "fatal error; disabling device\n"); ++ xenvif_carrier_off(vif); ++ xenvif_put(vif); ++} ++ + static int netbk_count_requests(struct xenvif *vif, + struct xen_netif_tx_request *first, + struct xen_netif_tx_request *txp, +@@ -873,19 +881,22 @@ static int netbk_count_requests(struct xenvif *vif, + + do { + if (frags >= work_to_do) { +- netdev_dbg(vif->dev, "Need more frags\n"); ++ netdev_err(vif->dev, "Need more frags\n"); ++ netbk_fatal_tx_err(vif); + return -frags; + } + + if (unlikely(frags >= MAX_SKB_FRAGS)) { +- netdev_dbg(vif->dev, "Too many frags\n"); ++ netdev_err(vif->dev, "Too many frags\n"); ++ netbk_fatal_tx_err(vif); + return -frags; + } + + memcpy(txp, RING_GET_REQUEST(&vif->tx, cons + frags), + sizeof(*txp)); + if (txp->size > first->size) { +- netdev_dbg(vif->dev, "Frags galore\n"); ++ netdev_err(vif->dev, "Frag is bigger than frame.\n"); ++ netbk_fatal_tx_err(vif); + return -frags; + } + +@@ -893,8 +904,9 @@ static int netbk_count_requests(struct xenvif *vif, + frags++; + + if (unlikely((txp->offset + txp->size) > PAGE_SIZE)) { +- netdev_dbg(vif->dev, "txp->offset: %x, size: %u\n", ++ netdev_err(vif->dev, "txp->offset: %x, size: %u\n", + txp->offset, txp->size); ++ netbk_fatal_tx_err(vif); + return -frags; + } + } while ((txp++)->flags & XEN_NETTXF_more_data); +@@ -938,7 +950,7 @@ static struct gnttab_copy *xen_netbk_get_requests(struct xen_netbk *netbk, + pending_idx = netbk->pending_ring[index]; + page = xen_netbk_alloc_page(netbk, skb, pending_idx); + if (!page) +- return NULL; ++ goto err; + + netbk->mmap_pages[pending_idx] = page; + +@@ -962,6 +974,17 @@ static struct gnttab_copy *xen_netbk_get_requests(struct xen_netbk *netbk, + } + + return gop; ++err: ++ /* Unwind, freeing all pages and sending error responses. */ ++ while (i-- > start) { ++ xen_netbk_idx_release(netbk, frag_get_pending_idx(&frags[i]), ++ XEN_NETIF_RSP_ERROR); ++ } ++ /* The head too, if necessary. */ ++ if (start) ++ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_ERROR); ++ ++ return NULL; + } + + static int xen_netbk_tx_check_gop(struct xen_netbk *netbk, +@@ -970,30 +993,20 @@ static int xen_netbk_tx_check_gop(struct xen_netbk *netbk, + { + struct gnttab_copy *gop = *gopp; + u16 pending_idx = *((u16 *)skb->data); +- struct pending_tx_info *pending_tx_info = netbk->pending_tx_info; +- struct xenvif *vif = pending_tx_info[pending_idx].vif; +- struct xen_netif_tx_request *txp; + struct skb_shared_info *shinfo = skb_shinfo(skb); + int nr_frags = shinfo->nr_frags; + int i, err, start; + + /* Check status of header. */ + err = gop->status; +- if (unlikely(err)) { +- pending_ring_idx_t index; +- index = pending_index(netbk->pending_prod++); +- txp = &pending_tx_info[pending_idx].req; +- make_tx_response(vif, txp, XEN_NETIF_RSP_ERROR); +- netbk->pending_ring[index] = pending_idx; +- xenvif_put(vif); +- } ++ if (unlikely(err)) ++ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_ERROR); + + /* Skip first skb fragment if it is on same page as header fragment. */ + start = (frag_get_pending_idx(&shinfo->frags[0]) == pending_idx); + + for (i = start; i < nr_frags; i++) { + int j, newerr; +- pending_ring_idx_t index; + + pending_idx = frag_get_pending_idx(&shinfo->frags[i]); + +@@ -1002,16 +1015,12 @@ static int xen_netbk_tx_check_gop(struct xen_netbk *netbk, + if (likely(!newerr)) { + /* Had a previous error? Invalidate this fragment. */ + if (unlikely(err)) +- xen_netbk_idx_release(netbk, pending_idx); ++ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_OKAY); + continue; + } + + /* Error on this fragment: respond to client with an error. */ +- txp = &netbk->pending_tx_info[pending_idx].req; +- make_tx_response(vif, txp, XEN_NETIF_RSP_ERROR); +- index = pending_index(netbk->pending_prod++); +- netbk->pending_ring[index] = pending_idx; +- xenvif_put(vif); ++ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_ERROR); + + /* Not the first error? Preceding frags already invalidated. */ + if (err) +@@ -1019,10 +1028,10 @@ static int xen_netbk_tx_check_gop(struct xen_netbk *netbk, + + /* First error: invalidate header and preceding fragments. */ + pending_idx = *((u16 *)skb->data); +- xen_netbk_idx_release(netbk, pending_idx); ++ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_OKAY); + for (j = start; j < i; j++) { + pending_idx = frag_get_pending_idx(&shinfo->frags[j]); +- xen_netbk_idx_release(netbk, pending_idx); ++ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_OKAY); + } + + /* Remember the error: invalidate all subsequent fragments. */ +@@ -1056,7 +1065,7 @@ static void xen_netbk_fill_frags(struct xen_netbk *netbk, struct sk_buff *skb) + + /* Take an extra reference to offset xen_netbk_idx_release */ + get_page(netbk->mmap_pages[pending_idx]); +- xen_netbk_idx_release(netbk, pending_idx); ++ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_OKAY); + } + } + +@@ -1069,7 +1078,8 @@ static int xen_netbk_get_extras(struct xenvif *vif, + + do { + if (unlikely(work_to_do-- <= 0)) { +- netdev_dbg(vif->dev, "Missing extra info\n"); ++ netdev_err(vif->dev, "Missing extra info\n"); ++ netbk_fatal_tx_err(vif); + return -EBADR; + } + +@@ -1078,8 +1088,9 @@ static int xen_netbk_get_extras(struct xenvif *vif, + if (unlikely(!extra.type || + extra.type >= XEN_NETIF_EXTRA_TYPE_MAX)) { + vif->tx.req_cons = ++cons; +- netdev_dbg(vif->dev, ++ netdev_err(vif->dev, + "Invalid extra type: %d\n", extra.type); ++ netbk_fatal_tx_err(vif); + return -EINVAL; + } + +@@ -1095,13 +1106,15 @@ static int netbk_set_skb_gso(struct xenvif *vif, + struct xen_netif_extra_info *gso) + { + if (!gso->u.gso.size) { +- netdev_dbg(vif->dev, "GSO size must not be zero.\n"); ++ netdev_err(vif->dev, "GSO size must not be zero.\n"); ++ netbk_fatal_tx_err(vif); + return -EINVAL; + } + + /* Currently only TCPv4 S.O. is supported. */ + if (gso->u.gso.type != XEN_NETIF_GSO_TYPE_TCPV4) { +- netdev_dbg(vif->dev, "Bad GSO type %d.\n", gso->u.gso.type); ++ netdev_err(vif->dev, "Bad GSO type %d.\n", gso->u.gso.type); ++ netbk_fatal_tx_err(vif); + return -EINVAL; + } + +@@ -1238,9 +1251,25 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk) + + /* Get a netif from the list with work to do. */ + vif = poll_net_schedule_list(netbk); ++ /* This can sometimes happen because the test of ++ * list_empty(net_schedule_list) at the top of the ++ * loop is unlocked. Just go back and have another ++ * look. ++ */ + if (!vif) + continue; + ++ if (vif->tx.sring->req_prod - vif->tx.req_cons > ++ XEN_NETIF_TX_RING_SIZE) { ++ netdev_err(vif->dev, ++ "Impossible number of requests. " ++ "req_prod %d, req_cons %d, size %ld\n", ++ vif->tx.sring->req_prod, vif->tx.req_cons, ++ XEN_NETIF_TX_RING_SIZE); ++ netbk_fatal_tx_err(vif); ++ continue; ++ } ++ + RING_FINAL_CHECK_FOR_REQUESTS(&vif->tx, work_to_do); + if (!work_to_do) { + xenvif_put(vif); +@@ -1268,17 +1297,14 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk) + work_to_do = xen_netbk_get_extras(vif, extras, + work_to_do); + idx = vif->tx.req_cons; +- if (unlikely(work_to_do < 0)) { +- netbk_tx_err(vif, &txreq, idx); ++ if (unlikely(work_to_do < 0)) + continue; +- } + } + + ret = netbk_count_requests(vif, &txreq, txfrags, work_to_do); +- if (unlikely(ret < 0)) { +- netbk_tx_err(vif, &txreq, idx - ret); ++ if (unlikely(ret < 0)) + continue; +- } ++ + idx += ret; + + if (unlikely(txreq.size < ETH_HLEN)) { +@@ -1290,11 +1316,11 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk) + + /* No crossing a page as the payload mustn't fragment. */ + if (unlikely((txreq.offset + txreq.size) > PAGE_SIZE)) { +- netdev_dbg(vif->dev, ++ netdev_err(vif->dev, + "txreq.offset: %x, size: %u, end: %lu\n", + txreq.offset, txreq.size, + (txreq.offset&~PAGE_MASK) + txreq.size); +- netbk_tx_err(vif, &txreq, idx); ++ netbk_fatal_tx_err(vif); + continue; + } + +@@ -1322,8 +1348,8 @@ static unsigned xen_netbk_tx_build_gops(struct xen_netbk *netbk) + gso = &extras[XEN_NETIF_EXTRA_TYPE_GSO - 1]; + + if (netbk_set_skb_gso(vif, skb, gso)) { ++ /* Failure in netbk_set_skb_gso is fatal. */ + kfree_skb(skb); +- netbk_tx_err(vif, &txreq, idx); + continue; + } + } +@@ -1424,7 +1450,7 @@ static void xen_netbk_tx_submit(struct xen_netbk *netbk) + txp->size -= data_len; + } else { + /* Schedule a response immediately. */ +- xen_netbk_idx_release(netbk, pending_idx); ++ xen_netbk_idx_release(netbk, pending_idx, XEN_NETIF_RSP_OKAY); + } + + if (txp->flags & XEN_NETTXF_csum_blank) +@@ -1479,7 +1505,8 @@ static void xen_netbk_tx_action(struct xen_netbk *netbk) + + } + +-static void xen_netbk_idx_release(struct xen_netbk *netbk, u16 pending_idx) ++static void xen_netbk_idx_release(struct xen_netbk *netbk, u16 pending_idx, ++ u8 status) + { + struct xenvif *vif; + struct pending_tx_info *pending_tx_info; +@@ -1493,7 +1520,7 @@ static void xen_netbk_idx_release(struct xen_netbk *netbk, u16 pending_idx) + + vif = pending_tx_info->vif; + +- make_tx_response(vif, &pending_tx_info->req, XEN_NETIF_RSP_OKAY); ++ make_tx_response(vif, &pending_tx_info->req, status); + + index = pending_index(netbk->pending_prod++); + netbk->pending_ring[index] = pending_idx; +diff --git a/drivers/rtc/rtc-isl1208.c b/drivers/rtc/rtc-isl1208.c +index da8beb8..627b66a 100644 +--- a/drivers/rtc/rtc-isl1208.c ++++ b/drivers/rtc/rtc-isl1208.c +@@ -494,6 +494,7 @@ isl1208_rtc_interrupt(int irq, void *data) + { + unsigned long timeout = jiffies + msecs_to_jiffies(1000); + struct i2c_client *client = data; ++ struct rtc_device *rtc = i2c_get_clientdata(client); + int handled = 0, sr, err; + + /* +@@ -516,6 +517,8 @@ isl1208_rtc_interrupt(int irq, void *data) + if (sr & ISL1208_REG_SR_ALM) { + dev_dbg(&client->dev, "alarm!\n"); + ++ rtc_update_irq(rtc, 1, RTC_IRQF | RTC_AF); ++ + /* Clear the alarm */ + sr &= ~ISL1208_REG_SR_ALM; + sr = i2c_smbus_write_byte_data(client, ISL1208_REG_SR, sr); +diff --git a/drivers/rtc/rtc-pl031.c b/drivers/rtc/rtc-pl031.c +index 1e80a48..73816d8 100644 +--- a/drivers/rtc/rtc-pl031.c ++++ b/drivers/rtc/rtc-pl031.c +@@ -44,6 +44,7 @@ + #define RTC_YMR 0x34 /* Year match register */ + #define RTC_YLR 0x38 /* Year data load register */ + ++#define RTC_CR_EN (1 << 0) /* counter enable bit */ + #define RTC_CR_CWEN (1 << 26) /* Clockwatch enable bit */ + + #define RTC_TCR_EN (1 << 1) /* Periodic timer enable bit */ +@@ -312,7 +313,7 @@ static int pl031_probe(struct amba_device *adev, const struct amba_id *id) + int ret; + struct pl031_local *ldata; + struct rtc_class_ops *ops = id->data; +- unsigned long time; ++ unsigned long time, data; + + ret = amba_request_regions(adev, NULL); + if (ret) +@@ -339,10 +340,11 @@ static int pl031_probe(struct amba_device *adev, const struct amba_id *id) + dev_dbg(&adev->dev, "designer ID = 0x%02x\n", ldata->hw_designer); + dev_dbg(&adev->dev, "revision = 0x%01x\n", ldata->hw_revision); + ++ data = readl(ldata->base + RTC_CR); + /* Enable the clockwatch on ST Variants */ + if (ldata->hw_designer == AMBA_VENDOR_ST) +- writel(readl(ldata->base + RTC_CR) | RTC_CR_CWEN, +- ldata->base + RTC_CR); ++ data |= RTC_CR_CWEN; ++ writel(data | RTC_CR_EN, ldata->base + RTC_CR); + + /* + * On ST PL031 variants, the RTC reset value does not provide correct +diff --git a/drivers/usb/host/ehci-sched.c b/drivers/usb/host/ehci-sched.c +index 34655d0..08e470f 100644 +--- a/drivers/usb/host/ehci-sched.c ++++ b/drivers/usb/host/ehci-sched.c +@@ -236,7 +236,7 @@ static inline unsigned char tt_start_uframe(struct ehci_hcd *ehci, __hc32 mask) + } + + static const unsigned char +-max_tt_usecs[] = { 125, 125, 125, 125, 125, 125, 30, 0 }; ++max_tt_usecs[] = { 125, 125, 125, 125, 125, 125, 125, 25 }; + + /* carryover low/fullspeed bandwidth that crosses uframe boundries */ + static inline void carryover_tt_bandwidth(unsigned short tt_usecs[8]) +diff --git a/drivers/usb/host/pci-quirks.c b/drivers/usb/host/pci-quirks.c +index 5cc401b..c7cfbce 100644 +--- a/drivers/usb/host/pci-quirks.c ++++ b/drivers/usb/host/pci-quirks.c +@@ -780,6 +780,7 @@ void usb_enable_xhci_ports(struct pci_dev *xhci_pdev) + "defaulting to EHCI.\n"); + dev_warn(&xhci_pdev->dev, + "USB 3.0 devices will work at USB 2.0 speeds.\n"); ++ usb_disable_xhci_ports(xhci_pdev); + return; + } + +diff --git a/drivers/usb/host/xhci-ring.c b/drivers/usb/host/xhci-ring.c +index 2ed591d..5c1f9e7 100644 +--- a/drivers/usb/host/xhci-ring.c ++++ b/drivers/usb/host/xhci-ring.c +@@ -2504,6 +2504,8 @@ cleanup: + (trb_comp_code != COMP_STALL && + trb_comp_code != COMP_BABBLE)) + xhci_urb_free_priv(xhci, urb_priv); ++ else ++ kfree(urb_priv); + + usb_hcd_unlink_urb_from_ep(bus_to_hcd(urb->dev->bus), urb); + if ((urb->actual_length != urb->transfer_buffer_length && +@@ -3032,7 +3034,7 @@ static u32 xhci_v1_0_td_remainder(int running_total, int trb_buff_len, + * running_total. + */ + packets_transferred = (running_total + trb_buff_len) / +- usb_endpoint_maxp(&urb->ep->desc); ++ GET_MAX_PACKET(usb_endpoint_maxp(&urb->ep->desc)); + + if ((total_packet_count - packets_transferred) > 31) + return 31 << 17; +@@ -3594,7 +3596,8 @@ static int xhci_queue_isoc_tx(struct xhci_hcd *xhci, gfp_t mem_flags, + td_len = urb->iso_frame_desc[i].length; + td_remain_len = td_len; + total_packet_count = DIV_ROUND_UP(td_len, +- usb_endpoint_maxp(&urb->ep->desc)); ++ GET_MAX_PACKET( ++ usb_endpoint_maxp(&urb->ep->desc))); + /* A zero-length transfer still involves at least one packet. */ + if (total_packet_count == 0) + total_packet_count++; +@@ -3617,9 +3620,11 @@ static int xhci_queue_isoc_tx(struct xhci_hcd *xhci, gfp_t mem_flags, + td = urb_priv->td[i]; + for (j = 0; j < trbs_per_td; j++) { + u32 remainder = 0; +- field = TRB_TBC(burst_count) | TRB_TLBPC(residue); ++ field = 0; + + if (first_trb) { ++ field = TRB_TBC(burst_count) | ++ TRB_TLBPC(residue); + /* Queue the isoc TRB */ + field |= TRB_TYPE(TRB_ISOC); + /* Assume URB_ISO_ASAP is set */ +diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c +index 2cc7c18..d644a66 100644 +--- a/drivers/usb/serial/ftdi_sio.c ++++ b/drivers/usb/serial/ftdi_sio.c +@@ -590,6 +590,7 @@ static struct usb_device_id id_table_combined [] = { + /* + * ELV devices: + */ ++ { USB_DEVICE(FTDI_ELV_VID, FTDI_ELV_WS300_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_ELV_USR_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_ELV_MSM1_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_ELV_KL100_PID) }, +@@ -676,6 +677,7 @@ static struct usb_device_id id_table_combined [] = { + { USB_DEVICE(FTDI_VID, XSENS_CONVERTER_5_PID) }, + { USB_DEVICE(FTDI_VID, XSENS_CONVERTER_6_PID) }, + { USB_DEVICE(FTDI_VID, XSENS_CONVERTER_7_PID) }, ++ { USB_DEVICE(FTDI_VID, FTDI_OMNI1509) }, + { USB_DEVICE(MOBILITY_VID, MOBILITY_USB_SERIAL_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_ACTIVE_ROBOTS_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_MHAM_KW_PID) }, +diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h +index dd6edf8..97e0a6b 100644 +--- a/drivers/usb/serial/ftdi_sio_ids.h ++++ b/drivers/usb/serial/ftdi_sio_ids.h +@@ -147,6 +147,11 @@ + #define XSENS_CONVERTER_6_PID 0xD38E + #define XSENS_CONVERTER_7_PID 0xD38F + ++/** ++ * Zolix (www.zolix.com.cb) product ids ++ */ ++#define FTDI_OMNI1509 0xD491 /* Omni1509 embedded USB-serial */ ++ + /* + * NDI (www.ndigital.com) product ids + */ +@@ -204,7 +209,7 @@ + + /* + * ELV USB devices submitted by Christian Abt of ELV (www.elv.de). +- * All of these devices use FTDI's vendor ID (0x0403). ++ * Almost all of these devices use FTDI's vendor ID (0x0403). + * Further IDs taken from ELV Windows .inf file. + * + * The previously included PID for the UO 100 module was incorrect. +@@ -212,6 +217,8 @@ + * + * Armin Laeuger originally sent the PID for the UM 100 module. + */ ++#define FTDI_ELV_VID 0x1B1F /* ELV AG */ ++#define FTDI_ELV_WS300_PID 0xC006 /* eQ3 WS 300 PC II */ + #define FTDI_ELV_USR_PID 0xE000 /* ELV Universal-Sound-Recorder */ + #define FTDI_ELV_MSM1_PID 0xE001 /* ELV Mini-Sound-Modul */ + #define FTDI_ELV_KL100_PID 0xE002 /* ELV Kfz-Leistungsmesser KL 100 */ +diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c +index 9db3e23..52cd814 100644 +--- a/drivers/usb/serial/option.c ++++ b/drivers/usb/serial/option.c +@@ -242,6 +242,7 @@ static void option_instat_callback(struct urb *urb); + #define TELIT_PRODUCT_CC864_DUAL 0x1005 + #define TELIT_PRODUCT_CC864_SINGLE 0x1006 + #define TELIT_PRODUCT_DE910_DUAL 0x1010 ++#define TELIT_PRODUCT_LE920 0x1200 + + /* ZTE PRODUCTS */ + #define ZTE_VENDOR_ID 0x19d2 +@@ -453,6 +454,10 @@ static void option_instat_callback(struct urb *urb); + #define TPLINK_VENDOR_ID 0x2357 + #define TPLINK_PRODUCT_MA180 0x0201 + ++/* Changhong products */ ++#define CHANGHONG_VENDOR_ID 0x2077 ++#define CHANGHONG_PRODUCT_CH690 0x7001 ++ + /* some devices interfaces need special handling due to a number of reasons */ + enum option_blacklist_reason { + OPTION_BLACKLIST_NONE = 0, +@@ -534,6 +539,11 @@ static const struct option_blacklist_info zte_1255_blacklist = { + .reserved = BIT(3) | BIT(4), + }; + ++static const struct option_blacklist_info telit_le920_blacklist = { ++ .sendsetup = BIT(0), ++ .reserved = BIT(1) | BIT(5), ++}; ++ + static const struct usb_device_id option_ids[] = { + { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_COLT) }, + { USB_DEVICE(OPTION_VENDOR_ID, OPTION_PRODUCT_RICOLA) }, +@@ -784,6 +794,8 @@ static const struct usb_device_id option_ids[] = { + { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_CC864_DUAL) }, + { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_CC864_SINGLE) }, + { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_DE910_DUAL) }, ++ { USB_DEVICE(TELIT_VENDOR_ID, TELIT_PRODUCT_LE920), ++ .driver_info = (kernel_ulong_t)&telit_le920_blacklist }, + { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, ZTE_PRODUCT_MF622, 0xff, 0xff, 0xff) }, /* ZTE WCDMA products */ + { USB_DEVICE_AND_INTERFACE_INFO(ZTE_VENDOR_ID, 0x0002, 0xff, 0xff, 0xff), + .driver_info = (kernel_ulong_t)&net_intf1_blacklist }, +@@ -1318,6 +1330,7 @@ static const struct usb_device_id option_ids[] = { + { USB_DEVICE(PETATEL_VENDOR_ID, PETATEL_PRODUCT_NP10T) }, + { USB_DEVICE(TPLINK_VENDOR_ID, TPLINK_PRODUCT_MA180), + .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, ++ { USB_DEVICE(CHANGHONG_VENDOR_ID, CHANGHONG_PRODUCT_CH690) }, + { } /* Terminating entry */ + }; + MODULE_DEVICE_TABLE(usb, option_ids); +diff --git a/drivers/usb/serial/qcserial.c b/drivers/usb/serial/qcserial.c +index 6634477..14c4a82 100644 +--- a/drivers/usb/serial/qcserial.c ++++ b/drivers/usb/serial/qcserial.c +@@ -55,6 +55,7 @@ static const struct usb_device_id id_table[] = { + {DEVICE_G1K(0x05c6, 0x9221)}, /* Generic Gobi QDL device */ + {DEVICE_G1K(0x05c6, 0x9231)}, /* Generic Gobi QDL device */ + {DEVICE_G1K(0x1f45, 0x0001)}, /* Unknown Gobi QDL device */ ++ {DEVICE_G1K(0x1bc7, 0x900e)}, /* Telit Gobi QDL device */ + + /* Gobi 2000 devices */ + {USB_DEVICE(0x1410, 0xa010)}, /* Novatel Gobi 2000 QDL device */ +diff --git a/drivers/usb/storage/initializers.c b/drivers/usb/storage/initializers.c +index 105d900..16b0bf0 100644 +--- a/drivers/usb/storage/initializers.c ++++ b/drivers/usb/storage/initializers.c +@@ -92,8 +92,8 @@ int usb_stor_ucr61s2b_init(struct us_data *us) + return 0; + } + +-/* This places the HUAWEI E220 devices in multi-port mode */ +-int usb_stor_huawei_e220_init(struct us_data *us) ++/* This places the HUAWEI usb dongles in multi-port mode */ ++static int usb_stor_huawei_feature_init(struct us_data *us) + { + int result; + +@@ -104,3 +104,75 @@ int usb_stor_huawei_e220_init(struct us_data *us) + US_DEBUGP("Huawei mode set result is %d\n", result); + return 0; + } ++ ++/* ++ * It will send a scsi switch command called rewind' to huawei dongle. ++ * When the dongle receives this command at the first time, ++ * it will reboot immediately. After rebooted, it will ignore this command. ++ * So it is unnecessary to read its response. ++ */ ++static int usb_stor_huawei_scsi_init(struct us_data *us) ++{ ++ int result = 0; ++ int act_len = 0; ++ struct bulk_cb_wrap *bcbw = (struct bulk_cb_wrap *) us->iobuf; ++ char rewind_cmd[] = {0x11, 0x06, 0x20, 0x00, 0x00, 0x01, 0x01, 0x00, ++ 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}; ++ ++ bcbw->Signature = cpu_to_le32(US_BULK_CB_SIGN); ++ bcbw->Tag = 0; ++ bcbw->DataTransferLength = 0; ++ bcbw->Flags = bcbw->Lun = 0; ++ bcbw->Length = sizeof(rewind_cmd); ++ memset(bcbw->CDB, 0, sizeof(bcbw->CDB)); ++ memcpy(bcbw->CDB, rewind_cmd, sizeof(rewind_cmd)); ++ ++ result = usb_stor_bulk_transfer_buf(us, us->send_bulk_pipe, bcbw, ++ US_BULK_CB_WRAP_LEN, &act_len); ++ US_DEBUGP("transfer actual length=%d, result=%d\n", act_len, result); ++ return result; ++} ++ ++/* ++ * It tries to find the supported Huawei USB dongles. ++ * In Huawei, they assign the following product IDs ++ * for all of their mobile broadband dongles, ++ * including the new dongles in the future. ++ * So if the product ID is not included in this list, ++ * it means it is not Huawei's mobile broadband dongles. ++ */ ++static int usb_stor_huawei_dongles_pid(struct us_data *us) ++{ ++ struct usb_interface_descriptor *idesc; ++ int idProduct; ++ ++ idesc = &us->pusb_intf->cur_altsetting->desc; ++ idProduct = us->pusb_dev->descriptor.idProduct; ++ /* The first port is CDROM, ++ * means the dongle in the single port mode, ++ * and a switch command is required to be sent. */ ++ if (idesc && idesc->bInterfaceNumber == 0) { ++ if ((idProduct == 0x1001) ++ || (idProduct == 0x1003) ++ || (idProduct == 0x1004) ++ || (idProduct >= 0x1401 && idProduct <= 0x1500) ++ || (idProduct >= 0x1505 && idProduct <= 0x1600) ++ || (idProduct >= 0x1c02 && idProduct <= 0x2202)) { ++ return 1; ++ } ++ } ++ return 0; ++} ++ ++int usb_stor_huawei_init(struct us_data *us) ++{ ++ int result = 0; ++ ++ if (usb_stor_huawei_dongles_pid(us)) { ++ if (us->pusb_dev->descriptor.idProduct >= 0x1446) ++ result = usb_stor_huawei_scsi_init(us); ++ else ++ result = usb_stor_huawei_feature_init(us); ++ } ++ return result; ++} +diff --git a/drivers/usb/storage/initializers.h b/drivers/usb/storage/initializers.h +index 529327f..5376d4f 100644 +--- a/drivers/usb/storage/initializers.h ++++ b/drivers/usb/storage/initializers.h +@@ -46,5 +46,5 @@ int usb_stor_euscsi_init(struct us_data *us); + * flash reader */ + int usb_stor_ucr61s2b_init(struct us_data *us); + +-/* This places the HUAWEI E220 devices in multi-port mode */ +-int usb_stor_huawei_e220_init(struct us_data *us); ++/* This places the HUAWEI usb dongles in multi-port mode */ ++int usb_stor_huawei_init(struct us_data *us); +diff --git a/drivers/usb/storage/unusual_devs.h b/drivers/usb/storage/unusual_devs.h +index fa8a1b2..12640ef 100644 +--- a/drivers/usb/storage/unusual_devs.h ++++ b/drivers/usb/storage/unusual_devs.h +@@ -1515,335 +1515,10 @@ UNUSUAL_DEV( 0x1210, 0x0003, 0x0100, 0x0100, + /* Reported by fangxiaozhi <huananhu@huawei.com> + * This brings the HUAWEI data card devices into multi-port mode + */ +-UNUSUAL_DEV( 0x12d1, 0x1001, 0x0000, 0x0000, ++UNUSUAL_VENDOR_INTF(0x12d1, 0x08, 0x06, 0x50, + "HUAWEI MOBILE", + "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1003, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1004, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1401, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1402, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1403, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1404, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1405, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1406, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1407, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1408, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1409, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x140A, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x140B, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x140C, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x140D, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x140E, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x140F, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1410, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1411, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1412, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1413, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1414, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1415, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1416, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1417, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1418, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1419, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x141A, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x141B, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x141C, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x141D, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x141E, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x141F, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1420, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1421, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1422, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1423, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1424, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1425, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1426, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1427, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1428, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1429, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x142A, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x142B, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x142C, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x142D, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x142E, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x142F, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1430, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1431, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1432, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1433, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1434, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1435, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1436, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1437, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1438, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x1439, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x143A, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x143B, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x143C, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x143D, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x143E, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, +- 0), +-UNUSUAL_DEV( 0x12d1, 0x143F, 0x0000, 0x0000, +- "HUAWEI MOBILE", +- "Mass Storage", +- USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_e220_init, ++ USB_SC_DEVICE, USB_PR_DEVICE, usb_stor_huawei_init, + 0), + + /* Reported by Vilius Bilinkevicius <vilisas AT xxx DOT lt) */ +diff --git a/drivers/usb/storage/usb.c b/drivers/usb/storage/usb.c +index db51ba1..d582af4 100644 +--- a/drivers/usb/storage/usb.c ++++ b/drivers/usb/storage/usb.c +@@ -120,6 +120,17 @@ MODULE_PARM_DESC(quirks, "supplemental list of device IDs and their quirks"); + .useTransport = use_transport, \ + } + ++#define UNUSUAL_VENDOR_INTF(idVendor, cl, sc, pr, \ ++ vendor_name, product_name, use_protocol, use_transport, \ ++ init_function, Flags) \ ++{ \ ++ .vendorName = vendor_name, \ ++ .productName = product_name, \ ++ .useProtocol = use_protocol, \ ++ .useTransport = use_transport, \ ++ .initFunction = init_function, \ ++} ++ + static struct us_unusual_dev us_unusual_dev_list[] = { + # include "unusual_devs.h" + { } /* Terminating entry */ +@@ -128,6 +139,7 @@ static struct us_unusual_dev us_unusual_dev_list[] = { + #undef UNUSUAL_DEV + #undef COMPLIANT_DEV + #undef USUAL_DEV ++#undef UNUSUAL_VENDOR_INTF + + + #ifdef CONFIG_PM /* Minimal support for suspend and resume */ +diff --git a/drivers/usb/storage/usual-tables.c b/drivers/usb/storage/usual-tables.c +index b969279..a9b5f2e 100644 +--- a/drivers/usb/storage/usual-tables.c ++++ b/drivers/usb/storage/usual-tables.c +@@ -46,6 +46,20 @@ + { USB_INTERFACE_INFO(USB_CLASS_MASS_STORAGE, useProto, useTrans), \ + .driver_info = ((useType)<<24) } + ++/* Define the device is matched with Vendor ID and interface descriptors */ ++#define UNUSUAL_VENDOR_INTF(id_vendor, cl, sc, pr, \ ++ vendorName, productName, useProtocol, useTransport, \ ++ initFunction, flags) \ ++{ \ ++ .match_flags = USB_DEVICE_ID_MATCH_INT_INFO \ ++ | USB_DEVICE_ID_MATCH_VENDOR, \ ++ .idVendor = (id_vendor), \ ++ .bInterfaceClass = (cl), \ ++ .bInterfaceSubClass = (sc), \ ++ .bInterfaceProtocol = (pr), \ ++ .driver_info = (flags) \ ++} ++ + struct usb_device_id usb_storage_usb_ids[] = { + # include "unusual_devs.h" + { } /* Terminating entry */ +@@ -57,6 +71,7 @@ MODULE_DEVICE_TABLE(usb, usb_storage_usb_ids); + #undef UNUSUAL_DEV + #undef COMPLIANT_DEV + #undef USUAL_DEV ++#undef UNUSUAL_VENDOR_INTF + + + /* +diff --git a/fs/nilfs2/ioctl.c b/fs/nilfs2/ioctl.c +index c598cfb..2b5e695 100644 +--- a/fs/nilfs2/ioctl.c ++++ b/fs/nilfs2/ioctl.c +@@ -664,8 +664,11 @@ static int nilfs_ioctl_clean_segments(struct inode *inode, struct file *filp, + if (ret < 0) + printk(KERN_ERR "NILFS: GC failed during preparation: " + "cannot read source blocks: err=%d\n", ret); +- else ++ else { ++ if (nilfs_sb_need_update(nilfs)) ++ set_nilfs_discontinued(nilfs); + ret = nilfs_clean_segments(inode->i_sb, argv, kbufs); ++ } + + nilfs_remove_all_gcinodes(nilfs); + clear_nilfs_gc_running(nilfs); +diff --git a/fs/splice.c b/fs/splice.c +index 014fcb4..58ab918 100644 +--- a/fs/splice.c ++++ b/fs/splice.c +@@ -697,8 +697,10 @@ static int pipe_to_sendpage(struct pipe_inode_info *pipe, + return -EINVAL; + + more = (sd->flags & SPLICE_F_MORE) ? MSG_MORE : 0; +- if (sd->len < sd->total_len) ++ ++ if (sd->len < sd->total_len && pipe->nrbufs > 1) + more |= MSG_SENDPAGE_NOTLAST; ++ + return file->f_op->sendpage(file, buf->page, buf->offset, + sd->len, &pos, more); + } +diff --git a/include/linux/sched.h b/include/linux/sched.h +index 1e86bb4..8204898 100644 +--- a/include/linux/sched.h ++++ b/include/linux/sched.h +@@ -2597,7 +2597,16 @@ static inline void thread_group_cputime_init(struct signal_struct *sig) + extern void recalc_sigpending_and_wake(struct task_struct *t); + extern void recalc_sigpending(void); + +-extern void signal_wake_up(struct task_struct *t, int resume_stopped); ++extern void signal_wake_up_state(struct task_struct *t, unsigned int state); ++ ++static inline void signal_wake_up(struct task_struct *t, bool resume) ++{ ++ signal_wake_up_state(t, resume ? TASK_WAKEKILL : 0); ++} ++static inline void ptrace_signal_wake_up(struct task_struct *t, bool resume) ++{ ++ signal_wake_up_state(t, resume ? __TASK_TRACED : 0); ++} + + /* + * Wrappers for p->thread_info->cpu access. No-op on UP. +diff --git a/kernel/ptrace.c b/kernel/ptrace.c +index 78ab24a..67fedad 100644 +--- a/kernel/ptrace.c ++++ b/kernel/ptrace.c +@@ -117,11 +117,45 @@ void __ptrace_unlink(struct task_struct *child) + * TASK_KILLABLE sleeps. + */ + if (child->jobctl & JOBCTL_STOP_PENDING || task_is_traced(child)) +- signal_wake_up(child, task_is_traced(child)); ++ ptrace_signal_wake_up(child, true); + + spin_unlock(&child->sighand->siglock); + } + ++/* Ensure that nothing can wake it up, even SIGKILL */ ++static bool ptrace_freeze_traced(struct task_struct *task) ++{ ++ bool ret = false; ++ ++ /* Lockless, nobody but us can set this flag */ ++ if (task->jobctl & JOBCTL_LISTENING) ++ return ret; ++ ++ spin_lock_irq(&task->sighand->siglock); ++ if (task_is_traced(task) && !__fatal_signal_pending(task)) { ++ task->state = __TASK_TRACED; ++ ret = true; ++ } ++ spin_unlock_irq(&task->sighand->siglock); ++ ++ return ret; ++} ++ ++static void ptrace_unfreeze_traced(struct task_struct *task) ++{ ++ if (task->state != __TASK_TRACED) ++ return; ++ ++ WARN_ON(!task->ptrace || task->parent != current); ++ ++ spin_lock_irq(&task->sighand->siglock); ++ if (__fatal_signal_pending(task)) ++ wake_up_state(task, __TASK_TRACED); ++ else ++ task->state = TASK_TRACED; ++ spin_unlock_irq(&task->sighand->siglock); ++} ++ + /** + * ptrace_check_attach - check whether ptracee is ready for ptrace operation + * @child: ptracee to check for +@@ -151,24 +185,29 @@ int ptrace_check_attach(struct task_struct *child, bool ignore_state) + * be changed by us so it's not changing right after this. + */ + read_lock(&tasklist_lock); +- if ((child->ptrace & PT_PTRACED) && child->parent == current) { ++ if (child->ptrace && child->parent == current) { ++ WARN_ON(child->state == __TASK_TRACED); + /* + * child->sighand can't be NULL, release_task() + * does ptrace_unlink() before __exit_signal(). + */ +- spin_lock_irq(&child->sighand->siglock); +- WARN_ON_ONCE(task_is_stopped(child)); +- if (ignore_state || (task_is_traced(child) && +- !(child->jobctl & JOBCTL_LISTENING))) ++ if (ignore_state || ptrace_freeze_traced(child)) + ret = 0; +- spin_unlock_irq(&child->sighand->siglock); + } + read_unlock(&tasklist_lock); + +- if (!ret && !ignore_state) +- ret = wait_task_inactive(child, TASK_TRACED) ? 0 : -ESRCH; ++ if (!ret && !ignore_state) { ++ if (!wait_task_inactive(child, __TASK_TRACED)) { ++ /* ++ * This can only happen if may_ptrace_stop() fails and ++ * ptrace_stop() changes ->state back to TASK_RUNNING, ++ * so we should not worry about leaking __TASK_TRACED. ++ */ ++ WARN_ON(child->state == __TASK_TRACED); ++ ret = -ESRCH; ++ } ++ } + +- /* All systems go.. */ + return ret; + } + +@@ -307,7 +346,7 @@ static int ptrace_attach(struct task_struct *task, long request, + */ + if (task_is_stopped(task) && + task_set_jobctl_pending(task, JOBCTL_TRAP_STOP | JOBCTL_TRAPPING)) +- signal_wake_up(task, 1); ++ signal_wake_up_state(task, __TASK_STOPPED); + + spin_unlock(&task->sighand->siglock); + +@@ -736,7 +775,7 @@ int ptrace_request(struct task_struct *child, long request, + * tracee into STOP. + */ + if (likely(task_set_jobctl_pending(child, JOBCTL_TRAP_STOP))) +- signal_wake_up(child, child->jobctl & JOBCTL_LISTENING); ++ ptrace_signal_wake_up(child, child->jobctl & JOBCTL_LISTENING); + + unlock_task_sighand(child, &flags); + ret = 0; +@@ -762,7 +801,7 @@ int ptrace_request(struct task_struct *child, long request, + * start of this trap and now. Trigger re-trap. + */ + if (child->jobctl & JOBCTL_TRAP_NOTIFY) +- signal_wake_up(child, true); ++ ptrace_signal_wake_up(child, true); + ret = 0; + } + unlock_task_sighand(child, &flags); +@@ -899,6 +938,8 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, + goto out_put_task_struct; + + ret = arch_ptrace(child, request, addr, data); ++ if (ret || request != PTRACE_DETACH) ++ ptrace_unfreeze_traced(child); + + out_put_task_struct: + put_task_struct(child); +@@ -1038,8 +1079,11 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, + + ret = ptrace_check_attach(child, request == PTRACE_KILL || + request == PTRACE_INTERRUPT); +- if (!ret) ++ if (!ret) { + ret = compat_arch_ptrace(child, request, addr, data); ++ if (ret || request != PTRACE_DETACH) ++ ptrace_unfreeze_traced(child); ++ } + + out_put_task_struct: + put_task_struct(child); +diff --git a/kernel/resource.c b/kernel/resource.c +index 7640b3a..08aa28e 100644 +--- a/kernel/resource.c ++++ b/kernel/resource.c +@@ -757,6 +757,7 @@ static void __init __reserve_region_with_split(struct resource *root, + struct resource *parent = root; + struct resource *conflict; + struct resource *res = kzalloc(sizeof(*res), GFP_ATOMIC); ++ struct resource *next_res = NULL; + + if (!res) + return; +@@ -766,21 +767,46 @@ static void __init __reserve_region_with_split(struct resource *root, + res->end = end; + res->flags = IORESOURCE_BUSY; + +- conflict = __request_resource(parent, res); +- if (!conflict) +- return; ++ while (1) { + +- /* failed, split and try again */ +- kfree(res); ++ conflict = __request_resource(parent, res); ++ if (!conflict) { ++ if (!next_res) ++ break; ++ res = next_res; ++ next_res = NULL; ++ continue; ++ } + +- /* conflict covered whole area */ +- if (conflict->start <= start && conflict->end >= end) +- return; ++ /* conflict covered whole area */ ++ if (conflict->start <= res->start && ++ conflict->end >= res->end) { ++ kfree(res); ++ WARN_ON(next_res); ++ break; ++ } ++ ++ /* failed, split and try again */ ++ if (conflict->start > res->start) { ++ end = res->end; ++ res->end = conflict->start - 1; ++ if (conflict->end < end) { ++ next_res = kzalloc(sizeof(*next_res), ++ GFP_ATOMIC); ++ if (!next_res) { ++ kfree(res); ++ break; ++ } ++ next_res->name = name; ++ next_res->start = conflict->end + 1; ++ next_res->end = end; ++ next_res->flags = IORESOURCE_BUSY; ++ } ++ } else { ++ res->start = conflict->end + 1; ++ } ++ } + +- if (conflict->start > start) +- __reserve_region_with_split(root, start, conflict->start-1, name); +- if (conflict->end < end) +- __reserve_region_with_split(root, conflict->end+1, end, name); + } + + void __init reserve_region_with_split(struct resource *root, +diff --git a/kernel/sched.c b/kernel/sched.c +index fcc893f..eeeec4e 100644 +--- a/kernel/sched.c ++++ b/kernel/sched.c +@@ -2924,7 +2924,8 @@ out: + */ + int wake_up_process(struct task_struct *p) + { +- return try_to_wake_up(p, TASK_ALL, 0); ++ WARN_ON(task_is_stopped_or_traced(p)); ++ return try_to_wake_up(p, TASK_NORMAL, 0); + } + EXPORT_SYMBOL(wake_up_process); + +diff --git a/kernel/sched_rt.c b/kernel/sched_rt.c +index 78fcacf..6ad4fb3 100644 +--- a/kernel/sched_rt.c ++++ b/kernel/sched_rt.c +@@ -384,7 +384,7 @@ static inline struct rt_bandwidth *sched_rt_bandwidth(struct rt_rq *rt_rq) + static int do_balance_runtime(struct rt_rq *rt_rq) + { + struct rt_bandwidth *rt_b = sched_rt_bandwidth(rt_rq); +- struct root_domain *rd = cpu_rq(smp_processor_id())->rd; ++ struct root_domain *rd = rq_of_rt_rq(rt_rq)->rd; + int i, weight, more = 0; + u64 rt_period; + +diff --git a/kernel/signal.c b/kernel/signal.c +index 08e0b97..d2f55ea 100644 +--- a/kernel/signal.c ++++ b/kernel/signal.c +@@ -676,23 +676,17 @@ int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info) + * No need to set need_resched since signal event passing + * goes through ->blocked + */ +-void signal_wake_up(struct task_struct *t, int resume) ++void signal_wake_up_state(struct task_struct *t, unsigned int state) + { +- unsigned int mask; +- + set_tsk_thread_flag(t, TIF_SIGPENDING); +- + /* +- * For SIGKILL, we want to wake it up in the stopped/traced/killable ++ * TASK_WAKEKILL also means wake it up in the stopped/traced/killable + * case. We don't check t->state here because there is a race with it + * executing another processor and just now entering stopped state. + * By using wake_up_state, we ensure the process will wake up and + * handle its death signal. + */ +- mask = TASK_INTERRUPTIBLE; +- if (resume) +- mask |= TASK_WAKEKILL; +- if (!wake_up_state(t, mask)) ++ if (!wake_up_state(t, state | TASK_INTERRUPTIBLE)) + kick_process(t); + } + +@@ -841,7 +835,7 @@ static void ptrace_trap_notify(struct task_struct *t) + assert_spin_locked(&t->sighand->siglock); + + task_set_jobctl_pending(t, JOBCTL_TRAP_NOTIFY); +- signal_wake_up(t, t->jobctl & JOBCTL_LISTENING); ++ ptrace_signal_wake_up(t, t->jobctl & JOBCTL_LISTENING); + } + + /* +@@ -1765,6 +1759,10 @@ static inline int may_ptrace_stop(void) + * If SIGKILL was already sent before the caller unlocked + * ->siglock we must see ->core_state != NULL. Otherwise it + * is safe to enter schedule(). ++ * ++ * This is almost outdated, a task with the pending SIGKILL can't ++ * block in TASK_TRACED. But PTRACE_EVENT_EXIT can be reported ++ * after SIGKILL was already dequeued. + */ + if (unlikely(current->mm->core_state) && + unlikely(current->mm == current->parent->mm)) +@@ -1890,6 +1888,7 @@ static void ptrace_stop(int exit_code, int why, int clear_code, siginfo_t *info) + if (gstop_done) + do_notify_parent_cldstop(current, false, why); + ++ /* tasklist protects us from ptrace_freeze_traced() */ + __set_current_state(TASK_RUNNING); + if (clear_code) + current->exit_code = 0; +diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c +index 6033f02..7a157b3 100644 +--- a/net/bluetooth/hci_event.c ++++ b/net/bluetooth/hci_event.c +@@ -1972,7 +1972,7 @@ static inline void hci_cmd_complete_evt(struct hci_dev *hdev, struct sk_buff *sk + if (ev->opcode != HCI_OP_NOP) + del_timer(&hdev->cmd_timer); + +- if (ev->ncmd) { ++ if (ev->ncmd && !test_bit(HCI_RESET, &hdev->flags)) { + atomic_set(&hdev->cmd_cnt, 1); + if (!skb_queue_empty(&hdev->cmd_q)) + tasklet_schedule(&hdev->cmd_task); +diff --git a/net/bluetooth/smp.c b/net/bluetooth/smp.c +index 1849ee0..9ab60e6 100644 +--- a/net/bluetooth/smp.c ++++ b/net/bluetooth/smp.c +@@ -642,6 +642,19 @@ int smp_sig_channel(struct l2cap_conn *conn, struct sk_buff *skb) + + skb_pull(skb, sizeof(code)); + ++ /* ++ * The SMP context must be initialized for all other PDUs except ++ * pairing and security requests. If we get any other PDU when ++ * not initialized simply disconnect (done if this function ++ * returns an error). ++ */ ++ if (code != SMP_CMD_PAIRING_REQ && code != SMP_CMD_SECURITY_REQ && ++ !conn->smp_chan) { ++ BT_ERR("Unexpected SMP command 0x%02x. Disconnecting.", code); ++ kfree_skb(skb); ++ return -ENOTSUPP; ++ } ++ + switch (code) { + case SMP_CMD_PAIRING_REQ: + reason = smp_cmd_pairing_req(conn, skb); +diff --git a/net/bridge/br_netfilter.c b/net/bridge/br_netfilter.c +index 577ea5d..7c1745d 100644 +--- a/net/bridge/br_netfilter.c ++++ b/net/bridge/br_netfilter.c +@@ -245,6 +245,9 @@ static int br_parse_ip_options(struct sk_buff *skb) + struct net_device *dev = skb->dev; + u32 len; + ++ if (!pskb_may_pull(skb, sizeof(struct iphdr))) ++ goto inhdr_error; ++ + iph = ip_hdr(skb); + opt = &(IPCB(skb)->opt); + +diff --git a/net/core/pktgen.c b/net/core/pktgen.c +index 7bc9991..2ef7da0 100644 +--- a/net/core/pktgen.c ++++ b/net/core/pktgen.c +@@ -1803,10 +1803,13 @@ static ssize_t pktgen_thread_write(struct file *file, + return -EFAULT; + i += len; + mutex_lock(&pktgen_thread_lock); +- pktgen_add_device(t, f); ++ ret = pktgen_add_device(t, f); + mutex_unlock(&pktgen_thread_lock); +- ret = count; +- sprintf(pg_result, "OK: add_device=%s", f); ++ if (!ret) { ++ ret = count; ++ sprintf(pg_result, "OK: add_device=%s", f); ++ } else ++ sprintf(pg_result, "ERROR: can not add device %s", f); + goto out; + } + +diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c +index 0106d25..3b36002 100644 +--- a/net/ipv4/ip_sockglue.c ++++ b/net/ipv4/ip_sockglue.c +@@ -600,7 +600,7 @@ static int do_ip_setsockopt(struct sock *sk, int level, + case IP_TTL: + if (optlen < 1) + goto e_inval; +- if (val != -1 && (val < 0 || val > 255)) ++ if (val != -1 && (val < 1 || val > 255)) + goto e_inval; + inet->uc_ttl = val; + break; +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c +index aab8f08..e865ed1 100644 +--- a/net/ipv4/tcp_input.c ++++ b/net/ipv4/tcp_input.c +@@ -3655,6 +3655,11 @@ static int tcp_process_frto(struct sock *sk, int flag) + } + } else { + if (!(flag & FLAG_DATA_ACKED) && (tp->frto_counter == 1)) { ++ if (!tcp_packets_in_flight(tp)) { ++ tcp_enter_frto_loss(sk, 2, flag); ++ return true; ++ } ++ + /* Prevent sending of new data. */ + tp->snd_cwnd = min(tp->snd_cwnd, + tcp_packets_in_flight(tp)); +diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c +index aef80d7..b27baed 100644 +--- a/net/ipv6/addrconf.c ++++ b/net/ipv6/addrconf.c +@@ -1739,7 +1739,7 @@ static struct rt6_info *addrconf_get_prefix_route(const struct in6_addr *pfx, + continue; + if ((rt->rt6i_flags & flags) != flags) + continue; +- if ((noflags != 0) && ((rt->rt6i_flags & flags) != 0)) ++ if ((rt->rt6i_flags & noflags) != 0) + continue; + dst_hold(&rt->dst); + break; +diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c +index ae98e09..3ccd9b2 100644 +--- a/net/ipv6/ip6_output.c ++++ b/net/ipv6/ip6_output.c +@@ -1284,10 +1284,10 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to, + cork->length = 0; + sk->sk_sndmsg_page = NULL; + sk->sk_sndmsg_off = 0; +- exthdrlen = (opt ? opt->opt_flen : 0) - rt->rt6i_nfheader_len; ++ exthdrlen = (opt ? opt->opt_flen : 0); + length += exthdrlen; + transhdrlen += exthdrlen; +- dst_exthdrlen = rt->dst.header_len; ++ dst_exthdrlen = rt->dst.header_len - rt->rt6i_nfheader_len; + } else { + rt = (struct rt6_info *)cork->dst; + fl6 = &inet->cork.fl.u.ip6; +diff --git a/net/ipv6/route.c b/net/ipv6/route.c +index 19724bd..791c1fa 100644 +--- a/net/ipv6/route.c ++++ b/net/ipv6/route.c +@@ -819,7 +819,8 @@ restart: + dst_hold(&rt->dst); + read_unlock_bh(&table->tb6_lock); + +- if (!dst_get_neighbour_raw(&rt->dst) && !(rt->rt6i_flags & RTF_NONEXTHOP)) ++ if (!dst_get_neighbour_raw(&rt->dst) ++ && !(rt->rt6i_flags & (RTF_NONEXTHOP | RTF_LOCAL))) + nrt = rt6_alloc_cow(rt, &fl6->daddr, &fl6->saddr); + else if (!(rt->dst.flags & DST_HOST)) + nrt = rt6_alloc_clone(rt, &fl6->daddr); +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index 85afc13..835fcea 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -2422,13 +2422,15 @@ static int packet_release(struct socket *sock) + + packet_flush_mclist(sk); + +- memset(&req_u, 0, sizeof(req_u)); +- +- if (po->rx_ring.pg_vec) ++ if (po->rx_ring.pg_vec) { ++ memset(&req_u, 0, sizeof(req_u)); + packet_set_ring(sk, &req_u, 1, 0); ++ } + +- if (po->tx_ring.pg_vec) ++ if (po->tx_ring.pg_vec) { ++ memset(&req_u, 0, sizeof(req_u)); + packet_set_ring(sk, &req_u, 1, 1); ++ } + + fanout_release(sk); + +diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c +index c8cc24e..dbe5870a 100644 +--- a/net/sctp/endpointola.c ++++ b/net/sctp/endpointola.c +@@ -248,6 +248,8 @@ void sctp_endpoint_free(struct sctp_endpoint *ep) + /* Final destructor for endpoint. */ + static void sctp_endpoint_destroy(struct sctp_endpoint *ep) + { ++ int i; ++ + SCTP_ASSERT(ep->base.dead, "Endpoint is not dead", return); + + /* Free up the HMAC transform. */ +@@ -270,6 +272,9 @@ static void sctp_endpoint_destroy(struct sctp_endpoint *ep) + sctp_inq_free(&ep->base.inqueue); + sctp_bind_addr_free(&ep->base.bind_addr); + ++ for (i = 0; i < SCTP_HOW_MANY_SECRETS; ++i) ++ memset(&ep->secret_key[i], 0, SCTP_SECRET_SIZE); ++ + /* Remove and free the port */ + if (sctp_sk(ep->base.sk)->bind_hash) + sctp_put_port(ep->base.sk); +diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c +index cfeb1d4..96eb168 100644 +--- a/net/sctp/outqueue.c ++++ b/net/sctp/outqueue.c +@@ -223,7 +223,7 @@ void sctp_outq_init(struct sctp_association *asoc, struct sctp_outq *q) + + /* Free the outqueue structure and any related pending chunks. + */ +-void sctp_outq_teardown(struct sctp_outq *q) ++static void __sctp_outq_teardown(struct sctp_outq *q) + { + struct sctp_transport *transport; + struct list_head *lchunk, *temp; +@@ -276,8 +276,6 @@ void sctp_outq_teardown(struct sctp_outq *q) + sctp_chunk_free(chunk); + } + +- q->error = 0; +- + /* Throw away any leftover control chunks. */ + list_for_each_entry_safe(chunk, tmp, &q->control_chunk_list, list) { + list_del_init(&chunk->list); +@@ -285,11 +283,17 @@ void sctp_outq_teardown(struct sctp_outq *q) + } + } + ++void sctp_outq_teardown(struct sctp_outq *q) ++{ ++ __sctp_outq_teardown(q); ++ sctp_outq_init(q->asoc, q); ++} ++ + /* Free the outqueue structure and any related pending chunks. */ + void sctp_outq_free(struct sctp_outq *q) + { + /* Throw away leftover chunks. */ +- sctp_outq_teardown(q); ++ __sctp_outq_teardown(q); + + /* If we were kmalloc()'d, free the memory. */ + if (q->malloced) +diff --git a/net/sctp/socket.c b/net/sctp/socket.c +index fa8333b..5e0d86e 100644 +--- a/net/sctp/socket.c ++++ b/net/sctp/socket.c +@@ -3375,7 +3375,7 @@ static int sctp_setsockopt_auth_key(struct sock *sk, + + ret = sctp_auth_set_key(sctp_sk(sk)->ep, asoc, authkey); + out: +- kfree(authkey); ++ kzfree(authkey); + return ret; + } + diff --git a/3.2.38/4420_grsecurity-2.9.1-3.2.38-201302171808.patch b/3.2.39/4420_grsecurity-2.9.1-3.2.39-201302222046.patch index ce8c16c..ed3c4f5 100644 --- a/3.2.38/4420_grsecurity-2.9.1-3.2.38-201302171808.patch +++ b/3.2.39/4420_grsecurity-2.9.1-3.2.39-201302222046.patch @@ -255,7 +255,7 @@ index 88fd7f5..b318a78 100644 ============================================================== diff --git a/Makefile b/Makefile -index c8c9d02..7e79e3e 100644 +index 0fceb8b..feec909 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -281,12 +281,16 @@ index c8c9d02..7e79e3e 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -564,6 +565,60 @@ else +@@ -564,6 +565,64 @@ else KBUILD_CFLAGS += -O2 endif +ifndef DISABLE_PAX_PLUGINS ++ifeq ($(call cc-ifversion, -ge, 0408, y), y) ++PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)") ++else +PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(HOSTCXX)" "$(CC)") ++endif +ifneq ($(PLUGINCC),) +ifndef DISABLE_PAX_CONSTIFY_PLUGIN +ifndef CONFIG_UML @@ -342,7 +346,7 @@ index c8c9d02..7e79e3e 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifneq ($(CONFIG_FRAME_WARN),0) -@@ -708,7 +763,7 @@ export mod_strip_cmd +@@ -708,7 +767,7 @@ export mod_strip_cmd ifeq ($(KBUILD_EXTMOD),) @@ -351,7 +355,7 @@ index c8c9d02..7e79e3e 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -932,6 +987,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE +@@ -932,6 +991,8 @@ vmlinux.o: $(modpost-init) $(vmlinux-main) FORCE # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -360,7 +364,7 @@ index c8c9d02..7e79e3e 100644 $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -941,7 +998,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; +@@ -941,7 +1002,7 @@ $(sort $(vmlinux-init) $(vmlinux-main)) $(vmlinux-lds): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -369,7 +373,7 @@ index c8c9d02..7e79e3e 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -985,6 +1042,7 @@ prepare0: archprepare FORCE +@@ -985,6 +1046,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -377,7 +381,7 @@ index c8c9d02..7e79e3e 100644 prepare: prepare0 # Generate some files -@@ -1089,6 +1147,8 @@ all: modules +@@ -1089,6 +1151,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -386,7 +390,7 @@ index c8c9d02..7e79e3e 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -1104,7 +1164,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -1104,7 +1168,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -395,7 +399,7 @@ index c8c9d02..7e79e3e 100644 # Target to install modules PHONY += modules_install -@@ -1163,7 +1223,7 @@ CLEAN_FILES += vmlinux System.map \ +@@ -1163,7 +1227,7 @@ CLEAN_FILES += vmlinux System.map \ MRPROPER_DIRS += include/config usr/include include/generated \ arch/*/include/generated MRPROPER_FILES += .config .config.old .version .old_version \ @@ -404,7 +408,7 @@ index c8c9d02..7e79e3e 100644 Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS # clean - Delete most, but leave enough to build external modules -@@ -1201,6 +1261,7 @@ distclean: mrproper +@@ -1201,6 +1265,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -412,7 +416,7 @@ index c8c9d02..7e79e3e 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1361,6 +1422,8 @@ PHONY += $(module-dirs) modules +@@ -1361,6 +1426,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -421,7 +425,7 @@ index c8c9d02..7e79e3e 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1487,17 +1550,21 @@ else +@@ -1487,17 +1554,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -447,7 +451,7 @@ index c8c9d02..7e79e3e 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1507,11 +1574,15 @@ endif +@@ -1507,11 +1578,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -1690,6 +1694,19 @@ index 3606e85..44ba19d 100644 .endm #ifdef CONFIG_XIP_KERNEL +diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c +index 2bc1a8e..f433c88 100644 +--- a/arch/arm/kernel/hw_breakpoint.c ++++ b/arch/arm/kernel/hw_breakpoint.c +@@ -986,7 +986,7 @@ static int __cpuinit dbg_reset_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata dbg_reset_nb = { ++static struct notifier_block dbg_reset_nb = { + .notifier_call = dbg_reset_notify, + }; + diff --git a/arch/arm/kernel/module.c b/arch/arm/kernel/module.c index 1e9be5d..4e0f470 100644 --- a/arch/arm/kernel/module.c @@ -2600,6 +2617,32 @@ index 449c8c0..50cdf87 100644 __cu_len; \ }) +diff --git a/arch/ia64/kernel/err_inject.c b/arch/ia64/kernel/err_inject.c +index c539c68..c95d3db 100644 +--- a/arch/ia64/kernel/err_inject.c ++++ b/arch/ia64/kernel/err_inject.c +@@ -256,7 +256,7 @@ static int __cpuinit err_inject_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata err_inject_cpu_notifier = ++static struct notifier_block err_inject_cpu_notifier = + { + .notifier_call = err_inject_cpu_callback, + }; +diff --git a/arch/ia64/kernel/mca.c b/arch/ia64/kernel/mca.c +index 84fb405..7f52920 100644 +--- a/arch/ia64/kernel/mca.c ++++ b/arch/ia64/kernel/mca.c +@@ -1919,7 +1919,7 @@ static int __cpuinit mca_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block mca_cpu_notifier __cpuinitdata = { ++static struct notifier_block mca_cpu_notifier = { + .notifier_call = mca_cpu_callback + }; + diff --git a/arch/ia64/kernel/module.c b/arch/ia64/kernel/module.c index 24603be..948052d 100644 --- a/arch/ia64/kernel/module.c @@ -2692,6 +2735,32 @@ index 24603be..948052d 100644 mod->arch.gp = gp; DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp); } +diff --git a/arch/ia64/kernel/palinfo.c b/arch/ia64/kernel/palinfo.c +index 77597e5..6f28f3f 100644 +--- a/arch/ia64/kernel/palinfo.c ++++ b/arch/ia64/kernel/palinfo.c +@@ -1045,7 +1045,7 @@ static int __cpuinit palinfo_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata palinfo_cpu_notifier = ++static struct notifier_block palinfo_cpu_notifier = + { + .notifier_call = palinfo_cpu_callback, + .priority = 0, +diff --git a/arch/ia64/kernel/salinfo.c b/arch/ia64/kernel/salinfo.c +index 79802e5..1a89ec5 100644 +--- a/arch/ia64/kernel/salinfo.c ++++ b/arch/ia64/kernel/salinfo.c +@@ -616,7 +616,7 @@ salinfo_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu + return NOTIFY_OK; + } + +-static struct notifier_block salinfo_cpu_notifier __cpuinitdata = ++static struct notifier_block salinfo_cpu_notifier = + { + .notifier_call = salinfo_cpu_callback, + .priority = 0, diff --git a/arch/ia64/kernel/sys_ia64.c b/arch/ia64/kernel/sys_ia64.c index 609d500..acd0429 100644 --- a/arch/ia64/kernel/sys_ia64.c @@ -2736,6 +2805,19 @@ index 609d500..acd0429 100644 /* Remember the address where we stopped this search: */ mm->free_area_cache = addr + len; return addr; +diff --git a/arch/ia64/kernel/topology.c b/arch/ia64/kernel/topology.c +index 9be1f11..f2eef30 100644 +--- a/arch/ia64/kernel/topology.c ++++ b/arch/ia64/kernel/topology.c +@@ -444,7 +444,7 @@ static int __cpuinit cache_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata cache_cpu_notifier = ++static struct notifier_block cache_cpu_notifier = + { + .notifier_call = cache_cpu_callback + }; diff --git a/arch/ia64/kernel/vmlinux.lds.S b/arch/ia64/kernel/vmlinux.lds.S index 53c0ba0..2accdde 100644 --- a/arch/ia64/kernel/vmlinux.lds.S @@ -4663,6 +4745,19 @@ index f2496f2..4e3cc47 100644 return ret; } #endif +diff --git a/arch/powerpc/kernel/sysfs.c b/arch/powerpc/kernel/sysfs.c +index 55be64d..94d8783 100644 +--- a/arch/powerpc/kernel/sysfs.c ++++ b/arch/powerpc/kernel/sysfs.c +@@ -517,7 +517,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata sysfs_cpu_nb = { ++static struct notifier_block sysfs_cpu_nb = { + .notifier_call = sysfs_cpu_notify, + }; + diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c index 82dcd4d..a80088a 100644 --- a/arch/powerpc/kernel/traps.c @@ -4896,6 +4991,32 @@ index 5a783d8..fbe4c8b 100644 mm->get_unmapped_area = arch_get_unmapped_area_topdown; mm->unmap_area = arch_unmap_area_topdown; } +diff --git a/arch/powerpc/mm/mmu_context_nohash.c b/arch/powerpc/mm/mmu_context_nohash.c +index 5b63bd3..248942d 100644 +--- a/arch/powerpc/mm/mmu_context_nohash.c ++++ b/arch/powerpc/mm/mmu_context_nohash.c +@@ -370,7 +370,7 @@ static int __cpuinit mmu_context_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata mmu_context_cpu_nb = { ++static struct notifier_block mmu_context_cpu_nb = { + .notifier_call = mmu_context_cpu_notify, + }; + +diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c +index b22a83a..e55f74f 100644 +--- a/arch/powerpc/mm/numa.c ++++ b/arch/powerpc/mm/numa.c +@@ -964,7 +964,7 @@ static void __init *careful_zallocation(int nid, unsigned long size, + return ret; + } + +-static struct notifier_block __cpuinitdata ppc64_numa_nb = { ++static struct notifier_block ppc64_numa_nb = { + .notifier_call = cpu_numa_callback, + .priority = 1 /* Must run before sched domains notifier. */ + }; diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c index 73709f7..63db0f7 100644 --- a/arch/powerpc/mm/slice.c @@ -4966,6 +5087,32 @@ index 73709f7..63db0f7 100644 /* If hint, make sure it matches our alignment restrictions */ if (!fixed && addr) { addr = _ALIGN_UP(addr, 1ul << pshift); +diff --git a/arch/powerpc/platforms/powermac/smp.c b/arch/powerpc/platforms/powermac/smp.c +index 3394254..8c6825c 100644 +--- a/arch/powerpc/platforms/powermac/smp.c ++++ b/arch/powerpc/platforms/powermac/smp.c +@@ -886,7 +886,7 @@ static int smp_core99_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata smp_core99_cpu_nb = { ++static struct notifier_block smp_core99_cpu_nb = { + .notifier_call = smp_core99_cpu_notify, + }; + #endif /* CONFIG_HOTPLUG_CPU */ +diff --git a/arch/s390/appldata/appldata_base.c b/arch/s390/appldata/appldata_base.c +index 24bff4f..0248123 100644 +--- a/arch/s390/appldata/appldata_base.c ++++ b/arch/s390/appldata/appldata_base.c +@@ -610,7 +610,7 @@ static int __cpuinit appldata_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata appldata_nb = { ++static struct notifier_block appldata_nb = { + .notifier_call = appldata_cpu_notify, + }; + diff --git a/arch/s390/include/asm/atomic.h b/arch/s390/include/asm/atomic.h index 8517d2a..d2738d4 100644 --- a/arch/s390/include/asm/atomic.h @@ -5216,6 +5363,19 @@ index 53088e2..9f44a36 100644 - return base; - return ret; -} +diff --git a/arch/s390/kernel/smp.c b/arch/s390/kernel/smp.c +index 1df64a8..aea2a39 100644 +--- a/arch/s390/kernel/smp.c ++++ b/arch/s390/kernel/smp.c +@@ -1035,7 +1035,7 @@ static int __cpuinit smp_cpu_notify(struct notifier_block *self, + return notifier_from_errno(err); + } + +-static struct notifier_block __cpuinitdata smp_cpu_nb = { ++static struct notifier_block smp_cpu_nb = { + .notifier_call = smp_cpu_notify, + }; + diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c index c70b3d8..d01c6b3 100644 --- a/arch/s390/mm/mmap.c @@ -5324,6 +5484,19 @@ index ef9e555..331bd29 100644 #define __read_mostly __attribute__((__section__(".data..read_mostly"))) +diff --git a/arch/sh/kernel/cpu/sh4a/smp-shx3.c b/arch/sh/kernel/cpu/sh4a/smp-shx3.c +index 03f2b55..b027032 100644 +--- a/arch/sh/kernel/cpu/sh4a/smp-shx3.c ++++ b/arch/sh/kernel/cpu/sh4a/smp-shx3.c +@@ -143,7 +143,7 @@ shx3_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu) + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata shx3_cpu_notifier = { ++static struct notifier_block shx3_cpu_notifier = { + .notifier_call = shx3_cpu_callback, + }; + diff --git a/arch/sh/mm/mmap.c b/arch/sh/mm/mmap.c index afeb710..e8366ef 100644 --- a/arch/sh/mm/mmap.c @@ -6464,6 +6637,19 @@ index 7f5f65d..3308382 100644 ldx [%sp + PTREGS_OFF + PT_V9_TNPC], %l1 ! pc = npc 2: +diff --git a/arch/sparc/kernel/sysfs.c b/arch/sparc/kernel/sysfs.c +index 7408201..b349841 100644 +--- a/arch/sparc/kernel/sysfs.c ++++ b/arch/sparc/kernel/sysfs.c +@@ -266,7 +266,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata sysfs_cpu_nb = { ++static struct notifier_block sysfs_cpu_nb = { + .notifier_call = sysfs_cpu_notify, + }; + diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c index 591f20c..0f1b925 100644 --- a/arch/sparc/kernel/traps_32.c @@ -9071,7 +9257,7 @@ index 6557769..ef6ae89 100644 if (err) diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S -index a6253ec..0a325de 100644 +index 95b4eb3..ccdcbb6 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S @@ -13,7 +13,9 @@ @@ -9218,7 +9404,7 @@ index a6253ec..0a325de 100644 + testl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),TI_flags(%r11) jnz ia32_ret_from_sys_call TRACE_IRQS_ON - sti + ENABLE_INTERRUPTS(CLBR_NONE) @@ -215,12 +261,12 @@ sysexit_from_sys_call: movzbl %al,%edi /* zero-extend that into %edi */ inc %edi /* first arg, 0->1(AUDITSC_SUCCESS), 1->2(AUDITSC_FAILURE) */ @@ -9227,7 +9413,7 @@ index a6253ec..0a325de 100644 + GET_THREAD_INFO(%r11) movl RAX-ARGOFFSET(%rsp),%eax /* reload syscall return value */ movl $(_TIF_ALLWORK_MASK & ~_TIF_SYSCALL_AUDIT),%edi - cli + DISABLE_INTERRUPTS(CLBR_NONE) TRACE_IRQS_OFF - testl %edi,TI_flags(%r10) + testl %edi,TI_flags(%r11) @@ -14451,9 +14637,18 @@ index 1911442..2424a83 100644 .name = "summit", .probe = probe_summit, diff --git a/arch/x86/kernel/apic/x2apic_cluster.c b/arch/x86/kernel/apic/x2apic_cluster.c -index 5007958..7a534f0 100644 +index 5007958..2eba140 100644 --- a/arch/x86/kernel/apic/x2apic_cluster.c +++ b/arch/x86/kernel/apic/x2apic_cluster.c +@@ -182,7 +182,7 @@ update_clusterinfo(struct notifier_block *nfb, unsigned long action, void *hcpu) + return notifier_from_errno(err); + } + +-static struct notifier_block __refdata x2apic_cpu_notifier = { ++static struct notifier_block x2apic_cpu_notifier = { + .notifier_call = update_clusterinfo, + }; + @@ -208,7 +208,7 @@ static int x2apic_cluster_probe(void) return 0; } @@ -14806,7 +15001,7 @@ index 3e6ff6c..54b4992 100644 } #endif diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c -index 0e89635..279dd37 100644 +index 0e89635..f0a7525 100644 --- a/arch/x86/kernel/cpu/intel_cacheinfo.c +++ b/arch/x86/kernel/cpu/intel_cacheinfo.c @@ -984,6 +984,22 @@ static struct attribute *default_attrs[] = { @@ -14896,8 +15091,17 @@ index 0e89635..279dd37 100644 per_cpu(ici_cache_kobject, cpu), "index%1lu", i); if (unlikely(retval)) { +@@ -1189,7 +1207,7 @@ static int __cpuinit cacheinfo_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata cacheinfo_cpu_notifier = { ++static struct notifier_block cacheinfo_cpu_notifier = { + .notifier_call = cacheinfo_cpu_callback, + }; + diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c -index 3b67877..6e11450 100644 +index 3b67877..e41ede1 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -42,6 +42,7 @@ @@ -15017,7 +15221,7 @@ index 3b67877..6e11450 100644 } -static struct notifier_block mce_cpu_notifier __cpuinitdata = { -+static struct notifier_block mce_cpu_notifier __cpuinitconst = { ++static struct notifier_block mce_cpu_notifier = { .notifier_call = mce_cpu_callback, }; @@ -15052,6 +15256,19 @@ index 5c0e653..0882b0a 100644 /* Make sure the vector pointer is visible before we enable MCEs: */ wmb(); +diff --git a/arch/x86/kernel/cpu/mcheck/therm_throt.c b/arch/x86/kernel/cpu/mcheck/therm_throt.c +index ce04b58..b84acbd 100644 +--- a/arch/x86/kernel/cpu/mcheck/therm_throt.c ++++ b/arch/x86/kernel/cpu/mcheck/therm_throt.c +@@ -290,7 +290,7 @@ thermal_throttle_cpu_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block thermal_throttle_cpu_notifier __cpuinitdata = ++static struct notifier_block thermal_throttle_cpu_notifier = + { + .notifier_call = thermal_throttle_cpu_callback, + }; diff --git a/arch/x86/kernel/cpu/mcheck/winchip.c b/arch/x86/kernel/cpu/mcheck/winchip.c index 54060f5..c1a7577 100644 --- a/arch/x86/kernel/cpu/mcheck/winchip.c @@ -15113,6 +15330,19 @@ index 2bda212..78cc605 100644 } } +diff --git a/arch/x86/kernel/cpuid.c b/arch/x86/kernel/cpuid.c +index 212a6a4..322f5d9 100644 +--- a/arch/x86/kernel/cpuid.c ++++ b/arch/x86/kernel/cpuid.c +@@ -172,7 +172,7 @@ static int __cpuinit cpuid_class_cpu_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block __refdata cpuid_class_cpu_notifier = ++static struct notifier_block cpuid_class_cpu_notifier = + { + .notifier_call = cpuid_class_cpu_callback, + }; diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c index 13ad899..f642b9a 100644 --- a/arch/x86/kernel/crash.c @@ -18754,7 +18984,7 @@ index 7da647d..c828808 100644 reset_current_kprobe(); preempt_enable_no_resched(); diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c -index a9c2116..a52d4fc 100644 +index a9c2116..94c1e1a 100644 --- a/arch/x86/kernel/kvm.c +++ b/arch/x86/kernel/kvm.c @@ -437,6 +437,7 @@ static void __init paravirt_ops_setup(void) @@ -18765,6 +18995,15 @@ index a9c2116..a52d4fc 100644 #endif #endif pv_mmu_ops.flush_tlb_user = kvm_flush_tlb; +@@ -579,7 +580,7 @@ static int __cpuinit kvm_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata kvm_cpu_notifier = { ++static struct notifier_block kvm_cpu_notifier = { + .notifier_call = kvm_cpu_notify, + }; + #endif diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c index ea69726..604d066 100644 --- a/arch/x86/kernel/ldt.c @@ -18864,6 +19103,19 @@ index a3fa43b..8966f4c 100644 relocate_kernel_ptr = control_page; page_list[PA_CONTROL_PAGE] = __pa(control_page); +diff --git a/arch/x86/kernel/microcode_core.c b/arch/x86/kernel/microcode_core.c +index 29c95d7..97b7b1b 100644 +--- a/arch/x86/kernel/microcode_core.c ++++ b/arch/x86/kernel/microcode_core.c +@@ -507,7 +507,7 @@ mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu) + return NOTIFY_OK; + } + +-static struct notifier_block __refdata mc_cpu_notifier = { ++static struct notifier_block mc_cpu_notifier = { + .notifier_call = mc_cpu_callback, + }; + diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/microcode_intel.c index 3ca42d0..7cff8cc 100644 --- a/arch/x86/kernel/microcode_intel.c @@ -19024,6 +19276,19 @@ index 925179f..6794bbb 100644 #if 0 if ((s64)val != *(s32 *)loc) goto overflow; +diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c +index f7d1a64..399615a 100644 +--- a/arch/x86/kernel/msr.c ++++ b/arch/x86/kernel/msr.c +@@ -235,7 +235,7 @@ static int __cpuinit msr_class_cpu_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block __refdata msr_class_cpu_notifier = { ++static struct notifier_block msr_class_cpu_notifier = { + .notifier_call = msr_class_cpu_callback, + }; + diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c index e88f37b..1353db6 100644 --- a/arch/x86/kernel/nmi.c @@ -20085,7 +20350,7 @@ index 9f548cb..caf76f7 100644 if (err) { pr_debug("do_boot_cpu failed %d\n", err); diff --git a/arch/x86/kernel/step.c b/arch/x86/kernel/step.c -index c346d11..d43b163 100644 +index d4f278e..86c58c0 100644 --- a/arch/x86/kernel/step.c +++ b/arch/x86/kernel/step.c @@ -27,10 +27,10 @@ unsigned long convert_ip_to_linear(struct task_struct *child, struct pt_regs *re @@ -20521,7 +20786,7 @@ index 9a0e312..e6f66f2 100644 .long sys_restart_syscall /* 0 - old "setup()" system call, used for restarting */ .long sys_exit diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c -index e2410e2..4fe3fbc 100644 +index e2410e2..b98a4fd 100644 --- a/arch/x86/kernel/tboot.c +++ b/arch/x86/kernel/tboot.c @@ -219,7 +219,7 @@ static int tboot_setup_sleep(void) @@ -20551,7 +20816,7 @@ index e2410e2..4fe3fbc 100644 static int tboot_wait_for_aps(int num_aps) { -@@ -322,9 +322,9 @@ static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb, +@@ -322,16 +322,16 @@ static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb, { switch (action) { case CPU_DYING: @@ -20563,6 +20828,14 @@ index e2410e2..4fe3fbc 100644 return NOTIFY_BAD; break; } + return NOTIFY_OK; + } + +-static struct notifier_block tboot_cpu_notifier __cpuinitdata = ++static struct notifier_block tboot_cpu_notifier = + { + .notifier_call = tboot_cpu_callback, + }; @@ -343,7 +343,7 @@ static __init int tboot_late_init(void) tboot_create_trampoline(); @@ -27418,6 +27691,19 @@ index bff89df..377758a 100644 unsigned long stack = kernel_stack_pointer(regs); if (depth) dump_trace(NULL, regs, (unsigned long *)stack, 0, +diff --git a/arch/x86/pci/amd_bus.c b/arch/x86/pci/amd_bus.c +index 385a940..b11662d 100644 +--- a/arch/x86/pci/amd_bus.c ++++ b/arch/x86/pci/amd_bus.c +@@ -355,7 +355,7 @@ static int __cpuinit amd_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata amd_cpu_notifier = { ++static struct notifier_block amd_cpu_notifier = { + .notifier_call = amd_cpu_notify, + }; + diff --git a/arch/x86/pci/mrst.c b/arch/x86/pci/mrst.c index cb29191..036766d 100644 --- a/arch/x86/pci/mrst.c @@ -28415,7 +28701,7 @@ index 153407c..611cba9 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 69b9ef6..c76f1fe 100644 +index 69b9ef6..30a09b1 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -86,8 +86,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -28520,6 +28806,15 @@ index 69b9ef6..c76f1fe 100644 xen_smp_init(); +@@ -1400,7 +1399,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block xen_hvm_cpu_notifier __cpuinitdata = { ++static struct notifier_block xen_hvm_cpu_notifier = { + .notifier_call = xen_hvm_cpu_notify, + }; + diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c index 2b8b0de..0787f8a 100644 --- a/arch/x86/xen/mmu.c @@ -28620,10 +28915,10 @@ index 9a23fff..c05e794 100644 xen_init_spinlocks(); } diff --git a/arch/x86/xen/xen-asm_32.S b/arch/x86/xen/xen-asm_32.S -index b040b0e..c457aa7 100644 +index 7328f71..c457aa7 100644 --- a/arch/x86/xen/xen-asm_32.S +++ b/arch/x86/xen/xen-asm_32.S -@@ -83,16 +83,16 @@ ENTRY(xen_iret) +@@ -83,14 +83,14 @@ ENTRY(xen_iret) ESP_OFFSET=4 # bytes pushed onto stack /* @@ -28633,43 +28928,17 @@ index b040b0e..c457aa7 100644 */ #ifdef CONFIG_SMP - GET_THREAD_INFO(%eax) -- movl TI_cpu(%eax), %eax -- movl __per_cpu_offset(,%eax,4), %eax -- mov xen_vcpu(%eax), %eax +- movl %ss:TI_cpu(%eax), %eax +- movl %ss:__per_cpu_offset(,%eax,4), %eax +- mov %ss:xen_vcpu(%eax), %eax + push %fs + mov $(__KERNEL_PERCPU), %eax + mov %eax, %fs + mov PER_CPU_VAR(xen_vcpu), %eax + pop %fs #else -- movl xen_vcpu, %eax -+ movl %ss:xen_vcpu, %eax + movl %ss:xen_vcpu, %eax #endif - - /* check IF state we're restoring */ -@@ -105,11 +105,11 @@ ENTRY(xen_iret) - * resuming the code, so we don't have to be worried about - * being preempted to another CPU. - */ -- setz XEN_vcpu_info_mask(%eax) -+ setz %ss:XEN_vcpu_info_mask(%eax) - xen_iret_start_crit: - - /* check for unmasked and pending */ -- cmpw $0x0001, XEN_vcpu_info_pending(%eax) -+ cmpw $0x0001, %ss:XEN_vcpu_info_pending(%eax) - - /* - * If there's something pending, mask events again so we can -@@ -117,7 +117,7 @@ xen_iret_start_crit: - * touch XEN_vcpu_info_mask. - */ - jne 1f -- movb $1, XEN_vcpu_info_mask(%eax) -+ movb $1, %ss:XEN_vcpu_info_mask(%eax) - - 1: popl %eax - diff --git a/arch/x86/xen/xen-head.S b/arch/x86/xen/xen-head.S index aaa7291..3f77960 100644 --- a/arch/x86/xen/xen-head.S @@ -28767,7 +29036,7 @@ index af00795..2bb8105 100644 #define XCHAL_ICACHE_SIZE 32768 /* I-cache size in bytes or 0 */ #define XCHAL_DCACHE_SIZE 32768 /* D-cache size in bytes or 0 */ diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c -index 58916af..9cb880b 100644 +index 58916af..eb9dbcf6 100644 --- a/block/blk-iopoll.c +++ b/block/blk-iopoll.c @@ -77,7 +77,7 @@ void blk_iopoll_complete(struct blk_iopoll *iopoll) @@ -28779,6 +29048,15 @@ index 58916af..9cb880b 100644 { struct list_head *list = &__get_cpu_var(blk_cpu_iopoll); int rearm = 0, budget = blk_iopoll_budget; +@@ -209,7 +209,7 @@ static int __cpuinit blk_iopoll_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata blk_iopoll_cpu_notifier = { ++static struct notifier_block blk_iopoll_cpu_notifier = { + .notifier_call = blk_iopoll_cpu_notify, + }; + diff --git a/block/blk-map.c b/block/blk-map.c index 623e1cd..ca1e109 100644 --- a/block/blk-map.c @@ -28793,7 +29071,7 @@ index 623e1cd..ca1e109 100644 bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading); else diff --git a/block/blk-softirq.c b/block/blk-softirq.c -index 1366a89..e17f54b 100644 +index 1366a89..dfb3871 100644 --- a/block/blk-softirq.c +++ b/block/blk-softirq.c @@ -17,7 +17,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done); @@ -28805,6 +29083,15 @@ index 1366a89..e17f54b 100644 { struct list_head *cpu_list, local_list; +@@ -97,7 +97,7 @@ static int __cpuinit blk_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata blk_cpu_notifier = { ++static struct notifier_block blk_cpu_notifier = { + .notifier_call = blk_cpu_notify, + }; + diff --git a/block/bsg.c b/block/bsg.c index c0ab25c..9d49f8f 100644 --- a/block/bsg.c @@ -31529,7 +31816,7 @@ index 0636520..169c1d0 100644 acpi_os_unmap_memory(virt, len); return 0; diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c -index 8e3c46d..c139b99 100644 +index 7795d1e..bc6d80a 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c @@ -563,7 +563,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, @@ -31550,6 +31837,32 @@ index 8e3c46d..c139b99 100644 } static ssize_t port_fops_write(struct file *filp, const char __user *ubuf, +diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c +index 987a165..4620e42 100644 +--- a/drivers/cpufreq/cpufreq.c ++++ b/drivers/cpufreq/cpufreq.c +@@ -1790,7 +1790,7 @@ static int __cpuinit cpufreq_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata cpufreq_cpu_notifier = { ++static struct notifier_block cpufreq_cpu_notifier = { + .notifier_call = cpufreq_cpu_callback, + }; + +diff --git a/drivers/cpufreq/cpufreq_stats.c b/drivers/cpufreq/cpufreq_stats.c +index c5072a9..d5f3bf1 100644 +--- a/drivers/cpufreq/cpufreq_stats.c ++++ b/drivers/cpufreq/cpufreq_stats.c +@@ -341,7 +341,7 @@ static int __cpuinit cpufreq_stat_cpu_callback(struct notifier_block *nfb, + } + + /* priority=1 so this will get called before cpufreq_remove_dev */ +-static struct notifier_block cpufreq_stat_cpu_notifier __refdata = { ++static struct notifier_block cpufreq_stat_cpu_notifier = { + .notifier_call = cpufreq_stat_cpu_callback, + .priority = 1, + }; diff --git a/drivers/dma/dmatest.c b/drivers/dma/dmatest.c index eb1d864..39ee5a7 100644 --- a/drivers/dma/dmatest.c @@ -31563,6 +31876,19 @@ index eb1d864..39ee5a7 100644 } pr_info("dmatest: Started %u threads using %s\n", +diff --git a/drivers/dma/shdma.c b/drivers/dma/shdma.c +index 81809c2..6409470 100644 +--- a/drivers/dma/shdma.c ++++ b/drivers/dma/shdma.c +@@ -1054,7 +1054,7 @@ static int sh_dmae_nmi_handler(struct notifier_block *self, + return ret; + } + +-static struct notifier_block sh_dmae_nmi_notifier __read_mostly = { ++static struct notifier_block sh_dmae_nmi_notifier = { + .notifier_call = sh_dmae_nmi_handler, + + /* Run before NMI debug handler and KGDB */ diff --git a/drivers/edac/amd64_edac.c b/drivers/edac/amd64_edac.c index a9d5482..376077f 100644 --- a/drivers/edac/amd64_edac.c @@ -32531,7 +32857,7 @@ index 93e74fb..4a1182d 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index c05e825..b086c8c 100644 +index 7817429..b6d75d8 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -2214,7 +2214,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) @@ -32553,7 +32879,7 @@ index c05e825..b086c8c 100644 wake_up(&dev_priv->pending_flip_queue); schedule_work(&work->work); -@@ -7190,7 +7189,13 @@ static int intel_gen6_queue_flip(struct drm_device *dev, +@@ -7188,7 +7187,13 @@ static int intel_gen6_queue_flip(struct drm_device *dev, OUT_RING(fb->pitch | obj->tiling_mode); OUT_RING(obj->gtt_offset); @@ -32567,7 +32893,7 @@ index c05e825..b086c8c 100644 + pf = 0; pipesrc = I915_READ(PIPESRC(intel_crtc->pipe)) & 0x0fff0fff; OUT_RING(pf | pipesrc); - ADVANCE_LP_RING(); + @@ -7324,7 +7329,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, /* Block clients from rendering to the new back buffer until * the flip occurs and the object is no longer visible. @@ -33524,6 +33850,19 @@ index 66f6729..2d6de0a 100644 mutex_lock(&resource->lock); resource->trip[attr->index - 7] = temp; +diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c +index 3d630bb..77756d7 100644 +--- a/drivers/hwmon/coretemp.c ++++ b/drivers/hwmon/coretemp.c +@@ -787,7 +787,7 @@ static int __cpuinit coretemp_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block coretemp_cpu_notifier __refdata = { ++static struct notifier_block coretemp_cpu_notifier = { + .notifier_call = coretemp_cpu_callback, + }; + diff --git a/drivers/hwmon/sht15.c b/drivers/hwmon/sht15.c index 5357925..6cf0418 100644 --- a/drivers/hwmon/sht15.c @@ -33576,6 +33915,19 @@ index 5357925..6cf0418 100644 return; } +diff --git a/drivers/hwmon/via-cputemp.c b/drivers/hwmon/via-cputemp.c +index 8eac67d..d7b2fa5 100644 +--- a/drivers/hwmon/via-cputemp.c ++++ b/drivers/hwmon/via-cputemp.c +@@ -304,7 +304,7 @@ static int __cpuinit via_cputemp_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block via_cputemp_cpu_notifier __refdata = { ++static struct notifier_block via_cputemp_cpu_notifier = { + .notifier_call = via_cputemp_cpu_callback, + }; + diff --git a/drivers/i2c/busses/i2c-amd756-s4882.c b/drivers/i2c/busses/i2c-amd756-s4882.c index 378fcb5..5e91fa8 100644 --- a/drivers/i2c/busses/i2c-amd756-s4882.c @@ -34379,6 +34731,19 @@ index 40c8353..946b0e4 100644 } PDBG("%s stag_state 0x%0x type 0x%0x pdid 0x%0x, stag_idx 0x%x\n", __func__, stag_state, type, pdid, stag_idx); +diff --git a/drivers/infiniband/hw/ehca/ehca_irq.c b/drivers/infiniband/hw/ehca/ehca_irq.c +index e571e60..523c505 100644 +--- a/drivers/infiniband/hw/ehca/ehca_irq.c ++++ b/drivers/infiniband/hw/ehca/ehca_irq.c +@@ -883,7 +883,7 @@ static int __cpuinit comp_pool_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block comp_pool_callback_nb __cpuinitdata = { ++static struct notifier_block comp_pool_callback_nb = { + .notifier_call = comp_pool_callback, + .priority = 0, + }; diff --git a/drivers/infiniband/hw/ipath/ipath_rc.c b/drivers/infiniband/hw/ipath/ipath_rc.c index 79b3dbc..96e5fcc 100644 --- a/drivers/infiniband/hw/ipath/ipath_rc.c @@ -37105,6 +37470,19 @@ index 61d2bdd..7f1154a 100644 { "100/10M Ethernet PCI Adapter", HAS_MII_XCVR }, { "100/10M Ethernet PCI Adapter", HAS_CHIP_XCVR }, { "1000/100/10M Ethernet PCI Adapter", HAS_MII_XCVR }, +diff --git a/drivers/net/ethernet/ibm/emac/core.c b/drivers/net/ethernet/ibm/emac/core.c +index ed79b2d..b17b19d 100644 +--- a/drivers/net/ethernet/ibm/emac/core.c ++++ b/drivers/net/ethernet/ibm/emac/core.c +@@ -2309,7 +2309,7 @@ static int __devinit emac_of_bus_notify(struct notifier_block *nb, + return 0; + } + +-static struct notifier_block emac_of_bus_notifier __devinitdata = { ++static struct notifier_block emac_of_bus_notifier = { + .notifier_call = emac_of_bus_notify + }; + diff --git a/drivers/net/ethernet/intel/e1000e/80003es2lan.c b/drivers/net/ethernet/intel/e1000e/80003es2lan.c index e1159e5..34efe3e 100644 --- a/drivers/net/ethernet/intel/e1000e/80003es2lan.c @@ -37348,7 +37726,7 @@ index 49b549f..13d648c 100644 mac->phydev = phydev; diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index b8db4cd..41bf50c 100644 +index a6153f1..4bdf0c8 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c @@ -704,17 +704,17 @@ struct rtl8169_private { @@ -37422,6 +37800,19 @@ index d4d2bc1..14b8672 100644 }; static int stmmac_init_fs(struct net_device *dev) +diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c +index 97f342e..63fee4d 100644 +--- a/drivers/net/macvlan.c ++++ b/drivers/net/macvlan.c +@@ -850,7 +850,7 @@ static int macvlan_device_event(struct notifier_block *unused, + return NOTIFY_DONE; + } + +-static struct notifier_block macvlan_notifier_block __read_mostly = { ++static struct notifier_block macvlan_notifier_block = { + .notifier_call = macvlan_device_event, + }; + diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c index 26106c0..4046553 100644 --- a/drivers/net/macvtap.c @@ -38429,6 +38820,19 @@ index 2f0aa0f..90fab02 100644 { return __oprofilefs_create_file(sb, root, name, &atomic_ro_fops, 0444, val); +diff --git a/drivers/oprofile/timer_int.c b/drivers/oprofile/timer_int.c +index 878fba1..2084bcf 100644 +--- a/drivers/oprofile/timer_int.c ++++ b/drivers/oprofile/timer_int.c +@@ -93,7 +93,7 @@ static int __cpuinit oprofile_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata oprofile_cpu_notifier = { ++static struct notifier_block oprofile_cpu_notifier = { + .notifier_call = oprofile_cpu_notify, + }; + diff --git a/drivers/parport/procfs.c b/drivers/parport/procfs.c index 3f56bc0..707d642 100644 --- a/drivers/parport/procfs.c @@ -52461,7 +52865,7 @@ index dba43c3..7511af2 100644 if (op) { diff --git a/fs/splice.c b/fs/splice.c -index 014fcb4..980206f 100644 +index 58ab918..e471089 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -195,7 +195,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, @@ -52512,7 +52916,7 @@ index 014fcb4..980206f 100644 vec[i].iov_len = this_len; spd.pages[i] = page; spd.nr_pages++; -@@ -853,10 +853,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed); +@@ -855,10 +855,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed); int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd) { while (!pipe->nrbufs) { @@ -52525,7 +52929,7 @@ index 014fcb4..980206f 100644 return 0; if (sd->flags & SPLICE_F_NONBLOCK) -@@ -1189,7 +1189,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, +@@ -1191,7 +1191,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, * out of the pipe right after the splice_to_pipe(). So set * PIPE_READERS appropriately. */ @@ -52534,7 +52938,7 @@ index 014fcb4..980206f 100644 current->splice_pipe = pipe; } -@@ -1742,9 +1742,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1744,9 +1744,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -52546,7 +52950,7 @@ index 014fcb4..980206f 100644 if (flags & SPLICE_F_NONBLOCK) { ret = -EAGAIN; break; -@@ -1776,7 +1776,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1778,7 +1778,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) pipe_lock(pipe); while (pipe->nrbufs >= pipe->buffers) { @@ -52555,7 +52959,7 @@ index 014fcb4..980206f 100644 send_sig(SIGPIPE, current, 0); ret = -EPIPE; break; -@@ -1789,9 +1789,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1791,9 +1791,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -52567,7 +52971,7 @@ index 014fcb4..980206f 100644 } pipe_unlock(pipe); -@@ -1827,14 +1827,14 @@ retry: +@@ -1829,14 +1829,14 @@ retry: pipe_double_lock(ipipe, opipe); do { @@ -52584,7 +52988,7 @@ index 014fcb4..980206f 100644 break; /* -@@ -1931,7 +1931,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1933,7 +1933,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, pipe_double_lock(ipipe, opipe); do { @@ -52593,7 +52997,7 @@ index 014fcb4..980206f 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -1976,7 +1976,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1978,7 +1978,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, * return EAGAIN if we have the potential of some data in the * future, otherwise just return 0 */ @@ -64013,6 +64417,19 @@ index 320d6c9..89f1e77 100644 +#define ACCESS_ONCE_RW(x) (*(volatile typeof(x) *)&(x)) #endif /* __LINUX_COMPILER_H */ +diff --git a/include/linux/cpu.h b/include/linux/cpu.h +index c692acc..95bcc75 100644 +--- a/include/linux/cpu.h ++++ b/include/linux/cpu.h +@@ -108,7 +108,7 @@ enum { + /* Need to know about CPUs going up/down? */ + #if defined(CONFIG_HOTPLUG_CPU) || !defined(MODULE) + #define cpu_notifier(fn, pri) { \ +- static struct notifier_block fn##_nb __cpuinitdata = \ ++ static struct notifier_block fn##_nb = \ + { .notifier_call = fn, .priority = pri }; \ + register_cpu_notifier(&fn##_nb); \ + } diff --git a/include/linux/crash_dump.h b/include/linux/crash_dump.h index b936763..48685ee 100644 --- a/include/linux/crash_dump.h @@ -66467,7 +66884,7 @@ index 4633b2f..988bc08 100644 atomic_t refcnt; unsigned int max_seq_nr; diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h -index b669be6..8335421 100644 +index b669be6..22773f5 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h @@ -748,8 +748,8 @@ struct perf_event { @@ -66492,6 +66909,15 @@ index b669be6..8335421 100644 /* * Protect attach/detach and child_list: +@@ -1193,7 +1193,7 @@ static inline void perf_event_task_tick(void) { } + */ + #define perf_cpu_notifier(fn) \ + do { \ +- static struct notifier_block fn##_nb __cpuinitdata = \ ++ static struct notifier_block fn##_nb = \ + { .notifier_call = fn, .priority = CPU_PRI_PERF }; \ + fn(&fn##_nb, (unsigned long)CPU_UP_PREPARE, \ + (void *)(unsigned long)smp_processor_id()); \ diff --git a/include/linux/personality.h b/include/linux/personality.h index 8fc7dd1a..c19d89e 100644 --- a/include/linux/personality.h @@ -66770,7 +67196,7 @@ index 2148b12..519b820 100644 static inline void anon_vma_merge(struct vm_area_struct *vma, diff --git a/include/linux/sched.h b/include/linux/sched.h -index 1e86bb4..bcc2c30 100644 +index 8204898..bcc2c30 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -101,6 +101,7 @@ struct bio_list; @@ -67033,24 +67459,6 @@ index 1e86bb4..bcc2c30 100644 return (obj >= stack) && (obj < (stack + THREAD_SIZE)); } -@@ -2597,7 +2713,16 @@ static inline void thread_group_cputime_init(struct signal_struct *sig) - extern void recalc_sigpending_and_wake(struct task_struct *t); - extern void recalc_sigpending(void); - --extern void signal_wake_up(struct task_struct *t, int resume_stopped); -+extern void signal_wake_up_state(struct task_struct *t, unsigned int state); -+ -+static inline void signal_wake_up(struct task_struct *t, bool resume) -+{ -+ signal_wake_up_state(t, resume ? TASK_WAKEKILL : 0); -+} -+static inline void ptrace_signal_wake_up(struct task_struct *t, bool resume) -+{ -+ signal_wake_up_state(t, resume ? __TASK_TRACED : 0); -+} - - /* - * Wrappers for p->thread_info->cpu access. No-op on UP. diff --git a/include/linux/screen_info.h b/include/linux/screen_info.h index 899fbb4..1cb4138 100644 --- a/include/linux/screen_info.h @@ -67195,7 +67603,7 @@ index 53dc7e7..e353d6b 100644 int size); extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, diff --git a/include/linux/slab.h b/include/linux/slab.h -index 573c809..0ae46e1 100644 +index 573c809..d11cea2 100644 --- a/include/linux/slab.h +++ b/include/linux/slab.h @@ -11,12 +11,20 @@ @@ -67252,26 +67660,15 @@ index 573c809..0ae46e1 100644 /* * Allocator specific definitions. These are mainly used to establish optimized -@@ -240,8 +253,18 @@ size_t ksize(const void *); +@@ -240,6 +253,7 @@ size_t ksize(const void *); * for general use, and so are not documented here. For a full list of * potential flags, always refer to linux/gfp.h. */ + -+extern void kcalloc_error(void) -+#if defined(CONFIG_GCOV_KERNEL) && defined(CONFIG_PAX_SIZE_OVERFLOW) -+__compiletime_warning("kcalloc called with swapped arguments?"); -+#else -+__compiletime_error("kcalloc called with swapped arguments?"); -+#endif -+ static inline void *kcalloc(size_t n, size_t size, gfp_t flags) { -+ if (__builtin_constant_p(n) && !__builtin_constant_p(size)) -+ kcalloc_error(); if (size != 0 && n > ULONG_MAX / size) - return NULL; - return __kmalloc(n * size, flags | __GFP_ZERO); -@@ -287,7 +310,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, +@@ -287,7 +301,7 @@ static inline void *kmem_cache_alloc_node(struct kmem_cache *cachep, */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) @@ -67280,7 +67677,7 @@ index 573c809..0ae46e1 100644 #define kmalloc_track_caller(size, flags) \ __kmalloc_track_caller(size, flags, _RET_IP_) #else -@@ -306,7 +329,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); +@@ -306,7 +320,7 @@ extern void *__kmalloc_track_caller(size_t, gfp_t, unsigned long); */ #if defined(CONFIG_DEBUG_SLAB) || defined(CONFIG_SLUB) || \ (defined(CONFIG_SLAB) && defined(CONFIG_TRACING)) @@ -70469,7 +70866,7 @@ index 9b22d03..6295b62 100644 prev->next = info->next; else diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index 6db7a5e..25b6648 100644 +index 6db7a5e..0d600bd 100644 --- a/kernel/hrtimer.c +++ b/kernel/hrtimer.c @@ -1407,7 +1407,7 @@ void hrtimer_peek_ahead_timers(void) @@ -70481,6 +70878,15 @@ index 6db7a5e..25b6648 100644 { struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases); +@@ -1751,7 +1751,7 @@ static int __cpuinit hrtimer_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata hrtimers_nb = { ++static struct notifier_block hrtimers_nb = { + .notifier_call = hrtimer_cpu_notify, + }; + diff --git a/kernel/jump_label.c b/kernel/jump_label.c index 66ff710..794bc5a 100644 --- a/kernel/jump_label.c @@ -72221,92 +72627,10 @@ index 76b8e77..a2930e8 100644 } diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index 78ab24a..5333587 100644 +index 67fedad..5333587 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c -@@ -117,11 +117,45 @@ void __ptrace_unlink(struct task_struct *child) - * TASK_KILLABLE sleeps. - */ - if (child->jobctl & JOBCTL_STOP_PENDING || task_is_traced(child)) -- signal_wake_up(child, task_is_traced(child)); -+ ptrace_signal_wake_up(child, true); - - spin_unlock(&child->sighand->siglock); - } - -+/* Ensure that nothing can wake it up, even SIGKILL */ -+static bool ptrace_freeze_traced(struct task_struct *task) -+{ -+ bool ret = false; -+ -+ /* Lockless, nobody but us can set this flag */ -+ if (task->jobctl & JOBCTL_LISTENING) -+ return ret; -+ -+ spin_lock_irq(&task->sighand->siglock); -+ if (task_is_traced(task) && !__fatal_signal_pending(task)) { -+ task->state = __TASK_TRACED; -+ ret = true; -+ } -+ spin_unlock_irq(&task->sighand->siglock); -+ -+ return ret; -+} -+ -+static void ptrace_unfreeze_traced(struct task_struct *task) -+{ -+ if (task->state != __TASK_TRACED) -+ return; -+ -+ WARN_ON(!task->ptrace || task->parent != current); -+ -+ spin_lock_irq(&task->sighand->siglock); -+ if (__fatal_signal_pending(task)) -+ wake_up_state(task, __TASK_TRACED); -+ else -+ task->state = TASK_TRACED; -+ spin_unlock_irq(&task->sighand->siglock); -+} -+ - /** - * ptrace_check_attach - check whether ptracee is ready for ptrace operation - * @child: ptracee to check for -@@ -151,28 +185,34 @@ int ptrace_check_attach(struct task_struct *child, bool ignore_state) - * be changed by us so it's not changing right after this. - */ - read_lock(&tasklist_lock); -- if ((child->ptrace & PT_PTRACED) && child->parent == current) { -+ if (child->ptrace && child->parent == current) { -+ WARN_ON(child->state == __TASK_TRACED); - /* - * child->sighand can't be NULL, release_task() - * does ptrace_unlink() before __exit_signal(). - */ -- spin_lock_irq(&child->sighand->siglock); -- WARN_ON_ONCE(task_is_stopped(child)); -- if (ignore_state || (task_is_traced(child) && -- !(child->jobctl & JOBCTL_LISTENING))) -+ if (ignore_state || ptrace_freeze_traced(child)) - ret = 0; -- spin_unlock_irq(&child->sighand->siglock); - } - read_unlock(&tasklist_lock); - -- if (!ret && !ignore_state) -- ret = wait_task_inactive(child, TASK_TRACED) ? 0 : -ESRCH; -+ if (!ret && !ignore_state) { -+ if (!wait_task_inactive(child, __TASK_TRACED)) { -+ /* -+ * This can only happen if may_ptrace_stop() fails and -+ * ptrace_stop() changes ->state back to TASK_RUNNING, -+ * so we should not worry about leaking __TASK_TRACED. -+ */ -+ WARN_ON(child->state == __TASK_TRACED); -+ ret = -ESRCH; -+ } -+ } - -- /* All systems go.. */ +@@ -211,7 +211,8 @@ int ptrace_check_attach(struct task_struct *child, bool ignore_state) return ret; } @@ -72316,7 +72640,7 @@ index 78ab24a..5333587 100644 { const struct cred *cred = current_cred(), *tcred; -@@ -198,7 +238,8 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode) +@@ -237,7 +238,8 @@ int __ptrace_may_access(struct task_struct *task, unsigned int mode) cred->gid == tcred->sgid && cred->gid == tcred->gid)) goto ok; @@ -72326,7 +72650,7 @@ index 78ab24a..5333587 100644 goto ok; rcu_read_unlock(); return -EPERM; -@@ -207,7 +248,9 @@ ok: +@@ -246,7 +248,9 @@ ok: smp_rmb(); if (task->mm) dumpable = get_dumpable(task->mm); @@ -72337,7 +72661,7 @@ index 78ab24a..5333587 100644 return -EPERM; return security_ptrace_access_check(task, mode); -@@ -217,7 +260,21 @@ bool ptrace_may_access(struct task_struct *task, unsigned int mode) +@@ -256,7 +260,21 @@ bool ptrace_may_access(struct task_struct *task, unsigned int mode) { int err; task_lock(task); @@ -72360,7 +72684,7 @@ index 78ab24a..5333587 100644 task_unlock(task); return !err; } -@@ -262,7 +319,7 @@ static int ptrace_attach(struct task_struct *task, long request, +@@ -301,7 +319,7 @@ static int ptrace_attach(struct task_struct *task, long request, goto out; task_lock(task); @@ -72369,7 +72693,7 @@ index 78ab24a..5333587 100644 task_unlock(task); if (retval) goto unlock_creds; -@@ -277,7 +334,7 @@ static int ptrace_attach(struct task_struct *task, long request, +@@ -316,7 +334,7 @@ static int ptrace_attach(struct task_struct *task, long request, task->ptrace = PT_PTRACED; if (seize) task->ptrace |= PT_SEIZED; @@ -72378,16 +72702,7 @@ index 78ab24a..5333587 100644 task->ptrace |= PT_PTRACE_CAP; __ptrace_link(task, current); -@@ -307,7 +364,7 @@ static int ptrace_attach(struct task_struct *task, long request, - */ - if (task_is_stopped(task) && - task_set_jobctl_pending(task, JOBCTL_TRAP_STOP | JOBCTL_TRAPPING)) -- signal_wake_up(task, 1); -+ signal_wake_up_state(task, __TASK_STOPPED); - - spin_unlock(&task->sighand->siglock); - -@@ -483,7 +540,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst +@@ -522,7 +540,7 @@ int ptrace_readdata(struct task_struct *tsk, unsigned long src, char __user *dst break; return -EIO; } @@ -72396,7 +72711,7 @@ index 78ab24a..5333587 100644 return -EFAULT; copied += retval; src += retval; -@@ -680,7 +737,7 @@ int ptrace_request(struct task_struct *child, long request, +@@ -719,7 +737,7 @@ int ptrace_request(struct task_struct *child, long request, bool seized = child->ptrace & PT_SEIZED; int ret = -EIO; siginfo_t siginfo, *si; @@ -72405,25 +72720,7 @@ index 78ab24a..5333587 100644 unsigned long __user *datalp = datavp; unsigned long flags; -@@ -736,7 +793,7 @@ int ptrace_request(struct task_struct *child, long request, - * tracee into STOP. - */ - if (likely(task_set_jobctl_pending(child, JOBCTL_TRAP_STOP))) -- signal_wake_up(child, child->jobctl & JOBCTL_LISTENING); -+ ptrace_signal_wake_up(child, child->jobctl & JOBCTL_LISTENING); - - unlock_task_sighand(child, &flags); - ret = 0; -@@ -762,7 +819,7 @@ int ptrace_request(struct task_struct *child, long request, - * start of this trap and now. Trigger re-trap. - */ - if (child->jobctl & JOBCTL_TRAP_NOTIFY) -- signal_wake_up(child, true); -+ ptrace_signal_wake_up(child, true); - ret = 0; - } - unlock_task_sighand(child, &flags); -@@ -882,14 +939,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, +@@ -921,14 +939,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, goto out; } @@ -72446,16 +72743,7 @@ index 78ab24a..5333587 100644 goto out_put_task_struct; } -@@ -899,6 +963,8 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, - goto out_put_task_struct; - - ret = arch_ptrace(child, request, addr, data); -+ if (ret || request != PTRACE_DETACH) -+ ptrace_unfreeze_traced(child); - - out_put_task_struct: - put_task_struct(child); -@@ -915,7 +981,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, +@@ -956,7 +981,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0); if (copied != sizeof(tmp)) return -EIO; @@ -72464,7 +72752,7 @@ index 78ab24a..5333587 100644 } int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, -@@ -1025,21 +1091,31 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, +@@ -1066,14 +1091,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, goto out; } @@ -72487,17 +72775,6 @@ index 78ab24a..5333587 100644 goto out_put_task_struct; } - ret = ptrace_check_attach(child, request == PTRACE_KILL || - request == PTRACE_INTERRUPT); -- if (!ret) -+ if (!ret) { - ret = compat_arch_ptrace(child, request, addr, data); -+ if (ret || request != PTRACE_DETACH) -+ ptrace_unfreeze_traced(child); -+ } - - out_put_task_struct: - put_task_struct(child); diff --git a/kernel/rcutiny.c b/kernel/rcutiny.c index 636af6d..8af70ab 100644 --- a/kernel/rcutiny.c @@ -72894,7 +73171,7 @@ index 9feffa4..54058df 100644 rdp->dynticks->dynticks_nmi_nesting, rdp->dynticks_fqs); diff --git a/kernel/resource.c b/kernel/resource.c -index 7640b3a..5879283 100644 +index 08aa28e..b958c1c 100644 --- a/kernel/resource.c +++ b/kernel/resource.c @@ -141,8 +141,18 @@ static const struct file_operations proc_iomem_operations = { @@ -73011,20 +73288,10 @@ index 3d9f31c..7fefc9e 100644 default: diff --git a/kernel/sched.c b/kernel/sched.c -index fcc893f..223b418 100644 +index eeeec4e..403ccf3 100644 --- a/kernel/sched.c +++ b/kernel/sched.c -@@ -2924,7 +2924,8 @@ out: - */ - int wake_up_process(struct task_struct *p) - { -- return try_to_wake_up(p, TASK_ALL, 0); -+ WARN_ON(task_is_stopped_or_traced(p)); -+ return try_to_wake_up(p, TASK_NORMAL, 0); - } - EXPORT_SYMBOL(wake_up_process); - -@@ -5290,6 +5291,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -5291,6 +5291,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = 20 - nice; @@ -73033,7 +73300,7 @@ index fcc893f..223b418 100644 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -5323,7 +5326,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -5324,7 +5326,8 @@ SYSCALL_DEFINE1(nice, int, increment) if (nice > 19) nice = 19; @@ -73043,7 +73310,7 @@ index fcc893f..223b418 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -5480,6 +5484,7 @@ recheck: +@@ -5481,6 +5484,7 @@ recheck: unsigned long rlim_rtprio = task_rlimit(p, RLIMIT_RTPRIO); @@ -73051,6 +73318,15 @@ index fcc893f..223b418 100644 /* can't set/change the rt policy */ if (policy != p->policy && !rlim_rtprio) return -EPERM; +@@ -6875,7 +6879,7 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu) + * happens before everything else. This has to be lower priority than + * the notifier in the perf_event subsystem, though. + */ +-static struct notifier_block __cpuinitdata migration_notifier = { ++static struct notifier_block migration_notifier = { + .notifier_call = migration_call, + .priority = CPU_PRI_MIGRATION, + }; diff --git a/kernel/sched_autogroup.c b/kernel/sched_autogroup.c index f280df1..da1281d 100644 --- a/kernel/sched_autogroup.c @@ -73087,7 +73363,7 @@ index 66e4576..d05c6d5 100644 int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); diff --git a/kernel/signal.c b/kernel/signal.c -index 08e0b97..4dc47a0 100644 +index d2f55ea..4dc47a0 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -45,12 +45,12 @@ static struct kmem_cache *sigqueue_cachep; @@ -73133,34 +73409,7 @@ index 08e0b97..4dc47a0 100644 if (is_global_init(tsk)) return 1; if (handler != SIG_IGN && handler != SIG_DFL) -@@ -676,23 +679,17 @@ int dequeue_signal(struct task_struct *tsk, sigset_t *mask, siginfo_t *info) - * No need to set need_resched since signal event passing - * goes through ->blocked - */ --void signal_wake_up(struct task_struct *t, int resume) -+void signal_wake_up_state(struct task_struct *t, unsigned int state) - { -- unsigned int mask; -- - set_tsk_thread_flag(t, TIF_SIGPENDING); -- - /* -- * For SIGKILL, we want to wake it up in the stopped/traced/killable -+ * TASK_WAKEKILL also means wake it up in the stopped/traced/killable - * case. We don't check t->state here because there is a race with it - * executing another processor and just now entering stopped state. - * By using wake_up_state, we ensure the process will wake up and - * handle its death signal. - */ -- mask = TASK_INTERRUPTIBLE; -- if (resume) -- mask |= TASK_WAKEKILL; -- if (!wake_up_state(t, mask)) -+ if (!wake_up_state(t, state | TASK_INTERRUPTIBLE)) - kick_process(t); - } - -@@ -815,6 +812,13 @@ static int check_kill_permission(int sig, struct siginfo *info, +@@ -809,6 +812,13 @@ static int check_kill_permission(int sig, struct siginfo *info, } } @@ -73174,16 +73423,7 @@ index 08e0b97..4dc47a0 100644 return security_task_kill(t, info, sig, 0); } -@@ -841,7 +845,7 @@ static void ptrace_trap_notify(struct task_struct *t) - assert_spin_locked(&t->sighand->siglock); - - task_set_jobctl_pending(t, JOBCTL_TRAP_NOTIFY); -- signal_wake_up(t, t->jobctl & JOBCTL_LISTENING); -+ ptrace_signal_wake_up(t, t->jobctl & JOBCTL_LISTENING); - } - - /* -@@ -1165,7 +1169,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) +@@ -1159,7 +1169,7 @@ __group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) return send_signal(sig, info, p, 1); } @@ -73192,7 +73432,7 @@ index 08e0b97..4dc47a0 100644 specific_send_sig_info(int sig, struct siginfo *info, struct task_struct *t) { return send_signal(sig, info, t, 0); -@@ -1202,6 +1206,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) +@@ -1196,6 +1206,7 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) unsigned long int flags; int ret, blocked, ignored; struct k_sigaction *action; @@ -73200,7 +73440,7 @@ index 08e0b97..4dc47a0 100644 spin_lock_irqsave(&t->sighand->siglock, flags); action = &t->sighand->action[sig-1]; -@@ -1216,9 +1221,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) +@@ -1210,9 +1221,18 @@ force_sig_info(int sig, struct siginfo *info, struct task_struct *t) } if (action->sa.sa_handler == SIG_DFL) t->signal->flags &= ~SIGNAL_UNKILLABLE; @@ -73219,7 +73459,7 @@ index 08e0b97..4dc47a0 100644 return ret; } -@@ -1285,8 +1299,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) +@@ -1279,8 +1299,11 @@ int group_send_sig_info(int sig, struct siginfo *info, struct task_struct *p) ret = check_kill_permission(sig, info, p); rcu_read_unlock(); @@ -73232,26 +73472,7 @@ index 08e0b97..4dc47a0 100644 return ret; } -@@ -1765,6 +1782,10 @@ static inline int may_ptrace_stop(void) - * If SIGKILL was already sent before the caller unlocked - * ->siglock we must see ->core_state != NULL. Otherwise it - * is safe to enter schedule(). -+ * -+ * This is almost outdated, a task with the pending SIGKILL can't -+ * block in TASK_TRACED. But PTRACE_EVENT_EXIT can be reported -+ * after SIGKILL was already dequeued. - */ - if (unlikely(current->mm->core_state) && - unlikely(current->mm == current->parent->mm)) -@@ -1890,6 +1911,7 @@ static void ptrace_stop(int exit_code, int why, int clear_code, siginfo_t *info) - if (gstop_done) - do_notify_parent_cldstop(current, false, why); - -+ /* tasklist protects us from ptrace_freeze_traced() */ - __set_current_state(TASK_RUNNING); - if (clear_code) - current->exit_code = 0; -@@ -2763,7 +2785,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) +@@ -2762,7 +2785,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) int error = -ESRCH; rcu_read_lock(); @@ -73269,9 +73490,18 @@ index 08e0b97..4dc47a0 100644 error = check_kill_permission(sig, info, p); /* diff --git a/kernel/smp.c b/kernel/smp.c -index 9e800b2..451c00b 100644 +index 9e800b2..1533ba5 100644 --- a/kernel/smp.c +++ b/kernel/smp.c +@@ -75,7 +75,7 @@ hotplug_cfd(struct notifier_block *nfb, unsigned long action, void *hcpu) + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata hotplug_cfd_notifier = { ++static struct notifier_block hotplug_cfd_notifier = { + .notifier_call = hotplug_cfd, + }; + @@ -591,22 +591,22 @@ int smp_call_function(smp_call_func_t func, void *info, int wait) } EXPORT_SYMBOL(smp_call_function); @@ -73300,7 +73530,7 @@ index 9e800b2..451c00b 100644 raw_spin_unlock_irq(&call_function.lock); } diff --git a/kernel/softirq.c b/kernel/softirq.c -index 2c71d91..2c2ecef 100644 +index 2c71d91..f6c64a4 100644 --- a/kernel/softirq.c +++ b/kernel/softirq.c @@ -52,11 +52,11 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned; @@ -73353,6 +73583,37 @@ index 2c71d91..2c2ecef 100644 { struct tasklet_struct *list; +@@ -712,7 +712,7 @@ static int __cpuinit remote_softirq_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata remote_softirq_cpu_notifier = { ++static struct notifier_block remote_softirq_cpu_notifier = { + .notifier_call = remote_softirq_cpu_notify, + }; + +@@ -894,7 +894,7 @@ static int __cpuinit cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata cpu_nfb = { ++static struct notifier_block cpu_nfb = { + .notifier_call = cpu_callback + }; + +diff --git a/kernel/stop_machine.c b/kernel/stop_machine.c +index 2f194e9..2c05ea9 100644 +--- a/kernel/stop_machine.c ++++ b/kernel/stop_machine.c +@@ -362,7 +362,7 @@ static int __cpuinit cpu_stop_cpu_callback(struct notifier_block *nfb, + * cpu notifiers. It currently shares the same priority as sched + * migration_notifier. + */ +-static struct notifier_block __cpuinitdata cpu_stop_cpu_notifier = { ++static struct notifier_block cpu_stop_cpu_notifier = { + .notifier_call = cpu_stop_cpu_callback, + .priority = 10, + }; diff --git a/kernel/sys.c b/kernel/sys.c index f5939c2..110dc5d 100644 --- a/kernel/sys.c @@ -74078,7 +74339,7 @@ index 0b537f2..40d6c20 100644 return -ENOMEM; return 0; diff --git a/kernel/timer.c b/kernel/timer.c -index c219db6..815c225 100644 +index c219db6..90f3084 100644 --- a/kernel/timer.c +++ b/kernel/timer.c @@ -1306,7 +1306,7 @@ void update_process_times(int user_tick) @@ -74095,7 +74356,7 @@ index c219db6..815c225 100644 } -static struct notifier_block __cpuinitdata timers_nb = { -+static struct notifier_block __cpuinitconst timers_nb = { ++static struct notifier_block timers_nb = { .notifier_call = timer_cpu_notify, }; @@ -74699,6 +74960,19 @@ index 209b379..7f76423 100644 tsk->comm); put_task_struct(tsk); } +diff --git a/kernel/watchdog.c b/kernel/watchdog.c +index a8bc4d9..eae8357 100644 +--- a/kernel/watchdog.c ++++ b/kernel/watchdog.c +@@ -574,7 +574,7 @@ cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu) + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata cpu_nfb = { ++static struct notifier_block cpu_nfb = { + .notifier_call = cpu_callback + }; + diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 7bf068a..1323074 100644 --- a/kernel/workqueue.c @@ -78315,8 +78589,21 @@ index f59e170..34e2a2b 100644 *region = *vma->vm_region; new->vm_region = region; +diff --git a/mm/page-writeback.c b/mm/page-writeback.c +index 50f0824..97710b4 100644 +--- a/mm/page-writeback.c ++++ b/mm/page-writeback.c +@@ -1380,7 +1380,7 @@ ratelimit_handler(struct notifier_block *self, unsigned long u, void *v) + return NOTIFY_DONE; + } + +-static struct notifier_block __cpuinitdata ratelimit_nb = { ++static struct notifier_block ratelimit_nb = { + .notifier_call = ratelimit_handler, + .next = NULL, + }; diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 4d3a697..29ecee3 100644 +index 4d3a697..4f0e54f 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -341,7 +341,7 @@ out: @@ -78377,6 +78664,52 @@ index 4d3a697..29ecee3 100644 return 1; } return 0; +@@ -4253,10 +4271,11 @@ static void __meminit calculate_node_totalpages(struct pglist_data *pgdat, + * round what is now in bits to nearest long in bits, then return it in + * bytes. + */ +-static unsigned long __init usemap_size(unsigned long zonesize) ++static unsigned long __init usemap_size(unsigned long zone_start_pfn, unsigned long zonesize) + { + unsigned long usemapsize; + ++ zonesize += zone_start_pfn & (pageblock_nr_pages-1); + usemapsize = roundup(zonesize, pageblock_nr_pages); + usemapsize = usemapsize >> pageblock_order; + usemapsize *= NR_PAGEBLOCK_BITS; +@@ -4266,17 +4285,19 @@ static unsigned long __init usemap_size(unsigned long zonesize) + } + + static void __init setup_usemap(struct pglist_data *pgdat, +- struct zone *zone, unsigned long zonesize) ++ struct zone *zone, ++ unsigned long zone_start_pfn, ++ unsigned long zonesize) + { +- unsigned long usemapsize = usemap_size(zonesize); ++ unsigned long usemapsize = usemap_size(zone_start_pfn, zonesize); + zone->pageblock_flags = NULL; + if (usemapsize) + zone->pageblock_flags = alloc_bootmem_node_nopanic(pgdat, + usemapsize); + } + #else +-static inline void setup_usemap(struct pglist_data *pgdat, +- struct zone *zone, unsigned long zonesize) {} ++static inline void setup_usemap(struct pglist_data *pgdat, struct zone *zone, ++ unsigned long zone_start_pfn, unsigned long zonesize) {} + #endif /* CONFIG_SPARSEMEM */ + + #ifdef CONFIG_HUGETLB_PAGE_SIZE_VARIABLE +@@ -4401,7 +4422,7 @@ static void __paginginit free_area_init_core(struct pglist_data *pgdat, + continue; + + set_pageblock_order(); +- setup_usemap(pgdat, zone, size); ++ setup_usemap(pgdat, zone, zone_start_pfn, size); + ret = init_currently_empty_zone(zone, zone_start_pfn, + size, MEMMAP_EARLY); + BUG_ON(ret); diff --git a/mm/percpu.c b/mm/percpu.c index 5c29750..99f6386 100644 --- a/mm/percpu.c @@ -78617,7 +78950,7 @@ index 12b9e80..5118865 100644 return -ENOMEM; diff --git a/mm/slab.c b/mm/slab.c -index 4c3b671..fb969ec 100644 +index 4c3b671..40fa2eb 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -151,7 +151,7 @@ @@ -78700,6 +79033,15 @@ index 4c3b671..fb969ec 100644 return csizep->cs_cachep; } +@@ -1370,7 +1377,7 @@ static int __cpuinit cpuup_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block __cpuinitdata cpucache_notifier = { ++static struct notifier_block cpucache_notifier = { + &cpuup_callback, NULL, 0 + }; + @@ -1572,7 +1579,7 @@ void __init kmem_cache_init(void) sizes[INDEX_AC].cs_cachep = kmem_cache_create(names[INDEX_AC].name, sizes[INDEX_AC].cs_size, @@ -79186,7 +79528,7 @@ index 8105be4..8d6cd07 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index 5710788..dffead9 100644 +index 5710788..dbb5d49 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -208,7 +208,7 @@ struct track { @@ -79409,6 +79751,15 @@ index 5710788..dffead9 100644 goto err; } up_write(&slub_lock); +@@ -3979,7 +4060,7 @@ static int __cpuinit slab_cpuup_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata slab_notifier = { ++static struct notifier_block slab_notifier = { + .notifier_call = slab_cpuup_callback + }; + @@ -4037,7 +4118,7 @@ void *__kmalloc_node_track_caller(size_t size, gfp_t gfpflags, } #endif @@ -79800,7 +80151,7 @@ index eeba3bb..8555cab 100644 if (v->nr_pages) seq_printf(m, " pages=%d", v->nr_pages); diff --git a/mm/vmstat.c b/mm/vmstat.c -index 8fd603b..cf0d930 100644 +index 8fd603b..495a5a1 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c @@ -78,7 +78,7 @@ void vm_events_fold_cpu(int cpu) @@ -79830,6 +80181,15 @@ index 8fd603b..cf0d930 100644 } #endif +@@ -1193,7 +1193,7 @@ static int __cpuinit vmstat_cpuup_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata vmstat_notifier = ++static struct notifier_block vmstat_notifier = + { &vmstat_cpuup_callback, NULL, 0 }; + #endif + @@ -1208,10 +1208,20 @@ static int __init setup_vmstat(void) start_cpu_timer(cpu); #endif @@ -81068,6 +81428,47 @@ index 39a2d29..f39c0fe 100644 ---help--- Econet is a fairly old and slow networking protocol mainly used by Acorn computers to access file and print servers. It uses native +diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c +index 59a7041..060976d 100644 +--- a/net/ipv4/arp.c ++++ b/net/ipv4/arp.c +@@ -945,24 +945,25 @@ static void parp_redo(struct sk_buff *skb) + static int arp_rcv(struct sk_buff *skb, struct net_device *dev, + struct packet_type *pt, struct net_device *orig_dev) + { +- struct arphdr *arp; ++ const struct arphdr *arp; + +- /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ +- if (!pskb_may_pull(skb, arp_hdr_len(dev))) +- goto freeskb; +- +- arp = arp_hdr(skb); +- if (arp->ar_hln != dev->addr_len || +- dev->flags & IFF_NOARP || ++ if (dev->flags & IFF_NOARP || + skb->pkt_type == PACKET_OTHERHOST || +- skb->pkt_type == PACKET_LOOPBACK || +- arp->ar_pln != 4) ++ skb->pkt_type == PACKET_LOOPBACK) + goto freeskb; + + skb = skb_share_check(skb, GFP_ATOMIC); +- if (skb == NULL) ++ if (!skb) + goto out_of_mem; + ++ /* ARP header, plus 2 device addresses, plus 2 IP addresses. */ ++ if (!pskb_may_pull(skb, arp_hdr_len(dev))) ++ goto freeskb; ++ ++ arp = arp_hdr(skb); ++ if (arp->ar_hln != dev->addr_len || arp->ar_pln != 4) ++ goto freeskb; ++ + memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb)); + + return NF_HOOK(NFPROTO_ARP, NF_ARP_IN, skb, dev, NULL, arp_process); diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index e41c40f..26d7e03 100644 --- a/net/ipv4/devinet.c @@ -81248,7 +81649,7 @@ index a4e7131..fe66a18f 100644 rc = qp->q.fragments && (end - start) > max; diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c -index 0106d25..cc0b33e 100644 +index 3b36002..27e6634 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -1120,7 +1120,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, @@ -81520,10 +81921,10 @@ index 94cdbc5..0cb0063 100644 ts = peer->tcp_ts; tsage = get_seconds() - peer->tcp_ts_stamp; diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index aab8f08..36092b1 100644 +index e865ed1..457805b 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c -@@ -4727,7 +4727,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, +@@ -4732,7 +4732,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, * simplifies code) */ static void @@ -81532,17 +81933,17 @@ index aab8f08..36092b1 100644 struct sk_buff *head, struct sk_buff *tail, u32 start, u32 end) { -@@ -5542,6 +5542,9 @@ slow_path: +@@ -5547,6 +5547,9 @@ slow_path: if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb)) goto csum_error; -+ if (!th->ack) ++ if (!th->ack && !th->rst) + goto discard; + /* * Standard slow path. */ -@@ -5550,7 +5553,7 @@ slow_path: +@@ -5555,7 +5558,7 @@ slow_path: return 0; step5: @@ -81551,7 +81952,7 @@ index aab8f08..36092b1 100644 goto discard; /* ts_recent update must be made after we are sure that the packet -@@ -5786,6 +5789,7 @@ discard: +@@ -5791,6 +5794,7 @@ discard: tcp_paws_reject(&tp->rx_opt, 0)) goto discard_and_undo; @@ -81559,7 +81960,7 @@ index aab8f08..36092b1 100644 if (th->syn) { /* We see SYN without ACK. It is attempt of * simultaneous connect with crossed SYNs. -@@ -5834,6 +5838,7 @@ discard: +@@ -5839,6 +5843,7 @@ discard: goto discard; #endif } @@ -81567,7 +81968,7 @@ index aab8f08..36092b1 100644 /* "fifth, if neither of the SYN or RST bits is set then * drop the segment and return." */ -@@ -5877,7 +5882,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5882,7 +5887,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, goto discard; if (th->syn) { @@ -81576,11 +81977,11 @@ index aab8f08..36092b1 100644 goto discard; if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) return 1; -@@ -5916,11 +5921,14 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5921,11 +5926,14 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, return 0; } -+ if (!th->ack) ++ if (!th->ack && !th->rst) + goto discard; + if (!tcp_validate_incoming(sk, skb, th, 0)) @@ -81592,7 +81993,7 @@ index aab8f08..36092b1 100644 int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0; switch (sk->sk_state) { -@@ -6025,8 +6033,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -6030,8 +6038,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, } break; } @@ -81886,7 +82287,7 @@ index 5a65eea..bd913a1 100644 int udp4_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index aef80d7..1624eee 100644 +index b27baed..5c4d458 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -2151,7 +2151,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) @@ -82423,6 +82824,19 @@ index cf98d62..7bf2972 100644 } write_unlock_bh(&iucv_sk_list.lock); +diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c +index 403be43..87f09da 100644 +--- a/net/iucv/iucv.c ++++ b/net/iucv/iucv.c +@@ -690,7 +690,7 @@ static int __cpuinit iucv_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata iucv_cpu_notifier = { ++static struct notifier_block iucv_cpu_notifier = { + .notifier_call = iucv_cpu_notify, + }; + diff --git a/net/key/af_key.c b/net/key/af_key.c index 1e733e9..3d73c9f 100644 --- a/net/key/af_key.c @@ -83014,7 +83428,7 @@ index f156382..95ce7ba 100644 *uaddr_len = sizeof(struct sockaddr_ax25); } diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index 85afc13..d9fb2db 100644 +index 835fcea..d9fb2db 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -1684,7 +1684,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, @@ -83035,27 +83449,7 @@ index 85afc13..d9fb2db 100644 spin_unlock(&sk->sk_receive_queue.lock); drop_n_restore: -@@ -2422,13 +2422,15 @@ static int packet_release(struct socket *sock) - - packet_flush_mclist(sk); - -- memset(&req_u, 0, sizeof(req_u)); -- -- if (po->rx_ring.pg_vec) -+ if (po->rx_ring.pg_vec) { -+ memset(&req_u, 0, sizeof(req_u)); - packet_set_ring(sk, &req_u, 1, 0); -+ } - -- if (po->tx_ring.pg_vec) -+ if (po->tx_ring.pg_vec) { -+ memset(&req_u, 0, sizeof(req_u)); - packet_set_ring(sk, &req_u, 1, 1); -+ } - - fanout_release(sk); - -@@ -2621,6 +2623,7 @@ out: +@@ -2623,6 +2623,7 @@ out: static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) { @@ -83063,7 +83457,7 @@ index 85afc13..d9fb2db 100644 struct sock_exterr_skb *serr; struct sk_buff *skb, *skb2; int copied, err; -@@ -2642,8 +2645,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) +@@ -2644,8 +2645,9 @@ static int packet_recv_error(struct sock *sk, struct msghdr *msg, int len) sock_recv_timestamp(msg, sk, skb); serr = SKB_EXT_ERR(skb); @@ -83074,7 +83468,7 @@ index 85afc13..d9fb2db 100644 msg->msg_flags |= MSG_ERRQUEUE; err = copied; -@@ -3274,7 +3278,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3276,7 +3278,7 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, case PACKET_HDRLEN: if (len > sizeof(int)) len = sizeof(int); @@ -83083,7 +83477,7 @@ index 85afc13..d9fb2db 100644 return -EFAULT; switch (val) { case TPACKET_V1: -@@ -3324,7 +3328,11 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, +@@ -3326,7 +3328,11 @@ static int packet_getsockopt(struct socket *sock, int level, int optname, if (put_user(len, optlen)) return -EFAULT; @@ -83617,29 +84011,6 @@ index bf81204..333926d 100644 SCTP_DBG_OBJCNT_DEC(keys); } } -diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c -index c8cc24e..dbe5870a 100644 ---- a/net/sctp/endpointola.c -+++ b/net/sctp/endpointola.c -@@ -248,6 +248,8 @@ void sctp_endpoint_free(struct sctp_endpoint *ep) - /* Final destructor for endpoint. */ - static void sctp_endpoint_destroy(struct sctp_endpoint *ep) - { -+ int i; -+ - SCTP_ASSERT(ep->base.dead, "Endpoint is not dead", return); - - /* Free up the HMAC transform. */ -@@ -270,6 +272,9 @@ static void sctp_endpoint_destroy(struct sctp_endpoint *ep) - sctp_inq_free(&ep->base.inqueue); - sctp_bind_addr_free(&ep->base.bind_addr); - -+ for (i = 0; i < SCTP_HOW_MANY_SECRETS; ++i) -+ memset(&ep->secret_key[i], 0, SCTP_SECRET_SIZE); -+ - /* Remove and free the port */ - if (sctp_sk(ep->base.sk)->bind_hash) - sctp_put_port(ep->base.sk); diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index 8104278..631330b 100644 --- a/net/sctp/ipv6.c @@ -83694,18 +84065,9 @@ index 6f6ad86..f80bd85 100644 static int sctp_v4_protosw_init(void) diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index fa8333b..8633998 100644 +index 5e0d86e..8633998 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c -@@ -3375,7 +3375,7 @@ static int sctp_setsockopt_auth_key(struct sock *sk, - - ret = sctp_auth_set_key(sctp_sk(sk)->ep, asoc, authkey); - out: -- kfree(authkey); -+ kzfree(authkey); - return ret; - } - @@ -4583,6 +4583,8 @@ static int sctp_getsockopt_peer_addrs(struct sock *sk, int len, addrlen = sctp_get_af_specific(temp.sa.sa_family)->sockaddr_len; if (space_left < addrlen) @@ -84705,12 +85067,12 @@ index cb1f50c..cef2a7c 100644 fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 -index 0000000..008ac1a +index 0000000..5e0222d --- /dev/null +++ b/scripts/gcc-plugin.sh @@ -0,0 +1,17 @@ +#!/bin/bash -+plugincc=`$1 -x c -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF ++plugincc=`$1 -E -shared - -o /dev/null -I\`$3 -print-file-name=plugin\`/include 2>&1 <<EOF +#include "gcc-plugin.h" +#include "tree.h" +#include "tm.h" diff --git a/3.2.38/4425_grsec_remove_EI_PAX.patch b/3.2.39/4425_grsec_remove_EI_PAX.patch index 97e6951..97e6951 100644 --- a/3.2.38/4425_grsec_remove_EI_PAX.patch +++ b/3.2.39/4425_grsec_remove_EI_PAX.patch diff --git a/3.2.38/4430_grsec-remove-localversion-grsec.patch b/3.2.39/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.2.38/4430_grsec-remove-localversion-grsec.patch +++ b/3.2.39/4430_grsec-remove-localversion-grsec.patch diff --git a/3.2.38/4435_grsec-mute-warnings.patch b/3.2.39/4435_grsec-mute-warnings.patch index e85abd6..e85abd6 100644 --- a/3.2.38/4435_grsec-mute-warnings.patch +++ b/3.2.39/4435_grsec-mute-warnings.patch diff --git a/3.2.38/4440_grsec-remove-protected-paths.patch b/3.2.39/4440_grsec-remove-protected-paths.patch index 637934a..637934a 100644 --- a/3.2.38/4440_grsec-remove-protected-paths.patch +++ b/3.2.39/4440_grsec-remove-protected-paths.patch diff --git a/3.2.38/4450_grsec-kconfig-default-gids.patch b/3.2.39/4450_grsec-kconfig-default-gids.patch index 3dfdc8f..3dfdc8f 100644 --- a/3.2.38/4450_grsec-kconfig-default-gids.patch +++ b/3.2.39/4450_grsec-kconfig-default-gids.patch diff --git a/3.2.38/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.39/4465_selinux-avc_audit-log-curr_ip.patch index a7cc9cd..a7cc9cd 100644 --- a/3.2.38/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.2.39/4465_selinux-avc_audit-log-curr_ip.patch diff --git a/3.2.38/4470_disable-compat_vdso.patch b/3.2.39/4470_disable-compat_vdso.patch index c06bd8b..c06bd8b 100644 --- a/3.2.38/4470_disable-compat_vdso.patch +++ b/3.2.39/4470_disable-compat_vdso.patch diff --git a/3.7.9/0000_README b/3.8.0/0000_README index bd6a050..8d7fe2e 100644 --- a/3.7.9/0000_README +++ b/3.8.0/0000_README @@ -2,7 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 4420_grsecurity-2.9.1-3.7.9-201302171808.patch +Patch: 4420_grsecurity-2.9.1-3.8.0-201302231124.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.7.9/4420_grsecurity-2.9.1-3.7.9-201302171808.patch b/3.8.0/4420_grsecurity-2.9.1-3.8.0-201302231124.patch index f81b3df..c065fb8 100644 --- a/3.7.9/4420_grsecurity-2.9.1-3.7.9-201302171808.patch +++ b/3.8.0/4420_grsecurity-2.9.1-3.8.0-201302231124.patch @@ -1,5 +1,5 @@ diff --git a/Documentation/dontdiff b/Documentation/dontdiff -index 74c25c8..deadba2 100644 +index b89a739..dba90c5 100644 --- a/Documentation/dontdiff +++ b/Documentation/dontdiff @@ -2,9 +2,11 @@ @@ -144,7 +144,7 @@ index 74c25c8..deadba2 100644 mkprep mkregtable mktables -@@ -186,6 +205,8 @@ oui.c* +@@ -185,6 +204,8 @@ oui.c* page-types parse.c parse.h @@ -153,7 +153,7 @@ index 74c25c8..deadba2 100644 patches* pca200e.bin pca200e_ecd.bin2 -@@ -195,6 +216,7 @@ perf-archive +@@ -194,6 +215,7 @@ perf-archive piggyback piggy.gzip piggy.S @@ -161,7 +161,7 @@ index 74c25c8..deadba2 100644 pnmtologo ppc_defs.h* pss_boot.h -@@ -204,7 +226,10 @@ r200_reg_safe.h +@@ -203,7 +225,10 @@ r200_reg_safe.h r300_reg_safe.h r420_reg_safe.h r600_reg_safe.h @@ -172,7 +172,7 @@ index 74c25c8..deadba2 100644 relocs rlim_names.h rn50_reg_safe.h -@@ -214,8 +239,11 @@ series +@@ -213,8 +238,11 @@ series setup setup.bin setup.elf @@ -184,7 +184,7 @@ index 74c25c8..deadba2 100644 split-include syscalltab.h tables.c -@@ -225,6 +253,7 @@ tftpboot.img +@@ -224,6 +252,7 @@ tftpboot.img timeconst.h times.h* trix_boot.h @@ -192,7 +192,7 @@ index 74c25c8..deadba2 100644 utsrelease.h* vdso-syms.lds vdso.lds -@@ -236,13 +265,17 @@ vdso32.lds +@@ -235,13 +264,17 @@ vdso32.lds vdso32.so.dbg vdso64.lds vdso64.so.dbg @@ -210,7 +210,7 @@ index 74c25c8..deadba2 100644 vmlinuz voffset.h vsyscall.lds -@@ -250,9 +283,11 @@ vsyscall_32.lds +@@ -249,9 +282,11 @@ vsyscall_32.lds wanxlfw.inc uImage unifdef @@ -223,20 +223,21 @@ index 74c25c8..deadba2 100644 +zconf.lex.c zoffset.h diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 9776f06..18b1856 100644 +index 6c72381..2fe9ae4 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -905,6 +905,9 @@ bytes respectively. Such letter suffixes can also be entirely omitted. - gpt [EFI] Forces disk with valid GPT signature but - invalid Protective MBR to be treated as GPT. +@@ -917,6 +917,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. + Format: <unsigned int> such that (rxsize & ~0x1fffc0) == 0. + Default: 1024 -+ grsec_proc_gid= [GRKERNSEC_PROC_USERGROUP] Chooses GID to ++ grsec_proc_gid= [GRKERNSEC_PROC_USERGROUP] Chooses GID to + ignore grsecurity's /proc restrictions + ++ hashdist= [KNL,NUMA] Large hashes allocated during boot are distributed across NUMA nodes. Defaults on for 64-bit NUMA, off otherwise. -@@ -2082,6 +2085,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -2116,6 +2120,13 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. @@ -251,7 +252,7 @@ index 9776f06..18b1856 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 5634228..b54a897 100644 +index d69266c..e4f6593 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -277,12 +278,16 @@ index 5634228..b54a897 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -575,6 +576,60 @@ else +@@ -575,6 +576,64 @@ else KBUILD_CFLAGS += -O2 endif +ifndef DISABLE_PAX_PLUGINS ++ifeq ($(call cc-ifversion, -ge, 0408, y), y) ++PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCXX)" "$(HOSTCXX)" "$(CC)") ++else +PLUGINCC := $(shell $(CONFIG_SHELL) $(srctree)/scripts/gcc-plugin.sh "$(HOSTCC)" "$(HOSTCXX)" "$(CC)") ++endif +ifneq ($(PLUGINCC),) +ifndef DISABLE_PAX_CONSTIFY_PLUGIN +ifndef CONFIG_UML @@ -338,7 +343,7 @@ index 5634228..b54a897 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifdef CONFIG_READABLE_ASM -@@ -731,7 +786,7 @@ export mod_sign_cmd +@@ -731,7 +790,7 @@ export mod_sign_cmd ifeq ($(KBUILD_EXTMOD),) @@ -347,7 +352,7 @@ index 5634228..b54a897 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -778,6 +833,8 @@ endif +@@ -778,6 +837,8 @@ endif # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -356,7 +361,7 @@ index 5634228..b54a897 100644 $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -787,7 +844,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; +@@ -787,7 +848,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -365,7 +370,7 @@ index 5634228..b54a897 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -831,6 +888,7 @@ prepare0: archprepare FORCE +@@ -831,6 +892,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -373,7 +378,7 @@ index 5634228..b54a897 100644 prepare: prepare0 # Generate some files -@@ -938,6 +996,8 @@ all: modules +@@ -938,6 +1000,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -382,7 +387,7 @@ index 5634228..b54a897 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -953,7 +1013,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -953,7 +1017,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -391,7 +396,7 @@ index 5634228..b54a897 100644 # Target to install modules PHONY += modules_install -@@ -1013,7 +1073,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ +@@ -1019,7 +1083,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ signing_key.priv signing_key.x509 x509.genkey \ extra_certificates signing_key.x509.keyid \ @@ -400,7 +405,7 @@ index 5634228..b54a897 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1053,6 +1113,7 @@ distclean: mrproper +@@ -1059,6 +1123,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -408,7 +413,7 @@ index 5634228..b54a897 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1213,6 +1274,8 @@ PHONY += $(module-dirs) modules +@@ -1219,6 +1284,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -417,7 +422,7 @@ index 5634228..b54a897 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1349,17 +1412,21 @@ else +@@ -1355,17 +1422,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -443,7 +448,7 @@ index 5634228..b54a897 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1369,11 +1436,15 @@ endif +@@ -1375,11 +1446,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -792,6 +797,19 @@ index 0c4132d..88f0d53 100644 } else if (!cause) { /* Allow reads even for write-only mappings */ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) +diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig +index 67874b8..0e40765 100644 +--- a/arch/arm/Kconfig ++++ b/arch/arm/Kconfig +@@ -1813,7 +1813,7 @@ config ALIGNMENT_TRAP + + config UACCESS_WITH_MEMCPY + bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()" +- depends on MMU ++ depends on MMU && !PAX_MEMORY_UDEREF + default y if CPU_FEROCEON + help + Implement faster copy_to_user and clear_user methods for CPU diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h index c79f61f..9ac0642 100644 --- a/arch/arm/include/asm/atomic.h @@ -1456,6 +1474,31 @@ index e1489c5..d418304 100644 /* * Select the calling method +diff --git a/arch/arm/include/asm/checksum.h b/arch/arm/include/asm/checksum.h +index 6dcc164..b14d917 100644 +--- a/arch/arm/include/asm/checksum.h ++++ b/arch/arm/include/asm/checksum.h +@@ -37,7 +37,19 @@ __wsum + csum_partial_copy_nocheck(const void *src, void *dst, int len, __wsum sum); + + __wsum +-csum_partial_copy_from_user(const void __user *src, void *dst, int len, __wsum sum, int *err_ptr); ++__csum_partial_copy_from_user(const void __user *src, void *dst, int len, __wsum sum, int *err_ptr); ++ ++static inline __wsum ++csum_partial_copy_from_user(const void __user *src, void *dst, int len, __wsum sum, int *err_ptr) ++{ ++ __wsum ret; ++ pax_open_userland(); ++ ret = __csum_partial_copy_from_user(src, dst, len, sum, err_ptr); ++ pax_close_userland(); ++ return ret; ++} ++ ++ + + /* + * Fold a partial checksum without adding pseudo headers diff --git a/arch/arm/include/asm/cmpxchg.h b/arch/arm/include/asm/cmpxchg.h index 7eb18c1..e38b6d2 100644 --- a/arch/arm/include/asm/cmpxchg.h @@ -1496,6 +1539,67 @@ index ab98fdd..6b19938 100644 #define udelay(n) \ (__builtin_constant_p(n) ? \ +diff --git a/arch/arm/include/asm/domain.h b/arch/arm/include/asm/domain.h +index 6ddbe44..758b5f2 100644 +--- a/arch/arm/include/asm/domain.h ++++ b/arch/arm/include/asm/domain.h +@@ -48,18 +48,37 @@ + * Domain types + */ + #define DOMAIN_NOACCESS 0 +-#define DOMAIN_CLIENT 1 + #ifdef CONFIG_CPU_USE_DOMAINS ++#define DOMAIN_USERCLIENT 1 ++#define DOMAIN_KERNELCLIENT 1 + #define DOMAIN_MANAGER 3 ++#define DOMAIN_VECTORS DOMAIN_USER + #else ++ ++#ifdef CONFIG_PAX_KERNEXEC + #define DOMAIN_MANAGER 1 ++#define DOMAIN_KERNEXEC 3 ++#else ++#define DOMAIN_MANAGER 1 ++#endif ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++#define DOMAIN_USERCLIENT 0 ++#define DOMAIN_UDEREF 1 ++#define DOMAIN_VECTORS DOMAIN_KERNEL ++#else ++#define DOMAIN_USERCLIENT 1 ++#define DOMAIN_VECTORS DOMAIN_USER ++#endif ++#define DOMAIN_KERNELCLIENT 1 ++ + #endif + + #define domain_val(dom,type) ((type) << (2*(dom))) + + #ifndef __ASSEMBLY__ + +-#ifdef CONFIG_CPU_USE_DOMAINS ++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) + static inline void set_domain(unsigned val) + { + asm volatile( +@@ -68,15 +87,7 @@ static inline void set_domain(unsigned val) + isb(); + } + +-#define modify_domain(dom,type) \ +- do { \ +- struct thread_info *thread = current_thread_info(); \ +- unsigned int domain = thread->cpu_domain; \ +- domain &= ~domain_val(dom, DOMAIN_MANAGER); \ +- thread->cpu_domain = domain | domain_val(dom, type); \ +- set_domain(thread->cpu_domain); \ +- } while (0) +- ++extern void modify_domain(unsigned int dom, unsigned int type); + #else + static inline void set_domain(unsigned val) { } + static inline void modify_domain(unsigned dom, unsigned type) { } diff --git a/arch/arm/include/asm/elf.h b/arch/arm/include/asm/elf.h index 38050b1..9d90e8b 100644 --- a/arch/arm/include/asm/elf.h @@ -1525,6 +1629,76 @@ index 38050b1..9d90e8b 100644 -#define arch_randomize_brk arch_randomize_brk - #endif +diff --git a/arch/arm/include/asm/fncpy.h b/arch/arm/include/asm/fncpy.h +index de53547..52b9a28 100644 +--- a/arch/arm/include/asm/fncpy.h ++++ b/arch/arm/include/asm/fncpy.h +@@ -81,7 +81,9 @@ + BUG_ON((uintptr_t)(dest_buf) & (FNCPY_ALIGN - 1) || \ + (__funcp_address & ~(uintptr_t)1 & (FNCPY_ALIGN - 1))); \ + \ ++ pax_open_kernel(); \ + memcpy(dest_buf, (void const *)(__funcp_address & ~1), size); \ ++ pax_close_kernel(); \ + flush_icache_range((unsigned long)(dest_buf), \ + (unsigned long)(dest_buf) + (size)); \ + \ +diff --git a/arch/arm/include/asm/futex.h b/arch/arm/include/asm/futex.h +index e42cf59..7b94b8f 100644 +--- a/arch/arm/include/asm/futex.h ++++ b/arch/arm/include/asm/futex.h +@@ -50,6 +50,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, + if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) + return -EFAULT; + ++ pax_open_userland(); ++ + smp_mb(); + __asm__ __volatile__("@futex_atomic_cmpxchg_inatomic\n" + "1: ldrex %1, [%4]\n" +@@ -65,6 +67,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, + : "cc", "memory"); + smp_mb(); + ++ pax_close_userland(); ++ + *uval = val; + return ret; + } +@@ -95,6 +99,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, + if (!access_ok(VERIFY_WRITE, uaddr, sizeof(u32))) + return -EFAULT; + ++ pax_open_userland(); ++ + __asm__ __volatile__("@futex_atomic_cmpxchg_inatomic\n" + "1: " TUSER(ldr) " %1, [%4]\n" + " teq %1, %2\n" +@@ -105,6 +111,8 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, + : "r" (oldval), "r" (newval), "r" (uaddr), "Ir" (-EFAULT) + : "cc", "memory"); + ++ pax_close_userland(); ++ + *uval = val; + return ret; + } +@@ -127,6 +135,7 @@ futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr) + return -EFAULT; + + pagefault_disable(); /* implies preempt_disable() */ ++ pax_open_userland(); + + switch (op) { + case FUTEX_OP_SET: +@@ -148,6 +157,7 @@ futex_atomic_op_inuser (int encoded_op, u32 __user *uaddr) + ret = -ENOSYS; + } + ++ pax_close_userland(); + pagefault_enable(); /* subsumes preempt_enable() */ + + if (!ret) { diff --git a/arch/arm/include/asm/kmap_types.h b/arch/arm/include/asm/kmap_types.h index 83eb2f7..ed77159 100644 --- a/arch/arm/include/asm/kmap_types.h @@ -1551,16 +1725,25 @@ index 9e614a1..3302cca 100644 struct dma_struct { void *addr; /* single DMA address */ diff --git a/arch/arm/include/asm/mach/map.h b/arch/arm/include/asm/mach/map.h -index 195ac2f..2272f0d 100644 +index 2fe141f..192dc01 100644 --- a/arch/arm/include/asm/mach/map.h +++ b/arch/arm/include/asm/mach/map.h -@@ -34,6 +34,9 @@ struct map_desc { +@@ -27,13 +27,16 @@ struct map_desc { + #define MT_MINICLEAN 6 + #define MT_LOW_VECTORS 7 + #define MT_HIGH_VECTORS 8 +-#define MT_MEMORY 9 ++#define MT_MEMORY_RWX 9 + #define MT_ROM 10 +-#define MT_MEMORY_NONCACHED 11 ++#define MT_MEMORY_NONCACHED_RX 11 + #define MT_MEMORY_DTCM 12 #define MT_MEMORY_ITCM 13 #define MT_MEMORY_SO 14 #define MT_MEMORY_DMA_READY 15 -+#define MT_MEMORY_R 16 -+#define MT_MEMORY_RW 17 -+#define MT_MEMORY_RX 18 ++#define MT_MEMORY_RW 16 ++#define MT_MEMORY_RX 17 ++#define MT_MEMORY_NONCACHED_RW 18 #ifdef CONFIG_MMU extern void iotable_init(struct map_desc *, int); @@ -1591,7 +1774,7 @@ index 812a494..71fc0b6 100644 #ifdef MULTI_USER extern struct cpu_user_fns cpu_user; diff --git a/arch/arm/include/asm/pgalloc.h b/arch/arm/include/asm/pgalloc.h -index 943504f..84d0f84 100644 +index 943504f..c37a730 100644 --- a/arch/arm/include/asm/pgalloc.h +++ b/arch/arm/include/asm/pgalloc.h @@ -17,6 +17,7 @@ @@ -1622,16 +1805,19 @@ index 943504f..84d0f84 100644 #endif /* CONFIG_ARM_LPAE */ -@@ -126,6 +133,16 @@ static inline void pte_free(struct mm_struct *mm, pgtable_t pte) +@@ -126,6 +133,19 @@ static inline void pte_free(struct mm_struct *mm, pgtable_t pte) __free_page(pte); } -+static inline void __pmd_update(pmd_t *pmdp, pmdval_t prot) ++static inline void __section_update(pmd_t *pmdp, unsigned long addr, pmdval_t prot) +{ -+ pmdval_t pmdval = pmd_val(*pmdp) | prot; -+ pmdp[0] = __pmd(pmdval); -+#ifndef CONFIG_ARM_LPAE -+ pmdp[1] = __pmd(pmdval + 256 * sizeof(pte_t)); ++#ifdef CONFIG_ARM_LPAE ++ pmdp[0] = __pmd(pmd_val(pmdp[0]) | prot); ++#else ++ if (addr & SECTION_SIZE) ++ pmdp[1] = __pmd(pmd_val(pmdp[1]) | prot); ++ else ++ pmdp[0] = __pmd(pmd_val(pmdp[0]) | prot); +#endif + flush_pmd_entry(pmdp); +} @@ -1639,7 +1825,7 @@ index 943504f..84d0f84 100644 static inline void __pmd_populate(pmd_t *pmdp, phys_addr_t pte, pmdval_t prot) { -@@ -155,7 +172,7 @@ pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmdp, pte_t *ptep) +@@ -155,7 +175,7 @@ pmd_populate_kernel(struct mm_struct *mm, pmd_t *pmdp, pte_t *ptep) static inline void pmd_populate(struct mm_struct *mm, pmd_t *pmdp, pgtable_t ptep) { @@ -1649,14 +1835,14 @@ index 943504f..84d0f84 100644 #define pmd_pgtable(pmd) pmd_page(pmd) diff --git a/arch/arm/include/asm/pgtable-2level-hwdef.h b/arch/arm/include/asm/pgtable-2level-hwdef.h -index 5cfba15..d437dc2 100644 +index 5cfba15..f415e1a 100644 --- a/arch/arm/include/asm/pgtable-2level-hwdef.h +++ b/arch/arm/include/asm/pgtable-2level-hwdef.h @@ -20,12 +20,15 @@ #define PMD_TYPE_FAULT (_AT(pmdval_t, 0) << 0) #define PMD_TYPE_TABLE (_AT(pmdval_t, 1) << 0) #define PMD_TYPE_SECT (_AT(pmdval_t, 2) << 0) -+#define PMD_PXNTABLE (_AT(pmdval_t, 1) << 2) /* PXN */ ++#define PMD_PXNTABLE (_AT(pmdval_t, 1) << 2) /* v7 */ #define PMD_BIT4 (_AT(pmdval_t, 1) << 4) #define PMD_DOMAIN(x) (_AT(pmdval_t, (x)) << 5) #define PMD_PROTECTION (_AT(pmdval_t, 1) << 9) /* v5 */ @@ -1664,7 +1850,7 @@ index 5cfba15..d437dc2 100644 /* * - section */ -+#define PMD_SECT_PXN (_AT(pmdval_t, 1) << 0) ++#define PMD_SECT_PXN (_AT(pmdval_t, 1) << 0) /* v7 */ #define PMD_SECT_BUFFERABLE (_AT(pmdval_t, 1) << 2) #define PMD_SECT_CACHEABLE (_AT(pmdval_t, 1) << 3) #define PMD_SECT_XN (_AT(pmdval_t, 1) << 4) /* v6 */ @@ -1672,27 +1858,35 @@ index 5cfba15..d437dc2 100644 #define PMD_SECT_nG (_AT(pmdval_t, 1) << 17) /* v6 */ #define PMD_SECT_SUPER (_AT(pmdval_t, 1) << 18) /* v6 */ #define PMD_SECT_AF (_AT(pmdval_t, 0)) -+#define PMD_SECT_AP_RDONLY (_AT(pmdval_t, 0)) ++#define PMD_SECT_RDONLY (_AT(pmdval_t, 0)) #define PMD_SECT_UNCACHED (_AT(pmdval_t, 0)) #define PMD_SECT_BUFFERED (PMD_SECT_BUFFERABLE) +@@ -66,6 +70,7 @@ + * - extended small page/tiny page + */ + #define PTE_EXT_XN (_AT(pteval_t, 1) << 0) /* v6 */ ++#define PTE_EXT_PXN (_AT(pteval_t, 1) << 2) /* v7 */ + #define PTE_EXT_AP_MASK (_AT(pteval_t, 3) << 4) + #define PTE_EXT_AP0 (_AT(pteval_t, 1) << 4) + #define PTE_EXT_AP1 (_AT(pteval_t, 2) << 4) diff --git a/arch/arm/include/asm/pgtable-2level.h b/arch/arm/include/asm/pgtable-2level.h -index 2317a71..1897391 100644 +index f97ee02..07f1be5 100644 --- a/arch/arm/include/asm/pgtable-2level.h +++ b/arch/arm/include/asm/pgtable-2level.h -@@ -123,6 +123,7 @@ - #define L_PTE_USER (_AT(pteval_t, 1) << 8) +@@ -125,6 +125,7 @@ #define L_PTE_XN (_AT(pteval_t, 1) << 9) #define L_PTE_SHARED (_AT(pteval_t, 1) << 10) /* shared(v6), coherent(xsc3) */ -+#define L_PTE_PXN (_AT(pteval_t, 1) << 11) /* v7*/ + #define L_PTE_NONE (_AT(pteval_t, 1) << 11) ++#define L_PTE_PXN (_AT(pteval_t, 1) << 12) /* v7*/ /* * These are the memory types, defined to be compatible with diff --git a/arch/arm/include/asm/pgtable-3level-hwdef.h b/arch/arm/include/asm/pgtable-3level-hwdef.h -index d795282..d82ff13 100644 +index d795282..a43ea90 100644 --- a/arch/arm/include/asm/pgtable-3level-hwdef.h +++ b/arch/arm/include/asm/pgtable-3level-hwdef.h -@@ -32,6 +32,7 @@ +@@ -32,15 +32,18 @@ #define PMD_TYPE_SECT (_AT(pmdval_t, 1) << 0) #define PMD_BIT4 (_AT(pmdval_t, 0)) #define PMD_DOMAIN(x) (_AT(pmdval_t, 0)) @@ -1700,7 +1894,10 @@ index d795282..d82ff13 100644 /* * - section -@@ -41,9 +42,11 @@ + */ + #define PMD_SECT_BUFFERABLE (_AT(pmdval_t, 1) << 2) + #define PMD_SECT_CACHEABLE (_AT(pmdval_t, 1) << 3) ++#define PMD_SECT_RDONLY (_AT(pmdval_t, 1) << 7) #define PMD_SECT_S (_AT(pmdval_t, 3) << 8) #define PMD_SECT_AF (_AT(pmdval_t, 1) << 10) #define PMD_SECT_nG (_AT(pmdval_t, 1) << 11) @@ -1708,10 +1905,6 @@ index d795282..d82ff13 100644 #define PMD_SECT_XN (_AT(pmdval_t, 1) << 54) #define PMD_SECT_AP_WRITE (_AT(pmdval_t, 0)) #define PMD_SECT_AP_READ (_AT(pmdval_t, 0)) -+#define PMD_SECT_AP_RDONLY (_AT(pmdval_t, 1) << 7) - #define PMD_SECT_TEX(x) (_AT(pmdval_t, 0)) - - /* @@ -66,6 +69,7 @@ #define PTE_EXT_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */ #define PTE_EXT_AF (_AT(pteval_t, 1) << 10) /* Access Flag */ @@ -1721,10 +1914,10 @@ index d795282..d82ff13 100644 /* diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h -index b249035..4ab204b 100644 +index a3f3792..7b932a6 100644 --- a/arch/arm/include/asm/pgtable-3level.h +++ b/arch/arm/include/asm/pgtable-3level.h -@@ -73,6 +73,7 @@ +@@ -74,6 +74,7 @@ #define L_PTE_RDONLY (_AT(pteval_t, 1) << 7) /* AP[2] */ #define L_PTE_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */ #define L_PTE_YOUNG (_AT(pteval_t, 1) << 10) /* AF */ @@ -1732,7 +1925,7 @@ index b249035..4ab204b 100644 #define L_PTE_XN (_AT(pteval_t, 1) << 54) /* XN */ #define L_PTE_DIRTY (_AT(pteval_t, 1) << 55) /* unused */ #define L_PTE_SPECIAL (_AT(pteval_t, 1) << 56) /* unused */ -@@ -80,6 +81,7 @@ +@@ -82,6 +83,7 @@ /* * To be used in assembly code with the upper page attributes. */ @@ -1741,7 +1934,7 @@ index b249035..4ab204b 100644 #define L_PTE_DIRTY_HIGH (1 << (55 - 32)) diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h -index 08c1231..1031bb4 100644 +index 9c82f988..514705a 100644 --- a/arch/arm/include/asm/pgtable.h +++ b/arch/arm/include/asm/pgtable.h @@ -30,6 +30,9 @@ @@ -1764,7 +1957,7 @@ index 08c1231..1031bb4 100644 extern void __pte_error(const char *file, int line, pte_t); extern void __pmd_error(const char *file, int line, pmd_t); extern void __pgd_error(const char *file, int line, pgd_t); -@@ -53,6 +59,17 @@ extern void __pgd_error(const char *file, int line, pgd_t); +@@ -53,6 +59,50 @@ extern void __pgd_error(const char *file, int line, pgd_t); #define pmd_ERROR(pmd) __pmd_error(__FILE__, __LINE__, pmd) #define pgd_ERROR(pgd) __pgd_error(__FILE__, __LINE__, pgd) @@ -1772,8 +1965,41 @@ index 08c1231..1031bb4 100644 +#define __HAVE_ARCH_PAX_CLOSE_KERNEL + +#ifdef CONFIG_PAX_KERNEXEC -+static inline unsigned long pax_open_kernel(void) { return 0; /* TODO */ } -+static inline unsigned long pax_close_kernel(void) { return 0; /* TODO */ } ++#include <asm/domain.h> ++#include <linux/thread_info.h> ++#include <linux/preempt.h> ++#endif ++ ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++static inline int test_domain(int domain, int domaintype) ++{ ++ return ((current_thread_info()->cpu_domain) & domain_val(domain, 3)) == domain_val(domain, domaintype); ++} ++#endif ++ ++#ifdef CONFIG_PAX_KERNEXEC ++static inline unsigned long pax_open_kernel(void) { ++#ifdef CONFIG_ARM_LPAE ++ /* TODO */ ++#else ++ preempt_disable(); ++ BUG_ON(test_domain(DOMAIN_KERNEL, DOMAIN_KERNEXEC)); ++ modify_domain(DOMAIN_KERNEL, DOMAIN_KERNEXEC); ++#endif ++ return 0; ++} ++ ++static inline unsigned long pax_close_kernel(void) { ++#ifdef CONFIG_ARM_LPAE ++ /* TODO */ ++#else ++ BUG_ON(test_domain(DOMAIN_KERNEL, DOMAIN_MANAGER)); ++ /* DOMAIN_MANAGER = "client" under KERNEXEC */ ++ modify_domain(DOMAIN_KERNEL, DOMAIN_MANAGER); ++ preempt_enable_no_resched(); ++#endif ++ return 0; ++} +#else +static inline unsigned long pax_open_kernel(void) { return 0; } +static inline unsigned long pax_close_kernel(void) { return 0; } @@ -1782,7 +2008,7 @@ index 08c1231..1031bb4 100644 /* * This is the lowest virtual address we can permit any user space * mapping to be mapped at. This is particularly important for -@@ -63,8 +80,8 @@ extern void __pgd_error(const char *file, int line, pgd_t); +@@ -63,8 +113,8 @@ extern void __pgd_error(const char *file, int line, pgd_t); /* * The pgprot_* and protection_map entries will be fixed up in runtime * to include the cachable and bufferable bits based on memory policy, @@ -1793,12 +2019,12 @@ index 08c1231..1031bb4 100644 */ #define _L_PTE_DEFAULT L_PTE_PRESENT | L_PTE_YOUNG -@@ -242,7 +259,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; } +@@ -240,7 +290,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; } static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) { -- const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER; -+ const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER | __supported_pte_mask; +- const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER | L_PTE_NONE; ++ const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER | L_PTE_NONE | __supported_pte_mask; pte_val(pte) = (pte_val(pte) & ~mask) | (pgprot_val(newprot) & mask); return pte; } @@ -1815,11 +2041,27 @@ index f3628fb..a0672dd 100644 #ifndef MULTI_CPU extern void cpu_proc_init(void); +diff --git a/arch/arm/include/asm/processor.h b/arch/arm/include/asm/processor.h +index 06e7d50..8a8e251 100644 +--- a/arch/arm/include/asm/processor.h ++++ b/arch/arm/include/asm/processor.h +@@ -65,9 +65,8 @@ struct thread_struct { + regs->ARM_cpsr |= PSR_ENDSTATE; \ + regs->ARM_pc = pc & ~1; /* pc */ \ + regs->ARM_sp = sp; /* sp */ \ +- regs->ARM_r2 = stack[2]; /* r2 (envp) */ \ +- regs->ARM_r1 = stack[1]; /* r1 (argv) */ \ +- regs->ARM_r0 = stack[0]; /* r0 (argc) */ \ ++ /* r2 (envp), r1 (argv), r0 (argc) */ \ ++ (void)copy_from_user(®s->ARM_r0, (const char __user *)stack, 3 * sizeof(unsigned long)); \ + nommu_start_thread(regs); \ + }) + diff --git a/arch/arm/include/asm/smp.h b/arch/arm/include/asm/smp.h -index 2e3be16..4dc90fc 100644 +index d3a22be..3a69ad5 100644 --- a/arch/arm/include/asm/smp.h +++ b/arch/arm/include/asm/smp.h -@@ -106,7 +106,7 @@ struct smp_operations { +@@ -107,7 +107,7 @@ struct smp_operations { int (*cpu_disable)(unsigned int cpu); #endif #endif @@ -1829,40 +2071,161 @@ index 2e3be16..4dc90fc 100644 /* * set platform specific SMP operations diff --git a/arch/arm/include/asm/thread_info.h b/arch/arm/include/asm/thread_info.h -index 8477b4c..801a6a9 100644 +index cddda1f..ff357f7 100644 --- a/arch/arm/include/asm/thread_info.h +++ b/arch/arm/include/asm/thread_info.h -@@ -151,6 +151,12 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, - #define TIF_SYSCALL_TRACE 8 +@@ -77,9 +77,9 @@ struct thread_info { + .flags = 0, \ + .preempt_count = INIT_PREEMPT_COUNT, \ + .addr_limit = KERNEL_DS, \ +- .cpu_domain = domain_val(DOMAIN_USER, DOMAIN_MANAGER) | \ +- domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \ +- domain_val(DOMAIN_IO, DOMAIN_CLIENT), \ ++ .cpu_domain = domain_val(DOMAIN_USER, DOMAIN_USERCLIENT) | \ ++ domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT) | \ ++ domain_val(DOMAIN_IO, DOMAIN_KERNELCLIENT), \ + .restart_block = { \ + .fn = do_no_restart_syscall, \ + }, \ +@@ -152,6 +152,12 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, #define TIF_SYSCALL_AUDIT 9 #define TIF_SYSCALL_TRACEPOINT 10 + #define TIF_SECCOMP 11 /* seccomp syscall filtering active */ + +/* within 8 bits of TIF_SYSCALL_TRACE -+ to meet flexible second operand requirements -+*/ -+#define TIF_GRSEC_SETXID 11 ++ * to meet flexible second operand requirements ++ */ ++#define TIF_GRSEC_SETXID 12 + #define TIF_USING_IWMMXT 17 #define TIF_MEMDIE 18 /* is terminating due to OOM killer */ #define TIF_RESTORE_SIGMASK 20 -@@ -165,9 +171,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, +@@ -165,10 +171,11 @@ extern int vfp_restore_user_hwstate(struct user_vfp __user *, #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) - #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) #define _TIF_SECCOMP (1 << TIF_SECCOMP) + #define _TIF_USING_IWMMXT (1 << TIF_USING_IWMMXT) +#define _TIF_GRSEC_SETXID (1 << TIF_GRSEC_SETXID) /* Checks for any syscall work in entry-common.S */ --#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_SYSCALL_TRACEPOINT) -+#define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | _TIF_SYSCALL_TRACEPOINT | \ -+ _TIF_GRSEC_SETXID) + #define _TIF_SYSCALL_WORK (_TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT | \ +- _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP) ++ _TIF_SYSCALL_TRACEPOINT | _TIF_SECCOMP | _TIF_GRSEC_SETXID) /* * Change these and you break ASM code in entry-common.S diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h -index 7e1f760..f2c37b1 100644 +index 7e1f760..752fcb7 100644 --- a/arch/arm/include/asm/uaccess.h +++ b/arch/arm/include/asm/uaccess.h -@@ -418,8 +418,23 @@ do { \ +@@ -18,6 +18,7 @@ + #include <asm/domain.h> + #include <asm/unified.h> + #include <asm/compiler.h> ++#include <asm/pgtable.h> + + #define VERIFY_READ 0 + #define VERIFY_WRITE 1 +@@ -60,10 +61,34 @@ extern int __put_user_bad(void); + #define USER_DS TASK_SIZE + #define get_fs() (current_thread_info()->addr_limit) + ++static inline void pax_open_userland(void) ++{ ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ if (get_fs() == USER_DS) { ++ BUG_ON(test_domain(DOMAIN_USER, DOMAIN_UDEREF)); ++ modify_domain(DOMAIN_USER, DOMAIN_UDEREF); ++ } ++#endif ++ ++} ++ ++static inline void pax_close_userland(void) ++{ ++ ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ if (get_fs() == USER_DS) { ++ BUG_ON(test_domain(DOMAIN_USER, DOMAIN_NOACCESS)); ++ modify_domain(DOMAIN_USER, DOMAIN_NOACCESS); ++ } ++#endif ++ ++} ++ + static inline void set_fs(mm_segment_t fs) + { + current_thread_info()->addr_limit = fs; +- modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_CLIENT : DOMAIN_MANAGER); ++ modify_domain(DOMAIN_KERNEL, fs ? DOMAIN_KERNELCLIENT : DOMAIN_MANAGER); + } + + #define segment_eq(a,b) ((a) == (b)) +@@ -143,8 +168,12 @@ extern int __get_user_4(void *); + + #define get_user(x,p) \ + ({ \ ++ int __e; \ + might_fault(); \ +- __get_user_check(x,p); \ ++ pax_open_userland(); \ ++ __e = __get_user_check(x,p); \ ++ pax_close_userland(); \ ++ __e; \ + }) + + extern int __put_user_1(void *, unsigned int); +@@ -188,8 +217,12 @@ extern int __put_user_8(void *, unsigned long long); + + #define put_user(x,p) \ + ({ \ ++ int __e; \ + might_fault(); \ +- __put_user_check(x,p); \ ++ pax_open_userland(); \ ++ __e = __put_user_check(x,p); \ ++ pax_close_userland(); \ ++ __e; \ + }) + + #else /* CONFIG_MMU */ +@@ -230,13 +263,17 @@ static inline void set_fs(mm_segment_t fs) + #define __get_user(x,ptr) \ + ({ \ + long __gu_err = 0; \ ++ pax_open_userland(); \ + __get_user_err((x),(ptr),__gu_err); \ ++ pax_close_userland(); \ + __gu_err; \ + }) + + #define __get_user_error(x,ptr,err) \ + ({ \ ++ pax_open_userland(); \ + __get_user_err((x),(ptr),err); \ ++ pax_close_userland(); \ + (void) 0; \ + }) + +@@ -312,13 +349,17 @@ do { \ + #define __put_user(x,ptr) \ + ({ \ + long __pu_err = 0; \ ++ pax_open_userland(); \ + __put_user_err((x),(ptr),__pu_err); \ ++ pax_close_userland(); \ + __pu_err; \ + }) + + #define __put_user_error(x,ptr,err) \ + ({ \ ++ pax_open_userland(); \ + __put_user_err((x),(ptr),err); \ ++ pax_close_userland(); \ + (void) 0; \ + }) + +@@ -418,11 +459,44 @@ do { \ #ifdef CONFIG_MMU @@ -1873,22 +2236,44 @@ index 7e1f760..f2c37b1 100644 + +static inline unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n) +{ -+ check_object_size(to, n, false); ++ unsigned long ret; + -+ return ___copy_from_user(to, from, n); ++ check_object_size(to, n, false); ++ pax_open_userland(); ++ ret = ___copy_from_user(to, from, n); ++ pax_close_userland(); ++ return ret; +} + +static inline unsigned long __must_check __copy_to_user(void __user *to, const void *from, unsigned long n) +{ -+ check_object_size(from, n, true); ++ unsigned long ret; + -+ return ___copy_to_user(to, from, n); ++ check_object_size(from, n, true); ++ pax_open_userland(); ++ ret = ___copy_to_user(to, from, n); ++ pax_close_userland(); ++ return ret; +} + extern unsigned long __must_check __copy_to_user_std(void __user *to, const void *from, unsigned long n); - extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n); +-extern unsigned long __must_check __clear_user(void __user *addr, unsigned long n); ++extern unsigned long __must_check ___clear_user(void __user *addr, unsigned long n); extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned long n); -@@ -431,6 +446,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l ++ ++static inline unsigned long __must_check __clear_user(void __user *addr, unsigned long n) ++{ ++ unsigned long ret; ++ pax_open_userland(); ++ ret = ___clear_user(addr, n); ++ pax_close_userland(); ++ return ret; ++} ++ + #else + #define __copy_from_user(to,from,n) (memcpy(to, (void __force *)from, n), 0) + #define __copy_to_user(to,from,n) (memcpy((void __force *)to, from, n), 0) +@@ -431,6 +505,9 @@ extern unsigned long __must_check __clear_user_std(void __user *addr, unsigned l static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { @@ -1898,7 +2283,7 @@ index 7e1f760..f2c37b1 100644 if (access_ok(VERIFY_READ, from, n)) n = __copy_from_user(to, from, n); else /* security hole - plug it */ -@@ -440,6 +458,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u +@@ -440,6 +517,9 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __u static inline unsigned long __must_check copy_to_user(void __user *to, const void *from, unsigned long n) { @@ -1936,8 +2321,364 @@ index 60d3b73..9168db0 100644 EXPORT_SYMBOL(__clear_user); EXPORT_SYMBOL(__get_user_1); +diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S +index 0f82098..3dbd3ee 100644 +--- a/arch/arm/kernel/entry-armv.S ++++ b/arch/arm/kernel/entry-armv.S +@@ -47,6 +47,87 @@ + 9997: + .endm + ++ .macro pax_enter_kernel ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ @ make aligned space for saved DACR ++ sub sp, sp, #8 ++ @ save regs ++ stmdb sp!, {r1, r2} ++ @ read DACR from cpu_domain into r1 ++ mov r2, sp ++ @ assume 8K pages, since we have to split the immediate in two ++ bic r2, r2, #(0x1fc0) ++ bic r2, r2, #(0x3f) ++ ldr r1, [r2, #TI_CPU_DOMAIN] ++ @ store old DACR on stack ++ str r1, [sp, #8] ++#ifdef CONFIG_PAX_KERNEXEC ++ @ set type of DOMAIN_KERNEL to DOMAIN_KERNELCLIENT ++ bic r1, r1, #(domain_val(DOMAIN_KERNEL, 3)) ++ orr r1, r1, #(domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT)) ++#endif ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ @ set current DOMAIN_USER to DOMAIN_NOACCESS ++ bic r1, r1, #(domain_val(DOMAIN_USER, 3)) ++#endif ++ @ write r1 to current_thread_info()->cpu_domain ++ str r1, [r2, #TI_CPU_DOMAIN] ++ @ write r1 to DACR ++ mcr p15, 0, r1, c3, c0, 0 ++ @ instruction sync ++ instr_sync ++ @ restore regs ++ ldmia sp!, {r1, r2} ++#endif ++ .endm ++ ++ .macro pax_open_userland ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ @ save regs ++ stmdb sp!, {r0, r1} ++ @ read DACR from cpu_domain into r1 ++ mov r0, sp ++ @ assume 8K pages, since we have to split the immediate in two ++ bic r0, r0, #(0x1fc0) ++ bic r0, r0, #(0x3f) ++ ldr r1, [r0, #TI_CPU_DOMAIN] ++ @ set current DOMAIN_USER to DOMAIN_CLIENT ++ bic r1, r1, #(domain_val(DOMAIN_USER, 3)) ++ orr r1, r1, #(domain_val(DOMAIN_USER, DOMAIN_UDEREF)) ++ @ write r1 to current_thread_info()->cpu_domain ++ str r1, [r0, #TI_CPU_DOMAIN] ++ @ write r1 to DACR ++ mcr p15, 0, r1, c3, c0, 0 ++ @ instruction sync ++ instr_sync ++ @ restore regs ++ ldmia sp!, {r0, r1} ++#endif ++ .endm ++ ++ .macro pax_close_userland ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ @ save regs ++ stmdb sp!, {r0, r1} ++ @ read DACR from cpu_domain into r1 ++ mov r0, sp ++ @ assume 8K pages, since we have to split the immediate in two ++ bic r0, r0, #(0x1fc0) ++ bic r0, r0, #(0x3f) ++ ldr r1, [r0, #TI_CPU_DOMAIN] ++ @ set current DOMAIN_USER to DOMAIN_NOACCESS ++ bic r1, r1, #(domain_val(DOMAIN_USER, 3)) ++ @ write r1 to current_thread_info()->cpu_domain ++ str r1, [r0, #TI_CPU_DOMAIN] ++ @ write r1 to DACR ++ mcr p15, 0, r1, c3, c0, 0 ++ @ instruction sync ++ instr_sync ++ @ restore regs ++ ldmia sp!, {r0, r1} ++#endif ++ .endm ++ + .macro pabt_helper + @ PABORT handler takes pt_regs in r2, fault address in r4 and psr in r5 + #ifdef MULTI_PABORT +@@ -89,11 +170,15 @@ + * Invalid mode handlers + */ + .macro inv_entry, reason ++ ++ pax_enter_kernel ++ + sub sp, sp, #S_FRAME_SIZE + ARM( stmib sp, {r1 - lr} ) + THUMB( stmia sp, {r0 - r12} ) + THUMB( str sp, [sp, #S_SP] ) + THUMB( str lr, [sp, #S_LR] ) ++ + mov r1, #\reason + .endm + +@@ -149,7 +234,11 @@ ENDPROC(__und_invalid) + .macro svc_entry, stack_hole=0 + UNWIND(.fnstart ) + UNWIND(.save {r0 - pc} ) ++ ++ pax_enter_kernel ++ + sub sp, sp, #(S_FRAME_SIZE + \stack_hole - 4) ++ + #ifdef CONFIG_THUMB2_KERNEL + SPFIX( str r0, [sp] ) @ temporarily saved + SPFIX( mov r0, sp ) +@@ -164,7 +253,12 @@ ENDPROC(__und_invalid) + ldmia r0, {r3 - r5} + add r7, sp, #S_SP - 4 @ here for interlock avoidance + mov r6, #-1 @ "" "" "" "" ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ @ offset sp by 8 as done in pax_enter_kernel ++ add r2, sp, #(S_FRAME_SIZE + \stack_hole + 4) ++#else + add r2, sp, #(S_FRAME_SIZE + \stack_hole - 4) ++#endif + SPFIX( addeq r2, r2, #4 ) + str r3, [sp, #-4]! @ save the "real" r0 copied + @ from the exception stack +@@ -359,6 +453,9 @@ ENDPROC(__pabt_svc) + .macro usr_entry + UNWIND(.fnstart ) + UNWIND(.cantunwind ) @ don't unwind the user space ++ ++ pax_enter_kernel_user ++ + sub sp, sp, #S_FRAME_SIZE + ARM( stmib sp, {r1 - r12} ) + THUMB( stmia sp, {r0 - r12} ) +@@ -456,7 +553,9 @@ __und_usr: + tst r3, #PSR_T_BIT @ Thumb mode? + bne __und_usr_thumb + sub r4, r2, #4 @ ARM instr at LR - 4 ++ pax_open_userland + 1: ldrt r0, [r4] ++ pax_close_userland + #ifdef CONFIG_CPU_ENDIAN_BE8 + rev r0, r0 @ little endian instruction + #endif +@@ -491,10 +590,14 @@ __und_usr_thumb: + */ + .arch armv6t2 + #endif ++ pax_open_userland + 2: ldrht r5, [r4] ++ pax_close_userland + cmp r5, #0xe800 @ 32bit instruction if xx != 0 + blo __und_usr_fault_16 @ 16bit undefined instruction ++ pax_open_userland + 3: ldrht r0, [r2] ++ pax_close_userland + add r2, r2, #2 @ r2 is PC + 2, make it PC + 4 + str r2, [sp, #S_PC] @ it's a 2x16bit instr, update + orr r0, r0, r5, lsl #16 +@@ -733,7 +836,7 @@ ENTRY(__switch_to) + THUMB( stmia ip!, {r4 - sl, fp} ) @ Store most regs on stack + THUMB( str sp, [ip], #4 ) + THUMB( str lr, [ip], #4 ) +-#ifdef CONFIG_CPU_USE_DOMAINS ++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) + ldr r6, [r2, #TI_CPU_DOMAIN] + #endif + set_tls r3, r4, r5 +@@ -742,7 +845,7 @@ ENTRY(__switch_to) + ldr r8, =__stack_chk_guard + ldr r7, [r7, #TSK_STACK_CANARY] + #endif +-#ifdef CONFIG_CPU_USE_DOMAINS ++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) + mcr p15, 0, r6, c3, c0, 0 @ Set domain register + #endif + mov r5, r0 +diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S +index a6c301e..908821b 100644 +--- a/arch/arm/kernel/entry-common.S ++++ b/arch/arm/kernel/entry-common.S +@@ -10,18 +10,46 @@ + + #include <asm/unistd.h> + #include <asm/ftrace.h> ++#include <asm/domain.h> + #include <asm/unwind.h> + ++#include "entry-header.S" ++ + #ifdef CONFIG_NEED_RET_TO_USER + #include <mach/entry-macro.S> + #else + .macro arch_ret_to_user, tmp1, tmp2 ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ @ save regs ++ stmdb sp!, {r1, r2} ++ @ read DACR from cpu_domain into r1 ++ mov r2, sp ++ @ assume 8K pages, since we have to split the immediate in two ++ bic r2, r2, #(0x1fc0) ++ bic r2, r2, #(0x3f) ++ ldr r1, [r2, #TI_CPU_DOMAIN] ++#ifdef CONFIG_PAX_KERNEXEC ++ @ set type of DOMAIN_KERNEL to DOMAIN_KERNELCLIENT ++ bic r1, r1, #(domain_val(DOMAIN_KERNEL, 3)) ++ orr r1, r1, #(domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT)) ++#endif ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ @ set current DOMAIN_USER to DOMAIN_UDEREF ++ bic r1, r1, #(domain_val(DOMAIN_USER, 3)) ++ orr r1, r1, #(domain_val(DOMAIN_USER, DOMAIN_UDEREF)) ++#endif ++ @ write r1 to current_thread_info()->cpu_domain ++ str r1, [r2, #TI_CPU_DOMAIN] ++ @ write r1 to DACR ++ mcr p15, 0, r1, c3, c0, 0 ++ @ instruction sync ++ instr_sync ++ @ restore regs ++ ldmia sp!, {r1, r2} ++#endif + .endm + #endif + +-#include "entry-header.S" +- +- + .align 5 + /* + * This is the fast syscall return path. We do as little as +@@ -339,6 +367,7 @@ ENDPROC(ftrace_stub) + + .align 5 + ENTRY(vector_swi) ++ + sub sp, sp, #S_FRAME_SIZE + stmia sp, {r0 - r12} @ Calling r0 - r12 + ARM( add r8, sp, #S_PC ) +@@ -388,6 +417,12 @@ ENTRY(vector_swi) + ldr scno, [lr, #-4] @ get SWI instruction + #endif + ++ /* ++ * do this here to avoid a performance hit of wrapping the code above ++ * that directly dereferences userland to parse the SWI instruction ++ */ ++ pax_enter_kernel_user ++ + #ifdef CONFIG_ALIGNMENT_TRAP + ldr ip, __cr_alignment + ldr ip, [ip] +diff --git a/arch/arm/kernel/entry-header.S b/arch/arm/kernel/entry-header.S +index 9a8531e..812e287 100644 +--- a/arch/arm/kernel/entry-header.S ++++ b/arch/arm/kernel/entry-header.S +@@ -73,9 +73,66 @@ + msr cpsr_c, \rtemp @ switch back to the SVC mode + .endm + ++ .macro pax_enter_kernel_user ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ @ save regs ++ stmdb sp!, {r0, r1} ++ @ read DACR from cpu_domain into r1 ++ mov r0, sp ++ @ assume 8K pages, since we have to split the immediate in two ++ bic r0, r0, #(0x1fc0) ++ bic r0, r0, #(0x3f) ++ ldr r1, [r0, #TI_CPU_DOMAIN] ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ @ set current DOMAIN_USER to DOMAIN_NOACCESS ++ bic r1, r1, #(domain_val(DOMAIN_USER, 3)) ++#endif ++#ifdef CONFIG_PAX_KERNEXEC ++ @ set current DOMAIN_KERNEL to DOMAIN_KERNELCLIENT ++ bic r1, r1, #(domain_val(DOMAIN_KERNEL, 3)) ++ orr r1, r1, #(domain_val(DOMAIN_KERNEL, DOMAIN_KERNELCLIENT)) ++#endif ++ @ write r1 to current_thread_info()->cpu_domain ++ str r1, [r0, #TI_CPU_DOMAIN] ++ @ write r1 to DACR ++ mcr p15, 0, r1, c3, c0, 0 ++ @ instruction sync ++ instr_sync ++ @ restore regs ++ ldmia sp!, {r0, r1} ++#endif ++ .endm ++ ++ .macro pax_exit_kernel ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ @ save regs ++ stmdb sp!, {r0, r1} ++ @ read old DACR from stack into r1 ++ ldr r1, [sp, #(8 + S_SP)] ++ sub r1, r1, #8 ++ ldr r1, [r1] ++ ++ @ write r1 to current_thread_info()->cpu_domain ++ mov r0, sp ++ @ assume 8K pages, since we have to split the immediate in two ++ bic r0, r0, #(0x1fc0) ++ bic r0, r0, #(0x3f) ++ str r1, [r0, #TI_CPU_DOMAIN] ++ @ write r1 to DACR ++ mcr p15, 0, r1, c3, c0, 0 ++ @ instruction sync ++ instr_sync ++ @ restore regs ++ ldmia sp!, {r0, r1} ++#endif ++ .endm ++ + #ifndef CONFIG_THUMB2_KERNEL + .macro svc_exit, rpsr + msr spsr_cxsf, \rpsr ++ ++ pax_exit_kernel ++ + #if defined(CONFIG_CPU_V6) + ldr r0, [sp] + strex r1, r2, [sp] @ clear the exclusive monitor +@@ -121,6 +178,9 @@ + .endm + #else /* CONFIG_THUMB2_KERNEL */ + .macro svc_exit, rpsr ++ ++ pax_exit_kernel ++ + ldr lr, [sp, #S_SP] @ top of the stack + ldrd r0, r1, [sp, #S_LR] @ calling lr and pc + clrex @ clear the exclusive monitor +diff --git a/arch/arm/kernel/fiq.c b/arch/arm/kernel/fiq.c +index 2adda11..7fbe958 100644 +--- a/arch/arm/kernel/fiq.c ++++ b/arch/arm/kernel/fiq.c +@@ -82,7 +82,9 @@ void set_fiq_handler(void *start, unsigned int length) + #if defined(CONFIG_CPU_USE_DOMAINS) + memcpy((void *)0xffff001c, start, length); + #else ++ pax_open_kernel(); + memcpy(vectors_page + 0x1c, start, length); ++ pax_close_kernel(); + #endif + flush_icache_range(0xffff001c, 0xffff001c + length); + if (!vectors_high()) diff --git a/arch/arm/kernel/head.S b/arch/arm/kernel/head.S -index 486a15a..d95523a 100644 +index 486a15a..2d6880e 100644 --- a/arch/arm/kernel/head.S +++ b/arch/arm/kernel/head.S @@ -52,7 +52,9 @@ @@ -1951,6 +2692,28 @@ index 486a15a..d95523a 100644 .endm /* +@@ -416,7 +418,7 @@ __enable_mmu: + mov r5, #(domain_val(DOMAIN_USER, DOMAIN_MANAGER) | \ + domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \ + domain_val(DOMAIN_TABLE, DOMAIN_MANAGER) | \ +- domain_val(DOMAIN_IO, DOMAIN_CLIENT)) ++ domain_val(DOMAIN_IO, DOMAIN_KERNELCLIENT)) + mcr p15, 0, r5, c3, c0, 0 @ load domain access register + mcr p15, 0, r4, c2, c0, 0 @ load page table pointer + #endif +diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c +index 5ff2e77..556d030 100644 +--- a/arch/arm/kernel/hw_breakpoint.c ++++ b/arch/arm/kernel/hw_breakpoint.c +@@ -1011,7 +1011,7 @@ static int __cpuinit dbg_reset_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata dbg_reset_nb = { ++static struct notifier_block dbg_reset_nb = { + .notifier_call = dbg_reset_notify, + }; + diff --git a/arch/arm/kernel/module.c b/arch/arm/kernel/module.c index 1e9be5d..03edbc2 100644 --- a/arch/arm/kernel/module.c @@ -1995,8 +2758,21 @@ index 1e9be5d..03edbc2 100644 #endif int +diff --git a/arch/arm/kernel/perf_event_cpu.c b/arch/arm/kernel/perf_event_cpu.c +index 5f66206..dce492f 100644 +--- a/arch/arm/kernel/perf_event_cpu.c ++++ b/arch/arm/kernel/perf_event_cpu.c +@@ -171,7 +171,7 @@ static int __cpuinit cpu_pmu_notify(struct notifier_block *b, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata cpu_pmu_hotplug_notifier = { ++static struct notifier_block cpu_pmu_hotplug_notifier = { + .notifier_call = cpu_pmu_notify, + }; + diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c -index 90084a6..a8b26bc 100644 +index c6dec5f..f853532 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -28,7 +28,6 @@ @@ -2030,7 +2806,7 @@ index 90084a6..a8b26bc 100644 printk("pc : [<%08lx>] lr : [<%08lx>] psr: %08lx\n" "sp : %08lx ip : %08lx fp : %08lx\n", regs->ARM_pc, regs->ARM_lr, regs->ARM_cpsr, -@@ -451,12 +451,6 @@ unsigned long get_wchan(struct task_struct *p) +@@ -452,12 +452,6 @@ unsigned long get_wchan(struct task_struct *p) return 0; } @@ -2044,22 +2820,19 @@ index 90084a6..a8b26bc 100644 /* * The vectors page is always readable from user space for the diff --git a/arch/arm/kernel/ptrace.c b/arch/arm/kernel/ptrace.c -index 739db3a..7f4a272 100644 +index 03deeff..741ce88 100644 --- a/arch/arm/kernel/ptrace.c +++ b/arch/arm/kernel/ptrace.c -@@ -916,6 +916,10 @@ enum ptrace_syscall_dir { - PTRACE_SYSCALL_EXIT, - }; +@@ -937,10 +937,19 @@ static int tracehook_report_syscall(struct pt_regs *regs, + return current_thread_info()->syscall; + } +#ifdef CONFIG_GRKERNSEC_SETXID +extern void gr_delayed_cred_worker(void); +#endif + - static int ptrace_syscall_trace(struct pt_regs *regs, int scno, - enum ptrace_syscall_dir dir) + asmlinkage int syscall_trace_enter(struct pt_regs *regs, int scno) { -@@ -923,6 +927,11 @@ static int ptrace_syscall_trace(struct pt_regs *regs, int scno, - current_thread_info()->syscall = scno; +#ifdef CONFIG_GRKERNSEC_SETXID @@ -2067,11 +2840,11 @@ index 739db3a..7f4a272 100644 + gr_delayed_cred_worker(); +#endif + - if (!test_thread_flag(TIF_SYSCALL_TRACE)) - return scno; - + /* Do the secure computing check first; failures should be fast. */ + if (secure_computing(scno) == -1) + return -1; diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c -index da1d1aa..ef9bc58 100644 +index 3f6cbb2..6d856f5 100644 --- a/arch/arm/kernel/setup.c +++ b/arch/arm/kernel/setup.c @@ -97,21 +97,23 @@ EXPORT_SYMBOL(system_serial_high); @@ -2119,7 +2892,7 @@ index da1d1aa..ef9bc58 100644 (mmfr0 & 0x000000f0) == 0x00000020) cpu_arch = CPU_ARCH_ARMv6; else -@@ -455,7 +461,7 @@ static void __init setup_processor(void) +@@ -462,7 +468,7 @@ static void __init setup_processor(void) __cpu_architecture = __get_cpu_architecture(); #ifdef MULTI_CPU @@ -2129,7 +2902,7 @@ index da1d1aa..ef9bc58 100644 #ifdef MULTI_TLB cpu_tlb = *list->tlb; diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c -index fbc8b26..000ded0 100644 +index 84f4cbf..672f5b8 100644 --- a/arch/arm/kernel/smp.c +++ b/arch/arm/kernel/smp.c @@ -70,7 +70,7 @@ enum ipi_msg_type { @@ -2142,7 +2915,7 @@ index fbc8b26..000ded0 100644 void __init smp_set_ops(struct smp_operations *ops) { diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index b0179b8..7713948 100644 +index b0179b8..b7b16c7 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c @@ -57,7 +57,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long); @@ -2173,8 +2946,29 @@ index b0179b8..7713948 100644 if (signr) do_exit(signr); } +@@ -601,7 +606,9 @@ asmlinkage int arm_syscall(int no, struct pt_regs *regs) + * The user helper at 0xffff0fe0 must be used instead. + * (see entry-armv.S for details) + */ ++ pax_open_kernel(); + *((unsigned int *)0xffff0ff0) = regs->ARM_r0; ++ pax_close_kernel(); + } + return 0; + +@@ -849,5 +856,9 @@ void __init early_trap_init(void *vectors_base) + sigreturn_codes, sizeof(sigreturn_codes)); + + flush_icache_range(vectors, vectors + PAGE_SIZE); +- modify_domain(DOMAIN_USER, DOMAIN_CLIENT); ++ ++#ifndef CONFIG_PAX_MEMORY_UDEREF ++ modify_domain(DOMAIN_USER, DOMAIN_USERCLIENT); ++#endif ++ + } diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S -index 36ff15b..75d9e9d 100644 +index 11c1785..c67d54c 100644 --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S @@ -8,7 +8,11 @@ @@ -2202,7 +2996,7 @@ index 36ff15b..75d9e9d 100644 .text : { /* Real text segment */ _stext = .; /* Text and read-only data */ __exception_text_start = .; -@@ -133,6 +142,10 @@ SECTIONS +@@ -144,6 +153,10 @@ SECTIONS _etext = .; /* End of text and rodata section */ @@ -2213,7 +3007,7 @@ index 36ff15b..75d9e9d 100644 #ifndef CONFIG_XIP_KERNEL . = ALIGN(PAGE_SIZE); __init_begin = .; -@@ -192,6 +205,11 @@ SECTIONS +@@ -203,6 +216,11 @@ SECTIONS . = PAGE_OFFSET + TEXT_OFFSET; #else __init_end = .; @@ -2225,6 +3019,36 @@ index 36ff15b..75d9e9d 100644 . = ALIGN(THREAD_SIZE); __data_loc = .; #endif +diff --git a/arch/arm/lib/clear_user.S b/arch/arm/lib/clear_user.S +index 14a0d98..7771a7d 100644 +--- a/arch/arm/lib/clear_user.S ++++ b/arch/arm/lib/clear_user.S +@@ -12,14 +12,14 @@ + + .text + +-/* Prototype: int __clear_user(void *addr, size_t sz) ++/* Prototype: int ___clear_user(void *addr, size_t sz) + * Purpose : clear some user memory + * Params : addr - user memory address to clear + * : sz - number of bytes to clear + * Returns : number of bytes NOT cleared + */ + ENTRY(__clear_user_std) +-WEAK(__clear_user) ++WEAK(___clear_user) + stmfd sp!, {r1, lr} + mov r2, #0 + cmp r1, #4 +@@ -44,7 +44,7 @@ WEAK(__clear_user) + USER( strnebt r2, [r0]) + mov r0, #0 + ldmfd sp!, {r1, pc} +-ENDPROC(__clear_user) ++ENDPROC(___clear_user) + ENDPROC(__clear_user_std) + + .pushsection .fixup,"ax" diff --git a/arch/arm/lib/copy_from_user.S b/arch/arm/lib/copy_from_user.S index 66a477a..bee61d3 100644 --- a/arch/arm/lib/copy_from_user.S @@ -2291,6 +3115,21 @@ index d066df6..df28194 100644 ENDPROC(__copy_to_user_std) .pushsection .fixup,"ax" +diff --git a/arch/arm/lib/csumpartialcopyuser.S b/arch/arm/lib/csumpartialcopyuser.S +index 7d08b43..f7ca7ea 100644 +--- a/arch/arm/lib/csumpartialcopyuser.S ++++ b/arch/arm/lib/csumpartialcopyuser.S +@@ -57,8 +57,8 @@ + * Returns : r0 = checksum, [[sp, #0], #0] = 0 or -EFAULT + */ + +-#define FN_ENTRY ENTRY(csum_partial_copy_from_user) +-#define FN_EXIT ENDPROC(csum_partial_copy_from_user) ++#define FN_ENTRY ENTRY(__csum_partial_copy_from_user) ++#define FN_EXIT ENDPROC(__csum_partial_copy_from_user) + + #include "csumpartialcopygeneric.S" + diff --git a/arch/arm/lib/delay.c b/arch/arm/lib/delay.c index 0dc5385..45833ef 100644 --- a/arch/arm/lib/delay.c @@ -2349,7 +3188,7 @@ index 025f742..8432b08 100644 /* * This test is stubbed out of the main function above to keep diff --git a/arch/arm/mach-kirkwood/common.c b/arch/arm/mach-kirkwood/common.c -index 2c6c218..2b87c2d 100644 +index bac21a5..b67ef8e 100644 --- a/arch/arm/mach-kirkwood/common.c +++ b/arch/arm/mach-kirkwood/common.c @@ -150,7 +150,16 @@ static void clk_gate_fn_disable(struct clk_hw *hw) @@ -2386,10 +3225,10 @@ index 2c6c218..2b87c2d 100644 if (IS_ERR(clk)) diff --git a/arch/arm/mach-omap2/board-n8x0.c b/arch/arm/mach-omap2/board-n8x0.c -index d95f727..12f10dd 100644 +index 0abb30f..54064da 100644 --- a/arch/arm/mach-omap2/board-n8x0.c +++ b/arch/arm/mach-omap2/board-n8x0.c -@@ -589,7 +589,7 @@ static int n8x0_menelaus_late_init(struct device *dev) +@@ -631,7 +631,7 @@ static int n8x0_menelaus_late_init(struct device *dev) } #endif @@ -2398,14 +3237,27 @@ index d95f727..12f10dd 100644 .late_init = n8x0_menelaus_late_init, }; +diff --git a/arch/arm/mach-omap2/omap-wakeupgen.c b/arch/arm/mach-omap2/omap-wakeupgen.c +index 5d3b4f4..ddba3c0 100644 +--- a/arch/arm/mach-omap2/omap-wakeupgen.c ++++ b/arch/arm/mach-omap2/omap-wakeupgen.c +@@ -340,7 +340,7 @@ static int __cpuinit irq_cpu_hotplug_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata irq_hotplug_notifier = { ++static struct notifier_block irq_hotplug_notifier = { + .notifier_call = irq_cpu_hotplug_notify, + }; + diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c -index 87cc6d0..fd4f248 100644 +index 4653efb..8c60bf7 100644 --- a/arch/arm/mach-omap2/omap_hwmod.c +++ b/arch/arm/mach-omap2/omap_hwmod.c @@ -189,10 +189,10 @@ struct omap_hwmod_soc_ops { - int (*is_hardreset_asserted)(struct omap_hwmod *oh, - struct omap_hwmod_rst_info *ohri); int (*init_clkdm)(struct omap_hwmod *oh); + void (*update_context_lost)(struct omap_hwmod *oh); + int (*get_context_lost)(struct omap_hwmod *oh); -}; +} __no_const; @@ -2415,8 +3267,47 @@ index 87cc6d0..fd4f248 100644 /* omap_hwmod_list contains all registered struct omap_hwmods */ static LIST_HEAD(omap_hwmod_list); +diff --git a/arch/arm/mach-ux500/include/mach/setup.h b/arch/arm/mach-ux500/include/mach/setup.h +index 6be4c4d..32ac32a 100644 +--- a/arch/arm/mach-ux500/include/mach/setup.h ++++ b/arch/arm/mach-ux500/include/mach/setup.h +@@ -38,13 +38,6 @@ extern struct sys_timer ux500_timer; + .type = MT_DEVICE, \ + } + +-#define __MEM_DEV_DESC(x, sz) { \ +- .virtual = IO_ADDRESS(x), \ +- .pfn = __phys_to_pfn(x), \ +- .length = sz, \ +- .type = MT_MEMORY, \ +-} +- + extern struct smp_operations ux500_smp_ops; + extern void ux500_cpu_die(unsigned int cpu); + +diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig +index 3fd629d..8b1aca9 100644 +--- a/arch/arm/mm/Kconfig ++++ b/arch/arm/mm/Kconfig +@@ -425,7 +425,7 @@ config CPU_32v5 + + config CPU_32v6 + bool +- select CPU_USE_DOMAINS if CPU_V6 && MMU ++ select CPU_USE_DOMAINS if CPU_V6 && MMU && !PAX_KERNEXEC + select TLS_REG_EMUL if !CPU_32v6K && !MMU + + config CPU_32v6K +@@ -577,6 +577,7 @@ config CPU_CP15_MPU + + config CPU_USE_DOMAINS + bool ++ depends on !ARM_LPAE && !PAX_KERNEXEC + help + This option enables or disables the use of domain switching + via the set_fs() function. diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c -index 5dbf13f..9be36fd 100644 +index 5dbf13f..6393f55 100644 --- a/arch/arm/mm/fault.c +++ b/arch/arm/mm/fault.c @@ -25,6 +25,7 @@ @@ -2427,27 +3318,28 @@ index 5dbf13f..9be36fd 100644 #include "fault.h" -@@ -138,6 +139,19 @@ __do_kernel_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr, +@@ -138,6 +139,20 @@ __do_kernel_fault(struct mm_struct *mm, unsigned long addr, unsigned int fsr, if (fixup_exception(regs)) return; +#ifdef CONFIG_PAX_KERNEXEC -+ if (fsr & FSR_WRITE) { -+ if (((unsigned long)_stext <= addr && addr < init_mm.end_code) || (MODULES_VADDR <= addr && addr < MODULES_END)) { -+ if (current->signal->curr_ip) -+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", -+ ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid()); -+ else -+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", -+ current->comm, task_pid_nr(current), current_uid(), current_euid()); -+ } ++ if ((fsr & FSR_WRITE) && ++ (((unsigned long)_stext <= addr && addr < init_mm.end_code) || ++ (MODULES_VADDR <= addr && addr < MODULES_END))) ++ { ++ if (current->signal->curr_ip) ++ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid())); ++ else ++ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to modify kernel code\n", current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid())); + } +#endif + /* * No handler, we'll have to terminate things with extreme prejudice. */ -@@ -174,6 +188,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr, +@@ -174,6 +189,13 @@ __do_user_fault(struct task_struct *tsk, unsigned long addr, } #endif @@ -2461,7 +3353,7 @@ index 5dbf13f..9be36fd 100644 tsk->thread.address = addr; tsk->thread.error_code = fsr; tsk->thread.trap_no = 14; -@@ -398,6 +419,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) +@@ -398,6 +420,33 @@ do_page_fault(unsigned long addr, unsigned int fsr, struct pt_regs *regs) } #endif /* CONFIG_MMU */ @@ -2495,20 +3387,43 @@ index 5dbf13f..9be36fd 100644 /* * First Level Translation Fault Handler * -@@ -575,12 +623,41 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) +@@ -543,9 +592,22 @@ do_DataAbort(unsigned long addr, unsigned int fsr, struct pt_regs *regs) + const struct fsr_info *inf = fsr_info + fsr_fs(fsr); + struct siginfo info; + ++#ifdef CONFIG_PAX_MEMORY_UDEREF ++ if (addr < TASK_SIZE && is_domain_fault(fsr)) { ++ if (current->signal->curr_ip) ++ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid()), addr); ++ else ++ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to access userland memory at %08lx\n", current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid()), addr); ++ goto die; ++ } ++#endif ++ + if (!inf->fn(addr, fsr & ~FSR_LNX_PF, regs)) + return; + ++die: + printk(KERN_ALERT "Unhandled fault: %s (0x%03x) at 0x%08lx\n", + inf->name, fsr, addr); + +@@ -575,9 +637,38 @@ do_PrefetchAbort(unsigned long addr, unsigned int ifsr, struct pt_regs *regs) const struct fsr_info *inf = ifsr_info + fsr_fs(ifsr); struct siginfo info; -+#ifdef CONFIG_PAX_KERNEXEC -+ if (!user_mode(regs) && is_xn_fault(ifsr)) { ++#if defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++ if (!user_mode(regs) && (is_domain_fault(ifsr) || is_xn_fault(ifsr))) { + if (current->signal->curr_ip) -+ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", -+ ¤t->signal->curr_ip, current->comm, task_pid_nr(current), current_uid(), current_euid(), -+ addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr); ++ printk(KERN_ERR "PAX: From %pI4: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", ¤t->signal->curr_ip, current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid()), ++ addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr); + else -+ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", -+ current->comm, task_pid_nr(current), current_uid(), current_euid(), -+ addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr); ++ printk(KERN_ERR "PAX: %s:%d, uid/euid: %u/%u, attempted to execute %s memory at %08lx\n", current->comm, task_pid_nr(current), ++ from_kuid(&init_user_ns, current_uid()), from_kuid(&init_user_ns, current_euid()), ++ addr >= TASK_SIZE ? "non-executable kernel" : "userland", addr); + goto die; + } +#endif @@ -2530,15 +3445,12 @@ index 5dbf13f..9be36fd 100644 if (!inf->fn(addr, ifsr | FSR_LNX_PF, regs)) return; ++die: printk(KERN_ALERT "Unhandled prefetch abort: %s (0x%03x) at 0x%08lx\n", inf->name, ifsr, addr); -+die: - info.si_signo = inf->sig; - info.si_errno = 0; - info.si_code = inf->code; diff --git a/arch/arm/mm/fault.h b/arch/arm/mm/fault.h -index cf08bdf..f1a0383 100644 +index cf08bdf..772656c 100644 --- a/arch/arm/mm/fault.h +++ b/arch/arm/mm/fault.h @@ -3,6 +3,7 @@ @@ -2549,7 +3461,7 @@ index cf08bdf..f1a0383 100644 */ #define FSR_LNX_PF (1 << 31) #define FSR_WRITE (1 << 11) -@@ -22,6 +23,12 @@ static inline int fsr_fs(unsigned int fsr) +@@ -22,6 +23,17 @@ static inline int fsr_fs(unsigned int fsr) } #endif @@ -2559,50 +3471,67 @@ index cf08bdf..f1a0383 100644 + return ((fsr_fs(fsr) & 0x3c) == 0xc); +} + ++static inline int is_domain_fault(unsigned int fsr) ++{ ++ return ((fsr_fs(fsr) & 0xD) == 0x9); ++} ++ void do_bad_area(unsigned long addr, unsigned int fsr, struct pt_regs *regs); unsigned long search_exception_table(unsigned long addr); diff --git a/arch/arm/mm/init.c b/arch/arm/mm/init.c -index ad722f1..46b670e 100644 +index ad722f1..763fdd3 100644 --- a/arch/arm/mm/init.c +++ b/arch/arm/mm/init.c -@@ -734,9 +734,43 @@ void __init mem_init(void) +@@ -30,6 +30,8 @@ + #include <asm/setup.h> + #include <asm/tlb.h> + #include <asm/fixmap.h> ++#include <asm/system_info.h> ++#include <asm/cp15.h> - void free_initmem(void) + #include <asm/mach/arch.h> + #include <asm/mach/map.h> +@@ -736,7 +738,46 @@ void free_initmem(void) { -+ + #ifdef CONFIG_HAVE_TCM + extern char __tcm_start, __tcm_end; ++#endif + +#ifdef CONFIG_PAX_KERNEXEC + unsigned long addr; + pgd_t *pgd; + pud_t *pud; + pmd_t *pmd; -+#endif ++ int cpu_arch = cpu_architecture(); ++ unsigned int cr = get_cr(); + - #ifdef CONFIG_HAVE_TCM - extern char __tcm_start, __tcm_end; ++ if (cpu_arch >= CPU_ARCH_ARMv6 && (cr & CR_XP)) { ++ /* make pages tables, etc before .text NX */ ++ for (addr = PAGE_OFFSET; addr < (unsigned long)_stext; addr += SECTION_SIZE) { ++ pgd = pgd_offset_k(addr); ++ pud = pud_offset(pgd, addr); ++ pmd = pmd_offset(pud, addr); ++ __section_update(pmd, addr, PMD_SECT_XN); ++ } ++ /* make init NX */ ++ for (addr = (unsigned long)__init_begin; addr < (unsigned long)_sdata; addr += SECTION_SIZE) { ++ pgd = pgd_offset_k(addr); ++ pud = pud_offset(pgd, addr); ++ pmd = pmd_offset(pud, addr); ++ __section_update(pmd, addr, PMD_SECT_XN); ++ } ++ /* make kernel code/rodata RX */ ++ for (addr = (unsigned long)_stext; addr < (unsigned long)__init_begin; addr += SECTION_SIZE) { ++ pgd = pgd_offset_k(addr); ++ pud = pud_offset(pgd, addr); ++ pmd = pmd_offset(pud, addr); ++#ifdef CONFIG_ARM_LPAE ++ __section_update(pmd, addr, PMD_SECT_RDONLY); ++#else ++ __section_update(pmd, addr, PMD_SECT_APX|PMD_SECT_AP_WRITE); +#endif - -+#ifdef CONFIG_PAX_KERNEXEC -+ /* make pages tables, etc before .text NX */ -+ for (addr = PAGE_OFFSET; addr < (unsigned long)_stext; addr += PMD_SIZE) { -+ pgd = pgd_offset_k(addr); -+ pud = pud_offset(pgd, addr); -+ pmd = pmd_offset(pud, addr); -+ __pmd_update(pmd, PMD_SECT_XN); -+ } -+ /* make init NX */ -+ for (addr = (unsigned long)__init_begin; addr < (unsigned long)_sdata; addr += PMD_SIZE) { -+ pgd = pgd_offset_k(addr); -+ pud = pud_offset(pgd, addr); -+ pmd = pmd_offset(pud, addr); -+ __pmd_update(pmd, PMD_SECT_XN); -+ } -+ /* make kernel code/rodata read-only */ -+ for (addr = (unsigned long)_stext; addr < (unsigned long)__init_begin; addr += PMD_SIZE) { -+ pgd = pgd_offset_k(addr); -+ pud = pud_offset(pgd, addr); -+ pmd = pmd_offset(pud, addr); -+ __pmd_update(pmd, PMD_SECT_AP_RDONLY); ++ } + } +#endif + @@ -2610,19 +3539,35 @@ index ad722f1..46b670e 100644 poison_init_mem(&__tcm_start, &__tcm_end - &__tcm_start); totalram_pages += free_area(__phys_to_pfn(__pa(&__tcm_start)), __phys_to_pfn(__pa(&__tcm_end)), +diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c +index 88fd86c..7a224ce 100644 +--- a/arch/arm/mm/ioremap.c ++++ b/arch/arm/mm/ioremap.c +@@ -335,9 +335,9 @@ __arm_ioremap_exec(unsigned long phys_addr, size_t size, bool cached) + unsigned int mtype; + + if (cached) +- mtype = MT_MEMORY; ++ mtype = MT_MEMORY_RX; + else +- mtype = MT_MEMORY_NONCACHED; ++ mtype = MT_MEMORY_NONCACHED_RX; + + return __arm_ioremap_caller(phys_addr, size, mtype, + __builtin_return_address(0)); diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c -index ce8cb19..061aa14 100644 +index 10062ce..aa96dd7 100644 --- a/arch/arm/mm/mmap.c +++ b/arch/arm/mm/mmap.c -@@ -72,6 +72,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, - unsigned long start_addr; +@@ -59,6 +59,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, + struct vm_area_struct *vma; int do_align = 0; int aliasing = cache_is_vipt_aliasing(); + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; /* - * We only need to do colour alignment if either the I or D -@@ -93,6 +94,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -81,6 +82,10 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (len > TASK_SIZE) return -ENOMEM; @@ -2633,7 +3578,7 @@ index ce8cb19..061aa14 100644 if (addr) { if (do_align) addr = COLOUR_ALIGN(addr, pgoff); -@@ -100,15 +105,14 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -88,8 +93,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -2642,44 +3587,16 @@ index ce8cb19..061aa14 100644 + if (TASK_SIZE - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) return addr; } - if (len > mm->cached_hole_size) { -- start_addr = addr = mm->free_area_cache; -+ start_addr = addr = mm->free_area_cache; - } else { -- start_addr = addr = mm->mmap_base; -- mm->cached_hole_size = 0; -+ start_addr = addr = mm->mmap_base; -+ mm->cached_hole_size = 0; - } - full_search: -@@ -124,14 +128,14 @@ full_search: - * Start a new search - just in case we missed - * some holes. - */ -- if (start_addr != TASK_UNMAPPED_BASE) { -- start_addr = addr = TASK_UNMAPPED_BASE; -+ if (start_addr != mm->mmap_base) { -+ start_addr = addr = mm->mmap_base; - mm->cached_hole_size = 0; - goto full_search; - } - return -ENOMEM; - } -- if (!vma || addr + len <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr, len, offset)) { - /* - * Remember the place where we stopped the search: - */ -@@ -156,6 +160,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -112,6 +116,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, unsigned long addr = addr0; int do_align = 0; int aliasing = cache_is_vipt_aliasing(); + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; /* - * We only need to do colour alignment if either the I or D -@@ -175,6 +180,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -132,6 +137,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, return addr; } @@ -2690,7 +3607,7 @@ index ce8cb19..061aa14 100644 /* requesting a specific address */ if (addr) { if (do_align) -@@ -182,8 +191,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -139,8 +148,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, else addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -2700,61 +3617,31 @@ index ce8cb19..061aa14 100644 return addr; } -@@ -203,7 +211,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - /* make sure it can fit in the remaining address space */ - if (addr > len) { - vma = find_vma(mm, addr-len); -- if (!vma || addr <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr - len, len, offset)) - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr-len); +@@ -162,6 +170,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = mm->mmap_base; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = TASK_SIZE; + addr = vm_unmapped_area(&info); } -@@ -212,17 +220,17 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - goto bottomup; - - addr = mm->mmap_base - len; -- if (do_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); - - do { -+ if (do_align) -+ addr = COLOUR_ALIGN_DOWN(addr, pgoff); - /* - * Lookup failure means no vma is above this address, - * else if new region fits below vma->vm_start, - * return with success: - */ - vma = find_vma(mm, addr); -- if (!vma || addr+len <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr, len, offset)) - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr); - -@@ -231,10 +239,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - mm->cached_hole_size = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = vma->vm_start - len; -- if (do_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); -- } while (len < vma->vm_start); -+ addr = skip_heap_stack_gap(vma, len, offset); -+ } while (!IS_ERR_VALUE(addr)); - - bottomup: - /* -@@ -259,6 +265,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -173,6 +187,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) { unsigned long random_factor = 0UL; +#ifdef CONFIG_PAX_RANDMMAP -+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP)) ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) +#endif + /* 8 bits of randomness in 20 address space bits */ if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) -@@ -266,10 +276,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -180,10 +198,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; @@ -2778,89 +3665,243 @@ index ce8cb19..061aa14 100644 mm->unmap_area = arch_unmap_area_topdown; } diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c -index 99b47b9..579b667 100644 +index ce328c7..f82bebb 100644 --- a/arch/arm/mm/mmu.c +++ b/arch/arm/mm/mmu.c -@@ -227,16 +227,16 @@ static struct mem_type mem_types[] = { +@@ -35,6 +35,23 @@ + + #include "mm.h" + ++ ++#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) ++void modify_domain(unsigned int dom, unsigned int type) ++{ ++ struct thread_info *thread = current_thread_info(); ++ unsigned int domain = thread->cpu_domain; ++ /* ++ * DOMAIN_MANAGER might be defined to some other value, ++ * use the arch-defined constant ++ */ ++ domain &= ~domain_val(dom, 3); ++ thread->cpu_domain = domain | domain_val(dom, type); ++ set_domain(thread->cpu_domain); ++} ++EXPORT_SYMBOL(modify_domain); ++#endif ++ + /* + * empty_zero_page is a special page that is used for + * zero-initialized data and COW. +@@ -195,10 +212,18 @@ void adjust_cr(unsigned long mask, unsigned long set) + } + #endif + +-#define PROT_PTE_DEVICE L_PTE_PRESENT|L_PTE_YOUNG|L_PTE_DIRTY|L_PTE_XN ++#define PROT_PTE_DEVICE L_PTE_PRESENT|L_PTE_YOUNG|L_PTE_DIRTY + #define PROT_SECT_DEVICE PMD_TYPE_SECT|PMD_SECT_AP_WRITE + +-static struct mem_type mem_types[] = { ++#ifdef CONFIG_PAX_KERNEXEC ++#define L_PTE_KERNEXEC L_PTE_RDONLY ++#define PMD_SECT_KERNEXEC PMD_SECT_RDONLY ++#else ++#define L_PTE_KERNEXEC L_PTE_DIRTY ++#define PMD_SECT_KERNEXEC PMD_SECT_AP_WRITE ++#endif ++ ++static struct mem_type mem_types[] __read_only = { + [MT_DEVICE] = { /* Strongly ordered / ARMv6 shared device */ + .prot_pte = PROT_PTE_DEVICE | L_PTE_MT_DEV_SHARED | + L_PTE_SHARED, +@@ -227,16 +252,16 @@ static struct mem_type mem_types[] = { [MT_UNCACHED] = { .prot_pte = PROT_PTE_DEVICE, .prot_l1 = PMD_TYPE_TABLE, - .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN, -+ .prot_sect = PROT_SECT_DEVICE | PMD_SECT_XN, ++ .prot_sect = PROT_SECT_DEVICE, .domain = DOMAIN_IO, }, [MT_CACHECLEAN] = { - .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN, -+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN | PMD_SECT_AP_RDONLY, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_RDONLY, .domain = DOMAIN_KERNEL, }, #ifndef CONFIG_ARM_LPAE [MT_MINICLEAN] = { - .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN | PMD_SECT_MINICACHE, -+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN | PMD_SECT_MINICACHE | PMD_SECT_AP_RDONLY, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_MINICACHE | PMD_SECT_RDONLY, .domain = DOMAIN_KERNEL, }, #endif -@@ -258,8 +258,26 @@ static struct mem_type mem_types[] = { +@@ -244,36 +269,54 @@ static struct mem_type mem_types[] = { + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | + L_PTE_RDONLY, + .prot_l1 = PMD_TYPE_TABLE, +- .domain = DOMAIN_USER, ++ .domain = DOMAIN_VECTORS, + }, + [MT_HIGH_VECTORS] = { + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | + L_PTE_USER | L_PTE_RDONLY, + .prot_l1 = PMD_TYPE_TABLE, +- .domain = DOMAIN_USER, ++ .domain = DOMAIN_VECTORS, + }, +- [MT_MEMORY] = { ++ [MT_MEMORY_RWX] = { + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY, + .prot_l1 = PMD_TYPE_TABLE, .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE, .domain = DOMAIN_KERNEL, }, -+ [MT_MEMORY_R] = { -+ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_RDONLY | L_PTE_XN, -+ .prot_l1 = PMD_TYPE_TABLE, -+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_RDONLY | PMD_SECT_XN, -+ .domain = DOMAIN_KERNEL, -+ }, + [MT_MEMORY_RW] = { -+ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | L_PTE_XN, ++ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY, + .prot_l1 = PMD_TYPE_TABLE, -+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE | PMD_SECT_XN, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE, + .domain = DOMAIN_KERNEL, + }, + [MT_MEMORY_RX] = { -+ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_RDONLY, ++ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_KERNEXEC, + .prot_l1 = PMD_TYPE_TABLE, -+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_RDONLY, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_KERNEXEC, + .domain = DOMAIN_KERNEL, + }, [MT_ROM] = { - .prot_sect = PMD_TYPE_SECT, -+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_RDONLY, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_RDONLY, .domain = DOMAIN_KERNEL, }, - [MT_MEMORY_NONCACHED] = { -@@ -273,7 +291,7 @@ static struct mem_type mem_types[] = { +- [MT_MEMORY_NONCACHED] = { ++ [MT_MEMORY_NONCACHED_RW] = { .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | - L_PTE_XN, + L_PTE_MT_BUFFERABLE, + .prot_l1 = PMD_TYPE_TABLE, + .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE, + .domain = DOMAIN_KERNEL, + }, ++ [MT_MEMORY_NONCACHED_RX] = { ++ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_KERNEXEC | ++ L_PTE_MT_BUFFERABLE, ++ .prot_l1 = PMD_TYPE_TABLE, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_KERNEXEC, ++ .domain = DOMAIN_KERNEL, ++ }, + [MT_MEMORY_DTCM] = { +- .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | +- L_PTE_XN, ++ .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY, .prot_l1 = PMD_TYPE_TABLE, - .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN, -+ .prot_sect = PMD_TYPE_SECT | PMD_SECT_XN | PMD_SECT_AP_RDONLY, ++ .prot_sect = PMD_TYPE_SECT | PMD_SECT_RDONLY, .domain = DOMAIN_KERNEL, }, [MT_MEMORY_ITCM] = { -@@ -432,6 +450,8 @@ static void __init build_mem_type_table(void) +@@ -283,10 +326,10 @@ static struct mem_type mem_types[] = { + }, + [MT_MEMORY_SO] = { + .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | +- L_PTE_MT_UNCACHED | L_PTE_XN, ++ L_PTE_MT_UNCACHED, + .prot_l1 = PMD_TYPE_TABLE, + .prot_sect = PMD_TYPE_SECT | PMD_SECT_AP_WRITE | PMD_SECT_S | +- PMD_SECT_UNCACHED | PMD_SECT_XN, ++ PMD_SECT_UNCACHED, + .domain = DOMAIN_KERNEL, + }, + [MT_MEMORY_DMA_READY] = { +@@ -371,9 +414,35 @@ static void __init build_mem_type_table(void) + * to prevent speculative instruction fetches. + */ + mem_types[MT_DEVICE].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_DEVICE].prot_pte |= L_PTE_XN; + mem_types[MT_DEVICE_NONSHARED].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_DEVICE_NONSHARED].prot_pte |= L_PTE_XN; + mem_types[MT_DEVICE_CACHED].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_DEVICE_CACHED].prot_pte |= L_PTE_XN; + mem_types[MT_DEVICE_WC].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_DEVICE_WC].prot_pte |= L_PTE_XN; ++ ++ /* Mark other regions on ARMv6+ as execute-never */ ++ ++#ifdef CONFIG_PAX_KERNEXEC ++ mem_types[MT_UNCACHED].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_UNCACHED].prot_pte |= L_PTE_XN; ++ mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_CACHECLEAN].prot_pte |= L_PTE_XN; ++#ifndef CONFIG_ARM_LPAE ++ mem_types[MT_MINICLEAN].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_MINICLEAN].prot_pte |= L_PTE_XN; ++#endif ++ mem_types[MT_MEMORY_RW].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_MEMORY_RW].prot_pte |= L_PTE_XN; ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_pte |= PMD_SECT_XN; ++ mem_types[MT_MEMORY_DTCM].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_MEMORY_DTCM].prot_pte |= L_PTE_XN; ++#endif ++ ++ mem_types[MT_MEMORY_SO].prot_sect |= PMD_SECT_XN; ++ mem_types[MT_MEMORY_SO].prot_pte |= L_PTE_XN; + } + if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) { + /* +@@ -432,6 +501,9 @@ static void __init build_mem_type_table(void) * from SVC mode and no access from userspace. */ mem_types[MT_ROM].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; ++#ifdef CONFIG_PAX_KERNEXEC + mem_types[MT_MEMORY_RX].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; -+ mem_types[MT_MEMORY_R].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; ++#endif mem_types[MT_MINICLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; #endif -@@ -450,6 +470,12 @@ static void __init build_mem_type_table(void) +@@ -448,11 +520,17 @@ static void __init build_mem_type_table(void) + mem_types[MT_DEVICE_WC].prot_pte |= L_PTE_SHARED; + mem_types[MT_DEVICE_CACHED].prot_sect |= PMD_SECT_S; mem_types[MT_DEVICE_CACHED].prot_pte |= L_PTE_SHARED; - mem_types[MT_MEMORY].prot_sect |= PMD_SECT_S; - mem_types[MT_MEMORY].prot_pte |= L_PTE_SHARED; -+ mem_types[MT_MEMORY_R].prot_sect |= PMD_SECT_S; -+ mem_types[MT_MEMORY_R].prot_pte |= L_PTE_SHARED; +- mem_types[MT_MEMORY].prot_sect |= PMD_SECT_S; +- mem_types[MT_MEMORY].prot_pte |= L_PTE_SHARED; ++ mem_types[MT_MEMORY_RWX].prot_sect |= PMD_SECT_S; ++ mem_types[MT_MEMORY_RWX].prot_pte |= L_PTE_SHARED; + mem_types[MT_MEMORY_RW].prot_sect |= PMD_SECT_S; + mem_types[MT_MEMORY_RW].prot_pte |= L_PTE_SHARED; + mem_types[MT_MEMORY_RX].prot_sect |= PMD_SECT_S; + mem_types[MT_MEMORY_RX].prot_pte |= L_PTE_SHARED; mem_types[MT_MEMORY_DMA_READY].prot_pte |= L_PTE_SHARED; - mem_types[MT_MEMORY_NONCACHED].prot_sect |= PMD_SECT_S; - mem_types[MT_MEMORY_NONCACHED].prot_pte |= L_PTE_SHARED; -@@ -487,6 +513,8 @@ static void __init build_mem_type_table(void) +- mem_types[MT_MEMORY_NONCACHED].prot_sect |= PMD_SECT_S; +- mem_types[MT_MEMORY_NONCACHED].prot_pte |= L_PTE_SHARED; ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= PMD_SECT_S; ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_pte |= L_PTE_SHARED; ++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |= PMD_SECT_S; ++ mem_types[MT_MEMORY_NONCACHED_RX].prot_pte |= L_PTE_SHARED; + } + } + +@@ -463,15 +541,20 @@ static void __init build_mem_type_table(void) + if (cpu_arch >= CPU_ARCH_ARMv6) { + if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) { + /* Non-cacheable Normal is XCB = 001 */ +- mem_types[MT_MEMORY_NONCACHED].prot_sect |= ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= ++ PMD_SECT_BUFFERED; ++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |= + PMD_SECT_BUFFERED; + } else { + /* For both ARMv6 and non-TEX-remapping ARMv7 */ +- mem_types[MT_MEMORY_NONCACHED].prot_sect |= ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= ++ PMD_SECT_TEX(1); ++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |= + PMD_SECT_TEX(1); + } + } else { +- mem_types[MT_MEMORY_NONCACHED].prot_sect |= PMD_SECT_BUFFERABLE; ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= PMD_SECT_BUFFERABLE; ++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |= PMD_SECT_BUFFERABLE; + } + + #ifdef CONFIG_ARM_LPAE +@@ -487,6 +570,8 @@ static void __init build_mem_type_table(void) vecs_pgprot |= PTE_EXT_AF; #endif @@ -2869,24 +3910,63 @@ index 99b47b9..579b667 100644 for (i = 0; i < 16; i++) { pteval_t v = pgprot_val(protection_map[i]); protection_map[i] = __pgprot(v | user_pgprot); -@@ -503,6 +531,12 @@ static void __init build_mem_type_table(void) +@@ -501,10 +586,15 @@ static void __init build_mem_type_table(void) + + mem_types[MT_LOW_VECTORS].prot_l1 |= ecc_mask; mem_types[MT_HIGH_VECTORS].prot_l1 |= ecc_mask; - mem_types[MT_MEMORY].prot_sect |= ecc_mask | cp->pmd; - mem_types[MT_MEMORY].prot_pte |= kern_pgprot; -+ mem_types[MT_MEMORY_R].prot_sect |= ecc_mask | cp->pmd; -+ mem_types[MT_MEMORY_R].prot_pte |= kern_pgprot; +- mem_types[MT_MEMORY].prot_sect |= ecc_mask | cp->pmd; +- mem_types[MT_MEMORY].prot_pte |= kern_pgprot; ++ mem_types[MT_MEMORY_RWX].prot_sect |= ecc_mask | cp->pmd; ++ mem_types[MT_MEMORY_RWX].prot_pte |= kern_pgprot; + mem_types[MT_MEMORY_RW].prot_sect |= ecc_mask | cp->pmd; + mem_types[MT_MEMORY_RW].prot_pte |= kern_pgprot; + mem_types[MT_MEMORY_RX].prot_sect |= ecc_mask | cp->pmd; + mem_types[MT_MEMORY_RX].prot_pte |= kern_pgprot; mem_types[MT_MEMORY_DMA_READY].prot_pte |= kern_pgprot; - mem_types[MT_MEMORY_NONCACHED].prot_sect |= ecc_mask; +- mem_types[MT_MEMORY_NONCACHED].prot_sect |= ecc_mask; ++ mem_types[MT_MEMORY_NONCACHED_RW].prot_sect |= ecc_mask; ++ mem_types[MT_MEMORY_NONCACHED_RX].prot_sect |= ecc_mask; mem_types[MT_ROM].prot_sect |= cp->pmd; -@@ -1198,7 +1232,41 @@ static void __init map_lowmem(void) + + switch (cp->pmd) { +@@ -1105,18 +1195,15 @@ void __init arm_mm_memblock_reserve(void) + * called function. This means you can't use any function or debugging + * method which may touch any device, otherwise the kernel _will_ crash. + */ ++ ++static char vectors[PAGE_SIZE] __read_only __aligned(PAGE_SIZE); ++ + static void __init devicemaps_init(struct machine_desc *mdesc) + { + struct map_desc map; + unsigned long addr; +- void *vectors; + +- /* +- * Allocate the vector page early. +- */ +- vectors = early_alloc(PAGE_SIZE); +- +- early_trap_init(vectors); ++ early_trap_init(&vectors); + + for (addr = VMALLOC_START; addr; addr += PMD_SIZE) + pmd_clear(pmd_off_k(addr)); +@@ -1156,7 +1243,7 @@ static void __init devicemaps_init(struct machine_desc *mdesc) + * location (0xffff0000). If we aren't using high-vectors, also + * create a mapping at the low-vectors virtual address. + */ +- map.pfn = __phys_to_pfn(virt_to_phys(vectors)); ++ map.pfn = __phys_to_pfn(virt_to_phys(&vectors)); + map.virtual = 0xffff0000; + map.length = PAGE_SIZE; + map.type = MT_HIGH_VECTORS; +@@ -1214,8 +1301,39 @@ static void __init map_lowmem(void) map.pfn = __phys_to_pfn(start); map.virtual = __phys_to_virt(start); map.length = end - start; -+ +- map.type = MT_MEMORY; + +#ifdef CONFIG_PAX_KERNEXEC + if (map.virtual <= (unsigned long)_stext && ((unsigned long)_end < (map.virtual + map.length))) { + struct map_desc kernel; @@ -2896,19 +3976,19 @@ index 99b47b9..579b667 100644 + initmap.pfn = __phys_to_pfn(__pa(__init_begin)); + initmap.virtual = (unsigned long)__init_begin; + initmap.length = _sdata - __init_begin; -+ initmap.type = MT_MEMORY; ++ initmap.type = MT_MEMORY_RWX; + create_mapping(&initmap); + + /* when freeing initmem we will make this RX */ + kernel.pfn = __phys_to_pfn(__pa(_stext)); + kernel.virtual = (unsigned long)_stext; + kernel.length = __init_begin - _stext; -+ kernel.type = MT_MEMORY; ++ kernel.type = MT_MEMORY_RWX; + create_mapping(&kernel); + + if (map.virtual < (unsigned long)_stext) { + map.length = (unsigned long)_stext - map.virtual; -+ map.type = MT_MEMORY; ++ map.type = MT_MEMORY_RWX; + create_mapping(&map); + } + @@ -2916,19 +3996,44 @@ index 99b47b9..579b667 100644 + map.virtual = (unsigned long)_sdata; + map.length = end - __pa(_sdata); + } ++#endif + + map.type = MT_MEMORY_RW; -+#else - map.type = MT_MEMORY; -+#endif - create_mapping(&map); } + } +diff --git a/arch/arm/mm/proc-v7-2level.S b/arch/arm/mm/proc-v7-2level.S +index 6d98c13..3cfb174 100644 +--- a/arch/arm/mm/proc-v7-2level.S ++++ b/arch/arm/mm/proc-v7-2level.S +@@ -99,6 +99,9 @@ ENTRY(cpu_v7_set_pte_ext) + tst r1, #L_PTE_XN + orrne r3, r3, #PTE_EXT_XN + ++ tst r1, #L_PTE_PXN ++ orrne r3, r3, #PTE_EXT_PXN ++ + tst r1, #L_PTE_YOUNG + tstne r1, #L_PTE_VALID + #ifndef CONFIG_CPU_USE_DOMAINS +diff --git a/arch/arm/plat-omap/sram.c b/arch/arm/plat-omap/sram.c +index a5bc92d..0bb4730 100644 +--- a/arch/arm/plat-omap/sram.c ++++ b/arch/arm/plat-omap/sram.c +@@ -93,6 +93,8 @@ void __init omap_map_sram(unsigned long start, unsigned long size, + * Looks like we need to preserve some bootloader code at the + * beginning of SRAM for jumping to flash for reboot to work... + */ ++ pax_open_kernel(); + memset_io(omap_sram_base + omap_sram_skip, 0, + omap_sram_size - omap_sram_skip); ++ pax_close_kernel(); + } diff --git a/arch/arm/plat-orion/include/plat/addr-map.h b/arch/arm/plat-orion/include/plat/addr-map.h -index ec63e4a..62aa5f1d 100644 +index b76c065..b6e766b 100644 --- a/arch/arm/plat-orion/include/plat/addr-map.h +++ b/arch/arm/plat-orion/include/plat/addr-map.h -@@ -26,7 +26,7 @@ struct orion_addr_map_cfg { +@@ -27,7 +27,7 @@ struct orion_addr_map_cfg { value in bridge_virt_base */ void __iomem *(*win_cfg_base) (const struct orion_addr_map_cfg *cfg, const int win); @@ -2950,6 +4055,32 @@ index f5144cd..71f6d1f 100644 extern void *samsung_dmadev_get_ops(void); extern void *s3c_dma_get_ops(void); +diff --git a/arch/arm64/kernel/debug-monitors.c b/arch/arm64/kernel/debug-monitors.c +index 0c3ba9f..95722b3 100644 +--- a/arch/arm64/kernel/debug-monitors.c ++++ b/arch/arm64/kernel/debug-monitors.c +@@ -151,7 +151,7 @@ static int __cpuinit os_lock_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata os_lock_nb = { ++static struct notifier_block os_lock_nb = { + .notifier_call = os_lock_notify, + }; + +diff --git a/arch/arm64/kernel/hw_breakpoint.c b/arch/arm64/kernel/hw_breakpoint.c +index 5ab825c..96aaec8 100644 +--- a/arch/arm64/kernel/hw_breakpoint.c ++++ b/arch/arm64/kernel/hw_breakpoint.c +@@ -831,7 +831,7 @@ static int __cpuinit hw_breakpoint_reset_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata hw_breakpoint_reset_nb = { ++static struct notifier_block hw_breakpoint_reset_nb = { + .notifier_call = hw_breakpoint_reset_notify, + }; + diff --git a/arch/avr32/include/asm/cache.h b/arch/avr32/include/asm/cache.h index c3a58a1..78fbf54 100644 --- a/arch/avr32/include/asm/cache.h @@ -3414,6 +4545,32 @@ index 449c8c0..50cdf87 100644 __cu_len; \ }) +diff --git a/arch/ia64/kernel/err_inject.c b/arch/ia64/kernel/err_inject.c +index 2d67317..07d8bfa 100644 +--- a/arch/ia64/kernel/err_inject.c ++++ b/arch/ia64/kernel/err_inject.c +@@ -256,7 +256,7 @@ static int __cpuinit err_inject_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata err_inject_cpu_notifier = ++static struct notifier_block err_inject_cpu_notifier = + { + .notifier_call = err_inject_cpu_callback, + }; +diff --git a/arch/ia64/kernel/mca.c b/arch/ia64/kernel/mca.c +index 65bf9cd..794f06b 100644 +--- a/arch/ia64/kernel/mca.c ++++ b/arch/ia64/kernel/mca.c +@@ -1922,7 +1922,7 @@ static int __cpuinit mca_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block mca_cpu_notifier __cpuinitdata = { ++static struct notifier_block mca_cpu_notifier = { + .notifier_call = mca_cpu_callback + }; + diff --git a/arch/ia64/kernel/module.c b/arch/ia64/kernel/module.c index 24603be..948052d 100644 --- a/arch/ia64/kernel/module.c @@ -3506,6 +4663,32 @@ index 24603be..948052d 100644 mod->arch.gp = gp; DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp); } +diff --git a/arch/ia64/kernel/palinfo.c b/arch/ia64/kernel/palinfo.c +index 77597e5..6f28f3f 100644 +--- a/arch/ia64/kernel/palinfo.c ++++ b/arch/ia64/kernel/palinfo.c +@@ -1045,7 +1045,7 @@ static int __cpuinit palinfo_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata palinfo_cpu_notifier = ++static struct notifier_block palinfo_cpu_notifier = + { + .notifier_call = palinfo_cpu_callback, + .priority = 0, +diff --git a/arch/ia64/kernel/salinfo.c b/arch/ia64/kernel/salinfo.c +index 79802e5..1a89ec5 100644 +--- a/arch/ia64/kernel/salinfo.c ++++ b/arch/ia64/kernel/salinfo.c +@@ -616,7 +616,7 @@ salinfo_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu + return NOTIFY_OK; + } + +-static struct notifier_block salinfo_cpu_notifier __cpuinitdata = ++static struct notifier_block salinfo_cpu_notifier = + { + .notifier_call = salinfo_cpu_callback, + .priority = 0, diff --git a/arch/ia64/kernel/sys_ia64.c b/arch/ia64/kernel/sys_ia64.c index d9439ef..d0cac6b 100644 --- a/arch/ia64/kernel/sys_ia64.c @@ -3551,7 +4734,7 @@ index d9439ef..d0cac6b 100644 mm->free_area_cache = addr + len; return addr; diff --git a/arch/ia64/kernel/topology.c b/arch/ia64/kernel/topology.c -index c64460b..4d250a6 100644 +index dc00b2c..cce53c2 100644 --- a/arch/ia64/kernel/topology.c +++ b/arch/ia64/kernel/topology.c @@ -445,7 +445,7 @@ static int __cpuinit cache_cpu_callback(struct notifier_block *nfb, @@ -3649,7 +4832,7 @@ index 5ca674b..127c3cb 100644 addr = ALIGN(vmm->vm_end, HPAGE_SIZE); } diff --git a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c -index 082e383..fb7be80 100644 +index b755ea9..b9a969e 100644 --- a/arch/ia64/mm/init.c +++ b/arch/ia64/mm/init.c @@ -120,6 +120,19 @@ ia64_init_addr_space (void) @@ -3834,10 +5017,10 @@ index c1f6afa..38cc6e9 100644 #endif /* _ASM_EXEC_H */ diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h -index da9bd7d..91aa7ab 100644 +index dbaec94..6a14935 100644 --- a/arch/mips/include/asm/page.h +++ b/arch/mips/include/asm/page.h -@@ -98,7 +98,7 @@ extern void copy_user_highpage(struct page *to, struct page *from, +@@ -96,7 +96,7 @@ extern void copy_user_highpage(struct page *to, struct page *from, #ifdef CONFIG_CPU_MIPS32 typedef struct { unsigned long pte_low, pte_high; } pte_t; #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32)) @@ -3863,10 +5046,10 @@ index 881d18b..cea38bc 100644 /* diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h -index 18806a5..141ffcf 100644 +index b2050b9..d71bb1b 100644 --- a/arch/mips/include/asm/thread_info.h +++ b/arch/mips/include/asm/thread_info.h -@@ -110,6 +110,8 @@ register struct thread_info *__current_thread_info __asm__("$28"); +@@ -111,6 +111,8 @@ register struct thread_info *__current_thread_info __asm__("$28"); #define TIF_32BIT_ADDR 23 /* 32-bit address space (o32/n32) */ #define TIF_FPUBOUND 24 /* thread bound to FPU-full CPU set */ #define TIF_LOAD_WATCH 25 /* If set, load watch registers */ @@ -3875,7 +5058,7 @@ index 18806a5..141ffcf 100644 #define TIF_SYSCALL_TRACE 31 /* syscall trace active */ #define _TIF_SYSCALL_TRACE (1<<TIF_SYSCALL_TRACE) -@@ -125,15 +127,18 @@ register struct thread_info *__current_thread_info __asm__("$28"); +@@ -126,15 +128,18 @@ register struct thread_info *__current_thread_info __asm__("$28"); #define _TIF_32BIT_ADDR (1<<TIF_32BIT_ADDR) #define _TIF_FPUBOUND (1<<TIF_FPUBOUND) #define _TIF_LOAD_WATCH (1<<TIF_LOAD_WATCH) @@ -3933,10 +5116,10 @@ index ff44823..97f8906 100644 /* diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c -index 69b17a9..9db82f9 100644 +index a11c6f9..be5e164 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c -@@ -478,15 +478,3 @@ unsigned long get_wchan(struct task_struct *task) +@@ -460,15 +460,3 @@ unsigned long get_wchan(struct task_struct *task) out: return pc; } @@ -3980,7 +5163,7 @@ index 4812c6d..2069554 100644 goto out; diff --git a/arch/mips/kernel/scall32-o32.S b/arch/mips/kernel/scall32-o32.S -index 374f66e..1c882a0 100644 +index d20a4bc..7096ae5 100644 --- a/arch/mips/kernel/scall32-o32.S +++ b/arch/mips/kernel/scall32-o32.S @@ -52,7 +52,7 @@ NESTED(handle_sys, PT_SIZE, sp) @@ -3993,7 +5176,7 @@ index 374f66e..1c882a0 100644 bnez t0, syscall_trace_entry # -> yes diff --git a/arch/mips/kernel/scall64-64.S b/arch/mips/kernel/scall64-64.S -index 169de6a..f594a89 100644 +index b64f642..0fe6eab 100644 --- a/arch/mips/kernel/scall64-64.S +++ b/arch/mips/kernel/scall64-64.S @@ -54,7 +54,7 @@ NESTED(handle_sys64, PT_SIZE, sp) @@ -4006,10 +5189,10 @@ index 169de6a..f594a89 100644 and t0, t1, t0 bnez t0, syscall_trace_entry diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S -index 86ec03f..1235baf 100644 +index c29ac19..c592d05 100644 --- a/arch/mips/kernel/scall64-n32.S +++ b/arch/mips/kernel/scall64-n32.S -@@ -53,7 +53,7 @@ NESTED(handle_sysn32, PT_SIZE, sp) +@@ -47,7 +47,7 @@ NESTED(handle_sysn32, PT_SIZE, sp) sd a3, PT_R26(sp) # save a3 for syscall restarting @@ -4019,7 +5202,7 @@ index 86ec03f..1235baf 100644 and t0, t1, t0 bnez t0, n32_syscall_trace_entry diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S -index 53c2d72..3734584 100644 +index cf3e75e..72e93fe 100644 --- a/arch/mips/kernel/scall64-o32.S +++ b/arch/mips/kernel/scall64-o32.S @@ -81,7 +81,7 @@ NESTED(handle_sys, PT_SIZE, sp) @@ -4060,18 +5243,18 @@ index ddcec1e..c7f983e 100644 * This routine handles page faults. It determines the address, * and the problem, and then passes it off to one of the appropriate diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c -index 302d779..6459dc0 100644 +index 7e5fe27..479a219 100644 --- a/arch/mips/mm/mmap.c +++ b/arch/mips/mm/mmap.c -@@ -71,6 +71,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, +@@ -59,6 +59,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, struct vm_area_struct *vma; unsigned long addr = addr0; int do_color_align; + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; if (unlikely(len > TASK_SIZE)) - return -ENOMEM; -@@ -95,6 +96,11 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, +@@ -84,6 +85,11 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, do_color_align = 1; /* requesting a specific address */ @@ -4083,7 +5266,7 @@ index 302d779..6459dc0 100644 if (addr) { if (do_color_align) addr = COLOUR_ALIGN(addr, pgoff); -@@ -102,8 +108,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, +@@ -91,8 +97,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -4093,70 +5276,18 @@ index 302d779..6459dc0 100644 return addr; } -@@ -118,7 +123,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, - /* At this point: (!vma || addr < vma->vm_end). */ - if (TASK_SIZE - len < addr) - return -ENOMEM; -- if (!vma || addr + len <= vma->vm_start) -+ if (check_heap_stack_gap(vmm, addr, len, offset)) - return addr; - addr = vma->vm_end; - if (do_color_align) -@@ -145,7 +150,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, - /* make sure it can fit in the remaining address space */ - if (likely(addr > len)) { - vma = find_vma(mm, addr - len); -- if (!vma || addr <= vma->vm_start) { -+ if (check_heap_stack_gap(vmm, addr - len, len, offset)) - /* cache the address as a hint for next time */ - return mm->free_area_cache = addr - len; - } -@@ -155,17 +160,17 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, - goto bottomup; - - addr = mm->mmap_base - len; -- if (do_color_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); - - do { -+ if (do_color_align) -+ addr = COLOUR_ALIGN_DOWN(addr, pgoff); - /* - * Lookup failure means no vma is above this address, - * else if new region fits below vma->vm_start, - * return with success: - */ - vma = find_vma(mm, addr); -- if (likely(!vma || addr + len <= vma->vm_start)) { -+ if (check_heap_stack_gap(vmm, addr, len, offset)) { - /* cache the address as a hint for next time */ - return mm->free_area_cache = addr; - } -@@ -175,10 +180,8 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, - mm->cached_hole_size = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = vma->vm_start - len; -- if (do_color_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); -- } while (likely(len < vma->vm_start)); -+ addr = skip_heap_stack_gap(vma, len, offset); -+ } while (!IS_ERR_VALUE(addr)); - - bottomup: - /* -@@ -223,6 +226,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -146,6 +151,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) { unsigned long random_factor = 0UL; +#ifdef CONFIG_PAX_RANDMMAP -+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP)) ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) +#endif + if (current->flags & PF_RANDOMIZE) { random_factor = get_random_int(); random_factor = random_factor << PAGE_SHIFT; -@@ -234,38 +241,23 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -157,42 +166,27 @@ void arch_pick_mmap_layout(struct mm_struct *mm) if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; @@ -4180,7 +5311,7 @@ index 302d779..6459dc0 100644 mm->unmap_area = arch_unmap_area_topdown; } } -- + -static inline unsigned long brk_rnd(void) -{ - unsigned long rnd = get_random_int(); @@ -4207,6 +5338,10 @@ index 302d779..6459dc0 100644 - - return ret; -} +- + int __virt_addr_valid(const volatile void *kaddr) + { + return pfn_valid(PFN_DOWN(virt_to_phys(kaddr))); diff --git a/arch/mn10300/proc-mn103e010/include/proc/cache.h b/arch/mn10300/proc-mn103e010/include/proc/cache.h index 967d144..db12197 100644 --- a/arch/mn10300/proc-mn103e010/include/proc/cache.h @@ -4398,7 +5533,7 @@ index 4ba2c93..f5e3974 100644 else copy_from_user_overflow(); diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c -index 5e34ccf..672bc9c 100644 +index 2a625fb..9908930 100644 --- a/arch/parisc/kernel/module.c +++ b/arch/parisc/kernel/module.c @@ -98,16 +98,38 @@ @@ -4444,7 +5579,7 @@ index 5e34ccf..672bc9c 100644 } static inline int in_local(struct module *me, void *loc) -@@ -373,13 +395,13 @@ int module_frob_arch_sections(CONST Elf_Ehdr *hdr, +@@ -371,13 +393,13 @@ int module_frob_arch_sections(CONST Elf_Ehdr *hdr, } /* align things a bit */ @@ -4464,7 +5599,7 @@ index 5e34ccf..672bc9c 100644 me->arch.got_max = gots; me->arch.fdesc_max = fdescs; -@@ -397,7 +419,7 @@ static Elf64_Word get_got(struct module *me, unsigned long value, long addend) +@@ -395,7 +417,7 @@ static Elf64_Word get_got(struct module *me, unsigned long value, long addend) BUG_ON(value == 0); @@ -4473,7 +5608,7 @@ index 5e34ccf..672bc9c 100644 for (i = 0; got[i].addr; i++) if (got[i].addr == value) goto out; -@@ -415,7 +437,7 @@ static Elf64_Word get_got(struct module *me, unsigned long value, long addend) +@@ -413,7 +435,7 @@ static Elf64_Word get_got(struct module *me, unsigned long value, long addend) #ifdef CONFIG_64BIT static Elf_Addr get_fdesc(struct module *me, unsigned long value) { @@ -4482,7 +5617,7 @@ index 5e34ccf..672bc9c 100644 if (!value) { printk(KERN_ERR "%s: zero OPD requested!\n", me->name); -@@ -433,7 +455,7 @@ static Elf_Addr get_fdesc(struct module *me, unsigned long value) +@@ -431,7 +453,7 @@ static Elf_Addr get_fdesc(struct module *me, unsigned long value) /* Create new one */ fdesc->addr = value; @@ -4491,7 +5626,7 @@ index 5e34ccf..672bc9c 100644 return (Elf_Addr)fdesc; } #endif /* CONFIG_64BIT */ -@@ -845,7 +867,7 @@ register_unwind_table(struct module *me, +@@ -843,7 +865,7 @@ register_unwind_table(struct module *me, table = (unsigned char *)sechdrs[me->arch.unwind_section].sh_addr; end = table + sechdrs[me->arch.unwind_section].sh_size; @@ -4982,7 +6117,7 @@ index 4aad413..85d86bf 100644 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */ #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */ diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h -index d24c141..b60696e 100644 +index 3d5c9dc..62f8414 100644 --- a/arch/powerpc/include/asm/reg.h +++ b/arch/powerpc/include/asm/reg.h @@ -215,6 +215,7 @@ @@ -5231,10 +6366,10 @@ index 4684e33..acc4d19e 100644 ld r4,_DAR(r1) bl .bad_page_fault diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S -index 10b658a..e542888 100644 +index 4665e82..080ea99 100644 --- a/arch/powerpc/kernel/exceptions-64s.S +++ b/arch/powerpc/kernel/exceptions-64s.S -@@ -1013,10 +1013,10 @@ handle_page_fault: +@@ -1206,10 +1206,10 @@ handle_page_fault: 11: ld r4,_DAR(r1) ld r5,_DSISR(r1) addi r3,r1,STACK_FRAME_OVERHEAD @@ -5280,7 +6415,7 @@ index 2e3200c..72095ce 100644 /* Find this entry, or if that fails, the next avail. entry */ while (entry->jump[0]) { diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c -index ba48233..16ac31d 100644 +index 8143067..21ae55b 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c @@ -680,8 +680,8 @@ void show_regs(struct pt_regs * regs) @@ -5294,7 +6429,7 @@ index ba48233..16ac31d 100644 #endif show_stack(current, (unsigned long *) regs->gpr[1]); if (!user_mode(regs)) -@@ -1175,10 +1175,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1129,10 +1129,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) newsp = stack[0]; ip = stack[STACK_FRAME_LR_SAVE]; if (!firstframe || ip != lr) { @@ -5307,7 +6442,7 @@ index ba48233..16ac31d 100644 (void *)current->ret_stack[curr_frame].ret); curr_frame--; } -@@ -1198,7 +1198,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1152,7 +1152,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) struct pt_regs *regs = (struct pt_regs *) (sp + STACK_FRAME_OVERHEAD); lr = regs->link; @@ -5316,7 +6451,7 @@ index ba48233..16ac31d 100644 regs->trap, (void *)regs->nip, (void *)lr); firstframe = 1; } -@@ -1240,58 +1240,3 @@ void __ppc64_runlatch_off(void) +@@ -1194,58 +1194,3 @@ void __ppc64_runlatch_off(void) mtspr(SPRN_CTRLT, ctrl); } #endif /* CONFIG_PPC64 */ @@ -5376,10 +6511,10 @@ index ba48233..16ac31d 100644 - return ret; -} diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c -index 79d8e56..38ffcbb 100644 +index c497000..8fde506 100644 --- a/arch/powerpc/kernel/ptrace.c +++ b/arch/powerpc/kernel/ptrace.c -@@ -1663,6 +1663,10 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -1737,6 +1737,10 @@ long arch_ptrace(struct task_struct *child, long request, return ret; } @@ -5390,7 +6525,7 @@ index 79d8e56..38ffcbb 100644 /* * We must return the syscall number to actually look up in the table. * This can be -1L to skip running any syscall at all. -@@ -1673,6 +1677,11 @@ long do_syscall_trace_enter(struct pt_regs *regs) +@@ -1747,6 +1751,11 @@ long do_syscall_trace_enter(struct pt_regs *regs) secure_computing_strict(regs->gpr[0]); @@ -5402,7 +6537,7 @@ index 79d8e56..38ffcbb 100644 if (test_thread_flag(TIF_SYSCALL_TRACE) && tracehook_report_syscall_entry(regs)) /* -@@ -1707,6 +1716,11 @@ void do_syscall_trace_leave(struct pt_regs *regs) +@@ -1781,6 +1790,11 @@ void do_syscall_trace_leave(struct pt_regs *regs) { int step; @@ -5428,7 +6563,7 @@ index 804e323..79181c1 100644 goto badframe; regs->link = current->mm->context.vdso_base + vdso32_rt_sigtramp; diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c -index d183f87..1867f1a 100644 +index 1ca045d..139c3f7 100644 --- a/arch/powerpc/kernel/signal_64.c +++ b/arch/powerpc/kernel/signal_64.c @@ -430,7 +430,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info, @@ -5440,6 +6575,19 @@ index d183f87..1867f1a 100644 regs->link = current->mm->context.vdso_base + vdso64_rt_sigtramp; } else { err |= setup_trampoline(__NR_rt_sigreturn, &frame->tramp[0]); +diff --git a/arch/powerpc/kernel/sysfs.c b/arch/powerpc/kernel/sysfs.c +index 3ce1f86..c30e629 100644 +--- a/arch/powerpc/kernel/sysfs.c ++++ b/arch/powerpc/kernel/sysfs.c +@@ -522,7 +522,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata sysfs_cpu_nb = { ++static struct notifier_block sysfs_cpu_nb = { + .notifier_call = sysfs_cpu_notify, + }; + diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c index 3251840..3f7c77a 100644 --- a/arch/powerpc/kernel/traps.c @@ -5529,7 +6677,7 @@ index 5eea6f3..5d10396 100644 EXPORT_SYMBOL(copy_in_user); diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c -index 0a6b283..7674925 100644 +index 3a8489a..6a63b3b 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -32,6 +32,10 @@ @@ -5577,7 +6725,7 @@ index 0a6b283..7674925 100644 /* * Check whether the instruction at regs->nip is a store using * an update addressing form which will update r1. -@@ -216,7 +247,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, +@@ -213,7 +244,7 @@ int __kprobes do_page_fault(struct pt_regs *regs, unsigned long address, * indicate errors in DSISR but can validly be set in SRR1. */ if (trap == 0x400) @@ -5586,7 +6734,7 @@ index 0a6b283..7674925 100644 else is_write = error_code & DSISR_ISSTORE; #else -@@ -367,7 +398,7 @@ good_area: +@@ -364,7 +395,7 @@ good_area: * "undefined". Of those that can be set, this is the only * one which seems bad. */ @@ -5595,7 +6743,7 @@ index 0a6b283..7674925 100644 /* Guarded storage error. */ goto bad_area; #endif /* CONFIG_8xx */ -@@ -382,7 +413,7 @@ good_area: +@@ -379,7 +410,7 @@ good_area: * processors use the same I/D cache coherency mechanism * as embedded. */ @@ -5604,7 +6752,7 @@ index 0a6b283..7674925 100644 goto bad_area; #endif /* CONFIG_PPC_STD_MMU */ -@@ -465,6 +496,23 @@ bad_area: +@@ -462,6 +493,23 @@ bad_area: bad_area_nosemaphore: /* User mode accesses cause a SIGSEGV */ if (user_mode(regs)) { @@ -5629,7 +6777,7 @@ index 0a6b283..7674925 100644 return 0; } diff --git a/arch/powerpc/mm/mmap_64.c b/arch/powerpc/mm/mmap_64.c -index 67a42ed..c16ef80 100644 +index 67a42ed..cd463e0 100644 --- a/arch/powerpc/mm/mmap_64.c +++ b/arch/powerpc/mm/mmap_64.c @@ -57,6 +57,10 @@ static unsigned long mmap_rnd(void) @@ -5637,7 +6785,7 @@ index 67a42ed..c16ef80 100644 unsigned long rnd = 0; +#ifdef CONFIG_PAX_RANDMMAP -+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP)) ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) +#endif + if (current->flags & PF_RANDOMIZE) { @@ -5666,8 +6814,34 @@ index 67a42ed..c16ef80 100644 mm->get_unmapped_area = arch_get_unmapped_area_topdown; mm->unmap_area = arch_unmap_area_topdown; } +diff --git a/arch/powerpc/mm/mmu_context_nohash.c b/arch/powerpc/mm/mmu_context_nohash.c +index e779642..e5bb889 100644 +--- a/arch/powerpc/mm/mmu_context_nohash.c ++++ b/arch/powerpc/mm/mmu_context_nohash.c +@@ -363,7 +363,7 @@ static int __cpuinit mmu_context_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata mmu_context_cpu_nb = { ++static struct notifier_block mmu_context_cpu_nb = { + .notifier_call = mmu_context_cpu_notify, + }; + +diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c +index bba87ca..c346a33 100644 +--- a/arch/powerpc/mm/numa.c ++++ b/arch/powerpc/mm/numa.c +@@ -932,7 +932,7 @@ static void __init *careful_zallocation(int nid, unsigned long size, + return ret; + } + +-static struct notifier_block __cpuinitdata ppc64_numa_nb = { ++static struct notifier_block ppc64_numa_nb = { + .notifier_call = cpu_numa_callback, + .priority = 1 /* Must run before sched domains notifier. */ + }; diff --git a/arch/powerpc/mm/slice.c b/arch/powerpc/mm/slice.c -index 5829d2a..af84242 100644 +index cf9dada..241529f 100644 --- a/arch/powerpc/mm/slice.c +++ b/arch/powerpc/mm/slice.c @@ -103,7 +103,7 @@ static int slice_area_is_free(struct mm_struct *mm, unsigned long addr, @@ -5736,6 +6910,19 @@ index 5829d2a..af84242 100644 /* If hint, make sure it matches our alignment restrictions */ if (!fixed && addr) { addr = _ALIGN_UP(addr, 1ul << pshift); +diff --git a/arch/powerpc/platforms/powermac/smp.c b/arch/powerpc/platforms/powermac/smp.c +index bdb738a..49c9f95 100644 +--- a/arch/powerpc/platforms/powermac/smp.c ++++ b/arch/powerpc/platforms/powermac/smp.c +@@ -885,7 +885,7 @@ static int smp_core99_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata smp_core99_cpu_nb = { ++static struct notifier_block smp_core99_cpu_nb = { + .notifier_call = smp_core99_cpu_notify, + }; + #endif /* CONFIG_HOTPLUG_CPU */ diff --git a/arch/s390/include/asm/atomic.h b/arch/s390/include/asm/atomic.h index c797832..ce575c8 100644 --- a/arch/s390/include/asm/atomic.h @@ -5934,10 +7121,10 @@ index 4610dea..cf0af21 100644 if (r_type == R_390_GOTPC) *(unsigned int *) loc = val; diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c -index cd31ad4..201c5a3 100644 +index 536d645..4a5bd9e 100644 --- a/arch/s390/kernel/process.c +++ b/arch/s390/kernel/process.c -@@ -283,39 +283,3 @@ unsigned long get_wchan(struct task_struct *p) +@@ -250,39 +250,3 @@ unsigned long get_wchan(struct task_struct *p) } return 0; } @@ -6055,10 +7242,10 @@ index f9f3cd5..58ff438 100644 #endif /* _ASM_SCORE_EXEC_H */ diff --git a/arch/score/kernel/process.c b/arch/score/kernel/process.c -index 637970c..0b6556b 100644 +index 7956846..5f37677 100644 --- a/arch/score/kernel/process.c +++ b/arch/score/kernel/process.c -@@ -161,8 +161,3 @@ unsigned long get_wchan(struct task_struct *task) +@@ -134,8 +134,3 @@ unsigned long get_wchan(struct task_struct *task) return task_pt_regs(task)->cp0_epc; } @@ -6084,19 +7271,43 @@ index ef9e555..331bd29 100644 #define __read_mostly __attribute__((__section__(".data..read_mostly"))) +diff --git a/arch/sh/kernel/cpu/sh4a/smp-shx3.c b/arch/sh/kernel/cpu/sh4a/smp-shx3.c +index 03f2b55..b027032 100644 +--- a/arch/sh/kernel/cpu/sh4a/smp-shx3.c ++++ b/arch/sh/kernel/cpu/sh4a/smp-shx3.c +@@ -143,7 +143,7 @@ shx3_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu) + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata shx3_cpu_notifier = { ++static struct notifier_block shx3_cpu_notifier = { + .notifier_call = shx3_cpu_callback, + }; + diff --git a/arch/sh/mm/mmap.c b/arch/sh/mm/mmap.c -index afeb710..e8366ef 100644 +index 6777177..cb5e44f 100644 --- a/arch/sh/mm/mmap.c +++ b/arch/sh/mm/mmap.c -@@ -49,6 +49,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -36,6 +36,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, + struct mm_struct *mm = current->mm; struct vm_area_struct *vma; - unsigned long start_addr; int do_colour_align; + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; if (flags & MAP_FIXED) { - /* We do not accept a shared mapping if it would violate -@@ -74,8 +75,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -55,6 +56,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, + if (filp || (flags & MAP_SHARED)) + do_colour_align = 1; + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ + if (addr) { + if (do_colour_align) + addr = COLOUR_ALIGN(addr, pgoff); +@@ -62,14 +67,13 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -6106,24 +7317,33 @@ index afeb710..e8366ef 100644 return addr; } -@@ -106,7 +106,7 @@ full_search: - } - return -ENOMEM; - } -- if (likely(!vma || addr + len <= vma->vm_start)) { -+ if (likely(check_heap_stack_gap(vma, addr, len, offset))) { - /* - * Remember the place where we stopped the search: - */ -@@ -131,6 +131,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + info.flags = 0; + info.length = len; +- info.low_limit = TASK_UNMAPPED_BASE; ++ info.low_limit = mm->mmap_base; + info.high_limit = TASK_SIZE; + info.align_mask = do_colour_align ? (PAGE_MASK & shm_align_mask) : 0; + info.align_offset = pgoff << PAGE_SHIFT; +@@ -85,6 +89,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, struct mm_struct *mm = current->mm; unsigned long addr = addr0; int do_colour_align; + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; if (flags & MAP_FIXED) { - /* We do not accept a shared mapping if it would violate -@@ -157,8 +158,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -104,6 +109,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + if (filp || (flags & MAP_SHARED)) + do_colour_align = 1; + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ + /* requesting a specific address */ + if (addr) { + if (do_colour_align) +@@ -112,8 +121,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -6133,51 +7353,19 @@ index afeb710..e8366ef 100644 return addr; } -@@ -179,7 +179,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - /* make sure it can fit in the remaining address space */ - if (likely(addr > len)) { - vma = find_vma(mm, addr-len); -- if (!vma || addr <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr - len, len, offset)) { - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr-len); - } -@@ -188,18 +188,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - if (unlikely(mm->mmap_base < len)) - goto bottomup; - -- addr = mm->mmap_base-len; -- if (do_colour_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); -+ addr = mm->mmap_base - len; - - do { -+ if (do_colour_align) -+ addr = COLOUR_ALIGN_DOWN(addr, pgoff); - /* - * Lookup failure means no vma is above this address, - * else if new region fits below vma->vm_start, - * return with success: - */ - vma = find_vma(mm, addr); -- if (likely(!vma || addr+len <= vma->vm_start)) { -+ if (likely(check_heap_stack_gap(vma, addr, len, offset))) { - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr); - } -@@ -209,10 +209,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - mm->cached_hole_size = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = vma->vm_start-len; -- if (do_colour_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); -- } while (likely(len < vma->vm_start)); -+ addr = skip_heap_stack_gap(vma, len, offset); -+ } while (!IS_ERR_VALUE(addr)); - - bottomup: - /* +@@ -135,6 +143,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = TASK_UNMAPPED_BASE; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = TASK_SIZE; + addr = vm_unmapped_area(&info); + } diff --git a/arch/sparc/include/asm/atomic_64.h b/arch/sparc/include/asm/atomic_64.h index be56a24..443328f 100644 --- a/arch/sparc/include/asm/atomic_64.h @@ -6616,7 +7804,7 @@ index 25849ae..924c54b 100644 /* diff --git a/arch/sparc/include/asm/thread_info_64.h b/arch/sparc/include/asm/thread_info_64.h -index a3fe4dc..cae132a 100644 +index 269bd92..e46a9b8 100644 --- a/arch/sparc/include/asm/thread_info_64.h +++ b/arch/sparc/include/asm/thread_info_64.h @@ -63,6 +63,8 @@ struct thread_info { @@ -6628,7 +7816,7 @@ index a3fe4dc..cae132a 100644 unsigned long fpregs[0] __attribute__ ((aligned(64))); }; -@@ -193,10 +195,11 @@ register struct thread_info *current_thread_info_reg asm("g6"); +@@ -192,10 +194,11 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define TIF_UNALIGNED 5 /* allowed to do unaligned accesses */ /* flag bit 6 is available */ #define TIF_32BIT 7 /* 32-bit binary */ @@ -6641,7 +7829,7 @@ index a3fe4dc..cae132a 100644 /* NOTE: Thread flags >= 12 should be ones we have no interest * in using in assembly, else we can't use the mask as * an immediate value in instructions such as andcc. -@@ -215,12 +218,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); +@@ -214,12 +217,18 @@ register struct thread_info *current_thread_info_reg asm("g6"); #define _TIF_SYSCALL_AUDIT (1<<TIF_SYSCALL_AUDIT) #define _TIF_SYSCALL_TRACEPOINT (1<<TIF_SYSCALL_TRACEPOINT) #define _TIF_POLLING_NRFLAG (1<<TIF_POLLING_NRFLAG) @@ -6734,7 +7922,7 @@ index 53a28dd..50c38c3 100644 } diff --git a/arch/sparc/include/asm/uaccess_64.h b/arch/sparc/include/asm/uaccess_64.h -index 73083e1..2bc62a6 100644 +index e562d3c..191f176 100644 --- a/arch/sparc/include/asm/uaccess_64.h +++ b/arch/sparc/include/asm/uaccess_64.h @@ -10,6 +10,7 @@ @@ -6793,7 +7981,7 @@ index 6cf591b..b49e65a 100644 extra-y := head_$(BITS).o diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c -index 487bffb..955a925 100644 +index be8e862..5b50b12 100644 --- a/arch/sparc/kernel/process_32.c +++ b/arch/sparc/kernel/process_32.c @@ -126,14 +126,14 @@ void show_regs(struct pt_regs *r) @@ -6823,7 +8011,7 @@ index 487bffb..955a925 100644 } while (++count < 16); printk("\n"); diff --git a/arch/sparc/kernel/process_64.c b/arch/sparc/kernel/process_64.c -index c6e0c29..052832b 100644 +index cdb80b2..5ca141d 100644 --- a/arch/sparc/kernel/process_64.c +++ b/arch/sparc/kernel/process_64.c @@ -181,14 +181,14 @@ static void show_regwindow(struct pt_regs *regs) @@ -6901,44 +8089,28 @@ index 7ff45e4..a58f271 100644 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/sparc/kernel/sys_sparc_32.c b/arch/sparc/kernel/sys_sparc_32.c -index 0c9b31b..55a8ba6 100644 +index 2da0bdc..79128d2 100644 --- a/arch/sparc/kernel/sys_sparc_32.c +++ b/arch/sparc/kernel/sys_sparc_32.c -@@ -39,6 +39,7 @@ asmlinkage unsigned long sys_getpagesize(void) - unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsigned long len, unsigned long pgoff, unsigned long flags) - { - struct vm_area_struct * vmm; -+ unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags); - - if (flags & MAP_FIXED) { - /* We do not accept a shared mapping if it would violate -@@ -54,7 +55,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi +@@ -52,7 +52,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi if (len > TASK_SIZE - PAGE_SIZE) return -ENOMEM; if (!addr) - addr = TASK_UNMAPPED_BASE; + addr = current->mm->mmap_base; - if (flags & MAP_SHARED) - addr = COLOUR_ALIGN(addr); -@@ -65,7 +66,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi - /* At this point: (!vmm || addr < vmm->vm_end). */ - if (TASK_SIZE - PAGE_SIZE - len < addr) - return -ENOMEM; -- if (!vmm || addr + len <= vmm->vm_start) -+ if (check_heap_stack_gap(vmm, addr, len, offset)) - return addr; - addr = vmm->vm_end; - if (flags & MAP_SHARED) + info.flags = 0; + info.length = len; diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c -index 878ef3d..f100719 100644 +index 708bc29..f0129cb 100644 --- a/arch/sparc/kernel/sys_sparc_64.c +++ b/arch/sparc/kernel/sys_sparc_64.c -@@ -102,12 +102,13 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi +@@ -90,13 +90,14 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi + struct vm_area_struct * vma; unsigned long task_size = TASK_SIZE; - unsigned long start_addr; int do_color_align; + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; if (flags & MAP_FIXED) { /* We do not accept a shared mapping if it would violate @@ -6949,7 +8121,7 @@ index 878ef3d..f100719 100644 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1))) return -EINVAL; return addr; -@@ -122,6 +123,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi +@@ -111,6 +112,10 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi if (filp || (flags & MAP_SHARED)) do_color_align = 1; @@ -6959,8 +8131,8 @@ index 878ef3d..f100719 100644 + if (addr) { if (do_color_align) - addr = COLOUR_ALIGN(addr, pgoff); -@@ -129,15 +134,14 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi + addr = COLOR_ALIGN(addr, pgoff); +@@ -118,14 +123,13 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -6970,42 +8142,35 @@ index 878ef3d..f100719 100644 return addr; } - if (len > mm->cached_hole_size) { -- start_addr = addr = mm->free_area_cache; -+ start_addr = addr = mm->free_area_cache; - } else { -- start_addr = addr = TASK_UNMAPPED_BASE; -+ start_addr = addr = mm->mmap_base; - mm->cached_hole_size = 0; + info.flags = 0; + info.length = len; +- info.low_limit = TASK_UNMAPPED_BASE; ++ info.low_limit = mm->mmap_base; + info.high_limit = min(task_size, VA_EXCLUDE_START); + info.align_mask = do_color_align ? (PAGE_MASK & (SHMLBA - 1)) : 0; + info.align_offset = pgoff << PAGE_SHIFT; +@@ -134,6 +138,12 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi + if ((addr & ~PAGE_MASK) && task_size > VA_EXCLUDE_END) { + VM_BUG_ON(addr != -ENOMEM); + info.low_limit = VA_EXCLUDE_END; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = task_size; + addr = vm_unmapped_area(&info); } - -@@ -157,14 +161,14 @@ full_search: - vma = find_vma(mm, VA_EXCLUDE_END); - } - if (unlikely(task_size < addr)) { -- if (start_addr != TASK_UNMAPPED_BASE) { -- start_addr = addr = TASK_UNMAPPED_BASE; -+ if (start_addr != mm->mmap_base) { -+ start_addr = addr = mm->mmap_base; - mm->cached_hole_size = 0; - goto full_search; - } - return -ENOMEM; - } -- if (likely(!vma || addr + len <= vma->vm_start)) { -+ if (likely(check_heap_stack_gap(vma, addr, len, offset))) { - /* - * Remember the place where we stopped the search: - */ -@@ -190,6 +194,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -151,6 +161,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, unsigned long task_size = STACK_TOP32; unsigned long addr = addr0; int do_color_align; + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + struct vm_unmapped_area_info info; /* This should only ever run for 32-bit processes. */ - BUG_ON(!test_thread_flag(TIF_32BIT)); -@@ -198,7 +203,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -160,7 +171,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, /* We do not accept a shared mapping if it would violate * cache aliasing constraints. */ @@ -7014,7 +8179,18 @@ index 878ef3d..f100719 100644 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1))) return -EINVAL; return addr; -@@ -219,8 +224,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -173,6 +184,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + if (filp || (flags & MAP_SHARED)) + do_color_align = 1; + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ + /* requesting a specific address */ + if (addr) { + if (do_color_align) +@@ -181,8 +196,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -7024,63 +8200,31 @@ index 878ef3d..f100719 100644 return addr; } -@@ -241,7 +245,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - /* make sure it can fit in the remaining address space */ - if (likely(addr > len)) { - vma = find_vma(mm, addr-len); -- if (!vma || addr <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr - len, len, offset)) { - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr-len); - } -@@ -250,18 +254,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - if (unlikely(mm->mmap_base < len)) - goto bottomup; - -- addr = mm->mmap_base-len; -- if (do_color_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); -+ addr = mm->mmap_base - len; - - do { -+ if (do_color_align) -+ addr = COLOUR_ALIGN_DOWN(addr, pgoff); - /* - * Lookup failure means no vma is above this address, - * else if new region fits below vma->vm_start, - * return with success: - */ - vma = find_vma(mm, addr); -- if (likely(!vma || addr+len <= vma->vm_start)) { -+ if (likely(check_heap_stack_gap(vma, addr, len, offset))) { - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr); - } -@@ -271,10 +275,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - mm->cached_hole_size = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = vma->vm_start-len; -- if (do_color_align) -- addr = COLOUR_ALIGN_DOWN(addr, pgoff); -- } while (likely(len < vma->vm_start)); -+ addr = skip_heap_stack_gap(vma, len, offset); -+ } while (!IS_ERR_VALUE(addr)); - - bottomup: - /* -@@ -348,6 +350,10 @@ static unsigned long mmap_rnd(void) +@@ -204,6 +218,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = TASK_UNMAPPED_BASE; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = STACK_TOP32; + addr = vm_unmapped_area(&info); + } +@@ -264,6 +284,10 @@ static unsigned long mmap_rnd(void) { unsigned long rnd = 0UL; +#ifdef CONFIG_PAX_RANDMMAP -+ if (!(current->mm->pax_flags & MF_PAX_RANDMMAP)) ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) +#endif + if (current->flags & PF_RANDOMIZE) { unsigned long val = get_random_int(); if (test_thread_flag(TIF_32BIT)) -@@ -373,6 +379,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -289,6 +313,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) gap == RLIM_INFINITY || sysctl_legacy_va_layout) { mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; @@ -7093,7 +8237,7 @@ index 878ef3d..f100719 100644 mm->get_unmapped_area = arch_get_unmapped_area; mm->unmap_area = arch_unmap_area; } else { -@@ -385,6 +397,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -301,6 +331,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) gap = (task_size / 6 * 5); mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor); @@ -7107,10 +8251,10 @@ index 878ef3d..f100719 100644 mm->unmap_area = arch_unmap_area_topdown; } diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S -index bf23477..b7425a6 100644 +index e0fed77..604a7e5 100644 --- a/arch/sparc/kernel/syscalls.S +++ b/arch/sparc/kernel/syscalls.S -@@ -62,7 +62,7 @@ sys32_rt_sigreturn: +@@ -58,7 +58,7 @@ sys32_rt_sigreturn: #endif .align 32 1: ldx [%g6 + TI_FLAGS], %l5 @@ -7119,7 +8263,7 @@ index bf23477..b7425a6 100644 be,pt %icc, rtrap nop call syscall_trace_leave -@@ -189,7 +189,7 @@ linux_sparc_syscall32: +@@ -190,7 +190,7 @@ linux_sparc_syscall32: srl %i5, 0, %o5 ! IEU1 srl %i2, 0, %o2 ! IEU0 Group @@ -7128,7 +8272,7 @@ index bf23477..b7425a6 100644 bne,pn %icc, linux_syscall_trace32 ! CTI mov %i0, %l5 ! IEU1 call %l7 ! CTI Group brk forced -@@ -212,7 +212,7 @@ linux_sparc_syscall: +@@ -213,7 +213,7 @@ linux_sparc_syscall: mov %i3, %o3 ! IEU1 mov %i4, %o4 ! IEU0 Group @@ -7137,7 +8281,7 @@ index bf23477..b7425a6 100644 bne,pn %icc, linux_syscall_trace ! CTI Group mov %i0, %l5 ! IEU0 2: call %l7 ! CTI Group brk forced -@@ -228,7 +228,7 @@ ret_sys_call: +@@ -229,7 +229,7 @@ ret_sys_call: cmp %o0, -ERESTART_RESTARTBLOCK bgeu,pn %xcc, 1f @@ -7146,6 +8290,19 @@ index bf23477..b7425a6 100644 ldx [%sp + PTREGS_OFF + PT_V9_TNPC], %l1 ! pc = npc 2: +diff --git a/arch/sparc/kernel/sysfs.c b/arch/sparc/kernel/sysfs.c +index 654e8aa..45f431b 100644 +--- a/arch/sparc/kernel/sysfs.c ++++ b/arch/sparc/kernel/sysfs.c +@@ -266,7 +266,7 @@ static int __cpuinit sysfs_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata sysfs_cpu_nb = { ++static struct notifier_block sysfs_cpu_nb = { + .notifier_call = sysfs_cpu_notify, + }; + diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c index a5785ea..405c5f7 100644 --- a/arch/sparc/kernel/traps_32.c @@ -7180,7 +8337,7 @@ index a5785ea..405c5f7 100644 } diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c -index b66a779..8e8d66c 100644 +index e7ecf15..6520e65 100644 --- a/arch/sparc/kernel/traps_64.c +++ b/arch/sparc/kernel/traps_64.c @@ -76,7 +76,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p) @@ -8434,83 +9591,60 @@ index 097aee7..5ca6697 100644 * load/store/atomic was a write or not, it only says that there * was no match. So in such a case we (carefully) read the diff --git a/arch/sparc/mm/hugetlbpage.c b/arch/sparc/mm/hugetlbpage.c -index f76f83d..ee0d859 100644 +index d2b5944..bd813f2 100644 --- a/arch/sparc/mm/hugetlbpage.c +++ b/arch/sparc/mm/hugetlbpage.c -@@ -34,6 +34,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp, - struct vm_area_struct * vma; - unsigned long task_size = TASK_SIZE; - unsigned long start_addr; -+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); - - if (test_thread_flag(TIF_32BIT)) - task_size = STACK_TOP32; -@@ -67,7 +68,7 @@ full_search: - } - return -ENOMEM; - } -- if (likely(!vma || addr + len <= vma->vm_start)) { -+ if (likely(check_heap_stack_gap(vma, addr, len, offset))) { - /* - * Remember the place where we stopped the search: - */ -@@ -90,6 +91,7 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - struct vm_area_struct *vma; - struct mm_struct *mm = current->mm; - unsigned long addr = addr0; -+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); - - /* This should only ever run for 32-bit processes. */ - BUG_ON(!test_thread_flag(TIF_32BIT)); -@@ -106,7 +108,7 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - /* make sure it can fit in the remaining address space */ - if (likely(addr > len)) { - vma = find_vma(mm, addr-len); -- if (!vma || addr <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr - len, len, offset)) { - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr-len); - } -@@ -115,16 +117,17 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - if (unlikely(mm->mmap_base < len)) - goto bottomup; - -- addr = (mm->mmap_base-len) & HPAGE_MASK; -+ addr = mm->mmap_base - len; - - do { -+ addr &= HPAGE_MASK; - /* - * Lookup failure means no vma is above this address, - * else if new region fits below vma->vm_start, - * return with success: - */ - vma = find_vma(mm, addr); -- if (likely(!vma || addr+len <= vma->vm_start)) { -+ if (likely(check_heap_stack_gap(vma, addr, len, offset))) { - /* remember the address as a hint for next time */ - return (mm->free_area_cache = addr); - } -@@ -134,8 +137,8 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - mm->cached_hole_size = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = (vma->vm_start-len) & HPAGE_MASK; -- } while (likely(len < vma->vm_start)); -+ addr = skip_heap_stack_gap(vma, len, offset); -+ } while (!IS_ERR_VALUE(addr)); - - bottomup: - /* -@@ -163,6 +166,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -38,7 +38,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp, + + info.flags = 0; + info.length = len; +- info.low_limit = TASK_UNMAPPED_BASE; ++ info.low_limit = mm->mmap_base; + info.high_limit = min(task_size, VA_EXCLUDE_START); + info.align_mask = PAGE_MASK & ~HPAGE_MASK; + info.align_offset = 0; +@@ -47,6 +47,12 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *filp, + if ((addr & ~PAGE_MASK) && task_size > VA_EXCLUDE_END) { + VM_BUG_ON(addr != -ENOMEM); + info.low_limit = VA_EXCLUDE_END; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = task_size; + addr = vm_unmapped_area(&info); + } +@@ -85,6 +91,12 @@ hugetlb_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = TASK_UNMAPPED_BASE; ++ ++#ifdef CONFIG_PAX_RANDMMAP ++ if (mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += mm->delta_mmap; ++#endif ++ + info.high_limit = STACK_TOP32; + addr = vm_unmapped_area(&info); + } +@@ -99,6 +111,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, struct mm_struct *mm = current->mm; struct vm_area_struct *vma; unsigned long task_size = TASK_SIZE; -+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); ++ unsigned long offset = gr_rand_threadstack_offset(mm, file, flags); if (test_thread_flag(TIF_32BIT)) task_size = STACK_TOP32; -@@ -181,8 +185,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -114,11 +127,14 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, + return addr; + } + ++#ifdef CONFIG_PAX_RANDMMAP ++ if (!(mm->pax_flags & MF_PAX_RANDMMAP)) ++#endif ++ if (addr) { addr = ALIGN(addr, HPAGE_SIZE); vma = find_vma(mm, addr); @@ -8649,10 +9783,10 @@ index 0032f92..cd151e0 100644 #ifdef CONFIG_64BIT #define set_pud(pudptr, pudval) set_64bit((u64 *) (pudptr), pud_val(pudval)) diff --git a/arch/um/kernel/process.c b/arch/um/kernel/process.c -index b6d699c..df7ac1d 100644 +index b462b13..e7a19aa 100644 --- a/arch/um/kernel/process.c +++ b/arch/um/kernel/process.c -@@ -387,22 +387,6 @@ int singlestepping(void * t) +@@ -386,22 +386,6 @@ int singlestepping(void * t) return 2; } @@ -8693,10 +9827,10 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 46c3bff..b82f26b 100644 +index 225543b..f12405b 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -241,7 +241,7 @@ config X86_HT +@@ -238,7 +238,7 @@ config X86_HT config X86_32_LAZY_GS def_bool y @@ -8705,7 +9839,7 @@ index 46c3bff..b82f26b 100644 config ARCH_HWEIGHT_CFLAGS string -@@ -1033,6 +1033,7 @@ config MICROCODE_OLD_INTERFACE +@@ -1031,6 +1031,7 @@ config MICROCODE_OLD_INTERFACE config X86_MSR tristate "/dev/cpu/*/msr - Model-specific register support" @@ -8713,7 +9847,7 @@ index 46c3bff..b82f26b 100644 ---help--- This device gives privileged processes access to the x86 Model-Specific Registers (MSRs). It is a character device with -@@ -1056,7 +1057,7 @@ choice +@@ -1054,7 +1055,7 @@ choice config NOHIGHMEM bool "off" @@ -8722,7 +9856,7 @@ index 46c3bff..b82f26b 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1093,7 +1094,7 @@ config NOHIGHMEM +@@ -1091,7 +1092,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -8731,7 +9865,7 @@ index 46c3bff..b82f26b 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1147,7 +1148,7 @@ config PAGE_OFFSET +@@ -1145,7 +1146,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -8740,7 +9874,7 @@ index 46c3bff..b82f26b 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1548,6 +1549,7 @@ config SECCOMP +@@ -1546,6 +1547,7 @@ config SECCOMP config CC_STACKPROTECTOR bool "Enable -fstack-protector buffer overflow detection" @@ -8748,7 +9882,7 @@ index 46c3bff..b82f26b 100644 ---help--- This option turns on the -fstack-protector GCC feature. This feature puts, at the beginning of functions, a canary value on -@@ -1605,6 +1607,7 @@ config KEXEC_JUMP +@@ -1603,6 +1605,7 @@ config KEXEC_JUMP config PHYSICAL_START hex "Physical address where the kernel is loaded" if (EXPERT || CRASH_DUMP) default "0x1000000" @@ -8756,7 +9890,7 @@ index 46c3bff..b82f26b 100644 ---help--- This gives the physical address where the kernel is loaded. -@@ -1668,6 +1671,7 @@ config X86_NEED_RELOCS +@@ -1666,6 +1669,7 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" if X86_32 default "0x1000000" @@ -8764,8 +9898,8 @@ index 46c3bff..b82f26b 100644 range 0x2000 0x1000000 ---help--- This value puts the alignment restrictions on physical address -@@ -1699,9 +1703,10 @@ config HOTPLUG_CPU - Say N if you want to disable CPU hotplug. +@@ -1741,9 +1745,10 @@ config DEBUG_HOTPLUG_CPU0 + If unsure, say N. config COMPAT_VDSO - def_bool y @@ -8777,19 +9911,19 @@ index 46c3bff..b82f26b 100644 Map the 32-bit VDSO to the predictable old-style address too. diff --git a/arch/x86/Kconfig.cpu b/arch/x86/Kconfig.cpu -index f3b86d0..17fd30f 100644 +index c026cca..14657ae 100644 --- a/arch/x86/Kconfig.cpu +++ b/arch/x86/Kconfig.cpu -@@ -335,7 +335,7 @@ config X86_PPRO_FENCE +@@ -319,7 +319,7 @@ config X86_PPRO_FENCE config X86_F00F_BUG def_bool y -- depends on M586MMX || M586TSC || M586 || M486 || M386 -+ depends on (M586MMX || M586TSC || M586 || M486 || M386) && !PAX_KERNEXEC +- depends on M586MMX || M586TSC || M586 || M486 ++ depends on (M586MMX || M586TSC || M586 || M486) && !PAX_KERNEXEC config X86_INVD_BUG def_bool y -@@ -359,7 +359,7 @@ config X86_POPAD_OK +@@ -327,7 +327,7 @@ config X86_INVD_BUG config X86_ALIGNMENT_16 def_bool y @@ -8798,7 +9932,7 @@ index f3b86d0..17fd30f 100644 config X86_INTEL_USERCOPY def_bool y -@@ -405,7 +405,7 @@ config X86_CMPXCHG64 +@@ -373,7 +373,7 @@ config X86_CMPXCHG64 # generates cmov. config X86_CMOV def_bool y @@ -8839,7 +9973,7 @@ index b322f12..652d0d9 100644 Enabling this option turns a certain set of sanity checks for user copy operations into compile time failures. diff --git a/arch/x86/Makefile b/arch/x86/Makefile -index 05afcca..b6ecb51 100644 +index e71fc42..7829607 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile @@ -50,6 +50,7 @@ else @@ -8850,7 +9984,7 @@ index 05afcca..b6ecb51 100644 KBUILD_AFLAGS += -m64 KBUILD_CFLAGS += -m64 -@@ -229,3 +230,12 @@ define archhelp +@@ -230,3 +231,12 @@ define archhelp echo ' FDARGS="..." arguments for the booted kernel' echo ' FDINITRD=file initrd for the booted kernel' endef @@ -8864,7 +9998,7 @@ index 05afcca..b6ecb51 100644 +archprepare: + $(if $(LDFLAGS_BUILD_ID),,$(error $(OLD_LD))) diff --git a/arch/x86/boot/Makefile b/arch/x86/boot/Makefile -index ccce0ed..fd9da25 100644 +index 379814b..add62ce 100644 --- a/arch/x86/boot/Makefile +++ b/arch/x86/boot/Makefile @@ -65,6 +65,9 @@ KBUILD_CFLAGS := $(USERINCLUDE) -g -Os -D_SETUP -D__KERNEL__ \ @@ -8936,10 +10070,10 @@ index 8a84501..b2d165f 100644 KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ GCOV_PROFILE := n diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index ccae7e2..8ac70be 100644 +index f8fa411..c570c53 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c -@@ -144,7 +144,6 @@ again: +@@ -145,7 +145,6 @@ again: *addr = max_addr; } @@ -8947,7 +10081,7 @@ index ccae7e2..8ac70be 100644 efi_call_phys1(sys_table->boottime->free_pool, map); fail: -@@ -208,7 +207,6 @@ static efi_status_t low_alloc(unsigned long size, unsigned long align, +@@ -209,7 +208,6 @@ static efi_status_t low_alloc(unsigned long size, unsigned long align, if (i == map_size / desc_size) status = EFI_NOT_FOUND; @@ -8956,7 +10090,7 @@ index ccae7e2..8ac70be 100644 fail: return status; diff --git a/arch/x86/boot/compressed/head_32.S b/arch/x86/boot/compressed/head_32.S -index ccb2f4a..e49b20e 100644 +index 1e3184f..0d11e2e 100644 --- a/arch/x86/boot/compressed/head_32.S +++ b/arch/x86/boot/compressed/head_32.S @@ -118,7 +118,7 @@ preferred_addr: @@ -8988,7 +10122,7 @@ index ccb2f4a..e49b20e 100644 jmp 1b 2: diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S -index 2c4b171..e1fa5b1 100644 +index f5d1aaa..cce11dc 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S @@ -91,7 +91,7 @@ ENTRY(startup_32) @@ -9131,10 +10265,10 @@ index 4d3ff03..e4972ff 100644 err = check_flags(); } diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S -index 8c132a6..13e5c96 100644 +index 944ce59..87ee37a 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S -@@ -387,10 +387,14 @@ setup_data: .quad 0 # 64-bit physical pointer to +@@ -401,10 +401,14 @@ setup_data: .quad 0 # 64-bit physical pointer to # single linked list of # struct setup_data @@ -9515,7 +10649,7 @@ index 0b33743..7a56206 100644 + pax_force_retaddr 0, 1 ret; diff --git a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S -index a41a3aa..bdf5753 100644 +index 15b00ac..2071784 100644 --- a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S @@ -23,6 +23,8 @@ @@ -9526,33 +10660,55 @@ index a41a3aa..bdf5753 100644 + .file "cast5-avx-x86_64-asm_64.S" - .extern cast5_s1 -@@ -293,6 +295,7 @@ __skip_enc: - leaq 3*(2*4*4)(%r11), %rax; - outunpack_blocks(%rax, RR4, RL4, RTMP, RX, RKM); + .extern cast_s1 +@@ -281,6 +283,7 @@ __skip_enc: + outunpack_blocks(RR3, RL3, RTMP, RX, RKM); + outunpack_blocks(RR4, RL4, RTMP, RX, RKM); + pax_force_retaddr 0, 1 ret; - __enc_xor16: -@@ -303,6 +306,7 @@ __enc_xor16: - leaq 3*(2*4*4)(%r11), %rax; - outunpack_xor_blocks(%rax, RR4, RL4, RTMP, RX, RKM); + .align 16 +@@ -353,6 +356,7 @@ __dec_tail: + outunpack_blocks(RR3, RL3, RTMP, RX, RKM); + outunpack_blocks(RR4, RL4, RTMP, RX, RKM); + pax_force_retaddr 0, 1 ret; + __skip_dec: +@@ -392,6 +396,7 @@ cast5_ecb_enc_16way: + vmovdqu RR4, (6*4*4)(%r11); + vmovdqu RL4, (7*4*4)(%r11); + ++ pax_force_retaddr + ret; + .align 16 -@@ -369,6 +373,7 @@ __dec_tail: - leaq 3*(2*4*4)(%r11), %rax; - outunpack_blocks(%rax, RR4, RL4, RTMP, RX, RKM); +@@ -427,6 +432,7 @@ cast5_ecb_dec_16way: + vmovdqu RR4, (6*4*4)(%r11); + vmovdqu RL4, (7*4*4)(%r11); -+ pax_force_retaddr 0, 1 ++ pax_force_retaddr ret; - __skip_dec: + .align 16 +@@ -479,6 +485,7 @@ cast5_cbc_dec_16way: + + popq %r12; + ++ pax_force_retaddr + ret; + + .align 16 +@@ -555,4 +562,5 @@ cast5_ctr_16way: + + popq %r12; + ++ pax_force_retaddr + ret; diff --git a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S -index 218d283..819e6da 100644 +index 2569d0d..637c289 100644 --- a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S @@ -23,6 +23,8 @@ @@ -9561,29 +10717,54 @@ index 218d283..819e6da 100644 +#include <asm/alternative-asm.h> + - .file "cast6-avx-x86_64-asm_64.S" + #include "glue_helper-asm-avx.S" - .extern cast6_s1 -@@ -324,12 +326,14 @@ __cast6_enc_blk_8way: - outunpack_blocks(%r11, RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM); - outunpack_blocks(%rax, RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM); + .file "cast6-avx-x86_64-asm_64.S" +@@ -294,6 +296,7 @@ __cast6_enc_blk8: + outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM); + outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM); + pax_force_retaddr 0, 1 ret; - __enc_xor8: - outunpack_xor_blocks(%r11, RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM); - outunpack_xor_blocks(%rax, RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM); + .align 8 +@@ -340,6 +343,7 @@ __cast6_dec_blk8: + outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM); + outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM); + pax_force_retaddr 0, 1 ret; - .align 16 -@@ -380,4 +384,5 @@ cast6_dec_blk_8way: - outunpack_blocks(%r11, RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM); - outunpack_blocks(%rax, RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM); + .align 8 +@@ -361,6 +365,7 @@ cast6_ecb_enc_8way: -+ pax_force_retaddr 0, 1 + store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + ++ pax_force_retaddr + ret; + + .align 8 +@@ -382,6 +387,7 @@ cast6_ecb_dec_8way: + + store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + ++ pax_force_retaddr + ret; + + .align 8 +@@ -408,6 +414,7 @@ cast6_cbc_dec_8way: + + popq %r12; + ++ pax_force_retaddr + ret; + + .align 8 +@@ -436,4 +443,5 @@ cast6_ctr_8way: + + popq %r12; + ++ pax_force_retaddr ret; diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S index 6214a9b..1f4fc9a 100644 @@ -9618,7 +10799,7 @@ index 6214a9b..1f4fc9a 100644 + pax_force_retaddr ret diff --git a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S -index 504106b..4e50951 100644 +index 02b0e9f..cf4cf5c 100644 --- a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S @@ -24,6 +24,8 @@ @@ -9627,27 +10808,52 @@ index 504106b..4e50951 100644 +#include <asm/alternative-asm.h> + + #include "glue_helper-asm-avx.S" + .file "serpent-avx-x86_64-asm_64.S" - .text +@@ -618,6 +620,7 @@ __serpent_enc_blk8_avx: + write_blocks(RA1, RB1, RC1, RD1, RK0, RK1, RK2); + write_blocks(RA2, RB2, RC2, RD2, RK0, RK1, RK2); -@@ -638,12 +640,14 @@ __serpent_enc_blk_8way_avx: - write_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); - write_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); ++ pax_force_retaddr + ret; + + .align 8 +@@ -673,6 +676,7 @@ __serpent_dec_blk8_avx: + write_blocks(RC1, RD1, RB1, RE1, RK0, RK1, RK2); + write_blocks(RC2, RD2, RB2, RE2, RK0, RK1, RK2); + pax_force_retaddr ret; - __enc_xor8: - xor_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); - xor_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); + .align 8 +@@ -692,6 +696,7 @@ serpent_ecb_enc_8way_avx: + + store_8way(%rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + pax_force_retaddr ret; .align 8 -@@ -701,4 +705,5 @@ serpent_dec_blk_8way_avx: - write_blocks(%rsi, RC1, RD1, RB1, RE1, RK0, RK1, RK2); - write_blocks(%rax, RC2, RD2, RB2, RE2, RK0, RK1, RK2); +@@ -711,6 +716,7 @@ serpent_ecb_dec_8way_avx: + + store_8way(%rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2); + ++ pax_force_retaddr + ret; + + .align 8 +@@ -730,6 +736,7 @@ serpent_cbc_dec_8way_avx: + + store_cbc_8way(%rdx, %rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2); + ++ pax_force_retaddr + ret; + + .align 8 +@@ -751,4 +758,5 @@ serpent_ctr_8way_avx: + + store_ctr_8way(%rdx, %rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + pax_force_retaddr ret; @@ -9707,7 +10913,7 @@ index 49d6987..df66bd4 100644 .size \name, .-\name diff --git a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S -index 1585abb..1ff9d9b 100644 +index ebac16b..8092eb9 100644 --- a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S @@ -23,6 +23,8 @@ @@ -9716,27 +10922,52 @@ index 1585abb..1ff9d9b 100644 +#include <asm/alternative-asm.h> + + #include "glue_helper-asm-avx.S" + .file "twofish-avx-x86_64-asm_64.S" - .text +@@ -283,6 +285,7 @@ __twofish_enc_blk8: + outunpack_blocks(RC1, RD1, RA1, RB1, RK1, RX0, RY0, RK2); + outunpack_blocks(RC2, RD2, RA2, RB2, RK1, RX0, RY0, RK2); + ++ pax_force_retaddr 0, 1 + ret; -@@ -303,12 +305,14 @@ __twofish_enc_blk_8way: - outunpack_blocks(%r11, RC1, RD1, RA1, RB1, RK1, RX0, RY0, RK2); - outunpack_blocks(%rax, RC2, RD2, RA2, RB2, RK1, RX0, RY0, RK2); + .align 8 +@@ -324,6 +327,7 @@ __twofish_dec_blk8: + outunpack_blocks(RA1, RB1, RC1, RD1, RK1, RX0, RY0, RK2); + outunpack_blocks(RA2, RB2, RC2, RD2, RK1, RX0, RY0, RK2); + pax_force_retaddr 0, 1 ret; - __enc_xor8: - outunpack_xor_blocks(%r11, RC1, RD1, RA1, RB1, RK1, RX0, RY0, RK2); - outunpack_xor_blocks(%rax, RC2, RD2, RA2, RB2, RK1, RX0, RY0, RK2); + .align 8 +@@ -345,6 +349,7 @@ twofish_ecb_enc_8way: + + store_8way(%r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2); + ++ pax_force_retaddr 0, 1 + ret; + + .align 8 +@@ -366,6 +371,7 @@ twofish_ecb_dec_8way: + + store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + ++ pax_force_retaddr 0, 1 + ret; + + .align 8 +@@ -392,6 +398,7 @@ twofish_cbc_dec_8way: + + popq %r12; + pax_force_retaddr 0, 1 ret; .align 8 -@@ -354,4 +358,5 @@ twofish_dec_blk_8way: - outunpack_blocks(%r11, RA1, RB1, RC1, RD1, RK1, RX0, RY0, RK2); - outunpack_blocks(%rax, RA2, RB2, RC2, RD2, RK1, RX0, RY0, RK2); +@@ -420,4 +427,5 @@ twofish_ctr_8way: + + popq %r12; + pax_force_retaddr 0, 1 ret; @@ -9803,7 +11034,7 @@ index 7bcf3fc..f53832f 100644 + pax_force_retaddr 0, 1 ret diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c -index 07b3a68..bd2a388 100644 +index a703af1..f5b9c36 100644 --- a/arch/x86/ia32/ia32_aout.c +++ b/arch/x86/ia32/ia32_aout.c @@ -159,6 +159,8 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file, @@ -9816,21 +11047,10 @@ index 07b3a68..bd2a388 100644 set_fs(KERNEL_DS); has_dumped = 1; diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c -index efc6a95..95abfe2 100644 +index a1daf4a..f8c4537 100644 --- a/arch/x86/ia32/ia32_signal.c +++ b/arch/x86/ia32/ia32_signal.c -@@ -163,8 +163,8 @@ asmlinkage long sys32_sigaltstack(const stack_ia32_t __user *uss_ptr, - } - seg = get_fs(); - set_fs(KERNEL_DS); -- ret = do_sigaltstack((stack_t __force __user *) (uss_ptr ? &uss : NULL), -- (stack_t __force __user *) &uoss, regs->sp); -+ ret = do_sigaltstack((stack_t __force_user *) (uss_ptr ? &uss : NULL), -+ (stack_t __force_user *) &uoss, regs->sp); - set_fs(seg); - if (ret >= 0 && uoss_ptr) { - if (!access_ok(VERIFY_WRITE, uoss_ptr, sizeof(stack_ia32_t))) -@@ -396,7 +396,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, +@@ -348,7 +348,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, sp -= frame_size; /* Align the stack pointer according to the i386 ABI, * i.e. so that on function entry ((sp + 4) & 15) == 0. */ @@ -9839,7 +11059,7 @@ index efc6a95..95abfe2 100644 return (void __user *) sp; } -@@ -454,7 +454,7 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka, +@@ -406,7 +406,7 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka, * These are actually not used anymore, but left because some * gdb versions depend on them as a marker. */ @@ -9848,7 +11068,7 @@ index efc6a95..95abfe2 100644 } put_user_catch(err); if (err) -@@ -496,7 +496,7 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -448,7 +448,7 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, 0xb8, __NR_ia32_rt_sigreturn, 0x80cd, @@ -9857,7 +11077,7 @@ index efc6a95..95abfe2 100644 }; frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate); -@@ -522,16 +522,18 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -471,16 +471,18 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, if (ka->sa.sa_flags & SA_RESTORER) restorer = ka->sa.sa_restorer; @@ -9880,7 +11100,7 @@ index efc6a95..95abfe2 100644 err |= copy_siginfo_to_user32(&frame->info, info); diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S -index e7fa545..9e6fe1a 100644 +index 142c4ce..19b683f 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S @@ -15,8 +15,10 @@ @@ -10192,7 +11412,7 @@ index e7fa545..9e6fe1a 100644 END(ia32_syscall) diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c -index 86d68d1..f9960fe 100644 +index d0b689b..34be51d 100644 --- a/arch/x86/ia32/sys_ia32.c +++ b/arch/x86/ia32/sys_ia32.c @@ -69,8 +69,8 @@ asmlinkage long sys32_ftruncate64(unsigned int fd, unsigned long offset_low, @@ -10350,7 +11570,7 @@ index 20370c6..a2eb9b0 100644 "popl %%ebp\n\t" "popl %%edi\n\t" diff --git a/arch/x86/include/asm/atomic.h b/arch/x86/include/asm/atomic.h -index b6c3b82..b4c077a 100644 +index 722aa3b..3a0bb27 100644 --- a/arch/x86/include/asm/atomic.h +++ b/arch/x86/include/asm/atomic.h @@ -22,7 +22,18 @@ @@ -10603,19 +11823,14 @@ index b6c3b82..b4c077a 100644 : "+m" (v->counter), "=qm" (c) : "ir" (i) : "memory"); return c; -@@ -179,7 +341,7 @@ static inline int atomic_add_return(int i, atomic_t *v) - goto no_xadd; - #endif - /* Modern 486+ processor */ -- return i + xadd(&v->counter, i); +@@ -172,6 +334,18 @@ static inline int atomic_add_negative(int i, atomic_t *v) + */ + static inline int atomic_add_return(int i, atomic_t *v) + { + return i + xadd_check_overflow(&v->counter, i); - - #ifdef CONFIG_M386 - no_xadd: /* Legacy 386 processor */ -@@ -192,6 +354,34 @@ no_xadd: /* Legacy 386 processor */ - } - - /** ++} ++ ++/** + * atomic_add_return_unchecked - add integer and return + * @i: integer value to add + * @v: pointer of type atomic_unchecked_t @@ -10624,30 +11839,10 @@ index b6c3b82..b4c077a 100644 + */ +static inline int atomic_add_return_unchecked(int i, atomic_unchecked_t *v) +{ -+#ifdef CONFIG_M386 -+ int __i; -+ unsigned long flags; -+ if (unlikely(boot_cpu_data.x86 <= 3)) -+ goto no_xadd; -+#endif -+ /* Modern 486+ processor */ -+ return i + xadd(&v->counter, i); -+ -+#ifdef CONFIG_M386 -+no_xadd: /* Legacy 386 processor */ -+ raw_local_irq_save(flags); -+ __i = atomic_read_unchecked(v); -+ atomic_set_unchecked(v, i + __i); -+ raw_local_irq_restore(flags); -+ return i + __i; -+#endif -+} -+ -+/** - * atomic_sub_return - subtract integer and return - * @v: pointer of type atomic_t - * @i: integer value to subtract -@@ -204,6 +394,10 @@ static inline int atomic_sub_return(int i, atomic_t *v) + return i + xadd(&v->counter, i); + } + +@@ -188,6 +362,10 @@ static inline int atomic_sub_return(int i, atomic_t *v) } #define atomic_inc_return(v) (atomic_add_return(1, v)) @@ -10658,7 +11853,7 @@ index b6c3b82..b4c077a 100644 #define atomic_dec_return(v) (atomic_sub_return(1, v)) static inline int atomic_cmpxchg(atomic_t *v, int old, int new) -@@ -211,11 +405,21 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new) +@@ -195,11 +373,21 @@ static inline int atomic_cmpxchg(atomic_t *v, int old, int new) return cmpxchg(&v->counter, old, new); } @@ -10680,7 +11875,7 @@ index b6c3b82..b4c077a 100644 /** * __atomic_add_unless - add unless the number is already a given value * @v: pointer of type atomic_t -@@ -227,12 +431,25 @@ static inline int atomic_xchg(atomic_t *v, int new) +@@ -211,12 +399,25 @@ static inline int atomic_xchg(atomic_t *v, int new) */ static inline int __atomic_add_unless(atomic_t *v, int a, int u) { @@ -10709,7 +11904,7 @@ index b6c3b82..b4c077a 100644 if (likely(old == c)) break; c = old; -@@ -241,6 +458,49 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) +@@ -225,6 +426,49 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) } /** @@ -10759,7 +11954,7 @@ index b6c3b82..b4c077a 100644 * atomic_inc_short - increment of a short integer * @v: pointer to type int * -@@ -269,14 +529,37 @@ static inline void atomic_or_long(unsigned long *v1, unsigned long v2) +@@ -253,14 +497,37 @@ static inline void atomic_or_long(unsigned long *v1, unsigned long v2) #endif /* These are x86-specific, used by some header files */ @@ -11304,11 +12499,11 @@ index 6dfd019..0c6699f 100644 /** diff --git a/arch/x86/include/asm/boot.h b/arch/x86/include/asm/boot.h -index b13fe63..0dab13a 100644 +index 4fa687a..60f2d39 100644 --- a/arch/x86/include/asm/boot.h +++ b/arch/x86/include/asm/boot.h -@@ -11,10 +11,15 @@ - #include <asm/pgtable_types.h> +@@ -6,10 +6,15 @@ + #include <uapi/asm/boot.h> /* Physical address where kernel should be loaded. */ -#define LOAD_PHYSICAL_ADDR ((CONFIG_PHYSICAL_START \ @@ -11457,10 +12652,10 @@ index 8d871ea..c1a0dc9 100644 ({ \ __typeof__ (*(ptr)) __ret = (inc); \ diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h -index 8c297aa..7a90f03 100644 +index 2d9075e..b75a844 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h -@@ -205,7 +205,7 @@ +@@ -206,7 +206,7 @@ #define X86_FEATURE_BMI1 (9*32+ 3) /* 1st group bit manipulation extensions */ #define X86_FEATURE_HLE (9*32+ 4) /* Hardware Lock Elision */ #define X86_FEATURE_AVX2 (9*32+ 5) /* AVX2 instructions */ @@ -11469,7 +12664,7 @@ index 8c297aa..7a90f03 100644 #define X86_FEATURE_BMI2 (9*32+ 8) /* 2nd group bit manipulation extensions */ #define X86_FEATURE_ERMS (9*32+ 9) /* Enhanced REP MOVSB/STOSB */ #define X86_FEATURE_INVPCID (9*32+10) /* Invalidate Processor Context ID */ -@@ -379,7 +379,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) +@@ -375,7 +375,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ ".previous\n" @@ -11689,21 +12884,8 @@ index 278441f..b95a174 100644 }; } __attribute__((packed)); -diff --git a/arch/x86/include/asm/e820.h b/arch/x86/include/asm/e820.h -index 3778256..c5d4fce 100644 ---- a/arch/x86/include/asm/e820.h -+++ b/arch/x86/include/asm/e820.h -@@ -69,7 +69,7 @@ struct e820map { - #define ISA_START_ADDRESS 0xa0000 - #define ISA_END_ADDRESS 0x100000 - --#define BIOS_BEGIN 0x000a0000 -+#define BIOS_BEGIN 0x000c0000 - #define BIOS_END 0x00100000 - - #define BIOS_ROM_BASE 0xffe00000 diff --git a/arch/x86/include/asm/elf.h b/arch/x86/include/asm/elf.h -index 5939f44..f8845f6 100644 +index 9c999c1..3860cb8 100644 --- a/arch/x86/include/asm/elf.h +++ b/arch/x86/include/asm/elf.h @@ -243,7 +243,25 @@ extern int force_personality32; @@ -11807,7 +12989,7 @@ index 41ab26e..a88c9e6 100644 return fpu_restore_checking(&tsk->thread.fpu); } diff --git a/arch/x86/include/asm/futex.h b/arch/x86/include/asm/futex.h -index f373046..02653e2 100644 +index be27ba1..8f13ff9 100644 --- a/arch/x86/include/asm/futex.h +++ b/arch/x86/include/asm/futex.h @@ -12,6 +12,7 @@ @@ -11846,7 +13028,7 @@ index f373046..02653e2 100644 : "r" (oparg), "i" (-EFAULT), "1" (0)) static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) -@@ -65,10 +67,10 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) +@@ -59,10 +61,10 @@ static inline int futex_atomic_op_inuser(int encoded_op, u32 __user *uaddr) switch (op) { case FUTEX_OP_SET: @@ -11859,7 +13041,7 @@ index f373046..02653e2 100644 uaddr, oparg); break; case FUTEX_OP_OR: -@@ -128,14 +130,14 @@ static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, +@@ -116,14 +118,14 @@ static inline int futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, return -EFAULT; asm volatile("\t" ASM_STAC "\n" @@ -11959,7 +13141,7 @@ index d3ddd17..c9fb0cc 100644 #define flush_insn_slot(p) do { } while (0) diff --git a/arch/x86/include/asm/local.h b/arch/x86/include/asm/local.h -index c8bed0d..85c03fd 100644 +index 2d89e39..baee879 100644 --- a/arch/x86/include/asm/local.h +++ b/arch/x86/include/asm/local.h @@ -10,33 +10,97 @@ typedef struct { @@ -12136,11 +13318,10 @@ index c8bed0d..85c03fd 100644 : "+m" (l->a.counter), "=qm" (c) : "ir" (i) : "memory"); return c; -@@ -132,7 +232,15 @@ static inline long local_add_return(long i, local_t *l) - #endif - /* Modern 486+ processor */ - __i = i; -- asm volatile(_ASM_XADD "%0, %1;" +@@ -125,6 +225,30 @@ static inline int local_add_negative(long i, local_t *l) + static inline long local_add_return(long i, local_t *l) + { + long __i = i; + asm volatile(_ASM_XADD "%0, %1\n" + +#ifdef CONFIG_PAX_REFCOUNT @@ -12150,13 +13331,11 @@ index c8bed0d..85c03fd 100644 + _ASM_EXTABLE(0b, 0b) +#endif + - : "+r" (i), "+m" (l->a.counter) - : : "memory"); - return i + __i; -@@ -147,6 +255,38 @@ no_xadd: /* Legacy 386 processor */ - #endif - } - ++ : "+r" (i), "+m" (l->a.counter) ++ : : "memory"); ++ return i + __i; ++} ++ +/** + * local_add_return_unchecked - add and return + * @i: integer value to add @@ -12166,33 +13345,11 @@ index c8bed0d..85c03fd 100644 + */ +static inline long local_add_return_unchecked(long i, local_unchecked_t *l) +{ -+ long __i; -+#ifdef CONFIG_M386 -+ unsigned long flags; -+ if (unlikely(boot_cpu_data.x86 <= 3)) -+ goto no_xadd; -+#endif -+ /* Modern 486+ processor */ -+ __i = i; -+ asm volatile(_ASM_XADD "%0, %1\n" -+ : "+r" (i), "+m" (l->a.counter) -+ : : "memory"); -+ return i + __i; -+ -+#ifdef CONFIG_M386 -+no_xadd: /* Legacy 386 processor */ -+ local_irq_save(flags); -+ __i = local_read_unchecked(l); -+ local_set_unchecked(l, i + __i); -+ local_irq_restore(flags); -+ return i + __i; -+#endif -+} -+ - static inline long local_sub_return(long i, local_t *l) - { - return local_add_return(-i, l); -@@ -157,6 +297,8 @@ static inline long local_sub_return(long i, local_t *l) ++ long __i = i; + asm volatile(_ASM_XADD "%0, %1;" + : "+r" (i), "+m" (l->a.counter) + : : "memory"); +@@ -141,6 +265,8 @@ static inline long local_sub_return(long i, local_t *l) #define local_cmpxchg(l, o, n) \ (cmpxchg_local(&((l)->a.counter), (o), (n))) @@ -12202,24 +13359,26 @@ index c8bed0d..85c03fd 100644 #define local_xchg(l, n) (xchg(&((l)->a.counter), (n))) diff --git a/arch/x86/include/asm/mman.h b/arch/x86/include/asm/mman.h -index 593e51d..fa69c9a 100644 ---- a/arch/x86/include/asm/mman.h +new file mode 100644 +index 0000000..2bfd3ba +--- /dev/null +++ b/arch/x86/include/asm/mman.h -@@ -5,4 +5,14 @@ - - #include <asm-generic/mman.h> - +@@ -0,0 +1,15 @@ ++#ifndef _X86_MMAN_H ++#define _X86_MMAN_H ++ ++#include <uapi/asm/mman.h> ++ +#ifdef __KERNEL__ +#ifndef __ASSEMBLY__ +#ifdef CONFIG_X86_32 +#define arch_mmap_check i386_mmap_check -+int i386_mmap_check(unsigned long addr, unsigned long len, -+ unsigned long flags); ++int i386_mmap_check(unsigned long addr, unsigned long len, unsigned long flags); +#endif +#endif +#endif + - #endif /* _ASM_X86_MMAN_H */ ++#endif /* X86_MMAN_H */ diff --git a/arch/x86/include/asm/mmu.h b/arch/x86/include/asm/mmu.h index 5f55e69..e20bfb1 100644 --- a/arch/x86/include/asm/mmu.h @@ -12379,7 +13538,7 @@ index cdbf367..adb37ac 100644 #define activate_mm(prev, next) \ diff --git a/arch/x86/include/asm/module.h b/arch/x86/include/asm/module.h -index 9eae775..c914fea 100644 +index e3b7819..b257c64 100644 --- a/arch/x86/include/asm/module.h +++ b/arch/x86/include/asm/module.h @@ -5,6 +5,7 @@ @@ -12387,10 +13546,10 @@ index 9eae775..c914fea 100644 #ifdef CONFIG_X86_64 /* X86_64 does not define MODULE_PROC_FAMILY */ +#define MODULE_PROC_FAMILY "" - #elif defined CONFIG_M386 - #define MODULE_PROC_FAMILY "386 " #elif defined CONFIG_M486 -@@ -59,8 +60,20 @@ + #define MODULE_PROC_FAMILY "486 " + #elif defined CONFIG_M586 +@@ -57,8 +58,20 @@ #error unknown processor family #endif @@ -12427,10 +13586,10 @@ index 320f7bb..e89f8f8 100644 extern unsigned long __phys_addr(unsigned long); #define __phys_reloc_hide(x) (x) diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h -index a0facf3..c017b15 100644 +index 5edd174..9cf5821 100644 --- a/arch/x86/include/asm/paravirt.h +++ b/arch/x86/include/asm/paravirt.h -@@ -632,6 +632,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd) +@@ -630,6 +630,18 @@ static inline void set_pgd(pgd_t *pgdp, pgd_t pgd) val); } @@ -12449,7 +13608,7 @@ index a0facf3..c017b15 100644 static inline void pgd_clear(pgd_t *pgdp) { set_pgd(pgdp, __pgd(0)); -@@ -713,6 +725,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx, +@@ -711,6 +723,21 @@ static inline void __set_fixmap(unsigned /* enum fixed_addresses */ idx, pv_mmu_ops.set_fixmap(idx, phys, flags); } @@ -12471,7 +13630,7 @@ index a0facf3..c017b15 100644 #if defined(CONFIG_SMP) && defined(CONFIG_PARAVIRT_SPINLOCKS) static inline int arch_spin_is_locked(struct arch_spinlock *lock) -@@ -929,7 +956,7 @@ extern void default_banner(void); +@@ -927,7 +954,7 @@ extern void default_banner(void); #define PARA_PATCH(struct, off) ((PARAVIRT_PATCH_##struct + (off)) / 4) #define PARA_SITE(ptype, clobbers, ops) _PVSITE(ptype, clobbers, ops, .long, 4) @@ -12480,7 +13639,7 @@ index a0facf3..c017b15 100644 #endif #define INTERRUPT_RETURN \ -@@ -1004,6 +1031,21 @@ extern void default_banner(void); +@@ -1002,6 +1029,21 @@ extern void default_banner(void); PARA_SITE(PARA_PATCH(pv_cpu_ops, PV_CPU_irq_enable_sysexit), \ CLBR_NONE, \ jmp PARA_INDIRECT(pv_cpu_ops+PV_CPU_irq_enable_sysexit)) @@ -12662,7 +13821,7 @@ index 4cc9f2b..5fd9226 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index 796ed83..9f6c8dd 100644 +index 1c1a955..50f828c 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -12772,7 +13931,7 @@ index 796ed83..9f6c8dd 100644 #include <linux/mm_types.h> static inline int pte_none(pte_t pte) -@@ -570,7 +639,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) +@@ -583,7 +652,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) static inline int pgd_bad(pgd_t pgd) { @@ -12781,7 +13940,7 @@ index 796ed83..9f6c8dd 100644 } static inline int pgd_none(pgd_t pgd) -@@ -593,7 +662,12 @@ static inline int pgd_none(pgd_t pgd) +@@ -606,7 +675,12 @@ static inline int pgd_none(pgd_t pgd) * pgd_offset() returns a (pgd_t *) * pgd_index() is used get the offset into the pgd page's array of pgd_t's; */ @@ -12795,7 +13954,7 @@ index 796ed83..9f6c8dd 100644 /* * a shortcut which implies the use of the kernel's pgd, instead * of a process's -@@ -604,6 +678,20 @@ static inline int pgd_none(pgd_t pgd) +@@ -617,6 +691,20 @@ static inline int pgd_none(pgd_t pgd) #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) @@ -12816,7 +13975,7 @@ index 796ed83..9f6c8dd 100644 #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -768,11 +856,23 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, +@@ -781,11 +869,23 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -12993,7 +14152,7 @@ index 766ea16..5b96cb3 100644 #endif /* _ASM_X86_PGTABLE_64_DEFS_H */ diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h -index ec8a1fc..7ccb593 100644 +index 3c32db8..1ddccf5 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -16,13 +16,12 @@ @@ -13033,7 +14192,7 @@ index ec8a1fc..7ccb593 100644 #endif #define _PAGE_FILE (_AT(pteval_t, 1) << _PAGE_BIT_FILE) -@@ -96,6 +96,9 @@ +@@ -116,6 +116,9 @@ #define PAGE_READONLY_EXEC __pgprot(_PAGE_PRESENT | _PAGE_USER | \ _PAGE_ACCESSED) @@ -13043,7 +14202,7 @@ index ec8a1fc..7ccb593 100644 #define __PAGE_KERNEL_EXEC \ (_PAGE_PRESENT | _PAGE_RW | _PAGE_DIRTY | _PAGE_ACCESSED | _PAGE_GLOBAL) #define __PAGE_KERNEL (__PAGE_KERNEL_EXEC | _PAGE_NX) -@@ -106,7 +109,7 @@ +@@ -126,7 +129,7 @@ #define __PAGE_KERNEL_WC (__PAGE_KERNEL | _PAGE_CACHE_WC) #define __PAGE_KERNEL_NOCACHE (__PAGE_KERNEL | _PAGE_PCD | _PAGE_PWT) #define __PAGE_KERNEL_UC_MINUS (__PAGE_KERNEL | _PAGE_PCD) @@ -13052,7 +14211,7 @@ index ec8a1fc..7ccb593 100644 #define __PAGE_KERNEL_VVAR (__PAGE_KERNEL_RO | _PAGE_USER) #define __PAGE_KERNEL_VVAR_NOCACHE (__PAGE_KERNEL_VVAR | _PAGE_PCD | _PAGE_PWT) #define __PAGE_KERNEL_LARGE (__PAGE_KERNEL | _PAGE_PSE) -@@ -168,8 +171,8 @@ +@@ -188,8 +191,8 @@ * bits are combined, this will alow user to access the high address mapped * VDSO in the presence of CONFIG_COMPAT_VDSO */ @@ -13063,7 +14222,7 @@ index ec8a1fc..7ccb593 100644 #define PGD_IDENT_ATTR 0x001 /* PRESENT (no other attributes) */ #endif -@@ -207,7 +210,17 @@ static inline pgdval_t pgd_flags(pgd_t pgd) +@@ -227,7 +230,17 @@ static inline pgdval_t pgd_flags(pgd_t pgd) { return native_pgd_val(pgd) & PTE_FLAGS_MASK; } @@ -13081,7 +14240,7 @@ index ec8a1fc..7ccb593 100644 #if PAGETABLE_LEVELS > 3 typedef struct { pudval_t pud; } pud_t; -@@ -221,8 +234,6 @@ static inline pudval_t native_pud_val(pud_t pud) +@@ -241,8 +254,6 @@ static inline pudval_t native_pud_val(pud_t pud) return pud.pud; } #else @@ -13090,7 +14249,7 @@ index ec8a1fc..7ccb593 100644 static inline pudval_t native_pud_val(pud_t pud) { return native_pgd_val(pud.pgd); -@@ -242,8 +253,6 @@ static inline pmdval_t native_pmd_val(pmd_t pmd) +@@ -262,8 +273,6 @@ static inline pmdval_t native_pmd_val(pmd_t pmd) return pmd.pmd; } #else @@ -13099,7 +14258,7 @@ index ec8a1fc..7ccb593 100644 static inline pmdval_t native_pmd_val(pmd_t pmd) { return native_pgd_val(pmd.pud.pgd); -@@ -283,7 +292,6 @@ typedef struct page *pgtable_t; +@@ -303,7 +312,6 @@ typedef struct page *pgtable_t; extern pteval_t __supported_pte_mask; extern void set_nx(void); @@ -13108,10 +14267,10 @@ index ec8a1fc..7ccb593 100644 #define pgprot_writecombine pgprot_writecombine extern pgprot_t pgprot_writecombine(pgprot_t prot); diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h -index ad1fc85..0b15fe1 100644 +index 888184b..a07ac89 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h -@@ -289,7 +289,7 @@ struct tss_struct { +@@ -287,7 +287,7 @@ struct tss_struct { } ____cacheline_aligned; @@ -13120,7 +14279,7 @@ index ad1fc85..0b15fe1 100644 /* * Save the original ist values for checking stack pointers during debugging -@@ -818,11 +818,18 @@ static inline void spin_lock_prefetch(const void *x) +@@ -827,11 +827,18 @@ static inline void spin_lock_prefetch(const void *x) */ #define TASK_SIZE PAGE_OFFSET #define TASK_SIZE_MAX TASK_SIZE @@ -13141,7 +14300,7 @@ index ad1fc85..0b15fe1 100644 .vm86_info = NULL, \ .sysenter_cs = __KERNEL_CS, \ .io_bitmap_ptr = NULL, \ -@@ -836,7 +843,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -845,7 +852,7 @@ static inline void spin_lock_prefetch(const void *x) */ #define INIT_TSS { \ .x86_tss = { \ @@ -13150,7 +14309,7 @@ index ad1fc85..0b15fe1 100644 .ss0 = __KERNEL_DS, \ .ss1 = __KERNEL_CS, \ .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \ -@@ -847,11 +854,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -856,11 +863,7 @@ static inline void spin_lock_prefetch(const void *x) extern unsigned long thread_saved_pc(struct task_struct *tsk); #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long)) @@ -13163,7 +14322,7 @@ index ad1fc85..0b15fe1 100644 /* * The below -8 is to reserve 8 bytes on top of the ring0 stack. -@@ -866,7 +869,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -875,7 +878,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define task_pt_regs(task) \ ({ \ struct pt_regs *__regs__; \ @@ -13172,7 +14331,7 @@ index ad1fc85..0b15fe1 100644 __regs__ - 1; \ }) -@@ -876,13 +879,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -885,13 +888,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); /* * User space process size. 47bits minus one guard page. */ @@ -13188,7 +14347,7 @@ index ad1fc85..0b15fe1 100644 #define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \ IA32_PAGE_OFFSET : TASK_SIZE_MAX) -@@ -893,11 +896,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -902,11 +905,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define STACK_TOP_MAX TASK_SIZE_MAX #define INIT_THREAD { \ @@ -13202,7 +14361,7 @@ index ad1fc85..0b15fe1 100644 } /* -@@ -925,6 +928,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, +@@ -934,6 +937,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, */ #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) @@ -13213,7 +14372,7 @@ index ad1fc85..0b15fe1 100644 #define KSTK_EIP(task) (task_pt_regs(task)->ip) /* Get/set a process' ability to use the timestamp counter instruction */ -@@ -985,12 +992,12 @@ extern bool cpu_has_amd_erratum(const int *); +@@ -994,12 +1001,12 @@ extern bool cpu_has_amd_erratum(const int *); #define cpu_has_amd_erratum(x) (false) #endif /* CONFIG_CPU_SUP_AMD */ @@ -13229,10 +14388,10 @@ index ad1fc85..0b15fe1 100644 #endif /* _ASM_X86_PROCESSOR_H */ diff --git a/arch/x86/include/asm/ptrace.h b/arch/x86/include/asm/ptrace.h -index 19f16eb..b50624b 100644 +index 942a086..6c26446 100644 --- a/arch/x86/include/asm/ptrace.h +++ b/arch/x86/include/asm/ptrace.h -@@ -155,28 +155,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs) +@@ -85,28 +85,29 @@ static inline unsigned long regs_return_value(struct pt_regs *regs) } /* @@ -13268,7 +14427,7 @@ index 19f16eb..b50624b 100644 #endif } -@@ -192,15 +193,16 @@ static inline int v8086_mode(struct pt_regs *regs) +@@ -122,15 +123,16 @@ static inline int v8086_mode(struct pt_regs *regs) #ifdef CONFIG_X86_64 static inline bool user_64bit_mode(struct pt_regs *regs) { @@ -13286,7 +14445,22 @@ index 19f16eb..b50624b 100644 + return cs == __USER_CS || cs == pv_info.extra_user_64bit_cs; #endif } + +@@ -181,9 +183,11 @@ static inline unsigned long regs_get_register(struct pt_regs *regs, + * Traps from the kernel do not save sp and ss. + * Use the helper function to retrieve sp. + */ +- if (offset == offsetof(struct pt_regs, sp) && +- regs->cs == __KERNEL_CS) +- return kernel_stack_pointer(regs); ++ if (offset == offsetof(struct pt_regs, sp)) { ++ unsigned long cs = regs->cs & 0xffff; ++ if (cs == __KERNEL_CS || cs == __KERNEXEC_KERNEL_CS) ++ return kernel_stack_pointer(regs); ++ } #endif + return *(unsigned long *)((unsigned long)regs + offset); + } diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h index fe1ec5b..dc5c3fe 100644 --- a/arch/x86/include/asm/realmode.h @@ -13532,7 +14706,7 @@ index c48a950..c6d7468 100644 #endif /* !__ASSEMBLY__ */ diff --git a/arch/x86/include/asm/smp.h b/arch/x86/include/asm/smp.h -index 4f19a15..9e14f27 100644 +index b073aae..39f9bdd 100644 --- a/arch/x86/include/asm/smp.h +++ b/arch/x86/include/asm/smp.h @@ -36,7 +36,7 @@ DECLARE_PER_CPU_READ_MOSTLY(cpumask_var_t, cpu_core_map); @@ -13553,7 +14727,7 @@ index 4f19a15..9e14f27 100644 /* Globals due to paravirt */ extern void set_cpu_sibling_map(int cpu); -@@ -190,14 +190,8 @@ extern unsigned disabled_cpus __cpuinitdata; +@@ -191,14 +191,8 @@ extern unsigned disabled_cpus __cpuinitdata; extern int safe_smp_processor_id(void); #elif defined(CONFIG_X86_64_SMP) @@ -13937,7 +15111,7 @@ index 2d946e6..e453ec4 100644 #endif #endif /* _ASM_X86_THREAD_INFO_H */ diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h -index 7ccf8d1..9a18110 100644 +index 1709801..0a60f2f 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -7,6 +7,7 @@ @@ -14033,7 +15207,7 @@ index 7ccf8d1..9a18110 100644 "3: " ASM_CLAC "\n" \ _ASM_EXTABLE_EX(1b, 2b) \ _ASM_EXTABLE_EX(2b, 3b) \ -@@ -261,7 +300,7 @@ extern void __put_user_8(void); +@@ -259,7 +298,7 @@ extern void __put_user_8(void); __typeof__(*(ptr)) __pu_val; \ __chk_user_ptr(ptr); \ might_fault(); \ @@ -14042,7 +15216,7 @@ index 7ccf8d1..9a18110 100644 switch (sizeof(*(ptr))) { \ case 1: \ __put_user_x(1, __pu_val, ptr, __ret_pu); \ -@@ -383,7 +422,7 @@ do { \ +@@ -358,7 +397,7 @@ do { \ #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \ asm volatile(ASM_STAC "\n" \ @@ -14051,7 +15225,7 @@ index 7ccf8d1..9a18110 100644 "2: " ASM_CLAC "\n" \ ".section .fixup,\"ax\"\n" \ "3: mov %3,%0\n" \ -@@ -391,7 +430,7 @@ do { \ +@@ -366,7 +405,7 @@ do { \ " jmp 2b\n" \ ".previous\n" \ _ASM_EXTABLE(1b, 3b) \ @@ -14060,7 +15234,7 @@ index 7ccf8d1..9a18110 100644 : "m" (__m(addr)), "i" (errret), "0" (err)) #define __get_user_size_ex(x, ptr, size) \ -@@ -416,7 +455,7 @@ do { \ +@@ -391,7 +430,7 @@ do { \ } while (0) #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \ @@ -14069,7 +15243,7 @@ index 7ccf8d1..9a18110 100644 "2:\n" \ _ASM_EXTABLE_EX(1b, 2b) \ : ltype(x) : "m" (__m(addr))) -@@ -433,13 +472,24 @@ do { \ +@@ -408,13 +447,24 @@ do { \ int __gu_err; \ unsigned long __gu_val; \ __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \ @@ -14096,7 +15270,7 @@ index 7ccf8d1..9a18110 100644 /* * Tell gcc we read from memory instead of writing: this is because -@@ -448,7 +498,7 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -423,7 +473,7 @@ struct __large_struct { unsigned long buf[100]; }; */ #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \ asm volatile(ASM_STAC "\n" \ @@ -14105,7 +15279,7 @@ index 7ccf8d1..9a18110 100644 "2: " ASM_CLAC "\n" \ ".section .fixup,\"ax\"\n" \ "3: mov %3,%0\n" \ -@@ -456,10 +506,10 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -431,10 +481,10 @@ struct __large_struct { unsigned long buf[100]; }; ".previous\n" \ _ASM_EXTABLE(1b, 3b) \ : "=r"(err) \ @@ -14118,7 +15292,7 @@ index 7ccf8d1..9a18110 100644 "2:\n" \ _ASM_EXTABLE_EX(1b, 2b) \ : : ltype(x), "m" (__m(addr))) -@@ -498,8 +548,12 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -473,8 +523,12 @@ struct __large_struct { unsigned long buf[100]; }; * On error, the variable @x is set to zero. */ @@ -14131,7 +15305,7 @@ index 7ccf8d1..9a18110 100644 /** * __put_user: - Write a simple value into user space, with less checking. -@@ -521,8 +575,12 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -496,8 +550,12 @@ struct __large_struct { unsigned long buf[100]; }; * Returns zero on success, or -EFAULT on error. */ @@ -14144,7 +15318,7 @@ index 7ccf8d1..9a18110 100644 #define __get_user_unaligned __get_user #define __put_user_unaligned __put_user -@@ -540,7 +598,7 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -515,7 +573,7 @@ struct __large_struct { unsigned long buf[100]; }; #define get_user_ex(x, ptr) do { \ unsigned long __gue_val; \ __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \ @@ -14152,8 +15326,8 @@ index 7ccf8d1..9a18110 100644 + (x) = (__typeof__(*(ptr)))__gue_val; \ } while (0) - #ifdef CONFIG_X86_WP_WORKS_OK -@@ -574,8 +632,8 @@ strncpy_from_user(char *dst, const char __user *src, long count); + #define put_user_try uaccess_try +@@ -532,8 +590,8 @@ strncpy_from_user(char *dst, const char __user *src, long count); extern __must_check long strlen_user(const char __user *str); extern __must_check long strnlen_user(const char __user *str, long n); @@ -14339,7 +15513,7 @@ index 7f760a9..04b1c65 100644 } diff --git a/arch/x86/include/asm/uaccess_64.h b/arch/x86/include/asm/uaccess_64.h -index 142810c..4b68a3e 100644 +index 142810c..747941a 100644 --- a/arch/x86/include/asm/uaccess_64.h +++ b/arch/x86/include/asm/uaccess_64.h @@ -10,6 +10,9 @@ @@ -14370,7 +15544,7 @@ index 142810c..4b68a3e 100644 copy_user_generic(void *to, const void *from, unsigned len) { unsigned ret; -@@ -41,142 +44,203 @@ copy_user_generic(void *to, const void *from, unsigned len) +@@ -41,142 +44,204 @@ copy_user_generic(void *to, const void *from, unsigned len) ASM_OUTPUT2("=a" (ret), "=D" (to), "=S" (from), "=d" (len)), "1" (to), "2" (from), "3" (len) @@ -14422,6 +15596,7 @@ index 142810c..4b68a3e 100644 -#endif + + check_object_size(to, n, false); ++ + if (access_ok(VERIFY_READ, from, n)) + n = __copy_from_user(to, from, n); + else if (n < INT_MAX) @@ -14619,7 +15794,7 @@ index 142810c..4b68a3e 100644 ret, "b", "b", "=q", 1); if (likely(!ret)) __put_user_asm(tmp, (u8 __user *)dst, -@@ -185,7 +249,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -185,7 +250,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 2: { u16 tmp; @@ -14628,7 +15803,7 @@ index 142810c..4b68a3e 100644 ret, "w", "w", "=r", 2); if (likely(!ret)) __put_user_asm(tmp, (u16 __user *)dst, -@@ -195,7 +259,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -195,7 +260,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) case 4: { u32 tmp; @@ -14637,7 +15812,7 @@ index 142810c..4b68a3e 100644 ret, "l", "k", "=r", 4); if (likely(!ret)) __put_user_asm(tmp, (u32 __user *)dst, -@@ -204,7 +268,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -204,7 +269,7 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) } case 8: { u64 tmp; @@ -14646,7 +15821,7 @@ index 142810c..4b68a3e 100644 ret, "q", "", "=r", 8); if (likely(!ret)) __put_user_asm(tmp, (u64 __user *)dst, -@@ -212,41 +276,72 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) +@@ -212,41 +277,72 @@ int __copy_in_user(void __user *dst, const void __user *src, unsigned size) return ret; } default: @@ -14828,11 +16003,24 @@ index 0415cda..b43d877 100644 "2: " ASM_CLAC "\n" ".section .fixup,\"ax\"\n" "3: movl $-1,%[err]\n" +diff --git a/arch/x86/include/uapi/asm/e820.h b/arch/x86/include/uapi/asm/e820.h +index bbae024..e1528f9 100644 +--- a/arch/x86/include/uapi/asm/e820.h ++++ b/arch/x86/include/uapi/asm/e820.h +@@ -63,7 +63,7 @@ struct e820map { + #define ISA_START_ADDRESS 0xa0000 + #define ISA_END_ADDRESS 0x100000 + +-#define BIOS_BEGIN 0x000a0000 ++#define BIOS_BEGIN 0x000c0000 + #define BIOS_END 0x00100000 + + #define BIOS_ROM_BASE 0xffe00000 diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile -index 91ce48f..a48ea05 100644 +index 34e923a..0c6bb6e 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile -@@ -23,7 +23,7 @@ obj-y += time.o ioport.o ldt.o dumpstack.o nmi.o +@@ -22,7 +22,7 @@ obj-y += time.o ioport.o ldt.o dumpstack.o nmi.o obj-y += setup.o x86_init.o i8259.o irqinit.o jump_label.o obj-$(CONFIG_IRQ_WORK) += irq_work.o obj-y += probe_roms.o @@ -14842,7 +16030,7 @@ index 91ce48f..a48ea05 100644 obj-y += syscall_$(BITS).o obj-$(CONFIG_X86_64) += vsyscall_64.o diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c -index 11676cf..a8cf3ec 100644 +index d5e0d71..6533e08 100644 --- a/arch/x86/kernel/acpi/sleep.c +++ b/arch/x86/kernel/acpi/sleep.c @@ -74,8 +74,12 @@ int acpi_suspend_lowlevel(void) @@ -15016,10 +16204,19 @@ index ef5ccca..bd83949 100644 } diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c -index b17416e..5ed0f3e 100644 +index b994cc8..812b537 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c -@@ -185,7 +185,7 @@ int first_system_vector = 0xfe; +@@ -131,7 +131,7 @@ static int __init parse_lapic(char *arg) + { + if (config_enabled(CONFIG_X86_32) && !arg) + force_enable_local_apic = 1; +- else if (!strncmp(arg, "notscdeadline", 13)) ++ else if (arg && !strncmp(arg, "notscdeadline", 13)) + setup_clear_cpu_cap(X86_FEATURE_TSC_DEADLINE_TIMER); + return 0; + } +@@ -189,7 +189,7 @@ int first_system_vector = 0xfe; /* * Debug level, exported for io_apic.c */ @@ -15028,7 +16225,7 @@ index b17416e..5ed0f3e 100644 int pic_mode; -@@ -1923,7 +1923,7 @@ void smp_error_interrupt(struct pt_regs *regs) +@@ -1956,7 +1956,7 @@ void smp_error_interrupt(struct pt_regs *regs) apic_write(APIC_ESR, 0); v1 = apic_read(APIC_ESR); ack_APIC_irq(); @@ -15096,7 +16293,7 @@ index 0874799..24a836e 100644 .name = "es7000", .probe = probe_es7000, diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c -index 1817fa9..7bff097 100644 +index b739d39..6e4f1db 100644 --- a/arch/x86/kernel/apic/io_apic.c +++ b/arch/x86/kernel/apic/io_apic.c @@ -1084,7 +1084,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin, @@ -15117,7 +16314,7 @@ index 1817fa9..7bff097 100644 { raw_spin_unlock(&vector_lock); } -@@ -2411,7 +2411,7 @@ static void ack_apic_edge(struct irq_data *data) +@@ -2399,7 +2399,7 @@ static void ack_apic_edge(struct irq_data *data) ack_APIC_irq(); } @@ -15126,7 +16323,7 @@ index 1817fa9..7bff097 100644 #ifdef CONFIG_GENERIC_PENDING_IRQ static bool io_apic_level_ack_pending(struct irq_cfg *cfg) -@@ -2552,7 +2552,7 @@ static void ack_apic_level(struct irq_data *data) +@@ -2540,7 +2540,7 @@ static void ack_apic_level(struct irq_data *data) * at the cpu. */ if (!(v & (1 << (i & 0x1f)))) { @@ -15176,9 +16373,18 @@ index 77c95c0..434f8a4 100644 .name = "summit", .probe = probe_summit, diff --git a/arch/x86/kernel/apic/x2apic_cluster.c b/arch/x86/kernel/apic/x2apic_cluster.c -index c88baa4..a89def0 100644 +index c88baa4..757aee1 100644 --- a/arch/x86/kernel/apic/x2apic_cluster.c +++ b/arch/x86/kernel/apic/x2apic_cluster.c +@@ -183,7 +183,7 @@ update_clusterinfo(struct notifier_block *nfb, unsigned long action, void *hcpu) + return notifier_from_errno(err); + } + +-static struct notifier_block __refdata x2apic_cpu_notifier = { ++static struct notifier_block x2apic_cpu_notifier = { + .notifier_call = update_clusterinfo, + }; + @@ -235,7 +235,7 @@ static void cluster_vector_allocation_domain(int cpu, struct cpumask *retmask, cpumask_and(retmask, mask, per_cpu(cpus_in_cluster, cpu)); } @@ -15357,10 +16563,10 @@ index a0e067d..9c7db16 100644 obj-y += proc.o capflags.o powerflags.o common.o obj-y += vmware.o hypervisor.o mshyperv.o diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c -index 1b7d165..b9e2627 100644 +index 15239ff..e23e04e 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c -@@ -738,7 +738,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, +@@ -733,7 +733,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, unsigned int size) { /* AMD errata T13 (order #21922) */ @@ -15370,7 +16576,7 @@ index 1b7d165..b9e2627 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index 7505f7b..d59dac0 100644 +index 9c3ab43..51e6366 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -86,60 +86,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { @@ -15478,16 +16684,7 @@ index 7505f7b..d59dac0 100644 EXPORT_PER_CPU_SYMBOL(kernel_stack); DEFINE_PER_CPU(char *, irq_stack_ptr) = -@@ -1178,7 +1130,7 @@ struct pt_regs * __cpuinit idle_regs(struct pt_regs *regs) - { - memset(regs, 0, sizeof(struct pt_regs)); - regs->fs = __KERNEL_PERCPU; -- regs->gs = __KERNEL_STACK_CANARY; -+ savesegment(gs, regs->gs); - - return regs; - } -@@ -1233,7 +1185,7 @@ void __cpuinit cpu_init(void) +@@ -1224,7 +1176,7 @@ void __cpuinit cpu_init(void) int i; cpu = stack_smp_processor_id(); @@ -15496,7 +16693,7 @@ index 7505f7b..d59dac0 100644 oist = &per_cpu(orig_ist, cpu); #ifdef CONFIG_NUMA -@@ -1259,7 +1211,7 @@ void __cpuinit cpu_init(void) +@@ -1250,7 +1202,7 @@ void __cpuinit cpu_init(void) switch_to_new_gdt(cpu); loadsegment(fs, 0); @@ -15505,15 +16702,15 @@ index 7505f7b..d59dac0 100644 memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8); syscall_init(); -@@ -1268,7 +1220,6 @@ void __cpuinit cpu_init(void) +@@ -1259,7 +1211,6 @@ void __cpuinit cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); - x86_configure_nx(); - if (cpu != 0) - enable_x2apic(); + enable_x2apic(); -@@ -1321,7 +1272,7 @@ void __cpuinit cpu_init(void) + /* +@@ -1311,7 +1262,7 @@ void __cpuinit cpu_init(void) { int cpu = smp_processor_id(); struct task_struct *curr = current; @@ -15523,7 +16720,7 @@ index 7505f7b..d59dac0 100644 if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) { diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c -index 198e019..867575e 100644 +index fcaabd0..7b55a26 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c @@ -174,7 +174,7 @@ static void __cpuinit trap_init_f00f_bug(void) @@ -15536,10 +16733,10 @@ index 198e019..867575e 100644 } #endif diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c -index 93c5451..3887433 100644 +index 84c1309..39b7224 100644 --- a/arch/x86/kernel/cpu/intel_cacheinfo.c +++ b/arch/x86/kernel/cpu/intel_cacheinfo.c -@@ -983,6 +983,22 @@ static struct attribute *default_attrs[] = { +@@ -1017,6 +1017,22 @@ static struct attribute *default_attrs[] = { }; #ifdef CONFIG_AMD_NB @@ -15562,7 +16759,7 @@ index 93c5451..3887433 100644 static struct attribute ** __cpuinit amd_l3_attrs(void) { static struct attribute **attrs; -@@ -993,18 +1009,7 @@ static struct attribute ** __cpuinit amd_l3_attrs(void) +@@ -1027,18 +1043,7 @@ static struct attribute ** __cpuinit amd_l3_attrs(void) n = ARRAY_SIZE(default_attrs); @@ -15582,7 +16779,7 @@ index 93c5451..3887433 100644 if (amd_nb_has_feature(AMD_NB_L3_INDEX_DISABLE)) { attrs[n++] = &cache_disable_0.attr; -@@ -1055,6 +1060,13 @@ static struct kobj_type ktype_cache = { +@@ -1089,6 +1094,13 @@ static struct kobj_type ktype_cache = { .default_attrs = default_attrs, }; @@ -15596,7 +16793,7 @@ index 93c5451..3887433 100644 static struct kobj_type ktype_percpu_entry = { .sysfs_ops = &sysfs_ops, }; -@@ -1120,20 +1132,26 @@ static int __cpuinit cache_add_dev(struct device *dev) +@@ -1154,20 +1166,26 @@ static int __cpuinit cache_add_dev(struct device *dev) return retval; } @@ -15626,8 +16823,17 @@ index 93c5451..3887433 100644 per_cpu(ici_cache_kobject, cpu), "index%1lu", i); if (unlikely(retval)) { +@@ -1222,7 +1240,7 @@ static int __cpuinit cacheinfo_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata cacheinfo_cpu_notifier = { ++static struct notifier_block cacheinfo_cpu_notifier = { + .notifier_call = cacheinfo_cpu_callback, + }; + diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c -index 46cbf86..55c7292 100644 +index 80dbda8..b45ebad 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -45,6 +45,7 @@ @@ -15638,7 +16844,7 @@ index 46cbf86..55c7292 100644 #include "mce-internal.h" -@@ -254,7 +255,7 @@ static void print_mce(struct mce *m) +@@ -246,7 +247,7 @@ static void print_mce(struct mce *m) !(m->mcgstatus & MCG_STATUS_EIPV) ? " !INEXACT!" : "", m->cs, m->ip); @@ -15647,7 +16853,7 @@ index 46cbf86..55c7292 100644 print_symbol("{%s}", m->ip); pr_cont("\n"); } -@@ -287,10 +288,10 @@ static void print_mce(struct mce *m) +@@ -279,10 +280,10 @@ static void print_mce(struct mce *m) #define PANIC_TIMEOUT 5 /* 5 seconds */ @@ -15660,7 +16866,7 @@ index 46cbf86..55c7292 100644 /* Panic in progress. Enable interrupts and wait for final IPI */ static void wait_for_panic(void) -@@ -314,7 +315,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) +@@ -306,7 +307,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) /* * Make sure only one CPU runs in machine check panic */ @@ -15669,7 +16875,7 @@ index 46cbf86..55c7292 100644 wait_for_panic(); barrier(); -@@ -322,7 +323,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) +@@ -314,7 +315,7 @@ static void mce_panic(char *msg, struct mce *final, char *exp) console_verbose(); } else { /* Don't log too much for fake panic */ @@ -15678,16 +16884,16 @@ index 46cbf86..55c7292 100644 return; } /* First print corrected ones that are still unlogged */ -@@ -694,7 +695,7 @@ static int mce_timed_out(u64 *t) +@@ -686,7 +687,7 @@ static int mce_timed_out(u64 *t) * might have been modified by someone else. */ rmb(); - if (atomic_read(&mce_paniced)) + if (atomic_read_unchecked(&mce_paniced)) wait_for_panic(); - if (!monarch_timeout) + if (!mca_cfg.monarch_timeout) goto out; -@@ -1659,7 +1660,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) +@@ -1662,7 +1663,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) } /* Call the installed machine check handler for this CPU setup. */ @@ -15696,7 +16902,7 @@ index 46cbf86..55c7292 100644 unexpected_machine_check; /* -@@ -1682,7 +1683,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1685,7 +1686,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) return; } @@ -15706,7 +16912,7 @@ index 46cbf86..55c7292 100644 __mcheck_cpu_init_generic(); __mcheck_cpu_init_vendor(c); -@@ -1696,7 +1699,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1699,7 +1702,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) */ static DEFINE_SPINLOCK(mce_chrdev_state_lock); @@ -15715,7 +16921,7 @@ index 46cbf86..55c7292 100644 static int mce_chrdev_open_exclu; /* already open exclusive? */ static int mce_chrdev_open(struct inode *inode, struct file *file) -@@ -1704,7 +1707,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1707,7 +1710,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) spin_lock(&mce_chrdev_state_lock); if (mce_chrdev_open_exclu || @@ -15724,7 +16930,7 @@ index 46cbf86..55c7292 100644 spin_unlock(&mce_chrdev_state_lock); return -EBUSY; -@@ -1712,7 +1715,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1715,7 +1718,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) if (file->f_flags & O_EXCL) mce_chrdev_open_exclu = 1; @@ -15733,7 +16939,7 @@ index 46cbf86..55c7292 100644 spin_unlock(&mce_chrdev_state_lock); -@@ -1723,7 +1726,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) +@@ -1726,7 +1729,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) { spin_lock(&mce_chrdev_state_lock); @@ -15742,16 +16948,16 @@ index 46cbf86..55c7292 100644 mce_chrdev_open_exclu = 0; spin_unlock(&mce_chrdev_state_lock); -@@ -2367,7 +2370,7 @@ mce_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu) +@@ -2372,7 +2375,7 @@ mce_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu) return NOTIFY_OK; } -static struct notifier_block mce_cpu_notifier __cpuinitdata = { -+static struct notifier_block mce_cpu_notifier __cpuinitconst = { ++static struct notifier_block mce_cpu_notifier = { .notifier_call = mce_cpu_callback, }; -@@ -2445,7 +2448,7 @@ struct dentry *mce_get_debugfs_dir(void) +@@ -2450,7 +2453,7 @@ struct dentry *mce_get_debugfs_dir(void) static void mce_reset(void) { cpu_missing = 0; @@ -15782,6 +16988,19 @@ index 2d5454c..51987eb 100644 /* Make sure the vector pointer is visible before we enable MCEs: */ wmb(); +diff --git a/arch/x86/kernel/cpu/mcheck/therm_throt.c b/arch/x86/kernel/cpu/mcheck/therm_throt.c +index 47a1870..8c019a7 100644 +--- a/arch/x86/kernel/cpu/mcheck/therm_throt.c ++++ b/arch/x86/kernel/cpu/mcheck/therm_throt.c +@@ -288,7 +288,7 @@ thermal_throttle_cpu_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block thermal_throttle_cpu_notifier __cpuinitdata = ++static struct notifier_block thermal_throttle_cpu_notifier = + { + .notifier_call = thermal_throttle_cpu_callback, + }; diff --git a/arch/x86/kernel/cpu/mcheck/winchip.c b/arch/x86/kernel/cpu/mcheck/winchip.c index 2d7998f..17c9de1 100644 --- a/arch/x86/kernel/cpu/mcheck/winchip.c @@ -15805,7 +17024,7 @@ index 2d7998f..17c9de1 100644 wmb(); diff --git a/arch/x86/kernel/cpu/mtrr/main.c b/arch/x86/kernel/cpu/mtrr/main.c -index 6b96110..0da73eb 100644 +index 726bf96..81f0526 100644 --- a/arch/x86/kernel/cpu/mtrr/main.c +++ b/arch/x86/kernel/cpu/mtrr/main.c @@ -62,7 +62,7 @@ static DEFINE_MUTEX(mtrr_mutex); @@ -15831,10 +17050,10 @@ index df5e41f..816c719 100644 extern int generic_get_free_region(unsigned long base, unsigned long size, int replace_reg); diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c -index d18b2b8..d3b834c 100644 +index 6774c17..a691911 100644 --- a/arch/x86/kernel/cpu/perf_event.c +++ b/arch/x86/kernel/cpu/perf_event.c -@@ -1759,7 +1759,7 @@ static unsigned long get_segment_base(unsigned int segment) +@@ -1880,7 +1880,7 @@ static unsigned long get_segment_base(unsigned int segment) if (idx > GDT_ENTRIES) return 0; @@ -15843,7 +17062,7 @@ index d18b2b8..d3b834c 100644 } return get_desc_base(desc + idx); -@@ -1849,7 +1849,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) +@@ -1970,7 +1970,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) break; perf_callchain_store(entry, frame.return_address); @@ -15853,10 +17072,10 @@ index d18b2b8..d3b834c 100644 } diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c -index 324bb52..1a93d85 100644 +index 4914e94..60b06e3 100644 --- a/arch/x86/kernel/cpu/perf_event_intel.c +++ b/arch/x86/kernel/cpu/perf_event_intel.c -@@ -1949,10 +1949,10 @@ __init int intel_pmu_init(void) +@@ -1958,10 +1958,10 @@ __init int intel_pmu_init(void) * v2 and above have a perf capabilities MSR */ if (version > 1) { @@ -15870,11 +17089,37 @@ index 324bb52..1a93d85 100644 } intel_ds_init(); +diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c +index b43200d..62cddfe 100644 +--- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c ++++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c +@@ -2826,7 +2826,7 @@ static int + return NOTIFY_OK; + } + +-static struct notifier_block uncore_cpu_nb __cpuinitdata = { ++static struct notifier_block uncore_cpu_nb = { + .notifier_call = uncore_cpu_notifier, + /* + * to migrate uncore events, our notifier should be executed +diff --git a/arch/x86/kernel/cpuid.c b/arch/x86/kernel/cpuid.c +index 60c7891..9e911d3 100644 +--- a/arch/x86/kernel/cpuid.c ++++ b/arch/x86/kernel/cpuid.c +@@ -171,7 +171,7 @@ static int __cpuinit cpuid_class_cpu_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block __refdata cpuid_class_cpu_notifier = ++static struct notifier_block cpuid_class_cpu_notifier = + { + .notifier_call = cpuid_class_cpu_callback, + }; diff --git a/arch/x86/kernel/crash.c b/arch/x86/kernel/crash.c -index 13ad899..f642b9a 100644 +index 74467fe..18793d5 100644 --- a/arch/x86/kernel/crash.c +++ b/arch/x86/kernel/crash.c -@@ -36,10 +36,8 @@ static void kdump_nmi_callback(int cpu, struct pt_regs *regs) +@@ -58,10 +58,8 @@ static void kdump_nmi_callback(int cpu, struct pt_regs *regs) { #ifdef CONFIG_X86_32 struct pt_regs fixed_regs; @@ -16305,7 +17550,7 @@ index 9b9f18b..9fcaa04 100644 #include <asm/processor.h> #include <asm/fcntl.h> diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index cf8639b..6c6a674 100644 +index 6ed91d9..6cc365b 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S @@ -177,13 +177,153 @@ @@ -16779,7 +18024,7 @@ index cf8639b..6c6a674 100644 CFI_ENDPROC /* * End of kprobes section -@@ -772,8 +1004,15 @@ ENDPROC(ptregs_clone) +@@ -753,8 +985,15 @@ PTREGSCALL1(vm86old) * normal stack and adjusts ESP with the matching offset. */ /* fixup the stack */ @@ -16797,7 +18042,7 @@ index cf8639b..6c6a674 100644 shl $16, %eax addl %esp, %eax /* the adjusted stack pointer */ pushl_cfi $__KERNEL_DS -@@ -826,7 +1065,7 @@ vector=vector+1 +@@ -807,7 +1046,7 @@ vector=vector+1 .endr 2: jmp common_interrupt .endr @@ -16806,7 +18051,7 @@ index cf8639b..6c6a674 100644 .previous END(interrupt) -@@ -877,7 +1116,7 @@ ENTRY(coprocessor_error) +@@ -858,7 +1097,7 @@ ENTRY(coprocessor_error) pushl_cfi $do_coprocessor_error jmp error_code CFI_ENDPROC @@ -16815,7 +18060,7 @@ index cf8639b..6c6a674 100644 ENTRY(simd_coprocessor_error) RING0_INT_FRAME -@@ -899,7 +1138,7 @@ ENTRY(simd_coprocessor_error) +@@ -880,7 +1119,7 @@ ENTRY(simd_coprocessor_error) #endif jmp error_code CFI_ENDPROC @@ -16824,7 +18069,7 @@ index cf8639b..6c6a674 100644 ENTRY(device_not_available) RING0_INT_FRAME -@@ -908,18 +1147,18 @@ ENTRY(device_not_available) +@@ -889,18 +1128,18 @@ ENTRY(device_not_available) pushl_cfi $do_device_not_available jmp error_code CFI_ENDPROC @@ -16846,7 +18091,7 @@ index cf8639b..6c6a674 100644 #endif ENTRY(overflow) -@@ -929,7 +1168,7 @@ ENTRY(overflow) +@@ -910,7 +1149,7 @@ ENTRY(overflow) pushl_cfi $do_overflow jmp error_code CFI_ENDPROC @@ -16855,7 +18100,7 @@ index cf8639b..6c6a674 100644 ENTRY(bounds) RING0_INT_FRAME -@@ -938,7 +1177,7 @@ ENTRY(bounds) +@@ -919,7 +1158,7 @@ ENTRY(bounds) pushl_cfi $do_bounds jmp error_code CFI_ENDPROC @@ -16864,7 +18109,7 @@ index cf8639b..6c6a674 100644 ENTRY(invalid_op) RING0_INT_FRAME -@@ -947,7 +1186,7 @@ ENTRY(invalid_op) +@@ -928,7 +1167,7 @@ ENTRY(invalid_op) pushl_cfi $do_invalid_op jmp error_code CFI_ENDPROC @@ -16873,7 +18118,7 @@ index cf8639b..6c6a674 100644 ENTRY(coprocessor_segment_overrun) RING0_INT_FRAME -@@ -956,7 +1195,7 @@ ENTRY(coprocessor_segment_overrun) +@@ -937,7 +1176,7 @@ ENTRY(coprocessor_segment_overrun) pushl_cfi $do_coprocessor_segment_overrun jmp error_code CFI_ENDPROC @@ -16882,7 +18127,7 @@ index cf8639b..6c6a674 100644 ENTRY(invalid_TSS) RING0_EC_FRAME -@@ -964,7 +1203,7 @@ ENTRY(invalid_TSS) +@@ -945,7 +1184,7 @@ ENTRY(invalid_TSS) pushl_cfi $do_invalid_TSS jmp error_code CFI_ENDPROC @@ -16891,7 +18136,7 @@ index cf8639b..6c6a674 100644 ENTRY(segment_not_present) RING0_EC_FRAME -@@ -972,7 +1211,7 @@ ENTRY(segment_not_present) +@@ -953,7 +1192,7 @@ ENTRY(segment_not_present) pushl_cfi $do_segment_not_present jmp error_code CFI_ENDPROC @@ -16900,7 +18145,7 @@ index cf8639b..6c6a674 100644 ENTRY(stack_segment) RING0_EC_FRAME -@@ -980,7 +1219,7 @@ ENTRY(stack_segment) +@@ -961,7 +1200,7 @@ ENTRY(stack_segment) pushl_cfi $do_stack_segment jmp error_code CFI_ENDPROC @@ -16909,7 +18154,7 @@ index cf8639b..6c6a674 100644 ENTRY(alignment_check) RING0_EC_FRAME -@@ -988,7 +1227,7 @@ ENTRY(alignment_check) +@@ -969,7 +1208,7 @@ ENTRY(alignment_check) pushl_cfi $do_alignment_check jmp error_code CFI_ENDPROC @@ -16918,7 +18163,7 @@ index cf8639b..6c6a674 100644 ENTRY(divide_error) RING0_INT_FRAME -@@ -997,7 +1236,7 @@ ENTRY(divide_error) +@@ -978,7 +1217,7 @@ ENTRY(divide_error) pushl_cfi $do_divide_error jmp error_code CFI_ENDPROC @@ -16927,7 +18172,7 @@ index cf8639b..6c6a674 100644 #ifdef CONFIG_X86_MCE ENTRY(machine_check) -@@ -1007,7 +1246,7 @@ ENTRY(machine_check) +@@ -988,7 +1227,7 @@ ENTRY(machine_check) pushl_cfi machine_check_vector jmp error_code CFI_ENDPROC @@ -16936,7 +18181,7 @@ index cf8639b..6c6a674 100644 #endif ENTRY(spurious_interrupt_bug) -@@ -1017,7 +1256,7 @@ ENTRY(spurious_interrupt_bug) +@@ -998,7 +1237,7 @@ ENTRY(spurious_interrupt_bug) pushl_cfi $do_spurious_interrupt_bug jmp error_code CFI_ENDPROC @@ -16945,7 +18190,7 @@ index cf8639b..6c6a674 100644 /* * End of kprobes section */ -@@ -1120,7 +1359,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, +@@ -1101,7 +1340,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, ENTRY(mcount) ret @@ -16954,7 +18199,7 @@ index cf8639b..6c6a674 100644 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -1153,7 +1392,7 @@ ftrace_graph_call: +@@ -1134,7 +1373,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -16963,7 +18208,7 @@ index cf8639b..6c6a674 100644 ENTRY(ftrace_regs_caller) pushf /* push flags before compare (in cs location) */ -@@ -1254,7 +1493,7 @@ trace: +@@ -1235,7 +1474,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -16972,7 +18217,7 @@ index cf8639b..6c6a674 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -1272,7 +1511,7 @@ ENTRY(ftrace_graph_caller) +@@ -1253,7 +1492,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -16981,7 +18226,7 @@ index cf8639b..6c6a674 100644 .globl return_to_handler return_to_handler: -@@ -1328,15 +1567,18 @@ error_code: +@@ -1309,15 +1548,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -17002,7 +18247,7 @@ index cf8639b..6c6a674 100644 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1379,7 +1621,7 @@ debug_stack_correct: +@@ -1360,7 +1602,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -17011,7 +18256,7 @@ index cf8639b..6c6a674 100644 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1417,6 +1659,9 @@ nmi_stack_correct: +@@ -1398,6 +1640,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -17021,7 +18266,7 @@ index cf8639b..6c6a674 100644 jmp restore_all_notrace CFI_ENDPROC -@@ -1453,12 +1698,15 @@ nmi_espfix_stack: +@@ -1434,12 +1679,15 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx,%edx # zero error code call do_nmi @@ -17038,7 +18283,7 @@ index cf8639b..6c6a674 100644 ENTRY(int3) RING0_INT_FRAME -@@ -1471,14 +1719,14 @@ ENTRY(int3) +@@ -1452,14 +1700,14 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -17055,7 +18300,7 @@ index cf8639b..6c6a674 100644 #ifdef CONFIG_KVM_GUEST ENTRY(async_page_fault) -@@ -1487,7 +1735,7 @@ ENTRY(async_page_fault) +@@ -1468,7 +1716,7 @@ ENTRY(async_page_fault) pushl_cfi $do_async_page_fault jmp error_code CFI_ENDPROC @@ -17065,11 +18310,11 @@ index cf8639b..6c6a674 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index 1328fe4..cb03298 100644 +index cb3c591..bc63707 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -59,6 +59,8 @@ - #include <asm/rcu.h> + #include <asm/context_tracking.h> #include <asm/smap.h> #include <linux/err.h> +#include <asm/pgtable.h> @@ -17631,8 +18876,20 @@ index 1328fe4..cb03298 100644 +ENDPROC(\label) .endm - PTREGSCALL stub_clone, sys_clone, %r8 -@@ -860,9 +1158,10 @@ ENTRY(ptregscall_common) + .macro FORK_LIKE func +@@ -856,9 +1154,10 @@ ENTRY(stub_\func) + DEFAULT_FRAME 0 8 /* offset 8: return address */ + call sys_\func + RESTORE_TOP_OF_STACK %r11, 8 ++ pax_force_retaddr + ret $REST_SKIP /* pop extended registers */ + CFI_ENDPROC +-END(stub_\func) ++ENDPROC(stub_\func) + .endm + + FORK_LIKE clone +@@ -875,9 +1174,10 @@ ENTRY(ptregscall_common) movq_cfi_restore R12+8, r12 movq_cfi_restore RBP+8, rbp movq_cfi_restore RBX+8, rbx @@ -17644,7 +18901,7 @@ index 1328fe4..cb03298 100644 ENTRY(stub_execve) CFI_STARTPROC -@@ -876,7 +1175,7 @@ ENTRY(stub_execve) +@@ -891,7 +1191,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -17653,7 +18910,7 @@ index 1328fe4..cb03298 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -894,7 +1193,7 @@ ENTRY(stub_rt_sigreturn) +@@ -909,7 +1209,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -17661,8 +18918,8 @@ index 1328fe4..cb03298 100644 +ENDPROC(stub_rt_sigreturn) #ifdef CONFIG_X86_X32_ABI - PTREGSCALL stub_x32_sigaltstack, sys32_sigaltstack, %rdx -@@ -962,7 +1261,7 @@ vector=vector+1 + ENTRY(stub_x32_rt_sigreturn) +@@ -975,7 +1275,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -17671,7 +18928,7 @@ index 1328fe4..cb03298 100644 .previous END(interrupt) -@@ -982,6 +1281,16 @@ END(interrupt) +@@ -995,6 +1295,16 @@ END(interrupt) subq $ORIG_RAX-RBP, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP SAVE_ARGS_IRQ @@ -17688,7 +18945,7 @@ index 1328fe4..cb03298 100644 call \func .endm -@@ -1014,7 +1323,7 @@ ret_from_intr: +@@ -1027,7 +1337,7 @@ ret_from_intr: exit_intr: GET_THREAD_INFO(%rcx) @@ -17697,7 +18954,7 @@ index 1328fe4..cb03298 100644 je retint_kernel /* Interrupt came from user space */ -@@ -1036,12 +1345,16 @@ retint_swapgs: /* return to user-space */ +@@ -1049,12 +1359,16 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -17714,7 +18971,7 @@ index 1328fe4..cb03298 100644 /* * The iretq could re-enable interrupts: */ -@@ -1124,7 +1437,7 @@ ENTRY(retint_kernel) +@@ -1137,7 +1451,7 @@ ENTRY(retint_kernel) #endif CFI_ENDPROC @@ -17723,7 +18980,7 @@ index 1328fe4..cb03298 100644 /* * End of kprobes section */ -@@ -1142,7 +1455,7 @@ ENTRY(\sym) +@@ -1155,7 +1469,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -17732,7 +18989,7 @@ index 1328fe4..cb03298 100644 .endm #ifdef CONFIG_SMP -@@ -1198,12 +1511,22 @@ ENTRY(\sym) +@@ -1211,12 +1525,22 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -17756,7 +19013,7 @@ index 1328fe4..cb03298 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1216,15 +1539,25 @@ ENTRY(\sym) +@@ -1229,15 +1553,25 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -17784,7 +19041,7 @@ index 1328fe4..cb03298 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1235,14 +1568,30 @@ ENTRY(\sym) +@@ -1248,14 +1582,30 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF_DEBUG @@ -17816,7 +19073,7 @@ index 1328fe4..cb03298 100644 .endm .macro errorentry sym do_sym -@@ -1254,13 +1603,23 @@ ENTRY(\sym) +@@ -1267,13 +1617,23 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -17841,7 +19098,7 @@ index 1328fe4..cb03298 100644 .endm /* error code is on the stack already */ -@@ -1274,13 +1633,23 @@ ENTRY(\sym) +@@ -1287,13 +1647,23 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -17866,7 +19123,7 @@ index 1328fe4..cb03298 100644 .endm zeroentry divide_error do_divide_error -@@ -1310,9 +1679,10 @@ gs_change: +@@ -1323,9 +1693,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -17878,7 +19135,7 @@ index 1328fe4..cb03298 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1340,9 +1710,10 @@ ENTRY(call_softirq) +@@ -1353,9 +1724,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -17890,7 +19147,7 @@ index 1328fe4..cb03298 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1380,7 +1751,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1393,7 +1765,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -17899,7 +19156,7 @@ index 1328fe4..cb03298 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1439,7 +1810,7 @@ ENTRY(xen_failsafe_callback) +@@ -1452,7 +1824,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC @@ -17908,7 +19165,7 @@ index 1328fe4..cb03298 100644 apicinterrupt XEN_HVM_EVTCHN_CALLBACK \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1488,16 +1859,31 @@ ENTRY(paranoid_exit) +@@ -1501,16 +1873,31 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF_DEBUG testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -17941,7 +19198,7 @@ index 1328fe4..cb03298 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1526,7 +1912,7 @@ paranoid_schedule: +@@ -1539,7 +1926,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -17950,7 +19207,7 @@ index 1328fe4..cb03298 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1553,12 +1939,13 @@ ENTRY(error_entry) +@@ -1566,12 +1953,13 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -17965,7 +19222,7 @@ index 1328fe4..cb03298 100644 ret /* -@@ -1585,7 +1972,7 @@ bstep_iret: +@@ -1598,7 +1986,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -17974,7 +19231,7 @@ index 1328fe4..cb03298 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1605,7 +1992,7 @@ ENTRY(error_exit) +@@ -1618,7 +2006,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -17983,7 +19240,7 @@ index 1328fe4..cb03298 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1663,9 +2050,11 @@ ENTRY(nmi) +@@ -1676,9 +2064,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -17996,7 +19253,7 @@ index 1328fe4..cb03298 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1824,6 +2213,17 @@ end_repeat_nmi: +@@ -1847,6 +2237,17 @@ end_repeat_nmi: */ movq %cr2, %r12 @@ -18014,7 +19271,7 @@ index 1328fe4..cb03298 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1839,21 +2239,32 @@ end_repeat_nmi: +@@ -1862,23 +2263,34 @@ end_repeat_nmi: testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore nmi_swapgs: @@ -18024,16 +19281,18 @@ index 1328fe4..cb03298 100644 + pax_exit_kernel +#endif SWAPGS_UNSAFE_STACK -+ RESTORE_ALL 8 ++ RESTORE_ALL 6*8 + /* Clear the NMI executing stack variable */ -+ movq $0, 10*8(%rsp) ++ movq $0, 5*8(%rsp) + jmp irq_return nmi_restore: + pax_exit_kernel - RESTORE_ALL 8 + /* Pop the extra iret frame at once */ + RESTORE_ALL 6*8 + pax_force_retaddr_bts + /* Clear the NMI executing stack variable */ - movq $0, 10*8(%rsp) + movq $0, 5*8(%rsp) jmp irq_return CFI_ENDPROC -END(nmi) @@ -18139,7 +19398,7 @@ index c18f59d..9c0c9f6 100644 #ifdef CONFIG_BLK_DEV_INITRD /* Reserve INITRD */ diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S -index 4dac2f6..bc6a335 100644 +index c8932c7..d56b622 100644 --- a/arch/x86/kernel/head_32.S +++ b/arch/x86/kernel/head_32.S @@ -26,6 +26,12 @@ @@ -18309,7 +19568,7 @@ index 4dac2f6..bc6a335 100644 num_subarch_entries = (. - subarch_entries) / 4 .previous #else -@@ -316,6 +388,7 @@ default_entry: +@@ -335,6 +407,7 @@ default_entry: movl pa(mmu_cr4_features),%eax movl %eax,%cr4 @@ -18317,7 +19576,7 @@ index 4dac2f6..bc6a335 100644 testb $X86_CR4_PAE, %al # check if PAE is enabled jz 6f -@@ -344,6 +417,9 @@ default_entry: +@@ -363,6 +436,9 @@ default_entry: /* Make changes effective */ wrmsr @@ -18327,7 +19586,7 @@ index 4dac2f6..bc6a335 100644 6: /* -@@ -442,14 +518,20 @@ is386: movl $2,%ecx # set MP +@@ -460,14 +536,20 @@ is386: movl $2,%ecx # set MP 1: movl $(__KERNEL_DS),%eax # reload all the segment registers movl %eax,%ss # after changing gdt. @@ -18349,7 +19608,7 @@ index 4dac2f6..bc6a335 100644 movl %eax,%gs xorl %eax,%eax # Clear LDT -@@ -526,8 +608,11 @@ setup_once: +@@ -544,8 +626,11 @@ setup_once: * relocation. Manually set base address in stack canary * segment descriptor. */ @@ -18362,7 +19621,7 @@ index 4dac2f6..bc6a335 100644 movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax) shrl $16, %ecx movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax) -@@ -558,7 +643,7 @@ ENDPROC(early_idt_handlers) +@@ -576,7 +661,7 @@ ENDPROC(early_idt_handlers) /* This is global to keep gas from relaxing the jumps */ ENTRY(early_idt_handler) cld @@ -18371,7 +19630,7 @@ index 4dac2f6..bc6a335 100644 je hlt_loop incl %ss:early_recursion_flag -@@ -596,8 +681,8 @@ ENTRY(early_idt_handler) +@@ -614,8 +699,8 @@ ENTRY(early_idt_handler) pushl (20+6*4)(%esp) /* trapno */ pushl $fault_msg call printk @@ -18381,7 +19640,7 @@ index 4dac2f6..bc6a335 100644 hlt_loop: hlt jmp hlt_loop -@@ -616,8 +701,11 @@ ENDPROC(early_idt_handler) +@@ -634,8 +719,11 @@ ENDPROC(early_idt_handler) /* This is the default interrupt "handler" :-) */ ALIGN ignore_int: @@ -18394,7 +19653,7 @@ index 4dac2f6..bc6a335 100644 pushl %eax pushl %ecx pushl %edx -@@ -626,9 +714,6 @@ ignore_int: +@@ -644,9 +732,6 @@ ignore_int: movl $(__KERNEL_DS),%eax movl %eax,%ds movl %eax,%es @@ -18404,7 +19663,7 @@ index 4dac2f6..bc6a335 100644 pushl 16(%esp) pushl 24(%esp) pushl 32(%esp) -@@ -662,29 +747,43 @@ ENTRY(setup_once_ref) +@@ -680,29 +765,43 @@ ENTRY(setup_once_ref) /* * BSS section */ @@ -18453,7 +19712,7 @@ index 4dac2f6..bc6a335 100644 ENTRY(initial_page_table) .long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */ # if KPMDS == 3 -@@ -703,12 +802,20 @@ ENTRY(initial_page_table) +@@ -721,12 +820,20 @@ ENTRY(initial_page_table) # error "Kernel PMDs should be 1, 2 or 3" # endif .align PAGE_SIZE /* needs to be page-sized too */ @@ -18475,7 +19734,7 @@ index 4dac2f6..bc6a335 100644 __INITRODATA int_msg: -@@ -736,7 +843,7 @@ fault_msg: +@@ -754,7 +861,7 @@ fault_msg: * segment size, and 32-bit linear address value: */ @@ -18484,7 +19743,7 @@ index 4dac2f6..bc6a335 100644 .globl boot_gdt_descr .globl idt_descr -@@ -745,7 +852,7 @@ fault_msg: +@@ -763,7 +870,7 @@ fault_msg: .word 0 # 32 bit align gdt_desc.address boot_gdt_descr: .word __BOOT_DS+7 @@ -18493,7 +19752,7 @@ index 4dac2f6..bc6a335 100644 .word 0 # 32-bit align idt_desc.address idt_descr: -@@ -756,7 +863,7 @@ idt_descr: +@@ -774,7 +881,7 @@ idt_descr: .word 0 # 32 bit align gdt_desc.address ENTRY(early_gdt_descr) .word GDT_ENTRIES*8-1 @@ -18502,7 +19761,7 @@ index 4dac2f6..bc6a335 100644 /* * The boot_gdt must mirror the equivalent in setup.S and is -@@ -765,5 +872,65 @@ ENTRY(early_gdt_descr) +@@ -783,5 +890,65 @@ ENTRY(early_gdt_descr) .align L1_CACHE_BYTES ENTRY(boot_gdt) .fill GDT_ENTRY_BOOT_CS,8,0 @@ -18571,7 +19830,7 @@ index 4dac2f6..bc6a335 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index 94bf9cc..400455a 100644 +index 980053c..74d3b44 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -20,6 +20,8 @@ @@ -18681,7 +19940,7 @@ index 94bf9cc..400455a 100644 movq initial_code(%rip),%rax pushq $0 # fake return address to stop unwinder pushq $__KERNEL_CS # set correct cs -@@ -268,7 +273,7 @@ ENTRY(secondary_startup_64) +@@ -284,7 +289,7 @@ ENDPROC(start_cpu0) bad_address: jmp bad_address @@ -18690,7 +19949,16 @@ index 94bf9cc..400455a 100644 .globl early_idt_handlers early_idt_handlers: # 104(%rsp) %rflags -@@ -347,11 +352,15 @@ ENTRY(early_idt_handler) +@@ -343,7 +348,7 @@ ENTRY(early_idt_handler) + call dump_stack + #ifdef CONFIG_KALLSYMS + leaq early_idt_ripmsg(%rip),%rdi +- movq 40(%rsp),%rsi # %rip again ++ movq 88(%rsp),%rsi # %rip again + call __print_symbol + #endif + #endif /* EARLY_PRINTK */ +@@ -363,11 +368,15 @@ ENTRY(early_idt_handler) addq $16,%rsp # drop vector number and error code decl early_recursion_flag(%rip) INTERRUPT_RETURN @@ -18706,7 +19974,7 @@ index 94bf9cc..400455a 100644 #ifdef CONFIG_EARLY_PRINTK early_idt_msg: .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n" -@@ -360,6 +369,7 @@ early_idt_ripmsg: +@@ -376,6 +385,7 @@ early_idt_ripmsg: #endif /* CONFIG_EARLY_PRINTK */ .previous @@ -18714,7 +19982,7 @@ index 94bf9cc..400455a 100644 #define NEXT_PAGE(name) \ .balign PAGE_SIZE; \ ENTRY(name) -@@ -372,7 +382,6 @@ ENTRY(name) +@@ -388,7 +398,6 @@ ENTRY(name) i = i + 1 ; \ .endr @@ -18722,7 +19990,7 @@ index 94bf9cc..400455a 100644 /* * This default setting generates an ident mapping at address 0x100000 * and a mapping for the kernel that precisely maps virtual address -@@ -383,13 +392,41 @@ NEXT_PAGE(init_level4_pgt) +@@ -399,13 +408,41 @@ NEXT_PAGE(init_level4_pgt) .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE .org init_level4_pgt + L4_PAGE_OFFSET*8, 0 .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE @@ -18764,7 +20032,7 @@ index 94bf9cc..400455a 100644 NEXT_PAGE(level3_kernel_pgt) .fill L3_START_KERNEL,8,0 -@@ -397,20 +434,23 @@ NEXT_PAGE(level3_kernel_pgt) +@@ -413,20 +450,23 @@ NEXT_PAGE(level3_kernel_pgt) .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -18796,7 +20064,7 @@ index 94bf9cc..400455a 100644 NEXT_PAGE(level2_kernel_pgt) /* -@@ -423,37 +463,59 @@ NEXT_PAGE(level2_kernel_pgt) +@@ -439,37 +479,59 @@ NEXT_PAGE(level2_kernel_pgt) * If you want to increase this then increase MODULES_VADDR * too.) */ @@ -18893,7 +20161,7 @@ index 9c3bd4a..e1d9b35 100644 +EXPORT_SYMBOL(__LOAD_PHYSICAL_ADDR); +#endif diff --git a/arch/x86/kernel/i387.c b/arch/x86/kernel/i387.c -index 675a050..95febfd 100644 +index 245a71d..89d9ce4 100644 --- a/arch/x86/kernel/i387.c +++ b/arch/x86/kernel/i387.c @@ -55,7 +55,7 @@ static inline bool interrupted_kernel_fpu_idle(void) @@ -19440,6 +20708,19 @@ index 57916c0..9e0b9d0 100644 return ret; switch (val) { +diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c +index 9c2bd8b..bb1131c 100644 +--- a/arch/x86/kernel/kvm.c ++++ b/arch/x86/kernel/kvm.c +@@ -452,7 +452,7 @@ static int __cpuinit kvm_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata kvm_cpu_notifier = { ++static struct notifier_block kvm_cpu_notifier = { + .notifier_call = kvm_cpu_notify, + }; + #endif diff --git a/arch/x86/kernel/ldt.c b/arch/x86/kernel/ldt.c index ebc9873..1b9724b 100644 --- a/arch/x86/kernel/ldt.c @@ -19539,6 +20820,19 @@ index 5b19e4d..6476a76 100644 relocate_kernel_ptr = control_page; page_list[PA_CONTROL_PAGE] = __pa(control_page); +diff --git a/arch/x86/kernel/microcode_core.c b/arch/x86/kernel/microcode_core.c +index 3a04b22..1d2eb09 100644 +--- a/arch/x86/kernel/microcode_core.c ++++ b/arch/x86/kernel/microcode_core.c +@@ -512,7 +512,7 @@ mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu) + return NOTIFY_OK; + } + +-static struct notifier_block __refdata mc_cpu_notifier = { ++static struct notifier_block mc_cpu_notifier = { + .notifier_call = mc_cpu_callback, + }; + diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/microcode_intel.c index 3544aed..01ddc1c 100644 --- a/arch/x86/kernel/microcode_intel.c @@ -19696,6 +20990,19 @@ index 216a4d7..228255a 100644 #if 0 if ((s64)val != *(s32 *)loc) goto overflow; +diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c +index 4929502..686c291 100644 +--- a/arch/x86/kernel/msr.c ++++ b/arch/x86/kernel/msr.c +@@ -234,7 +234,7 @@ static int __cpuinit msr_class_cpu_callback(struct notifier_block *nfb, + return notifier_from_errno(err); + } + +-static struct notifier_block __refdata msr_class_cpu_notifier = { ++static struct notifier_block msr_class_cpu_notifier = { + .notifier_call = msr_class_cpu_callback, + }; + diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c index f84f5c5..e27e54b 100644 --- a/arch/x86/kernel/nmi.c @@ -19880,7 +21187,7 @@ index 35ccf75..7a15747 100644 #define DEBUG 1 diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index b644e1c..4a6d379 100644 +index 2ed787f..f70c9f6 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -36,7 +36,8 @@ @@ -19930,7 +21237,7 @@ index b644e1c..4a6d379 100644 flush_ptrace_hw_breakpoint(tsk); memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array)); drop_init_fpu(tsk); -@@ -336,7 +340,7 @@ static void __exit_idle(void) +@@ -301,7 +305,7 @@ static void __exit_idle(void) void exit_idle(void) { /* idle loop has pid 0 */ @@ -19939,7 +21246,7 @@ index b644e1c..4a6d379 100644 return; __exit_idle(); } -@@ -445,7 +449,7 @@ bool set_pm_idle_to_default(void) +@@ -404,7 +408,7 @@ bool set_pm_idle_to_default(void) return ret; } @@ -19948,7 +21255,7 @@ index b644e1c..4a6d379 100644 { local_irq_disable(); /* -@@ -673,16 +677,37 @@ static int __init idle_setup(char *str) +@@ -632,16 +636,37 @@ static int __init idle_setup(char *str) } early_param("idle", idle_setup); @@ -19997,7 +21304,7 @@ index b644e1c..4a6d379 100644 +} +#endif diff --git a/arch/x86/kernel/process_32.c b/arch/x86/kernel/process_32.c -index 44e0bff..5ceb99c 100644 +index b5a8905..d9cacac 100644 --- a/arch/x86/kernel/process_32.c +++ b/arch/x86/kernel/process_32.c @@ -65,6 +65,7 @@ asmlinkage void ret_from_kernel_thread(void) __asm__("ret_from_kernel_thread"); @@ -20033,9 +21340,9 @@ index 44e0bff..5ceb99c 100644 print_symbol("EIP is at %s\n", regs->ip); printk(KERN_DEFAULT "EAX: %08lx EBX: %08lx ECX: %08lx EDX: %08lx\n", -@@ -131,20 +131,21 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, - unsigned long arg, - struct task_struct *p, struct pt_regs *regs) +@@ -130,20 +130,21 @@ void release_thread(struct task_struct *dead_task) + int copy_thread(unsigned long clone_flags, unsigned long sp, + unsigned long arg, struct task_struct *p) { - struct pt_regs *childregs = task_pt_regs(p); + struct pt_regs *childregs = task_stack_page(p) + THREAD_SIZE - sizeof(struct pt_regs) - 8; @@ -20046,7 +21353,7 @@ index 44e0bff..5ceb99c 100644 p->thread.sp0 = (unsigned long) (childregs+1); + p->tinfo.lowest_stack = (unsigned long)task_stack_page(p); - if (unlikely(!regs)) { + if (unlikely(p->flags & PF_KTHREAD)) { /* kernel thread */ memset(childregs, 0, sizeof(struct pt_regs)); p->thread.ip = (unsigned long) ret_from_kernel_thread; @@ -20104,10 +21411,10 @@ index 44e0bff..5ceb99c 100644 } - diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c -index 16c6365..5d32218 100644 +index 6e68a61..955a9a5 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c -@@ -153,10 +153,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, +@@ -152,10 +152,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, struct pt_regs *childregs; struct task_struct *me = current; @@ -20158,10 +21465,10 @@ index 16c6365..5d32218 100644 ip = *(u64 *)(fp+8); if (!in_sched_functions(ip)) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c -index 974b67e..53bdb6c 100644 +index b629bbe..0fa615a 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c -@@ -183,14 +183,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs) +@@ -184,14 +184,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs) { unsigned long context = (unsigned long)regs & ~(THREAD_SIZE - 1); unsigned long sp = (unsigned long)®s->sp; @@ -20180,7 +21487,7 @@ index 974b67e..53bdb6c 100644 return (unsigned long)regs; } -@@ -587,7 +586,7 @@ static void ptrace_triggered(struct perf_event *bp, +@@ -588,7 +587,7 @@ static void ptrace_triggered(struct perf_event *bp, static unsigned long ptrace_get_dr7(struct perf_event *bp[]) { int i; @@ -20189,7 +21496,7 @@ index 974b67e..53bdb6c 100644 struct arch_hw_breakpoint *info; for (i = 0; i < HBP_NUM; i++) { -@@ -855,7 +854,7 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -856,7 +855,7 @@ long arch_ptrace(struct task_struct *child, long request, unsigned long addr, unsigned long data) { int ret; @@ -20198,7 +21505,7 @@ index 974b67e..53bdb6c 100644 switch (request) { /* read the word at location addr in the USER area. */ -@@ -940,14 +939,14 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -941,14 +940,14 @@ long arch_ptrace(struct task_struct *child, long request, if ((int) addr < 0) return -EIO; ret = do_get_thread_area(child, addr, @@ -20215,7 +21522,7 @@ index 974b67e..53bdb6c 100644 break; #endif -@@ -1325,7 +1324,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request, +@@ -1326,7 +1325,7 @@ long compat_arch_ptrace(struct task_struct *child, compat_long_t request, #ifdef CONFIG_X86_64 @@ -20224,7 +21531,7 @@ index 974b67e..53bdb6c 100644 [REGSET_GENERAL] = { .core_note_type = NT_PRSTATUS, .n = sizeof(struct user_regs_struct) / sizeof(long), -@@ -1366,7 +1365,7 @@ static const struct user_regset_view user_x86_64_view = { +@@ -1367,7 +1366,7 @@ static const struct user_regset_view user_x86_64_view = { #endif /* CONFIG_X86_64 */ #if defined CONFIG_X86_32 || defined CONFIG_IA32_EMULATION @@ -20233,7 +21540,7 @@ index 974b67e..53bdb6c 100644 [REGSET_GENERAL] = { .core_note_type = NT_PRSTATUS, .n = sizeof(struct user_regs_struct32) / sizeof(u32), -@@ -1419,7 +1418,7 @@ static const struct user_regset_view user_x86_32_view = { +@@ -1420,7 +1419,7 @@ static const struct user_regset_view user_x86_32_view = { */ u64 xstate_fx_sw_bytes[USER_XSTATE_FX_SW_WORDS]; @@ -20242,7 +21549,7 @@ index 974b67e..53bdb6c 100644 { #ifdef CONFIG_X86_64 x86_64_regsets[REGSET_XSTATE].n = size / sizeof(u64); -@@ -1454,7 +1453,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, +@@ -1455,7 +1454,7 @@ static void fill_sigtrap_info(struct task_struct *tsk, memset(info, 0, sizeof(*info)); info->si_signo = SIGTRAP; info->si_code = si_code; @@ -20251,7 +21558,7 @@ index 974b67e..53bdb6c 100644 } void user_single_step_siginfo(struct task_struct *tsk, -@@ -1483,6 +1482,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, +@@ -1484,6 +1483,10 @@ void send_sigtrap(struct task_struct *tsk, struct pt_regs *regs, # define IS_IA32 0 #endif @@ -20262,9 +21569,9 @@ index 974b67e..53bdb6c 100644 /* * We must return the syscall number to actually look up in the table. * This can be -1L to skip running any syscall at all. -@@ -1493,6 +1496,11 @@ long syscall_trace_enter(struct pt_regs *regs) +@@ -1494,6 +1497,11 @@ long syscall_trace_enter(struct pt_regs *regs) - rcu_user_exit(); + user_exit(); +#ifdef CONFIG_GRKERNSEC_SETXID + if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) @@ -20274,9 +21581,9 @@ index 974b67e..53bdb6c 100644 /* * If we stepped into a sysenter/syscall insn, it trapped in * kernel mode; do_debug() cleared TF and set TIF_SINGLESTEP. -@@ -1548,6 +1556,11 @@ void syscall_trace_leave(struct pt_regs *regs) +@@ -1549,6 +1557,11 @@ void syscall_trace_leave(struct pt_regs *regs) */ - rcu_user_exit(); + user_exit(); +#ifdef CONFIG_GRKERNSEC_SETXID + if (unlikely(test_and_clear_thread_flag(TIF_GRSEC_SETXID))) @@ -20287,10 +21594,10 @@ index 974b67e..53bdb6c 100644 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/x86/kernel/pvclock.c b/arch/x86/kernel/pvclock.c -index 42eb330..139955c 100644 +index 85c3959..76b89f9 100644 --- a/arch/x86/kernel/pvclock.c +++ b/arch/x86/kernel/pvclock.c -@@ -81,11 +81,11 @@ unsigned long pvclock_tsc_khz(struct pvclock_vcpu_time_info *src) +@@ -43,11 +43,11 @@ unsigned long pvclock_tsc_khz(struct pvclock_vcpu_time_info *src) return pv_tsc_khz; } @@ -20303,8 +21610,8 @@ index 42eb330..139955c 100644 + atomic64_set_unchecked(&last_value, 0); } - cycle_t pvclock_clocksource_read(struct pvclock_vcpu_time_info *src) -@@ -121,11 +121,11 @@ cycle_t pvclock_clocksource_read(struct pvclock_vcpu_time_info *src) + u8 pvclock_read_flags(struct pvclock_vcpu_time_info *src) +@@ -92,11 +92,11 @@ cycle_t pvclock_clocksource_read(struct pvclock_vcpu_time_info *src) * updating at the same time, and one of them could be slightly behind, * making the assumption that last_value always go forward fail to hold. */ @@ -20458,10 +21765,10 @@ index 7a6f3b3..bed145d7 100644 1: diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index aeacb0e..f9d4c02 100644 +index 8b24289..d37b58b 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -441,7 +441,7 @@ static void __init parse_setup_data(void) +@@ -437,7 +437,7 @@ static void __init parse_setup_data(void) switch (data->type) { case SETUP_E820_EXT: @@ -20470,7 +21777,7 @@ index aeacb0e..f9d4c02 100644 break; case SETUP_DTB: add_dtb(pa_data); -@@ -710,7 +710,7 @@ static void __init trim_bios_range(void) +@@ -706,7 +706,7 @@ static void __init trim_bios_range(void) * area (640->1Mb) as ram even though it is not. * take them out. */ @@ -20479,7 +21786,7 @@ index aeacb0e..f9d4c02 100644 sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map); } -@@ -834,14 +834,14 @@ void __init setup_arch(char **cmdline_p) +@@ -830,14 +830,14 @@ void __init setup_arch(char **cmdline_p) if (!boot_params.hdr.root_flags) root_mountflags &= ~MS_RDONLY; @@ -20567,10 +21874,10 @@ index 5cdff03..5810740 100644 * Up to this point, the boot CPU has been using .init.data * area. Reload any changed state for the boot CPU. diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c -index 70b27ee..fcf827f 100644 +index d6bf1f3..3ffce5a 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c -@@ -195,7 +195,7 @@ static unsigned long align_sigframe(unsigned long sp) +@@ -196,7 +196,7 @@ static unsigned long align_sigframe(unsigned long sp) * Align the stack pointer according to the i386 ABI, * i.e. so that on function entry ((sp + 4) & 15) == 0. */ @@ -20579,7 +21886,7 @@ index 70b27ee..fcf827f 100644 #else /* !CONFIG_X86_32 */ sp = round_down(sp, 16) - 8; #endif -@@ -303,9 +303,9 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, +@@ -304,9 +304,9 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, } if (current->mm->context.vdso) @@ -20591,7 +21898,7 @@ index 70b27ee..fcf827f 100644 if (ka->sa.sa_flags & SA_RESTORER) restorer = ka->sa.sa_restorer; -@@ -319,7 +319,7 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, +@@ -320,7 +320,7 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, * reasons and because gdb uses it as a signature to notice * signal handler stack frames. */ @@ -20600,8 +21907,8 @@ index 70b27ee..fcf827f 100644 if (err) return -EFAULT; -@@ -369,7 +369,10 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, - put_user_ex(current->sas_ss_size, &frame->uc.uc_stack.ss_size); +@@ -367,7 +367,10 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, + err |= __save_altstack(&frame->uc.uc_stack, regs->sp); /* Set up to return from userspace. */ - restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn); @@ -20612,7 +21919,7 @@ index 70b27ee..fcf827f 100644 if (ka->sa.sa_flags & SA_RESTORER) restorer = ka->sa.sa_restorer; put_user_ex(restorer, &frame->pretcode); -@@ -381,7 +384,7 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -379,7 +382,7 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, * reasons and because gdb uses it as a signature to notice * signal handler stack frames. */ @@ -20635,10 +21942,10 @@ index 48d2b7d..90d328a 100644 .smp_prepare_cpus = native_smp_prepare_cpus, .smp_cpus_done = native_smp_cpus_done, diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index f3e2ec8..ad5287a 100644 +index ed0fe38..87fc692 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c -@@ -673,6 +673,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -748,6 +748,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) idle->thread.sp = (unsigned long) (((struct pt_regs *) (THREAD_SIZE + task_stack_page(idle))) - 1); per_cpu(current_task, cpu) = idle; @@ -20646,7 +21953,7 @@ index f3e2ec8..ad5287a 100644 #ifdef CONFIG_X86_32 /* Stack for startup_32 can be just as for start_secondary onwards */ -@@ -680,11 +681,13 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) +@@ -755,11 +756,13 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) #else clear_tsk_thread_flag(idle, TIF_FORK); initial_gs = per_cpu_offset(cpu); @@ -20663,7 +21970,7 @@ index f3e2ec8..ad5287a 100644 initial_code = (unsigned long)start_secondary; stack_start = idle->thread.sp; -@@ -823,6 +826,15 @@ int __cpuinit native_cpu_up(unsigned int cpu, struct task_struct *tidle) +@@ -908,6 +911,15 @@ int __cpuinit native_cpu_up(unsigned int cpu, struct task_struct *tidle) /* the FPU context is blank, nobody can own it */ __cpu_disable_lazy_restore(cpu); @@ -20972,10 +22279,10 @@ index 0000000..26bb1af + return addr; +} diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c -index b4d3c39..d699d77 100644 +index 97ef74b..57a1882 100644 --- a/arch/x86/kernel/sys_x86_64.c +++ b/arch/x86/kernel/sys_x86_64.c -@@ -95,8 +95,8 @@ out: +@@ -81,8 +81,8 @@ out: return error; } @@ -20986,7 +22293,7 @@ index b4d3c39..d699d77 100644 { if (!test_thread_flag(TIF_ADDR32) && (flags & MAP_32BIT)) { unsigned long new_begin; -@@ -115,7 +115,7 @@ static void find_start_end(unsigned long flags, unsigned long *begin, +@@ -101,7 +101,7 @@ static void find_start_end(unsigned long flags, unsigned long *begin, *begin = new_begin; } } else { @@ -20995,9 +22302,9 @@ index b4d3c39..d699d77 100644 *end = TASK_SIZE; } } -@@ -128,20 +128,24 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -114,20 +114,24 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, struct vm_area_struct *vma; - unsigned long start_addr; + struct vm_unmapped_area_info info; unsigned long begin, end; + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); @@ -21022,27 +22329,8 @@ index b4d3c39..d699d77 100644 + if (end - len >= addr && check_heap_stack_gap(vma, addr, len, offset)) return addr; } - if (((flags & MAP_32BIT) || test_thread_flag(TIF_ADDR32)) -@@ -172,7 +176,7 @@ full_search: - } - return -ENOMEM; - } -- if (!vma || addr + len <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr, len, offset)) { - /* - * Remember the place where we stopped the search: - */ -@@ -195,7 +199,8 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, - { - struct vm_area_struct *vma; - struct mm_struct *mm = current->mm; -- unsigned long addr = addr0, start_addr; -+ unsigned long base = mm->mmap_base, addr = addr0, start_addr; -+ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); - /* requested length too big for entire address space */ - if (len > TASK_SIZE) -@@ -208,13 +213,18 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -161,6 +165,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (!test_thread_flag(TIF_ADDR32) && (flags & MAP_32BIT)) goto bottomup; @@ -21053,64 +22341,8 @@ index b4d3c39..d699d77 100644 /* requesting a specific address */ if (addr) { addr = PAGE_ALIGN(addr); -- vma = find_vma(mm, addr); -- if (TASK_SIZE - len >= addr && -- (!vma || addr + len <= vma->vm_start)) -- return addr; -+ if (TASK_SIZE - len >= addr) { -+ vma = find_vma(mm, addr); -+ if (check_heap_stack_gap(vma, addr, len, offset)) -+ return addr; -+ } - } - - /* check if free_area_cache is useful for us */ -@@ -240,7 +250,7 @@ try_again: - * return with success: - */ - vma = find_vma(mm, addr); -- if (!vma || addr+len <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr, len, offset)) - /* remember the address as a hint for next time */ - return mm->free_area_cache = addr; - -@@ -249,8 +259,8 @@ try_again: - mm->cached_hole_size = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = vma->vm_start-len; -- } while (len < vma->vm_start); -+ addr = skip_heap_stack_gap(vma, len, offset); -+ } while (!IS_ERR_VALUE(addr)); - - fail: - /* -@@ -270,13 +280,21 @@ bottomup: - * can happen with large stack limits and large mmap() - * allocations. - */ -+ mm->mmap_base = TASK_UNMAPPED_BASE; -+ -+#ifdef CONFIG_PAX_RANDMMAP -+ if (mm->pax_flags & MF_PAX_RANDMMAP) -+ mm->mmap_base += mm->delta_mmap; -+#endif -+ -+ mm->free_area_cache = mm->mmap_base; - mm->cached_hole_size = ~0UL; -- mm->free_area_cache = TASK_UNMAPPED_BASE; - addr = arch_get_unmapped_area(filp, addr0, len, pgoff, flags); - /* - * Restore the topdown base: - */ -- mm->free_area_cache = mm->mmap_base; -+ mm->mmap_base = base; -+ mm->free_area_cache = base; - mm->cached_hole_size = ~0UL; - - return addr; diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c -index f84fe00..93fe08f 100644 +index f84fe00..f41d9f1 100644 --- a/arch/x86/kernel/tboot.c +++ b/arch/x86/kernel/tboot.c @@ -220,7 +220,7 @@ static int tboot_setup_sleep(void) @@ -21140,7 +22372,7 @@ index f84fe00..93fe08f 100644 static int tboot_wait_for_aps(int num_aps) { -@@ -324,9 +324,9 @@ static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb, +@@ -324,16 +324,16 @@ static int __cpuinit tboot_cpu_callback(struct notifier_block *nfb, { switch (action) { case CPU_DYING: @@ -21152,6 +22384,14 @@ index f84fe00..93fe08f 100644 return NOTIFY_BAD; break; } + return NOTIFY_OK; + } + +-static struct notifier_block tboot_cpu_notifier __cpuinitdata = ++static struct notifier_block tboot_cpu_notifier = + { + .notifier_call = tboot_cpu_callback, + }; @@ -345,7 +345,7 @@ static __init int tboot_late_init(void) tboot_create_trampoline(); @@ -21221,13 +22461,13 @@ index 9d9d2f9..cad418a 100644 else info = infobuf; diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index 8276dc6..4ca48a2 100644 +index ecffca1..95c4d13 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c -@@ -71,12 +71,6 @@ asmlinkage int system_call(void); +@@ -68,12 +68,6 @@ + #include <asm/setup.h> - /* Do we ignore FPU interrupts ? */ - char ignore_fpu_irq; + asmlinkage int system_call(void); - -/* - * The IDT has to be page-aligned to simplify the Pentium @@ -21237,7 +22477,7 @@ index 8276dc6..4ca48a2 100644 #endif DECLARE_BITMAP(used_vectors, NR_VECTORS); -@@ -109,11 +103,11 @@ static inline void preempt_conditional_cli(struct pt_regs *regs) +@@ -106,11 +100,11 @@ static inline void preempt_conditional_cli(struct pt_regs *regs) } static int __kprobes @@ -21251,7 +22491,7 @@ index 8276dc6..4ca48a2 100644 /* * Traps 0, 1, 3, 4, and 5 should be forwarded to vm86. * On nmi (interrupt 2), do_trap should not be called. -@@ -126,12 +120,24 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str, +@@ -123,12 +117,24 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str, return -1; } #endif @@ -21277,7 +22517,7 @@ index 8276dc6..4ca48a2 100644 return 0; } -@@ -139,7 +145,7 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str, +@@ -136,7 +142,7 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str, } static void __kprobes @@ -21286,7 +22526,7 @@ index 8276dc6..4ca48a2 100644 long error_code, siginfo_t *info) { struct task_struct *tsk = current; -@@ -163,7 +169,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs, +@@ -160,7 +166,7 @@ do_trap(int trapnr, int signr, char *str, struct pt_regs *regs, if (show_unhandled_signals && unhandled_signal(tsk, signr) && printk_ratelimit()) { pr_info("%s[%d] trap %s ip:%lx sp:%lx error:%lx", @@ -21295,7 +22535,7 @@ index 8276dc6..4ca48a2 100644 regs->ip, regs->sp, error_code); print_vma_addr(" in ", regs->ip); pr_cont("\n"); -@@ -269,7 +275,7 @@ do_general_protection(struct pt_regs *regs, long error_code) +@@ -266,7 +272,7 @@ do_general_protection(struct pt_regs *regs, long error_code) conditional_sti(regs); #ifdef CONFIG_X86_32 @@ -21304,7 +22544,7 @@ index 8276dc6..4ca48a2 100644 local_irq_enable(); handle_vm86_fault((struct kernel_vm86_regs *) regs, error_code); goto exit; -@@ -277,18 +283,42 @@ do_general_protection(struct pt_regs *regs, long error_code) +@@ -274,18 +280,42 @@ do_general_protection(struct pt_regs *regs, long error_code) #endif tsk = current; @@ -21349,7 +22589,7 @@ index 8276dc6..4ca48a2 100644 tsk->thread.error_code = error_code; tsk->thread.trap_nr = X86_TRAP_GP; -@@ -443,7 +473,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -440,7 +470,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) /* It's safe to allow irq's after DR6 has been saved */ preempt_conditional_sti(regs); @@ -21358,7 +22598,7 @@ index 8276dc6..4ca48a2 100644 handle_vm86_trap((struct kernel_vm86_regs *) regs, error_code, X86_TRAP_DB); preempt_conditional_cli(regs); -@@ -458,7 +488,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) +@@ -455,7 +485,7 @@ dotraplinkage void __kprobes do_debug(struct pt_regs *regs, long error_code) * We already checked v86 mode above, so we can check for kernel mode * by just checking the CPL of CS. */ @@ -21367,7 +22607,7 @@ index 8276dc6..4ca48a2 100644 tsk->thread.debugreg6 &= ~DR_STEP; set_tsk_thread_flag(tsk, TIF_SINGLESTEP); regs->flags &= ~X86_EFLAGS_TF; -@@ -490,7 +520,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) +@@ -487,7 +517,7 @@ void math_error(struct pt_regs *regs, int error_code, int trapnr) return; conditional_sti(regs); @@ -21377,10 +22617,10 @@ index 8276dc6..4ca48a2 100644 if (!fixup_exception(regs)) { task->thread.error_code = error_code; diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c -index aafa555..a04691a 100644 +index c71025b..b117501 100644 --- a/arch/x86/kernel/uprobes.c +++ b/arch/x86/kernel/uprobes.c -@@ -614,7 +614,7 @@ int arch_uprobe_exception_notify(struct notifier_block *self, unsigned long val, +@@ -629,7 +629,7 @@ int arch_uprobe_exception_notify(struct notifier_block *self, unsigned long val, int ret = NOTIFY_DONE; /* We are only interested in userspace traps */ @@ -21402,7 +22642,7 @@ index b9242ba..50c5edd 100644 * verify_cpu, returns the status of longmode and SSE in register %eax. * 0: Success 1: Failure diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c -index 5c9687b..5f857d3 100644 +index 1dfe69c..a3df6f6 100644 --- a/arch/x86/kernel/vm86_32.c +++ b/arch/x86/kernel/vm86_32.c @@ -43,6 +43,7 @@ @@ -21735,7 +22975,7 @@ index 22a1530..8fbaaad 100644 #ifdef CONFIG_SMP diff --git a/arch/x86/kernel/vsyscall_64.c b/arch/x86/kernel/vsyscall_64.c -index 3a3e8c9..1af9465 100644 +index 9a907a6..f83f921 100644 --- a/arch/x86/kernel/vsyscall_64.c +++ b/arch/x86/kernel/vsyscall_64.c @@ -56,15 +56,13 @@ @@ -21755,7 +22995,7 @@ index 3a3e8c9..1af9465 100644 else if (!strcmp("none", str)) vsyscall_mode = NONE; else -@@ -315,8 +313,7 @@ done: +@@ -323,8 +321,7 @@ do_ret: return true; sigsegv: @@ -21765,7 +23005,7 @@ index 3a3e8c9..1af9465 100644 } /* -@@ -369,10 +366,7 @@ void __init map_vsyscall(void) +@@ -377,10 +374,7 @@ void __init map_vsyscall(void) extern char __vvar_page; unsigned long physaddr_vvar_page = __pa_symbol(&__vvar_page); @@ -21850,7 +23090,7 @@ index ada87a3..afea76d 100644 if ((unsigned long)buf % 64 || fx_only) { u64 init_bv = pcntxt_mask & ~XSTATE_FPSSE; diff --git a/arch/x86/kvm/cpuid.c b/arch/x86/kvm/cpuid.c -index ec79e77..420f5cc 100644 +index a20ecb5..d0e2194 100644 --- a/arch/x86/kvm/cpuid.c +++ b/arch/x86/kvm/cpuid.c @@ -124,15 +124,20 @@ int kvm_vcpu_ioctl_set_cpuid2(struct kvm_vcpu *vcpu, @@ -21901,7 +23141,7 @@ index ec79e77..420f5cc 100644 out: diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index bba39bf..296540a 100644 +index a27e763..54bfe43 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c @@ -292,6 +292,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) @@ -21930,7 +23170,7 @@ index bba39bf..296540a 100644 case 1: \ ____emulate_2op(ctxt,_op,_bx,_by,"b",u8); \ diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index 43e9fad..3b7c059 100644 +index 9392f52..0e56d77 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -55,7 +55,7 @@ @@ -21943,7 +23183,7 @@ index 43e9fad..3b7c059 100644 #define APIC_LVT_NUM 6 /* 14 is the version for Xeon and Pentium 8.4.8*/ diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h -index 714e2c0..3f7a086 100644 +index 891eb6d..e027900 100644 --- a/arch/x86/kvm/paging_tmpl.h +++ b/arch/x86/kvm/paging_tmpl.h @@ -208,7 +208,7 @@ retry_walk: @@ -21956,10 +23196,10 @@ index 714e2c0..3f7a086 100644 goto error; walker->ptep_user[walker->level - 1] = ptep_user; diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index d017df3..61ae42e 100644 +index d29d3cd..ec9d522 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c -@@ -3500,7 +3500,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) +@@ -3507,7 +3507,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) int cpu = raw_smp_processor_id(); struct svm_cpu_data *sd = per_cpu(svm_data, cpu); @@ -21971,7 +23211,7 @@ index d017df3..61ae42e 100644 load_TR_desc(); } -@@ -3874,6 +3878,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) +@@ -3881,6 +3885,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) #endif #endif @@ -21983,10 +23223,10 @@ index d017df3..61ae42e 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index f858159..4ab7dba 100644 +index 9120ae1..238abc0 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c -@@ -1332,7 +1332,11 @@ static void reload_tss(void) +@@ -1370,7 +1370,11 @@ static void reload_tss(void) struct desc_struct *descs; descs = (void *)gdt->address; @@ -21998,7 +23238,7 @@ index f858159..4ab7dba 100644 load_TR_desc(); } -@@ -1546,6 +1550,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) +@@ -1594,6 +1598,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */ vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */ @@ -22009,7 +23249,7 @@ index f858159..4ab7dba 100644 rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp); vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */ vmx->loaded_vmcs->cpu = cpu; -@@ -2669,8 +2677,11 @@ static __init int hardware_setup(void) +@@ -2738,8 +2746,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -22023,7 +23263,7 @@ index f858159..4ab7dba 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3712,7 +3723,10 @@ static void vmx_set_constant_host_state(void) +@@ -3782,7 +3793,10 @@ static void vmx_set_constant_host_state(void) vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */ vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ @@ -22034,7 +23274,7 @@ index f858159..4ab7dba 100644 vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */ #ifdef CONFIG_X86_64 -@@ -3733,7 +3747,7 @@ static void vmx_set_constant_host_state(void) +@@ -3803,7 +3817,7 @@ static void vmx_set_constant_host_state(void) native_store_idt(&dt); vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ @@ -22043,7 +23283,7 @@ index f858159..4ab7dba 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -6279,6 +6293,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6355,6 +6369,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp 2f \n\t" "1: " __ex(ASM_VMX_VMRESUME) "\n\t" "2: " @@ -22056,7 +23296,7 @@ index f858159..4ab7dba 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t" "pop %0 \n\t" -@@ -6331,6 +6351,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6407,6 +6427,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -22068,7 +23308,7 @@ index f858159..4ab7dba 100644 : "cc", "memory" #ifdef CONFIG_X86_64 , "rax", "rbx", "rdi", "rsi" -@@ -6344,7 +6369,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6420,7 +6445,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) if (debugctlmsr) update_debugctlmsr(debugctlmsr); @@ -22077,7 +23317,7 @@ index f858159..4ab7dba 100644 /* * The sysexit path does not restore ds/es, so we must set them to * a reasonable value ourselves. -@@ -6353,8 +6378,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6429,8 +6454,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) * may be executed in interrupt context, which saves and restore segments * around it, nullifying its effect. */ @@ -22099,10 +23339,10 @@ index f858159..4ab7dba 100644 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 4f76417..93429b5 100644 +index c243b81..9eb193f 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -1390,8 +1390,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) +@@ -1692,8 +1692,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); @@ -22113,7 +23353,7 @@ index 4f76417..93429b5 100644 u8 blob_size = lm ? kvm->arch.xen_hvm_config.blob_size_64 : kvm->arch.xen_hvm_config.blob_size_32; u32 page_num = data & ~PAGE_MASK; -@@ -2255,6 +2255,8 @@ long kvm_arch_dev_ioctl(struct file *filp, +@@ -2571,6 +2571,8 @@ long kvm_arch_dev_ioctl(struct file *filp, if (n < msr_list.nmsrs) goto out; r = -EFAULT; @@ -22122,7 +23362,7 @@ index 4f76417..93429b5 100644 if (copy_to_user(user_msr_list->indices, &msrs_to_save, num_msrs_to_save * sizeof(u32))) goto out; -@@ -2379,7 +2381,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, +@@ -2700,7 +2702,7 @@ static int kvm_vcpu_ioctl_set_lapic(struct kvm_vcpu *vcpu, static int kvm_vcpu_ioctl_interrupt(struct kvm_vcpu *vcpu, struct kvm_interrupt *irq) { @@ -22131,9 +23371,9 @@ index 4f76417..93429b5 100644 return -EINVAL; if (irqchip_in_kernel(vcpu->kvm)) return -ENXIO; -@@ -4881,7 +4883,7 @@ static void kvm_set_mmio_spte_mask(void) - kvm_mmu_set_mmio_spte_mask(mask); - } +@@ -5213,7 +5215,7 @@ static struct notifier_block pvclock_gtod_notifier = { + }; + #endif -int kvm_arch_init(void *opaque) +int kvm_arch_init(const void *opaque) @@ -22141,7 +23381,7 @@ index 4f76417..93429b5 100644 int r; struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque; diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c -index 642d880..44e0f3f 100644 +index df4176c..23ce092 100644 --- a/arch/x86/lguest/boot.c +++ b/arch/x86/lguest/boot.c @@ -1200,9 +1200,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count) @@ -22944,92 +24184,92 @@ index 1e572c5..2a162cd 100644 CFI_ENDPROC diff --git a/arch/x86/lib/copy_page_64.S b/arch/x86/lib/copy_page_64.S -index 6b34d04..dccb07f 100644 +index 176cca6..1166c50 100644 --- a/arch/x86/lib/copy_page_64.S +++ b/arch/x86/lib/copy_page_64.S -@@ -9,6 +9,7 @@ copy_page_c: +@@ -9,6 +9,7 @@ copy_page_rep: CFI_STARTPROC - movl $4096/8,%ecx - rep movsq + movl $4096/8, %ecx + rep movsq + pax_force_retaddr ret CFI_ENDPROC - ENDPROC(copy_page_c) -@@ -20,12 +21,14 @@ ENDPROC(copy_page_c) + ENDPROC(copy_page_rep) +@@ -20,12 +21,14 @@ ENDPROC(copy_page_rep) ENTRY(copy_page) CFI_STARTPROC -- subq $2*8,%rsp +- subq $2*8, %rsp - CFI_ADJUST_CFA_OFFSET 2*8 -+ subq $3*8,%rsp ++ subq $3*8, %rsp + CFI_ADJUST_CFA_OFFSET 3*8 - movq %rbx,(%rsp) + movq %rbx, (%rsp) CFI_REL_OFFSET rbx, 0 - movq %r12,1*8(%rsp) + movq %r12, 1*8(%rsp) CFI_REL_OFFSET r12, 1*8 -+ movq %r13,2*8(%rsp) ++ movq %r13, 2*8(%rsp) + CFI_REL_OFFSET r13, 2*8 - movl $(4096/64)-5,%ecx + movl $(4096/64)-5, %ecx .p2align 4 -@@ -37,7 +40,7 @@ ENTRY(copy_page) - movq 16 (%rsi), %rdx - movq 24 (%rsi), %r8 - movq 32 (%rsi), %r9 -- movq 40 (%rsi), %r10 -+ movq 40 (%rsi), %r13 - movq 48 (%rsi), %r11 - movq 56 (%rsi), %r12 - -@@ -48,7 +51,7 @@ ENTRY(copy_page) - movq %rdx, 16 (%rdi) - movq %r8, 24 (%rdi) - movq %r9, 32 (%rdi) -- movq %r10, 40 (%rdi) -+ movq %r13, 40 (%rdi) - movq %r11, 48 (%rdi) - movq %r12, 56 (%rdi) - -@@ -67,7 +70,7 @@ ENTRY(copy_page) - movq 16 (%rsi), %rdx - movq 24 (%rsi), %r8 - movq 32 (%rsi), %r9 -- movq 40 (%rsi), %r10 -+ movq 40 (%rsi), %r13 - movq 48 (%rsi), %r11 - movq 56 (%rsi), %r12 - -@@ -76,7 +79,7 @@ ENTRY(copy_page) - movq %rdx, 16 (%rdi) - movq %r8, 24 (%rdi) - movq %r9, 32 (%rdi) -- movq %r10, 40 (%rdi) -+ movq %r13, 40 (%rdi) - movq %r11, 48 (%rdi) - movq %r12, 56 (%rdi) - -@@ -89,8 +92,11 @@ ENTRY(copy_page) +@@ -36,7 +39,7 @@ ENTRY(copy_page) + movq 0x8*2(%rsi), %rdx + movq 0x8*3(%rsi), %r8 + movq 0x8*4(%rsi), %r9 +- movq 0x8*5(%rsi), %r10 ++ movq 0x8*5(%rsi), %r13 + movq 0x8*6(%rsi), %r11 + movq 0x8*7(%rsi), %r12 + +@@ -47,7 +50,7 @@ ENTRY(copy_page) + movq %rdx, 0x8*2(%rdi) + movq %r8, 0x8*3(%rdi) + movq %r9, 0x8*4(%rdi) +- movq %r10, 0x8*5(%rdi) ++ movq %r13, 0x8*5(%rdi) + movq %r11, 0x8*6(%rdi) + movq %r12, 0x8*7(%rdi) + +@@ -66,7 +69,7 @@ ENTRY(copy_page) + movq 0x8*2(%rsi), %rdx + movq 0x8*3(%rsi), %r8 + movq 0x8*4(%rsi), %r9 +- movq 0x8*5(%rsi), %r10 ++ movq 0x8*5(%rsi), %r13 + movq 0x8*6(%rsi), %r11 + movq 0x8*7(%rsi), %r12 + +@@ -75,7 +78,7 @@ ENTRY(copy_page) + movq %rdx, 0x8*2(%rdi) + movq %r8, 0x8*3(%rdi) + movq %r9, 0x8*4(%rdi) +- movq %r10, 0x8*5(%rdi) ++ movq %r13, 0x8*5(%rdi) + movq %r11, 0x8*6(%rdi) + movq %r12, 0x8*7(%rdi) + +@@ -87,8 +90,11 @@ ENTRY(copy_page) CFI_RESTORE rbx - movq 1*8(%rsp),%r12 + movq 1*8(%rsp), %r12 CFI_RESTORE r12 -- addq $2*8,%rsp +- addq $2*8, %rsp - CFI_ADJUST_CFA_OFFSET -2*8 -+ movq 2*8(%rsp),%r13 ++ movq 2*8(%rsp), %r13 + CFI_RESTORE r13 -+ addq $3*8,%rsp ++ addq $3*8, %rsp + CFI_ADJUST_CFA_OFFSET -3*8 + pax_force_retaddr ret .Lcopy_page_end: CFI_ENDPROC -@@ -101,7 +107,7 @@ ENDPROC(copy_page) +@@ -99,7 +105,7 @@ ENDPROC(copy_page) #include <asm/cpufeature.h> - .section .altinstr_replacement,"ax" + .section .altinstr_replacement,"a" 1: .byte 0xeb /* jmp <disp8> */ - .byte (copy_page_c - copy_page) - (2f - 1b) /* offset */ + .byte (copy_page_rep - copy_page) - (2f - 1b) /* offset */ 2: diff --git a/arch/x86/lib/copy_user_64.S b/arch/x86/lib/copy_user_64.S index a30ca15..d25fab6 100644 @@ -24351,7 +25591,7 @@ index a63efd6..ccecad8 100644 ret CFI_ENDPROC diff --git a/arch/x86/lib/usercopy_32.c b/arch/x86/lib/usercopy_32.c -index 98f6d6b6..d27f045 100644 +index f0312d7..9c39d63 100644 --- a/arch/x86/lib/usercopy_32.c +++ b/arch/x86/lib/usercopy_32.c @@ -42,11 +42,13 @@ do { \ @@ -24844,8 +26084,8 @@ index 98f6d6b6..d27f045 100644 "2:\n" \ ".section .fixup,\"ax\"\n" \ "5: addl %3,%0\n" \ -@@ -629,9 +741,9 @@ survive: - #endif +@@ -572,9 +684,9 @@ unsigned long __copy_to_user_ll(void __user *to, const void *from, + { stac(); if (movsl_is_ok(to, from, n)) - __copy_user(to, from, n); @@ -24856,7 +26096,7 @@ index 98f6d6b6..d27f045 100644 clac(); return n; } -@@ -655,10 +767,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from, +@@ -598,10 +710,9 @@ unsigned long __copy_from_user_ll_nozero(void *to, const void __user *from, { stac(); if (movsl_is_ok(to, from, n)) @@ -24869,7 +26109,7 @@ index 98f6d6b6..d27f045 100644 clac(); return n; } -@@ -689,66 +800,51 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr +@@ -632,66 +743,51 @@ unsigned long __copy_from_user_ll_nocache_nozero(void *to, const void __user *fr if (n > 64 && cpu_has_xmm2) n = __copy_user_intel_nocache(to, from, n); else @@ -25082,7 +26322,7 @@ index 903ec1e..c4166b2 100644 } diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index 79ff7da..610cf70 100644 +index fb674fd..272f369 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -13,12 +13,19 @@ @@ -25096,7 +26336,7 @@ index 79ff7da..610cf70 100644 #include <asm/pgalloc.h> /* pgd_*(), ... */ #include <asm/kmemcheck.h> /* kmemcheck_*(), ... */ #include <asm/fixmap.h> /* VSYSCALL_START */ - #include <asm/rcu.h> /* exception_enter(), ... */ + #include <asm/context_tracking.h> /* exception_enter(), ... */ +#include <asm/tlbflush.h> + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) @@ -25309,7 +26549,7 @@ index 79ff7da..610cf70 100644 /* Kernel addresses are always protection faults: */ if (address >= TASK_SIZE) error_code |= PF_PROT; -@@ -847,7 +945,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, +@@ -833,7 +931,7 @@ do_sigbus(struct pt_regs *regs, unsigned long error_code, unsigned long address, if (fault & (VM_FAULT_HWPOISON|VM_FAULT_HWPOISON_LARGE)) { printk(KERN_ERR "MCE: Killing %s:%d due to hardware memory corruption fault at %lx\n", @@ -25318,7 +26558,7 @@ index 79ff7da..610cf70 100644 code = BUS_MCEERR_AR; } #endif -@@ -903,6 +1001,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) +@@ -896,6 +994,99 @@ static int spurious_fault_check(unsigned long error_code, pte_t *pte) return 1; } @@ -25418,7 +26658,7 @@ index 79ff7da..610cf70 100644 /* * Handle a spurious fault caused by a stale TLB entry. * -@@ -975,6 +1166,9 @@ int show_unhandled_signals = 1; +@@ -968,6 +1159,9 @@ int show_unhandled_signals = 1; static inline int access_error(unsigned long error_code, struct vm_area_struct *vma) { @@ -25428,7 +26668,7 @@ index 79ff7da..610cf70 100644 if (error_code & PF_WRITE) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -1003,7 +1197,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) +@@ -996,7 +1190,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) if (error_code & PF_USER) return false; @@ -25437,7 +26677,7 @@ index 79ff7da..610cf70 100644 return false; return true; -@@ -1019,18 +1213,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1012,18 +1206,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) { struct vm_area_struct *vma; struct task_struct *tsk; @@ -25476,7 +26716,7 @@ index 79ff7da..610cf70 100644 /* * Detect and handle instructions that would cause a page fault for -@@ -1091,7 +1300,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1084,7 +1293,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) * User-mode registers count as a user access even for any * potential system fault or CPU buglet: */ @@ -25485,7 +26725,7 @@ index 79ff7da..610cf70 100644 local_irq_enable(); error_code |= PF_USER; } else { -@@ -1153,6 +1362,11 @@ retry: +@@ -1146,6 +1355,11 @@ retry: might_sleep(); } @@ -25497,7 +26737,7 @@ index 79ff7da..610cf70 100644 vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1164,18 +1378,24 @@ retry: +@@ -1157,18 +1371,24 @@ retry: bad_area(regs, error_code, address); return; } @@ -25533,7 +26773,7 @@ index 79ff7da..610cf70 100644 if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1239,3 +1459,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1232,3 +1452,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) __do_page_fault(regs, error_code); exception_exit(regs); } @@ -25856,172 +27096,36 @@ index 6f31ee5..8ee4164 100644 return (void *)vaddr; diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c -index 937bff5..dce75ff 100644 +index ae1aa71..56316db 100644 --- a/arch/x86/mm/hugetlbpage.c +++ b/arch/x86/mm/hugetlbpage.c -@@ -276,13 +276,21 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, - struct hstate *h = hstate_file(file); - struct mm_struct *mm = current->mm; - struct vm_area_struct *vma; -- unsigned long start_addr; -+ unsigned long start_addr, pax_task_size = TASK_SIZE; -+ unsigned long offset = gr_rand_threadstack_offset(mm, file, flags); -+ -+#ifdef CONFIG_PAX_SEGMEXEC -+ if (mm->pax_flags & MF_PAX_SEGMEXEC) -+ pax_task_size = SEGMEXEC_TASK_SIZE; -+#endif -+ -+ pax_task_size -= PAGE_SIZE; - - if (len > mm->cached_hole_size) { -- start_addr = mm->free_area_cache; -+ start_addr = mm->free_area_cache; - } else { -- start_addr = TASK_UNMAPPED_BASE; -- mm->cached_hole_size = 0; -+ start_addr = mm->mmap_base; -+ mm->cached_hole_size = 0; - } - - full_search: -@@ -290,26 +298,27 @@ full_search: - - for (vma = find_vma(mm, addr); ; vma = vma->vm_next) { - /* At this point: (!vma || addr < vma->vm_end). */ -- if (TASK_SIZE - len < addr) { -+ if (pax_task_size - len < addr) { - /* - * Start a new search - just in case we missed - * some holes. - */ -- if (start_addr != TASK_UNMAPPED_BASE) { -- start_addr = TASK_UNMAPPED_BASE; -+ if (start_addr != mm->mmap_base) { -+ start_addr = mm->mmap_base; - mm->cached_hole_size = 0; - goto full_search; - } - return -ENOMEM; - } -- if (!vma || addr + len <= vma->vm_start) { -- mm->free_area_cache = addr + len; -- return addr; -- } -+ if (check_heap_stack_gap(vma, addr, len, offset)) -+ break; - if (addr + mm->cached_hole_size < vma->vm_start) - mm->cached_hole_size = vma->vm_start - addr; - addr = ALIGN(vma->vm_end, huge_page_size(h)); - } +@@ -279,6 +279,12 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, + info.flags = 0; + info.length = len; + info.low_limit = TASK_UNMAPPED_BASE; + -+ mm->free_area_cache = addr + len; -+ return addr; - } - - static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, -@@ -320,9 +329,9 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, - struct mm_struct *mm = current->mm; - struct vm_area_struct *vma; - unsigned long base = mm->mmap_base; -- unsigned long addr = addr0; -+ unsigned long addr; - unsigned long largest_hole = mm->cached_hole_size; -- unsigned long start_addr; -+ unsigned long offset = gr_rand_threadstack_offset(mm, file, flags); - - /* don't allow allocations above current base */ - if (mm->free_area_cache > base) -@@ -332,16 +341,15 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, - largest_hole = 0; - mm->free_area_cache = base; - } --try_again: -- start_addr = mm->free_area_cache; - - /* make sure it can fit in the remaining address space */ - if (mm->free_area_cache < len) - goto fail; - - /* either no address requested or can't fit in requested address hole */ -- addr = (mm->free_area_cache - len) & huge_page_mask(h); -+ addr = mm->free_area_cache - len; - do { -+ addr &= huge_page_mask(h); - /* - * Lookup failure means no vma is above this address, - * i.e. return with success: -@@ -350,10 +358,10 @@ try_again: - if (!vma) - return addr; - -- if (addr + len <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr, len, offset)) { - /* remember the address as a hint for next time */ -- mm->cached_hole_size = largest_hole; -- return (mm->free_area_cache = addr); -+ mm->cached_hole_size = largest_hole; -+ return (mm->free_area_cache = addr); - } else if (mm->free_area_cache == vma->vm_end) { - /* pull free_area_cache down to the first hole */ - mm->free_area_cache = vma->vm_start; -@@ -362,29 +370,34 @@ try_again: - - /* remember the largest hole we saw so far */ - if (addr + largest_hole < vma->vm_start) -- largest_hole = vma->vm_start - addr; -+ largest_hole = vma->vm_start - addr; - - /* try just below the current vma->vm_start */ -- addr = (vma->vm_start - len) & huge_page_mask(h); -- } while (len <= vma->vm_start); -+ addr = skip_heap_stack_gap(vma, len, offset); -+ } while (!IS_ERR_VALUE(addr)); - - fail: - /* -- * if hint left us with no space for the requested -- * mapping then try again: -- */ -- if (start_addr != base) { -- mm->free_area_cache = base; -- largest_hole = 0; -- goto try_again; -- } -- /* - * A failed mmap() very likely causes application failure, - * so fall back to the bottom-up function here. This scenario - * can happen with large stack limits and large mmap() - * allocations. - */ -- mm->free_area_cache = TASK_UNMAPPED_BASE; -+ -+#ifdef CONFIG_PAX_SEGMEXEC -+ if (mm->pax_flags & MF_PAX_SEGMEXEC) -+ mm->mmap_base = SEGMEXEC_TASK_UNMAPPED_BASE; -+ else ++#ifdef CONFIG_PAX_RANDMMAP ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += current->mm->delta_mmap; +#endif + -+ mm->mmap_base = TASK_UNMAPPED_BASE; + info.high_limit = TASK_SIZE; + info.align_mask = PAGE_MASK & ~huge_page_mask(h); + info.align_offset = 0; +@@ -311,6 +317,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, + VM_BUG_ON(addr != -ENOMEM); + info.flags = 0; + info.low_limit = TASK_UNMAPPED_BASE; + +#ifdef CONFIG_PAX_RANDMMAP -+ if (mm->pax_flags & MF_PAX_RANDMMAP) -+ mm->mmap_base += mm->delta_mmap; ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) ++ info.low_limit += current->mm->delta_mmap; +#endif + -+ mm->free_area_cache = mm->mmap_base; - mm->cached_hole_size = ~0UL; - addr = hugetlb_get_unmapped_area_bottomup(file, addr0, - len, pgoff, flags); -@@ -392,6 +405,7 @@ fail: - /* - * Restore the topdown base: - */ -+ mm->mmap_base = base; - mm->free_area_cache = base; - mm->cached_hole_size = ~0UL; - -@@ -405,10 +419,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, + info.high_limit = TASK_SIZE; + addr = vm_unmapped_area(&info); + } +@@ -325,10 +337,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, struct hstate *h = hstate_file(file); struct mm_struct *mm = current->mm; struct vm_area_struct *vma; @@ -26043,7 +27147,7 @@ index 937bff5..dce75ff 100644 return -ENOMEM; if (flags & MAP_FIXED) { -@@ -417,11 +441,14 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -337,11 +359,14 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, return addr; } @@ -26251,7 +27355,7 @@ index d7aea41..0fc945b 100644 (unsigned long)(&__init_begin), (unsigned long)(&__init_end)); diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c -index 11a5800..4bd9977 100644 +index 745d66b..56bf568 100644 --- a/arch/x86/mm/init_32.c +++ b/arch/x86/mm/init_32.c @@ -73,36 +73,6 @@ static __init void *alloc_low_page(void) @@ -26468,7 +27572,7 @@ index 11a5800..4bd9977 100644 EXPORT_SYMBOL_GPL(__supported_pte_mask); /* user-defined highmem size */ -@@ -731,6 +730,12 @@ void __init mem_init(void) +@@ -728,6 +727,12 @@ void __init mem_init(void) pci_iommu_alloc(); @@ -26481,7 +27585,7 @@ index 11a5800..4bd9977 100644 #ifdef CONFIG_FLATMEM BUG_ON(!mem_map); #endif -@@ -757,7 +762,7 @@ void __init mem_init(void) +@@ -754,7 +759,7 @@ void __init mem_init(void) reservedpages++; codesize = (unsigned long) &_etext - (unsigned long) &_text; @@ -26490,7 +27594,7 @@ index 11a5800..4bd9977 100644 initsize = (unsigned long) &__init_end - (unsigned long) &__init_begin; printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, " -@@ -798,10 +803,10 @@ void __init mem_init(void) +@@ -795,10 +800,10 @@ void __init mem_init(void) ((unsigned long)&__init_end - (unsigned long)&__init_begin) >> 10, @@ -26504,7 +27608,7 @@ index 11a5800..4bd9977 100644 ((unsigned long)&_etext - (unsigned long)&_text) >> 10); /* -@@ -879,6 +884,7 @@ void set_kernel_text_rw(void) +@@ -876,6 +881,7 @@ void set_kernel_text_rw(void) if (!kernel_set_to_readonly) return; @@ -26512,7 +27616,7 @@ index 11a5800..4bd9977 100644 pr_debug("Set kernel text: %lx - %lx for read write\n", start, start+size); -@@ -893,6 +899,7 @@ void set_kernel_text_ro(void) +@@ -890,6 +896,7 @@ void set_kernel_text_ro(void) if (!kernel_set_to_readonly) return; @@ -26520,7 +27624,7 @@ index 11a5800..4bd9977 100644 pr_debug("Set kernel text: %lx - %lx for read only\n", start, start+size); -@@ -921,6 +928,7 @@ void mark_rodata_ro(void) +@@ -918,6 +925,7 @@ void mark_rodata_ro(void) unsigned long start = PFN_ALIGN(_text); unsigned long size = PFN_ALIGN(_etext) - start; @@ -26529,7 +27633,7 @@ index 11a5800..4bd9977 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index ce42da7..678a54e 100644 +index 75c9a6a..498d677 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c @@ -74,7 +74,7 @@ early_param("gbpages", parse_direct_gbpages_on); @@ -26664,7 +27768,7 @@ index ce42da7..678a54e 100644 spin_unlock(&init_mm.page_table_lock); pgd_changed = true; } -@@ -691,6 +705,12 @@ void __init mem_init(void) +@@ -693,6 +707,12 @@ void __init mem_init(void) pci_iommu_alloc(); @@ -26677,7 +27781,7 @@ index ce42da7..678a54e 100644 /* clear_bss() already clear the empty_zero_page */ reservedpages = 0; -@@ -854,8 +874,8 @@ int kern_addr_valid(unsigned long addr) +@@ -856,8 +876,8 @@ int kern_addr_valid(unsigned long addr) static struct vm_area_struct gate_vma = { .vm_start = VSYSCALL_START, .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE), @@ -26688,7 +27792,7 @@ index ce42da7..678a54e 100644 }; struct vm_area_struct *get_gate_vma(struct mm_struct *mm) -@@ -889,7 +909,7 @@ int in_gate_area_no_mm(unsigned long addr) +@@ -891,7 +911,7 @@ int in_gate_area_no_mm(unsigned long addr) const char *arch_vma_name(struct vm_area_struct *vma) { @@ -27116,7 +28220,7 @@ index 9f0614d..92ae64a 100644 p += get_opcode(p, &opcode); for (i = 0; i < ARRAY_SIZE(imm_wop); i++) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c -index 8573b83..4f3ed7e 100644 +index e27fbf8..8b56dc9 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -84,10 +84,64 @@ static inline void pgd_list_del(pgd_t *pgd) @@ -27195,7 +28299,7 @@ index 8573b83..4f3ed7e 100644 /* * List of all pgd's needed for non-PAE so it can invalidate entries @@ -140,7 +195,7 @@ static void pgd_dtor(pgd_t *pgd) - * -- wli + * -- nyc */ -#ifdef CONFIG_X86_PAE @@ -27428,7 +28532,7 @@ index 410531d..0f16030 100644 } diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c -index 60f926c..a710970 100644 +index 13a6b29..c2fff23 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -48,7 +48,11 @@ void leave_mm(int cpu) @@ -27557,18 +28661,18 @@ index 877b9a1..a8ecf42 100644 + pax_force_retaddr ret diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index 520d2bd..b895ef4 100644 +index d11a470..3f9adff3 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c -@@ -11,6 +11,7 @@ - #include <asm/cacheflush.h> +@@ -12,6 +12,7 @@ #include <linux/netdevice.h> #include <linux/filter.h> + #include <linux/if_vlan.h> +#include <linux/random.h> /* * Conventions : -@@ -48,13 +49,87 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len) +@@ -49,13 +50,87 @@ static inline u8 *emit_code(u8 *ptr, u32 bytes, unsigned int len) return ptr + len; } @@ -27656,7 +28760,7 @@ index 520d2bd..b895ef4 100644 #define CLEAR_A() EMIT2(0x31, 0xc0) /* xor %eax,%eax */ #define CLEAR_X() EMIT2(0x31, 0xdb) /* xor %ebx,%ebx */ -@@ -89,6 +164,24 @@ do { \ +@@ -90,6 +165,24 @@ do { \ #define X86_JBE 0x76 #define X86_JA 0x77 @@ -27681,7 +28785,7 @@ index 520d2bd..b895ef4 100644 #define EMIT_COND_JMP(op, offset) \ do { \ if (is_near(offset)) \ -@@ -96,6 +189,7 @@ do { \ +@@ -97,6 +190,7 @@ do { \ else { \ EMIT2(0x0f, op + 0x10); \ EMIT(offset, 4); /* jxx .+off32 */ \ @@ -27689,7 +28793,7 @@ index 520d2bd..b895ef4 100644 } \ } while (0) -@@ -120,12 +214,17 @@ static inline void bpf_flush_icache(void *start, void *end) +@@ -121,12 +215,17 @@ static inline void bpf_flush_icache(void *start, void *end) set_fs(old_fs); } @@ -27708,7 +28812,7 @@ index 520d2bd..b895ef4 100644 u8 *prog; unsigned int proglen, oldproglen = 0; int ilen, i; -@@ -138,6 +237,9 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -139,6 +238,9 @@ void bpf_jit_compile(struct sk_filter *fp) unsigned int *addrs; const struct sock_filter *filter = fp->insns; int flen = fp->len; @@ -27718,7 +28822,7 @@ index 520d2bd..b895ef4 100644 if (!bpf_jit_enable) return; -@@ -146,11 +248,19 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -147,11 +249,19 @@ void bpf_jit_compile(struct sk_filter *fp) if (addrs == NULL) return; @@ -27740,7 +28844,7 @@ index 520d2bd..b895ef4 100644 addrs[i] = proglen; } cleanup_addr = proglen; /* epilogue address */ -@@ -258,10 +368,8 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -261,10 +371,8 @@ void bpf_jit_compile(struct sk_filter *fp) case BPF_S_ALU_MUL_K: /* A *= K */ if (is_imm8(K)) EMIT3(0x6b, 0xc0, K); /* imul imm8,%eax,%eax */ @@ -27753,7 +28857,7 @@ index 520d2bd..b895ef4 100644 break; case BPF_S_ALU_DIV_X: /* A /= X; */ seen |= SEEN_XREG; -@@ -301,13 +409,23 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -304,13 +412,23 @@ void bpf_jit_compile(struct sk_filter *fp) break; case BPF_S_ALU_MOD_K: /* A %= K; */ EMIT2(0x31, 0xd2); /* xor %edx,%edx */ @@ -27777,7 +28881,7 @@ index 520d2bd..b895ef4 100644 EMIT4(0x48, 0xc1, 0xe8, 0x20); /* shr $0x20,%rax */ break; case BPF_S_ALU_AND_X: -@@ -543,8 +661,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG; +@@ -564,8 +682,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG; if (is_imm8(K)) { EMIT3(0x8d, 0x73, K); /* lea imm8(%rbx), %esi */ } else { @@ -27787,7 +28891,7 @@ index 520d2bd..b895ef4 100644 } } else { EMIT2(0x89,0xde); /* mov %ebx,%esi */ -@@ -627,17 +744,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -648,17 +765,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; break; default: /* hmm, too complex filter, give up with jit compiler */ @@ -27810,7 +28914,7 @@ index 520d2bd..b895ef4 100644 } proglen += ilen; addrs[i] = proglen; -@@ -658,11 +776,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -679,11 +797,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; break; } if (proglen == oldproglen) { @@ -27824,7 +28928,7 @@ index 520d2bd..b895ef4 100644 } oldproglen = proglen; } -@@ -678,7 +794,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -699,7 +815,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; bpf_flush_icache(image, image + proglen); fp->bpf_func = (void *)image; @@ -27836,7 +28940,7 @@ index 520d2bd..b895ef4 100644 out: kfree(addrs); return; -@@ -686,18 +805,20 @@ out: +@@ -707,18 +826,20 @@ out: static void jit_free_defer(struct work_struct *arg) { @@ -27896,8 +29000,21 @@ index d6aa6e8..266395a 100644 unsigned long stack = kernel_stack_pointer(regs); if (depth) dump_trace(NULL, regs, (unsigned long *)stack, 0, +diff --git a/arch/x86/pci/amd_bus.c b/arch/x86/pci/amd_bus.c +index e9e6ed5..e47ae67 100644 +--- a/arch/x86/pci/amd_bus.c ++++ b/arch/x86/pci/amd_bus.c +@@ -337,7 +337,7 @@ static int __cpuinit amd_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata amd_cpu_notifier = { ++static struct notifier_block amd_cpu_notifier = { + .notifier_call = amd_cpu_notify, + }; + diff --git a/arch/x86/pci/mrst.c b/arch/x86/pci/mrst.c -index e14a2ff..3fd6b58 100644 +index 6eb18c4..20d83de 100644 --- a/arch/x86/pci/mrst.c +++ b/arch/x86/pci/mrst.c @@ -238,7 +238,9 @@ int __init pci_mrst_init(void) @@ -27912,10 +29029,10 @@ index e14a2ff..3fd6b58 100644 /* Continue with standard init */ return 1; diff --git a/arch/x86/pci/pcbios.c b/arch/x86/pci/pcbios.c -index da8fe05..7ee6704 100644 +index c77b24a..c979855 100644 --- a/arch/x86/pci/pcbios.c +++ b/arch/x86/pci/pcbios.c -@@ -79,50 +79,93 @@ union bios32 { +@@ -79,7 +79,7 @@ union bios32 { static struct { unsigned long address; unsigned short segment; @@ -27924,13 +29041,7 @@ index da8fe05..7ee6704 100644 /* * Returns the entry point for the given service, NULL on error - */ - --static unsigned long bios32_service(unsigned long service) -+static unsigned long __devinit bios32_service(unsigned long service) - { - unsigned char return_code; /* %al */ - unsigned long address; /* %ebx */ +@@ -92,37 +92,80 @@ static unsigned long bios32_service(unsigned long service) unsigned long length; /* %ecx */ unsigned long entry; /* %edx */ unsigned long flags; @@ -28021,9 +29132,9 @@ index da8fe05..7ee6704 100644 -static int pci_bios_present; +static int pci_bios_present __read_only; - static int __devinit check_pcibios(void) + static int check_pcibios(void) { -@@ -131,11 +174,13 @@ static int __devinit check_pcibios(void) +@@ -131,11 +174,13 @@ static int check_pcibios(void) unsigned long flags, pcibios_entry; if ((pcibios_entry = bios32_service(PCI_SERVICE))) { @@ -28040,7 +29151,7 @@ index da8fe05..7ee6704 100644 "jc 1f\n\t" "xor %%ah, %%ah\n" "1:" -@@ -144,7 +189,8 @@ static int __devinit check_pcibios(void) +@@ -144,7 +189,8 @@ static int check_pcibios(void) "=b" (ebx), "=c" (ecx) : "1" (PCIBIOS_PCI_BIOS_PRESENT), @@ -28458,7 +29569,7 @@ index 4c07cca..2c8427d 100644 ret ENDPROC(efi_call6) diff --git a/arch/x86/platform/mrst/mrst.c b/arch/x86/platform/mrst/mrst.c -index fd41a92..9c33628 100644 +index e31bcd8..f12dc46 100644 --- a/arch/x86/platform/mrst/mrst.c +++ b/arch/x86/platform/mrst/mrst.c @@ -78,13 +78,15 @@ struct sfi_rtc_table_entry sfi_mrtc_array[SFI_MRTC_MAX]; @@ -28493,10 +29604,10 @@ index d6ee929..3637cb5 100644 .getproplen = olpc_dt_getproplen, .getproperty = olpc_dt_getproperty, diff --git a/arch/x86/power/cpu.c b/arch/x86/power/cpu.c -index 218cdb1..c1178eb 100644 +index 120cee1..b2db75a 100644 --- a/arch/x86/power/cpu.c +++ b/arch/x86/power/cpu.c -@@ -132,7 +132,7 @@ static void do_fpu_end(void) +@@ -133,7 +133,7 @@ static void do_fpu_end(void) static void fix_processor_context(void) { int cpu = smp_processor_id(); @@ -28505,7 +29616,7 @@ index 218cdb1..c1178eb 100644 set_tss_desc(cpu, t); /* * This just modifies memory; should not be -@@ -142,8 +142,6 @@ static void fix_processor_context(void) +@@ -143,8 +143,6 @@ static void fix_processor_context(void) */ #ifdef CONFIG_X86_64 @@ -28619,7 +29730,7 @@ index bb360dc..3e5945f 100644 /* diff --git a/arch/x86/tools/relocs.c b/arch/x86/tools/relocs.c -index 5a1847d..deccb30 100644 +index 79d67bd..c7e1b90 100644 --- a/arch/x86/tools/relocs.c +++ b/arch/x86/tools/relocs.c @@ -12,10 +12,13 @@ @@ -28828,7 +29939,7 @@ index 5a1847d..deccb30 100644 + read_relocs(fp, use_real_mode); if (show_absolute_syms) { print_absolute_symbols(); - return 0; + goto out; diff --git a/arch/x86/vdso/Makefile b/arch/x86/vdso/Makefile index fd14be1..e3c79c0 100644 --- a/arch/x86/vdso/Makefile @@ -28929,7 +30040,7 @@ index 0faad64..39ef157 100644 return NULL; } diff --git a/arch/x86/vdso/vma.c b/arch/x86/vdso/vma.c -index 00aaf04..4a26505 100644 +index 431e875..cbb23f3 100644 --- a/arch/x86/vdso/vma.c +++ b/arch/x86/vdso/vma.c @@ -16,8 +16,6 @@ @@ -28945,7 +30056,7 @@ index 00aaf04..4a26505 100644 * unaligned here as a result of stack start randomization. */ addr = PAGE_ALIGN(addr); -- addr = align_addr(addr, NULL, ALIGN_VDSO); +- addr = align_vdso_addr(addr); return addr; } @@ -28967,7 +30078,7 @@ index 00aaf04..4a26505 100644 +#endif + addr = vdso_addr(mm->start_stack, size); -+ addr = align_addr(addr, NULL, ALIGN_VDSO); ++ addr = align_vdso_addr(addr); addr = get_unmapped_area(NULL, addr, size, 0, 0); if (IS_ERR_VALUE(addr)) { ret = addr; @@ -29002,7 +30113,7 @@ index 00aaf04..4a26505 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 586d838..e883209 100644 +index e014092..c76ab69 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -99,8 +99,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -29014,7 +30125,7 @@ index 586d838..e883209 100644 RESERVE_BRK(shared_info_page_brk, PAGE_SIZE); __read_mostly int xen_have_vector_callback; EXPORT_SYMBOL_GPL(xen_have_vector_callback); -@@ -473,8 +471,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr) +@@ -495,8 +493,7 @@ static void xen_load_gdt(const struct desc_ptr *dtr) { unsigned long va = dtr->address; unsigned int size = dtr->size + 1; @@ -29024,7 +30135,7 @@ index 586d838..e883209 100644 int f; /* -@@ -522,8 +519,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr) +@@ -544,8 +541,7 @@ static void __init xen_load_gdt_boot(const struct desc_ptr *dtr) { unsigned long va = dtr->address; unsigned int size = dtr->size + 1; @@ -29034,7 +30145,7 @@ index 586d838..e883209 100644 int f; /* -@@ -916,7 +912,7 @@ static u32 xen_safe_apic_wait_icr_idle(void) +@@ -938,7 +934,7 @@ static u32 xen_safe_apic_wait_icr_idle(void) return 0; } @@ -29043,7 +30154,7 @@ index 586d838..e883209 100644 { apic->read = xen_apic_read; apic->write = xen_apic_write; -@@ -1222,30 +1218,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { +@@ -1244,30 +1240,30 @@ static const struct pv_apic_ops xen_apic_ops __initconst = { #endif }; @@ -29081,7 +30192,7 @@ index 586d838..e883209 100644 { if (pm_power_off) pm_power_off(); -@@ -1347,7 +1343,17 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1369,7 +1365,17 @@ asmlinkage void __init xen_start_kernel(void) __userpte_alloc_gfp &= ~__GFP_HIGHMEM; /* Work out if we support NX */ @@ -29100,7 +30211,7 @@ index 586d838..e883209 100644 xen_setup_features(); -@@ -1376,14 +1382,7 @@ asmlinkage void __init xen_start_kernel(void) +@@ -1398,14 +1404,7 @@ asmlinkage void __init xen_start_kernel(void) pv_mmu_ops.ptep_modify_prot_commit = xen_ptep_modify_prot_commit; } @@ -29116,8 +30227,17 @@ index 586d838..e883209 100644 xen_smp_init(); +@@ -1590,7 +1589,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block xen_hvm_cpu_notifier __cpuinitdata = { ++static struct notifier_block xen_hvm_cpu_notifier = { + .notifier_call = xen_hvm_cpu_notify, + }; + diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index dcf5f2d..d804c25 100644 +index 01de35c..0bda07b 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c @@ -1881,6 +1881,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) @@ -29160,7 +30280,7 @@ index dcf5f2d..d804c25 100644 .alloc_pud = xen_alloc_pmd_init, .release_pud = xen_release_pmd_init, diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c -index 353c50f..8f3c179 100644 +index 34bc4ce..c34aa24 100644 --- a/arch/x86/xen/smp.c +++ b/arch/x86/xen/smp.c @@ -229,11 +229,6 @@ static void __init xen_smp_prepare_boot_cpu(void) @@ -29207,7 +30327,7 @@ index 353c50f..8f3c179 100644 #endif xen_setup_runstate_info(cpu); xen_setup_timer(cpu); -@@ -637,7 +631,7 @@ static const struct smp_ops xen_smp_ops __initconst = { +@@ -630,7 +624,7 @@ static const struct smp_ops xen_smp_ops __initconst = { void __init xen_smp_init(void) { @@ -29338,7 +30458,7 @@ index af00795..2bb8105 100644 #define XCHAL_ICACHE_SIZE 32768 /* I-cache size in bytes or 0 */ #define XCHAL_DCACHE_SIZE 32768 /* D-cache size in bytes or 0 */ diff --git a/block/blk-iopoll.c b/block/blk-iopoll.c -index 58916af..9cb880b 100644 +index 58916af..eb9dbcf6 100644 --- a/block/blk-iopoll.c +++ b/block/blk-iopoll.c @@ -77,7 +77,7 @@ void blk_iopoll_complete(struct blk_iopoll *iopoll) @@ -29350,6 +30470,15 @@ index 58916af..9cb880b 100644 { struct list_head *list = &__get_cpu_var(blk_cpu_iopoll); int rearm = 0, budget = blk_iopoll_budget; +@@ -209,7 +209,7 @@ static int __cpuinit blk_iopoll_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata blk_iopoll_cpu_notifier = { ++static struct notifier_block blk_iopoll_cpu_notifier = { + .notifier_call = blk_iopoll_cpu_notify, + }; + diff --git a/block/blk-map.c b/block/blk-map.c index 623e1cd..ca1e109 100644 --- a/block/blk-map.c @@ -29364,7 +30493,7 @@ index 623e1cd..ca1e109 100644 bio = bio_copy_kern(q, kbuf, len, gfp_mask, reading); else diff --git a/block/blk-softirq.c b/block/blk-softirq.c -index 467c8de..4bddc6d 100644 +index 467c8de..f3628c5 100644 --- a/block/blk-softirq.c +++ b/block/blk-softirq.c @@ -18,7 +18,7 @@ static DEFINE_PER_CPU(struct list_head, blk_cpu_done); @@ -29376,6 +30505,15 @@ index 467c8de..4bddc6d 100644 { struct list_head *cpu_list, local_list; +@@ -98,7 +98,7 @@ static int __cpuinit blk_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata blk_cpu_notifier = { ++static struct notifier_block blk_cpu_notifier = { + .notifier_call = blk_cpu_notify, + }; + diff --git a/block/bsg.c b/block/bsg.c index ff64ae3..593560c 100644 --- a/block/bsg.c @@ -29421,7 +30559,7 @@ index 7c668c8..db3521c 100644 err = -EFAULT; goto out; diff --git a/block/partitions/efi.c b/block/partitions/efi.c -index 6296b40..417c00f 100644 +index b62fb88..bdab4c4 100644 --- a/block/partitions/efi.c +++ b/block/partitions/efi.c @@ -234,14 +234,14 @@ static gpt_entry *alloc_read_gpt_entries(struct parsed_partitions *state, @@ -29828,36 +30966,11 @@ index 7586544..636a2f0 100644 err = ec_write(*off, byte_write); if (err) return err; -diff --git a/drivers/acpi/proc.c b/drivers/acpi/proc.c -index 27adb09..ef98796b 100644 ---- a/drivers/acpi/proc.c -+++ b/drivers/acpi/proc.c -@@ -362,16 +362,13 @@ acpi_system_write_wakeup_device(struct file *file, - struct list_head *node, *next; - char strbuf[5]; - char str[5] = ""; -- unsigned int len = count; - -- if (len > 4) -- len = 4; -- if (len < 0) -- return -EFAULT; -+ if (count > 4) -+ count = 4; - -- if (copy_from_user(strbuf, buffer, len)) -+ if (copy_from_user(strbuf, buffer, count)) - return -EFAULT; -- strbuf[len] = '\0'; -+ strbuf[count] = '\0'; - sscanf(strbuf, "%s", str); - - mutex_lock(&acpi_device_lock); diff --git a/drivers/acpi/processor_driver.c b/drivers/acpi/processor_driver.c -index bd4e5dc..0497b66 100644 +index e83311b..142b5cc 100644 --- a/drivers/acpi/processor_driver.c +++ b/drivers/acpi/processor_driver.c -@@ -552,7 +552,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device) +@@ -558,7 +558,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device) return 0; #endif @@ -29867,10 +30980,10 @@ index bd4e5dc..0497b66 100644 /* * Buggy BIOS check diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index c8ac4fe..631818e 100644 +index 46cd3f4..0871ad0 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c -@@ -4779,7 +4779,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4780,7 +4780,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -29879,7 +30992,7 @@ index c8ac4fe..631818e 100644 ap = qc->ap; qc->flags = 0; -@@ -4795,7 +4795,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4796,7 +4796,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -29888,7 +31001,7 @@ index c8ac4fe..631818e 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5891,6 +5891,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5892,6 +5892,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -29896,7 +31009,7 @@ index c8ac4fe..631818e 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5904,8 +5905,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5905,8 +5906,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -29908,10 +31021,10 @@ index c8ac4fe..631818e 100644 } diff --git a/drivers/ata/pata_arasan_cf.c b/drivers/ata/pata_arasan_cf.c -index 371fd2c..0836c78 100644 +index 405022d..fb70e53 100644 --- a/drivers/ata/pata_arasan_cf.c +++ b/drivers/ata/pata_arasan_cf.c -@@ -861,7 +861,9 @@ static int __devinit arasan_cf_probe(struct platform_device *pdev) +@@ -864,7 +864,9 @@ static int arasan_cf_probe(struct platform_device *pdev) /* Handle platform specific quirks */ if (pdata->quirk) { if (pdata->quirk & CF_BROKEN_PIO) { @@ -29936,7 +31049,7 @@ index f9b983a..887b9d8 100644 return 0; } diff --git a/drivers/atm/ambassador.c b/drivers/atm/ambassador.c -index ff7bb8a..568fc0b 100644 +index 77a7480..05cde58 100644 --- a/drivers/atm/ambassador.c +++ b/drivers/atm/ambassador.c @@ -454,7 +454,7 @@ static void tx_complete (amb_dev * dev, tx_out * tx) { @@ -30029,7 +31142,7 @@ index b22d71c..d6e1049 100644 if (vcc->pop) vcc->pop(vcc,skb); else dev_kfree_skb(skb); diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c -index 81e44f7..498ea36 100644 +index c1eb6fa..4c71be9 100644 --- a/drivers/atm/eni.c +++ b/drivers/atm/eni.c @@ -522,7 +522,7 @@ static int rx_aal0(struct atm_vcc *vcc) @@ -30078,7 +31191,7 @@ index 81e44f7..498ea36 100644 dma_complete++; } diff --git a/drivers/atm/firestream.c b/drivers/atm/firestream.c -index 86fed1b..6dc4721 100644 +index b41c948..a002b17 100644 --- a/drivers/atm/firestream.c +++ b/drivers/atm/firestream.c @@ -749,7 +749,7 @@ static void process_txdone_queue (struct fs_dev *dev, struct queue *q) @@ -30115,10 +31228,10 @@ index 86fed1b..6dc4721 100644 default: /* Hmm. Haven't written the code to handle the others yet... -- REW */ printk (KERN_WARNING "Don't know what to do with RX status %x: %s.\n", diff --git a/drivers/atm/fore200e.c b/drivers/atm/fore200e.c -index 361f5ae..7fc552d 100644 +index 204814e..cede831 100644 --- a/drivers/atm/fore200e.c +++ b/drivers/atm/fore200e.c -@@ -933,9 +933,9 @@ fore200e_tx_irq(struct fore200e* fore200e) +@@ -931,9 +931,9 @@ fore200e_tx_irq(struct fore200e* fore200e) #endif /* check error condition */ if (*entry->status & STATUS_ERROR) @@ -30130,7 +31243,7 @@ index 361f5ae..7fc552d 100644 } } -@@ -1084,7 +1084,7 @@ fore200e_push_rpd(struct fore200e* fore200e, struct atm_vcc* vcc, struct rpd* rp +@@ -1082,7 +1082,7 @@ fore200e_push_rpd(struct fore200e* fore200e, struct atm_vcc* vcc, struct rpd* rp if (skb == NULL) { DPRINTK(2, "unable to alloc new skb, rx PDU length = %d\n", pdu_len); @@ -30139,7 +31252,7 @@ index 361f5ae..7fc552d 100644 return -ENOMEM; } -@@ -1127,14 +1127,14 @@ fore200e_push_rpd(struct fore200e* fore200e, struct atm_vcc* vcc, struct rpd* rp +@@ -1125,14 +1125,14 @@ fore200e_push_rpd(struct fore200e* fore200e, struct atm_vcc* vcc, struct rpd* rp dev_kfree_skb_any(skb); @@ -30156,7 +31269,7 @@ index 361f5ae..7fc552d 100644 ASSERT(atomic_read(&sk_atm(vcc)->sk_wmem_alloc) >= 0); -@@ -1212,7 +1212,7 @@ fore200e_rx_irq(struct fore200e* fore200e) +@@ -1210,7 +1210,7 @@ fore200e_rx_irq(struct fore200e* fore200e) DPRINTK(2, "damaged PDU on %d.%d.%d\n", fore200e->atm_dev->number, entry->rpd->atm_header.vpi, entry->rpd->atm_header.vci); @@ -30165,7 +31278,7 @@ index 361f5ae..7fc552d 100644 } } -@@ -1657,7 +1657,7 @@ fore200e_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -1655,7 +1655,7 @@ fore200e_send(struct atm_vcc *vcc, struct sk_buff *skb) goto retry_here; } @@ -30175,10 +31288,10 @@ index 361f5ae..7fc552d 100644 fore200e->tx_sat++; DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n", diff --git a/drivers/atm/he.c b/drivers/atm/he.c -index b182c2f..1c6fa8a 100644 +index 72b6960..cf9167a 100644 --- a/drivers/atm/he.c +++ b/drivers/atm/he.c -@@ -1709,7 +1709,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) +@@ -1699,7 +1699,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) if (RBRQ_HBUF_ERR(he_dev->rbrq_head)) { hprintk("HBUF_ERR! (cid 0x%x)\n", cid); @@ -30187,7 +31300,7 @@ index b182c2f..1c6fa8a 100644 goto return_host_buffers; } -@@ -1736,7 +1736,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) +@@ -1726,7 +1726,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) RBRQ_LEN_ERR(he_dev->rbrq_head) ? "LEN_ERR" : "", vcc->vpi, vcc->vci); @@ -30196,7 +31309,7 @@ index b182c2f..1c6fa8a 100644 goto return_host_buffers; } -@@ -1788,7 +1788,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) +@@ -1778,7 +1778,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) vcc->push(vcc, skb); spin_lock(&he_dev->global_lock); @@ -30205,7 +31318,7 @@ index b182c2f..1c6fa8a 100644 return_host_buffers: ++pdus_assembled; -@@ -2114,7 +2114,7 @@ __enqueue_tpd(struct he_dev *he_dev, struct he_tpd *tpd, unsigned cid) +@@ -2104,7 +2104,7 @@ __enqueue_tpd(struct he_dev *he_dev, struct he_tpd *tpd, unsigned cid) tpd->vcc->pop(tpd->vcc, tpd->skb); else dev_kfree_skb_any(tpd->skb); @@ -30214,7 +31327,7 @@ index b182c2f..1c6fa8a 100644 } pci_pool_free(he_dev->tpd_pool, tpd, TPD_ADDR(tpd->status)); return; -@@ -2526,7 +2526,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2516,7 +2516,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -30223,7 +31336,7 @@ index b182c2f..1c6fa8a 100644 return -EINVAL; } -@@ -2537,7 +2537,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2527,7 +2527,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -30232,7 +31345,7 @@ index b182c2f..1c6fa8a 100644 return -EINVAL; } #endif -@@ -2549,7 +2549,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2539,7 +2539,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -30241,7 +31354,7 @@ index b182c2f..1c6fa8a 100644 spin_unlock_irqrestore(&he_dev->global_lock, flags); return -ENOMEM; } -@@ -2591,7 +2591,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2581,7 +2581,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -30250,7 +31363,7 @@ index b182c2f..1c6fa8a 100644 spin_unlock_irqrestore(&he_dev->global_lock, flags); return -ENOMEM; } -@@ -2622,7 +2622,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2612,7 +2612,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) __enqueue_tpd(he_dev, tpd, cid); spin_unlock_irqrestore(&he_dev->global_lock, flags); @@ -30260,7 +31373,7 @@ index b182c2f..1c6fa8a 100644 return 0; } diff --git a/drivers/atm/horizon.c b/drivers/atm/horizon.c -index 7d01c2a..4e3ac01 100644 +index 1dc0519..1aadaf7 100644 --- a/drivers/atm/horizon.c +++ b/drivers/atm/horizon.c @@ -1034,7 +1034,7 @@ static void rx_schedule (hrz_dev * dev, int irq) { @@ -30282,7 +31395,7 @@ index 7d01c2a..4e3ac01 100644 // free the skb hrz_kfree_skb (skb); diff --git a/drivers/atm/idt77252.c b/drivers/atm/idt77252.c -index 8974bd2..b856f85 100644 +index 272f009..a18ba55 100644 --- a/drivers/atm/idt77252.c +++ b/drivers/atm/idt77252.c @@ -812,7 +812,7 @@ drain_scq(struct idt77252_dev *card, struct vc_map *vc) @@ -30440,7 +31553,7 @@ index 8974bd2..b856f85 100644 } atomic_add(skb->truesize, &sk_atm(vcc)->sk_wmem_alloc); diff --git a/drivers/atm/iphase.c b/drivers/atm/iphase.c -index 96cce6d..62c3ec5 100644 +index 4217f29..88f547a 100644 --- a/drivers/atm/iphase.c +++ b/drivers/atm/iphase.c @@ -1145,7 +1145,7 @@ static int rx_pkt(struct atm_dev *dev) @@ -30540,7 +31653,7 @@ index 96cce6d..62c3ec5 100644 vcc->tx_quota = vcc->tx_quota * 3 / 4; printk("Tx1: vcc->tx_quota = %d \n", (u32)vcc->tx_quota ); diff --git a/drivers/atm/lanai.c b/drivers/atm/lanai.c -index 68c7588..7036683 100644 +index fa7d701..1e404c7 100644 --- a/drivers/atm/lanai.c +++ b/drivers/atm/lanai.c @@ -1303,7 +1303,7 @@ static void lanai_send_one_aal5(struct lanai_dev *lanai, @@ -30598,7 +31711,7 @@ index 68c7588..7036683 100644 lvcc->rx.buf.ptr = &lvcc->rx.buf.start[SERVICE_GET_END(s) * 4]; cardvcc_write(lvcc, SERVICE_GET_END(s), vcc_rxreadptr); diff --git a/drivers/atm/nicstar.c b/drivers/atm/nicstar.c -index 1c70c45..300718d 100644 +index ed1d2b7..8cffc1f 100644 --- a/drivers/atm/nicstar.c +++ b/drivers/atm/nicstar.c @@ -1654,7 +1654,7 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb) @@ -30803,10 +31916,10 @@ index 1c70c45..300718d 100644 } diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c -index 1853a45..cf2426d 100644 +index 0474a89..06ea4a1 100644 --- a/drivers/atm/solos-pci.c +++ b/drivers/atm/solos-pci.c -@@ -714,7 +714,7 @@ void solos_bh(unsigned long card_arg) +@@ -838,7 +838,7 @@ void solos_bh(unsigned long card_arg) } atm_charge(vcc, skb->truesize); vcc->push(vcc, skb); @@ -30815,14 +31928,14 @@ index 1853a45..cf2426d 100644 break; case PKT_STATUS: -@@ -1010,7 +1010,7 @@ static uint32_t fpga_tx(struct solos_card *card) +@@ -1117,7 +1117,7 @@ static uint32_t fpga_tx(struct solos_card *card) vcc = SKB_CB(oldskb)->vcc; if (vcc) { - atomic_inc(&vcc->stats->tx); + atomic_inc_unchecked(&vcc->stats->tx); solos_pop(vcc, oldskb); - } else + } else { dev_kfree_skb_irq(oldskb); diff --git a/drivers/atm/suni.c b/drivers/atm/suni.c index 0215934..ce9f5b1 100644 @@ -30888,7 +32001,7 @@ index 5120a96..e2572bd 100644 } diff --git a/drivers/atm/zatm.c b/drivers/atm/zatm.c -index abe4e20..83c4727 100644 +index 969c3c2..9b72956 100644 --- a/drivers/atm/zatm.c +++ b/drivers/atm/zatm.c @@ -459,7 +459,7 @@ printk("dummy: 0x%08lx, 0x%08lx\n",dummy[0],dummy[1]); @@ -30919,7 +32032,7 @@ index abe4e20..83c4727 100644 } diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c -index 147d1a4..d0fd4b0 100644 +index 17cf7ca..7e553e1 100644 --- a/drivers/base/devtmpfs.c +++ b/drivers/base/devtmpfs.c @@ -347,7 +347,7 @@ int devtmpfs_mount(const char *mntdir) @@ -30971,10 +32084,10 @@ index e6ee5e8..98ad7fc 100644 split_counters(&cnt, &inpr); diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c -index ca83f96..69d4ea9 100644 +index ade58bc..867143d 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c -@@ -1198,6 +1198,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, +@@ -1196,6 +1196,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, int err; u32 cp; @@ -30983,7 +32096,7 @@ index ca83f96..69d4ea9 100644 err = 0; err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info, -@@ -3007,7 +3009,7 @@ static void start_io(ctlr_info_t *h) +@@ -3005,7 +3007,7 @@ static void start_io(ctlr_info_t *h) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, CommandList_struct, list); /* can't do anything if fifo is full */ @@ -30992,7 +32105,7 @@ index ca83f96..69d4ea9 100644 dev_warn(&h->pdev->dev, "fifo full\n"); break; } -@@ -3017,7 +3019,7 @@ static void start_io(ctlr_info_t *h) +@@ -3015,7 +3017,7 @@ static void start_io(ctlr_info_t *h) h->Qdepth--; /* Tell the controller execute command */ @@ -31001,7 +32114,7 @@ index ca83f96..69d4ea9 100644 /* Put job onto the completed Q */ addQ(&h->cmpQ, c); -@@ -3443,17 +3445,17 @@ startio: +@@ -3441,17 +3443,17 @@ startio: static inline unsigned long get_next_completion(ctlr_info_t *h) { @@ -31022,7 +32135,7 @@ index ca83f96..69d4ea9 100644 (h->interrupts_enabled == 0)); } -@@ -3486,7 +3488,7 @@ static inline u32 next_command(ctlr_info_t *h) +@@ -3484,7 +3486,7 @@ static inline u32 next_command(ctlr_info_t *h) u32 a; if (unlikely(!(h->transMethod & CFGTBL_Trans_Performant))) @@ -31031,7 +32144,7 @@ index ca83f96..69d4ea9 100644 if ((*(h->reply_pool_head) & 1) == (h->reply_pool_wraparound)) { a = *(h->reply_pool_head); /* Next cmd in ring buffer */ -@@ -4044,7 +4046,7 @@ static void __devinit cciss_put_controller_into_performant_mode(ctlr_info_t *h) +@@ -4041,7 +4043,7 @@ static void cciss_put_controller_into_performant_mode(ctlr_info_t *h) trans_support & CFGTBL_Trans_use_short_tags); /* Change the access methods to the performant access methods */ @@ -31040,7 +32153,7 @@ index ca83f96..69d4ea9 100644 h->transMethod = CFGTBL_Trans_Performant; return; -@@ -4316,7 +4318,7 @@ static int __devinit cciss_pci_init(ctlr_info_t *h) +@@ -4310,7 +4312,7 @@ static int cciss_pci_init(ctlr_info_t *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -31049,7 +32162,7 @@ index ca83f96..69d4ea9 100644 if (cciss_board_disabled(h)) { dev_warn(&h->pdev->dev, "controller appears to be disabled\n"); -@@ -5041,7 +5043,7 @@ reinit_after_soft_reset: +@@ -5032,7 +5034,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -31058,7 +32171,7 @@ index ca83f96..69d4ea9 100644 rc = cciss_request_irq(h, do_cciss_msix_intr, do_cciss_intx); if (rc) goto clean2; -@@ -5093,7 +5095,7 @@ reinit_after_soft_reset: +@@ -5082,7 +5084,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -31067,7 +32180,7 @@ index ca83f96..69d4ea9 100644 spin_unlock_irqrestore(&h->lock, flags); free_irq(h->intr[h->intr_mode], h); rc = cciss_request_irq(h, cciss_msix_discard_completions, -@@ -5113,9 +5115,9 @@ reinit_after_soft_reset: +@@ -5102,9 +5104,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -31079,7 +32192,7 @@ index ca83f96..69d4ea9 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -5138,7 +5140,7 @@ reinit_after_soft_reset: +@@ -5127,7 +5129,7 @@ reinit_after_soft_reset: cciss_scsi_setup(h); /* Turn the interrupts on so we can service requests */ @@ -31088,7 +32201,7 @@ index ca83f96..69d4ea9 100644 /* Get the firmware version */ inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL); -@@ -5210,7 +5212,7 @@ static void cciss_shutdown(struct pci_dev *pdev) +@@ -5199,7 +5201,7 @@ static void cciss_shutdown(struct pci_dev *pdev) kfree(flush_buf); if (return_code != IO_OK) dev_warn(&h->pdev->dev, "Error flushing cache\n"); @@ -31111,10 +32224,10 @@ index 7fda30e..eb5dfe0 100644 /* queue and queue Info */ struct list_head reqQ; diff --git a/drivers/block/cpqarray.c b/drivers/block/cpqarray.c -index 9125bbe..eede5c8 100644 +index 3f08713..56a586a 100644 --- a/drivers/block/cpqarray.c +++ b/drivers/block/cpqarray.c -@@ -404,7 +404,7 @@ static int __devinit cpqarray_register_ctlr( int i, struct pci_dev *pdev) +@@ -404,7 +404,7 @@ static int cpqarray_register_ctlr(int i, struct pci_dev *pdev) if (register_blkdev(COMPAQ_SMART2_MAJOR+i, hba[i]->devname)) { goto Enomem4; } @@ -31123,7 +32236,7 @@ index 9125bbe..eede5c8 100644 if (request_irq(hba[i]->intr, do_ida_intr, IRQF_DISABLED|IRQF_SHARED, hba[i]->devname, hba[i])) { -@@ -459,7 +459,7 @@ static int __devinit cpqarray_register_ctlr( int i, struct pci_dev *pdev) +@@ -459,7 +459,7 @@ static int cpqarray_register_ctlr(int i, struct pci_dev *pdev) add_timer(&hba[i]->timer); /* Enable IRQ now that spinlock and rate limit timer are set up */ @@ -31141,7 +32254,7 @@ index 9125bbe..eede5c8 100644 break; } } -@@ -792,7 +792,7 @@ static int __devinit cpqarray_eisa_detect(void) +@@ -792,7 +792,7 @@ static int cpqarray_eisa_detect(void) hba[ctlr]->intr = intr; sprintf(hba[ctlr]->devname, "ida%d", nr_ctlr); hba[ctlr]->product_name = products[j].product_name; @@ -31244,11 +32357,11 @@ index be73e9d..7fbf140 100644 cmdlist_t *reqQ; cmdlist_t *cmpQ; diff --git a/drivers/block/drbd/drbd_int.h b/drivers/block/drbd/drbd_int.h -index b953cc7..e3dc580 100644 +index 6b51afa..17e1191 100644 --- a/drivers/block/drbd/drbd_int.h +++ b/drivers/block/drbd/drbd_int.h -@@ -735,7 +735,7 @@ struct drbd_request; - struct drbd_epoch { +@@ -582,7 +582,7 @@ struct drbd_epoch { + struct drbd_tconn *tconn; struct list_head list; unsigned int barrier_nr; - atomic_t epoch_size; /* increased on every request added. */ @@ -31256,159 +32369,71 @@ index b953cc7..e3dc580 100644 atomic_t active; /* increased on every req. added, and dec on every finished. */ unsigned long flags; }; -@@ -1116,7 +1116,7 @@ struct drbd_conf { - void *int_dig_in; - void *int_dig_vv; +@@ -1011,7 +1011,7 @@ struct drbd_conf { + int al_tr_cycle; + int al_tr_pos; /* position of the next transaction in the journal */ wait_queue_head_t seq_wait; - atomic_t packet_seq; + atomic_unchecked_t packet_seq; unsigned int peer_seq; spinlock_t peer_seq_lock; unsigned int minor; -@@ -1658,30 +1658,30 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname, - - static inline void drbd_tcp_cork(struct socket *sock) - { -- int __user val = 1; -+ int val = 1; - (void) drbd_setsockopt(sock, SOL_TCP, TCP_CORK, -- (char __user *)&val, sizeof(val)); -+ (char __force_user *)&val, sizeof(val)); - } - - static inline void drbd_tcp_uncork(struct socket *sock) - { -- int __user val = 0; -+ int val = 0; - (void) drbd_setsockopt(sock, SOL_TCP, TCP_CORK, -- (char __user *)&val, sizeof(val)); -+ (char __force_user *)&val, sizeof(val)); - } - - static inline void drbd_tcp_nodelay(struct socket *sock) - { -- int __user val = 1; -+ int val = 1; - (void) drbd_setsockopt(sock, SOL_TCP, TCP_NODELAY, -- (char __user *)&val, sizeof(val)); -+ (char __force_user *)&val, sizeof(val)); - } +@@ -1527,7 +1527,7 @@ static inline int drbd_setsockopt(struct socket *sock, int level, int optname, + char __user *uoptval; + int err; - static inline void drbd_tcp_quickack(struct socket *sock) - { -- int __user val = 2; -+ int val = 2; - (void) drbd_setsockopt(sock, SOL_TCP, TCP_QUICKACK, -- (char __user *)&val, sizeof(val)); -+ (char __force_user *)&val, sizeof(val)); - } +- uoptval = (char __user __force *)optval; ++ uoptval = (char __force_user *)optval; - void drbd_bump_write_ordering(struct drbd_conf *mdev, enum write_ordering_e wo); + set_fs(KERNEL_DS); + if (level == SOL_SOCKET) diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c -index f55683a..2101b96 100644 +index 8c13eeb..217adee 100644 --- a/drivers/block/drbd/drbd_main.c +++ b/drivers/block/drbd/drbd_main.c -@@ -2556,7 +2556,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packets cmd, - p.sector = sector; - p.block_id = block_id; - p.blksize = blksize; -- p.seq_num = cpu_to_be32(atomic_add_return(1, &mdev->packet_seq)); -+ p.seq_num = cpu_to_be32(atomic_add_return_unchecked(1, &mdev->packet_seq)); - - if (!mdev->meta.socket || mdev->state.conn < C_CONNECTED) - return false; -@@ -2854,7 +2854,7 @@ int drbd_send_dblock(struct drbd_conf *mdev, struct drbd_request *req) - - p.sector = cpu_to_be64(req->sector); - p.block_id = (unsigned long)req; -- p.seq_num = cpu_to_be32(atomic_add_return(1, &mdev->packet_seq)); -+ p.seq_num = cpu_to_be32(atomic_add_return_unchecked(1, &mdev->packet_seq)); +@@ -1317,7 +1317,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packet cmd, + p->sector = sector; + p->block_id = block_id; + p->blksize = blksize; +- p->seq_num = cpu_to_be32(atomic_inc_return(&mdev->packet_seq)); ++ p->seq_num = cpu_to_be32(atomic_inc_return_unchecked(&mdev->packet_seq)); + return drbd_send_command(mdev, sock, cmd, sizeof(*p), NULL, 0); + } +@@ -1619,7 +1619,7 @@ int drbd_send_dblock(struct drbd_conf *mdev, struct drbd_request *req) + return -EIO; + p->sector = cpu_to_be64(req->i.sector); + p->block_id = (unsigned long)req; +- p->seq_num = cpu_to_be32(atomic_inc_return(&mdev->packet_seq)); ++ p->seq_num = cpu_to_be32(atomic_inc_return_unchecked(&mdev->packet_seq)); dp_flags = bio_flags_to_wire(mdev, req->master_bio->bi_rw); + if (mdev->state.conn >= C_SYNC_SOURCE && + mdev->state.conn <= C_PAUSED_SYNC_T) +@@ -2574,8 +2574,8 @@ void conn_destroy(struct kref *kref) + { + struct drbd_tconn *tconn = container_of(kref, struct drbd_tconn, kref); -@@ -3139,7 +3139,7 @@ void drbd_init_set_defaults(struct drbd_conf *mdev) - atomic_set(&mdev->unacked_cnt, 0); - atomic_set(&mdev->local_cnt, 0); - atomic_set(&mdev->net_cnt, 0); -- atomic_set(&mdev->packet_seq, 0); -+ atomic_set_unchecked(&mdev->packet_seq, 0); - atomic_set(&mdev->pp_in_use, 0); - atomic_set(&mdev->pp_in_use_by_net, 0); - atomic_set(&mdev->rs_sect_in, 0); -@@ -3221,8 +3221,8 @@ void drbd_mdev_cleanup(struct drbd_conf *mdev) - mdev->receiver.t_state); - - /* no need to lock it, I'm the only thread alive */ -- if (atomic_read(&mdev->current_epoch->epoch_size) != 0) -- dev_err(DEV, "epoch_size:%d\n", atomic_read(&mdev->current_epoch->epoch_size)); -+ if (atomic_read_unchecked(&mdev->current_epoch->epoch_size) != 0) -+ dev_err(DEV, "epoch_size:%d\n", atomic_read_unchecked(&mdev->current_epoch->epoch_size)); - mdev->al_writ_cnt = - mdev->bm_writ_cnt = - mdev->read_cnt = -diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c -index edb490a..ecd69da 100644 ---- a/drivers/block/drbd/drbd_nl.c -+++ b/drivers/block/drbd/drbd_nl.c -@@ -2407,7 +2407,7 @@ static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms - module_put(THIS_MODULE); - } - --static atomic_t drbd_nl_seq = ATOMIC_INIT(2); /* two. */ -+static atomic_unchecked_t drbd_nl_seq = ATOMIC_INIT(2); /* two. */ - - static unsigned short * - __tl_add_blob(unsigned short *tl, enum drbd_tags tag, const void *data, -@@ -2478,7 +2478,7 @@ void drbd_bcast_state(struct drbd_conf *mdev, union drbd_state state) - cn_reply->id.idx = CN_IDX_DRBD; - cn_reply->id.val = CN_VAL_DRBD; - -- cn_reply->seq = atomic_add_return(1, &drbd_nl_seq); -+ cn_reply->seq = atomic_add_return_unchecked(1, &drbd_nl_seq); - cn_reply->ack = 0; /* not used here. */ - cn_reply->len = sizeof(struct drbd_nl_cfg_reply) + - (int)((char *)tl - (char *)reply->tag_list); -@@ -2510,7 +2510,7 @@ void drbd_bcast_ev_helper(struct drbd_conf *mdev, char *helper_name) - cn_reply->id.idx = CN_IDX_DRBD; - cn_reply->id.val = CN_VAL_DRBD; - -- cn_reply->seq = atomic_add_return(1, &drbd_nl_seq); -+ cn_reply->seq = atomic_add_return_unchecked(1, &drbd_nl_seq); - cn_reply->ack = 0; /* not used here. */ - cn_reply->len = sizeof(struct drbd_nl_cfg_reply) + - (int)((char *)tl - (char *)reply->tag_list); -@@ -2588,7 +2588,7 @@ void drbd_bcast_ee(struct drbd_conf *mdev, - cn_reply->id.idx = CN_IDX_DRBD; - cn_reply->id.val = CN_VAL_DRBD; - -- cn_reply->seq = atomic_add_return(1,&drbd_nl_seq); -+ cn_reply->seq = atomic_add_return_unchecked(1,&drbd_nl_seq); - cn_reply->ack = 0; // not used here. - cn_reply->len = sizeof(struct drbd_nl_cfg_reply) + - (int)((char*)tl - (char*)reply->tag_list); -@@ -2627,7 +2627,7 @@ void drbd_bcast_sync_progress(struct drbd_conf *mdev) - cn_reply->id.idx = CN_IDX_DRBD; - cn_reply->id.val = CN_VAL_DRBD; - -- cn_reply->seq = atomic_add_return(1, &drbd_nl_seq); -+ cn_reply->seq = atomic_add_return_unchecked(1, &drbd_nl_seq); - cn_reply->ack = 0; /* not used here. */ - cn_reply->len = sizeof(struct drbd_nl_cfg_reply) + - (int)((char *)tl - (char *)reply->tag_list); +- if (atomic_read(&tconn->current_epoch->epoch_size) != 0) +- conn_err(tconn, "epoch_size:%d\n", atomic_read(&tconn->current_epoch->epoch_size)); ++ if (atomic_read_unchecked(&tconn->current_epoch->epoch_size) != 0) ++ conn_err(tconn, "epoch_size:%d\n", atomic_read_unchecked(&tconn->current_epoch->epoch_size)); + kfree(tconn->current_epoch); + + idr_destroy(&tconn->volumes); diff --git a/drivers/block/drbd/drbd_receiver.c b/drivers/block/drbd/drbd_receiver.c -index c74ca2d..860c819 100644 +index a9eccfc..68e4533 100644 --- a/drivers/block/drbd/drbd_receiver.c +++ b/drivers/block/drbd/drbd_receiver.c -@@ -898,7 +898,7 @@ retry: - sock->sk->sk_sndtimeo = mdev->net_conf->timeout*HZ/10; - sock->sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT; +@@ -833,7 +833,7 @@ int drbd_connected(struct drbd_conf *mdev) + { + int err; - atomic_set(&mdev->packet_seq, 0); + atomic_set_unchecked(&mdev->packet_seq, 0); mdev->peer_seq = 0; - if (drbd_send_protocol(mdev) == -1) -@@ -999,7 +999,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_conf *mdev, + mdev->state_mutex = mdev->tconn->agreed_pro_version < 100 ? +@@ -1191,7 +1191,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_tconn *tconn, do { next_epoch = NULL; @@ -31417,7 +32442,7 @@ index c74ca2d..860c819 100644 switch (ev & ~EV_CLEANUP) { case EV_PUT: -@@ -1035,7 +1035,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_conf *mdev, +@@ -1231,7 +1231,7 @@ static enum finish_epoch drbd_may_finish_epoch(struct drbd_tconn *tconn, rv = FE_DESTROYED; } else { epoch->flags = 0; @@ -31426,24 +32451,16 @@ index c74ca2d..860c819 100644 /* atomic_set(&epoch->active, 0); is already zero */ if (rv == FE_STILL_LIVE) rv = FE_RECYCLED; -@@ -1210,14 +1210,14 @@ static int receive_Barrier(struct drbd_conf *mdev, enum drbd_packets cmd, unsign - drbd_wait_ee_list_empty(mdev, &mdev->active_ee); - drbd_flush(mdev); +@@ -1449,7 +1449,7 @@ static int receive_Barrier(struct drbd_tconn *tconn, struct packet_info *pi) + conn_wait_active_ee_empty(tconn); + drbd_flush(tconn); -- if (atomic_read(&mdev->current_epoch->epoch_size)) { -+ if (atomic_read_unchecked(&mdev->current_epoch->epoch_size)) { +- if (atomic_read(&tconn->current_epoch->epoch_size)) { ++ if (atomic_read_unchecked(&tconn->current_epoch->epoch_size)) { epoch = kmalloc(sizeof(struct drbd_epoch), GFP_NOIO); if (epoch) break; - } - - epoch = mdev->current_epoch; -- wait_event(mdev->ee_wait, atomic_read(&epoch->epoch_size) == 0); -+ wait_event(mdev->ee_wait, atomic_read_unchecked(&epoch->epoch_size) == 0); - - D_ASSERT(atomic_read(&epoch->active) == 0); - D_ASSERT(epoch->flags == 0); -@@ -1229,11 +1229,11 @@ static int receive_Barrier(struct drbd_conf *mdev, enum drbd_packets cmd, unsign +@@ -1462,11 +1462,11 @@ static int receive_Barrier(struct drbd_tconn *tconn, struct packet_info *pi) } epoch->flags = 0; @@ -31451,41 +32468,41 @@ index c74ca2d..860c819 100644 + atomic_set_unchecked(&epoch->epoch_size, 0); atomic_set(&epoch->active, 0); - spin_lock(&mdev->epoch_lock); -- if (atomic_read(&mdev->current_epoch->epoch_size)) { -+ if (atomic_read_unchecked(&mdev->current_epoch->epoch_size)) { - list_add(&epoch->list, &mdev->current_epoch->list); - mdev->current_epoch = epoch; - mdev->epochs++; -@@ -1702,7 +1702,7 @@ static int receive_Data(struct drbd_conf *mdev, enum drbd_packets cmd, unsigned - spin_unlock(&mdev->peer_seq_lock); - - drbd_send_ack_dp(mdev, P_NEG_ACK, p, data_size); -- atomic_inc(&mdev->current_epoch->epoch_size); -+ atomic_inc_unchecked(&mdev->current_epoch->epoch_size); - return drbd_drain_block(mdev, data_size); - } - -@@ -1732,7 +1732,7 @@ static int receive_Data(struct drbd_conf *mdev, enum drbd_packets cmd, unsigned - - spin_lock(&mdev->epoch_lock); - e->epoch = mdev->current_epoch; -- atomic_inc(&e->epoch->epoch_size); -+ atomic_inc_unchecked(&e->epoch->epoch_size); - atomic_inc(&e->epoch->active); - spin_unlock(&mdev->epoch_lock); - -@@ -3954,7 +3954,7 @@ static void drbd_disconnect(struct drbd_conf *mdev) - D_ASSERT(list_empty(&mdev->done_ee)); - + spin_lock(&tconn->epoch_lock); +- if (atomic_read(&tconn->current_epoch->epoch_size)) { ++ if (atomic_read_unchecked(&tconn->current_epoch->epoch_size)) { + list_add(&epoch->list, &tconn->current_epoch->list); + tconn->current_epoch = epoch; + tconn->epochs++; +@@ -2170,7 +2170,7 @@ static int receive_Data(struct drbd_tconn *tconn, struct packet_info *pi) + + err = wait_for_and_update_peer_seq(mdev, peer_seq); + drbd_send_ack_dp(mdev, P_NEG_ACK, p, pi->size); +- atomic_inc(&tconn->current_epoch->epoch_size); ++ atomic_inc_unchecked(&tconn->current_epoch->epoch_size); + err2 = drbd_drain_block(mdev, pi->size); + if (!err) + err = err2; +@@ -2204,7 +2204,7 @@ static int receive_Data(struct drbd_tconn *tconn, struct packet_info *pi) + + spin_lock(&tconn->epoch_lock); + peer_req->epoch = tconn->current_epoch; +- atomic_inc(&peer_req->epoch->epoch_size); ++ atomic_inc_unchecked(&peer_req->epoch->epoch_size); + atomic_inc(&peer_req->epoch->active); + spin_unlock(&tconn->epoch_lock); + +@@ -4466,7 +4466,7 @@ static void conn_disconnect(struct drbd_tconn *tconn) + if (!list_empty(&tconn->current_epoch->list)) + conn_err(tconn, "ASSERTION FAILED: tconn->current_epoch->list not empty\n"); /* ok, no more ee's on the fly, it is safe to reset the epoch_size */ -- atomic_set(&mdev->current_epoch->epoch_size, 0); -+ atomic_set_unchecked(&mdev->current_epoch->epoch_size, 0); - D_ASSERT(list_empty(&mdev->current_epoch->list)); - } +- atomic_set(&tconn->current_epoch->epoch_size, 0); ++ atomic_set_unchecked(&tconn->current_epoch->epoch_size, 0); + tconn->send.seen_any_write_yet = false; + conn_info(tconn, "Connection closed\n"); diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index 54046e5..7759c55 100644 +index ae12512..37fa397 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -226,7 +226,7 @@ static int __do_lo_send_write(struct file *file, @@ -31532,7 +32549,7 @@ index d620b44..587561e 100644 } diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c -index 75d485a..2809958 100644 +index d59cdcb..11afddf 100644 --- a/drivers/cdrom/gdrom.c +++ b/drivers/cdrom/gdrom.c @@ -491,7 +491,6 @@ static struct cdrom_device_ops gdrom_ops = { @@ -31591,7 +32608,7 @@ index 21cb980..f15107c 100644 return -EINVAL; else diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c -index dfd7876..c0b0885 100644 +index fe6d4be..89f32100 100644 --- a/drivers/char/hpet.c +++ b/drivers/char/hpet.c @@ -571,7 +571,7 @@ static inline unsigned long hpet_time_div(struct hpets *hpets, @@ -31604,7 +32621,7 @@ index dfd7876..c0b0885 100644 { struct hpet_timer __iomem *timer; diff --git a/drivers/char/ipmi/ipmi_msghandler.c b/drivers/char/ipmi/ipmi_msghandler.c -index a0c84bb..9edcf60 100644 +index 053201b0..8335cce 100644 --- a/drivers/char/ipmi/ipmi_msghandler.c +++ b/drivers/char/ipmi/ipmi_msghandler.c @@ -420,7 +420,7 @@ struct ipmi_smi { @@ -31638,7 +32655,7 @@ index a0c84bb..9edcf60 100644 intf->proc_dir = NULL; diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c -index 32a6c7e..f6966a9 100644 +index 1c7fdcd..4899100 100644 --- a/drivers/char/ipmi/ipmi_si_intf.c +++ b/drivers/char/ipmi/ipmi_si_intf.c @@ -275,7 +275,7 @@ struct smi_info { @@ -31672,7 +32689,7 @@ index 32a6c7e..f6966a9 100644 new_smi->interrupt_disabled = 1; atomic_set(&new_smi->stop_operation, 0); diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index 0537903..121c699 100644 +index c6fa3bc..4ca3e42 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -18,6 +18,7 @@ @@ -31821,10 +32838,10 @@ index 9df78e2..01ba9ae 100644 *ppos = i; diff --git a/drivers/char/pcmcia/synclink_cs.c b/drivers/char/pcmcia/synclink_cs.c -index 21721d2..4e98777 100644 +index b66eaa0..2619d1b 100644 --- a/drivers/char/pcmcia/synclink_cs.c +++ b/drivers/char/pcmcia/synclink_cs.c -@@ -2346,9 +2346,9 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) +@@ -2348,9 +2348,9 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgslpc_close(%s) entry, count=%d\n", @@ -31836,7 +32853,7 @@ index 21721d2..4e98777 100644 if (tty_port_close_start(port, tty, filp) == 0) goto cleanup; -@@ -2366,7 +2366,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) +@@ -2368,7 +2368,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) cleanup: if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgslpc_close(%s) exit, count=%d\n", __FILE__,__LINE__, @@ -31845,7 +32862,7 @@ index 21721d2..4e98777 100644 } /* Wait until the transmitter is empty. -@@ -2508,7 +2508,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) +@@ -2510,7 +2510,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgslpc_open(%s), old ref count = %d\n", @@ -31854,7 +32871,7 @@ index 21721d2..4e98777 100644 /* If port is closing, signal caller to try again */ if (tty_hung_up_p(filp) || port->flags & ASYNC_CLOSING){ -@@ -2528,11 +2528,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) +@@ -2530,11 +2530,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) goto cleanup; } spin_lock(&port->lock); @@ -31868,7 +32885,7 @@ index 21721d2..4e98777 100644 /* 1st open on this device, init hardware */ retval = startup(info, tty); if (retval < 0) -@@ -3886,7 +3886,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, +@@ -3889,7 +3889,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, unsigned short new_crctype; /* return error if TTY interface open */ @@ -31877,7 +32894,7 @@ index 21721d2..4e98777 100644 return -EBUSY; switch (encoding) -@@ -3989,7 +3989,7 @@ static int hdlcdev_open(struct net_device *dev) +@@ -3992,7 +3992,7 @@ static int hdlcdev_open(struct net_device *dev) /* arbitrate between network and tty opens */ spin_lock_irqsave(&info->netlock, flags); @@ -31886,7 +32903,7 @@ index 21721d2..4e98777 100644 printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name); spin_unlock_irqrestore(&info->netlock, flags); return -EBUSY; -@@ -4078,7 +4078,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) +@@ -4081,7 +4081,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name); /* return error if TTY interface open */ @@ -31896,7 +32913,7 @@ index 21721d2..4e98777 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/char/random.c b/drivers/char/random.c -index b86eae9..b9c2ed7 100644 +index 85e81ec..bce8b97 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -272,8 +272,13 @@ @@ -31931,15 +32948,7 @@ index b86eae9..b9c2ed7 100644 #if 0 /* x^2048 + x^1638 + x^1231 + x^819 + x^411 + x + 1 -- 115 */ { 2048, 1638, 1231, 819, 411, 1 }, -@@ -437,6 +449,7 @@ struct entropy_store { - int entropy_count; - int entropy_total; - unsigned int initialized:1; -+ bool last_data_init; - __u8 last_data[EXTRACT_SIZE]; - }; - -@@ -527,8 +540,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in, +@@ -524,8 +536,8 @@ static void _mix_pool_bytes(struct entropy_store *r, const void *in, input_rotate += i ? 7 : 14; } @@ -31950,36 +32959,7 @@ index b86eae9..b9c2ed7 100644 smp_wmb(); if (out) -@@ -957,6 +970,10 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, - ssize_t ret = 0, i; - __u8 tmp[EXTRACT_SIZE]; - -+ /* if last_data isn't primed, we need EXTRACT_SIZE extra bytes */ -+ if (fips_enabled && !r->last_data_init) -+ nbytes += EXTRACT_SIZE; -+ - trace_extract_entropy(r->name, nbytes, r->entropy_count, _RET_IP_); - xfer_secondary_pool(r, nbytes); - nbytes = account(r, nbytes, min, reserved); -@@ -967,6 +984,17 @@ static ssize_t extract_entropy(struct entropy_store *r, void *buf, - if (fips_enabled) { - unsigned long flags; - -+ -+ /* prime last_data value if need be, per fips 140-2 */ -+ if (!r->last_data_init) { -+ spin_lock_irqsave(&r->lock, flags); -+ memcpy(r->last_data, tmp, EXTRACT_SIZE); -+ r->last_data_init = true; -+ nbytes -= EXTRACT_SIZE; -+ spin_unlock_irqrestore(&r->lock, flags); -+ extract_buf(r, tmp); -+ } -+ - spin_lock_irqsave(&r->lock, flags); - if (!memcmp(tmp, r->last_data, EXTRACT_SIZE)) - panic("Hardware RNG duplicated output!\n"); -@@ -1008,7 +1036,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, +@@ -1020,7 +1032,7 @@ static ssize_t extract_entropy_user(struct entropy_store *r, void __user *buf, extract_buf(r, tmp); i = min_t(int, nbytes, EXTRACT_SIZE); @@ -31988,15 +32968,7 @@ index b86eae9..b9c2ed7 100644 ret = -EFAULT; break; } -@@ -1086,6 +1114,7 @@ static void init_std_data(struct entropy_store *r) - - r->entropy_count = 0; - r->entropy_total = 0; -+ r->last_data_init = false; - mix_pool_bytes(r, &now, sizeof(now), NULL); - for (i = r->poolinfo->POOLBYTES; i > 0; i -= sizeof(rv)) { - if (!arch_get_random_long(&rv)) -@@ -1342,7 +1371,7 @@ EXPORT_SYMBOL(generate_random_uuid); +@@ -1356,7 +1368,7 @@ EXPORT_SYMBOL(generate_random_uuid); #include <linux/sysctl.h> static int min_read_thresh = 8, min_write_thresh; @@ -32006,7 +32978,7 @@ index b86eae9..b9c2ed7 100644 static char sysctl_bootid[16]; diff --git a/drivers/char/sonypi.c b/drivers/char/sonypi.c -index 9b4f011..b7e0a1a 100644 +index d780295..b29f3a8 100644 --- a/drivers/char/sonypi.c +++ b/drivers/char/sonypi.c @@ -54,6 +54,7 @@ @@ -32111,10 +33083,10 @@ index 84ddc55..1d32f1e 100644 return 0; } diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c -index 088c8fd..774c5a5 100644 +index ee4dbea..69c817b 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c -@@ -622,7 +622,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, +@@ -681,7 +681,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, if (to_user) { ssize_t ret; @@ -32123,7 +33095,7 @@ index 088c8fd..774c5a5 100644 if (ret) return -EFAULT; } else { -@@ -721,7 +721,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf, +@@ -780,7 +780,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf, if (!port_has_data(port) && !port->host_connected) return 0; @@ -32132,39 +33104,60 @@ index 088c8fd..774c5a5 100644 } static int wait_port_writable(struct port *port, bool nonblock) -diff --git a/drivers/edac/edac_mc.c b/drivers/edac/edac_mc.c -index 75c0a1a..96ba8f6 100644 ---- a/drivers/edac/edac_mc.c -+++ b/drivers/edac/edac_mc.c -@@ -340,7 +340,7 @@ struct mem_ctl_info *edac_mc_alloc(unsigned mc_num, - /* - * Alocate and fill the csrow/channels structs - */ -- mci->csrows = kcalloc(sizeof(*mci->csrows), tot_csrows, GFP_KERNEL); -+ mci->csrows = kcalloc(tot_csrows, sizeof(*mci->csrows), GFP_KERNEL); - if (!mci->csrows) - goto error; - for (row = 0; row < tot_csrows; row++) { -@@ -351,7 +351,7 @@ struct mem_ctl_info *edac_mc_alloc(unsigned mc_num, - csr->csrow_idx = row; - csr->mci = mci; - csr->nr_channels = tot_channels; -- csr->channels = kcalloc(sizeof(*csr->channels), tot_channels, -+ csr->channels = kcalloc(tot_channels, sizeof(*csr->channels), - GFP_KERNEL); - if (!csr->channels) - goto error; -@@ -369,7 +369,7 @@ struct mem_ctl_info *edac_mc_alloc(unsigned mc_num, - /* - * Allocate and fill the dimm structs - */ -- mci->dimms = kcalloc(sizeof(*mci->dimms), tot_dimms, GFP_KERNEL); -+ mci->dimms = kcalloc(tot_dimms, sizeof(*mci->dimms), GFP_KERNEL); - if (!mci->dimms) - goto error; +diff --git a/drivers/clocksource/arm_generic.c b/drivers/clocksource/arm_generic.c +index 8ae1a61..9c00613 100644 +--- a/drivers/clocksource/arm_generic.c ++++ b/drivers/clocksource/arm_generic.c +@@ -181,7 +181,7 @@ static int __cpuinit arch_timer_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block __cpuinitdata arch_timer_cpu_nb = { ++static struct notifier_block arch_timer_cpu_nb = { + .notifier_call = arch_timer_cpu_notify, + }; + +diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c +index 1f93dbd..edf95ff 100644 +--- a/drivers/cpufreq/cpufreq.c ++++ b/drivers/cpufreq/cpufreq.c +@@ -1843,7 +1843,7 @@ static int __cpuinit cpufreq_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block __refdata cpufreq_cpu_notifier = { ++static struct notifier_block cpufreq_cpu_notifier = { + .notifier_call = cpufreq_cpu_callback, + }; + +diff --git a/drivers/cpufreq/cpufreq_stats.c b/drivers/cpufreq/cpufreq_stats.c +index 9d7732b..0b1a793 100644 +--- a/drivers/cpufreq/cpufreq_stats.c ++++ b/drivers/cpufreq/cpufreq_stats.c +@@ -340,7 +340,7 @@ static int __cpuinit cpufreq_stat_cpu_callback(struct notifier_block *nfb, + } + /* priority=1 so this will get called before cpufreq_remove_dev */ +-static struct notifier_block cpufreq_stat_cpu_notifier __refdata = { ++static struct notifier_block cpufreq_stat_cpu_notifier = { + .notifier_call = cpufreq_stat_cpu_callback, + .priority = 1, + }; +diff --git a/drivers/dma/sh/shdma.c b/drivers/dma/sh/shdma.c +index 3315e4b..fc38316 100644 +--- a/drivers/dma/sh/shdma.c ++++ b/drivers/dma/sh/shdma.c +@@ -476,7 +476,7 @@ static int sh_dmae_nmi_handler(struct notifier_block *self, + return ret; + } + +-static struct notifier_block sh_dmae_nmi_notifier __read_mostly = { ++static struct notifier_block sh_dmae_nmi_notifier = { + .notifier_call = sh_dmae_nmi_handler, + + /* Run before NMI debug handler and KGDB */ diff --git a/drivers/edac/edac_pci_sysfs.c b/drivers/edac/edac_pci_sysfs.c -index 1bfb207..0d059c2 100644 +index 0056c4d..725934f 100644 --- a/drivers/edac/edac_pci_sysfs.c +++ b/drivers/edac/edac_pci_sysfs.c @@ -26,8 +26,8 @@ static int edac_pci_log_pe = 1; /* log PCI parity errors */ @@ -32232,7 +33225,7 @@ index 1bfb207..0d059c2 100644 } } } -@@ -676,7 +676,7 @@ void edac_pci_do_parity_check(void) +@@ -672,7 +672,7 @@ void edac_pci_do_parity_check(void) if (!check_pci_errors) return; @@ -32241,7 +33234,7 @@ index 1bfb207..0d059c2 100644 /* scan all PCI devices looking for a Parity Error on devices and * bridges. -@@ -688,7 +688,7 @@ void edac_pci_do_parity_check(void) +@@ -684,7 +684,7 @@ void edac_pci_do_parity_check(void) /* Only if operator has selected panic on PCI Error */ if (edac_pci_get_panic_on_pe()) { /* If the count is different 'after' from 'before' */ @@ -32251,13 +33244,13 @@ index 1bfb207..0d059c2 100644 } } diff --git a/drivers/edac/mce_amd.h b/drivers/edac/mce_amd.h -index 8c87a5e..a19cbd7 100644 +index 6796799..99e8377 100644 --- a/drivers/edac/mce_amd.h +++ b/drivers/edac/mce_amd.h -@@ -80,7 +80,7 @@ extern const char * const ii_msgs[]; +@@ -78,7 +78,7 @@ extern const char * const ii_msgs[]; struct amd_decoder_ops { - bool (*dc_mce)(u16, u8); - bool (*ic_mce)(u16, u8); + bool (*mc0_mce)(u16, u8); + bool (*mc1_mce)(u16, u8); -}; +} __no_const; @@ -32340,20 +33333,20 @@ index 982f1f5..d21e5da 100644 iounmap(buf); return 0; diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c -index bfd8f43..b1fe1f8 100644 +index f5596db..9355ce6 100644 --- a/drivers/firmware/efivars.c +++ b/drivers/firmware/efivars.c -@@ -1206,7 +1206,7 @@ out: - EXPORT_SYMBOL_GPL(register_efivars); +@@ -132,7 +132,7 @@ struct efivar_attribute { + }; static struct efivars __efivars; -static struct efivar_operations ops; +static efivar_operations_no_const ops __read_only; - /* - * For now we register the efi subsystem with the firmware subsystem + #define PSTORE_EFI_ATTRIBUTES \ + (EFI_VARIABLE_NON_VOLATILE | \ diff --git a/drivers/gpio/gpio-vr41xx.c b/drivers/gpio/gpio-vr41xx.c -index 82d5c20..44a7177 100644 +index 9902732..64b62dd 100644 --- a/drivers/gpio/gpio-vr41xx.c +++ b/drivers/gpio/gpio-vr41xx.c @@ -204,7 +204,7 @@ static int giu_get_irq(unsigned int irq) @@ -32366,10 +33359,10 @@ index 82d5c20..44a7177 100644 return -EINVAL; } diff --git a/drivers/gpu/drm/drm_crtc_helper.c b/drivers/gpu/drm/drm_crtc_helper.c -index 1227adf..f2301c2 100644 +index 7b2d378..cc947ea 100644 --- a/drivers/gpu/drm/drm_crtc_helper.c +++ b/drivers/gpu/drm/drm_crtc_helper.c -@@ -286,7 +286,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder, +@@ -319,7 +319,7 @@ static bool drm_encoder_crtc_ok(struct drm_encoder *encoder, struct drm_crtc *tmp; int crtc_mask = 1; @@ -32601,7 +33594,7 @@ index 2f4c434..764794b 100644 if (__put_user(count, &request->count) || __put_user(list, &request->list)) diff --git a/drivers/gpu/drm/drm_ioctl.c b/drivers/gpu/drm/drm_ioctl.c -index 23dd975..63e9801 100644 +index e77bd8b..1571b85 100644 --- a/drivers/gpu/drm/drm_ioctl.c +++ b/drivers/gpu/drm/drm_ioctl.c @@ -252,7 +252,7 @@ int drm_getstats(struct drm_device *dev, void *data, @@ -32636,10 +33629,10 @@ index d752c96..fe08455 100644 if (drm_lock_free(&master->lock, lock->context)) { /* FIXME: Should really bail out here. */ diff --git a/drivers/gpu/drm/drm_stub.c b/drivers/gpu/drm/drm_stub.c -index c236fd2..6b5f2e7 100644 +index 200e104..59facda 100644 --- a/drivers/gpu/drm/drm_stub.c +++ b/drivers/gpu/drm/drm_stub.c -@@ -511,7 +511,7 @@ void drm_unplug_dev(struct drm_device *dev) +@@ -516,7 +516,7 @@ void drm_unplug_dev(struct drm_device *dev) drm_device_set_unplugged(dev); @@ -32690,7 +33683,7 @@ index 6e0acad..93c8289 100644 int front_offset; } drm_i810_private_t; diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c -index 3a1a495..995c093 100644 +index 9d4a2c2..32a119f 100644 --- a/drivers/gpu/drm/i915/i915_debugfs.c +++ b/drivers/gpu/drm/i915/i915_debugfs.c @@ -496,7 +496,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data) @@ -32703,10 +33696,10 @@ index 3a1a495..995c093 100644 if (IS_GEN6(dev) || IS_GEN7(dev)) { seq_printf(m, diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c -index 61ae104..f8a4bc1 100644 +index 99daa89..84ebd44 100644 --- a/drivers/gpu/drm/i915/i915_dma.c +++ b/drivers/gpu/drm/i915/i915_dma.c -@@ -1274,7 +1274,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) +@@ -1253,7 +1253,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -32716,11 +33709,11 @@ index 61ae104..f8a4bc1 100644 return can_switch; } diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h -index 92f1750..3beba74 100644 +index 12ab3bd..b3bed3b 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h -@@ -430,7 +430,7 @@ typedef struct drm_i915_private { - +@@ -656,7 +656,7 @@ typedef struct drm_i915_private { + drm_dma_handle_t *status_page_dmah; struct resource mch_res; - atomic_t irq_received; @@ -32728,16 +33721,16 @@ index 92f1750..3beba74 100644 /* protects the irq masks */ spinlock_t irq_lock; -@@ -1055,7 +1055,7 @@ struct drm_i915_gem_object { +@@ -1102,7 +1102,7 @@ struct drm_i915_gem_object { * will be page flipped away on the next vblank. When it * reaches 0, dev_priv->pending_flip_queue will be woken up. */ - atomic_t pending_flip; + atomic_unchecked_t pending_flip; }; + #define to_gem_object(obj) (&((struct drm_i915_gem_object *)(obj))->base) - #define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base) -@@ -1558,7 +1558,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter( +@@ -1633,7 +1633,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter( struct drm_i915_private *dev_priv, unsigned port); extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed); extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit); @@ -32747,10 +33740,10 @@ index 92f1750..3beba74 100644 return container_of(adapter, struct intel_gmbus, adapter)->force_bit; } diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index 67036e9..b9f1357 100644 +index 26d08bb..fccb984 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -@@ -681,7 +681,7 @@ i915_gem_execbuffer_move_to_gpu(struct intel_ring_buffer *ring, +@@ -672,7 +672,7 @@ i915_gem_execbuffer_move_to_gpu(struct intel_ring_buffer *ring, i915_gem_clflush_object(obj); if (obj->base.pending_write_domain) @@ -32759,7 +33752,7 @@ index 67036e9..b9f1357 100644 flush_domains |= obj->base.write_domain; } -@@ -712,9 +712,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) +@@ -703,9 +703,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) static int validate_exec_list(struct drm_i915_gem_exec_object2 *exec, @@ -32772,10 +33765,10 @@ index 67036e9..b9f1357 100644 for (i = 0; i < count; i++) { char __user *ptr = (char __user *)(uintptr_t)exec[i].relocs_ptr; diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index dc29ace..137d83a 100644 +index fe84338..a863190 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c -@@ -531,7 +531,7 @@ static irqreturn_t valleyview_irq_handler(DRM_IRQ_ARGS) +@@ -535,7 +535,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg) u32 pipe_stats[I915_MAX_PIPES]; bool blc_event; @@ -32784,7 +33777,7 @@ index dc29ace..137d83a 100644 while (true) { iir = I915_READ(VLV_IIR); -@@ -678,7 +678,7 @@ static irqreturn_t ivybridge_irq_handler(DRM_IRQ_ARGS) +@@ -688,7 +688,7 @@ static irqreturn_t ivybridge_irq_handler(int irq, void *arg) irqreturn_t ret = IRQ_NONE; int i; @@ -32793,16 +33786,16 @@ index dc29ace..137d83a 100644 /* disable master interrupt before clearing iir */ de_ier = I915_READ(DEIER); -@@ -753,7 +753,7 @@ static irqreturn_t ironlake_irq_handler(DRM_IRQ_ARGS) +@@ -760,7 +760,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg) + int ret = IRQ_NONE; u32 de_iir, gt_iir, de_ier, pch_iir, pm_iir; - u32 hotplug_mask; - atomic_inc(&dev_priv->irq_received); + atomic_inc_unchecked(&dev_priv->irq_received); /* disable master interrupt before clearing iir */ de_ier = I915_READ(DEIER); -@@ -1762,7 +1762,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) +@@ -1787,7 +1787,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) { drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; @@ -32811,7 +33804,7 @@ index dc29ace..137d83a 100644 I915_WRITE(HWSTAM, 0xeffe); -@@ -1788,7 +1788,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev) +@@ -1813,7 +1813,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -32820,7 +33813,7 @@ index dc29ace..137d83a 100644 /* VLV magic */ I915_WRITE(VLV_IMR, 0); -@@ -2093,7 +2093,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev) +@@ -2108,7 +2108,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -32829,7 +33822,7 @@ index dc29ace..137d83a 100644 for_each_pipe(pipe) I915_WRITE(PIPESTAT(pipe), 0); -@@ -2144,7 +2144,7 @@ static irqreturn_t i8xx_irq_handler(DRM_IRQ_ARGS) +@@ -2159,7 +2159,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg) I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT | I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT; @@ -32838,7 +33831,7 @@ index dc29ace..137d83a 100644 iir = I915_READ16(IIR); if (iir == 0) -@@ -2229,7 +2229,7 @@ static void i915_irq_preinstall(struct drm_device * dev) +@@ -2244,7 +2244,7 @@ static void i915_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -32847,7 +33840,7 @@ index dc29ace..137d83a 100644 if (I915_HAS_HOTPLUG(dev)) { I915_WRITE(PORT_HOTPLUG_EN, 0); -@@ -2324,7 +2324,7 @@ static irqreturn_t i915_irq_handler(DRM_IRQ_ARGS) +@@ -2339,7 +2339,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg) }; int pipe, ret = IRQ_NONE; @@ -32856,7 +33849,7 @@ index dc29ace..137d83a 100644 iir = I915_READ(IIR); do { -@@ -2450,7 +2450,7 @@ static void i965_irq_preinstall(struct drm_device * dev) +@@ -2465,7 +2465,7 @@ static void i965_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -32865,7 +33858,7 @@ index dc29ace..137d83a 100644 I915_WRITE(PORT_HOTPLUG_EN, 0); I915_WRITE(PORT_HOTPLUG_STAT, I915_READ(PORT_HOTPLUG_STAT)); -@@ -2557,7 +2557,7 @@ static irqreturn_t i965_irq_handler(DRM_IRQ_ARGS) +@@ -2572,7 +2572,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg) int irq_received; int ret = IRQ_NONE, pipe; @@ -32875,10 +33868,10 @@ index dc29ace..137d83a 100644 iir = I915_READ(IIR); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 4d3c7c6..eaac87b 100644 +index da1ad9c..10d368b 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -2131,7 +2131,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) +@@ -2244,7 +2244,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) wait_event(dev_priv->pending_flip_queue, atomic_read(&dev_priv->mm.wedged) || @@ -32887,7 +33880,7 @@ index 4d3c7c6..eaac87b 100644 /* Big Hammer, we also need to ensure that any pending * MI_WAIT_FOR_EVENT inside a user batch buffer on the -@@ -6221,8 +6221,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, +@@ -7109,8 +7109,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, obj = work->old_fb_obj; @@ -32897,7 +33890,7 @@ index 4d3c7c6..eaac87b 100644 wake_up(&dev_priv->pending_flip_queue); queue_work(dev_priv->wq, &work->work); -@@ -6589,7 +6588,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7477,7 +7476,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, /* Block clients from rendering to the new back buffer until * the flip occurs and the object is no longer visible. */ @@ -32906,7 +33899,7 @@ index 4d3c7c6..eaac87b 100644 atomic_inc(&intel_crtc->unpin_work_count); ret = dev_priv->display.queue_flip(dev, crtc, fb, obj); -@@ -6606,7 +6605,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, +@@ -7494,7 +7493,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, cleanup_pending: atomic_dec(&intel_crtc->unpin_work_count); @@ -32972,10 +33965,10 @@ index 598c281..60d590e 100644 *sequence = cur_fence; diff --git a/drivers/gpu/drm/nouveau/nouveau_bios.c b/drivers/gpu/drm/nouveau/nouveau_bios.c -index 09fdef2..57f5c3b 100644 +index 865eddf..62c4cc3 100644 --- a/drivers/gpu/drm/nouveau/nouveau_bios.c +++ b/drivers/gpu/drm/nouveau/nouveau_bios.c -@@ -1240,7 +1240,7 @@ parse_bit_U_tbl_entry(struct drm_device *dev, struct nvbios *bios, +@@ -1015,7 +1015,7 @@ static int parse_bit_tmds_tbl_entry(struct drm_device *dev, struct nvbios *bios, struct bit_table { const char id; int (* const parse_fn)(struct drm_device *, struct nvbios *, struct bit_entry *); @@ -32985,7 +33978,7 @@ index 09fdef2..57f5c3b 100644 #define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry }) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.h b/drivers/gpu/drm/nouveau/nouveau_drm.h -index a101699..a163f0a 100644 +index aa89eb9..d45d38b 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.h +++ b/drivers/gpu/drm/nouveau/nouveau_drm.h @@ -80,7 +80,7 @@ struct nouveau_drm { @@ -33011,7 +34004,7 @@ index cdb83ac..27f0a16 100644 #define nouveau_fence(drm) ((struct nouveau_fence_priv *)(drm)->fence) diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c -index 5e2f521..0d21436 100644 +index 8bf695c..9fbc90a 100644 --- a/drivers/gpu/drm/nouveau/nouveau_gem.c +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c @@ -321,7 +321,7 @@ validate_init(struct nouveau_channel *chan, struct drm_file *file_priv, @@ -33024,10 +34017,10 @@ index 5e2f521..0d21436 100644 if (++trycnt > 100000) { NV_ERROR(drm, "%s failed and gave up.\n", __func__); diff --git a/drivers/gpu/drm/nouveau/nouveau_vga.c b/drivers/gpu/drm/nouveau/nouveau_vga.c -index 6f0ac64..9c2dfb4 100644 +index 25d3495..d81aaf6 100644 --- a/drivers/gpu/drm/nouveau/nouveau_vga.c +++ b/drivers/gpu/drm/nouveau/nouveau_vga.c -@@ -63,7 +63,7 @@ nouveau_switcheroo_can_switch(struct pci_dev *pdev) +@@ -62,7 +62,7 @@ nouveau_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -33036,49 +34029,6 @@ index 6f0ac64..9c2dfb4 100644 spin_unlock(&dev->count_lock); return can_switch; } -diff --git a/drivers/gpu/drm/nouveau/nv50_evo.c b/drivers/gpu/drm/nouveau/nv50_evo.c -index 9f6f55c..30e3a29 100644 ---- a/drivers/gpu/drm/nouveau/nv50_evo.c -+++ b/drivers/gpu/drm/nouveau/nv50_evo.c -@@ -152,9 +152,9 @@ nv50_evo_channel_new(struct drm_device *dev, int chid, - kzalloc(sizeof(*evo->object->oclass), GFP_KERNEL); - evo->object->oclass->ofuncs = - kzalloc(sizeof(*evo->object->oclass->ofuncs), GFP_KERNEL); -- evo->object->oclass->ofuncs->rd32 = nv50_evo_rd32; -- evo->object->oclass->ofuncs->wr32 = nv50_evo_wr32; -- evo->object->oclass->ofuncs->rd08 = -+ *(void**)&evo->object->oclass->ofuncs->rd32 = nv50_evo_rd32; -+ *(void**)&evo->object->oclass->ofuncs->wr32 = nv50_evo_wr32; -+ *(void**)&evo->object->oclass->ofuncs->rd08 = - ioremap(pci_resource_start(dev->pdev, 0) + - NV50_PDISPLAY_USER(evo->handle), PAGE_SIZE); - return 0; -diff --git a/drivers/gpu/drm/nouveau/nv50_sor.c b/drivers/gpu/drm/nouveau/nv50_sor.c -index b562b59..9d725a8 100644 ---- a/drivers/gpu/drm/nouveau/nv50_sor.c -+++ b/drivers/gpu/drm/nouveau/nv50_sor.c -@@ -317,7 +317,7 @@ nv50_sor_dpms(struct drm_encoder *encoder, int mode) - } - - if (nv_encoder->dcb->type == DCB_OUTPUT_DP) { -- struct dp_train_func func = { -+ static struct dp_train_func func = { - .link_set = nv50_sor_dp_link_set, - .train_set = nv50_sor_dp_train_set, - .train_adj = nv50_sor_dp_train_adj -diff --git a/drivers/gpu/drm/nouveau/nvd0_display.c b/drivers/gpu/drm/nouveau/nvd0_display.c -index c402fca..f1d694b 100644 ---- a/drivers/gpu/drm/nouveau/nvd0_display.c -+++ b/drivers/gpu/drm/nouveau/nvd0_display.c -@@ -1389,7 +1389,7 @@ nvd0_sor_dpms(struct drm_encoder *encoder, int mode) - nv_wait(device, 0x61c030 + (or * 0x0800), 0x10000000, 0x00000000); - - if (nv_encoder->dcb->type == DCB_OUTPUT_DP) { -- struct dp_train_func func = { -+ static struct dp_train_func func = { - .link_set = nvd0_sor_dp_link_set, - .train_set = nvd0_sor_dp_train_set, - .train_adj = nvd0_sor_dp_train_adj diff --git a/drivers/gpu/drm/r128/r128_cce.c b/drivers/gpu/drm/r128/r128_cce.c index d4660cf..70dbe65 100644 --- a/drivers/gpu/drm/r128/r128_cce.c @@ -33174,10 +34124,10 @@ index 5a82b6b..9e69c73 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 008d645..de03849 100644 +index 0d6562b..a154330 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c -@@ -941,7 +941,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) +@@ -969,7 +969,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -33187,7 +34137,7 @@ index 008d645..de03849 100644 return can_switch; } diff --git a/drivers/gpu/drm/radeon/radeon_drv.h b/drivers/gpu/drm/radeon/radeon_drv.h -index a1b59ca..86f2d44 100644 +index e7fdf16..f4f6490 100644 --- a/drivers/gpu/drm/radeon/radeon_drv.h +++ b/drivers/gpu/drm/radeon/radeon_drv.h @@ -255,7 +255,7 @@ typedef struct drm_radeon_private { @@ -33259,10 +34209,10 @@ index 8e9057b..af6dacb 100644 DRM_DEBUG("pid=%d\n", DRM_CURRENTPID); diff --git a/drivers/gpu/drm/radeon/radeon_ttm.c b/drivers/gpu/drm/radeon/radeon_ttm.c -index 5ebe1b3..cf69ba0 100644 +index 93f760e..33d9839 100644 --- a/drivers/gpu/drm/radeon/radeon_ttm.c +++ b/drivers/gpu/drm/radeon/radeon_ttm.c -@@ -781,7 +781,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size) +@@ -782,7 +782,7 @@ void radeon_ttm_set_active_vram_size(struct radeon_device *rdev, u64 size) man->size = size >> PAGE_SHIFT; } @@ -33271,7 +34221,7 @@ index 5ebe1b3..cf69ba0 100644 static const struct vm_operations_struct *ttm_vm_ops = NULL; static int radeon_ttm_fault(struct vm_area_struct *vma, struct vm_fault *vmf) -@@ -822,8 +822,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) +@@ -823,8 +823,10 @@ int radeon_mmap(struct file *filp, struct vm_area_struct *vma) } if (unlikely(ttm_vm_ops == NULL)) { ttm_vm_ops = vma->vm_ops; @@ -33412,10 +34362,10 @@ index ac98964..5dbf512 100644 case VIA_IRQ_ABSOLUTE: break; diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h -index 88a179e..57fe50481c 100644 +index 13aeda7..4a952d1 100644 --- a/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h +++ b/drivers/gpu/drm/vmwgfx/vmwgfx_drv.h -@@ -263,7 +263,7 @@ struct vmw_private { +@@ -290,7 +290,7 @@ struct vmw_private { * Fencing and IRQs. */ @@ -33500,10 +34450,10 @@ index 8a8725c..afed796 100644 marker = list_first_entry(&queue->head, struct vmw_marker, head); diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index 52146db..ae33762 100644 +index eb2ee11..6cc50ab 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -2201,7 +2201,7 @@ static bool hid_ignore(struct hid_device *hdev) +@@ -2240,7 +2240,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); int hid_add_device(struct hid_device *hdev) { @@ -33512,7 +34462,7 @@ index 52146db..ae33762 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2236,7 +2236,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2274,7 +2274,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -33534,24 +34484,11 @@ index eec3291..8ed706b 100644 return -EFAULT; *off += size; -diff --git a/drivers/hid/usbhid/hiddev.c b/drivers/hid/usbhid/hiddev.c -index 14599e2..711c965 100644 ---- a/drivers/hid/usbhid/hiddev.c -+++ b/drivers/hid/usbhid/hiddev.c -@@ -625,7 +625,7 @@ static long hiddev_ioctl(struct file *file, unsigned int cmd, unsigned long arg) - break; - - case HIDIOCAPPLICATION: -- if (arg < 0 || arg >= hid->maxapplication) -+ if (arg >= hid->maxapplication) - break; - - for (i = 0; i < hid->maxcollection; i++) diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c -index f4c3d28..82f45a9 100644 +index 773a2f2..7ce08bc 100644 --- a/drivers/hv/channel.c +++ b/drivers/hv/channel.c -@@ -402,8 +402,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer, +@@ -394,8 +394,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer, int ret = 0; int t; @@ -33605,8 +34542,21 @@ index 8e1a9ec..4687821 100644 child_device_obj->device.bus = &hv_bus; child_device_obj->device.parent = &hv_acpi_dev->dev; +diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c +index d64923d..72591e8 100644 +--- a/drivers/hwmon/coretemp.c ++++ b/drivers/hwmon/coretemp.c +@@ -790,7 +790,7 @@ static int __cpuinit coretemp_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block coretemp_cpu_notifier __refdata = { ++static struct notifier_block coretemp_cpu_notifier = { + .notifier_call = coretemp_cpu_callback, + }; + diff --git a/drivers/hwmon/sht15.c b/drivers/hwmon/sht15.c -index 07a0c1a..0cac334 100644 +index 1c85d39..55ed3cf 100644 --- a/drivers/hwmon/sht15.c +++ b/drivers/hwmon/sht15.c @@ -169,7 +169,7 @@ struct sht15_data { @@ -33657,6 +34607,19 @@ index 07a0c1a..0cac334 100644 return; } +diff --git a/drivers/hwmon/via-cputemp.c b/drivers/hwmon/via-cputemp.c +index 76f157b..9c0db1b 100644 +--- a/drivers/hwmon/via-cputemp.c ++++ b/drivers/hwmon/via-cputemp.c +@@ -296,7 +296,7 @@ static int __cpuinit via_cputemp_cpu_callback(struct notifier_block *nfb, + return NOTIFY_OK; + } + +-static struct notifier_block via_cputemp_cpu_notifier __refdata = { ++static struct notifier_block via_cputemp_cpu_notifier = { + .notifier_call = via_cputemp_cpu_callback, + }; + diff --git a/drivers/i2c/busses/i2c-amd756-s4882.c b/drivers/i2c/busses/i2c-amd756-s4882.c index 378fcb5..5e91fa8 100644 --- a/drivers/i2c/busses/i2c-amd756-s4882.c @@ -33987,7 +34950,7 @@ index 1f95bba..9530f87 100644 sdata, wqe->wr.wr.atomic.swap); goto send_comp; diff --git a/drivers/infiniband/hw/nes/nes.c b/drivers/infiniband/hw/nes/nes.c -index 748db2d..5f75cc3 100644 +index 5b152a3..c1f3e83 100644 --- a/drivers/infiniband/hw/nes/nes.c +++ b/drivers/infiniband/hw/nes/nes.c @@ -98,7 +98,7 @@ MODULE_PARM_DESC(limit_maxrdreqsz, "Limit max read request size to 256 Bytes"); @@ -34068,7 +35031,7 @@ index 33cc589..3bd6538 100644 extern u32 int_mod_timer_init; extern u32 int_mod_cq_depth_256; diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c -index cfaacaf..fa0722e 100644 +index 22ea67e..dcbe3bc 100644 --- a/drivers/infiniband/hw/nes/nes_cm.c +++ b/drivers/infiniband/hw/nes/nes_cm.c @@ -68,14 +68,14 @@ u32 cm_packets_dropped; @@ -34114,7 +35077,7 @@ index cfaacaf..fa0722e 100644 int nes_add_ref_cm_node(struct nes_cm_node *cm_node) { -@@ -1281,7 +1281,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core, +@@ -1272,7 +1272,7 @@ static int mini_cm_dec_refcnt_listen(struct nes_cm_core *cm_core, kfree(listener); listener = NULL; ret = 0; @@ -34123,7 +35086,7 @@ index cfaacaf..fa0722e 100644 } else { spin_unlock_irqrestore(&cm_core->listen_list_lock, flags); } -@@ -1480,7 +1480,7 @@ static struct nes_cm_node *make_cm_node(struct nes_cm_core *cm_core, +@@ -1466,7 +1466,7 @@ static struct nes_cm_node *make_cm_node(struct nes_cm_core *cm_core, cm_node->rem_mac); add_hte_node(cm_core, cm_node); @@ -34132,7 +35095,7 @@ index cfaacaf..fa0722e 100644 return cm_node; } -@@ -1538,7 +1538,7 @@ static int rem_ref_cm_node(struct nes_cm_core *cm_core, +@@ -1524,7 +1524,7 @@ static int rem_ref_cm_node(struct nes_cm_core *cm_core, } atomic_dec(&cm_core->node_cnt); @@ -34141,7 +35104,7 @@ index cfaacaf..fa0722e 100644 nesqp = cm_node->nesqp; if (nesqp) { nesqp->cm_node = NULL; -@@ -1602,7 +1602,7 @@ static int process_options(struct nes_cm_node *cm_node, u8 *optionsloc, +@@ -1588,7 +1588,7 @@ static int process_options(struct nes_cm_node *cm_node, u8 *optionsloc, static void drop_packet(struct sk_buff *skb) { @@ -34150,7 +35113,7 @@ index cfaacaf..fa0722e 100644 dev_kfree_skb_any(skb); } -@@ -1665,7 +1665,7 @@ static void handle_rst_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb, +@@ -1651,7 +1651,7 @@ static void handle_rst_pkt(struct nes_cm_node *cm_node, struct sk_buff *skb, { int reset = 0; /* whether to send reset in case of err.. */ @@ -34159,7 +35122,7 @@ index cfaacaf..fa0722e 100644 nes_debug(NES_DBG_CM, "Received Reset, cm_node = %p, state = %u." " refcnt=%d\n", cm_node, cm_node->state, atomic_read(&cm_node->ref_count)); -@@ -2306,7 +2306,7 @@ static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *cm_core, +@@ -2292,7 +2292,7 @@ static struct nes_cm_node *mini_cm_connect(struct nes_cm_core *cm_core, rem_ref_cm_node(cm_node->cm_core, cm_node); return NULL; } @@ -34168,7 +35131,7 @@ index cfaacaf..fa0722e 100644 loopbackremotenode->loopbackpartner = cm_node; loopbackremotenode->tcp_cntxt.rcv_wscale = NES_CM_DEFAULT_RCV_WND_SCALE; -@@ -2581,7 +2581,7 @@ static int mini_cm_recv_pkt(struct nes_cm_core *cm_core, +@@ -2567,7 +2567,7 @@ static int mini_cm_recv_pkt(struct nes_cm_core *cm_core, nes_queue_mgt_skbs(skb, nesvnic, cm_node->nesqp); else { rem_ref_cm_node(cm_core, cm_node); @@ -34177,7 +35140,7 @@ index cfaacaf..fa0722e 100644 dev_kfree_skb_any(skb); } break; -@@ -2889,7 +2889,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) +@@ -2875,7 +2875,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) if ((cm_id) && (cm_id->event_handler)) { if (issue_disconn) { @@ -34186,7 +35149,7 @@ index cfaacaf..fa0722e 100644 cm_event.event = IW_CM_EVENT_DISCONNECT; cm_event.status = disconn_status; cm_event.local_addr = cm_id->local_addr; -@@ -2911,7 +2911,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) +@@ -2897,7 +2897,7 @@ static int nes_cm_disconn_true(struct nes_qp *nesqp) } if (issue_close) { @@ -34195,7 +35158,7 @@ index cfaacaf..fa0722e 100644 nes_disconnect(nesqp, 1); cm_id->provider_data = nesqp; -@@ -3047,7 +3047,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) +@@ -3033,7 +3033,7 @@ int nes_accept(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) nes_debug(NES_DBG_CM, "QP%u, cm_node=%p, jiffies = %lu listener = %p\n", nesqp->hwqp.qp_id, cm_node, jiffies, cm_node->listener); @@ -34204,7 +35167,7 @@ index cfaacaf..fa0722e 100644 nes_debug(NES_DBG_CM, "netdev refcnt = %u.\n", netdev_refcnt_read(nesvnic->netdev)); -@@ -3242,7 +3242,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) +@@ -3228,7 +3228,7 @@ int nes_reject(struct iw_cm_id *cm_id, const void *pdata, u8 pdata_len) struct nes_cm_core *cm_core; u8 *start_buff; @@ -34213,7 +35176,7 @@ index cfaacaf..fa0722e 100644 cm_node = (struct nes_cm_node *)cm_id->provider_data; loopback = cm_node->loopbackpartner; cm_core = cm_node->cm_core; -@@ -3302,7 +3302,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) +@@ -3288,7 +3288,7 @@ int nes_connect(struct iw_cm_id *cm_id, struct iw_cm_conn_param *conn_param) ntohl(cm_id->local_addr.sin_addr.s_addr), ntohs(cm_id->local_addr.sin_port)); @@ -34222,7 +35185,7 @@ index cfaacaf..fa0722e 100644 nesqp->active_conn = 1; /* cache the cm_id in the qp */ -@@ -3412,7 +3412,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog) +@@ -3398,7 +3398,7 @@ int nes_create_listen(struct iw_cm_id *cm_id, int backlog) g_cm_core->api->stop_listener(g_cm_core, (void *)cm_node); return err; } @@ -34231,7 +35194,7 @@ index cfaacaf..fa0722e 100644 } cm_id->add_ref(cm_id); -@@ -3513,7 +3513,7 @@ static void cm_event_connected(struct nes_cm_event *event) +@@ -3499,7 +3499,7 @@ static void cm_event_connected(struct nes_cm_event *event) if (nesqp->destroyed) return; @@ -34240,7 +35203,7 @@ index cfaacaf..fa0722e 100644 nes_debug(NES_DBG_CM, "QP%u attempting to connect to 0x%08X:0x%04X on" " local port 0x%04X. jiffies = %lu.\n", nesqp->hwqp.qp_id, -@@ -3693,7 +3693,7 @@ static void cm_event_reset(struct nes_cm_event *event) +@@ -3679,7 +3679,7 @@ static void cm_event_reset(struct nes_cm_event *event) cm_id->add_ref(cm_id); ret = cm_id->event_handler(cm_id, &cm_event); @@ -34249,7 +35212,7 @@ index cfaacaf..fa0722e 100644 cm_event.event = IW_CM_EVENT_CLOSE; cm_event.status = 0; cm_event.provider_data = cm_id->provider_data; -@@ -3729,7 +3729,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event) +@@ -3715,7 +3715,7 @@ static void cm_event_mpa_req(struct nes_cm_event *event) return; cm_id = cm_node->cm_id; @@ -34258,7 +35221,7 @@ index cfaacaf..fa0722e 100644 nes_debug(NES_DBG_CM, "cm_node = %p - cm_id = %p, jiffies = %lu\n", cm_node, cm_id, jiffies); -@@ -3769,7 +3769,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event) +@@ -3755,7 +3755,7 @@ static void cm_event_mpa_reject(struct nes_cm_event *event) return; cm_id = cm_node->cm_id; @@ -34268,7 +35231,7 @@ index cfaacaf..fa0722e 100644 cm_node, cm_id, jiffies); diff --git a/drivers/infiniband/hw/nes/nes_mgt.c b/drivers/infiniband/hw/nes/nes_mgt.c -index 3ba7be3..c81f6ff 100644 +index 4166452..fc952c3 100644 --- a/drivers/infiniband/hw/nes/nes_mgt.c +++ b/drivers/infiniband/hw/nes/nes_mgt.c @@ -40,8 +40,8 @@ @@ -34291,7 +35254,7 @@ index 3ba7be3..c81f6ff 100644 /* Free packets that have not yet been forwarded */ /* Lock is acquired by skb_dequeue when removing the skb */ -@@ -812,7 +812,7 @@ static void nes_mgt_ce_handler(struct nes_device *nesdev, struct nes_hw_nic_cq * +@@ -810,7 +810,7 @@ static void nes_mgt_ce_handler(struct nes_device *nesdev, struct nes_hw_nic_cq * cq->cq_vbase[head].cqe_words[NES_NIC_CQE_HASH_RCVNXT]); skb_queue_head_init(&nesqp->pau_list); spin_lock_init(&nesqp->pau_lock); @@ -34301,10 +35264,10 @@ index 3ba7be3..c81f6ff 100644 } diff --git a/drivers/infiniband/hw/nes/nes_nic.c b/drivers/infiniband/hw/nes/nes_nic.c -index 0564be7..f68b0f1 100644 +index 9542e16..a008c40 100644 --- a/drivers/infiniband/hw/nes/nes_nic.c +++ b/drivers/infiniband/hw/nes/nes_nic.c -@@ -1272,39 +1272,39 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev, +@@ -1273,39 +1273,39 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev, target_stat_values[++index] = mh_detected; target_stat_values[++index] = mh_pauses_sent; target_stat_values[++index] = nesvnic->endnode_ipv4_tcp_retransmits; @@ -34433,19 +35396,19 @@ index da739d9..da1c7f4 100644 gameport->dev.release = gameport_release_port; if (gameport->parent) diff --git a/drivers/input/input.c b/drivers/input/input.c -index 53a0dde..abffda7 100644 +index c044699..174d71a 100644 --- a/drivers/input/input.c +++ b/drivers/input/input.c -@@ -1902,7 +1902,7 @@ static void input_cleanse_bitmasks(struct input_dev *dev) +@@ -2019,7 +2019,7 @@ static void devm_input_device_unregister(struct device *dev, void *res) */ int input_register_device(struct input_dev *dev) { - static atomic_t input_no = ATOMIC_INIT(0); + static atomic_unchecked_t input_no = ATOMIC_INIT(0); + struct input_devres *devres = NULL; struct input_handler *handler; unsigned int packet_size; - const char *path; -@@ -1945,7 +1945,7 @@ int input_register_device(struct input_dev *dev) +@@ -2074,7 +2074,7 @@ int input_register_device(struct input_dev *dev) dev->setkeycode = input_default_setkeycode; dev_set_name(&dev->dev, "input%ld", @@ -34467,10 +35430,10 @@ index 04c69af..5f92d00 100644 #include <linux/input.h> #include <linux/gameport.h> diff --git a/drivers/input/joystick/xpad.c b/drivers/input/joystick/xpad.c -index 83811e4..0822b90 100644 +index d6cbfe9..6225402 100644 --- a/drivers/input/joystick/xpad.c +++ b/drivers/input/joystick/xpad.c -@@ -726,7 +726,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, +@@ -735,7 +735,7 @@ static void xpad_led_set(struct led_classdev *led_cdev, static int xpad_led_probe(struct usb_xpad *xpad) { @@ -34479,7 +35442,7 @@ index 83811e4..0822b90 100644 long led_no; struct xpad_led *led; struct led_classdev *led_cdev; -@@ -739,7 +739,7 @@ static int xpad_led_probe(struct usb_xpad *xpad) +@@ -748,7 +748,7 @@ static int xpad_led_probe(struct usb_xpad *xpad) if (!led) return -ENOMEM; @@ -34502,7 +35465,7 @@ index 4c842c3..590b0bf 100644 return count; diff --git a/drivers/input/serio/serio.c b/drivers/input/serio/serio.c -index d0f7533..fb8215b 100644 +index 25fc597..558bf3b 100644 --- a/drivers/input/serio/serio.c +++ b/drivers/input/serio/serio.c @@ -496,7 +496,7 @@ static void serio_release_port(struct device *dev) @@ -34524,10 +35487,10 @@ index d0f7533..fb8215b 100644 serio->dev.release = serio_release_port; serio->dev.groups = serio_device_attr_groups; diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c -index c679867..6e2e34d 100644 +index 89562a8..218999b 100644 --- a/drivers/isdn/capi/capi.c +++ b/drivers/isdn/capi/capi.c -@@ -83,8 +83,8 @@ struct capiminor { +@@ -81,8 +81,8 @@ struct capiminor { struct capi20_appl *ap; u32 ncci; @@ -34538,7 +35501,7 @@ index c679867..6e2e34d 100644 struct tty_port port; int ttyinstop; -@@ -393,7 +393,7 @@ gen_data_b3_resp_for(struct capiminor *mp, struct sk_buff *skb) +@@ -391,7 +391,7 @@ gen_data_b3_resp_for(struct capiminor *mp, struct sk_buff *skb) capimsg_setu16(s, 2, mp->ap->applid); capimsg_setu8 (s, 4, CAPI_DATA_B3); capimsg_setu8 (s, 5, CAPI_RESP); @@ -34547,7 +35510,7 @@ index c679867..6e2e34d 100644 capimsg_setu32(s, 8, mp->ncci); capimsg_setu16(s, 12, datahandle); } -@@ -514,14 +514,14 @@ static void handle_minor_send(struct capiminor *mp) +@@ -512,14 +512,14 @@ static void handle_minor_send(struct capiminor *mp) mp->outbytes -= len; spin_unlock_bh(&mp->outlock); @@ -34615,7 +35578,7 @@ index 821f7ac..28d4030 100644 } else { memcpy(buf, dp, left); diff --git a/drivers/isdn/i4l/isdn_tty.c b/drivers/isdn/i4l/isdn_tty.c -index b817809..409caff 100644 +index e09dc8a..15e2efb 100644 --- a/drivers/isdn/i4l/isdn_tty.c +++ b/drivers/isdn/i4l/isdn_tty.c @@ -1513,9 +1513,9 @@ isdn_tty_open(struct tty_struct *tty, struct file *filp) @@ -34670,7 +35633,7 @@ index b817809..409caff 100644 port->flags &= ~ASYNC_NORMAL_ACTIVE; port->tty = NULL; wake_up_interruptible(&port->open_wait); -@@ -1971,7 +1971,7 @@ isdn_tty_find_icall(int di, int ch, setup_parm *setup) +@@ -1975,7 +1975,7 @@ isdn_tty_find_icall(int di, int ch, setup_parm *setup) for (i = 0; i < ISDN_MAX_CHANNELS; i++) { modem_info *info = &dev->mdm.info[i]; @@ -34693,7 +35656,7 @@ index e74df7c..03a03ba 100644 } else memcpy(msg, buf, count); diff --git a/drivers/lguest/core.c b/drivers/lguest/core.c -index b5fdcb7..5b6c59f 100644 +index a5ebc00..982886f 100644 --- a/drivers/lguest/core.c +++ b/drivers/lguest/core.c @@ -92,9 +92,17 @@ static __init int map_switcher(void) @@ -34844,10 +35807,10 @@ index 7155945..4bcc562 100644 seq_printf(seq, "\n"); diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c -index a651d52..82f8a95 100644 +index 0666b5d..ed82cb4 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c -@@ -1601,7 +1601,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param) +@@ -1628,7 +1628,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param) cmd == DM_LIST_VERSIONS_CMD) return 0; @@ -34857,7 +35820,7 @@ index a651d52..82f8a95 100644 DMWARN("name not supplied when creating device"); return -EINVAL; diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c -index fd61f98..8050783 100644 +index fa51918..c26253c 100644 --- a/drivers/md/dm-raid1.c +++ b/drivers/md/dm-raid1.c @@ -40,7 +40,7 @@ enum dm_raid1_error { @@ -34869,7 +35832,7 @@ index fd61f98..8050783 100644 unsigned long error_type; struct dm_dev *dev; sector_t offset; -@@ -185,7 +185,7 @@ static struct mirror *get_valid_mirror(struct mirror_set *ms) +@@ -183,7 +183,7 @@ static struct mirror *get_valid_mirror(struct mirror_set *ms) struct mirror *m; for (m = ms->mirror; m < ms->mirror + ms->nr_mirrors; m++) @@ -34878,7 +35841,7 @@ index fd61f98..8050783 100644 return m; return NULL; -@@ -217,7 +217,7 @@ static void fail_mirror(struct mirror *m, enum dm_raid1_error error_type) +@@ -215,7 +215,7 @@ static void fail_mirror(struct mirror *m, enum dm_raid1_error error_type) * simple way to tell if a device has encountered * errors. */ @@ -34887,7 +35850,7 @@ index fd61f98..8050783 100644 if (test_and_set_bit(error_type, &m->error_type)) return; -@@ -408,7 +408,7 @@ static struct mirror *choose_mirror(struct mirror_set *ms, sector_t sector) +@@ -406,7 +406,7 @@ static struct mirror *choose_mirror(struct mirror_set *ms, sector_t sector) struct mirror *m = get_default_mirror(ms); do { @@ -34896,7 +35859,7 @@ index fd61f98..8050783 100644 return m; if (m-- == ms->mirror) -@@ -422,7 +422,7 @@ static int default_ok(struct mirror *m) +@@ -420,7 +420,7 @@ static int default_ok(struct mirror *m) { struct mirror *default_mirror = get_default_mirror(m->ms); @@ -34905,7 +35868,7 @@ index fd61f98..8050783 100644 } static int mirror_available(struct mirror_set *ms, struct bio *bio) -@@ -559,7 +559,7 @@ static void do_reads(struct mirror_set *ms, struct bio_list *reads) +@@ -557,7 +557,7 @@ static void do_reads(struct mirror_set *ms, struct bio_list *reads) */ if (likely(region_in_sync(ms, region, 1))) m = choose_mirror(ms, bio->bi_sector); @@ -34914,7 +35877,7 @@ index fd61f98..8050783 100644 m = NULL; if (likely(m)) -@@ -938,7 +938,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti, +@@ -924,7 +924,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti, } ms->mirror[mirror].ms = ms; @@ -34923,7 +35886,7 @@ index fd61f98..8050783 100644 ms->mirror[mirror].error_type = 0; ms->mirror[mirror].offset = offset; -@@ -1356,7 +1356,7 @@ static void mirror_resume(struct dm_target *ti) +@@ -1337,7 +1337,7 @@ static void mirror_resume(struct dm_target *ti) */ static char device_status_char(struct mirror *m) { @@ -34933,7 +35896,7 @@ index fd61f98..8050783 100644 return (test_bit(DM_RAID1_FLUSH_ERROR, &(m->error_type))) ? 'F' : diff --git a/drivers/md/dm-stripe.c b/drivers/md/dm-stripe.c -index e2f87653..f279abe 100644 +index c89cde8..9d184cf 100644 --- a/drivers/md/dm-stripe.c +++ b/drivers/md/dm-stripe.c @@ -20,7 +20,7 @@ struct stripe { @@ -34945,7 +35908,7 @@ index e2f87653..f279abe 100644 }; struct stripe_c { -@@ -183,7 +183,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv) +@@ -184,7 +184,7 @@ static int stripe_ctr(struct dm_target *ti, unsigned int argc, char **argv) kfree(sc); return r; } @@ -34954,7 +35917,7 @@ index e2f87653..f279abe 100644 } ti->private = sc; -@@ -324,7 +324,7 @@ static int stripe_status(struct dm_target *ti, status_type_t type, +@@ -325,7 +325,7 @@ static int stripe_status(struct dm_target *ti, status_type_t type, DMEMIT("%d ", sc->stripes); for (i = 0; i < sc->stripes; i++) { DMEMIT("%s ", sc->stripe[i].dev->name); @@ -34963,7 +35926,7 @@ index e2f87653..f279abe 100644 'D' : 'A'; } buffer[i] = '\0'; -@@ -371,8 +371,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio, +@@ -371,8 +371,8 @@ static int stripe_end_io(struct dm_target *ti, struct bio *bio, int error) */ for (i = 0; i < sc->stripes; i++) if (!strcmp(sc->stripe[i].dev->name, major_minor)) { @@ -34975,7 +35938,7 @@ index e2f87653..f279abe 100644 schedule_work(&sc->trigger_event); } diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c -index fa29557..d24a5b7 100644 +index daf25d0..d74f49f 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c @@ -390,7 +390,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev, @@ -34988,7 +35951,7 @@ index fa29557..d24a5b7 100644 "start=%llu, len=%llu, dev_size=%llu", dm_device_name(ti->table->md), bdevname(bdev, b), diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c -index 693e149..b7e0fde 100644 +index 4d6e853..a234157 100644 --- a/drivers/md/dm-thin-metadata.c +++ b/drivers/md/dm-thin-metadata.c @@ -397,7 +397,7 @@ static void __setup_btree_details(struct dm_pool_metadata *pmd) @@ -35010,10 +35973,10 @@ index 693e149..b7e0fde 100644 pmd->bl_info.value_type.inc = data_block_inc; pmd->bl_info.value_type.dec = data_block_dec; diff --git a/drivers/md/dm.c b/drivers/md/dm.c -index 77e6eff..913d695 100644 +index 314a0e2..1376406 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c -@@ -182,9 +182,9 @@ struct mapped_device { +@@ -170,9 +170,9 @@ struct mapped_device { /* * Event handling. */ @@ -35025,7 +35988,7 @@ index 77e6eff..913d695 100644 struct list_head uevent_list; spinlock_t uevent_lock; /* Protect access to uevent_list */ -@@ -1847,8 +1847,8 @@ static struct mapped_device *alloc_dev(int minor) +@@ -1872,8 +1872,8 @@ static struct mapped_device *alloc_dev(int minor) rwlock_init(&md->map_lock); atomic_set(&md->holders, 1); atomic_set(&md->open_count, 0); @@ -35036,7 +35999,7 @@ index 77e6eff..913d695 100644 INIT_LIST_HEAD(&md->uevent_list); spin_lock_init(&md->uevent_lock); -@@ -1982,7 +1982,7 @@ static void event_callback(void *context) +@@ -2014,7 +2014,7 @@ static void event_callback(void *context) dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj); @@ -35045,7 +36008,7 @@ index 77e6eff..913d695 100644 wake_up(&md->eventq); } -@@ -2637,18 +2637,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, +@@ -2669,18 +2669,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, uint32_t dm_next_uevent_seq(struct mapped_device *md) { @@ -35068,7 +36031,7 @@ index 77e6eff..913d695 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index 6120071..31d9be2 100644 +index 3db3d1b..9487468 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -240,10 +240,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); @@ -35093,7 +36056,7 @@ index 6120071..31d9be2 100644 wake_up(&md_event_waiters); } -@@ -1504,7 +1504,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ +@@ -1503,7 +1503,7 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ if ((le32_to_cpu(sb->feature_map) & MD_FEATURE_RESHAPE_ACTIVE) && (le32_to_cpu(sb->feature_map) & MD_FEATURE_NEW_OFFSET)) rdev->new_data_offset += (s32)le32_to_cpu(sb->new_offset); @@ -35102,7 +36065,7 @@ index 6120071..31d9be2 100644 rdev->sb_size = le32_to_cpu(sb->max_dev) * 2 + 256; bmask = queue_logical_block_size(rdev->bdev->bd_disk->queue)-1; -@@ -1748,7 +1748,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev) +@@ -1747,7 +1747,7 @@ static void super_1_sync(struct mddev *mddev, struct md_rdev *rdev) else sb->resync_offset = cpu_to_le64(0); @@ -35111,7 +36074,7 @@ index 6120071..31d9be2 100644 sb->raid_disks = cpu_to_le32(mddev->raid_disks); sb->size = cpu_to_le64(mddev->dev_sectors); -@@ -2748,7 +2748,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store); +@@ -2747,7 +2747,7 @@ __ATTR(state, S_IRUGO|S_IWUSR, state_show, state_store); static ssize_t errors_show(struct md_rdev *rdev, char *page) { @@ -35120,7 +36083,7 @@ index 6120071..31d9be2 100644 } static ssize_t -@@ -2757,7 +2757,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len) +@@ -2756,7 +2756,7 @@ errors_store(struct md_rdev *rdev, const char *buf, size_t len) char *e; unsigned long n = simple_strtoul(buf, &e, 10); if (*buf && (*e == 0 || *e == '\n')) { @@ -35129,7 +36092,7 @@ index 6120071..31d9be2 100644 return len; } return -EINVAL; -@@ -3204,8 +3204,8 @@ int md_rdev_init(struct md_rdev *rdev) +@@ -3203,8 +3203,8 @@ int md_rdev_init(struct md_rdev *rdev) rdev->sb_loaded = 0; rdev->bb_page = NULL; atomic_set(&rdev->nr_pending, 0); @@ -35140,7 +36103,7 @@ index 6120071..31d9be2 100644 INIT_LIST_HEAD(&rdev->same_set); init_waitqueue_head(&rdev->blocked_wait); -@@ -6984,7 +6984,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -6980,7 +6980,7 @@ static int md_seq_show(struct seq_file *seq, void *v) spin_unlock(&pers_lock); seq_printf(seq, "\n"); @@ -35149,7 +36112,7 @@ index 6120071..31d9be2 100644 return 0; } if (v == (void*)2) { -@@ -7087,7 +7087,7 @@ static int md_seq_open(struct inode *inode, struct file *file) +@@ -7083,7 +7083,7 @@ static int md_seq_open(struct inode *inode, struct file *file) return error; seq = file->private_data; @@ -35158,7 +36121,7 @@ index 6120071..31d9be2 100644 return error; } -@@ -7101,7 +7101,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) +@@ -7097,7 +7097,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) /* always allow read */ mask = POLLIN | POLLRDNORM; @@ -35167,7 +36130,7 @@ index 6120071..31d9be2 100644 mask |= POLLERR | POLLPRI; return mask; } -@@ -7145,7 +7145,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) +@@ -7141,7 +7141,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) struct gendisk *disk = rdev->bdev->bd_contains->bd_disk; curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + (int)part_stat_read(&disk->part0, sectors[1]) - @@ -35177,7 +36140,7 @@ index 6120071..31d9be2 100644 * as sync_io is counted when a request starts, and * disk_stats is counted when it completes. diff --git a/drivers/md/md.h b/drivers/md/md.h -index af443ab..0f93be3 100644 +index eca59c3..7c42285 100644 --- a/drivers/md/md.h +++ b/drivers/md/md.h @@ -94,13 +94,13 @@ struct md_rdev { @@ -35196,7 +36159,7 @@ index af443ab..0f93be3 100644 * for reporting to userspace and storing * in superblock. */ -@@ -432,7 +432,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev) +@@ -434,7 +434,7 @@ static inline void rdev_dec_pending(struct md_rdev *rdev, struct mddev *mddev) static inline void md_sync_acct(struct block_device *bdev, unsigned long nr_sectors) { @@ -35218,10 +36181,10 @@ index 1cbfc6b..56e1dbb 100644 /*----------------------------------------------------------------*/ diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index a0f7309..5599dbc 100644 +index d5bddfc..b079b4b 100644 --- a/drivers/md/raid1.c +++ b/drivers/md/raid1.c -@@ -1819,7 +1819,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) +@@ -1818,7 +1818,7 @@ static int fix_sync_read_error(struct r1bio *r1_bio) if (r1_sync_page_io(rdev, sect, s, bio->bi_io_vec[idx].bv_page, READ) != 0) @@ -35230,7 +36193,7 @@ index a0f7309..5599dbc 100644 } sectors -= s; sect += s; -@@ -2041,7 +2041,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, +@@ -2040,7 +2040,7 @@ static void fix_read_error(struct r1conf *conf, int read_disk, test_bit(In_sync, &rdev->flags)) { if (r1_sync_page_io(rdev, sect, s, conf->tmppage, READ)) { @@ -35240,10 +36203,10 @@ index a0f7309..5599dbc 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index c9acbd7..386cd3e 100644 +index 64d4824..8b9ea57 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c -@@ -1878,7 +1878,7 @@ static void end_sync_read(struct bio *bio, int error) +@@ -1877,7 +1877,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc */ @@ -35252,7 +36215,7 @@ index c9acbd7..386cd3e 100644 &conf->mirrors[d].rdev->corrected_errors); /* for reconstruct, we always reschedule after a read. -@@ -2227,7 +2227,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2226,7 +2226,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) { struct timespec cur_time_mon; unsigned long hours_since_last; @@ -35261,7 +36224,7 @@ index c9acbd7..386cd3e 100644 ktime_get_ts(&cur_time_mon); -@@ -2249,9 +2249,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2248,9 +2248,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) * overflowing the shift of read_errors by hours_since_last. */ if (hours_since_last >= 8 * sizeof(read_errors)) @@ -35273,7 +36236,7 @@ index c9acbd7..386cd3e 100644 } static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector, -@@ -2305,8 +2305,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2304,8 +2304,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 return; check_decay_read_errors(mddev, rdev); @@ -35284,7 +36247,7 @@ index c9acbd7..386cd3e 100644 char b[BDEVNAME_SIZE]; bdevname(rdev->bdev, b); -@@ -2314,7 +2314,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2313,7 +2313,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 "md/raid10:%s: %s: Raid device exceeded " "read_error threshold [cur %d:max %d]\n", mdname(mddev), b, @@ -35293,7 +36256,7 @@ index c9acbd7..386cd3e 100644 printk(KERN_NOTICE "md/raid10:%s: %s: Failing raid device\n", mdname(mddev), b); -@@ -2469,7 +2469,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2468,7 +2468,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 sect + choose_data_offset(r10_bio, rdev)), bdevname(rdev->bdev, b)); @@ -35303,10 +36266,10 @@ index c9acbd7..386cd3e 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index a450268..c4168a9 100644 +index 19d77a0..56051b92 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c -@@ -1789,21 +1789,21 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1797,21 +1797,21 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), STRIPE_SECTORS, (unsigned long long)s, bdevname(rdev->bdev, b)); @@ -35332,7 +36295,7 @@ index a450268..c4168a9 100644 if (test_bit(R5_ReadRepl, &sh->dev[i].flags)) printk_ratelimited( KERN_WARNING -@@ -1831,7 +1831,7 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1839,7 +1839,7 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), (unsigned long long)s, bdn); @@ -35367,50 +36330,11 @@ index 404f63a..4796533 100644 #if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODULE) && defined(MODULE)) extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config, -diff --git a/drivers/media/pci/cx88/cx88-alsa.c b/drivers/media/pci/cx88/cx88-alsa.c -index 3aa6856..435ad25 100644 ---- a/drivers/media/pci/cx88/cx88-alsa.c -+++ b/drivers/media/pci/cx88/cx88-alsa.c -@@ -749,7 +749,7 @@ static struct snd_kcontrol_new snd_cx88_alc_switch = { - * Only boards with eeprom and byte 1 at eeprom=1 have it - */ - --static const struct pci_device_id cx88_audio_pci_tbl[] __devinitdata = { -+static const struct pci_device_id cx88_audio_pci_tbl[] __devinitconst = { - {0x14f1,0x8801,PCI_ANY_ID,PCI_ANY_ID,0,0,0}, - {0x14f1,0x8811,PCI_ANY_ID,PCI_ANY_ID,0,0,0}, - {0, } -diff --git a/drivers/media/pci/ddbridge/ddbridge-core.c b/drivers/media/pci/ddbridge/ddbridge-core.c -index feff57e..66a2c67 100644 ---- a/drivers/media/pci/ddbridge/ddbridge-core.c -+++ b/drivers/media/pci/ddbridge/ddbridge-core.c -@@ -1679,7 +1679,7 @@ static struct ddb_info ddb_v6 = { - .subvendor = _subvend, .subdevice = _subdev, \ - .driver_data = (unsigned long)&_driverdata } - --static const struct pci_device_id ddb_id_tbl[] __devinitdata = { -+static const struct pci_device_id ddb_id_tbl[] __devinitconst = { - DDB_ID(DDVID, 0x0002, DDVID, 0x0001, ddb_octopus), - DDB_ID(DDVID, 0x0003, DDVID, 0x0001, ddb_octopus), - DDB_ID(DDVID, 0x0003, DDVID, 0x0002, ddb_octopus_le), -diff --git a/drivers/media/pci/ngene/ngene-cards.c b/drivers/media/pci/ngene/ngene-cards.c -index 96a13ed..6df45b4 100644 ---- a/drivers/media/pci/ngene/ngene-cards.c -+++ b/drivers/media/pci/ngene/ngene-cards.c -@@ -741,7 +741,7 @@ static struct ngene_info ngene_info_terratec = { - - /****************************************************************************/ - --static const struct pci_device_id ngene_id_tbl[] __devinitdata = { -+static const struct pci_device_id ngene_id_tbl[] __devinitconst = { - NGENE_ID(0x18c3, 0xabc3, ngene_info_cineS2), - NGENE_ID(0x18c3, 0xabc4, ngene_info_cineS2), - NGENE_ID(0x18c3, 0xdb01, ngene_info_satixS2), diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c -index a3b1a34..71ce0e3 100644 +index 35cc526..9d90d83 100644 --- a/drivers/media/platform/omap/omap_vout.c +++ b/drivers/media/platform/omap/omap_vout.c -@@ -65,7 +65,6 @@ enum omap_vout_channels { +@@ -63,7 +63,6 @@ enum omap_vout_channels { OMAP_VIDEO2, }; @@ -35418,7 +36342,7 @@ index a3b1a34..71ce0e3 100644 /* Variables configurable through module params*/ static u32 video1_numbuffers = 3; static u32 video2_numbuffers = 3; -@@ -1012,6 +1011,12 @@ static int omap_vout_open(struct file *file) +@@ -1010,6 +1009,12 @@ static int omap_vout_open(struct file *file) { struct videobuf_queue *q; struct omap_vout_device *vout = NULL; @@ -35431,7 +36355,7 @@ index a3b1a34..71ce0e3 100644 vout = video_drvdata(file); v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__); -@@ -1029,10 +1034,6 @@ static int omap_vout_open(struct file *file) +@@ -1027,10 +1032,6 @@ static int omap_vout_open(struct file *file) vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT; q = &vout->vbq; @@ -35443,7 +36367,7 @@ index a3b1a34..71ce0e3 100644 videobuf_queue_dma_contig_init(q, &video_vbq_ops, q->dev, diff --git a/drivers/media/platform/s5p-tv/mixer.h b/drivers/media/platform/s5p-tv/mixer.h -index ddb422e..8cf008e 100644 +index b671e20..34088b7 100644 --- a/drivers/media/platform/s5p-tv/mixer.h +++ b/drivers/media/platform/s5p-tv/mixer.h @@ -155,7 +155,7 @@ struct mxr_layer { @@ -35482,10 +36406,10 @@ index 3b1670a..595c939 100644 if (done && done != layer->shadow_buf) vb2_buffer_done(&done->vb, VB2_BUF_STATE_DONE); diff --git a/drivers/media/platform/s5p-tv/mixer_video.c b/drivers/media/platform/s5p-tv/mixer_video.c -index 0c1cd89..6574647 100644 +index 1f3b743..e839271 100644 --- a/drivers/media/platform/s5p-tv/mixer_video.c +++ b/drivers/media/platform/s5p-tv/mixer_video.c -@@ -209,7 +209,7 @@ static void mxr_layer_default_geo(struct mxr_layer *layer) +@@ -208,7 +208,7 @@ static void mxr_layer_default_geo(struct mxr_layer *layer) layer->geo.src.height = layer->geo.src.full_height; mxr_geometry_dump(mdev, &layer->geo); @@ -35494,7 +36418,7 @@ index 0c1cd89..6574647 100644 mxr_geometry_dump(mdev, &layer->geo); } -@@ -227,7 +227,7 @@ static void mxr_layer_update_output(struct mxr_layer *layer) +@@ -226,7 +226,7 @@ static void mxr_layer_update_output(struct mxr_layer *layer) layer->geo.dst.full_width = mbus_fmt.width; layer->geo.dst.full_height = mbus_fmt.height; layer->geo.dst.field = mbus_fmt.field; @@ -35503,7 +36427,7 @@ index 0c1cd89..6574647 100644 mxr_geometry_dump(mdev, &layer->geo); } -@@ -333,7 +333,7 @@ static int mxr_s_fmt(struct file *file, void *priv, +@@ -332,7 +332,7 @@ static int mxr_s_fmt(struct file *file, void *priv, /* set source size to highest accepted value */ geo->src.full_width = max(geo->dst.full_width, pix->width); geo->src.full_height = max(geo->dst.full_height, pix->height); @@ -35512,7 +36436,7 @@ index 0c1cd89..6574647 100644 mxr_geometry_dump(mdev, &layer->geo); /* set cropping to total visible screen */ geo->src.width = pix->width; -@@ -341,12 +341,12 @@ static int mxr_s_fmt(struct file *file, void *priv, +@@ -340,12 +340,12 @@ static int mxr_s_fmt(struct file *file, void *priv, geo->src.x_offset = 0; geo->src.y_offset = 0; /* assure consistency of geometry */ @@ -35527,7 +36451,7 @@ index 0c1cd89..6574647 100644 mxr_geometry_dump(mdev, &layer->geo); /* returning results */ -@@ -473,7 +473,7 @@ static int mxr_s_selection(struct file *file, void *fh, +@@ -472,7 +472,7 @@ static int mxr_s_selection(struct file *file, void *fh, target->width = s->r.width; target->height = s->r.height; @@ -35536,7 +36460,7 @@ index 0c1cd89..6574647 100644 /* retrieve update selection rectangle */ res.left = target->x_offset; -@@ -928,13 +928,13 @@ static int start_streaming(struct vb2_queue *vq, unsigned int count) +@@ -937,13 +937,13 @@ static int start_streaming(struct vb2_queue *vq, unsigned int count) mxr_output_get(mdev); mxr_layer_update_output(layer); @@ -35552,7 +36476,7 @@ index 0c1cd89..6574647 100644 mxr_streamer_get(mdev); return 0; -@@ -1004,7 +1004,7 @@ static int stop_streaming(struct vb2_queue *vq) +@@ -1013,7 +1013,7 @@ static int stop_streaming(struct vb2_queue *vq) spin_unlock_irqrestore(&layer->enq_slock, flags); /* disabling layer in hardware */ @@ -35561,7 +36485,7 @@ index 0c1cd89..6574647 100644 /* remove one streamer */ mxr_streamer_put(mdev); /* allow changes in output configuration */ -@@ -1043,8 +1043,8 @@ void mxr_base_layer_unregister(struct mxr_layer *layer) +@@ -1052,8 +1052,8 @@ void mxr_base_layer_unregister(struct mxr_layer *layer) void mxr_layer_release(struct mxr_layer *layer) { @@ -35572,7 +36496,7 @@ index 0c1cd89..6574647 100644 } void mxr_base_layer_release(struct mxr_layer *layer) -@@ -1070,7 +1070,7 @@ struct mxr_layer *mxr_base_layer_create(struct mxr_device *mdev, +@@ -1079,7 +1079,7 @@ struct mxr_layer *mxr_base_layer_create(struct mxr_device *mdev, layer->mdev = mdev; layer->idx = idx; @@ -35594,30 +36518,8 @@ index 3d13a63..da31bf1 100644 .release = mxr_vp_layer_release, .buffer_set = mxr_vp_buffer_set, .stream_set = mxr_vp_stream_set, -diff --git a/drivers/media/platform/timblogiw.c b/drivers/media/platform/timblogiw.c -index 02194c0..36d69c1 100644 ---- a/drivers/media/platform/timblogiw.c -+++ b/drivers/media/platform/timblogiw.c -@@ -745,7 +745,7 @@ static int timblogiw_mmap(struct file *file, struct vm_area_struct *vma) - - /* Platform device functions */ - --static __devinitconst struct v4l2_ioctl_ops timblogiw_ioctl_ops = { -+static struct v4l2_ioctl_ops timblogiw_ioctl_ops = { - .vidioc_querycap = timblogiw_querycap, - .vidioc_enum_fmt_vid_cap = timblogiw_enum_fmt, - .vidioc_g_fmt_vid_cap = timblogiw_g_fmt, -@@ -767,7 +767,7 @@ static __devinitconst struct v4l2_ioctl_ops timblogiw_ioctl_ops = { - .vidioc_enum_framesizes = timblogiw_enum_framesizes, - }; - --static __devinitconst struct v4l2_file_operations timblogiw_fops = { -+static struct v4l2_file_operations timblogiw_fops = { - .owner = THIS_MODULE, - .open = timblogiw_open, - .release = timblogiw_close, diff --git a/drivers/media/radio/radio-cadet.c b/drivers/media/radio/radio-cadet.c -index 697a421..16c5a5f 100644 +index 643d80a..56bb96b 100644 --- a/drivers/media/radio/radio-cadet.c +++ b/drivers/media/radio/radio-cadet.c @@ -302,6 +302,8 @@ static ssize_t cadet_read(struct file *file, char __user *data, size_t count, lo @@ -35683,7 +36585,7 @@ index fb69baa..cf7ad22 100644 * Rounding UP to nearest 4-kB boundary here... */ diff --git a/drivers/message/fusion/mptsas.c b/drivers/message/fusion/mptsas.c -index 551262e..7551198 100644 +index fa43c39..daeb158 100644 --- a/drivers/message/fusion/mptsas.c +++ b/drivers/message/fusion/mptsas.c @@ -446,6 +446,23 @@ mptsas_is_end_device(struct mptsas_devinfo * attached) @@ -35735,10 +36637,10 @@ index 551262e..7551198 100644 mptsas_get_port(struct mptsas_phyinfo *phy_info) { diff --git a/drivers/message/fusion/mptscsih.c b/drivers/message/fusion/mptscsih.c -index 0c3ced7..1fe34ec 100644 +index 164afa7..b6b2e74 100644 --- a/drivers/message/fusion/mptscsih.c +++ b/drivers/message/fusion/mptscsih.c -@@ -1270,15 +1270,16 @@ mptscsih_info(struct Scsi_Host *SChost) +@@ -1271,15 +1271,16 @@ mptscsih_info(struct Scsi_Host *SChost) h = shost_priv(SChost); @@ -35923,7 +36825,7 @@ index a8c08f3..155fe3d 100644 #endif diff --git a/drivers/mfd/janz-cmodio.c b/drivers/mfd/janz-cmodio.c -index 965c480..71f2db9 100644 +index 45ece11..8efa218 100644 --- a/drivers/mfd/janz-cmodio.c +++ b/drivers/mfd/janz-cmodio.c @@ -13,6 +13,7 @@ @@ -36289,10 +37191,10 @@ index d971817..33bdca5 100644 break; diff --git a/drivers/mmc/core/mmc_ops.c b/drivers/mmc/core/mmc_ops.c -index a0e1720..ee63d0b 100644 +index 6d8f701..35b6369 100644 --- a/drivers/mmc/core/mmc_ops.c +++ b/drivers/mmc/core/mmc_ops.c -@@ -245,7 +245,7 @@ mmc_send_cxd_data(struct mmc_card *card, struct mmc_host *host, +@@ -247,7 +247,7 @@ mmc_send_cxd_data(struct mmc_card *card, struct mmc_host *host, void *data_buf; int is_on_stack; @@ -36313,10 +37215,10 @@ index 53b8fd9..615b462 100644 +} __do_const; #endif /* _DW_MMC_H_ */ diff --git a/drivers/mmc/host/sdhci-s3c.c b/drivers/mmc/host/sdhci-s3c.c -index c9ec725..178e79a 100644 +index 82a8de1..3c56ccb 100644 --- a/drivers/mmc/host/sdhci-s3c.c +++ b/drivers/mmc/host/sdhci-s3c.c -@@ -719,9 +719,11 @@ static int __devinit sdhci_s3c_probe(struct platform_device *pdev) +@@ -721,9 +721,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev) * we can use overriding functions instead of default. */ if (host->quirks & SDHCI_QUIRK_NONSTANDARD_CLOCK) { @@ -36345,11 +37247,11 @@ index a4eb8b5..8c0628f 100644 "ECC needs a full sector write (adr: %lx size %lx)\n", (long) to, (long) len); diff --git a/drivers/mtd/nand/denali.c b/drivers/mtd/nand/denali.c -index e706a23..b3d262f 100644 +index 0c8bb6b..6f35deb 100644 --- a/drivers/mtd/nand/denali.c +++ b/drivers/mtd/nand/denali.c -@@ -26,6 +26,7 @@ - #include <linux/pci.h> +@@ -24,6 +24,7 @@ + #include <linux/slab.h> #include <linux/mtd/mtd.h> #include <linux/module.h> +#include <linux/slab.h> @@ -36369,7 +37271,7 @@ index 51b9d6a..52af9a7 100644 #include <linux/mtd/nand.h> #include <linux/mtd/nftl.h> diff --git a/drivers/net/ethernet/8390/ax88796.c b/drivers/net/ethernet/8390/ax88796.c -index 203ff9d..0968ca8 100644 +index 70dba5d..11a0919 100644 --- a/drivers/net/ethernet/8390/ax88796.c +++ b/drivers/net/ethernet/8390/ax88796.c @@ -872,9 +872,11 @@ static int ax_probe(struct platform_device *pdev) @@ -36386,10 +37288,10 @@ index 203ff9d..0968ca8 100644 if (!request_mem_region(mem->start, mem_size, pdev->name)) { diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h -index 9c5ea6c..eaad276 100644 +index 0991534..8098e92 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h -@@ -1046,7 +1046,7 @@ static inline u8 bnx2x_get_path_func_num(struct bnx2x *bp) +@@ -1094,7 +1094,7 @@ static inline u8 bnx2x_get_path_func_num(struct bnx2x *bp) static inline void bnx2x_init_bp_objs(struct bnx2x *bp) { /* RX_MODE controlling object */ @@ -36399,7 +37301,7 @@ index 9c5ea6c..eaad276 100644 /* multicast configuration controlling object */ bnx2x_init_mcast_obj(bp, &bp->mcast_obj, bp->fp->cl_id, bp->fp->cid, diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c -index 614981c..11216c7 100644 +index 09b625e..15b16fe 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c @@ -2375,15 +2375,14 @@ int bnx2x_config_rx_mode(struct bnx2x *bp, @@ -36424,10 +37326,10 @@ index 614981c..11216c7 100644 } diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -index acf2fe4..efb96df 100644 +index adbd91b..58ec94a 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -@@ -1281,8 +1281,7 @@ int bnx2x_vlan_mac_move(struct bnx2x *bp, +@@ -1293,8 +1293,7 @@ int bnx2x_vlan_mac_move(struct bnx2x *bp, /********************* RX MODE ****************/ @@ -36438,10 +37340,10 @@ index acf2fe4..efb96df 100644 /** * bnx2x_config_rx_mode - Send and RX_MODE ramrod according to the provided parameters. diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h -index d9308c32..d87b824 100644 +index d330e81..ce1fb9a 100644 --- a/drivers/net/ethernet/broadcom/tg3.h +++ b/drivers/net/ethernet/broadcom/tg3.h -@@ -140,6 +140,7 @@ +@@ -146,6 +146,7 @@ #define CHIPREV_ID_5750_A0 0x4000 #define CHIPREV_ID_5750_A1 0x4001 #define CHIPREV_ID_5750_A3 0x4003 @@ -36463,7 +37365,7 @@ index 8cffcdf..aadf043 100644 #define L2T_SKB_CB(skb) ((struct l2t_skb_cb *)(skb)->cb) diff --git a/drivers/net/ethernet/dec/tulip/de4x5.c b/drivers/net/ethernet/dec/tulip/de4x5.c -index f879e92..726f20f 100644 +index 4c83003..2a2a5b9 100644 --- a/drivers/net/ethernet/dec/tulip/de4x5.c +++ b/drivers/net/ethernet/dec/tulip/de4x5.c @@ -5388,7 +5388,7 @@ de4x5_ioctl(struct net_device *dev, struct ifreq *rq, int cmd) @@ -36485,10 +37387,10 @@ index f879e92..726f20f 100644 break; } diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c -index d1b6cc5..cde0d97 100644 +index 4d6f3c5..6169e60 100644 --- a/drivers/net/ethernet/emulex/benet/be_main.c +++ b/drivers/net/ethernet/emulex/benet/be_main.c -@@ -403,7 +403,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) +@@ -455,7 +455,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) if (wrapped) newacc += 65536; @@ -36524,20 +37426,20 @@ index b901a01..1ff32ee 100644 #include "ftmac100.h" diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c -index d929131..aed108f 100644 +index bb9256a..56d8752 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c -@@ -865,7 +865,7 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter) - /* store the new cycle speed */ - adapter->cycle_speed = cycle_speed; +@@ -806,7 +806,7 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter) + } + /* update the base incval used to calculate frequency adjustment */ - ACCESS_ONCE(adapter->base_incval) = incval; + ACCESS_ONCE_RW(adapter->base_incval) = incval; smp_mb(); - /* grab the ptp lock */ + /* need lock to prevent incorrect read while modifying cyclecounter */ diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.c b/drivers/net/ethernet/neterion/vxge/vxge-config.c -index c2e420a..26a75e0 100644 +index fbe5363..266b4e3 100644 --- a/drivers/net/ethernet/neterion/vxge/vxge-config.c +++ b/drivers/net/ethernet/neterion/vxge/vxge-config.c @@ -3461,7 +3461,10 @@ __vxge_hw_fifo_create(struct __vxge_hw_vpath_handle *vp, @@ -36562,10 +37464,10 @@ index c2e420a..26a75e0 100644 __vxge_hw_mempool_create(vpath->hldev, fifo->config->memblock_size, diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index 6afe74e..2e2950f 100644 +index 998974f..ecd26db 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c -@@ -747,22 +747,22 @@ struct rtl8169_private { +@@ -741,22 +741,22 @@ struct rtl8169_private { struct mdio_ops { void (*write)(struct rtl8169_private *, int, int); int (*read)(struct rtl8169_private *, int); @@ -36621,7 +37523,7 @@ index 0c74a70..3bc6f68 100644 /* To mask all all interrupts.*/ diff --git a/drivers/net/hyperv/hyperv_net.h b/drivers/net/hyperv/hyperv_net.h -index 5fd6f46..ee1f265 100644 +index e6fe0d8..2b7d752 100644 --- a/drivers/net/hyperv/hyperv_net.h +++ b/drivers/net/hyperv/hyperv_net.h @@ -101,7 +101,7 @@ struct rndis_device { @@ -36634,7 +37536,7 @@ index 5fd6f46..ee1f265 100644 spinlock_t request_lock; struct list_head req_list; diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c -index 928148c..d83298e 100644 +index 2b657d4..9903bc0 100644 --- a/drivers/net/hyperv/rndis_filter.c +++ b/drivers/net/hyperv/rndis_filter.c @@ -107,7 +107,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev, @@ -36646,7 +37548,7 @@ index 928148c..d83298e 100644 /* Add to the request list */ spin_lock_irqsave(&dev->request_lock, flags); -@@ -760,7 +760,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev) +@@ -758,7 +758,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev) /* Setup the rndis set */ halt = &request->request_msg.msg.halt_req; @@ -36656,10 +37558,10 @@ index 928148c..d83298e 100644 /* Ignore return since this msg is optional. */ rndis_filter_send_request(dev, request); diff --git a/drivers/net/ieee802154/fakehard.c b/drivers/net/ieee802154/fakehard.c -index 7d39add..037e1da 100644 +index 1e9cb0b..7839125 100644 --- a/drivers/net/ieee802154/fakehard.c +++ b/drivers/net/ieee802154/fakehard.c -@@ -386,7 +386,7 @@ static int __devinit ieee802154fake_probe(struct platform_device *pdev) +@@ -386,7 +386,7 @@ static int ieee802154fake_probe(struct platform_device *pdev) phy->transmit_power = 0xbf; dev->netdev_ops = &fake_ops; @@ -36668,6 +37570,19 @@ index 7d39add..037e1da 100644 priv = netdev_priv(dev); priv->phy = phy; +diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c +index d3fb97d..e229d3e 100644 +--- a/drivers/net/macvlan.c ++++ b/drivers/net/macvlan.c +@@ -913,7 +913,7 @@ static int macvlan_device_event(struct notifier_block *unused, + return NOTIFY_DONE; + } + +-static struct notifier_block macvlan_notifier_block __read_mostly = { ++static struct notifier_block macvlan_notifier_block = { + .notifier_call = macvlan_device_event, + }; + diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c index 0f0f9ce..0ca5819 100644 --- a/drivers/net/macvtap.c @@ -36694,7 +37609,7 @@ index daec9b0..6428fcb 100644 } EXPORT_SYMBOL(free_mdio_bitbang); diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c -index eb3f5ce..d773730 100644 +index 0b2706a..ba1430d 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c @@ -999,7 +999,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) @@ -36729,10 +37644,10 @@ index ad86660..9fd0884 100644 }; diff --git a/drivers/net/tun.c b/drivers/net/tun.c -index 0873cdc..ddb178e 100644 +index 2917a86..edd463f 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c -@@ -1374,7 +1374,7 @@ static int set_offload(struct tun_struct *tun, unsigned long arg) +@@ -1836,7 +1836,7 @@ unlock: } static long __tun_chr_ioctl(struct file *file, unsigned int cmd, @@ -36741,18 +37656,18 @@ index 0873cdc..ddb178e 100644 { struct tun_file *tfile = file->private_data; struct tun_struct *tun; -@@ -1387,6 +1387,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, +@@ -1848,6 +1848,9 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd, int vnet_hdr_sz; int ret; + if (ifreq_len > sizeof ifr) + return -EFAULT; + - if (cmd == TUNSETIFF || _IOC_TYPE(cmd) == 0x89) { + if (cmd == TUNSETIFF || cmd == TUNSETQUEUE || _IOC_TYPE(cmd) == 0x89) { if (copy_from_user(&ifr, argp, ifreq_len)) return -EFAULT; diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c -index 605a4ba..a883dd1 100644 +index cd8ccb2..cff5144 100644 --- a/drivers/net/usb/hso.c +++ b/drivers/net/usb/hso.c @@ -71,7 +71,7 @@ @@ -36833,7 +37748,7 @@ index 605a4ba..a883dd1 100644 /* Setup and send a ctrl req read on * port i */ if (!serial->rx_urb_filled[0]) { -@@ -3078,7 +3077,7 @@ static int hso_resume(struct usb_interface *iface) +@@ -3079,7 +3078,7 @@ static int hso_resume(struct usb_interface *iface) /* Start all serial ports */ for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) { if (serial_table[i] && (serial_table[i]->interface == iface)) { @@ -36842,63 +37757,6 @@ index 605a4ba..a883dd1 100644 result = hso_start_serial_device(serial_table[i], GFP_NOIO); hso_kick_transmit(dev2ser(serial_table[i])); -diff --git a/drivers/net/usb/usbnet.c b/drivers/net/usb/usbnet.c -index edb81ed..ab8931c 100644 ---- a/drivers/net/usb/usbnet.c -+++ b/drivers/net/usb/usbnet.c -@@ -380,6 +380,12 @@ static int rx_submit (struct usbnet *dev, struct urb *urb, gfp_t flags) - unsigned long lockflags; - size_t size = dev->rx_urb_size; - -+ /* prevent rx skb allocation when error ratio is high */ -+ if (test_bit(EVENT_RX_KILL, &dev->flags)) { -+ usb_free_urb(urb); -+ return -ENOLINK; -+ } -+ - skb = __netdev_alloc_skb_ip_align(dev->net, size, flags); - if (!skb) { - netif_dbg(dev, rx_err, dev->net, "no rx skb\n"); -@@ -539,6 +545,17 @@ block: - break; - } - -+ /* stop rx if packet error rate is high */ -+ if (++dev->pkt_cnt > 30) { -+ dev->pkt_cnt = 0; -+ dev->pkt_err = 0; -+ } else { -+ if (state == rx_cleanup) -+ dev->pkt_err++; -+ if (dev->pkt_err > 20) -+ set_bit(EVENT_RX_KILL, &dev->flags); -+ } -+ - state = defer_bh(dev, skb, &dev->rxq, state); - - if (urb) { -@@ -790,6 +807,11 @@ int usbnet_open (struct net_device *net) - (dev->driver_info->flags & FLAG_FRAMING_AX) ? "ASIX" : - "simple"); - -+ /* reset rx error state */ -+ dev->pkt_cnt = 0; -+ dev->pkt_err = 0; -+ clear_bit(EVENT_RX_KILL, &dev->flags); -+ - // delay posting reads until we're fully open - tasklet_schedule (&dev->bh); - if (info->manage_power) { -@@ -1253,6 +1275,9 @@ static void usbnet_bh (unsigned long param) - } - } - -+ /* restart RX again after disabling due to high error rate */ -+ clear_bit(EVENT_RX_KILL, &dev->flags); -+ - // waiting for all pending urbs to complete? - if (dev->wait) { - if ((dev->txq.qlen + dev->rxq.qlen + dev->done.qlen) == 0) { diff --git a/drivers/net/wireless/ath/ath9k/ar9002_mac.c b/drivers/net/wireless/ath/ath9k/ar9002_mac.c index 8d78253..bebbb68 100644 --- a/drivers/net/wireless/ath/ath9k/ar9002_mac.c @@ -37105,10 +37963,10 @@ index 301bf72..3f5654f 100644 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h -index b68aaf5..fb20845 100644 +index 9d26fc5..60d9f14 100644 --- a/drivers/net/wireless/ath/ath9k/hw.h +++ b/drivers/net/wireless/ath/ath9k/hw.h -@@ -657,7 +657,7 @@ struct ath_hw_private_ops { +@@ -658,7 +658,7 @@ struct ath_hw_private_ops { /* ANI */ void (*ani_cache_ini_regs)(struct ath_hw *ah); @@ -37117,7 +37975,7 @@ index b68aaf5..fb20845 100644 /** * struct ath_hw_ops - callbacks used by hardware code and driver code -@@ -687,7 +687,7 @@ struct ath_hw_ops { +@@ -688,7 +688,7 @@ struct ath_hw_ops { void (*antdiv_comb_conf_set)(struct ath_hw *ah, struct ath_hw_antcomb_conf *antconf); void (*antctrl_shared_chain_lnadiv)(struct ath_hw *hw, bool enable); @@ -37126,30 +37984,8 @@ index b68aaf5..fb20845 100644 struct ath_nf_limits { s16 max; -diff --git a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.h b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.h -index 71ced17..cd82b12 100644 ---- a/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.h -+++ b/drivers/net/wireless/brcm80211/brcmfmac/wl_cfg80211.h -@@ -184,7 +184,7 @@ struct brcmf_cfg80211_event_loop { - struct net_device *ndev, - const struct brcmf_event_msg *e, - void *data); --}; -+} __no_const; - - /* basic structure of scan request */ - struct brcmf_cfg80211_scan_req { -@@ -239,7 +239,7 @@ struct brcmf_cfg80211_profile { - struct brcmf_cfg80211_iscan_eloop { - s32 (*handler[WL_SCAN_ERSULTS_LAST]) - (struct brcmf_cfg80211_info *cfg); --}; -+} __no_const; - - /* dongle iscan controller */ - struct brcmf_cfg80211_iscan_ctrl { diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c -index e252acb..6ad1e65 100644 +index 3726cd6..b655808 100644 --- a/drivers/net/wireless/iwlegacy/3945-mac.c +++ b/drivers/net/wireless/iwlegacy/3945-mac.c @@ -3615,7 +3615,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) @@ -37164,7 +38000,7 @@ index e252acb..6ad1e65 100644 D_INFO("*** LOAD DRIVER ***\n"); diff --git a/drivers/net/wireless/iwlwifi/dvm/debugfs.c b/drivers/net/wireless/iwlwifi/dvm/debugfs.c -index 1a98fa3..51e6661 100644 +index 5b9533e..7733880 100644 --- a/drivers/net/wireless/iwlwifi/dvm/debugfs.c +++ b/drivers/net/wireless/iwlwifi/dvm/debugfs.c @@ -203,7 +203,7 @@ static ssize_t iwl_dbgfs_sram_write(struct file *file, @@ -37285,10 +38121,10 @@ index 1a98fa3..51e6661 100644 memset(buf, 0, sizeof(buf)); buf_size = min(count, sizeof(buf) - 1); diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c -index fe0fffd..b4c5724 100644 +index 35708b9..31f7754 100644 --- a/drivers/net/wireless/iwlwifi/pcie/trans.c +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c -@@ -1967,7 +1967,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, +@@ -1100,7 +1100,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, struct isr_statistics *isr_stats = &trans_pcie->isr_stats; char buf[8]; @@ -37297,7 +38133,7 @@ index fe0fffd..b4c5724 100644 u32 reset_flag; memset(buf, 0, sizeof(buf)); -@@ -1988,7 +1988,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, +@@ -1121,7 +1121,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, { struct iwl_trans *trans = file->private_data; char buf[8]; @@ -37307,29 +38143,53 @@ index fe0fffd..b4c5724 100644 memset(buf, 0, sizeof(buf)); diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c -index 429ca32..f86236b 100644 +index ff90855..e46d223 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c -@@ -1751,9 +1751,11 @@ static int __init init_mac80211_hwsim(void) - return -EINVAL; +@@ -2062,25 +2062,19 @@ static int __init init_mac80211_hwsim(void) - if (fake_hw_scan) { + if (channels > 1) { + hwsim_if_comb.num_different_channels = channels; - mac80211_hwsim_ops.hw_scan = mac80211_hwsim_hw_scan; +- mac80211_hwsim_ops.cancel_hw_scan = +- mac80211_hwsim_cancel_hw_scan; - mac80211_hwsim_ops.sw_scan_start = NULL; - mac80211_hwsim_ops.sw_scan_complete = NULL; +- mac80211_hwsim_ops.remain_on_channel = +- mac80211_hwsim_roc; +- mac80211_hwsim_ops.cancel_remain_on_channel = +- mac80211_hwsim_croc; +- mac80211_hwsim_ops.add_chanctx = +- mac80211_hwsim_add_chanctx; +- mac80211_hwsim_ops.remove_chanctx = +- mac80211_hwsim_remove_chanctx; +- mac80211_hwsim_ops.change_chanctx = +- mac80211_hwsim_change_chanctx; +- mac80211_hwsim_ops.assign_vif_chanctx = +- mac80211_hwsim_assign_vif_chanctx; +- mac80211_hwsim_ops.unassign_vif_chanctx = +- mac80211_hwsim_unassign_vif_chanctx; + pax_open_kernel(); + *(void **)&mac80211_hwsim_ops.hw_scan = mac80211_hwsim_hw_scan; ++ *(void **)&mac80211_hwsim_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan; + *(void **)&mac80211_hwsim_ops.sw_scan_start = NULL; + *(void **)&mac80211_hwsim_ops.sw_scan_complete = NULL; ++ *(void **)&mac80211_hwsim_ops.remain_on_channel = mac80211_hwsim_roc; ++ *(void **)&mac |