diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2013-05-15 18:14:20 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2013-05-15 18:14:20 -0400 |
commit | 0b3c8d9300b701411981b6e943c001e90a2331ff (patch) | |
tree | 69a223bf88374bc776e8bdf0ef4a9ae4860035a6 | |
parent | Grsec/PaX: 2.9.1-{2.6.32.60,3.2.44,3.8.12}-201305082215 (diff) | |
download | hardened-patchset-0b3c8d9300b701411981b6e943c001e90a2331ff.tar.gz hardened-patchset-0b3c8d9300b701411981b6e943c001e90a2331ff.tar.bz2 hardened-patchset-0b3c8d9300b701411981b6e943c001e90a2331ff.zip |
Grsec/PaX: 2.9.1-{2.6.32.60,3.2.45,3.9.2}-2013051420130514
-rw-r--r-- | 2.6.32/0000_README | 2 | ||||
-rw-r--r-- | 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305142032.patch (renamed from 2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305082213.patch) | 183 | ||||
-rw-r--r-- | 2.6.32/4450_grsec-kconfig-default-gids.patch | 12 | ||||
-rw-r--r-- | 2.6.32/4465_selinux-avc_audit-log-curr_ip.patch | 2 | ||||
-rw-r--r-- | 3.2.45/0000_README (renamed from 3.2.44/0000_README) | 6 | ||||
-rw-r--r-- | 3.2.45/1021_linux-3.2.22.patch (renamed from 3.2.44/1021_linux-3.2.22.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1022_linux-3.2.23.patch (renamed from 3.2.44/1022_linux-3.2.23.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1023_linux-3.2.24.patch (renamed from 3.2.44/1023_linux-3.2.24.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1024_linux-3.2.25.patch (renamed from 3.2.44/1024_linux-3.2.25.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1025_linux-3.2.26.patch (renamed from 3.2.44/1025_linux-3.2.26.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1026_linux-3.2.27.patch (renamed from 3.2.44/1026_linux-3.2.27.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1027_linux-3.2.28.patch (renamed from 3.2.44/1027_linux-3.2.28.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1028_linux-3.2.29.patch (renamed from 3.2.44/1028_linux-3.2.29.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1029_linux-3.2.30.patch (renamed from 3.2.44/1029_linux-3.2.30.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1030_linux-3.2.31.patch (renamed from 3.2.44/1030_linux-3.2.31.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1031_linux-3.2.32.patch (renamed from 3.2.44/1031_linux-3.2.32.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1032_linux-3.2.33.patch (renamed from 3.2.44/1032_linux-3.2.33.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1033_linux-3.2.34.patch (renamed from 3.2.44/1033_linux-3.2.34.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1034_linux-3.2.35.patch (renamed from 3.2.44/1034_linux-3.2.35.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1035_linux-3.2.36.patch (renamed from 3.2.44/1035_linux-3.2.36.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1036_linux-3.2.37.patch (renamed from 3.2.44/1036_linux-3.2.37.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1037_linux-3.2.38.patch (renamed from 3.2.44/1037_linux-3.2.38.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1038_linux-3.2.39.patch (renamed from 3.2.44/1038_linux-3.2.39.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1039_linux-3.2.40.patch (renamed from 3.2.44/1039_linux-3.2.40.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1040_linux-3.2.41.patch (renamed from 3.2.44/1040_linux-3.2.41.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1041_linux-3.2.42.patch (renamed from 3.2.44/1041_linux-3.2.42.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1042_linux-3.2.43.patch (renamed from 3.2.44/1042_linux-3.2.43.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1043_linux-3.2.44.patch (renamed from 3.2.44/1043_linux-3.2.44.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/1044_linux-3.2.45.patch | 3809 | ||||
-rw-r--r-- | 3.2.45/4420_grsecurity-2.9.1-3.2.45-201305142033.patch (renamed from 3.2.44/4420_grsecurity-2.9.1-3.2.44-201305082214.patch) | 828 | ||||
-rw-r--r-- | 3.2.45/4425_grsec_remove_EI_PAX.patch (renamed from 3.2.44/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/4430_grsec-remove-localversion-grsec.patch (renamed from 3.2.44/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/4435_grsec-mute-warnings.patch (renamed from 3.2.44/4435_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/4440_grsec-remove-protected-paths.patch (renamed from 3.2.44/4440_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 3.2.45/4450_grsec-kconfig-default-gids.patch (renamed from 3.8.12/4450_grsec-kconfig-default-gids.patch) | 12 | ||||
-rw-r--r-- | 3.2.45/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.2.44/4465_selinux-avc_audit-log-curr_ip.patch) | 2 | ||||
-rw-r--r-- | 3.2.45/4470_disable-compat_vdso.patch (renamed from 3.2.44/4470_disable-compat_vdso.patch) | 0 | ||||
-rw-r--r-- | 3.8.12/1010_linux-3.8.11.patch | 1556 | ||||
-rw-r--r-- | 3.8.12/1011_linux-3.8.12.patch | 3136 | ||||
-rw-r--r-- | 3.9.2/0000_README (renamed from 3.8.12/0000_README) | 10 | ||||
-rw-r--r-- | 3.9.2/4420_grsecurity-2.9.1-3.9.2-201305142035.patch (renamed from 3.8.12/4420_grsecurity-2.9.1-3.8.12-201305082215.patch) | 9887 | ||||
-rw-r--r-- | 3.9.2/4425_grsec_remove_EI_PAX.patch (renamed from 3.8.12/4425_grsec_remove_EI_PAX.patch) | 0 | ||||
-rw-r--r-- | 3.9.2/4430_grsec-remove-localversion-grsec.patch (renamed from 3.8.12/4430_grsec-remove-localversion-grsec.patch) | 0 | ||||
-rw-r--r-- | 3.9.2/4435_grsec-mute-warnings.patch (renamed from 3.8.12/4435_grsec-mute-warnings.patch) | 0 | ||||
-rw-r--r-- | 3.9.2/4440_grsec-remove-protected-paths.patch (renamed from 3.8.12/4440_grsec-remove-protected-paths.patch) | 0 | ||||
-rw-r--r-- | 3.9.2/4450_grsec-kconfig-default-gids.patch (renamed from 3.2.44/4450_grsec-kconfig-default-gids.patch) | 12 | ||||
-rw-r--r-- | 3.9.2/4465_selinux-avc_audit-log-curr_ip.patch (renamed from 3.8.12/4465_selinux-avc_audit-log-curr_ip.patch) | 2 | ||||
-rw-r--r-- | 3.9.2/4470_disable-compat_vdso.patch (renamed from 3.8.12/4470_disable-compat_vdso.patch) | 2 |
48 files changed, 8640 insertions, 10821 deletions
diff --git a/2.6.32/0000_README b/2.6.32/0000_README index ec404fe..64c91d5 100644 --- a/2.6.32/0000_README +++ b/2.6.32/0000_README @@ -34,7 +34,7 @@ Patch: 1059_linux-2.6.32.60.patch From: http://www.kernel.org Desc: Linux 2.6.32.59 -Patch: 4420_grsecurity-2.9.1-2.6.32.60-201305082213.patch +Patch: 4420_grsecurity-2.9.1-2.6.32.60-201305142032.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305082213.patch b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305142032.patch index 08033a1..f34ed36 100644 --- a/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305082213.patch +++ b/2.6.32/4420_grsecurity-2.9.1-2.6.32.60-201305142032.patch @@ -76580,18 +76580,10 @@ index cb2849f..3718fb4 100644 if (entry->bitmap && entry->bytes > bytes + empty_size) { ret = btrfs_bitmap_cluster(block_group, entry, cluster, diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index e03a836..d4e4e69 100644 +index e03a836..e786215 100644 --- a/fs/btrfs/inode.c +++ b/fs/btrfs/inode.c -@@ -17,6 +17,7 @@ - */ - - #include <linux/kernel.h> -+#include <linux/module.h> - #include <linux/bio.h> - #include <linux/buffer_head.h> - #include <linux/file.h> -@@ -63,7 +64,7 @@ static const struct inode_operations btrfs_file_inode_operations; +@@ -63,7 +63,7 @@ static const struct inode_operations btrfs_file_inode_operations; static const struct address_space_operations btrfs_aops; static const struct address_space_operations btrfs_symlink_aops; static const struct file_operations btrfs_dir_file_operations; @@ -76600,7 +76592,7 @@ index e03a836..d4e4e69 100644 static struct kmem_cache *btrfs_inode_cachep; struct kmem_cache *btrfs_trans_handle_cachep; -@@ -925,6 +926,7 @@ static int cow_file_range_async(struct inode *inode, struct page *locked_page, +@@ -925,6 +925,7 @@ static int cow_file_range_async(struct inode *inode, struct page *locked_page, 1, 0, NULL, GFP_NOFS); while (start < end) { async_cow = kmalloc(sizeof(*async_cow), GFP_NOFS); @@ -76608,7 +76600,7 @@ index e03a836..d4e4e69 100644 async_cow->inode = inode; async_cow->root = root; async_cow->locked_page = locked_page; -@@ -4591,6 +4593,8 @@ static noinline int uncompress_inline(struct btrfs_path *path, +@@ -4591,6 +4592,8 @@ static noinline int uncompress_inline(struct btrfs_path *path, inline_size = btrfs_file_extent_inline_item_len(leaf, btrfs_item_nr(leaf, path->slots[0])); tmp = kmalloc(inline_size, GFP_NOFS); @@ -76617,31 +76609,7 @@ index e03a836..d4e4e69 100644 ptr = btrfs_file_extent_inline_start(item); read_extent_buffer(leaf, tmp, ptr, inline_size); -@@ -5410,7 +5414,7 @@ fail: - return -ENOMEM; - } - --static int btrfs_getattr(struct vfsmount *mnt, -+int btrfs_getattr(struct vfsmount *mnt, - struct dentry *dentry, struct kstat *stat) - { - struct inode *inode = dentry->d_inode; -@@ -5422,6 +5426,14 @@ static int btrfs_getattr(struct vfsmount *mnt, - return 0; - } - -+EXPORT_SYMBOL(btrfs_getattr); -+ -+dev_t get_btrfs_dev_from_inode(struct inode *inode) -+{ -+ return BTRFS_I(inode)->root->anon_super.s_dev; -+} -+EXPORT_SYMBOL(get_btrfs_dev_from_inode); -+ - static int btrfs_rename(struct inode *old_dir, struct dentry *old_dentry, - struct inode *new_dir, struct dentry *new_dentry) - { -@@ -5972,7 +5984,7 @@ static const struct file_operations btrfs_dir_file_operations = { +@@ -5972,7 +5975,7 @@ static const struct file_operations btrfs_dir_file_operations = { .fsync = btrfs_sync_file, }; @@ -86469,10 +86437,10 @@ index 0000000..1b9afa9 +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..8d867c7 +index 0000000..6c8c298 --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,4201 @@ +@@ -0,0 +1,4203 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -86499,6 +86467,13 @@ index 0000000..8d867c7 +#include <linux/fdtable.h> +#include <linux/percpu.h> +#include <linux/posix-timers.h> ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++#include <linux/magic.h> ++#include <linux/pagemap.h> ++#include "../fs/btrfs/async-thread.h" ++#include "../fs/btrfs/ctree.h" ++#include "../fs/btrfs/btrfs_inode.h" ++#endif + +#include <asm/uaccess.h> +#include <asm/errno.h> @@ -86573,19 +86548,14 @@ index 0000000..8d867c7 + return (gr_status & GR_READY); +} + -+#ifdef CONFIG_BTRFS_FS -+extern dev_t get_btrfs_dev_from_inode(struct inode *inode); -+extern int btrfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat); -+#endif -+ +static inline dev_t __get_dev(const struct dentry *dentry) +{ -+#ifdef CONFIG_BTRFS_FS -+ if (dentry->d_inode->i_op && dentry->d_inode->i_op->getattr == &btrfs_getattr) -+ return get_btrfs_dev_from_inode(dentry->d_inode); ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++ if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC) ++ return BTRFS_I(dentry->d_inode)->root->anon_super.s_dev; + else +#endif -+ return dentry->d_inode->i_sb->s_dev; ++ return dentry->d_sb->s_dev; +} + +dev_t gr_get_dev_from_dentry(struct dentry *dentry) @@ -92012,10 +91982,10 @@ index 0000000..70b2179 +} diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c new file mode 100644 -index 0000000..6bb1860 +index 0000000..f755034 --- /dev/null +++ b/grsecurity/gracl_segv.c -@@ -0,0 +1,284 @@ +@@ -0,0 +1,301 @@ +#include <linux/kernel.h> +#include <linux/mm.h> +#include <asm/uaccess.h> @@ -92034,6 +92004,13 @@ index 0000000..6bb1860 +#include <linux/gracl.h> +#include <linux/grsecurity.h> +#include <linux/grinternal.h> ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++#include <linux/magic.h> ++#include <linux/pagemap.h> ++#include "../fs/btrfs/async-thread.h" ++#include "../fs/btrfs/ctree.h" ++#include "../fs/btrfs/btrfs_inode.h" ++#endif + +static struct crash_uid *uid_set; +static unsigned short uid_used; @@ -92044,6 +92021,16 @@ index 0000000..6bb1860 + struct acl_role_label *role); +extern int gr_fake_force_sig(int sig, struct task_struct *t); + ++static inline dev_t __get_dev(const struct dentry *dentry) ++{ ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++ if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC) ++ return BTRFS_I(dentry->d_inode)->root->anon_super.s_dev; ++ else ++#endif ++ return dentry->d_sb->s_dev; ++} ++ +int +gr_init_uidset(void) +{ @@ -92256,7 +92243,7 @@ index 0000000..6bb1860 + + read_lock(&gr_inode_lock); + curr = lookup_acl_subj_label(filp->f_path.dentry->d_inode->i_ino, -+ filp->f_path.dentry->d_inode->i_sb->s_dev, ++ __get_dev(filp->f_path.dentry), + current->role); + read_unlock(&gr_inode_lock); + @@ -92767,7 +92754,7 @@ index 0000000..bc7b363 +} diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c new file mode 100644 -index 0000000..7a358f8 +index 0000000..61dafe0 --- /dev/null +++ b/grsecurity/grsec_disabled.c @@ -0,0 +1,442 @@ @@ -93199,7 +93186,7 @@ index 0000000..7a358f8 + +dev_t gr_get_dev_from_dentry(struct dentry *dentry) +{ -+ return dentry->d_inode->i_sb->s_dev; ++ return dentry->d_sb->s_dev; +} + +void gr_put_exec_file(struct task_struct *task) @@ -105997,10 +105984,22 @@ index d656c27..21e452c 100644 }; diff --git a/kernel/perf_event.c b/kernel/perf_event.c -index 37ebc14..9c121d9 100644 +index 37ebc14..4596080 100644 --- a/kernel/perf_event.c +++ b/kernel/perf_event.c -@@ -77,7 +77,7 @@ int sysctl_perf_event_mlock __read_mostly = 516; /* 'free' kb per user */ +@@ -52,7 +52,11 @@ static atomic_t nr_task_events __read_mostly; + * 1 - disallow cpu events for unpriv + * 2 - disallow kernel profiling for unpriv + */ ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++int sysctl_perf_event_paranoid __read_mostly = 2; ++#else + int sysctl_perf_event_paranoid __read_mostly = 1; ++#endif + + static inline bool perf_paranoid_tracepoint_raw(void) + { +@@ -77,7 +81,7 @@ int sysctl_perf_event_mlock __read_mostly = 516; /* 'free' kb per user */ */ int sysctl_perf_event_sample_rate __read_mostly = 100000; @@ -106009,7 +106008,7 @@ index 37ebc14..9c121d9 100644 /* * Lock for (sysadmin-configurable) event reservations: -@@ -1094,9 +1094,9 @@ static void __perf_event_sync_stat(struct perf_event *event, +@@ -1094,9 +1098,9 @@ static void __perf_event_sync_stat(struct perf_event *event, * In order to keep per-task stats reliable we need to flip the event * values when we flip the contexts. */ @@ -106022,7 +106021,7 @@ index 37ebc14..9c121d9 100644 swap(event->total_time_enabled, next_event->total_time_enabled); swap(event->total_time_running, next_event->total_time_running); -@@ -1552,7 +1552,7 @@ static u64 perf_event_read(struct perf_event *event) +@@ -1552,7 +1556,7 @@ static u64 perf_event_read(struct perf_event *event) update_event_times(event); } @@ -106031,7 +106030,7 @@ index 37ebc14..9c121d9 100644 } /* -@@ -1790,11 +1790,11 @@ static int perf_event_read_group(struct perf_event *event, +@@ -1790,11 +1794,11 @@ static int perf_event_read_group(struct perf_event *event, values[n++] = 1 + leader->nr_siblings; if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { values[n++] = leader->total_time_enabled + @@ -106045,7 +106044,7 @@ index 37ebc14..9c121d9 100644 } size = n * sizeof(u64); -@@ -1829,11 +1829,11 @@ static int perf_event_read_one(struct perf_event *event, +@@ -1829,11 +1833,11 @@ static int perf_event_read_one(struct perf_event *event, values[n++] = perf_event_read_value(event); if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { values[n++] = event->total_time_enabled + @@ -106059,7 +106058,7 @@ index 37ebc14..9c121d9 100644 } if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(event); -@@ -1903,7 +1903,7 @@ static unsigned int perf_poll(struct file *file, poll_table *wait) +@@ -1903,7 +1907,7 @@ static unsigned int perf_poll(struct file *file, poll_table *wait) static void perf_event_reset(struct perf_event *event) { (void)perf_event_read(event); @@ -106068,7 +106067,7 @@ index 37ebc14..9c121d9 100644 perf_event_update_userpage(event); } -@@ -2079,15 +2079,15 @@ void perf_event_update_userpage(struct perf_event *event) +@@ -2079,15 +2083,15 @@ void perf_event_update_userpage(struct perf_event *event) ++userpg->lock; barrier(); userpg->index = perf_event_index(event); @@ -106088,7 +106087,7 @@ index 37ebc14..9c121d9 100644 barrier(); ++userpg->lock; -@@ -2903,14 +2903,14 @@ static void perf_output_read_one(struct perf_output_handle *handle, +@@ -2903,14 +2907,14 @@ static void perf_output_read_one(struct perf_output_handle *handle, u64 values[4]; int n = 0; @@ -106106,7 +106105,7 @@ index 37ebc14..9c121d9 100644 } if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(event); -@@ -2940,7 +2940,7 @@ static void perf_output_read_group(struct perf_output_handle *handle, +@@ -2940,7 +2944,7 @@ static void perf_output_read_group(struct perf_output_handle *handle, if (leader != event) leader->pmu->read(leader); @@ -106115,7 +106114,7 @@ index 37ebc14..9c121d9 100644 if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(leader); -@@ -2952,7 +2952,7 @@ static void perf_output_read_group(struct perf_output_handle *handle, +@@ -2952,7 +2956,7 @@ static void perf_output_read_group(struct perf_output_handle *handle, if (sub != event) sub->pmu->read(sub); @@ -106124,7 +106123,7 @@ index 37ebc14..9c121d9 100644 if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(sub); -@@ -3525,12 +3525,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) +@@ -3525,12 +3529,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) * need to add enough zero bytes after the string to handle * the 64bit alignment we do later. */ @@ -106139,7 +106138,7 @@ index 37ebc14..9c121d9 100644 if (IS_ERR(name)) { name = strncpy(tmp, "//toolong", sizeof(tmp)); goto got_name; -@@ -3783,7 +3783,7 @@ static void perf_swevent_add(struct perf_event *event, u64 nr, +@@ -3783,7 +3787,7 @@ static void perf_swevent_add(struct perf_event *event, u64 nr, { struct hw_perf_event *hwc = &event->hw; @@ -106148,7 +106147,7 @@ index 37ebc14..9c121d9 100644 if (!hwc->sample_period) return; -@@ -4040,9 +4040,9 @@ static void cpu_clock_perf_event_update(struct perf_event *event) +@@ -4040,9 +4044,9 @@ static void cpu_clock_perf_event_update(struct perf_event *event) u64 now; now = cpu_clock(cpu); @@ -106161,7 +106160,7 @@ index 37ebc14..9c121d9 100644 } static int cpu_clock_perf_event_enable(struct perf_event *event) -@@ -4050,7 +4050,7 @@ static int cpu_clock_perf_event_enable(struct perf_event *event) +@@ -4050,7 +4054,7 @@ static int cpu_clock_perf_event_enable(struct perf_event *event) struct hw_perf_event *hwc = &event->hw; int cpu = raw_smp_processor_id(); @@ -106170,7 +106169,7 @@ index 37ebc14..9c121d9 100644 perf_swevent_start_hrtimer(event); return 0; -@@ -4082,9 +4082,9 @@ static void task_clock_perf_event_update(struct perf_event *event, u64 now) +@@ -4082,9 +4086,9 @@ static void task_clock_perf_event_update(struct perf_event *event, u64 now) u64 prev; s64 delta; @@ -106182,7 +106181,7 @@ index 37ebc14..9c121d9 100644 } static int task_clock_perf_event_enable(struct perf_event *event) -@@ -4094,7 +4094,7 @@ static int task_clock_perf_event_enable(struct perf_event *event) +@@ -4094,7 +4098,7 @@ static int task_clock_perf_event_enable(struct perf_event *event) now = event->ctx->time; @@ -106191,7 +106190,7 @@ index 37ebc14..9c121d9 100644 perf_swevent_start_hrtimer(event); -@@ -4289,7 +4289,7 @@ perf_event_alloc(struct perf_event_attr *attr, +@@ -4289,7 +4293,7 @@ perf_event_alloc(struct perf_event_attr *attr, event->parent = parent_event; event->ns = get_pid_ns(current->nsproxy->pid_ns); @@ -106200,7 +106199,7 @@ index 37ebc14..9c121d9 100644 event->state = PERF_EVENT_STATE_INACTIVE; -@@ -4720,15 +4720,15 @@ static void sync_child_event(struct perf_event *child_event, +@@ -4720,15 +4724,15 @@ static void sync_child_event(struct perf_event *child_event, if (child_event->attr.inherit_stat) perf_event_read_event(child_event, child); @@ -118996,7 +118995,7 @@ index 524ba56..8f2f836 100644 if (!res) eth_started = 1; diff --git a/net/tipc/link.c b/net/tipc/link.c -index dd4c18b..f40d38d 100644 +index dd4c18b..356b07d 100644 --- a/net/tipc/link.c +++ b/net/tipc/link.c @@ -1418,7 +1418,7 @@ again: @@ -119017,6 +119016,44 @@ index dd4c18b..f40d38d 100644 sect_crs += sz; sect_rest -= sz; fragm_crs += sz; +@@ -2551,12 +2551,13 @@ static int link_recv_changeover_msg(struct link **l_ptr, + struct tipc_msg *tunnel_msg = buf_msg(tunnel_buf); + u32 msg_typ = msg_type(tunnel_msg); + u32 msg_count = msg_msgcnt(tunnel_msg); ++ u32 bearer_id = msg_bearer_id(tunnel_msg); + +- dest_link = (*l_ptr)->owner->links[msg_bearer_id(tunnel_msg)]; +- if (!dest_link) { +- msg_dbg(tunnel_msg, "NOLINK/<REC<"); ++ if (bearer_id >= MAX_BEARERS) ++ goto exit; ++ dest_link = (*l_ptr)->owner->links[bearer_id]; ++ if (!dest_link) + goto exit; +- } + if (dest_link == *l_ptr) { + err("Unexpected changeover message on link <%s>\n", + (*l_ptr)->name); +@@ -2798,15 +2799,16 @@ int tipc_link_recv_fragment(struct sk_buff **pending, struct sk_buff **fb, + struct tipc_msg *imsg = (struct tipc_msg *)msg_data(fragm); + u32 msg_sz = msg_size(imsg); + u32 fragm_sz = msg_data_sz(fragm); +- u32 exp_fragm_cnt = msg_sz/fragm_sz + !!(msg_sz % fragm_sz); ++ u32 exp_fragm_cnt; + u32 max = TIPC_MAX_USER_MSG_SIZE + LONG_H_SIZE; ++ + if (msg_type(imsg) == TIPC_MCAST_MSG) + max = TIPC_MAX_USER_MSG_SIZE + MCAST_H_SIZE; +- if (msg_size(imsg) > max) { +- msg_dbg(fragm,"<REC<Oversized: "); ++ if (fragm_sz == 0 || msg_size(imsg) > max) { + buf_discard(fbuf); + return 0; + } ++ exp_fragm_cnt = msg_sz / fragm_sz + !!(msg_sz % fragm_sz); + pbuf = buf_acquire(msg_size(imsg)); + if (pbuf != NULL) { + pbuf->next = *pending; diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c index 0747d8a..e8bf3f3 100644 --- a/net/tipc/subscr.c diff --git a/2.6.32/4450_grsec-kconfig-default-gids.patch b/2.6.32/4450_grsec-kconfig-default-gids.patch index dbd4565..87aa8e4 100644 --- a/2.6.32/4450_grsec-kconfig-default-gids.patch +++ b/2.6.32/4450_grsec-kconfig-default-gids.patch @@ -16,7 +16,7 @@ from shooting themselves in the foot. diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400 +++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400 -@@ -560,7 +560,7 @@ +@@ -570,7 +570,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -780,7 +780,7 @@ +@@ -790,7 +790,7 @@ config GRKERNSEC_TPE_UNTRUSTED_GID int "GID for TPE-untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -789,7 +789,7 @@ +@@ -799,7 +799,7 @@ config GRKERNSEC_TPE_TRUSTED_GID int "GID for TPE-trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -882,7 +882,7 @@ +@@ -892,7 +892,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -903,7 +903,7 @@ +@@ -913,7 +913,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -921,7 +921,7 @@ +@@ -931,7 +931,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch index 6273202..19027c3 100644 --- a/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch +++ b/2.6.32/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 18:47:02.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 18:51:15.000000000 -0400 -@@ -980,6 +980,27 @@ +@@ -990,6 +990,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/3.2.44/0000_README b/3.2.45/0000_README index cc13ddf..931a45e 100644 --- a/3.2.44/0000_README +++ b/3.2.45/0000_README @@ -94,7 +94,11 @@ Patch: 1043_linux-3.2.44.patch From: http://www.kernel.org Desc: Linux 3.2.44 -Patch: 4420_grsecurity-2.9.1-3.2.44-201305082214.patch +Patch: 1044_linux-3.2.45.patch +From: http://www.kernel.org +Desc: Linux 3.2.45 + +Patch: 4420_grsecurity-2.9.1-3.2.45-201305142033.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.2.44/1021_linux-3.2.22.patch b/3.2.45/1021_linux-3.2.22.patch index e6ad93a..e6ad93a 100644 --- a/3.2.44/1021_linux-3.2.22.patch +++ b/3.2.45/1021_linux-3.2.22.patch diff --git a/3.2.44/1022_linux-3.2.23.patch b/3.2.45/1022_linux-3.2.23.patch index 3d796d0..3d796d0 100644 --- a/3.2.44/1022_linux-3.2.23.patch +++ b/3.2.45/1022_linux-3.2.23.patch diff --git a/3.2.44/1023_linux-3.2.24.patch b/3.2.45/1023_linux-3.2.24.patch index 4692eb4..4692eb4 100644 --- a/3.2.44/1023_linux-3.2.24.patch +++ b/3.2.45/1023_linux-3.2.24.patch diff --git a/3.2.44/1024_linux-3.2.25.patch b/3.2.45/1024_linux-3.2.25.patch index e95c213..e95c213 100644 --- a/3.2.44/1024_linux-3.2.25.patch +++ b/3.2.45/1024_linux-3.2.25.patch diff --git a/3.2.44/1025_linux-3.2.26.patch b/3.2.45/1025_linux-3.2.26.patch index 44065b9..44065b9 100644 --- a/3.2.44/1025_linux-3.2.26.patch +++ b/3.2.45/1025_linux-3.2.26.patch diff --git a/3.2.44/1026_linux-3.2.27.patch b/3.2.45/1026_linux-3.2.27.patch index 5878eb4..5878eb4 100644 --- a/3.2.44/1026_linux-3.2.27.patch +++ b/3.2.45/1026_linux-3.2.27.patch diff --git a/3.2.44/1027_linux-3.2.28.patch b/3.2.45/1027_linux-3.2.28.patch index 4dbba4b..4dbba4b 100644 --- a/3.2.44/1027_linux-3.2.28.patch +++ b/3.2.45/1027_linux-3.2.28.patch diff --git a/3.2.44/1028_linux-3.2.29.patch b/3.2.45/1028_linux-3.2.29.patch index 3c65179..3c65179 100644 --- a/3.2.44/1028_linux-3.2.29.patch +++ b/3.2.45/1028_linux-3.2.29.patch diff --git a/3.2.44/1029_linux-3.2.30.patch b/3.2.45/1029_linux-3.2.30.patch index 86aea4b..86aea4b 100644 --- a/3.2.44/1029_linux-3.2.30.patch +++ b/3.2.45/1029_linux-3.2.30.patch diff --git a/3.2.44/1030_linux-3.2.31.patch b/3.2.45/1030_linux-3.2.31.patch index c6accf5..c6accf5 100644 --- a/3.2.44/1030_linux-3.2.31.patch +++ b/3.2.45/1030_linux-3.2.31.patch diff --git a/3.2.44/1031_linux-3.2.32.patch b/3.2.45/1031_linux-3.2.32.patch index 247fc0b..247fc0b 100644 --- a/3.2.44/1031_linux-3.2.32.patch +++ b/3.2.45/1031_linux-3.2.32.patch diff --git a/3.2.44/1032_linux-3.2.33.patch b/3.2.45/1032_linux-3.2.33.patch index c32fb75..c32fb75 100644 --- a/3.2.44/1032_linux-3.2.33.patch +++ b/3.2.45/1032_linux-3.2.33.patch diff --git a/3.2.44/1033_linux-3.2.34.patch b/3.2.45/1033_linux-3.2.34.patch index d647b38..d647b38 100644 --- a/3.2.44/1033_linux-3.2.34.patch +++ b/3.2.45/1033_linux-3.2.34.patch diff --git a/3.2.44/1034_linux-3.2.35.patch b/3.2.45/1034_linux-3.2.35.patch index 76a9c19..76a9c19 100644 --- a/3.2.44/1034_linux-3.2.35.patch +++ b/3.2.45/1034_linux-3.2.35.patch diff --git a/3.2.44/1035_linux-3.2.36.patch b/3.2.45/1035_linux-3.2.36.patch index 5d192a3..5d192a3 100644 --- a/3.2.44/1035_linux-3.2.36.patch +++ b/3.2.45/1035_linux-3.2.36.patch diff --git a/3.2.44/1036_linux-3.2.37.patch b/3.2.45/1036_linux-3.2.37.patch index ad13251..ad13251 100644 --- a/3.2.44/1036_linux-3.2.37.patch +++ b/3.2.45/1036_linux-3.2.37.patch diff --git a/3.2.44/1037_linux-3.2.38.patch b/3.2.45/1037_linux-3.2.38.patch index a3c106f..a3c106f 100644 --- a/3.2.44/1037_linux-3.2.38.patch +++ b/3.2.45/1037_linux-3.2.38.patch diff --git a/3.2.44/1038_linux-3.2.39.patch b/3.2.45/1038_linux-3.2.39.patch index 5639e92..5639e92 100644 --- a/3.2.44/1038_linux-3.2.39.patch +++ b/3.2.45/1038_linux-3.2.39.patch diff --git a/3.2.44/1039_linux-3.2.40.patch b/3.2.45/1039_linux-3.2.40.patch index f26b39c..f26b39c 100644 --- a/3.2.44/1039_linux-3.2.40.patch +++ b/3.2.45/1039_linux-3.2.40.patch diff --git a/3.2.44/1040_linux-3.2.41.patch b/3.2.45/1040_linux-3.2.41.patch index 0d27fcb..0d27fcb 100644 --- a/3.2.44/1040_linux-3.2.41.patch +++ b/3.2.45/1040_linux-3.2.41.patch diff --git a/3.2.44/1041_linux-3.2.42.patch b/3.2.45/1041_linux-3.2.42.patch index 77a08ed..77a08ed 100644 --- a/3.2.44/1041_linux-3.2.42.patch +++ b/3.2.45/1041_linux-3.2.42.patch diff --git a/3.2.44/1042_linux-3.2.43.patch b/3.2.45/1042_linux-3.2.43.patch index a3f878b..a3f878b 100644 --- a/3.2.44/1042_linux-3.2.43.patch +++ b/3.2.45/1042_linux-3.2.43.patch diff --git a/3.2.44/1043_linux-3.2.44.patch b/3.2.45/1043_linux-3.2.44.patch index 3d5e6ff..3d5e6ff 100644 --- a/3.2.44/1043_linux-3.2.44.patch +++ b/3.2.45/1043_linux-3.2.44.patch diff --git a/3.2.45/1044_linux-3.2.45.patch b/3.2.45/1044_linux-3.2.45.patch new file mode 100644 index 0000000..44e1767 --- /dev/null +++ b/3.2.45/1044_linux-3.2.45.patch @@ -0,0 +1,3809 @@ +diff --git a/Makefile b/Makefile +index 566750c..9072fee 100644 +--- a/Makefile ++++ b/Makefile +@@ -1,6 +1,6 @@ + VERSION = 3 + PATCHLEVEL = 2 +-SUBLEVEL = 44 ++SUBLEVEL = 45 + EXTRAVERSION = + NAME = Saber-toothed Squirrel + +diff --git a/arch/arm/mach-u300/include/mach/u300-regs.h b/arch/arm/mach-u300/include/mach/u300-regs.h +index 035fdc9..a8b71f2 100644 +--- a/arch/arm/mach-u300/include/mach/u300-regs.h ++++ b/arch/arm/mach-u300/include/mach/u300-regs.h +@@ -102,7 +102,7 @@ + + #ifdef CONFIG_MACH_U300_BS335 + /* Fast UART1 on U335 only */ +-#define U300_UART1_BASE (U300_SLOW_PER_PHYS_BASE+0x7000) ++#define U300_UART1_BASE (U300_FAST_PER_PHYS_BASE+0x7000) + #endif + + /* +diff --git a/arch/ia64/include/asm/futex.h b/arch/ia64/include/asm/futex.h +index 21ab376..1bd14d5 100644 +--- a/arch/ia64/include/asm/futex.h ++++ b/arch/ia64/include/asm/futex.h +@@ -107,16 +107,15 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, + return -EFAULT; + + { +- register unsigned long r8 __asm ("r8"); ++ register unsigned long r8 __asm ("r8") = 0; + unsigned long prev; + __asm__ __volatile__( + " mf;; \n" +- " mov %0=r0 \n" + " mov ar.ccv=%4;; \n" + "[1:] cmpxchg4.acq %1=[%2],%3,ar.ccv \n" + " .xdata4 \"__ex_table\", 1b-., 2f-. \n" + "[2:]" +- : "=r" (r8), "=r" (prev) ++ : "+r" (r8), "=&r" (prev) + : "r" (uaddr), "r" (newval), + "rO" ((long) (unsigned) oldval) + : "memory"); +diff --git a/arch/ia64/include/asm/mca.h b/arch/ia64/include/asm/mca.h +index 43f96ab..8c70961 100644 +--- a/arch/ia64/include/asm/mca.h ++++ b/arch/ia64/include/asm/mca.h +@@ -143,6 +143,7 @@ extern unsigned long __per_cpu_mca[NR_CPUS]; + extern int cpe_vector; + extern int ia64_cpe_irq; + extern void ia64_mca_init(void); ++extern void ia64_mca_irq_init(void); + extern void ia64_mca_cpu_init(void *); + extern void ia64_os_mca_dispatch(void); + extern void ia64_os_mca_dispatch_end(void); +diff --git a/arch/ia64/kernel/irq.c b/arch/ia64/kernel/irq.c +index ad69606..f2c41828 100644 +--- a/arch/ia64/kernel/irq.c ++++ b/arch/ia64/kernel/irq.c +@@ -23,6 +23,8 @@ + #include <linux/interrupt.h> + #include <linux/kernel_stat.h> + ++#include <asm/mca.h> ++ + /* + * 'what should we do if we get a hw irq event on an illegal vector'. + * each architecture has to answer this themselves. +@@ -83,6 +85,12 @@ bool is_affinity_mask_valid(const struct cpumask *cpumask) + + #endif /* CONFIG_SMP */ + ++int __init arch_early_irq_init(void) ++{ ++ ia64_mca_irq_init(); ++ return 0; ++} ++ + #ifdef CONFIG_HOTPLUG_CPU + unsigned int vectors_in_migration[NR_IRQS]; + +diff --git a/arch/ia64/kernel/mca.c b/arch/ia64/kernel/mca.c +index 84fb405..9b97303 100644 +--- a/arch/ia64/kernel/mca.c ++++ b/arch/ia64/kernel/mca.c +@@ -2071,22 +2071,16 @@ ia64_mca_init(void) + printk(KERN_INFO "MCA related initialization done\n"); + } + ++ + /* +- * ia64_mca_late_init +- * +- * Opportunity to setup things that require initialization later +- * than ia64_mca_init. Setup a timer to poll for CPEs if the +- * platform doesn't support an interrupt driven mechanism. +- * +- * Inputs : None +- * Outputs : Status ++ * These pieces cannot be done in ia64_mca_init() because it is called before ++ * early_irq_init() which would wipe out our percpu irq registrations. But we ++ * cannot leave them until ia64_mca_late_init() because by then all the other ++ * processors have been brought online and have set their own CMC vectors to ++ * point at a non-existant action. Called from arch_early_irq_init(). + */ +-static int __init +-ia64_mca_late_init(void) ++void __init ia64_mca_irq_init(void) + { +- if (!mca_init) +- return 0; +- + /* + * Configure the CMCI/P vector and handler. Interrupts for CMC are + * per-processor, so AP CMC interrupts are setup in smp_callin() (smpboot.c). +@@ -2105,6 +2099,23 @@ ia64_mca_late_init(void) + /* Setup the CPEI/P handler */ + register_percpu_irq(IA64_CPEP_VECTOR, &mca_cpep_irqaction); + #endif ++} ++ ++/* ++ * ia64_mca_late_init ++ * ++ * Opportunity to setup things that require initialization later ++ * than ia64_mca_init. Setup a timer to poll for CPEs if the ++ * platform doesn't support an interrupt driven mechanism. ++ * ++ * Inputs : None ++ * Outputs : Status ++ */ ++static int __init ++ia64_mca_late_init(void) ++{ ++ if (!mca_init) ++ return 0; + + register_hotcpu_notifier(&mca_cpu_notifier); + +diff --git a/arch/ia64/kvm/vtlb.c b/arch/ia64/kvm/vtlb.c +index 4332f7e..a7869f8 100644 +--- a/arch/ia64/kvm/vtlb.c ++++ b/arch/ia64/kvm/vtlb.c +@@ -256,7 +256,7 @@ u64 guest_vhpt_lookup(u64 iha, u64 *pte) + "srlz.d;;" + "ssm psr.i;;" + "srlz.d;;" +- : "=r"(ret) : "r"(iha), "r"(pte):"memory"); ++ : "=&r"(ret) : "r"(iha), "r"(pte) : "memory"); + + return ret; + } +diff --git a/arch/powerpc/kernel/head_64.S b/arch/powerpc/kernel/head_64.S +index cdf6b3f..2c49227 100644 +--- a/arch/powerpc/kernel/head_64.S ++++ b/arch/powerpc/kernel/head_64.S +@@ -502,6 +502,7 @@ _GLOBAL(copy_and_flush) + sync + addi r5,r5,8 + addi r6,r6,8 ++ isync + blr + + .align 8 +diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c +index b22a83a..24523dc 100644 +--- a/arch/powerpc/mm/numa.c ++++ b/arch/powerpc/mm/numa.c +@@ -221,7 +221,7 @@ int __node_distance(int a, int b) + int distance = LOCAL_DISTANCE; + + if (!form1_affinity) +- return distance; ++ return ((a == b) ? LOCAL_DISTANCE : REMOTE_DISTANCE); + + for (i = 0; i < distance_ref_points_depth; i++) { + if (distance_lookup_table[a][i] == distance_lookup_table[b][i]) +diff --git a/arch/powerpc/platforms/cell/spufs/inode.c b/arch/powerpc/platforms/cell/spufs/inode.c +index e481f6b..70ec4e9 100644 +--- a/arch/powerpc/platforms/cell/spufs/inode.c ++++ b/arch/powerpc/platforms/cell/spufs/inode.c +@@ -100,6 +100,7 @@ spufs_new_inode(struct super_block *sb, int mode) + if (!inode) + goto out; + ++ inode->i_ino = get_next_ino(); + inode->i_mode = mode; + inode->i_uid = current_fsuid(); + inode->i_gid = current_fsgid(); +diff --git a/arch/s390/include/asm/pgtable.h b/arch/s390/include/asm/pgtable.h +index 4f289ff..5aaf0bf 100644 +--- a/arch/s390/include/asm/pgtable.h ++++ b/arch/s390/include/asm/pgtable.h +@@ -67,6 +67,10 @@ static inline int is_zero_pfn(unsigned long pfn) + + #define my_zero_pfn(addr) page_to_pfn(ZERO_PAGE(addr)) + ++/* TODO: s390 cannot support io_remap_pfn_range... */ ++#define io_remap_pfn_range(vma, vaddr, pfn, size, prot) \ ++ remap_pfn_range(vma, vaddr, pfn, size, prot) ++ + #endif /* !__ASSEMBLY__ */ + + /* +diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h +index 38ebb2c..ddbbea3 100644 +--- a/arch/sparc/include/asm/pgtable_64.h ++++ b/arch/sparc/include/asm/pgtable_64.h +@@ -781,6 +781,7 @@ static inline int io_remap_pfn_range(struct vm_area_struct *vma, + return remap_pfn_range(vma, from, phys_base >> PAGE_SHIFT, size, prot); + } + ++#include <asm/tlbflush.h> + #include <asm-generic/pgtable.h> + + /* We provide our own get_unmapped_area to cope with VA holes and +diff --git a/arch/sparc/include/asm/system_64.h b/arch/sparc/include/asm/system_64.h +index 10bcabc..f856c7f 100644 +--- a/arch/sparc/include/asm/system_64.h ++++ b/arch/sparc/include/asm/system_64.h +@@ -140,8 +140,7 @@ do { \ + * and 2 stores in this critical code path. -DaveM + */ + #define switch_to(prev, next, last) \ +-do { flush_tlb_pending(); \ +- save_and_clear_fpu(); \ ++do { save_and_clear_fpu(); \ + /* If you are tempted to conditionalize the following */ \ + /* so that ASI is only written if it changes, think again. */ \ + __asm__ __volatile__("wr %%g0, %0, %%asi" \ +diff --git a/arch/sparc/include/asm/tlbflush_64.h b/arch/sparc/include/asm/tlbflush_64.h +index 2ef4634..f0d6a97 100644 +--- a/arch/sparc/include/asm/tlbflush_64.h ++++ b/arch/sparc/include/asm/tlbflush_64.h +@@ -11,24 +11,40 @@ + struct tlb_batch { + struct mm_struct *mm; + unsigned long tlb_nr; ++ unsigned long active; + unsigned long vaddrs[TLB_BATCH_NR]; + }; + + extern void flush_tsb_kernel_range(unsigned long start, unsigned long end); + extern void flush_tsb_user(struct tlb_batch *tb); ++extern void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr); + + /* TLB flush operations. */ + +-extern void flush_tlb_pending(void); ++static inline void flush_tlb_mm(struct mm_struct *mm) ++{ ++} ++ ++static inline void flush_tlb_page(struct vm_area_struct *vma, ++ unsigned long vmaddr) ++{ ++} ++ ++static inline void flush_tlb_range(struct vm_area_struct *vma, ++ unsigned long start, unsigned long end) ++{ ++} ++ ++#define __HAVE_ARCH_ENTER_LAZY_MMU_MODE + +-#define flush_tlb_range(vma,start,end) \ +- do { (void)(start); flush_tlb_pending(); } while (0) +-#define flush_tlb_page(vma,addr) flush_tlb_pending() +-#define flush_tlb_mm(mm) flush_tlb_pending() ++extern void flush_tlb_pending(void); ++extern void arch_enter_lazy_mmu_mode(void); ++extern void arch_leave_lazy_mmu_mode(void); ++#define arch_flush_lazy_mmu_mode() do {} while (0) + + /* Local cpu only. */ + extern void __flush_tlb_all(void); +- ++extern void __flush_tlb_page(unsigned long context, unsigned long vaddr); + extern void __flush_tlb_kernel_range(unsigned long start, unsigned long end); + + #ifndef CONFIG_SMP +@@ -38,15 +54,24 @@ do { flush_tsb_kernel_range(start,end); \ + __flush_tlb_kernel_range(start,end); \ + } while (0) + ++static inline void global_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr) ++{ ++ __flush_tlb_page(CTX_HWBITS(mm->context), vaddr); ++} ++ + #else /* CONFIG_SMP */ + + extern void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end); ++extern void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr); + + #define flush_tlb_kernel_range(start, end) \ + do { flush_tsb_kernel_range(start,end); \ + smp_flush_tlb_kernel_range(start, end); \ + } while (0) + ++#define global_flush_tlb_page(mm, vaddr) \ ++ smp_flush_tlb_page(mm, vaddr) ++ + #endif /* ! CONFIG_SMP */ + + #endif /* _SPARC64_TLBFLUSH_H */ +diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c +index 7560772..e21d3c0d 100644 +--- a/arch/sparc/kernel/smp_64.c ++++ b/arch/sparc/kernel/smp_64.c +@@ -856,7 +856,7 @@ void smp_tsb_sync(struct mm_struct *mm) + } + + extern unsigned long xcall_flush_tlb_mm; +-extern unsigned long xcall_flush_tlb_pending; ++extern unsigned long xcall_flush_tlb_page; + extern unsigned long xcall_flush_tlb_kernel_range; + extern unsigned long xcall_fetch_glob_regs; + extern unsigned long xcall_receive_signal; +@@ -1070,23 +1070,56 @@ local_flush_and_out: + put_cpu(); + } + ++struct tlb_pending_info { ++ unsigned long ctx; ++ unsigned long nr; ++ unsigned long *vaddrs; ++}; ++ ++static void tlb_pending_func(void *info) ++{ ++ struct tlb_pending_info *t = info; ++ ++ __flush_tlb_pending(t->ctx, t->nr, t->vaddrs); ++} ++ + void smp_flush_tlb_pending(struct mm_struct *mm, unsigned long nr, unsigned long *vaddrs) + { + u32 ctx = CTX_HWBITS(mm->context); ++ struct tlb_pending_info info; + int cpu = get_cpu(); + ++ info.ctx = ctx; ++ info.nr = nr; ++ info.vaddrs = vaddrs; ++ + if (mm == current->mm && atomic_read(&mm->mm_users) == 1) + cpumask_copy(mm_cpumask(mm), cpumask_of(cpu)); + else +- smp_cross_call_masked(&xcall_flush_tlb_pending, +- ctx, nr, (unsigned long) vaddrs, +- mm_cpumask(mm)); ++ smp_call_function_many(mm_cpumask(mm), tlb_pending_func, ++ &info, 1); + + __flush_tlb_pending(ctx, nr, vaddrs); + + put_cpu(); + } + ++void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr) ++{ ++ unsigned long context = CTX_HWBITS(mm->context); ++ int cpu = get_cpu(); ++ ++ if (mm == current->mm && atomic_read(&mm->mm_users) == 1) ++ cpumask_copy(mm_cpumask(mm), cpumask_of(cpu)); ++ else ++ smp_cross_call_masked(&xcall_flush_tlb_page, ++ context, vaddr, 0, ++ mm_cpumask(mm)); ++ __flush_tlb_page(context, vaddr); ++ ++ put_cpu(); ++} ++ + void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end) + { + start &= PAGE_MASK; +diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c +index b1f279c..afd021e 100644 +--- a/arch/sparc/mm/tlb.c ++++ b/arch/sparc/mm/tlb.c +@@ -24,11 +24,17 @@ static DEFINE_PER_CPU(struct tlb_batch, tlb_batch); + void flush_tlb_pending(void) + { + struct tlb_batch *tb = &get_cpu_var(tlb_batch); ++ struct mm_struct *mm = tb->mm; + +- if (tb->tlb_nr) { +- flush_tsb_user(tb); ++ if (!tb->tlb_nr) ++ goto out; + +- if (CTX_VALID(tb->mm->context)) { ++ flush_tsb_user(tb); ++ ++ if (CTX_VALID(mm->context)) { ++ if (tb->tlb_nr == 1) { ++ global_flush_tlb_page(mm, tb->vaddrs[0]); ++ } else { + #ifdef CONFIG_SMP + smp_flush_tlb_pending(tb->mm, tb->tlb_nr, + &tb->vaddrs[0]); +@@ -37,12 +43,30 @@ void flush_tlb_pending(void) + tb->tlb_nr, &tb->vaddrs[0]); + #endif + } +- tb->tlb_nr = 0; + } + ++ tb->tlb_nr = 0; ++ ++out: + put_cpu_var(tlb_batch); + } + ++void arch_enter_lazy_mmu_mode(void) ++{ ++ struct tlb_batch *tb = &__get_cpu_var(tlb_batch); ++ ++ tb->active = 1; ++} ++ ++void arch_leave_lazy_mmu_mode(void) ++{ ++ struct tlb_batch *tb = &__get_cpu_var(tlb_batch); ++ ++ if (tb->tlb_nr) ++ flush_tlb_pending(); ++ tb->active = 0; ++} ++ + void tlb_batch_add(struct mm_struct *mm, unsigned long vaddr, + pte_t *ptep, pte_t orig, int fullmm) + { +@@ -90,6 +114,12 @@ no_cache_flush: + nr = 0; + } + ++ if (!tb->active) { ++ global_flush_tlb_page(mm, vaddr); ++ flush_tsb_user_page(mm, vaddr); ++ goto out; ++ } ++ + if (nr == 0) + tb->mm = mm; + +@@ -98,5 +128,6 @@ no_cache_flush: + if (nr >= TLB_BATCH_NR) + flush_tlb_pending(); + ++out: + put_cpu_var(tlb_batch); + } +diff --git a/arch/sparc/mm/tsb.c b/arch/sparc/mm/tsb.c +index 536412d..3ebcac7 100644 +--- a/arch/sparc/mm/tsb.c ++++ b/arch/sparc/mm/tsb.c +@@ -8,11 +8,10 @@ + #include <linux/slab.h> + #include <asm/system.h> + #include <asm/page.h> +-#include <asm/tlbflush.h> +-#include <asm/tlb.h> +-#include <asm/mmu_context.h> + #include <asm/pgtable.h> ++#include <asm/mmu_context.h> + #include <asm/tsb.h> ++#include <asm/tlb.h> + #include <asm/oplib.h> + + extern struct tsb swapper_tsb[KERNEL_TSB_NENTRIES]; +@@ -47,23 +46,27 @@ void flush_tsb_kernel_range(unsigned long start, unsigned long end) + } + } + +-static void __flush_tsb_one(struct tlb_batch *tb, unsigned long hash_shift, +- unsigned long tsb, unsigned long nentries) ++static void __flush_tsb_one_entry(unsigned long tsb, unsigned long v, ++ unsigned long hash_shift, ++ unsigned long nentries) + { +- unsigned long i; ++ unsigned long tag, ent, hash; + +- for (i = 0; i < tb->tlb_nr; i++) { +- unsigned long v = tb->vaddrs[i]; +- unsigned long tag, ent, hash; ++ v &= ~0x1UL; ++ hash = tsb_hash(v, hash_shift, nentries); ++ ent = tsb + (hash * sizeof(struct tsb)); ++ tag = (v >> 22UL); + +- v &= ~0x1UL; ++ tsb_flush(ent, tag); ++} + +- hash = tsb_hash(v, hash_shift, nentries); +- ent = tsb + (hash * sizeof(struct tsb)); +- tag = (v >> 22UL); ++static void __flush_tsb_one(struct tlb_batch *tb, unsigned long hash_shift, ++ unsigned long tsb, unsigned long nentries) ++{ ++ unsigned long i; + +- tsb_flush(ent, tag); +- } ++ for (i = 0; i < tb->tlb_nr; i++) ++ __flush_tsb_one_entry(tsb, tb->vaddrs[i], hash_shift, nentries); + } + + void flush_tsb_user(struct tlb_batch *tb) +@@ -91,6 +94,30 @@ void flush_tsb_user(struct tlb_batch *tb) + spin_unlock_irqrestore(&mm->context.lock, flags); + } + ++void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr) ++{ ++ unsigned long nentries, base, flags; ++ ++ spin_lock_irqsave(&mm->context.lock, flags); ++ ++ base = (unsigned long) mm->context.tsb_block[MM_TSB_BASE].tsb; ++ nentries = mm->context.tsb_block[MM_TSB_BASE].tsb_nentries; ++ if (tlb_type == cheetah_plus || tlb_type == hypervisor) ++ base = __pa(base); ++ __flush_tsb_one_entry(base, vaddr, PAGE_SHIFT, nentries); ++ ++#if defined(CONFIG_HUGETLB_PAGE) || defined(CONFIG_TRANSPARENT_HUGEPAGE) ++ if (mm->context.tsb_block[MM_TSB_HUGE].tsb) { ++ base = (unsigned long) mm->context.tsb_block[MM_TSB_HUGE].tsb; ++ nentries = mm->context.tsb_block[MM_TSB_HUGE].tsb_nentries; ++ if (tlb_type == cheetah_plus || tlb_type == hypervisor) ++ base = __pa(base); ++ __flush_tsb_one_entry(base, vaddr, HPAGE_SHIFT, nentries); ++ } ++#endif ++ spin_unlock_irqrestore(&mm->context.lock, flags); ++} ++ + #if defined(CONFIG_SPARC64_PAGE_SIZE_8KB) + #define HV_PGSZ_IDX_BASE HV_PGSZ_IDX_8K + #define HV_PGSZ_MASK_BASE HV_PGSZ_MASK_8K +diff --git a/arch/sparc/mm/ultra.S b/arch/sparc/mm/ultra.S +index 874162a..dd10caa 100644 +--- a/arch/sparc/mm/ultra.S ++++ b/arch/sparc/mm/ultra.S +@@ -53,6 +53,33 @@ __flush_tlb_mm: /* 18 insns */ + nop + + .align 32 ++ .globl __flush_tlb_page ++__flush_tlb_page: /* 22 insns */ ++ /* %o0 = context, %o1 = vaddr */ ++ rdpr %pstate, %g7 ++ andn %g7, PSTATE_IE, %g2 ++ wrpr %g2, %pstate ++ mov SECONDARY_CONTEXT, %o4 ++ ldxa [%o4] ASI_DMMU, %g2 ++ stxa %o0, [%o4] ASI_DMMU ++ andcc %o1, 1, %g0 ++ andn %o1, 1, %o3 ++ be,pn %icc, 1f ++ or %o3, 0x10, %o3 ++ stxa %g0, [%o3] ASI_IMMU_DEMAP ++1: stxa %g0, [%o3] ASI_DMMU_DEMAP ++ membar #Sync ++ stxa %g2, [%o4] ASI_DMMU ++ sethi %hi(KERNBASE), %o4 ++ flush %o4 ++ retl ++ wrpr %g7, 0x0, %pstate ++ nop ++ nop ++ nop ++ nop ++ ++ .align 32 + .globl __flush_tlb_pending + __flush_tlb_pending: /* 26 insns */ + /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */ +@@ -203,6 +230,31 @@ __cheetah_flush_tlb_mm: /* 19 insns */ + retl + wrpr %g7, 0x0, %pstate + ++__cheetah_flush_tlb_page: /* 22 insns */ ++ /* %o0 = context, %o1 = vaddr */ ++ rdpr %pstate, %g7 ++ andn %g7, PSTATE_IE, %g2 ++ wrpr %g2, 0x0, %pstate ++ wrpr %g0, 1, %tl ++ mov PRIMARY_CONTEXT, %o4 ++ ldxa [%o4] ASI_DMMU, %g2 ++ srlx %g2, CTX_PGSZ1_NUC_SHIFT, %o3 ++ sllx %o3, CTX_PGSZ1_NUC_SHIFT, %o3 ++ or %o0, %o3, %o0 /* Preserve nucleus page size fields */ ++ stxa %o0, [%o4] ASI_DMMU ++ andcc %o1, 1, %g0 ++ be,pn %icc, 1f ++ andn %o1, 1, %o3 ++ stxa %g0, [%o3] ASI_IMMU_DEMAP ++1: stxa %g0, [%o3] ASI_DMMU_DEMAP ++ membar #Sync ++ stxa %g2, [%o4] ASI_DMMU ++ sethi %hi(KERNBASE), %o4 ++ flush %o4 ++ wrpr %g0, 0, %tl ++ retl ++ wrpr %g7, 0x0, %pstate ++ + __cheetah_flush_tlb_pending: /* 27 insns */ + /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */ + rdpr %pstate, %g7 +@@ -269,6 +321,20 @@ __hypervisor_flush_tlb_mm: /* 10 insns */ + retl + nop + ++__hypervisor_flush_tlb_page: /* 11 insns */ ++ /* %o0 = context, %o1 = vaddr */ ++ mov %o0, %g2 ++ mov %o1, %o0 /* ARG0: vaddr + IMMU-bit */ ++ mov %g2, %o1 /* ARG1: mmu context */ ++ mov HV_MMU_ALL, %o2 /* ARG2: flags */ ++ srlx %o0, PAGE_SHIFT, %o0 ++ sllx %o0, PAGE_SHIFT, %o0 ++ ta HV_MMU_UNMAP_ADDR_TRAP ++ brnz,pn %o0, __hypervisor_tlb_tl0_error ++ mov HV_MMU_UNMAP_ADDR_TRAP, %o1 ++ retl ++ nop ++ + __hypervisor_flush_tlb_pending: /* 16 insns */ + /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */ + sllx %o1, 3, %g1 +@@ -339,6 +405,13 @@ cheetah_patch_cachetlbops: + call tlb_patch_one + mov 19, %o2 + ++ sethi %hi(__flush_tlb_page), %o0 ++ or %o0, %lo(__flush_tlb_page), %o0 ++ sethi %hi(__cheetah_flush_tlb_page), %o1 ++ or %o1, %lo(__cheetah_flush_tlb_page), %o1 ++ call tlb_patch_one ++ mov 22, %o2 ++ + sethi %hi(__flush_tlb_pending), %o0 + or %o0, %lo(__flush_tlb_pending), %o0 + sethi %hi(__cheetah_flush_tlb_pending), %o1 +@@ -397,10 +470,9 @@ xcall_flush_tlb_mm: /* 21 insns */ + nop + nop + +- .globl xcall_flush_tlb_pending +-xcall_flush_tlb_pending: /* 21 insns */ +- /* %g5=context, %g1=nr, %g7=vaddrs[] */ +- sllx %g1, 3, %g1 ++ .globl xcall_flush_tlb_page ++xcall_flush_tlb_page: /* 17 insns */ ++ /* %g5=context, %g1=vaddr */ + mov PRIMARY_CONTEXT, %g4 + ldxa [%g4] ASI_DMMU, %g2 + srlx %g2, CTX_PGSZ1_NUC_SHIFT, %g4 +@@ -408,20 +480,16 @@ xcall_flush_tlb_pending: /* 21 insns */ + or %g5, %g4, %g5 + mov PRIMARY_CONTEXT, %g4 + stxa %g5, [%g4] ASI_DMMU +-1: sub %g1, (1 << 3), %g1 +- ldx [%g7 + %g1], %g5 +- andcc %g5, 0x1, %g0 ++ andcc %g1, 0x1, %g0 + be,pn %icc, 2f +- +- andn %g5, 0x1, %g5 ++ andn %g1, 0x1, %g5 + stxa %g0, [%g5] ASI_IMMU_DEMAP + 2: stxa %g0, [%g5] ASI_DMMU_DEMAP + membar #Sync +- brnz,pt %g1, 1b +- nop + stxa %g2, [%g4] ASI_DMMU + retry + nop ++ nop + + .globl xcall_flush_tlb_kernel_range + xcall_flush_tlb_kernel_range: /* 25 insns */ +@@ -596,15 +664,13 @@ __hypervisor_xcall_flush_tlb_mm: /* 21 insns */ + membar #Sync + retry + +- .globl __hypervisor_xcall_flush_tlb_pending +-__hypervisor_xcall_flush_tlb_pending: /* 21 insns */ +- /* %g5=ctx, %g1=nr, %g7=vaddrs[], %g2,%g3,%g4,g6=scratch */ +- sllx %g1, 3, %g1 ++ .globl __hypervisor_xcall_flush_tlb_page ++__hypervisor_xcall_flush_tlb_page: /* 17 insns */ ++ /* %g5=ctx, %g1=vaddr */ + mov %o0, %g2 + mov %o1, %g3 + mov %o2, %g4 +-1: sub %g1, (1 << 3), %g1 +- ldx [%g7 + %g1], %o0 /* ARG0: virtual address */ ++ mov %g1, %o0 /* ARG0: virtual address */ + mov %g5, %o1 /* ARG1: mmu context */ + mov HV_MMU_ALL, %o2 /* ARG2: flags */ + srlx %o0, PAGE_SHIFT, %o0 +@@ -613,8 +679,6 @@ __hypervisor_xcall_flush_tlb_pending: /* 21 insns */ + mov HV_MMU_UNMAP_ADDR_TRAP, %g6 + brnz,a,pn %o0, __hypervisor_tlb_xcall_error + mov %o0, %g5 +- brnz,pt %g1, 1b +- nop + mov %g2, %o0 + mov %g3, %o1 + mov %g4, %o2 +@@ -697,6 +761,13 @@ hypervisor_patch_cachetlbops: + call tlb_patch_one + mov 10, %o2 + ++ sethi %hi(__flush_tlb_page), %o0 ++ or %o0, %lo(__flush_tlb_page), %o0 ++ sethi %hi(__hypervisor_flush_tlb_page), %o1 ++ or %o1, %lo(__hypervisor_flush_tlb_page), %o1 ++ call tlb_patch_one ++ mov 11, %o2 ++ + sethi %hi(__flush_tlb_pending), %o0 + or %o0, %lo(__flush_tlb_pending), %o0 + sethi %hi(__hypervisor_flush_tlb_pending), %o1 +@@ -728,12 +799,12 @@ hypervisor_patch_cachetlbops: + call tlb_patch_one + mov 21, %o2 + +- sethi %hi(xcall_flush_tlb_pending), %o0 +- or %o0, %lo(xcall_flush_tlb_pending), %o0 +- sethi %hi(__hypervisor_xcall_flush_tlb_pending), %o1 +- or %o1, %lo(__hypervisor_xcall_flush_tlb_pending), %o1 ++ sethi %hi(xcall_flush_tlb_page), %o0 ++ or %o0, %lo(xcall_flush_tlb_page), %o0 ++ sethi %hi(__hypervisor_xcall_flush_tlb_page), %o1 ++ or %o1, %lo(__hypervisor_xcall_flush_tlb_page), %o1 + call tlb_patch_one +- mov 21, %o2 ++ mov 17, %o2 + + sethi %hi(xcall_flush_tlb_kernel_range), %o0 + or %o0, %lo(xcall_flush_tlb_kernel_range), %o0 +diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c +index 957c216..4bb12f7 100644 +--- a/arch/x86/kernel/cpu/perf_event_intel.c ++++ b/arch/x86/kernel/cpu/perf_event_intel.c +@@ -130,8 +130,14 @@ static struct event_constraint intel_gen_event_constraints[] __read_mostly = + }; + + static struct extra_reg intel_snb_extra_regs[] __read_mostly = { +- INTEL_EVENT_EXTRA_REG(0xb7, MSR_OFFCORE_RSP_0, 0x3fffffffffull, RSP_0), +- INTEL_EVENT_EXTRA_REG(0xbb, MSR_OFFCORE_RSP_1, 0x3fffffffffull, RSP_1), ++ INTEL_EVENT_EXTRA_REG(0xb7, MSR_OFFCORE_RSP_0, 0x3f807f8fffull, RSP_0), ++ INTEL_EVENT_EXTRA_REG(0xbb, MSR_OFFCORE_RSP_1, 0x3f807f8fffull, RSP_1), ++ EVENT_EXTRA_END ++}; ++ ++static struct extra_reg intel_snbep_extra_regs[] __read_mostly = { ++ INTEL_EVENT_EXTRA_REG(0xb7, MSR_OFFCORE_RSP_0, 0x3fffff8fffull, RSP_0), ++ INTEL_EVENT_EXTRA_REG(0xbb, MSR_OFFCORE_RSP_1, 0x3fffff8fffull, RSP_1), + EVENT_EXTRA_END + }; + +@@ -1711,7 +1717,10 @@ __init int intel_pmu_init(void) + + x86_pmu.event_constraints = intel_snb_event_constraints; + x86_pmu.pebs_constraints = intel_snb_pebs_event_constraints; +- x86_pmu.extra_regs = intel_snb_extra_regs; ++ if (boot_cpu_data.x86_model == 45) ++ x86_pmu.extra_regs = intel_snbep_extra_regs; ++ else ++ x86_pmu.extra_regs = intel_snb_extra_regs; + /* all extra regs are per-cpu when HT is on */ + x86_pmu.er_flags |= ERF_HAS_RSP_1; + x86_pmu.er_flags |= ERF_NO_HT_SHARING; +diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c +index 34a7f40..a4cca06 100644 +--- a/arch/x86/mm/init.c ++++ b/arch/x86/mm/init.c +@@ -44,11 +44,15 @@ static void __init find_early_table_space(struct map_range *mr, int nr_range) + int i; + unsigned long puds = 0, pmds = 0, ptes = 0, tables; + unsigned long start = 0, good_end; ++ unsigned long pgd_extra = 0; + phys_addr_t base; + + for (i = 0; i < nr_range; i++) { + unsigned long range, extra; + ++ if ((mr[i].end >> PGDIR_SHIFT) - (mr[i].start >> PGDIR_SHIFT)) ++ pgd_extra++; ++ + range = mr[i].end - mr[i].start; + puds += (range + PUD_SIZE - 1) >> PUD_SHIFT; + +@@ -73,6 +77,7 @@ static void __init find_early_table_space(struct map_range *mr, int nr_range) + tables = roundup(puds * sizeof(pud_t), PAGE_SIZE); + tables += roundup(pmds * sizeof(pmd_t), PAGE_SIZE); + tables += roundup(ptes * sizeof(pte_t), PAGE_SIZE); ++ tables += (pgd_extra * PAGE_SIZE); + + #ifdef CONFIG_X86_32 + /* for fixmap */ +diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c +index 69b9ef6..044f5d9 100644 +--- a/arch/x86/xen/enlighten.c ++++ b/arch/x86/xen/enlighten.c +@@ -1391,8 +1391,11 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self, + switch (action) { + case CPU_UP_PREPARE: + xen_vcpu_setup(cpu); +- if (xen_have_vector_callback) ++ if (xen_have_vector_callback) { + xen_init_lock_cpu(cpu); ++ if (xen_feature(XENFEAT_hvm_safe_pvclock)) ++ xen_setup_timer(cpu); ++ } + break; + default: + break; +diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c +index 9a23fff..6e4d5dc 100644 +--- a/arch/x86/xen/smp.c ++++ b/arch/x86/xen/smp.c +@@ -563,6 +563,8 @@ static void xen_hvm_cpu_die(unsigned int cpu) + unbind_from_irqhandler(per_cpu(xen_callfunc_irq, cpu), NULL); + unbind_from_irqhandler(per_cpu(xen_debug_irq, cpu), NULL); + unbind_from_irqhandler(per_cpu(xen_callfuncsingle_irq, cpu), NULL); ++ xen_uninit_lock_cpu(cpu); ++ xen_teardown_timer(cpu); + native_cpu_die(cpu); + } + +diff --git a/arch/x86/xen/time.c b/arch/x86/xen/time.c +index 0296a95..054cc01 100644 +--- a/arch/x86/xen/time.c ++++ b/arch/x86/xen/time.c +@@ -497,7 +497,11 @@ static void xen_hvm_setup_cpu_clockevents(void) + { + int cpu = smp_processor_id(); + xen_setup_runstate_info(cpu); +- xen_setup_timer(cpu); ++ /* ++ * xen_setup_timer(cpu) - snprintf is bad in atomic context. Hence ++ * doing it xen_hvm_cpu_notify (which gets called by smp_init during ++ * early bootup and also during CPU hotplug events). ++ */ + xen_setup_cpu_clockevents(); + } + +diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c +index ef5356c..0262210 100644 +--- a/crypto/algif_hash.c ++++ b/crypto/algif_hash.c +@@ -161,6 +161,8 @@ static int hash_recvmsg(struct kiocb *unused, struct socket *sock, + else if (len < ds) + msg->msg_flags |= MSG_TRUNC; + ++ msg->msg_namelen = 0; ++ + lock_sock(sk); + if (ctx->more) { + ctx->more = 0; +diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c +index 6a6dfc0..a1c4f0a 100644 +--- a/crypto/algif_skcipher.c ++++ b/crypto/algif_skcipher.c +@@ -432,6 +432,7 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock, + long copied = 0; + + lock_sock(sk); ++ msg->msg_namelen = 0; + for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0; + iovlen--, iov++) { + unsigned long seglen = iov->iov_len; +diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c +index 7aff631..5b0f075 100644 +--- a/drivers/acpi/pci_root.c ++++ b/drivers/acpi/pci_root.c +@@ -247,8 +247,8 @@ static acpi_status acpi_pci_query_osc(struct acpi_pci_root *root, + *control &= OSC_PCI_CONTROL_MASKS; + capbuf[OSC_CONTROL_TYPE] = *control | root->osc_control_set; + } else { +- /* Run _OSC query for all possible controls. */ +- capbuf[OSC_CONTROL_TYPE] = OSC_PCI_CONTROL_MASKS; ++ /* Run _OSC query only with existing controls. */ ++ capbuf[OSC_CONTROL_TYPE] = root->osc_control_set; + } + + status = acpi_pci_run_osc(root->device->handle, capbuf, &result); +diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c +index 0833896..14d49e4 100644 +--- a/drivers/char/hpet.c ++++ b/drivers/char/hpet.c +@@ -374,26 +374,14 @@ static int hpet_mmap(struct file *file, struct vm_area_struct *vma) + struct hpet_dev *devp; + unsigned long addr; + +- if (((vma->vm_end - vma->vm_start) != PAGE_SIZE) || vma->vm_pgoff) +- return -EINVAL; +- + devp = file->private_data; + addr = devp->hd_hpets->hp_hpet_phys; + + if (addr & (PAGE_SIZE - 1)) + return -ENOSYS; + +- vma->vm_flags |= VM_IO; + vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot); +- +- if (io_remap_pfn_range(vma, vma->vm_start, addr >> PAGE_SHIFT, +- PAGE_SIZE, vma->vm_page_prot)) { +- printk(KERN_ERR "%s: io_remap_pfn_range failed\n", +- __func__); +- return -EAGAIN; +- } +- +- return 0; ++ return vm_iomap_memory(vma, addr, PAGE_SIZE); + #else + return -ENOSYS; + #endif +diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c +index ca67338..c77fc67 100644 +--- a/drivers/gpu/drm/i915/i915_dma.c ++++ b/drivers/gpu/drm/i915/i915_dma.c +@@ -1007,56 +1007,50 @@ intel_teardown_mchbar(struct drm_device *dev) + release_resource(&dev_priv->mch_res); + } + +-#define PTE_ADDRESS_MASK 0xfffff000 +-#define PTE_ADDRESS_MASK_HIGH 0x000000f0 /* i915+ */ +-#define PTE_MAPPING_TYPE_UNCACHED (0 << 1) +-#define PTE_MAPPING_TYPE_DCACHE (1 << 1) /* i830 only */ +-#define PTE_MAPPING_TYPE_CACHED (3 << 1) +-#define PTE_MAPPING_TYPE_MASK (3 << 1) +-#define PTE_VALID (1 << 0) +- +-/** +- * i915_stolen_to_phys - take an offset into stolen memory and turn it into +- * a physical one +- * @dev: drm device +- * @offset: address to translate +- * +- * Some chip functions require allocations from stolen space and need the +- * physical address of the memory in question. +- */ +-static unsigned long i915_stolen_to_phys(struct drm_device *dev, u32 offset) ++static unsigned long i915_stolen_to_physical(struct drm_device *dev) + { + struct drm_i915_private *dev_priv = dev->dev_private; + struct pci_dev *pdev = dev_priv->bridge_dev; + u32 base; + +-#if 0 + /* On the machines I have tested the Graphics Base of Stolen Memory +- * is unreliable, so compute the base by subtracting the stolen memory +- * from the Top of Low Usable DRAM which is where the BIOS places +- * the graphics stolen memory. ++ * is unreliable, so on those compute the base by subtracting the ++ * stolen memory from the Top of Low Usable DRAM which is where the ++ * BIOS places the graphics stolen memory. ++ * ++ * On gen2, the layout is slightly different with the Graphics Segment ++ * immediately following Top of Memory (or Top of Usable DRAM). Note ++ * it appears that TOUD is only reported by 865g, so we just use the ++ * top of memory as determined by the e820 probe. ++ * ++ * XXX gen2 requires an unavailable symbol and 945gm fails with ++ * its value of TOLUD. + */ +- if (INTEL_INFO(dev)->gen > 3 || IS_G33(dev)) { +- /* top 32bits are reserved = 0 */ ++ base = 0; ++ if (INTEL_INFO(dev)->gen >= 6) { ++ /* Read Base Data of Stolen Memory Register (BDSM) directly. ++ * Note that there is also a MCHBAR miror at 0x1080c0 or ++ * we could use device 2:0x5c instead. ++ */ ++ pci_read_config_dword(pdev, 0xB0, &base); ++ base &= ~4095; /* lower bits used for locking register */ ++ } else if (INTEL_INFO(dev)->gen > 3 || IS_G33(dev)) { ++ /* Read Graphics Base of Stolen Memory directly */ + pci_read_config_dword(pdev, 0xA4, &base); +- } else { +- /* XXX presume 8xx is the same as i915 */ +- pci_bus_read_config_dword(pdev->bus, 2, 0x5C, &base); +- } +-#else +- if (INTEL_INFO(dev)->gen > 3 || IS_G33(dev)) { +- u16 val; +- pci_read_config_word(pdev, 0xb0, &val); +- base = val >> 4 << 20; +- } else { ++#if 0 ++ } else if (IS_GEN3(dev)) { + u8 val; ++ /* Stolen is immediately below Top of Low Usable DRAM */ + pci_read_config_byte(pdev, 0x9c, &val); + base = val >> 3 << 27; +- } +- base -= dev_priv->mm.gtt->stolen_size; ++ base -= dev_priv->mm.gtt->stolen_size; ++ } else { ++ /* Stolen is immediately above Top of Memory */ ++ base = max_low_pfn_mapped << PAGE_SHIFT; + #endif ++ } + +- return base + offset; ++ return base; + } + + static void i915_warn_stolen(struct drm_device *dev) +@@ -1081,7 +1075,7 @@ static void i915_setup_compression(struct drm_device *dev, int size) + if (!compressed_fb) + goto err; + +- cfb_base = i915_stolen_to_phys(dev, compressed_fb->start); ++ cfb_base = dev_priv->mm.stolen_base + compressed_fb->start; + if (!cfb_base) + goto err_fb; + +@@ -1094,7 +1088,7 @@ static void i915_setup_compression(struct drm_device *dev, int size) + if (!compressed_llb) + goto err_fb; + +- ll_base = i915_stolen_to_phys(dev, compressed_llb->start); ++ ll_base = dev_priv->mm.stolen_base + compressed_llb->start; + if (!ll_base) + goto err_llb; + } +@@ -1113,7 +1107,7 @@ static void i915_setup_compression(struct drm_device *dev, int size) + } + + DRM_DEBUG_KMS("FBC base 0x%08lx, ll base 0x%08lx, size %dM\n", +- cfb_base, ll_base, size >> 20); ++ (long)cfb_base, (long)ll_base, size >> 20); + return; + + err_llb: +@@ -1187,6 +1181,13 @@ static int i915_load_gem_init(struct drm_device *dev) + gtt_size = dev_priv->mm.gtt->gtt_total_entries << PAGE_SHIFT; + mappable_size = dev_priv->mm.gtt->gtt_mappable_entries << PAGE_SHIFT; + ++ dev_priv->mm.stolen_base = i915_stolen_to_physical(dev); ++ if (dev_priv->mm.stolen_base == 0) ++ return 0; ++ ++ DRM_DEBUG_KMS("found %d bytes of stolen memory at %08lx\n", ++ dev_priv->mm.gtt->stolen_size, dev_priv->mm.stolen_base); ++ + /* Basic memrange allocator for stolen space */ + drm_mm_init(&dev_priv->mm.stolen, 0, prealloc_size); + +diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h +index 144d37c..20cd295 100644 +--- a/drivers/gpu/drm/i915/i915_drv.h ++++ b/drivers/gpu/drm/i915/i915_drv.h +@@ -581,6 +581,7 @@ typedef struct drm_i915_private { + unsigned long gtt_start; + unsigned long gtt_mappable_end; + unsigned long gtt_end; ++ unsigned long stolen_base; /* limited to low memory (32-bit) */ + + struct io_mapping *gtt_mapping; + int gtt_mtrr; +diff --git a/drivers/gpu/drm/i915/i915_gem.c b/drivers/gpu/drm/i915/i915_gem.c +index b0186b8..2865b44 100644 +--- a/drivers/gpu/drm/i915/i915_gem.c ++++ b/drivers/gpu/drm/i915/i915_gem.c +@@ -2520,6 +2520,11 @@ i915_find_fence_reg(struct drm_device *dev, + return avail; + } + ++static void i915_gem_write_fence__ipi(void *data) ++{ ++ wbinvd(); ++} ++ + /** + * i915_gem_object_get_fence - set up a fence reg for an object + * @obj: object to map through a fence reg +@@ -2640,6 +2645,17 @@ update: + switch (INTEL_INFO(dev)->gen) { + case 7: + case 6: ++ /* In order to fully serialize access to the fenced region and ++ * the update to the fence register we need to take extreme ++ * measures on SNB+. In theory, the write to the fence register ++ * flushes all memory transactions before, and coupled with the ++ * mb() placed around the register write we serialise all memory ++ * operations with respect to the changes in the tiler. Yet, on ++ * SNB+ we need to take a step further and emit an explicit wbinvd() ++ * on each processor in order to manually flush all memory ++ * transactions before updating the fence register. ++ */ ++ on_each_cpu(i915_gem_write_fence__ipi, NULL, 1); + ret = sandybridge_write_fence_reg(obj, pipelined); + break; + case 5: +diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c +index 897ca06..cfbb893 100644 +--- a/drivers/gpu/drm/i915/intel_display.c ++++ b/drivers/gpu/drm/i915/intel_display.c +@@ -9093,6 +9093,9 @@ void intel_modeset_cleanup(struct drm_device *dev) + del_timer_sync(&dev_priv->idle_timer); + cancel_work_sync(&dev_priv->idle_work); + ++ /* destroy backlight, if any, before the connectors */ ++ intel_panel_destroy_backlight(dev); ++ + drm_mode_config_cleanup(dev); + } + +diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c +index c8ecaab..a07ccab 100644 +--- a/drivers/gpu/drm/i915/intel_dp.c ++++ b/drivers/gpu/drm/i915/intel_dp.c +@@ -2274,11 +2274,6 @@ done: + static void + intel_dp_destroy(struct drm_connector *connector) + { +- struct drm_device *dev = connector->dev; +- +- if (intel_dpd_is_edp(dev)) +- intel_panel_destroy_backlight(dev); +- + drm_sysfs_connector_remove(connector); + drm_connector_cleanup(connector); + kfree(connector); +diff --git a/drivers/gpu/drm/i915/intel_dvo.c b/drivers/gpu/drm/i915/intel_dvo.c +index 6eda1b5..8ac91b8 100644 +--- a/drivers/gpu/drm/i915/intel_dvo.c ++++ b/drivers/gpu/drm/i915/intel_dvo.c +@@ -371,6 +371,7 @@ void intel_dvo_init(struct drm_device *dev) + const struct intel_dvo_device *dvo = &intel_dvo_devices[i]; + struct i2c_adapter *i2c; + int gpio; ++ bool dvoinit; + + /* Allow the I2C driver info to specify the GPIO to be used in + * special cases, but otherwise default to what's defined +@@ -390,7 +391,17 @@ void intel_dvo_init(struct drm_device *dev) + i2c = &dev_priv->gmbus[gpio].adapter; + + intel_dvo->dev = *dvo; +- if (!dvo->dev_ops->init(&intel_dvo->dev, i2c)) ++ ++ /* GMBUS NAK handling seems to be unstable, hence let the ++ * transmitter detection run in bit banging mode for now. ++ */ ++ intel_gmbus_force_bit(i2c, true); ++ ++ dvoinit = dvo->dev_ops->init(&intel_dvo->dev, i2c); ++ ++ intel_gmbus_force_bit(i2c, false); ++ ++ if (!dvoinit) + continue; + + intel_encoder->type = INTEL_OUTPUT_DVO; +diff --git a/drivers/gpu/drm/i915/intel_lvds.c b/drivers/gpu/drm/i915/intel_lvds.c +index 6601d21..876bac0 100644 +--- a/drivers/gpu/drm/i915/intel_lvds.c ++++ b/drivers/gpu/drm/i915/intel_lvds.c +@@ -553,8 +553,6 @@ static void intel_lvds_destroy(struct drm_connector *connector) + struct drm_device *dev = connector->dev; + struct drm_i915_private *dev_priv = dev->dev_private; + +- intel_panel_destroy_backlight(dev); +- + if (dev_priv->lid_notifier.notifier_call) + acpi_lid_notifier_unregister(&dev_priv->lid_notifier); + drm_sysfs_connector_remove(connector); +@@ -788,6 +786,14 @@ static const struct dmi_system_id intel_no_lvds[] = { + DMI_MATCH(DMI_PRODUCT_NAME, "X7SPA-H"), + }, + }, ++ { ++ .callback = intel_no_lvds_dmi_callback, ++ .ident = "Fujitsu Esprimo Q900", ++ .matches = { ++ DMI_MATCH(DMI_SYS_VENDOR, "FUJITSU"), ++ DMI_MATCH(DMI_PRODUCT_NAME, "ESPRIMO Q900"), ++ }, ++ }, + + { } /* terminating entry */ + }; +diff --git a/drivers/gpu/drm/i915/intel_panel.c b/drivers/gpu/drm/i915/intel_panel.c +index 72b8949..04cb34a 100644 +--- a/drivers/gpu/drm/i915/intel_panel.c ++++ b/drivers/gpu/drm/i915/intel_panel.c +@@ -361,6 +361,9 @@ int intel_panel_setup_backlight(struct drm_device *dev) + + intel_panel_init_backlight(dev); + ++ if (WARN_ON(dev_priv->backlight)) ++ return -ENODEV; ++ + if (dev_priv->int_lvds_connector) + connector = dev_priv->int_lvds_connector; + else if (dev_priv->int_edp_connector) +@@ -388,8 +391,10 @@ int intel_panel_setup_backlight(struct drm_device *dev) + void intel_panel_destroy_backlight(struct drm_device *dev) + { + struct drm_i915_private *dev_priv = dev->dev_private; +- if (dev_priv->backlight) ++ if (dev_priv->backlight) { + backlight_device_unregister(dev_priv->backlight); ++ dev_priv->backlight = NULL; ++ } + } + #else + int intel_panel_setup_backlight(struct drm_device *dev) +diff --git a/drivers/gpu/drm/radeon/atom.c b/drivers/gpu/drm/radeon/atom.c +index 3a05cdb..d969f3c 100644 +--- a/drivers/gpu/drm/radeon/atom.c ++++ b/drivers/gpu/drm/radeon/atom.c +@@ -1387,10 +1387,10 @@ int atom_allocate_fb_scratch(struct atom_context *ctx) + firmware_usage = (struct _ATOM_VRAM_USAGE_BY_FIRMWARE *)(ctx->bios + data_offset); + + DRM_DEBUG("atom firmware requested %08x %dkb\n", +- firmware_usage->asFirmwareVramReserveInfo[0].ulStartAddrUsedByFirmware, +- firmware_usage->asFirmwareVramReserveInfo[0].usFirmwareUseInKb); ++ le32_to_cpu(firmware_usage->asFirmwareVramReserveInfo[0].ulStartAddrUsedByFirmware), ++ le16_to_cpu(firmware_usage->asFirmwareVramReserveInfo[0].usFirmwareUseInKb)); + +- usage_bytes = firmware_usage->asFirmwareVramReserveInfo[0].usFirmwareUseInKb * 1024; ++ usage_bytes = le16_to_cpu(firmware_usage->asFirmwareVramReserveInfo[0].usFirmwareUseInKb) * 1024; + } + ctx->scratch_size_bytes = 0; + if (usage_bytes == 0) +diff --git a/drivers/gpu/drm/radeon/atombios_crtc.c b/drivers/gpu/drm/radeon/atombios_crtc.c +index a25d08a..038570a 100644 +--- a/drivers/gpu/drm/radeon/atombios_crtc.c ++++ b/drivers/gpu/drm/radeon/atombios_crtc.c +@@ -544,6 +544,9 @@ static u32 atombios_adjust_pll(struct drm_crtc *crtc, + /* use frac fb div on APUs */ + if (ASIC_IS_DCE41(rdev)) + pll->flags |= RADEON_PLL_USE_FRAC_FB_DIV; ++ /* use frac fb div on RS780/RS880 */ ++ if ((rdev->family == CHIP_RS780) || (rdev->family == CHIP_RS880)) ++ pll->flags |= RADEON_PLL_USE_FRAC_FB_DIV; + if (ASIC_IS_DCE32(rdev) && mode->clock > 165000) + pll->flags |= RADEON_PLL_USE_FRAC_FB_DIV; + } else { +diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c +index 60d13fe..0495a50 100644 +--- a/drivers/gpu/drm/radeon/evergreen.c ++++ b/drivers/gpu/drm/radeon/evergreen.c +@@ -412,6 +412,16 @@ void evergreen_hpd_init(struct radeon_device *rdev) + + list_for_each_entry(connector, &dev->mode_config.connector_list, head) { + struct radeon_connector *radeon_connector = to_radeon_connector(connector); ++ ++ if (connector->connector_type == DRM_MODE_CONNECTOR_eDP || ++ connector->connector_type == DRM_MODE_CONNECTOR_LVDS) { ++ /* don't try to enable hpd on eDP or LVDS avoid breaking the ++ * aux dp channel on imac and help (but not completely fix) ++ * https://bugzilla.redhat.com/show_bug.cgi?id=726143 ++ * also avoid interrupt storms during dpms. ++ */ ++ continue; ++ } + switch (radeon_connector->hpd.hpd) { + case RADEON_HPD_1: + WREG32(DC_HPD1_CONTROL, tmp); +diff --git a/drivers/gpu/drm/radeon/r600_hdmi.c b/drivers/gpu/drm/radeon/r600_hdmi.c +index c45d921..57a825d 100644 +--- a/drivers/gpu/drm/radeon/r600_hdmi.c ++++ b/drivers/gpu/drm/radeon/r600_hdmi.c +@@ -506,7 +506,7 @@ void r600_hdmi_enable(struct drm_encoder *encoder) + offset = radeon_encoder->hdmi_offset; + if (ASIC_IS_DCE32(rdev) && !ASIC_IS_DCE4(rdev)) { + WREG32_P(radeon_encoder->hdmi_config_offset + 0x4, 0x1, ~0x1); +- } else if (rdev->family >= CHIP_R600 && !ASIC_IS_DCE3(rdev)) { ++ } else if (ASIC_IS_DCE2(rdev) && !ASIC_IS_DCE3(rdev)) { + switch (radeon_encoder->encoder_id) { + case ENCODER_OBJECT_ID_INTERNAL_KLDSCP_TMDS1: + WREG32_P(AVIVO_TMDSA_CNTL, 0x4, ~0x4); +@@ -572,7 +572,7 @@ void r600_hdmi_disable(struct drm_encoder *encoder) + + if (ASIC_IS_DCE32(rdev) && !ASIC_IS_DCE4(rdev)) { + WREG32_P(radeon_encoder->hdmi_config_offset + 0x4, 0, ~0x1); +- } else if (rdev->family >= CHIP_R600 && !ASIC_IS_DCE3(rdev)) { ++ } else if (ASIC_IS_DCE2(rdev) && !ASIC_IS_DCE3(rdev)) { + switch (radeon_encoder->encoder_id) { + case ENCODER_OBJECT_ID_INTERNAL_KLDSCP_TMDS1: + WREG32_P(AVIVO_TMDSA_CNTL, 0, ~0x4); +diff --git a/drivers/gpu/drm/radeon/radeon_atombios.c b/drivers/gpu/drm/radeon/radeon_atombios.c +index 38585c5..383b38e 100644 +--- a/drivers/gpu/drm/radeon/radeon_atombios.c ++++ b/drivers/gpu/drm/radeon/radeon_atombios.c +@@ -1989,6 +1989,8 @@ static int radeon_atombios_parse_power_table_1_3(struct radeon_device *rdev) + num_modes = power_info->info.ucNumOfPowerModeEntries; + if (num_modes > ATOM_MAX_NUMBEROF_POWER_BLOCK) + num_modes = ATOM_MAX_NUMBEROF_POWER_BLOCK; ++ if (num_modes == 0) ++ return state_index; + rdev->pm.power_state = kzalloc(sizeof(struct radeon_power_state) * num_modes, GFP_KERNEL); + if (!rdev->pm.power_state) + return state_index; +@@ -2361,6 +2363,8 @@ static int radeon_atombios_parse_power_table_4_5(struct radeon_device *rdev) + power_info = (union power_info *)(mode_info->atom_context->bios + data_offset); + + radeon_atombios_add_pplib_thermal_controller(rdev, &power_info->pplib.sThermalController); ++ if (power_info->pplib.ucNumStates == 0) ++ return state_index; + rdev->pm.power_state = kzalloc(sizeof(struct radeon_power_state) * + power_info->pplib.ucNumStates, GFP_KERNEL); + if (!rdev->pm.power_state) +@@ -2443,6 +2447,7 @@ static int radeon_atombios_parse_power_table_6(struct radeon_device *rdev) + int index = GetIndexIntoMasterTable(DATA, PowerPlayInfo); + u16 data_offset; + u8 frev, crev; ++ u8 *power_state_offset; + + if (!atom_parse_data_header(mode_info->atom_context, index, NULL, + &frev, &crev, &data_offset)) +@@ -2459,15 +2464,17 @@ static int radeon_atombios_parse_power_table_6(struct radeon_device *rdev) + non_clock_info_array = (struct NonClockInfoArray *) + (mode_info->atom_context->bios + data_offset + + le16_to_cpu(power_info->pplib.usNonClockInfoArrayOffset)); ++ if (state_array->ucNumEntries == 0) ++ return state_index; + rdev->pm.power_state = kzalloc(sizeof(struct radeon_power_state) * + state_array->ucNumEntries, GFP_KERNEL); + if (!rdev->pm.power_state) + return state_index; ++ power_state_offset = (u8 *)state_array->states; + for (i = 0; i < state_array->ucNumEntries; i++) { + mode_index = 0; +- power_state = (union pplib_power_state *)&state_array->states[i]; +- /* XXX this might be an inagua bug... */ +- non_clock_array_index = i; /* power_state->v2.nonClockInfoIndex */ ++ power_state = (union pplib_power_state *)power_state_offset; ++ non_clock_array_index = power_state->v2.nonClockInfoIndex; + non_clock_info = (struct _ATOM_PPLIB_NONCLOCK_INFO *) + &non_clock_info_array->nonClockInfo[non_clock_array_index]; + rdev->pm.power_state[i].clock_info = kzalloc(sizeof(struct radeon_pm_clock_info) * +@@ -2479,9 +2486,6 @@ static int radeon_atombios_parse_power_table_6(struct radeon_device *rdev) + if (power_state->v2.ucNumDPMLevels) { + for (j = 0; j < power_state->v2.ucNumDPMLevels; j++) { + clock_array_index = power_state->v2.clockInfoIndex[j]; +- /* XXX this might be an inagua bug... */ +- if (clock_array_index >= clock_info_array->ucNumEntries) +- continue; + clock_info = (union pplib_clock_info *) + &clock_info_array->clockInfo[clock_array_index]; + valid = radeon_atombios_parse_pplib_clock_info(rdev, +@@ -2503,6 +2507,7 @@ static int radeon_atombios_parse_power_table_6(struct radeon_device *rdev) + non_clock_info); + state_index++; + } ++ power_state_offset += 2 + power_state->v2.ucNumDPMLevels; + } + /* if multiple clock modes, mark the lowest as no display */ + for (i = 0; i < state_index; i++) { +@@ -2549,7 +2554,9 @@ void radeon_atombios_get_power_modes(struct radeon_device *rdev) + default: + break; + } +- } else { ++ } ++ ++ if (state_index == 0) { + rdev->pm.power_state = kzalloc(sizeof(struct radeon_power_state), GFP_KERNEL); + if (rdev->pm.power_state) { + rdev->pm.power_state[0].clock_info = +diff --git a/drivers/gpu/drm/radeon/radeon_kms.c b/drivers/gpu/drm/radeon/radeon_kms.c +index be2c122..4bb9e27 100644 +--- a/drivers/gpu/drm/radeon/radeon_kms.c ++++ b/drivers/gpu/drm/radeon/radeon_kms.c +@@ -39,8 +39,12 @@ int radeon_driver_unload_kms(struct drm_device *dev) + + if (rdev == NULL) + return 0; ++ if (rdev->rmmio == NULL) ++ goto done_free; + radeon_modeset_fini(rdev); + radeon_device_fini(rdev); ++ ++done_free: + kfree(rdev); + dev->dev_private = NULL; + return 0; +diff --git a/drivers/gpu/drm/radeon/radeon_pm.c b/drivers/gpu/drm/radeon/radeon_pm.c +index ebd6c51..d58eccb 100644 +--- a/drivers/gpu/drm/radeon/radeon_pm.c ++++ b/drivers/gpu/drm/radeon/radeon_pm.c +@@ -863,7 +863,11 @@ static int radeon_debugfs_pm_info(struct seq_file *m, void *data) + struct radeon_device *rdev = dev->dev_private; + + seq_printf(m, "default engine clock: %u0 kHz\n", rdev->pm.default_sclk); +- seq_printf(m, "current engine clock: %u0 kHz\n", radeon_get_engine_clock(rdev)); ++ /* radeon_get_engine_clock is not reliable on APUs so just print the current clock */ ++ if ((rdev->family >= CHIP_PALM) && (rdev->flags & RADEON_IS_IGP)) ++ seq_printf(m, "current engine clock: %u0 kHz\n", rdev->pm.current_sclk); ++ else ++ seq_printf(m, "current engine clock: %u0 kHz\n", radeon_get_engine_clock(rdev)); + seq_printf(m, "default memory clock: %u0 kHz\n", rdev->pm.default_mclk); + if (rdev->asic->get_memory_clock) + seq_printf(m, "current memory clock: %u0 kHz\n", radeon_get_memory_clock(rdev)); +diff --git a/drivers/i2c/busses/i2c-xiic.c b/drivers/i2c/busses/i2c-xiic.c +index 4bb68f3..64e7065 100644 +--- a/drivers/i2c/busses/i2c-xiic.c ++++ b/drivers/i2c/busses/i2c-xiic.c +@@ -311,10 +311,8 @@ static void xiic_fill_tx_fifo(struct xiic_i2c *i2c) + /* last message in transfer -> STOP */ + data |= XIIC_TX_DYN_STOP_MASK; + dev_dbg(i2c->adap.dev.parent, "%s TX STOP\n", __func__); +- +- xiic_setreg16(i2c, XIIC_DTR_REG_OFFSET, data); +- } else +- xiic_setreg8(i2c, XIIC_DTR_REG_OFFSET, data); ++ } ++ xiic_setreg16(i2c, XIIC_DTR_REG_OFFSET, data); + } + } + +diff --git a/drivers/md/md.c b/drivers/md/md.c +index 1702133..2d0544c 100644 +--- a/drivers/md/md.c ++++ b/drivers/md/md.c +@@ -1588,8 +1588,8 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ + sector, count, 1) == 0) + return -EINVAL; + } +- } else if (sb->bblog_offset == 0) +- rdev->badblocks.shift = -1; ++ } else if (sb->bblog_offset != 0) ++ rdev->badblocks.shift = 0; + + if (!refdev) { + ret = 1; +@@ -3063,7 +3063,7 @@ int md_rdev_init(struct md_rdev *rdev) + * be used - I wonder if that matters + */ + rdev->badblocks.count = 0; +- rdev->badblocks.shift = 0; ++ rdev->badblocks.shift = -1; /* disabled until explicitly enabled */ + rdev->badblocks.page = kmalloc(PAGE_SIZE, GFP_KERNEL); + seqlock_init(&rdev->badblocks.lock); + if (rdev->badblocks.page == NULL) +@@ -3135,9 +3135,6 @@ static struct md_rdev *md_import_device(dev_t newdev, int super_format, int supe + goto abort_free; + } + } +- if (super_format == -1) +- /* hot-add for 0.90, or non-persistent: so no badblocks */ +- rdev->badblocks.shift = -1; + + return rdev; + +diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c +index fc07f90..b436b84 100644 +--- a/drivers/net/bonding/bond_main.c ++++ b/drivers/net/bonding/bond_main.c +@@ -1866,6 +1866,7 @@ err_detach: + write_unlock_bh(&bond->lock); + + err_close: ++ slave_dev->priv_flags &= ~IFF_BONDING; + dev_close(slave_dev); + + err_unset_master: +@@ -4853,9 +4854,18 @@ static int __net_init bond_net_init(struct net *net) + static void __net_exit bond_net_exit(struct net *net) + { + struct bond_net *bn = net_generic(net, bond_net_id); ++ struct bonding *bond, *tmp_bond; ++ LIST_HEAD(list); + + bond_destroy_sysfs(bn); + bond_destroy_proc_dir(bn); ++ ++ /* Kill off any bonds created after unregistering bond rtnl ops */ ++ rtnl_lock(); ++ list_for_each_entry_safe(bond, tmp_bond, &bn->dev_list, bond_list) ++ unregister_netdevice_queue(bond->dev, &list); ++ unregister_netdevice_many(&list); ++ rtnl_unlock(); + } + + static struct pernet_operations bond_net_ops = { +diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e.h b/drivers/net/ethernet/atheros/atl1e/atl1e.h +index edfdf6b..b5fd934 100644 +--- a/drivers/net/ethernet/atheros/atl1e/atl1e.h ++++ b/drivers/net/ethernet/atheros/atl1e/atl1e.h +@@ -186,7 +186,7 @@ struct atl1e_tpd_desc { + /* how about 0x2000 */ + #define MAX_TX_BUF_LEN 0x2000 + #define MAX_TX_BUF_SHIFT 13 +-/*#define MAX_TX_BUF_LEN 0x3000 */ ++#define MAX_TSO_SEG_SIZE 0x3c00 + + /* rrs word 1 bit 0:31 */ + #define RRS_RX_CSUM_MASK 0xFFFF +diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c +index c69dc29..dd893b3 100644 +--- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c ++++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c +@@ -2352,6 +2352,7 @@ static int __devinit atl1e_probe(struct pci_dev *pdev, + + INIT_WORK(&adapter->reset_task, atl1e_reset_task); + INIT_WORK(&adapter->link_chg_task, atl1e_link_chg_task); ++ netif_set_gso_max_size(netdev, MAX_TSO_SEG_SIZE); + err = register_netdev(netdev); + if (err) { + netdev_err(netdev, "register netdevice failed\n"); +diff --git a/drivers/net/ethernet/freescale/gianfar_ptp.c b/drivers/net/ethernet/freescale/gianfar_ptp.c +index f67b8ae..69c3adf 100644 +--- a/drivers/net/ethernet/freescale/gianfar_ptp.c ++++ b/drivers/net/ethernet/freescale/gianfar_ptp.c +@@ -127,7 +127,6 @@ struct gianfar_ptp_registers { + + #define DRIVER "gianfar_ptp" + #define DEFAULT_CKSEL 1 +-#define N_ALARM 1 /* first alarm is used internally to reset fipers */ + #define N_EXT_TS 2 + #define REG_SIZE sizeof(struct gianfar_ptp_registers) + +@@ -410,7 +409,7 @@ static struct ptp_clock_info ptp_gianfar_caps = { + .owner = THIS_MODULE, + .name = "gianfar clock", + .max_adj = 512000, +- .n_alarm = N_ALARM, ++ .n_alarm = 0, + .n_ext_ts = N_EXT_TS, + .n_per_out = 0, + .pps = 1, +diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c +index 41396fa..d93eee1 100644 +--- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c ++++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c +@@ -1937,6 +1937,16 @@ static irqreturn_t ixgbe_msix_other(int irq, void *data) + * with the write to EICR. + */ + eicr = IXGBE_READ_REG(hw, IXGBE_EICS); ++ ++ /* The lower 16bits of the EICR register are for the queue interrupts ++ * which should be masked here in order to not accidently clear them if ++ * the bits are high when ixgbe_msix_other is called. There is a race ++ * condition otherwise which results in possible performance loss ++ * especially if the ixgbe_msix_other interrupt is triggering ++ * consistently (as it would when PPS is turned on for the X540 device) ++ */ ++ eicr &= 0xFFFF0000; ++ + IXGBE_WRITE_REG(hw, IXGBE_EICR, eicr); + + if (eicr & IXGBE_EICR_LSC) +@@ -5408,7 +5418,9 @@ static int ixgbe_resume(struct pci_dev *pdev) + + pci_wake_from_d3(pdev, false); + ++ rtnl_lock(); + err = ixgbe_init_interrupt_scheme(adapter); ++ rtnl_unlock(); + if (err) { + e_dev_err("Cannot initialize interrupts for device\n"); + return err; +diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c +index d812790..f698183 100644 +--- a/drivers/net/ethernet/realtek/r8169.c ++++ b/drivers/net/ethernet/realtek/r8169.c +@@ -1629,8 +1629,6 @@ static void rtl8169_rx_vlan_tag(struct RxDesc *desc, struct sk_buff *skb) + + if (opts2 & RxVlanTag) + __vlan_hwaccel_put_tag(skb, swab16(opts2 & 0xffff)); +- +- desc->opts2 = 0; + } + + static int rtl8169_gset_tbi(struct net_device *dev, struct ethtool_cmd *cmd) +@@ -5566,6 +5564,14 @@ static netdev_tx_t rtl8169_start_xmit(struct sk_buff *skb, + goto err_stop_0; + } + ++ /* 8168evl does not automatically pad to minimum length. */ ++ if (unlikely(tp->mac_version == RTL_GIGA_MAC_VER_34 && ++ skb->len < ETH_ZLEN)) { ++ if (skb_padto(skb, ETH_ZLEN)) ++ goto err_update_stats; ++ skb_put(skb, ETH_ZLEN - skb->len); ++ } ++ + if (unlikely(le32_to_cpu(txd->opts1) & DescOwn)) + goto err_stop_0; + +@@ -5633,6 +5639,7 @@ err_dma_1: + rtl8169_unmap_tx_skb(d, tp->tx_skb + entry, txd); + err_dma_0: + dev_kfree_skb(skb); ++err_update_stats: + dev->stats.tx_dropped++; + return NETDEV_TX_OK; + +@@ -5814,7 +5821,6 @@ static int rtl8169_rx_interrupt(struct net_device *dev, + rtl8169_schedule_work(dev, rtl8169_reset_task); + dev->stats.rx_fifo_errors++; + } +- rtl8169_mark_to_asic(desc, rx_buf_sz); + } else { + struct sk_buff *skb; + dma_addr_t addr = le64_to_cpu(desc->addr); +@@ -5828,16 +5834,14 @@ static int rtl8169_rx_interrupt(struct net_device *dev, + if (unlikely(rtl8169_fragmented_frame(status))) { + dev->stats.rx_dropped++; + dev->stats.rx_length_errors++; +- rtl8169_mark_to_asic(desc, rx_buf_sz); +- continue; ++ goto release_descriptor; + } + + skb = rtl8169_try_rx_copy(tp->Rx_databuff[entry], + tp, pkt_size, addr); +- rtl8169_mark_to_asic(desc, rx_buf_sz); + if (!skb) { + dev->stats.rx_dropped++; +- continue; ++ goto release_descriptor; + } + + rtl8169_rx_csum(skb, status); +@@ -5851,6 +5855,10 @@ static int rtl8169_rx_interrupt(struct net_device *dev, + dev->stats.rx_bytes += pkt_size; + dev->stats.rx_packets++; + } ++release_descriptor: ++ desc->opts2 = 0; ++ wmb(); ++ rtl8169_mark_to_asic(desc, rx_buf_sz); + } + + count = cur_rx - tp->cur_rx; +diff --git a/drivers/net/wireless/iwlwifi/iwl-agn-sta.c b/drivers/net/wireless/iwlwifi/iwl-agn-sta.c +index ccf1524..3935994 100644 +--- a/drivers/net/wireless/iwlwifi/iwl-agn-sta.c ++++ b/drivers/net/wireless/iwlwifi/iwl-agn-sta.c +@@ -563,6 +563,7 @@ void iwl_clear_ucode_stations(struct iwl_priv *priv, + void iwl_restore_stations(struct iwl_priv *priv, struct iwl_rxon_context *ctx) + { + struct iwl_addsta_cmd sta_cmd; ++ static const struct iwl_link_quality_cmd zero_lq = {}; + struct iwl_link_quality_cmd lq; + unsigned long flags_spin; + int i; +@@ -602,7 +603,9 @@ void iwl_restore_stations(struct iwl_priv *priv, struct iwl_rxon_context *ctx) + else + memcpy(&lq, priv->stations[i].lq, + sizeof(struct iwl_link_quality_cmd)); +- send_lq = true; ++ ++ if (!memcmp(&lq, &zero_lq, sizeof(lq))) ++ send_lq = true; + } + spin_unlock_irqrestore(&priv->shrd->sta_lock, + flags_spin); +diff --git a/drivers/net/wireless/mwifiex/pcie.c b/drivers/net/wireless/mwifiex/pcie.c +index 3cf4ecc..621b84f 100644 +--- a/drivers/net/wireless/mwifiex/pcie.c ++++ b/drivers/net/wireless/mwifiex/pcie.c +@@ -1821,9 +1821,9 @@ static void mwifiex_pcie_cleanup(struct mwifiex_adapter *adapter) + if (pdev) { + pci_iounmap(pdev, card->pci_mmap); + pci_iounmap(pdev, card->pci_mmap1); +- +- pci_release_regions(pdev); + pci_disable_device(pdev); ++ pci_release_region(pdev, 2); ++ pci_release_region(pdev, 0); + pci_set_drvdata(pdev, NULL); + } + } +diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c +index 6d4a531..363a5c6 100644 +--- a/drivers/pci/pci.c ++++ b/drivers/pci/pci.c +@@ -664,15 +664,11 @@ static int pci_platform_power_transition(struct pci_dev *dev, pci_power_t state) + error = platform_pci_set_power_state(dev, state); + if (!error) + pci_update_current_state(dev, state); +- /* Fall back to PCI_D0 if native PM is not supported */ +- if (!dev->pm_cap) +- dev->current_state = PCI_D0; +- } else { ++ } else + error = -ENODEV; +- /* Fall back to PCI_D0 if native PM is not supported */ +- if (!dev->pm_cap) +- dev->current_state = PCI_D0; +- } ++ ++ if (error && !dev->pm_cap) /* Fall back to PCI_D0 */ ++ dev->current_state = PCI_D0; + + return error; + } +diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c +index 05beb6c..e3eed18 100644 +--- a/drivers/rtc/rtc-cmos.c ++++ b/drivers/rtc/rtc-cmos.c +@@ -805,9 +805,8 @@ static int cmos_suspend(struct device *dev) + mask = RTC_IRQMASK; + tmp &= ~mask; + CMOS_WRITE(tmp, RTC_CONTROL); ++ hpet_mask_rtc_irq_bit(mask); + +- /* shut down hpet emulation - we don't need it for alarm */ +- hpet_mask_rtc_irq_bit(RTC_PIE|RTC_AIE|RTC_UIE); + cmos_checkintr(cmos, tmp); + } + spin_unlock_irq(&rtc_lock); +@@ -872,6 +871,7 @@ static int cmos_resume(struct device *dev) + rtc_update_irq(cmos->rtc, 1, mask); + tmp &= ~RTC_AIE; + hpet_mask_rtc_irq_bit(RTC_AIE); ++ hpet_rtc_timer_init(); + } while (mask & RTC_AIE); + spin_unlock_irq(&rtc_lock); + } +diff --git a/drivers/s390/char/sclp_cmd.c b/drivers/s390/char/sclp_cmd.c +index 0b54a91..a56a15e 100644 +--- a/drivers/s390/char/sclp_cmd.c ++++ b/drivers/s390/char/sclp_cmd.c +@@ -509,6 +509,8 @@ static void __init sclp_add_standby_memory(void) + add_memory_merged(0); + } + ++#define MEM_SCT_SIZE (1UL << SECTION_SIZE_BITS) ++ + static void __init insert_increment(u16 rn, int standby, int assigned) + { + struct memory_increment *incr, *new_incr; +@@ -521,7 +523,7 @@ static void __init insert_increment(u16 rn, int standby, int assigned) + new_incr->rn = rn; + new_incr->standby = standby; + if (!standby) +- new_incr->usecount = 1; ++ new_incr->usecount = rzm > MEM_SCT_SIZE ? rzm/MEM_SCT_SIZE : 1; + last_rn = 0; + prev = &sclp_mem_list; + list_for_each_entry(incr, &sclp_mem_list, list) { +diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c +index d19b879..4735928 100644 +--- a/drivers/tty/pty.c ++++ b/drivers/tty/pty.c +@@ -669,6 +669,9 @@ static int ptmx_open(struct inode *inode, struct file *filp) + + nonseekable_open(inode, filp); + ++ /* We refuse fsnotify events on ptmx, since it's a shared resource */ ++ filp->f_mode |= FMODE_NONOTIFY; ++ + retval = tty_alloc_file(filp); + if (retval) + return retval; +diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c +index af5ffb9..488214a 100644 +--- a/drivers/tty/serial/serial_core.c ++++ b/drivers/tty/serial/serial_core.c +@@ -1901,6 +1901,8 @@ int uart_suspend_port(struct uart_driver *drv, struct uart_port *uport) + mutex_unlock(&port->mutex); + return 0; + } ++ put_device(tty_dev); ++ + if (console_suspend_enabled || !uart_console(uport)) + uport->suspended = 1; + +@@ -1966,9 +1968,11 @@ int uart_resume_port(struct uart_driver *drv, struct uart_port *uport) + disable_irq_wake(uport->irq); + uport->irq_wake = 0; + } ++ put_device(tty_dev); + mutex_unlock(&port->mutex); + return 0; + } ++ put_device(tty_dev); + uport->suspended = 0; + + /* +diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c +index 05085be..3f35e42 100644 +--- a/drivers/tty/tty_io.c ++++ b/drivers/tty/tty_io.c +@@ -940,6 +940,14 @@ void start_tty(struct tty_struct *tty) + + EXPORT_SYMBOL(start_tty); + ++/* We limit tty time update visibility to every 8 seconds or so. */ ++static void tty_update_time(struct timespec *time) ++{ ++ unsigned long sec = get_seconds() & ~7; ++ if ((long)(sec - time->tv_sec) > 0) ++ time->tv_sec = sec; ++} ++ + /** + * tty_read - read method for tty device files + * @file: pointer to tty file +@@ -976,8 +984,10 @@ static ssize_t tty_read(struct file *file, char __user *buf, size_t count, + else + i = -EIO; + tty_ldisc_deref(ld); ++ + if (i > 0) +- inode->i_atime = current_fs_time(inode->i_sb); ++ tty_update_time(&inode->i_atime); ++ + return i; + } + +@@ -1079,8 +1089,8 @@ static inline ssize_t do_tty_write( + cond_resched(); + } + if (written) { +- struct inode *inode = file->f_path.dentry->d_inode; +- inode->i_mtime = current_fs_time(inode->i_sb); ++ struct inode *inode = file->f_path.dentry->d_inode; ++ tty_update_time(&inode->i_mtime); + ret = written; + } + out: +diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c +index a9df218..22f770a 100644 +--- a/drivers/usb/core/devio.c ++++ b/drivers/usb/core/devio.c +@@ -643,6 +643,8 @@ static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype, + index &= 0xff; + switch (requesttype & USB_RECIP_MASK) { + case USB_RECIP_ENDPOINT: ++ if ((index & ~USB_DIR_IN) == 0) ++ return 0; + ret = findintfep(ps->dev, index); + if (ret >= 0) + ret = checkintf(ps, ret); +diff --git a/drivers/usb/misc/appledisplay.c b/drivers/usb/misc/appledisplay.c +index ac0d75a..9f7003e 100644 +--- a/drivers/usb/misc/appledisplay.c ++++ b/drivers/usb/misc/appledisplay.c +@@ -63,6 +63,7 @@ static const struct usb_device_id appledisplay_table[] = { + { APPLEDISPLAY_DEVICE(0x9219) }, + { APPLEDISPLAY_DEVICE(0x921c) }, + { APPLEDISPLAY_DEVICE(0x921d) }, ++ { APPLEDISPLAY_DEVICE(0x9236) }, + + /* Terminating entry */ + { } +diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c +index 06394e5a..51d1712 100644 +--- a/drivers/usb/serial/ftdi_sio.c ++++ b/drivers/usb/serial/ftdi_sio.c +@@ -195,6 +195,7 @@ static struct usb_device_id id_table_combined [] = { + { USB_DEVICE(FTDI_VID, FTDI_OPENDCC_THROTTLE_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_OPENDCC_GATEWAY_PID) }, + { USB_DEVICE(FTDI_VID, FTDI_OPENDCC_GBM_PID) }, ++ { USB_DEVICE(FTDI_VID, FTDI_OPENDCC_GBM_BOOST_PID) }, + { USB_DEVICE(NEWPORT_VID, NEWPORT_AGILIS_PID) }, + { USB_DEVICE(INTERBIOMETRICS_VID, INTERBIOMETRICS_IOBOARD_PID) }, + { USB_DEVICE(INTERBIOMETRICS_VID, INTERBIOMETRICS_MINI_IOBOARD_PID) }, +@@ -876,7 +877,9 @@ static struct usb_device_id id_table_combined [] = { + { USB_DEVICE(FTDI_VID, FTDI_DOTEC_PID) }, + { USB_DEVICE(QIHARDWARE_VID, MILKYMISTONE_JTAGSERIAL_PID), + .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk }, +- { USB_DEVICE(ST_VID, ST_STMCLT1030_PID), ++ { USB_DEVICE(ST_VID, ST_STMCLT_2232_PID), ++ .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk }, ++ { USB_DEVICE(ST_VID, ST_STMCLT_4232_PID), + .driver_info = (kernel_ulong_t)&ftdi_stmclite_quirk }, + { USB_DEVICE(FTDI_VID, FTDI_RF_R106) }, + { USB_DEVICE(FTDI_VID, FTDI_DISTORTEC_JTAG_LOCK_PICK_PID), +@@ -1816,8 +1819,11 @@ static int ftdi_8u2232c_probe(struct usb_serial *serial) + } + + /* +- * First and second port on STMCLiteadaptors is reserved for JTAG interface +- * and the forth port for pio ++ * First two ports on JTAG adaptors using an FT4232 such as STMicroelectronics's ++ * ST Micro Connect Lite are reserved for JTAG or other non-UART interfaces and ++ * can be accessed from userspace. ++ * The next two ports are enabled as UARTs by default, where port 2 is ++ * a conventional RS-232 UART. + */ + static int ftdi_stmclite_probe(struct usb_serial *serial) + { +@@ -1826,12 +1832,13 @@ static int ftdi_stmclite_probe(struct usb_serial *serial) + + dbg("%s", __func__); + +- if (interface == udev->actconfig->interface[2]) +- return 0; +- +- dev_info(&udev->dev, "Ignoring serial port reserved for JTAG\n"); ++ if (interface == udev->actconfig->interface[0] || ++ interface == udev->actconfig->interface[1]) { ++ dev_info(&udev->dev, "Ignoring serial port reserved for JTAG\n"); ++ return -ENODEV; ++ } + +- return -ENODEV; ++ return 0; + } + + /* +diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h +index 809c03a..2f86008 100644 +--- a/drivers/usb/serial/ftdi_sio_ids.h ++++ b/drivers/usb/serial/ftdi_sio_ids.h +@@ -74,6 +74,7 @@ + #define FTDI_OPENDCC_THROTTLE_PID 0xBFDA + #define FTDI_OPENDCC_GATEWAY_PID 0xBFDB + #define FTDI_OPENDCC_GBM_PID 0xBFDC ++#define FTDI_OPENDCC_GBM_BOOST_PID 0xBFDD + + /* NZR SEM 16+ USB (http://www.nzr.de) */ + #define FTDI_NZR_SEM_USB_PID 0xC1E0 /* NZR SEM-LOG16+ */ +@@ -1150,7 +1151,8 @@ + * STMicroelectonics + */ + #define ST_VID 0x0483 +-#define ST_STMCLT1030_PID 0x3747 /* ST Micro Connect Lite STMCLT1030 */ ++#define ST_STMCLT_2232_PID 0x3746 ++#define ST_STMCLT_4232_PID 0x3747 + + /* + * Papouch products (http://www.papouch.com/) +diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c +index 4418538..8513f51 100644 +--- a/drivers/usb/serial/option.c ++++ b/drivers/usb/serial/option.c +@@ -347,6 +347,7 @@ static void option_instat_callback(struct urb *urb); + /* Olivetti products */ + #define OLIVETTI_VENDOR_ID 0x0b3c + #define OLIVETTI_PRODUCT_OLICARD100 0xc000 ++#define OLIVETTI_PRODUCT_OLICARD145 0xc003 + + /* Celot products */ + #define CELOT_VENDOR_ID 0x211f +@@ -1273,6 +1274,7 @@ static const struct usb_device_id option_ids[] = { + { USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC28_MDMNET) }, + + { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD100) }, ++ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD145) }, + { USB_DEVICE(CELOT_VENDOR_ID, CELOT_PRODUCT_CT680M) }, /* CT-650 CDMA 450 1xEVDO modem */ + { USB_DEVICE(ONDA_VENDOR_ID, ONDA_MT825UP) }, /* ONDA MT825UP modem */ + { USB_DEVICE_AND_INTERFACE_INFO(SAMSUNG_VENDOR_ID, SAMSUNG_PRODUCT_GT_B3730, USB_CLASS_CDC_DATA, 0x00, 0x00) }, /* Samsung GT-B3730 LTE USB modem.*/ +@@ -1350,6 +1352,12 @@ static const struct usb_device_id option_ids[] = { + { USB_DEVICE(TPLINK_VENDOR_ID, TPLINK_PRODUCT_MA180), + .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, + { USB_DEVICE(CHANGHONG_VENDOR_ID, CHANGHONG_PRODUCT_CH690) }, ++ { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d01, 0xff, 0x02, 0x01) }, /* D-Link DWM-156 (variant) */ ++ { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d01, 0xff, 0x00, 0x00) }, /* D-Link DWM-156 (variant) */ ++ { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d02, 0xff, 0x02, 0x01) }, ++ { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d02, 0xff, 0x00, 0x00) }, ++ { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d03, 0xff, 0x02, 0x01) }, ++ { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d03, 0xff, 0x00, 0x00) }, + { } /* Terminating entry */ + }; + MODULE_DEVICE_TABLE(usb, option_ids); +diff --git a/drivers/usb/storage/cypress_atacb.c b/drivers/usb/storage/cypress_atacb.c +index c844718..7341ce2 100644 +--- a/drivers/usb/storage/cypress_atacb.c ++++ b/drivers/usb/storage/cypress_atacb.c +@@ -248,14 +248,26 @@ static int cypress_probe(struct usb_interface *intf, + { + struct us_data *us; + int result; ++ struct usb_device *device; + + result = usb_stor_probe1(&us, intf, id, + (id - cypress_usb_ids) + cypress_unusual_dev_list); + if (result) + return result; + +- us->protocol_name = "Transparent SCSI with Cypress ATACB"; +- us->proto_handler = cypress_atacb_passthrough; ++ /* Among CY7C68300 chips, the A revision does not support Cypress ATACB ++ * Filter out this revision from EEPROM default descriptor values ++ */ ++ device = interface_to_usbdev(intf); ++ if (device->descriptor.iManufacturer != 0x38 || ++ device->descriptor.iProduct != 0x4e || ++ device->descriptor.iSerialNumber != 0x64) { ++ us->protocol_name = "Transparent SCSI with Cypress ATACB"; ++ us->proto_handler = cypress_atacb_passthrough; ++ } else { ++ us->protocol_name = "Transparent SCSI"; ++ us->proto_handler = usb_stor_transparent_scsi_command; ++ } + + result = usb_stor_probe2(us); + return result; +diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c +index 7a36dff..6b4fb5c 100644 +--- a/drivers/video/console/fbcon.c ++++ b/drivers/video/console/fbcon.c +@@ -1229,6 +1229,8 @@ static void fbcon_deinit(struct vc_data *vc) + finished: + + fbcon_free_font(p, free_font); ++ if (free_font) ++ vc->vc_font.data = NULL; + + if (!con_is_bound(&fb_con)) + fbcon_exit(); +diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c +index babbb07..0a22808 100644 +--- a/drivers/video/fbmem.c ++++ b/drivers/video/fbmem.c +@@ -1350,15 +1350,12 @@ fb_mmap(struct file *file, struct vm_area_struct * vma) + { + struct fb_info *info = file_fb_info(file); + struct fb_ops *fb; +- unsigned long off; ++ unsigned long mmio_pgoff; + unsigned long start; + u32 len; + + if (!info) + return -ENODEV; +- if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT)) +- return -EINVAL; +- off = vma->vm_pgoff << PAGE_SHIFT; + fb = info->fbops; + if (!fb) + return -ENODEV; +@@ -1370,33 +1367,24 @@ fb_mmap(struct file *file, struct vm_area_struct * vma) + return res; + } + +- /* frame buffer memory */ ++ /* ++ * Ugh. This can be either the frame buffer mapping, or ++ * if pgoff points past it, the mmio mapping. ++ */ + start = info->fix.smem_start; +- len = PAGE_ALIGN((start & ~PAGE_MASK) + info->fix.smem_len); +- if (off >= len) { +- /* memory mapped io */ +- off -= len; +- if (info->var.accel_flags) { +- mutex_unlock(&info->mm_lock); +- return -EINVAL; +- } ++ len = info->fix.smem_len; ++ mmio_pgoff = PAGE_ALIGN((start & ~PAGE_MASK) + len) >> PAGE_SHIFT; ++ if (vma->vm_pgoff >= mmio_pgoff) { ++ vma->vm_pgoff -= mmio_pgoff; + start = info->fix.mmio_start; +- len = PAGE_ALIGN((start & ~PAGE_MASK) + info->fix.mmio_len); ++ len = info->fix.mmio_len; + } + mutex_unlock(&info->mm_lock); +- start &= PAGE_MASK; +- if ((vma->vm_end - vma->vm_start + off) > len) +- return -EINVAL; +- off += start; +- vma->vm_pgoff = off >> PAGE_SHIFT; +- /* This is an IO map - tell maydump to skip this VMA */ +- vma->vm_flags |= VM_IO | VM_RESERVED; ++ + vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); +- fb_pgprotect(file, vma, off); +- if (io_remap_pfn_range(vma, vma->vm_start, off >> PAGE_SHIFT, +- vma->vm_end - vma->vm_start, vma->vm_page_prot)) +- return -EAGAIN; +- return 0; ++ fb_pgprotect(file, vma, start); ++ ++ return vm_iomap_memory(vma, start, len); + } + + static int +diff --git a/fs/aio.c b/fs/aio.c +index 3b65ee7..8cdd8ea 100644 +--- a/fs/aio.c ++++ b/fs/aio.c +@@ -1112,9 +1112,9 @@ static int aio_read_evt(struct kioctx *ioctx, struct io_event *ent) + spin_unlock(&info->ring_lock); + + out: +- kunmap_atomic(ring, KM_USER0); + dprintk("leaving aio_read_evt: %d h%lu t%lu\n", ret, + (unsigned long)ring->head, (unsigned long)ring->tail); ++ kunmap_atomic(ring, KM_USER0); + return ret; + } + +diff --git a/fs/dcache.c b/fs/dcache.c +index e923bf4..d322929 100644 +--- a/fs/dcache.c ++++ b/fs/dcache.c +@@ -1176,8 +1176,10 @@ void shrink_dcache_parent(struct dentry * parent) + LIST_HEAD(dispose); + int found; + +- while ((found = select_parent(parent, &dispose)) != 0) ++ while ((found = select_parent(parent, &dispose)) != 0) { + shrink_dentry_list(&dispose); ++ cond_resched(); ++ } + } + EXPORT_SYMBOL(shrink_dcache_parent); + +diff --git a/fs/ext4/Kconfig b/fs/ext4/Kconfig +index 9ed1bb1..5459168 100644 +--- a/fs/ext4/Kconfig ++++ b/fs/ext4/Kconfig +@@ -82,4 +82,5 @@ config EXT4_DEBUG + Enables run-time debugging support for the ext4 filesystem. + + If you select Y here, then you will be able to turn on debugging +- with a command such as "echo 1 > /sys/kernel/debug/ext4/mballoc-debug" ++ with a command such as: ++ echo 1 > /sys/module/ext4/parameters/mballoc_debug +diff --git a/fs/ext4/fsync.c b/fs/ext4/fsync.c +index bb6c7d8..a8d03a4 100644 +--- a/fs/ext4/fsync.c ++++ b/fs/ext4/fsync.c +@@ -260,8 +260,7 @@ int ext4_sync_file(struct file *file, loff_t start, loff_t end, int datasync) + if (journal->j_flags & JBD2_BARRIER && + !jbd2_trans_will_send_data_barrier(journal, commit_tid)) + needs_barrier = true; +- jbd2_log_start_commit(journal, commit_tid); +- ret = jbd2_log_wait_commit(journal, commit_tid); ++ ret = jbd2_complete_transaction(journal, commit_tid); + if (needs_barrier) + blkdev_issue_flush(inode->i_sb->s_bdev, GFP_KERNEL, NULL); + out: +diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c +index 3270ffd..025b4b6 100644 +--- a/fs/ext4/inode.c ++++ b/fs/ext4/inode.c +@@ -147,8 +147,7 @@ void ext4_evict_inode(struct inode *inode) + journal_t *journal = EXT4_SB(inode->i_sb)->s_journal; + tid_t commit_tid = EXT4_I(inode)->i_datasync_tid; + +- jbd2_log_start_commit(journal, commit_tid); +- jbd2_log_wait_commit(journal, commit_tid); ++ jbd2_complete_transaction(journal, commit_tid); + filemap_write_and_wait(&inode->i_data); + } + truncate_inode_pages(&inode->i_data, 0); +diff --git a/fs/fscache/stats.c b/fs/fscache/stats.c +index 4765190..73c0bd7 100644 +--- a/fs/fscache/stats.c ++++ b/fs/fscache/stats.c +@@ -276,5 +276,5 @@ const struct file_operations fscache_stats_fops = { + .open = fscache_stats_open, + .read = seq_read, + .llseek = seq_lseek, +- .release = seq_release, ++ .release = single_release, + }; +diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c +index d751f04..ab9463a 100644 +--- a/fs/jbd2/commit.c ++++ b/fs/jbd2/commit.c +@@ -326,7 +326,7 @@ void jbd2_journal_commit_transaction(journal_t *journal) + int space_left = 0; + int first_tag = 0; + int tag_flag; +- int i, to_free = 0; ++ int i; + int tag_bytes = journal_tag_bytes(journal); + struct buffer_head *cbh = NULL; /* For transactional checksums */ + __u32 crc32_sum = ~0; +@@ -996,7 +996,7 @@ restart_loop: + journal->j_stats.run.rs_blocks_logged += stats.run.rs_blocks_logged; + spin_unlock(&journal->j_history_lock); + +- commit_transaction->t_state = T_FINISHED; ++ commit_transaction->t_state = T_COMMIT_CALLBACK; + J_ASSERT(commit_transaction == journal->j_committing_transaction); + journal->j_commit_sequence = commit_transaction->t_tid; + journal->j_committing_transaction = NULL; +@@ -1011,38 +1011,44 @@ restart_loop: + journal->j_average_commit_time*3) / 4; + else + journal->j_average_commit_time = commit_time; ++ + write_unlock(&journal->j_state_lock); + +- if (commit_transaction->t_checkpoint_list == NULL && +- commit_transaction->t_checkpoint_io_list == NULL) { +- __jbd2_journal_drop_transaction(journal, commit_transaction); +- to_free = 1; ++ if (journal->j_checkpoint_transactions == NULL) { ++ journal->j_checkpoint_transactions = commit_transaction; ++ commit_transaction->t_cpnext = commit_transaction; ++ commit_transaction->t_cpprev = commit_transaction; + } else { +- if (journal->j_checkpoint_transactions == NULL) { +- journal->j_checkpoint_transactions = commit_transaction; +- commit_transaction->t_cpnext = commit_transaction; +- commit_transaction->t_cpprev = commit_transaction; +- } else { +- commit_transaction->t_cpnext = +- journal->j_checkpoint_transactions; +- commit_transaction->t_cpprev = +- commit_transaction->t_cpnext->t_cpprev; +- commit_transaction->t_cpnext->t_cpprev = +- commit_transaction; +- commit_transaction->t_cpprev->t_cpnext = ++ commit_transaction->t_cpnext = ++ journal->j_checkpoint_transactions; ++ commit_transaction->t_cpprev = ++ commit_transaction->t_cpnext->t_cpprev; ++ commit_transaction->t_cpnext->t_cpprev = ++ commit_transaction; ++ commit_transaction->t_cpprev->t_cpnext = + commit_transaction; +- } + } + spin_unlock(&journal->j_list_lock); +- ++ /* Drop all spin_locks because commit_callback may be block. ++ * __journal_remove_checkpoint() can not destroy transaction ++ * under us because it is not marked as T_FINISHED yet */ + if (journal->j_commit_callback) + journal->j_commit_callback(journal, commit_transaction); + + trace_jbd2_end_commit(journal, commit_transaction); + jbd_debug(1, "JBD2: commit %d complete, head %d\n", + journal->j_commit_sequence, journal->j_tail_sequence); +- if (to_free) +- kfree(commit_transaction); + ++ write_lock(&journal->j_state_lock); ++ spin_lock(&journal->j_list_lock); ++ commit_transaction->t_state = T_FINISHED; ++ /* Recheck checkpoint lists after j_list_lock was dropped */ ++ if (commit_transaction->t_checkpoint_list == NULL && ++ commit_transaction->t_checkpoint_io_list == NULL) { ++ __jbd2_journal_drop_transaction(journal, commit_transaction); ++ kfree(commit_transaction); ++ } ++ spin_unlock(&journal->j_list_lock); ++ write_unlock(&journal->j_state_lock); + wake_up(&journal->j_wait_done_commit); + } +diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c +index 0fa0123..17b04fc 100644 +--- a/fs/jbd2/journal.c ++++ b/fs/jbd2/journal.c +@@ -663,6 +663,37 @@ int jbd2_log_wait_commit(journal_t *journal, tid_t tid) + } + + /* ++ * When this function returns the transaction corresponding to tid ++ * will be completed. If the transaction has currently running, start ++ * committing that transaction before waiting for it to complete. If ++ * the transaction id is stale, it is by definition already completed, ++ * so just return SUCCESS. ++ */ ++int jbd2_complete_transaction(journal_t *journal, tid_t tid) ++{ ++ int need_to_wait = 1; ++ ++ read_lock(&journal->j_state_lock); ++ if (journal->j_running_transaction && ++ journal->j_running_transaction->t_tid == tid) { ++ if (journal->j_commit_request != tid) { ++ /* transaction not yet started, so request it */ ++ read_unlock(&journal->j_state_lock); ++ jbd2_log_start_commit(journal, tid); ++ goto wait_commit; ++ } ++ } else if (!(journal->j_committing_transaction && ++ journal->j_committing_transaction->t_tid == tid)) ++ need_to_wait = 0; ++ read_unlock(&journal->j_state_lock); ++ if (!need_to_wait) ++ return 0; ++wait_commit: ++ return jbd2_log_wait_commit(journal, tid); ++} ++EXPORT_SYMBOL(jbd2_complete_transaction); ++ ++/* + * Log buffer allocation routines: + */ + +diff --git a/fs/lockd/clntlock.c b/fs/lockd/clntlock.c +index 8d4ea83..de88922 100644 +--- a/fs/lockd/clntlock.c ++++ b/fs/lockd/clntlock.c +@@ -141,6 +141,9 @@ int nlmclnt_block(struct nlm_wait *block, struct nlm_rqst *req, long timeout) + timeout); + if (ret < 0) + return -ERESTARTSYS; ++ /* Reset the lock status after a server reboot so we resend */ ++ if (block->b_status == nlm_lck_denied_grace_period) ++ block->b_status = nlm_lck_blocked; + req->a_res.status = block->b_status; + return 0; + } +diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c +index a3a0987..8392cb8 100644 +--- a/fs/lockd/clntproc.c ++++ b/fs/lockd/clntproc.c +@@ -551,9 +551,6 @@ again: + status = nlmclnt_block(block, req, NLMCLNT_POLL_TIMEOUT); + if (status < 0) + break; +- /* Resend the blocking lock request after a server reboot */ +- if (resp->status == nlm_lck_denied_grace_period) +- continue; + if (resp->status != nlm_lck_blocked) + break; + } +diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c +index fe5c5fb..08921b8 100644 +--- a/fs/nfsd/nfs4proc.c ++++ b/fs/nfsd/nfs4proc.c +@@ -880,14 +880,14 @@ nfsd4_write(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, + + nfs4_lock_state(); + status = nfs4_preprocess_stateid_op(cstate, stateid, WR_STATE, &filp); +- if (filp) +- get_file(filp); +- nfs4_unlock_state(); +- + if (status) { ++ nfs4_unlock_state(); + dprintk("NFSD: nfsd4_write: couldn't process stateid!\n"); + return status; + } ++ if (filp) ++ get_file(filp); ++ nfs4_unlock_state(); + + cnt = write->wr_buflen; + write->wr_how_written = write->wr_stable_how; +diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c +index 7d189dc..4cef99f 100644 +--- a/fs/nfsd/nfs4state.c ++++ b/fs/nfsd/nfs4state.c +@@ -188,13 +188,7 @@ static void __nfs4_file_put_access(struct nfs4_file *fp, int oflag) + { + if (atomic_dec_and_test(&fp->fi_access[oflag])) { + nfs4_file_put_fd(fp, oflag); +- /* +- * It's also safe to get rid of the RDWR open *if* +- * we no longer have need of the other kind of access +- * or if we already have the other kind of open: +- */ +- if (fp->fi_fds[1-oflag] +- || atomic_read(&fp->fi_access[1 - oflag]) == 0) ++ if (atomic_read(&fp->fi_access[1 - oflag]) == 0) + nfs4_file_put_fd(fp, O_RDWR); + } + } +diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c +index 24afa96..ade5316 100644 +--- a/fs/nfsd/nfs4xdr.c ++++ b/fs/nfsd/nfs4xdr.c +@@ -360,10 +360,7 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval, + all 32 bits of 'nseconds'. */ + READ_BUF(12); + len += 12; +- READ32(dummy32); +- if (dummy32) +- return nfserr_inval; +- READ32(iattr->ia_atime.tv_sec); ++ READ64(iattr->ia_atime.tv_sec); + READ32(iattr->ia_atime.tv_nsec); + if (iattr->ia_atime.tv_nsec >= (u32)1000000000) + return nfserr_inval; +@@ -386,10 +383,7 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval, + all 32 bits of 'nseconds'. */ + READ_BUF(12); + len += 12; +- READ32(dummy32); +- if (dummy32) +- return nfserr_inval; +- READ32(iattr->ia_mtime.tv_sec); ++ READ64(iattr->ia_mtime.tv_sec); + READ32(iattr->ia_mtime.tv_nsec); + if (iattr->ia_mtime.tv_nsec >= (u32)1000000000) + return nfserr_inval; +@@ -2374,8 +2368,7 @@ out_acl: + if (bmval1 & FATTR4_WORD1_TIME_ACCESS) { + if ((buflen -= 12) < 0) + goto out_resource; +- WRITE32(0); +- WRITE32(stat.atime.tv_sec); ++ WRITE64((s64)stat.atime.tv_sec); + WRITE32(stat.atime.tv_nsec); + } + if (bmval1 & FATTR4_WORD1_TIME_DELTA) { +@@ -2388,15 +2381,13 @@ out_acl: + if (bmval1 & FATTR4_WORD1_TIME_METADATA) { + if ((buflen -= 12) < 0) + goto out_resource; +- WRITE32(0); +- WRITE32(stat.ctime.tv_sec); ++ WRITE64((s64)stat.ctime.tv_sec); + WRITE32(stat.ctime.tv_nsec); + } + if (bmval1 & FATTR4_WORD1_TIME_MODIFY) { + if ((buflen -= 12) < 0) + goto out_resource; +- WRITE32(0); +- WRITE32(stat.mtime.tv_sec); ++ WRITE64((s64)stat.mtime.tv_sec); + WRITE32(stat.mtime.tv_nsec); + } + if (bmval1 & FATTR4_WORD1_MOUNTED_ON_FILEID) { +diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c +index 6f292dd..f255d37 100644 +--- a/fs/notify/inotify/inotify_user.c ++++ b/fs/notify/inotify/inotify_user.c +@@ -577,7 +577,6 @@ static int inotify_update_existing_watch(struct fsnotify_group *group, + int add = (arg & IN_MASK_ADD); + int ret; + +- /* don't allow invalid bits: we don't want flags set */ + mask = inotify_arg_to_mask(arg); + + fsn_mark = fsnotify_find_inode_mark(group, inode); +@@ -628,7 +627,6 @@ static int inotify_new_watch(struct fsnotify_group *group, + struct idr *idr = &group->inotify_data.idr; + spinlock_t *idr_lock = &group->inotify_data.idr_lock; + +- /* don't allow invalid bits: we don't want flags set */ + mask = inotify_arg_to_mask(arg); + + tmp_i_mark = kmem_cache_alloc(inotify_inode_mark_cachep, GFP_KERNEL); +@@ -757,6 +755,10 @@ SYSCALL_DEFINE3(inotify_add_watch, int, fd, const char __user *, pathname, + int ret, fput_needed; + unsigned flags = 0; + ++ /* don't allow invalid bits: we don't want flags set */ ++ if (unlikely(!(mask & ALL_INOTIFY_BITS))) ++ return -EINVAL; ++ + filp = fget_light(fd, &fput_needed); + if (unlikely(!filp)) + return -EBADF; +diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c +index 3899e24..e756bc4 100644 +--- a/fs/sysfs/dir.c ++++ b/fs/sysfs/dir.c +@@ -977,6 +977,7 @@ static int sysfs_readdir(struct file * filp, void * dirent, filldir_t filldir) + enum kobj_ns_type type; + const void *ns; + ino_t ino; ++ loff_t off; + + type = sysfs_ns_type(parent_sd); + ns = sysfs_info(dentry->d_sb)->ns[type]; +@@ -999,6 +1000,7 @@ static int sysfs_readdir(struct file * filp, void * dirent, filldir_t filldir) + return 0; + } + mutex_lock(&sysfs_mutex); ++ off = filp->f_pos; + for (pos = sysfs_dir_pos(ns, parent_sd, filp->f_pos, pos); + pos; + pos = sysfs_dir_next_pos(ns, parent_sd, filp->f_pos, pos)) { +@@ -1010,19 +1012,24 @@ static int sysfs_readdir(struct file * filp, void * dirent, filldir_t filldir) + len = strlen(name); + ino = pos->s_ino; + type = dt_type(pos); +- filp->f_pos = ino; ++ off = filp->f_pos = ino; + filp->private_data = sysfs_get(pos); + + mutex_unlock(&sysfs_mutex); +- ret = filldir(dirent, name, len, filp->f_pos, ino, type); ++ ret = filldir(dirent, name, len, off, ino, type); + mutex_lock(&sysfs_mutex); + if (ret < 0) + break; + } + mutex_unlock(&sysfs_mutex); +- if ((filp->f_pos > 1) && !pos) { /* EOF */ +- filp->f_pos = INT_MAX; ++ ++ /* don't reference last entry if its refcount is dropped */ ++ if (!pos) { + filp->private_data = NULL; ++ ++ /* EOF and not changed as 0 or 1 in read/write path */ ++ if (off == filp->f_pos && off > 1) ++ filp->f_pos = INT_MAX; + } + return 0; + } +diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h +index 8a297a5..497c6cc 100644 +--- a/include/linux/ipc_namespace.h ++++ b/include/linux/ipc_namespace.h +@@ -42,8 +42,8 @@ struct ipc_namespace { + + size_t shm_ctlmax; + size_t shm_ctlall; ++ unsigned long shm_tot; + int shm_ctlmni; +- int shm_tot; + /* + * Defines whether IPC_RMID is forced for _all_ shm segments regardless + * of shmctl() +diff --git a/include/linux/jbd2.h b/include/linux/jbd2.h +index 2092ea2..a153ed5 100644 +--- a/include/linux/jbd2.h ++++ b/include/linux/jbd2.h +@@ -470,6 +470,7 @@ struct transaction_s + T_COMMIT, + T_COMMIT_DFLUSH, + T_COMMIT_JFLUSH, ++ T_COMMIT_CALLBACK, + T_FINISHED + } t_state; + +@@ -1165,6 +1166,7 @@ int __jbd2_log_start_commit(journal_t *journal, tid_t tid); + int jbd2_journal_start_commit(journal_t *journal, tid_t *tid); + int jbd2_journal_force_commit_nested(journal_t *journal); + int jbd2_log_wait_commit(journal_t *journal, tid_t tid); ++int jbd2_complete_transaction(journal_t *journal, tid_t tid); + int jbd2_log_do_checkpoint(journal_t *journal); + int jbd2_trans_will_send_data_barrier(journal_t *journal, tid_t tid); + +diff --git a/include/linux/mm.h b/include/linux/mm.h +index 4baadd1..d0493f6 100644 +--- a/include/linux/mm.h ++++ b/include/linux/mm.h +@@ -1509,6 +1509,8 @@ int vm_insert_pfn(struct vm_area_struct *vma, unsigned long addr, + unsigned long pfn); + int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, + unsigned long pfn); ++int vm_iomap_memory(struct vm_area_struct *vma, phys_addr_t start, unsigned long len); ++ + + struct page *follow_page(struct vm_area_struct *, unsigned long address, + unsigned int foll_flags); +diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h +index 00ca32b..8c43fd1 100644 +--- a/include/linux/netdevice.h ++++ b/include/linux/netdevice.h +@@ -225,9 +225,9 @@ struct netdev_hw_addr { + #define NETDEV_HW_ADDR_T_SLAVE 3 + #define NETDEV_HW_ADDR_T_UNICAST 4 + #define NETDEV_HW_ADDR_T_MULTICAST 5 +- bool synced; + bool global_use; + int refcount; ++ int synced; + struct rcu_head rcu_head; + }; + +diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h +index da65890..efe50af 100644 +--- a/include/linux/skbuff.h ++++ b/include/linux/skbuff.h +@@ -2367,6 +2367,13 @@ static inline void nf_reset(struct sk_buff *skb) + #endif + } + ++static inline void nf_reset_trace(struct sk_buff *skb) ++{ ++#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) ++ skb->nf_trace = 0; ++#endif ++} ++ + /* Note: This doesn't put any conntrack and bridge info in dst. */ + static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src) + { +diff --git a/ipc/shm.c b/ipc/shm.c +index b76be5b..326a20b 100644 +--- a/ipc/shm.c ++++ b/ipc/shm.c +@@ -450,7 +450,7 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) + size_t size = params->u.size; + int error; + struct shmid_kernel *shp; +- int numpages = (size + PAGE_SIZE -1) >> PAGE_SHIFT; ++ size_t numpages = (size + PAGE_SIZE - 1) >> PAGE_SHIFT; + struct file * file; + char name[13]; + int id; +diff --git a/kernel/audit_tree.c b/kernel/audit_tree.c +index 31fdc48..0caf1f8 100644 +--- a/kernel/audit_tree.c ++++ b/kernel/audit_tree.c +@@ -608,9 +608,9 @@ void audit_trim_trees(void) + } + spin_unlock(&hash_lock); + trim_marked(tree); +- put_tree(tree); + drop_collected_mounts(root_mnt); + skip_it: ++ put_tree(tree); + mutex_lock(&audit_filter_mutex); + } + list_del(&cursor); +diff --git a/kernel/cgroup.c b/kernel/cgroup.c +index c0739f8..d2a01fe 100644 +--- a/kernel/cgroup.c ++++ b/kernel/cgroup.c +@@ -2029,7 +2029,7 @@ int cgroup_attach_proc(struct cgroup *cgrp, struct task_struct *leader) + if (!group) + return -ENOMEM; + /* pre-allocate to guarantee space while iterating in rcu read-side. */ +- retval = flex_array_prealloc(group, 0, group_size - 1, GFP_KERNEL); ++ retval = flex_array_prealloc(group, 0, group_size, GFP_KERNEL); + if (retval) + goto out_free_group_list; + +diff --git a/kernel/events/core.c b/kernel/events/core.c +index 7d1f05e..9f21915 100644 +--- a/kernel/events/core.c ++++ b/kernel/events/core.c +@@ -5164,7 +5164,7 @@ static void sw_perf_event_destroy(struct perf_event *event) + + static int perf_swevent_init(struct perf_event *event) + { +- int event_id = event->attr.config; ++ u64 event_id = event->attr.config; + + if (event->attr.type != PERF_TYPE_SOFTWARE) + return -ENOENT; +@@ -5756,6 +5756,7 @@ skip_type: + if (pmu->pmu_cpu_context) + goto got_cpu_context; + ++ ret = -ENOMEM; + pmu->pmu_cpu_context = alloc_percpu(struct perf_cpu_context); + if (!pmu->pmu_cpu_context) + goto free_dev; +diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c +index e4cee8d..60f7e32 100644 +--- a/kernel/hrtimer.c ++++ b/kernel/hrtimer.c +@@ -298,6 +298,10 @@ ktime_t ktime_sub_ns(const ktime_t kt, u64 nsec) + } else { + unsigned long rem = do_div(nsec, NSEC_PER_SEC); + ++ /* Make sure nsec fits into long */ ++ if (unlikely(nsec > KTIME_SEC_MAX)) ++ return (ktime_t){ .tv64 = KTIME_MAX }; ++ + tmp = ktime_set((long)nsec, rem); + } + +@@ -1308,6 +1312,8 @@ retry: + + expires = ktime_sub(hrtimer_get_expires(timer), + base->offset); ++ if (expires.tv64 < 0) ++ expires.tv64 = KTIME_MAX; + if (expires.tv64 < expires_next.tv64) + expires_next = expires; + break; +diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c +index cd068b2..c3509fb 100644 +--- a/kernel/time/tick-broadcast.c ++++ b/kernel/time/tick-broadcast.c +@@ -66,6 +66,8 @@ static void tick_broadcast_start_periodic(struct clock_event_device *bc) + */ + int tick_check_broadcast_device(struct clock_event_device *dev) + { ++ struct clock_event_device *cur = tick_broadcast_device.evtdev; ++ + if ((dev->features & CLOCK_EVT_FEAT_DUMMY) || + (tick_broadcast_device.evtdev && + tick_broadcast_device.evtdev->rating >= dev->rating) || +@@ -73,6 +75,8 @@ int tick_check_broadcast_device(struct clock_event_device *dev) + return 0; + + clockevents_exchange_device(tick_broadcast_device.evtdev, dev); ++ if (cur) ++ cur->event_handler = clockevents_handle_noop; + tick_broadcast_device.evtdev = dev; + if (!cpumask_empty(tick_get_broadcast_mask())) + tick_broadcast_start_periodic(dev); +diff --git a/kernel/time/tick-common.c b/kernel/time/tick-common.c +index da6c9ec..ead79bc 100644 +--- a/kernel/time/tick-common.c ++++ b/kernel/time/tick-common.c +@@ -323,6 +323,7 @@ static void tick_shutdown(unsigned int *cpup) + */ + dev->mode = CLOCK_EVT_MODE_UNUSED; + clockevents_exchange_device(dev, NULL); ++ dev->event_handler = clockevents_handle_noop; + td->evtdev = NULL; + } + raw_spin_unlock_irqrestore(&tick_device_lock, flags); +diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c +index 5527211..24b3759 100644 +--- a/kernel/trace/ftrace.c ++++ b/kernel/trace/ftrace.c +@@ -554,7 +554,7 @@ int ftrace_profile_pages_init(struct ftrace_profile_stat *stat) + + pages = DIV_ROUND_UP(functions, PROFILES_PER_PAGE); + +- for (i = 0; i < pages; i++) { ++ for (i = 1; i < pages; i++) { + pg->next = (void *)get_zeroed_page(GFP_KERNEL); + if (!pg->next) + goto out_free; +@@ -3303,7 +3303,8 @@ out: + if (fail) + return -EINVAL; + +- ftrace_graph_filter_enabled = 1; ++ ftrace_graph_filter_enabled = !!(*idx); ++ + return 0; + } + +diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c +index 17edb14..0ec6c34 100644 +--- a/kernel/trace/trace.c ++++ b/kernel/trace/trace.c +@@ -4563,6 +4563,8 @@ static __init int tracer_init_debugfs(void) + trace_access_lock_init(); + + d_tracer = tracing_init_dentry(); ++ if (!d_tracer) ++ return 0; + + trace_create_file("tracing_enabled", 0644, d_tracer, + &global_trace, &tracing_ctrl_fops); +@@ -4696,36 +4698,32 @@ void trace_init_global_iter(struct trace_iterator *iter) + iter->cpu_file = TRACE_PIPE_ALL_CPU; + } + +-static void +-__ftrace_dump(bool disable_tracing, enum ftrace_dump_mode oops_dump_mode) ++void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) + { +- static arch_spinlock_t ftrace_dump_lock = +- (arch_spinlock_t)__ARCH_SPIN_LOCK_UNLOCKED; + /* use static because iter can be a bit big for the stack */ + static struct trace_iterator iter; ++ static atomic_t dump_running; + unsigned int old_userobj; +- static int dump_ran; + unsigned long flags; + int cnt = 0, cpu; + +- /* only one dump */ +- local_irq_save(flags); +- arch_spin_lock(&ftrace_dump_lock); +- if (dump_ran) +- goto out; +- +- dump_ran = 1; ++ /* Only allow one dump user at a time. */ ++ if (atomic_inc_return(&dump_running) != 1) { ++ atomic_dec(&dump_running); ++ return; ++ } + ++ /* ++ * Always turn off tracing when we dump. ++ * We don't need to show trace output of what happens ++ * between multiple crashes. ++ * ++ * If the user does a sysrq-z, then they can re-enable ++ * tracing with echo 1 > tracing_on. ++ */ + tracing_off(); + +- /* Did function tracer already get disabled? */ +- if (ftrace_is_dead()) { +- printk("# WARNING: FUNCTION TRACING IS CORRUPTED\n"); +- printk("# MAY BE MISSING FUNCTION EVENTS\n"); +- } +- +- if (disable_tracing) +- ftrace_kill(); ++ local_irq_save(flags); + + trace_init_global_iter(&iter); + +@@ -4758,6 +4756,12 @@ __ftrace_dump(bool disable_tracing, enum ftrace_dump_mode oops_dump_mode) + + printk(KERN_TRACE "Dumping ftrace buffer:\n"); + ++ /* Did function tracer already get disabled? */ ++ if (ftrace_is_dead()) { ++ printk("# WARNING: FUNCTION TRACING IS CORRUPTED\n"); ++ printk("# MAY BE MISSING FUNCTION EVENTS\n"); ++ } ++ + /* + * We need to stop all tracing on all CPUS to read the + * the next buffer. This is a bit expensive, but is +@@ -4796,26 +4800,15 @@ __ftrace_dump(bool disable_tracing, enum ftrace_dump_mode oops_dump_mode) + printk(KERN_TRACE "---------------------------------\n"); + + out_enable: +- /* Re-enable tracing if requested */ +- if (!disable_tracing) { +- trace_flags |= old_userobj; ++ trace_flags |= old_userobj; + +- for_each_tracing_cpu(cpu) { +- atomic_dec(&iter.tr->data[cpu]->disabled); +- } +- tracing_on(); ++ for_each_tracing_cpu(cpu) { ++ atomic_dec(&iter.tr->data[cpu]->disabled); + } +- +- out: +- arch_spin_unlock(&ftrace_dump_lock); ++ atomic_dec(&dump_running); + local_irq_restore(flags); + } +- +-/* By default: disable tracing after the dump */ +-void ftrace_dump(enum ftrace_dump_mode oops_dump_mode) +-{ +- __ftrace_dump(true, oops_dump_mode); +-} ++EXPORT_SYMBOL_GPL(ftrace_dump); + + __init static int tracer_alloc_buffers(void) + { +diff --git a/kernel/trace/trace_selftest.c b/kernel/trace/trace_selftest.c +index 288541f..09fd98a 100644 +--- a/kernel/trace/trace_selftest.c ++++ b/kernel/trace/trace_selftest.c +@@ -461,8 +461,6 @@ trace_selftest_startup_function(struct tracer *trace, struct trace_array *tr) + /* Maximum number of functions to trace before diagnosing a hang */ + #define GRAPH_MAX_FUNC_TEST 100000000 + +-static void +-__ftrace_dump(bool disable_tracing, enum ftrace_dump_mode oops_dump_mode); + static unsigned int graph_hang_thresh; + + /* Wrap the real function entry probe to avoid possible hanging */ +@@ -472,8 +470,11 @@ static int trace_graph_entry_watchdog(struct ftrace_graph_ent *trace) + if (unlikely(++graph_hang_thresh > GRAPH_MAX_FUNC_TEST)) { + ftrace_graph_stop(); + printk(KERN_WARNING "BUG: Function graph tracer hang!\n"); +- if (ftrace_dump_on_oops) +- __ftrace_dump(false, DUMP_ALL); ++ if (ftrace_dump_on_oops) { ++ ftrace_dump(DUMP_ALL); ++ /* ftrace_dump() disables tracing */ ++ tracing_on(); ++ } + return 0; + } + +diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c +index 77575b3..c5b20a3 100644 +--- a/kernel/trace/trace_stack.c ++++ b/kernel/trace/trace_stack.c +@@ -17,13 +17,24 @@ + + #define STACK_TRACE_ENTRIES 500 + ++#ifdef CC_USING_FENTRY ++# define fentry 1 ++#else ++# define fentry 0 ++#endif ++ + static unsigned long stack_dump_trace[STACK_TRACE_ENTRIES+1] = + { [0 ... (STACK_TRACE_ENTRIES)] = ULONG_MAX }; + static unsigned stack_dump_index[STACK_TRACE_ENTRIES]; + ++/* ++ * Reserve one entry for the passed in ip. This will allow ++ * us to remove most or all of the stack size overhead ++ * added by the stack tracer itself. ++ */ + static struct stack_trace max_stack_trace = { +- .max_entries = STACK_TRACE_ENTRIES, +- .entries = stack_dump_trace, ++ .max_entries = STACK_TRACE_ENTRIES - 1, ++ .entries = &stack_dump_trace[1], + }; + + static unsigned long max_stack_size; +@@ -37,25 +48,34 @@ static DEFINE_MUTEX(stack_sysctl_mutex); + int stack_tracer_enabled; + static int last_stack_tracer_enabled; + +-static inline void check_stack(void) ++static inline void ++check_stack(unsigned long ip, unsigned long *stack) + { + unsigned long this_size, flags; + unsigned long *p, *top, *start; ++ static int tracer_frame; ++ int frame_size = ACCESS_ONCE(tracer_frame); + int i; + +- this_size = ((unsigned long)&this_size) & (THREAD_SIZE-1); ++ this_size = ((unsigned long)stack) & (THREAD_SIZE-1); + this_size = THREAD_SIZE - this_size; ++ /* Remove the frame of the tracer */ ++ this_size -= frame_size; + + if (this_size <= max_stack_size) + return; + + /* we do not handle interrupt stacks yet */ +- if (!object_is_on_stack(&this_size)) ++ if (!object_is_on_stack(stack)) + return; + + local_irq_save(flags); + arch_spin_lock(&max_stack_lock); + ++ /* In case another CPU set the tracer_frame on us */ ++ if (unlikely(!frame_size)) ++ this_size -= tracer_frame; ++ + /* a race could have already updated it */ + if (this_size <= max_stack_size) + goto out; +@@ -68,10 +88,18 @@ static inline void check_stack(void) + save_stack_trace(&max_stack_trace); + + /* ++ * Add the passed in ip from the function tracer. ++ * Searching for this on the stack will skip over ++ * most of the overhead from the stack tracer itself. ++ */ ++ stack_dump_trace[0] = ip; ++ max_stack_trace.nr_entries++; ++ ++ /* + * Now find where in the stack these are. + */ + i = 0; +- start = &this_size; ++ start = stack; + top = (unsigned long *) + (((unsigned long)start & ~(THREAD_SIZE-1)) + THREAD_SIZE); + +@@ -95,6 +123,18 @@ static inline void check_stack(void) + found = 1; + /* Start the search from here */ + start = p + 1; ++ /* ++ * We do not want to show the overhead ++ * of the stack tracer stack in the ++ * max stack. If we haven't figured ++ * out what that is, then figure it out ++ * now. ++ */ ++ if (unlikely(!tracer_frame) && i == 1) { ++ tracer_frame = (p - stack) * ++ sizeof(unsigned long); ++ max_stack_size -= tracer_frame; ++ } + } + } + +@@ -110,6 +150,7 @@ static inline void check_stack(void) + static void + stack_trace_call(unsigned long ip, unsigned long parent_ip) + { ++ unsigned long stack; + int cpu; + + if (unlikely(!ftrace_enabled || stack_trace_disabled)) +@@ -122,7 +163,26 @@ stack_trace_call(unsigned long ip, unsigned long parent_ip) + if (per_cpu(trace_active, cpu)++ != 0) + goto out; + +- check_stack(); ++ /* ++ * When fentry is used, the traced function does not get ++ * its stack frame set up, and we lose the parent. ++ * The ip is pretty useless because the function tracer ++ * was called before that function set up its stack frame. ++ * In this case, we use the parent ip. ++ * ++ * By adding the return address of either the parent ip ++ * or the current ip we can disregard most of the stack usage ++ * caused by the stack tracer itself. ++ * ++ * The function tracer always reports the address of where the ++ * mcount call was, but the stack will hold the return address. ++ */ ++ if (fentry) ++ ip = parent_ip; ++ else ++ ip += MCOUNT_INSN_SIZE; ++ ++ check_stack(ip, &stack); + + out: + per_cpu(trace_active, cpu)--; +@@ -351,6 +411,8 @@ static __init int stack_trace_init(void) + struct dentry *d_tracer; + + d_tracer = tracing_init_dentry(); ++ if (!d_tracer) ++ return 0; + + trace_create_file("stack_max_size", 0644, d_tracer, + &max_stack_size, &stack_max_size_fops); +diff --git a/kernel/trace/trace_stat.c b/kernel/trace/trace_stat.c +index 96cffb2..847f88a 100644 +--- a/kernel/trace/trace_stat.c ++++ b/kernel/trace/trace_stat.c +@@ -307,6 +307,8 @@ static int tracing_stat_init(void) + struct dentry *d_tracing; + + d_tracing = tracing_init_dentry(); ++ if (!d_tracing) ++ return 0; + + stat_dir = debugfs_create_dir("trace_stat", d_tracing); + if (!stat_dir) +diff --git a/mm/memory.c b/mm/memory.c +index 4f2add1..d5f913b 100644 +--- a/mm/memory.c ++++ b/mm/memory.c +@@ -2309,6 +2309,53 @@ int remap_pfn_range(struct vm_area_struct *vma, unsigned long addr, + } + EXPORT_SYMBOL(remap_pfn_range); + ++/** ++ * vm_iomap_memory - remap memory to userspace ++ * @vma: user vma to map to ++ * @start: start of area ++ * @len: size of area ++ * ++ * This is a simplified io_remap_pfn_range() for common driver use. The ++ * driver just needs to give us the physical memory range to be mapped, ++ * we'll figure out the rest from the vma information. ++ * ++ * NOTE! Some drivers might want to tweak vma->vm_page_prot first to get ++ * whatever write-combining details or similar. ++ */ ++int vm_iomap_memory(struct vm_area_struct *vma, phys_addr_t start, unsigned long len) ++{ ++ unsigned long vm_len, pfn, pages; ++ ++ /* Check that the physical memory area passed in looks valid */ ++ if (start + len < start) ++ return -EINVAL; ++ /* ++ * You *really* shouldn't map things that aren't page-aligned, ++ * but we've historically allowed it because IO memory might ++ * just have smaller alignment. ++ */ ++ len += start & ~PAGE_MASK; ++ pfn = start >> PAGE_SHIFT; ++ pages = (len + ~PAGE_MASK) >> PAGE_SHIFT; ++ if (pfn + pages < pfn) ++ return -EINVAL; ++ ++ /* We start the mapping 'vm_pgoff' pages into the area */ ++ if (vma->vm_pgoff > pages) ++ return -EINVAL; ++ pfn += vma->vm_pgoff; ++ pages -= vma->vm_pgoff; ++ ++ /* Can we fit all of the mapping? */ ++ vm_len = vma->vm_end - vma->vm_start; ++ if (vm_len >> PAGE_SHIFT > pages) ++ return -EINVAL; ++ ++ /* Ok, let it rip */ ++ return io_remap_pfn_range(vma, vma->vm_start, pfn, vm_len, vma->vm_page_prot); ++} ++EXPORT_SYMBOL(vm_iomap_memory); ++ + static int apply_to_pte_range(struct mm_struct *mm, pmd_t *pmd, + unsigned long addr, unsigned long end, + pte_fn_t fn, void *data) +diff --git a/net/atm/common.c b/net/atm/common.c +index 0ca06e8..43b6bfe 100644 +--- a/net/atm/common.c ++++ b/net/atm/common.c +@@ -500,6 +500,8 @@ int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, + struct sk_buff *skb; + int copied, error = -EINVAL; + ++ msg->msg_namelen = 0; ++ + if (sock->state != SS_CONNECTED) + return -ENOTCONN; + if (flags & ~MSG_DONTWAIT) /* only handle MSG_DONTWAIT */ +diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c +index b04a6ef..86ac37f 100644 +--- a/net/ax25/af_ax25.c ++++ b/net/ax25/af_ax25.c +@@ -1641,6 +1641,7 @@ static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock, + ax25_address src; + const unsigned char *mac = skb_mac_header(skb); + ++ memset(sax, 0, sizeof(struct full_sockaddr_ax25)); + ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, + &digi, NULL, NULL); + sax->sax25_family = AF_AX25; +diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c +index 062124c..838f113 100644 +--- a/net/bluetooth/af_bluetooth.c ++++ b/net/bluetooth/af_bluetooth.c +@@ -245,6 +245,8 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, + if (flags & (MSG_OOB)) + return -EOPNOTSUPP; + ++ msg->msg_namelen = 0; ++ + skb = skb_recv_datagram(sk, flags, noblock, &err); + if (!skb) { + if (sk->sk_shutdown & RCV_SHUTDOWN) +@@ -252,8 +254,6 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, + return err; + } + +- msg->msg_namelen = 0; +- + copied = skb->len; + if (len < copied) { + msg->msg_flags |= MSG_TRUNC; +diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c +index 14c4864..82ce164 100644 +--- a/net/bluetooth/rfcomm/sock.c ++++ b/net/bluetooth/rfcomm/sock.c +@@ -627,6 +627,7 @@ static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, + + if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { + rfcomm_dlc_accept(d); ++ msg->msg_namelen = 0; + return 0; + } + +diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c +index a986280..53a8e37 100644 +--- a/net/caif/caif_socket.c ++++ b/net/caif/caif_socket.c +@@ -320,6 +320,8 @@ static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock, + if (m->msg_flags&MSG_OOB) + goto read_error; + ++ m->msg_namelen = 0; ++ + skb = skb_recv_datagram(sk, flags, 0 , &ret); + if (!skb) + goto read_error; +diff --git a/net/core/dev.c b/net/core/dev.c +index 720aea0..8e455b8 100644 +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -1619,6 +1619,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) + skb->mark = 0; + secpath_reset(skb); + nf_reset(skb); ++ nf_reset_trace(skb); + return netif_rx(skb); + } + EXPORT_SYMBOL_GPL(dev_forward_skb); +diff --git a/net/core/dev_addr_lists.c b/net/core/dev_addr_lists.c +index 0387da0..cd09414 100644 +--- a/net/core/dev_addr_lists.c ++++ b/net/core/dev_addr_lists.c +@@ -57,7 +57,7 @@ static int __hw_addr_add_ex(struct netdev_hw_addr_list *list, + ha->type = addr_type; + ha->refcount = 1; + ha->global_use = global; +- ha->synced = false; ++ ha->synced = 0; + list_add_tail_rcu(&ha->list, &list->list); + list->count++; + return 0; +@@ -155,7 +155,7 @@ int __hw_addr_sync(struct netdev_hw_addr_list *to_list, + addr_len, ha->type); + if (err) + break; +- ha->synced = true; ++ ha->synced++; + ha->refcount++; + } else if (ha->refcount == 1) { + __hw_addr_del(to_list, ha->addr, addr_len, ha->type); +@@ -176,7 +176,7 @@ void __hw_addr_unsync(struct netdev_hw_addr_list *to_list, + if (ha->synced) { + __hw_addr_del(to_list, ha->addr, + addr_len, ha->type); +- ha->synced = false; ++ ha->synced--; + __hw_addr_del(from_list, ha->addr, + addr_len, ha->type); + } +diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c +index 3b5e680..5b7d5f2 100644 +--- a/net/core/rtnetlink.c ++++ b/net/core/rtnetlink.c +@@ -1064,7 +1064,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) + rcu_read_lock(); + cb->seq = net->dev_base_seq; + +- if (nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, ++ if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX, + ifla_policy) >= 0) { + + if (tb[IFLA_EXT_MASK]) +@@ -1907,7 +1907,7 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh) + u32 ext_filter_mask = 0; + u16 min_ifinfo_dump_size = 0; + +- if (nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, ++ if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX, + ifla_policy) >= 0) { + if (tb[IFLA_EXT_MASK]) + ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]); +diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c +index 530787b..238fc3b 100644 +--- a/net/ipv4/esp4.c ++++ b/net/ipv4/esp4.c +@@ -137,8 +137,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) + + /* skb is pure payload to encrypt */ + +- err = -ENOMEM; +- + esp = x->data; + aead = esp->aead; + alen = crypto_aead_authsize(aead); +@@ -174,8 +172,10 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) + } + + tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen); +- if (!tmp) ++ if (!tmp) { ++ err = -ENOMEM; + goto error; ++ } + + seqhi = esp_tmp_seqhi(tmp); + iv = esp_tmp_iv(aead, tmp, seqhilen); +diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c +index b2cfe83..8f441b2 100644 +--- a/net/ipv4/ip_fragment.c ++++ b/net/ipv4/ip_fragment.c +@@ -251,8 +251,7 @@ static void ip_expire(unsigned long arg) + if (!head->dev) + goto out_rcu_unlock; + +- /* skb dst is stale, drop it, and perform route lookup again */ +- skb_dst_drop(head); ++ /* skb has no dst, perform route lookup again */ + iph = ip_hdr(head); + err = ip_route_input_noref(head, iph->daddr, iph->saddr, + iph->tos, head->dev); +@@ -518,8 +517,16 @@ found: + qp->q.last_in |= INET_FRAG_FIRST_IN; + + if (qp->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) && +- qp->q.meat == qp->q.len) +- return ip_frag_reasm(qp, prev, dev); ++ qp->q.meat == qp->q.len) { ++ unsigned long orefdst = skb->_skb_refdst; ++ ++ skb->_skb_refdst = 0UL; ++ err = ip_frag_reasm(qp, prev, dev); ++ skb->_skb_refdst = orefdst; ++ return err; ++ } ++ ++ skb_dst_drop(skb); + + write_lock(&ip4_frags.lock); + list_move_tail(&qp->q.lru_list, &qp->q.net->lru_list); +diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c +index 769c0e9..8a1bed2 100644 +--- a/net/ipv4/syncookies.c ++++ b/net/ipv4/syncookies.c +@@ -347,8 +347,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, + * hasn't changed since we received the original syn, but I see + * no easy way to do this. + */ +- flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), +- RT_SCOPE_UNIVERSE, IPPROTO_TCP, ++ flowi4_init_output(&fl4, sk->sk_bound_dev_if, sk->sk_mark, ++ RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP, + inet_sk_flowi_flags(sk), + (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, + ireq->loc_addr, th->source, th->dest); +diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c +index 3124e17..872b41d 100644 +--- a/net/ipv4/tcp_input.c ++++ b/net/ipv4/tcp_input.c +@@ -115,6 +115,7 @@ int sysctl_tcp_abc __read_mostly; + #define FLAG_DSACKING_ACK 0x800 /* SACK blocks contained D-SACK info */ + #define FLAG_NONHEAD_RETRANS_ACKED 0x1000 /* Non-head rexmitted data was ACKed */ + #define FLAG_SACK_RENEGING 0x2000 /* snd_una advanced to a sacked seq */ ++#define FLAG_UPDATE_TS_RECENT 0x4000 /* tcp_replace_ts_recent() */ + + #define FLAG_ACKED (FLAG_DATA_ACKED|FLAG_SYN_ACKED) + #define FLAG_NOT_DUP (FLAG_DATA|FLAG_WIN_UPDATE|FLAG_ACKED) +@@ -3723,6 +3724,27 @@ static void tcp_send_challenge_ack(struct sock *sk) + } + } + ++static void tcp_store_ts_recent(struct tcp_sock *tp) ++{ ++ tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval; ++ tp->rx_opt.ts_recent_stamp = get_seconds(); ++} ++ ++static void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq) ++{ ++ if (tp->rx_opt.saw_tstamp && !after(seq, tp->rcv_wup)) { ++ /* PAWS bug workaround wrt. ACK frames, the PAWS discard ++ * extra check below makes sure this can only happen ++ * for pure ACK frames. -DaveM ++ * ++ * Not only, also it occurs for expired timestamps. ++ */ ++ ++ if (tcp_paws_check(&tp->rx_opt, 0)) ++ tcp_store_ts_recent(tp); ++ } ++} ++ + /* This routine deals with incoming acks, but not outgoing ones. */ + static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) + { +@@ -3771,6 +3793,12 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) + prior_fackets = tp->fackets_out; + prior_in_flight = tcp_packets_in_flight(tp); + ++ /* ts_recent update must be made after we are sure that the packet ++ * is in window. ++ */ ++ if (flag & FLAG_UPDATE_TS_RECENT) ++ tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq); ++ + if (!(flag & FLAG_SLOWPATH) && after(ack, prior_snd_una)) { + /* Window is constant, pure forward advance. + * No more checks are required. +@@ -4061,27 +4089,6 @@ const u8 *tcp_parse_md5sig_option(const struct tcphdr *th) + EXPORT_SYMBOL(tcp_parse_md5sig_option); + #endif + +-static inline void tcp_store_ts_recent(struct tcp_sock *tp) +-{ +- tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval; +- tp->rx_opt.ts_recent_stamp = get_seconds(); +-} +- +-static inline void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq) +-{ +- if (tp->rx_opt.saw_tstamp && !after(seq, tp->rcv_wup)) { +- /* PAWS bug workaround wrt. ACK frames, the PAWS discard +- * extra check below makes sure this can only happen +- * for pure ACK frames. -DaveM +- * +- * Not only, also it occurs for expired timestamps. +- */ +- +- if (tcp_paws_check(&tp->rx_opt, 0)) +- tcp_store_ts_recent(tp); +- } +-} +- + /* Sorry, PAWS as specified is broken wrt. pure-ACKs -DaveM + * + * It is not fatal. If this ACK does _not_ change critical state (seqs, window) +@@ -5552,14 +5559,10 @@ slow_path: + return 0; + + step5: +- if (th->ack && tcp_ack(sk, skb, FLAG_SLOWPATH) < 0) ++ if (th->ack && ++ tcp_ack(sk, skb, FLAG_SLOWPATH | FLAG_UPDATE_TS_RECENT) < 0) + goto discard; + +- /* ts_recent update must be made after we are sure that the packet +- * is in window. +- */ +- tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq); +- + tcp_rcv_rtt_measure_ts(sk, skb); + + /* Process urgent data. */ +@@ -5923,7 +5926,8 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, + + /* step 5: check the ACK field */ + if (th->ack) { +- int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0; ++ int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH | ++ FLAG_UPDATE_TS_RECENT) > 0; + + switch (sk->sk_state) { + case TCP_SYN_RECV: +@@ -6030,11 +6034,6 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, + } else + goto discard; + +- /* ts_recent update must be made after we are sure that the packet +- * is in window. +- */ +- tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq); +- + /* step 6: check the URG bit */ + tcp_urg(sk, skb, th); + +diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c +index 8589c2d..d84033b 100644 +--- a/net/ipv6/addrconf.c ++++ b/net/ipv6/addrconf.c +@@ -2404,6 +2404,9 @@ static void sit_add_v4_addrs(struct inet6_dev *idev) + static void init_loopback(struct net_device *dev) + { + struct inet6_dev *idev; ++ struct net_device *sp_dev; ++ struct inet6_ifaddr *sp_ifa; ++ struct rt6_info *sp_rt; + + /* ::1 */ + +@@ -2415,6 +2418,30 @@ static void init_loopback(struct net_device *dev) + } + + add_addr(idev, &in6addr_loopback, 128, IFA_HOST); ++ ++ /* Add routes to other interface's IPv6 addresses */ ++ for_each_netdev(dev_net(dev), sp_dev) { ++ if (!strcmp(sp_dev->name, dev->name)) ++ continue; ++ ++ idev = __in6_dev_get(sp_dev); ++ if (!idev) ++ continue; ++ ++ read_lock_bh(&idev->lock); ++ list_for_each_entry(sp_ifa, &idev->addr_list, if_list) { ++ ++ if (sp_ifa->flags & (IFA_F_DADFAILED | IFA_F_TENTATIVE)) ++ continue; ++ ++ sp_rt = addrconf_dst_alloc(idev, &sp_ifa->addr, 0); ++ ++ /* Failure cases are ignored */ ++ if (!IS_ERR(sp_rt)) ++ ip6_ins_rt(sp_rt); ++ } ++ read_unlock_bh(&idev->lock); ++ } + } + + static void addrconf_add_linklocal(struct inet6_dev *idev, const struct in6_addr *addr) +diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c +index 2b0a4ca..411fe2c 100644 +--- a/net/ipv6/reassembly.c ++++ b/net/ipv6/reassembly.c +@@ -386,8 +386,17 @@ found: + } + + if (fq->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) && +- fq->q.meat == fq->q.len) +- return ip6_frag_reasm(fq, prev, dev); ++ fq->q.meat == fq->q.len) { ++ int res; ++ unsigned long orefdst = skb->_skb_refdst; ++ ++ skb->_skb_refdst = 0UL; ++ res = ip6_frag_reasm(fq, prev, dev); ++ skb->_skb_refdst = orefdst; ++ return res; ++ } ++ ++ skb_dst_drop(skb); + + write_lock(&ip6_frags.lock); + list_move_tail(&fq->q.lru_list, &fq->q.net->lru_list); +diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c +index f4b49c5..91821e9 100644 +--- a/net/irda/af_irda.c ++++ b/net/irda/af_irda.c +@@ -1386,6 +1386,8 @@ static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock, + + IRDA_DEBUG(4, "%s()\n", __func__); + ++ msg->msg_namelen = 0; ++ + skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, + flags & MSG_DONTWAIT, &err); + if (!skb) +diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c +index cf98d62..e836140 100644 +--- a/net/iucv/af_iucv.c ++++ b/net/iucv/af_iucv.c +@@ -1356,6 +1356,8 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock, + int blen; + int err = 0; + ++ msg->msg_namelen = 0; ++ + if ((sk->sk_state == IUCV_DISCONN || sk->sk_state == IUCV_SEVERED) && + skb_queue_empty(&iucv->backlog_skb_q) && + skb_queue_empty(&sk->sk_receive_queue) && +diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c +index 99a60d5..e5565c7 100644 +--- a/net/llc/af_llc.c ++++ b/net/llc/af_llc.c +@@ -720,6 +720,8 @@ static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock, + int target; /* Read at least this many bytes */ + long timeo; + ++ msg->msg_namelen = 0; ++ + lock_sock(sk); + copied = -ENOTCONN; + if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN)) +diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c +index f156382..3df7c5a 100644 +--- a/net/netrom/af_netrom.c ++++ b/net/netrom/af_netrom.c +@@ -1178,6 +1178,7 @@ static int nr_recvmsg(struct kiocb *iocb, struct socket *sock, + } + + if (sax != NULL) { ++ memset(sax, 0, sizeof(*sax)); + sax->sax25_family = AF_NETROM; + skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call, + AX25_ADDR_LEN); +diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c +index f9ea925..1f96fb9 100644 +--- a/net/rose/af_rose.c ++++ b/net/rose/af_rose.c +@@ -1258,6 +1258,7 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock, + skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); + + if (srose != NULL) { ++ memset(srose, 0, msg->msg_namelen); + srose->srose_family = AF_ROSE; + srose->srose_addr = rose->dest_addr; + srose->srose_call = rose->dest_call; +diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c +index 599f67a..b7cddb9 100644 +--- a/net/sched/sch_cbq.c ++++ b/net/sched/sch_cbq.c +@@ -963,8 +963,11 @@ cbq_dequeue(struct Qdisc *sch) + cbq_update(q); + if ((incr -= incr2) < 0) + incr = 0; ++ q->now += incr; ++ } else { ++ if (now > q->now) ++ q->now = now; + } +- q->now += incr; + q->now_rt = now; + + for (;;) { +diff --git a/net/sctp/auth.c b/net/sctp/auth.c +index bf81204..333926d 100644 +--- a/net/sctp/auth.c ++++ b/net/sctp/auth.c +@@ -71,7 +71,7 @@ void sctp_auth_key_put(struct sctp_auth_bytes *key) + return; + + if (atomic_dec_and_test(&key->refcnt)) { +- kfree(key); ++ kzfree(key); + SCTP_DBG_OBJCNT_DEC(keys); + } + } +diff --git a/net/tipc/socket.c b/net/tipc/socket.c +index 42b8324..fdf34af 100644 +--- a/net/tipc/socket.c ++++ b/net/tipc/socket.c +@@ -829,6 +829,7 @@ static void set_orig_addr(struct msghdr *m, struct tipc_msg *msg) + if (addr) { + addr->family = AF_TIPC; + addr->addrtype = TIPC_ADDR_ID; ++ memset(&addr->addr, 0, sizeof(addr->addr)); + addr->addr.id.ref = msg_origport(msg); + addr->addr.id.node = msg_orignode(msg); + addr->addr.name.domain = 0; /* could leave uninitialized */ +@@ -948,6 +949,9 @@ static int recv_msg(struct kiocb *iocb, struct socket *sock, + goto exit; + } + ++ /* will be updated in set_orig_addr() if needed */ ++ m->msg_namelen = 0; ++ + timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); + restart: + +@@ -1074,6 +1078,9 @@ static int recv_stream(struct kiocb *iocb, struct socket *sock, + goto exit; + } + ++ /* will be updated in set_orig_addr() if needed */ ++ m->msg_namelen = 0; ++ + target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len); + timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); + restart: +diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c +index 18978b6..5611563 100644 +--- a/net/unix/af_unix.c ++++ b/net/unix/af_unix.c +@@ -1956,7 +1956,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, + if ((UNIXCB(skb).pid != siocb->scm->pid) || + (UNIXCB(skb).cred != siocb->scm->cred)) + break; +- } else { ++ } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { + /* Copy credentials */ + scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred); + check_creds = 1; +diff --git a/net/wireless/reg.c b/net/wireless/reg.c +index 0b08905..21958cd 100644 +--- a/net/wireless/reg.c ++++ b/net/wireless/reg.c +@@ -853,7 +853,7 @@ static void handle_channel(struct wiphy *wiphy, + return; + + REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq); +- chan->flags = IEEE80211_CHAN_DISABLED; ++ chan->flags |= IEEE80211_CHAN_DISABLED; + return; + } + +diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c +index 7ada40e..638600b 100644 +--- a/sound/core/pcm_native.c ++++ b/sound/core/pcm_native.c +@@ -3204,18 +3204,10 @@ EXPORT_SYMBOL_GPL(snd_pcm_lib_default_mmap); + int snd_pcm_lib_mmap_iomem(struct snd_pcm_substream *substream, + struct vm_area_struct *area) + { +- long size; +- unsigned long offset; ++ struct snd_pcm_runtime *runtime = substream->runtime;; + + area->vm_page_prot = pgprot_noncached(area->vm_page_prot); +- area->vm_flags |= VM_IO; +- size = area->vm_end - area->vm_start; +- offset = area->vm_pgoff << PAGE_SHIFT; +- if (io_remap_pfn_range(area, area->vm_start, +- (substream->runtime->dma_addr + offset) >> PAGE_SHIFT, +- size, area->vm_page_prot)) +- return -EAGAIN; +- return 0; ++ return vm_iomap_memory(area, runtime->dma_addr, runtime->dma_bytes); + } + + EXPORT_SYMBOL(snd_pcm_lib_mmap_iomem); +diff --git a/sound/soc/codecs/max98088.c b/sound/soc/codecs/max98088.c +index ebbf63c..b7cf246 100644 +--- a/sound/soc/codecs/max98088.c ++++ b/sound/soc/codecs/max98088.c +@@ -2007,7 +2007,7 @@ static int max98088_probe(struct snd_soc_codec *codec) + ret); + goto err_access; + } +- dev_info(codec->dev, "revision %c\n", ret + 'A'); ++ dev_info(codec->dev, "revision %c\n", ret - 0x40 + 'A'); + + snd_soc_write(codec, M98088_REG_51_PWR_SYS, M98088_PWRSV); + +diff --git a/sound/usb/card.c b/sound/usb/card.c +index 566acb3..acb7fac 100644 +--- a/sound/usb/card.c ++++ b/sound/usb/card.c +@@ -611,7 +611,9 @@ int snd_usb_autoresume(struct snd_usb_audio *chip) + int err = -ENODEV; + + down_read(&chip->shutdown_rwsem); +- if (!chip->shutdown && !chip->probing) ++ if (chip->probing) ++ err = 0; ++ else if (!chip->shutdown) + err = usb_autopm_get_interface(chip->pm_intf); + up_read(&chip->shutdown_rwsem); + +diff --git a/sound/usb/card.h b/sound/usb/card.h +index 665e297..2b7559c 100644 +--- a/sound/usb/card.h ++++ b/sound/usb/card.h +@@ -73,6 +73,7 @@ struct snd_usb_substream { + unsigned int fill_max: 1; /* fill max packet size always */ + unsigned int txfr_quirk:1; /* allow sub-frame alignment */ + unsigned int fmt_type; /* USB audio format type (1-3) */ ++ unsigned int pkt_offset_adj; /* Bytes to drop from beginning of packets (for non-compliant devices) */ + + unsigned int running: 1; /* running status */ + +diff --git a/sound/usb/endpoint.c b/sound/usb/endpoint.c +index 9ab2b3e..5ebe8c4 100644 +--- a/sound/usb/endpoint.c ++++ b/sound/usb/endpoint.c +@@ -458,7 +458,7 @@ static int retire_capture_urb(struct snd_usb_substream *subs, + stride = runtime->frame_bits >> 3; + + for (i = 0; i < urb->number_of_packets; i++) { +- cp = (unsigned char *)urb->transfer_buffer + urb->iso_frame_desc[i].offset; ++ cp = (unsigned char *)urb->transfer_buffer + urb->iso_frame_desc[i].offset + subs->pkt_offset_adj; + if (urb->iso_frame_desc[i].status && printk_ratelimit()) { + snd_printdd("frame %d active: %d\n", i, urb->iso_frame_desc[i].status); + // continue; +@@ -898,6 +898,7 @@ void snd_usb_init_substream(struct snd_usb_stream *as, + subs->speed = snd_usb_get_speed(subs->dev); + if (subs->speed >= USB_SPEED_HIGH) + subs->ops.prepare_sync = prepare_capture_sync_urb_hs; ++ subs->pkt_offset_adj = 0; + + snd_usb_set_pcm_ops(as->pcm, stream); + +diff --git a/sound/usb/midi.c b/sound/usb/midi.c +index 34b9bb7..e5fee18 100644 +--- a/sound/usb/midi.c ++++ b/sound/usb/midi.c +@@ -126,7 +126,6 @@ struct snd_usb_midi { + struct snd_usb_midi_in_endpoint *in; + } endpoints[MIDI_MAX_ENDPOINTS]; + unsigned long input_triggered; +- bool autopm_reference; + unsigned int opened[2]; + unsigned char disconnected; + unsigned char input_running; +@@ -1040,7 +1039,6 @@ static int substream_open(struct snd_rawmidi_substream *substream, int dir, + { + struct snd_usb_midi* umidi = substream->rmidi->private_data; + struct snd_kcontrol *ctl; +- int err; + + down_read(&umidi->disc_rwsem); + if (umidi->disconnected) { +@@ -1051,13 +1049,6 @@ static int substream_open(struct snd_rawmidi_substream *substream, int dir, + mutex_lock(&umidi->mutex); + if (open) { + if (!umidi->opened[0] && !umidi->opened[1]) { +- err = usb_autopm_get_interface(umidi->iface); +- umidi->autopm_reference = err >= 0; +- if (err < 0 && err != -EACCES) { +- mutex_unlock(&umidi->mutex); +- up_read(&umidi->disc_rwsem); +- return -EIO; +- } + if (umidi->roland_load_ctl) { + ctl = umidi->roland_load_ctl; + ctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE; +@@ -1080,8 +1071,6 @@ static int substream_open(struct snd_rawmidi_substream *substream, int dir, + snd_ctl_notify(umidi->card, + SNDRV_CTL_EVENT_MASK_INFO, &ctl->id); + } +- if (umidi->autopm_reference) +- usb_autopm_put_interface(umidi->iface); + } + } + mutex_unlock(&umidi->mutex); +@@ -2256,6 +2245,8 @@ int snd_usbmidi_create(struct snd_card *card, + return err; + } + ++ usb_autopm_get_interface_no_resume(umidi->iface); ++ + list_add_tail(&umidi->list, midi_list); + return 0; + } +diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c +index dfbd65d..42eeee8 100644 +--- a/sound/usb/quirks.c ++++ b/sound/usb/quirks.c +@@ -744,6 +744,7 @@ static void set_format_emu_quirk(struct snd_usb_substream *subs, + break; + } + snd_emuusb_set_samplerate(subs->stream->chip, emu_samplerate_id); ++ subs->pkt_offset_adj = (emu_samplerate_id >= EMU_QUIRK_SR_176400HZ) ? 4 : 0; + } + + void snd_usb_set_format_quirk(struct snd_usb_substream *subs, +diff --git a/sound/usb/stream.c b/sound/usb/stream.c +index 5ff8010..33a335b 100644 +--- a/sound/usb/stream.c ++++ b/sound/usb/stream.c +@@ -168,6 +168,14 @@ static int parse_uac_endpoint_attributes(struct snd_usb_audio *chip, + if (!csep && altsd->bNumEndpoints >= 2) + csep = snd_usb_find_desc(alts->endpoint[1].extra, alts->endpoint[1].extralen, NULL, USB_DT_CS_ENDPOINT); + ++ /* ++ * If we can't locate the USB_DT_CS_ENDPOINT descriptor in the extra ++ * bytes after the first endpoint, go search the entire interface. ++ * Some devices have it directly *before* the standard endpoint. ++ */ ++ if (!csep) ++ csep = snd_usb_find_desc(alts->extra, alts->extralen, NULL, USB_DT_CS_ENDPOINT); ++ + if (!csep || csep->bLength < 7 || + csep->bDescriptorSubtype != UAC_EP_GENERAL) { + snd_printk(KERN_WARNING "%d:%u:%d : no or invalid" diff --git a/3.2.44/4420_grsecurity-2.9.1-3.2.44-201305082214.patch b/3.2.45/4420_grsecurity-2.9.1-3.2.45-201305142033.patch index b2ac53e..d1995bd 100644 --- a/3.2.44/4420_grsecurity-2.9.1-3.2.44-201305082214.patch +++ b/3.2.45/4420_grsecurity-2.9.1-3.2.45-201305142033.patch @@ -262,7 +262,7 @@ index 88fd7f5..b318a78 100644 ============================================================== diff --git a/Makefile b/Makefile -index 566750c..8155f8b 100644 +index 9072fee..85e58c2 100644 --- a/Makefile +++ b/Makefile @@ -245,8 +245,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -2676,7 +2676,7 @@ index c539c68..c95d3db 100644 .notifier_call = err_inject_cpu_callback, }; diff --git a/arch/ia64/kernel/mca.c b/arch/ia64/kernel/mca.c -index 84fb405..7f52920 100644 +index 9b97303..69464a9 100644 --- a/arch/ia64/kernel/mca.c +++ b/arch/ia64/kernel/mca.c @@ -1919,7 +1919,7 @@ static int __cpuinit mca_cpu_callback(struct notifier_block *nfb, @@ -5193,7 +5193,7 @@ index 5b63bd3..248942d 100644 }; diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c -index b22a83a..e55f74f 100644 +index 24523dc..7205007 100644 --- a/arch/powerpc/mm/numa.c +++ b/arch/powerpc/mm/numa.c @@ -964,7 +964,7 @@ static void __init *careful_zallocation(int nid, unsigned long size, @@ -5292,10 +5292,10 @@ index 0cfece4..2f1a0e5 100644 struct spu_context *ctx = vma->vm_file->private_data; unsigned long offset = address - vma->vm_start; diff --git a/arch/powerpc/platforms/cell/spufs/inode.c b/arch/powerpc/platforms/cell/spufs/inode.c -index e481f6b..6f90539 100644 +index 70ec4e9..3e7a115 100644 --- a/arch/powerpc/platforms/cell/spufs/inode.c +++ b/arch/powerpc/platforms/cell/spufs/inode.c -@@ -810,6 +810,7 @@ static struct file_system_type spufs_type = { +@@ -811,6 +811,7 @@ static struct file_system_type spufs_type = { .mount = spufs_mount, .kill_sb = kill_litter_super, }; @@ -7072,7 +7072,7 @@ index 76e4ac1..78f8bb1 100644 } } diff --git a/arch/sparc/kernel/us3_cpufreq.c b/arch/sparc/kernel/us3_cpufreq.c -index eb1624b..f9f4ddb 100644 +index eb1624b..55100de 100644 --- a/arch/sparc/kernel/us3_cpufreq.c +++ b/arch/sparc/kernel/us3_cpufreq.c @@ -18,14 +18,12 @@ @@ -7162,7 +7162,7 @@ index eb1624b..f9f4ddb 100644 - return ret; - } + impl == PANTHER_IMPL)) -+ return cpufreq_register_driver(cpufreq_us3_driver); ++ return cpufreq_register_driver(&cpufreq_us3_driver); return -ENODEV; } @@ -7176,7 +7176,7 @@ index eb1624b..f9f4ddb 100644 - kfree(us3_freq_table); - us3_freq_table = NULL; - } -+ cpufreq_unregister_driver(cpufreq_us3_driver); ++ cpufreq_unregister_driver(&cpufreq_us3_driver); } MODULE_AUTHOR("David S. Miller <davem@redhat.com>"); @@ -9593,7 +9593,7 @@ index 6557769..ef6ae89 100644 if (err) diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S -index 95b4eb3..ccdcbb6 100644 +index 95b4eb3..1b112f5 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S @@ -13,7 +13,9 @@ @@ -9686,7 +9686,7 @@ index 95b4eb3..ccdcbb6 100644 32bit zero extended */ + +#ifdef CONFIG_PAX_MEMORY_UDEREF -+ mov $PAX_USER_SHADOW_BASE,%r11 ++ mov pax_user_shadow_base,%r11 + add %r11,%rbp +#endif + @@ -9809,7 +9809,7 @@ index 95b4eb3..ccdcbb6 100644 /* hardware stack frame is complete now */ + +#ifdef CONFIG_PAX_MEMORY_UDEREF -+ mov $PAX_USER_SHADOW_BASE,%r11 ++ mov pax_user_shadow_base,%r11 + add %r11,%r8 +#endif + @@ -12502,7 +12502,7 @@ index cb00ccc..17e9054 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index 6be9909..4afeb15 100644 +index 6be9909..b7543b2 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -12635,7 +12635,7 @@ index 6be9909..4afeb15 100644 /* * a shortcut which implies the use of the kernel's pgd, instead * of a process's -@@ -604,6 +678,20 @@ static inline int pgd_none(pgd_t pgd) +@@ -604,6 +678,22 @@ static inline int pgd_none(pgd_t pgd) #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) @@ -12646,9 +12646,11 @@ index 6be9909..4afeb15 100644 +#define USER_PGD_PTRS (_AC(1,UL) << (TASK_SIZE_MAX_SHIFT - PGDIR_SHIFT)) + +#ifdef CONFIG_PAX_MEMORY_UDEREF -+#define PAX_USER_SHADOW_BASE (_AC(1,UL) << TASK_SIZE_MAX_SHIFT) ++#ifdef __ASSEMBLY__ ++#define pax_user_shadow_base pax_user_shadow_base(%rip) +#else -+#define PAX_USER_SHADOW_BASE (_AC(0,UL)) ++extern unsigned long pax_user_shadow_base; ++#endif +#endif + +#endif @@ -12656,7 +12658,7 @@ index 6be9909..4afeb15 100644 #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -768,11 +856,23 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, +@@ -768,11 +858,23 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -13785,7 +13787,7 @@ index d7ef849..b1b009a 100644 #endif #endif /* _ASM_X86_THREAD_INFO_H */ diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h -index 36361bf..d10fb9a 100644 +index 36361bf..4252f11 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -7,6 +7,7 @@ @@ -13931,9 +13933,9 @@ index 36361bf..d10fb9a 100644 +#define ____m(x) \ +({ \ + unsigned long ____x = (unsigned long)(x); \ -+ if (____x < PAX_USER_SHADOW_BASE) \ -+ ____x += PAX_USER_SHADOW_BASE; \ -+ (void __user *)____x; \ ++ if (____x < pax_user_shadow_base) \ ++ ____x += pax_user_shadow_base; \ ++ (typeof(x))____x; \ +}) +#else +#define ____m(x) (x) @@ -19310,7 +19312,7 @@ index 2f45c4c..3f51a0c 100644 } diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c -index 7da647d..e88104f 100644 +index 7da647d..6e9fab5 100644 --- a/arch/x86/kernel/kprobes.c +++ b/arch/x86/kernel/kprobes.c @@ -117,9 +117,12 @@ static void __kprobes __synthesize_relative_insn(void *from, void *to, u8 op) @@ -19452,7 +19454,23 @@ index 7da647d..e88104f 100644 return ret; switch (val) { -@@ -1307,7 +1317,7 @@ static int __kprobes can_optimize(unsigned long paddr) +@@ -1120,6 +1130,7 @@ static void __kprobes synthesize_relcall(void *from, void *to) + static void __kprobes synthesize_set_arg1(kprobe_opcode_t *addr, + unsigned long val) + { ++ pax_open_kernel(); + #ifdef CONFIG_X86_64 + *addr++ = 0x48; + *addr++ = 0xbf; +@@ -1127,6 +1138,7 @@ static void __kprobes synthesize_set_arg1(kprobe_opcode_t *addr, + *addr++ = 0xb8; + #endif + *(unsigned long *)addr = val; ++ pax_close_kernel(); + } + + static void __used __kprobes kprobes_optinsn_template_holder(void) +@@ -1307,7 +1319,7 @@ static int __kprobes can_optimize(unsigned long paddr) ret = recover_probed_instruction(buf, addr); if (ret) return 0; @@ -19461,7 +19479,7 @@ index 7da647d..e88104f 100644 } insn_get_length(&insn); /* Recover address */ -@@ -1384,7 +1394,7 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) +@@ -1384,7 +1396,7 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) * Verify if the address gap is in 2GB range, because this uses * a relative jump. */ @@ -19470,12 +19488,14 @@ index 7da647d..e88104f 100644 if (abs(rel) > 0x7fffffff) return -ERANGE; -@@ -1399,16 +1409,16 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) +@@ -1399,16 +1411,18 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) op->optinsn.size = ret; /* Copy arch-dep-instance from template */ - memcpy(buf, &optprobe_template_entry, TMPL_END_IDX); ++ pax_open_kernel(); + memcpy(buf, ktla_ktva(&optprobe_template_entry), TMPL_END_IDX); ++ pax_close_kernel(); /* Set probe information */ synthesize_set_arg1(buf + TMPL_MOVE_IDX, (unsigned long)op); @@ -19490,7 +19510,7 @@ index 7da647d..e88104f 100644 (u8 *)op->kp.addr + op->optinsn.size); flush_icache_range((unsigned long) buf, -@@ -1431,7 +1441,7 @@ static void __kprobes setup_optimize_kprobe(struct text_poke_param *tprm, +@@ -1431,7 +1445,7 @@ static void __kprobes setup_optimize_kprobe(struct text_poke_param *tprm, ((long)op->kp.addr + RELATIVEJUMP_SIZE)); /* Backup instructions which will be replaced by jump address */ @@ -19499,7 +19519,7 @@ index 7da647d..e88104f 100644 RELATIVE_ADDR_SIZE); insn_buf[0] = RELATIVEJUMP_OPCODE; -@@ -1530,7 +1540,7 @@ static int __kprobes setup_detour_execution(struct kprobe *p, +@@ -1530,7 +1544,7 @@ static int __kprobes setup_detour_execution(struct kprobe *p, /* This kprobe is really able to run optimized path. */ op = container_of(p, struct optimized_kprobe, kp); /* Detour through copied instructions */ @@ -23552,7 +23572,7 @@ index 0248402..821c786 100644 .section .fixup,"ax" diff --git a/arch/x86/lib/copy_user_nocache_64.S b/arch/x86/lib/copy_user_nocache_64.S -index cb0c112..e3a6895 100644 +index cb0c112..61e0020 100644 --- a/arch/x86/lib/copy_user_nocache_64.S +++ b/arch/x86/lib/copy_user_nocache_64.S @@ -8,12 +8,14 @@ @@ -23576,7 +23596,7 @@ index cb0c112..e3a6895 100644 CFI_STARTPROC + +#ifdef CONFIG_PAX_MEMORY_UDEREF -+ mov $PAX_USER_SHADOW_BASE,%rcx ++ mov pax_user_shadow_base,%rcx + cmp %rcx,%rsi + jae 1f + add %rcx,%rsi @@ -23661,7 +23681,7 @@ index 459b58a..d67737f 100644 } EXPORT_SYMBOL(csum_partial_copy_to_user); diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S -index 51f1504..ddac4c1 100644 +index 51f1504..144f6bd 100644 --- a/arch/x86/lib/getuser.S +++ b/arch/x86/lib/getuser.S @@ -33,15 +33,38 @@ @@ -23689,7 +23709,7 @@ index 51f1504..ddac4c1 100644 -1: movzb (%_ASM_AX),%edx + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ mov $PAX_USER_SHADOW_BASE,%_ASM_DX ++ mov pax_user_shadow_base,%_ASM_DX + cmp %_ASM_DX,%_ASM_AX + jae 1234f + add %_ASM_DX,%_ASM_AX @@ -23717,7 +23737,7 @@ index 51f1504..ddac4c1 100644 -2: movzwl -1(%_ASM_AX),%edx + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ mov $PAX_USER_SHADOW_BASE,%_ASM_DX ++ mov pax_user_shadow_base,%_ASM_DX + cmp %_ASM_DX,%_ASM_AX + jae 1234f + add %_ASM_DX,%_ASM_AX @@ -23745,7 +23765,7 @@ index 51f1504..ddac4c1 100644 -3: mov -3(%_ASM_AX),%edx + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ mov $PAX_USER_SHADOW_BASE,%_ASM_DX ++ mov pax_user_shadow_base,%_ASM_DX + cmp %_ASM_DX,%_ASM_AX + jae 1234f + add %_ASM_DX,%_ASM_AX @@ -23766,7 +23786,7 @@ index 51f1504..ddac4c1 100644 jae bad_get_user + +#ifdef CONFIG_PAX_MEMORY_UDEREF -+ mov $PAX_USER_SHADOW_BASE,%_ASM_DX ++ mov pax_user_shadow_base,%_ASM_DX + cmp %_ASM_DX,%_ASM_AX + jae 1234f + add %_ASM_DX,%_ASM_AX @@ -24468,7 +24488,7 @@ index 69fa106..adda88b 100644 3: CFI_RESTORE_STATE diff --git a/arch/x86/lib/putuser.S b/arch/x86/lib/putuser.S -index 36b0d15..d381858 100644 +index 36b0d15..3edf573 100644 --- a/arch/x86/lib/putuser.S +++ b/arch/x86/lib/putuser.S @@ -15,7 +15,9 @@ @@ -24516,7 +24536,7 @@ index 36b0d15..d381858 100644 -1: movb %al,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ mov $PAX_USER_SHADOW_BASE,%_ASM_BX ++ mov pax_user_shadow_base,%_ASM_BX + cmp %_ASM_BX,%_ASM_CX + jb 1234f + xor %ebx,%ebx @@ -24542,7 +24562,7 @@ index 36b0d15..d381858 100644 -2: movw %ax,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ mov $PAX_USER_SHADOW_BASE,%_ASM_BX ++ mov pax_user_shadow_base,%_ASM_BX + cmp %_ASM_BX,%_ASM_CX + jb 1234f + xor %ebx,%ebx @@ -24568,7 +24588,7 @@ index 36b0d15..d381858 100644 -3: movl %eax,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ mov $PAX_USER_SHADOW_BASE,%_ASM_BX ++ mov pax_user_shadow_base,%_ASM_BX + cmp %_ASM_BX,%_ASM_CX + jb 1234f + xor %ebx,%ebx @@ -24594,7 +24614,7 @@ index 36b0d15..d381858 100644 -4: mov %_ASM_AX,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ mov $PAX_USER_SHADOW_BASE,%_ASM_BX ++ mov pax_user_shadow_base,%_ASM_BX + cmp %_ASM_BX,%_ASM_CX + jb 1234f + xor %ebx,%ebx @@ -25390,7 +25410,7 @@ index e218d5d..7d522b8 100644 +EXPORT_SYMBOL(set_fs); +#endif diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c -index 554b7b5..2f1b9c2 100644 +index 554b7b5..4027e2c 100644 --- a/arch/x86/lib/usercopy_64.c +++ b/arch/x86/lib/usercopy_64.c @@ -42,6 +42,12 @@ long @@ -25399,8 +25419,8 @@ index 554b7b5..2f1b9c2 100644 long res; + +#ifdef CONFIG_PAX_MEMORY_UDEREF -+ if ((unsigned long)src < PAX_USER_SHADOW_BASE) -+ src += PAX_USER_SHADOW_BASE; ++ if ((unsigned long)src < pax_user_shadow_base) ++ src += pax_user_shadow_base; +#endif + __do_strncpy_from_user(dst, src, count, res); @@ -25471,7 +25491,7 @@ index d0474ad..36e9257 100644 extern u32 pnp_bios_is_utter_crap; pnp_bios_is_utter_crap = 1; diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index 53a7b69..0b31dac 100644 +index 53a7b69..8cc6fea 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -13,11 +13,18 @@ @@ -25835,17 +25855,17 @@ index 53a7b69..0b31dac 100644 + unsigned long address = read_cr2(); + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ if (!user_mode(regs) && address < 2 * PAX_USER_SHADOW_BASE) { ++ if (!user_mode(regs) && address < 2 * pax_user_shadow_base) { + if (!search_exception_tables(regs->ip)) { + bad_area_nosemaphore(regs, error_code, address); + return; + } -+ if (address < PAX_USER_SHADOW_BASE) { ++ if (address < pax_user_shadow_base) { + printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n"); + printk(KERN_ERR "PAX: faulting IP: %pS\n", (void *)regs->ip); + show_trace_log_lvl(NULL, NULL, (void *)regs->sp, regs->bp, KERN_ERR); + } else -+ address -= PAX_USER_SHADOW_BASE; ++ address -= pax_user_shadow_base; + } +#endif + @@ -26456,7 +26476,7 @@ index df7d12c..7bbdfc3 100644 } if (mm->get_unmapped_area == arch_get_unmapped_area) diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c -index 34a7f40..579f383 100644 +index a4cca06..e2ccdf7 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -3,6 +3,7 @@ @@ -26482,10 +26502,10 @@ index 34a7f40..579f383 100644 unsigned long puds = 0, pmds = 0, ptes = 0, tables; - unsigned long start = 0, good_end; + unsigned long start = 0x100000, good_end; + unsigned long pgd_extra = 0; phys_addr_t base; - for (i = 0; i < nr_range; i++) { -@@ -319,10 +322,40 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, +@@ -324,10 +327,40 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, * Access has to be given to non-kernel-ram areas as well, these contain the PCI * mmio resources as well as potential bios/acpi data regions. */ @@ -26527,7 +26547,7 @@ index 34a7f40..579f383 100644 if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) return 0; if (!page_is_ram(pagenr)) -@@ -379,8 +412,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) +@@ -384,8 +417,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) #endif } @@ -29433,7 +29453,7 @@ index 153407c..611cba9 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 69b9ef6..aa929bc 100644 +index 044f5d9..d4e3e58 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -86,8 +86,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -29545,7 +29565,7 @@ index 69b9ef6..aa929bc 100644 xen_smp_init(); #ifdef CONFIG_ACPI_NUMA -@@ -1400,7 +1399,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self, +@@ -1403,7 +1402,7 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -29597,7 +29617,7 @@ index fe00be69..d2c142a 100644 .alloc_pud = xen_alloc_pmd_init, .release_pud = xen_release_pmd_init, diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c -index 9a23fff..c05e794 100644 +index 6e4d5dc..78c131b 100644 --- a/arch/x86/xen/smp.c +++ b/arch/x86/xen/smp.c @@ -209,11 +209,6 @@ static void __init xen_smp_prepare_boot_cpu(void) @@ -32066,10 +32086,10 @@ index f773a9d..65cd683 100644 return -EINVAL; else diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c -index 0833896..cccce52 100644 +index 14d49e4..d331fd8 100644 --- a/drivers/char/hpet.c +++ b/drivers/char/hpet.c -@@ -572,7 +572,7 @@ static inline unsigned long hpet_time_div(struct hpets *hpets, +@@ -560,7 +560,7 @@ static inline unsigned long hpet_time_div(struct hpets *hpets, } static int @@ -33736,10 +33756,10 @@ index 9b4e5c6..d7ec240 100644 mutex_unlock(&dev->struct_mutex); diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c -index ca67338..0003ba7 100644 +index c77fc67..4057c13 100644 --- a/drivers/gpu/drm/i915/i915_dma.c +++ b/drivers/gpu/drm/i915/i915_dma.c -@@ -1172,7 +1172,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) +@@ -1166,7 +1166,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -33749,7 +33769,7 @@ index ca67338..0003ba7 100644 return can_switch; } diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h -index 144d37c..bf1110f 100644 +index 20cd295..052b178 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h @@ -320,7 +320,7 @@ typedef struct drm_i915_private { @@ -33761,7 +33781,7 @@ index 144d37c..bf1110f 100644 /* protects the irq masks */ spinlock_t irq_lock; -@@ -897,7 +897,7 @@ struct drm_i915_gem_object { +@@ -898,7 +898,7 @@ struct drm_i915_gem_object { * will be page flipped away on the next vblank. When it * reaches 0, dev_priv->pending_flip_queue will be woken up. */ @@ -33770,7 +33790,7 @@ index 144d37c..bf1110f 100644 }; #define to_intel_bo(x) container_of(x, struct drm_i915_gem_object, base) -@@ -1274,7 +1274,7 @@ extern int intel_setup_gmbus(struct drm_device *dev); +@@ -1275,7 +1275,7 @@ extern int intel_setup_gmbus(struct drm_device *dev); extern void intel_teardown_gmbus(struct drm_device *dev); extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed); extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit); @@ -33898,7 +33918,7 @@ index 93e74fb..4a1182d 100644 INIT_WORK(&dev_priv->hotplug_work, i915_hotplug_work_func); INIT_WORK(&dev_priv->error_work, i915_error_work_func); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index 897ca06..ea0a32a 100644 +index cfbb893..982d86d 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c @@ -2215,7 +2215,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) @@ -34325,10 +34345,10 @@ index a9e33ce..09edd4b 100644 #endif diff --git a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c -index 60d13fe..56badbf 100644 +index 0495a50..6d67dd7 100644 --- a/drivers/gpu/drm/radeon/evergreen.c +++ b/drivers/gpu/drm/radeon/evergreen.c -@@ -3066,7 +3066,9 @@ static int evergreen_startup(struct radeon_device *rdev) +@@ -3076,7 +3076,9 @@ static int evergreen_startup(struct radeon_device *rdev) r = evergreen_blit_init(rdev); if (r) { r600_blit_fini(rdev); @@ -37367,7 +37387,7 @@ index 8953630..29b12d9 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index 1702133..f8faeb6 100644 +index 2d0544c..bc3c200 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -278,10 +278,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); @@ -37439,7 +37459,7 @@ index 1702133..f8faeb6 100644 INIT_LIST_HEAD(&rdev->same_set); init_waitqueue_head(&rdev->blocked_wait); -@@ -6706,7 +6706,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -6703,7 +6703,7 @@ static int md_seq_show(struct seq_file *seq, void *v) spin_unlock(&pers_lock); seq_printf(seq, "\n"); @@ -37448,7 +37468,7 @@ index 1702133..f8faeb6 100644 return 0; } if (v == (void*)2) { -@@ -6795,7 +6795,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -6792,7 +6792,7 @@ static int md_seq_show(struct seq_file *seq, void *v) chunk_kb ? "KB" : "B"); if (bitmap->file) { seq_printf(seq, ", file: "); @@ -37457,7 +37477,7 @@ index 1702133..f8faeb6 100644 } seq_printf(seq, "\n"); -@@ -6826,7 +6826,7 @@ static int md_seq_open(struct inode *inode, struct file *file) +@@ -6823,7 +6823,7 @@ static int md_seq_open(struct inode *inode, struct file *file) return error; seq = file->private_data; @@ -37466,7 +37486,7 @@ index 1702133..f8faeb6 100644 return error; } -@@ -6840,7 +6840,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) +@@ -6837,7 +6837,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) /* always allow read */ mask = POLLIN | POLLRDNORM; @@ -37475,7 +37495,7 @@ index 1702133..f8faeb6 100644 mask |= POLLERR | POLLPRI; return mask; } -@@ -6884,7 +6884,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) +@@ -6881,7 +6881,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) struct gendisk *disk = rdev->bdev->bd_contains->bd_disk; curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + (int)part_stat_read(&disk->part0, sectors[1]) - @@ -38722,10 +38742,10 @@ index a9ff89ff..461d313 100644 struct sm_sysfs_attribute *vendor_attribute; diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c -index fc07f90..c71767f 100644 +index b436b84..d3cecc5 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c -@@ -4795,7 +4795,7 @@ static int bond_get_tx_queues(struct net *net, struct nlattr *tb[], +@@ -4796,7 +4796,7 @@ static int bond_get_tx_queues(struct net *net, struct nlattr *tb[], return 0; } @@ -38734,7 +38754,7 @@ index fc07f90..c71767f 100644 .kind = "bond", .priv_size = sizeof(struct bonding), .setup = bond_setup, -@@ -4911,8 +4911,8 @@ static void __exit bonding_exit(void) +@@ -4921,8 +4921,8 @@ static void __exit bonding_exit(void) bond_destroy_debugfs(); @@ -39255,7 +39275,7 @@ index 49b549f..13d648c 100644 mac->phydev = phydev; diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index d812790..d1e0f1a 100644 +index f698183..d08df42 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c @@ -704,17 +704,17 @@ struct rtl8169_private { @@ -39424,6 +39444,19 @@ index 3ed983c..a1bb418 100644 break; err = 0; break; +diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c +index 0a0a664..7e7deef 100644 +--- a/drivers/net/slip/slhc.c ++++ b/drivers/net/slip/slhc.c +@@ -489,7 +489,7 @@ slhc_uncompress(struct slcompress *comp, unsigned char *icp, int isize) + register struct tcphdr *thp; + register struct iphdr *ip; + register struct cstate *cs; +- int len, hdrlen; ++ long len, hdrlen; + unsigned char *cp = icp; + + /* We've got a compressed packet; read the change byte */ diff --git a/drivers/net/tokenring/abyss.c b/drivers/net/tokenring/abyss.c index 515f122..41dd273 100644 --- a/drivers/net/tokenring/abyss.c @@ -41044,7 +41077,7 @@ index 023d17d..74ef35b 100644 init_data = &pdata->regulators[i]; priv->regulators[i] = regulator_register( diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c -index 05beb6c..6676a62 100644 +index e3eed18..155946b 100644 --- a/drivers/rtc/rtc-cmos.c +++ b/drivers/rtc/rtc-cmos.c @@ -724,7 +724,9 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq) @@ -42116,6 +42149,19 @@ index aec9311..ddc3103 100644 const char *postfix, struct iio_chan_spec const *chan, ssize_t (*readfunc)(struct device *dev, +diff --git a/drivers/staging/iio/ring_sw.c b/drivers/staging/iio/ring_sw.c +index 66a34ad..65f6aea 100644 +--- a/drivers/staging/iio/ring_sw.c ++++ b/drivers/staging/iio/ring_sw.c +@@ -173,7 +173,7 @@ static int iio_read_first_n_sw_rb(struct iio_buffer *r, + + u8 *initial_read_p, *initial_write_p, *current_read_p, *end_read_p; + u8 *data; +- int ret, max_copied, bytes_to_rip, dead_offset; ++ long ret, max_copied, bytes_to_rip, dead_offset; + + /* A userspace program has probably made an error if it tries to + * read something that is not a whole number of bpds. diff --git a/drivers/staging/octeon/ethernet-rx.c b/drivers/staging/octeon/ethernet-rx.c index 8b307b4..a97ac91 100644 --- a/drivers/staging/octeon/ethernet-rx.c @@ -42795,10 +42841,10 @@ index 8481aae..e1a589c 100644 } EXPORT_SYMBOL_GPL(n_tty_inherit_ops); diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index d19b879..aa288ec 100644 +index 4735928..e80860a 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c -@@ -772,8 +772,10 @@ static void __init unix98_pty_init(void) +@@ -775,8 +775,10 @@ static void __init unix98_pty_init(void) register_sysctl_table(pty_root_table); /* Now create the /dev/ptmx special device */ @@ -42958,47 +43004,19 @@ index 43db715..82134aa 100644 if (get_user(c, buf)) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index 05085be..ca1e67e 100644 +index 3f35e42..9fed166 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c -@@ -940,6 +940,14 @@ void start_tty(struct tty_struct *tty) - - EXPORT_SYMBOL(start_tty); - -+static void tty_update_time(struct timespec *time) -+{ -+ unsigned long sec = get_seconds(); -+ sec -= sec % 60; -+ if ((long)(sec - time->tv_sec) > 0) -+ time->tv_sec = sec; -+} -+ - /** - * tty_read - read method for tty device files - * @file: pointer to tty file -@@ -976,8 +984,10 @@ static ssize_t tty_read(struct file *file, char __user *buf, size_t count, - else - i = -EIO; - tty_ldisc_deref(ld); -+ - if (i > 0) -- inode->i_atime = current_fs_time(inode->i_sb); -+ tty_update_time(&inode->i_atime); -+ - return i; - } - -@@ -1079,8 +1089,7 @@ static inline ssize_t do_tty_write( +@@ -1089,7 +1089,7 @@ static inline ssize_t do_tty_write( cond_resched(); } if (written) { -- struct inode *inode = file->f_path.dentry->d_inode; -- inode->i_mtime = current_fs_time(inode->i_sb); -+ tty_update_time(&file->f_path.dentry->d_inode->i_mtime); +- struct inode *inode = file->f_path.dentry->d_inode; ++ struct inode *inode = file->f_path.dentry->d_inode; + tty_update_time(&inode->i_mtime); ret = written; } - out: -@@ -3240,7 +3249,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); +@@ -3250,7 +3250,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); void tty_default_fops(struct file_operations *fops) { @@ -43658,7 +43676,7 @@ index e132157..516db70 100644 return rc; diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c -index 7a36dff..cbe139a 100644 +index 6b4fb5c..385e560 100644 --- a/drivers/video/console/fbcon.c +++ b/drivers/video/console/fbcon.c @@ -450,7 +450,7 @@ static int __init fb_console_setup(char *this_opt) @@ -43709,7 +43727,7 @@ index 5c3960d..15cf8fc 100644 goto out1; } diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c -index babbb07..649d8d2 100644 +index 0a22808..130eafe 100644 --- a/drivers/video/fbmem.c +++ b/drivers/video/fbmem.c @@ -428,7 +428,7 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image, @@ -47117,7 +47135,7 @@ index 356dcf0..c0046cd 100644 static const struct super_operations afs_super_ops = { .statfs = afs_statfs, diff --git a/fs/aio.c b/fs/aio.c -index 3b65ee7..0e57d2e 100644 +index 8cdd8ea..64197b4 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -119,7 +119,7 @@ static int aio_setup_ring(struct kioctx *ctx) @@ -47383,7 +47401,7 @@ index a6395bd..f1e376a 100644 (unsigned long) create_aout_tables((char __user *) bprm->p, bprm); #ifdef __alpha__ diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 8dd615c..69bb24d 100644 +index 8dd615c..315240a 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -32,6 +32,7 @@ @@ -47759,11 +47777,11 @@ index 8dd615c..69bb24d 100644 + +#ifdef CONFIG_PAX_XATTR_PAX_FLAGS + ssize_t xattr_size, i; -+ unsigned char xattr_value[5]; ++ unsigned char xattr_value[sizeof("pemrs") - 1]; + unsigned long pax_flags_hardmode = 0UL, pax_flags_softmode = 0UL; + -+ xattr_size = vfs_getxattr(file->f_path.dentry, XATTR_NAME_PAX_FLAGS, xattr_value, sizeof xattr_value); -+ if (xattr_size <= 0 || xattr_size > 5) ++ xattr_size = pax_getxattr(file->f_path.dentry, xattr_value, sizeof xattr_value); ++ if (xattr_size <= 0 || xattr_size > sizeof xattr_value) + return ~0UL; + + for (i = 0; i < xattr_size; i++) @@ -48381,42 +48399,6 @@ index 8d4d53d..d0dec4c 100644 num_bytes = max(num_bytes, min_alloc_size); do_chunk_alloc(trans, root->fs_info->extent_root, num_bytes, data, CHUNK_ALLOC_FORCE); -diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index 1372634..3960bb0 100644 ---- a/fs/btrfs/inode.c -+++ b/fs/btrfs/inode.c -@@ -17,6 +17,7 @@ - */ - - #include <linux/kernel.h> -+#include <linux/module.h> - #include <linux/bio.h> - #include <linux/buffer_head.h> - #include <linux/file.h> -@@ -6909,7 +6910,7 @@ fail: - return -ENOMEM; - } - --static int btrfs_getattr(struct vfsmount *mnt, -+int btrfs_getattr(struct vfsmount *mnt, - struct dentry *dentry, struct kstat *stat) - { - struct inode *inode = dentry->d_inode; -@@ -6923,6 +6924,14 @@ static int btrfs_getattr(struct vfsmount *mnt, - return 0; - } - -+EXPORT_SYMBOL(btrfs_getattr); -+ -+dev_t get_btrfs_dev_from_inode(struct inode *inode) -+{ -+ return BTRFS_I(inode)->root->anon_dev; -+} -+EXPORT_SYMBOL(get_btrfs_dev_from_inode); -+ - /* - * If a file is moved, it will inherit the cow and compression flags of the new - * directory. diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index c04f02c..f5c9e2e 100644 --- a/fs/btrfs/ioctl.c @@ -49283,7 +49265,7 @@ index 739fb59..5385976 100644 static int __init init_cramfs_fs(void) { diff --git a/fs/dcache.c b/fs/dcache.c -index e923bf4..dcc8779 100644 +index d322929..ff57049 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -103,11 +103,11 @@ static unsigned int d_hash_shift __read_mostly; @@ -49302,7 +49284,7 @@ index e923bf4..dcc8779 100644 return dentry_hashtable + (hash & D_HASHMASK); } -@@ -3055,7 +3055,7 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3057,7 +3057,7 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -51943,7 +51925,7 @@ index 3f7a59b..cf196cc 100644 for (loop = 0; loop < pagevec->nr; loop++) { diff --git a/fs/fscache/stats.c b/fs/fscache/stats.c -index 4765190..2a067f2 100644 +index 73c0bd7..adb2f79 100644 --- a/fs/fscache/stats.c +++ b/fs/fscache/stats.c @@ -18,95 +18,95 @@ @@ -52716,7 +52698,7 @@ index f6d411e..e82a08d 100644 next->d_inode->i_ino, dt_type(next->d_inode)) < 0) diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c -index a3a0987..5e151c8 100644 +index 8392cb8..80d6193 100644 --- a/fs/lockd/clntproc.c +++ b/fs/lockd/clntproc.c @@ -36,11 +36,11 @@ static const struct rpc_call_ops nlmclnt_cancel_ops; @@ -53546,7 +53528,7 @@ index 1943898..396c460 100644 - #endif /* CONFIG_NFS_V4 */ diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c -index fe5c5fb6..638dac1 100644 +index 08921b8..e60b7da 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c @@ -1037,7 +1037,7 @@ struct nfsd4_operation { @@ -53559,10 +53541,10 @@ index fe5c5fb6..638dac1 100644 static struct nfsd4_operation nfsd4_ops[]; diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c -index 24afa96..a92d930 100644 +index ade5316..f1a6152 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c -@@ -1451,7 +1451,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) +@@ -1445,7 +1445,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *); @@ -53571,7 +53553,7 @@ index 24afa96..a92d930 100644 [OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access, [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close, [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit, -@@ -1491,7 +1491,7 @@ static nfsd4_dec nfsd4_dec_ops[] = { +@@ -1485,7 +1485,7 @@ static nfsd4_dec nfsd4_dec_ops[] = { [OP_RELEASE_LOCKOWNER] = (nfsd4_dec)nfsd4_decode_release_lockowner, }; @@ -53580,7 +53562,7 @@ index 24afa96..a92d930 100644 [OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access, [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close, [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit, -@@ -1553,7 +1553,7 @@ static nfsd4_dec nfsd41_dec_ops[] = { +@@ -1547,7 +1547,7 @@ static nfsd4_dec nfsd41_dec_ops[] = { }; struct nfsd4_minorversion_ops { @@ -53590,10 +53572,16 @@ index 24afa96..a92d930 100644 }; diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c -index 2cbac34..6dc3889 100644 +index 2cbac34..06593b2 100644 --- a/fs/nfsd/nfscache.c +++ b/fs/nfsd/nfscache.c -@@ -264,8 +264,10 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) +@@ -259,13 +259,15 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) + { + struct svc_cacherep *rp; + struct kvec *resv = &rqstp->rq_res.head[0], *cachv; +- int len; ++ long len; + if (!(rp = rqstp->rq_cacherep) || cache_disabled) return; @@ -56184,7 +56172,7 @@ index a475983..3aab767 100644 if (!bb->vm_ops) return -EINVAL; diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c -index 3899e24..4d594a7 100644 +index e756bc4..b530332 100644 --- a/fs/sysfs/dir.c +++ b/fs/sysfs/dir.c @@ -642,6 +642,18 @@ static int create_dir(struct kobject *kobj, struct sysfs_dirent *parent_sd, @@ -56418,10 +56406,38 @@ index ba653f3..06ea4b1 100644 error = notify_change(path->dentry, &newattrs); mutex_unlock(&inode->i_mutex); diff --git a/fs/xattr.c b/fs/xattr.c -index 67583de..c5aad14 100644 +index 67583de..21dfff7 100644 --- a/fs/xattr.c +++ b/fs/xattr.c -@@ -315,7 +315,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr); +@@ -225,6 +225,27 @@ int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name, + return rc; + } + ++#ifdef CONFIG_PAX_XATTR_PAX_FLAGS ++ssize_t ++pax_getxattr(struct dentry *dentry, void *value, size_t size) ++{ ++ struct inode *inode = dentry->d_inode; ++ ssize_t error; ++ ++ error = inode_permission(inode, MAY_EXEC); ++ if (error) ++ return error; ++ ++ if (inode->i_op->getxattr) ++ error = inode->i_op->getxattr(dentry, XATTR_NAME_PAX_FLAGS, value, size); ++ else ++ error = -EOPNOTSUPP; ++ ++ return error; ++} ++EXPORT_SYMBOL(pax_getxattr); ++#endif ++ + ssize_t + vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) + { +@@ -315,7 +336,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr); * Extended attribute SET operations */ static long @@ -56430,7 +56446,7 @@ index 67583de..c5aad14 100644 size_t size, int flags) { int error; -@@ -339,7 +339,13 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value, +@@ -339,7 +360,13 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value, return PTR_ERR(kvalue); } @@ -56445,7 +56461,7 @@ index 67583de..c5aad14 100644 kfree(kvalue); return error; } -@@ -356,7 +362,7 @@ SYSCALL_DEFINE5(setxattr, const char __user *, pathname, +@@ -356,7 +383,7 @@ SYSCALL_DEFINE5(setxattr, const char __user *, pathname, return error; error = mnt_want_write(path.mnt); if (!error) { @@ -56454,7 +56470,7 @@ index 67583de..c5aad14 100644 mnt_drop_write(path.mnt); } path_put(&path); -@@ -375,7 +381,7 @@ SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, +@@ -375,7 +402,7 @@ SYSCALL_DEFINE5(lsetxattr, const char __user *, pathname, return error; error = mnt_want_write(path.mnt); if (!error) { @@ -56463,7 +56479,7 @@ index 67583de..c5aad14 100644 mnt_drop_write(path.mnt); } path_put(&path); -@@ -386,17 +392,15 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, +@@ -386,17 +413,15 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, const void __user *,value, size_t, size, int, flags) { struct file *f; @@ -57666,10 +57682,10 @@ index 0000000..1b9afa9 +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..5ce409b +index 0000000..59ef60a --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,4216 @@ +@@ -0,0 +1,4218 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -57696,6 +57712,13 @@ index 0000000..5ce409b +#include <linux/fdtable.h> +#include <linux/percpu.h> +#include <linux/posix-timers.h> ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++#include <linux/magic.h> ++#include <linux/pagemap.h> ++#include "../fs/btrfs/async-thread.h" ++#include "../fs/btrfs/ctree.h" ++#include "../fs/btrfs/btrfs_inode.h" ++#endif + +#include <asm/uaccess.h> +#include <asm/errno.h> @@ -57772,19 +57795,14 @@ index 0000000..5ce409b + return (gr_status & GR_READY); +} + -+#ifdef CONFIG_BTRFS_FS -+extern dev_t get_btrfs_dev_from_inode(struct inode *inode); -+extern int btrfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat); -+#endif -+ +static inline dev_t __get_dev(const struct dentry *dentry) +{ -+#ifdef CONFIG_BTRFS_FS -+ if (dentry->d_inode->i_op && dentry->d_inode->i_op->getattr == &btrfs_getattr) -+ return get_btrfs_dev_from_inode(dentry->d_inode); ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++ if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC) ++ return BTRFS_I(dentry->d_inode)->root->anon_dev; + else +#endif -+ return dentry->d_inode->i_sb->s_dev; ++ return dentry->d_sb->s_dev; +} + +dev_t gr_get_dev_from_dentry(struct dentry *dentry) @@ -63223,10 +63241,10 @@ index 0000000..39645c9 +} diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c new file mode 100644 -index 0000000..466c527 +index 0000000..42b6af4 --- /dev/null +++ b/grsecurity/gracl_segv.c -@@ -0,0 +1,299 @@ +@@ -0,0 +1,301 @@ +#include <linux/kernel.h> +#include <linux/mm.h> +#include <asm/uaccess.h> @@ -63244,6 +63262,13 @@ index 0000000..466c527 +#include <linux/gracl.h> +#include <linux/grsecurity.h> +#include <linux/grinternal.h> ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++#include <linux/magic.h> ++#include <linux/pagemap.h> ++#include "../fs/btrfs/async-thread.h" ++#include "../fs/btrfs/ctree.h" ++#include "../fs/btrfs/btrfs_inode.h" ++#endif + +static struct crash_uid *uid_set; +static unsigned short uid_used; @@ -63253,19 +63278,14 @@ index 0000000..466c527 + lookup_acl_subj_label(const ino_t inode, const dev_t dev, + struct acl_role_label *role); + -+#ifdef CONFIG_BTRFS_FS -+extern dev_t get_btrfs_dev_from_inode(struct inode *inode); -+extern int btrfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat); -+#endif -+ +static inline dev_t __get_dev(const struct dentry *dentry) +{ -+#ifdef CONFIG_BTRFS_FS -+ if (dentry->d_inode->i_op && dentry->d_inode->i_op->getattr == &btrfs_getattr) -+ return get_btrfs_dev_from_inode(dentry->d_inode); ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++ if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC) ++ return BTRFS_I(dentry->d_inode)->root->anon_dev; + else +#endif -+ return dentry->d_inode->i_sb->s_dev; ++ return dentry->d_sb->s_dev; +} + +int @@ -63958,7 +63978,7 @@ index 0000000..8124c0d +} diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c new file mode 100644 -index 0000000..b79fe50 +index 0000000..ac90ba1 --- /dev/null +++ b/grsecurity/grsec_disabled.c @@ -0,0 +1,442 @@ @@ -64390,7 +64410,7 @@ index 0000000..b79fe50 + +dev_t gr_get_dev_from_dentry(struct dentry *dentry) +{ -+ return dentry->d_inode->i_sb->s_dev; ++ return dentry->d_sb->s_dev; +} + +void gr_put_exec_file(struct task_struct *task) @@ -69932,7 +69952,7 @@ index 3797270..7765ede 100644 struct mca_bus { u64 default_dma_mask; diff --git a/include/linux/mm.h b/include/linux/mm.h -index 4baadd1..b5b424e 100644 +index d0493f6..ce3ea0b 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -115,7 +115,14 @@ extern unsigned int kobjsize(const void *objp); @@ -70137,7 +70157,7 @@ index 4baadd1..b5b424e 100644 struct vm_area_struct *find_extend_vma(struct mm_struct *, unsigned long addr); int remap_pfn_range(struct vm_area_struct *, unsigned long addr, unsigned long pfn, unsigned long size, pgprot_t); -@@ -1534,6 +1545,12 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); +@@ -1536,6 +1547,12 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); static inline void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -70150,7 +70170,7 @@ index 4baadd1..b5b424e 100644 } #endif /* CONFIG_PROC_FS */ -@@ -1614,7 +1631,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -1616,7 +1633,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); @@ -70159,7 +70179,7 @@ index 4baadd1..b5b424e 100644 extern int soft_offline_page(struct page *page, int flags); extern void dump_page(struct page *page); -@@ -1628,5 +1645,11 @@ extern void copy_user_huge_page(struct page *dst, struct page *src, +@@ -1630,5 +1647,11 @@ extern void copy_user_huge_page(struct page *dst, struct page *src, unsigned int pages_per_huge_page); #endif /* CONFIG_TRANSPARENT_HUGEPAGE || CONFIG_HUGETLBFS */ @@ -70511,7 +70531,7 @@ index b299230..4915063 100644 struct iovec; struct kvec; diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index 00ca32b..60cc3a6 100644 +index 8c43fd1..782342e 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h @@ -949,6 +949,7 @@ struct net_device_ops { @@ -70665,7 +70685,7 @@ index 45fc162..01a4068 100644 /** * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h -index 9b9b2aa..6a25301 100644 +index 9b9b2aa..22f09dc 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h @@ -748,8 +748,8 @@ struct perf_event { @@ -70690,6 +70710,36 @@ index 9b9b2aa..6a25301 100644 /* * Protect attach/detach and child_list: +@@ -1101,7 +1101,7 @@ static inline void perf_callchain_store(struct perf_callchain_entry *entry, u64 + entry->ip[entry->nr++] = ip; + } + +-extern int sysctl_perf_event_paranoid; ++extern int sysctl_perf_event_legitimately_concerned; + extern int sysctl_perf_event_mlock; + extern int sysctl_perf_event_sample_rate; + +@@ -1111,17 +1111,17 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write, + + static inline bool perf_paranoid_tracepoint_raw(void) + { +- return sysctl_perf_event_paranoid > -1; ++ return sysctl_perf_event_legitimately_concerned > -1; + } + + static inline bool perf_paranoid_cpu(void) + { +- return sysctl_perf_event_paranoid > 0; ++ return sysctl_perf_event_legitimately_concerned > 0; + } + + static inline bool perf_paranoid_kernel(void) + { +- return sysctl_perf_event_paranoid > 1; ++ return sysctl_perf_event_legitimately_concerned > 1; + } + + extern void perf_event_init(void); @@ -1199,7 +1199,7 @@ static inline void perf_restore_debug_store(void) { } */ #define perf_cpu_notifier(fn) \ @@ -71427,7 +71477,7 @@ index 92808b8..c28cac4 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index da65890..987de29 100644 +index efe50af..0d0b145 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -538,7 +538,7 @@ extern void consume_skb(struct sk_buff *skb); @@ -71493,7 +71543,7 @@ index da65890..987de29 100644 +#endif } - /* Note: This doesn't put any conntrack and bridge info in dst. */ + static inline void nf_reset_trace(struct sk_buff *skb) diff --git a/include/linux/slab.h b/include/linux/slab.h index 573c809..59fadfb 100644 --- a/include/linux/slab.h @@ -72430,7 +72480,7 @@ index 65efb92..137adbb 100644 static inline void __dec_zone_page_state(struct page *page, diff --git a/include/linux/xattr.h b/include/linux/xattr.h -index e5d1220..7ed3f9c 100644 +index e5d1220..5a87d07 100644 --- a/include/linux/xattr.h +++ b/include/linux/xattr.h @@ -57,6 +57,11 @@ @@ -72454,6 +72504,16 @@ index e5d1220..7ed3f9c 100644 struct xattr { char *name; +@@ -82,6 +87,9 @@ struct xattr { + }; + + ssize_t xattr_getsecurity(struct inode *, const char *, void *, size_t); ++#ifdef CONFIG_PAX_XATTR_PAX_FLAGS ++ssize_t pax_getxattr(struct dentry *, void *, size_t); ++#endif + ssize_t vfs_getxattr(struct dentry *, const char *, void *, size_t); + ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size); + int __vfs_setxattr_noperm(struct dentry *, const char *, const void *, size_t, int); diff --git a/include/linux/zlib.h b/include/linux/zlib.h index 9c5a6b4..09c9438 100644 --- a/include/linux/zlib.h @@ -73655,7 +73715,7 @@ index 2531811..040d4d4 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index 5d0eb1d..b462edb 100644 +index 5d0eb1d..19ff85b 100644 --- a/init/main.c +++ b/init/main.c @@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { } @@ -73667,7 +73727,7 @@ index 5d0eb1d..b462edb 100644 /* * Debug helper: via this flag we know that we are in 'early bootup code' * where only the boot processor is running with IRQ disabled. This means -@@ -149,6 +151,61 @@ static int __init set_reset_devices(char *str) +@@ -149,6 +151,64 @@ static int __init set_reset_devices(char *str) __setup("reset_devices", set_reset_devices); @@ -73682,6 +73742,8 @@ index 5d0eb1d..b462edb 100644 +#endif + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++unsigned long pax_user_shadow_base __read_only = 1UL << TASK_SIZE_MAX_SHIFT; ++EXPORT_SYMBOL(pax_user_shadow_base); +extern char pax_enter_kernel_user[]; +extern char pax_exit_kernel_user[]; +extern pgdval_t clone_pgd_mask; @@ -73708,6 +73770,7 @@ index 5d0eb1d..b462edb 100644 + memcpy(pax_enter_kernel_user, (unsigned char []){0xc3}, 1); + memcpy(pax_exit_kernel_user, (unsigned char []){0xc3}, 1); + clone_pgd_mask = ~(pgdval_t)0UL; ++ pax_user_shadow_base = 0UL; +#endif + + return 0; @@ -73729,7 +73792,7 @@ index 5d0eb1d..b462edb 100644 static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; static const char *panic_later, *panic_param; -@@ -678,6 +735,7 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -678,6 +738,7 @@ int __init_or_module do_one_initcall(initcall_t fn) { int count = preempt_count(); int ret; @@ -73737,7 +73800,7 @@ index 5d0eb1d..b462edb 100644 if (initcall_debug) ret = do_one_initcall_debug(fn); -@@ -690,15 +748,15 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -690,15 +751,15 @@ int __init_or_module do_one_initcall(initcall_t fn) sprintf(msgbuf, "error code %d ", ret); if (preempt_count() != count) { @@ -73757,7 +73820,7 @@ index 5d0eb1d..b462edb 100644 } return ret; -@@ -711,8 +769,14 @@ static void __init do_initcalls(void) +@@ -711,8 +772,14 @@ static void __init do_initcalls(void) { initcall_t *fn; @@ -73773,7 +73836,7 @@ index 5d0eb1d..b462edb 100644 } /* -@@ -738,8 +802,14 @@ static void __init do_pre_smp_initcalls(void) +@@ -738,8 +805,14 @@ static void __init do_pre_smp_initcalls(void) { initcall_t *fn; @@ -73789,7 +73852,7 @@ index 5d0eb1d..b462edb 100644 } static void run_init_process(const char *init_filename) -@@ -821,7 +891,7 @@ static int __init kernel_init(void * unused) +@@ -821,7 +894,7 @@ static int __init kernel_init(void * unused) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -73798,7 +73861,7 @@ index 5d0eb1d..b462edb 100644 printk(KERN_WARNING "Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -834,11 +904,13 @@ static int __init kernel_init(void * unused) +@@ -834,11 +907,13 @@ static int __init kernel_init(void * unused) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -73958,7 +74021,7 @@ index 5215a81..cfc0cac 100644 sem_params.flg = semflg; sem_params.u.nsems = nsems; diff --git a/ipc/shm.c b/ipc/shm.c -index b76be5b..859e750 100644 +index 326a20b..62e6b7e 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -69,6 +69,14 @@ static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp); @@ -74218,7 +74281,7 @@ index b463871..59495fd 100644 * nsown_capable - Check superior capability to one's own user_ns * @cap: The capability in question diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index c0739f8..262bc6f 100644 +index d2a01fe..493cba0 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c @@ -5153,7 +5153,7 @@ static int cgroup_css_links_read(struct cgroup *cont, @@ -74639,10 +74702,23 @@ index 63786e7..0780cac 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index 7d1f05e..66d5a8e 100644 +index 9f21915..08e25b4 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c -@@ -173,7 +173,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write, +@@ -146,7 +146,11 @@ static struct srcu_struct pmus_srcu; + * 1 - disallow cpu events for unpriv + * 2 - disallow kernel profiling for unpriv + */ +-int sysctl_perf_event_paranoid __read_mostly = 1; ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++int sysctl_perf_event_legitimately_concerned __read_mostly = 2; ++#else ++int sysctl_perf_event_legitimately_concerned __read_mostly = 1; ++#endif + + /* Minimum for 512 kiB + 1 user control page */ + int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */ +@@ -173,7 +177,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write, return 0; } @@ -74651,7 +74727,7 @@ index 7d1f05e..66d5a8e 100644 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, enum event_type_t event_type); -@@ -2540,7 +2540,7 @@ static void __perf_event_read(void *info) +@@ -2540,7 +2544,7 @@ static void __perf_event_read(void *info) static inline u64 perf_event_count(struct perf_event *event) { @@ -74660,7 +74736,7 @@ index 7d1f05e..66d5a8e 100644 } static u64 perf_event_read(struct perf_event *event) -@@ -3071,9 +3071,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) +@@ -3071,9 +3075,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) mutex_lock(&event->child_mutex); total += perf_event_read(event); *enabled += event->total_time_enabled + @@ -74672,7 +74748,7 @@ index 7d1f05e..66d5a8e 100644 list_for_each_entry(child, &event->child_list, child_list) { total += perf_event_read(child); -@@ -3482,10 +3482,10 @@ void perf_event_update_userpage(struct perf_event *event) +@@ -3482,10 +3486,10 @@ void perf_event_update_userpage(struct perf_event *event) userpg->offset -= local64_read(&event->hw.prev_count); userpg->time_enabled = enabled + @@ -74685,7 +74761,7 @@ index 7d1f05e..66d5a8e 100644 barrier(); ++userpg->lock; -@@ -3914,11 +3914,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, +@@ -3914,11 +3918,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, values[n++] = perf_event_count(event); if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { values[n++] = enabled + @@ -74699,7 +74775,7 @@ index 7d1f05e..66d5a8e 100644 } if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(event); -@@ -4569,12 +4569,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) +@@ -4569,12 +4573,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) * need to add enough zero bytes after the string to handle * the 64bit alignment we do later. */ @@ -74714,7 +74790,7 @@ index 7d1f05e..66d5a8e 100644 if (IS_ERR(name)) { name = strncpy(tmp, "//toolong", sizeof(tmp)); goto got_name; -@@ -5930,7 +5930,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, +@@ -5931,7 +5935,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, event->parent = parent_event; event->ns = get_pid_ns(current->nsproxy->pid_ns); @@ -74723,7 +74799,7 @@ index 7d1f05e..66d5a8e 100644 event->state = PERF_EVENT_STATE_INACTIVE; -@@ -6450,10 +6450,10 @@ static void sync_child_event(struct perf_event *child_event, +@@ -6451,10 +6455,10 @@ static void sync_child_event(struct perf_event *child_event, /* * Add back the child's count to the parent's count: */ @@ -75239,10 +75315,10 @@ index 9b22d03..6295b62 100644 prev->next = info->next; else diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index e4cee8d..f31f503 100644 +index 60f7e32..76ccd96 100644 --- a/kernel/hrtimer.c +++ b/kernel/hrtimer.c -@@ -1408,7 +1408,7 @@ void hrtimer_peek_ahead_timers(void) +@@ -1414,7 +1414,7 @@ void hrtimer_peek_ahead_timers(void) local_irq_restore(flags); } @@ -75251,7 +75327,7 @@ index e4cee8d..f31f503 100644 { struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases); -@@ -1750,7 +1750,7 @@ static int __cpuinit hrtimer_cpu_notify(struct notifier_block *self, +@@ -1756,7 +1756,7 @@ static int __cpuinit hrtimer_cpu_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -78363,7 +78439,7 @@ index be5fa8b..bb69d33 100644 break; } diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index ea7ec7f..3ead220 100644 +index ea7ec7f..b1c7c88 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -86,6 +86,13 @@ @@ -78488,6 +78564,17 @@ index ea7ec7f..3ead220 100644 { .procname = "ngroups_max", .data = &ngroups_max, +@@ -957,8 +1002,8 @@ static struct ctl_table kern_table[] = { + */ + { + .procname = "perf_event_paranoid", +- .data = &sysctl_perf_event_paranoid, +- .maxlen = sizeof(sysctl_perf_event_paranoid), ++ .data = &sysctl_perf_event_legitimately_concerned, ++ .maxlen = sizeof(sysctl_perf_event_legitimately_concerned), + .mode = 0644, + .proc_handler = proc_dointvec, + }, @@ -1216,6 +1261,13 @@ static struct ctl_table vm_table[] = { .proc_handler = proc_dointvec_minmax, .extra1 = &zero, @@ -78824,10 +78911,10 @@ index 8a46f5d..bbe6f9c 100644 .clock_get = alarm_clock_get, .timer_create = alarm_timer_create, diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c -index cd068b2..b2067ab 100644 +index c3509fb..ebec319 100644 --- a/kernel/time/tick-broadcast.c +++ b/kernel/time/tick-broadcast.c -@@ -116,7 +116,7 @@ int tick_device_uses_broadcast(struct clock_event_device *dev, int cpu) +@@ -120,7 +120,7 @@ int tick_device_uses_broadcast(struct clock_event_device *dev, int cpu) * then clear the broadcast bit. */ if (!(dev->features & CLOCK_EVT_FEAT_C3STOP)) { @@ -79038,7 +79125,7 @@ index 16fc34a..efd8bb8 100644 ret = -EIO; bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt, diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index 5527211..04dce85 100644 +index 24b3759..e460d0b 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c @@ -1586,12 +1586,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) @@ -79070,7 +79157,7 @@ index 5527211..04dce85 100644 { struct ftrace_func_probe *entry; struct ftrace_page *pg; -@@ -3981,8 +3986,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write, +@@ -3982,8 +3987,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write, #ifdef CONFIG_FUNCTION_GRAPH_TRACER static int ftrace_graph_active; @@ -79079,7 +79166,7 @@ index 5527211..04dce85 100644 int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace) { return 0; -@@ -4126,6 +4129,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state, +@@ -4127,6 +4130,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state, return NOTIFY_DONE; } @@ -79090,7 +79177,7 @@ index 5527211..04dce85 100644 int register_ftrace_graph(trace_func_graph_ret_t retfunc, trace_func_graph_ent_t entryfunc) { -@@ -4139,7 +4146,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc, +@@ -4140,7 +4147,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc, goto out; } @@ -79371,7 +79458,7 @@ index 6fdc629..55739fe 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 17edb14..8cc9713 100644 +index 0ec6c34..8670e8b 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -2645,7 +2645,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) @@ -79585,15 +79672,15 @@ index 1dcf253..e1568b3 100644 key = event->type & (EVENT_HASHSIZE - 1); diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c -index 77575b3..6e623d1 100644 +index c5b20a3..6b38c73 100644 --- a/kernel/trace/trace_stack.c +++ b/kernel/trace/trace_stack.c -@@ -50,7 +50,7 @@ static inline void check_stack(void) +@@ -66,7 +66,7 @@ check_stack(unsigned long ip, unsigned long *stack) return; /* we do not handle interrupt stacks yet */ -- if (!object_is_on_stack(&this_size)) -+ if (!object_starts_on_stack(&this_size)) +- if (!object_is_on_stack(stack)) ++ if (!object_starts_on_stack(stack)) return; local_irq_save(flags); @@ -80775,7 +80862,7 @@ index 1b03878..d62c02b 100644 /* keep elevated page count for bad page */ return ret; diff --git a/mm/memory.c b/mm/memory.c -index 4f2add1..6af39ff 100644 +index d5f913b..6f403ad 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -462,8 +462,12 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, @@ -80902,7 +80989,7 @@ index 4f2add1..6af39ff 100644 if (addr < vma->vm_start || addr >= vma->vm_end) return -EFAULT; -@@ -2353,7 +2366,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, +@@ -2400,7 +2413,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, BUG_ON(pud_huge(*pud)); @@ -80913,7 +81000,7 @@ index 4f2add1..6af39ff 100644 if (!pmd) return -ENOMEM; do { -@@ -2373,7 +2388,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, +@@ -2420,7 +2435,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, unsigned long next; int err; @@ -80924,7 +81011,7 @@ index 4f2add1..6af39ff 100644 if (!pud) return -ENOMEM; do { -@@ -2461,6 +2478,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo +@@ -2508,6 +2525,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo copy_user_highpage(dst, src, va, vma); } @@ -81111,7 +81198,7 @@ index 4f2add1..6af39ff 100644 /* * This routine handles present pages, when users try to write * to a shared page. It is done by copying the page to a new address -@@ -2672,6 +2869,12 @@ gotten: +@@ -2719,6 +2916,12 @@ gotten: */ page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { @@ -81124,7 +81211,7 @@ index 4f2add1..6af39ff 100644 if (old_page) { if (!PageAnon(old_page)) { dec_mm_counter_fast(mm, MM_FILEPAGES); -@@ -2723,6 +2926,10 @@ gotten: +@@ -2770,6 +2973,10 @@ gotten: page_remove_rmap(old_page); } @@ -81135,7 +81222,7 @@ index 4f2add1..6af39ff 100644 /* Free the old page.. */ new_page = old_page; ret |= VM_FAULT_WRITE; -@@ -3002,6 +3209,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3049,6 +3256,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, swap_free(entry); if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) try_to_free_swap(page); @@ -81147,7 +81234,7 @@ index 4f2add1..6af39ff 100644 unlock_page(page); if (swapcache) { /* -@@ -3025,6 +3237,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3072,6 +3284,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -81159,7 +81246,7 @@ index 4f2add1..6af39ff 100644 unlock: pte_unmap_unlock(page_table, ptl); out: -@@ -3044,40 +3261,6 @@ out_release: +@@ -3091,40 +3308,6 @@ out_release: } /* @@ -81200,7 +81287,7 @@ index 4f2add1..6af39ff 100644 * We enter with non-exclusive mmap_sem (to exclude vma changes, * but allow concurrent faults), and pte mapped but not yet locked. * We return with mmap_sem still held, but pte unmapped and unlocked. -@@ -3086,27 +3269,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3133,27 +3316,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *page_table, pmd_t *pmd, unsigned int flags) { @@ -81233,7 +81320,7 @@ index 4f2add1..6af39ff 100644 if (unlikely(anon_vma_prepare(vma))) goto oom; page = alloc_zeroed_user_highpage_movable(vma, address); -@@ -3125,6 +3304,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3172,6 +3351,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, if (!pte_none(*page_table)) goto release; @@ -81245,7 +81332,7 @@ index 4f2add1..6af39ff 100644 inc_mm_counter_fast(mm, MM_ANONPAGES); page_add_new_anon_rmap(page, vma, address); setpte: -@@ -3132,6 +3316,12 @@ setpte: +@@ -3179,6 +3363,12 @@ setpte: /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -81258,7 +81345,7 @@ index 4f2add1..6af39ff 100644 unlock: pte_unmap_unlock(page_table, ptl); return 0; -@@ -3275,6 +3465,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3322,6 +3512,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, */ /* Only go through if we didn't race with anybody else... */ if (likely(pte_same(*page_table, orig_pte))) { @@ -81271,7 +81358,7 @@ index 4f2add1..6af39ff 100644 flush_icache_page(vma, page); entry = mk_pte(page, vma->vm_page_prot); if (flags & FAULT_FLAG_WRITE) -@@ -3294,6 +3490,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3341,6 +3537,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, /* no need to invalidate: a not-present page won't be cached */ update_mmu_cache(vma, address, page_table); @@ -81286,7 +81373,7 @@ index 4f2add1..6af39ff 100644 } else { if (cow_page) mem_cgroup_uncharge_page(cow_page); -@@ -3447,6 +3651,12 @@ int handle_pte_fault(struct mm_struct *mm, +@@ -3494,6 +3698,12 @@ int handle_pte_fault(struct mm_struct *mm, if (flags & FAULT_FLAG_WRITE) flush_tlb_fix_spurious_fault(vma, address); } @@ -81299,7 +81386,7 @@ index 4f2add1..6af39ff 100644 unlock: pte_unmap_unlock(pte, ptl); return 0; -@@ -3463,6 +3673,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3510,6 +3720,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, pmd_t *pmd; pte_t *pte; @@ -81310,7 +81397,7 @@ index 4f2add1..6af39ff 100644 __set_current_state(TASK_RUNNING); count_vm_event(PGFAULT); -@@ -3474,6 +3688,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3521,6 +3735,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, if (unlikely(is_vm_hugetlb_page(vma))) return hugetlb_fault(mm, vma, address, flags); @@ -81345,7 +81432,7 @@ index 4f2add1..6af39ff 100644 retry: pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); -@@ -3515,7 +3757,7 @@ retry: +@@ -3562,7 +3804,7 @@ retry: * run pte_offset_map on the pmd, if an huge pmd could * materialize from under us from a different thread. */ @@ -81354,7 +81441,7 @@ index 4f2add1..6af39ff 100644 return VM_FAULT_OOM; /* if an huge pmd materialized from under us just retry later */ if (unlikely(pmd_trans_huge(*pmd))) -@@ -3552,6 +3794,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) +@@ -3599,6 +3841,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -81378,7 +81465,7 @@ index 4f2add1..6af39ff 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -3582,11 +3841,35 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -3629,11 +3888,35 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -81416,7 +81503,7 @@ index 4f2add1..6af39ff 100644 struct vm_area_struct * vma; vma = find_vma(current->mm, addr); -@@ -3619,7 +3902,7 @@ static int __init gate_vma_init(void) +@@ -3666,7 +3949,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -81425,7 +81512,7 @@ index 4f2add1..6af39ff 100644 /* * Make sure the vDSO gets into every core dump. * Dumping its contents makes post-mortem fully interpretable later -@@ -3759,8 +4042,8 @@ out: +@@ -3806,8 +4089,8 @@ out: return ret; } @@ -81436,7 +81523,7 @@ index 4f2add1..6af39ff 100644 { resource_size_t phys_addr; unsigned long prot = 0; -@@ -3785,8 +4068,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr, +@@ -3832,8 +4115,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr, * Access another process' address space as given in mm. If non-NULL, use the * given task for page fault accounting. */ @@ -81447,7 +81534,7 @@ index 4f2add1..6af39ff 100644 { struct vm_area_struct *vma; void *old_buf = buf; -@@ -3794,7 +4077,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -3841,7 +4124,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, down_read(&mm->mmap_sem); /* ignore errors, just check how much was successfully transferred */ while (len) { @@ -81456,7 +81543,7 @@ index 4f2add1..6af39ff 100644 void *maddr; struct page *page = NULL; -@@ -3853,8 +4136,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -3900,8 +4183,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, * * The caller must hold a reference on @mm. */ @@ -81467,7 +81554,7 @@ index 4f2add1..6af39ff 100644 { return __access_remote_vm(NULL, mm, addr, buf, len, write); } -@@ -3864,11 +4147,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, +@@ -3911,11 +4194,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, * Source/target buffer must be kernel space, * Do not walk the page table directly, use get_user_pages */ @@ -85616,10 +85703,10 @@ index 158887a..1b70c49 100644 err = -EFAULT; break; diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c -index 14c4864..77ff888 100644 +index 82ce164..00bd057 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c -@@ -684,7 +684,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c +@@ -685,7 +685,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c struct sock *sk = sock->sk; struct bt_security sec; int err = 0; @@ -85628,7 +85715,7 @@ index 14c4864..77ff888 100644 u32 opt; BT_DBG("sk %p", sk); -@@ -706,7 +706,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c +@@ -707,7 +707,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c sec.level = BT_SECURITY_LOW; @@ -85682,7 +85769,7 @@ index 5864cc4..6ddb362 100644 break; } diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c -index a986280..13444a1 100644 +index 53a8e37..45c033e 100644 --- a/net/caif/caif_socket.c +++ b/net/caif/caif_socket.c @@ -48,19 +48,20 @@ static struct dentry *debugfsdir; @@ -85787,7 +85874,7 @@ index a986280..13444a1 100644 set_rx_flow_on(cf_sk); caif_flow_ctrl(sk, CAIF_MODEMCMD_FLOW_ON_REQ); } -@@ -854,7 +855,7 @@ static int caif_connect(struct socket *sock, struct sockaddr *uaddr, +@@ -856,7 +857,7 @@ static int caif_connect(struct socket *sock, struct sockaddr *uaddr, /*ifindex = id of the interface.*/ cf_sk->conn_req.ifindex = cf_sk->sk.sk_bound_dev_if; @@ -85796,7 +85883,7 @@ index a986280..13444a1 100644 cf_sk->layer.receive = caif_sktrecv_cb; err = caif_connect_client(sock_net(sk), &cf_sk->conn_req, -@@ -943,7 +944,7 @@ static int caif_release(struct socket *sock) +@@ -945,7 +946,7 @@ static int caif_release(struct socket *sock) spin_unlock_bh(&sk->sk_receive_queue.lock); sock->sk = NULL; @@ -85805,7 +85892,7 @@ index a986280..13444a1 100644 WARN_ON(IS_ERR(cf_sk->debugfs_socket_dir)); if (cf_sk->debugfs_socket_dir != NULL) -@@ -1122,7 +1123,7 @@ static int caif_create(struct net *net, struct socket *sock, int protocol, +@@ -1124,7 +1125,7 @@ static int caif_create(struct net *net, struct socket *sock, int protocol, cf_sk->conn_req.protocol = protocol; /* Increase the number of sockets created. */ dbfs_atomic_inc(&cnt.caif_nr_socks); @@ -86129,7 +86216,7 @@ index 68bbf9f..5ef0d12 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index 720aea0..966cb89 100644 +index 8e455b8..0e05f5f 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -1142,10 +1142,14 @@ void dev_load(struct net *net, const char *name) @@ -86165,7 +86252,7 @@ index 720aea0..966cb89 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -2046,7 +2050,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) +@@ -2047,7 +2051,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) struct dev_gso_cb { void (*destructor)(struct sk_buff *skb); @@ -86174,7 +86261,7 @@ index 720aea0..966cb89 100644 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) -@@ -2966,7 +2970,7 @@ enqueue: +@@ -2967,7 +2971,7 @@ enqueue: local_irq_restore(flags); @@ -86183,7 +86270,7 @@ index 720aea0..966cb89 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -3040,7 +3044,7 @@ int netif_rx_ni(struct sk_buff *skb) +@@ -3041,7 +3045,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -86192,7 +86279,7 @@ index 720aea0..966cb89 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); -@@ -3339,7 +3343,7 @@ ncls: +@@ -3340,7 +3344,7 @@ ncls: if (pt_prev) { ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); } else { @@ -86201,7 +86288,7 @@ index 720aea0..966cb89 100644 kfree_skb(skb); /* Jamal, now you will not able to escape explaining * me how you were going to use this. :-) -@@ -3904,7 +3908,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -3905,7 +3909,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); @@ -86210,7 +86297,7 @@ index 720aea0..966cb89 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; -@@ -4374,8 +4378,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v) +@@ -4375,8 +4379,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v) else seq_printf(seq, "%04x", ntohs(pt->type)); @@ -86224,7 +86311,7 @@ index 720aea0..966cb89 100644 } return 0; -@@ -4437,7 +4446,7 @@ static void __net_exit dev_proc_net_exit(struct net *net) +@@ -4438,7 +4447,7 @@ static void __net_exit dev_proc_net_exit(struct net *net) proc_net_remove(net, "dev"); } @@ -86233,7 +86320,7 @@ index 720aea0..966cb89 100644 .init = dev_proc_net_init, .exit = dev_proc_net_exit, }; -@@ -5932,7 +5941,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, +@@ -5933,7 +5942,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, } else { netdev_stats_to_stats64(storage, &dev->stats); } @@ -86242,7 +86329,7 @@ index 720aea0..966cb89 100644 return storage; } EXPORT_SYMBOL(dev_get_stats); -@@ -6511,7 +6520,7 @@ static void __net_exit netdev_exit(struct net *net) +@@ -6512,7 +6521,7 @@ static void __net_exit netdev_exit(struct net *net) kfree(net->dev_index_head); } @@ -86251,7 +86338,7 @@ index 720aea0..966cb89 100644 .init = netdev_init, .exit = netdev_exit, }; -@@ -6573,7 +6582,7 @@ static void __net_exit default_device_exit_batch(struct list_head *net_list) +@@ -6574,7 +6583,7 @@ static void __net_exit default_device_exit_batch(struct list_head *net_list) rtnl_unlock(); } @@ -86261,7 +86348,7 @@ index 720aea0..966cb89 100644 .exit_batch = default_device_exit_batch, }; diff --git a/net/core/dev_addr_lists.c b/net/core/dev_addr_lists.c -index 0387da0..dbfe3a0 100644 +index cd09414..d070f83 100644 --- a/net/core/dev_addr_lists.c +++ b/net/core/dev_addr_lists.c @@ -723,7 +723,7 @@ static void __net_exit dev_mc_net_exit(struct net *net) @@ -86389,7 +86476,7 @@ index dd00b71..74d1779 100644 return error; } diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 3b5e680..ecb9676 100644 +index 5b7d5f2..ecb9676 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -57,7 +57,7 @@ struct rtnl_link { @@ -86427,24 +86514,6 @@ index 3b5e680..ecb9676 100644 } EXPORT_SYMBOL_GPL(__rtnl_link_unregister); -@@ -1064,7 +1067,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) - rcu_read_lock(); - cb->seq = net->dev_base_seq; - -- if (nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, -+ if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX, - ifla_policy) >= 0) { - - if (tb[IFLA_EXT_MASK]) -@@ -1907,7 +1910,7 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh) - u32 ext_filter_mask = 0; - u16 min_ifinfo_dump_size = 0; - -- if (nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, -+ if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX, - ifla_policy) >= 0) { - if (tb[IFLA_EXT_MASK]) - ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]); diff --git a/net/core/scm.c b/net/core/scm.c index ff52ad0..aff1c0f 100644 --- a/net/core/scm.c @@ -86912,31 +86981,6 @@ index e41c40f..fbed7a7 100644 .init = devinet_init_net, .exit = devinet_exit_net, }; -diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c -index 530787b..238fc3b 100644 ---- a/net/ipv4/esp4.c -+++ b/net/ipv4/esp4.c -@@ -137,8 +137,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) - - /* skb is pure payload to encrypt */ - -- err = -ENOMEM; -- - esp = x->data; - aead = esp->aead; - alen = crypto_aead_authsize(aead); -@@ -174,8 +172,10 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) - } - - tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen); -- if (!tmp) -+ if (!tmp) { -+ err = -ENOMEM; - goto error; -+ } - - seqhi = esp_tmp_seqhi(tmp); - iv = esp_tmp_iv(aead, tmp, seqhilen); diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c index 92fc5f6..b790d91 100644 --- a/net/ipv4/fib_frontend.c @@ -87114,10 +87158,10 @@ index 86f13c67..59a35b5 100644 secure_ip_id(daddr->addr.a4) : secure_ipv6_id(daddr->addr.a6)); diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c -index b2cfe83..e1fa733 100644 +index 8f441b2..a56d38e 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c -@@ -316,7 +316,7 @@ static inline int ip_frag_too_far(struct ipq *qp) +@@ -315,7 +315,7 @@ static inline int ip_frag_too_far(struct ipq *qp) return 0; start = qp->rid; @@ -87126,7 +87170,7 @@ index b2cfe83..e1fa733 100644 qp->rid = end; rc = qp->q.fragments && (end - start) > max; -@@ -766,21 +766,21 @@ static struct ctl_table ip4_frags_ctl_table[] = { +@@ -773,21 +773,21 @@ static struct ctl_table ip4_frags_ctl_table[] = { static int __net_init ip4_frags_ns_ctl_register(struct net *net) { @@ -87153,7 +87197,7 @@ index b2cfe83..e1fa733 100644 if (hdr == NULL) goto err_reg; -@@ -788,8 +788,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) +@@ -795,8 +795,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) return 0; err_reg: @@ -87565,21 +87609,6 @@ index 94cdbc5..01d3a77 100644 .init = rt_genid_init, }; -diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c -index 769c0e9..8a1bed2 100644 ---- a/net/ipv4/syncookies.c -+++ b/net/ipv4/syncookies.c -@@ -347,8 +347,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, - * hasn't changed since we received the original syn, but I see - * no easy way to do this. - */ -- flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), -- RT_SCOPE_UNIVERSE, IPPROTO_TCP, -+ flowi4_init_output(&fl4, sk->sk_bound_dev_if, sk->sk_mark, -+ RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP, - inet_sk_flowi_flags(sk), - (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, - ireq->loc_addr, th->source, th->dest); diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index 5485077..7e37374 100644 --- a/net/ipv4/sysctl_net_ipv4.c @@ -87701,10 +87730,10 @@ index 5485077..7e37374 100644 hdr = register_sysctl_paths(net_ipv4_ctl_path, ipv4_table); if (hdr == NULL) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index 3124e17..a5dd7e1 100644 +index 872b41d..54a02f1 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c -@@ -4729,7 +4729,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, +@@ -4736,7 +4736,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, * simplifies code) */ static void @@ -87713,7 +87742,7 @@ index 3124e17..a5dd7e1 100644 struct sk_buff *head, struct sk_buff *tail, u32 start, u32 end) { -@@ -5544,6 +5544,9 @@ slow_path: +@@ -5551,6 +5551,9 @@ slow_path: if (len < (th->doff << 2) || tcp_checksum_complete_user(sk, skb)) goto csum_error; @@ -87723,16 +87752,17 @@ index 3124e17..a5dd7e1 100644 /* * Standard slow path. */ -@@ -5552,7 +5555,7 @@ slow_path: +@@ -5559,8 +5562,7 @@ slow_path: return 0; step5: -- if (th->ack && tcp_ack(sk, skb, FLAG_SLOWPATH) < 0) -+ if (tcp_ack(sk, skb, FLAG_SLOWPATH) < 0) +- if (th->ack && +- tcp_ack(sk, skb, FLAG_SLOWPATH | FLAG_UPDATE_TS_RECENT) < 0) ++ if (tcp_ack(sk, skb, FLAG_SLOWPATH | FLAG_UPDATE_TS_RECENT) < 0) goto discard; - /* ts_recent update must be made after we are sure that the packet -@@ -5788,6 +5791,7 @@ discard: + tcp_rcv_rtt_measure_ts(sk, skb); +@@ -5791,6 +5793,7 @@ discard: tcp_paws_reject(&tp->rx_opt, 0)) goto discard_and_undo; @@ -87740,7 +87770,7 @@ index 3124e17..a5dd7e1 100644 if (th->syn) { /* We see SYN without ACK. It is attempt of * simultaneous connect with crossed SYNs. -@@ -5836,6 +5840,7 @@ discard: +@@ -5839,6 +5842,7 @@ discard: goto discard; #endif } @@ -87748,7 +87778,7 @@ index 3124e17..a5dd7e1 100644 /* "fifth, if neither of the SYN or RST bits is set then * drop the segment and return." */ -@@ -5879,7 +5884,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5882,7 +5886,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, goto discard; if (th->syn) { @@ -87757,7 +87787,7 @@ index 3124e17..a5dd7e1 100644 goto discard; if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) return 1; -@@ -5918,11 +5923,14 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5921,11 +5925,14 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, return 0; } @@ -87770,10 +87800,10 @@ index 3124e17..a5dd7e1 100644 /* step 5: check the ACK field */ - if (th->ack) { + if (true) { - int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0; + int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH | + FLAG_UPDATE_TS_RECENT) > 0; - switch (sk->sk_state) { -@@ -6027,8 +6035,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -6031,8 +6038,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, } break; } @@ -87781,8 +87811,8 @@ index 3124e17..a5dd7e1 100644 - goto discard; + } - /* ts_recent update must be made after we are sure that the packet - * is in window. + /* step 6: check the URG bit */ + tcp_urg(sk, skb, th); diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index a97c9ad..640d986 100644 --- a/net/ipv4/tcp_ipv4.c @@ -88076,7 +88106,7 @@ index 5a65eea..bd913a1 100644 int udp4_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 8589c2d..ca17f68 100644 +index d84033b..a15645a 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -2151,7 +2151,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) @@ -88301,10 +88331,10 @@ index 6e6c2c4..942cebf 100644 static int raw6_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c -index 2b0a4ca..40ad0d9 100644 +index 411fe2c..cdea3e4 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c -@@ -637,21 +637,21 @@ static struct ctl_table ip6_frags_ctl_table[] = { +@@ -646,21 +646,21 @@ static struct ctl_table ip6_frags_ctl_table[] = { static int __net_init ip6_frags_ns_sysctl_register(struct net *net) { @@ -88331,7 +88361,7 @@ index 2b0a4ca..40ad0d9 100644 if (hdr == NULL) goto err_reg; -@@ -659,8 +659,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) +@@ -668,8 +668,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) return 0; err_reg: @@ -88695,7 +88725,7 @@ index 32e3bb0..a4e5eb8 100644 } diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c -index cf98d62..7bf2972 100644 +index e836140..f8ec098 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c @@ -786,10 +786,10 @@ static int iucv_sock_autobind(struct sock *sk) @@ -89523,7 +89553,7 @@ index 874f8ff..339bb58 100644 } } diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c -index f156382..95ce7ba 100644 +index 3df7c5a..8f324b0 100644 --- a/net/netrom/af_netrom.c +++ b/net/netrom/af_netrom.c @@ -839,6 +839,7 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr, @@ -90130,19 +90160,6 @@ index 7635107..4670276 100644 _proto("Tx RESPONSE %%%u", ntohl(hdr->serial)); ret = kernel_sendmsg(conn->trans->local->socket, &msg, iov, 3, len); -diff --git a/net/sctp/auth.c b/net/sctp/auth.c -index bf81204..333926d 100644 ---- a/net/sctp/auth.c -+++ b/net/sctp/auth.c -@@ -71,7 +71,7 @@ void sctp_auth_key_put(struct sctp_auth_bytes *key) - return; - - if (atomic_dec_and_test(&key->refcnt)) { -- kfree(key); -+ kzfree(key); - SCTP_DBG_OBJCNT_DEC(keys); - } - } diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c index 8104278..300d89d 100644 --- a/net/sctp/ipv6.c @@ -91035,7 +91052,7 @@ index e728d4c..dffdddf 100644 if (!res) eth_started = 1; diff --git a/net/tipc/link.c b/net/tipc/link.c -index ae98a72..7bb6056 100644 +index ae98a72..22f4de0 100644 --- a/net/tipc/link.c +++ b/net/tipc/link.c @@ -1203,7 +1203,7 @@ static int link_send_sections_long(struct tipc_port *sender, @@ -91065,6 +91082,38 @@ index ae98a72..7bb6056 100644 sect_crs += sz; sect_rest -= sz; fragm_crs += sz; +@@ -2367,8 +2367,11 @@ static int link_recv_changeover_msg(struct link **l_ptr, + struct tipc_msg *tunnel_msg = buf_msg(tunnel_buf); + u32 msg_typ = msg_type(tunnel_msg); + u32 msg_count = msg_msgcnt(tunnel_msg); ++ u32 bearer_id = msg_bearer_id(tunnel_msg); + +- dest_link = (*l_ptr)->owner->links[msg_bearer_id(tunnel_msg)]; ++ if (bearer_id >= MAX_BEARERS) ++ goto exit; ++ dest_link = (*l_ptr)->owner->links[bearer_id]; + if (!dest_link) + goto exit; + if (dest_link == *l_ptr) { +@@ -2601,14 +2604,16 @@ int tipc_link_recv_fragment(struct sk_buff **pending, struct sk_buff **fb, + struct tipc_msg *imsg = (struct tipc_msg *)msg_data(fragm); + u32 msg_sz = msg_size(imsg); + u32 fragm_sz = msg_data_sz(fragm); +- u32 exp_fragm_cnt = msg_sz/fragm_sz + !!(msg_sz % fragm_sz); ++ u32 exp_fragm_cnt; + u32 max = TIPC_MAX_USER_MSG_SIZE + NAMED_H_SIZE; ++ + if (msg_type(imsg) == TIPC_MCAST_MSG) + max = TIPC_MAX_USER_MSG_SIZE + MCAST_H_SIZE; +- if (msg_size(imsg) > max) { ++ if (fragm_sz == 0 || msg_size(imsg) > max) { + buf_discard(fbuf); + return 0; + } ++ exp_fragm_cnt = msg_sz / fragm_sz + !!(msg_sz % fragm_sz); + pbuf = tipc_buf_acquire(msg_size(imsg)); + if (pbuf != NULL) { + pbuf->next = *pending; diff --git a/net/tipc/msg.c b/net/tipc/msg.c index 83d5096..dcba497 100644 --- a/net/tipc/msg.c @@ -91092,7 +91141,7 @@ index 1983717..4d6102c 100644 sub->evt.event = htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index 18978b6..911c6c1 100644 +index 5611563..911c6c1 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -766,6 +766,12 @@ static struct sock *unix_find_other(struct net *net, @@ -91141,15 +91190,6 @@ index 18978b6..911c6c1 100644 mutex_unlock(&path.dentry->d_inode->i_mutex); dput(path.dentry); path.dentry = dentry; -@@ -1956,7 +1976,7 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock, - if ((UNIXCB(skb).pid != siocb->scm->pid) || - (UNIXCB(skb).cred != siocb->scm->cred)) - break; -- } else { -+ } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { - /* Copy credentials */ - scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred); - check_creds = 1; @@ -2260,9 +2280,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) seq_puts(seq, "Num RefCount Protocol Flags Type St " "Inode Path\n"); @@ -93454,7 +93494,7 @@ index 91cdf943..4085161 100644 if (err < 0) return err; diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c -index 7ada40e..8c53bfe 100644 +index 638600b..2e6b1fd 100644 --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c @@ -2788,11 +2788,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, @@ -93807,7 +93847,7 @@ index ee15337..ab0ec34 100644 if (playback) diff --git a/sound/usb/card.h b/sound/usb/card.h -index 665e297..ed6b31c 100644 +index 2b7559c..3a42a04 100644 --- a/sound/usb/card.h +++ b/sound/usb/card.h @@ -44,6 +44,7 @@ struct snd_urb_ops { @@ -93818,7 +93858,7 @@ index 665e297..ed6b31c 100644 struct snd_usb_substream { struct snd_usb_stream *stream; -@@ -94,7 +95,7 @@ struct snd_usb_substream { +@@ -95,7 +96,7 @@ struct snd_usb_substream { struct snd_pcm_hw_constraint_list rate_list; /* limited rates */ spinlock_t lock; diff --git a/3.2.44/4425_grsec_remove_EI_PAX.patch b/3.2.45/4425_grsec_remove_EI_PAX.patch index 7d06ac2..7d06ac2 100644 --- a/3.2.44/4425_grsec_remove_EI_PAX.patch +++ b/3.2.45/4425_grsec_remove_EI_PAX.patch diff --git a/3.2.44/4430_grsec-remove-localversion-grsec.patch b/3.2.45/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.2.44/4430_grsec-remove-localversion-grsec.patch +++ b/3.2.45/4430_grsec-remove-localversion-grsec.patch diff --git a/3.2.44/4435_grsec-mute-warnings.patch b/3.2.45/4435_grsec-mute-warnings.patch index f099757..f099757 100644 --- a/3.2.44/4435_grsec-mute-warnings.patch +++ b/3.2.45/4435_grsec-mute-warnings.patch diff --git a/3.2.44/4440_grsec-remove-protected-paths.patch b/3.2.45/4440_grsec-remove-protected-paths.patch index 637934a..637934a 100644 --- a/3.2.44/4440_grsec-remove-protected-paths.patch +++ b/3.2.45/4440_grsec-remove-protected-paths.patch diff --git a/3.8.12/4450_grsec-kconfig-default-gids.patch b/3.2.45/4450_grsec-kconfig-default-gids.patch index 7c20c40..6f5b79b 100644 --- a/3.8.12/4450_grsec-kconfig-default-gids.patch +++ b/3.2.45/4450_grsec-kconfig-default-gids.patch @@ -16,7 +16,7 @@ from shooting themselves in the foot. diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400 +++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400 -@@ -578,7 +578,7 @@ +@@ -588,7 +588,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -798,7 +798,7 @@ +@@ -808,7 +808,7 @@ config GRKERNSEC_TPE_UNTRUSTED_GID int "GID for TPE-untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -807,7 +807,7 @@ +@@ -817,7 +817,7 @@ config GRKERNSEC_TPE_TRUSTED_GID int "GID for TPE-trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -900,7 +900,7 @@ +@@ -910,7 +910,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -921,7 +921,7 @@ +@@ -931,7 +931,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -939,7 +939,7 @@ +@@ -949,7 +949,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/3.2.44/4465_selinux-avc_audit-log-curr_ip.patch b/3.2.45/4465_selinux-avc_audit-log-curr_ip.patch index 70cc565..47a5787 100644 --- a/3.2.44/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.2.45/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 -@@ -998,6 +998,27 @@ +@@ -1008,6 +1008,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/3.2.44/4470_disable-compat_vdso.patch b/3.2.45/4470_disable-compat_vdso.patch index 99c691b..99c691b 100644 --- a/3.2.44/4470_disable-compat_vdso.patch +++ b/3.2.45/4470_disable-compat_vdso.patch diff --git a/3.8.12/1010_linux-3.8.11.patch b/3.8.12/1010_linux-3.8.11.patch deleted file mode 100644 index 244c734..0000000 --- a/3.8.12/1010_linux-3.8.11.patch +++ /dev/null @@ -1,1556 +0,0 @@ -diff --git a/Makefile b/Makefile -index e2b10b9..7e4eee5 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 3 - PATCHLEVEL = 8 --SUBLEVEL = 10 -+SUBLEVEL = 11 - EXTRAVERSION = - NAME = Displaced Humerus Anterior - -diff --git a/arch/arm/include/asm/hardware/iop3xx.h b/arch/arm/include/asm/hardware/iop3xx.h -index 02fe2fb..ed94b1a 100644 ---- a/arch/arm/include/asm/hardware/iop3xx.h -+++ b/arch/arm/include/asm/hardware/iop3xx.h -@@ -37,7 +37,7 @@ extern int iop3xx_get_init_atu(void); - * IOP3XX processor registers - */ - #define IOP3XX_PERIPHERAL_PHYS_BASE 0xffffe000 --#define IOP3XX_PERIPHERAL_VIRT_BASE 0xfeffe000 -+#define IOP3XX_PERIPHERAL_VIRT_BASE 0xfedfe000 - #define IOP3XX_PERIPHERAL_SIZE 0x00002000 - #define IOP3XX_PERIPHERAL_UPPER_PA (IOP3XX_PERIPHERAL_PHYS_BASE +\ - IOP3XX_PERIPHERAL_SIZE - 1) -diff --git a/arch/arm/kernel/sched_clock.c b/arch/arm/kernel/sched_clock.c -index bd6f56b..59d2adb 100644 ---- a/arch/arm/kernel/sched_clock.c -+++ b/arch/arm/kernel/sched_clock.c -@@ -45,12 +45,12 @@ static u32 notrace jiffy_sched_clock_read(void) - - static u32 __read_mostly (*read_sched_clock)(void) = jiffy_sched_clock_read; - --static inline u64 cyc_to_ns(u64 cyc, u32 mult, u32 shift) -+static inline u64 notrace cyc_to_ns(u64 cyc, u32 mult, u32 shift) - { - return (cyc * mult) >> shift; - } - --static unsigned long long cyc_to_sched_clock(u32 cyc, u32 mask) -+static unsigned long long notrace cyc_to_sched_clock(u32 cyc, u32 mask) - { - u64 epoch_ns; - u32 epoch_cyc; -diff --git a/arch/sparc/include/asm/pgtable_64.h b/arch/sparc/include/asm/pgtable_64.h -index 08fcce9..7619f2f 100644 ---- a/arch/sparc/include/asm/pgtable_64.h -+++ b/arch/sparc/include/asm/pgtable_64.h -@@ -915,6 +915,7 @@ static inline int io_remap_pfn_range(struct vm_area_struct *vma, - return remap_pfn_range(vma, from, phys_base >> PAGE_SHIFT, size, prot); - } - -+#include <asm/tlbflush.h> - #include <asm-generic/pgtable.h> - - /* We provide our own get_unmapped_area to cope with VA holes and -diff --git a/arch/sparc/include/asm/switch_to_64.h b/arch/sparc/include/asm/switch_to_64.h -index cad36f5..c7de332 100644 ---- a/arch/sparc/include/asm/switch_to_64.h -+++ b/arch/sparc/include/asm/switch_to_64.h -@@ -18,8 +18,7 @@ do { \ - * and 2 stores in this critical code path. -DaveM - */ - #define switch_to(prev, next, last) \ --do { flush_tlb_pending(); \ -- save_and_clear_fpu(); \ -+do { save_and_clear_fpu(); \ - /* If you are tempted to conditionalize the following */ \ - /* so that ASI is only written if it changes, think again. */ \ - __asm__ __volatile__("wr %%g0, %0, %%asi" \ -diff --git a/arch/sparc/include/asm/tlbflush_64.h b/arch/sparc/include/asm/tlbflush_64.h -index 2ef4634..f0d6a97 100644 ---- a/arch/sparc/include/asm/tlbflush_64.h -+++ b/arch/sparc/include/asm/tlbflush_64.h -@@ -11,24 +11,40 @@ - struct tlb_batch { - struct mm_struct *mm; - unsigned long tlb_nr; -+ unsigned long active; - unsigned long vaddrs[TLB_BATCH_NR]; - }; - - extern void flush_tsb_kernel_range(unsigned long start, unsigned long end); - extern void flush_tsb_user(struct tlb_batch *tb); -+extern void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr); - - /* TLB flush operations. */ - --extern void flush_tlb_pending(void); -+static inline void flush_tlb_mm(struct mm_struct *mm) -+{ -+} -+ -+static inline void flush_tlb_page(struct vm_area_struct *vma, -+ unsigned long vmaddr) -+{ -+} -+ -+static inline void flush_tlb_range(struct vm_area_struct *vma, -+ unsigned long start, unsigned long end) -+{ -+} -+ -+#define __HAVE_ARCH_ENTER_LAZY_MMU_MODE - --#define flush_tlb_range(vma,start,end) \ -- do { (void)(start); flush_tlb_pending(); } while (0) --#define flush_tlb_page(vma,addr) flush_tlb_pending() --#define flush_tlb_mm(mm) flush_tlb_pending() -+extern void flush_tlb_pending(void); -+extern void arch_enter_lazy_mmu_mode(void); -+extern void arch_leave_lazy_mmu_mode(void); -+#define arch_flush_lazy_mmu_mode() do {} while (0) - - /* Local cpu only. */ - extern void __flush_tlb_all(void); -- -+extern void __flush_tlb_page(unsigned long context, unsigned long vaddr); - extern void __flush_tlb_kernel_range(unsigned long start, unsigned long end); - - #ifndef CONFIG_SMP -@@ -38,15 +54,24 @@ do { flush_tsb_kernel_range(start,end); \ - __flush_tlb_kernel_range(start,end); \ - } while (0) - -+static inline void global_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr) -+{ -+ __flush_tlb_page(CTX_HWBITS(mm->context), vaddr); -+} -+ - #else /* CONFIG_SMP */ - - extern void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end); -+extern void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr); - - #define flush_tlb_kernel_range(start, end) \ - do { flush_tsb_kernel_range(start,end); \ - smp_flush_tlb_kernel_range(start, end); \ - } while (0) - -+#define global_flush_tlb_page(mm, vaddr) \ -+ smp_flush_tlb_page(mm, vaddr) -+ - #endif /* ! CONFIG_SMP */ - - #endif /* _SPARC64_TLBFLUSH_H */ -diff --git a/arch/sparc/kernel/smp_64.c b/arch/sparc/kernel/smp_64.c -index 537eb66..ca64d2a 100644 ---- a/arch/sparc/kernel/smp_64.c -+++ b/arch/sparc/kernel/smp_64.c -@@ -849,7 +849,7 @@ void smp_tsb_sync(struct mm_struct *mm) - } - - extern unsigned long xcall_flush_tlb_mm; --extern unsigned long xcall_flush_tlb_pending; -+extern unsigned long xcall_flush_tlb_page; - extern unsigned long xcall_flush_tlb_kernel_range; - extern unsigned long xcall_fetch_glob_regs; - extern unsigned long xcall_fetch_glob_pmu; -@@ -1074,23 +1074,56 @@ local_flush_and_out: - put_cpu(); - } - -+struct tlb_pending_info { -+ unsigned long ctx; -+ unsigned long nr; -+ unsigned long *vaddrs; -+}; -+ -+static void tlb_pending_func(void *info) -+{ -+ struct tlb_pending_info *t = info; -+ -+ __flush_tlb_pending(t->ctx, t->nr, t->vaddrs); -+} -+ - void smp_flush_tlb_pending(struct mm_struct *mm, unsigned long nr, unsigned long *vaddrs) - { - u32 ctx = CTX_HWBITS(mm->context); -+ struct tlb_pending_info info; - int cpu = get_cpu(); - -+ info.ctx = ctx; -+ info.nr = nr; -+ info.vaddrs = vaddrs; -+ - if (mm == current->mm && atomic_read(&mm->mm_users) == 1) - cpumask_copy(mm_cpumask(mm), cpumask_of(cpu)); - else -- smp_cross_call_masked(&xcall_flush_tlb_pending, -- ctx, nr, (unsigned long) vaddrs, -- mm_cpumask(mm)); -+ smp_call_function_many(mm_cpumask(mm), tlb_pending_func, -+ &info, 1); - - __flush_tlb_pending(ctx, nr, vaddrs); - - put_cpu(); - } - -+void smp_flush_tlb_page(struct mm_struct *mm, unsigned long vaddr) -+{ -+ unsigned long context = CTX_HWBITS(mm->context); -+ int cpu = get_cpu(); -+ -+ if (mm == current->mm && atomic_read(&mm->mm_users) == 1) -+ cpumask_copy(mm_cpumask(mm), cpumask_of(cpu)); -+ else -+ smp_cross_call_masked(&xcall_flush_tlb_page, -+ context, vaddr, 0, -+ mm_cpumask(mm)); -+ __flush_tlb_page(context, vaddr); -+ -+ put_cpu(); -+} -+ - void smp_flush_tlb_kernel_range(unsigned long start, unsigned long end) - { - start &= PAGE_MASK; -diff --git a/arch/sparc/mm/tlb.c b/arch/sparc/mm/tlb.c -index ba6ae7f..83d89bc 100644 ---- a/arch/sparc/mm/tlb.c -+++ b/arch/sparc/mm/tlb.c -@@ -24,11 +24,17 @@ static DEFINE_PER_CPU(struct tlb_batch, tlb_batch); - void flush_tlb_pending(void) - { - struct tlb_batch *tb = &get_cpu_var(tlb_batch); -+ struct mm_struct *mm = tb->mm; - -- if (tb->tlb_nr) { -- flush_tsb_user(tb); -+ if (!tb->tlb_nr) -+ goto out; - -- if (CTX_VALID(tb->mm->context)) { -+ flush_tsb_user(tb); -+ -+ if (CTX_VALID(mm->context)) { -+ if (tb->tlb_nr == 1) { -+ global_flush_tlb_page(mm, tb->vaddrs[0]); -+ } else { - #ifdef CONFIG_SMP - smp_flush_tlb_pending(tb->mm, tb->tlb_nr, - &tb->vaddrs[0]); -@@ -37,12 +43,30 @@ void flush_tlb_pending(void) - tb->tlb_nr, &tb->vaddrs[0]); - #endif - } -- tb->tlb_nr = 0; - } - -+ tb->tlb_nr = 0; -+ -+out: - put_cpu_var(tlb_batch); - } - -+void arch_enter_lazy_mmu_mode(void) -+{ -+ struct tlb_batch *tb = &__get_cpu_var(tlb_batch); -+ -+ tb->active = 1; -+} -+ -+void arch_leave_lazy_mmu_mode(void) -+{ -+ struct tlb_batch *tb = &__get_cpu_var(tlb_batch); -+ -+ if (tb->tlb_nr) -+ flush_tlb_pending(); -+ tb->active = 0; -+} -+ - static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr, - bool exec) - { -@@ -60,6 +84,12 @@ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr, - nr = 0; - } - -+ if (!tb->active) { -+ global_flush_tlb_page(mm, vaddr); -+ flush_tsb_user_page(mm, vaddr); -+ goto out; -+ } -+ - if (nr == 0) - tb->mm = mm; - -@@ -68,6 +98,7 @@ static void tlb_batch_add_one(struct mm_struct *mm, unsigned long vaddr, - if (nr >= TLB_BATCH_NR) - flush_tlb_pending(); - -+out: - put_cpu_var(tlb_batch); - } - -diff --git a/arch/sparc/mm/tsb.c b/arch/sparc/mm/tsb.c -index 428982b..2cc3bce 100644 ---- a/arch/sparc/mm/tsb.c -+++ b/arch/sparc/mm/tsb.c -@@ -7,11 +7,10 @@ - #include <linux/preempt.h> - #include <linux/slab.h> - #include <asm/page.h> --#include <asm/tlbflush.h> --#include <asm/tlb.h> --#include <asm/mmu_context.h> - #include <asm/pgtable.h> -+#include <asm/mmu_context.h> - #include <asm/tsb.h> -+#include <asm/tlb.h> - #include <asm/oplib.h> - - extern struct tsb swapper_tsb[KERNEL_TSB_NENTRIES]; -@@ -46,23 +45,27 @@ void flush_tsb_kernel_range(unsigned long start, unsigned long end) - } - } - --static void __flush_tsb_one(struct tlb_batch *tb, unsigned long hash_shift, -- unsigned long tsb, unsigned long nentries) -+static void __flush_tsb_one_entry(unsigned long tsb, unsigned long v, -+ unsigned long hash_shift, -+ unsigned long nentries) - { -- unsigned long i; -+ unsigned long tag, ent, hash; - -- for (i = 0; i < tb->tlb_nr; i++) { -- unsigned long v = tb->vaddrs[i]; -- unsigned long tag, ent, hash; -+ v &= ~0x1UL; -+ hash = tsb_hash(v, hash_shift, nentries); -+ ent = tsb + (hash * sizeof(struct tsb)); -+ tag = (v >> 22UL); - -- v &= ~0x1UL; -+ tsb_flush(ent, tag); -+} - -- hash = tsb_hash(v, hash_shift, nentries); -- ent = tsb + (hash * sizeof(struct tsb)); -- tag = (v >> 22UL); -+static void __flush_tsb_one(struct tlb_batch *tb, unsigned long hash_shift, -+ unsigned long tsb, unsigned long nentries) -+{ -+ unsigned long i; - -- tsb_flush(ent, tag); -- } -+ for (i = 0; i < tb->tlb_nr; i++) -+ __flush_tsb_one_entry(tsb, tb->vaddrs[i], hash_shift, nentries); - } - - void flush_tsb_user(struct tlb_batch *tb) -@@ -90,6 +93,30 @@ void flush_tsb_user(struct tlb_batch *tb) - spin_unlock_irqrestore(&mm->context.lock, flags); - } - -+void flush_tsb_user_page(struct mm_struct *mm, unsigned long vaddr) -+{ -+ unsigned long nentries, base, flags; -+ -+ spin_lock_irqsave(&mm->context.lock, flags); -+ -+ base = (unsigned long) mm->context.tsb_block[MM_TSB_BASE].tsb; -+ nentries = mm->context.tsb_block[MM_TSB_BASE].tsb_nentries; -+ if (tlb_type == cheetah_plus || tlb_type == hypervisor) -+ base = __pa(base); -+ __flush_tsb_one_entry(base, vaddr, PAGE_SHIFT, nentries); -+ -+#if defined(CONFIG_HUGETLB_PAGE) || defined(CONFIG_TRANSPARENT_HUGEPAGE) -+ if (mm->context.tsb_block[MM_TSB_HUGE].tsb) { -+ base = (unsigned long) mm->context.tsb_block[MM_TSB_HUGE].tsb; -+ nentries = mm->context.tsb_block[MM_TSB_HUGE].tsb_nentries; -+ if (tlb_type == cheetah_plus || tlb_type == hypervisor) -+ base = __pa(base); -+ __flush_tsb_one_entry(base, vaddr, HPAGE_SHIFT, nentries); -+ } -+#endif -+ spin_unlock_irqrestore(&mm->context.lock, flags); -+} -+ - #define HV_PGSZ_IDX_BASE HV_PGSZ_IDX_8K - #define HV_PGSZ_MASK_BASE HV_PGSZ_MASK_8K - -diff --git a/arch/sparc/mm/ultra.S b/arch/sparc/mm/ultra.S -index f8e13d4..29b9608 100644 ---- a/arch/sparc/mm/ultra.S -+++ b/arch/sparc/mm/ultra.S -@@ -53,6 +53,33 @@ __flush_tlb_mm: /* 18 insns */ - nop - - .align 32 -+ .globl __flush_tlb_page -+__flush_tlb_page: /* 22 insns */ -+ /* %o0 = context, %o1 = vaddr */ -+ rdpr %pstate, %g7 -+ andn %g7, PSTATE_IE, %g2 -+ wrpr %g2, %pstate -+ mov SECONDARY_CONTEXT, %o4 -+ ldxa [%o4] ASI_DMMU, %g2 -+ stxa %o0, [%o4] ASI_DMMU -+ andcc %o1, 1, %g0 -+ andn %o1, 1, %o3 -+ be,pn %icc, 1f -+ or %o3, 0x10, %o3 -+ stxa %g0, [%o3] ASI_IMMU_DEMAP -+1: stxa %g0, [%o3] ASI_DMMU_DEMAP -+ membar #Sync -+ stxa %g2, [%o4] ASI_DMMU -+ sethi %hi(KERNBASE), %o4 -+ flush %o4 -+ retl -+ wrpr %g7, 0x0, %pstate -+ nop -+ nop -+ nop -+ nop -+ -+ .align 32 - .globl __flush_tlb_pending - __flush_tlb_pending: /* 26 insns */ - /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */ -@@ -203,6 +230,31 @@ __cheetah_flush_tlb_mm: /* 19 insns */ - retl - wrpr %g7, 0x0, %pstate - -+__cheetah_flush_tlb_page: /* 22 insns */ -+ /* %o0 = context, %o1 = vaddr */ -+ rdpr %pstate, %g7 -+ andn %g7, PSTATE_IE, %g2 -+ wrpr %g2, 0x0, %pstate -+ wrpr %g0, 1, %tl -+ mov PRIMARY_CONTEXT, %o4 -+ ldxa [%o4] ASI_DMMU, %g2 -+ srlx %g2, CTX_PGSZ1_NUC_SHIFT, %o3 -+ sllx %o3, CTX_PGSZ1_NUC_SHIFT, %o3 -+ or %o0, %o3, %o0 /* Preserve nucleus page size fields */ -+ stxa %o0, [%o4] ASI_DMMU -+ andcc %o1, 1, %g0 -+ be,pn %icc, 1f -+ andn %o1, 1, %o3 -+ stxa %g0, [%o3] ASI_IMMU_DEMAP -+1: stxa %g0, [%o3] ASI_DMMU_DEMAP -+ membar #Sync -+ stxa %g2, [%o4] ASI_DMMU -+ sethi %hi(KERNBASE), %o4 -+ flush %o4 -+ wrpr %g0, 0, %tl -+ retl -+ wrpr %g7, 0x0, %pstate -+ - __cheetah_flush_tlb_pending: /* 27 insns */ - /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */ - rdpr %pstate, %g7 -@@ -269,6 +321,20 @@ __hypervisor_flush_tlb_mm: /* 10 insns */ - retl - nop - -+__hypervisor_flush_tlb_page: /* 11 insns */ -+ /* %o0 = context, %o1 = vaddr */ -+ mov %o0, %g2 -+ mov %o1, %o0 /* ARG0: vaddr + IMMU-bit */ -+ mov %g2, %o1 /* ARG1: mmu context */ -+ mov HV_MMU_ALL, %o2 /* ARG2: flags */ -+ srlx %o0, PAGE_SHIFT, %o0 -+ sllx %o0, PAGE_SHIFT, %o0 -+ ta HV_MMU_UNMAP_ADDR_TRAP -+ brnz,pn %o0, __hypervisor_tlb_tl0_error -+ mov HV_MMU_UNMAP_ADDR_TRAP, %o1 -+ retl -+ nop -+ - __hypervisor_flush_tlb_pending: /* 16 insns */ - /* %o0 = context, %o1 = nr, %o2 = vaddrs[] */ - sllx %o1, 3, %g1 -@@ -339,6 +405,13 @@ cheetah_patch_cachetlbops: - call tlb_patch_one - mov 19, %o2 - -+ sethi %hi(__flush_tlb_page), %o0 -+ or %o0, %lo(__flush_tlb_page), %o0 -+ sethi %hi(__cheetah_flush_tlb_page), %o1 -+ or %o1, %lo(__cheetah_flush_tlb_page), %o1 -+ call tlb_patch_one -+ mov 22, %o2 -+ - sethi %hi(__flush_tlb_pending), %o0 - or %o0, %lo(__flush_tlb_pending), %o0 - sethi %hi(__cheetah_flush_tlb_pending), %o1 -@@ -397,10 +470,9 @@ xcall_flush_tlb_mm: /* 21 insns */ - nop - nop - -- .globl xcall_flush_tlb_pending --xcall_flush_tlb_pending: /* 21 insns */ -- /* %g5=context, %g1=nr, %g7=vaddrs[] */ -- sllx %g1, 3, %g1 -+ .globl xcall_flush_tlb_page -+xcall_flush_tlb_page: /* 17 insns */ -+ /* %g5=context, %g1=vaddr */ - mov PRIMARY_CONTEXT, %g4 - ldxa [%g4] ASI_DMMU, %g2 - srlx %g2, CTX_PGSZ1_NUC_SHIFT, %g4 -@@ -408,20 +480,16 @@ xcall_flush_tlb_pending: /* 21 insns */ - or %g5, %g4, %g5 - mov PRIMARY_CONTEXT, %g4 - stxa %g5, [%g4] ASI_DMMU --1: sub %g1, (1 << 3), %g1 -- ldx [%g7 + %g1], %g5 -- andcc %g5, 0x1, %g0 -+ andcc %g1, 0x1, %g0 - be,pn %icc, 2f -- -- andn %g5, 0x1, %g5 -+ andn %g1, 0x1, %g5 - stxa %g0, [%g5] ASI_IMMU_DEMAP - 2: stxa %g0, [%g5] ASI_DMMU_DEMAP - membar #Sync -- brnz,pt %g1, 1b -- nop - stxa %g2, [%g4] ASI_DMMU - retry - nop -+ nop - - .globl xcall_flush_tlb_kernel_range - xcall_flush_tlb_kernel_range: /* 25 insns */ -@@ -656,15 +724,13 @@ __hypervisor_xcall_flush_tlb_mm: /* 21 insns */ - membar #Sync - retry - -- .globl __hypervisor_xcall_flush_tlb_pending --__hypervisor_xcall_flush_tlb_pending: /* 21 insns */ -- /* %g5=ctx, %g1=nr, %g7=vaddrs[], %g2,%g3,%g4,g6=scratch */ -- sllx %g1, 3, %g1 -+ .globl __hypervisor_xcall_flush_tlb_page -+__hypervisor_xcall_flush_tlb_page: /* 17 insns */ -+ /* %g5=ctx, %g1=vaddr */ - mov %o0, %g2 - mov %o1, %g3 - mov %o2, %g4 --1: sub %g1, (1 << 3), %g1 -- ldx [%g7 + %g1], %o0 /* ARG0: virtual address */ -+ mov %g1, %o0 /* ARG0: virtual address */ - mov %g5, %o1 /* ARG1: mmu context */ - mov HV_MMU_ALL, %o2 /* ARG2: flags */ - srlx %o0, PAGE_SHIFT, %o0 -@@ -673,8 +739,6 @@ __hypervisor_xcall_flush_tlb_pending: /* 21 insns */ - mov HV_MMU_UNMAP_ADDR_TRAP, %g6 - brnz,a,pn %o0, __hypervisor_tlb_xcall_error - mov %o0, %g5 -- brnz,pt %g1, 1b -- nop - mov %g2, %o0 - mov %g3, %o1 - mov %g4, %o2 -@@ -757,6 +821,13 @@ hypervisor_patch_cachetlbops: - call tlb_patch_one - mov 10, %o2 - -+ sethi %hi(__flush_tlb_page), %o0 -+ or %o0, %lo(__flush_tlb_page), %o0 -+ sethi %hi(__hypervisor_flush_tlb_page), %o1 -+ or %o1, %lo(__hypervisor_flush_tlb_page), %o1 -+ call tlb_patch_one -+ mov 11, %o2 -+ - sethi %hi(__flush_tlb_pending), %o0 - or %o0, %lo(__flush_tlb_pending), %o0 - sethi %hi(__hypervisor_flush_tlb_pending), %o1 -@@ -788,12 +859,12 @@ hypervisor_patch_cachetlbops: - call tlb_patch_one - mov 21, %o2 - -- sethi %hi(xcall_flush_tlb_pending), %o0 -- or %o0, %lo(xcall_flush_tlb_pending), %o0 -- sethi %hi(__hypervisor_xcall_flush_tlb_pending), %o1 -- or %o1, %lo(__hypervisor_xcall_flush_tlb_pending), %o1 -+ sethi %hi(xcall_flush_tlb_page), %o0 -+ or %o0, %lo(xcall_flush_tlb_page), %o0 -+ sethi %hi(__hypervisor_xcall_flush_tlb_page), %o1 -+ or %o1, %lo(__hypervisor_xcall_flush_tlb_page), %o1 - call tlb_patch_one -- mov 21, %o2 -+ mov 17, %o2 - - sethi %hi(xcall_flush_tlb_kernel_range), %o0 - or %o0, %lo(xcall_flush_tlb_kernel_range), %o0 -diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c -index 27cdf1f..045dc53 100644 ---- a/drivers/net/bonding/bond_main.c -+++ b/drivers/net/bonding/bond_main.c -@@ -1888,6 +1888,7 @@ err_detach: - write_unlock_bh(&bond->lock); - - err_close: -+ slave_dev->priv_flags &= ~IFF_BONDING; - dev_close(slave_dev); - - err_unset_master: -@@ -3379,20 +3380,22 @@ static int bond_xmit_hash_policy_l2(struct sk_buff *skb, int count) - */ - static int bond_xmit_hash_policy_l23(struct sk_buff *skb, int count) - { -- struct ethhdr *data = (struct ethhdr *)skb->data; -- struct iphdr *iph; -- struct ipv6hdr *ipv6h; -+ const struct ethhdr *data; -+ const struct iphdr *iph; -+ const struct ipv6hdr *ipv6h; - u32 v6hash; -- __be32 *s, *d; -+ const __be32 *s, *d; - - if (skb->protocol == htons(ETH_P_IP) && -- skb_network_header_len(skb) >= sizeof(*iph)) { -+ pskb_network_may_pull(skb, sizeof(*iph))) { - iph = ip_hdr(skb); -+ data = (struct ethhdr *)skb->data; - return ((ntohl(iph->saddr ^ iph->daddr) & 0xffff) ^ - (data->h_dest[5] ^ data->h_source[5])) % count; - } else if (skb->protocol == htons(ETH_P_IPV6) && -- skb_network_header_len(skb) >= sizeof(*ipv6h)) { -+ pskb_network_may_pull(skb, sizeof(*ipv6h))) { - ipv6h = ipv6_hdr(skb); -+ data = (struct ethhdr *)skb->data; - s = &ipv6h->saddr.s6_addr32[0]; - d = &ipv6h->daddr.s6_addr32[0]; - v6hash = (s[1] ^ d[1]) ^ (s[2] ^ d[2]) ^ (s[3] ^ d[3]); -@@ -3411,33 +3414,36 @@ static int bond_xmit_hash_policy_l23(struct sk_buff *skb, int count) - static int bond_xmit_hash_policy_l34(struct sk_buff *skb, int count) - { - u32 layer4_xor = 0; -- struct iphdr *iph; -- struct ipv6hdr *ipv6h; -- __be32 *s, *d; -- __be16 *layer4hdr; -+ const struct iphdr *iph; -+ const struct ipv6hdr *ipv6h; -+ const __be32 *s, *d; -+ const __be16 *l4 = NULL; -+ __be16 _l4[2]; -+ int noff = skb_network_offset(skb); -+ int poff; - - if (skb->protocol == htons(ETH_P_IP) && -- skb_network_header_len(skb) >= sizeof(*iph)) { -+ pskb_may_pull(skb, noff + sizeof(*iph))) { - iph = ip_hdr(skb); -- if (!ip_is_fragment(iph) && -- (iph->protocol == IPPROTO_TCP || -- iph->protocol == IPPROTO_UDP) && -- (skb_headlen(skb) - skb_network_offset(skb) >= -- iph->ihl * sizeof(u32) + sizeof(*layer4hdr) * 2)) { -- layer4hdr = (__be16 *)((u32 *)iph + iph->ihl); -- layer4_xor = ntohs(*layer4hdr ^ *(layer4hdr + 1)); -+ poff = proto_ports_offset(iph->protocol); -+ -+ if (!ip_is_fragment(iph) && poff >= 0) { -+ l4 = skb_header_pointer(skb, noff + (iph->ihl << 2) + poff, -+ sizeof(_l4), &_l4); -+ if (l4) -+ layer4_xor = ntohs(l4[0] ^ l4[1]); - } - return (layer4_xor ^ - ((ntohl(iph->saddr ^ iph->daddr)) & 0xffff)) % count; - } else if (skb->protocol == htons(ETH_P_IPV6) && -- skb_network_header_len(skb) >= sizeof(*ipv6h)) { -+ pskb_may_pull(skb, noff + sizeof(*ipv6h))) { - ipv6h = ipv6_hdr(skb); -- if ((ipv6h->nexthdr == IPPROTO_TCP || -- ipv6h->nexthdr == IPPROTO_UDP) && -- (skb_headlen(skb) - skb_network_offset(skb) >= -- sizeof(*ipv6h) + sizeof(*layer4hdr) * 2)) { -- layer4hdr = (__be16 *)(ipv6h + 1); -- layer4_xor = ntohs(*layer4hdr ^ *(layer4hdr + 1)); -+ poff = proto_ports_offset(ipv6h->nexthdr); -+ if (poff >= 0) { -+ l4 = skb_header_pointer(skb, noff + sizeof(*ipv6h) + poff, -+ sizeof(_l4), &_l4); -+ if (l4) -+ layer4_xor = ntohs(l4[0] ^ l4[1]); - } - s = &ipv6h->saddr.s6_addr32[0]; - d = &ipv6h->daddr.s6_addr32[0]; -@@ -4919,9 +4925,18 @@ static int __net_init bond_net_init(struct net *net) - static void __net_exit bond_net_exit(struct net *net) - { - struct bond_net *bn = net_generic(net, bond_net_id); -+ struct bonding *bond, *tmp_bond; -+ LIST_HEAD(list); - - bond_destroy_sysfs(bn); - bond_destroy_proc_dir(bn); -+ -+ /* Kill off any bonds created after unregistering bond rtnl ops */ -+ rtnl_lock(); -+ list_for_each_entry_safe(bond, tmp_bond, &bn->dev_list, bond_list) -+ unregister_netdevice_queue(bond->dev, &list); -+ unregister_netdevice_many(&list); -+ rtnl_unlock(); - } - - static struct pernet_operations bond_net_ops = { -diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e.h b/drivers/net/ethernet/atheros/atl1e/atl1e.h -index edfdf6b..b5fd934 100644 ---- a/drivers/net/ethernet/atheros/atl1e/atl1e.h -+++ b/drivers/net/ethernet/atheros/atl1e/atl1e.h -@@ -186,7 +186,7 @@ struct atl1e_tpd_desc { - /* how about 0x2000 */ - #define MAX_TX_BUF_LEN 0x2000 - #define MAX_TX_BUF_SHIFT 13 --/*#define MAX_TX_BUF_LEN 0x3000 */ -+#define MAX_TSO_SEG_SIZE 0x3c00 - - /* rrs word 1 bit 0:31 */ - #define RRS_RX_CSUM_MASK 0xFFFF -diff --git a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c -index 35faab7..ca33b28 100644 ---- a/drivers/net/ethernet/atheros/atl1e/atl1e_main.c -+++ b/drivers/net/ethernet/atheros/atl1e/atl1e_main.c -@@ -2332,6 +2332,7 @@ static int atl1e_probe(struct pci_dev *pdev, const struct pci_device_id *ent) - - INIT_WORK(&adapter->reset_task, atl1e_reset_task); - INIT_WORK(&adapter->link_chg_task, atl1e_link_chg_task); -+ netif_set_gso_max_size(netdev, MAX_TSO_SEG_SIZE); - err = register_netdev(netdev); - if (err) { - netdev_err(netdev, "register netdevice failed\n"); -diff --git a/drivers/net/ethernet/marvell/Kconfig b/drivers/net/ethernet/marvell/Kconfig -index edfba93..434e33c 100644 ---- a/drivers/net/ethernet/marvell/Kconfig -+++ b/drivers/net/ethernet/marvell/Kconfig -@@ -33,6 +33,7 @@ config MV643XX_ETH - - config MVMDIO - tristate "Marvell MDIO interface support" -+ select PHYLIB - ---help--- - This driver supports the MDIO interface found in the network - interface units of the Marvell EBU SoCs (Kirkwood, Orion5x, -@@ -45,7 +46,6 @@ config MVMDIO - config MVNETA - tristate "Marvell Armada 370/XP network interface support" - depends on MACH_ARMADA_370_XP -- select PHYLIB - select MVMDIO - ---help--- - This driver supports the network interface units in the -diff --git a/drivers/net/ethernet/marvell/mvneta.c b/drivers/net/ethernet/marvell/mvneta.c -index b6025c3..84b312ea 100644 ---- a/drivers/net/ethernet/marvell/mvneta.c -+++ b/drivers/net/ethernet/marvell/mvneta.c -@@ -375,7 +375,6 @@ static int rxq_number = 8; - static int txq_number = 8; - - static int rxq_def; --static int txq_def; - - #define MVNETA_DRIVER_NAME "mvneta" - #define MVNETA_DRIVER_VERSION "1.0" -@@ -1476,7 +1475,8 @@ error: - static int mvneta_tx(struct sk_buff *skb, struct net_device *dev) - { - struct mvneta_port *pp = netdev_priv(dev); -- struct mvneta_tx_queue *txq = &pp->txqs[txq_def]; -+ u16 txq_id = skb_get_queue_mapping(skb); -+ struct mvneta_tx_queue *txq = &pp->txqs[txq_id]; - struct mvneta_tx_desc *tx_desc; - struct netdev_queue *nq; - int frags = 0; -@@ -1486,7 +1486,7 @@ static int mvneta_tx(struct sk_buff *skb, struct net_device *dev) - goto out; - - frags = skb_shinfo(skb)->nr_frags + 1; -- nq = netdev_get_tx_queue(dev, txq_def); -+ nq = netdev_get_tx_queue(dev, txq_id); - - /* Get a descriptor for the first part of the packet */ - tx_desc = mvneta_txq_next_desc_get(txq); -@@ -2690,7 +2690,7 @@ static int mvneta_probe(struct platform_device *pdev) - return -EINVAL; - } - -- dev = alloc_etherdev_mq(sizeof(struct mvneta_port), 8); -+ dev = alloc_etherdev_mqs(sizeof(struct mvneta_port), txq_number, rxq_number); - if (!dev) - return -ENOMEM; - -@@ -2844,4 +2844,3 @@ module_param(rxq_number, int, S_IRUGO); - module_param(txq_number, int, S_IRUGO); - - module_param(rxq_def, int, S_IRUGO); --module_param(txq_def, int, S_IRUGO); -diff --git a/drivers/net/usb/cdc_mbim.c b/drivers/net/usb/cdc_mbim.c -index 16c8429..6bd9167 100644 ---- a/drivers/net/usb/cdc_mbim.c -+++ b/drivers/net/usb/cdc_mbim.c -@@ -134,7 +134,7 @@ static struct sk_buff *cdc_mbim_tx_fixup(struct usbnet *dev, struct sk_buff *skb - goto error; - - if (skb) { -- if (skb->len <= sizeof(ETH_HLEN)) -+ if (skb->len <= ETH_HLEN) - goto error; - - /* mapping VLANs to MBIM sessions: -diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index da9fde8..892ecda 100644 ---- a/drivers/tty/tty_io.c -+++ b/drivers/tty/tty_io.c -@@ -941,6 +941,14 @@ void start_tty(struct tty_struct *tty) - - EXPORT_SYMBOL(start_tty); - -+static void tty_update_time(struct timespec *time) -+{ -+ unsigned long sec = get_seconds(); -+ sec -= sec % 60; -+ if ((long)(sec - time->tv_sec) > 0) -+ time->tv_sec = sec; -+} -+ - /** - * tty_read - read method for tty device files - * @file: pointer to tty file -@@ -977,8 +985,10 @@ static ssize_t tty_read(struct file *file, char __user *buf, size_t count, - else - i = -EIO; - tty_ldisc_deref(ld); -+ - if (i > 0) -- inode->i_atime = current_fs_time(inode->i_sb); -+ tty_update_time(&inode->i_atime); -+ - return i; - } - -@@ -1081,7 +1091,7 @@ static inline ssize_t do_tty_write( - } - if (written) { - struct inode *inode = file->f_path.dentry->d_inode; -- inode->i_mtime = current_fs_time(inode->i_sb); -+ tty_update_time(&inode->i_mtime); - ret = written; - } - out: -diff --git a/fs/aio.c b/fs/aio.c -index 71f613c..ed762ae 100644 ---- a/fs/aio.c -+++ b/fs/aio.c -@@ -1027,9 +1027,9 @@ static int aio_read_evt(struct kioctx *ioctx, struct io_event *ent) - spin_unlock(&info->ring_lock); - - out: -- kunmap_atomic(ring); - dprintk("leaving aio_read_evt: %d h%lu t%lu\n", ret, - (unsigned long)ring->head, (unsigned long)ring->tail); -+ kunmap_atomic(ring); - return ret; - } - -diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index 9ef07d0..0e182f9 100644 ---- a/include/linux/netdevice.h -+++ b/include/linux/netdevice.h -@@ -208,9 +208,9 @@ struct netdev_hw_addr { - #define NETDEV_HW_ADDR_T_SLAVE 3 - #define NETDEV_HW_ADDR_T_UNICAST 4 - #define NETDEV_HW_ADDR_T_MULTICAST 5 -- bool synced; - bool global_use; - int refcount; -+ int synced; - struct rcu_head rcu_head; - }; - -diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 98399e2..9fe54b6 100644 ---- a/include/linux/skbuff.h -+++ b/include/linux/skbuff.h -@@ -2597,6 +2597,13 @@ static inline void nf_reset(struct sk_buff *skb) - #endif - } - -+static inline void nf_reset_trace(struct sk_buff *skb) -+{ -+#if IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TRACE) -+ skb->nf_trace = 0; -+#endif -+} -+ - /* Note: This doesn't put any conntrack and bridge info in dst. */ - static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src) - { -diff --git a/include/net/scm.h b/include/net/scm.h -index 975cca0..b117081 100644 ---- a/include/net/scm.h -+++ b/include/net/scm.h -@@ -56,8 +56,8 @@ static __inline__ void scm_set_cred(struct scm_cookie *scm, - scm->pid = get_pid(pid); - scm->cred = cred ? get_cred(cred) : NULL; - scm->creds.pid = pid_vnr(pid); -- scm->creds.uid = cred ? cred->euid : INVALID_UID; -- scm->creds.gid = cred ? cred->egid : INVALID_GID; -+ scm->creds.uid = cred ? cred->uid : INVALID_UID; -+ scm->creds.gid = cred ? cred->gid : INVALID_GID; - } - - static __inline__ void scm_destroy_cred(struct scm_cookie *scm) -diff --git a/kernel/trace/trace_selftest.c b/kernel/trace/trace_selftest.c -index 4762316..5fc7aa5 100644 ---- a/kernel/trace/trace_selftest.c -+++ b/kernel/trace/trace_selftest.c -@@ -452,7 +452,6 @@ trace_selftest_function_recursion(void) - char *func_name; - int len; - int ret; -- int cnt; - - /* The previous test PASSED */ - pr_cont("PASSED\n"); -@@ -510,19 +509,10 @@ trace_selftest_function_recursion(void) - - unregister_ftrace_function(&test_recsafe_probe); - -- /* -- * If arch supports all ftrace features, and no other task -- * was on the list, we should be fine. -- */ -- if (!ftrace_nr_registered_ops() && !FTRACE_FORCE_LIST_FUNC) -- cnt = 2; /* Should have recursed */ -- else -- cnt = 1; -- - ret = -1; -- if (trace_selftest_recursion_cnt != cnt) { -- pr_cont("*callback not called expected %d times (%d)* ", -- cnt, trace_selftest_recursion_cnt); -+ if (trace_selftest_recursion_cnt != 2) { -+ pr_cont("*callback not called expected 2 times (%d)* ", -+ trace_selftest_recursion_cnt); - goto out; - } - -diff --git a/net/atm/common.c b/net/atm/common.c -index 806fc0a..cf4b7e6 100644 ---- a/net/atm/common.c -+++ b/net/atm/common.c -@@ -532,6 +532,8 @@ int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, - struct sk_buff *skb; - int copied, error = -EINVAL; - -+ msg->msg_namelen = 0; -+ - if (sock->state != SS_CONNECTED) - return -ENOTCONN; - -diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c -index 779095d..d53a123 100644 ---- a/net/ax25/af_ax25.c -+++ b/net/ax25/af_ax25.c -@@ -1647,6 +1647,7 @@ static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock, - ax25_address src; - const unsigned char *mac = skb_mac_header(skb); - -+ memset(sax, 0, sizeof(struct full_sockaddr_ax25)); - ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, - &digi, NULL, NULL); - sax->sax25_family = AF_AX25; -diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c -index 5355df6..b04795e 100644 ---- a/net/bluetooth/af_bluetooth.c -+++ b/net/bluetooth/af_bluetooth.c -@@ -230,6 +230,8 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, - if (flags & (MSG_OOB)) - return -EOPNOTSUPP; - -+ msg->msg_namelen = 0; -+ - skb = skb_recv_datagram(sk, flags, noblock, &err); - if (!skb) { - if (sk->sk_shutdown & RCV_SHUTDOWN) -@@ -237,8 +239,6 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock, - return err; - } - -- msg->msg_namelen = 0; -- - copied = skb->len; - if (len < copied) { - msg->msg_flags |= MSG_TRUNC; -diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c -index ce3f665..970fc13 100644 ---- a/net/bluetooth/rfcomm/sock.c -+++ b/net/bluetooth/rfcomm/sock.c -@@ -610,6 +610,7 @@ static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock, - - if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { - rfcomm_dlc_accept(d); -+ msg->msg_namelen = 0; - return 0; - } - -diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c -index aaf1957..cc16d1b 100644 ---- a/net/bluetooth/sco.c -+++ b/net/bluetooth/sco.c -@@ -667,6 +667,7 @@ static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock, - test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { - hci_conn_accept(pi->conn->hcon, 0); - sk->sk_state = BT_CONFIG; -+ msg->msg_namelen = 0; - - release_sock(sk); - return 0; -diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c -index 095259f..ff2ff3c 100644 ---- a/net/caif/caif_socket.c -+++ b/net/caif/caif_socket.c -@@ -286,6 +286,8 @@ static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock, - if (m->msg_flags&MSG_OOB) - goto read_error; - -+ m->msg_namelen = 0; -+ - skb = skb_recv_datagram(sk, flags, 0 , &ret); - if (!skb) - goto read_error; -diff --git a/net/core/dev.c b/net/core/dev.c -index 5d9c43d..d592214 100644 ---- a/net/core/dev.c -+++ b/net/core/dev.c -@@ -1737,6 +1737,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) - skb->mark = 0; - secpath_reset(skb); - nf_reset(skb); -+ nf_reset_trace(skb); - return netif_rx(skb); - } - EXPORT_SYMBOL_GPL(dev_forward_skb); -@@ -2017,6 +2018,9 @@ static void skb_warn_bad_offload(const struct sk_buff *skb) - struct net_device *dev = skb->dev; - const char *driver = ""; - -+ if (!net_ratelimit()) -+ return; -+ - if (dev && dev->dev.parent) - driver = dev_driver_string(dev->dev.parent); - -diff --git a/net/core/dev_addr_lists.c b/net/core/dev_addr_lists.c -index b079c7b..7841d87 100644 ---- a/net/core/dev_addr_lists.c -+++ b/net/core/dev_addr_lists.c -@@ -38,7 +38,7 @@ static int __hw_addr_create_ex(struct netdev_hw_addr_list *list, - ha->type = addr_type; - ha->refcount = 1; - ha->global_use = global; -- ha->synced = false; -+ ha->synced = 0; - list_add_tail_rcu(&ha->list, &list->list); - list->count++; - -@@ -166,7 +166,7 @@ int __hw_addr_sync(struct netdev_hw_addr_list *to_list, - addr_len, ha->type); - if (err) - break; -- ha->synced = true; -+ ha->synced++; - ha->refcount++; - } else if (ha->refcount == 1) { - __hw_addr_del(to_list, ha->addr, addr_len, ha->type); -@@ -187,7 +187,7 @@ void __hw_addr_unsync(struct netdev_hw_addr_list *to_list, - if (ha->synced) { - __hw_addr_del(to_list, ha->addr, - addr_len, ha->type); -- ha->synced = false; -+ ha->synced--; - __hw_addr_del(from_list, ha->addr, - addr_len, ha->type); - } -diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 6212ec9..055fb13 100644 ---- a/net/core/rtnetlink.c -+++ b/net/core/rtnetlink.c -@@ -1068,7 +1068,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb) - rcu_read_lock(); - cb->seq = net->dev_base_seq; - -- if (nlmsg_parse(cb->nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, -+ if (nlmsg_parse(cb->nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX, - ifla_policy) >= 0) { - - if (tb[IFLA_EXT_MASK]) -@@ -1924,7 +1924,7 @@ static u16 rtnl_calcit(struct sk_buff *skb, struct nlmsghdr *nlh) - u32 ext_filter_mask = 0; - u16 min_ifinfo_dump_size = 0; - -- if (nlmsg_parse(nlh, sizeof(struct rtgenmsg), tb, IFLA_MAX, -+ if (nlmsg_parse(nlh, sizeof(struct ifinfomsg), tb, IFLA_MAX, - ifla_policy) >= 0) { - if (tb[IFLA_EXT_MASK]) - ext_filter_mask = nla_get_u32(tb[IFLA_EXT_MASK]); -diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c -index 3b4f0cd..4cfe34d 100644 ---- a/net/ipv4/esp4.c -+++ b/net/ipv4/esp4.c -@@ -139,8 +139,6 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) - - /* skb is pure payload to encrypt */ - -- err = -ENOMEM; -- - esp = x->data; - aead = esp->aead; - alen = crypto_aead_authsize(aead); -@@ -176,8 +174,10 @@ static int esp_output(struct xfrm_state *x, struct sk_buff *skb) - } - - tmp = esp_alloc_tmp(aead, nfrags + sglists, seqhilen); -- if (!tmp) -+ if (!tmp) { -+ err = -ENOMEM; - goto error; -+ } - - seqhi = esp_tmp_seqhi(tmp); - iv = esp_tmp_iv(aead, tmp, seqhilen); -diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c -index a8fc332..0fcfee3 100644 ---- a/net/ipv4/ip_fragment.c -+++ b/net/ipv4/ip_fragment.c -@@ -255,8 +255,7 @@ static void ip_expire(unsigned long arg) - if (!head->dev) - goto out_rcu_unlock; - -- /* skb dst is stale, drop it, and perform route lookup again */ -- skb_dst_drop(head); -+ /* skb has no dst, perform route lookup again */ - iph = ip_hdr(head); - err = ip_route_input_noref(head, iph->daddr, iph->saddr, - iph->tos, head->dev); -@@ -525,8 +524,16 @@ found: - qp->q.max_size = skb->len + ihl; - - if (qp->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) && -- qp->q.meat == qp->q.len) -- return ip_frag_reasm(qp, prev, dev); -+ qp->q.meat == qp->q.len) { -+ unsigned long orefdst = skb->_skb_refdst; -+ -+ skb->_skb_refdst = 0UL; -+ err = ip_frag_reasm(qp, prev, dev); -+ skb->_skb_refdst = orefdst; -+ return err; -+ } -+ -+ skb_dst_drop(skb); - - write_lock(&ip4_frags.lock); - list_move_tail(&qp->q.lru_list, &qp->q.net->lru_list); -diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c -index b236ef0..f962f19 100644 ---- a/net/ipv4/syncookies.c -+++ b/net/ipv4/syncookies.c -@@ -348,8 +348,8 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, - * hasn't changed since we received the original syn, but I see - * no easy way to do this. - */ -- flowi4_init_output(&fl4, 0, sk->sk_mark, RT_CONN_FLAGS(sk), -- RT_SCOPE_UNIVERSE, IPPROTO_TCP, -+ flowi4_init_output(&fl4, sk->sk_bound_dev_if, sk->sk_mark, -+ RT_CONN_FLAGS(sk), RT_SCOPE_UNIVERSE, IPPROTO_TCP, - inet_sk_flowi_flags(sk), - (opt && opt->srr) ? opt->faddr : ireq->rmt_addr, - ireq->loc_addr, th->source, th->dest); -diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index 9841a71..b4e8b79 100644 ---- a/net/ipv4/tcp_input.c -+++ b/net/ipv4/tcp_input.c -@@ -116,6 +116,7 @@ int sysctl_tcp_early_retrans __read_mostly = 2; - #define FLAG_DSACKING_ACK 0x800 /* SACK blocks contained D-SACK info */ - #define FLAG_NONHEAD_RETRANS_ACKED 0x1000 /* Non-head rexmitted data was ACKed */ - #define FLAG_SACK_RENEGING 0x2000 /* snd_una advanced to a sacked seq */ -+#define FLAG_UPDATE_TS_RECENT 0x4000 /* tcp_replace_ts_recent() */ - - #define FLAG_ACKED (FLAG_DATA_ACKED|FLAG_SYN_ACKED) - #define FLAG_NOT_DUP (FLAG_DATA|FLAG_WIN_UPDATE|FLAG_ACKED) -@@ -3572,6 +3573,27 @@ static void tcp_send_challenge_ack(struct sock *sk) - } - } - -+static void tcp_store_ts_recent(struct tcp_sock *tp) -+{ -+ tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval; -+ tp->rx_opt.ts_recent_stamp = get_seconds(); -+} -+ -+static void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq) -+{ -+ if (tp->rx_opt.saw_tstamp && !after(seq, tp->rcv_wup)) { -+ /* PAWS bug workaround wrt. ACK frames, the PAWS discard -+ * extra check below makes sure this can only happen -+ * for pure ACK frames. -DaveM -+ * -+ * Not only, also it occurs for expired timestamps. -+ */ -+ -+ if (tcp_paws_check(&tp->rx_opt, 0)) -+ tcp_store_ts_recent(tp); -+ } -+} -+ - /* This routine deals with incoming acks, but not outgoing ones. */ - static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) - { -@@ -3624,6 +3646,12 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag) - prior_fackets = tp->fackets_out; - prior_in_flight = tcp_packets_in_flight(tp); - -+ /* ts_recent update must be made after we are sure that the packet -+ * is in window. -+ */ -+ if (flag & FLAG_UPDATE_TS_RECENT) -+ tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq); -+ - if (!(flag & FLAG_SLOWPATH) && after(ack, prior_snd_una)) { - /* Window is constant, pure forward advance. - * No more checks are required. -@@ -3940,27 +3968,6 @@ const u8 *tcp_parse_md5sig_option(const struct tcphdr *th) - EXPORT_SYMBOL(tcp_parse_md5sig_option); - #endif - --static inline void tcp_store_ts_recent(struct tcp_sock *tp) --{ -- tp->rx_opt.ts_recent = tp->rx_opt.rcv_tsval; -- tp->rx_opt.ts_recent_stamp = get_seconds(); --} -- --static inline void tcp_replace_ts_recent(struct tcp_sock *tp, u32 seq) --{ -- if (tp->rx_opt.saw_tstamp && !after(seq, tp->rcv_wup)) { -- /* PAWS bug workaround wrt. ACK frames, the PAWS discard -- * extra check below makes sure this can only happen -- * for pure ACK frames. -DaveM -- * -- * Not only, also it occurs for expired timestamps. -- */ -- -- if (tcp_paws_check(&tp->rx_opt, 0)) -- tcp_store_ts_recent(tp); -- } --} -- - /* Sorry, PAWS as specified is broken wrt. pure-ACKs -DaveM - * - * It is not fatal. If this ACK does _not_ change critical state (seqs, window) -@@ -5556,14 +5563,9 @@ slow_path: - return 0; - - step5: -- if (tcp_ack(sk, skb, FLAG_SLOWPATH) < 0) -+ if (tcp_ack(sk, skb, FLAG_SLOWPATH | FLAG_UPDATE_TS_RECENT) < 0) - goto discard; - -- /* ts_recent update must be made after we are sure that the packet -- * is in window. -- */ -- tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq); -- - tcp_rcv_rtt_measure_ts(sk, skb); - - /* Process urgent data. */ -@@ -5997,7 +5999,8 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, - - /* step 5: check the ACK field */ - if (true) { -- int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH) > 0; -+ int acceptable = tcp_ack(sk, skb, FLAG_SLOWPATH | -+ FLAG_UPDATE_TS_RECENT) > 0; - - switch (sk->sk_state) { - case TCP_SYN_RECV: -@@ -6148,11 +6151,6 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, - } - } - -- /* ts_recent update must be made after we are sure that the packet -- * is in window. -- */ -- tcp_replace_ts_recent(tp, TCP_SKB_CB(skb)->seq); -- - /* step 6: check the URG bit */ - tcp_urg(sk, skb, th); - -diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c -index 17d659e..a9f50ee 100644 ---- a/net/ipv4/tcp_output.c -+++ b/net/ipv4/tcp_output.c -@@ -2388,8 +2388,12 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb) - */ - TCP_SKB_CB(skb)->when = tcp_time_stamp; - -- /* make sure skb->data is aligned on arches that require it */ -- if (unlikely(NET_IP_ALIGN && ((unsigned long)skb->data & 3))) { -+ /* make sure skb->data is aligned on arches that require it -+ * and check if ack-trimming & collapsing extended the headroom -+ * beyond what csum_start can cover. -+ */ -+ if (unlikely((NET_IP_ALIGN && ((unsigned long)skb->data & 3)) || -+ skb_headroom(skb) >= 0xFFFF)) { - struct sk_buff *nskb = __pskb_copy(skb, MAX_TCP_HEADER, - GFP_ATOMIC); - return nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) : -diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index a36d17e..e8676c2 100644 ---- a/net/ipv6/addrconf.c -+++ b/net/ipv6/addrconf.c -@@ -2525,6 +2525,9 @@ static void sit_add_v4_addrs(struct inet6_dev *idev) - static void init_loopback(struct net_device *dev) - { - struct inet6_dev *idev; -+ struct net_device *sp_dev; -+ struct inet6_ifaddr *sp_ifa; -+ struct rt6_info *sp_rt; - - /* ::1 */ - -@@ -2536,6 +2539,30 @@ static void init_loopback(struct net_device *dev) - } - - add_addr(idev, &in6addr_loopback, 128, IFA_HOST); -+ -+ /* Add routes to other interface's IPv6 addresses */ -+ for_each_netdev(dev_net(dev), sp_dev) { -+ if (!strcmp(sp_dev->name, dev->name)) -+ continue; -+ -+ idev = __in6_dev_get(sp_dev); -+ if (!idev) -+ continue; -+ -+ read_lock_bh(&idev->lock); -+ list_for_each_entry(sp_ifa, &idev->addr_list, if_list) { -+ -+ if (sp_ifa->flags & (IFA_F_DADFAILED | IFA_F_TENTATIVE)) -+ continue; -+ -+ sp_rt = addrconf_dst_alloc(idev, &sp_ifa->addr, 0); -+ -+ /* Failure cases are ignored */ -+ if (!IS_ERR(sp_rt)) -+ ip6_ins_rt(sp_rt); -+ } -+ read_unlock_bh(&idev->lock); -+ } - } - - static void addrconf_add_linklocal(struct inet6_dev *idev, const struct in6_addr *addr) -diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c -index d9ba8a2..7a610a6 100644 ---- a/net/ipv6/reassembly.c -+++ b/net/ipv6/reassembly.c -@@ -342,8 +342,17 @@ found: - } - - if (fq->q.last_in == (INET_FRAG_FIRST_IN | INET_FRAG_LAST_IN) && -- fq->q.meat == fq->q.len) -- return ip6_frag_reasm(fq, prev, dev); -+ fq->q.meat == fq->q.len) { -+ int res; -+ unsigned long orefdst = skb->_skb_refdst; -+ -+ skb->_skb_refdst = 0UL; -+ res = ip6_frag_reasm(fq, prev, dev); -+ skb->_skb_refdst = orefdst; -+ return res; -+ } -+ -+ skb_dst_drop(skb); - - write_lock(&ip6_frags.lock); - list_move_tail(&fq->q.lru_list, &fq->q.net->lru_list); -diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 8d19346..89dfedd 100644 ---- a/net/ipv6/tcp_ipv6.c -+++ b/net/ipv6/tcp_ipv6.c -@@ -386,6 +386,7 @@ static void tcp_v6_err(struct sk_buff *skb, struct inet6_skb_parm *opt, - - if (dst) - dst->ops->redirect(dst, sk, skb); -+ goto out; - } - - if (type == ICMPV6_PKT_TOOBIG) { -diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c -index 4d04105..3c9bd59 100644 ---- a/net/irda/af_irda.c -+++ b/net/irda/af_irda.c -@@ -1386,6 +1386,8 @@ static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock, - - IRDA_DEBUG(4, "%s()\n", __func__); - -+ msg->msg_namelen = 0; -+ - skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, - flags & MSG_DONTWAIT, &err); - if (!skb) -diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c -index cd6f7a9..625bc50 100644 ---- a/net/iucv/af_iucv.c -+++ b/net/iucv/af_iucv.c -@@ -1331,6 +1331,8 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock, - struct sk_buff *skb, *rskb, *cskb; - int err = 0; - -+ msg->msg_namelen = 0; -+ - if ((sk->sk_state == IUCV_DISCONN) && - skb_queue_empty(&iucv->backlog_skb_q) && - skb_queue_empty(&sk->sk_receive_queue) && -diff --git a/net/l2tp/l2tp_ip6.c b/net/l2tp/l2tp_ip6.c -index 8ee4a86..9e1822e 100644 ---- a/net/l2tp/l2tp_ip6.c -+++ b/net/l2tp/l2tp_ip6.c -@@ -684,6 +684,7 @@ static int l2tp_ip6_recvmsg(struct kiocb *iocb, struct sock *sk, - lsa->l2tp_addr = ipv6_hdr(skb)->saddr; - lsa->l2tp_flowinfo = 0; - lsa->l2tp_scope_id = 0; -+ lsa->l2tp_conn_id = 0; - if (ipv6_addr_type(&lsa->l2tp_addr) & IPV6_ADDR_LINKLOCAL) - lsa->l2tp_scope_id = IP6CB(skb)->iif; - } -diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c -index 8870988..48aaa89 100644 ---- a/net/llc/af_llc.c -+++ b/net/llc/af_llc.c -@@ -720,6 +720,8 @@ static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock, - int target; /* Read at least this many bytes */ - long timeo; - -+ msg->msg_namelen = 0; -+ - lock_sock(sk); - copied = -ENOTCONN; - if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN)) -diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c -index 7261eb8..14c106b 100644 ---- a/net/netrom/af_netrom.c -+++ b/net/netrom/af_netrom.c -@@ -1177,6 +1177,7 @@ static int nr_recvmsg(struct kiocb *iocb, struct socket *sock, - } - - if (sax != NULL) { -+ memset(sax, 0, sizeof(sax)); - sax->sax25_family = AF_NETROM; - skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call, - AX25_ADDR_LEN); -diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c -index fea22eb..48fb1de 100644 ---- a/net/nfc/llcp/sock.c -+++ b/net/nfc/llcp/sock.c -@@ -644,6 +644,8 @@ static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock, - - pr_debug("%p %zu\n", sk, len); - -+ msg->msg_namelen = 0; -+ - lock_sock(sk); - - if (sk->sk_state == LLCP_CLOSED && -@@ -684,6 +686,7 @@ static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock, - - pr_debug("Datagram socket %d %d\n", ui_cb->dsap, ui_cb->ssap); - -+ memset(&sockaddr, 0, sizeof(sockaddr)); - sockaddr.sa_family = AF_NFC; - sockaddr.nfc_protocol = NFC_PROTO_NFC_DEP; - sockaddr.dsap = ui_cb->dsap; -diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c -index c4719ce..7f645d1 100644 ---- a/net/rose/af_rose.c -+++ b/net/rose/af_rose.c -@@ -1257,6 +1257,7 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock, - skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); - - if (srose != NULL) { -+ memset(srose, 0, msg->msg_namelen); - srose->srose_family = AF_ROSE; - srose->srose_addr = rose->dest_addr; - srose->srose_call = rose->dest_call; -diff --git a/net/sched/sch_cbq.c b/net/sched/sch_cbq.c -index 0e19948..ced81a1 100644 ---- a/net/sched/sch_cbq.c -+++ b/net/sched/sch_cbq.c -@@ -962,8 +962,11 @@ cbq_dequeue(struct Qdisc *sch) - cbq_update(q); - if ((incr -= incr2) < 0) - incr = 0; -+ q->now += incr; -+ } else { -+ if (now > q->now) -+ q->now = now; - } -- q->now += incr; - q->now_rt = now; - - for (;;) { -diff --git a/net/tipc/socket.c b/net/tipc/socket.c -index 9b4e483..fc906d9 100644 ---- a/net/tipc/socket.c -+++ b/net/tipc/socket.c -@@ -806,6 +806,7 @@ static void set_orig_addr(struct msghdr *m, struct tipc_msg *msg) - if (addr) { - addr->family = AF_TIPC; - addr->addrtype = TIPC_ADDR_ID; -+ memset(&addr->addr, 0, sizeof(addr->addr)); - addr->addr.id.ref = msg_origport(msg); - addr->addr.id.node = msg_orignode(msg); - addr->addr.name.domain = 0; /* could leave uninitialized */ -@@ -920,6 +921,9 @@ static int recv_msg(struct kiocb *iocb, struct socket *sock, - goto exit; - } - -+ /* will be updated in set_orig_addr() if needed */ -+ m->msg_namelen = 0; -+ - timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); - restart: - -@@ -1029,6 +1033,9 @@ static int recv_stream(struct kiocb *iocb, struct socket *sock, - goto exit; - } - -+ /* will be updated in set_orig_addr() if needed */ -+ m->msg_namelen = 0; -+ - target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len); - timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); - -diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index b45eb65..f347754 100644 ---- a/net/unix/af_unix.c -+++ b/net/unix/af_unix.c -@@ -1995,7 +1995,7 @@ again: - if ((UNIXCB(skb).pid != siocb->scm->pid) || - (UNIXCB(skb).cred != siocb->scm->cred)) - break; -- } else { -+ } else if (test_bit(SOCK_PASSCRED, &sock->flags)) { - /* Copy credentials */ - scm_set_cred(siocb->scm, UNIXCB(skb).pid, UNIXCB(skb).cred); - check_creds = 1; diff --git a/3.8.12/1011_linux-3.8.12.patch b/3.8.12/1011_linux-3.8.12.patch deleted file mode 100644 index 4fb38f8..0000000 --- a/3.8.12/1011_linux-3.8.12.patch +++ /dev/null @@ -1,3136 +0,0 @@ -diff --git a/Makefile b/Makefile -index 7e4eee5..902974f 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - VERSION = 3 - PATCHLEVEL = 8 --SUBLEVEL = 11 -+SUBLEVEL = 12 - EXTRAVERSION = - NAME = Displaced Humerus Anterior - -diff --git a/arch/arm/boot/dts/at91sam9260.dtsi b/arch/arm/boot/dts/at91sam9260.dtsi -index cb7bcc5..02b70a4 100644 ---- a/arch/arm/boot/dts/at91sam9260.dtsi -+++ b/arch/arm/boot/dts/at91sam9260.dtsi -@@ -158,8 +158,8 @@ - usart1 { - pinctrl_usart1: usart1-0 { - atmel,pins = -- <2 6 0x1 0x1 /* PB6 periph A with pullup */ -- 2 7 0x1 0x0>; /* PB7 periph A */ -+ <1 6 0x1 0x1 /* PB6 periph A with pullup */ -+ 1 7 0x1 0x0>; /* PB7 periph A */ - }; - - pinctrl_usart1_rts: usart1_rts-0 { -@@ -194,18 +194,18 @@ - usart3 { - pinctrl_usart3: usart3-0 { - atmel,pins = -- <2 10 0x1 0x1 /* PB10 periph A with pullup */ -- 2 11 0x1 0x0>; /* PB11 periph A */ -+ <1 10 0x1 0x1 /* PB10 periph A with pullup */ -+ 1 11 0x1 0x0>; /* PB11 periph A */ - }; - - pinctrl_usart3_rts: usart3_rts-0 { - atmel,pins = -- <3 8 0x2 0x0>; /* PB8 periph B */ -+ <2 8 0x2 0x0>; /* PC8 periph B */ - }; - - pinctrl_usart3_cts: usart3_cts-0 { - atmel,pins = -- <3 10 0x2 0x0>; /* PB10 periph B */ -+ <2 10 0x2 0x0>; /* PC10 periph B */ - }; - }; - -@@ -220,8 +220,8 @@ - uart1 { - pinctrl_uart1: uart1-0 { - atmel,pins = -- <2 12 0x1 0x1 /* PB12 periph A with pullup */ -- 2 13 0x1 0x0>; /* PB13 periph A */ -+ <1 12 0x1 0x1 /* PB12 periph A with pullup */ -+ 1 13 0x1 0x0>; /* PB13 periph A */ - }; - }; - -diff --git a/arch/arm/boot/dts/at91sam9g15.dtsi b/arch/arm/boot/dts/at91sam9g15.dtsi -index fbe7a70..28467fd 100644 ---- a/arch/arm/boot/dts/at91sam9g15.dtsi -+++ b/arch/arm/boot/dts/at91sam9g15.dtsi -@@ -10,7 +10,7 @@ - - / { - model = "Atmel AT91SAM9G15 SoC"; -- compatible = "atmel, at91sam9g15, atmel,at91sam9x5"; -+ compatible = "atmel,at91sam9g15", "atmel,at91sam9x5"; - - ahb { - apb { -diff --git a/arch/arm/boot/dts/at91sam9g15ek.dts b/arch/arm/boot/dts/at91sam9g15ek.dts -index 86dd3f6..5427b2d 100644 ---- a/arch/arm/boot/dts/at91sam9g15ek.dts -+++ b/arch/arm/boot/dts/at91sam9g15ek.dts -@@ -11,6 +11,6 @@ - /include/ "at91sam9x5ek.dtsi" - - / { -- model = "Atmel AT91SAM9G25-EK"; -+ model = "Atmel AT91SAM9G15-EK"; - compatible = "atmel,at91sam9g15ek", "atmel,at91sam9x5ek", "atmel,at91sam9x5", "atmel,at91sam9"; - }; -diff --git a/arch/arm/boot/dts/at91sam9g25.dtsi b/arch/arm/boot/dts/at91sam9g25.dtsi -index 05a718f..5fd32df 100644 ---- a/arch/arm/boot/dts/at91sam9g25.dtsi -+++ b/arch/arm/boot/dts/at91sam9g25.dtsi -@@ -10,7 +10,7 @@ - - / { - model = "Atmel AT91SAM9G25 SoC"; -- compatible = "atmel, at91sam9g25, atmel,at91sam9x5"; -+ compatible = "atmel,at91sam9g25", "atmel,at91sam9x5"; - - ahb { - apb { -diff --git a/arch/arm/boot/dts/at91sam9g35.dtsi b/arch/arm/boot/dts/at91sam9g35.dtsi -index f9d14a7..d6fa8af 100644 ---- a/arch/arm/boot/dts/at91sam9g35.dtsi -+++ b/arch/arm/boot/dts/at91sam9g35.dtsi -@@ -10,7 +10,7 @@ - - / { - model = "Atmel AT91SAM9G35 SoC"; -- compatible = "atmel, at91sam9g35, atmel,at91sam9x5"; -+ compatible = "atmel,at91sam9g35", "atmel,at91sam9x5"; - - ahb { - apb { -diff --git a/arch/arm/boot/dts/at91sam9x25.dtsi b/arch/arm/boot/dts/at91sam9x25.dtsi -index 54eb33b..9ac2bc2 100644 ---- a/arch/arm/boot/dts/at91sam9x25.dtsi -+++ b/arch/arm/boot/dts/at91sam9x25.dtsi -@@ -10,7 +10,7 @@ - - / { - model = "Atmel AT91SAM9X25 SoC"; -- compatible = "atmel, at91sam9x25, atmel,at91sam9x5"; -+ compatible = "atmel,at91sam9x25", "atmel,at91sam9x5"; - - ahb { - apb { -diff --git a/arch/arm/boot/dts/at91sam9x35.dtsi b/arch/arm/boot/dts/at91sam9x35.dtsi -index fb102d6..ba67d83 100644 ---- a/arch/arm/boot/dts/at91sam9x35.dtsi -+++ b/arch/arm/boot/dts/at91sam9x35.dtsi -@@ -10,7 +10,7 @@ - - / { - model = "Atmel AT91SAM9X35 SoC"; -- compatible = "atmel, at91sam9x35, atmel,at91sam9x5"; -+ compatible = "atmel,at91sam9x35", "atmel,at91sam9x5"; - - ahb { - apb { -diff --git a/arch/arm/boot/dts/at91sam9x5ek.dtsi b/arch/arm/boot/dts/at91sam9x5ek.dtsi -index 8a7cf1d..ccab256 100644 ---- a/arch/arm/boot/dts/at91sam9x5ek.dtsi -+++ b/arch/arm/boot/dts/at91sam9x5ek.dtsi -@@ -13,7 +13,7 @@ - compatible = "atmel,at91sam9x5ek", "atmel,at91sam9x5", "atmel,at91sam9"; - - chosen { -- bootargs = "128M console=ttyS0,115200 root=/dev/mtdblock1 rw rootfstype=ubifs ubi.mtd=1 root=ubi0:rootfs"; -+ bootargs = "console=ttyS0,115200 root=/dev/mtdblock1 rw rootfstype=ubifs ubi.mtd=1 root=ubi0:rootfs"; - }; - - ahb { -diff --git a/arch/arm/configs/at91sam9g45_defconfig b/arch/arm/configs/at91sam9g45_defconfig -index 606d48f..8aab786 100644 ---- a/arch/arm/configs/at91sam9g45_defconfig -+++ b/arch/arm/configs/at91sam9g45_defconfig -@@ -173,7 +173,6 @@ CONFIG_MMC=y - # CONFIG_MMC_BLOCK_BOUNCE is not set - CONFIG_SDIO_UART=m - CONFIG_MMC_ATMELMCI=y --CONFIG_MMC_ATMELMCI_DMA=y - CONFIG_LEDS_ATMEL_PWM=y - CONFIG_LEDS_GPIO=y - CONFIG_LEDS_TRIGGER_TIMER=y -diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h -index c094749..26e9ce4 100644 ---- a/arch/arm/include/asm/pgtable.h -+++ b/arch/arm/include/asm/pgtable.h -@@ -61,6 +61,15 @@ extern void __pgd_error(const char *file, int line, pgd_t); - #define FIRST_USER_ADDRESS PAGE_SIZE - - /* -+ * Use TASK_SIZE as the ceiling argument for free_pgtables() and -+ * free_pgd_range() to avoid freeing the modules pmd when LPAE is enabled (pmd -+ * page shared between user and kernel). -+ */ -+#ifdef CONFIG_ARM_LPAE -+#define USER_PGTABLES_CEILING TASK_SIZE -+#endif -+ -+/* - * The pgprot_* and protection_map entries will be fixed up in runtime - * to include the cachable and bufferable bits based on memory policy, - * as well as any architecture dependent bits like global/ASID and SMP -diff --git a/arch/arm/mach-at91/setup.c b/arch/arm/mach-at91/setup.c -index 4b67847..6b4608d 100644 ---- a/arch/arm/mach-at91/setup.c -+++ b/arch/arm/mach-at91/setup.c -@@ -333,7 +333,7 @@ static void at91_dt_rstc(void) - - of_id = of_match_node(rstc_ids, np); - if (!of_id) -- panic("AT91: rtsc no restart function availlable\n"); -+ panic("AT91: rtsc no restart function available\n"); - - arm_pm_restart = of_id->data; - -diff --git a/arch/arm/mach-omap2/cpuidle34xx.c b/arch/arm/mach-omap2/cpuidle34xx.c -index 22590db..aa20002 100644 ---- a/arch/arm/mach-omap2/cpuidle34xx.c -+++ b/arch/arm/mach-omap2/cpuidle34xx.c -@@ -265,8 +265,9 @@ static int omap3_enter_idle_bm(struct cpuidle_device *dev, - static DEFINE_PER_CPU(struct cpuidle_device, omap3_idle_dev); - - static struct cpuidle_driver omap3_idle_driver = { -- .name = "omap3_idle", -- .owner = THIS_MODULE, -+ .name = "omap3_idle", -+ .owner = THIS_MODULE, -+ .en_core_tk_irqen = 1, - .states = { - { - .enter = omap3_enter_idle_bm, -diff --git a/arch/arm/mach-u300/include/mach/u300-regs.h b/arch/arm/mach-u300/include/mach/u300-regs.h -index 1e49d90..0320495 100644 ---- a/arch/arm/mach-u300/include/mach/u300-regs.h -+++ b/arch/arm/mach-u300/include/mach/u300-regs.h -@@ -95,7 +95,7 @@ - #define U300_SPI_BASE (U300_FAST_PER_PHYS_BASE+0x6000) - - /* Fast UART1 on U335 only */ --#define U300_UART1_BASE (U300_SLOW_PER_PHYS_BASE+0x7000) -+#define U300_UART1_BASE (U300_FAST_PER_PHYS_BASE+0x7000) - - /* - * SLOW peripherals -diff --git a/arch/avr32/configs/favr-32_defconfig b/arch/avr32/configs/favr-32_defconfig -index 0421498..9791820 100644 ---- a/arch/avr32/configs/favr-32_defconfig -+++ b/arch/avr32/configs/favr-32_defconfig -@@ -122,7 +122,6 @@ CONFIG_USB_G_SERIAL=m - CONFIG_USB_CDC_COMPOSITE=m - CONFIG_MMC=y - CONFIG_MMC_ATMELMCI=y --CONFIG_MMC_ATMELMCI_DMA=y - CONFIG_NEW_LEDS=y - CONFIG_LEDS_CLASS=y - CONFIG_LEDS_ATMEL_PWM=m -diff --git a/arch/avr32/configs/merisc_defconfig b/arch/avr32/configs/merisc_defconfig -index 3befab9..65de443 100644 ---- a/arch/avr32/configs/merisc_defconfig -+++ b/arch/avr32/configs/merisc_defconfig -@@ -102,7 +102,6 @@ CONFIG_FRAMEBUFFER_CONSOLE=y - CONFIG_LOGO=y - CONFIG_MMC=y - CONFIG_MMC_ATMELMCI=y --CONFIG_MMC_ATMELMCI_DMA=y - CONFIG_NEW_LEDS=y - CONFIG_LEDS_CLASS=y - CONFIG_LEDS_ATMEL_PWM=y -diff --git a/arch/ia64/include/asm/futex.h b/arch/ia64/include/asm/futex.h -index d2bf1fd..76acbcd 100644 ---- a/arch/ia64/include/asm/futex.h -+++ b/arch/ia64/include/asm/futex.h -@@ -106,16 +106,15 @@ futex_atomic_cmpxchg_inatomic(u32 *uval, u32 __user *uaddr, - return -EFAULT; - - { -- register unsigned long r8 __asm ("r8"); -+ register unsigned long r8 __asm ("r8") = 0; - unsigned long prev; - __asm__ __volatile__( - " mf;; \n" -- " mov %0=r0 \n" - " mov ar.ccv=%4;; \n" - "[1:] cmpxchg4.acq %1=[%2],%3,ar.ccv \n" - " .xdata4 \"__ex_table\", 1b-., 2f-. \n" - "[2:]" -- : "=r" (r8), "=r" (prev) -+ : "+r" (r8), "=&r" (prev) - : "r" (uaddr), "r" (newval), - "rO" ((long) (unsigned) oldval) - : "memory"); -diff --git a/arch/ia64/include/asm/mca.h b/arch/ia64/include/asm/mca.h -index 43f96ab..8c70961 100644 ---- a/arch/ia64/include/asm/mca.h -+++ b/arch/ia64/include/asm/mca.h -@@ -143,6 +143,7 @@ extern unsigned long __per_cpu_mca[NR_CPUS]; - extern int cpe_vector; - extern int ia64_cpe_irq; - extern void ia64_mca_init(void); -+extern void ia64_mca_irq_init(void); - extern void ia64_mca_cpu_init(void *); - extern void ia64_os_mca_dispatch(void); - extern void ia64_os_mca_dispatch_end(void); -diff --git a/arch/ia64/kernel/irq.c b/arch/ia64/kernel/irq.c -index ad69606..f2c41828 100644 ---- a/arch/ia64/kernel/irq.c -+++ b/arch/ia64/kernel/irq.c -@@ -23,6 +23,8 @@ - #include <linux/interrupt.h> - #include <linux/kernel_stat.h> - -+#include <asm/mca.h> -+ - /* - * 'what should we do if we get a hw irq event on an illegal vector'. - * each architecture has to answer this themselves. -@@ -83,6 +85,12 @@ bool is_affinity_mask_valid(const struct cpumask *cpumask) - - #endif /* CONFIG_SMP */ - -+int __init arch_early_irq_init(void) -+{ -+ ia64_mca_irq_init(); -+ return 0; -+} -+ - #ifdef CONFIG_HOTPLUG_CPU - unsigned int vectors_in_migration[NR_IRQS]; - -diff --git a/arch/ia64/kernel/mca.c b/arch/ia64/kernel/mca.c -index 65bf9cd..d7396db 100644 ---- a/arch/ia64/kernel/mca.c -+++ b/arch/ia64/kernel/mca.c -@@ -2074,22 +2074,16 @@ ia64_mca_init(void) - printk(KERN_INFO "MCA related initialization done\n"); - } - -+ - /* -- * ia64_mca_late_init -- * -- * Opportunity to setup things that require initialization later -- * than ia64_mca_init. Setup a timer to poll for CPEs if the -- * platform doesn't support an interrupt driven mechanism. -- * -- * Inputs : None -- * Outputs : Status -+ * These pieces cannot be done in ia64_mca_init() because it is called before -+ * early_irq_init() which would wipe out our percpu irq registrations. But we -+ * cannot leave them until ia64_mca_late_init() because by then all the other -+ * processors have been brought online and have set their own CMC vectors to -+ * point at a non-existant action. Called from arch_early_irq_init(). - */ --static int __init --ia64_mca_late_init(void) -+void __init ia64_mca_irq_init(void) - { -- if (!mca_init) -- return 0; -- - /* - * Configure the CMCI/P vector and handler. Interrupts for CMC are - * per-processor, so AP CMC interrupts are setup in smp_callin() (smpboot.c). -@@ -2108,6 +2102,23 @@ ia64_mca_late_init(void) - /* Setup the CPEI/P handler */ - register_percpu_irq(IA64_CPEP_VECTOR, &mca_cpep_irqaction); - #endif -+} -+ -+/* -+ * ia64_mca_late_init -+ * -+ * Opportunity to setup things that require initialization later -+ * than ia64_mca_init. Setup a timer to poll for CPEs if the -+ * platform doesn't support an interrupt driven mechanism. -+ * -+ * Inputs : None -+ * Outputs : Status -+ */ -+static int __init -+ia64_mca_late_init(void) -+{ -+ if (!mca_init) -+ return 0; - - register_hotcpu_notifier(&mca_cpu_notifier); - -diff --git a/arch/ia64/kvm/vtlb.c b/arch/ia64/kvm/vtlb.c -index 4332f7e..a7869f8 100644 ---- a/arch/ia64/kvm/vtlb.c -+++ b/arch/ia64/kvm/vtlb.c -@@ -256,7 +256,7 @@ u64 guest_vhpt_lookup(u64 iha, u64 *pte) - "srlz.d;;" - "ssm psr.i;;" - "srlz.d;;" -- : "=r"(ret) : "r"(iha), "r"(pte):"memory"); -+ : "=&r"(ret) : "r"(iha), "r"(pte) : "memory"); - - return ret; - } -diff --git a/arch/powerpc/kernel/cpu_setup_power.S b/arch/powerpc/kernel/cpu_setup_power.S -index 57cf140..0c0fc7b 100644 ---- a/arch/powerpc/kernel/cpu_setup_power.S -+++ b/arch/powerpc/kernel/cpu_setup_power.S -@@ -64,6 +64,7 @@ _GLOBAL(__restore_cpu_power8) - mflr r11 - mfmsr r3 - rldicl. r0,r3,4,63 -+ mtlr r11 - beqlr - li r0,0 - mtspr SPRN_LPID,r0 -diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S -index 3684cbd..bb11075 100644 ---- a/arch/powerpc/kernel/exceptions-64s.S -+++ b/arch/powerpc/kernel/exceptions-64s.S -@@ -740,7 +740,7 @@ hardware_interrupt_relon_hv: - _MASKABLE_RELON_EXCEPTION_PSERIES(0x502, hardware_interrupt, EXC_HV, SOFTEN_TEST_HV) - FTR_SECTION_ELSE - _MASKABLE_RELON_EXCEPTION_PSERIES(0x500, hardware_interrupt, EXC_STD, SOFTEN_TEST_PR) -- ALT_FTR_SECTION_END_IFSET(CPU_FTR_ARCH_206) -+ ALT_FTR_SECTION_END_IFSET(CPU_FTR_HVMODE) - STD_RELON_EXCEPTION_PSERIES(0x4600, 0x600, alignment) - STD_RELON_EXCEPTION_PSERIES(0x4700, 0x700, program_check) - STD_RELON_EXCEPTION_PSERIES(0x4800, 0x800, fp_unavailable) -diff --git a/arch/powerpc/kernel/head_64.S b/arch/powerpc/kernel/head_64.S -index 116f086..1a63feb 100644 ---- a/arch/powerpc/kernel/head_64.S -+++ b/arch/powerpc/kernel/head_64.S -@@ -490,6 +490,7 @@ _GLOBAL(copy_and_flush) - sync - addi r5,r5,8 - addi r6,r6,8 -+ isync - blr - - .align 8 -diff --git a/arch/powerpc/platforms/cell/spufs/inode.c b/arch/powerpc/platforms/cell/spufs/inode.c -index dba1ce2..506dc9f 100644 ---- a/arch/powerpc/platforms/cell/spufs/inode.c -+++ b/arch/powerpc/platforms/cell/spufs/inode.c -@@ -99,6 +99,7 @@ spufs_new_inode(struct super_block *sb, umode_t mode) - if (!inode) - goto out; - -+ inode->i_ino = get_next_ino(); - inode->i_mode = mode; - inode->i_uid = current_fsuid(); - inode->i_gid = current_fsgid(); -diff --git a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S -index 93c6d39..b0f7d39 100644 ---- a/arch/x86/crypto/crc32c-pcl-intel-asm_64.S -+++ b/arch/x86/crypto/crc32c-pcl-intel-asm_64.S -@@ -42,6 +42,8 @@ - * SOFTWARE. - */ - -+#include <asm/inst.h> -+ - ## ISCSI CRC 32 Implementation with crc32 and pclmulqdq Instruction - - .macro LABEL prefix n -@@ -224,10 +226,10 @@ LABEL crc_ %i - movdqa (bufp), %xmm0 # 2 consts: K1:K2 - - movq crc_init, %xmm1 # CRC for block 1 -- pclmulqdq $0x00,%xmm0,%xmm1 # Multiply by K2 -+ PCLMULQDQ 0x00,%xmm0,%xmm1 # Multiply by K2 - - movq crc1, %xmm2 # CRC for block 2 -- pclmulqdq $0x10, %xmm0, %xmm2 # Multiply by K1 -+ PCLMULQDQ 0x10, %xmm0, %xmm2 # Multiply by K1 - - pxor %xmm2,%xmm1 - movq %xmm1, %rax -diff --git a/arch/x86/kernel/irq.c b/arch/x86/kernel/irq.c -index e4595f1..84b7789 100644 ---- a/arch/x86/kernel/irq.c -+++ b/arch/x86/kernel/irq.c -@@ -165,10 +165,6 @@ u64 arch_irq_stat_cpu(unsigned int cpu) - u64 arch_irq_stat(void) - { - u64 sum = atomic_read(&irq_err_count); -- --#ifdef CONFIG_X86_IO_APIC -- sum += atomic_read(&irq_mis_count); --#endif - return sum; - } - -diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index a27e763..d330b3c 100644 ---- a/arch/x86/kvm/emulate.c -+++ b/arch/x86/kvm/emulate.c -@@ -4030,6 +4030,10 @@ static int decode_operand(struct x86_emulate_ctxt *ctxt, struct operand *op, - break; - case OpMem8: - ctxt->memop.bytes = 1; -+ if (ctxt->memop.type == OP_REG) { -+ ctxt->memop.addr.reg = decode_register(ctxt, ctxt->modrm_rm, 1); -+ fetch_register_operand(&ctxt->memop); -+ } - goto mem_common; - case OpMem16: - ctxt->memop.bytes = 2; -diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 2262003..08c6511 100644 ---- a/arch/x86/xen/enlighten.c -+++ b/arch/x86/xen/enlighten.c -@@ -1589,8 +1589,11 @@ static int __cpuinit xen_hvm_cpu_notify(struct notifier_block *self, - switch (action) { - case CPU_UP_PREPARE: - xen_vcpu_setup(cpu); -- if (xen_have_vector_callback) -+ if (xen_have_vector_callback) { - xen_init_lock_cpu(cpu); -+ if (xen_feature(XENFEAT_hvm_safe_pvclock)) -+ xen_setup_timer(cpu); -+ } - break; - default: - break; -diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c -index 34bc4ce..48d7b2c 100644 ---- a/arch/x86/xen/smp.c -+++ b/arch/x86/xen/smp.c -@@ -658,6 +658,8 @@ static void xen_hvm_cpu_die(unsigned int cpu) - unbind_from_irqhandler(per_cpu(xen_debug_irq, cpu), NULL); - unbind_from_irqhandler(per_cpu(xen_callfuncsingle_irq, cpu), NULL); - unbind_from_irqhandler(per_cpu(xen_irq_work, cpu), NULL); -+ xen_uninit_lock_cpu(cpu); -+ xen_teardown_timer(cpu); - native_cpu_die(cpu); - } - -diff --git a/arch/x86/xen/time.c b/arch/x86/xen/time.c -index 0296a95..054cc01 100644 ---- a/arch/x86/xen/time.c -+++ b/arch/x86/xen/time.c -@@ -497,7 +497,11 @@ static void xen_hvm_setup_cpu_clockevents(void) - { - int cpu = smp_processor_id(); - xen_setup_runstate_info(cpu); -- xen_setup_timer(cpu); -+ /* -+ * xen_setup_timer(cpu) - snprintf is bad in atomic context. Hence -+ * doing it xen_hvm_cpu_notify (which gets called by smp_init during -+ * early bootup and also during CPU hotplug events). -+ */ - xen_setup_cpu_clockevents(); - } - -diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c -index bd22f86..2999966 100644 ---- a/drivers/acpi/osl.c -+++ b/drivers/acpi/osl.c -@@ -642,7 +642,7 @@ void __init acpi_initrd_override(void *data, size_t size) - * Both memblock_reserve and e820_add_region (via arch_reserve_mem_area) - * works fine. - */ -- memblock_reserve(acpi_tables_addr, acpi_tables_addr + all_tables_size); -+ memblock_reserve(acpi_tables_addr, all_tables_size); - arch_reserve_mem_area(acpi_tables_addr, all_tables_size); - - p = early_ioremap(acpi_tables_addr, all_tables_size); -diff --git a/drivers/acpi/pci_root.c b/drivers/acpi/pci_root.c -index eb73798..77c9a92 100644 ---- a/drivers/acpi/pci_root.c -+++ b/drivers/acpi/pci_root.c -@@ -240,8 +240,8 @@ static acpi_status acpi_pci_query_osc(struct acpi_pci_root *root, - *control &= OSC_PCI_CONTROL_MASKS; - capbuf[OSC_CONTROL_TYPE] = *control | root->osc_control_set; - } else { -- /* Run _OSC query for all possible controls. */ -- capbuf[OSC_CONTROL_TYPE] = OSC_PCI_CONTROL_MASKS; -+ /* Run _OSC query only with existing controls. */ -+ capbuf[OSC_CONTROL_TYPE] = root->osc_control_set; - } - - status = acpi_pci_run_osc(root->device->handle, capbuf, &result); -diff --git a/drivers/acpi/thermal.c b/drivers/acpi/thermal.c -index 506fbd4..25246e8 100644 ---- a/drivers/acpi/thermal.c -+++ b/drivers/acpi/thermal.c -@@ -719,9 +719,19 @@ static int thermal_get_trend(struct thermal_zone_device *thermal, - return -EINVAL; - - if (type == THERMAL_TRIP_ACTIVE) { -- /* aggressive active cooling */ -- *trend = THERMAL_TREND_RAISING; -- return 0; -+ unsigned long trip_temp; -+ unsigned long temp = KELVIN_TO_MILLICELSIUS(tz->temperature, -+ tz->kelvin_offset); -+ if (thermal_get_trip_temp(thermal, trip, &trip_temp)) -+ return -EINVAL; -+ -+ if (temp > trip_temp) { -+ *trend = THERMAL_TREND_RAISING; -+ return 0; -+ } else { -+ /* Fall back on default trend */ -+ return -EINVAL; -+ } - } - - /* -diff --git a/drivers/ata/libata-acpi.c b/drivers/ata/libata-acpi.c -index ef01ac0..cc8aa9e 100644 ---- a/drivers/ata/libata-acpi.c -+++ b/drivers/ata/libata-acpi.c -@@ -60,7 +60,8 @@ acpi_handle ata_ap_acpi_handle(struct ata_port *ap) - if (ap->flags & ATA_FLAG_ACPI_SATA) - return NULL; - -- return acpi_get_child(DEVICE_ACPI_HANDLE(ap->host->dev), ap->port_no); -+ return ap->scsi_host ? -+ DEVICE_ACPI_HANDLE(&ap->scsi_host->shost_gendev) : NULL; - } - EXPORT_SYMBOL(ata_ap_acpi_handle); - -@@ -239,28 +240,15 @@ void ata_acpi_dissociate(struct ata_host *host) - } - } - --/** -- * ata_acpi_gtm - execute _GTM -- * @ap: target ATA port -- * @gtm: out parameter for _GTM result -- * -- * Evaluate _GTM and store the result in @gtm. -- * -- * LOCKING: -- * EH context. -- * -- * RETURNS: -- * 0 on success, -ENOENT if _GTM doesn't exist, -errno on failure. -- */ --int ata_acpi_gtm(struct ata_port *ap, struct ata_acpi_gtm *gtm) -+static int __ata_acpi_gtm(struct ata_port *ap, acpi_handle handle, -+ struct ata_acpi_gtm *gtm) - { - struct acpi_buffer output = { .length = ACPI_ALLOCATE_BUFFER }; - union acpi_object *out_obj; - acpi_status status; - int rc = 0; - -- status = acpi_evaluate_object(ata_ap_acpi_handle(ap), "_GTM", NULL, -- &output); -+ status = acpi_evaluate_object(handle, "_GTM", NULL, &output); - - rc = -ENOENT; - if (status == AE_NOT_FOUND) -@@ -294,6 +282,27 @@ int ata_acpi_gtm(struct ata_port *ap, struct ata_acpi_gtm *gtm) - return rc; - } - -+/** -+ * ata_acpi_gtm - execute _GTM -+ * @ap: target ATA port -+ * @gtm: out parameter for _GTM result -+ * -+ * Evaluate _GTM and store the result in @gtm. -+ * -+ * LOCKING: -+ * EH context. -+ * -+ * RETURNS: -+ * 0 on success, -ENOENT if _GTM doesn't exist, -errno on failure. -+ */ -+int ata_acpi_gtm(struct ata_port *ap, struct ata_acpi_gtm *gtm) -+{ -+ if (ata_ap_acpi_handle(ap)) -+ return __ata_acpi_gtm(ap, ata_ap_acpi_handle(ap), gtm); -+ else -+ return -EINVAL; -+} -+ - EXPORT_SYMBOL_GPL(ata_acpi_gtm); - - /** -@@ -1095,7 +1104,7 @@ static int ata_acpi_bind_host(struct ata_port *ap, acpi_handle *handle) - if (!*handle) - return -ENODEV; - -- if (ata_acpi_gtm(ap, &ap->__acpi_init_gtm) == 0) -+ if (__ata_acpi_gtm(ap, *handle, &ap->__acpi_init_gtm) == 0) - ap->pflags |= ATA_PFLAG_INIT_GTM_VALID; - - return 0; -diff --git a/drivers/ata/sata_highbank.c b/drivers/ata/sata_highbank.c -index 5dba77c..b1a664a 100644 ---- a/drivers/ata/sata_highbank.c -+++ b/drivers/ata/sata_highbank.c -@@ -251,7 +251,7 @@ static const struct ata_port_info ahci_highbank_port_info = { - }; - - static struct scsi_host_template ahci_highbank_platform_sht = { -- AHCI_SHT("highbank-ahci"), -+ AHCI_SHT("sata_highbank"), - }; - - static const struct of_device_id ahci_of_match[] = { -diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c -index 93211df..ba780b7 100644 ---- a/drivers/char/tpm/tpm.c -+++ b/drivers/char/tpm/tpm.c -@@ -1291,7 +1291,7 @@ int tpm_pm_suspend(struct device *dev) - { - struct tpm_chip *chip = dev_get_drvdata(dev); - struct tpm_cmd_t cmd; -- int rc; -+ int rc, try; - - u8 dummy_hash[TPM_DIGEST_SIZE] = { 0 }; - -@@ -1309,9 +1309,32 @@ int tpm_pm_suspend(struct device *dev) - } - - /* now do the actual savestate */ -- cmd.header.in = savestate_header; -- rc = transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE, -- "sending savestate before suspend"); -+ for (try = 0; try < TPM_RETRY; try++) { -+ cmd.header.in = savestate_header; -+ rc = transmit_cmd(chip, &cmd, SAVESTATE_RESULT_SIZE, NULL); -+ -+ /* -+ * If the TPM indicates that it is too busy to respond to -+ * this command then retry before giving up. It can take -+ * several seconds for this TPM to be ready. -+ * -+ * This can happen if the TPM has already been sent the -+ * SaveState command before the driver has loaded. TCG 1.2 -+ * specification states that any communication after SaveState -+ * may cause the TPM to invalidate previously saved state. -+ */ -+ if (rc != TPM_WARN_RETRY) -+ break; -+ msleep(TPM_TIMEOUT_RETRY); -+ } -+ -+ if (rc) -+ dev_err(chip->dev, -+ "Error (%d) sending savestate before suspend\n", rc); -+ else if (try > 0) -+ dev_warn(chip->dev, "TPM savestate took %dms\n", -+ try * TPM_TIMEOUT_RETRY); -+ - return rc; - } - EXPORT_SYMBOL_GPL(tpm_pm_suspend); -diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h -index 8ef7649..9c12a52 100644 ---- a/drivers/char/tpm/tpm.h -+++ b/drivers/char/tpm/tpm.h -@@ -32,10 +32,12 @@ enum tpm_const { - TPM_MINOR = 224, /* officially assigned */ - TPM_BUFSIZE = 4096, - TPM_NUM_DEVICES = 256, -+ TPM_RETRY = 50, /* 5 seconds */ - }; - - enum tpm_timeout { - TPM_TIMEOUT = 5, /* msecs */ -+ TPM_TIMEOUT_RETRY = 100 /* msecs */ - }; - - /* TPM addresses */ -@@ -44,6 +46,7 @@ enum tpm_addr { - TPM_ADDR = 0x4E, - }; - -+#define TPM_WARN_RETRY 0x800 - #define TPM_WARN_DOING_SELFTEST 0x802 - #define TPM_ERR_DEACTIVATED 0x6 - #define TPM_ERR_DISABLED 0x7 -diff --git a/drivers/i2c/busses/i2c-xiic.c b/drivers/i2c/busses/i2c-xiic.c -index f042f6d..fd7d66d 100644 ---- a/drivers/i2c/busses/i2c-xiic.c -+++ b/drivers/i2c/busses/i2c-xiic.c -@@ -312,10 +312,8 @@ static void xiic_fill_tx_fifo(struct xiic_i2c *i2c) - /* last message in transfer -> STOP */ - data |= XIIC_TX_DYN_STOP_MASK; - dev_dbg(i2c->adap.dev.parent, "%s TX STOP\n", __func__); -- -- xiic_setreg16(i2c, XIIC_DTR_REG_OFFSET, data); -- } else -- xiic_setreg8(i2c, XIIC_DTR_REG_OFFSET, data); -+ } -+ xiic_setreg16(i2c, XIIC_DTR_REG_OFFSET, data); - } - } - -diff --git a/drivers/md/md.c b/drivers/md/md.c -index f363135..0411bde 100644 ---- a/drivers/md/md.c -+++ b/drivers/md/md.c -@@ -1564,8 +1564,8 @@ static int super_1_load(struct md_rdev *rdev, struct md_rdev *refdev, int minor_ - sector, count, 1) == 0) - return -EINVAL; - } -- } else if (sb->bblog_offset == 0) -- rdev->badblocks.shift = -1; -+ } else if (sb->bblog_offset != 0) -+ rdev->badblocks.shift = 0; - - if (!refdev) { - ret = 1; -@@ -3221,7 +3221,7 @@ int md_rdev_init(struct md_rdev *rdev) - * be used - I wonder if that matters - */ - rdev->badblocks.count = 0; -- rdev->badblocks.shift = 0; -+ rdev->badblocks.shift = -1; /* disabled until explicitly enabled */ - rdev->badblocks.page = kmalloc(PAGE_SIZE, GFP_KERNEL); - seqlock_init(&rdev->badblocks.lock); - if (rdev->badblocks.page == NULL) -@@ -3293,9 +3293,6 @@ static struct md_rdev *md_import_device(dev_t newdev, int super_format, int supe - goto abort_free; - } - } -- if (super_format == -1) -- /* hot-add for 0.90, or non-persistent: so no badblocks */ -- rdev->badblocks.shift = -1; - - return rdev; - -diff --git a/drivers/md/raid1.c b/drivers/md/raid1.c -index fd86b37..6af167f 100644 ---- a/drivers/md/raid1.c -+++ b/drivers/md/raid1.c -@@ -981,7 +981,12 @@ static void raid1_unplug(struct blk_plug_cb *cb, bool from_schedule) - while (bio) { /* submit pending writes */ - struct bio *next = bio->bi_next; - bio->bi_next = NULL; -- generic_make_request(bio); -+ if (unlikely((bio->bi_rw & REQ_DISCARD) && -+ !blk_queue_discard(bdev_get_queue(bio->bi_bdev)))) -+ /* Just ignore it */ -+ bio_endio(bio, 0); -+ else -+ generic_make_request(bio); - bio = next; - } - kfree(plug); -diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index b3898d4..61ab219 100644 ---- a/drivers/md/raid10.c -+++ b/drivers/md/raid10.c -@@ -1087,7 +1087,12 @@ static void raid10_unplug(struct blk_plug_cb *cb, bool from_schedule) - while (bio) { /* submit pending writes */ - struct bio *next = bio->bi_next; - bio->bi_next = NULL; -- generic_make_request(bio); -+ if (unlikely((bio->bi_rw & REQ_DISCARD) && -+ !blk_queue_discard(bdev_get_queue(bio->bi_bdev)))) -+ /* Just ignore it */ -+ bio_endio(bio, 0); -+ else -+ generic_make_request(bio); - bio = next; - } - kfree(plug); -diff --git a/drivers/mfd/adp5520.c b/drivers/mfd/adp5520.c -index 210dd03..6b40e0c 100644 ---- a/drivers/mfd/adp5520.c -+++ b/drivers/mfd/adp5520.c -@@ -36,6 +36,7 @@ struct adp5520_chip { - struct blocking_notifier_head notifier_list; - int irq; - unsigned long id; -+ uint8_t mode; - }; - - static int __adp5520_read(struct i2c_client *client, -@@ -326,7 +327,10 @@ static int adp5520_suspend(struct device *dev) - struct i2c_client *client = to_i2c_client(dev); - struct adp5520_chip *chip = dev_get_drvdata(&client->dev); - -- adp5520_clr_bits(chip->dev, ADP5520_MODE_STATUS, ADP5520_nSTNBY); -+ adp5520_read(chip->dev, ADP5520_MODE_STATUS, &chip->mode); -+ /* All other bits are W1C */ -+ chip->mode &= ADP5520_BL_EN | ADP5520_DIM_EN | ADP5520_nSTNBY; -+ adp5520_write(chip->dev, ADP5520_MODE_STATUS, 0); - return 0; - } - -@@ -335,7 +339,7 @@ static int adp5520_resume(struct device *dev) - struct i2c_client *client = to_i2c_client(dev); - struct adp5520_chip *chip = dev_get_drvdata(&client->dev); - -- adp5520_set_bits(chip->dev, ADP5520_MODE_STATUS, ADP5520_nSTNBY); -+ adp5520_write(chip->dev, ADP5520_MODE_STATUS, chip->mode); - return 0; - } - #endif -diff --git a/drivers/mmc/core/mmc.c b/drivers/mmc/core/mmc.c -index 089e8ea..2743b7d 100644 ---- a/drivers/mmc/core/mmc.c -+++ b/drivers/mmc/core/mmc.c -@@ -368,13 +368,13 @@ static int mmc_read_ext_csd(struct mmc_card *card, u8 *ext_csd) - ext_csd[EXT_CSD_SEC_FEATURE_SUPPORT]; - card->ext_csd.raw_trim_mult = - ext_csd[EXT_CSD_TRIM_MULT]; -+ card->ext_csd.raw_partition_support = ext_csd[EXT_CSD_PARTITION_SUPPORT]; - if (card->ext_csd.rev >= 4) { - /* - * Enhanced area feature support -- check whether the eMMC - * card has the Enhanced area enabled. If so, export enhanced - * area offset and size to user by adding sysfs interface. - */ -- card->ext_csd.raw_partition_support = ext_csd[EXT_CSD_PARTITION_SUPPORT]; - if ((ext_csd[EXT_CSD_PARTITION_SUPPORT] & 0x2) && - (ext_csd[EXT_CSD_PARTITION_ATTRIBUTE] & 0x1)) { - hc_erase_grp_sz = -diff --git a/drivers/mmc/host/Kconfig b/drivers/mmc/host/Kconfig -index 8d13c65..009dabd 100644 ---- a/drivers/mmc/host/Kconfig -+++ b/drivers/mmc/host/Kconfig -@@ -292,16 +292,6 @@ config MMC_ATMELMCI - - If unsure, say N. - --config MMC_ATMELMCI_DMA -- bool "Atmel MCI DMA support" -- depends on MMC_ATMELMCI && (AVR32 || ARCH_AT91SAM9G45) && DMA_ENGINE -- help -- Say Y here to have the Atmel MCI driver use a DMA engine to -- do data transfers and thus increase the throughput and -- reduce the CPU utilization. -- -- If unsure, say N. -- - config MMC_MSM - tristate "Qualcomm SDCC Controller Support" - depends on MMC && ARCH_MSM -diff --git a/drivers/mmc/host/atmel-mci.c b/drivers/mmc/host/atmel-mci.c -index 722af1d..e75774f 100644 ---- a/drivers/mmc/host/atmel-mci.c -+++ b/drivers/mmc/host/atmel-mci.c -@@ -178,6 +178,7 @@ struct atmel_mci { - void __iomem *regs; - - struct scatterlist *sg; -+ unsigned int sg_len; - unsigned int pio_offset; - unsigned int *buffer; - unsigned int buf_size; -@@ -892,6 +893,7 @@ static u32 atmci_prepare_data(struct atmel_mci *host, struct mmc_data *data) - data->error = -EINPROGRESS; - - host->sg = data->sg; -+ host->sg_len = data->sg_len; - host->data = data; - host->data_chan = NULL; - -@@ -1826,7 +1828,8 @@ static void atmci_read_data_pio(struct atmel_mci *host) - if (offset == sg->length) { - flush_dcache_page(sg_page(sg)); - host->sg = sg = sg_next(sg); -- if (!sg) -+ host->sg_len--; -+ if (!sg || !host->sg_len) - goto done; - - offset = 0; -@@ -1839,7 +1842,8 @@ static void atmci_read_data_pio(struct atmel_mci *host) - - flush_dcache_page(sg_page(sg)); - host->sg = sg = sg_next(sg); -- if (!sg) -+ host->sg_len--; -+ if (!sg || !host->sg_len) - goto done; - - offset = 4 - remaining; -@@ -1890,7 +1894,8 @@ static void atmci_write_data_pio(struct atmel_mci *host) - nbytes += 4; - if (offset == sg->length) { - host->sg = sg = sg_next(sg); -- if (!sg) -+ host->sg_len--; -+ if (!sg || !host->sg_len) - goto done; - - offset = 0; -@@ -1904,7 +1909,8 @@ static void atmci_write_data_pio(struct atmel_mci *host) - nbytes += remaining; - - host->sg = sg = sg_next(sg); -- if (!sg) { -+ host->sg_len--; -+ if (!sg || !host->sg_len) { - atmci_writel(host, ATMCI_TDR, value); - goto done; - } -@@ -2487,10 +2493,8 @@ static int __exit atmci_remove(struct platform_device *pdev) - atmci_readl(host, ATMCI_SR); - clk_disable(host->mck); - --#ifdef CONFIG_MMC_ATMELMCI_DMA - if (host->dma.chan) - dma_release_channel(host->dma.chan); --#endif - - free_irq(platform_get_irq(pdev, 0), host); - iounmap(host->regs); -diff --git a/drivers/net/ethernet/freescale/gianfar_ptp.c b/drivers/net/ethernet/freescale/gianfar_ptp.c -index 2e5daee..a3f8a25 100644 ---- a/drivers/net/ethernet/freescale/gianfar_ptp.c -+++ b/drivers/net/ethernet/freescale/gianfar_ptp.c -@@ -127,7 +127,6 @@ struct gianfar_ptp_registers { - - #define DRIVER "gianfar_ptp" - #define DEFAULT_CKSEL 1 --#define N_ALARM 1 /* first alarm is used internally to reset fipers */ - #define N_EXT_TS 2 - #define REG_SIZE sizeof(struct gianfar_ptp_registers) - -@@ -410,7 +409,7 @@ static struct ptp_clock_info ptp_gianfar_caps = { - .owner = THIS_MODULE, - .name = "gianfar clock", - .max_adj = 512000, -- .n_alarm = N_ALARM, -+ .n_alarm = 0, - .n_ext_ts = N_EXT_TS, - .n_per_out = 0, - .pps = 1, -diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c -index 0d03d38..911956e 100644 ---- a/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c -+++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_main.c -@@ -2407,6 +2407,16 @@ static irqreturn_t ixgbe_msix_other(int irq, void *data) - * with the write to EICR. - */ - eicr = IXGBE_READ_REG(hw, IXGBE_EICS); -+ -+ /* The lower 16bits of the EICR register are for the queue interrupts -+ * which should be masked here in order to not accidently clear them if -+ * the bits are high when ixgbe_msix_other is called. There is a race -+ * condition otherwise which results in possible performance loss -+ * especially if the ixgbe_msix_other interrupt is triggering -+ * consistently (as it would when PPS is turned on for the X540 device) -+ */ -+ eicr &= 0xFFFF0000; -+ - IXGBE_WRITE_REG(hw, IXGBE_EICR, eicr); - - if (eicr & IXGBE_EICR_LSC) -diff --git a/drivers/net/wireless/iwlwifi/dvm/debugfs.c b/drivers/net/wireless/iwlwifi/dvm/debugfs.c -index 5b9533e..2c056b1 100644 ---- a/drivers/net/wireless/iwlwifi/dvm/debugfs.c -+++ b/drivers/net/wireless/iwlwifi/dvm/debugfs.c -@@ -2237,15 +2237,15 @@ static ssize_t iwl_dbgfs_log_event_read(struct file *file, - size_t count, loff_t *ppos) - { - struct iwl_priv *priv = file->private_data; -- char *buf; -- int pos = 0; -- ssize_t ret = -ENOMEM; -+ char *buf = NULL; -+ ssize_t ret; - -- ret = pos = iwl_dump_nic_event_log(priv, true, &buf, true); -- if (buf) { -- ret = simple_read_from_buffer(user_buf, count, ppos, buf, pos); -- kfree(buf); -- } -+ ret = iwl_dump_nic_event_log(priv, true, &buf, true); -+ if (ret < 0) -+ goto err; -+ ret = simple_read_from_buffer(user_buf, count, ppos, buf, ret); -+err: -+ kfree(buf); - return ret; - } - -diff --git a/drivers/net/wireless/iwlwifi/dvm/sta.c b/drivers/net/wireless/iwlwifi/dvm/sta.c -index bdba954..a8632a4 100644 ---- a/drivers/net/wireless/iwlwifi/dvm/sta.c -+++ b/drivers/net/wireless/iwlwifi/dvm/sta.c -@@ -707,6 +707,7 @@ void iwl_clear_ucode_stations(struct iwl_priv *priv, - void iwl_restore_stations(struct iwl_priv *priv, struct iwl_rxon_context *ctx) - { - struct iwl_addsta_cmd sta_cmd; -+ static const struct iwl_link_quality_cmd zero_lq = {}; - struct iwl_link_quality_cmd lq; - int i; - bool found = false; -@@ -745,7 +746,9 @@ void iwl_restore_stations(struct iwl_priv *priv, struct iwl_rxon_context *ctx) - else - memcpy(&lq, priv->stations[i].lq, - sizeof(struct iwl_link_quality_cmd)); -- send_lq = true; -+ -+ if (!memcmp(&lq, &zero_lq, sizeof(lq))) -+ send_lq = true; - } - spin_unlock_bh(&priv->sta_lock); - ret = iwl_send_add_sta(priv, &sta_cmd, CMD_SYNC); -diff --git a/drivers/net/wireless/mwifiex/pcie.c b/drivers/net/wireless/mwifiex/pcie.c -index 0bbea88..b7a5387 100644 ---- a/drivers/net/wireless/mwifiex/pcie.c -+++ b/drivers/net/wireless/mwifiex/pcie.c -@@ -1831,9 +1831,9 @@ static void mwifiex_pcie_cleanup(struct mwifiex_adapter *adapter) - if (pdev) { - pci_iounmap(pdev, card->pci_mmap); - pci_iounmap(pdev, card->pci_mmap1); -- -- pci_release_regions(pdev); - pci_disable_device(pdev); -+ pci_release_region(pdev, 2); -+ pci_release_region(pdev, 0); - pci_set_drvdata(pdev, NULL); - } - } -diff --git a/drivers/net/wireless/rt2x00/rt2800lib.c b/drivers/net/wireless/rt2x00/rt2800lib.c -index 197b446..0b55706 100644 ---- a/drivers/net/wireless/rt2x00/rt2800lib.c -+++ b/drivers/net/wireless/rt2x00/rt2800lib.c -@@ -4386,6 +4386,8 @@ static int rt2800_init_rfcsr(struct rt2x00_dev *rt2x00dev) - - if (!rt2x00_rt(rt2x00dev, RT5390) && - !rt2x00_rt(rt2x00dev, RT5392)) { -+ u8 min_gain = rt2x00_rt(rt2x00dev, RT3070) ? 1 : 2; -+ - rt2800_rfcsr_read(rt2x00dev, 17, &rfcsr); - rt2x00_set_field8(&rfcsr, RFCSR17_TX_LO1_EN, 0); - if (rt2x00_rt(rt2x00dev, RT3070) || -@@ -4396,8 +4398,10 @@ static int rt2800_init_rfcsr(struct rt2x00_dev *rt2x00dev) - &rt2x00dev->cap_flags)) - rt2x00_set_field8(&rfcsr, RFCSR17_R, 1); - } -- rt2x00_set_field8(&rfcsr, RFCSR17_TXMIXER_GAIN, -- drv_data->txmixer_gain_24g); -+ if (drv_data->txmixer_gain_24g >= min_gain) { -+ rt2x00_set_field8(&rfcsr, RFCSR17_TXMIXER_GAIN, -+ drv_data->txmixer_gain_24g); -+ } - rt2800_rfcsr_write(rt2x00dev, 17, rfcsr); - } - -diff --git a/drivers/pci/pci.c b/drivers/pci/pci.c -index 5cb5820..d1b4e00 100644 ---- a/drivers/pci/pci.c -+++ b/drivers/pci/pci.c -@@ -651,15 +651,11 @@ static int pci_platform_power_transition(struct pci_dev *dev, pci_power_t state) - error = platform_pci_set_power_state(dev, state); - if (!error) - pci_update_current_state(dev, state); -- /* Fall back to PCI_D0 if native PM is not supported */ -- if (!dev->pm_cap) -- dev->current_state = PCI_D0; -- } else { -+ } else - error = -ENODEV; -- /* Fall back to PCI_D0 if native PM is not supported */ -- if (!dev->pm_cap) -- dev->current_state = PCI_D0; -- } -+ -+ if (error && !dev->pm_cap) /* Fall back to PCI_D0 */ -+ dev->current_state = PCI_D0; - - return error; - } -diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c -index 16630aa..1c77423 100644 ---- a/drivers/rtc/rtc-cmos.c -+++ b/drivers/rtc/rtc-cmos.c -@@ -805,9 +805,8 @@ static int cmos_suspend(struct device *dev) - mask = RTC_IRQMASK; - tmp &= ~mask; - CMOS_WRITE(tmp, RTC_CONTROL); -+ hpet_mask_rtc_irq_bit(mask); - -- /* shut down hpet emulation - we don't need it for alarm */ -- hpet_mask_rtc_irq_bit(RTC_PIE|RTC_AIE|RTC_UIE); - cmos_checkintr(cmos, tmp); - } - spin_unlock_irq(&rtc_lock); -@@ -872,6 +871,7 @@ static int cmos_resume(struct device *dev) - rtc_update_irq(cmos->rtc, 1, mask); - tmp &= ~RTC_AIE; - hpet_mask_rtc_irq_bit(RTC_AIE); -+ hpet_rtc_timer_init(); - } while (mask & RTC_AIE); - spin_unlock_irq(&rtc_lock); - } -diff --git a/drivers/s390/char/sclp_cmd.c b/drivers/s390/char/sclp_cmd.c -index c44d13f..56dcd7c 100644 ---- a/drivers/s390/char/sclp_cmd.c -+++ b/drivers/s390/char/sclp_cmd.c -@@ -567,6 +567,8 @@ static void __init sclp_add_standby_memory(void) - add_memory_merged(0); - } - -+#define MEM_SCT_SIZE (1UL << SECTION_SIZE_BITS) -+ - static void __init insert_increment(u16 rn, int standby, int assigned) - { - struct memory_increment *incr, *new_incr; -@@ -579,7 +581,7 @@ static void __init insert_increment(u16 rn, int standby, int assigned) - new_incr->rn = rn; - new_incr->standby = standby; - if (!standby) -- new_incr->usecount = 1; -+ new_incr->usecount = rzm > MEM_SCT_SIZE ? rzm/MEM_SCT_SIZE : 1; - last_rn = 0; - prev = &sclp_mem_list; - list_for_each_entry(incr, &sclp_mem_list, list) { -diff --git a/drivers/staging/zsmalloc/Kconfig b/drivers/staging/zsmalloc/Kconfig -index 9084565..7fab032 100644 ---- a/drivers/staging/zsmalloc/Kconfig -+++ b/drivers/staging/zsmalloc/Kconfig -@@ -1,5 +1,5 @@ - config ZSMALLOC -- tristate "Memory allocator for compressed pages" -+ bool "Memory allocator for compressed pages" - default n - help - zsmalloc is a slab-based memory allocator designed to store -diff --git a/drivers/staging/zsmalloc/zsmalloc-main.c b/drivers/staging/zsmalloc/zsmalloc-main.c -index 223c736..851a2ff 100644 ---- a/drivers/staging/zsmalloc/zsmalloc-main.c -+++ b/drivers/staging/zsmalloc/zsmalloc-main.c -@@ -657,11 +657,8 @@ static inline void __zs_unmap_object(struct mapping_area *area, - struct page *pages[2], int off, int size) - { - unsigned long addr = (unsigned long)area->vm_addr; -- unsigned long end = addr + (PAGE_SIZE * 2); - -- flush_cache_vunmap(addr, end); -- unmap_kernel_range_noflush(addr, PAGE_SIZE * 2); -- flush_tlb_kernel_range(addr, end); -+ unmap_kernel_range(addr, PAGE_SIZE * 2); - } - - #else /* USE_PGTABLE_MAPPING */ -diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index ac35c90..c830b60 100644 ---- a/drivers/tty/pty.c -+++ b/drivers/tty/pty.c -@@ -675,6 +675,9 @@ static int ptmx_open(struct inode *inode, struct file *filp) - - nonseekable_open(inode, filp); - -+ /* We refuse fsnotify events on ptmx, since it's a shared resource */ -+ filp->f_mode |= FMODE_NONOTIFY; -+ - retval = tty_alloc_file(filp); - if (retval) - return retval; -diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c -index 2c7230a..4293a3e 100644 ---- a/drivers/tty/serial/serial_core.c -+++ b/drivers/tty/serial/serial_core.c -@@ -1940,6 +1940,8 @@ int uart_suspend_port(struct uart_driver *drv, struct uart_port *uport) - mutex_unlock(&port->mutex); - return 0; - } -+ put_device(tty_dev); -+ - if (console_suspend_enabled || !uart_console(uport)) - uport->suspended = 1; - -@@ -2005,9 +2007,11 @@ int uart_resume_port(struct uart_driver *drv, struct uart_port *uport) - disable_irq_wake(uport->irq); - uport->irq_wake = 0; - } -+ put_device(tty_dev); - mutex_unlock(&port->mutex); - return 0; - } -+ put_device(tty_dev); - uport->suspended = 0; - - /* -diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index 892ecda..f34f98d 100644 ---- a/drivers/tty/tty_io.c -+++ b/drivers/tty/tty_io.c -@@ -941,10 +941,10 @@ void start_tty(struct tty_struct *tty) - - EXPORT_SYMBOL(start_tty); - -+/* We limit tty time update visibility to every 8 seconds or so. */ - static void tty_update_time(struct timespec *time) - { -- unsigned long sec = get_seconds(); -- sec -= sec % 60; -+ unsigned long sec = get_seconds() & ~7; - if ((long)(sec - time->tv_sec) > 0) - time->tv_sec = sec; - } -diff --git a/drivers/usb/chipidea/udc.c b/drivers/usb/chipidea/udc.c -index 2f45bba..c0f4066 100644 ---- a/drivers/usb/chipidea/udc.c -+++ b/drivers/usb/chipidea/udc.c -@@ -461,6 +461,8 @@ static int _hardware_enqueue(struct ci13xxx_ep *mEp, struct ci13xxx_req *mReq) - mReq->ptr->page[i] = - (mReq->req.dma + i * CI13XXX_PAGE_SIZE) & ~TD_RESERVED_MASK; - -+ wmb(); -+ - if (!list_empty(&mEp->qh.queue)) { - struct ci13xxx_req *mReqPrev; - int n = hw_ep_bit(mEp->num, mEp->dir); -@@ -561,6 +563,12 @@ __acquires(mEp->lock) - struct ci13xxx_req *mReq = \ - list_entry(mEp->qh.queue.next, - struct ci13xxx_req, queue); -+ -+ if (mReq->zptr) { -+ dma_pool_free(mEp->td_pool, mReq->zptr, mReq->zdma); -+ mReq->zptr = NULL; -+ } -+ - list_del_init(&mReq->queue); - mReq->req.status = -ESHUTDOWN; - -diff --git a/drivers/usb/chipidea/udc.h b/drivers/usb/chipidea/udc.h -index 4ff2384d..d12e8b5 100644 ---- a/drivers/usb/chipidea/udc.h -+++ b/drivers/usb/chipidea/udc.h -@@ -40,7 +40,7 @@ struct ci13xxx_td { - #define TD_CURR_OFFSET (0x0FFFUL << 0) - #define TD_FRAME_NUM (0x07FFUL << 0) - #define TD_RESERVED_MASK (0x0FFFUL << 0) --} __attribute__ ((packed)); -+} __attribute__ ((packed, aligned(4))); - - /* DMA layout of queue heads */ - struct ci13xxx_qh { -@@ -57,7 +57,7 @@ struct ci13xxx_qh { - /* 9 */ - u32 RESERVED; - struct usb_ctrlrequest setup; --} __attribute__ ((packed)); -+} __attribute__ ((packed, aligned(4))); - - /** - * struct ci13xxx_req - usb request representation -diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c -index b78fbe2..ea0a9a1 100644 ---- a/drivers/usb/core/devio.c -+++ b/drivers/usb/core/devio.c -@@ -738,6 +738,8 @@ static int check_ctrlrecip(struct dev_state *ps, unsigned int requesttype, - index &= 0xff; - switch (requesttype & USB_RECIP_MASK) { - case USB_RECIP_ENDPOINT: -+ if ((index & ~USB_DIR_IN) == 0) -+ return 0; - ret = findintfep(ps->dev, index); - if (ret >= 0) - ret = checkintf(ps, ret); -diff --git a/drivers/usb/host/ehci-hcd.c b/drivers/usb/host/ehci-hcd.c -index 416a6dc..83b5a172 100644 ---- a/drivers/usb/host/ehci-hcd.c -+++ b/drivers/usb/host/ehci-hcd.c -@@ -670,9 +670,6 @@ int ehci_setup(struct usb_hcd *hcd) - if (retval) - return retval; - -- if (ehci_is_TDI(ehci)) -- tdi_reset(ehci); -- - ehci_reset(ehci); - - return 0; -diff --git a/drivers/usb/misc/appledisplay.c b/drivers/usb/misc/appledisplay.c -index 0fc6e5f..ba6a5d6 100644 ---- a/drivers/usb/misc/appledisplay.c -+++ b/drivers/usb/misc/appledisplay.c -@@ -63,6 +63,7 @@ static const struct usb_device_id appledisplay_table[] = { - { APPLEDISPLAY_DEVICE(0x9219) }, - { APPLEDISPLAY_DEVICE(0x921c) }, - { APPLEDISPLAY_DEVICE(0x921d) }, -+ { APPLEDISPLAY_DEVICE(0x9236) }, - - /* Terminating entry */ - { } -diff --git a/drivers/usb/serial/ftdi_sio.c b/drivers/usb/serial/ftdi_sio.c -index 8e4f40b..77f78ad 100644 ---- a/drivers/usb/serial/ftdi_sio.c -+++ b/drivers/usb/serial/ftdi_sio.c -@@ -189,6 +189,7 @@ static struct usb_device_id id_table_combined [] = { - { USB_DEVICE(FTDI_VID, FTDI_OPENDCC_THROTTLE_PID) }, - { USB_DEVICE(FTDI_VID, FTDI_OPENDCC_GATEWAY_PID) }, - { USB_DEVICE(FTDI_VID, FTDI_OPENDCC_GBM_PID) }, -+ { USB_DEVICE(FTDI_VID, FTDI_OPENDCC_GBM_BOOST_PID) }, - { USB_DEVICE(NEWPORT_VID, NEWPORT_AGILIS_PID) }, - { USB_DEVICE(INTERBIOMETRICS_VID, INTERBIOMETRICS_IOBOARD_PID) }, - { USB_DEVICE(INTERBIOMETRICS_VID, INTERBIOMETRICS_MINI_IOBOARD_PID) }, -@@ -870,7 +871,9 @@ static struct usb_device_id id_table_combined [] = { - { USB_DEVICE(FTDI_VID, FTDI_DOTEC_PID) }, - { USB_DEVICE(QIHARDWARE_VID, MILKYMISTONE_JTAGSERIAL_PID), - .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk }, -- { USB_DEVICE(ST_VID, ST_STMCLT1030_PID), -+ { USB_DEVICE(ST_VID, ST_STMCLT_2232_PID), -+ .driver_info = (kernel_ulong_t)&ftdi_jtag_quirk }, -+ { USB_DEVICE(ST_VID, ST_STMCLT_4232_PID), - .driver_info = (kernel_ulong_t)&ftdi_stmclite_quirk }, - { USB_DEVICE(FTDI_VID, FTDI_RF_R106) }, - { USB_DEVICE(FTDI_VID, FTDI_DISTORTEC_JTAG_LOCK_PICK_PID), -@@ -1792,20 +1795,24 @@ static int ftdi_8u2232c_probe(struct usb_serial *serial) - } - - /* -- * First and second port on STMCLiteadaptors is reserved for JTAG interface -- * and the forth port for pio -+ * First two ports on JTAG adaptors using an FT4232 such as STMicroelectronics's -+ * ST Micro Connect Lite are reserved for JTAG or other non-UART interfaces and -+ * can be accessed from userspace. -+ * The next two ports are enabled as UARTs by default, where port 2 is -+ * a conventional RS-232 UART. - */ - static int ftdi_stmclite_probe(struct usb_serial *serial) - { - struct usb_device *udev = serial->dev; - struct usb_interface *interface = serial->interface; - -- if (interface == udev->actconfig->interface[2]) -- return 0; -- -- dev_info(&udev->dev, "Ignoring serial port reserved for JTAG\n"); -+ if (interface == udev->actconfig->interface[0] || -+ interface == udev->actconfig->interface[1]) { -+ dev_info(&udev->dev, "Ignoring serial port reserved for JTAG\n"); -+ return -ENODEV; -+ } - -- return -ENODEV; -+ return 0; - } - - /* -diff --git a/drivers/usb/serial/ftdi_sio_ids.h b/drivers/usb/serial/ftdi_sio_ids.h -index e79861e..9852827 100644 ---- a/drivers/usb/serial/ftdi_sio_ids.h -+++ b/drivers/usb/serial/ftdi_sio_ids.h -@@ -74,6 +74,7 @@ - #define FTDI_OPENDCC_THROTTLE_PID 0xBFDA - #define FTDI_OPENDCC_GATEWAY_PID 0xBFDB - #define FTDI_OPENDCC_GBM_PID 0xBFDC -+#define FTDI_OPENDCC_GBM_BOOST_PID 0xBFDD - - /* NZR SEM 16+ USB (http://www.nzr.de) */ - #define FTDI_NZR_SEM_USB_PID 0xC1E0 /* NZR SEM-LOG16+ */ -@@ -1150,7 +1151,8 @@ - * STMicroelectonics - */ - #define ST_VID 0x0483 --#define ST_STMCLT1030_PID 0x3747 /* ST Micro Connect Lite STMCLT1030 */ -+#define ST_STMCLT_2232_PID 0x3746 -+#define ST_STMCLT_4232_PID 0x3747 - - /* - * Papouch products (http://www.papouch.com/) -diff --git a/drivers/usb/serial/option.c b/drivers/usb/serial/option.c -index 558adfc..bff059a 100644 ---- a/drivers/usb/serial/option.c -+++ b/drivers/usb/serial/option.c -@@ -347,6 +347,7 @@ static void option_instat_callback(struct urb *urb); - /* Olivetti products */ - #define OLIVETTI_VENDOR_ID 0x0b3c - #define OLIVETTI_PRODUCT_OLICARD100 0xc000 -+#define OLIVETTI_PRODUCT_OLICARD145 0xc003 - - /* Celot products */ - #define CELOT_VENDOR_ID 0x211f -@@ -1273,6 +1274,7 @@ static const struct usb_device_id option_ids[] = { - { USB_DEVICE(SIEMENS_VENDOR_ID, CINTERION_PRODUCT_HC28_MDMNET) }, - - { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD100) }, -+ { USB_DEVICE(OLIVETTI_VENDOR_ID, OLIVETTI_PRODUCT_OLICARD145) }, - { USB_DEVICE(CELOT_VENDOR_ID, CELOT_PRODUCT_CT680M) }, /* CT-650 CDMA 450 1xEVDO modem */ - { USB_DEVICE(ONDA_VENDOR_ID, ONDA_MT825UP) }, /* ONDA MT825UP modem */ - { USB_DEVICE_AND_INTERFACE_INFO(SAMSUNG_VENDOR_ID, SAMSUNG_PRODUCT_GT_B3730, USB_CLASS_CDC_DATA, 0x00, 0x00) }, /* Samsung GT-B3730 LTE USB modem.*/ -@@ -1350,6 +1352,12 @@ static const struct usb_device_id option_ids[] = { - { USB_DEVICE(TPLINK_VENDOR_ID, TPLINK_PRODUCT_MA180), - .driver_info = (kernel_ulong_t)&net_intf4_blacklist }, - { USB_DEVICE(CHANGHONG_VENDOR_ID, CHANGHONG_PRODUCT_CH690) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d01, 0xff, 0x02, 0x01) }, /* D-Link DWM-156 (variant) */ -+ { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d01, 0xff, 0x00, 0x00) }, /* D-Link DWM-156 (variant) */ -+ { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d02, 0xff, 0x02, 0x01) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d02, 0xff, 0x00, 0x00) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d03, 0xff, 0x02, 0x01) }, -+ { USB_DEVICE_AND_INTERFACE_INFO(0x2001, 0x7d03, 0xff, 0x00, 0x00) }, - { } /* Terminating entry */ - }; - MODULE_DEVICE_TABLE(usb, option_ids); -diff --git a/drivers/usb/storage/cypress_atacb.c b/drivers/usb/storage/cypress_atacb.c -index 070b5c0..d944088 100644 ---- a/drivers/usb/storage/cypress_atacb.c -+++ b/drivers/usb/storage/cypress_atacb.c -@@ -248,14 +248,26 @@ static int cypress_probe(struct usb_interface *intf, - { - struct us_data *us; - int result; -+ struct usb_device *device; - - result = usb_stor_probe1(&us, intf, id, - (id - cypress_usb_ids) + cypress_unusual_dev_list); - if (result) - return result; - -- us->protocol_name = "Transparent SCSI with Cypress ATACB"; -- us->proto_handler = cypress_atacb_passthrough; -+ /* Among CY7C68300 chips, the A revision does not support Cypress ATACB -+ * Filter out this revision from EEPROM default descriptor values -+ */ -+ device = interface_to_usbdev(intf); -+ if (device->descriptor.iManufacturer != 0x38 || -+ device->descriptor.iProduct != 0x4e || -+ device->descriptor.iSerialNumber != 0x64) { -+ us->protocol_name = "Transparent SCSI with Cypress ATACB"; -+ us->proto_handler = cypress_atacb_passthrough; -+ } else { -+ us->protocol_name = "Transparent SCSI"; -+ us->proto_handler = usb_stor_transparent_scsi_command; -+ } - - result = usb_stor_probe2(us); - return result; -diff --git a/drivers/video/console/fbcon.c b/drivers/video/console/fbcon.c -index 501c599..6e696e6 100644 ---- a/drivers/video/console/fbcon.c -+++ b/drivers/video/console/fbcon.c -@@ -1228,6 +1228,8 @@ static void fbcon_deinit(struct vc_data *vc) - finished: - - fbcon_free_font(p, free_font); -+ if (free_font) -+ vc->vc_font.data = NULL; - - if (!con_is_bound(&fb_con)) - fbcon_exit(); -diff --git a/fs/dcache.c b/fs/dcache.c -index c3bbf85..de73da2 100644 ---- a/fs/dcache.c -+++ b/fs/dcache.c -@@ -1232,8 +1232,10 @@ void shrink_dcache_parent(struct dentry * parent) - LIST_HEAD(dispose); - int found; - -- while ((found = select_parent(parent, &dispose)) != 0) -+ while ((found = select_parent(parent, &dispose)) != 0) { - shrink_dentry_list(&dispose); -+ cond_resched(); -+ } - } - EXPORT_SYMBOL(shrink_dcache_parent); - -diff --git a/fs/exec.c b/fs/exec.c -index 20df02c..ac014f1 100644 ---- a/fs/exec.c -+++ b/fs/exec.c -@@ -613,7 +613,7 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) - * when the old and new regions overlap clear from new_end. - */ - free_pgd_range(&tlb, new_end, old_end, new_end, -- vma->vm_next ? vma->vm_next->vm_start : 0); -+ vma->vm_next ? vma->vm_next->vm_start : USER_PGTABLES_CEILING); - } else { - /* - * otherwise, clean from old_start; this is done to not touch -@@ -622,7 +622,7 @@ static int shift_arg_pages(struct vm_area_struct *vma, unsigned long shift) - * for the others its just a little faster. - */ - free_pgd_range(&tlb, old_start, old_end, new_end, -- vma->vm_next ? vma->vm_next->vm_start : 0); -+ vma->vm_next ? vma->vm_next->vm_start : USER_PGTABLES_CEILING); - } - tlb_finish_mmu(&tlb, new_end, old_end); - -@@ -898,11 +898,13 @@ static int de_thread(struct task_struct *tsk) - - sig->notify_count = -1; /* for exit_notify() */ - for (;;) { -+ threadgroup_change_begin(tsk); - write_lock_irq(&tasklist_lock); - if (likely(leader->exit_state)) - break; - __set_current_state(TASK_KILLABLE); - write_unlock_irq(&tasklist_lock); -+ threadgroup_change_end(tsk); - schedule(); - if (unlikely(__fatal_signal_pending(tsk))) - goto killed; -@@ -960,6 +962,7 @@ static int de_thread(struct task_struct *tsk) - if (unlikely(leader->ptrace)) - __wake_up_parent(leader, leader->parent); - write_unlock_irq(&tasklist_lock); -+ threadgroup_change_end(tsk); - - release_task(leader); - } -diff --git a/fs/ext4/Kconfig b/fs/ext4/Kconfig -index 9873587..efea5d5 100644 ---- a/fs/ext4/Kconfig -+++ b/fs/ext4/Kconfig -@@ -71,4 +71,5 @@ config EXT4_DEBUG - Enables run-time debugging support for the ext4 filesystem. - - If you select Y here, then you will be able to turn on debugging -- with a command such as "echo 1 > /sys/kernel/debug/ext4/mballoc-debug" -+ with a command such as: -+ echo 1 > /sys/module/ext4/parameters/mballoc_debug -diff --git a/fs/ext4/ext4_jbd2.h b/fs/ext4/ext4_jbd2.h -index 7177f9b..dbd9ae1 100644 ---- a/fs/ext4/ext4_jbd2.h -+++ b/fs/ext4/ext4_jbd2.h -@@ -170,16 +170,20 @@ static inline void ext4_journal_callback_add(handle_t *handle, - * ext4_journal_callback_del: delete a registered callback - * @handle: active journal transaction handle on which callback was registered - * @jce: registered journal callback entry to unregister -+ * Return true if object was sucessfully removed - */ --static inline void ext4_journal_callback_del(handle_t *handle, -+static inline bool ext4_journal_callback_try_del(handle_t *handle, - struct ext4_journal_cb_entry *jce) - { -+ bool deleted; - struct ext4_sb_info *sbi = - EXT4_SB(handle->h_transaction->t_journal->j_private); - - spin_lock(&sbi->s_md_lock); -+ deleted = !list_empty(&jce->jce_list); - list_del_init(&jce->jce_list); - spin_unlock(&sbi->s_md_lock); -+ return deleted; - } - - int -diff --git a/fs/ext4/fsync.c b/fs/ext4/fsync.c -index 3278e64..e0ba8a4 100644 ---- a/fs/ext4/fsync.c -+++ b/fs/ext4/fsync.c -@@ -166,8 +166,7 @@ int ext4_sync_file(struct file *file, loff_t start, loff_t end, int datasync) - if (journal->j_flags & JBD2_BARRIER && - !jbd2_trans_will_send_data_barrier(journal, commit_tid)) - needs_barrier = true; -- jbd2_log_start_commit(journal, commit_tid); -- ret = jbd2_log_wait_commit(journal, commit_tid); -+ ret = jbd2_complete_transaction(journal, commit_tid); - if (needs_barrier) { - err = blkdev_issue_flush(inode->i_sb->s_bdev, GFP_KERNEL, NULL); - if (!ret) -diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c -index 22c5c67..c0fbd96 100644 ---- a/fs/ext4/inode.c -+++ b/fs/ext4/inode.c -@@ -55,21 +55,21 @@ static __u32 ext4_inode_csum(struct inode *inode, struct ext4_inode *raw, - __u16 csum_hi = 0; - __u32 csum; - -- csum_lo = raw->i_checksum_lo; -+ csum_lo = le16_to_cpu(raw->i_checksum_lo); - raw->i_checksum_lo = 0; - if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE && - EXT4_FITS_IN_INODE(raw, ei, i_checksum_hi)) { -- csum_hi = raw->i_checksum_hi; -+ csum_hi = le16_to_cpu(raw->i_checksum_hi); - raw->i_checksum_hi = 0; - } - - csum = ext4_chksum(sbi, ei->i_csum_seed, (__u8 *)raw, - EXT4_INODE_SIZE(inode->i_sb)); - -- raw->i_checksum_lo = csum_lo; -+ raw->i_checksum_lo = cpu_to_le16(csum_lo); - if (EXT4_INODE_SIZE(inode->i_sb) > EXT4_GOOD_OLD_INODE_SIZE && - EXT4_FITS_IN_INODE(raw, ei, i_checksum_hi)) -- raw->i_checksum_hi = csum_hi; -+ raw->i_checksum_hi = cpu_to_le16(csum_hi); - - return csum; - } -@@ -216,8 +216,7 @@ void ext4_evict_inode(struct inode *inode) - journal_t *journal = EXT4_SB(inode->i_sb)->s_journal; - tid_t commit_tid = EXT4_I(inode)->i_datasync_tid; - -- jbd2_log_start_commit(journal, commit_tid); -- jbd2_log_wait_commit(journal, commit_tid); -+ jbd2_complete_transaction(journal, commit_tid); - filemap_write_and_wait(&inode->i_data); - } - truncate_inode_pages(&inode->i_data, 0); -diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index 82f8c2d..b443e62 100644 ---- a/fs/ext4/mballoc.c -+++ b/fs/ext4/mballoc.c -@@ -4449,11 +4449,11 @@ ext4_mb_free_metadata(handle_t *handle, struct ext4_buddy *e4b, - node = rb_prev(new_node); - if (node) { - entry = rb_entry(node, struct ext4_free_data, efd_node); -- if (can_merge(entry, new_entry)) { -+ if (can_merge(entry, new_entry) && -+ ext4_journal_callback_try_del(handle, &entry->efd_jce)) { - new_entry->efd_start_cluster = entry->efd_start_cluster; - new_entry->efd_count += entry->efd_count; - rb_erase(node, &(db->bb_free_root)); -- ext4_journal_callback_del(handle, &entry->efd_jce); - kmem_cache_free(ext4_free_data_cachep, entry); - } - } -@@ -4461,10 +4461,10 @@ ext4_mb_free_metadata(handle_t *handle, struct ext4_buddy *e4b, - node = rb_next(new_node); - if (node) { - entry = rb_entry(node, struct ext4_free_data, efd_node); -- if (can_merge(new_entry, entry)) { -+ if (can_merge(new_entry, entry) && -+ ext4_journal_callback_try_del(handle, &entry->efd_jce)) { - new_entry->efd_count += entry->efd_count; - rb_erase(node, &(db->bb_free_root)); -- ext4_journal_callback_del(handle, &entry->efd_jce); - kmem_cache_free(ext4_free_data_cachep, entry); - } - } -diff --git a/fs/ext4/mmp.c b/fs/ext4/mmp.c -index 44734f1..fe201c6 100644 ---- a/fs/ext4/mmp.c -+++ b/fs/ext4/mmp.c -@@ -7,7 +7,7 @@ - #include "ext4.h" - - /* Checksumming functions */ --static __u32 ext4_mmp_csum(struct super_block *sb, struct mmp_struct *mmp) -+static __le32 ext4_mmp_csum(struct super_block *sb, struct mmp_struct *mmp) - { - struct ext4_sb_info *sbi = EXT4_SB(sb); - int offset = offsetof(struct mmp_struct, mmp_checksum); -diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c -index 9eace36..a2fe9f5 100644 ---- a/fs/ext4/resize.c -+++ b/fs/ext4/resize.c -@@ -1341,6 +1341,8 @@ static void ext4_update_super(struct super_block *sb, - - /* Update the global fs size fields */ - sbi->s_groups_count += flex_gd->count; -+ sbi->s_blockfile_groups = min_t(ext4_group_t, sbi->s_groups_count, -+ (EXT4_MAX_BLOCK_FILE_PHYS / EXT4_BLOCKS_PER_GROUP(sb))); - - /* Update the reserved block counts only once the new group is - * active. */ -diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 24c767d..5575a45 100644 ---- a/fs/ext4/super.c -+++ b/fs/ext4/super.c -@@ -452,10 +452,13 @@ static void ext4_journal_commit_callback(journal_t *journal, transaction_t *txn) - struct super_block *sb = journal->j_private; - struct ext4_sb_info *sbi = EXT4_SB(sb); - int error = is_journal_aborted(journal); -- struct ext4_journal_cb_entry *jce, *tmp; -+ struct ext4_journal_cb_entry *jce; - -+ BUG_ON(txn->t_state == T_FINISHED); - spin_lock(&sbi->s_md_lock); -- list_for_each_entry_safe(jce, tmp, &txn->t_private_list, jce_list) { -+ while (!list_empty(&txn->t_private_list)) { -+ jce = list_entry(txn->t_private_list.next, -+ struct ext4_journal_cb_entry, jce_list); - list_del_init(&jce->jce_list); - spin_unlock(&sbi->s_md_lock); - jce->jce_func(sb, jce, error); -diff --git a/fs/fscache/stats.c b/fs/fscache/stats.c -index 8179e8b..40d13c7 100644 ---- a/fs/fscache/stats.c -+++ b/fs/fscache/stats.c -@@ -287,5 +287,5 @@ const struct file_operations fscache_stats_fops = { - .open = fscache_stats_open, - .read = seq_read, - .llseek = seq_lseek, -- .release = seq_release, -+ .release = single_release, - }; -diff --git a/fs/jbd2/commit.c b/fs/jbd2/commit.c -index 3091d42..069bf58 100644 ---- a/fs/jbd2/commit.c -+++ b/fs/jbd2/commit.c -@@ -382,7 +382,7 @@ void jbd2_journal_commit_transaction(journal_t *journal) - int space_left = 0; - int first_tag = 0; - int tag_flag; -- int i, to_free = 0; -+ int i; - int tag_bytes = journal_tag_bytes(journal); - struct buffer_head *cbh = NULL; /* For transactional checksums */ - __u32 crc32_sum = ~0; -@@ -1126,7 +1126,7 @@ restart_loop: - journal->j_stats.run.rs_blocks_logged += stats.run.rs_blocks_logged; - spin_unlock(&journal->j_history_lock); - -- commit_transaction->t_state = T_FINISHED; -+ commit_transaction->t_state = T_COMMIT_CALLBACK; - J_ASSERT(commit_transaction == journal->j_committing_transaction); - journal->j_commit_sequence = commit_transaction->t_tid; - journal->j_committing_transaction = NULL; -@@ -1141,38 +1141,44 @@ restart_loop: - journal->j_average_commit_time*3) / 4; - else - journal->j_average_commit_time = commit_time; -+ - write_unlock(&journal->j_state_lock); - -- if (commit_transaction->t_checkpoint_list == NULL && -- commit_transaction->t_checkpoint_io_list == NULL) { -- __jbd2_journal_drop_transaction(journal, commit_transaction); -- to_free = 1; -+ if (journal->j_checkpoint_transactions == NULL) { -+ journal->j_checkpoint_transactions = commit_transaction; -+ commit_transaction->t_cpnext = commit_transaction; -+ commit_transaction->t_cpprev = commit_transaction; - } else { -- if (journal->j_checkpoint_transactions == NULL) { -- journal->j_checkpoint_transactions = commit_transaction; -- commit_transaction->t_cpnext = commit_transaction; -- commit_transaction->t_cpprev = commit_transaction; -- } else { -- commit_transaction->t_cpnext = -- journal->j_checkpoint_transactions; -- commit_transaction->t_cpprev = -- commit_transaction->t_cpnext->t_cpprev; -- commit_transaction->t_cpnext->t_cpprev = -- commit_transaction; -- commit_transaction->t_cpprev->t_cpnext = -+ commit_transaction->t_cpnext = -+ journal->j_checkpoint_transactions; -+ commit_transaction->t_cpprev = -+ commit_transaction->t_cpnext->t_cpprev; -+ commit_transaction->t_cpnext->t_cpprev = -+ commit_transaction; -+ commit_transaction->t_cpprev->t_cpnext = - commit_transaction; -- } - } - spin_unlock(&journal->j_list_lock); -- -+ /* Drop all spin_locks because commit_callback may be block. -+ * __journal_remove_checkpoint() can not destroy transaction -+ * under us because it is not marked as T_FINISHED yet */ - if (journal->j_commit_callback) - journal->j_commit_callback(journal, commit_transaction); - - trace_jbd2_end_commit(journal, commit_transaction); - jbd_debug(1, "JBD2: commit %d complete, head %d\n", - journal->j_commit_sequence, journal->j_tail_sequence); -- if (to_free) -- jbd2_journal_free_transaction(commit_transaction); - -+ write_lock(&journal->j_state_lock); -+ spin_lock(&journal->j_list_lock); -+ commit_transaction->t_state = T_FINISHED; -+ /* Recheck checkpoint lists after j_list_lock was dropped */ -+ if (commit_transaction->t_checkpoint_list == NULL && -+ commit_transaction->t_checkpoint_io_list == NULL) { -+ __jbd2_journal_drop_transaction(journal, commit_transaction); -+ jbd2_journal_free_transaction(commit_transaction); -+ } -+ spin_unlock(&journal->j_list_lock); -+ write_unlock(&journal->j_state_lock); - wake_up(&journal->j_wait_done_commit); - } -diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c -index dbf41f9..42f8cf6c 100644 ---- a/fs/jbd2/journal.c -+++ b/fs/jbd2/journal.c -@@ -698,6 +698,37 @@ int jbd2_log_wait_commit(journal_t *journal, tid_t tid) - } - - /* -+ * When this function returns the transaction corresponding to tid -+ * will be completed. If the transaction has currently running, start -+ * committing that transaction before waiting for it to complete. If -+ * the transaction id is stale, it is by definition already completed, -+ * so just return SUCCESS. -+ */ -+int jbd2_complete_transaction(journal_t *journal, tid_t tid) -+{ -+ int need_to_wait = 1; -+ -+ read_lock(&journal->j_state_lock); -+ if (journal->j_running_transaction && -+ journal->j_running_transaction->t_tid == tid) { -+ if (journal->j_commit_request != tid) { -+ /* transaction not yet started, so request it */ -+ read_unlock(&journal->j_state_lock); -+ jbd2_log_start_commit(journal, tid); -+ goto wait_commit; -+ } -+ } else if (!(journal->j_committing_transaction && -+ journal->j_committing_transaction->t_tid == tid)) -+ need_to_wait = 0; -+ read_unlock(&journal->j_state_lock); -+ if (!need_to_wait) -+ return 0; -+wait_commit: -+ return jbd2_log_wait_commit(journal, tid); -+} -+EXPORT_SYMBOL(jbd2_complete_transaction); -+ -+/* - * Log buffer allocation routines: - */ - -diff --git a/fs/lockd/clntlock.c b/fs/lockd/clntlock.c -index ca0a080..193f04c 100644 ---- a/fs/lockd/clntlock.c -+++ b/fs/lockd/clntlock.c -@@ -144,6 +144,9 @@ int nlmclnt_block(struct nlm_wait *block, struct nlm_rqst *req, long timeout) - timeout); - if (ret < 0) - return -ERESTARTSYS; -+ /* Reset the lock status after a server reboot so we resend */ -+ if (block->b_status == nlm_lck_denied_grace_period) -+ block->b_status = nlm_lck_blocked; - req->a_res.status = block->b_status; - return 0; - } -diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c -index 52e5120..54f9e6c 100644 ---- a/fs/lockd/clntproc.c -+++ b/fs/lockd/clntproc.c -@@ -550,9 +550,6 @@ again: - status = nlmclnt_block(block, req, NLMCLNT_POLL_TIMEOUT); - if (status < 0) - break; -- /* Resend the blocking lock request after a server reboot */ -- if (resp->status == nlm_lck_denied_grace_period) -- continue; - if (resp->status != nlm_lck_blocked) - break; - } -diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c -index 3d905e3..51d53a4 100644 ---- a/fs/nfs/nfs4proc.c -+++ b/fs/nfs/nfs4proc.c -@@ -1374,6 +1374,12 @@ int nfs4_open_delegation_recall(struct nfs_open_context *ctx, struct nfs4_state - case -ENOMEM: - err = 0; - goto out; -+ case -NFS4ERR_DELAY: -+ case -NFS4ERR_GRACE: -+ set_bit(NFS_DELEGATED_STATE, &state->flags); -+ ssleep(1); -+ err = -EAGAIN; -+ goto out; - } - err = nfs4_handle_exception(server, err, &exception); - } while (exception.retry); -diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c -index 9d1c5db..ec668e1 100644 ---- a/fs/nfsd/nfs4proc.c -+++ b/fs/nfsd/nfs4proc.c -@@ -931,14 +931,14 @@ nfsd4_write(struct svc_rqst *rqstp, struct nfsd4_compound_state *cstate, - nfs4_lock_state(); - status = nfs4_preprocess_stateid_op(SVC_NET(rqstp), - cstate, stateid, WR_STATE, &filp); -- if (filp) -- get_file(filp); -- nfs4_unlock_state(); -- - if (status) { -+ nfs4_unlock_state(); - dprintk("NFSD: nfsd4_write: couldn't process stateid!\n"); - return status; - } -+ if (filp) -+ get_file(filp); -+ nfs4_unlock_state(); - - cnt = write->wr_buflen; - write->wr_how_written = write->wr_stable_how; -diff --git a/fs/nfsd/nfs4state.c b/fs/nfsd/nfs4state.c -index a8309c6..53a7c64 100644 ---- a/fs/nfsd/nfs4state.c -+++ b/fs/nfsd/nfs4state.c -@@ -210,13 +210,7 @@ static void __nfs4_file_put_access(struct nfs4_file *fp, int oflag) - { - if (atomic_dec_and_test(&fp->fi_access[oflag])) { - nfs4_file_put_fd(fp, oflag); -- /* -- * It's also safe to get rid of the RDWR open *if* -- * we no longer have need of the other kind of access -- * or if we already have the other kind of open: -- */ -- if (fp->fi_fds[1-oflag] -- || atomic_read(&fp->fi_access[1 - oflag]) == 0) -+ if (atomic_read(&fp->fi_access[1 - oflag]) == 0) - nfs4_file_put_fd(fp, O_RDWR); - } - } -diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c -index d1dd710..cd5e6c1 100644 ---- a/fs/nfsd/nfs4xdr.c -+++ b/fs/nfsd/nfs4xdr.c -@@ -344,10 +344,7 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval, - all 32 bits of 'nseconds'. */ - READ_BUF(12); - len += 12; -- READ32(dummy32); -- if (dummy32) -- return nfserr_inval; -- READ32(iattr->ia_atime.tv_sec); -+ READ64(iattr->ia_atime.tv_sec); - READ32(iattr->ia_atime.tv_nsec); - if (iattr->ia_atime.tv_nsec >= (u32)1000000000) - return nfserr_inval; -@@ -370,10 +367,7 @@ nfsd4_decode_fattr(struct nfsd4_compoundargs *argp, u32 *bmval, - all 32 bits of 'nseconds'. */ - READ_BUF(12); - len += 12; -- READ32(dummy32); -- if (dummy32) -- return nfserr_inval; -- READ32(iattr->ia_mtime.tv_sec); -+ READ64(iattr->ia_mtime.tv_sec); - READ32(iattr->ia_mtime.tv_nsec); - if (iattr->ia_mtime.tv_nsec >= (u32)1000000000) - return nfserr_inval; -@@ -2386,8 +2380,7 @@ out_acl: - if (bmval1 & FATTR4_WORD1_TIME_ACCESS) { - if ((buflen -= 12) < 0) - goto out_resource; -- WRITE32(0); -- WRITE32(stat.atime.tv_sec); -+ WRITE64((s64)stat.atime.tv_sec); - WRITE32(stat.atime.tv_nsec); - } - if (bmval1 & FATTR4_WORD1_TIME_DELTA) { -@@ -2400,15 +2393,13 @@ out_acl: - if (bmval1 & FATTR4_WORD1_TIME_METADATA) { - if ((buflen -= 12) < 0) - goto out_resource; -- WRITE32(0); -- WRITE32(stat.ctime.tv_sec); -+ WRITE64((s64)stat.ctime.tv_sec); - WRITE32(stat.ctime.tv_nsec); - } - if (bmval1 & FATTR4_WORD1_TIME_MODIFY) { - if ((buflen -= 12) < 0) - goto out_resource; -- WRITE32(0); -- WRITE32(stat.mtime.tv_sec); -+ WRITE64((s64)stat.mtime.tv_sec); - WRITE32(stat.mtime.tv_nsec); - } - if (bmval1 & FATTR4_WORD1_MOUNTED_ON_FILEID) { -diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c -index 07f7a92..595343e 100644 ---- a/fs/notify/inotify/inotify_user.c -+++ b/fs/notify/inotify/inotify_user.c -@@ -574,7 +574,6 @@ static int inotify_update_existing_watch(struct fsnotify_group *group, - int add = (arg & IN_MASK_ADD); - int ret; - -- /* don't allow invalid bits: we don't want flags set */ - mask = inotify_arg_to_mask(arg); - - fsn_mark = fsnotify_find_inode_mark(group, inode); -@@ -625,7 +624,6 @@ static int inotify_new_watch(struct fsnotify_group *group, - struct idr *idr = &group->inotify_data.idr; - spinlock_t *idr_lock = &group->inotify_data.idr_lock; - -- /* don't allow invalid bits: we don't want flags set */ - mask = inotify_arg_to_mask(arg); - - tmp_i_mark = kmem_cache_alloc(inotify_inode_mark_cachep, GFP_KERNEL); -@@ -753,6 +751,10 @@ SYSCALL_DEFINE3(inotify_add_watch, int, fd, const char __user *, pathname, - int ret; - unsigned flags = 0; - -+ /* don't allow invalid bits: we don't want flags set */ -+ if (unlikely(!(mask & ALL_INOTIFY_BITS))) -+ return -EINVAL; -+ - f = fdget(fd); - if (unlikely(!f.file)) - return -EBADF; -diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c -index 1f8c823..d924812 100644 ---- a/fs/sysfs/dir.c -+++ b/fs/sysfs/dir.c -@@ -1012,6 +1012,7 @@ static int sysfs_readdir(struct file * filp, void * dirent, filldir_t filldir) - enum kobj_ns_type type; - const void *ns; - ino_t ino; -+ loff_t off; - - type = sysfs_ns_type(parent_sd); - ns = sysfs_info(dentry->d_sb)->ns[type]; -@@ -1034,6 +1035,7 @@ static int sysfs_readdir(struct file * filp, void * dirent, filldir_t filldir) - return 0; - } - mutex_lock(&sysfs_mutex); -+ off = filp->f_pos; - for (pos = sysfs_dir_pos(ns, parent_sd, filp->f_pos, pos); - pos; - pos = sysfs_dir_next_pos(ns, parent_sd, filp->f_pos, pos)) { -@@ -1045,19 +1047,24 @@ static int sysfs_readdir(struct file * filp, void * dirent, filldir_t filldir) - len = strlen(name); - ino = pos->s_ino; - type = dt_type(pos); -- filp->f_pos = pos->s_hash; -+ off = filp->f_pos = pos->s_hash; - filp->private_data = sysfs_get(pos); - - mutex_unlock(&sysfs_mutex); -- ret = filldir(dirent, name, len, filp->f_pos, ino, type); -+ ret = filldir(dirent, name, len, off, ino, type); - mutex_lock(&sysfs_mutex); - if (ret < 0) - break; - } - mutex_unlock(&sysfs_mutex); -- if ((filp->f_pos > 1) && !pos) { /* EOF */ -- filp->f_pos = INT_MAX; -+ -+ /* don't reference last entry if its refcount is dropped */ -+ if (!pos) { - filp->private_data = NULL; -+ -+ /* EOF and not changed as 0 or 1 in read/write path */ -+ if (off == filp->f_pos && off > 1) -+ filp->f_pos = INT_MAX; - } - return 0; - } -diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h -index 5cf680a..f50a87d 100644 ---- a/include/asm-generic/pgtable.h -+++ b/include/asm-generic/pgtable.h -@@ -7,6 +7,16 @@ - #include <linux/mm_types.h> - #include <linux/bug.h> - -+/* -+ * On almost all architectures and configurations, 0 can be used as the -+ * upper ceiling to free_pgtables(): on many architectures it has the same -+ * effect as using TASK_SIZE. However, there is one configuration which -+ * must impose a more careful limit, to avoid freeing kernel pgtables. -+ */ -+#ifndef USER_PGTABLES_CEILING -+#define USER_PGTABLES_CEILING 0UL -+#endif -+ - #ifndef __HAVE_ARCH_PTEP_SET_ACCESS_FLAGS - extern int ptep_set_access_flags(struct vm_area_struct *vma, - unsigned long address, pte_t *ptep, -diff --git a/include/linux/cgroup.h b/include/linux/cgroup.h -index 7d73905..2322df7 100644 ---- a/include/linux/cgroup.h -+++ b/include/linux/cgroup.h -@@ -303,9 +303,6 @@ struct cftype { - /* CFTYPE_* flags */ - unsigned int flags; - -- /* file xattrs */ -- struct simple_xattrs xattrs; -- - int (*open)(struct inode *inode, struct file *file); - ssize_t (*read)(struct cgroup *cgrp, struct cftype *cft, - struct file *file, -diff --git a/include/linux/ipc_namespace.h b/include/linux/ipc_namespace.h -index ae221a7..c4d870b 100644 ---- a/include/linux/ipc_namespace.h -+++ b/include/linux/ipc_namespace.h -@@ -43,8 +43,8 @@ struct ipc_namespace { - - size_t shm_ctlmax; - size_t shm_ctlall; -+ unsigned long shm_tot; - int shm_ctlmni; -- int shm_tot; - /* - * Defines whether IPC_RMID is forced for _all_ shm segments regardless - * of shmctl() -diff --git a/include/linux/jbd2.h b/include/linux/jbd2.h -index e30b663..383bef0 100644 ---- a/include/linux/jbd2.h -+++ b/include/linux/jbd2.h -@@ -498,6 +498,7 @@ struct transaction_s - T_COMMIT, - T_COMMIT_DFLUSH, - T_COMMIT_JFLUSH, -+ T_COMMIT_CALLBACK, - T_FINISHED - } t_state; - -@@ -1210,6 +1211,7 @@ int __jbd2_log_start_commit(journal_t *journal, tid_t tid); - int jbd2_journal_start_commit(journal_t *journal, tid_t *tid); - int jbd2_journal_force_commit_nested(journal_t *journal); - int jbd2_log_wait_commit(journal_t *journal, tid_t tid); -+int jbd2_complete_transaction(journal_t *journal, tid_t tid); - int jbd2_log_do_checkpoint(journal_t *journal); - int jbd2_trans_will_send_data_barrier(journal_t *journal, tid_t tid); - -diff --git a/include/linux/sched.h b/include/linux/sched.h -index 7e49270..f5ad26e 100644 ---- a/include/linux/sched.h -+++ b/include/linux/sched.h -@@ -2486,27 +2486,18 @@ static inline void threadgroup_change_end(struct task_struct *tsk) - * - * Lock the threadgroup @tsk belongs to. No new task is allowed to enter - * and member tasks aren't allowed to exit (as indicated by PF_EXITING) or -- * perform exec. This is useful for cases where the threadgroup needs to -- * stay stable across blockable operations. -+ * change ->group_leader/pid. This is useful for cases where the threadgroup -+ * needs to stay stable across blockable operations. - * - * fork and exit paths explicitly call threadgroup_change_{begin|end}() for - * synchronization. While held, no new task will be added to threadgroup - * and no existing live task will have its PF_EXITING set. - * -- * During exec, a task goes and puts its thread group through unusual -- * changes. After de-threading, exclusive access is assumed to resources -- * which are usually shared by tasks in the same group - e.g. sighand may -- * be replaced with a new one. Also, the exec'ing task takes over group -- * leader role including its pid. Exclude these changes while locked by -- * grabbing cred_guard_mutex which is used to synchronize exec path. -+ * de_thread() does threadgroup_change_{begin|end}() when a non-leader -+ * sub-thread becomes a new leader. - */ - static inline void threadgroup_lock(struct task_struct *tsk) - { -- /* -- * exec uses exit for de-threading nesting group_rwsem inside -- * cred_guard_mutex. Grab cred_guard_mutex first. -- */ -- mutex_lock(&tsk->signal->cred_guard_mutex); - down_write(&tsk->signal->group_rwsem); - } - -@@ -2519,7 +2510,6 @@ static inline void threadgroup_lock(struct task_struct *tsk) - static inline void threadgroup_unlock(struct task_struct *tsk) - { - up_write(&tsk->signal->group_rwsem); -- mutex_unlock(&tsk->signal->cred_guard_mutex); - } - #else - static inline void threadgroup_change_begin(struct task_struct *tsk) {} -diff --git a/include/sound/emu10k1.h b/include/sound/emu10k1.h -index f841ba4..dfb42ca 100644 ---- a/include/sound/emu10k1.h -+++ b/include/sound/emu10k1.h -@@ -1787,6 +1787,7 @@ struct snd_emu10k1 { - unsigned int next_free_voice; - - const struct firmware *firmware; -+ const struct firmware *dock_fw; - - #ifdef CONFIG_PM_SLEEP - unsigned int *saved_ptr; -diff --git a/ipc/shm.c b/ipc/shm.c -index 4fa6d8f..9bab650 100644 ---- a/ipc/shm.c -+++ b/ipc/shm.c -@@ -462,7 +462,7 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) - size_t size = params->u.size; - int error; - struct shmid_kernel *shp; -- int numpages = (size + PAGE_SIZE -1) >> PAGE_SHIFT; -+ size_t numpages = (size + PAGE_SIZE - 1) >> PAGE_SHIFT; - struct file * file; - char name[13]; - int id; -diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index 1e23664..cddf1d9 100644 ---- a/kernel/cgroup.c -+++ b/kernel/cgroup.c -@@ -162,6 +162,9 @@ struct cfent { - struct list_head node; - struct dentry *dentry; - struct cftype *type; -+ -+ /* file xattrs */ -+ struct simple_xattrs xattrs; - }; - - /* -@@ -908,13 +911,12 @@ static void cgroup_diput(struct dentry *dentry, struct inode *inode) - } else { - struct cfent *cfe = __d_cfe(dentry); - struct cgroup *cgrp = dentry->d_parent->d_fsdata; -- struct cftype *cft = cfe->type; - - WARN_ONCE(!list_empty(&cfe->node) && - cgrp != &cgrp->root->top_cgroup, - "cfe still linked for %s\n", cfe->type->name); -+ simple_xattrs_free(&cfe->xattrs); - kfree(cfe); -- simple_xattrs_free(&cft->xattrs); - } - iput(inode); - } -@@ -2066,7 +2068,7 @@ static int cgroup_attach_proc(struct cgroup *cgrp, struct task_struct *leader) - if (!group) - return -ENOMEM; - /* pre-allocate to guarantee space while iterating in rcu read-side. */ -- retval = flex_array_prealloc(group, 0, group_size - 1, GFP_KERNEL); -+ retval = flex_array_prealloc(group, 0, group_size, GFP_KERNEL); - if (retval) - goto out_free_group_list; - -@@ -2553,7 +2555,7 @@ static struct simple_xattrs *__d_xattrs(struct dentry *dentry) - if (S_ISDIR(dentry->d_inode->i_mode)) - return &__d_cgrp(dentry)->xattrs; - else -- return &__d_cft(dentry)->xattrs; -+ return &__d_cfe(dentry)->xattrs; - } - - static inline int xattr_enabled(struct dentry *dentry) -@@ -2729,8 +2731,6 @@ static int cgroup_add_file(struct cgroup *cgrp, struct cgroup_subsys *subsys, - umode_t mode; - char name[MAX_CGROUP_TYPE_NAMELEN + MAX_CFTYPE_NAME + 2] = { 0 }; - -- simple_xattrs_init(&cft->xattrs); -- - if (subsys && !test_bit(ROOT_NOPREFIX, &cgrp->root->flags)) { - strcpy(name, subsys->name); - strcat(name, "."); -@@ -2755,6 +2755,7 @@ static int cgroup_add_file(struct cgroup *cgrp, struct cgroup_subsys *subsys, - cfe->type = (void *)cft; - cfe->dentry = dentry; - dentry->d_fsdata = cfe; -+ simple_xattrs_init(&cfe->xattrs); - list_add_tail(&cfe->node, &parent->files); - cfe = NULL; - } -diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index e4cee8d..60f7e32 100644 ---- a/kernel/hrtimer.c -+++ b/kernel/hrtimer.c -@@ -298,6 +298,10 @@ ktime_t ktime_sub_ns(const ktime_t kt, u64 nsec) - } else { - unsigned long rem = do_div(nsec, NSEC_PER_SEC); - -+ /* Make sure nsec fits into long */ -+ if (unlikely(nsec > KTIME_SEC_MAX)) -+ return (ktime_t){ .tv64 = KTIME_MAX }; -+ - tmp = ktime_set((long)nsec, rem); - } - -@@ -1308,6 +1312,8 @@ retry: - - expires = ktime_sub(hrtimer_get_expires(timer), - base->offset); -+ if (expires.tv64 < 0) -+ expires.tv64 = KTIME_MAX; - if (expires.tv64 < expires_next.tv64) - expires_next = expires; - break; -diff --git a/kernel/rcutree_trace.c b/kernel/rcutree_trace.c -index 0d095dc..93f8e8f 100644 ---- a/kernel/rcutree_trace.c -+++ b/kernel/rcutree_trace.c -@@ -97,7 +97,7 @@ static const struct file_operations rcubarrier_fops = { - .open = rcubarrier_open, - .read = seq_read, - .llseek = no_llseek, -- .release = seq_release, -+ .release = single_release, - }; - - #ifdef CONFIG_RCU_BOOST -@@ -208,7 +208,7 @@ static const struct file_operations rcuexp_fops = { - .open = rcuexp_open, - .read = seq_read, - .llseek = no_llseek, -- .release = seq_release, -+ .release = single_release, - }; - - #ifdef CONFIG_RCU_BOOST -@@ -308,7 +308,7 @@ static const struct file_operations rcuhier_fops = { - .open = rcuhier_open, - .read = seq_read, - .llseek = no_llseek, -- .release = seq_release, -+ .release = single_release, - }; - - static void show_one_rcugp(struct seq_file *m, struct rcu_state *rsp) -@@ -350,7 +350,7 @@ static const struct file_operations rcugp_fops = { - .open = rcugp_open, - .read = seq_read, - .llseek = no_llseek, -- .release = seq_release, -+ .release = single_release, - }; - - static void print_one_rcu_pending(struct seq_file *m, struct rcu_data *rdp) -diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c -index a13987a..239a323 100644 ---- a/kernel/time/tick-broadcast.c -+++ b/kernel/time/tick-broadcast.c -@@ -66,6 +66,8 @@ static void tick_broadcast_start_periodic(struct clock_event_device *bc) - */ - int tick_check_broadcast_device(struct clock_event_device *dev) - { -+ struct clock_event_device *cur = tick_broadcast_device.evtdev; -+ - if ((dev->features & CLOCK_EVT_FEAT_DUMMY) || - (tick_broadcast_device.evtdev && - tick_broadcast_device.evtdev->rating >= dev->rating) || -@@ -73,6 +75,8 @@ int tick_check_broadcast_device(struct clock_event_device *dev) - return 0; - - clockevents_exchange_device(tick_broadcast_device.evtdev, dev); -+ if (cur) -+ cur->event_handler = clockevents_handle_noop; - tick_broadcast_device.evtdev = dev; - if (!cpumask_empty(tick_get_broadcast_mask())) - tick_broadcast_start_periodic(dev); -diff --git a/kernel/time/tick-common.c b/kernel/time/tick-common.c -index b1600a6..7076b3f 100644 ---- a/kernel/time/tick-common.c -+++ b/kernel/time/tick-common.c -@@ -323,6 +323,7 @@ static void tick_shutdown(unsigned int *cpup) - */ - dev->mode = CLOCK_EVT_MODE_UNUSED; - clockevents_exchange_device(dev, NULL); -+ dev->event_handler = clockevents_handle_noop; - td->evtdev = NULL; - } - raw_spin_unlock_irqrestore(&tick_device_lock, flags); -diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index 35cc3a8..03dbc77 100644 ---- a/kernel/trace/ftrace.c -+++ b/kernel/trace/ftrace.c -@@ -650,7 +650,7 @@ int ftrace_profile_pages_init(struct ftrace_profile_stat *stat) - - pages = DIV_ROUND_UP(functions, PROFILES_PER_PAGE); - -- for (i = 0; i < pages; i++) { -+ for (i = 1; i < pages; i++) { - pg->next = (void *)get_zeroed_page(GFP_KERNEL); - if (!pg->next) - goto out_free; -@@ -3714,7 +3714,8 @@ out: - if (fail) - return -EINVAL; - -- ftrace_graph_filter_enabled = 1; -+ ftrace_graph_filter_enabled = !!(*idx); -+ - return 0; - } - -diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index fe1d581..1c82852 100644 ---- a/kernel/trace/trace.c -+++ b/kernel/trace/trace.c -@@ -4885,6 +4885,8 @@ static __init int tracer_init_debugfs(void) - trace_access_lock_init(); - - d_tracer = tracing_init_dentry(); -+ if (!d_tracer) -+ return 0; - - trace_create_file("trace_options", 0644, d_tracer, - NULL, &tracing_iter_fops); -diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c -index 83a8b5b..b20428c 100644 ---- a/kernel/trace/trace_stack.c -+++ b/kernel/trace/trace_stack.c -@@ -20,13 +20,24 @@ - - #define STACK_TRACE_ENTRIES 500 - -+#ifdef CC_USING_FENTRY -+# define fentry 1 -+#else -+# define fentry 0 -+#endif -+ - static unsigned long stack_dump_trace[STACK_TRACE_ENTRIES+1] = - { [0 ... (STACK_TRACE_ENTRIES)] = ULONG_MAX }; - static unsigned stack_dump_index[STACK_TRACE_ENTRIES]; - -+/* -+ * Reserve one entry for the passed in ip. This will allow -+ * us to remove most or all of the stack size overhead -+ * added by the stack tracer itself. -+ */ - static struct stack_trace max_stack_trace = { -- .max_entries = STACK_TRACE_ENTRIES, -- .entries = stack_dump_trace, -+ .max_entries = STACK_TRACE_ENTRIES - 1, -+ .entries = &stack_dump_trace[1], - }; - - static unsigned long max_stack_size; -@@ -39,25 +50,34 @@ static DEFINE_MUTEX(stack_sysctl_mutex); - int stack_tracer_enabled; - static int last_stack_tracer_enabled; - --static inline void check_stack(void) -+static inline void -+check_stack(unsigned long ip, unsigned long *stack) - { - unsigned long this_size, flags; - unsigned long *p, *top, *start; -+ static int tracer_frame; -+ int frame_size = ACCESS_ONCE(tracer_frame); - int i; - -- this_size = ((unsigned long)&this_size) & (THREAD_SIZE-1); -+ this_size = ((unsigned long)stack) & (THREAD_SIZE-1); - this_size = THREAD_SIZE - this_size; -+ /* Remove the frame of the tracer */ -+ this_size -= frame_size; - - if (this_size <= max_stack_size) - return; - - /* we do not handle interrupt stacks yet */ -- if (!object_is_on_stack(&this_size)) -+ if (!object_is_on_stack(stack)) - return; - - local_irq_save(flags); - arch_spin_lock(&max_stack_lock); - -+ /* In case another CPU set the tracer_frame on us */ -+ if (unlikely(!frame_size)) -+ this_size -= tracer_frame; -+ - /* a race could have already updated it */ - if (this_size <= max_stack_size) - goto out; -@@ -70,10 +90,18 @@ static inline void check_stack(void) - save_stack_trace(&max_stack_trace); - - /* -+ * Add the passed in ip from the function tracer. -+ * Searching for this on the stack will skip over -+ * most of the overhead from the stack tracer itself. -+ */ -+ stack_dump_trace[0] = ip; -+ max_stack_trace.nr_entries++; -+ -+ /* - * Now find where in the stack these are. - */ - i = 0; -- start = &this_size; -+ start = stack; - top = (unsigned long *) - (((unsigned long)start & ~(THREAD_SIZE-1)) + THREAD_SIZE); - -@@ -97,6 +125,18 @@ static inline void check_stack(void) - found = 1; - /* Start the search from here */ - start = p + 1; -+ /* -+ * We do not want to show the overhead -+ * of the stack tracer stack in the -+ * max stack. If we haven't figured -+ * out what that is, then figure it out -+ * now. -+ */ -+ if (unlikely(!tracer_frame) && i == 1) { -+ tracer_frame = (p - stack) * -+ sizeof(unsigned long); -+ max_stack_size -= tracer_frame; -+ } - } - } - -@@ -113,6 +153,7 @@ static void - stack_trace_call(unsigned long ip, unsigned long parent_ip, - struct ftrace_ops *op, struct pt_regs *pt_regs) - { -+ unsigned long stack; - int cpu; - - preempt_disable_notrace(); -@@ -122,7 +163,26 @@ stack_trace_call(unsigned long ip, unsigned long parent_ip, - if (per_cpu(trace_active, cpu)++ != 0) - goto out; - -- check_stack(); -+ /* -+ * When fentry is used, the traced function does not get -+ * its stack frame set up, and we lose the parent. -+ * The ip is pretty useless because the function tracer -+ * was called before that function set up its stack frame. -+ * In this case, we use the parent ip. -+ * -+ * By adding the return address of either the parent ip -+ * or the current ip we can disregard most of the stack usage -+ * caused by the stack tracer itself. -+ * -+ * The function tracer always reports the address of where the -+ * mcount call was, but the stack will hold the return address. -+ */ -+ if (fentry) -+ ip = parent_ip; -+ else -+ ip += MCOUNT_INSN_SIZE; -+ -+ check_stack(ip, &stack); - - out: - per_cpu(trace_active, cpu)--; -@@ -371,6 +431,8 @@ static __init int stack_trace_init(void) - struct dentry *d_tracer; - - d_tracer = tracing_init_dentry(); -+ if (!d_tracer) -+ return 0; - - trace_create_file("stack_max_size", 0644, d_tracer, - &max_stack_size, &stack_max_size_fops); -diff --git a/kernel/trace/trace_stat.c b/kernel/trace/trace_stat.c -index 96cffb2..847f88a 100644 ---- a/kernel/trace/trace_stat.c -+++ b/kernel/trace/trace_stat.c -@@ -307,6 +307,8 @@ static int tracing_stat_init(void) - struct dentry *d_tracing; - - d_tracing = tracing_init_dentry(); -+ if (!d_tracing) -+ return 0; - - stat_dir = debugfs_create_dir("trace_stat", d_tracing); - if (!stat_dir) -diff --git a/lib/oid_registry.c b/lib/oid_registry.c -index d8de11f..318f382 100644 ---- a/lib/oid_registry.c -+++ b/lib/oid_registry.c -@@ -9,6 +9,7 @@ - * 2 of the Licence, or (at your option) any later version. - */ - -+#include <linux/module.h> - #include <linux/export.h> - #include <linux/oid_registry.h> - #include <linux/kernel.h> -@@ -16,6 +17,10 @@ - #include <linux/bug.h> - #include "oid_registry_data.c" - -+MODULE_DESCRIPTION("OID Registry"); -+MODULE_AUTHOR("Red Hat, Inc."); -+MODULE_LICENSE("GPL"); -+ - /** - * look_up_OID - Find an OID registration for the specified data - * @data: Binary representation of the OID -diff --git a/mm/mmap.c b/mm/mmap.c -index 90db251..32f3372 100644 ---- a/mm/mmap.c -+++ b/mm/mmap.c -@@ -2289,7 +2289,7 @@ static void unmap_region(struct mm_struct *mm, - update_hiwater_rss(mm); - unmap_vmas(&tlb, vma, start, end); - free_pgtables(&tlb, vma, prev ? prev->vm_end : FIRST_USER_ADDRESS, -- next ? next->vm_start : 0); -+ next ? next->vm_start : USER_PGTABLES_CEILING); - tlb_finish_mmu(&tlb, start, end); - } - -@@ -2667,7 +2667,7 @@ void exit_mmap(struct mm_struct *mm) - /* Use -1 here to ensure all VMAs in the mm are unmapped */ - unmap_vmas(&tlb, vma, 0, -1); - -- free_pgtables(&tlb, vma, FIRST_USER_ADDRESS, 0); -+ free_pgtables(&tlb, vma, FIRST_USER_ADDRESS, USER_PGTABLES_CEILING); - tlb_finish_mmu(&tlb, 0, -1); - - /* -diff --git a/mm/page_io.c b/mm/page_io.c -index 78eee32..6182870 100644 ---- a/mm/page_io.c -+++ b/mm/page_io.c -@@ -214,6 +214,7 @@ int swap_writepage(struct page *page, struct writeback_control *wbc) - kiocb.ki_left = PAGE_SIZE; - kiocb.ki_nbytes = PAGE_SIZE; - -+ set_page_writeback(page); - unlock_page(page); - ret = mapping->a_ops->direct_IO(KERNEL_WRITE, - &kiocb, &iov, -@@ -222,7 +223,23 @@ int swap_writepage(struct page *page, struct writeback_control *wbc) - if (ret == PAGE_SIZE) { - count_vm_event(PSWPOUT); - ret = 0; -+ } else { -+ /* -+ * In the case of swap-over-nfs, this can be a -+ * temporary failure if the system has limited -+ * memory for allocating transmit buffers. -+ * Mark the page dirty and avoid -+ * rotate_reclaimable_page but rate-limit the -+ * messages but do not flag PageError like -+ * the normal direct-to-bio case as it could -+ * be temporary. -+ */ -+ set_page_dirty(page); -+ ClearPageReclaim(page); -+ pr_err_ratelimited("Write error on dio swapfile (%Lu)\n", -+ page_file_offset(page)); - } -+ end_page_writeback(page); - return ret; - } - -diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c -index 79a48f3..64619f4 100644 ---- a/net/mac80211/pm.c -+++ b/net/mac80211/pm.c -@@ -52,8 +52,8 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) - ieee80211_stop_queues_by_reason(hw, - IEEE80211_QUEUE_STOP_REASON_SUSPEND); - -- /* flush out all packets */ -- synchronize_net(); -+ /* flush out all packets and station cleanup call_rcu()s */ -+ rcu_barrier(); - - drv_flush(local, false); - -diff --git a/net/wireless/reg.c b/net/wireless/reg.c -index 82c4fc7..91ef82b 100644 ---- a/net/wireless/reg.c -+++ b/net/wireless/reg.c -@@ -883,7 +883,7 @@ static void handle_channel(struct wiphy *wiphy, - return; - - REG_DBG_PRINT("Disabling freq %d MHz\n", chan->center_freq); -- chan->flags = IEEE80211_CHAN_DISABLED; -+ chan->flags |= IEEE80211_CHAN_DISABLED; - return; - } - -diff --git a/scripts/kconfig/streamline_config.pl b/scripts/kconfig/streamline_config.pl -index 3368939..68b85e1 100644 ---- a/scripts/kconfig/streamline_config.pl -+++ b/scripts/kconfig/streamline_config.pl -@@ -156,7 +156,6 @@ sub read_kconfig { - - my $state = "NONE"; - my $config; -- my @kconfigs; - - my $cont = 0; - my $line; -@@ -190,7 +189,13 @@ sub read_kconfig { - - # collect any Kconfig sources - if (/^source\s*"(.*)"/) { -- $kconfigs[$#kconfigs+1] = $1; -+ my $kconfig = $1; -+ # prevent reading twice. -+ if (!defined($read_kconfigs{$kconfig})) { -+ $read_kconfigs{$kconfig} = 1; -+ read_kconfig($kconfig); -+ } -+ next; - } - - # configs found -@@ -250,14 +255,6 @@ sub read_kconfig { - } - } - close($kinfile); -- -- # read in any configs that were found. -- foreach my $kconfig (@kconfigs) { -- if (!defined($read_kconfigs{$kconfig})) { -- $read_kconfigs{$kconfig} = 1; -- read_kconfig($kconfig); -- } -- } - } - - if ($kconfig) { -diff --git a/sound/pci/emu10k1/emu10k1_main.c b/sound/pci/emu10k1/emu10k1_main.c -index e6b0166..bdd888e 100644 ---- a/sound/pci/emu10k1/emu10k1_main.c -+++ b/sound/pci/emu10k1/emu10k1_main.c -@@ -657,14 +657,14 @@ static int snd_emu10k1_cardbus_init(struct snd_emu10k1 *emu) - return 0; - } - --static int snd_emu1010_load_firmware(struct snd_emu10k1 *emu) -+static int snd_emu1010_load_firmware(struct snd_emu10k1 *emu, -+ const struct firmware *fw_entry) - { - int n, i; - int reg; - int value; - unsigned int write_post; - unsigned long flags; -- const struct firmware *fw_entry = emu->firmware; - - if (!fw_entry) - return -EIO; -@@ -725,9 +725,34 @@ static int emu1010_firmware_thread(void *data) - /* Return to Audio Dock programming mode */ - snd_printk(KERN_INFO "emu1010: Loading Audio Dock Firmware\n"); - snd_emu1010_fpga_write(emu, EMU_HANA_FPGA_CONFIG, EMU_HANA_FPGA_CONFIG_AUDIODOCK); -- err = snd_emu1010_load_firmware(emu); -- if (err != 0) -- continue; -+ -+ if (!emu->dock_fw) { -+ const char *filename = NULL; -+ switch (emu->card_capabilities->emu_model) { -+ case EMU_MODEL_EMU1010: -+ filename = DOCK_FILENAME; -+ break; -+ case EMU_MODEL_EMU1010B: -+ filename = MICRO_DOCK_FILENAME; -+ break; -+ case EMU_MODEL_EMU1616: -+ filename = MICRO_DOCK_FILENAME; -+ break; -+ } -+ if (filename) { -+ err = request_firmware(&emu->dock_fw, -+ filename, -+ &emu->pci->dev); -+ if (err) -+ continue; -+ } -+ } -+ -+ if (emu->dock_fw) { -+ err = snd_emu1010_load_firmware(emu, emu->dock_fw); -+ if (err) -+ continue; -+ } - - snd_emu1010_fpga_write(emu, EMU_HANA_FPGA_CONFIG, 0); - snd_emu1010_fpga_read(emu, EMU_HANA_IRQ_STATUS, ®); -@@ -862,7 +887,7 @@ static int snd_emu10k1_emu1010_init(struct snd_emu10k1 *emu) - filename, emu->firmware->size); - } - -- err = snd_emu1010_load_firmware(emu); -+ err = snd_emu1010_load_firmware(emu, emu->firmware); - if (err != 0) { - snd_printk(KERN_INFO "emu1010: Loading Firmware failed\n"); - return err; -@@ -1253,6 +1278,8 @@ static int snd_emu10k1_free(struct snd_emu10k1 *emu) - kthread_stop(emu->emu1010.firmware_thread); - if (emu->firmware) - release_firmware(emu->firmware); -+ if (emu->dock_fw) -+ release_firmware(emu->dock_fw); - if (emu->irq >= 0) - free_irq(emu->irq, emu); - /* remove reserved page */ -diff --git a/sound/pci/hda/patch_realtek.c b/sound/pci/hda/patch_realtek.c -index ee975a2..7f45d48 100644 ---- a/sound/pci/hda/patch_realtek.c -+++ b/sound/pci/hda/patch_realtek.c -@@ -5823,6 +5823,7 @@ enum { - ALC269_TYPE_ALC280, - ALC269_TYPE_ALC282, - ALC269_TYPE_ALC284, -+ ALC269_TYPE_ALC286, - }; - - /* -@@ -5846,6 +5847,7 @@ static int alc269_parse_auto_config(struct hda_codec *codec) - case ALC269_TYPE_ALC269VB: - case ALC269_TYPE_ALC269VD: - case ALC269_TYPE_ALC282: -+ case ALC269_TYPE_ALC286: - ssids = alc269_ssids; - break; - default: -@@ -6451,6 +6453,9 @@ static int patch_alc269(struct hda_codec *codec) - case 0x10ec0292: - spec->codec_variant = ALC269_TYPE_ALC284; - break; -+ case 0x10ec0286: -+ spec->codec_variant = ALC269_TYPE_ALC286; -+ break; - } - - /* automatic parse from the BIOS config */ -@@ -7157,6 +7162,7 @@ static const struct hda_codec_preset snd_hda_preset_realtek[] = { - { .id = 0x10ec0282, .name = "ALC282", .patch = patch_alc269 }, - { .id = 0x10ec0283, .name = "ALC283", .patch = patch_alc269 }, - { .id = 0x10ec0284, .name = "ALC284", .patch = patch_alc269 }, -+ { .id = 0x10ec0286, .name = "ALC286", .patch = patch_alc269 }, - { .id = 0x10ec0290, .name = "ALC290", .patch = patch_alc269 }, - { .id = 0x10ec0292, .name = "ALC292", .patch = patch_alc269 }, - { .id = 0x10ec0861, .rev = 0x100340, .name = "ALC660", -diff --git a/sound/soc/codecs/max98088.c b/sound/soc/codecs/max98088.c -index a4c16fd..5d36319 100644 ---- a/sound/soc/codecs/max98088.c -+++ b/sound/soc/codecs/max98088.c -@@ -2006,7 +2006,7 @@ static int max98088_probe(struct snd_soc_codec *codec) - ret); - goto err_access; - } -- dev_info(codec->dev, "revision %c\n", ret + 'A'); -+ dev_info(codec->dev, "revision %c\n", ret - 0x40 + 'A'); - - snd_soc_write(codec, M98088_REG_51_PWR_SYS, M98088_PWRSV); - -diff --git a/sound/usb/6fire/pcm.c b/sound/usb/6fire/pcm.c -index e2ca12f..40dd50a 100644 ---- a/sound/usb/6fire/pcm.c -+++ b/sound/usb/6fire/pcm.c -@@ -575,7 +575,6 @@ static void usb6fire_pcm_init_urb(struct pcm_urb *urb, - urb->instance.pipe = in ? usb_rcvisocpipe(chip->dev, ep) - : usb_sndisocpipe(chip->dev, ep); - urb->instance.interval = 1; -- urb->instance.transfer_flags = URB_ISO_ASAP; - urb->instance.complete = handler; - urb->instance.context = urb; - urb->instance.number_of_packets = PCM_N_PACKETS_PER_URB; -diff --git a/sound/usb/caiaq/audio.c b/sound/usb/caiaq/audio.c -index fde9a7a..b45e29b 100644 ---- a/sound/usb/caiaq/audio.c -+++ b/sound/usb/caiaq/audio.c -@@ -670,7 +670,6 @@ static void read_completed(struct urb *urb) - - if (send_it) { - out->number_of_packets = outframe; -- out->transfer_flags = URB_ISO_ASAP; - usb_submit_urb(out, GFP_ATOMIC); - } else { - struct snd_usb_caiaq_cb_info *oinfo = out->context; -@@ -686,7 +685,6 @@ requeue: - } - - urb->number_of_packets = FRAMES_PER_URB; -- urb->transfer_flags = URB_ISO_ASAP; - usb_submit_urb(urb, GFP_ATOMIC); - } - -@@ -751,7 +749,6 @@ static struct urb **alloc_urbs(struct snd_usb_caiaqdev *dev, int dir, int *ret) - * BYTES_PER_FRAME; - urbs[i]->context = &dev->data_cb_info[i]; - urbs[i]->interval = 1; -- urbs[i]->transfer_flags = URB_ISO_ASAP; - urbs[i]->number_of_packets = FRAMES_PER_URB; - urbs[i]->complete = (dir == SNDRV_PCM_STREAM_CAPTURE) ? - read_completed : write_completed; -diff --git a/sound/usb/card.c b/sound/usb/card.c -index ccf95cf..a9d5779 100644 ---- a/sound/usb/card.c -+++ b/sound/usb/card.c -@@ -612,7 +612,9 @@ int snd_usb_autoresume(struct snd_usb_audio *chip) - int err = -ENODEV; - - down_read(&chip->shutdown_rwsem); -- if (!chip->shutdown && !chip->probing) -+ if (chip->probing) -+ err = 0; -+ else if (!chip->shutdown) - err = usb_autopm_get_interface(chip->pm_intf); - up_read(&chip->shutdown_rwsem); - -diff --git a/sound/usb/card.h b/sound/usb/card.h -index 8a751b4..d32ea41 100644 ---- a/sound/usb/card.h -+++ b/sound/usb/card.h -@@ -116,6 +116,7 @@ struct snd_usb_substream { - unsigned int altset_idx; /* USB data format: index of alternate setting */ - unsigned int txfr_quirk:1; /* allow sub-frame alignment */ - unsigned int fmt_type; /* USB audio format type (1-3) */ -+ unsigned int pkt_offset_adj; /* Bytes to drop from beginning of packets (for non-compliant devices) */ - - unsigned int running: 1; /* running status */ - -diff --git a/sound/usb/endpoint.c b/sound/usb/endpoint.c -index 21049b8..63cca3a 100644 ---- a/sound/usb/endpoint.c -+++ b/sound/usb/endpoint.c -@@ -677,7 +677,7 @@ static int data_ep_set_params(struct snd_usb_endpoint *ep, - if (!u->urb->transfer_buffer) - goto out_of_memory; - u->urb->pipe = ep->pipe; -- u->urb->transfer_flags = URB_ISO_ASAP | URB_NO_TRANSFER_DMA_MAP; -+ u->urb->transfer_flags = URB_NO_TRANSFER_DMA_MAP; - u->urb->interval = 1 << ep->datainterval; - u->urb->context = u; - u->urb->complete = snd_complete_urb; -@@ -716,8 +716,7 @@ static int sync_ep_set_params(struct snd_usb_endpoint *ep, - u->urb->transfer_dma = ep->sync_dma + i * 4; - u->urb->transfer_buffer_length = 4; - u->urb->pipe = ep->pipe; -- u->urb->transfer_flags = URB_ISO_ASAP | -- URB_NO_TRANSFER_DMA_MAP; -+ u->urb->transfer_flags = URB_NO_TRANSFER_DMA_MAP; - u->urb->number_of_packets = 1; - u->urb->interval = 1 << ep->syncinterval; - u->urb->context = u; -diff --git a/sound/usb/midi.c b/sound/usb/midi.c -index 34b9bb7..e5fee18 100644 ---- a/sound/usb/midi.c -+++ b/sound/usb/midi.c -@@ -126,7 +126,6 @@ struct snd_usb_midi { - struct snd_usb_midi_in_endpoint *in; - } endpoints[MIDI_MAX_ENDPOINTS]; - unsigned long input_triggered; -- bool autopm_reference; - unsigned int opened[2]; - unsigned char disconnected; - unsigned char input_running; -@@ -1040,7 +1039,6 @@ static int substream_open(struct snd_rawmidi_substream *substream, int dir, - { - struct snd_usb_midi* umidi = substream->rmidi->private_data; - struct snd_kcontrol *ctl; -- int err; - - down_read(&umidi->disc_rwsem); - if (umidi->disconnected) { -@@ -1051,13 +1049,6 @@ static int substream_open(struct snd_rawmidi_substream *substream, int dir, - mutex_lock(&umidi->mutex); - if (open) { - if (!umidi->opened[0] && !umidi->opened[1]) { -- err = usb_autopm_get_interface(umidi->iface); -- umidi->autopm_reference = err >= 0; -- if (err < 0 && err != -EACCES) { -- mutex_unlock(&umidi->mutex); -- up_read(&umidi->disc_rwsem); -- return -EIO; -- } - if (umidi->roland_load_ctl) { - ctl = umidi->roland_load_ctl; - ctl->vd[0].access |= SNDRV_CTL_ELEM_ACCESS_INACTIVE; -@@ -1080,8 +1071,6 @@ static int substream_open(struct snd_rawmidi_substream *substream, int dir, - snd_ctl_notify(umidi->card, - SNDRV_CTL_EVENT_MASK_INFO, &ctl->id); - } -- if (umidi->autopm_reference) -- usb_autopm_put_interface(umidi->iface); - } - } - mutex_unlock(&umidi->mutex); -@@ -2256,6 +2245,8 @@ int snd_usbmidi_create(struct snd_card *card, - return err; - } - -+ usb_autopm_get_interface_no_resume(umidi->iface); -+ - list_add_tail(&umidi->list, midi_list); - return 0; - } -diff --git a/sound/usb/misc/ua101.c b/sound/usb/misc/ua101.c -index 8b81cb5..6ad617b 100644 ---- a/sound/usb/misc/ua101.c -+++ b/sound/usb/misc/ua101.c -@@ -1120,8 +1120,7 @@ static int alloc_stream_urbs(struct ua101 *ua, struct ua101_stream *stream, - usb_init_urb(&urb->urb); - urb->urb.dev = ua->dev; - urb->urb.pipe = stream->usb_pipe; -- urb->urb.transfer_flags = URB_ISO_ASAP | -- URB_NO_TRANSFER_DMA_MAP; -+ urb->urb.transfer_flags = URB_NO_TRANSFER_DMA_MAP; - urb->urb.transfer_buffer = addr; - urb->urb.transfer_dma = dma; - urb->urb.transfer_buffer_length = max_packet_size; -diff --git a/sound/usb/pcm.c b/sound/usb/pcm.c -index d82e378..bcc50ed 100644 ---- a/sound/usb/pcm.c -+++ b/sound/usb/pcm.c -@@ -1161,7 +1161,7 @@ static void retire_capture_urb(struct snd_usb_substream *subs, - stride = runtime->frame_bits >> 3; - - for (i = 0; i < urb->number_of_packets; i++) { -- cp = (unsigned char *)urb->transfer_buffer + urb->iso_frame_desc[i].offset; -+ cp = (unsigned char *)urb->transfer_buffer + urb->iso_frame_desc[i].offset + subs->pkt_offset_adj; - if (urb->iso_frame_desc[i].status && printk_ratelimit()) { - snd_printdd(KERN_ERR "frame %d active: %d\n", i, urb->iso_frame_desc[i].status); - // continue; -diff --git a/sound/usb/quirks.c b/sound/usb/quirks.c -index b9ca776..f581c3e 100644 ---- a/sound/usb/quirks.c -+++ b/sound/usb/quirks.c -@@ -837,6 +837,7 @@ static void set_format_emu_quirk(struct snd_usb_substream *subs, - break; - } - snd_emuusb_set_samplerate(subs->stream->chip, emu_samplerate_id); -+ subs->pkt_offset_adj = (emu_samplerate_id >= EMU_QUIRK_SR_176400HZ) ? 4 : 0; - } - - void snd_usb_set_format_quirk(struct snd_usb_substream *subs, -diff --git a/sound/usb/stream.c b/sound/usb/stream.c -index ad181d5..cfc4d4e 100644 ---- a/sound/usb/stream.c -+++ b/sound/usb/stream.c -@@ -94,6 +94,7 @@ static void snd_usb_init_substream(struct snd_usb_stream *as, - subs->dev = as->chip->dev; - subs->txfr_quirk = as->chip->txfr_quirk; - subs->speed = snd_usb_get_speed(subs->dev); -+ subs->pkt_offset_adj = 0; - - snd_usb_set_pcm_ops(as->pcm, stream); - -@@ -396,6 +397,14 @@ static int parse_uac_endpoint_attributes(struct snd_usb_audio *chip, - if (!csep && altsd->bNumEndpoints >= 2) - csep = snd_usb_find_desc(alts->endpoint[1].extra, alts->endpoint[1].extralen, NULL, USB_DT_CS_ENDPOINT); - -+ /* -+ * If we can't locate the USB_DT_CS_ENDPOINT descriptor in the extra -+ * bytes after the first endpoint, go search the entire interface. -+ * Some devices have it directly *before* the standard endpoint. -+ */ -+ if (!csep) -+ csep = snd_usb_find_desc(alts->extra, alts->extralen, NULL, USB_DT_CS_ENDPOINT); -+ - if (!csep || csep->bLength < 7 || - csep->bDescriptorSubtype != UAC_EP_GENERAL) { - snd_printk(KERN_WARNING "%d:%u:%d : no or invalid" -diff --git a/sound/usb/usx2y/usb_stream.c b/sound/usb/usx2y/usb_stream.c -index 1e7a47a..bf618e1 100644 ---- a/sound/usb/usx2y/usb_stream.c -+++ b/sound/usb/usx2y/usb_stream.c -@@ -69,7 +69,6 @@ static void init_pipe_urbs(struct usb_stream_kernel *sk, unsigned use_packsize, - ++u, transfer += transfer_length) { - struct urb *urb = urbs[u]; - struct usb_iso_packet_descriptor *desc; -- urb->transfer_flags = URB_ISO_ASAP; - urb->transfer_buffer = transfer; - urb->dev = dev; - urb->pipe = pipe; -diff --git a/sound/usb/usx2y/usbusx2yaudio.c b/sound/usb/usx2y/usbusx2yaudio.c -index 520ef96..b376532 100644 ---- a/sound/usb/usx2y/usbusx2yaudio.c -+++ b/sound/usb/usx2y/usbusx2yaudio.c -@@ -503,7 +503,6 @@ static int usX2Y_urbs_start(struct snd_usX2Y_substream *subs) - if (0 == i) - atomic_set(&subs->state, state_STARTING3); - urb->dev = usX2Y->dev; -- urb->transfer_flags = URB_ISO_ASAP; - for (pack = 0; pack < nr_of_packs(); pack++) { - urb->iso_frame_desc[pack].offset = subs->maxpacksize * pack; - urb->iso_frame_desc[pack].length = subs->maxpacksize; -diff --git a/sound/usb/usx2y/usx2yhwdeppcm.c b/sound/usb/usx2y/usx2yhwdeppcm.c -index cc56007..f2a1acd 100644 ---- a/sound/usb/usx2y/usx2yhwdeppcm.c -+++ b/sound/usb/usx2y/usx2yhwdeppcm.c -@@ -443,7 +443,6 @@ static int usX2Y_usbpcm_urbs_start(struct snd_usX2Y_substream *subs) - if (0 == u) - atomic_set(&subs->state, state_STARTING3); - urb->dev = usX2Y->dev; -- urb->transfer_flags = URB_ISO_ASAP; - for (pack = 0; pack < nr_of_packs(); pack++) { - urb->iso_frame_desc[pack].offset = subs->maxpacksize * (pack + u * nr_of_packs()); - urb->iso_frame_desc[pack].length = subs->maxpacksize; diff --git a/3.8.12/0000_README b/3.9.2/0000_README index 00ed718..8bbbbef 100644 --- a/3.8.12/0000_README +++ b/3.9.2/0000_README @@ -2,15 +2,7 @@ README ----------------------------------------------------------------------------- Individual Patch Descriptions: ----------------------------------------------------------------------------- -Patch: 1010_linux-3.8.11.patch -From: http://www.kernel.org -Desc: Linux 3.8.11 - -Patch: 1011_linux-3.8.12.patch -From: http://www.kernel.org -Desc: Linux 3.8.12 - -Patch: 4420_grsecurity-2.9.1-3.8.12-201305082215.patch +Patch: 4420_grsecurity-2.9.1-3.9.2-201305142035.patch From: http://www.grsecurity.net Desc: hardened-sources base patch from upstream grsecurity diff --git a/3.8.12/4420_grsecurity-2.9.1-3.8.12-201305082215.patch b/3.9.2/4420_grsecurity-2.9.1-3.9.2-201305142035.patch index 7f22cfc..7808b27 100644 --- a/3.8.12/4420_grsecurity-2.9.1-3.8.12-201305082215.patch +++ b/3.9.2/4420_grsecurity-2.9.1-3.9.2-201305142035.patch @@ -225,10 +225,10 @@ index b89a739..b47493f 100644 +zconf.lex.c zoffset.h diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt -index 986614d..e8bfedc 100644 +index 8ccbf27..afffeb4 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -922,6 +922,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -948,6 +948,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. Format: <unsigned int> such that (rxsize & ~0x1fffc0) == 0. Default: 1024 @@ -239,7 +239,7 @@ index 986614d..e8bfedc 100644 hashdist= [KNL,NUMA] Large hashes allocated during boot are distributed across NUMA nodes. Defaults on for 64-bit NUMA, off otherwise. -@@ -2121,6 +2125,18 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -2147,6 +2151,18 @@ bytes respectively. Such letter suffixes can also be entirely omitted. the specified number of seconds. This is to be used if your oopses keep scrolling off the screen. @@ -259,7 +259,7 @@ index 986614d..e8bfedc 100644 pcd. [PARIDE] diff --git a/Makefile b/Makefile -index 902974f..3a7c75c 100644 +index 3e71511..8ff502e 100644 --- a/Makefile +++ b/Makefile @@ -241,8 +241,9 @@ CONFIG_SHELL := $(shell if [ -x "$$BASH" ]; then echo $$BASH; \ @@ -285,7 +285,7 @@ index 902974f..3a7c75c 100644 $(Q)$(MAKE) $(build)=scripts/basic $(Q)rm -f .tmp_quiet_recordmcount -@@ -575,6 +576,65 @@ else +@@ -576,6 +577,65 @@ else KBUILD_CFLAGS += -O2 endif @@ -351,7 +351,7 @@ index 902974f..3a7c75c 100644 include $(srctree)/arch/$(SRCARCH)/Makefile ifdef CONFIG_READABLE_ASM -@@ -731,7 +791,7 @@ export mod_sign_cmd +@@ -733,7 +793,7 @@ export mod_sign_cmd ifeq ($(KBUILD_EXTMOD),) @@ -360,7 +360,7 @@ index 902974f..3a7c75c 100644 vmlinux-dirs := $(patsubst %/,%,$(filter %/, $(init-y) $(init-m) \ $(core-y) $(core-m) $(drivers-y) $(drivers-m) \ -@@ -778,6 +838,8 @@ endif +@@ -780,6 +840,8 @@ endif # The actual objects are generated when descending, # make sure no implicit rule kicks in @@ -369,7 +369,7 @@ index 902974f..3a7c75c 100644 $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Handle descending into subdirectories listed in $(vmlinux-dirs) -@@ -787,7 +849,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; +@@ -789,7 +851,7 @@ $(sort $(vmlinux-deps)): $(vmlinux-dirs) ; # Error messages still appears in the original language PHONY += $(vmlinux-dirs) @@ -378,7 +378,7 @@ index 902974f..3a7c75c 100644 $(Q)$(MAKE) $(build)=$@ # Store (new) KERNELRELASE string in include/config/kernel.release -@@ -831,6 +893,7 @@ prepare0: archprepare FORCE +@@ -833,6 +895,7 @@ prepare0: archprepare FORCE $(Q)$(MAKE) $(build)=. # All the preparing.. @@ -386,7 +386,7 @@ index 902974f..3a7c75c 100644 prepare: prepare0 # Generate some files -@@ -938,6 +1001,8 @@ all: modules +@@ -940,6 +1003,8 @@ all: modules # using awk while concatenating to the final file. PHONY += modules @@ -395,7 +395,7 @@ index 902974f..3a7c75c 100644 modules: $(vmlinux-dirs) $(if $(KBUILD_BUILTIN),vmlinux) modules.builtin $(Q)$(AWK) '!x[$$0]++' $(vmlinux-dirs:%=$(objtree)/%/modules.order) > $(objtree)/modules.order @$(kecho) ' Building modules, stage 2.'; -@@ -953,7 +1018,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) +@@ -955,7 +1020,7 @@ modules.builtin: $(vmlinux-dirs:%=%/modules.builtin) # Target to prepare building external modules PHONY += modules_prepare @@ -404,7 +404,7 @@ index 902974f..3a7c75c 100644 # Target to install modules PHONY += modules_install -@@ -1019,7 +1084,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ +@@ -1021,7 +1086,7 @@ MRPROPER_FILES += .config .config.old .version .old_version $(version_h) \ Module.symvers tags TAGS cscope* GPATH GTAGS GRTAGS GSYMS \ signing_key.priv signing_key.x509 x509.genkey \ extra_certificates signing_key.x509.keyid \ @@ -413,7 +413,7 @@ index 902974f..3a7c75c 100644 # clean - Delete most, but leave enough to build external modules # -@@ -1059,6 +1124,7 @@ distclean: mrproper +@@ -1061,6 +1126,7 @@ distclean: mrproper \( -name '*.orig' -o -name '*.rej' -o -name '*~' \ -o -name '*.bak' -o -name '#*#' -o -name '.*.orig' \ -o -name '.*.rej' \ @@ -421,7 +421,7 @@ index 902974f..3a7c75c 100644 -o -name '*%' -o -name '.*.cmd' -o -name 'core' \) \ -type f -print | xargs rm -f -@@ -1219,6 +1285,8 @@ PHONY += $(module-dirs) modules +@@ -1221,6 +1287,8 @@ PHONY += $(module-dirs) modules $(module-dirs): crmodverdir $(objtree)/Module.symvers $(Q)$(MAKE) $(build)=$(patsubst _module_%,%,$@) @@ -430,7 +430,7 @@ index 902974f..3a7c75c 100644 modules: $(module-dirs) @$(kecho) ' Building modules, stage 2.'; $(Q)$(MAKE) -f $(srctree)/scripts/Makefile.modpost -@@ -1355,17 +1423,21 @@ else +@@ -1357,17 +1425,21 @@ else target-dir = $(if $(KBUILD_EXTMOD),$(dir $<),$(dir $@)) endif @@ -456,7 +456,7 @@ index 902974f..3a7c75c 100644 $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) %.symtypes: %.c prepare scripts FORCE $(Q)$(MAKE) $(build)=$(build-dir) $(target-dir)$(notdir $@) -@@ -1375,11 +1447,15 @@ endif +@@ -1377,11 +1449,15 @@ endif $(cmd_crmodverdir) $(Q)$(MAKE) KBUILD_MODULES=$(if $(CONFIG_MODULES),1) \ $(build)=$(build-dir) @@ -592,10 +592,10 @@ index 2fd00b7..cfd5069 100644 for (i = 0; i < n; i++) { diff --git a/arch/alpha/kernel/osf_sys.c b/arch/alpha/kernel/osf_sys.c -index 14db93e..47bed62 100644 +index b9e37ad..44c24e7 100644 --- a/arch/alpha/kernel/osf_sys.c +++ b/arch/alpha/kernel/osf_sys.c -@@ -1295,16 +1295,16 @@ SYSCALL_DEFINE1(old_adjtimex, struct timex32 __user *, txc_p) +@@ -1297,10 +1297,11 @@ SYSCALL_DEFINE1(old_adjtimex, struct timex32 __user *, txc_p) generic version except that we know how to honor ADDR_LIMIT_32BIT. */ static unsigned long @@ -604,19 +604,20 @@ index 14db93e..47bed62 100644 +arch_get_unmapped_area_1(struct file *filp, unsigned long addr, unsigned long len, + unsigned long limit, unsigned long flags) { - struct vm_area_struct *vma = find_vma(current->mm, addr); -- + struct vm_unmapped_area_info info; + unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags); - while (1) { - /* At this point: (!vma || addr < vma->vm_end). */ - if (limit - len < addr) - return -ENOMEM; -- if (!vma || addr + len <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr, len, offset)) - return addr; - addr = vma->vm_end; - vma = vma->vm_next; -@@ -1340,20 +1340,24 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, + + info.flags = 0; + info.length = len; +@@ -1308,6 +1309,7 @@ arch_get_unmapped_area_1(unsigned long addr, unsigned long len, + info.high_limit = limit; + info.align_mask = 0; + info.align_offset = 0; ++ info.threadstack_offset = offset; + return vm_unmapped_area(&info); + } + +@@ -1340,20 +1342,24 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, merely specific addresses, but regions of memory -- perhaps this feature should be incorporated into all ports? */ @@ -806,27 +807,10 @@ index 0c4132d..88f0d53 100644 /* Allow reads even for write-only mappings */ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig -index 67874b8..9aa2d62 100644 +index 1cacda4..2cef624 100644 --- a/arch/arm/Kconfig +++ b/arch/arm/Kconfig -@@ -1427,6 +1427,16 @@ config ARM_ERRATA_775420 - to deadlock. This workaround puts DSB before executing ISB if - an abort may occur on cache maintenance. - -+config ARM_ERRATA_798181 -+ bool "ARM errata: TLBI/DSB failure on Cortex-A15" -+ depends on CPU_V7 && SMP -+ help -+ On Cortex-A15 (r0p0..r3p2) the TLBI*IS/DSB operations are not -+ adequately shooting down all use of the old entries. This -+ option enables the Linux kernel workaround for this erratum -+ which sends an IPI to the CPUs that are running the same ASID -+ as the one being invalidated. -+ - endmenu - - source "arch/arm/common/Kconfig" -@@ -1813,7 +1823,7 @@ config ALIGNMENT_TRAP +@@ -1850,7 +1850,7 @@ config ALIGNMENT_TRAP config UACCESS_WITH_MEMCPY bool "Use kernel mem{cpy,set}() for {copy_to,clear}_user()" @@ -835,28 +819,6 @@ index 67874b8..9aa2d62 100644 default y if CPU_FEROCEON help Implement faster copy_to_user and clear_user methods for CPU -diff --git a/arch/arm/common/gic.c b/arch/arm/common/gic.c -index 87dfa902..3a523fc 100644 ---- a/arch/arm/common/gic.c -+++ b/arch/arm/common/gic.c -@@ -81,7 +81,7 @@ static u8 gic_cpu_map[NR_GIC_CPU_IF] __read_mostly; - * Supported arch specific GIC irq extension. - * Default make them NULL. - */ --struct irq_chip gic_arch_extn = { -+irq_chip_no_const gic_arch_extn __read_only = { - .irq_eoi = NULL, - .irq_mask = NULL, - .irq_unmask = NULL, -@@ -329,7 +329,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc) - chained_irq_exit(chip, desc); - } - --static struct irq_chip gic_chip = { -+static irq_chip_no_const gic_chip __read_only = { - .name = "GIC", - .irq_mask = gic_mask_irq, - .irq_unmask = gic_unmask_irq, diff --git a/arch/arm/include/asm/atomic.h b/arch/arm/include/asm/atomic.h index c79f61f..9ac0642 100644 --- a/arch/arm/include/asm/atomic.h @@ -1719,40 +1681,6 @@ index e42cf59..7b94b8f 100644 pagefault_enable(); /* subsumes preempt_enable() */ if (!ret) { -diff --git a/arch/arm/include/asm/hardware/gic.h b/arch/arm/include/asm/hardware/gic.h -index 4b1ce6c..bea3f73 100644 ---- a/arch/arm/include/asm/hardware/gic.h -+++ b/arch/arm/include/asm/hardware/gic.h -@@ -34,9 +34,10 @@ - - #ifndef __ASSEMBLY__ - #include <linux/irqdomain.h> -+#include <linux/irq.h> - struct device_node; - --extern struct irq_chip gic_arch_extn; -+extern irq_chip_no_const gic_arch_extn; - - void gic_init_bases(unsigned int, int, void __iomem *, void __iomem *, - u32 offset, struct device_node *); -diff --git a/arch/arm/include/asm/highmem.h b/arch/arm/include/asm/highmem.h -index 8c5e828..91b99ab 100644 ---- a/arch/arm/include/asm/highmem.h -+++ b/arch/arm/include/asm/highmem.h -@@ -41,6 +41,13 @@ extern void kunmap_high(struct page *page); - #endif - #endif - -+/* -+ * Needed to be able to broadcast the TLB invalidation for kmap. -+ */ -+#ifdef CONFIG_ARM_ERRATA_798181 -+#undef ARCH_NEEDS_KMAP_HIGH_GET -+#endif -+ - #ifdef ARCH_NEEDS_KMAP_HIGH_GET - extern void *kmap_high_get(struct page *page); - #else diff --git a/arch/arm/include/asm/kmap_types.h b/arch/arm/include/asm/kmap_types.h index 83eb2f7..ed77159 100644 --- a/arch/arm/include/asm/kmap_types.h @@ -1801,21 +1729,8 @@ index 2fe141f..192dc01 100644 #ifdef CONFIG_MMU extern void iotable_init(struct map_desc *, int); -diff --git a/arch/arm/include/asm/mmu_context.h b/arch/arm/include/asm/mmu_context.h -index 863a661..a7b85e0 100644 ---- a/arch/arm/include/asm/mmu_context.h -+++ b/arch/arm/include/asm/mmu_context.h -@@ -27,6 +27,8 @@ void __check_vmalloc_seq(struct mm_struct *mm); - void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk); - #define init_new_context(tsk,mm) ({ atomic64_set(&mm->context.id, 0); 0; }) - -+DECLARE_PER_CPU(atomic64_t, active_asids); -+ - #else /* !CONFIG_CPU_HAS_ASID */ - - #ifdef CONFIG_MMU diff --git a/arch/arm/include/asm/outercache.h b/arch/arm/include/asm/outercache.h -index 53426c6..c7baff3 100644 +index 12f71a1..04e063c 100644 --- a/arch/arm/include/asm/outercache.h +++ b/arch/arm/include/asm/outercache.h @@ -35,7 +35,7 @@ struct outer_cache_fns { @@ -1950,17 +1865,10 @@ index f97ee02..07f1be5 100644 /* * These are the memory types, defined to be compatible with diff --git a/arch/arm/include/asm/pgtable-3level-hwdef.h b/arch/arm/include/asm/pgtable-3level-hwdef.h -index d795282..a43ea90 100644 +index 18f5cef..25b8f43 100644 --- a/arch/arm/include/asm/pgtable-3level-hwdef.h +++ b/arch/arm/include/asm/pgtable-3level-hwdef.h -@@ -32,15 +32,18 @@ - #define PMD_TYPE_SECT (_AT(pmdval_t, 1) << 0) - #define PMD_BIT4 (_AT(pmdval_t, 0)) - #define PMD_DOMAIN(x) (_AT(pmdval_t, 0)) -+#define PMD_PXNTABLE (_AT(pmdval_t, 1) << 59) /* PXNTable */ - - /* - * - section +@@ -41,6 +41,7 @@ */ #define PMD_SECT_BUFFERABLE (_AT(pmdval_t, 1) << 2) #define PMD_SECT_CACHEABLE (_AT(pmdval_t, 1) << 3) @@ -1968,11 +1876,7 @@ index d795282..a43ea90 100644 #define PMD_SECT_S (_AT(pmdval_t, 3) << 8) #define PMD_SECT_AF (_AT(pmdval_t, 1) << 10) #define PMD_SECT_nG (_AT(pmdval_t, 1) << 11) -+#define PMD_SECT_PXN (_AT(pmdval_t, 1) << 53) - #define PMD_SECT_XN (_AT(pmdval_t, 1) << 54) - #define PMD_SECT_AP_WRITE (_AT(pmdval_t, 0)) - #define PMD_SECT_AP_READ (_AT(pmdval_t, 0)) -@@ -66,6 +69,7 @@ +@@ -71,6 +72,7 @@ #define PTE_EXT_SHARED (_AT(pteval_t, 3) << 8) /* SH[1:0], inner shareable */ #define PTE_EXT_AF (_AT(pteval_t, 1) << 10) /* Access Flag */ #define PTE_EXT_NG (_AT(pteval_t, 1) << 11) /* nG */ @@ -1981,7 +1885,7 @@ index d795282..a43ea90 100644 /* diff --git a/arch/arm/include/asm/pgtable-3level.h b/arch/arm/include/asm/pgtable-3level.h -index a3f3792..7b932a6 100644 +index 86b8fe3..e25f975 100644 --- a/arch/arm/include/asm/pgtable-3level.h +++ b/arch/arm/include/asm/pgtable-3level.h @@ -74,6 +74,7 @@ @@ -2001,7 +1905,7 @@ index a3f3792..7b932a6 100644 #define L_PTE_DIRTY_HIGH (1 << (55 - 32)) diff --git a/arch/arm/include/asm/pgtable.h b/arch/arm/include/asm/pgtable.h -index 26e9ce4..461ed7f 100644 +index 9bcd262..fba731c 100644 --- a/arch/arm/include/asm/pgtable.h +++ b/arch/arm/include/asm/pgtable.h @@ -30,6 +30,9 @@ @@ -2086,7 +1990,7 @@ index 26e9ce4..461ed7f 100644 */ #define _L_PTE_DEFAULT L_PTE_PRESENT | L_PTE_YOUNG -@@ -250,7 +300,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; } +@@ -257,7 +307,7 @@ static inline pte_t pte_mkspecial(pte_t pte) { return pte; } static inline pte_t pte_modify(pte_t pte, pgprot_t newprot) { const pteval_t mask = L_PTE_XN | L_PTE_RDONLY | L_PTE_USER | @@ -2180,32 +2084,6 @@ index cddda1f..ff357f7 100644 /* * Change these and you break ASM code in entry-common.S -diff --git a/arch/arm/include/asm/tlbflush.h b/arch/arm/include/asm/tlbflush.h -index 6e924d3..a9f3ddf 100644 ---- a/arch/arm/include/asm/tlbflush.h -+++ b/arch/arm/include/asm/tlbflush.h -@@ -430,6 +430,21 @@ static inline void local_flush_tlb_kernel_page(unsigned long kaddr) - } - } - -+#ifdef CONFIG_ARM_ERRATA_798181 -+static inline void dummy_flush_tlb_a15_erratum(void) -+{ -+ /* -+ * Dummy TLBIMVAIS. Using the unmapped address 0 and ASID 0. -+ */ -+ asm("mcr p15, 0, %0, c8, c3, 1" : : "r" (0)); -+ dsb(); -+} -+#else -+static inline void dummy_flush_tlb_a15_erratum(void) -+{ -+} -+#endif -+ - /* - * flush_pmd_entry - * diff --git a/arch/arm/include/asm/uaccess.h b/arch/arm/include/asm/uaccess.h index 7e1f760..752fcb7 100644 --- a/arch/arm/include/asm/uaccess.h @@ -2603,7 +2481,7 @@ index 0f82098..3dbd3ee 100644 #endif mov r5, r0 diff --git a/arch/arm/kernel/entry-common.S b/arch/arm/kernel/entry-common.S -index a6c301e..908821b 100644 +index fefd7f9..e6f250e 100644 --- a/arch/arm/kernel/entry-common.S +++ b/arch/arm/kernel/entry-common.S @@ -10,18 +10,46 @@ @@ -2656,7 +2534,7 @@ index a6c301e..908821b 100644 .align 5 /* * This is the fast syscall return path. We do as little as -@@ -339,6 +367,7 @@ ENDPROC(ftrace_stub) +@@ -351,6 +379,7 @@ ENDPROC(ftrace_stub) .align 5 ENTRY(vector_swi) @@ -2664,7 +2542,7 @@ index a6c301e..908821b 100644 sub sp, sp, #S_FRAME_SIZE stmia sp, {r0 - r12} @ Calling r0 - r12 ARM( add r8, sp, #S_PC ) -@@ -388,6 +417,12 @@ ENTRY(vector_swi) +@@ -400,6 +429,12 @@ ENTRY(vector_swi) ldr scno, [lr, #-4] @ get SWI instruction #endif @@ -2773,7 +2651,7 @@ index 2adda11..7fbe958 100644 flush_icache_range(0xffff001c, 0xffff001c + length); if (!vectors_high()) diff --git a/arch/arm/kernel/head.S b/arch/arm/kernel/head.S -index e0eb9a1..caee108 100644 +index 8bac553..caee108 100644 --- a/arch/arm/kernel/head.S +++ b/arch/arm/kernel/head.S @@ -52,7 +52,9 @@ @@ -2787,15 +2665,6 @@ index e0eb9a1..caee108 100644 .endm /* -@@ -267,7 +269,7 @@ __create_page_tables: - addne r6, r6, #1 << SECTION_SHIFT - strne r6, [r3] - --#if defined(CONFIG_LPAE) && defined(CONFIG_CPU_ENDIAN_BE8) -+#if defined(CONFIG_ARM_LPAE) && defined(CONFIG_CPU_ENDIAN_BE8) - sub r4, r4, #4 @ Fixup page table pointer - @ for 64-bit descriptors - #endif @@ -434,7 +436,7 @@ __enable_mmu: mov r5, #(domain_val(DOMAIN_USER, DOMAIN_MANAGER) | \ domain_val(DOMAIN_KERNEL, DOMAIN_MANAGER) | \ @@ -2806,10 +2675,10 @@ index e0eb9a1..caee108 100644 mcr p15, 0, r4, c2, c0, 0 @ load page table pointer #endif diff --git a/arch/arm/kernel/hw_breakpoint.c b/arch/arm/kernel/hw_breakpoint.c -index 5ff2e77..556d030 100644 +index 1fd749e..47adb08 100644 --- a/arch/arm/kernel/hw_breakpoint.c +++ b/arch/arm/kernel/hw_breakpoint.c -@@ -1011,7 +1011,7 @@ static int __cpuinit dbg_reset_notify(struct notifier_block *self, +@@ -1029,7 +1029,7 @@ static int __cpuinit dbg_reset_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -2883,7 +2752,7 @@ index 07314af..c46655c 100644 flush_icache_range((uintptr_t)(addr), (uintptr_t)(addr) + size); diff --git a/arch/arm/kernel/perf_event_cpu.c b/arch/arm/kernel/perf_event_cpu.c -index 5f66206..dce492f 100644 +index 1f2740e..b36e225 100644 --- a/arch/arm/kernel/perf_event_cpu.c +++ b/arch/arm/kernel/perf_event_cpu.c @@ -171,7 +171,7 @@ static int __cpuinit cpu_pmu_notify(struct notifier_block *b, @@ -2896,7 +2765,7 @@ index 5f66206..dce492f 100644 }; diff --git a/arch/arm/kernel/process.c b/arch/arm/kernel/process.c -index c6dec5f..e0fddd1 100644 +index 047d3e4..7e96107 100644 --- a/arch/arm/kernel/process.c +++ b/arch/arm/kernel/process.c @@ -28,7 +28,6 @@ @@ -2907,7 +2776,7 @@ index c6dec5f..e0fddd1 100644 #include <linux/hw_breakpoint.h> #include <linux/cpuidle.h> #include <linux/leds.h> -@@ -256,9 +255,10 @@ void machine_power_off(void) +@@ -251,9 +250,10 @@ void machine_power_off(void) machine_shutdown(); if (pm_power_off) pm_power_off(); @@ -2919,7 +2788,7 @@ index c6dec5f..e0fddd1 100644 { machine_shutdown(); -@@ -283,8 +283,8 @@ void __show_regs(struct pt_regs *regs) +@@ -278,8 +278,8 @@ void __show_regs(struct pt_regs *regs) init_utsname()->release, (int)strcspn(init_utsname()->version, " "), init_utsname()->version); @@ -2930,7 +2799,7 @@ index c6dec5f..e0fddd1 100644 printk("pc : [<%08lx>] lr : [<%08lx>] psr: %08lx\n" "sp : %08lx ip : %08lx fp : %08lx\n", regs->ARM_pc, regs->ARM_lr, regs->ARM_cpsr, -@@ -452,12 +452,6 @@ unsigned long get_wchan(struct task_struct *p) +@@ -447,12 +447,6 @@ unsigned long get_wchan(struct task_struct *p) return 0; } @@ -2943,7 +2812,7 @@ index c6dec5f..e0fddd1 100644 #ifdef CONFIG_MMU /* * The vectors page is always readable from user space for the -@@ -470,9 +464,8 @@ static int __init gate_vma_init(void) +@@ -465,9 +459,8 @@ static int __init gate_vma_init(void) { gate_vma.vm_start = 0xffff0000; gate_vma.vm_end = 0xffff0000 + PAGE_SIZE; @@ -2980,10 +2849,10 @@ index 03deeff..741ce88 100644 if (secure_computing(scno) == -1) return -1; diff --git a/arch/arm/kernel/setup.c b/arch/arm/kernel/setup.c -index 3f6cbb2..39305c7 100644 +index 234e339..81264a1 100644 --- a/arch/arm/kernel/setup.c +++ b/arch/arm/kernel/setup.c -@@ -97,21 +97,23 @@ EXPORT_SYMBOL(system_serial_high); +@@ -96,21 +96,23 @@ EXPORT_SYMBOL(system_serial_high); unsigned int elf_hwcap __read_mostly; EXPORT_SYMBOL(elf_hwcap); @@ -3012,7 +2881,7 @@ index 3f6cbb2..39305c7 100644 EXPORT_SYMBOL(outer_cache); #endif -@@ -236,9 +238,13 @@ static int __get_cpu_architecture(void) +@@ -235,9 +237,13 @@ static int __get_cpu_architecture(void) asm("mrc p15, 0, %0, c0, c1, 4" : "=r" (mmfr0)); if ((mmfr0 & 0x0000000f) >= 0x00000003 || @@ -3028,7 +2897,7 @@ index 3f6cbb2..39305c7 100644 (mmfr0 & 0x000000f0) == 0x00000020) cpu_arch = CPU_ARCH_ARMv6; else -@@ -462,7 +468,7 @@ static void __init setup_processor(void) +@@ -478,7 +484,7 @@ static void __init setup_processor(void) __cpu_architecture = __get_cpu_architecture(); #ifdef MULTI_CPU @@ -3037,20 +2906,11 @@ index 3f6cbb2..39305c7 100644 #endif #ifdef MULTI_TLB cpu_tlb = *list->tlb; -@@ -524,7 +530,7 @@ int __init arm_add_memory(phys_addr_t start, phys_addr_t size) - size -= start & ~PAGE_MASK; - bank->start = PAGE_ALIGN(start); - --#ifndef CONFIG_LPAE -+#ifndef CONFIG_ARM_LPAE - if (bank->start + size < bank->start) { - printk(KERN_CRIT "Truncating memory at 0x%08llx to fit in " - "32-bit physical address space\n", (long long)start); diff --git a/arch/arm/kernel/signal.c b/arch/arm/kernel/signal.c -index 56f72d2..6924200 100644 +index 296786b..a8d4dd5 100644 --- a/arch/arm/kernel/signal.c +++ b/arch/arm/kernel/signal.c -@@ -433,22 +433,14 @@ setup_return(struct pt_regs *regs, struct k_sigaction *ka, +@@ -396,22 +396,14 @@ setup_return(struct pt_regs *regs, struct ksignal *ksig, __put_user(sigreturn_codes[idx+1], rc+1)) return 1; @@ -3079,9 +2939,9 @@ index 56f72d2..6924200 100644 + retcode = ((unsigned long)rc) + thumb; } - regs->ARM_r0 = usig; + regs->ARM_r0 = map_sig(ksig->sig); diff --git a/arch/arm/kernel/smp.c b/arch/arm/kernel/smp.c -index 58af91c..343ce99 100644 +index 1f2cccc..f40c02e 100644 --- a/arch/arm/kernel/smp.c +++ b/arch/arm/kernel/smp.c @@ -70,7 +70,7 @@ enum ipi_msg_type { @@ -3093,132 +2953,8 @@ index 58af91c..343ce99 100644 void __init smp_set_ops(struct smp_operations *ops) { -diff --git a/arch/arm/kernel/smp_tlb.c b/arch/arm/kernel/smp_tlb.c -index 02c5d2c..e5695ad 100644 ---- a/arch/arm/kernel/smp_tlb.c -+++ b/arch/arm/kernel/smp_tlb.c -@@ -12,6 +12,7 @@ - - #include <asm/smp_plat.h> - #include <asm/tlbflush.h> -+#include <asm/mmu_context.h> - - /**********************************************************************/ - -@@ -64,12 +65,72 @@ static inline void ipi_flush_tlb_kernel_range(void *arg) - local_flush_tlb_kernel_range(ta->ta_start, ta->ta_end); - } - -+#ifdef CONFIG_ARM_ERRATA_798181 -+static int erratum_a15_798181(void) -+{ -+ unsigned int midr = read_cpuid_id(); -+ -+ /* Cortex-A15 r0p0..r3p2 affected */ -+ if ((midr & 0xff0ffff0) != 0x410fc0f0 || midr > 0x413fc0f2) -+ return 0; -+ return 1; -+} -+#else -+static int erratum_a15_798181(void) -+{ -+ return 0; -+} -+#endif -+ -+static void ipi_flush_tlb_a15_erratum(void *arg) -+{ -+ dmb(); -+} -+ -+static void broadcast_tlb_a15_erratum(void) -+{ -+ if (!erratum_a15_798181()) -+ return; -+ -+ dummy_flush_tlb_a15_erratum(); -+ smp_call_function_many(cpu_online_mask, ipi_flush_tlb_a15_erratum, -+ NULL, 1); -+} -+ -+static void broadcast_tlb_mm_a15_erratum(struct mm_struct *mm) -+{ -+ int cpu; -+ cpumask_t mask = { CPU_BITS_NONE }; -+ -+ if (!erratum_a15_798181()) -+ return; -+ -+ dummy_flush_tlb_a15_erratum(); -+ for_each_online_cpu(cpu) { -+ if (cpu == smp_processor_id()) -+ continue; -+ /* -+ * We only need to send an IPI if the other CPUs are running -+ * the same ASID as the one being invalidated. There is no -+ * need for locking around the active_asids check since the -+ * switch_mm() function has at least one dmb() (as required by -+ * this workaround) in case a context switch happens on -+ * another CPU after the condition below. -+ */ -+ if (atomic64_read(&mm->context.id) == -+ atomic64_read(&per_cpu(active_asids, cpu))) -+ cpumask_set_cpu(cpu, &mask); -+ } -+ smp_call_function_many(&mask, ipi_flush_tlb_a15_erratum, NULL, 1); -+} -+ - void flush_tlb_all(void) - { - if (tlb_ops_need_broadcast()) - on_each_cpu(ipi_flush_tlb_all, NULL, 1); - else - local_flush_tlb_all(); -+ broadcast_tlb_a15_erratum(); - } - - void flush_tlb_mm(struct mm_struct *mm) -@@ -78,6 +139,7 @@ void flush_tlb_mm(struct mm_struct *mm) - on_each_cpu_mask(mm_cpumask(mm), ipi_flush_tlb_mm, mm, 1); - else - local_flush_tlb_mm(mm); -+ broadcast_tlb_mm_a15_erratum(mm); - } - - void flush_tlb_page(struct vm_area_struct *vma, unsigned long uaddr) -@@ -90,6 +152,7 @@ void flush_tlb_page(struct vm_area_struct *vma, unsigned long uaddr) - &ta, 1); - } else - local_flush_tlb_page(vma, uaddr); -+ broadcast_tlb_mm_a15_erratum(vma->vm_mm); - } - - void flush_tlb_kernel_page(unsigned long kaddr) -@@ -100,6 +163,7 @@ void flush_tlb_kernel_page(unsigned long kaddr) - on_each_cpu(ipi_flush_tlb_kernel_page, &ta, 1); - } else - local_flush_tlb_kernel_page(kaddr); -+ broadcast_tlb_a15_erratum(); - } - - void flush_tlb_range(struct vm_area_struct *vma, -@@ -114,6 +178,7 @@ void flush_tlb_range(struct vm_area_struct *vma, - &ta, 1); - } else - local_flush_tlb_range(vma, start, end); -+ broadcast_tlb_mm_a15_erratum(vma->vm_mm); - } - - void flush_tlb_kernel_range(unsigned long start, unsigned long end) -@@ -125,5 +190,6 @@ void flush_tlb_kernel_range(unsigned long start, unsigned long end) - on_each_cpu(ipi_flush_tlb_kernel_range, &ta, 1); - } else - local_flush_tlb_kernel_range(start, end); -+ broadcast_tlb_a15_erratum(); - } - diff --git a/arch/arm/kernel/traps.c b/arch/arm/kernel/traps.c -index b0179b8..829510e 100644 +index 1c08911..264f009 100644 --- a/arch/arm/kernel/traps.c +++ b/arch/arm/kernel/traps.c @@ -57,7 +57,7 @@ static void dump_mem(const char *, const char *, unsigned long, unsigned long); @@ -3279,7 +3015,7 @@ index b0179b8..829510e 100644 + } diff --git a/arch/arm/kernel/vmlinux.lds.S b/arch/arm/kernel/vmlinux.lds.S -index 11c1785..1b209f4 100644 +index b571484..4b2fc9b 100644 --- a/arch/arm/kernel/vmlinux.lds.S +++ b/arch/arm/kernel/vmlinux.lds.S @@ -8,7 +8,11 @@ @@ -3295,7 +3031,7 @@ index 11c1785..1b209f4 100644 #define PROC_INFO \ . = ALIGN(4); \ VMLINUX_SYMBOL(__proc_info_begin) = .; \ -@@ -90,6 +94,11 @@ SECTIONS +@@ -94,6 +98,11 @@ SECTIONS _text = .; HEAD_TEXT } @@ -3307,7 +3043,7 @@ index 11c1785..1b209f4 100644 .text : { /* Real text segment */ _stext = .; /* Text and read-only data */ __exception_text_start = .; -@@ -112,6 +121,8 @@ SECTIONS +@@ -116,6 +125,8 @@ SECTIONS ARM_CPU_KEEP(PROC_INFO) } @@ -3316,7 +3052,7 @@ index 11c1785..1b209f4 100644 RO_DATA(PAGE_SIZE) . = ALIGN(4); -@@ -142,7 +153,9 @@ SECTIONS +@@ -146,7 +157,9 @@ SECTIONS NOTES @@ -3327,7 +3063,7 @@ index 11c1785..1b209f4 100644 #ifndef CONFIG_XIP_KERNEL . = ALIGN(PAGE_SIZE); -@@ -203,6 +216,11 @@ SECTIONS +@@ -207,6 +220,11 @@ SECTIONS . = PAGE_OFFSET + TEXT_OFFSET; #else __init_end = .; @@ -3451,7 +3187,7 @@ index 7d08b43..f7ca7ea 100644 #include "csumpartialcopygeneric.S" diff --git a/arch/arm/lib/delay.c b/arch/arm/lib/delay.c -index 6b93f6a..4aa5e85 100644 +index 64dbfa5..84a3fd9 100644 --- a/arch/arm/lib/delay.c +++ b/arch/arm/lib/delay.c @@ -28,7 +28,7 @@ @@ -3477,7 +3213,7 @@ index 025f742..8432b08 100644 /* * This test is stubbed out of the main function above to keep diff --git a/arch/arm/mach-kirkwood/common.c b/arch/arm/mach-kirkwood/common.c -index bac21a5..b67ef8e 100644 +index 49792a0..f192052 100644 --- a/arch/arm/mach-kirkwood/common.c +++ b/arch/arm/mach-kirkwood/common.c @@ -150,7 +150,16 @@ static void clk_gate_fn_disable(struct clk_hw *hw) @@ -3514,7 +3250,7 @@ index bac21a5..b67ef8e 100644 if (IS_ERR(clk)) diff --git a/arch/arm/mach-omap2/board-n8x0.c b/arch/arm/mach-omap2/board-n8x0.c -index 0abb30f..54064da 100644 +index f6eeb87..cc90868 100644 --- a/arch/arm/mach-omap2/board-n8x0.c +++ b/arch/arm/mach-omap2/board-n8x0.c @@ -631,7 +631,7 @@ static int n8x0_menelaus_late_init(struct device *dev) @@ -3527,10 +3263,10 @@ index 0abb30f..54064da 100644 }; diff --git a/arch/arm/mach-omap2/gpmc.c b/arch/arm/mach-omap2/gpmc.c -index 8033cb7..2f7cb62 100644 +index 410e1ba..1d2dd59 100644 --- a/arch/arm/mach-omap2/gpmc.c +++ b/arch/arm/mach-omap2/gpmc.c -@@ -139,7 +139,6 @@ struct omap3_gpmc_regs { +@@ -145,7 +145,6 @@ struct omap3_gpmc_regs { }; static struct gpmc_client_irq gpmc_client_irq[GPMC_NR_IRQ]; @@ -3538,7 +3274,7 @@ index 8033cb7..2f7cb62 100644 static unsigned gpmc_irq_start; static struct resource gpmc_mem_root; -@@ -700,6 +699,18 @@ static void gpmc_irq_noop(struct irq_data *data) { } +@@ -707,6 +706,18 @@ static void gpmc_irq_noop(struct irq_data *data) { } static unsigned int gpmc_irq_noop_ret(struct irq_data *data) { return 0; } @@ -3557,7 +3293,7 @@ index 8033cb7..2f7cb62 100644 static int gpmc_setup_irq(void) { int i; -@@ -714,15 +725,6 @@ static int gpmc_setup_irq(void) +@@ -721,15 +732,6 @@ static int gpmc_setup_irq(void) return gpmc_irq_start; } @@ -3574,10 +3310,10 @@ index 8033cb7..2f7cb62 100644 gpmc_client_irq[1].bitmask = GPMC_IRQ_COUNT_EVENT; diff --git a/arch/arm/mach-omap2/omap-wakeupgen.c b/arch/arm/mach-omap2/omap-wakeupgen.c -index 5d3b4f4..ddba3c0 100644 +index f8bb3b9..831e7b8 100644 --- a/arch/arm/mach-omap2/omap-wakeupgen.c +++ b/arch/arm/mach-omap2/omap-wakeupgen.c -@@ -340,7 +340,7 @@ static int __cpuinit irq_cpu_hotplug_notify(struct notifier_block *self, +@@ -339,7 +339,7 @@ static int __cpuinit irq_cpu_hotplug_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -3587,53 +3323,51 @@ index 5d3b4f4..ddba3c0 100644 }; diff --git a/arch/arm/mach-omap2/omap_device.c b/arch/arm/mach-omap2/omap_device.c -index e065daa..7b1ad9b 100644 +index 381be7a..89b9c7e 100644 --- a/arch/arm/mach-omap2/omap_device.c +++ b/arch/arm/mach-omap2/omap_device.c -@@ -686,7 +686,7 @@ void omap_device_delete(struct omap_device *od) - * passes along the return value of omap_device_build_ss(). - */ - struct platform_device __init *omap_device_build(const char *pdev_name, int pdev_id, -- struct omap_hwmod *oh, void *pdata, -+ struct omap_hwmod *oh, const void *pdata, - int pdata_len, - struct omap_device_pm_latency *pm_lats, - int pm_lats_cnt, int is_early_device) -@@ -720,7 +720,7 @@ struct platform_device __init *omap_device_build(const char *pdev_name, int pdev - */ - struct platform_device __init *omap_device_build_ss(const char *pdev_name, int pdev_id, - struct omap_hwmod **ohs, int oh_cnt, -- void *pdata, int pdata_len, -+ const void *pdata, int pdata_len, - struct omap_device_pm_latency *pm_lats, - int pm_lats_cnt, int is_early_device) - { +@@ -499,7 +499,7 @@ void omap_device_delete(struct omap_device *od) + struct platform_device __init *omap_device_build(const char *pdev_name, + int pdev_id, + struct omap_hwmod *oh, +- void *pdata, int pdata_len) ++ const void *pdata, int pdata_len) + { + struct omap_hwmod *ohs[] = { oh }; + +@@ -527,7 +527,7 @@ struct platform_device __init *omap_device_build(const char *pdev_name, + struct platform_device __init *omap_device_build_ss(const char *pdev_name, + int pdev_id, + struct omap_hwmod **ohs, +- int oh_cnt, void *pdata, ++ int oh_cnt, const void *pdata, + int pdata_len) + { + int ret = -ENOMEM; diff --git a/arch/arm/mach-omap2/omap_device.h b/arch/arm/mach-omap2/omap_device.h -index 0933c59..42b8e2d 100644 +index 044c31d..2ee0861 100644 --- a/arch/arm/mach-omap2/omap_device.h +++ b/arch/arm/mach-omap2/omap_device.h -@@ -91,14 +91,14 @@ int omap_device_shutdown(struct platform_device *pdev); +@@ -72,12 +72,12 @@ int omap_device_idle(struct platform_device *pdev); /* Core code interface */ struct platform_device *omap_device_build(const char *pdev_name, int pdev_id, -- struct omap_hwmod *oh, void *pdata, -+ struct omap_hwmod *oh, const void *pdata, - int pdata_len, - struct omap_device_pm_latency *pm_lats, - int pm_lats_cnt, int is_early_device); +- struct omap_hwmod *oh, void *pdata, ++ struct omap_hwmod *oh, const void *pdata, + int pdata_len); struct platform_device *omap_device_build_ss(const char *pdev_name, int pdev_id, struct omap_hwmod **oh, int oh_cnt, -- void *pdata, int pdata_len, -+ const void *pdata, int pdata_len, - struct omap_device_pm_latency *pm_lats, - int pm_lats_cnt, int is_early_device); +- void *pdata, int pdata_len); ++ const void *pdata, int pdata_len); + struct omap_device *omap_device_alloc(struct platform_device *pdev, + struct omap_hwmod **ohs, int oh_cnt); diff --git a/arch/arm/mach-omap2/omap_hwmod.c b/arch/arm/mach-omap2/omap_hwmod.c -index 4653efb..8c60bf7 100644 +index a202a47..c430564 100644 --- a/arch/arm/mach-omap2/omap_hwmod.c +++ b/arch/arm/mach-omap2/omap_hwmod.c -@@ -189,10 +189,10 @@ struct omap_hwmod_soc_ops { +@@ -191,10 +191,10 @@ struct omap_hwmod_soc_ops { int (*init_clkdm)(struct omap_hwmod *oh); void (*update_context_lost)(struct omap_hwmod *oh); int (*get_context_lost)(struct omap_hwmod *oh); @@ -3647,7 +3381,7 @@ index 4653efb..8c60bf7 100644 /* omap_hwmod_list contains all registered struct omap_hwmods */ static LIST_HEAD(omap_hwmod_list); diff --git a/arch/arm/mach-omap2/wd_timer.c b/arch/arm/mach-omap2/wd_timer.c -index 7c2b4ed..b2ea51f 100644 +index d15c7bb..b2d1f0c 100644 --- a/arch/arm/mach-omap2/wd_timer.c +++ b/arch/arm/mach-omap2/wd_timer.c @@ -110,7 +110,9 @@ static int __init omap_init_wdt(void) @@ -3668,13 +3402,13 @@ index 7c2b4ed..b2ea51f 100644 - pdata.read_reset_sources = prm_read_reset_sources; - pdev = omap_device_build(dev_name, id, oh, &pdata, - sizeof(struct omap_wd_timer_platform_data), - NULL, 0, 0); + sizeof(struct omap_wd_timer_platform_data)); + WARN(IS_ERR(pdev), "Can't build omap_device for %s:%s.\n", diff --git a/arch/arm/mach-ux500/include/mach/setup.h b/arch/arm/mach-ux500/include/mach/setup.h -index 6be4c4d..32ac32a 100644 +index bddce2b..3eb04e2 100644 --- a/arch/arm/mach-ux500/include/mach/setup.h +++ b/arch/arm/mach-ux500/include/mach/setup.h -@@ -38,13 +38,6 @@ extern struct sys_timer ux500_timer; +@@ -37,13 +37,6 @@ extern void ux500_timer_init(void); .type = MT_DEVICE, \ } @@ -3689,7 +3423,7 @@ index 6be4c4d..32ac32a 100644 extern void ux500_cpu_die(unsigned int cpu); diff --git a/arch/arm/mm/Kconfig b/arch/arm/mm/Kconfig -index 3fd629d..8b1aca9 100644 +index 4045c49..4e26c79 100644 --- a/arch/arm/mm/Kconfig +++ b/arch/arm/mm/Kconfig @@ -425,7 +425,7 @@ config CPU_32v5 @@ -3701,7 +3435,7 @@ index 3fd629d..8b1aca9 100644 select TLS_REG_EMUL if !CPU_32v6K && !MMU config CPU_32v6K -@@ -577,6 +577,7 @@ config CPU_CP15_MPU +@@ -574,6 +574,7 @@ config CPU_CP15_MPU config CPU_USE_DOMAINS bool @@ -3774,31 +3508,6 @@ index db26e2e..ee44569 100644 if (err) \ goto fault; \ } while (0) -diff --git a/arch/arm/mm/context.c b/arch/arm/mm/context.c -index d07df17..59d5493 100644 ---- a/arch/arm/mm/context.c -+++ b/arch/arm/mm/context.c -@@ -45,7 +45,7 @@ static DEFINE_RAW_SPINLOCK(cpu_asid_lock); - static atomic64_t asid_generation = ATOMIC64_INIT(ASID_FIRST_VERSION); - static DECLARE_BITMAP(asid_map, NUM_USER_ASIDS); - --static DEFINE_PER_CPU(atomic64_t, active_asids); -+DEFINE_PER_CPU(atomic64_t, active_asids); - static DEFINE_PER_CPU(u64, reserved_asids); - static cpumask_t tlb_flush_pending; - -@@ -209,8 +209,10 @@ void check_and_switch_context(struct mm_struct *mm, struct task_struct *tsk) - atomic64_set(&mm->context.id, asid); - } - -- if (cpumask_test_and_clear_cpu(cpu, &tlb_flush_pending)) -+ if (cpumask_test_and_clear_cpu(cpu, &tlb_flush_pending)) { - local_flush_tlb_all(); -+ dummy_flush_tlb_a15_erratum(); -+ } - - atomic64_set(&per_cpu(active_asids, cpu), asid); - cpumask_set_cpu(cpu, mm_cpumask(mm)); diff --git a/arch/arm/mm/fault.c b/arch/arm/mm/fault.c index 5dbf13f..1a60561 100644 --- a/arch/arm/mm/fault.c @@ -4044,10 +3753,10 @@ index ad722f1..763fdd3 100644 totalram_pages += free_area(__phys_to_pfn(__pa(&__tcm_start)), __phys_to_pfn(__pa(&__tcm_end)), diff --git a/arch/arm/mm/ioremap.c b/arch/arm/mm/ioremap.c -index 88fd86c..7a224ce 100644 +index 04d9006..c547d85 100644 --- a/arch/arm/mm/ioremap.c +++ b/arch/arm/mm/ioremap.c -@@ -335,9 +335,9 @@ __arm_ioremap_exec(unsigned long phys_addr, size_t size, bool cached) +@@ -392,9 +392,9 @@ __arm_ioremap_exec(unsigned long phys_addr, size_t size, bool cached) unsigned int mtype; if (cached) @@ -4060,7 +3769,7 @@ index 88fd86c..7a224ce 100644 return __arm_ioremap_caller(phys_addr, size, mtype, __builtin_return_address(0)); diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c -index 10062ce..aa96dd7 100644 +index 10062ce..cd34fb9 100644 --- a/arch/arm/mm/mmap.c +++ b/arch/arm/mm/mmap.c @@ -59,6 +59,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, @@ -4092,7 +3801,15 @@ index 10062ce..aa96dd7 100644 return addr; } -@@ -112,6 +116,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -99,6 +103,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, + info.high_limit = TASK_SIZE; + info.align_mask = do_align ? (PAGE_MASK & (SHMLBA - 1)) : 0; + info.align_offset = pgoff << PAGE_SHIFT; ++ info.threadstack_offset = offset; + return vm_unmapped_area(&info); + } + +@@ -112,6 +117,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, unsigned long addr = addr0; int do_align = 0; int aliasing = cache_is_vipt_aliasing(); @@ -4100,7 +3817,7 @@ index 10062ce..aa96dd7 100644 struct vm_unmapped_area_info info; /* -@@ -132,6 +137,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -132,6 +138,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, return addr; } @@ -4111,7 +3828,7 @@ index 10062ce..aa96dd7 100644 /* requesting a specific address */ if (addr) { if (do_align) -@@ -139,8 +148,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -139,8 +149,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, else addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -4121,7 +3838,15 @@ index 10062ce..aa96dd7 100644 return addr; } -@@ -162,6 +170,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -150,6 +159,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + info.high_limit = mm->mmap_base; + info.align_mask = do_align ? (PAGE_MASK & (SHMLBA - 1)) : 0; + info.align_offset = pgoff << PAGE_SHIFT; ++ info.threadstack_offset = offset; + addr = vm_unmapped_area(&info); + + /* +@@ -162,6 +172,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, VM_BUG_ON(addr != -ENOMEM); info.flags = 0; info.low_limit = mm->mmap_base; @@ -4134,7 +3859,7 @@ index 10062ce..aa96dd7 100644 info.high_limit = TASK_SIZE; addr = vm_unmapped_area(&info); } -@@ -173,6 +187,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -173,6 +189,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) { unsigned long random_factor = 0UL; @@ -4145,7 +3870,7 @@ index 10062ce..aa96dd7 100644 /* 8 bits of randomness in 20 address space bits */ if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) -@@ -180,10 +198,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -180,10 +200,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; @@ -4169,14 +3894,13 @@ index 10062ce..aa96dd7 100644 mm->unmap_area = arch_unmap_area_topdown; } diff --git a/arch/arm/mm/mmu.c b/arch/arm/mm/mmu.c -index ce328c7..35b88dc 100644 +index a84ff76..f221c1d 100644 --- a/arch/arm/mm/mmu.c +++ b/arch/arm/mm/mmu.c -@@ -35,6 +35,23 @@ - +@@ -36,6 +36,22 @@ #include "mm.h" + #include "tcm.h" -+ +#if defined(CONFIG_CPU_USE_DOMAINS) || defined(CONFIG_PAX_KERNEXEC) || defined(CONFIG_PAX_MEMORY_UDEREF) +void modify_domain(unsigned int dom, unsigned int type) +{ @@ -4196,7 +3920,7 @@ index ce328c7..35b88dc 100644 /* * empty_zero_page is a special page that is used for * zero-initialized data and COW. -@@ -195,10 +212,18 @@ void adjust_cr(unsigned long mask, unsigned long set) +@@ -211,10 +227,18 @@ void adjust_cr(unsigned long mask, unsigned long set) } #endif @@ -4217,7 +3941,7 @@ index ce328c7..35b88dc 100644 [MT_DEVICE] = { /* Strongly ordered / ARMv6 shared device */ .prot_pte = PROT_PTE_DEVICE | L_PTE_MT_DEV_SHARED | L_PTE_SHARED, -@@ -227,16 +252,16 @@ static struct mem_type mem_types[] = { +@@ -243,16 +267,16 @@ static struct mem_type mem_types[] = { [MT_UNCACHED] = { .prot_pte = PROT_PTE_DEVICE, .prot_l1 = PMD_TYPE_TABLE, @@ -4237,7 +3961,7 @@ index ce328c7..35b88dc 100644 .domain = DOMAIN_KERNEL, }, #endif -@@ -244,36 +269,54 @@ static struct mem_type mem_types[] = { +@@ -260,36 +284,54 @@ static struct mem_type mem_types[] = { .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | L_PTE_RDONLY, .prot_l1 = PMD_TYPE_TABLE, @@ -4301,7 +4025,7 @@ index ce328c7..35b88dc 100644 .domain = DOMAIN_KERNEL, }, [MT_MEMORY_ITCM] = { -@@ -283,10 +326,10 @@ static struct mem_type mem_types[] = { +@@ -299,10 +341,10 @@ static struct mem_type mem_types[] = { }, [MT_MEMORY_SO] = { .prot_pte = L_PTE_PRESENT | L_PTE_YOUNG | L_PTE_DIRTY | @@ -4314,7 +4038,7 @@ index ce328c7..35b88dc 100644 .domain = DOMAIN_KERNEL, }, [MT_MEMORY_DMA_READY] = { -@@ -371,9 +414,35 @@ static void __init build_mem_type_table(void) +@@ -388,9 +430,35 @@ static void __init build_mem_type_table(void) * to prevent speculative instruction fetches. */ mem_types[MT_DEVICE].prot_sect |= PMD_SECT_XN; @@ -4350,7 +4074,7 @@ index ce328c7..35b88dc 100644 } if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) { /* -@@ -432,6 +501,9 @@ static void __init build_mem_type_table(void) +@@ -451,6 +519,9 @@ static void __init build_mem_type_table(void) * from SVC mode and no access from userspace. */ mem_types[MT_ROM].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; @@ -4360,7 +4084,7 @@ index ce328c7..35b88dc 100644 mem_types[MT_MINICLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; mem_types[MT_CACHECLEAN].prot_sect |= PMD_SECT_APX|PMD_SECT_AP_WRITE; #endif -@@ -448,11 +520,17 @@ static void __init build_mem_type_table(void) +@@ -468,11 +539,17 @@ static void __init build_mem_type_table(void) mem_types[MT_DEVICE_WC].prot_pte |= L_PTE_SHARED; mem_types[MT_DEVICE_CACHED].prot_sect |= PMD_SECT_S; mem_types[MT_DEVICE_CACHED].prot_pte |= L_PTE_SHARED; @@ -4382,7 +4106,7 @@ index ce328c7..35b88dc 100644 } } -@@ -463,15 +541,20 @@ static void __init build_mem_type_table(void) +@@ -483,15 +560,20 @@ static void __init build_mem_type_table(void) if (cpu_arch >= CPU_ARCH_ARMv6) { if (cpu_arch >= CPU_ARCH_ARMv7 && (cr & CR_TRE)) { /* Non-cacheable Normal is XCB = 001 */ @@ -4406,7 +4130,7 @@ index ce328c7..35b88dc 100644 } #ifdef CONFIG_ARM_LPAE -@@ -487,6 +570,8 @@ static void __init build_mem_type_table(void) +@@ -507,6 +589,8 @@ static void __init build_mem_type_table(void) vecs_pgprot |= PTE_EXT_AF; #endif @@ -4415,7 +4139,7 @@ index ce328c7..35b88dc 100644 for (i = 0; i < 16; i++) { pteval_t v = pgprot_val(protection_map[i]); protection_map[i] = __pgprot(v | user_pgprot); -@@ -501,10 +586,15 @@ static void __init build_mem_type_table(void) +@@ -524,10 +608,15 @@ static void __init build_mem_type_table(void) mem_types[MT_LOW_VECTORS].prot_l1 |= ecc_mask; mem_types[MT_HIGH_VECTORS].prot_l1 |= ecc_mask; @@ -4434,7 +4158,7 @@ index ce328c7..35b88dc 100644 mem_types[MT_ROM].prot_sect |= cp->pmd; switch (cp->pmd) { -@@ -1105,18 +1195,15 @@ void __init arm_mm_memblock_reserve(void) +@@ -1147,18 +1236,15 @@ void __init arm_mm_memblock_reserve(void) * called function. This means you can't use any function or debugging * method which may touch any device, otherwise the kernel _will_ crash. */ @@ -4457,7 +4181,7 @@ index ce328c7..35b88dc 100644 for (addr = VMALLOC_START; addr; addr += PMD_SIZE) pmd_clear(pmd_off_k(addr)); -@@ -1156,7 +1243,7 @@ static void __init devicemaps_init(struct machine_desc *mdesc) +@@ -1198,7 +1284,7 @@ static void __init devicemaps_init(struct machine_desc *mdesc) * location (0xffff0000). If we aren't using high-vectors, also * create a mapping at the low-vectors virtual address. */ @@ -4466,7 +4190,7 @@ index ce328c7..35b88dc 100644 map.virtual = 0xffff0000; map.length = PAGE_SIZE; map.type = MT_HIGH_VECTORS; -@@ -1214,8 +1301,39 @@ static void __init map_lowmem(void) +@@ -1256,8 +1342,39 @@ static void __init map_lowmem(void) map.pfn = __phys_to_pfn(start); map.virtual = __phys_to_virt(start); map.length = end - start; @@ -4508,7 +4232,7 @@ index ce328c7..35b88dc 100644 } } diff --git a/arch/arm/mm/proc-v7-2level.S b/arch/arm/mm/proc-v7-2level.S -index 6d98c13..3cfb174 100644 +index 78f520b..31f0cb6 100644 --- a/arch/arm/mm/proc-v7-2level.S +++ b/arch/arm/mm/proc-v7-2level.S @@ -99,6 +99,9 @@ ENTRY(cpu_v7_set_pte_ext) @@ -4535,10 +4259,10 @@ index a5bc92d..0bb4730 100644 + pax_close_kernel(); } diff --git a/arch/arm/plat-samsung/include/plat/dma-ops.h b/arch/arm/plat-samsung/include/plat/dma-ops.h -index f5144cd..71f6d1f 100644 +index 1141782..0959d64 100644 --- a/arch/arm/plat-samsung/include/plat/dma-ops.h +++ b/arch/arm/plat-samsung/include/plat/dma-ops.h -@@ -47,7 +47,7 @@ struct samsung_dma_ops { +@@ -48,7 +48,7 @@ struct samsung_dma_ops { int (*started)(unsigned ch); int (*flush)(unsigned ch); int (*stop)(unsigned ch); @@ -4590,7 +4314,7 @@ index c3a58a1..78fbf54 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/avr32/include/asm/elf.h b/arch/avr32/include/asm/elf.h -index e2c3287..6c4f98c 100644 +index d232888..87c8df1 100644 --- a/arch/avr32/include/asm/elf.h +++ b/arch/avr32/include/asm/elf.h @@ -84,8 +84,14 @@ typedef struct user_fpu_struct elf_fpregset_t; @@ -4775,13 +4499,13 @@ index 43901f2..0d8b865 100644 #endif diff --git a/arch/frv/mm/elf-fdpic.c b/arch/frv/mm/elf-fdpic.c -index 385fd30..3aaf4fe 100644 +index 836f147..4cf23f5 100644 --- a/arch/frv/mm/elf-fdpic.c +++ b/arch/frv/mm/elf-fdpic.c @@ -61,6 +61,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi { struct vm_area_struct *vma; - unsigned long limit; + struct vm_unmapped_area_info info; + unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags); if (len > TASK_SIZE) @@ -4796,24 +4520,14 @@ index 385fd30..3aaf4fe 100644 goto success; } -@@ -89,7 +89,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi - for (; vma; vma = vma->vm_next) { - if (addr > limit) - break; -- if (addr + len <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr, len, offset)) - goto success; - addr = vma->vm_end; - } -@@ -104,7 +104,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi - for (; vma; vma = vma->vm_next) { - if (addr > limit) - break; -- if (addr + len <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr, len, offset)) - goto success; - addr = vma->vm_end; - } +@@ -85,6 +85,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi + info.high_limit = (current->mm->start_stack - 0x00200000); + info.align_mask = 0; + info.align_offset = 0; ++ info.threadstack_offset = offset; + addr = vm_unmapped_area(&info); + if (!(addr & ~PAGE_MASK)) + goto success; diff --git a/arch/hexagon/include/asm/cache.h b/arch/hexagon/include/asm/cache.h index f4ca594..adc72fd6 100644 --- a/arch/hexagon/include/asm/cache.h @@ -4875,7 +4589,7 @@ index 988254a..e1ee885 100644 #ifdef CONFIG_SMP # define SMP_CACHE_SHIFT L1_CACHE_SHIFT diff --git a/arch/ia64/include/asm/elf.h b/arch/ia64/include/asm/elf.h -index b5298eb..67c6e62 100644 +index 5a83c5c..4d7f553 100644 --- a/arch/ia64/include/asm/elf.h +++ b/arch/ia64/include/asm/elf.h @@ -42,6 +42,13 @@ @@ -5147,19 +4861,10 @@ index 24603be..948052d 100644 DEBUGP("%s: placing gp at 0x%lx\n", __func__, gp); } diff --git a/arch/ia64/kernel/palinfo.c b/arch/ia64/kernel/palinfo.c -index 77597e5..189dd62f 100644 +index 79521d5..43dddff 100644 --- a/arch/ia64/kernel/palinfo.c +++ b/arch/ia64/kernel/palinfo.c -@@ -977,7 +977,7 @@ create_palinfo_proc_entries(unsigned int cpu) - struct proc_dir_entry **pdir; - struct proc_dir_entry *cpu_dir; - int j; -- char cpustr[sizeof(CPUSTR)]; -+ char cpustr[3+4+1]; - - - /* -@@ -1045,7 +1045,7 @@ static int __cpuinit palinfo_cpu_callback(struct notifier_block *nfb, +@@ -1006,7 +1006,7 @@ static int __cpuinit palinfo_cpu_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -5169,7 +4874,7 @@ index 77597e5..189dd62f 100644 .notifier_call = palinfo_cpu_callback, .priority = 0, diff --git a/arch/ia64/kernel/salinfo.c b/arch/ia64/kernel/salinfo.c -index 79802e5..1a89ec5 100644 +index aa527d7..f237752 100644 --- a/arch/ia64/kernel/salinfo.c +++ b/arch/ia64/kernel/salinfo.c @@ -616,7 +616,7 @@ salinfo_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu @@ -5182,13 +4887,13 @@ index 79802e5..1a89ec5 100644 .notifier_call = salinfo_cpu_callback, .priority = 0, diff --git a/arch/ia64/kernel/sys_ia64.c b/arch/ia64/kernel/sys_ia64.c -index d9439ef..d0cac6b 100644 +index 41e33f8..65180b2 100644 --- a/arch/ia64/kernel/sys_ia64.c +++ b/arch/ia64/kernel/sys_ia64.c @@ -28,6 +28,7 @@ arch_get_unmapped_area (struct file *filp, unsigned long addr, unsigned long len - unsigned long start_addr, align_mask = PAGE_SIZE - 1; + unsigned long align_mask = 0; struct mm_struct *mm = current->mm; - struct vm_area_struct *vma; + struct vm_unmapped_area_info info; + unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); if (len > RGN_MAP_LIMIT) @@ -5205,26 +4910,16 @@ index d9439ef..d0cac6b 100644 +#endif + if (!addr) - addr = mm->free_area_cache; + addr = TASK_UNMAPPED_BASE; + +@@ -61,6 +69,7 @@ arch_get_unmapped_area (struct file *filp, unsigned long addr, unsigned long len + info.high_limit = TASK_SIZE; + info.align_mask = align_mask; + info.align_offset = 0; ++ info.threadstack_offset = offset; + return vm_unmapped_area(&info); + } -@@ -61,14 +69,14 @@ arch_get_unmapped_area (struct file *filp, unsigned long addr, unsigned long len - for (vma = find_vma(mm, addr); ; vma = vma->vm_next) { - /* At this point: (!vma || addr < vma->vm_end). */ - if (TASK_SIZE - len < addr || RGN_MAP_LIMIT - len < REGION_OFFSET(addr)) { -- if (start_addr != TASK_UNMAPPED_BASE) { -+ if (start_addr != mm->mmap_base) { - /* Start a new search --- just in case we missed some holes. */ -- addr = TASK_UNMAPPED_BASE; -+ addr = mm->mmap_base; - goto full_search; - } - return -ENOMEM; - } -- if (!vma || addr + len <= vma->vm_start) { -+ if (check_heap_stack_gap(vma, addr, len, offset)) { - /* Remember the address where we stopped this search: */ - mm->free_area_cache = addr + len; - return addr; diff --git a/arch/ia64/kernel/topology.c b/arch/ia64/kernel/topology.c index dc00b2c..cce53c2 100644 --- a/arch/ia64/kernel/topology.c @@ -5303,28 +4998,27 @@ index 6cf0341..d352594 100644 /* * If for any reason at all we couldn't handle the fault, make diff --git a/arch/ia64/mm/hugetlbpage.c b/arch/ia64/mm/hugetlbpage.c -index 5ca674b..127c3cb 100644 +index 76069c1..c2aa816 100644 --- a/arch/ia64/mm/hugetlbpage.c +++ b/arch/ia64/mm/hugetlbpage.c @@ -149,6 +149,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u unsigned long pgoff, unsigned long flags) { - struct vm_area_struct *vmm; + struct vm_unmapped_area_info info; + unsigned long offset = gr_rand_threadstack_offset(current->mm, file, flags); if (len > RGN_MAP_LIMIT) return -ENOMEM; -@@ -171,7 +172,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u - /* At this point: (!vmm || addr < vmm->vm_end). */ - if (REGION_OFFSET(addr) + len > RGN_MAP_LIMIT) - return -ENOMEM; -- if (!vmm || (addr + len) <= vmm->vm_start) -+ if (check_heap_stack_gap(vmm, addr, len, offset)) - return addr; - addr = ALIGN(vmm->vm_end, HPAGE_SIZE); - } +@@ -172,6 +173,7 @@ unsigned long hugetlb_get_unmapped_area(struct file *file, unsigned long addr, u + info.high_limit = HPAGE_REGION_BASE + RGN_MAP_LIMIT; + info.align_mask = PAGE_MASK & (HPAGE_SIZE - 1); + info.align_offset = 0; ++ info.threadstack_offset = offset; + return vm_unmapped_area(&info); + } + diff --git a/arch/ia64/mm/init.c b/arch/ia64/mm/init.c -index b755ea9..b9a969e 100644 +index 20bc967..a26993e 100644 --- a/arch/ia64/mm/init.c +++ b/arch/ia64/mm/init.c @@ -120,6 +120,19 @@ ia64_init_addr_space (void) @@ -5404,6 +5098,18 @@ index 0395c51..5f26031 100644 #define ARCH_DMA_MINALIGN L1_CACHE_BYTES +diff --git a/arch/metag/mm/hugetlbpage.c b/arch/metag/mm/hugetlbpage.c +index 3c52fa6..11b2ad8 100644 +--- a/arch/metag/mm/hugetlbpage.c ++++ b/arch/metag/mm/hugetlbpage.c +@@ -200,6 +200,7 @@ hugetlb_get_unmapped_area_new_pmd(unsigned long len) + info.high_limit = TASK_SIZE; + info.align_mask = PAGE_MASK & HUGEPT_MASK; + info.align_offset = 0; ++ info.threadstack_offset = 0; + return vm_unmapped_area(&info); + } + diff --git a/arch/microblaze/include/asm/cache.h b/arch/microblaze/include/asm/cache.h index 4efe96a..60e8699 100644 --- a/arch/microblaze/include/asm/cache.h @@ -5423,7 +5129,7 @@ index 4efe96a..60e8699 100644 #define SMP_CACHE_BYTES L1_CACHE_BYTES diff --git a/arch/mips/include/asm/atomic.h b/arch/mips/include/asm/atomic.h -index 01cc6ba..bcb7a5d 100644 +index 08b6079..eb272cf 100644 --- a/arch/mips/include/asm/atomic.h +++ b/arch/mips/include/asm/atomic.h @@ -21,6 +21,10 @@ @@ -5434,7 +5140,7 @@ index 01cc6ba..bcb7a5d 100644 +#include <asm-generic/atomic64.h> +#endif + - #define ATOMIC_INIT(i) { (i) } + #define ATOMIC_INIT(i) { (i) } /* @@ -759,6 +763,16 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) @@ -5472,11 +5178,11 @@ index b4db69f..8f3b093 100644 #define SMP_CACHE_SHIFT L1_CACHE_SHIFT #define SMP_CACHE_BYTES L1_CACHE_BYTES diff --git a/arch/mips/include/asm/elf.h b/arch/mips/include/asm/elf.h -index 455c0ac..ad65fbe 100644 +index cf3ae24..238d22f 100644 --- a/arch/mips/include/asm/elf.h +++ b/arch/mips/include/asm/elf.h @@ -372,13 +372,16 @@ extern const char *__elf_platform; - #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2) + #define ELF_ET_DYN_BASE (TASK_SIZE / 3 * 2) #endif +#ifdef CONFIG_PAX_ASLR @@ -5509,18 +5215,18 @@ index c1f6afa..38cc6e9 100644 #endif /* _ASM_EXEC_H */ diff --git a/arch/mips/include/asm/page.h b/arch/mips/include/asm/page.h -index 21bff32..9f0c3b8 100644 +index eab99e5..607c98e 100644 --- a/arch/mips/include/asm/page.h +++ b/arch/mips/include/asm/page.h @@ -96,7 +96,7 @@ extern void copy_user_highpage(struct page *to, struct page *from, #ifdef CONFIG_CPU_MIPS32 typedef struct { unsigned long pte_low, pte_high; } pte_t; - #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32)) -- #define __pte(x) ({ pte_t __pte = {(x), ((unsigned long long)(x)) >> 32}; __pte; }) -+ #define __pte(x) ({ pte_t __pte = {(x), (x) >> 32}; __pte; }) + #define pte_val(x) ((x).pte_low | ((unsigned long long)(x).pte_high << 32)) +- #define __pte(x) ({ pte_t __pte = {(x), ((unsigned long long)(x)) >> 32}; __pte; }) ++ #define __pte(x) ({ pte_t __pte = {(x), (x) >> 32}; __pte; }) #else typedef struct { unsigned long long pte; } pte_t; - #define pte_val(x) ((x).pte) + #define pte_val(x) ((x).pte) diff --git a/arch/mips/include/asm/pgalloc.h b/arch/mips/include/asm/pgalloc.h index 881d18b..cea38bc 100644 --- a/arch/mips/include/asm/pgalloc.h @@ -5538,7 +5244,7 @@ index 881d18b..cea38bc 100644 /* diff --git a/arch/mips/include/asm/thread_info.h b/arch/mips/include/asm/thread_info.h -index b2050b9..d71bb1b 100644 +index 178f792..8ebc510 100644 --- a/arch/mips/include/asm/thread_info.h +++ b/arch/mips/include/asm/thread_info.h @@ -111,6 +111,8 @@ register struct thread_info *__current_thread_info __asm__("$28"); @@ -5572,12 +5278,12 @@ index b2050b9..d71bb1b 100644 #endif /* __KERNEL__ */ diff --git a/arch/mips/kernel/binfmt_elfn32.c b/arch/mips/kernel/binfmt_elfn32.c -index 9fdd8bc..4bd7f1a 100644 +index e06f777..3244284 100644 --- a/arch/mips/kernel/binfmt_elfn32.c +++ b/arch/mips/kernel/binfmt_elfn32.c @@ -50,6 +50,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG]; #undef ELF_ET_DYN_BASE - #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2) + #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2) +#ifdef CONFIG_PAX_ASLR +#define PAX_ELF_ET_DYN_BASE (TASK_IS_32BIT_ADDR ? 0x00400000UL : 0x00400000UL) @@ -5590,12 +5296,12 @@ index 9fdd8bc..4bd7f1a 100644 #include <linux/module.h> #include <linux/elfcore.h> diff --git a/arch/mips/kernel/binfmt_elfo32.c b/arch/mips/kernel/binfmt_elfo32.c -index ff44823..97f8906 100644 +index 556a435..b4fd2e3 100644 --- a/arch/mips/kernel/binfmt_elfo32.c +++ b/arch/mips/kernel/binfmt_elfo32.c @@ -52,6 +52,13 @@ typedef elf_fpreg_t elf_fpregset_t[ELF_NFPREG]; #undef ELF_ET_DYN_BASE - #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2) + #define ELF_ET_DYN_BASE (TASK32_SIZE / 3 * 2) +#ifdef CONFIG_PAX_ASLR +#define PAX_ELF_ET_DYN_BASE (TASK_IS_32BIT_ADDR ? 0x00400000UL : 0x00400000UL) @@ -5608,10 +5314,10 @@ index ff44823..97f8906 100644 /* diff --git a/arch/mips/kernel/process.c b/arch/mips/kernel/process.c -index a11c6f9..be5e164 100644 +index 3be4405..a799827 100644 --- a/arch/mips/kernel/process.c +++ b/arch/mips/kernel/process.c -@@ -460,15 +460,3 @@ unsigned long get_wchan(struct task_struct *task) +@@ -461,15 +461,3 @@ unsigned long get_wchan(struct task_struct *task) out: return pc; } @@ -5628,7 +5334,7 @@ index a11c6f9..be5e164 100644 - return sp & ALMASK; -} diff --git a/arch/mips/kernel/ptrace.c b/arch/mips/kernel/ptrace.c -index 4812c6d..2069554 100644 +index 9c6299c..2fb4c22 100644 --- a/arch/mips/kernel/ptrace.c +++ b/arch/mips/kernel/ptrace.c @@ -528,6 +528,10 @@ static inline int audit_arch(void) @@ -5655,7 +5361,7 @@ index 4812c6d..2069554 100644 goto out; diff --git a/arch/mips/kernel/scall32-o32.S b/arch/mips/kernel/scall32-o32.S -index d20a4bc..7096ae5 100644 +index 9ea2964..c4329c3 100644 --- a/arch/mips/kernel/scall32-o32.S +++ b/arch/mips/kernel/scall32-o32.S @@ -52,7 +52,7 @@ NESTED(handle_sys, PT_SIZE, sp) @@ -5665,10 +5371,10 @@ index d20a4bc..7096ae5 100644 - li t1, _TIF_SYSCALL_TRACE | _TIF_SYSCALL_AUDIT + li t1, _TIF_SYSCALL_WORK and t0, t1 - bnez t0, syscall_trace_entry # -> yes + bnez t0, syscall_trace_entry # -> yes diff --git a/arch/mips/kernel/scall64-64.S b/arch/mips/kernel/scall64-64.S -index b64f642..0fe6eab 100644 +index 36cfd40..b1436e0 100644 --- a/arch/mips/kernel/scall64-64.S +++ b/arch/mips/kernel/scall64-64.S @@ -54,7 +54,7 @@ NESTED(handle_sys64, PT_SIZE, sp) @@ -5681,7 +5387,7 @@ index b64f642..0fe6eab 100644 and t0, t1, t0 bnez t0, syscall_trace_entry diff --git a/arch/mips/kernel/scall64-n32.S b/arch/mips/kernel/scall64-n32.S -index c29ac19..c592d05 100644 +index 693d60b..ae0ba75 100644 --- a/arch/mips/kernel/scall64-n32.S +++ b/arch/mips/kernel/scall64-n32.S @@ -47,7 +47,7 @@ NESTED(handle_sysn32, PT_SIZE, sp) @@ -5694,7 +5400,7 @@ index c29ac19..c592d05 100644 and t0, t1, t0 bnez t0, n32_syscall_trace_entry diff --git a/arch/mips/kernel/scall64-o32.S b/arch/mips/kernel/scall64-o32.S -index cf3e75e..72e93fe 100644 +index af8887f..611ccb6 100644 --- a/arch/mips/kernel/scall64-o32.S +++ b/arch/mips/kernel/scall64-o32.S @@ -81,7 +81,7 @@ NESTED(handle_sys, PT_SIZE, sp) @@ -5707,7 +5413,7 @@ index cf3e75e..72e93fe 100644 and t0, t1, t0 bnez t0, trace_a_syscall diff --git a/arch/mips/mm/fault.c b/arch/mips/mm/fault.c -index ddcec1e..c7f983e 100644 +index 0fead53..a2c0fb5 100644 --- a/arch/mips/mm/fault.c +++ b/arch/mips/mm/fault.c @@ -27,6 +27,23 @@ @@ -5735,7 +5441,7 @@ index ddcec1e..c7f983e 100644 * This routine handles page faults. It determines the address, * and the problem, and then passes it off to one of the appropriate diff --git a/arch/mips/mm/mmap.c b/arch/mips/mm/mmap.c -index 7e5fe27..479a219 100644 +index 7e5fe27..9656513 100644 --- a/arch/mips/mm/mmap.c +++ b/arch/mips/mm/mmap.c @@ -59,6 +59,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, @@ -5758,7 +5464,7 @@ index 7e5fe27..479a219 100644 if (addr) { if (do_color_align) addr = COLOUR_ALIGN(addr, pgoff); -@@ -91,8 +97,7 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, +@@ -91,14 +97,14 @@ static unsigned long arch_get_unmapped_area_common(struct file *filp, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -5768,7 +5474,14 @@ index 7e5fe27..479a219 100644 return addr; } -@@ -146,6 +151,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) + info.length = len; + info.align_mask = do_color_align ? (PAGE_MASK & shm_align_mask) : 0; + info.align_offset = pgoff << PAGE_SHIFT; ++ info.threadstack_offset = offset; + + if (dir == DOWN) { + info.flags = VM_UNMAPPED_AREA_TOPDOWN; +@@ -146,6 +152,10 @@ void arch_pick_mmap_layout(struct mm_struct *mm) { unsigned long random_factor = 0UL; @@ -5779,7 +5492,7 @@ index 7e5fe27..479a219 100644 if (current->flags & PF_RANDOMIZE) { random_factor = get_random_int(); random_factor = random_factor << PAGE_SHIFT; -@@ -157,42 +166,27 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -157,42 +167,27 @@ void arch_pick_mmap_layout(struct mm_struct *mm) if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; @@ -5895,7 +5608,7 @@ index 4ce7a01..449202a 100644 #endif /* __ASM_OPENRISC_CACHE_H */ diff --git a/arch/parisc/include/asm/atomic.h b/arch/parisc/include/asm/atomic.h -index af9cf30..2aae9b2 100644 +index f38e198..4179e38 100644 --- a/arch/parisc/include/asm/atomic.h +++ b/arch/parisc/include/asm/atomic.h @@ -229,6 +229,16 @@ static __inline__ int atomic64_add_unless(atomic64_t *v, long a, long u) @@ -5944,7 +5657,7 @@ index 47f11c7..3420df2 100644 #define SMP_CACHE_BYTES L1_CACHE_BYTES diff --git a/arch/parisc/include/asm/elf.h b/arch/parisc/include/asm/elf.h -index 19f6cb1..6c78cf2 100644 +index ad2b503..bdf1651 100644 --- a/arch/parisc/include/asm/elf.h +++ b/arch/parisc/include/asm/elf.h @@ -342,6 +342,13 @@ struct pt_regs; /* forward declaration... */ @@ -5986,31 +5699,10 @@ index fc987a1..6e068ef 100644 #endif diff --git a/arch/parisc/include/asm/pgtable.h b/arch/parisc/include/asm/pgtable.h -index 7df49fa..a3eb445 100644 +index 1e40d7f..a3eb445 100644 --- a/arch/parisc/include/asm/pgtable.h +++ b/arch/parisc/include/asm/pgtable.h -@@ -16,6 +16,8 @@ - #include <asm/processor.h> - #include <asm/cache.h> - -+extern spinlock_t pa_dbit_lock; -+ - /* - * kern_addr_valid(ADDR) tests if ADDR is pointing to valid kernel - * memory. For the return value to be meaningful, ADDR must be >= -@@ -44,8 +46,11 @@ extern void purge_tlb_entries(struct mm_struct *, unsigned long); - - #define set_pte_at(mm, addr, ptep, pteval) \ - do { \ -+ unsigned long flags; \ -+ spin_lock_irqsave(&pa_dbit_lock, flags); \ - set_pte(ptep, pteval); \ - purge_tlb_entries(mm, addr); \ -+ spin_unlock_irqrestore(&pa_dbit_lock, flags); \ - } while (0) - - #endif /* !__ASSEMBLY__ */ -@@ -218,6 +223,17 @@ extern void purge_tlb_entries(struct mm_struct *, unsigned long); +@@ -223,6 +223,17 @@ extern void purge_tlb_entries(struct mm_struct *, unsigned long); #define PAGE_EXECREAD __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_EXEC |_PAGE_ACCESSED) #define PAGE_COPY PAGE_EXECREAD #define PAGE_RWX __pgprot(_PAGE_PRESENT | _PAGE_USER | _PAGE_READ | _PAGE_WRITE | _PAGE_EXEC |_PAGE_ACCESSED) @@ -6028,80 +5720,11 @@ index 7df49fa..a3eb445 100644 #define PAGE_KERNEL __pgprot(_PAGE_KERNEL) #define PAGE_KERNEL_EXEC __pgprot(_PAGE_KERNEL_EXEC) #define PAGE_KERNEL_RWX __pgprot(_PAGE_KERNEL_RWX) -@@ -435,48 +451,46 @@ extern void update_mmu_cache(struct vm_area_struct *, unsigned long, pte_t *); - - static inline int ptep_test_and_clear_young(struct vm_area_struct *vma, unsigned long addr, pte_t *ptep) - { --#ifdef CONFIG_SMP -+ pte_t pte; -+ unsigned long flags; -+ - if (!pte_young(*ptep)) - return 0; -- return test_and_clear_bit(xlate_pabit(_PAGE_ACCESSED_BIT), &pte_val(*ptep)); --#else -- pte_t pte = *ptep; -- if (!pte_young(pte)) -+ -+ spin_lock_irqsave(&pa_dbit_lock, flags); -+ pte = *ptep; -+ if (!pte_young(pte)) { -+ spin_unlock_irqrestore(&pa_dbit_lock, flags); - return 0; -- set_pte_at(vma->vm_mm, addr, ptep, pte_mkold(pte)); -+ } -+ set_pte(ptep, pte_mkold(pte)); -+ purge_tlb_entries(vma->vm_mm, addr); -+ spin_unlock_irqrestore(&pa_dbit_lock, flags); - return 1; --#endif - } - --extern spinlock_t pa_dbit_lock; -- - struct mm_struct; - static inline pte_t ptep_get_and_clear(struct mm_struct *mm, unsigned long addr, pte_t *ptep) - { - pte_t old_pte; -+ unsigned long flags; - -- spin_lock(&pa_dbit_lock); -+ spin_lock_irqsave(&pa_dbit_lock, flags); - old_pte = *ptep; - pte_clear(mm,addr,ptep); -- spin_unlock(&pa_dbit_lock); -+ purge_tlb_entries(mm, addr); -+ spin_unlock_irqrestore(&pa_dbit_lock, flags); - - return old_pte; - } - - static inline void ptep_set_wrprotect(struct mm_struct *mm, unsigned long addr, pte_t *ptep) - { --#ifdef CONFIG_SMP -- unsigned long new, old; -- -- do { -- old = pte_val(*ptep); -- new = pte_val(pte_wrprotect(__pte (old))); -- } while (cmpxchg((unsigned long *) ptep, old, new) != old); -+ unsigned long flags; -+ spin_lock_irqsave(&pa_dbit_lock, flags); -+ set_pte(ptep, pte_wrprotect(*ptep)); - purge_tlb_entries(mm, addr); --#else -- pte_t old_pte = *ptep; -- set_pte_at(mm, addr, ptep, pte_wrprotect(old_pte)); --#endif -+ spin_unlock_irqrestore(&pa_dbit_lock, flags); - } - - #define pte_same(A,B) (pte_val(A) == pte_val(B)) diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h -index 4ba2c93..f5e3974 100644 +index e0a8235..ce2f1e1 100644 --- a/arch/parisc/include/asm/uaccess.h +++ b/arch/parisc/include/asm/uaccess.h -@@ -251,10 +251,10 @@ static inline unsigned long __must_check copy_from_user(void *to, +@@ -245,10 +245,10 @@ static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { @@ -6114,26 +5737,6 @@ index 4ba2c93..f5e3974 100644 ret = __copy_from_user(to, from, n); else copy_from_user_overflow(); -diff --git a/arch/parisc/kernel/cache.c b/arch/parisc/kernel/cache.c -index b89a85a..a9891fa 100644 ---- a/arch/parisc/kernel/cache.c -+++ b/arch/parisc/kernel/cache.c -@@ -426,14 +426,11 @@ void purge_tlb_entries(struct mm_struct *mm, unsigned long addr) - /* Note: purge_tlb_entries can be called at startup with - no context. */ - -- /* Disable preemption while we play with %sr1. */ -- preempt_disable(); -+ purge_tlb_start(flags); - mtsp(mm->context, 1); -- purge_tlb_start(flags); - pdtlb(addr); - pitlb(addr); - purge_tlb_end(flags); -- preempt_enable(); - } - EXPORT_SYMBOL(purge_tlb_entries); - diff --git a/arch/parisc/kernel/module.c b/arch/parisc/kernel/module.c index 2a625fb..9908930 100644 --- a/arch/parisc/kernel/module.c @@ -6238,7 +5841,7 @@ index 2a625fb..9908930 100644 DEBUGP("register_unwind_table(), sect = %d at 0x%p - 0x%p (gp=0x%lx)\n", me->arch.unwind_section, table, end, gp); diff --git a/arch/parisc/kernel/sys_parisc.c b/arch/parisc/kernel/sys_parisc.c -index f76c108..92bad82 100644 +index 5dfd248..64914ac 100644 --- a/arch/parisc/kernel/sys_parisc.c +++ b/arch/parisc/kernel/sys_parisc.c @@ -33,9 +33,11 @@ @@ -6247,24 +5850,23 @@ index f76c108..92bad82 100644 -static unsigned long get_unshared_area(unsigned long addr, unsigned long len) +static unsigned long get_unshared_area(struct file *filp, unsigned long addr, unsigned long len, -+ unsigned long flags) ++ unsigned long flags) { - struct vm_area_struct *vma; + struct vm_unmapped_area_info info; + unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags); - addr = PAGE_ALIGN(addr); + info.flags = 0; + info.length = len; +@@ -43,6 +45,7 @@ static unsigned long get_unshared_area(unsigned long addr, unsigned long len) + info.high_limit = TASK_SIZE; + info.align_mask = 0; + info.align_offset = 0; ++ info.threadstack_offset = offset; + return vm_unmapped_area(&info); + } -@@ -43,7 +45,7 @@ static unsigned long get_unshared_area(unsigned long addr, unsigned long len) - /* At this point: (!vma || addr < vma->vm_end). */ - if (TASK_SIZE - len < addr) - return -ENOMEM; -- if (!vma || addr + len <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr, len, offset)) - return addr; - addr = vma->vm_end; - } -@@ -67,11 +69,12 @@ static int get_offset(struct address_space *mapping) - return offset & 0x3FF000; +@@ -61,10 +64,11 @@ static int get_offset(struct address_space *mapping) + return (unsigned long) mapping >> 8; } -static unsigned long get_shared_area(struct address_space *mapping, @@ -6272,28 +5874,34 @@ index f76c108..92bad82 100644 +static unsigned long get_shared_area(struct file *filp, struct address_space *mapping, + unsigned long addr, unsigned long len, unsigned long pgoff, unsigned long flags) { - struct vm_area_struct *vma; - int offset = mapping ? get_offset(mapping) : 0; -+ unsigned long rand_offset = gr_rand_threadstack_offset(current->mm, filp, flags); + struct vm_unmapped_area_info info; ++ unsigned long offset = gr_rand_threadstack_offset(current->mm, filp, flags); - offset = (offset + (pgoff << PAGE_SHIFT)) & 0x3FF000; + info.flags = 0; + info.length = len; +@@ -72,6 +76,7 @@ static unsigned long get_shared_area(struct address_space *mapping, + info.high_limit = TASK_SIZE; + info.align_mask = PAGE_MASK & (SHMLBA - 1); + info.align_offset = (get_offset(mapping) + pgoff) << PAGE_SHIFT; ++ info.threadstack_offset = offset; + return vm_unmapped_area(&info); + } -@@ -81,7 +84,7 @@ static unsigned long get_shared_area(struct address_space *mapping, - /* At this point: (!vma || addr < vma->vm_end). */ - if (TASK_SIZE - len < addr) - return -ENOMEM; -- if (!vma || addr + len <= vma->vm_start) -+ if (check_heap_stack_gap(vma, addr, len, rand_offset)) - return addr; - addr = DCACHE_ALIGN(vma->vm_end - offset) + offset; - if (addr < vma->vm_end) /* handle wraparound */ -@@ -100,14 +103,14 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, - if (flags & MAP_FIXED) +@@ -86,15 +91,22 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, + return -EINVAL; return addr; - if (!addr) -- addr = TASK_UNMAPPED_BASE; -+ addr = current->mm->mmap_base; + } +- if (!addr) ++ if (!addr) { + addr = TASK_UNMAPPED_BASE; ++#ifdef CONFIG_PAX_RANDMMAP ++ if (current->mm->pax_flags & MF_PAX_RANDMMAP) ++ addr += current->mm->delta_mmap; ++#endif ++ ++ } ++ if (filp) { - addr = get_shared_area(filp->f_mapping, addr, len, pgoff); + addr = get_shared_area(filp, filp->f_mapping, addr, len, pgoff, flags); @@ -6307,7 +5915,7 @@ index f76c108..92bad82 100644 return addr; } diff --git a/arch/parisc/kernel/traps.c b/arch/parisc/kernel/traps.c -index 45ba99f..8e22c33 100644 +index aeb8f8f..27a6c2f 100644 --- a/arch/parisc/kernel/traps.c +++ b/arch/parisc/kernel/traps.c @@ -732,9 +732,7 @@ void notrace handle_interruption(int code, struct pt_regs *regs) @@ -6322,7 +5930,7 @@ index 45ba99f..8e22c33 100644 fault_space = regs->iasq[0]; diff --git a/arch/parisc/mm/fault.c b/arch/parisc/mm/fault.c -index 18162ce..94de376 100644 +index f247a34..dc0f219 100644 --- a/arch/parisc/mm/fault.c +++ b/arch/parisc/mm/fault.c @@ -15,6 +15,7 @@ @@ -6459,7 +6067,7 @@ index 18162ce..94de376 100644 int fixup_exception(struct pt_regs *regs) { const struct exception_table_entry *fix; -@@ -192,8 +303,33 @@ good_area: +@@ -194,8 +305,33 @@ good_area: acc_type = parisc_acctyp(code,regs->iir); @@ -6537,7 +6145,7 @@ index 9e495c9..b6878e5 100644 #define SMP_CACHE_BYTES L1_CACHE_BYTES diff --git a/arch/powerpc/include/asm/elf.h b/arch/powerpc/include/asm/elf.h -index 6abf0a1..459d0f1 100644 +index ac9790f..6d30741 100644 --- a/arch/powerpc/include/asm/elf.h +++ b/arch/powerpc/include/asm/elf.h @@ -28,8 +28,19 @@ @@ -6562,7 +6170,7 @@ index 6abf0a1..459d0f1 100644 /* * Our registers are always unsigned longs, whether we're a 32 bit -@@ -124,10 +135,6 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm, +@@ -122,10 +133,6 @@ extern int arch_setup_additional_pages(struct linux_binprm *bprm, (0x7ff >> (PAGE_SHIFT - 12)) : \ (0x3ffff >> (PAGE_SHIFT - 12))) @@ -6719,10 +6327,10 @@ index 4aad413..85d86bf 100644 #define _PAGE_NO_CACHE 0x020 /* I: cache inhibit */ #define _PAGE_WRITETHRU 0x040 /* W: cache write-through */ diff --git a/arch/powerpc/include/asm/reg.h b/arch/powerpc/include/asm/reg.h -index 3d5c9dc..62f8414 100644 +index c9c67fc..e10c012 100644 --- a/arch/powerpc/include/asm/reg.h +++ b/arch/powerpc/include/asm/reg.h -@@ -215,6 +215,7 @@ +@@ -245,6 +245,7 @@ #define SPRN_DBCR 0x136 /* e300 Data Breakpoint Control Reg */ #define SPRN_DSISR 0x012 /* Data Storage Interrupt Status Register */ #define DSISR_NOHPTE 0x40000000 /* no translation found */ @@ -6950,10 +6558,10 @@ index 4db4959..aba5c41 100644 static inline unsigned long clear_user(void __user *addr, unsigned long size) diff --git a/arch/powerpc/kernel/exceptions-64e.S b/arch/powerpc/kernel/exceptions-64e.S -index 4684e33..acc4d19e 100644 +index ae54553..cf2184d 100644 --- a/arch/powerpc/kernel/exceptions-64e.S +++ b/arch/powerpc/kernel/exceptions-64e.S -@@ -715,6 +715,7 @@ storage_fault_common: +@@ -716,6 +716,7 @@ storage_fault_common: std r14,_DAR(r1) std r15,_DSISR(r1) addi r3,r1,STACK_FRAME_OVERHEAD @@ -6961,7 +6569,7 @@ index 4684e33..acc4d19e 100644 mr r4,r14 mr r5,r15 ld r14,PACA_EXGEN+EX_R14(r13) -@@ -723,8 +724,7 @@ storage_fault_common: +@@ -724,8 +725,7 @@ storage_fault_common: cmpdi r3,0 bne- 1f b .ret_from_except_lite @@ -6972,10 +6580,10 @@ index 4684e33..acc4d19e 100644 ld r4,_DAR(r1) bl .bad_page_fault diff --git a/arch/powerpc/kernel/exceptions-64s.S b/arch/powerpc/kernel/exceptions-64s.S -index bb11075..2d00a2a 100644 +index 3bbe7ed..14ec3eb 100644 --- a/arch/powerpc/kernel/exceptions-64s.S +++ b/arch/powerpc/kernel/exceptions-64s.S -@@ -1206,10 +1206,10 @@ handle_page_fault: +@@ -1390,10 +1390,10 @@ handle_page_fault: 11: ld r4,_DAR(r1) ld r5,_DSISR(r1) addi r3,r1,STACK_FRAME_OVERHEAD @@ -7021,10 +6629,10 @@ index 2e3200c..72095ce 100644 /* Find this entry, or if that fails, the next avail. entry */ while (entry->jump[0]) { diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c -index 8143067..21ae55b 100644 +index 16e77a8..4501b41 100644 --- a/arch/powerpc/kernel/process.c +++ b/arch/powerpc/kernel/process.c -@@ -680,8 +680,8 @@ void show_regs(struct pt_regs * regs) +@@ -870,8 +870,8 @@ void show_regs(struct pt_regs * regs) * Lookup NIP late so we have the best change of getting the * above info out without failing */ @@ -7033,9 +6641,9 @@ index 8143067..21ae55b 100644 + printk("NIP ["REG"] %pA\n", regs->nip, (void *)regs->nip); + printk("LR ["REG"] %pA\n", regs->link, (void *)regs->link); #endif - show_stack(current, (unsigned long *) regs->gpr[1]); - if (!user_mode(regs)) -@@ -1129,10 +1129,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) + #ifdef CONFIG_PPC_TRANSACTIONAL_MEM + printk("PACATMSCRATCH [%llx]\n", get_paca()->tm_scratch); +@@ -1330,10 +1330,10 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) newsp = stack[0]; ip = stack[STACK_FRAME_LR_SAVE]; if (!firstframe || ip != lr) { @@ -7048,7 +6656,7 @@ index 8143067..21ae55b 100644 (void *)current->ret_stack[curr_frame].ret); curr_frame--; } -@@ -1152,7 +1152,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) +@@ -1353,7 +1353,7 @@ void show_stack(struct task_struct *tsk, unsigned long *stack) struct pt_regs *regs = (struct pt_regs *) (sp + STACK_FRAME_OVERHEAD); lr = regs->link; @@ -7057,7 +6665,7 @@ index 8143067..21ae55b 100644 regs->trap, (void *)regs->nip, (void *)lr); firstframe = 1; } -@@ -1194,58 +1194,3 @@ void __ppc64_runlatch_off(void) +@@ -1395,58 +1395,3 @@ void __ppc64_runlatch_off(void) mtspr(SPRN_CTRLT, ctrl); } #endif /* CONFIG_PPC64 */ @@ -7117,10 +6725,10 @@ index 8143067..21ae55b 100644 - return ret; -} diff --git a/arch/powerpc/kernel/ptrace.c b/arch/powerpc/kernel/ptrace.c -index c497000..8fde506 100644 +index f9b30c6..d72e7a3 100644 --- a/arch/powerpc/kernel/ptrace.c +++ b/arch/powerpc/kernel/ptrace.c -@@ -1737,6 +1737,10 @@ long arch_ptrace(struct task_struct *child, long request, +@@ -1771,6 +1771,10 @@ long arch_ptrace(struct task_struct *child, long request, return ret; } @@ -7131,7 +6739,7 @@ index c497000..8fde506 100644 /* * We must return the syscall number to actually look up in the table. * This can be -1L to skip running any syscall at all. -@@ -1747,6 +1751,11 @@ long do_syscall_trace_enter(struct pt_regs *regs) +@@ -1781,6 +1785,11 @@ long do_syscall_trace_enter(struct pt_regs *regs) secure_computing_strict(regs->gpr[0]); @@ -7143,7 +6751,7 @@ index c497000..8fde506 100644 if (test_thread_flag(TIF_SYSCALL_TRACE) && tracehook_report_syscall_entry(regs)) /* -@@ -1781,6 +1790,11 @@ void do_syscall_trace_leave(struct pt_regs *regs) +@@ -1815,6 +1824,11 @@ void do_syscall_trace_leave(struct pt_regs *regs) { int step; @@ -7156,24 +6764,24 @@ index c497000..8fde506 100644 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/powerpc/kernel/signal_32.c b/arch/powerpc/kernel/signal_32.c -index 804e323..79181c1 100644 +index 95068bf..9ba1814 100644 --- a/arch/powerpc/kernel/signal_32.c +++ b/arch/powerpc/kernel/signal_32.c -@@ -851,7 +851,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka, +@@ -982,7 +982,7 @@ int handle_rt_signal32(unsigned long sig, struct k_sigaction *ka, /* Save user registers on the stack */ frame = &rt_sf->uc.uc_mcontext; addr = frame; - if (vdso32_rt_sigtramp && current->mm->context.vdso_base) { + if (vdso32_rt_sigtramp && current->mm->context.vdso_base != ~0UL) { - if (save_user_regs(regs, frame, 0, 1)) - goto badframe; - regs->link = current->mm->context.vdso_base + vdso32_rt_sigtramp; + sigret = 0; + tramp = current->mm->context.vdso_base + vdso32_rt_sigtramp; + } else { diff --git a/arch/powerpc/kernel/signal_64.c b/arch/powerpc/kernel/signal_64.c -index 1ca045d..139c3f7 100644 +index c179428..58acdaa 100644 --- a/arch/powerpc/kernel/signal_64.c +++ b/arch/powerpc/kernel/signal_64.c -@@ -430,7 +430,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info, - current->thread.fpscr.val = 0; +@@ -758,7 +758,7 @@ int handle_rt_signal64(int signr, struct k_sigaction *ka, siginfo_t *info, + #endif /* Set up to return from userspace. */ - if (vdso64_rt_sigtramp && current->mm->context.vdso_base) { @@ -7195,10 +6803,10 @@ index 3ce1f86..c30e629 100644 }; diff --git a/arch/powerpc/kernel/traps.c b/arch/powerpc/kernel/traps.c -index 3251840..3f7c77a 100644 +index 83efa2f..6bb5839 100644 --- a/arch/powerpc/kernel/traps.c +++ b/arch/powerpc/kernel/traps.c -@@ -133,6 +133,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs) +@@ -141,6 +141,8 @@ static unsigned __kprobes long oops_begin(struct pt_regs *regs) return flags; } @@ -7207,7 +6815,7 @@ index 3251840..3f7c77a 100644 static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, int signr) { -@@ -182,6 +184,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, +@@ -190,6 +192,9 @@ static void __kprobes oops_end(unsigned long flags, struct pt_regs *regs, panic("Fatal exception in interrupt"); if (panic_on_oops) panic("Fatal exception"); @@ -7283,7 +6891,7 @@ index 5eea6f3..5d10396 100644 EXPORT_SYMBOL(copy_in_user); diff --git a/arch/powerpc/mm/fault.c b/arch/powerpc/mm/fault.c -index 3a8489a..6a63b3b 100644 +index 229951f..cdeca42 100644 --- a/arch/powerpc/mm/fault.c +++ b/arch/powerpc/mm/fault.c @@ -32,6 +32,10 @@ @@ -7434,7 +7042,7 @@ index e779642..e5bb889 100644 }; diff --git a/arch/powerpc/mm/numa.c b/arch/powerpc/mm/numa.c -index bba87ca..c346a33 100644 +index 6a252c4..3024d81 100644 --- a/arch/powerpc/mm/numa.c +++ b/arch/powerpc/mm/numa.c @@ -932,7 +932,7 @@ static void __init *careful_zallocation(int nid, unsigned long size, @@ -7517,7 +7125,7 @@ index cf9dada..241529f 100644 if (!fixed && addr) { addr = _ALIGN_UP(addr, 1ul << pshift); diff --git a/arch/powerpc/platforms/cell/spufs/file.c b/arch/powerpc/platforms/cell/spufs/file.c -index 0cfece4..2f1a0e5 100644 +index 68c57d3..1fdcfb2 100644 --- a/arch/powerpc/platforms/cell/spufs/file.c +++ b/arch/powerpc/platforms/cell/spufs/file.c @@ -281,9 +281,9 @@ spufs_mem_mmap_fault(struct vm_area_struct *vma, struct vm_fault *vmf) @@ -7583,7 +7191,7 @@ index 4d7ccac..d03d0ad 100644 #define __read_mostly __attribute__((__section__(".data..read_mostly"))) diff --git a/arch/s390/include/asm/elf.h b/arch/s390/include/asm/elf.h -index 178ff96..8c93bd1 100644 +index 1bfdf24..9c9ab2e 100644 --- a/arch/s390/include/asm/elf.h +++ b/arch/s390/include/asm/elf.h @@ -160,8 +160,14 @@ extern unsigned int vdso_enabled; @@ -7603,7 +7211,7 @@ index 178ff96..8c93bd1 100644 /* This yields a mask that user programs can use to figure out what instruction set this CPU supports. */ -@@ -210,9 +216,6 @@ struct linux_binprm; +@@ -207,9 +213,6 @@ struct linux_binprm; #define ARCH_HAS_SETUP_ADDITIONAL_PAGES 1 int arch_setup_additional_pages(struct linux_binprm *, int); @@ -7626,7 +7234,7 @@ index c4a93d6..4d2a9b4 100644 #endif /* __ASM_EXEC_H */ diff --git a/arch/s390/include/asm/uaccess.h b/arch/s390/include/asm/uaccess.h -index 34268df..ea97318 100644 +index 9c33ed4..e40cbef 100644 --- a/arch/s390/include/asm/uaccess.h +++ b/arch/s390/include/asm/uaccess.h @@ -252,6 +252,10 @@ static inline unsigned long __must_check @@ -7637,10 +7245,10 @@ index 34268df..ea97318 100644 + if ((long)n < 0) + return n; + - if (access_ok(VERIFY_WRITE, to, n)) - n = __copy_to_user(to, from, n); - return n; -@@ -277,6 +281,9 @@ copy_to_user(void __user *to, const void *from, unsigned long n) + return __copy_to_user(to, from, n); + } + +@@ -275,6 +279,9 @@ copy_to_user(void __user *to, const void *from, unsigned long n) static inline unsigned long __must_check __copy_from_user(void *to, const void __user *from, unsigned long n) { @@ -7650,7 +7258,7 @@ index 34268df..ea97318 100644 if (__builtin_constant_p(n) && (n <= 256)) return uaccess.copy_from_user_small(n, from, to); else -@@ -308,10 +315,14 @@ __compiletime_warning("copy_from_user() buffer size is not provably correct") +@@ -306,10 +313,14 @@ __compiletime_warning("copy_from_user() buffer size is not provably correct") static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { @@ -7668,10 +7276,10 @@ index 34268df..ea97318 100644 return n; } diff --git a/arch/s390/kernel/module.c b/arch/s390/kernel/module.c -index 4610dea..cf0af21 100644 +index 7845e15..59c4353 100644 --- a/arch/s390/kernel/module.c +++ b/arch/s390/kernel/module.c -@@ -171,11 +171,11 @@ module_frob_arch_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs, +@@ -169,11 +169,11 @@ int module_frob_arch_sections(Elf_Ehdr *hdr, Elf_Shdr *sechdrs, /* Increase core size by size of got & plt and set start offsets for got and plt. */ @@ -7688,7 +7296,7 @@ index 4610dea..cf0af21 100644 return 0; } -@@ -252,7 +252,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, +@@ -289,7 +289,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, if (info->got_initialized == 0) { Elf_Addr *gotent; @@ -7697,16 +7305,16 @@ index 4610dea..cf0af21 100644 info->got_offset; *gotent = val; info->got_initialized = 1; -@@ -276,7 +276,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, +@@ -312,7 +312,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, + rc = apply_rela_bits(loc, val, 0, 64, 0); else if (r_type == R_390_GOTENT || - r_type == R_390_GOTPLTENT) - *(unsigned int *) loc = -- (val + (Elf_Addr) me->module_core - loc) >> 1; -+ (val + (Elf_Addr) me->module_core_rw - loc) >> 1; - else if (r_type == R_390_GOT64 || - r_type == R_390_GOTPLT64) - *(unsigned long *) loc = val; -@@ -290,7 +290,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, + r_type == R_390_GOTPLTENT) { +- val += (Elf_Addr) me->module_core - loc; ++ val += (Elf_Addr) me->module_core_rw - loc; + rc = apply_rela_bits(loc, val, 1, 32, 1); + } + break; +@@ -325,7 +325,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, case R_390_PLTOFF64: /* 16 bit offset from GOT to PLT. */ if (info->plt_initialized == 0) { unsigned int *ip; @@ -7715,7 +7323,7 @@ index 4610dea..cf0af21 100644 info->plt_offset; #ifndef CONFIG_64BIT ip[0] = 0x0d105810; /* basr 1,0; l 1,6(1); br 1 */ -@@ -315,7 +315,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, +@@ -350,7 +350,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, val - loc + 0xffffUL < 0x1ffffeUL) || (r_type == R_390_PLT32DBL && val - loc + 0xffffffffULL < 0x1fffffffeULL))) @@ -7724,16 +7332,16 @@ index 4610dea..cf0af21 100644 me->arch.plt_offset + info->plt_offset; val += rela->r_addend - loc; -@@ -337,7 +337,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, +@@ -372,7 +372,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, case R_390_GOTOFF32: /* 32 bit offset to GOT. */ case R_390_GOTOFF64: /* 64 bit offset to GOT. */ val = val + rela->r_addend - - ((Elf_Addr) me->module_core + me->arch.got_offset); + ((Elf_Addr) me->module_core_rw + me->arch.got_offset); if (r_type == R_390_GOTOFF16) - *(unsigned short *) loc = val; + rc = apply_rela_bits(loc, val, 0, 16, 0); else if (r_type == R_390_GOTOFF32) -@@ -347,7 +347,7 @@ apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, +@@ -382,7 +382,7 @@ static int apply_rela(Elf_Rela *rela, Elf_Addr base, Elf_Sym *symtab, break; case R_390_GOTPC: /* 32 bit PC relative offset to GOT. */ case R_390_GOTPCDBL: /* 32 bit PC rel. off. to GOT shifted by 1. */ @@ -7741,7 +7349,7 @@ index 4610dea..cf0af21 100644 + val = (Elf_Addr) me->module_core_rw + me->arch.got_offset + rela->r_addend - loc; if (r_type == R_390_GOTPC) - *(unsigned int *) loc = val; + rc = apply_rela_bits(loc, val, 1, 32, 0); diff --git a/arch/s390/kernel/process.c b/arch/s390/kernel/process.c index 536d645..4a5bd9e 100644 --- a/arch/s390/kernel/process.c @@ -7787,7 +7395,7 @@ index 536d645..4a5bd9e 100644 - return ret; -} diff --git a/arch/s390/mm/mmap.c b/arch/s390/mm/mmap.c -index c59a5ef..3fae59c 100644 +index 06bafec..2bca531 100644 --- a/arch/s390/mm/mmap.c +++ b/arch/s390/mm/mmap.c @@ -90,10 +90,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) @@ -7813,7 +7421,7 @@ index c59a5ef..3fae59c 100644 mm->get_unmapped_area = arch_get_unmapped_area_topdown; mm->unmap_area = arch_unmap_area_topdown; } -@@ -172,10 +184,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -175,10 +187,22 @@ void arch_pick_mmap_layout(struct mm_struct *mm) */ if (mmap_is_legacy()) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -8197,7 +7805,7 @@ index 5bb6991..5c2132e 100644 #ifdef CONFIG_SPARC32 #define SMP_CACHE_BYTES_SHIFT 5 diff --git a/arch/sparc/include/asm/elf_32.h b/arch/sparc/include/asm/elf_32.h -index ac74a2c..a9e58af 100644 +index a24e41f..47677ff 100644 --- a/arch/sparc/include/asm/elf_32.h +++ b/arch/sparc/include/asm/elf_32.h @@ -114,6 +114,13 @@ typedef struct { @@ -8596,10 +8204,10 @@ index 6cf591b..b49e65a 100644 extra-y := head_$(BITS).o diff --git a/arch/sparc/kernel/process_32.c b/arch/sparc/kernel/process_32.c -index be8e862..5b50b12 100644 +index 62eede1..9c5b904 100644 --- a/arch/sparc/kernel/process_32.c +++ b/arch/sparc/kernel/process_32.c -@@ -126,14 +126,14 @@ void show_regs(struct pt_regs *r) +@@ -125,14 +125,14 @@ void show_regs(struct pt_regs *r) printk("PSR: %08lx PC: %08lx NPC: %08lx Y: %08lx %s\n", r->psr, r->pc, r->npc, r->y, print_tainted()); @@ -8616,7 +8224,7 @@ index be8e862..5b50b12 100644 printk("%%L: %08lx %08lx %08lx %08lx %08lx %08lx %08lx %08lx\n", rw->locals[0], rw->locals[1], rw->locals[2], rw->locals[3], -@@ -168,7 +168,7 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp) +@@ -167,7 +167,7 @@ void show_stack(struct task_struct *tsk, unsigned long *_ksp) rw = (struct reg_window32 *) fp; pc = rw->ins[7]; printk("[%08lx : ", pc); @@ -8665,7 +8273,7 @@ index cdb80b2..5ca141d 100644 (void *) gp->o7, (void *) gp->i7, diff --git a/arch/sparc/kernel/prom_common.c b/arch/sparc/kernel/prom_common.c -index 1303021..c2a6321 100644 +index 9f20566..67eb41b 100644 --- a/arch/sparc/kernel/prom_common.c +++ b/arch/sparc/kernel/prom_common.c @@ -143,7 +143,7 @@ static int __init prom_common_nextprop(phandle node, char *prev, char *buf) @@ -8717,7 +8325,7 @@ index 7ff45e4..a58f271 100644 if (unlikely(test_thread_flag(TIF_SYSCALL_TRACEPOINT))) diff --git a/arch/sparc/kernel/sys_sparc_32.c b/arch/sparc/kernel/sys_sparc_32.c -index 2da0bdc..79128d2 100644 +index 3a8d184..49498a8 100644 --- a/arch/sparc/kernel/sys_sparc_32.c +++ b/arch/sparc/kernel/sys_sparc_32.c @@ -52,7 +52,7 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi @@ -8730,7 +8338,7 @@ index 2da0bdc..79128d2 100644 info.flags = 0; info.length = len; diff --git a/arch/sparc/kernel/sys_sparc_64.c b/arch/sparc/kernel/sys_sparc_64.c -index 708bc29..f0129cb 100644 +index 708bc29..6bfdfad 100644 --- a/arch/sparc/kernel/sys_sparc_64.c +++ b/arch/sparc/kernel/sys_sparc_64.c @@ -90,13 +90,14 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi @@ -8760,7 +8368,7 @@ index 708bc29..f0129cb 100644 if (addr) { if (do_color_align) addr = COLOR_ALIGN(addr, pgoff); -@@ -118,14 +123,13 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi +@@ -118,22 +123,28 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -8777,7 +8385,9 @@ index 708bc29..f0129cb 100644 info.high_limit = min(task_size, VA_EXCLUDE_START); info.align_mask = do_color_align ? (PAGE_MASK & (SHMLBA - 1)) : 0; info.align_offset = pgoff << PAGE_SHIFT; -@@ -134,6 +138,12 @@ unsigned long arch_get_unmapped_area(struct file *filp, unsigned long addr, unsi ++ info.threadstack_offset = offset; + addr = vm_unmapped_area(&info); + if ((addr & ~PAGE_MASK) && task_size > VA_EXCLUDE_END) { VM_BUG_ON(addr != -ENOMEM); info.low_limit = VA_EXCLUDE_END; @@ -8790,7 +8400,7 @@ index 708bc29..f0129cb 100644 info.high_limit = task_size; addr = vm_unmapped_area(&info); } -@@ -151,6 +161,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -151,6 +162,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, unsigned long task_size = STACK_TOP32; unsigned long addr = addr0; int do_color_align; @@ -8798,7 +8408,7 @@ index 708bc29..f0129cb 100644 struct vm_unmapped_area_info info; /* This should only ever run for 32-bit processes. */ -@@ -160,7 +171,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -160,7 +172,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, /* We do not accept a shared mapping if it would violate * cache aliasing constraints. */ @@ -8807,7 +8417,7 @@ index 708bc29..f0129cb 100644 ((addr - (pgoff << PAGE_SHIFT)) & (SHMLBA - 1))) return -EINVAL; return addr; -@@ -173,6 +184,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -173,6 +185,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (filp || (flags & MAP_SHARED)) do_color_align = 1; @@ -8818,7 +8428,7 @@ index 708bc29..f0129cb 100644 /* requesting a specific address */ if (addr) { if (do_color_align) -@@ -181,8 +196,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -181,8 +197,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, addr = PAGE_ALIGN(addr); vma = find_vma(mm, addr); @@ -8828,7 +8438,15 @@ index 708bc29..f0129cb 100644 return addr; } -@@ -204,6 +218,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -192,6 +207,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + info.high_limit = mm->mmap_base; + info.align_mask = do_color_align ? (PAGE_MASK & (SHMLBA - 1)) : 0; + info.align_offset = pgoff << PAGE_SHIFT; ++ info.threadstack_offset = offset; + addr = vm_unmapped_area(&info); + + /* +@@ -204,6 +220,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, VM_BUG_ON(addr != -ENOMEM); info.flags = 0; info.low_limit = TASK_UNMAPPED_BASE; @@ -8841,7 +8459,7 @@ index 708bc29..f0129cb 100644 info.high_limit = STACK_TOP32; addr = vm_unmapped_area(&info); } -@@ -264,6 +284,10 @@ static unsigned long mmap_rnd(void) +@@ -264,6 +286,10 @@ static unsigned long mmap_rnd(void) { unsigned long rnd = 0UL; @@ -8852,7 +8470,7 @@ index 708bc29..f0129cb 100644 if (current->flags & PF_RANDOMIZE) { unsigned long val = get_random_int(); if (test_thread_flag(TIF_32BIT)) -@@ -289,6 +313,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -289,6 +315,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) gap == RLIM_INFINITY || sysctl_legacy_va_layout) { mm->mmap_base = TASK_UNMAPPED_BASE + random_factor; @@ -8865,7 +8483,7 @@ index 708bc29..f0129cb 100644 mm->get_unmapped_area = arch_get_unmapped_area; mm->unmap_area = arch_unmap_area; } else { -@@ -301,6 +331,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) +@@ -301,6 +333,12 @@ void arch_pick_mmap_layout(struct mm_struct *mm) gap = (task_size / 6 * 5); mm->mmap_base = PAGE_ALIGN(task_size - gap - random_factor); @@ -8879,10 +8497,10 @@ index 708bc29..f0129cb 100644 mm->unmap_area = arch_unmap_area_topdown; } diff --git a/arch/sparc/kernel/syscalls.S b/arch/sparc/kernel/syscalls.S -index e0fed77..604a7e5 100644 +index 22a1098..6255eb9 100644 --- a/arch/sparc/kernel/syscalls.S +++ b/arch/sparc/kernel/syscalls.S -@@ -58,7 +58,7 @@ sys32_rt_sigreturn: +@@ -52,7 +52,7 @@ sys32_rt_sigreturn: #endif .align 32 1: ldx [%g6 + TI_FLAGS], %l5 @@ -8891,7 +8509,7 @@ index e0fed77..604a7e5 100644 be,pt %icc, rtrap nop call syscall_trace_leave -@@ -190,7 +190,7 @@ linux_sparc_syscall32: +@@ -184,7 +184,7 @@ linux_sparc_syscall32: srl %i5, 0, %o5 ! IEU1 srl %i2, 0, %o2 ! IEU0 Group @@ -8900,7 +8518,7 @@ index e0fed77..604a7e5 100644 bne,pn %icc, linux_syscall_trace32 ! CTI mov %i0, %l5 ! IEU1 call %l7 ! CTI Group brk forced -@@ -213,7 +213,7 @@ linux_sparc_syscall: +@@ -207,7 +207,7 @@ linux_sparc_syscall: mov %i3, %o3 ! IEU1 mov %i4, %o4 ! IEU0 Group @@ -8909,7 +8527,7 @@ index e0fed77..604a7e5 100644 bne,pn %icc, linux_syscall_trace ! CTI Group mov %i0, %l5 ! IEU0 2: call %l7 ! CTI Group brk forced -@@ -229,7 +229,7 @@ ret_sys_call: +@@ -223,7 +223,7 @@ ret_sys_call: cmp %o0, -ERESTART_RESTARTBLOCK bgeu,pn %xcc, 1f @@ -8932,7 +8550,7 @@ index 654e8aa..45f431b 100644 }; diff --git a/arch/sparc/kernel/traps_32.c b/arch/sparc/kernel/traps_32.c -index a5785ea..405c5f7 100644 +index 6629829..036032d 100644 --- a/arch/sparc/kernel/traps_32.c +++ b/arch/sparc/kernel/traps_32.c @@ -44,6 +44,8 @@ static void instruction_dump(unsigned long *pc) @@ -8965,7 +8583,7 @@ index a5785ea..405c5f7 100644 } diff --git a/arch/sparc/kernel/traps_64.c b/arch/sparc/kernel/traps_64.c -index e7ecf15..6520e65 100644 +index 8d38ca9..845b1d6 100644 --- a/arch/sparc/kernel/traps_64.c +++ b/arch/sparc/kernel/traps_64.c @@ -76,7 +76,7 @@ static void dump_tl1_traplog(struct tl1_traplog *p) @@ -9119,7 +8737,7 @@ index 8201c25e..072a2a7 100644 } } diff --git a/arch/sparc/kernel/us3_cpufreq.c b/arch/sparc/kernel/us3_cpufreq.c -index eb1624b..f9f4ddb 100644 +index eb1624b..55100de 100644 --- a/arch/sparc/kernel/us3_cpufreq.c +++ b/arch/sparc/kernel/us3_cpufreq.c @@ -18,14 +18,12 @@ @@ -9209,7 +8827,7 @@ index eb1624b..f9f4ddb 100644 - return ret; - } + impl == PANTHER_IMPL)) -+ return cpufreq_register_driver(cpufreq_us3_driver); ++ return cpufreq_register_driver(&cpufreq_us3_driver); return -ENODEV; } @@ -9223,7 +8841,7 @@ index eb1624b..f9f4ddb 100644 - kfree(us3_freq_table); - us3_freq_table = NULL; - } -+ cpufreq_unregister_driver(cpufreq_us3_driver); ++ cpufreq_unregister_driver(&cpufreq_us3_driver); } MODULE_AUTHOR("David S. Miller <davem@redhat.com>"); @@ -10446,6 +10064,26 @@ index 9ab078a..d6635c2 100644 n = _copy_from_user(to, from, n); else copy_from_user_overflow(); +diff --git a/arch/tile/mm/hugetlbpage.c b/arch/tile/mm/hugetlbpage.c +index 650ccff..45fe2d6 100644 +--- a/arch/tile/mm/hugetlbpage.c ++++ b/arch/tile/mm/hugetlbpage.c +@@ -239,6 +239,7 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, + info.high_limit = TASK_SIZE; + info.align_mask = PAGE_MASK & ~huge_page_mask(h); + info.align_offset = 0; ++ info.threadstack_offset = 0; + return vm_unmapped_area(&info); + } + +@@ -256,6 +257,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, + info.high_limit = current->mm->mmap_base; + info.align_mask = PAGE_MASK & ~huge_page_mask(h); + info.align_offset = 0; ++ info.threadstack_offset = 0; + addr = vm_unmapped_area(&info); + + /* diff --git a/arch/um/Makefile b/arch/um/Makefile index 133f7de..1d6f2f1 100644 --- a/arch/um/Makefile @@ -10576,10 +10214,10 @@ index ad8f795..2c7eec6 100644 /* * Memory returned by kmalloc() may be used for DMA, so we must make diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig -index 0694d09..58ea1a1 100644 +index 15b5cef..173babc 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -238,7 +238,7 @@ config X86_HT +@@ -244,7 +244,7 @@ config X86_HT config X86_32_LAZY_GS def_bool y @@ -10588,7 +10226,7 @@ index 0694d09..58ea1a1 100644 config ARCH_HWEIGHT_CFLAGS string -@@ -1031,6 +1031,7 @@ config MICROCODE_OLD_INTERFACE +@@ -1077,6 +1077,7 @@ config MICROCODE_EARLY config X86_MSR tristate "/dev/cpu/*/msr - Model-specific register support" @@ -10596,7 +10234,7 @@ index 0694d09..58ea1a1 100644 ---help--- This device gives privileged processes access to the x86 Model-Specific Registers (MSRs). It is a character device with -@@ -1054,7 +1055,7 @@ choice +@@ -1100,7 +1101,7 @@ choice config NOHIGHMEM bool "off" @@ -10605,7 +10243,7 @@ index 0694d09..58ea1a1 100644 ---help--- Linux can use up to 64 Gigabytes of physical memory on x86 systems. However, the address space of 32-bit x86 processors is only 4 -@@ -1091,7 +1092,7 @@ config NOHIGHMEM +@@ -1137,7 +1138,7 @@ config NOHIGHMEM config HIGHMEM4G bool "4GB" @@ -10614,7 +10252,7 @@ index 0694d09..58ea1a1 100644 ---help--- Select this if you have a 32-bit processor and between 1 and 4 gigabytes of physical RAM. -@@ -1145,7 +1146,7 @@ config PAGE_OFFSET +@@ -1190,7 +1191,7 @@ config PAGE_OFFSET hex default 0xB0000000 if VMSPLIT_3G_OPT default 0x80000000 if VMSPLIT_2G @@ -10623,7 +10261,7 @@ index 0694d09..58ea1a1 100644 default 0x40000000 if VMSPLIT_1G default 0xC0000000 depends on X86_32 -@@ -1542,6 +1543,7 @@ config SECCOMP +@@ -1588,6 +1589,7 @@ config SECCOMP config CC_STACKPROTECTOR bool "Enable -fstack-protector buffer overflow detection" @@ -10631,7 +10269,7 @@ index 0694d09..58ea1a1 100644 ---help--- This option turns on the -fstack-protector GCC feature. This feature puts, at the beginning of functions, a canary value on -@@ -1662,6 +1664,8 @@ config X86_NEED_RELOCS +@@ -1707,6 +1709,8 @@ config X86_NEED_RELOCS config PHYSICAL_ALIGN hex "Alignment value to which kernel should be aligned" if X86_32 default "0x1000000" @@ -10640,7 +10278,7 @@ index 0694d09..58ea1a1 100644 range 0x2000 0x1000000 ---help--- This value puts the alignment restrictions on physical address -@@ -1737,9 +1741,10 @@ config DEBUG_HOTPLUG_CPU0 +@@ -1782,9 +1786,10 @@ config DEBUG_HOTPLUG_CPU0 If unsure, say N. config COMPAT_VDSO @@ -10715,10 +10353,10 @@ index b322f12..652d0d9 100644 Enabling this option turns a certain set of sanity checks for user copy operations into compile time failures. diff --git a/arch/x86/Makefile b/arch/x86/Makefile -index e71fc42..7829607 100644 +index 5c47726..8c4fa67 100644 --- a/arch/x86/Makefile +++ b/arch/x86/Makefile -@@ -50,6 +50,7 @@ else +@@ -54,6 +54,7 @@ else UTS_MACHINE := x86_64 CHECKFLAGS += -D__x86_64__ -m64 @@ -10726,7 +10364,7 @@ index e71fc42..7829607 100644 KBUILD_AFLAGS += -m64 KBUILD_CFLAGS += -m64 -@@ -230,3 +231,12 @@ define archhelp +@@ -234,3 +235,12 @@ define archhelp echo ' FDARGS="..." arguments for the booted kernel' echo ' FDINITRD=file initrd for the booted kernel' endef @@ -10776,7 +10414,7 @@ index 878e4b9..20537ab 100644 #endif /* BOOT_BITOPS_H */ diff --git a/arch/x86/boot/boot.h b/arch/x86/boot/boot.h -index 18997e5..83d9c67 100644 +index 5b75319..331a4ca 100644 --- a/arch/x86/boot/boot.h +++ b/arch/x86/boot/boot.h @@ -85,7 +85,7 @@ static inline void io_delay(void) @@ -10812,7 +10450,7 @@ index 5ef205c..342191d 100644 KBUILD_AFLAGS := $(KBUILD_CFLAGS) -D__ASSEMBLY__ GCOV_PROFILE := n diff --git a/arch/x86/boot/compressed/eboot.c b/arch/x86/boot/compressed/eboot.c -index c205035..5853587 100644 +index 35ee62f..b6609b6 100644 --- a/arch/x86/boot/compressed/eboot.c +++ b/arch/x86/boot/compressed/eboot.c @@ -150,7 +150,6 @@ again: @@ -10864,10 +10502,10 @@ index 1e3184f..0d11e2e 100644 jmp 1b 2: diff --git a/arch/x86/boot/compressed/head_64.S b/arch/x86/boot/compressed/head_64.S -index f5d1aaa..cce11dc 100644 +index c1d383d..57ab51c 100644 --- a/arch/x86/boot/compressed/head_64.S +++ b/arch/x86/boot/compressed/head_64.S -@@ -91,7 +91,7 @@ ENTRY(startup_32) +@@ -97,7 +97,7 @@ ENTRY(startup_32) notl %eax andl %eax, %ebx #else @@ -10876,7 +10514,7 @@ index f5d1aaa..cce11dc 100644 #endif /* Target address to relocate to for decompression */ -@@ -273,7 +273,7 @@ preferred_addr: +@@ -272,7 +272,7 @@ preferred_addr: notq %rax andq %rax, %rbp #else @@ -10885,8 +10523,19 @@ index f5d1aaa..cce11dc 100644 #endif /* Target address to relocate to for decompression */ +@@ -363,8 +363,8 @@ gdt: + .long gdt + .word 0 + .quad 0x0000000000000000 /* NULL descriptor */ +- .quad 0x00af9a000000ffff /* __KERNEL_CS */ +- .quad 0x00cf92000000ffff /* __KERNEL_DS */ ++ .quad 0x00af9b000000ffff /* __KERNEL_CS */ ++ .quad 0x00cf93000000ffff /* __KERNEL_DS */ + .quad 0x0080890000000000 /* TS descriptor */ + .quad 0x0000000000000000 /* TS continued */ + gdt_end: diff --git a/arch/x86/boot/compressed/misc.c b/arch/x86/boot/compressed/misc.c -index 88f7ff6..ed695dd 100644 +index 7cb56c6..d382d84 100644 --- a/arch/x86/boot/compressed/misc.c +++ b/arch/x86/boot/compressed/misc.c @@ -303,7 +303,7 @@ static void parse_elf(void *output) @@ -10898,7 +10547,7 @@ index 88f7ff6..ed695dd 100644 #else dest = (void *)(phdr->p_paddr); #endif -@@ -352,7 +352,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap, +@@ -354,7 +354,7 @@ asmlinkage void decompress_kernel(void *rmode, memptr heap, error("Destination address too large"); #endif #ifndef CONFIG_RELOCATABLE @@ -11007,10 +10656,10 @@ index 4d3ff03..e4972ff 100644 err = check_flags(); } diff --git a/arch/x86/boot/header.S b/arch/x86/boot/header.S -index 944ce59..87ee37a 100644 +index 9ec06a1..2c25e79 100644 --- a/arch/x86/boot/header.S +++ b/arch/x86/boot/header.S -@@ -401,10 +401,14 @@ setup_data: .quad 0 # 64-bit physical pointer to +@@ -409,10 +409,14 @@ setup_data: .quad 0 # 64-bit physical pointer to # single linked list of # struct setup_data @@ -11065,7 +10714,7 @@ index 43eda28..5ab5fdb 100644 unsigned int v; diff --git a/arch/x86/crypto/aes-x86_64-asm_64.S b/arch/x86/crypto/aes-x86_64-asm_64.S -index 5b577d5..3c1fed4 100644 +index 9105655..5e37f27 100644 --- a/arch/x86/crypto/aes-x86_64-asm_64.S +++ b/arch/x86/crypto/aes-x86_64-asm_64.S @@ -8,6 +8,8 @@ @@ -11077,17 +10726,17 @@ index 5b577d5..3c1fed4 100644 .extern crypto_ft_tab .extern crypto_it_tab .extern crypto_fl_tab -@@ -71,6 +73,8 @@ FUNC: movq r1,r2; \ +@@ -70,6 +72,8 @@ je B192; \ leaq 32(r9),r9; +#define ret pax_force_retaddr 0, 1; ret + - #define epilogue(r1,r2,r3,r4,r5,r6,r7,r8,r9) \ + #define epilogue(FUNC,r1,r2,r3,r4,r5,r6,r7,r8,r9) \ movq r1,r2; \ movq r3,r4; \ diff --git a/arch/x86/crypto/aesni-intel_asm.S b/arch/x86/crypto/aesni-intel_asm.S -index 3470624..201259d 100644 +index 04b7977..402f223 100644 --- a/arch/x86/crypto/aesni-intel_asm.S +++ b/arch/x86/crypto/aesni-intel_asm.S @@ -31,6 +31,7 @@ @@ -11098,427 +10747,408 @@ index 3470624..201259d 100644 #ifdef __x86_64__ .data -@@ -1436,7 +1437,9 @@ _return_T_done_decrypt: +@@ -1435,6 +1436,7 @@ _return_T_done_decrypt: pop %r14 pop %r13 pop %r12 + pax_force_retaddr 0, 1 ret -+ENDPROC(aesni_gcm_dec) - + ENDPROC(aesni_gcm_dec) - /***************************************************************************** -@@ -1699,7 +1702,9 @@ _return_T_done_encrypt: +@@ -1699,6 +1701,7 @@ _return_T_done_encrypt: pop %r14 pop %r13 pop %r12 + pax_force_retaddr 0, 1 ret -+ENDPROC(aesni_gcm_enc) - - #endif + ENDPROC(aesni_gcm_enc) -@@ -1714,6 +1719,7 @@ _key_expansion_256a: +@@ -1716,6 +1719,7 @@ _key_expansion_256a: pxor %xmm1, %xmm0 movaps %xmm0, (TKEYP) add $0x10, TKEYP + pax_force_retaddr_bts ret - - .align 4 -@@ -1738,6 +1744,7 @@ _key_expansion_192a: + ENDPROC(_key_expansion_128) + ENDPROC(_key_expansion_256a) +@@ -1742,6 +1746,7 @@ _key_expansion_192a: shufps $0b01001110, %xmm2, %xmm1 movaps %xmm1, 0x10(TKEYP) add $0x20, TKEYP + pax_force_retaddr_bts ret + ENDPROC(_key_expansion_192a) - .align 4 -@@ -1757,6 +1764,7 @@ _key_expansion_192b: +@@ -1762,6 +1767,7 @@ _key_expansion_192b: movaps %xmm0, (TKEYP) add $0x10, TKEYP + pax_force_retaddr_bts ret + ENDPROC(_key_expansion_192b) - .align 4 -@@ -1769,6 +1777,7 @@ _key_expansion_256b: +@@ -1775,6 +1781,7 @@ _key_expansion_256b: pxor %xmm1, %xmm2 movaps %xmm2, (TKEYP) add $0x10, TKEYP + pax_force_retaddr_bts ret + ENDPROC(_key_expansion_256b) - /* -@@ -1881,7 +1890,9 @@ ENTRY(aesni_set_key) +@@ -1888,6 +1895,7 @@ ENTRY(aesni_set_key) #ifndef __x86_64__ popl KEYP #endif + pax_force_retaddr 0, 1 ret -+ENDPROC(aesni_set_key) + ENDPROC(aesni_set_key) - /* - * void aesni_enc(struct crypto_aes_ctx *ctx, u8 *dst, const u8 *src) -@@ -1902,7 +1913,9 @@ ENTRY(aesni_enc) +@@ -1910,6 +1918,7 @@ ENTRY(aesni_enc) popl KLEN popl KEYP #endif + pax_force_retaddr 0, 1 ret -+ENDPROC(aesni_enc) + ENDPROC(aesni_enc) - /* - * _aesni_enc1: internal ABI -@@ -1959,6 +1972,7 @@ _aesni_enc1: +@@ -1968,6 +1977,7 @@ _aesni_enc1: AESENC KEY STATE movaps 0x70(TKEYP), KEY AESENCLAST KEY STATE + pax_force_retaddr_bts ret + ENDPROC(_aesni_enc1) - /* -@@ -2067,6 +2081,7 @@ _aesni_enc4: +@@ -2077,6 +2087,7 @@ _aesni_enc4: AESENCLAST KEY STATE2 AESENCLAST KEY STATE3 AESENCLAST KEY STATE4 + pax_force_retaddr_bts ret + ENDPROC(_aesni_enc4) - /* -@@ -2089,7 +2104,9 @@ ENTRY(aesni_dec) +@@ -2100,6 +2111,7 @@ ENTRY(aesni_dec) popl KLEN popl KEYP #endif + pax_force_retaddr 0, 1 ret -+ENDPROC(aesni_dec) + ENDPROC(aesni_dec) - /* - * _aesni_dec1: internal ABI -@@ -2146,6 +2163,7 @@ _aesni_dec1: +@@ -2158,6 +2170,7 @@ _aesni_dec1: AESDEC KEY STATE movaps 0x70(TKEYP), KEY AESDECLAST KEY STATE + pax_force_retaddr_bts ret + ENDPROC(_aesni_dec1) - /* -@@ -2254,6 +2272,7 @@ _aesni_dec4: +@@ -2267,6 +2280,7 @@ _aesni_dec4: AESDECLAST KEY STATE2 AESDECLAST KEY STATE3 AESDECLAST KEY STATE4 + pax_force_retaddr_bts ret + ENDPROC(_aesni_dec4) - /* -@@ -2311,7 +2330,9 @@ ENTRY(aesni_ecb_enc) +@@ -2325,6 +2339,7 @@ ENTRY(aesni_ecb_enc) popl KEYP popl LEN #endif + pax_force_retaddr 0, 1 ret -+ENDPROC(aesni_ecb_enc) + ENDPROC(aesni_ecb_enc) - /* - * void aesni_ecb_dec(struct crypto_aes_ctx *ctx, const u8 *dst, u8 *src, -@@ -2369,7 +2390,9 @@ ENTRY(aesni_ecb_dec) +@@ -2384,6 +2399,7 @@ ENTRY(aesni_ecb_dec) popl KEYP popl LEN #endif + pax_force_retaddr 0, 1 ret -+ENDPROC(aesni_ecb_dec) + ENDPROC(aesni_ecb_dec) - /* - * void aesni_cbc_enc(struct crypto_aes_ctx *ctx, const u8 *dst, u8 *src, -@@ -2410,7 +2433,9 @@ ENTRY(aesni_cbc_enc) +@@ -2426,6 +2442,7 @@ ENTRY(aesni_cbc_enc) popl LEN popl IVP #endif + pax_force_retaddr 0, 1 ret -+ENDPROC(aesni_cbc_enc) + ENDPROC(aesni_cbc_enc) - /* - * void aesni_cbc_dec(struct crypto_aes_ctx *ctx, const u8 *dst, u8 *src, -@@ -2500,7 +2525,9 @@ ENTRY(aesni_cbc_dec) +@@ -2517,6 +2534,7 @@ ENTRY(aesni_cbc_dec) popl LEN popl IVP #endif + pax_force_retaddr 0, 1 ret -+ENDPROC(aesni_cbc_dec) + ENDPROC(aesni_cbc_dec) - #ifdef __x86_64__ - .align 16 -@@ -2526,6 +2553,7 @@ _aesni_inc_init: +@@ -2544,6 +2562,7 @@ _aesni_inc_init: mov $1, TCTR_LOW MOVQ_R64_XMM TCTR_LOW INC MOVQ_R64_XMM CTR TCTR_LOW + pax_force_retaddr_bts ret + ENDPROC(_aesni_inc_init) - /* -@@ -2554,6 +2582,7 @@ _aesni_inc: +@@ -2573,6 +2592,7 @@ _aesni_inc: .Linc_low: movaps CTR, IV PSHUFB_XMM BSWAP_MASK IV + pax_force_retaddr_bts ret + ENDPROC(_aesni_inc) - /* -@@ -2614,5 +2643,7 @@ ENTRY(aesni_ctr_enc) +@@ -2634,6 +2654,7 @@ ENTRY(aesni_ctr_enc) .Lctr_enc_ret: movups IV, (IVP) .Lctr_enc_just_ret: + pax_force_retaddr 0, 1 ret -+ENDPROC(aesni_ctr_enc) + ENDPROC(aesni_ctr_enc) #endif diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S -index 391d245..67f35c2 100644 +index 246c670..4d1ed00 100644 --- a/arch/x86/crypto/blowfish-x86_64-asm_64.S +++ b/arch/x86/crypto/blowfish-x86_64-asm_64.S -@@ -20,6 +20,8 @@ - * +@@ -21,6 +21,7 @@ */ + #include <linux/linkage.h> +#include <asm/alternative-asm.h> -+ + .file "blowfish-x86_64-asm.S" .text - -@@ -151,9 +153,11 @@ __blowfish_enc_blk: - jnz __enc_xor; +@@ -149,9 +150,11 @@ ENTRY(__blowfish_enc_blk) + jnz .L__enc_xor; write_block(); + pax_force_retaddr 0, 1 ret; - __enc_xor: + .L__enc_xor: xor_block(); + pax_force_retaddr 0, 1 ret; + ENDPROC(__blowfish_enc_blk) - .align 8 -@@ -188,6 +192,7 @@ blowfish_dec_blk: +@@ -183,6 +186,7 @@ ENTRY(blowfish_dec_blk) movq %r11, %rbp; + pax_force_retaddr 0, 1 ret; + ENDPROC(blowfish_dec_blk) - /********************************************************************** -@@ -342,6 +347,7 @@ __blowfish_enc_blk_4way: +@@ -334,6 +338,7 @@ ENTRY(__blowfish_enc_blk_4way) popq %rbx; popq %rbp; + pax_force_retaddr 0, 1 ret; - __enc_xor4: -@@ -349,6 +355,7 @@ __enc_xor4: + .L__enc_xor4: +@@ -341,6 +346,7 @@ ENTRY(__blowfish_enc_blk_4way) popq %rbx; popq %rbp; + pax_force_retaddr 0, 1 ret; + ENDPROC(__blowfish_enc_blk_4way) - .align 8 -@@ -386,5 +393,6 @@ blowfish_dec_blk_4way: +@@ -375,5 +381,6 @@ ENTRY(blowfish_dec_blk_4way) popq %rbx; popq %rbp; + pax_force_retaddr 0, 1 ret; - + ENDPROC(blowfish_dec_blk_4way) diff --git a/arch/x86/crypto/camellia-x86_64-asm_64.S b/arch/x86/crypto/camellia-x86_64-asm_64.S -index 0b33743..7a56206 100644 +index 310319c..ce174a4 100644 --- a/arch/x86/crypto/camellia-x86_64-asm_64.S +++ b/arch/x86/crypto/camellia-x86_64-asm_64.S -@@ -20,6 +20,8 @@ - * +@@ -21,6 +21,7 @@ */ + #include <linux/linkage.h> +#include <asm/alternative-asm.h> -+ + .file "camellia-x86_64-asm_64.S" .text - -@@ -229,12 +231,14 @@ __enc_done: +@@ -228,12 +229,14 @@ ENTRY(__camellia_enc_blk) enc_outunpack(mov, RT1); movq RRBP, %rbp; + pax_force_retaddr 0, 1 ret; - __enc_xor: + .L__enc_xor: enc_outunpack(xor, RT1); movq RRBP, %rbp; + pax_force_retaddr 0, 1 ret; + ENDPROC(__camellia_enc_blk) - .global camellia_dec_blk; -@@ -275,6 +279,7 @@ __dec_rounds16: +@@ -272,6 +275,7 @@ ENTRY(camellia_dec_blk) dec_outunpack(); movq RRBP, %rbp; + pax_force_retaddr 0, 1 ret; + ENDPROC(camellia_dec_blk) - /********************************************************************** -@@ -468,6 +473,7 @@ __enc2_done: +@@ -463,6 +467,7 @@ ENTRY(__camellia_enc_blk_2way) movq RRBP, %rbp; popq %rbx; + pax_force_retaddr 0, 1 ret; - __enc2_xor: -@@ -475,6 +481,7 @@ __enc2_xor: + .L__enc2_xor: +@@ -470,6 +475,7 @@ ENTRY(__camellia_enc_blk_2way) movq RRBP, %rbp; popq %rbx; + pax_force_retaddr 0, 1 ret; + ENDPROC(__camellia_enc_blk_2way) - .global camellia_dec_blk_2way; -@@ -517,4 +524,5 @@ __dec2_rounds16: +@@ -510,5 +516,6 @@ ENTRY(camellia_dec_blk_2way) movq RRBP, %rbp; movq RXOR, %rbx; + pax_force_retaddr 0, 1 ret; + ENDPROC(camellia_dec_blk_2way) diff --git a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S -index 15b00ac..2071784 100644 +index c35fd5d..c1ee236 100644 --- a/arch/x86/crypto/cast5-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/cast5-avx-x86_64-asm_64.S -@@ -23,6 +23,8 @@ - * +@@ -24,6 +24,7 @@ */ + #include <linux/linkage.h> +#include <asm/alternative-asm.h> -+ + .file "cast5-avx-x86_64-asm_64.S" - .extern cast_s1 -@@ -281,6 +283,7 @@ __skip_enc: +@@ -281,6 +282,7 @@ __cast5_enc_blk16: outunpack_blocks(RR3, RL3, RTMP, RX, RKM); outunpack_blocks(RR4, RL4, RTMP, RX, RKM); + pax_force_retaddr 0, 1 ret; + ENDPROC(__cast5_enc_blk16) - .align 16 -@@ -353,6 +356,7 @@ __dec_tail: +@@ -352,6 +354,7 @@ __cast5_dec_blk16: outunpack_blocks(RR3, RL3, RTMP, RX, RKM); outunpack_blocks(RR4, RL4, RTMP, RX, RKM); + pax_force_retaddr 0, 1 ret; - __skip_dec: -@@ -392,6 +396,7 @@ cast5_ecb_enc_16way: + .L__skip_dec: +@@ -388,6 +391,7 @@ ENTRY(cast5_ecb_enc_16way) vmovdqu RR4, (6*4*4)(%r11); vmovdqu RL4, (7*4*4)(%r11); + pax_force_retaddr ret; + ENDPROC(cast5_ecb_enc_16way) - .align 16 -@@ -427,6 +432,7 @@ cast5_ecb_dec_16way: +@@ -420,6 +424,7 @@ ENTRY(cast5_ecb_dec_16way) vmovdqu RR4, (6*4*4)(%r11); vmovdqu RL4, (7*4*4)(%r11); + pax_force_retaddr ret; + ENDPROC(cast5_ecb_dec_16way) - .align 16 -@@ -479,6 +485,7 @@ cast5_cbc_dec_16way: +@@ -469,6 +474,7 @@ ENTRY(cast5_cbc_dec_16way) popq %r12; + pax_force_retaddr ret; + ENDPROC(cast5_cbc_dec_16way) - .align 16 -@@ -555,4 +562,5 @@ cast5_ctr_16way: +@@ -542,5 +548,6 @@ ENTRY(cast5_ctr_16way) popq %r12; + pax_force_retaddr ret; + ENDPROC(cast5_ctr_16way) diff --git a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S -index 2569d0d..637c289 100644 +index f93b610..c09bf40 100644 --- a/arch/x86/crypto/cast6-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/cast6-avx-x86_64-asm_64.S -@@ -23,6 +23,8 @@ - * +@@ -24,6 +24,7 @@ */ + #include <linux/linkage.h> +#include <asm/alternative-asm.h> -+ #include "glue_helper-asm-avx.S" .file "cast6-avx-x86_64-asm_64.S" -@@ -294,6 +296,7 @@ __cast6_enc_blk8: +@@ -293,6 +294,7 @@ __cast6_enc_blk8: outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM); outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM); + pax_force_retaddr 0, 1 ret; + ENDPROC(__cast6_enc_blk8) - .align 8 -@@ -340,6 +343,7 @@ __cast6_dec_blk8: +@@ -338,6 +340,7 @@ __cast6_dec_blk8: outunpack_blocks(RA1, RB1, RC1, RD1, RTMP, RX, RKRF, RKM); outunpack_blocks(RA2, RB2, RC2, RD2, RTMP, RX, RKRF, RKM); + pax_force_retaddr 0, 1 ret; + ENDPROC(__cast6_dec_blk8) - .align 8 -@@ -361,6 +365,7 @@ cast6_ecb_enc_8way: +@@ -356,6 +359,7 @@ ENTRY(cast6_ecb_enc_8way) store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + pax_force_retaddr ret; + ENDPROC(cast6_ecb_enc_8way) - .align 8 -@@ -382,6 +387,7 @@ cast6_ecb_dec_8way: +@@ -374,6 +378,7 @@ ENTRY(cast6_ecb_dec_8way) store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + pax_force_retaddr ret; + ENDPROC(cast6_ecb_dec_8way) - .align 8 -@@ -408,6 +414,7 @@ cast6_cbc_dec_8way: +@@ -397,6 +402,7 @@ ENTRY(cast6_cbc_dec_8way) popq %r12; + pax_force_retaddr ret; + ENDPROC(cast6_cbc_dec_8way) - .align 8 -@@ -436,4 +443,5 @@ cast6_ctr_8way: +@@ -422,5 +428,6 @@ ENTRY(cast6_ctr_8way) popq %r12; + pax_force_retaddr ret; + ENDPROC(cast6_ctr_8way) diff --git a/arch/x86/crypto/salsa20-x86_64-asm_64.S b/arch/x86/crypto/salsa20-x86_64-asm_64.S -index 6214a9b..1f4fc9a 100644 +index 9279e0b..9270820 100644 --- a/arch/x86/crypto/salsa20-x86_64-asm_64.S +++ b/arch/x86/crypto/salsa20-x86_64-asm_64.S -@@ -1,3 +1,5 @@ +@@ -1,4 +1,5 @@ + #include <linux/linkage.h> +#include <asm/alternative-asm.h> -+ - # enter ECRYPT_encrypt_bytes - .text - .p2align 5 -@@ -790,6 +792,7 @@ ECRYPT_encrypt_bytes: + + # enter salsa20_encrypt_bytes + ENTRY(salsa20_encrypt_bytes) +@@ -789,6 +790,7 @@ ENTRY(salsa20_encrypt_bytes) add %r11,%rsp mov %rdi,%rax mov %rsi,%rdx @@ -11526,257 +11156,257 @@ index 6214a9b..1f4fc9a 100644 ret # bytesatleast65: ._bytesatleast65: -@@ -891,6 +894,7 @@ ECRYPT_keysetup: +@@ -889,6 +891,7 @@ ENTRY(salsa20_keysetup) add %r11,%rsp mov %rdi,%rax mov %rsi,%rdx + pax_force_retaddr ret - # enter ECRYPT_ivsetup - .text -@@ -917,4 +921,5 @@ ECRYPT_ivsetup: + ENDPROC(salsa20_keysetup) + +@@ -914,5 +917,6 @@ ENTRY(salsa20_ivsetup) add %r11,%rsp mov %rdi,%rax mov %rsi,%rdx + pax_force_retaddr ret + ENDPROC(salsa20_ivsetup) diff --git a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S -index 02b0e9f..cf4cf5c 100644 +index 43c9386..a0e2d60 100644 --- a/arch/x86/crypto/serpent-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/serpent-avx-x86_64-asm_64.S -@@ -24,6 +24,8 @@ - * +@@ -25,6 +25,7 @@ */ + #include <linux/linkage.h> +#include <asm/alternative-asm.h> -+ #include "glue_helper-asm-avx.S" .file "serpent-avx-x86_64-asm_64.S" -@@ -618,6 +620,7 @@ __serpent_enc_blk8_avx: +@@ -617,6 +618,7 @@ __serpent_enc_blk8_avx: write_blocks(RA1, RB1, RC1, RD1, RK0, RK1, RK2); write_blocks(RA2, RB2, RC2, RD2, RK0, RK1, RK2); + pax_force_retaddr ret; + ENDPROC(__serpent_enc_blk8_avx) - .align 8 -@@ -673,6 +676,7 @@ __serpent_dec_blk8_avx: +@@ -671,6 +673,7 @@ __serpent_dec_blk8_avx: write_blocks(RC1, RD1, RB1, RE1, RK0, RK1, RK2); write_blocks(RC2, RD2, RB2, RE2, RK0, RK1, RK2); + pax_force_retaddr ret; + ENDPROC(__serpent_dec_blk8_avx) - .align 8 -@@ -692,6 +696,7 @@ serpent_ecb_enc_8way_avx: +@@ -687,6 +690,7 @@ ENTRY(serpent_ecb_enc_8way_avx) store_8way(%rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + pax_force_retaddr ret; + ENDPROC(serpent_ecb_enc_8way_avx) - .align 8 -@@ -711,6 +716,7 @@ serpent_ecb_dec_8way_avx: +@@ -703,6 +707,7 @@ ENTRY(serpent_ecb_dec_8way_avx) store_8way(%rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2); + pax_force_retaddr ret; + ENDPROC(serpent_ecb_dec_8way_avx) - .align 8 -@@ -730,6 +736,7 @@ serpent_cbc_dec_8way_avx: +@@ -719,6 +724,7 @@ ENTRY(serpent_cbc_dec_8way_avx) store_cbc_8way(%rdx, %rsi, RC1, RD1, RB1, RE1, RC2, RD2, RB2, RE2); + pax_force_retaddr ret; + ENDPROC(serpent_cbc_dec_8way_avx) - .align 8 -@@ -751,4 +758,5 @@ serpent_ctr_8way_avx: +@@ -737,5 +743,6 @@ ENTRY(serpent_ctr_8way_avx) store_ctr_8way(%rdx, %rsi, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + pax_force_retaddr ret; + ENDPROC(serpent_ctr_8way_avx) diff --git a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S -index 3ee1ff0..cbc568b 100644 +index acc066c..1559cc4 100644 --- a/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S +++ b/arch/x86/crypto/serpent-sse2-x86_64-asm_64.S -@@ -24,6 +24,8 @@ - * +@@ -25,6 +25,7 @@ */ + #include <linux/linkage.h> +#include <asm/alternative-asm.h> -+ + .file "serpent-sse2-x86_64-asm_64.S" .text - -@@ -692,12 +694,14 @@ __serpent_enc_blk_8way: +@@ -690,12 +691,14 @@ ENTRY(__serpent_enc_blk_8way) write_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); write_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); + pax_force_retaddr ret; - __enc_xor8: + .L__enc_xor8: xor_blocks(%rsi, RA1, RB1, RC1, RD1, RK0, RK1, RK2); xor_blocks(%rax, RA2, RB2, RC2, RD2, RK0, RK1, RK2); + pax_force_retaddr ret; + ENDPROC(__serpent_enc_blk_8way) - .align 8 -@@ -755,4 +759,5 @@ serpent_dec_blk_8way: +@@ -750,5 +753,6 @@ ENTRY(serpent_dec_blk_8way) write_blocks(%rsi, RC1, RD1, RB1, RE1, RK0, RK1, RK2); write_blocks(%rax, RC2, RD2, RB2, RE2, RK0, RK1, RK2); + pax_force_retaddr ret; + ENDPROC(serpent_dec_blk_8way) diff --git a/arch/x86/crypto/sha1_ssse3_asm.S b/arch/x86/crypto/sha1_ssse3_asm.S -index 49d6987..df66bd4 100644 +index a410950..3356d42 100644 --- a/arch/x86/crypto/sha1_ssse3_asm.S +++ b/arch/x86/crypto/sha1_ssse3_asm.S -@@ -28,6 +28,8 @@ - * (at your option) any later version. +@@ -29,6 +29,7 @@ */ + #include <linux/linkage.h> +#include <asm/alternative-asm.h> -+ + #define CTX %rdi // arg1 #define BUF %rsi // arg2 - #define CNT %rdx // arg3 -@@ -104,6 +106,7 @@ +@@ -104,6 +105,7 @@ pop %r12 pop %rbp pop %rbx + pax_force_retaddr 0, 1 ret - .size \name, .-\name + ENDPROC(\name) diff --git a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S -index ebac16b..8092eb9 100644 +index 8d3e113..898b161 100644 --- a/arch/x86/crypto/twofish-avx-x86_64-asm_64.S +++ b/arch/x86/crypto/twofish-avx-x86_64-asm_64.S -@@ -23,6 +23,8 @@ - * +@@ -24,6 +24,7 @@ */ + #include <linux/linkage.h> +#include <asm/alternative-asm.h> -+ #include "glue_helper-asm-avx.S" .file "twofish-avx-x86_64-asm_64.S" -@@ -283,6 +285,7 @@ __twofish_enc_blk8: +@@ -282,6 +283,7 @@ __twofish_enc_blk8: outunpack_blocks(RC1, RD1, RA1, RB1, RK1, RX0, RY0, RK2); outunpack_blocks(RC2, RD2, RA2, RB2, RK1, RX0, RY0, RK2); + pax_force_retaddr 0, 1 ret; + ENDPROC(__twofish_enc_blk8) - .align 8 -@@ -324,6 +327,7 @@ __twofish_dec_blk8: +@@ -322,6 +324,7 @@ __twofish_dec_blk8: outunpack_blocks(RA1, RB1, RC1, RD1, RK1, RX0, RY0, RK2); outunpack_blocks(RA2, RB2, RC2, RD2, RK1, RX0, RY0, RK2); + pax_force_retaddr 0, 1 ret; + ENDPROC(__twofish_dec_blk8) - .align 8 -@@ -345,6 +349,7 @@ twofish_ecb_enc_8way: +@@ -340,6 +343,7 @@ ENTRY(twofish_ecb_enc_8way) store_8way(%r11, RC1, RD1, RA1, RB1, RC2, RD2, RA2, RB2); + pax_force_retaddr 0, 1 ret; + ENDPROC(twofish_ecb_enc_8way) - .align 8 -@@ -366,6 +371,7 @@ twofish_ecb_dec_8way: +@@ -358,6 +362,7 @@ ENTRY(twofish_ecb_dec_8way) store_8way(%r11, RA1, RB1, RC1, RD1, RA2, RB2, RC2, RD2); + pax_force_retaddr 0, 1 ret; + ENDPROC(twofish_ecb_dec_8way) - .align 8 -@@ -392,6 +398,7 @@ twofish_cbc_dec_8way: +@@ -381,6 +386,7 @@ ENTRY(twofish_cbc_dec_8way) popq %r12; + pax_force_retaddr 0, 1 ret; + ENDPROC(twofish_cbc_dec_8way) - .align 8 -@@ -420,4 +427,5 @@ twofish_ctr_8way: +@@ -406,5 +412,6 @@ ENTRY(twofish_ctr_8way) popq %r12; + pax_force_retaddr 0, 1 ret; + ENDPROC(twofish_ctr_8way) diff --git a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S -index 5b012a2..36d5364 100644 +index 1c3b7ce..b365c5e 100644 --- a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S +++ b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S -@@ -20,6 +20,8 @@ - * +@@ -21,6 +21,7 @@ */ + #include <linux/linkage.h> +#include <asm/alternative-asm.h> -+ + .file "twofish-x86_64-asm-3way.S" .text - -@@ -260,6 +262,7 @@ __twofish_enc_blk_3way: +@@ -258,6 +259,7 @@ ENTRY(__twofish_enc_blk_3way) popq %r13; popq %r14; popq %r15; + pax_force_retaddr 0, 1 ret; - __enc_xor3: -@@ -271,6 +274,7 @@ __enc_xor3: + .L__enc_xor3: +@@ -269,6 +271,7 @@ ENTRY(__twofish_enc_blk_3way) popq %r13; popq %r14; popq %r15; + pax_force_retaddr 0, 1 ret; + ENDPROC(__twofish_enc_blk_3way) - .global twofish_dec_blk_3way -@@ -312,5 +316,6 @@ twofish_dec_blk_3way: +@@ -308,5 +311,6 @@ ENTRY(twofish_dec_blk_3way) popq %r13; popq %r14; popq %r15; + pax_force_retaddr 0, 1 ret; - + ENDPROC(twofish_dec_blk_3way) diff --git a/arch/x86/crypto/twofish-x86_64-asm_64.S b/arch/x86/crypto/twofish-x86_64-asm_64.S -index 7bcf3fc..f53832f 100644 +index a039d21..29e7615 100644 --- a/arch/x86/crypto/twofish-x86_64-asm_64.S +++ b/arch/x86/crypto/twofish-x86_64-asm_64.S -@@ -21,6 +21,7 @@ - .text +@@ -22,6 +22,7 @@ + #include <linux/linkage.h> #include <asm/asm-offsets.h> +#include <asm/alternative-asm.h> #define a_offset 0 #define b_offset 4 -@@ -268,6 +269,7 @@ twofish_enc_blk: +@@ -265,6 +266,7 @@ ENTRY(twofish_enc_blk) popq R1 movq $1,%rax + pax_force_retaddr 0, 1 ret + ENDPROC(twofish_enc_blk) - twofish_dec_blk: -@@ -319,4 +321,5 @@ twofish_dec_blk: +@@ -317,5 +319,6 @@ ENTRY(twofish_dec_blk) popq R1 movq $1,%rax + pax_force_retaddr 0, 1 ret + ENDPROC(twofish_dec_blk) diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c -index a703af1..f5b9c36 100644 +index 03abf9b..a42ba29 100644 --- a/arch/x86/ia32/ia32_aout.c +++ b/arch/x86/ia32/ia32_aout.c @@ -159,6 +159,8 @@ static int aout_core_dump(long signr, struct pt_regs *regs, struct file *file, @@ -11789,10 +11419,10 @@ index a703af1..f5b9c36 100644 set_fs(KERNEL_DS); has_dumped = 1; diff --git a/arch/x86/ia32/ia32_signal.c b/arch/x86/ia32/ia32_signal.c -index a1daf4a..f8c4537 100644 +index cf1a471..3bc4cf8 100644 --- a/arch/x86/ia32/ia32_signal.c +++ b/arch/x86/ia32/ia32_signal.c -@@ -348,7 +348,7 @@ static void __user *get_sigframe(struct k_sigaction *ka, struct pt_regs *regs, +@@ -340,7 +340,7 @@ static void __user *get_sigframe(struct ksignal *ksig, struct pt_regs *regs, sp -= frame_size; /* Align the stack pointer according to the i386 ABI, * i.e. so that on function entry ((sp + 4) & 15) == 0. */ @@ -11801,7 +11431,7 @@ index a1daf4a..f8c4537 100644 return (void __user *) sp; } -@@ -406,7 +406,7 @@ int ia32_setup_frame(int sig, struct k_sigaction *ka, +@@ -398,7 +398,7 @@ int ia32_setup_frame(int sig, struct ksignal *ksig, * These are actually not used anymore, but left because some * gdb versions depend on them as a marker. */ @@ -11810,7 +11440,7 @@ index a1daf4a..f8c4537 100644 } put_user_catch(err); if (err) -@@ -448,7 +448,7 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -440,7 +440,7 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig, 0xb8, __NR_ia32_rt_sigreturn, 0x80cd, @@ -11818,11 +11448,11 @@ index a1daf4a..f8c4537 100644 + 0 }; - frame = get_sigframe(ka, regs, sizeof(*frame), &fpstate); -@@ -471,16 +471,18 @@ int ia32_setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, + frame = get_sigframe(ksig, regs, sizeof(*frame), &fpstate); +@@ -463,16 +463,18 @@ int ia32_setup_rt_frame(int sig, struct ksignal *ksig, - if (ka->sa.sa_flags & SA_RESTORER) - restorer = ka->sa.sa_restorer; + if (ksig->ka.sa.sa_flags & SA_RESTORER) + restorer = ksig->ka.sa.sa_restorer; + else if (current->mm->context.vdso) + /* Return stub is in 32bit vsyscall page */ + restorer = VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn); @@ -11840,9 +11470,9 @@ index a1daf4a..f8c4537 100644 + put_user_ex(*((const u64 *)&code), (u64 __user *)frame->retcode); } put_user_catch(err); - err |= copy_siginfo_to_user32(&frame->info, info); + err |= copy_siginfo_to_user32(&frame->info, &ksig->info); diff --git a/arch/x86/ia32/ia32entry.S b/arch/x86/ia32/ia32entry.S -index 142c4ce..19b683f 100644 +index 474dc1b..be7bff5 100644 --- a/arch/x86/ia32/ia32entry.S +++ b/arch/x86/ia32/ia32entry.S @@ -15,8 +15,10 @@ @@ -11936,7 +11566,7 @@ index 142c4ce..19b683f 100644 32bit zero extended */ + +#ifdef CONFIG_PAX_MEMORY_UDEREF -+ mov $PAX_USER_SHADOW_BASE,%r11 ++ mov pax_user_shadow_base,%r11 + add %r11,%rbp +#endif + @@ -12056,7 +11686,7 @@ index 142c4ce..19b683f 100644 /* hardware stack frame is complete now */ + +#ifdef CONFIG_PAX_MEMORY_UDEREF -+ mov $PAX_USER_SHADOW_BASE,%r11 ++ mov pax_user_shadow_base,%r11 + add %r11,%r8 +#endif + @@ -12154,7 +11784,7 @@ index 142c4ce..19b683f 100644 END(ia32_syscall) diff --git a/arch/x86/ia32/sys_ia32.c b/arch/x86/ia32/sys_ia32.c -index d0b689b..6811ddc 100644 +index ad7a20c..1ffa3c1 100644 --- a/arch/x86/ia32/sys_ia32.c +++ b/arch/x86/ia32/sys_ia32.c @@ -69,8 +69,8 @@ asmlinkage long sys32_ftruncate64(unsigned int fd, unsigned long offset_low, @@ -12168,41 +11798,7 @@ index d0b689b..6811ddc 100644 SET_UID(uid, from_kuid_munged(current_user_ns(), stat->uid)); SET_GID(gid, from_kgid_munged(current_user_ns(), stat->gid)); if (!access_ok(VERIFY_WRITE, ubuf, sizeof(struct stat64)) || -@@ -303,7 +303,7 @@ asmlinkage long sys32_sched_rr_get_interval(compat_pid_t pid, - mm_segment_t old_fs = get_fs(); - - set_fs(KERNEL_DS); -- ret = sys_sched_rr_get_interval(pid, (struct timespec __user *)&t); -+ ret = sys_sched_rr_get_interval(pid, (struct timespec __force_user *)&t); - set_fs(old_fs); - if (put_compat_timespec(&t, interval)) - return -EFAULT; -@@ -313,13 +313,13 @@ asmlinkage long sys32_sched_rr_get_interval(compat_pid_t pid, - asmlinkage long sys32_rt_sigpending(compat_sigset_t __user *set, - compat_size_t sigsetsize) - { -- sigset_t s; -+ sigset_t s = { }; - compat_sigset_t s32; - int ret; - mm_segment_t old_fs = get_fs(); - - set_fs(KERNEL_DS); -- ret = sys_rt_sigpending((sigset_t __user *)&s, sigsetsize); -+ ret = sys_rt_sigpending((sigset_t __force_user *)&s, sigsetsize); - set_fs(old_fs); - if (!ret) { - switch (_NSIG_WORDS) { -@@ -344,7 +344,7 @@ asmlinkage long sys32_rt_sigqueueinfo(int pid, int sig, - if (copy_siginfo_from_user32(&info, uinfo)) - return -EFAULT; - set_fs(KERNEL_DS); -- ret = sys_rt_sigqueueinfo(pid, sig, (siginfo_t __user *)&info); -+ ret = sys_rt_sigqueueinfo(pid, sig, (siginfo_t __force_user *)&info); - set_fs(old_fs); - return ret; - } -@@ -376,7 +376,7 @@ asmlinkage long sys32_sendfile(int out_fd, int in_fd, +@@ -205,7 +205,7 @@ asmlinkage long sys32_sendfile(int out_fd, int in_fd, return -EFAULT; set_fs(KERNEL_DS); @@ -13423,10 +13019,10 @@ index 59c6c40..5e0b22c 100644 struct compat_timespec { compat_time_t tv_sec; diff --git a/arch/x86/include/asm/cpufeature.h b/arch/x86/include/asm/cpufeature.h -index 2d9075e..b75a844 100644 +index 93fe929..90858b7 100644 --- a/arch/x86/include/asm/cpufeature.h +++ b/arch/x86/include/asm/cpufeature.h -@@ -206,7 +206,7 @@ +@@ -207,7 +207,7 @@ #define X86_FEATURE_BMI1 (9*32+ 3) /* 1st group bit manipulation extensions */ #define X86_FEATURE_HLE (9*32+ 4) /* Hardware Lock Elision */ #define X86_FEATURE_AVX2 (9*32+ 5) /* AVX2 instructions */ @@ -13435,7 +13031,7 @@ index 2d9075e..b75a844 100644 #define X86_FEATURE_BMI2 (9*32+ 8) /* 2nd group bit manipulation extensions */ #define X86_FEATURE_ERMS (9*32+ 9) /* Enhanced REP MOVSB/STOSB */ #define X86_FEATURE_INVPCID (9*32+10) /* Invalidate Processor Context ID */ -@@ -375,7 +375,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) +@@ -377,7 +377,7 @@ static __always_inline __pure bool __static_cpu_has(u16 bit) ".section .discard,\"aw\",@progbits\n" " .byte 0xff + (4f-3f) - (2b-1b)\n" /* size check */ ".previous\n" @@ -13758,10 +13354,10 @@ index 75ce3f4..882e801 100644 #endif /* _ASM_X86_EMERGENCY_RESTART_H */ diff --git a/arch/x86/include/asm/fpu-internal.h b/arch/x86/include/asm/fpu-internal.h -index 41ab26e..a88c9e6 100644 +index e25cc33..425d099 100644 --- a/arch/x86/include/asm/fpu-internal.h +++ b/arch/x86/include/asm/fpu-internal.h -@@ -126,7 +126,9 @@ static inline void sanitize_i387_state(struct task_struct *tsk) +@@ -127,7 +127,9 @@ static inline void sanitize_i387_state(struct task_struct *tsk) ({ \ int err; \ asm volatile(ASM_STAC "\n" \ @@ -13772,7 +13368,7 @@ index 41ab26e..a88c9e6 100644 "2: " ASM_CLAC "\n" \ ".section .fixup,\"ax\"\n" \ "3: movl $-1,%[err]\n" \ -@@ -299,7 +301,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk) +@@ -300,7 +302,7 @@ static inline int restore_fpu_checking(struct task_struct *tsk) "emms\n\t" /* clear stack tags */ "fildl %P[addr]", /* set F?P to defined value */ X86_FEATURE_FXSAVE_LEAK, @@ -13852,10 +13448,10 @@ index be27ba1..8f13ff9 100644 : "memory" ); diff --git a/arch/x86/include/asm/hw_irq.h b/arch/x86/include/asm/hw_irq.h -index eb92a6e..b98b2f4 100644 +index 10a78c3..cc77143 100644 --- a/arch/x86/include/asm/hw_irq.h +++ b/arch/x86/include/asm/hw_irq.h -@@ -136,8 +136,8 @@ extern void setup_ioapic_dest(void); +@@ -147,8 +147,8 @@ extern void setup_ioapic_dest(void); extern void enable_IO_APIC(void); /* Statistics */ @@ -13944,7 +13540,7 @@ index bba3cf8..06bc8da 100644 #define INTERRUPT_RETURN iret #define ENABLE_INTERRUPTS_SYSEXIT sti; sysexit diff --git a/arch/x86/include/asm/kprobes.h b/arch/x86/include/asm/kprobes.h -index d3ddd17..c9fb0cc 100644 +index 5a6d287..f815789 100644 --- a/arch/x86/include/asm/kprobes.h +++ b/arch/x86/include/asm/kprobes.h @@ -38,13 +38,8 @@ typedef u8 kprobe_opcode_t; @@ -14422,19 +14018,19 @@ index c0fa356..07a498a 100644 void unregister_nmi_handler(unsigned int, const char *); -diff --git a/arch/x86/include/asm/page_64_types.h b/arch/x86/include/asm/page_64_types.h -index 320f7bb..e89f8f8 100644 ---- a/arch/x86/include/asm/page_64_types.h -+++ b/arch/x86/include/asm/page_64_types.h -@@ -56,7 +56,7 @@ void copy_page(void *to, void *from); +diff --git a/arch/x86/include/asm/page_64.h b/arch/x86/include/asm/page_64.h +index 0f1ddee..e56bec9 100644 +--- a/arch/x86/include/asm/page_64.h ++++ b/arch/x86/include/asm/page_64.h +@@ -7,7 +7,7 @@ /* duplicated to the one in bootmem.h */ extern unsigned long max_pfn; -extern unsigned long phys_base; +extern const unsigned long phys_base; - extern unsigned long __phys_addr(unsigned long); - #define __phys_reloc_hide(x) (x) + static inline unsigned long __phys_addr_nodebug(unsigned long x) + { diff --git a/arch/x86/include/asm/paravirt.h b/arch/x86/include/asm/paravirt.h index 7361e47..16dc226 100644 --- a/arch/x86/include/asm/paravirt.h @@ -14680,7 +14276,7 @@ index 4cc9f2b..5fd9226 100644 /* diff --git a/arch/x86/include/asm/pgtable.h b/arch/x86/include/asm/pgtable.h -index 1c1a955..50f828c 100644 +index 1e67223..9183226 100644 --- a/arch/x86/include/asm/pgtable.h +++ b/arch/x86/include/asm/pgtable.h @@ -44,6 +44,7 @@ extern struct mm_struct *pgd_page_get_mm(struct page *page); @@ -14788,9 +14384,9 @@ index 1c1a955..50f828c 100644 +#endif + #include <linux/mm_types.h> + #include <linux/log2.h> - static inline int pte_none(pte_t pte) -@@ -583,7 +652,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) +@@ -584,7 +653,7 @@ static inline pud_t *pud_offset(pgd_t *pgd, unsigned long address) static inline int pgd_bad(pgd_t pgd) { @@ -14799,7 +14395,7 @@ index 1c1a955..50f828c 100644 } static inline int pgd_none(pgd_t pgd) -@@ -606,7 +675,12 @@ static inline int pgd_none(pgd_t pgd) +@@ -607,7 +676,12 @@ static inline int pgd_none(pgd_t pgd) * pgd_offset() returns a (pgd_t *) * pgd_index() is used get the offset into the pgd page's array of pgd_t's; */ @@ -14813,7 +14409,7 @@ index 1c1a955..50f828c 100644 /* * a shortcut which implies the use of the kernel's pgd, instead * of a process's -@@ -617,6 +691,20 @@ static inline int pgd_none(pgd_t pgd) +@@ -618,6 +692,22 @@ static inline int pgd_none(pgd_t pgd) #define KERNEL_PGD_BOUNDARY pgd_index(PAGE_OFFSET) #define KERNEL_PGD_PTRS (PTRS_PER_PGD - KERNEL_PGD_BOUNDARY) @@ -14824,9 +14420,11 @@ index 1c1a955..50f828c 100644 +#define USER_PGD_PTRS (_AC(1,UL) << (TASK_SIZE_MAX_SHIFT - PGDIR_SHIFT)) + +#ifdef CONFIG_PAX_MEMORY_UDEREF -+#define PAX_USER_SHADOW_BASE (_AC(1,UL) << TASK_SIZE_MAX_SHIFT) ++#ifdef __ASSEMBLY__ ++#define pax_user_shadow_base pax_user_shadow_base(%rip) +#else -+#define PAX_USER_SHADOW_BASE (_AC(0,UL)) ++extern unsigned long pax_user_shadow_base; ++#endif +#endif + +#endif @@ -14834,7 +14432,7 @@ index 1c1a955..50f828c 100644 #ifndef __ASSEMBLY__ extern int direct_gbpages; -@@ -781,11 +869,23 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, +@@ -784,11 +874,24 @@ static inline void pmdp_set_wrprotect(struct mm_struct *mm, * dst and src can be on the same page, but the range must not overlap, * and must not cross a page boundary. */ @@ -14857,11 +14455,12 @@ index 1c1a955..50f828c 100644 +#else +static inline void __shadow_user_pgds(pgd_t *dst, const pgd_t *src) {} +#endif - - #include <asm-generic/pgtable.h> - #endif /* __ASSEMBLY__ */ ++ + #define PTE_SHIFT ilog2(PTRS_PER_PTE) + static inline int page_level_shift(enum pg_level level) + { diff --git a/arch/x86/include/asm/pgtable_32.h b/arch/x86/include/asm/pgtable_32.h -index 8faa215..a8a17ea 100644 +index 9ee3221..b979c6b 100644 --- a/arch/x86/include/asm/pgtable_32.h +++ b/arch/x86/include/asm/pgtable_32.h @@ -25,9 +25,6 @@ @@ -14887,7 +14486,7 @@ index 8faa215..a8a17ea 100644 #if defined(CONFIG_HIGHPTE) #define pte_offset_map(dir, address) \ ((pte_t *)kmap_atomic(pmd_page(*(dir))) + \ -@@ -62,7 +65,9 @@ extern void set_pmd_pfn(unsigned long, unsigned long, pgprot_t); +@@ -62,12 +65,17 @@ extern void set_pmd_pfn(unsigned long, unsigned long, pgprot_t); /* Clear a kernel PTE and flush it from the TLB */ #define kpte_clear_flush(ptep, vaddr) \ do { \ @@ -14897,8 +14496,6 @@ index 8faa215..a8a17ea 100644 __flush_tlb_one((vaddr)); \ } while (0) -@@ -75,6 +80,9 @@ do { \ - #endif /* !__ASSEMBLY__ */ +#define HAVE_ARCH_UNMAPPED_AREA @@ -14941,7 +14538,7 @@ index ed5903b..c7fe163 100644 #define MODULES_END VMALLOC_END #define MODULES_LEN (MODULES_VADDR - MODULES_END) diff --git a/arch/x86/include/asm/pgtable_64.h b/arch/x86/include/asm/pgtable_64.h -index 47356f9..deb94a2 100644 +index e22c1db..23a625a 100644 --- a/arch/x86/include/asm/pgtable_64.h +++ b/arch/x86/include/asm/pgtable_64.h @@ -16,10 +16,14 @@ @@ -14996,10 +14593,10 @@ index 47356f9..deb94a2 100644 } diff --git a/arch/x86/include/asm/pgtable_64_types.h b/arch/x86/include/asm/pgtable_64_types.h -index 766ea16..5b96cb3 100644 +index 2d88344..4679fc3 100644 --- a/arch/x86/include/asm/pgtable_64_types.h +++ b/arch/x86/include/asm/pgtable_64_types.h -@@ -59,5 +59,10 @@ typedef struct { pteval_t pte; } pte_t; +@@ -61,6 +61,11 @@ typedef struct { pteval_t pte; } pte_t; #define MODULES_VADDR _AC(0xffffffffa0000000, UL) #define MODULES_END _AC(0xffffffffff000000, UL) #define MODULES_LEN (MODULES_END - MODULES_VADDR) @@ -15009,9 +14606,10 @@ index 766ea16..5b96cb3 100644 +#define ktla_ktva(addr) (addr) +#define ktva_ktla(addr) (addr) - #endif /* _ASM_X86_PGTABLE_64_DEFS_H */ + #define EARLY_DYNAMIC_PAGE_TABLES 64 + diff --git a/arch/x86/include/asm/pgtable_types.h b/arch/x86/include/asm/pgtable_types.h -index 3c32db8..1ddccf5 100644 +index 567b5d0..bd91d64 100644 --- a/arch/x86/include/asm/pgtable_types.h +++ b/arch/x86/include/asm/pgtable_types.h @@ -16,13 +16,12 @@ @@ -15126,10 +14724,10 @@ index 3c32db8..1ddccf5 100644 #define pgprot_writecombine pgprot_writecombine extern pgprot_t pgprot_writecombine(pgprot_t prot); diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h -index 888184b..a07ac89 100644 +index 3270116..8d99d82 100644 --- a/arch/x86/include/asm/processor.h +++ b/arch/x86/include/asm/processor.h -@@ -287,7 +287,7 @@ struct tss_struct { +@@ -285,7 +285,7 @@ struct tss_struct { } ____cacheline_aligned; @@ -15138,7 +14736,7 @@ index 888184b..a07ac89 100644 /* * Save the original ist values for checking stack pointers during debugging -@@ -827,11 +827,18 @@ static inline void spin_lock_prefetch(const void *x) +@@ -826,11 +826,18 @@ static inline void spin_lock_prefetch(const void *x) */ #define TASK_SIZE PAGE_OFFSET #define TASK_SIZE_MAX TASK_SIZE @@ -15159,7 +14757,7 @@ index 888184b..a07ac89 100644 .vm86_info = NULL, \ .sysenter_cs = __KERNEL_CS, \ .io_bitmap_ptr = NULL, \ -@@ -845,7 +852,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -844,7 +851,7 @@ static inline void spin_lock_prefetch(const void *x) */ #define INIT_TSS { \ .x86_tss = { \ @@ -15168,7 +14766,7 @@ index 888184b..a07ac89 100644 .ss0 = __KERNEL_DS, \ .ss1 = __KERNEL_CS, \ .io_bitmap_base = INVALID_IO_BITMAP_OFFSET, \ -@@ -856,11 +863,7 @@ static inline void spin_lock_prefetch(const void *x) +@@ -855,11 +862,7 @@ static inline void spin_lock_prefetch(const void *x) extern unsigned long thread_saved_pc(struct task_struct *tsk); #define THREAD_SIZE_LONGS (THREAD_SIZE/sizeof(unsigned long)) @@ -15181,7 +14779,7 @@ index 888184b..a07ac89 100644 /* * The below -8 is to reserve 8 bytes on top of the ring0 stack. -@@ -875,7 +878,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -874,7 +877,7 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define task_pt_regs(task) \ ({ \ struct pt_regs *__regs__; \ @@ -15190,7 +14788,7 @@ index 888184b..a07ac89 100644 __regs__ - 1; \ }) -@@ -885,13 +888,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -884,13 +887,13 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); /* * User space process size. 47bits minus one guard page. */ @@ -15206,7 +14804,7 @@ index 888184b..a07ac89 100644 #define TASK_SIZE (test_thread_flag(TIF_ADDR32) ? \ IA32_PAGE_OFFSET : TASK_SIZE_MAX) -@@ -902,11 +905,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); +@@ -901,11 +904,11 @@ extern unsigned long thread_saved_pc(struct task_struct *tsk); #define STACK_TOP_MAX TASK_SIZE_MAX #define INIT_THREAD { \ @@ -15220,7 +14818,7 @@ index 888184b..a07ac89 100644 } /* -@@ -934,6 +937,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, +@@ -933,6 +936,10 @@ extern void start_thread(struct pt_regs *regs, unsigned long new_ip, */ #define TASK_UNMAPPED_BASE (PAGE_ALIGN(TASK_SIZE / 3)) @@ -15231,7 +14829,7 @@ index 888184b..a07ac89 100644 #define KSTK_EIP(task) (task_pt_regs(task)->ip) /* Get/set a process' ability to use the timestamp counter instruction */ -@@ -994,12 +1001,12 @@ extern bool cpu_has_amd_erratum(const int *); +@@ -993,7 +1000,7 @@ extern bool cpu_has_amd_erratum(const int *); #define cpu_has_amd_erratum(x) (false) #endif /* CONFIG_CPU_SUP_AMD */ @@ -15240,7 +14838,9 @@ index 888184b..a07ac89 100644 extern void free_init_pages(char *what, unsigned long begin, unsigned long end); void default_idle(void); - bool set_pm_idle_to_default(void); +@@ -1003,6 +1010,6 @@ bool xen_set_default_idle(void); + #define xen_set_default_idle 0 + #endif -void stop_this_cpu(void *dummy); +void stop_this_cpu(void *dummy) __noreturn; @@ -15321,7 +14921,7 @@ index 942a086..6c26446 100644 return *(unsigned long *)((unsigned long)regs + offset); } diff --git a/arch/x86/include/asm/realmode.h b/arch/x86/include/asm/realmode.h -index fe1ec5b..dc5c3fe 100644 +index 9c6b890..5305f53 100644 --- a/arch/x86/include/asm/realmode.h +++ b/arch/x86/include/asm/realmode.h @@ -22,16 +22,14 @@ struct real_mode_header { @@ -15767,7 +15367,7 @@ index 4ec45b3..a4f0a8a 100644 __switch_canary_iparam \ : "memory", "cc" __EXTRA_CLOBBER) diff --git a/arch/x86/include/asm/thread_info.h b/arch/x86/include/asm/thread_info.h -index 2d946e6..e453ec4 100644 +index 2cd056e..0224df8 100644 --- a/arch/x86/include/asm/thread_info.h +++ b/arch/x86/include/asm/thread_info.h @@ -10,6 +10,7 @@ @@ -15778,7 +15378,7 @@ index 2d946e6..e453ec4 100644 /* * low level task data that entry.S needs immediate access to -@@ -24,7 +25,6 @@ struct exec_domain; +@@ -23,7 +24,6 @@ struct exec_domain; #include <linux/atomic.h> struct thread_info { @@ -15786,7 +15386,7 @@ index 2d946e6..e453ec4 100644 struct exec_domain *exec_domain; /* execution domain */ __u32 flags; /* low level flags */ __u32 status; /* thread synchronous flags */ -@@ -34,19 +34,13 @@ struct thread_info { +@@ -33,19 +33,13 @@ struct thread_info { mm_segment_t addr_limit; struct restart_block restart_block; void __user *sysenter_return; @@ -15808,7 +15408,7 @@ index 2d946e6..e453ec4 100644 .exec_domain = &default_exec_domain, \ .flags = 0, \ .cpu = 0, \ -@@ -57,7 +51,7 @@ struct thread_info { +@@ -56,7 +50,7 @@ struct thread_info { }, \ } @@ -15817,7 +15417,7 @@ index 2d946e6..e453ec4 100644 #define init_stack (init_thread_union.stack) #else /* !__ASSEMBLY__ */ -@@ -98,6 +92,7 @@ struct thread_info { +@@ -97,6 +91,7 @@ struct thread_info { #define TIF_SYSCALL_TRACEPOINT 28 /* syscall tracepoint instrumentation */ #define TIF_ADDR32 29 /* 32-bit address space on 64 bits */ #define TIF_X32 30 /* 32-bit native x86-64 binary */ @@ -15825,7 +15425,7 @@ index 2d946e6..e453ec4 100644 #define _TIF_SYSCALL_TRACE (1 << TIF_SYSCALL_TRACE) #define _TIF_NOTIFY_RESUME (1 << TIF_NOTIFY_RESUME) -@@ -122,17 +117,18 @@ struct thread_info { +@@ -121,17 +116,18 @@ struct thread_info { #define _TIF_SYSCALL_TRACEPOINT (1 << TIF_SYSCALL_TRACEPOINT) #define _TIF_ADDR32 (1 << TIF_ADDR32) #define _TIF_X32 (1 << TIF_X32) @@ -15846,7 +15446,7 @@ index 2d946e6..e453ec4 100644 /* work to do on interrupt/exception return */ #define _TIF_WORK_MASK \ -@@ -143,7 +139,7 @@ struct thread_info { +@@ -142,7 +138,7 @@ struct thread_info { /* work to do on any return to user space */ #define _TIF_ALLWORK_MASK \ ((0x0000FFFF & ~_TIF_SECCOMP) | _TIF_SYSCALL_TRACEPOINT | \ @@ -15855,7 +15455,7 @@ index 2d946e6..e453ec4 100644 /* Only used for 64 bit */ #define _TIF_DO_NOTIFY_MASK \ -@@ -159,45 +155,40 @@ struct thread_info { +@@ -158,45 +154,40 @@ struct thread_info { #define PREEMPT_ACTIVE 0x10000000 @@ -15926,7 +15526,7 @@ index 2d946e6..e453ec4 100644 /* * macros/functions for gaining access to the thread information structure * preempt_count needs to be 1 initially, until the scheduler is functional. -@@ -205,27 +196,8 @@ static inline struct thread_info *current_thread_info(void) +@@ -204,27 +195,8 @@ static inline struct thread_info *current_thread_info(void) #ifndef __ASSEMBLY__ DECLARE_PER_CPU(unsigned long, kernel_stack); @@ -15956,7 +15556,7 @@ index 2d946e6..e453ec4 100644 #endif #endif /* !X86_32 */ -@@ -286,5 +258,12 @@ static inline bool is_ia32_task(void) +@@ -285,5 +257,12 @@ static inline bool is_ia32_task(void) extern void arch_task_cache_init(void); extern int arch_dup_task_struct(struct task_struct *dst, struct task_struct *src); extern void arch_release_task_struct(struct task_struct *tsk); @@ -15970,7 +15570,7 @@ index 2d946e6..e453ec4 100644 #endif #endif /* _ASM_X86_THREAD_INFO_H */ diff --git a/arch/x86/include/asm/uaccess.h b/arch/x86/include/asm/uaccess.h -index 1709801..0a60f2f 100644 +index 5ee2687..70d5895 100644 --- a/arch/x86/include/asm/uaccess.h +++ b/arch/x86/include/asm/uaccess.h @@ -7,6 +7,7 @@ @@ -16030,7 +15630,7 @@ index 1709801..0a60f2f 100644 /* * The exception table consists of pairs of addresses relative to the -@@ -189,13 +220,21 @@ extern int __get_user_bad(void); +@@ -176,13 +207,21 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) asm volatile("call __put_user_" #size : "=a" (__ret_pu) \ : "0" ((typeof(*(ptr)))(x)), "c" (ptr) : "ebx") @@ -16055,7 +15655,7 @@ index 1709801..0a60f2f 100644 "3: " ASM_CLAC "\n" \ ".section .fixup,\"ax\"\n" \ "4: movl %3,%0\n" \ -@@ -208,8 +247,8 @@ extern int __get_user_bad(void); +@@ -195,8 +234,8 @@ __typeof__(__builtin_choose_expr(sizeof(x) > sizeof(0UL), 0ULL, 0UL)) #define __put_user_asm_ex_u64(x, addr) \ asm volatile(ASM_STAC "\n" \ @@ -16066,7 +15666,7 @@ index 1709801..0a60f2f 100644 "3: " ASM_CLAC "\n" \ _ASM_EXTABLE_EX(1b, 2b) \ _ASM_EXTABLE_EX(2b, 3b) \ -@@ -259,7 +298,7 @@ extern void __put_user_8(void); +@@ -246,7 +285,7 @@ extern void __put_user_8(void); __typeof__(*(ptr)) __pu_val; \ __chk_user_ptr(ptr); \ might_fault(); \ @@ -16075,7 +15675,7 @@ index 1709801..0a60f2f 100644 switch (sizeof(*(ptr))) { \ case 1: \ __put_user_x(1, __pu_val, ptr, __ret_pu); \ -@@ -358,7 +397,7 @@ do { \ +@@ -345,7 +384,7 @@ do { \ #define __get_user_asm(x, addr, err, itype, rtype, ltype, errret) \ asm volatile(ASM_STAC "\n" \ @@ -16084,7 +15684,7 @@ index 1709801..0a60f2f 100644 "2: " ASM_CLAC "\n" \ ".section .fixup,\"ax\"\n" \ "3: mov %3,%0\n" \ -@@ -366,7 +405,7 @@ do { \ +@@ -353,7 +392,7 @@ do { \ " jmp 2b\n" \ ".previous\n" \ _ASM_EXTABLE(1b, 3b) \ @@ -16093,7 +15693,7 @@ index 1709801..0a60f2f 100644 : "m" (__m(addr)), "i" (errret), "0" (err)) #define __get_user_size_ex(x, ptr, size) \ -@@ -391,7 +430,7 @@ do { \ +@@ -378,7 +417,7 @@ do { \ } while (0) #define __get_user_asm_ex(x, addr, itype, rtype, ltype) \ @@ -16102,7 +15702,7 @@ index 1709801..0a60f2f 100644 "2:\n" \ _ASM_EXTABLE_EX(1b, 2b) \ : ltype(x) : "m" (__m(addr))) -@@ -408,13 +447,24 @@ do { \ +@@ -395,13 +434,24 @@ do { \ int __gu_err; \ unsigned long __gu_val; \ __get_user_size(__gu_val, (ptr), (size), __gu_err, -EFAULT); \ @@ -16118,9 +15718,9 @@ index 1709801..0a60f2f 100644 +#define ____m(x) \ +({ \ + unsigned long ____x = (unsigned long)(x); \ -+ if (____x < PAX_USER_SHADOW_BASE) \ -+ ____x += PAX_USER_SHADOW_BASE; \ -+ (void __user *)____x; \ ++ if (____x < pax_user_shadow_base) \ ++ ____x += pax_user_shadow_base; \ ++ (typeof(x))____x; \ +}) +#else +#define ____m(x) (x) @@ -16129,7 +15729,7 @@ index 1709801..0a60f2f 100644 /* * Tell gcc we read from memory instead of writing: this is because -@@ -423,7 +473,7 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -410,7 +460,7 @@ struct __large_struct { unsigned long buf[100]; }; */ #define __put_user_asm(x, addr, err, itype, rtype, ltype, errret) \ asm volatile(ASM_STAC "\n" \ @@ -16138,7 +15738,7 @@ index 1709801..0a60f2f 100644 "2: " ASM_CLAC "\n" \ ".section .fixup,\"ax\"\n" \ "3: mov %3,%0\n" \ -@@ -431,10 +481,10 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -418,10 +468,10 @@ struct __large_struct { unsigned long buf[100]; }; ".previous\n" \ _ASM_EXTABLE(1b, 3b) \ : "=r"(err) \ @@ -16151,7 +15751,7 @@ index 1709801..0a60f2f 100644 "2:\n" \ _ASM_EXTABLE_EX(1b, 2b) \ : : ltype(x), "m" (__m(addr))) -@@ -473,8 +523,12 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -460,8 +510,12 @@ struct __large_struct { unsigned long buf[100]; }; * On error, the variable @x is set to zero. */ @@ -16164,7 +15764,7 @@ index 1709801..0a60f2f 100644 /** * __put_user: - Write a simple value into user space, with less checking. -@@ -496,8 +550,12 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -483,8 +537,12 @@ struct __large_struct { unsigned long buf[100]; }; * Returns zero on success, or -EFAULT on error. */ @@ -16177,7 +15777,7 @@ index 1709801..0a60f2f 100644 #define __get_user_unaligned __get_user #define __put_user_unaligned __put_user -@@ -515,7 +573,7 @@ struct __large_struct { unsigned long buf[100]; }; +@@ -502,7 +560,7 @@ struct __large_struct { unsigned long buf[100]; }; #define get_user_ex(x, ptr) do { \ unsigned long __gue_val; \ __get_user_size_ex((__gue_val), (ptr), (sizeof(*(ptr)))); \ @@ -16186,7 +15786,7 @@ index 1709801..0a60f2f 100644 } while (0) #define put_user_try uaccess_try -@@ -532,8 +590,8 @@ strncpy_from_user(char *dst, const char __user *src, long count); +@@ -519,8 +577,8 @@ strncpy_from_user(char *dst, const char __user *src, long count); extern __must_check long strlen_user(const char __user *str); extern __must_check long strnlen_user(const char __user *str, long n); @@ -16783,10 +16383,10 @@ index 5b238981..77fdd78 100644 #define WORD_AT_A_TIME_CONSTANTS { REPEAT_BYTE(0x01), REPEAT_BYTE(0x80) } diff --git a/arch/x86/include/asm/x86_init.h b/arch/x86/include/asm/x86_init.h -index 5769349..a3d3e2a 100644 +index d8d9922..bf6cecb 100644 --- a/arch/x86/include/asm/x86_init.h +++ b/arch/x86/include/asm/x86_init.h -@@ -141,7 +141,7 @@ struct x86_init_ops { +@@ -129,7 +129,7 @@ struct x86_init_ops { struct x86_init_timers timers; struct x86_init_iommu iommu; struct x86_init_pci pci; @@ -16795,7 +16395,7 @@ index 5769349..a3d3e2a 100644 /** * struct x86_cpuinit_ops - platform specific cpu hotplug setups -@@ -152,7 +152,7 @@ struct x86_cpuinit_ops { +@@ -140,7 +140,7 @@ struct x86_cpuinit_ops { void (*setup_percpu_clockev)(void); void (*early_percpu_clock_init)(void); void (*fixup_cpu_id)(struct cpuinfo_x86 *c, int node); @@ -16804,7 +16404,7 @@ index 5769349..a3d3e2a 100644 /** * struct x86_platform_ops - platform specific runtime functions -@@ -178,7 +178,7 @@ struct x86_platform_ops { +@@ -166,7 +166,7 @@ struct x86_platform_ops { void (*save_sched_clock_state)(void); void (*restore_sched_clock_state)(void); void (*apic_post_init)(void); @@ -16812,19 +16412,20 @@ index 5769349..a3d3e2a 100644 +} __no_const; struct pci_dev; - -@@ -187,14 +187,14 @@ struct x86_msi_ops { - void (*teardown_msi_irq)(unsigned int irq); + struct msi_msg; +@@ -180,7 +180,7 @@ struct x86_msi_ops { void (*teardown_msi_irqs)(struct pci_dev *dev); void (*restore_msi_irqs)(struct pci_dev *dev, int irq); + int (*setup_hpet_msi)(unsigned int irq, unsigned int id); -}; +} __no_const; - struct x86_io_apic_ops { - void (*init) (void); - unsigned int (*read) (unsigned int apic, unsigned int reg); - void (*write) (unsigned int apic, unsigned int reg, unsigned int value); - void (*modify)(unsigned int apic, unsigned int reg, unsigned int value); + struct IO_APIC_route_entry; + struct io_apic_irq_attr; +@@ -201,7 +201,7 @@ struct x86_io_apic_ops { + unsigned int destination, int vector, + struct io_apic_irq_attr *attr); + void (*eoi_ioapic_pin)(int apic, int pin, int vector); -}; +} __no_const; @@ -16876,7 +16477,7 @@ index bbae024..e1528f9 100644 #define BIOS_ROM_BASE 0xffe00000 diff --git a/arch/x86/kernel/Makefile b/arch/x86/kernel/Makefile -index 34e923a..0c6bb6e 100644 +index 7bd3bd3..5dac791 100644 --- a/arch/x86/kernel/Makefile +++ b/arch/x86/kernel/Makefile @@ -22,7 +22,7 @@ obj-y += time.o ioport.o ldt.o dumpstack.o nmi.o @@ -16889,10 +16490,10 @@ index 34e923a..0c6bb6e 100644 obj-y += syscall_$(BITS).o obj-$(CONFIG_X86_64) += vsyscall_64.o diff --git a/arch/x86/kernel/acpi/boot.c b/arch/x86/kernel/acpi/boot.c -index bacf4b0..4ede72e 100644 +index 230c8ea..f915130 100644 --- a/arch/x86/kernel/acpi/boot.c +++ b/arch/x86/kernel/acpi/boot.c -@@ -1358,7 +1358,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d) +@@ -1361,7 +1361,7 @@ static int __init dmi_ignore_irq0_timer_override(const struct dmi_system_id *d) * If your system is blacklisted here, but you find that acpi=force * works for you, please contact linux-acpi@vger.kernel.org */ @@ -16901,7 +16502,7 @@ index bacf4b0..4ede72e 100644 /* * Boxes that need ACPI disabled */ -@@ -1433,7 +1433,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = { +@@ -1436,7 +1436,7 @@ static struct dmi_system_id __initdata acpi_dmi_table[] = { }; /* second table for DMI checks that should run after early-quirks */ @@ -16911,7 +16512,7 @@ index bacf4b0..4ede72e 100644 * HP laptops which use a DSDT reporting as HP/SB400/10000, * which includes some code which overrides all temperature diff --git a/arch/x86/kernel/acpi/sleep.c b/arch/x86/kernel/acpi/sleep.c -index d5e0d71..6533e08 100644 +index 0532f5d..36afc0a 100644 --- a/arch/x86/kernel/acpi/sleep.c +++ b/arch/x86/kernel/acpi/sleep.c @@ -74,8 +74,12 @@ int acpi_suspend_lowlevel(void) @@ -17085,7 +16686,7 @@ index ef5ccca..bd83949 100644 } diff --git a/arch/x86/kernel/apic/apic.c b/arch/x86/kernel/apic/apic.c -index cbf5121..812b537 100644 +index 904611b..004dde6 100644 --- a/arch/x86/kernel/apic/apic.c +++ b/arch/x86/kernel/apic/apic.c @@ -189,7 +189,7 @@ int first_system_vector = 0xfe; @@ -17097,7 +16698,7 @@ index cbf5121..812b537 100644 int pic_mode; -@@ -1956,7 +1956,7 @@ void smp_error_interrupt(struct pt_regs *regs) +@@ -1955,7 +1955,7 @@ void smp_error_interrupt(struct pt_regs *regs) apic_write(APIC_ESR, 0); v1 = apic_read(APIC_ESR); ack_APIC_irq(); @@ -17178,10 +16779,10 @@ index 0874799..a7a7892 100644 .name = "es7000", .probe = probe_es7000, diff --git a/arch/x86/kernel/apic/io_apic.c b/arch/x86/kernel/apic/io_apic.c -index b739d39..aebc14c 100644 +index 9ed796c..e930fe4 100644 --- a/arch/x86/kernel/apic/io_apic.c +++ b/arch/x86/kernel/apic/io_apic.c -@@ -1084,7 +1084,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin, +@@ -1060,7 +1060,7 @@ int IO_APIC_get_PCI_irq_vector(int bus, int slot, int pin, } EXPORT_SYMBOL(IO_APIC_get_PCI_irq_vector); @@ -17190,7 +16791,7 @@ index b739d39..aebc14c 100644 { /* Used to the online set of cpus does not change * during assign_irq_vector. -@@ -1092,7 +1092,7 @@ void lock_vector_lock(void) +@@ -1068,7 +1068,7 @@ void lock_vector_lock(void) raw_spin_lock(&vector_lock); } @@ -17199,7 +16800,7 @@ index b739d39..aebc14c 100644 { raw_spin_unlock(&vector_lock); } -@@ -2399,7 +2399,7 @@ static void ack_apic_edge(struct irq_data *data) +@@ -2362,7 +2362,7 @@ static void ack_apic_edge(struct irq_data *data) ack_APIC_irq(); } @@ -17208,7 +16809,7 @@ index b739d39..aebc14c 100644 #ifdef CONFIG_GENERIC_PENDING_IRQ static bool io_apic_level_ack_pending(struct irq_cfg *cfg) -@@ -2540,7 +2540,7 @@ static void ack_apic_level(struct irq_data *data) +@@ -2503,7 +2503,7 @@ static void ack_apic_level(struct irq_data *data) * at the cpu. */ if (!(v & (1 << (i & 0x1f)))) { @@ -17217,24 +16818,6 @@ index b739d39..aebc14c 100644 eoi_ioapic_irq(irq, cfg); } -@@ -2567,11 +2567,13 @@ static void ir_print_prefix(struct irq_data *data, struct seq_file *p) - - static void irq_remap_modify_chip_defaults(struct irq_chip *chip) - { -- chip->irq_print_chip = ir_print_prefix; -- chip->irq_ack = ir_ack_apic_edge; -- chip->irq_eoi = ir_ack_apic_level; -+ pax_open_kernel(); -+ *(void **)&chip->irq_print_chip = ir_print_prefix; -+ *(void **)&chip->irq_ack = ir_ack_apic_edge; -+ *(void **)&chip->irq_eoi = ir_ack_apic_level; - -- chip->irq_set_affinity = set_remapped_irq_affinity; -+ *(void **)&chip->irq_set_affinity = set_remapped_irq_affinity; -+ pax_close_kernel(); - } - #endif /* CONFIG_IRQ_REMAP */ - diff --git a/arch/x86/kernel/apic/numaq_32.c b/arch/x86/kernel/apic/numaq_32.c index d661ee9..791fd33 100644 --- a/arch/x86/kernel/apic/numaq_32.c @@ -17311,10 +16894,10 @@ index 562a76d..a003c0f 100644 .name = "physical x2apic", .probe = x2apic_phys_probe, diff --git a/arch/x86/kernel/apic/x2apic_uv_x.c b/arch/x86/kernel/apic/x2apic_uv_x.c -index 8cfade9..b9d04fc 100644 +index 794f6eb..67e1db2 100644 --- a/arch/x86/kernel/apic/x2apic_uv_x.c +++ b/arch/x86/kernel/apic/x2apic_uv_x.c -@@ -333,7 +333,7 @@ static int uv_probe(void) +@@ -342,7 +342,7 @@ static int uv_probe(void) return apic == &apic_x2apic_uv_x; } @@ -17324,10 +16907,10 @@ index 8cfade9..b9d04fc 100644 .name = "UV large system", .probe = uv_probe, diff --git a/arch/x86/kernel/apm_32.c b/arch/x86/kernel/apm_32.c -index d65464e..1035d31 100644 +index 66b5faf..3442423 100644 --- a/arch/x86/kernel/apm_32.c +++ b/arch/x86/kernel/apm_32.c -@@ -412,7 +412,7 @@ static DEFINE_MUTEX(apm_mutex); +@@ -434,7 +434,7 @@ static DEFINE_MUTEX(apm_mutex); * This is for buggy BIOS's that refer to (real mode) segment 0x40 * even though they are called in protected mode. */ @@ -17336,7 +16919,7 @@ index d65464e..1035d31 100644 (unsigned long)__va(0x400UL), PAGE_SIZE - 0x400 - 1); static const char driver_version[] = "1.16ac"; /* no spaces */ -@@ -590,7 +590,10 @@ static long __apm_bios_call(void *_call) +@@ -612,7 +612,10 @@ static long __apm_bios_call(void *_call) BUG_ON(cpu != 0); gdt = get_cpu_gdt_table(cpu); save_desc_40 = gdt[0x40 / 8]; @@ -17347,7 +16930,7 @@ index d65464e..1035d31 100644 apm_irq_save(flags); APM_DO_SAVE_SEGS; -@@ -599,7 +602,11 @@ static long __apm_bios_call(void *_call) +@@ -621,7 +624,11 @@ static long __apm_bios_call(void *_call) &call->esi); APM_DO_RESTORE_SEGS; apm_irq_restore(flags); @@ -17359,7 +16942,7 @@ index d65464e..1035d31 100644 put_cpu(); return call->eax & 0xff; -@@ -666,7 +673,10 @@ static long __apm_bios_call_simple(void *_call) +@@ -688,7 +695,10 @@ static long __apm_bios_call_simple(void *_call) BUG_ON(cpu != 0); gdt = get_cpu_gdt_table(cpu); save_desc_40 = gdt[0x40 / 8]; @@ -17370,7 +16953,7 @@ index d65464e..1035d31 100644 apm_irq_save(flags); APM_DO_SAVE_SEGS; -@@ -674,7 +684,11 @@ static long __apm_bios_call_simple(void *_call) +@@ -696,7 +706,11 @@ static long __apm_bios_call_simple(void *_call) &call->eax); APM_DO_RESTORE_SEGS; apm_irq_restore(flags); @@ -17382,7 +16965,7 @@ index d65464e..1035d31 100644 put_cpu(); return error; } -@@ -2345,12 +2359,15 @@ static int __init apm_init(void) +@@ -2363,12 +2377,15 @@ static int __init apm_init(void) * code to that CPU. */ gdt = get_cpu_gdt_table(0); @@ -17466,10 +17049,10 @@ index a0e067d..9c7db16 100644 obj-y += proc.o capflags.o powerflags.o common.o obj-y += vmware.o hypervisor.o mshyperv.o diff --git a/arch/x86/kernel/cpu/amd.c b/arch/x86/kernel/cpu/amd.c -index 15239ff..e23e04e 100644 +index fa96eb0..03efe73 100644 --- a/arch/x86/kernel/cpu/amd.c +++ b/arch/x86/kernel/cpu/amd.c -@@ -733,7 +733,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, +@@ -737,7 +737,7 @@ static unsigned int __cpuinit amd_size_cache(struct cpuinfo_x86 *c, unsigned int size) { /* AMD errata T13 (order #21922) */ @@ -17479,10 +17062,10 @@ index 15239ff..e23e04e 100644 if (c->x86_model == 3 && c->x86_mask == 0) size = 64; diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index 9c3ab43..51e6366 100644 +index d814772..c615653 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c -@@ -86,60 +86,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { +@@ -88,60 +88,6 @@ static const struct cpu_dev __cpuinitconst default_cpu = { static const struct cpu_dev *this_cpu __cpuinitdata = &default_cpu; @@ -17543,7 +17126,7 @@ index 9c3ab43..51e6366 100644 static int __init x86_xsave_setup(char *s) { setup_clear_cpu_cap(X86_FEATURE_XSAVE); -@@ -389,7 +335,7 @@ void switch_to_new_gdt(int cpu) +@@ -386,7 +332,7 @@ void switch_to_new_gdt(int cpu) { struct desc_ptr gdt_descr; @@ -17552,7 +17135,7 @@ index 9c3ab43..51e6366 100644 gdt_descr.size = GDT_SIZE - 1; load_gdt(&gdt_descr); /* Reload the per-cpu base */ -@@ -885,6 +831,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) +@@ -882,6 +828,10 @@ static void __cpuinit identify_cpu(struct cpuinfo_x86 *c) /* Filter out anything that depends on CPUID levels we don't have */ filter_cpuid_features(c, true); @@ -17563,7 +17146,7 @@ index 9c3ab43..51e6366 100644 /* If the model name is still unset, do table lookup. */ if (!c->x86_model_id[0]) { const char *p; -@@ -1068,10 +1018,12 @@ static __init int setup_disablecpuid(char *arg) +@@ -1065,10 +1015,12 @@ static __init int setup_disablecpuid(char *arg) } __setup("clearcpuid=", setup_disablecpuid); @@ -17578,7 +17161,7 @@ index 9c3ab43..51e6366 100644 DEFINE_PER_CPU_FIRST(union irq_stack_union, irq_stack_union) __aligned(PAGE_SIZE); -@@ -1085,7 +1037,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = +@@ -1082,7 +1034,7 @@ DEFINE_PER_CPU(struct task_struct *, current_task) ____cacheline_aligned = EXPORT_PER_CPU_SYMBOL(current_task); DEFINE_PER_CPU(unsigned long, kernel_stack) = @@ -17587,8 +17170,8 @@ index 9c3ab43..51e6366 100644 EXPORT_PER_CPU_SYMBOL(kernel_stack); DEFINE_PER_CPU(char *, irq_stack_ptr) = -@@ -1224,7 +1176,7 @@ void __cpuinit cpu_init(void) - int i; +@@ -1227,7 +1179,7 @@ void __cpuinit cpu_init(void) + load_ucode_ap(); cpu = stack_smp_processor_id(); - t = &per_cpu(init_tss, cpu); @@ -17596,7 +17179,7 @@ index 9c3ab43..51e6366 100644 oist = &per_cpu(orig_ist, cpu); #ifdef CONFIG_NUMA -@@ -1250,7 +1202,7 @@ void __cpuinit cpu_init(void) +@@ -1253,7 +1205,7 @@ void __cpuinit cpu_init(void) switch_to_new_gdt(cpu); loadsegment(fs, 0); @@ -17605,7 +17188,7 @@ index 9c3ab43..51e6366 100644 memset(me->thread.tls_array, 0, GDT_ENTRY_TLS_ENTRIES * 8); syscall_init(); -@@ -1259,7 +1211,6 @@ void __cpuinit cpu_init(void) +@@ -1262,7 +1214,6 @@ void __cpuinit cpu_init(void) wrmsrl(MSR_KERNEL_GS_BASE, 0); barrier(); @@ -17613,7 +17196,7 @@ index 9c3ab43..51e6366 100644 enable_x2apic(); /* -@@ -1311,7 +1262,7 @@ void __cpuinit cpu_init(void) +@@ -1314,7 +1265,7 @@ void __cpuinit cpu_init(void) { int cpu = smp_processor_id(); struct task_struct *curr = current; @@ -17621,12 +17204,12 @@ index 9c3ab43..51e6366 100644 + struct tss_struct *t = init_tss + cpu; struct thread_struct *thread = &curr->thread; - if (cpumask_test_and_set_cpu(cpu, cpu_initialized_mask)) { + show_ucode_info_early(); diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c -index fcaabd0..7b55a26 100644 +index 1905ce9..a7ac587 100644 --- a/arch/x86/kernel/cpu/intel.c +++ b/arch/x86/kernel/cpu/intel.c -@@ -174,7 +174,7 @@ static void __cpuinit trap_init_f00f_bug(void) +@@ -173,7 +173,7 @@ static void __cpuinit trap_init_f00f_bug(void) * Update the IDT descriptor and reload the IDT so that * it uses the read-only mapped virtual address. */ @@ -17636,7 +17219,7 @@ index fcaabd0..7b55a26 100644 } #endif diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c -index 84c1309..39b7224 100644 +index 7c6f7d5..8cac382 100644 --- a/arch/x86/kernel/cpu/intel_cacheinfo.c +++ b/arch/x86/kernel/cpu/intel_cacheinfo.c @@ -1017,6 +1017,22 @@ static struct attribute *default_attrs[] = { @@ -17736,7 +17319,7 @@ index 84c1309..39b7224 100644 }; diff --git a/arch/x86/kernel/cpu/mcheck/mce.c b/arch/x86/kernel/cpu/mcheck/mce.c -index 80dbda8..be16652 100644 +index 7bc1263..ce2cbfb 100644 --- a/arch/x86/kernel/cpu/mcheck/mce.c +++ b/arch/x86/kernel/cpu/mcheck/mce.c @@ -45,6 +45,7 @@ @@ -17787,7 +17370,7 @@ index 80dbda8..be16652 100644 return; } /* First print corrected ones that are still unlogged */ -@@ -686,7 +687,7 @@ static int mce_timed_out(u64 *t) +@@ -683,7 +684,7 @@ static int mce_timed_out(u64 *t) * might have been modified by someone else. */ rmb(); @@ -17796,7 +17379,7 @@ index 80dbda8..be16652 100644 wait_for_panic(); if (!mca_cfg.monarch_timeout) goto out; -@@ -1662,7 +1663,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) +@@ -1654,7 +1655,7 @@ static void unexpected_machine_check(struct pt_regs *regs, long error_code) } /* Call the installed machine check handler for this CPU setup. */ @@ -17805,7 +17388,7 @@ index 80dbda8..be16652 100644 unexpected_machine_check; /* -@@ -1685,7 +1686,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1677,7 +1678,9 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) return; } @@ -17815,7 +17398,7 @@ index 80dbda8..be16652 100644 __mcheck_cpu_init_generic(); __mcheck_cpu_init_vendor(c); -@@ -1699,7 +1702,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) +@@ -1691,7 +1694,7 @@ void __cpuinit mcheck_cpu_init(struct cpuinfo_x86 *c) */ static DEFINE_SPINLOCK(mce_chrdev_state_lock); @@ -17824,7 +17407,7 @@ index 80dbda8..be16652 100644 static int mce_chrdev_open_exclu; /* already open exclusive? */ static int mce_chrdev_open(struct inode *inode, struct file *file) -@@ -1707,7 +1710,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1699,7 +1702,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) spin_lock(&mce_chrdev_state_lock); if (mce_chrdev_open_exclu || @@ -17833,7 +17416,7 @@ index 80dbda8..be16652 100644 spin_unlock(&mce_chrdev_state_lock); return -EBUSY; -@@ -1715,7 +1718,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) +@@ -1707,7 +1710,7 @@ static int mce_chrdev_open(struct inode *inode, struct file *file) if (file->f_flags & O_EXCL) mce_chrdev_open_exclu = 1; @@ -17842,7 +17425,7 @@ index 80dbda8..be16652 100644 spin_unlock(&mce_chrdev_state_lock); -@@ -1726,7 +1729,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) +@@ -1718,7 +1721,7 @@ static int mce_chrdev_release(struct inode *inode, struct file *file) { spin_lock(&mce_chrdev_state_lock); @@ -17851,7 +17434,7 @@ index 80dbda8..be16652 100644 mce_chrdev_open_exclu = 0; spin_unlock(&mce_chrdev_state_lock); -@@ -2372,7 +2375,7 @@ mce_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu) +@@ -2364,7 +2367,7 @@ mce_cpu_callback(struct notifier_block *nfb, unsigned long action, void *hcpu) return NOTIFY_OK; } @@ -17860,7 +17443,7 @@ index 80dbda8..be16652 100644 .notifier_call = mce_cpu_callback, }; -@@ -2382,7 +2385,7 @@ static __init void mce_init_banks(void) +@@ -2374,7 +2377,7 @@ static __init void mce_init_banks(void) for (i = 0; i < mca_cfg.banks; i++) { struct mce_bank *b = &mce_banks[i]; @@ -17869,7 +17452,7 @@ index 80dbda8..be16652 100644 sysfs_attr_init(&a->attr); a->attr.name = b->attrname; -@@ -2450,7 +2453,7 @@ struct dentry *mce_get_debugfs_dir(void) +@@ -2442,7 +2445,7 @@ struct dentry *mce_get_debugfs_dir(void) static void mce_reset(void) { cpu_missing = 0; @@ -17879,7 +17462,7 @@ index 80dbda8..be16652 100644 atomic_set(&mce_callin, 0); atomic_set(&global_nwo, 0); diff --git a/arch/x86/kernel/cpu/mcheck/p5.c b/arch/x86/kernel/cpu/mcheck/p5.c -index 2d5454c..51987eb 100644 +index 1c044b1..37a2a43 100644 --- a/arch/x86/kernel/cpu/mcheck/p5.c +++ b/arch/x86/kernel/cpu/mcheck/p5.c @@ -11,6 +11,7 @@ @@ -17914,7 +17497,7 @@ index 47a1870..8c019a7 100644 .notifier_call = thermal_throttle_cpu_callback, }; diff --git a/arch/x86/kernel/cpu/mcheck/winchip.c b/arch/x86/kernel/cpu/mcheck/winchip.c -index 2d7998f..17c9de1 100644 +index e9a701a..35317d6 100644 --- a/arch/x86/kernel/cpu/mcheck/winchip.c +++ b/arch/x86/kernel/cpu/mcheck/winchip.c @@ -10,6 +10,7 @@ @@ -17962,7 +17545,7 @@ index df5e41f..816c719 100644 extern int generic_get_free_region(unsigned long base, unsigned long size, int replace_reg); diff --git a/arch/x86/kernel/cpu/perf_event.c b/arch/x86/kernel/cpu/perf_event.c -index 6774c17..72c1b22 100644 +index bf0f01a..9adfee1 100644 --- a/arch/x86/kernel/cpu/perf_event.c +++ b/arch/x86/kernel/cpu/perf_event.c @@ -1305,7 +1305,7 @@ static void __init pmu_check_apic(void) @@ -17974,16 +17557,7 @@ index 6774c17..72c1b22 100644 .name = "format", .attrs = NULL, }; -@@ -1313,7 +1313,7 @@ static struct attribute_group x86_pmu_format_group = { - struct perf_pmu_events_attr { - struct device_attribute attr; - u64 id; --}; -+} __do_const; - - /* - * Remove all undefined events (x86_pmu.event_map(id) == 0) -@@ -1381,7 +1381,7 @@ static struct attribute *events_attr[] = { +@@ -1374,7 +1374,7 @@ static struct attribute *events_attr[] = { NULL, }; @@ -17992,7 +17566,7 @@ index 6774c17..72c1b22 100644 .name = "events", .attrs = events_attr, }; -@@ -1880,7 +1880,7 @@ static unsigned long get_segment_base(unsigned int segment) +@@ -1873,7 +1873,7 @@ static unsigned long get_segment_base(unsigned int segment) if (idx > GDT_ENTRIES) return 0; @@ -18001,7 +17575,7 @@ index 6774c17..72c1b22 100644 } return get_desc_base(desc + idx); -@@ -1970,7 +1970,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) +@@ -1963,7 +1963,7 @@ perf_callchain_user(struct perf_callchain_entry *entry, struct pt_regs *regs) break; perf_callchain_store(entry, frame.return_address); @@ -18011,10 +17585,10 @@ index 6774c17..72c1b22 100644 } diff --git a/arch/x86/kernel/cpu/perf_event_intel.c b/arch/x86/kernel/cpu/perf_event_intel.c -index 70602f8..9d9edb7 100644 +index 4a0a462..be3b204 100644 --- a/arch/x86/kernel/cpu/perf_event_intel.c +++ b/arch/x86/kernel/cpu/perf_event_intel.c -@@ -1964,10 +1964,10 @@ __init int intel_pmu_init(void) +@@ -1994,10 +1994,10 @@ __init int intel_pmu_init(void) * v2 and above have a perf capabilities MSR */ if (version > 1) { @@ -18028,92 +17602,19 @@ index 70602f8..9d9edb7 100644 } intel_ds_init(); -diff --git a/arch/x86/kernel/cpu/perf_event_intel_lbr.c b/arch/x86/kernel/cpu/perf_event_intel_lbr.c -index da02e9c..94db951 100644 ---- a/arch/x86/kernel/cpu/perf_event_intel_lbr.c -+++ b/arch/x86/kernel/cpu/perf_event_intel_lbr.c -@@ -310,7 +310,7 @@ void intel_pmu_lbr_read(void) - * - in case there is no HW filter - * - in case the HW filter has errata or limitations - */ --static void intel_pmu_setup_sw_lbr_filter(struct perf_event *event) -+static int intel_pmu_setup_sw_lbr_filter(struct perf_event *event) - { - u64 br_type = event->attr.branch_sample_type; - int mask = 0; -@@ -318,8 +318,11 @@ static void intel_pmu_setup_sw_lbr_filter(struct perf_event *event) - if (br_type & PERF_SAMPLE_BRANCH_USER) - mask |= X86_BR_USER; - -- if (br_type & PERF_SAMPLE_BRANCH_KERNEL) -+ if (br_type & PERF_SAMPLE_BRANCH_KERNEL) { -+ if (perf_paranoid_kernel() && !capable(CAP_SYS_ADMIN)) -+ return -EACCES; - mask |= X86_BR_KERNEL; -+ } - - /* we ignore BRANCH_HV here */ - -@@ -339,6 +342,8 @@ static void intel_pmu_setup_sw_lbr_filter(struct perf_event *event) - * be used by fixup code for some CPU - */ - event->hw.branch_reg.reg = mask; -+ -+ return 0; - } - - /* -@@ -386,7 +391,9 @@ int intel_pmu_setup_lbr_filter(struct perf_event *event) - /* - * setup SW LBR filter - */ -- intel_pmu_setup_sw_lbr_filter(event); -+ ret = intel_pmu_setup_sw_lbr_filter(event); -+ if (ret) -+ return ret; - - /* - * setup HW LBR filter, if any diff --git a/arch/x86/kernel/cpu/perf_event_intel_uncore.c b/arch/x86/kernel/cpu/perf_event_intel_uncore.c -index b43200d..d235b3e 100644 +index 3e091f0..d2dc8d6 100644 --- a/arch/x86/kernel/cpu/perf_event_intel_uncore.c +++ b/arch/x86/kernel/cpu/perf_event_intel_uncore.c @@ -2428,7 +2428,7 @@ static void __init uncore_types_exit(struct intel_uncore_type **types) static int __init uncore_type_init(struct intel_uncore_type *type) { struct intel_uncore_pmu *pmus; -- struct attribute_group *events_group; +- struct attribute_group *attr_group; + attribute_group_no_const *attr_group; struct attribute **attrs; int i, j; -@@ -2455,19 +2455,19 @@ static int __init uncore_type_init(struct intel_uncore_type *type) - while (type->event_descs[i].attr.attr.name) - i++; - -- events_group = kzalloc(sizeof(struct attribute *) * (i + 1) + -- sizeof(*events_group), GFP_KERNEL); -- if (!events_group) -+ attr_group = kzalloc(sizeof(struct attribute *) * (i + 1) + -+ sizeof(*attr_group), GFP_KERNEL); -+ if (!attr_group) - goto fail; - -- attrs = (struct attribute **)(events_group + 1); -- events_group->name = "events"; -- events_group->attrs = attrs; -+ attrs = (struct attribute **)(attr_group + 1); -+ attr_group->name = "events"; -+ attr_group->attrs = attrs; - - for (j = 0; j < i; j++) - attrs[j] = &type->event_descs[j].attr.attr; - -- type->events_group = events_group; -+ type->events_group = attr_group; - } - - type->pmu_group = &uncore_pmu_attr_group; @@ -2826,7 +2826,7 @@ static int return NOTIFY_OK; } @@ -18137,7 +17638,7 @@ index e68a455..975a932 100644 #define INTEL_UNCORE_EVENT_DESC(_name, _config) \ { \ diff --git a/arch/x86/kernel/cpuid.c b/arch/x86/kernel/cpuid.c -index 60c7891..9e911d3 100644 +index 1e4dbcf..b9a34c2 100644 --- a/arch/x86/kernel/cpuid.c +++ b/arch/x86/kernel/cpuid.c @@ -171,7 +171,7 @@ static int __cpuinit cpuid_class_cpu_callback(struct notifier_block *nfb, @@ -18201,7 +17702,7 @@ index 37250fe..bf2ec74 100644 .__cr3 = __pa_nodebug(swapper_pg_dir), diff --git a/arch/x86/kernel/dumpstack.c b/arch/x86/kernel/dumpstack.c -index ae42418b..787c16b 100644 +index c8797d5..c605e53 100644 --- a/arch/x86/kernel/dumpstack.c +++ b/arch/x86/kernel/dumpstack.c @@ -2,6 +2,9 @@ @@ -18584,7 +18085,7 @@ index 9b9f18b..9fcaa04 100644 #include <asm/processor.h> #include <asm/fcntl.h> diff --git a/arch/x86/kernel/entry_32.S b/arch/x86/kernel/entry_32.S -index 6ed91d9..6cc365b 100644 +index 8f3e2de..934870f 100644 --- a/arch/x86/kernel/entry_32.S +++ b/arch/x86/kernel/entry_32.S @@ -177,13 +177,153 @@ @@ -19058,7 +18559,7 @@ index 6ed91d9..6cc365b 100644 CFI_ENDPROC /* * End of kprobes section -@@ -753,8 +985,15 @@ PTREGSCALL1(vm86old) +@@ -708,8 +940,15 @@ END(syscall_badsys) * normal stack and adjusts ESP with the matching offset. */ /* fixup the stack */ @@ -19076,7 +18577,7 @@ index 6ed91d9..6cc365b 100644 shl $16, %eax addl %esp, %eax /* the adjusted stack pointer */ pushl_cfi $__KERNEL_DS -@@ -807,7 +1046,7 @@ vector=vector+1 +@@ -762,7 +1001,7 @@ vector=vector+1 .endr 2: jmp common_interrupt .endr @@ -19085,7 +18586,7 @@ index 6ed91d9..6cc365b 100644 .previous END(interrupt) -@@ -858,7 +1097,7 @@ ENTRY(coprocessor_error) +@@ -813,7 +1052,7 @@ ENTRY(coprocessor_error) pushl_cfi $do_coprocessor_error jmp error_code CFI_ENDPROC @@ -19094,7 +18595,7 @@ index 6ed91d9..6cc365b 100644 ENTRY(simd_coprocessor_error) RING0_INT_FRAME -@@ -880,7 +1119,7 @@ ENTRY(simd_coprocessor_error) +@@ -835,7 +1074,7 @@ ENTRY(simd_coprocessor_error) #endif jmp error_code CFI_ENDPROC @@ -19103,7 +18604,7 @@ index 6ed91d9..6cc365b 100644 ENTRY(device_not_available) RING0_INT_FRAME -@@ -889,18 +1128,18 @@ ENTRY(device_not_available) +@@ -844,18 +1083,18 @@ ENTRY(device_not_available) pushl_cfi $do_device_not_available jmp error_code CFI_ENDPROC @@ -19125,7 +18626,7 @@ index 6ed91d9..6cc365b 100644 #endif ENTRY(overflow) -@@ -910,7 +1149,7 @@ ENTRY(overflow) +@@ -865,7 +1104,7 @@ ENTRY(overflow) pushl_cfi $do_overflow jmp error_code CFI_ENDPROC @@ -19134,7 +18635,7 @@ index 6ed91d9..6cc365b 100644 ENTRY(bounds) RING0_INT_FRAME -@@ -919,7 +1158,7 @@ ENTRY(bounds) +@@ -874,7 +1113,7 @@ ENTRY(bounds) pushl_cfi $do_bounds jmp error_code CFI_ENDPROC @@ -19143,7 +18644,7 @@ index 6ed91d9..6cc365b 100644 ENTRY(invalid_op) RING0_INT_FRAME -@@ -928,7 +1167,7 @@ ENTRY(invalid_op) +@@ -883,7 +1122,7 @@ ENTRY(invalid_op) pushl_cfi $do_invalid_op jmp error_code CFI_ENDPROC @@ -19152,7 +18653,7 @@ index 6ed91d9..6cc365b 100644 ENTRY(coprocessor_segment_overrun) RING0_INT_FRAME -@@ -937,7 +1176,7 @@ ENTRY(coprocessor_segment_overrun) +@@ -892,7 +1131,7 @@ ENTRY(coprocessor_segment_overrun) pushl_cfi $do_coprocessor_segment_overrun jmp error_code CFI_ENDPROC @@ -19161,7 +18662,7 @@ index 6ed91d9..6cc365b 100644 ENTRY(invalid_TSS) RING0_EC_FRAME -@@ -945,7 +1184,7 @@ ENTRY(invalid_TSS) +@@ -900,7 +1139,7 @@ ENTRY(invalid_TSS) pushl_cfi $do_invalid_TSS jmp error_code CFI_ENDPROC @@ -19170,7 +18671,7 @@ index 6ed91d9..6cc365b 100644 ENTRY(segment_not_present) RING0_EC_FRAME -@@ -953,7 +1192,7 @@ ENTRY(segment_not_present) +@@ -908,7 +1147,7 @@ ENTRY(segment_not_present) pushl_cfi $do_segment_not_present jmp error_code CFI_ENDPROC @@ -19179,7 +18680,7 @@ index 6ed91d9..6cc365b 100644 ENTRY(stack_segment) RING0_EC_FRAME -@@ -961,7 +1200,7 @@ ENTRY(stack_segment) +@@ -916,7 +1155,7 @@ ENTRY(stack_segment) pushl_cfi $do_stack_segment jmp error_code CFI_ENDPROC @@ -19188,7 +18689,7 @@ index 6ed91d9..6cc365b 100644 ENTRY(alignment_check) RING0_EC_FRAME -@@ -969,7 +1208,7 @@ ENTRY(alignment_check) +@@ -924,7 +1163,7 @@ ENTRY(alignment_check) pushl_cfi $do_alignment_check jmp error_code CFI_ENDPROC @@ -19197,7 +18698,7 @@ index 6ed91d9..6cc365b 100644 ENTRY(divide_error) RING0_INT_FRAME -@@ -978,7 +1217,7 @@ ENTRY(divide_error) +@@ -933,7 +1172,7 @@ ENTRY(divide_error) pushl_cfi $do_divide_error jmp error_code CFI_ENDPROC @@ -19206,7 +18707,7 @@ index 6ed91d9..6cc365b 100644 #ifdef CONFIG_X86_MCE ENTRY(machine_check) -@@ -988,7 +1227,7 @@ ENTRY(machine_check) +@@ -943,7 +1182,7 @@ ENTRY(machine_check) pushl_cfi machine_check_vector jmp error_code CFI_ENDPROC @@ -19215,7 +18716,7 @@ index 6ed91d9..6cc365b 100644 #endif ENTRY(spurious_interrupt_bug) -@@ -998,7 +1237,7 @@ ENTRY(spurious_interrupt_bug) +@@ -953,7 +1192,7 @@ ENTRY(spurious_interrupt_bug) pushl_cfi $do_spurious_interrupt_bug jmp error_code CFI_ENDPROC @@ -19224,7 +18725,7 @@ index 6ed91d9..6cc365b 100644 /* * End of kprobes section */ -@@ -1101,7 +1340,7 @@ BUILD_INTERRUPT3(xen_hvm_callback_vector, XEN_HVM_EVTCHN_CALLBACK, +@@ -1063,7 +1302,7 @@ BUILD_INTERRUPT3(hyperv_callback_vector, HYPERVISOR_CALLBACK_VECTOR, ENTRY(mcount) ret @@ -19233,7 +18734,7 @@ index 6ed91d9..6cc365b 100644 ENTRY(ftrace_caller) cmpl $0, function_trace_stop -@@ -1134,7 +1373,7 @@ ftrace_graph_call: +@@ -1096,7 +1335,7 @@ ftrace_graph_call: .globl ftrace_stub ftrace_stub: ret @@ -19242,7 +18743,7 @@ index 6ed91d9..6cc365b 100644 ENTRY(ftrace_regs_caller) pushf /* push flags before compare (in cs location) */ -@@ -1235,7 +1474,7 @@ trace: +@@ -1197,7 +1436,7 @@ trace: popl %ecx popl %eax jmp ftrace_stub @@ -19251,7 +18752,7 @@ index 6ed91d9..6cc365b 100644 #endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_FUNCTION_TRACER */ -@@ -1253,7 +1492,7 @@ ENTRY(ftrace_graph_caller) +@@ -1215,7 +1454,7 @@ ENTRY(ftrace_graph_caller) popl %ecx popl %eax ret @@ -19260,7 +18761,7 @@ index 6ed91d9..6cc365b 100644 .globl return_to_handler return_to_handler: -@@ -1309,15 +1548,18 @@ error_code: +@@ -1271,15 +1510,18 @@ error_code: movl $-1, PT_ORIG_EAX(%esp) # no syscall to restart REG_TO_PTGS %ecx SET_KERNEL_GS %ecx @@ -19281,7 +18782,7 @@ index 6ed91d9..6cc365b 100644 /* * Debug traps and NMI can happen at the one SYSENTER instruction -@@ -1360,7 +1602,7 @@ debug_stack_correct: +@@ -1322,7 +1564,7 @@ debug_stack_correct: call do_debug jmp ret_from_exception CFI_ENDPROC @@ -19290,7 +18791,7 @@ index 6ed91d9..6cc365b 100644 /* * NMI is doubly nasty. It can happen _while_ we're handling -@@ -1398,6 +1640,9 @@ nmi_stack_correct: +@@ -1360,6 +1602,9 @@ nmi_stack_correct: xorl %edx,%edx # zero error code movl %esp,%eax # pt_regs pointer call do_nmi @@ -19300,7 +18801,7 @@ index 6ed91d9..6cc365b 100644 jmp restore_all_notrace CFI_ENDPROC -@@ -1434,12 +1679,15 @@ nmi_espfix_stack: +@@ -1396,12 +1641,15 @@ nmi_espfix_stack: FIXUP_ESPFIX_STACK # %eax == %esp xorl %edx,%edx # zero error code call do_nmi @@ -19317,7 +18818,7 @@ index 6ed91d9..6cc365b 100644 ENTRY(int3) RING0_INT_FRAME -@@ -1452,14 +1700,14 @@ ENTRY(int3) +@@ -1414,14 +1662,14 @@ ENTRY(int3) call do_int3 jmp ret_from_exception CFI_ENDPROC @@ -19334,7 +18835,7 @@ index 6ed91d9..6cc365b 100644 #ifdef CONFIG_KVM_GUEST ENTRY(async_page_fault) -@@ -1468,7 +1716,7 @@ ENTRY(async_page_fault) +@@ -1430,7 +1678,7 @@ ENTRY(async_page_fault) pushl_cfi $do_async_page_fault jmp error_code CFI_ENDPROC @@ -19344,7 +18845,7 @@ index 6ed91d9..6cc365b 100644 /* diff --git a/arch/x86/kernel/entry_64.S b/arch/x86/kernel/entry_64.S -index cb3c591..0617fa7 100644 +index c1d01e6..5625dce 100644 --- a/arch/x86/kernel/entry_64.S +++ b/arch/x86/kernel/entry_64.S @@ -59,6 +59,8 @@ @@ -19909,18 +19410,9 @@ index cb3c591..0617fa7 100644 -END(system_call) +ENDPROC(system_call) - /* - * Certain special system calls that need to save a complete full stack frame. -@@ -842,7 +1149,7 @@ ENTRY(\label) - call \func - jmp ptregscall_common - CFI_ENDPROC --END(\label) -+ENDPROC(\label) - .endm - .macro FORK_LIKE func -@@ -856,9 +1163,10 @@ ENTRY(stub_\func) + ENTRY(stub_\func) +@@ -839,9 +1146,10 @@ ENTRY(stub_\func) DEFAULT_FRAME 0 8 /* offset 8: return address */ call sys_\func RESTORE_TOP_OF_STACK %r11, 8 @@ -19931,8 +19423,20 @@ index cb3c591..0617fa7 100644 +ENDPROC(stub_\func) .endm + .macro FIXED_FRAME label,func +@@ -851,9 +1159,10 @@ ENTRY(\label) + FIXUP_TOP_OF_STACK %r11, 8-ARGOFFSET + call \func + RESTORE_TOP_OF_STACK %r11, 8-ARGOFFSET ++ pax_force_retaddr + ret + CFI_ENDPROC +-END(\label) ++ENDPROC(\label) + .endm + FORK_LIKE clone -@@ -875,9 +1183,10 @@ ENTRY(ptregscall_common) +@@ -870,9 +1179,10 @@ ENTRY(ptregscall_common) movq_cfi_restore R12+8, r12 movq_cfi_restore RBP+8, rbp movq_cfi_restore RBX+8, rbx @@ -19944,7 +19448,7 @@ index cb3c591..0617fa7 100644 ENTRY(stub_execve) CFI_STARTPROC -@@ -891,7 +1200,7 @@ ENTRY(stub_execve) +@@ -885,7 +1195,7 @@ ENTRY(stub_execve) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -19953,7 +19457,7 @@ index cb3c591..0617fa7 100644 /* * sigreturn is special because it needs to restore all registers on return. -@@ -909,7 +1218,7 @@ ENTRY(stub_rt_sigreturn) +@@ -902,7 +1212,7 @@ ENTRY(stub_rt_sigreturn) RESTORE_REST jmp int_ret_from_sys_call CFI_ENDPROC @@ -19962,7 +19466,25 @@ index cb3c591..0617fa7 100644 #ifdef CONFIG_X86_X32_ABI ENTRY(stub_x32_rt_sigreturn) -@@ -975,7 +1284,7 @@ vector=vector+1 +@@ -916,7 +1226,7 @@ ENTRY(stub_x32_rt_sigreturn) + RESTORE_REST + jmp int_ret_from_sys_call + CFI_ENDPROC +-END(stub_x32_rt_sigreturn) ++ENDPROC(stub_x32_rt_sigreturn) + + ENTRY(stub_x32_execve) + CFI_STARTPROC +@@ -930,7 +1240,7 @@ ENTRY(stub_x32_execve) + RESTORE_REST + jmp int_ret_from_sys_call + CFI_ENDPROC +-END(stub_x32_execve) ++ENDPROC(stub_x32_execve) + + #endif + +@@ -967,7 +1277,7 @@ vector=vector+1 2: jmp common_interrupt .endr CFI_ENDPROC @@ -19971,7 +19493,7 @@ index cb3c591..0617fa7 100644 .previous END(interrupt) -@@ -995,6 +1304,16 @@ END(interrupt) +@@ -987,6 +1297,16 @@ END(interrupt) subq $ORIG_RAX-RBP, %rsp CFI_ADJUST_CFA_OFFSET ORIG_RAX-RBP SAVE_ARGS_IRQ @@ -19988,7 +19510,7 @@ index cb3c591..0617fa7 100644 call \func .endm -@@ -1027,7 +1346,7 @@ ret_from_intr: +@@ -1019,7 +1339,7 @@ ret_from_intr: exit_intr: GET_THREAD_INFO(%rcx) @@ -19997,7 +19519,7 @@ index cb3c591..0617fa7 100644 je retint_kernel /* Interrupt came from user space */ -@@ -1049,12 +1368,16 @@ retint_swapgs: /* return to user-space */ +@@ -1041,12 +1361,16 @@ retint_swapgs: /* return to user-space */ * The iretq could re-enable interrupts: */ DISABLE_INTERRUPTS(CLBR_ANY) @@ -20014,7 +19536,7 @@ index cb3c591..0617fa7 100644 /* * The iretq could re-enable interrupts: */ -@@ -1137,7 +1460,7 @@ ENTRY(retint_kernel) +@@ -1129,7 +1453,7 @@ ENTRY(retint_kernel) #endif CFI_ENDPROC @@ -20023,7 +19545,7 @@ index cb3c591..0617fa7 100644 /* * End of kprobes section */ -@@ -1155,7 +1478,7 @@ ENTRY(\sym) +@@ -1147,7 +1471,7 @@ ENTRY(\sym) interrupt \do_sym jmp ret_from_intr CFI_ENDPROC @@ -20032,7 +19554,7 @@ index cb3c591..0617fa7 100644 .endm #ifdef CONFIG_SMP -@@ -1211,12 +1534,22 @@ ENTRY(\sym) +@@ -1203,12 +1527,22 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -20056,7 +19578,7 @@ index cb3c591..0617fa7 100644 .endm .macro paranoidzeroentry sym do_sym -@@ -1229,15 +1562,25 @@ ENTRY(\sym) +@@ -1221,15 +1555,25 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF @@ -20084,7 +19606,7 @@ index cb3c591..0617fa7 100644 .macro paranoidzeroentry_ist sym do_sym ist ENTRY(\sym) INTR_FRAME -@@ -1248,14 +1591,30 @@ ENTRY(\sym) +@@ -1240,14 +1584,30 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call save_paranoid TRACE_IRQS_OFF_DEBUG @@ -20116,7 +19638,7 @@ index cb3c591..0617fa7 100644 .endm .macro errorentry sym do_sym -@@ -1267,13 +1626,23 @@ ENTRY(\sym) +@@ -1259,13 +1619,23 @@ ENTRY(\sym) CFI_ADJUST_CFA_OFFSET ORIG_RAX-R15 call error_entry DEFAULT_FRAME 0 @@ -20141,7 +19663,7 @@ index cb3c591..0617fa7 100644 .endm /* error code is on the stack already */ -@@ -1287,13 +1656,23 @@ ENTRY(\sym) +@@ -1279,13 +1649,23 @@ ENTRY(\sym) call save_paranoid DEFAULT_FRAME 0 TRACE_IRQS_OFF @@ -20166,7 +19688,7 @@ index cb3c591..0617fa7 100644 .endm zeroentry divide_error do_divide_error -@@ -1323,9 +1702,10 @@ gs_change: +@@ -1315,9 +1695,10 @@ gs_change: 2: mfence /* workaround */ SWAPGS popfq_cfi @@ -20178,7 +19700,7 @@ index cb3c591..0617fa7 100644 _ASM_EXTABLE(gs_change,bad_gs) .section .fixup,"ax" -@@ -1353,9 +1733,10 @@ ENTRY(call_softirq) +@@ -1345,9 +1726,10 @@ ENTRY(call_softirq) CFI_DEF_CFA_REGISTER rsp CFI_ADJUST_CFA_OFFSET -8 decl PER_CPU_VAR(irq_count) @@ -20190,7 +19712,7 @@ index cb3c591..0617fa7 100644 #ifdef CONFIG_XEN zeroentry xen_hypervisor_callback xen_do_hypervisor_callback -@@ -1393,7 +1774,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) +@@ -1385,7 +1767,7 @@ ENTRY(xen_do_hypervisor_callback) # do_hypervisor_callback(struct *pt_regs) decl PER_CPU_VAR(irq_count) jmp error_exit CFI_ENDPROC @@ -20199,16 +19721,16 @@ index cb3c591..0617fa7 100644 /* * Hypervisor uses this for application faults while it executes. -@@ -1452,7 +1833,7 @@ ENTRY(xen_failsafe_callback) +@@ -1444,7 +1826,7 @@ ENTRY(xen_failsafe_callback) SAVE_ALL jmp error_exit CFI_ENDPROC -END(xen_failsafe_callback) +ENDPROC(xen_failsafe_callback) - apicinterrupt XEN_HVM_EVTCHN_CALLBACK \ + apicinterrupt HYPERVISOR_CALLBACK_VECTOR \ xen_hvm_callback_vector xen_evtchn_do_upcall -@@ -1501,16 +1882,31 @@ ENTRY(paranoid_exit) +@@ -1498,16 +1880,31 @@ ENTRY(paranoid_exit) TRACE_IRQS_OFF_DEBUG testl %ebx,%ebx /* swapgs needed? */ jnz paranoid_restore @@ -20241,7 +19763,7 @@ index cb3c591..0617fa7 100644 jmp irq_return paranoid_userspace: GET_THREAD_INFO(%rcx) -@@ -1539,7 +1935,7 @@ paranoid_schedule: +@@ -1536,7 +1933,7 @@ paranoid_schedule: TRACE_IRQS_OFF jmp paranoid_userspace CFI_ENDPROC @@ -20250,7 +19772,7 @@ index cb3c591..0617fa7 100644 /* * Exception entry point. This expects an error code/orig_rax on the stack. -@@ -1566,12 +1962,13 @@ ENTRY(error_entry) +@@ -1563,12 +1960,13 @@ ENTRY(error_entry) movq_cfi r14, R14+8 movq_cfi r15, R15+8 xorl %ebx,%ebx @@ -20265,7 +19787,7 @@ index cb3c591..0617fa7 100644 ret /* -@@ -1598,7 +1995,7 @@ bstep_iret: +@@ -1595,7 +1993,7 @@ bstep_iret: movq %rcx,RIP+8(%rsp) jmp error_swapgs CFI_ENDPROC @@ -20274,7 +19796,7 @@ index cb3c591..0617fa7 100644 /* ebx: no swapgs flag (1: don't need swapgs, 0: need it) */ -@@ -1618,7 +2015,7 @@ ENTRY(error_exit) +@@ -1615,7 +2013,7 @@ ENTRY(error_exit) jnz retint_careful jmp retint_swapgs CFI_ENDPROC @@ -20283,7 +19805,7 @@ index cb3c591..0617fa7 100644 /* * Test if a given stack is an NMI stack or not. -@@ -1676,9 +2073,11 @@ ENTRY(nmi) +@@ -1673,9 +2071,11 @@ ENTRY(nmi) * If %cs was not the kernel segment, then the NMI triggered in user * space, which means it is definitely not nested. */ @@ -20296,7 +19818,7 @@ index cb3c591..0617fa7 100644 /* * Check the special variable on the stack to see if NMIs are * executing. -@@ -1712,8 +2111,7 @@ nested_nmi: +@@ -1709,8 +2109,7 @@ nested_nmi: 1: /* Set up the interrupted NMIs stack to jump to repeat_nmi */ @@ -20306,7 +19828,7 @@ index cb3c591..0617fa7 100644 CFI_ADJUST_CFA_OFFSET 1*8 leaq -10*8(%rsp), %rdx pushq_cfi $__KERNEL_DS -@@ -1731,6 +2129,7 @@ nested_nmi_out: +@@ -1728,6 +2127,7 @@ nested_nmi_out: CFI_RESTORE rdx /* No need to check faults here */ @@ -20314,7 +19836,7 @@ index cb3c591..0617fa7 100644 INTERRUPT_RETURN CFI_RESTORE_STATE -@@ -1847,6 +2246,17 @@ end_repeat_nmi: +@@ -1844,6 +2244,17 @@ end_repeat_nmi: */ movq %cr2, %r12 @@ -20332,7 +19854,7 @@ index cb3c591..0617fa7 100644 /* paranoidentry do_nmi, 0; without TRACE_IRQS_OFF */ movq %rsp,%rdi movq $-1,%rsi -@@ -1862,23 +2272,34 @@ end_repeat_nmi: +@@ -1859,23 +2270,34 @@ end_repeat_nmi: testl %ebx,%ebx /* swapgs needed? */ jnz nmi_restore nmi_swapgs: @@ -20370,7 +19892,7 @@ index cb3c591..0617fa7 100644 /* * End of kprobes section diff --git a/arch/x86/kernel/ftrace.c b/arch/x86/kernel/ftrace.c -index 1d41402..af9a46a 100644 +index 42a392a..fbbd930 100644 --- a/arch/x86/kernel/ftrace.c +++ b/arch/x86/kernel/ftrace.c @@ -105,6 +105,8 @@ ftrace_modify_code_direct(unsigned long ip, unsigned const char *old_code, @@ -20404,8 +19926,8 @@ index 1d41402..af9a46a 100644 * kernel identity mapping to modify code. */ if (within(ip, (unsigned long)_text, (unsigned long)_etext)) -- ip = (unsigned long)__va(__pa(ip)); -+ ip = (unsigned long)__va(__pa(ktla_ktva(ip))); +- ip = (unsigned long)__va(__pa_symbol(ip)); ++ ip = (unsigned long)__va(__pa_symbol(ktla_ktva(ip))); return probe_kernel_write((void *)ip, val, size); } @@ -20436,30 +19958,20 @@ index 1d41402..af9a46a 100644 if (probe_kernel_read(code, (void *)ip, MCOUNT_INSN_SIZE)) return -EFAULT; -diff --git a/arch/x86/kernel/head32.c b/arch/x86/kernel/head32.c -index c18f59d..9c0c9f6 100644 ---- a/arch/x86/kernel/head32.c -+++ b/arch/x86/kernel/head32.c -@@ -18,6 +18,7 @@ - #include <asm/io_apic.h> - #include <asm/bios_ebda.h> - #include <asm/tlbflush.h> -+#include <asm/boot.h> - - static void __init i386_default_early_setup(void) - { -@@ -30,8 +31,7 @@ static void __init i386_default_early_setup(void) +diff --git a/arch/x86/kernel/head64.c b/arch/x86/kernel/head64.c +index 1c68ccb..b4bc15c 100644 +--- a/arch/x86/kernel/head64.c ++++ b/arch/x86/kernel/head64.c +@@ -175,7 +175,6 @@ void __init x86_64_start_kernel(char * real_mode_data) + if (console_loglevel == 10) + early_printk("Kernel alive\n"); - void __init i386_start_kernel(void) - { -- memblock_reserve(__pa_symbol(&_text), -- __pa_symbol(&__bss_stop) - __pa_symbol(&_text)); -+ memblock_reserve(LOAD_PHYSICAL_ADDR, __pa_symbol(&__bss_stop) - LOAD_PHYSICAL_ADDR); +- clear_page(init_level4_pgt); + /* set init_level4_pgt kernel high mapping*/ + init_level4_pgt[511] = early_level4_pgt[511]; - #ifdef CONFIG_BLK_DEV_INITRD - /* Reserve INITRD */ diff --git a/arch/x86/kernel/head_32.S b/arch/x86/kernel/head_32.S -index c8932c7..d56b622 100644 +index 73afd11..d1670f5 100644 --- a/arch/x86/kernel/head_32.S +++ b/arch/x86/kernel/head_32.S @@ -26,6 +26,12 @@ @@ -20575,7 +20087,7 @@ index c8932c7..d56b622 100644 /* * Clear BSS first so that there are no surprises... */ -@@ -196,8 +264,11 @@ ENTRY(startup_32) +@@ -201,8 +269,11 @@ ENTRY(startup_32) movl %eax, pa(max_pfn_mapped) /* Do early initialization of the fixmap area */ @@ -20589,7 +20101,7 @@ index c8932c7..d56b622 100644 #else /* Not PAE */ page_pde_offset = (__PAGE_OFFSET >> 20); -@@ -227,8 +298,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20); +@@ -232,8 +303,11 @@ page_pde_offset = (__PAGE_OFFSET >> 20); movl %eax, pa(max_pfn_mapped) /* Do early initialization of the fixmap area */ @@ -20603,7 +20115,7 @@ index c8932c7..d56b622 100644 #endif #ifdef CONFIG_PARAVIRT -@@ -242,9 +316,7 @@ page_pde_offset = (__PAGE_OFFSET >> 20); +@@ -247,9 +321,7 @@ page_pde_offset = (__PAGE_OFFSET >> 20); cmpl $num_subarch_entries, %eax jae bad_subarch @@ -20614,7 +20126,7 @@ index c8932c7..d56b622 100644 bad_subarch: WEAK(lguest_entry) -@@ -256,10 +328,10 @@ WEAK(xen_entry) +@@ -261,10 +333,10 @@ WEAK(xen_entry) __INITDATA subarch_entries: @@ -20629,25 +20141,25 @@ index c8932c7..d56b622 100644 num_subarch_entries = (. - subarch_entries) / 4 .previous #else -@@ -335,6 +407,7 @@ default_entry: +@@ -355,6 +427,7 @@ default_entry: movl pa(mmu_cr4_features),%eax movl %eax,%cr4 +#ifdef CONFIG_X86_PAE testb $X86_CR4_PAE, %al # check if PAE is enabled - jz 6f + jz enable_paging -@@ -363,6 +436,9 @@ default_entry: +@@ -383,6 +456,9 @@ default_entry: /* Make changes effective */ wrmsr + btsl $_PAGE_BIT_NX-32,pa(__supported_pte_mask+4) +#endif + - 6: + enable_paging: /* -@@ -460,14 +536,20 @@ is386: movl $2,%ecx # set MP +@@ -451,14 +527,20 @@ is486: 1: movl $(__KERNEL_DS),%eax # reload all the segment registers movl %eax,%ss # after changing gdt. @@ -20669,7 +20181,7 @@ index c8932c7..d56b622 100644 movl %eax,%gs xorl %eax,%eax # Clear LDT -@@ -544,8 +626,11 @@ setup_once: +@@ -534,8 +616,11 @@ setup_once: * relocation. Manually set base address in stack canary * segment descriptor. */ @@ -20682,7 +20194,7 @@ index c8932c7..d56b622 100644 movw %cx, 8 * GDT_ENTRY_STACK_CANARY + 2(%eax) shrl $16, %ecx movb %cl, 8 * GDT_ENTRY_STACK_CANARY + 4(%eax) -@@ -576,7 +661,7 @@ ENDPROC(early_idt_handlers) +@@ -566,7 +651,7 @@ ENDPROC(early_idt_handlers) /* This is global to keep gas from relaxing the jumps */ ENTRY(early_idt_handler) cld @@ -20691,7 +20203,7 @@ index c8932c7..d56b622 100644 je hlt_loop incl %ss:early_recursion_flag -@@ -614,8 +699,8 @@ ENTRY(early_idt_handler) +@@ -604,8 +689,8 @@ ENTRY(early_idt_handler) pushl (20+6*4)(%esp) /* trapno */ pushl $fault_msg call printk @@ -20701,7 +20213,7 @@ index c8932c7..d56b622 100644 hlt_loop: hlt jmp hlt_loop -@@ -634,8 +719,11 @@ ENDPROC(early_idt_handler) +@@ -624,8 +709,11 @@ ENDPROC(early_idt_handler) /* This is the default interrupt "handler" :-) */ ALIGN ignore_int: @@ -20714,7 +20226,7 @@ index c8932c7..d56b622 100644 pushl %eax pushl %ecx pushl %edx -@@ -644,9 +732,6 @@ ignore_int: +@@ -634,9 +722,6 @@ ignore_int: movl $(__KERNEL_DS),%eax movl %eax,%ds movl %eax,%es @@ -20724,7 +20236,7 @@ index c8932c7..d56b622 100644 pushl 16(%esp) pushl 24(%esp) pushl 32(%esp) -@@ -680,29 +765,43 @@ ENTRY(setup_once_ref) +@@ -670,29 +755,43 @@ ENTRY(setup_once_ref) /* * BSS section */ @@ -20773,7 +20285,7 @@ index c8932c7..d56b622 100644 ENTRY(initial_page_table) .long pa(initial_pg_pmd+PGD_IDENT_ATTR),0 /* low identity map */ # if KPMDS == 3 -@@ -721,12 +820,20 @@ ENTRY(initial_page_table) +@@ -711,12 +810,20 @@ ENTRY(initial_page_table) # error "Kernel PMDs should be 1, 2 or 3" # endif .align PAGE_SIZE /* needs to be page-sized too */ @@ -20795,7 +20307,7 @@ index c8932c7..d56b622 100644 __INITRODATA int_msg: -@@ -754,7 +861,7 @@ fault_msg: +@@ -744,7 +851,7 @@ fault_msg: * segment size, and 32-bit linear address value: */ @@ -20804,7 +20316,7 @@ index c8932c7..d56b622 100644 .globl boot_gdt_descr .globl idt_descr -@@ -763,7 +870,7 @@ fault_msg: +@@ -753,7 +860,7 @@ fault_msg: .word 0 # 32 bit align gdt_desc.address boot_gdt_descr: .word __BOOT_DS+7 @@ -20813,7 +20325,7 @@ index c8932c7..d56b622 100644 .word 0 # 32-bit align idt_desc.address idt_descr: -@@ -774,7 +881,7 @@ idt_descr: +@@ -764,7 +871,7 @@ idt_descr: .word 0 # 32 bit align gdt_desc.address ENTRY(early_gdt_descr) .word GDT_ENTRIES*8-1 @@ -20822,7 +20334,7 @@ index c8932c7..d56b622 100644 /* * The boot_gdt must mirror the equivalent in setup.S and is -@@ -783,5 +890,65 @@ ENTRY(early_gdt_descr) +@@ -773,5 +880,65 @@ ENTRY(early_gdt_descr) .align L1_CACHE_BYTES ENTRY(boot_gdt) .fill GDT_ENTRY_BOOT_CS,8,0 @@ -20891,7 +20403,7 @@ index c8932c7..d56b622 100644 + .fill PAGE_SIZE_asm - GDT_SIZE,1,0 + .endr diff --git a/arch/x86/kernel/head_64.S b/arch/x86/kernel/head_64.S -index 980053c..74d3b44 100644 +index 08f7e80..40cbed5 100644 --- a/arch/x86/kernel/head_64.S +++ b/arch/x86/kernel/head_64.S @@ -20,6 +20,8 @@ @@ -20916,65 +20428,34 @@ index 980053c..74d3b44 100644 .text __HEAD -@@ -88,35 +96,23 @@ startup_64: +@@ -89,11 +97,15 @@ startup_64: + * Fixup the physical addresses in the page table */ - addq %rbp, init_level4_pgt + 0(%rip) - addq %rbp, init_level4_pgt + (L4_PAGE_OFFSET*8)(%rip) + addq %rbp, early_level4_pgt + (L4_START_KERNEL*8)(%rip) + addq %rbp, init_level4_pgt + (L4_VMALLOC_START*8)(%rip) + addq %rbp, init_level4_pgt + (L4_VMALLOC_END*8)(%rip) + addq %rbp, init_level4_pgt + (L4_VMEMMAP_START*8)(%rip) - addq %rbp, init_level4_pgt + (L4_START_KERNEL*8)(%rip) - - addq %rbp, level3_ident_pgt + 0(%rip) -+#ifndef CONFIG_XEN -+ addq %rbp, level3_ident_pgt + 8(%rip) -+#endif -- addq %rbp, level3_kernel_pgt + (510*8)(%rip) -- addq %rbp, level3_kernel_pgt + (511*8)(%rip) -+ addq %rbp, level3_vmemmap_pgt + (L3_VMEMMAP_START*8)(%rip) -+ -+ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8)(%rip) -+ addq %rbp, level3_kernel_pgt + (L3_START_KERNEL*8+8)(%rip) + addq %rbp, level3_kernel_pgt + (510*8)(%rip) + addq %rbp, level3_kernel_pgt + (511*8)(%rip) addq %rbp, level2_fixmap_pgt + (506*8)(%rip) -- -- /* Add an Identity mapping if I am above 1G */ -- leaq _text(%rip), %rdi -- andq $PMD_PAGE_MASK, %rdi -- -- movq %rdi, %rax -- shrq $PUD_SHIFT, %rax -- andq $(PTRS_PER_PUD - 1), %rax -- jz ident_complete -- -- leaq (level2_spare_pgt - __START_KERNEL_map + _KERNPG_TABLE)(%rbp), %rdx -- leaq level3_ident_pgt(%rip), %rbx -- movq %rdx, 0(%rbx, %rax, 8) -- -- movq %rdi, %rax -- shrq $PMD_SHIFT, %rax -- andq $(PTRS_PER_PMD - 1), %rax -- leaq __PAGE_KERNEL_IDENT_LARGE_EXEC(%rdi), %rdx -- leaq level2_spare_pgt(%rip), %rbx -- movq %rdx, 0(%rbx, %rax, 8) --ident_complete: + addq %rbp, level2_fixmap_pgt + (507*8)(%rip) /* - * Fixup the kernel text+data virtual addresses. Note that -@@ -159,8 +155,8 @@ ENTRY(secondary_startup_64) - * after the boot processor executes this code. - */ + * Set up the identity mapping for the switchover. These +@@ -175,8 +187,8 @@ ENTRY(secondary_startup_64) + movq $(init_level4_pgt - __START_KERNEL_map), %rax + 1: - /* Enable PAE mode and PGE */ -- movl $(X86_CR4_PAE | X86_CR4_PGE), %eax +- movl $(X86_CR4_PAE | X86_CR4_PGE), %ecx + /* Enable PAE mode and PSE/PGE */ -+ movl $(X86_CR4_PSE | X86_CR4_PAE | X86_CR4_PGE), %eax - movq %rax, %cr4 ++ movl $(X86_CR4_PSE | X86_CR4_PAE | X86_CR4_PGE), %ecx + movq %rcx, %cr4 /* Setup early boot stage 4 level pagetables. */ -@@ -182,9 +178,17 @@ ENTRY(secondary_startup_64) +@@ -197,10 +209,18 @@ ENTRY(secondary_startup_64) movl $MSR_EFER, %ecx rdmsr btsl $_EFER_SCE, %eax /* Enable System Call */ @@ -20982,6 +20463,7 @@ index 980053c..74d3b44 100644 + btl $(X86_FEATURE_NX & 31),%edi /* No Execute supported? */ jnc 1f btsl $_EFER_NX, %eax + btsq $_PAGE_BIT_NX,early_pmd_flags(%rip) + leaq init_level4_pgt(%rip), %rdi +#ifndef CONFIG_EFI + btsq $_PAGE_BIT_NX, 8*L4_PAGE_OFFSET(%rdi) @@ -20993,24 +20475,15 @@ index 980053c..74d3b44 100644 1: wrmsr /* Make changes effective */ /* Setup cr0 */ -@@ -246,6 +250,7 @@ ENTRY(secondary_startup_64) - * jump. In addition we need to ensure %cs is set so we make this - * a far return. +@@ -280,6 +300,7 @@ ENTRY(secondary_startup_64) + * REX.W + FF /5 JMP m16:64 Jump far, absolute indirect, + * address given in m16:64. */ + pax_set_fptr_mask movq initial_code(%rip),%rax pushq $0 # fake return address to stop unwinder pushq $__KERNEL_CS # set correct cs -@@ -284,7 +289,7 @@ ENDPROC(start_cpu0) - bad_address: - jmp bad_address - -- .section ".init.text","ax" -+ __INIT - .globl early_idt_handlers - early_idt_handlers: - # 104(%rsp) %rflags -@@ -343,7 +348,7 @@ ENTRY(early_idt_handler) +@@ -386,7 +407,7 @@ ENTRY(early_idt_handler) call dump_stack #ifdef CONFIG_KALLSYMS leaq early_idt_ripmsg(%rip),%rdi @@ -21019,51 +20492,35 @@ index 980053c..74d3b44 100644 call __print_symbol #endif #endif /* EARLY_PRINTK */ -@@ -363,11 +368,15 @@ ENTRY(early_idt_handler) - addq $16,%rsp # drop vector number and error code - decl early_recursion_flag(%rip) - INTERRUPT_RETURN -+ .previous - -+ __INITDATA - .balign 4 +@@ -414,6 +435,7 @@ ENDPROC(early_idt_handler) early_recursion_flag: .long 0 -+ .previous + .section .rodata,"a",@progbits #ifdef CONFIG_EARLY_PRINTK early_idt_msg: .asciz "PANIC: early exception %02lx rip %lx:%lx error %lx cr2 %lx\n" -@@ -376,6 +385,7 @@ early_idt_ripmsg: - #endif /* CONFIG_EARLY_PRINTK */ - .previous +@@ -443,27 +465,50 @@ NEXT_PAGE(early_dynamic_pgts) -+ .section .rodata,"a",@progbits - #define NEXT_PAGE(name) \ - .balign PAGE_SIZE; \ - ENTRY(name) -@@ -388,7 +398,6 @@ ENTRY(name) - i = i + 1 ; \ - .endr + .data -- .data - /* - * This default setting generates an ident mapping at address 0x100000 - * and a mapping for the kernel that precisely maps virtual address -@@ -399,13 +408,41 @@ NEXT_PAGE(init_level4_pgt) - .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE - .org init_level4_pgt + L4_PAGE_OFFSET*8, 0 - .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE +-#ifndef CONFIG_XEN + NEXT_PAGE(init_level4_pgt) +- .fill 512,8,0 +-#else +-NEXT_PAGE(init_level4_pgt) +- .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE + .org init_level4_pgt + L4_PAGE_OFFSET*8, 0 + .quad level3_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE + .org init_level4_pgt + L4_VMALLOC_START*8, 0 + .quad level3_vmalloc_start_pgt - __START_KERNEL_map + _KERNPG_TABLE + .org init_level4_pgt + L4_VMALLOC_END*8, 0 + .quad level3_vmalloc_end_pgt - __START_KERNEL_map + _KERNPG_TABLE + .org init_level4_pgt + L4_VMEMMAP_START*8, 0 + .quad level3_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE - .org init_level4_pgt + L4_START_KERNEL*8, 0 + .org init_level4_pgt + L4_START_KERNEL*8, 0 /* (2^48-(2*1024*1024*1024))/(2^39) = 511 */ - .quad level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE + .quad level3_kernel_pgt - __START_KERNEL_map + _PAGE_TABLE +#ifdef CONFIG_PAX_PER_CPU_PGD +NEXT_PAGE(cpu_pgd) @@ -21075,7 +20532,7 @@ index 980053c..74d3b44 100644 NEXT_PAGE(level3_ident_pgt) .quad level2_ident_pgt - __START_KERNEL_map + _KERNPG_TABLE +#ifdef CONFIG_XEN - .fill 511,8,0 + .fill 511, 8, 0 +#else + .quad level2_ident_pgt + PAGE_SIZE - __START_KERNEL_map + _KERNPG_TABLE + .fill 510,8,0 @@ -21090,16 +20547,31 @@ index 980053c..74d3b44 100644 +NEXT_PAGE(level3_vmemmap_pgt) + .fill L3_VMEMMAP_START,8,0 + .quad level2_vmemmap_pgt - __START_KERNEL_map + _KERNPG_TABLE ++ + NEXT_PAGE(level2_ident_pgt) +- /* Since I easily can, map the first 1G. ++ /* Since I easily can, map the first 2G. + * Don't set NX because code runs from these pages. + */ +- PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, PTRS_PER_PMD) +-#endif ++ PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, 2*PTRS_PER_PMD) NEXT_PAGE(level3_kernel_pgt) .fill L3_START_KERNEL,8,0 -@@ -413,20 +450,23 @@ NEXT_PAGE(level3_kernel_pgt) +@@ -471,6 +516,9 @@ NEXT_PAGE(level3_kernel_pgt) .quad level2_kernel_pgt - __START_KERNEL_map + _KERNPG_TABLE .quad level2_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE +NEXT_PAGE(level2_vmemmap_pgt) + .fill 512,8,0 + + NEXT_PAGE(level2_kernel_pgt) + /* + * 512 MB kernel mapping. We spend a full page on this pagetable +@@ -486,38 +534,64 @@ NEXT_PAGE(level2_kernel_pgt) + KERNEL_IMAGE_SIZE/PMD_SIZE) + NEXT_PAGE(level2_fixmap_pgt) - .fill 506,8,0 - .quad level1_fixmap_pgt - __START_KERNEL_map + _PAGE_TABLE @@ -21114,30 +20586,7 @@ index 980053c..74d3b44 100644 +NEXT_PAGE(level1_vsyscall_pgt) .fill 512,8,0 --NEXT_PAGE(level2_ident_pgt) -- /* Since I easily can, map the first 1G. -+ /* Since I easily can, map the first 2G. - * Don't set NX because code runs from these pages. - */ -- PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, PTRS_PER_PMD) -+NEXT_PAGE(level2_ident_pgt) -+ PMDS(0, __PAGE_KERNEL_IDENT_LARGE_EXEC, 2*PTRS_PER_PMD) - - NEXT_PAGE(level2_kernel_pgt) - /* -@@ -439,37 +479,59 @@ NEXT_PAGE(level2_kernel_pgt) - * If you want to increase this then increase MODULES_VADDR - * too.) - */ -- PMDS(0, __PAGE_KERNEL_LARGE_EXEC, -- KERNEL_IMAGE_SIZE/PMD_SIZE) -- --NEXT_PAGE(level2_spare_pgt) -- .fill 512, 8, 0 -+ PMDS(0, __PAGE_KERNEL_LARGE_EXEC, KERNEL_IMAGE_SIZE/PMD_SIZE) - #undef PMDS - #undef NEXT_PAGE - .data + .align PAGE_SIZE @@ -21195,9 +20644,9 @@ index 980053c..74d3b44 100644 + .fill 512,8,0 __PAGE_ALIGNED_BSS - .align PAGE_SIZE + NEXT_PAGE(empty_zero_page) diff --git a/arch/x86/kernel/i386_ksyms_32.c b/arch/x86/kernel/i386_ksyms_32.c -index 9c3bd4a..e1d9b35 100644 +index 0fa6912..37fce70 100644 --- a/arch/x86/kernel/i386_ksyms_32.c +++ b/arch/x86/kernel/i386_ksyms_32.c @@ -20,8 +20,12 @@ extern void cmpxchg8b_emu(void); @@ -21213,7 +20662,7 @@ index 9c3bd4a..e1d9b35 100644 EXPORT_SYMBOL(__get_user_1); EXPORT_SYMBOL(__get_user_2); -@@ -36,3 +40,7 @@ EXPORT_SYMBOL(strstr); +@@ -37,3 +41,7 @@ EXPORT_SYMBOL(strstr); EXPORT_SYMBOL(csum_partial); EXPORT_SYMBOL(empty_zero_page); @@ -21289,7 +20738,7 @@ index a979b5b..1d6db75 100644 .callback = dmi_io_delay_0xed_port, .ident = "Compaq Presario V6000", diff --git a/arch/x86/kernel/ioport.c b/arch/x86/kernel/ioport.c -index 8c96897..be66bfa 100644 +index 4ddaf66..6292f4e 100644 --- a/arch/x86/kernel/ioport.c +++ b/arch/x86/kernel/ioport.c @@ -6,6 +6,7 @@ @@ -21322,7 +20771,7 @@ index 8c96897..be66bfa 100644 if (turn_on) bitmap_clear(t->io_bitmap_ptr, from, num); -@@ -102,6 +109,12 @@ long sys_iopl(unsigned int level, struct pt_regs *regs) +@@ -103,6 +110,12 @@ SYSCALL_DEFINE1(iopl, unsigned int, level) return -EINVAL; /* Trying to gain more privileges? */ if (level > old) { @@ -21638,64 +21087,13 @@ index 836f832..a8bda67 100644 (char *)bpt->saved_instr, BREAK_INSTR_SIZE); } -diff --git a/arch/x86/kernel/kprobes-opt.c b/arch/x86/kernel/kprobes-opt.c -index c5e410e..ed5a7f0 100644 ---- a/arch/x86/kernel/kprobes-opt.c -+++ b/arch/x86/kernel/kprobes-opt.c -@@ -338,7 +338,7 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) - * Verify if the address gap is in 2GB range, because this uses - * a relative jump. - */ -- rel = (long)op->optinsn.insn - (long)op->kp.addr + RELATIVEJUMP_SIZE; -+ rel = (long)op->optinsn.insn - ktla_ktva((long)op->kp.addr) + RELATIVEJUMP_SIZE; - if (abs(rel) > 0x7fffffff) - return -ERANGE; - -@@ -353,16 +353,16 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) - op->optinsn.size = ret; - - /* Copy arch-dep-instance from template */ -- memcpy(buf, &optprobe_template_entry, TMPL_END_IDX); -+ memcpy(buf, ktla_ktva(&optprobe_template_entry), TMPL_END_IDX); - - /* Set probe information */ - synthesize_set_arg1(buf + TMPL_MOVE_IDX, (unsigned long)op); - - /* Set probe function call */ -- synthesize_relcall(buf + TMPL_CALL_IDX, optimized_callback); -+ synthesize_relcall(ktva_ktla(buf) + TMPL_CALL_IDX, optimized_callback); - - /* Set returning jmp instruction at the tail of out-of-line buffer */ -- synthesize_reljump(buf + TMPL_END_IDX + op->optinsn.size, -+ synthesize_reljump(ktva_ktla(buf) + TMPL_END_IDX + op->optinsn.size, - (u8 *)op->kp.addr + op->optinsn.size); - - flush_icache_range((unsigned long) buf, -@@ -385,7 +385,7 @@ static void __kprobes setup_optimize_kprobe(struct text_poke_param *tprm, - ((long)op->kp.addr + RELATIVEJUMP_SIZE)); - - /* Backup instructions which will be replaced by jump address */ -- memcpy(op->optinsn.copied_insn, op->kp.addr + INT3_SIZE, -+ memcpy(op->optinsn.copied_insn, ktla_ktva(op->kp.addr) + INT3_SIZE, - RELATIVE_ADDR_SIZE); - - insn_buf[0] = RELATIVEJUMP_OPCODE; -@@ -483,7 +483,7 @@ setup_detour_execution(struct kprobe *p, struct pt_regs *regs, int reenter) - /* This kprobe is really able to run optimized path. */ - op = container_of(p, struct optimized_kprobe, kp); - /* Detour through copied instructions */ -- regs->ip = (unsigned long)op->optinsn.insn + TMPL_END_IDX; -+ regs->ip = ktva_ktla((unsigned long)op->optinsn.insn) + TMPL_END_IDX; - if (!reenter) - reset_current_kprobe(); - preempt_enable_no_resched(); -diff --git a/arch/x86/kernel/kprobes.c b/arch/x86/kernel/kprobes.c -index 57916c0..9e0b9d0 100644 ---- a/arch/x86/kernel/kprobes.c -+++ b/arch/x86/kernel/kprobes.c +diff --git a/arch/x86/kernel/kprobes/core.c b/arch/x86/kernel/kprobes/core.c +index 7bfe318..383d238 100644 +--- a/arch/x86/kernel/kprobes/core.c ++++ b/arch/x86/kernel/kprobes/core.c @@ -119,9 +119,12 @@ static void __kprobes __synthesize_relative_insn(void *from, void *to, u8 op) s32 raddr; - } __attribute__((packed)) *insn; + } __packed *insn; - insn = (struct __arch_relative_insn *)from; + insn = (struct __arch_relative_insn *)ktla_ktva(from); @@ -21748,7 +21146,7 @@ index 57916c0..9e0b9d0 100644 } #endif return insn.length; -@@ -485,7 +492,7 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k +@@ -488,7 +495,7 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k * nor set current_kprobe, because it doesn't use single * stepping. */ @@ -21757,7 +21155,7 @@ index 57916c0..9e0b9d0 100644 preempt_enable_no_resched(); return; } -@@ -502,9 +509,9 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k +@@ -505,9 +512,9 @@ setup_singlestep(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *k regs->flags &= ~X86_EFLAGS_IF; /* single step inline if the instruction is an int3 */ if (p->opcode == BREAKPOINT_INSTRUCTION) @@ -21769,7 +21167,7 @@ index 57916c0..9e0b9d0 100644 } /* -@@ -600,7 +607,7 @@ static int __kprobes kprobe_handler(struct pt_regs *regs) +@@ -586,7 +593,7 @@ static int __kprobes kprobe_handler(struct pt_regs *regs) setup_singlestep(p, regs, kcb, 0); return 1; } @@ -21778,7 +21176,7 @@ index 57916c0..9e0b9d0 100644 /* * The breakpoint instruction was removed right * after we hit it. Another cpu has removed -@@ -651,6 +658,9 @@ static void __used __kprobes kretprobe_trampoline_holder(void) +@@ -632,6 +639,9 @@ static void __used __kprobes kretprobe_trampoline_holder(void) " movq %rax, 152(%rsp)\n" RESTORE_REGS_STRING " popfq\n" @@ -21788,7 +21186,7 @@ index 57916c0..9e0b9d0 100644 #else " pushf\n" SAVE_REGS_STRING -@@ -788,7 +798,7 @@ static void __kprobes +@@ -769,7 +779,7 @@ static void __kprobes resume_execution(struct kprobe *p, struct pt_regs *regs, struct kprobe_ctlblk *kcb) { unsigned long *tos = stack_addr(regs); @@ -21797,7 +21195,7 @@ index 57916c0..9e0b9d0 100644 unsigned long orig_ip = (unsigned long)p->addr; kprobe_opcode_t *insn = p->ainsn.insn; -@@ -970,7 +980,7 @@ kprobe_exceptions_notify(struct notifier_block *self, unsigned long val, void *d +@@ -951,7 +961,7 @@ kprobe_exceptions_notify(struct notifier_block *self, unsigned long val, void *d struct die_args *args = data; int ret = NOTIFY_DONE; @@ -21806,11 +21204,80 @@ index 57916c0..9e0b9d0 100644 return ret; switch (val) { +diff --git a/arch/x86/kernel/kprobes/opt.c b/arch/x86/kernel/kprobes/opt.c +index 76dc6f0..66bdfc3 100644 +--- a/arch/x86/kernel/kprobes/opt.c ++++ b/arch/x86/kernel/kprobes/opt.c +@@ -79,6 +79,7 @@ found: + /* Insert a move instruction which sets a pointer to eax/rdi (1st arg). */ + static void __kprobes synthesize_set_arg1(kprobe_opcode_t *addr, unsigned long val) + { ++ pax_open_kernel(); + #ifdef CONFIG_X86_64 + *addr++ = 0x48; + *addr++ = 0xbf; +@@ -86,6 +87,7 @@ static void __kprobes synthesize_set_arg1(kprobe_opcode_t *addr, unsigned long v + *addr++ = 0xb8; + #endif + *(unsigned long *)addr = val; ++ pax_close_kernel(); + } + + static void __used __kprobes kprobes_optinsn_template_holder(void) +@@ -338,7 +340,7 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) + * Verify if the address gap is in 2GB range, because this uses + * a relative jump. + */ +- rel = (long)op->optinsn.insn - (long)op->kp.addr + RELATIVEJUMP_SIZE; ++ rel = (long)op->optinsn.insn - ktla_ktva((long)op->kp.addr) + RELATIVEJUMP_SIZE; + if (abs(rel) > 0x7fffffff) + return -ERANGE; + +@@ -353,16 +355,18 @@ int __kprobes arch_prepare_optimized_kprobe(struct optimized_kprobe *op) + op->optinsn.size = ret; + + /* Copy arch-dep-instance from template */ +- memcpy(buf, &optprobe_template_entry, TMPL_END_IDX); ++ pax_open_kernel(); ++ memcpy(buf, ktla_ktva(&optprobe_template_entry), TMPL_END_IDX); ++ pax_close_kernel(); + + /* Set probe information */ + synthesize_set_arg1(buf + TMPL_MOVE_IDX, (unsigned long)op); + + /* Set probe function call */ +- synthesize_relcall(buf + TMPL_CALL_IDX, optimized_callback); ++ synthesize_relcall(ktva_ktla(buf) + TMPL_CALL_IDX, optimized_callback); + + /* Set returning jmp instruction at the tail of out-of-line buffer */ +- synthesize_reljump(buf + TMPL_END_IDX + op->optinsn.size, ++ synthesize_reljump(ktva_ktla(buf) + TMPL_END_IDX + op->optinsn.size, + (u8 *)op->kp.addr + op->optinsn.size); + + flush_icache_range((unsigned long) buf, +@@ -385,7 +389,7 @@ static void __kprobes setup_optimize_kprobe(struct text_poke_param *tprm, + ((long)op->kp.addr + RELATIVEJUMP_SIZE)); + + /* Backup instructions which will be replaced by jump address */ +- memcpy(op->optinsn.copied_insn, op->kp.addr + INT3_SIZE, ++ memcpy(op->optinsn.copied_insn, ktla_ktva(op->kp.addr) + INT3_SIZE, + RELATIVE_ADDR_SIZE); + + insn_buf[0] = RELATIVEJUMP_OPCODE; +@@ -483,7 +487,7 @@ setup_detour_execution(struct kprobe *p, struct pt_regs *regs, int reenter) + /* This kprobe is really able to run optimized path. */ + op = container_of(p, struct optimized_kprobe, kp); + /* Detour through copied instructions */ +- regs->ip = (unsigned long)op->optinsn.insn + TMPL_END_IDX; ++ regs->ip = ktva_ktla((unsigned long)op->optinsn.insn) + TMPL_END_IDX; + if (!reenter) + reset_current_kprobe(); + preempt_enable_no_resched(); diff --git a/arch/x86/kernel/kvm.c b/arch/x86/kernel/kvm.c -index 9c2bd8b..bb1131c 100644 +index b686a90..60d36fb 100644 --- a/arch/x86/kernel/kvm.c +++ b/arch/x86/kernel/kvm.c -@@ -452,7 +452,7 @@ static int __cpuinit kvm_cpu_notify(struct notifier_block *self, +@@ -453,7 +453,7 @@ static int __cpuinit kvm_cpu_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -21919,10 +21386,10 @@ index 5b19e4d..6476a76 100644 relocate_kernel_ptr = control_page; page_list[PA_CONTROL_PAGE] = __pa(control_page); diff --git a/arch/x86/kernel/microcode_core.c b/arch/x86/kernel/microcode_core.c -index 3a04b22..1d2eb09 100644 +index 22db92b..d546bec 100644 --- a/arch/x86/kernel/microcode_core.c +++ b/arch/x86/kernel/microcode_core.c -@@ -512,7 +512,7 @@ mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu) +@@ -513,7 +513,7 @@ mc_cpu_callback(struct notifier_block *nb, unsigned long action, void *hcpu) return NOTIFY_OK; } @@ -21932,10 +21399,10 @@ index 3a04b22..1d2eb09 100644 }; diff --git a/arch/x86/kernel/microcode_intel.c b/arch/x86/kernel/microcode_intel.c -index 3544aed..01ddc1c 100644 +index 5fb2ceb..3ae90bb 100644 --- a/arch/x86/kernel/microcode_intel.c +++ b/arch/x86/kernel/microcode_intel.c -@@ -431,13 +431,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device, +@@ -293,13 +293,13 @@ static enum ucode_state request_microcode_fw(int cpu, struct device *device, static int get_ucode_user(void *to, const void *from, size_t n) { @@ -22089,10 +21556,10 @@ index 216a4d7..228255a 100644 if ((s64)val != *(s32 *)loc) goto overflow; diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c -index 4929502..686c291 100644 +index ce13049..e2e9c3c 100644 --- a/arch/x86/kernel/msr.c +++ b/arch/x86/kernel/msr.c -@@ -234,7 +234,7 @@ static int __cpuinit msr_class_cpu_callback(struct notifier_block *nfb, +@@ -233,7 +233,7 @@ static int __cpuinit msr_class_cpu_callback(struct notifier_block *nfb, return notifier_from_errno(err); } @@ -22102,7 +21569,7 @@ index 4929502..686c291 100644 }; diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c -index f84f5c5..f404e81 100644 +index 6030805..2d33f21 100644 --- a/arch/x86/kernel/nmi.c +++ b/arch/x86/kernel/nmi.c @@ -105,7 +105,7 @@ static int __kprobes nmi_handle(unsigned int type, struct pt_regs *regs, bool b2 @@ -22363,7 +21830,7 @@ index 6c483ba..d10ce2f 100644 static struct dma_map_ops swiotlb_dma_ops = { diff --git a/arch/x86/kernel/process.c b/arch/x86/kernel/process.c -index 2ed787f..f70c9f6 100644 +index 14ae100..752a4f6 100644 --- a/arch/x86/kernel/process.c +++ b/arch/x86/kernel/process.c @@ -36,7 +36,8 @@ @@ -22413,7 +21880,7 @@ index 2ed787f..f70c9f6 100644 flush_ptrace_hw_breakpoint(tsk); memset(tsk->thread.tls_array, 0, sizeof(tsk->thread.tls_array)); drop_init_fpu(tsk); -@@ -301,7 +305,7 @@ static void __exit_idle(void) +@@ -295,7 +299,7 @@ static void __exit_idle(void) void exit_idle(void) { /* idle loop has pid 0 */ @@ -22422,16 +21889,16 @@ index 2ed787f..f70c9f6 100644 return; __exit_idle(); } -@@ -404,7 +408,7 @@ bool set_pm_idle_to_default(void) - +@@ -398,7 +402,7 @@ bool xen_set_default_idle(void) return ret; } + #endif -void stop_this_cpu(void *dummy) +__noreturn void stop_this_cpu(void *dummy) { local_irq_disable(); /* -@@ -632,16 +636,37 @@ static int __init idle_setup(char *str) +@@ -544,16 +548,37 @@ static int __init idle_setup(char *str) } early_param("idle", idle_setup); @@ -22587,7 +22054,7 @@ index b5a8905..d9cacac 100644 } - diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c -index 6e68a61..955a9a5 100644 +index 0f49677..fcbf88c 100644 --- a/arch/x86/kernel/process_64.c +++ b/arch/x86/kernel/process_64.c @@ -152,10 +152,11 @@ int copy_thread(unsigned long clone_flags, unsigned long sp, @@ -22641,7 +22108,7 @@ index 6e68a61..955a9a5 100644 ip = *(u64 *)(fp+8); if (!in_sched_functions(ip)) diff --git a/arch/x86/kernel/ptrace.c b/arch/x86/kernel/ptrace.c -index b629bbe..0fa615a 100644 +index 29a8120..a50b5ee 100644 --- a/arch/x86/kernel/ptrace.c +++ b/arch/x86/kernel/ptrace.c @@ -184,14 +184,13 @@ unsigned long kernel_stack_pointer(struct pt_regs *regs) @@ -22941,10 +22408,18 @@ index 7a6f3b3..bed145d7 100644 1: diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 8b24289..d37b58b 100644 +index fae9134..b7d4a57 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -437,7 +437,7 @@ static void __init parse_setup_data(void) +@@ -111,6 +111,7 @@ + #include <asm/mce.h> + #include <asm/alternative.h> + #include <asm/prom.h> ++#include <asm/boot.h> + + /* + * max_low_pfn_mapped: highest direct mapped pfn under 4GB +@@ -447,7 +448,7 @@ static void __init parse_setup_data(void) switch (data->type) { case SETUP_E820_EXT: @@ -22953,7 +22428,7 @@ index 8b24289..d37b58b 100644 break; case SETUP_DTB: add_dtb(pa_data); -@@ -706,7 +706,7 @@ static void __init trim_bios_range(void) +@@ -774,7 +775,7 @@ static void __init trim_bios_range(void) * area (640->1Mb) as ram even though it is not. * take them out. */ @@ -22962,7 +22437,20 @@ index 8b24289..d37b58b 100644 sanitize_e820_map(e820.map, ARRAY_SIZE(e820.map), &e820.nr_map); } -@@ -830,14 +830,14 @@ void __init setup_arch(char **cmdline_p) +@@ -844,8 +845,12 @@ static void __init trim_low_memory_range(void) + + void __init setup_arch(char **cmdline_p) + { ++#ifdef CONFIG_X86_32 ++ memblock_reserve(LOAD_PHYSICAL_ADDR, __pa_symbol(__bss_stop) - ____LOAD_PHYSICAL_ADDR); ++#else + memblock_reserve(__pa_symbol(_text), + (unsigned long)__bss_stop - (unsigned long)_text); ++#endif + + early_reserve_initrd(); + +@@ -937,14 +942,14 @@ void __init setup_arch(char **cmdline_p) if (!boot_params.hdr.root_flags) root_mountflags &= ~MS_RDONLY; @@ -22973,15 +22461,15 @@ index 8b24289..d37b58b 100644 init_mm.end_data = (unsigned long) _edata; init_mm.brk = _brk_end; -- code_resource.start = virt_to_phys(_text); -- code_resource.end = virt_to_phys(_etext)-1; -- data_resource.start = virt_to_phys(_etext); -+ code_resource.start = virt_to_phys(ktla_ktva(_text)); -+ code_resource.end = virt_to_phys(ktla_ktva(_etext))-1; -+ data_resource.start = virt_to_phys(_sdata); - data_resource.end = virt_to_phys(_edata)-1; - bss_resource.start = virt_to_phys(&__bss_start); - bss_resource.end = virt_to_phys(&__bss_stop)-1; +- code_resource.start = __pa_symbol(_text); +- code_resource.end = __pa_symbol(_etext)-1; +- data_resource.start = __pa_symbol(_etext); ++ code_resource.start = __pa_symbol(ktla_ktva(_text)); ++ code_resource.end = __pa_symbol(ktla_ktva(_etext))-1; ++ data_resource.start = __pa_symbol(_sdata); + data_resource.end = __pa_symbol(_edata)-1; + bss_resource.start = __pa_symbol(__bss_start); + bss_resource.end = __pa_symbol(__bss_stop)-1; diff --git a/arch/x86/kernel/setup_percpu.c b/arch/x86/kernel/setup_percpu.c index 5cdff03..80fa283 100644 --- a/arch/x86/kernel/setup_percpu.c @@ -23059,7 +22547,7 @@ index 5cdff03..80fa283 100644 * Up to this point, the boot CPU has been using .init.data * area. Reload any changed state for the boot CPU. diff --git a/arch/x86/kernel/signal.c b/arch/x86/kernel/signal.c -index d6bf1f3..3ffce5a 100644 +index 6956299..6797253 100644 --- a/arch/x86/kernel/signal.c +++ b/arch/x86/kernel/signal.c @@ -196,7 +196,7 @@ static unsigned long align_sigframe(unsigned long sp) @@ -23071,7 +22559,7 @@ index d6bf1f3..3ffce5a 100644 #else /* !CONFIG_X86_32 */ sp = round_down(sp, 16) - 8; #endif -@@ -304,9 +304,9 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, +@@ -304,9 +304,9 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set, } if (current->mm->context.vdso) @@ -23080,10 +22568,10 @@ index d6bf1f3..3ffce5a 100644 else - restorer = &frame->retcode; + restorer = (void __user *)&frame->retcode; - if (ka->sa.sa_flags & SA_RESTORER) - restorer = ka->sa.sa_restorer; + if (ksig->ka.sa.sa_flags & SA_RESTORER) + restorer = ksig->ka.sa.sa_restorer; -@@ -320,7 +320,7 @@ __setup_frame(int sig, struct k_sigaction *ka, sigset_t *set, +@@ -320,7 +320,7 @@ __setup_frame(int sig, struct ksignal *ksig, sigset_t *set, * reasons and because gdb uses it as a signature to notice * signal handler stack frames. */ @@ -23092,7 +22580,7 @@ index d6bf1f3..3ffce5a 100644 if (err) return -EFAULT; -@@ -367,7 +367,10 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -367,7 +367,10 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig, err |= __save_altstack(&frame->uc.uc_stack, regs->sp); /* Set up to return from userspace. */ @@ -23100,11 +22588,11 @@ index d6bf1f3..3ffce5a 100644 + if (current->mm->context.vdso) + restorer = (__force void __user *)VDSO32_SYMBOL(current->mm->context.vdso, rt_sigreturn); + else -+ restorer = (void __user *)&frame->retcode; - if (ka->sa.sa_flags & SA_RESTORER) - restorer = ka->sa.sa_restorer; ++ restorer = (void __user *)&frame->retcode; + if (ksig->ka.sa.sa_flags & SA_RESTORER) + restorer = ksig->ka.sa.sa_restorer; put_user_ex(restorer, &frame->pretcode); -@@ -379,7 +382,7 @@ static int __setup_rt_frame(int sig, struct k_sigaction *ka, siginfo_t *info, +@@ -379,7 +382,7 @@ static int __setup_rt_frame(int sig, struct ksignal *ksig, * reasons and because gdb uses it as a signature to notice * signal handler stack frames. */ @@ -23112,7 +22600,7 @@ index d6bf1f3..3ffce5a 100644 + put_user_ex(*((u64 *)&rt_retcode), (u64 __user *)frame->retcode); } put_user_catch(err); - err |= copy_siginfo_to_user(&frame->info, info); + err |= copy_siginfo_to_user(&frame->info, &ksig->info); diff --git a/arch/x86/kernel/smp.c b/arch/x86/kernel/smp.c index 48d2b7d..90d328a 100644 --- a/arch/x86/kernel/smp.c @@ -23127,7 +22615,7 @@ index 48d2b7d..90d328a 100644 .smp_prepare_cpus = native_smp_prepare_cpus, .smp_cpus_done = native_smp_cpus_done, diff --git a/arch/x86/kernel/smpboot.c b/arch/x86/kernel/smpboot.c -index ed0fe38..87fc692 100644 +index 9f190a2..90a0688 100644 --- a/arch/x86/kernel/smpboot.c +++ b/arch/x86/kernel/smpboot.c @@ -748,6 +748,7 @@ static int __cpuinit do_boot_cpu(int apicid, int cpu, struct task_struct *idle) @@ -23465,7 +22953,7 @@ index 0000000..207bec6 + return addr; +} diff --git a/arch/x86/kernel/sys_x86_64.c b/arch/x86/kernel/sys_x86_64.c -index 97ef74b..57a1882 100644 +index dbded5a..7916f74 100644 --- a/arch/x86/kernel/sys_x86_64.c +++ b/arch/x86/kernel/sys_x86_64.c @@ -81,8 +81,8 @@ out: @@ -23516,7 +23004,23 @@ index 97ef74b..57a1882 100644 return addr; } -@@ -161,6 +165,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -137,6 +141,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, + info.high_limit = end; + info.align_mask = filp ? get_align_mask() : 0; + info.align_offset = pgoff << PAGE_SHIFT; ++ info.threadstack_offset = offset; + return vm_unmapped_area(&info); + } + +@@ -149,6 +154,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + struct mm_struct *mm = current->mm; + unsigned long addr = addr0; + struct vm_unmapped_area_info info; ++ unsigned long offset = gr_rand_threadstack_offset(mm, filp, flags); + + /* requested length too big for entire address space */ + if (len > TASK_SIZE) +@@ -161,6 +167,10 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (!test_thread_flag(TIF_ADDR32) && (flags & MAP_32BIT)) goto bottomup; @@ -23527,6 +23031,14 @@ index 97ef74b..57a1882 100644 /* requesting a specific address */ if (addr) { addr = PAGE_ALIGN(addr); +@@ -176,6 +186,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + info.high_limit = mm->mmap_base; + info.align_mask = filp ? get_align_mask() : 0; + info.align_offset = pgoff << PAGE_SHIFT; ++ info.threadstack_offset = offset; + addr = vm_unmapped_area(&info); + if (!(addr & ~PAGE_MASK)) + return addr; diff --git a/arch/x86/kernel/tboot.c b/arch/x86/kernel/tboot.c index f84fe00..f41d9f1 100644 --- a/arch/x86/kernel/tboot.c @@ -23647,7 +23159,7 @@ index 9d9d2f9..cad418a 100644 else info = infobuf; diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c -index ecffca1..95c4d13 100644 +index 68bda7a..3ec7bb7 100644 --- a/arch/x86/kernel/traps.c +++ b/arch/x86/kernel/traps.c @@ -68,12 +68,6 @@ @@ -23803,7 +23315,7 @@ index ecffca1..95c4d13 100644 if (!fixup_exception(regs)) { task->thread.error_code = error_code; diff --git a/arch/x86/kernel/uprobes.c b/arch/x86/kernel/uprobes.c -index c71025b..b117501 100644 +index 0ba4cfb..4596bec 100644 --- a/arch/x86/kernel/uprobes.c +++ b/arch/x86/kernel/uprobes.c @@ -629,7 +629,7 @@ int arch_uprobe_exception_notify(struct notifier_block *self, unsigned long val, @@ -23828,7 +23340,7 @@ index b9242ba..50c5edd 100644 * verify_cpu, returns the status of longmode and SSE in register %eax. * 0: Success 1: Failure diff --git a/arch/x86/kernel/vm86_32.c b/arch/x86/kernel/vm86_32.c -index 1dfe69c..a3df6f6 100644 +index 1cf5766..c0d9de7 100644 --- a/arch/x86/kernel/vm86_32.c +++ b/arch/x86/kernel/vm86_32.c @@ -43,6 +43,7 @@ @@ -23848,7 +23360,7 @@ index 1dfe69c..a3df6f6 100644 current->thread.sp0 = current->thread.saved_sp0; current->thread.sysenter_cs = __KERNEL_CS; load_sp0(tss, ¤t->thread); -@@ -212,6 +213,13 @@ int sys_vm86old(struct vm86_struct __user *v86, struct pt_regs *regs) +@@ -212,6 +213,13 @@ int sys_vm86old(struct vm86_struct __user *v86) struct task_struct *tsk; int tmp, ret = -EPERM; @@ -23862,7 +23374,7 @@ index 1dfe69c..a3df6f6 100644 tsk = current; if (tsk->thread.saved_sp0) goto out; -@@ -242,6 +250,14 @@ int sys_vm86(unsigned long cmd, unsigned long arg, struct pt_regs *regs) +@@ -242,6 +250,14 @@ int sys_vm86(unsigned long cmd, unsigned long arg) int tmp, ret; struct vm86plus_struct __user *v86; @@ -24204,7 +23716,7 @@ index 9a907a6..f83f921 100644 (unsigned long)VSYSCALL_START); diff --git a/arch/x86/kernel/x8664_ksyms_64.c b/arch/x86/kernel/x8664_ksyms_64.c -index 1330dd1..d220b99 100644 +index b014d94..6d6ca7b 100644 --- a/arch/x86/kernel/x8664_ksyms_64.c +++ b/arch/x86/kernel/x8664_ksyms_64.c @@ -34,8 +34,6 @@ EXPORT_SYMBOL(copy_user_generic_string); @@ -24217,10 +23729,10 @@ index 1330dd1..d220b99 100644 EXPORT_SYMBOL(copy_page); EXPORT_SYMBOL(clear_page); diff --git a/arch/x86/kernel/x86_init.c b/arch/x86/kernel/x86_init.c -index 7a3d075..6cb373d 100644 +index 45a14db..075bb9b 100644 --- a/arch/x86/kernel/x86_init.c +++ b/arch/x86/kernel/x86_init.c -@@ -88,7 +88,7 @@ struct x86_init_ops x86_init __initdata = { +@@ -85,7 +85,7 @@ struct x86_init_ops x86_init __initdata = { }, }; @@ -24229,7 +23741,7 @@ index 7a3d075..6cb373d 100644 .early_percpu_clock_init = x86_init_noop, .setup_percpu_clockev = setup_secondary_APIC_clock, }; -@@ -96,7 +96,7 @@ struct x86_cpuinit_ops x86_cpuinit __cpuinitdata = { +@@ -93,7 +93,7 @@ struct x86_cpuinit_ops x86_cpuinit __cpuinitdata = { static void default_nmi_init(void) { }; static int default_i8042_detect(void) { return 1; }; @@ -24238,23 +23750,24 @@ index 7a3d075..6cb373d 100644 .calibrate_tsc = native_calibrate_tsc, .get_wallclock = mach_get_cmos_time, .set_wallclock = mach_set_rtc_mmss, -@@ -110,14 +110,14 @@ struct x86_platform_ops x86_platform = { +@@ -107,7 +107,7 @@ struct x86_platform_ops x86_platform = { }; EXPORT_SYMBOL_GPL(x86_platform); -struct x86_msi_ops x86_msi = { +struct x86_msi_ops x86_msi __read_only = { - .setup_msi_irqs = native_setup_msi_irqs, - .teardown_msi_irq = native_teardown_msi_irq, - .teardown_msi_irqs = default_teardown_msi_irqs, - .restore_msi_irqs = default_restore_msi_irqs, + .setup_msi_irqs = native_setup_msi_irqs, + .compose_msi_msg = native_compose_msi_msg, + .teardown_msi_irq = native_teardown_msi_irq, +@@ -116,7 +116,7 @@ struct x86_msi_ops x86_msi = { + .setup_hpet_msi = default_setup_hpet_msi, }; -struct x86_io_apic_ops x86_io_apic_ops = { +struct x86_io_apic_ops x86_io_apic_ops __read_only = { - .init = native_io_apic_init_mappings, - .read = native_io_apic_read, - .write = native_io_apic_write, + .init = native_io_apic_init_mappings, + .read = native_io_apic_read, + .write = native_io_apic_write, diff --git a/arch/x86/kernel/xsave.c b/arch/x86/kernel/xsave.c index ada87a3..afea76d 100644 --- a/arch/x86/kernel/xsave.c @@ -24327,10 +23840,10 @@ index a20ecb5..d0e2194 100644 out: diff --git a/arch/x86/kvm/emulate.c b/arch/x86/kvm/emulate.c -index d330b3c..101a42b 100644 +index a9c9d3e..9fe214f 100644 --- a/arch/x86/kvm/emulate.c +++ b/arch/x86/kvm/emulate.c -@@ -292,6 +292,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) +@@ -326,6 +326,7 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) #define ____emulate_2op(ctxt, _op, _x, _y, _suffix, _dsttype) \ do { \ @@ -24338,7 +23851,7 @@ index d330b3c..101a42b 100644 __asm__ __volatile__ ( \ _PRE_EFLAGS("0", "4", "2") \ _op _suffix " %"_x"3,%1; " \ -@@ -306,8 +307,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) +@@ -340,8 +341,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) /* Raw emulation: instruction has two explicit operands. */ #define __emulate_2op_nobyte(ctxt,_op,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ @@ -24347,7 +23860,7 @@ index d330b3c..101a42b 100644 switch ((ctxt)->dst.bytes) { \ case 2: \ ____emulate_2op(ctxt,_op,_wx,_wy,"w",u16); \ -@@ -323,7 +322,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) +@@ -357,7 +356,6 @@ static void invalidate_registers(struct x86_emulate_ctxt *ctxt) #define __emulate_2op(ctxt,_op,_bx,_by,_wx,_wy,_lx,_ly,_qx,_qy) \ do { \ @@ -24356,7 +23869,7 @@ index d330b3c..101a42b 100644 case 1: \ ____emulate_2op(ctxt,_op,_bx,_by,"b",u8); \ diff --git a/arch/x86/kvm/lapic.c b/arch/x86/kvm/lapic.c -index a2f492c..899e107 100644 +index f77df1c..6f20690 100644 --- a/arch/x86/kvm/lapic.c +++ b/arch/x86/kvm/lapic.c @@ -55,7 +55,7 @@ @@ -24369,7 +23882,7 @@ index a2f492c..899e107 100644 #define APIC_LVT_NUM 6 /* 14 is the version for Xeon and Pentium 8.4.8*/ diff --git a/arch/x86/kvm/paging_tmpl.h b/arch/x86/kvm/paging_tmpl.h -index 891eb6d..e027900 100644 +index 105dd5b..1b0ccc2 100644 --- a/arch/x86/kvm/paging_tmpl.h +++ b/arch/x86/kvm/paging_tmpl.h @@ -208,7 +208,7 @@ retry_walk: @@ -24382,7 +23895,7 @@ index 891eb6d..e027900 100644 goto error; walker->ptep_user[walker->level - 1] = ptep_user; diff --git a/arch/x86/kvm/svm.c b/arch/x86/kvm/svm.c -index d29d3cd..ec9d522 100644 +index e1b1ce2..f7b4b43 100644 --- a/arch/x86/kvm/svm.c +++ b/arch/x86/kvm/svm.c @@ -3507,7 +3507,11 @@ static void reload_tss(struct kvm_vcpu *vcpu) @@ -24397,7 +23910,7 @@ index d29d3cd..ec9d522 100644 load_TR_desc(); } -@@ -3881,6 +3885,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) +@@ -3901,6 +3905,10 @@ static void svm_vcpu_run(struct kvm_vcpu *vcpu) #endif #endif @@ -24409,10 +23922,10 @@ index d29d3cd..ec9d522 100644 local_irq_disable(); diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c -index 9120ae1..aca46d0 100644 +index 6667042..b47ece4 100644 --- a/arch/x86/kvm/vmx.c +++ b/arch/x86/kvm/vmx.c -@@ -1164,12 +1164,12 @@ static void vmcs_write64(unsigned long field, u64 value) +@@ -1184,12 +1184,12 @@ static void vmcs_write64(unsigned long field, u64 value) #endif } @@ -24427,7 +23940,7 @@ index 9120ae1..aca46d0 100644 { vmcs_writel(field, vmcs_readl(field) | mask); } -@@ -1370,7 +1370,11 @@ static void reload_tss(void) +@@ -1390,7 +1390,11 @@ static void reload_tss(void) struct desc_struct *descs; descs = (void *)gdt->address; @@ -24439,7 +23952,7 @@ index 9120ae1..aca46d0 100644 load_TR_desc(); } -@@ -1594,6 +1598,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) +@@ -1614,6 +1618,10 @@ static void vmx_vcpu_load(struct kvm_vcpu *vcpu, int cpu) vmcs_writel(HOST_TR_BASE, kvm_read_tr_base()); /* 22.2.4 */ vmcs_writel(HOST_GDTR_BASE, gdt->address); /* 22.2.4 */ @@ -24450,7 +23963,7 @@ index 9120ae1..aca46d0 100644 rdmsrl(MSR_IA32_SYSENTER_ESP, sysenter_esp); vmcs_writel(HOST_IA32_SYSENTER_ESP, sysenter_esp); /* 22.2.3 */ vmx->loaded_vmcs->cpu = cpu; -@@ -2738,8 +2746,11 @@ static __init int hardware_setup(void) +@@ -2779,8 +2787,11 @@ static __init int hardware_setup(void) if (!cpu_has_vmx_flexpriority()) flexpriority_enabled = 0; @@ -24464,7 +23977,22 @@ index 9120ae1..aca46d0 100644 if (enable_ept && !cpu_has_vmx_ept_2m_page()) kvm_disable_largepages(); -@@ -3782,7 +3793,10 @@ static void vmx_set_constant_host_state(void) +@@ -2792,10 +2803,12 @@ static __init int hardware_setup(void) + !cpu_has_vmx_virtual_intr_delivery()) + enable_apicv_reg_vid = 0; + ++ pax_open_kernel(); + if (enable_apicv_reg_vid) +- kvm_x86_ops->update_cr8_intercept = NULL; ++ *(void **)&kvm_x86_ops->update_cr8_intercept = NULL; + else +- kvm_x86_ops->hwapic_irr_update = NULL; ++ *(void **)&kvm_x86_ops->hwapic_irr_update = NULL; ++ pax_close_kernel(); + + if (nested) + nested_vmx_setup_ctls_msrs(); +@@ -3883,7 +3896,10 @@ static void vmx_set_constant_host_state(void) vmcs_writel(HOST_CR0, read_cr0() & ~X86_CR0_TS); /* 22.2.3 */ vmcs_writel(HOST_CR4, read_cr4()); /* 22.2.3, 22.2.5 */ @@ -24475,7 +24003,7 @@ index 9120ae1..aca46d0 100644 vmcs_write16(HOST_CS_SELECTOR, __KERNEL_CS); /* 22.2.4 */ #ifdef CONFIG_X86_64 -@@ -3803,7 +3817,7 @@ static void vmx_set_constant_host_state(void) +@@ -3904,7 +3920,7 @@ static void vmx_set_constant_host_state(void) native_store_idt(&dt); vmcs_writel(HOST_IDTR_BASE, dt.address); /* 22.2.4 */ @@ -24484,7 +24012,7 @@ index 9120ae1..aca46d0 100644 rdmsr(MSR_IA32_SYSENTER_CS, low32, high32); vmcs_write32(HOST_IA32_SYSENTER_CS, low32); -@@ -6355,6 +6369,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6574,6 +6590,12 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) "jmp 2f \n\t" "1: " __ex(ASM_VMX_VMRESUME) "\n\t" "2: " @@ -24497,7 +24025,7 @@ index 9120ae1..aca46d0 100644 /* Save guest registers, load host registers, keep flags */ "mov %0, %c[wordsize](%%" _ASM_SP ") \n\t" "pop %0 \n\t" -@@ -6407,6 +6427,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6626,6 +6648,11 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) #endif [cr2]"i"(offsetof(struct vcpu_vmx, vcpu.arch.cr2)), [wordsize]"i"(sizeof(ulong)) @@ -24509,7 +24037,7 @@ index 9120ae1..aca46d0 100644 : "cc", "memory" #ifdef CONFIG_X86_64 , "rax", "rbx", "rdi", "rsi" -@@ -6420,7 +6445,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6639,7 +6666,7 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) if (debugctlmsr) update_debugctlmsr(debugctlmsr); @@ -24518,7 +24046,7 @@ index 9120ae1..aca46d0 100644 /* * The sysexit path does not restore ds/es, so we must set them to * a reasonable value ourselves. -@@ -6429,8 +6454,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) +@@ -6648,8 +6675,18 @@ static void __noclone vmx_vcpu_run(struct kvm_vcpu *vcpu) * may be executed in interrupt context, which saves and restore segments * around it, nullifying its effect. */ @@ -24540,10 +24068,10 @@ index 9120ae1..aca46d0 100644 vcpu->arch.regs_avail = ~((1 << VCPU_REGS_RIP) | (1 << VCPU_REGS_RSP) diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c -index 9a51121..f739a79 100644 +index e172132..c3d3e27 100644 --- a/arch/x86/kvm/x86.c +++ b/arch/x86/kvm/x86.c -@@ -1688,8 +1688,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) +@@ -1686,8 +1686,8 @@ static int xen_hvm_config(struct kvm_vcpu *vcpu, u64 data) { struct kvm *kvm = vcpu->kvm; int lm = is_long_mode(vcpu); @@ -24572,7 +24100,7 @@ index 9a51121..f739a79 100644 return -EINVAL; if (irqchip_in_kernel(vcpu->kvm)) return -ENXIO; -@@ -5209,7 +5211,7 @@ static struct notifier_block pvclock_gtod_notifier = { +@@ -5247,7 +5249,7 @@ static struct notifier_block pvclock_gtod_notifier = { }; #endif @@ -24582,10 +24110,10 @@ index 9a51121..f739a79 100644 int r; struct kvm_x86_ops *ops = (struct kvm_x86_ops *)opaque; diff --git a/arch/x86/lguest/boot.c b/arch/x86/lguest/boot.c -index 20a4fd4..d806083 100644 +index 7114c63..a1018fc 100644 --- a/arch/x86/lguest/boot.c +++ b/arch/x86/lguest/boot.c -@@ -1200,9 +1200,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count) +@@ -1201,9 +1201,10 @@ static __init int early_put_chars(u32 vtermno, const char *buf, int count) * Rebooting also tells the Host we're finished, but the RESTART flag tells the * Launcher to reboot us. */ @@ -25593,7 +25121,7 @@ index a30ca15..d25fab6 100644 .section .fixup,"ax" diff --git a/arch/x86/lib/copy_user_nocache_64.S b/arch/x86/lib/copy_user_nocache_64.S -index 6a4f43c..f5f9e26 100644 +index 6a4f43c..f08b4a2 100644 --- a/arch/x86/lib/copy_user_nocache_64.S +++ b/arch/x86/lib/copy_user_nocache_64.S @@ -8,6 +8,7 @@ @@ -25618,7 +25146,7 @@ index 6a4f43c..f5f9e26 100644 CFI_STARTPROC + +#ifdef CONFIG_PAX_MEMORY_UDEREF -+ mov $PAX_USER_SHADOW_BASE,%rcx ++ mov pax_user_shadow_base,%rcx + cmp %rcx,%rsi + jae 1f + add %rcx,%rsi @@ -25703,10 +25231,10 @@ index 25b7ae8..169fafc 100644 } EXPORT_SYMBOL(csum_partial_copy_to_user); diff --git a/arch/x86/lib/getuser.S b/arch/x86/lib/getuser.S -index 156b9c8..b144132 100644 +index a451235..79fb5cf 100644 --- a/arch/x86/lib/getuser.S +++ b/arch/x86/lib/getuser.S -@@ -34,17 +34,40 @@ +@@ -33,17 +33,40 @@ #include <asm/thread_info.h> #include <asm/asm.h> #include <asm/smap.h> @@ -25729,10 +25257,10 @@ index 156b9c8..b144132 100644 cmp TI_addr_limit(%_ASM_DX),%_ASM_AX jae bad_get_user ASM_STAC --1: movzb (%_ASM_AX),%edx +-1: movzbl (%_ASM_AX),%edx + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ mov $PAX_USER_SHADOW_BASE,%_ASM_DX ++ mov pax_user_shadow_base,%_ASM_DX + cmp %_ASM_DX,%_ASM_AX + jae 1234f + add %_ASM_DX,%_ASM_AX @@ -25741,14 +25269,14 @@ index 156b9c8..b144132 100644 + +#endif + -+1: __copyuser_seg movzb (%_ASM_AX),%edx ++1: __copyuser_seg movzbl (%_ASM_AX),%edx xor %eax,%eax ASM_CLAC + pax_force_retaddr ret CFI_ENDPROC ENDPROC(__get_user_1) -@@ -52,14 +75,28 @@ ENDPROC(__get_user_1) +@@ -51,14 +74,28 @@ ENDPROC(__get_user_1) ENTRY(__get_user_2) CFI_STARTPROC add $1,%_ASM_AX @@ -25762,7 +25290,7 @@ index 156b9c8..b144132 100644 -2: movzwl -1(%_ASM_AX),%edx + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ mov $PAX_USER_SHADOW_BASE,%_ASM_DX ++ mov pax_user_shadow_base,%_ASM_DX + cmp %_ASM_DX,%_ASM_AX + jae 1234f + add %_ASM_DX,%_ASM_AX @@ -25778,7 +25306,7 @@ index 156b9c8..b144132 100644 ret CFI_ENDPROC ENDPROC(__get_user_2) -@@ -67,14 +104,28 @@ ENDPROC(__get_user_2) +@@ -66,14 +103,28 @@ ENDPROC(__get_user_2) ENTRY(__get_user_4) CFI_STARTPROC add $3,%_ASM_AX @@ -25789,10 +25317,10 @@ index 156b9c8..b144132 100644 cmp TI_addr_limit(%_ASM_DX),%_ASM_AX jae bad_get_user ASM_STAC --3: mov -3(%_ASM_AX),%edx +-3: movl -3(%_ASM_AX),%edx + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ mov $PAX_USER_SHADOW_BASE,%_ASM_DX ++ mov pax_user_shadow_base,%_ASM_DX + cmp %_ASM_DX,%_ASM_AX + jae 1234f + add %_ASM_DX,%_ASM_AX @@ -25801,20 +25329,20 @@ index 156b9c8..b144132 100644 + +#endif + -+3: __copyuser_seg mov -3(%_ASM_AX),%edx ++3: __copyuser_seg movl -3(%_ASM_AX),%edx xor %eax,%eax ASM_CLAC + pax_force_retaddr ret CFI_ENDPROC ENDPROC(__get_user_4) -@@ -87,10 +138,20 @@ ENTRY(__get_user_8) +@@ -86,10 +137,20 @@ ENTRY(__get_user_8) GET_THREAD_INFO(%_ASM_DX) cmp TI_addr_limit(%_ASM_DX),%_ASM_AX - jae bad_get_user + jae bad_get_user + +#ifdef CONFIG_PAX_MEMORY_UDEREF -+ mov $PAX_USER_SHADOW_BASE,%_ASM_DX ++ mov pax_user_shadow_base,%_ASM_DX + cmp %_ASM_DX,%_ASM_AX + jae 1234f + add %_ASM_DX,%_ASM_AX @@ -25822,14 +25350,22 @@ index 156b9c8..b144132 100644 +#endif + ASM_STAC - 4: movq -7(%_ASM_AX),%_ASM_DX + 4: movq -7(%_ASM_AX),%rdx xor %eax,%eax ASM_CLAC + pax_force_retaddr ret + #else + add $7,%_ASM_AX +@@ -102,6 +163,7 @@ ENTRY(__get_user_8) + 5: movl -3(%_ASM_AX),%ecx + xor %eax,%eax + ASM_CLAC ++ pax_force_retaddr + ret + #endif CFI_ENDPROC - ENDPROC(__get_user_8) -@@ -101,6 +162,7 @@ bad_get_user: +@@ -113,6 +175,7 @@ bad_get_user: xor %edx,%edx mov $(-EFAULT),%_ASM_AX ASM_CLAC @@ -25837,6 +25373,14 @@ index 156b9c8..b144132 100644 ret CFI_ENDPROC END(bad_get_user) +@@ -124,6 +187,7 @@ bad_get_user_8: + xor %ecx,%ecx + mov $(-EFAULT),%_ASM_AX + ASM_CLAC ++ pax_force_retaddr + ret + CFI_ENDPROC + END(bad_get_user_8) diff --git a/arch/x86/lib/insn.c b/arch/x86/lib/insn.c index 54fcffe..7be149e 100644 --- a/arch/x86/lib/insn.c @@ -26511,7 +26055,7 @@ index f6d13ee..aca5f0b 100644 3: CFI_RESTORE_STATE diff --git a/arch/x86/lib/putuser.S b/arch/x86/lib/putuser.S -index fc6ba17..04471c5 100644 +index fc6ba17..d4d989d 100644 --- a/arch/x86/lib/putuser.S +++ b/arch/x86/lib/putuser.S @@ -16,7 +16,9 @@ @@ -26563,7 +26107,7 @@ index fc6ba17..04471c5 100644 -1: movb %al,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ mov $PAX_USER_SHADOW_BASE,%_ASM_BX ++ mov pax_user_shadow_base,%_ASM_BX + cmp %_ASM_BX,%_ASM_CX + jb 1234f + xor %ebx,%ebx @@ -26590,7 +26134,7 @@ index fc6ba17..04471c5 100644 -2: movw %ax,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ mov $PAX_USER_SHADOW_BASE,%_ASM_BX ++ mov pax_user_shadow_base,%_ASM_BX + cmp %_ASM_BX,%_ASM_CX + jb 1234f + xor %ebx,%ebx @@ -26617,7 +26161,7 @@ index fc6ba17..04471c5 100644 -3: movl %eax,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ mov $PAX_USER_SHADOW_BASE,%_ASM_BX ++ mov pax_user_shadow_base,%_ASM_BX + cmp %_ASM_BX,%_ASM_CX + jb 1234f + xor %ebx,%ebx @@ -26644,7 +26188,7 @@ index fc6ba17..04471c5 100644 -4: mov %_ASM_AX,(%_ASM_CX) + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ mov $PAX_USER_SHADOW_BASE,%_ASM_BX ++ mov pax_user_shadow_base,%_ASM_BX + cmp %_ASM_BX,%_ASM_CX + jb 1234f + xor %ebx,%ebx @@ -27523,7 +27067,7 @@ index 903ec1e..c4166b2 100644 } diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c -index 4f7d793..165a8be 100644 +index 0e88336..2bb9777 100644 --- a/arch/x86/mm/fault.c +++ b/arch/x86/mm/fault.c @@ -13,12 +13,19 @@ @@ -27860,7 +27404,7 @@ index 4f7d793..165a8be 100644 /* * Handle a spurious fault caused by a stale TLB entry. * -@@ -970,6 +1162,9 @@ int show_unhandled_signals = 1; +@@ -964,6 +1156,9 @@ int show_unhandled_signals = 1; static inline int access_error(unsigned long error_code, struct vm_area_struct *vma) { @@ -27870,7 +27414,7 @@ index 4f7d793..165a8be 100644 if (error_code & PF_WRITE) { /* write, present and write, not present: */ if (unlikely(!(vma->vm_flags & VM_WRITE))) -@@ -998,7 +1193,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) +@@ -992,7 +1187,7 @@ static inline bool smap_violation(int error_code, struct pt_regs *regs) if (error_code & PF_USER) return false; @@ -27879,7 +27423,7 @@ index 4f7d793..165a8be 100644 return false; return true; -@@ -1014,18 +1209,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1008,18 +1203,33 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) { struct vm_area_struct *vma; struct task_struct *tsk; @@ -27898,18 +27442,18 @@ index 4f7d793..165a8be 100644 + unsigned long address = read_cr2(); + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) -+ if (!user_mode(regs) && address < 2 * PAX_USER_SHADOW_BASE) { ++ if (!user_mode(regs) && address < 2 * pax_user_shadow_base) { + if (!search_exception_tables(regs->ip)) { + printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n"); + bad_area_nosemaphore(regs, error_code, address); + return; + } -+ if (address < PAX_USER_SHADOW_BASE) { ++ if (address < pax_user_shadow_base) { + printk(KERN_ERR "PAX: please report this to pageexec@freemail.hu\n"); + printk(KERN_ERR "PAX: faulting IP: %pS\n", (void *)regs->ip); + show_trace_log_lvl(NULL, NULL, (void *)regs->sp, regs->bp, KERN_ERR); + } else -+ address -= PAX_USER_SHADOW_BASE; ++ address -= pax_user_shadow_base; + } +#endif + @@ -27918,7 +27462,7 @@ index 4f7d793..165a8be 100644 /* * Detect and handle instructions that would cause a page fault for -@@ -1086,7 +1296,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1080,7 +1290,7 @@ __do_page_fault(struct pt_regs *regs, unsigned long error_code) * User-mode registers count as a user access even for any * potential system fault or CPU buglet: */ @@ -27927,7 +27471,7 @@ index 4f7d793..165a8be 100644 local_irq_enable(); error_code |= PF_USER; } else { -@@ -1148,6 +1358,11 @@ retry: +@@ -1142,6 +1352,11 @@ retry: might_sleep(); } @@ -27939,7 +27483,7 @@ index 4f7d793..165a8be 100644 vma = find_vma(mm, address); if (unlikely(!vma)) { bad_area(regs, error_code, address); -@@ -1159,18 +1374,24 @@ retry: +@@ -1153,18 +1368,24 @@ retry: bad_area(regs, error_code, address); return; } @@ -27975,7 +27519,7 @@ index 4f7d793..165a8be 100644 if (unlikely(expand_stack(vma, address))) { bad_area(regs, error_code, address); return; -@@ -1234,3 +1455,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) +@@ -1228,3 +1449,292 @@ do_page_fault(struct pt_regs *regs, unsigned long error_code) __do_page_fault(regs, error_code); exception_exit(regs); } @@ -28298,10 +27842,20 @@ index 6f31ee5..8ee4164 100644 return (void *)vaddr; diff --git a/arch/x86/mm/hugetlbpage.c b/arch/x86/mm/hugetlbpage.c -index ae1aa71..56316db 100644 +index ae1aa71..d9bea75 100644 --- a/arch/x86/mm/hugetlbpage.c +++ b/arch/x86/mm/hugetlbpage.c -@@ -279,6 +279,12 @@ static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, +@@ -271,23 +271,30 @@ follow_huge_pud(struct mm_struct *mm, unsigned long address, + #ifdef HAVE_ARCH_HUGETLB_UNMAPPED_AREA + static unsigned long hugetlb_get_unmapped_area_bottomup(struct file *file, + unsigned long addr, unsigned long len, +- unsigned long pgoff, unsigned long flags) ++ unsigned long pgoff, unsigned long flags, unsigned long offset) + { + struct hstate *h = hstate_file(file); + struct vm_unmapped_area_info info; +- ++ info.flags = 0; info.length = len; info.low_limit = TASK_UNMAPPED_BASE; @@ -28314,7 +27868,26 @@ index ae1aa71..56316db 100644 info.high_limit = TASK_SIZE; info.align_mask = PAGE_MASK & ~huge_page_mask(h); info.align_offset = 0; -@@ -311,6 +317,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, ++ info.threadstack_offset = offset; + return vm_unmapped_area(&info); + } + + static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, + unsigned long addr0, unsigned long len, +- unsigned long pgoff, unsigned long flags) ++ unsigned long pgoff, unsigned long flags, unsigned long offset) + { + struct hstate *h = hstate_file(file); + struct vm_unmapped_area_info info; +@@ -299,6 +306,7 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, + info.high_limit = current->mm->mmap_base; + info.align_mask = PAGE_MASK & ~huge_page_mask(h); + info.align_offset = 0; ++ info.threadstack_offset = offset; + addr = vm_unmapped_area(&info); + + /* +@@ -311,6 +319,12 @@ static unsigned long hugetlb_get_unmapped_area_topdown(struct file *file, VM_BUG_ON(addr != -ENOMEM); info.flags = 0; info.low_limit = TASK_UNMAPPED_BASE; @@ -28327,7 +27900,7 @@ index ae1aa71..56316db 100644 info.high_limit = TASK_SIZE; addr = vm_unmapped_area(&info); } -@@ -325,10 +337,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -325,10 +339,20 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, struct hstate *h = hstate_file(file); struct mm_struct *mm = current->mm; struct vm_area_struct *vma; @@ -28349,7 +27922,7 @@ index ae1aa71..56316db 100644 return -ENOMEM; if (flags & MAP_FIXED) { -@@ -337,11 +359,14 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, +@@ -337,19 +361,22 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, return addr; } @@ -28366,8 +27939,18 @@ index ae1aa71..56316db 100644 return addr; } if (mm->get_unmapped_area == arch_get_unmapped_area) + return hugetlb_get_unmapped_area_bottomup(file, addr, len, +- pgoff, flags); ++ pgoff, flags, offset); + else + return hugetlb_get_unmapped_area_topdown(file, addr, len, +- pgoff, flags); ++ pgoff, flags, offset); + } + + #endif /*HAVE_ARCH_HUGETLB_UNMAPPED_AREA*/ diff --git a/arch/x86/mm/init.c b/arch/x86/mm/init.c -index d7aea41..0fc945b 100644 +index 59b7fc4..b1dd75f 100644 --- a/arch/x86/mm/init.c +++ b/arch/x86/mm/init.c @@ -4,6 +4,7 @@ @@ -28378,25 +27961,16 @@ index d7aea41..0fc945b 100644 #include <asm/cacheflush.h> #include <asm/e820.h> -@@ -16,6 +17,8 @@ - #include <asm/tlb.h> +@@ -17,6 +18,8 @@ #include <asm/proto.h> #include <asm/dma.h> /* for MAX_DMA_PFN */ + #include <asm/microcode.h> +#include <asm/desc.h> +#include <asm/bios_ebda.h> - unsigned long __initdata pgt_buf_start; - unsigned long __meminitdata pgt_buf_end; -@@ -44,7 +47,7 @@ static void __init find_early_table_space(struct map_range *mr, int nr_range) - { - int i; - unsigned long puds = 0, pmds = 0, ptes = 0, tables; -- unsigned long start = 0, good_end; -+ unsigned long start = 0x100000, good_end; - phys_addr_t base; + #include "mm_internal.h" - for (i = 0; i < nr_range; i++) { -@@ -321,10 +324,40 @@ unsigned long __init_refok init_memory_mapping(unsigned long start, +@@ -464,10 +467,40 @@ void __init init_mem_mapping(void) * Access has to be given to non-kernel-ram areas as well, these contain the PCI * mmio resources as well as potential bios/acpi data regions. */ @@ -28438,7 +28012,7 @@ index d7aea41..0fc945b 100644 if (iomem_is_exclusive(pagenr << PAGE_SHIFT)) return 0; if (!page_is_ram(pagenr)) -@@ -381,8 +414,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) +@@ -524,8 +557,117 @@ void free_init_pages(char *what, unsigned long begin, unsigned long end) #endif } @@ -28557,11 +28131,11 @@ index d7aea41..0fc945b 100644 (unsigned long)(&__init_begin), (unsigned long)(&__init_end)); diff --git a/arch/x86/mm/init_32.c b/arch/x86/mm/init_32.c -index 745d66b..56bf568 100644 +index 2d19001..6a1046c 100644 --- a/arch/x86/mm/init_32.c +++ b/arch/x86/mm/init_32.c -@@ -73,36 +73,6 @@ static __init void *alloc_low_page(void) - } +@@ -62,33 +62,6 @@ static noinline int do_test_wp_bit(void); + bool __read_mostly __vmalloc_start_set = false; /* - * Creates a middle page table and puts a pointer to it in the @@ -28575,10 +28149,7 @@ index 745d66b..56bf568 100644 - -#ifdef CONFIG_X86_PAE - if (!(pgd_val(*pgd) & _PAGE_PRESENT)) { -- if (after_bootmem) -- pmd_table = (pmd_t *)alloc_bootmem_pages(PAGE_SIZE); -- else -- pmd_table = (pmd_t *)alloc_low_page(); +- pmd_table = (pmd_t *)alloc_low_page(); - paravirt_alloc_pmd(&init_mm, __pa(pmd_table) >> PAGE_SHIFT); - set_pgd(pgd, __pgd(__pa(pmd_table) | _PAGE_PRESENT)); - pud = pud_offset(pgd, 0); @@ -28597,8 +28168,8 @@ index 745d66b..56bf568 100644 * Create a page table and place a pointer to it in a middle page * directory entry: */ -@@ -122,13 +92,28 @@ static pte_t * __init one_page_table_init(pmd_t *pmd) - page_table = (pte_t *)alloc_low_page(); +@@ -98,13 +71,28 @@ static pte_t * __init one_page_table_init(pmd_t *pmd) + pte_t *page_table = (pte_t *)alloc_low_page(); paravirt_alloc_pte(&init_mm, __pa(page_table) >> PAGE_SHIFT); +#if defined(CONFIG_PAX_PAGEEXEC) || defined(CONFIG_PAX_SEGMEXEC) @@ -28626,15 +28197,15 @@ index 745d66b..56bf568 100644 pmd_t * __init populate_extra_pmd(unsigned long vaddr) { int pgd_idx = pgd_index(vaddr); -@@ -202,6 +187,7 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base) +@@ -208,6 +196,7 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base) int pgd_idx, pmd_idx; unsigned long vaddr; pgd_t *pgd; + pud_t *pud; pmd_t *pmd; pte_t *pte = NULL; - -@@ -211,8 +197,13 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base) + unsigned long count = page_table_range_init_count(start, end); +@@ -222,8 +211,13 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base) pgd = pgd_base + pgd_idx; for ( ; (pgd_idx < PTRS_PER_PGD) && (vaddr != end); pgd++, pgd_idx++) { @@ -28650,7 +28221,7 @@ index 745d66b..56bf568 100644 for (; (pmd_idx < PTRS_PER_PMD) && (vaddr != end); pmd++, pmd_idx++) { pte = page_table_kmap_check(one_page_table_init(pmd), -@@ -224,11 +215,20 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base) +@@ -235,11 +229,20 @@ page_table_range_init(unsigned long start, unsigned long end, pgd_t *pgd_base) } } @@ -28675,7 +28246,7 @@ index 745d66b..56bf568 100644 } /* -@@ -245,9 +245,10 @@ kernel_physical_mapping_init(unsigned long start, +@@ -256,9 +259,10 @@ kernel_physical_mapping_init(unsigned long start, unsigned long last_map_addr = end; unsigned long start_pfn, end_pfn; pgd_t *pgd_base = swapper_pg_dir; @@ -28687,7 +28258,7 @@ index 745d66b..56bf568 100644 pmd_t *pmd; pte_t *pte; unsigned pages_2m, pages_4k; -@@ -280,8 +281,13 @@ repeat: +@@ -291,8 +295,13 @@ repeat: pfn = start_pfn; pgd_idx = pgd_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET); pgd = pgd_base + pgd_idx; @@ -28703,7 +28274,7 @@ index 745d66b..56bf568 100644 if (pfn >= end_pfn) continue; -@@ -293,14 +299,13 @@ repeat: +@@ -304,14 +313,13 @@ repeat: #endif for (; pmd_idx < PTRS_PER_PMD && pfn < end_pfn; pmd++, pmd_idx++) { @@ -28719,10 +28290,10 @@ index 745d66b..56bf568 100644 pgprot_t prot = PAGE_KERNEL_LARGE; /* * first pass will use the same initial -@@ -310,11 +315,7 @@ repeat: - __pgprot(PTE_IDENT_ATTR | +@@ -322,11 +330,7 @@ repeat: _PAGE_PSE); + pfn &= PMD_MASK >> PAGE_SHIFT; - addr2 = (pfn + PTRS_PER_PTE-1) * PAGE_SIZE + - PAGE_OFFSET + PAGE_SIZE-1; - @@ -28732,7 +28303,7 @@ index 745d66b..56bf568 100644 prot = PAGE_KERNEL_LARGE_EXEC; pages_2m++; -@@ -331,7 +332,7 @@ repeat: +@@ -343,7 +347,7 @@ repeat: pte_ofs = pte_index((pfn<<PAGE_SHIFT) + PAGE_OFFSET); pte += pte_ofs; for (; pte_ofs < PTRS_PER_PTE && pfn < end_pfn; @@ -28741,7 +28312,7 @@ index 745d66b..56bf568 100644 pgprot_t prot = PAGE_KERNEL; /* * first pass will use the same initial -@@ -339,7 +340,7 @@ repeat: +@@ -351,7 +355,7 @@ repeat: */ pgprot_t init_prot = __pgprot(PTE_IDENT_ATTR); @@ -28750,16 +28321,16 @@ index 745d66b..56bf568 100644 prot = PAGE_KERNEL_EXEC; pages_4k++; -@@ -465,7 +466,7 @@ void __init native_pagetable_init(void) +@@ -482,7 +486,7 @@ void __init native_pagetable_init(void) pud = pud_offset(pgd, va); pmd = pmd_offset(pud, va); - if (!pmd_present(*pmd)) -+ if (!pmd_present(*pmd) || pmd_huge(*pmd)) ++ if (!pmd_present(*pmd)) // PAX TODO || pmd_large(*pmd)) break; - pte = pte_offset_kernel(pmd, va); -@@ -514,12 +515,10 @@ void __init early_ioremap_page_table_range_init(void) + /* should not be large page here */ +@@ -540,12 +544,10 @@ void __init early_ioremap_page_table_range_init(void) static void __init pagetable_init(void) { @@ -28774,7 +28345,7 @@ index 745d66b..56bf568 100644 EXPORT_SYMBOL_GPL(__supported_pte_mask); /* user-defined highmem size */ -@@ -728,6 +727,12 @@ void __init mem_init(void) +@@ -752,6 +754,12 @@ void __init mem_init(void) pci_iommu_alloc(); @@ -28787,8 +28358,8 @@ index 745d66b..56bf568 100644 #ifdef CONFIG_FLATMEM BUG_ON(!mem_map); #endif -@@ -754,7 +759,7 @@ void __init mem_init(void) - reservedpages++; +@@ -780,7 +788,7 @@ void __init mem_init(void) + after_bootmem = 1; codesize = (unsigned long) &_etext - (unsigned long) &_text; - datasize = (unsigned long) &_edata - (unsigned long) &_etext; @@ -28796,7 +28367,7 @@ index 745d66b..56bf568 100644 initsize = (unsigned long) &__init_end - (unsigned long) &__init_begin; printk(KERN_INFO "Memory: %luk/%luk available (%dk kernel code, " -@@ -795,10 +800,10 @@ void __init mem_init(void) +@@ -821,10 +829,10 @@ void __init mem_init(void) ((unsigned long)&__init_end - (unsigned long)&__init_begin) >> 10, @@ -28810,7 +28381,7 @@ index 745d66b..56bf568 100644 ((unsigned long)&_etext - (unsigned long)&_text) >> 10); /* -@@ -876,6 +881,7 @@ void set_kernel_text_rw(void) +@@ -914,6 +922,7 @@ void set_kernel_text_rw(void) if (!kernel_set_to_readonly) return; @@ -28818,7 +28389,7 @@ index 745d66b..56bf568 100644 pr_debug("Set kernel text: %lx - %lx for read write\n", start, start+size); -@@ -890,6 +896,7 @@ void set_kernel_text_ro(void) +@@ -928,6 +937,7 @@ void set_kernel_text_ro(void) if (!kernel_set_to_readonly) return; @@ -28826,7 +28397,7 @@ index 745d66b..56bf568 100644 pr_debug("Set kernel text: %lx - %lx for read only\n", start, start+size); -@@ -918,6 +925,7 @@ void mark_rodata_ro(void) +@@ -956,6 +966,7 @@ void mark_rodata_ro(void) unsigned long start = PFN_ALIGN(_text); unsigned long size = PFN_ALIGN(_etext) - start; @@ -28835,10 +28406,10 @@ index 745d66b..56bf568 100644 printk(KERN_INFO "Write protecting the kernel text: %luk\n", size >> 10); diff --git a/arch/x86/mm/init_64.c b/arch/x86/mm/init_64.c -index 75c9a6a..498d677 100644 +index 474e28f..647dd12 100644 --- a/arch/x86/mm/init_64.c +++ b/arch/x86/mm/init_64.c -@@ -74,7 +74,7 @@ early_param("gbpages", parse_direct_gbpages_on); +@@ -150,7 +150,7 @@ early_param("gbpages", parse_direct_gbpages_on); * around without checking the pgd every time. */ @@ -28847,7 +28418,7 @@ index 75c9a6a..498d677 100644 EXPORT_SYMBOL_GPL(__supported_pte_mask); int force_personality32; -@@ -107,12 +107,22 @@ void sync_global_pgds(unsigned long start, unsigned long end) +@@ -183,12 +183,22 @@ void sync_global_pgds(unsigned long start, unsigned long end) for (address = start; address <= end; address += PGDIR_SIZE) { const pgd_t *pgd_ref = pgd_offset_k(address); @@ -28870,7 +28441,7 @@ index 75c9a6a..498d677 100644 list_for_each_entry(page, &pgd_list, lru) { pgd_t *pgd; spinlock_t *pgt_lock; -@@ -121,6 +131,7 @@ void sync_global_pgds(unsigned long start, unsigned long end) +@@ -197,6 +207,7 @@ void sync_global_pgds(unsigned long start, unsigned long end) /* the pgt_lock only for Xen */ pgt_lock = &pgd_page_get_mm(page)->page_table_lock; spin_lock(pgt_lock); @@ -28878,7 +28449,7 @@ index 75c9a6a..498d677 100644 if (pgd_none(*pgd)) set_pgd(pgd, *pgd_ref); -@@ -128,7 +139,10 @@ void sync_global_pgds(unsigned long start, unsigned long end) +@@ -204,7 +215,10 @@ void sync_global_pgds(unsigned long start, unsigned long end) BUG_ON(pgd_page_vaddr(*pgd) != pgd_page_vaddr(*pgd_ref)); @@ -28889,7 +28460,7 @@ index 75c9a6a..498d677 100644 } spin_unlock(&pgd_lock); } -@@ -161,7 +175,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr) +@@ -237,7 +251,7 @@ static pud_t *fill_pud(pgd_t *pgd, unsigned long vaddr) { if (pgd_none(*pgd)) { pud_t *pud = (pud_t *)spp_getpage(); @@ -28898,7 +28469,7 @@ index 75c9a6a..498d677 100644 if (pud != pud_offset(pgd, 0)) printk(KERN_ERR "PAGETABLE BUG #00! %p <-> %p\n", pud, pud_offset(pgd, 0)); -@@ -173,7 +187,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr) +@@ -249,7 +263,7 @@ static pmd_t *fill_pmd(pud_t *pud, unsigned long vaddr) { if (pud_none(*pud)) { pmd_t *pmd = (pmd_t *) spp_getpage(); @@ -28907,7 +28478,7 @@ index 75c9a6a..498d677 100644 if (pmd != pmd_offset(pud, 0)) printk(KERN_ERR "PAGETABLE BUG #01! %p <-> %p\n", pmd, pmd_offset(pud, 0)); -@@ -202,7 +216,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte) +@@ -278,7 +292,9 @@ void set_pte_vaddr_pud(pud_t *pud_page, unsigned long vaddr, pte_t new_pte) pmd = fill_pmd(pud, vaddr); pte = fill_pte(pmd, vaddr); @@ -28917,7 +28488,7 @@ index 75c9a6a..498d677 100644 /* * It's enough to flush this one mapping. -@@ -261,14 +277,12 @@ static void __init __init_extra_mapping(unsigned long phys, unsigned long size, +@@ -337,14 +353,12 @@ static void __init __init_extra_mapping(unsigned long phys, unsigned long size, pgd = pgd_offset_k((unsigned long)__va(phys)); if (pgd_none(*pgd)) { pud = (pud_t *) spp_getpage(); @@ -28934,43 +28505,25 @@ index 75c9a6a..498d677 100644 } pmd = pmd_offset(pud, phys); BUG_ON(!pmd_none(*pmd)); -@@ -329,7 +343,7 @@ static __ref void *alloc_low_page(unsigned long *phys) - if (pfn >= pgt_buf_top) - panic("alloc_low_page: ran out of memory"); - -- adr = early_memremap(pfn * PAGE_SIZE, PAGE_SIZE); -+ adr = (void __force_kernel *)early_memremap(pfn * PAGE_SIZE, PAGE_SIZE); - clear_page(adr); - *phys = pfn * PAGE_SIZE; - return adr; -@@ -345,7 +359,7 @@ static __ref void *map_low_page(void *virt) - - phys = __pa(virt); - left = phys & (PAGE_SIZE - 1); -- adr = early_memremap(phys & PAGE_MASK, PAGE_SIZE); -+ adr = (void __force_kernel *)early_memremap(phys & PAGE_MASK, PAGE_SIZE); - adr = (void *)(((unsigned long)adr) | left); - - return adr; -@@ -553,7 +567,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end, - unmap_low_page(pmd); +@@ -585,7 +599,7 @@ phys_pud_init(pud_t *pud_page, unsigned long addr, unsigned long end, + prot); spin_lock(&init_mm.page_table_lock); -- pud_populate(&init_mm, pud, __va(pmd_phys)); -+ pud_populate_kernel(&init_mm, pud, __va(pmd_phys)); +- pud_populate(&init_mm, pud, pmd); ++ pud_populate_kernel(&init_mm, pud, pmd); spin_unlock(&init_mm.page_table_lock); } __flush_tlb_all(); -@@ -599,7 +613,7 @@ kernel_physical_mapping_init(unsigned long start, - unmap_low_page(pud); +@@ -626,7 +640,7 @@ kernel_physical_mapping_init(unsigned long start, + page_size_mask); spin_lock(&init_mm.page_table_lock); -- pgd_populate(&init_mm, pgd, __va(pud_phys)); -+ pgd_populate_kernel(&init_mm, pgd, __va(pud_phys)); +- pgd_populate(&init_mm, pgd, pud); ++ pgd_populate_kernel(&init_mm, pgd, pud); spin_unlock(&init_mm.page_table_lock); pgd_changed = true; } -@@ -693,6 +707,12 @@ void __init mem_init(void) +@@ -1065,6 +1079,12 @@ void __init mem_init(void) pci_iommu_alloc(); @@ -28983,7 +28536,7 @@ index 75c9a6a..498d677 100644 /* clear_bss() already clear the empty_zero_page */ reservedpages = 0; -@@ -856,8 +876,8 @@ int kern_addr_valid(unsigned long addr) +@@ -1224,8 +1244,8 @@ int kern_addr_valid(unsigned long addr) static struct vm_area_struct gate_vma = { .vm_start = VSYSCALL_START, .vm_end = VSYSCALL_START + (VSYSCALL_MAPPED_PAGES * PAGE_SIZE), @@ -28994,7 +28547,7 @@ index 75c9a6a..498d677 100644 }; struct vm_area_struct *get_gate_vma(struct mm_struct *mm) -@@ -891,7 +911,7 @@ int in_gate_area_no_mm(unsigned long addr) +@@ -1259,7 +1279,7 @@ int in_gate_area_no_mm(unsigned long addr) const char *arch_vma_name(struct vm_area_struct *vma) { @@ -29231,10 +28784,10 @@ index dc0b727..f612039 100644 might_sleep(); if (is_enabled()) /* recheck and proper locking in *_core() */ diff --git a/arch/x86/mm/numa.c b/arch/x86/mm/numa.c -index 8504f36..5fc68f2 100644 +index 72fe01e..f1a8daa 100644 --- a/arch/x86/mm/numa.c +++ b/arch/x86/mm/numa.c -@@ -478,7 +478,7 @@ static bool __init numa_meminfo_cover_memory(const struct numa_meminfo *mi) +@@ -477,7 +477,7 @@ static bool __init numa_meminfo_cover_memory(const struct numa_meminfo *mi) return true; } @@ -29244,7 +28797,7 @@ index 8504f36..5fc68f2 100644 unsigned long uninitialized_var(pfn_align); int i, nid; diff --git a/arch/x86/mm/pageattr-test.c b/arch/x86/mm/pageattr-test.c -index b008656..773eac2 100644 +index 0e38951..4ca8458 100644 --- a/arch/x86/mm/pageattr-test.c +++ b/arch/x86/mm/pageattr-test.c @@ -36,7 +36,7 @@ enum { @@ -29257,7 +28810,7 @@ index b008656..773eac2 100644 struct split_state { diff --git a/arch/x86/mm/pageattr.c b/arch/x86/mm/pageattr.c -index a718e0d..77419bc 100644 +index fb4e73e..43f7238 100644 --- a/arch/x86/mm/pageattr.c +++ b/arch/x86/mm/pageattr.c @@ -261,7 +261,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address, @@ -29283,8 +28836,8 @@ index a718e0d..77419bc 100644 * The .rodata section needs to be read-only. Using the pfn * catches all aliases. @@ -279,6 +280,7 @@ static inline pgprot_t static_protections(pgprot_t prot, unsigned long address, - if (within(pfn, __pa((unsigned long)__start_rodata) >> PAGE_SHIFT, - __pa((unsigned long)__end_rodata) >> PAGE_SHIFT)) + if (within(pfn, __pa_symbol(__start_rodata) >> PAGE_SHIFT, + __pa_symbol(__end_rodata) >> PAGE_SHIFT)) pgprot_val(forbidden) |= _PAGE_RW; +#endif @@ -29304,7 +28857,7 @@ index a718e0d..77419bc 100644 prot = __pgprot(pgprot_val(prot) & ~pgprot_val(forbidden)); return prot; -@@ -369,23 +378,37 @@ EXPORT_SYMBOL_GPL(lookup_address); +@@ -400,23 +409,37 @@ EXPORT_SYMBOL_GPL(slow_virt_to_phys); static void __set_pmd_pte(pte_t *kpte, unsigned long address, pte_t pte) { /* change init_mm */ @@ -29345,7 +28898,7 @@ index a718e0d..77419bc 100644 static int diff --git a/arch/x86/mm/pat.c b/arch/x86/mm/pat.c -index 0eb572e..92f5c1e 100644 +index 6574388..87e9bef 100644 --- a/arch/x86/mm/pat.c +++ b/arch/x86/mm/pat.c @@ -376,7 +376,7 @@ int free_memtype(u64 start, u64 end) @@ -29368,7 +28921,7 @@ index 0eb572e..92f5c1e 100644 return 0; } cursor += PAGE_SIZE; -@@ -570,7 +570,7 @@ int kernel_map_sync_memtype(u64 base, unsigned long size, unsigned long flags) +@@ -577,7 +577,7 @@ int kernel_map_sync_memtype(u64 base, unsigned long size, unsigned long flags) if (ioremap_change_attr((unsigned long)__va(base), id_sz, flags) < 0) { printk(KERN_INFO "%s:%d ioremap_change_attr failed %s " "for [mem %#010Lx-%#010Lx]\n", @@ -29377,7 +28930,7 @@ index 0eb572e..92f5c1e 100644 cattr_name(flags), base, (unsigned long long)(base + size-1)); return -EINVAL; -@@ -605,7 +605,7 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot, +@@ -612,7 +612,7 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot, flags = lookup_memtype(paddr); if (want_flags != flags) { printk(KERN_WARNING "%s:%d map pfn RAM range req %s for [mem %#010Lx-%#010Lx], got %s\n", @@ -29386,7 +28939,7 @@ index 0eb572e..92f5c1e 100644 cattr_name(want_flags), (unsigned long long)paddr, (unsigned long long)(paddr + size - 1), -@@ -627,7 +627,7 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot, +@@ -634,7 +634,7 @@ static int reserve_pfn_range(u64 paddr, unsigned long size, pgprot_t *vma_prot, free_memtype(paddr, paddr + size); printk(KERN_ERR "%s:%d map pfn expected mapping type %s" " for [mem %#010Lx-%#010Lx], got %s\n", @@ -29445,7 +28998,7 @@ index 9f0614d..92ae64a 100644 p += get_opcode(p, &opcode); for (i = 0; i < ARRAY_SIZE(imm_wop); i++) diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c -index 395b3b4a..213e72b 100644 +index 17fda6a..489c74a 100644 --- a/arch/x86/mm/pgtable.c +++ b/arch/x86/mm/pgtable.c @@ -91,10 +91,64 @@ static inline void pgd_list_del(pgd_t *pgd) @@ -29724,27 +29277,27 @@ index a69bcb8..19068ab 100644 /* * It's enough to flush this one mapping. diff --git a/arch/x86/mm/physaddr.c b/arch/x86/mm/physaddr.c -index d2e2735..5c6586f 100644 +index e666cbb..61788c45 100644 --- a/arch/x86/mm/physaddr.c +++ b/arch/x86/mm/physaddr.c -@@ -8,7 +8,7 @@ - +@@ -10,7 +10,7 @@ #ifdef CONFIG_X86_64 + #ifdef CONFIG_DEBUG_VIRTUAL -unsigned long __phys_addr(unsigned long x) +unsigned long __intentional_overflow(-1) __phys_addr(unsigned long x) { - if (x >= __START_KERNEL_map) { - x -= __START_KERNEL_map; -@@ -45,7 +45,7 @@ EXPORT_SYMBOL(__virt_addr_valid); + unsigned long y = x - __START_KERNEL_map; + +@@ -67,7 +67,7 @@ EXPORT_SYMBOL(__virt_addr_valid); #else #ifdef CONFIG_DEBUG_VIRTUAL -unsigned long __phys_addr(unsigned long x) +unsigned long __intentional_overflow(-1) __phys_addr(unsigned long x) { + unsigned long phys_addr = x - PAGE_OFFSET; /* VMALLOC_* aren't constants */ - VIRTUAL_BUG_ON(x < PAGE_OFFSET); diff --git a/arch/x86/mm/setup_nx.c b/arch/x86/mm/setup_nx.c index 410531d..0f16030 100644 --- a/arch/x86/mm/setup_nx.c @@ -29779,7 +29332,7 @@ index 410531d..0f16030 100644 } diff --git a/arch/x86/mm/tlb.c b/arch/x86/mm/tlb.c -index 13a6b29..c2fff23 100644 +index 282375f..e03a98f 100644 --- a/arch/x86/mm/tlb.c +++ b/arch/x86/mm/tlb.c @@ -48,7 +48,11 @@ void leave_mm(int cpu) @@ -29908,7 +29461,7 @@ index 877b9a1..a8ecf42 100644 + pax_force_retaddr ret diff --git a/arch/x86/net/bpf_jit_comp.c b/arch/x86/net/bpf_jit_comp.c -index d11a470..3f9adff3 100644 +index 3cbe4538..fd756dc 100644 --- a/arch/x86/net/bpf_jit_comp.c +++ b/arch/x86/net/bpf_jit_comp.c @@ -12,6 +12,7 @@ @@ -30040,7 +29593,7 @@ index d11a470..3f9adff3 100644 } \ } while (0) -@@ -121,12 +215,17 @@ static inline void bpf_flush_icache(void *start, void *end) +@@ -121,6 +215,11 @@ static inline void bpf_flush_icache(void *start, void *end) set_fs(old_fs); } @@ -30052,6 +29605,8 @@ index d11a470..3f9adff3 100644 #define CHOOSE_LOAD_FUNC(K, func) \ ((int)K < 0 ? ((int)K >= SKF_LL_OFF ? func##_negative_offset : func) : func##_positive_offset) +@@ -146,7 +245,7 @@ static int pkt_type_offset(void) + void bpf_jit_compile(struct sk_filter *fp) { - u8 temp[64]; @@ -30059,7 +29614,7 @@ index d11a470..3f9adff3 100644 u8 *prog; unsigned int proglen, oldproglen = 0; int ilen, i; -@@ -139,6 +238,9 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -159,6 +258,9 @@ void bpf_jit_compile(struct sk_filter *fp) unsigned int *addrs; const struct sock_filter *filter = fp->insns; int flen = fp->len; @@ -30069,7 +29624,7 @@ index d11a470..3f9adff3 100644 if (!bpf_jit_enable) return; -@@ -147,11 +249,19 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -167,11 +269,19 @@ void bpf_jit_compile(struct sk_filter *fp) if (addrs == NULL) return; @@ -30091,7 +29646,7 @@ index d11a470..3f9adff3 100644 addrs[i] = proglen; } cleanup_addr = proglen; /* epilogue address */ -@@ -261,10 +371,8 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -282,10 +392,8 @@ void bpf_jit_compile(struct sk_filter *fp) case BPF_S_ALU_MUL_K: /* A *= K */ if (is_imm8(K)) EMIT3(0x6b, 0xc0, K); /* imul imm8,%eax,%eax */ @@ -30104,7 +29659,7 @@ index d11a470..3f9adff3 100644 break; case BPF_S_ALU_DIV_X: /* A /= X; */ seen |= SEEN_XREG; -@@ -304,13 +412,23 @@ void bpf_jit_compile(struct sk_filter *fp) +@@ -325,13 +433,23 @@ void bpf_jit_compile(struct sk_filter *fp) break; case BPF_S_ALU_MOD_K: /* A %= K; */ EMIT2(0x31, 0xd2); /* xor %edx,%edx */ @@ -30128,7 +29683,7 @@ index d11a470..3f9adff3 100644 EMIT4(0x48, 0xc1, 0xe8, 0x20); /* shr $0x20,%rax */ break; case BPF_S_ALU_AND_X: -@@ -564,8 +682,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG; +@@ -602,8 +720,7 @@ common_load_ind: seen |= SEEN_DATAREF | SEEN_XREG; if (is_imm8(K)) { EMIT3(0x8d, 0x73, K); /* lea imm8(%rbx), %esi */ } else { @@ -30138,7 +29693,7 @@ index d11a470..3f9adff3 100644 } } else { EMIT2(0x89,0xde); /* mov %ebx,%esi */ -@@ -648,17 +765,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -686,17 +803,18 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; break; default: /* hmm, too complex filter, give up with jit compiler */ @@ -30161,7 +29716,7 @@ index d11a470..3f9adff3 100644 } proglen += ilen; addrs[i] = proglen; -@@ -679,11 +797,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -717,11 +835,9 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; break; } if (proglen == oldproglen) { @@ -30175,7 +29730,7 @@ index d11a470..3f9adff3 100644 } oldproglen = proglen; } -@@ -699,7 +815,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; +@@ -737,7 +853,10 @@ cond_branch: f_offset = addrs[i + filter[i].jf] - addrs[i]; bpf_flush_icache(image, image + proglen); fp->bpf_func = (void *)image; @@ -30187,7 +29742,7 @@ index d11a470..3f9adff3 100644 out: kfree(addrs); return; -@@ -707,18 +826,20 @@ out: +@@ -745,18 +864,20 @@ out: static void jit_free_defer(struct work_struct *arg) { @@ -30996,15 +30551,15 @@ index 3c68768..07e82b8 100644 #endif load_TR_desc(); /* This does ltr */ diff --git a/arch/x86/realmode/init.c b/arch/x86/realmode/init.c -index cbca565..bae7133 100644 +index a44f457..9140171 100644 --- a/arch/x86/realmode/init.c +++ b/arch/x86/realmode/init.c -@@ -62,7 +62,13 @@ void __init setup_real_mode(void) +@@ -70,7 +70,13 @@ void __init setup_real_mode(void) __va(real_mode_header->trampoline_header); #ifdef CONFIG_X86_32 -- trampoline_header->start = __pa(startup_32_smp); -+ trampoline_header->start = __pa(ktla_ktva(startup_32_smp)); +- trampoline_header->start = __pa_symbol(startup_32_smp); ++ trampoline_header->start = __pa_symbol(ktla_ktva(startup_32_smp)); + +#ifdef CONFIG_PAX_KERNEXEC + trampoline_header->start -= LOAD_PHYSICAL_ADDR; @@ -31012,8 +30567,17 @@ index cbca565..bae7133 100644 + + trampoline_header->boot_cs = __BOOT_CS; trampoline_header->gdt_limit = __BOOT_DS + 7; - trampoline_header->gdt_base = __pa(boot_gdt); + trampoline_header->gdt_base = __pa_symbol(boot_gdt); #else +@@ -86,7 +92,7 @@ void __init setup_real_mode(void) + *trampoline_cr4_features = read_cr4(); + + trampoline_pgd = (u64 *) __va(real_mode_header->trampoline_pgd); +- trampoline_pgd[0] = init_level4_pgt[pgd_index(__PAGE_OFFSET)].pgd; ++ trampoline_pgd[0] = init_level4_pgt[pgd_index(__PAGE_OFFSET)].pgd & ~_PAGE_NX; + trampoline_pgd[511] = init_level4_pgt[511].pgd; + #endif + } diff --git a/arch/x86/realmode/rm/Makefile b/arch/x86/realmode/rm/Makefile index 8869287..d577672 100644 --- a/arch/x86/realmode/rm/Makefile @@ -31483,7 +31047,7 @@ index 431e875..cbb23f3 100644 -} -__setup("vdso=", vdso_setup); diff --git a/arch/x86/xen/enlighten.c b/arch/x86/xen/enlighten.c -index 08c6511..d946c4a 100644 +index 2363127..ec09d96 100644 --- a/arch/x86/xen/enlighten.c +++ b/arch/x86/xen/enlighten.c @@ -100,8 +100,6 @@ EXPORT_SYMBOL_GPL(xen_start_info); @@ -31614,46 +31178,10 @@ index 08c6511..d946c4a 100644 }; diff --git a/arch/x86/xen/mmu.c b/arch/x86/xen/mmu.c -index cab96b6..8c629ba 100644 +index e006c18..b9a7d6c 100644 --- a/arch/x86/xen/mmu.c +++ b/arch/x86/xen/mmu.c -@@ -1739,14 +1739,18 @@ static void *m2v(phys_addr_t maddr) - } - - /* Set the page permissions on an identity-mapped pages */ --static void set_page_prot(void *addr, pgprot_t prot) -+static void set_page_prot_flags(void *addr, pgprot_t prot, unsigned long flags) - { - unsigned long pfn = __pa(addr) >> PAGE_SHIFT; - pte_t pte = pfn_pte(pfn, prot); - -- if (HYPERVISOR_update_va_mapping((unsigned long)addr, pte, 0)) -+ if (HYPERVISOR_update_va_mapping((unsigned long)addr, pte, flags)) - BUG(); - } -+static void set_page_prot(void *addr, pgprot_t prot) -+{ -+ return set_page_prot_flags(addr, prot, UVMF_NONE); -+} - #ifdef CONFIG_X86_32 - static void __init xen_map_identity_early(pmd_t *pmd, unsigned long max_pfn) - { -@@ -1830,12 +1834,12 @@ static void __init check_pt_base(unsigned long *pt_base, unsigned long *pt_end, - unsigned long addr) - { - if (*pt_base == PFN_DOWN(__pa(addr))) { -- set_page_prot((void *)addr, PAGE_KERNEL); -+ set_page_prot_flags((void *)addr, PAGE_KERNEL, UVMF_INVLPG); - clear_page((void *)addr); - (*pt_base)++; - } - if (*pt_end == PFN_DOWN(__pa(addr))) { -- set_page_prot((void *)addr, PAGE_KERNEL); -+ set_page_prot_flags((void *)addr, PAGE_KERNEL, UVMF_INVLPG); - clear_page((void *)addr); - (*pt_end)--; - } -@@ -1881,6 +1885,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) +@@ -1894,6 +1894,9 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) /* L3_k[510] -> level2_kernel_pgt * L3_i[511] -> level2_fixmap_pgt */ convert_pfn_mfn(level3_kernel_pgt); @@ -31663,7 +31191,7 @@ index cab96b6..8c629ba 100644 /* We get [511][511] and have Xen's version of level2_kernel_pgt */ l3 = m2v(pgd[pgd_index(__START_KERNEL_map)].pgd); -@@ -1910,8 +1917,12 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) +@@ -1923,8 +1926,12 @@ void __init xen_setup_kernel_pagetable(pgd_t *pgd, unsigned long max_pfn) set_page_prot(init_level4_pgt, PAGE_KERNEL_RO); set_page_prot(level3_ident_pgt, PAGE_KERNEL_RO); set_page_prot(level3_kernel_pgt, PAGE_KERNEL_RO); @@ -31676,7 +31204,7 @@ index cab96b6..8c629ba 100644 set_page_prot(level2_kernel_pgt, PAGE_KERNEL_RO); set_page_prot(level2_fixmap_pgt, PAGE_KERNEL_RO); -@@ -2097,6 +2108,7 @@ static void __init xen_post_allocator_init(void) +@@ -2110,6 +2117,7 @@ static void __init xen_post_allocator_init(void) pv_mmu_ops.set_pud = xen_set_pud; #if PAGETABLE_LEVELS == 4 pv_mmu_ops.set_pgd = xen_set_pgd; @@ -31684,7 +31212,7 @@ index cab96b6..8c629ba 100644 #endif /* This will work as long as patching hasn't happened yet -@@ -2178,6 +2190,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { +@@ -2188,6 +2196,7 @@ static const struct pv_mmu_ops xen_mmu_ops __initconst = { .pud_val = PV_CALLEE_SAVE(xen_pud_val), .make_pud = PV_CALLEE_SAVE(xen_make_pud), .set_pgd = xen_set_pgd_hyper, @@ -31693,7 +31221,7 @@ index cab96b6..8c629ba 100644 .alloc_pud = xen_alloc_pmd_init, .release_pud = xen_release_pmd_init, diff --git a/arch/x86/xen/smp.c b/arch/x86/xen/smp.c -index 48d7b2c..20fed27 100644 +index 22c800a..8915f1e 100644 --- a/arch/x86/xen/smp.c +++ b/arch/x86/xen/smp.c @@ -229,11 +229,6 @@ static void __init xen_smp_prepare_boot_cpu(void) @@ -31708,14 +31236,7 @@ index 48d7b2c..20fed27 100644 xen_filter_cpu_maps(); xen_setup_vcpu_info_placement(); } -@@ -300,12 +295,12 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle) - gdt = get_cpu_gdt_table(cpu); - - ctxt->flags = VGCF_IN_KERNEL; -- ctxt->user_regs.ds = __USER_DS; -- ctxt->user_regs.es = __USER_DS; -+ ctxt->user_regs.ds = __KERNEL_DS; -+ ctxt->user_regs.es = __KERNEL_DS; +@@ -303,7 +298,7 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle) ctxt->user_regs.ss = __KERNEL_DS; #ifdef CONFIG_X86_32 ctxt->user_regs.fs = __KERNEL_PERCPU; @@ -31724,7 +31245,18 @@ index 48d7b2c..20fed27 100644 #else ctxt->gs_base_kernel = per_cpu_offset(cpu); #endif -@@ -355,13 +350,12 @@ static int __cpuinit xen_cpu_up(unsigned int cpu, struct task_struct *idle) +@@ -313,8 +308,8 @@ cpu_initialize_context(unsigned int cpu, struct task_struct *idle) + + { + ctxt->user_regs.eflags = 0x1000; /* IOPL_RING1 */ +- ctxt->user_regs.ds = __USER_DS; +- ctxt->user_regs.es = __USER_DS; ++ ctxt->user_regs.ds = __KERNEL_DS; ++ ctxt->user_regs.es = __KERNEL_DS; + + xen_copy_trap_info(ctxt->trap_ctxt); + +@@ -359,13 +354,12 @@ static int __cpuinit xen_cpu_up(unsigned int cpu, struct task_struct *idle) int rc; per_cpu(current_task, cpu) = idle; @@ -31740,7 +31272,7 @@ index 48d7b2c..20fed27 100644 #endif xen_setup_runstate_info(cpu); xen_setup_timer(cpu); -@@ -630,7 +624,7 @@ static const struct smp_ops xen_smp_ops __initconst = { +@@ -634,7 +628,7 @@ static const struct smp_ops xen_smp_ops __initconst = { void __init xen_smp_init(void) { @@ -31928,7 +31460,7 @@ index 467c8de..f3628c5 100644 }; diff --git a/block/bsg.c b/block/bsg.c -index ff64ae3..593560c 100644 +index 420a5a9..23834aa 100644 --- a/block/bsg.c +++ b/block/bsg.c @@ -176,16 +176,24 @@ static int blk_fill_sgv4_hdr_rq(struct request_queue *q, struct request *rq, @@ -31972,7 +31504,7 @@ index 7c668c8..db3521c 100644 err = -EFAULT; goto out; diff --git a/block/partitions/efi.c b/block/partitions/efi.c -index b62fb88..bdab4c4 100644 +index ff5804e..a88acad 100644 --- a/block/partitions/efi.c +++ b/block/partitions/efi.c @@ -234,14 +234,14 @@ static gpt_entry *alloc_read_gpt_entries(struct parsed_partitions *state, @@ -32073,61 +31605,6 @@ index 7bdd61b..afec999 100644 static void cryptd_queue_worker(struct work_struct *work); -diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c -index f6d9baf..dfd511f 100644 ---- a/crypto/crypto_user.c -+++ b/crypto/crypto_user.c -@@ -30,6 +30,8 @@ - - #include "internal.h" - -+#define null_terminated(x) (strnlen(x, sizeof(x)) < sizeof(x)) -+ - static DEFINE_MUTEX(crypto_cfg_mutex); - - /* The crypto netlink socket */ -@@ -196,7 +198,10 @@ static int crypto_report(struct sk_buff *in_skb, struct nlmsghdr *in_nlh, - struct crypto_dump_info info; - int err; - -- if (!p->cru_driver_name) -+ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) -+ return -EINVAL; -+ -+ if (!p->cru_driver_name[0]) - return -EINVAL; - - alg = crypto_alg_match(p, 1); -@@ -260,6 +265,9 @@ static int crypto_update_alg(struct sk_buff *skb, struct nlmsghdr *nlh, - struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL]; - LIST_HEAD(list); - -+ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) -+ return -EINVAL; -+ - if (priority && !strlen(p->cru_driver_name)) - return -EINVAL; - -@@ -287,6 +295,9 @@ static int crypto_del_alg(struct sk_buff *skb, struct nlmsghdr *nlh, - struct crypto_alg *alg; - struct crypto_user_alg *p = nlmsg_data(nlh); - -+ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) -+ return -EINVAL; -+ - alg = crypto_alg_match(p, 1); - if (!alg) - return -ENOENT; -@@ -368,6 +379,9 @@ static int crypto_add_alg(struct sk_buff *skb, struct nlmsghdr *nlh, - struct crypto_user_alg *p = nlmsg_data(nlh); - struct nlattr *priority = attrs[CRYPTOCFGA_PRIORITY_VAL]; - -+ if (!null_terminated(p->cru_name) || !null_terminated(p->cru_driver_name)) -+ return -EINVAL; -+ - if (strlen(p->cru_driver_name)) - exact = 1; - diff --git a/drivers/acpi/apei/apei-internal.h b/drivers/acpi/apei/apei-internal.h index f220d64..d359ad6 100644 --- a/drivers/acpi/apei/apei-internal.h @@ -32142,10 +31619,10 @@ index f220d64..d359ad6 100644 struct apei_exec_context { u32 ip; diff --git a/drivers/acpi/apei/cper.c b/drivers/acpi/apei/cper.c -index e6defd8..c26a225 100644 +index fefc2ca..12a535d 100644 --- a/drivers/acpi/apei/cper.c +++ b/drivers/acpi/apei/cper.c -@@ -38,12 +38,12 @@ +@@ -39,12 +39,12 @@ */ u64 cper_next_record_id(void) { @@ -32254,24 +31731,11 @@ index 7586544..636a2f0 100644 err = ec_write(*off, byte_write); if (err) return err; -diff --git a/drivers/acpi/processor_driver.c b/drivers/acpi/processor_driver.c -index e83311b..142b5cc 100644 ---- a/drivers/acpi/processor_driver.c -+++ b/drivers/acpi/processor_driver.c -@@ -558,7 +558,7 @@ static int __cpuinit acpi_processor_add(struct acpi_device *device) - return 0; - #endif - -- BUG_ON((pr->id >= nr_cpu_ids) || (pr->id < 0)); -+ BUG_ON(pr->id >= nr_cpu_ids); - - /* - * Buggy BIOS check diff --git a/drivers/acpi/processor_idle.c b/drivers/acpi/processor_idle.c -index ed9a1cc..f4a354c 100644 +index ee255c6..747c68b 100644 --- a/drivers/acpi/processor_idle.c +++ b/drivers/acpi/processor_idle.c -@@ -1005,7 +1005,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr) +@@ -986,7 +986,7 @@ static int acpi_processor_setup_cpuidle_states(struct acpi_processor *pr) { int i, count = CPUIDLE_DRIVER_STATE_START; struct acpi_processor_cx *cx; @@ -32281,7 +31745,7 @@ index ed9a1cc..f4a354c 100644 if (!pr->flags.power_setup_done) diff --git a/drivers/acpi/sysfs.c b/drivers/acpi/sysfs.c -index ea61ca9..3fdd70d 100644 +index 41c0504..f8c0836 100644 --- a/drivers/acpi/sysfs.c +++ b/drivers/acpi/sysfs.c @@ -420,11 +420,11 @@ static u32 num_counters; @@ -32299,7 +31763,7 @@ index ea61ca9..3fdd70d 100644 static void delete_gpe_attr_array(void) { diff --git a/drivers/ata/libahci.c b/drivers/ata/libahci.c -index 6cd7805..07facb3 100644 +index 34c8216..f56c828 100644 --- a/drivers/ata/libahci.c +++ b/drivers/ata/libahci.c @@ -1230,7 +1230,7 @@ int ahci_kick_engine(struct ata_port *ap) @@ -32312,10 +31776,10 @@ index 6cd7805..07facb3 100644 unsigned long timeout_msec) { diff --git a/drivers/ata/libata-core.c b/drivers/ata/libata-core.c -index 501c209..5f28b4d 100644 +index 63c743b..0422dc6 100644 --- a/drivers/ata/libata-core.c +++ b/drivers/ata/libata-core.c -@@ -4784,7 +4784,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) +@@ -4786,7 +4786,7 @@ void ata_qc_free(struct ata_queued_cmd *qc) struct ata_port *ap; unsigned int tag; @@ -32324,7 +31788,7 @@ index 501c209..5f28b4d 100644 ap = qc->ap; qc->flags = 0; -@@ -4800,7 +4800,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) +@@ -4802,7 +4802,7 @@ void __ata_qc_complete(struct ata_queued_cmd *qc) struct ata_port *ap; struct ata_link *link; @@ -32333,7 +31797,7 @@ index 501c209..5f28b4d 100644 WARN_ON_ONCE(!(qc->flags & ATA_QCFLAG_ACTIVE)); ap = qc->ap; link = qc->dev->link; -@@ -5896,6 +5896,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5920,6 +5920,7 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) return; spin_lock(&lock); @@ -32341,7 +31805,7 @@ index 501c209..5f28b4d 100644 for (cur = ops->inherits; cur; cur = cur->inherits) { void **inherit = (void **)cur; -@@ -5909,8 +5910,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) +@@ -5933,8 +5934,9 @@ static void ata_finalize_port_ops(struct ata_port_operations *ops) if (IS_ERR(*pp)) *pp = NULL; @@ -32421,10 +31885,10 @@ index 77a7480..05cde58 100644 } diff --git a/drivers/atm/atmtcp.c b/drivers/atm/atmtcp.c -index b22d71c..d6e1049 100644 +index 0e3f8f9..765a7a5 100644 --- a/drivers/atm/atmtcp.c +++ b/drivers/atm/atmtcp.c -@@ -207,7 +207,7 @@ static int atmtcp_v_send(struct atm_vcc *vcc,struct sk_buff *skb) +@@ -206,7 +206,7 @@ static int atmtcp_v_send(struct atm_vcc *vcc,struct sk_buff *skb) if (vcc->pop) vcc->pop(vcc,skb); else dev_kfree_skb(skb); if (dev_data) return 0; @@ -32433,7 +31897,7 @@ index b22d71c..d6e1049 100644 return -ENOLINK; } size = skb->len+sizeof(struct atmtcp_hdr); -@@ -215,7 +215,7 @@ static int atmtcp_v_send(struct atm_vcc *vcc,struct sk_buff *skb) +@@ -214,7 +214,7 @@ static int atmtcp_v_send(struct atm_vcc *vcc,struct sk_buff *skb) if (!new_skb) { if (vcc->pop) vcc->pop(vcc,skb); else dev_kfree_skb(skb); @@ -32442,7 +31906,7 @@ index b22d71c..d6e1049 100644 return -ENOBUFS; } hdr = (void *) skb_put(new_skb,sizeof(struct atmtcp_hdr)); -@@ -226,8 +226,8 @@ static int atmtcp_v_send(struct atm_vcc *vcc,struct sk_buff *skb) +@@ -225,8 +225,8 @@ static int atmtcp_v_send(struct atm_vcc *vcc,struct sk_buff *skb) if (vcc->pop) vcc->pop(vcc,skb); else dev_kfree_skb(skb); out_vcc->push(out_vcc,new_skb); @@ -32453,7 +31917,7 @@ index b22d71c..d6e1049 100644 return 0; } -@@ -301,7 +301,7 @@ static int atmtcp_c_send(struct atm_vcc *vcc,struct sk_buff *skb) +@@ -299,7 +299,7 @@ static int atmtcp_c_send(struct atm_vcc *vcc,struct sk_buff *skb) out_vcc = find_vcc(dev, ntohs(hdr->vpi), ntohs(hdr->vci)); read_unlock(&vcc_sklist_lock); if (!out_vcc) { @@ -32462,7 +31926,7 @@ index b22d71c..d6e1049 100644 goto done; } skb_pull(skb,sizeof(struct atmtcp_hdr)); -@@ -313,8 +313,8 @@ static int atmtcp_c_send(struct atm_vcc *vcc,struct sk_buff *skb) +@@ -311,8 +311,8 @@ static int atmtcp_c_send(struct atm_vcc *vcc,struct sk_buff *skb) __net_timestamp(new_skb); skb_copy_from_linear_data(skb, skb_put(new_skb, skb->len), skb->len); out_vcc->push(out_vcc,new_skb); @@ -32474,7 +31938,7 @@ index b22d71c..d6e1049 100644 if (vcc->pop) vcc->pop(vcc,skb); else dev_kfree_skb(skb); diff --git a/drivers/atm/eni.c b/drivers/atm/eni.c -index c1eb6fa..4c71be9 100644 +index b1955ba..b179940 100644 --- a/drivers/atm/eni.c +++ b/drivers/atm/eni.c @@ -522,7 +522,7 @@ static int rx_aal0(struct atm_vcc *vcc) @@ -32620,10 +32084,10 @@ index 204814e..cede831 100644 fore200e->tx_sat++; DPRINTK(2, "tx queue of device %s is saturated, PDU dropped - heartbeat is %08x\n", diff --git a/drivers/atm/he.c b/drivers/atm/he.c -index 72b6960..cf9167a 100644 +index d689126..e78e412 100644 --- a/drivers/atm/he.c +++ b/drivers/atm/he.c -@@ -1699,7 +1699,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) +@@ -1698,7 +1698,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) if (RBRQ_HBUF_ERR(he_dev->rbrq_head)) { hprintk("HBUF_ERR! (cid 0x%x)\n", cid); @@ -32632,7 +32096,7 @@ index 72b6960..cf9167a 100644 goto return_host_buffers; } -@@ -1726,7 +1726,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) +@@ -1725,7 +1725,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) RBRQ_LEN_ERR(he_dev->rbrq_head) ? "LEN_ERR" : "", vcc->vpi, vcc->vci); @@ -32641,7 +32105,7 @@ index 72b6960..cf9167a 100644 goto return_host_buffers; } -@@ -1778,7 +1778,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) +@@ -1777,7 +1777,7 @@ he_service_rbrq(struct he_dev *he_dev, int group) vcc->push(vcc, skb); spin_lock(&he_dev->global_lock); @@ -32650,7 +32114,7 @@ index 72b6960..cf9167a 100644 return_host_buffers: ++pdus_assembled; -@@ -2104,7 +2104,7 @@ __enqueue_tpd(struct he_dev *he_dev, struct he_tpd *tpd, unsigned cid) +@@ -2103,7 +2103,7 @@ __enqueue_tpd(struct he_dev *he_dev, struct he_tpd *tpd, unsigned cid) tpd->vcc->pop(tpd->vcc, tpd->skb); else dev_kfree_skb_any(tpd->skb); @@ -32659,7 +32123,7 @@ index 72b6960..cf9167a 100644 } pci_pool_free(he_dev->tpd_pool, tpd, TPD_ADDR(tpd->status)); return; -@@ -2516,7 +2516,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2515,7 +2515,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -32668,7 +32132,7 @@ index 72b6960..cf9167a 100644 return -EINVAL; } -@@ -2527,7 +2527,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2526,7 +2526,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -32677,7 +32141,7 @@ index 72b6960..cf9167a 100644 return -EINVAL; } #endif -@@ -2539,7 +2539,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2538,7 +2538,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -32686,7 +32150,7 @@ index 72b6960..cf9167a 100644 spin_unlock_irqrestore(&he_dev->global_lock, flags); return -ENOMEM; } -@@ -2581,7 +2581,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2580,7 +2580,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) vcc->pop(vcc, skb); else dev_kfree_skb_any(skb); @@ -32695,7 +32159,7 @@ index 72b6960..cf9167a 100644 spin_unlock_irqrestore(&he_dev->global_lock, flags); return -ENOMEM; } -@@ -2612,7 +2612,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -2611,7 +2611,7 @@ he_send(struct atm_vcc *vcc, struct sk_buff *skb) __enqueue_tpd(he_dev, tpd, cid); spin_unlock_irqrestore(&he_dev->global_lock, flags); @@ -33043,10 +32507,10 @@ index fa7d701..1e404c7 100644 lvcc->rx.buf.ptr = &lvcc->rx.buf.start[SERVICE_GET_END(s) * 4]; cardvcc_write(lvcc, SERVICE_GET_END(s), vcc_rxreadptr); diff --git a/drivers/atm/nicstar.c b/drivers/atm/nicstar.c -index ed1d2b7..8cffc1f 100644 +index 6587dc2..149833d 100644 --- a/drivers/atm/nicstar.c +++ b/drivers/atm/nicstar.c -@@ -1654,7 +1654,7 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -1641,7 +1641,7 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb) if ((vc = (vc_map *) vcc->dev_data) == NULL) { printk("nicstar%d: vcc->dev_data == NULL on ns_send().\n", card->index); @@ -33055,7 +32519,7 @@ index ed1d2b7..8cffc1f 100644 dev_kfree_skb_any(skb); return -EINVAL; } -@@ -1662,7 +1662,7 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -1649,7 +1649,7 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb) if (!vc->tx) { printk("nicstar%d: Trying to transmit on a non-tx VC.\n", card->index); @@ -33064,7 +32528,7 @@ index ed1d2b7..8cffc1f 100644 dev_kfree_skb_any(skb); return -EINVAL; } -@@ -1670,14 +1670,14 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -1657,14 +1657,14 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb) if (vcc->qos.aal != ATM_AAL5 && vcc->qos.aal != ATM_AAL0) { printk("nicstar%d: Only AAL0 and AAL5 are supported.\n", card->index); @@ -33081,7 +32545,7 @@ index ed1d2b7..8cffc1f 100644 dev_kfree_skb_any(skb); return -EINVAL; } -@@ -1725,11 +1725,11 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb) +@@ -1712,11 +1712,11 @@ static int ns_send(struct atm_vcc *vcc, struct sk_buff *skb) } if (push_scqe(card, vc, scq, &scqe, skb) != 0) { @@ -33095,7 +32559,7 @@ index ed1d2b7..8cffc1f 100644 return 0; } -@@ -2046,14 +2046,14 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) +@@ -2033,14 +2033,14 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) printk ("nicstar%d: Can't allocate buffers for aal0.\n", card->index); @@ -33112,7 +32576,7 @@ index ed1d2b7..8cffc1f 100644 dev_kfree_skb_any(sb); break; } -@@ -2068,7 +2068,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) +@@ -2055,7 +2055,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) ATM_SKB(sb)->vcc = vcc; __net_timestamp(sb); vcc->push(vcc, sb); @@ -33121,7 +32585,7 @@ index ed1d2b7..8cffc1f 100644 cell += ATM_CELL_PAYLOAD; } -@@ -2085,7 +2085,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) +@@ -2072,7 +2072,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) if (iovb == NULL) { printk("nicstar%d: Out of iovec buffers.\n", card->index); @@ -33130,7 +32594,7 @@ index ed1d2b7..8cffc1f 100644 recycle_rx_buf(card, skb); return; } -@@ -2109,7 +2109,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) +@@ -2096,7 +2096,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) small or large buffer itself. */ } else if (NS_PRV_IOVCNT(iovb) >= NS_MAX_IOVECS) { printk("nicstar%d: received too big AAL5 SDU.\n", card->index); @@ -33139,7 +32603,7 @@ index ed1d2b7..8cffc1f 100644 recycle_iovec_rx_bufs(card, (struct iovec *)iovb->data, NS_MAX_IOVECS); NS_PRV_IOVCNT(iovb) = 0; -@@ -2129,7 +2129,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) +@@ -2116,7 +2116,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) ("nicstar%d: Expected a small buffer, and this is not one.\n", card->index); which_list(card, skb); @@ -33148,7 +32612,7 @@ index ed1d2b7..8cffc1f 100644 recycle_rx_buf(card, skb); vc->rx_iov = NULL; recycle_iov_buf(card, iovb); -@@ -2142,7 +2142,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) +@@ -2129,7 +2129,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) ("nicstar%d: Expected a large buffer, and this is not one.\n", card->index); which_list(card, skb); @@ -33157,7 +32621,7 @@ index ed1d2b7..8cffc1f 100644 recycle_iovec_rx_bufs(card, (struct iovec *)iovb->data, NS_PRV_IOVCNT(iovb)); vc->rx_iov = NULL; -@@ -2165,7 +2165,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) +@@ -2152,7 +2152,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) printk(" - PDU size mismatch.\n"); else printk(".\n"); @@ -33166,7 +32630,7 @@ index ed1d2b7..8cffc1f 100644 recycle_iovec_rx_bufs(card, (struct iovec *)iovb->data, NS_PRV_IOVCNT(iovb)); vc->rx_iov = NULL; -@@ -2179,7 +2179,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) +@@ -2166,7 +2166,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) /* skb points to a small buffer */ if (!atm_charge(vcc, skb->truesize)) { push_rxbufs(card, skb); @@ -33175,7 +32639,7 @@ index ed1d2b7..8cffc1f 100644 } else { skb_put(skb, len); dequeue_sm_buf(card, skb); -@@ -2189,7 +2189,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) +@@ -2176,7 +2176,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) ATM_SKB(skb)->vcc = vcc; __net_timestamp(skb); vcc->push(vcc, skb); @@ -33184,7 +32648,7 @@ index ed1d2b7..8cffc1f 100644 } } else if (NS_PRV_IOVCNT(iovb) == 2) { /* One small plus one large buffer */ struct sk_buff *sb; -@@ -2200,7 +2200,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) +@@ -2187,7 +2187,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) if (len <= NS_SMBUFSIZE) { if (!atm_charge(vcc, sb->truesize)) { push_rxbufs(card, sb); @@ -33193,7 +32657,7 @@ index ed1d2b7..8cffc1f 100644 } else { skb_put(sb, len); dequeue_sm_buf(card, sb); -@@ -2210,7 +2210,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) +@@ -2197,7 +2197,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) ATM_SKB(sb)->vcc = vcc; __net_timestamp(sb); vcc->push(vcc, sb); @@ -33202,7 +32666,7 @@ index ed1d2b7..8cffc1f 100644 } push_rxbufs(card, skb); -@@ -2219,7 +2219,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) +@@ -2206,7 +2206,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) if (!atm_charge(vcc, skb->truesize)) { push_rxbufs(card, skb); @@ -33211,7 +32675,7 @@ index ed1d2b7..8cffc1f 100644 } else { dequeue_lg_buf(card, skb); #ifdef NS_USE_DESTRUCTORS -@@ -2232,7 +2232,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) +@@ -2219,7 +2219,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) ATM_SKB(skb)->vcc = vcc; __net_timestamp(skb); vcc->push(vcc, skb); @@ -33220,7 +32684,7 @@ index ed1d2b7..8cffc1f 100644 } push_rxbufs(card, sb); -@@ -2253,7 +2253,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) +@@ -2240,7 +2240,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) printk ("nicstar%d: Out of huge buffers.\n", card->index); @@ -33229,7 +32693,7 @@ index ed1d2b7..8cffc1f 100644 recycle_iovec_rx_bufs(card, (struct iovec *) iovb->data, -@@ -2304,7 +2304,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) +@@ -2291,7 +2291,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) card->hbpool.count++; } else dev_kfree_skb_any(hb); @@ -33238,7 +32702,7 @@ index ed1d2b7..8cffc1f 100644 } else { /* Copy the small buffer to the huge buffer */ sb = (struct sk_buff *)iov->iov_base; -@@ -2341,7 +2341,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) +@@ -2328,7 +2328,7 @@ static void dequeue_rx(ns_dev * card, ns_rsqe * rsqe) #endif /* NS_USE_DESTRUCTORS */ __net_timestamp(hb); vcc->push(vcc, hb); @@ -33248,7 +32712,7 @@ index ed1d2b7..8cffc1f 100644 } diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c -index 0474a89..06ea4a1 100644 +index 32784d1..4a8434a 100644 --- a/drivers/atm/solos-pci.c +++ b/drivers/atm/solos-pci.c @@ -838,7 +838,7 @@ void solos_bh(unsigned long card_arg) @@ -33260,7 +32724,7 @@ index 0474a89..06ea4a1 100644 break; case PKT_STATUS: -@@ -1117,7 +1117,7 @@ static uint32_t fpga_tx(struct solos_card *card) +@@ -1116,7 +1116,7 @@ static uint32_t fpga_tx(struct solos_card *card) vcc = SKB_CB(oldskb)->vcc; if (vcc) { @@ -33364,7 +32828,7 @@ index 969c3c2..9b72956 100644 } diff --git a/drivers/base/bus.c b/drivers/base/bus.c -index 6856303..0602d70 100644 +index 519865b..e540db3 100644 --- a/drivers/base/bus.c +++ b/drivers/base/bus.c @@ -1163,7 +1163,7 @@ int subsys_interface_register(struct subsys_interface *sif) @@ -33386,10 +32850,10 @@ index 6856303..0602d70 100644 subsys_dev_iter_init(&iter, subsys, NULL, NULL); while ((dev = subsys_dev_iter_next(&iter))) diff --git a/drivers/base/devtmpfs.c b/drivers/base/devtmpfs.c -index 17cf7ca..7e553e1 100644 +index 01fc5b0..d0ed716 100644 --- a/drivers/base/devtmpfs.c +++ b/drivers/base/devtmpfs.c -@@ -347,7 +347,7 @@ int devtmpfs_mount(const char *mntdir) +@@ -348,7 +348,7 @@ int devtmpfs_mount(const char *mntdir) if (!thread) return 0; @@ -33412,10 +32876,10 @@ index fac124a..66bd4ab 100644 static ssize_t show_node_state(struct device *dev, struct device_attribute *attr, char *buf) diff --git a/drivers/base/power/domain.c b/drivers/base/power/domain.c -index acc3a8d..981c236 100644 +index 9a6b05a..2fc8fb9 100644 --- a/drivers/base/power/domain.c +++ b/drivers/base/power/domain.c -@@ -1851,7 +1851,7 @@ int pm_genpd_attach_cpuidle(struct generic_pm_domain *genpd, int state) +@@ -1850,7 +1850,7 @@ int pm_genpd_attach_cpuidle(struct generic_pm_domain *genpd, int state) { struct cpuidle_driver *cpuidle_drv; struct gpd_cpu_data *cpu_data; @@ -33424,7 +32888,7 @@ index acc3a8d..981c236 100644 int ret = 0; if (IS_ERR_OR_NULL(genpd) || state < 0) -@@ -1919,7 +1919,7 @@ int pm_genpd_name_attach_cpuidle(const char *name, int state) +@@ -1918,7 +1918,7 @@ int pm_genpd_name_attach_cpuidle(const char *name, int state) int pm_genpd_detach_cpuidle(struct generic_pm_domain *genpd) { struct gpd_cpu_data *cpu_data; @@ -33434,7 +32898,7 @@ index acc3a8d..981c236 100644 if (IS_ERR_OR_NULL(genpd)) diff --git a/drivers/base/power/wakeup.c b/drivers/base/power/wakeup.c -index e6ee5e8..98ad7fc 100644 +index 79715e7..df06b3b 100644 --- a/drivers/base/power/wakeup.c +++ b/drivers/base/power/wakeup.c @@ -29,14 +29,14 @@ bool events_check_enabled __read_mostly; @@ -33454,7 +32918,7 @@ index e6ee5e8..98ad7fc 100644 *cnt = (comb >> IN_PROGRESS_BITS); *inpr = comb & MAX_IN_PROGRESS; -@@ -389,7 +389,7 @@ static void wakeup_source_activate(struct wakeup_source *ws) +@@ -395,7 +395,7 @@ static void wakeup_source_activate(struct wakeup_source *ws) ws->start_prevent_time = ws->last_time; /* Increment the counter of events in progress. */ @@ -33463,7 +32927,7 @@ index e6ee5e8..98ad7fc 100644 trace_wakeup_source_activate(ws->name, cec); } -@@ -515,7 +515,7 @@ static void wakeup_source_deactivate(struct wakeup_source *ws) +@@ -521,7 +521,7 @@ static void wakeup_source_deactivate(struct wakeup_source *ws) * Increment the counter of registered wakeup events and decrement the * couter of wakeup events in progress simultaneously. */ @@ -33495,7 +32959,7 @@ index e8d11b6..7b1b36f 100644 } EXPORT_SYMBOL_GPL(unregister_syscore_ops); diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c -index ade58bc..867143d 100644 +index 1c1b8e5..b7fc681 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c @@ -1196,6 +1196,8 @@ static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode, @@ -33799,7 +33263,7 @@ index 6b51afa..17e1191 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c -index 8c13eeb..217adee 100644 +index e98da67..1181716b 100644 --- a/drivers/block/drbd/drbd_main.c +++ b/drivers/block/drbd/drbd_main.c @@ -1317,7 +1317,7 @@ static int _drbd_send_ack(struct drbd_conf *mdev, enum drbd_packet cmd, @@ -33931,10 +33395,10 @@ index a9eccfc..f5efe87 100644 static struct asender_cmd asender_tbl[] = { [P_PING] = { 0, got_Ping }, diff --git a/drivers/block/loop.c b/drivers/block/loop.c -index f74f2c0..bb668af 100644 +index dfe7583..83768bb 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c -@@ -226,7 +226,7 @@ static int __do_lo_send_write(struct file *file, +@@ -231,7 +231,7 @@ static int __do_lo_send_write(struct file *file, mm_segment_t old_fs = get_fs(); set_fs(get_ds()); @@ -34003,7 +33467,7 @@ index d59cdcb..11afddf 100644 static int gdrom_bdops_open(struct block_device *bdev, fmode_t mode) diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig -index 72bedad..8181ce1 100644 +index 3bb6fa3..34013fb 100644 --- a/drivers/char/Kconfig +++ b/drivers/char/Kconfig @@ -8,7 +8,8 @@ source "drivers/tty/Kconfig" @@ -34016,7 +33480,7 @@ index 72bedad..8181ce1 100644 help Say Y here if you want to support the /dev/kmem device. The /dev/kmem device is rarely used, but can be used for certain -@@ -581,6 +582,7 @@ config DEVPORT +@@ -582,6 +583,7 @@ config DEVPORT bool depends on !M68K depends on ISA || PCI @@ -34050,7 +33514,7 @@ index 21cb980..f15107c 100644 return -EINVAL; else diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c -index 615d262..15d5c9d 100644 +index d784650..e8bfd69 100644 --- a/drivers/char/hpet.c +++ b/drivers/char/hpet.c @@ -559,7 +559,7 @@ static inline unsigned long hpet_time_div(struct hpets *hpets, @@ -34097,7 +33561,7 @@ index 053201b0..8335cce 100644 intf->proc_dir = NULL; diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c -index 1c7fdcd..4899100 100644 +index 0ac9b45..6179fb5 100644 --- a/drivers/char/ipmi/ipmi_si_intf.c +++ b/drivers/char/ipmi/ipmi_si_intf.c @@ -275,7 +275,7 @@ struct smi_info { @@ -34121,7 +33585,7 @@ index 1c7fdcd..4899100 100644 #define SI_MAX_PARMS 4 -@@ -3225,7 +3225,7 @@ static int try_smi_init(struct smi_info *new_smi) +@@ -3254,7 +3254,7 @@ static int try_smi_init(struct smi_info *new_smi) atomic_set(&new_smi->req_events, 0); new_smi->run_to_completion = 0; for (i = 0; i < SI_NUM_STATS; i++) @@ -34131,7 +33595,7 @@ index 1c7fdcd..4899100 100644 new_smi->interrupt_disabled = 1; atomic_set(&new_smi->stop_operation, 0); diff --git a/drivers/char/mem.c b/drivers/char/mem.c -index c6fa3bc..4ca3e42 100644 +index 2c644af..b867b3e 100644 --- a/drivers/char/mem.c +++ b/drivers/char/mem.c @@ -18,6 +18,7 @@ @@ -34218,7 +33682,7 @@ index c6fa3bc..4ca3e42 100644 unsigned long p = *ppos; - ssize_t low_count, read, sz; + ssize_t low_count, read, sz, err = 0; - char * kbuf; /* k-addr because vread() takes vmlist_lock rwlock */ + char *kbuf; /* k-addr because vread() takes vmlist_lock rwlock */ - int err = 0; read = 0; @@ -34280,40 +33744,40 @@ index 9df78e2..01ba9ae 100644 *ppos = i; diff --git a/drivers/char/pcmcia/synclink_cs.c b/drivers/char/pcmcia/synclink_cs.c -index b66eaa0..2619d1b 100644 +index 5c5cc00..ac9edb7 100644 --- a/drivers/char/pcmcia/synclink_cs.c +++ b/drivers/char/pcmcia/synclink_cs.c -@@ -2348,9 +2348,9 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) +@@ -2345,9 +2345,9 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgslpc_close(%s) entry, count=%d\n", -- __FILE__,__LINE__, info->device_name, port->count); -+ __FILE__,__LINE__, info->device_name, atomic_read(&port->count)); +- __FILE__, __LINE__, info->device_name, port->count); ++ __FILE__, __LINE__, info->device_name, atomic_read(&port->count)); - WARN_ON(!port->count); + WARN_ON(!atomic_read(&port->count)); if (tty_port_close_start(port, tty, filp) == 0) goto cleanup; -@@ -2368,7 +2368,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) +@@ -2365,7 +2365,7 @@ static void mgslpc_close(struct tty_struct *tty, struct file * filp) cleanup: if (debug_level >= DEBUG_LEVEL_INFO) - printk("%s(%d):mgslpc_close(%s) exit, count=%d\n", __FILE__,__LINE__, + printk("%s(%d):mgslpc_close(%s) exit, count=%d\n", __FILE__, __LINE__, - tty->driver->name, port->count); + tty->driver->name, atomic_read(&port->count)); } /* Wait until the transmitter is empty. -@@ -2510,7 +2510,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) +@@ -2507,7 +2507,7 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgslpc_open(%s), old ref count = %d\n", -- __FILE__,__LINE__,tty->driver->name, port->count); -+ __FILE__,__LINE__,tty->driver->name, atomic_read(&port->count)); +- __FILE__, __LINE__, tty->driver->name, port->count); ++ __FILE__, __LINE__, tty->driver->name, atomic_read(&port->count)); /* If port is closing, signal caller to try again */ if (tty_hung_up_p(filp) || port->flags & ASYNC_CLOSING){ -@@ -2530,11 +2530,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) +@@ -2527,11 +2527,11 @@ static int mgslpc_open(struct tty_struct *tty, struct file * filp) goto cleanup; } spin_lock(&port->lock); @@ -34327,7 +33791,7 @@ index b66eaa0..2619d1b 100644 /* 1st open on this device, init hardware */ retval = startup(info, tty); if (retval < 0) -@@ -3889,7 +3889,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, +@@ -3920,7 +3920,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, unsigned short new_crctype; /* return error if TTY interface open */ @@ -34336,7 +33800,7 @@ index b66eaa0..2619d1b 100644 return -EBUSY; switch (encoding) -@@ -3992,7 +3992,7 @@ static int hdlcdev_open(struct net_device *dev) +@@ -4024,7 +4024,7 @@ static int hdlcdev_open(struct net_device *dev) /* arbitrate between network and tty opens */ spin_lock_irqsave(&info->netlock, flags); @@ -34345,8 +33809,8 @@ index b66eaa0..2619d1b 100644 printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name); spin_unlock_irqrestore(&info->netlock, flags); return -EBUSY; -@@ -4081,7 +4081,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) - printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name); +@@ -4114,7 +4114,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) + printk("%s:hdlcdev_ioctl(%s)\n", __FILE__, dev->name); /* return error if TTY interface open */ - if (info->port.count) @@ -34355,7 +33819,7 @@ index b66eaa0..2619d1b 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/char/random.c b/drivers/char/random.c -index 57d4b15..253207b 100644 +index 32a6c57..e7f0f7b 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -272,8 +272,13 @@ @@ -34429,7 +33893,7 @@ index 57d4b15..253207b 100644 uuid = table->data; diff --git a/drivers/char/sonypi.c b/drivers/char/sonypi.c -index d780295..b29f3a8 100644 +index bf2349db..5456d53 100644 --- a/drivers/char/sonypi.c +++ b/drivers/char/sonypi.c @@ -54,6 +54,7 @@ @@ -34470,21 +33934,8 @@ index d780295..b29f3a8 100644 mutex_unlock(&sonypi_device.lock); return 0; -diff --git a/drivers/char/tpm/tpm.c b/drivers/char/tpm/tpm.c -index ba780b7..cdb8a9c 100644 ---- a/drivers/char/tpm/tpm.c -+++ b/drivers/char/tpm/tpm.c -@@ -410,7 +410,7 @@ static ssize_t tpm_transmit(struct tpm_chip *chip, const char *buf, - chip->vendor.req_complete_val) - goto out_recv; - -- if ((status == chip->vendor.req_canceled)) { -+ if (status == chip->vendor.req_canceled) { - dev_err(chip->dev, "Operation Canceled\n"); - rc = -ECANCELED; - goto out; diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c -index 56051d0..11cf3b7 100644 +index 64420b3..5c40b56 100644 --- a/drivers/char/tpm/tpm_acpi.c +++ b/drivers/char/tpm/tpm_acpi.c @@ -98,11 +98,12 @@ int read_log(struct tpm_bios_log *log) @@ -34534,10 +33985,10 @@ index 84ddc55..1d32f1e 100644 return 0; } diff --git a/drivers/char/virtio_console.c b/drivers/char/virtio_console.c -index a4b7aa0..2faa0bc 100644 +index ce5f3fc..e2d3e55 100644 --- a/drivers/char/virtio_console.c +++ b/drivers/char/virtio_console.c -@@ -685,7 +685,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, +@@ -679,7 +679,7 @@ static ssize_t fill_readbuf(struct port *port, char *out_buf, size_t out_count, if (to_user) { ssize_t ret; @@ -34546,7 +33997,7 @@ index a4b7aa0..2faa0bc 100644 if (ret) return -EFAULT; } else { -@@ -784,7 +784,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf, +@@ -778,7 +778,7 @@ static ssize_t port_fops_read(struct file *filp, char __user *ubuf, if (!port_has_data(port) && !port->host_connected) return 0; @@ -34555,11 +34006,24 @@ index a4b7aa0..2faa0bc 100644 } static int wait_port_writable(struct port *port, bool nonblock) -diff --git a/drivers/clocksource/arm_generic.c b/drivers/clocksource/arm_generic.c -index 8ae1a61..9c00613 100644 ---- a/drivers/clocksource/arm_generic.c -+++ b/drivers/clocksource/arm_generic.c -@@ -181,7 +181,7 @@ static int __cpuinit arch_timer_cpu_notify(struct notifier_block *self, +diff --git a/drivers/clocksource/arm_arch_timer.c b/drivers/clocksource/arm_arch_timer.c +index d7ad425..3e3f81f 100644 +--- a/drivers/clocksource/arm_arch_timer.c ++++ b/drivers/clocksource/arm_arch_timer.c +@@ -262,7 +262,7 @@ static int __cpuinit arch_timer_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block arch_timer_cpu_nb __cpuinitdata = { ++static struct notifier_block arch_timer_cpu_nb = { + .notifier_call = arch_timer_cpu_notify, + }; + +diff --git a/drivers/clocksource/metag_generic.c b/drivers/clocksource/metag_generic.c +index ade7513..069445f 100644 +--- a/drivers/clocksource/metag_generic.c ++++ b/drivers/clocksource/metag_generic.c +@@ -169,7 +169,7 @@ static int __cpuinit arch_timer_cpu_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -34569,7 +34033,7 @@ index 8ae1a61..9c00613 100644 }; diff --git a/drivers/cpufreq/acpi-cpufreq.c b/drivers/cpufreq/acpi-cpufreq.c -index 7b0d49d..134fac9 100644 +index 57a8774..545e993 100644 --- a/drivers/cpufreq/acpi-cpufreq.c +++ b/drivers/cpufreq/acpi-cpufreq.c @@ -172,7 +172,7 @@ static ssize_t show_global_boost(struct kobject *kobj, @@ -34595,7 +34059,7 @@ index 7b0d49d..134fac9 100644 result = acpi_processor_register_performance(data->acpi_data, cpu); if (result) -@@ -835,7 +838,9 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy) +@@ -839,7 +842,9 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy) policy->cur = acpi_cpufreq_guess_freq(data, policy->cpu); break; case ACPI_ADR_SPACE_FIXED_HARDWARE: @@ -34606,7 +34070,7 @@ index 7b0d49d..134fac9 100644 policy->cur = get_cur_freq_on_cpu(cpu); break; default: -@@ -846,8 +851,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy) +@@ -850,8 +855,11 @@ static int acpi_cpufreq_cpu_init(struct cpufreq_policy *policy) acpi_processor_notify_smm(THIS_MODULE); /* Check for APERF/MPERF support in hardware */ @@ -34621,10 +34085,10 @@ index 7b0d49d..134fac9 100644 pr_debug("CPU%u - ACPI performance management activated.\n", cpu); for (i = 0; i < perf->state_count; i++) diff --git a/drivers/cpufreq/cpufreq.c b/drivers/cpufreq/cpufreq.c -index 1f93dbd..305cef1 100644 +index b02824d..51e44aa 100644 --- a/drivers/cpufreq/cpufreq.c +++ b/drivers/cpufreq/cpufreq.c -@@ -1843,7 +1843,7 @@ static int __cpuinit cpufreq_cpu_callback(struct notifier_block *nfb, +@@ -1813,7 +1813,7 @@ static int __cpuinit cpufreq_cpu_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -34633,7 +34097,7 @@ index 1f93dbd..305cef1 100644 .notifier_call = cpufreq_cpu_callback, }; -@@ -1875,8 +1875,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) +@@ -1845,8 +1845,11 @@ int cpufreq_register_driver(struct cpufreq_driver *driver_data) pr_debug("trying to register driver %s\n", driver_data->name); @@ -34648,47 +34112,22 @@ index 1f93dbd..305cef1 100644 spin_lock_irqsave(&cpufreq_driver_lock, flags); if (cpufreq_driver) { diff --git a/drivers/cpufreq/cpufreq_governor.c b/drivers/cpufreq/cpufreq_governor.c -index 6c5f1d3..c7e2f35e 100644 +index 5a76086..0f4d394 100644 --- a/drivers/cpufreq/cpufreq_governor.c +++ b/drivers/cpufreq/cpufreq_governor.c -@@ -243,7 +243,7 @@ int cpufreq_governor_dbs(struct dbs_data *dbs_data, - * governor, thus we are bound to jiffes/HZ - */ - if (dbs_data->governor == GOV_CONSERVATIVE) { -- struct cs_ops *ops = dbs_data->gov_ops; -+ const struct cs_ops *ops = dbs_data->gov_ops; - - cpufreq_register_notifier(ops->notifier_block, - CPUFREQ_TRANSITION_NOTIFIER); -@@ -251,7 +251,7 @@ int cpufreq_governor_dbs(struct dbs_data *dbs_data, - dbs_data->min_sampling_rate = MIN_SAMPLING_RATE_RATIO * - jiffies_to_usecs(10); - } else { -- struct od_ops *ops = dbs_data->gov_ops; -+ const struct od_ops *ops = dbs_data->gov_ops; - - od_tuners->io_is_busy = ops->io_busy(); - } -@@ -268,7 +268,7 @@ second_time: - cs_dbs_info->enable = 1; - cs_dbs_info->requested_freq = policy->cur; - } else { -- struct od_ops *ops = dbs_data->gov_ops; -+ const struct od_ops *ops = dbs_data->gov_ops; - od_dbs_info->rate_mult = 1; - od_dbs_info->sample_type = OD_NORMAL_SAMPLE; - ops->powersave_bias_init_cpu(cpu); -@@ -289,7 +289,7 @@ second_time: - mutex_destroy(&cpu_cdbs->timer_mutex); - dbs_data->enable--; - if (!dbs_data->enable) { -- struct cs_ops *ops = dbs_data->gov_ops; -+ const struct cs_ops *ops = dbs_data->gov_ops; - - sysfs_remove_group(cpufreq_global_kobject, - dbs_data->attr_group); +@@ -201,8 +201,8 @@ int cpufreq_governor_dbs(struct dbs_data *dbs_data, + { + struct od_cpu_dbs_info_s *od_dbs_info = NULL; + struct cs_cpu_dbs_info_s *cs_dbs_info = NULL; +- struct cs_ops *cs_ops = NULL; +- struct od_ops *od_ops = NULL; ++ const struct cs_ops *cs_ops = NULL; ++ const struct od_ops *od_ops = NULL; + struct od_dbs_tuners *od_tuners = dbs_data->tuners; + struct cs_dbs_tuners *cs_tuners = dbs_data->tuners; + struct cpu_dbs_common_info *cpu_cdbs; diff --git a/drivers/cpufreq/cpufreq_governor.h b/drivers/cpufreq/cpufreq_governor.h -index f661654..6c8e638 100644 +index cc4bd2f..ad142bc 100644 --- a/drivers/cpufreq/cpufreq_governor.h +++ b/drivers/cpufreq/cpufreq_governor.h @@ -142,7 +142,7 @@ struct dbs_data { @@ -34701,10 +34140,10 @@ index f661654..6c8e638 100644 /* Governor specific ops, will be passed to dbs_data->gov_ops */ diff --git a/drivers/cpufreq/cpufreq_stats.c b/drivers/cpufreq/cpufreq_stats.c -index 9d7732b..0b1a793 100644 +index bfd6273..e39dd63 100644 --- a/drivers/cpufreq/cpufreq_stats.c +++ b/drivers/cpufreq/cpufreq_stats.c -@@ -340,7 +340,7 @@ static int __cpuinit cpufreq_stat_cpu_callback(struct notifier_block *nfb, +@@ -365,7 +365,7 @@ static int __cpuinit cpufreq_stat_cpu_callback(struct notifier_block *nfb, } /* priority=1 so this will get called before cpufreq_remove_dev */ @@ -34764,10 +34203,10 @@ index 3a953d5..f5993f6 100644 if (policy->cpu != 0) return -ENODEV; diff --git a/drivers/cpuidle/cpuidle.c b/drivers/cpuidle/cpuidle.c -index e1f6860..f8de20b 100644 +index eba6929..0f53baf 100644 --- a/drivers/cpuidle/cpuidle.c +++ b/drivers/cpuidle/cpuidle.c -@@ -279,7 +279,7 @@ static int poll_idle(struct cpuidle_device *dev, +@@ -277,7 +277,7 @@ static int poll_idle(struct cpuidle_device *dev, static void poll_idle_init(struct cpuidle_driver *drv) { @@ -34847,7 +34286,7 @@ index b70709b..1d8d02a 100644 /* Run before NMI debug handler and KGDB */ diff --git a/drivers/edac/edac_mc_sysfs.c b/drivers/edac/edac_mc_sysfs.c -index 0ca1ca7..6e6f454 100644 +index 769d92e..a3dcc1e 100644 --- a/drivers/edac/edac_mc_sysfs.c +++ b/drivers/edac/edac_mc_sysfs.c @@ -148,7 +148,7 @@ static const char *edac_caps[] = { @@ -34859,8 +34298,29 @@ index 0ca1ca7..6e6f454 100644 #define DEVICE_CHANNEL(_name, _mode, _show, _store, _var) \ struct dev_ch_attribute dev_attr_legacy_##_name = \ +@@ -1003,14 +1003,16 @@ int edac_create_sysfs_mci_device(struct mem_ctl_info *mci) + } + + if (mci->set_sdram_scrub_rate || mci->get_sdram_scrub_rate) { ++ pax_open_kernel(); + if (mci->get_sdram_scrub_rate) { +- dev_attr_sdram_scrub_rate.attr.mode |= S_IRUGO; +- dev_attr_sdram_scrub_rate.show = &mci_sdram_scrub_rate_show; ++ *(umode_t *)&dev_attr_sdram_scrub_rate.attr.mode |= S_IRUGO; ++ *(void **)&dev_attr_sdram_scrub_rate.show = &mci_sdram_scrub_rate_show; + } + if (mci->set_sdram_scrub_rate) { +- dev_attr_sdram_scrub_rate.attr.mode |= S_IWUSR; +- dev_attr_sdram_scrub_rate.store = &mci_sdram_scrub_rate_store; ++ *(umode_t *)&dev_attr_sdram_scrub_rate.attr.mode |= S_IWUSR; ++ *(void **)&dev_attr_sdram_scrub_rate.store = &mci_sdram_scrub_rate_store; + } ++ pax_close_kernel(); + err = device_create_file(&mci->dev, + &dev_attr_sdram_scrub_rate); + if (err) { diff --git a/drivers/edac/edac_pci_sysfs.c b/drivers/edac/edac_pci_sysfs.c -index 0056c4d..23b54d9 100644 +index e8658e4..22746d6 100644 --- a/drivers/edac/edac_pci_sysfs.c +++ b/drivers/edac/edac_pci_sysfs.c @@ -26,8 +26,8 @@ static int edac_pci_log_pe = 1; /* log PCI parity errors */ @@ -34956,13 +34416,13 @@ index 0056c4d..23b54d9 100644 } } diff --git a/drivers/edac/mce_amd.h b/drivers/edac/mce_amd.h -index 6796799..99e8377 100644 +index 51b7e3a..aa8a3e8 100644 --- a/drivers/edac/mce_amd.h +++ b/drivers/edac/mce_amd.h -@@ -78,7 +78,7 @@ extern const char * const ii_msgs[]; - struct amd_decoder_ops { +@@ -77,7 +77,7 @@ struct amd_decoder_ops { bool (*mc0_mce)(u16, u8); bool (*mc1_mce)(u16, u8); + bool (*mc2_mce)(u16, u8); -}; +} __no_const; @@ -34982,10 +34442,10 @@ index 57ea7f4..789e3c3 100644 card->driver->update_phy_reg(card, 4, PHY_LINK_ACTIVE | PHY_CONTENDER, 0); diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c -index f8d2287..5aaf4db 100644 +index 27ac423..13573e8 100644 --- a/drivers/firewire/core-cdev.c +++ b/drivers/firewire/core-cdev.c -@@ -1365,8 +1365,7 @@ static int init_iso_resource(struct client *client, +@@ -1366,8 +1366,7 @@ static int init_iso_resource(struct client *client, int ret; if ((request->channels == 0 && request->bandwidth == 0) || @@ -34996,7 +34456,7 @@ index f8d2287..5aaf4db 100644 r = kmalloc(sizeof(*r), GFP_KERNEL); diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c -index af3e8aa..eb2f227 100644 +index 03ce7d9..b70f5da 100644 --- a/drivers/firewire/core-device.c +++ b/drivers/firewire/core-device.c @@ -232,7 +232,7 @@ EXPORT_SYMBOL(fw_device_enable_phys_dma); @@ -35071,10 +34531,10 @@ index 4cd392d..4b629e1 100644 iounmap(buf); return 0; diff --git a/drivers/firmware/efivars.c b/drivers/firmware/efivars.c -index b07cb37..2a51037 100644 +index f4baa11..7970c3a 100644 --- a/drivers/firmware/efivars.c +++ b/drivers/firmware/efivars.c -@@ -138,7 +138,7 @@ struct efivar_attribute { +@@ -139,7 +139,7 @@ struct efivar_attribute { }; static struct efivars __efivars; @@ -35083,7 +34543,7 @@ index b07cb37..2a51037 100644 #define PSTORE_EFI_ATTRIBUTES \ (EFI_VARIABLE_NON_VOLATILE | \ -@@ -1834,7 +1834,7 @@ efivar_create_sysfs_entry(struct efivars *efivars, +@@ -1844,7 +1844,7 @@ efivar_create_sysfs_entry(struct efivars *efivars, static int create_efivars_bin_attributes(struct efivars *efivars) { @@ -35108,7 +34568,7 @@ index 2a90ba6..07f3733 100644 ret = sysfs_create_bin_file(firmware_kobj, &memconsole_bin_attr); diff --git a/drivers/gpio/gpio-ich.c b/drivers/gpio/gpio-ich.c -index 6f2306d..af9476a 100644 +index de3c317..b7cd029 100644 --- a/drivers/gpio/gpio-ich.c +++ b/drivers/gpio/gpio-ich.c @@ -69,7 +69,7 @@ struct ichx_desc { @@ -35147,10 +34607,10 @@ index 7b2d378..cc947ea 100644 dev = crtc->dev; diff --git a/drivers/gpu/drm/drm_drv.c b/drivers/gpu/drm/drm_drv.c -index be174ca..7f38143 100644 +index 25f91cd..a376f55 100644 --- a/drivers/gpu/drm/drm_drv.c +++ b/drivers/gpu/drm/drm_drv.c -@@ -307,7 +307,7 @@ module_exit(drm_core_exit); +@@ -306,7 +306,7 @@ module_exit(drm_core_exit); /** * Copy and IOCTL return string to user space */ @@ -35159,7 +34619,7 @@ index be174ca..7f38143 100644 { int len; -@@ -377,7 +377,7 @@ long drm_ioctl(struct file *filp, +@@ -376,7 +376,7 @@ long drm_ioctl(struct file *filp, struct drm_file *file_priv = filp->private_data; struct drm_device *dev; struct drm_ioctl_desc *ioctl; @@ -35168,7 +34628,7 @@ index be174ca..7f38143 100644 unsigned int nr = DRM_IOCTL_NR(cmd); int retcode = -EINVAL; char stack_kdata[128]; -@@ -390,7 +390,7 @@ long drm_ioctl(struct file *filp, +@@ -389,7 +389,7 @@ long drm_ioctl(struct file *filp, return -ENODEV; atomic_inc(&dev->ioctl_count); @@ -35178,7 +34638,7 @@ index be174ca..7f38143 100644 DRM_DEBUG("pid=%d, cmd=0x%02x, nr=0x%02x, dev 0x%lx, auth=%d\n", diff --git a/drivers/gpu/drm/drm_fops.c b/drivers/gpu/drm/drm_fops.c -index 32d7775..c8be5e1 100644 +index 429e07d..e681a2c 100644 --- a/drivers/gpu/drm/drm_fops.c +++ b/drivers/gpu/drm/drm_fops.c @@ -71,7 +71,7 @@ static int drm_setup(struct drm_device * dev) @@ -35217,7 +34677,7 @@ index 32d7775..c8be5e1 100644 return retcode; } EXPORT_SYMBOL(drm_open); -@@ -440,7 +440,7 @@ int drm_release(struct inode *inode, struct file *filp) +@@ -441,7 +441,7 @@ int drm_release(struct inode *inode, struct file *filp) mutex_lock(&drm_global_mutex); @@ -35226,7 +34686,7 @@ index 32d7775..c8be5e1 100644 if (dev->driver->preclose) dev->driver->preclose(dev, file_priv); -@@ -449,10 +449,10 @@ int drm_release(struct inode *inode, struct file *filp) +@@ -450,10 +450,10 @@ int drm_release(struct inode *inode, struct file *filp) * Begin inline drm_release */ @@ -35239,7 +34699,7 @@ index 32d7775..c8be5e1 100644 /* Release any auth tokens that might point to this file_priv, (do that under the drm_global_mutex) */ -@@ -549,8 +549,8 @@ int drm_release(struct inode *inode, struct file *filp) +@@ -550,8 +550,8 @@ int drm_release(struct inode *inode, struct file *filp) * End inline drm_release */ @@ -35443,10 +34903,10 @@ index d752c96..fe08455 100644 if (drm_lock_free(&master->lock, lock->context)) { /* FIXME: Should really bail out here. */ diff --git a/drivers/gpu/drm/drm_stub.c b/drivers/gpu/drm/drm_stub.c -index 200e104..59facda 100644 +index 7d30802..42c6cbb 100644 --- a/drivers/gpu/drm/drm_stub.c +++ b/drivers/gpu/drm/drm_stub.c -@@ -516,7 +516,7 @@ void drm_unplug_dev(struct drm_device *dev) +@@ -501,7 +501,7 @@ void drm_unplug_dev(struct drm_device *dev) drm_device_set_unplugged(dev); @@ -35497,10 +34957,10 @@ index 6e0acad..93c8289 100644 int front_offset; } drm_i810_private_t; diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c -index 261efc8e..27af8a5 100644 +index 7299ea4..5314487 100644 --- a/drivers/gpu/drm/i915/i915_debugfs.c +++ b/drivers/gpu/drm/i915/i915_debugfs.c -@@ -496,7 +496,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data) +@@ -499,7 +499,7 @@ static int i915_interrupt_info(struct seq_file *m, void *data) I915_READ(GTIMR)); } seq_printf(m, "Interrupts received: %d\n", @@ -35510,10 +34970,10 @@ index 261efc8e..27af8a5 100644 if (IS_GEN6(dev) || IS_GEN7(dev)) { seq_printf(m, diff --git a/drivers/gpu/drm/i915/i915_dma.c b/drivers/gpu/drm/i915/i915_dma.c -index 99daa89..84ebd44 100644 +index 4fa6beb..f930fec 100644 --- a/drivers/gpu/drm/i915/i915_dma.c +++ b/drivers/gpu/drm/i915/i915_dma.c -@@ -1253,7 +1253,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) +@@ -1259,7 +1259,7 @@ static bool i915_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -35523,10 +34983,10 @@ index 99daa89..84ebd44 100644 return can_switch; } diff --git a/drivers/gpu/drm/i915/i915_drv.h b/drivers/gpu/drm/i915/i915_drv.h -index 7339a4b..445aaba 100644 +index ef99b1c..09ce7fb 100644 --- a/drivers/gpu/drm/i915/i915_drv.h +++ b/drivers/gpu/drm/i915/i915_drv.h -@@ -656,7 +656,7 @@ typedef struct drm_i915_private { +@@ -893,7 +893,7 @@ typedef struct drm_i915_private { drm_dma_handle_t *status_page_dmah; struct resource mch_res; @@ -35535,16 +34995,7 @@ index 7339a4b..445aaba 100644 /* protects the irq masks */ spinlock_t irq_lock; -@@ -1102,7 +1102,7 @@ struct drm_i915_gem_object { - * will be page flipped away on the next vblank. When it - * reaches 0, dev_priv->pending_flip_queue will be woken up. - */ -- atomic_t pending_flip; -+ atomic_unchecked_t pending_flip; - }; - #define to_gem_object(obj) (&((struct drm_i915_gem_object *)(obj))->base) - -@@ -1633,7 +1633,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter( +@@ -1775,7 +1775,7 @@ extern struct i2c_adapter *intel_gmbus_get_adapter( struct drm_i915_private *dev_priv, unsigned port); extern void intel_gmbus_set_speed(struct i2c_adapter *adapter, int speed); extern void intel_gmbus_force_bit(struct i2c_adapter *adapter, bool force_bit); @@ -35554,19 +35005,10 @@ index 7339a4b..445aaba 100644 return container_of(adapter, struct intel_gmbus, adapter)->force_bit; } diff --git a/drivers/gpu/drm/i915/i915_gem_execbuffer.c b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -index ba8805a..39d5330 100644 +index 9a48e1a..f0cbc3e 100644 --- a/drivers/gpu/drm/i915/i915_gem_execbuffer.c +++ b/drivers/gpu/drm/i915/i915_gem_execbuffer.c -@@ -672,7 +672,7 @@ i915_gem_execbuffer_move_to_gpu(struct intel_ring_buffer *ring, - i915_gem_clflush_object(obj); - - if (obj->base.pending_write_domain) -- flips |= atomic_read(&obj->pending_flip); -+ flips |= atomic_read_unchecked(&obj->pending_flip); - - flush_domains |= obj->base.write_domain; - } -@@ -703,9 +703,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) +@@ -729,9 +729,9 @@ i915_gem_check_execbuffer(struct drm_i915_gem_execbuffer2 *exec) static int validate_exec_list(struct drm_i915_gem_exec_object2 *exec, @@ -35578,7 +35020,7 @@ index ba8805a..39d5330 100644 int relocs_total = 0; int relocs_max = INT_MAX / sizeof(struct drm_i915_gem_relocation_entry); -@@ -1202,7 +1202,7 @@ i915_gem_execbuffer2(struct drm_device *dev, void *data, +@@ -1195,7 +1195,7 @@ i915_gem_execbuffer2(struct drm_device *dev, void *data, return -ENOMEM; } ret = copy_from_user(exec2_list, @@ -35623,19 +35065,19 @@ index 3c59584..500f2e9 100644 return ret; diff --git a/drivers/gpu/drm/i915/i915_irq.c b/drivers/gpu/drm/i915/i915_irq.c -index fe84338..a863190 100644 +index 3c7bb04..182e049 100644 --- a/drivers/gpu/drm/i915/i915_irq.c +++ b/drivers/gpu/drm/i915/i915_irq.c -@@ -535,7 +535,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg) +@@ -549,7 +549,7 @@ static irqreturn_t valleyview_irq_handler(int irq, void *arg) + int pipe; u32 pipe_stats[I915_MAX_PIPES]; - bool blc_event; - atomic_inc(&dev_priv->irq_received); + atomic_inc_unchecked(&dev_priv->irq_received); while (true) { iir = I915_READ(VLV_IIR); -@@ -688,7 +688,7 @@ static irqreturn_t ivybridge_irq_handler(int irq, void *arg) +@@ -705,7 +705,7 @@ static irqreturn_t ivybridge_irq_handler(int irq, void *arg) irqreturn_t ret = IRQ_NONE; int i; @@ -35644,16 +35086,16 @@ index fe84338..a863190 100644 /* disable master interrupt before clearing iir */ de_ier = I915_READ(DEIER); -@@ -760,7 +760,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg) +@@ -791,7 +791,7 @@ static irqreturn_t ironlake_irq_handler(int irq, void *arg) int ret = IRQ_NONE; - u32 de_iir, gt_iir, de_ier, pch_iir, pm_iir; + u32 de_iir, gt_iir, de_ier, pm_iir, sde_ier; - atomic_inc(&dev_priv->irq_received); + atomic_inc_unchecked(&dev_priv->irq_received); /* disable master interrupt before clearing iir */ de_ier = I915_READ(DEIER); -@@ -1787,7 +1787,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) +@@ -1886,7 +1886,7 @@ static void ironlake_irq_preinstall(struct drm_device *dev) { drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; @@ -35662,7 +35104,7 @@ index fe84338..a863190 100644 I915_WRITE(HWSTAM, 0xeffe); -@@ -1813,7 +1813,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev) +@@ -1912,7 +1912,7 @@ static void valleyview_irq_preinstall(struct drm_device *dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -35671,7 +35113,7 @@ index fe84338..a863190 100644 /* VLV magic */ I915_WRITE(VLV_IMR, 0); -@@ -2108,7 +2108,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev) +@@ -2208,7 +2208,7 @@ static void i8xx_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -35680,7 +35122,7 @@ index fe84338..a863190 100644 for_each_pipe(pipe) I915_WRITE(PIPESTAT(pipe), 0); -@@ -2159,7 +2159,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg) +@@ -2259,7 +2259,7 @@ static irqreturn_t i8xx_irq_handler(int irq, void *arg) I915_DISPLAY_PLANE_A_FLIP_PENDING_INTERRUPT | I915_DISPLAY_PLANE_B_FLIP_PENDING_INTERRUPT; @@ -35689,7 +35131,7 @@ index fe84338..a863190 100644 iir = I915_READ16(IIR); if (iir == 0) -@@ -2244,7 +2244,7 @@ static void i915_irq_preinstall(struct drm_device * dev) +@@ -2344,7 +2344,7 @@ static void i915_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -35698,7 +35140,7 @@ index fe84338..a863190 100644 if (I915_HAS_HOTPLUG(dev)) { I915_WRITE(PORT_HOTPLUG_EN, 0); -@@ -2339,7 +2339,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg) +@@ -2448,7 +2448,7 @@ static irqreturn_t i915_irq_handler(int irq, void *arg) }; int pipe, ret = IRQ_NONE; @@ -35707,7 +35149,7 @@ index fe84338..a863190 100644 iir = I915_READ(IIR); do { -@@ -2465,7 +2465,7 @@ static void i965_irq_preinstall(struct drm_device * dev) +@@ -2574,7 +2574,7 @@ static void i965_irq_preinstall(struct drm_device * dev) drm_i915_private_t *dev_priv = (drm_i915_private_t *) dev->dev_private; int pipe; @@ -35716,7 +35158,7 @@ index fe84338..a863190 100644 I915_WRITE(PORT_HOTPLUG_EN, 0); I915_WRITE(PORT_HOTPLUG_STAT, I915_READ(PORT_HOTPLUG_STAT)); -@@ -2572,7 +2572,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg) +@@ -2690,7 +2690,7 @@ static irqreturn_t i965_irq_handler(int irq, void *arg) int irq_received; int ret = IRQ_NONE, pipe; @@ -35726,47 +35168,10 @@ index fe84338..a863190 100644 iir = I915_READ(IIR); diff --git a/drivers/gpu/drm/i915/intel_display.c b/drivers/gpu/drm/i915/intel_display.c -index d3f834a..0ad1b37 100644 +index c2d173a..f4357cc 100644 --- a/drivers/gpu/drm/i915/intel_display.c +++ b/drivers/gpu/drm/i915/intel_display.c -@@ -2255,7 +2255,7 @@ intel_finish_fb(struct drm_framebuffer *old_fb) - - wait_event(dev_priv->pending_flip_queue, - atomic_read(&dev_priv->mm.wedged) || -- atomic_read(&obj->pending_flip) == 0); -+ atomic_read_unchecked(&obj->pending_flip) == 0); - - /* Big Hammer, we also need to ensure that any pending - * MI_WAIT_FOR_EVENT inside a user batch buffer on the -@@ -7122,8 +7122,7 @@ static void do_intel_finish_page_flip(struct drm_device *dev, - - obj = work->old_fb_obj; - -- atomic_clear_mask(1 << intel_crtc->plane, -- &obj->pending_flip.counter); -+ atomic_clear_mask_unchecked(1 << intel_crtc->plane, &obj->pending_flip); - wake_up(&dev_priv->pending_flip_queue); - - queue_work(dev_priv->wq, &work->work); -@@ -7486,7 +7485,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, - /* Block clients from rendering to the new back buffer until - * the flip occurs and the object is no longer visible. - */ -- atomic_add(1 << intel_crtc->plane, &work->old_fb_obj->pending_flip); -+ atomic_add_unchecked(1 << intel_crtc->plane, &work->old_fb_obj->pending_flip); - atomic_inc(&intel_crtc->unpin_work_count); - - ret = dev_priv->display.queue_flip(dev, crtc, fb, obj); -@@ -7504,7 +7503,7 @@ static int intel_crtc_page_flip(struct drm_crtc *crtc, - cleanup_pending: - atomic_dec(&intel_crtc->unpin_work_count); - crtc->fb = old_fb; -- atomic_sub(1 << intel_crtc->plane, &work->old_fb_obj->pending_flip); -+ atomic_sub_unchecked(1 << intel_crtc->plane, &work->old_fb_obj->pending_flip); - drm_gem_object_unreference(&work->old_fb_obj->base); - drm_gem_object_unreference(&obj->base); - mutex_unlock(&dev->struct_mutex); -@@ -8846,13 +8845,13 @@ struct intel_quirk { +@@ -8722,13 +8722,13 @@ struct intel_quirk { int subsystem_vendor; int subsystem_device; void (*hook)(struct drm_device *dev); @@ -35782,22 +35187,12 @@ index d3f834a..0ad1b37 100644 static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) { -@@ -8860,18 +8859,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) +@@ -8736,18 +8736,20 @@ static int intel_dmi_reverse_brightness(const struct dmi_system_id *id) return 1; } +-static const struct intel_dmi_quirk intel_dmi_quirks[] = { +static const struct dmi_system_id intel_dmi_quirks_table[] = { -+ { -+ .callback = intel_dmi_reverse_brightness, -+ .ident = "NCR Corporation", -+ .matches = {DMI_MATCH(DMI_SYS_VENDOR, "NCR Corporation"), -+ DMI_MATCH(DMI_PRODUCT_NAME, ""), -+ }, -+ }, -+ { } /* terminating entry */ -+}; -+ - static const struct intel_dmi_quirk intel_dmi_quirks[] = { { - .dmi_id_list = &(const struct dmi_system_id[]) { - { @@ -35808,7 +35203,17 @@ index d3f834a..0ad1b37 100644 - }, - }, - { } /* terminating entry */ -- }, ++ .callback = intel_dmi_reverse_brightness, ++ .ident = "NCR Corporation", ++ .matches = {DMI_MATCH(DMI_SYS_VENDOR, "NCR Corporation"), ++ DMI_MATCH(DMI_PRODUCT_NAME, ""), + }, ++ }, ++ { } /* terminating entry */ ++}; ++ ++static const struct intel_dmi_quirk intel_dmi_quirks[] = { ++ { + .dmi_id_list = &intel_dmi_quirks_table, .hook = quirk_invert_brightness, }, @@ -35905,10 +35310,10 @@ index 598c281..60d590e 100644 *sequence = cur_fence; diff --git a/drivers/gpu/drm/nouveau/nouveau_bios.c b/drivers/gpu/drm/nouveau/nouveau_bios.c -index 865eddf..62c4cc3 100644 +index 50a6dd0..ea66ed8 100644 --- a/drivers/gpu/drm/nouveau/nouveau_bios.c +++ b/drivers/gpu/drm/nouveau/nouveau_bios.c -@@ -1015,7 +1015,7 @@ static int parse_bit_tmds_tbl_entry(struct drm_device *dev, struct nvbios *bios, +@@ -965,7 +965,7 @@ static int parse_bit_tmds_tbl_entry(struct drm_device *dev, struct nvbios *bios, struct bit_table { const char id; int (* const parse_fn)(struct drm_device *, struct nvbios *, struct bit_entry *); @@ -35918,10 +35323,10 @@ index 865eddf..62c4cc3 100644 #define BIT_TABLE(id, funcid) ((struct bit_table){ id, parse_bit_##funcid##_tbl_entry }) diff --git a/drivers/gpu/drm/nouveau/nouveau_drm.h b/drivers/gpu/drm/nouveau/nouveau_drm.h -index aa89eb9..d45d38b 100644 +index 9c39baf..30a22be 100644 --- a/drivers/gpu/drm/nouveau/nouveau_drm.h +++ b/drivers/gpu/drm/nouveau/nouveau_drm.h -@@ -80,7 +80,7 @@ struct nouveau_drm { +@@ -81,7 +81,7 @@ struct nouveau_drm { struct drm_global_reference mem_global_ref; struct ttm_bo_global_ref bo_global_ref; struct ttm_bo_device bdev; @@ -35930,32 +35335,28 @@ index aa89eb9..d45d38b 100644 int (*move)(struct nouveau_channel *, struct ttm_buffer_object *, struct ttm_mem_reg *, struct ttm_mem_reg *); -diff --git a/drivers/gpu/drm/nouveau/nouveau_fence.h b/drivers/gpu/drm/nouveau/nouveau_fence.h -index cdb83ac..27f0a16 100644 ---- a/drivers/gpu/drm/nouveau/nouveau_fence.h -+++ b/drivers/gpu/drm/nouveau/nouveau_fence.h -@@ -43,7 +43,7 @@ struct nouveau_fence_priv { - int (*sync)(struct nouveau_fence *, struct nouveau_channel *, - struct nouveau_channel *); - u32 (*read)(struct nouveau_channel *); --}; -+} __no_const; - - #define nouveau_fence(drm) ((struct nouveau_fence_priv *)(drm)->fence) - diff --git a/drivers/gpu/drm/nouveau/nouveau_gem.c b/drivers/gpu/drm/nouveau/nouveau_gem.c -index 8bf695c..9fbc90a 100644 +index b4b4d0c..b7edc15 100644 --- a/drivers/gpu/drm/nouveau/nouveau_gem.c +++ b/drivers/gpu/drm/nouveau/nouveau_gem.c -@@ -321,7 +321,7 @@ validate_init(struct nouveau_channel *chan, struct drm_file *file_priv, - int trycnt = 0; +@@ -322,7 +322,7 @@ validate_init(struct nouveau_channel *chan, struct drm_file *file_priv, int ret, i; + struct nouveau_bo *res_bo = NULL; - sequence = atomic_add_return(1, &drm->ttm.validate_sequence); + sequence = atomic_add_return_unchecked(1, &drm->ttm.validate_sequence); retry: if (++trycnt > 100000) { - NV_ERROR(drm, "%s failed and gave up.\n", __func__); + NV_ERROR(cli, "%s failed and gave up.\n", __func__); +@@ -359,7 +359,7 @@ retry: + if (ret) { + validate_fini(op, NULL); + if (unlikely(ret == -EAGAIN)) { +- sequence = atomic_add_return(1, &drm->ttm.validate_sequence); ++ sequence = atomic_add_return_unchecked(1, &drm->ttm.validate_sequence); + ret = ttm_bo_reserve_slowpath(&nvbo->bo, true, + sequence); + if (!ret) diff --git a/drivers/gpu/drm/nouveau/nouveau_ioc32.c b/drivers/gpu/drm/nouveau/nouveau_ioc32.c index 08214bc..9208577 100644 --- a/drivers/gpu/drm/nouveau/nouveau_ioc32.c @@ -36112,10 +35513,10 @@ index 5a82b6b..9e69c73 100644 if (regcomp (&mask_rex, "(0x[0-9a-fA-F]*) *([_a-zA-Z0-9]*)", REG_EXTENDED)) { diff --git a/drivers/gpu/drm/radeon/radeon_device.c b/drivers/gpu/drm/radeon/radeon_device.c -index 0d6562b..a154330 100644 +index 44b8034..cc722fd 100644 --- a/drivers/gpu/drm/radeon/radeon_device.c +++ b/drivers/gpu/drm/radeon/radeon_device.c -@@ -969,7 +969,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) +@@ -977,7 +977,7 @@ static bool radeon_switcheroo_can_switch(struct pci_dev *pdev) bool can_switch; spin_lock(&dev->count_lock); @@ -36125,10 +35526,10 @@ index 0d6562b..a154330 100644 return can_switch; } diff --git a/drivers/gpu/drm/radeon/radeon_drv.h b/drivers/gpu/drm/radeon/radeon_drv.h -index e7fdf16..f4f6490 100644 +index b369d42..8dd04eb 100644 --- a/drivers/gpu/drm/radeon/radeon_drv.h +++ b/drivers/gpu/drm/radeon/radeon_drv.h -@@ -255,7 +255,7 @@ typedef struct drm_radeon_private { +@@ -258,7 +258,7 @@ typedef struct drm_radeon_private { /* SW interrupt */ wait_queue_head_t swi_queue; @@ -36182,10 +35583,10 @@ index c180df8..5fd8186 100644 return ret; diff --git a/drivers/gpu/drm/radeon/radeon_irq.c b/drivers/gpu/drm/radeon/radeon_irq.c -index e771033..a0bc6b3 100644 +index 8d68e97..9dcfed8 100644 --- a/drivers/gpu/drm/radeon/radeon_irq.c +++ b/drivers/gpu/drm/radeon/radeon_irq.c -@@ -224,8 +224,8 @@ static int radeon_emit_irq(struct drm_device * dev) +@@ -226,8 +226,8 @@ static int radeon_emit_irq(struct drm_device * dev) unsigned int ret; RING_LOCALS; @@ -36196,7 +35597,7 @@ index e771033..a0bc6b3 100644 BEGIN_RING(4); OUT_RING_REG(RADEON_LAST_SWI_REG, ret); -@@ -351,7 +351,7 @@ int radeon_driver_irq_postinstall(struct drm_device *dev) +@@ -353,7 +353,7 @@ int radeon_driver_irq_postinstall(struct drm_device *dev) drm_radeon_private_t *dev_priv = (drm_radeon_private_t *) dev->dev_private; @@ -36206,10 +35607,10 @@ index e771033..a0bc6b3 100644 dev->max_vblank_count = 0x001fffff; diff --git a/drivers/gpu/drm/radeon/radeon_state.c b/drivers/gpu/drm/radeon/radeon_state.c -index 8e9057b..af6dacb 100644 +index 4d20910..6726b6d 100644 --- a/drivers/gpu/drm/radeon/radeon_state.c +++ b/drivers/gpu/drm/radeon/radeon_state.c -@@ -2166,7 +2166,7 @@ static int radeon_cp_clear(struct drm_device *dev, void *data, struct drm_file * +@@ -2168,7 +2168,7 @@ static int radeon_cp_clear(struct drm_device *dev, void *data, struct drm_file * if (sarea_priv->nbox > RADEON_NR_SAREA_CLIPRECTS) sarea_priv->nbox = RADEON_NR_SAREA_CLIPRECTS; @@ -36218,7 +35619,7 @@ index 8e9057b..af6dacb 100644 sarea_priv->nbox * sizeof(depth_boxes[0]))) return -EFAULT; -@@ -3029,7 +3029,7 @@ static int radeon_cp_getparam(struct drm_device *dev, void *data, struct drm_fil +@@ -3031,7 +3031,7 @@ static int radeon_cp_getparam(struct drm_device *dev, void *data, struct drm_fil { drm_radeon_private_t *dev_priv = dev->dev_private; drm_radeon_getparam_t *param = data; @@ -36333,7 +35734,7 @@ index bd2a3b4..122d9ad 100644 int shrink_pages = sc->nr_to_scan; diff --git a/drivers/gpu/drm/udl/udl_fb.c b/drivers/gpu/drm/udl/udl_fb.c -index 1eb060c..188b1fc 100644 +index 9f4be3d..cbc9fcc 100644 --- a/drivers/gpu/drm/udl/udl_fb.c +++ b/drivers/gpu/drm/udl/udl_fb.c @@ -367,7 +367,6 @@ static int udl_fb_release(struct fb_info *info, int user) @@ -36529,10 +35930,10 @@ index 8a8725c..afed796 100644 marker = list_first_entry(&queue->head, struct vmw_marker, head); diff --git a/drivers/hid/hid-core.c b/drivers/hid/hid-core.c -index ceb3040..6160c5c 100644 +index aa341d1..ef07090 100644 --- a/drivers/hid/hid-core.c +++ b/drivers/hid/hid-core.c -@@ -2242,7 +2242,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); +@@ -2267,7 +2267,7 @@ EXPORT_SYMBOL_GPL(hid_ignore); int hid_add_device(struct hid_device *hdev) { @@ -36541,7 +35942,7 @@ index ceb3040..6160c5c 100644 int ret; if (WARN_ON(hdev->status & HID_STAT_ADDED)) -@@ -2276,7 +2276,7 @@ int hid_add_device(struct hid_device *hdev) +@@ -2301,7 +2301,7 @@ int hid_add_device(struct hid_device *hdev) /* XXX hack, any other cleaner solution after the driver core * is converted to allow more than 20 bytes as the device name? */ dev_set_name(&hdev->dev, "%04X:%04X:%04X.%04X", hdev->bus, @@ -36551,7 +35952,7 @@ index ceb3040..6160c5c 100644 hid_debug_register(hdev, dev_name(&hdev->dev)); ret = device_add(&hdev->dev); diff --git a/drivers/hid/hid-wiimote-debug.c b/drivers/hid/hid-wiimote-debug.c -index eec3291..8ed706b 100644 +index 90124ff..3761764 100644 --- a/drivers/hid/hid-wiimote-debug.c +++ b/drivers/hid/hid-wiimote-debug.c @@ -66,7 +66,7 @@ static ssize_t wiidebug_eeprom_read(struct file *f, char __user *u, size_t s, @@ -36564,7 +35965,7 @@ index eec3291..8ed706b 100644 *off += size; diff --git a/drivers/hv/channel.c b/drivers/hv/channel.c -index 773a2f2..7ce08bc 100644 +index 0b122f8..b1d8160 100644 --- a/drivers/hv/channel.c +++ b/drivers/hv/channel.c @@ -394,8 +394,8 @@ int vmbus_establish_gpadl(struct vmbus_channel *channel, void *kbuffer, @@ -36579,10 +35980,10 @@ index 773a2f2..7ce08bc 100644 ret = create_gpadl_header(kbuffer, size, &msginfo, &msgcount); if (ret) diff --git a/drivers/hv/hv.c b/drivers/hv/hv.c -index 3648f8f..30ef30d 100644 +index 7311589..861e9ef 100644 --- a/drivers/hv/hv.c +++ b/drivers/hv/hv.c -@@ -111,7 +111,7 @@ static u64 do_hypercall(u64 control, void *input, void *output) +@@ -112,7 +112,7 @@ static u64 do_hypercall(u64 control, void *input, void *output) u64 output_address = (output) ? virt_to_phys(output) : 0; u32 output_address_hi = output_address >> 32; u32 output_address_lo = output_address & 0xFFFFFFFF; @@ -36592,10 +35993,10 @@ index 3648f8f..30ef30d 100644 __asm__ __volatile__ ("call *%8" : "=d"(hv_status_hi), "=a"(hv_status_lo) : "d" (control_hi), diff --git a/drivers/hv/hyperv_vmbus.h b/drivers/hv/hyperv_vmbus.h -index d8d1fad..b91caf7 100644 +index 12f2f9e..679603c 100644 --- a/drivers/hv/hyperv_vmbus.h +++ b/drivers/hv/hyperv_vmbus.h -@@ -594,7 +594,7 @@ enum vmbus_connect_state { +@@ -591,7 +591,7 @@ enum vmbus_connect_state { struct vmbus_connection { enum vmbus_connect_state conn_state; @@ -36605,10 +36006,10 @@ index d8d1fad..b91caf7 100644 /* * Represents channel interrupts. Each bit position represents a diff --git a/drivers/hv/vmbus_drv.c b/drivers/hv/vmbus_drv.c -index 8e1a9ec..4687821 100644 +index bf421e0..ce2c897 100644 --- a/drivers/hv/vmbus_drv.c +++ b/drivers/hv/vmbus_drv.c -@@ -629,10 +629,10 @@ int vmbus_device_register(struct hv_device *child_device_obj) +@@ -668,10 +668,10 @@ int vmbus_device_register(struct hv_device *child_device_obj) { int ret = 0; @@ -36622,7 +36023,7 @@ index 8e1a9ec..4687821 100644 child_device_obj->device.bus = &hv_bus; child_device_obj->device.parent = &hv_acpi_dev->dev; diff --git a/drivers/hwmon/acpi_power_meter.c b/drivers/hwmon/acpi_power_meter.c -index 1672e2a..4a6297c 100644 +index 6351aba..dc4aaf4 100644 --- a/drivers/hwmon/acpi_power_meter.c +++ b/drivers/hwmon/acpi_power_meter.c @@ -117,7 +117,7 @@ struct sensor_template { @@ -36657,7 +36058,7 @@ index b41baff..4953e4d 100644 for (grp = groups; grp->format; grp++) { diff --git a/drivers/hwmon/asus_atk0110.c b/drivers/hwmon/asus_atk0110.c -index 56dbcfb..9874bf1 100644 +index b25c643..a13460d 100644 --- a/drivers/hwmon/asus_atk0110.c +++ b/drivers/hwmon/asus_atk0110.c @@ -152,10 +152,10 @@ MODULE_DEVICE_TABLE(acpi, atk_ids); @@ -36685,10 +36086,10 @@ index 56dbcfb..9874bf1 100644 { sysfs_attr_init(&attr->attr); diff --git a/drivers/hwmon/coretemp.c b/drivers/hwmon/coretemp.c -index d64923d..72591e8 100644 +index 3f1e297..a6cafb5 100644 --- a/drivers/hwmon/coretemp.c +++ b/drivers/hwmon/coretemp.c -@@ -790,7 +790,7 @@ static int __cpuinit coretemp_cpu_callback(struct notifier_block *nfb, +@@ -791,7 +791,7 @@ static int __cpuinit coretemp_cpu_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -36710,36 +36111,23 @@ index a14f634..2916ee2 100644 int err; /* Set up read-only sensors */ -diff --git a/drivers/hwmon/pmbus/pmbus_core.c b/drivers/hwmon/pmbus/pmbus_core.c -index 7d19b1b..8fdaaac 100644 ---- a/drivers/hwmon/pmbus/pmbus_core.c -+++ b/drivers/hwmon/pmbus/pmbus_core.c -@@ -811,7 +811,7 @@ static ssize_t pmbus_show_label(struct device *dev, - - #define PMBUS_ADD_ATTR(data, _name, _idx, _mode, _type, _show, _set) \ - do { \ -- struct sensor_device_attribute *a \ -+ sensor_device_attribute_no_const *a \ - = &data->_type##s[data->num_##_type##s].attribute; \ - BUG_ON(data->num_attributes >= data->max_attributes); \ - sysfs_attr_init(&a->dev_attr.attr); \ diff --git a/drivers/hwmon/sht15.c b/drivers/hwmon/sht15.c -index 8047fed..1e956f0 100644 +index 2507f90..1645765 100644 --- a/drivers/hwmon/sht15.c +++ b/drivers/hwmon/sht15.c @@ -169,7 +169,7 @@ struct sht15_data { - int supply_uV; - bool supply_uV_valid; + int supply_uv; + bool supply_uv_valid; struct work_struct update_supply_work; - atomic_t interrupt_handled; + atomic_unchecked_t interrupt_handled; }; /** -@@ -512,13 +512,13 @@ static int sht15_measurement(struct sht15_data *data, +@@ -542,13 +542,13 @@ static int sht15_measurement(struct sht15_data *data, + ret = gpio_direction_input(data->pdata->gpio_data); + if (ret) return ret; - - gpio_direction_input(data->pdata->gpio_data); - atomic_set(&data->interrupt_handled, 0); + atomic_set_unchecked(&data->interrupt_handled, 0); @@ -36752,7 +36140,7 @@ index 8047fed..1e956f0 100644 schedule_work(&data->read_work); } ret = wait_event_timeout(data->wait_queue, -@@ -785,7 +785,7 @@ static irqreturn_t sht15_interrupt_fired(int irq, void *d) +@@ -820,7 +820,7 @@ static irqreturn_t sht15_interrupt_fired(int irq, void *d) /* First disable the interrupt */ disable_irq_nosync(irq); @@ -36761,7 +36149,7 @@ index 8047fed..1e956f0 100644 /* Then schedule a reading work struct */ if (data->state != SHT15_READING_NOTHING) schedule_work(&data->read_work); -@@ -807,11 +807,11 @@ static void sht15_bh_read_data(struct work_struct *work_s) +@@ -842,11 +842,11 @@ static void sht15_bh_read_data(struct work_struct *work_s) * If not, then start the interrupt again - care here as could * have gone low in meantime so verify it hasn't! */ @@ -36841,7 +36229,7 @@ index 8848f16..f8e6dd8 100644 struct iio_chan_spec const *chan, ssize_t (*readfunc)(struct device *dev, diff --git a/drivers/infiniband/core/cm.c b/drivers/infiniband/core/cm.c -index 394fea2..c833880 100644 +index 784b97c..c9ceadf 100644 --- a/drivers/infiniband/core/cm.c +++ b/drivers/infiniband/core/cm.c @@ -114,7 +114,7 @@ static char const counter_group_names[CM_COUNTER_GROUPS] @@ -36853,7 +36241,7 @@ index 394fea2..c833880 100644 }; struct cm_counter_attribute { -@@ -1394,7 +1394,7 @@ static void cm_dup_req_handler(struct cm_work *work, +@@ -1395,7 +1395,7 @@ static void cm_dup_req_handler(struct cm_work *work, struct ib_mad_send_buf *msg = NULL; int ret; @@ -36862,7 +36250,7 @@ index 394fea2..c833880 100644 counter[CM_REQ_COUNTER]); /* Quick state check to discard duplicate REQs. */ -@@ -1778,7 +1778,7 @@ static void cm_dup_rep_handler(struct cm_work *work) +@@ -1779,7 +1779,7 @@ static void cm_dup_rep_handler(struct cm_work *work) if (!cm_id_priv) return; @@ -36871,7 +36259,7 @@ index 394fea2..c833880 100644 counter[CM_REP_COUNTER]); ret = cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg); if (ret) -@@ -1945,7 +1945,7 @@ static int cm_rtu_handler(struct cm_work *work) +@@ -1946,7 +1946,7 @@ static int cm_rtu_handler(struct cm_work *work) if (cm_id_priv->id.state != IB_CM_REP_SENT && cm_id_priv->id.state != IB_CM_MRA_REP_RCVD) { spin_unlock_irq(&cm_id_priv->lock); @@ -36880,7 +36268,7 @@ index 394fea2..c833880 100644 counter[CM_RTU_COUNTER]); goto out; } -@@ -2128,7 +2128,7 @@ static int cm_dreq_handler(struct cm_work *work) +@@ -2129,7 +2129,7 @@ static int cm_dreq_handler(struct cm_work *work) cm_id_priv = cm_acquire_id(dreq_msg->remote_comm_id, dreq_msg->local_comm_id); if (!cm_id_priv) { @@ -36889,7 +36277,7 @@ index 394fea2..c833880 100644 counter[CM_DREQ_COUNTER]); cm_issue_drep(work->port, work->mad_recv_wc); return -EINVAL; -@@ -2153,7 +2153,7 @@ static int cm_dreq_handler(struct cm_work *work) +@@ -2154,7 +2154,7 @@ static int cm_dreq_handler(struct cm_work *work) case IB_CM_MRA_REP_RCVD: break; case IB_CM_TIMEWAIT: @@ -36898,7 +36286,7 @@ index 394fea2..c833880 100644 counter[CM_DREQ_COUNTER]); if (cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg)) goto unlock; -@@ -2167,7 +2167,7 @@ static int cm_dreq_handler(struct cm_work *work) +@@ -2168,7 +2168,7 @@ static int cm_dreq_handler(struct cm_work *work) cm_free_msg(msg); goto deref; case IB_CM_DREQ_RCVD: @@ -36907,7 +36295,7 @@ index 394fea2..c833880 100644 counter[CM_DREQ_COUNTER]); goto unlock; default: -@@ -2534,7 +2534,7 @@ static int cm_mra_handler(struct cm_work *work) +@@ -2535,7 +2535,7 @@ static int cm_mra_handler(struct cm_work *work) ib_modify_mad(cm_id_priv->av.port->mad_agent, cm_id_priv->msg, timeout)) { if (cm_id_priv->id.lap_state == IB_CM_MRA_LAP_RCVD) @@ -36916,7 +36304,7 @@ index 394fea2..c833880 100644 counter_group[CM_RECV_DUPLICATES]. counter[CM_MRA_COUNTER]); goto out; -@@ -2543,7 +2543,7 @@ static int cm_mra_handler(struct cm_work *work) +@@ -2544,7 +2544,7 @@ static int cm_mra_handler(struct cm_work *work) break; case IB_CM_MRA_REQ_RCVD: case IB_CM_MRA_REP_RCVD: @@ -36925,7 +36313,7 @@ index 394fea2..c833880 100644 counter[CM_MRA_COUNTER]); /* fall through */ default: -@@ -2705,7 +2705,7 @@ static int cm_lap_handler(struct cm_work *work) +@@ -2706,7 +2706,7 @@ static int cm_lap_handler(struct cm_work *work) case IB_CM_LAP_IDLE: break; case IB_CM_MRA_LAP_SENT: @@ -36934,7 +36322,7 @@ index 394fea2..c833880 100644 counter[CM_LAP_COUNTER]); if (cm_alloc_response_msg(work->port, work->mad_recv_wc, &msg)) goto unlock; -@@ -2721,7 +2721,7 @@ static int cm_lap_handler(struct cm_work *work) +@@ -2722,7 +2722,7 @@ static int cm_lap_handler(struct cm_work *work) cm_free_msg(msg); goto deref; case IB_CM_LAP_RCVD: @@ -36943,7 +36331,7 @@ index 394fea2..c833880 100644 counter[CM_LAP_COUNTER]); goto unlock; default: -@@ -3005,7 +3005,7 @@ static int cm_sidr_req_handler(struct cm_work *work) +@@ -3006,7 +3006,7 @@ static int cm_sidr_req_handler(struct cm_work *work) cur_cm_id_priv = cm_insert_remote_sidr(cm_id_priv); if (cur_cm_id_priv) { spin_unlock_irq(&cm.lock); @@ -36952,7 +36340,7 @@ index 394fea2..c833880 100644 counter[CM_SIDR_REQ_COUNTER]); goto out; /* Duplicate message. */ } -@@ -3217,10 +3217,10 @@ static void cm_send_handler(struct ib_mad_agent *mad_agent, +@@ -3218,10 +3218,10 @@ static void cm_send_handler(struct ib_mad_agent *mad_agent, if (!msg->context[0] && (attr_index != CM_REJ_COUNTER)) msg->retries = 1; @@ -36965,7 +36353,7 @@ index 394fea2..c833880 100644 &port->counter_group[CM_XMIT_RETRIES]. counter[attr_index]); -@@ -3430,7 +3430,7 @@ static void cm_recv_handler(struct ib_mad_agent *mad_agent, +@@ -3431,7 +3431,7 @@ static void cm_recv_handler(struct ib_mad_agent *mad_agent, } attr_id = be16_to_cpu(mad_recv_wc->recv_buf.mad->mad_hdr.attr_id); @@ -36974,7 +36362,7 @@ index 394fea2..c833880 100644 counter[attr_id - CM_ATTR_ID_OFFSET]); work = kmalloc(sizeof *work + sizeof(struct ib_sa_path_rec) * paths, -@@ -3635,7 +3635,7 @@ static ssize_t cm_show_counter(struct kobject *obj, struct attribute *attr, +@@ -3636,7 +3636,7 @@ static ssize_t cm_show_counter(struct kobject *obj, struct attribute *attr, cm_attr = container_of(attr, struct cm_counter_attribute, attr); return sprintf(buf, "%ld\n", @@ -36984,7 +36372,7 @@ index 394fea2..c833880 100644 static const struct sysfs_ops cm_counter_ops = { diff --git a/drivers/infiniband/core/fmr_pool.c b/drivers/infiniband/core/fmr_pool.c -index 176c8f9..2627b62 100644 +index 9f5ad7c..588cd84 100644 --- a/drivers/infiniband/core/fmr_pool.c +++ b/drivers/infiniband/core/fmr_pool.c @@ -98,8 +98,8 @@ struct ib_fmr_pool { @@ -36998,7 +36386,7 @@ index 176c8f9..2627b62 100644 wait_queue_head_t force_wait; }; -@@ -180,10 +180,10 @@ static int ib_fmr_cleanup_thread(void *pool_ptr) +@@ -179,10 +179,10 @@ static int ib_fmr_cleanup_thread(void *pool_ptr) struct ib_fmr_pool *pool = pool_ptr; do { @@ -37011,7 +36399,7 @@ index 176c8f9..2627b62 100644 wake_up_interruptible(&pool->force_wait); if (pool->flush_function) -@@ -191,7 +191,7 @@ static int ib_fmr_cleanup_thread(void *pool_ptr) +@@ -190,7 +190,7 @@ static int ib_fmr_cleanup_thread(void *pool_ptr) } set_current_state(TASK_INTERRUPTIBLE); @@ -37020,7 +36408,7 @@ index 176c8f9..2627b62 100644 !kthread_should_stop()) schedule(); __set_current_state(TASK_RUNNING); -@@ -283,8 +283,8 @@ struct ib_fmr_pool *ib_create_fmr_pool(struct ib_pd *pd, +@@ -282,8 +282,8 @@ struct ib_fmr_pool *ib_create_fmr_pool(struct ib_pd *pd, pool->dirty_watermark = params->dirty_watermark; pool->dirty_len = 0; spin_lock_init(&pool->pool_lock); @@ -37031,7 +36419,7 @@ index 176c8f9..2627b62 100644 init_waitqueue_head(&pool->force_wait); pool->thread = kthread_run(ib_fmr_cleanup_thread, -@@ -412,11 +412,11 @@ int ib_flush_fmr_pool(struct ib_fmr_pool *pool) +@@ -411,11 +411,11 @@ int ib_flush_fmr_pool(struct ib_fmr_pool *pool) } spin_unlock_irq(&pool->pool_lock); @@ -37045,7 +36433,7 @@ index 176c8f9..2627b62 100644 return -EINTR; return 0; -@@ -526,7 +526,7 @@ int ib_fmr_pool_unmap(struct ib_pool_fmr *fmr) +@@ -525,7 +525,7 @@ int ib_fmr_pool_unmap(struct ib_pool_fmr *fmr) } else { list_add_tail(&fmr->list, &pool->dirty_list); if (++pool->dirty_len >= pool->dirty_watermark) { @@ -37055,7 +36443,7 @@ index 176c8f9..2627b62 100644 } } diff --git a/drivers/infiniband/hw/cxgb4/mem.c b/drivers/infiniband/hw/cxgb4/mem.c -index afd8179..598063f 100644 +index 903a92d..9262548 100644 --- a/drivers/infiniband/hw/cxgb4/mem.c +++ b/drivers/infiniband/hw/cxgb4/mem.c @@ -122,7 +122,7 @@ static int write_tpt_entry(struct c4iw_rdev *rdev, u32 reset_tpt_entry, @@ -37157,7 +36545,7 @@ index ed9a989..e0c5871 100644 { struct mthca_mailbox *mailbox; diff --git a/drivers/infiniband/hw/nes/nes.c b/drivers/infiniband/hw/nes/nes.c -index 5b152a3..c1f3e83 100644 +index 4291410..d2ab1fb 100644 --- a/drivers/infiniband/hw/nes/nes.c +++ b/drivers/infiniband/hw/nes/nes.c @@ -98,7 +98,7 @@ MODULE_PARM_DESC(limit_maxrdreqsz, "Limit max read request size to 256 Bytes"); @@ -37169,7 +36557,7 @@ index 5b152a3..c1f3e83 100644 static unsigned int ee_flsh_adapter; static unsigned int sysfs_nonidx_addr; -@@ -267,7 +267,7 @@ static void nes_cqp_rem_ref_callback(struct nes_device *nesdev, struct nes_cqp_r +@@ -269,7 +269,7 @@ static void nes_cqp_rem_ref_callback(struct nes_device *nesdev, struct nes_cqp_r struct nes_qp *nesqp = cqp_request->cqp_callback_pointer; struct nes_adapter *nesadapter = nesdev->nesadapter; @@ -37238,7 +36626,7 @@ index 33cc589..3bd6538 100644 extern u32 int_mod_timer_init; extern u32 int_mod_cq_depth_256; diff --git a/drivers/infiniband/hw/nes/nes_cm.c b/drivers/infiniband/hw/nes/nes_cm.c -index 22ea67e..dcbe3bc 100644 +index 24b9f1a..00fd004 100644 --- a/drivers/infiniband/hw/nes/nes_cm.c +++ b/drivers/infiniband/hw/nes/nes_cm.c @@ -68,14 +68,14 @@ u32 cm_packets_dropped; @@ -37471,7 +36859,7 @@ index 4166452..fc952c3 100644 } diff --git a/drivers/infiniband/hw/nes/nes_nic.c b/drivers/infiniband/hw/nes/nes_nic.c -index 9542e16..a008c40 100644 +index 85cf4d1..05d8e71 100644 --- a/drivers/infiniband/hw/nes/nes_nic.c +++ b/drivers/infiniband/hw/nes/nes_nic.c @@ -1273,39 +1273,39 @@ static void nes_netdev_get_ethtool_stats(struct net_device *netdev, @@ -37535,7 +36923,7 @@ index 9542e16..a008c40 100644 /** diff --git a/drivers/infiniband/hw/nes/nes_verbs.c b/drivers/infiniband/hw/nes/nes_verbs.c -index 07e4fba..685f041 100644 +index 8f67fe2..8960859 100644 --- a/drivers/infiniband/hw/nes/nes_verbs.c +++ b/drivers/infiniband/hw/nes/nes_verbs.c @@ -46,9 +46,9 @@ @@ -37551,7 +36939,7 @@ index 07e4fba..685f041 100644 static void nes_unregister_ofa_device(struct nes_ib_device *nesibdev); -@@ -1131,7 +1131,7 @@ static struct ib_qp *nes_create_qp(struct ib_pd *ibpd, +@@ -1134,7 +1134,7 @@ static struct ib_qp *nes_create_qp(struct ib_pd *ibpd, if (init_attr->create_flags) return ERR_PTR(-EINVAL); @@ -37560,7 +36948,7 @@ index 07e4fba..685f041 100644 switch (init_attr->qp_type) { case IB_QPT_RC: if (nes_drv_opt & NES_DRV_OPT_NO_INLINE_DATA) { -@@ -1462,7 +1462,7 @@ static int nes_destroy_qp(struct ib_qp *ibqp) +@@ -1465,7 +1465,7 @@ static int nes_destroy_qp(struct ib_qp *ibqp) struct iw_cm_event cm_event; int ret = 0; @@ -37659,10 +37047,10 @@ index d6cbfe9..6225402 100644 snprintf(led->name, sizeof(led->name), "xpad%ld", led_no); led->xpad = xpad; diff --git a/drivers/input/mouse/psmouse.h b/drivers/input/mouse/psmouse.h -index fe1df23..5b710f3 100644 +index 2f0b39d..7370f13 100644 --- a/drivers/input/mouse/psmouse.h +++ b/drivers/input/mouse/psmouse.h -@@ -115,7 +115,7 @@ struct psmouse_attribute { +@@ -116,7 +116,7 @@ struct psmouse_attribute { ssize_t (*set)(struct psmouse *psmouse, void *data, const char *buf, size_t count); bool protect; @@ -37685,7 +37073,7 @@ index 4c842c3..590b0bf 100644 return count; diff --git a/drivers/input/serio/serio.c b/drivers/input/serio/serio.c -index 25fc597..558bf3b 100644 +index 25fc597..558bf3b3 100644 --- a/drivers/input/serio/serio.c +++ b/drivers/input/serio/serio.c @@ -496,7 +496,7 @@ static void serio_release_port(struct device *dev) @@ -37707,7 +37095,7 @@ index 25fc597..558bf3b 100644 serio->dev.release = serio_release_port; serio->dev.groups = serio_device_attr_groups; diff --git a/drivers/iommu/iommu.c b/drivers/iommu/iommu.c -index ddbdaca..be18a78 100644 +index b972d43..8943713 100644 --- a/drivers/iommu/iommu.c +++ b/drivers/iommu/iommu.c @@ -554,7 +554,7 @@ static struct notifier_block iommu_bus_nb = { @@ -37719,6 +37107,49 @@ index ddbdaca..be18a78 100644 } /** +diff --git a/drivers/iommu/irq_remapping.c b/drivers/iommu/irq_remapping.c +index 7c11ff3..5b2d7a7 100644 +--- a/drivers/iommu/irq_remapping.c ++++ b/drivers/iommu/irq_remapping.c +@@ -369,10 +369,12 @@ static void ir_print_prefix(struct irq_data *data, struct seq_file *p) + + void irq_remap_modify_chip_defaults(struct irq_chip *chip) + { +- chip->irq_print_chip = ir_print_prefix; +- chip->irq_ack = ir_ack_apic_edge; +- chip->irq_eoi = ir_ack_apic_level; +- chip->irq_set_affinity = x86_io_apic_ops.set_affinity; ++ pax_open_kernel(); ++ *(void **)&chip->irq_print_chip = ir_print_prefix; ++ *(void **)&chip->irq_ack = ir_ack_apic_edge; ++ *(void **)&chip->irq_eoi = ir_ack_apic_level; ++ *(void **)&chip->irq_set_affinity = x86_io_apic_ops.set_affinity; ++ pax_close_kernel(); + } + + bool setup_remapped_irq(int irq, struct irq_cfg *cfg, struct irq_chip *chip) +diff --git a/drivers/irqchip/irq-gic.c b/drivers/irqchip/irq-gic.c +index fc6aebf..94d5248 100644 +--- a/drivers/irqchip/irq-gic.c ++++ b/drivers/irqchip/irq-gic.c +@@ -83,7 +83,7 @@ static u8 gic_cpu_map[NR_GIC_CPU_IF] __read_mostly; + * Supported arch specific GIC irq extension. + * Default make them NULL. + */ +-struct irq_chip gic_arch_extn = { ++irq_chip_no_const gic_arch_extn __read_only = { + .irq_eoi = NULL, + .irq_mask = NULL, + .irq_unmask = NULL, +@@ -332,7 +332,7 @@ static void gic_handle_cascade_irq(unsigned int irq, struct irq_desc *desc) + chained_irq_exit(chip, desc); + } + +-static struct irq_chip gic_chip = { ++static irq_chip_no_const gic_chip __read_only = { + .name = "GIC", + .irq_mask = gic_mask_irq, + .irq_unmask = gic_unmask_irq, diff --git a/drivers/isdn/capi/capi.c b/drivers/isdn/capi/capi.c index 89562a8..218999b 100644 --- a/drivers/isdn/capi/capi.c @@ -37761,10 +37192,10 @@ index 89562a8..218999b 100644 capimsg_setu32(skb->data, 12, (u32)(long)skb->data);/* Data32 */ capimsg_setu16(skb->data, 16, len); /* Data length */ diff --git a/drivers/isdn/gigaset/interface.c b/drivers/isdn/gigaset/interface.c -index 67abf3f..076b3a6 100644 +index e2b5396..c5486dc 100644 --- a/drivers/isdn/gigaset/interface.c +++ b/drivers/isdn/gigaset/interface.c -@@ -160,9 +160,9 @@ static int if_open(struct tty_struct *tty, struct file *filp) +@@ -130,9 +130,9 @@ static int if_open(struct tty_struct *tty, struct file *filp) } tty->driver_data = cs; @@ -37774,9 +37205,9 @@ index 67abf3f..076b3a6 100644 - if (cs->port.count == 1) { + if (atomic_read(&cs->port.count) == 1) { tty_port_tty_set(&cs->port, tty); - tty->low_latency = 1; + cs->port.low_latency = 1; } -@@ -186,9 +186,9 @@ static void if_close(struct tty_struct *tty, struct file *filp) +@@ -156,9 +156,9 @@ static void if_close(struct tty_struct *tty, struct file *filp) if (!cs->connected) gig_dbg(DEBUG_IF, "not connected"); /* nothing to do */ @@ -37811,10 +37242,10 @@ index 821f7ac..28d4030 100644 } else { memcpy(buf, dp, left); diff --git a/drivers/isdn/i4l/isdn_tty.c b/drivers/isdn/i4l/isdn_tty.c -index e09dc8a..15e2efb 100644 +index ebaebdf..acd4405 100644 --- a/drivers/isdn/i4l/isdn_tty.c +++ b/drivers/isdn/i4l/isdn_tty.c -@@ -1513,9 +1513,9 @@ isdn_tty_open(struct tty_struct *tty, struct file *filp) +@@ -1511,9 +1511,9 @@ isdn_tty_open(struct tty_struct *tty, struct file *filp) #ifdef ISDN_DEBUG_MODEM_OPEN printk(KERN_DEBUG "isdn_tty_open %s, count = %d\n", tty->name, @@ -37826,7 +37257,7 @@ index e09dc8a..15e2efb 100644 port->tty = tty; /* * Start up serial port -@@ -1559,7 +1559,7 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp) +@@ -1557,7 +1557,7 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp) #endif return; } @@ -37835,7 +37266,7 @@ index e09dc8a..15e2efb 100644 /* * Uh, oh. tty->count is 1, which means that the tty * structure will be freed. Info->count should always -@@ -1568,15 +1568,15 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp) +@@ -1566,15 +1566,15 @@ isdn_tty_close(struct tty_struct *tty, struct file *filp) * serial port won't be shutdown. */ printk(KERN_ERR "isdn_tty_close: bad port count; tty->count is 1, " @@ -37857,7 +37288,7 @@ index e09dc8a..15e2efb 100644 #ifdef ISDN_DEBUG_MODEM_OPEN printk(KERN_DEBUG "isdn_tty_close after info->count != 0\n"); #endif -@@ -1630,7 +1630,7 @@ isdn_tty_hangup(struct tty_struct *tty) +@@ -1628,7 +1628,7 @@ isdn_tty_hangup(struct tty_struct *tty) if (isdn_tty_paranoia_check(info, tty->name, "isdn_tty_hangup")) return; isdn_tty_shutdown(info); @@ -37866,7 +37297,7 @@ index e09dc8a..15e2efb 100644 port->flags &= ~ASYNC_NORMAL_ACTIVE; port->tty = NULL; wake_up_interruptible(&port->open_wait); -@@ -1975,7 +1975,7 @@ isdn_tty_find_icall(int di, int ch, setup_parm *setup) +@@ -1973,7 +1973,7 @@ isdn_tty_find_icall(int di, int ch, setup_parm *setup) for (i = 0; i < ISDN_MAX_CHANNELS; i++) { modem_info *info = &dev->mdm.info[i]; @@ -37902,10 +37333,10 @@ index 6a8405d..0bd1c7e 100644 .callback = clevo_mail_led_dmi_callback, .ident = "Clevo D410J", diff --git a/drivers/leds/leds-ss4200.c b/drivers/leds/leds-ss4200.c -index ec9b287..65c9bf4 100644 +index 64e204e..c6bf189 100644 --- a/drivers/leds/leds-ss4200.c +++ b/drivers/leds/leds-ss4200.c -@@ -92,7 +92,7 @@ MODULE_PARM_DESC(nodetect, "Skip DMI-based hardware detection"); +@@ -91,7 +91,7 @@ MODULE_PARM_DESC(nodetect, "Skip DMI-based hardware detection"); * detected as working, but in reality it is not) as low as * possible. */ @@ -38066,7 +37497,7 @@ index 40634b0..4f5855e 100644 // Every interrupt can come to us here // But we must truly tell each apart. diff --git a/drivers/md/bitmap.c b/drivers/md/bitmap.c -index 7155945..4bcc562 100644 +index 4fd9d6a..834fa03 100644 --- a/drivers/md/bitmap.c +++ b/drivers/md/bitmap.c @@ -1779,7 +1779,7 @@ void bitmap_status(struct seq_file *seq, struct bitmap *bitmap) @@ -38079,10 +37510,10 @@ index 7155945..4bcc562 100644 seq_printf(seq, "\n"); diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c -index eee353d..74504c4 100644 +index aa04f02..2a1309e 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c -@@ -1632,7 +1632,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param) +@@ -1694,7 +1694,7 @@ static int validate_params(uint cmd, struct dm_ioctl *param) cmd == DM_LIST_VERSIONS_CMD) return 0; @@ -38092,7 +37523,7 @@ index eee353d..74504c4 100644 DMWARN("name not supplied when creating device"); return -EINVAL; diff --git a/drivers/md/dm-raid1.c b/drivers/md/dm-raid1.c -index 7f24190..0e18099 100644 +index d053098..05cc375 100644 --- a/drivers/md/dm-raid1.c +++ b/drivers/md/dm-raid1.c @@ -40,7 +40,7 @@ enum dm_raid1_error { @@ -38104,7 +37535,7 @@ index 7f24190..0e18099 100644 unsigned long error_type; struct dm_dev *dev; sector_t offset; -@@ -183,7 +183,7 @@ static struct mirror *get_valid_mirror(struct mirror_set *ms) +@@ -186,7 +186,7 @@ static struct mirror *get_valid_mirror(struct mirror_set *ms) struct mirror *m; for (m = ms->mirror; m < ms->mirror + ms->nr_mirrors; m++) @@ -38113,7 +37544,7 @@ index 7f24190..0e18099 100644 return m; return NULL; -@@ -215,7 +215,7 @@ static void fail_mirror(struct mirror *m, enum dm_raid1_error error_type) +@@ -218,7 +218,7 @@ static void fail_mirror(struct mirror *m, enum dm_raid1_error error_type) * simple way to tell if a device has encountered * errors. */ @@ -38122,7 +37553,7 @@ index 7f24190..0e18099 100644 if (test_and_set_bit(error_type, &m->error_type)) return; -@@ -406,7 +406,7 @@ static struct mirror *choose_mirror(struct mirror_set *ms, sector_t sector) +@@ -409,7 +409,7 @@ static struct mirror *choose_mirror(struct mirror_set *ms, sector_t sector) struct mirror *m = get_default_mirror(ms); do { @@ -38131,7 +37562,7 @@ index 7f24190..0e18099 100644 return m; if (m-- == ms->mirror) -@@ -420,7 +420,7 @@ static int default_ok(struct mirror *m) +@@ -423,7 +423,7 @@ static int default_ok(struct mirror *m) { struct mirror *default_mirror = get_default_mirror(m->ms); @@ -38140,7 +37571,7 @@ index 7f24190..0e18099 100644 } static int mirror_available(struct mirror_set *ms, struct bio *bio) -@@ -557,7 +557,7 @@ static void do_reads(struct mirror_set *ms, struct bio_list *reads) +@@ -560,7 +560,7 @@ static void do_reads(struct mirror_set *ms, struct bio_list *reads) */ if (likely(region_in_sync(ms, region, 1))) m = choose_mirror(ms, bio->bi_sector); @@ -38149,7 +37580,7 @@ index 7f24190..0e18099 100644 m = NULL; if (likely(m)) -@@ -924,7 +924,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti, +@@ -927,7 +927,7 @@ static int get_mirror(struct mirror_set *ms, struct dm_target *ti, } ms->mirror[mirror].ms = ms; @@ -38158,7 +37589,7 @@ index 7f24190..0e18099 100644 ms->mirror[mirror].error_type = 0; ms->mirror[mirror].offset = offset; -@@ -1337,7 +1337,7 @@ static void mirror_resume(struct dm_target *ti) +@@ -1340,7 +1340,7 @@ static void mirror_resume(struct dm_target *ti) */ static char device_status_char(struct mirror *m) { @@ -38168,7 +37599,7 @@ index 7f24190..0e18099 100644 return (test_bit(DM_RAID1_FLUSH_ERROR, &(m->error_type))) ? 'F' : diff --git a/drivers/md/dm-stripe.c b/drivers/md/dm-stripe.c -index aaecefa..23b3026 100644 +index d8837d3..1f7c341 100644 --- a/drivers/md/dm-stripe.c +++ b/drivers/md/dm-stripe.c @@ -20,7 +20,7 @@ struct stripe { @@ -38210,10 +37641,10 @@ index aaecefa..23b3026 100644 schedule_work(&sc->trigger_event); } diff --git a/drivers/md/dm-table.c b/drivers/md/dm-table.c -index daf25d0..d74f49f 100644 +index e50dad0..d9575e2 100644 --- a/drivers/md/dm-table.c +++ b/drivers/md/dm-table.c -@@ -390,7 +390,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev, +@@ -389,7 +389,7 @@ static int device_area_is_invalid(struct dm_target *ti, struct dm_dev *dev, if (!dev_size) return 0; @@ -38223,7 +37654,7 @@ index daf25d0..d74f49f 100644 "start=%llu, len=%llu, dev_size=%llu", dm_device_name(ti->table->md), bdevname(bdev, b), diff --git a/drivers/md/dm-thin-metadata.c b/drivers/md/dm-thin-metadata.c -index 4d6e853..a234157 100644 +index 00cee02..b89a29d 100644 --- a/drivers/md/dm-thin-metadata.c +++ b/drivers/md/dm-thin-metadata.c @@ -397,7 +397,7 @@ static void __setup_btree_details(struct dm_pool_metadata *pmd) @@ -38245,10 +37676,10 @@ index 4d6e853..a234157 100644 pmd->bl_info.value_type.inc = data_block_inc; pmd->bl_info.value_type.dec = data_block_dec; diff --git a/drivers/md/dm.c b/drivers/md/dm.c -index 0d8f086..f5a91d5 100644 +index 9a0bdad..4df9543 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c -@@ -170,9 +170,9 @@ struct mapped_device { +@@ -169,9 +169,9 @@ struct mapped_device { /* * Event handling. */ @@ -38260,7 +37691,7 @@ index 0d8f086..f5a91d5 100644 struct list_head uevent_list; spinlock_t uevent_lock; /* Protect access to uevent_list */ -@@ -1872,8 +1872,8 @@ static struct mapped_device *alloc_dev(int minor) +@@ -1879,8 +1879,8 @@ static struct mapped_device *alloc_dev(int minor) rwlock_init(&md->map_lock); atomic_set(&md->holders, 1); atomic_set(&md->open_count, 0); @@ -38271,7 +37702,7 @@ index 0d8f086..f5a91d5 100644 INIT_LIST_HEAD(&md->uevent_list); spin_lock_init(&md->uevent_lock); -@@ -2026,7 +2026,7 @@ static void event_callback(void *context) +@@ -2028,7 +2028,7 @@ static void event_callback(void *context) dm_send_uevents(&uevents, &disk_to_dev(md->disk)->kobj); @@ -38280,7 +37711,7 @@ index 0d8f086..f5a91d5 100644 wake_up(&md->eventq); } -@@ -2683,18 +2683,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, +@@ -2685,18 +2685,18 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, uint32_t dm_next_uevent_seq(struct mapped_device *md) { @@ -38303,7 +37734,7 @@ index 0d8f086..f5a91d5 100644 void dm_uevent_add(struct mapped_device *md, struct list_head *elist) diff --git a/drivers/md/md.c b/drivers/md/md.c -index 0411bde..5a023ff 100644 +index a4a93b9..4747b63 100644 --- a/drivers/md/md.c +++ b/drivers/md/md.c @@ -240,10 +240,10 @@ EXPORT_SYMBOL_GPL(md_trim_bio); @@ -38375,7 +37806,7 @@ index 0411bde..5a023ff 100644 INIT_LIST_HEAD(&rdev->same_set); init_waitqueue_head(&rdev->blocked_wait); -@@ -6984,7 +6984,7 @@ static int md_seq_show(struct seq_file *seq, void *v) +@@ -6994,7 +6994,7 @@ static int md_seq_show(struct seq_file *seq, void *v) spin_unlock(&pers_lock); seq_printf(seq, "\n"); @@ -38384,7 +37815,7 @@ index 0411bde..5a023ff 100644 return 0; } if (v == (void*)2) { -@@ -7087,7 +7087,7 @@ static int md_seq_open(struct inode *inode, struct file *file) +@@ -7097,7 +7097,7 @@ static int md_seq_open(struct inode *inode, struct file *file) return error; seq = file->private_data; @@ -38393,7 +37824,7 @@ index 0411bde..5a023ff 100644 return error; } -@@ -7101,7 +7101,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) +@@ -7111,7 +7111,7 @@ static unsigned int mdstat_poll(struct file *filp, poll_table *wait) /* always allow read */ mask = POLLIN | POLLRDNORM; @@ -38402,7 +37833,7 @@ index 0411bde..5a023ff 100644 mask |= POLLERR | POLLPRI; return mask; } -@@ -7145,7 +7145,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) +@@ -7155,7 +7155,7 @@ static int is_mddev_idle(struct mddev *mddev, int init) struct gendisk *disk = rdev->bdev->bd_contains->bd_disk; curr_events = (int)part_stat_read(&disk->part0, sectors[0]) + (int)part_stat_read(&disk->part0, sectors[1]) - @@ -38412,7 +37843,7 @@ index 0411bde..5a023ff 100644 * as sync_io is counted when a request starts, and * disk_stats is counted when it completes. diff --git a/drivers/md/md.h b/drivers/md/md.h -index eca59c3..7c42285 100644 +index d90fb1a..4174a2b 100644 --- a/drivers/md/md.h +++ b/drivers/md/md.h @@ -94,13 +94,13 @@ struct md_rdev { @@ -38475,10 +37906,10 @@ index 6af167f..40c25a1 100644 "md/raid1:%s: read error corrected " "(%d sectors at %llu on %s)\n", diff --git a/drivers/md/raid10.c b/drivers/md/raid10.c -index 61ab219..7b232b3 100644 +index 46c14e5..4db5966 100644 --- a/drivers/md/raid10.c +++ b/drivers/md/raid10.c -@@ -1886,7 +1886,7 @@ static void end_sync_read(struct bio *bio, int error) +@@ -1932,7 +1932,7 @@ static void end_sync_read(struct bio *bio, int error) /* The write handler will notice the lack of * R10BIO_Uptodate and record any errors etc */ @@ -38487,7 +37918,7 @@ index 61ab219..7b232b3 100644 &conf->mirrors[d].rdev->corrected_errors); /* for reconstruct, we always reschedule after a read. -@@ -2235,7 +2235,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2281,7 +2281,7 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) { struct timespec cur_time_mon; unsigned long hours_since_last; @@ -38496,7 +37927,7 @@ index 61ab219..7b232b3 100644 ktime_get_ts(&cur_time_mon); -@@ -2257,9 +2257,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) +@@ -2303,9 +2303,9 @@ static void check_decay_read_errors(struct mddev *mddev, struct md_rdev *rdev) * overflowing the shift of read_errors by hours_since_last. */ if (hours_since_last >= 8 * sizeof(read_errors)) @@ -38508,7 +37939,7 @@ index 61ab219..7b232b3 100644 } static int r10_sync_page_io(struct md_rdev *rdev, sector_t sector, -@@ -2313,8 +2313,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2359,8 +2359,8 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 return; check_decay_read_errors(mddev, rdev); @@ -38519,7 +37950,7 @@ index 61ab219..7b232b3 100644 char b[BDEVNAME_SIZE]; bdevname(rdev->bdev, b); -@@ -2322,7 +2322,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2368,7 +2368,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 "md/raid10:%s: %s: Raid device exceeded " "read_error threshold [cur %d:max %d]\n", mdname(mddev), b, @@ -38528,7 +37959,7 @@ index 61ab219..7b232b3 100644 printk(KERN_NOTICE "md/raid10:%s: %s: Failing raid device\n", mdname(mddev), b); -@@ -2477,7 +2477,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 +@@ -2523,7 +2523,7 @@ static void fix_read_error(struct r10conf *conf, struct mddev *mddev, struct r10 sect + choose_data_offset(r10_bio, rdev)), bdevname(rdev->bdev, b)); @@ -38538,10 +37969,10 @@ index 61ab219..7b232b3 100644 rdev_dec_pending(rdev, mddev); diff --git a/drivers/md/raid5.c b/drivers/md/raid5.c -index 94ce78e..df99e24 100644 +index f4e87bf..0d4ad3f 100644 --- a/drivers/md/raid5.c +++ b/drivers/md/raid5.c -@@ -1800,21 +1800,21 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1763,21 +1763,21 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), STRIPE_SECTORS, (unsigned long long)s, bdevname(rdev->bdev, b)); @@ -38567,7 +37998,7 @@ index 94ce78e..df99e24 100644 if (test_bit(R5_ReadRepl, &sh->dev[i].flags)) printk_ratelimited( KERN_WARNING -@@ -1842,7 +1842,7 @@ static void raid5_end_read_request(struct bio * bi, int error) +@@ -1805,7 +1805,7 @@ static void raid5_end_read_request(struct bio * bi, int error) mdname(conf->mddev), (unsigned long long)s, bdn); @@ -38577,7 +38008,7 @@ index 94ce78e..df99e24 100644 printk(KERN_WARNING "md/raid:%s: Too many read errors, failing device %s.\n", diff --git a/drivers/media/dvb-core/dvbdev.c b/drivers/media/dvb-core/dvbdev.c -index d33101a..6b13069 100644 +index 401ef64..836e563 100644 --- a/drivers/media/dvb-core/dvbdev.c +++ b/drivers/media/dvb-core/dvbdev.c @@ -192,7 +192,7 @@ int dvb_register_device(struct dvb_adapter *adap, struct dvb_device **pdvbdev, @@ -38590,7 +38021,7 @@ index d33101a..6b13069 100644 int minor; int id; diff --git a/drivers/media/dvb-frontends/dib3000.h b/drivers/media/dvb-frontends/dib3000.h -index 404f63a..4796533 100644 +index 9b6c3bb..baeb5c7 100644 --- a/drivers/media/dvb-frontends/dib3000.h +++ b/drivers/media/dvb-frontends/dib3000.h @@ -39,7 +39,7 @@ struct dib_fe_xfer_ops @@ -38600,7 +38031,7 @@ index 404f63a..4796533 100644 -}; +} __no_const; - #if defined(CONFIG_DVB_DIB3000MB) || (defined(CONFIG_DVB_DIB3000MB_MODULE) && defined(MODULE)) + #if IS_ENABLED(CONFIG_DVB_DIB3000MB) extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config, diff --git a/drivers/media/pci/cx88/cx88-video.c b/drivers/media/pci/cx88/cx88-video.c index bc78354..42c9459 100644 @@ -38620,7 +38051,7 @@ index bc78354..42c9459 100644 module_param_array(video_nr, int, NULL, 0444); module_param_array(vbi_nr, int, NULL, 0444); diff --git a/drivers/media/platform/omap/omap_vout.c b/drivers/media/platform/omap/omap_vout.c -index 8e9a668..78d6310 100644 +index 96c4a17..1305a79 100644 --- a/drivers/media/platform/omap/omap_vout.c +++ b/drivers/media/platform/omap/omap_vout.c @@ -63,7 +63,6 @@ enum omap_vout_channels { @@ -38656,10 +38087,10 @@ index 8e9a668..78d6310 100644 videobuf_queue_dma_contig_init(q, &video_vbq_ops, q->dev, diff --git a/drivers/media/platform/s5p-tv/mixer.h b/drivers/media/platform/s5p-tv/mixer.h -index b671e20..34088b7 100644 +index 04e6490..2df65bf 100644 --- a/drivers/media/platform/s5p-tv/mixer.h +++ b/drivers/media/platform/s5p-tv/mixer.h -@@ -155,7 +155,7 @@ struct mxr_layer { +@@ -156,7 +156,7 @@ struct mxr_layer { /** layer index (unique identifier) */ int idx; /** callbacks for layer methods */ @@ -38682,7 +38113,7 @@ index b93a21f..2535195 100644 .buffer_set = mxr_graph_buffer_set, .stream_set = mxr_graph_stream_set, diff --git a/drivers/media/platform/s5p-tv/mixer_reg.c b/drivers/media/platform/s5p-tv/mixer_reg.c -index 3b1670a..595c939 100644 +index b713403..53cb5ad 100644 --- a/drivers/media/platform/s5p-tv/mixer_reg.c +++ b/drivers/media/platform/s5p-tv/mixer_reg.c @@ -276,7 +276,7 @@ static void mxr_irq_layer_handle(struct mxr_layer *layer) @@ -38695,10 +38126,10 @@ index 3b1670a..595c939 100644 if (done && done != layer->shadow_buf) vb2_buffer_done(&done->vb, VB2_BUF_STATE_DONE); diff --git a/drivers/media/platform/s5p-tv/mixer_video.c b/drivers/media/platform/s5p-tv/mixer_video.c -index 1f3b743..e839271 100644 +index 82142a2..6de47e8 100644 --- a/drivers/media/platform/s5p-tv/mixer_video.c +++ b/drivers/media/platform/s5p-tv/mixer_video.c -@@ -208,7 +208,7 @@ static void mxr_layer_default_geo(struct mxr_layer *layer) +@@ -209,7 +209,7 @@ static void mxr_layer_default_geo(struct mxr_layer *layer) layer->geo.src.height = layer->geo.src.full_height; mxr_geometry_dump(mdev, &layer->geo); @@ -38707,7 +38138,7 @@ index 1f3b743..e839271 100644 mxr_geometry_dump(mdev, &layer->geo); } -@@ -226,7 +226,7 @@ static void mxr_layer_update_output(struct mxr_layer *layer) +@@ -227,7 +227,7 @@ static void mxr_layer_update_output(struct mxr_layer *layer) layer->geo.dst.full_width = mbus_fmt.width; layer->geo.dst.full_height = mbus_fmt.height; layer->geo.dst.field = mbus_fmt.field; @@ -38716,7 +38147,7 @@ index 1f3b743..e839271 100644 mxr_geometry_dump(mdev, &layer->geo); } -@@ -332,7 +332,7 @@ static int mxr_s_fmt(struct file *file, void *priv, +@@ -333,7 +333,7 @@ static int mxr_s_fmt(struct file *file, void *priv, /* set source size to highest accepted value */ geo->src.full_width = max(geo->dst.full_width, pix->width); geo->src.full_height = max(geo->dst.full_height, pix->height); @@ -38725,7 +38156,7 @@ index 1f3b743..e839271 100644 mxr_geometry_dump(mdev, &layer->geo); /* set cropping to total visible screen */ geo->src.width = pix->width; -@@ -340,12 +340,12 @@ static int mxr_s_fmt(struct file *file, void *priv, +@@ -341,12 +341,12 @@ static int mxr_s_fmt(struct file *file, void *priv, geo->src.x_offset = 0; geo->src.y_offset = 0; /* assure consistency of geometry */ @@ -38740,7 +38171,7 @@ index 1f3b743..e839271 100644 mxr_geometry_dump(mdev, &layer->geo); /* returning results */ -@@ -472,7 +472,7 @@ static int mxr_s_selection(struct file *file, void *fh, +@@ -473,7 +473,7 @@ static int mxr_s_selection(struct file *file, void *fh, target->width = s->r.width; target->height = s->r.height; @@ -38749,7 +38180,7 @@ index 1f3b743..e839271 100644 /* retrieve update selection rectangle */ res.left = target->x_offset; -@@ -937,13 +937,13 @@ static int start_streaming(struct vb2_queue *vq, unsigned int count) +@@ -938,13 +938,13 @@ static int start_streaming(struct vb2_queue *vq, unsigned int count) mxr_output_get(mdev); mxr_layer_update_output(layer); @@ -38765,7 +38196,7 @@ index 1f3b743..e839271 100644 mxr_streamer_get(mdev); return 0; -@@ -1013,7 +1013,7 @@ static int stop_streaming(struct vb2_queue *vq) +@@ -1014,7 +1014,7 @@ static int stop_streaming(struct vb2_queue *vq) spin_unlock_irqrestore(&layer->enq_slock, flags); /* disabling layer in hardware */ @@ -38774,7 +38205,7 @@ index 1f3b743..e839271 100644 /* remove one streamer */ mxr_streamer_put(mdev); /* allow changes in output configuration */ -@@ -1052,8 +1052,8 @@ void mxr_base_layer_unregister(struct mxr_layer *layer) +@@ -1053,8 +1053,8 @@ void mxr_base_layer_unregister(struct mxr_layer *layer) void mxr_layer_release(struct mxr_layer *layer) { @@ -38785,7 +38216,7 @@ index 1f3b743..e839271 100644 } void mxr_base_layer_release(struct mxr_layer *layer) -@@ -1079,7 +1079,7 @@ struct mxr_layer *mxr_base_layer_create(struct mxr_device *mdev, +@@ -1080,7 +1080,7 @@ struct mxr_layer *mxr_base_layer_create(struct mxr_device *mdev, layer->mdev = mdev; layer->idx = idx; @@ -38843,10 +38274,10 @@ index 3940bb0..fb3952a 100644 static int dib7070_set_param_override(struct dvb_frontend *fe) { diff --git a/drivers/media/usb/dvb-usb/dw2102.c b/drivers/media/usb/dvb-usb/dw2102.c -index 9382895..ac8093c 100644 +index 9578a67..31aa652 100644 --- a/drivers/media/usb/dvb-usb/dw2102.c +++ b/drivers/media/usb/dvb-usb/dw2102.c -@@ -95,7 +95,7 @@ struct su3000_state { +@@ -115,7 +115,7 @@ struct su3000_state { struct s6x0_state { int (*old_set_voltage)(struct dvb_frontend *f, fe_sec_voltage_t v); @@ -38878,27 +38309,6 @@ index aa6e7c7..4cd8061 100644 const struct v4l2_ioctl_info *info; void *fh = file->private_data; struct v4l2_fh *vfh = NULL; -diff --git a/drivers/memstick/host/r592.c b/drivers/memstick/host/r592.c -index 29b2172..a7c5b31 100644 ---- a/drivers/memstick/host/r592.c -+++ b/drivers/memstick/host/r592.c -@@ -454,7 +454,7 @@ static int r592_transfer_fifo_pio(struct r592_device *dev) - /* Executes one TPC (data is read/written from small or large fifo) */ - static void r592_execute_tpc(struct r592_device *dev) - { -- bool is_write = dev->req->tpc >= MS_TPC_SET_RW_REG_ADRS; -+ bool is_write; - int len, error; - u32 status, reg; - -@@ -463,6 +463,7 @@ static void r592_execute_tpc(struct r592_device *dev) - return; - } - -+ is_write = dev->req->tpc >= MS_TPC_SET_RW_REG_ADRS; - len = dev->req->long_data ? - dev->req->sg.length : dev->req->data_len; - diff --git a/drivers/message/fusion/mptbase.c b/drivers/message/fusion/mptbase.c index fb69baa..3aeea2e 100644 --- a/drivers/message/fusion/mptbase.c @@ -39231,10 +38641,10 @@ index 277a8db..0e0b754 100644 for (i = irq_base; i < irq_end; i++) { irq_set_chip_and_handler(i, &twl6030_irq_chip, diff --git a/drivers/misc/c2port/core.c b/drivers/misc/c2port/core.c -index f428d86..274c368 100644 +index f32550a..e3e52a2 100644 --- a/drivers/misc/c2port/core.c +++ b/drivers/misc/c2port/core.c -@@ -924,7 +924,9 @@ struct c2port_device *c2port_device_register(char *name, +@@ -920,7 +920,9 @@ struct c2port_device *c2port_device_register(char *name, mutex_init(&c2dev->mutex); /* Create binary file */ @@ -39246,10 +38656,10 @@ index f428d86..274c368 100644 if (unlikely(ret)) goto error_device_create_bin_file; diff --git a/drivers/misc/kgdbts.c b/drivers/misc/kgdbts.c -index 3aa9a96..59cf685 100644 +index 36f5d52..32311c3 100644 --- a/drivers/misc/kgdbts.c +++ b/drivers/misc/kgdbts.c -@@ -832,7 +832,7 @@ static void run_plant_and_detach_test(int is_early) +@@ -834,7 +834,7 @@ static void run_plant_and_detach_test(int is_early) char before[BREAK_INSTR_SIZE]; char after[BREAK_INSTR_SIZE]; @@ -39258,7 +38668,7 @@ index 3aa9a96..59cf685 100644 BREAK_INSTR_SIZE); init_simple_test(); ts.tst = plant_and_detach_test; -@@ -840,7 +840,7 @@ static void run_plant_and_detach_test(int is_early) +@@ -842,7 +842,7 @@ static void run_plant_and_detach_test(int is_early) /* Activate test with initial breakpoint */ if (!is_early) kgdb_breakpoint(); @@ -39600,7 +39010,7 @@ index d971817..33bdca5 100644 break; diff --git a/drivers/mmc/core/mmc_ops.c b/drivers/mmc/core/mmc_ops.c -index 6d8f701..35b6369 100644 +index 49f04bc..65660c2 100644 --- a/drivers/mmc/core/mmc_ops.c +++ b/drivers/mmc/core/mmc_ops.c @@ -247,7 +247,7 @@ mmc_send_cxd_data(struct mmc_card *card, struct mmc_host *host, @@ -39624,10 +39034,10 @@ index 53b8fd9..615b462 100644 +} __do_const; #endif /* _DW_MMC_H_ */ diff --git a/drivers/mmc/host/sdhci-s3c.c b/drivers/mmc/host/sdhci-s3c.c -index 82a8de1..3c56ccb 100644 +index 7363efe..681558e 100644 --- a/drivers/mmc/host/sdhci-s3c.c +++ b/drivers/mmc/host/sdhci-s3c.c -@@ -721,9 +721,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev) +@@ -720,9 +720,11 @@ static int sdhci_s3c_probe(struct platform_device *pdev) * we can use overriding functions instead of default. */ if (host->quirks & SDHCI_QUIRK_NONSTANDARD_CLOCK) { @@ -39693,10 +39103,10 @@ index 8dd6ba5..419cc1d 100644 struct sm_sysfs_attribute *vendor_attribute; diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c -index 045dc53..b1e5473 100644 +index dbbea0e..3f4a0b1 100644 --- a/drivers/net/bonding/bond_main.c +++ b/drivers/net/bonding/bond_main.c -@@ -4865,7 +4865,7 @@ static unsigned int bond_get_num_tx_queues(void) +@@ -4822,7 +4822,7 @@ static unsigned int bond_get_num_tx_queues(void) return tx_queues; } @@ -39705,7 +39115,7 @@ index 045dc53..b1e5473 100644 .kind = "bond", .priv_size = sizeof(struct bonding), .setup = bond_setup, -@@ -4990,8 +4990,8 @@ static void __exit bonding_exit(void) +@@ -4947,8 +4947,8 @@ static void __exit bonding_exit(void) bond_destroy_debugfs(); @@ -39716,7 +39126,7 @@ index 045dc53..b1e5473 100644 #ifdef CONFIG_NET_POLL_CONTROLLER /* diff --git a/drivers/net/ethernet/8390/ax88796.c b/drivers/net/ethernet/8390/ax88796.c -index 70dba5d..11a0919 100644 +index e1d2643..7f4133b 100644 --- a/drivers/net/ethernet/8390/ax88796.c +++ b/drivers/net/ethernet/8390/ax88796.c @@ -872,9 +872,11 @@ static int ax_probe(struct platform_device *pdev) @@ -39733,10 +39143,10 @@ index 70dba5d..11a0919 100644 if (!request_mem_region(mem->start, mem_size, pdev->name)) { diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h -index 0991534..8098e92 100644 +index aee7671..3ca2651 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.h -@@ -1094,7 +1094,7 @@ static inline u8 bnx2x_get_path_func_num(struct bnx2x *bp) +@@ -1093,7 +1093,7 @@ static inline u8 bnx2x_get_path_func_num(struct bnx2x *bp) static inline void bnx2x_init_bp_objs(struct bnx2x *bp) { /* RX_MODE controlling object */ @@ -39745,105 +39155,11 @@ index 0991534..8098e92 100644 /* multicast configuration controlling object */ bnx2x_init_mcast_obj(bp, &bp->mcast_obj, bp->fp->cl_id, bp->fp->cid, -diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_dcb.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_dcb.c -index 10bc093..a2fb42a 100644 ---- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_dcb.c -+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_dcb.c -@@ -2136,12 +2136,12 @@ static u8 bnx2x_dcbnl_get_cap(struct net_device *netdev, int capid, u8 *cap) - break; - default: - BNX2X_ERR("Non valid capability ID\n"); -- rval = -EINVAL; -+ rval = 1; - break; - } - } else { - DP(BNX2X_MSG_DCB, "DCB disabled\n"); -- rval = -EINVAL; -+ rval = 1; - } - - DP(BNX2X_MSG_DCB, "capid %d:%x\n", capid, *cap); -@@ -2167,12 +2167,12 @@ static int bnx2x_dcbnl_get_numtcs(struct net_device *netdev, int tcid, u8 *num) - break; - default: - BNX2X_ERR("Non valid TC-ID\n"); -- rval = -EINVAL; -+ rval = 1; - break; - } - } else { - DP(BNX2X_MSG_DCB, "DCB disabled\n"); -- rval = -EINVAL; -+ rval = 1; - } - - return rval; -@@ -2185,7 +2185,7 @@ static int bnx2x_dcbnl_set_numtcs(struct net_device *netdev, int tcid, u8 num) - return -EINVAL; - } - --static u8 bnx2x_dcbnl_get_pfc_state(struct net_device *netdev) -+static u8 bnx2x_dcbnl_get_pfc_state(struct net_device *netdev) - { - struct bnx2x *bp = netdev_priv(netdev); - DP(BNX2X_MSG_DCB, "state = %d\n", bp->dcbx_local_feat.pfc.enabled); -@@ -2387,12 +2387,12 @@ static u8 bnx2x_dcbnl_get_featcfg(struct net_device *netdev, int featid, - break; - default: - BNX2X_ERR("Non valid featrue-ID\n"); -- rval = -EINVAL; -+ rval = 1; - break; - } - } else { - DP(BNX2X_MSG_DCB, "DCB disabled\n"); -- rval = -EINVAL; -+ rval = 1; - } - - return rval; -@@ -2428,12 +2428,12 @@ static u8 bnx2x_dcbnl_set_featcfg(struct net_device *netdev, int featid, - break; - default: - BNX2X_ERR("Non valid featrue-ID\n"); -- rval = -EINVAL; -+ rval = 1; - break; - } - } else { - DP(BNX2X_MSG_DCB, "dcbnl call not valid\n"); -- rval = -EINVAL; -+ rval = 1; - } - - return rval; -diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c -index 5523da3..4fcf274 100644 ---- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c -+++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c -@@ -4767,7 +4767,7 @@ static void bnx2x_after_function_update(struct bnx2x *bp) - q); - } - -- if (!NO_FCOE(bp)) { -+ if (!NO_FCOE(bp) && CNIC_ENABLED(bp)) { - fp = &bp->fp[FCOE_IDX(bp)]; - queue_params.q_obj = &bnx2x_sp_obj(bp, fp).q_obj; - -@@ -13047,6 +13047,7 @@ static int bnx2x_unregister_cnic(struct net_device *dev) - RCU_INIT_POINTER(bp->cnic_ops, NULL); - mutex_unlock(&bp->cnic_mutex); - synchronize_rcu(); -+ bp->cnic_enabled = false; - kfree(bp->cnic_kwq); - bp->cnic_kwq = NULL; - diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c -index 09b625e..15b16fe 100644 +index 7306416..5fb7fb5 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.c -@@ -2375,15 +2375,14 @@ int bnx2x_config_rx_mode(struct bnx2x *bp, +@@ -2381,15 +2381,14 @@ int bnx2x_config_rx_mode(struct bnx2x *bp, return rc; } @@ -39865,10 +39181,10 @@ index 09b625e..15b16fe 100644 } diff --git a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -index adbd91b..58ec94a 100644 +index ff90760..08d8aed 100644 --- a/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h +++ b/drivers/net/ethernet/broadcom/bnx2x/bnx2x_sp.h -@@ -1293,8 +1293,7 @@ int bnx2x_vlan_mac_move(struct bnx2x *bp, +@@ -1306,8 +1306,7 @@ int bnx2x_vlan_mac_move(struct bnx2x *bp, /********************* RX MODE ****************/ @@ -39879,10 +39195,10 @@ index adbd91b..58ec94a 100644 /** * bnx2x_config_rx_mode - Send and RX_MODE ramrod according to the provided parameters. diff --git a/drivers/net/ethernet/broadcom/tg3.h b/drivers/net/ethernet/broadcom/tg3.h -index 6f9b74c..7f219b8 100644 +index 8d7d4c2..95f7681 100644 --- a/drivers/net/ethernet/broadcom/tg3.h +++ b/drivers/net/ethernet/broadcom/tg3.h -@@ -146,6 +146,7 @@ +@@ -147,6 +147,7 @@ #define CHIPREV_ID_5750_A0 0x4000 #define CHIPREV_ID_5750_A1 0x4001 #define CHIPREV_ID_5750_A3 0x4003 @@ -39926,7 +39242,7 @@ index 4c83003..2a2a5b9 100644 break; } diff --git a/drivers/net/ethernet/emulex/benet/be_main.c b/drivers/net/ethernet/emulex/benet/be_main.c -index 4d6f3c5..449bc5c 100644 +index 2886c9b..db71673 100644 --- a/drivers/net/ethernet/emulex/benet/be_main.c +++ b/drivers/net/ethernet/emulex/benet/be_main.c @@ -455,7 +455,7 @@ static void accumulate_16bit_val(u32 *acc, u16 val) @@ -39938,20 +39254,8 @@ index 4d6f3c5..449bc5c 100644 } void be_parse_stats(struct be_adapter *adapter) -@@ -759,8 +759,9 @@ static struct sk_buff *be_insert_vlan_in_pkt(struct be_adapter *adapter, - - if (vlan_tx_tag_present(skb)) { - vlan_tag = be_get_tx_vlan_tag(adapter, skb); -- __vlan_put_tag(skb, vlan_tag); -- skb->vlan_tci = 0; -+ skb = __vlan_put_tag(skb, vlan_tag); -+ if (skb) -+ skb->vlan_tci = 0; - } - - return skb; diff --git a/drivers/net/ethernet/faraday/ftgmac100.c b/drivers/net/ethernet/faraday/ftgmac100.c -index 74d749e..eefb1bd 100644 +index 7c361d1..57e3ff1 100644 --- a/drivers/net/ethernet/faraday/ftgmac100.c +++ b/drivers/net/ethernet/faraday/ftgmac100.c @@ -31,6 +31,8 @@ @@ -39964,7 +39268,7 @@ index 74d749e..eefb1bd 100644 #include "ftgmac100.h" diff --git a/drivers/net/ethernet/faraday/ftmac100.c b/drivers/net/ethernet/faraday/ftmac100.c -index b901a01..1ff32ee 100644 +index b5ea8fb..bd25e9a 100644 --- a/drivers/net/ethernet/faraday/ftmac100.c +++ b/drivers/net/ethernet/faraday/ftmac100.c @@ -31,6 +31,8 @@ @@ -39976,147 +39280,11 @@ index b901a01..1ff32ee 100644 #include "ftmac100.h" -diff --git a/drivers/net/ethernet/intel/e100.c b/drivers/net/ethernet/intel/e100.c -index a59f077..7925d77 100644 ---- a/drivers/net/ethernet/intel/e100.c -+++ b/drivers/net/ethernet/intel/e100.c -@@ -870,7 +870,7 @@ err_unlock: - } - - static int e100_exec_cb(struct nic *nic, struct sk_buff *skb, -- void (*cb_prepare)(struct nic *, struct cb *, struct sk_buff *)) -+ int (*cb_prepare)(struct nic *, struct cb *, struct sk_buff *)) - { - struct cb *cb; - unsigned long flags; -@@ -888,10 +888,13 @@ static int e100_exec_cb(struct nic *nic, struct sk_buff *skb, - nic->cbs_avail--; - cb->skb = skb; - -+ err = cb_prepare(nic, cb, skb); -+ if (err) -+ goto err_unlock; -+ - if (unlikely(!nic->cbs_avail)) - err = -ENOSPC; - -- cb_prepare(nic, cb, skb); - - /* Order is important otherwise we'll be in a race with h/w: - * set S-bit in current first, then clear S-bit in previous. */ -@@ -1091,7 +1094,7 @@ static void e100_get_defaults(struct nic *nic) - nic->mii.mdio_write = mdio_write; - } - --static void e100_configure(struct nic *nic, struct cb *cb, struct sk_buff *skb) -+static int e100_configure(struct nic *nic, struct cb *cb, struct sk_buff *skb) - { - struct config *config = &cb->u.config; - u8 *c = (u8 *)config; -@@ -1181,6 +1184,7 @@ static void e100_configure(struct nic *nic, struct cb *cb, struct sk_buff *skb) - netif_printk(nic, hw, KERN_DEBUG, nic->netdev, - "[16-23]=%02X:%02X:%02X:%02X:%02X:%02X:%02X:%02X\n", - c[16], c[17], c[18], c[19], c[20], c[21], c[22], c[23]); -+ return 0; - } - - /************************************************************************* -@@ -1331,7 +1335,7 @@ static const struct firmware *e100_request_firmware(struct nic *nic) - return fw; - } - --static void e100_setup_ucode(struct nic *nic, struct cb *cb, -+static int e100_setup_ucode(struct nic *nic, struct cb *cb, - struct sk_buff *skb) - { - const struct firmware *fw = (void *)skb; -@@ -1358,6 +1362,7 @@ static void e100_setup_ucode(struct nic *nic, struct cb *cb, - cb->u.ucode[min_size] |= cpu_to_le32((BUNDLESMALL) ? 0xFFFF : 0xFF80); - - cb->command = cpu_to_le16(cb_ucode | cb_el); -+ return 0; - } - - static inline int e100_load_ucode_wait(struct nic *nic) -@@ -1400,18 +1405,20 @@ static inline int e100_load_ucode_wait(struct nic *nic) - return err; - } - --static void e100_setup_iaaddr(struct nic *nic, struct cb *cb, -+static int e100_setup_iaaddr(struct nic *nic, struct cb *cb, - struct sk_buff *skb) - { - cb->command = cpu_to_le16(cb_iaaddr); - memcpy(cb->u.iaaddr, nic->netdev->dev_addr, ETH_ALEN); -+ return 0; - } - --static void e100_dump(struct nic *nic, struct cb *cb, struct sk_buff *skb) -+static int e100_dump(struct nic *nic, struct cb *cb, struct sk_buff *skb) - { - cb->command = cpu_to_le16(cb_dump); - cb->u.dump_buffer_addr = cpu_to_le32(nic->dma_addr + - offsetof(struct mem, dump_buf)); -+ return 0; - } - - static int e100_phy_check_without_mii(struct nic *nic) -@@ -1581,7 +1588,7 @@ static int e100_hw_init(struct nic *nic) - return 0; - } - --static void e100_multi(struct nic *nic, struct cb *cb, struct sk_buff *skb) -+static int e100_multi(struct nic *nic, struct cb *cb, struct sk_buff *skb) - { - struct net_device *netdev = nic->netdev; - struct netdev_hw_addr *ha; -@@ -1596,6 +1603,7 @@ static void e100_multi(struct nic *nic, struct cb *cb, struct sk_buff *skb) - memcpy(&cb->u.multi.addr[i++ * ETH_ALEN], &ha->addr, - ETH_ALEN); - } -+ return 0; - } - - static void e100_set_multicast_list(struct net_device *netdev) -@@ -1756,11 +1764,18 @@ static void e100_watchdog(unsigned long data) - round_jiffies(jiffies + E100_WATCHDOG_PERIOD)); - } - --static void e100_xmit_prepare(struct nic *nic, struct cb *cb, -+static int e100_xmit_prepare(struct nic *nic, struct cb *cb, - struct sk_buff *skb) - { -+ dma_addr_t dma_addr; - cb->command = nic->tx_command; - -+ dma_addr = pci_map_single(nic->pdev, -+ skb->data, skb->len, PCI_DMA_TODEVICE); -+ /* If we can't map the skb, have the upper layer try later */ -+ if (pci_dma_mapping_error(nic->pdev, dma_addr)) -+ return -ENOMEM; -+ - /* - * Use the last 4 bytes of the SKB payload packet as the CRC, used for - * testing, ie sending frames with bad CRC. -@@ -1777,11 +1792,10 @@ static void e100_xmit_prepare(struct nic *nic, struct cb *cb, - cb->u.tcb.tcb_byte_count = 0; - cb->u.tcb.threshold = nic->tx_threshold; - cb->u.tcb.tbd_count = 1; -- cb->u.tcb.tbd.buf_addr = cpu_to_le32(pci_map_single(nic->pdev, -- skb->data, skb->len, PCI_DMA_TODEVICE)); -- /* check for mapping failure? */ -+ cb->u.tcb.tbd.buf_addr = cpu_to_le32(dma_addr); - cb->u.tcb.tbd.size = cpu_to_le16(skb->len); - skb_tx_timestamp(skb); -+ return 0; - } - - static netdev_tx_t e100_xmit_frame(struct sk_buff *skb, diff --git a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c -index bb9256a..56d8752 100644 +index 331987d..3be1135 100644 --- a/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c +++ b/drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c -@@ -806,7 +806,7 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter) +@@ -776,7 +776,7 @@ void ixgbe_ptp_start_cyclecounter(struct ixgbe_adapter *adapter) } /* update the base incval used to calculate frequency adjustment */ @@ -40125,19 +39293,6 @@ index bb9256a..56d8752 100644 smp_mb(); /* need lock to prevent incorrect read while modifying cyclecounter */ -diff --git a/drivers/net/ethernet/lantiq_etop.c b/drivers/net/ethernet/lantiq_etop.c -index c124e67..db9b897 100644 ---- a/drivers/net/ethernet/lantiq_etop.c -+++ b/drivers/net/ethernet/lantiq_etop.c -@@ -769,7 +769,7 @@ ltq_etop_probe(struct platform_device *pdev) - return 0; - - err_free: -- kfree(dev); -+ free_netdev(dev); - err_out: - return err; - } diff --git a/drivers/net/ethernet/neterion/vxge/vxge-config.c b/drivers/net/ethernet/neterion/vxge/vxge-config.c index fbe5363..266b4e3 100644 --- a/drivers/net/ethernet/neterion/vxge/vxge-config.c @@ -40164,10 +39319,10 @@ index fbe5363..266b4e3 100644 __vxge_hw_mempool_create(vpath->hldev, fifo->config->memblock_size, diff --git a/drivers/net/ethernet/realtek/r8169.c b/drivers/net/ethernet/realtek/r8169.c -index 2d849da..23bba3b 100644 +index 15ba8c4..3f56838 100644 --- a/drivers/net/ethernet/realtek/r8169.c +++ b/drivers/net/ethernet/realtek/r8169.c -@@ -741,22 +741,22 @@ struct rtl8169_private { +@@ -740,22 +740,22 @@ struct rtl8169_private { struct mdio_ops { void (*write)(struct rtl8169_private *, int, int); int (*read)(struct rtl8169_private *, int); @@ -40208,7 +39363,7 @@ index 3f93624..cf01144 100644 MC_CMD_PTP_IN_SYNCHRONIZE_LEN); diff --git a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c -index 0c74a70..3bc6f68 100644 +index 50617c5..b13724c 100644 --- a/drivers/net/ethernet/stmicro/stmmac/mmc_core.c +++ b/drivers/net/ethernet/stmicro/stmmac/mmc_core.c @@ -140,8 +140,8 @@ void dwmac_mmc_ctrl(void __iomem *ioaddr, unsigned int mode) @@ -40236,10 +39391,10 @@ index e6fe0d8..2b7d752 100644 spinlock_t request_lock; struct list_head req_list; diff --git a/drivers/net/hyperv/rndis_filter.c b/drivers/net/hyperv/rndis_filter.c -index 2b657d4..9903bc0 100644 +index 0775f0a..d4fb316 100644 --- a/drivers/net/hyperv/rndis_filter.c +++ b/drivers/net/hyperv/rndis_filter.c -@@ -107,7 +107,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev, +@@ -104,7 +104,7 @@ static struct rndis_request *get_rndis_request(struct rndis_device *dev, * template */ set = &rndis_msg->msg.set_req; @@ -40248,7 +39403,7 @@ index 2b657d4..9903bc0 100644 /* Add to the request list */ spin_lock_irqsave(&dev->request_lock, flags); -@@ -758,7 +758,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev) +@@ -752,7 +752,7 @@ static void rndis_filter_halt_device(struct rndis_device *dev) /* Setup the rndis set */ halt = &request->request_msg.msg.halt_req; @@ -40258,10 +39413,10 @@ index 2b657d4..9903bc0 100644 /* Ignore return since this msg is optional. */ rndis_filter_send_request(dev, request); diff --git a/drivers/net/ieee802154/fakehard.c b/drivers/net/ieee802154/fakehard.c -index 1e9cb0b..7839125 100644 +index 8f1c256..a2991d1 100644 --- a/drivers/net/ieee802154/fakehard.c +++ b/drivers/net/ieee802154/fakehard.c -@@ -386,7 +386,7 @@ static int ieee802154fake_probe(struct platform_device *pdev) +@@ -385,7 +385,7 @@ static int ieee802154fake_probe(struct platform_device *pdev) phy->transmit_power = 0xbf; dev->netdev_ops = &fake_ops; @@ -40271,10 +39426,10 @@ index 1e9cb0b..7839125 100644 priv = netdev_priv(dev); priv->phy = phy; diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c -index e5cb723..1fc0461 100644 +index 73abbc1..f25db7c 100644 --- a/drivers/net/macvlan.c +++ b/drivers/net/macvlan.c -@@ -852,13 +852,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { +@@ -891,13 +891,15 @@ static const struct nla_policy macvlan_policy[IFLA_MACVLAN_MAX + 1] = { int macvlan_link_register(struct rtnl_link_ops *ops) { /* common fields */ @@ -40297,7 +39452,7 @@ index e5cb723..1fc0461 100644 return rtnl_link_register(ops); }; -@@ -914,7 +916,7 @@ static int macvlan_device_event(struct notifier_block *unused, +@@ -953,7 +955,7 @@ static int macvlan_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -40307,10 +39462,10 @@ index e5cb723..1fc0461 100644 }; diff --git a/drivers/net/macvtap.c b/drivers/net/macvtap.c -index 0f0f9ce..0ca5819 100644 +index a449439..1e468fe 100644 --- a/drivers/net/macvtap.c +++ b/drivers/net/macvtap.c -@@ -1100,7 +1100,7 @@ static int macvtap_device_event(struct notifier_block *unused, +@@ -1090,7 +1090,7 @@ static int macvtap_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -40332,7 +39487,7 @@ index daec9b0..6428fcb 100644 } EXPORT_SYMBOL(free_mdio_bitbang); diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c -index 508570e..f706dc7 100644 +index 72ff14b..11d442d 100644 --- a/drivers/net/ppp/ppp_generic.c +++ b/drivers/net/ppp/ppp_generic.c @@ -999,7 +999,6 @@ ppp_net_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) @@ -40353,11 +39508,24 @@ index 508570e..f706dc7 100644 break; err = 0; break; +diff --git a/drivers/net/slip/slhc.c b/drivers/net/slip/slhc.c +index 1252d9c..80e660b 100644 +--- a/drivers/net/slip/slhc.c ++++ b/drivers/net/slip/slhc.c +@@ -488,7 +488,7 @@ slhc_uncompress(struct slcompress *comp, unsigned char *icp, int isize) + register struct tcphdr *thp; + register struct iphdr *ip; + register struct cstate *cs; +- int len, hdrlen; ++ long len, hdrlen; + unsigned char *cp = icp; + + /* We've got a compressed packet; read the change byte */ diff --git a/drivers/net/team/team.c b/drivers/net/team/team.c -index 8efe47a..a8075c5 100644 +index bf34192..fba3500 100644 --- a/drivers/net/team/team.c +++ b/drivers/net/team/team.c -@@ -2603,7 +2603,7 @@ static int team_device_event(struct notifier_block *unused, +@@ -2668,7 +2668,7 @@ static int team_device_event(struct notifier_block *unused, return NOTIFY_DONE; } @@ -40367,18 +39535,9 @@ index 8efe47a..a8075c5 100644 }; diff --git a/drivers/net/tun.c b/drivers/net/tun.c -index cb95fe5..16909e2 100644 +index 729ed53..9453f99 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c -@@ -1594,7 +1594,7 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr) - - if (tun->flags & TUN_TAP_MQ && - (tun->numqueues + tun->numdisabled > 1)) -- return err; -+ return -EBUSY; - } - else { - char *name; @@ -1838,7 +1838,7 @@ unlock: } @@ -40399,7 +39558,7 @@ index cb95fe5..16909e2 100644 if (copy_from_user(&ifr, argp, ifreq_len)) return -EFAULT; diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c -index cd8ccb2..cff5144 100644 +index e2dd324..be92fcf 100644 --- a/drivers/net/usb/hso.c +++ b/drivers/net/usb/hso.c @@ -71,7 +71,7 @@ @@ -40480,7 +39639,7 @@ index cd8ccb2..cff5144 100644 /* Setup and send a ctrl req read on * port i */ if (!serial->rx_urb_filled[0]) { -@@ -3079,7 +3078,7 @@ static int hso_resume(struct usb_interface *iface) +@@ -3066,7 +3065,7 @@ static int hso_resume(struct usb_interface *iface) /* Start all serial ports */ for (i = 0; i < HSO_SERIAL_TTY_MINORS; i++) { if (serial_table[i] && (serial_table[i]->interface == iface)) { @@ -40490,10 +39649,10 @@ index cd8ccb2..cff5144 100644 hso_start_serial_device(serial_table[i], GFP_NOIO); hso_kick_transmit(dev2ser(serial_table[i])); diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c -index 6993bfa..9053a34 100644 +index 7cee7a3..1eb9f3b 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c -@@ -1428,7 +1428,7 @@ nla_put_failure: +@@ -1443,7 +1443,7 @@ nla_put_failure: return -EMSGSIZE; } @@ -40503,7 +39662,7 @@ index 6993bfa..9053a34 100644 .maxtype = IFLA_VXLAN_MAX, .policy = vxlan_policy, diff --git a/drivers/net/wireless/at76c50x-usb.c b/drivers/net/wireless/at76c50x-usb.c -index 77fa428..996b355 100644 +index 5ac5f7a..5f82012 100644 --- a/drivers/net/wireless/at76c50x-usb.c +++ b/drivers/net/wireless/at76c50x-usb.c @@ -353,7 +353,7 @@ static int at76_dfu_get_state(struct usb_device *udev, u8 *state) @@ -40721,10 +39880,10 @@ index 301bf72..3f5654f 100644 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads) diff --git a/drivers/net/wireless/ath/ath9k/hw.h b/drivers/net/wireless/ath/ath9k/hw.h -index 9d26fc5..60d9f14 100644 +index 784e81c..349e01e 100644 --- a/drivers/net/wireless/ath/ath9k/hw.h +++ b/drivers/net/wireless/ath/ath9k/hw.h -@@ -658,7 +658,7 @@ struct ath_hw_private_ops { +@@ -653,7 +653,7 @@ struct ath_hw_private_ops { /* ANI */ void (*ani_cache_ini_regs)(struct ath_hw *ah); @@ -40732,21 +39891,21 @@ index 9d26fc5..60d9f14 100644 +} __no_const; /** - * struct ath_hw_ops - callbacks used by hardware code and driver code -@@ -688,7 +688,7 @@ struct ath_hw_ops { - void (*antdiv_comb_conf_set)(struct ath_hw *ah, - struct ath_hw_antcomb_conf *antconf); - void (*antctrl_shared_chain_lnadiv)(struct ath_hw *hw, bool enable); + * struct ath_spec_scan - parameters for Atheros spectral scan +@@ -722,7 +722,7 @@ struct ath_hw_ops { + struct ath_spec_scan *param); + void (*spectral_scan_trigger)(struct ath_hw *ah); + void (*spectral_scan_wait)(struct ath_hw *ah); -}; +} __no_const; struct ath_nf_limits { s16 max; diff --git a/drivers/net/wireless/iwlegacy/3945-mac.c b/drivers/net/wireless/iwlegacy/3945-mac.c -index 3726cd6..b655808 100644 +index c353b5f..62aaca2 100644 --- a/drivers/net/wireless/iwlegacy/3945-mac.c +++ b/drivers/net/wireless/iwlegacy/3945-mac.c -@@ -3615,7 +3615,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) +@@ -3639,7 +3639,9 @@ il3945_pci_probe(struct pci_dev *pdev, const struct pci_device_id *ent) */ if (il3945_mod_params.disable_hw_scan) { D_INFO("Disabling hw_scan\n"); @@ -40758,7 +39917,7 @@ index 3726cd6..b655808 100644 D_INFO("*** LOAD DRIVER ***\n"); diff --git a/drivers/net/wireless/iwlwifi/dvm/debugfs.c b/drivers/net/wireless/iwlwifi/dvm/debugfs.c -index 2c056b1..698efa9 100644 +index 81d4071..f2071ea 100644 --- a/drivers/net/wireless/iwlwifi/dvm/debugfs.c +++ b/drivers/net/wireless/iwlwifi/dvm/debugfs.c @@ -203,7 +203,7 @@ static ssize_t iwl_dbgfs_sram_write(struct file *file, @@ -40879,10 +40038,10 @@ index 2c056b1..698efa9 100644 memset(buf, 0, sizeof(buf)); buf_size = min(count, sizeof(buf) - 1); diff --git a/drivers/net/wireless/iwlwifi/pcie/trans.c b/drivers/net/wireless/iwlwifi/pcie/trans.c -index 35708b9..31f7754 100644 +index 12c4f31..484d948 100644 --- a/drivers/net/wireless/iwlwifi/pcie/trans.c +++ b/drivers/net/wireless/iwlwifi/pcie/trans.c -@@ -1100,7 +1100,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, +@@ -1328,7 +1328,7 @@ static ssize_t iwl_dbgfs_interrupt_write(struct file *file, struct isr_statistics *isr_stats = &trans_pcie->isr_stats; char buf[8]; @@ -40891,7 +40050,7 @@ index 35708b9..31f7754 100644 u32 reset_flag; memset(buf, 0, sizeof(buf)); -@@ -1121,7 +1121,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, +@@ -1349,7 +1349,7 @@ static ssize_t iwl_dbgfs_csr_write(struct file *file, { struct iwl_trans *trans = file->private_data; char buf[8]; @@ -40901,10 +40060,10 @@ index 35708b9..31f7754 100644 memset(buf, 0, sizeof(buf)); diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c -index ff90855..e46d223 100644 +index cffdf4f..7cefb69 100644 --- a/drivers/net/wireless/mac80211_hwsim.c +++ b/drivers/net/wireless/mac80211_hwsim.c -@@ -2062,25 +2062,19 @@ static int __init init_mac80211_hwsim(void) +@@ -2144,25 +2144,19 @@ static int __init init_mac80211_hwsim(void) if (channels > 1) { hwsim_if_comb.num_different_channels = channels; @@ -40944,7 +40103,7 @@ index ff90855..e46d223 100644 spin_lock_init(&hwsim_radio_lock); diff --git a/drivers/net/wireless/rndis_wlan.c b/drivers/net/wireless/rndis_wlan.c -index abe1d03..fb02c22 100644 +index 525fd75..6c9f791 100644 --- a/drivers/net/wireless/rndis_wlan.c +++ b/drivers/net/wireless/rndis_wlan.c @@ -1238,7 +1238,7 @@ static int set_rts_threshold(struct usbnet *usbdev, u32 rts_threshold) @@ -40957,10 +40116,10 @@ index abe1d03..fb02c22 100644 tmp = cpu_to_le32(rts_threshold); diff --git a/drivers/net/wireless/rt2x00/rt2x00.h b/drivers/net/wireless/rt2x00/rt2x00.h -index 0751b35..246ba3e 100644 +index 086abb4..8279c30 100644 --- a/drivers/net/wireless/rt2x00/rt2x00.h +++ b/drivers/net/wireless/rt2x00/rt2x00.h -@@ -398,7 +398,7 @@ struct rt2x00_intf { +@@ -396,7 +396,7 @@ struct rt2x00_intf { * for hardware which doesn't support hardware * sequence counting. */ @@ -40970,10 +40129,10 @@ index 0751b35..246ba3e 100644 static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif) diff --git a/drivers/net/wireless/rt2x00/rt2x00queue.c b/drivers/net/wireless/rt2x00/rt2x00queue.c -index e488b94..14b6a0c 100644 +index 4d91795..62fccff 100644 --- a/drivers/net/wireless/rt2x00/rt2x00queue.c +++ b/drivers/net/wireless/rt2x00/rt2x00queue.c -@@ -240,9 +240,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, +@@ -251,9 +251,9 @@ static void rt2x00queue_create_tx_descriptor_seq(struct rt2x00_dev *rt2x00dev, * sequence counter given by mac80211. */ if (test_bit(ENTRY_TXD_FIRST_FRAGMENT, &txdesc->flags)) @@ -41012,10 +40171,10 @@ index e57ee48..541cf6c 100644 wl1251_info("using SDIO interrupt"); } diff --git a/drivers/net/wireless/ti/wl12xx/main.c b/drivers/net/wireless/ti/wl12xx/main.c -index e5f5f8f..fdf15b7 100644 +index 09694e3..24ccec7 100644 --- a/drivers/net/wireless/ti/wl12xx/main.c +++ b/drivers/net/wireless/ti/wl12xx/main.c -@@ -644,7 +644,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl) +@@ -656,7 +656,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl) sizeof(wl->conf.mem)); /* read data preparation is only needed by wl127x */ @@ -41024,9 +40183,9 @@ index e5f5f8f..fdf15b7 100644 + *(void **)&wl->ops->prepare_read = wl127x_prepare_read; + pax_close_kernel(); - wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER, WL127X_IFTYPE_VER, - WL127X_MAJOR_VER, WL127X_SUBTYPE_VER, -@@ -665,7 +667,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl) + wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER, + WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER, +@@ -681,7 +683,9 @@ static int wl12xx_identify_chip(struct wl1271 *wl) sizeof(wl->conf.mem)); /* read data preparation is only needed by wl127x */ @@ -41035,13 +40194,13 @@ index e5f5f8f..fdf15b7 100644 + *(void **)&wl->ops->prepare_read = wl127x_prepare_read; + pax_close_kernel(); - wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER, WL127X_IFTYPE_VER, - WL127X_MAJOR_VER, WL127X_SUBTYPE_VER, + wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER, + WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER, diff --git a/drivers/net/wireless/ti/wl18xx/main.c b/drivers/net/wireless/ti/wl18xx/main.c -index 8d8c1f8..e754844 100644 +index da3ef1b..4790b95 100644 --- a/drivers/net/wireless/ti/wl18xx/main.c +++ b/drivers/net/wireless/ti/wl18xx/main.c -@@ -1489,8 +1489,10 @@ static int wl18xx_setup(struct wl1271 *wl) +@@ -1664,8 +1664,10 @@ static int wl18xx_setup(struct wl1271 *wl) } if (!checksum_param) { @@ -41055,10 +40214,10 @@ index 8d8c1f8..e754844 100644 /* Enable 11a Band only if we have 5G antennas */ diff --git a/drivers/net/wireless/zd1211rw/zd_usb.c b/drivers/net/wireless/zd1211rw/zd_usb.c -index ef2b171..bb513a6 100644 +index 7ef0b4a..ff65c28 100644 --- a/drivers/net/wireless/zd1211rw/zd_usb.c +++ b/drivers/net/wireless/zd1211rw/zd_usb.c -@@ -387,7 +387,7 @@ static inline void handle_regs_int(struct urb *urb) +@@ -386,7 +386,7 @@ static inline void handle_regs_int(struct urb *urb) { struct zd_usb *usb = urb->context; struct zd_usb_interrupt *intr = &usb->intr; @@ -41188,10 +40347,10 @@ index 38b6fc0..b5cbfce 100644 extern struct oprofile_stat_struct oprofile_stats; diff --git a/drivers/oprofile/oprofilefs.c b/drivers/oprofile/oprofilefs.c -index 849357c..b83c1e0 100644 +index 7c12d9c..558bf3bb 100644 --- a/drivers/oprofile/oprofilefs.c +++ b/drivers/oprofile/oprofilefs.c -@@ -185,7 +185,7 @@ static const struct file_operations atomic_ro_fops = { +@@ -190,7 +190,7 @@ static const struct file_operations atomic_ro_fops = { int oprofilefs_create_ro_atomic(struct super_block *sb, struct dentry *root, @@ -41362,7 +40521,7 @@ index 202f4a9..8ee47d0 100644 mutex_lock(&pci_hp_mutex); /* diff --git a/drivers/pci/hotplug/pciehp_core.c b/drivers/pci/hotplug/pciehp_core.c -index 939bd1d..a1459c9 100644 +index 7d72c5e..edce02c 100644 --- a/drivers/pci/hotplug/pciehp_core.c +++ b/drivers/pci/hotplug/pciehp_core.c @@ -91,7 +91,7 @@ static int init_slot(struct controller *ctrl) @@ -41406,10 +40565,10 @@ index 9c6e9bb..2916736 100644 if (!sysfs_initialized) return -EACCES; diff --git a/drivers/pci/pci.h b/drivers/pci/pci.h -index e851829..a1a7196 100644 +index 7346ee6..41520eb 100644 --- a/drivers/pci/pci.h +++ b/drivers/pci/pci.h -@@ -98,7 +98,7 @@ struct pci_vpd_ops { +@@ -93,7 +93,7 @@ struct pci_vpd_ops { struct pci_vpd { unsigned int len; const struct pci_vpd_ops *ops; @@ -41419,7 +40578,7 @@ index e851829..a1a7196 100644 extern int pci_vpd_pci22_init(struct pci_dev *dev); diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c -index 8474b6a..ee81993 100644 +index d320df6..ca9a8f6 100644 --- a/drivers/pci/pcie/aspm.c +++ b/drivers/pci/pcie/aspm.c @@ -27,9 +27,9 @@ @@ -41436,7 +40595,7 @@ index 8474b6a..ee81993 100644 #define ASPM_STATE_ALL (ASPM_STATE_L0S | ASPM_STATE_L1) diff --git a/drivers/pci/probe.c b/drivers/pci/probe.c -index 6186f03..1a78714 100644 +index 5427787..8df273b 100644 --- a/drivers/pci/probe.c +++ b/drivers/pci/probe.c @@ -173,7 +173,7 @@ int __pci_read_base(struct pci_dev *dev, enum pci_bar_type type, @@ -41449,7 +40608,7 @@ index 6186f03..1a78714 100644 /* No printks while decoding is disabled! */ if (!dev->mmio_always_on) { diff --git a/drivers/pci/proc.c b/drivers/pci/proc.c -index 9b8505c..f00870a 100644 +index 0b00947..64f7c0a 100644 --- a/drivers/pci/proc.c +++ b/drivers/pci/proc.c @@ -465,7 +465,16 @@ static const struct file_operations proc_bus_pci_dev_operations = { @@ -41470,35 +40629,35 @@ index 9b8505c..f00870a 100644 &proc_bus_pci_dev_operations); proc_initialized = 1; diff --git a/drivers/platform/x86/msi-laptop.c b/drivers/platform/x86/msi-laptop.c -index 2111dbb..79e434b 100644 +index 6b22938..bc9700e 100644 --- a/drivers/platform/x86/msi-laptop.c +++ b/drivers/platform/x86/msi-laptop.c -@@ -820,12 +820,14 @@ static int __init load_scm_model_init(struct platform_device *sdev) - int result; - - /* allow userland write sysfs file */ -- dev_attr_bluetooth.store = store_bluetooth; -- dev_attr_wlan.store = store_wlan; -- dev_attr_threeg.store = store_threeg; -- dev_attr_bluetooth.attr.mode |= S_IWUSR; -- dev_attr_wlan.attr.mode |= S_IWUSR; -- dev_attr_threeg.attr.mode |= S_IWUSR; -+ pax_open_kernel(); -+ *(void **)&dev_attr_bluetooth.store = store_bluetooth; -+ *(void **)&dev_attr_wlan.store = store_wlan; -+ *(void **)&dev_attr_threeg.store = store_threeg; -+ *(umode_t *)&dev_attr_bluetooth.attr.mode |= S_IWUSR; -+ *(umode_t *)&dev_attr_wlan.attr.mode |= S_IWUSR; -+ *(umode_t *)&dev_attr_threeg.attr.mode |= S_IWUSR; -+ pax_close_kernel(); +@@ -1000,12 +1000,14 @@ static int __init load_scm_model_init(struct platform_device *sdev) + + if (!quirks->ec_read_only) { + /* allow userland write sysfs file */ +- dev_attr_bluetooth.store = store_bluetooth; +- dev_attr_wlan.store = store_wlan; +- dev_attr_threeg.store = store_threeg; +- dev_attr_bluetooth.attr.mode |= S_IWUSR; +- dev_attr_wlan.attr.mode |= S_IWUSR; +- dev_attr_threeg.attr.mode |= S_IWUSR; ++ pax_open_kernel(); ++ *(void **)&dev_attr_bluetooth.store = store_bluetooth; ++ *(void **)&dev_attr_wlan.store = store_wlan; ++ *(void **)&dev_attr_threeg.store = store_threeg; ++ *(umode_t *)&dev_attr_bluetooth.attr.mode |= S_IWUSR; ++ *(umode_t *)&dev_attr_wlan.attr.mode |= S_IWUSR; ++ *(umode_t *)&dev_attr_threeg.attr.mode |= S_IWUSR; ++ pax_close_kernel(); + } /* disable hardware control by fn key */ - result = ec_read(MSI_STANDARD_EC_SCM_LOAD_ADDRESS, &data); diff --git a/drivers/platform/x86/sony-laptop.c b/drivers/platform/x86/sony-laptop.c -index 0fe987f..6f3d5c3 100644 +index 14d4dce..b129917 100644 --- a/drivers/platform/x86/sony-laptop.c +++ b/drivers/platform/x86/sony-laptop.c -@@ -2356,7 +2356,7 @@ static void sony_nc_lid_resume_cleanup(struct platform_device *pd) +@@ -2465,7 +2465,7 @@ static void sony_nc_gfx_switch_cleanup(struct platform_device *pd) } /* High speed charging function */ @@ -41508,10 +40667,10 @@ index 0fe987f..6f3d5c3 100644 static ssize_t sony_nc_highspeed_charging_store(struct device *dev, struct device_attribute *attr, diff --git a/drivers/platform/x86/thinkpad_acpi.c b/drivers/platform/x86/thinkpad_acpi.c -index f946ca7..f25c833 100644 +index edec135..59a24a3 100644 --- a/drivers/platform/x86/thinkpad_acpi.c +++ b/drivers/platform/x86/thinkpad_acpi.c -@@ -2097,7 +2097,7 @@ static int hotkey_mask_get(void) +@@ -2093,7 +2093,7 @@ static int hotkey_mask_get(void) return 0; } @@ -41520,7 +40679,7 @@ index f946ca7..f25c833 100644 { /* log only what the user can fix... */ const u32 wantedmask = hotkey_driver_mask & -@@ -2328,11 +2328,6 @@ static void hotkey_read_nvram(struct tp_nvram_state *n, const u32 m) +@@ -2324,11 +2324,6 @@ static void hotkey_read_nvram(struct tp_nvram_state *n, const u32 m) } } @@ -41532,7 +40691,7 @@ index f946ca7..f25c833 100644 #define TPACPI_COMPARE_KEY(__scancode, __member) \ do { \ if ((event_mask & (1 << __scancode)) && \ -@@ -2346,36 +2341,42 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn, +@@ -2342,36 +2337,42 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn, tpacpi_hotkey_send_key(__scancode); \ } while (0) @@ -41599,7 +40758,7 @@ index f946ca7..f25c833 100644 TPACPI_COMPARE_KEY(TP_ACPI_HOTKEYSCAN_THINKPAD, thinkpad_toggle); TPACPI_COMPARE_KEY(TP_ACPI_HOTKEYSCAN_FNSPACE, zoom_toggle); TPACPI_COMPARE_KEY(TP_ACPI_HOTKEYSCAN_FNF7, display_toggle); -@@ -2409,7 +2410,7 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn, +@@ -2405,7 +2406,7 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn, oldn->volume_level != newn->volume_level) { /* recently muted, or repeated mute keypress, or * multiple presses ending in mute */ @@ -41608,7 +40767,7 @@ index f946ca7..f25c833 100644 TPACPI_MAY_SEND_KEY(TP_ACPI_HOTKEYSCAN_MUTE); } } else { -@@ -2419,7 +2420,7 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn, +@@ -2415,7 +2416,7 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn, TPACPI_MAY_SEND_KEY(TP_ACPI_HOTKEYSCAN_VOLUMEUP); } if (oldn->volume_level != newn->volume_level) { @@ -41617,7 +40776,7 @@ index f946ca7..f25c833 100644 } else if (oldn->volume_toggle != newn->volume_toggle) { /* repeated vol up/down keypress at end of scale ? */ if (newn->volume_level == 0) -@@ -2432,7 +2433,8 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn, +@@ -2428,7 +2429,8 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn, /* handle brightness */ if (oldn->brightness_level != newn->brightness_level) { issue_brightnesschange(oldn->brightness_level, @@ -41627,7 +40786,7 @@ index f946ca7..f25c833 100644 } else if (oldn->brightness_toggle != newn->brightness_toggle) { /* repeated key presses that didn't change state */ if (newn->brightness_level == 0) -@@ -2441,10 +2443,10 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn, +@@ -2437,10 +2439,10 @@ static void hotkey_compare_and_issue_event(struct tp_nvram_state *oldn, && !tp_features.bright_unkfw) TPACPI_MAY_SEND_KEY(TP_ACPI_HOTKEYSCAN_FNHOME); } @@ -41766,7 +40925,7 @@ index cc439fd..8fa30df 100644 #endif /* CONFIG_SYSFS */ diff --git a/drivers/power/power_supply_core.c b/drivers/power/power_supply_core.c -index 8a7cfb3..72e6e9b 100644 +index 5deac43..608c5ff 100644 --- a/drivers/power/power_supply_core.c +++ b/drivers/power/power_supply_core.c @@ -24,7 +24,10 @@ @@ -41791,10 +40950,10 @@ index 8a7cfb3..72e6e9b 100644 return 0; } diff --git a/drivers/power/power_supply_sysfs.c b/drivers/power/power_supply_sysfs.c -index 40fa3b7..d9c2e0e 100644 +index 29178f7..c65f324 100644 --- a/drivers/power/power_supply_sysfs.c +++ b/drivers/power/power_supply_sysfs.c -@@ -229,17 +229,15 @@ static struct attribute_group power_supply_attr_group = { +@@ -230,17 +230,15 @@ static struct attribute_group power_supply_attr_group = { .is_visible = power_supply_attr_is_visible, }; @@ -41851,10 +41010,10 @@ index 9a8ea91..c483dd9 100644 max->enable_external_control = pdata->enable_ext_control; diff --git a/drivers/regulator/mc13892-regulator.c b/drivers/regulator/mc13892-regulator.c -index 0d84b1f..c2da6ac 100644 +index 9891aec..beb3083 100644 --- a/drivers/regulator/mc13892-regulator.c +++ b/drivers/regulator/mc13892-regulator.c -@@ -540,10 +540,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev) +@@ -583,10 +583,12 @@ static int mc13892_regulator_probe(struct platform_device *pdev) } mc13xxx_unlock(mc13892); @@ -41868,9 +41027,9 @@ index 0d84b1f..c2da6ac 100644 + pax_close_kernel(); mc13xxx_data = mc13xxx_parse_regulators_dt(pdev, mc13892_regulators, - ARRAY_SIZE(mc13892_regulators)); + ARRAY_SIZE(mc13892_regulators), diff --git a/drivers/rtc/rtc-cmos.c b/drivers/rtc/rtc-cmos.c -index 1c77423..2971d18 100644 +index cc5bea9..689f7d9 100644 --- a/drivers/rtc/rtc-cmos.c +++ b/drivers/rtc/rtc-cmos.c @@ -724,7 +724,9 @@ cmos_do_probe(struct device *dev, struct resource *ports, int rtc_irq) @@ -41885,10 +41044,10 @@ index 1c77423..2971d18 100644 if (retval < 0) { dev_dbg(dev, "can't create nvram file? %d\n", retval); diff --git a/drivers/rtc/rtc-dev.c b/drivers/rtc/rtc-dev.c -index 9a86b4b..3a383dc 100644 +index d049393..bb20be0 100644 --- a/drivers/rtc/rtc-dev.c +++ b/drivers/rtc/rtc-dev.c -@@ -14,6 +14,7 @@ +@@ -16,6 +16,7 @@ #include <linux/module.h> #include <linux/rtc.h> #include <linux/sched.h> @@ -41896,7 +41055,7 @@ index 9a86b4b..3a383dc 100644 #include "rtc-core.h" static dev_t rtc_devt; -@@ -345,6 +346,8 @@ static long rtc_dev_ioctl(struct file *file, +@@ -347,6 +348,8 @@ static long rtc_dev_ioctl(struct file *file, if (copy_from_user(&tm, uarg, sizeof(tm))) return -EFAULT; @@ -41906,7 +41065,7 @@ index 9a86b4b..3a383dc 100644 case RTC_PIE_ON: diff --git a/drivers/rtc/rtc-ds1307.c b/drivers/rtc/rtc-ds1307.c -index e0d0ba4..3c65868 100644 +index 970a236..3613169 100644 --- a/drivers/rtc/rtc-ds1307.c +++ b/drivers/rtc/rtc-ds1307.c @@ -106,7 +106,7 @@ struct ds1307 { @@ -41969,7 +41128,7 @@ index 23a90e7..9cf04ee 100644 /* * Queue element to wait for room in request queue. FIFO order is diff --git a/drivers/scsi/hosts.c b/drivers/scsi/hosts.c -index 593085a..47aa999 100644 +index df0c3c7..b00e1d0 100644 --- a/drivers/scsi/hosts.c +++ b/drivers/scsi/hosts.c @@ -42,7 +42,7 @@ @@ -41991,7 +41150,7 @@ index 593085a..47aa999 100644 /* These three are default values which can be overridden */ diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c -index 4f33806..afd6f60 100644 +index 7f4f790..b75b92a 100644 --- a/drivers/scsi/hpsa.c +++ b/drivers/scsi/hpsa.c @@ -554,7 +554,7 @@ static inline u32 next_command(struct ctlr_info *h, u8 q) @@ -42003,7 +41162,7 @@ index 4f33806..afd6f60 100644 if ((rq->head[rq->current_entry] & 1) == rq->wraparound) { a = rq->head[rq->current_entry]; -@@ -3374,7 +3374,7 @@ static void start_io(struct ctlr_info *h) +@@ -3422,7 +3422,7 @@ static void start_io(struct ctlr_info *h) while (!list_empty(&h->reqQ)) { c = list_entry(h->reqQ.next, struct CommandList, list); /* can't do anything if fifo is full */ @@ -42012,7 +41171,7 @@ index 4f33806..afd6f60 100644 dev_warn(&h->pdev->dev, "fifo full\n"); break; } -@@ -3396,7 +3396,7 @@ static void start_io(struct ctlr_info *h) +@@ -3444,7 +3444,7 @@ static void start_io(struct ctlr_info *h) /* Tell the controller execute command */ spin_unlock_irqrestore(&h->lock, flags); @@ -42021,7 +41180,7 @@ index 4f33806..afd6f60 100644 spin_lock_irqsave(&h->lock, flags); } spin_unlock_irqrestore(&h->lock, flags); -@@ -3404,17 +3404,17 @@ static void start_io(struct ctlr_info *h) +@@ -3452,17 +3452,17 @@ static void start_io(struct ctlr_info *h) static inline unsigned long get_next_completion(struct ctlr_info *h, u8 q) { @@ -42042,7 +41201,7 @@ index 4f33806..afd6f60 100644 (h->interrupts_enabled == 0); } -@@ -4316,7 +4316,7 @@ static int hpsa_pci_init(struct ctlr_info *h) +@@ -4364,7 +4364,7 @@ static int hpsa_pci_init(struct ctlr_info *h) if (prod_index < 0) return -ENODEV; h->product_name = products[prod_index].product_name; @@ -42051,7 +41210,7 @@ index 4f33806..afd6f60 100644 pci_disable_link_state(h->pdev, PCIE_LINK_STATE_L0S | PCIE_LINK_STATE_L1 | PCIE_LINK_STATE_CLKPM); -@@ -4598,7 +4598,7 @@ static void controller_lockup_detected(struct ctlr_info *h) +@@ -4646,7 +4646,7 @@ static void controller_lockup_detected(struct ctlr_info *h) assert_spin_locked(&lockup_detector_lock); remove_ctlr_from_lockup_detector_list(h); @@ -42060,7 +41219,7 @@ index 4f33806..afd6f60 100644 spin_lock_irqsave(&h->lock, flags); h->lockup_detected = readl(h->vaddr + SA5_SCRATCHPAD_OFFSET); spin_unlock_irqrestore(&h->lock, flags); -@@ -4775,7 +4775,7 @@ reinit_after_soft_reset: +@@ -4823,7 +4823,7 @@ reinit_after_soft_reset: } /* make sure the board interrupts are off */ @@ -42069,7 +41228,7 @@ index 4f33806..afd6f60 100644 if (hpsa_request_irq(h, do_hpsa_intr_msi, do_hpsa_intr_intx)) goto clean2; -@@ -4809,7 +4809,7 @@ reinit_after_soft_reset: +@@ -4857,7 +4857,7 @@ reinit_after_soft_reset: * fake ones to scoop up any residual completions. */ spin_lock_irqsave(&h->lock, flags); @@ -42078,7 +41237,7 @@ index 4f33806..afd6f60 100644 spin_unlock_irqrestore(&h->lock, flags); free_irqs(h); rc = hpsa_request_irq(h, hpsa_msix_discard_completions, -@@ -4828,9 +4828,9 @@ reinit_after_soft_reset: +@@ -4876,9 +4876,9 @@ reinit_after_soft_reset: dev_info(&h->pdev->dev, "Board READY.\n"); dev_info(&h->pdev->dev, "Waiting for stale completions to drain.\n"); @@ -42090,7 +41249,7 @@ index 4f33806..afd6f60 100644 rc = controller_reset_failed(h->cfgtable); if (rc) -@@ -4851,7 +4851,7 @@ reinit_after_soft_reset: +@@ -4899,7 +4899,7 @@ reinit_after_soft_reset: } /* Turn the interrupts on so we can service requests */ @@ -42099,7 +41258,7 @@ index 4f33806..afd6f60 100644 hpsa_hba_inquiry(h); hpsa_register_scsi(h); /* hook ourselves into SCSI subsystem */ -@@ -4903,7 +4903,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) +@@ -4954,7 +4954,7 @@ static void hpsa_shutdown(struct pci_dev *pdev) * To write all data in the battery backed cache to disks */ hpsa_flush_cache(h); @@ -42108,7 +41267,7 @@ index 4f33806..afd6f60 100644 hpsa_free_irqs_and_disable_msix(h); } -@@ -5071,7 +5071,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 use_short_tags) +@@ -5122,7 +5122,7 @@ static void hpsa_enter_performant_mode(struct ctlr_info *h, u32 use_short_tags) return; } /* Change the access methods to the performant access methods */ @@ -42289,7 +41448,7 @@ index bdb81cd..d3c7c2c 100644 .qc_issue = sas_ata_qc_issue, .qc_fill_rtf = sas_ata_qc_fill_rtf, diff --git a/drivers/scsi/lpfc/lpfc.h b/drivers/scsi/lpfc/lpfc.h -index df4c13a..a51e90c 100644 +index 7706c99..3b4fc0c 100644 --- a/drivers/scsi/lpfc/lpfc.h +++ b/drivers/scsi/lpfc/lpfc.h @@ -424,7 +424,7 @@ struct lpfc_vport { @@ -42301,7 +41460,7 @@ index df4c13a..a51e90c 100644 #endif uint8_t stat_data_enabled; uint8_t stat_data_blocked; -@@ -842,8 +842,8 @@ struct lpfc_hba { +@@ -853,8 +853,8 @@ struct lpfc_hba { struct timer_list fabric_block_timer; unsigned long bit_flags; #define FABRIC_COMANDS_BLOCKED 0 @@ -42312,7 +41471,7 @@ index df4c13a..a51e90c 100644 unsigned long last_rsrc_error_time; unsigned long last_ramp_down_time; unsigned long last_ramp_up_time; -@@ -879,7 +879,7 @@ struct lpfc_hba { +@@ -890,7 +890,7 @@ struct lpfc_hba { struct dentry *debug_slow_ring_trc; struct lpfc_debugfs_trc *slow_ring_trc; @@ -42405,10 +41564,10 @@ index f63f5ff..de29189 100644 snprintf(name, sizeof(name), "discovery_trace"); vport->debug_disc_trc = diff --git a/drivers/scsi/lpfc/lpfc_init.c b/drivers/scsi/lpfc/lpfc_init.c -index 89ad558..76956c4 100644 +index 314b4f6..7005d10 100644 --- a/drivers/scsi/lpfc/lpfc_init.c +++ b/drivers/scsi/lpfc/lpfc_init.c -@@ -10618,8 +10618,10 @@ lpfc_init(void) +@@ -10551,8 +10551,10 @@ lpfc_init(void) "misc_register returned with status %d", error); if (lpfc_enable_npiv) { @@ -42422,10 +41581,10 @@ index 89ad558..76956c4 100644 lpfc_transport_template = fc_attach_transport(&lpfc_transport_functions); diff --git a/drivers/scsi/lpfc/lpfc_scsi.c b/drivers/scsi/lpfc/lpfc_scsi.c -index 60e5a17..ff7a793 100644 +index 98af07c..7625fb5 100644 --- a/drivers/scsi/lpfc/lpfc_scsi.c +++ b/drivers/scsi/lpfc/lpfc_scsi.c -@@ -305,7 +305,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba) +@@ -325,7 +325,7 @@ lpfc_rampdown_queue_depth(struct lpfc_hba *phba) uint32_t evt_posted; spin_lock_irqsave(&phba->hbalock, flags); @@ -42434,7 +41593,7 @@ index 60e5a17..ff7a793 100644 phba->last_rsrc_error_time = jiffies; if ((phba->last_ramp_down_time + QUEUE_RAMP_DOWN_INTERVAL) > jiffies) { -@@ -346,7 +346,7 @@ lpfc_rampup_queue_depth(struct lpfc_vport *vport, +@@ -366,7 +366,7 @@ lpfc_rampup_queue_depth(struct lpfc_vport *vport, unsigned long flags; struct lpfc_hba *phba = vport->phba; uint32_t evt_posted; @@ -42443,7 +41602,7 @@ index 60e5a17..ff7a793 100644 if (vport->cfg_lun_queue_depth <= queue_depth) return; -@@ -390,8 +390,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) +@@ -410,8 +410,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) unsigned long num_rsrc_err, num_cmd_success; int i; @@ -42454,7 +41613,7 @@ index 60e5a17..ff7a793 100644 /* * The error and success command counters are global per -@@ -419,8 +419,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) +@@ -439,8 +439,8 @@ lpfc_ramp_down_queue_handler(struct lpfc_hba *phba) } } lpfc_destroy_vport_work_array(phba, vports); @@ -42465,7 +41624,7 @@ index 60e5a17..ff7a793 100644 } /** -@@ -454,8 +454,8 @@ lpfc_ramp_up_queue_handler(struct lpfc_hba *phba) +@@ -474,8 +474,8 @@ lpfc_ramp_up_queue_handler(struct lpfc_hba *phba) } } lpfc_destroy_vport_work_array(phba, vports); @@ -42584,10 +41743,10 @@ index e1d150f..6c6df44 100644 /* To indicate add/delete/modify during CCN */ u8 change_detected; diff --git a/drivers/scsi/qla2xxx/qla_attr.c b/drivers/scsi/qla2xxx/qla_attr.c -index 83d7984..a27d947 100644 +index b3db9dc..c3b1756 100644 --- a/drivers/scsi/qla2xxx/qla_attr.c +++ b/drivers/scsi/qla2xxx/qla_attr.c -@@ -1969,7 +1969,7 @@ qla24xx_vport_disable(struct fc_vport *fc_vport, bool disable) +@@ -1971,7 +1971,7 @@ qla24xx_vport_disable(struct fc_vport *fc_vport, bool disable) return 0; } @@ -42596,7 +41755,7 @@ index 83d7984..a27d947 100644 .show_host_node_name = 1, .show_host_port_name = 1, -@@ -2016,7 +2016,7 @@ struct fc_function_template qla2xxx_transport_functions = { +@@ -2018,7 +2018,7 @@ struct fc_function_template qla2xxx_transport_functions = { .bsg_timeout = qla24xx_bsg_timeout, }; @@ -42606,10 +41765,10 @@ index 83d7984..a27d947 100644 .show_host_node_name = 1, .show_host_port_name = 1, diff --git a/drivers/scsi/qla2xxx/qla_gbl.h b/drivers/scsi/qla2xxx/qla_gbl.h -index 2411d1a..4673766 100644 +index b310fa9..b9b3944 100644 --- a/drivers/scsi/qla2xxx/qla_gbl.h +++ b/drivers/scsi/qla2xxx/qla_gbl.h -@@ -515,8 +515,8 @@ extern void qla2x00_get_sym_node_name(scsi_qla_host_t *, uint8_t *); +@@ -523,8 +523,8 @@ extern void qla2x00_get_sym_node_name(scsi_qla_host_t *, uint8_t *); struct device_attribute; extern struct device_attribute *qla2x00_host_attrs[]; struct fc_function_template; @@ -42621,10 +41780,10 @@ index 2411d1a..4673766 100644 extern void qla2x00_free_sysfs_attr(scsi_qla_host_t *); extern void qla2x00_init_host_attr(scsi_qla_host_t *); diff --git a/drivers/scsi/qla2xxx/qla_os.c b/drivers/scsi/qla2xxx/qla_os.c -index 10d23f8..a7d5d4c 100644 +index 2c6dd3d..e5ecd82 100644 --- a/drivers/scsi/qla2xxx/qla_os.c +++ b/drivers/scsi/qla2xxx/qla_os.c -@@ -1472,8 +1472,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha) +@@ -1554,8 +1554,10 @@ qla2x00_config_dma_addressing(struct qla_hw_data *ha) !pci_set_consistent_dma_mask(ha->pdev, DMA_BIT_MASK(64))) { /* Ok, a 64bit DMA mask is applicable. */ ha->flags.enable_64bit_addressing = 1; @@ -42638,10 +41797,10 @@ index 10d23f8..a7d5d4c 100644 } } diff --git a/drivers/scsi/qla4xxx/ql4_def.h b/drivers/scsi/qla4xxx/ql4_def.h -index 329d553..f20d31d 100644 +index 129f5dd..ade53e8 100644 --- a/drivers/scsi/qla4xxx/ql4_def.h +++ b/drivers/scsi/qla4xxx/ql4_def.h -@@ -273,7 +273,7 @@ struct ddb_entry { +@@ -275,7 +275,7 @@ struct ddb_entry { * (4000 only) */ atomic_t relogin_timer; /* Max Time to wait for * relogin to complete */ @@ -42651,10 +41810,10 @@ index 329d553..f20d31d 100644 uint32_t default_time2wait; /* Default Min time between * relogins (+aens) */ diff --git a/drivers/scsi/qla4xxx/ql4_os.c b/drivers/scsi/qla4xxx/ql4_os.c -index 4cec123..7c1329f 100644 +index 6142729..b6a85c9 100644 --- a/drivers/scsi/qla4xxx/ql4_os.c +++ b/drivers/scsi/qla4xxx/ql4_os.c -@@ -2621,12 +2621,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess) +@@ -2622,12 +2622,12 @@ static void qla4xxx_check_relogin_flash_ddb(struct iscsi_cls_session *cls_sess) */ if (!iscsi_is_session_online(cls_sess)) { /* Reset retry relogin timer */ @@ -42669,7 +41828,7 @@ index 4cec123..7c1329f 100644 ddb_entry->default_time2wait + 4)); set_bit(DPC_RELOGIN_DEVICE, &ha->dpc_flags); atomic_set(&ddb_entry->retry_relogin_timer, -@@ -4738,7 +4738,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha, +@@ -4742,7 +4742,7 @@ static void qla4xxx_setup_flash_ddb_entry(struct scsi_qla_host *ha, atomic_set(&ddb_entry->retry_relogin_timer, INVALID_ENTRY); atomic_set(&ddb_entry->relogin_timer, 0); @@ -42692,10 +41851,10 @@ index 2c0d0ec..4e8681a 100644 /* check if the device is still usable */ if (unlikely(cmd->device->sdev_state == SDEV_DEL)) { diff --git a/drivers/scsi/scsi_lib.c b/drivers/scsi/scsi_lib.c -index f1bf5af..f67e943 100644 +index c31187d..0ead8c3 100644 --- a/drivers/scsi/scsi_lib.c +++ b/drivers/scsi/scsi_lib.c -@@ -1454,7 +1454,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) +@@ -1459,7 +1459,7 @@ static void scsi_kill_request(struct request *req, struct request_queue *q) shost = sdev->host; scsi_init_cmd_errh(cmd); cmd->result = DID_NO_CONNECT << 16; @@ -42704,7 +41863,7 @@ index f1bf5af..f67e943 100644 /* * SCSI request completion path will do scsi_device_unbusy(), -@@ -1480,9 +1480,9 @@ static void scsi_softirq_done(struct request *rq) +@@ -1485,9 +1485,9 @@ static void scsi_softirq_done(struct request *rq) INIT_LIST_HEAD(&cmd->eh_entry); @@ -42783,7 +41942,7 @@ index e894ca7..de9d7660 100644 /* * Check for overflow; dev_loss_tmo is u32 diff --git a/drivers/scsi/scsi_transport_iscsi.c b/drivers/scsi/scsi_transport_iscsi.c -index 31969f2..2b348f0 100644 +index 0a74b97..fa8d648 100644 --- a/drivers/scsi/scsi_transport_iscsi.c +++ b/drivers/scsi/scsi_transport_iscsi.c @@ -79,7 +79,7 @@ struct iscsi_internal { @@ -42804,7 +41963,7 @@ index 31969f2..2b348f0 100644 if (target_id == ISCSI_MAX_TARGET) { id = ida_simple_get(&iscsi_sess_ida, 0, 0, GFP_KERNEL); -@@ -2943,7 +2943,7 @@ static __init int iscsi_transport_init(void) +@@ -2955,7 +2955,7 @@ static __init int iscsi_transport_init(void) printk(KERN_INFO "Loading iSCSI transport class v%s.\n", ISCSI_TRANSPORT_VERSION); @@ -42858,7 +42017,7 @@ index 7992635..609faf8 100644 if (!sdp->request_queue->rq_timeout) { if (sdp->type != TYPE_MOD) diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c -index be2c9a6..275525c 100644 +index 9f0c465..47194ee 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c @@ -1101,7 +1101,7 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg) @@ -42871,10 +42030,10 @@ index be2c9a6..275525c 100644 return blk_trace_startstop(sdp->device->request_queue, 1); case BLKTRACESTOP: diff --git a/drivers/spi/spi.c b/drivers/spi/spi.c -index 19ee901..6e8c2ef 100644 +index 004b10f..7c98d51 100644 --- a/drivers/spi/spi.c +++ b/drivers/spi/spi.c -@@ -1616,7 +1616,7 @@ int spi_bus_unlock(struct spi_master *master) +@@ -1620,7 +1620,7 @@ int spi_bus_unlock(struct spi_master *master) EXPORT_SYMBOL_GPL(spi_bus_unlock); /* portable code must never pass more than 32 bytes */ @@ -42884,12 +42043,12 @@ index 19ee901..6e8c2ef 100644 static u8 *buf; diff --git a/drivers/staging/iio/iio_hwmon.c b/drivers/staging/iio/iio_hwmon.c -index c7a5f97..71ecd35 100644 +index 93af756..a4bc5bf 100644 --- a/drivers/staging/iio/iio_hwmon.c +++ b/drivers/staging/iio/iio_hwmon.c -@@ -72,7 +72,7 @@ static void iio_hwmon_free_attrs(struct iio_hwmon_state *st) - static int iio_hwmon_probe(struct platform_device *pdev) +@@ -67,7 +67,7 @@ static int iio_hwmon_probe(struct platform_device *pdev) { + struct device *dev = &pdev->dev; struct iio_hwmon_state *st; - struct sensor_device_attribute *a; + sensor_device_attribute_no_const *a; @@ -42929,7 +42088,7 @@ index 34afc16..ffe44dd 100644 dev_kfree_skb_irq(skb); } diff --git a/drivers/staging/octeon/ethernet.c b/drivers/staging/octeon/ethernet.c -index ef32dc1..a159d68 100644 +index c3a90e7..023619a 100644 --- a/drivers/staging/octeon/ethernet.c +++ b/drivers/staging/octeon/ethernet.c @@ -252,11 +252,11 @@ static struct net_device_stats *cvm_oct_common_get_stats(struct net_device *dev) @@ -42948,227 +42107,6 @@ index ef32dc1..a159d68 100644 #endif } -diff --git a/drivers/staging/ramster/tmem.c b/drivers/staging/ramster/tmem.c -index a2b7e03..aaf3630 100644 ---- a/drivers/staging/ramster/tmem.c -+++ b/drivers/staging/ramster/tmem.c -@@ -50,25 +50,25 @@ - * A tmem host implementation must use this function to register callbacks - * for memory allocation. - */ --static struct tmem_hostops tmem_hostops; -+static struct tmem_hostops *tmem_hostops; - - static void tmem_objnode_tree_init(void); - - void tmem_register_hostops(struct tmem_hostops *m) - { - tmem_objnode_tree_init(); -- tmem_hostops = *m; -+ tmem_hostops = m; - } - - /* - * A tmem host implementation must use this function to register - * callbacks for a page-accessible memory (PAM) implementation. - */ --static struct tmem_pamops tmem_pamops; -+static struct tmem_pamops *tmem_pamops; - - void tmem_register_pamops(struct tmem_pamops *m) - { -- tmem_pamops = *m; -+ tmem_pamops = m; - } - - /* -@@ -174,7 +174,7 @@ static void tmem_obj_init(struct tmem_obj *obj, struct tmem_hashbucket *hb, - obj->pampd_count = 0; - #ifdef CONFIG_RAMSTER - if (tmem_pamops.new_obj != NULL) -- (*tmem_pamops.new_obj)(obj); -+ (tmem_pamops->new_obj)(obj); - #endif - SET_SENTINEL(obj, OBJ); - -@@ -210,7 +210,7 @@ static void tmem_pool_flush(struct tmem_pool *pool, bool destroy) - rbnode = rb_next(rbnode); - tmem_pampd_destroy_all_in_obj(obj, true); - tmem_obj_free(obj, hb); -- (*tmem_hostops.obj_free)(obj, pool); -+ (tmem_hostops->obj_free)(obj, pool); - } - spin_unlock(&hb->lock); - } -@@ -261,7 +261,7 @@ static struct tmem_objnode *tmem_objnode_alloc(struct tmem_obj *obj) - ASSERT_SENTINEL(obj, OBJ); - BUG_ON(obj->pool == NULL); - ASSERT_SENTINEL(obj->pool, POOL); -- objnode = (*tmem_hostops.objnode_alloc)(obj->pool); -+ objnode = (tmem_hostops->objnode_alloc)(obj->pool); - if (unlikely(objnode == NULL)) - goto out; - objnode->obj = obj; -@@ -290,7 +290,7 @@ static void tmem_objnode_free(struct tmem_objnode *objnode) - ASSERT_SENTINEL(pool, POOL); - objnode->obj->objnode_count--; - objnode->obj = NULL; -- (*tmem_hostops.objnode_free)(objnode, pool); -+ (tmem_hostops->objnode_free)(objnode, pool); - } - - /* -@@ -348,7 +348,7 @@ static void *tmem_pampd_replace_in_obj(struct tmem_obj *obj, uint32_t index, - void *old_pampd = *(void **)slot; - *(void **)slot = new_pampd; - if (!no_free) -- (*tmem_pamops.free)(old_pampd, obj->pool, -+ (tmem_pamops->free)(old_pampd, obj->pool, - NULL, 0, false); - ret = new_pampd; - } -@@ -505,7 +505,7 @@ static void tmem_objnode_node_destroy(struct tmem_obj *obj, - if (objnode->slots[i]) { - if (ht == 1) { - obj->pampd_count--; -- (*tmem_pamops.free)(objnode->slots[i], -+ (tmem_pamops->free)(objnode->slots[i], - obj->pool, NULL, 0, true); - objnode->slots[i] = NULL; - continue; -@@ -524,7 +524,7 @@ static void tmem_pampd_destroy_all_in_obj(struct tmem_obj *obj, - return; - if (obj->objnode_tree_height == 0) { - obj->pampd_count--; -- (*tmem_pamops.free)(obj->objnode_tree_root, -+ (tmem_pamops->free)(obj->objnode_tree_root, - obj->pool, NULL, 0, true); - } else { - tmem_objnode_node_destroy(obj, obj->objnode_tree_root, -@@ -535,7 +535,7 @@ static void tmem_pampd_destroy_all_in_obj(struct tmem_obj *obj, - obj->objnode_tree_root = NULL; - #ifdef CONFIG_RAMSTER - if (tmem_pamops.free_obj != NULL) -- (*tmem_pamops.free_obj)(obj->pool, obj, pool_destroy); -+ (tmem_pamops->free_obj)(obj->pool, obj, pool_destroy); - #endif - } - -@@ -574,7 +574,7 @@ int tmem_put(struct tmem_pool *pool, struct tmem_oid *oidp, uint32_t index, - /* if found, is a dup put, flush the old one */ - pampd_del = tmem_pampd_delete_from_obj(obj, index); - BUG_ON(pampd_del != pampd); -- (*tmem_pamops.free)(pampd, pool, oidp, index, true); -+ (tmem_pamops->free)(pampd, pool, oidp, index, true); - if (obj->pampd_count == 0) { - objnew = obj; - objfound = NULL; -@@ -582,7 +582,7 @@ int tmem_put(struct tmem_pool *pool, struct tmem_oid *oidp, uint32_t index, - pampd = NULL; - } - } else { -- obj = objnew = (*tmem_hostops.obj_alloc)(pool); -+ obj = objnew = (tmem_hostops->obj_alloc)(pool); - if (unlikely(obj == NULL)) { - ret = -ENOMEM; - goto out; -@@ -597,16 +597,16 @@ int tmem_put(struct tmem_pool *pool, struct tmem_oid *oidp, uint32_t index, - if (unlikely(ret == -ENOMEM)) - /* may have partially built objnode tree ("stump") */ - goto delete_and_free; -- (*tmem_pamops.create_finish)(pampd, is_ephemeral(pool)); -+ (tmem_pamops->create_finish)(pampd, is_ephemeral(pool)); - goto out; - - delete_and_free: - (void)tmem_pampd_delete_from_obj(obj, index); - if (pampd) -- (*tmem_pamops.free)(pampd, pool, NULL, 0, true); -+ (tmem_pamops->free)(pampd, pool, NULL, 0, true); - if (objnew) { - tmem_obj_free(objnew, hb); -- (*tmem_hostops.obj_free)(objnew, pool); -+ (tmem_hostops->obj_free)(objnew, pool); - } - out: - spin_unlock(&hb->lock); -@@ -651,7 +651,7 @@ void tmem_localify_finish(struct tmem_obj *obj, uint32_t index, - if (pampd != NULL) { - BUG_ON(obj == NULL); - (void)tmem_pampd_replace_in_obj(obj, index, pampd, 1); -- (*tmem_pamops.create_finish)(pampd, is_ephemeral(obj->pool)); -+ (tmem_pamops->create_finish)(pampd, is_ephemeral(obj->pool)); - } else if (delete) { - BUG_ON(obj == NULL); - (void)tmem_pampd_delete_from_obj(obj, index); -@@ -671,7 +671,7 @@ static int tmem_repatriate(void **ppampd, struct tmem_hashbucket *hb, - int ret = 0; - - if (!is_ephemeral(pool)) -- new_pampd = (*tmem_pamops.repatriate_preload)( -+ new_pampd = (tmem_pamops->repatriate_preload)( - old_pampd, pool, oidp, index, &intransit); - if (intransit) - ret = -EAGAIN; -@@ -680,7 +680,7 @@ static int tmem_repatriate(void **ppampd, struct tmem_hashbucket *hb, - /* must release the hb->lock else repatriate can't sleep */ - spin_unlock(&hb->lock); - if (!intransit) -- ret = (*tmem_pamops.repatriate)(old_pampd, new_pampd, pool, -+ ret = (tmem_pamops->repatriate)(old_pampd, new_pampd, pool, - oidp, index, free, data); - if (ret == -EAGAIN) { - /* rare I think, but should cond_resched()??? */ -@@ -714,7 +714,7 @@ int tmem_replace(struct tmem_pool *pool, struct tmem_oid *oidp, - new_pampd = tmem_pampd_replace_in_obj(obj, index, new_pampd, 0); - /* if we bug here, pamops wasn't properly set up for ramster */ - BUG_ON(tmem_pamops.replace_in_obj == NULL); -- ret = (*tmem_pamops.replace_in_obj)(new_pampd, obj); -+ ret = (tmem_pamops->replace_in_obj)(new_pampd, obj); - out: - spin_unlock(&hb->lock); - return ret; -@@ -776,15 +776,15 @@ int tmem_get(struct tmem_pool *pool, struct tmem_oid *oidp, uint32_t index, - if (free) { - if (obj->pampd_count == 0) { - tmem_obj_free(obj, hb); -- (*tmem_hostops.obj_free)(obj, pool); -+ (tmem_hostops->obj_free)(obj, pool); - obj = NULL; - } - } - if (free) -- ret = (*tmem_pamops.get_data_and_free)( -+ ret = (tmem_pamops->get_data_and_free)( - data, sizep, raw, pampd, pool, oidp, index); - else -- ret = (*tmem_pamops.get_data)( -+ ret = (tmem_pamops->get_data)( - data, sizep, raw, pampd, pool, oidp, index); - if (ret < 0) - goto out; -@@ -816,10 +816,10 @@ int tmem_flush_page(struct tmem_pool *pool, - pampd = tmem_pampd_delete_from_obj(obj, index); - if (pampd == NULL) - goto out; -- (*tmem_pamops.free)(pampd, pool, oidp, index, true); -+ (tmem_pamops->free)(pampd, pool, oidp, index, true); - if (obj->pampd_count == 0) { - tmem_obj_free(obj, hb); -- (*tmem_hostops.obj_free)(obj, pool); -+ (tmem_hostops->obj_free)(obj, pool); - } - ret = 0; - -@@ -844,7 +844,7 @@ int tmem_flush_object(struct tmem_pool *pool, struct tmem_oid *oidp) - goto out; - tmem_pampd_destroy_all_in_obj(obj, false); - tmem_obj_free(obj, hb); -- (*tmem_hostops.obj_free)(obj, pool); -+ (tmem_hostops->obj_free)(obj, pool); - ret = 0; - - out: diff --git a/drivers/staging/rtl8712/rtl871x_io.h b/drivers/staging/rtl8712/rtl871x_io.h index dc23395..cf7e9b1 100644 --- a/drivers/staging/rtl8712/rtl871x_io.h @@ -43209,19 +42147,19 @@ index 5dddc4d..34fcb2f 100644 /* * NOTE: diff --git a/drivers/staging/usbip/vhci_hcd.c b/drivers/staging/usbip/vhci_hcd.c -index c3aa219..bf8b3de 100644 +index f1ca084..7b5c0c3 100644 --- a/drivers/staging/usbip/vhci_hcd.c +++ b/drivers/staging/usbip/vhci_hcd.c -@@ -451,7 +451,7 @@ static void vhci_tx_urb(struct urb *urb) - return; - } +@@ -441,7 +441,7 @@ static void vhci_tx_urb(struct urb *urb) + + spin_lock(&vdev->priv_lock); - priv->seqnum = atomic_inc_return(&the_controller->seqnum); + priv->seqnum = atomic_inc_return_unchecked(&the_controller->seqnum); if (priv->seqnum == 0xffff) dev_info(&urb->dev->dev, "seqnum max\n"); -@@ -703,7 +703,7 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) +@@ -687,7 +687,7 @@ static int vhci_urb_dequeue(struct usb_hcd *hcd, struct urb *urb, int status) return -ENOMEM; } @@ -43230,7 +42168,7 @@ index c3aa219..bf8b3de 100644 if (unlink->seqnum == 0xffff) pr_info("seqnum max\n"); -@@ -907,7 +907,7 @@ static int vhci_start(struct usb_hcd *hcd) +@@ -891,7 +891,7 @@ static int vhci_start(struct usb_hcd *hcd) vdev->rhport = rhport; } @@ -43240,10 +42178,10 @@ index c3aa219..bf8b3de 100644 hcd->power_budget = 0; /* no limit */ diff --git a/drivers/staging/usbip/vhci_rx.c b/drivers/staging/usbip/vhci_rx.c -index ba5f1c0..11d8122 100644 +index faf8e60..c46f8ab 100644 --- a/drivers/staging/usbip/vhci_rx.c +++ b/drivers/staging/usbip/vhci_rx.c -@@ -77,7 +77,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, +@@ -76,7 +76,7 @@ static void vhci_recv_ret_submit(struct vhci_device *vdev, if (!urb) { pr_err("cannot find a urb of seqnum %u\n", pdu->base.seqnum); pr_info("max seqnum %d\n", @@ -43283,7 +42221,7 @@ index 5f13890..36a044b 100644 pDevice->apdev->type = ARPHRD_IEEE80211; diff --git a/drivers/staging/vt6656/hostap.c b/drivers/staging/vt6656/hostap.c -index 26a7d0e..897b083 100644 +index bc5e9da..dacd556 100644 --- a/drivers/staging/vt6656/hostap.c +++ b/drivers/staging/vt6656/hostap.c @@ -60,14 +60,13 @@ static int msglevel =MSG_LEVEL_INFO; @@ -43292,18 +42230,18 @@ index 26a7d0e..897b083 100644 +static net_device_ops_no_const apdev_netdev_ops; + - static int hostap_enable_hostapd(PSDevice pDevice, int rtnl_locked) + static int hostap_enable_hostapd(struct vnt_private *pDevice, int rtnl_locked) { - PSDevice apdev_priv; + struct vnt_private *apdev_priv; struct net_device *dev = pDevice->dev; int ret; - const struct net_device_ops apdev_netdev_ops = { -- .ndo_start_xmit = pDevice->tx_80211, +- .ndo_start_xmit = pDevice->tx_80211, - }; DBG_PRT(MSG_LEVEL_DEBUG, KERN_INFO "%s: Enabling hostapd mode\n", dev->name); -@@ -79,6 +78,8 @@ static int hostap_enable_hostapd(PSDevice pDevice, int rtnl_locked) +@@ -79,6 +78,8 @@ static int hostap_enable_hostapd(struct vnt_private *pDevice, int rtnl_locked) *apdev_priv = *pDevice; memcpy(pDevice->apdev->dev_addr, dev->dev_addr, ETH_ALEN); @@ -43313,10 +42251,10 @@ index 26a7d0e..897b083 100644 pDevice->apdev->type = ARPHRD_IEEE80211; diff --git a/drivers/staging/zcache/tmem.c b/drivers/staging/zcache/tmem.c -index 56c8e60..1920c63 100644 +index a2b7e03..9ff4bbd 100644 --- a/drivers/staging/zcache/tmem.c +++ b/drivers/staging/zcache/tmem.c -@@ -39,7 +39,7 @@ +@@ -50,7 +50,7 @@ * A tmem host implementation must use this function to register callbacks * for memory allocation. */ @@ -43325,9 +42263,9 @@ index 56c8e60..1920c63 100644 static void tmem_objnode_tree_init(void); -@@ -53,7 +53,7 @@ void tmem_register_hostops(struct tmem_hostops *m) +@@ -64,7 +64,7 @@ void tmem_register_hostops(struct tmem_hostops *m) * A tmem host implementation must use this function to register - * callbacks for a page-accessible memory (PAM) implementation + * callbacks for a page-accessible memory (PAM) implementation. */ -static struct tmem_pamops tmem_pamops; +static tmem_pamops_no_const tmem_pamops; @@ -43335,18 +42273,18 @@ index 56c8e60..1920c63 100644 void tmem_register_pamops(struct tmem_pamops *m) { diff --git a/drivers/staging/zcache/tmem.h b/drivers/staging/zcache/tmem.h -index 0d4aa82..f7832d4 100644 +index adbe5a8..d387359 100644 --- a/drivers/staging/zcache/tmem.h +++ b/drivers/staging/zcache/tmem.h -@@ -180,6 +180,7 @@ struct tmem_pamops { - void (*new_obj)(struct tmem_obj *); +@@ -226,6 +226,7 @@ struct tmem_pamops { int (*replace_in_obj)(void *, struct tmem_obj *); + #endif }; +typedef struct tmem_pamops __no_const tmem_pamops_no_const; extern void tmem_register_pamops(struct tmem_pamops *m); /* memory allocation methods provided by the host implementation */ -@@ -189,6 +190,7 @@ struct tmem_hostops { +@@ -235,6 +236,7 @@ struct tmem_hostops { struct tmem_objnode *(*objnode_alloc)(struct tmem_pool *); void (*objnode_free)(struct tmem_objnode *, struct tmem_pool *); }; @@ -43355,10 +42293,10 @@ index 0d4aa82..f7832d4 100644 /* core tmem accessor functions */ diff --git a/drivers/target/target_core_device.c b/drivers/target/target_core_device.c -index 96f4981..4daaa7e 100644 +index 2e4d655..fd72e68 100644 --- a/drivers/target/target_core_device.c +++ b/drivers/target/target_core_device.c -@@ -1370,7 +1370,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) +@@ -1414,7 +1414,7 @@ struct se_device *target_alloc_device(struct se_hba *hba, const char *name) spin_lock_init(&dev->se_port_lock); spin_lock_init(&dev->se_tmr_lock); spin_lock_init(&dev->qf_cmd_lock); @@ -43368,10 +42306,10 @@ index 96f4981..4daaa7e 100644 spin_lock_init(&dev->t10_wwn.t10_vpd_lock); INIT_LIST_HEAD(&dev->t10_pr.registration_list); diff --git a/drivers/target/target_core_transport.c b/drivers/target/target_core_transport.c -index fcf880f..a4d1e8f 100644 +index 3243ea7..4f19a6e 100644 --- a/drivers/target/target_core_transport.c +++ b/drivers/target/target_core_transport.c -@@ -1077,7 +1077,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) +@@ -1080,7 +1080,7 @@ transport_check_alloc_task_attr(struct se_cmd *cmd) * Used to determine when ORDERED commands should go from * Dormant to Active status. */ @@ -43381,10 +42319,10 @@ index fcf880f..a4d1e8f 100644 pr_debug("Allocated se_ordered_id: %u for Task Attr: 0x%02x on %s\n", cmd->se_ordered_id, cmd->sam_task_attr, diff --git a/drivers/tty/cyclades.c b/drivers/tty/cyclades.c -index b09c8d1f..c4225c0 100644 +index 345bd0e..61d5375 100644 --- a/drivers/tty/cyclades.c +++ b/drivers/tty/cyclades.c -@@ -1589,10 +1589,10 @@ static int cy_open(struct tty_struct *tty, struct file *filp) +@@ -1576,10 +1576,10 @@ static int cy_open(struct tty_struct *tty, struct file *filp) printk(KERN_DEBUG "cyc:cy_open ttyC%d, count = %d\n", info->line, info->port.count); #endif @@ -43397,7 +42335,7 @@ index b09c8d1f..c4225c0 100644 #endif /* -@@ -3991,7 +3991,7 @@ static int cyclades_proc_show(struct seq_file *m, void *v) +@@ -3978,7 +3978,7 @@ static int cyclades_proc_show(struct seq_file *m, void *v) for (j = 0; j < cy_card[i].nports; j++) { info = &cy_card[i].ports[j]; @@ -43407,7 +42345,7 @@ index b09c8d1f..c4225c0 100644 struct tty_struct *tty; struct tty_ldisc *ld; diff --git a/drivers/tty/hvc/hvc_console.c b/drivers/tty/hvc/hvc_console.c -index 13ee53b..418d164 100644 +index eb255e8..f637a57 100644 --- a/drivers/tty/hvc/hvc_console.c +++ b/drivers/tty/hvc/hvc_console.c @@ -338,7 +338,7 @@ static int hvc_open(struct tty_struct *tty, struct file * filp) @@ -43465,7 +42403,7 @@ index 13ee53b..418d164 100644 spin_lock_irqsave(&hp->lock, flags); diff --git a/drivers/tty/hvc/hvcs.c b/drivers/tty/hvc/hvcs.c -index 8776357..b2d4afd 100644 +index 81e939e..95ead10 100644 --- a/drivers/tty/hvc/hvcs.c +++ b/drivers/tty/hvc/hvcs.c @@ -83,6 +83,7 @@ @@ -43485,7 +42423,7 @@ index 8776357..b2d4afd 100644 spin_unlock_irqrestore(&hvcsd->lock, flags); printk(KERN_INFO "HVCS: vterm state unchanged. " "The hvcs device node is still in use.\n"); -@@ -1132,7 +1133,7 @@ static int hvcs_install(struct tty_driver *driver, struct tty_struct *tty) +@@ -1127,7 +1128,7 @@ static int hvcs_install(struct tty_driver *driver, struct tty_struct *tty) } } @@ -43494,7 +42432,7 @@ index 8776357..b2d4afd 100644 hvcsd->port.tty = tty; tty->driver_data = hvcsd; -@@ -1185,7 +1186,7 @@ static int hvcs_open(struct tty_struct *tty, struct file *filp) +@@ -1180,7 +1181,7 @@ static int hvcs_open(struct tty_struct *tty, struct file *filp) unsigned long flags; spin_lock_irqsave(&hvcsd->lock, flags); @@ -43503,7 +42441,7 @@ index 8776357..b2d4afd 100644 hvcsd->todo_mask |= HVCS_SCHED_READ; spin_unlock_irqrestore(&hvcsd->lock, flags); -@@ -1221,7 +1222,7 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp) +@@ -1216,7 +1217,7 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp) hvcsd = tty->driver_data; spin_lock_irqsave(&hvcsd->lock, flags); @@ -43512,7 +42450,7 @@ index 8776357..b2d4afd 100644 vio_disable_interrupts(hvcsd->vdev); -@@ -1246,10 +1247,10 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp) +@@ -1241,10 +1242,10 @@ static void hvcs_close(struct tty_struct *tty, struct file *filp) free_irq(irq, hvcsd); return; @@ -43525,7 +42463,7 @@ index 8776357..b2d4afd 100644 } spin_unlock_irqrestore(&hvcsd->lock, flags); -@@ -1271,7 +1272,7 @@ static void hvcs_hangup(struct tty_struct * tty) +@@ -1266,7 +1267,7 @@ static void hvcs_hangup(struct tty_struct * tty) spin_lock_irqsave(&hvcsd->lock, flags); /* Preserve this so that we know how many kref refs to put */ @@ -43534,7 +42472,7 @@ index 8776357..b2d4afd 100644 /* * Don't kref put inside the spinlock because the destruction -@@ -1286,7 +1287,7 @@ static void hvcs_hangup(struct tty_struct * tty) +@@ -1281,7 +1282,7 @@ static void hvcs_hangup(struct tty_struct * tty) tty->driver_data = NULL; hvcsd->port.tty = NULL; @@ -43543,7 +42481,7 @@ index 8776357..b2d4afd 100644 /* This will drop any buffered data on the floor which is OK in a hangup * scenario. */ -@@ -1357,7 +1358,7 @@ static int hvcs_write(struct tty_struct *tty, +@@ -1352,7 +1353,7 @@ static int hvcs_write(struct tty_struct *tty, * the middle of a write operation? This is a crummy place to do this * but we want to keep it all in the spinlock. */ @@ -43552,7 +42490,7 @@ index 8776357..b2d4afd 100644 spin_unlock_irqrestore(&hvcsd->lock, flags); return -ENODEV; } -@@ -1431,7 +1432,7 @@ static int hvcs_write_room(struct tty_struct *tty) +@@ -1426,7 +1427,7 @@ static int hvcs_write_room(struct tty_struct *tty) { struct hvcs_struct *hvcsd = tty->driver_data; @@ -43562,7 +42500,7 @@ index 8776357..b2d4afd 100644 return HVCS_BUFF_LEN - hvcsd->chars_in_buffer; diff --git a/drivers/tty/ipwireless/tty.c b/drivers/tty/ipwireless/tty.c -index 2cde13d..645d78f 100644 +index 8fd72ff..34a0bed 100644 --- a/drivers/tty/ipwireless/tty.c +++ b/drivers/tty/ipwireless/tty.c @@ -29,6 +29,7 @@ @@ -43606,16 +42544,16 @@ index 2cde13d..645d78f 100644 mutex_unlock(&tty->ipw_tty_mutex); return; } -@@ -170,7 +169,7 @@ void ipwireless_tty_received(struct ipw_tty *tty, unsigned char *data, - return; - } +@@ -164,7 +163,7 @@ void ipwireless_tty_received(struct ipw_tty *tty, unsigned char *data, + + mutex_lock(&tty->ipw_tty_mutex); - if (!tty->port.count) { + if (!atomic_read(&tty->port.count)) { mutex_unlock(&tty->ipw_tty_mutex); return; } -@@ -212,7 +211,7 @@ static int ipw_write(struct tty_struct *linux_tty, +@@ -206,7 +205,7 @@ static int ipw_write(struct tty_struct *linux_tty, return -ENODEV; mutex_lock(&tty->ipw_tty_mutex); @@ -43624,7 +42562,7 @@ index 2cde13d..645d78f 100644 mutex_unlock(&tty->ipw_tty_mutex); return -EINVAL; } -@@ -252,7 +251,7 @@ static int ipw_write_room(struct tty_struct *linux_tty) +@@ -246,7 +245,7 @@ static int ipw_write_room(struct tty_struct *linux_tty) if (!tty) return -ENODEV; @@ -43633,7 +42571,7 @@ index 2cde13d..645d78f 100644 return -EINVAL; room = IPWIRELESS_TX_QUEUE_SIZE - tty->tx_bytes_queued; -@@ -294,7 +293,7 @@ static int ipw_chars_in_buffer(struct tty_struct *linux_tty) +@@ -288,7 +287,7 @@ static int ipw_chars_in_buffer(struct tty_struct *linux_tty) if (!tty) return 0; @@ -43642,7 +42580,7 @@ index 2cde13d..645d78f 100644 return 0; return tty->tx_bytes_queued; -@@ -375,7 +374,7 @@ static int ipw_tiocmget(struct tty_struct *linux_tty) +@@ -369,7 +368,7 @@ static int ipw_tiocmget(struct tty_struct *linux_tty) if (!tty) return -ENODEV; @@ -43651,7 +42589,7 @@ index 2cde13d..645d78f 100644 return -EINVAL; return get_control_lines(tty); -@@ -391,7 +390,7 @@ ipw_tiocmset(struct tty_struct *linux_tty, +@@ -385,7 +384,7 @@ ipw_tiocmset(struct tty_struct *linux_tty, if (!tty) return -ENODEV; @@ -43660,7 +42598,7 @@ index 2cde13d..645d78f 100644 return -EINVAL; return set_control_lines(tty, set, clear); -@@ -405,7 +404,7 @@ static int ipw_ioctl(struct tty_struct *linux_tty, +@@ -399,7 +398,7 @@ static int ipw_ioctl(struct tty_struct *linux_tty, if (!tty) return -ENODEV; @@ -43669,7 +42607,7 @@ index 2cde13d..645d78f 100644 return -EINVAL; /* FIXME: Exactly how is the tty object locked here .. */ -@@ -561,7 +560,7 @@ void ipwireless_tty_free(struct ipw_tty *tty) +@@ -555,7 +554,7 @@ void ipwireless_tty_free(struct ipw_tty *tty) * are gone */ mutex_lock(&ttyj->ipw_tty_mutex); } @@ -43679,7 +42617,7 @@ index 2cde13d..645d78f 100644 ipwireless_disassociate_network_ttys(network, ttyj->channel_idx); diff --git a/drivers/tty/moxa.c b/drivers/tty/moxa.c -index f9d2850..b006f04 100644 +index adeac25..787a0a1 100644 --- a/drivers/tty/moxa.c +++ b/drivers/tty/moxa.c @@ -1193,7 +1193,7 @@ static int moxa_open(struct tty_struct *tty, struct file *filp) @@ -43692,7 +42630,7 @@ index f9d2850..b006f04 100644 tty_port_tty_set(&ch->port, tty); mutex_lock(&ch->port.mutex); diff --git a/drivers/tty/n_gsm.c b/drivers/tty/n_gsm.c -index bfd6771..e0d93c4 100644 +index 4a43ef5d7..aa71f27 100644 --- a/drivers/tty/n_gsm.c +++ b/drivers/tty/n_gsm.c @@ -1636,7 +1636,7 @@ static struct gsm_dlci *gsm_dlci_alloc(struct gsm_mux *gsm, int addr) @@ -43714,10 +42652,10 @@ index bfd6771..e0d93c4 100644 dlci_get(dlci->gsm->dlci[0]); mux_get(dlci->gsm); diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c -index 19083ef..6e34e97 100644 +index 05e72be..67f6a0f 100644 --- a/drivers/tty/n_tty.c +++ b/drivers/tty/n_tty.c -@@ -2196,6 +2196,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) +@@ -2197,6 +2197,7 @@ void n_tty_inherit_ops(struct tty_ldisc_ops *ops) { *ops = tty_ldisc_N_TTY; ops->owner = NULL; @@ -43727,10 +42665,10 @@ index 19083ef..6e34e97 100644 } EXPORT_SYMBOL_GPL(n_tty_inherit_ops); diff --git a/drivers/tty/pty.c b/drivers/tty/pty.c -index c830b60..b239698 100644 +index 125e0fd..8c50690 100644 --- a/drivers/tty/pty.c +++ b/drivers/tty/pty.c -@@ -793,8 +793,10 @@ static void __init unix98_pty_init(void) +@@ -800,8 +800,10 @@ static void __init unix98_pty_init(void) panic("Couldn't register Unix98 pts driver"); /* Now create the /dev/ptmx special device */ @@ -43743,10 +42681,10 @@ index c830b60..b239698 100644 cdev_init(&ptmx_cdev, &ptmx_fops); if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) || diff --git a/drivers/tty/rocket.c b/drivers/tty/rocket.c -index e42009a..566a036 100644 +index 1d27003..959f452 100644 --- a/drivers/tty/rocket.c +++ b/drivers/tty/rocket.c -@@ -925,7 +925,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp) +@@ -923,7 +923,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp) tty->driver_data = info; tty_port_tty_set(port, tty); @@ -43755,7 +42693,7 @@ index e42009a..566a036 100644 atomic_inc(&rp_num_ports_open); #ifdef ROCKET_DEBUG_OPEN -@@ -934,7 +934,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp) +@@ -932,7 +932,7 @@ static int rp_open(struct tty_struct *tty, struct file *filp) #endif } #ifdef ROCKET_DEBUG_OPEN @@ -43764,7 +42702,7 @@ index e42009a..566a036 100644 #endif /* -@@ -1529,7 +1529,7 @@ static void rp_hangup(struct tty_struct *tty) +@@ -1527,7 +1527,7 @@ static void rp_hangup(struct tty_struct *tty) spin_unlock_irqrestore(&info->port.lock, flags); return; } @@ -43880,10 +42818,10 @@ index 1002054..dd644a8 100644 /* This is only available if kgdboc is a built in for early debugging */ static int __init kgdboc_early_init(char *opt) diff --git a/drivers/tty/serial/samsung.c b/drivers/tty/serial/samsung.c -index e514b3a..c73d614 100644 +index 2769a38..f3dbe48 100644 --- a/drivers/tty/serial/samsung.c +++ b/drivers/tty/serial/samsung.c -@@ -453,11 +453,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port) +@@ -451,11 +451,16 @@ static void s3c24xx_serial_shutdown(struct uart_port *port) } } @@ -43900,7 +42838,7 @@ index e514b3a..c73d614 100644 dbg("s3c24xx_serial_startup: port=%p (%08lx,%p)\n", port->mapbase, port->membase); -@@ -1122,10 +1127,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport, +@@ -1120,10 +1125,6 @@ static int s3c24xx_serial_init_port(struct s3c24xx_uart_port *ourport, /* setup info for port */ port->dev = &platdev->dev; @@ -43912,10 +42850,10 @@ index e514b3a..c73d614 100644 if (cfg->uart_flags & UPF_CONS_FLOW) { diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c -index 4293a3e..7227e42 100644 +index 8fbb6d2..822a9e6 100644 --- a/drivers/tty/serial/serial_core.c +++ b/drivers/tty/serial/serial_core.c -@@ -1455,7 +1455,7 @@ static void uart_hangup(struct tty_struct *tty) +@@ -1454,7 +1454,7 @@ static void uart_hangup(struct tty_struct *tty) uart_flush_buffer(tty); uart_shutdown(tty, state); spin_lock_irqsave(&port->lock, flags); @@ -43924,7 +42862,7 @@ index 4293a3e..7227e42 100644 clear_bit(ASYNCB_NORMAL_ACTIVE, &port->flags); spin_unlock_irqrestore(&port->lock, flags); tty_port_tty_set(port, NULL); -@@ -1551,7 +1551,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) +@@ -1550,7 +1550,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) goto end; } @@ -43939,7 +42877,7 @@ index 4293a3e..7227e42 100644 */ - if (port->count == 1) + if (atomic_read(&port->count) == 1) - uart_change_pm(state, 0); + uart_change_pm(state, UART_PM_STATE_ON); /* @@ -1596,7 +1596,7 @@ static int uart_open(struct tty_struct *tty, struct file *filp) @@ -43952,10 +42890,10 @@ index 4293a3e..7227e42 100644 goto end; } diff --git a/drivers/tty/synclink.c b/drivers/tty/synclink.c -index 9e071f6..f30ae69 100644 +index 8983276..72a4090 100644 --- a/drivers/tty/synclink.c +++ b/drivers/tty/synclink.c -@@ -3095,7 +3095,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp) +@@ -3093,7 +3093,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgsl_close(%s) entry, count=%d\n", @@ -43964,7 +42902,7 @@ index 9e071f6..f30ae69 100644 if (tty_port_close_start(&info->port, tty, filp) == 0) goto cleanup; -@@ -3113,7 +3113,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp) +@@ -3111,7 +3111,7 @@ static void mgsl_close(struct tty_struct *tty, struct file * filp) cleanup: if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgsl_close(%s) exit, count=%d\n", __FILE__,__LINE__, @@ -43973,7 +42911,7 @@ index 9e071f6..f30ae69 100644 } /* end of mgsl_close() */ -@@ -3212,8 +3212,8 @@ static void mgsl_hangup(struct tty_struct *tty) +@@ -3210,8 +3210,8 @@ static void mgsl_hangup(struct tty_struct *tty) mgsl_flush_buffer(tty); shutdown(info); @@ -43984,7 +42922,7 @@ index 9e071f6..f30ae69 100644 info->port.flags &= ~ASYNC_NORMAL_ACTIVE; info->port.tty = NULL; -@@ -3302,12 +3302,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, +@@ -3300,12 +3300,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):block_til_ready before block on %s count=%d\n", @@ -43999,7 +42937,7 @@ index 9e071f6..f30ae69 100644 } spin_unlock_irqrestore(&info->irq_spinlock, flags); port->blocked_open++; -@@ -3336,7 +3336,7 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, +@@ -3334,7 +3334,7 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):block_til_ready blocking on %s count=%d\n", @@ -44008,7 +42946,7 @@ index 9e071f6..f30ae69 100644 tty_unlock(tty); schedule(); -@@ -3348,12 +3348,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, +@@ -3346,12 +3346,12 @@ static int block_til_ready(struct tty_struct *tty, struct file * filp, /* FIXME: Racy on hangup during close wait */ if (extra_count) @@ -44023,7 +42961,7 @@ index 9e071f6..f30ae69 100644 if (!retval) port->flags |= ASYNC_NORMAL_ACTIVE; -@@ -3405,7 +3405,7 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp) +@@ -3403,7 +3403,7 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):mgsl_open(%s), old ref count = %d\n", @@ -44032,7 +42970,7 @@ index 9e071f6..f30ae69 100644 /* If port is closing, signal caller to try again */ if (tty_hung_up_p(filp) || info->port.flags & ASYNC_CLOSING){ -@@ -3424,10 +3424,10 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp) +@@ -3422,10 +3422,10 @@ static int mgsl_open(struct tty_struct *tty, struct file * filp) spin_unlock_irqrestore(&info->netlock, flags); goto cleanup; } @@ -44045,7 +42983,7 @@ index 9e071f6..f30ae69 100644 /* 1st open on this device, init hardware */ retval = startup(info); if (retval < 0) -@@ -3451,8 +3451,8 @@ cleanup: +@@ -3449,8 +3449,8 @@ cleanup: if (retval) { if (tty->count == 1) info->port.tty = NULL; /* tty layer will release tty struct */ @@ -44056,7 +42994,7 @@ index 9e071f6..f30ae69 100644 } return retval; -@@ -7662,7 +7662,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, +@@ -7668,7 +7668,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, unsigned short new_crctype; /* return error if TTY interface open */ @@ -44065,7 +43003,7 @@ index 9e071f6..f30ae69 100644 return -EBUSY; switch (encoding) -@@ -7757,7 +7757,7 @@ static int hdlcdev_open(struct net_device *dev) +@@ -7763,7 +7763,7 @@ static int hdlcdev_open(struct net_device *dev) /* arbitrate between network and tty opens */ spin_lock_irqsave(&info->netlock, flags); @@ -44074,7 +43012,7 @@ index 9e071f6..f30ae69 100644 printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name); spin_unlock_irqrestore(&info->netlock, flags); return -EBUSY; -@@ -7843,7 +7843,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) +@@ -7849,7 +7849,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name); /* return error if TTY interface open */ @@ -44084,10 +43022,10 @@ index 9e071f6..f30ae69 100644 if (cmd != SIOCWANDEV) diff --git a/drivers/tty/synclink_gt.c b/drivers/tty/synclink_gt.c -index aba1e59..877ac33 100644 +index aa9eece..d8baaec 100644 --- a/drivers/tty/synclink_gt.c +++ b/drivers/tty/synclink_gt.c -@@ -671,7 +671,7 @@ static int open(struct tty_struct *tty, struct file *filp) +@@ -670,7 +670,7 @@ static int open(struct tty_struct *tty, struct file *filp) tty->driver_data = info; info->port.tty = tty; @@ -44096,7 +43034,7 @@ index aba1e59..877ac33 100644 /* If port is closing, signal caller to try again */ if (tty_hung_up_p(filp) || info->port.flags & ASYNC_CLOSING){ -@@ -692,10 +692,10 @@ static int open(struct tty_struct *tty, struct file *filp) +@@ -691,10 +691,10 @@ static int open(struct tty_struct *tty, struct file *filp) mutex_unlock(&info->port.mutex); goto cleanup; } @@ -44109,7 +43047,7 @@ index aba1e59..877ac33 100644 /* 1st open on this device, init hardware */ retval = startup(info); if (retval < 0) { -@@ -716,8 +716,8 @@ cleanup: +@@ -715,8 +715,8 @@ cleanup: if (retval) { if (tty->count == 1) info->port.tty = NULL; /* tty layer will release tty struct */ @@ -44120,7 +43058,7 @@ index aba1e59..877ac33 100644 } DBGINFO(("%s open rc=%d\n", info->device_name, retval)); -@@ -730,7 +730,7 @@ static void close(struct tty_struct *tty, struct file *filp) +@@ -729,7 +729,7 @@ static void close(struct tty_struct *tty, struct file *filp) if (sanity_check(info, tty->name, "close")) return; @@ -44129,7 +43067,7 @@ index aba1e59..877ac33 100644 if (tty_port_close_start(&info->port, tty, filp) == 0) goto cleanup; -@@ -747,7 +747,7 @@ static void close(struct tty_struct *tty, struct file *filp) +@@ -746,7 +746,7 @@ static void close(struct tty_struct *tty, struct file *filp) tty_port_close_end(&info->port, tty); info->port.tty = NULL; cleanup: @@ -44138,7 +43076,7 @@ index aba1e59..877ac33 100644 } static void hangup(struct tty_struct *tty) -@@ -765,7 +765,7 @@ static void hangup(struct tty_struct *tty) +@@ -764,7 +764,7 @@ static void hangup(struct tty_struct *tty) shutdown(info); spin_lock_irqsave(&info->port.lock, flags); @@ -44147,7 +43085,7 @@ index aba1e59..877ac33 100644 info->port.flags &= ~ASYNC_NORMAL_ACTIVE; info->port.tty = NULL; spin_unlock_irqrestore(&info->port.lock, flags); -@@ -1450,7 +1450,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, +@@ -1449,7 +1449,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, unsigned short new_crctype; /* return error if TTY interface open */ @@ -44156,7 +43094,7 @@ index aba1e59..877ac33 100644 return -EBUSY; DBGINFO(("%s hdlcdev_attach\n", info->device_name)); -@@ -1545,7 +1545,7 @@ static int hdlcdev_open(struct net_device *dev) +@@ -1544,7 +1544,7 @@ static int hdlcdev_open(struct net_device *dev) /* arbitrate between network and tty opens */ spin_lock_irqsave(&info->netlock, flags); @@ -44165,7 +43103,7 @@ index aba1e59..877ac33 100644 DBGINFO(("%s hdlc_open busy\n", dev->name)); spin_unlock_irqrestore(&info->netlock, flags); return -EBUSY; -@@ -1630,7 +1630,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) +@@ -1629,7 +1629,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) DBGINFO(("%s hdlcdev_ioctl\n", dev->name)); /* return error if TTY interface open */ @@ -44174,7 +43112,7 @@ index aba1e59..877ac33 100644 return -EBUSY; if (cmd != SIOCWANDEV) -@@ -2419,7 +2419,7 @@ static irqreturn_t slgt_interrupt(int dummy, void *dev_id) +@@ -2413,7 +2413,7 @@ static irqreturn_t slgt_interrupt(int dummy, void *dev_id) if (port == NULL) continue; spin_lock(&port->lock); @@ -44183,7 +43121,7 @@ index aba1e59..877ac33 100644 port->pending_bh && !port->bh_running && !port->bh_requested) { DBGISR(("%s bh queued\n", port->device_name)); -@@ -3308,7 +3308,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, +@@ -3302,7 +3302,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, spin_lock_irqsave(&info->lock, flags); if (!tty_hung_up_p(filp)) { extra_count = true; @@ -44192,7 +43130,7 @@ index aba1e59..877ac33 100644 } spin_unlock_irqrestore(&info->lock, flags); port->blocked_open++; -@@ -3345,7 +3345,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, +@@ -3339,7 +3339,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, remove_wait_queue(&port->open_wait, &wait); if (extra_count) @@ -44202,10 +43140,10 @@ index aba1e59..877ac33 100644 if (!retval) diff --git a/drivers/tty/synclinkmp.c b/drivers/tty/synclinkmp.c -index fd43fb6..34704ad 100644 +index 6d5780c..aa4d8cd 100644 --- a/drivers/tty/synclinkmp.c +++ b/drivers/tty/synclinkmp.c -@@ -751,7 +751,7 @@ static int open(struct tty_struct *tty, struct file *filp) +@@ -750,7 +750,7 @@ static int open(struct tty_struct *tty, struct file *filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):%s open(), old ref count = %d\n", @@ -44214,7 +43152,7 @@ index fd43fb6..34704ad 100644 /* If port is closing, signal caller to try again */ if (tty_hung_up_p(filp) || info->port.flags & ASYNC_CLOSING){ -@@ -770,10 +770,10 @@ static int open(struct tty_struct *tty, struct file *filp) +@@ -769,10 +769,10 @@ static int open(struct tty_struct *tty, struct file *filp) spin_unlock_irqrestore(&info->netlock, flags); goto cleanup; } @@ -44227,7 +43165,7 @@ index fd43fb6..34704ad 100644 /* 1st open on this device, init hardware */ retval = startup(info); if (retval < 0) -@@ -797,8 +797,8 @@ cleanup: +@@ -796,8 +796,8 @@ cleanup: if (retval) { if (tty->count == 1) info->port.tty = NULL; /* tty layer will release tty struct */ @@ -44238,7 +43176,7 @@ index fd43fb6..34704ad 100644 } return retval; -@@ -816,7 +816,7 @@ static void close(struct tty_struct *tty, struct file *filp) +@@ -815,7 +815,7 @@ static void close(struct tty_struct *tty, struct file *filp) if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):%s close() entry, count=%d\n", @@ -44247,7 +43185,7 @@ index fd43fb6..34704ad 100644 if (tty_port_close_start(&info->port, tty, filp) == 0) goto cleanup; -@@ -835,7 +835,7 @@ static void close(struct tty_struct *tty, struct file *filp) +@@ -834,7 +834,7 @@ static void close(struct tty_struct *tty, struct file *filp) cleanup: if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):%s close() exit, count=%d\n", __FILE__,__LINE__, @@ -44256,7 +43194,7 @@ index fd43fb6..34704ad 100644 } /* Called by tty_hangup() when a hangup is signaled. -@@ -858,7 +858,7 @@ static void hangup(struct tty_struct *tty) +@@ -857,7 +857,7 @@ static void hangup(struct tty_struct *tty) shutdown(info); spin_lock_irqsave(&info->port.lock, flags); @@ -44265,7 +43203,7 @@ index fd43fb6..34704ad 100644 info->port.flags &= ~ASYNC_NORMAL_ACTIVE; info->port.tty = NULL; spin_unlock_irqrestore(&info->port.lock, flags); -@@ -1566,7 +1566,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, +@@ -1565,7 +1565,7 @@ static int hdlcdev_attach(struct net_device *dev, unsigned short encoding, unsigned short new_crctype; /* return error if TTY interface open */ @@ -44274,7 +43212,7 @@ index fd43fb6..34704ad 100644 return -EBUSY; switch (encoding) -@@ -1661,7 +1661,7 @@ static int hdlcdev_open(struct net_device *dev) +@@ -1660,7 +1660,7 @@ static int hdlcdev_open(struct net_device *dev) /* arbitrate between network and tty opens */ spin_lock_irqsave(&info->netlock, flags); @@ -44283,7 +43221,7 @@ index fd43fb6..34704ad 100644 printk(KERN_WARNING "%s: hdlc_open returning busy\n", dev->name); spin_unlock_irqrestore(&info->netlock, flags); return -EBUSY; -@@ -1747,7 +1747,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) +@@ -1746,7 +1746,7 @@ static int hdlcdev_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd) printk("%s:hdlcdev_ioctl(%s)\n",__FILE__,dev->name); /* return error if TTY interface open */ @@ -44292,7 +43230,7 @@ index fd43fb6..34704ad 100644 return -EBUSY; if (cmd != SIOCWANDEV) -@@ -2632,7 +2632,7 @@ static irqreturn_t synclinkmp_interrupt(int dummy, void *dev_id) +@@ -2620,7 +2620,7 @@ static irqreturn_t synclinkmp_interrupt(int dummy, void *dev_id) * do not request bottom half processing if the * device is not open in a normal mode. */ @@ -44301,7 +43239,7 @@ index fd43fb6..34704ad 100644 port->pending_bh && !port->bh_running && !port->bh_requested ) { if ( debug_level >= DEBUG_LEVEL_ISR ) -@@ -3330,12 +3330,12 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, +@@ -3318,12 +3318,12 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):%s block_til_ready() before block, count=%d\n", @@ -44316,7 +43254,7 @@ index fd43fb6..34704ad 100644 } spin_unlock_irqrestore(&info->lock, flags); port->blocked_open++; -@@ -3364,7 +3364,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, +@@ -3352,7 +3352,7 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, if (debug_level >= DEBUG_LEVEL_INFO) printk("%s(%d):%s block_til_ready() count=%d\n", @@ -44325,7 +43263,7 @@ index fd43fb6..34704ad 100644 tty_unlock(tty); schedule(); -@@ -3375,12 +3375,12 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, +@@ -3363,12 +3363,12 @@ static int block_til_ready(struct tty_struct *tty, struct file *filp, remove_wait_queue(&port->open_wait, &wait); if (extra_count) @@ -44341,10 +43279,10 @@ index fd43fb6..34704ad 100644 if (!retval) port->flags |= ASYNC_NORMAL_ACTIVE; diff --git a/drivers/tty/sysrq.c b/drivers/tty/sysrq.c -index b3c4a25..723916f 100644 +index 3687f0c..6b9b808 100644 --- a/drivers/tty/sysrq.c +++ b/drivers/tty/sysrq.c -@@ -867,7 +867,7 @@ EXPORT_SYMBOL(unregister_sysrq_key); +@@ -995,7 +995,7 @@ EXPORT_SYMBOL(unregister_sysrq_key); static ssize_t write_sysrq_trigger(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { @@ -44354,10 +43292,10 @@ index b3c4a25..723916f 100644 if (get_user(c, buf)) diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c -index f34f98d..73c6c42 100644 +index a9cd0b9..47b9336 100644 --- a/drivers/tty/tty_io.c +++ b/drivers/tty/tty_io.c -@@ -3401,7 +3401,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); +@@ -3398,7 +3398,7 @@ EXPORT_SYMBOL_GPL(get_current_tty); void tty_default_fops(struct file_operations *fops) { @@ -44367,7 +43305,7 @@ index f34f98d..73c6c42 100644 /* diff --git a/drivers/tty/tty_ldisc.c b/drivers/tty/tty_ldisc.c -index 78f1be2..3e98910 100644 +index d794087..e4f49e5 100644 --- a/drivers/tty/tty_ldisc.c +++ b/drivers/tty/tty_ldisc.c @@ -56,7 +56,7 @@ static void put_ldisc(struct tty_ldisc *ld) @@ -44379,7 +43317,7 @@ index 78f1be2..3e98910 100644 module_put(ldo->owner); raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags); -@@ -91,7 +91,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc) +@@ -93,7 +93,7 @@ int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc) raw_spin_lock_irqsave(&tty_ldisc_lock, flags); tty_ldiscs[disc] = new_ldisc; new_ldisc->num = disc; @@ -44388,7 +43326,7 @@ index 78f1be2..3e98910 100644 raw_spin_unlock_irqrestore(&tty_ldisc_lock, flags); return ret; -@@ -119,7 +119,7 @@ int tty_unregister_ldisc(int disc) +@@ -121,7 +121,7 @@ int tty_unregister_ldisc(int disc) return -EINVAL; raw_spin_lock_irqsave(&tty_ldisc_lock, flags); @@ -44397,7 +43335,7 @@ index 78f1be2..3e98910 100644 ret = -EBUSY; else tty_ldiscs[disc] = NULL; -@@ -140,7 +140,7 @@ static struct tty_ldisc_ops *get_ldops(int disc) +@@ -142,7 +142,7 @@ static struct tty_ldisc_ops *get_ldops(int disc) if (ldops) { ret = ERR_PTR(-EAGAIN); if (try_module_get(ldops->owner)) { @@ -44406,7 +43344,7 @@ index 78f1be2..3e98910 100644 ret = ldops; } } -@@ -153,7 +153,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops) +@@ -155,7 +155,7 @@ static void put_ldops(struct tty_ldisc_ops *ldops) unsigned long flags; raw_spin_lock_irqsave(&tty_ldisc_lock, flags); @@ -44483,10 +43421,10 @@ index b7ff59d..7c6105e 100644 tty_port_tty_set(port, tty); diff --git a/drivers/tty/vt/keyboard.c b/drivers/tty/vt/keyboard.c -index 681765b..d3ccdf2 100644 +index a9af1b9a..1e08e7f 100644 --- a/drivers/tty/vt/keyboard.c +++ b/drivers/tty/vt/keyboard.c -@@ -660,6 +660,16 @@ static void k_spec(struct vc_data *vc, unsigned char value, char up_flag) +@@ -647,6 +647,16 @@ static void k_spec(struct vc_data *vc, unsigned char value, char up_flag) kbd->kbdmode == VC_OFF) && value != KVAL(K_SAK)) return; /* SAK is allowed even in raw mode */ @@ -44503,7 +43441,7 @@ index 681765b..d3ccdf2 100644 fn_handler[value](vc); } -@@ -1808,9 +1818,6 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, +@@ -1795,9 +1805,6 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, if (copy_from_user(&tmp, user_kbe, sizeof(struct kbentry))) return -EFAULT; @@ -44513,7 +43451,7 @@ index 681765b..d3ccdf2 100644 switch (cmd) { case KDGKBENT: /* Ensure another thread doesn't free it under us */ -@@ -1825,6 +1832,9 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, +@@ -1812,6 +1819,9 @@ int vt_do_kdsk_ioctl(int cmd, struct kbentry __user *user_kbe, int perm, spin_unlock_irqrestore(&kbd_event_lock, flags); return put_user(val, &user_kbe->kb_value); case KDSKBENT: @@ -44523,7 +43461,7 @@ index 681765b..d3ccdf2 100644 if (!perm) return -EPERM; if (!i && v == K_NOSUCHMAP) { -@@ -1915,9 +1925,6 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) +@@ -1902,9 +1912,6 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) int i, j, k; int ret; @@ -44533,7 +43471,7 @@ index 681765b..d3ccdf2 100644 kbs = kmalloc(sizeof(*kbs), GFP_KERNEL); if (!kbs) { ret = -ENOMEM; -@@ -1951,6 +1958,9 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) +@@ -1938,6 +1945,9 @@ int vt_do_kdgkb_ioctl(int cmd, struct kbsentry __user *user_kdgkb, int perm) kfree(kbs); return ((p && *p) ? -EOVERFLOW : 0); case KDSKBSENT: @@ -44544,7 +43482,7 @@ index 681765b..d3ccdf2 100644 ret = -EPERM; goto reterr; diff --git a/drivers/uio/uio.c b/drivers/uio/uio.c -index 5110f36..8dc0a74 100644 +index c8b9262..7e824e6 100644 --- a/drivers/uio/uio.c +++ b/drivers/uio/uio.c @@ -25,6 +25,7 @@ @@ -44577,7 +43515,7 @@ index 5110f36..8dc0a74 100644 } static struct device_attribute uio_class_attributes[] = { -@@ -408,7 +409,7 @@ void uio_event_notify(struct uio_info *info) +@@ -397,7 +398,7 @@ void uio_event_notify(struct uio_info *info) { struct uio_device *idev = info->uio_dev; @@ -44586,7 +43524,7 @@ index 5110f36..8dc0a74 100644 wake_up_interruptible(&idev->wait); kill_fasync(&idev->async_queue, SIGIO, POLL_IN); } -@@ -461,7 +462,7 @@ static int uio_open(struct inode *inode, struct file *filep) +@@ -450,7 +451,7 @@ static int uio_open(struct inode *inode, struct file *filep) } listener->dev = idev; @@ -44595,7 +43533,7 @@ index 5110f36..8dc0a74 100644 filep->private_data = listener; if (idev->info->open) { -@@ -512,7 +513,7 @@ static unsigned int uio_poll(struct file *filep, poll_table *wait) +@@ -501,7 +502,7 @@ static unsigned int uio_poll(struct file *filep, poll_table *wait) return -EIO; poll_wait(filep, &idev->wait, wait); @@ -44604,7 +43542,7 @@ index 5110f36..8dc0a74 100644 return POLLIN | POLLRDNORM; return 0; } -@@ -537,7 +538,7 @@ static ssize_t uio_read(struct file *filep, char __user *buf, +@@ -526,7 +527,7 @@ static ssize_t uio_read(struct file *filep, char __user *buf, do { set_current_state(TASK_INTERRUPTIBLE); @@ -44613,7 +43551,7 @@ index 5110f36..8dc0a74 100644 if (event_count != listener->event_count) { if (copy_to_user(buf, &event_count, count)) retval = -EFAULT; -@@ -606,13 +607,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma) +@@ -595,13 +596,13 @@ static int uio_find_mem_index(struct vm_area_struct *vma) static void uio_vma_open(struct vm_area_struct *vma) { struct uio_device *idev = vma->vm_private_data; @@ -44629,7 +43567,7 @@ index 5110f36..8dc0a74 100644 } static int uio_vma_fault(struct vm_area_struct *vma, struct vm_fault *vmf) -@@ -819,7 +820,7 @@ int __uio_register_device(struct module *owner, +@@ -808,7 +809,7 @@ int __uio_register_device(struct module *owner, idev->owner = owner; idev->info = info; init_waitqueue_head(&idev->wait); @@ -44735,7 +43673,7 @@ index 35f10bf..6a38a0b 100644 if (!left--) { if (instance->disconnected) diff --git a/drivers/usb/core/devices.c b/drivers/usb/core/devices.c -index cbacea9..246cccd 100644 +index 2a3bbdf..91d72cf 100644 --- a/drivers/usb/core/devices.c +++ b/drivers/usb/core/devices.c @@ -126,7 +126,7 @@ static const char format_endpt[] = @@ -44756,7 +43694,7 @@ index cbacea9..246cccd 100644 wake_up(&device_event.wait); } -@@ -645,7 +645,7 @@ static unsigned int usb_device_poll(struct file *file, +@@ -652,7 +652,7 @@ static unsigned int usb_device_poll(struct file *file, poll_wait(file, &device_event.wait, wait); @@ -44766,10 +43704,10 @@ index cbacea9..246cccd 100644 file->f_version = event_count; return POLLIN | POLLRDNORM; diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c -index 8e64adf..9a33a3c 100644 +index f9ec44c..eb5779f 100644 --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c -@@ -1522,7 +1522,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) +@@ -1526,7 +1526,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) */ usb_get_urb(urb); atomic_inc(&urb->use_count); @@ -44778,7 +43716,7 @@ index 8e64adf..9a33a3c 100644 usbmon_urb_submit(&hcd->self, urb); /* NOTE requirements on root-hub callers (usbfs and the hub -@@ -1549,7 +1549,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) +@@ -1553,7 +1553,7 @@ int usb_hcd_submit_urb (struct urb *urb, gfp_t mem_flags) urb->hcpriv = NULL; INIT_LIST_HEAD(&urb->urb_list); atomic_dec(&urb->use_count); @@ -44788,7 +43726,7 @@ index 8e64adf..9a33a3c 100644 wake_up(&usb_kill_urb_queue); usb_put_urb(urb); diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c -index 131f736..99004c3 100644 +index 444d30e..f15c850 100644 --- a/drivers/usb/core/message.c +++ b/drivers/usb/core/message.c @@ -129,7 +129,7 @@ static int usb_internal_control_msg(struct usb_device *usb_dev, @@ -44801,10 +43739,10 @@ index 131f736..99004c3 100644 __u16 size, int timeout) { diff --git a/drivers/usb/core/sysfs.c b/drivers/usb/core/sysfs.c -index 818e4a0..0fc9589 100644 +index 3f81a3d..a3aa993 100644 --- a/drivers/usb/core/sysfs.c +++ b/drivers/usb/core/sysfs.c -@@ -226,7 +226,7 @@ show_urbnum(struct device *dev, struct device_attribute *attr, char *buf) +@@ -239,7 +239,7 @@ show_urbnum(struct device *dev, struct device_attribute *attr, char *buf) struct usb_device *udev; udev = to_usb_device(dev); @@ -44868,10 +43806,10 @@ index 5e29dde..eca992f 100644 return 0; } diff --git a/drivers/usb/gadget/u_serial.c b/drivers/usb/gadget/u_serial.c -index 598dcc1..032dd4f 100644 +index b369292..9f3ba40 100644 --- a/drivers/usb/gadget/u_serial.c +++ b/drivers/usb/gadget/u_serial.c -@@ -735,9 +735,9 @@ static int gs_open(struct tty_struct *tty, struct file *file) +@@ -733,9 +733,9 @@ static int gs_open(struct tty_struct *tty, struct file *file) spin_lock_irq(&port->port_lock); /* already open? Great. */ @@ -44883,7 +43821,7 @@ index 598dcc1..032dd4f 100644 /* currently opening/closing? wait ... */ } else if (port->openclose) { -@@ -796,7 +796,7 @@ static int gs_open(struct tty_struct *tty, struct file *file) +@@ -794,7 +794,7 @@ static int gs_open(struct tty_struct *tty, struct file *file) tty->driver_data = port; port->port.tty = tty; @@ -44892,7 +43830,7 @@ index 598dcc1..032dd4f 100644 port->openclose = false; /* if connected, start the I/O stream */ -@@ -838,11 +838,11 @@ static void gs_close(struct tty_struct *tty, struct file *file) +@@ -836,11 +836,11 @@ static void gs_close(struct tty_struct *tty, struct file *file) spin_lock_irq(&port->port_lock); @@ -44907,7 +43845,7 @@ index 598dcc1..032dd4f 100644 goto exit; } -@@ -852,7 +852,7 @@ static void gs_close(struct tty_struct *tty, struct file *file) +@@ -850,7 +850,7 @@ static void gs_close(struct tty_struct *tty, struct file *file) * and sleep if necessary */ port->openclose = true; @@ -44916,7 +43854,7 @@ index 598dcc1..032dd4f 100644 gser = port->port_usb; if (gser && gser->disconnect) -@@ -1159,7 +1159,7 @@ static int gs_closed(struct gs_port *port) +@@ -1066,7 +1066,7 @@ static int gs_closed(struct gs_port *port) int cond; spin_lock_irq(&port->port_lock); @@ -44925,7 +43863,7 @@ index 598dcc1..032dd4f 100644 spin_unlock_irq(&port->port_lock); return cond; } -@@ -1273,7 +1273,7 @@ int gserial_connect(struct gserial *gser, u8 port_num) +@@ -1209,7 +1209,7 @@ int gserial_connect(struct gserial *gser, u8 port_num) /* if it's already open, start I/O ... and notify the serial * protocol about open/close status (connect/disconnect). */ @@ -44934,7 +43872,7 @@ index 598dcc1..032dd4f 100644 pr_debug("gserial_connect: start ttyGS%d\n", port->port_num); gs_start_io(port); if (gser->connect) -@@ -1320,7 +1320,7 @@ void gserial_disconnect(struct gserial *gser) +@@ -1256,7 +1256,7 @@ void gserial_disconnect(struct gserial *gser) port->port_usb = NULL; gser->ioport = NULL; @@ -44943,7 +43881,7 @@ index 598dcc1..032dd4f 100644 wake_up_interruptible(&port->drain_wait); if (port->port.tty) tty_hangup(port->port.tty); -@@ -1336,7 +1336,7 @@ void gserial_disconnect(struct gserial *gser) +@@ -1272,7 +1272,7 @@ void gserial_disconnect(struct gserial *gser) /* finally, free any unused/unusable I/O buffers */ spin_lock_irqsave(&port->port_lock, flags); @@ -45032,7 +43970,7 @@ index d6bea3e..60b250e 100644 /** diff --git a/drivers/usb/wusbcore/wa-xfer.c b/drivers/usb/wusbcore/wa-xfer.c -index 57c01ab..8a05959 100644 +index 6ef94bc..1b41265 100644 --- a/drivers/usb/wusbcore/wa-xfer.c +++ b/drivers/usb/wusbcore/wa-xfer.c @@ -296,7 +296,7 @@ out: @@ -45115,7 +44053,7 @@ index 6c5ed6b..b727c88 100644 .ident = "Sahara Touch-iT", .matches = { diff --git a/drivers/video/fb_defio.c b/drivers/video/fb_defio.c -index 88cad6b..dd746c7 100644 +index 900aa4e..6d49418 100644 --- a/drivers/video/fb_defio.c +++ b/drivers/video/fb_defio.c @@ -206,7 +206,9 @@ void fb_deferred_io_init(struct fb_info *info) @@ -45153,7 +44091,7 @@ index 5c3960d..15cf8fc 100644 goto out1; } diff --git a/drivers/video/fbmem.c b/drivers/video/fbmem.c -index 0a49456..fd5be1b 100644 +index 86291dc..7cc5962 100644 --- a/drivers/video/fbmem.c +++ b/drivers/video/fbmem.c @@ -428,7 +428,7 @@ static void fb_do_show_logo(struct fb_info *info, struct fb_image *image, @@ -48134,7 +47072,7 @@ index 86d449e..8e04dc5 100644 return count; } diff --git a/drivers/video/uvesafb.c b/drivers/video/uvesafb.c -index b75db01..ad2f34a 100644 +index d428445..79a78df 100644 --- a/drivers/video/uvesafb.c +++ b/drivers/video/uvesafb.c @@ -19,6 +19,7 @@ @@ -48399,10 +47337,10 @@ index fef20db..d28b1ab 100644 return -ENOMEM; return 0; diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c -index 890bed5..17ae73e 100644 +index d86edc8..40ff2fb 100644 --- a/fs/9p/vfs_inode.c +++ b/fs/9p/vfs_inode.c -@@ -1329,7 +1329,7 @@ static void *v9fs_vfs_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -1314,7 +1314,7 @@ static void *v9fs_vfs_follow_link(struct dentry *dentry, struct nameidata *nd) void v9fs_vfs_put_link(struct dentry *dentry, struct nameidata *nd, void *p) { @@ -48425,7 +47363,7 @@ index 0efd152..b5802ad 100644 A.out (Assembler.OUTput) is a set of formats for libraries and executables used in the earliest versions of UNIX. Linux used diff --git a/fs/aio.c b/fs/aio.c -index ed762ae..ee07789 100644 +index 1dc8786..d3b29e8 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -111,7 +111,7 @@ static int aio_setup_ring(struct kioctx *ctx) @@ -48437,7 +47375,7 @@ index ed762ae..ee07789 100644 return -EINVAL; nr_events = (PAGE_SIZE * nr_pages - sizeof(struct aio_ring)) / sizeof(struct io_event); -@@ -1373,18 +1373,19 @@ static ssize_t aio_fsync(struct kiocb *iocb) +@@ -1375,18 +1375,19 @@ static ssize_t aio_fsync(struct kiocb *iocb) static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat) { ssize_t ret; @@ -48459,7 +47397,7 @@ index ed762ae..ee07789 100644 &kiocb->ki_iovec); if (ret < 0) goto out; -@@ -1393,6 +1394,10 @@ static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat) +@@ -1395,6 +1396,10 @@ static ssize_t aio_setup_vectored_rw(int type, struct kiocb *kiocb, bool compat) if (ret < 0) goto out; @@ -48483,10 +47421,10 @@ index 1449adb..a2038c2 100644 goto out_sig; if (offset > inode->i_sb->s_maxbytes) diff --git a/fs/autofs4/waitq.c b/fs/autofs4/waitq.c -index 03bc1d3..6205356 100644 +index 3db70da..7aeec5b 100644 --- a/fs/autofs4/waitq.c +++ b/fs/autofs4/waitq.c -@@ -61,7 +61,7 @@ static int autofs4_write(struct autofs_sb_info *sbi, +@@ -59,7 +59,7 @@ static int autofs4_write(struct autofs_sb_info *sbi, { unsigned long sigpipe, flags; mm_segment_t fs; @@ -48495,7 +47433,7 @@ index 03bc1d3..6205356 100644 ssize_t wr = 0; sigpipe = sigismember(¤t->pending.signal, SIGPIPE); -@@ -348,6 +348,10 @@ static int validate_request(struct autofs_wait_queue **wait, +@@ -346,6 +346,10 @@ static int validate_request(struct autofs_wait_queue **wait, return 1; } @@ -48506,7 +47444,7 @@ index 03bc1d3..6205356 100644 int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry, enum autofs_notify notify) { -@@ -381,7 +385,12 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry, +@@ -379,7 +383,12 @@ int autofs4_wait(struct autofs_sb_info *sbi, struct dentry *dentry, /* If this is a direct mount request create a dummy name */ if (IS_ROOT(dentry) && autofs_type_trigger(sbi->type)) @@ -48542,7 +47480,7 @@ index 2722387..c8dd2a7 100644 { if (BEFS_SB(sb)->byte_order == BEFS_BYTESEX_LE) diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c -index 2b3bda8..6a2d4be 100644 +index 8615ee8..388ed68 100644 --- a/fs/befs/linuxvfs.c +++ b/fs/befs/linuxvfs.c @@ -510,7 +510,7 @@ static void befs_put_link(struct dentry *dentry, struct nameidata *nd, void *p) @@ -48555,7 +47493,7 @@ index 2b3bda8..6a2d4be 100644 kfree(link); } diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c -index 6043567..16a9239 100644 +index bbc8f88..7c7ac97 100644 --- a/fs/binfmt_aout.c +++ b/fs/binfmt_aout.c @@ -16,6 +16,7 @@ @@ -48635,18 +47573,18 @@ index 6043567..16a9239 100644 fd_offset + ex.a_text); if (error != N_DATADDR(ex)) { diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c -index 5843a47..160fbe2 100644 +index 86af964..8a1da7e 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c -@@ -33,6 +33,7 @@ - #include <linux/elf.h> +@@ -34,6 +34,7 @@ #include <linux/utsname.h> #include <linux/coredump.h> + #include <linux/sched.h> +#include <linux/xattr.h> #include <asm/uaccess.h> #include <asm/param.h> #include <asm/page.h> -@@ -59,6 +60,10 @@ static int elf_core_dump(struct coredump_params *cprm); +@@ -60,6 +61,10 @@ static int elf_core_dump(struct coredump_params *cprm); #define elf_core_dump NULL #endif @@ -48657,7 +47595,7 @@ index 5843a47..160fbe2 100644 #if ELF_EXEC_PAGESIZE > PAGE_SIZE #define ELF_MIN_ALIGN ELF_EXEC_PAGESIZE #else -@@ -78,6 +83,11 @@ static struct linux_binfmt elf_format = { +@@ -79,6 +84,11 @@ static struct linux_binfmt elf_format = { .load_binary = load_elf_binary, .load_shlib = load_elf_library, .core_dump = elf_core_dump, @@ -48669,7 +47607,7 @@ index 5843a47..160fbe2 100644 .min_coredump = ELF_EXEC_PAGESIZE, }; -@@ -85,6 +95,8 @@ static struct linux_binfmt elf_format = { +@@ -86,6 +96,8 @@ static struct linux_binfmt elf_format = { static int set_brk(unsigned long start, unsigned long end) { @@ -48678,7 +47616,7 @@ index 5843a47..160fbe2 100644 start = ELF_PAGEALIGN(start); end = ELF_PAGEALIGN(end); if (end > start) { -@@ -93,7 +105,7 @@ static int set_brk(unsigned long start, unsigned long end) +@@ -94,7 +106,7 @@ static int set_brk(unsigned long start, unsigned long end) if (BAD_ADDR(addr)) return addr; } @@ -48687,7 +47625,7 @@ index 5843a47..160fbe2 100644 return 0; } -@@ -154,12 +166,13 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, +@@ -155,12 +167,13 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, elf_addr_t __user *u_rand_bytes; const char *k_platform = ELF_PLATFORM; const char *k_base_platform = ELF_BASE_PLATFORM; @@ -48702,7 +47640,7 @@ index 5843a47..160fbe2 100644 /* * In some cases (e.g. Hyper-Threading), we want to avoid L1 -@@ -201,8 +214,12 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, +@@ -202,8 +215,12 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, * Generate 16 random bytes for userspace PRNG seeding. */ get_random_bytes(k_rand_bytes, sizeof(k_rand_bytes)); @@ -48717,7 +47655,7 @@ index 5843a47..160fbe2 100644 if (__copy_to_user(u_rand_bytes, k_rand_bytes, sizeof(k_rand_bytes))) return -EFAULT; -@@ -314,9 +331,11 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, +@@ -315,9 +332,11 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, return -EFAULT; current->mm->env_end = p; @@ -48730,7 +47668,7 @@ index 5843a47..160fbe2 100644 return -EFAULT; return 0; } -@@ -380,15 +399,14 @@ static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr) +@@ -385,15 +404,14 @@ static unsigned long total_mapping_size(struct elf_phdr *cmds, int nr) an ELF header */ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, @@ -48749,7 +47687,7 @@ index 5843a47..160fbe2 100644 unsigned long total_size; int retval, i, size; -@@ -434,6 +452,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, +@@ -439,6 +457,11 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, goto out_close; } @@ -48761,7 +47699,7 @@ index 5843a47..160fbe2 100644 eppnt = elf_phdata; for (i = 0; i < interp_elf_ex->e_phnum; i++, eppnt++) { if (eppnt->p_type == PT_LOAD) { -@@ -457,8 +480,6 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, +@@ -462,8 +485,6 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, map_addr = elf_map(interpreter, load_addr + vaddr, eppnt, elf_prot, elf_type, total_size); total_size = 0; @@ -48770,7 +47708,7 @@ index 5843a47..160fbe2 100644 error = map_addr; if (BAD_ADDR(map_addr)) goto out_close; -@@ -477,8 +498,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, +@@ -482,8 +503,8 @@ static unsigned long load_elf_interp(struct elfhdr *interp_elf_ex, k = load_addr + eppnt->p_vaddr; if (BAD_ADDR(k) || eppnt->p_filesz > eppnt->p_memsz || @@ -48781,7 +47719,7 @@ index 5843a47..160fbe2 100644 error = -ENOMEM; goto out_close; } -@@ -530,6 +551,315 @@ out: +@@ -535,6 +556,315 @@ out: return error; } @@ -49011,11 +47949,11 @@ index 5843a47..160fbe2 100644 + +#ifdef CONFIG_PAX_XATTR_PAX_FLAGS + ssize_t xattr_size, i; -+ unsigned char xattr_value[5]; ++ unsigned char xattr_value[sizeof("pemrs") - 1]; + unsigned long pax_flags_hardmode = 0UL, pax_flags_softmode = 0UL; + -+ xattr_size = vfs_getxattr(file->f_path.dentry, XATTR_NAME_PAX_FLAGS, xattr_value, sizeof xattr_value); -+ if (xattr_size <= 0 || xattr_size > 5) ++ xattr_size = pax_getxattr(file->f_path.dentry, xattr_value, sizeof xattr_value); ++ if (xattr_size <= 0 || xattr_size > sizeof xattr_value) + return ~0UL; + + for (i = 0; i < xattr_size; i++) @@ -49097,7 +48035,7 @@ index 5843a47..160fbe2 100644 /* * These are the functions used to load ELF style executables and shared * libraries. There is no binary dependent code anywhere else. -@@ -546,6 +876,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) +@@ -551,6 +881,11 @@ static unsigned long randomize_stack_top(unsigned long stack_top) { unsigned int random_variable = 0; @@ -49109,7 +48047,7 @@ index 5843a47..160fbe2 100644 if ((current->flags & PF_RANDOMIZE) && !(current->personality & ADDR_NO_RANDOMIZE)) { random_variable = get_random_int() & STACK_RND_MASK; -@@ -564,7 +899,7 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -569,7 +904,7 @@ static int load_elf_binary(struct linux_binprm *bprm) unsigned long load_addr = 0, load_bias = 0; int load_addr_set = 0; char * elf_interpreter = NULL; @@ -49118,7 +48056,7 @@ index 5843a47..160fbe2 100644 struct elf_phdr *elf_ppnt, *elf_phdata; unsigned long elf_bss, elf_brk; int retval, i; -@@ -574,12 +909,12 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -579,12 +914,12 @@ static int load_elf_binary(struct linux_binprm *bprm) unsigned long start_code, end_code, start_data, end_data; unsigned long reloc_func_desc __maybe_unused = 0; int executable_stack = EXSTACK_DEFAULT; @@ -49132,7 +48070,7 @@ index 5843a47..160fbe2 100644 loc = kmalloc(sizeof(*loc), GFP_KERNEL); if (!loc) { -@@ -715,11 +1050,81 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -720,11 +1055,81 @@ static int load_elf_binary(struct linux_binprm *bprm) goto out_free_dentry; /* OK, This is the point of no return */ @@ -49215,7 +48153,7 @@ index 5843a47..160fbe2 100644 if (elf_read_implies_exec(loc->elf_ex, executable_stack)) current->personality |= READ_IMPLIES_EXEC; -@@ -810,6 +1215,20 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -815,6 +1220,20 @@ static int load_elf_binary(struct linux_binprm *bprm) #else load_bias = ELF_PAGESTART(ELF_ET_DYN_BASE - vaddr); #endif @@ -49236,7 +48174,7 @@ index 5843a47..160fbe2 100644 } error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, -@@ -842,9 +1261,9 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -847,9 +1266,9 @@ static int load_elf_binary(struct linux_binprm *bprm) * allowed task size. Note that p_filesz must always be * <= p_memsz so it is only necessary to check p_memsz. */ @@ -49249,7 +48187,7 @@ index 5843a47..160fbe2 100644 /* set_brk can never work. Avoid overflows. */ send_sig(SIGKILL, current, 0); retval = -EINVAL; -@@ -883,17 +1302,44 @@ static int load_elf_binary(struct linux_binprm *bprm) +@@ -888,17 +1307,45 @@ static int load_elf_binary(struct linux_binprm *bprm) goto out_free_dentry; } if (likely(elf_bss != elf_brk) && unlikely(padzero(elf_bss))) { @@ -49265,7 +48203,8 @@ index 5843a47..160fbe2 100644 +#ifdef CONFIG_PAX_RANDMMAP + if (current->mm->pax_flags & MF_PAX_RANDMMAP) { -+ unsigned long start, size, flags, vm_flags; ++ unsigned long start, size, flags; ++ vm_flags_t vm_flags; + + start = ELF_PAGEALIGN(elf_brk); + size = PAGE_SIZE + ((pax_get_random_long() & ((1UL << 22) - 1UL)) << 4); @@ -49278,7 +48217,7 @@ index 5843a47..160fbe2 100644 + if (!IS_ERR_VALUE(start) && !find_vma_intersection(current->mm, start, start + size + PAGE_SIZE)) { +// if (current->personality & ADDR_NO_RANDOMIZE) +// vm_flags |= VM_READ | VM_MAYREAD; -+ start = mmap_region(NULL, start, PAGE_ALIGN(size), flags, vm_flags, 0); ++ start = mmap_region(NULL, start, PAGE_ALIGN(size), vm_flags, 0); + retval = IS_ERR_VALUE(start) ? start : 0; + } + up_write(¤t->mm->mmap_sem); @@ -49300,7 +48239,7 @@ index 5843a47..160fbe2 100644 load_bias); if (!IS_ERR((void *)elf_entry)) { /* -@@ -1115,7 +1561,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) +@@ -1120,7 +1567,7 @@ static bool always_dump_vma(struct vm_area_struct *vma) * Decide what to dump of a segment, part, all or none. */ static unsigned long vma_dump_size(struct vm_area_struct *vma, @@ -49309,7 +48248,7 @@ index 5843a47..160fbe2 100644 { #define FILTER(type) (mm_flags & (1UL << MMF_DUMP_##type)) -@@ -1153,7 +1599,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, +@@ -1158,7 +1605,7 @@ static unsigned long vma_dump_size(struct vm_area_struct *vma, if (vma->vm_file == NULL) return 0; @@ -49318,7 +48257,7 @@ index 5843a47..160fbe2 100644 goto whole; /* -@@ -1375,9 +1821,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) +@@ -1383,9 +1830,9 @@ static void fill_auxv_note(struct memelfnote *note, struct mm_struct *mm) { elf_addr_t *auxv = (elf_addr_t *) mm->saved_auxv; int i = 0; @@ -49330,7 +48269,7 @@ index 5843a47..160fbe2 100644 fill_note(note, "CORE", NT_AUXV, i * sizeof(elf_addr_t), auxv); } -@@ -2007,14 +2453,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, +@@ -2015,14 +2462,14 @@ static void fill_extnum_info(struct elfhdr *elf, struct elf_shdr *shdr4extnum, } static size_t elf_core_vma_data_size(struct vm_area_struct *gate_vma, @@ -49347,7 +48286,7 @@ index 5843a47..160fbe2 100644 return size; } -@@ -2108,7 +2554,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2116,7 +2563,7 @@ static int elf_core_dump(struct coredump_params *cprm) dataoff = offset = roundup(offset, ELF_EXEC_PAGESIZE); @@ -49356,7 +48295,7 @@ index 5843a47..160fbe2 100644 offset += elf_core_extra_data_size(); e_shoff = offset; -@@ -2122,10 +2568,12 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2130,10 +2577,12 @@ static int elf_core_dump(struct coredump_params *cprm) offset = dataoff; size += sizeof(*elf); @@ -49369,7 +48308,7 @@ index 5843a47..160fbe2 100644 if (size > cprm->limit || !dump_write(cprm->file, phdr4note, sizeof(*phdr4note))) goto end_coredump; -@@ -2139,7 +2587,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2147,7 +2596,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_offset = offset; phdr.p_vaddr = vma->vm_start; phdr.p_paddr = 0; @@ -49378,7 +48317,7 @@ index 5843a47..160fbe2 100644 phdr.p_memsz = vma->vm_end - vma->vm_start; offset += phdr.p_filesz; phdr.p_flags = vma->vm_flags & VM_READ ? PF_R : 0; -@@ -2150,6 +2598,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2158,6 +2607,7 @@ static int elf_core_dump(struct coredump_params *cprm) phdr.p_align = ELF_EXEC_PAGESIZE; size += sizeof(phdr); @@ -49386,7 +48325,7 @@ index 5843a47..160fbe2 100644 if (size > cprm->limit || !dump_write(cprm->file, &phdr, sizeof(phdr))) goto end_coredump; -@@ -2174,7 +2623,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2182,7 +2632,7 @@ static int elf_core_dump(struct coredump_params *cprm) unsigned long addr; unsigned long end; @@ -49395,7 +48334,7 @@ index 5843a47..160fbe2 100644 for (addr = vma->vm_start; addr < end; addr += PAGE_SIZE) { struct page *page; -@@ -2183,6 +2632,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2191,6 +2641,7 @@ static int elf_core_dump(struct coredump_params *cprm) page = get_dump_page(addr); if (page) { void *kaddr = kmap(page); @@ -49403,7 +48342,7 @@ index 5843a47..160fbe2 100644 stop = ((size += PAGE_SIZE) > cprm->limit) || !dump_write(cprm->file, kaddr, PAGE_SIZE); -@@ -2200,6 +2650,7 @@ static int elf_core_dump(struct coredump_params *cprm) +@@ -2208,6 +2659,7 @@ static int elf_core_dump(struct coredump_params *cprm) if (e_phnum == PN_XNUM) { size += sizeof(*shdr4extnum); @@ -49411,7 +48350,7 @@ index 5843a47..160fbe2 100644 if (size > cprm->limit || !dump_write(cprm->file, shdr4extnum, sizeof(*shdr4extnum))) -@@ -2220,6 +2671,97 @@ out: +@@ -2228,6 +2680,97 @@ out: #endif /* CONFIG_ELF_CORE */ @@ -49510,7 +48449,7 @@ index 5843a47..160fbe2 100644 { register_binfmt(&elf_format); diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c -index b563719..3868998 100644 +index 2036d21..b0430d0 100644 --- a/fs/binfmt_flat.c +++ b/fs/binfmt_flat.c @@ -562,7 +562,9 @@ static int load_flat_file(struct linux_binprm * bprm, @@ -49577,7 +48516,7 @@ index b96fc6c..431d628 100644 __bio_for_each_segment(bvec, bio, i, 0) { char *addr = page_address(bvec->bv_page); diff --git a/fs/block_dev.c b/fs/block_dev.c -index 883dc49..f27794a 100644 +index aae187a..fd790ba 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c @@ -652,7 +652,7 @@ static bool bd_may_claim(struct block_device *bdev, struct block_device *whole, @@ -49590,7 +48529,7 @@ index 883dc49..f27794a 100644 else if (whole->bd_holder != NULL) return false; /* is a partition of a held device */ diff --git a/fs/btrfs/ctree.c b/fs/btrfs/ctree.c -index ce1c169..1ef484f 100644 +index ca9d8f1..8c0142d 100644 --- a/fs/btrfs/ctree.c +++ b/fs/btrfs/ctree.c @@ -1036,9 +1036,12 @@ static noinline int __btrfs_cow_block(struct btrfs_trans_handle *trans, @@ -49609,60 +48548,11 @@ index ce1c169..1ef484f 100644 parent_start = 0; WARN_ON(trans->transid != btrfs_header_generation(parent)); -diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c -index d170412..a575d77 100644 ---- a/fs/btrfs/extent-tree.c -+++ b/fs/btrfs/extent-tree.c -@@ -6019,7 +6019,7 @@ again: - if (ret == -ENOSPC) { - if (!final_tried) { - num_bytes = num_bytes >> 1; -- num_bytes = num_bytes & ~(root->sectorsize - 1); -+ num_bytes = num_bytes & ~((u64)root->sectorsize - 1); - num_bytes = max(num_bytes, min_alloc_size); - if (num_bytes == min_alloc_size) - final_tried = true; -diff --git a/fs/btrfs/inode.c b/fs/btrfs/inode.c -index 7c4e6cc..8ad78b2 100644 ---- a/fs/btrfs/inode.c -+++ b/fs/btrfs/inode.c -@@ -17,6 +17,7 @@ - */ - - #include <linux/kernel.h> -+#include <linux/module.h> - #include <linux/bio.h> - #include <linux/buffer_head.h> - #include <linux/file.h> -@@ -7314,7 +7315,7 @@ fail: - return -ENOMEM; - } - --static int btrfs_getattr(struct vfsmount *mnt, -+int btrfs_getattr(struct vfsmount *mnt, - struct dentry *dentry, struct kstat *stat) - { - struct inode *inode = dentry->d_inode; -@@ -7328,6 +7329,14 @@ static int btrfs_getattr(struct vfsmount *mnt, - return 0; - } - -+EXPORT_SYMBOL(btrfs_getattr); -+ -+dev_t get_btrfs_dev_from_inode(struct inode *inode) -+{ -+ return BTRFS_I(inode)->root->anon_dev; -+} -+EXPORT_SYMBOL(get_btrfs_dev_from_inode); -+ - /* - * If a file is moved, it will inherit the cow and compression flags of the new - * directory. diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c -index 338f259..b657640 100644 +index 2c02310..a0c895e 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c -@@ -3033,9 +3033,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) +@@ -3077,9 +3077,12 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) for (i = 0; i < num_types; i++) { struct btrfs_space_info *tmp; @@ -49675,7 +48565,7 @@ index 338f259..b657640 100644 info = NULL; rcu_read_lock(); list_for_each_entry_rcu(tmp, &root->fs_info->space_info, -@@ -3057,10 +3060,7 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) +@@ -3101,10 +3104,7 @@ long btrfs_ioctl_space_info(struct btrfs_root *root, void __user *arg) memcpy(dest, &space, sizeof(space)); dest++; space_args.total_spaces++; @@ -49686,24 +48576,11 @@ index 338f259..b657640 100644 } up_read(&info->groups_sem); } -diff --git a/fs/btrfs/relocation.c b/fs/btrfs/relocation.c -index 300e09a..9fe4539 100644 ---- a/fs/btrfs/relocation.c -+++ b/fs/btrfs/relocation.c -@@ -1269,7 +1269,7 @@ static int __update_reloc_root(struct btrfs_root *root, int del) - } - spin_unlock(&rc->reloc_root_tree.lock); - -- BUG_ON((struct btrfs_root *)node->data != root); -+ BUG_ON(!node || (struct btrfs_root *)node->data != root); - - if (!del) { - spin_lock(&rc->reloc_root_tree.lock); diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c -index d8982e9..29a85fa 100644 +index f6b8859..54fe8c5 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c -@@ -267,7 +267,7 @@ void __btrfs_abort_transaction(struct btrfs_trans_handle *trans, +@@ -266,7 +266,7 @@ void __btrfs_abort_transaction(struct btrfs_trans_handle *trans, function, line, errstr); return; } @@ -49867,7 +48744,7 @@ index 4809922..aab2c39 100644 kunmap(page); if (ret != len) diff --git a/fs/ceph/dir.c b/fs/ceph/dir.c -index 8c1aabe..bbf856a 100644 +index 6d797f4..0ace2e5 100644 --- a/fs/ceph/dir.c +++ b/fs/ceph/dir.c @@ -243,7 +243,7 @@ static int ceph_readdir(struct file *filp, void *dirent, filldir_t filldir) @@ -49924,10 +48801,10 @@ index d9ea6ed..1e6c8ac 100644 server->ops->print_stats(m, tcon); } diff --git a/fs/cifs/cifsfs.c b/fs/cifs/cifsfs.c -index b9db388..9a73d6d 100644 +index 345fc89..b2acae5 100644 --- a/fs/cifs/cifsfs.c +++ b/fs/cifs/cifsfs.c -@@ -1026,7 +1026,7 @@ cifs_init_request_bufs(void) +@@ -1033,7 +1033,7 @@ cifs_init_request_bufs(void) /* cERROR(1, "CIFSMaxBufSize %d 0x%x",CIFSMaxBufSize,CIFSMaxBufSize); */ cifs_req_cachep = kmem_cache_create("cifs_request", CIFSMaxBufSize + max_hdr_size, 0, @@ -49936,7 +48813,7 @@ index b9db388..9a73d6d 100644 if (cifs_req_cachep == NULL) return -ENOMEM; -@@ -1053,7 +1053,7 @@ cifs_init_request_bufs(void) +@@ -1060,7 +1060,7 @@ cifs_init_request_bufs(void) efficient to alloc 1 per page off the slab compared to 17K (5page) alloc of large cifs buffers even when page debugging is on */ cifs_sm_req_cachep = kmem_cache_create("cifs_small_rq", @@ -49945,7 +48822,7 @@ index b9db388..9a73d6d 100644 NULL); if (cifs_sm_req_cachep == NULL) { mempool_destroy(cifs_req_poolp); -@@ -1138,8 +1138,8 @@ init_cifs(void) +@@ -1145,8 +1145,8 @@ init_cifs(void) atomic_set(&bufAllocCount, 0); atomic_set(&smBufAllocCount, 0); #ifdef CONFIG_CIFS_STATS2 @@ -49957,7 +48834,7 @@ index b9db388..9a73d6d 100644 atomic_set(&midCount, 0); diff --git a/fs/cifs/cifsglob.h b/fs/cifs/cifsglob.h -index e6899ce..d6b2920 100644 +index 4f07f6f..55de8ce 100644 --- a/fs/cifs/cifsglob.h +++ b/fs/cifs/cifsglob.h @@ -751,35 +751,35 @@ struct cifs_tcon { @@ -50041,7 +48918,7 @@ index e6899ce..d6b2920 100644 GLOBAL_EXTERN atomic_t smBufAllocCount; GLOBAL_EXTERN atomic_t midCount; diff --git a/fs/cifs/link.c b/fs/cifs/link.c -index 51dc2fb..1e12a33 100644 +index 9f6c4c4..8de307a 100644 --- a/fs/cifs/link.c +++ b/fs/cifs/link.c @@ -616,7 +616,7 @@ symlink_exit: @@ -50054,7 +48931,7 @@ index 51dc2fb..1e12a33 100644 kfree(p); } diff --git a/fs/cifs/misc.c b/fs/cifs/misc.c -index 3a00c0d..42d901c 100644 +index 1b15bf8..1ce489e 100644 --- a/fs/cifs/misc.c +++ b/fs/cifs/misc.c @@ -169,7 +169,7 @@ cifs_buf_get(void) @@ -50321,7 +49198,7 @@ index 41d9d07..dbb4772 100644 req->FileIndex = cpu_to_le32(index); diff --git a/fs/coda/cache.c b/fs/coda/cache.c -index 958ae0e..505c9d0 100644 +index 1da168c..8bc7ff6 100644 --- a/fs/coda/cache.c +++ b/fs/coda/cache.c @@ -24,7 +24,7 @@ @@ -50339,7 +49216,7 @@ index 958ae0e..505c9d0 100644 spin_lock(&cii->c_lock); - cii->c_cached_epoch = atomic_read(&permission_epoch); + cii->c_cached_epoch = atomic_read_unchecked(&permission_epoch); - if (cii->c_uid != current_fsuid()) { + if (!uid_eq(cii->c_uid, current_fsuid())) { cii->c_uid = current_fsuid(); cii->c_cached_perm = mask; @@ -46,14 +46,14 @@ void coda_cache_clear_inode(struct inode *inode) @@ -50362,14 +49239,14 @@ index 958ae0e..505c9d0 100644 @@ -66,7 +66,7 @@ int coda_cache_check(struct inode *inode, int mask) spin_lock(&cii->c_lock); hit = (mask & cii->c_cached_perm) == mask && - cii->c_uid == current_fsuid() && + uid_eq(cii->c_uid, current_fsuid()) && - cii->c_cached_epoch == atomic_read(&permission_epoch); + cii->c_cached_epoch == atomic_read_unchecked(&permission_epoch); spin_unlock(&cii->c_lock); return hit; diff --git a/fs/compat.c b/fs/compat.c -index a06dcbc..dacb6d3 100644 +index d487985..c9e04b1 100644 --- a/fs/compat.c +++ b/fs/compat.c @@ -54,7 +54,7 @@ @@ -50507,7 +49384,7 @@ index a81147e..20bf2b5 100644 /* diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c -index e2f57a0..3c78771 100644 +index 3ced75f..1eeca06 100644 --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c @@ -623,7 +623,7 @@ static int serial_struct_ioctl(unsigned fd, unsigned cmd, @@ -50540,24 +49417,10 @@ index e2f57a0..3c78771 100644 return 1; if (a < b) diff --git a/fs/configfs/dir.c b/fs/configfs/dir.c -index 712b10f..c33c4ca 100644 +index 7aabc6a..34c1197 100644 --- a/fs/configfs/dir.c +++ b/fs/configfs/dir.c -@@ -1037,10 +1037,11 @@ static int configfs_dump(struct configfs_dirent *sd, int level) - static int configfs_depend_prep(struct dentry *origin, - struct config_item *target) - { -- struct configfs_dirent *child_sd, *sd = origin->d_fsdata; -+ struct configfs_dirent *child_sd, *sd; - int ret = 0; - -- BUG_ON(!origin || !sd); -+ BUG_ON(!origin || !origin->d_fsdata); -+ sd = origin->d_fsdata; - - if (sd->s_element == target) /* Boo-yah */ - goto out; -@@ -1564,7 +1565,8 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir +@@ -1565,7 +1565,8 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir } for (p=q->next; p!= &parent_sd->s_children; p=p->next) { struct configfs_dirent *next; @@ -50567,7 +49430,7 @@ index 712b10f..c33c4ca 100644 int len; struct inode *inode = NULL; -@@ -1574,7 +1576,12 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir +@@ -1575,7 +1576,12 @@ static int configfs_readdir(struct file * filp, void * dirent, filldir_t filldir continue; name = configfs_get_name(next); @@ -50582,7 +49445,7 @@ index 712b10f..c33c4ca 100644 /* * We'll have a dentry and an inode for diff --git a/fs/coredump.c b/fs/coredump.c -index 1774932..5812106 100644 +index c647965..a77bff3 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -52,7 +52,7 @@ struct core_name { @@ -50613,7 +49476,7 @@ index 1774932..5812106 100644 cn->used = 0; @@ -414,17 +414,17 @@ static void wait_for_dump_helpers(struct file *file) - pipe = file->f_path.dentry->d_inode->i_pipe; + pipe = file_inode(file)->i_pipe; pipe_lock(pipe); - pipe->readers++; @@ -50703,10 +49566,10 @@ index 1774932..5812106 100644 EXPORT_SYMBOL(dump_write); diff --git a/fs/dcache.c b/fs/dcache.c -index de73da2..2ed907b 100644 +index e689268..f36956e 100644 --- a/fs/dcache.c +++ b/fs/dcache.c -@@ -3141,7 +3141,7 @@ void __init vfs_caches_init(unsigned long mempages) +@@ -3100,7 +3100,7 @@ void __init vfs_caches_init(unsigned long mempages) mempages -= reserve; names_cachep = kmem_cache_create("names_cache", PATH_MAX, 0, @@ -50716,7 +49579,7 @@ index de73da2..2ed907b 100644 dcache_init(); inode_init(); diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c -index a5f12b7..4ee8a6f 100644 +index 4888cb3..e0f7cf8 100644 --- a/fs/debugfs/inode.c +++ b/fs/debugfs/inode.c @@ -415,7 +415,11 @@ EXPORT_SYMBOL_GPL(debugfs_create_file); @@ -50732,7 +49595,7 @@ index a5f12b7..4ee8a6f 100644 } EXPORT_SYMBOL_GPL(debugfs_create_dir); diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c -index cc7709e..7e7211f 100644 +index 5eab400..810a3f5 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -674,7 +674,7 @@ static int ecryptfs_readlink_lower(struct dentry *dentry, char **buf, @@ -50754,51 +49617,10 @@ index cc7709e..7e7211f 100644 /* Free the char* */ kfree(buf); diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c -index 412e6ed..d8263e8 100644 +index e4141f2..d8263e8 100644 --- a/fs/ecryptfs/miscdev.c +++ b/fs/ecryptfs/miscdev.c -@@ -80,13 +80,6 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file) - int rc; - - mutex_lock(&ecryptfs_daemon_hash_mux); -- rc = try_module_get(THIS_MODULE); -- if (rc == 0) { -- rc = -EIO; -- printk(KERN_ERR "%s: Error attempting to increment module use " -- "count; rc = [%d]\n", __func__, rc); -- goto out_unlock_daemon_list; -- } - rc = ecryptfs_find_daemon_by_euid(&daemon); - if (!rc) { - rc = -EINVAL; -@@ -96,7 +89,7 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file) - if (rc) { - printk(KERN_ERR "%s: Error attempting to spawn daemon; " - "rc = [%d]\n", __func__, rc); -- goto out_module_put_unlock_daemon_list; -+ goto out_unlock_daemon_list; - } - mutex_lock(&daemon->mux); - if (daemon->flags & ECRYPTFS_DAEMON_MISCDEV_OPEN) { -@@ -108,9 +101,6 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file) - atomic_inc(&ecryptfs_num_miscdev_opens); - out_unlock_daemon: - mutex_unlock(&daemon->mux); --out_module_put_unlock_daemon_list: -- if (rc) -- module_put(THIS_MODULE); - out_unlock_daemon_list: - mutex_unlock(&ecryptfs_daemon_hash_mux); - return rc; -@@ -147,7 +137,6 @@ ecryptfs_miscdev_release(struct inode *inode, struct file *file) - "bug.\n", __func__, rc); - BUG(); - } -- module_put(THIS_MODULE); - return rc; - } - -@@ -315,7 +304,7 @@ check_list: +@@ -304,7 +304,7 @@ check_list: goto out_unlock_msg_ctx; i = PKT_TYPE_SIZE + PKT_CTR_SIZE; if (msg_ctx->msg) { @@ -50807,28 +49629,11 @@ index 412e6ed..d8263e8 100644 goto out_unlock_msg_ctx; i += packet_length_size; if (copy_to_user(&buf[i], msg_ctx->msg, msg_ctx->msg_size)) -@@ -471,6 +460,7 @@ out_free: - - - static const struct file_operations ecryptfs_miscdev_fops = { -+ .owner = THIS_MODULE, - .open = ecryptfs_miscdev_open, - .poll = ecryptfs_miscdev_poll, - .read = ecryptfs_miscdev_read, diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c -index b2a34a1..162fa69 100644 +index 6a16053..2155147 100644 --- a/fs/ecryptfs/read_write.c +++ b/fs/ecryptfs/read_write.c -@@ -48,7 +48,7 @@ int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data, - return -EIO; - fs_save = get_fs(); - set_fs(get_ds()); -- rc = vfs_write(lower_file, data, size, &offset); -+ rc = vfs_write(lower_file, (const char __force_user *)data, size, &offset); - set_fs(fs_save); - mark_inode_dirty_sync(ecryptfs_inode); - return rc; -@@ -244,7 +244,7 @@ int ecryptfs_read_lower(char *data, loff_t offset, size_t size, +@@ -240,7 +240,7 @@ int ecryptfs_read_lower(char *data, loff_t offset, size_t size, return -EIO; fs_save = get_fs(); set_fs(get_ds()); @@ -50838,7 +49643,7 @@ index b2a34a1..162fa69 100644 return rc; } diff --git a/fs/exec.c b/fs/exec.c -index ac014f1..0bfe729 100644 +index 6d56ff2..b56586d 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -55,8 +55,20 @@ @@ -51101,18 +49906,18 @@ index ac014f1..0bfe729 100644 + +#if !defined(CONFIG_STACK_GROWSUP) && defined(CONFIG_PAX_RANDMMAP) + if (!ret && (mm->pax_flags & MF_PAX_RANDMMAP) && STACK_TOP <= 0xFFFFFFFFU && STACK_TOP > vma->vm_end) { -+ unsigned long size, flags, vm_flags; ++ unsigned long size; ++ vm_flags_t vm_flags; + + size = STACK_TOP - vma->vm_end; -+ flags = MAP_FIXED | MAP_PRIVATE; + vm_flags = VM_NONE | VM_DONTEXPAND | VM_DONTDUMP; + -+ ret = vma->vm_end != mmap_region(NULL, vma->vm_end, size, flags, vm_flags, 0); ++ ret = vma->vm_end != mmap_region(NULL, vma->vm_end, size, vm_flags, 0); + +#ifdef CONFIG_X86 + if (!ret) { + size = mmap_min_addr + ((mm->delta_mmap ^ mm->delta_stack) & (0xFFUL << PAGE_SHIFT)); -+ ret = 0 != mmap_region(NULL, 0, PAGE_ALIGN(size), flags, vm_flags, 0); ++ ret = 0 != mmap_region(NULL, 0, PAGE_ALIGN(size), vm_flags, 0); + } +#endif + @@ -51222,7 +50027,7 @@ index ac014f1..0bfe729 100644 + goto out_file; + } + -+ if (!gr_acl_handle_execve(file->f_dentry, file->f_vfsmnt)) { ++ if (!gr_acl_handle_execve(file->f_path.dentry, file->f_path.mnt)) { + retval = -EACCES; + goto out_file; + } @@ -51260,7 +50065,7 @@ index ac014f1..0bfe729 100644 + goto out_fail; + } + -+ retval = gr_set_proc_label(file->f_dentry, file->f_vfsmnt, ++ retval = gr_set_proc_label(file->f_path.dentry, file->f_path.mnt, + bprm->unsafe); + if (retval < 0) + goto out_fail; @@ -51281,7 +50086,7 @@ index ac014f1..0bfe729 100644 - goto out; + goto out_fail; + -+ gr_log_chroot_exec(file->f_dentry, file->f_vfsmnt); ++ gr_log_chroot_exec(file->f_path.dentry, file->f_path.mnt); + + gr_handle_exec_args(bprm, argv); @@ -51315,7 +50120,7 @@ index ac014f1..0bfe729 100644 out: if (bprm->mm) { acct_arg_size(bprm, 0); -@@ -1700,3 +1871,278 @@ asmlinkage long compat_sys_execve(const char __user * filename, +@@ -1700,3 +1871,283 @@ asmlinkage long compat_sys_execve(const char __user * filename, return error; } #endif @@ -51532,13 +50337,18 @@ index ac014f1..0bfe729 100644 +{ +#if defined(CONFIG_X86_32) && defined(CONFIG_PAX_KERNEXEC) + unsigned long textlow = ktla_ktva((unsigned long)_stext); ++#ifdef CONFIG_MODULES ++ unsigned long texthigh = (unsigned long)MODULES_EXEC_VADDR; ++#else + unsigned long texthigh = ktla_ktva((unsigned long)_etext); ++#endif ++ +#else + unsigned long textlow = _stext; + unsigned long texthigh = _etext; +#endif + -+ if (high < textlow || low > texthigh) ++ if (high <= textlow || low > texthigh) + return false; + else + return true; @@ -51595,10 +50405,10 @@ index ac014f1..0bfe729 100644 +EXPORT_SYMBOL(report_size_overflow); +#endif diff --git a/fs/ext2/balloc.c b/fs/ext2/balloc.c -index 2616d0e..2ffdec9 100644 +index 9f9992b..8b59411 100644 --- a/fs/ext2/balloc.c +++ b/fs/ext2/balloc.c -@@ -1190,10 +1190,10 @@ static int ext2_has_free_blocks(struct ext2_sb_info *sbi) +@@ -1184,10 +1184,10 @@ static int ext2_has_free_blocks(struct ext2_sb_info *sbi) free_blocks = percpu_counter_read_positive(&sbi->s_freeblocks_counter); root_blocks = le32_to_cpu(sbi->s_es->s_r_blocks_count); @@ -51644,10 +50454,10 @@ index 92e68b3..115d987 100644 if (free_clusters >= (nclusters + dirty_clusters)) return 1; diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h -index bbcd6a0..2824592 100644 +index 3b83cd6..0f34dcd 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h -@@ -1265,19 +1265,19 @@ struct ext4_sb_info { +@@ -1254,19 +1254,19 @@ struct ext4_sb_info { unsigned long s_mb_last_start; /* stats for buddy allocator */ @@ -51678,10 +50488,10 @@ index bbcd6a0..2824592 100644 /* locality groups */ diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c -index b443e62..a2109f6 100644 +index cf3025c..cac6011 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c -@@ -1747,7 +1747,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, +@@ -1754,7 +1754,7 @@ void ext4_mb_simple_scan_group(struct ext4_allocation_context *ac, BUG_ON(ac->ac_b_ex.fe_len != ac->ac_g_ex.fe_len); if (EXT4_SB(sb)->s_mb_stats) @@ -51690,7 +50500,7 @@ index b443e62..a2109f6 100644 break; } -@@ -2044,7 +2044,7 @@ repeat: +@@ -2055,7 +2055,7 @@ repeat: ac->ac_status = AC_STATUS_CONTINUE; ac->ac_flags |= EXT4_MB_HINT_FIRST; cr = 3; @@ -51699,7 +50509,7 @@ index b443e62..a2109f6 100644 goto repeat; } } -@@ -2552,25 +2552,25 @@ int ext4_mb_release(struct super_block *sb) +@@ -2563,25 +2563,25 @@ int ext4_mb_release(struct super_block *sb) if (sbi->s_mb_stats) { ext4_msg(sb, KERN_INFO, "mballoc: %u blocks %u reqs (%u success)", @@ -51735,7 +50545,7 @@ index b443e62..a2109f6 100644 } free_percpu(sbi->s_locality_groups); -@@ -3060,16 +3060,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) +@@ -3035,16 +3035,16 @@ static void ext4_mb_collect_stats(struct ext4_allocation_context *ac) struct ext4_sb_info *sbi = EXT4_SB(ac->ac_sb); if (sbi->s_mb_stats && ac->ac_g_ex.fe_len > 1) { @@ -51758,7 +50568,7 @@ index b443e62..a2109f6 100644 } if (ac->ac_op == EXT4_MB_HISTORY_ALLOC) -@@ -3469,7 +3469,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) +@@ -3444,7 +3444,7 @@ ext4_mb_new_inode_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_inode_pa(ac, pa); ext4_mb_use_inode_pa(ac, pa); @@ -51767,7 +50577,7 @@ index b443e62..a2109f6 100644 ei = EXT4_I(ac->ac_inode); grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); -@@ -3529,7 +3529,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) +@@ -3504,7 +3504,7 @@ ext4_mb_new_group_pa(struct ext4_allocation_context *ac) trace_ext4_mb_new_group_pa(ac, pa); ext4_mb_use_group_pa(ac, pa); @@ -51776,7 +50586,7 @@ index b443e62..a2109f6 100644 grp = ext4_get_group_info(sb, ac->ac_b_ex.fe_group); lg = ac->ac_lg; -@@ -3618,7 +3618,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, +@@ -3593,7 +3593,7 @@ ext4_mb_release_inode_pa(struct ext4_buddy *e4b, struct buffer_head *bitmap_bh, * from the bitmap and continue. */ } @@ -51785,7 +50595,7 @@ index b443e62..a2109f6 100644 return err; } -@@ -3636,7 +3636,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, +@@ -3611,7 +3611,7 @@ ext4_mb_release_group_pa(struct ext4_buddy *e4b, ext4_get_group_no_and_offset(sb, pa->pa_pstart, &group, &bit); BUG_ON(group != e4b->bd_group && pa->pa_len != 0); mb_free_blocks(pa->pa_inode, e4b, bit, pa->pa_len); @@ -51795,10 +50605,10 @@ index b443e62..a2109f6 100644 return 0; diff --git a/fs/ext4/super.c b/fs/ext4/super.c -index 5575a45..12f7424 100644 +index febbe0e..782c4fd 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c -@@ -2432,7 +2432,7 @@ struct ext4_attr { +@@ -2380,7 +2380,7 @@ struct ext4_attr { ssize_t (*store)(struct ext4_attr *, struct ext4_sb_info *, const char *, size_t); int offset; @@ -51808,7 +50618,7 @@ index 5575a45..12f7424 100644 static int parse_strtoul(const char *buf, unsigned long max, unsigned long *value) diff --git a/fs/fcntl.c b/fs/fcntl.c -index 71a600a..20d87b1 100644 +index 6599222..e7bf0de 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -107,6 +107,11 @@ int __f_setown(struct file *filp, struct pid *pid, enum pid_type type, @@ -51912,7 +50722,7 @@ index cf6f434..3d7942c 100644 err_nocleanup: diff --git a/fs/file.c b/fs/file.c -index 2b3570b..c57924b 100644 +index 3906d95..5fe379b 100644 --- a/fs/file.c +++ b/fs/file.c @@ -16,6 +16,7 @@ @@ -51948,24 +50758,23 @@ index 2b3570b..c57924b 100644 return -EINVAL; err = alloc_fd(from, flags); diff --git a/fs/filesystems.c b/fs/filesystems.c -index da165f6..3671bdb 100644 +index 92567d9..fcd8cbf 100644 --- a/fs/filesystems.c +++ b/fs/filesystems.c -@@ -273,7 +273,12 @@ struct file_system_type *get_fs_type(const char *name) +@@ -273,7 +273,11 @@ struct file_system_type *get_fs_type(const char *name) int len = dot ? dot - name : strlen(name); fs = __get_fs_type(name, len); -+ +#ifdef CONFIG_GRKERNSEC_MODHARDEN -+ if (!fs && (___request_module(true, "grsec_modharden_fs", "%.*s", len, name) == 0)) ++ if (!fs && (___request_module(true, "grsec_modharden_fs", "fs-%.*s", len, name) == 0)) +#else - if (!fs && (request_module("%.*s", len, name) == 0)) + if (!fs && (request_module("fs-%.*s", len, name) == 0)) +#endif fs = __get_fs_type(name, len); if (dot && fs && !(fs->fs_flags & FS_HAS_SUBTYPE)) { diff --git a/fs/fs_struct.c b/fs/fs_struct.c -index fe6ca58..65318cf 100644 +index d8ac61d..79a36f0 100644 --- a/fs/fs_struct.c +++ b/fs/fs_struct.c @@ -4,6 +4,7 @@ @@ -51976,7 +50785,7 @@ index fe6ca58..65318cf 100644 #include "internal.h" /* -@@ -19,6 +20,7 @@ void set_fs_root(struct fs_struct *fs, struct path *path) +@@ -19,6 +20,7 @@ void set_fs_root(struct fs_struct *fs, const struct path *path) write_seqcount_begin(&fs->seq); old_root = fs->root; fs->root = *path; @@ -51984,38 +50793,18 @@ index fe6ca58..65318cf 100644 write_seqcount_end(&fs->seq); spin_unlock(&fs->lock); if (old_root.dentry) -@@ -53,6 +55,21 @@ static inline int replace_path(struct path *p, const struct path *old, const str - return 1; - } - -+static inline int replace_root_path(struct task_struct *task, struct path *p, const struct path *old, struct path *new) -+{ -+ if (likely(p->dentry != old->dentry || p->mnt != old->mnt)) -+ return 0; -+ *p = *new; -+ -+ /* This function is only called from pivot_root(). Leave our -+ gr_chroot_dentry and is_chrooted flags as-is, so that a -+ pivoted root isn't treated as a chroot -+ */ -+ //gr_set_chroot_entries(task, new); -+ -+ return 1; -+} -+ - void chroot_fs_refs(struct path *old_root, struct path *new_root) - { - struct task_struct *g, *p; -@@ -67,7 +84,7 @@ void chroot_fs_refs(struct path *old_root, struct path *new_root) +@@ -67,6 +69,10 @@ void chroot_fs_refs(const struct path *old_root, const struct path *new_root) int hits = 0; spin_lock(&fs->lock); write_seqcount_begin(&fs->seq); -- hits += replace_path(&fs->root, old_root, new_root); -+ hits += replace_root_path(p, &fs->root, old_root, new_root); ++ /* this root replacement is only done by pivot_root, ++ leave grsec's chroot tagging alone for this task ++ so that a pivoted root isn't treated as a chroot ++ */ + hits += replace_path(&fs->root, old_root, new_root); hits += replace_path(&fs->pwd, old_root, new_root); write_seqcount_end(&fs->seq); - while (hits--) { -@@ -99,7 +116,8 @@ void exit_fs(struct task_struct *tsk) +@@ -99,7 +105,8 @@ void exit_fs(struct task_struct *tsk) task_lock(tsk); spin_lock(&fs->lock); tsk->fs = NULL; @@ -52025,7 +50814,7 @@ index fe6ca58..65318cf 100644 spin_unlock(&fs->lock); task_unlock(tsk); if (kill) -@@ -112,7 +130,7 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) +@@ -112,7 +119,7 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) struct fs_struct *fs = kmem_cache_alloc(fs_cachep, GFP_KERNEL); /* We don't need to lock fs - think why ;-) */ if (fs) { @@ -52034,7 +50823,7 @@ index fe6ca58..65318cf 100644 fs->in_exec = 0; spin_lock_init(&fs->lock); seqcount_init(&fs->seq); -@@ -121,6 +139,9 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) +@@ -121,6 +128,9 @@ struct fs_struct *copy_fs_struct(struct fs_struct *old) spin_lock(&old->lock); fs->root = old->root; path_get(&fs->root); @@ -52044,7 +50833,7 @@ index fe6ca58..65318cf 100644 fs->pwd = old->pwd; path_get(&fs->pwd); spin_unlock(&old->lock); -@@ -139,8 +160,9 @@ int unshare_fs_struct(void) +@@ -139,8 +149,9 @@ int unshare_fs_struct(void) task_lock(current); spin_lock(&fs->lock); @@ -52055,7 +50844,7 @@ index fe6ca58..65318cf 100644 spin_unlock(&fs->lock); task_unlock(current); -@@ -153,13 +175,13 @@ EXPORT_SYMBOL_GPL(unshare_fs_struct); +@@ -153,13 +164,13 @@ EXPORT_SYMBOL_GPL(unshare_fs_struct); int current_umask(void) { @@ -52072,7 +50861,7 @@ index fe6ca58..65318cf 100644 .seq = SEQCNT_ZERO, .umask = 0022, diff --git a/fs/fscache/cookie.c b/fs/fscache/cookie.c -index 8dcb114..b1072e2 100644 +index e2cba1f..17a25bb 100644 --- a/fs/fscache/cookie.c +++ b/fs/fscache/cookie.c @@ -68,11 +68,11 @@ struct fscache_cookie *__fscache_acquire_cookie( @@ -52140,7 +50929,7 @@ index 8dcb114..b1072e2 100644 _leave(" = -ENOMEDIUM [no cache]"); return -ENOMEDIUM; } -@@ -256,12 +256,12 @@ static int fscache_alloc_object(struct fscache_cache *cache, +@@ -255,12 +255,12 @@ static int fscache_alloc_object(struct fscache_cache *cache, object = cache->ops->alloc_object(cache, cookie); fscache_stat_d(&fscache_n_cop_alloc_object); if (IS_ERR(object)) { @@ -52155,7 +50944,7 @@ index 8dcb114..b1072e2 100644 object->debug_id = atomic_inc_return(&fscache_object_debug_id); -@@ -378,7 +378,7 @@ void __fscache_invalidate(struct fscache_cookie *cookie) +@@ -376,7 +376,7 @@ void __fscache_invalidate(struct fscache_cookie *cookie) _enter("{%s}", cookie->def->name); @@ -52164,9 +50953,9 @@ index 8dcb114..b1072e2 100644 /* Only permit invalidation of data files. Invalidating an index will * require the caller to release all its attachments to the tree rooted -@@ -437,10 +437,10 @@ void __fscache_update_cookie(struct fscache_cookie *cookie) +@@ -434,10 +434,10 @@ void __fscache_update_cookie(struct fscache_cookie *cookie) + { struct fscache_object *object; - struct hlist_node *_p; - fscache_stat(&fscache_n_updates); + fscache_stat_unchecked(&fscache_n_updates); @@ -52177,7 +50966,7 @@ index 8dcb114..b1072e2 100644 _leave(" [no cookie]"); return; } -@@ -474,12 +474,12 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire) +@@ -471,12 +471,12 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire) struct fscache_object *object; unsigned long event; @@ -52193,7 +50982,7 @@ index 8dcb114..b1072e2 100644 _leave(" [no cookie]"); return; } -@@ -495,7 +495,7 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire) +@@ -492,7 +492,7 @@ void __fscache_relinquish_cookie(struct fscache_cookie *cookie, int retire) /* wait for the cookie to finish being instantiated (or to fail) */ if (test_bit(FSCACHE_COOKIE_CREATING, &cookie->flags)) { @@ -53444,10 +52233,10 @@ index 40d13c7..ddf52b9 100644 seq_printf(m, "CacheOp: alo=%d luo=%d luc=%d gro=%d\n", atomic_read(&fscache_n_cop_alloc_object), diff --git a/fs/fuse/cuse.c b/fs/fuse/cuse.c -index e397b67..b0d8709 100644 +index 6f96a8d..6019bb9 100644 --- a/fs/fuse/cuse.c +++ b/fs/fuse/cuse.c -@@ -593,10 +593,12 @@ static int __init cuse_init(void) +@@ -597,10 +597,12 @@ static int __init cuse_init(void) INIT_LIST_HEAD(&cuse_conntbl[i]); /* inherit and extend fuse_dev_operations */ @@ -53465,10 +52254,10 @@ index e397b67..b0d8709 100644 cuse_class = class_create(THIS_MODULE, "cuse"); if (IS_ERR(cuse_class)) diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c -index e83351a..41e3c9c 100644 +index 11dfa0c..6f64416 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c -@@ -1236,7 +1236,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos, +@@ -1294,7 +1294,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos, ret = 0; pipe_lock(pipe); @@ -53478,10 +52267,10 @@ index e83351a..41e3c9c 100644 if (!ret) ret = -EPIPE; diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c -index 315e1f8..91f890c 100644 +index ff15522..092a0f6 100644 --- a/fs/fuse/dir.c +++ b/fs/fuse/dir.c -@@ -1233,7 +1233,7 @@ static char *read_link(struct dentry *dentry) +@@ -1409,7 +1409,7 @@ static char *read_link(struct dentry *dentry) return link; } @@ -53491,10 +52280,10 @@ index 315e1f8..91f890c 100644 if (!IS_ERR(link)) free_page((unsigned long) link); diff --git a/fs/gfs2/inode.c b/fs/gfs2/inode.c -index 2b6f569..fcb4d1f 100644 +index cc00bd1..3edb692 100644 --- a/fs/gfs2/inode.c +++ b/fs/gfs2/inode.c -@@ -1499,7 +1499,7 @@ out: +@@ -1500,7 +1500,7 @@ out: static void gfs2_put_link(struct dentry *dentry, struct nameidata *nd, void *p) { @@ -53504,7 +52293,7 @@ index 2b6f569..fcb4d1f 100644 kfree(s); } diff --git a/fs/hugetlbfs/inode.c b/fs/hugetlbfs/inode.c -index ccee8cc..144b5d7 100644 +index a3f868a..bb308ae 100644 --- a/fs/hugetlbfs/inode.c +++ b/fs/hugetlbfs/inode.c @@ -152,6 +152,7 @@ hugetlb_get_unmapped_area(struct file *file, unsigned long addr, @@ -53544,9 +52333,9 @@ index ccee8cc..144b5d7 100644 info.high_limit = TASK_SIZE; info.align_mask = PAGE_MASK & ~huge_page_mask(h); info.align_offset = 0; -@@ -897,7 +907,7 @@ static struct file_system_type hugetlbfs_fs_type = { - .kill_sb = kill_litter_super, +@@ -898,7 +908,7 @@ static struct file_system_type hugetlbfs_fs_type = { }; + MODULE_ALIAS_FS("hugetlbfs"); -static struct vfsmount *hugetlbfs_vfsmount[HUGE_MAX_HSTATE]; +struct vfsmount *hugetlbfs_vfsmount[HUGE_MAX_HSTATE]; @@ -53554,10 +52343,10 @@ index ccee8cc..144b5d7 100644 static int can_do_hugetlb_shm(void) { diff --git a/fs/inode.c b/fs/inode.c -index b98540e..6a439ea 100644 +index a898b3d..9b5a214 100644 --- a/fs/inode.c +++ b/fs/inode.c -@@ -880,8 +880,8 @@ unsigned int get_next_ino(void) +@@ -878,8 +878,8 @@ unsigned int get_next_ino(void) #ifdef CONFIG_SMP if (unlikely((res & (LAST_INO_BATCH-1)) == 0)) { @@ -53597,7 +52386,7 @@ index a6597d6..41b30ec 100644 /* diff --git a/fs/jfs/super.c b/fs/jfs/super.c -index 1a543be..a4e1363 100644 +index 2003e83..5e1975d 100644 --- a/fs/jfs/super.c +++ b/fs/jfs/super.c @@ -225,7 +225,7 @@ static const match_table_t tokens = { @@ -53618,7 +52407,7 @@ index 1a543be..a4e1363 100644 unload_nls(nls_map); if (!strcmp(args[0].from, "none")) nls_map = NULL; -@@ -855,7 +855,7 @@ static int __init init_jfs_fs(void) +@@ -856,7 +856,7 @@ static int __init init_jfs_fs(void) jfs_inode_cachep = kmem_cache_create("jfs_ip", sizeof(struct jfs_inode_info), 0, @@ -53656,7 +52445,7 @@ index 916da8c..1588998 100644 next->d_inode->i_ino, dt_type(next->d_inode)) < 0) diff --git a/fs/lockd/clntproc.c b/fs/lockd/clntproc.c -index 54f9e6c..9ed908c 100644 +index 9760ecb..9b838ef 100644 --- a/fs/lockd/clntproc.c +++ b/fs/lockd/clntproc.c @@ -36,11 +36,11 @@ static const struct rpc_call_ops nlmclnt_cancel_ops; @@ -53674,7 +52463,7 @@ index 54f9e6c..9ed908c 100644 memcpy(c->data, &cookie, 4); c->len=4; diff --git a/fs/locks.c b/fs/locks.c -index a94e331..060bce3 100644 +index cb424a4..850e4dd 100644 --- a/fs/locks.c +++ b/fs/locks.c @@ -2064,16 +2064,16 @@ void locks_remove_flock(struct file *filp) @@ -53699,7 +52488,7 @@ index a94e331..060bce3 100644 lock_flocks(); diff --git a/fs/namei.c b/fs/namei.c -index ec97aef..e67718d 100644 +index 57ae9c8..b018eba 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -319,16 +319,32 @@ int generic_permission(struct inode *inode, int mask) @@ -53753,7 +52542,7 @@ index ec97aef..e67718d 100644 return -EACCES; } -@@ -824,7 +832,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p) +@@ -820,7 +828,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p) { struct dentry *dentry = link->dentry; int error; @@ -53762,7 +52551,7 @@ index ec97aef..e67718d 100644 BUG_ON(nd->flags & LOOKUP_RCU); -@@ -845,6 +853,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p) +@@ -841,6 +849,12 @@ follow_link(struct path *link, struct nameidata *nd, void **p) if (error) goto out_put_nd_path; @@ -53775,16 +52564,16 @@ index ec97aef..e67718d 100644 nd->last_type = LAST_BIND; *p = dentry->d_inode->i_op->follow_link(dentry, nd); error = PTR_ERR(*p); -@@ -1594,6 +1608,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) +@@ -1588,6 +1602,8 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd) + if (res) break; - res = walk_component(nd, path, &nd->last, - nd->last_type, LOOKUP_FOLLOW); + res = walk_component(nd, path, LOOKUP_FOLLOW); + if (res >= 0 && gr_handle_symlink_owner(&link, nd->inode)) + res = -EACCES; put_link(nd, &link, cookie); } while (res > 0); -@@ -1692,7 +1708,7 @@ EXPORT_SYMBOL(full_name_hash); +@@ -1686,7 +1702,7 @@ EXPORT_SYMBOL(full_name_hash); static inline unsigned long hash_name(const char *name, unsigned int *hashp) { unsigned long a, b, adata, bdata, mask, hash, len; @@ -53793,7 +52582,7 @@ index ec97aef..e67718d 100644 hash = a = 0; len = -sizeof(unsigned long); -@@ -1977,6 +1993,8 @@ static int path_lookupat(int dfd, const char *name, +@@ -1968,6 +1984,8 @@ static int path_lookupat(int dfd, const char *name, if (err) break; err = lookup_last(nd, &path); @@ -53802,7 +52591,7 @@ index ec97aef..e67718d 100644 put_link(nd, &link, cookie); } } -@@ -1984,6 +2002,13 @@ static int path_lookupat(int dfd, const char *name, +@@ -1975,6 +1993,13 @@ static int path_lookupat(int dfd, const char *name, if (!err) err = complete_walk(nd); @@ -53816,7 +52605,7 @@ index ec97aef..e67718d 100644 if (!err && nd->flags & LOOKUP_DIRECTORY) { if (!nd->inode->i_op->lookup) { path_put(&nd->path); -@@ -2011,8 +2036,15 @@ static int filename_lookup(int dfd, struct filename *name, +@@ -2002,8 +2027,15 @@ static int filename_lookup(int dfd, struct filename *name, retval = path_lookupat(dfd, name->name, flags | LOOKUP_REVAL, nd); @@ -53833,7 +52622,7 @@ index ec97aef..e67718d 100644 return retval; } -@@ -2390,6 +2422,13 @@ static int may_open(struct path *path, int acc_mode, int flag) +@@ -2381,6 +2413,13 @@ static int may_open(struct path *path, int acc_mode, int flag) if (flag & O_NOATIME && !inode_owner_or_capable(inode)) return -EPERM; @@ -53847,7 +52636,7 @@ index ec97aef..e67718d 100644 return 0; } -@@ -2611,7 +2650,7 @@ looked_up: +@@ -2602,7 +2641,7 @@ looked_up: * cleared otherwise prior to returning. */ static int lookup_open(struct nameidata *nd, struct path *path, @@ -53856,7 +52645,7 @@ index ec97aef..e67718d 100644 const struct open_flags *op, bool got_write, int *opened) { -@@ -2646,6 +2685,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2637,6 +2676,17 @@ static int lookup_open(struct nameidata *nd, struct path *path, /* Negative dentry, just create the file */ if (!dentry->d_inode && (op->open_flag & O_CREAT)) { umode_t mode = op->mode; @@ -53874,7 +52663,7 @@ index ec97aef..e67718d 100644 if (!IS_POSIXACL(dir->d_inode)) mode &= ~current_umask(); /* -@@ -2667,6 +2717,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, +@@ -2658,6 +2708,8 @@ static int lookup_open(struct nameidata *nd, struct path *path, nd->flags & LOOKUP_EXCL); if (error) goto out_dput; @@ -53883,7 +52672,7 @@ index ec97aef..e67718d 100644 } out_no_open: path->dentry = dentry; -@@ -2681,7 +2733,7 @@ out_dput: +@@ -2672,7 +2724,7 @@ out_dput: /* * Handle the last step of open() */ @@ -53892,7 +52681,7 @@ index ec97aef..e67718d 100644 struct file *file, const struct open_flags *op, int *opened, struct filename *name) { -@@ -2710,16 +2762,32 @@ static int do_last(struct nameidata *nd, struct path *path, +@@ -2701,16 +2753,32 @@ static int do_last(struct nameidata *nd, struct path *path, error = complete_walk(nd); if (error) return error; @@ -53925,7 +52714,7 @@ index ec97aef..e67718d 100644 audit_inode(name, dir, 0); goto finish_open; } -@@ -2768,7 +2836,7 @@ retry_lookup: +@@ -2759,7 +2827,7 @@ retry_lookup: */ } mutex_lock(&dir->d_inode->i_mutex); @@ -53934,7 +52723,7 @@ index ec97aef..e67718d 100644 mutex_unlock(&dir->d_inode->i_mutex); if (error <= 0) { -@@ -2792,11 +2860,28 @@ retry_lookup: +@@ -2783,11 +2851,28 @@ retry_lookup: goto finish_open_created; } @@ -53964,7 +52753,7 @@ index ec97aef..e67718d 100644 /* * If atomic_open() acquired write access it is dropped now due to -@@ -2837,6 +2922,11 @@ finish_lookup: +@@ -2828,6 +2913,11 @@ finish_lookup: } } BUG_ON(inode != path->dentry->d_inode); @@ -53976,7 +52765,7 @@ index ec97aef..e67718d 100644 return 1; } -@@ -2846,7 +2936,6 @@ finish_lookup: +@@ -2837,7 +2927,6 @@ finish_lookup: save_parent.dentry = nd->path.dentry; save_parent.mnt = mntget(path->mnt); nd->path.dentry = path->dentry; @@ -53984,7 +52773,7 @@ index ec97aef..e67718d 100644 } nd->inode = inode; /* Why this, you ask? _Now_ we might have grown LOOKUP_JUMPED... */ -@@ -2855,6 +2944,16 @@ finish_lookup: +@@ -2846,6 +2935,16 @@ finish_lookup: path_put(&save_parent); return error; } @@ -54001,7 +52790,7 @@ index ec97aef..e67718d 100644 error = -EISDIR; if ((open_flag & O_CREAT) && S_ISDIR(nd->inode->i_mode)) goto out; -@@ -2953,7 +3052,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -2944,7 +3043,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, if (unlikely(error)) goto out; @@ -54010,7 +52799,7 @@ index ec97aef..e67718d 100644 while (unlikely(error > 0)) { /* trailing symlink */ struct path link = path; void *cookie; -@@ -2971,7 +3070,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, +@@ -2962,7 +3061,7 @@ static struct file *path_openat(int dfd, struct filename *pathname, error = follow_link(&link, nd, &cookie); if (unlikely(error)) break; @@ -54019,7 +52808,7 @@ index ec97aef..e67718d 100644 put_link(nd, &link, cookie); } out: -@@ -3071,8 +3170,12 @@ struct dentry *kern_path_create(int dfd, const char *pathname, +@@ -3062,8 +3161,12 @@ struct dentry *kern_path_create(int dfd, const char *pathname, goto unlock; error = -EEXIST; @@ -54033,7 +52822,7 @@ index ec97aef..e67718d 100644 /* * Special case - lookup gave negative, but... we had foo/bar/ * From the vfs_mknod() POV we just have a negative dentry - -@@ -3124,6 +3227,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, +@@ -3115,6 +3218,20 @@ struct dentry *user_path_create(int dfd, const char __user *pathname, } EXPORT_SYMBOL(user_path_create); @@ -54054,7 +52843,7 @@ index ec97aef..e67718d 100644 int vfs_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev) { int error = may_create(dir, dentry); -@@ -3186,6 +3303,17 @@ retry: +@@ -3177,6 +3294,17 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -54072,7 +52861,7 @@ index ec97aef..e67718d 100644 error = security_path_mknod(&path, dentry, mode, dev); if (error) goto out; -@@ -3202,6 +3330,8 @@ retry: +@@ -3193,6 +3321,8 @@ retry: break; } out: @@ -54081,7 +52870,7 @@ index ec97aef..e67718d 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3254,9 +3384,16 @@ retry: +@@ -3245,9 +3375,16 @@ retry: if (!IS_POSIXACL(path.dentry->d_inode)) mode &= ~current_umask(); @@ -54098,7 +52887,7 @@ index ec97aef..e67718d 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3337,6 +3474,8 @@ static long do_rmdir(int dfd, const char __user *pathname) +@@ -3328,6 +3465,8 @@ static long do_rmdir(int dfd, const char __user *pathname) struct filename *name; struct dentry *dentry; struct nameidata nd; @@ -54107,7 +52896,7 @@ index ec97aef..e67718d 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3369,10 +3508,21 @@ retry: +@@ -3360,10 +3499,21 @@ retry: error = -ENOENT; goto exit3; } @@ -54129,7 +52918,7 @@ index ec97aef..e67718d 100644 exit3: dput(dentry); exit2: -@@ -3438,6 +3588,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) +@@ -3429,6 +3579,8 @@ static long do_unlinkat(int dfd, const char __user *pathname) struct dentry *dentry; struct nameidata nd; struct inode *inode = NULL; @@ -54138,7 +52927,7 @@ index ec97aef..e67718d 100644 unsigned int lookup_flags = 0; retry: name = user_path_parent(dfd, pathname, &nd, lookup_flags); -@@ -3464,10 +3616,22 @@ retry: +@@ -3455,10 +3607,22 @@ retry: if (!inode) goto slashes; ihold(inode); @@ -54161,7 +52950,7 @@ index ec97aef..e67718d 100644 exit2: dput(dentry); } -@@ -3545,9 +3709,17 @@ retry: +@@ -3536,9 +3700,17 @@ retry: if (IS_ERR(dentry)) goto out_putname; @@ -54179,7 +52968,7 @@ index ec97aef..e67718d 100644 done_path_create(&path, dentry); if (retry_estale(error, lookup_flags)) { lookup_flags |= LOOKUP_REVAL; -@@ -3621,6 +3793,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, +@@ -3612,6 +3784,7 @@ SYSCALL_DEFINE5(linkat, int, olddfd, const char __user *, oldname, { struct dentry *new_dentry; struct path old_path, new_path; @@ -54187,7 +52976,7 @@ index ec97aef..e67718d 100644 int how = 0; int error; -@@ -3644,7 +3817,7 @@ retry: +@@ -3635,7 +3808,7 @@ retry: if (error) return error; @@ -54196,7 +52985,7 @@ index ec97aef..e67718d 100644 (how & LOOKUP_REVAL)); error = PTR_ERR(new_dentry); if (IS_ERR(new_dentry)) -@@ -3656,11 +3829,28 @@ retry: +@@ -3647,11 +3820,28 @@ retry: error = may_linkat(&old_path); if (unlikely(error)) goto out_dput; @@ -54225,7 +53014,7 @@ index ec97aef..e67718d 100644 done_path_create(&new_path, new_dentry); if (retry_estale(error, how)) { how |= LOOKUP_REVAL; -@@ -3906,12 +4096,21 @@ retry: +@@ -3897,12 +4087,21 @@ retry: if (new_dentry == trap) goto exit5; @@ -54247,7 +53036,7 @@ index ec97aef..e67718d 100644 exit5: dput(new_dentry); exit4: -@@ -3943,6 +4142,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna +@@ -3934,6 +4133,8 @@ SYSCALL_DEFINE2(rename, const char __user *, oldname, const char __user *, newna int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const char *link) { @@ -54256,7 +53045,7 @@ index ec97aef..e67718d 100644 int len; len = PTR_ERR(link); -@@ -3952,7 +4153,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c +@@ -3943,7 +4144,14 @@ int vfs_readlink(struct dentry *dentry, char __user *buffer, int buflen, const c len = strlen(link); if (len > (unsigned) buflen) len = buflen; @@ -54273,7 +53062,7 @@ index ec97aef..e67718d 100644 out: return len; diff --git a/fs/namespace.c b/fs/namespace.c -index 5dd7709..6f64e9c 100644 +index e945b81..1dd8104 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1219,6 +1219,9 @@ static int do_umount(struct mount *mnt, int flags) @@ -54296,16 +53085,7 @@ index 5dd7709..6f64e9c 100644 return retval; } -@@ -1713,7 +1719,7 @@ static int do_loopback(struct path *path, const char *old_name, - - if (IS_ERR(mnt)) { - err = PTR_ERR(mnt); -- goto out; -+ goto out2; - } - - err = graft_tree(mnt, path); -@@ -2294,6 +2300,16 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2267,6 +2273,16 @@ long do_mount(const char *dev_name, const char *dir_name, MS_NOATIME | MS_NODIRATIME | MS_RELATIME| MS_KERNMOUNT | MS_STRICTATIME); @@ -54322,7 +53102,7 @@ index 5dd7709..6f64e9c 100644 if (flags & MS_REMOUNT) retval = do_remount(&path, flags & ~MS_REMOUNT, mnt_flags, data_page); -@@ -2308,6 +2324,9 @@ long do_mount(const char *dev_name, const char *dir_name, +@@ -2281,6 +2297,9 @@ long do_mount(const char *dev_name, const char *dir_name, dev_name, data_page); dput_out: path_put(&path); @@ -54332,7 +53112,7 @@ index 5dd7709..6f64e9c 100644 return retval; } -@@ -2594,6 +2613,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, +@@ -2567,6 +2586,11 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, if (error) goto out2; @@ -54344,7 +53124,7 @@ index 5dd7709..6f64e9c 100644 get_fs_root(current->fs, &root); error = lock_mount(&old); if (error) -@@ -2842,7 +2866,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) +@@ -2815,7 +2839,7 @@ static int mntns_install(struct nsproxy *nsproxy, void *ns) !nsown_capable(CAP_SYS_ADMIN)) return -EPERM; @@ -54367,10 +53147,10 @@ index 59461c9..b17c57e 100644 static struct callback_op callback_ops[]; diff --git a/fs/nfs/inode.c b/fs/nfs/inode.c -index ebeb94c..ff35337 100644 +index 1f94167..79c4ce4 100644 --- a/fs/nfs/inode.c +++ b/fs/nfs/inode.c -@@ -1042,16 +1042,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt +@@ -1041,16 +1041,16 @@ static int nfs_size_need_update(const struct inode *inode, const struct nfs_fatt return nfs_size_to_loff_t(fattr->size) > i_size_read(inode); } @@ -54391,10 +53171,10 @@ index ebeb94c..ff35337 100644 void nfs_fattr_init(struct nfs_fattr *fattr) diff --git a/fs/nfsd/nfs4proc.c b/fs/nfsd/nfs4proc.c -index ec668e1..831ae05 100644 +index 8288b08..4a140d4 100644 --- a/fs/nfsd/nfs4proc.c +++ b/fs/nfsd/nfs4proc.c -@@ -1097,7 +1097,7 @@ struct nfsd4_operation { +@@ -1098,7 +1098,7 @@ struct nfsd4_operation { nfsd4op_rsize op_rsize_bop; stateid_getter op_get_currentstateid; stateid_setter op_set_currentstateid; @@ -54404,10 +53184,10 @@ index ec668e1..831ae05 100644 static struct nfsd4_operation nfsd4_ops[]; diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c -index cd5e6c1..4183d56 100644 +index 6eb0dc5..29067a9 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c -@@ -1450,7 +1450,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) +@@ -1457,7 +1457,7 @@ nfsd4_decode_notsupp(struct nfsd4_compoundargs *argp, void *p) typedef __be32(*nfsd4_dec)(struct nfsd4_compoundargs *argp, void *); @@ -54416,7 +53196,7 @@ index cd5e6c1..4183d56 100644 [OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access, [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close, [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit, -@@ -1490,7 +1490,7 @@ static nfsd4_dec nfsd4_dec_ops[] = { +@@ -1497,7 +1497,7 @@ static nfsd4_dec nfsd4_dec_ops[] = { [OP_RELEASE_LOCKOWNER] = (nfsd4_dec)nfsd4_decode_release_lockowner, }; @@ -54425,7 +53205,7 @@ index cd5e6c1..4183d56 100644 [OP_ACCESS] = (nfsd4_dec)nfsd4_decode_access, [OP_CLOSE] = (nfsd4_dec)nfsd4_decode_close, [OP_COMMIT] = (nfsd4_dec)nfsd4_decode_commit, -@@ -1552,7 +1552,7 @@ static nfsd4_dec nfsd41_dec_ops[] = { +@@ -1559,7 +1559,7 @@ static nfsd4_dec nfsd41_dec_ops[] = { }; struct nfsd4_minorversion_ops { @@ -54435,11 +53215,17 @@ index cd5e6c1..4183d56 100644 }; diff --git a/fs/nfsd/nfscache.c b/fs/nfsd/nfscache.c -index 2cbac34..6dc3889 100644 +index ca05f6d..411a576 100644 --- a/fs/nfsd/nfscache.c +++ b/fs/nfsd/nfscache.c -@@ -264,8 +264,10 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) - if (!(rp = rqstp->rq_cacherep) || cache_disabled) +@@ -461,13 +461,15 @@ nfsd_cache_update(struct svc_rqst *rqstp, int cachetype, __be32 *statp) + { + struct svc_cacherep *rp = rqstp->rq_cacherep; + struct kvec *resv = &rqstp->rq_res.head[0], *cachv; +- int len; ++ long len; + + if (!rp) return; - len = resv->iov_len - ((char*)statp - (char*)resv->iov_base); @@ -54452,7 +53238,7 @@ index 2cbac34..6dc3889 100644 /* Don't cache excessive amounts of data and XDR failures */ if (!statp || len > (256 >> 2)) { diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c -index 69c6413..c0408d2 100644 +index 2b2e239..c915b48 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -939,7 +939,7 @@ nfsd_vfs_read(struct svc_rqst *rqstp, struct svc_fh *fhp, struct file *file, @@ -54566,7 +53352,7 @@ index e7bc1d7..06bd4bb 100644 } diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c -index 9ff4a5e..deb1f0f 100644 +index 5d84442..bf24453 100644 --- a/fs/notify/fanotify/fanotify_user.c +++ b/fs/notify/fanotify/fanotify_user.c @@ -251,8 +251,8 @@ static ssize_t copy_event_to_user(struct fsnotify_group *group, @@ -54603,7 +53389,7 @@ index 7b51b05..5ea5ef6 100644 EXPORT_SYMBOL_GPL(fsnotify_get_cookie); diff --git a/fs/ntfs/dir.c b/fs/ntfs/dir.c -index 99e3610..02c1068 100644 +index aa411c3..c260a84 100644 --- a/fs/ntfs/dir.c +++ b/fs/ntfs/dir.c @@ -1329,7 +1329,7 @@ find_next_index_buffer: @@ -54629,10 +53415,10 @@ index 5b2d4f0..c6de396 100644 -const struct inode_operations ntfs_empty_inode_ops = {}; +const struct inode_operations ntfs_empty_inode_ops __read_only; diff --git a/fs/ocfs2/localalloc.c b/fs/ocfs2/localalloc.c -index a9f78c7..ed8a381 100644 +index aebeacd..0dcdd26 100644 --- a/fs/ocfs2/localalloc.c +++ b/fs/ocfs2/localalloc.c -@@ -1279,7 +1279,7 @@ static int ocfs2_local_alloc_slide_window(struct ocfs2_super *osb, +@@ -1278,7 +1278,7 @@ static int ocfs2_local_alloc_slide_window(struct ocfs2_super *osb, goto bail; } @@ -54721,7 +53507,7 @@ index b7e74b5..19c6536 100644 } } diff --git a/fs/ocfs2/super.c b/fs/ocfs2/super.c -index 0e91ec2..f4b3fc6 100644 +index 01b8516..579c4df 100644 --- a/fs/ocfs2/super.c +++ b/fs/ocfs2/super.c @@ -301,11 +301,11 @@ static int ocfs2_osb_dump(struct ocfs2_super *osb, char *buf, int len) @@ -54741,7 +53527,7 @@ index 0e91ec2..f4b3fc6 100644 out += snprintf(buf + out, len - out, "%10s => State: %u Descriptor: %llu Size: %u bits " -@@ -2121,11 +2121,11 @@ static int ocfs2_initialize_super(struct super_block *sb, +@@ -2122,11 +2122,11 @@ static int ocfs2_initialize_super(struct super_block *sb, spin_lock_init(&osb->osb_xattr_lock); ocfs2_init_steal_slots(osb); @@ -54759,19 +53545,19 @@ index 0e91ec2..f4b3fc6 100644 /* Copy the blockcheck stats from the superblock probe */ osb->osb_ecc_stats = *stats; diff --git a/fs/open.c b/fs/open.c -index 9b33c0c..2ffcca2 100644 +index 6835446..eadf09f 100644 --- a/fs/open.c +++ b/fs/open.c -@@ -31,6 +31,8 @@ - #include <linux/ima.h> +@@ -32,6 +32,8 @@ #include <linux/dnotify.h> + #include <linux/compat.h> +#define CREATE_TRACE_POINTS +#include <trace/events/fs.h> #include "internal.h" int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, -@@ -101,6 +103,8 @@ long vfs_truncate(struct path *path, loff_t length) +@@ -102,6 +104,8 @@ long vfs_truncate(struct path *path, loff_t length) error = locks_verify_truncate(inode, NULL, length); if (!error) error = security_path_truncate(path); @@ -54780,7 +53566,7 @@ index 9b33c0c..2ffcca2 100644 if (!error) error = do_truncate(path->dentry, length, 0, NULL); -@@ -178,6 +182,8 @@ static long do_sys_ftruncate(unsigned int fd, loff_t length, int small) +@@ -186,6 +190,8 @@ static long do_sys_ftruncate(unsigned int fd, loff_t length, int small) error = locks_verify_truncate(inode, f.file, length); if (!error) error = security_path_truncate(&f.file->f_path); @@ -54789,7 +53575,7 @@ index 9b33c0c..2ffcca2 100644 if (!error) error = do_truncate(dentry, length, ATTR_MTIME|ATTR_CTIME, f.file); sb_end_write(inode->i_sb); -@@ -373,6 +379,9 @@ retry: +@@ -388,6 +394,9 @@ retry: if (__mnt_is_readonly(path.mnt)) res = -EROFS; @@ -54799,7 +53585,7 @@ index 9b33c0c..2ffcca2 100644 out_path_release: path_put(&path); if (retry_estale(res, lookup_flags)) { -@@ -404,6 +413,8 @@ retry: +@@ -419,6 +428,8 @@ retry: if (error) goto dput_and_out; @@ -54808,7 +53594,7 @@ index 9b33c0c..2ffcca2 100644 set_fs_pwd(current->fs, &path); dput_and_out: -@@ -433,6 +444,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) +@@ -448,6 +459,13 @@ SYSCALL_DEFINE1(fchdir, unsigned int, fd) goto out_putf; error = inode_permission(inode, MAY_EXEC | MAY_CHDIR); @@ -54822,7 +53608,7 @@ index 9b33c0c..2ffcca2 100644 if (!error) set_fs_pwd(current->fs, &f.file->f_path); out_putf: -@@ -462,7 +480,13 @@ retry: +@@ -477,7 +495,13 @@ retry: if (error) goto dput_and_out; @@ -54836,7 +53622,7 @@ index 9b33c0c..2ffcca2 100644 error = 0; dput_and_out: path_put(&path); -@@ -484,6 +508,16 @@ static int chmod_common(struct path *path, umode_t mode) +@@ -499,6 +523,16 @@ static int chmod_common(struct path *path, umode_t mode) if (error) return error; mutex_lock(&inode->i_mutex); @@ -54853,7 +53639,7 @@ index 9b33c0c..2ffcca2 100644 error = security_path_chmod(path, mode); if (error) goto out_unlock; -@@ -544,6 +578,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group) +@@ -559,6 +593,9 @@ static int chown_common(struct path *path, uid_t user, gid_t group) uid = make_kuid(current_user_ns(), user); gid = make_kgid(current_user_ns(), group); @@ -54863,7 +53649,7 @@ index 9b33c0c..2ffcca2 100644 newattrs.ia_valid = ATTR_CTIME; if (user != (uid_t) -1) { if (!uid_valid(uid)) -@@ -960,6 +997,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) +@@ -974,6 +1011,7 @@ long do_sys_open(int dfd, const char __user *filename, int flags, umode_t mode) } else { fsnotify_open(f); fd_install(fd, f); @@ -54872,7 +53658,7 @@ index 9b33c0c..2ffcca2 100644 } putname(tmp); diff --git a/fs/pipe.c b/fs/pipe.c -index 8e2e73f..1ef1048 100644 +index 2234f3f..f9083a1 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -438,9 +438,9 @@ redo: @@ -55030,7 +53816,7 @@ index 15af622..0e9f4467 100644 help Various /proc files exist to monitor process memory utilization: diff --git a/fs/proc/array.c b/fs/proc/array.c -index be3c22f..0df1564 100644 +index cbd0f1b..adec3f0 100644 --- a/fs/proc/array.c +++ b/fs/proc/array.c @@ -60,6 +60,7 @@ @@ -55103,7 +53889,7 @@ index be3c22f..0df1564 100644 vsize = eip = esp = 0; permitted = ptrace_may_access(task, PTRACE_MODE_READ | PTRACE_MODE_NOAUDIT); @@ -476,6 +514,19 @@ static int do_task_stat(struct seq_file *m, struct pid_namespace *ns, - gtime = task->gtime; + gtime = task_gtime(task); } +#ifdef CONFIG_GRKERNSEC_PROC_MEMMAP @@ -55183,10 +53969,10 @@ index be3c22f..0df1564 100644 static struct pid * get_children_pid(struct inode *inode, struct pid *pid_prev, loff_t pos) diff --git a/fs/proc/base.c b/fs/proc/base.c -index 9b43ff77..0fa9564 100644 +index 69078c7..3e12a75 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c -@@ -111,6 +111,14 @@ struct pid_entry { +@@ -112,6 +112,14 @@ struct pid_entry { union proc_op op; }; @@ -55201,7 +53987,7 @@ index 9b43ff77..0fa9564 100644 #define NOD(NAME, MODE, IOP, FOP, OP) { \ .name = (NAME), \ .len = sizeof(NAME) - 1, \ -@@ -208,6 +216,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer) +@@ -209,6 +217,9 @@ static int proc_pid_cmdline(struct task_struct *task, char * buffer) if (!mm->arg_end) goto out_mm; /* Shh! No looking before we're done */ @@ -55211,7 +53997,7 @@ index 9b43ff77..0fa9564 100644 len = mm->arg_end - mm->arg_start; if (len > PAGE_SIZE) -@@ -235,12 +246,28 @@ out: +@@ -236,12 +247,28 @@ out: return res; } @@ -55240,7 +54026,7 @@ index 9b43ff77..0fa9564 100644 do { nwords += 2; } while (mm->saved_auxv[nwords - 2] != 0); /* AT_NULL */ -@@ -254,7 +281,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer) +@@ -255,7 +282,7 @@ static int proc_pid_auxv(struct task_struct *task, char *buffer) } @@ -55249,7 +54035,7 @@ index 9b43ff77..0fa9564 100644 /* * Provides a wchan file via kallsyms in a proper one-value-per-file format. * Returns the resolved symbol. If that fails, simply return the address. -@@ -293,7 +320,7 @@ static void unlock_trace(struct task_struct *task) +@@ -294,7 +321,7 @@ static void unlock_trace(struct task_struct *task) mutex_unlock(&task->signal->cred_guard_mutex); } @@ -55258,7 +54044,7 @@ index 9b43ff77..0fa9564 100644 #define MAX_STACK_TRACE_DEPTH 64 -@@ -485,7 +512,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer) +@@ -486,7 +513,7 @@ static int proc_pid_limits(struct task_struct *task, char *buffer) return count; } @@ -55267,7 +54053,7 @@ index 9b43ff77..0fa9564 100644 static int proc_pid_syscall(struct task_struct *task, char *buffer) { long nr; -@@ -514,7 +541,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer) +@@ -515,7 +542,7 @@ static int proc_pid_syscall(struct task_struct *task, char *buffer) /************************************************************************/ /* permission checks */ @@ -55276,7 +54062,7 @@ index 9b43ff77..0fa9564 100644 { struct task_struct *task; int allowed = 0; -@@ -524,7 +551,10 @@ static int proc_fd_access_allowed(struct inode *inode) +@@ -525,7 +552,10 @@ static int proc_fd_access_allowed(struct inode *inode) */ task = get_proc_task(inode); if (task) { @@ -55288,7 +54074,7 @@ index 9b43ff77..0fa9564 100644 put_task_struct(task); } return allowed; -@@ -555,10 +585,35 @@ static bool has_pid_permissions(struct pid_namespace *pid, +@@ -556,10 +586,35 @@ static bool has_pid_permissions(struct pid_namespace *pid, struct task_struct *task, int hide_pid_min) { @@ -55324,7 +54110,7 @@ index 9b43ff77..0fa9564 100644 return ptrace_may_access(task, PTRACE_MODE_READ); } -@@ -576,7 +631,11 @@ static int proc_pid_permission(struct inode *inode, int mask) +@@ -577,7 +632,11 @@ static int proc_pid_permission(struct inode *inode, int mask) put_task_struct(task); if (!has_perms) { @@ -55336,7 +54122,7 @@ index 9b43ff77..0fa9564 100644 /* * Let's make getdents(), stat(), and open() * consistent with each other. If a process -@@ -674,6 +733,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) +@@ -675,6 +734,11 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) if (!task) return -ESRCH; @@ -55348,7 +54134,7 @@ index 9b43ff77..0fa9564 100644 mm = mm_access(task, mode); put_task_struct(task); -@@ -689,6 +753,10 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) +@@ -690,6 +754,10 @@ static int __mem_open(struct inode *inode, struct file *file, unsigned int mode) file->private_data = mm; @@ -55359,7 +54145,7 @@ index 9b43ff77..0fa9564 100644 return 0; } -@@ -710,6 +778,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, +@@ -711,6 +779,17 @@ static ssize_t mem_rw(struct file *file, char __user *buf, ssize_t copied; char *page; @@ -55377,7 +54163,7 @@ index 9b43ff77..0fa9564 100644 if (!mm) return 0; -@@ -722,7 +801,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, +@@ -723,7 +802,7 @@ static ssize_t mem_rw(struct file *file, char __user *buf, goto free; while (count > 0) { @@ -55386,7 +54172,7 @@ index 9b43ff77..0fa9564 100644 if (write && copy_from_user(page, buf, this_len)) { copied = -EFAULT; -@@ -814,6 +893,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, +@@ -815,6 +894,13 @@ static ssize_t environ_read(struct file *file, char __user *buf, if (!mm) return 0; @@ -55400,7 +54186,7 @@ index 9b43ff77..0fa9564 100644 page = (char *)__get_free_page(GFP_TEMPORARY); if (!page) return -ENOMEM; -@@ -823,7 +909,7 @@ static ssize_t environ_read(struct file *file, char __user *buf, +@@ -824,7 +910,7 @@ static ssize_t environ_read(struct file *file, char __user *buf, goto free; while (count > 0) { size_t this_len, max_len; @@ -55409,7 +54195,7 @@ index 9b43ff77..0fa9564 100644 if (src >= (mm->env_end - mm->env_start)) break; -@@ -1429,7 +1515,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -1430,7 +1516,7 @@ static void *proc_pid_follow_link(struct dentry *dentry, struct nameidata *nd) int error = -EACCES; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -55418,7 +54204,7 @@ index 9b43ff77..0fa9564 100644 goto out; error = PROC_I(inode)->op.proc_get_link(dentry, &path); -@@ -1473,8 +1559,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b +@@ -1474,8 +1560,18 @@ static int proc_pid_readlink(struct dentry * dentry, char __user * buffer, int b struct path path; /* Are we allowed to snoop on the tasks file descriptors? */ @@ -55439,7 +54225,7 @@ index 9b43ff77..0fa9564 100644 error = PROC_I(inode)->op.proc_get_link(dentry, &path); if (error) -@@ -1524,7 +1620,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t +@@ -1525,7 +1621,11 @@ struct inode *proc_pid_make_inode(struct super_block * sb, struct task_struct *t rcu_read_lock(); cred = __task_cred(task); inode->i_uid = cred->euid; @@ -55451,7 +54237,7 @@ index 9b43ff77..0fa9564 100644 rcu_read_unlock(); } security_task_to_inode(task, inode); -@@ -1560,10 +1660,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) +@@ -1561,10 +1661,19 @@ int pid_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) return -ENOENT; } if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -55471,7 +54257,7 @@ index 9b43ff77..0fa9564 100644 } } rcu_read_unlock(); -@@ -1601,11 +1710,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags) +@@ -1602,11 +1711,20 @@ int pid_revalidate(struct dentry *dentry, unsigned int flags) if (task) { if ((inode->i_mode == (S_IFDIR|S_IRUGO|S_IXUGO)) || @@ -55492,7 +54278,7 @@ index 9b43ff77..0fa9564 100644 rcu_read_unlock(); } else { inode->i_uid = GLOBAL_ROOT_UID; -@@ -2058,6 +2176,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, +@@ -2059,6 +2177,9 @@ static struct dentry *proc_pident_lookup(struct inode *dir, if (!task) goto out_no_task; @@ -55502,7 +54288,7 @@ index 9b43ff77..0fa9564 100644 /* * Yes, it does not scale. And it should not. Don't add * new entries into /proc/<tgid>/ without very good reasons. -@@ -2102,6 +2223,9 @@ static int proc_pident_readdir(struct file *filp, +@@ -2103,6 +2224,9 @@ static int proc_pident_readdir(struct file *filp, if (!task) goto out_no_task; @@ -55512,7 +54298,7 @@ index 9b43ff77..0fa9564 100644 ret = 0; i = filp->f_pos; switch (i) { -@@ -2515,7 +2639,7 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2516,7 +2640,7 @@ static const struct pid_entry tgid_base_stuff[] = { REG("autogroup", S_IRUGO|S_IWUSR, proc_pid_sched_autogroup_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -55521,7 +54307,7 @@ index 9b43ff77..0fa9564 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2540,10 +2664,10 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2541,10 +2665,10 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -55534,7 +54320,7 @@ index 9b43ff77..0fa9564 100644 ONE("stack", S_IRUGO, proc_pid_stack), #endif #ifdef CONFIG_SCHEDSTATS -@@ -2577,6 +2701,9 @@ static const struct pid_entry tgid_base_stuff[] = { +@@ -2578,6 +2702,9 @@ static const struct pid_entry tgid_base_stuff[] = { #ifdef CONFIG_HARDWALL INF("hardwall", S_IRUGO, proc_pid_hardwall), #endif @@ -55544,7 +54330,7 @@ index 9b43ff77..0fa9564 100644 #ifdef CONFIG_USER_NS REG("uid_map", S_IRUGO|S_IWUSR, proc_uid_map_operations), REG("gid_map", S_IRUGO|S_IWUSR, proc_gid_map_operations), -@@ -2705,7 +2832,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, +@@ -2707,7 +2834,14 @@ static struct dentry *proc_pid_instantiate(struct inode *dir, if (!inode) goto out; @@ -55559,7 +54345,7 @@ index 9b43ff77..0fa9564 100644 inode->i_op = &proc_tgid_base_inode_operations; inode->i_fop = &proc_tgid_base_operations; inode->i_flags|=S_IMMUTABLE; -@@ -2743,7 +2877,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign +@@ -2745,7 +2879,11 @@ struct dentry *proc_pid_lookup(struct inode *dir, struct dentry * dentry, unsign if (!task) goto out; @@ -55571,7 +54357,7 @@ index 9b43ff77..0fa9564 100644 put_task_struct(task); out: return result; -@@ -2806,6 +2944,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi +@@ -2808,6 +2946,8 @@ static int proc_pid_fill_cache(struct file *filp, void *dirent, filldir_t filldi static int fake_filldir(void *buf, const char *name, int namelen, loff_t offset, u64 ino, unsigned d_type) { @@ -55580,7 +54366,7 @@ index 9b43ff77..0fa9564 100644 return 0; } -@@ -2857,7 +2997,7 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -2859,7 +2999,7 @@ static const struct pid_entry tid_base_stuff[] = { REG("sched", S_IRUGO|S_IWUSR, proc_pid_sched_operations), #endif REG("comm", S_IRUGO|S_IWUSR, proc_pid_set_comm_operations), @@ -55589,7 +54375,7 @@ index 9b43ff77..0fa9564 100644 INF("syscall", S_IRUGO, proc_pid_syscall), #endif INF("cmdline", S_IRUGO, proc_pid_cmdline), -@@ -2884,10 +3024,10 @@ static const struct pid_entry tid_base_stuff[] = { +@@ -2886,10 +3026,10 @@ static const struct pid_entry tid_base_stuff[] = { #ifdef CONFIG_SECURITY DIR("attr", S_IRUGO|S_IXUGO, proc_attr_dir_inode_operations, proc_attr_dir_operations), #endif @@ -55673,10 +54459,10 @@ index d7a4a28..0201742 100644 } diff --git a/fs/proc/inode.c b/fs/proc/inode.c -index 0ac1e1b..0497e58 100644 +index 869116c..820cb27 100644 --- a/fs/proc/inode.c +++ b/fs/proc/inode.c -@@ -21,11 +21,17 @@ +@@ -22,11 +22,17 @@ #include <linux/seq_file.h> #include <linux/slab.h> #include <linux/mount.h> @@ -55694,7 +54480,7 @@ index 0ac1e1b..0497e58 100644 static void proc_evict_inode(struct inode *inode) { struct proc_dir_entry *de; -@@ -53,6 +59,13 @@ static void proc_evict_inode(struct inode *inode) +@@ -54,6 +60,13 @@ static void proc_evict_inode(struct inode *inode) ns = PROC_I(inode)->ns; if (ns_ops && ns) ns_ops->put(ns); @@ -55708,7 +54494,7 @@ index 0ac1e1b..0497e58 100644 } static struct kmem_cache * proc_inode_cachep; -@@ -455,7 +468,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) +@@ -456,7 +469,11 @@ struct inode *proc_get_inode(struct super_block *sb, struct proc_dir_entry *de) if (de->mode) { inode->i_mode = de->mode; inode->i_uid = de->uid; @@ -55721,10 +54507,10 @@ index 0ac1e1b..0497e58 100644 if (de->size) inode->i_size = de->size; diff --git a/fs/proc/internal.h b/fs/proc/internal.h -index 252544c..04395b9 100644 +index 85ff3a4..a512bd8 100644 --- a/fs/proc/internal.h +++ b/fs/proc/internal.h -@@ -55,6 +55,9 @@ extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, +@@ -56,6 +56,9 @@ extern int proc_pid_status(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); extern int proc_pid_statm(struct seq_file *m, struct pid_namespace *ns, struct pid *pid, struct task_struct *task); @@ -55735,10 +54521,10 @@ index 252544c..04395b9 100644 extern const struct file_operations proc_tid_children_operations; diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c -index e96d4f1..8b116ed 100644 +index eda6f01..006ae24 100644 --- a/fs/proc/kcore.c +++ b/fs/proc/kcore.c -@@ -480,9 +480,10 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) +@@ -481,9 +481,10 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) * the addresses in the elf_phdr on our list. */ start = kc_offset_to_vaddr(*fpos - elf_buflen); @@ -55751,7 +54537,7 @@ index e96d4f1..8b116ed 100644 while (buflen) { struct kcore_list *m; -@@ -511,20 +512,23 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) +@@ -512,20 +513,23 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) kfree(elf_buf); } else { if (kern_addr_valid(start)) { @@ -55786,7 +54572,7 @@ index e96d4f1..8b116ed 100644 } else { if (clear_user(buffer, tsz)) return -EFAULT; -@@ -544,6 +548,9 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) +@@ -545,6 +549,9 @@ read_kcore(struct file *file, char __user *buffer, size_t buflen, loff_t *fpos) static int open_kcore(struct inode *inode, struct file *filp) { @@ -55797,20 +54583,20 @@ index e96d4f1..8b116ed 100644 return -EPERM; if (kcore_need_update) diff --git a/fs/proc/meminfo.c b/fs/proc/meminfo.c -index 80e4645..53e5fcf 100644 +index 1efaaa1..834e49a 100644 --- a/fs/proc/meminfo.c +++ b/fs/proc/meminfo.c @@ -158,7 +158,7 @@ static int meminfo_proc_show(struct seq_file *m, void *v) vmi.used >> 10, vmi.largest_chunk >> 10 #ifdef CONFIG_MEMORY_FAILURE -- ,atomic_long_read(&mce_bad_pages) << (PAGE_SHIFT - 10) -+ ,atomic_long_read_unchecked(&mce_bad_pages) << (PAGE_SHIFT - 10) +- ,atomic_long_read(&num_poisoned_pages) << (PAGE_SHIFT - 10) ++ ,atomic_long_read_unchecked(&num_poisoned_pages) << (PAGE_SHIFT - 10) #endif #ifdef CONFIG_TRANSPARENT_HUGEPAGE ,K(global_page_state(NR_ANON_TRANSPARENT_HUGEPAGES) * diff --git a/fs/proc/nommu.c b/fs/proc/nommu.c -index b1822dd..df622cb 100644 +index ccfd99b..1b7e255 100644 --- a/fs/proc/nommu.c +++ b/fs/proc/nommu.c @@ -66,7 +66,7 @@ static int nommu_region_show(struct seq_file *m, struct vm_region *region) @@ -55823,7 +54609,7 @@ index b1822dd..df622cb 100644 seq_putc(m, '\n'); diff --git a/fs/proc/proc_net.c b/fs/proc/proc_net.c -index fe72cd0..21b52ff 100644 +index b4ac657..0842bd2 100644 --- a/fs/proc/proc_net.c +++ b/fs/proc/proc_net.c @@ -23,6 +23,7 @@ @@ -55853,10 +54639,10 @@ index fe72cd0..21b52ff 100644 rcu_read_lock(); task = pid_task(proc_pid(dir), PIDTYPE_PID); diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c -index 1827d88..43b0279 100644 +index ac05f33..1e6dc7e 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c -@@ -12,11 +12,15 @@ +@@ -13,11 +13,15 @@ #include <linux/module.h> #include "internal.h" @@ -55874,7 +54660,7 @@ index 1827d88..43b0279 100644 void proc_sys_poll_notify(struct ctl_table_poll *poll) { -@@ -466,6 +470,9 @@ static struct dentry *proc_sys_lookup(struct inode *dir, struct dentry *dentry, +@@ -467,6 +471,9 @@ static struct dentry *proc_sys_lookup(struct inode *dir, struct dentry *dentry, err = NULL; d_set_d_op(dentry, &proc_sys_dentry_operations); @@ -55884,15 +54670,15 @@ index 1827d88..43b0279 100644 d_add(dentry, inode); out: -@@ -481,6 +488,7 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf, - struct inode *inode = filp->f_path.dentry->d_inode; +@@ -482,6 +489,7 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf, + struct inode *inode = file_inode(filp); struct ctl_table_header *head = grab_header(inode); struct ctl_table *table = PROC_I(inode)->sysctl_entry; + int op = write ? MAY_WRITE : MAY_READ; ssize_t error; size_t res; -@@ -492,7 +500,7 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf, +@@ -493,7 +501,7 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf, * and won't be until we finish. */ error = -EPERM; @@ -55901,7 +54687,7 @@ index 1827d88..43b0279 100644 goto out; /* if that can happen at all, it should be -EINVAL, not -EISDIR */ -@@ -500,6 +508,22 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf, +@@ -501,6 +509,22 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf, if (!table->proc_handler) goto out; @@ -55924,7 +54710,7 @@ index 1827d88..43b0279 100644 /* careful: calling conventions are nasty here */ res = count; error = table->proc_handler(table, write, buf, &res, ppos); -@@ -597,6 +621,9 @@ static int proc_sys_fill_cache(struct file *filp, void *dirent, +@@ -598,6 +622,9 @@ static int proc_sys_fill_cache(struct file *filp, void *dirent, return -ENOMEM; } else { d_set_d_op(child, &proc_sys_dentry_operations); @@ -55934,7 +54720,7 @@ index 1827d88..43b0279 100644 d_add(child, inode); } } else { -@@ -640,6 +667,9 @@ static int scan(struct ctl_table_header *head, ctl_table *table, +@@ -641,6 +668,9 @@ static int scan(struct ctl_table_header *head, ctl_table *table, if ((*pos)++ < file->f_pos) return 0; @@ -55944,7 +54730,7 @@ index 1827d88..43b0279 100644 if (unlikely(S_ISLNK(table->mode))) res = proc_sys_link_fill_cache(file, dirent, filldir, head, table); else -@@ -750,6 +780,9 @@ static int proc_sys_getattr(struct vfsmount *mnt, struct dentry *dentry, struct +@@ -751,6 +781,9 @@ static int proc_sys_getattr(struct vfsmount *mnt, struct dentry *dentry, struct if (IS_ERR(head)) return PTR_ERR(head); @@ -55954,7 +54740,7 @@ index 1827d88..43b0279 100644 generic_fillattr(inode, stat); if (table) stat->mode = (stat->mode & S_IFMT) | table->mode; -@@ -772,13 +805,13 @@ static const struct file_operations proc_sys_dir_file_operations = { +@@ -773,13 +806,13 @@ static const struct file_operations proc_sys_dir_file_operations = { .llseek = generic_file_llseek, }; @@ -55970,7 +54756,7 @@ index 1827d88..43b0279 100644 .lookup = proc_sys_lookup, .permission = proc_sys_permission, .setattr = proc_sys_setattr, -@@ -854,7 +887,7 @@ static struct ctl_dir *find_subdir(struct ctl_dir *dir, +@@ -855,7 +888,7 @@ static struct ctl_dir *find_subdir(struct ctl_dir *dir, static struct ctl_dir *new_dir(struct ctl_table_set *set, const char *name, int namelen) { @@ -55979,7 +54765,7 @@ index 1827d88..43b0279 100644 struct ctl_dir *new; struct ctl_node *node; char *new_name; -@@ -866,7 +899,7 @@ static struct ctl_dir *new_dir(struct ctl_table_set *set, +@@ -867,7 +900,7 @@ static struct ctl_dir *new_dir(struct ctl_table_set *set, return NULL; node = (struct ctl_node *)(new + 1); @@ -55988,7 +54774,7 @@ index 1827d88..43b0279 100644 new_name = (char *)(table + 2); memcpy(new_name, name, namelen); new_name[namelen] = '\0'; -@@ -1035,7 +1068,8 @@ static int sysctl_check_table(const char *path, struct ctl_table *table) +@@ -1036,7 +1069,8 @@ static int sysctl_check_table(const char *path, struct ctl_table *table) static struct ctl_table_header *new_links(struct ctl_dir *dir, struct ctl_table *table, struct ctl_table_root *link_root) { @@ -55998,7 +54784,7 @@ index 1827d88..43b0279 100644 struct ctl_table_header *links; struct ctl_node *node; char *link_name; -@@ -1058,7 +1092,7 @@ static struct ctl_table_header *new_links(struct ctl_dir *dir, struct ctl_table +@@ -1059,7 +1093,7 @@ static struct ctl_table_header *new_links(struct ctl_dir *dir, struct ctl_table return NULL; node = (struct ctl_node *)(links + 1); @@ -56007,7 +54793,7 @@ index 1827d88..43b0279 100644 link_name = (char *)&link_table[nr_entries + 1]; for (link = link_table, entry = table; entry->procname; link++, entry++) { -@@ -1306,8 +1340,8 @@ static int register_leaf_sysctl_tables(const char *path, char *pos, +@@ -1307,8 +1341,8 @@ static int register_leaf_sysctl_tables(const char *path, char *pos, struct ctl_table_header ***subheader, struct ctl_table_set *set, struct ctl_table *table) { @@ -56018,7 +54804,7 @@ index 1827d88..43b0279 100644 int nr_files = 0; int nr_dirs = 0; int err = -ENOMEM; -@@ -1319,10 +1353,9 @@ static int register_leaf_sysctl_tables(const char *path, char *pos, +@@ -1320,10 +1354,9 @@ static int register_leaf_sysctl_tables(const char *path, char *pos, nr_files++; } @@ -56030,7 +54816,7 @@ index 1827d88..43b0279 100644 files = kzalloc(sizeof(struct ctl_table) * (nr_files + 1), GFP_KERNEL); if (!files) -@@ -1340,7 +1373,7 @@ static int register_leaf_sysctl_tables(const char *path, char *pos, +@@ -1341,7 +1374,7 @@ static int register_leaf_sysctl_tables(const char *path, char *pos, /* Register everything except a directory full of subdirectories */ if (nr_files || !nr_dirs) { struct ctl_table_header *header; @@ -56073,7 +54859,7 @@ index aa5cc3b..c91a5d0 100644 kfree(s); } diff --git a/fs/proc/task_mmu.c b/fs/proc/task_mmu.c -index ca5ce7f..02c1cf0 100644 +index 3e636d8..83e3b71 100644 --- a/fs/proc/task_mmu.c +++ b/fs/proc/task_mmu.c @@ -11,12 +11,19 @@ @@ -56272,7 +55058,7 @@ index ca5ce7f..02c1cf0 100644 seq_printf(m, " heap"); } else { diff --git a/fs/proc/task_nommu.c b/fs/proc/task_nommu.c -index 1ccfa53..0848f95 100644 +index 56123a6..5a2f6ec 100644 --- a/fs/proc/task_nommu.c +++ b/fs/proc/task_nommu.c @@ -51,7 +51,7 @@ void task_mem(struct seq_file *m, struct mm_struct *mm) @@ -56338,7 +55124,7 @@ index 16e8abb..2dcf914 100644 if (!msg_head) { printk(KERN_ERR diff --git a/fs/readdir.c b/fs/readdir.c -index 5e69ef5..e5d9099 100644 +index fee38e0..12fdf47 100644 --- a/fs/readdir.c +++ b/fs/readdir.c @@ -17,6 +17,7 @@ @@ -56453,7 +55239,7 @@ index 2b7882b..1c5ef48 100644 /* balance leaf returns 0 except if combining L R and S into diff --git a/fs/reiserfs/procfs.c b/fs/reiserfs/procfs.c -index e60e870..f40ac16 100644 +index 9cc0740a..46bf953 100644 --- a/fs/reiserfs/procfs.c +++ b/fs/reiserfs/procfs.c @@ -112,7 +112,7 @@ static int show_super(struct seq_file *m, struct super_block *sb) @@ -56488,7 +55274,7 @@ index 157e474..65a6114 100644 #define __fs_changed(gen,s) (gen != get_generation (s)) #define fs_changed(gen,s) \ diff --git a/fs/select.c b/fs/select.c -index 2ef72d9..f213b17 100644 +index 8c1c96c..a0f9b6d 100644 --- a/fs/select.c +++ b/fs/select.c @@ -20,6 +20,7 @@ @@ -56499,7 +55285,7 @@ index 2ef72d9..f213b17 100644 #include <linux/personality.h> /* for STICKY_TIMEOUTS */ #include <linux/file.h> #include <linux/fdtable.h> -@@ -826,6 +827,7 @@ int do_sys_poll(struct pollfd __user *ufds, unsigned int nfds, +@@ -827,6 +828,7 @@ int do_sys_poll(struct pollfd __user *ufds, unsigned int nfds, struct poll_list *walk = head; unsigned long todo = nfds; @@ -56508,7 +55294,7 @@ index 2ef72d9..f213b17 100644 return -EINVAL; diff --git a/fs/seq_file.c b/fs/seq_file.c -index f2bc3df..239d4f6 100644 +index 38bb59f..a304f9d 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -10,6 +10,7 @@ @@ -56575,10 +55361,10 @@ index f2bc3df..239d4f6 100644 if (op) { diff --git a/fs/splice.c b/fs/splice.c -index 6909d89..5b2e8f9 100644 +index 29e394e..b13c247 100644 --- a/fs/splice.c +++ b/fs/splice.c -@@ -194,7 +194,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, +@@ -195,7 +195,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, pipe_lock(pipe); for (;;) { @@ -56587,7 +55373,7 @@ index 6909d89..5b2e8f9 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -248,9 +248,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, +@@ -249,9 +249,9 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, do_wakeup = 0; } @@ -56599,7 +55385,7 @@ index 6909d89..5b2e8f9 100644 } pipe_unlock(pipe); -@@ -563,7 +563,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec, +@@ -564,7 +564,7 @@ static ssize_t kernel_readv(struct file *file, const struct iovec *vec, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ @@ -56608,16 +55394,16 @@ index 6909d89..5b2e8f9 100644 set_fs(old_fs); return res; -@@ -578,7 +578,7 @@ static ssize_t kernel_write(struct file *file, const char *buf, size_t count, +@@ -579,7 +579,7 @@ ssize_t kernel_write(struct file *file, const char *buf, size_t count, old_fs = get_fs(); set_fs(get_ds()); /* The cast to a user pointer is valid due to the set_fs() */ -- res = vfs_write(file, (const char __user *)buf, count, &pos); +- res = vfs_write(file, (__force const char __user *)buf, count, &pos); + res = vfs_write(file, (const char __force_user *)buf, count, &pos); set_fs(old_fs); return res; -@@ -630,7 +630,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos, +@@ -632,7 +632,7 @@ ssize_t default_file_splice_read(struct file *in, loff_t *ppos, goto err; this_len = min_t(size_t, len, PAGE_CACHE_SIZE - offset); @@ -56626,7 +55412,7 @@ index 6909d89..5b2e8f9 100644 vec[i].iov_len = this_len; spd.pages[i] = page; spd.nr_pages++; -@@ -851,10 +851,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed); +@@ -853,10 +853,10 @@ EXPORT_SYMBOL(splice_from_pipe_feed); int splice_from_pipe_next(struct pipe_inode_info *pipe, struct splice_desc *sd) { while (!pipe->nrbufs) { @@ -56639,7 +55425,7 @@ index 6909d89..5b2e8f9 100644 return 0; if (sd->flags & SPLICE_F_NONBLOCK) -@@ -1189,7 +1189,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, +@@ -1192,7 +1192,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd, * out of the pipe right after the splice_to_pipe(). So set * PIPE_READERS appropriately. */ @@ -56648,7 +55434,7 @@ index 6909d89..5b2e8f9 100644 current->splice_pipe = pipe; } -@@ -1738,9 +1738,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1741,9 +1741,9 @@ static int ipipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -56660,7 +55446,7 @@ index 6909d89..5b2e8f9 100644 if (flags & SPLICE_F_NONBLOCK) { ret = -EAGAIN; break; -@@ -1772,7 +1772,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1775,7 +1775,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) pipe_lock(pipe); while (pipe->nrbufs >= pipe->buffers) { @@ -56669,7 +55455,7 @@ index 6909d89..5b2e8f9 100644 send_sig(SIGPIPE, current, 0); ret = -EPIPE; break; -@@ -1785,9 +1785,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) +@@ -1788,9 +1788,9 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags) ret = -ERESTARTSYS; break; } @@ -56681,7 +55467,7 @@ index 6909d89..5b2e8f9 100644 } pipe_unlock(pipe); -@@ -1823,14 +1823,14 @@ retry: +@@ -1826,14 +1826,14 @@ retry: pipe_double_lock(ipipe, opipe); do { @@ -56698,7 +55484,7 @@ index 6909d89..5b2e8f9 100644 break; /* -@@ -1927,7 +1927,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1930,7 +1930,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, pipe_double_lock(ipipe, opipe); do { @@ -56707,7 +55493,7 @@ index 6909d89..5b2e8f9 100644 send_sig(SIGPIPE, current, 0); if (!ret) ret = -EPIPE; -@@ -1972,7 +1972,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, +@@ -1975,7 +1975,7 @@ static int link_pipe(struct pipe_inode_info *ipipe, * return EAGAIN if we have the potential of some data in the * future, otherwise just return 0 */ @@ -56717,7 +55503,7 @@ index 6909d89..5b2e8f9 100644 pipe_unlock(ipipe); diff --git a/fs/stat.c b/fs/stat.c -index 14f4545..9b7f55b 100644 +index 04ce1ac..a13dd1e 100644 --- a/fs/stat.c +++ b/fs/stat.c @@ -28,8 +28,13 @@ void generic_fillattr(struct inode *inode, struct kstat *stat) @@ -56736,14 +55522,14 @@ index 14f4545..9b7f55b 100644 stat->ctime = inode->i_ctime; stat->blksize = (1 << inode->i_blkbits); stat->blocks = inode->i_blocks; -@@ -46,8 +51,14 @@ int vfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) +@@ -46,8 +51,14 @@ int vfs_getattr(struct path *path, struct kstat *stat) if (retval) return retval; - if (inode->i_op->getattr) -- return inode->i_op->getattr(mnt, dentry, stat); +- return inode->i_op->getattr(path->mnt, path->dentry, stat); + if (inode->i_op->getattr) { -+ retval = inode->i_op->getattr(mnt, dentry, stat); ++ retval = inode->i_op->getattr(path->mnt, path->dentry, stat); + if (!retval && is_sidechannel_device(inode) && !capable_nolog(CAP_MKNOD)) { + stat->atime = stat->ctime; + stat->mtime = stat->ctime; @@ -56754,7 +55540,7 @@ index 14f4545..9b7f55b 100644 generic_fillattr(inode, stat); return 0; diff --git a/fs/sysfs/bin.c b/fs/sysfs/bin.c -index 614b2b5..4d321e6 100644 +index 15c68f9..36a8b3e 100644 --- a/fs/sysfs/bin.c +++ b/fs/sysfs/bin.c @@ -235,13 +235,13 @@ static int bin_page_mkwrite(struct vm_area_struct *vma, struct vm_fault *vmf) @@ -56775,7 +55561,7 @@ index 614b2b5..4d321e6 100644 if (!bb->vm_ops) return -EINVAL; diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c -index d924812..97a74e3 100644 +index 6f31590..3c87c8a 100644 --- a/fs/sysfs/dir.c +++ b/fs/sysfs/dir.c @@ -40,7 +40,7 @@ static DEFINE_IDA(sysfs_ino_ida); @@ -56856,10 +55642,10 @@ index 602f56d..6853db8 100644 } diff --git a/fs/sysfs/symlink.c b/fs/sysfs/symlink.c -index 3c9eb56..9dea5be 100644 +index 8c940df..25b733e 100644 --- a/fs/sysfs/symlink.c +++ b/fs/sysfs/symlink.c -@@ -286,7 +286,7 @@ static void *sysfs_follow_link(struct dentry *dentry, struct nameidata *nd) +@@ -305,7 +305,7 @@ static void *sysfs_follow_link(struct dentry *dentry, struct nameidata *nd) static void sysfs_put_link(struct dentry *dentry, struct nameidata *nd, void *cookie) { @@ -56955,10 +55741,38 @@ index f4fb7ec..3fe03c0 100644 error = notify_change(path->dentry, &newattrs); mutex_unlock(&inode->i_mutex); diff --git a/fs/xattr.c b/fs/xattr.c -index 3377dff..4feded6 100644 +index 3377dff..4d074d9 100644 --- a/fs/xattr.c +++ b/fs/xattr.c -@@ -319,7 +319,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr); +@@ -227,6 +227,27 @@ int vfs_xattr_cmp(struct dentry *dentry, const char *xattr_name, + return rc; + } + ++#ifdef CONFIG_PAX_XATTR_PAX_FLAGS ++ssize_t ++pax_getxattr(struct dentry *dentry, void *value, size_t size) ++{ ++ struct inode *inode = dentry->d_inode; ++ ssize_t error; ++ ++ error = inode_permission(inode, MAY_EXEC); ++ if (error) ++ return error; ++ ++ if (inode->i_op->getxattr) ++ error = inode->i_op->getxattr(dentry, XATTR_NAME_PAX_FLAGS, value, size); ++ else ++ error = -EOPNOTSUPP; ++ ++ return error; ++} ++EXPORT_SYMBOL(pax_getxattr); ++#endif ++ + ssize_t + vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size) + { +@@ -319,7 +340,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr); * Extended attribute SET operations */ static long @@ -56967,7 +55781,7 @@ index 3377dff..4feded6 100644 size_t size, int flags) { int error; -@@ -355,7 +355,12 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value, +@@ -355,7 +376,12 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value, posix_acl_fix_xattr_from_user(kvalue, size); } @@ -56981,7 +55795,7 @@ index 3377dff..4feded6 100644 out: if (vvalue) vfree(vvalue); -@@ -377,7 +382,7 @@ retry: +@@ -377,7 +403,7 @@ retry: return error; error = mnt_want_write(path.mnt); if (!error) { @@ -56990,7 +55804,7 @@ index 3377dff..4feded6 100644 mnt_drop_write(path.mnt); } path_put(&path); -@@ -401,7 +406,7 @@ retry: +@@ -401,7 +427,7 @@ retry: return error; error = mnt_want_write(path.mnt); if (!error) { @@ -56999,7 +55813,7 @@ index 3377dff..4feded6 100644 mnt_drop_write(path.mnt); } path_put(&path); -@@ -416,16 +421,14 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, +@@ -416,16 +442,14 @@ SYSCALL_DEFINE5(fsetxattr, int, fd, const char __user *, name, const void __user *,value, size_t, size, int, flags) { struct fd f = fdget(fd); @@ -57034,7 +55848,7 @@ index 9fbea87..6b19972 100644 struct posix_acl *acl; struct posix_acl_entry *acl_e; diff --git a/fs/xfs/xfs_bmap.c b/fs/xfs/xfs_bmap.c -index 572a858..12a9b0d 100644 +index b44af92..06073da 100644 --- a/fs/xfs/xfs_bmap.c +++ b/fs/xfs/xfs_bmap.c @@ -192,7 +192,7 @@ xfs_bmap_validate_ret( @@ -57068,7 +55882,7 @@ index 1b9fc3e..e1bdde0 100644 *offset = off & 0x7fffffff; return 0; diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c -index c1c3ef8..0952438 100644 +index d681e34..2a3f5ab 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c @@ -127,7 +127,7 @@ xfs_find_handle( @@ -57095,7 +55909,7 @@ index d82efaa..0904a8e 100644 kfree(s); diff --git a/grsecurity/Kconfig b/grsecurity/Kconfig new file mode 100644 -index 0000000..829d8fb +index 0000000..7174794 --- /dev/null +++ b/grsecurity/Kconfig @@ -0,0 +1,1031 @@ @@ -57187,7 +56001,7 @@ index 0000000..829d8fb +config GRKERNSEC_RAND_THREADSTACK + bool "Insert random gaps between thread stacks" + default y if GRKERNSEC_CONFIG_AUTO -+ depends on PAX_RANDMMAP && !PPC ++ depends on PAX_RANDMMAP && !PPC && BROKEN + help + If you say Y here, a random-sized gap will be enforced between allocated + thread stacks. Glibc's NPTL and other threading libraries that @@ -58176,10 +56990,10 @@ index 0000000..1b9afa9 +endif diff --git a/grsecurity/gracl.c b/grsecurity/gracl.c new file mode 100644 -index 0000000..b306b36 +index 0000000..1248ee0 --- /dev/null +++ b/grsecurity/gracl.c -@@ -0,0 +1,4071 @@ +@@ -0,0 +1,4073 @@ +#include <linux/kernel.h> +#include <linux/module.h> +#include <linux/sched.h> @@ -58208,6 +57022,13 @@ index 0000000..b306b36 +#include <linux/lglock.h> +#include <linux/hugetlb.h> +#include <linux/posix-timers.h> ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++#include <linux/magic.h> ++#include <linux/pagemap.h> ++#include "../fs/btrfs/async-thread.h" ++#include "../fs/btrfs/ctree.h" ++#include "../fs/btrfs/btrfs_inode.h" ++#endif +#include "../fs/mount.h" + +#include <asm/uaccess.h> @@ -58281,19 +57102,14 @@ index 0000000..b306b36 + return (gr_status & GR_READY); +} + -+#ifdef CONFIG_BTRFS_FS -+extern dev_t get_btrfs_dev_from_inode(struct inode *inode); -+extern int btrfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat); -+#endif -+ +static inline dev_t __get_dev(const struct dentry *dentry) +{ -+#ifdef CONFIG_BTRFS_FS -+ if (dentry->d_inode->i_op && dentry->d_inode->i_op->getattr == &btrfs_getattr) -+ return get_btrfs_dev_from_inode(dentry->d_inode); ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++ if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC) ++ return BTRFS_I(dentry->d_inode)->root->anon_dev; + else +#endif -+ return dentry->d_inode->i_sb->s_dev; ++ return dentry->d_sb->s_dev; +} + +dev_t gr_get_dev_from_dentry(struct dentry *dentry) @@ -63597,10 +62413,10 @@ index 0000000..39645c9 +} diff --git a/grsecurity/gracl_segv.c b/grsecurity/gracl_segv.c new file mode 100644 -index 0000000..cb1e5ab +index 0000000..4dcc92a --- /dev/null +++ b/grsecurity/gracl_segv.c -@@ -0,0 +1,303 @@ +@@ -0,0 +1,305 @@ +#include <linux/kernel.h> +#include <linux/mm.h> +#include <asm/uaccess.h> @@ -63618,6 +62434,13 @@ index 0000000..cb1e5ab +#include <linux/gracl.h> +#include <linux/grsecurity.h> +#include <linux/grinternal.h> ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++#include <linux/magic.h> ++#include <linux/pagemap.h> ++#include "../fs/btrfs/async-thread.h" ++#include "../fs/btrfs/ctree.h" ++#include "../fs/btrfs/btrfs_inode.h" ++#endif + +static struct crash_uid *uid_set; +static unsigned short uid_used; @@ -63627,19 +62450,14 @@ index 0000000..cb1e5ab + lookup_acl_subj_label(const ino_t inode, const dev_t dev, + struct acl_role_label *role); + -+#ifdef CONFIG_BTRFS_FS -+extern dev_t get_btrfs_dev_from_inode(struct inode *inode); -+extern int btrfs_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat); -+#endif -+ +static inline dev_t __get_dev(const struct dentry *dentry) +{ -+#ifdef CONFIG_BTRFS_FS -+ if (dentry->d_inode->i_op && dentry->d_inode->i_op->getattr == &btrfs_getattr) -+ return get_btrfs_dev_from_inode(dentry->d_inode); ++#if defined(CONFIG_BTRFS_FS) || defined(CONFIG_BTRFS_FS_MODULE) ++ if (dentry->d_sb->s_magic == BTRFS_SUPER_MAGIC) ++ return BTRFS_I(dentry->d_inode)->root->anon_dev; + else +#endif -+ return dentry->d_inode->i_sb->s_dev; ++ return dentry->d_sb->s_dev; +} + +int @@ -63977,7 +62795,7 @@ index 0000000..bc0be01 +} diff --git a/grsecurity/grsec_chroot.c b/grsecurity/grsec_chroot.c new file mode 100644 -index 0000000..8b4c803 +index 0000000..bd6e105 --- /dev/null +++ b/grsecurity/grsec_chroot.c @@ -0,0 +1,370 @@ @@ -63996,7 +62814,7 @@ index 0000000..8b4c803 +static int gr_init_ran; +#endif + -+void gr_set_chroot_entries(struct task_struct *task, struct path *path) ++void gr_set_chroot_entries(struct task_struct *task, const struct path *path) +{ +#ifdef CONFIG_GRKERNSEC + if (task_pid_nr(task) > 1 && path->dentry != init_task.fs->root.dentry && @@ -64327,7 +63145,7 @@ index 0000000..8b4c803 +} + +void -+gr_handle_chroot_chdir(struct path *path) ++gr_handle_chroot_chdir(const struct path *path) +{ +#ifdef CONFIG_GRKERNSEC_CHROOT_CHDIR + if (grsec_enable_chroot_chdir) @@ -64353,7 +63171,7 @@ index 0000000..8b4c803 +} diff --git a/grsecurity/grsec_disabled.c b/grsecurity/grsec_disabled.c new file mode 100644 -index 0000000..207d409 +index 0000000..ce65ceb --- /dev/null +++ b/grsecurity/grsec_disabled.c @@ -0,0 +1,434 @@ @@ -64778,7 +63596,7 @@ index 0000000..207d409 + +dev_t gr_get_dev_from_dentry(struct dentry *dentry) +{ -+ return dentry->d_inode->i_sb->s_dev; ++ return dentry->d_sb->s_dev; +} + +void gr_put_exec_file(struct task_struct *task) @@ -67402,10 +66220,10 @@ index b7babf0..04ad282 100644 + #endif /* _ASM_GENERIC_ATOMIC_LONG_H */ diff --git a/include/asm-generic/atomic.h b/include/asm-generic/atomic.h -index 1ced641..c896ee8 100644 +index 33bd2de..f31bff97 100644 --- a/include/asm-generic/atomic.h +++ b/include/asm-generic/atomic.h -@@ -159,7 +159,7 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) +@@ -153,7 +153,7 @@ static inline int __atomic_add_unless(atomic_t *v, int a, int u) * Atomically clears the bits set in @mask from @v */ #ifndef atomic_clear_mask @@ -67610,10 +66428,10 @@ index 810431d..0ec4804f 100644 * (puds are folded into pgds so this doesn't get actually called, * but the define is needed for a generic inline function.) diff --git a/include/asm-generic/pgtable.h b/include/asm-generic/pgtable.h -index f50a87d..3860a22 100644 +index a59ff51..2594a70 100644 --- a/include/asm-generic/pgtable.h +++ b/include/asm-generic/pgtable.h -@@ -698,6 +698,14 @@ static inline pmd_t pmd_mknuma(pmd_t pmd) +@@ -688,6 +688,14 @@ static inline pmd_t pmd_mknuma(pmd_t pmd) } #endif /* CONFIG_NUMA_BALANCING */ @@ -67629,10 +66447,10 @@ index f50a87d..3860a22 100644 #endif /* !__ASSEMBLY__ */ diff --git a/include/asm-generic/vmlinux.lds.h b/include/asm-generic/vmlinux.lds.h -index d1ea7ce..b1ebf2a 100644 +index afa12c7..99d4da0 100644 --- a/include/asm-generic/vmlinux.lds.h +++ b/include/asm-generic/vmlinux.lds.h -@@ -218,6 +218,7 @@ +@@ -245,6 +245,7 @@ .rodata : AT(ADDR(.rodata) - LOAD_OFFSET) { \ VMLINUX_SYMBOL(__start_rodata) = .; \ *(.rodata) *(.rodata.*) \ @@ -67640,7 +66458,7 @@ index d1ea7ce..b1ebf2a 100644 *(__vermagic) /* Kernel version magic */ \ . = ALIGN(8); \ VMLINUX_SYMBOL(__start___tracepoints_ptrs) = .; \ -@@ -725,17 +726,18 @@ +@@ -755,17 +756,18 @@ * section in the linker script will go there too. @phdr should have * a leading colon. * @@ -67677,7 +66495,7 @@ index 418d270..bfd2794 100644 struct crypto_instance { struct crypto_alg alg; diff --git a/include/drm/drmP.h b/include/drm/drmP.h -index fad21c9..ab858bc 100644 +index f1ce786..086a7a5 100644 --- a/include/drm/drmP.h +++ b/include/drm/drmP.h @@ -72,6 +72,7 @@ @@ -67688,7 +66506,7 @@ index fad21c9..ab858bc 100644 #include <drm/drm.h> #include <drm/drm_sarea.h> -@@ -293,10 +294,12 @@ do { \ +@@ -296,10 +297,12 @@ do { \ * \param cmd command. * \param arg argument. */ @@ -67703,7 +66521,7 @@ index fad21c9..ab858bc 100644 unsigned long arg); #define DRM_IOCTL_NR(n) _IOC_NR(n) -@@ -311,9 +314,9 @@ typedef int drm_ioctl_compat_t(struct file *filp, unsigned int cmd, +@@ -314,9 +317,9 @@ typedef int drm_ioctl_compat_t(struct file *filp, unsigned int cmd, struct drm_ioctl_desc { unsigned int cmd; int flags; @@ -67715,7 +66533,7 @@ index fad21c9..ab858bc 100644 /** * Creates a driver or general drm_ioctl_desc array entry for the given -@@ -995,7 +998,7 @@ struct drm_info_list { +@@ -1014,7 +1017,7 @@ struct drm_info_list { int (*show)(struct seq_file*, void*); /** show callback */ u32 driver_features; /**< Required driver features for this entry */ void *data; @@ -67724,7 +66542,7 @@ index fad21c9..ab858bc 100644 /** * debugfs node structure. This structure represents a debugfs file. -@@ -1068,7 +1071,7 @@ struct drm_device { +@@ -1087,7 +1090,7 @@ struct drm_device { /** \name Usage Counters */ /*@{ */ @@ -67733,7 +66551,7 @@ index fad21c9..ab858bc 100644 atomic_t ioctl_count; /**< Outstanding IOCTLs pending */ atomic_t vma_count; /**< Outstanding vma areas open */ int buf_use; /**< Buffers in use -- cannot alloc */ -@@ -1079,7 +1082,7 @@ struct drm_device { +@@ -1098,7 +1101,7 @@ struct drm_device { /*@{ */ unsigned long counters; enum drm_stat_type types[15]; @@ -67804,7 +66622,7 @@ index c1da539..1dcec55 100644 struct atmphy_ops { int (*start)(struct atm_dev *dev); diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h -index 0530b98..96a8ac0 100644 +index c3a0914..ec5d48a 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h @@ -73,8 +73,9 @@ struct linux_binfmt { @@ -67819,10 +66637,10 @@ index 0530b98..96a8ac0 100644 extern void __register_binfmt(struct linux_binfmt *fmt, int insert); diff --git a/include/linux/blkdev.h b/include/linux/blkdev.h -index f94bc83..62b9cfe 100644 +index 33f358f..7f2c27f 100644 --- a/include/linux/blkdev.h +++ b/include/linux/blkdev.h -@@ -1498,7 +1498,7 @@ struct block_device_operations { +@@ -1499,7 +1499,7 @@ struct block_device_operations { /* this callback is with swap_lock and sometimes page table lock held */ void (*swap_slot_free_notify) (struct block_device *, unsigned long); struct module *owner; @@ -67903,10 +66721,10 @@ index 42e55de..1cd0e66 100644 extern struct cleancache_ops cleancache_register_ops(struct cleancache_ops *ops); diff --git a/include/linux/compat.h b/include/linux/compat.h -index dec7e2d..45db13f 100644 +index 377cd8c..2479845 100644 --- a/include/linux/compat.h +++ b/include/linux/compat.h -@@ -311,14 +311,14 @@ long compat_sys_msgsnd(int first, int second, int third, void __user *uptr); +@@ -332,14 +332,14 @@ long compat_sys_msgsnd(int first, int second, int third, void __user *uptr); long compat_sys_msgrcv(int first, int second, int msgtyp, int third, int version, void __user *uptr); long compat_sys_shmat(int first, int second, compat_uptr_t third, int version, @@ -67923,7 +66741,7 @@ index dec7e2d..45db13f 100644 #endif long compat_sys_msgctl(int first, int second, void __user *uptr); long compat_sys_shmctl(int first, int second, void __user *uptr); -@@ -414,7 +414,7 @@ extern int compat_ptrace_request(struct task_struct *child, +@@ -442,7 +442,7 @@ extern int compat_ptrace_request(struct task_struct *child, extern long compat_arch_ptrace(struct task_struct *child, compat_long_t request, compat_ulong_t addr, compat_ulong_t data); asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, @@ -67933,13 +66751,21 @@ index dec7e2d..45db13f 100644 /* * epoll (fs/eventpoll.c) compat bits follow ... diff --git a/include/linux/compiler-gcc4.h b/include/linux/compiler-gcc4.h -index 662fd1b..e801992 100644 +index 68b162d..660f5f0 100644 --- a/include/linux/compiler-gcc4.h +++ b/include/linux/compiler-gcc4.h -@@ -34,6 +34,21 @@ - #define __UNIQUE_ID(prefix) __PASTE(__PASTE(__UNIQUE_ID_, prefix), __COUNTER__) +@@ -39,9 +39,29 @@ + # define __compiletime_warning(message) __attribute__((warning(message))) + # define __compiletime_error(message) __attribute__((error(message))) + #endif /* __CHECKER__ */ ++ ++#define __alloc_size(...) __attribute((alloc_size(__VA_ARGS__))) ++#define __bos(ptr, arg) __builtin_object_size((ptr), (arg)) ++#define __bos0(ptr) __bos((ptr), 0) ++#define __bos1(ptr) __bos((ptr), 1) + #endif /* GCC_VERSION >= 40300 */ - #if __GNUC_MINOR__ >= 5 + #if GCC_VERSION >= 40500 + +#ifdef CONSTIFY_PLUGIN +#define __no_const __attribute__((no_const)) @@ -67958,20 +66784,8 @@ index 662fd1b..e801992 100644 /* * Mark a position in code as unreachable. This can be used to * suppress control flow warnings after asm blocks that transfer -@@ -49,6 +64,11 @@ - #define __noclone __attribute__((__noclone__)) - - #endif -+ -+#define __alloc_size(...) __attribute((alloc_size(__VA_ARGS__))) -+#define __bos(ptr, arg) __builtin_object_size((ptr), (arg)) -+#define __bos0(ptr) __bos((ptr), 0) -+#define __bos1(ptr) __bos((ptr), 1) - #endif - - #if __GNUC_MINOR__ >= 6 diff --git a/include/linux/compiler.h b/include/linux/compiler.h -index dd852b7..1ad5fba 100644 +index 10b8f23..5e0b083 100644 --- a/include/linux/compiler.h +++ b/include/linux/compiler.h @@ -5,11 +5,14 @@ @@ -68089,7 +66903,7 @@ index dd852b7..1ad5fba 100644 /* Simple shorthand for a section definition */ #ifndef __section # define __section(S) __attribute__ ((__section__(#S))) -@@ -323,6 +381,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); +@@ -349,6 +407,7 @@ void ftrace_likely_update(struct ftrace_branch_data *f, int val, int expect); * use is to mediate communication between process-level code and irq/NMI * handlers, all running on the same CPU. */ @@ -68099,17 +66913,19 @@ index dd852b7..1ad5fba 100644 #endif /* __LINUX_COMPILER_H */ diff --git a/include/linux/completion.h b/include/linux/completion.h -index 51494e6..0fd1b61 100644 +index 33f0280..35c6568 100644 --- a/include/linux/completion.h +++ b/include/linux/completion.h -@@ -78,13 +78,13 @@ static inline void init_completion(struct completion *x) - +@@ -79,15 +79,15 @@ static inline void init_completion(struct completion *x) extern void wait_for_completion(struct completion *); + extern void wait_for_completion_io(struct completion *); extern int wait_for_completion_interruptible(struct completion *x); -extern int wait_for_completion_killable(struct completion *x); +extern int wait_for_completion_killable(struct completion *x) __intentional_overflow(-1); extern unsigned long wait_for_completion_timeout(struct completion *x, unsigned long timeout); + extern unsigned long wait_for_completion_io_timeout(struct completion *x, + unsigned long timeout); extern long wait_for_completion_interruptible_timeout( - struct completion *x, unsigned long timeout); + struct completion *x, unsigned long timeout) __intentional_overflow(-1); @@ -68146,10 +66962,10 @@ index ce7a074..01ab8ac 100644 register_cpu_notifier(&fn##_nb); \ } diff --git a/include/linux/cpufreq.h b/include/linux/cpufreq.h -index a55b88e..fba90c5 100644 +index a22944c..4e695fe 100644 --- a/include/linux/cpufreq.h +++ b/include/linux/cpufreq.h -@@ -240,7 +240,7 @@ struct cpufreq_driver { +@@ -252,7 +252,7 @@ struct cpufreq_driver { int (*suspend) (struct cpufreq_policy *policy); int (*resume) (struct cpufreq_policy *policy); struct freq_attr **attr; @@ -68158,7 +66974,7 @@ index a55b88e..fba90c5 100644 /* flags */ -@@ -299,6 +299,7 @@ struct global_attr { +@@ -311,6 +311,7 @@ struct global_attr { ssize_t (*store)(struct kobject *a, struct attribute *b, const char *c, size_t count); }; @@ -68167,10 +66983,10 @@ index a55b88e..fba90c5 100644 #define define_one_global_ro(_name) \ static struct global_attr _name = \ diff --git a/include/linux/cpuidle.h b/include/linux/cpuidle.h -index 24cd1037..20a63aae 100644 +index 480c14d..552896f 100644 --- a/include/linux/cpuidle.h +++ b/include/linux/cpuidle.h -@@ -54,7 +54,8 @@ struct cpuidle_state { +@@ -52,7 +52,8 @@ struct cpuidle_state { int index); int (*enter_dead) (struct cpuidle_device *dev, int index); @@ -68180,7 +66996,7 @@ index 24cd1037..20a63aae 100644 /* Idle State Flags */ #define CPUIDLE_FLAG_TIME_VALID (0x01) /* is residency time measurable? */ -@@ -216,7 +217,7 @@ struct cpuidle_governor { +@@ -194,7 +195,7 @@ struct cpuidle_governor { void (*reflect) (struct cpuidle_device *dev, int index); struct module *owner; @@ -68311,7 +67127,7 @@ index 7925bf0..d5143d2 100644 #define large_malloc(a) vmalloc(a) diff --git a/include/linux/devfreq.h b/include/linux/devfreq.h -index e83ef39..33e0eb3 100644 +index fe8c447..bdc1f33 100644 --- a/include/linux/devfreq.h +++ b/include/linux/devfreq.h @@ -114,7 +114,7 @@ struct devfreq_governor { @@ -68324,10 +67140,10 @@ index e83ef39..33e0eb3 100644 /** * struct devfreq - Device devfreq structure diff --git a/include/linux/device.h b/include/linux/device.h -index 43dcda9..7a1fb65 100644 +index 9d6464e..8a5cc92 100644 --- a/include/linux/device.h +++ b/include/linux/device.h -@@ -294,7 +294,7 @@ struct subsys_interface { +@@ -295,7 +295,7 @@ struct subsys_interface { struct list_head node; int (*add_dev)(struct device *dev, struct subsys_interface *sif); int (*remove_dev)(struct device *dev, struct subsys_interface *sif); @@ -68336,7 +67152,7 @@ index 43dcda9..7a1fb65 100644 int subsys_interface_register(struct subsys_interface *sif); void subsys_interface_unregister(struct subsys_interface *sif); -@@ -474,7 +474,7 @@ struct device_type { +@@ -475,7 +475,7 @@ struct device_type { void (*release)(struct device *dev); const struct dev_pm_ops *pm; @@ -68345,7 +67161,7 @@ index 43dcda9..7a1fb65 100644 /* interface for exporting device attributes */ struct device_attribute { -@@ -484,11 +484,12 @@ struct device_attribute { +@@ -485,11 +485,12 @@ struct device_attribute { ssize_t (*store)(struct device *dev, struct device_attribute *attr, const char *buf, size_t count); }; @@ -68373,10 +67189,10 @@ index 94af418..b1ca7a2 100644 #define DMA_BIT_MASK(n) (((n) == 64) ? ~0ULL : ((1ULL<<(n))-1)) diff --git a/include/linux/dmaengine.h b/include/linux/dmaengine.h -index d3201e4..8281e63 100644 +index 91ac8da..a841318 100644 --- a/include/linux/dmaengine.h +++ b/include/linux/dmaengine.h -@@ -1018,9 +1018,9 @@ struct dma_pinned_list { +@@ -1034,9 +1034,9 @@ struct dma_pinned_list { struct dma_pinned_list *dma_pin_iovec_pages(struct iovec *iov, size_t len); void dma_unpin_iovec_pages(struct dma_pinned_list* pinned_list); @@ -68389,22 +67205,22 @@ index d3201e4..8281e63 100644 unsigned int offset, size_t len); diff --git a/include/linux/efi.h b/include/linux/efi.h -index 7a9498a..155713d 100644 +index 3d7df3d..301f024 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -733,6 +733,7 @@ struct efivar_operations { +@@ -740,6 +740,7 @@ struct efivar_operations { efi_set_variable_t *set_variable; - efi_query_variable_info_t *query_variable_info; + efi_query_variable_store_t *query_variable_store; }; +typedef struct efivar_operations __no_const efivar_operations_no_const; struct efivars { /* diff --git a/include/linux/elf.h b/include/linux/elf.h -index 8c9048e..16a4665 100644 +index 40a3c0e..4c45a38 100644 --- a/include/linux/elf.h +++ b/include/linux/elf.h -@@ -20,6 +20,7 @@ extern Elf32_Dyn _DYNAMIC []; +@@ -24,6 +24,7 @@ extern Elf32_Dyn _DYNAMIC []; #define elf_note elf32_note #define elf_addr_t Elf32_Off #define Elf_Half Elf32_Half @@ -68412,7 +67228,7 @@ index 8c9048e..16a4665 100644 #else -@@ -30,6 +31,7 @@ extern Elf64_Dyn _DYNAMIC []; +@@ -34,6 +35,7 @@ extern Elf64_Dyn _DYNAMIC []; #define elf_note elf64_note #define elf_addr_t Elf64_Off #define Elf_Half Elf64_Half @@ -68453,10 +67269,10 @@ index fcb51c8..bdafcf6 100644 /** diff --git a/include/linux/fb.h b/include/linux/fb.h -index c7a9571..02eeffe 100644 +index 58b9860..58e5516 100644 --- a/include/linux/fb.h +++ b/include/linux/fb.h -@@ -302,7 +302,7 @@ struct fb_ops { +@@ -304,7 +304,7 @@ struct fb_ops { /* called at KDB enter and leave time to prepare the console */ int (*fb_debug_enter)(struct fb_info *info); int (*fb_debug_leave)(struct fb_info *info); @@ -68501,7 +67317,7 @@ index 3044254..9767f41 100644 extern bool frontswap_enabled; extern struct frontswap_ops diff --git a/include/linux/fs.h b/include/linux/fs.h -index 7617ee0..b575199 100644 +index 2c28271..8d3d74c 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1541,7 +1541,8 @@ struct file_operations { @@ -68514,7 +67330,7 @@ index 7617ee0..b575199 100644 struct inode_operations { struct dentry * (*lookup) (struct inode *,struct dentry *, unsigned int); -@@ -2665,4 +2666,14 @@ static inline void inode_has_no_xattr(struct inode *inode) +@@ -2672,4 +2673,14 @@ static inline void inode_has_no_xattr(struct inode *inode) inode->i_flags |= S_NOSEC; } @@ -68530,7 +67346,7 @@ index 7617ee0..b575199 100644 + #endif /* _LINUX_FS_H */ diff --git a/include/linux/fs_struct.h b/include/linux/fs_struct.h -index 324f931..f292b65 100644 +index 2b93a9a..855d94a 100644 --- a/include/linux/fs_struct.h +++ b/include/linux/fs_struct.h @@ -6,7 +6,7 @@ @@ -68578,7 +67394,7 @@ index 7a08623..4c07b0f 100644 /* * fscache cached network filesystem type diff --git a/include/linux/fsnotify.h b/include/linux/fsnotify.h -index 0fbfb46..508eb0d 100644 +index a78680a..87bd73e 100644 --- a/include/linux/fsnotify.h +++ b/include/linux/fsnotify.h @@ -195,6 +195,9 @@ static inline void fsnotify_access(struct file *file) @@ -68611,20 +67427,20 @@ index 0fbfb46..508eb0d 100644 /* diff --git a/include/linux/ftrace_event.h b/include/linux/ftrace_event.h -index a3d4895..ddd2a50 100644 +index 13a54d0..c6ce2a7 100644 --- a/include/linux/ftrace_event.h +++ b/include/linux/ftrace_event.h -@@ -272,7 +272,7 @@ extern int trace_define_field(struct ftrace_event_call *call, const char *type, +@@ -274,7 +274,7 @@ extern int trace_define_field(struct ftrace_event_call *call, const char *type, extern int trace_add_event_call(struct ftrace_event_call *call); extern void trace_remove_event_call(struct ftrace_event_call *call); --#define is_signed_type(type) (((type)(-1)) < 0) +-#define is_signed_type(type) (((type)(-1)) < (type)0) +#define is_signed_type(type) (((type)(-1)) < (type)1) int trace_set_clr_event(const char *system, const char *event, int set); diff --git a/include/linux/genhd.h b/include/linux/genhd.h -index 79b8bba..86b539e 100644 +index 9f3c275..911b591 100644 --- a/include/linux/genhd.h +++ b/include/linux/genhd.h @@ -194,7 +194,7 @@ struct gendisk { @@ -69181,7 +67997,7 @@ index 0000000..be66033 +#endif diff --git a/include/linux/grinternal.h b/include/linux/grinternal.h new file mode 100644 -index 0000000..9bb6662 +index 0000000..5402bce --- /dev/null +++ b/include/linux/grinternal.h @@ -0,0 +1,215 @@ @@ -69280,19 +68096,19 @@ index 0000000..9bb6662 + +#define gr_task_fullpath(tsk) ((tsk)->exec_file ? \ + gr_to_filename2((tsk)->exec_file->f_path.dentry, \ -+ (tsk)->exec_file->f_vfsmnt) : "/") ++ (tsk)->exec_file->f_path.mnt) : "/") + +#define gr_parent_task_fullpath(tsk) ((tsk)->real_parent->exec_file ? \ + gr_to_filename3((tsk)->real_parent->exec_file->f_path.dentry, \ -+ (tsk)->real_parent->exec_file->f_vfsmnt) : "/") ++ (tsk)->real_parent->exec_file->f_path.mnt) : "/") + +#define gr_task_fullpath0(tsk) ((tsk)->exec_file ? \ + gr_to_filename((tsk)->exec_file->f_path.dentry, \ -+ (tsk)->exec_file->f_vfsmnt) : "/") ++ (tsk)->exec_file->f_path.mnt) : "/") + +#define gr_parent_task_fullpath0(tsk) ((tsk)->real_parent->exec_file ? \ + gr_to_filename1((tsk)->real_parent->exec_file->f_path.dentry, \ -+ (tsk)->real_parent->exec_file->f_vfsmnt) : "/") ++ (tsk)->real_parent->exec_file->f_path.mnt) : "/") + +#define proc_is_chrooted(tsk_a) ((tsk_a)->gr_is_chrooted) + @@ -69519,7 +68335,7 @@ index 0000000..2bd4c8d +#define GR_BRUTE_DAEMON_MSG "bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds. Please investigate the crash report for " diff --git a/include/linux/grsecurity.h b/include/linux/grsecurity.h new file mode 100644 -index 0000000..8da63a4 +index 0000000..d7ef0ac --- /dev/null +++ b/include/linux/grsecurity.h @@ -0,0 +1,242 @@ @@ -69567,7 +68383,7 @@ index 0000000..8da63a4 +int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt); +int gr_handle_chroot_chroot(const struct dentry *dentry, + const struct vfsmount *mnt); -+void gr_handle_chroot_chdir(struct path *path); ++void gr_handle_chroot_chdir(const struct path *path); +int gr_handle_chroot_chmod(const struct dentry *dentry, + const struct vfsmount *mnt, const int mode); +int gr_handle_chroot_mknod(const struct dentry *dentry, @@ -69587,7 +68403,7 @@ index 0000000..8da63a4 + +int gr_tpe_allow(const struct file *file); + -+void gr_set_chroot_entries(struct task_struct *task, struct path *path); ++void gr_set_chroot_entries(struct task_struct *task, const struct path *path); +void gr_clear_chroot_entries(struct task_struct *task); + +void gr_log_forkfail(const int retval); @@ -69791,7 +68607,7 @@ index 0000000..e7ffaaf + +#endif diff --git a/include/linux/highmem.h b/include/linux/highmem.h -index ef788b5..ac41b7b 100644 +index 7fb31da..08b5114 100644 --- a/include/linux/highmem.h +++ b/include/linux/highmem.h @@ -189,6 +189,18 @@ static inline void clear_highpage(struct page *page) @@ -69875,7 +68691,7 @@ index aff7ad8..3942bbd 100644 extern int register_pppox_proto(int proto_num, const struct pppox_proto *pp); extern void unregister_pppox_proto(int proto_num); diff --git a/include/linux/init.h b/include/linux/init.h -index 10ed4f4..8e8490d 100644 +index 8618147..0821126 100644 --- a/include/linux/init.h +++ b/include/linux/init.h @@ -39,9 +39,36 @@ @@ -69935,10 +68751,10 @@ index 10ed4f4..8e8490d 100644 #define __meminitconst __constsection(.meminit.rodata) #define __memexit __section(.memexit.text) __exitused __cold notrace diff --git a/include/linux/init_task.h b/include/linux/init_task.h -index 6d087c5..401cab8 100644 +index 5cd0f09..c9f67cc 100644 --- a/include/linux/init_task.h +++ b/include/linux/init_task.h -@@ -143,6 +143,12 @@ extern struct task_group root_task_group; +@@ -154,6 +154,12 @@ extern struct task_group root_task_group; #define INIT_TASK_COMM "swapper" @@ -69951,7 +68767,7 @@ index 6d087c5..401cab8 100644 /* * INIT_TASK is used to set up the first task table, touch at * your own risk!. Base=0, limit=0x1fffff (=2MB) -@@ -182,6 +188,7 @@ extern struct task_group root_task_group; +@@ -193,6 +199,7 @@ extern struct task_group root_task_group; RCU_POINTER_INITIALIZER(cred, &init_cred), \ .comm = INIT_TASK_COMM, \ .thread = INIT_THREAD, \ @@ -69989,12 +68805,12 @@ index 5fa5afe..ac55b25 100644 extern void __raise_softirq_irqoff(unsigned int nr); diff --git a/include/linux/iommu.h b/include/linux/iommu.h -index f3b99e1..9b73cee 100644 +index ba3b8a9..7e14ed8 100644 --- a/include/linux/iommu.h +++ b/include/linux/iommu.h -@@ -101,7 +101,7 @@ struct iommu_ops { - int (*domain_set_attr)(struct iommu_domain *domain, - enum iommu_attr attr, void *data); +@@ -113,7 +113,7 @@ struct iommu_ops { + u32 (*domain_get_windows)(struct iommu_domain *domain); + unsigned long pgsize_bitmap; -}; +} __do_const; @@ -70015,7 +68831,7 @@ index 85ac9b9b..e5759ab 100644 return res->end - res->start + 1; } diff --git a/include/linux/irq.h b/include/linux/irq.h -index fdf2c4a..5332486 100644 +index bc4e066..50468a9 100644 --- a/include/linux/irq.h +++ b/include/linux/irq.h @@ -328,7 +328,8 @@ struct irq_chip { @@ -70028,6 +68844,19 @@ index fdf2c4a..5332486 100644 /* * irq_chip specific flags +diff --git a/include/linux/irqchip/arm-gic.h b/include/linux/irqchip/arm-gic.h +index 3fd8e42..d5403e1 100644 +--- a/include/linux/irqchip/arm-gic.h ++++ b/include/linux/irqchip/arm-gic.h +@@ -61,7 +61,7 @@ + + struct device_node; + +-extern struct irq_chip gic_arch_extn; ++extern irq_chip_no_const gic_arch_extn; + + void gic_init_bases(unsigned int, int, void __iomem *, void __iomem *, + u32 offset, struct device_node *); diff --git a/include/linux/kallsyms.h b/include/linux/kallsyms.h index 6883e19..06992b1 100644 --- a/include/linux/kallsyms.h @@ -70074,10 +68903,10 @@ index 518a53a..5e28358 100644 extern struct key_type key_type_keyring; diff --git a/include/linux/kgdb.h b/include/linux/kgdb.h -index 4dff0c6..1ca9b72 100644 +index c6e091b..a940adf 100644 --- a/include/linux/kgdb.h +++ b/include/linux/kgdb.h -@@ -53,7 +53,7 @@ extern int kgdb_connected; +@@ -52,7 +52,7 @@ extern int kgdb_connected; extern int kgdb_io_module_registered; extern atomic_t kgdb_setting_breakpoint; @@ -70086,7 +68915,7 @@ index 4dff0c6..1ca9b72 100644 extern struct task_struct *kgdb_usethread; extern struct task_struct *kgdb_contthread; -@@ -255,7 +255,7 @@ struct kgdb_arch { +@@ -254,7 +254,7 @@ struct kgdb_arch { void (*correct_hw_break)(void); void (*enable_nmi)(bool on); @@ -70095,7 +68924,7 @@ index 4dff0c6..1ca9b72 100644 /** * struct kgdb_io - Describe the interface for an I/O driver to talk with KGDB. -@@ -280,7 +280,7 @@ struct kgdb_io { +@@ -279,7 +279,7 @@ struct kgdb_io { void (*pre_exception) (void); void (*post_exception) (void); int is_console; @@ -70165,10 +68994,10 @@ index 4972e6e..de4d19b 100644 if (atomic_sub_and_test((int) count, &kref->refcount)) { release(kref); diff --git a/include/linux/kvm_host.h b/include/linux/kvm_host.h -index ffdf8b7..1f91d0e 100644 +index c139582..0b5b102 100644 --- a/include/linux/kvm_host.h +++ b/include/linux/kvm_host.h -@@ -418,7 +418,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); +@@ -424,7 +424,7 @@ void kvm_vcpu_uninit(struct kvm_vcpu *vcpu); int __must_check vcpu_load(struct kvm_vcpu *vcpu); void vcpu_put(struct kvm_vcpu *vcpu); @@ -70177,7 +69006,7 @@ index ffdf8b7..1f91d0e 100644 struct module *module); void kvm_exit(void); -@@ -574,7 +574,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, +@@ -582,7 +582,7 @@ int kvm_arch_vcpu_ioctl_set_guest_debug(struct kvm_vcpu *vcpu, struct kvm_guest_debug *dbg); int kvm_arch_vcpu_ioctl_run(struct kvm_vcpu *vcpu, struct kvm_run *kvm_run); @@ -70187,10 +69016,10 @@ index ffdf8b7..1f91d0e 100644 int kvm_arch_vcpu_init(struct kvm_vcpu *vcpu); diff --git a/include/linux/libata.h b/include/linux/libata.h -index 0621bca..24d6851 100644 +index eae7a05..2cdd875 100644 --- a/include/linux/libata.h +++ b/include/linux/libata.h -@@ -916,7 +916,7 @@ struct ata_port_operations { +@@ -919,7 +919,7 @@ struct ata_port_operations { * fields must be pointers. */ const struct ata_port_operations *inherits; @@ -70200,7 +69029,7 @@ index 0621bca..24d6851 100644 struct ata_port_info { unsigned long flags; diff --git a/include/linux/list.h b/include/linux/list.h -index cc6d2aa..c10ee83 100644 +index 6a1f8df..eaec1ff 100644 --- a/include/linux/list.h +++ b/include/linux/list.h @@ -112,6 +112,19 @@ extern void __list_del_entry(struct list_head *entry); @@ -70264,7 +69093,7 @@ index b8ba855..0148090 100644 u32 remainder; return div_u64_rem(dividend, divisor, &remainder); diff --git a/include/linux/mm.h b/include/linux/mm.h -index 9568b90..6cc79f9 100644 +index e2091b8..821db54 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -101,6 +101,11 @@ extern unsigned int kobjsize(const void *objp); @@ -70279,7 +69108,7 @@ index 9568b90..6cc79f9 100644 #define VM_DONTDUMP 0x04000000 /* Do not include in the core dump */ #define VM_MIXEDMAP 0x10000000 /* Can contain "struct page" and pure PFN pages */ -@@ -200,8 +205,8 @@ struct vm_operations_struct { +@@ -202,8 +207,8 @@ struct vm_operations_struct { /* called by access_process_vm when get_user_pages() fails, typically * for use by special VMAs that can switch between memory and hardware */ @@ -70290,7 +69119,7 @@ index 9568b90..6cc79f9 100644 #ifdef CONFIG_NUMA /* * set_policy() op must add a reference to any non-NULL @new mempolicy -@@ -231,6 +236,7 @@ struct vm_operations_struct { +@@ -233,6 +238,7 @@ struct vm_operations_struct { int (*remap_pages)(struct vm_area_struct *vma, unsigned long addr, unsigned long size, pgoff_t pgoff); }; @@ -70298,7 +69127,7 @@ index 9568b90..6cc79f9 100644 struct mmu_gather; struct inode; -@@ -995,8 +1001,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, +@@ -970,8 +976,8 @@ int follow_pfn(struct vm_area_struct *vma, unsigned long address, unsigned long *pfn); int follow_phys(struct vm_area_struct *vma, unsigned long address, unsigned int flags, unsigned long *prot, resource_size_t *phys); @@ -70309,22 +69138,20 @@ index 9568b90..6cc79f9 100644 static inline void unmap_shared_mapping_range(struct address_space *mapping, loff_t const holebegin, loff_t const holelen) -@@ -1035,10 +1041,10 @@ static inline int fixup_user_fault(struct task_struct *tsk, +@@ -1010,9 +1016,9 @@ static inline int fixup_user_fault(struct task_struct *tsk, } #endif --extern int make_pages_present(unsigned long addr, unsigned long end); -extern int access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, int len, int write); -extern int access_remote_vm(struct mm_struct *mm, unsigned long addr, - void *buf, int len, int write); -+extern ssize_t make_pages_present(unsigned long addr, unsigned long end); +extern ssize_t access_process_vm(struct task_struct *tsk, unsigned long addr, void *buf, size_t len, int write); +extern ssize_t access_remote_vm(struct mm_struct *mm, unsigned long addr, + void *buf, size_t len, int write); - int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, - unsigned long start, int len, unsigned int foll_flags, -@@ -1068,34 +1074,6 @@ int set_page_dirty(struct page *page); + long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, + unsigned long start, unsigned long nr_pages, +@@ -1043,34 +1049,6 @@ int set_page_dirty(struct page *page); int set_page_dirty_lock(struct page *page); int clear_page_dirty_for_io(struct page *page); @@ -70359,7 +69186,7 @@ index 9568b90..6cc79f9 100644 extern pid_t vm_is_stack(struct task_struct *task, struct vm_area_struct *vma, int in_group); -@@ -1198,6 +1176,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) +@@ -1173,6 +1151,15 @@ static inline void sync_mm_rss(struct mm_struct *mm) } #endif @@ -70375,7 +69202,7 @@ index 9568b90..6cc79f9 100644 int vma_wants_writenotify(struct vm_area_struct *vma); extern pte_t *__get_locked_pte(struct mm_struct *mm, unsigned long addr, -@@ -1216,8 +1203,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, +@@ -1191,8 +1178,15 @@ static inline int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, { return 0; } @@ -70391,7 +69218,7 @@ index 9568b90..6cc79f9 100644 #endif #ifdef __PAGETABLE_PMD_FOLDED -@@ -1226,8 +1220,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, +@@ -1201,8 +1195,15 @@ static inline int __pmd_alloc(struct mm_struct *mm, pud_t *pud, { return 0; } @@ -70407,7 +69234,7 @@ index 9568b90..6cc79f9 100644 #endif int __pte_alloc(struct mm_struct *mm, struct vm_area_struct *vma, -@@ -1245,11 +1246,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a +@@ -1220,11 +1221,23 @@ static inline pud_t *pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long a NULL: pud_offset(pgd, address); } @@ -70431,15 +69258,23 @@ index 9568b90..6cc79f9 100644 #endif /* CONFIG_MMU && !__ARCH_HAS_4LEVEL_HACK */ #if USE_SPLIT_PTLOCKS -@@ -1479,6 +1492,7 @@ extern unsigned long do_mmap_pgoff(struct file *, unsigned long, - unsigned long, unsigned long, - unsigned long, unsigned long); +@@ -1455,6 +1468,7 @@ extern unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, + unsigned long len, unsigned long prot, unsigned long flags, + unsigned long pgoff, unsigned long *populate); extern int do_munmap(struct mm_struct *, unsigned long, size_t); +extern int __do_munmap(struct mm_struct *, unsigned long, size_t); - /* These take the mm semaphore themselves */ - extern unsigned long vm_brk(unsigned long, unsigned long); -@@ -1573,6 +1587,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add + #ifdef CONFIG_MMU + extern int __mm_populate(unsigned long addr, unsigned long len, +@@ -1483,6 +1497,7 @@ struct vm_unmapped_area_info { + unsigned long high_limit; + unsigned long align_mask; + unsigned long align_offset; ++ unsigned long threadstack_offset; + }; + + extern unsigned long unmapped_area(struct vm_unmapped_area_info *info); +@@ -1561,6 +1576,10 @@ extern struct vm_area_struct * find_vma(struct mm_struct * mm, unsigned long add extern struct vm_area_struct * find_vma_prev(struct mm_struct * mm, unsigned long addr, struct vm_area_struct **pprev); @@ -70450,7 +69285,7 @@ index 9568b90..6cc79f9 100644 /* Look up the first VMA which intersects the interval start_addr..end_addr-1, NULL if none. Assume start_addr < end_addr. */ static inline struct vm_area_struct * find_vma_intersection(struct mm_struct * mm, unsigned long start_addr, unsigned long end_addr) -@@ -1601,15 +1619,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, +@@ -1589,15 +1608,6 @@ static inline struct vm_area_struct *find_exact_vma(struct mm_struct *mm, return vma; } @@ -70466,7 +69301,7 @@ index 9568b90..6cc79f9 100644 #ifdef CONFIG_ARCH_USES_NUMA_PROT_NONE unsigned long change_prot_numa(struct vm_area_struct *vma, unsigned long start, unsigned long end); -@@ -1651,6 +1660,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); +@@ -1649,6 +1659,11 @@ void vm_stat_account(struct mm_struct *, unsigned long, struct file *, long); static inline void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -70478,16 +69313,16 @@ index 9568b90..6cc79f9 100644 mm->total_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -1723,7 +1737,7 @@ extern int unpoison_memory(unsigned long pfn); +@@ -1725,7 +1740,7 @@ extern int unpoison_memory(unsigned long pfn); extern int sysctl_memory_failure_early_kill; extern int sysctl_memory_failure_recovery; extern void shake_page(struct page *p, int access); --extern atomic_long_t mce_bad_pages; -+extern atomic_long_unchecked_t mce_bad_pages; +-extern atomic_long_t num_poisoned_pages; ++extern atomic_long_unchecked_t num_poisoned_pages; extern int soft_offline_page(struct page *page, int flags); extern void dump_page(struct page *page); -@@ -1754,5 +1768,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; } +@@ -1756,5 +1771,11 @@ static inline unsigned int debug_guardpage_minorder(void) { return 0; } static inline bool page_is_guard(struct page *page) { return false; } #endif /* CONFIG_DEBUG_PAGEALLOC */ @@ -70500,10 +69335,10 @@ index 9568b90..6cc79f9 100644 #endif /* __KERNEL__ */ #endif /* _LINUX_MM_H */ diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h -index f8f5162..3aaf20f 100644 +index ace9a5f..81bdb59 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h -@@ -288,6 +288,8 @@ struct vm_area_struct { +@@ -289,6 +289,8 @@ struct vm_area_struct { #ifdef CONFIG_NUMA struct mempolicy *vm_policy; /* NUMA policy for the VMA */ #endif @@ -70512,7 +69347,7 @@ index f8f5162..3aaf20f 100644 }; struct core_thread { -@@ -436,6 +438,24 @@ struct mm_struct { +@@ -437,6 +439,24 @@ struct mm_struct { int first_nid; #endif struct uprobes_state uprobes_state; @@ -70560,10 +69395,10 @@ index c5d5278..f0b68c8 100644 } diff --git a/include/linux/mmzone.h b/include/linux/mmzone.h -index 73b64a3..6562925 100644 +index c74092e..b663967 100644 --- a/include/linux/mmzone.h +++ b/include/linux/mmzone.h -@@ -412,7 +412,7 @@ struct zone { +@@ -396,7 +396,7 @@ struct zone { unsigned long flags; /* zone flags, see below */ /* Zone statistics */ @@ -70573,7 +69408,7 @@ index 73b64a3..6562925 100644 /* * The target ratio of ACTIVE_ANON to INACTIVE_ANON pages on diff --git a/include/linux/mod_devicetable.h b/include/linux/mod_devicetable.h -index fed3def..c933f99 100644 +index 779cf7c..e6768240 100644 --- a/include/linux/mod_devicetable.h +++ b/include/linux/mod_devicetable.h @@ -12,7 +12,7 @@ @@ -70585,7 +69420,7 @@ index fed3def..c933f99 100644 struct pci_device_id { __u32 vendor, device; /* Vendor and device ID or PCI_ANY_ID*/ -@@ -139,7 +139,7 @@ struct usb_device_id { +@@ -138,7 +138,7 @@ struct usb_device_id { #define USB_DEVICE_ID_MATCH_INT_PROTOCOL 0x0200 #define USB_DEVICE_ID_MATCH_INT_NUMBER 0x0400 @@ -70594,7 +69429,7 @@ index fed3def..c933f99 100644 #define HID_BUS_ANY 0xffff #define HID_GROUP_ANY 0x0000 -@@ -498,7 +498,7 @@ struct dmi_system_id { +@@ -464,7 +464,7 @@ struct dmi_system_id { const char *ident; struct dmi_strmatch matches[4]; void *driver_data; @@ -70604,7 +69439,7 @@ index fed3def..c933f99 100644 * struct dmi_device_id appears during expansion of * "MODULE_DEVICE_TABLE(dmi, x)". Compiler doesn't look inside it diff --git a/include/linux/module.h b/include/linux/module.h -index 1375ee3..ced8177 100644 +index ead1b57..81a3b6c 100644 --- a/include/linux/module.h +++ b/include/linux/module.h @@ -17,9 +17,11 @@ @@ -70694,34 +69529,34 @@ index 1375ee3..ced8177 100644 + return ((void *)addr >= start && (void *)addr < start + size); +} + -+static inline int within_module_core_rx(unsigned long addr, struct module *mod) ++static inline int within_module_core_rx(unsigned long addr, const struct module *mod) +{ + return within_module_range(addr, mod->module_core_rx, mod->core_size_rx); +} + -+static inline int within_module_core_rw(unsigned long addr, struct module *mod) ++static inline int within_module_core_rw(unsigned long addr, const struct module *mod) +{ + return within_module_range(addr, mod->module_core_rw, mod->core_size_rw); +} + -+static inline int within_module_init_rx(unsigned long addr, struct module *mod) ++static inline int within_module_init_rx(unsigned long addr, const struct module *mod) +{ + return within_module_range(addr, mod->module_init_rx, mod->init_size_rx); +} + -+static inline int within_module_init_rw(unsigned long addr, struct module *mod) ++static inline int within_module_init_rw(unsigned long addr, const struct module *mod) +{ + return within_module_range(addr, mod->module_init_rw, mod->init_size_rw); +} + - static inline int within_module_core(unsigned long addr, struct module *mod) + static inline int within_module_core(unsigned long addr, const struct module *mod) { - return (unsigned long)mod->module_core <= addr && - addr < (unsigned long)mod->module_core + mod->core_size; + return within_module_core_rx(addr, mod) || within_module_core_rw(addr, mod); } - static inline int within_module_init(unsigned long addr, struct module *mod) + static inline int within_module_init(unsigned long addr, const struct module *mod) { - return (unsigned long)mod->module_init <= addr && - addr < (unsigned long)mod->module_init + mod->init_size; @@ -70839,18 +69674,18 @@ index aa16731..514b875 100644 struct iovec; struct kvec; diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index 0e182f9..bd5d452 100644 +index 6151e90..2e0afb0 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -1012,6 +1012,7 @@ struct net_device_ops { - u32 pid, u32 seq, - struct net_device *dev); +@@ -1028,6 +1028,7 @@ struct net_device_ops { + int (*ndo_change_carrier)(struct net_device *dev, + bool new_carrier); }; +typedef struct net_device_ops __no_const net_device_ops_no_const; /* * The DEVICE structure. -@@ -1078,7 +1079,7 @@ struct net_device { +@@ -1094,7 +1095,7 @@ struct net_device { int iflink; struct net_device_stats stats; @@ -70886,7 +69721,7 @@ index 7958e84..ed74d7a 100644 /* The core set type structure */ struct ip_set_type { diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h -index 4966dde..7d8ce06 100644 +index ecbb8e4..8a1c4e1 100644 --- a/include/linux/netfilter/nfnetlink.h +++ b/include/linux/netfilter/nfnetlink.h @@ -16,7 +16,7 @@ struct nfnl_callback { @@ -70971,10 +69806,10 @@ index 45fc162..01a4068 100644 /** * struct hotplug_slot_info - used to notify the hotplug pci core of the state of the slot diff --git a/include/linux/perf_event.h b/include/linux/perf_event.h -index a280650..2b67b91 100644 +index 1d795df..727aa7b 100644 --- a/include/linux/perf_event.h +++ b/include/linux/perf_event.h -@@ -328,8 +328,8 @@ struct perf_event { +@@ -333,8 +333,8 @@ struct perf_event { enum perf_event_active_state state; unsigned int attach_state; @@ -70985,7 +69820,7 @@ index a280650..2b67b91 100644 /* * These are the total time in nanoseconds that the event -@@ -380,8 +380,8 @@ struct perf_event { +@@ -385,8 +385,8 @@ struct perf_event { * These accumulate total time (in nanoseconds) that children * events have been enabled and running, respectively. */ @@ -70996,7 +69831,37 @@ index a280650..2b67b91 100644 /* * Protect attach/detach and child_list: -@@ -807,7 +807,7 @@ static inline void perf_restore_debug_store(void) { } +@@ -704,7 +704,7 @@ static inline void perf_callchain_store(struct perf_callchain_entry *entry, u64 + entry->ip[entry->nr++] = ip; + } + +-extern int sysctl_perf_event_paranoid; ++extern int sysctl_perf_event_legitimately_concerned; + extern int sysctl_perf_event_mlock; + extern int sysctl_perf_event_sample_rate; + +@@ -714,17 +714,17 @@ extern int perf_proc_update_handler(struct ctl_table *table, int write, + + static inline bool perf_paranoid_tracepoint_raw(void) + { +- return sysctl_perf_event_paranoid > -1; ++ return sysctl_perf_event_legitimately_concerned > -1; + } + + static inline bool perf_paranoid_cpu(void) + { +- return sysctl_perf_event_paranoid > 0; ++ return sysctl_perf_event_legitimately_concerned > 0; + } + + static inline bool perf_paranoid_kernel(void) + { +- return sysctl_perf_event_paranoid > 1; ++ return sysctl_perf_event_legitimately_concerned > 1; + } + + extern void perf_event_init(void); +@@ -812,7 +812,7 @@ static inline void perf_restore_debug_store(void) { } */ #define perf_cpu_notifier(fn) \ do { \ @@ -71005,6 +69870,15 @@ index a280650..2b67b91 100644 { .notifier_call = fn, .priority = CPU_PRI_PERF }; \ unsigned long cpu = smp_processor_id(); \ unsigned long flags; \ +@@ -831,7 +831,7 @@ do { \ + struct perf_pmu_events_attr { + struct device_attribute attr; + u64 id; +-}; ++} __do_const; + + #define PMU_EVENT_ATTR(_name, _var, _id, _show) \ + static struct perf_pmu_events_attr _var = { \ diff --git a/include/linux/pipe_fs_i.h b/include/linux/pipe_fs_i.h index ad1a427..6419649 100644 --- a/include/linux/pipe_fs_i.h @@ -71062,10 +69936,10 @@ index 7c1d252..c5c773e 100644 struct generic_pm_domain { diff --git a/include/linux/pm_runtime.h b/include/linux/pm_runtime.h -index f271860..6b3bec5 100644 +index 7d7e09e..8671ef8 100644 --- a/include/linux/pm_runtime.h +++ b/include/linux/pm_runtime.h -@@ -97,7 +97,7 @@ static inline bool pm_runtime_callbacks_present(struct device *dev) +@@ -104,7 +104,7 @@ static inline bool pm_runtime_callbacks_present(struct device *dev) static inline void pm_runtime_mark_last_busy(struct device *dev) { @@ -71129,31 +70003,31 @@ index 4ea1d37..80f4b33 100644 /* * The return value from decompress routine is the length of the diff --git a/include/linux/printk.h b/include/linux/printk.h -index 9afc01e..92c32e8 100644 +index 822171f..12b30e8 100644 --- a/include/linux/printk.h +++ b/include/linux/printk.h -@@ -101,6 +101,8 @@ void early_printk(const char *fmt, ...); - extern int printk_needs_cpu(int cpu); - extern void printk_tick(void); +@@ -98,6 +98,8 @@ int no_printk(const char *fmt, ...) + extern asmlinkage __printf(1, 2) + void early_printk(const char *fmt, ...); +extern int kptr_restrict; + #ifdef CONFIG_PRINTK asmlinkage __printf(5, 0) int vprintk_emit(int facility, int level, -@@ -135,7 +137,6 @@ extern bool printk_timed_ratelimit(unsigned long *caller_jiffies, +@@ -132,7 +134,6 @@ extern bool printk_timed_ratelimit(unsigned long *caller_jiffies, extern int printk_delay_msec; extern int dmesg_restrict; -extern int kptr_restrict; - void log_buf_kexec_setup(void); - void __init setup_log_buf(int early); + extern void wake_up_klogd(void); + diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h -index 32676b3..e46f2c0 100644 +index 94dfb2a..88b9d3b 100644 --- a/include/linux/proc_fs.h +++ b/include/linux/proc_fs.h -@@ -159,6 +159,18 @@ static inline struct proc_dir_entry *proc_create(const char *name, umode_t mode, +@@ -165,6 +165,18 @@ static inline struct proc_dir_entry *proc_create(const char *name, umode_t mode, return proc_create_data(name, mode, parent, proc_fops, NULL); } @@ -71172,7 +70046,7 @@ index 32676b3..e46f2c0 100644 static inline struct proc_dir_entry *create_proc_read_entry(const char *name, umode_t mode, struct proc_dir_entry *base, read_proc_t *read_proc, void * data) -@@ -268,7 +280,7 @@ struct proc_ns_operations { +@@ -266,7 +278,7 @@ struct proc_ns_operations { void (*put)(void *ns); int (*install)(struct nsproxy *nsproxy, void *ns); unsigned int (*inum)(void *ns); @@ -71182,7 +70056,7 @@ index 32676b3..e46f2c0 100644 extern const struct proc_ns_operations utsns_operations; extern const struct proc_ns_operations ipcns_operations; diff --git a/include/linux/random.h b/include/linux/random.h -index d984608..d6f0042 100644 +index 347ce55..880f97c 100644 --- a/include/linux/random.h +++ b/include/linux/random.h @@ -39,6 +39,11 @@ void prandom_seed(u32 seed); @@ -71198,7 +70072,7 @@ index d984608..d6f0042 100644 * Handle minimum values for seeds */ diff --git a/include/linux/rculist.h b/include/linux/rculist.h -index c92dd28..08f4eab 100644 +index 8089e35..3a0d59a 100644 --- a/include/linux/rculist.h +++ b/include/linux/rculist.h @@ -44,6 +44,9 @@ extern void __list_add_rcu(struct list_head *new, @@ -71325,7 +70199,7 @@ index a3e7842..d973ca6 100644 #define RIO_RESOURCE_MEM 0x00000100 #define RIO_RESOURCE_DOORBELL 0x00000200 diff --git a/include/linux/rmap.h b/include/linux/rmap.h -index c20635c..2f5def4 100644 +index 6dacb93..6174423 100644 --- a/include/linux/rmap.h +++ b/include/linux/rmap.h @@ -145,8 +145,8 @@ static inline void anon_vma_unlock_read(struct anon_vma *anon_vma) @@ -71340,10 +70214,10 @@ index c20635c..2f5def4 100644 static inline void anon_vma_merge(struct vm_area_struct *vma, struct vm_area_struct *next) diff --git a/include/linux/sched.h b/include/linux/sched.h -index f5ad26e..aa97a06 100644 +index be4e742..7f9d593 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h -@@ -61,6 +61,7 @@ struct bio_list; +@@ -62,6 +62,7 @@ struct bio_list; struct fs_struct; struct perf_event_context; struct blk_plug; @@ -71351,7 +70225,7 @@ index f5ad26e..aa97a06 100644 /* * List of flags we want to share for kernel threads, -@@ -328,7 +329,7 @@ extern char __sched_text_start[], __sched_text_end[]; +@@ -315,7 +316,7 @@ extern char __sched_text_start[], __sched_text_end[]; extern int in_sched_functions(unsigned long addr); #define MAX_SCHEDULE_TIMEOUT LONG_MAX @@ -71360,12 +70234,7 @@ index f5ad26e..aa97a06 100644 extern signed long schedule_timeout_interruptible(signed long timeout); extern signed long schedule_timeout_killable(signed long timeout); extern signed long schedule_timeout_uninterruptible(signed long timeout); -@@ -355,10 +356,23 @@ struct user_namespace; - #define DEFAULT_MAX_MAP_COUNT (USHRT_MAX - MAPCOUNT_ELF_CORE_MARGIN) - - extern int sysctl_max_map_count; -+extern unsigned long sysctl_heap_stack_gap; - +@@ -329,6 +330,18 @@ struct user_namespace; #include <linux/aio.h> #ifdef CONFIG_MMU @@ -71384,7 +70253,7 @@ index f5ad26e..aa97a06 100644 extern void arch_pick_mmap_layout(struct mm_struct *mm); extern unsigned long arch_get_unmapped_area(struct file *, unsigned long, unsigned long, -@@ -640,6 +654,17 @@ struct signal_struct { +@@ -605,6 +618,17 @@ struct signal_struct { #ifdef CONFIG_TASKSTATS struct taskstats *stats; #endif @@ -71402,7 +70271,7 @@ index f5ad26e..aa97a06 100644 #ifdef CONFIG_AUDIT unsigned audit_tty; struct tty_audit_buf *tty_audit_buf; -@@ -718,6 +743,11 @@ struct user_struct { +@@ -683,6 +707,11 @@ struct user_struct { struct key *session_keyring; /* UID's default session keyring */ #endif @@ -71414,7 +70283,7 @@ index f5ad26e..aa97a06 100644 /* Hash table maintenance information */ struct hlist_node uidhash_node; kuid_t uid; -@@ -1117,7 +1147,7 @@ struct sched_class { +@@ -1082,7 +1111,7 @@ struct sched_class { #ifdef CONFIG_FAIR_GROUP_SCHED void (*task_move_group) (struct task_struct *p, int on_rq); #endif @@ -71423,7 +70292,7 @@ index f5ad26e..aa97a06 100644 struct load_weight { unsigned long weight, inv_weight; -@@ -1361,8 +1391,8 @@ struct task_struct { +@@ -1323,8 +1352,8 @@ struct task_struct { struct list_head thread_group; struct completion *vfork_done; /* for vfork() */ @@ -71434,7 +70303,7 @@ index f5ad26e..aa97a06 100644 cputime_t utime, stime, utimescaled, stimescaled; cputime_t gtime; -@@ -1378,11 +1408,6 @@ struct task_struct { +@@ -1349,11 +1378,6 @@ struct task_struct { struct task_cputime cputime_expires; struct list_head cpu_timers[3]; @@ -71446,7 +70315,7 @@ index f5ad26e..aa97a06 100644 char comm[TASK_COMM_LEN]; /* executable name excluding path - access with [gs]et_task_comm (which lock it with task_lock()) -@@ -1399,6 +1424,10 @@ struct task_struct { +@@ -1370,6 +1394,10 @@ struct task_struct { #endif /* CPU-specific state of this task */ struct thread_struct thread; @@ -71457,7 +70326,7 @@ index f5ad26e..aa97a06 100644 /* filesystem information */ struct fs_struct *fs; /* open file information */ -@@ -1472,6 +1501,10 @@ struct task_struct { +@@ -1443,6 +1471,10 @@ struct task_struct { gfp_t lockdep_reclaim_gfp; #endif @@ -71468,7 +70337,7 @@ index f5ad26e..aa97a06 100644 /* journalling filesystem info */ void *journal_info; -@@ -1510,6 +1543,10 @@ struct task_struct { +@@ -1481,6 +1513,10 @@ struct task_struct { /* cg_list protected by css_set_lock and tsk->alloc_lock */ struct list_head cg_list; #endif @@ -71479,7 +70348,7 @@ index f5ad26e..aa97a06 100644 #ifdef CONFIG_FUTEX struct robust_list_head __user *robust_list; #ifdef CONFIG_COMPAT -@@ -1606,8 +1643,74 @@ struct task_struct { +@@ -1577,8 +1613,74 @@ struct task_struct { #ifdef CONFIG_UPROBES struct uprobe_task *utask; #endif @@ -71554,7 +70423,7 @@ index f5ad26e..aa97a06 100644 /* Future-safe accessor for struct task_struct's cpus_allowed. */ #define tsk_cpus_allowed(tsk) (&(tsk)->cpus_allowed) -@@ -1697,7 +1800,7 @@ struct pid_namespace; +@@ -1637,7 +1739,7 @@ struct pid_namespace; pid_t __task_pid_nr_ns(struct task_struct *task, enum pid_type type, struct pid_namespace *ns); @@ -71563,7 +70432,7 @@ index f5ad26e..aa97a06 100644 { return tsk->pid; } -@@ -2156,7 +2259,9 @@ void yield(void); +@@ -2073,7 +2175,9 @@ void yield(void); extern struct exec_domain default_exec_domain; union thread_union { @@ -71573,7 +70442,7 @@ index f5ad26e..aa97a06 100644 unsigned long stack[THREAD_SIZE/sizeof(long)]; }; -@@ -2189,6 +2294,7 @@ extern struct pid_namespace init_pid_ns; +@@ -2106,6 +2210,7 @@ extern struct pid_namespace init_pid_ns; */ extern struct task_struct *find_task_by_vpid(pid_t nr); @@ -71581,7 +70450,7 @@ index f5ad26e..aa97a06 100644 extern struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns); -@@ -2345,7 +2451,7 @@ extern void __cleanup_sighand(struct sighand_struct *); +@@ -2272,7 +2377,7 @@ extern void __cleanup_sighand(struct sighand_struct *); extern void exit_itimers(struct signal_struct *); extern void flush_itimer_signals(void); @@ -71590,7 +70459,7 @@ index f5ad26e..aa97a06 100644 extern int allow_signal(int); extern int disallow_signal(int); -@@ -2536,9 +2642,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) +@@ -2463,9 +2568,9 @@ static inline unsigned long *end_of_stack(struct task_struct *p) #endif @@ -71602,8 +70471,20 @@ index f5ad26e..aa97a06 100644 return (obj >= stack) && (obj < (stack + THREAD_SIZE)); } +diff --git a/include/linux/sched/sysctl.h b/include/linux/sched/sysctl.h +index bf8086b..962b035 100644 +--- a/include/linux/sched/sysctl.h ++++ b/include/linux/sched/sysctl.h +@@ -30,6 +30,7 @@ enum { sysctl_hung_task_timeout_secs = 0 }; + #define DEFAULT_MAX_MAP_COUNT (USHRT_MAX - MAPCOUNT_ELF_CORE_MARGIN) + + extern int sysctl_max_map_count; ++extern unsigned long sysctl_heap_stack_gap; + + extern unsigned int sysctl_sched_latency; + extern unsigned int sysctl_sched_min_granularity; diff --git a/include/linux/security.h b/include/linux/security.h -index eee7478..290f7ba 100644 +index 032c366..2c1c2dc2 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -26,6 +26,7 @@ @@ -71652,10 +70533,10 @@ index 429c199..4d42e38 100644 /* shm_mode upper byte flags */ diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 9fe54b6..a9de68d 100644 +index b8292d8..96db310 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -590,7 +590,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, +@@ -599,7 +599,7 @@ extern bool skb_try_coalesce(struct sk_buff *to, struct sk_buff *from, extern struct sk_buff *__alloc_skb(unsigned int size, gfp_t priority, int flags, int node); extern struct sk_buff *build_skb(void *data, unsigned int frag_size); @@ -71664,7 +70545,7 @@ index 9fe54b6..a9de68d 100644 gfp_t priority) { return __alloc_skb(size, priority, 0, NUMA_NO_NODE); -@@ -700,7 +700,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb) +@@ -709,7 +709,7 @@ static inline struct skb_shared_hwtstamps *skb_hwtstamps(struct sk_buff *skb) */ static inline int skb_queue_empty(const struct sk_buff_head *list) { @@ -71673,7 +70554,7 @@ index 9fe54b6..a9de68d 100644 } /** -@@ -713,7 +713,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list) +@@ -722,7 +722,7 @@ static inline int skb_queue_empty(const struct sk_buff_head *list) static inline bool skb_queue_is_last(const struct sk_buff_head *list, const struct sk_buff *skb) { @@ -71682,7 +70563,7 @@ index 9fe54b6..a9de68d 100644 } /** -@@ -726,7 +726,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list, +@@ -735,7 +735,7 @@ static inline bool skb_queue_is_last(const struct sk_buff_head *list, static inline bool skb_queue_is_first(const struct sk_buff_head *list, const struct sk_buff *skb) { @@ -71691,7 +70572,7 @@ index 9fe54b6..a9de68d 100644 } /** -@@ -1727,7 +1727,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) +@@ -1756,7 +1756,7 @@ static inline int pskb_network_may_pull(struct sk_buff *skb, unsigned int len) * NET_IP_ALIGN(2) + ethernet_header(14) + IP_header(20/40) + ports(8) */ #ifndef NET_SKB_PAD @@ -71700,7 +70581,7 @@ index 9fe54b6..a9de68d 100644 #endif extern int ___pskb_trim(struct sk_buff *skb, unsigned int len); -@@ -2305,7 +2305,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, +@@ -2351,7 +2351,7 @@ extern struct sk_buff *skb_recv_datagram(struct sock *sk, unsigned flags, int noblock, int *err); extern unsigned int datagram_poll(struct file *file, struct socket *sock, struct poll_table_struct *wait); @@ -71709,7 +70590,7 @@ index 9fe54b6..a9de68d 100644 int offset, struct iovec *to, int size); extern int skb_copy_and_csum_datagram_iovec(struct sk_buff *skb, -@@ -2595,6 +2595,9 @@ static inline void nf_reset(struct sk_buff *skb) +@@ -2641,6 +2641,9 @@ static inline void nf_reset(struct sk_buff *skb) nf_bridge_put(skb->nf_bridge); skb->nf_bridge = NULL; #endif @@ -71986,20 +70867,11 @@ index 680f9a3..f13aeb0 100644 __SONET_ITEMS #undef __HANDLE_ITEM }; -diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h -index 34206b8..3db7f1c 100644 ---- a/include/linux/sunrpc/clnt.h -+++ b/include/linux/sunrpc/clnt.h -@@ -96,7 +96,7 @@ struct rpc_procinfo { - unsigned int p_timer; /* Which RTT timer to use */ - u32 p_statidx; /* Which procedure to account */ - const char * p_name; /* name of procedure */ --}; -+} __do_const; - - #ifdef __KERNEL__ - -@@ -176,9 +176,9 @@ static inline unsigned short rpc_get_port(const struct sockaddr *sap) +diff --git a/include/linux/sunrpc/addr.h b/include/linux/sunrpc/addr.h +index 07d8e53..dc934c9 100644 +--- a/include/linux/sunrpc/addr.h ++++ b/include/linux/sunrpc/addr.h +@@ -23,9 +23,9 @@ static inline unsigned short rpc_get_port(const struct sockaddr *sap) { switch (sap->sa_family) { case AF_INET: @@ -72011,7 +70883,7 @@ index 34206b8..3db7f1c 100644 } return 0; } -@@ -211,7 +211,7 @@ static inline bool __rpc_cmp_addr4(const struct sockaddr *sap1, +@@ -58,7 +58,7 @@ static inline bool __rpc_cmp_addr4(const struct sockaddr *sap1, static inline bool __rpc_copy_addr4(struct sockaddr *dst, const struct sockaddr *src) { @@ -72020,7 +70892,7 @@ index 34206b8..3db7f1c 100644 struct sockaddr_in *dsin = (struct sockaddr_in *) dst; dsin->sin_family = ssin->sin_family; -@@ -314,7 +314,7 @@ static inline u32 rpc_get_scope_id(const struct sockaddr *sa) +@@ -164,7 +164,7 @@ static inline u32 rpc_get_scope_id(const struct sockaddr *sa) if (sa->sa_family != AF_INET6) return 0; @@ -72028,12 +70900,25 @@ index 34206b8..3db7f1c 100644 + return ((const struct sockaddr_in6 *) sa)->sin6_scope_id; } - #endif /* __KERNEL__ */ + #endif /* _LINUX_SUNRPC_ADDR_H */ +diff --git a/include/linux/sunrpc/clnt.h b/include/linux/sunrpc/clnt.h +index 2cf4ffa..470d140 100644 +--- a/include/linux/sunrpc/clnt.h ++++ b/include/linux/sunrpc/clnt.h +@@ -96,7 +96,7 @@ struct rpc_procinfo { + unsigned int p_timer; /* Which RTT timer to use */ + u32 p_statidx; /* Which procedure to account */ + const char * p_name; /* name of procedure */ +-}; ++} __do_const; + + #ifdef __KERNEL__ + diff --git a/include/linux/sunrpc/svc.h b/include/linux/sunrpc/svc.h -index 676ddf5..4c519a1 100644 +index 1f0216b..6a4fa50 100644 --- a/include/linux/sunrpc/svc.h +++ b/include/linux/sunrpc/svc.h -@@ -410,7 +410,7 @@ struct svc_procedure { +@@ -411,7 +411,7 @@ struct svc_procedure { unsigned int pc_count; /* call count */ unsigned int pc_cachetype; /* cache info (NFS) */ unsigned int pc_xdrressize; /* maximum size of XDR reply */ @@ -72072,7 +70957,7 @@ index 0b8e3e6..33e0a01 100644 #define RPCRDMA_VERSION 1 diff --git a/include/linux/sunrpc/svcauth.h b/include/linux/sunrpc/svcauth.h -index dd74084a..7f509d5 100644 +index ff374ab..7fd2ecb 100644 --- a/include/linux/sunrpc/svcauth.h +++ b/include/linux/sunrpc/svcauth.h @@ -109,7 +109,7 @@ struct auth_ops { @@ -72085,10 +70970,10 @@ index dd74084a..7f509d5 100644 #define SVC_GARBAGE 1 #define SVC_SYSERR 2 diff --git a/include/linux/swiotlb.h b/include/linux/swiotlb.h -index 071d62c..4ccc7ac 100644 +index a5ffd32..0935dea 100644 --- a/include/linux/swiotlb.h +++ b/include/linux/swiotlb.h -@@ -59,7 +59,8 @@ extern void +@@ -60,7 +60,8 @@ extern void extern void swiotlb_free_coherent(struct device *hwdev, size_t size, @@ -72099,10 +70984,10 @@ index 071d62c..4ccc7ac 100644 extern dma_addr_t swiotlb_map_page(struct device *dev, struct page *page, unsigned long offset, size_t size, diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h -index 45e2db2..1635156a 100644 +index 313a8e0..1da8fc6 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h -@@ -615,7 +615,7 @@ asmlinkage long sys_getsockname(int, struct sockaddr __user *, int __user *); +@@ -634,7 +634,7 @@ asmlinkage long sys_getsockname(int, struct sockaddr __user *, int __user *); asmlinkage long sys_getpeername(int, struct sockaddr __user *, int __user *); asmlinkage long sys_send(int, void __user *, size_t, unsigned); asmlinkage long sys_sendto(int, void __user *, size_t, unsigned, @@ -72156,7 +71041,7 @@ index 14a8ff2..af52bad 100644 struct ctl_node { struct rb_node node; diff --git a/include/linux/sysfs.h b/include/linux/sysfs.h -index 381f06d..dc16cc7 100644 +index e2cee22..3ddb921 100644 --- a/include/linux/sysfs.h +++ b/include/linux/sysfs.h @@ -31,7 +31,8 @@ struct attribute { @@ -72232,7 +71117,7 @@ index e7e0473..7989295 100644 #endif /* _LINUX_THREAD_INFO_H */ diff --git a/include/linux/tty.h b/include/linux/tty.h -index 8db1b56..c16a040 100644 +index c75d886..04cb148 100644 --- a/include/linux/tty.h +++ b/include/linux/tty.h @@ -194,7 +194,7 @@ struct tty_port { @@ -72244,7 +71129,7 @@ index 8db1b56..c16a040 100644 wait_queue_head_t open_wait; /* Open waiters */ wait_queue_head_t close_wait; /* Close waiters */ wait_queue_head_t delta_msr_wait; /* Modem status change */ -@@ -490,7 +490,7 @@ extern int tty_port_open(struct tty_port *port, +@@ -515,7 +515,7 @@ extern int tty_port_open(struct tty_port *port, struct tty_struct *tty, struct file *filp); static inline int tty_port_users(struct tty_port *port) { @@ -72254,10 +71139,10 @@ index 8db1b56..c16a040 100644 extern int tty_register_ldisc(int disc, struct tty_ldisc_ops *new_ldisc); diff --git a/include/linux/tty_driver.h b/include/linux/tty_driver.h -index dd976cf..e272742 100644 +index 756a609..b302dd6 100644 --- a/include/linux/tty_driver.h +++ b/include/linux/tty_driver.h -@@ -284,7 +284,7 @@ struct tty_operations { +@@ -285,7 +285,7 @@ struct tty_operations { void (*poll_put_char)(struct tty_driver *driver, int line, char ch); #endif const struct file_operations *proc_fops; @@ -72267,10 +71152,10 @@ index dd976cf..e272742 100644 struct tty_driver { int magic; /* magic number for this structure */ diff --git a/include/linux/tty_ldisc.h b/include/linux/tty_ldisc.h -index fb79dd8d..07d4773 100644 +index 455a0d7..bf97ff5 100644 --- a/include/linux/tty_ldisc.h +++ b/include/linux/tty_ldisc.h -@@ -149,7 +149,7 @@ struct tty_ldisc_ops { +@@ -146,7 +146,7 @@ struct tty_ldisc_ops { struct module *owner; @@ -72429,42 +71314,6 @@ index c5d36c6..108f4f9 100644 /* * callback functions for platform -diff --git a/include/linux/user_namespace.h b/include/linux/user_namespace.h -index 5209cfe..b6b215f 100644 ---- a/include/linux/user_namespace.h -+++ b/include/linux/user_namespace.h -@@ -21,7 +21,7 @@ struct user_namespace { - struct uid_gid_map uid_map; - struct uid_gid_map gid_map; - struct uid_gid_map projid_map; -- struct kref kref; -+ atomic_t count; - struct user_namespace *parent; - kuid_t owner; - kgid_t group; -@@ -37,18 +37,18 @@ extern struct user_namespace init_user_ns; - static inline struct user_namespace *get_user_ns(struct user_namespace *ns) - { - if (ns) -- kref_get(&ns->kref); -+ atomic_inc(&ns->count); - return ns; - } - - extern int create_user_ns(struct cred *new); - extern int unshare_userns(unsigned long unshare_flags, struct cred **new_cred); --extern void free_user_ns(struct kref *kref); -+extern void free_user_ns(struct user_namespace *ns); - - static inline void put_user_ns(struct user_namespace *ns) - { -- if (ns) -- kref_put(&ns->kref, free_user_ns); -+ if (ns && atomic_dec_and_test(&ns->count)) -+ free_user_ns(ns); - } - - struct seq_operations; diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h index 6f8fbcf..8259001 100644 --- a/include/linux/vermagic.h @@ -72543,7 +71392,7 @@ index 6071e91..ca6a489 100644 /* * Internals. Dont't use.. diff --git a/include/linux/vmstat.h b/include/linux/vmstat.h -index a13291f..af51fa3 100644 +index 5fd71a7..e5ef9a9 100644 --- a/include/linux/vmstat.h +++ b/include/linux/vmstat.h @@ -95,18 +95,18 @@ static inline void vm_events_fold_cpu(int cpu) @@ -72610,7 +71459,7 @@ index a13291f..af51fa3 100644 static inline void __dec_zone_page_state(struct page *page, diff --git a/include/linux/xattr.h b/include/linux/xattr.h -index fdbafc6..b7ffd47 100644 +index fdbafc6..49dfe4f 100644 --- a/include/linux/xattr.h +++ b/include/linux/xattr.h @@ -28,7 +28,7 @@ struct xattr_handler { @@ -72622,6 +71471,16 @@ index fdbafc6..b7ffd47 100644 struct xattr { char *name; +@@ -37,6 +37,9 @@ struct xattr { + }; + + ssize_t xattr_getsecurity(struct inode *, const char *, void *, size_t); ++#ifdef CONFIG_PAX_XATTR_PAX_FLAGS ++ssize_t pax_getxattr(struct dentry *, void *, size_t); ++#endif + ssize_t vfs_getxattr(struct dentry *, const char *, void *, size_t); + ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size); + int __vfs_setxattr_noperm(struct dentry *, const char *, const void *, size_t, int); diff --git a/include/linux/zlib.h b/include/linux/zlib.h index 9c5a6b4..09c9438 100644 --- a/include/linux/zlib.h @@ -72682,10 +71541,10 @@ index adcbb20..62c2559 100644 void v9fs_register_trans(struct p9_trans_module *m); void v9fs_unregister_trans(struct p9_trans_module *m); diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h -index 7588ef4..e62d35f 100644 +index cdd3302..76f8ede 100644 --- a/include/net/bluetooth/l2cap.h +++ b/include/net/bluetooth/l2cap.h -@@ -552,7 +552,7 @@ struct l2cap_ops { +@@ -551,7 +551,7 @@ struct l2cap_ops { void (*defer) (struct l2cap_chan *chan); struct sk_buff *(*alloc_skb) (struct l2cap_chan *chan, unsigned long len, int nb); @@ -72744,7 +71603,7 @@ index bdfbe68..4402ebe 100644 extern int genl_register_family(struct genl_family *family); extern int genl_register_family_with_ops(struct genl_family *family, diff --git a/include/net/gro_cells.h b/include/net/gro_cells.h -index e5062c9..48a9a4b 100644 +index 734d9b5..48a9a4b 100644 --- a/include/net/gro_cells.h +++ b/include/net/gro_cells.h @@ -29,7 +29,7 @@ static inline void gro_cells_receive(struct gro_cells *gcells, struct sk_buff *s @@ -72756,17 +71615,6 @@ index e5062c9..48a9a4b 100644 kfree_skb(skb); return; } -@@ -73,8 +73,8 @@ static inline int gro_cells_init(struct gro_cells *gcells, struct net_device *de - int i; - - gcells->gro_cells_mask = roundup_pow_of_two(netif_get_num_default_rss_queues()) - 1; -- gcells->cells = kcalloc(sizeof(struct gro_cell), -- gcells->gro_cells_mask + 1, -+ gcells->cells = kcalloc(gcells->gro_cells_mask + 1, -+ sizeof(struct gro_cell), - GFP_KERNEL); - if (!gcells->cells) - return -ENOMEM; diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h index 1832927..ce39aea 100644 --- a/include/net/inet_connection_sock.h @@ -72836,7 +71684,7 @@ index e49db91..76a81de 100644 fib_info_update_nh_saddr((net), &FIB_RES_NH(res))) #define FIB_RES_GW(res) (FIB_RES_NH(res).nh_gw) diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h -index 68c69d5..bdab192 100644 +index fce8e6b..3ca4916 100644 --- a/include/net/ip_vs.h +++ b/include/net/ip_vs.h @@ -599,7 +599,7 @@ struct ip_vs_conn { @@ -72857,7 +71705,7 @@ index 68c69d5..bdab192 100644 atomic_t weight; /* server weight */ atomic_t refcnt; /* reference counter */ -@@ -980,11 +980,11 @@ struct netns_ipvs { +@@ -981,11 +981,11 @@ struct netns_ipvs { /* ip_vs_lblc */ int sysctl_lblc_expiration; struct ctl_table_header *lblc_ctl_header; @@ -72884,10 +71732,10 @@ index 80ffde3..968b0f4 100644 #include <net/irda/irias_object.h> #include <net/irda/ircomm_core.h> diff --git a/include/net/iucv/af_iucv.h b/include/net/iucv/af_iucv.h -index cc7c197..9f2da2a 100644 +index 714cc9a..ea05f3e 100644 --- a/include/net/iucv/af_iucv.h +++ b/include/net/iucv/af_iucv.h -@@ -141,7 +141,7 @@ struct iucv_sock { +@@ -149,7 +149,7 @@ struct iucv_skb_cb { struct iucv_sock_list { struct hlist_head head; rwlock_t lock; @@ -72964,10 +71812,10 @@ index 567c681..cd73ac0 100644 struct llc_sap_state { u8 curr_state; diff --git a/include/net/mac80211.h b/include/net/mac80211.h -index ee50c5e..1bc3b1a 100644 +index f7eba13..91ed983 100644 --- a/include/net/mac80211.h +++ b/include/net/mac80211.h -@@ -3996,7 +3996,7 @@ struct rate_control_ops { +@@ -4119,7 +4119,7 @@ struct rate_control_ops { void (*add_sta_debugfs)(void *priv, void *priv_sta, struct dentry *dir); void (*remove_sta_debugfs)(void *priv, void *priv_sta); @@ -72977,7 +71825,7 @@ index ee50c5e..1bc3b1a 100644 static inline int rate_supported(struct ieee80211_sta *sta, enum ieee80211_band band, diff --git a/include/net/neighbour.h b/include/net/neighbour.h -index 0dab173..1b76af0 100644 +index 7e748ad..5c6229b 100644 --- a/include/net/neighbour.h +++ b/include/net/neighbour.h @@ -123,7 +123,7 @@ struct neigh_ops { @@ -73065,7 +71913,7 @@ index 9690b0f..87aded7 100644 /** diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h -index 923cb20..deae816 100644 +index c9c0c53..53f24c3 100644 --- a/include/net/netns/conntrack.h +++ b/include/net/netns/conntrack.h @@ -12,10 +12,10 @@ struct nf_conntrack_ecache; @@ -73091,10 +71939,10 @@ index 923cb20..deae816 100644 }; diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h -index 2ae2b83..dbdc85e 100644 +index 2ba9de8..47bd6c7 100644 --- a/include/net/netns/ipv4.h +++ b/include/net/netns/ipv4.h -@@ -64,7 +64,7 @@ struct netns_ipv4 { +@@ -67,7 +67,7 @@ struct netns_ipv4 { kgid_t sysctl_ping_group_range[2]; long sysctl_tcp_mem[3]; @@ -73139,7 +71987,7 @@ index 5a15fab..d799ea7 100644 extern int __rtnl_link_register(struct rtnl_link_ops *ops); extern void __rtnl_link_unregister(struct rtnl_link_ops *ops); diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h -index 7fdf298..197e9f7 100644 +index df85a0c..19ac300 100644 --- a/include/net/sctp/sctp.h +++ b/include/net/sctp/sctp.h @@ -330,9 +330,9 @@ do { \ @@ -73178,7 +72026,7 @@ index 2a82d13..62a31c2 100644 /* Get the size of a DATA chunk payload. */ diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h -index fdeb85a..1329d95 100644 +index 0e0f9d2..cd05ebb 100644 --- a/include/net/sctp/structs.h +++ b/include/net/sctp/structs.h @@ -517,7 +517,7 @@ struct sctp_pf { @@ -73203,10 +72051,10 @@ index c2e542b..6ca975b 100644 extern __u32 secure_ipv6_id(const __be32 daddr[4]); extern u32 secure_ipv4_port_ephemeral(__be32 saddr, __be32 daddr, __be16 dport); diff --git a/include/net/sock.h b/include/net/sock.h -index 25afaa0..8bb0070 100644 +index 14f6e9d..7cd56d0 100644 --- a/include/net/sock.h +++ b/include/net/sock.h -@@ -322,7 +322,7 @@ struct sock { +@@ -325,7 +325,7 @@ struct sock { #ifdef CONFIG_RPS __u32 sk_rxhash; #endif @@ -73215,7 +72063,7 @@ index 25afaa0..8bb0070 100644 int sk_rcvbuf; struct sk_filter __rcu *sk_filter; -@@ -1781,7 +1781,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) +@@ -1784,7 +1784,7 @@ static inline void sk_nocaps_add(struct sock *sk, netdev_features_t flags) } static inline int skb_do_copy_data_nocache(struct sock *sk, struct sk_buff *skb, @@ -73224,7 +72072,7 @@ index 25afaa0..8bb0070 100644 int copy, int offset) { if (skb->ip_summed == CHECKSUM_NONE) { -@@ -2040,7 +2040,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) +@@ -2043,7 +2043,7 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk) } } @@ -73234,10 +72082,10 @@ index 25afaa0..8bb0070 100644 /** * sk_page_frag - return an appropriate page_frag diff --git a/include/net/tcp.h b/include/net/tcp.h -index aed42c7..43890c6 100644 +index cf0694d..52a6881 100644 --- a/include/net/tcp.h +++ b/include/net/tcp.h -@@ -530,7 +530,7 @@ extern void tcp_retransmit_timer(struct sock *sk); +@@ -529,7 +529,7 @@ extern void tcp_retransmit_timer(struct sock *sk); extern void tcp_xmit_retransmit_queue(struct sock *); extern void tcp_simple_retransmit(struct sock *); extern int tcp_trim_head(struct sock *, struct sk_buff *, u32); @@ -73246,7 +72094,7 @@ index aed42c7..43890c6 100644 extern void tcp_send_probe0(struct sock *); extern void tcp_send_partial(struct sock *); -@@ -701,8 +701,8 @@ struct tcp_skb_cb { +@@ -700,8 +700,8 @@ struct tcp_skb_cb { struct inet6_skb_parm h6; #endif } header; /* For incoming frames */ @@ -73257,7 +72105,7 @@ index aed42c7..43890c6 100644 __u32 when; /* used to compute rtt's */ __u8 tcp_flags; /* TCP header flags. (tcp[13]) */ -@@ -716,7 +716,7 @@ struct tcp_skb_cb { +@@ -715,7 +715,7 @@ struct tcp_skb_cb { __u8 ip_dsfield; /* IPv4 tos or IPv6 dsfield */ /* 1 byte hole */ @@ -73267,7 +72115,7 @@ index aed42c7..43890c6 100644 #define TCP_SKB_CB(__skb) ((struct tcp_skb_cb *)&((__skb)->cb[0])) diff --git a/include/net/xfrm.h b/include/net/xfrm.h -index 63445ed..d6fc34f 100644 +index 24c8886..e6fb816 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -304,7 +304,7 @@ struct xfrm_policy_afinfo { @@ -73297,7 +72145,7 @@ index 63445ed..d6fc34f 100644 /* Flags for xfrm_mode. */ enum { -@@ -514,7 +514,7 @@ struct xfrm_policy { +@@ -520,7 +520,7 @@ struct xfrm_policy { struct timer_list timer; struct flow_cache_object flo; @@ -73320,7 +72168,7 @@ index 1a046b1..ee0bef0 100644 /** * iw_create_cm_id - Create an IW CM identifier. diff --git a/include/scsi/libfc.h b/include/scsi/libfc.h -index 399162b..b337f1a 100644 +index e1379b4..67eafbe 100644 --- a/include/scsi/libfc.h +++ b/include/scsi/libfc.h @@ -762,6 +762,7 @@ struct libfc_function_template { @@ -73341,10 +72189,10 @@ index 399162b..b337f1a 100644 u8 qfull; enum fc_lport_state state; diff --git a/include/scsi/scsi_device.h b/include/scsi/scsi_device.h -index e65c62e..aa2e5a2 100644 +index a7f9cba..b1f44d0 100644 --- a/include/scsi/scsi_device.h +++ b/include/scsi/scsi_device.h -@@ -170,9 +170,9 @@ struct scsi_device { +@@ -171,9 +171,9 @@ struct scsi_device { unsigned int max_device_blocked; /* what device_blocked counts down from */ #define SCSI_DEFAULT_DEVICE_BLOCKED 3 @@ -73372,7 +72220,7 @@ index b797e8f..8e2c3aa 100644 /** diff --git a/include/sound/soc.h b/include/sound/soc.h -index bc56738..a4be132 100644 +index a6a059c..2243336 100644 --- a/include/sound/soc.h +++ b/include/sound/soc.h @@ -771,7 +771,7 @@ struct snd_soc_codec_driver { @@ -73394,10 +72242,10 @@ index bc56738..a4be132 100644 struct snd_soc_platform { const char *name; diff --git a/include/target/target_core_base.h b/include/target/target_core_base.h -index 663e34a..91b306a 100644 +index c4af592..20c52d2 100644 --- a/include/target/target_core_base.h +++ b/include/target/target_core_base.h -@@ -654,7 +654,7 @@ struct se_device { +@@ -657,7 +657,7 @@ struct se_device { spinlock_t stats_lock; /* Active commands on this virtual SE device */ atomic_t simple_cmds; @@ -73577,7 +72425,7 @@ index d876736..ccce5c0 100644 #define __cpu_to_le64s(x) do { (void)(x); } while (0) #define __le64_to_cpus(x) do { (void)(x); } while (0) diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h -index 126a817..d522bd1 100644 +index 8072d35..e77aeb8 100644 --- a/include/uapi/linux/elf.h +++ b/include/uapi/linux/elf.h @@ -37,6 +37,17 @@ typedef __s64 Elf64_Sxword; @@ -73711,10 +72559,10 @@ index 6d67213..8dab561 100644 /* CTL_VM names: */ enum diff --git a/include/uapi/linux/xattr.h b/include/uapi/linux/xattr.h -index 26607bd..588b65f 100644 +index e4629b9..6958086 100644 --- a/include/uapi/linux/xattr.h +++ b/include/uapi/linux/xattr.h -@@ -60,5 +60,9 @@ +@@ -63,5 +63,9 @@ #define XATTR_POSIX_ACL_DEFAULT "posix_acl_default" #define XATTR_NAME_POSIX_ACL_DEFAULT XATTR_SYSTEM_PREFIX XATTR_POSIX_ACL_DEFAULT @@ -73744,10 +72592,10 @@ index f9466fa..f4e2b81 100644 #define NR_USB_REQUEST_I2C_SUB_IO 0x02 diff --git a/include/video/uvesafb.h b/include/video/uvesafb.h -index 0993a22..32ba2fe 100644 +index 1a91850..28573f8 100644 --- a/include/video/uvesafb.h +++ b/include/video/uvesafb.h -@@ -177,6 +177,7 @@ struct uvesafb_par { +@@ -122,6 +122,7 @@ struct uvesafb_par { u8 ypan; /* 0 - nothing, 1 - ypan, 2 - ywrap */ u8 pmi_setpal; /* PMI for palette changes */ u16 *pmi_base; /* protected mode interface location */ @@ -73756,10 +72604,10 @@ index 0993a22..32ba2fe 100644 void *pmi_pal; u8 *vbe_state_orig; /* diff --git a/init/Kconfig b/init/Kconfig -index be8b7f5..1eeca9b 100644 +index 5341d72..153f24f 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -990,6 +990,7 @@ endif # CGROUPS +@@ -984,6 +984,7 @@ endif # CGROUPS config CHECKPOINT_RESTORE bool "Checkpoint/restore support" if EXPERT @@ -73767,7 +72615,7 @@ index be8b7f5..1eeca9b 100644 default n help Enables additional kernel features in a sake of checkpoint/restore. -@@ -1468,7 +1469,7 @@ config SLUB_DEBUG +@@ -1471,7 +1472,7 @@ config SLUB_DEBUG config COMPAT_BRK bool "Disable heap randomization" @@ -73776,7 +72624,7 @@ index be8b7f5..1eeca9b 100644 help Randomizing heap placement makes heap exploits harder, but it also breaks ancient binaries (including anything libc5 based). -@@ -1711,7 +1712,7 @@ config INIT_ALL_POSSIBLE +@@ -1734,7 +1735,7 @@ config INIT_ALL_POSSIBLE config STOP_MACHINE bool default y @@ -73800,7 +72648,7 @@ index 7bc47ee..6da2dc7 100644 ifneq ($(CONFIG_BLK_DEV_INITRD),y) obj-y += noinitramfs.o diff --git a/init/do_mounts.c b/init/do_mounts.c -index 1d1b634..a1c810f 100644 +index a2b49f2..03a0e17c 100644 --- a/init/do_mounts.c +++ b/init/do_mounts.c @@ -355,11 +355,11 @@ static void __init get_fs_names(char *page) @@ -73881,7 +72729,7 @@ index f5b978a..69dbfe8 100644 if (!S_ISBLK(stat.st_mode)) return 0; diff --git a/init/do_mounts_initrd.c b/init/do_mounts_initrd.c -index f9acf71..1e19144 100644 +index a32ec1c..ac08811 100644 --- a/init/do_mounts_initrd.c +++ b/init/do_mounts_initrd.c @@ -58,8 +58,8 @@ static void __init handle_initrd(void) @@ -73893,9 +72741,9 @@ index f9acf71..1e19144 100644 + sys_mkdir((const char __force_user *)"/old", 0700); + sys_chdir((const char __force_user *)"/old"); - /* - * In case that a resume from disk is carried out by linuxrc or one of -@@ -73,31 +73,31 @@ static void __init handle_initrd(void) + /* try loading default modules from initrd */ + load_default_modules(); +@@ -76,31 +76,31 @@ static void __init handle_initrd(void) current->flags &= ~PF_FREEZER_SKIP; /* move initrd to rootfs' /old */ @@ -73934,7 +72782,7 @@ index f9acf71..1e19144 100644 printk(KERN_NOTICE "Trying to free ramdisk memory ... "); if (fd < 0) { error = fd; -@@ -120,11 +120,11 @@ int __init initrd_load(void) +@@ -123,11 +123,11 @@ int __init initrd_load(void) * mounted in the normal path. */ if (rd_load_image("/initrd.image") && ROOT_DEV != Root_RAM0) { @@ -73980,10 +72828,10 @@ index 8cb6db5..d729f50 100644 sys_ioctl(fd, RAID_AUTORUN, raid_autopart); sys_close(fd); diff --git a/init/init_task.c b/init/init_task.c -index 8b2f399..f0797c9 100644 +index ba0a7f36..2bcf1d5 100644 --- a/init/init_task.c +++ b/init/init_task.c -@@ -20,5 +20,9 @@ EXPORT_SYMBOL(init_task); +@@ -22,5 +22,9 @@ EXPORT_SYMBOL(init_task); * Initial thread structure. Alignment of this is handled by a special * linker map entry. */ @@ -73994,7 +72842,7 @@ index 8b2f399..f0797c9 100644 { INIT_THREAD_INFO(init_task) }; +#endif diff --git a/init/initramfs.c b/init/initramfs.c -index 84c6bf1..8899338 100644 +index a67ef9d..3d88592 100644 --- a/init/initramfs.c +++ b/init/initramfs.c @@ -84,7 +84,7 @@ static void __init free_hash(void) @@ -74106,10 +72954,10 @@ index 84c6bf1..8899338 100644 next_state = Reset; return 0; diff --git a/init/main.c b/init/main.c -index cee4b5c..360e10a 100644 +index 63534a1..8abcaf1 100644 --- a/init/main.c +++ b/init/main.c -@@ -96,6 +96,8 @@ static inline void mark_rodata_ro(void) { } +@@ -98,6 +98,8 @@ static inline void mark_rodata_ro(void) { } extern void tc_init(void); #endif @@ -74118,7 +72966,7 @@ index cee4b5c..360e10a 100644 /* * Debug helper: via this flag we know that we are in 'early bootup code' * where only the boot processor is running with IRQ disabled. This means -@@ -149,6 +151,61 @@ static int __init set_reset_devices(char *str) +@@ -151,6 +153,64 @@ static int __init set_reset_devices(char *str) __setup("reset_devices", set_reset_devices); @@ -74133,6 +72981,8 @@ index cee4b5c..360e10a 100644 +#endif + +#if defined(CONFIG_X86_64) && defined(CONFIG_PAX_MEMORY_UDEREF) ++unsigned long pax_user_shadow_base __read_only = 1UL << TASK_SIZE_MAX_SHIFT; ++EXPORT_SYMBOL(pax_user_shadow_base); +extern char pax_enter_kernel_user[]; +extern char pax_exit_kernel_user[]; +extern pgdval_t clone_pgd_mask; @@ -74159,6 +73009,7 @@ index cee4b5c..360e10a 100644 + memcpy(pax_enter_kernel_user, (unsigned char []){0xc3}, 1); + memcpy(pax_exit_kernel_user, (unsigned char []){0xc3}, 1); + clone_pgd_mask = ~(pgdval_t)0UL; ++ pax_user_shadow_base = 0UL; +#endif + + return 0; @@ -74180,7 +73031,7 @@ index cee4b5c..360e10a 100644 static const char * argv_init[MAX_INIT_ARGS+2] = { "init", NULL, }; const char * envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, }; static const char *panic_later, *panic_param; -@@ -681,6 +738,7 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -683,6 +743,7 @@ int __init_or_module do_one_initcall(initcall_t fn) { int count = preempt_count(); int ret; @@ -74188,7 +73039,7 @@ index cee4b5c..360e10a 100644 if (initcall_debug) ret = do_one_initcall_debug(fn); -@@ -693,15 +751,15 @@ int __init_or_module do_one_initcall(initcall_t fn) +@@ -695,15 +756,15 @@ int __init_or_module do_one_initcall(initcall_t fn) sprintf(msgbuf, "error code %d ", ret); if (preempt_count() != count) { @@ -74208,7 +73059,7 @@ index cee4b5c..360e10a 100644 } return ret; -@@ -755,8 +813,14 @@ static void __init do_initcall_level(int level) +@@ -757,8 +818,14 @@ static void __init do_initcall_level(int level) level, level, &repair_env_string); @@ -74224,7 +73075,7 @@ index cee4b5c..360e10a 100644 } static void __init do_initcalls(void) -@@ -790,8 +854,14 @@ static void __init do_pre_smp_initcalls(void) +@@ -792,8 +859,14 @@ static void __init do_pre_smp_initcalls(void) { initcall_t *fn; @@ -74239,8 +73090,8 @@ index cee4b5c..360e10a 100644 + } } - static int run_init_process(const char *init_filename) -@@ -877,7 +947,7 @@ static noinline void __init kernel_init_freeable(void) + /* +@@ -890,7 +963,7 @@ static noinline void __init kernel_init_freeable(void) do_basic_setup(); /* Open the /dev/console on the rootfs, this should never fail */ @@ -74249,7 +73100,7 @@ index cee4b5c..360e10a 100644 printk(KERN_WARNING "Warning: unable to open an initial console.\n"); (void) sys_dup(0); -@@ -890,11 +960,13 @@ static noinline void __init kernel_init_freeable(void) +@@ -903,11 +976,13 @@ static noinline void __init kernel_init_freeable(void) if (!ramdisk_execute_command) ramdisk_execute_command = "/init"; @@ -74327,7 +73178,7 @@ index 383d638..943fdbb 100644 mq_table.data = get_mq(table); diff --git a/ipc/mqueue.c b/ipc/mqueue.c -index f3f40dc..ffe5a3a 100644 +index e4e47f6..a85e0ad 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -278,6 +278,7 @@ static struct inode *mqueue_get_inode(struct super_block *sb, @@ -74400,7 +73251,7 @@ index 58d31f1..cce7a55 100644 sem_params.flg = semflg; sem_params.u.nsems = nsems; diff --git a/ipc/shm.c b/ipc/shm.c -index 9bab650..1ce68a5 100644 +index 34af1fe..85fc1aa 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -69,6 +69,14 @@ static void shm_destroy (struct ipc_namespace *ns, struct shmid_kernel *shp); @@ -74418,7 +73269,7 @@ index 9bab650..1ce68a5 100644 void shm_init_ns(struct ipc_namespace *ns) { ns->shm_ctlmax = SHMMAX; -@@ -521,6 +529,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) +@@ -525,6 +533,14 @@ static int newseg(struct ipc_namespace *ns, struct ipc_params *params) shp->shm_lprid = 0; shp->shm_atim = shp->shm_dtim = 0; shp->shm_ctim = get_seconds(); @@ -74433,7 +73284,7 @@ index 9bab650..1ce68a5 100644 shp->shm_segsz = size; shp->shm_nattch = 0; shp->shm_file = file; -@@ -572,18 +588,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp, +@@ -576,18 +592,19 @@ static inline int shm_more_checks(struct kern_ipc_perm *ipcp, return 0; } @@ -74458,7 +73309,7 @@ index 9bab650..1ce68a5 100644 shm_params.key = key; shm_params.flg = shmflg; shm_params.u.size = size; -@@ -1004,6 +1021,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, +@@ -1008,6 +1025,12 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, f_mode = FMODE_READ | FMODE_WRITE; } if (shmflg & SHM_EXEC) { @@ -74471,7 +73322,7 @@ index 9bab650..1ce68a5 100644 prot |= PROT_EXEC; acc_mode |= S_IXUGO; } -@@ -1027,9 +1050,21 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, +@@ -1031,9 +1054,21 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, if (err) goto out_unlock; @@ -74494,7 +73345,7 @@ index 9bab650..1ce68a5 100644 shm_unlock(shp); diff --git a/kernel/acct.c b/kernel/acct.c -index 051e071..15e0920 100644 +index b9bd7f0..1762b4a 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -550,7 +550,7 @@ static void do_acct_process(struct bsd_acct_struct *acct, @@ -74665,10 +73516,10 @@ index f6c2ce5..982c0f9 100644 + return ns_capable_nolog(ns, cap) && kuid_has_mapping(ns, inode->i_uid); +} diff --git a/kernel/cgroup.c b/kernel/cgroup.c -index cddf1d9..34e9721 100644 +index ba1f977..f840d9c 100644 --- a/kernel/cgroup.c +++ b/kernel/cgroup.c -@@ -5544,7 +5544,7 @@ static int cgroup_css_links_read(struct cgroup *cont, +@@ -5569,7 +5569,7 @@ static int cgroup_css_links_read(struct cgroup *cont, struct css_set *cg = link->cg; struct task_struct *task; int count = 0; @@ -74678,7 +73529,7 @@ index cddf1d9..34e9721 100644 if (count++ > MAX_TASKS_SHOWN_PER_CSS) { seq_puts(seq, " ...\n"); diff --git a/kernel/compat.c b/kernel/compat.c -index 36700e9..73d770c 100644 +index 19971d8..02fe2df 100644 --- a/kernel/compat.c +++ b/kernel/compat.c @@ -13,6 +13,7 @@ @@ -75002,10 +73853,10 @@ index e0573a4..3874e41 100644 /** diff --git a/kernel/debug/debug_core.c b/kernel/debug/debug_core.c -index 9a61738..c5c8f3a 100644 +index c26278f..e323fb8 100644 --- a/kernel/debug/debug_core.c +++ b/kernel/debug/debug_core.c -@@ -122,7 +122,7 @@ static DEFINE_RAW_SPINLOCK(dbg_slave_lock); +@@ -123,7 +123,7 @@ static DEFINE_RAW_SPINLOCK(dbg_slave_lock); */ static atomic_t masters_in_kgdb; static atomic_t slaves_in_kgdb; @@ -75014,7 +73865,7 @@ index 9a61738..c5c8f3a 100644 atomic_t kgdb_setting_breakpoint; struct task_struct *kgdb_usethread; -@@ -132,7 +132,7 @@ int kgdb_single_step; +@@ -133,7 +133,7 @@ int kgdb_single_step; static pid_t kgdb_sstep_pid; /* to keep track of the CPU which is doing the single stepping*/ @@ -75023,7 +73874,7 @@ index 9a61738..c5c8f3a 100644 /* * If you are debugging a problem where roundup (the collection of -@@ -540,7 +540,7 @@ return_normal: +@@ -541,7 +541,7 @@ return_normal: * kernel will only try for the value of sstep_tries before * giving up and continuing on. */ @@ -75032,7 +73883,7 @@ index 9a61738..c5c8f3a 100644 (kgdb_info[cpu].task && kgdb_info[cpu].task->pid != kgdb_sstep_pid) && --sstep_tries) { atomic_set(&kgdb_active, -1); -@@ -634,8 +634,8 @@ cpu_master_loop: +@@ -635,8 +635,8 @@ cpu_master_loop: } kgdb_restore: @@ -75043,7 +73894,7 @@ index 9a61738..c5c8f3a 100644 if (kgdb_info[sstep_cpu].task) kgdb_sstep_pid = kgdb_info[sstep_cpu].task->pid; else -@@ -887,18 +887,18 @@ static void kgdb_unregister_callbacks(void) +@@ -888,18 +888,18 @@ static void kgdb_unregister_callbacks(void) static void kgdb_tasklet_bpt(unsigned long ing) { kgdb_breakpoint(); @@ -75066,7 +73917,7 @@ index 9a61738..c5c8f3a 100644 } EXPORT_SYMBOL_GPL(kgdb_schedule_breakpoint); diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c -index 8875254..7cf4928 100644 +index 00eb8f7..d7e3244 100644 --- a/kernel/debug/kdb/kdb_main.c +++ b/kernel/debug/kdb/kdb_main.c @@ -1974,7 +1974,7 @@ static int kdb_lsmod(int argc, const char **argv) @@ -75088,10 +73939,23 @@ index 8875254..7cf4928 100644 #ifdef CONFIG_MODULE_UNLOAD { diff --git a/kernel/events/core.c b/kernel/events/core.c -index 0600d3b..742ab1b 100644 +index 9fcb094..5c06aeb 100644 --- a/kernel/events/core.c +++ b/kernel/events/core.c -@@ -182,7 +182,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write, +@@ -155,7 +155,11 @@ static struct srcu_struct pmus_srcu; + * 1 - disallow cpu events for unpriv + * 2 - disallow kernel profiling for unpriv + */ +-int sysctl_perf_event_paranoid __read_mostly = 1; ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++int sysctl_perf_event_legitimately_concerned __read_mostly = 2; ++#else ++int sysctl_perf_event_legitimately_concerned __read_mostly = 1; ++#endif + + /* Minimum for 512 kiB + 1 user control page */ + int sysctl_perf_event_mlock __read_mostly = 512 + (PAGE_SIZE / 1024); /* 'free' kiB per user */ +@@ -182,7 +186,7 @@ int perf_proc_update_handler(struct ctl_table *table, int write, return 0; } @@ -75100,7 +73964,7 @@ index 0600d3b..742ab1b 100644 static void cpu_ctx_sched_out(struct perf_cpu_context *cpuctx, enum event_type_t event_type); -@@ -2677,7 +2677,7 @@ static void __perf_event_read(void *info) +@@ -2677,7 +2681,7 @@ static void __perf_event_read(void *info) static inline u64 perf_event_count(struct perf_event *event) { @@ -75109,7 +73973,7 @@ index 0600d3b..742ab1b 100644 } static u64 perf_event_read(struct perf_event *event) -@@ -3007,9 +3007,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) +@@ -3007,9 +3011,9 @@ u64 perf_event_read_value(struct perf_event *event, u64 *enabled, u64 *running) mutex_lock(&event->child_mutex); total += perf_event_read(event); *enabled += event->total_time_enabled + @@ -75121,7 +73985,7 @@ index 0600d3b..742ab1b 100644 list_for_each_entry(child, &event->child_list, child_list) { total += perf_event_read(child); -@@ -3412,10 +3412,10 @@ void perf_event_update_userpage(struct perf_event *event) +@@ -3412,10 +3416,10 @@ void perf_event_update_userpage(struct perf_event *event) userpg->offset -= local64_read(&event->hw.prev_count); userpg->time_enabled = enabled + @@ -75134,7 +73998,7 @@ index 0600d3b..742ab1b 100644 arch_perf_update_userpage(userpg, now); -@@ -3974,11 +3974,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, +@@ -3974,11 +3978,11 @@ static void perf_output_read_one(struct perf_output_handle *handle, values[n++] = perf_event_count(event); if (read_format & PERF_FORMAT_TOTAL_TIME_ENABLED) { values[n++] = enabled + @@ -75148,7 +74012,7 @@ index 0600d3b..742ab1b 100644 } if (read_format & PERF_FORMAT_ID) values[n++] = primary_event_id(event); -@@ -4721,12 +4721,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) +@@ -4726,12 +4730,12 @@ static void perf_event_mmap_event(struct perf_mmap_event *mmap_event) * need to add enough zero bytes after the string to handle * the 64bit alignment we do later. */ @@ -75163,7 +74027,7 @@ index 0600d3b..742ab1b 100644 if (IS_ERR(name)) { name = strncpy(tmp, "//toolong", sizeof(tmp)); goto got_name; -@@ -6165,7 +6165,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, +@@ -6167,7 +6171,7 @@ perf_event_alloc(struct perf_event_attr *attr, int cpu, event->parent = parent_event; event->ns = get_pid_ns(task_active_pid_ns(current)); @@ -75172,7 +74036,7 @@ index 0600d3b..742ab1b 100644 event->state = PERF_EVENT_STATE_INACTIVE; -@@ -6790,10 +6790,10 @@ static void sync_child_event(struct perf_event *child_event, +@@ -6795,10 +6799,10 @@ static void sync_child_event(struct perf_event *child_event, /* * Add back the child's count to the parent's count: */ @@ -75187,10 +74051,10 @@ index 0600d3b..742ab1b 100644 /* diff --git a/kernel/exit.c b/kernel/exit.c -index b4df219..f13c02d 100644 +index 60bc027..ca6d727 100644 --- a/kernel/exit.c +++ b/kernel/exit.c -@@ -170,6 +170,10 @@ void release_task(struct task_struct * p) +@@ -172,6 +172,10 @@ void release_task(struct task_struct * p) struct task_struct *leader; int zap_leader; repeat: @@ -75201,7 +74065,7 @@ index b4df219..f13c02d 100644 /* don't need to get the RCU readlock here - the process is dead and * can't be modifying its own credentials. But shut RCU-lockdep up */ rcu_read_lock(); -@@ -338,7 +342,7 @@ int allow_signal(int sig) +@@ -340,7 +344,7 @@ int allow_signal(int sig) * know it'll be handled, so that they don't get converted to * SIGKILL or just silently dropped. */ @@ -75210,7 +74074,7 @@ index b4df219..f13c02d 100644 recalc_sigpending(); spin_unlock_irq(¤t->sighand->siglock); return 0; -@@ -708,6 +712,8 @@ void do_exit(long code) +@@ -710,6 +714,8 @@ void do_exit(long code) struct task_struct *tsk = current; int group_dead; @@ -75219,7 +74083,7 @@ index b4df219..f13c02d 100644 profile_task_exit(tsk); WARN_ON(blk_needs_flush_plug(tsk)); -@@ -724,7 +730,6 @@ void do_exit(long code) +@@ -726,7 +732,6 @@ void do_exit(long code) * mm_release()->clear_child_tid() from writing to a user-controlled * kernel address. */ @@ -75227,7 +74091,7 @@ index b4df219..f13c02d 100644 ptrace_event(PTRACE_EVENT_EXIT, code); -@@ -783,6 +788,9 @@ void do_exit(long code) +@@ -785,6 +790,9 @@ void do_exit(long code) tsk->exit_code = code; taskstats_exit(tsk, group_dead); @@ -75237,7 +74101,7 @@ index b4df219..f13c02d 100644 exit_mm(tsk); if (group_dead) -@@ -903,7 +911,7 @@ SYSCALL_DEFINE1(exit, int, error_code) +@@ -905,7 +913,7 @@ SYSCALL_DEFINE1(exit, int, error_code) * Take down every thread in the group. This is called by fatal signals * as well as by sys_exit_group (below). */ @@ -75247,7 +74111,7 @@ index b4df219..f13c02d 100644 { struct signal_struct *sig = current->signal; diff --git a/kernel/fork.c b/kernel/fork.c -index 5630e52..0cee608 100644 +index 1766d32..c0e44e2 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -318,7 +318,7 @@ static struct task_struct *dup_task_struct(struct task_struct *orig) @@ -75295,7 +74159,7 @@ index 5630e52..0cee608 100644 + tmp->vm_mirror = NULL; + file = tmp->vm_file; + if (file) { -+ struct inode *inode = file->f_path.dentry->d_inode; ++ struct inode *inode = file_inode(file); + struct address_space *mapping = file->f_mapping; + + get_file(file); @@ -75390,7 +74254,7 @@ index 5630e52..0cee608 100644 - tmp->vm_next = tmp->vm_prev = NULL; - file = tmp->vm_file; - if (file) { -- struct inode *inode = file->f_path.dentry->d_inode; +- struct inode *inode = file_inode(file); - struct address_space *mapping = file->f_mapping; - - get_file(file); @@ -75506,7 +74370,7 @@ index 5630e52..0cee608 100644 if (atomic_read(&p->real_cred->user->processes) >= task_rlimit(p, RLIMIT_NPROC)) { if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RESOURCE) && -@@ -1435,6 +1488,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1441,6 +1494,11 @@ static struct task_struct *copy_process(unsigned long clone_flags, goto bad_fork_free_pid; } @@ -75518,7 +74382,7 @@ index 5630e52..0cee608 100644 if (clone_flags & CLONE_THREAD) { current->signal->nr_threads++; atomic_inc(¤t->signal->live); -@@ -1518,6 +1576,8 @@ bad_fork_cleanup_count: +@@ -1524,6 +1582,8 @@ bad_fork_cleanup_count: bad_fork_free: free_task(p); fork_out: @@ -75527,7 +74391,7 @@ index 5630e52..0cee608 100644 return ERR_PTR(retval); } -@@ -1568,6 +1628,23 @@ long do_fork(unsigned long clone_flags, +@@ -1574,6 +1634,23 @@ long do_fork(unsigned long clone_flags, return -EINVAL; } @@ -75551,7 +74415,7 @@ index 5630e52..0cee608 100644 /* * Determine whether and which event to report to ptracer. When * called from kernel_thread or CLONE_UNTRACED is explicitly -@@ -1602,6 +1679,8 @@ long do_fork(unsigned long clone_flags, +@@ -1608,6 +1685,8 @@ long do_fork(unsigned long clone_flags, if (clone_flags & CLONE_PARENT_SETTID) put_user(nr, parent_tidptr); @@ -75560,7 +74424,7 @@ index 5630e52..0cee608 100644 if (clone_flags & CLONE_VFORK) { p->vfork_done = &vfork; init_completion(&vfork); -@@ -1755,7 +1834,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) +@@ -1761,7 +1840,7 @@ static int unshare_fs(unsigned long unshare_flags, struct fs_struct **new_fsp) return 0; /* don't need lock here; in the worst case we'll do useless copy */ @@ -75569,7 +74433,7 @@ index 5630e52..0cee608 100644 return 0; *new_fsp = copy_fs_struct(fs); -@@ -1869,7 +1948,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) +@@ -1873,7 +1952,8 @@ SYSCALL_DEFINE1(unshare, unsigned long, unshare_flags) fs = current->fs; spin_lock(&fs->lock); current->fs = new_fs; @@ -75580,7 +74444,7 @@ index 5630e52..0cee608 100644 else new_fs = fs; diff --git a/kernel/futex.c b/kernel/futex.c -index 8879430..31696f1 100644 +index b26dcfc..39e266a 100644 --- a/kernel/futex.c +++ b/kernel/futex.c @@ -54,6 +54,7 @@ @@ -75591,7 +74455,7 @@ index 8879430..31696f1 100644 #include <linux/signal.h> #include <linux/export.h> #include <linux/magic.h> -@@ -239,6 +240,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) +@@ -241,6 +242,11 @@ get_futex_key(u32 __user *uaddr, int fshared, union futex_key *key, int rw) struct page *page, *page_head; int err, ro = 0; @@ -75603,7 +74467,7 @@ index 8879430..31696f1 100644 /* * The futex address must be "naturally" aligned. */ -@@ -2731,6 +2737,7 @@ static int __init futex_init(void) +@@ -2732,6 +2738,7 @@ static int __init futex_init(void) { u32 curval; int i; @@ -75611,7 +74475,7 @@ index 8879430..31696f1 100644 /* * This will fail and we want it. Some arch implementations do -@@ -2742,8 +2749,11 @@ static int __init futex_init(void) +@@ -2743,8 +2750,11 @@ static int __init futex_init(void) * implementation, the non-functional ones will return * -ENOSYS. */ @@ -75624,10 +74488,10 @@ index 8879430..31696f1 100644 for (i = 0; i < ARRAY_SIZE(futex_queues); i++) { plist_head_init(&futex_queues[i].chain); diff --git a/kernel/futex_compat.c b/kernel/futex_compat.c -index a9642d5..51eb98c 100644 +index f9f44fd..29885e4 100644 --- a/kernel/futex_compat.c +++ b/kernel/futex_compat.c -@@ -31,7 +31,7 @@ fetch_robust_entry(compat_uptr_t *uentry, struct robust_list __user **entry, +@@ -32,7 +32,7 @@ fetch_robust_entry(compat_uptr_t *uentry, struct robust_list __user **entry, return 0; } @@ -75662,10 +74526,10 @@ index 9b22d03..6295b62 100644 prev->next = info->next; else diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index 60f7e32..76ccd96 100644 +index 7ef5556..8247f11 100644 --- a/kernel/hrtimer.c +++ b/kernel/hrtimer.c -@@ -1414,7 +1414,7 @@ void hrtimer_peek_ahead_timers(void) +@@ -1416,7 +1416,7 @@ void hrtimer_peek_ahead_timers(void) local_irq_restore(flags); } @@ -75674,7 +74538,7 @@ index 60f7e32..76ccd96 100644 { struct hrtimer_cpu_base *cpu_base = &__get_cpu_var(hrtimer_bases); -@@ -1756,7 +1756,7 @@ static int __cpuinit hrtimer_cpu_notify(struct notifier_block *self, +@@ -1758,7 +1758,7 @@ static int __cpuinit hrtimer_cpu_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -75683,6 +74547,27 @@ index 60f7e32..76ccd96 100644 .notifier_call = hrtimer_cpu_notify, }; +diff --git a/kernel/irq_work.c b/kernel/irq_work.c +index 55fcce6..0e4cf34 100644 +--- a/kernel/irq_work.c ++++ b/kernel/irq_work.c +@@ -189,12 +189,13 @@ static int irq_work_cpu_notify(struct notifier_block *self, + return NOTIFY_OK; + } + +-static struct notifier_block cpu_notify; ++static struct notifier_block cpu_notify = { ++ .notifier_call = irq_work_cpu_notify, ++ .priority = 0, ++}; + + static __init int irq_work_init_cpu_notifier(void) + { +- cpu_notify.notifier_call = irq_work_cpu_notify; +- cpu_notify.priority = 0; + register_cpu_notifier(&cpu_notify); + return 0; + } diff --git a/kernel/jump_label.c b/kernel/jump_label.c index 60f48fa..7f3a770 100644 --- a/kernel/jump_label.c @@ -75848,10 +74733,10 @@ index e30ac0f..3528cac 100644 /* diff --git a/kernel/kexec.c b/kernel/kexec.c -index 5e4bd78..00c5b91 100644 +index ffd4e11..c3ff6bf 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c -@@ -1045,7 +1045,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry, +@@ -1048,7 +1048,8 @@ asmlinkage long compat_sys_kexec_load(unsigned long entry, unsigned long flags) { struct compat_kexec_segment in; @@ -75862,10 +74747,10 @@ index 5e4bd78..00c5b91 100644 /* Don't allow clients that don't understand the native diff --git a/kernel/kmod.c b/kernel/kmod.c -index 0023a87..9c0c068 100644 +index 56dd349..336e1dc 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c -@@ -74,7 +74,7 @@ static void free_modprobe_argv(struct subprocess_info *info) +@@ -75,7 +75,7 @@ static void free_modprobe_argv(struct subprocess_info *info) kfree(info->argv); } @@ -75874,7 +74759,7 @@ index 0023a87..9c0c068 100644 { static char *envp[] = { "HOME=/", -@@ -83,7 +83,7 @@ static int call_modprobe(char *module_name, int wait) +@@ -84,7 +84,7 @@ static int call_modprobe(char *module_name, int wait) NULL }; @@ -75883,7 +74768,7 @@ index 0023a87..9c0c068 100644 if (!argv) goto out; -@@ -95,7 +95,8 @@ static int call_modprobe(char *module_name, int wait) +@@ -96,7 +96,8 @@ static int call_modprobe(char *module_name, int wait) argv[1] = "-q"; argv[2] = "--"; argv[3] = module_name; /* check free_modprobe_argv() */ @@ -75893,7 +74778,7 @@ index 0023a87..9c0c068 100644 return call_usermodehelper_fns(modprobe_path, argv, envp, wait | UMH_KILLABLE, NULL, free_modprobe_argv, NULL); -@@ -120,9 +121,8 @@ out: +@@ -121,9 +122,8 @@ out: * If module auto-loading support is disabled then this function * becomes a no-operation. */ @@ -75904,9 +74789,9 @@ index 0023a87..9c0c068 100644 char module_name[MODULE_NAME_LEN]; unsigned int max_modprobes; int ret; -@@ -130,9 +130,7 @@ int __request_module(bool wait, const char *fmt, ...) - #define MAX_KMOD_CONCURRENT 50 /* Completely arbitrary value - KAO */ - static int kmod_loop_msg; +@@ -139,9 +139,7 @@ int __request_module(bool wait, const char *fmt, ...) + */ + WARN_ON_ONCE(wait && current_is_async()); - va_start(args, fmt); - ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args); @@ -75915,7 +74800,7 @@ index 0023a87..9c0c068 100644 if (ret >= MODULE_NAME_LEN) return -ENAMETOOLONG; -@@ -140,6 +138,20 @@ int __request_module(bool wait, const char *fmt, ...) +@@ -149,6 +147,20 @@ int __request_module(bool wait, const char *fmt, ...) if (ret) return ret; @@ -75936,7 +74821,7 @@ index 0023a87..9c0c068 100644 /* If modprobe needs a service that is in a module, we get a recursive * loop. Limit the number of running kmod threads to max_threads/2 or * MAX_KMOD_CONCURRENT, whichever is the smaller. A cleaner method -@@ -168,11 +180,52 @@ int __request_module(bool wait, const char *fmt, ...) +@@ -177,11 +189,52 @@ int __request_module(bool wait, const char *fmt, ...) trace_module_request(module_name, wait, _RET_IP_); @@ -75990,7 +74875,7 @@ index 0023a87..9c0c068 100644 EXPORT_SYMBOL(__request_module); #endif /* CONFIG_MODULES */ -@@ -283,7 +336,7 @@ static int wait_for_helper(void *data) +@@ -292,7 +345,7 @@ static int wait_for_helper(void *data) * * Thus the __user pointer cast is valid here. */ @@ -75999,7 +74884,7 @@ index 0023a87..9c0c068 100644 /* * If ret is 0, either ____call_usermodehelper failed and the -@@ -635,7 +688,7 @@ EXPORT_SYMBOL(call_usermodehelper_fns); +@@ -644,7 +697,7 @@ EXPORT_SYMBOL(call_usermodehelper_fns); static int proc_cap_handler(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -76009,7 +74894,7 @@ index 0023a87..9c0c068 100644 kernel_cap_t new_cap; int err, i; diff --git a/kernel/kprobes.c b/kernel/kprobes.c -index 098f396..fe85ff1 100644 +index 3fed7f0..a3f95ed 100644 --- a/kernel/kprobes.c +++ b/kernel/kprobes.c @@ -185,7 +185,7 @@ static kprobe_opcode_t __kprobes *__get_insn_slot(struct kprobe_insn_cache *c) @@ -76030,7 +74915,7 @@ index 098f396..fe85ff1 100644 kfree(kip); } return 1; -@@ -2063,7 +2063,7 @@ static int __init init_kprobes(void) +@@ -2073,7 +2073,7 @@ static int __init init_kprobes(void) { int i, err = 0; unsigned long offset = 0, size = 0; @@ -76039,7 +74924,7 @@ index 098f396..fe85ff1 100644 const char *symbol_name; void *addr; struct kprobe_blackpoint *kb; -@@ -2148,11 +2148,11 @@ static void __kprobes report_probe(struct seq_file *pi, struct kprobe *p, +@@ -2158,11 +2158,11 @@ static void __kprobes report_probe(struct seq_file *pi, struct kprobe *p, kprobe_type = "k"; if (sym) @@ -76053,7 +74938,7 @@ index 098f396..fe85ff1 100644 p->addr, kprobe_type, p->addr); if (!pp) -@@ -2190,7 +2190,7 @@ static int __kprobes show_kprobe_addr(struct seq_file *pi, void *v) +@@ -2199,7 +2199,7 @@ static int __kprobes show_kprobe_addr(struct seq_file *pi, void *v) const char *sym = NULL; unsigned int i = *(loff_t *) v; unsigned long offset = 0; @@ -76085,7 +74970,7 @@ index 6ada93c..dce7d5d 100644 .name = "notes", .mode = S_IRUGO, diff --git a/kernel/lockdep.c b/kernel/lockdep.c -index 7981e5b..7f2105c 100644 +index 8a0efac..56f1e2d 100644 --- a/kernel/lockdep.c +++ b/kernel/lockdep.c @@ -590,6 +590,10 @@ static int static_obj(void *obj) @@ -76166,7 +75051,7 @@ index b2c71c5..7b88d63 100644 seq_printf(m, "%40s %14lu %29s %pS\n", name, stats->contending_point[i], diff --git a/kernel/module.c b/kernel/module.c -index eab0827..f488603 100644 +index 0925c9a..6b044ac 100644 --- a/kernel/module.c +++ b/kernel/module.c @@ -61,6 +61,7 @@ @@ -76187,7 +75072,7 @@ index eab0827..f488603 100644 int register_module_notifier(struct notifier_block * nb) { -@@ -322,7 +324,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, +@@ -323,7 +325,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, return true; list_for_each_entry_rcu(mod, &modules, list) { @@ -76196,7 +75081,7 @@ index eab0827..f488603 100644 { mod->syms, mod->syms + mod->num_syms, mod->crcs, NOT_GPL_ONLY, false }, { mod->gpl_syms, mod->gpl_syms + mod->num_gpl_syms, -@@ -347,7 +349,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, +@@ -348,7 +350,7 @@ bool each_symbol_section(bool (*fn)(const struct symsearch *arr, if (mod->state == MODULE_STATE_UNFORMED) continue; @@ -76205,7 +75090,7 @@ index eab0827..f488603 100644 return true; } return false; -@@ -484,7 +486,7 @@ static inline void __percpu *mod_percpu(struct module *mod) +@@ -485,7 +487,7 @@ static inline void __percpu *mod_percpu(struct module *mod) static int percpu_modalloc(struct module *mod, unsigned long size, unsigned long align) { @@ -76214,7 +75099,7 @@ index eab0827..f488603 100644 printk(KERN_WARNING "%s: per-cpu alignment %li > %li\n", mod->name, align, PAGE_SIZE); align = PAGE_SIZE; -@@ -1088,7 +1090,7 @@ struct module_attribute module_uevent = +@@ -1089,7 +1091,7 @@ struct module_attribute module_uevent = static ssize_t show_coresize(struct module_attribute *mattr, struct module_kobject *mk, char *buffer) { @@ -76223,7 +75108,7 @@ index eab0827..f488603 100644 } static struct module_attribute modinfo_coresize = -@@ -1097,7 +1099,7 @@ static struct module_attribute modinfo_coresize = +@@ -1098,7 +1100,7 @@ static struct module_attribute modinfo_coresize = static ssize_t show_initsize(struct module_attribute *mattr, struct module_kobject *mk, char *buffer) { @@ -76232,7 +75117,7 @@ index eab0827..f488603 100644 } static struct module_attribute modinfo_initsize = -@@ -1311,7 +1313,7 @@ resolve_symbol_wait(struct module *mod, +@@ -1312,7 +1314,7 @@ resolve_symbol_wait(struct module *mod, */ #ifdef CONFIG_SYSFS @@ -76241,7 +75126,7 @@ index eab0827..f488603 100644 static inline bool sect_empty(const Elf_Shdr *sect) { return !(sect->sh_flags & SHF_ALLOC) || sect->sh_size == 0; -@@ -1451,7 +1453,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info) +@@ -1452,7 +1454,7 @@ static void add_notes_attrs(struct module *mod, const struct load_info *info) { unsigned int notes, loaded, i; struct module_notes_attrs *notes_attrs; @@ -76250,7 +75135,7 @@ index eab0827..f488603 100644 /* failed to create section attributes, so can't create notes */ if (!mod->sect_attrs) -@@ -1563,7 +1565,7 @@ static void del_usage_links(struct module *mod) +@@ -1564,7 +1566,7 @@ static void del_usage_links(struct module *mod) static int module_add_modinfo_attrs(struct module *mod) { struct module_attribute *attr; @@ -76259,7 +75144,7 @@ index eab0827..f488603 100644 int error = 0; int i; -@@ -1777,21 +1779,21 @@ static void set_section_ro_nx(void *base, +@@ -1778,21 +1780,21 @@ static void set_section_ro_nx(void *base, static void unset_module_core_ro_nx(struct module *mod) { @@ -76289,7 +75174,7 @@ index eab0827..f488603 100644 set_memory_rw); } -@@ -1804,14 +1806,14 @@ void set_all_modules_text_rw(void) +@@ -1805,14 +1807,14 @@ void set_all_modules_text_rw(void) list_for_each_entry_rcu(mod, &modules, list) { if (mod->state == MODULE_STATE_UNFORMED) continue; @@ -76310,7 +75195,7 @@ index eab0827..f488603 100644 set_memory_rw); } } -@@ -1827,14 +1829,14 @@ void set_all_modules_text_ro(void) +@@ -1828,14 +1830,14 @@ void set_all_modules_text_ro(void) list_for_each_entry_rcu(mod, &modules, list) { if (mod->state == MODULE_STATE_UNFORMED) continue; @@ -76331,7 +75216,7 @@ index eab0827..f488603 100644 set_memory_ro); } } -@@ -1880,16 +1882,19 @@ static void free_module(struct module *mod) +@@ -1881,16 +1883,19 @@ static void free_module(struct module *mod) /* This may be NULL, but that's OK */ unset_module_init_ro_nx(mod); @@ -76354,7 +75239,7 @@ index eab0827..f488603 100644 #ifdef CONFIG_MPU update_protections(current->mm); -@@ -1959,9 +1964,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1960,9 +1965,31 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) int ret = 0; const struct kernel_symbol *ksym; @@ -76386,7 +75271,7 @@ index eab0827..f488603 100644 switch (sym[i].st_shndx) { case SHN_COMMON: /* We compiled with -fno-common. These are not -@@ -1982,7 +2009,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -1983,7 +2010,9 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) ksym = resolve_symbol_wait(mod, info, name); /* Ok if resolved. */ if (ksym && !IS_ERR(ksym)) { @@ -76396,7 +75281,7 @@ index eab0827..f488603 100644 break; } -@@ -2001,11 +2030,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) +@@ -2002,11 +2031,20 @@ static int simplify_symbols(struct module *mod, const struct load_info *info) secbase = (unsigned long)mod_percpu(mod); else secbase = info->sechdrs[sym[i].st_shndx].sh_addr; @@ -76417,7 +75302,7 @@ index eab0827..f488603 100644 return ret; } -@@ -2089,22 +2127,12 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2090,22 +2128,12 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || strstarts(sname, ".init")) continue; @@ -76444,7 +75329,7 @@ index eab0827..f488603 100644 } pr_debug("Init section allocation order:\n"); -@@ -2118,23 +2146,13 @@ static void layout_sections(struct module *mod, struct load_info *info) +@@ -2119,23 +2147,13 @@ static void layout_sections(struct module *mod, struct load_info *info) || s->sh_entsize != ~0UL || !strstarts(sname, ".init")) continue; @@ -76473,7 +75358,7 @@ index eab0827..f488603 100644 } } -@@ -2306,7 +2324,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2308,7 +2326,7 @@ static void layout_symtab(struct module *mod, struct load_info *info) /* Put symbol section at end of init part of module. */ symsect->sh_flags |= SHF_ALLOC; @@ -76482,7 +75367,7 @@ index eab0827..f488603 100644 info->index.sym) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + symsect->sh_name); -@@ -2323,13 +2341,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) +@@ -2325,13 +2343,13 @@ static void layout_symtab(struct module *mod, struct load_info *info) } /* Append room for core symbols at end of core part. */ @@ -76500,7 +75385,7 @@ index eab0827..f488603 100644 info->index.str) | INIT_OFFSET_MASK; pr_debug("\t%s\n", info->secstrings + strsect->sh_name); } -@@ -2347,12 +2365,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2349,12 +2367,14 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) /* Make sure we get permanent strtab: don't use info->strtab. */ mod->strtab = (void *)info->sechdrs[info->index.str].sh_addr; @@ -76517,7 +75402,7 @@ index eab0827..f488603 100644 src = mod->symtab; for (ndst = i = 0; i < mod->num_symtab; i++) { if (i == 0 || -@@ -2364,6 +2384,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) +@@ -2366,6 +2386,8 @@ static void add_kallsyms(struct module *mod, const struct load_info *info) } } mod->core_num_syms = ndst; @@ -76526,7 +75411,7 @@ index eab0827..f488603 100644 } #else static inline void layout_symtab(struct module *mod, struct load_info *info) -@@ -2397,17 +2419,33 @@ void * __weak module_alloc(unsigned long size) +@@ -2399,17 +2421,33 @@ void * __weak module_alloc(unsigned long size) return vmalloc_exec(size); } @@ -76565,7 +75450,7 @@ index eab0827..f488603 100644 mutex_unlock(&module_mutex); } return ret; -@@ -2683,8 +2721,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) +@@ -2685,8 +2723,14 @@ static struct module *setup_load_info(struct load_info *info, int flags) static int check_modinfo(struct module *mod, struct load_info *info, int flags) { const char *modmagic = get_modinfo(info, "vermagic"); @@ -76580,7 +75465,7 @@ index eab0827..f488603 100644 if (flags & MODULE_INIT_IGNORE_VERMAGIC) modmagic = NULL; -@@ -2710,7 +2754,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) +@@ -2712,7 +2756,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags) } /* Set up license info based on the info section */ @@ -76589,7 +75474,7 @@ index eab0827..f488603 100644 return 0; } -@@ -2804,7 +2848,7 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2806,7 +2850,7 @@ static int move_module(struct module *mod, struct load_info *info) void *ptr; /* Do the allocs. */ @@ -76598,7 +75483,7 @@ index eab0827..f488603 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. Just mark it as not being a -@@ -2814,11 +2858,11 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2816,11 +2860,11 @@ static int move_module(struct module *mod, struct load_info *info) if (!ptr) return -ENOMEM; @@ -76614,7 +75499,7 @@ index eab0827..f488603 100644 /* * The pointer to this block is stored in the module structure * which is inside the block. This block doesn't need to be -@@ -2827,13 +2871,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2829,13 +2873,45 @@ static int move_module(struct module *mod, struct load_info *info) */ kmemleak_ignore(ptr); if (!ptr) { @@ -76664,7 +75549,7 @@ index eab0827..f488603 100644 /* Transfer each section which specifies SHF_ALLOC */ pr_debug("final section addresses:\n"); -@@ -2844,16 +2920,45 @@ static int move_module(struct module *mod, struct load_info *info) +@@ -2846,16 +2922,45 @@ static int move_module(struct module *mod, struct load_info *info) if (!(shdr->sh_flags & SHF_ALLOC)) continue; @@ -76717,7 +75602,7 @@ index eab0827..f488603 100644 pr_debug("\t0x%lx %s\n", (long)shdr->sh_addr, info->secstrings + shdr->sh_name); } -@@ -2908,12 +3013,12 @@ static void flush_module_icache(const struct module *mod) +@@ -2912,12 +3017,12 @@ static void flush_module_icache(const struct module *mod) * Do it before processing of module parameters, so the module * can provide parameter accessor functions of its own. */ @@ -76736,7 +75621,7 @@ index eab0827..f488603 100644 set_fs(old_fs); } -@@ -2983,8 +3088,10 @@ out: +@@ -2987,8 +3092,10 @@ out: static void module_deallocate(struct module *mod, struct load_info *info) { percpu_modfree(mod); @@ -76749,7 +75634,7 @@ index eab0827..f488603 100644 } int __weak module_finalize(const Elf_Ehdr *hdr, -@@ -2997,7 +3104,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, +@@ -3001,7 +3108,9 @@ int __weak module_finalize(const Elf_Ehdr *hdr, static int post_relocation(struct module *mod, const struct load_info *info) { /* Sort exception table now relocations are done. */ @@ -76759,7 +75644,7 @@ index eab0827..f488603 100644 /* Copy relocated percpu area over. */ percpu_modcopy(mod, (void *)info->sechdrs[info->index.pcpu].sh_addr, -@@ -3051,16 +3160,16 @@ static int do_init_module(struct module *mod) +@@ -3055,16 +3164,16 @@ static int do_init_module(struct module *mod) MODULE_STATE_COMING, mod); /* Set RO and NX regions for core */ @@ -76784,7 +75669,7 @@ index eab0827..f488603 100644 do_mod_ctors(mod); /* Start the module */ -@@ -3122,11 +3231,12 @@ static int do_init_module(struct module *mod) +@@ -3126,11 +3235,12 @@ static int do_init_module(struct module *mod) mod->strtab = mod->core_strtab; #endif unset_module_init_ro_nx(mod); @@ -76802,7 +75687,7 @@ index eab0827..f488603 100644 mutex_unlock(&module_mutex); wake_up_all(&module_wq); -@@ -3209,9 +3319,38 @@ again: +@@ -3257,9 +3367,38 @@ static int load_module(struct load_info *info, const char __user *uargs, if (err) goto free_unload; @@ -76841,7 +75726,7 @@ index eab0827..f488603 100644 /* Fix up syms, so that st_value is a pointer to location. */ err = simplify_symbols(mod, info); if (err < 0) -@@ -3227,13 +3366,6 @@ again: +@@ -3275,13 +3414,6 @@ static int load_module(struct load_info *info, const char __user *uargs, flush_module_icache(mod); @@ -76854,9 +75739,9 @@ index eab0827..f488603 100644 - dynamic_debug_setup(info->debug, info->num_debug); - mutex_lock(&module_mutex); -@@ -3278,11 +3410,10 @@ again: - mutex_unlock(&module_mutex); + /* Finally it's fully formed, ready to start executing. */ +@@ -3316,11 +3448,10 @@ static int load_module(struct load_info *info, const char __user *uargs, + ddebug_cleanup: dynamic_debug_remove(info->debug); synchronize_sched(); - kfree(mod->args); @@ -76868,7 +75753,7 @@ index eab0827..f488603 100644 free_unload: module_unload_free(mod); unlink_mod: -@@ -3365,10 +3496,16 @@ static const char *get_ksymbol(struct module *mod, +@@ -3403,10 +3534,16 @@ static const char *get_ksymbol(struct module *mod, unsigned long nextval; /* At worse, next value is at end of module */ @@ -76888,7 +75773,7 @@ index eab0827..f488603 100644 /* Scan for closest preceding symbol, and next symbol. (ELF starts real symbols at 1). */ -@@ -3621,7 +3758,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3659,7 +3796,7 @@ static int m_show(struct seq_file *m, void *p) return 0; seq_printf(m, "%s %u", @@ -76897,7 +75782,7 @@ index eab0827..f488603 100644 print_unload_info(m, mod); /* Informative for users. */ -@@ -3630,7 +3767,7 @@ static int m_show(struct seq_file *m, void *p) +@@ -3668,7 +3805,7 @@ static int m_show(struct seq_file *m, void *p) mod->state == MODULE_STATE_COMING ? "Loading": "Live"); /* Used by oprofile and other similar tools. */ @@ -76906,7 +75791,7 @@ index eab0827..f488603 100644 /* Taints info */ if (mod->taints) -@@ -3666,7 +3803,17 @@ static const struct file_operations proc_modules_operations = { +@@ -3704,7 +3841,17 @@ static const struct file_operations proc_modules_operations = { static int __init proc_modules_init(void) { @@ -76924,7 +75809,7 @@ index eab0827..f488603 100644 return 0; } module_init(proc_modules_init); -@@ -3727,14 +3874,14 @@ struct module *__module_address(unsigned long addr) +@@ -3765,14 +3912,14 @@ struct module *__module_address(unsigned long addr) { struct module *mod; @@ -76942,7 +75827,7 @@ index eab0827..f488603 100644 return mod; } return NULL; -@@ -3769,11 +3916,20 @@ bool is_module_text_address(unsigned long addr) +@@ -3807,11 +3954,20 @@ bool is_module_text_address(unsigned long addr) */ struct module *__module_text_address(unsigned long addr) { @@ -77015,10 +75900,10 @@ index 0799fd3..d06ae3b 100644 extern void debug_mutex_init(struct mutex *lock, const char *name, struct lock_class_key *key); diff --git a/kernel/mutex.c b/kernel/mutex.c -index a307cc9..27fd2e9 100644 +index 52f2301..73f7528 100644 --- a/kernel/mutex.c +++ b/kernel/mutex.c -@@ -198,7 +198,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass, +@@ -199,7 +199,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass, spin_lock_mutex(&lock->wait_lock, flags); debug_mutex_lock_common(lock, &waiter); @@ -77027,7 +75912,7 @@ index a307cc9..27fd2e9 100644 /* add waiting tasks to the end of the waitqueue (FIFO): */ list_add_tail(&waiter.list, &lock->wait_list); -@@ -227,8 +227,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass, +@@ -228,8 +228,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass, * TASK_UNINTERRUPTIBLE case.) */ if (unlikely(signal_pending_state(state, task))) { @@ -77037,7 +75922,7 @@ index a307cc9..27fd2e9 100644 mutex_release(&lock->dep_map, 1, ip); spin_unlock_mutex(&lock->wait_lock, flags); -@@ -247,7 +246,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass, +@@ -248,7 +247,7 @@ __mutex_lock_common(struct mutex *lock, long state, unsigned int subclass, done: lock_acquired(&lock->dep_map, ip); /* got the lock - rejoice! */ @@ -77103,10 +75988,10 @@ index 2d5cc4c..d9ea600 100644 return -ENOENT; } diff --git a/kernel/panic.c b/kernel/panic.c -index e1b2822..5edc1d9 100644 +index 7c57cc9..28f1b3f 100644 --- a/kernel/panic.c +++ b/kernel/panic.c -@@ -410,7 +410,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, +@@ -403,7 +403,7 @@ static void warn_slowpath_common(const char *file, int line, void *caller, const char *board; printk(KERN_WARNING "------------[ cut here ]------------\n"); @@ -77115,7 +76000,7 @@ index e1b2822..5edc1d9 100644 board = dmi_get_system_info(DMI_PRODUCT_NAME); if (board) printk(KERN_WARNING "Hardware name: %s\n", board); -@@ -465,7 +465,8 @@ EXPORT_SYMBOL(warn_slowpath_null); +@@ -459,7 +459,8 @@ EXPORT_SYMBOL(warn_slowpath_null); */ void __stack_chk_fail(void) { @@ -77126,7 +76011,7 @@ index e1b2822..5edc1d9 100644 } EXPORT_SYMBOL(__stack_chk_fail); diff --git a/kernel/pid.c b/kernel/pid.c -index f2c6a68..4922d97 100644 +index 047dc62..418d74b 100644 --- a/kernel/pid.c +++ b/kernel/pid.c @@ -33,6 +33,7 @@ @@ -77146,7 +76031,7 @@ index f2c6a68..4922d97 100644 int pid_max_min = RESERVED_PIDS + 1; int pid_max_max = PID_MAX_LIMIT; -@@ -441,10 +442,18 @@ EXPORT_SYMBOL(pid_task); +@@ -440,10 +441,18 @@ EXPORT_SYMBOL(pid_task); */ struct task_struct *find_task_by_pid_ns(pid_t nr, struct pid_namespace *ns) { @@ -77166,7 +76051,7 @@ index f2c6a68..4922d97 100644 } struct task_struct *find_task_by_vpid(pid_t vnr) -@@ -452,6 +461,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr) +@@ -451,6 +460,14 @@ struct task_struct *find_task_by_vpid(pid_t vnr) return find_task_by_pid_ns(vnr, task_active_pid_ns(current)); } @@ -77195,10 +76080,10 @@ index bea15bd..789f3d0 100644 if (write && !ns_capable(pid_ns->user_ns, CAP_SYS_ADMIN)) return -EPERM; diff --git a/kernel/posix-cpu-timers.c b/kernel/posix-cpu-timers.c -index 942ca27..111e609 100644 +index 8fd709c..542bf4b 100644 --- a/kernel/posix-cpu-timers.c +++ b/kernel/posix-cpu-timers.c -@@ -1576,14 +1576,14 @@ struct k_clock clock_posix_cpu = { +@@ -1592,14 +1592,14 @@ struct k_clock clock_posix_cpu = { static __init int init_posix_cpu_timers(void) { @@ -77216,7 +76101,7 @@ index 942ca27..111e609 100644 .clock_get = thread_cpu_clock_get, .timer_create = thread_cpu_timer_create, diff --git a/kernel/posix-timers.c b/kernel/posix-timers.c -index e885be1..380fe76 100644 +index 6edbb2c..334f085 100644 --- a/kernel/posix-timers.c +++ b/kernel/posix-timers.c @@ -43,6 +43,7 @@ @@ -77299,7 +76184,7 @@ index e885be1..380fe76 100644 } static int common_timer_create(struct k_itimer *new_timer) -@@ -966,6 +967,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock, +@@ -964,6 +965,13 @@ SYSCALL_DEFINE2(clock_settime, const clockid_t, which_clock, if (copy_from_user(&new_tp, tp, sizeof (*tp))) return -EFAULT; @@ -77314,7 +76199,7 @@ index e885be1..380fe76 100644 } diff --git a/kernel/power/process.c b/kernel/power/process.c -index d5a258b..4271191 100644 +index 98088e0..aaf95c0 100644 --- a/kernel/power/process.c +++ b/kernel/power/process.c @@ -33,6 +33,7 @@ static int try_to_freeze_tasks(bool user_only) @@ -77357,10 +76242,10 @@ index d5a258b..4271191 100644 if (pm_wakeup_pending()) { diff --git a/kernel/printk.c b/kernel/printk.c -index 267ce78..2487112 100644 +index abbdd9e..f294251 100644 --- a/kernel/printk.c +++ b/kernel/printk.c -@@ -609,11 +609,17 @@ static unsigned int devkmsg_poll(struct file *file, poll_table *wait) +@@ -615,11 +615,17 @@ static unsigned int devkmsg_poll(struct file *file, poll_table *wait) return ret; } @@ -77378,7 +76263,7 @@ index 267ce78..2487112 100644 /* write-only does not need any file context */ if ((file->f_flags & O_ACCMODE) == O_WRONLY) return 0; -@@ -822,7 +828,7 @@ static int syslog_action_restricted(int type) +@@ -828,7 +834,7 @@ static int syslog_action_restricted(int type) if (dmesg_restrict) return 1; /* Unless restricted, we allow "read all" and "get buffer size" for everybody */ @@ -77387,7 +76272,7 @@ index 267ce78..2487112 100644 } static int check_syslog_permissions(int type, bool from_file) -@@ -834,6 +840,11 @@ static int check_syslog_permissions(int type, bool from_file) +@@ -840,6 +846,11 @@ static int check_syslog_permissions(int type, bool from_file) if (from_file && type != SYSLOG_ACTION_OPEN) return 0; @@ -77400,19 +76285,19 @@ index 267ce78..2487112 100644 if (capable(CAP_SYSLOG)) return 0; diff --git a/kernel/profile.c b/kernel/profile.c -index 1f39181..86093471 100644 +index dc3384e..0de5b49 100644 --- a/kernel/profile.c +++ b/kernel/profile.c -@@ -40,7 +40,7 @@ struct profile_hit { - /* Oprofile timer tick hook */ - static int (*timer_hook)(struct pt_regs *) __read_mostly; +@@ -37,7 +37,7 @@ struct profile_hit { + #define NR_PROFILE_HIT (PAGE_SIZE/sizeof(struct profile_hit)) + #define NR_PROFILE_GRP (NR_PROFILE_HIT/PROFILE_GRPSZ) -static atomic_t *prof_buffer; +static atomic_unchecked_t *prof_buffer; static unsigned long prof_len, prof_shift; int prof_on __read_mostly; -@@ -282,7 +282,7 @@ static void profile_flip_buffers(void) +@@ -260,7 +260,7 @@ static void profile_flip_buffers(void) hits[i].pc = 0; continue; } @@ -77421,7 +76306,7 @@ index 1f39181..86093471 100644 hits[i].hits = hits[i].pc = 0; } } -@@ -343,9 +343,9 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits) +@@ -321,9 +321,9 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits) * Add the current hit(s) and flush the write-queue out * to the global buffer: */ @@ -77433,7 +76318,7 @@ index 1f39181..86093471 100644 hits[i].pc = hits[i].hits = 0; } out: -@@ -420,7 +420,7 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits) +@@ -398,7 +398,7 @@ static void do_profile_hits(int type, void *__pc, unsigned int nr_hits) { unsigned long pc; pc = ((unsigned long)__pc - (unsigned long)_stext) >> prof_shift; @@ -77442,7 +76327,7 @@ index 1f39181..86093471 100644 } #endif /* !CONFIG_SMP */ -@@ -518,7 +518,7 @@ read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos) +@@ -494,7 +494,7 @@ read_profile(struct file *file, char __user *buf, size_t count, loff_t *ppos) return -EFAULT; buf++; p++; count--; read++; } @@ -77451,7 +76336,7 @@ index 1f39181..86093471 100644 if (copy_to_user(buf, (void *)pnt, count)) return -EFAULT; read += count; -@@ -549,7 +549,7 @@ static ssize_t write_profile(struct file *file, const char __user *buf, +@@ -525,7 +525,7 @@ static ssize_t write_profile(struct file *file, const char __user *buf, } #endif profile_discard_flip_buffers(); @@ -77461,7 +76346,7 @@ index 1f39181..86093471 100644 } diff --git a/kernel/ptrace.c b/kernel/ptrace.c -index 6cbeaae..cfe7ff0 100644 +index acbd284..00bb0c9 100644 --- a/kernel/ptrace.c +++ b/kernel/ptrace.c @@ -324,7 +324,7 @@ static int ptrace_attach(struct task_struct *task, long request, @@ -77482,7 +76367,7 @@ index 6cbeaae..cfe7ff0 100644 return -EFAULT; copied += retval; src += retval; -@@ -720,7 +720,7 @@ int ptrace_request(struct task_struct *child, long request, +@@ -726,7 +726,7 @@ int ptrace_request(struct task_struct *child, long request, bool seized = child->ptrace & PT_SEIZED; int ret = -EIO; siginfo_t siginfo, *si; @@ -77491,7 +76376,7 @@ index 6cbeaae..cfe7ff0 100644 unsigned long __user *datalp = datavp; unsigned long flags; -@@ -922,14 +922,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, +@@ -928,14 +928,21 @@ SYSCALL_DEFINE4(ptrace, long, request, long, pid, unsigned long, addr, goto out; } @@ -77514,7 +76399,7 @@ index 6cbeaae..cfe7ff0 100644 goto out_put_task_struct; } -@@ -957,7 +964,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, +@@ -963,7 +970,7 @@ int generic_ptrace_peekdata(struct task_struct *tsk, unsigned long addr, copied = access_process_vm(tsk, addr, &tmp, sizeof(tmp), 0); if (copied != sizeof(tmp)) return -EIO; @@ -77523,7 +76408,7 @@ index 6cbeaae..cfe7ff0 100644 } int generic_ptrace_pokedata(struct task_struct *tsk, unsigned long addr, -@@ -1051,7 +1058,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request, +@@ -1057,7 +1064,7 @@ int compat_ptrace_request(struct task_struct *child, compat_long_t request, } asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, @@ -77532,7 +76417,7 @@ index 6cbeaae..cfe7ff0 100644 { struct task_struct *child; long ret; -@@ -1067,14 +1074,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, +@@ -1073,14 +1080,21 @@ asmlinkage long compat_sys_ptrace(compat_long_t request, compat_long_t pid, goto out; } @@ -77555,8 +76440,25 @@ index 6cbeaae..cfe7ff0 100644 goto out_put_task_struct; } +diff --git a/kernel/rcupdate.c b/kernel/rcupdate.c +index 48ab703..07561d4 100644 +--- a/kernel/rcupdate.c ++++ b/kernel/rcupdate.c +@@ -439,10 +439,10 @@ int rcu_jiffies_till_stall_check(void) + * for CONFIG_RCU_CPU_STALL_TIMEOUT. + */ + if (till_stall_check < 3) { +- ACCESS_ONCE(rcu_cpu_stall_timeout) = 3; ++ ACCESS_ONCE_RW(rcu_cpu_stall_timeout) = 3; + till_stall_check = 3; + } else if (till_stall_check > 300) { +- ACCESS_ONCE(rcu_cpu_stall_timeout) = 300; ++ ACCESS_ONCE_RW(rcu_cpu_stall_timeout) = 300; + till_stall_check = 300; + } + return till_stall_check * HZ + RCU_STALL_DELAY_DELTA; diff --git a/kernel/rcutiny.c b/kernel/rcutiny.c -index e7dce58..ad0d7b7 100644 +index a0714a5..2ab5e34 100644 --- a/kernel/rcutiny.c +++ b/kernel/rcutiny.c @@ -46,7 +46,7 @@ @@ -77568,7 +76470,7 @@ index e7dce58..ad0d7b7 100644 static void __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu), struct rcu_ctrlblk *rcp); -@@ -310,7 +310,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp) +@@ -312,7 +312,7 @@ static void __rcu_process_callbacks(struct rcu_ctrlblk *rcp) rcu_is_callbacks_kthread())); } @@ -77578,10 +76480,10 @@ index e7dce58..ad0d7b7 100644 __rcu_process_callbacks(&rcu_sched_ctrlblk); __rcu_process_callbacks(&rcu_bh_ctrlblk); diff --git a/kernel/rcutiny_plugin.h b/kernel/rcutiny_plugin.h -index f85016a..91cb03b 100644 +index 8a23300..4255818 100644 --- a/kernel/rcutiny_plugin.h +++ b/kernel/rcutiny_plugin.h -@@ -896,7 +896,7 @@ static int rcu_kthread(void *arg) +@@ -945,7 +945,7 @@ static int rcu_kthread(void *arg) have_rcu_kthread_work = morework; local_irq_restore(flags); if (work) @@ -77591,10 +76493,10 @@ index f85016a..91cb03b 100644 } diff --git a/kernel/rcutorture.c b/kernel/rcutorture.c -index 31dea01..ad91ffb 100644 +index e1f3a8c..42c94a2 100644 --- a/kernel/rcutorture.c +++ b/kernel/rcutorture.c -@@ -163,12 +163,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_count) = +@@ -164,12 +164,12 @@ static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_count) = { 0 }; static DEFINE_PER_CPU(long [RCU_TORTURE_PIPE_LEN + 1], rcu_torture_batch) = { 0 }; @@ -77613,7 +76515,7 @@ index 31dea01..ad91ffb 100644 static long n_rcu_torture_barrier_error; static long n_rcu_torture_boost_ktrerror; static long n_rcu_torture_boost_rterror; -@@ -272,11 +272,11 @@ rcu_torture_alloc(void) +@@ -287,11 +287,11 @@ rcu_torture_alloc(void) spin_lock_bh(&rcu_torture_lock); if (list_empty(&rcu_torture_freelist)) { @@ -77627,7 +76529,7 @@ index 31dea01..ad91ffb 100644 p = rcu_torture_freelist.next; list_del_init(p); spin_unlock_bh(&rcu_torture_lock); -@@ -289,7 +289,7 @@ rcu_torture_alloc(void) +@@ -304,7 +304,7 @@ rcu_torture_alloc(void) static void rcu_torture_free(struct rcu_torture *p) { @@ -77636,7 +76538,7 @@ index 31dea01..ad91ffb 100644 spin_lock_bh(&rcu_torture_lock); list_add_tail(&p->rtort_free, &rcu_torture_freelist); spin_unlock_bh(&rcu_torture_lock); -@@ -409,7 +409,7 @@ rcu_torture_cb(struct rcu_head *p) +@@ -424,7 +424,7 @@ rcu_torture_cb(struct rcu_head *p) i = rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i = RCU_TORTURE_PIPE_LEN; @@ -77645,7 +76547,7 @@ index 31dea01..ad91ffb 100644 if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) { rp->rtort_mbtest = 0; rcu_torture_free(rp); -@@ -457,7 +457,7 @@ static void rcu_sync_torture_deferred_free(struct rcu_torture *p) +@@ -472,7 +472,7 @@ static void rcu_sync_torture_deferred_free(struct rcu_torture *p) i = rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i = RCU_TORTURE_PIPE_LEN; @@ -77654,7 +76556,7 @@ index 31dea01..ad91ffb 100644 if (++rp->rtort_pipe_count >= RCU_TORTURE_PIPE_LEN) { rp->rtort_mbtest = 0; list_del(&rp->rtort_free); -@@ -975,7 +975,7 @@ rcu_torture_writer(void *arg) +@@ -990,7 +990,7 @@ rcu_torture_writer(void *arg) i = old_rp->rtort_pipe_count; if (i > RCU_TORTURE_PIPE_LEN) i = RCU_TORTURE_PIPE_LEN; @@ -77663,25 +76565,25 @@ index 31dea01..ad91ffb 100644 old_rp->rtort_pipe_count++; cur_ops->deferred_free(old_rp); } -@@ -1060,7 +1060,7 @@ static void rcu_torture_timer(unsigned long unused) +@@ -1076,7 +1076,7 @@ static void rcu_torture_timer(unsigned long unused) + return; } - do_trace_rcu_torture_read(cur_ops->name, &p->rtort_rcu); if (p->rtort_mbtest == 0) - atomic_inc(&n_rcu_torture_mberror); + atomic_inc_unchecked(&n_rcu_torture_mberror); spin_lock(&rand_lock); cur_ops->read_delay(&rand); n_rcu_torture_timers++; -@@ -1124,7 +1124,7 @@ rcu_torture_reader(void *arg) +@@ -1146,7 +1146,7 @@ rcu_torture_reader(void *arg) + continue; } - do_trace_rcu_torture_read(cur_ops->name, &p->rtort_rcu); if (p->rtort_mbtest == 0) - atomic_inc(&n_rcu_torture_mberror); + atomic_inc_unchecked(&n_rcu_torture_mberror); cur_ops->read_delay(&rand); preempt_disable(); pipe_count = p->rtort_pipe_count; -@@ -1183,11 +1183,11 @@ rcu_torture_printk(char *page) +@@ -1209,11 +1209,11 @@ rcu_torture_printk(char *page) rcu_torture_current, rcu_torture_current_version, list_empty(&rcu_torture_freelist), @@ -77697,7 +76599,7 @@ index 31dea01..ad91ffb 100644 n_rcu_torture_boost_ktrerror, n_rcu_torture_boost_rterror); cnt += sprintf(&page[cnt], "rtbf: %ld rtb: %ld nt: %ld ", -@@ -1206,14 +1206,14 @@ rcu_torture_printk(char *page) +@@ -1232,14 +1232,14 @@ rcu_torture_printk(char *page) n_barrier_attempts, n_rcu_torture_barrier_error); cnt += sprintf(&page[cnt], "\n%s%s ", torture_type, TORTURE_FLAG); @@ -77714,7 +76616,7 @@ index 31dea01..ad91ffb 100644 WARN_ON_ONCE(1); } cnt += sprintf(&page[cnt], "Reader Pipe: "); -@@ -1227,7 +1227,7 @@ rcu_torture_printk(char *page) +@@ -1253,7 +1253,7 @@ rcu_torture_printk(char *page) cnt += sprintf(&page[cnt], "Free-Block Circulation: "); for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { cnt += sprintf(&page[cnt], " %d", @@ -77723,7 +76625,7 @@ index 31dea01..ad91ffb 100644 } cnt += sprintf(&page[cnt], "\n"); if (cur_ops->stats) -@@ -1920,7 +1920,7 @@ rcu_torture_cleanup(void) +@@ -1962,7 +1962,7 @@ rcu_torture_cleanup(void) rcu_torture_stats_print(); /* -After- the stats thread is stopped! */ @@ -77732,7 +76634,7 @@ index 31dea01..ad91ffb 100644 rcu_torture_print_module_parms(cur_ops, "End of test: FAILURE"); else if (n_online_successes != n_online_attempts || n_offline_successes != n_offline_attempts) -@@ -1989,18 +1989,18 @@ rcu_torture_init(void) +@@ -2031,18 +2031,18 @@ rcu_torture_init(void) rcu_torture_current = NULL; rcu_torture_current_version = 0; @@ -77758,10 +76660,10 @@ index 31dea01..ad91ffb 100644 for (i = 0; i < RCU_TORTURE_PIPE_LEN + 1; i++) { per_cpu(rcu_torture_count, cpu)[i] = 0; diff --git a/kernel/rcutree.c b/kernel/rcutree.c -index e441b77..dd54f17 100644 +index 5b8ad82..17274d1 100644 --- a/kernel/rcutree.c +++ b/kernel/rcutree.c -@@ -349,9 +349,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval, +@@ -353,9 +353,9 @@ static void rcu_eqs_enter_common(struct rcu_dynticks *rdtp, long long oldval, rcu_prepare_for_idle(smp_processor_id()); /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */ smp_mb__before_atomic_inc(); /* See above. */ @@ -77773,7 +76675,7 @@ index e441b77..dd54f17 100644 /* * It is illegal to enter an extended quiescent state while -@@ -487,10 +487,10 @@ static void rcu_eqs_exit_common(struct rcu_dynticks *rdtp, long long oldval, +@@ -491,10 +491,10 @@ static void rcu_eqs_exit_common(struct rcu_dynticks *rdtp, long long oldval, int user) { smp_mb__before_atomic_inc(); /* Force ordering w/previous sojourn. */ @@ -77786,7 +76688,7 @@ index e441b77..dd54f17 100644 rcu_cleanup_after_idle(smp_processor_id()); trace_rcu_dyntick("End", oldval, rdtp->dynticks_nesting); if (!user && !is_idle_task(current)) { -@@ -629,14 +629,14 @@ void rcu_nmi_enter(void) +@@ -633,14 +633,14 @@ void rcu_nmi_enter(void) struct rcu_dynticks *rdtp = &__get_cpu_var(rcu_dynticks); if (rdtp->dynticks_nmi_nesting == 0 && @@ -77804,7 +76706,7 @@ index e441b77..dd54f17 100644 } /** -@@ -655,9 +655,9 @@ void rcu_nmi_exit(void) +@@ -659,9 +659,9 @@ void rcu_nmi_exit(void) return; /* CPUs seeing atomic_inc() must see prior RCU read-side crit sects */ smp_mb__before_atomic_inc(); /* See above. */ @@ -77816,7 +76718,7 @@ index e441b77..dd54f17 100644 } /** -@@ -671,7 +671,7 @@ int rcu_is_cpu_idle(void) +@@ -675,7 +675,7 @@ int rcu_is_cpu_idle(void) int ret; preempt_disable(); @@ -77825,7 +76727,7 @@ index e441b77..dd54f17 100644 preempt_enable(); return ret; } -@@ -739,7 +739,7 @@ int rcu_is_cpu_rrupt_from_idle(void) +@@ -743,7 +743,7 @@ static int rcu_is_cpu_rrupt_from_idle(void) */ static int dyntick_save_progress_counter(struct rcu_data *rdp) { @@ -77834,7 +76736,7 @@ index e441b77..dd54f17 100644 return (rdp->dynticks_snap & 0x1) == 0; } -@@ -754,7 +754,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp) +@@ -758,7 +758,7 @@ static int rcu_implicit_dynticks_qs(struct rcu_data *rdp) unsigned int curr; unsigned int snap; @@ -77843,20 +76745,7 @@ index e441b77..dd54f17 100644 snap = (unsigned int)rdp->dynticks_snap; /* -@@ -802,10 +802,10 @@ static int jiffies_till_stall_check(void) - * for CONFIG_RCU_CPU_STALL_TIMEOUT. - */ - if (till_stall_check < 3) { -- ACCESS_ONCE(rcu_cpu_stall_timeout) = 3; -+ ACCESS_ONCE_RW(rcu_cpu_stall_timeout) = 3; - till_stall_check = 3; - } else if (till_stall_check > 300) { -- ACCESS_ONCE(rcu_cpu_stall_timeout) = 300; -+ ACCESS_ONCE_RW(rcu_cpu_stall_timeout) = 300; - till_stall_check = 300; - } - return till_stall_check * HZ + RCU_STALL_DELAY_DELTA; -@@ -1592,7 +1592,7 @@ rcu_send_cbs_to_orphanage(int cpu, struct rcu_state *rsp, +@@ -1698,7 +1698,7 @@ rcu_send_cbs_to_orphanage(int cpu, struct rcu_state *rsp, rsp->qlen += rdp->qlen; rdp->n_cbs_orphaned += rdp->qlen; rdp->qlen_lazy = 0; @@ -77865,7 +76754,7 @@ index e441b77..dd54f17 100644 } /* -@@ -1838,7 +1838,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp) +@@ -1944,7 +1944,7 @@ static void rcu_do_batch(struct rcu_state *rsp, struct rcu_data *rdp) } smp_mb(); /* List handling before counting for rcu_barrier(). */ rdp->qlen_lazy -= count_lazy; @@ -77874,7 +76763,7 @@ index e441b77..dd54f17 100644 rdp->n_cbs_invoked += count; /* Reinstate batch limit if we have worked down the excess. */ -@@ -2031,7 +2031,7 @@ __rcu_process_callbacks(struct rcu_state *rsp) +@@ -2137,7 +2137,7 @@ __rcu_process_callbacks(struct rcu_state *rsp) /* * Do RCU core processing for the current CPU. */ @@ -77883,7 +76772,7 @@ index e441b77..dd54f17 100644 { struct rcu_state *rsp; -@@ -2154,7 +2154,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu), +@@ -2260,7 +2260,7 @@ __call_rcu(struct rcu_head *head, void (*func)(struct rcu_head *rcu), local_irq_restore(flags); return; } @@ -77892,7 +76781,7 @@ index e441b77..dd54f17 100644 if (lazy) rdp->qlen_lazy++; else -@@ -2363,11 +2363,11 @@ void synchronize_sched_expedited(void) +@@ -2469,11 +2469,11 @@ void synchronize_sched_expedited(void) * counter wrap on a 32-bit system. Quite a few more CPUs would of * course be required on a 64-bit system. */ @@ -77906,7 +76795,7 @@ index e441b77..dd54f17 100644 return; } -@@ -2375,7 +2375,7 @@ void synchronize_sched_expedited(void) +@@ -2481,7 +2481,7 @@ void synchronize_sched_expedited(void) * Take a ticket. Note that atomic_inc_return() implies a * full memory barrier. */ @@ -77915,7 +76804,7 @@ index e441b77..dd54f17 100644 firstsnap = snap; get_online_cpus(); WARN_ON_ONCE(cpu_is_offline(raw_smp_processor_id())); -@@ -2388,14 +2388,14 @@ void synchronize_sched_expedited(void) +@@ -2494,14 +2494,14 @@ void synchronize_sched_expedited(void) synchronize_sched_expedited_cpu_stop, NULL) == -EAGAIN) { put_online_cpus(); @@ -77932,7 +76821,7 @@ index e441b77..dd54f17 100644 return; } -@@ -2404,7 +2404,7 @@ void synchronize_sched_expedited(void) +@@ -2510,7 +2510,7 @@ void synchronize_sched_expedited(void) udelay(trycount * num_online_cpus()); } else { wait_rcu_gp(call_rcu_sched); @@ -77941,7 +76830,7 @@ index e441b77..dd54f17 100644 return; } -@@ -2413,7 +2413,7 @@ void synchronize_sched_expedited(void) +@@ -2519,7 +2519,7 @@ void synchronize_sched_expedited(void) if (ULONG_CMP_GE((ulong)s, (ulong)firstsnap)) { /* ensure test happens before caller kfree */ smp_mb__before_atomic_inc(); /* ^^^ */ @@ -77950,7 +76839,7 @@ index e441b77..dd54f17 100644 return; } -@@ -2425,10 +2425,10 @@ void synchronize_sched_expedited(void) +@@ -2531,10 +2531,10 @@ void synchronize_sched_expedited(void) * period works for us. */ get_online_cpus(); @@ -77963,7 +76852,7 @@ index e441b77..dd54f17 100644 /* * Everyone up to our most recent fetch is covered by our grace -@@ -2437,16 +2437,16 @@ void synchronize_sched_expedited(void) +@@ -2543,16 +2543,16 @@ void synchronize_sched_expedited(void) * than we did already did their update. */ do { @@ -77983,7 +76872,7 @@ index e441b77..dd54f17 100644 put_online_cpus(); } -@@ -2620,7 +2620,7 @@ static void _rcu_barrier(struct rcu_state *rsp) +@@ -2726,7 +2726,7 @@ static void _rcu_barrier(struct rcu_state *rsp) * ACCESS_ONCE() to prevent the compiler from speculating * the increment to precede the early-exit check. */ @@ -77992,7 +76881,7 @@ index e441b77..dd54f17 100644 WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 1); _rcu_barrier_trace(rsp, "Inc1", -1, rsp->n_barrier_done); smp_mb(); /* Order ->n_barrier_done increment with below mechanism. */ -@@ -2670,7 +2670,7 @@ static void _rcu_barrier(struct rcu_state *rsp) +@@ -2776,7 +2776,7 @@ static void _rcu_barrier(struct rcu_state *rsp) /* Increment ->n_barrier_done to prevent duplicate work. */ smp_mb(); /* Keep increment after above mechanism. */ @@ -78001,7 +76890,7 @@ index e441b77..dd54f17 100644 WARN_ON_ONCE((rsp->n_barrier_done & 0x1) != 0); _rcu_barrier_trace(rsp, "Inc2", -1, rsp->n_barrier_done); smp_mb(); /* Keep increment before caller's subsequent code. */ -@@ -2715,10 +2715,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp) +@@ -2821,10 +2821,10 @@ rcu_boot_init_percpu_data(int cpu, struct rcu_state *rsp) rdp->grpmask = 1UL << (cpu - rdp->mynode->grplo); init_callback_list(rdp); rdp->qlen_lazy = 0; @@ -78011,10 +76900,10 @@ index e441b77..dd54f17 100644 WARN_ON_ONCE(rdp->dynticks->dynticks_nesting != DYNTICK_TASK_EXIT_IDLE); - WARN_ON_ONCE(atomic_read(&rdp->dynticks->dynticks) != 1); + WARN_ON_ONCE(atomic_read_unchecked(&rdp->dynticks->dynticks) != 1); - #ifdef CONFIG_RCU_USER_QS - WARN_ON_ONCE(rdp->dynticks->in_user); - #endif -@@ -2754,8 +2754,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible) + rdp->cpu = cpu; + rdp->rsp = rsp; + rcu_boot_init_nocb_percpu_data(rdp); +@@ -2857,8 +2857,8 @@ rcu_init_percpu_data(int cpu, struct rcu_state *rsp, int preemptible) rdp->blimit = blimit; init_callback_list(rdp); /* Re-enable callbacks on this CPU. */ rdp->dynticks->dynticks_nesting = DYNTICK_TASK_EXIT_IDLE; @@ -78026,7 +76915,7 @@ index e441b77..dd54f17 100644 raw_spin_unlock(&rnp->lock); /* irqs remain disabled. */ diff --git a/kernel/rcutree.h b/kernel/rcutree.h -index 4b69291..704c92e 100644 +index c896b50..c357252 100644 --- a/kernel/rcutree.h +++ b/kernel/rcutree.h @@ -86,7 +86,7 @@ struct rcu_dynticks { @@ -78038,7 +76927,7 @@ index 4b69291..704c92e 100644 #ifdef CONFIG_RCU_FAST_NO_HZ int dyntick_drain; /* Prepare-for-idle state variable. */ unsigned long dyntick_holdoff; -@@ -423,17 +423,17 @@ struct rcu_state { +@@ -416,17 +416,17 @@ struct rcu_state { /* _rcu_barrier(). */ /* End of fields guarded by barrier_mutex. */ @@ -78208,10 +77097,10 @@ index 73f35d4..4684fc4 100644 } __initcall(ioresources_init); diff --git a/kernel/rtmutex-tester.c b/kernel/rtmutex-tester.c -index 98ec494..4241d6d 100644 +index 7890b10..8b68605f 100644 --- a/kernel/rtmutex-tester.c +++ b/kernel/rtmutex-tester.c -@@ -20,7 +20,7 @@ +@@ -21,7 +21,7 @@ #define MAX_RT_TEST_MUTEXES 8 static spinlock_t rttest_lock; @@ -78220,7 +77109,7 @@ index 98ec494..4241d6d 100644 struct test_thread_data { int opcode; -@@ -61,7 +61,7 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) +@@ -62,7 +62,7 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) case RTTEST_LOCKCONT: td->mutexes[td->opdata] = 1; @@ -78229,7 +77118,7 @@ index 98ec494..4241d6d 100644 return 0; case RTTEST_RESET: -@@ -74,7 +74,7 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) +@@ -75,7 +75,7 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) return 0; case RTTEST_RESETEVENT: @@ -78238,7 +77127,7 @@ index 98ec494..4241d6d 100644 return 0; default: -@@ -91,9 +91,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) +@@ -92,9 +92,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) return ret; td->mutexes[id] = 1; @@ -78250,7 +77139,7 @@ index 98ec494..4241d6d 100644 td->mutexes[id] = 4; return 0; -@@ -104,9 +104,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) +@@ -105,9 +105,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) return ret; td->mutexes[id] = 1; @@ -78262,7 +77151,7 @@ index 98ec494..4241d6d 100644 td->mutexes[id] = ret ? 0 : 4; return ret ? -EINTR : 0; -@@ -115,9 +115,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) +@@ -116,9 +116,9 @@ static int handle_op(struct test_thread_data *td, int lockwakeup) if (id < 0 || id >= MAX_RT_TEST_MUTEXES || td->mutexes[id] != 4) return ret; @@ -78274,7 +77163,7 @@ index 98ec494..4241d6d 100644 td->mutexes[id] = 0; return 0; -@@ -164,7 +164,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex) +@@ -165,7 +165,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex) break; td->mutexes[dat] = 2; @@ -78283,7 +77172,7 @@ index 98ec494..4241d6d 100644 break; default: -@@ -184,7 +184,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex) +@@ -185,7 +185,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex) return; td->mutexes[dat] = 3; @@ -78292,7 +77181,7 @@ index 98ec494..4241d6d 100644 break; case RTTEST_LOCKNOWAIT: -@@ -196,7 +196,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex) +@@ -197,7 +197,7 @@ void schedule_rt_mutex_test(struct rt_mutex *mutex) return; td->mutexes[dat] = 1; @@ -78302,7 +77191,7 @@ index 98ec494..4241d6d 100644 default: diff --git a/kernel/sched/auto_group.c b/kernel/sched/auto_group.c -index 0984a21..939f183 100644 +index 64de5f8..7735e12 100644 --- a/kernel/sched/auto_group.c +++ b/kernel/sched/auto_group.c @@ -11,7 +11,7 @@ @@ -78314,7 +77203,7 @@ index 0984a21..939f183 100644 void __init autogroup_init(struct task_struct *init_task) { -@@ -78,7 +78,7 @@ static inline struct autogroup *autogroup_create(void) +@@ -81,7 +81,7 @@ static inline struct autogroup *autogroup_create(void) kref_init(&ag->kref); init_rwsem(&ag->lock); @@ -78324,10 +77213,10 @@ index 0984a21..939f183 100644 #ifdef CONFIG_RT_GROUP_SCHED /* diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index 5e2f7c3..4002d41 100644 +index 67d0465..4cf9361 100644 --- a/kernel/sched/core.c +++ b/kernel/sched/core.c -@@ -3369,7 +3369,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible); +@@ -3406,7 +3406,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible); * The return value is -ERESTARTSYS if interrupted, 0 if timed out, * positive (at least 1, or number of jiffies left till timeout) if completed. */ @@ -78336,7 +77225,7 @@ index 5e2f7c3..4002d41 100644 wait_for_completion_interruptible_timeout(struct completion *x, unsigned long timeout) { -@@ -3386,7 +3386,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible_timeout); +@@ -3423,7 +3423,7 @@ EXPORT_SYMBOL(wait_for_completion_interruptible_timeout); * * The return value is -ERESTARTSYS if interrupted, 0 if completed. */ @@ -78345,7 +77234,7 @@ index 5e2f7c3..4002d41 100644 { long t = wait_for_common(x, MAX_SCHEDULE_TIMEOUT, TASK_KILLABLE); if (t == -ERESTARTSYS) -@@ -3407,7 +3407,7 @@ EXPORT_SYMBOL(wait_for_completion_killable); +@@ -3444,7 +3444,7 @@ EXPORT_SYMBOL(wait_for_completion_killable); * The return value is -ERESTARTSYS if interrupted, 0 if timed out, * positive (at least 1, or number of jiffies left till timeout) if completed. */ @@ -78354,7 +77243,7 @@ index 5e2f7c3..4002d41 100644 wait_for_completion_killable_timeout(struct completion *x, unsigned long timeout) { -@@ -3633,6 +3633,8 @@ int can_nice(const struct task_struct *p, const int nice) +@@ -3670,6 +3670,8 @@ int can_nice(const struct task_struct *p, const int nice) /* convert nice value [19,-20] to rlimit style value [1,40] */ int nice_rlim = 20 - nice; @@ -78363,7 +77252,7 @@ index 5e2f7c3..4002d41 100644 return (nice_rlim <= task_rlimit(p, RLIMIT_NICE) || capable(CAP_SYS_NICE)); } -@@ -3666,7 +3668,8 @@ SYSCALL_DEFINE1(nice, int, increment) +@@ -3703,7 +3705,8 @@ SYSCALL_DEFINE1(nice, int, increment) if (nice > 19) nice = 19; @@ -78373,7 +77262,7 @@ index 5e2f7c3..4002d41 100644 return -EPERM; retval = security_task_setnice(current, nice); -@@ -3820,6 +3823,7 @@ recheck: +@@ -3857,6 +3860,7 @@ recheck: unsigned long rlim_rtprio = task_rlimit(p, RLIMIT_RTPRIO); @@ -78381,7 +77270,7 @@ index 5e2f7c3..4002d41 100644 /* can't set/change the rt policy */ if (policy != p->policy && !rlim_rtprio) return -EPERM; -@@ -4903,7 +4907,7 @@ static void migrate_tasks(unsigned int dead_cpu) +@@ -4954,7 +4958,7 @@ static void migrate_tasks(unsigned int dead_cpu) #if defined(CONFIG_SCHED_DEBUG) && defined(CONFIG_SYSCTL) @@ -78390,7 +77279,7 @@ index 5e2f7c3..4002d41 100644 { .procname = "sched_domain", .mode = 0555, -@@ -4920,17 +4924,17 @@ static struct ctl_table sd_ctl_root[] = { +@@ -4971,17 +4975,17 @@ static struct ctl_table sd_ctl_root[] = { {} }; @@ -78412,7 +77301,7 @@ index 5e2f7c3..4002d41 100644 /* * In the intermediate directories, both the child directory and -@@ -4938,22 +4942,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) +@@ -4989,22 +4993,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) * will always be set. In the lowest directory the names are * static strings and all have proc handlers. */ @@ -78444,7 +77333,7 @@ index 5e2f7c3..4002d41 100644 const char *procname, void *data, int maxlen, umode_t mode, proc_handler *proc_handler, bool load_idx) -@@ -4973,7 +4980,7 @@ set_table_entry(struct ctl_table *entry, +@@ -5024,7 +5031,7 @@ set_table_entry(struct ctl_table *entry, static struct ctl_table * sd_alloc_ctl_domain_table(struct sched_domain *sd) { @@ -78453,7 +77342,7 @@ index 5e2f7c3..4002d41 100644 if (table == NULL) return NULL; -@@ -5008,9 +5015,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) +@@ -5059,9 +5066,9 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) return table; } @@ -78465,7 +77354,7 @@ index 5e2f7c3..4002d41 100644 struct sched_domain *sd; int domain_num = 0, i; char buf[32]; -@@ -5037,11 +5044,13 @@ static struct ctl_table_header *sd_sysctl_header; +@@ -5088,11 +5095,13 @@ static struct ctl_table_header *sd_sysctl_header; static void register_sched_domain_sysctl(void) { int i, cpu_num = num_possible_cpus(); @@ -78480,7 +77369,7 @@ index 5e2f7c3..4002d41 100644 if (entry == NULL) return; -@@ -5064,8 +5073,12 @@ static void unregister_sched_domain_sysctl(void) +@@ -5115,8 +5124,12 @@ static void unregister_sched_domain_sysctl(void) if (sd_sysctl_header) unregister_sysctl_table(sd_sysctl_header); sd_sysctl_header = NULL; @@ -78495,7 +77384,7 @@ index 5e2f7c3..4002d41 100644 } #else static void register_sched_domain_sysctl(void) -@@ -5164,7 +5177,7 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu) +@@ -5215,7 +5228,7 @@ migration_call(struct notifier_block *nfb, unsigned long action, void *hcpu) * happens before everything else. This has to be lower priority than * the notifier in the perf_event subsystem, though. */ @@ -78505,7 +77394,7 @@ index 5e2f7c3..4002d41 100644 .priority = CPU_PRI_MIGRATION, }; diff --git a/kernel/sched/fair.c b/kernel/sched/fair.c -index 81fa536..6ccf96a 100644 +index 7a33e59..2f7730c 100644 --- a/kernel/sched/fair.c +++ b/kernel/sched/fair.c @@ -830,7 +830,7 @@ void task_numa_fault(int node, int pages, bool migrated) @@ -78517,48 +77406,7 @@ index 81fa536..6ccf96a 100644 p->mm->numa_scan_offset = 0; } -@@ -3254,25 +3254,18 @@ find_idlest_cpu(struct sched_group *group, struct task_struct *p, int this_cpu) - */ - static int select_idle_sibling(struct task_struct *p, int target) - { -- int cpu = smp_processor_id(); -- int prev_cpu = task_cpu(p); - struct sched_domain *sd; - struct sched_group *sg; -- int i; -+ int i = task_cpu(p); - -- /* -- * If the task is going to be woken-up on this cpu and if it is -- * already idle, then it is the right target. -- */ -- if (target == cpu && idle_cpu(cpu)) -- return cpu; -+ if (idle_cpu(target)) -+ return target; - - /* -- * If the task is going to be woken-up on the cpu where it previously -- * ran and if it is currently idle, then it the right target. -+ * If the prevous cpu is cache affine and idle, don't be stupid. - */ -- if (target == prev_cpu && idle_cpu(prev_cpu)) -- return prev_cpu; -+ if (i != target && cpus_share_cache(i, target) && idle_cpu(i)) -+ return i; - - /* - * Otherwise, iterate the domains and find an elegible idle cpu. -@@ -3286,7 +3279,7 @@ static int select_idle_sibling(struct task_struct *p, int target) - goto next; - - for_each_cpu(i, sched_group_cpus(sg)) { -- if (!idle_cpu(i)) -+ if (i == target || !idle_cpu(i)) - goto next; - } - -@@ -5663,7 +5656,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } +@@ -5654,7 +5654,7 @@ static void nohz_idle_balance(int this_cpu, enum cpu_idle_type idle) { } * run_rebalance_domains is triggered when needed from the scheduler tick. * Also triggered for nohz idle balancing (with nohz_balancing_kick set). */ @@ -78568,7 +77416,7 @@ index 81fa536..6ccf96a 100644 int this_cpu = smp_processor_id(); struct rq *this_rq = cpu_rq(this_cpu); diff --git a/kernel/signal.c b/kernel/signal.c -index 50e425c..92c8f65 100644 +index 598dc06..471310a 100644 --- a/kernel/signal.c +++ b/kernel/signal.c @@ -50,12 +50,12 @@ static struct kmem_cache *sigqueue_cachep; @@ -78677,7 +77525,7 @@ index 50e425c..92c8f65 100644 return ret; } -@@ -2855,7 +2878,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) +@@ -2923,7 +2946,15 @@ do_send_specific(pid_t tgid, pid_t pid, int sig, struct siginfo *info) int error = -ESRCH; rcu_read_lock(); @@ -78694,7 +77542,7 @@ index 50e425c..92c8f65 100644 if (p && (tgid <= 0 || task_tgid_vnr(p) == tgid)) { error = check_kill_permission(sig, info, p); /* -@@ -3138,8 +3169,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack, +@@ -3237,8 +3268,8 @@ COMPAT_SYSCALL_DEFINE2(sigaltstack, } seg = get_fs(); set_fs(KERNEL_DS); @@ -78706,10 +77554,10 @@ index 50e425c..92c8f65 100644 set_fs(seg); if (ret >= 0 && uoss_ptr) { diff --git a/kernel/smp.c b/kernel/smp.c -index 69f38bd..77bbf12 100644 +index 8e451f3..8322029 100644 --- a/kernel/smp.c +++ b/kernel/smp.c -@@ -77,7 +77,7 @@ hotplug_cfd(struct notifier_block *nfb, unsigned long action, void *hcpu) +@@ -73,7 +73,7 @@ hotplug_cfd(struct notifier_block *nfb, unsigned long action, void *hcpu) return NOTIFY_OK; } @@ -78719,10 +77567,10 @@ index 69f38bd..77bbf12 100644 }; diff --git a/kernel/smpboot.c b/kernel/smpboot.c -index d6c5fc0..530560c 100644 +index 02fc5c9..e54c335 100644 --- a/kernel/smpboot.c +++ b/kernel/smpboot.c -@@ -275,7 +275,7 @@ int smpboot_register_percpu_thread(struct smp_hotplug_thread *plug_thread) +@@ -288,7 +288,7 @@ int smpboot_register_percpu_thread(struct smp_hotplug_thread *plug_thread) } smpboot_unpark_thread(plug_thread, cpu); } @@ -78731,7 +77579,7 @@ index d6c5fc0..530560c 100644 out: mutex_unlock(&smpboot_threads_lock); return ret; -@@ -292,7 +292,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread) +@@ -305,7 +305,7 @@ void smpboot_unregister_percpu_thread(struct smp_hotplug_thread *plug_thread) { get_online_cpus(); mutex_lock(&smpboot_threads_lock); @@ -78741,7 +77589,7 @@ index d6c5fc0..530560c 100644 mutex_unlock(&smpboot_threads_lock); put_online_cpus(); diff --git a/kernel/softirq.c b/kernel/softirq.c -index ed567ba..e71dabf 100644 +index 14d7758..012121f 100644 --- a/kernel/softirq.c +++ b/kernel/softirq.c @@ -53,11 +53,11 @@ irq_cpustat_t irq_stat[NR_CPUS] ____cacheline_aligned; @@ -78767,7 +77615,7 @@ index ed567ba..e71dabf 100644 trace_softirq_exit(vec_nr); if (unlikely(prev_count != preempt_count())) { printk(KERN_ERR "huh, entered softirq %u %s %p" -@@ -391,7 +391,7 @@ void __raise_softirq_irqoff(unsigned int nr) +@@ -389,7 +389,7 @@ void __raise_softirq_irqoff(unsigned int nr) or_softirq_pending(1UL << nr); } @@ -78776,7 +77624,7 @@ index ed567ba..e71dabf 100644 { softirq_vec[nr].action = action; } -@@ -447,7 +447,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t) +@@ -445,7 +445,7 @@ void __tasklet_hi_schedule_first(struct tasklet_struct *t) EXPORT_SYMBOL(__tasklet_hi_schedule_first); @@ -78785,7 +77633,7 @@ index ed567ba..e71dabf 100644 { struct tasklet_struct *list; -@@ -482,7 +482,7 @@ static void tasklet_action(struct softirq_action *a) +@@ -480,7 +480,7 @@ static void tasklet_action(struct softirq_action *a) } } @@ -78794,7 +77642,7 @@ index ed567ba..e71dabf 100644 { struct tasklet_struct *list; -@@ -718,7 +718,7 @@ static int __cpuinit remote_softirq_cpu_notify(struct notifier_block *self, +@@ -716,7 +716,7 @@ static int __cpuinit remote_softirq_cpu_notify(struct notifier_block *self, return NOTIFY_OK; } @@ -78803,7 +77651,7 @@ index ed567ba..e71dabf 100644 .notifier_call = remote_softirq_cpu_notify, }; -@@ -835,11 +835,11 @@ static int __cpuinit cpu_callback(struct notifier_block *nfb, +@@ -833,11 +833,11 @@ static int __cpuinit cpu_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -78818,13 +77666,13 @@ index ed567ba..e71dabf 100644 .thread_should_run = ksoftirqd_should_run, .thread_fn = run_ksoftirqd, diff --git a/kernel/srcu.c b/kernel/srcu.c -index 2b85982..d52ab26 100644 +index 01d5ccb..cdcbee6 100644 --- a/kernel/srcu.c +++ b/kernel/srcu.c -@@ -305,9 +305,9 @@ int __srcu_read_lock(struct srcu_struct *sp) +@@ -300,9 +300,9 @@ int __srcu_read_lock(struct srcu_struct *sp) + + idx = ACCESS_ONCE(sp->completed) & 0x1; preempt_disable(); - idx = rcu_dereference_index_check(sp->completed, - rcu_read_lock_sched_held()) & 0x1; - ACCESS_ONCE(this_cpu_ptr(sp->per_cpu_ref)->c[idx]) += 1; + ACCESS_ONCE_RW(this_cpu_ptr(sp->per_cpu_ref)->c[idx]) += 1; smp_mb(); /* B */ /* Avoid leaking the critical section. */ @@ -78833,33 +77681,11 @@ index 2b85982..d52ab26 100644 preempt_enable(); return idx; } -@@ -323,7 +323,7 @@ void __srcu_read_unlock(struct srcu_struct *sp, int idx) - { - preempt_disable(); - smp_mb(); /* C */ /* Avoid leaking the critical section. */ -- ACCESS_ONCE(this_cpu_ptr(sp->per_cpu_ref)->c[idx]) -= 1; -+ ACCESS_ONCE_RW(this_cpu_ptr(sp->per_cpu_ref)->c[idx]) -= 1; - preempt_enable(); - } - EXPORT_SYMBOL_GPL(__srcu_read_unlock); -diff --git a/kernel/stop_machine.c b/kernel/stop_machine.c -index 2f194e9..2c05ea9 100644 ---- a/kernel/stop_machine.c -+++ b/kernel/stop_machine.c -@@ -362,7 +362,7 @@ static int __cpuinit cpu_stop_cpu_callback(struct notifier_block *nfb, - * cpu notifiers. It currently shares the same priority as sched - * migration_notifier. - */ --static struct notifier_block __cpuinitdata cpu_stop_cpu_notifier = { -+static struct notifier_block cpu_stop_cpu_notifier = { - .notifier_call = cpu_stop_cpu_callback, - .priority = 10, - }; diff --git a/kernel/sys.c b/kernel/sys.c -index 47f1d1b..8651bd9 100644 +index 0da73cf..a22106a 100644 --- a/kernel/sys.c +++ b/kernel/sys.c -@@ -157,6 +157,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) +@@ -158,6 +158,12 @@ static int set_one_prio(struct task_struct *p, int niceval, int error) error = -EACCES; goto out; } @@ -78872,7 +77698,7 @@ index 47f1d1b..8651bd9 100644 no_nice = security_task_setnice(p, niceval); if (no_nice) { error = no_nice; -@@ -596,6 +602,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid) +@@ -598,6 +604,9 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid) goto error; } @@ -78882,7 +77708,7 @@ index 47f1d1b..8651bd9 100644 if (rgid != (gid_t) -1 || (egid != (gid_t) -1 && !gid_eq(kegid, old->gid))) new->sgid = new->egid; -@@ -631,6 +640,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid) +@@ -633,6 +642,10 @@ SYSCALL_DEFINE1(setgid, gid_t, gid) old = current_cred(); retval = -EPERM; @@ -78893,7 +77719,7 @@ index 47f1d1b..8651bd9 100644 if (nsown_capable(CAP_SETGID)) new->gid = new->egid = new->sgid = new->fsgid = kgid; else if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->sgid)) -@@ -648,7 +661,7 @@ error: +@@ -650,7 +663,7 @@ error: /* * change the user struct in a credentials set to match the new UID */ @@ -78902,7 +77728,7 @@ index 47f1d1b..8651bd9 100644 { struct user_struct *new_user; -@@ -728,6 +741,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid) +@@ -730,6 +743,9 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid) goto error; } @@ -78912,7 +77738,7 @@ index 47f1d1b..8651bd9 100644 if (!uid_eq(new->uid, old->uid)) { retval = set_user(new); if (retval < 0) -@@ -778,6 +794,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid) +@@ -780,6 +796,12 @@ SYSCALL_DEFINE1(setuid, uid_t, uid) old = current_cred(); retval = -EPERM; @@ -78925,7 +77751,7 @@ index 47f1d1b..8651bd9 100644 if (nsown_capable(CAP_SETUID)) { new->suid = new->uid = kuid; if (!uid_eq(kuid, old->uid)) { -@@ -847,6 +869,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) +@@ -849,6 +871,9 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) goto error; } @@ -78935,7 +77761,7 @@ index 47f1d1b..8651bd9 100644 if (ruid != (uid_t) -1) { new->uid = kruid; if (!uid_eq(kruid, old->uid)) { -@@ -929,6 +954,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) +@@ -931,6 +956,9 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) goto error; } @@ -78945,7 +77771,7 @@ index 47f1d1b..8651bd9 100644 if (rgid != (gid_t) -1) new->gid = krgid; if (egid != (gid_t) -1) -@@ -990,12 +1018,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) +@@ -992,12 +1020,16 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) uid_eq(kuid, old->suid) || uid_eq(kuid, old->fsuid) || nsown_capable(CAP_SETUID)) { if (!uid_eq(kuid, old->fsuid)) { @@ -78962,7 +77788,7 @@ index 47f1d1b..8651bd9 100644 abort_creds(new); return old_fsuid; -@@ -1028,12 +1060,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) +@@ -1030,12 +1062,16 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) if (gid_eq(kgid, old->gid) || gid_eq(kgid, old->egid) || gid_eq(kgid, old->sgid) || gid_eq(kgid, old->fsgid) || nsown_capable(CAP_SETGID)) { @@ -78979,7 +77805,7 @@ index 47f1d1b..8651bd9 100644 abort_creds(new); return old_fsgid; -@@ -1341,19 +1377,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) +@@ -1343,19 +1379,19 @@ SYSCALL_DEFINE1(olduname, struct oldold_utsname __user *, name) return -EFAULT; down_read(&uts_sem); @@ -79004,7 +77830,7 @@ index 47f1d1b..8651bd9 100644 __OLD_UTS_LEN); error |= __put_user(0, name->machine + __OLD_UTS_LEN); up_read(&uts_sem); -@@ -1555,6 +1591,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource, +@@ -1557,6 +1593,13 @@ int do_prlimit(struct task_struct *tsk, unsigned int resource, */ new_rlim->rlim_cur = 1; } @@ -79018,20 +77844,11 @@ index 47f1d1b..8651bd9 100644 } if (!retval) { if (old_rlim) -@@ -2027,7 +2070,7 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3, - error = get_dumpable(me->mm); - break; - case PR_SET_DUMPABLE: -- if (arg2 < 0 || arg2 > 1) { -+ if (arg2 > 1) { - error = -EINVAL; - break; - } diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index c88878d..e4fa5d1 100644 +index afc1dc6..5e28bbf 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c -@@ -92,7 +92,6 @@ +@@ -93,7 +93,6 @@ #if defined(CONFIG_SYSCTL) @@ -79039,7 +77856,7 @@ index c88878d..e4fa5d1 100644 /* External variables not in a header file. */ extern int sysctl_overcommit_memory; extern int sysctl_overcommit_ratio; -@@ -172,10 +171,8 @@ static int proc_taint(struct ctl_table *table, int write, +@@ -178,10 +177,8 @@ static int proc_taint(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); #endif @@ -79050,7 +77867,7 @@ index c88878d..e4fa5d1 100644 static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos); -@@ -206,6 +203,8 @@ static int sysrq_sysctl_handler(ctl_table *table, int write, +@@ -212,6 +209,8 @@ static int sysrq_sysctl_handler(ctl_table *table, int write, #endif @@ -79059,7 +77876,7 @@ index c88878d..e4fa5d1 100644 static struct ctl_table kern_table[]; static struct ctl_table vm_table[]; static struct ctl_table fs_table[]; -@@ -220,6 +219,20 @@ extern struct ctl_table epoll_table[]; +@@ -226,6 +225,20 @@ extern struct ctl_table epoll_table[]; int sysctl_legacy_va_layout; #endif @@ -79080,7 +77897,7 @@ index c88878d..e4fa5d1 100644 /* The default sysctl tables: */ static struct ctl_table sysctl_base_table[] = { -@@ -268,6 +281,22 @@ static int max_extfrag_threshold = 1000; +@@ -274,6 +287,22 @@ static int max_extfrag_threshold = 1000; #endif static struct ctl_table kern_table[] = { @@ -79103,7 +77920,7 @@ index c88878d..e4fa5d1 100644 { .procname = "sched_child_runs_first", .data = &sysctl_sched_child_runs_first, -@@ -593,7 +622,7 @@ static struct ctl_table kern_table[] = { +@@ -608,7 +637,7 @@ static struct ctl_table kern_table[] = { .data = &modprobe_path, .maxlen = KMOD_PATH_LEN, .mode = 0644, @@ -79112,7 +77929,7 @@ index c88878d..e4fa5d1 100644 }, { .procname = "modules_disabled", -@@ -760,16 +789,20 @@ static struct ctl_table kern_table[] = { +@@ -775,16 +804,20 @@ static struct ctl_table kern_table[] = { .extra1 = &zero, .extra2 = &one, }, @@ -79134,7 +77951,18 @@ index c88878d..e4fa5d1 100644 { .procname = "ngroups_max", .data = &ngroups_max, -@@ -1266,6 +1299,13 @@ static struct ctl_table vm_table[] = { +@@ -1026,8 +1059,8 @@ static struct ctl_table kern_table[] = { + */ + { + .procname = "perf_event_paranoid", +- .data = &sysctl_perf_event_paranoid, +- .maxlen = sizeof(sysctl_perf_event_paranoid), ++ .data = &sysctl_perf_event_legitimately_concerned, ++ .maxlen = sizeof(sysctl_perf_event_legitimately_concerned), + .mode = 0644, + .proc_handler = proc_dointvec, + }, +@@ -1283,6 +1316,13 @@ static struct ctl_table vm_table[] = { .proc_handler = proc_dointvec_minmax, .extra1 = &zero, }, @@ -79148,7 +77976,7 @@ index c88878d..e4fa5d1 100644 #else { .procname = "nr_trim_pages", -@@ -1716,6 +1756,16 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -1733,6 +1773,16 @@ int proc_dostring(struct ctl_table *table, int write, buffer, lenp, ppos); } @@ -79165,7 +77993,7 @@ index c88878d..e4fa5d1 100644 static size_t proc_skip_spaces(char **buf) { size_t ret; -@@ -1821,6 +1871,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, +@@ -1838,6 +1888,8 @@ static int proc_put_long(void __user **buf, size_t *size, unsigned long val, len = strlen(tmp); if (len > *size) len = *size; @@ -79174,7 +78002,7 @@ index c88878d..e4fa5d1 100644 if (copy_to_user(*buf, tmp, len)) return -EFAULT; *size -= len; -@@ -1985,7 +2037,7 @@ int proc_dointvec(struct ctl_table *table, int write, +@@ -2002,7 +2054,7 @@ int proc_dointvec(struct ctl_table *table, int write, static int proc_taint(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -79183,7 +78011,7 @@ index c88878d..e4fa5d1 100644 unsigned long tmptaint = get_taint(); int err; -@@ -2013,7 +2065,6 @@ static int proc_taint(struct ctl_table *table, int write, +@@ -2030,7 +2082,6 @@ static int proc_taint(struct ctl_table *table, int write, return err; } @@ -79191,7 +78019,7 @@ index c88878d..e4fa5d1 100644 static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -2022,7 +2073,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, +@@ -2039,7 +2090,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, return proc_dointvec_minmax(table, write, buffer, lenp, ppos); } @@ -79199,7 +78027,7 @@ index c88878d..e4fa5d1 100644 struct do_proc_dointvec_minmax_conv_param { int *min; -@@ -2169,8 +2219,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int +@@ -2186,8 +2236,11 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int *i = val; } else { val = convdiv * (*i) / convmul; @@ -79212,7 +78040,7 @@ index c88878d..e4fa5d1 100644 err = proc_put_long(&buffer, &left, val, false); if (err) break; -@@ -2562,6 +2615,12 @@ int proc_dostring(struct ctl_table *table, int write, +@@ -2579,6 +2632,12 @@ int proc_dostring(struct ctl_table *table, int write, return -ENOSYS; } @@ -79225,80 +78053,13 @@ index c88878d..e4fa5d1 100644 int proc_dointvec(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { -@@ -2618,5 +2677,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax); +@@ -2635,5 +2694,6 @@ EXPORT_SYMBOL(proc_dointvec_minmax); EXPORT_SYMBOL(proc_dointvec_userhz_jiffies); EXPORT_SYMBOL(proc_dointvec_ms_jiffies); EXPORT_SYMBOL(proc_dostring); +EXPORT_SYMBOL(proc_dostring_modpriv); EXPORT_SYMBOL(proc_doulongvec_minmax); EXPORT_SYMBOL(proc_doulongvec_ms_jiffies_minmax); -diff --git a/kernel/sysctl_binary.c b/kernel/sysctl_binary.c -index 0ddf3a0..a199f50 100644 ---- a/kernel/sysctl_binary.c -+++ b/kernel/sysctl_binary.c -@@ -989,7 +989,7 @@ static ssize_t bin_intvec(struct file *file, - int i; - - set_fs(KERNEL_DS); -- result = vfs_read(file, buffer, BUFSZ - 1, &pos); -+ result = vfs_read(file, (char __force_user *)buffer, BUFSZ - 1, &pos); - set_fs(old_fs); - if (result < 0) - goto out_kfree; -@@ -1034,7 +1034,7 @@ static ssize_t bin_intvec(struct file *file, - } - - set_fs(KERNEL_DS); -- result = vfs_write(file, buffer, str - buffer, &pos); -+ result = vfs_write(file, (const char __force_user *)buffer, str - buffer, &pos); - set_fs(old_fs); - if (result < 0) - goto out_kfree; -@@ -1067,7 +1067,7 @@ static ssize_t bin_ulongvec(struct file *file, - int i; - - set_fs(KERNEL_DS); -- result = vfs_read(file, buffer, BUFSZ - 1, &pos); -+ result = vfs_read(file, (char __force_user *)buffer, BUFSZ - 1, &pos); - set_fs(old_fs); - if (result < 0) - goto out_kfree; -@@ -1112,7 +1112,7 @@ static ssize_t bin_ulongvec(struct file *file, - } - - set_fs(KERNEL_DS); -- result = vfs_write(file, buffer, str - buffer, &pos); -+ result = vfs_write(file, (const char __force_user *)buffer, str - buffer, &pos); - set_fs(old_fs); - if (result < 0) - goto out_kfree; -@@ -1138,7 +1138,7 @@ static ssize_t bin_uuid(struct file *file, - int i; - - set_fs(KERNEL_DS); -- result = vfs_read(file, buf, sizeof(buf) - 1, &pos); -+ result = vfs_read(file, (char __force_user *)buf, sizeof(buf) - 1, &pos); - set_fs(old_fs); - if (result < 0) - goto out; -@@ -1185,7 +1185,7 @@ static ssize_t bin_dn_node_address(struct file *file, - __le16 dnaddr; - - set_fs(KERNEL_DS); -- result = vfs_read(file, buf, sizeof(buf) - 1, &pos); -+ result = vfs_read(file, (char __force_user *)buf, sizeof(buf) - 1, &pos); - set_fs(old_fs); - if (result < 0) - goto out; -@@ -1234,7 +1234,7 @@ static ssize_t bin_dn_node_address(struct file *file, - le16_to_cpu(dnaddr) & 0x3ff); - - set_fs(KERNEL_DS); -- result = vfs_write(file, buf, len, &pos); -+ result = vfs_write(file, (const char __force_user *)buf, len, &pos); - set_fs(old_fs); - if (result < 0) - goto out; diff --git a/kernel/taskstats.c b/kernel/taskstats.c index 145bb4d..b2aa969 100644 --- a/kernel/taskstats.c @@ -79327,10 +78088,10 @@ index 145bb4d..b2aa969 100644 return cmd_attr_register_cpumask(info); else if (info->attrs[TASKSTATS_CMD_ATTR_DEREGISTER_CPUMASK]) diff --git a/kernel/time.c b/kernel/time.c -index d226c6a..2f0d217 100644 +index f8342a4..288f13b 100644 --- a/kernel/time.c +++ b/kernel/time.c -@@ -163,6 +163,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz) +@@ -171,6 +171,11 @@ int do_sys_settimeofday(const struct timespec *tv, const struct timezone *tz) return error; if (tz) { @@ -79342,7 +78103,7 @@ index d226c6a..2f0d217 100644 sys_tz = *tz; update_vsyscall_tz(); if (firsttime) { -@@ -493,7 +498,7 @@ EXPORT_SYMBOL(usecs_to_jiffies); +@@ -501,7 +506,7 @@ EXPORT_SYMBOL(usecs_to_jiffies); * The >> (NSEC_JIFFIE_SC - SEC_JIFFIE_SC) converts the scaled nsec * value to a scaled second value. */ @@ -79365,20 +78126,20 @@ index f11d83b..d016d91 100644 .clock_get = alarm_clock_get, .timer_create = alarm_timer_create, diff --git a/kernel/time/tick-broadcast.c b/kernel/time/tick-broadcast.c -index 239a323..2c78cf0 100644 +index 90ad470..1814e9a 100644 --- a/kernel/time/tick-broadcast.c +++ b/kernel/time/tick-broadcast.c -@@ -120,7 +120,7 @@ int tick_device_uses_broadcast(struct clock_event_device *dev, int cpu) +@@ -138,7 +138,7 @@ int tick_device_uses_broadcast(struct clock_event_device *dev, int cpu) * then clear the broadcast bit. */ if (!(dev->features & CLOCK_EVT_FEAT_C3STOP)) { - int cpu = smp_processor_id(); + cpu = smp_processor_id(); - cpumask_clear_cpu(cpu, tick_get_broadcast_mask()); tick_broadcast_clear_oneshot(cpu); + } else { diff --git a/kernel/time/timekeeping.c b/kernel/time/timekeeping.c -index cbc6acb..3a77191 100644 +index 9a0bc98..fceb7d0 100644 --- a/kernel/time/timekeeping.c +++ b/kernel/time/timekeeping.c @@ -15,6 +15,7 @@ @@ -79389,7 +78150,7 @@ index cbc6acb..3a77191 100644 #include <linux/syscore_ops.h> #include <linux/clocksource.h> #include <linux/jiffies.h> -@@ -412,6 +413,8 @@ int do_settimeofday(const struct timespec *tv) +@@ -448,6 +449,8 @@ int do_settimeofday(const struct timespec *tv) if (!timespec_valid_strict(tv)) return -EINVAL; @@ -79517,7 +78278,7 @@ index 0b537f2..40d6c20 100644 return -ENOMEM; return 0; diff --git a/kernel/timer.c b/kernel/timer.c -index 367d008..5dee98f 100644 +index dbf7a78..e2148f0 100644 --- a/kernel/timer.c +++ b/kernel/timer.c @@ -1363,7 +1363,7 @@ void update_process_times(int user_tick) @@ -79548,7 +78309,7 @@ index 367d008..5dee98f 100644 }; diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c -index c0bd030..62a1927 100644 +index 5a0f781..1497f95 100644 --- a/kernel/trace/blktrace.c +++ b/kernel/trace/blktrace.c @@ -317,7 +317,7 @@ static ssize_t blk_dropped_read(struct file *filp, char __user *buffer, @@ -79579,10 +78340,10 @@ index c0bd030..62a1927 100644 ret = -EIO; bt->dropped_file = debugfs_create_file("dropped", 0444, dir, bt, diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c -index 03dbc77..e6bd484 100644 +index 0a0e2a6..943495e 100644 --- a/kernel/trace/ftrace.c +++ b/kernel/trace/ftrace.c -@@ -1886,12 +1886,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) +@@ -1909,12 +1909,17 @@ ftrace_code_disable(struct module *mod, struct dyn_ftrace *rec) if (unlikely(ftrace_disabled)) return 0; @@ -79602,7 +78363,7 @@ index 03dbc77..e6bd484 100644 } /* -@@ -2964,7 +2969,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp) +@@ -2986,7 +2991,7 @@ static void ftrace_free_entry_rcu(struct rcu_head *rhp) int register_ftrace_function_probe(char *glob, struct ftrace_probe_ops *ops, @@ -79611,7 +78372,7 @@ index 03dbc77..e6bd484 100644 { struct ftrace_func_probe *entry; struct ftrace_page *pg; -@@ -3832,8 +3837,10 @@ static int ftrace_process_locs(struct module *mod, +@@ -3854,8 +3859,10 @@ static int ftrace_process_locs(struct module *mod, if (!count) return 0; @@ -79622,7 +78383,7 @@ index 03dbc77..e6bd484 100644 start_pg = ftrace_allocate_pages(count); if (!start_pg) -@@ -4555,8 +4562,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write, +@@ -4574,8 +4581,6 @@ ftrace_enable_sysctl(struct ctl_table *table, int write, #ifdef CONFIG_FUNCTION_GRAPH_TRACER static int ftrace_graph_active; @@ -79631,7 +78392,7 @@ index 03dbc77..e6bd484 100644 int ftrace_graph_entry_stub(struct ftrace_graph_ent *trace) { return 0; -@@ -4700,6 +4705,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state, +@@ -4719,6 +4724,10 @@ ftrace_suspend_notifier_call(struct notifier_block *bl, unsigned long state, return NOTIFY_DONE; } @@ -79642,7 +78403,7 @@ index 03dbc77..e6bd484 100644 int register_ftrace_graph(trace_func_graph_ret_t retfunc, trace_func_graph_ent_t entryfunc) { -@@ -4713,7 +4722,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc, +@@ -4732,7 +4741,6 @@ int register_ftrace_graph(trace_func_graph_ret_t retfunc, goto out; } @@ -79651,10 +78412,10 @@ index 03dbc77..e6bd484 100644 ftrace_graph_active++; diff --git a/kernel/trace/ring_buffer.c b/kernel/trace/ring_buffer.c -index ce8514f..8233573 100644 +index 6989df2..c2265cf 100644 --- a/kernel/trace/ring_buffer.c +++ b/kernel/trace/ring_buffer.c -@@ -346,9 +346,9 @@ struct buffer_data_page { +@@ -349,9 +349,9 @@ struct buffer_data_page { */ struct buffer_page { struct list_head list; /* list of buffer pages */ @@ -79666,7 +78427,7 @@ index ce8514f..8233573 100644 unsigned long real_end; /* real end of data */ struct buffer_data_page *page; /* Actual data page */ }; -@@ -461,8 +461,8 @@ struct ring_buffer_per_cpu { +@@ -464,8 +464,8 @@ struct ring_buffer_per_cpu { unsigned long last_overrun; local_t entries_bytes; local_t entries; @@ -79677,7 +78438,7 @@ index ce8514f..8233573 100644 local_t dropped_events; local_t committing; local_t commits; -@@ -861,8 +861,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -864,8 +864,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * * We add a counter to the write field to denote this. */ @@ -79688,7 +78449,7 @@ index ce8514f..8233573 100644 /* * Just make sure we have seen our old_write and synchronize -@@ -890,8 +890,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, +@@ -893,8 +893,8 @@ static int rb_tail_page_update(struct ring_buffer_per_cpu *cpu_buffer, * cmpxchg to only update if an interrupt did not already * do it for us. If the cmpxchg fails, we don't care. */ @@ -79699,7 +78460,7 @@ index ce8514f..8233573 100644 /* * No need to worry about races with clearing out the commit. -@@ -1250,12 +1250,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); +@@ -1253,12 +1253,12 @@ static void rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer); static inline unsigned long rb_page_entries(struct buffer_page *bpage) { @@ -79714,7 +78475,7 @@ index ce8514f..8233573 100644 } static int -@@ -1350,7 +1350,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) +@@ -1353,7 +1353,7 @@ rb_remove_pages(struct ring_buffer_per_cpu *cpu_buffer, unsigned int nr_pages) * bytes consumed in ring buffer from here. * Increment overrun to account for the lost events. */ @@ -79723,7 +78484,7 @@ index ce8514f..8233573 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); } -@@ -1906,7 +1906,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, +@@ -1909,7 +1909,7 @@ rb_handle_head_page(struct ring_buffer_per_cpu *cpu_buffer, * it is our responsibility to update * the counters. */ @@ -79732,7 +78493,7 @@ index ce8514f..8233573 100644 local_sub(BUF_PAGE_SIZE, &cpu_buffer->entries_bytes); /* -@@ -2056,7 +2056,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2059,7 +2059,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, if (tail == BUF_PAGE_SIZE) tail_page->real_end = 0; @@ -79741,7 +78502,7 @@ index ce8514f..8233573 100644 return; } -@@ -2091,7 +2091,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2094,7 +2094,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, rb_event_set_padding(event); /* Set the write back to the previous setting */ @@ -79750,7 +78511,7 @@ index ce8514f..8233573 100644 return; } -@@ -2103,7 +2103,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2106,7 +2106,7 @@ rb_reset_tail(struct ring_buffer_per_cpu *cpu_buffer, /* Set write to end of buffer */ length = (tail + length) - BUF_PAGE_SIZE; @@ -79759,7 +78520,7 @@ index ce8514f..8233573 100644 } /* -@@ -2129,7 +2129,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2132,7 +2132,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, * about it. */ if (unlikely(next_page == commit_page)) { @@ -79768,7 +78529,7 @@ index ce8514f..8233573 100644 goto out_reset; } -@@ -2185,7 +2185,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2188,7 +2188,7 @@ rb_move_tail(struct ring_buffer_per_cpu *cpu_buffer, cpu_buffer->tail_page) && (cpu_buffer->commit_page == cpu_buffer->reader_page))) { @@ -79777,7 +78538,7 @@ index ce8514f..8233573 100644 goto out_reset; } } -@@ -2233,7 +2233,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2236,7 +2236,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, length += RB_LEN_TIME_EXTEND; tail_page = cpu_buffer->tail_page; @@ -79786,7 +78547,7 @@ index ce8514f..8233573 100644 /* set write to only the index of the write */ write &= RB_WRITE_MASK; -@@ -2250,7 +2250,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2253,7 +2253,7 @@ __rb_reserve_next(struct ring_buffer_per_cpu *cpu_buffer, kmemcheck_annotate_bitfield(event, bitfield); rb_update_event(cpu_buffer, event, length, add_timestamp, delta); @@ -79795,7 +78556,7 @@ index ce8514f..8233573 100644 /* * If this is the first commit on the page, then update -@@ -2283,7 +2283,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2286,7 +2286,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, if (bpage->page == (void *)addr && rb_page_write(bpage) == old_index) { unsigned long write_mask = @@ -79804,7 +78565,7 @@ index ce8514f..8233573 100644 unsigned long event_length = rb_event_length(event); /* * This is on the tail page. It is possible that -@@ -2293,7 +2293,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2296,7 +2296,7 @@ rb_try_to_discard(struct ring_buffer_per_cpu *cpu_buffer, */ old_index += write_mask; new_index += write_mask; @@ -79813,7 +78574,7 @@ index ce8514f..8233573 100644 if (index == old_index) { /* update counters */ local_sub(event_length, &cpu_buffer->entries_bytes); -@@ -2632,7 +2632,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2670,7 +2670,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, /* Do the likely case first */ if (likely(bpage->page == (void *)addr)) { @@ -79822,7 +78583,7 @@ index ce8514f..8233573 100644 return; } -@@ -2644,7 +2644,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, +@@ -2682,7 +2682,7 @@ rb_decrement_entry(struct ring_buffer_per_cpu *cpu_buffer, start = bpage; do { if (bpage->page == (void *)addr) { @@ -79831,7 +78592,7 @@ index ce8514f..8233573 100644 return; } rb_inc_page(cpu_buffer, &bpage); -@@ -2926,7 +2926,7 @@ static inline unsigned long +@@ -2964,7 +2964,7 @@ static inline unsigned long rb_num_of_entries(struct ring_buffer_per_cpu *cpu_buffer) { return local_read(&cpu_buffer->entries) - @@ -79840,7 +78601,7 @@ index ce8514f..8233573 100644 } /** -@@ -3015,7 +3015,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3053,7 +3053,7 @@ unsigned long ring_buffer_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -79849,7 +78610,7 @@ index ce8514f..8233573 100644 return ret; } -@@ -3038,7 +3038,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) +@@ -3076,7 +3076,7 @@ ring_buffer_commit_overrun_cpu(struct ring_buffer *buffer, int cpu) return 0; cpu_buffer = buffer->buffers[cpu]; @@ -79858,7 +78619,7 @@ index ce8514f..8233573 100644 return ret; } -@@ -3105,7 +3105,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) +@@ -3161,7 +3161,7 @@ unsigned long ring_buffer_overruns(struct ring_buffer *buffer) /* if you care about this being correct, lock the buffer */ for_each_buffer_cpu(buffer, cpu) { cpu_buffer = buffer->buffers[cpu]; @@ -79867,7 +78628,7 @@ index ce8514f..8233573 100644 } return overruns; -@@ -3281,8 +3281,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3337,8 +3337,8 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) /* * Reset the reader page to size zero. */ @@ -79878,7 +78639,7 @@ index ce8514f..8233573 100644 local_set(&cpu_buffer->reader_page->page->commit, 0); cpu_buffer->reader_page->real_end = 0; -@@ -3316,7 +3316,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3372,7 +3372,7 @@ rb_get_reader_page(struct ring_buffer_per_cpu *cpu_buffer) * want to compare with the last_overrun. */ smp_mb(); @@ -79887,7 +78648,7 @@ index ce8514f..8233573 100644 /* * Here's the tricky part. -@@ -3886,8 +3886,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3942,8 +3942,8 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) cpu_buffer->head_page = list_entry(cpu_buffer->pages, struct buffer_page, list); @@ -79898,7 +78659,7 @@ index ce8514f..8233573 100644 local_set(&cpu_buffer->head_page->page->commit, 0); cpu_buffer->head_page->read = 0; -@@ -3897,14 +3897,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) +@@ -3953,14 +3953,14 @@ rb_reset_cpu(struct ring_buffer_per_cpu *cpu_buffer) INIT_LIST_HEAD(&cpu_buffer->reader_page->list); INIT_LIST_HEAD(&cpu_buffer->new_pages); @@ -79917,7 +78678,7 @@ index ce8514f..8233573 100644 local_set(&cpu_buffer->dropped_events, 0); local_set(&cpu_buffer->entries, 0); local_set(&cpu_buffer->committing, 0); -@@ -4308,8 +4308,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, +@@ -4364,8 +4364,8 @@ int ring_buffer_read_page(struct ring_buffer *buffer, rb_init_page(bpage); bpage = reader->page; reader->page = *data_page; @@ -79929,10 +78690,10 @@ index ce8514f..8233573 100644 *data_page = bpage; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c -index 1c82852..1cd5af2 100644 +index 3f28192..a29e8b0 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c -@@ -2845,7 +2845,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) +@@ -2893,7 +2893,7 @@ int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set) return 0; } @@ -79941,7 +78702,7 @@ index 1c82852..1cd5af2 100644 { /* do nothing if flag is already set */ if (!!(trace_flags & mask) == !!enabled) -@@ -4494,10 +4494,9 @@ static const struct file_operations tracing_dyn_info_fops = { +@@ -4637,10 +4637,9 @@ static const struct file_operations tracing_dyn_info_fops = { }; #endif @@ -79953,23 +78714,23 @@ index 1c82852..1cd5af2 100644 static int once; if (d_tracer) -@@ -4517,10 +4516,9 @@ struct dentry *tracing_init_dentry(void) +@@ -4660,10 +4659,9 @@ struct dentry *tracing_init_dentry(void) return d_tracer; } -static struct dentry *d_percpu; - - struct dentry *tracing_dentry_percpu(void) + static struct dentry *tracing_dentry_percpu(void) { + static struct dentry *d_percpu; static int once; struct dentry *d_tracer; diff --git a/kernel/trace/trace.h b/kernel/trace/trace.h -index 23f1d2c..6ca7a9b 100644 +index 2081971..09f861e 100644 --- a/kernel/trace/trace.h +++ b/kernel/trace/trace.h -@@ -840,7 +840,7 @@ extern const char *__stop___trace_bprintk_fmt[]; +@@ -948,7 +948,7 @@ extern const char *__stop___trace_bprintk_fmt[]; void trace_printk_init_buffers(void); void trace_printk_start_comm(void); int trace_keep_overwrite(struct tracer *tracer, u32 mask, int set); @@ -79979,10 +78740,10 @@ index 23f1d2c..6ca7a9b 100644 #undef FTRACE_ENTRY #define FTRACE_ENTRY(call, struct_name, id, tstruct, print, filter) \ diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c -index 880073d..42db7c3 100644 +index 57e9b28..eebe41c 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c -@@ -1330,10 +1330,6 @@ static LIST_HEAD(ftrace_module_file_list); +@@ -1329,10 +1329,6 @@ static LIST_HEAD(ftrace_module_file_list); struct ftrace_module_file_ops { struct list_head list; struct module *mod; @@ -79993,7 +78754,7 @@ index 880073d..42db7c3 100644 }; static struct ftrace_module_file_ops * -@@ -1354,17 +1350,12 @@ trace_create_file_ops(struct module *mod) +@@ -1353,17 +1349,12 @@ trace_create_file_ops(struct module *mod) file_ops->mod = mod; @@ -80017,7 +78778,7 @@ index 880073d..42db7c3 100644 list_add(&file_ops->list, &ftrace_module_file_list); -@@ -1388,8 +1379,8 @@ static void trace_module_add_events(struct module *mod) +@@ -1387,8 +1378,8 @@ static void trace_module_add_events(struct module *mod) for_each_event(call, start, end) { __trace_add_event_call(*call, mod, @@ -80069,7 +78830,7 @@ index fd3c8aa..5f324a6 100644 } entry = ring_buffer_event_data(event); diff --git a/kernel/trace/trace_output.c b/kernel/trace/trace_output.c -index 194d796..76edb8f 100644 +index 697e88d..1a79993 100644 --- a/kernel/trace/trace_output.c +++ b/kernel/trace/trace_output.c @@ -278,7 +278,7 @@ int trace_seq_path(struct trace_seq *s, const struct path *path) @@ -80081,7 +78842,7 @@ index 194d796..76edb8f 100644 if (p) { s->len = p - s->buffer; return 1; -@@ -852,14 +852,16 @@ int register_ftrace_event(struct trace_event *event) +@@ -851,14 +851,16 @@ int register_ftrace_event(struct trace_event *event) goto out; } @@ -80115,59 +78876,11 @@ index b20428c..4845a10 100644 return; local_irq_save(flags); -diff --git a/kernel/user.c b/kernel/user.c -index 7f6ff2b..1ac8f18 100644 ---- a/kernel/user.c -+++ b/kernel/user.c -@@ -47,9 +47,7 @@ struct user_namespace init_user_ns = { - .count = 4294967295U, - }, - }, -- .kref = { -- .refcount = ATOMIC_INIT(3), -- }, -+ .count = ATOMIC_INIT(3), - .owner = GLOBAL_ROOT_UID, - .group = GLOBAL_ROOT_GID, - .proc_inum = PROC_USER_INIT_INO, diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c -index f359dc7..ddc606a 100644 +index e134d8f..a018cdd 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c -@@ -89,7 +89,7 @@ int create_user_ns(struct cred *new) - return ret; - } - -- kref_init(&ns->kref); -+ atomic_set(&ns->count, 1); - /* Leave the new->user_ns reference with the new user namespace. */ - ns->parent = parent_ns; - ns->owner = owner; -@@ -117,15 +117,16 @@ int unshare_userns(unsigned long unshare_flags, struct cred **new_cred) - return create_user_ns(cred); - } - --void free_user_ns(struct kref *kref) -+void free_user_ns(struct user_namespace *ns) - { -- struct user_namespace *parent, *ns = -- container_of(kref, struct user_namespace, kref); -+ struct user_namespace *parent; - -- parent = ns->parent; -- proc_free_inum(ns->proc_inum); -- kmem_cache_free(user_ns_cachep, ns); -- put_user_ns(parent); -+ do { -+ parent = ns->parent; -+ proc_free_inum(ns->proc_inum); -+ kmem_cache_free(user_ns_cachep, ns); -+ ns = parent; -+ } while (atomic_dec_and_test(&parent->count)); - } - EXPORT_SYMBOL(free_user_ns); - -@@ -819,7 +820,7 @@ static int userns_install(struct nsproxy *nsproxy, void *ns) +@@ -853,7 +853,7 @@ static int userns_install(struct nsproxy *nsproxy, void *ns) if (atomic_read(¤t->mm->mm_users) > 1) return -EINVAL; @@ -80177,10 +78890,10 @@ index f359dc7..ddc606a 100644 if (!ns_capable(user_ns, CAP_SYS_ADMIN)) diff --git a/kernel/utsname_sysctl.c b/kernel/utsname_sysctl.c -index 63da38c..639904e 100644 +index 4f69f9a..7c6f8f8 100644 --- a/kernel/utsname_sysctl.c +++ b/kernel/utsname_sysctl.c -@@ -46,7 +46,7 @@ static void put_uts(ctl_table *table, int write, void *which) +@@ -47,7 +47,7 @@ static void put_uts(ctl_table *table, int write, void *which) static int proc_do_uts_string(ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -80190,10 +78903,10 @@ index 63da38c..639904e 100644 memcpy(&uts_table, table, sizeof(uts_table)); uts_table.data = get_uts(table, write); diff --git a/kernel/watchdog.c b/kernel/watchdog.c -index 75a2ab3..5961da7 100644 +index 4a94467..80a6f9c 100644 --- a/kernel/watchdog.c +++ b/kernel/watchdog.c -@@ -527,7 +527,7 @@ int proc_dowatchdog(struct ctl_table *table, int write, +@@ -526,7 +526,7 @@ int proc_dowatchdog(struct ctl_table *table, int write, } #endif /* CONFIG_SYSCTL */ @@ -80203,10 +78916,10 @@ index 75a2ab3..5961da7 100644 .thread_should_run = watchdog_should_run, .thread_fn = watchdog, diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug -index 67604e5..fe94fb1 100644 +index 28be08c..47bab92 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug -@@ -550,7 +550,7 @@ config DEBUG_MUTEXES +@@ -549,7 +549,7 @@ config DEBUG_MUTEXES config DEBUG_LOCK_ALLOC bool "Lock debugging: detect incorrect freeing of live locks" @@ -80215,7 +78928,7 @@ index 67604e5..fe94fb1 100644 select DEBUG_SPINLOCK select DEBUG_MUTEXES select LOCKDEP -@@ -564,7 +564,7 @@ config DEBUG_LOCK_ALLOC +@@ -563,7 +563,7 @@ config DEBUG_LOCK_ALLOC config PROVE_LOCKING bool "Lock debugging: prove locking correctness" @@ -80224,7 +78937,7 @@ index 67604e5..fe94fb1 100644 select LOCKDEP select DEBUG_SPINLOCK select DEBUG_MUTEXES -@@ -670,7 +670,7 @@ config LOCKDEP +@@ -614,7 +614,7 @@ config LOCKDEP config LOCK_STAT bool "Lock usage statistics" @@ -80233,7 +78946,7 @@ index 67604e5..fe94fb1 100644 select LOCKDEP select DEBUG_SPINLOCK select DEBUG_MUTEXES -@@ -1278,6 +1278,7 @@ config LATENCYTOP +@@ -1282,6 +1282,7 @@ config LATENCYTOP depends on DEBUG_KERNEL depends on STACKTRACE_SUPPORT depends on PROC_FS @@ -80241,7 +78954,7 @@ index 67604e5..fe94fb1 100644 select FRAME_POINTER if !MIPS && !PPC && !S390 && !MICROBLAZE && !ARM_UNWIND select KALLSYMS select KALLSYMS_ALL -@@ -1306,7 +1307,7 @@ config INTERVAL_TREE_TEST +@@ -1310,7 +1311,7 @@ config INTERVAL_TREE_TEST config PROVIDE_OHCI1394_DMA_INIT bool "Remote debugging over FireWire early on boot" @@ -80250,7 +78963,7 @@ index 67604e5..fe94fb1 100644 help If you want to debug problems which hang or crash the kernel early on boot and the crashing machine has a FireWire port, you can use -@@ -1335,7 +1336,7 @@ config PROVIDE_OHCI1394_DMA_INIT +@@ -1339,7 +1340,7 @@ config PROVIDE_OHCI1394_DMA_INIT config FIREWIRE_OHCI_REMOTE_DMA bool "Remote debugging over FireWire with firewire-ohci" @@ -80260,7 +78973,7 @@ index 67604e5..fe94fb1 100644 This option lets you use the FireWire bus for remote debugging with help of the firewire-ohci driver. It enables unfiltered diff --git a/lib/Makefile b/lib/Makefile -index 02ed6c0..bd243da 100644 +index 6e2cc56..9b13738 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -47,7 +47,7 @@ obj-$(CONFIG_GENERIC_HWEIGHT) += hweight.o @@ -80313,7 +79026,7 @@ index 06f7e4f..f3cf2b0 100644 } EXPORT_SYMBOL(bitmap_parselist_user); diff --git a/lib/bug.c b/lib/bug.c -index d0cdf14..4d07bd2 100644 +index 1686034..a9c00c8 100644 --- a/lib/bug.c +++ b/lib/bug.c @@ -134,6 +134,8 @@ enum bug_trap_type report_bug(unsigned long bugaddr, struct pt_regs *regs) @@ -80326,10 +79039,10 @@ index d0cdf14..4d07bd2 100644 file = NULL; line = 0; diff --git a/lib/debugobjects.c b/lib/debugobjects.c -index d11808c..dc2d6f8 100644 +index 37061ed..da83f48 100644 --- a/lib/debugobjects.c +++ b/lib/debugobjects.c -@@ -287,7 +287,7 @@ static void debug_object_is_on_stack(void *addr, int onstack) +@@ -286,7 +286,7 @@ static void debug_object_is_on_stack(void *addr, int onstack) if (limit > 4) return; @@ -80339,10 +79052,10 @@ index d11808c..dc2d6f8 100644 return; diff --git a/lib/devres.c b/lib/devres.c -index 80b9c76..9e32279 100644 +index 8235331..5881053 100644 --- a/lib/devres.c +++ b/lib/devres.c -@@ -80,7 +80,7 @@ EXPORT_SYMBOL(devm_ioremap_nocache); +@@ -81,7 +81,7 @@ EXPORT_SYMBOL(devm_ioremap_nocache); void devm_iounmap(struct device *dev, void __iomem *addr) { WARN_ON(devres_destroy(dev, devm_ioremap_release, devm_ioremap_match, @@ -80351,7 +79064,7 @@ index 80b9c76..9e32279 100644 iounmap(addr); } EXPORT_SYMBOL(devm_iounmap); -@@ -192,7 +192,7 @@ void devm_ioport_unmap(struct device *dev, void __iomem *addr) +@@ -224,7 +224,7 @@ void devm_ioport_unmap(struct device *dev, void __iomem *addr) { ioport_unmap(addr); WARN_ON(devres_destroy(dev, devm_ioport_map_release, @@ -80359,7 +79072,7 @@ index 80b9c76..9e32279 100644 + devm_ioport_map_match, (void __force *)addr)); } EXPORT_SYMBOL(devm_ioport_unmap); - + #endif /* CONFIG_HAS_IOPORT */ diff --git a/lib/div64.c b/lib/div64.c index a163b6c..9618fa5 100644 --- a/lib/div64.c @@ -80383,7 +79096,7 @@ index a163b6c..9618fa5 100644 u32 high = divisor >> 32; u64 quot; diff --git a/lib/dma-debug.c b/lib/dma-debug.c -index 5e396ac..58d5de1 100644 +index d87a17a..ac0d79a 100644 --- a/lib/dma-debug.c +++ b/lib/dma-debug.c @@ -768,7 +768,7 @@ static int dma_debug_device_change(struct notifier_block *nb, unsigned long acti @@ -80395,7 +79108,7 @@ index 5e396ac..58d5de1 100644 if (global_disable) return; -@@ -942,7 +942,7 @@ out: +@@ -945,7 +945,7 @@ static void check_unmap(struct dma_debug_entry *ref) static void check_for_stack(struct device *dev, void *addr) { @@ -80685,10 +79398,10 @@ index a28df52..3d55877 100644 unsigned long c; diff --git a/lib/swiotlb.c b/lib/swiotlb.c -index 196b069..358f342 100644 +index d23762e..e21eab2 100644 --- a/lib/swiotlb.c +++ b/lib/swiotlb.c -@@ -642,7 +642,7 @@ EXPORT_SYMBOL(swiotlb_alloc_coherent); +@@ -664,7 +664,7 @@ EXPORT_SYMBOL(swiotlb_alloc_coherent); void swiotlb_free_coherent(struct device *hwdev, size_t size, void *vaddr, @@ -80698,7 +79411,7 @@ index 196b069..358f342 100644 phys_addr_t paddr = dma_to_phys(hwdev, dev_addr); diff --git a/lib/vsprintf.c b/lib/vsprintf.c -index fab33a9..3b5fe68 100644 +index 0d62fd7..b7bc911 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -16,6 +16,9 @@ @@ -80711,15 +79424,6 @@ index fab33a9..3b5fe68 100644 #include <stdarg.h> #include <linux/module.h> /* for KSYM_SYMBOL_LEN */ #include <linux/types.h> -@@ -541,7 +544,7 @@ char *symbol_string(char *buf, char *end, void *ptr, - char sym[KSYM_SYMBOL_LEN]; - if (ext == 'B') - sprint_backtrace(sym, value); -- else if (ext != 'f' && ext != 's') -+ else if (ext != 'f' && ext != 's' && ext != 'a') - sprint_symbol(sym, value); - else - sprint_symbol_no_offset(sym, value); @@ -974,7 +977,11 @@ char *netdev_feature_string(char *buf, char *end, const u8 *addr, return number(buf, end, *(const netdev_features_t *)addr, spec); } @@ -80741,7 +79445,7 @@ index fab33a9..3b5fe68 100644 * - 'R' For decoded struct resource, e.g., [mem 0x0-0x1f 64bit pref] * - 'r' For raw struct resource, e.g., [mem 0x0-0x1f flags 0x201] * - 'M' For a 6-byte MAC address, it prints the address in the -@@ -1043,12 +1052,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -1044,12 +1053,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, if (!ptr && *fmt != 'K') { /* @@ -80756,7 +79460,7 @@ index fab33a9..3b5fe68 100644 } switch (*fmt) { -@@ -1058,6 +1067,13 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -1059,6 +1068,12 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, /* Fallthrough */ case 'S': case 's': @@ -80766,11 +79470,10 @@ index fab33a9..3b5fe68 100644 + return symbol_string(buf, end, ptr, spec, *fmt); +#endif + case 'A': -+ case 'a': case 'B': return symbol_string(buf, end, ptr, spec, *fmt); case 'R': -@@ -1098,6 +1114,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, +@@ -1099,6 +1114,8 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, va_end(va); return buf; } @@ -80779,9 +79482,9 @@ index fab33a9..3b5fe68 100644 case 'K': /* * %pK cannot be used in IRQ context because its test -@@ -1121,6 +1139,21 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, - } - break; +@@ -1128,6 +1145,21 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, + return number(buf, end, + (unsigned long long) *((phys_addr_t *)ptr), spec); } + +#ifdef CONFIG_GRKERNSEC_HIDESYM @@ -80801,7 +79504,7 @@ index fab33a9..3b5fe68 100644 spec.flags |= SMALL; if (spec.field_width == -1) { spec.field_width = default_width; -@@ -1842,11 +1875,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) +@@ -1849,11 +1881,11 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) typeof(type) value; \ if (sizeof(type) == 8) { \ args = PTR_ALIGN(args, sizeof(u32)); \ @@ -80816,7 +79519,7 @@ index fab33a9..3b5fe68 100644 } \ args += sizeof(type); \ value; \ -@@ -1909,7 +1942,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) +@@ -1916,7 +1948,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) case FORMAT_TYPE_STR: { const char *str_arg = args; args += strlen(str_arg) + 1; @@ -80833,10 +79536,10 @@ index 0000000..7cd6065 @@ -0,0 +1 @@ +-grsec diff --git a/mm/Kconfig b/mm/Kconfig -index 278e3ab..87c384d 100644 +index 3bea74f..e821c99 100644 --- a/mm/Kconfig +++ b/mm/Kconfig -@@ -286,10 +286,10 @@ config KSM +@@ -311,10 +311,10 @@ config KSM root has set /sys/kernel/mm/ksm/run to 1 (if CONFIG_SYSFS is set). config DEFAULT_MMAP_MIN_ADDR @@ -80850,7 +79553,7 @@ index 278e3ab..87c384d 100644 This is the portion of low virtual memory which should be protected from userspace allocation. Keeping a user from writing to low pages can help reduce the impact of kernel NULL pointer bugs. -@@ -320,7 +320,7 @@ config MEMORY_FAILURE +@@ -345,7 +345,7 @@ config MEMORY_FAILURE config HWPOISON_INJECT tristate "HWPoison pages injector" @@ -80860,10 +79563,10 @@ index 278e3ab..87c384d 100644 config NOMMU_INITIAL_TRIM_EXCESS diff --git a/mm/filemap.c b/mm/filemap.c -index 83efee7..3f99381 100644 +index e1979fd..dda5120 100644 --- a/mm/filemap.c +++ b/mm/filemap.c -@@ -1747,7 +1747,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) +@@ -1748,7 +1748,7 @@ int generic_file_mmap(struct file * file, struct vm_area_struct * vma) struct address_space *mapping = file->f_mapping; if (!mapping->a_ops->readpage) @@ -80872,7 +79575,7 @@ index 83efee7..3f99381 100644 file_accessed(file); vma->vm_ops = &generic_file_vm_ops; return 0; -@@ -2087,6 +2087,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i +@@ -2088,6 +2088,7 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i *pos = i_size_read(inode); if (limit != RLIM_INFINITY) { @@ -80881,10 +79584,10 @@ index 83efee7..3f99381 100644 send_sig(SIGXFSZ, current, 0); return -EFBIG; diff --git a/mm/fremap.c b/mm/fremap.c -index a0aaf0e..20325c3 100644 +index 87da359..3f41cb1 100644 --- a/mm/fremap.c +++ b/mm/fremap.c -@@ -157,6 +157,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, +@@ -158,6 +158,11 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, retry: vma = find_vma(mm, start); @@ -80925,10 +79628,10 @@ index b32b70c..e512eb0 100644 set_page_address(page, (void *)vaddr); diff --git a/mm/hugetlb.c b/mm/hugetlb.c -index 88eb939..0bd9e7d 100644 +index 1a12f5b..a85b8fc 100644 --- a/mm/hugetlb.c +++ b/mm/hugetlb.c -@@ -2008,15 +2008,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, +@@ -2005,15 +2005,17 @@ static int hugetlb_sysctl_handler_common(bool obey_mempolicy, struct hstate *h = &default_hstate; unsigned long tmp; int ret; @@ -80949,7 +79652,7 @@ index 88eb939..0bd9e7d 100644 if (ret) goto out; -@@ -2073,15 +2075,17 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, +@@ -2070,15 +2072,17 @@ int hugetlb_overcommit_handler(struct ctl_table *table, int write, struct hstate *h = &default_hstate; unsigned long tmp; int ret; @@ -80970,7 +79673,7 @@ index 88eb939..0bd9e7d 100644 if (ret) goto out; -@@ -2515,6 +2519,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2512,6 +2516,27 @@ static int unmap_ref_private(struct mm_struct *mm, struct vm_area_struct *vma, return 1; } @@ -80998,7 +79701,7 @@ index 88eb939..0bd9e7d 100644 /* * Hugetlb_cow() should be called with page lock of the original hugepage held. * Called with hugetlb_instantiation_mutex held and pte_page locked so we -@@ -2633,6 +2658,11 @@ retry_avoidcopy: +@@ -2630,6 +2655,11 @@ retry_avoidcopy: make_huge_pte(vma, new_page, 1)); page_remove_rmap(old_page); hugepage_add_new_anon_rmap(new_page, vma, address); @@ -81010,7 +79713,7 @@ index 88eb939..0bd9e7d 100644 /* Make the old page be freed below */ new_page = old_page; } -@@ -2792,6 +2822,10 @@ retry: +@@ -2788,6 +2818,10 @@ retry: && (vma->vm_flags & VM_SHARED))); set_huge_pte_at(mm, address, ptep, new_pte); @@ -81021,7 +79724,7 @@ index 88eb939..0bd9e7d 100644 if ((flags & FAULT_FLAG_WRITE) && !(vma->vm_flags & VM_SHARED)) { /* Optimization, do the COW without a second fault */ ret = hugetlb_cow(mm, vma, address, ptep, new_pte, page); -@@ -2821,6 +2855,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2817,6 +2851,10 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, static DEFINE_MUTEX(hugetlb_instantiation_mutex); struct hstate *h = hstate_vma(vma); @@ -81032,7 +79735,7 @@ index 88eb939..0bd9e7d 100644 address &= huge_page_mask(h); ptep = huge_pte_offset(mm, address); -@@ -2834,6 +2872,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2830,6 +2868,26 @@ int hugetlb_fault(struct mm_struct *mm, struct vm_area_struct *vma, VM_FAULT_SET_HINDEX(hstate_index(h)); } @@ -81060,7 +79763,7 @@ index 88eb939..0bd9e7d 100644 if (!ptep) return VM_FAULT_OOM; diff --git a/mm/internal.h b/mm/internal.h -index 9ba2110..eaf0674 100644 +index 8562de0..7fdfe92 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -100,6 +100,7 @@ extern pmd_t *mm_find_pmd(struct mm_struct *mm, unsigned long address); @@ -81072,7 +79775,7 @@ index 9ba2110..eaf0674 100644 #ifdef CONFIG_MEMORY_FAILURE extern bool is_free_buddy_page(struct page *page); diff --git a/mm/kmemleak.c b/mm/kmemleak.c -index 752a705..6c3102e 100644 +index c8d7f31..2dbeffd 100644 --- a/mm/kmemleak.c +++ b/mm/kmemleak.c @@ -363,7 +363,7 @@ static void print_unreferenced(struct seq_file *seq, @@ -81084,7 +79787,7 @@ index 752a705..6c3102e 100644 } } -@@ -1853,7 +1853,7 @@ static int __init kmemleak_late_init(void) +@@ -1851,7 +1851,7 @@ static int __init kmemleak_late_init(void) return -ENOMEM; } @@ -81116,10 +79819,10 @@ index d53adf9..03a24bf 100644 set_fs(old_fs); diff --git a/mm/madvise.c b/mm/madvise.c -index 03dfa5c..b032917 100644 +index c58c94b..86ec14e 100644 --- a/mm/madvise.c +++ b/mm/madvise.c -@@ -48,6 +48,10 @@ static long madvise_behavior(struct vm_area_struct * vma, +@@ -51,6 +51,10 @@ static long madvise_behavior(struct vm_area_struct * vma, pgoff_t pgoff; unsigned long new_flags = vma->vm_flags; @@ -81130,7 +79833,7 @@ index 03dfa5c..b032917 100644 switch (behavior) { case MADV_NORMAL: new_flags = new_flags & ~VM_RAND_READ & ~VM_SEQ_READ; -@@ -123,6 +127,13 @@ success: +@@ -126,6 +130,13 @@ success: /* * vm_flags is protected by the mmap_sem held in write mode. */ @@ -81144,7 +79847,7 @@ index 03dfa5c..b032917 100644 vma->vm_flags = new_flags; out: -@@ -181,6 +192,11 @@ static long madvise_dontneed(struct vm_area_struct * vma, +@@ -274,6 +285,11 @@ static long madvise_dontneed(struct vm_area_struct * vma, struct vm_area_struct ** prev, unsigned long start, unsigned long end) { @@ -81156,7 +79859,7 @@ index 03dfa5c..b032917 100644 *prev = vma; if (vma->vm_flags & (VM_LOCKED|VM_HUGETLB|VM_PFNMAP)) return -EINVAL; -@@ -193,6 +209,21 @@ static long madvise_dontneed(struct vm_area_struct * vma, +@@ -286,6 +302,21 @@ static long madvise_dontneed(struct vm_area_struct * vma, zap_page_range(vma, start, end - start, &details); } else zap_page_range(vma, start, end - start, NULL); @@ -81178,7 +79881,7 @@ index 03dfa5c..b032917 100644 return 0; } -@@ -397,6 +428,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior) +@@ -491,6 +522,16 @@ SYSCALL_DEFINE3(madvise, unsigned long, start, size_t, len_in, int, behavior) if (end < start) goto out; @@ -81196,15 +79899,15 @@ index 03dfa5c..b032917 100644 if (end == start) goto out; diff --git a/mm/memory-failure.c b/mm/memory-failure.c -index c6e4dd3..1f41988 100644 +index df0694c..bc95539 100644 --- a/mm/memory-failure.c +++ b/mm/memory-failure.c @@ -61,7 +61,7 @@ int sysctl_memory_failure_early_kill __read_mostly = 0; int sysctl_memory_failure_recovery __read_mostly = 1; --atomic_long_t mce_bad_pages __read_mostly = ATOMIC_LONG_INIT(0); -+atomic_long_unchecked_t mce_bad_pages __read_mostly = ATOMIC_LONG_INIT(0); +-atomic_long_t num_poisoned_pages __read_mostly = ATOMIC_LONG_INIT(0); ++atomic_long_unchecked_t num_poisoned_pages __read_mostly = ATOMIC_LONG_INIT(0); #if defined(CONFIG_HWPOISON_INJECT) || defined(CONFIG_HWPOISON_INJECT_MODULE) @@ -81226,74 +79929,97 @@ index c6e4dd3..1f41988 100644 { reserved, reserved, "reserved kernel", me_kernel }, /* * free pages are specially detected outside this table: -@@ -1040,7 +1040,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) - } - - nr_pages = 1 << compound_trans_order(hpage); -- atomic_long_add(nr_pages, &mce_bad_pages); -+ atomic_long_add_unchecked(nr_pages, &mce_bad_pages); +@@ -1051,7 +1051,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) + nr_pages = 1 << compound_order(hpage); + else /* normal page or thp */ + nr_pages = 1; +- atomic_long_add(nr_pages, &num_poisoned_pages); ++ atomic_long_add_unchecked(nr_pages, &num_poisoned_pages); /* * We need/can do nothing about count=0 pages. -@@ -1070,7 +1070,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1081,7 +1081,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) if (!PageHWPoison(hpage) || (hwpoison_filter(p) && TestClearPageHWPoison(p)) || (p != hpage && TestSetPageHWPoison(hpage))) { -- atomic_long_sub(nr_pages, &mce_bad_pages); -+ atomic_long_sub_unchecked(nr_pages, &mce_bad_pages); +- atomic_long_sub(nr_pages, &num_poisoned_pages); ++ atomic_long_sub_unchecked(nr_pages, &num_poisoned_pages); return 0; } set_page_hwpoison_huge_page(hpage); -@@ -1128,7 +1128,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) +@@ -1148,7 +1148,7 @@ int memory_failure(unsigned long pfn, int trapno, int flags) } if (hwpoison_filter(p)) { if (TestClearPageHWPoison(p)) -- atomic_long_sub(nr_pages, &mce_bad_pages); -+ atomic_long_sub_unchecked(nr_pages, &mce_bad_pages); +- atomic_long_sub(nr_pages, &num_poisoned_pages); ++ atomic_long_sub_unchecked(nr_pages, &num_poisoned_pages); unlock_page(hpage); put_page(hpage); return 0; -@@ -1323,7 +1323,7 @@ int unpoison_memory(unsigned long pfn) +@@ -1350,7 +1350,7 @@ int unpoison_memory(unsigned long pfn) return 0; } if (TestClearPageHWPoison(p)) -- atomic_long_sub(nr_pages, &mce_bad_pages); -+ atomic_long_sub_unchecked(nr_pages, &mce_bad_pages); +- atomic_long_sub(nr_pages, &num_poisoned_pages); ++ atomic_long_sub_unchecked(nr_pages, &num_poisoned_pages); pr_info("MCE: Software-unpoisoned free page %#lx\n", pfn); return 0; } -@@ -1337,7 +1337,7 @@ int unpoison_memory(unsigned long pfn) +@@ -1364,7 +1364,7 @@ int unpoison_memory(unsigned long pfn) */ if (TestClearPageHWPoison(page)) { pr_info("MCE: Software-unpoisoned page %#lx\n", pfn); -- atomic_long_sub(nr_pages, &mce_bad_pages); -+ atomic_long_sub_unchecked(nr_pages, &mce_bad_pages); +- atomic_long_sub(nr_pages, &num_poisoned_pages); ++ atomic_long_sub_unchecked(nr_pages, &num_poisoned_pages); freeit = 1; if (PageHuge(page)) clear_page_hwpoison_huge_page(page); -@@ -1442,7 +1442,7 @@ static int soft_offline_huge_page(struct page *page, int flags) - } - done: - if (!PageHWPoison(hpage)) +@@ -1491,7 +1491,7 @@ static int soft_offline_huge_page(struct page *page, int flags) + } else { + set_page_hwpoison_huge_page(hpage); + dequeue_hwpoisoned_huge_page(hpage); - atomic_long_add(1 << compound_trans_order(hpage), + atomic_long_add_unchecked(1 << compound_trans_order(hpage), - &mce_bad_pages); - set_page_hwpoison_huge_page(hpage); - dequeue_hwpoisoned_huge_page(hpage); -@@ -1583,7 +1583,7 @@ int soft_offline_page(struct page *page, int flags) - return ret; - - done: -- atomic_long_add(1, &mce_bad_pages); -+ atomic_long_add_unchecked(1, &mce_bad_pages); - SetPageHWPoison(page); + &num_poisoned_pages); + } /* keep elevated page count for bad page */ - return ret; +@@ -1552,11 +1552,11 @@ int soft_offline_page(struct page *page, int flags) + if (PageHuge(page)) { + set_page_hwpoison_huge_page(hpage); + dequeue_hwpoisoned_huge_page(hpage); +- atomic_long_add(1 << compound_trans_order(hpage), ++ atomic_long_add_unchecked(1 << compound_trans_order(hpage), + &num_poisoned_pages); + } else { + SetPageHWPoison(page); +- atomic_long_inc(&num_poisoned_pages); ++ atomic_long_inc_unchecked(&num_poisoned_pages); + } + } + /* keep elevated page count for bad page */ +@@ -1596,7 +1596,7 @@ static int __soft_offline_page(struct page *page, int flags) + put_page(page); + pr_info("soft_offline: %#lx: invalidated\n", pfn); + SetPageHWPoison(page); +- atomic_long_inc(&num_poisoned_pages); ++ atomic_long_inc_unchecked(&num_poisoned_pages); + return 0; + } + +@@ -1626,7 +1626,7 @@ static int __soft_offline_page(struct page *page, int flags) + ret = -EIO; + } else { + SetPageHWPoison(page); +- atomic_long_inc(&num_poisoned_pages); ++ atomic_long_inc_unchecked(&num_poisoned_pages); + } + } else { + pr_info("soft offline: %#lx: isolation failed: %d, page count %d, type %lx\n", diff --git a/mm/memory.c b/mm/memory.c -index 32a495a..8042dce 100644 +index ba94dec..08ffe0d 100644 --- a/mm/memory.c +++ b/mm/memory.c -@@ -434,6 +434,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, +@@ -438,6 +438,7 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, free_pte_range(tlb, pmd, addr); } while (pmd++, addr = next, addr != end); @@ -81301,7 +80027,7 @@ index 32a495a..8042dce 100644 start &= PUD_MASK; if (start < floor) return; -@@ -448,6 +449,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, +@@ -452,6 +453,8 @@ static inline void free_pmd_range(struct mmu_gather *tlb, pud_t *pud, pmd = pmd_offset(pud, start); pud_clear(pud); pmd_free_tlb(tlb, pmd, start); @@ -81310,7 +80036,7 @@ index 32a495a..8042dce 100644 } static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, -@@ -467,6 +470,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, +@@ -471,6 +474,7 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, free_pmd_range(tlb, pud, addr, next, floor, ceiling); } while (pud++, addr = next, addr != end); @@ -81318,7 +80044,7 @@ index 32a495a..8042dce 100644 start &= PGDIR_MASK; if (start < floor) return; -@@ -481,6 +485,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, +@@ -485,6 +489,8 @@ static inline void free_pud_range(struct mmu_gather *tlb, pgd_t *pgd, pud = pud_offset(pgd, start); pgd_clear(pgd); pud_free_tlb(tlb, pud, start); @@ -81327,7 +80053,7 @@ index 32a495a..8042dce 100644 } /* -@@ -1619,12 +1625,6 @@ no_page_table: +@@ -1644,12 +1650,6 @@ no_page_table: return page; } @@ -81340,7 +80066,7 @@ index 32a495a..8042dce 100644 /** * __get_user_pages() - pin user pages in memory * @tsk: task_struct of target task -@@ -1710,10 +1710,10 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1736,10 +1736,10 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, i = 0; @@ -81353,7 +80079,7 @@ index 32a495a..8042dce 100644 if (!vma && in_gate_area(mm, start)) { unsigned long pg = start & PAGE_MASK; pgd_t *pgd; -@@ -1761,7 +1761,7 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1788,7 +1788,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, goto next_page; } @@ -81362,7 +80088,7 @@ index 32a495a..8042dce 100644 (vma->vm_flags & (VM_IO | VM_PFNMAP)) || !(vm_flags & vma->vm_flags)) return i ? : -EFAULT; -@@ -1788,11 +1788,6 @@ int __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, +@@ -1817,11 +1817,6 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm, int ret; unsigned int fault_flags = 0; @@ -81374,16 +80100,16 @@ index 32a495a..8042dce 100644 if (foll_flags & FOLL_WRITE) fault_flags |= FAULT_FLAG_WRITE; if (nonblocking) -@@ -1866,7 +1861,7 @@ next_page: - start += PAGE_SIZE; - nr_pages--; +@@ -1901,7 +1896,7 @@ next_page: + start += page_increm * PAGE_SIZE; + nr_pages -= page_increm; } while (nr_pages && start < vma->vm_end); - } while (nr_pages); + } return i; } EXPORT_SYMBOL(__get_user_pages); -@@ -2073,6 +2068,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, +@@ -2108,6 +2103,10 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, page_add_file_rmap(page); set_pte_at(mm, addr, pte, mk_pte(page, prot)); @@ -81394,7 +80120,7 @@ index 32a495a..8042dce 100644 retval = 0; pte_unmap_unlock(pte, ptl); return retval; -@@ -2117,9 +2116,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, +@@ -2152,9 +2151,21 @@ int vm_insert_page(struct vm_area_struct *vma, unsigned long addr, if (!page_count(page)) return -EINVAL; if (!(vma->vm_flags & VM_MIXEDMAP)) { @@ -81416,7 +80142,7 @@ index 32a495a..8042dce 100644 } return insert_page(vma, addr, page, vma->vm_page_prot); } -@@ -2202,6 +2213,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, +@@ -2237,6 +2248,7 @@ int vm_insert_mixed(struct vm_area_struct *vma, unsigned long addr, unsigned long pfn) { BUG_ON(!(vma->vm_flags & VM_MIXEDMAP)); @@ -81424,7 +80150,7 @@ index 32a495a..8042dce 100644 if (addr < vma->vm_start || addr >= vma->vm_end) return -EFAULT; -@@ -2449,7 +2461,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, +@@ -2484,7 +2496,9 @@ static int apply_to_pmd_range(struct mm_struct *mm, pud_t *pud, BUG_ON(pud_huge(*pud)); @@ -81435,7 +80161,7 @@ index 32a495a..8042dce 100644 if (!pmd) return -ENOMEM; do { -@@ -2469,7 +2483,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, +@@ -2504,7 +2518,9 @@ static int apply_to_pud_range(struct mm_struct *mm, pgd_t *pgd, unsigned long next; int err; @@ -81446,7 +80172,7 @@ index 32a495a..8042dce 100644 if (!pud) return -ENOMEM; do { -@@ -2557,6 +2573,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo +@@ -2592,6 +2608,186 @@ static inline void cow_user_page(struct page *dst, struct page *src, unsigned lo copy_user_highpage(dst, src, va, vma); } @@ -81522,7 +80248,7 @@ index 32a495a..8042dce 100644 + page_add_anon_rmap(page_m, vma_m, address_m); + inc_mm_counter_fast(mm, MM_ANONPAGES); + set_pte_at(mm, address_m, pte_m, entry_m); -+ update_mmu_cache(vma_m, address_m, entry_m); ++ update_mmu_cache(vma_m, address_m, pte_m); +out: + if (ptl != ptl_m) + spin_unlock(ptl_m); @@ -81561,7 +80287,7 @@ index 32a495a..8042dce 100644 + page_add_file_rmap(page_m); + inc_mm_counter_fast(mm, MM_FILEPAGES); + set_pte_at(mm, address_m, pte_m, entry_m); -+ update_mmu_cache(vma_m, address_m, entry_m); ++ update_mmu_cache(vma_m, address_m, pte_m); +out: + if (ptl != ptl_m) + spin_unlock(ptl_m); @@ -81633,7 +80359,7 @@ index 32a495a..8042dce 100644 /* * This routine handles present pages, when users try to write * to a shared page. It is done by copying the page to a new address -@@ -2773,6 +2969,12 @@ gotten: +@@ -2808,6 +3004,12 @@ gotten: */ page_table = pte_offset_map_lock(mm, pmd, address, &ptl); if (likely(pte_same(*page_table, orig_pte))) { @@ -81646,7 +80372,7 @@ index 32a495a..8042dce 100644 if (old_page) { if (!PageAnon(old_page)) { dec_mm_counter_fast(mm, MM_FILEPAGES); -@@ -2824,6 +3026,10 @@ gotten: +@@ -2859,6 +3061,10 @@ gotten: page_remove_rmap(old_page); } @@ -81657,7 +80383,7 @@ index 32a495a..8042dce 100644 /* Free the old page.. */ new_page = old_page; ret |= VM_FAULT_WRITE; -@@ -3099,6 +3305,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3134,6 +3340,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, swap_free(entry); if (vm_swap_full() || (vma->vm_flags & VM_LOCKED) || PageMlocked(page)) try_to_free_swap(page); @@ -81667,9 +80393,9 @@ index 32a495a..8042dce 100644 +#endif + unlock_page(page); - if (swapcache) { + if (page != swapcache) { /* -@@ -3122,6 +3333,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3157,6 +3368,11 @@ static int do_swap_page(struct mm_struct *mm, struct vm_area_struct *vma, /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -81681,7 +80407,7 @@ index 32a495a..8042dce 100644 unlock: pte_unmap_unlock(page_table, ptl); out: -@@ -3141,40 +3357,6 @@ out_release: +@@ -3176,40 +3392,6 @@ out_release: } /* @@ -81722,7 +80448,7 @@ index 32a495a..8042dce 100644 * We enter with non-exclusive mmap_sem (to exclude vma changes, * but allow concurrent faults), and pte mapped but not yet locked. * We return with mmap_sem still held, but pte unmapped and unlocked. -@@ -3183,27 +3365,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3218,27 +3400,23 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long address, pte_t *page_table, pmd_t *pmd, unsigned int flags) { @@ -81755,7 +80481,7 @@ index 32a495a..8042dce 100644 if (unlikely(anon_vma_prepare(vma))) goto oom; page = alloc_zeroed_user_highpage_movable(vma, address); -@@ -3222,6 +3400,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3257,6 +3435,11 @@ static int do_anonymous_page(struct mm_struct *mm, struct vm_area_struct *vma, if (!pte_none(*page_table)) goto release; @@ -81767,7 +80493,7 @@ index 32a495a..8042dce 100644 inc_mm_counter_fast(mm, MM_ANONPAGES); page_add_new_anon_rmap(page, vma, address); setpte: -@@ -3229,6 +3412,12 @@ setpte: +@@ -3264,6 +3447,12 @@ setpte: /* No need to invalidate - it was non-present before */ update_mmu_cache(vma, address, page_table); @@ -81780,7 +80506,7 @@ index 32a495a..8042dce 100644 unlock: pte_unmap_unlock(page_table, ptl); return 0; -@@ -3372,6 +3561,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3407,6 +3596,12 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, */ /* Only go through if we didn't race with anybody else... */ if (likely(pte_same(*page_table, orig_pte))) { @@ -81793,7 +80519,7 @@ index 32a495a..8042dce 100644 flush_icache_page(vma, page); entry = mk_pte(page, vma->vm_page_prot); if (flags & FAULT_FLAG_WRITE) -@@ -3391,6 +3586,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3426,6 +3621,14 @@ static int __do_fault(struct mm_struct *mm, struct vm_area_struct *vma, /* no need to invalidate: a not-present page won't be cached */ update_mmu_cache(vma, address, page_table); @@ -81808,7 +80534,7 @@ index 32a495a..8042dce 100644 } else { if (cow_page) mem_cgroup_uncharge_page(cow_page); -@@ -3712,6 +3915,12 @@ int handle_pte_fault(struct mm_struct *mm, +@@ -3747,6 +3950,12 @@ int handle_pte_fault(struct mm_struct *mm, if (flags & FAULT_FLAG_WRITE) flush_tlb_fix_spurious_fault(vma, address); } @@ -81821,7 +80547,7 @@ index 32a495a..8042dce 100644 unlock: pte_unmap_unlock(pte, ptl); return 0; -@@ -3728,6 +3937,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3763,6 +3972,10 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, pmd_t *pmd; pte_t *pte; @@ -81832,7 +80558,7 @@ index 32a495a..8042dce 100644 __set_current_state(TASK_RUNNING); count_vm_event(PGFAULT); -@@ -3739,6 +3952,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -3774,6 +3987,34 @@ int handle_mm_fault(struct mm_struct *mm, struct vm_area_struct *vma, if (unlikely(is_vm_hugetlb_page(vma))) return hugetlb_fault(mm, vma, address, flags); @@ -81867,7 +80593,7 @@ index 32a495a..8042dce 100644 retry: pgd = pgd_offset(mm, address); pud = pud_alloc(mm, pgd, address); -@@ -3837,6 +4078,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) +@@ -3872,6 +4113,23 @@ int __pud_alloc(struct mm_struct *mm, pgd_t *pgd, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -81891,7 +80617,7 @@ index 32a495a..8042dce 100644 #endif /* __PAGETABLE_PUD_FOLDED */ #ifndef __PAGETABLE_PMD_FOLDED -@@ -3867,11 +4125,35 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) +@@ -3902,6 +4160,30 @@ int __pmd_alloc(struct mm_struct *mm, pud_t *pud, unsigned long address) spin_unlock(&mm->page_table_lock); return 0; } @@ -81921,15 +80647,8 @@ index 32a495a..8042dce 100644 +} #endif /* __PAGETABLE_PMD_FOLDED */ --int make_pages_present(unsigned long addr, unsigned long end) -+ssize_t make_pages_present(unsigned long addr, unsigned long end) - { -- int ret, len, write; -+ ssize_t ret, len, write; - struct vm_area_struct * vma; - - vma = find_vma(current->mm, addr); -@@ -3904,7 +4186,7 @@ static int __init gate_vma_init(void) + #if !defined(__HAVE_ARCH_GATE_AREA) +@@ -3915,7 +4197,7 @@ static int __init gate_vma_init(void) gate_vma.vm_start = FIXADDR_USER_START; gate_vma.vm_end = FIXADDR_USER_END; gate_vma.vm_flags = VM_READ | VM_MAYREAD | VM_EXEC | VM_MAYEXEC; @@ -81938,7 +80657,7 @@ index 32a495a..8042dce 100644 return 0; } -@@ -4038,8 +4320,8 @@ out: +@@ -4049,8 +4331,8 @@ out: return ret; } @@ -81949,7 +80668,7 @@ index 32a495a..8042dce 100644 { resource_size_t phys_addr; unsigned long prot = 0; -@@ -4064,8 +4346,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr, +@@ -4075,8 +4357,8 @@ int generic_access_phys(struct vm_area_struct *vma, unsigned long addr, * Access another process' address space as given in mm. If non-NULL, use the * given task for page fault accounting. */ @@ -81960,7 +80679,7 @@ index 32a495a..8042dce 100644 { struct vm_area_struct *vma; void *old_buf = buf; -@@ -4073,7 +4355,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -4084,7 +4366,7 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, down_read(&mm->mmap_sem); /* ignore errors, just check how much was successfully transferred */ while (len) { @@ -81969,7 +80688,7 @@ index 32a495a..8042dce 100644 void *maddr; struct page *page = NULL; -@@ -4132,8 +4414,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -4143,8 +4425,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, * * The caller must hold a reference on @mm. */ @@ -81980,7 +80699,7 @@ index 32a495a..8042dce 100644 { return __access_remote_vm(NULL, mm, addr, buf, len, write); } -@@ -4143,11 +4425,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, +@@ -4154,11 +4436,11 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, * Source/target buffer must be kernel space, * Do not walk the page table directly, use get_user_pages */ @@ -81996,10 +80715,10 @@ index 32a495a..8042dce 100644 mm = get_task_mm(tsk); if (!mm) diff --git a/mm/mempolicy.c b/mm/mempolicy.c -index 3df6d12..a11056a 100644 +index 7431001..0f8344e 100644 --- a/mm/mempolicy.c +++ b/mm/mempolicy.c -@@ -721,6 +721,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, +@@ -708,6 +708,10 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, unsigned long vmstart; unsigned long vmend; @@ -82010,7 +80729,7 @@ index 3df6d12..a11056a 100644 vma = find_vma(mm, start); if (!vma || vma->vm_start > start) return -EFAULT; -@@ -757,9 +761,20 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, +@@ -744,9 +748,20 @@ static int mbind_range(struct mm_struct *mm, unsigned long start, if (err) goto out; } @@ -82031,7 +80750,7 @@ index 3df6d12..a11056a 100644 } out: -@@ -1216,6 +1231,17 @@ static long do_mbind(unsigned long start, unsigned long len, +@@ -1202,6 +1217,17 @@ static long do_mbind(unsigned long start, unsigned long len, if (end < start) return -EINVAL; @@ -82049,7 +80768,7 @@ index 3df6d12..a11056a 100644 if (end == start) return 0; -@@ -1445,8 +1471,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1430,8 +1456,7 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -82059,7 +80778,7 @@ index 3df6d12..a11056a 100644 rcu_read_unlock(); err = -EPERM; goto out_put; -@@ -1477,6 +1502,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, +@@ -1462,6 +1487,15 @@ SYSCALL_DEFINE4(migrate_pages, pid_t, pid, unsigned long, maxnode, goto out; } @@ -82076,10 +80795,10 @@ index 3df6d12..a11056a 100644 capable(CAP_SYS_NICE) ? MPOL_MF_MOVE_ALL : MPOL_MF_MOVE); diff --git a/mm/migrate.c b/mm/migrate.c -index 2fd8b4a..d70358f 100644 +index 3bbaf5d..299b0e9 100644 --- a/mm/migrate.c +++ b/mm/migrate.c -@@ -1401,8 +1401,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, +@@ -1382,8 +1382,7 @@ SYSCALL_DEFINE6(move_pages, pid_t, pid, unsigned long, nr_pages, */ tcred = __task_cred(task); if (!uid_eq(cred->euid, tcred->suid) && !uid_eq(cred->euid, tcred->uid) && @@ -82090,7 +80809,7 @@ index 2fd8b4a..d70358f 100644 err = -EPERM; goto out; diff --git a/mm/mlock.c b/mm/mlock.c -index c9bd528..da8d069 100644 +index 79b7cf7..c60424f 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -13,6 +13,7 @@ @@ -82101,7 +80820,7 @@ index c9bd528..da8d069 100644 #include <linux/sched.h> #include <linux/export.h> #include <linux/rmap.h> -@@ -369,7 +370,7 @@ static int do_mlock(unsigned long start, size_t len, int on) +@@ -334,7 +335,7 @@ static int do_mlock(unsigned long start, size_t len, int on) { unsigned long nstart, end, tmp; struct vm_area_struct * vma, * prev; @@ -82110,7 +80829,7 @@ index c9bd528..da8d069 100644 VM_BUG_ON(start & ~PAGE_MASK); VM_BUG_ON(len != PAGE_ALIGN(len)); -@@ -378,6 +379,9 @@ static int do_mlock(unsigned long start, size_t len, int on) +@@ -343,6 +344,9 @@ static int do_mlock(unsigned long start, size_t len, int on) return -EINVAL; if (end == start) return 0; @@ -82120,7 +80839,7 @@ index c9bd528..da8d069 100644 vma = find_vma(current->mm, start); if (!vma || vma->vm_start > start) return -ENOMEM; -@@ -389,6 +393,11 @@ static int do_mlock(unsigned long start, size_t len, int on) +@@ -354,6 +358,11 @@ static int do_mlock(unsigned long start, size_t len, int on) for (nstart = start ; ; ) { vm_flags_t newflags; @@ -82131,8 +80850,8 @@ index c9bd528..da8d069 100644 + /* Here we know that vma->vm_start <= nstart < vma->vm_end. */ - newflags = vma->vm_flags | VM_LOCKED; -@@ -494,6 +503,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len) + newflags = vma->vm_flags & ~VM_LOCKED; +@@ -466,6 +475,7 @@ SYSCALL_DEFINE2(mlock, unsigned long, start, size_t, len) lock_limit >>= PAGE_SHIFT; /* check against resource limits */ @@ -82140,7 +80859,7 @@ index c9bd528..da8d069 100644 if ((locked <= lock_limit) || capable(CAP_IPC_LOCK)) error = do_mlock(start, len, 1); up_write(¤t->mm->mmap_sem); -@@ -528,6 +538,12 @@ static int do_mlockall(int flags) +@@ -500,6 +510,12 @@ static int do_mlockall(int flags) for (vma = current->mm->mmap; vma ; vma = prev->vm_next) { vm_flags_t newflags; @@ -82150,10 +80869,10 @@ index c9bd528..da8d069 100644 +#endif + + BUG_ON(vma->vm_end > TASK_SIZE); - newflags = vma->vm_flags | VM_LOCKED; - if (!(flags & MCL_CURRENT)) - newflags &= ~VM_LOCKED; -@@ -560,6 +576,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) + newflags = vma->vm_flags & ~VM_LOCKED; + if (flags & MCL_CURRENT) + newflags |= VM_LOCKED; +@@ -532,6 +548,7 @@ SYSCALL_DEFINE1(mlockall, int, flags) lock_limit >>= PAGE_SHIFT; ret = -ENOMEM; @@ -82162,18 +80881,18 @@ index c9bd528..da8d069 100644 capable(CAP_IPC_LOCK)) ret = do_mlockall(flags); diff --git a/mm/mmap.c b/mm/mmap.c -index 32f3372..254d5f3 100644 +index e17fc06..72fc5fd 100644 --- a/mm/mmap.c +++ b/mm/mmap.c -@@ -32,6 +32,7 @@ - #include <linux/khugepaged.h> +@@ -33,6 +33,7 @@ #include <linux/uprobes.h> #include <linux/rbtree_augmented.h> + #include <linux/sched/sysctl.h> +#include <linux/random.h> #include <asm/uaccess.h> #include <asm/cacheflush.h> -@@ -48,6 +49,16 @@ +@@ -49,6 +50,16 @@ #define arch_rebalance_pgtables(addr, len) (addr) #endif @@ -82190,7 +80909,7 @@ index 32f3372..254d5f3 100644 static void unmap_region(struct mm_struct *mm, struct vm_area_struct *vma, struct vm_area_struct *prev, unsigned long start, unsigned long end); -@@ -67,22 +78,32 @@ static void unmap_region(struct mm_struct *mm, +@@ -68,22 +79,32 @@ static void unmap_region(struct mm_struct *mm, * x: (no) no x: (no) yes x: (no) yes x: (yes) yes * */ @@ -82226,7 +80945,7 @@ index 32f3372..254d5f3 100644 /* * Make sure vm_committed_as in one cacheline and not cacheline shared with * other variables. It can be updated by several CPUs frequently. -@@ -238,6 +259,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) +@@ -239,6 +260,7 @@ static struct vm_area_struct *remove_vma(struct vm_area_struct *vma) struct vm_area_struct *next = vma->vm_next; might_sleep(); @@ -82234,7 +80953,7 @@ index 32f3372..254d5f3 100644 if (vma->vm_ops && vma->vm_ops->close) vma->vm_ops->close(vma); if (vma->vm_file) -@@ -281,6 +303,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) +@@ -283,6 +305,7 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) * not page aligned -Ram Gupta */ rlim = rlimit(RLIMIT_DATA); @@ -82242,7 +80961,7 @@ index 32f3372..254d5f3 100644 if (rlim < RLIM_INFINITY && (brk - mm->start_brk) + (mm->end_data - mm->start_data) > rlim) goto out; -@@ -888,6 +911,12 @@ static int +@@ -897,6 +920,12 @@ static int can_vma_merge_before(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -82255,7 +80974,7 @@ index 32f3372..254d5f3 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { if (vma->vm_pgoff == vm_pgoff) -@@ -907,6 +936,12 @@ static int +@@ -916,6 +945,12 @@ static int can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct anon_vma *anon_vma, struct file *file, pgoff_t vm_pgoff) { @@ -82268,7 +80987,7 @@ index 32f3372..254d5f3 100644 if (is_mergeable_vma(vma, file, vm_flags) && is_mergeable_anon_vma(anon_vma, vma->anon_vma, vma)) { pgoff_t vm_pglen; -@@ -949,13 +984,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, +@@ -958,13 +993,20 @@ can_vma_merge_after(struct vm_area_struct *vma, unsigned long vm_flags, struct vm_area_struct *vma_merge(struct mm_struct *mm, struct vm_area_struct *prev, unsigned long addr, unsigned long end, unsigned long vm_flags, @@ -82290,7 +81009,7 @@ index 32f3372..254d5f3 100644 /* * We later require that vma->vm_flags == vm_flags, * so this tests vma->vm_flags & VM_SPECIAL, too. -@@ -971,6 +1013,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -980,6 +1022,15 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, if (next && next->vm_end == end) /* cases 6, 7, 8 */ next = next->vm_next; @@ -82306,7 +81025,7 @@ index 32f3372..254d5f3 100644 /* * Can it merge with the predecessor? */ -@@ -990,9 +1041,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -999,9 +1050,24 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, /* cases 1, 6 */ err = vma_adjust(prev, prev->vm_start, next->vm_end, prev->vm_pgoff, NULL); @@ -82332,7 +81051,7 @@ index 32f3372..254d5f3 100644 if (err) return NULL; khugepaged_enter_vma_merge(prev); -@@ -1006,12 +1072,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, +@@ -1015,12 +1081,27 @@ struct vm_area_struct *vma_merge(struct mm_struct *mm, mpol_equal(policy, vma_policy(next)) && can_vma_merge_before(next, vm_flags, anon_vma, file, pgoff+pglen)) { @@ -82362,7 +81081,7 @@ index 32f3372..254d5f3 100644 if (err) return NULL; khugepaged_enter_vma_merge(area); -@@ -1120,8 +1201,10 @@ none: +@@ -1129,8 +1210,10 @@ none: void vm_stat_account(struct mm_struct *mm, unsigned long flags, struct file *file, long pages) { @@ -82375,7 +81094,7 @@ index 32f3372..254d5f3 100644 mm->total_vm += pages; -@@ -1129,7 +1212,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags, +@@ -1138,7 +1221,7 @@ void vm_stat_account(struct mm_struct *mm, unsigned long flags, mm->shared_vm += pages; if ((flags & (VM_EXEC|VM_WRITE)) == VM_EXEC) mm->exec_vm += pages; @@ -82384,7 +81103,7 @@ index 32f3372..254d5f3 100644 mm->stack_vm += pages; } #endif /* CONFIG_PROC_FS */ -@@ -1165,7 +1248,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1177,7 +1260,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, * (the exception is when the underlying filesystem is noexec * mounted, in which case we dont add PROT_EXEC.) */ @@ -82393,7 +81112,7 @@ index 32f3372..254d5f3 100644 if (!(file && (file->f_path.mnt->mnt_flags & MNT_NOEXEC))) prot |= PROT_EXEC; -@@ -1191,7 +1274,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1203,7 +1286,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, /* Obtain the address to map to. we verify (or select) it and ensure * that it represents a valid section of the address space. */ @@ -82402,7 +81121,7 @@ index 32f3372..254d5f3 100644 if (addr & ~PAGE_MASK) return addr; -@@ -1202,6 +1285,36 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1214,6 +1297,36 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, vm_flags = calc_vm_prot_bits(prot) | calc_vm_flag_bits(flags) | mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; @@ -82439,7 +81158,7 @@ index 32f3372..254d5f3 100644 if (flags & MAP_LOCKED) if (!can_do_mlock()) return -EPERM; -@@ -1213,6 +1326,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, +@@ -1225,6 +1338,7 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; @@ -82447,17 +81166,17 @@ index 32f3372..254d5f3 100644 if (locked > lock_limit && !capable(CAP_IPC_LOCK)) return -EAGAIN; } -@@ -1279,6 +1393,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, - } +@@ -1305,6 +1419,9 @@ unsigned long do_mmap_pgoff(struct file *file, unsigned long addr, + vm_flags |= VM_NORESERVE; } + if (!gr_acl_handle_mmap(file, prot)) + return -EACCES; -+ - return mmap_region(file, addr, len, flags, vm_flags, pgoff); - } - -@@ -1356,7 +1473,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) ++ + addr = mmap_region(file, addr, len, vm_flags, pgoff); + if (!IS_ERR_VALUE(addr) && + ((vm_flags & VM_LOCKED) || +@@ -1392,7 +1509,7 @@ int vma_wants_writenotify(struct vm_area_struct *vma) vm_flags_t vm_flags = vma->vm_flags; /* If it was private or non-writable, the write bit is already clear */ @@ -82466,9 +81185,9 @@ index 32f3372..254d5f3 100644 return 0; /* The backer wishes to know when pages are first written to? */ -@@ -1405,16 +1522,30 @@ unsigned long mmap_region(struct file *file, unsigned long addr, +@@ -1440,16 +1557,30 @@ unsigned long mmap_region(struct file *file, unsigned long addr, unsigned long charged = 0; - struct inode *inode = file ? file->f_path.dentry->d_inode : NULL; + struct inode *inode = file ? file_inode(file) : NULL; +#ifdef CONFIG_PAX_SEGMEXEC + struct vm_area_struct *vma_m = NULL; @@ -82499,7 +81218,7 @@ index 32f3372..254d5f3 100644 if (!may_expand_vm(mm, len >> PAGE_SHIFT)) return -ENOMEM; -@@ -1460,6 +1591,16 @@ munmap_back: +@@ -1481,6 +1612,16 @@ munmap_back: goto unacct_error; } @@ -82516,7 +81235,7 @@ index 32f3372..254d5f3 100644 vma->vm_mm = mm; vma->vm_start = addr; vma->vm_end = addr + len; -@@ -1484,6 +1625,13 @@ munmap_back: +@@ -1505,6 +1646,13 @@ munmap_back: if (error) goto unmap_and_free_vma; @@ -82530,7 +81249,7 @@ index 32f3372..254d5f3 100644 /* Can addr have changed?? * * Answer: Yes, several device drivers can do it in their -@@ -1522,6 +1670,11 @@ munmap_back: +@@ -1543,6 +1691,11 @@ munmap_back: vma_link(mm, vma, prev, rb_link, rb_parent); file = vma->vm_file; @@ -82542,15 +81261,15 @@ index 32f3372..254d5f3 100644 /* Once vma denies write, undo our temporary denial count */ if (correct_wcount) atomic_inc(&inode->i_writecount); -@@ -1529,6 +1682,7 @@ out: +@@ -1550,6 +1703,7 @@ out: perf_event_mmap(vma); vm_stat_account(mm, vm_flags, file, len >> PAGE_SHIFT); + track_exec_limit(mm, addr, addr + len, vm_flags); if (vm_flags & VM_LOCKED) { - if (!mlock_vma_pages_range(vma, addr, addr + len)) - mm->locked_vm += (len >> PAGE_SHIFT); -@@ -1550,6 +1704,12 @@ unmap_and_free_vma: + if (!((vm_flags & VM_SPECIAL) || is_vm_hugetlb_page(vma) || + vma == get_gate_vma(current->mm))) +@@ -1573,6 +1727,12 @@ unmap_and_free_vma: unmap_region(mm, vma, prev, vma->vm_start, vma->vm_end); charged = 0; free_vma: @@ -82563,7 +81282,7 @@ index 32f3372..254d5f3 100644 kmem_cache_free(vm_area_cachep, vma); unacct_error: if (charged) -@@ -1557,6 +1717,62 @@ unacct_error: +@@ -1580,6 +1740,62 @@ unacct_error: return error; } @@ -82626,7 +81345,7 @@ index 32f3372..254d5f3 100644 unsigned long unmapped_area(struct vm_unmapped_area_info *info) { /* -@@ -1776,6 +1992,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1799,6 +2015,7 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, struct mm_struct *mm = current->mm; struct vm_area_struct *vma; struct vm_unmapped_area_info info; @@ -82634,7 +81353,7 @@ index 32f3372..254d5f3 100644 if (len > TASK_SIZE) return -ENOMEM; -@@ -1783,17 +2000,26 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, +@@ -1806,29 +2023,45 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, if (flags & MAP_FIXED) return addr; @@ -82662,8 +81381,10 @@ index 32f3372..254d5f3 100644 + info.high_limit = TASK_SIZE; info.align_mask = 0; ++ info.threadstack_offset = offset; return vm_unmapped_area(&info); -@@ -1802,10 +2028,16 @@ arch_get_unmapped_area(struct file *filp, unsigned long addr, + } + #endif void arch_unmap_area(struct mm_struct *mm, unsigned long addr) { @@ -82681,7 +81402,7 @@ index 32f3372..254d5f3 100644 mm->free_area_cache = addr; } -@@ -1823,6 +2055,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1846,6 +2079,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, struct mm_struct *mm = current->mm; unsigned long addr = addr0; struct vm_unmapped_area_info info; @@ -82689,7 +81410,7 @@ index 32f3372..254d5f3 100644 /* requested length too big for entire address space */ if (len > TASK_SIZE) -@@ -1831,12 +2064,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1854,12 +2088,15 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, if (flags & MAP_FIXED) return addr; @@ -82707,7 +81428,15 @@ index 32f3372..254d5f3 100644 return addr; } -@@ -1857,6 +2093,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1868,6 +2105,7 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, + info.low_limit = PAGE_SIZE; + info.high_limit = mm->mmap_base; + info.align_mask = 0; ++ info.threadstack_offset = offset; + addr = vm_unmapped_area(&info); + + /* +@@ -1880,6 +2118,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, VM_BUG_ON(addr != -ENOMEM); info.flags = 0; info.low_limit = TASK_UNMAPPED_BASE; @@ -82720,7 +81449,7 @@ index 32f3372..254d5f3 100644 info.high_limit = TASK_SIZE; addr = vm_unmapped_area(&info); } -@@ -1867,6 +2109,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, +@@ -1890,6 +2134,12 @@ arch_get_unmapped_area_topdown(struct file *filp, const unsigned long addr0, void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) { @@ -82733,7 +81462,7 @@ index 32f3372..254d5f3 100644 /* * Is this a new hole at the highest possible address? */ -@@ -1874,8 +2122,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) +@@ -1897,8 +2147,10 @@ void arch_unmap_area_topdown(struct mm_struct *mm, unsigned long addr) mm->free_area_cache = addr; /* dont allow allocations above current base */ @@ -82745,7 +81474,7 @@ index 32f3372..254d5f3 100644 } unsigned long -@@ -1974,6 +2224,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, +@@ -1997,6 +2249,28 @@ find_vma_prev(struct mm_struct *mm, unsigned long addr, return vma; } @@ -82774,7 +81503,7 @@ index 32f3372..254d5f3 100644 /* * Verify that the stack growth is acceptable and * update accounting. This is shared with both the -@@ -1990,6 +2262,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2013,6 +2287,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns return -ENOMEM; /* Stack limit test */ @@ -82782,7 +81511,7 @@ index 32f3372..254d5f3 100644 if (size > ACCESS_ONCE(rlim[RLIMIT_STACK].rlim_cur)) return -ENOMEM; -@@ -2000,6 +2273,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2023,6 +2298,7 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns locked = mm->locked_vm + grow; limit = ACCESS_ONCE(rlim[RLIMIT_MEMLOCK].rlim_cur); limit >>= PAGE_SHIFT; @@ -82790,7 +81519,7 @@ index 32f3372..254d5f3 100644 if (locked > limit && !capable(CAP_IPC_LOCK)) return -ENOMEM; } -@@ -2029,37 +2303,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns +@@ -2052,37 +2328,48 @@ static int acct_stack_growth(struct vm_area_struct *vma, unsigned long size, uns * PA-RISC uses this for its stack; IA64 for its Register Backing Store. * vma is the last one with address > vma->vm_end. Have to extend vma. */ @@ -82848,7 +81577,7 @@ index 32f3372..254d5f3 100644 unsigned long size, grow; size = address - vma->vm_start; -@@ -2094,6 +2379,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) +@@ -2117,6 +2404,8 @@ int expand_upwards(struct vm_area_struct *vma, unsigned long address) } } } @@ -82857,7 +81586,7 @@ index 32f3372..254d5f3 100644 vma_unlock_anon_vma(vma); khugepaged_enter_vma_merge(vma); validate_mm(vma->vm_mm); -@@ -2108,6 +2395,8 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2131,6 +2420,8 @@ int expand_downwards(struct vm_area_struct *vma, unsigned long address) { int error; @@ -82866,7 +81595,7 @@ index 32f3372..254d5f3 100644 /* * We must make sure the anon_vma is allocated -@@ -2121,6 +2410,15 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2144,6 +2435,15 @@ int expand_downwards(struct vm_area_struct *vma, if (error) return error; @@ -82882,7 +81611,7 @@ index 32f3372..254d5f3 100644 vma_lock_anon_vma(vma); /* -@@ -2130,9 +2428,17 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2153,9 +2453,17 @@ int expand_downwards(struct vm_area_struct *vma, */ /* Somebody else might have raced and expanded it already */ @@ -82901,7 +81630,7 @@ index 32f3372..254d5f3 100644 size = vma->vm_end - address; grow = (vma->vm_start - address) >> PAGE_SHIFT; -@@ -2157,6 +2463,18 @@ int expand_downwards(struct vm_area_struct *vma, +@@ -2180,6 +2488,18 @@ int expand_downwards(struct vm_area_struct *vma, vma->vm_pgoff -= grow; anon_vma_interval_tree_post_update_vma(vma); vma_gap_update(vma); @@ -82920,7 +81649,7 @@ index 32f3372..254d5f3 100644 spin_unlock(&vma->vm_mm->page_table_lock); perf_event_mmap(vma); -@@ -2263,6 +2581,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2284,6 +2604,13 @@ static void remove_vma_list(struct mm_struct *mm, struct vm_area_struct *vma) do { long nrpages = vma_pages(vma); @@ -82934,7 +81663,7 @@ index 32f3372..254d5f3 100644 if (vma->vm_flags & VM_ACCOUNT) nr_accounted += nrpages; vm_stat_account(mm, vma->vm_flags, vma->vm_file, -nrpages); -@@ -2308,6 +2633,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2329,6 +2656,16 @@ detach_vmas_to_be_unmapped(struct mm_struct *mm, struct vm_area_struct *vma, insertion_point = (prev ? &prev->vm_next : &mm->mmap); vma->vm_prev = NULL; do { @@ -82951,7 +81680,7 @@ index 32f3372..254d5f3 100644 vma_rb_erase(vma, &mm->mm_rb); mm->map_count--; tail_vma = vma; -@@ -2339,14 +2674,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2360,14 +2697,33 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct *new; int err = -ENOMEM; @@ -82985,7 +81714,7 @@ index 32f3372..254d5f3 100644 /* most fields are the same, copy all, and then fixup */ *new = *vma; -@@ -2359,6 +2713,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2380,6 +2736,22 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_pgoff += ((addr - vma->vm_start) >> PAGE_SHIFT); } @@ -83008,7 +81737,7 @@ index 32f3372..254d5f3 100644 pol = mpol_dup(vma_policy(vma)); if (IS_ERR(pol)) { err = PTR_ERR(pol); -@@ -2381,6 +2751,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2402,6 +2774,36 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, else err = vma_adjust(vma, vma->vm_start, addr, vma->vm_pgoff, new); @@ -83045,7 +81774,7 @@ index 32f3372..254d5f3 100644 /* Success. */ if (!err) return 0; -@@ -2390,10 +2790,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2411,10 +2813,18 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, new->vm_ops->close(new); if (new->vm_file) fput(new->vm_file); @@ -83065,7 +81794,7 @@ index 32f3372..254d5f3 100644 kmem_cache_free(vm_area_cachep, new); out_err: return err; -@@ -2406,6 +2814,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, +@@ -2427,6 +2837,15 @@ static int __split_vma(struct mm_struct * mm, struct vm_area_struct * vma, int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, unsigned long addr, int new_below) { @@ -83081,7 +81810,7 @@ index 32f3372..254d5f3 100644 if (mm->map_count >= sysctl_max_map_count) return -ENOMEM; -@@ -2417,11 +2834,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -2438,11 +2857,30 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, * work. This now handles partial unmappings. * Jeremy Fitzhardinge <jeremy@goop.org> */ @@ -83112,7 +81841,7 @@ index 32f3372..254d5f3 100644 if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start) return -EINVAL; -@@ -2496,6 +2932,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) +@@ -2517,6 +2955,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len) /* Fix up all other VM information */ remove_vma_list(mm, vma); @@ -83121,7 +81850,7 @@ index 32f3372..254d5f3 100644 return 0; } -@@ -2504,6 +2942,13 @@ int vm_munmap(unsigned long start, size_t len) +@@ -2525,6 +2965,13 @@ int vm_munmap(unsigned long start, size_t len) int ret; struct mm_struct *mm = current->mm; @@ -83135,7 +81864,7 @@ index 32f3372..254d5f3 100644 down_write(&mm->mmap_sem); ret = do_munmap(mm, start, len); up_write(&mm->mmap_sem); -@@ -2517,16 +2962,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) +@@ -2538,16 +2985,6 @@ SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) return vm_munmap(addr, len); } @@ -83152,7 +81881,7 @@ index 32f3372..254d5f3 100644 /* * this is really a simplified "do_mmap". it only handles * anonymous maps. eventually we may be able to do some -@@ -2540,6 +2975,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2561,6 +2998,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) struct rb_node ** rb_link, * rb_parent; pgoff_t pgoff = addr >> PAGE_SHIFT; int error; @@ -83160,7 +81889,7 @@ index 32f3372..254d5f3 100644 len = PAGE_ALIGN(len); if (!len) -@@ -2547,16 +2983,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2568,16 +3006,30 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; @@ -83192,7 +81921,7 @@ index 32f3372..254d5f3 100644 locked += mm->locked_vm; lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; -@@ -2573,21 +3023,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2594,21 +3046,20 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) /* * Clear old maps. this also does some error checking for us */ @@ -83217,7 +81946,7 @@ index 32f3372..254d5f3 100644 return -ENOMEM; /* Can we just expand an old private anonymous mapping? */ -@@ -2601,7 +3050,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2622,7 +3073,7 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) */ vma = kmem_cache_zalloc(vm_area_cachep, GFP_KERNEL); if (!vma) { @@ -83226,22 +81955,20 @@ index 32f3372..254d5f3 100644 return -ENOMEM; } -@@ -2615,11 +3064,12 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) +@@ -2636,9 +3087,10 @@ static unsigned long do_brk(unsigned long addr, unsigned long len) vma_link(mm, vma, prev, rb_link, rb_parent); out: perf_event_mmap(vma); - mm->total_vm += len >> PAGE_SHIFT; + mm->total_vm += charged; - if (flags & VM_LOCKED) { - if (!mlock_vma_pages_range(vma, addr, addr + len)) -- mm->locked_vm += (len >> PAGE_SHIFT); -+ mm->locked_vm += charged; - } + if (flags & VM_LOCKED) +- mm->locked_vm += (len >> PAGE_SHIFT); ++ mm->locked_vm += charged; + track_exec_limit(mm, addr, addr + len, flags); return addr; } -@@ -2677,6 +3127,7 @@ void exit_mmap(struct mm_struct *mm) +@@ -2700,6 +3152,7 @@ void exit_mmap(struct mm_struct *mm) while (vma) { if (vma->vm_flags & VM_ACCOUNT) nr_accounted += vma_pages(vma); @@ -83249,7 +81976,7 @@ index 32f3372..254d5f3 100644 vma = remove_vma(vma); } vm_unacct_memory(nr_accounted); -@@ -2693,6 +3144,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2716,6 +3169,13 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) struct vm_area_struct *prev; struct rb_node **rb_link, *rb_parent; @@ -83263,7 +81990,7 @@ index 32f3372..254d5f3 100644 /* * The vm_pgoff of a purely anonymous vma should be irrelevant * until its first write fault, when page's anon_vma and index -@@ -2716,7 +3174,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) +@@ -2739,7 +3199,21 @@ int insert_vm_struct(struct mm_struct *mm, struct vm_area_struct *vma) security_vm_enough_memory_mm(mm, vma_pages(vma))) return -ENOMEM; @@ -83285,7 +82012,7 @@ index 32f3372..254d5f3 100644 return 0; } -@@ -2736,6 +3208,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2759,6 +3233,8 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, struct mempolicy *pol; bool faulted_in_anon_vma = true; @@ -83294,7 +82021,7 @@ index 32f3372..254d5f3 100644 /* * If anonymous vma has not yet been faulted, update new pgoff * to match new location, to increase its chance of merging. -@@ -2802,6 +3276,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, +@@ -2825,6 +3301,39 @@ struct vm_area_struct *copy_vma(struct vm_area_struct **vmap, return NULL; } @@ -83334,7 +82061,7 @@ index 32f3372..254d5f3 100644 /* * Return true if the calling process may expand its vm space by the passed * number of pages -@@ -2813,6 +3320,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) +@@ -2836,6 +3345,7 @@ int may_expand_vm(struct mm_struct *mm, unsigned long npages) lim = rlimit(RLIMIT_AS) >> PAGE_SHIFT; @@ -83342,7 +82069,7 @@ index 32f3372..254d5f3 100644 if (cur + npages > lim) return 0; return 1; -@@ -2883,6 +3391,22 @@ int install_special_mapping(struct mm_struct *mm, +@@ -2906,6 +3416,22 @@ int install_special_mapping(struct mm_struct *mm, vma->vm_start = addr; vma->vm_end = addr + len; @@ -83366,13 +82093,14 @@ index 32f3372..254d5f3 100644 vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); diff --git a/mm/mprotect.c b/mm/mprotect.c -index 94722a4..9837984 100644 +index 94722a4..07d9926 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c -@@ -23,10 +23,17 @@ +@@ -23,10 +23,18 @@ #include <linux/mmu_notifier.h> #include <linux/migrate.h> #include <linux/perf_event.h> ++#include <linux/sched/sysctl.h> + +#ifdef CONFIG_PAX_MPROTECT +#include <linux/elf.h> @@ -83387,7 +82115,7 @@ index 94722a4..9837984 100644 #ifndef pgprot_modify static inline pgprot_t pgprot_modify(pgprot_t oldprot, pgprot_t newprot) -@@ -233,6 +240,48 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start, +@@ -233,6 +241,48 @@ unsigned long change_protection(struct vm_area_struct *vma, unsigned long start, return pages; } @@ -83436,7 +82164,7 @@ index 94722a4..9837984 100644 int mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, unsigned long start, unsigned long end, unsigned long newflags) -@@ -245,11 +294,29 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, +@@ -245,11 +295,29 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, int error; int dirty_accountable = 0; @@ -83466,7 +82194,7 @@ index 94722a4..9837984 100644 /* * If we make a private mapping writable we increase our commit; * but (without finer accounting) cannot reduce our commit if we -@@ -266,6 +333,42 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, +@@ -266,6 +334,42 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, } } @@ -83509,7 +82237,7 @@ index 94722a4..9837984 100644 /* * First try to merge with previous and/or next vma. */ -@@ -296,9 +399,21 @@ success: +@@ -296,9 +400,21 @@ success: * vm_flags and vm_page_prot are protected by the mmap_sem * held in write mode. */ @@ -83532,7 +82260,7 @@ index 94722a4..9837984 100644 if (vma_wants_writenotify(vma)) { vma->vm_page_prot = vm_get_page_prot(newflags & ~VM_SHARED); -@@ -337,6 +452,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -337,6 +453,17 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, end = start + len; if (end <= start) return -ENOMEM; @@ -83550,7 +82278,7 @@ index 94722a4..9837984 100644 if (!arch_validate_prot(prot)) return -EINVAL; -@@ -344,7 +470,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -344,7 +471,7 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, /* * Does the application expect PROT_READ to imply PROT_EXEC: */ @@ -83559,7 +82287,7 @@ index 94722a4..9837984 100644 prot |= PROT_EXEC; vm_flags = calc_vm_prot_bits(prot); -@@ -376,6 +502,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -376,6 +503,11 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, if (start > vma->vm_start) prev = vma; @@ -83571,7 +82299,7 @@ index 94722a4..9837984 100644 for (nstart = start ; ; ) { unsigned long newflags; -@@ -386,6 +517,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -386,6 +518,14 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, /* newflags >> 4 shift VM_MAY% in place of VM_% */ if ((newflags & ~(newflags >> 4)) & (VM_READ | VM_WRITE | VM_EXEC)) { @@ -83586,7 +82314,7 @@ index 94722a4..9837984 100644 error = -EACCES; goto out; } -@@ -400,6 +539,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, +@@ -400,6 +540,9 @@ SYSCALL_DEFINE3(mprotect, unsigned long, start, size_t, len, error = mprotect_fixup(vma, &prev, nstart, tmp, newflags); if (error) goto out; @@ -83597,10 +82325,10 @@ index 94722a4..9837984 100644 if (nstart < prev->vm_end) diff --git a/mm/mremap.c b/mm/mremap.c -index e1031e1..1f2a0a1 100644 +index 463a257..c0c7a92 100644 --- a/mm/mremap.c +++ b/mm/mremap.c -@@ -125,6 +125,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, +@@ -126,6 +126,12 @@ static void move_ptes(struct vm_area_struct *vma, pmd_t *old_pmd, continue; pte = ptep_get_and_clear(mm, old_addr, old_pte); pte = move_pte(pte, new_vma->vm_page_prot, old_addr, new_addr); @@ -83613,7 +82341,7 @@ index e1031e1..1f2a0a1 100644 set_pte_at(mm, new_addr, new_pte, pte); } -@@ -319,6 +325,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, +@@ -318,6 +324,11 @@ static struct vm_area_struct *vma_to_resize(unsigned long addr, if (is_vm_hugetlb_page(vma)) goto Einval; @@ -83625,7 +82353,7 @@ index e1031e1..1f2a0a1 100644 /* We can't remap across vm area boundaries */ if (old_len > vma->vm_end - addr) goto Efault; -@@ -375,20 +386,25 @@ static unsigned long mremap_to(unsigned long addr, +@@ -373,20 +384,25 @@ static unsigned long mremap_to(unsigned long addr, unsigned long old_len, unsigned long ret = -EINVAL; unsigned long charged = 0; unsigned long map_flags; @@ -83656,15 +82384,15 @@ index e1031e1..1f2a0a1 100644 goto out; ret = do_munmap(mm, new_addr, new_len); -@@ -456,6 +472,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, - struct vm_area_struct *vma; +@@ -455,6 +471,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, unsigned long ret = -EINVAL; unsigned long charged = 0; + bool locked = false; + unsigned long pax_task_size = TASK_SIZE; down_write(¤t->mm->mmap_sem); -@@ -476,6 +493,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, +@@ -475,6 +492,17 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, if (!new_len) goto out; @@ -83681,9 +82409,9 @@ index e1031e1..1f2a0a1 100644 + if (flags & MREMAP_FIXED) { if (flags & MREMAP_MAYMOVE) - ret = mremap_to(addr, old_len, new_addr, new_len); + ret = mremap_to(addr, old_len, new_addr, new_len, @@ -524,6 +552,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, - addr + new_len); + new_addr = addr; } ret = addr; + track_exec_limit(vma->vm_mm, vma->vm_start, addr + new_len, vma->vm_flags); @@ -83695,7 +82423,7 @@ index e1031e1..1f2a0a1 100644 } + map_flags = vma->vm_flags; - ret = move_vma(vma, addr, old_len, new_len, new_addr); + ret = move_vma(vma, addr, old_len, new_len, new_addr, &locked); + if (!(ret & ~PAGE_MASK)) { + track_exec_limit(current->mm, addr, addr + old_len, 0UL); + track_exec_limit(current->mm, new_addr, new_addr + new_len, map_flags); @@ -83704,10 +82432,10 @@ index e1031e1..1f2a0a1 100644 out: if (ret & ~PAGE_MASK) diff --git a/mm/nommu.c b/mm/nommu.c -index bbe1f3f..b2601ea 100644 +index e001768..9b52b30 100644 --- a/mm/nommu.c +++ b/mm/nommu.c -@@ -62,7 +62,6 @@ int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */ +@@ -63,7 +63,6 @@ int sysctl_overcommit_memory = OVERCOMMIT_GUESS; /* heuristic overcommit */ int sysctl_overcommit_ratio = 50; /* default is 50% */ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT; int sysctl_nr_trim_pages = CONFIG_NOMMU_INITIAL_TRIM_EXCESS; @@ -83715,7 +82443,7 @@ index bbe1f3f..b2601ea 100644 atomic_long_t mmap_pages_allocated; -@@ -839,15 +838,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) +@@ -841,15 +840,6 @@ struct vm_area_struct *find_vma(struct mm_struct *mm, unsigned long addr) EXPORT_SYMBOL(find_vma); /* @@ -83731,7 +82459,7 @@ index bbe1f3f..b2601ea 100644 * expand a stack to a given address * - not supported under NOMMU conditions */ -@@ -1555,6 +1545,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, +@@ -1560,6 +1550,7 @@ int split_vma(struct mm_struct *mm, struct vm_area_struct *vma, /* most fields are the same, copy all, and then fixup */ *new = *vma; @@ -83739,7 +82467,7 @@ index bbe1f3f..b2601ea 100644 *region = *vma->vm_region; new->vm_region = region; -@@ -1975,8 +1966,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr, +@@ -1992,8 +1983,8 @@ int generic_file_remap_pages(struct vm_area_struct *vma, unsigned long addr, } EXPORT_SYMBOL(generic_file_remap_pages); @@ -83750,7 +82478,7 @@ index bbe1f3f..b2601ea 100644 { struct vm_area_struct *vma; -@@ -2017,8 +2008,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, +@@ -2034,8 +2025,8 @@ static int __access_remote_vm(struct task_struct *tsk, struct mm_struct *mm, * * The caller must hold a reference on @mm. */ @@ -83761,7 +82489,7 @@ index bbe1f3f..b2601ea 100644 { return __access_remote_vm(NULL, mm, addr, buf, len, write); } -@@ -2027,7 +2018,7 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, +@@ -2044,7 +2035,7 @@ int access_remote_vm(struct mm_struct *mm, unsigned long addr, * Access another process' address space. * - source/target buffer must be kernel space */ @@ -83771,10 +82499,10 @@ index bbe1f3f..b2601ea 100644 struct mm_struct *mm; diff --git a/mm/page-writeback.c b/mm/page-writeback.c -index 0713bfb..b95bb87 100644 +index efe6814..64b4701 100644 --- a/mm/page-writeback.c +++ b/mm/page-writeback.c -@@ -655,7 +655,7 @@ unsigned long bdi_dirty_limit(struct backing_dev_info *bdi, unsigned long dirty) +@@ -659,7 +659,7 @@ unsigned long bdi_dirty_limit(struct backing_dev_info *bdi, unsigned long dirty) * card's bdi_dirty may rush to many times higher than bdi_setpoint. * - the bdi dirty thresh drops quickly due to change of JBOD workload */ @@ -83783,7 +82511,7 @@ index 0713bfb..b95bb87 100644 unsigned long thresh, unsigned long bg_thresh, unsigned long dirty, -@@ -1630,7 +1630,7 @@ ratelimit_handler(struct notifier_block *self, unsigned long action, +@@ -1634,7 +1634,7 @@ ratelimit_handler(struct notifier_block *self, unsigned long action, } } @@ -83793,18 +82521,18 @@ index 0713bfb..b95bb87 100644 .next = NULL, }; diff --git a/mm/page_alloc.c b/mm/page_alloc.c -index 6a83cd3..4cc7b16 100644 +index 8fcced7..ebcd481 100644 --- a/mm/page_alloc.c +++ b/mm/page_alloc.c -@@ -58,6 +58,7 @@ - #include <linux/prefetch.h> +@@ -59,6 +59,7 @@ #include <linux/migrate.h> #include <linux/page-debug-flags.h> + #include <linux/sched/rt.h> +#include <linux/random.h> #include <asm/tlbflush.h> #include <asm/div64.h> -@@ -338,7 +339,7 @@ out: +@@ -344,7 +345,7 @@ out: * This usage means that zero-order pages may not be compound. */ @@ -83813,7 +82541,7 @@ index 6a83cd3..4cc7b16 100644 { __free_pages_ok(page, compound_order(page)); } -@@ -693,6 +694,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -701,6 +702,10 @@ static bool free_pages_prepare(struct page *page, unsigned int order) int i; int bad = 0; @@ -83824,7 +82552,7 @@ index 6a83cd3..4cc7b16 100644 trace_mm_page_free(page, order); kmemcheck_free_shadow(page, order); -@@ -708,6 +713,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) +@@ -716,6 +721,12 @@ static bool free_pages_prepare(struct page *page, unsigned int order) debug_check_no_obj_freed(page_address(page), PAGE_SIZE << order); } @@ -83837,7 +82565,7 @@ index 6a83cd3..4cc7b16 100644 arch_free_page(page, order); kernel_map_pages(page, 1 << order, 0); -@@ -730,6 +741,19 @@ static void __free_pages_ok(struct page *page, unsigned int order) +@@ -738,6 +749,19 @@ static void __free_pages_ok(struct page *page, unsigned int order) local_irq_restore(flags); } @@ -83857,7 +82585,7 @@ index 6a83cd3..4cc7b16 100644 /* * Read access to zone->managed_pages is safe because it's unsigned long, * but we still need to serialize writers. Currently all callers of -@@ -752,6 +776,19 @@ void __meminit __free_pages_bootmem(struct page *page, unsigned int order) +@@ -760,6 +784,19 @@ void __meminit __free_pages_bootmem(struct page *page, unsigned int order) set_page_count(p, 0); } @@ -83877,7 +82605,7 @@ index 6a83cd3..4cc7b16 100644 page_zone(page)->managed_pages += 1 << order; set_page_refcounted(page); __free_pages(page, order); -@@ -861,8 +898,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) +@@ -869,8 +906,10 @@ static int prep_new_page(struct page *page, int order, gfp_t gfp_flags) arch_alloc_page(page, order); kernel_map_pages(page, 1 << order, 1); @@ -83953,7 +82681,7 @@ index fd26d04..0cea1b0 100644 if (!mm || IS_ERR(mm)) { rc = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; diff --git a/mm/rmap.c b/mm/rmap.c -index 2c78f8c..9e9c624 100644 +index 807c96b..0e05279 100644 --- a/mm/rmap.c +++ b/mm/rmap.c @@ -163,6 +163,10 @@ int anon_vma_prepare(struct vm_area_struct *vma) @@ -84043,7 +82771,7 @@ index 2c78f8c..9e9c624 100644 struct anon_vma_chain *avc; struct anon_vma *anon_vma; diff --git a/mm/shmem.c b/mm/shmem.c -index efd0b3a..994b702 100644 +index 1c44af7..cefe9a6 100644 --- a/mm/shmem.c +++ b/mm/shmem.c @@ -31,7 +31,7 @@ @@ -84064,7 +82792,7 @@ index efd0b3a..994b702 100644 /* * shmem_fallocate and shmem_writepage communicate via inode->i_private -@@ -2202,6 +2202,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { +@@ -2201,6 +2201,11 @@ static const struct xattr_handler *shmem_xattr_handlers[] = { static int shmem_xattr_validate(const char *name) { struct { const char *prefix; size_t len; } arr[] = { @@ -84076,7 +82804,7 @@ index efd0b3a..994b702 100644 { XATTR_SECURITY_PREFIX, XATTR_SECURITY_PREFIX_LEN }, { XATTR_TRUSTED_PREFIX, XATTR_TRUSTED_PREFIX_LEN } }; -@@ -2257,6 +2262,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, +@@ -2256,6 +2261,15 @@ static int shmem_setxattr(struct dentry *dentry, const char *name, if (err) return err; @@ -84092,7 +82820,7 @@ index efd0b3a..994b702 100644 return simple_xattr_set(&info->xattrs, name, value, size, flags); } -@@ -2562,8 +2576,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) +@@ -2568,8 +2582,7 @@ int shmem_fill_super(struct super_block *sb, void *data, int silent) int err = -ENOMEM; /* Round up to L1_CACHE_BYTES to resist false sharing */ @@ -84103,7 +82831,7 @@ index efd0b3a..994b702 100644 return -ENOMEM; diff --git a/mm/slab.c b/mm/slab.c -index e7667a3..a48e73b 100644 +index 856e4a1..fafb820 100644 --- a/mm/slab.c +++ b/mm/slab.c @@ -306,7 +306,7 @@ struct kmem_list3 { @@ -84384,7 +83112,7 @@ index 3f3cd97..93b0236 100644 } diff --git a/mm/slob.c b/mm/slob.c -index a99fdf7..6ee34ec 100644 +index eeed4a0..6ee34ec 100644 --- a/mm/slob.c +++ b/mm/slob.c @@ -157,7 +157,7 @@ static void set_slob(slob_t *s, slobidx_t size, slob_t *next) @@ -84470,7 +83198,7 @@ index a99fdf7..6ee34ec 100644 clear_slob_page_free(sp); spin_unlock_irqrestore(&slob_lock, flags); - __ClearPageSlab(sp); -- reset_page_mapcount(sp); +- page_mapcount_reset(sp); - slob_free_pages(b, 0); + slob_free_pages(sp, 0); return; @@ -84747,7 +83475,7 @@ index a99fdf7..6ee34ec 100644 EXPORT_SYMBOL(kmem_cache_free); diff --git a/mm/slub.c b/mm/slub.c -index ba2ca53..991c4f7 100644 +index 4aec537..a64753d 100644 --- a/mm/slub.c +++ b/mm/slub.c @@ -197,7 +197,7 @@ struct track { @@ -85038,20 +83766,20 @@ index 1b7e22a..3fcd4f3 100644 return pgd; } diff --git a/mm/sparse.c b/mm/sparse.c -index 6b5fb76..db0c190 100644 +index 7ca6dc8..6472aa1 100644 --- a/mm/sparse.c +++ b/mm/sparse.c -@@ -782,7 +782,7 @@ static void clear_hwpoisoned_pages(struct page *memmap, int nr_pages) +@@ -783,7 +783,7 @@ static void clear_hwpoisoned_pages(struct page *memmap, int nr_pages) for (i = 0; i < PAGES_PER_SECTION; i++) { if (PageHWPoison(&memmap[i])) { -- atomic_long_sub(1, &mce_bad_pages); -+ atomic_long_sub_unchecked(1, &mce_bad_pages); +- atomic_long_sub(1, &num_poisoned_pages); ++ atomic_long_sub_unchecked(1, &num_poisoned_pages); ClearPageHWPoison(&memmap[i]); } } diff --git a/mm/swap.c b/mm/swap.c -index 6310dc2..3662b3f 100644 +index 8a529a0..154ef26 100644 --- a/mm/swap.c +++ b/mm/swap.c @@ -30,6 +30,7 @@ @@ -85072,10 +83800,10 @@ index 6310dc2..3662b3f 100644 } diff --git a/mm/swapfile.c b/mm/swapfile.c -index e97a0e5..b50e796 100644 +index a1f7772..9e982ac 100644 --- a/mm/swapfile.c +++ b/mm/swapfile.c -@@ -64,7 +64,7 @@ static DEFINE_MUTEX(swapon_mutex); +@@ -66,7 +66,7 @@ static DEFINE_MUTEX(swapon_mutex); static DECLARE_WAIT_QUEUE_HEAD(proc_poll_wait); /* Activity counter to indicate that a swapon or swapoff has occurred */ @@ -85084,7 +83812,7 @@ index e97a0e5..b50e796 100644 static inline unsigned char swap_count(unsigned char ent) { -@@ -1608,7 +1608,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) +@@ -1683,7 +1683,7 @@ SYSCALL_DEFINE1(swapoff, const char __user *, specialfile) } filp_close(swap_file, NULL); err = 0; @@ -85093,7 +83821,7 @@ index e97a0e5..b50e796 100644 wake_up_interruptible(&proc_poll_wait); out_dput: -@@ -1625,8 +1625,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) +@@ -1700,8 +1700,8 @@ static unsigned swaps_poll(struct file *file, poll_table *wait) poll_wait(file, &proc_poll_wait, wait); @@ -85104,7 +83832,7 @@ index e97a0e5..b50e796 100644 return POLLIN | POLLRDNORM | POLLERR | POLLPRI; } -@@ -1724,7 +1724,7 @@ static int swaps_open(struct inode *inode, struct file *file) +@@ -1799,7 +1799,7 @@ static int swaps_open(struct inode *inode, struct file *file) return ret; seq = file->private_data; @@ -85113,7 +83841,7 @@ index e97a0e5..b50e796 100644 return 0; } -@@ -2066,7 +2066,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) +@@ -2142,7 +2142,7 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags) (frontswap_map) ? "FS" : ""); mutex_unlock(&swapon_mutex); @@ -85123,10 +83851,10 @@ index e97a0e5..b50e796 100644 if (S_ISREG(inode->i_mode)) diff --git a/mm/util.c b/mm/util.c -index c55e26b..3f913a9 100644 +index ab1424d..7c5bd5a 100644 --- a/mm/util.c +++ b/mm/util.c -@@ -292,6 +292,12 @@ done: +@@ -294,6 +294,12 @@ done: void arch_pick_mmap_layout(struct mm_struct *mm) { mm->mmap_base = TASK_UNMAPPED_BASE; @@ -85140,7 +83868,7 @@ index c55e26b..3f913a9 100644 mm->unmap_area = arch_unmap_area; } diff --git a/mm/vmalloc.c b/mm/vmalloc.c -index 5123a16..f234a48 100644 +index 0f751f2..ef398a0 100644 --- a/mm/vmalloc.c +++ b/mm/vmalloc.c @@ -39,8 +39,19 @@ static void vunmap_pte_range(pmd_t *pmd, unsigned long addr, unsigned long end) @@ -85278,7 +84006,7 @@ index 5123a16..f234a48 100644 if (flags & VM_IOREMAP) { int bit = fls(size); -@@ -1568,6 +1617,11 @@ void *vmap(struct page **pages, unsigned int count, +@@ -1569,6 +1618,11 @@ void *vmap(struct page **pages, unsigned int count, if (count > totalram_pages) return NULL; @@ -85290,7 +84018,7 @@ index 5123a16..f234a48 100644 area = get_vm_area_caller((count << PAGE_SHIFT), flags, __builtin_return_address(0)); if (!area) -@@ -1669,6 +1723,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, +@@ -1670,6 +1724,13 @@ void *__vmalloc_node_range(unsigned long size, unsigned long align, if (!size || (size >> PAGE_SHIFT) > totalram_pages) goto fail; @@ -85304,7 +84032,7 @@ index 5123a16..f234a48 100644 area = __get_vm_area_node(size, align, VM_ALLOC | VM_UNLIST, start, end, node, gfp_mask, caller); if (!area) -@@ -1842,10 +1903,9 @@ EXPORT_SYMBOL(vzalloc_node); +@@ -1845,10 +1906,9 @@ EXPORT_SYMBOL(vzalloc_node); * For tight control over page level allocator and protection flags * use __vmalloc() instead. */ @@ -85313,10 +84041,10 @@ index 5123a16..f234a48 100644 { - return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM, PAGE_KERNEL_EXEC, + return __vmalloc_node(size, 1, GFP_KERNEL | __GFP_HIGHMEM | __GFP_ZERO, PAGE_KERNEL_EXEC, - -1, __builtin_return_address(0)); + NUMA_NO_NODE, __builtin_return_address(0)); } -@@ -2136,6 +2196,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, +@@ -2139,6 +2199,8 @@ int remap_vmalloc_range(struct vm_area_struct *vma, void *addr, unsigned long uaddr = vma->vm_start; unsigned long usize = vma->vm_end - vma->vm_start; @@ -85325,7 +84053,7 @@ index 5123a16..f234a48 100644 if ((PAGE_SIZE-1) & (unsigned long)addr) return -EINVAL; -@@ -2575,7 +2637,11 @@ static int s_show(struct seq_file *m, void *p) +@@ -2578,7 +2640,11 @@ static int s_show(struct seq_file *m, void *p) v->addr, v->addr + v->size, v->size); if (v->caller) @@ -85338,7 +84066,7 @@ index 5123a16..f234a48 100644 if (v->nr_pages) seq_printf(m, " pages=%d", v->nr_pages); diff --git a/mm/vmstat.c b/mm/vmstat.c -index 9800306..76b4b27 100644 +index e1d8ed1..253fa3c 100644 --- a/mm/vmstat.c +++ b/mm/vmstat.c @@ -78,7 +78,7 @@ void vm_events_fold_cpu(int cpu) @@ -85379,7 +84107,7 @@ index 9800306..76b4b27 100644 } } #endif -@@ -1223,7 +1223,7 @@ static int __cpuinit vmstat_cpuup_callback(struct notifier_block *nfb, +@@ -1224,7 +1224,7 @@ static int __cpuinit vmstat_cpuup_callback(struct notifier_block *nfb, return NOTIFY_OK; } @@ -85388,7 +84116,7 @@ index 9800306..76b4b27 100644 { &vmstat_cpuup_callback, NULL, 0 }; #endif -@@ -1238,10 +1238,20 @@ static int __init setup_vmstat(void) +@@ -1239,10 +1239,20 @@ static int __init setup_vmstat(void) start_cpu_timer(cpu); #endif #ifdef CONFIG_PROC_FS @@ -85414,10 +84142,10 @@ index 9800306..76b4b27 100644 return 0; } diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c -index acc74ad..be02639 100644 +index 85addcd..c429a13 100644 --- a/net/8021q/vlan.c +++ b/net/8021q/vlan.c -@@ -108,6 +108,13 @@ void unregister_vlan_dev(struct net_device *dev, struct list_head *head) +@@ -114,6 +114,13 @@ void unregister_vlan_dev(struct net_device *dev, struct list_head *head) if (vlan_id) vlan_vid_del(real_dev, vlan_id); @@ -85431,7 +84159,7 @@ index acc74ad..be02639 100644 /* Get rid of the vlan's reference to real_dev */ dev_put(real_dev); } -@@ -485,7 +492,7 @@ out: +@@ -496,7 +503,7 @@ out: return NOTIFY_DONE; } @@ -85440,7 +84168,7 @@ index acc74ad..be02639 100644 .notifier_call = vlan_device_event, }; -@@ -560,8 +567,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) +@@ -571,8 +578,7 @@ static int vlan_ioctl_handler(struct net *net, void __user *arg) err = -EPERM; if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) break; @@ -85539,7 +84267,7 @@ index a86aff9..3a0d6f6 100644 /* * ATM LAN Emulation supports both LLC & Dix Ethernet EtherType diff --git a/net/atm/proc.c b/net/atm/proc.c -index 0d020de..011c7bb 100644 +index 6ac35ff..ac0e136 100644 --- a/net/atm/proc.c +++ b/net/atm/proc.c @@ -45,9 +45,9 @@ static void add_stats(struct seq_file *seq, const char *aal, @@ -85591,7 +84319,7 @@ index d5744b7..506bae3 100644 table = kmemdup(ax25_param_table, sizeof(ax25_param_table), GFP_KERNEL); if (!table) diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c -index 1ee94d0..14beea2 100644 +index a5bb0a7..e1d8b97 100644 --- a/net/batman-adv/bat_iv_ogm.c +++ b/net/batman-adv/bat_iv_ogm.c @@ -63,7 +63,7 @@ static int batadv_iv_ogm_iface_enable(struct batadv_hard_iface *hard_iface) @@ -85603,7 +84331,7 @@ index 1ee94d0..14beea2 100644 hard_iface->bat_iv.ogm_buff_len = BATADV_OGM_HLEN; ogm_buff = kmalloc(hard_iface->bat_iv.ogm_buff_len, GFP_ATOMIC); -@@ -615,9 +615,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface) +@@ -611,9 +611,9 @@ static void batadv_iv_ogm_schedule(struct batadv_hard_iface *hard_iface) batadv_ogm_packet = (struct batadv_ogm_packet *)(*ogm_buff); /* change sequence number to network order */ @@ -85615,7 +84343,7 @@ index 1ee94d0..14beea2 100644 batadv_ogm_packet->ttvn = atomic_read(&bat_priv->tt.vn); batadv_ogm_packet->tt_crc = htons(bat_priv->tt.local_crc); -@@ -1022,7 +1022,7 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr, +@@ -1013,7 +1013,7 @@ static void batadv_iv_ogm_process(const struct ethhdr *ethhdr, return; /* could be changed by schedule_own_packet() */ @@ -85625,7 +84353,7 @@ index 1ee94d0..14beea2 100644 if (batadv_ogm_packet->flags & BATADV_DIRECTLINK) has_directlink_flag = 1; diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c -index f1d37cd..4190879 100644 +index 368219e..53f56f9 100644 --- a/net/batman-adv/hard-interface.c +++ b/net/batman-adv/hard-interface.c @@ -370,7 +370,7 @@ int batadv_hardif_enable_interface(struct batadv_hard_iface *hard_iface, @@ -85637,7 +84365,7 @@ index f1d37cd..4190879 100644 batadv_info(hard_iface->soft_iface, "Adding interface: %s\n", hard_iface->net_dev->name); -@@ -493,7 +493,7 @@ batadv_hardif_add_interface(struct net_device *net_dev) +@@ -514,7 +514,7 @@ batadv_hardif_add_interface(struct net_device *net_dev) /* This can't be called via a bat_priv callback because * we have no bat_priv yet. */ @@ -85647,7 +84375,7 @@ index f1d37cd..4190879 100644 return hard_iface; diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c -index 6b548fd..fc32c8d 100644 +index 2711e87..4ca48fa 100644 --- a/net/batman-adv/soft-interface.c +++ b/net/batman-adv/soft-interface.c @@ -252,7 +252,7 @@ static int batadv_interface_tx(struct sk_buff *skb, @@ -85659,7 +84387,7 @@ index 6b548fd..fc32c8d 100644 bcast_packet->seqno = htonl(seqno); batadv_add_bcast_packet_to_list(bat_priv, skb, brd_delay); -@@ -497,7 +497,7 @@ struct net_device *batadv_softif_create(const char *name) +@@ -527,7 +527,7 @@ struct net_device *batadv_softif_create(const char *name) atomic_set(&bat_priv->batman_queue_left, BATADV_BATMAN_QUEUE_LEN); atomic_set(&bat_priv->mesh_state, BATADV_MESH_INACTIVE); @@ -85669,10 +84397,10 @@ index 6b548fd..fc32c8d 100644 atomic_set(&bat_priv->tt.local_changes, 0); atomic_set(&bat_priv->tt.ogm_append_cnt, 0); diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h -index ae9ac9a..11e0fe7 100644 +index 4cd87a0..348e705 100644 --- a/net/batman-adv/types.h +++ b/net/batman-adv/types.h -@@ -48,7 +48,7 @@ +@@ -51,7 +51,7 @@ struct batadv_hard_iface_bat_iv { unsigned char *ogm_buff; int ogm_buff_len; @@ -85680,8 +84408,8 @@ index ae9ac9a..11e0fe7 100644 + atomic_unchecked_t ogm_seqno; }; - struct batadv_hard_iface { -@@ -56,7 +56,7 @@ struct batadv_hard_iface { + /** +@@ -75,7 +75,7 @@ struct batadv_hard_iface { int16_t if_num; char if_status; struct net_device *net_dev; @@ -85690,20 +84418,20 @@ index ae9ac9a..11e0fe7 100644 struct kobject *hardif_obj; atomic_t refcount; struct packet_type batman_adv_ptype; -@@ -284,7 +284,7 @@ struct batadv_priv { - atomic_t orig_interval; /* uint */ - atomic_t hop_penalty; /* uint */ - atomic_t log_level; /* uint */ +@@ -495,7 +495,7 @@ struct batadv_priv { + #ifdef CONFIG_BATMAN_ADV_DEBUG + atomic_t log_level; + #endif - atomic_t bcast_seqno; + atomic_unchecked_t bcast_seqno; atomic_t bcast_queue_left; atomic_t batman_queue_left; char num_ifaces; diff --git a/net/batman-adv/unicast.c b/net/batman-adv/unicast.c -index 10aff49..ea8e021 100644 +index 50e079f..49ce2d2 100644 --- a/net/batman-adv/unicast.c +++ b/net/batman-adv/unicast.c -@@ -272,7 +272,7 @@ int batadv_frag_send_skb(struct sk_buff *skb, struct batadv_priv *bat_priv, +@@ -270,7 +270,7 @@ int batadv_frag_send_skb(struct sk_buff *skb, struct batadv_priv *bat_priv, frag1->flags = BATADV_UNI_FRAG_HEAD | large_tail; frag2->flags = large_tail; @@ -85713,10 +84441,10 @@ index 10aff49..ea8e021 100644 frag2->seqno = htons(seqno); diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c -index 07f0739..3c42e34 100644 +index 6a93614..1415549 100644 --- a/net/bluetooth/hci_sock.c +++ b/net/bluetooth/hci_sock.c -@@ -934,7 +934,7 @@ static int hci_sock_setsockopt(struct socket *sock, int level, int optname, +@@ -929,7 +929,7 @@ static int hci_sock_setsockopt(struct socket *sock, int level, int optname, uf.event_mask[1] = *((u32 *) f->event_mask + 1); } @@ -85726,10 +84454,10 @@ index 07f0739..3c42e34 100644 err = -EFAULT; break; diff --git a/net/bluetooth/l2cap_core.c b/net/bluetooth/l2cap_core.c -index 22e6583..426e2f3 100644 +index 7c7e932..7a7815d 100644 --- a/net/bluetooth/l2cap_core.c +++ b/net/bluetooth/l2cap_core.c -@@ -3400,8 +3400,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, +@@ -3395,8 +3395,10 @@ static int l2cap_parse_conf_rsp(struct l2cap_chan *chan, void *rsp, int len, break; case L2CAP_CONF_RFC: @@ -85794,10 +84522,10 @@ index 1bcfb84..dad9f98 100644 err = -EFAULT; break; diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c -index 970fc13..cf0161d 100644 +index 7c9224b..381009e 100644 --- a/net/bluetooth/rfcomm/sock.c +++ b/net/bluetooth/rfcomm/sock.c -@@ -668,7 +668,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c +@@ -666,7 +666,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c struct sock *sk = sock->sk; struct bt_security sec; int err = 0; @@ -85806,7 +84534,7 @@ index 970fc13..cf0161d 100644 u32 opt; BT_DBG("sk %p", sk); -@@ -690,7 +690,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c +@@ -688,7 +688,7 @@ static int rfcomm_sock_setsockopt(struct socket *sock, int level, int optname, c sec.level = BT_SECURITY_LOW; @@ -85816,7 +84544,7 @@ index 970fc13..cf0161d 100644 err = -EFAULT; break; diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c -index bd6fd0f..6492cba 100644 +index b6e44ad..5b0d514 100644 --- a/net/bluetooth/rfcomm/tty.c +++ b/net/bluetooth/rfcomm/tty.c @@ -309,7 +309,7 @@ static void rfcomm_dev_del(struct rfcomm_dev *dev) @@ -85828,7 +84556,7 @@ index bd6fd0f..6492cba 100644 spin_unlock_irqrestore(&dev->port.lock, flags); return; } -@@ -664,10 +664,10 @@ static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) +@@ -659,10 +659,10 @@ static int rfcomm_tty_open(struct tty_struct *tty, struct file *filp) return -ENODEV; BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst, @@ -85841,7 +84569,7 @@ index bd6fd0f..6492cba 100644 spin_unlock_irqrestore(&dev->port.lock, flags); return 0; } -@@ -732,10 +732,10 @@ static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) +@@ -727,10 +727,10 @@ static void rfcomm_tty_close(struct tty_struct *tty, struct file *filp) return; BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc, @@ -85854,24 +84582,11 @@ index bd6fd0f..6492cba 100644 spin_unlock_irqrestore(&dev->port.lock, flags); if (dev->tty_dev->parent) device_move(dev->tty_dev, NULL, DPM_ORDER_DEV_LAST); -diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c -index d9576e6..85f4f4e 100644 ---- a/net/bridge/br_fdb.c -+++ b/net/bridge/br_fdb.c -@@ -386,7 +386,7 @@ static int fdb_insert(struct net_bridge *br, struct net_bridge_port *source, - return 0; - br_warn(br, "adding interface %s with same address " - "as a received packet\n", -- source->dev->name); -+ source ? source->dev->name : br->dev->name); - fdb_delete(br, fdb); - } - diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c -index 5fe2ff3..121d696 100644 +index 8d493c9..3849e49 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c -@@ -1523,7 +1523,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) +@@ -1525,7 +1525,7 @@ static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len) tmp.valid_hooks = t->table->valid_hooks; } mutex_unlock(&ebt_mutex); @@ -85880,7 +84595,7 @@ index 5fe2ff3..121d696 100644 BUGPRINT("c2u Didn't work\n"); ret = -EFAULT; break; -@@ -2327,7 +2327,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, +@@ -2331,7 +2331,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, goto out; tmp.valid_hooks = t->valid_hooks; @@ -85889,7 +84604,7 @@ index 5fe2ff3..121d696 100644 ret = -EFAULT; break; } -@@ -2338,7 +2338,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, +@@ -2342,7 +2342,7 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd, tmp.entries_size = t->table->entries_size; tmp.valid_hooks = t->table->valid_hooks; @@ -85942,10 +84657,10 @@ index a376ec1..1fbd6be 100644 list_del(&p->list); goto out; diff --git a/net/can/af_can.c b/net/can/af_can.c -index ddac1ee..3ee0a78 100644 +index c48e522..1223690 100644 --- a/net/can/af_can.c +++ b/net/can/af_can.c -@@ -872,7 +872,7 @@ static const struct net_proto_family can_family_ops = { +@@ -870,7 +870,7 @@ static const struct net_proto_family can_family_ops = { }; /* notifier block for netdevice event */ @@ -85955,18 +84670,18 @@ index ddac1ee..3ee0a78 100644 }; diff --git a/net/can/gw.c b/net/can/gw.c -index 28e7bdc..d42c4cd 100644 +index 117814a..ad4fb73 100644 --- a/net/can/gw.c +++ b/net/can/gw.c -@@ -67,7 +67,6 @@ MODULE_AUTHOR("Oliver Hartkopp <oliver.hartkopp@volkswagen.de>"); - MODULE_ALIAS("can-gw"); +@@ -80,7 +80,6 @@ MODULE_PARM_DESC(max_hops, + "default: " __stringify(CGW_DEFAULT_HOPS) ")"); static HLIST_HEAD(cgw_list); -static struct notifier_block notifier; static struct kmem_cache *cgw_cache __read_mostly; -@@ -893,6 +892,10 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) +@@ -928,6 +927,10 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh, void *arg) return err; } @@ -85976,8 +84691,8 @@ index 28e7bdc..d42c4cd 100644 + static __init int cgw_module_init(void) { - printk(banner); -@@ -904,7 +907,6 @@ static __init int cgw_module_init(void) + /* sanitize given module parameter */ +@@ -943,7 +946,6 @@ static __init int cgw_module_init(void) return -ENOMEM; /* set notifier */ @@ -86139,24 +84854,10 @@ index 368f9c3..f82d4a3 100644 return err; diff --git a/net/core/dev.c b/net/core/dev.c -index d592214..2764363 100644 +index b24ab0e9..1c424bc 100644 --- a/net/core/dev.c +++ b/net/core/dev.c -@@ -1250,9 +1250,13 @@ void dev_load(struct net *net, const char *name) - if (no_module && capable(CAP_NET_ADMIN)) - no_module = request_module("netdev-%s", name); - if (no_module && capable(CAP_SYS_MODULE)) { -+#ifdef CONFIG_GRKERNSEC_MODHARDEN -+ ___request_module(true, "grsec_modharden_netdev", "%s", name); -+#else - if (!request_module("%s", name)) - pr_warn("Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev-%s instead.\n", - name); -+#endif - } - } - EXPORT_SYMBOL(dev_load); -@@ -1714,7 +1718,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) +@@ -1617,7 +1617,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) { if (skb_shinfo(skb)->tx_flags & SKBTX_DEV_ZEROCOPY) { if (skb_copy_ubufs(skb, GFP_ATOMIC)) { @@ -86165,8 +84866,8 @@ index d592214..2764363 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -1724,7 +1728,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) - nf_reset(skb); +@@ -1626,7 +1626,7 @@ int dev_forward_skb(struct net_device *dev, struct sk_buff *skb) + skb_orphan(skb); if (unlikely(!is_skb_forwardable(dev, skb))) { - atomic_long_inc(&dev->rx_dropped); @@ -86174,7 +84875,7 @@ index d592214..2764363 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -2183,7 +2187,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) +@@ -2351,7 +2351,7 @@ static int illegal_highdma(struct net_device *dev, struct sk_buff *skb) struct dev_gso_cb { void (*destructor)(struct sk_buff *skb); @@ -86183,7 +84884,7 @@ index d592214..2764363 100644 #define DEV_GSO_CB(skb) ((struct dev_gso_cb *)(skb)->cb) -@@ -3056,7 +3060,7 @@ enqueue: +@@ -3093,7 +3093,7 @@ enqueue: local_irq_restore(flags); @@ -86192,7 +84893,7 @@ index d592214..2764363 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -3128,7 +3132,7 @@ int netif_rx_ni(struct sk_buff *skb) +@@ -3165,7 +3165,7 @@ int netif_rx_ni(struct sk_buff *skb) } EXPORT_SYMBOL(netif_rx_ni); @@ -86201,7 +84902,7 @@ index d592214..2764363 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); -@@ -3466,7 +3470,7 @@ ncls: +@@ -3490,7 +3490,7 @@ ncls: ret = pt_prev->func(skb, skb->dev, pt_prev, orig_dev); } else { drop: @@ -86210,7 +84911,7 @@ index d592214..2764363 100644 kfree_skb(skb); /* Jamal, now you will not able to escape explaining * me how you were going to use this. :-) -@@ -4049,7 +4053,7 @@ void netif_napi_del(struct napi_struct *napi) +@@ -4095,7 +4095,7 @@ void netif_napi_del(struct napi_struct *napi) } EXPORT_SYMBOL(netif_napi_del); @@ -86219,21 +84920,7 @@ index d592214..2764363 100644 { struct softnet_data *sd = &__get_cpu_var(softnet_data); unsigned long time_limit = jiffies + 2; -@@ -4533,8 +4537,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v) - else - seq_printf(seq, "%04x", ntohs(pt->type)); - -+#ifdef CONFIG_GRKERNSEC_HIDESYM -+ seq_printf(seq, " %-8s %p\n", -+ pt->dev ? pt->dev->name : "", NULL); -+#else - seq_printf(seq, " %-8s %pF\n", - pt->dev ? pt->dev->name : "", pt->func); -+#endif - } - - return 0; -@@ -6106,7 +6115,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, +@@ -5522,7 +5522,7 @@ struct rtnl_link_stats64 *dev_get_stats(struct net_device *dev, } else { netdev_stats_to_stats64(storage, &dev->stats); } @@ -86242,8 +84929,26 @@ index d592214..2764363 100644 return storage; } EXPORT_SYMBOL(dev_get_stats); +diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c +index 6cc0481..59cfb00 100644 +--- a/net/core/dev_ioctl.c ++++ b/net/core/dev_ioctl.c +@@ -376,9 +376,13 @@ void dev_load(struct net *net, const char *name) + if (no_module && capable(CAP_NET_ADMIN)) + no_module = request_module("netdev-%s", name); + if (no_module && capable(CAP_SYS_MODULE)) { ++#ifdef CONFIG_GRKERNSEC_MODHARDEN ++ ___request_module(true, "grsec_modharden_netdev", "%s", name); ++#else + if (!request_module("%s", name)) + pr_warn("Loading kernel module for a network device with CAP_SYS_MODULE (deprecated). Use CAP_NET_ADMIN and alias netdev-%s instead.\n", + name); ++#endif + } + } + EXPORT_SYMBOL(dev_load); diff --git a/net/core/flow.c b/net/core/flow.c -index 3bad824..2071a55 100644 +index 2bfd081..53c6058 100644 --- a/net/core/flow.c +++ b/net/core/flow.c @@ -61,7 +61,7 @@ struct flow_cache { @@ -86264,7 +84969,7 @@ index 3bad824..2071a55 100644 return 0; if (fle->object && !fle->object->ops->check(fle->object)) return 0; -@@ -259,7 +259,7 @@ flow_cache_lookup(struct net *net, const struct flowi *key, u16 family, u8 dir, +@@ -258,7 +258,7 @@ flow_cache_lookup(struct net *net, const struct flowi *key, u16 family, u8 dir, hlist_add_head(&fle->u.hlist, &fcp->hash_table[hash]); fcp->hash_count++; } @@ -86273,7 +84978,7 @@ index 3bad824..2071a55 100644 flo = fle->object; if (!flo) goto ret_object; -@@ -280,7 +280,7 @@ nocache: +@@ -279,7 +279,7 @@ nocache: } flo = resolver(net, key, family, dir, flo, ctx); if (fle) { @@ -86305,10 +85010,10 @@ index 7e7aeb0..2a998cb 100644 m->msg_iov = iov; diff --git a/net/core/neighbour.c b/net/core/neighbour.c -index c815f28..e6403f2 100644 +index 3863b8f..85c99a6 100644 --- a/net/core/neighbour.c +++ b/net/core/neighbour.c -@@ -2776,7 +2776,7 @@ static int proc_unres_qlen(ctl_table *ctl, int write, void __user *buffer, +@@ -2778,7 +2778,7 @@ static int proc_unres_qlen(ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { int size, ret; @@ -86317,11 +85022,29 @@ index c815f28..e6403f2 100644 tmp.extra1 = &zero; tmp.extra2 = &unres_qlen_max; +diff --git a/net/core/net-procfs.c b/net/core/net-procfs.c +index 3174f19..5810985 100644 +--- a/net/core/net-procfs.c ++++ b/net/core/net-procfs.c +@@ -271,8 +271,13 @@ static int ptype_seq_show(struct seq_file *seq, void *v) + else + seq_printf(seq, "%04x", ntohs(pt->type)); + ++#ifdef CONFIG_GRKERNSEC_HIDESYM ++ seq_printf(seq, " %-8s %pF\n", ++ pt->dev ? pt->dev->name : "", NULL); ++#else + seq_printf(seq, " %-8s %pF\n", + pt->dev ? pt->dev->name : "", pt->func); ++#endif + } + + return 0; diff --git a/net/core/net-sysfs.c b/net/core/net-sysfs.c -index 28c5f5a..7edf2e2 100644 +index 7427ab5..389f411 100644 --- a/net/core/net-sysfs.c +++ b/net/core/net-sysfs.c -@@ -1455,7 +1455,7 @@ void netdev_class_remove_file(struct class_attribute *class_attr) +@@ -1321,7 +1321,7 @@ void netdev_class_remove_file(struct class_attribute *class_attr) } EXPORT_SYMBOL(netdev_class_remove_file); @@ -86331,7 +85054,7 @@ index 28c5f5a..7edf2e2 100644 kobj_ns_type_register(&net_ns_type_operations); return class_register(&net_class); diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c -index 8acce01..2e306bb 100644 +index 80e271d..2980cc2 100644 --- a/net/core/net_namespace.c +++ b/net/core/net_namespace.c @@ -442,7 +442,7 @@ static int __register_pernet_operations(struct list_head *list, @@ -86371,7 +85094,7 @@ index 8acce01..2e306bb 100644 return error; } diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c -index 055fb13..5ee16b2 100644 +index 23854b5..ff4fda4 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -58,7 +58,7 @@ struct rtnl_link { @@ -86468,10 +85191,10 @@ index e61a8bb..6a2f13c 100644 #ifdef CONFIG_INET static u32 seq_scale(u32 seq) diff --git a/net/core/sock.c b/net/core/sock.c -index bc131d4..029e378 100644 +index b261a79..8fe17ab 100644 --- a/net/core/sock.c +++ b/net/core/sock.c -@@ -388,7 +388,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -390,7 +390,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) struct sk_buff_head *list = &sk->sk_receive_queue; if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) { @@ -86480,7 +85203,7 @@ index bc131d4..029e378 100644 trace_sock_rcvqueue_full(sk, skb); return -ENOMEM; } -@@ -398,7 +398,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -400,7 +400,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) return err; if (!sk_rmem_schedule(sk, skb, skb->truesize)) { @@ -86489,7 +85212,7 @@ index bc131d4..029e378 100644 return -ENOBUFS; } -@@ -418,7 +418,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -420,7 +420,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) skb_dst_force(skb); spin_lock_irqsave(&list->lock, flags); @@ -86498,7 +85221,7 @@ index bc131d4..029e378 100644 __skb_queue_tail(list, skb); spin_unlock_irqrestore(&list->lock, flags); -@@ -438,7 +438,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) +@@ -440,7 +440,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) skb->dev = NULL; if (sk_rcvqueues_full(sk, skb, sk->sk_rcvbuf)) { @@ -86507,7 +85230,7 @@ index bc131d4..029e378 100644 goto discard_and_relse; } if (nested) -@@ -456,7 +456,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) +@@ -458,7 +458,7 @@ int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested) mutex_release(&sk->sk_lock.dep_map, 1, _RET_IP_); } else if (sk_add_backlog(sk, skb, sk->sk_rcvbuf)) { bh_unlock_sock(sk); @@ -86516,7 +85239,7 @@ index bc131d4..029e378 100644 goto discard_and_relse; } -@@ -930,12 +930,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -942,12 +942,12 @@ int sock_getsockopt(struct socket *sock, int level, int optname, struct timeval tm; } v; @@ -86532,7 +85255,7 @@ index bc131d4..029e378 100644 return -EINVAL; memset(&v, 0, sizeof(v)); -@@ -1083,11 +1083,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -1099,11 +1099,11 @@ int sock_getsockopt(struct socket *sock, int level, int optname, case SO_PEERNAME: { @@ -86546,7 +85269,7 @@ index bc131d4..029e378 100644 return -EINVAL; if (copy_to_user(optval, address, len)) return -EFAULT; -@@ -1146,7 +1146,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, +@@ -1166,7 +1166,7 @@ int sock_getsockopt(struct socket *sock, int level, int optname, if (len > lv) len = lv; @@ -86555,7 +85278,7 @@ index bc131d4..029e378 100644 return -EFAULT; lenout: if (put_user(len, optlen)) -@@ -2276,7 +2276,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) +@@ -2296,7 +2296,7 @@ void sock_init_data(struct socket *sock, struct sock *sk) */ smp_wmb(); atomic_set(&sk->sk_refcnt, 1); @@ -86565,7 +85288,7 @@ index bc131d4..029e378 100644 EXPORT_SYMBOL(sock_init_data); diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c -index 750f44f..922399c 100644 +index a29e90c..922399c 100644 --- a/net/core/sock_diag.c +++ b/net/core/sock_diag.c @@ -9,26 +9,33 @@ @@ -86616,7 +85339,7 @@ index 750f44f..922399c 100644 mutex_unlock(&sock_diag_table_mutex); return err; -@@ -92,26 +102,13 @@ void sock_diag_unregister(const struct sock_diag_handler *hnld) +@@ -92,7 +102,9 @@ void sock_diag_unregister(const struct sock_diag_handler *hnld) mutex_lock(&sock_diag_table_mutex); BUG_ON(sock_diag_handlers[family] != hnld); @@ -86626,50 +85349,11 @@ index 750f44f..922399c 100644 mutex_unlock(&sock_diag_table_mutex); } EXPORT_SYMBOL_GPL(sock_diag_unregister); - --static const inline struct sock_diag_handler *sock_diag_lock_handler(int family) --{ -- if (sock_diag_handlers[family] == NULL) -- request_module("net-pf-%d-proto-%d-type-%d", PF_NETLINK, -- NETLINK_SOCK_DIAG, family); -- -- mutex_lock(&sock_diag_table_mutex); -- return sock_diag_handlers[family]; --} -- --static inline void sock_diag_unlock_handler(const struct sock_diag_handler *h) --{ -- mutex_unlock(&sock_diag_table_mutex); --} -- - static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) - { - int err; -@@ -124,12 +121,17 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) - if (req->sdiag_family >= AF_MAX) - return -EINVAL; - -- hndl = sock_diag_lock_handler(req->sdiag_family); -+ if (sock_diag_handlers[req->sdiag_family] == NULL) -+ request_module("net-pf-%d-proto-%d-type-%d", PF_NETLINK, -+ NETLINK_SOCK_DIAG, req->sdiag_family); -+ -+ mutex_lock(&sock_diag_table_mutex); -+ hndl = sock_diag_handlers[req->sdiag_family]; - if (hndl == NULL) - err = -ENOENT; - else - err = hndl->dump(skb, nlh); -- sock_diag_unlock_handler(hndl); -+ mutex_unlock(&sock_diag_table_mutex); - - return err; - } diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c -index d1b0804..98cf5f7 100644 +index cfdb46a..cef55e1 100644 --- a/net/core/sysctl_net_core.c +++ b/net/core/sysctl_net_core.c -@@ -26,7 +26,7 @@ static int rps_sock_flow_sysctl(ctl_table *table, int write, +@@ -28,7 +28,7 @@ static int rps_sock_flow_sysctl(ctl_table *table, int write, { unsigned int orig_size, size; int ret, i; @@ -86678,7 +85362,7 @@ index d1b0804..98cf5f7 100644 .data = &size, .maxlen = sizeof(size), .mode = table->mode -@@ -205,13 +205,12 @@ static struct ctl_table netns_core_table[] = { +@@ -211,13 +211,12 @@ static struct ctl_table netns_core_table[] = { static __net_init int sysctl_core_net_init(struct net *net) { @@ -86694,7 +85378,7 @@ index d1b0804..98cf5f7 100644 if (tbl == NULL) goto err_dup; -@@ -221,17 +220,16 @@ static __net_init int sysctl_core_net_init(struct net *net) +@@ -227,17 +226,16 @@ static __net_init int sysctl_core_net_init(struct net *net) if (net->user_ns != &init_user_ns) { tbl[0].procname = NULL; } @@ -86716,7 +85400,7 @@ index d1b0804..98cf5f7 100644 err_dup: return -ENOMEM; } -@@ -246,7 +244,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net) +@@ -252,7 +250,7 @@ static __net_exit void sysctl_core_net_exit(struct net *net) kfree(tbl); } @@ -86726,10 +85410,10 @@ index d1b0804..98cf5f7 100644 .exit = sysctl_core_net_exit, }; diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c -index 307c322..78a4c6f 100644 +index c21f200..bc4565b 100644 --- a/net/decnet/af_decnet.c +++ b/net/decnet/af_decnet.c -@@ -468,6 +468,7 @@ static struct proto dn_proto = { +@@ -465,6 +465,7 @@ static struct proto dn_proto = { .sysctl_rmem = sysctl_decnet_rmem, .max_header = DN_MAX_NSP_DATA_HEADER + 64, .obj_size = sizeof(struct dn_sock), @@ -86760,7 +85444,7 @@ index a55eecc..dd8428c 100644 *lenp = len; diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c -index fcf104e..6b748ea 100644 +index c929d9c..df10cde 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -115,6 +115,7 @@ @@ -86783,9 +85467,9 @@ index fcf104e..6b748ea 100644 } EXPORT_SYMBOL(build_ehash_secret); -@@ -1717,13 +1720,9 @@ static int __init inet_init(void) +@@ -1699,13 +1702,9 @@ static int __init inet_init(void) - BUILD_BUG_ON(sizeof(struct inet_skb_parm) > sizeof(dummy_skb->cb)); + BUILD_BUG_ON(sizeof(struct inet_skb_parm) > FIELD_SIZEOF(struct sk_buff, cb)); - sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL); - if (!sysctl_local_reserved_ports) @@ -86798,7 +85482,7 @@ index fcf104e..6b748ea 100644 rc = proto_register(&udp_prot, 1); if (rc) -@@ -1832,8 +1831,6 @@ out_unregister_udp_proto: +@@ -1814,8 +1813,6 @@ out_unregister_udp_proto: proto_unregister(&udp_prot); out_unregister_tcp_proto: proto_unregister(&tcp_prot); @@ -86808,10 +85492,10 @@ index fcf104e..6b748ea 100644 } diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c -index a69b4e4..dbccba5 100644 +index 2e7f194..0fa4d6d 100644 --- a/net/ipv4/ah4.c +++ b/net/ipv4/ah4.c -@@ -421,7 +421,7 @@ static void ah4_err(struct sk_buff *skb, u32 info) +@@ -420,7 +420,7 @@ static void ah4_err(struct sk_buff *skb, u32 info) return; if (icmp_hdr(skb)->type == ICMP_DEST_UNREACH) { @@ -86821,10 +85505,10 @@ index a69b4e4..dbccba5 100644 ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_AH, 0); diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c -index a8e4f26..25e5f40 100644 +index c6287cd..e9bc96a 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c -@@ -1763,7 +1763,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write, +@@ -1992,7 +1992,7 @@ static int ipv4_doint_and_flush(ctl_table *ctl, int write, #define DEVINET_SYSCTL_FLUSHING_ENTRY(attr, name) \ DEVINET_SYSCTL_COMPLEX_ENTRY(attr, name, ipv4_doint_and_flush) @@ -86833,7 +85517,7 @@ index a8e4f26..25e5f40 100644 struct ctl_table_header *sysctl_header; struct ctl_table devinet_vars[__IPV4_DEVCONF_MAX]; } devinet_sysctl = { -@@ -1881,7 +1881,7 @@ static __net_init int devinet_init_net(struct net *net) +@@ -2110,7 +2110,7 @@ static __net_init int devinet_init_net(struct net *net) int err; struct ipv4_devconf *all, *dflt; #ifdef CONFIG_SYSCTL @@ -86842,7 +85526,7 @@ index a8e4f26..25e5f40 100644 struct ctl_table_header *forw_hdr; #endif -@@ -1899,7 +1899,7 @@ static __net_init int devinet_init_net(struct net *net) +@@ -2128,7 +2128,7 @@ static __net_init int devinet_init_net(struct net *net) goto err_alloc_dflt; #ifdef CONFIG_SYSCTL @@ -86851,7 +85535,7 @@ index a8e4f26..25e5f40 100644 if (tbl == NULL) goto err_alloc_ctl; -@@ -1919,7 +1919,10 @@ static __net_init int devinet_init_net(struct net *net) +@@ -2148,7 +2148,10 @@ static __net_init int devinet_init_net(struct net *net) goto err_reg_dflt; err = -ENOMEM; @@ -86863,7 +85547,7 @@ index a8e4f26..25e5f40 100644 if (forw_hdr == NULL) goto err_reg_ctl; net->ipv4.forw_hdr = forw_hdr; -@@ -1935,8 +1938,7 @@ err_reg_ctl: +@@ -2164,8 +2167,7 @@ err_reg_ctl: err_reg_dflt: __devinet_sysctl_unregister(all); err_reg_all: @@ -86887,10 +85571,10 @@ index 4cfe34d..a6ba66e 100644 ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_ESP, 0); diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c -index 5cd75e2..f57ef39 100644 +index eb4bb12..ee4ec7d 100644 --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c -@@ -1020,12 +1020,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event, +@@ -1017,12 +1017,12 @@ static int fib_inetaddr_event(struct notifier_block *this, unsigned long event, #ifdef CONFIG_IP_ROUTE_MULTIPATH fib_sync_up(dev); #endif @@ -86905,7 +85589,7 @@ index 5cd75e2..f57ef39 100644 if (ifa->ifa_dev->ifa_list == NULL) { /* Last address was deleted from this interface. * Disable IP. -@@ -1061,7 +1061,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo +@@ -1058,7 +1058,7 @@ static int fib_netdev_event(struct notifier_block *this, unsigned long event, vo #ifdef CONFIG_IP_ROUTE_MULTIPATH fib_sync_up(dev); #endif @@ -86915,10 +85599,10 @@ index 5cd75e2..f57ef39 100644 break; case NETDEV_DOWN: diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c -index 4797a80..2bd54e9 100644 +index 8f6cb7a..34507f9 100644 --- a/net/ipv4/fib_semantics.c +++ b/net/ipv4/fib_semantics.c -@@ -767,7 +767,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh) +@@ -765,7 +765,7 @@ __be32 fib_info_update_nh_saddr(struct net *net, struct fib_nh *nh) nh->nh_saddr = inet_select_addr(nh->nh_dev, nh->nh_gw, nh->nh_parent->fib_scope); @@ -86928,7 +85612,7 @@ index 4797a80..2bd54e9 100644 return nh->nh_saddr; } diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c -index d0670f0..744ac80 100644 +index 786d97a..1889c0d 100644 --- a/net/ipv4/inet_connection_sock.c +++ b/net/ipv4/inet_connection_sock.c @@ -37,7 +37,7 @@ struct local_ports sysctl_local_ports __read_mostly = { @@ -86941,7 +85625,7 @@ index d0670f0..744ac80 100644 void inet_get_local_port_range(int *low, int *high) diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c -index fa3ae81..0dbe6b8 100644 +index 6af375a..c493c74 100644 --- a/net/ipv4/inet_hashtables.c +++ b/net/ipv4/inet_hashtables.c @@ -18,12 +18,15 @@ @@ -86960,7 +85644,7 @@ index fa3ae81..0dbe6b8 100644 /* * Allocate and initialize a new local port bind bucket. * The bindhash mutex for snum's hash chain must be held here. -@@ -540,6 +543,8 @@ ok: +@@ -554,6 +557,8 @@ ok: twrefcnt += inet_twsk_bind_unhash(tw, hinfo); spin_unlock(&head->lock); @@ -86985,10 +85669,10 @@ index 000e3d2..5472da3 100644 secure_ip_id(daddr->addr.a4) : secure_ipv6_id(daddr->addr.a6)); diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c -index 0fcfee3..66e86c9 100644 +index 52c273e..579060b 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c -@@ -318,7 +318,7 @@ static inline int ip_frag_too_far(struct ipq *qp) +@@ -311,7 +311,7 @@ static inline int ip_frag_too_far(struct ipq *qp) return 0; start = qp->rid; @@ -86997,7 +85681,7 @@ index 0fcfee3..66e86c9 100644 qp->rid = end; rc = qp->q.fragments && (end - start) > max; -@@ -793,12 +793,11 @@ static struct ctl_table ip4_frags_ctl_table[] = { +@@ -788,12 +788,11 @@ static struct ctl_table ip4_frags_ctl_table[] = { static int __net_init ip4_frags_ns_ctl_register(struct net *net) { @@ -87012,7 +85696,7 @@ index 0fcfee3..66e86c9 100644 if (table == NULL) goto err_alloc; -@@ -809,9 +808,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) +@@ -804,9 +803,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) /* Don't export sysctls to unprivileged users */ if (net->user_ns != &init_user_ns) table[0].procname = NULL; @@ -87025,7 +85709,7 @@ index 0fcfee3..66e86c9 100644 if (hdr == NULL) goto err_reg; -@@ -819,8 +819,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) +@@ -814,8 +814,7 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net) return 0; err_reg: @@ -87036,7 +85720,7 @@ index 0fcfee3..66e86c9 100644 return -ENOMEM; } diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c -index a85062b..2958a9b 100644 +index 91d66db..4af7d99 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c @@ -124,7 +124,7 @@ static bool log_ecn_error = true; @@ -87048,7 +85732,7 @@ index a85062b..2958a9b 100644 static int ipgre_tunnel_init(struct net_device *dev); static void ipgre_tunnel_setup(struct net_device *dev); static int ipgre_tunnel_bind_dev(struct net_device *dev); -@@ -1753,7 +1753,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = { +@@ -1823,7 +1823,7 @@ static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = { [IFLA_GRE_PMTUDISC] = { .type = NLA_U8 }, }; @@ -87057,7 +85741,7 @@ index a85062b..2958a9b 100644 .kind = "gre", .maxtype = IFLA_GRE_MAX, .policy = ipgre_policy, -@@ -1766,7 +1766,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = { +@@ -1836,7 +1836,7 @@ static struct rtnl_link_ops ipgre_link_ops __read_mostly = { .fill_info = ipgre_fill_info, }; @@ -87112,7 +85796,7 @@ index c3a4233..1412161 100644 .maxtype = IFLA_VTI_MAX, .policy = vti_policy, diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c -index 9a46dae..5f793a0 100644 +index f01d1b1..8fe03ad 100644 --- a/net/ipv4/ipcomp.c +++ b/net/ipv4/ipcomp.c @@ -48,7 +48,7 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info) @@ -87125,7 +85809,7 @@ index 9a46dae..5f793a0 100644 ipv4_update_pmtu(skb, net, info, 0, 0, IPPROTO_COMP, 0); diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c -index a2e50ae..e152b7c 100644 +index bf6c5cf..ab2e9c6 100644 --- a/net/ipv4/ipconfig.c +++ b/net/ipv4/ipconfig.c @@ -323,7 +323,7 @@ static int __init ic_devinet_ioctl(unsigned int cmd, struct ifreq *arg) @@ -87156,7 +85840,7 @@ index a2e50ae..e152b7c 100644 return res; } diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c -index 191fc24..1b3b804 100644 +index 8f024d4..8b3500c 100644 --- a/net/ipv4/ipip.c +++ b/net/ipv4/ipip.c @@ -138,7 +138,7 @@ struct ipip_net { @@ -87168,7 +85852,7 @@ index 191fc24..1b3b804 100644 static struct rtnl_link_stats64 *ipip_get_stats64(struct net_device *dev, struct rtnl_link_stats64 *tot) -@@ -972,7 +972,7 @@ static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = { +@@ -974,7 +974,7 @@ static const struct nla_policy ipip_policy[IFLA_IPTUN_MAX + 1] = { [IFLA_IPTUN_PMTUDISC] = { .type = NLA_U8 }, }; @@ -87178,7 +85862,7 @@ index 191fc24..1b3b804 100644 .maxtype = IFLA_IPTUN_MAX, .policy = ipip_policy, diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c -index 3ea4127..849297b 100644 +index 7dc6a97..229c61b 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c @@ -879,14 +879,14 @@ static int compat_table_info(const struct xt_table_info *info, @@ -87227,7 +85911,7 @@ index 3ea4127..849297b 100644 case ARPT_SO_GET_ENTRIES: diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c -index 17c5e06..1b91206 100644 +index 3efcf87..5247916 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c @@ -1068,14 +1068,14 @@ static int compat_table_info(const struct xt_table_info *info, @@ -87276,7 +85960,7 @@ index 17c5e06..1b91206 100644 case IPT_SO_GET_ENTRIES: diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c -index dc454cc..5bb917f 100644 +index 2e91006..f084394 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -844,7 +844,7 @@ static void ping_format_sock(struct sock *sp, struct seq_file *f, @@ -87289,10 +85973,10 @@ index dc454cc..5bb917f 100644 static int ping_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c -index 6f08991..55867ad 100644 +index dd44e0a..06dcca4 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c -@@ -311,7 +311,7 @@ static int raw_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -309,7 +309,7 @@ static int raw_rcv_skb(struct sock *sk, struct sk_buff *skb) int raw_rcv(struct sock *sk, struct sk_buff *skb) { if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) { @@ -87301,7 +85985,7 @@ index 6f08991..55867ad 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -747,16 +747,20 @@ static int raw_init(struct sock *sk) +@@ -745,16 +745,20 @@ static int raw_init(struct sock *sk) static int raw_seticmpfilter(struct sock *sk, char __user *optval, int optlen) { @@ -87323,7 +86007,7 @@ index 6f08991..55867ad 100644 if (get_user(len, optlen)) goto out; -@@ -766,8 +770,8 @@ static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *o +@@ -764,8 +768,8 @@ static int raw_geticmpfilter(struct sock *sk, char __user *optval, int __user *o if (len > sizeof(struct icmp_filter)) len = sizeof(struct icmp_filter); ret = -EFAULT; @@ -87334,7 +86018,7 @@ index 6f08991..55867ad 100644 goto out; ret = 0; out: return ret; -@@ -998,7 +1002,7 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) +@@ -994,7 +998,7 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) 0, 0L, 0, from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)), 0, sock_i_ino(sp), @@ -87344,10 +86028,10 @@ index 6f08991..55867ad 100644 static int raw_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv4/route.c b/net/ipv4/route.c -index a0fcc47..32e2c89 100644 +index 6e28514..5e1b055 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c -@@ -2552,34 +2552,34 @@ static struct ctl_table ipv4_route_flush_table[] = { +@@ -2553,34 +2553,34 @@ static struct ctl_table ipv4_route_flush_table[] = { .maxlen = sizeof(int), .mode = 0200, .proc_handler = ipv4_sysctl_rtcache_flush, @@ -87390,7 +86074,7 @@ index a0fcc47..32e2c89 100644 err_dup: return -ENOMEM; } -@@ -2602,7 +2602,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { +@@ -2603,7 +2603,7 @@ static __net_initdata struct pernet_operations sysctl_route_ops = { static __net_init int rt_genid_init(struct net *net) { @@ -87400,10 +86084,10 @@ index a0fcc47..32e2c89 100644 sizeof(net->ipv4.dev_addr_genid)); return 0; diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c -index d84400b..62e066e 100644 +index 960fd29..d55bf64 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c -@@ -54,7 +54,7 @@ static int ipv4_local_port_range(ctl_table *table, int write, +@@ -55,7 +55,7 @@ static int ipv4_local_port_range(ctl_table *table, int write, { int ret; int range[2]; @@ -87412,7 +86096,7 @@ index d84400b..62e066e 100644 .data = &range, .maxlen = sizeof(range), .mode = table->mode, -@@ -107,7 +107,7 @@ static int ipv4_ping_group_range(ctl_table *table, int write, +@@ -108,7 +108,7 @@ static int ipv4_ping_group_range(ctl_table *table, int write, int ret; gid_t urange[2]; kgid_t low, high; @@ -87421,7 +86105,7 @@ index d84400b..62e066e 100644 .data = &urange, .maxlen = sizeof(urange), .mode = table->mode, -@@ -138,7 +138,7 @@ static int proc_tcp_congestion_control(ctl_table *ctl, int write, +@@ -139,7 +139,7 @@ static int proc_tcp_congestion_control(ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { char val[TCP_CA_NAME_MAX]; @@ -87430,7 +86114,7 @@ index d84400b..62e066e 100644 .data = val, .maxlen = TCP_CA_NAME_MAX, }; -@@ -157,7 +157,7 @@ static int proc_tcp_available_congestion_control(ctl_table *ctl, +@@ -158,7 +158,7 @@ static int proc_tcp_available_congestion_control(ctl_table *ctl, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -87439,7 +86123,7 @@ index d84400b..62e066e 100644 int ret; tbl.data = kmalloc(tbl.maxlen, GFP_USER); -@@ -174,7 +174,7 @@ static int proc_allowed_congestion_control(ctl_table *ctl, +@@ -175,7 +175,7 @@ static int proc_allowed_congestion_control(ctl_table *ctl, void __user *buffer, size_t *lenp, loff_t *ppos) { @@ -87448,7 +86132,7 @@ index d84400b..62e066e 100644 int ret; tbl.data = kmalloc(tbl.maxlen, GFP_USER); -@@ -200,15 +200,17 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write, +@@ -201,15 +201,17 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write, struct mem_cgroup *memcg; #endif @@ -87469,16 +86153,16 @@ index d84400b..62e066e 100644 } ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos); -@@ -235,7 +237,7 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write, - int proc_tcp_fastopen_key(ctl_table *ctl, int write, void __user *buffer, - size_t *lenp, loff_t *ppos) +@@ -236,7 +238,7 @@ static int ipv4_tcp_mem(ctl_table *ctl, int write, + static int proc_tcp_fastopen_key(ctl_table *ctl, int write, void __user *buffer, + size_t *lenp, loff_t *ppos) { - ctl_table tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) }; + ctl_table_no_const tbl = { .maxlen = (TCP_FASTOPEN_KEY_LENGTH * 2 + 10) }; struct tcp_fastopen_context *ctxt; int ret; u32 user_key[4]; /* 16 bytes, matching TCP_FASTOPEN_KEY_LENGTH */ -@@ -476,7 +478,7 @@ static struct ctl_table ipv4_table[] = { +@@ -477,7 +479,7 @@ static struct ctl_table ipv4_table[] = { }, { .procname = "ip_local_reserved_ports", @@ -87487,7 +86171,7 @@ index d84400b..62e066e 100644 .maxlen = 65536, .mode = 0644, .proc_handler = proc_do_large_bitmap, -@@ -860,11 +862,10 @@ static struct ctl_table ipv4_net_table[] = { +@@ -856,11 +858,10 @@ static struct ctl_table ipv4_net_table[] = { static __net_init int ipv4_sysctl_init_net(struct net *net) { @@ -87501,7 +86185,7 @@ index d84400b..62e066e 100644 if (table == NULL) goto err_alloc; -@@ -897,15 +898,17 @@ static __net_init int ipv4_sysctl_init_net(struct net *net) +@@ -895,15 +896,17 @@ static __net_init int ipv4_sysctl_init_net(struct net *net) tcp_init_mem(net); @@ -87522,7 +86206,7 @@ index d84400b..62e066e 100644 err_alloc: return -ENOMEM; } -@@ -927,16 +930,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = { +@@ -925,16 +928,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = { static __init int sysctl_ipv4_init(void) { struct ctl_table_header *hdr; @@ -87540,10 +86224,10 @@ index d84400b..62e066e 100644 hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table); if (hdr == NULL) diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c -index b4e8b79..617d6aa 100644 +index 13b9c08..d33a8d0 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c -@@ -4737,7 +4737,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, +@@ -4724,7 +4724,7 @@ static struct sk_buff *tcp_collapse_one(struct sock *sk, struct sk_buff *skb, * simplifies code) */ static void @@ -87552,7 +86236,7 @@ index b4e8b79..617d6aa 100644 struct sk_buff *head, struct sk_buff *tail, u32 start, u32 end) { -@@ -5849,6 +5849,7 @@ discard: +@@ -5838,6 +5838,7 @@ discard: tcp_paws_reject(&tp->rx_opt, 0)) goto discard_and_undo; @@ -87560,7 +86244,7 @@ index b4e8b79..617d6aa 100644 if (th->syn) { /* We see SYN without ACK. It is attempt of * simultaneous connect with crossed SYNs. -@@ -5899,6 +5900,7 @@ discard: +@@ -5888,6 +5889,7 @@ discard: goto discard; #endif } @@ -87568,7 +86252,7 @@ index b4e8b79..617d6aa 100644 /* "fifth, if neither of the SYN or RST bits is set then * drop the segment and return." */ -@@ -5943,7 +5945,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, +@@ -5932,7 +5934,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb, goto discard; if (th->syn) { @@ -87578,7 +86262,7 @@ index b4e8b79..617d6aa 100644 if (icsk->icsk_af_ops->conn_request(sk, skb) < 0) return 1; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index d9130a9..00328ff 100644 +index d09203c..fd5cc91 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -90,6 +90,10 @@ int sysctl_tcp_low_latency __read_mostly; @@ -87592,7 +86276,7 @@ index d9130a9..00328ff 100644 #ifdef CONFIG_TCP_MD5SIG static int tcp_v4_md5_hash_hdr(char *md5_hash, const struct tcp_md5sig_key *key, __be32 daddr, __be32 saddr, const struct tcphdr *th); -@@ -1895,6 +1899,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1897,6 +1901,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -87602,7 +86286,7 @@ index d9130a9..00328ff 100644 tcp_v4_send_reset(rsk, skb); discard: kfree_skb(skb); -@@ -1994,12 +2001,19 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1996,12 +2003,19 @@ int tcp_v4_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -87625,7 +86309,7 @@ index d9130a9..00328ff 100644 if (unlikely(iph->ttl < inet_sk(sk)->min_ttl)) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -2050,6 +2064,10 @@ no_tcp_socket: +@@ -2052,6 +2066,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -87637,7 +86321,7 @@ index d9130a9..00328ff 100644 } diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c -index f35f2df..ccb5ca6 100644 +index b83a49c..6c562a7 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c @@ -27,6 +27,10 @@ @@ -87651,7 +86335,7 @@ index f35f2df..ccb5ca6 100644 int sysctl_tcp_syncookies __read_mostly = 1; EXPORT_SYMBOL(sysctl_tcp_syncookies); -@@ -742,7 +746,10 @@ embryonic_reset: +@@ -744,7 +748,10 @@ embryonic_reset: * avoid becoming vulnerable to outside attack aiming at * resetting legit local connections. */ @@ -87664,7 +86348,7 @@ index f35f2df..ccb5ca6 100644 reqsk_fastopen_remove(sk, req, true); tcp_reset(sk); diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c -index 4526fe6..1a34e43 100644 +index d4943f6..e7a74a5 100644 --- a/net/ipv4/tcp_probe.c +++ b/net/ipv4/tcp_probe.c @@ -204,7 +204,7 @@ static ssize_t tcpprobe_read(struct file *file, char __user *buf, @@ -87706,7 +86390,7 @@ index b78aac3..e18230b 100644 syn_set ? 0 : icsk->icsk_user_timeout, syn_set)) { /* Has it gone just too far? */ diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c -index 1f4d405..3524677 100644 +index 0a073a2..ddf6279 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -87,6 +87,7 @@ @@ -87728,7 +86412,7 @@ index 1f4d405..3524677 100644 struct udp_table udp_table __read_mostly; EXPORT_SYMBOL(udp_table); -@@ -569,6 +574,9 @@ found: +@@ -594,6 +599,9 @@ found: return s; } @@ -87738,7 +86422,7 @@ index 1f4d405..3524677 100644 /* * This routine is called by the ICMP module when it gets some * sort of error condition. If err < 0 then the socket should -@@ -864,9 +872,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, +@@ -889,9 +897,18 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg, dport = usin->sin_port; if (dport == 0) return -EINVAL; @@ -87757,7 +86441,7 @@ index 1f4d405..3524677 100644 daddr = inet->inet_daddr; dport = inet->inet_dport; /* Open fast path for connected socket. -@@ -1108,7 +1125,7 @@ static unsigned int first_packet_length(struct sock *sk) +@@ -1133,7 +1150,7 @@ static unsigned int first_packet_length(struct sock *sk) udp_lib_checksum_complete(skb)) { UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, IS_UDPLITE(sk)); @@ -87766,7 +86450,7 @@ index 1f4d405..3524677 100644 __skb_unlink(skb, rcvq); __skb_queue_tail(&list_kill, skb); } -@@ -1194,6 +1211,10 @@ try_again: +@@ -1219,6 +1236,10 @@ try_again: if (!skb) goto out; @@ -87777,7 +86461,7 @@ index 1f4d405..3524677 100644 ulen = skb->len - sizeof(struct udphdr); copied = len; if (copied > ulen) -@@ -1227,7 +1248,7 @@ try_again: +@@ -1252,7 +1273,7 @@ try_again: if (unlikely(err)) { trace_kfree_skb(skb, udp_recvmsg); if (!peeked) { @@ -87786,7 +86470,7 @@ index 1f4d405..3524677 100644 UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, is_udplite); } -@@ -1510,7 +1531,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -1535,7 +1556,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) drop: UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); @@ -87795,7 +86479,7 @@ index 1f4d405..3524677 100644 kfree_skb(skb); return -1; } -@@ -1529,7 +1550,7 @@ static void flush_stack(struct sock **stack, unsigned int count, +@@ -1554,7 +1575,7 @@ static void flush_stack(struct sock **stack, unsigned int count, skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC); if (!skb1) { @@ -87804,7 +86488,7 @@ index 1f4d405..3524677 100644 UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, IS_UDPLITE(sk)); UDP_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, -@@ -1698,6 +1719,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, +@@ -1723,6 +1744,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, goto csum_error; UDP_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); @@ -87814,7 +86498,7 @@ index 1f4d405..3524677 100644 icmp_send(skb, ICMP_DEST_UNREACH, ICMP_PORT_UNREACH, 0); /* -@@ -2120,7 +2144,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f, +@@ -2152,7 +2176,7 @@ static void udp4_format_sock(struct sock *sp, struct seq_file *f, from_kuid_munged(seq_user_ns(f), sock_i_uid(sp)), 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -87823,11 +86507,50 @@ index 1f4d405..3524677 100644 } int udp4_seq_show(struct seq_file *seq, void *v) +diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c +index 9a459be..086b866 100644 +--- a/net/ipv4/xfrm4_policy.c ++++ b/net/ipv4/xfrm4_policy.c +@@ -264,19 +264,18 @@ static struct ctl_table xfrm4_policy_table[] = { + + static int __net_init xfrm4_net_init(struct net *net) + { +- struct ctl_table *table; ++ ctl_table_no_const *table = NULL; + struct ctl_table_header *hdr; + +- table = xfrm4_policy_table; + if (!net_eq(net, &init_net)) { +- table = kmemdup(table, sizeof(xfrm4_policy_table), GFP_KERNEL); ++ table = kmemdup(xfrm4_policy_table, sizeof(xfrm4_policy_table), GFP_KERNEL); + if (!table) + goto err_alloc; + + table[0].data = &net->xfrm.xfrm4_dst_ops.gc_thresh; +- } +- +- hdr = register_net_sysctl(net, "net/ipv4", table); ++ hdr = register_net_sysctl(net, "net/ipv4", table); ++ } else ++ hdr = register_net_sysctl(net, "net/ipv4", xfrm4_policy_table); + if (!hdr) + goto err_reg; + +@@ -284,8 +283,7 @@ static int __net_init xfrm4_net_init(struct net *net) + return 0; + + err_reg: +- if (!net_eq(net, &init_net)) +- kfree(table); ++ kfree(table); + err_alloc: + return -ENOMEM; + } diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index e8676c2..0a164f6 100644 +index dae802c..bfa4baa 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c -@@ -2272,7 +2272,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) +@@ -2274,7 +2274,7 @@ int addrconf_set_dstaddr(struct net *net, void __user *arg) p.iph.ihl = 5; p.iph.protocol = IPPROTO_IPV6; p.iph.ttl = 64; @@ -87836,7 +86559,7 @@ index e8676c2..0a164f6 100644 if (ops->ndo_do_ioctl) { mm_segment_t oldfs = get_fs(); -@@ -4415,7 +4415,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write, +@@ -4410,7 +4410,7 @@ int addrconf_sysctl_forward(ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -87845,7 +86568,7 @@ index e8676c2..0a164f6 100644 int ret; /* -@@ -4497,7 +4497,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write, +@@ -4492,7 +4492,7 @@ int addrconf_sysctl_disable(ctl_table *ctl, int write, int *valp = ctl->data; int val = *valp; loff_t pos = *ppos; @@ -87868,7 +86591,7 @@ index fff5bdd..15194fb 100644 table = kmemdup(ipv6_icmp_table_template, sizeof(ipv6_icmp_table_template), diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c -index 131dd09..f7ed64f 100644 +index e4efffe..791fe2f 100644 --- a/net/ipv6/ip6_gre.c +++ b/net/ipv6/ip6_gre.c @@ -73,7 +73,7 @@ struct ip6gre_net { @@ -87880,7 +86603,23 @@ index 131dd09..f7ed64f 100644 static int ip6gre_tunnel_init(struct net_device *dev); static void ip6gre_tunnel_setup(struct net_device *dev); static void ip6gre_tunnel_link(struct ip6gre_net *ign, struct ip6_tnl *t); -@@ -1337,7 +1337,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev) +@@ -1135,6 +1135,7 @@ static int ip6gre_tunnel_ioctl(struct net_device *dev, + } + if (t == NULL) + t = netdev_priv(dev); ++ memset(&p, 0, sizeof(p)); + ip6gre_tnl_parm_to_user(&p, &t->parms); + if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) + err = -EFAULT; +@@ -1182,6 +1183,7 @@ static int ip6gre_tunnel_ioctl(struct net_device *dev, + if (t) { + err = 0; + ++ memset(&p, 0, sizeof(p)); + ip6gre_tnl_parm_to_user(&p, &t->parms); + if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof(p))) + err = -EFAULT; +@@ -1335,7 +1337,7 @@ static void ip6gre_fb_tunnel_init(struct net_device *dev) } @@ -87889,7 +86628,7 @@ index 131dd09..f7ed64f 100644 .handler = ip6gre_rcv, .err_handler = ip6gre_err, .flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL, -@@ -1671,7 +1671,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = { +@@ -1669,7 +1671,7 @@ static const struct nla_policy ip6gre_policy[IFLA_GRE_MAX + 1] = { [IFLA_GRE_FLAGS] = { .type = NLA_U32 }, }; @@ -87898,7 +86637,7 @@ index 131dd09..f7ed64f 100644 .kind = "ip6gre", .maxtype = IFLA_GRE_MAX, .policy = ip6gre_policy, -@@ -1684,7 +1684,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = { +@@ -1682,7 +1684,7 @@ static struct rtnl_link_ops ip6gre_link_ops __read_mostly = { .fill_info = ip6gre_fill_info, }; @@ -87908,7 +86647,7 @@ index 131dd09..f7ed64f 100644 .maxtype = IFLA_GRE_MAX, .policy = ip6gre_policy, diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c -index a14f28b..b4b8956 100644 +index fff83cb..82d49dd 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -87,7 +87,7 @@ static u32 HASH(const struct in6_addr *addr1, const struct in6_addr *addr2) @@ -87920,7 +86659,7 @@ index a14f28b..b4b8956 100644 static int ip6_tnl_net_id __read_mostly; struct ip6_tnl_net { -@@ -1686,7 +1686,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = { +@@ -1684,7 +1684,7 @@ static const struct nla_policy ip6_tnl_policy[IFLA_IPTUN_MAX + 1] = { [IFLA_IPTUN_PROTO] = { .type = NLA_U8 }, }; @@ -87943,7 +86682,7 @@ index d1e2e8e..51c19ae 100644 msg.msg_flags = flags; diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c -index 125a90d..2a11f36 100644 +index 341b54a..591e8ed 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c @@ -1076,14 +1076,14 @@ static int compat_table_info(const struct xt_table_info *info, @@ -87991,21 +86730,8 @@ index 125a90d..2a11f36 100644 break; case IP6T_SO_GET_ENTRIES: -diff --git a/net/ipv6/netfilter/ip6t_NPT.c b/net/ipv6/netfilter/ip6t_NPT.c -index 83acc14..0ea43c7 100644 ---- a/net/ipv6/netfilter/ip6t_NPT.c -+++ b/net/ipv6/netfilter/ip6t_NPT.c -@@ -57,7 +57,7 @@ static bool ip6t_npt_map_pfx(const struct ip6t_npt_tginfo *npt, - if (pfx_len - i >= 32) - mask = 0; - else -- mask = htonl(~((1 << (pfx_len - i)) - 1)); -+ mask = htonl((1 << (i - pfx_len + 32)) - 1); - - idx = i / 32; - addr->s6_addr32[idx] &= mask; diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c -index 2f3a018..8bca195 100644 +index 6700069..1e50f42 100644 --- a/net/ipv6/netfilter/nf_conntrack_reasm.c +++ b/net/ipv6/netfilter/nf_conntrack_reasm.c @@ -89,12 +89,11 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = { @@ -88024,9 +86750,9 @@ index 2f3a018..8bca195 100644 if (table == NULL) goto err_alloc; @@ -102,9 +101,9 @@ static int nf_ct_frag6_sysctl_register(struct net *net) - table[0].data = &net->ipv6.frags.high_thresh; - table[1].data = &net->ipv6.frags.low_thresh; - table[2].data = &net->ipv6.frags.timeout; + table[0].data = &net->nf_frag.frags.timeout; + table[1].data = &net->nf_frag.frags.low_thresh; + table[2].data = &net->nf_frag.frags.high_thresh; - } - - hdr = register_net_sysctl(net, "net/netfilter", table); @@ -88047,10 +86773,10 @@ index 2f3a018..8bca195 100644 return -ENOMEM; } diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c -index 70fa814..d70c28c 100644 +index 330b5e7..796fbf1 100644 --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c -@@ -379,7 +379,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -378,7 +378,7 @@ static inline int rawv6_rcv_skb(struct sock *sk, struct sk_buff *skb) { if ((raw6_sk(sk)->checksum || rcu_access_pointer(sk->sk_filter)) && skb_checksum_complete(skb)) { @@ -88059,7 +86785,7 @@ index 70fa814..d70c28c 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -407,7 +407,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb) +@@ -406,7 +406,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb) struct raw6_sock *rp = raw6_sk(sk); if (!xfrm6_policy_check(sk, XFRM_POLICY_IN, skb)) { @@ -88068,7 +86794,7 @@ index 70fa814..d70c28c 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -431,7 +431,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb) +@@ -430,7 +430,7 @@ int rawv6_rcv(struct sock *sk, struct sk_buff *skb) if (inet->hdrincl) { if (skb_checksum_complete(skb)) { @@ -88077,7 +86803,7 @@ index 70fa814..d70c28c 100644 kfree_skb(skb); return NET_RX_DROP; } -@@ -604,7 +604,7 @@ out: +@@ -603,7 +603,7 @@ out: return err; } @@ -88086,7 +86812,7 @@ index 70fa814..d70c28c 100644 struct flowi6 *fl6, struct dst_entry **dstp, unsigned int flags) { -@@ -916,12 +916,15 @@ do_confirm: +@@ -915,12 +915,15 @@ do_confirm: static int rawv6_seticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int optlen) { @@ -88103,7 +86829,7 @@ index 70fa814..d70c28c 100644 return 0; default: return -ENOPROTOOPT; -@@ -934,6 +937,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, +@@ -933,6 +936,7 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, char __user *optval, int __user *optlen) { int len; @@ -88111,7 +86837,7 @@ index 70fa814..d70c28c 100644 switch (optname) { case ICMPV6_FILTER: -@@ -945,7 +949,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, +@@ -944,7 +948,8 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname, len = sizeof(struct icmp6_filter); if (put_user(len, optlen)) return -EFAULT; @@ -88121,7 +86847,7 @@ index 70fa814..d70c28c 100644 return -EFAULT; return 0; default: -@@ -1253,7 +1258,7 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) +@@ -1252,7 +1257,7 @@ static void raw6_sock_seq_show(struct seq_file *seq, struct sock *sp, int i) from_kuid_munged(seq_user_ns(seq), sock_i_uid(sp)), 0, sock_i_ino(sp), @@ -88131,10 +86857,10 @@ index 70fa814..d70c28c 100644 static int raw6_seq_show(struct seq_file *seq, void *v) diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c -index 7a610a6..202dff9 100644 +index 0ba10e5..c14a4f6 100644 --- a/net/ipv6/reassembly.c +++ b/net/ipv6/reassembly.c -@@ -617,12 +617,11 @@ static struct ctl_table ip6_frags_ctl_table[] = { +@@ -602,12 +602,11 @@ static struct ctl_table ip6_frags_ctl_table[] = { static int __net_init ip6_frags_ns_sysctl_register(struct net *net) { @@ -88149,7 +86875,7 @@ index 7a610a6..202dff9 100644 if (table == NULL) goto err_alloc; -@@ -633,9 +632,10 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) +@@ -618,9 +617,10 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) /* Don't export sysctls to unprivileged users */ if (net->user_ns != &init_user_ns) table[0].procname = NULL; @@ -88162,7 +86888,7 @@ index 7a610a6..202dff9 100644 if (hdr == NULL) goto err_reg; -@@ -643,8 +643,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) +@@ -628,8 +628,7 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net) return 0; err_reg: @@ -88173,10 +86899,10 @@ index 7a610a6..202dff9 100644 return -ENOMEM; } diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index 5845613..3af8fc7 100644 +index e5fe004..9fe3e8e 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c -@@ -2966,7 +2966,7 @@ ctl_table ipv6_route_table_template[] = { +@@ -2881,7 +2881,7 @@ ctl_table ipv6_route_table_template[] = { struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net) { @@ -88186,19 +86912,19 @@ index 5845613..3af8fc7 100644 table = kmemdup(ipv6_route_table_template, sizeof(ipv6_route_table_template), diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c -index cfba99b..20ca511 100644 +index 02f96dc..4a5a6e5 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c -@@ -72,7 +72,7 @@ MODULE_PARM_DESC(log_ecn_error, "Log packets received with corrupted ECN"); - static int ipip6_tunnel_init(struct net_device *dev); - static void ipip6_tunnel_setup(struct net_device *dev); +@@ -74,7 +74,7 @@ static void ipip6_tunnel_setup(struct net_device *dev); static void ipip6_dev_free(struct net_device *dev); + static bool check_6rd(struct ip_tunnel *tunnel, const struct in6_addr *v6dst, + __be32 *v4dst); -static struct rtnl_link_ops sit_link_ops __read_mostly; +static struct rtnl_link_ops sit_link_ops; static int sit_net_id __read_mostly; struct sit_net { -@@ -1463,7 +1463,7 @@ static const struct nla_policy ipip6_policy[IFLA_IPTUN_MAX + 1] = { +@@ -1486,7 +1486,7 @@ static const struct nla_policy ipip6_policy[IFLA_IPTUN_MAX + 1] = { #endif }; @@ -88221,7 +86947,7 @@ index e85c48b..b8268d3 100644 struct ctl_table *ipv6_icmp_table; int err; diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c -index 89dfedd..f122ba5 100644 +index 46a5be8..415688d 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -103,6 +103,10 @@ static void inet6_sk_rx_dst_set(struct sock *sk, const struct sk_buff *skb) @@ -88235,7 +86961,7 @@ index 89dfedd..f122ba5 100644 static void tcp_v6_hash(struct sock *sk) { if (sk->sk_state != TCP_CLOSE) { -@@ -1441,6 +1445,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) +@@ -1446,6 +1450,9 @@ static int tcp_v6_do_rcv(struct sock *sk, struct sk_buff *skb) return 0; reset: @@ -88245,7 +86971,7 @@ index 89dfedd..f122ba5 100644 tcp_v6_send_reset(sk, skb); discard: if (opt_skb) -@@ -1522,12 +1529,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) +@@ -1527,12 +1534,20 @@ static int tcp_v6_rcv(struct sk_buff *skb) TCP_SKB_CB(skb)->sacked = 0; sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); @@ -88268,7 +86994,7 @@ index 89dfedd..f122ba5 100644 if (hdr->hop_limit < inet6_sk(sk)->min_hopcount) { NET_INC_STATS_BH(net, LINUX_MIB_TCPMINTTLDROP); -@@ -1576,6 +1591,10 @@ no_tcp_socket: +@@ -1581,6 +1596,10 @@ no_tcp_socket: bad_packet: TCP_INC_STATS_BH(net, TCP_MIB_INERRS); } else { @@ -88280,10 +87006,10 @@ index 89dfedd..f122ba5 100644 } diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c -index fb08329..2d6919e 100644 +index d8e5e85..5a447f4 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c -@@ -51,6 +51,10 @@ +@@ -52,6 +52,10 @@ #include <trace/events/skb.h> #include "udp_impl.h" @@ -88294,7 +87020,7 @@ index fb08329..2d6919e 100644 int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2) { const struct in6_addr *sk_rcv_saddr6 = &inet6_sk(sk)->rcv_saddr; -@@ -395,7 +399,7 @@ try_again: +@@ -419,7 +423,7 @@ try_again: if (unlikely(err)) { trace_kfree_skb(skb, udpv6_recvmsg); if (!peeked) { @@ -88303,7 +87029,7 @@ index fb08329..2d6919e 100644 if (is_udp4) UDP_INC_STATS_USER(sock_net(sk), UDP_MIB_INERRORS, -@@ -633,7 +637,7 @@ int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) +@@ -657,7 +661,7 @@ int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb) return rc; drop: UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, is_udplite); @@ -88312,7 +87038,7 @@ index fb08329..2d6919e 100644 kfree_skb(skb); return -1; } -@@ -691,7 +695,7 @@ static void flush_stack(struct sock **stack, unsigned int count, +@@ -715,7 +719,7 @@ static void flush_stack(struct sock **stack, unsigned int count, if (likely(skb1 == NULL)) skb1 = (i == final) ? skb : skb_clone(skb, GFP_ATOMIC); if (!skb1) { @@ -88321,7 +87047,7 @@ index fb08329..2d6919e 100644 UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_RCVBUFERRORS, IS_UDPLITE(sk)); UDP6_INC_STATS_BH(sock_net(sk), UDP_MIB_INERRORS, -@@ -862,6 +866,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, +@@ -852,6 +856,9 @@ int __udp6_lib_rcv(struct sk_buff *skb, struct udp_table *udptable, goto discard; UDP6_INC_STATS_BH(net, UDP_MIB_NOPORTS, proto == IPPROTO_UDPLITE); @@ -88331,7 +87057,7 @@ index fb08329..2d6919e 100644 icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_PORT_UNREACH, 0); kfree_skb(skb); -@@ -1379,7 +1386,7 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket +@@ -1377,7 +1384,7 @@ static void udp6_sock_seq_show(struct seq_file *seq, struct sock *sp, int bucket 0, sock_i_ino(sp), atomic_read(&sp->sk_refcnt), sp, @@ -88340,11 +87066,50 @@ index fb08329..2d6919e 100644 } int udp6_seq_show(struct seq_file *seq, void *v) +diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c +index 4ef7bdb..9e97017 100644 +--- a/net/ipv6/xfrm6_policy.c ++++ b/net/ipv6/xfrm6_policy.c +@@ -322,19 +322,19 @@ static struct ctl_table xfrm6_policy_table[] = { + + static int __net_init xfrm6_net_init(struct net *net) + { +- struct ctl_table *table; ++ ctl_table_no_const *table = NULL; + struct ctl_table_header *hdr; + +- table = xfrm6_policy_table; + if (!net_eq(net, &init_net)) { +- table = kmemdup(table, sizeof(xfrm6_policy_table), GFP_KERNEL); ++ table = kmemdup(xfrm6_policy_table, sizeof(xfrm6_policy_table), GFP_KERNEL); + if (!table) + goto err_alloc; + + table[0].data = &net->xfrm.xfrm6_dst_ops.gc_thresh; +- } ++ hdr = register_net_sysctl(net, "net/ipv6", table); ++ } else ++ hdr = register_net_sysctl(net, "net/ipv6", xfrm6_policy_table); + +- hdr = register_net_sysctl(net, "net/ipv6", table); + if (!hdr) + goto err_reg; + +@@ -342,8 +342,7 @@ static int __net_init xfrm6_net_init(struct net *net) + return 0; + + err_reg: +- if (!net_eq(net, &init_net)) +- kfree(table); ++ kfree(table); + err_alloc: + return -ENOMEM; + } diff --git a/net/irda/ircomm/ircomm_tty.c b/net/irda/ircomm/ircomm_tty.c -index a68c88c..d55b0c5 100644 +index 362ba47..66196f4 100644 --- a/net/irda/ircomm/ircomm_tty.c +++ b/net/irda/ircomm/ircomm_tty.c -@@ -312,12 +312,12 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, +@@ -319,11 +319,11 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, add_wait_queue(&port->open_wait, &wait); IRDA_DEBUG(2, "%s(%d):block_til_ready before block on %s open_count=%d\n", @@ -88352,14 +87117,13 @@ index a68c88c..d55b0c5 100644 + __FILE__, __LINE__, tty->driver->name, atomic_read(&port->count)); spin_lock_irqsave(&port->lock, flags); - if (!tty_hung_up_p(filp)) { - extra_count = 1; + if (!tty_hung_up_p(filp)) - port->count--; + atomic_dec(&port->count); - } - spin_unlock_irqrestore(&port->lock, flags); port->blocked_open++; -@@ -353,7 +353,7 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, + spin_unlock_irqrestore(&port->lock, flags); + +@@ -358,7 +358,7 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, } IRDA_DEBUG(1, "%s(%d):block_til_ready blocking on %s open_count=%d\n", @@ -88368,15 +87132,14 @@ index a68c88c..d55b0c5 100644 schedule(); } -@@ -364,13 +364,13 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, - if (extra_count) { - /* ++ is not atomic, so this should be protected - Jean II */ - spin_lock_irqsave(&port->lock, flags); +@@ -368,12 +368,12 @@ static int ircomm_tty_block_til_ready(struct ircomm_tty_cb *self, + + spin_lock_irqsave(&port->lock, flags); + if (!tty_hung_up_p(filp)) - port->count++; + atomic_inc(&port->count); - spin_unlock_irqrestore(&port->lock, flags); - } port->blocked_open--; + spin_unlock_irqrestore(&port->lock, flags); IRDA_DEBUG(1, "%s(%d):block_til_ready after blocking on %s open_count=%d\n", - __FILE__, __LINE__, tty->driver->name, port->count); @@ -88384,7 +87147,7 @@ index a68c88c..d55b0c5 100644 if (!retval) port->flags |= ASYNC_NORMAL_ACTIVE; -@@ -444,12 +444,12 @@ static int ircomm_tty_open(struct tty_struct *tty, struct file *filp) +@@ -447,12 +447,12 @@ static int ircomm_tty_open(struct tty_struct *tty, struct file *filp) /* ++ is not atomic, so this should be protected - Jean II */ spin_lock_irqsave(&self->port.lock, flags); @@ -88398,8 +87161,8 @@ index a68c88c..d55b0c5 100644 + self->line, atomic_read(&self->port.count)); /* Not really used by us, but lets do it anyway */ - tty->low_latency = (self->port.flags & ASYNC_LOW_LATENCY) ? 1 : 0; -@@ -986,7 +986,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty) + self->port.low_latency = (self->port.flags & ASYNC_LOW_LATENCY) ? 1 : 0; +@@ -989,7 +989,7 @@ static void ircomm_tty_hangup(struct tty_struct *tty) tty_kref_put(port->tty); } port->tty = NULL; @@ -88408,7 +87171,7 @@ index a68c88c..d55b0c5 100644 spin_unlock_irqrestore(&port->lock, flags); wake_up_interruptible(&port->open_wait); -@@ -1343,7 +1343,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m) +@@ -1346,7 +1346,7 @@ static void ircomm_tty_line_info(struct ircomm_tty_cb *self, struct seq_file *m) seq_putc(m, '\n'); seq_printf(m, "Role: %s\n", self->client ? "client" : "server"); @@ -88417,29 +87180,11 @@ index a68c88c..d55b0c5 100644 seq_printf(m, "Max data size: %d\n", self->max_data_size); seq_printf(m, "Max header size: %d\n", self->max_header_size); -diff --git a/net/irda/iriap.c b/net/irda/iriap.c -index e71e85b..29340a9 100644 ---- a/net/irda/iriap.c -+++ b/net/irda/iriap.c -@@ -495,8 +495,11 @@ static void iriap_getvaluebyclass_confirm(struct iriap_cb *self, - /* case CS_ISO_8859_9: */ - /* case CS_UNICODE: */ - default: -- IRDA_DEBUG(0, "%s(), charset %s, not supported\n", -- __func__, ias_charset_types[charset]); -+ IRDA_DEBUG(0, "%s(), charset [%d] %s, not supported\n", -+ __func__, charset, -+ charset < ARRAY_SIZE(ias_charset_types) ? -+ ias_charset_types[charset] : -+ "(unknown)"); - - /* Aborting, close connection! */ - iriap_disconnect_request(self); diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c -index 625bc50..ac6eef9 100644 +index 206ce6d..cfb27cd 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c -@@ -782,10 +782,10 @@ static int iucv_sock_autobind(struct sock *sk) +@@ -773,10 +773,10 @@ static int iucv_sock_autobind(struct sock *sk) write_lock_bh(&iucv_sk_list.lock); @@ -88453,7 +87198,7 @@ index 625bc50..ac6eef9 100644 write_unlock_bh(&iucv_sk_list.lock); diff --git a/net/iucv/iucv.c b/net/iucv/iucv.c -index df08250..02021fe 100644 +index 4fe76ff..426a904 100644 --- a/net/iucv/iucv.c +++ b/net/iucv/iucv.c @@ -690,7 +690,7 @@ static int __cpuinit iucv_cpu_notify(struct notifier_block *self, @@ -88466,10 +87211,10 @@ index df08250..02021fe 100644 }; diff --git a/net/key/af_key.c b/net/key/af_key.c -index 5b426a6..970032b 100644 +index 5b1e5af..2358147 100644 --- a/net/key/af_key.c +++ b/net/key/af_key.c -@@ -3019,10 +3019,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc +@@ -3041,10 +3041,10 @@ static int pfkey_send_policy_notify(struct xfrm_policy *xp, int dir, const struc static u32 get_acqseq(void) { u32 res; @@ -88483,10 +87228,10 @@ index 5b426a6..970032b 100644 return res; } diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c -index 49c48c6..9e72ff4 100644 +index 843d8c4..6e0a0ff 100644 --- a/net/mac80211/cfg.c +++ b/net/mac80211/cfg.c -@@ -790,7 +790,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy, +@@ -799,7 +799,7 @@ static int ieee80211_set_monitor_channel(struct wiphy *wiphy, ret = ieee80211_vif_use_channel(sdata, chandef, IEEE80211_CHANCTX_EXCLUSIVE); } @@ -88495,7 +87240,7 @@ index 49c48c6..9e72ff4 100644 local->_oper_channel = chandef->chan; local->_oper_channel_type = cfg80211_get_chandef_type(chandef); ieee80211_hw_config(local, 0); -@@ -2718,7 +2718,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy, +@@ -2834,7 +2834,7 @@ static void ieee80211_mgmt_frame_register(struct wiphy *wiphy, else local->probe_req_reg--; @@ -88504,8 +87249,19 @@ index 49c48c6..9e72ff4 100644 break; ieee80211_queue_work(&local->hw, &local->reconfig_filter); +@@ -3297,8 +3297,8 @@ static int ieee80211_cfg_get_channel(struct wiphy *wiphy, + if (chanctx_conf) { + *chandef = chanctx_conf->def; + ret = 0; +- } else if (local->open_count > 0 && +- local->open_count == local->monitors && ++ } else if (atomic_read(&local->open_count) > 0 && ++ atomic_read(&local->open_count) == local->monitors && + sdata->vif.type == NL80211_IFTYPE_MONITOR) { + if (local->use_chanctx) + *chandef = local->monitor_chandef; diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h -index 55d8f89..bec0c2b 100644 +index 5672533..6738c93 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -28,6 +28,7 @@ @@ -88516,7 +87272,7 @@ index 55d8f89..bec0c2b 100644 #include "key.h" #include "sta_info.h" #include "debug.h" -@@ -910,7 +911,7 @@ struct ieee80211_local { +@@ -897,7 +898,7 @@ struct ieee80211_local { /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */ spinlock_t queue_stop_reason_lock; @@ -88526,10 +87282,10 @@ index 55d8f89..bec0c2b 100644 /* number of interfaces with corresponding FIF_ flags */ int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll, diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c -index 8be854e..ad72a69 100644 +index d51ca9d..042c35f 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c -@@ -546,7 +546,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) +@@ -495,7 +495,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) break; } @@ -88538,7 +87294,7 @@ index 8be854e..ad72a69 100644 res = drv_start(local); if (res) goto err_del_bss; -@@ -591,7 +591,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) +@@ -540,7 +540,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) break; } @@ -88547,8 +87303,8 @@ index 8be854e..ad72a69 100644 res = ieee80211_add_virtual_monitor(local); if (res) goto err_stop; -@@ -699,7 +699,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) - mutex_unlock(&local->mtx); +@@ -649,7 +649,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) + atomic_inc(&local->iff_promiscs); if (coming_up) - local->open_count++; @@ -88556,7 +87312,7 @@ index 8be854e..ad72a69 100644 if (hw_reconf_flags) ieee80211_hw_config(local, hw_reconf_flags); -@@ -713,7 +713,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) +@@ -663,7 +663,7 @@ int ieee80211_do_open(struct wireless_dev *wdev, bool coming_up) err_del_interface: drv_remove_interface(local, sdata); err_stop: @@ -88565,7 +87321,7 @@ index 8be854e..ad72a69 100644 drv_stop(local); err_del_bss: sdata->bss = NULL; -@@ -827,7 +827,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -806,7 +806,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, } if (going_down) @@ -88574,7 +87330,7 @@ index 8be854e..ad72a69 100644 switch (sdata->vif.type) { case NL80211_IFTYPE_AP_VLAN: -@@ -884,7 +884,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -871,7 +871,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, ieee80211_recalc_ps(local, -1); @@ -88583,7 +87339,7 @@ index 8be854e..ad72a69 100644 if (local->ops->napi_poll) napi_disable(&local->napi); ieee80211_clear_tx_pending(local); -@@ -910,7 +910,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, +@@ -897,7 +897,7 @@ static void ieee80211_do_stop(struct ieee80211_sub_if_data *sdata, } spin_unlock_irqrestore(&local->queue_stop_reason_lock, flags); @@ -88593,10 +87349,10 @@ index 8be854e..ad72a69 100644 } diff --git a/net/mac80211/main.c b/net/mac80211/main.c -index 1b087ff..bf600e9 100644 +index 1a8591b..ef5db54 100644 --- a/net/mac80211/main.c +++ b/net/mac80211/main.c -@@ -181,7 +181,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) +@@ -180,7 +180,7 @@ int ieee80211_hw_config(struct ieee80211_local *local, u32 changed) changed &= ~(IEEE80211_CONF_CHANGE_CHANNEL | IEEE80211_CONF_CHANGE_POWER); @@ -88606,10 +87362,10 @@ index 1b087ff..bf600e9 100644 /* * Goal: diff --git a/net/mac80211/pm.c b/net/mac80211/pm.c -index 64619f4..c497f0f 100644 +index 835584c..be46e67 100644 --- a/net/mac80211/pm.c +++ b/net/mac80211/pm.c -@@ -35,7 +35,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) +@@ -33,7 +33,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) struct sta_info *sta; struct ieee80211_chanctx *ctx; @@ -88618,7 +87374,7 @@ index 64619f4..c497f0f 100644 goto suspend; ieee80211_scan_cancel(local); -@@ -73,7 +73,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) +@@ -75,7 +75,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) cancel_work_sync(&local->dynamic_ps_enable_work); del_timer_sync(&local->dynamic_ps_timer); @@ -88627,7 +87383,7 @@ index 64619f4..c497f0f 100644 if (local->wowlan) { int err = drv_suspend(local, wowlan); if (err < 0) { -@@ -187,7 +187,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) +@@ -214,7 +214,7 @@ int __ieee80211_suspend(struct ieee80211_hw *hw, struct cfg80211_wowlan *wowlan) mutex_unlock(&local->chanctx_mtx); /* stop hardware - this must stop RX */ @@ -88663,10 +87419,10 @@ index c97a065..ff61928 100644 return p; diff --git a/net/mac80211/util.c b/net/mac80211/util.c -index f11e8c5..08d0013 100644 +index 0f38f43..e53d4a8 100644 --- a/net/mac80211/util.c +++ b/net/mac80211/util.c -@@ -1380,7 +1380,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) +@@ -1388,7 +1388,7 @@ int ieee80211_reconfig(struct ieee80211_local *local) } #endif /* everything else happens only if HW was up & running */ @@ -88676,10 +87432,10 @@ index f11e8c5..08d0013 100644 /* diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig -index 49e96df..63a51c3 100644 +index 56d22ca..87c778f 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig -@@ -936,6 +936,16 @@ config NETFILTER_XT_MATCH_ESP +@@ -958,6 +958,16 @@ config NETFILTER_XT_MATCH_ESP To compile it as a module, choose M here. If unsure, say N. @@ -88697,10 +87453,10 @@ index 49e96df..63a51c3 100644 tristate '"hashlimit" match support' depends on (IP6_NF_IPTABLES || IP6_NF_IPTABLES=n) diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile -index 3259697..54d5393 100644 +index a1abf87..dbcb7ee 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile -@@ -109,6 +109,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o +@@ -112,6 +112,7 @@ obj-$(CONFIG_NETFILTER_XT_MATCH_DEVGROUP) += xt_devgroup.o obj-$(CONFIG_NETFILTER_XT_MATCH_DSCP) += xt_dscp.o obj-$(CONFIG_NETFILTER_XT_MATCH_ECN) += xt_ecn.o obj-$(CONFIG_NETFILTER_XT_MATCH_ESP) += xt_esp.o @@ -88709,10 +87465,10 @@ index 3259697..54d5393 100644 obj-$(CONFIG_NETFILTER_XT_MATCH_HELPER) += xt_helper.o obj-$(CONFIG_NETFILTER_XT_MATCH_HL) += xt_hl.o diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c -index 6d6d8f2..a676749 100644 +index 1ba9dbc..e39f4ca 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c -@@ -1800,7 +1800,7 @@ done: +@@ -1801,7 +1801,7 @@ done: return ret; } @@ -88722,10 +87478,10 @@ index 6d6d8f2..a676749 100644 .get_optmin = SO_IP_SET, .get_optmax = SO_IP_SET + 1, diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c -index 30e764a..c3b6a9d 100644 +index 704e514..d644cc2 100644 --- a/net/netfilter/ipvs/ip_vs_conn.c +++ b/net/netfilter/ipvs/ip_vs_conn.c -@@ -554,7 +554,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest) +@@ -551,7 +551,7 @@ ip_vs_bind_dest(struct ip_vs_conn *cp, struct ip_vs_dest *dest) /* Increase the refcnt counter of the dest */ atomic_inc(&dest->refcnt); @@ -88734,7 +87490,7 @@ index 30e764a..c3b6a9d 100644 if (cp->protocol != IPPROTO_UDP) conn_flags &= ~IP_VS_CONN_F_ONE_PACKET; flags = cp->flags; -@@ -899,7 +899,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p, +@@ -895,7 +895,7 @@ ip_vs_conn_new(const struct ip_vs_conn_param *p, atomic_set(&cp->refcnt, 1); atomic_set(&cp->n_control, 0); @@ -88743,7 +87499,7 @@ index 30e764a..c3b6a9d 100644 atomic_inc(&ipvs->conn_count); if (flags & IP_VS_CONN_F_NO_CPORT) -@@ -1180,7 +1180,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp) +@@ -1174,7 +1174,7 @@ static inline int todrop_entry(struct ip_vs_conn *cp) /* Don't drop the entry if its number of incoming packets is not located in [0, 8] */ @@ -88753,7 +87509,7 @@ index 30e764a..c3b6a9d 100644 if (!todrop_rate[i]) return 0; diff --git a/net/netfilter/ipvs/ip_vs_core.c b/net/netfilter/ipvs/ip_vs_core.c -index 47edf5a..235b07d 100644 +index 61f49d2..6c8c5bc 100644 --- a/net/netfilter/ipvs/ip_vs_core.c +++ b/net/netfilter/ipvs/ip_vs_core.c @@ -559,7 +559,7 @@ int ip_vs_leave(struct ip_vs_service *svc, struct sk_buff *skb, @@ -88765,7 +87521,7 @@ index 47edf5a..235b07d 100644 ip_vs_conn_put(cp); return ret; } -@@ -1691,7 +1691,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af) +@@ -1689,7 +1689,7 @@ ip_vs_in(unsigned int hooknum, struct sk_buff *skb, int af) if (cp->flags & IP_VS_CONN_F_ONE_PACKET) pkts = sysctl_sync_threshold(ipvs); else @@ -88775,7 +87531,7 @@ index 47edf5a..235b07d 100644 if (ipvs->sync_state & IP_VS_STATE_MASTER) ip_vs_sync_conn(net, cp, pkts); diff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c -index ec664cb..7f34a77 100644 +index 9e2d1cc..7f8f569 100644 --- a/net/netfilter/ipvs/ip_vs_ctl.c +++ b/net/netfilter/ipvs/ip_vs_ctl.c @@ -787,7 +787,7 @@ __ip_vs_update_dest(struct ip_vs_service *svc, struct ip_vs_dest *dest, @@ -88796,7 +87552,7 @@ index ec664cb..7f34a77 100644 { .procname = "amemthresh", .maxlen = sizeof(int), -@@ -2081,7 +2081,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) +@@ -2087,7 +2087,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) " %-7s %-6d %-10d %-10d\n", &dest->addr.in6, ntohs(dest->port), @@ -88805,7 +87561,7 @@ index ec664cb..7f34a77 100644 atomic_read(&dest->weight), atomic_read(&dest->activeconns), atomic_read(&dest->inactconns)); -@@ -2092,7 +2092,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) +@@ -2098,7 +2098,7 @@ static int ip_vs_info_seq_show(struct seq_file *seq, void *v) "%-7s %-6d %-10d %-10d\n", ntohl(dest->addr.ip), ntohs(dest->port), @@ -88814,7 +87570,7 @@ index ec664cb..7f34a77 100644 atomic_read(&dest->weight), atomic_read(&dest->activeconns), atomic_read(&dest->inactconns)); -@@ -2562,7 +2562,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, +@@ -2568,7 +2568,7 @@ __ip_vs_get_dest_entries(struct net *net, const struct ip_vs_get_dests *get, entry.addr = dest->addr.ip; entry.port = dest->port; @@ -88823,7 +87579,7 @@ index ec664cb..7f34a77 100644 entry.weight = atomic_read(&dest->weight); entry.u_threshold = dest->u_threshold; entry.l_threshold = dest->l_threshold; -@@ -3098,7 +3098,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) +@@ -3104,7 +3104,7 @@ static int ip_vs_genl_fill_dest(struct sk_buff *skb, struct ip_vs_dest *dest) if (nla_put(skb, IPVS_DEST_ATTR_ADDR, sizeof(dest->addr), &dest->addr) || nla_put_u16(skb, IPVS_DEST_ATTR_PORT, dest->port) || nla_put_u32(skb, IPVS_DEST_ATTR_FWD_METHOD, @@ -88832,7 +87588,7 @@ index ec664cb..7f34a77 100644 IP_VS_CONN_F_FWD_MASK)) || nla_put_u32(skb, IPVS_DEST_ATTR_WEIGHT, atomic_read(&dest->weight)) || -@@ -3688,7 +3688,7 @@ static int __net_init ip_vs_control_net_init_sysctl(struct net *net) +@@ -3694,7 +3694,7 @@ static int __net_init ip_vs_control_net_init_sysctl(struct net *net) { int idx; struct netns_ipvs *ipvs = net_ipvs(net); @@ -88921,7 +87677,7 @@ index ee6b7a9..f9a89f6 100644 } diff --git a/net/netfilter/nf_conntrack_acct.c b/net/netfilter/nf_conntrack_acct.c -index 7df424e..a527b02 100644 +index 2d3030a..7ba1c0a 100644 --- a/net/netfilter/nf_conntrack_acct.c +++ b/net/netfilter/nf_conntrack_acct.c @@ -60,7 +60,7 @@ static struct nf_ct_ext_type acct_extend __read_mostly = { @@ -88934,10 +87690,10 @@ index 7df424e..a527b02 100644 table = kmemdup(acct_sysctl_table, sizeof(acct_sysctl_table), GFP_KERNEL); diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c -index e4a0c4f..c263f28 100644 +index c8e001a..f842a8b 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c -@@ -1529,6 +1529,10 @@ err_extend: +@@ -1594,6 +1594,10 @@ void nf_conntrack_init_end(void) #define DYING_NULLS_VAL ((1<<30)+1) #define TEMPLATE_NULLS_VAL ((1<<30)+2) @@ -88945,10 +87701,10 @@ index e4a0c4f..c263f28 100644 +static atomic_unchecked_t conntrack_cache_id = ATOMIC_INIT(0); +#endif + - static int nf_conntrack_init_net(struct net *net) + int nf_conntrack_init_net(struct net *net) { int ret; -@@ -1543,7 +1547,11 @@ static int nf_conntrack_init_net(struct net *net) +@@ -1608,7 +1612,11 @@ int nf_conntrack_init_net(struct net *net) goto err_stat; } @@ -88961,7 +87717,7 @@ index e4a0c4f..c263f28 100644 ret = -ENOMEM; goto err_slabname; diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c -index faa978f..1afb18f 100644 +index b5d2eb8..61ef19a 100644 --- a/net/netfilter/nf_conntrack_ecache.c +++ b/net/netfilter/nf_conntrack_ecache.c @@ -186,7 +186,7 @@ static struct nf_ct_ext_type event_extend __read_mostly = { @@ -88974,10 +87730,10 @@ index faa978f..1afb18f 100644 table = kmemdup(event_sysctl_table, sizeof(event_sysctl_table), GFP_KERNEL); diff --git a/net/netfilter/nf_conntrack_helper.c b/net/netfilter/nf_conntrack_helper.c -index 884f2b3..d53b33a 100644 +index 94b4b98..97cf0ad 100644 --- a/net/netfilter/nf_conntrack_helper.c +++ b/net/netfilter/nf_conntrack_helper.c -@@ -55,7 +55,7 @@ static struct ctl_table helper_sysctl_table[] = { +@@ -56,7 +56,7 @@ static struct ctl_table helper_sysctl_table[] = { static int nf_conntrack_helper_init_sysctl(struct net *net) { @@ -88987,7 +87743,7 @@ index 884f2b3..d53b33a 100644 table = kmemdup(helper_sysctl_table, sizeof(helper_sysctl_table), GFP_KERNEL); diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c -index 51e928d..72a413a 100644 +index 58ab405..50eb8d3 100644 --- a/net/netfilter/nf_conntrack_proto.c +++ b/net/netfilter/nf_conntrack_proto.c @@ -51,7 +51,7 @@ nf_ct_register_sysctl(struct net *net, @@ -89000,7 +87756,7 @@ index 51e928d..72a413a 100644 { if (users > 0) diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c -index e7185c6..4ad6c9c 100644 +index fedee39..d62a93d 100644 --- a/net/netfilter/nf_conntrack_standalone.c +++ b/net/netfilter/nf_conntrack_standalone.c @@ -470,7 +470,7 @@ static ctl_table nf_ct_netfilter_table[] = { @@ -89010,10 +87766,10 @@ index e7185c6..4ad6c9c 100644 - struct ctl_table *table; + ctl_table_no_const *table; - if (net_eq(net, &init_net)) { - nf_ct_netfilter_header = + table = kmemdup(nf_ct_sysctl_table, sizeof(nf_ct_sysctl_table), + GFP_KERNEL); diff --git a/net/netfilter/nf_conntrack_timestamp.c b/net/netfilter/nf_conntrack_timestamp.c -index 7ea8026..bc9512d 100644 +index 902fb0a..87f7fdb 100644 --- a/net/netfilter/nf_conntrack_timestamp.c +++ b/net/netfilter/nf_conntrack_timestamp.c @@ -42,7 +42,7 @@ static struct nf_ct_ext_type tstamp_extend __read_mostly = { @@ -89080,21 +87836,8 @@ index f042ae5..30ea486 100644 mutex_unlock(&nf_sockopt_mutex); } EXPORT_SYMBOL(nf_unregister_sockopt); -diff --git a/net/netfilter/nfnetlink_acct.c b/net/netfilter/nfnetlink_acct.c -index 589d686..dc3fd5d 100644 ---- a/net/netfilter/nfnetlink_acct.c -+++ b/net/netfilter/nfnetlink_acct.c -@@ -49,6 +49,8 @@ nfnl_acct_new(struct sock *nfnl, struct sk_buff *skb, - return -EINVAL; - - acct_name = nla_data(tb[NFACCT_NAME]); -+ if (strlen(acct_name) == 0) -+ return -EINVAL; - - list_for_each_entry(nfacct, &nfnl_acct_list, head) { - if (strncmp(nfacct->name, acct_name, NFACCT_NAME_MAX) != 0) diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c -index 92fd8ec..3f6ea4b 100644 +index f248db5..3778ad9 100644 --- a/net/netfilter/nfnetlink_log.c +++ b/net/netfilter/nfnetlink_log.c @@ -72,7 +72,7 @@ struct nfulnl_instance { @@ -89106,7 +87849,7 @@ index 92fd8ec..3f6ea4b 100644 #define INSTANCE_BUCKETS 16 static struct hlist_head instance_table[INSTANCE_BUCKETS]; -@@ -537,7 +537,7 @@ __build_packet_message(struct nfulnl_instance *inst, +@@ -536,7 +536,7 @@ __build_packet_message(struct nfulnl_instance *inst, /* global sequence number */ if ((inst->flags & NFULNL_CFG_F_SEQ_GLOBAL) && nla_put_be32(inst->skb, NFULA_SEQ_GLOBAL, @@ -89115,22 +87858,6 @@ index 92fd8ec..3f6ea4b 100644 goto nla_put_failure; if (data_len) { -diff --git a/net/netfilter/nfnetlink_queue_core.c b/net/netfilter/nfnetlink_queue_core.c -index 3158d87..39006c9 100644 ---- a/net/netfilter/nfnetlink_queue_core.c -+++ b/net/netfilter/nfnetlink_queue_core.c -@@ -1064,8 +1064,10 @@ static int __init nfnetlink_queue_init(void) - - #ifdef CONFIG_PROC_FS - if (!proc_create("nfnetlink_queue", 0440, -- proc_net_netfilter, &nfqnl_file_ops)) -+ proc_net_netfilter, &nfqnl_file_ops)) { -+ status = -ENOMEM; - goto cleanup_subsys; -+ } - #endif - - register_netdevice_notifier(&nfqnl_dev_notifier); diff --git a/net/netfilter/xt_gradm.c b/net/netfilter/xt_gradm.c new file mode 100644 index 0000000..c566332 @@ -89223,10 +87950,10 @@ index 4fe4fb4..87a89e5 100644 return 0; } diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c -index c0353d5..fcb0270 100644 +index 1e3fd5b..ad397ea 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c -@@ -785,7 +785,7 @@ static void netlink_overrun(struct sock *sk) +@@ -781,7 +781,7 @@ static void netlink_overrun(struct sock *sk) sk->sk_error_report(sk); } } @@ -89235,7 +87962,7 @@ index c0353d5..fcb0270 100644 } static struct sock *netlink_getsockbyportid(struct sock *ssk, u32 portid) -@@ -2071,7 +2071,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) +@@ -2063,7 +2063,7 @@ static int netlink_seq_show(struct seq_file *seq, void *v) sk_wmem_alloc_get(s), nlk->cb, atomic_read(&s->sk_refcnt), @@ -89287,10 +88014,10 @@ index 5a55be3..7630745 100644 } } diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c -index 14c106b..2d58b38 100644 +index 103bd70..f21aad3 100644 --- a/net/netrom/af_netrom.c +++ b/net/netrom/af_netrom.c -@@ -838,6 +838,7 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr, +@@ -834,6 +834,7 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr, struct sock *sk = sock->sk; struct nr_sock *nr = nr_sk(sk); @@ -89298,7 +88025,7 @@ index 14c106b..2d58b38 100644 lock_sock(sk); if (peer != 0) { if (sk->sk_state != TCP_ESTABLISHED) { -@@ -852,7 +853,6 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr, +@@ -848,7 +849,6 @@ static int nr_getname(struct socket *sock, struct sockaddr *uaddr, *uaddr_len = sizeof(struct full_sockaddr_ax25); } else { sax->fsa_ax25.sax25_family = AF_NETROM; @@ -89307,7 +88034,7 @@ index 14c106b..2d58b38 100644 *uaddr_len = sizeof(struct sockaddr_ax25); } diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c -index c111bd0..7788ff7 100644 +index 1d6793d..056b191 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c @@ -1578,7 +1578,7 @@ static int packet_rcv(struct sk_buff *skb, struct net_device *dev, @@ -89379,7 +88106,7 @@ index 5a940db..d6a502d 100644 err = proto_register(pp->prot, 1); diff --git a/net/phonet/pep.c b/net/phonet/pep.c -index 576f22c..bc7a71b 100644 +index e774117..900b8b7 100644 --- a/net/phonet/pep.c +++ b/net/phonet/pep.c @@ -388,7 +388,7 @@ static int pipe_do_rcv(struct sock *sk, struct sk_buff *skb) @@ -89410,10 +88137,10 @@ index 576f22c..bc7a71b 100644 break; } diff --git a/net/phonet/socket.c b/net/phonet/socket.c -index b7e9827..c264c85 100644 +index 1afd138..0b42453 100644 --- a/net/phonet/socket.c +++ b/net/phonet/socket.c -@@ -615,7 +615,7 @@ static int pn_sock_seq_show(struct seq_file *seq, void *v) +@@ -612,7 +612,7 @@ static int pn_sock_seq_show(struct seq_file *seq, void *v) from_kuid_munged(seq_user_ns(seq), sock_i_uid(sk)), sock_i_ino(sk), atomic_read(&sk->sk_refcnt), sk, @@ -89602,10 +88329,10 @@ index 81cf5a4..b5826ff 100644 set_fs(oldfs); } diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c -index 05996d0..5a1dfe0 100644 +index e61aa60..f07cc89 100644 --- a/net/rxrpc/af_rxrpc.c +++ b/net/rxrpc/af_rxrpc.c -@@ -39,7 +39,7 @@ static const struct proto_ops rxrpc_rpc_ops; +@@ -40,7 +40,7 @@ static const struct proto_ops rxrpc_rpc_ops; __be32 rxrpc_epoch; /* current debugging ID */ @@ -89893,7 +88620,7 @@ index 391a245..296b3d7 100644 /* Initialize IPv6 support and register with socket layer. */ diff --git a/net/sctp/probe.c b/net/sctp/probe.c -index 5f7518d..9b91f6c 100644 +index ad0dba8..e62c225 100644 --- a/net/sctp/probe.c +++ b/net/sctp/probe.c @@ -63,7 +63,7 @@ static struct { @@ -89906,10 +88633,10 @@ index 5f7518d..9b91f6c 100644 va_list args; int len; diff --git a/net/sctp/proc.c b/net/sctp/proc.c -index 8c19e97..16264b8 100644 +index ab3bba8..2fbab4e 100644 --- a/net/sctp/proc.c +++ b/net/sctp/proc.c -@@ -338,7 +338,8 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v) +@@ -336,7 +336,8 @@ static int sctp_assocs_seq_show(struct seq_file *seq, void *v) seq_printf(seq, "%8pK %8pK %-3d %-3d %-2d %-4d " "%4d %8d %8d %7d %5lu %-5d %5d ", @@ -89920,7 +88647,7 @@ index 8c19e97..16264b8 100644 assoc->assoc_id, assoc->sndbuf_used, diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c -index f898b1c..a2d0fe8 100644 +index 1c2e46c..f91cf5e 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c @@ -834,8 +834,10 @@ int sctp_register_af(struct sctp_af *af) @@ -89963,7 +88690,7 @@ index f898b1c..a2d0fe8 100644 static int sctp_v4_protosw_init(void) diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c -index c957775..6d4593a 100644 +index 8aab894..f6b7e7d 100644 --- a/net/sctp/sm_sideeffect.c +++ b/net/sctp/sm_sideeffect.c @@ -447,7 +447,7 @@ static void sctp_generate_sack_event(unsigned long data) @@ -89976,7 +88703,7 @@ index c957775..6d4593a 100644 sctp_generate_t1_cookie_event, sctp_generate_t1_init_event, diff --git a/net/sctp/socket.c b/net/sctp/socket.c -index 9ef5c73..1e9a9a9 100644 +index b907073..57fef6c 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -2166,11 +2166,13 @@ static int sctp_setsockopt_events(struct sock *sk, char __user *optval, @@ -90057,46 +88784,6 @@ index 9ef5c73..1e9a9a9 100644 if (copy_to_user(to, &temp, addrlen)) return -EFAULT; to += addrlen; -diff --git a/net/sctp/ssnmap.c b/net/sctp/ssnmap.c -index 442ad4e..825ea94 100644 ---- a/net/sctp/ssnmap.c -+++ b/net/sctp/ssnmap.c -@@ -41,8 +41,6 @@ - #include <net/sctp/sctp.h> - #include <net/sctp/sm.h> - --#define MAX_KMALLOC_SIZE 131072 -- - static struct sctp_ssnmap *sctp_ssnmap_init(struct sctp_ssnmap *map, __u16 in, - __u16 out); - -@@ -65,7 +63,7 @@ struct sctp_ssnmap *sctp_ssnmap_new(__u16 in, __u16 out, - int size; - - size = sctp_ssnmap_size(in, out); -- if (size <= MAX_KMALLOC_SIZE) -+ if (size <= KMALLOC_MAX_SIZE) - retval = kmalloc(size, gfp); - else - retval = (struct sctp_ssnmap *) -@@ -82,7 +80,7 @@ struct sctp_ssnmap *sctp_ssnmap_new(__u16 in, __u16 out, - return retval; - - fail_map: -- if (size <= MAX_KMALLOC_SIZE) -+ if (size <= KMALLOC_MAX_SIZE) - kfree(retval); - else - free_pages((unsigned long)retval, get_order(size)); -@@ -124,7 +122,7 @@ void sctp_ssnmap_free(struct sctp_ssnmap *map) - int size; - - size = sctp_ssnmap_size(map->in.len, map->out.len); -- if (size <= MAX_KMALLOC_SIZE) -+ if (size <= KMALLOC_MAX_SIZE) - kfree(map); - else - free_pages((unsigned long)map, get_order(size)); diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c index bf3c6e8..376d8d0 100644 --- a/net/sctp/sysctl.c @@ -90120,10 +88807,10 @@ index bf3c6e8..376d8d0 100644 table = kmemdup(sctp_net_table, sizeof(sctp_net_table), GFP_KERNEL); diff --git a/net/socket.c b/net/socket.c -index 2ca51c7..ee5feb5 100644 +index 88f759a..c6933de 100644 --- a/net/socket.c +++ b/net/socket.c -@@ -89,6 +89,7 @@ +@@ -88,6 +88,7 @@ #include <linux/magic.h> #include <linux/slab.h> #include <linux/xattr.h> @@ -90131,7 +88818,7 @@ index 2ca51c7..ee5feb5 100644 #include <asm/uaccess.h> #include <asm/unistd.h> -@@ -106,6 +107,8 @@ +@@ -105,6 +106,8 @@ #include <linux/sockios.h> #include <linux/atalk.h> @@ -90140,7 +88827,7 @@ index 2ca51c7..ee5feb5 100644 static int sock_no_open(struct inode *irrelevant, struct file *dontcare); static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov, unsigned long nr_segs, loff_t pos); -@@ -322,7 +325,7 @@ static struct dentry *sockfs_mount(struct file_system_type *fs_type, +@@ -321,7 +324,7 @@ static struct dentry *sockfs_mount(struct file_system_type *fs_type, &sockfs_dentry_operations, SOCKFS_MAGIC); } @@ -90149,7 +88836,7 @@ index 2ca51c7..ee5feb5 100644 static struct file_system_type sock_fs_type = { .name = "sockfs", -@@ -1270,6 +1273,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, +@@ -1268,6 +1271,8 @@ int __sock_create(struct net *net, int family, int type, int protocol, return -EAFNOSUPPORT; if (type < 0 || type >= SOCK_MAX) return -EINVAL; @@ -90158,7 +88845,7 @@ index 2ca51c7..ee5feb5 100644 /* Compatibility. -@@ -1401,6 +1406,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol) +@@ -1399,6 +1404,16 @@ SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol) if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK)) flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK; @@ -90175,7 +88862,7 @@ index 2ca51c7..ee5feb5 100644 retval = sock_create(family, type, protocol, &sock); if (retval < 0) goto out; -@@ -1528,6 +1543,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1526,6 +1541,14 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) if (sock) { err = move_addr_to_kernel(umyaddr, addrlen, &address); if (err >= 0) { @@ -90190,7 +88877,7 @@ index 2ca51c7..ee5feb5 100644 err = security_socket_bind(sock, (struct sockaddr *)&address, addrlen); -@@ -1536,6 +1559,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) +@@ -1534,6 +1557,7 @@ SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen) (struct sockaddr *) &address, addrlen); } @@ -90198,7 +88885,7 @@ index 2ca51c7..ee5feb5 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1559,10 +1583,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) +@@ -1557,10 +1581,20 @@ SYSCALL_DEFINE2(listen, int, fd, int, backlog) if ((unsigned int)backlog > somaxconn) backlog = somaxconn; @@ -90219,7 +88906,7 @@ index 2ca51c7..ee5feb5 100644 fput_light(sock->file, fput_needed); } return err; -@@ -1606,6 +1640,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1604,6 +1638,18 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, newsock->type = sock->type; newsock->ops = sock->ops; @@ -90238,7 +88925,7 @@ index 2ca51c7..ee5feb5 100644 /* * We don't need try_module_get here, as the listening socket (sock) * has the protocol module (sock->ops->owner) held. -@@ -1651,6 +1697,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, +@@ -1649,6 +1695,8 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, fd_install(newfd, newfile); err = newfd; @@ -90247,7 +88934,7 @@ index 2ca51c7..ee5feb5 100644 out_put: fput_light(sock->file, fput_needed); out: -@@ -1683,6 +1731,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1681,6 +1729,7 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, int, addrlen) { struct socket *sock; @@ -90255,7 +88942,7 @@ index 2ca51c7..ee5feb5 100644 struct sockaddr_storage address; int err, fput_needed; -@@ -1693,6 +1742,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, +@@ -1691,6 +1740,17 @@ SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr, if (err < 0) goto out_put; @@ -90273,7 +88960,7 @@ index 2ca51c7..ee5feb5 100644 err = security_socket_connect(sock, (struct sockaddr *)&address, addrlen); if (err) -@@ -1774,6 +1834,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr, +@@ -1772,6 +1832,8 @@ SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr, * the protocol. */ @@ -90282,7 +88969,7 @@ index 2ca51c7..ee5feb5 100644 SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len, unsigned int, flags, struct sockaddr __user *, addr, int, addr_len) -@@ -1840,7 +1902,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, +@@ -1838,7 +1900,7 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size, struct socket *sock; struct iovec iov; struct msghdr msg; @@ -90291,7 +88978,7 @@ index 2ca51c7..ee5feb5 100644 int err, err2; int fput_needed; -@@ -2047,7 +2109,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2045,7 +2107,7 @@ static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, * checking falls down on this. */ if (copy_from_user(ctl_buf, @@ -90300,7 +88987,7 @@ index 2ca51c7..ee5feb5 100644 ctl_len)) goto out_freectl; msg_sys->msg_control = ctl_buf; -@@ -2187,7 +2249,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2185,7 +2247,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, int err, total_len, len; /* kernel mode address */ @@ -90309,7 +88996,7 @@ index 2ca51c7..ee5feb5 100644 /* user mode address pointers */ struct sockaddr __user *uaddr; -@@ -2215,7 +2277,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, +@@ -2213,7 +2275,7 @@ static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, * kernel msghdr to use the kernel address space) */ @@ -90318,50 +89005,7 @@ index 2ca51c7..ee5feb5 100644 uaddr_len = COMPAT_NAMELEN(msg); if (MSG_CMSG_COMPAT & flags) { err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); -@@ -2838,7 +2900,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) - } - - ifr = compat_alloc_user_space(buf_size); -- rxnfc = (void *)ifr + ALIGN(sizeof(struct ifreq), 8); -+ rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8); - - if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ)) - return -EFAULT; -@@ -2862,12 +2924,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) - offsetof(struct ethtool_rxnfc, fs.ring_cookie)); - - if (copy_in_user(rxnfc, compat_rxnfc, -- (void *)(&rxnfc->fs.m_ext + 1) - -- (void *)rxnfc) || -+ (void __user *)(&rxnfc->fs.m_ext + 1) - -+ (void __user *)rxnfc) || - copy_in_user(&rxnfc->fs.ring_cookie, - &compat_rxnfc->fs.ring_cookie, -- (void *)(&rxnfc->fs.location + 1) - -- (void *)&rxnfc->fs.ring_cookie) || -+ (void __user *)(&rxnfc->fs.location + 1) - -+ (void __user *)&rxnfc->fs.ring_cookie) || - copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt, - sizeof(rxnfc->rule_cnt))) - return -EFAULT; -@@ -2879,12 +2941,12 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) - - if (convert_out) { - if (copy_in_user(compat_rxnfc, rxnfc, -- (const void *)(&rxnfc->fs.m_ext + 1) - -- (const void *)rxnfc) || -+ (const void __user *)(&rxnfc->fs.m_ext + 1) - -+ (const void __user *)rxnfc) || - copy_in_user(&compat_rxnfc->fs.ring_cookie, - &rxnfc->fs.ring_cookie, -- (const void *)(&rxnfc->fs.location + 1) - -- (const void *)&rxnfc->fs.ring_cookie) || -+ (const void __user *)(&rxnfc->fs.location + 1) - -+ (const void __user *)&rxnfc->fs.ring_cookie) || - copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt, - sizeof(rxnfc->rule_cnt))) - return -EFAULT; -@@ -2954,7 +3016,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, +@@ -2952,7 +3014,7 @@ static int bond_ioctl(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); err = dev_ioctl(net, cmd, @@ -90370,7 +89014,7 @@ index 2ca51c7..ee5feb5 100644 set_fs(old_fs); return err; -@@ -3063,7 +3125,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, +@@ -3061,7 +3123,7 @@ static int compat_sioc_ifmap(struct net *net, unsigned int cmd, old_fs = get_fs(); set_fs(KERNEL_DS); @@ -90379,7 +89023,7 @@ index 2ca51c7..ee5feb5 100644 set_fs(old_fs); if (cmd == SIOCGIFMAP && !err) { -@@ -3168,7 +3230,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, +@@ -3166,7 +3228,7 @@ static int routing_ioctl(struct net *net, struct socket *sock, ret |= __get_user(rtdev, &(ur4->rt_dev)); if (rtdev) { ret |= copy_from_user(devname, compat_ptr(rtdev), 15); @@ -90388,7 +89032,7 @@ index 2ca51c7..ee5feb5 100644 devname[15] = 0; } else r4.rt_dev = NULL; -@@ -3394,8 +3456,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, +@@ -3392,8 +3454,8 @@ int kernel_getsockopt(struct socket *sock, int level, int optname, int __user *uoptlen; int err; @@ -90399,7 +89043,7 @@ index 2ca51c7..ee5feb5 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) -@@ -3415,7 +3477,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, +@@ -3413,7 +3475,7 @@ int kernel_setsockopt(struct socket *sock, int level, int optname, char __user *uoptval; int err; @@ -90409,34 +89053,10 @@ index 2ca51c7..ee5feb5 100644 set_fs(KERNEL_DS); if (level == SOL_SOCKET) diff --git a/net/sunrpc/clnt.c b/net/sunrpc/clnt.c -index 716aa41..75e88ea 100644 +index d5f35f1..da2680b5 100644 --- a/net/sunrpc/clnt.c +++ b/net/sunrpc/clnt.c -@@ -303,10 +303,8 @@ static struct rpc_clnt * rpc_new_client(const struct rpc_create_args *args, stru - err = rpciod_up(); - if (err) - goto out_no_rpciod; -+ - err = -EINVAL; -- if (!xprt) -- goto out_no_xprt; -- - if (args->version >= program->nrvers) - goto out_err; - version = program->version[args->version]; -@@ -381,10 +379,9 @@ out_no_principal: - out_no_stats: - kfree(clnt); - out_err: -- xprt_put(xprt); --out_no_xprt: - rpciod_down(); - out_no_rpciod: -+ xprt_put(xprt); - return ERR_PTR(err); - } - -@@ -1270,7 +1267,9 @@ call_start(struct rpc_task *task) +@@ -1283,7 +1283,9 @@ call_start(struct rpc_task *task) (RPC_IS_ASYNC(task) ? "async" : "sync")); /* Increment call count */ @@ -90464,10 +89084,10 @@ index f8529fc..ce8c643 100644 #else static inline void rpc_task_set_debuginfo(struct rpc_task *task) diff --git a/net/sunrpc/svc.c b/net/sunrpc/svc.c -index 2d34b6b..e2d584d 100644 +index 89a588b..ba2cef8 100644 --- a/net/sunrpc/svc.c +++ b/net/sunrpc/svc.c -@@ -1156,7 +1156,9 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv) +@@ -1160,7 +1160,9 @@ svc_process_common(struct svc_rqst *rqstp, struct kvec *argv, struct kvec *resv) svc_putnl(resv, RPC_SUCCESS); /* Bump per-procedure stats counter */ @@ -90696,7 +89316,7 @@ index 9bc6db0..47ac8c0 100644 int mode = (table->mode >> 6) & 7; return (mode << 6) | (mode << 3) | mode; diff --git a/net/tipc/link.c b/net/tipc/link.c -index daa6080..02d357f 100644 +index daa6080..2bbbe70 100644 --- a/net/tipc/link.c +++ b/net/tipc/link.c @@ -1201,7 +1201,7 @@ static int link_send_sections_long(struct tipc_port *sender, @@ -90726,6 +89346,38 @@ index daa6080..02d357f 100644 sect_crs += sz; sect_rest -= sz; fragm_crs += sz; +@@ -2306,8 +2306,11 @@ static int link_recv_changeover_msg(struct tipc_link **l_ptr, + struct tipc_msg *tunnel_msg = buf_msg(tunnel_buf); + u32 msg_typ = msg_type(tunnel_msg); + u32 msg_count = msg_msgcnt(tunnel_msg); ++ u32 bearer_id = msg_bearer_id(tunnel_msg); + +- dest_link = (*l_ptr)->owner->links[msg_bearer_id(tunnel_msg)]; ++ if (bearer_id >= MAX_BEARERS) ++ goto exit; ++ dest_link = (*l_ptr)->owner->links[bearer_id]; + if (!dest_link) + goto exit; + if (dest_link == *l_ptr) { +@@ -2521,14 +2524,16 @@ int tipc_link_recv_fragment(struct sk_buff **pending, struct sk_buff **fb, + struct tipc_msg *imsg = (struct tipc_msg *)msg_data(fragm); + u32 msg_sz = msg_size(imsg); + u32 fragm_sz = msg_data_sz(fragm); +- u32 exp_fragm_cnt = msg_sz/fragm_sz + !!(msg_sz % fragm_sz); ++ u32 exp_fragm_cnt; + u32 max = TIPC_MAX_USER_MSG_SIZE + NAMED_H_SIZE; ++ + if (msg_type(imsg) == TIPC_MCAST_MSG) + max = TIPC_MAX_USER_MSG_SIZE + MCAST_H_SIZE; +- if (msg_size(imsg) > max) { ++ if (fragm_sz == 0 || msg_size(imsg) > max) { + kfree_skb(fbuf); + return 0; + } ++ exp_fragm_cnt = msg_sz / fragm_sz + !!(msg_sz % fragm_sz); + pbuf = tipc_buf_acquire(msg_size(imsg)); + if (pbuf != NULL) { + pbuf->next = *pending; diff --git a/net/tipc/msg.c b/net/tipc/msg.c index f2db8a8..9245aa4 100644 --- a/net/tipc/msg.c @@ -90753,10 +89405,10 @@ index 6b42d47..2ac24d5 100644 sub->evt.event = htohl(event, sub->swap); diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c -index f347754..bb4b223 100644 +index 2db702d..09a77488 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c -@@ -785,6 +785,12 @@ static struct sock *unix_find_other(struct net *net, +@@ -783,6 +783,12 @@ static struct sock *unix_find_other(struct net *net, err = -ECONNREFUSED; if (!S_ISSOCK(inode->i_mode)) goto put_fail; @@ -90769,7 +89421,7 @@ index f347754..bb4b223 100644 u = unix_find_socket_byinode(inode); if (!u) goto put_fail; -@@ -805,6 +811,13 @@ static struct sock *unix_find_other(struct net *net, +@@ -803,6 +809,13 @@ static struct sock *unix_find_other(struct net *net, if (u) { struct dentry *dentry; dentry = unix_sk(u)->path.dentry; @@ -90783,7 +89435,7 @@ index f347754..bb4b223 100644 if (dentry) touch_atime(&unix_sk(u)->path); } else -@@ -838,12 +851,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res) +@@ -836,12 +849,18 @@ static int unix_mknod(const char *sun_path, umode_t mode, struct path *res) */ err = security_path_mknod(&path, dentry, mode, 0); if (!err) { @@ -90802,7 +89454,7 @@ index f347754..bb4b223 100644 done_path_create(&path, dentry); return err; } -@@ -2325,9 +2344,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2323,9 +2342,13 @@ static int unix_seq_show(struct seq_file *seq, void *v) seq_puts(seq, "Num RefCount Protocol Flags Type St " "Inode Path\n"); else { @@ -90817,7 +89469,7 @@ index f347754..bb4b223 100644 seq_printf(seq, "%pK: %08X %08X %08X %04X %02X %5lu", s, -@@ -2354,8 +2377,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) +@@ -2352,8 +2375,10 @@ static int unix_seq_show(struct seq_file *seq, void *v) } for ( ; i < len; i++) seq_putc(seq, u->addr->name->sun_path[i]); @@ -90843,20 +89495,6 @@ index 8800604..0526440 100644 table = kmemdup(unix_table, sizeof(unix_table), GFP_KERNEL); if (table == NULL) -diff --git a/net/wireless/trace.h b/net/wireless/trace.h -index 2134576..5d71a5a 100644 ---- a/net/wireless/trace.h -+++ b/net/wireless/trace.h -@@ -27,7 +27,8 @@ - #define WIPHY_PR_ARG __entry->wiphy_name - - #define WDEV_ENTRY __field(u32, id) --#define WDEV_ASSIGN (__entry->id) = (wdev ? wdev->identifier : 0) -+#define WDEV_ASSIGN (__entry->id) = (!IS_ERR_OR_NULL(wdev) \ -+ ? wdev->identifier : 0) - #define WDEV_PR_FMT "wdev(%u)" - #define WDEV_PR_ARG (__entry->id) - diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c index c8717c1..08539f5 100644 --- a/net/wireless/wext-core.c @@ -90895,28 +89533,28 @@ index c8717c1..08539f5 100644 iwp->length += essid_compat; diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 07c5857..fde4018 100644 +index 167c67d..3f2ae427 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c -@@ -317,7 +317,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) +@@ -334,7 +334,7 @@ static void xfrm_policy_kill(struct xfrm_policy *policy) { policy->walk.dead = 1; - atomic_inc(&policy->genid); + atomic_inc_unchecked(&policy->genid); - if (del_timer(&policy->timer)) - xfrm_pol_put(policy); -@@ -601,7 +601,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) + del_timer(&policy->polq.hold_timer); + xfrm_queue_purge(&policy->polq.hold_queue); +@@ -659,7 +659,7 @@ int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl) hlist_add_head(&policy->bydst, chain); xfrm_pol_hold(policy); net->xfrm.policy_count[dir]++; - atomic_inc(&flow_cache_genid); + atomic_inc_unchecked(&flow_cache_genid); rt_genid_bump(net); - if (delpol) - __xfrm_policy_unlink(delpol, dir); -@@ -1550,7 +1550,7 @@ free_dst: + if (delpol) { + xfrm_policy_requeue(delpol, policy); +@@ -1611,7 +1611,7 @@ free_dst: goto out; } @@ -90925,7 +89563,7 @@ index 07c5857..fde4018 100644 xfrm_dst_alloc_copy(void **target, const void *src, int size) { if (!*target) { -@@ -1562,7 +1562,7 @@ xfrm_dst_alloc_copy(void **target, const void *src, int size) +@@ -1623,7 +1623,7 @@ xfrm_dst_alloc_copy(void **target, const void *src, int size) return 0; } @@ -90934,7 +89572,7 @@ index 07c5857..fde4018 100644 xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel) { #ifdef CONFIG_XFRM_SUB_POLICY -@@ -1574,7 +1574,7 @@ xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel) +@@ -1635,7 +1635,7 @@ xfrm_dst_update_parent(struct dst_entry *dst, const struct xfrm_selector *sel) #endif } @@ -90943,7 +89581,7 @@ index 07c5857..fde4018 100644 xfrm_dst_update_origin(struct dst_entry *dst, const struct flowi *fl) { #ifdef CONFIG_XFRM_SUB_POLICY -@@ -1668,7 +1668,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, +@@ -1729,7 +1729,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols, xdst->num_pols = num_pols; memcpy(xdst->pols, pols, sizeof(struct xfrm_policy*) * num_pols); @@ -90952,7 +89590,7 @@ index 07c5857..fde4018 100644 return xdst; } -@@ -2369,7 +2369,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) +@@ -2598,7 +2598,7 @@ static int xfrm_bundle_ok(struct xfrm_dst *first) if (xdst->xfrm_genid != dst->xfrm->genid) return 0; if (xdst->num_pols > 0 && @@ -90961,7 +89599,7 @@ index 07c5857..fde4018 100644 return 0; mtu = dst_mtu(dst->child); -@@ -2457,8 +2457,11 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) +@@ -2686,8 +2686,11 @@ int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo) dst_ops->link_failure = xfrm_link_failure; if (likely(dst_ops->neigh_lookup == NULL)) dst_ops->neigh_lookup = xfrm_neigh_lookup; @@ -90975,7 +89613,7 @@ index 07c5857..fde4018 100644 rcu_assign_pointer(xfrm_policy_afinfo[afinfo->family], afinfo); } spin_unlock(&xfrm_policy_afinfo_lock); -@@ -2512,7 +2515,9 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo) +@@ -2741,7 +2744,9 @@ int xfrm_policy_unregister_afinfo(struct xfrm_policy_afinfo *afinfo) dst_ops->check = NULL; dst_ops->negative_advice = NULL; dst_ops->link_failure = NULL; @@ -90986,7 +89624,7 @@ index 07c5857..fde4018 100644 } return err; } -@@ -2896,7 +2901,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, +@@ -3124,7 +3129,7 @@ static int xfrm_policy_migrate(struct xfrm_policy *pol, sizeof(pol->xfrm_vec[i].saddr)); pol->xfrm_vec[i].encap_family = mp->new_family; /* flush bundles */ @@ -90996,15 +89634,16 @@ index 07c5857..fde4018 100644 } diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c -index 3459692..e7cdb1a 100644 +index 2c341bd..4404211 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c -@@ -194,11 +194,13 @@ int xfrm_register_type(const struct xfrm_type *type, unsigned short family) +@@ -177,12 +177,14 @@ int xfrm_register_type(const struct xfrm_type *type, unsigned short family) if (unlikely(afinfo == NULL)) return -EAFNOSUPPORT; - typemap = afinfo->type_map; + typemap = (const struct xfrm_type **)afinfo->type_map; + spin_lock_bh(&xfrm_type_lock); - if (likely(typemap[type->proto] == NULL)) + if (likely(typemap[type->proto] == NULL)) { @@ -91014,14 +89653,15 @@ index 3459692..e7cdb1a 100644 + pax_close_kernel(); + } else err = -EEXIST; - xfrm_state_unlock_afinfo(afinfo); - return err; -@@ -213,12 +215,15 @@ int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family) + spin_unlock_bh(&xfrm_type_lock); + xfrm_state_put_afinfo(afinfo); +@@ -198,13 +200,16 @@ int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family) if (unlikely(afinfo == NULL)) return -EAFNOSUPPORT; - typemap = afinfo->type_map; + typemap = (const struct xfrm_type **)afinfo->type_map; + spin_lock_bh(&xfrm_type_lock); if (unlikely(typemap[type->proto] != type)) err = -ENOENT; @@ -91031,10 +89671,10 @@ index 3459692..e7cdb1a 100644 typemap[type->proto] = NULL; + pax_close_kernel(); + } - xfrm_state_unlock_afinfo(afinfo); + spin_unlock_bh(&xfrm_type_lock); + xfrm_state_put_afinfo(afinfo); return err; - } -@@ -227,7 +232,6 @@ EXPORT_SYMBOL(xfrm_unregister_type); +@@ -214,7 +219,6 @@ EXPORT_SYMBOL(xfrm_unregister_type); static const struct xfrm_type *xfrm_get_type(u8 proto, unsigned short family) { struct xfrm_state_afinfo *afinfo; @@ -91042,7 +89682,7 @@ index 3459692..e7cdb1a 100644 const struct xfrm_type *type; int modload_attempted = 0; -@@ -235,9 +239,8 @@ retry: +@@ -222,9 +226,8 @@ retry: afinfo = xfrm_state_get_afinfo(family); if (unlikely(afinfo == NULL)) return NULL; @@ -91053,16 +89693,16 @@ index 3459692..e7cdb1a 100644 if (unlikely(type && !try_module_get(type->owner))) type = NULL; if (!type && !modload_attempted) { -@@ -270,7 +273,7 @@ int xfrm_register_mode(struct xfrm_mode *mode, int family) +@@ -258,7 +261,7 @@ int xfrm_register_mode(struct xfrm_mode *mode, int family) return -EAFNOSUPPORT; err = -EEXIST; - modemap = afinfo->mode_map; + modemap = (struct xfrm_mode **)afinfo->mode_map; + spin_lock_bh(&xfrm_mode_lock); if (modemap[mode->encap]) goto out; - -@@ -278,8 +281,10 @@ int xfrm_register_mode(struct xfrm_mode *mode, int family) +@@ -267,8 +270,10 @@ int xfrm_register_mode(struct xfrm_mode *mode, int family) if (!try_module_get(afinfo->owner)) goto out; @@ -91074,12 +89714,13 @@ index 3459692..e7cdb1a 100644 err = 0; out: -@@ -302,9 +307,11 @@ int xfrm_unregister_mode(struct xfrm_mode *mode, int family) +@@ -292,10 +297,12 @@ int xfrm_unregister_mode(struct xfrm_mode *mode, int family) return -EAFNOSUPPORT; err = -ENOENT; - modemap = afinfo->mode_map; + modemap = (struct xfrm_mode **)afinfo->mode_map; + spin_lock_bh(&xfrm_mode_lock); if (likely(modemap[mode->encap] == mode)) { + pax_open_kernel(); modemap[mode->encap] = NULL; @@ -91199,7 +89840,7 @@ index 1ac414f..38575f7 100644 + $(host-cxxmulti) $(host-cxxobjs) $(host-cshlib) $(host-cshobjs) $(host-cxxshlib) $(host-cxxshobjs) diff --git a/scripts/basic/fixdep.c b/scripts/basic/fixdep.c -index cb1f50c..cef2a7c 100644 +index 7f6425e..9864506 100644 --- a/scripts/basic/fixdep.c +++ b/scripts/basic/fixdep.c @@ -161,7 +161,7 @@ static unsigned int strhash(const char *str, unsigned int sz) @@ -91244,7 +89885,7 @@ index cb1f50c..cef2a7c 100644 + unsigned int *p = (unsigned int *)test; if (*p != INT_CONF) { - fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianess? %#x\n", + fprintf(stderr, "fixdep: sizeof(int) != 4 or wrong endianness? %#x\n", diff --git a/scripts/gcc-plugin.sh b/scripts/gcc-plugin.sh new file mode 100644 index 0000000..5e0222d @@ -91281,10 +89922,10 @@ index 581ca99..a6ff02e 100644 $line =~ s/\s__attribute_const__$//g; $line =~ s/\b__packed\b/__attribute__((packed))/g; diff --git a/scripts/link-vmlinux.sh b/scripts/link-vmlinux.sh -index b3d907e..a4782ab 100644 +index 3d569d6..0c09522 100644 --- a/scripts/link-vmlinux.sh +++ b/scripts/link-vmlinux.sh -@@ -152,7 +152,7 @@ else +@@ -159,7 +159,7 @@ else fi; # final build of init/ @@ -91294,10 +89935,10 @@ index b3d907e..a4782ab 100644 kallsymso="" kallsyms_vmlinux="" diff --git a/scripts/mod/file2alias.c b/scripts/mod/file2alias.c -index df4fc23..0ea719d 100644 +index 771ac17..9f0d3ee 100644 --- a/scripts/mod/file2alias.c +++ b/scripts/mod/file2alias.c -@@ -128,7 +128,7 @@ static void device_id_check(const char *modname, const char *device_id, +@@ -140,7 +140,7 @@ static void device_id_check(const char *modname, const char *device_id, unsigned long size, unsigned long id_size, void *symval) { @@ -91305,66 +89946,66 @@ index df4fc23..0ea719d 100644 + unsigned int i; if (size % id_size || size < id_size) { - if (cross_build != 0) -@@ -158,7 +158,7 @@ static void device_id_check(const char *modname, const char *device_id, + fatal("%s: sizeof(struct %s_device_id)=%lu is not a modulo " +@@ -168,7 +168,7 @@ static void device_id_check(const char *modname, const char *device_id, /* USB is special because the bcdDevice can be matched against a numeric range */ /* Looks like "usb:vNpNdNdcNdscNdpNicNiscNipNinN" */ - static void do_usb_entry(struct usb_device_id *id, + static void do_usb_entry(void *symval, - unsigned int bcdDevice_initial, int bcdDevice_initial_digits, + unsigned int bcdDevice_initial, unsigned int bcdDevice_initial_digits, unsigned char range_lo, unsigned char range_hi, unsigned char max, struct module *mod) { -@@ -262,7 +262,7 @@ static void do_usb_entry_multi(struct usb_device_id *id, struct module *mod) +@@ -278,7 +278,7 @@ static void do_usb_entry_multi(void *symval, struct module *mod) { unsigned int devlo, devhi; unsigned char chi, clo, max; - int ndigits; + unsigned int ndigits; - id->match_flags = TO_NATIVE(id->match_flags); - id->idVendor = TO_NATIVE(id->idVendor); -@@ -507,7 +507,7 @@ static void do_pnp_device_entry(void *symval, unsigned long size, + DEF_FIELD(symval, usb_device_id, match_flags); + DEF_FIELD(symval, usb_device_id, idVendor); +@@ -531,7 +531,7 @@ static void do_pnp_device_entry(void *symval, unsigned long size, for (i = 0; i < count; i++) { - const char *id = (char *)devs[i].id; - char acpi_id[sizeof(devs[0].id)]; + DEF_FIELD_ADDR(symval + i*id_size, pnp_device_id, id); + char acpi_id[sizeof(*id)]; - int j; + unsigned int j; buf_printf(&mod->dev_table_buf, - "MODULE_ALIAS(\"pnp:d%s*\");\n", id); -@@ -537,7 +537,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size, + "MODULE_ALIAS(\"pnp:d%s*\");\n", *id); +@@ -560,7 +560,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size, for (j = 0; j < PNP_MAX_DEVICES; j++) { - const char *id = (char *)card->devs[j].id; + const char *id = (char *)(*devs)[j].id; - int i2, j2; + unsigned int i2, j2; int dup = 0; if (!id[0]) -@@ -563,7 +563,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size, +@@ -586,7 +586,7 @@ static void do_pnp_card_entries(void *symval, unsigned long size, /* add an individual alias for every device entry */ if (!dup) { - char acpi_id[sizeof(card->devs[0].id)]; + char acpi_id[PNP_ID_LEN]; - int k; + unsigned int k; buf_printf(&mod->dev_table_buf, "MODULE_ALIAS(\"pnp:d%s*\");\n", id); -@@ -888,7 +888,7 @@ static void dmi_ascii_filter(char *d, const char *s) - static int do_dmi_entry(const char *filename, struct dmi_system_id *id, +@@ -938,7 +938,7 @@ static void dmi_ascii_filter(char *d, const char *s) + static int do_dmi_entry(const char *filename, void *symval, char *alias) { - int i, j; + unsigned int i, j; - + DEF_FIELD_ADDR(symval, dmi_system_id, matches); sprintf(alias, "dmi*"); diff --git a/scripts/mod/modpost.c b/scripts/mod/modpost.c -index ff36c50..7ab4fa9 100644 +index 78b30c1..536850d 100644 --- a/scripts/mod/modpost.c +++ b/scripts/mod/modpost.c -@@ -929,6 +929,7 @@ enum mismatch { +@@ -931,6 +931,7 @@ enum mismatch { ANY_INIT_TO_ANY_EXIT, ANY_EXIT_TO_ANY_INIT, EXPORT_TO_INIT_EXIT, @@ -91372,7 +90013,7 @@ index ff36c50..7ab4fa9 100644 }; struct sectioncheck { -@@ -1043,6 +1044,12 @@ const struct sectioncheck sectioncheck[] = { +@@ -1045,6 +1046,12 @@ const struct sectioncheck sectioncheck[] = { .tosec = { INIT_SECTIONS, EXIT_SECTIONS, NULL }, .mismatch = EXPORT_TO_INIT_EXIT, .symbol_white_list = { DEFAULT_SYMBOL_WHITE_LIST, NULL }, @@ -91385,7 +90026,7 @@ index ff36c50..7ab4fa9 100644 } }; -@@ -1165,10 +1172,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, +@@ -1167,10 +1174,10 @@ static Elf_Sym *find_elf_symbol(struct elf_info *elf, Elf64_Sword addr, continue; if (ELF_ST_TYPE(sym->st_info) == STT_SECTION) continue; @@ -91398,7 +90039,7 @@ index ff36c50..7ab4fa9 100644 if (d < 0) d = addr - sym->st_value; if (d < distance) { -@@ -1447,6 +1454,14 @@ static void report_sec_mismatch(const char *modname, +@@ -1449,6 +1456,14 @@ static void report_sec_mismatch(const char *modname, tosym, prl_to, prl_to, tosym); free(prl_to); break; @@ -91413,7 +90054,7 @@ index ff36c50..7ab4fa9 100644 } fprintf(stderr, "\n"); } -@@ -1681,7 +1696,7 @@ static void section_rel(const char *modname, struct elf_info *elf, +@@ -1683,7 +1698,7 @@ static void section_rel(const char *modname, struct elf_info *elf, static void check_sec_ref(struct module *mod, const char *modname, struct elf_info *elf) { @@ -91422,7 +90063,7 @@ index ff36c50..7ab4fa9 100644 Elf_Shdr *sechdrs = elf->sechdrs; /* Walk through all sections */ -@@ -1779,7 +1794,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf, +@@ -1781,7 +1796,7 @@ void __attribute__((format(printf, 2, 3))) buf_printf(struct buffer *buf, va_end(ap); } @@ -91431,7 +90072,7 @@ index ff36c50..7ab4fa9 100644 { if (buf->size - buf->pos < len) { buf->size += len + SZ; -@@ -1997,7 +2012,7 @@ static void write_if_changed(struct buffer *b, const char *fname) +@@ -1999,7 +2014,7 @@ static void write_if_changed(struct buffer *b, const char *fname) if (fstat(fileno(file), &st) < 0) goto close_write; @@ -91519,7 +90160,7 @@ index 68bb4ef..2f419e1 100644 write_hex_cnt = 0; for (i = 0; i < logo_clutsize; i++) { diff --git a/scripts/sortextable.h b/scripts/sortextable.h -index e4fd45b..2eeb5c4 100644 +index f5eb43d..1814de8 100644 --- a/scripts/sortextable.h +++ b/scripts/sortextable.h @@ -106,9 +106,9 @@ do_func(Elf_Ehdr *ehdr, char const *const fname, table_sort_t custom_sort) @@ -92493,7 +91134,7 @@ index e9c6ac7..eef8ada 100644 help This is the portion of low virtual memory which should be protected diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c -index 8c2a7f6..b133ac9 100644 +index b21830e..a7d1a17 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -614,7 +614,7 @@ static int apparmor_task_setrlimit(struct task_struct *task, @@ -92506,7 +91147,7 @@ index 8c2a7f6..b133ac9 100644 .ptrace_access_check = apparmor_ptrace_access_check, diff --git a/security/commoncap.c b/security/commoncap.c -index 7ee08c7..8d1a9d6 100644 +index c44b6fe..932df30 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -424,6 +424,32 @@ int get_vfs_caps_from_disk(const struct dentry *dentry, struct cpu_vfs_cap_data @@ -92553,10 +91194,10 @@ index 7ee08c7..8d1a9d6 100644 if (bprm->cap_effective) return 1; diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h -index 079a85d..12e93f8 100644 +index a41c9c1..83da6dd 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h -@@ -96,8 +96,8 @@ void ima_add_violation(struct inode *inode, const unsigned char *filename, +@@ -97,8 +97,8 @@ int ima_init_crypto(void); extern spinlock_t ima_queue_lock; struct ima_h_table { @@ -92568,7 +91209,7 @@ index 079a85d..12e93f8 100644 }; extern struct ima_h_table ima_htable; diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c -index 0cea3db..2f0ef77 100644 +index 1c03e8f1..398a941 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -79,7 +79,7 @@ void ima_add_violation(struct inode *inode, const unsigned char *filename, @@ -92600,10 +91241,10 @@ index 38477c9..87a60c7 100644 } diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c -index 55a6271..ad829c3 100644 +index ff63fe0..809cd96 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c -@@ -81,7 +81,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry) +@@ -80,7 +80,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry) INIT_LIST_HEAD(&qe->later); list_add_tail_rcu(&qe->later, &ima_measurements); @@ -92767,7 +91408,7 @@ index f728728..6457a0c 100644 /* diff --git a/security/security.c b/security/security.c -index 7b88c6a..1e3ea8f 100644 +index 03f248b..5710c33 100644 --- a/security/security.c +++ b/security/security.c @@ -20,6 +20,7 @@ @@ -92800,10 +91441,10 @@ index 7b88c6a..1e3ea8f 100644 /* Save user chosen LSM */ diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c -index ef26e96..642fb78 100644 +index 7171a95..c35e879 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c -@@ -95,8 +95,6 @@ +@@ -96,8 +96,6 @@ #define NUM_SEL_MNT_OPTS 5 @@ -92812,7 +91453,7 @@ index ef26e96..642fb78 100644 /* SECMARK reference count */ static atomic_t selinux_secmark_refcount = ATOMIC_INIT(0); -@@ -5501,7 +5499,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) +@@ -5498,7 +5496,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer) #endif @@ -92835,10 +91476,10 @@ index 65f67cb..3f141ef 100644 } #else diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c -index 38be92c..21f49ee 100644 +index fa64740..bc95b74 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c -@@ -3398,7 +3398,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) +@@ -3392,7 +3392,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen) return 0; } @@ -92888,22 +91529,10 @@ index 20ef514..4182bed 100644 select SECURITY_PATH default n diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c -index 23414b9..f8c115e 100644 +index 13c88fbc..f8c115e 100644 --- a/security/yama/yama_lsm.c +++ b/security/yama/yama_lsm.c -@@ -347,10 +347,8 @@ int yama_ptrace_traceme(struct task_struct *parent) - /* Only disallow PTRACE_TRACEME on more aggressive settings. */ - switch (ptrace_scope) { - case YAMA_SCOPE_CAPABILITY: -- rcu_read_lock(); -- if (!ns_capable(__task_cred(parent)->user_ns, CAP_SYS_PTRACE)) -+ if (!has_ns_capability(parent, current_user_ns(), CAP_SYS_PTRACE)) - rc = -EPERM; -- rcu_read_unlock(); - break; - case YAMA_SCOPE_NO_ATTACH: - rc = -EPERM; -@@ -367,7 +365,7 @@ int yama_ptrace_traceme(struct task_struct *parent) +@@ -365,7 +365,7 @@ int yama_ptrace_traceme(struct task_struct *parent) } #ifndef CONFIG_SECURITY_YAMA_STACKED @@ -92912,7 +91541,7 @@ index 23414b9..f8c115e 100644 .name = "yama", .ptrace_access_check = yama_ptrace_access_check, -@@ -378,28 +376,24 @@ static struct security_operations yama_ops = { +@@ -376,28 +376,24 @@ static struct security_operations yama_ops = { #endif #ifdef CONFIG_SYSCTL @@ -93082,7 +91711,7 @@ index af49721..e85058e 100644 if (err < 0) return err; diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c -index f4aaf5a..3b04e3b 100644 +index eb560fa..69a4995 100644 --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c @@ -2806,11 +2806,11 @@ int snd_pcm_kernel_ioctl(struct snd_pcm_substream *substream, @@ -104096,7 +102725,7 @@ index 96b919d..c49bb74 100644 + #endif diff --git a/virt/kvm/kvm_main.c b/virt/kvm/kvm_main.c -index 10afa34..f29c524 100644 +index f18013f..90421df 100644 --- a/virt/kvm/kvm_main.c +++ b/virt/kvm/kvm_main.c @@ -75,12 +75,17 @@ LIST_HEAD(vm_list); @@ -104119,7 +102748,7 @@ index 10afa34..f29c524 100644 struct dentry *kvm_debugfs_dir; -@@ -731,7 +736,7 @@ int __kvm_set_memory_region(struct kvm *kvm, +@@ -769,7 +774,7 @@ int __kvm_set_memory_region(struct kvm *kvm, /* We can read the guest memory with __xxx_user() later on. */ if (user_alloc && ((mem->userspace_addr & (PAGE_SIZE - 1)) || @@ -104128,7 +102757,7 @@ index 10afa34..f29c524 100644 (void __user *)(unsigned long)mem->userspace_addr, mem->memory_size))) goto out; -@@ -1810,7 +1815,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp) +@@ -1881,7 +1886,7 @@ static int kvm_vcpu_release(struct inode *inode, struct file *filp) return 0; } @@ -104137,7 +102766,7 @@ index 10afa34..f29c524 100644 .release = kvm_vcpu_release, .unlocked_ioctl = kvm_vcpu_ioctl, #ifdef CONFIG_COMPAT -@@ -2331,7 +2336,7 @@ static int kvm_vm_mmap(struct file *file, struct vm_area_struct *vma) +@@ -2402,7 +2407,7 @@ static int kvm_vm_mmap(struct file *file, struct vm_area_struct *vma) return 0; } @@ -104146,7 +102775,7 @@ index 10afa34..f29c524 100644 .release = kvm_vm_release, .unlocked_ioctl = kvm_vm_ioctl, #ifdef CONFIG_COMPAT -@@ -2429,7 +2434,7 @@ out: +@@ -2500,7 +2505,7 @@ out: return r; } @@ -104155,7 +102784,7 @@ index 10afa34..f29c524 100644 .unlocked_ioctl = kvm_dev_ioctl, .compat_ioctl = kvm_dev_ioctl, .llseek = noop_llseek, -@@ -2455,7 +2460,7 @@ static void hardware_enable_nolock(void *junk) +@@ -2526,7 +2531,7 @@ static void hardware_enable_nolock(void *junk) if (r) { cpumask_clear_cpu(cpu, cpus_hardware_enabled); @@ -104164,7 +102793,7 @@ index 10afa34..f29c524 100644 printk(KERN_INFO "kvm: enabling virtualization on " "CPU%d failed\n", cpu); } -@@ -2509,10 +2514,10 @@ static int hardware_enable_all(void) +@@ -2580,10 +2585,10 @@ static int hardware_enable_all(void) kvm_usage_count++; if (kvm_usage_count == 1) { @@ -104177,7 +102806,7 @@ index 10afa34..f29c524 100644 hardware_disable_all_nolock(); r = -EBUSY; } -@@ -2870,7 +2875,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, +@@ -2941,7 +2946,7 @@ static void kvm_sched_out(struct preempt_notifier *pn, kvm_arch_vcpu_put(vcpu); } @@ -104186,7 +102815,7 @@ index 10afa34..f29c524 100644 struct module *module) { int r; -@@ -2906,7 +2911,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2977,7 +2982,7 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (!vcpu_align) vcpu_align = __alignof__(struct kvm_vcpu); kvm_vcpu_cache = kmem_cache_create("kvm_vcpu", vcpu_size, vcpu_align, @@ -104195,7 +102824,7 @@ index 10afa34..f29c524 100644 if (!kvm_vcpu_cache) { r = -ENOMEM; goto out_free_3; -@@ -2916,9 +2921,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2987,9 +2992,11 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, if (r) goto out_free; @@ -104207,7 +102836,7 @@ index 10afa34..f29c524 100644 r = misc_register(&kvm_dev); if (r) { -@@ -2928,9 +2935,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, +@@ -2999,9 +3006,6 @@ int kvm_init(void *opaque, unsigned vcpu_size, unsigned vcpu_align, register_syscore_ops(&kvm_syscore_ops); diff --git a/3.8.12/4425_grsec_remove_EI_PAX.patch b/3.9.2/4425_grsec_remove_EI_PAX.patch index 7d06ac2..7d06ac2 100644 --- a/3.8.12/4425_grsec_remove_EI_PAX.patch +++ b/3.9.2/4425_grsec_remove_EI_PAX.patch diff --git a/3.8.12/4430_grsec-remove-localversion-grsec.patch b/3.9.2/4430_grsec-remove-localversion-grsec.patch index 31cf878..31cf878 100644 --- a/3.8.12/4430_grsec-remove-localversion-grsec.patch +++ b/3.9.2/4430_grsec-remove-localversion-grsec.patch diff --git a/3.8.12/4435_grsec-mute-warnings.patch b/3.9.2/4435_grsec-mute-warnings.patch index ed941d5..ed941d5 100644 --- a/3.8.12/4435_grsec-mute-warnings.patch +++ b/3.9.2/4435_grsec-mute-warnings.patch diff --git a/3.8.12/4440_grsec-remove-protected-paths.patch b/3.9.2/4440_grsec-remove-protected-paths.patch index 637934a..637934a 100644 --- a/3.8.12/4440_grsec-remove-protected-paths.patch +++ b/3.9.2/4440_grsec-remove-protected-paths.patch diff --git a/3.2.44/4450_grsec-kconfig-default-gids.patch b/3.9.2/4450_grsec-kconfig-default-gids.patch index 7c20c40..6f5b79b 100644 --- a/3.2.44/4450_grsec-kconfig-default-gids.patch +++ b/3.9.2/4450_grsec-kconfig-default-gids.patch @@ -16,7 +16,7 @@ from shooting themselves in the foot. diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2012-10-13 09:51:35.000000000 -0400 +++ b/grsecurity/Kconfig 2012-10-13 09:52:32.000000000 -0400 -@@ -578,7 +578,7 @@ +@@ -588,7 +588,7 @@ config GRKERNSEC_AUDIT_GID int "GID for auditing" depends on GRKERNSEC_AUDIT_GROUP @@ -25,7 +25,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig config GRKERNSEC_EXECLOG bool "Exec logging" -@@ -798,7 +798,7 @@ +@@ -808,7 +808,7 @@ config GRKERNSEC_TPE_UNTRUSTED_GID int "GID for TPE-untrusted users" depends on GRKERNSEC_TPE && !GRKERNSEC_TPE_INVERT @@ -34,7 +34,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *enabled* for. If the sysctl option is enabled, a sysctl option -@@ -807,7 +807,7 @@ +@@ -817,7 +817,7 @@ config GRKERNSEC_TPE_TRUSTED_GID int "GID for TPE-trusted users" depends on GRKERNSEC_TPE && GRKERNSEC_TPE_INVERT @@ -43,7 +43,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Setting this GID determines what group TPE restrictions will be *disabled* for. If the sysctl option is enabled, a sysctl option -@@ -900,7 +900,7 @@ +@@ -910,7 +910,7 @@ config GRKERNSEC_SOCKET_ALL_GID int "GID to deny all sockets for" depends on GRKERNSEC_SOCKET_ALL @@ -52,7 +52,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable socket access for. Remember to add the users you want socket access disabled for to the GID -@@ -921,7 +921,7 @@ +@@ -931,7 +931,7 @@ config GRKERNSEC_SOCKET_CLIENT_GID int "GID to deny client sockets for" depends on GRKERNSEC_SOCKET_CLIENT @@ -61,7 +61,7 @@ diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig help Here you can choose the GID to disable client socket access for. Remember to add the users you want client socket access disabled for to -@@ -939,7 +939,7 @@ +@@ -949,7 +949,7 @@ config GRKERNSEC_SOCKET_SERVER_GID int "GID to deny server sockets for" depends on GRKERNSEC_SOCKET_SERVER diff --git a/3.8.12/4465_selinux-avc_audit-log-curr_ip.patch b/3.9.2/4465_selinux-avc_audit-log-curr_ip.patch index 0a309c8..b25a23f 100644 --- a/3.8.12/4465_selinux-avc_audit-log-curr_ip.patch +++ b/3.9.2/4465_selinux-avc_audit-log-curr_ip.patch @@ -28,7 +28,7 @@ Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org> diff -Naur a/grsecurity/Kconfig b/grsecurity/Kconfig --- a/grsecurity/Kconfig 2011-04-17 19:25:54.000000000 -0400 +++ b/grsecurity/Kconfig 2011-04-17 19:32:53.000000000 -0400 -@@ -998,6 +998,27 @@ +@@ -1008,6 +1008,27 @@ menu "Logging Options" depends on GRKERNSEC diff --git a/3.8.12/4470_disable-compat_vdso.patch b/3.9.2/4470_disable-compat_vdso.patch index 3ef36aa..fed959f 100644 --- a/3.8.12/4470_disable-compat_vdso.patch +++ b/3.9.2/4470_disable-compat_vdso.patch @@ -26,7 +26,7 @@ Closes bug: http://bugs.gentoo.org/show_bug.cgi?id=210138 diff -urp a/arch/x86/Kconfig b/arch/x86/Kconfig --- a/arch/x86/Kconfig 2009-07-31 01:36:57.323857684 +0100 +++ b/arch/x86/Kconfig 2009-07-31 01:51:39.395749681 +0100 -@@ -1742,17 +1742,8 @@ +@@ -1787,17 +1787,8 @@ config COMPAT_VDSO def_bool n |